1#include "wifi_hal.h" 2 3#ifndef __WIFI_HAL_GSCAN_H__ 4#define __WIFI_HAL_GSCAN_H__ 5 6/* AP Scans */ 7 8typedef enum { 9 WIFI_BAND_UNSPECIFIED, 10 WIFI_BAND_BG = 1, // 2.4 GHz 11 WIFI_BAND_A = 2, // 5 GHz without DFS 12 WIFI_BAND_A_DFS = 4, // 5 GHz DFS only 13 WIFI_BAND_A_WITH_DFS = 6, // 5 GHz with DFS 14 WIFI_BAND_ABG = 3, // 2.4 GHz + 5 GHz; no DFS 15 WIFI_BAND_ABG_WITH_DFS = 7, // 2.4 GHz + 5 GHz with DFS 16} wifi_band; 17 18#define MAX_CHANNELS 16 19#define MAX_BUCKETS 16 20#define MAX_HOTLIST_APS 128 21#define MAX_SIGNIFICANT_CHANGE_APS 64 22#define MAX_EPNO_NETWORKS 64 23#define MAX_HOTLIST_SSID 8 24#define MAX_BLACKLIST_BSSID 16 25#define MAX_AP_CACHE_PER_SCAN 32 26 27wifi_error wifi_get_valid_channels(wifi_interface_handle handle, 28 int band, int max_channels, wifi_channel *channels, int *num_channels); 29 30typedef struct { 31 int max_scan_cache_size; // total space allocated for scan (in bytes) 32 int max_scan_buckets; // maximum number of channel buckets 33 int max_ap_cache_per_scan; // maximum number of APs that can be stored per scan 34 int max_rssi_sample_size; // number of RSSI samples used for averaging RSSI 35 int max_scan_reporting_threshold; // max possible report_threshold as described 36 // in wifi_scan_cmd_params 37 int max_hotlist_bssids; // maximum number of entries for hotlist BSSIDs 38 int max_hotlist_ssids; // maximum number of entries for hotlist SSIDs 39 int max_significant_wifi_change_aps; // maximum number of entries for 40 // significant wifi change APs 41 int max_bssid_history_entries; // number of BSSID/RSSI entries that device can hold 42 int max_number_epno_networks; // max number of epno entries 43 int max_number_epno_networks_by_ssid; // max number of epno entries if ssid is specified, 44 // that is, epno entries for which an exact match is 45 // required, or entries corresponding to hidden ssids 46 int max_number_of_white_listed_ssid; // max number of white listed SSIDs, M target is 2 to 4 47} wifi_gscan_capabilities; 48 49wifi_error wifi_get_gscan_capabilities(wifi_interface_handle handle, 50 wifi_gscan_capabilities *capabilities); 51 52typedef enum { 53 WIFI_SCAN_RESULTS_AVAILABLE, // reported when REPORT_EVENTS_EACH_SCAN is set and a scan 54 // completes. WIFI_SCAN_THRESHOLD_NUM_SCANS or 55 // WIFI_SCAN_THRESHOLD_PERCENT can be reported instead if the 56 // reason for the event is available; however, at most one of 57 // these events should be reported per scan. If there are 58 // multiple buckets that were scanned this period and one has the 59 // EACH_SCAN flag set then this event should be prefered. 60 WIFI_SCAN_THRESHOLD_NUM_SCANS, // can be reported when REPORT_EVENTS_EACH_SCAN is not set and 61 // report_threshold_num_scans is reached. 62 WIFI_SCAN_THRESHOLD_PERCENT, // can be reported when REPORT_EVENTS_EACH_SCAN is not set and 63 // report_threshold_percent is reached. 64 WIFI_SCAN_FAILED, // reported when currently executing gscans have failed. 65 // start_gscan will need to be called again in order to continue 66 // scanning. This is intended to indicate abnormal scan 67 // terminations (not those as a result of stop_gscan). 68} wifi_scan_event; 69 70 71/* Format of information elements found in the beacon */ 72typedef struct { 73 byte id; // element identifier 74 byte len; // number of bytes to follow 75 byte data[]; 76} wifi_information_element; 77 78typedef struct { 79 wifi_timestamp ts; // time since boot (in microsecond) when the result was 80 // retrieved 81 char ssid[32+1]; // null terminated 82 mac_addr bssid; 83 wifi_channel channel; // channel frequency in MHz 84 wifi_rssi rssi; // in db 85 wifi_timespan rtt; // in nanoseconds 86 wifi_timespan rtt_sd; // standard deviation in rtt 87 unsigned short beacon_period; // period advertised in the beacon 88 unsigned short capability; // capabilities advertised in the beacon 89 unsigned int ie_length; // size of the ie_data blob 90 char ie_data[1]; // blob of all the information elements found in the 91 // beacon; this data should be a packed list of 92 // wifi_information_element objects, one after the other. 93 // other fields 94} wifi_scan_result; 95 96static_assert(MAX_BUCKETS <= 8 * sizeof(unsigned), 97 "The buckets_scanned bitset is represented by an unsigned int and cannot support this many " 98 "buckets on this platform."); 99typedef struct { 100 /* reported when each probe response is received, if report_events 101 * enabled in wifi_scan_cmd_params. buckets_scanned is a bitset of the 102 * buckets that are currently being scanned. See the buckets_scanned field 103 * in the wifi_cached_scan_results struct for more details. 104 */ 105 void (*on_full_scan_result) (wifi_request_id id, wifi_scan_result *result, 106 unsigned buckets_scanned); 107 108 /* indicates progress of scanning statemachine */ 109 void (*on_scan_event) (wifi_request_id id, wifi_scan_event event); 110 111} wifi_scan_result_handler; 112 113typedef struct { 114 wifi_channel channel; // frequency 115 int dwellTimeMs; // dwell time hint 116 int passive; // 0 => active, 1 => passive scan; ignored for DFS 117 /* Add channel class */ 118} wifi_scan_channel_spec; 119 120#define REPORT_EVENTS_EACH_SCAN (1 << 0) 121#define REPORT_EVENTS_FULL_RESULTS (1 << 1) 122#define REPORT_EVENTS_NO_BATCH (1 << 2) 123 124typedef struct { 125 int bucket; // bucket index, 0 based 126 wifi_band band; // when UNSPECIFIED, use channel list 127 int period; // desired period, in millisecond; if this is too 128 // low, the firmware should choose to generate results as 129 // fast as it can instead of failing the command. 130 // for exponential backoff bucket this is the min_period 131 /* report_events semantics - 132 * This is a bit field; which defines following bits - 133 * REPORT_EVENTS_EACH_SCAN => report a scan completion event after scan. If this is not set 134 * then scan completion events should be reported if 135 * report_threshold_percent or report_threshold_num_scans is 136 * reached. 137 * REPORT_EVENTS_FULL_RESULTS => forward scan results (beacons/probe responses + IEs) 138 * in real time to HAL, in addition to completion events 139 * Note: To keep backward compatibility, fire completion 140 * events regardless of REPORT_EVENTS_EACH_SCAN. 141 * REPORT_EVENTS_NO_BATCH => controls if scans for this bucket should be placed in the 142 * history buffer 143 */ 144 byte report_events; 145 int max_period; // if max_period is non zero or different than period, then this bucket is 146 // an exponential backoff bucket and the scan period will grow exponentially 147 // as per formula: actual_period(N) = period * (base ^ (N/step_count)) 148 // to a maximum period of max_period 149 int base; // for exponential back off bucket: multiplier: new_period=old_period*base 150 int step_count; // for exponential back off bucket, number of scans to perform for a given 151 // period 152 153 int num_channels; 154 // channels to scan; these may include DFS channels 155 // Note that a given channel may appear in multiple buckets 156 wifi_scan_channel_spec channels[MAX_CHANNELS]; 157} wifi_scan_bucket_spec; 158 159typedef struct { 160 int base_period; // base timer period in ms 161 int max_ap_per_scan; // number of access points to store in each scan entry in 162 // the BSSID/RSSI history buffer (keep the highest RSSI 163 // access points) 164 int report_threshold_percent; // in %, when scan buffer is this much full, wake up apps 165 // processor 166 int report_threshold_num_scans; // in number of scans, wake up AP after these many scans 167 int num_buckets; 168 wifi_scan_bucket_spec buckets[MAX_BUCKETS]; 169} wifi_scan_cmd_params; 170 171/* 172 * Start periodic GSCAN 173 * When this is called all requested buckets should be scanned, starting the beginning of the cycle 174 * 175 * For example: 176 * If there are two buckets specified 177 * - Bucket 1: period=10s 178 * - Bucket 2: period=20s 179 * - Bucket 3: period=30s 180 * Then the following scans should occur 181 * - t=0 buckets 1, 2, and 3 are scanned 182 * - t=10 bucket 1 is scanned 183 * - t=20 bucket 1 and 2 are scanned 184 * - t=30 bucket 1 and 3 are scanned 185 * - t=40 bucket 1 and 2 are scanned 186 * - t=50 bucket 1 is scanned 187 * - t=60 buckets 1, 2, and 3 are scanned 188 * - and the patter repeats 189 * 190 * If any scan does not occur or is incomplete (error, interrupted, etc) then a cached scan result 191 * should still be recorded with the WIFI_SCAN_FLAG_INTERRUPTED flag set. 192 */ 193wifi_error wifi_start_gscan(wifi_request_id id, wifi_interface_handle iface, 194 wifi_scan_cmd_params params, wifi_scan_result_handler handler); 195 196/* Stop periodic GSCAN */ 197wifi_error wifi_stop_gscan(wifi_request_id id, wifi_interface_handle iface); 198 199typedef enum { 200 WIFI_SCAN_FLAG_INTERRUPTED = 1 // Indicates that scan results are not complete because 201 // probes were not sent on some channels 202} wifi_scan_flags; 203 204/* Get the GSCAN cached scan results */ 205typedef struct { 206 int scan_id; // a unique identifier for the scan unit 207 int flags; // a bitmask with additional 208 // information about scan. 209 unsigned buckets_scanned; // a bitset of the buckets that were scanned. 210 // for example a value of 13 (0b1101) would 211 // indicate that buckets 0, 2 and 3 were 212 // scanned to produce this list of results. 213 // should be set to 0 if this information is 214 // not available. 215 int num_results; // number of bssids retrieved by the scan 216 wifi_scan_result results[MAX_AP_CACHE_PER_SCAN]; // scan results - one for each bssid 217} wifi_cached_scan_results; 218 219wifi_error wifi_get_cached_gscan_results(wifi_interface_handle iface, byte flush, 220 int max, wifi_cached_scan_results *results, int *num); 221 222/* BSSID Hotlist */ 223typedef struct { 224 void (*on_hotlist_ap_found)(wifi_request_id id, 225 unsigned num_results, wifi_scan_result *results); 226 void (*on_hotlist_ap_lost)(wifi_request_id id, 227 unsigned num_results, wifi_scan_result *results); 228} wifi_hotlist_ap_found_handler; 229 230typedef struct { 231 mac_addr bssid; // AP BSSID 232 wifi_rssi low; // low threshold 233 wifi_rssi high; // high threshold 234} ap_threshold_param; 235 236typedef struct { 237 int lost_ap_sample_size; 238 int num_bssid; // number of hotlist APs 239 ap_threshold_param ap[MAX_HOTLIST_APS]; // hotlist APs 240} wifi_bssid_hotlist_params; 241 242/* Set the BSSID Hotlist */ 243wifi_error wifi_set_bssid_hotlist(wifi_request_id id, wifi_interface_handle iface, 244 wifi_bssid_hotlist_params params, wifi_hotlist_ap_found_handler handler); 245 246/* Clear the BSSID Hotlist */ 247wifi_error wifi_reset_bssid_hotlist(wifi_request_id id, wifi_interface_handle iface); 248 249/* SSID Hotlist */ 250typedef struct { 251 void (*on_hotlist_ssid_found)(wifi_request_id id, 252 unsigned num_results, wifi_scan_result *results); 253 void (*on_hotlist_ssid_lost)(wifi_request_id id, 254 unsigned num_results, wifi_scan_result *results); 255} wifi_hotlist_ssid_handler; 256 257typedef struct { 258 char ssid[32+1]; // SSID 259 wifi_band band; // band for this set of threshold params 260 wifi_rssi low; // low threshold 261 wifi_rssi high; // high threshold 262} ssid_threshold_param; 263 264typedef struct { 265 int lost_ssid_sample_size; 266 int num_ssid; // number of hotlist SSIDs 267 ssid_threshold_param ssid[MAX_HOTLIST_SSID]; // hotlist SSIDs 268} wifi_ssid_hotlist_params; 269 270/* BSSID blacklist */ 271typedef struct { 272 int num_bssid; // number of blacklisted BSSIDs 273 mac_addr bssids[MAX_BLACKLIST_BSSID]; // blacklisted BSSIDs 274} wifi_bssid_params; 275 276/* Set the BSSID blacklist */ 277wifi_error wifi_set_bssid_blacklist(wifi_request_id id, wifi_interface_handle iface, 278 wifi_bssid_params params); 279 280/* Significant wifi change */ 281typedef struct { 282 mac_addr bssid; // BSSID 283 wifi_channel channel; // channel frequency in MHz 284 int num_rssi; // number of rssi samples 285 wifi_rssi rssi[]; // RSSI history in db 286} wifi_significant_change_result; 287 288typedef struct { 289 void (*on_significant_change)(wifi_request_id id, 290 unsigned num_results, wifi_significant_change_result **results); 291} wifi_significant_change_handler; 292 293// The sample size parameters in the wifi_significant_change_params structure 294// represent the number of occurence of a g-scan where the BSSID was seen and RSSI was 295// collected for that BSSID, or, the BSSID was expected to be seen and didn't. 296// for instance: lost_ap_sample_size : number of time a g-scan was performed on the 297// channel the BSSID was seen last, and the BSSID was not seen during those g-scans 298typedef struct { 299 int rssi_sample_size; // number of samples for averaging RSSI 300 int lost_ap_sample_size; // number of samples to confirm AP loss 301 int min_breaching; // number of APs breaching threshold 302 int num_bssid; // max 64 303 ap_threshold_param ap[MAX_SIGNIFICANT_CHANGE_APS]; 304} wifi_significant_change_params; 305 306/* Set the Signifcant AP change list */ 307wifi_error wifi_set_significant_change_handler(wifi_request_id id, wifi_interface_handle iface, 308 wifi_significant_change_params params, wifi_significant_change_handler handler); 309 310/* Clear the Signifcant AP change list */ 311wifi_error wifi_reset_significant_change_handler(wifi_request_id id, wifi_interface_handle iface); 312 313/* Random MAC OUI for PNO */ 314wifi_error wifi_set_scanning_mac_oui(wifi_interface_handle handle, oui scan_oui); 315 316 317// Enhanced PNO: 318// Enhanced PNO feature is expected to be enabled all of the time (e.g. screen lit) and may thus 319// require firmware to store a large number of networks, covering the whole list of known networks. 320// Therefore, it is acceptable for firmware to store a crc24, crc32 or other short hash of the SSID, 321// such that a low but non-zero probability of collision exist. With that scheme it should be 322// possible for firmware to keep an entry as small as 4 bytes for each pno network. 323// For instance, a firmware pn0 entry can be implemented in the form of: 324// PNO ENTRY = crc24(3 bytes) | flags>>3 (5 bits) | auth flags(3 bits) 325// 326// No scans should be automatically performed by the chip. Instead all scan results from gscan 327// should be scored and the wifi_epno_handler on_network_found callback should be called with 328// the scan results. 329// 330// A PNO network shall be reported once, that is, once a network is reported by firmware 331// its entry shall be marked as "done" until framework calls wifi_set_epno_list again. 332// Calling wifi_set_epno_list shall reset the "done" status of pno networks in firmware. 333// 334// A network should only be considered found if its RSSI is above the minimum RSSI for its 335// frequency range (min5GHz_rssi and min24GHz_rssi for 5GHz and 2.4GHz networks respectively). 336// When disconnected the list of scan results should be returned if any network is found. 337// When connected the scan results shall be reported only if the score of any network in the scan 338// is greater than that of the currently connected BSSID. 339// 340// The FW should calculate the score of all the candidates (including currently connected one) 341// with following equation: 342// RSSI score = (RSSI + 85) * 4; 343// If RSSI score > initial_score_max , RSSI score = initial_score_max; 344// final score = RSSI score 345// + current_connection_bonus (if currently connected BSSID) 346// + same_network_bonus (if network has SAME_NETWORK flag) 347// + secure_bonus (if the network is not open) 348// + band5GHz_bonus (if BSSID is on 5G) 349// If there is a BSSID’s score > current BSSID’s score, then report the cached scan results 350// at the end of the scan (excluding the ones on blacklist) to the upper layer. 351// Additionally, all BSSIDs that are in the BSSID blacklist should be ignored by Enhanced PNO 352 353// Whether directed scan needs to be performed (for hidden SSIDs) 354#define WIFI_PNO_FLAG_DIRECTED_SCAN (1 << 0) 355// Whether PNO event shall be triggered if the network is found on A band 356#define WIFI_PNO_FLAG_A_BAND (1 << 1) 357// Whether PNO event shall be triggered if the network is found on G band 358#define WIFI_PNO_FLAG_G_BAND (1 << 2) 359// Whether strict matching is required 360// If required then the firmware must store the network's SSID and not just a hash 361#define WIFI_PNO_FLAG_STRICT_MATCH (1 << 3) 362// If this SSID should be considered the same network as the currently connected one for scoring 363#define WIFI_PNO_FLAG_SAME_NETWORK (1 << 4) 364 365// Code for matching the beacon AUTH IE - additional codes TBD 366#define WIFI_PNO_AUTH_CODE_OPEN (1 << 0) // open 367#define WIFI_PNO_AUTH_CODE_PSK (1 << 1) // WPA_PSK or WPA2PSK 368#define WIFI_PNO_AUTH_CODE_EAPOL (1 << 2) // any EAPOL 369 370typedef struct { 371 char ssid[32+1]; // null terminated 372 byte flags; // WIFI_PNO_FLAG_XXX 373 byte auth_bit_field; // auth bit field for matching WPA IE 374} wifi_epno_network; 375 376/* ePNO Parameters */ 377typedef struct { 378 int min5GHz_rssi; // minimum 5GHz RSSI for a BSSID to be considered 379 int min24GHz_rssi; // minimum 2.4GHz RSSI for a BSSID to be considered 380 int initial_score_max; // the maximum score that a network can have before bonuses 381 int current_connection_bonus; // only report when there is a network's score this much higher 382 // than the current connection. 383 int same_network_bonus; // score bonus for all networks with the same network flag 384 int secure_bonus; // score bonus for networks that are not open 385 int band5GHz_bonus; // 5GHz RSSI score bonus (applied to all 5GHz networks) 386 int num_networks; // number of wifi_epno_network objects 387 wifi_epno_network networks[MAX_EPNO_NETWORKS]; // PNO networks 388} wifi_epno_params; 389 390typedef struct { 391 // on results 392 void (*on_network_found)(wifi_request_id id, 393 unsigned num_results, wifi_scan_result *results); 394} wifi_epno_handler; 395 396 397/* Set the ePNO list - enable ePNO with the given parameters */ 398wifi_error wifi_set_epno_list(wifi_request_id id, wifi_interface_handle iface, 399 const wifi_epno_params *epno_params, wifi_epno_handler handler); 400 401/* Reset the ePNO list - no ePNO networks should be matched after this */ 402wifi_error wifi_reset_epno_list(wifi_request_id id, wifi_interface_handle iface); 403 404 405typedef struct { 406 int id; // identifier of this network block, report this in event 407 char realm[256]; // null terminated UTF8 encoded realm, 0 if unspecified 408 int64_t roamingConsortiumIds[16]; // roaming consortium ids to match, 0s if unspecified 409 byte plmn[3]; // mcc/mnc combination as per rules, 0s if unspecified 410} wifi_passpoint_network; 411 412typedef struct { 413 void (*on_passpoint_network_found)( 414 wifi_request_id id, 415 int net_id, // network block identifier for the matched network 416 wifi_scan_result *result, // scan result, with channel and beacon information 417 int anqp_len, // length of ANQP blob 418 byte *anqp // ANQP data, in the information_element format 419 ); 420} wifi_passpoint_event_handler; 421 422/* Sets a list for passpoint networks for PNO purposes; it should be matched 423 * against any passpoint networks (designated by Interworking element) found 424 * during regular PNO scan. */ 425wifi_error wifi_set_passpoint_list(wifi_request_id id, wifi_interface_handle iface, int num, 426 wifi_passpoint_network *networks, wifi_passpoint_event_handler handler); 427 428/* Reset passpoint network list - no Passpoint networks should be matched after this */ 429wifi_error wifi_reset_passpoint_list(wifi_request_id id, wifi_interface_handle iface); 430 431#endif 432