2 * Marvell Wireless LAN device driver: scan ioctl and command handling
4 * Copyright (C) 2011-2014, Marvell International Ltd.
6 * This software file (the "File") is distributed by Marvell International
7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
14 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
16 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
17 * this warranty disclaimer.
28 /* The maximum number of channels the firmware can scan per command */
29 #define MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN 14
31 #define MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD 4
33 /* Memory needed to store a max sized Channel List TLV for a firmware scan */
34 #define CHAN_TLV_MAX_SIZE (sizeof(struct mwifiex_ie_types_header) \
35 + (MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN \
36 *sizeof(struct mwifiex_chan_scan_param_set)))
38 /* Memory needed to store supported rate */
39 #define RATE_TLV_MAX_SIZE (sizeof(struct mwifiex_ie_types_rates_param_set) \
40 + HOSTCMD_SUPPORTED_RATES)
42 /* Memory needed to store a max number/size WildCard SSID TLV for a firmware
44 #define WILDCARD_SSID_TLV_MAX_SIZE \
45 (MWIFIEX_MAX_SSID_LIST_LENGTH * \
46 (sizeof(struct mwifiex_ie_types_wildcard_ssid_params) \
47 + IEEE80211_MAX_SSID_LEN))
49 /* Maximum memory needed for a mwifiex_scan_cmd_config with all TLVs at max */
50 #define MAX_SCAN_CFG_ALLOC (sizeof(struct mwifiex_scan_cmd_config) \
51 + sizeof(struct mwifiex_ie_types_num_probes) \
52 + sizeof(struct mwifiex_ie_types_htcap) \
55 + WILDCARD_SSID_TLV_MAX_SIZE)
58 union mwifiex_scan_cmd_config_tlv {
59 /* Scan configuration (variable length) */
60 struct mwifiex_scan_cmd_config config;
61 /* Max allocated block */
62 u8 config_alloc_buf[MAX_SCAN_CFG_ALLOC];
70 static u8 mwifiex_wpa_oui[CIPHER_SUITE_MAX][4] = {
71 { 0x00, 0x50, 0xf2, 0x02 }, /* TKIP */
72 { 0x00, 0x50, 0xf2, 0x04 }, /* AES */
74 static u8 mwifiex_rsn_oui[CIPHER_SUITE_MAX][4] = {
75 { 0x00, 0x0f, 0xac, 0x02 }, /* TKIP */
76 { 0x00, 0x0f, 0xac, 0x04 }, /* AES */
80 _dbg_security_flags(int log_level, const char *func, const char *desc,
81 struct mwifiex_private *priv,
82 struct mwifiex_bssdescriptor *bss_desc)
84 _mwifiex_dbg(priv->adapter, log_level,
85 "info: %s: %s:\twpa_ie=%#x wpa2_ie=%#x WEP=%s WPA=%s WPA2=%s\tEncMode=%#x privacy=%#x\n",
87 bss_desc->bcn_wpa_ie ?
88 bss_desc->bcn_wpa_ie->vend_hdr.element_id : 0,
89 bss_desc->bcn_rsn_ie ?
90 bss_desc->bcn_rsn_ie->ieee_hdr.element_id : 0,
91 priv->sec_info.wep_enabled ? "e" : "d",
92 priv->sec_info.wpa_enabled ? "e" : "d",
93 priv->sec_info.wpa2_enabled ? "e" : "d",
94 priv->sec_info.encryption_mode,
97 #define dbg_security_flags(mask, desc, priv, bss_desc) \
98 _dbg_security_flags(MWIFIEX_DBG_##mask, desc, __func__, priv, bss_desc)
101 has_ieee_hdr(struct ieee_types_generic *ie, u8 key)
103 return (ie && ie->ieee_hdr.element_id == key);
107 has_vendor_hdr(struct ieee_types_vendor_specific *ie, u8 key)
109 return (ie && ie->vend_hdr.element_id == key);
113 * This function parses a given IE for a given OUI.
115 * This is used to parse a WPA/RSN IE to find if it has
116 * a given oui in PTK.
119 mwifiex_search_oui_in_ie(struct ie_body *iebody, u8 *oui)
123 count = iebody->ptk_cnt[0];
125 /* There could be multiple OUIs for PTK hence
127 2) Check all the OUIs for AES.
128 3) If one of them is AES then pass success. */
130 if (!memcmp(iebody->ptk_body, oui, sizeof(iebody->ptk_body)))
131 return MWIFIEX_OUI_PRESENT;
135 iebody = (struct ie_body *) ((u8 *) iebody +
136 sizeof(iebody->ptk_body));
139 pr_debug("info: %s: OUI is not found in PTK\n", __func__);
140 return MWIFIEX_OUI_NOT_PRESENT;
144 * This function checks if a given OUI is present in a RSN IE.
146 * The function first checks if a RSN IE is present or not in the
147 * BSS descriptor. It tries to locate the OUI only if such an IE is
151 mwifiex_is_rsn_oui_present(struct mwifiex_bssdescriptor *bss_desc, u32 cipher)
154 struct ie_body *iebody;
155 u8 ret = MWIFIEX_OUI_NOT_PRESENT;
157 if (has_ieee_hdr(bss_desc->bcn_rsn_ie, WLAN_EID_RSN)) {
158 iebody = (struct ie_body *)
159 (((u8 *) bss_desc->bcn_rsn_ie->data) +
161 oui = &mwifiex_rsn_oui[cipher][0];
162 ret = mwifiex_search_oui_in_ie(iebody, oui);
170 * This function checks if a given OUI is present in a WPA IE.
172 * The function first checks if a WPA IE is present or not in the
173 * BSS descriptor. It tries to locate the OUI only if such an IE is
177 mwifiex_is_wpa_oui_present(struct mwifiex_bssdescriptor *bss_desc, u32 cipher)
180 struct ie_body *iebody;
181 u8 ret = MWIFIEX_OUI_NOT_PRESENT;
183 if (has_vendor_hdr(bss_desc->bcn_wpa_ie, WLAN_EID_VENDOR_SPECIFIC)) {
184 iebody = (struct ie_body *)((u8 *)bss_desc->bcn_wpa_ie->data +
186 oui = &mwifiex_wpa_oui[cipher][0];
187 ret = mwifiex_search_oui_in_ie(iebody, oui);
195 * This function compares two SSIDs and checks if they match.
198 mwifiex_ssid_cmp(struct cfg80211_ssid *ssid1, struct cfg80211_ssid *ssid2)
200 if (!ssid1 || !ssid2 || (ssid1->ssid_len != ssid2->ssid_len))
202 return memcmp(ssid1->ssid, ssid2->ssid, ssid1->ssid_len);
206 * This function checks if wapi is enabled in driver and scanned network is
207 * compatible with it.
210 mwifiex_is_bss_wapi(struct mwifiex_private *priv,
211 struct mwifiex_bssdescriptor *bss_desc)
213 if (priv->sec_info.wapi_enabled &&
214 has_ieee_hdr(bss_desc->bcn_wapi_ie, WLAN_EID_BSS_AC_ACCESS_DELAY))
220 * This function checks if driver is configured with no security mode and
221 * scanned network is compatible with it.
224 mwifiex_is_bss_no_sec(struct mwifiex_private *priv,
225 struct mwifiex_bssdescriptor *bss_desc)
227 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
228 !priv->sec_info.wpa2_enabled &&
229 !has_vendor_hdr(bss_desc->bcn_wpa_ie, WLAN_EID_VENDOR_SPECIFIC) &&
230 !has_ieee_hdr(bss_desc->bcn_rsn_ie, WLAN_EID_RSN) &&
231 !priv->sec_info.encryption_mode && !bss_desc->privacy) {
238 * This function checks if static WEP is enabled in driver and scanned network
239 * is compatible with it.
242 mwifiex_is_bss_static_wep(struct mwifiex_private *priv,
243 struct mwifiex_bssdescriptor *bss_desc)
245 if (priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
246 !priv->sec_info.wpa2_enabled && bss_desc->privacy) {
253 * This function checks if wpa is enabled in driver and scanned network is
254 * compatible with it.
257 mwifiex_is_bss_wpa(struct mwifiex_private *priv,
258 struct mwifiex_bssdescriptor *bss_desc)
260 if (!priv->sec_info.wep_enabled && priv->sec_info.wpa_enabled &&
261 !priv->sec_info.wpa2_enabled &&
262 has_vendor_hdr(bss_desc->bcn_wpa_ie, WLAN_EID_VENDOR_SPECIFIC)
264 * Privacy bit may NOT be set in some APs like
265 * LinkSys WRT54G && bss_desc->privacy
268 dbg_security_flags(INFO, "WPA", priv, bss_desc);
275 * This function checks if wpa2 is enabled in driver and scanned network is
276 * compatible with it.
279 mwifiex_is_bss_wpa2(struct mwifiex_private *priv,
280 struct mwifiex_bssdescriptor *bss_desc)
282 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
283 priv->sec_info.wpa2_enabled &&
284 has_ieee_hdr(bss_desc->bcn_rsn_ie, WLAN_EID_RSN)) {
286 * Privacy bit may NOT be set in some APs like
287 * LinkSys WRT54G && bss_desc->privacy
289 dbg_security_flags(INFO, "WAP2", priv, bss_desc);
296 * This function checks if adhoc AES is enabled in driver and scanned network is
297 * compatible with it.
300 mwifiex_is_bss_adhoc_aes(struct mwifiex_private *priv,
301 struct mwifiex_bssdescriptor *bss_desc)
303 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
304 !priv->sec_info.wpa2_enabled &&
305 !has_vendor_hdr(bss_desc->bcn_wpa_ie, WLAN_EID_VENDOR_SPECIFIC) &&
306 !has_ieee_hdr(bss_desc->bcn_rsn_ie, WLAN_EID_RSN) &&
307 !priv->sec_info.encryption_mode && bss_desc->privacy) {
314 * This function checks if dynamic WEP is enabled in driver and scanned network
315 * is compatible with it.
318 mwifiex_is_bss_dynamic_wep(struct mwifiex_private *priv,
319 struct mwifiex_bssdescriptor *bss_desc)
321 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
322 !priv->sec_info.wpa2_enabled &&
323 !has_vendor_hdr(bss_desc->bcn_wpa_ie, WLAN_EID_VENDOR_SPECIFIC) &&
324 !has_ieee_hdr(bss_desc->bcn_rsn_ie, WLAN_EID_RSN) &&
325 priv->sec_info.encryption_mode && bss_desc->privacy) {
326 dbg_security_flags(INFO, "dynamic", priv, bss_desc);
333 * This function checks if a scanned network is compatible with the driver
336 * WEP WPA WPA2 ad-hoc encrypt Network
337 * enabled enabled enabled AES mode Privacy WPA WPA2 Compatible
338 * 0 0 0 0 NONE 0 0 0 yes No security
339 * 0 1 0 0 x 1x 1 x yes WPA (disable
341 * 0 0 1 0 x 1x x 1 yes WPA2 (disable
343 * 0 0 0 1 NONE 1 0 0 yes Ad-hoc AES
344 * 1 0 0 0 NONE 1 0 0 yes Static WEP
346 * 0 0 0 0 !=NONE 1 0 0 yes Dynamic WEP
348 * Compatibility is not matched while roaming, except for mode.
351 mwifiex_is_network_compatible(struct mwifiex_private *priv,
352 struct mwifiex_bssdescriptor *bss_desc, u32 mode)
354 struct mwifiex_adapter *adapter = priv->adapter;
356 bss_desc->disable_11n = false;
358 /* Don't check for compatibility if roaming */
359 if (priv->media_connected &&
360 (priv->bss_mode == NL80211_IFTYPE_STATION) &&
361 (bss_desc->bss_mode == NL80211_IFTYPE_STATION))
364 if (priv->wps.session_enable) {
365 mwifiex_dbg(adapter, IOCTL,
366 "info: return success directly in WPS period\n");
370 if (bss_desc->chan_sw_ie_present) {
371 mwifiex_dbg(adapter, INFO,
372 "Don't connect to AP with WLAN_EID_CHANNEL_SWITCH\n");
376 if (mwifiex_is_bss_wapi(priv, bss_desc)) {
377 mwifiex_dbg(adapter, INFO,
378 "info: return success for WAPI AP\n");
382 if (bss_desc->bss_mode == mode) {
383 if (mwifiex_is_bss_no_sec(priv, bss_desc)) {
386 } else if (mwifiex_is_bss_static_wep(priv, bss_desc)) {
387 /* Static WEP enabled */
388 mwifiex_dbg(adapter, INFO,
389 "info: Disable 11n in WEP mode.\n");
390 bss_desc->disable_11n = true;
392 } else if (mwifiex_is_bss_wpa(priv, bss_desc)) {
394 if (((priv->adapter->config_bands & BAND_GN ||
395 priv->adapter->config_bands & BAND_AN) &&
396 bss_desc->bcn_ht_cap) &&
397 !mwifiex_is_wpa_oui_present(bss_desc,
398 CIPHER_SUITE_CCMP)) {
400 if (mwifiex_is_wpa_oui_present
401 (bss_desc, CIPHER_SUITE_TKIP)) {
402 mwifiex_dbg(adapter, INFO,
403 "info: Disable 11n if AES\t"
404 "is not supported by AP\n");
405 bss_desc->disable_11n = true;
411 } else if (mwifiex_is_bss_wpa2(priv, bss_desc)) {
413 if (((priv->adapter->config_bands & BAND_GN ||
414 priv->adapter->config_bands & BAND_AN) &&
415 bss_desc->bcn_ht_cap) &&
416 !mwifiex_is_rsn_oui_present(bss_desc,
417 CIPHER_SUITE_CCMP)) {
419 if (mwifiex_is_rsn_oui_present
420 (bss_desc, CIPHER_SUITE_TKIP)) {
421 mwifiex_dbg(adapter, INFO,
422 "info: Disable 11n if AES\t"
423 "is not supported by AP\n");
424 bss_desc->disable_11n = true;
430 } else if (mwifiex_is_bss_adhoc_aes(priv, bss_desc)) {
431 /* Ad-hoc AES enabled */
433 } else if (mwifiex_is_bss_dynamic_wep(priv, bss_desc)) {
434 /* Dynamic WEP enabled */
438 /* Security doesn't match */
439 dbg_security_flags(ERROR, "failed", priv, bss_desc);
443 /* Mode doesn't match */
448 * This function creates a channel list for the driver to scan, based
449 * on region/band information.
451 * This routine is used for any scan that is not provided with a
452 * specific channel list to scan.
455 mwifiex_scan_create_channel_list(struct mwifiex_private *priv,
456 const struct mwifiex_user_scan_cfg
458 struct mwifiex_chan_scan_param_set
462 enum nl80211_band band;
463 struct ieee80211_supported_band *sband;
464 struct ieee80211_channel *ch;
465 struct mwifiex_adapter *adapter = priv->adapter;
468 for (band = 0; (band < NUM_NL80211_BANDS) ; band++) {
470 if (!priv->wdev.wiphy->bands[band])
473 sband = priv->wdev.wiphy->bands[band];
475 for (i = 0; (i < sband->n_channels) ; i++) {
476 ch = &sband->channels[i];
477 if (ch->flags & IEEE80211_CHAN_DISABLED)
479 scan_chan_list[chan_idx].radio_type = band;
482 user_scan_in->chan_list[0].scan_time)
483 scan_chan_list[chan_idx].max_scan_time =
484 cpu_to_le16((u16) user_scan_in->
485 chan_list[0].scan_time);
486 else if (ch->flags & IEEE80211_CHAN_NO_IR)
487 scan_chan_list[chan_idx].max_scan_time =
488 cpu_to_le16(adapter->passive_scan_time);
490 scan_chan_list[chan_idx].max_scan_time =
491 cpu_to_le16(adapter->active_scan_time);
493 if (ch->flags & IEEE80211_CHAN_NO_IR)
494 scan_chan_list[chan_idx].chan_scan_mode_bitmap
495 |= (MWIFIEX_PASSIVE_SCAN |
496 MWIFIEX_HIDDEN_SSID_REPORT);
498 scan_chan_list[chan_idx].chan_scan_mode_bitmap
499 &= ~MWIFIEX_PASSIVE_SCAN;
500 scan_chan_list[chan_idx].chan_number =
503 scan_chan_list[chan_idx].chan_scan_mode_bitmap
504 |= MWIFIEX_DISABLE_CHAN_FILT;
507 scan_chan_list[chan_idx].max_scan_time =
508 cpu_to_le16(adapter->specific_scan_time);
517 /* This function creates a channel list tlv for bgscan config, based
518 * on region/band information.
521 mwifiex_bgscan_create_channel_list(struct mwifiex_private *priv,
522 const struct mwifiex_bg_scan_cfg
524 struct mwifiex_chan_scan_param_set
527 enum nl80211_band band;
528 struct ieee80211_supported_band *sband;
529 struct ieee80211_channel *ch;
530 struct mwifiex_adapter *adapter = priv->adapter;
533 for (band = 0; (band < NUM_NL80211_BANDS); band++) {
534 if (!priv->wdev.wiphy->bands[band])
537 sband = priv->wdev.wiphy->bands[band];
539 for (i = 0; (i < sband->n_channels) ; i++) {
540 ch = &sband->channels[i];
541 if (ch->flags & IEEE80211_CHAN_DISABLED)
543 scan_chan_list[chan_idx].radio_type = band;
545 if (bgscan_cfg_in->chan_list[0].scan_time)
546 scan_chan_list[chan_idx].max_scan_time =
547 cpu_to_le16((u16)bgscan_cfg_in->
548 chan_list[0].scan_time);
549 else if (ch->flags & IEEE80211_CHAN_NO_IR)
550 scan_chan_list[chan_idx].max_scan_time =
551 cpu_to_le16(adapter->passive_scan_time);
553 scan_chan_list[chan_idx].max_scan_time =
554 cpu_to_le16(adapter->
557 if (ch->flags & IEEE80211_CHAN_NO_IR)
558 scan_chan_list[chan_idx].chan_scan_mode_bitmap
559 |= MWIFIEX_PASSIVE_SCAN;
561 scan_chan_list[chan_idx].chan_scan_mode_bitmap
562 &= ~MWIFIEX_PASSIVE_SCAN;
564 scan_chan_list[chan_idx].chan_number =
572 /* This function appends rate TLV to scan config command. */
574 mwifiex_append_rate_tlv(struct mwifiex_private *priv,
575 struct mwifiex_scan_cmd_config *scan_cfg_out,
578 struct mwifiex_ie_types_rates_param_set *rates_tlv;
579 u8 rates[MWIFIEX_SUPPORTED_RATES], *tlv_pos;
582 memset(rates, 0, sizeof(rates));
584 tlv_pos = (u8 *)scan_cfg_out->tlv_buf + scan_cfg_out->tlv_buf_len;
586 if (priv->scan_request)
587 rates_size = mwifiex_get_rates_from_cfg80211(priv, rates,
590 rates_size = mwifiex_get_supported_rates(priv, rates);
592 mwifiex_dbg(priv->adapter, CMD,
593 "info: SCAN_CMD: Rates size = %d\n",
595 rates_tlv = (struct mwifiex_ie_types_rates_param_set *)tlv_pos;
596 rates_tlv->header.type = cpu_to_le16(WLAN_EID_SUPP_RATES);
597 rates_tlv->header.len = cpu_to_le16((u16) rates_size);
598 memcpy(rates_tlv->rates, rates, rates_size);
599 scan_cfg_out->tlv_buf_len += sizeof(rates_tlv->header) + rates_size;
605 * This function constructs and sends multiple scan config commands to
608 * Previous routines in the code flow have created a scan command configuration
609 * with any requested TLVs. This function splits the channel TLV into maximum
610 * channels supported per scan lists and sends the portion of the channel TLV,
611 * along with the other TLVs, to the firmware.
614 mwifiex_scan_channel_list(struct mwifiex_private *priv,
615 u32 max_chan_per_scan, u8 filtered_scan,
616 struct mwifiex_scan_cmd_config *scan_cfg_out,
617 struct mwifiex_ie_types_chan_list_param_set
619 struct mwifiex_chan_scan_param_set *scan_chan_list)
621 struct mwifiex_adapter *adapter = priv->adapter;
623 struct mwifiex_chan_scan_param_set *tmp_chan_list;
624 struct mwifiex_chan_scan_param_set *start_chan;
625 u32 tlv_idx, rates_size, cmd_no;
630 if (!scan_cfg_out || !chan_tlv_out || !scan_chan_list) {
631 mwifiex_dbg(priv->adapter, ERROR,
632 "info: Scan: Null detect: %p, %p, %p\n",
633 scan_cfg_out, chan_tlv_out, scan_chan_list);
637 /* Check csa channel expiry before preparing scan list */
638 mwifiex_11h_get_csa_closed_channel(priv);
640 chan_tlv_out->header.type = cpu_to_le16(TLV_TYPE_CHANLIST);
642 /* Set the temp channel struct pointer to the start of the desired
644 tmp_chan_list = scan_chan_list;
646 /* Loop through the desired channel list, sending a new firmware scan
647 commands for each max_chan_per_scan channels (or for 1,6,11
648 individually if configured accordingly) */
649 while (tmp_chan_list->chan_number) {
654 chan_tlv_out->header.len = 0;
655 start_chan = tmp_chan_list;
659 * Construct the Channel TLV for the scan command. Continue to
660 * insert channel TLVs until:
661 * - the tlv_idx hits the maximum configured per scan command
662 * - the next channel to insert is 0 (end of desired channel
664 * - done_early is set (controlling individual scanning of
667 while (tlv_idx < max_chan_per_scan &&
668 tmp_chan_list->chan_number && !done_early) {
670 if (tmp_chan_list->chan_number == priv->csa_chan) {
675 radio_type = tmp_chan_list->radio_type;
676 mwifiex_dbg(priv->adapter, INFO,
677 "info: Scan: Chan(%3d), Radio(%d),\t"
678 "Mode(%d, %d), Dur(%d)\n",
679 tmp_chan_list->chan_number,
680 tmp_chan_list->radio_type,
681 tmp_chan_list->chan_scan_mode_bitmap
682 & MWIFIEX_PASSIVE_SCAN,
683 (tmp_chan_list->chan_scan_mode_bitmap
684 & MWIFIEX_DISABLE_CHAN_FILT) >> 1,
685 le16_to_cpu(tmp_chan_list->max_scan_time));
687 /* Copy the current channel TLV to the command being
689 memcpy(chan_tlv_out->chan_scan_param + tlv_idx,
691 sizeof(chan_tlv_out->chan_scan_param));
693 /* Increment the TLV header length by the size
695 le16_add_cpu(&chan_tlv_out->header.len,
696 sizeof(chan_tlv_out->chan_scan_param));
699 * The tlv buffer length is set to the number of bytes
700 * of the between the channel tlv pointer and the start
701 * of the tlv buffer. This compensates for any TLVs
702 * that were appended before the channel list.
704 scan_cfg_out->tlv_buf_len = (u32) ((u8 *) chan_tlv_out -
705 scan_cfg_out->tlv_buf);
707 /* Add the size of the channel tlv header and the data
709 scan_cfg_out->tlv_buf_len +=
710 (sizeof(chan_tlv_out->header)
711 + le16_to_cpu(chan_tlv_out->header.len));
713 /* Increment the index to the channel tlv we are
717 /* Count the total scan time per command */
719 le16_to_cpu(tmp_chan_list->max_scan_time);
723 /* Stop the loop if the *current* channel is in the
724 1,6,11 set and we are not filtering on a BSSID
726 if (!filtered_scan &&
727 (tmp_chan_list->chan_number == 1 ||
728 tmp_chan_list->chan_number == 6 ||
729 tmp_chan_list->chan_number == 11))
732 /* Increment the tmp pointer to the next channel to
736 /* Stop the loop if the *next* channel is in the 1,6,11
737 set. This will cause it to be the only channel
738 scanned on the next interation */
739 if (!filtered_scan &&
740 (tmp_chan_list->chan_number == 1 ||
741 tmp_chan_list->chan_number == 6 ||
742 tmp_chan_list->chan_number == 11))
746 /* The total scan time should be less than scan command timeout
748 if (total_scan_time > MWIFIEX_MAX_TOTAL_SCAN_TIME) {
749 mwifiex_dbg(priv->adapter, ERROR,
750 "total scan time %dms\t"
751 "is over limit (%dms), scan skipped\n",
753 MWIFIEX_MAX_TOTAL_SCAN_TIME);
758 rates_size = mwifiex_append_rate_tlv(priv, scan_cfg_out,
761 priv->adapter->scan_channels = start_chan;
763 /* Send the scan command to the firmware with the specified
765 if (priv->adapter->ext_scan)
766 cmd_no = HostCmd_CMD_802_11_SCAN_EXT;
768 cmd_no = HostCmd_CMD_802_11_SCAN;
770 ret = mwifiex_send_cmd(priv, cmd_no, HostCmd_ACT_GEN_SET,
771 0, scan_cfg_out, false);
773 /* rate IE is updated per scan command but same starting
774 * pointer is used each time so that rate IE from earlier
775 * scan_cfg_out->buf is overwritten with new one.
777 scan_cfg_out->tlv_buf_len -=
778 sizeof(struct mwifiex_ie_types_header) + rates_size;
781 mwifiex_cancel_pending_scan_cmd(adapter);
793 * This function constructs a scan command configuration structure to use
796 * Application layer or other functions can invoke network scanning
797 * with a scan configuration supplied in a user scan configuration structure.
798 * This structure is used as the basis of one or many scan command configuration
799 * commands that are sent to the command processing module and eventually to the
802 * This function creates a scan command configuration structure based on the
803 * following user supplied parameters (if present):
806 * - Number of Probes to be sent
809 * If the SSID or BSSID filter is not present, the filter is disabled/cleared.
810 * If the number of probes is not set, adapter default setting is used.
813 mwifiex_config_scan(struct mwifiex_private *priv,
814 const struct mwifiex_user_scan_cfg *user_scan_in,
815 struct mwifiex_scan_cmd_config *scan_cfg_out,
816 struct mwifiex_ie_types_chan_list_param_set **chan_list_out,
817 struct mwifiex_chan_scan_param_set *scan_chan_list,
818 u8 *max_chan_per_scan, u8 *filtered_scan,
819 u8 *scan_current_only)
821 struct mwifiex_adapter *adapter = priv->adapter;
822 struct mwifiex_ie_types_num_probes *num_probes_tlv;
823 struct mwifiex_ie_types_scan_chan_gap *chan_gap_tlv;
824 struct mwifiex_ie_types_random_mac *random_mac_tlv;
825 struct mwifiex_ie_types_wildcard_ssid_params *wildcard_ssid_tlv;
826 struct mwifiex_ie_types_bssid_list *bssid_tlv;
838 struct mwifiex_ie_types_htcap *ht_cap;
839 struct mwifiex_ie_types_bss_mode *bss_mode;
840 const u8 zero_mac[6] = {0, 0, 0, 0, 0, 0};
842 /* The tlv_buf_len is calculated for each scan command. The TLVs added
843 in this routine will be preserved since the routine that sends the
844 command will append channelTLVs at *chan_list_out. The difference
845 between the *chan_list_out and the tlv_buf start will be used to
846 calculate the size of anything we add in this routine. */
847 scan_cfg_out->tlv_buf_len = 0;
849 /* Running tlv pointer. Assigned to chan_list_out at end of function
850 so later routines know where channels can be added to the command
852 tlv_pos = scan_cfg_out->tlv_buf;
854 /* Initialize the scan as un-filtered; the flag is later set to TRUE
855 below if a SSID or BSSID filter is sent in the command */
856 *filtered_scan = false;
858 /* Initialize the scan as not being only on the current channel. If
859 the channel list is customized, only contains one channel, and is
860 the active channel, this is set true and data flow is not halted. */
861 *scan_current_only = false;
865 /* Default the ssid_filter flag to TRUE, set false under
866 certain wildcard conditions and qualified by the existence
867 of an SSID list before marking the scan as filtered */
870 /* Set the BSS type scan filter, use Adapter setting if
872 scan_cfg_out->bss_mode =
873 (u8)(user_scan_in->bss_mode ?: adapter->scan_mode);
875 /* Set the number of probes to send, use Adapter setting
877 num_probes = user_scan_in->num_probes ?: adapter->scan_probes;
880 * Set the BSSID filter to the incoming configuration,
881 * if non-zero. If not set, it will remain disabled
884 memcpy(scan_cfg_out->specific_bssid,
885 user_scan_in->specific_bssid,
886 sizeof(scan_cfg_out->specific_bssid));
888 if (adapter->ext_scan &&
889 !is_zero_ether_addr(scan_cfg_out->specific_bssid)) {
891 (struct mwifiex_ie_types_bssid_list *)tlv_pos;
892 bssid_tlv->header.type = cpu_to_le16(TLV_TYPE_BSSID);
893 bssid_tlv->header.len = cpu_to_le16(ETH_ALEN);
894 memcpy(bssid_tlv->bssid, user_scan_in->specific_bssid,
896 tlv_pos += sizeof(struct mwifiex_ie_types_bssid_list);
899 for (i = 0; i < user_scan_in->num_ssids; i++) {
900 ssid_len = user_scan_in->ssid_list[i].ssid_len;
903 (struct mwifiex_ie_types_wildcard_ssid_params *)
905 wildcard_ssid_tlv->header.type =
906 cpu_to_le16(TLV_TYPE_WILDCARDSSID);
907 wildcard_ssid_tlv->header.len = cpu_to_le16(
908 (u16) (ssid_len + sizeof(wildcard_ssid_tlv->
912 * max_ssid_length = 0 tells firmware to perform
913 * specific scan for the SSID filled, whereas
914 * max_ssid_length = IEEE80211_MAX_SSID_LEN is for
918 wildcard_ssid_tlv->max_ssid_length = 0;
920 wildcard_ssid_tlv->max_ssid_length =
921 IEEE80211_MAX_SSID_LEN;
923 if (!memcmp(user_scan_in->ssid_list[i].ssid,
925 wildcard_ssid_tlv->max_ssid_length = 0xfe;
927 memcpy(wildcard_ssid_tlv->ssid,
928 user_scan_in->ssid_list[i].ssid, ssid_len);
930 tlv_pos += (sizeof(wildcard_ssid_tlv->header)
931 + le16_to_cpu(wildcard_ssid_tlv->header.len));
933 mwifiex_dbg(adapter, INFO,
934 "info: scan: ssid[%d]: %s, %d\n",
935 i, wildcard_ssid_tlv->ssid,
936 wildcard_ssid_tlv->max_ssid_length);
938 /* Empty wildcard ssid with a maxlen will match many or
939 potentially all SSIDs (maxlen == 32), therefore do
940 not treat the scan as
942 if (!ssid_len && wildcard_ssid_tlv->max_ssid_length)
947 * The default number of channels sent in the command is low to
948 * ensure the response buffer from the firmware does not
949 * truncate scan results. That is not an issue with an SSID
950 * or BSSID filter applied to the scan results in the firmware.
952 if ((i && ssid_filter) ||
953 !is_zero_ether_addr(scan_cfg_out->specific_bssid))
954 *filtered_scan = true;
956 if (user_scan_in->scan_chan_gap) {
957 mwifiex_dbg(adapter, INFO,
958 "info: scan: channel gap = %d\n",
959 user_scan_in->scan_chan_gap);
961 MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;
963 chan_gap_tlv = (void *)tlv_pos;
964 chan_gap_tlv->header.type =
965 cpu_to_le16(TLV_TYPE_SCAN_CHANNEL_GAP);
966 chan_gap_tlv->header.len =
967 cpu_to_le16(sizeof(chan_gap_tlv->chan_gap));
968 chan_gap_tlv->chan_gap =
969 cpu_to_le16((user_scan_in->scan_chan_gap));
971 sizeof(struct mwifiex_ie_types_scan_chan_gap);
974 if (!ether_addr_equal(user_scan_in->random_mac, zero_mac)) {
975 random_mac_tlv = (void *)tlv_pos;
976 random_mac_tlv->header.type =
977 cpu_to_le16(TLV_TYPE_RANDOM_MAC);
978 random_mac_tlv->header.len =
979 cpu_to_le16(sizeof(random_mac_tlv->mac));
980 ether_addr_copy(random_mac_tlv->mac,
981 user_scan_in->random_mac);
983 sizeof(struct mwifiex_ie_types_random_mac);
986 scan_cfg_out->bss_mode = (u8) adapter->scan_mode;
987 num_probes = adapter->scan_probes;
991 * If a specific BSSID or SSID is used, the number of channels in the
992 * scan command will be increased to the absolute maximum.
995 *max_chan_per_scan = MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;
997 *max_chan_per_scan = MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD;
999 if (adapter->ext_scan) {
1000 bss_mode = (struct mwifiex_ie_types_bss_mode *)tlv_pos;
1001 bss_mode->header.type = cpu_to_le16(TLV_TYPE_BSS_MODE);
1002 bss_mode->header.len = cpu_to_le16(sizeof(bss_mode->bss_mode));
1003 bss_mode->bss_mode = scan_cfg_out->bss_mode;
1004 tlv_pos += sizeof(bss_mode->header) +
1005 le16_to_cpu(bss_mode->header.len);
1008 /* If the input config or adapter has the number of Probes set,
1012 mwifiex_dbg(adapter, INFO,
1013 "info: scan: num_probes = %d\n",
1016 num_probes_tlv = (struct mwifiex_ie_types_num_probes *) tlv_pos;
1017 num_probes_tlv->header.type = cpu_to_le16(TLV_TYPE_NUMPROBES);
1018 num_probes_tlv->header.len =
1019 cpu_to_le16(sizeof(num_probes_tlv->num_probes));
1020 num_probes_tlv->num_probes = cpu_to_le16((u16) num_probes);
1022 tlv_pos += sizeof(num_probes_tlv->header) +
1023 le16_to_cpu(num_probes_tlv->header.len);
1027 if (ISSUPP_11NENABLED(priv->adapter->fw_cap_info) &&
1028 (priv->adapter->config_bands & BAND_GN ||
1029 priv->adapter->config_bands & BAND_AN)) {
1030 ht_cap = (struct mwifiex_ie_types_htcap *) tlv_pos;
1031 memset(ht_cap, 0, sizeof(struct mwifiex_ie_types_htcap));
1032 ht_cap->header.type = cpu_to_le16(WLAN_EID_HT_CAPABILITY);
1033 ht_cap->header.len =
1034 cpu_to_le16(sizeof(struct ieee80211_ht_cap));
1036 mwifiex_band_to_radio_type(priv->adapter->config_bands);
1037 mwifiex_fill_cap_info(priv, radio_type, &ht_cap->ht_cap);
1038 tlv_pos += sizeof(struct mwifiex_ie_types_htcap);
1041 /* Append vendor specific IE TLV */
1042 mwifiex_cmd_append_vsie_tlv(priv, MWIFIEX_VSIE_MASK_SCAN, &tlv_pos);
1045 * Set the output for the channel TLV to the address in the tlv buffer
1046 * past any TLVs that were added in this function (SSID, num_probes).
1047 * Channel TLVs will be added past this for each scan command,
1048 * preserving the TLVs that were previously added.
1051 (struct mwifiex_ie_types_chan_list_param_set *) tlv_pos;
1053 if (user_scan_in && user_scan_in->chan_list[0].chan_number) {
1055 mwifiex_dbg(adapter, INFO,
1056 "info: Scan: Using supplied channel list\n");
1059 chan_idx < MWIFIEX_USER_SCAN_CHAN_MAX &&
1060 user_scan_in->chan_list[chan_idx].chan_number;
1063 channel = user_scan_in->chan_list[chan_idx].chan_number;
1064 scan_chan_list[chan_idx].chan_number = channel;
1067 user_scan_in->chan_list[chan_idx].radio_type;
1068 scan_chan_list[chan_idx].radio_type = radio_type;
1070 scan_type = user_scan_in->chan_list[chan_idx].scan_type;
1072 if (scan_type == MWIFIEX_SCAN_TYPE_PASSIVE)
1073 scan_chan_list[chan_idx].chan_scan_mode_bitmap
1074 |= (MWIFIEX_PASSIVE_SCAN |
1075 MWIFIEX_HIDDEN_SSID_REPORT);
1077 scan_chan_list[chan_idx].chan_scan_mode_bitmap
1078 &= ~MWIFIEX_PASSIVE_SCAN;
1080 scan_chan_list[chan_idx].chan_scan_mode_bitmap
1081 |= MWIFIEX_DISABLE_CHAN_FILT;
1083 if (user_scan_in->chan_list[chan_idx].scan_time) {
1084 scan_dur = (u16) user_scan_in->
1085 chan_list[chan_idx].scan_time;
1087 if (scan_type == MWIFIEX_SCAN_TYPE_PASSIVE)
1088 scan_dur = adapter->passive_scan_time;
1089 else if (*filtered_scan)
1090 scan_dur = adapter->specific_scan_time;
1092 scan_dur = adapter->active_scan_time;
1095 scan_chan_list[chan_idx].min_scan_time =
1096 cpu_to_le16(scan_dur);
1097 scan_chan_list[chan_idx].max_scan_time =
1098 cpu_to_le16(scan_dur);
1101 /* Check if we are only scanning the current channel */
1102 if ((chan_idx == 1) &&
1103 (user_scan_in->chan_list[0].chan_number ==
1104 priv->curr_bss_params.bss_descriptor.channel)) {
1105 *scan_current_only = true;
1106 mwifiex_dbg(adapter, INFO,
1107 "info: Scan: Scanning current channel only\n");
1109 chan_num = chan_idx;
1111 mwifiex_dbg(adapter, INFO,
1112 "info: Scan: Creating full region channel list\n");
1113 chan_num = mwifiex_scan_create_channel_list(priv, user_scan_in,
1121 * This function inspects the scan response buffer for pointers to
1124 * TLVs can be included at the end of the scan response BSS information.
1126 * Data in the buffer is parsed pointers to TLVs that can potentially
1127 * be passed back in the response.
1130 mwifiex_ret_802_11_scan_get_tlv_ptrs(struct mwifiex_adapter *adapter,
1131 struct mwifiex_ie_types_data *tlv,
1132 u32 tlv_buf_size, u32 req_tlv_type,
1133 struct mwifiex_ie_types_data **tlv_data)
1135 struct mwifiex_ie_types_data *current_tlv;
1141 tlv_buf_left = tlv_buf_size;
1144 mwifiex_dbg(adapter, INFO,
1145 "info: SCAN_RESP: tlv_buf_size = %d\n",
1148 while (tlv_buf_left >= sizeof(struct mwifiex_ie_types_header)) {
1150 tlv_type = le16_to_cpu(current_tlv->header.type);
1151 tlv_len = le16_to_cpu(current_tlv->header.len);
1153 if (sizeof(tlv->header) + tlv_len > tlv_buf_left) {
1154 mwifiex_dbg(adapter, ERROR,
1155 "SCAN_RESP: TLV buffer corrupt\n");
1159 if (req_tlv_type == tlv_type) {
1161 case TLV_TYPE_TSFTIMESTAMP:
1162 mwifiex_dbg(adapter, INFO,
1163 "info: SCAN_RESP: TSF\t"
1164 "timestamp TLV, len = %d\n",
1166 *tlv_data = current_tlv;
1168 case TLV_TYPE_CHANNELBANDLIST:
1169 mwifiex_dbg(adapter, INFO,
1170 "info: SCAN_RESP: channel\t"
1171 "band list TLV, len = %d\n",
1173 *tlv_data = current_tlv;
1176 mwifiex_dbg(adapter, ERROR,
1177 "SCAN_RESP: unhandled TLV = %d\n",
1179 /* Give up, this seems corrupted */
1188 tlv_buf_left -= (sizeof(tlv->header) + tlv_len);
1190 (struct mwifiex_ie_types_data *) (current_tlv->data +
1197 * This function parses provided beacon buffer and updates
1198 * respective fields in bss descriptor structure.
1200 int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter,
1201 struct mwifiex_bssdescriptor *bss_entry)
1205 struct ieee_types_fh_param_set *fh_param_set;
1206 struct ieee_types_ds_param_set *ds_param_set;
1207 struct ieee_types_cf_param_set *cf_param_set;
1208 struct ieee_types_ibss_param_set *ibss_param_set;
1215 u8 found_data_rate_ie;
1217 struct ieee_types_vendor_specific *vendor_ie;
1218 const u8 wpa_oui[4] = { 0x00, 0x50, 0xf2, 0x01 };
1219 const u8 wmm_oui[4] = { 0x00, 0x50, 0xf2, 0x02 };
1221 found_data_rate_ie = false;
1223 current_ptr = bss_entry->beacon_buf;
1224 bytes_left = bss_entry->beacon_buf_size;
1226 /* Process variable IE */
1227 while (bytes_left >= 2) {
1228 element_id = *current_ptr;
1229 element_len = *(current_ptr + 1);
1230 total_ie_len = element_len + sizeof(struct ieee_types_header);
1232 if (bytes_left < total_ie_len) {
1233 mwifiex_dbg(adapter, ERROR,
1234 "err: InterpretIE: in processing\t"
1235 "IE, bytes left < IE length\n");
1238 switch (element_id) {
1240 if (element_len > IEEE80211_MAX_SSID_LEN)
1242 bss_entry->ssid.ssid_len = element_len;
1243 memcpy(bss_entry->ssid.ssid, (current_ptr + 2),
1245 mwifiex_dbg(adapter, INFO,
1246 "info: InterpretIE: ssid: %-32s\n",
1247 bss_entry->ssid.ssid);
1250 case WLAN_EID_SUPP_RATES:
1251 if (element_len > MWIFIEX_SUPPORTED_RATES)
1253 memcpy(bss_entry->data_rates, current_ptr + 2,
1255 memcpy(bss_entry->supported_rates, current_ptr + 2,
1257 rate_size = element_len;
1258 found_data_rate_ie = true;
1261 case WLAN_EID_FH_PARAMS:
1262 if (element_len + 2 < sizeof(*fh_param_set))
1265 (struct ieee_types_fh_param_set *) current_ptr;
1266 memcpy(&bss_entry->phy_param_set.fh_param_set,
1268 sizeof(struct ieee_types_fh_param_set));
1271 case WLAN_EID_DS_PARAMS:
1272 if (element_len + 2 < sizeof(*ds_param_set))
1275 (struct ieee_types_ds_param_set *) current_ptr;
1277 bss_entry->channel = ds_param_set->current_chan;
1279 memcpy(&bss_entry->phy_param_set.ds_param_set,
1281 sizeof(struct ieee_types_ds_param_set));
1284 case WLAN_EID_CF_PARAMS:
1285 if (element_len + 2 < sizeof(*cf_param_set))
1288 (struct ieee_types_cf_param_set *) current_ptr;
1289 memcpy(&bss_entry->ss_param_set.cf_param_set,
1291 sizeof(struct ieee_types_cf_param_set));
1294 case WLAN_EID_IBSS_PARAMS:
1295 if (element_len + 2 < sizeof(*ibss_param_set))
1298 (struct ieee_types_ibss_param_set *)
1300 memcpy(&bss_entry->ss_param_set.ibss_param_set,
1302 sizeof(struct ieee_types_ibss_param_set));
1305 case WLAN_EID_ERP_INFO:
1308 bss_entry->erp_flags = *(current_ptr + 2);
1311 case WLAN_EID_PWR_CONSTRAINT:
1314 bss_entry->local_constraint = *(current_ptr + 2);
1315 bss_entry->sensed_11h = true;
1318 case WLAN_EID_CHANNEL_SWITCH:
1319 bss_entry->chan_sw_ie_present = true;
1320 case WLAN_EID_PWR_CAPABILITY:
1321 case WLAN_EID_TPC_REPORT:
1322 case WLAN_EID_QUIET:
1323 bss_entry->sensed_11h = true;
1326 case WLAN_EID_EXT_SUPP_RATES:
1328 * Only process extended supported rate
1329 * if data rate is already found.
1330 * Data rate IE should come before
1331 * extended supported rate IE
1333 if (found_data_rate_ie) {
1334 if ((element_len + rate_size) >
1335 MWIFIEX_SUPPORTED_RATES)
1337 (MWIFIEX_SUPPORTED_RATES -
1340 bytes_to_copy = element_len;
1342 rate = (u8 *) bss_entry->data_rates;
1344 memcpy(rate, current_ptr + 2, bytes_to_copy);
1346 rate = (u8 *) bss_entry->supported_rates;
1348 memcpy(rate, current_ptr + 2, bytes_to_copy);
1352 case WLAN_EID_VENDOR_SPECIFIC:
1353 vendor_ie = (struct ieee_types_vendor_specific *)
1356 /* 802.11 requires at least 3-byte OUI. */
1357 if (element_len < sizeof(vendor_ie->vend_hdr.oui.oui))
1360 /* Not long enough for a match? Skip it. */
1361 if (element_len < sizeof(wpa_oui))
1364 if (!memcmp(&vendor_ie->vend_hdr.oui, wpa_oui,
1366 bss_entry->bcn_wpa_ie =
1367 (struct ieee_types_vendor_specific *)
1369 bss_entry->wpa_offset = (u16)
1370 (current_ptr - bss_entry->beacon_buf);
1371 } else if (!memcmp(&vendor_ie->vend_hdr.oui, wmm_oui,
1374 sizeof(struct ieee_types_wmm_parameter) ||
1376 sizeof(struct ieee_types_wmm_info))
1378 * Only accept and copy the WMM IE if
1379 * it matches the size expected for the
1380 * WMM Info IE or the WMM Parameter IE.
1382 memcpy((u8 *) &bss_entry->wmm_ie,
1383 current_ptr, total_ie_len);
1387 bss_entry->bcn_rsn_ie =
1388 (struct ieee_types_generic *) current_ptr;
1389 bss_entry->rsn_offset = (u16) (current_ptr -
1390 bss_entry->beacon_buf);
1392 case WLAN_EID_BSS_AC_ACCESS_DELAY:
1393 bss_entry->bcn_wapi_ie =
1394 (struct ieee_types_generic *) current_ptr;
1395 bss_entry->wapi_offset = (u16) (current_ptr -
1396 bss_entry->beacon_buf);
1398 case WLAN_EID_HT_CAPABILITY:
1399 bss_entry->bcn_ht_cap = (struct ieee80211_ht_cap *)
1401 sizeof(struct ieee_types_header));
1402 bss_entry->ht_cap_offset = (u16) (current_ptr +
1403 sizeof(struct ieee_types_header) -
1404 bss_entry->beacon_buf);
1406 case WLAN_EID_HT_OPERATION:
1407 bss_entry->bcn_ht_oper =
1408 (struct ieee80211_ht_operation *)(current_ptr +
1409 sizeof(struct ieee_types_header));
1410 bss_entry->ht_info_offset = (u16) (current_ptr +
1411 sizeof(struct ieee_types_header) -
1412 bss_entry->beacon_buf);
1414 case WLAN_EID_VHT_CAPABILITY:
1415 bss_entry->disable_11ac = false;
1416 bss_entry->bcn_vht_cap =
1417 (void *)(current_ptr +
1418 sizeof(struct ieee_types_header));
1419 bss_entry->vht_cap_offset =
1420 (u16)((u8 *)bss_entry->bcn_vht_cap -
1421 bss_entry->beacon_buf);
1423 case WLAN_EID_VHT_OPERATION:
1424 bss_entry->bcn_vht_oper =
1425 (void *)(current_ptr +
1426 sizeof(struct ieee_types_header));
1427 bss_entry->vht_info_offset =
1428 (u16)((u8 *)bss_entry->bcn_vht_oper -
1429 bss_entry->beacon_buf);
1431 case WLAN_EID_BSS_COEX_2040:
1432 bss_entry->bcn_bss_co_2040 = current_ptr;
1433 bss_entry->bss_co_2040_offset =
1434 (u16) (current_ptr - bss_entry->beacon_buf);
1436 case WLAN_EID_EXT_CAPABILITY:
1437 bss_entry->bcn_ext_cap = current_ptr;
1438 bss_entry->ext_cap_offset =
1439 (u16) (current_ptr - bss_entry->beacon_buf);
1441 case WLAN_EID_OPMODE_NOTIF:
1442 bss_entry->oper_mode = (void *)current_ptr;
1443 bss_entry->oper_mode_offset =
1444 (u16)((u8 *)bss_entry->oper_mode -
1445 bss_entry->beacon_buf);
1451 current_ptr += element_len + 2;
1453 /* Need to account for IE ID and IE Len */
1454 bytes_left -= (element_len + 2);
1456 } /* while (bytes_left > 2) */
1461 * This function converts radio type scan parameter to a band configuration
1462 * to be used in join command.
1465 mwifiex_radio_type_to_band(u8 radio_type)
1467 switch (radio_type) {
1468 case HostCmd_SCAN_RADIO_TYPE_A:
1470 case HostCmd_SCAN_RADIO_TYPE_BG:
1477 * This is an internal function used to start a scan based on an input
1480 * This uses the input user scan configuration information when provided in
1481 * order to send the appropriate scan commands to firmware to populate or
1482 * update the internal driver scan table.
1484 int mwifiex_scan_networks(struct mwifiex_private *priv,
1485 const struct mwifiex_user_scan_cfg *user_scan_in)
1488 struct mwifiex_adapter *adapter = priv->adapter;
1489 struct cmd_ctrl_node *cmd_node;
1490 union mwifiex_scan_cmd_config_tlv *scan_cfg_out;
1491 struct mwifiex_ie_types_chan_list_param_set *chan_list_out;
1492 struct mwifiex_chan_scan_param_set *scan_chan_list;
1494 u8 scan_current_chan_only;
1495 u8 max_chan_per_scan;
1496 unsigned long flags;
1498 if (adapter->scan_processing) {
1499 mwifiex_dbg(adapter, WARN,
1500 "cmd: Scan already in process...\n");
1504 if (priv->scan_block) {
1505 mwifiex_dbg(adapter, WARN,
1506 "cmd: Scan is blocked during association...\n");
1510 if (adapter->surprise_removed || adapter->is_cmd_timedout) {
1511 mwifiex_dbg(adapter, ERROR,
1512 "Ignore scan. Card removed or firmware in bad state\n");
1516 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, flags);
1517 adapter->scan_processing = true;
1518 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags);
1520 scan_cfg_out = kzalloc(sizeof(union mwifiex_scan_cmd_config_tlv),
1522 if (!scan_cfg_out) {
1527 scan_chan_list = kcalloc(MWIFIEX_USER_SCAN_CHAN_MAX,
1528 sizeof(struct mwifiex_chan_scan_param_set),
1530 if (!scan_chan_list) {
1531 kfree(scan_cfg_out);
1536 mwifiex_config_scan(priv, user_scan_in, &scan_cfg_out->config,
1537 &chan_list_out, scan_chan_list, &max_chan_per_scan,
1538 &filtered_scan, &scan_current_chan_only);
1540 ret = mwifiex_scan_channel_list(priv, max_chan_per_scan, filtered_scan,
1541 &scan_cfg_out->config, chan_list_out,
1544 /* Get scan command from scan_pending_q and put to cmd_pending_q */
1546 spin_lock_irqsave(&adapter->scan_pending_q_lock, flags);
1547 if (!list_empty(&adapter->scan_pending_q)) {
1548 cmd_node = list_first_entry(&adapter->scan_pending_q,
1549 struct cmd_ctrl_node, list);
1550 list_del(&cmd_node->list);
1551 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
1553 mwifiex_insert_cmd_to_pending_q(adapter, cmd_node,
1555 queue_work(adapter->workqueue, &adapter->main_work);
1557 /* Perform internal scan synchronously */
1558 if (!priv->scan_request) {
1559 mwifiex_dbg(adapter, INFO,
1560 "wait internal scan\n");
1561 mwifiex_wait_queue_complete(adapter, cmd_node);
1564 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
1569 kfree(scan_cfg_out);
1570 kfree(scan_chan_list);
1573 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, flags);
1574 adapter->scan_processing = false;
1575 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags);
1581 * This function prepares a scan command to be sent to the firmware.
1583 * This uses the scan command configuration sent to the command processing
1584 * module in command preparation stage to configure a scan command structure
1585 * to send to firmware.
1587 * The fixed fields specifying the BSS type and BSSID filters as well as a
1588 * variable number/length of TLVs are sent in the command to firmware.
1590 * Preparation also includes -
1591 * - Setting command ID, and proper size
1592 * - Ensuring correct endian-ness
1594 int mwifiex_cmd_802_11_scan(struct host_cmd_ds_command *cmd,
1595 struct mwifiex_scan_cmd_config *scan_cfg)
1597 struct host_cmd_ds_802_11_scan *scan_cmd = &cmd->params.scan;
1599 /* Set fixed field variables in scan command */
1600 scan_cmd->bss_mode = scan_cfg->bss_mode;
1601 memcpy(scan_cmd->bssid, scan_cfg->specific_bssid,
1602 sizeof(scan_cmd->bssid));
1603 memcpy(scan_cmd->tlv_buffer, scan_cfg->tlv_buf, scan_cfg->tlv_buf_len);
1605 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_SCAN);
1607 /* Size is equal to the sizeof(fixed portions) + the TLV len + header */
1608 cmd->size = cpu_to_le16((u16) (sizeof(scan_cmd->bss_mode)
1609 + sizeof(scan_cmd->bssid)
1610 + scan_cfg->tlv_buf_len + S_DS_GEN));
1616 * This function checks compatibility of requested network with current
1619 int mwifiex_check_network_compatibility(struct mwifiex_private *priv,
1620 struct mwifiex_bssdescriptor *bss_desc)
1627 if ((mwifiex_get_cfp(priv, (u8) bss_desc->bss_band,
1628 (u16) bss_desc->channel, 0))) {
1629 switch (priv->bss_mode) {
1630 case NL80211_IFTYPE_STATION:
1631 case NL80211_IFTYPE_ADHOC:
1632 ret = mwifiex_is_network_compatible(priv, bss_desc,
1635 mwifiex_dbg(priv->adapter, ERROR,
1636 "Incompatible network settings\n");
1646 /* This function checks if SSID string contains all zeroes or length is zero */
1647 static bool mwifiex_is_hidden_ssid(struct cfg80211_ssid *ssid)
1651 for (idx = 0; idx < ssid->ssid_len; idx++) {
1652 if (ssid->ssid[idx])
1659 /* This function checks if any hidden SSID found in passive scan channels
1660 * and save those channels for specific SSID active scan
1662 static int mwifiex_save_hidden_ssid_channels(struct mwifiex_private *priv,
1663 struct cfg80211_bss *bss)
1665 struct mwifiex_bssdescriptor *bss_desc;
1669 /* Allocate and fill new bss descriptor */
1670 bss_desc = kzalloc(sizeof(*bss_desc), GFP_KERNEL);
1674 ret = mwifiex_fill_new_bss_desc(priv, bss, bss_desc);
1678 if (mwifiex_is_hidden_ssid(&bss_desc->ssid)) {
1679 mwifiex_dbg(priv->adapter, INFO, "found hidden SSID\n");
1680 for (chid = 0 ; chid < MWIFIEX_USER_SCAN_CHAN_MAX; chid++) {
1681 if (priv->hidden_chan[chid].chan_number ==
1682 bss->channel->hw_value)
1685 if (!priv->hidden_chan[chid].chan_number) {
1686 priv->hidden_chan[chid].chan_number =
1687 bss->channel->hw_value;
1688 priv->hidden_chan[chid].radio_type =
1690 priv->hidden_chan[chid].scan_type =
1691 MWIFIEX_SCAN_TYPE_ACTIVE;
1702 static int mwifiex_update_curr_bss_params(struct mwifiex_private *priv,
1703 struct cfg80211_bss *bss)
1705 struct mwifiex_bssdescriptor *bss_desc;
1707 unsigned long flags;
1709 /* Allocate and fill new bss descriptor */
1710 bss_desc = kzalloc(sizeof(struct mwifiex_bssdescriptor), GFP_KERNEL);
1714 ret = mwifiex_fill_new_bss_desc(priv, bss, bss_desc);
1718 ret = mwifiex_check_network_compatibility(priv, bss_desc);
1722 spin_lock_irqsave(&priv->curr_bcn_buf_lock, flags);
1723 /* Make a copy of current BSSID descriptor */
1724 memcpy(&priv->curr_bss_params.bss_descriptor, bss_desc,
1725 sizeof(priv->curr_bss_params.bss_descriptor));
1727 /* The contents of beacon_ie will be copied to its own buffer
1728 * in mwifiex_save_curr_bcn()
1730 mwifiex_save_curr_bcn(priv);
1731 spin_unlock_irqrestore(&priv->curr_bcn_buf_lock, flags);
1734 /* beacon_ie buffer was allocated in function
1735 * mwifiex_fill_new_bss_desc(). Free it now.
1737 kfree(bss_desc->beacon_buf);
1743 mwifiex_parse_single_response_buf(struct mwifiex_private *priv, u8 **bss_info,
1744 u32 *bytes_left, u64 fw_tsf, u8 *radio_type,
1745 bool ext_scan, s32 rssi_val)
1747 struct mwifiex_adapter *adapter = priv->adapter;
1748 struct mwifiex_chan_freq_power *cfp;
1749 struct cfg80211_bss *bss;
1755 u16 beacon_size = 0;
1759 u16 cap_info_bitmap;
1762 struct mwifiex_fixed_bcn_param *bcn_param;
1763 struct mwifiex_bss_priv *bss_priv;
1765 if (*bytes_left >= sizeof(beacon_size)) {
1766 /* Extract & convert beacon size from command buffer */
1767 beacon_size = le16_to_cpu(*(__le16 *)(*bss_info));
1768 *bytes_left -= sizeof(beacon_size);
1769 *bss_info += sizeof(beacon_size);
1772 if (!beacon_size || beacon_size > *bytes_left) {
1773 *bss_info += *bytes_left;
1778 /* Initialize the current working beacon pointer for this BSS
1781 current_ptr = *bss_info;
1783 /* Advance the return beacon pointer past the current beacon */
1784 *bss_info += beacon_size;
1785 *bytes_left -= beacon_size;
1787 curr_bcn_bytes = beacon_size;
1789 /* First 5 fields are bssid, RSSI(for legacy scan only),
1790 * time stamp, beacon interval, and capability information
1792 if (curr_bcn_bytes < ETH_ALEN + sizeof(u8) +
1793 sizeof(struct mwifiex_fixed_bcn_param)) {
1794 mwifiex_dbg(adapter, ERROR,
1795 "InterpretIE: not enough bytes left\n");
1799 memcpy(bssid, current_ptr, ETH_ALEN);
1800 current_ptr += ETH_ALEN;
1801 curr_bcn_bytes -= ETH_ALEN;
1804 rssi = (s32) *current_ptr;
1805 rssi = (-rssi) * 100; /* Convert dBm to mBm */
1806 current_ptr += sizeof(u8);
1807 curr_bcn_bytes -= sizeof(u8);
1808 mwifiex_dbg(adapter, INFO,
1809 "info: InterpretIE: RSSI=%d\n", rssi);
1814 bcn_param = (struct mwifiex_fixed_bcn_param *)current_ptr;
1815 current_ptr += sizeof(*bcn_param);
1816 curr_bcn_bytes -= sizeof(*bcn_param);
1818 timestamp = le64_to_cpu(bcn_param->timestamp);
1819 beacon_period = le16_to_cpu(bcn_param->beacon_period);
1821 cap_info_bitmap = le16_to_cpu(bcn_param->cap_info_bitmap);
1822 mwifiex_dbg(adapter, INFO,
1823 "info: InterpretIE: capabilities=0x%X\n",
1826 /* Rest of the current buffer are IE's */
1827 ie_buf = current_ptr;
1828 ie_len = curr_bcn_bytes;
1829 mwifiex_dbg(adapter, INFO,
1830 "info: InterpretIE: IELength for this AP = %d\n",
1833 while (curr_bcn_bytes >= sizeof(struct ieee_types_header)) {
1834 u8 element_id, element_len;
1836 element_id = *current_ptr;
1837 element_len = *(current_ptr + 1);
1838 if (curr_bcn_bytes < element_len +
1839 sizeof(struct ieee_types_header)) {
1840 mwifiex_dbg(adapter, ERROR,
1841 "%s: bytes left < IE length\n", __func__);
1844 if (element_id == WLAN_EID_DS_PARAMS) {
1845 channel = *(current_ptr +
1846 sizeof(struct ieee_types_header));
1850 current_ptr += element_len + sizeof(struct ieee_types_header);
1851 curr_bcn_bytes -= element_len +
1852 sizeof(struct ieee_types_header);
1856 struct ieee80211_channel *chan;
1859 /* Skip entry if on csa closed channel */
1860 if (channel == priv->csa_chan) {
1861 mwifiex_dbg(adapter, WARN,
1862 "Dropping entry on csa closed channel\n");
1868 band = mwifiex_radio_type_to_band(*radio_type &
1871 cfp = mwifiex_get_cfp(priv, band, channel, 0);
1873 freq = cfp ? cfp->freq : 0;
1875 chan = ieee80211_get_channel(priv->wdev.wiphy, freq);
1877 if (chan && !(chan->flags & IEEE80211_CHAN_DISABLED)) {
1878 bss = cfg80211_inform_bss(priv->wdev.wiphy,
1879 chan, CFG80211_BSS_FTYPE_UNKNOWN,
1881 cap_info_bitmap, beacon_period,
1882 ie_buf, ie_len, rssi, GFP_ATOMIC);
1884 bss_priv = (struct mwifiex_bss_priv *)bss->priv;
1885 bss_priv->band = band;
1886 bss_priv->fw_tsf = fw_tsf;
1887 if (priv->media_connected &&
1888 !memcmp(bssid, priv->curr_bss_params.
1889 bss_descriptor.mac_address,
1891 mwifiex_update_curr_bss_params(priv,
1894 if ((chan->flags & IEEE80211_CHAN_RADAR) ||
1895 (chan->flags & IEEE80211_CHAN_NO_IR)) {
1896 mwifiex_dbg(adapter, INFO,
1897 "radar or passive channel %d\n",
1899 mwifiex_save_hidden_ssid_channels(priv,
1903 cfg80211_put_bss(priv->wdev.wiphy, bss);
1907 mwifiex_dbg(adapter, WARN, "missing BSS channel IE\n");
1913 static void mwifiex_complete_scan(struct mwifiex_private *priv)
1915 struct mwifiex_adapter *adapter = priv->adapter;
1917 adapter->survey_idx = 0;
1918 if (adapter->curr_cmd->wait_q_enabled) {
1919 adapter->cmd_wait_q.status = 0;
1920 if (!priv->scan_request) {
1921 mwifiex_dbg(adapter, INFO,
1922 "complete internal scan\n");
1923 mwifiex_complete_cmd(adapter, adapter->curr_cmd);
1928 /* This function checks if any hidden SSID found in passive scan channels
1929 * and do specific SSID active scan for those channels
1932 mwifiex_active_scan_req_for_passive_chan(struct mwifiex_private *priv)
1935 struct mwifiex_adapter *adapter = priv->adapter;
1937 struct mwifiex_user_scan_cfg *user_scan_cfg;
1939 if (adapter->active_scan_triggered || !priv->scan_request ||
1940 priv->scan_aborting) {
1941 adapter->active_scan_triggered = false;
1945 if (!priv->hidden_chan[0].chan_number) {
1946 mwifiex_dbg(adapter, INFO, "No BSS with hidden SSID found on DFS channels\n");
1949 user_scan_cfg = kzalloc(sizeof(*user_scan_cfg), GFP_KERNEL);
1954 memset(user_scan_cfg, 0, sizeof(*user_scan_cfg));
1956 for (id = 0; id < MWIFIEX_USER_SCAN_CHAN_MAX; id++) {
1957 if (!priv->hidden_chan[id].chan_number)
1959 memcpy(&user_scan_cfg->chan_list[id],
1960 &priv->hidden_chan[id],
1961 sizeof(struct mwifiex_user_scan_chan));
1964 adapter->active_scan_triggered = true;
1965 ether_addr_copy(user_scan_cfg->random_mac, priv->random_mac);
1966 user_scan_cfg->num_ssids = priv->scan_request->n_ssids;
1967 user_scan_cfg->ssid_list = priv->scan_request->ssids;
1969 ret = mwifiex_scan_networks(priv, user_scan_cfg);
1970 kfree(user_scan_cfg);
1972 memset(&priv->hidden_chan, 0, sizeof(priv->hidden_chan));
1975 dev_err(priv->adapter->dev, "scan failed: %d\n", ret);
1981 static void mwifiex_check_next_scan_command(struct mwifiex_private *priv)
1983 struct mwifiex_adapter *adapter = priv->adapter;
1984 struct cmd_ctrl_node *cmd_node;
1985 unsigned long flags;
1987 spin_lock_irqsave(&adapter->scan_pending_q_lock, flags);
1988 if (list_empty(&adapter->scan_pending_q)) {
1989 spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags);
1991 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, flags);
1992 adapter->scan_processing = false;
1993 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags);
1995 mwifiex_active_scan_req_for_passive_chan(priv);
1997 if (!adapter->ext_scan)
1998 mwifiex_complete_scan(priv);
2000 if (priv->scan_request) {
2001 struct cfg80211_scan_info info = {
2005 mwifiex_dbg(adapter, INFO,
2006 "info: notifying scan done\n");
2007 cfg80211_scan_done(priv->scan_request, &info);
2008 priv->scan_request = NULL;
2009 priv->scan_aborting = false;
2011 priv->scan_aborting = false;
2012 mwifiex_dbg(adapter, INFO,
2013 "info: scan already aborted\n");
2015 } else if ((priv->scan_aborting && !priv->scan_request) ||
2017 spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags);
2019 mwifiex_cancel_pending_scan_cmd(adapter);
2021 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, flags);
2022 adapter->scan_processing = false;
2023 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags);
2025 if (!adapter->active_scan_triggered) {
2026 if (priv->scan_request) {
2027 struct cfg80211_scan_info info = {
2031 mwifiex_dbg(adapter, INFO,
2032 "info: aborting scan\n");
2033 cfg80211_scan_done(priv->scan_request, &info);
2034 priv->scan_request = NULL;
2035 priv->scan_aborting = false;
2037 priv->scan_aborting = false;
2038 mwifiex_dbg(adapter, INFO,
2039 "info: scan already aborted\n");
2043 /* Get scan command from scan_pending_q and put to
2046 cmd_node = list_first_entry(&adapter->scan_pending_q,
2047 struct cmd_ctrl_node, list);
2048 list_del(&cmd_node->list);
2049 spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags);
2050 mwifiex_insert_cmd_to_pending_q(adapter, cmd_node, true);
2056 void mwifiex_cancel_scan(struct mwifiex_adapter *adapter)
2058 struct mwifiex_private *priv;
2059 unsigned long cmd_flags;
2062 mwifiex_cancel_pending_scan_cmd(adapter);
2064 if (adapter->scan_processing) {
2065 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, cmd_flags);
2066 adapter->scan_processing = false;
2067 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, cmd_flags);
2068 for (i = 0; i < adapter->priv_num; i++) {
2069 priv = adapter->priv[i];
2072 if (priv->scan_request) {
2073 struct cfg80211_scan_info info = {
2077 mwifiex_dbg(adapter, INFO,
2078 "info: aborting scan\n");
2079 cfg80211_scan_done(priv->scan_request, &info);
2080 priv->scan_request = NULL;
2081 priv->scan_aborting = false;
2088 * This function handles the command response of scan.
2090 * The response buffer for the scan command has the following
2093 * .-------------------------------------------------------------.
2094 * | Header (4 * sizeof(t_u16)): Standard command response hdr |
2095 * .-------------------------------------------------------------.
2096 * | BufSize (t_u16) : sizeof the BSS Description data |
2097 * .-------------------------------------------------------------.
2098 * | NumOfSet (t_u8) : Number of BSS Descs returned |
2099 * .-------------------------------------------------------------.
2100 * | BSSDescription data (variable, size given in BufSize) |
2101 * .-------------------------------------------------------------.
2102 * | TLV data (variable, size calculated using Header->Size, |
2103 * | BufSize and sizeof the fixed fields above) |
2104 * .-------------------------------------------------------------.
2106 int mwifiex_ret_802_11_scan(struct mwifiex_private *priv,
2107 struct host_cmd_ds_command *resp)
2110 struct mwifiex_adapter *adapter = priv->adapter;
2111 struct host_cmd_ds_802_11_scan_rsp *scan_rsp;
2112 struct mwifiex_ie_types_data *tlv_data;
2113 struct mwifiex_ie_types_tsf_timestamp *tsf_tlv;
2119 struct mwifiex_ie_types_chan_band_list_param_set *chan_band_tlv;
2120 struct chan_band_param_set *chan_band;
2124 struct cfg80211_wowlan_nd_match *pmatch;
2125 struct cfg80211_sched_scan_request *nd_config = NULL;
2127 is_bgscan_resp = (le16_to_cpu(resp->command)
2128 == HostCmd_CMD_802_11_BG_SCAN_QUERY);
2130 scan_rsp = &resp->params.bg_scan_query_resp.scan_resp;
2132 scan_rsp = &resp->params.scan_resp;
2135 if (scan_rsp->number_of_sets > MWIFIEX_MAX_AP) {
2136 mwifiex_dbg(adapter, ERROR,
2137 "SCAN_RESP: too many AP returned (%d)\n",
2138 scan_rsp->number_of_sets);
2140 goto check_next_scan;
2143 /* Check csa channel expiry before parsing scan response */
2144 mwifiex_11h_get_csa_closed_channel(priv);
2146 bytes_left = le16_to_cpu(scan_rsp->bss_descript_size);
2147 mwifiex_dbg(adapter, INFO,
2148 "info: SCAN_RESP: bss_descript_size %d\n",
2151 scan_resp_size = le16_to_cpu(resp->size);
2153 mwifiex_dbg(adapter, INFO,
2154 "info: SCAN_RESP: returned %d APs before parsing\n",
2155 scan_rsp->number_of_sets);
2157 bss_info = scan_rsp->bss_desc_and_tlv_buffer;
2160 * The size of the TLV buffer is equal to the entire command response
2161 * size (scan_resp_size) minus the fixed fields (sizeof()'s), the
2162 * BSS Descriptions (bss_descript_size as bytesLef) and the command
2163 * response header (S_DS_GEN)
2165 tlv_buf_size = scan_resp_size - (bytes_left
2166 + sizeof(scan_rsp->bss_descript_size)
2167 + sizeof(scan_rsp->number_of_sets)
2170 tlv_data = (struct mwifiex_ie_types_data *) (scan_rsp->
2171 bss_desc_and_tlv_buffer +
2174 /* Search the TLV buffer space in the scan response for any valid
2176 mwifiex_ret_802_11_scan_get_tlv_ptrs(adapter, tlv_data, tlv_buf_size,
2177 TLV_TYPE_TSFTIMESTAMP,
2178 (struct mwifiex_ie_types_data **)
2181 /* Search the TLV buffer space in the scan response for any valid
2183 mwifiex_ret_802_11_scan_get_tlv_ptrs(adapter, tlv_data, tlv_buf_size,
2184 TLV_TYPE_CHANNELBANDLIST,
2185 (struct mwifiex_ie_types_data **)
2189 if (priv->wdev.wiphy->wowlan_config)
2190 nd_config = priv->wdev.wiphy->wowlan_config->nd_config;
2195 kzalloc(sizeof(struct cfg80211_wowlan_nd_match) +
2196 sizeof(struct cfg80211_wowlan_nd_match *) *
2197 scan_rsp->number_of_sets, GFP_ATOMIC);
2199 if (adapter->nd_info)
2200 adapter->nd_info->n_matches = scan_rsp->number_of_sets;
2203 for (idx = 0; idx < scan_rsp->number_of_sets && bytes_left; idx++) {
2205 * If the TSF TLV was appended to the scan results, save this
2206 * entry's TSF value in the fw_tsf field. It is the firmware's
2207 * TSF value at the time the beacon or probe response was
2211 memcpy(&fw_tsf, &tsf_tlv->tsf_data[idx * TSF_DATA_SIZE],
2214 if (chan_band_tlv) {
2215 chan_band = &chan_band_tlv->chan_band_param[idx];
2216 radio_type = &chan_band->radio_type;
2221 if (chan_band_tlv && adapter->nd_info) {
2222 adapter->nd_info->matches[idx] =
2223 kzalloc(sizeof(*pmatch) + sizeof(u32),
2226 pmatch = adapter->nd_info->matches[idx];
2229 pmatch->n_channels = 1;
2230 pmatch->channels[0] = chan_band->chan_number;
2234 ret = mwifiex_parse_single_response_buf(priv, &bss_info,
2236 le64_to_cpu(fw_tsf),
2237 radio_type, false, 0);
2239 goto check_next_scan;
2243 mwifiex_check_next_scan_command(priv);
2248 * This function prepares an extended scan command to be sent to the firmware
2250 * This uses the scan command configuration sent to the command processing
2251 * module in command preparation stage to configure a extended scan command
2252 * structure to send to firmware.
2254 int mwifiex_cmd_802_11_scan_ext(struct mwifiex_private *priv,
2255 struct host_cmd_ds_command *cmd,
2258 struct host_cmd_ds_802_11_scan_ext *ext_scan = &cmd->params.ext_scan;
2259 struct mwifiex_scan_cmd_config *scan_cfg = data_buf;
2261 memcpy(ext_scan->tlv_buffer, scan_cfg->tlv_buf, scan_cfg->tlv_buf_len);
2263 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_SCAN_EXT);
2265 /* Size is equal to the sizeof(fixed portions) + the TLV len + header */
2266 cmd->size = cpu_to_le16((u16)(sizeof(ext_scan->reserved)
2267 + scan_cfg->tlv_buf_len + S_DS_GEN));
2272 /* This function prepares an background scan config command to be sent
2275 int mwifiex_cmd_802_11_bg_scan_config(struct mwifiex_private *priv,
2276 struct host_cmd_ds_command *cmd,
2279 struct host_cmd_ds_802_11_bg_scan_config *bgscan_config =
2280 &cmd->params.bg_scan_config;
2281 struct mwifiex_bg_scan_cfg *bgscan_cfg_in = data_buf;
2282 u8 *tlv_pos = bgscan_config->tlv;
2284 u32 ssid_len, chan_idx, scan_type, scan_dur, chan_num;
2286 struct mwifiex_ie_types_num_probes *num_probes_tlv;
2287 struct mwifiex_ie_types_repeat_count *repeat_count_tlv;
2288 struct mwifiex_ie_types_min_rssi_threshold *rssi_threshold_tlv;
2289 struct mwifiex_ie_types_bgscan_start_later *start_later_tlv;
2290 struct mwifiex_ie_types_wildcard_ssid_params *wildcard_ssid_tlv;
2291 struct mwifiex_ie_types_chan_list_param_set *chan_list_tlv;
2292 struct mwifiex_chan_scan_param_set *temp_chan;
2294 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_BG_SCAN_CONFIG);
2295 cmd->size = cpu_to_le16(sizeof(*bgscan_config) + S_DS_GEN);
2297 bgscan_config->action = cpu_to_le16(bgscan_cfg_in->action);
2298 bgscan_config->enable = bgscan_cfg_in->enable;
2299 bgscan_config->bss_type = bgscan_cfg_in->bss_type;
2300 bgscan_config->scan_interval =
2301 cpu_to_le32(bgscan_cfg_in->scan_interval);
2302 bgscan_config->report_condition =
2303 cpu_to_le32(bgscan_cfg_in->report_condition);
2305 /* stop sched scan */
2306 if (!bgscan_config->enable)
2309 bgscan_config->chan_per_scan = bgscan_cfg_in->chan_per_scan;
2311 num_probes = (bgscan_cfg_in->num_probes ? bgscan_cfg_in->
2312 num_probes : priv->adapter->scan_probes);
2315 num_probes_tlv = (struct mwifiex_ie_types_num_probes *)tlv_pos;
2316 num_probes_tlv->header.type = cpu_to_le16(TLV_TYPE_NUMPROBES);
2317 num_probes_tlv->header.len =
2318 cpu_to_le16(sizeof(num_probes_tlv->num_probes));
2319 num_probes_tlv->num_probes = cpu_to_le16((u16)num_probes);
2321 tlv_pos += sizeof(num_probes_tlv->header) +
2322 le16_to_cpu(num_probes_tlv->header.len);
2325 if (bgscan_cfg_in->repeat_count) {
2327 (struct mwifiex_ie_types_repeat_count *)tlv_pos;
2328 repeat_count_tlv->header.type =
2329 cpu_to_le16(TLV_TYPE_REPEAT_COUNT);
2330 repeat_count_tlv->header.len =
2331 cpu_to_le16(sizeof(repeat_count_tlv->repeat_count));
2332 repeat_count_tlv->repeat_count =
2333 cpu_to_le16(bgscan_cfg_in->repeat_count);
2335 tlv_pos += sizeof(repeat_count_tlv->header) +
2336 le16_to_cpu(repeat_count_tlv->header.len);
2339 if (bgscan_cfg_in->rssi_threshold) {
2340 rssi_threshold_tlv =
2341 (struct mwifiex_ie_types_min_rssi_threshold *)tlv_pos;
2342 rssi_threshold_tlv->header.type =
2343 cpu_to_le16(TLV_TYPE_RSSI_LOW);
2344 rssi_threshold_tlv->header.len =
2345 cpu_to_le16(sizeof(rssi_threshold_tlv->rssi_threshold));
2346 rssi_threshold_tlv->rssi_threshold =
2347 cpu_to_le16(bgscan_cfg_in->rssi_threshold);
2349 tlv_pos += sizeof(rssi_threshold_tlv->header) +
2350 le16_to_cpu(rssi_threshold_tlv->header.len);
2353 for (i = 0; i < bgscan_cfg_in->num_ssids; i++) {
2354 ssid_len = bgscan_cfg_in->ssid_list[i].ssid.ssid_len;
2357 (struct mwifiex_ie_types_wildcard_ssid_params *)tlv_pos;
2358 wildcard_ssid_tlv->header.type =
2359 cpu_to_le16(TLV_TYPE_WILDCARDSSID);
2360 wildcard_ssid_tlv->header.len = cpu_to_le16(
2361 (u16)(ssid_len + sizeof(wildcard_ssid_tlv->
2364 /* max_ssid_length = 0 tells firmware to perform
2365 * specific scan for the SSID filled, whereas
2366 * max_ssid_length = IEEE80211_MAX_SSID_LEN is for
2370 wildcard_ssid_tlv->max_ssid_length = 0;
2372 wildcard_ssid_tlv->max_ssid_length =
2373 IEEE80211_MAX_SSID_LEN;
2375 memcpy(wildcard_ssid_tlv->ssid,
2376 bgscan_cfg_in->ssid_list[i].ssid.ssid, ssid_len);
2378 tlv_pos += (sizeof(wildcard_ssid_tlv->header)
2379 + le16_to_cpu(wildcard_ssid_tlv->header.len));
2382 chan_list_tlv = (struct mwifiex_ie_types_chan_list_param_set *)tlv_pos;
2384 if (bgscan_cfg_in->chan_list[0].chan_number) {
2385 dev_dbg(priv->adapter->dev, "info: bgscan: Using supplied channel list\n");
2387 chan_list_tlv->header.type = cpu_to_le16(TLV_TYPE_CHANLIST);
2390 chan_idx < MWIFIEX_BG_SCAN_CHAN_MAX &&
2391 bgscan_cfg_in->chan_list[chan_idx].chan_number;
2393 temp_chan = chan_list_tlv->chan_scan_param + chan_idx;
2395 /* Increment the TLV header length by size appended */
2396 le16_add_cpu(&chan_list_tlv->header.len,
2397 sizeof(chan_list_tlv->chan_scan_param));
2399 temp_chan->chan_number =
2400 bgscan_cfg_in->chan_list[chan_idx].chan_number;
2401 temp_chan->radio_type =
2402 bgscan_cfg_in->chan_list[chan_idx].radio_type;
2405 bgscan_cfg_in->chan_list[chan_idx].scan_type;
2407 if (scan_type == MWIFIEX_SCAN_TYPE_PASSIVE)
2408 temp_chan->chan_scan_mode_bitmap
2409 |= MWIFIEX_PASSIVE_SCAN;
2411 temp_chan->chan_scan_mode_bitmap
2412 &= ~MWIFIEX_PASSIVE_SCAN;
2414 if (bgscan_cfg_in->chan_list[chan_idx].scan_time) {
2415 scan_dur = (u16)bgscan_cfg_in->
2416 chan_list[chan_idx].scan_time;
2418 scan_dur = (scan_type ==
2419 MWIFIEX_SCAN_TYPE_PASSIVE) ?
2420 priv->adapter->passive_scan_time :
2421 priv->adapter->specific_scan_time;
2424 temp_chan->min_scan_time = cpu_to_le16(scan_dur);
2425 temp_chan->max_scan_time = cpu_to_le16(scan_dur);
2428 dev_dbg(priv->adapter->dev,
2429 "info: bgscan: Creating full region channel list\n");
2431 mwifiex_bgscan_create_channel_list(priv, bgscan_cfg_in,
2434 le16_add_cpu(&chan_list_tlv->header.len,
2436 sizeof(chan_list_tlv->chan_scan_param[0]));
2439 tlv_pos += (sizeof(chan_list_tlv->header)
2440 + le16_to_cpu(chan_list_tlv->header.len));
2442 if (bgscan_cfg_in->start_later) {
2444 (struct mwifiex_ie_types_bgscan_start_later *)tlv_pos;
2445 start_later_tlv->header.type =
2446 cpu_to_le16(TLV_TYPE_BGSCAN_START_LATER);
2447 start_later_tlv->header.len =
2448 cpu_to_le16(sizeof(start_later_tlv->start_later));
2449 start_later_tlv->start_later =
2450 cpu_to_le16(bgscan_cfg_in->start_later);
2452 tlv_pos += sizeof(start_later_tlv->header) +
2453 le16_to_cpu(start_later_tlv->header.len);
2456 /* Append vendor specific IE TLV */
2457 mwifiex_cmd_append_vsie_tlv(priv, MWIFIEX_VSIE_MASK_BGSCAN, &tlv_pos);
2459 le16_add_cpu(&cmd->size, tlv_pos - bgscan_config->tlv);
2464 int mwifiex_stop_bg_scan(struct mwifiex_private *priv)
2466 struct mwifiex_bg_scan_cfg *bgscan_cfg;
2468 if (!priv->sched_scanning) {
2469 dev_dbg(priv->adapter->dev, "bgscan already stopped!\n");
2473 bgscan_cfg = kzalloc(sizeof(*bgscan_cfg), GFP_KERNEL);
2477 bgscan_cfg->bss_type = MWIFIEX_BSS_MODE_INFRA;
2478 bgscan_cfg->action = MWIFIEX_BGSCAN_ACT_SET;
2479 bgscan_cfg->enable = false;
2481 if (mwifiex_send_cmd(priv, HostCmd_CMD_802_11_BG_SCAN_CONFIG,
2482 HostCmd_ACT_GEN_SET, 0, bgscan_cfg, true)) {
2488 priv->sched_scanning = false;
2494 mwifiex_update_chan_statistics(struct mwifiex_private *priv,
2495 struct mwifiex_ietypes_chanstats *tlv_stat)
2497 struct mwifiex_adapter *adapter = priv->adapter;
2499 struct mwifiex_fw_chan_stats *fw_chan_stats;
2500 struct mwifiex_chan_stats chan_stats;
2502 fw_chan_stats = (void *)((u8 *)tlv_stat +
2503 sizeof(struct mwifiex_ie_types_header));
2504 num_chan = le16_to_cpu(tlv_stat->header.len) /
2505 sizeof(struct mwifiex_chan_stats);
2507 for (i = 0 ; i < num_chan; i++) {
2508 if (adapter->survey_idx >= adapter->num_in_chan_stats) {
2509 mwifiex_dbg(adapter, WARN,
2510 "FW reported too many channel results (max %d)\n",
2511 adapter->num_in_chan_stats);
2514 chan_stats.chan_num = fw_chan_stats->chan_num;
2515 chan_stats.bandcfg = fw_chan_stats->bandcfg;
2516 chan_stats.flags = fw_chan_stats->flags;
2517 chan_stats.noise = fw_chan_stats->noise;
2518 chan_stats.total_bss = le16_to_cpu(fw_chan_stats->total_bss);
2519 chan_stats.cca_scan_dur =
2520 le16_to_cpu(fw_chan_stats->cca_scan_dur);
2521 chan_stats.cca_busy_dur =
2522 le16_to_cpu(fw_chan_stats->cca_busy_dur);
2523 mwifiex_dbg(adapter, INFO,
2524 "chan=%d, noise=%d, total_network=%d scan_duration=%d, busy_duration=%d\n",
2525 chan_stats.chan_num,
2527 chan_stats.total_bss,
2528 chan_stats.cca_scan_dur,
2529 chan_stats.cca_busy_dur);
2530 memcpy(&adapter->chan_stats[adapter->survey_idx++], &chan_stats,
2531 sizeof(struct mwifiex_chan_stats));
2536 /* This function handles the command response of extended scan */
2537 int mwifiex_ret_802_11_scan_ext(struct mwifiex_private *priv,
2538 struct host_cmd_ds_command *resp)
2540 struct mwifiex_adapter *adapter = priv->adapter;
2541 struct host_cmd_ds_802_11_scan_ext *ext_scan_resp;
2542 struct mwifiex_ie_types_header *tlv;
2543 struct mwifiex_ietypes_chanstats *tlv_stat;
2544 u16 buf_left, type, len;
2546 struct host_cmd_ds_command *cmd_ptr;
2547 struct cmd_ctrl_node *cmd_node;
2548 unsigned long cmd_flags, scan_flags;
2549 bool complete_scan = false;
2551 mwifiex_dbg(adapter, INFO, "info: EXT scan returns successfully\n");
2553 ext_scan_resp = &resp->params.ext_scan;
2555 tlv = (void *)ext_scan_resp->tlv_buffer;
2556 buf_left = le16_to_cpu(resp->size) - (sizeof(*ext_scan_resp) + S_DS_GEN
2559 while (buf_left >= sizeof(struct mwifiex_ie_types_header)) {
2560 type = le16_to_cpu(tlv->type);
2561 len = le16_to_cpu(tlv->len);
2563 if (buf_left < (sizeof(struct mwifiex_ie_types_header) + len)) {
2564 mwifiex_dbg(adapter, ERROR,
2565 "error processing scan response TLVs");
2570 case TLV_TYPE_CHANNEL_STATS:
2571 tlv_stat = (void *)tlv;
2572 mwifiex_update_chan_statistics(priv, tlv_stat);
2578 buf_left -= len + sizeof(struct mwifiex_ie_types_header);
2579 tlv = (void *)((u8 *)tlv + len +
2580 sizeof(struct mwifiex_ie_types_header));
2583 spin_lock_irqsave(&adapter->cmd_pending_q_lock, cmd_flags);
2584 spin_lock_irqsave(&adapter->scan_pending_q_lock, scan_flags);
2585 if (list_empty(&adapter->scan_pending_q)) {
2586 complete_scan = true;
2587 list_for_each_entry(cmd_node, &adapter->cmd_pending_q, list) {
2588 cmd_ptr = (void *)cmd_node->cmd_skb->data;
2589 if (le16_to_cpu(cmd_ptr->command) ==
2590 HostCmd_CMD_802_11_SCAN_EXT) {
2591 mwifiex_dbg(adapter, INFO,
2592 "Scan pending in command pending list");
2593 complete_scan = false;
2598 spin_unlock_irqrestore(&adapter->scan_pending_q_lock, scan_flags);
2599 spin_unlock_irqrestore(&adapter->cmd_pending_q_lock, cmd_flags);
2602 mwifiex_complete_scan(priv);
2607 /* This function This function handles the event extended scan report. It
2608 * parses extended scan results and informs to cfg80211 stack.
2610 int mwifiex_handle_event_ext_scan_report(struct mwifiex_private *priv,
2614 struct mwifiex_adapter *adapter = priv->adapter;
2616 u32 bytes_left, bytes_left_for_tlv, idx;
2618 struct mwifiex_ie_types_data *tlv;
2619 struct mwifiex_ie_types_bss_scan_rsp *scan_rsp_tlv;
2620 struct mwifiex_ie_types_bss_scan_info *scan_info_tlv;
2624 struct mwifiex_event_scan_result *event_scan = buf;
2625 u8 num_of_set = event_scan->num_of_set;
2626 u8 *scan_resp = buf + sizeof(struct mwifiex_event_scan_result);
2627 u16 scan_resp_size = le16_to_cpu(event_scan->buf_size);
2629 if (num_of_set > MWIFIEX_MAX_AP) {
2630 mwifiex_dbg(adapter, ERROR,
2631 "EXT_SCAN: Invalid number of AP returned (%d)!!\n",
2634 goto check_next_scan;
2637 bytes_left = scan_resp_size;
2638 mwifiex_dbg(adapter, INFO,
2639 "EXT_SCAN: size %d, returned %d APs...",
2640 scan_resp_size, num_of_set);
2641 mwifiex_dbg_dump(adapter, CMD_D, "EXT_SCAN buffer:", buf,
2643 sizeof(struct mwifiex_event_scan_result));
2645 tlv = (struct mwifiex_ie_types_data *)scan_resp;
2647 for (idx = 0; idx < num_of_set && bytes_left; idx++) {
2648 type = le16_to_cpu(tlv->header.type);
2649 len = le16_to_cpu(tlv->header.len);
2650 if (bytes_left < sizeof(struct mwifiex_ie_types_header) + len) {
2651 mwifiex_dbg(adapter, ERROR,
2652 "EXT_SCAN: Error bytes left < TLV length\n");
2655 scan_rsp_tlv = NULL;
2656 scan_info_tlv = NULL;
2657 bytes_left_for_tlv = bytes_left;
2659 /* BSS response TLV with beacon or probe response buffer
2660 * at the initial position of each descriptor
2662 if (type != TLV_TYPE_BSS_SCAN_RSP)
2665 bss_info = (u8 *)tlv;
2666 scan_rsp_tlv = (struct mwifiex_ie_types_bss_scan_rsp *)tlv;
2667 tlv = (struct mwifiex_ie_types_data *)(tlv->data + len);
2668 bytes_left_for_tlv -=
2669 (len + sizeof(struct mwifiex_ie_types_header));
2671 while (bytes_left_for_tlv >=
2672 sizeof(struct mwifiex_ie_types_header) &&
2673 le16_to_cpu(tlv->header.type) != TLV_TYPE_BSS_SCAN_RSP) {
2674 type = le16_to_cpu(tlv->header.type);
2675 len = le16_to_cpu(tlv->header.len);
2676 if (bytes_left_for_tlv <
2677 sizeof(struct mwifiex_ie_types_header) + len) {
2678 mwifiex_dbg(adapter, ERROR,
2679 "EXT_SCAN: Error in processing TLV,\t"
2680 "bytes left < TLV length\n");
2681 scan_rsp_tlv = NULL;
2682 bytes_left_for_tlv = 0;
2686 case TLV_TYPE_BSS_SCAN_INFO:
2688 (struct mwifiex_ie_types_bss_scan_info *)tlv;
2690 sizeof(struct mwifiex_ie_types_bss_scan_info) -
2691 sizeof(struct mwifiex_ie_types_header)) {
2692 bytes_left_for_tlv = 0;
2699 tlv = (struct mwifiex_ie_types_data *)(tlv->data + len);
2701 (len + sizeof(struct mwifiex_ie_types_header));
2702 bytes_left_for_tlv -=
2703 (len + sizeof(struct mwifiex_ie_types_header));
2709 /* Advance pointer to the beacon buffer length and
2710 * update the bytes count so that the function
2711 * wlan_interpret_bss_desc_with_ie() can handle the
2712 * scan buffer withut any change
2714 bss_info += sizeof(u16);
2715 bytes_left -= sizeof(u16);
2717 if (scan_info_tlv) {
2718 rssi = (s32)(s16)(le16_to_cpu(scan_info_tlv->rssi));
2719 rssi *= 100; /* Convert dBm to mBm */
2720 mwifiex_dbg(adapter, INFO,
2721 "info: InterpretIE: RSSI=%d\n", rssi);
2722 fw_tsf = le64_to_cpu(scan_info_tlv->tsf);
2723 radio_type = &scan_info_tlv->radio_type;
2727 ret = mwifiex_parse_single_response_buf(priv, &bss_info,
2728 &bytes_left, fw_tsf,
2729 radio_type, true, rssi);
2731 goto check_next_scan;
2735 if (!event_scan->more_event)
2736 mwifiex_check_next_scan_command(priv);
2742 * This function prepares command for background scan query.
2744 * Preparation includes -
2745 * - Setting command ID and proper size
2746 * - Setting background scan flush parameter
2747 * - Ensuring correct endian-ness
2749 int mwifiex_cmd_802_11_bg_scan_query(struct host_cmd_ds_command *cmd)
2751 struct host_cmd_ds_802_11_bg_scan_query *bg_query =
2752 &cmd->params.bg_scan_query;
2754 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_BG_SCAN_QUERY);
2755 cmd->size = cpu_to_le16(sizeof(struct host_cmd_ds_802_11_bg_scan_query)
2758 bg_query->flush = 1;
2764 * This function inserts scan command node to the scan pending queue.
2767 mwifiex_queue_scan_cmd(struct mwifiex_private *priv,
2768 struct cmd_ctrl_node *cmd_node)
2770 struct mwifiex_adapter *adapter = priv->adapter;
2771 unsigned long flags;
2773 cmd_node->wait_q_enabled = true;
2774 cmd_node->condition = &adapter->scan_wait_q_woken;
2775 spin_lock_irqsave(&adapter->scan_pending_q_lock, flags);
2776 list_add_tail(&cmd_node->list, &adapter->scan_pending_q);
2777 spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags);
2781 * This function sends a scan command for all available channels to the
2782 * firmware, filtered on a specific SSID.
2784 static int mwifiex_scan_specific_ssid(struct mwifiex_private *priv,
2785 struct cfg80211_ssid *req_ssid)
2787 struct mwifiex_adapter *adapter = priv->adapter;
2789 struct mwifiex_user_scan_cfg *scan_cfg;
2791 if (adapter->scan_processing) {
2792 mwifiex_dbg(adapter, WARN,
2793 "cmd: Scan already in process...\n");
2797 if (priv->scan_block) {
2798 mwifiex_dbg(adapter, WARN,
2799 "cmd: Scan is blocked during association...\n");
2803 scan_cfg = kzalloc(sizeof(struct mwifiex_user_scan_cfg), GFP_KERNEL);
2807 ether_addr_copy(scan_cfg->random_mac, priv->random_mac);
2808 scan_cfg->ssid_list = req_ssid;
2809 scan_cfg->num_ssids = 1;
2811 ret = mwifiex_scan_networks(priv, scan_cfg);
2818 * Sends IOCTL request to start a scan.
2820 * This function allocates the IOCTL request buffer, fills it
2821 * with requisite parameters and calls the IOCTL handler.
2823 * Scan command can be issued for both normal scan and specific SSID
2824 * scan, depending upon whether an SSID is provided or not.
2826 int mwifiex_request_scan(struct mwifiex_private *priv,
2827 struct cfg80211_ssid *req_ssid)
2831 if (down_interruptible(&priv->async_sem)) {
2832 mwifiex_dbg(priv->adapter, ERROR,
2833 "%s: acquire semaphore fail\n",
2838 priv->adapter->scan_wait_q_woken = false;
2840 if (req_ssid && req_ssid->ssid_len != 0)
2841 /* Specific SSID scan */
2842 ret = mwifiex_scan_specific_ssid(priv, req_ssid);
2845 ret = mwifiex_scan_networks(priv, NULL);
2847 up(&priv->async_sem);
2853 * This function appends the vendor specific IE TLV to a buffer.
2856 mwifiex_cmd_append_vsie_tlv(struct mwifiex_private *priv,
2857 u16 vsie_mask, u8 **buffer)
2859 int id, ret_len = 0;
2860 struct mwifiex_ie_types_vendor_param_set *vs_param_set;
2868 * Traverse through the saved vendor specific IE array and append
2869 * the selected(scan/assoc/adhoc) IE as TLV to the command
2871 for (id = 0; id < MWIFIEX_MAX_VSIE_NUM; id++) {
2872 if (priv->vs_ie[id].mask & vsie_mask) {
2874 (struct mwifiex_ie_types_vendor_param_set *)
2876 vs_param_set->header.type =
2877 cpu_to_le16(TLV_TYPE_PASSTHROUGH);
2878 vs_param_set->header.len =
2879 cpu_to_le16((((u16) priv->vs_ie[id].ie[1])
2881 if (le16_to_cpu(vs_param_set->header.len) >
2882 MWIFIEX_MAX_VSIE_LEN) {
2883 mwifiex_dbg(priv->adapter, ERROR,
2884 "Invalid param length!\n");
2888 memcpy(vs_param_set->ie, priv->vs_ie[id].ie,
2889 le16_to_cpu(vs_param_set->header.len));
2890 *buffer += le16_to_cpu(vs_param_set->header.len) +
2891 sizeof(struct mwifiex_ie_types_header);
2892 ret_len += le16_to_cpu(vs_param_set->header.len) +
2893 sizeof(struct mwifiex_ie_types_header);
2900 * This function saves a beacon buffer of the current BSS descriptor.
2902 * The current beacon buffer is saved so that it can be restored in the
2903 * following cases that makes the beacon buffer not to contain the current
2904 * ssid's beacon buffer.
2905 * - The current ssid was not found somehow in the last scan.
2906 * - The current ssid was the last entry of the scan table and overloaded.
2909 mwifiex_save_curr_bcn(struct mwifiex_private *priv)
2911 struct mwifiex_bssdescriptor *curr_bss =
2912 &priv->curr_bss_params.bss_descriptor;
2914 if (!curr_bss->beacon_buf_size)
2917 /* allocate beacon buffer at 1st time; or if it's size has changed */
2918 if (!priv->curr_bcn_buf ||
2919 priv->curr_bcn_size != curr_bss->beacon_buf_size) {
2920 priv->curr_bcn_size = curr_bss->beacon_buf_size;
2922 kfree(priv->curr_bcn_buf);
2923 priv->curr_bcn_buf = kmalloc(curr_bss->beacon_buf_size,
2925 if (!priv->curr_bcn_buf)
2929 memcpy(priv->curr_bcn_buf, curr_bss->beacon_buf,
2930 curr_bss->beacon_buf_size);
2931 mwifiex_dbg(priv->adapter, INFO,
2932 "info: current beacon saved %d\n",
2933 priv->curr_bcn_size);
2935 curr_bss->beacon_buf = priv->curr_bcn_buf;
2937 /* adjust the pointers in the current BSS descriptor */
2938 if (curr_bss->bcn_wpa_ie)
2939 curr_bss->bcn_wpa_ie =
2940 (struct ieee_types_vendor_specific *)
2941 (curr_bss->beacon_buf +
2942 curr_bss->wpa_offset);
2944 if (curr_bss->bcn_rsn_ie)
2945 curr_bss->bcn_rsn_ie = (struct ieee_types_generic *)
2946 (curr_bss->beacon_buf +
2947 curr_bss->rsn_offset);
2949 if (curr_bss->bcn_ht_cap)
2950 curr_bss->bcn_ht_cap = (struct ieee80211_ht_cap *)
2951 (curr_bss->beacon_buf +
2952 curr_bss->ht_cap_offset);
2954 if (curr_bss->bcn_ht_oper)
2955 curr_bss->bcn_ht_oper = (struct ieee80211_ht_operation *)
2956 (curr_bss->beacon_buf +
2957 curr_bss->ht_info_offset);
2959 if (curr_bss->bcn_vht_cap)
2960 curr_bss->bcn_vht_cap = (void *)(curr_bss->beacon_buf +
2961 curr_bss->vht_cap_offset);
2963 if (curr_bss->bcn_vht_oper)
2964 curr_bss->bcn_vht_oper = (void *)(curr_bss->beacon_buf +
2965 curr_bss->vht_info_offset);
2967 if (curr_bss->bcn_bss_co_2040)
2968 curr_bss->bcn_bss_co_2040 =
2969 (curr_bss->beacon_buf + curr_bss->bss_co_2040_offset);
2971 if (curr_bss->bcn_ext_cap)
2972 curr_bss->bcn_ext_cap = curr_bss->beacon_buf +
2973 curr_bss->ext_cap_offset;
2975 if (curr_bss->oper_mode)
2976 curr_bss->oper_mode = (void *)(curr_bss->beacon_buf +
2977 curr_bss->oper_mode_offset);
2981 * This function frees the current BSS descriptor beacon buffer.
2984 mwifiex_free_curr_bcn(struct mwifiex_private *priv)
2986 kfree(priv->curr_bcn_buf);
2987 priv->curr_bcn_buf = NULL;
projects / releases.git / blob