1 #include "wifi_hal.h" 2 3 #ifndef __WIFI_HAL_GSCAN_H__ 4 #define __WIFI_HAL_GSCAN_H__ 5 6 /* AP Scans */ 7 8 typedef enum { 9 WIFI_BAND_UNSPECIFIED, 10 WIFI_BAND_BG = 1, // 2.4 GHz 11 WIFI_BAND_A = 2, // 5 GHz without DFS 12 WIFI_BAND_A_DFS = 4, // 5 GHz DFS only 13 WIFI_BAND_A_WITH_DFS = 6, // 5 GHz with DFS 14 WIFI_BAND_ABG = 3, // 2.4 GHz + 5 GHz; no DFS 15 WIFI_BAND_ABG_WITH_DFS = 7, // 2.4 GHz + 5 GHz with DFS 16 } wifi_band; 17 18 #define MAX_CHANNELS 16 19 #define MAX_BUCKETS 16 20 #define MAX_HOTLIST_APS 128 21 #define MAX_SIGNIFICANT_CHANGE_APS 64 22 #define MAX_EPNO_NETWORKS 64 23 #define MAX_HOTLIST_SSID 8 24 #define MAX_BLACKLIST_BSSID 16 25 #define MAX_AP_CACHE_PER_SCAN 32 26 27 wifi_error wifi_get_valid_channels(wifi_interface_handle handle, 28 int band, int max_channels, wifi_channel *channels, int *num_channels); 29 30 typedef struct { 31 int max_scan_cache_size; // total space allocated for scan (in bytes) 32 int max_scan_buckets; // maximum number of channel buckets 33 int max_ap_cache_per_scan; // maximum number of APs that can be stored per scan 34 int max_rssi_sample_size; // number of RSSI samples used for averaging RSSI 35 int max_scan_reporting_threshold; // max possible report_threshold as described 36 // in wifi_scan_cmd_params 37 int max_hotlist_bssids; // maximum number of entries for hotlist BSSIDs 38 int max_hotlist_ssids; // maximum number of entries for hotlist SSIDs 39 int max_significant_wifi_change_aps; // maximum number of entries for 40 // significant wifi change APs 41 int max_bssid_history_entries; // number of BSSID/RSSI entries that device can hold 42 int max_number_epno_networks; // max number of epno entries 43 int max_number_epno_networks_by_ssid; // max number of epno entries if ssid is specified, 44 // that is, epno entries for which an exact match is 45 // required, or entries corresponding to hidden ssids 46 int max_number_of_white_listed_ssid; // max number of white listed SSIDs, M target is 2 to 4 47 } wifi_gscan_capabilities; 48 49 wifi_error wifi_get_gscan_capabilities(wifi_interface_handle handle, 50 wifi_gscan_capabilities *capabilities); 51 52 typedef enum { 53 WIFI_SCAN_RESULTS_AVAILABLE, // reported when REPORT_EVENTS_EACH_SCAN is set and a scan 54 // completes. WIFI_SCAN_THRESHOLD_NUM_SCANS or 55 // WIFI_SCAN_THRESHOLD_PERCENT can be reported instead if the 56 // reason for the event is available; however, at most one of 57 // these events should be reported per scan. If there are 58 // multiple buckets that were scanned this period and one has the 59 // EACH_SCAN flag set then this event should be prefered. 60 WIFI_SCAN_THRESHOLD_NUM_SCANS, // can be reported when REPORT_EVENTS_EACH_SCAN is not set and 61 // report_threshold_num_scans is reached. 62 WIFI_SCAN_THRESHOLD_PERCENT, // can be reported when REPORT_EVENTS_EACH_SCAN is not set and 63 // report_threshold_percent is reached. 64 WIFI_SCAN_FAILED, // reported when currently executing gscans have failed. 65 // start_gscan will need to be called again in order to continue 66 // scanning. This is intended to indicate abnormal scan 67 // terminations (not those as a result of stop_gscan). 68 } wifi_scan_event; 69 70 71 /* Format of information elements found in the beacon */ 72 typedef struct { 73 byte id; // element identifier 74 byte len; // number of bytes to follow 75 byte data[]; 76 } wifi_information_element; 77 78 typedef struct { 79 wifi_timestamp ts; // time since boot (in microsecond) when the result was 80 // retrieved 81 char ssid[32+1]; // null terminated 82 mac_addr bssid; 83 wifi_channel channel; // channel frequency in MHz 84 wifi_rssi rssi; // in db 85 wifi_timespan rtt; // in nanoseconds 86 wifi_timespan rtt_sd; // standard deviation in rtt 87 unsigned short beacon_period; // period advertised in the beacon 88 unsigned short capability; // capabilities advertised in the beacon 89 unsigned int ie_length; // size of the ie_data blob 90 char ie_data[1]; // blob of all the information elements found in the 91 // beacon; this data should be a packed list of 92 // wifi_information_element objects, one after the other. 93 // other fields 94 } wifi_scan_result; 95 96 static_assert(MAX_BUCKETS <= 8 * sizeof(unsigned), 97 "The buckets_scanned bitset is represented by an unsigned int and cannot support this many " 98 "buckets on this platform."); 99 typedef struct { 100 /* reported when each probe response is received, if report_events 101 * enabled in wifi_scan_cmd_params. buckets_scanned is a bitset of the 102 * buckets that are currently being scanned. See the buckets_scanned field 103 * in the wifi_cached_scan_results struct for more details. 104 */ 105 void (*on_full_scan_result) (wifi_request_id id, wifi_scan_result *result, 106 unsigned buckets_scanned); 107 108 /* indicates progress of scanning statemachine */ 109 void (*on_scan_event) (wifi_request_id id, wifi_scan_event event); 110 111 } wifi_scan_result_handler; 112 113 typedef struct { 114 wifi_channel channel; // frequency 115 int dwellTimeMs; // dwell time hint 116 int passive; // 0 => active, 1 => passive scan; ignored for DFS 117 /* Add channel class */ 118 } wifi_scan_channel_spec; 119 120 #define REPORT_EVENTS_EACH_SCAN (1 << 0) 121 #define REPORT_EVENTS_FULL_RESULTS (1 << 1) 122 #define REPORT_EVENTS_NO_BATCH (1 << 2) 123 124 typedef struct { 125 int bucket; // bucket index, 0 based 126 wifi_band band; // when UNSPECIFIED, use channel list 127 int period; // desired period, in millisecond; if this is too 128 // low, the firmware should choose to generate results as 129 // fast as it can instead of failing the command. 130 // for exponential backoff bucket this is the min_period 131 /* report_events semantics - 132 * This is a bit field; which defines following bits - 133 * REPORT_EVENTS_EACH_SCAN => report a scan completion event after scan. If this is not set 134 * then scan completion events should be reported if 135 * report_threshold_percent or report_threshold_num_scans is 136 * reached. 137 * REPORT_EVENTS_FULL_RESULTS => forward scan results (beacons/probe responses + IEs) 138 * in real time to HAL, in addition to completion events 139 * Note: To keep backward compatibility, fire completion 140 * events regardless of REPORT_EVENTS_EACH_SCAN. 141 * REPORT_EVENTS_NO_BATCH => controls if scans for this bucket should be placed in the 142 * history buffer 143 */ 144 byte report_events; 145 int max_period; // if max_period is non zero or different than period, then this bucket is 146 // an exponential backoff bucket and the scan period will grow exponentially 147 // as per formula: actual_period(N) = period * (base ^ (N/step_count)) 148 // to a maximum period of max_period 149 int base; // for exponential back off bucket: multiplier: new_period=old_period*base 150 int step_count; // for exponential back off bucket, number of scans to perform for a given 151 // period 152 153 int num_channels; 154 // channels to scan; these may include DFS channels 155 // Note that a given channel may appear in multiple buckets 156 wifi_scan_channel_spec channels[MAX_CHANNELS]; 157 } wifi_scan_bucket_spec; 158 159 typedef struct { 160 int base_period; // base timer period in ms 161 int max_ap_per_scan; // number of access points to store in each scan entry in 162 // the BSSID/RSSI history buffer (keep the highest RSSI 163 // access points) 164 int report_threshold_percent; // in %, when scan buffer is this much full, wake up apps 165 // processor 166 int report_threshold_num_scans; // in number of scans, wake up AP after these many scans 167 int num_buckets; 168 wifi_scan_bucket_spec buckets[MAX_BUCKETS]; 169 } wifi_scan_cmd_params; 170 171 /* 172 * Start periodic GSCAN 173 * When this is called all requested buckets should be scanned, starting the beginning of the cycle 174 * 175 * For example: 176 * If there are two buckets specified 177 * - Bucket 1: period=10s 178 * - Bucket 2: period=20s 179 * - Bucket 3: period=30s 180 * Then the following scans should occur 181 * - t=0 buckets 1, 2, and 3 are scanned 182 * - t=10 bucket 1 is scanned 183 * - t=20 bucket 1 and 2 are scanned 184 * - t=30 bucket 1 and 3 are scanned 185 * - t=40 bucket 1 and 2 are scanned 186 * - t=50 bucket 1 is scanned 187 * - t=60 buckets 1, 2, and 3 are scanned 188 * - and the patter repeats 189 * 190 * If any scan does not occur or is incomplete (error, interrupted, etc) then a cached scan result 191 * should still be recorded with the WIFI_SCAN_FLAG_INTERRUPTED flag set. 192 */ 193 wifi_error wifi_start_gscan(wifi_request_id id, wifi_interface_handle iface, 194 wifi_scan_cmd_params params, wifi_scan_result_handler handler); 195 196 /* Stop periodic GSCAN */ 197 wifi_error wifi_stop_gscan(wifi_request_id id, wifi_interface_handle iface); 198 199 typedef enum { 200 WIFI_SCAN_FLAG_INTERRUPTED = 1 // Indicates that scan results are not complete because 201 // probes were not sent on some channels 202 } wifi_scan_flags; 203 204 /* Get the GSCAN cached scan results */ 205 typedef struct { 206 int scan_id; // a unique identifier for the scan unit 207 int flags; // a bitmask with additional 208 // information about scan. 209 unsigned buckets_scanned; // a bitset of the buckets that were scanned. 210 // for example a value of 13 (0b1101) would 211 // indicate that buckets 0, 2 and 3 were 212 // scanned to produce this list of results. 213 // should be set to 0 if this information is 214 // not available. 215 int num_results; // number of bssids retrieved by the scan 216 wifi_scan_result results[MAX_AP_CACHE_PER_SCAN]; // scan results - one for each bssid 217 } wifi_cached_scan_results; 218 219 wifi_error wifi_get_cached_gscan_results(wifi_interface_handle iface, byte flush, 220 int max, wifi_cached_scan_results *results, int *num); 221 222 /* BSSID Hotlist */ 223 typedef struct { 224 void (*on_hotlist_ap_found)(wifi_request_id id, 225 unsigned num_results, wifi_scan_result *results); 226 void (*on_hotlist_ap_lost)(wifi_request_id id, 227 unsigned num_results, wifi_scan_result *results); 228 } wifi_hotlist_ap_found_handler; 229 230 typedef struct { 231 mac_addr bssid; // AP BSSID 232 wifi_rssi low; // low threshold 233 wifi_rssi high; // high threshold 234 } ap_threshold_param; 235 236 typedef struct { 237 int lost_ap_sample_size; 238 int num_bssid; // number of hotlist APs 239 ap_threshold_param ap[MAX_HOTLIST_APS]; // hotlist APs 240 } wifi_bssid_hotlist_params; 241 242 /* Set the BSSID Hotlist */ 243 wifi_error wifi_set_bssid_hotlist(wifi_request_id id, wifi_interface_handle iface, 244 wifi_bssid_hotlist_params params, wifi_hotlist_ap_found_handler handler); 245 246 /* Clear the BSSID Hotlist */ 247 wifi_error wifi_reset_bssid_hotlist(wifi_request_id id, wifi_interface_handle iface); 248 249 /* SSID Hotlist */ 250 typedef struct { 251 void (*on_hotlist_ssid_found)(wifi_request_id id, 252 unsigned num_results, wifi_scan_result *results); 253 void (*on_hotlist_ssid_lost)(wifi_request_id id, 254 unsigned num_results, wifi_scan_result *results); 255 } wifi_hotlist_ssid_handler; 256 257 typedef struct { 258 char ssid[32+1]; // SSID 259 wifi_band band; // band for this set of threshold params 260 wifi_rssi low; // low threshold 261 wifi_rssi high; // high threshold 262 } ssid_threshold_param; 263 264 typedef struct { 265 int lost_ssid_sample_size; 266 int num_ssid; // number of hotlist SSIDs 267 ssid_threshold_param ssid[MAX_HOTLIST_SSID]; // hotlist SSIDs 268 } wifi_ssid_hotlist_params; 269 270 /* BSSID blacklist */ 271 typedef struct { 272 int num_bssid; // number of blacklisted BSSIDs 273 mac_addr bssids[MAX_BLACKLIST_BSSID]; // blacklisted BSSIDs 274 } wifi_bssid_params; 275 276 /* Set the BSSID blacklist */ 277 wifi_error wifi_set_bssid_blacklist(wifi_request_id id, wifi_interface_handle iface, 278 wifi_bssid_params params); 279 280 /* Significant wifi change */ 281 typedef struct { 282 mac_addr bssid; // BSSID 283 wifi_channel channel; // channel frequency in MHz 284 int num_rssi; // number of rssi samples 285 wifi_rssi rssi[]; // RSSI history in db 286 } wifi_significant_change_result; 287 288 typedef struct { 289 void (*on_significant_change)(wifi_request_id id, 290 unsigned num_results, wifi_significant_change_result **results); 291 } wifi_significant_change_handler; 292 293 // The sample size parameters in the wifi_significant_change_params structure 294 // represent the number of occurence of a g-scan where the BSSID was seen and RSSI was 295 // collected for that BSSID, or, the BSSID was expected to be seen and didn't. 296 // for instance: lost_ap_sample_size : number of time a g-scan was performed on the 297 // channel the BSSID was seen last, and the BSSID was not seen during those g-scans 298 typedef struct { 299 int rssi_sample_size; // number of samples for averaging RSSI 300 int lost_ap_sample_size; // number of samples to confirm AP loss 301 int min_breaching; // number of APs breaching threshold 302 int num_bssid; // max 64 303 ap_threshold_param ap[MAX_SIGNIFICANT_CHANGE_APS]; 304 } wifi_significant_change_params; 305 306 /* Set the Signifcant AP change list */ 307 wifi_error wifi_set_significant_change_handler(wifi_request_id id, wifi_interface_handle iface, 308 wifi_significant_change_params params, wifi_significant_change_handler handler); 309 310 /* Clear the Signifcant AP change list */ 311 wifi_error wifi_reset_significant_change_handler(wifi_request_id id, wifi_interface_handle iface); 312 313 /* Random MAC OUI for PNO */ 314 wifi_error wifi_set_scanning_mac_oui(wifi_interface_handle handle, oui scan_oui); 315 316 317 // Enhanced PNO: 318 // Enhanced PNO feature is expected to be enabled all of the time (e.g. screen lit) and may thus 319 // require firmware to store a large number of networks, covering the whole list of known networks. 320 // Therefore, it is acceptable for firmware to store a crc24, crc32 or other short hash of the SSID, 321 // such that a low but non-zero probability of collision exist. With that scheme it should be 322 // possible for firmware to keep an entry as small as 4 bytes for each pno network. 323 // For instance, a firmware pn0 entry can be implemented in the form of: 324 // PNO ENTRY = crc24(3 bytes) | flags>>3 (5 bits) | auth flags(3 bits) 325 // 326 // No scans should be automatically performed by the chip. Instead all scan results from gscan 327 // should be scored and the wifi_epno_handler on_network_found callback should be called with 328 // the scan results. 329 // 330 // A PNO network shall be reported once, that is, once a network is reported by firmware 331 // its entry shall be marked as "done" until framework calls wifi_set_epno_list again. 332 // Calling wifi_set_epno_list shall reset the "done" status of pno networks in firmware. 333 // 334 // A network should only be considered found if its RSSI is above the minimum RSSI for its 335 // frequency range (min5GHz_rssi and min24GHz_rssi for 5GHz and 2.4GHz networks respectively). 336 // When disconnected the list of scan results should be returned if any network is found. 337 // When connected the scan results shall be reported only if the score of any network in the scan 338 // is greater than that of the currently connected BSSID. 339 // 340 // The FW should calculate the score of all the candidates (including currently connected one) 341 // with following equation: 342 // RSSI score = (RSSI + 85) * 4; 343 // If RSSI score > initial_score_max , RSSI score = initial_score_max; 344 // final score = RSSI score 345 // + current_connection_bonus (if currently connected BSSID) 346 // + same_network_bonus (if network has SAME_NETWORK flag) 347 // + secure_bonus (if the network is not open) 348 // + band5GHz_bonus (if BSSID is on 5G) 349 // If there is a BSSID’s score > current BSSID’s score, then report the cached scan results 350 // at the end of the scan (excluding the ones on blacklist) to the upper layer. 351 // Additionally, all BSSIDs that are in the BSSID blacklist should be ignored by Enhanced PNO 352 353 // Whether directed scan needs to be performed (for hidden SSIDs) 354 #define WIFI_PNO_FLAG_DIRECTED_SCAN (1 << 0) 355 // Whether PNO event shall be triggered if the network is found on A band 356 #define WIFI_PNO_FLAG_A_BAND (1 << 1) 357 // Whether PNO event shall be triggered if the network is found on G band 358 #define WIFI_PNO_FLAG_G_BAND (1 << 2) 359 // Whether strict matching is required 360 // If required then the firmware must store the network's SSID and not just a hash 361 #define WIFI_PNO_FLAG_STRICT_MATCH (1 << 3) 362 // If this SSID should be considered the same network as the currently connected one for scoring 363 #define WIFI_PNO_FLAG_SAME_NETWORK (1 << 4) 364 365 // Code for matching the beacon AUTH IE - additional codes TBD 366 #define WIFI_PNO_AUTH_CODE_OPEN (1 << 0) // open 367 #define WIFI_PNO_AUTH_CODE_PSK (1 << 1) // WPA_PSK or WPA2PSK 368 #define WIFI_PNO_AUTH_CODE_EAPOL (1 << 2) // any EAPOL 369 370 typedef struct { 371 char ssid[32+1]; // null terminated 372 byte flags; // WIFI_PNO_FLAG_XXX 373 byte auth_bit_field; // auth bit field for matching WPA IE 374 } wifi_epno_network; 375 376 /* ePNO Parameters */ 377 typedef struct { 378 int min5GHz_rssi; // minimum 5GHz RSSI for a BSSID to be considered 379 int min24GHz_rssi; // minimum 2.4GHz RSSI for a BSSID to be considered 380 int initial_score_max; // the maximum score that a network can have before bonuses 381 int current_connection_bonus; // only report when there is a network's score this much higher 382 // than the current connection. 383 int same_network_bonus; // score bonus for all networks with the same network flag 384 int secure_bonus; // score bonus for networks that are not open 385 int band5GHz_bonus; // 5GHz RSSI score bonus (applied to all 5GHz networks) 386 int num_networks; // number of wifi_epno_network objects 387 wifi_epno_network networks[MAX_EPNO_NETWORKS]; // PNO networks 388 } wifi_epno_params; 389 390 typedef struct { 391 // on results 392 void (*on_network_found)(wifi_request_id id, 393 unsigned num_results, wifi_scan_result *results); 394 } wifi_epno_handler; 395 396 397 /* Set the ePNO list - enable ePNO with the given parameters */ 398 wifi_error wifi_set_epno_list(wifi_request_id id, wifi_interface_handle iface, 399 const wifi_epno_params *epno_params, wifi_epno_handler handler); 400 401 /* Reset the ePNO list - no ePNO networks should be matched after this */ 402 wifi_error wifi_reset_epno_list(wifi_request_id id, wifi_interface_handle iface); 403 404 405 typedef struct { 406 int id; // identifier of this network block, report this in event 407 char realm[256]; // null terminated UTF8 encoded realm, 0 if unspecified 408 int64_t roamingConsortiumIds[16]; // roaming consortium ids to match, 0s if unspecified 409 byte plmn[3]; // mcc/mnc combination as per rules, 0s if unspecified 410 } wifi_passpoint_network; 411 412 typedef struct { 413 void (*on_passpoint_network_found)( 414 wifi_request_id id, 415 int net_id, // network block identifier for the matched network 416 wifi_scan_result *result, // scan result, with channel and beacon information 417 int anqp_len, // length of ANQP blob 418 byte *anqp // ANQP data, in the information_element format 419 ); 420 } wifi_passpoint_event_handler; 421 422 /* Sets a list for passpoint networks for PNO purposes; it should be matched 423 * against any passpoint networks (designated by Interworking element) found 424 * during regular PNO scan. */ 425 wifi_error wifi_set_passpoint_list(wifi_request_id id, wifi_interface_handle iface, int num, 426 wifi_passpoint_network *networks, wifi_passpoint_event_handler handler); 427 428 /* Reset passpoint network list - no Passpoint networks should be matched after this */ 429 wifi_error wifi_reset_passpoint_list(wifi_request_id id, wifi_interface_handle iface); 430 431 #endif 432