projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
iwlwifi: remove redundant initialization of final_mode
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / drivers / net / wireless / libertas / scan.c
CommitLineData
876c9d3a
MT		 1/**
2 * Functions implementing wlan scan IOCTL and firmware command APIs
3 *
4 * IOCTL handlers as well as command preperation and response routines
5 * for sending scan commands to the firmware.
6 */
7#include <linux/ctype.h>
8#include <linux/if.h>
9#include <linux/netdevice.h>
10#include <linux/wireless.h>
fcdb53db 11#include <linux/etherdevice.h>
876c9d3a
MT		 12
13#include <net/ieee80211.h>
14#include <net/iw_handler.h>
15
ac630c2b
VD		 16#include <asm/unaligned.h>
17
876c9d3a
MT		 18#include "host.h"
19#include "decl.h"
20#include "dev.h"
21#include "scan.h"
8c512765 22#include "join.h"
876c9d3a
MT		 23
24//! Approximate amount of data needed to pass a scan result back to iwlist
25#define MAX_SCAN_CELL_SIZE (IW_EV_ADDR_LEN \
26 + IW_ESSID_MAX_SIZE \
27 + IW_EV_UINT_LEN \
28 + IW_EV_FREQ_LEN \
29 + IW_EV_QUAL_LEN \
30 + IW_ESSID_MAX_SIZE \
31 + IW_EV_PARAM_LEN \
32 + 40) /* 40 for WPAIE */
33
34//! Memory needed to store a max sized channel List TLV for a firmware scan
35#define CHAN_TLV_MAX_SIZE (sizeof(struct mrvlietypesheader) \
36 + (MRVDRV_MAX_CHANNELS_PER_SCAN \
37 * sizeof(struct chanscanparamset)))
38
39//! Memory needed to store a max number/size SSID TLV for a firmware scan
40#define SSID_TLV_MAX_SIZE (1 * sizeof(struct mrvlietypes_ssidparamset))
41
42//! Maximum memory needed for a wlan_scan_cmd_config with all TLVs at max
43#define MAX_SCAN_CFG_ALLOC (sizeof(struct wlan_scan_cmd_config) \
44 + sizeof(struct mrvlietypes_numprobes) \
45 + CHAN_TLV_MAX_SIZE \
46 + SSID_TLV_MAX_SIZE)
47
48//! The maximum number of channels the firmware can scan per command
49#define MRVDRV_MAX_CHANNELS_PER_SCAN 14
50
51/**
52 * @brief Number of channels to scan per firmware scan command issuance.
53 *
54 * Number restricted to prevent hitting the limit on the amount of scan data
55 * returned in a single firmware scan command.
56 */
57#define MRVDRV_CHANNELS_PER_SCAN_CMD 4
58
59//! Scan time specified in the channel TLV for each channel for passive scans
60#define MRVDRV_PASSIVE_SCAN_CHAN_TIME 100
61
62//! Scan time specified in the channel TLV for each channel for active scans
63#define MRVDRV_ACTIVE_SCAN_CHAN_TIME 100
64
123e0e04
DW		 65static const u8 zeromac[ETH_ALEN] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
66static const u8 bcastmac[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
eb8f7330 67
e56188ac
HS		 68
69
70
71/*********************************************************************/
72/* */
73/* Misc helper functions */
74/* */
75/*********************************************************************/
76
fcdb53db
DW		 77static inline void clear_bss_descriptor (struct bss_descriptor * bss)
78{
79 /* Don't blow away ->list, just BSS data */
80 memset(bss, 0, offsetof(struct bss_descriptor, list));
81}
82
83static inline int match_bss_no_security(struct wlan_802_11_security * secinfo,
84 struct bss_descriptor * match_bss)
85{
86 if ( !secinfo->wep_enabled
87 && !secinfo->WPAenabled
88 && !secinfo->WPA2enabled
ab617971
DW		 89 && match_bss->wpa_ie[0] != MFIE_TYPE_GENERIC
90 && match_bss->rsn_ie[0] != MFIE_TYPE_RSN
0c9ca690 91 && !(match_bss->capability & WLAN_CAPABILITY_PRIVACY)) {
fcdb53db
DW		 92 return 1;
93 }
94 return 0;
95}
96
97static inline int match_bss_static_wep(struct wlan_802_11_security * secinfo,
98 struct bss_descriptor * match_bss)
99{
100 if ( secinfo->wep_enabled
101 && !secinfo->WPAenabled
102 && !secinfo->WPA2enabled
0c9ca690 103 && (match_bss->capability & WLAN_CAPABILITY_PRIVACY)) {
fcdb53db
DW		 104 return 1;
105 }
106 return 0;
107}
108
109static inline int match_bss_wpa(struct wlan_802_11_security * secinfo,
110 struct bss_descriptor * match_bss)
111{
112 if ( !secinfo->wep_enabled
113 && secinfo->WPAenabled
ab617971 114 && (match_bss->wpa_ie[0] == MFIE_TYPE_GENERIC)
fcdb53db 115 /* privacy bit may NOT be set in some APs like LinkSys WRT54G
0c9ca690
DW		 116 && (match_bss->capability & WLAN_CAPABILITY_PRIVACY)) {
117 */
fcdb53db
DW		 118 ) {
119 return 1;
120 }
121 return 0;
122}
123
124static inline int match_bss_wpa2(struct wlan_802_11_security * secinfo,
125 struct bss_descriptor * match_bss)
126{
127 if ( !secinfo->wep_enabled
fcdb53db 128 && secinfo->WPA2enabled
ab617971 129 && (match_bss->rsn_ie[0] == MFIE_TYPE_RSN)
fcdb53db 130 /* privacy bit may NOT be set in some APs like LinkSys WRT54G
0c9ca690
DW		 131 && (match_bss->capability & WLAN_CAPABILITY_PRIVACY)) {
132 */
fcdb53db
DW		 133 ) {
134 return 1;
135 }
136 return 0;
137}
138
139static inline int match_bss_dynamic_wep(struct wlan_802_11_security * secinfo,
140 struct bss_descriptor * match_bss)
141{
142 if ( !secinfo->wep_enabled
143 && !secinfo->WPAenabled
144 && !secinfo->WPA2enabled
ab617971
DW		 145 && (match_bss->wpa_ie[0] != MFIE_TYPE_GENERIC)
146 && (match_bss->rsn_ie[0] != MFIE_TYPE_RSN)
0c9ca690 147 && (match_bss->capability & WLAN_CAPABILITY_PRIVACY)) {
fcdb53db
DW		 148 return 1;
149 }
150 return 0;
151}
876c9d3a
MT		 152
153/**
154 * @brief Check if a scanned network compatible with the driver settings
155 *
156 * WEP WPA WPA2 ad-hoc encrypt Network
157 * enabled enabled enabled AES mode privacy WPA WPA2 Compatible
158 * 0 0 0 0 NONE 0 0 0 yes No security
159 * 1 0 0 0 NONE 1 0 0 yes Static WEP
160 * 0 1 0 0 x 1x 1 x yes WPA
161 * 0 0 1 0 x 1x x 1 yes WPA2
162 * 0 0 0 1 NONE 1 0 0 yes Ad-hoc AES
163 * 0 0 0 0 !=NONE 1 0 0 yes Dynamic WEP
164 *
165 *
166 * @param adapter A pointer to wlan_adapter
167 * @param index Index in scantable to check against current driver settings
168 * @param mode Network mode: Infrastructure or IBSS
169 *
170 * @return Index in scantable, or error code if negative
171 */
fcdb53db
DW		 172static int is_network_compatible(wlan_adapter * adapter,
173 struct bss_descriptor * bss, u8 mode)
876c9d3a 174{
fcdb53db
DW		 175 int matched = 0;
176
e56188ac 177 lbs_deb_enter(LBS_DEB_SCAN);
876c9d3a 178
fcdb53db
DW		 179 if (bss->mode != mode)
180 goto done;
876c9d3a 181
fcdb53db
DW		 182 if ((matched = match_bss_no_security(&adapter->secinfo, bss))) {
183 goto done;
184 } else if ((matched = match_bss_static_wep(&adapter->secinfo, bss))) {
185 goto done;
186 } else if ((matched = match_bss_wpa(&adapter->secinfo, bss))) {
187 lbs_deb_scan(
188 "is_network_compatible() WPA: wpa_ie=%#x "
189 "wpa2_ie=%#x WEP=%s WPA=%s WPA2=%s "
190 "privacy=%#x\n", bss->wpa_ie[0], bss->rsn_ie[0],
889c05bd
DW		 191 adapter->secinfo.wep_enabled ? "e" : "d",
192 adapter->secinfo.WPAenabled ? "e" : "d",
193 adapter->secinfo.WPA2enabled ? "e" : "d",
0c9ca690 194 (bss->capability & WLAN_CAPABILITY_PRIVACY));
fcdb53db
DW		 195 goto done;
196 } else if ((matched = match_bss_wpa2(&adapter->secinfo, bss))) {
197 lbs_deb_scan(
198 "is_network_compatible() WPA2: wpa_ie=%#x "
199 "wpa2_ie=%#x WEP=%s WPA=%s WPA2=%s "
200 "privacy=%#x\n", bss->wpa_ie[0], bss->rsn_ie[0],
201 adapter->secinfo.wep_enabled ? "e" : "d",
202 adapter->secinfo.WPAenabled ? "e" : "d",
203 adapter->secinfo.WPA2enabled ? "e" : "d",
0c9ca690 204 (bss->capability & WLAN_CAPABILITY_PRIVACY));
fcdb53db
DW		 205 goto done;
206 } else if ((matched = match_bss_dynamic_wep(&adapter->secinfo, bss))) {
207 lbs_deb_scan(
208 "is_network_compatible() dynamic WEP: "
209 "wpa_ie=%#x wpa2_ie=%#x privacy=%#x\n",
0c9ca690
DW		 210 bss->wpa_ie[0], bss->rsn_ie[0],
211 (bss->capability & WLAN_CAPABILITY_PRIVACY));
9012b28a 212 goto done;
876c9d3a
MT		 213 }
214
fcdb53db
DW		 215 /* bss security settings don't match those configured on card */
216 lbs_deb_scan(
217 "is_network_compatible() FAILED: wpa_ie=%#x "
218 "wpa2_ie=%#x WEP=%s WPA=%s WPA2=%s privacy=%#x\n",
219 bss->wpa_ie[0], bss->rsn_ie[0],
220 adapter->secinfo.wep_enabled ? "e" : "d",
221 adapter->secinfo.WPAenabled ? "e" : "d",
222 adapter->secinfo.WPA2enabled ? "e" : "d",
0c9ca690 223 (bss->capability & WLAN_CAPABILITY_PRIVACY));
9012b28a
HS		 224
225done:
e56188ac 226 lbs_deb_leave_args(LBS_DEB_SCAN, "matched: %d", matched);
fcdb53db 227 return matched;
876c9d3a
MT		 228}
229
e56188ac
HS		 230/**
231 * @brief Compare two SSIDs
232 *
233 * @param ssid1 A pointer to ssid to compare
234 * @param ssid2 A pointer to ssid to compare
235 *
236 * @return 0--ssid is same, otherwise is different
237 */
238int libertas_ssid_cmp(u8 *ssid1, u8 ssid1_len, u8 *ssid2, u8 ssid2_len)
239{
240 if (ssid1_len != ssid2_len)
241 return -1;
242
243 return memcmp(ssid1, ssid2, ssid1_len);
244}
245
246
247
248
249/*********************************************************************/
250/* */
251/* Main scanning support */
252/* */
253/*********************************************************************/
254
255
876c9d3a
MT		 256/**
257 * @brief Create a channel list for the driver to scan based on region info
258 *
e56188ac
HS		 259 * Only used from wlan_scan_setup_scan_config()
260 *
876c9d3a
MT		 261 * Use the driver region/band information to construct a comprehensive list
262 * of channels to scan. This routine is used for any scan that is not
263 * provided a specific channel list to scan.
264 *
265 * @param priv A pointer to wlan_private structure
266 * @param scanchanlist Output parameter: resulting channel list to scan
267 * @param filteredscan Flag indicating whether or not a BSSID or SSID filter
268 * is being sent in the command to firmware. Used to
269 * increase the number of channels sent in a scan
270 * command and to disable the firmware channel scan
271 * filter.
272 *
273 * @return void
274 */
275static void wlan_scan_create_channel_list(wlan_private * priv,
276 struct chanscanparamset * scanchanlist,
277 u8 filteredscan)
278{
279
280 wlan_adapter *adapter = priv->adapter;
281 struct region_channel *scanregion;
282 struct chan_freq_power *cfp;
283 int rgnidx;
284 int chanidx;
285 int nextchan;
286 u8 scantype;
287
e56188ac
HS		 288 lbs_deb_enter_args(LBS_DEB_SCAN, "filteredscan %d", filteredscan);
289
876c9d3a
MT		 290 chanidx = 0;
291
292 /* Set the default scan type to the user specified type, will later
293 * be changed to passive on a per channel basis if restricted by
294 * regulatory requirements (11d or 11h)
295 */
4f2fdaaf 296 scantype = CMD_SCAN_TYPE_ACTIVE;
876c9d3a
MT		 297
298 for (rgnidx = 0; rgnidx < ARRAY_SIZE(adapter->region_channel); rgnidx++) {
299 if (priv->adapter->enable11d &&
0aef64d7 300 adapter->connect_status != LIBERTAS_CONNECTED) {
876c9d3a
MT		 301 /* Scan all the supported chan for the first scan */
302 if (!adapter->universal_channel[rgnidx].valid)
303 continue;
304 scanregion = &adapter->universal_channel[rgnidx];
305
306 /* clear the parsed_region_chan for the first scan */
307 memset(&adapter->parsed_region_chan, 0x00,
308 sizeof(adapter->parsed_region_chan));
309 } else {
310 if (!adapter->region_channel[rgnidx].valid)
311 continue;
312 scanregion = &adapter->region_channel[rgnidx];
313 }
314
315 for (nextchan = 0;
316 nextchan < scanregion->nrcfp; nextchan++, chanidx++) {
317
318 cfp = scanregion->CFP + nextchan;
319
320 if (priv->adapter->enable11d) {
321 scantype =
322 libertas_get_scan_type_11d(cfp->channel,
323 &adapter->
324 parsed_region_chan);
325 }
326
327 switch (scanregion->band) {
328 case BAND_B:
329 case BAND_G:
330 default:
331 scanchanlist[chanidx].radiotype =
0aef64d7 332 CMD_SCAN_RADIO_TYPE_BG;
876c9d3a
MT		 333 break;
334 }
335
0aef64d7 336 if (scantype == CMD_SCAN_TYPE_PASSIVE) {
876c9d3a 337 scanchanlist[chanidx].maxscantime =
981f187b 338 cpu_to_le16(MRVDRV_PASSIVE_SCAN_CHAN_TIME);
876c9d3a
MT		 339 scanchanlist[chanidx].chanscanmode.passivescan =
340 1;
341 } else {
342 scanchanlist[chanidx].maxscantime =
981f187b 343 cpu_to_le16(MRVDRV_ACTIVE_SCAN_CHAN_TIME);
876c9d3a
MT		 344 scanchanlist[chanidx].chanscanmode.passivescan =
345 0;
346 }
347
348 scanchanlist[chanidx].channumber = cfp->channel;
349
350 if (filteredscan) {
351 scanchanlist[chanidx].chanscanmode.
352 disablechanfilt = 1;
353 }
354 }
355 }
356}
357
2afc0c5d
DW		 358
359/* Delayed partial scan worker */
360void libertas_scan_worker(struct work_struct *work)
361{
362 wlan_private *priv = container_of(work, wlan_private, scan_work.work);
363
364 wlan_scan_networks(priv, NULL, 0);
365}
366
367
876c9d3a
MT		 368/**
369 * @brief Construct a wlan_scan_cmd_config structure to use in issue scan cmds
370 *
371 * Application layer or other functions can invoke wlan_scan_networks
372 * with a scan configuration supplied in a wlan_ioctl_user_scan_cfg struct.
373 * This structure is used as the basis of one or many wlan_scan_cmd_config
374 * commands that are sent to the command processing module and sent to
375 * firmware.
376 *
377 * Create a wlan_scan_cmd_config based on the following user supplied
378 * parameters (if present):
379 * - SSID filter
380 * - BSSID filter
381 * - Number of Probes to be sent
382 * - channel list
383 *
384 * If the SSID or BSSID filter is not present, disable/clear the filter.
385 * If the number of probes is not set, use the adapter default setting
386 * Qualify the channel
387 *
388 * @param priv A pointer to wlan_private structure
389 * @param puserscanin NULL or pointer to scan configuration parameters
390 * @param ppchantlvout Output parameter: Pointer to the start of the
391 * channel TLV portion of the output scan config
392 * @param pscanchanlist Output parameter: Pointer to the resulting channel
393 * list to scan
394 * @param pmaxchanperscan Output parameter: Number of channels to scan for
395 * each issuance of the firmware scan command
396 * @param pfilteredscan Output parameter: Flag indicating whether or not
397 * a BSSID or SSID filter is being sent in the
398 * command to firmware. Used to increase the number
399 * of channels sent in a scan command and to
400 * disable the firmware channel scan filter.
401 * @param pscancurrentonly Output parameter: Flag indicating whether or not
402 * we are only scanning our current active channel
403 *
404 * @return resulting scan configuration
405 */
406static struct wlan_scan_cmd_config *
407wlan_scan_setup_scan_config(wlan_private * priv,
408 const struct wlan_ioctl_user_scan_cfg * puserscanin,
409 struct mrvlietypes_chanlistparamset ** ppchantlvout,
410 struct chanscanparamset * pscanchanlist,
411 int *pmaxchanperscan,
412 u8 * pfilteredscan,
413 u8 * pscancurrentonly)
414{
876c9d3a
MT		 415 struct mrvlietypes_numprobes *pnumprobestlv;
416 struct mrvlietypes_ssidparamset *pssidtlv;
417 struct wlan_scan_cmd_config * pscancfgout = NULL;
418 u8 *ptlvpos;
419 u16 numprobes;
876c9d3a
MT		 420 int chanidx;
421 int scantype;
422 int scandur;
423 int channel;
424 int radiotype;
425
e56188ac
HS		 426 lbs_deb_enter(LBS_DEB_SCAN);
427
876c9d3a
MT		 428 pscancfgout = kzalloc(MAX_SCAN_CFG_ALLOC, GFP_KERNEL);
429 if (pscancfgout == NULL)
430 goto out;
431
432 /* The tlvbufferlen is calculated for each scan command. The TLVs added
433 * in this routine will be preserved since the routine that sends
434 * the command will append channelTLVs at *ppchantlvout. The difference
435 * between the *ppchantlvout and the tlvbuffer start will be used
436 * to calculate the size of anything we add in this routine.
437 */
438 pscancfgout->tlvbufferlen = 0;
439
440 /* Running tlv pointer. Assigned to ppchantlvout at end of function
441 * so later routines know where channels can be added to the command buf
442 */
443 ptlvpos = pscancfgout->tlvbuffer;
444
445 /*
446 * Set the initial scan paramters for progressive scanning. If a specific
447 * BSSID or SSID is used, the number of channels in the scan command
448 * will be increased to the absolute maximum
449 */
450 *pmaxchanperscan = MRVDRV_CHANNELS_PER_SCAN_CMD;
451
452 /* Initialize the scan as un-filtered by firmware, set to TRUE below if
453 * a SSID or BSSID filter is sent in the command
454 */
455 *pfilteredscan = 0;
456
457 /* Initialize the scan as not being only on the current channel. If
458 * the channel list is customized, only contains one channel, and
459 * is the active channel, this is set true and data flow is not halted.
460 */
461 *pscancurrentonly = 0;
462
463 if (puserscanin) {
876c9d3a
MT		 464 /* Set the bss type scan filter, use adapter setting if unset */
465 pscancfgout->bsstype =
d65ead88 466 puserscanin->bsstype ? puserscanin->bsstype : CMD_BSS_TYPE_ANY;
876c9d3a
MT		 467
468 /* Set the number of probes to send, use adapter setting if unset */
e2aa334b 469 numprobes = puserscanin->numprobes ? puserscanin->numprobes : 0;
876c9d3a
MT		 470
471 /*
472 * Set the BSSID filter to the incoming configuration,
473 * if non-zero. If not set, it will remain disabled (all zeros).
474 */
eb8f7330
DW		 475 memcpy(pscancfgout->bssid, puserscanin->bssid,
476 sizeof(pscancfgout->bssid));
876c9d3a 477
eb8f7330 478 if (puserscanin->ssid_len) {
876c9d3a
MT		 479 pssidtlv =
480 (struct mrvlietypes_ssidparamset *) pscancfgout->
481 tlvbuffer;
482 pssidtlv->header.type = cpu_to_le16(TLV_TYPE_SSID);
eb8f7330
DW		 483 pssidtlv->header.len = cpu_to_le16(puserscanin->ssid_len);
484 memcpy(pssidtlv->ssid, puserscanin->ssid,
485 puserscanin->ssid_len);
486 ptlvpos += sizeof(pssidtlv->header) + puserscanin->ssid_len;
876c9d3a
MT		 487 }
488
489 /*
490 * The default number of channels sent in the command is low to
491 * ensure the response buffer from the firmware does not truncate
492 * scan results. That is not an issue with an SSID or BSSID
493 * filter applied to the scan results in the firmware.
494 */
eb8f7330
DW		 495 if ( puserscanin->ssid_len
496 || (compare_ether_addr(pscancfgout->bssid, &zeromac[0]) != 0)) {
876c9d3a
MT		 497 *pmaxchanperscan = MRVDRV_MAX_CHANNELS_PER_SCAN;
498 *pfilteredscan = 1;
499 }
500 } else {
d65ead88 501 pscancfgout->bsstype = CMD_BSS_TYPE_ANY;
e2aa334b 502 numprobes = 0;
876c9d3a
MT		 503 }
504
505 /* If the input config or adapter has the number of Probes set, add tlv */
506 if (numprobes) {
507 pnumprobestlv = (struct mrvlietypes_numprobes *) ptlvpos;
981f187b
DW		 508 pnumprobestlv->header.type = cpu_to_le16(TLV_TYPE_NUMPROBES);
509 pnumprobestlv->header.len = cpu_to_le16(2);
876c9d3a
MT		 510 pnumprobestlv->numprobes = cpu_to_le16(numprobes);
511
981f187b 512 ptlvpos += sizeof(*pnumprobestlv);
876c9d3a
MT		 513 }
514
515 /*
516 * Set the output for the channel TLV to the address in the tlv buffer
517 * past any TLVs that were added in this fuction (SSID, numprobes).
518 * channel TLVs will be added past this for each scan command, preserving
519 * the TLVs that were previously added.
520 */
521 *ppchantlvout = (struct mrvlietypes_chanlistparamset *) ptlvpos;
522
2afc0c5d
DW		 523 if (!puserscanin || !puserscanin->chanlist[0].channumber) {
524 /* Create a default channel scan list */
e56188ac 525 lbs_deb_scan("creating full region channel list\n");
2afc0c5d
DW		 526 wlan_scan_create_channel_list(priv, pscanchanlist,
527 *pfilteredscan);
528 goto out;
529 }
876c9d3a 530
2afc0c5d
DW		 531 for (chanidx = 0;
532 chanidx < WLAN_IOCTL_USER_SCAN_CHAN_MAX
533 && puserscanin->chanlist[chanidx].channumber; chanidx++) {
876c9d3a 534
2afc0c5d
DW		 535 channel = puserscanin->chanlist[chanidx].channumber;
536 (pscanchanlist + chanidx)->channumber = channel;
876c9d3a 537
2afc0c5d
DW		 538 radiotype = puserscanin->chanlist[chanidx].radiotype;
539 (pscanchanlist + chanidx)->radiotype = radiotype;
876c9d3a 540
2afc0c5d 541 scantype = puserscanin->chanlist[chanidx].scantype;
876c9d3a 542
2afc0c5d
DW		 543 if (scantype == CMD_SCAN_TYPE_PASSIVE) {
544 (pscanchanlist +
545 chanidx)->chanscanmode.passivescan = 1;
546 } else {
547 (pscanchanlist +
548 chanidx)->chanscanmode.passivescan = 0;
549 }
876c9d3a 550
2afc0c5d
DW		 551 if (puserscanin->chanlist[chanidx].scantime) {
552 scandur = puserscanin->chanlist[chanidx].scantime;
553 } else {
0aef64d7 554 if (scantype == CMD_SCAN_TYPE_PASSIVE) {
2afc0c5d 555 scandur = MRVDRV_PASSIVE_SCAN_CHAN_TIME;
876c9d3a 556 } else {
2afc0c5d 557 scandur = MRVDRV_ACTIVE_SCAN_CHAN_TIME;
876c9d3a 558 }
876c9d3a
MT		 559 }
560
2afc0c5d
DW		 561 (pscanchanlist + chanidx)->minscantime =
562 cpu_to_le16(scandur);
563 (pscanchanlist + chanidx)->maxscantime =
564 cpu_to_le16(scandur);
565 }
876c9d3a 566
2afc0c5d
DW		 567 /* Check if we are only scanning the current channel */
568 if ((chanidx == 1) &&
569 (puserscanin->chanlist[0].channumber ==
570 priv->adapter->curbssparams.channel)) {
571 *pscancurrentonly = 1;
e56188ac 572 lbs_deb_scan("scanning current channel only");
876c9d3a
MT		 573 }
574
575out:
576 return pscancfgout;
577}
578
579/**
580 * @brief Construct and send multiple scan config commands to the firmware
581 *
e56188ac
HS		 582 * Only used from wlan_scan_networks()
583 *
876c9d3a
MT		 584 * Previous routines have created a wlan_scan_cmd_config with any requested
585 * TLVs. This function splits the channel TLV into maxchanperscan lists
586 * and sends the portion of the channel TLV along with the other TLVs
587 * to the wlan_cmd routines for execution in the firmware.
588 *
589 * @param priv A pointer to wlan_private structure
590 * @param maxchanperscan Maximum number channels to be included in each
591 * scan command sent to firmware
592 * @param filteredscan Flag indicating whether or not a BSSID or SSID
593 * filter is being used for the firmware command
594 * scan command sent to firmware
595 * @param pscancfgout Scan configuration used for this scan.
596 * @param pchantlvout Pointer in the pscancfgout where the channel TLV
597 * should start. This is past any other TLVs that
598 * must be sent down in each firmware command.
599 * @param pscanchanlist List of channels to scan in maxchanperscan segments
600 *
601 * @return 0 or error return otherwise
602 */
603static int wlan_scan_channel_list(wlan_private * priv,
604 int maxchanperscan,
605 u8 filteredscan,
606 struct wlan_scan_cmd_config * pscancfgout,
607 struct mrvlietypes_chanlistparamset * pchantlvout,
064827ed 608 struct chanscanparamset * pscanchanlist,
2be92196
MT		 609 const struct wlan_ioctl_user_scan_cfg * puserscanin,
610 int full_scan)
876c9d3a
MT		 611{
612 struct chanscanparamset *ptmpchan;
613 struct chanscanparamset *pstartchan;
614 u8 scanband;
615 int doneearly;
616 int tlvidx;
617 int ret = 0;
064827ed
MT		 618 int scanned = 0;
619 union iwreq_data wrqu;
876c9d3a 620
e56188ac
HS		 621 lbs_deb_enter_args(LBS_DEB_SCAN, "maxchanperscan %d, filteredscan %d, "
622 "full_scan %d", maxchanperscan, filteredscan, full_scan);
876c9d3a 623
314a886f 624 if (!pscancfgout || !pchantlvout || !pscanchanlist) {
e56188ac
HS		 625 lbs_deb_scan("pscancfgout, pchantlvout or "
626 "pscanchanlist is NULL\n");
627 ret = -1;
628 goto out;
876c9d3a
MT		 629 }
630
631 pchantlvout->header.type = cpu_to_le16(TLV_TYPE_CHANLIST);
632
633 /* Set the temp channel struct pointer to the start of the desired list */
634 ptmpchan = pscanchanlist;
635
064827ed
MT		 636 if (priv->adapter->last_scanned_channel && !puserscanin)
637 ptmpchan += priv->adapter->last_scanned_channel;
638
876c9d3a
MT		 639 /* Loop through the desired channel list, sending a new firmware scan
640 * commands for each maxchanperscan channels (or for 1,6,11 individually
641 * if configured accordingly)
642 */
643 while (ptmpchan->channumber) {
644
645 tlvidx = 0;
646 pchantlvout->header.len = 0;
647 scanband = ptmpchan->radiotype;
648 pstartchan = ptmpchan;
649 doneearly = 0;
650
651 /* Construct the channel TLV for the scan command. Continue to
652 * insert channel TLVs until:
653 * - the tlvidx hits the maximum configured per scan command
654 * - the next channel to insert is 0 (end of desired channel list)
655 * - doneearly is set (controlling individual scanning of 1,6,11)
656 */
657 while (tlvidx < maxchanperscan && ptmpchan->channumber
064827ed 658 && !doneearly && scanned < 2) {
876c9d3a 659
e56188ac
HS		 660 lbs_deb_scan("channel %d, radio %d, passive %d, "
661 "dischanflt %d, maxscantime %d\n",
662 ptmpchan->channumber,
663 ptmpchan->radiotype,
2afc0c5d
DW		 664 ptmpchan->chanscanmode.passivescan,
665 ptmpchan->chanscanmode.disablechanfilt,
666 ptmpchan->maxscantime);
876c9d3a
MT		 667
668 /* Copy the current channel TLV to the command being prepared */
669 memcpy(pchantlvout->chanscanparam + tlvidx,
670 ptmpchan, sizeof(pchantlvout->chanscanparam));
671
672 /* Increment the TLV header length by the size appended */
981f187b
DW		 673 /* Ew, it would be _so_ nice if we could just declare the
674 variable little-endian and let GCC handle it for us */
675 pchantlvout->header.len =
676 cpu_to_le16(le16_to_cpu(pchantlvout->header.len) +
677 sizeof(pchantlvout->chanscanparam));
876c9d3a
MT		 678
679 /*
680 * The tlv buffer length is set to the number of bytes of the
681 * between the channel tlv pointer and the start of the
682 * tlv buffer. This compensates for any TLVs that were appended
683 * before the channel list.
684 */
685 pscancfgout->tlvbufferlen = ((u8 *) pchantlvout
686 - pscancfgout->tlvbuffer);
687
688 /* Add the size of the channel tlv header and the data length */
689 pscancfgout->tlvbufferlen +=
690 (sizeof(pchantlvout->header)
981f187b 691 + le16_to_cpu(pchantlvout->header.len));
876c9d3a
MT		 692
693 /* Increment the index to the channel tlv we are constructing */
694 tlvidx++;
695
696 doneearly = 0;
697
698 /* Stop the loop if the *current* channel is in the 1,6,11 set
699 * and we are not filtering on a BSSID or SSID.
700 */
701 if (!filteredscan && (ptmpchan->channumber == 1
702 || ptmpchan->channumber == 6
703 || ptmpchan->channumber == 11)) {
704 doneearly = 1;
705 }
706
707 /* Increment the tmp pointer to the next channel to be scanned */
708 ptmpchan++;
064827ed 709 scanned++;
876c9d3a
MT		 710
711 /* Stop the loop if the *next* channel is in the 1,6,11 set.
712 * This will cause it to be the only channel scanned on the next
713 * interation
714 */
715 if (!filteredscan && (ptmpchan->channumber == 1
716 || ptmpchan->channumber == 6
717 || ptmpchan->channumber == 11)) {
718 doneearly = 1;
719 }
720 }
721
722 /* Send the scan command to the firmware with the specified cfg */
0aef64d7 723 ret = libertas_prepare_and_send_command(priv, CMD_802_11_SCAN, 0,
876c9d3a 724 0, 0, pscancfgout);
2be92196 725 if (scanned >= 2 && !full_scan) {
9012b28a
HS		 726 ret = 0;
727 goto done;
064827ed 728 }
2be92196 729 scanned = 0;
876c9d3a
MT		 730 }
731
d9ad2f5d 732done:
064827ed
MT		 733 priv->adapter->last_scanned_channel = ptmpchan->channumber;
734
2afc0c5d
DW		 735 if (priv->adapter->last_scanned_channel) {
736 /* Schedule the next part of the partial scan */
737 if (!full_scan && !priv->adapter->surpriseremoved) {
738 cancel_delayed_work(&priv->scan_work);
739 queue_delayed_work(priv->work_thread, &priv->scan_work,
740 msecs_to_jiffies(300));
741 }
742 } else {
743 /* All done, tell userspace the scan table has been updated */
744 memset(&wrqu, 0, sizeof(union iwreq_data));
745 wireless_send_event(priv->dev, SIOCGIWSCAN, &wrqu, NULL);
746 }
064827ed 747
e56188ac 748out:
9012b28a 749 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret);
876c9d3a
MT		 750 return ret;
751}
752
e56188ac
HS		 753/*
754 * Only used from wlan_scan_networks()
755*/
756static void clear_selected_scan_list_entries(wlan_adapter *adapter,
757 const struct wlan_ioctl_user_scan_cfg *scan_cfg)
eb8f7330 758{
e56188ac
HS		 759 struct bss_descriptor *bss;
760 struct bss_descriptor *safe;
eb8f7330
DW		 761 u32 clear_ssid_flag = 0, clear_bssid_flag = 0;
762
e56188ac
HS		 763 lbs_deb_enter(LBS_DEB_SCAN);
764
eb8f7330 765 if (!scan_cfg)
e56188ac 766 goto out;
eb8f7330
DW		 767
768 if (scan_cfg->clear_ssid && scan_cfg->ssid_len)
769 clear_ssid_flag = 1;
770
771 if (scan_cfg->clear_bssid
772 && (compare_ether_addr(scan_cfg->bssid, &zeromac[0]) != 0)
773 && (compare_ether_addr(scan_cfg->bssid, &bcastmac[0]) != 0)) {
774 clear_bssid_flag = 1;
775 }
776
777 if (!clear_ssid_flag && !clear_bssid_flag)
e56188ac 778 goto out;
eb8f7330
DW		 779
780 mutex_lock(&adapter->lock);
781 list_for_each_entry_safe (bss, safe, &adapter->network_list, list) {
782 u32 clear = 0;
783
784 /* Check for an SSID match */
785 if ( clear_ssid_flag
d8efea25
DW		 786 && (bss->ssid_len == scan_cfg->ssid_len)
787 && !memcmp(bss->ssid, scan_cfg->ssid, bss->ssid_len))
eb8f7330
DW		 788 clear = 1;
789
790 /* Check for a BSSID match */
791 if ( clear_bssid_flag
792 && !compare_ether_addr(bss->bssid, scan_cfg->bssid))
793 clear = 1;
794
795 if (clear) {
796 list_move_tail (&bss->list, &adapter->network_free_list);
797 clear_bss_descriptor(bss);
798 }
799 }
800 mutex_unlock(&adapter->lock);
e56188ac
HS		 801out:
802 lbs_deb_leave(LBS_DEB_SCAN);
eb8f7330
DW		 803}
804
805
876c9d3a
MT		 806/**
807 * @brief Internal function used to start a scan based on an input config
808 *
e56188ac
HS		 809 * Also used from debugfs
810 *
876c9d3a
MT		 811 * Use the input user scan configuration information when provided in
812 * order to send the appropriate scan commands to firmware to populate or
813 * update the internal driver scan table
814 *
815 * @param priv A pointer to wlan_private structure
816 * @param puserscanin Pointer to the input configuration for the requested
817 * scan.
e56188ac 818 * @param full_scan ???
876c9d3a
MT		 819 *
820 * @return 0 or < 0 if error
821 */
822int wlan_scan_networks(wlan_private * priv,
2afc0c5d
DW		 823 const struct wlan_ioctl_user_scan_cfg * puserscanin,
824 int full_scan)
876c9d3a 825{
eb8f7330 826 wlan_adapter * adapter = priv->adapter;
876c9d3a
MT		 827 struct mrvlietypes_chanlistparamset *pchantlvout;
828 struct chanscanparamset * scan_chan_list = NULL;
829 struct wlan_scan_cmd_config * scan_cfg = NULL;
876c9d3a
MT		 830 u8 filteredscan;
831 u8 scancurrentchanonly;
832 int maxchanperscan;
833 int ret;
f8f55108
DW		 834#ifdef CONFIG_LIBERTAS_DEBUG
835 struct bss_descriptor * iter_bss;
836 int i = 0;
0795af57 837 DECLARE_MAC_BUF(mac);
f8f55108 838#endif
876c9d3a 839
e56188ac 840 lbs_deb_enter_args(LBS_DEB_SCAN, "full_scan %d", full_scan);
2afc0c5d
DW		 841
842 /* Cancel any partial outstanding partial scans if this scan
843 * is a full scan.
844 */
845 if (full_scan && delayed_work_pending(&priv->scan_work))
846 cancel_delayed_work(&priv->scan_work);
876c9d3a
MT		 847
848 scan_chan_list = kzalloc(sizeof(struct chanscanparamset) *
849 WLAN_IOCTL_USER_SCAN_CHAN_MAX, GFP_KERNEL);
850 if (scan_chan_list == NULL) {
851 ret = -ENOMEM;
852 goto out;
853 }
854
855 scan_cfg = wlan_scan_setup_scan_config(priv,
856 puserscanin,
857 &pchantlvout,
858 scan_chan_list,
859 &maxchanperscan,
860 &filteredscan,
861 &scancurrentchanonly);
862 if (scan_cfg == NULL) {
863 ret = -ENOMEM;
864 goto out;
865 }
866
eb8f7330 867 clear_selected_scan_list_entries(adapter, puserscanin);
876c9d3a
MT		 868
869 /* Keep the data path active if we are only scanning our current channel */
870 if (!scancurrentchanonly) {
634b8f49
HS		 871 netif_stop_queue(priv->dev);
872 netif_carrier_off(priv->dev);
3cf84091
HS		 873 if (priv->mesh_dev) {
874 netif_stop_queue(priv->mesh_dev);
875 netif_carrier_off(priv->mesh_dev);
876 }
876c9d3a
MT		 877 }
878
879 ret = wlan_scan_channel_list(priv,
880 maxchanperscan,
881 filteredscan,
882 scan_cfg,
883 pchantlvout,
064827ed 884 scan_chan_list,
2be92196
MT		 885 puserscanin,
886 full_scan);
876c9d3a 887
f8f55108
DW		 888#ifdef CONFIG_LIBERTAS_DEBUG
889 /* Dump the scan table */
890 mutex_lock(&adapter->lock);
e56188ac 891 lbs_deb_scan("The scan table contains:\n");
f8f55108 892 list_for_each_entry (iter_bss, &adapter->network_list, list) {
e56188ac 893 lbs_deb_scan("scan %02d, %s, RSSI, %d, SSID '%s'\n",
0795af57 894 i++, print_mac(mac, iter_bss->bssid), (s32) iter_bss->rssi,
f8f55108
DW		 895 escape_essid(iter_bss->ssid, iter_bss->ssid_len));
896 }
897 mutex_unlock(&adapter->lock);
898#endif
876c9d3a 899
0aef64d7 900 if (priv->adapter->connect_status == LIBERTAS_CONNECTED) {
634b8f49
HS		 901 netif_carrier_on(priv->dev);
902 netif_wake_queue(priv->dev);
3cf84091
HS		 903 if (priv->mesh_dev) {
904 netif_carrier_on(priv->mesh_dev);
905 netif_wake_queue(priv->mesh_dev);
906 }
876c9d3a
MT		 907 }
908
909out:
910 if (scan_cfg)
911 kfree(scan_cfg);
912
913 if (scan_chan_list)
914 kfree(scan_chan_list);
915
9012b28a 916 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret);
876c9d3a
MT		 917 return ret;
918}
919
876c9d3a
MT		 920/**
921 * @brief Interpret a BSS scan response returned from the firmware
922 *
923 * Parse the various fixed fields and IEs passed back for a a BSS probe
924 * response or beacon from the scan command. Record information as needed
925 * in the scan table struct bss_descriptor for that entry.
926 *
fcdb53db 927 * @param bss Output parameter: Pointer to the BSS Entry
876c9d3a
MT		 928 *
929 * @return 0 or -1
930 */
fcdb53db
DW		 931static int libertas_process_bss(struct bss_descriptor * bss,
932 u8 ** pbeaconinfo, int *bytesleft)
876c9d3a 933{
876c9d3a
MT		 934 struct ieeetypes_fhparamset *pFH;
935 struct ieeetypes_dsparamset *pDS;
936 struct ieeetypes_cfparamset *pCF;
937 struct ieeetypes_ibssparamset *pibss;
0795af57 938 DECLARE_MAC_BUF(mac);
876c9d3a 939 struct ieeetypes_countryinfoset *pcountryinfo;
8c512765
DW		 940 u8 *pos, *end, *p;
941 u8 n_ex_rates = 0, got_basic_rates = 0, n_basic_rates = 0;
942 u16 beaconsize = 0;
943 int ret;
876c9d3a 944
e56188ac 945 lbs_deb_enter(LBS_DEB_SCAN);
876c9d3a 946
876c9d3a
MT		 947 if (*bytesleft >= sizeof(beaconsize)) {
948 /* Extract & convert beacon size from the command buffer */
ac630c2b 949 beaconsize = le16_to_cpu(get_unaligned((u16 *)*pbeaconinfo));
876c9d3a
MT		 950 *bytesleft -= sizeof(beaconsize);
951 *pbeaconinfo += sizeof(beaconsize);
952 }
953
954 if (beaconsize == 0 || beaconsize > *bytesleft) {
876c9d3a
MT		 955 *pbeaconinfo += *bytesleft;
956 *bytesleft = 0;
e56188ac
HS		 957 ret = -1;
958 goto done;
876c9d3a
MT		 959 }
960
961 /* Initialize the current working beacon pointer for this BSS iteration */
ab617971
DW		 962 pos = *pbeaconinfo;
963 end = pos + beaconsize;
876c9d3a
MT		 964
965 /* Advance the return beacon pointer past the current beacon */
966 *pbeaconinfo += beaconsize;
967 *bytesleft -= beaconsize;
968
ab617971 969 memcpy(bss->bssid, pos, ETH_ALEN);
0795af57 970 lbs_deb_scan("process_bss: AP BSSID %s\n", print_mac(mac, bss->bssid));
ab617971 971 pos += ETH_ALEN;
876c9d3a 972
ab617971 973 if ((end - pos) < 12) {
fcdb53db 974 lbs_deb_scan("process_bss: Not enough bytes left\n");
e56188ac
HS		 975 ret = -1;
976 goto done;
876c9d3a
MT		 977 }
978
979 /*
980 * next 4 fields are RSSI, time stamp, beacon interval,
981 * and capability information
982 */
983
984 /* RSSI is 1 byte long */
ab617971
DW		 985 bss->rssi = *pos;
986 lbs_deb_scan("process_bss: RSSI=%02X\n", *pos);
987 pos++;
876c9d3a
MT		 988
989 /* time stamp is 8 bytes long */
ab617971 990 pos += 8;
876c9d3a
MT		 991
992 /* beacon interval is 2 bytes long */
ab617971
DW		 993 bss->beaconperiod = le16_to_cpup((void *) pos);
994 pos += 2;
876c9d3a
MT		 995
996 /* capability information is 2 bytes long */
ab617971 997 bss->capability = le16_to_cpup((void *) pos);
0c9ca690 998 lbs_deb_scan("process_bss: capabilities = 0x%4X\n", bss->capability);
ab617971 999 pos += 2;
876c9d3a 1000
0c9ca690
DW		 1001 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
1002 lbs_deb_scan("process_bss: AP WEP enabled\n");
1003 if (bss->capability & WLAN_CAPABILITY_IBSS)
1004 bss->mode = IW_MODE_ADHOC;
1005 else
1006 bss->mode = IW_MODE_INFRA;
1007
876c9d3a 1008 /* rest of the current buffer are IE's */
ab617971 1009 lbs_deb_scan("process_bss: IE length for this AP = %zd\n", end - pos);
ece56191 1010 lbs_deb_hex(LBS_DEB_SCAN, "process_bss: IE info", pos, end - pos);
876c9d3a 1011
876c9d3a 1012 /* process variable IE */
ab617971
DW		 1013 while (pos <= end - 2) {
1014 struct ieee80211_info_element * elem =
1015 (struct ieee80211_info_element *) pos;
876c9d3a 1016
ab617971 1017 if (pos + elem->len > end) {
fcdb53db 1018 lbs_deb_scan("process_bss: error in processing IE, "
876c9d3a 1019 "bytes left < IE length\n");
ab617971 1020 break;
876c9d3a
MT		 1021 }
1022
ab617971
DW		 1023 switch (elem->id) {
1024 case MFIE_TYPE_SSID:
1025 bss->ssid_len = elem->len;
1026 memcpy(bss->ssid, elem->data, elem->len);
d8efea25
DW		 1027 lbs_deb_scan("ssid '%s', ssid length %u\n",
1028 escape_essid(bss->ssid, bss->ssid_len),
1029 bss->ssid_len);
876c9d3a
MT		 1030 break;
1031
ab617971 1032 case MFIE_TYPE_RATES:
8c512765
DW		 1033 n_basic_rates = min_t(u8, MAX_RATES, elem->len);
1034 memcpy(bss->rates, elem->data, n_basic_rates);
1035 got_basic_rates = 1;
876c9d3a
MT		 1036 break;
1037
ab617971
DW		 1038 case MFIE_TYPE_FH_SET:
1039 pFH = (struct ieeetypes_fhparamset *) pos;
fcdb53db 1040 memmove(&bss->phyparamset.fhparamset, pFH,
876c9d3a 1041 sizeof(struct ieeetypes_fhparamset));
981f187b 1042#if 0 /* I think we can store these LE */
fcdb53db
DW		 1043 bss->phyparamset.fhparamset.dwelltime
1044 = le16_to_cpu(bss->phyparamset.fhparamset.dwelltime);
981f187b 1045#endif
876c9d3a
MT		 1046 break;
1047
ab617971
DW		 1048 case MFIE_TYPE_DS_SET:
1049 pDS = (struct ieeetypes_dsparamset *) pos;
fcdb53db
DW		 1050 bss->channel = pDS->currentchan;
1051 memcpy(&bss->phyparamset.dsparamset, pDS,
876c9d3a
MT		 1052 sizeof(struct ieeetypes_dsparamset));
1053 break;
1054
ab617971
DW		 1055 case MFIE_TYPE_CF_SET:
1056 pCF = (struct ieeetypes_cfparamset *) pos;
fcdb53db 1057 memcpy(&bss->ssparamset.cfparamset, pCF,
876c9d3a
MT		 1058 sizeof(struct ieeetypes_cfparamset));
1059 break;
1060
ab617971
DW		 1061 case MFIE_TYPE_IBSS_SET:
1062 pibss = (struct ieeetypes_ibssparamset *) pos;
fcdb53db
DW		 1063 bss->atimwindow = le32_to_cpu(pibss->atimwindow);
1064 memmove(&bss->ssparamset.ibssparamset, pibss,
876c9d3a 1065 sizeof(struct ieeetypes_ibssparamset));
981f187b 1066#if 0
fcdb53db
DW		 1067 bss->ssparamset.ibssparamset.atimwindow
1068 = le16_to_cpu(bss->ssparamset.ibssparamset.atimwindow);
981f187b 1069#endif
876c9d3a
MT		 1070 break;
1071
ab617971
DW		 1072 case MFIE_TYPE_COUNTRY:
1073 pcountryinfo = (struct ieeetypes_countryinfoset *) pos;
fcdb53db 1074 if (pcountryinfo->len < sizeof(pcountryinfo->countrycode)
876c9d3a 1075 || pcountryinfo->len > 254) {
fcdb53db 1076 lbs_deb_scan("process_bss: 11D- Err "
4269e2ad 1077 "CountryInfo len =%d min=%zd max=254\n",
876c9d3a
MT		 1078 pcountryinfo->len,
1079 sizeof(pcountryinfo->countrycode));
9012b28a
HS		 1080 ret = -1;
1081 goto done;
876c9d3a
MT		 1082 }
1083
fcdb53db 1084 memcpy(&bss->countryinfo,
876c9d3a 1085 pcountryinfo, pcountryinfo->len + 2);
ece56191 1086 lbs_deb_hex(LBS_DEB_SCAN, "process_bss: 11d countryinfo",
876c9d3a
MT		 1087 (u8 *) pcountryinfo,
1088 (u32) (pcountryinfo->len + 2));
1089 break;
1090
ab617971
DW		 1091 case MFIE_TYPE_RATES_EX:
1092 /* only process extended supported rate if data rate is
1093 * already found. Data rate IE should come before
876c9d3a
MT		 1094 * extended supported rate IE
1095 */
8c512765 1096 if (!got_basic_rates)
ab617971 1097 break;
876c9d3a 1098
8c512765
DW		 1099 n_ex_rates = elem->len;
1100 if (n_basic_rates + n_ex_rates > MAX_RATES)
1101 n_ex_rates = MAX_RATES - n_basic_rates;
876c9d3a 1102
8c512765
DW		 1103 p = bss->rates + n_basic_rates;
1104 memcpy(p, elem->data, n_ex_rates);
876c9d3a 1105 break;
ab617971
DW		 1106
1107 case MFIE_TYPE_GENERIC:
1108 if (elem->len >= 4 &&
1109 elem->data[0] == 0x00 &&
1110 elem->data[1] == 0x50 &&
1111 elem->data[2] == 0xf2 &&
1112 elem->data[3] == 0x01) {
1113 bss->wpa_ie_len = min(elem->len + 2,
1114 MAX_WPA_IE_LEN);
1115 memcpy(bss->wpa_ie, elem, bss->wpa_ie_len);
ece56191 1116 lbs_deb_hex(LBS_DEB_SCAN, "process_bss: WPA IE", bss->wpa_ie,
ab617971 1117 elem->len);
1e838bf3
LCC		 1118 } else if (elem->len >= MARVELL_MESH_IE_LENGTH &&
1119 elem->data[0] == 0x00 &&
1120 elem->data[1] == 0x50 &&
1121 elem->data[2] == 0x43 &&
1122 elem->data[3] == 0x04) {
1123 bss->mesh = 1;
ab617971 1124 }
876c9d3a 1125 break;
ab617971
DW		 1126
1127 case MFIE_TYPE_RSN:
1128 bss->rsn_ie_len = min(elem->len + 2, MAX_WPA_IE_LEN);
1129 memcpy(bss->rsn_ie, elem, bss->rsn_ie_len);
ece56191 1130 lbs_deb_hex(LBS_DEB_SCAN, "process_bss: RSN_IE", bss->rsn_ie, elem->len);
876c9d3a
MT		 1131 break;
1132
ab617971 1133 default:
876c9d3a
MT		 1134 break;
1135 }
1136
ab617971
DW		 1137 pos += elem->len + 2;
1138 }
fcdb53db
DW		 1139
1140 /* Timestamp */
1141 bss->last_scanned = jiffies;
8c512765 1142 libertas_unset_basic_rate_flags(bss->rates, sizeof(bss->rates));
fcdb53db 1143
9012b28a 1144 ret = 0;
876c9d3a 1145
9012b28a
HS		 1146done:
1147 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret);
1148 return ret;
876c9d3a
MT		 1149}
1150
876c9d3a
MT		 1151/**
1152 * @brief This function finds a specific compatible BSSID in the scan list
1153 *
e56188ac
HS		 1154 * Used in association code
1155 *
876c9d3a
MT		 1156 * @param adapter A pointer to wlan_adapter
1157 * @param bssid BSSID to find in the scan list
1158 * @param mode Network mode: Infrastructure or IBSS
1159 *
1160 * @return index in BSSID list, or error return code (< 0)
1161 */
e56188ac 1162struct bss_descriptor *libertas_find_bssid_in_list(wlan_adapter * adapter,
fcdb53db 1163 u8 * bssid, u8 mode)
876c9d3a 1164{
fcdb53db
DW		 1165 struct bss_descriptor * iter_bss;
1166 struct bss_descriptor * found_bss = NULL;
876c9d3a 1167
e56188ac
HS		 1168 lbs_deb_enter(LBS_DEB_SCAN);
1169
876c9d3a 1170 if (!bssid)
e56188ac 1171 goto out;
876c9d3a 1172
ece56191 1173 lbs_deb_hex(LBS_DEB_SCAN, "looking for",
fcdb53db 1174 bssid, ETH_ALEN);
876c9d3a 1175
fcdb53db
DW		 1176 /* Look through the scan table for a compatible match. The loop will
1177 * continue past a matched bssid that is not compatible in case there
1178 * is an AP with multiple SSIDs assigned to the same BSSID
876c9d3a 1179 */
fcdb53db
DW		 1180 mutex_lock(&adapter->lock);
1181 list_for_each_entry (iter_bss, &adapter->network_list, list) {
3cf20931 1182 if (compare_ether_addr(iter_bss->bssid, bssid))
fcdb53db
DW		 1183 continue; /* bssid doesn't match */
1184 switch (mode) {
1185 case IW_MODE_INFRA:
1186 case IW_MODE_ADHOC:
1187 if (!is_network_compatible(adapter, iter_bss, mode))
876c9d3a 1188 break;
fcdb53db
DW		 1189 found_bss = iter_bss;
1190 break;
1191 default:
1192 found_bss = iter_bss;
1193 break;
876c9d3a
MT		 1194 }
1195 }
fcdb53db 1196 mutex_unlock(&adapter->lock);
876c9d3a 1197
e56188ac
HS		 1198out:
1199 lbs_deb_leave_args(LBS_DEB_SCAN, "found_bss %p", found_bss);
fcdb53db 1200 return found_bss;
876c9d3a
MT		 1201}
1202
1203/**
1204 * @brief This function finds ssid in ssid list.
1205 *
e56188ac
HS		 1206 * Used in association code
1207 *
876c9d3a
MT		 1208 * @param adapter A pointer to wlan_adapter
1209 * @param ssid SSID to find in the list
1210 * @param bssid BSSID to qualify the SSID selection (if provided)
1211 * @param mode Network mode: Infrastructure or IBSS
1212 *
1213 * @return index in BSSID list
1214 */
717c9339 1215struct bss_descriptor * libertas_find_ssid_in_list(wlan_adapter * adapter,
d8efea25 1216 u8 *ssid, u8 ssid_len, u8 * bssid, u8 mode,
aeea0ab4 1217 int channel)
876c9d3a 1218{
876c9d3a 1219 u8 bestrssi = 0;
fcdb53db
DW		 1220 struct bss_descriptor * iter_bss = NULL;
1221 struct bss_descriptor * found_bss = NULL;
1222 struct bss_descriptor * tmp_oldest = NULL;
876c9d3a 1223
e56188ac
HS		 1224 lbs_deb_enter(LBS_DEB_SCAN);
1225
fcdb53db
DW		 1226 mutex_lock(&adapter->lock);
1227
1228 list_for_each_entry (iter_bss, &adapter->network_list, list) {
1229 if ( !tmp_oldest
1230 || (iter_bss->last_scanned < tmp_oldest->last_scanned))
1231 tmp_oldest = iter_bss;
1232
717c9339 1233 if (libertas_ssid_cmp(iter_bss->ssid, iter_bss->ssid_len,
d8efea25 1234 ssid, ssid_len) != 0)
fcdb53db 1235 continue; /* ssid doesn't match */
3cf20931 1236 if (bssid && compare_ether_addr(iter_bss->bssid, bssid) != 0)
fcdb53db 1237 continue; /* bssid doesn't match */
aeea0ab4
DW		 1238 if ((channel > 0) && (iter_bss->channel != channel))
1239 continue; /* channel doesn't match */
fcdb53db
DW		 1240
1241 switch (mode) {
1242 case IW_MODE_INFRA:
1243 case IW_MODE_ADHOC:
1244 if (!is_network_compatible(adapter, iter_bss, mode))
876c9d3a 1245 break;
fcdb53db
DW		 1246
1247 if (bssid) {
1248 /* Found requested BSSID */
1249 found_bss = iter_bss;
1250 goto out;
1251 }
1252
1253 if (SCAN_RSSI(iter_bss->rssi) > bestrssi) {
1254 bestrssi = SCAN_RSSI(iter_bss->rssi);
1255 found_bss = iter_bss;
1256 }
1257 break;
1258 case IW_MODE_AUTO:
1259 default:
1260 if (SCAN_RSSI(iter_bss->rssi) > bestrssi) {
1261 bestrssi = SCAN_RSSI(iter_bss->rssi);
1262 found_bss = iter_bss;
876c9d3a 1263 }
fcdb53db 1264 break;
876c9d3a
MT		 1265 }
1266 }
1267
fcdb53db
DW		 1268out:
1269 mutex_unlock(&adapter->lock);
e56188ac 1270 lbs_deb_leave_args(LBS_DEB_SCAN, "found_bss %p", found_bss);
fcdb53db 1271 return found_bss;
876c9d3a
MT		 1272}
1273
1274/**
1275 * @brief This function finds the best SSID in the Scan List
1276 *
1277 * Search the scan table for the best SSID that also matches the current
1278 * adapter network preference (infrastructure or adhoc)
1279 *
1280 * @param adapter A pointer to wlan_adapter
1281 *
1282 * @return index in BSSID list
1283 */
ac558ca2 1284static struct bss_descriptor * libertas_find_best_ssid_in_list(wlan_adapter * adapter,
fcdb53db 1285 u8 mode)
876c9d3a 1286{
876c9d3a 1287 u8 bestrssi = 0;
fcdb53db
DW		 1288 struct bss_descriptor * iter_bss;
1289 struct bss_descriptor * best_bss = NULL;
876c9d3a 1290
e56188ac
HS		 1291 lbs_deb_enter(LBS_DEB_SCAN);
1292
fcdb53db 1293 mutex_lock(&adapter->lock);
876c9d3a 1294
fcdb53db 1295 list_for_each_entry (iter_bss, &adapter->network_list, list) {
876c9d3a 1296 switch (mode) {
0dc5a290
DW		 1297 case IW_MODE_INFRA:
1298 case IW_MODE_ADHOC:
fcdb53db
DW		 1299 if (!is_network_compatible(adapter, iter_bss, mode))
1300 break;
1301 if (SCAN_RSSI(iter_bss->rssi) <= bestrssi)
1302 break;
1303 bestrssi = SCAN_RSSI(iter_bss->rssi);
1304 best_bss = iter_bss;
876c9d3a 1305 break;
0dc5a290 1306 case IW_MODE_AUTO:
876c9d3a 1307 default:
fcdb53db
DW		 1308 if (SCAN_RSSI(iter_bss->rssi) <= bestrssi)
1309 break;
1310 bestrssi = SCAN_RSSI(iter_bss->rssi);
1311 best_bss = iter_bss;
876c9d3a
MT		 1312 break;
1313 }
1314 }
1315
fcdb53db 1316 mutex_unlock(&adapter->lock);
e56188ac 1317 lbs_deb_leave_args(LBS_DEB_SCAN, "best_bss %p", best_bss);
fcdb53db 1318 return best_bss;
876c9d3a
MT		 1319}
1320
1321/**
1322 * @brief Find the AP with specific ssid in the scan list
1323 *
e56188ac
HS		 1324 * Used from association worker.
1325 *
876c9d3a
MT		 1326 * @param priv A pointer to wlan_private structure
1327 * @param pSSID A pointer to AP's ssid
1328 *
1329 * @return 0--success, otherwise--fail
1330 */
717c9339 1331int libertas_find_best_network_ssid(wlan_private * priv,
d8efea25 1332 u8 *out_ssid, u8 *out_ssid_len, u8 preferred_mode, u8 *out_mode)
876c9d3a
MT		 1333{
1334 wlan_adapter *adapter = priv->adapter;
fcdb53db
DW		 1335 int ret = -1;
1336 struct bss_descriptor * found;
876c9d3a 1337
e56188ac 1338 lbs_deb_enter(LBS_DEB_SCAN);
876c9d3a 1339
2be92196 1340 wlan_scan_networks(priv, NULL, 1);
876c9d3a 1341 if (adapter->surpriseremoved)
e56188ac 1342 goto out;
876c9d3a 1343
fcdb53db 1344 wait_event_interruptible(adapter->cmd_pending, !adapter->nr_cmd_pending);
876c9d3a 1345
717c9339 1346 found = libertas_find_best_ssid_in_list(adapter, preferred_mode);
d8efea25
DW		 1347 if (found && (found->ssid_len > 0)) {
1348 memcpy(out_ssid, &found->ssid, IW_ESSID_MAX_SIZE);
1349 *out_ssid_len = found->ssid_len;
fcdb53db
DW		 1350 *out_mode = found->mode;
1351 ret = 0;
876c9d3a
MT		 1352 }
1353
e56188ac 1354out:
9012b28a 1355 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret);
876c9d3a
MT		 1356 return ret;
1357}
1358
1359/**
1360 * @brief Scan Network
1361 *
1362 * @param dev A pointer to net_device structure
1363 * @param info A pointer to iw_request_info structure
1364 * @param vwrq A pointer to iw_param structure
1365 * @param extra A pointer to extra data buf
1366 *
1367 * @return 0 --success, otherwise fail
1368 */
1369int libertas_set_scan(struct net_device *dev, struct iw_request_info *info,
1370 struct iw_param *vwrq, char *extra)
1371{
1372 wlan_private *priv = dev->priv;
1373 wlan_adapter *adapter = priv->adapter;
876c9d3a 1374
9012b28a 1375 lbs_deb_enter(LBS_DEB_SCAN);
876c9d3a 1376
2afc0c5d
DW		 1377 if (!delayed_work_pending(&priv->scan_work)) {
1378 queue_delayed_work(priv->work_thread, &priv->scan_work,
1379 msecs_to_jiffies(50));
1380 }
876c9d3a
MT		 1381
1382 if (adapter->surpriseremoved)
1383 return -1;
1384
9012b28a 1385 lbs_deb_leave(LBS_DEB_SCAN);
876c9d3a
MT		 1386 return 0;
1387}
1388
e56188ac 1389
876c9d3a
MT		 1390/**
1391 * @brief Send a scan command for all available channels filtered on a spec
1392 *
e56188ac
HS		 1393 * Used in association code and from debugfs
1394 *
876c9d3a 1395 * @param priv A pointer to wlan_private structure
e56188ac
HS		 1396 * @param ssid A pointer to the SSID to scan for
1397 * @param ssid_len Length of the SSID
1398 * @param clear_ssid Should existing scan results with this SSID
1399 * be cleared?
876c9d3a
MT		 1400 * @param prequestedssid A pointer to AP's ssid
1401 * @param keeppreviousscan Flag used to save/clear scan table before scan
1402 *
1403 * @return 0-success, otherwise fail
1404 */
717c9339 1405int libertas_send_specific_ssid_scan(wlan_private * priv,
d8efea25 1406 u8 *ssid, u8 ssid_len, u8 clear_ssid)
876c9d3a
MT		 1407{
1408 wlan_adapter *adapter = priv->adapter;
1409 struct wlan_ioctl_user_scan_cfg scancfg;
eb8f7330 1410 int ret = 0;
876c9d3a 1411
e56188ac
HS		 1412 lbs_deb_enter_args(LBS_DEB_SCAN, "SSID '%s', clear %d",
1413 escape_essid(ssid, ssid_len), clear_ssid);
876c9d3a 1414
d8efea25 1415 if (!ssid_len)
eb8f7330 1416 goto out;
876c9d3a
MT		 1417
1418 memset(&scancfg, 0x00, sizeof(scancfg));
d8efea25
DW		 1419 memcpy(scancfg.ssid, ssid, ssid_len);
1420 scancfg.ssid_len = ssid_len;
eb8f7330 1421 scancfg.clear_ssid = clear_ssid;
876c9d3a 1422
2be92196 1423 wlan_scan_networks(priv, &scancfg, 1);
e56188ac
HS		 1424 if (adapter->surpriseremoved) {
1425 ret = -1;
1426 goto out;
1427 }
876c9d3a
MT		 1428 wait_event_interruptible(adapter->cmd_pending, !adapter->nr_cmd_pending);
1429
eb8f7330 1430out:
e56188ac 1431 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret);
eb8f7330 1432 return ret;
876c9d3a
MT		 1433}
1434
e56188ac
HS		 1435
1436
1437
1438/*********************************************************************/
1439/* */
1440/* Support for Wireless Extensions */
1441/* */
1442/*********************************************************************/
1443
00af0157
DW		 1444#define MAX_CUSTOM_LEN 64
1445
fcdb53db
DW		 1446static inline char *libertas_translate_scan(wlan_private *priv,
1447 char *start, char *stop,
1448 struct bss_descriptor *bss)
876c9d3a 1449{
876c9d3a 1450 wlan_adapter *adapter = priv->adapter;
876c9d3a 1451 struct chan_freq_power *cfp;
876c9d3a
MT		 1452 char *current_val; /* For rates */
1453 struct iw_event iwe; /* Temporary buffer */
876c9d3a 1454 int j;
876c9d3a
MT		 1455#define PERFECT_RSSI ((u8)50)
1456#define WORST_RSSI ((u8)0)
1457#define RSSI_DIFF ((u8)(PERFECT_RSSI - WORST_RSSI))
1458 u8 rssi;
1459
e56188ac
HS		 1460 lbs_deb_enter(LBS_DEB_SCAN);
1461
fcdb53db
DW		 1462 cfp = libertas_find_cfp_by_band_and_channel(adapter, 0, bss->channel);
1463 if (!cfp) {
1464 lbs_deb_scan("Invalid channel number %d\n", bss->channel);
e56188ac
HS		 1465 start = NULL;
1466 goto out;
2be92196 1467 }
876c9d3a 1468
fcdb53db
DW		 1469 /* First entry *MUST* be the AP BSSID */
1470 iwe.cmd = SIOCGIWAP;
1471 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
1472 memcpy(iwe.u.ap_addr.sa_data, &bss->bssid, ETH_ALEN);
1473 start = iwe_stream_add_event(start, stop, &iwe, IW_EV_ADDR_LEN);
1474
1475 /* SSID */
1476 iwe.cmd = SIOCGIWESSID;
1477 iwe.u.data.flags = 1;
d8efea25
DW		 1478 iwe.u.data.length = min((u32) bss->ssid_len, (u32) IW_ESSID_MAX_SIZE);
1479 start = iwe_stream_add_point(start, stop, &iwe, bss->ssid);
fcdb53db
DW		 1480
1481 /* Mode */
1482 iwe.cmd = SIOCGIWMODE;
1483 iwe.u.mode = bss->mode;
1484 start = iwe_stream_add_event(start, stop, &iwe, IW_EV_UINT_LEN);
1485
1486 /* Frequency */
1487 iwe.cmd = SIOCGIWFREQ;
1488 iwe.u.freq.m = (long)cfp->freq * 100000;
1489 iwe.u.freq.e = 1;
1490 start = iwe_stream_add_event(start, stop, &iwe, IW_EV_FREQ_LEN);
1491
1492 /* Add quality statistics */
1493 iwe.cmd = IWEVQUAL;
1494 iwe.u.qual.updated = IW_QUAL_ALL_UPDATED;
1495 iwe.u.qual.level = SCAN_RSSI(bss->rssi);
1496
1497 rssi = iwe.u.qual.level - MRVDRV_NF_DEFAULT_SCAN_VALUE;
1498 iwe.u.qual.qual =
1499 (100 * RSSI_DIFF * RSSI_DIFF - (PERFECT_RSSI - rssi) *
1500 (15 * (RSSI_DIFF) + 62 * (PERFECT_RSSI - rssi))) /
1501 (RSSI_DIFF * RSSI_DIFF);
1502 if (iwe.u.qual.qual > 100)
1503 iwe.u.qual.qual = 100;
1504
1505 if (adapter->NF[TYPE_BEACON][TYPE_NOAVG] == 0) {
1506 iwe.u.qual.noise = MRVDRV_NF_DEFAULT_SCAN_VALUE;
1507 } else {
1508 iwe.u.qual.noise =
1509 CAL_NF(adapter->NF[TYPE_BEACON][TYPE_NOAVG]);
1510 }
80e78ef7
DW		 1511
1512 /* Locally created ad-hoc BSSs won't have beacons if this is the
1513 * only station in the adhoc network; so get signal strength
1514 * from receive statistics.
1515 */
1516 if ((adapter->mode == IW_MODE_ADHOC)
1517 && adapter->adhoccreate
717c9339 1518 && !libertas_ssid_cmp(adapter->curbssparams.ssid,
d8efea25
DW		 1519 adapter->curbssparams.ssid_len,
1520 bss->ssid, bss->ssid_len)) {
80e78ef7
DW		 1521 int snr, nf;
1522 snr = adapter->SNR[TYPE_RXPD][TYPE_AVG] / AVG_SCALE;
1523 nf = adapter->NF[TYPE_RXPD][TYPE_AVG] / AVG_SCALE;
1524 iwe.u.qual.level = CAL_RSSI(snr, nf);
fcdb53db
DW		 1525 }
1526 start = iwe_stream_add_event(start, stop, &iwe, IW_EV_QUAL_LEN);
876c9d3a 1527
fcdb53db
DW		 1528 /* Add encryption capability */
1529 iwe.cmd = SIOCGIWENCODE;
0c9ca690 1530 if (bss->capability & WLAN_CAPABILITY_PRIVACY) {
fcdb53db
DW		 1531 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
1532 } else {
1533 iwe.u.data.flags = IW_ENCODE_DISABLED;
1534 }
1535 iwe.u.data.length = 0;
d8efea25 1536 start = iwe_stream_add_point(start, stop, &iwe, bss->ssid);
876c9d3a 1537
fcdb53db 1538 current_val = start + IW_EV_LCP_LEN;
876c9d3a 1539
fcdb53db
DW		 1540 iwe.cmd = SIOCGIWRATE;
1541 iwe.u.bitrate.fixed = 0;
1542 iwe.u.bitrate.disabled = 0;
1543 iwe.u.bitrate.value = 0;
876c9d3a 1544
8c512765
DW		 1545 for (j = 0; bss->rates[j] && (j < sizeof(bss->rates)); j++) {
1546 /* Bit rate given in 500 kb/s units */
1547 iwe.u.bitrate.value = bss->rates[j] * 500000;
fcdb53db
DW		 1548 current_val = iwe_stream_add_value(start, current_val,
1549 stop, &iwe, IW_EV_PARAM_LEN);
1550 }
1551 if ((bss->mode == IW_MODE_ADHOC)
717c9339 1552 && !libertas_ssid_cmp(adapter->curbssparams.ssid,
d8efea25
DW		 1553 adapter->curbssparams.ssid_len,
1554 bss->ssid, bss->ssid_len)
fcdb53db
DW		 1555 && adapter->adhoccreate) {
1556 iwe.u.bitrate.value = 22 * 500000;
1557 current_val = iwe_stream_add_value(start, current_val,
1558 stop, &iwe, IW_EV_PARAM_LEN);
1559 }
1560 /* Check if we added any event */
1561 if((current_val - start) > IW_EV_LCP_LEN)
1562 start = current_val;
1563
1564 memset(&iwe, 0, sizeof(iwe));
1565 if (bss->wpa_ie_len) {
1566 char buf[MAX_WPA_IE_LEN];
1567 memcpy(buf, bss->wpa_ie, bss->wpa_ie_len);
1568 iwe.cmd = IWEVGENIE;
1569 iwe.u.data.length = bss->wpa_ie_len;
1570 start = iwe_stream_add_point(start, stop, &iwe, buf);
1571 }
876c9d3a 1572
fcdb53db
DW		 1573 memset(&iwe, 0, sizeof(iwe));
1574 if (bss->rsn_ie_len) {
1575 char buf[MAX_WPA_IE_LEN];
1576 memcpy(buf, bss->rsn_ie, bss->rsn_ie_len);
1577 iwe.cmd = IWEVGENIE;
1578 iwe.u.data.length = bss->rsn_ie_len;
1579 start = iwe_stream_add_point(start, stop, &iwe, buf);
1580 }
876c9d3a 1581
00af0157
DW		 1582 if (bss->mesh) {
1583 char custom[MAX_CUSTOM_LEN];
1584 char *p = custom;
1585
1586 iwe.cmd = IWEVCUSTOM;
1587 p += snprintf(p, MAX_CUSTOM_LEN - (p - custom),
1588 "mesh-type: olpc");
1589 iwe.u.data.length = p - custom;
1590 if (iwe.u.data.length)
1591 start = iwe_stream_add_point(start, stop, &iwe, custom);
1592 }
1593
e56188ac
HS		 1594out:
1595 lbs_deb_leave_args(LBS_DEB_SCAN, "start %p", start);
fcdb53db
DW		 1596 return start;
1597}
876c9d3a 1598
fcdb53db 1599/**
e56188ac 1600 * @brief Handle Retrieve scan table ioctl
fcdb53db
DW		 1601 *
1602 * @param dev A pointer to net_device structure
1603 * @param info A pointer to iw_request_info structure
1604 * @param dwrq A pointer to iw_point structure
1605 * @param extra A pointer to extra data buf
1606 *
1607 * @return 0 --success, otherwise fail
1608 */
1609int libertas_get_scan(struct net_device *dev, struct iw_request_info *info,
1610 struct iw_point *dwrq, char *extra)
1611{
1612#define SCAN_ITEM_SIZE 128
1613 wlan_private *priv = dev->priv;
1614 wlan_adapter *adapter = priv->adapter;
1615 int err = 0;
1616 char *ev = extra;
1617 char *stop = ev + dwrq->length;
1618 struct bss_descriptor * iter_bss;
1619 struct bss_descriptor * safe;
876c9d3a 1620
e56188ac 1621 lbs_deb_enter(LBS_DEB_SCAN);
876c9d3a 1622
80e78ef7 1623 /* Update RSSI if current BSS is a locally created ad-hoc BSS */
aeea0ab4 1624 if ((adapter->mode == IW_MODE_ADHOC) && adapter->adhoccreate) {
0aef64d7
DW		 1625 libertas_prepare_and_send_command(priv, CMD_802_11_RSSI, 0,
1626 CMD_OPTION_WAITFORRSP, 0, NULL);
80e78ef7
DW		 1627 }
1628
fcdb53db
DW		 1629 mutex_lock(&adapter->lock);
1630 list_for_each_entry_safe (iter_bss, safe, &adapter->network_list, list) {
1631 char * next_ev;
1632 unsigned long stale_time;
876c9d3a 1633
fcdb53db
DW		 1634 if (stop - ev < SCAN_ITEM_SIZE) {
1635 err = -E2BIG;
1636 break;
876c9d3a 1637 }
876c9d3a 1638
1e838bf3
LCC		 1639 /* For mesh device, list only mesh networks */
1640 if (dev == priv->mesh_dev && !iter_bss->mesh)
1641 continue;
1642
fcdb53db
DW		 1643 /* Prune old an old scan result */
1644 stale_time = iter_bss->last_scanned + DEFAULT_MAX_SCAN_AGE;
1645 if (time_after(jiffies, stale_time)) {
1646 list_move_tail (&iter_bss->list,
1647 &adapter->network_free_list);
1648 clear_bss_descriptor(iter_bss);
1649 continue;
876c9d3a
MT		 1650 }
1651
fcdb53db
DW		 1652 /* Translate to WE format this entry */
1653 next_ev = libertas_translate_scan(priv, ev, stop, iter_bss);
1654 if (next_ev == NULL)
1655 continue;
1656 ev = next_ev;
876c9d3a 1657 }
fcdb53db 1658 mutex_unlock(&adapter->lock);
876c9d3a 1659
fcdb53db 1660 dwrq->length = (ev - extra);
876c9d3a
MT		 1661 dwrq->flags = 0;
1662
e56188ac 1663 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", err);
fcdb53db 1664 return err;
876c9d3a
MT		 1665}
1666
e56188ac
HS		 1667
1668
1669
1670/*********************************************************************/
1671/* */
1672/* Command execution */
1673/* */
1674/*********************************************************************/
1675
1676
876c9d3a
MT		 1677/**
1678 * @brief Prepare a scan command to be sent to the firmware
1679 *
e56188ac 1680 * Called from libertas_prepare_and_send_command() in cmd.c
876c9d3a 1681 *
e56188ac
HS		 1682 * Sends a fixed lenght data part (specifying the BSS type and BSSID filters)
1683 * as well as a variable number/length of TLVs to the firmware.
876c9d3a
MT		 1684 *
1685 * @param priv A pointer to wlan_private structure
1686 * @param cmd A pointer to cmd_ds_command structure to be sent to
1687 * firmware with the cmd_DS_801_11_SCAN structure
1688 * @param pdata_buf Void pointer cast of a wlan_scan_cmd_config struct used
1689 * to set the fields/TLVs for the command sent to firmware
1690 *
1691 * @return 0 or -1
876c9d3a
MT		 1692 */
1693int libertas_cmd_80211_scan(wlan_private * priv,
1694 struct cmd_ds_command *cmd, void *pdata_buf)
1695{
1696 struct cmd_ds_802_11_scan *pscan = &cmd->params.scan;
e56188ac 1697 struct wlan_scan_cmd_config *pscancfg = pdata_buf;
876c9d3a 1698
e56188ac 1699 lbs_deb_enter(LBS_DEB_SCAN);
876c9d3a
MT		 1700
1701 /* Set fixed field variables in scan command */
1702 pscan->bsstype = pscancfg->bsstype;
492b6da7 1703 memcpy(pscan->bssid, pscancfg->bssid, ETH_ALEN);
876c9d3a
MT		 1704 memcpy(pscan->tlvbuffer, pscancfg->tlvbuffer, pscancfg->tlvbufferlen);
1705
0aef64d7 1706 cmd->command = cpu_to_le16(CMD_802_11_SCAN);
876c9d3a
MT		 1707
1708 /* size is equal to the sizeof(fixed portions) + the TLV len + header */
492b6da7
DW		 1709 cmd->size = cpu_to_le16(sizeof(pscan->bsstype) + ETH_ALEN
1710 + pscancfg->tlvbufferlen + S_DS_GEN);
876c9d3a 1711
e56188ac 1712 lbs_deb_scan("SCAN_CMD: command 0x%04x, size %d, seqnum %d\n",
981f187b
DW		 1713 le16_to_cpu(cmd->command), le16_to_cpu(cmd->size),
1714 le16_to_cpu(cmd->seqnum));
9012b28a 1715
e56188ac 1716 lbs_deb_leave(LBS_DEB_SCAN);
876c9d3a
MT		 1717 return 0;
1718}
1719
fcdb53db
DW		 1720static inline int is_same_network(struct bss_descriptor *src,
1721 struct bss_descriptor *dst)
1722{
1723 /* A network is only a duplicate if the channel, BSSID, and ESSID
1724 * all match. We treat all <hidden> with the same BSSID and channel
1725 * as one network */
d8efea25 1726 return ((src->ssid_len == dst->ssid_len) &&
fcdb53db
DW		 1727 (src->channel == dst->channel) &&
1728 !compare_ether_addr(src->bssid, dst->bssid) &&
d8efea25 1729 !memcmp(src->ssid, dst->ssid, src->ssid_len));
fcdb53db
DW		 1730}
1731
876c9d3a
MT		 1732/**
1733 * @brief This function handles the command response of scan
1734 *
e56188ac
HS		 1735 * Called from handle_cmd_response() in cmdrespc.
1736 *
876c9d3a
MT		 1737 * The response buffer for the scan command has the following
1738 * memory layout:
1739 *
1740 * .-----------------------------------------------------------.
1741 * | header (4 * sizeof(u16)): Standard command response hdr |
1742 * .-----------------------------------------------------------.
1743 * | bufsize (u16) : sizeof the BSS Description data |
1744 * .-----------------------------------------------------------.
1745 * | NumOfSet (u8) : Number of BSS Descs returned |
1746 * .-----------------------------------------------------------.
1747 * | BSSDescription data (variable, size given in bufsize) |
1748 * .-----------------------------------------------------------.
1749 * | TLV data (variable, size calculated using header->size, |
1750 * | bufsize and sizeof the fixed fields above) |
1751 * .-----------------------------------------------------------.
1752 *
1753 * @param priv A pointer to wlan_private structure
1754 * @param resp A pointer to cmd_ds_command
1755 *
1756 * @return 0 or -1
1757 */
1758int libertas_ret_80211_scan(wlan_private * priv, struct cmd_ds_command *resp)
1759{
1760 wlan_adapter *adapter = priv->adapter;
1761 struct cmd_ds_802_11_scan_rsp *pscan;
fcdb53db
DW		 1762 struct bss_descriptor * iter_bss;
1763 struct bss_descriptor * safe;
876c9d3a
MT		 1764 u8 *pbssinfo;
1765 u16 scanrespsize;
1766 int bytesleft;
876c9d3a
MT		 1767 int idx;
1768 int tlvbufsize;
9012b28a 1769 int ret;
876c9d3a 1770
e56188ac 1771 lbs_deb_enter(LBS_DEB_SCAN);
876c9d3a 1772
fcdb53db
DW		 1773 /* Prune old entries from scan table */
1774 list_for_each_entry_safe (iter_bss, safe, &adapter->network_list, list) {
1775 unsigned long stale_time = iter_bss->last_scanned + DEFAULT_MAX_SCAN_AGE;
1776 if (time_before(jiffies, stale_time))
1777 continue;
1778 list_move_tail (&iter_bss->list, &adapter->network_free_list);
1779 clear_bss_descriptor(iter_bss);
1780 }
1781
876c9d3a
MT		 1782 pscan = &resp->params.scanresp;
1783
fcdb53db
DW		 1784 if (pscan->nr_sets > MAX_NETWORK_COUNT) {
1785 lbs_deb_scan(
1786 "SCAN_RESP: too many scan results (%d, max %d)!!\n",
1787 pscan->nr_sets, MAX_NETWORK_COUNT);
9012b28a
HS		 1788 ret = -1;
1789 goto done;
876c9d3a
MT		 1790 }
1791
ac630c2b 1792 bytesleft = le16_to_cpu(get_unaligned((u16*)&pscan->bssdescriptsize));
9012b28a 1793 lbs_deb_scan("SCAN_RESP: bssdescriptsize %d\n", bytesleft);
876c9d3a 1794
ac630c2b 1795 scanrespsize = le16_to_cpu(get_unaligned((u16*)&resp->size));
9012b28a 1796 lbs_deb_scan("SCAN_RESP: returned %d AP before parsing\n",
876c9d3a
MT		 1797 pscan->nr_sets);
1798
876c9d3a
MT		 1799 pbssinfo = pscan->bssdesc_and_tlvbuffer;
1800
1801 /* The size of the TLV buffer is equal to the entire command response
1802 * size (scanrespsize) minus the fixed fields (sizeof()'s), the
1803 * BSS Descriptions (bssdescriptsize as bytesLef) and the command
1804 * response header (S_DS_GEN)
1805 */
1806 tlvbufsize = scanrespsize - (bytesleft + sizeof(pscan->bssdescriptsize)
1807 + sizeof(pscan->nr_sets)
1808 + S_DS_GEN);
1809
876c9d3a
MT		 1810 /*
1811 * Process each scan response returned (pscan->nr_sets). Save
1812 * the information in the newbssentry and then insert into the
1813 * driver scan table either as an update to an existing entry
1814 * or as an addition at the end of the table
1815 */
1816 for (idx = 0; idx < pscan->nr_sets && bytesleft; idx++) {
fcdb53db
DW		 1817 struct bss_descriptor new;
1818 struct bss_descriptor * found = NULL;
fcdb53db 1819 struct bss_descriptor * oldest = NULL;
0795af57 1820 DECLARE_MAC_BUF(mac);
876c9d3a
MT		 1821
1822 /* Process the data fields and IEs returned for this BSS */
fcdb53db
DW		 1823 memset(&new, 0, sizeof (struct bss_descriptor));
1824 if (libertas_process_bss(&new, &pbssinfo, &bytesleft) != 0) {
1825 /* error parsing the scan response, skipped */
1826 lbs_deb_scan("SCAN_RESP: process_bss returned ERROR\n");
1827 continue;
1828 }
876c9d3a 1829
fcdb53db
DW		 1830 /* Try to find this bss in the scan table */
1831 list_for_each_entry (iter_bss, &adapter->network_list, list) {
1832 if (is_same_network(iter_bss, &new)) {
1833 found = iter_bss;
1834 break;
876c9d3a
MT		 1835 }
1836
fcdb53db
DW		 1837 if ((oldest == NULL) ||
1838 (iter_bss->last_scanned < oldest->last_scanned))
1839 oldest = iter_bss;
1840 }
876c9d3a 1841
fcdb53db
DW		 1842 if (found) {
1843 /* found, clear it */
1844 clear_bss_descriptor(found);
1845 } else if (!list_empty(&adapter->network_free_list)) {
1846 /* Pull one from the free list */
1847 found = list_entry(adapter->network_free_list.next,
1848 struct bss_descriptor, list);
1849 list_move_tail(&found->list, &adapter->network_list);
1850 } else if (oldest) {
1851 /* If there are no more slots, expire the oldest */
1852 found = oldest;
1853 clear_bss_descriptor(found);
1854 list_move_tail(&found->list, &adapter->network_list);
876c9d3a 1855 } else {
fcdb53db
DW		 1856 continue;
1857 }
876c9d3a 1858
0795af57
JP		 1859 lbs_deb_scan("SCAN_RESP: BSSID = %s\n",
1860 print_mac(mac, new.bssid));
fcdb53db 1861
fcdb53db
DW		 1862 /* Copy the locally created newbssentry to the scan table */
1863 memcpy(found, &new, offsetof(struct bss_descriptor, list));
1864 }
876c9d3a 1865
9012b28a 1866 ret = 0;
876c9d3a 1867
9012b28a
HS		 1868done:
1869 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret);
1870 return ret;
876c9d3a 1871}
kernel source for telekom puls (alcatel/mediatek)