1#include "wifi_hal.h"
2
3#ifndef __WIFI_HAL_GSCAN_H__
4#define __WIFI_HAL_GSCAN_H__
5
6/* AP Scans */
7
8typedef enum {
9    WIFI_BAND_UNSPECIFIED,
10    WIFI_BAND_BG = 1,                       // 2.4 GHz
11    WIFI_BAND_A = 2,                        // 5 GHz without DFS
12    WIFI_BAND_A_DFS = 4,                    // 5 GHz DFS only
13    WIFI_BAND_A_WITH_DFS = 6,               // 5 GHz with DFS
14    WIFI_BAND_ABG = 3,                      // 2.4 GHz + 5 GHz; no DFS
15    WIFI_BAND_ABG_WITH_DFS = 7,             // 2.4 GHz + 5 GHz with DFS
16} wifi_band;
17
18#define MAX_CHANNELS                16
19#define MAX_BUCKETS                 16
20#define MAX_HOTLIST_APS             128
21#define MAX_SIGNIFICANT_CHANGE_APS  64
22#define MAX_EPNO_NETWORKS           64
23#define MAX_HOTLIST_SSID            8
24#define MAX_BLACKLIST_BSSID         16
25#define MAX_AP_CACHE_PER_SCAN       32
26
27wifi_error wifi_get_valid_channels(wifi_interface_handle handle,
28        int band, int max_channels, wifi_channel *channels, int *num_channels);
29
30typedef struct {
31    int max_scan_cache_size;                 // total space allocated for scan (in bytes)
32    int max_scan_buckets;                    // maximum number of channel buckets
33    int max_ap_cache_per_scan;               // maximum number of APs that can be stored per scan
34    int max_rssi_sample_size;                // number of RSSI samples used for averaging RSSI
35    int max_scan_reporting_threshold;        // max possible report_threshold as described
36                                             // in wifi_scan_cmd_params
37    int max_hotlist_bssids;                  // maximum number of entries for hotlist BSSIDs
38    int max_hotlist_ssids;                   // maximum number of entries for hotlist SSIDs
39    int max_significant_wifi_change_aps;     // maximum number of entries for
40                                             // significant wifi change APs
41    int max_bssid_history_entries;           // number of BSSID/RSSI entries that device can hold
42    int max_number_epno_networks;            // max number of epno entries
43    int max_number_epno_networks_by_ssid;    // max number of epno entries if ssid is specified,
44                                             // that is, epno entries for which an exact match is
45                                             // required, or entries corresponding to hidden ssids
46    int max_number_of_white_listed_ssid;     // max number of white listed SSIDs, M target is 2 to 4
47} wifi_gscan_capabilities;
48
49wifi_error wifi_get_gscan_capabilities(wifi_interface_handle handle,
50        wifi_gscan_capabilities *capabilities);
51
52typedef enum {
53    WIFI_SCAN_RESULTS_AVAILABLE,   // reported when REPORT_EVENTS_EACH_SCAN is set and a scan
54                                   // completes. WIFI_SCAN_THRESHOLD_NUM_SCANS or
55                                   // WIFI_SCAN_THRESHOLD_PERCENT can be reported instead if the
56                                   // reason for the event is available; however, at most one of
57                                   // these events should be reported per scan. If there are
58                                   // multiple buckets that were scanned this period and one has the
59                                   // EACH_SCAN flag set then this event should be prefered.
60    WIFI_SCAN_THRESHOLD_NUM_SCANS, // can be reported when REPORT_EVENTS_EACH_SCAN is not set and
61                                   // report_threshold_num_scans is reached.
62    WIFI_SCAN_THRESHOLD_PERCENT,   // can be reported when REPORT_EVENTS_EACH_SCAN is not set and
63                                   // report_threshold_percent is reached.
64    WIFI_SCAN_FAILED,              // reported when currently executing gscans have failed.
65                                   // start_gscan will need to be called again in order to continue
66                                   // scanning. This is intended to indicate abnormal scan
67                                   // terminations (not those as a result of stop_gscan).
68} wifi_scan_event;
69
70
71/* Format of information elements found in the beacon */
72typedef struct {
73    byte id;                            // element identifier
74    byte len;                           // number of bytes to follow
75    byte data[];
76} wifi_information_element;
77
78typedef struct {
79    wifi_timestamp ts;                  // time since boot (in microsecond) when the result was
80                                        // retrieved
81    char ssid[32+1];                    // null terminated
82    mac_addr bssid;
83    wifi_channel channel;               // channel frequency in MHz
84    wifi_rssi rssi;                     // in db
85    wifi_timespan rtt;                  // in nanoseconds
86    wifi_timespan rtt_sd;               // standard deviation in rtt
87    unsigned short beacon_period;       // period advertised in the beacon
88    unsigned short capability;          // capabilities advertised in the beacon
89    unsigned int ie_length;             // size of the ie_data blob
90    char         ie_data[1];            // blob of all the information elements found in the
91                                        // beacon; this data should be a packed list of
92                                        // wifi_information_element objects, one after the other.
93    // other fields
94} wifi_scan_result;
95
96static_assert(MAX_BUCKETS <= 8 * sizeof(unsigned),
97        "The buckets_scanned bitset is represented by an unsigned int and cannot support this many "
98        "buckets on this platform.");
99typedef struct {
100    /* reported when each probe response is received, if report_events
101     * enabled in wifi_scan_cmd_params. buckets_scanned is a bitset of the
102     * buckets that are currently being scanned. See the buckets_scanned field
103     * in the wifi_cached_scan_results struct for more details.
104     */
105    void (*on_full_scan_result) (wifi_request_id id, wifi_scan_result *result,
106                                 unsigned buckets_scanned);
107
108    /* indicates progress of scanning statemachine */
109    void (*on_scan_event) (wifi_request_id id, wifi_scan_event event);
110
111} wifi_scan_result_handler;
112
113typedef struct {
114    wifi_channel channel;               // frequency
115    int dwellTimeMs;                    // dwell time hint
116    int passive;                        // 0 => active, 1 => passive scan; ignored for DFS
117    /* Add channel class */
118} wifi_scan_channel_spec;
119
120#define REPORT_EVENTS_EACH_SCAN        (1 << 0)
121#define REPORT_EVENTS_FULL_RESULTS     (1 << 1)
122#define REPORT_EVENTS_NO_BATCH         (1 << 2)
123
124typedef struct {
125    int bucket;                         // bucket index, 0 based
126    wifi_band band;                     // when UNSPECIFIED, use channel list
127    int period;                         // desired period, in millisecond; if this is too
128                                        // low, the firmware should choose to generate results as
129                                        // fast as it can instead of failing the command.
130                                        // for exponential backoff bucket this is the min_period
131    /* report_events semantics -
132     *  This is a bit field; which defines following bits -
133     *  REPORT_EVENTS_EACH_SCAN    => report a scan completion event after scan. If this is not set
134     *                                 then scan completion events should be reported if
135     *                                 report_threshold_percent or report_threshold_num_scans is
136     *                                 reached.
137     *  REPORT_EVENTS_FULL_RESULTS => forward scan results (beacons/probe responses + IEs)
138     *                                 in real time to HAL, in addition to completion events
139     *                                 Note: To keep backward compatibility, fire completion
140     *                                 events regardless of REPORT_EVENTS_EACH_SCAN.
141     *  REPORT_EVENTS_NO_BATCH     => controls if scans for this bucket should be placed in the
142     *                                 history buffer
143     */
144    byte report_events;
145    int max_period; // if max_period is non zero or different than period, then this bucket is
146                    // an exponential backoff bucket and the scan period will grow exponentially
147                    // as per formula: actual_period(N) = period * (base ^ (N/step_count))
148                    // to a maximum period of max_period
149    int base;       // for exponential back off bucket: multiplier: new_period=old_period*base
150    int step_count; // for exponential back off bucket, number of scans to perform for a given
151                    // period
152
153    int num_channels;
154    // channels to scan; these may include DFS channels
155    // Note that a given channel may appear in multiple buckets
156    wifi_scan_channel_spec channels[MAX_CHANNELS];
157} wifi_scan_bucket_spec;
158
159typedef struct {
160    int base_period;                    // base timer period in ms
161    int max_ap_per_scan;                // number of access points to store in each scan entry in
162                                        // the BSSID/RSSI history buffer (keep the highest RSSI
163                                        // access points)
164    int report_threshold_percent;       // in %, when scan buffer is this much full, wake up apps
165                                        // processor
166    int report_threshold_num_scans;     // in number of scans, wake up AP after these many scans
167    int num_buckets;
168    wifi_scan_bucket_spec buckets[MAX_BUCKETS];
169} wifi_scan_cmd_params;
170
171/*
172 * Start periodic GSCAN
173 * When this is called all requested buckets should be scanned, starting the beginning of the cycle
174 *
175 * For example:
176 * If there are two buckets specified
177 *  - Bucket 1: period=10s
178 *  - Bucket 2: period=20s
179 *  - Bucket 3: period=30s
180 * Then the following scans should occur
181 *  - t=0  buckets 1, 2, and 3 are scanned
182 *  - t=10 bucket 1 is scanned
183 *  - t=20 bucket 1 and 2 are scanned
184 *  - t=30 bucket 1 and 3 are scanned
185 *  - t=40 bucket 1 and 2 are scanned
186 *  - t=50 bucket 1 is scanned
187 *  - t=60 buckets 1, 2, and 3 are scanned
188 *  - and the patter repeats
189 *
190 * If any scan does not occur or is incomplete (error, interrupted, etc) then a cached scan result
191 * should still be recorded with the WIFI_SCAN_FLAG_INTERRUPTED flag set.
192 */
193wifi_error wifi_start_gscan(wifi_request_id id, wifi_interface_handle iface,
194        wifi_scan_cmd_params params, wifi_scan_result_handler handler);
195
196/* Stop periodic GSCAN */
197wifi_error wifi_stop_gscan(wifi_request_id id, wifi_interface_handle iface);
198
199typedef enum {
200    WIFI_SCAN_FLAG_INTERRUPTED = 1      // Indicates that scan results are not complete because
201                                        // probes were not sent on some channels
202} wifi_scan_flags;
203
204/* Get the GSCAN cached scan results */
205typedef struct {
206    int scan_id;                                     // a unique identifier for the scan unit
207    int flags;                                       // a bitmask with additional
208                                                     // information about scan.
209    unsigned buckets_scanned;                        // a bitset of the buckets that were scanned.
210                                                     // for example a value of 13 (0b1101) would
211                                                     // indicate that buckets 0, 2 and 3 were
212                                                     // scanned to produce this list of results.
213                                                     // should be set to 0 if this information is
214                                                     // not available.
215    int num_results;                                 // number of bssids retrieved by the scan
216    wifi_scan_result results[MAX_AP_CACHE_PER_SCAN]; // scan results - one for each bssid
217} wifi_cached_scan_results;
218
219wifi_error wifi_get_cached_gscan_results(wifi_interface_handle iface, byte flush,
220        int max, wifi_cached_scan_results *results, int *num);
221
222/* BSSID Hotlist */
223typedef struct {
224    void (*on_hotlist_ap_found)(wifi_request_id id,
225            unsigned num_results, wifi_scan_result *results);
226    void (*on_hotlist_ap_lost)(wifi_request_id id,
227            unsigned num_results, wifi_scan_result *results);
228} wifi_hotlist_ap_found_handler;
229
230typedef struct {
231    mac_addr  bssid;                    // AP BSSID
232    wifi_rssi low;                      // low threshold
233    wifi_rssi high;                     // high threshold
234} ap_threshold_param;
235
236typedef struct {
237    int lost_ap_sample_size;
238    int num_bssid;                                 // number of hotlist APs
239    ap_threshold_param ap[MAX_HOTLIST_APS];     // hotlist APs
240} wifi_bssid_hotlist_params;
241
242/* Set the BSSID Hotlist */
243wifi_error wifi_set_bssid_hotlist(wifi_request_id id, wifi_interface_handle iface,
244        wifi_bssid_hotlist_params params, wifi_hotlist_ap_found_handler handler);
245
246/* Clear the BSSID Hotlist */
247wifi_error wifi_reset_bssid_hotlist(wifi_request_id id, wifi_interface_handle iface);
248
249/* SSID Hotlist */
250typedef struct {
251    void (*on_hotlist_ssid_found)(wifi_request_id id,
252            unsigned num_results, wifi_scan_result *results);
253    void (*on_hotlist_ssid_lost)(wifi_request_id id,
254            unsigned num_results, wifi_scan_result *results);
255} wifi_hotlist_ssid_handler;
256
257typedef struct {
258    char  ssid[32+1];                   // SSID
259    wifi_band band;                     // band for this set of threshold params
260    wifi_rssi low;                      // low threshold
261    wifi_rssi high;                     // high threshold
262} ssid_threshold_param;
263
264typedef struct {
265    int lost_ssid_sample_size;
266    int num_ssid;                                   // number of hotlist SSIDs
267    ssid_threshold_param ssid[MAX_HOTLIST_SSID];    // hotlist SSIDs
268} wifi_ssid_hotlist_params;
269
270/* BSSID blacklist */
271typedef struct {
272    int num_bssid;                           // number of blacklisted BSSIDs
273    mac_addr bssids[MAX_BLACKLIST_BSSID];    // blacklisted BSSIDs
274} wifi_bssid_params;
275
276/* Set the BSSID blacklist */
277wifi_error wifi_set_bssid_blacklist(wifi_request_id id, wifi_interface_handle iface,
278        wifi_bssid_params params);
279
280/* Significant wifi change */
281typedef struct {
282    mac_addr bssid;                     // BSSID
283    wifi_channel channel;               // channel frequency in MHz
284    int num_rssi;                       // number of rssi samples
285    wifi_rssi rssi[];                   // RSSI history in db
286} wifi_significant_change_result;
287
288typedef struct {
289    void (*on_significant_change)(wifi_request_id id,
290            unsigned num_results, wifi_significant_change_result **results);
291} wifi_significant_change_handler;
292
293// The sample size parameters in the wifi_significant_change_params structure
294// represent the number of occurence of a g-scan where the BSSID was seen and RSSI was
295// collected for that BSSID, or, the BSSID was expected to be seen and didn't.
296// for instance: lost_ap_sample_size : number of time a g-scan was performed on the
297// channel the BSSID was seen last, and the BSSID was not seen during those g-scans
298typedef struct {
299    int rssi_sample_size;               // number of samples for averaging RSSI
300    int lost_ap_sample_size;            // number of samples to confirm AP loss
301    int min_breaching;                  // number of APs breaching threshold
302    int num_bssid;                         // max 64
303    ap_threshold_param ap[MAX_SIGNIFICANT_CHANGE_APS];
304} wifi_significant_change_params;
305
306/* Set the Signifcant AP change list */
307wifi_error wifi_set_significant_change_handler(wifi_request_id id, wifi_interface_handle iface,
308        wifi_significant_change_params params, wifi_significant_change_handler handler);
309
310/* Clear the Signifcant AP change list */
311wifi_error wifi_reset_significant_change_handler(wifi_request_id id, wifi_interface_handle iface);
312
313/* Random MAC OUI for PNO */
314wifi_error wifi_set_scanning_mac_oui(wifi_interface_handle handle, oui scan_oui);
315
316
317// Enhanced PNO:
318// Enhanced PNO feature is expected to be enabled all of the time (e.g. screen lit) and may thus
319// require firmware to store a large number of networks, covering the whole list of known networks.
320// Therefore, it is acceptable for firmware to store a crc24, crc32 or other short hash of the SSID,
321// such that a low but non-zero probability of collision exist. With that scheme it should be
322// possible for firmware to keep an entry as small as 4 bytes for each pno network.
323// For instance, a firmware pn0 entry can be implemented in the form of:
324//          PNO ENTRY = crc24(3 bytes) | flags>>3 (5 bits) | auth flags(3 bits)
325//
326// No scans should be automatically performed by the chip. Instead all scan results from gscan
327// should be scored and the wifi_epno_handler on_network_found callback should be called with
328// the scan results.
329//
330// A PNO network shall be reported once, that is, once a network is reported by firmware
331// its entry shall be marked as "done" until framework calls wifi_set_epno_list again.
332// Calling wifi_set_epno_list shall reset the "done" status of pno networks in firmware.
333//
334// A network should only be considered found if its RSSI is above the minimum RSSI for its
335// frequency range (min5GHz_rssi and min24GHz_rssi for 5GHz and 2.4GHz networks respectively).
336// When disconnected the list of scan results should be returned if any network is found.
337// When connected the scan results shall be reported only if the score of any network in the scan
338// is greater than that of the currently connected BSSID.
339//
340// The FW should calculate the score of all the candidates (including currently connected one)
341//   with following equation:
342//     RSSI score = (RSSI + 85) * 4;
343//     If RSSI score > initial_score_max , RSSI score = initial_score_max;
344//     final score = RSSI score
345//         + current_connection_bonus (if currently connected BSSID)
346//         + same_network_bonus (if network has SAME_NETWORK flag)
347//         + secure_bonus (if the network is not open)
348//         + band5GHz_bonus (if BSSID is on 5G)
349//     If there is a BSSID’s score > current BSSID’s score, then report the cached scan results
350//         at the end of the scan (excluding the ones on blacklist) to the upper layer.
351// Additionally, all BSSIDs that are in the BSSID blacklist should be ignored by Enhanced PNO
352
353// Whether directed scan needs to be performed (for hidden SSIDs)
354#define WIFI_PNO_FLAG_DIRECTED_SCAN (1 << 0)
355// Whether PNO event shall be triggered if the network is found on A band
356#define WIFI_PNO_FLAG_A_BAND (1 << 1)
357// Whether PNO event shall be triggered if the network is found on G band
358#define WIFI_PNO_FLAG_G_BAND (1 << 2)
359// Whether strict matching is required
360// If required then the firmware must store the network's SSID and not just a hash
361#define WIFI_PNO_FLAG_STRICT_MATCH (1 << 3)
362// If this SSID should be considered the same network as the currently connected one for scoring
363#define WIFI_PNO_FLAG_SAME_NETWORK (1 << 4)
364
365// Code for matching the beacon AUTH IE - additional codes TBD
366#define WIFI_PNO_AUTH_CODE_OPEN  (1 << 0) // open
367#define WIFI_PNO_AUTH_CODE_PSK   (1 << 1) // WPA_PSK or WPA2PSK
368#define WIFI_PNO_AUTH_CODE_EAPOL (1 << 2) // any EAPOL
369
370typedef struct {
371    char ssid[32+1];     // null terminated
372    byte flags;          // WIFI_PNO_FLAG_XXX
373    byte auth_bit_field; // auth bit field for matching WPA IE
374} wifi_epno_network;
375
376/* ePNO Parameters */
377typedef struct {
378    int min5GHz_rssi;               // minimum 5GHz RSSI for a BSSID to be considered
379    int min24GHz_rssi;              // minimum 2.4GHz RSSI for a BSSID to be considered
380    int initial_score_max;          // the maximum score that a network can have before bonuses
381    int current_connection_bonus;   // only report when there is a network's score this much higher
382                                    // than the current connection.
383    int same_network_bonus;         // score bonus for all networks with the same network flag
384    int secure_bonus;               // score bonus for networks that are not open
385    int band5GHz_bonus;             // 5GHz RSSI score bonus (applied to all 5GHz networks)
386    int num_networks;               // number of wifi_epno_network objects
387    wifi_epno_network networks[MAX_EPNO_NETWORKS];   // PNO networks
388} wifi_epno_params;
389
390typedef struct {
391    // on results
392    void (*on_network_found)(wifi_request_id id,
393            unsigned num_results, wifi_scan_result *results);
394} wifi_epno_handler;
395
396
397/* Set the ePNO list - enable ePNO with the given parameters */
398wifi_error wifi_set_epno_list(wifi_request_id id, wifi_interface_handle iface,
399        const wifi_epno_params *epno_params, wifi_epno_handler handler);
400
401/* Reset the ePNO list - no ePNO networks should be matched after this */
402wifi_error wifi_reset_epno_list(wifi_request_id id, wifi_interface_handle iface);
403
404
405typedef struct {
406    int  id;                            // identifier of this network block, report this in event
407    char realm[256];                    // null terminated UTF8 encoded realm, 0 if unspecified
408    int64_t roamingConsortiumIds[16];   // roaming consortium ids to match, 0s if unspecified
409    byte plmn[3];                       // mcc/mnc combination as per rules, 0s if unspecified
410} wifi_passpoint_network;
411
412typedef struct {
413    void (*on_passpoint_network_found)(
414            wifi_request_id id,
415            int net_id,                        // network block identifier for the matched network
416            wifi_scan_result *result,          // scan result, with channel and beacon information
417            int anqp_len,                      // length of ANQP blob
418            byte *anqp                         // ANQP data, in the information_element format
419            );
420} wifi_passpoint_event_handler;
421
422/* Sets a list for passpoint networks for PNO purposes; it should be matched
423 * against any passpoint networks (designated by Interworking element) found
424 * during regular PNO scan. */
425wifi_error wifi_set_passpoint_list(wifi_request_id id, wifi_interface_handle iface, int num,
426        wifi_passpoint_network *networks, wifi_passpoint_event_handler handler);
427
428/* Reset passpoint network list - no Passpoint networks should be matched after this */
429wifi_error wifi_reset_passpoint_list(wifi_request_id id, wifi_interface_handle iface);
430
431#endif
432