1 /* 2 * Scanning implementation 3 * 4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi> 5 * Copyright 2004, Instant802 Networks, Inc. 6 * Copyright 2005, Devicescape Software, Inc. 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License version 2 as 12 * published by the Free Software Foundation. 13 */ 14 15 /* TODO: figure out how to avoid that the "current BSS" expires */ 16 17 #include <linux/wireless.h> 18 #include <linux/if_arp.h> 19 #include <linux/rtnetlink.h> 20 #include <net/mac80211.h> 21 22 #include "ieee80211_i.h" 23 #include "driver-ops.h" 24 #include "mesh.h" 25 26 #define IEEE80211_PROBE_DELAY (HZ / 33) 27 #define IEEE80211_CHANNEL_TIME (HZ / 33) 28 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 8) 29 30 struct ieee80211_bss * 31 ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq, 32 u8 *ssid, u8 ssid_len) 33 { 34 return (void *)cfg80211_get_bss(local->hw.wiphy, 35 ieee80211_get_channel(local->hw.wiphy, 36 freq), 37 bssid, ssid, ssid_len, 38 0, 0); 39 } 40 41 static void ieee80211_rx_bss_free(struct cfg80211_bss *cbss) 42 { 43 struct ieee80211_bss *bss = (void *)cbss; 44 45 kfree(bss_mesh_id(bss)); 46 kfree(bss_mesh_cfg(bss)); 47 } 48 49 void ieee80211_rx_bss_put(struct ieee80211_local *local, 50 struct ieee80211_bss *bss) 51 { 52 cfg80211_put_bss((struct cfg80211_bss *)bss); 53 } 54 55 struct ieee80211_bss * 56 ieee80211_bss_info_update(struct ieee80211_local *local, 57 struct ieee80211_rx_status *rx_status, 58 struct ieee80211_mgmt *mgmt, 59 size_t len, 60 struct ieee802_11_elems *elems, 61 struct ieee80211_channel *channel, 62 bool beacon) 63 { 64 struct ieee80211_bss *bss; 65 int clen; 66 s32 signal = 0; 67 68 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) 69 signal = rx_status->signal * 100; 70 else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC) 71 signal = (rx_status->signal * 100) / local->hw.max_signal; 72 73 bss = (void *)cfg80211_inform_bss_frame(local->hw.wiphy, channel, 74 mgmt, len, signal, GFP_ATOMIC); 75 76 if (!bss) 77 return NULL; 78 79 bss->cbss.free_priv = ieee80211_rx_bss_free; 80 81 /* save the ERP value so that it is available at association time */ 82 if (elems->erp_info && elems->erp_info_len >= 1) { 83 bss->erp_value = elems->erp_info[0]; 84 bss->has_erp_value = 1; 85 } 86 87 if (elems->tim) { 88 struct ieee80211_tim_ie *tim_ie = 89 (struct ieee80211_tim_ie *)elems->tim; 90 bss->dtim_period = tim_ie->dtim_period; 91 } 92 93 /* set default value for buggy APs */ 94 if (!elems->tim || bss->dtim_period == 0) 95 bss->dtim_period = 1; 96 97 bss->supp_rates_len = 0; 98 if (elems->supp_rates) { 99 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len; 100 if (clen > elems->supp_rates_len) 101 clen = elems->supp_rates_len; 102 memcpy(&bss->supp_rates[bss->supp_rates_len], elems->supp_rates, 103 clen); 104 bss->supp_rates_len += clen; 105 } 106 if (elems->ext_supp_rates) { 107 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len; 108 if (clen > elems->ext_supp_rates_len) 109 clen = elems->ext_supp_rates_len; 110 memcpy(&bss->supp_rates[bss->supp_rates_len], 111 elems->ext_supp_rates, clen); 112 bss->supp_rates_len += clen; 113 } 114 115 bss->wmm_used = elems->wmm_param || elems->wmm_info; 116 117 if (!beacon) 118 bss->last_probe_resp = jiffies; 119 120 return bss; 121 } 122 123 ieee80211_rx_result 124 ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb) 125 { 126 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 127 struct ieee80211_mgmt *mgmt; 128 struct ieee80211_bss *bss; 129 u8 *elements; 130 struct ieee80211_channel *channel; 131 size_t baselen; 132 int freq; 133 __le16 fc; 134 bool presp, beacon = false; 135 struct ieee802_11_elems elems; 136 137 if (skb->len < 2) 138 return RX_DROP_UNUSABLE; 139 140 mgmt = (struct ieee80211_mgmt *) skb->data; 141 fc = mgmt->frame_control; 142 143 if (ieee80211_is_ctl(fc)) 144 return RX_CONTINUE; 145 146 if (skb->len < 24) 147 return RX_DROP_MONITOR; 148 149 presp = ieee80211_is_probe_resp(fc); 150 if (presp) { 151 /* ignore ProbeResp to foreign address */ 152 if (memcmp(mgmt->da, sdata->dev->dev_addr, ETH_ALEN)) 153 return RX_DROP_MONITOR; 154 155 presp = true; 156 elements = mgmt->u.probe_resp.variable; 157 baselen = offsetof(struct ieee80211_mgmt, u.probe_resp.variable); 158 } else { 159 beacon = ieee80211_is_beacon(fc); 160 baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable); 161 elements = mgmt->u.beacon.variable; 162 } 163 164 if (!presp && !beacon) 165 return RX_CONTINUE; 166 167 if (baselen > skb->len) 168 return RX_DROP_MONITOR; 169 170 ieee802_11_parse_elems(elements, skb->len - baselen, &elems); 171 172 if (elems.ds_params && elems.ds_params_len == 1) 173 freq = ieee80211_channel_to_frequency(elems.ds_params[0]); 174 else 175 freq = rx_status->freq; 176 177 channel = ieee80211_get_channel(sdata->local->hw.wiphy, freq); 178 179 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 180 return RX_DROP_MONITOR; 181 182 bss = ieee80211_bss_info_update(sdata->local, rx_status, 183 mgmt, skb->len, &elems, 184 channel, beacon); 185 if (bss) 186 ieee80211_rx_bss_put(sdata->local, bss); 187 188 dev_kfree_skb(skb); 189 return RX_QUEUED; 190 } 191 192 /* 193 * inform AP that we will go to sleep so that it will buffer the frames 194 * while we scan 195 */ 196 static void ieee80211_scan_ps_enable(struct ieee80211_sub_if_data *sdata) 197 { 198 struct ieee80211_local *local = sdata->local; 199 bool ps = false; 200 201 /* FIXME: what to do when local->pspolling is true? */ 202 203 del_timer_sync(&local->dynamic_ps_timer); 204 cancel_work_sync(&local->dynamic_ps_enable_work); 205 206 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 207 ps = true; 208 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 209 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 210 } 211 212 if (!ps || !(local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) 213 /* 214 * If power save was enabled, no need to send a nullfunc 215 * frame because AP knows that we are sleeping. But if the 216 * hardware is creating the nullfunc frame for power save 217 * status (ie. IEEE80211_HW_PS_NULLFUNC_STACK is not 218 * enabled) and power save was enabled, the firmware just 219 * sent a null frame with power save disabled. So we need 220 * to send a new nullfunc frame to inform the AP that we 221 * are again sleeping. 222 */ 223 ieee80211_send_nullfunc(local, sdata, 1); 224 } 225 226 /* inform AP that we are awake again, unless power save is enabled */ 227 static void ieee80211_scan_ps_disable(struct ieee80211_sub_if_data *sdata) 228 { 229 struct ieee80211_local *local = sdata->local; 230 231 if (!local->ps_sdata) 232 ieee80211_send_nullfunc(local, sdata, 0); 233 else { 234 /* 235 * In !IEEE80211_HW_PS_NULLFUNC_STACK case the hardware 236 * will send a nullfunc frame with the powersave bit set 237 * even though the AP already knows that we are sleeping. 238 * This could be avoided by sending a null frame with power 239 * save bit disabled before enabling the power save, but 240 * this doesn't gain anything. 241 * 242 * When IEEE80211_HW_PS_NULLFUNC_STACK is enabled, no need 243 * to send a nullfunc frame because AP already knows that 244 * we are sleeping, let's just enable power save mode in 245 * hardware. 246 */ 247 local->hw.conf.flags |= IEEE80211_CONF_PS; 248 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 249 } 250 } 251 252 static void ieee80211_restore_scan_ies(struct ieee80211_local *local) 253 { 254 kfree(local->scan_req->ie); 255 local->scan_req->ie = local->orig_ies; 256 local->scan_req->ie_len = local->orig_ies_len; 257 } 258 259 void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) 260 { 261 struct ieee80211_local *local = hw_to_local(hw); 262 struct ieee80211_sub_if_data *sdata; 263 bool was_hw_scan; 264 265 mutex_lock(&local->scan_mtx); 266 267 if (WARN_ON(!local->scanning)) { 268 mutex_unlock(&local->scan_mtx); 269 return; 270 } 271 272 if (WARN_ON(!local->scan_req)) { 273 mutex_unlock(&local->scan_mtx); 274 return; 275 } 276 277 if (test_bit(SCAN_HW_SCANNING, &local->scanning)) 278 ieee80211_restore_scan_ies(local); 279 280 if (local->scan_req != local->int_scan_req) 281 cfg80211_scan_done(local->scan_req, aborted); 282 local->scan_req = NULL; 283 local->scan_sdata = NULL; 284 285 was_hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning); 286 local->scanning = 0; 287 local->scan_channel = NULL; 288 289 /* we only have to protect scan_req and hw/sw scan */ 290 mutex_unlock(&local->scan_mtx); 291 292 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 293 if (was_hw_scan) 294 goto done; 295 296 ieee80211_configure_filter(local); 297 298 drv_sw_scan_complete(local); 299 300 mutex_lock(&local->iflist_mtx); 301 list_for_each_entry(sdata, &local->interfaces, list) { 302 if (!netif_running(sdata->dev)) 303 continue; 304 305 /* Tell AP we're back */ 306 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 307 if (sdata->u.mgd.associated) { 308 ieee80211_scan_ps_disable(sdata); 309 netif_tx_wake_all_queues(sdata->dev); 310 } 311 } else 312 netif_tx_wake_all_queues(sdata->dev); 313 314 /* re-enable beaconing */ 315 if (sdata->vif.type == NL80211_IFTYPE_AP || 316 sdata->vif.type == NL80211_IFTYPE_ADHOC || 317 sdata->vif.type == NL80211_IFTYPE_MESH_POINT) 318 ieee80211_bss_info_change_notify( 319 sdata, BSS_CHANGED_BEACON_ENABLED); 320 } 321 mutex_unlock(&local->iflist_mtx); 322 323 done: 324 ieee80211_recalc_idle(local); 325 ieee80211_mlme_notify_scan_completed(local); 326 ieee80211_ibss_notify_scan_completed(local); 327 ieee80211_mesh_notify_scan_completed(local); 328 } 329 EXPORT_SYMBOL(ieee80211_scan_completed); 330 331 static int ieee80211_start_sw_scan(struct ieee80211_local *local) 332 { 333 struct ieee80211_sub_if_data *sdata; 334 335 /* 336 * Hardware/driver doesn't support hw_scan, so use software 337 * scanning instead. First send a nullfunc frame with power save 338 * bit on so that AP will buffer the frames for us while we are not 339 * listening, then send probe requests to each channel and wait for 340 * the responses. After all channels are scanned, tune back to the 341 * original channel and send a nullfunc frame with power save bit 342 * off to trigger the AP to send us all the buffered frames. 343 * 344 * Note that while local->sw_scanning is true everything else but 345 * nullfunc frames and probe requests will be dropped in 346 * ieee80211_tx_h_check_assoc(). 347 */ 348 drv_sw_scan_start(local); 349 350 mutex_lock(&local->iflist_mtx); 351 list_for_each_entry(sdata, &local->interfaces, list) { 352 if (!netif_running(sdata->dev)) 353 continue; 354 355 /* disable beaconing */ 356 if (sdata->vif.type == NL80211_IFTYPE_AP || 357 sdata->vif.type == NL80211_IFTYPE_ADHOC || 358 sdata->vif.type == NL80211_IFTYPE_MESH_POINT) 359 ieee80211_bss_info_change_notify( 360 sdata, BSS_CHANGED_BEACON_ENABLED); 361 362 /* 363 * only handle non-STA interfaces here, STA interfaces 364 * are handled in the scan state machine 365 */ 366 if (sdata->vif.type != NL80211_IFTYPE_STATION) 367 netif_tx_stop_all_queues(sdata->dev); 368 } 369 mutex_unlock(&local->iflist_mtx); 370 371 local->next_scan_state = SCAN_DECISION; 372 local->scan_channel_idx = 0; 373 374 ieee80211_configure_filter(local); 375 376 /* TODO: start scan as soon as all nullfunc frames are ACKed */ 377 ieee80211_queue_delayed_work(&local->hw, 378 &local->scan_work, 379 IEEE80211_CHANNEL_TIME); 380 381 return 0; 382 } 383 384 385 static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata, 386 struct cfg80211_scan_request *req) 387 { 388 struct ieee80211_local *local = sdata->local; 389 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 390 int rc; 391 392 if (local->scan_req) 393 return -EBUSY; 394 395 if (local->ops->hw_scan) { 396 u8 *ies; 397 int ielen; 398 399 ies = kmalloc(2 + IEEE80211_MAX_SSID_LEN + 400 local->scan_ies_len + req->ie_len, GFP_KERNEL); 401 if (!ies) 402 return -ENOMEM; 403 404 ielen = ieee80211_build_preq_ies(local, ies, 405 req->ie, req->ie_len); 406 local->orig_ies = req->ie; 407 local->orig_ies_len = req->ie_len; 408 req->ie = ies; 409 req->ie_len = ielen; 410 } 411 412 local->scan_req = req; 413 local->scan_sdata = sdata; 414 415 if (req != local->int_scan_req && 416 sdata->vif.type == NL80211_IFTYPE_STATION && 417 !list_empty(&ifmgd->work_list)) { 418 /* actually wait for the work it's doing to finish/time out */ 419 set_bit(IEEE80211_STA_REQ_SCAN, &ifmgd->request); 420 return 0; 421 } 422 423 if (local->ops->hw_scan) 424 __set_bit(SCAN_HW_SCANNING, &local->scanning); 425 else 426 __set_bit(SCAN_SW_SCANNING, &local->scanning); 427 /* 428 * Kicking off the scan need not be protected, 429 * only the scan variable stuff, since now 430 * local->scan_req is assigned and other callers 431 * will abort their scan attempts. 432 * 433 * This avoids getting a scan_mtx -> iflist_mtx 434 * dependency, so that the scan completed calls 435 * have more locking freedom. 436 */ 437 438 ieee80211_recalc_idle(local); 439 mutex_unlock(&local->scan_mtx); 440 441 if (local->ops->hw_scan) 442 rc = drv_hw_scan(local, local->scan_req); 443 else 444 rc = ieee80211_start_sw_scan(local); 445 446 mutex_lock(&local->scan_mtx); 447 448 if (rc) { 449 if (local->ops->hw_scan) 450 ieee80211_restore_scan_ies(local); 451 local->scanning = 0; 452 453 ieee80211_recalc_idle(local); 454 455 local->scan_req = NULL; 456 local->scan_sdata = NULL; 457 } 458 459 return rc; 460 } 461 462 static int ieee80211_scan_state_decision(struct ieee80211_local *local, 463 unsigned long *next_delay) 464 { 465 bool associated = false; 466 struct ieee80211_sub_if_data *sdata; 467 468 /* if no more bands/channels left, complete scan and advance to the idle state */ 469 if (local->scan_channel_idx >= local->scan_req->n_channels) { 470 ieee80211_scan_completed(&local->hw, false); 471 return 1; 472 } 473 474 /* check if at least one STA interface is associated */ 475 mutex_lock(&local->iflist_mtx); 476 list_for_each_entry(sdata, &local->interfaces, list) { 477 if (!netif_running(sdata->dev)) 478 continue; 479 480 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 481 if (sdata->u.mgd.associated) { 482 associated = true; 483 break; 484 } 485 } 486 } 487 mutex_unlock(&local->iflist_mtx); 488 489 if (local->scan_channel) { 490 /* 491 * we're currently scanning a different channel, let's 492 * switch back to the operating channel now if at least 493 * one interface is associated. Otherwise just scan the 494 * next channel 495 */ 496 if (associated) 497 local->next_scan_state = SCAN_ENTER_OPER_CHANNEL; 498 else 499 local->next_scan_state = SCAN_SET_CHANNEL; 500 } else { 501 /* 502 * we're on the operating channel currently, let's 503 * leave that channel now to scan another one 504 */ 505 local->next_scan_state = SCAN_LEAVE_OPER_CHANNEL; 506 } 507 508 *next_delay = 0; 509 return 0; 510 } 511 512 static void ieee80211_scan_state_leave_oper_channel(struct ieee80211_local *local, 513 unsigned long *next_delay) 514 { 515 struct ieee80211_sub_if_data *sdata; 516 517 /* 518 * notify the AP about us leaving the channel and stop all STA interfaces 519 */ 520 mutex_lock(&local->iflist_mtx); 521 list_for_each_entry(sdata, &local->interfaces, list) { 522 if (!netif_running(sdata->dev)) 523 continue; 524 525 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 526 netif_tx_stop_all_queues(sdata->dev); 527 if (sdata->u.mgd.associated) 528 ieee80211_scan_ps_enable(sdata); 529 } 530 } 531 mutex_unlock(&local->iflist_mtx); 532 533 __set_bit(SCAN_OFF_CHANNEL, &local->scanning); 534 535 /* advance to the next channel to be scanned */ 536 *next_delay = HZ / 10; 537 local->next_scan_state = SCAN_SET_CHANNEL; 538 } 539 540 static void ieee80211_scan_state_enter_oper_channel(struct ieee80211_local *local, 541 unsigned long *next_delay) 542 { 543 struct ieee80211_sub_if_data *sdata = local->scan_sdata; 544 545 /* switch back to the operating channel */ 546 local->scan_channel = NULL; 547 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 548 549 /* 550 * notify the AP about us being back and restart all STA interfaces 551 */ 552 mutex_lock(&local->iflist_mtx); 553 list_for_each_entry(sdata, &local->interfaces, list) { 554 if (!netif_running(sdata->dev)) 555 continue; 556 557 /* Tell AP we're back */ 558 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 559 if (sdata->u.mgd.associated) 560 ieee80211_scan_ps_disable(sdata); 561 netif_tx_wake_all_queues(sdata->dev); 562 } 563 } 564 mutex_unlock(&local->iflist_mtx); 565 566 __clear_bit(SCAN_OFF_CHANNEL, &local->scanning); 567 568 *next_delay = HZ / 5; 569 local->next_scan_state = SCAN_DECISION; 570 } 571 572 static void ieee80211_scan_state_set_channel(struct ieee80211_local *local, 573 unsigned long *next_delay) 574 { 575 int skip; 576 struct ieee80211_channel *chan; 577 struct ieee80211_sub_if_data *sdata = local->scan_sdata; 578 579 skip = 0; 580 chan = local->scan_req->channels[local->scan_channel_idx]; 581 582 if (chan->flags & IEEE80211_CHAN_DISABLED || 583 (sdata->vif.type == NL80211_IFTYPE_ADHOC && 584 chan->flags & IEEE80211_CHAN_NO_IBSS)) 585 skip = 1; 586 587 if (!skip) { 588 local->scan_channel = chan; 589 if (ieee80211_hw_config(local, 590 IEEE80211_CONF_CHANGE_CHANNEL)) 591 skip = 1; 592 } 593 594 /* advance state machine to next channel/band */ 595 local->scan_channel_idx++; 596 597 if (skip) { 598 /* if we skip this channel return to the decision state */ 599 local->next_scan_state = SCAN_DECISION; 600 return; 601 } 602 603 /* 604 * Probe delay is used to update the NAV, cf. 11.1.3.2.2 605 * (which unfortunately doesn't say _why_ step a) is done, 606 * but it waits for the probe delay or until a frame is 607 * received - and the received frame would update the NAV). 608 * For now, we do not support waiting until a frame is 609 * received. 610 * 611 * In any case, it is not necessary for a passive scan. 612 */ 613 if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN || 614 !local->scan_req->n_ssids) { 615 *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME; 616 local->next_scan_state = SCAN_DECISION; 617 return; 618 } 619 620 /* active scan, send probes */ 621 *next_delay = IEEE80211_PROBE_DELAY; 622 local->next_scan_state = SCAN_SEND_PROBE; 623 } 624 625 static void ieee80211_scan_state_send_probe(struct ieee80211_local *local, 626 unsigned long *next_delay) 627 { 628 int i; 629 struct ieee80211_sub_if_data *sdata = local->scan_sdata; 630 631 for (i = 0; i < local->scan_req->n_ssids; i++) 632 ieee80211_send_probe_req( 633 sdata, NULL, 634 local->scan_req->ssids[i].ssid, 635 local->scan_req->ssids[i].ssid_len, 636 local->scan_req->ie, local->scan_req->ie_len); 637 638 /* 639 * After sending probe requests, wait for probe responses 640 * on the channel. 641 */ 642 *next_delay = IEEE80211_CHANNEL_TIME; 643 local->next_scan_state = SCAN_DECISION; 644 } 645 646 void ieee80211_scan_work(struct work_struct *work) 647 { 648 struct ieee80211_local *local = 649 container_of(work, struct ieee80211_local, scan_work.work); 650 struct ieee80211_sub_if_data *sdata = local->scan_sdata; 651 unsigned long next_delay = 0; 652 653 mutex_lock(&local->scan_mtx); 654 if (!sdata || !local->scan_req) { 655 mutex_unlock(&local->scan_mtx); 656 return; 657 } 658 659 if (local->scan_req && !local->scanning) { 660 struct cfg80211_scan_request *req = local->scan_req; 661 int rc; 662 663 local->scan_req = NULL; 664 local->scan_sdata = NULL; 665 666 rc = __ieee80211_start_scan(sdata, req); 667 mutex_unlock(&local->scan_mtx); 668 669 if (rc) 670 ieee80211_scan_completed(&local->hw, true); 671 return; 672 } 673 674 mutex_unlock(&local->scan_mtx); 675 676 /* 677 * Avoid re-scheduling when the sdata is going away. 678 */ 679 if (!netif_running(sdata->dev)) { 680 ieee80211_scan_completed(&local->hw, true); 681 return; 682 } 683 684 /* 685 * as long as no delay is required advance immediately 686 * without scheduling a new work 687 */ 688 do { 689 switch (local->next_scan_state) { 690 case SCAN_DECISION: 691 if (ieee80211_scan_state_decision(local, &next_delay)) 692 return; 693 break; 694 case SCAN_SET_CHANNEL: 695 ieee80211_scan_state_set_channel(local, &next_delay); 696 break; 697 case SCAN_SEND_PROBE: 698 ieee80211_scan_state_send_probe(local, &next_delay); 699 break; 700 case SCAN_LEAVE_OPER_CHANNEL: 701 ieee80211_scan_state_leave_oper_channel(local, &next_delay); 702 break; 703 case SCAN_ENTER_OPER_CHANNEL: 704 ieee80211_scan_state_enter_oper_channel(local, &next_delay); 705 break; 706 } 707 } while (next_delay == 0); 708 709 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay); 710 } 711 712 int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata, 713 struct cfg80211_scan_request *req) 714 { 715 int res; 716 717 mutex_lock(&sdata->local->scan_mtx); 718 res = __ieee80211_start_scan(sdata, req); 719 mutex_unlock(&sdata->local->scan_mtx); 720 721 return res; 722 } 723 724 int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata, 725 const u8 *ssid, u8 ssid_len) 726 { 727 struct ieee80211_local *local = sdata->local; 728 int ret = -EBUSY; 729 730 mutex_lock(&local->scan_mtx); 731 732 /* busy scanning */ 733 if (local->scan_req) 734 goto unlock; 735 736 memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN); 737 local->int_scan_req->ssids[0].ssid_len = ssid_len; 738 739 ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req); 740 unlock: 741 mutex_unlock(&local->scan_mtx); 742 return ret; 743 } 744 745 void ieee80211_scan_cancel(struct ieee80211_local *local) 746 { 747 bool abortscan; 748 749 cancel_delayed_work_sync(&local->scan_work); 750 751 /* 752 * Only call this function when a scan can't be 753 * queued -- mostly at suspend under RTNL. 754 */ 755 mutex_lock(&local->scan_mtx); 756 abortscan = test_bit(SCAN_SW_SCANNING, &local->scanning) || 757 (!local->scanning && local->scan_req); 758 mutex_unlock(&local->scan_mtx); 759 760 if (abortscan) 761 ieee80211_scan_completed(&local->hw, true); 762 } 763