projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
libertas: add LED control TLV to types.h
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / drivers / net / wireless / libertas / scan.c
CommitLineData
876c9d3a
MT		 1/**
2 * Functions implementing wlan scan IOCTL and firmware command APIs
3 *
4 * IOCTL handlers as well as command preperation and response routines
5 * for sending scan commands to the firmware.
6 */
7#include <linux/ctype.h>
8#include <linux/if.h>
9#include <linux/netdevice.h>
10#include <linux/wireless.h>
fcdb53db 11#include <linux/etherdevice.h>
876c9d3a
MT		 12
13#include <net/ieee80211.h>
14#include <net/iw_handler.h>
15
ac630c2b
VD		 16#include <asm/unaligned.h>
17
876c9d3a
MT		 18#include "host.h"
19#include "decl.h"
20#include "dev.h"
21#include "scan.h"
8c512765 22#include "join.h"
876c9d3a
MT		 23
24//! Approximate amount of data needed to pass a scan result back to iwlist
25#define MAX_SCAN_CELL_SIZE (IW_EV_ADDR_LEN \
26 + IW_ESSID_MAX_SIZE \
27 + IW_EV_UINT_LEN \
28 + IW_EV_FREQ_LEN \
29 + IW_EV_QUAL_LEN \
30 + IW_ESSID_MAX_SIZE \
31 + IW_EV_PARAM_LEN \
32 + 40) /* 40 for WPAIE */
33
34//! Memory needed to store a max sized channel List TLV for a firmware scan
35#define CHAN_TLV_MAX_SIZE (sizeof(struct mrvlietypesheader) \
36 + (MRVDRV_MAX_CHANNELS_PER_SCAN \
37 * sizeof(struct chanscanparamset)))
38
39//! Memory needed to store a max number/size SSID TLV for a firmware scan
40#define SSID_TLV_MAX_SIZE (1 * sizeof(struct mrvlietypes_ssidparamset))
41
10078321
HS		 42//! Maximum memory needed for a lbs_scan_cmd_config with all TLVs at max
43#define MAX_SCAN_CFG_ALLOC (sizeof(struct lbs_scan_cmd_config) \
876c9d3a
MT		 44 + CHAN_TLV_MAX_SIZE \
45 + SSID_TLV_MAX_SIZE)
46
47//! The maximum number of channels the firmware can scan per command
48#define MRVDRV_MAX_CHANNELS_PER_SCAN 14
49
50/**
51 * @brief Number of channels to scan per firmware scan command issuance.
52 *
53 * Number restricted to prevent hitting the limit on the amount of scan data
54 * returned in a single firmware scan command.
55 */
56#define MRVDRV_CHANNELS_PER_SCAN_CMD 4
57
58//! Scan time specified in the channel TLV for each channel for passive scans
59#define MRVDRV_PASSIVE_SCAN_CHAN_TIME 100
60
61//! Scan time specified in the channel TLV for each channel for active scans
62#define MRVDRV_ACTIVE_SCAN_CHAN_TIME 100
63
123e0e04
DW		 64static const u8 zeromac[ETH_ALEN] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
65static const u8 bcastmac[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
eb8f7330 66
e56188ac
HS		 67
68
69
70/*********************************************************************/
71/* */
72/* Misc helper functions */
73/* */
74/*********************************************************************/
75
23ff5036
HS		 76/**
77 * @brief Unsets the MSB on basic rates
78 *
79 * Scan through an array and unset the MSB for basic data rates.
80 *
81 * @param rates buffer of data rates
82 * @param len size of buffer
83 */
84static void lbs_unset_basic_rate_flags(u8 *rates, size_t len)
85{
86 int i;
87
88 for (i = 0; i < len; i++)
89 rates[i] &= 0x7f;
90}
91
92
fcdb53db
DW		 93static inline void clear_bss_descriptor (struct bss_descriptor * bss)
94{
95 /* Don't blow away ->list, just BSS data */
96 memset(bss, 0, offsetof(struct bss_descriptor, list));
97}
98
ffd074fc
HS		 99/**
100 * @brief Compare two SSIDs
101 *
102 * @param ssid1 A pointer to ssid to compare
103 * @param ssid2 A pointer to ssid to compare
104 *
105 * @return 0: ssid is same, otherwise is different
106 */
107int lbs_ssid_cmp(u8 *ssid1, u8 ssid1_len, u8 *ssid2, u8 ssid2_len)
108{
109 if (ssid1_len != ssid2_len)
110 return -1;
111
112 return memcmp(ssid1, ssid2, ssid1_len);
113}
114
10078321 115static inline int match_bss_no_security(struct lbs_802_11_security *secinfo,
fcdb53db
DW		 116 struct bss_descriptor * match_bss)
117{
118 if ( !secinfo->wep_enabled
119 && !secinfo->WPAenabled
120 && !secinfo->WPA2enabled
ab617971
DW		 121 && match_bss->wpa_ie[0] != MFIE_TYPE_GENERIC
122 && match_bss->rsn_ie[0] != MFIE_TYPE_RSN
0c9ca690 123 && !(match_bss->capability & WLAN_CAPABILITY_PRIVACY)) {
fcdb53db
DW		 124 return 1;
125 }
126 return 0;
127}
128
10078321 129static inline int match_bss_static_wep(struct lbs_802_11_security *secinfo,
fcdb53db
DW		 130 struct bss_descriptor * match_bss)
131{
132 if ( secinfo->wep_enabled
133 && !secinfo->WPAenabled
134 && !secinfo->WPA2enabled
0c9ca690 135 && (match_bss->capability & WLAN_CAPABILITY_PRIVACY)) {
fcdb53db
DW		 136 return 1;
137 }
138 return 0;
139}
140
10078321 141static inline int match_bss_wpa(struct lbs_802_11_security *secinfo,
fcdb53db
DW		 142 struct bss_descriptor * match_bss)
143{
144 if ( !secinfo->wep_enabled
145 && secinfo->WPAenabled
ab617971 146 && (match_bss->wpa_ie[0] == MFIE_TYPE_GENERIC)
fcdb53db 147 /* privacy bit may NOT be set in some APs like LinkSys WRT54G
0c9ca690
DW		 148 && (match_bss->capability & WLAN_CAPABILITY_PRIVACY)) {
149 */
fcdb53db
DW		 150 ) {
151 return 1;
152 }
153 return 0;
154}
155
10078321 156static inline int match_bss_wpa2(struct lbs_802_11_security *secinfo,
fcdb53db
DW		 157 struct bss_descriptor * match_bss)
158{
159 if ( !secinfo->wep_enabled
fcdb53db 160 && secinfo->WPA2enabled
ab617971 161 && (match_bss->rsn_ie[0] == MFIE_TYPE_RSN)
fcdb53db 162 /* privacy bit may NOT be set in some APs like LinkSys WRT54G
0c9ca690
DW		 163 && (match_bss->capability & WLAN_CAPABILITY_PRIVACY)) {
164 */
fcdb53db
DW		 165 ) {
166 return 1;
167 }
168 return 0;
169}
170
10078321 171static inline int match_bss_dynamic_wep(struct lbs_802_11_security *secinfo,
fcdb53db
DW		 172 struct bss_descriptor * match_bss)
173{
174 if ( !secinfo->wep_enabled
175 && !secinfo->WPAenabled
176 && !secinfo->WPA2enabled
ab617971
DW		 177 && (match_bss->wpa_ie[0] != MFIE_TYPE_GENERIC)
178 && (match_bss->rsn_ie[0] != MFIE_TYPE_RSN)
0c9ca690 179 && (match_bss->capability & WLAN_CAPABILITY_PRIVACY)) {
fcdb53db
DW		 180 return 1;
181 }
182 return 0;
183}
876c9d3a 184
ffd074fc
HS		 185static inline int is_same_network(struct bss_descriptor *src,
186 struct bss_descriptor *dst)
187{
188 /* A network is only a duplicate if the channel, BSSID, and ESSID
189 * all match. We treat all <hidden> with the same BSSID and channel
190 * as one network */
191 return ((src->ssid_len == dst->ssid_len) &&
192 (src->channel == dst->channel) &&
193 !compare_ether_addr(src->bssid, dst->bssid) &&
194 !memcmp(src->ssid, dst->ssid, src->ssid_len));
195}
196
876c9d3a
MT		 197/**
198 * @brief Check if a scanned network compatible with the driver settings
199 *
200 * WEP WPA WPA2 ad-hoc encrypt Network
201 * enabled enabled enabled AES mode privacy WPA WPA2 Compatible
202 * 0 0 0 0 NONE 0 0 0 yes No security
203 * 1 0 0 0 NONE 1 0 0 yes Static WEP
204 * 0 1 0 0 x 1x 1 x yes WPA
205 * 0 0 1 0 x 1x x 1 yes WPA2
206 * 0 0 0 1 NONE 1 0 0 yes Ad-hoc AES
207 * 0 0 0 0 !=NONE 1 0 0 yes Dynamic WEP
208 *
209 *
aa21c004 210 * @param priv A pointer to struct lbs_private
876c9d3a
MT		 211 * @param index Index in scantable to check against current driver settings
212 * @param mode Network mode: Infrastructure or IBSS
213 *
214 * @return Index in scantable, or error code if negative
215 */
aa21c004 216static int is_network_compatible(struct lbs_private *priv,
fcdb53db 217 struct bss_descriptor * bss, u8 mode)
876c9d3a 218{
fcdb53db
DW		 219 int matched = 0;
220
e56188ac 221 lbs_deb_enter(LBS_DEB_SCAN);
876c9d3a 222
fcdb53db
DW		 223 if (bss->mode != mode)
224 goto done;
876c9d3a 225
aa21c004 226 if ((matched = match_bss_no_security(&priv->secinfo, bss))) {
fcdb53db 227 goto done;
aa21c004 228 } else if ((matched = match_bss_static_wep(&priv->secinfo, bss))) {
fcdb53db 229 goto done;
aa21c004 230 } else if ((matched = match_bss_wpa(&priv->secinfo, bss))) {
fcdb53db 231 lbs_deb_scan(
ffd074fc
HS		 232 "is_network_compatible() WPA: wpa_ie 0x%x "
233 "wpa2_ie 0x%x WEP %s WPA %s WPA2 %s "
234 "privacy 0x%x\n", bss->wpa_ie[0], bss->rsn_ie[0],
aa21c004
DW		 235 priv->secinfo.wep_enabled ? "e" : "d",
236 priv->secinfo.WPAenabled ? "e" : "d",
237 priv->secinfo.WPA2enabled ? "e" : "d",
0c9ca690 238 (bss->capability & WLAN_CAPABILITY_PRIVACY));
fcdb53db 239 goto done;
aa21c004 240 } else if ((matched = match_bss_wpa2(&priv->secinfo, bss))) {
fcdb53db 241 lbs_deb_scan(
ffd074fc
HS		 242 "is_network_compatible() WPA2: wpa_ie 0x%x "
243 "wpa2_ie 0x%x WEP %s WPA %s WPA2 %s "
244 "privacy 0x%x\n", bss->wpa_ie[0], bss->rsn_ie[0],
aa21c004
DW		 245 priv->secinfo.wep_enabled ? "e" : "d",
246 priv->secinfo.WPAenabled ? "e" : "d",
247 priv->secinfo.WPA2enabled ? "e" : "d",
0c9ca690 248 (bss->capability & WLAN_CAPABILITY_PRIVACY));
fcdb53db 249 goto done;
aa21c004 250 } else if ((matched = match_bss_dynamic_wep(&priv->secinfo, bss))) {
fcdb53db
DW		 251 lbs_deb_scan(
252 "is_network_compatible() dynamic WEP: "
ffd074fc 253 "wpa_ie 0x%x wpa2_ie 0x%x privacy 0x%x\n",
0c9ca690
DW		 254 bss->wpa_ie[0], bss->rsn_ie[0],
255 (bss->capability & WLAN_CAPABILITY_PRIVACY));
9012b28a 256 goto done;
876c9d3a
MT		 257 }
258
fcdb53db
DW		 259 /* bss security settings don't match those configured on card */
260 lbs_deb_scan(
ffd074fc
HS		 261 "is_network_compatible() FAILED: wpa_ie 0x%x "
262 "wpa2_ie 0x%x WEP %s WPA %s WPA2 %s privacy 0x%x\n",
fcdb53db 263 bss->wpa_ie[0], bss->rsn_ie[0],
aa21c004
DW		 264 priv->secinfo.wep_enabled ? "e" : "d",
265 priv->secinfo.WPAenabled ? "e" : "d",
266 priv->secinfo.WPA2enabled ? "e" : "d",
0c9ca690 267 (bss->capability & WLAN_CAPABILITY_PRIVACY));
9012b28a
HS		 268
269done:
e56188ac 270 lbs_deb_leave_args(LBS_DEB_SCAN, "matched: %d", matched);
fcdb53db 271 return matched;
876c9d3a
MT		 272}
273
e56188ac
HS		 274
275
276
277/*********************************************************************/
278/* */
279/* Main scanning support */
280/* */
281/*********************************************************************/
282
ffd074fc
HS		 283void lbs_scan_worker(struct work_struct *work)
284{
285 struct lbs_private *priv =
286 container_of(work, struct lbs_private, scan_work.work);
287
288 lbs_deb_enter(LBS_DEB_SCAN);
289 lbs_scan_networks(priv, NULL, 0);
290 lbs_deb_leave(LBS_DEB_SCAN);
291}
292
e56188ac 293
876c9d3a
MT		 294/**
295 * @brief Create a channel list for the driver to scan based on region info
296 *
10078321 297 * Only used from lbs_scan_setup_scan_config()
e56188ac 298 *
876c9d3a
MT		 299 * Use the driver region/band information to construct a comprehensive list
300 * of channels to scan. This routine is used for any scan that is not
301 * provided a specific channel list to scan.
302 *
69f9032d 303 * @param priv A pointer to struct lbs_private structure
876c9d3a
MT		 304 * @param scanchanlist Output parameter: resulting channel list to scan
305 * @param filteredscan Flag indicating whether or not a BSSID or SSID filter
306 * is being sent in the command to firmware. Used to
307 * increase the number of channels sent in a scan
308 * command and to disable the firmware channel scan
309 * filter.
310 *
311 * @return void
312 */
ffd074fc 313static int lbs_scan_create_channel_list(struct lbs_private *priv,
876c9d3a
MT		 314 struct chanscanparamset * scanchanlist,
315 u8 filteredscan)
316{
317
876c9d3a
MT		 318 struct region_channel *scanregion;
319 struct chan_freq_power *cfp;
320 int rgnidx;
321 int chanidx;
322 int nextchan;
323 u8 scantype;
324
325 chanidx = 0;
326
327 /* Set the default scan type to the user specified type, will later
328 * be changed to passive on a per channel basis if restricted by
329 * regulatory requirements (11d or 11h)
330 */
4f2fdaaf 331 scantype = CMD_SCAN_TYPE_ACTIVE;
876c9d3a 332
aa21c004
DW		 333 for (rgnidx = 0; rgnidx < ARRAY_SIZE(priv->region_channel); rgnidx++) {
334 if (priv->enable11d &&
335 (priv->connect_status != LBS_CONNECTED) &&
336 (priv->mesh_connect_status != LBS_CONNECTED)) {
876c9d3a 337 /* Scan all the supported chan for the first scan */
aa21c004 338 if (!priv->universal_channel[rgnidx].valid)
876c9d3a 339 continue;
aa21c004 340 scanregion = &priv->universal_channel[rgnidx];
876c9d3a
MT		 341
342 /* clear the parsed_region_chan for the first scan */
aa21c004
DW		 343 memset(&priv->parsed_region_chan, 0x00,
344 sizeof(priv->parsed_region_chan));
876c9d3a 345 } else {
aa21c004 346 if (!priv->region_channel[rgnidx].valid)
876c9d3a 347 continue;
aa21c004 348 scanregion = &priv->region_channel[rgnidx];
876c9d3a
MT		 349 }
350
351 for (nextchan = 0;
352 nextchan < scanregion->nrcfp; nextchan++, chanidx++) {
353
354 cfp = scanregion->CFP + nextchan;
355
aa21c004 356 if (priv->enable11d) {
876c9d3a 357 scantype =
10078321 358 lbs_get_scan_type_11d(cfp->channel,
aa21c004 359 &priv->
876c9d3a
MT		 360 parsed_region_chan);
361 }
362
363 switch (scanregion->band) {
364 case BAND_B:
365 case BAND_G:
366 default:
367 scanchanlist[chanidx].radiotype =
0aef64d7 368 CMD_SCAN_RADIO_TYPE_BG;
876c9d3a
MT		 369 break;
370 }
371
0aef64d7 372 if (scantype == CMD_SCAN_TYPE_PASSIVE) {
876c9d3a 373 scanchanlist[chanidx].maxscantime =
981f187b 374 cpu_to_le16(MRVDRV_PASSIVE_SCAN_CHAN_TIME);
876c9d3a
MT		 375 scanchanlist[chanidx].chanscanmode.passivescan =
376 1;
377 } else {
378 scanchanlist[chanidx].maxscantime =
981f187b 379 cpu_to_le16(MRVDRV_ACTIVE_SCAN_CHAN_TIME);
876c9d3a
MT		 380 scanchanlist[chanidx].chanscanmode.passivescan =
381 0;
382 }
383
384 scanchanlist[chanidx].channumber = cfp->channel;
385
386 if (filteredscan) {
387 scanchanlist[chanidx].chanscanmode.
388 disablechanfilt = 1;
389 }
390 }
391 }
ffd074fc 392 return chanidx;
876c9d3a
MT		 393}
394
2afc0c5d 395
ffd074fc
HS		 396/*
397 * Add SSID TLV of the form:
398 *
399 * TLV-ID SSID 00 00
400 * length 06 00
401 * ssid 4d 4e 54 45 53 54
402 */
403static int lbs_scan_add_ssid_tlv(u8 *tlv,
404 const struct lbs_ioctl_user_scan_cfg *user_cfg)
2afc0c5d 405{
ffd074fc
HS		 406 struct mrvlietypes_ssidparamset *ssid_tlv =
407 (struct mrvlietypes_ssidparamset *)tlv;
408 ssid_tlv->header.type = cpu_to_le16(TLV_TYPE_SSID);
409 ssid_tlv->header.len = cpu_to_le16(user_cfg->ssid_len);
410 memcpy(ssid_tlv->ssid, user_cfg->ssid, user_cfg->ssid_len);
411 return sizeof(ssid_tlv->header) + user_cfg->ssid_len;
2afc0c5d
DW		 412}
413
414
ffd074fc
HS		 415/*
416 * Add CHANLIST TLV of the form
876c9d3a 417 *
ffd074fc
HS		 418 * TLV-ID CHANLIST 01 01
419 * length 5b 00
420 * channel 1 00 01 00 00 00 64 00
421 * radio type 00
422 * channel 01
423 * scan type 00
424 * min scan time 00 00
425 * max scan time 64 00
426 * channel 2 00 02 00 00 00 64 00
427 * channel 3 00 03 00 00 00 64 00
428 * channel 4 00 04 00 00 00 64 00
429 * channel 5 00 05 00 00 00 64 00
430 * channel 6 00 06 00 00 00 64 00
431 * channel 7 00 07 00 00 00 64 00
432 * channel 8 00 08 00 00 00 64 00
433 * channel 9 00 09 00 00 00 64 00
434 * channel 10 00 0a 00 00 00 64 00
435 * channel 11 00 0b 00 00 00 64 00
436 * channel 12 00 0c 00 00 00 64 00
437 * channel 13 00 0d 00 00 00 64 00
876c9d3a 438 *
876c9d3a 439 */
ffd074fc
HS		 440static int lbs_scan_add_chanlist_tlv(u8 *tlv,
441 struct chanscanparamset *chan_list,
442 int chan_count)
876c9d3a 443{
ffd074fc
HS		 444 size_t size = sizeof(struct chanscanparamset) * chan_count;
445 struct mrvlietypes_chanlistparamset *chan_tlv =
446 (struct mrvlietypes_chanlistparamset *) tlv;
447
448 chan_tlv->header.type = cpu_to_le16(TLV_TYPE_CHANLIST);
449 memcpy(chan_tlv->chanscanparam, chan_list, size);
450 chan_tlv->header.len = cpu_to_le16(size);
451 return sizeof(chan_tlv->header) + size;
876c9d3a
MT		 452}
453
ffd074fc
HS		 454
455/*
456 * Add RATES TLV of the form
876c9d3a 457 *
ffd074fc
HS		 458 * TLV-ID RATES 01 00
459 * length 0e 00
460 * rates 82 84 8b 96 0c 12 18 24 30 48 60 6c
876c9d3a 461 *
ffd074fc
HS		 462 * The rates are in lbs_bg_rates[], but for the 802.11b
463 * rates the high bit isn't set.
876c9d3a 464 */
ffd074fc 465static int lbs_scan_add_rates_tlv(u8 *tlv)
876c9d3a 466{
ffd074fc
HS		 467 int i;
468 struct mrvlietypes_ratesparamset *rate_tlv =
469 (struct mrvlietypes_ratesparamset *) tlv;
470
471 rate_tlv->header.type = cpu_to_le16(TLV_TYPE_RATES);
472 tlv += sizeof(rate_tlv->header);
473 for (i = 0; i < MAX_RATES; i++) {
474 *tlv = lbs_bg_rates[i];
475 if (*tlv == 0)
476 break;
477 /* This code makes sure that the 802.11b rates (1 MBit/s, 2
478 MBit/s, 5.5 MBit/s and 11 MBit/s get's the high bit set.
479 Note that the values are MBit/s * 2, to mark them as
480 basic rates so that the firmware likes it better */
481 if (*tlv == 0x02 || *tlv == 0x04 ||
482 *tlv == 0x0b || *tlv == 0x16)
483 *tlv |= 0x80;
484 tlv++;
2afc0c5d 485 }
ffd074fc
HS		 486 rate_tlv->header.len = cpu_to_le16(i);
487 return sizeof(rate_tlv->header) + i;
876c9d3a
MT		 488}
489
ffd074fc 490
e56188ac 491/*
ffd074fc
HS		 492 * Generate the CMD_802_11_SCAN command with the proper tlv
493 * for a bunch of channels.
494 */
495static int lbs_do_scan(struct lbs_private *priv,
496 u8 bsstype,
497 struct chanscanparamset *chan_list,
498 int chan_count,
499 const struct lbs_ioctl_user_scan_cfg *user_cfg)
eb8f7330 500{
ffd074fc
HS		 501 int ret = -ENOMEM;
502 struct lbs_scan_cmd_config *scan_cmd;
503 u8 *tlv; /* pointer into our current, growing TLV storage area */
eb8f7330 504
ffd074fc
HS		 505 lbs_deb_enter_args(LBS_DEB_SCAN, "bsstype %d, chanlist[].chan %d, "
506 "chan_count %d",
507 bsstype, chan_list[0].channumber, chan_count);
e56188ac 508
ffd074fc
HS		 509 /* create the fixed part for scan command */
510 scan_cmd = kzalloc(MAX_SCAN_CFG_ALLOC, GFP_KERNEL);
511 if (scan_cmd == NULL)
e56188ac 512 goto out;
ffd074fc
HS		 513 tlv = scan_cmd->tlvbuffer;
514 if (user_cfg)
515 memcpy(scan_cmd->bssid, user_cfg->bssid, ETH_ALEN);
516 scan_cmd->bsstype = bsstype;
517
518 /* add TLVs */
519 if (user_cfg && user_cfg->ssid_len)
520 tlv += lbs_scan_add_ssid_tlv(tlv, user_cfg);
521 if (chan_list && chan_count)
522 tlv += lbs_scan_add_chanlist_tlv(tlv, chan_list, chan_count);
523 tlv += lbs_scan_add_rates_tlv(tlv);
524
525 /* This is the final data we are about to send */
526 scan_cmd->tlvbufferlen = tlv - scan_cmd->tlvbuffer;
527 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_CMD", (void *)scan_cmd, 1+6);
528 lbs_deb_hex(LBS_DEB_SCAN, "SCAN_TLV", scan_cmd->tlvbuffer,
529 scan_cmd->tlvbufferlen);
530
531 ret = lbs_prepare_and_send_command(priv, CMD_802_11_SCAN, 0,
532 CMD_OPTION_WAITFORRSP, 0, scan_cmd);
e56188ac 533out:
ffd074fc
HS		 534 kfree(scan_cmd);
535 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret);
536 return ret;
eb8f7330
DW		 537}
538
539
876c9d3a
MT		 540/**
541 * @brief Internal function used to start a scan based on an input config
542 *
e56188ac
HS		 543 * Also used from debugfs
544 *
876c9d3a
MT		 545 * Use the input user scan configuration information when provided in
546 * order to send the appropriate scan commands to firmware to populate or
547 * update the internal driver scan table
548 *
69f9032d 549 * @param priv A pointer to struct lbs_private structure
876c9d3a
MT		 550 * @param puserscanin Pointer to the input configuration for the requested
551 * scan.
552 *
553 * @return 0 or < 0 if error
554 */
69f9032d 555int lbs_scan_networks(struct lbs_private *priv,
ffd074fc 556 const struct lbs_ioctl_user_scan_cfg *user_cfg,
2afc0c5d 557 int full_scan)
876c9d3a 558{
ffd074fc
HS		 559 int ret = -ENOMEM;
560 struct chanscanparamset *chan_list;
561 struct chanscanparamset *curr_chans;
562 int chan_count;
563 u8 bsstype = CMD_BSS_TYPE_ANY;
564 int numchannels = MRVDRV_CHANNELS_PER_SCAN_CMD;
565 int filteredscan = 0;
566 union iwreq_data wrqu;
f8f55108 567#ifdef CONFIG_LIBERTAS_DEBUG
ffd074fc 568 struct bss_descriptor *iter;
f8f55108 569 int i = 0;
0795af57 570 DECLARE_MAC_BUF(mac);
f8f55108 571#endif
876c9d3a 572
ffd074fc
HS		 573 lbs_deb_enter_args(LBS_DEB_SCAN, "full_scan %d",
574 full_scan);
2afc0c5d
DW		 575
576 /* Cancel any partial outstanding partial scans if this scan
577 * is a full scan.
578 */
579 if (full_scan && delayed_work_pending(&priv->scan_work))
580 cancel_delayed_work(&priv->scan_work);
876c9d3a 581
ffd074fc
HS		 582 /* Determine same scan parameters */
583 if (user_cfg) {
584 if (user_cfg->bsstype)
585 bsstype = user_cfg->bsstype;
586 if (compare_ether_addr(user_cfg->bssid, &zeromac[0]) != 0) {
587 numchannels = MRVDRV_MAX_CHANNELS_PER_SCAN;
588 filteredscan = 1;
589 }
876c9d3a 590 }
ffd074fc
HS		 591 lbs_deb_scan("numchannels %d, bsstype %d, "
592 "filteredscan %d\n",
593 numchannels, bsstype, filteredscan);
876c9d3a 594
ffd074fc
HS		 595 /* Create list of channels to scan */
596 chan_list = kzalloc(sizeof(struct chanscanparamset) *
597 LBS_IOCTL_USER_SCAN_CHAN_MAX, GFP_KERNEL);
598 if (!chan_list) {
599 lbs_pr_alert("SCAN: chan_list empty\n");
876c9d3a
MT		 600 goto out;
601 }
602
ffd074fc
HS		 603 /* We want to scan all channels */
604 chan_count = lbs_scan_create_channel_list(priv, chan_list,
605 filteredscan);
876c9d3a 606
ffd074fc
HS		 607 netif_stop_queue(priv->dev);
608 netif_carrier_off(priv->dev);
609 if (priv->mesh_dev) {
a27b9f96
DW		 610 netif_stop_queue(priv->mesh_dev);
611 netif_carrier_off(priv->mesh_dev);
876c9d3a
MT		 612 }
613
ffd074fc 614 /* Prepare to continue an interrupted scan */
8816edce
HS		 615 lbs_deb_scan("chan_count %d, scan_channel %d\n",
616 chan_count, priv->scan_channel);
ffd074fc
HS		 617 curr_chans = chan_list;
618 /* advance channel list by already-scanned-channels */
8816edce
HS		 619 if (priv->scan_channel > 0) {
620 curr_chans += priv->scan_channel;
621 chan_count -= priv->scan_channel;
ffd074fc
HS		 622 }
623
624 /* Send scan command(s)
625 * numchannels contains the number of channels we should maximally scan
626 * chan_count is the total number of channels to scan
627 */
628
629 while (chan_count) {
630 int to_scan = min(numchannels, chan_count);
631 lbs_deb_scan("scanning %d of %d channels\n",
632 to_scan, chan_count);
633 ret = lbs_do_scan(priv, bsstype, curr_chans,
634 to_scan, user_cfg);
635 if (ret) {
636 lbs_pr_err("SCAN_CMD failed\n");
637 goto out2;
638 }
639 curr_chans += to_scan;
640 chan_count -= to_scan;
641
642 /* somehow schedule the next part of the scan */
643 if (chan_count &&
644 !full_scan &&
aa21c004 645 !priv->surpriseremoved) {
ffd074fc 646 /* -1 marks just that we're currently scanning */
8816edce
HS		 647 if (priv->scan_channel < 0)
648 priv->scan_channel = to_scan;
ffd074fc 649 else
8816edce 650 priv->scan_channel += to_scan;
ffd074fc
HS		 651 cancel_delayed_work(&priv->scan_work);
652 queue_delayed_work(priv->work_thread, &priv->scan_work,
653 msecs_to_jiffies(300));
654 /* skip over GIWSCAN event */
655 goto out;
656 }
657
658 }
659 memset(&wrqu, 0, sizeof(union iwreq_data));
660 wireless_send_event(priv->dev, SIOCGIWSCAN, &wrqu, NULL);
876c9d3a 661
f8f55108
DW		 662#ifdef CONFIG_LIBERTAS_DEBUG
663 /* Dump the scan table */
aa21c004 664 mutex_lock(&priv->lock);
ffd074fc 665 lbs_deb_scan("scan table:\n");
aa21c004 666 list_for_each_entry(iter, &priv->network_list, list)
ffd074fc
HS		 667 lbs_deb_scan("%02d: BSSID %s, RSSI %d, SSID '%s'\n",
668 i++, print_mac(mac, iter->bssid), (s32) iter->rssi,
669 escape_essid(iter->ssid, iter->ssid_len));
aa21c004 670 mutex_unlock(&priv->lock);
f8f55108 671#endif
876c9d3a 672
ffd074fc 673out2:
8816edce 674 priv->scan_channel = 0;
ffd074fc
HS		 675
676out:
aa21c004 677 if (priv->connect_status == LBS_CONNECTED) {
634b8f49 678 netif_carrier_on(priv->dev);
a27b9f96
DW		 679 if (!priv->tx_pending_len)
680 netif_wake_queue(priv->dev);
01d77d8d 681 }
aa21c004 682 if (priv->mesh_dev && (priv->mesh_connect_status == LBS_CONNECTED)) {
01d77d8d 683 netif_carrier_on(priv->mesh_dev);
a27b9f96
DW		 684 if (!priv->tx_pending_len)
685 netif_wake_queue(priv->mesh_dev);
876c9d3a 686 }
ffd074fc 687 kfree(chan_list);
876c9d3a 688
9012b28a 689 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret);
876c9d3a
MT		 690 return ret;
691}
692
ffd074fc
HS		 693
694
695
696/*********************************************************************/
697/* */
698/* Result interpretation */
699/* */
700/*********************************************************************/
701
876c9d3a
MT		 702/**
703 * @brief Interpret a BSS scan response returned from the firmware
704 *
705 * Parse the various fixed fields and IEs passed back for a a BSS probe
ffd074fc
HS		 706 * response or beacon from the scan command. Record information as needed
707 * in the scan table struct bss_descriptor for that entry.
876c9d3a 708 *
fcdb53db 709 * @param bss Output parameter: Pointer to the BSS Entry
876c9d3a
MT		 710 *
711 * @return 0 or -1
712 */
10078321 713static int lbs_process_bss(struct bss_descriptor *bss,
fcdb53db 714 u8 ** pbeaconinfo, int *bytesleft)
876c9d3a 715{
876c9d3a
MT		 716 struct ieeetypes_fhparamset *pFH;
717 struct ieeetypes_dsparamset *pDS;
718 struct ieeetypes_cfparamset *pCF;
719 struct ieeetypes_ibssparamset *pibss;
0795af57 720 DECLARE_MAC_BUF(mac);
876c9d3a 721 struct ieeetypes_countryinfoset *pcountryinfo;
8c512765
DW		 722 u8 *pos, *end, *p;
723 u8 n_ex_rates = 0, got_basic_rates = 0, n_basic_rates = 0;
724 u16 beaconsize = 0;
725 int ret;
876c9d3a 726
e56188ac 727 lbs_deb_enter(LBS_DEB_SCAN);
876c9d3a 728
876c9d3a
MT		 729 if (*bytesleft >= sizeof(beaconsize)) {
730 /* Extract & convert beacon size from the command buffer */
e7240aca 731 beaconsize = le16_to_cpu(get_unaligned((__le16 *)*pbeaconinfo));
876c9d3a
MT		 732 *bytesleft -= sizeof(beaconsize);
733 *pbeaconinfo += sizeof(beaconsize);
734 }
735
736 if (beaconsize == 0 || beaconsize > *bytesleft) {
876c9d3a
MT		 737 *pbeaconinfo += *bytesleft;
738 *bytesleft = 0;
e56188ac
HS		 739 ret = -1;
740 goto done;
876c9d3a
MT		 741 }
742
743 /* Initialize the current working beacon pointer for this BSS iteration */
ab617971
DW		 744 pos = *pbeaconinfo;
745 end = pos + beaconsize;
876c9d3a
MT		 746
747 /* Advance the return beacon pointer past the current beacon */
748 *pbeaconinfo += beaconsize;
749 *bytesleft -= beaconsize;
750
ab617971 751 memcpy(bss->bssid, pos, ETH_ALEN);
ffd074fc 752 lbs_deb_scan("process_bss: BSSID %s\n", print_mac(mac, bss->bssid));
ab617971 753 pos += ETH_ALEN;
876c9d3a 754
ab617971 755 if ((end - pos) < 12) {
fcdb53db 756 lbs_deb_scan("process_bss: Not enough bytes left\n");
e56188ac
HS		 757 ret = -1;
758 goto done;
876c9d3a
MT		 759 }
760
761 /*
762 * next 4 fields are RSSI, time stamp, beacon interval,
763 * and capability information
764 */
765
766 /* RSSI is 1 byte long */
ab617971 767 bss->rssi = *pos;
ffd074fc 768 lbs_deb_scan("process_bss: RSSI %d\n", *pos);
ab617971 769 pos++;
876c9d3a
MT		 770
771 /* time stamp is 8 bytes long */
ab617971 772 pos += 8;
876c9d3a
MT		 773
774 /* beacon interval is 2 bytes long */
ab617971
DW		 775 bss->beaconperiod = le16_to_cpup((void *) pos);
776 pos += 2;
876c9d3a
MT		 777
778 /* capability information is 2 bytes long */
ab617971 779 bss->capability = le16_to_cpup((void *) pos);
ffd074fc 780 lbs_deb_scan("process_bss: capabilities 0x%04x\n", bss->capability);
ab617971 781 pos += 2;
876c9d3a 782
0c9ca690 783 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
ffd074fc 784 lbs_deb_scan("process_bss: WEP enabled\n");
0c9ca690
DW		 785 if (bss->capability & WLAN_CAPABILITY_IBSS)
786 bss->mode = IW_MODE_ADHOC;
787 else
788 bss->mode = IW_MODE_INFRA;
789
876c9d3a 790 /* rest of the current buffer are IE's */
ffd074fc 791 lbs_deb_scan("process_bss: IE len %zd\n", end - pos);
ece56191 792 lbs_deb_hex(LBS_DEB_SCAN, "process_bss: IE info", pos, end - pos);
876c9d3a 793
876c9d3a 794 /* process variable IE */
ab617971
DW		 795 while (pos <= end - 2) {
796 struct ieee80211_info_element * elem =
797 (struct ieee80211_info_element *) pos;
876c9d3a 798
ab617971 799 if (pos + elem->len > end) {
fcdb53db 800 lbs_deb_scan("process_bss: error in processing IE, "
876c9d3a 801 "bytes left < IE length\n");
ab617971 802 break;
876c9d3a
MT		 803 }
804
ab617971
DW		 805 switch (elem->id) {
806 case MFIE_TYPE_SSID:
807 bss->ssid_len = elem->len;
808 memcpy(bss->ssid, elem->data, elem->len);
ffd074fc 809 lbs_deb_scan("got SSID IE: '%s', len %u\n",
d8efea25
DW		 810 escape_essid(bss->ssid, bss->ssid_len),
811 bss->ssid_len);
876c9d3a
MT		 812 break;
813
ab617971 814 case MFIE_TYPE_RATES:
8c512765
DW		 815 n_basic_rates = min_t(u8, MAX_RATES, elem->len);
816 memcpy(bss->rates, elem->data, n_basic_rates);
817 got_basic_rates = 1;
ffd074fc 818 lbs_deb_scan("got RATES IE\n");
876c9d3a
MT		 819 break;
820
ab617971
DW		 821 case MFIE_TYPE_FH_SET:
822 pFH = (struct ieeetypes_fhparamset *) pos;
fcdb53db 823 memmove(&bss->phyparamset.fhparamset, pFH,
876c9d3a 824 sizeof(struct ieeetypes_fhparamset));
ffd074fc 825 lbs_deb_scan("got FH IE\n");
876c9d3a
MT		 826 break;
827
ab617971
DW		 828 case MFIE_TYPE_DS_SET:
829 pDS = (struct ieeetypes_dsparamset *) pos;
fcdb53db
DW		 830 bss->channel = pDS->currentchan;
831 memcpy(&bss->phyparamset.dsparamset, pDS,
876c9d3a 832 sizeof(struct ieeetypes_dsparamset));
ffd074fc 833 lbs_deb_scan("got DS IE, channel %d\n", bss->channel);
876c9d3a
MT		 834 break;
835
ab617971
DW		 836 case MFIE_TYPE_CF_SET:
837 pCF = (struct ieeetypes_cfparamset *) pos;
fcdb53db 838 memcpy(&bss->ssparamset.cfparamset, pCF,
876c9d3a 839 sizeof(struct ieeetypes_cfparamset));
ffd074fc 840 lbs_deb_scan("got CF IE\n");
876c9d3a
MT		 841 break;
842
ab617971
DW		 843 case MFIE_TYPE_IBSS_SET:
844 pibss = (struct ieeetypes_ibssparamset *) pos;
e7240aca 845 bss->atimwindow = le16_to_cpu(pibss->atimwindow);
fcdb53db 846 memmove(&bss->ssparamset.ibssparamset, pibss,
876c9d3a 847 sizeof(struct ieeetypes_ibssparamset));
ffd074fc 848 lbs_deb_scan("got IBSS IE\n");
876c9d3a
MT		 849 break;
850
ab617971
DW		 851 case MFIE_TYPE_COUNTRY:
852 pcountryinfo = (struct ieeetypes_countryinfoset *) pos;
ffd074fc 853 lbs_deb_scan("got COUNTRY IE\n");
fcdb53db 854 if (pcountryinfo->len < sizeof(pcountryinfo->countrycode)
876c9d3a 855 || pcountryinfo->len > 254) {
fcdb53db 856 lbs_deb_scan("process_bss: 11D- Err "
ffd074fc 857 "CountryInfo len %d, min %zd, max 254\n",
876c9d3a
MT		 858 pcountryinfo->len,
859 sizeof(pcountryinfo->countrycode));
9012b28a
HS		 860 ret = -1;
861 goto done;
876c9d3a
MT		 862 }
863
fcdb53db 864 memcpy(&bss->countryinfo,
876c9d3a 865 pcountryinfo, pcountryinfo->len + 2);
ece56191 866 lbs_deb_hex(LBS_DEB_SCAN, "process_bss: 11d countryinfo",
876c9d3a
MT		 867 (u8 *) pcountryinfo,
868 (u32) (pcountryinfo->len + 2));
869 break;
870
ab617971
DW		 871 case MFIE_TYPE_RATES_EX:
872 /* only process extended supported rate if data rate is
873 * already found. Data rate IE should come before
876c9d3a
MT		 874 * extended supported rate IE
875 */
ffd074fc
HS		 876 lbs_deb_scan("got RATESEX IE\n");
877 if (!got_basic_rates) {
878 lbs_deb_scan("... but ignoring it\n");
ab617971 879 break;
ffd074fc 880 }
876c9d3a 881
8c512765
DW		 882 n_ex_rates = elem->len;
883 if (n_basic_rates + n_ex_rates > MAX_RATES)
884 n_ex_rates = MAX_RATES - n_basic_rates;
876c9d3a 885
8c512765
DW		 886 p = bss->rates + n_basic_rates;
887 memcpy(p, elem->data, n_ex_rates);
876c9d3a 888 break;
ab617971
DW		 889
890 case MFIE_TYPE_GENERIC:
891 if (elem->len >= 4 &&
892 elem->data[0] == 0x00 &&
893 elem->data[1] == 0x50 &&
894 elem->data[2] == 0xf2 &&
895 elem->data[3] == 0x01) {
896 bss->wpa_ie_len = min(elem->len + 2,
897 MAX_WPA_IE_LEN);
898 memcpy(bss->wpa_ie, elem, bss->wpa_ie_len);
ffd074fc
HS		 899 lbs_deb_scan("got WPA IE\n");
900 lbs_deb_hex(LBS_DEB_SCAN, "WPA IE", bss->wpa_ie,
ab617971 901 elem->len);
1e838bf3
LCC		 902 } else if (elem->len >= MARVELL_MESH_IE_LENGTH &&
903 elem->data[0] == 0x00 &&
904 elem->data[1] == 0x50 &&
905 elem->data[2] == 0x43 &&
906 elem->data[3] == 0x04) {
ffd074fc 907 lbs_deb_scan("got mesh IE\n");
1e838bf3 908 bss->mesh = 1;
ffd074fc
HS		 909 } else {
910 lbs_deb_scan("got generiec IE: "
911 "%02x:%02x:%02x:%02x, len %d\n",
912 elem->data[0], elem->data[1],
913 elem->data[2], elem->data[3],
914 elem->len);
ab617971 915 }
876c9d3a 916 break;
ab617971
DW		 917
918 case MFIE_TYPE_RSN:
ffd074fc 919 lbs_deb_scan("got RSN IE\n");
ab617971
DW		 920 bss->rsn_ie_len = min(elem->len + 2, MAX_WPA_IE_LEN);
921 memcpy(bss->rsn_ie, elem, bss->rsn_ie_len);
ffd074fc
HS		 922 lbs_deb_hex(LBS_DEB_SCAN, "process_bss: RSN_IE",
923 bss->rsn_ie, elem->len);
876c9d3a
MT		 924 break;
925
ab617971 926 default:
ffd074fc
HS		 927 lbs_deb_scan("got IE 0x%04x, len %d\n",
928 elem->id, elem->len);
876c9d3a
MT		 929 break;
930 }
931
ab617971
DW		 932 pos += elem->len + 2;
933 }
fcdb53db
DW		 934
935 /* Timestamp */
936 bss->last_scanned = jiffies;
10078321 937 lbs_unset_basic_rate_flags(bss->rates, sizeof(bss->rates));
fcdb53db 938
9012b28a 939 ret = 0;
876c9d3a 940
9012b28a
HS		 941done:
942 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret);
943 return ret;
876c9d3a
MT		 944}
945
876c9d3a
MT		 946/**
947 * @brief This function finds a specific compatible BSSID in the scan list
948 *
e56188ac
HS		 949 * Used in association code
950 *
aa21c004 951 * @param priv A pointer to struct lbs_private
876c9d3a
MT		 952 * @param bssid BSSID to find in the scan list
953 * @param mode Network mode: Infrastructure or IBSS
954 *
955 * @return index in BSSID list, or error return code (< 0)
956 */
aa21c004 957struct bss_descriptor *lbs_find_bssid_in_list(struct lbs_private *priv,
fcdb53db 958 u8 * bssid, u8 mode)
876c9d3a 959{
fcdb53db
DW		 960 struct bss_descriptor * iter_bss;
961 struct bss_descriptor * found_bss = NULL;
876c9d3a 962
e56188ac
HS		 963 lbs_deb_enter(LBS_DEB_SCAN);
964
876c9d3a 965 if (!bssid)
e56188ac 966 goto out;
876c9d3a 967
ece56191 968 lbs_deb_hex(LBS_DEB_SCAN, "looking for",
fcdb53db 969 bssid, ETH_ALEN);
876c9d3a 970
fcdb53db
DW		 971 /* Look through the scan table for a compatible match. The loop will
972 * continue past a matched bssid that is not compatible in case there
973 * is an AP with multiple SSIDs assigned to the same BSSID
876c9d3a 974 */
aa21c004
DW		 975 mutex_lock(&priv->lock);
976 list_for_each_entry (iter_bss, &priv->network_list, list) {
3cf20931 977 if (compare_ether_addr(iter_bss->bssid, bssid))
fcdb53db
DW		 978 continue; /* bssid doesn't match */
979 switch (mode) {
980 case IW_MODE_INFRA:
981 case IW_MODE_ADHOC:
aa21c004 982 if (!is_network_compatible(priv, iter_bss, mode))
876c9d3a 983 break;
fcdb53db
DW		 984 found_bss = iter_bss;
985 break;
986 default:
987 found_bss = iter_bss;
988 break;
876c9d3a
MT		 989 }
990 }
aa21c004 991 mutex_unlock(&priv->lock);
876c9d3a 992
e56188ac
HS		 993out:
994 lbs_deb_leave_args(LBS_DEB_SCAN, "found_bss %p", found_bss);
fcdb53db 995 return found_bss;
876c9d3a
MT		 996}
997
998/**
999 * @brief This function finds ssid in ssid list.
1000 *
e56188ac
HS		 1001 * Used in association code
1002 *
aa21c004 1003 * @param priv A pointer to struct lbs_private
876c9d3a
MT		 1004 * @param ssid SSID to find in the list
1005 * @param bssid BSSID to qualify the SSID selection (if provided)
1006 * @param mode Network mode: Infrastructure or IBSS
1007 *
1008 * @return index in BSSID list
1009 */
aa21c004 1010struct bss_descriptor *lbs_find_ssid_in_list(struct lbs_private *priv,
d8efea25 1011 u8 *ssid, u8 ssid_len, u8 * bssid, u8 mode,
aeea0ab4 1012 int channel)
876c9d3a 1013{
876c9d3a 1014 u8 bestrssi = 0;
fcdb53db
DW		 1015 struct bss_descriptor * iter_bss = NULL;
1016 struct bss_descriptor * found_bss = NULL;
1017 struct bss_descriptor * tmp_oldest = NULL;
876c9d3a 1018
e56188ac
HS		 1019 lbs_deb_enter(LBS_DEB_SCAN);
1020
aa21c004 1021 mutex_lock(&priv->lock);
fcdb53db 1022
aa21c004 1023 list_for_each_entry (iter_bss, &priv->network_list, list) {
fcdb53db
DW		 1024 if ( !tmp_oldest
1025 || (iter_bss->last_scanned < tmp_oldest->last_scanned))
1026 tmp_oldest = iter_bss;
1027
10078321 1028 if (lbs_ssid_cmp(iter_bss->ssid, iter_bss->ssid_len,
d8efea25 1029 ssid, ssid_len) != 0)
fcdb53db 1030 continue; /* ssid doesn't match */
3cf20931 1031 if (bssid && compare_ether_addr(iter_bss->bssid, bssid) != 0)
fcdb53db 1032 continue; /* bssid doesn't match */
aeea0ab4
DW		 1033 if ((channel > 0) && (iter_bss->channel != channel))
1034 continue; /* channel doesn't match */
fcdb53db
DW		 1035
1036 switch (mode) {
1037 case IW_MODE_INFRA:
1038 case IW_MODE_ADHOC:
aa21c004 1039 if (!is_network_compatible(priv, iter_bss, mode))
876c9d3a 1040 break;
fcdb53db
DW		 1041
1042 if (bssid) {
1043 /* Found requested BSSID */
1044 found_bss = iter_bss;
1045 goto out;
1046 }
1047
1048 if (SCAN_RSSI(iter_bss->rssi) > bestrssi) {
1049 bestrssi = SCAN_RSSI(iter_bss->rssi);
1050 found_bss = iter_bss;
1051 }
1052 break;
1053 case IW_MODE_AUTO:
1054 default:
1055 if (SCAN_RSSI(iter_bss->rssi) > bestrssi) {
1056 bestrssi = SCAN_RSSI(iter_bss->rssi);
1057 found_bss = iter_bss;
876c9d3a 1058 }
fcdb53db 1059 break;
876c9d3a
MT		 1060 }
1061 }
1062
fcdb53db 1063out:
aa21c004 1064 mutex_unlock(&priv->lock);
e56188ac 1065 lbs_deb_leave_args(LBS_DEB_SCAN, "found_bss %p", found_bss);
fcdb53db 1066 return found_bss;
876c9d3a
MT		 1067}
1068
1069/**
1070 * @brief This function finds the best SSID in the Scan List
1071 *
1072 * Search the scan table for the best SSID that also matches the current
1073 * adapter network preference (infrastructure or adhoc)
1074 *
aa21c004 1075 * @param priv A pointer to struct lbs_private
876c9d3a
MT		 1076 *
1077 * @return index in BSSID list
1078 */
69f9032d 1079static struct bss_descriptor *lbs_find_best_ssid_in_list(
aa21c004 1080 struct lbs_private *priv,
69f9032d 1081 u8 mode)
876c9d3a 1082{
876c9d3a 1083 u8 bestrssi = 0;
fcdb53db
DW		 1084 struct bss_descriptor * iter_bss;
1085 struct bss_descriptor * best_bss = NULL;
876c9d3a 1086
e56188ac
HS		 1087 lbs_deb_enter(LBS_DEB_SCAN);
1088
aa21c004 1089 mutex_lock(&priv->lock);
876c9d3a 1090
aa21c004 1091 list_for_each_entry (iter_bss, &priv->network_list, list) {
876c9d3a 1092 switch (mode) {
0dc5a290
DW		 1093 case IW_MODE_INFRA:
1094 case IW_MODE_ADHOC:
aa21c004 1095 if (!is_network_compatible(priv, iter_bss, mode))
fcdb53db
DW		 1096 break;
1097 if (SCAN_RSSI(iter_bss->rssi) <= bestrssi)
1098 break;
1099 bestrssi = SCAN_RSSI(iter_bss->rssi);
1100 best_bss = iter_bss;
876c9d3a 1101 break;
0dc5a290 1102 case IW_MODE_AUTO:
876c9d3a 1103 default:
fcdb53db
DW		 1104 if (SCAN_RSSI(iter_bss->rssi) <= bestrssi)
1105 break;
1106 bestrssi = SCAN_RSSI(iter_bss->rssi);
1107 best_bss = iter_bss;
876c9d3a
MT		 1108 break;
1109 }
1110 }
1111
aa21c004 1112 mutex_unlock(&priv->lock);
e56188ac 1113 lbs_deb_leave_args(LBS_DEB_SCAN, "best_bss %p", best_bss);
fcdb53db 1114 return best_bss;
876c9d3a
MT		 1115}
1116
1117/**
1118 * @brief Find the AP with specific ssid in the scan list
1119 *
e56188ac
HS		 1120 * Used from association worker.
1121 *
69f9032d 1122 * @param priv A pointer to struct lbs_private structure
876c9d3a
MT		 1123 * @param pSSID A pointer to AP's ssid
1124 *
1125 * @return 0--success, otherwise--fail
1126 */
69f9032d 1127int lbs_find_best_network_ssid(struct lbs_private *priv,
d8efea25 1128 u8 *out_ssid, u8 *out_ssid_len, u8 preferred_mode, u8 *out_mode)
876c9d3a 1129{
fcdb53db
DW		 1130 int ret = -1;
1131 struct bss_descriptor * found;
876c9d3a 1132
e56188ac 1133 lbs_deb_enter(LBS_DEB_SCAN);
876c9d3a 1134
10078321 1135 lbs_scan_networks(priv, NULL, 1);
aa21c004 1136 if (priv->surpriseremoved)
e56188ac 1137 goto out;
876c9d3a 1138
aa21c004 1139 found = lbs_find_best_ssid_in_list(priv, preferred_mode);
d8efea25
DW		 1140 if (found && (found->ssid_len > 0)) {
1141 memcpy(out_ssid, &found->ssid, IW_ESSID_MAX_SIZE);
1142 *out_ssid_len = found->ssid_len;
fcdb53db
DW		 1143 *out_mode = found->mode;
1144 ret = 0;
876c9d3a
MT		 1145 }
1146
e56188ac 1147out:
9012b28a 1148 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret);
876c9d3a
MT		 1149 return ret;
1150}
1151
e56188ac 1152
876c9d3a
MT		 1153/**
1154 * @brief Send a scan command for all available channels filtered on a spec
1155 *
e56188ac
HS		 1156 * Used in association code and from debugfs
1157 *
69f9032d 1158 * @param priv A pointer to struct lbs_private structure
e56188ac
HS		 1159 * @param ssid A pointer to the SSID to scan for
1160 * @param ssid_len Length of the SSID
1161 * @param clear_ssid Should existing scan results with this SSID
1162 * be cleared?
876c9d3a
MT		 1163 *
1164 * @return 0-success, otherwise fail
1165 */
69f9032d 1166int lbs_send_specific_ssid_scan(struct lbs_private *priv,
d8efea25 1167 u8 *ssid, u8 ssid_len, u8 clear_ssid)
876c9d3a 1168{
10078321 1169 struct lbs_ioctl_user_scan_cfg scancfg;
eb8f7330 1170 int ret = 0;
876c9d3a 1171
e56188ac
HS		 1172 lbs_deb_enter_args(LBS_DEB_SCAN, "SSID '%s', clear %d",
1173 escape_essid(ssid, ssid_len), clear_ssid);
876c9d3a 1174
d8efea25 1175 if (!ssid_len)
eb8f7330 1176 goto out;
876c9d3a
MT		 1177
1178 memset(&scancfg, 0x00, sizeof(scancfg));
d8efea25
DW		 1179 memcpy(scancfg.ssid, ssid, ssid_len);
1180 scancfg.ssid_len = ssid_len;
eb8f7330 1181 scancfg.clear_ssid = clear_ssid;
876c9d3a 1182
10078321 1183 lbs_scan_networks(priv, &scancfg, 1);
aa21c004 1184 if (priv->surpriseremoved) {
e56188ac
HS		 1185 ret = -1;
1186 goto out;
1187 }
876c9d3a 1188
eb8f7330 1189out:
e56188ac 1190 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret);
eb8f7330 1191 return ret;
876c9d3a
MT		 1192}
1193
e56188ac
HS		 1194
1195
1196
1197/*********************************************************************/
1198/* */
1199/* Support for Wireless Extensions */
1200/* */
1201/*********************************************************************/
1202
ffd074fc 1203
00af0157
DW		 1204#define MAX_CUSTOM_LEN 64
1205
69f9032d 1206static inline char *lbs_translate_scan(struct lbs_private *priv,
fcdb53db
DW		 1207 char *start, char *stop,
1208 struct bss_descriptor *bss)
876c9d3a 1209{
876c9d3a 1210 struct chan_freq_power *cfp;
876c9d3a
MT		 1211 char *current_val; /* For rates */
1212 struct iw_event iwe; /* Temporary buffer */
876c9d3a 1213 int j;
876c9d3a
MT		 1214#define PERFECT_RSSI ((u8)50)
1215#define WORST_RSSI ((u8)0)
1216#define RSSI_DIFF ((u8)(PERFECT_RSSI - WORST_RSSI))
1217 u8 rssi;
1218
e56188ac
HS		 1219 lbs_deb_enter(LBS_DEB_SCAN);
1220
aa21c004 1221 cfp = lbs_find_cfp_by_band_and_channel(priv, 0, bss->channel);
fcdb53db
DW		 1222 if (!cfp) {
1223 lbs_deb_scan("Invalid channel number %d\n", bss->channel);
e56188ac
HS		 1224 start = NULL;
1225 goto out;
2be92196 1226 }
876c9d3a 1227
ffd074fc 1228 /* First entry *MUST* be the BSSID */
fcdb53db
DW		 1229 iwe.cmd = SIOCGIWAP;
1230 iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
1231 memcpy(iwe.u.ap_addr.sa_data, &bss->bssid, ETH_ALEN);
1232 start = iwe_stream_add_event(start, stop, &iwe, IW_EV_ADDR_LEN);
1233
1234 /* SSID */
1235 iwe.cmd = SIOCGIWESSID;
1236 iwe.u.data.flags = 1;
d8efea25
DW		 1237 iwe.u.data.length = min((u32) bss->ssid_len, (u32) IW_ESSID_MAX_SIZE);
1238 start = iwe_stream_add_point(start, stop, &iwe, bss->ssid);
fcdb53db
DW		 1239
1240 /* Mode */
1241 iwe.cmd = SIOCGIWMODE;
1242 iwe.u.mode = bss->mode;
1243 start = iwe_stream_add_event(start, stop, &iwe, IW_EV_UINT_LEN);
1244
1245 /* Frequency */
1246 iwe.cmd = SIOCGIWFREQ;
1247 iwe.u.freq.m = (long)cfp->freq * 100000;
1248 iwe.u.freq.e = 1;
1249 start = iwe_stream_add_event(start, stop, &iwe, IW_EV_FREQ_LEN);
1250
1251 /* Add quality statistics */
1252 iwe.cmd = IWEVQUAL;
1253 iwe.u.qual.updated = IW_QUAL_ALL_UPDATED;
1254 iwe.u.qual.level = SCAN_RSSI(bss->rssi);
1255
1256 rssi = iwe.u.qual.level - MRVDRV_NF_DEFAULT_SCAN_VALUE;
1257 iwe.u.qual.qual =
1258 (100 * RSSI_DIFF * RSSI_DIFF - (PERFECT_RSSI - rssi) *
1259 (15 * (RSSI_DIFF) + 62 * (PERFECT_RSSI - rssi))) /
1260 (RSSI_DIFF * RSSI_DIFF);
1261 if (iwe.u.qual.qual > 100)
1262 iwe.u.qual.qual = 100;
1263
aa21c004 1264 if (priv->NF[TYPE_BEACON][TYPE_NOAVG] == 0) {
fcdb53db
DW		 1265 iwe.u.qual.noise = MRVDRV_NF_DEFAULT_SCAN_VALUE;
1266 } else {
1267 iwe.u.qual.noise =
aa21c004 1268 CAL_NF(priv->NF[TYPE_BEACON][TYPE_NOAVG]);
fcdb53db 1269 }
80e78ef7
DW		 1270
1271 /* Locally created ad-hoc BSSs won't have beacons if this is the
1272 * only station in the adhoc network; so get signal strength
1273 * from receive statistics.
1274 */
aa21c004
DW		 1275 if ((priv->mode == IW_MODE_ADHOC)
1276 && priv->adhoccreate
1277 && !lbs_ssid_cmp(priv->curbssparams.ssid,
1278 priv->curbssparams.ssid_len,
d8efea25 1279 bss->ssid, bss->ssid_len)) {
80e78ef7 1280 int snr, nf;
aa21c004
DW		 1281 snr = priv->SNR[TYPE_RXPD][TYPE_AVG] / AVG_SCALE;
1282 nf = priv->NF[TYPE_RXPD][TYPE_AVG] / AVG_SCALE;
80e78ef7 1283 iwe.u.qual.level = CAL_RSSI(snr, nf);
fcdb53db
DW		 1284 }
1285 start = iwe_stream_add_event(start, stop, &iwe, IW_EV_QUAL_LEN);
876c9d3a 1286
fcdb53db
DW		 1287 /* Add encryption capability */
1288 iwe.cmd = SIOCGIWENCODE;
0c9ca690 1289 if (bss->capability & WLAN_CAPABILITY_PRIVACY) {
fcdb53db
DW		 1290 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
1291 } else {
1292 iwe.u.data.flags = IW_ENCODE_DISABLED;
1293 }
1294 iwe.u.data.length = 0;
d8efea25 1295 start = iwe_stream_add_point(start, stop, &iwe, bss->ssid);
876c9d3a 1296
fcdb53db 1297 current_val = start + IW_EV_LCP_LEN;
876c9d3a 1298
fcdb53db
DW		 1299 iwe.cmd = SIOCGIWRATE;
1300 iwe.u.bitrate.fixed = 0;
1301 iwe.u.bitrate.disabled = 0;
1302 iwe.u.bitrate.value = 0;
876c9d3a 1303
8c512765
DW		 1304 for (j = 0; bss->rates[j] && (j < sizeof(bss->rates)); j++) {
1305 /* Bit rate given in 500 kb/s units */
1306 iwe.u.bitrate.value = bss->rates[j] * 500000;
fcdb53db
DW		 1307 current_val = iwe_stream_add_value(start, current_val,
1308 stop, &iwe, IW_EV_PARAM_LEN);
1309 }
1310 if ((bss->mode == IW_MODE_ADHOC)
aa21c004
DW		 1311 && !lbs_ssid_cmp(priv->curbssparams.ssid,
1312 priv->curbssparams.ssid_len,
d8efea25 1313 bss->ssid, bss->ssid_len)
aa21c004 1314 && priv->adhoccreate) {
fcdb53db
DW		 1315 iwe.u.bitrate.value = 22 * 500000;
1316 current_val = iwe_stream_add_value(start, current_val,
1317 stop, &iwe, IW_EV_PARAM_LEN);
1318 }
1319 /* Check if we added any event */
1320 if((current_val - start) > IW_EV_LCP_LEN)
1321 start = current_val;
1322
1323 memset(&iwe, 0, sizeof(iwe));
1324 if (bss->wpa_ie_len) {
1325 char buf[MAX_WPA_IE_LEN];
1326 memcpy(buf, bss->wpa_ie, bss->wpa_ie_len);
1327 iwe.cmd = IWEVGENIE;
1328 iwe.u.data.length = bss->wpa_ie_len;
1329 start = iwe_stream_add_point(start, stop, &iwe, buf);
1330 }
876c9d3a 1331
fcdb53db
DW		 1332 memset(&iwe, 0, sizeof(iwe));
1333 if (bss->rsn_ie_len) {
1334 char buf[MAX_WPA_IE_LEN];
1335 memcpy(buf, bss->rsn_ie, bss->rsn_ie_len);
1336 iwe.cmd = IWEVGENIE;
1337 iwe.u.data.length = bss->rsn_ie_len;
1338 start = iwe_stream_add_point(start, stop, &iwe, buf);
1339 }
876c9d3a 1340
00af0157
DW		 1341 if (bss->mesh) {
1342 char custom[MAX_CUSTOM_LEN];
1343 char *p = custom;
1344
1345 iwe.cmd = IWEVCUSTOM;
1346 p += snprintf(p, MAX_CUSTOM_LEN - (p - custom),
1347 "mesh-type: olpc");
1348 iwe.u.data.length = p - custom;
1349 if (iwe.u.data.length)
1350 start = iwe_stream_add_point(start, stop, &iwe, custom);
1351 }
1352
e56188ac
HS		 1353out:
1354 lbs_deb_leave_args(LBS_DEB_SCAN, "start %p", start);
fcdb53db
DW		 1355 return start;
1356}
876c9d3a 1357
ffd074fc
HS		 1358
1359/**
1360 * @brief Handle Scan Network ioctl
1361 *
1362 * @param dev A pointer to net_device structure
1363 * @param info A pointer to iw_request_info structure
1364 * @param vwrq A pointer to iw_param structure
1365 * @param extra A pointer to extra data buf
1366 *
1367 * @return 0 --success, otherwise fail
1368 */
1369int lbs_set_scan(struct net_device *dev, struct iw_request_info *info,
1370 struct iw_param *wrqu, char *extra)
1371{
1372 struct lbs_private *priv = dev->priv;
ffd074fc
HS		 1373
1374 lbs_deb_enter(LBS_DEB_SCAN);
1375
1376 if (!netif_running(dev))
1377 return -ENETDOWN;
1378
1379 /* mac80211 does this:
1380 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1381 if (sdata->type != IEEE80211_IF_TYPE_xxx)
1382 return -EOPNOTSUPP;
1383
1384 if (wrqu->data.length == sizeof(struct iw_scan_req) &&
1385 wrqu->data.flags & IW_SCAN_THIS_ESSID) {
1386 req = (struct iw_scan_req *)extra;
1387 ssid = req->essid;
1388 ssid_len = req->essid_len;
1389 }
1390 */
1391
1392 if (!delayed_work_pending(&priv->scan_work))
1393 queue_delayed_work(priv->work_thread, &priv->scan_work,
1394 msecs_to_jiffies(50));
1395 /* set marker that currently a scan is taking place */
8816edce 1396 priv->scan_channel = -1;
ffd074fc 1397
aa21c004 1398 if (priv->surpriseremoved)
ffd074fc
HS		 1399 return -EIO;
1400
1401 lbs_deb_leave(LBS_DEB_SCAN);
1402 return 0;
1403}
1404
1405
fcdb53db 1406/**
e56188ac 1407 * @brief Handle Retrieve scan table ioctl
fcdb53db
DW		 1408 *
1409 * @param dev A pointer to net_device structure
1410 * @param info A pointer to iw_request_info structure
1411 * @param dwrq A pointer to iw_point structure
1412 * @param extra A pointer to extra data buf
1413 *
1414 * @return 0 --success, otherwise fail
1415 */
10078321 1416int lbs_get_scan(struct net_device *dev, struct iw_request_info *info,
fcdb53db
DW		 1417 struct iw_point *dwrq, char *extra)
1418{
1419#define SCAN_ITEM_SIZE 128
69f9032d 1420 struct lbs_private *priv = dev->priv;
fcdb53db
DW		 1421 int err = 0;
1422 char *ev = extra;
1423 char *stop = ev + dwrq->length;
1424 struct bss_descriptor * iter_bss;
1425 struct bss_descriptor * safe;
876c9d3a 1426
e56188ac 1427 lbs_deb_enter(LBS_DEB_SCAN);
876c9d3a 1428
ffd074fc 1429 /* iwlist should wait until the current scan is finished */
8816edce 1430 if (priv->scan_channel)
ffd074fc
HS		 1431 return -EAGAIN;
1432
80e78ef7 1433 /* Update RSSI if current BSS is a locally created ad-hoc BSS */
aa21c004 1434 if ((priv->mode == IW_MODE_ADHOC) && priv->adhoccreate) {
10078321 1435 lbs_prepare_and_send_command(priv, CMD_802_11_RSSI, 0,
0aef64d7 1436 CMD_OPTION_WAITFORRSP, 0, NULL);
80e78ef7
DW		 1437 }
1438
aa21c004
DW		 1439 mutex_lock(&priv->lock);
1440 list_for_each_entry_safe (iter_bss, safe, &priv->network_list, list) {
fcdb53db
DW		 1441 char * next_ev;
1442 unsigned long stale_time;
876c9d3a 1443
fcdb53db
DW		 1444 if (stop - ev < SCAN_ITEM_SIZE) {
1445 err = -E2BIG;
1446 break;
876c9d3a 1447 }
876c9d3a 1448
1e838bf3
LCC		 1449 /* For mesh device, list only mesh networks */
1450 if (dev == priv->mesh_dev && !iter_bss->mesh)
1451 continue;
1452
fcdb53db
DW		 1453 /* Prune old an old scan result */
1454 stale_time = iter_bss->last_scanned + DEFAULT_MAX_SCAN_AGE;
1455 if (time_after(jiffies, stale_time)) {
1456 list_move_tail (&iter_bss->list,
aa21c004 1457 &priv->network_free_list);
fcdb53db
DW		 1458 clear_bss_descriptor(iter_bss);
1459 continue;
876c9d3a
MT		 1460 }
1461
fcdb53db 1462 /* Translate to WE format this entry */
10078321 1463 next_ev = lbs_translate_scan(priv, ev, stop, iter_bss);
fcdb53db
DW		 1464 if (next_ev == NULL)
1465 continue;
1466 ev = next_ev;
876c9d3a 1467 }
aa21c004 1468 mutex_unlock(&priv->lock);
876c9d3a 1469
fcdb53db 1470 dwrq->length = (ev - extra);
876c9d3a
MT		 1471 dwrq->flags = 0;
1472
e56188ac 1473 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", err);
fcdb53db 1474 return err;
876c9d3a
MT		 1475}
1476
e56188ac
HS		 1477
1478
1479
1480/*********************************************************************/
1481/* */
1482/* Command execution */
1483/* */
1484/*********************************************************************/
1485
1486
876c9d3a
MT		 1487/**
1488 * @brief Prepare a scan command to be sent to the firmware
1489 *
ffd074fc
HS		 1490 * Called via lbs_prepare_and_send_command(priv, CMD_802_11_SCAN, ...)
1491 * from cmd.c
876c9d3a 1492 *
efad798b 1493 * Sends a fixed length data part (specifying the BSS type and BSSID filters)
e56188ac 1494 * as well as a variable number/length of TLVs to the firmware.
876c9d3a 1495 *
69f9032d 1496 * @param priv A pointer to struct lbs_private structure
876c9d3a
MT		 1497 * @param cmd A pointer to cmd_ds_command structure to be sent to
1498 * firmware with the cmd_DS_801_11_SCAN structure
10078321 1499 * @param pdata_buf Void pointer cast of a lbs_scan_cmd_config struct used
876c9d3a
MT		 1500 * to set the fields/TLVs for the command sent to firmware
1501 *
1502 * @return 0 or -1
876c9d3a 1503 */
69f9032d 1504int lbs_cmd_80211_scan(struct lbs_private *priv,
ffd074fc 1505 struct cmd_ds_command *cmd, void *pdata_buf)
876c9d3a
MT		 1506{
1507 struct cmd_ds_802_11_scan *pscan = &cmd->params.scan;
10078321 1508 struct lbs_scan_cmd_config *pscancfg = pdata_buf;
876c9d3a 1509
e56188ac 1510 lbs_deb_enter(LBS_DEB_SCAN);
876c9d3a
MT		 1511
1512 /* Set fixed field variables in scan command */
1513 pscan->bsstype = pscancfg->bsstype;
492b6da7 1514 memcpy(pscan->bssid, pscancfg->bssid, ETH_ALEN);
876c9d3a
MT		 1515 memcpy(pscan->tlvbuffer, pscancfg->tlvbuffer, pscancfg->tlvbufferlen);
1516
876c9d3a 1517 /* size is equal to the sizeof(fixed portions) + the TLV len + header */
492b6da7
DW		 1518 cmd->size = cpu_to_le16(sizeof(pscan->bsstype) + ETH_ALEN
1519 + pscancfg->tlvbufferlen + S_DS_GEN);
876c9d3a 1520
e56188ac 1521 lbs_deb_leave(LBS_DEB_SCAN);
876c9d3a
MT		 1522 return 0;
1523}
1524
1525/**
1526 * @brief This function handles the command response of scan
1527 *
e56188ac
HS		 1528 * Called from handle_cmd_response() in cmdrespc.
1529 *
876c9d3a
MT		 1530 * The response buffer for the scan command has the following
1531 * memory layout:
1532 *
1533 * .-----------------------------------------------------------.
1534 * | header (4 * sizeof(u16)): Standard command response hdr |
1535 * .-----------------------------------------------------------.
1536 * | bufsize (u16) : sizeof the BSS Description data |
1537 * .-----------------------------------------------------------.
1538 * | NumOfSet (u8) : Number of BSS Descs returned |
1539 * .-----------------------------------------------------------.
1540 * | BSSDescription data (variable, size given in bufsize) |
1541 * .-----------------------------------------------------------.
1542 * | TLV data (variable, size calculated using header->size, |
1543 * | bufsize and sizeof the fixed fields above) |
1544 * .-----------------------------------------------------------.
1545 *
69f9032d 1546 * @param priv A pointer to struct lbs_private structure
876c9d3a
MT		 1547 * @param resp A pointer to cmd_ds_command
1548 *
1549 * @return 0 or -1
1550 */
69f9032d 1551int lbs_ret_80211_scan(struct lbs_private *priv, struct cmd_ds_command *resp)
876c9d3a 1552{
876c9d3a 1553 struct cmd_ds_802_11_scan_rsp *pscan;
fcdb53db
DW		 1554 struct bss_descriptor * iter_bss;
1555 struct bss_descriptor * safe;
876c9d3a
MT		 1556 u8 *pbssinfo;
1557 u16 scanrespsize;
1558 int bytesleft;
876c9d3a
MT		 1559 int idx;
1560 int tlvbufsize;
9012b28a 1561 int ret;
876c9d3a 1562
e56188ac 1563 lbs_deb_enter(LBS_DEB_SCAN);
876c9d3a 1564
fcdb53db 1565 /* Prune old entries from scan table */
aa21c004 1566 list_for_each_entry_safe (iter_bss, safe, &priv->network_list, list) {
fcdb53db
DW		 1567 unsigned long stale_time = iter_bss->last_scanned + DEFAULT_MAX_SCAN_AGE;
1568 if (time_before(jiffies, stale_time))
1569 continue;
aa21c004 1570 list_move_tail (&iter_bss->list, &priv->network_free_list);
fcdb53db
DW		 1571 clear_bss_descriptor(iter_bss);
1572 }
1573
876c9d3a
MT		 1574 pscan = &resp->params.scanresp;
1575
fcdb53db
DW		 1576 if (pscan->nr_sets > MAX_NETWORK_COUNT) {
1577 lbs_deb_scan(
1578 "SCAN_RESP: too many scan results (%d, max %d)!!\n",
1579 pscan->nr_sets, MAX_NETWORK_COUNT);
9012b28a
HS		 1580 ret = -1;
1581 goto done;
876c9d3a
MT		 1582 }
1583
e7240aca 1584 bytesleft = le16_to_cpu(pscan->bssdescriptsize);
9012b28a 1585 lbs_deb_scan("SCAN_RESP: bssdescriptsize %d\n", bytesleft);
876c9d3a 1586
e7240aca
DW		 1587 scanrespsize = le16_to_cpu(resp->size);
1588 lbs_deb_scan("SCAN_RESP: scan results %d\n", pscan->nr_sets);
876c9d3a 1589
876c9d3a
MT		 1590 pbssinfo = pscan->bssdesc_and_tlvbuffer;
1591
1592 /* The size of the TLV buffer is equal to the entire command response
1593 * size (scanrespsize) minus the fixed fields (sizeof()'s), the
1594 * BSS Descriptions (bssdescriptsize as bytesLef) and the command
1595 * response header (S_DS_GEN)
1596 */
1597 tlvbufsize = scanrespsize - (bytesleft + sizeof(pscan->bssdescriptsize)
1598 + sizeof(pscan->nr_sets)
1599 + S_DS_GEN);
1600
876c9d3a
MT		 1601 /*
1602 * Process each scan response returned (pscan->nr_sets). Save
1603 * the information in the newbssentry and then insert into the
1604 * driver scan table either as an update to an existing entry
1605 * or as an addition at the end of the table
1606 */
1607 for (idx = 0; idx < pscan->nr_sets && bytesleft; idx++) {
fcdb53db
DW		 1608 struct bss_descriptor new;
1609 struct bss_descriptor * found = NULL;
fcdb53db 1610 struct bss_descriptor * oldest = NULL;
0795af57 1611 DECLARE_MAC_BUF(mac);
876c9d3a
MT		 1612
1613 /* Process the data fields and IEs returned for this BSS */
fcdb53db 1614 memset(&new, 0, sizeof (struct bss_descriptor));
10078321 1615 if (lbs_process_bss(&new, &pbssinfo, &bytesleft) != 0) {
fcdb53db
DW		 1616 /* error parsing the scan response, skipped */
1617 lbs_deb_scan("SCAN_RESP: process_bss returned ERROR\n");
1618 continue;
1619 }
876c9d3a 1620
fcdb53db 1621 /* Try to find this bss in the scan table */
aa21c004 1622 list_for_each_entry (iter_bss, &priv->network_list, list) {
fcdb53db
DW		 1623 if (is_same_network(iter_bss, &new)) {
1624 found = iter_bss;
1625 break;
876c9d3a
MT		 1626 }
1627
fcdb53db
DW		 1628 if ((oldest == NULL) ||
1629 (iter_bss->last_scanned < oldest->last_scanned))
1630 oldest = iter_bss;
1631 }
876c9d3a 1632
fcdb53db
DW		 1633 if (found) {
1634 /* found, clear it */
1635 clear_bss_descriptor(found);
aa21c004 1636 } else if (!list_empty(&priv->network_free_list)) {
fcdb53db 1637 /* Pull one from the free list */
aa21c004 1638 found = list_entry(priv->network_free_list.next,
fcdb53db 1639 struct bss_descriptor, list);
aa21c004 1640 list_move_tail(&found->list, &priv->network_list);
fcdb53db
DW		 1641 } else if (oldest) {
1642 /* If there are no more slots, expire the oldest */
1643 found = oldest;
1644 clear_bss_descriptor(found);
aa21c004 1645 list_move_tail(&found->list, &priv->network_list);
876c9d3a 1646 } else {
fcdb53db
DW		 1647 continue;
1648 }
876c9d3a 1649
ffd074fc 1650 lbs_deb_scan("SCAN_RESP: BSSID %s\n",
0795af57 1651 print_mac(mac, new.bssid));
fcdb53db 1652
fcdb53db
DW		 1653 /* Copy the locally created newbssentry to the scan table */
1654 memcpy(found, &new, offsetof(struct bss_descriptor, list));
1655 }
876c9d3a 1656
9012b28a 1657 ret = 0;
876c9d3a 1658
9012b28a
HS		 1659done:
1660 lbs_deb_leave_args(LBS_DEB_SCAN, "ret %d", ret);
1661 return ret;
876c9d3a 1662}
kernel source for telekom puls (alcatel/mediatek)