sys/net80211/ieee80211_scan_sw.c

170530Ssam/*-
178354Ssam * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting
170530Ssam * All rights reserved.
170530Ssam *
170530Ssam * Redistribution and use in source and binary forms, with or without
170530Ssam * modification, are permitted provided that the following conditions
170530Ssam * are met:
170530Ssam * 1. Redistributions of source code must retain the above copyright
170530Ssam *    notice, this list of conditions and the following disclaimer.
170530Ssam * 2. Redistributions in binary form must reproduce the above copyright
170530Ssam *    notice, this list of conditions and the following disclaimer in the
170530Ssam *    documentation and/or other materials provided with the distribution.
170530Ssam *
170530Ssam * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
170530Ssam * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
170530Ssam * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
170530Ssam * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
170530Ssam * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
170530Ssam * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
170530Ssam * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
170530Ssam * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
170530Ssam * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
170530Ssam * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
170530Ssam */
170530Ssam
170530Ssam#include <sys/cdefs.h>
170530Ssam__FBSDID("$FreeBSD: stable/11/sys/net80211/ieee80211_scan_sw.c 330460 2018-03-05 08:22:24Z eadler $");
170530Ssam
170530Ssam/*
170530Ssam * IEEE 802.11 scanning support.
170530Ssam */
178354Ssam#include "opt_wlan.h"
178354Ssam
170530Ssam#include <sys/param.h>
170530Ssam#include <sys/systm.h>
191746Sthompsa#include <sys/proc.h>
170530Ssam#include <sys/kernel.h>
295126Sglebius#include <sys/malloc.h>
191746Sthompsa#include <sys/condvar.h>
170530Ssam
170530Ssam#include <sys/socket.h>
170530Ssam
170530Ssam#include <net/if.h>
257176Sglebius#include <net/if_var.h>
170530Ssam#include <net/if_media.h>
170530Ssam#include <net/ethernet.h>
170530Ssam
170530Ssam#include <net80211/ieee80211_var.h>
170530Ssam
276730Sadrian#include <net80211/ieee80211_scan_sw.h>
276730Sadrian
170530Ssam#include <net/bpf.h>
170530Ssam
170530Ssamstruct scan_state {
170530Ssam	struct ieee80211_scan_state base;	/* public state */
170530Ssam
296235Savos	u_int			ss_iflags;	/* flags used internally */
296235Savos#define	ISCAN_MINDWELL 		0x0001		/* min dwell time reached */
296235Savos#define	ISCAN_DISCARD		0x0002		/* discard rx'd frames */
296235Savos#define	ISCAN_CANCEL		0x0004		/* cancel current scan */
296235Savos#define	ISCAN_ABORT		0x0008		/* end the scan immediately */
296235Savos#define	ISCAN_RUNNING		0x0010		/* scan was started */
296235Savos
296235Savos	unsigned long		ss_chanmindwell;  /* min dwell on curchan */
296235Savos	unsigned long		ss_scanend;	/* time scan must stop */
296235Savos	u_int			ss_duration;	/* duration for next scan */
296235Savos	struct task		ss_scan_start;	/* scan start */
296235Savos	struct timeout_task	ss_scan_curchan;  /* scan execution */
170530Ssam};
170530Ssam#define	SCAN_PRIVATE(ss)	((struct scan_state *) ss)
170530Ssam
170530Ssam/*
170530Ssam * Amount of time to go off-channel during a background
170530Ssam * scan.  This value should be large enough to catch most
170530Ssam * ap's but short enough that we can return on-channel
170530Ssam * before our listen interval expires.
170530Ssam *
170530Ssam * XXX tunable
170530Ssam * XXX check against configured listen interval
170530Ssam */
170530Ssam#define	IEEE80211_SCAN_OFFCHANNEL	msecs_to_ticks(150)
170530Ssam
178354Ssamstatic	void scan_curchan(struct ieee80211_scan_state *, unsigned long);
178354Ssamstatic	void scan_mindwell(struct ieee80211_scan_state *);
296234Savosstatic	void scan_signal(struct ieee80211_scan_state *, int);
296234Savosstatic	void scan_signal_locked(struct ieee80211_scan_state *, int);
296232Savosstatic	void scan_start(void *, int);
296232Savosstatic	void scan_curchan_task(void *, int);
296231Savosstatic	void scan_end(struct ieee80211_scan_state *, int);
296230Savosstatic	void scan_done(struct ieee80211_scan_state *, int);
170530Ssam
170530SsamMALLOC_DEFINE(M_80211_SCAN, "80211scan", "802.11 scan state");
170530Ssam
284143Sadrianstatic void
276730Sadrianieee80211_swscan_detach(struct ieee80211com *ic)
170530Ssam{
170530Ssam	struct ieee80211_scan_state *ss = ic->ic_scan;
170530Ssam
170530Ssam	if (ss != NULL) {
296234Savos		scan_signal(ss, ISCAN_ABORT);
296232Savos		ieee80211_draintask(ic, &SCAN_PRIVATE(ss)->ss_scan_start);
296232Savos		taskqueue_drain_timeout(ic->ic_tq,
296232Savos		    &SCAN_PRIVATE(ss)->ss_scan_curchan);
191746Sthompsa		KASSERT((ic->ic_flags & IEEE80211_F_SCAN) == 0,
191746Sthompsa		    ("scan still running"));
276730Sadrian
276730Sadrian		/*
276730Sadrian		 * For now, do the ss_ops detach here rather
276730Sadrian		 * than ieee80211_scan_detach().
276730Sadrian		 *
276730Sadrian		 * I'll figure out how to cleanly split things up
276730Sadrian		 * at a later date.
276730Sadrian		 */
170530Ssam		if (ss->ss_ops != NULL) {
170530Ssam			ss->ss_ops->scan_detach(ss);
170530Ssam			ss->ss_ops = NULL;
170530Ssam		}
170530Ssam		ic->ic_scan = NULL;
283538Sadrian		IEEE80211_FREE(SCAN_PRIVATE(ss), M_80211_SCAN);
170530Ssam	}
170530Ssam}
170530Ssam
284143Sadrianstatic void
276730Sadrianieee80211_swscan_vattach(struct ieee80211vap *vap)
178354Ssam{
276730Sadrian	/* nothing to do for now */
276730Sadrian	/*
276730Sadrian	 * TODO: all of the vap scan calls should be methods!
276730Sadrian	 */
178354Ssam
178354Ssam}
178354Ssam
284143Sadrianstatic void
276730Sadrianieee80211_swscan_vdetach(struct ieee80211vap *vap)
178354Ssam{
178354Ssam	struct ieee80211com *ic = vap->iv_ic;
296235Savos	struct ieee80211_scan_state *ss = ic->ic_scan;
178354Ssam
276730Sadrian	IEEE80211_LOCK_ASSERT(ic);
296235Savos
296235Savos	if (ss != NULL && ss->ss_vap == vap &&
296235Savos	    (ic->ic_flags & IEEE80211_F_SCAN))
296235Savos		scan_signal_locked(ss, ISCAN_ABORT);
178354Ssam}
178354Ssam
284143Sadrianstatic void
276730Sadrianieee80211_swscan_set_scan_duration(struct ieee80211vap *vap, u_int duration)
170530Ssam{
276730Sadrian	struct ieee80211com *ic = vap->iv_ic;
276730Sadrian	struct ieee80211_scan_state *ss = ic->ic_scan;
170530Ssam
276730Sadrian	IEEE80211_LOCK_ASSERT(ic);
170530Ssam
276730Sadrian	/* NB: flush frames rx'd before 1st channel change */
276730Sadrian	SCAN_PRIVATE(ss)->ss_iflags |= ISCAN_DISCARD;
276730Sadrian	SCAN_PRIVATE(ss)->ss_duration = duration;
170530Ssam}
170530Ssam
178354Ssam/*
178354Ssam * Start a scan unless one is already going.
282705Sadrian */
282705Sadrianstatic int
282705Sadrianieee80211_swscan_start_scan_locked(const struct ieee80211_scanner *scan,
282705Sadrian	struct ieee80211vap *vap, int flags, u_int duration,
282705Sadrian	u_int mindwell, u_int maxdwell,
282705Sadrian	u_int nssid, const struct ieee80211_scan_ssid ssids[])
282705Sadrian{
282705Sadrian	struct ieee80211com *ic = vap->iv_ic;
282705Sadrian	struct ieee80211_scan_state *ss = ic->ic_scan;
282705Sadrian
282705Sadrian	IEEE80211_LOCK_ASSERT(ic);
282705Sadrian
282705Sadrian	if (ic->ic_flags & IEEE80211_F_CSAPENDING) {
282705Sadrian		IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
282705Sadrian		    "%s: scan inhibited by pending channel change\n", __func__);
282705Sadrian	} else if ((ic->ic_flags & IEEE80211_F_SCAN) == 0) {
282705Sadrian		IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
282705Sadrian		    "%s: %s scan, duration %u mindwell %u maxdwell %u, desired mode %s, %s%s%s%s%s%s\n"
282705Sadrian		    , __func__
282705Sadrian		    , flags & IEEE80211_SCAN_ACTIVE ? "active" : "passive"
282705Sadrian		    , duration, mindwell, maxdwell
282705Sadrian		    , ieee80211_phymode_name[vap->iv_des_mode]
282705Sadrian		    , flags & IEEE80211_SCAN_FLUSH ? "flush" : "append"
282705Sadrian		    , flags & IEEE80211_SCAN_NOPICK ? ", nopick" : ""
282705Sadrian		    , flags & IEEE80211_SCAN_NOJOIN ? ", nojoin" : ""
282705Sadrian		    , flags & IEEE80211_SCAN_NOBCAST ? ", nobcast" : ""
282705Sadrian		    , flags & IEEE80211_SCAN_PICK1ST ? ", pick1st" : ""
282705Sadrian		    , flags & IEEE80211_SCAN_ONCE ? ", once" : ""
282705Sadrian		);
282705Sadrian
282705Sadrian		ieee80211_scan_update_locked(vap, scan);
282705Sadrian		if (ss->ss_ops != NULL) {
282705Sadrian			if ((flags & IEEE80211_SCAN_NOSSID) == 0)
282705Sadrian				ieee80211_scan_copy_ssid(vap, ss, nssid, ssids);
282705Sadrian
282705Sadrian			/* NB: top 4 bits for internal use */
282705Sadrian			ss->ss_flags = flags & 0xfff;
282705Sadrian			if (ss->ss_flags & IEEE80211_SCAN_ACTIVE)
282705Sadrian				vap->iv_stats.is_scan_active++;
282705Sadrian			else
282705Sadrian				vap->iv_stats.is_scan_passive++;
282705Sadrian			if (flags & IEEE80211_SCAN_FLUSH)
282705Sadrian				ss->ss_ops->scan_flush(ss);
282705Sadrian			if (flags & IEEE80211_SCAN_BGSCAN)
282705Sadrian				ic->ic_flags_ext |= IEEE80211_FEXT_BGSCAN;
282705Sadrian
282705Sadrian			/* Set duration for this particular scan */
282705Sadrian			ieee80211_swscan_set_scan_duration(vap, duration);
282705Sadrian
282705Sadrian			ss->ss_next = 0;
282705Sadrian			ss->ss_mindwell = mindwell;
282705Sadrian			ss->ss_maxdwell = maxdwell;
282705Sadrian			/* NB: scan_start must be before the scan runtask */
282705Sadrian			ss->ss_ops->scan_start(ss, vap);
282705Sadrian#ifdef IEEE80211_DEBUG
282705Sadrian			if (ieee80211_msg_scan(vap))
282705Sadrian				ieee80211_scan_dump(ss);
282705Sadrian#endif /* IEEE80211_DEBUG */
282705Sadrian			ic->ic_flags |= IEEE80211_F_SCAN;
282705Sadrian
282705Sadrian			/* Start scan task */
296232Savos			ieee80211_runtask(ic, &SCAN_PRIVATE(ss)->ss_scan_start);
282705Sadrian		}
282705Sadrian		return 1;
282705Sadrian	} else {
282705Sadrian		IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
282705Sadrian		    "%s: %s scan already in progress\n", __func__,
282705Sadrian		    ss->ss_flags & IEEE80211_SCAN_ACTIVE ? "active" : "passive");
282705Sadrian	}
282705Sadrian	return 0;
282705Sadrian}
282705Sadrian
282705Sadrian
282705Sadrian/*
282705Sadrian * Start a scan unless one is already going.
276730Sadrian *
276730Sadrian * Called without the comlock held; grab the comlock as appropriate.
178354Ssam */
284143Sadrianstatic int
276730Sadrianieee80211_swscan_start_scan(const struct ieee80211_scanner *scan,
276730Sadrian    struct ieee80211vap *vap, int flags,
276730Sadrian    u_int duration, u_int mindwell, u_int maxdwell,
276730Sadrian    u_int nssid, const struct ieee80211_scan_ssid ssids[])
178354Ssam{
178354Ssam	struct ieee80211com *ic = vap->iv_ic;
178354Ssam	int result;
178354Ssam
276730Sadrian	IEEE80211_UNLOCK_ASSERT(ic);
178354Ssam
178354Ssam	IEEE80211_LOCK(ic);
282705Sadrian	result = ieee80211_swscan_start_scan_locked(scan, vap, flags, duration,
178354Ssam	    mindwell, maxdwell, nssid, ssids);
170530Ssam	IEEE80211_UNLOCK(ic);
170530Ssam
178354Ssam	return result;
170530Ssam}
170530Ssam
170530Ssam/*
170530Ssam * Check the scan cache for an ap/channel to use; if that
170530Ssam * fails then kick off a new scan.
276730Sadrian *
276730Sadrian * Called with the comlock held.
276730Sadrian *
276730Sadrian * XXX TODO: split out!
170530Ssam */
284143Sadrianstatic int
276730Sadrianieee80211_swscan_check_scan(const struct ieee80211_scanner *scan,
276730Sadrian    struct ieee80211vap *vap, int flags,
276730Sadrian    u_int duration, u_int mindwell, u_int maxdwell,
276730Sadrian    u_int nssid, const struct ieee80211_scan_ssid ssids[])
170530Ssam{
178354Ssam	struct ieee80211com *ic = vap->iv_ic;
170530Ssam	struct ieee80211_scan_state *ss = ic->ic_scan;
179389Ssam	int result;
170530Ssam
276730Sadrian	IEEE80211_LOCK_ASSERT(ic);
178354Ssam
170530Ssam	if (ss->ss_ops != NULL) {
178354Ssam		/* XXX verify ss_ops matches vap->iv_opmode */
170530Ssam		if ((flags & IEEE80211_SCAN_NOSSID) == 0) {
170530Ssam			/*
170530Ssam			 * Update the ssid list and mark flags so if
170530Ssam			 * we call start_scan it doesn't duplicate work.
170530Ssam			 */
276730Sadrian			ieee80211_scan_copy_ssid(vap, ss, nssid, ssids);
170530Ssam			flags |= IEEE80211_SCAN_NOSSID;
170530Ssam		}
170530Ssam		if ((ic->ic_flags & IEEE80211_F_SCAN) == 0 &&
179389Ssam		    (flags & IEEE80211_SCAN_FLUSH) == 0 &&
297405Sadrian		    ieee80211_time_before(ticks, ic->ic_lastscan + vap->iv_scanvalid)) {
170530Ssam			/*
170530Ssam			 * We're not currently scanning and the cache is
170530Ssam			 * deemed hot enough to consult.  Lock out others
170530Ssam			 * by marking IEEE80211_F_SCAN while we decide if
170530Ssam			 * something is already in the scan cache we can
170530Ssam			 * use.  Also discard any frames that might come
170530Ssam			 * in while temporarily marked as scanning.
170530Ssam			 */
170530Ssam			SCAN_PRIVATE(ss)->ss_iflags |= ISCAN_DISCARD;
170530Ssam			ic->ic_flags |= IEEE80211_F_SCAN;
179389Ssam
179389Ssam			/* NB: need to use supplied flags in check */
178354Ssam			ss->ss_flags = flags & 0xff;
179389Ssam			result = ss->ss_ops->scan_end(ss, vap);
179389Ssam
170530Ssam			ic->ic_flags &= ~IEEE80211_F_SCAN;
179389Ssam			SCAN_PRIVATE(ss)->ss_iflags &= ~ISCAN_DISCARD;
179389Ssam			if (result) {
179389Ssam				ieee80211_notify_scan_done(vap);
179389Ssam				return 1;
179389Ssam			}
170530Ssam		}
170530Ssam	}
282705Sadrian	result = ieee80211_swscan_start_scan_locked(scan, vap, flags, duration,
178354Ssam	    mindwell, maxdwell, nssid, ssids);
178354Ssam
178354Ssam	return result;
170530Ssam}
170530Ssam
170530Ssam/*
170530Ssam * Restart a previous scan.  If the previous scan completed
170530Ssam * then we start again using the existing channel list.
170530Ssam */
284143Sadrianstatic int
276730Sadrianieee80211_swscan_bg_scan(const struct ieee80211_scanner *scan,
276730Sadrian    struct ieee80211vap *vap, int flags)
170530Ssam{
178354Ssam	struct ieee80211com *ic = vap->iv_ic;
170530Ssam	struct ieee80211_scan_state *ss = ic->ic_scan;
170530Ssam
276730Sadrian	/* XXX assert unlocked? */
276730Sadrian	// IEEE80211_UNLOCK_ASSERT(ic);
178354Ssam
170530Ssam	IEEE80211_LOCK(ic);
170530Ssam	if ((ic->ic_flags & IEEE80211_F_SCAN) == 0) {
170530Ssam		u_int duration;
170530Ssam		/*
170530Ssam		 * Go off-channel for a fixed interval that is large
170530Ssam		 * enough to catch most ap's but short enough that
170530Ssam		 * we can return on-channel before our listen interval
170530Ssam		 * expires.
170530Ssam		 */
170530Ssam		duration = IEEE80211_SCAN_OFFCHANNEL;
170530Ssam
178354Ssam		IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
293164Sadrian		    "%s: %s scan, ticks %u duration %u\n", __func__,
170530Ssam		    ss->ss_flags & IEEE80211_SCAN_ACTIVE ? "active" : "passive",
170530Ssam		    ticks, duration);
170530Ssam
276730Sadrian		ieee80211_scan_update_locked(vap, scan);
170530Ssam		if (ss->ss_ops != NULL) {
178354Ssam			ss->ss_vap = vap;
170530Ssam			/*
170530Ssam			 * A background scan does not select a new sta; it
170530Ssam			 * just refreshes the scan cache.  Also, indicate
170530Ssam			 * the scan logic should follow the beacon schedule:
170530Ssam			 * we go off-channel and scan for a while, then
170530Ssam			 * return to the bss channel to receive a beacon,
170530Ssam			 * then go off-channel again.  All during this time
170530Ssam			 * we notify the ap we're in power save mode.  When
170530Ssam			 * the scan is complete we leave power save mode.
170530Ssam			 * If any beacon indicates there are frames pending
170530Ssam			 * for us then we drop out of power save mode
170530Ssam			 * (and background scan) automatically by way of the
170530Ssam			 * usual sta power save logic.
170530Ssam			 */
170530Ssam			ss->ss_flags |= IEEE80211_SCAN_NOPICK
178354Ssam				     |  IEEE80211_SCAN_BGSCAN
178354Ssam				     |  flags
178354Ssam				     ;
170530Ssam			/* if previous scan completed, restart */
170530Ssam			if (ss->ss_next >= ss->ss_last) {
170530Ssam				if (ss->ss_flags & IEEE80211_SCAN_ACTIVE)
178354Ssam					vap->iv_stats.is_scan_active++;
170530Ssam				else
178354Ssam					vap->iv_stats.is_scan_passive++;
178354Ssam				/*
178354Ssam				 * NB: beware of the scan cache being flushed;
178354Ssam				 *     if the channel list is empty use the
178354Ssam				 *     scan_start method to populate it.
178354Ssam				 */
178354Ssam				ss->ss_next = 0;
178354Ssam				if (ss->ss_last != 0)
178354Ssam					ss->ss_ops->scan_restart(ss, vap);
178354Ssam				else {
178354Ssam					ss->ss_ops->scan_start(ss, vap);
178354Ssam#ifdef IEEE80211_DEBUG
178354Ssam					if (ieee80211_msg_scan(vap))
276730Sadrian						ieee80211_scan_dump(ss);
178354Ssam#endif /* IEEE80211_DEBUG */
178354Ssam				}
170530Ssam			}
276730Sadrian			ieee80211_swscan_set_scan_duration(vap, duration);
170530Ssam			ss->ss_maxdwell = duration;
191746Sthompsa			ic->ic_flags |= IEEE80211_F_SCAN;
191746Sthompsa			ic->ic_flags_ext |= IEEE80211_FEXT_BGSCAN;
296232Savos			ieee80211_runtask(ic,
296232Savos			    &SCAN_PRIVATE(ss)->ss_scan_start);
170530Ssam		} else {
170530Ssam			/* XXX msg+stat */
170530Ssam		}
170530Ssam	} else {
178354Ssam		IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
170530Ssam		    "%s: %s scan already in progress\n", __func__,
170530Ssam		    ss->ss_flags & IEEE80211_SCAN_ACTIVE ? "active" : "passive");
170530Ssam	}
170530Ssam	IEEE80211_UNLOCK(ic);
170530Ssam
170530Ssam	/* NB: racey, does it matter? */
170530Ssam	return (ic->ic_flags & IEEE80211_F_SCAN);
170530Ssam}
170530Ssam
330232Seadler/*
330232Seadler * Taskqueue work to cancel a scan.
330232Seadler *
330232Seadler * Note: for offload scan devices, we may want to call into the
330232Seadler * driver to try and cancel scanning, however it may not be cancelable.
330232Seadler */
284143Sadrianstatic void
296227Savoscancel_scan(struct ieee80211vap *vap, int any, const char *func)
178354Ssam{
178354Ssam	struct ieee80211com *ic = vap->iv_ic;
178354Ssam	struct ieee80211_scan_state *ss = ic->ic_scan;
178354Ssam
178354Ssam	IEEE80211_LOCK(ic);
178354Ssam	if ((ic->ic_flags & IEEE80211_F_SCAN) &&
296227Savos	    (any || ss->ss_vap == vap) &&
178354Ssam	    (SCAN_PRIVATE(ss)->ss_iflags & ISCAN_CANCEL) == 0) {
178354Ssam		IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
296227Savos		    "%s: cancel %s scan\n", func,
178354Ssam		    ss->ss_flags & IEEE80211_SCAN_ACTIVE ?
178354Ssam			"active" : "passive");
178354Ssam
296234Savos		/* clear bg scan NOPICK */
178354Ssam		ss->ss_flags &= ~IEEE80211_SCAN_NOPICK;
296234Savos		/* mark cancel request and wake up the scan task */
296234Savos		scan_signal_locked(ss, ISCAN_CANCEL);
275973Sadrian	} else {
275973Sadrian		IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
275973Sadrian		    "%s: called; F_SCAN=%d, vap=%s, CANCEL=%d\n",
296227Savos			func,
275973Sadrian			!! (ic->ic_flags & IEEE80211_F_SCAN),
275973Sadrian			(ss->ss_vap == vap ? "match" : "nomatch"),
275973Sadrian			!! (SCAN_PRIVATE(ss)->ss_iflags & ISCAN_CANCEL));
178354Ssam	}
178354Ssam	IEEE80211_UNLOCK(ic);
178354Ssam}
178354Ssam
178354Ssam/*
296227Savos * Cancel any scan currently going on for the specified vap.
296227Savos */
296227Savosstatic void
296227Savosieee80211_swscan_cancel_scan(struct ieee80211vap *vap)
296227Savos{
296227Savos	cancel_scan(vap, 0, __func__);
296227Savos}
296227Savos
296227Savos/*
170530Ssam * Cancel any scan currently going on.
170530Ssam */
284143Sadrianstatic void
276730Sadrianieee80211_swscan_cancel_anyscan(struct ieee80211vap *vap)
170530Ssam{
330460Seadler
330460Seadler	/* XXX for now - just don't do this per packet. */
330460Seadler	if (vap->iv_flags_ext & IEEE80211_FEXT_SCAN_OFFLOAD)
330460Seadler		return;
330460Seadler
296227Savos	cancel_scan(vap, 1, __func__);
170530Ssam}
170530Ssam
170530Ssam/*
298392Savos * Manually switch to the next channel in the channel list.
298392Savos * Provided for drivers that manage scanning themselves
298392Savos * (e.g. for firmware-based devices).
170530Ssam */
284143Sadrianstatic void
276730Sadrianieee80211_swscan_scan_next(struct ieee80211vap *vap)
170530Ssam{
296234Savos	struct ieee80211_scan_state *ss = vap->iv_ic->ic_scan;
178354Ssam
275974Sadrian	IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, "%s: called\n", __func__);
275974Sadrian
191746Sthompsa	/* wake up the scan task */
296234Savos	scan_signal(ss, 0);
170530Ssam}
170530Ssam
170530Ssam/*
298392Savos * Manually stop a scan that is currently running.
298392Savos * Provided for drivers that are not able to scan single channels
298392Savos * (e.g. for firmware-based devices).
171125Sthompsa */
284143Sadrianstatic void
276730Sadrianieee80211_swscan_scan_done(struct ieee80211vap *vap)
171125Sthompsa{
178354Ssam	struct ieee80211com *ic = vap->iv_ic;
296235Savos	struct ieee80211_scan_state *ss = ic->ic_scan;
171125Sthompsa
276730Sadrian	IEEE80211_LOCK_ASSERT(ic);
275974Sadrian
296234Savos	scan_signal_locked(ss, 0);
171125Sthompsa}
171125Sthompsa
171125Sthompsa/*
298392Savos * Probe the current channel, if allowed, while scanning.
178354Ssam * If the channel is not marked passive-only then send
178354Ssam * a probe request immediately.  Otherwise mark state and
178354Ssam * listen for beacons on the channel; if we receive something
178354Ssam * then we'll transmit a probe request.
178354Ssam */
284143Sadrianstatic void
276730Sadrianieee80211_swscan_probe_curchan(struct ieee80211vap *vap, int force)
178354Ssam{
178354Ssam	struct ieee80211com *ic = vap->iv_ic;
178354Ssam	struct ieee80211_scan_state *ss = ic->ic_scan;
178354Ssam	struct ifnet *ifp = vap->iv_ifp;
178354Ssam	int i;
178354Ssam
178354Ssam	/*
330232Seadler	 * Full-offload scan devices don't require this.
330232Seadler	 */
330232Seadler	if (vap->iv_flags_ext & IEEE80211_FEXT_SCAN_OFFLOAD)
330232Seadler		return;
330232Seadler
330232Seadler	/*
178354Ssam	 * Send directed probe requests followed by any
178354Ssam	 * broadcast probe request.
178354Ssam	 * XXX remove dependence on ic/vap->iv_bss
178354Ssam	 */
178354Ssam	for (i = 0; i < ss->ss_nssid; i++)
178354Ssam		ieee80211_send_probereq(vap->iv_bss,
178354Ssam			vap->iv_myaddr, ifp->if_broadcastaddr,
178354Ssam			ifp->if_broadcastaddr,
178354Ssam			ss->ss_ssid[i].ssid, ss->ss_ssid[i].len);
178354Ssam	if ((ss->ss_flags & IEEE80211_SCAN_NOBCAST) == 0)
178354Ssam		ieee80211_send_probereq(vap->iv_bss,
178354Ssam			vap->iv_myaddr, ifp->if_broadcastaddr,
178354Ssam			ifp->if_broadcastaddr,
178354Ssam			"", 0);
178354Ssam}
178354Ssam
178354Ssam/*
170530Ssam * Scan curchan.  If this is an active scan and the channel
170530Ssam * is not marked passive then send probe request frame(s).
170530Ssam * Arrange for the channel change after maxdwell ticks.
170530Ssam */
170530Ssamstatic void
178354Ssamscan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
170530Ssam{
178354Ssam	struct ieee80211vap *vap  = ss->ss_vap;
296235Savos	struct ieee80211com *ic = ss->ss_ic;
170530Ssam
275974Sadrian	IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
275974Sadrian	    "%s: calling; maxdwell=%lu\n",
275974Sadrian	    __func__,
275974Sadrian	    maxdwell);
296235Savos	IEEE80211_LOCK(ic);
178354Ssam	if (ss->ss_flags & IEEE80211_SCAN_ACTIVE)
178354Ssam		ieee80211_probe_curchan(vap, 0);
296235Savos	taskqueue_enqueue_timeout(ic->ic_tq,
296232Savos	    &SCAN_PRIVATE(ss)->ss_scan_curchan, maxdwell);
296235Savos	IEEE80211_UNLOCK(ic);
170530Ssam}
170530Ssam
191746Sthompsastatic void
296234Savosscan_signal(struct ieee80211_scan_state *ss, int iflags)
191746Sthompsa{
296234Savos	struct ieee80211com *ic = ss->ss_ic;
296234Savos
296234Savos	IEEE80211_UNLOCK_ASSERT(ic);
296234Savos
296234Savos	IEEE80211_LOCK(ic);
296234Savos	scan_signal_locked(ss, iflags);
296234Savos	IEEE80211_UNLOCK(ic);
296234Savos}
296234Savos
296234Savosstatic void
296234Savosscan_signal_locked(struct ieee80211_scan_state *ss, int iflags)
296234Savos{
296232Savos	struct scan_state *ss_priv = SCAN_PRIVATE(ss);
296232Savos	struct timeout_task *scan_task = &ss_priv->ss_scan_curchan;
296232Savos	struct ieee80211com *ic = ss->ss_ic;
191746Sthompsa
296232Savos	IEEE80211_LOCK_ASSERT(ic);
296232Savos
296234Savos	ss_priv->ss_iflags |= iflags;
296232Savos	if (ss_priv->ss_iflags & ISCAN_RUNNING) {
296232Savos		if (taskqueue_cancel_timeout(ic->ic_tq, scan_task, NULL) == 0)
296232Savos			taskqueue_enqueue_timeout(ic->ic_tq, scan_task, 0);
296232Savos	}
191746Sthompsa}
191746Sthompsa
170530Ssam/*
170530Ssam * Handle mindwell requirements completed; initiate a channel
170530Ssam * change to the next channel asap.
170530Ssam */
170530Ssamstatic void
178354Ssamscan_mindwell(struct ieee80211_scan_state *ss)
170530Ssam{
191746Sthompsa
296241Sglebius	IEEE80211_DPRINTF(ss->ss_vap, IEEE80211_MSG_SCAN, "%s: called\n",
296241Sglebius	    __func__);
275974Sadrian
296234Savos	scan_signal(ss, 0);
170530Ssam}
170530Ssam
170530Ssamstatic void
296232Savosscan_start(void *arg, int pending)
170530Ssam{
191746Sthompsa#define	ISCAN_REP	(ISCAN_MINDWELL | ISCAN_DISCARD)
170530Ssam	struct ieee80211_scan_state *ss = (struct ieee80211_scan_state *) arg;
296228Savos	struct scan_state *ss_priv = SCAN_PRIVATE(ss);
178354Ssam	struct ieee80211vap *vap = ss->ss_vap;
191746Sthompsa	struct ieee80211com *ic = ss->ss_ic;
170530Ssam
191746Sthompsa	IEEE80211_LOCK(ic);
191746Sthompsa	if (vap == NULL || (ic->ic_flags & IEEE80211_F_SCAN) == 0 ||
296228Savos	    (ss_priv->ss_iflags & ISCAN_ABORT)) {
191746Sthompsa		/* Cancelled before we started */
296230Savos		scan_done(ss, 0);
296230Savos		return;
191746Sthompsa	}
178354Ssam
191746Sthompsa	if (ss->ss_next == ss->ss_last) {
191746Sthompsa		IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
191746Sthompsa			"%s: no channels to scan\n", __func__);
296230Savos		scan_done(ss, 1);
296230Savos		return;
191746Sthompsa	}
191746Sthompsa
330232Seadler	/*
330232Seadler	 * Put the station into power save mode.
330232Seadler	 *
330232Seadler	 * This is only required if we're not a full-offload devices;
330232Seadler	 * those devices manage scan/traffic differently.
330232Seadler	 */
330232Seadler	if (((vap->iv_flags_ext & IEEE80211_FEXT_SCAN_OFFLOAD) == 0) &&
330232Seadler	    vap->iv_opmode == IEEE80211_M_STA &&
191746Sthompsa	    vap->iv_state == IEEE80211_S_RUN) {
191746Sthompsa		if ((vap->iv_bss->ni_flags & IEEE80211_NODE_PWR_MGT) == 0) {
191746Sthompsa			/* Enable station power save mode */
241138Sadrian			vap->iv_sta_ps(vap, 1);
296233Savos			/* Wait until null data frame will be ACK'ed */
296232Savos			mtx_sleep(vap, IEEE80211_LOCK_OBJ(ic), PCATCH,
296233Savos			    "sta_ps", msecs_to_ticks(10));
296230Savos			if (ss_priv->ss_iflags & ISCAN_ABORT) {
296230Savos				scan_done(ss, 0);
296230Savos				return;
296230Savos			}
191746Sthompsa		}
191746Sthompsa	}
191746Sthompsa
296229Savos	ss_priv->ss_scanend = ticks + ss_priv->ss_duration;
275964Sadrian
275964Sadrian	/* XXX scan state can change! Re-validate scan state! */
275964Sadrian
191746Sthompsa	IEEE80211_UNLOCK(ic);
296232Savos
191746Sthompsa	ic->ic_scan_start(ic);		/* notify driver */
191746Sthompsa
296232Savos	scan_curchan_task(ss, 0);
296232Savos}
275974Sadrian
296232Savosstatic void
296232Savosscan_curchan_task(void *arg, int pending)
296232Savos{
296232Savos	struct ieee80211_scan_state *ss = arg;
296232Savos	struct scan_state *ss_priv = SCAN_PRIVATE(ss);
296232Savos	struct ieee80211com *ic = ss->ss_ic;
296232Savos	struct ieee80211_channel *chan;
296232Savos	unsigned long maxdwell;
296232Savos	int scandone;
275974Sadrian
296232Savos	IEEE80211_LOCK(ic);
296232Savosend:
296232Savos	scandone = (ss->ss_next >= ss->ss_last) ||
296232Savos	    (ss_priv->ss_iflags & ISCAN_CANCEL) != 0;
275974Sadrian
296241Sglebius	IEEE80211_DPRINTF(ss->ss_vap, IEEE80211_MSG_SCAN,
296232Savos	    "%s: loop start; scandone=%d\n",
296232Savos	    __func__,
296232Savos	    scandone);
191746Sthompsa
296232Savos	if (scandone || (ss->ss_flags & IEEE80211_SCAN_GOTPICK) ||
296232Savos	    (ss_priv->ss_iflags & ISCAN_ABORT) ||
297405Sadrian	     ieee80211_time_after(ticks + ss->ss_mindwell, ss_priv->ss_scanend)) {
296232Savos		ss_priv->ss_iflags &= ~ISCAN_RUNNING;
296232Savos		scan_end(ss, scandone);
296232Savos		return;
296232Savos	} else
296232Savos		ss_priv->ss_iflags |= ISCAN_RUNNING;
170530Ssam
296232Savos	chan = ss->ss_chans[ss->ss_next++];
170530Ssam
296232Savos	/*
296232Savos	 * Watch for truncation due to the scan end time.
296232Savos	 */
297405Sadrian	if (ieee80211_time_after(ticks + ss->ss_maxdwell, ss_priv->ss_scanend))
296232Savos		maxdwell = ss_priv->ss_scanend - ticks;
296232Savos	else
296232Savos		maxdwell = ss->ss_maxdwell;
170530Ssam
296241Sglebius	IEEE80211_DPRINTF(ss->ss_vap, IEEE80211_MSG_SCAN,
296232Savos	    "%s: chan %3d%c -> %3d%c [%s, dwell min %lums max %lums]\n",
296232Savos	    __func__,
296232Savos	    ieee80211_chan2ieee(ic, ic->ic_curchan),
296232Savos	    ieee80211_channel_type_char(ic->ic_curchan),
296232Savos	    ieee80211_chan2ieee(ic, chan),
296232Savos	    ieee80211_channel_type_char(chan),
296232Savos	    (ss->ss_flags & IEEE80211_SCAN_ACTIVE) &&
296232Savos		(chan->ic_flags & IEEE80211_CHAN_PASSIVE) == 0 ?
296232Savos		"active" : "passive",
296232Savos	    ticks_to_msecs(ss->ss_mindwell), ticks_to_msecs(maxdwell));
170530Ssam
296232Savos	/*
296232Savos	 * Potentially change channel and phy mode.
296232Savos	 */
296232Savos	ic->ic_curchan = chan;
296232Savos	ic->ic_rt = ieee80211_get_ratetable(chan);
296232Savos	IEEE80211_UNLOCK(ic);
296232Savos	/*
296232Savos	 * Perform the channel change and scan unlocked so the driver
296232Savos	 * may sleep. Once set_channel returns the hardware has
296232Savos	 * completed the channel change.
296232Savos	 */
296232Savos	ic->ic_set_channel(ic);
296232Savos	ieee80211_radiotap_chan_change(ic);
170530Ssam
296232Savos	/*
296232Savos	 * Scan curchan.  Drivers for "intelligent hardware"
296232Savos	 * override ic_scan_curchan to tell the device to do
296232Savos	 * the work.  Otherwise we manage the work ourselves;
296232Savos	 * sending a probe request (as needed), and arming the
296232Savos	 * timeout to switch channels after maxdwell ticks.
296232Savos	 *
296232Savos	 * scan_curchan should only pause for the time required to
296232Savos	 * prepare/initiate the hardware for the scan (if at all).
296232Savos	 */
296232Savos	ic->ic_scan_curchan(ss, maxdwell);
296232Savos	IEEE80211_LOCK(ic);
275964Sadrian
296232Savos	/* XXX scan state can change! Re-validate scan state! */
170530Ssam
296232Savos	ss_priv->ss_chanmindwell = ticks + ss->ss_mindwell;
296232Savos	/* clear mindwell lock and initial channel change flush */
296232Savos	ss_priv->ss_iflags &= ~ISCAN_REP;
170530Ssam
298293Savos	if (ss_priv->ss_iflags & (ISCAN_CANCEL|ISCAN_ABORT)) {
298293Savos		taskqueue_cancel_timeout(ic->ic_tq, &ss_priv->ss_scan_curchan,
298293Savos		    NULL);
296232Savos		goto end;
298293Savos	}
296232Savos
296241Sglebius	IEEE80211_DPRINTF(ss->ss_vap, IEEE80211_MSG_SCAN, "%s: waiting\n",
296241Sglebius	    __func__);
296232Savos	IEEE80211_UNLOCK(ic);
296231Savos}
275974Sadrian
296231Savosstatic void
296231Savosscan_end(struct ieee80211_scan_state *ss, int scandone)
296231Savos{
296231Savos	struct scan_state *ss_priv = SCAN_PRIVATE(ss);
296231Savos	struct ieee80211vap *vap = ss->ss_vap;
296231Savos	struct ieee80211com *ic = ss->ss_ic;
296231Savos
296231Savos	IEEE80211_LOCK_ASSERT(ic);
296231Savos
275974Sadrian	IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, "%s: out\n", __func__);
275974Sadrian
296230Savos	if (ss_priv->ss_iflags & ISCAN_ABORT) {
296230Savos		scan_done(ss, scandone);
296230Savos		return;
296230Savos	}
170530Ssam
191746Sthompsa	IEEE80211_UNLOCK(ic);
191746Sthompsa	ic->ic_scan_end(ic);		/* notify driver */
191746Sthompsa	IEEE80211_LOCK(ic);
275964Sadrian	/* XXX scan state can change! Re-validate scan state! */
170530Ssam
191746Sthompsa	/*
298995Spfg	 * Since a cancellation may have occurred during one of the
232373Sadrian	 * driver calls (whilst unlocked), update scandone.
232373Sadrian	 */
296228Savos	if (scandone == 0 && (ss_priv->ss_iflags & ISCAN_CANCEL) != 0) {
232373Sadrian		/* XXX printf? */
232373Sadrian		if_printf(vap->iv_ifp,
275964Sadrian		    "%s: OOPS! scan cancelled during driver call (1)!\n",
232373Sadrian		    __func__);
275964Sadrian		scandone = 1;
232373Sadrian	}
232373Sadrian
232373Sadrian	/*
191746Sthompsa	 * Record scan complete time.  Note that we also do
191746Sthompsa	 * this when canceled so any background scan will
191746Sthompsa	 * not be restarted for a while.
191746Sthompsa	 */
191746Sthompsa	if (scandone)
191746Sthompsa		ic->ic_lastscan = ticks;
191746Sthompsa	/* return to the bss channel */
191746Sthompsa	if (ic->ic_bsschan != IEEE80211_CHAN_ANYC &&
191746Sthompsa	    ic->ic_curchan != ic->ic_bsschan) {
191746Sthompsa		ieee80211_setupcurchan(ic, ic->ic_bsschan);
191746Sthompsa		IEEE80211_UNLOCK(ic);
191746Sthompsa		ic->ic_set_channel(ic);
192468Ssam		ieee80211_radiotap_chan_change(ic);
191746Sthompsa		IEEE80211_LOCK(ic);
191746Sthompsa	}
191746Sthompsa	/* clear internal flags and any indication of a pick */
296228Savos	ss_priv->ss_iflags &= ~ISCAN_REP;
191746Sthompsa	ss->ss_flags &= ~IEEE80211_SCAN_GOTPICK;
191746Sthompsa
191746Sthompsa	/*
191746Sthompsa	 * If not canceled and scan completed, do post-processing.
191746Sthompsa	 * If the callback function returns 0, then it wants to
191746Sthompsa	 * continue/restart scanning.  Unfortunately we needed to
191746Sthompsa	 * notify the driver to end the scan above to avoid having
191746Sthompsa	 * rx frames alter the scan candidate list.
191746Sthompsa	 */
296228Savos	if ((ss_priv->ss_iflags & ISCAN_CANCEL) == 0 &&
191746Sthompsa	    !ss->ss_ops->scan_end(ss, vap) &&
191746Sthompsa	    (ss->ss_flags & IEEE80211_SCAN_ONCE) == 0 &&
297405Sadrian	    ieee80211_time_before(ticks + ss->ss_mindwell, ss_priv->ss_scanend)) {
191746Sthompsa		IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
191746Sthompsa		    "%s: done, restart "
191746Sthompsa		    "[ticks %u, dwell min %lu scanend %lu]\n",
191746Sthompsa		    __func__,
296229Savos		    ticks, ss->ss_mindwell, ss_priv->ss_scanend);
298995Spfg		ss->ss_next = 0;	/* reset to beginning */
191746Sthompsa		if (ss->ss_flags & IEEE80211_SCAN_ACTIVE)
191746Sthompsa			vap->iv_stats.is_scan_active++;
191746Sthompsa		else
191746Sthompsa			vap->iv_stats.is_scan_passive++;
191746Sthompsa
191746Sthompsa		ss->ss_ops->scan_restart(ss, vap);	/* XXX? */
296232Savos		ieee80211_runtask(ic, &ss_priv->ss_scan_start);
191746Sthompsa		IEEE80211_UNLOCK(ic);
191746Sthompsa		return;
191746Sthompsa	}
191746Sthompsa
191746Sthompsa	/* past here, scandone is ``true'' if not in bg mode */
191746Sthompsa	if ((ss->ss_flags & IEEE80211_SCAN_BGSCAN) == 0)
191746Sthompsa		scandone = 1;
191746Sthompsa
191746Sthompsa	IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
191746Sthompsa	    "%s: %s, [ticks %u, dwell min %lu scanend %lu]\n",
191746Sthompsa	    __func__, scandone ? "done" : "stopped",
296229Savos	    ticks, ss->ss_mindwell, ss_priv->ss_scanend);
191746Sthompsa
191746Sthompsa	/*
298995Spfg	 * Since a cancellation may have occurred during one of the
275964Sadrian	 * driver calls (whilst unlocked), update scandone.
275964Sadrian	 */
296228Savos	if (scandone == 0 && (ss_priv->ss_iflags & ISCAN_CANCEL) != 0) {
275964Sadrian		/* XXX printf? */
275964Sadrian		if_printf(vap->iv_ifp,
275964Sadrian		    "%s: OOPS! scan cancelled during driver call (2)!\n",
275964Sadrian		    __func__);
275964Sadrian		scandone = 1;
275964Sadrian	}
275964Sadrian
296230Savos	scan_done(ss, scandone);
296230Savos}
296230Savos
296230Savosstatic void
296230Savosscan_done(struct ieee80211_scan_state *ss, int scandone)
296230Savos{
296230Savos	struct scan_state *ss_priv = SCAN_PRIVATE(ss);
296230Savos	struct ieee80211com *ic = ss->ss_ic;
296230Savos	struct ieee80211vap *vap = ss->ss_vap;
296230Savos
296230Savos	IEEE80211_LOCK_ASSERT(ic);
296230Savos
275964Sadrian	/*
191746Sthompsa	 * Clear the SCAN bit first in case frames are
191746Sthompsa	 * pending on the station power save queue.  If
191746Sthompsa	 * we defer this then the dispatch of the frames
191746Sthompsa	 * may generate a request to cancel scanning.
191746Sthompsa	 */
191746Sthompsa	ic->ic_flags &= ~IEEE80211_F_SCAN;
296230Savos
191746Sthompsa	/*
191746Sthompsa	 * Drop out of power save mode when a scan has
191746Sthompsa	 * completed.  If this scan was prematurely terminated
191746Sthompsa	 * because it is a background scan then don't notify
191746Sthompsa	 * the ap; we'll either return to scanning after we
191746Sthompsa	 * receive the beacon frame or we'll drop out of power
191746Sthompsa	 * save mode because the beacon indicates we have frames
191746Sthompsa	 * waiting for us.
191746Sthompsa	 */
191746Sthompsa	if (scandone) {
330232Seadler		/*
330232Seadler		 * If we're not a scan offload device, come back out of
330232Seadler		 * station powersave.  Offload devices handle this themselves.
330232Seadler		 */
330232Seadler		if ((vap->iv_flags_ext & IEEE80211_FEXT_SCAN_OFFLOAD) == 0)
330232Seadler			vap->iv_sta_ps(vap, 0);
300383Savos		if (ss->ss_next >= ss->ss_last)
191746Sthompsa			ic->ic_flags_ext &= ~IEEE80211_FEXT_BGSCAN;
300383Savos
300383Savos		ieee80211_notify_scan_done(vap);
170530Ssam	}
296228Savos	ss_priv->ss_iflags &= ~(ISCAN_CANCEL|ISCAN_ABORT);
296229Savos	ss_priv->ss_scanend = 0;
191746Sthompsa	ss->ss_flags &= ~(IEEE80211_SCAN_ONCE | IEEE80211_SCAN_PICK1ST);
191746Sthompsa	IEEE80211_UNLOCK(ic);
170530Ssam#undef ISCAN_REP
170530Ssam}
170530Ssam
170530Ssam/*
170530Ssam * Process a beacon or probe response frame.
170530Ssam */
284143Sadrianstatic void
276730Sadrianieee80211_swscan_add_scan(struct ieee80211vap *vap,
282742Sadrian	struct ieee80211_channel *curchan,
170530Ssam	const struct ieee80211_scanparams *sp,
170530Ssam	const struct ieee80211_frame *wh,
192468Ssam	int subtype, int rssi, int noise)
170530Ssam{
178354Ssam	struct ieee80211com *ic = vap->iv_ic;
170530Ssam	struct ieee80211_scan_state *ss = ic->ic_scan;
170530Ssam
178354Ssam	/* XXX locking */
170530Ssam	/*
170530Ssam	 * Frames received during startup are discarded to avoid
170530Ssam	 * using scan state setup on the initial entry to the timer
170530Ssam	 * callback.  This can occur because the device may enable
170530Ssam	 * rx prior to our doing the initial channel change in the
178354Ssam	 * timer routine.
170530Ssam	 */
170530Ssam	if (SCAN_PRIVATE(ss)->ss_iflags & ISCAN_DISCARD)
170530Ssam		return;
170530Ssam#ifdef IEEE80211_DEBUG
178354Ssam	if (ieee80211_msg_scan(vap) && (ic->ic_flags & IEEE80211_F_SCAN))
276730Sadrian		ieee80211_scan_dump_probe_beacon(subtype, 1, wh->i_addr2, sp, rssi);
170530Ssam#endif
170530Ssam	if (ss->ss_ops != NULL &&
282742Sadrian	    ss->ss_ops->scan_add(ss, curchan, sp, wh, subtype, rssi, noise)) {
170530Ssam		/*
170530Ssam		 * If we've reached the min dwell time terminate
170530Ssam		 * the timer so we'll switch to the next channel.
170530Ssam		 */
170530Ssam		if ((SCAN_PRIVATE(ss)->ss_iflags & ISCAN_MINDWELL) == 0 &&
297405Sadrian		    ieee80211_time_after_eq(ticks, SCAN_PRIVATE(ss)->ss_chanmindwell)) {
178354Ssam			IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
170530Ssam			    "%s: chan %3d%c min dwell met (%u > %lu)\n",
170530Ssam			    __func__,
170530Ssam			    ieee80211_chan2ieee(ic, ic->ic_curchan),
276757Sadrian			    ieee80211_channel_type_char(ic->ic_curchan),
170530Ssam			    ticks, SCAN_PRIVATE(ss)->ss_chanmindwell);
170530Ssam			SCAN_PRIVATE(ss)->ss_iflags |= ISCAN_MINDWELL;
170530Ssam			/*
170530Ssam			 * NB: trigger at next clock tick or wait for the
178354Ssam			 * hardware.
170530Ssam			 */
178354Ssam			ic->ic_scan_mindwell(ss);
170530Ssam		}
170530Ssam	}
170530Ssam}
170530Ssam
284143Sadrianstatic struct ieee80211_scan_methods swscan_methods = {
284143Sadrian	.sc_attach = ieee80211_swscan_attach,
284143Sadrian	.sc_detach = ieee80211_swscan_detach,
284143Sadrian	.sc_vattach = ieee80211_swscan_vattach,
284143Sadrian	.sc_vdetach = ieee80211_swscan_vdetach,
284143Sadrian	.sc_set_scan_duration = ieee80211_swscan_set_scan_duration,
284143Sadrian	.sc_start_scan = ieee80211_swscan_start_scan,
284143Sadrian	.sc_check_scan = ieee80211_swscan_check_scan,
284143Sadrian	.sc_bg_scan = ieee80211_swscan_bg_scan,
284143Sadrian	.sc_cancel_scan = ieee80211_swscan_cancel_scan,
284143Sadrian	.sc_cancel_anyscan = ieee80211_swscan_cancel_anyscan,
284143Sadrian	.sc_scan_next = ieee80211_swscan_scan_next,
284143Sadrian	.sc_scan_done = ieee80211_swscan_scan_done,
284143Sadrian	.sc_scan_probe_curchan = ieee80211_swscan_probe_curchan,
284143Sadrian	.sc_add_scan = ieee80211_swscan_add_scan
284143Sadrian};
284143Sadrian
284143Sadrian/*
284143Sadrian * Default scan attach method.
284143Sadrian */
284143Sadrianvoid
284143Sadrianieee80211_swscan_attach(struct ieee80211com *ic)
284143Sadrian{
284143Sadrian	struct scan_state *ss;
284143Sadrian
284143Sadrian	/*
284143Sadrian	 * Setup the default methods
284143Sadrian	 */
284143Sadrian	ic->ic_scan_methods = &swscan_methods;
284143Sadrian
284143Sadrian	/* Allocate initial scan state */
284143Sadrian	ss = (struct scan_state *) IEEE80211_MALLOC(sizeof(struct scan_state),
284143Sadrian		M_80211_SCAN, IEEE80211_M_NOWAIT | IEEE80211_M_ZERO);
284143Sadrian	if (ss == NULL) {
284143Sadrian		ic->ic_scan = NULL;
284143Sadrian		return;
284143Sadrian	}
296232Savos	TASK_INIT(&ss->ss_scan_start, 0, scan_start, ss);
296232Savos	TIMEOUT_TASK_INIT(ic->ic_tq, &ss->ss_scan_curchan, 0,
296232Savos	    scan_curchan_task, ss);
284143Sadrian
284143Sadrian	ic->ic_scan = &ss->base;
284143Sadrian	ss->base.ss_ic = ic;
284143Sadrian
284143Sadrian	ic->ic_scan_curchan = scan_curchan;
284143Sadrian	ic->ic_scan_mindwell = scan_mindwell;
284143Sadrian}