ieee80211_scan.h revision 282742
1170530Ssam/*- 2186904Ssam * Copyright (c) 2005-2009 Sam Leffler, Errno Consulting 3170530Ssam * All rights reserved. 4170530Ssam * 5170530Ssam * Redistribution and use in source and binary forms, with or without 6170530Ssam * modification, are permitted provided that the following conditions 7170530Ssam * are met: 8170530Ssam * 1. Redistributions of source code must retain the above copyright 9170530Ssam * notice, this list of conditions and the following disclaimer. 10170530Ssam * 2. Redistributions in binary form must reproduce the above copyright 11170530Ssam * notice, this list of conditions and the following disclaimer in the 12170530Ssam * documentation and/or other materials provided with the distribution. 13170530Ssam * 14170530Ssam * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15170530Ssam * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16170530Ssam * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17170530Ssam * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18170530Ssam * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19170530Ssam * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20170530Ssam * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21170530Ssam * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22170530Ssam * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23170530Ssam * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24170530Ssam * 25170530Ssam * $FreeBSD: head/sys/net80211/ieee80211_scan.h 282742 2015-05-10 22:07:53Z adrian $ 26170530Ssam */ 27170530Ssam#ifndef _NET80211_IEEE80211_SCAN_H_ 28170530Ssam#define _NET80211_IEEE80211_SCAN_H_ 29170530Ssam 30178354Ssam/* 31178354Ssam * 802.11 scanning support. 32178354Ssam * 33178354Ssam * Scanning is the procedure by which a station locates a bss to join 34178354Ssam * (infrastructure/ibss mode), or a channel to use (when operating as 35178354Ssam * an ap or ibss master). Scans are either "active" or "passive". An 36178354Ssam * active scan causes one or more probe request frames to be sent on 37178354Ssam * visiting each channel. A passive request causes each channel in the 38178354Ssam * scan set to be visited but no frames to be transmitted; the station 39178354Ssam * only listens for traffic. Note that active scanning may still need 40178354Ssam * to listen for traffic before sending probe request frames depending 41178354Ssam * on regulatory constraints; the 802.11 layer handles this by generating 42178354Ssam * a callback when scanning on a ``passive channel'' when the 43178354Ssam * IEEE80211_FEXT_PROBECHAN flag is set. 44178354Ssam * 45190578Srpaulo * A scan operation involves constructing a set of channels to inspect 46178354Ssam * (the scan set), visiting each channel and collecting information 47178354Ssam * (e.g. what bss are present), and then analyzing the results to make 48178354Ssam * decisions like which bss to join. This process needs to be as fast 49178354Ssam * as possible so we do things like intelligently construct scan sets 50178354Ssam * and dwell on a channel only as long as necessary. The scan code also 51178354Ssam * maintains a cache of recent scan results and uses it to bypass scanning 52178354Ssam * whenever possible. The scan cache is also used to enable roaming 53178354Ssam * between access points when operating in infrastructure mode. 54178354Ssam * 55178354Ssam * Scanning is handled with pluggable modules that implement "policy" 56178354Ssam * per-operating mode. The core scanning support provides an 57178354Ssam * instrastructure to support these modules and exports a common api 58178354Ssam * to the rest of the 802.11 layer. Policy modules decide what 59178354Ssam * channels to visit, what state to record to make decisions (e.g. ap 60178354Ssam * mode scanning for auto channel selection keeps significantly less 61178354Ssam * state than sta mode scanning for an ap to associate to), and selects 62178354Ssam * the final station/channel to return as the result of a scan. 63178354Ssam * 64178354Ssam * Scanning is done synchronously when initially bringing a vap to an 65178354Ssam * operational state and optionally in the background to maintain the 66178354Ssam * scan cache for doing roaming and rogue ap monitoring. Scanning is 67178354Ssam * not tied to the 802.11 state machine that governs vaps though there 68178354Ssam * is linkage to the IEEE80211_SCAN state. Only one vap at a time may 69178354Ssam * be scanning; this scheduling policy is handled in ieee80211_new_state 70178354Ssam * and is invisible to the scanning code. 71178354Ssam*/ 72170530Ssam#define IEEE80211_SCAN_MAX IEEE80211_CHAN_MAX 73170530Ssam 74178354Ssamstruct ieee80211_scanner; /* scan policy state */ 75170530Ssam 76170530Ssamstruct ieee80211_scan_ssid { 77178354Ssam int len; /* length in bytes */ 78178354Ssam uint8_t ssid[IEEE80211_NWID_LEN]; /* ssid contents */ 79170530Ssam}; 80178354Ssam#define IEEE80211_SCAN_MAX_SSID 1 /* max # ssid's to probe */ 81170530Ssam 82178354Ssam/* 83178354Ssam * Scan state visible to the 802.11 layer. Scan parameters and 84178354Ssam * results are stored in this data structure. The ieee80211_scan_state 85178354Ssam * structure is extended with space that is maintained private to 86178354Ssam * the core scanning support. We allocate one instance and link it 87178354Ssam * to the ieee80211com structure; then share it between all associated 88178354Ssam * vaps. We could allocate multiple of these, e.g. to hold multiple 89178354Ssam * scan results, but this is sufficient for current needs. 90178354Ssam */ 91170530Ssamstruct ieee80211_scan_state { 92178354Ssam struct ieee80211vap *ss_vap; 93191746Sthompsa struct ieee80211com *ss_ic; 94170530Ssam const struct ieee80211_scanner *ss_ops; /* policy hookup, see below */ 95170530Ssam void *ss_priv; /* scanner private state */ 96170530Ssam uint16_t ss_flags; 97170530Ssam#define IEEE80211_SCAN_NOPICK 0x0001 /* scan only, no selection */ 98170530Ssam#define IEEE80211_SCAN_ACTIVE 0x0002 /* active scan (probe req) */ 99170530Ssam#define IEEE80211_SCAN_PICK1ST 0x0004 /* ``hey sailor'' mode */ 100170530Ssam#define IEEE80211_SCAN_BGSCAN 0x0008 /* bg scan, exit ps at end */ 101170530Ssam#define IEEE80211_SCAN_ONCE 0x0010 /* do one complete pass */ 102178354Ssam#define IEEE80211_SCAN_NOBCAST 0x0020 /* no broadcast probe req */ 103178354Ssam#define IEEE80211_SCAN_NOJOIN 0x0040 /* no auto-sequencing */ 104170530Ssam#define IEEE80211_SCAN_GOTPICK 0x1000 /* got candidate, can stop */ 105170530Ssam uint8_t ss_nssid; /* # ssid's to probe/match */ 106170530Ssam struct ieee80211_scan_ssid ss_ssid[IEEE80211_SCAN_MAX_SSID]; 107170530Ssam /* ssid's to probe/match */ 108170530Ssam /* ordered channel set */ 109170530Ssam struct ieee80211_channel *ss_chans[IEEE80211_SCAN_MAX]; 110170530Ssam uint16_t ss_next; /* ix of next chan to scan */ 111170530Ssam uint16_t ss_last; /* ix+1 of last chan to scan */ 112170530Ssam unsigned long ss_mindwell; /* min dwell on channel */ 113170530Ssam unsigned long ss_maxdwell; /* max dwell on channel */ 114170530Ssam}; 115170530Ssam 116170530Ssam/* 117170530Ssam * The upper 16 bits of the flags word is used to communicate 118170530Ssam * information to the scanning code that is NOT recorded in 119170530Ssam * ss_flags. It might be better to split this stuff out into 120170530Ssam * a separate variable to avoid confusion. 121170530Ssam */ 122178354Ssam#define IEEE80211_SCAN_FLUSH 0x00010000 /* flush candidate table */ 123178354Ssam#define IEEE80211_SCAN_NOSSID 0x80000000 /* don't update ssid list */ 124170530Ssam 125170530Ssamstruct ieee80211com; 126170530Ssamvoid ieee80211_scan_attach(struct ieee80211com *); 127170530Ssamvoid ieee80211_scan_detach(struct ieee80211com *); 128178354Ssamvoid ieee80211_scan_vattach(struct ieee80211vap *); 129178354Ssamvoid ieee80211_scan_vdetach(struct ieee80211vap *); 130170530Ssam 131170530Ssamvoid ieee80211_scan_dump_channels(const struct ieee80211_scan_state *); 132170530Ssam 133170530Ssam#define IEEE80211_SCAN_FOREVER 0x7fffffff 134178354Ssamint ieee80211_start_scan(struct ieee80211vap *, int flags, 135178354Ssam u_int duration, u_int mindwell, u_int maxdwell, 136170530Ssam u_int nssid, const struct ieee80211_scan_ssid ssids[]); 137178354Ssamint ieee80211_check_scan(struct ieee80211vap *, int flags, 138178354Ssam u_int duration, u_int mindwell, u_int maxdwell, 139170530Ssam u_int nssid, const struct ieee80211_scan_ssid ssids[]); 140178354Ssamint ieee80211_check_scan_current(struct ieee80211vap *); 141178354Ssamint ieee80211_bg_scan(struct ieee80211vap *, int); 142178354Ssamvoid ieee80211_cancel_scan(struct ieee80211vap *); 143178354Ssamvoid ieee80211_cancel_anyscan(struct ieee80211vap *); 144178354Ssamvoid ieee80211_scan_next(struct ieee80211vap *); 145178354Ssamvoid ieee80211_scan_done(struct ieee80211vap *); 146178354Ssamvoid ieee80211_probe_curchan(struct ieee80211vap *, int); 147178354Ssamstruct ieee80211_channel *ieee80211_scan_pickchannel(struct ieee80211com *, int); 148170530Ssam 149170530Ssamstruct ieee80211_scanparams; 150178354Ssamvoid ieee80211_add_scan(struct ieee80211vap *, 151282742Sadrian struct ieee80211_channel *, 152170530Ssam const struct ieee80211_scanparams *, 153170530Ssam const struct ieee80211_frame *, 154192468Ssam int subtype, int rssi, int noise); 155170530Ssamvoid ieee80211_scan_timeout(struct ieee80211com *); 156170530Ssam 157178354Ssamvoid ieee80211_scan_assoc_success(struct ieee80211vap *, 158170530Ssam const uint8_t mac[IEEE80211_ADDR_LEN]); 159170530Ssamenum { 160170530Ssam IEEE80211_SCAN_FAIL_TIMEOUT = 1, /* no response to mgmt frame */ 161170530Ssam IEEE80211_SCAN_FAIL_STATUS = 2 /* negative response to " " */ 162170530Ssam}; 163178354Ssamvoid ieee80211_scan_assoc_fail(struct ieee80211vap *, 164170530Ssam const uint8_t mac[IEEE80211_ADDR_LEN], int reason); 165178354Ssamvoid ieee80211_scan_flush(struct ieee80211vap *); 166170530Ssam 167170530Ssamstruct ieee80211_scan_entry; 168170530Ssamtypedef void ieee80211_scan_iter_func(void *, 169170530Ssam const struct ieee80211_scan_entry *); 170178354Ssamvoid ieee80211_scan_iterate(struct ieee80211vap *, 171170530Ssam ieee80211_scan_iter_func, void *); 172178354Ssamenum { 173178354Ssam IEEE80211_BPARSE_BADIELEN = 0x01, /* ie len past end of frame */ 174178354Ssam IEEE80211_BPARSE_RATES_INVALID = 0x02, /* invalid RATES ie */ 175178354Ssam IEEE80211_BPARSE_XRATES_INVALID = 0x04, /* invalid XRATES ie */ 176178354Ssam IEEE80211_BPARSE_SSID_INVALID = 0x08, /* invalid SSID ie */ 177178354Ssam IEEE80211_BPARSE_CHAN_INVALID = 0x10, /* invalid FH/DSPARMS chan */ 178178354Ssam IEEE80211_BPARSE_OFFCHAN = 0x20, /* DSPARMS chan != curchan */ 179178354Ssam IEEE80211_BPARSE_BINTVAL_INVALID= 0x40, /* invalid beacon interval */ 180193439Ssam IEEE80211_BPARSE_CSA_INVALID = 0x80, /* invalid CSA ie */ 181178354Ssam}; 182170530Ssam 183170530Ssam/* 184170530Ssam * Parameters supplied when adding/updating an entry in a 185170530Ssam * scan cache. Pointer variables should be set to NULL 186170530Ssam * if no data is available. Pointer references can be to 187170530Ssam * local data; any information that is saved will be copied. 188170530Ssam * All multi-byte values must be in host byte order. 189170530Ssam */ 190170530Ssamstruct ieee80211_scanparams { 191178354Ssam uint8_t status; /* bitmask of IEEE80211_BPARSE_* */ 192178354Ssam uint8_t chan; /* channel # from FH/DSPARMS */ 193178354Ssam uint8_t bchan; /* curchan's channel # */ 194178354Ssam uint8_t fhindex; 195178354Ssam uint16_t fhdwell; /* FHSS dwell interval */ 196170530Ssam uint16_t capinfo; /* 802.11 capabilities */ 197178354Ssam uint16_t erp; /* NB: 0x100 indicates ie present */ 198170530Ssam uint16_t bintval; 199170530Ssam uint8_t timoff; 200178354Ssam uint8_t *ies; /* all captured ies */ 201178354Ssam size_t ies_len; /* length of all captured ies */ 202170530Ssam uint8_t *tim; 203170530Ssam uint8_t *tstamp; 204170530Ssam uint8_t *country; 205170530Ssam uint8_t *ssid; 206170530Ssam uint8_t *rates; 207170530Ssam uint8_t *xrates; 208170530Ssam uint8_t *doth; 209170530Ssam uint8_t *wpa; 210170530Ssam uint8_t *rsn; 211170530Ssam uint8_t *wme; 212170530Ssam uint8_t *htcap; 213170530Ssam uint8_t *htinfo; 214170530Ssam uint8_t *ath; 215186904Ssam uint8_t *tdma; 216193439Ssam uint8_t *csa; 217227331Sadrian uint8_t *quiet; 218195618Srpaulo uint8_t *meshid; 219195618Srpaulo uint8_t *meshconf; 220193439Ssam uint8_t *spare[3]; 221170530Ssam}; 222170530Ssam 223170530Ssam/* 224170530Ssam * Scan cache entry format used when exporting data from a policy 225170530Ssam * module; this data may be represented some other way internally. 226170530Ssam */ 227170530Ssamstruct ieee80211_scan_entry { 228170530Ssam uint8_t se_macaddr[IEEE80211_ADDR_LEN]; 229170530Ssam uint8_t se_bssid[IEEE80211_ADDR_LEN]; 230178354Ssam /* XXX can point inside se_ies */ 231170530Ssam uint8_t se_ssid[2+IEEE80211_NWID_LEN]; 232170530Ssam uint8_t se_rates[2+IEEE80211_RATE_MAXSIZE]; 233170530Ssam uint8_t se_xrates[2+IEEE80211_RATE_MAXSIZE]; 234170530Ssam union { 235170530Ssam uint8_t data[8]; 236178354Ssam u_int64_t tsf; 237170530Ssam } se_tstamp; /* from last rcv'd beacon */ 238170530Ssam uint16_t se_intval; /* beacon interval (host byte order) */ 239170530Ssam uint16_t se_capinfo; /* capabilities (host byte order) */ 240170530Ssam struct ieee80211_channel *se_chan;/* channel where sta found */ 241170530Ssam uint16_t se_timoff; /* byte offset to TIM ie */ 242170530Ssam uint16_t se_fhdwell; /* FH only (host byte order) */ 243170530Ssam uint8_t se_fhindex; /* FH only */ 244178354Ssam uint8_t se_dtimperiod; /* DTIM period */ 245178354Ssam uint16_t se_erp; /* ERP from beacon/probe resp */ 246170530Ssam int8_t se_rssi; /* avg'd recv ssi */ 247170530Ssam int8_t se_noise; /* noise floor */ 248178354Ssam uint8_t se_cc[2]; /* captured country code */ 249195618Srpaulo uint8_t se_meshid[2+IEEE80211_MESHID_LEN]; 250178354Ssam struct ieee80211_ies se_ies; /* captured ie's */ 251170530Ssam u_int se_age; /* age of entry (0 on create) */ 252170530Ssam}; 253170530SsamMALLOC_DECLARE(M_80211_SCAN); 254170530Ssam 255170530Ssam/* 256170530Ssam * Template for an in-kernel scan policy module. 257170530Ssam * Modules register with the scanning code and are 258170530Ssam * typically loaded as needed. 259170530Ssam */ 260170530Ssamstruct ieee80211_scanner { 261170530Ssam const char *scan_name; /* printable name */ 262170530Ssam int (*scan_attach)(struct ieee80211_scan_state *); 263170530Ssam int (*scan_detach)(struct ieee80211_scan_state *); 264170530Ssam int (*scan_start)(struct ieee80211_scan_state *, 265178354Ssam struct ieee80211vap *); 266170530Ssam int (*scan_restart)(struct ieee80211_scan_state *, 267178354Ssam struct ieee80211vap *); 268170530Ssam int (*scan_cancel)(struct ieee80211_scan_state *, 269178354Ssam struct ieee80211vap *); 270170530Ssam int (*scan_end)(struct ieee80211_scan_state *, 271178354Ssam struct ieee80211vap *); 272170530Ssam int (*scan_flush)(struct ieee80211_scan_state *); 273178354Ssam struct ieee80211_channel *(*scan_pickchan)( 274178354Ssam struct ieee80211_scan_state *, int); 275170530Ssam /* add an entry to the cache */ 276170530Ssam int (*scan_add)(struct ieee80211_scan_state *, 277282742Sadrian struct ieee80211_channel *, 278170530Ssam const struct ieee80211_scanparams *, 279170530Ssam const struct ieee80211_frame *, 280192468Ssam int subtype, int rssi, int noise); 281170530Ssam /* age and/or purge entries in the cache */ 282170530Ssam void (*scan_age)(struct ieee80211_scan_state *); 283170530Ssam /* note that association failed for an entry */ 284170530Ssam void (*scan_assoc_fail)(struct ieee80211_scan_state *, 285170530Ssam const uint8_t macaddr[IEEE80211_ADDR_LEN], 286170530Ssam int reason); 287170530Ssam /* note that association succeed for an entry */ 288170530Ssam void (*scan_assoc_success)(struct ieee80211_scan_state *, 289170530Ssam const uint8_t macaddr[IEEE80211_ADDR_LEN]); 290170530Ssam /* iterate over entries in the scan cache */ 291170530Ssam void (*scan_iterate)(struct ieee80211_scan_state *, 292170530Ssam ieee80211_scan_iter_func *, void *); 293193239Ssam void (*scan_spare0)(void); 294193239Ssam void (*scan_spare1)(void); 295193239Ssam void (*scan_spare2)(void); 296193239Ssam void (*scan_spare4)(void); 297170530Ssam}; 298170530Ssamvoid ieee80211_scanner_register(enum ieee80211_opmode, 299170530Ssam const struct ieee80211_scanner *); 300170530Ssamvoid ieee80211_scanner_unregister(enum ieee80211_opmode, 301170530Ssam const struct ieee80211_scanner *); 302170530Ssamvoid ieee80211_scanner_unregister_all(const struct ieee80211_scanner *); 303170530Ssamconst struct ieee80211_scanner *ieee80211_scanner_get(enum ieee80211_opmode); 304276730Sadrianvoid ieee80211_scan_update_locked(struct ieee80211vap *vap, 305276730Sadrian const struct ieee80211_scanner *scan); 306276730Sadrianvoid ieee80211_scan_copy_ssid(struct ieee80211vap *vap, 307276730Sadrian struct ieee80211_scan_state *ss, 308276730Sadrian int nssid, const struct ieee80211_scan_ssid ssids[]); 309276730Sadrianvoid ieee80211_scan_dump_probe_beacon(uint8_t subtype, int isnew, 310276730Sadrian const uint8_t mac[IEEE80211_ADDR_LEN], 311276730Sadrian const struct ieee80211_scanparams *sp, int rssi); 312276730Sadrianvoid ieee80211_scan_dump(struct ieee80211_scan_state *ss); 313276730Sadrian 314170530Ssam#endif /* _NET80211_IEEE80211_SCAN_H_ */ 315