3 #ifndef __WIFI_HAL_GSCAN_H__
4 #define __WIFI_HAL_GSCAN_H__
10 WIFI_BAND_BG = 1, // 2.4 GHz
11 WIFI_BAND_A = 2, // 5 GHz without DFS
12 WIFI_BAND_A_DFS = 4, // 5 GHz DFS only
13 WIFI_BAND_A_WITH_DFS = 6, // 5 GHz with DFS
14 WIFI_BAND_ABG = 3, // 2.4 GHz + 5 GHz; no DFS
15 WIFI_BAND_ABG_WITH_DFS = 7, // 2.4 GHz + 5 GHz with DFS
18 const unsigned MAX_CHANNELS = 16;
19 const unsigned MAX_BUCKETS = 16;
20 const unsigned MAX_HOTLIST_APS = 128;
21 const unsigned MAX_SIGNIFICANT_CHANGE_APS = 64;
22 const unsigned MAX_EPNO_NETWORKS = 64;
23 const unsigned MAX_HOTLIST_SSID = 8;
24 const unsigned MAX_BLACKLIST_BSSID = 16;
25 const unsigned MAX_AP_CACHE_PER_SCAN = 32;
27 wifi_error wifi_get_valid_channels(wifi_interface_handle handle,
28 int band, int max_channels, wifi_channel *channels, int *num_channels);
31 int max_scan_cache_size; // total space allocated for scan (in bytes)
32 int max_scan_buckets; // maximum number of channel buckets
33 int max_ap_cache_per_scan; // maximum number of APs that can be stored per scan
34 int max_rssi_sample_size; // number of RSSI samples used for averaging RSSI
35 int max_scan_reporting_threshold; // max possible report_threshold as described
36 // in wifi_scan_cmd_params
37 int max_hotlist_bssids; // maximum number of entries for hotlist BSSIDs
38 int max_hotlist_ssids; // maximum number of entries for hotlist SSIDs
39 int max_significant_wifi_change_aps; // maximum number of entries for
40 // significant wifi change APs
41 int max_bssid_history_entries; // number of BSSID/RSSI entries that device can hold
42 int max_number_epno_networks; // max number of epno entries
43 int max_number_epno_networks_by_ssid; // max number of epno entries if ssid is specified,
44 // that is, epno entries for which an exact match is
45 // required, or entries corresponding to hidden ssids
46 int max_number_of_white_listed_ssid; // max number of white listed SSIDs, M target is 2 to 4
47 } wifi_gscan_capabilities;
49 wifi_error wifi_get_gscan_capabilities(wifi_interface_handle handle,
50 wifi_gscan_capabilities *capabilities);
53 WIFI_SCAN_RESULTS_AVAILABLE, // reported when REPORT_EVENTS_EACH_SCAN is set and a scan
54 // completes. WIFI_SCAN_THRESHOLD_NUM_SCANS or
55 // WIFI_SCAN_THRESHOLD_PERCENT can be reported instead if the
56 // reason for the event is available; however, at most one of
57 // these events should be reported per scan. If there are
58 // multiple buckets that were scanned this period and one has the
59 // EACH_SCAN flag set then this event should be prefered.
60 WIFI_SCAN_THRESHOLD_NUM_SCANS, // can be reported when REPORT_EVENTS_EACH_SCAN is not set and
61 // report_threshold_num_scans is reached.
62 WIFI_SCAN_THRESHOLD_PERCENT, // can be reported when REPORT_EVENTS_EACH_SCAN is not set and
63 // report_threshold_percent is reached.
64 WIFI_SCAN_FAILED, // reported when currently executing gscans have failed.
65 // start_gscan will need to be called again in order to continue
66 // scanning. This is intended to indicate abnormal scan
67 // terminations (not those as a result of stop_gscan).
71 /* Format of information elements found in the beacon */
73 byte id; // element identifier
74 byte len; // number of bytes to follow
76 } wifi_information_element;
79 wifi_timestamp ts; // time since boot (in microsecond) when the result was
81 char ssid[32+1]; // null terminated
83 wifi_channel channel; // channel frequency in MHz
84 wifi_rssi rssi; // in db
85 wifi_timespan rtt; // in nanoseconds
86 wifi_timespan rtt_sd; // standard deviation in rtt
87 unsigned short beacon_period; // period advertised in the beacon
88 unsigned short capability; // capabilities advertised in the beacon
89 unsigned int ie_length; // size of the ie_data blob
90 char ie_data[1]; // blob of all the information elements found in the
91 // beacon; this data should be a packed list of
92 // wifi_information_element objects, one after the other.
96 static_assert(MAX_BUCKETS <= 8 * sizeof(unsigned),
97 "The buckets_scanned bitset is represented by an unsigned int and cannot support this many "
98 "buckets on this platform.");
100 /* reported when each probe response is received, if report_events
101 * enabled in wifi_scan_cmd_params. buckets_scanned is a bitset of the
102 * buckets that are currently being scanned. See the buckets_scanned field
103 * in the wifi_cached_scan_results struct for more details.
105 void (*on_full_scan_result) (wifi_request_id id, wifi_scan_result *result,
106 unsigned buckets_scanned);
108 /* indicates progress of scanning statemachine */
109 void (*on_scan_event) (wifi_request_id id, wifi_scan_event event);
111 } wifi_scan_result_handler;
114 wifi_channel channel; // frequency
115 int dwellTimeMs; // dwell time hint
116 int passive; // 0 => active, 1 => passive scan; ignored for DFS
117 /* Add channel class */
118 } wifi_scan_channel_spec;
120 #define REPORT_EVENTS_EACH_SCAN (1 << 0)
121 #define REPORT_EVENTS_FULL_RESULTS (1 << 1)
122 #define REPORT_EVENTS_NO_BATCH (1 << 2)
123 #define REPORT_EVENTS_CONTEXT_HUB (1 << 3)
126 int bucket; // bucket index, 0 based
127 wifi_band band; // when UNSPECIFIED, use channel list
128 int period; // desired period, in millisecond; if this is too
129 // low, the firmware should choose to generate results as
130 // fast as it can instead of failing the command.
131 // for exponential backoff bucket this is the min_period
132 /* report_events semantics -
133 * This is a bit field; which defines following bits -
134 * REPORT_EVENTS_EACH_SCAN => report a scan completion event after scan. If this is not set
135 * then scan completion events should be reported if
136 * report_threshold_percent or report_threshold_num_scans is
138 * REPORT_EVENTS_FULL_RESULTS => forward scan results (beacons/probe responses + IEs)
139 * in real time to HAL, in addition to completion events
140 * Note: To keep backward compatibility, fire completion
141 * events regardless of REPORT_EVENTS_EACH_SCAN.
142 * REPORT_EVENTS_NO_BATCH => controls if scans for this bucket should be placed in the
144 * REPORT_EVENTS_CONTEXT_HUB => forward full scan results in real time and completion events
148 int max_period; // if max_period is non zero or different than period, then this bucket is
149 // an exponential backoff bucket and the scan period will grow exponentially
150 // as per formula: actual_period(N) = period * (base ^ (N/step_count))
151 // to a maximum period of max_period
152 int base; // for exponential back off bucket: multiplier: new_period=old_period*base
153 int step_count; // for exponential back off bucket, number of scans to perform for a given
157 // channels to scan; these may include DFS channels
158 // Note that a given channel may appear in multiple buckets
159 wifi_scan_channel_spec channels[MAX_CHANNELS];
160 } wifi_scan_bucket_spec;
163 int base_period; // base timer period in ms
164 int max_ap_per_scan; // number of access points to store in each scan entry in
165 // the BSSID/RSSI history buffer (keep the highest RSSI
167 int report_threshold_percent; // in %, when scan buffer is this much full, wake up apps
169 int report_threshold_num_scans; // in number of scans, wake up AP after these many scans
171 wifi_scan_bucket_spec buckets[MAX_BUCKETS];
172 } wifi_scan_cmd_params;
175 * Start periodic GSCAN
176 * When this is called all requested buckets should be scanned, starting the beginning of the cycle
179 * If there are two buckets specified
180 * - Bucket 1: period=10s
181 * - Bucket 2: period=20s
182 * - Bucket 3: period=30s
183 * Then the following scans should occur
184 * - t=0 buckets 1, 2, and 3 are scanned
185 * - t=10 bucket 1 is scanned
186 * - t=20 bucket 1 and 2 are scanned
187 * - t=30 bucket 1 and 3 are scanned
188 * - t=40 bucket 1 and 2 are scanned
189 * - t=50 bucket 1 is scanned
190 * - t=60 buckets 1, 2, and 3 are scanned
191 * - and the patter repeats
193 * If any scan does not occur or is incomplete (error, interrupted, etc) then a cached scan result
194 * should still be recorded with the WIFI_SCAN_FLAG_INTERRUPTED flag set.
196 wifi_error wifi_start_gscan(wifi_request_id id, wifi_interface_handle iface,
197 wifi_scan_cmd_params params, wifi_scan_result_handler handler);
199 /* Stop periodic GSCAN */
200 wifi_error wifi_stop_gscan(wifi_request_id id, wifi_interface_handle iface);
203 WIFI_SCAN_FLAG_INTERRUPTED = 1 // Indicates that scan results are not complete because
204 // probes were not sent on some channels
207 /* Get the GSCAN cached scan results */
209 int scan_id; // a unique identifier for the scan unit
210 int flags; // a bitmask with additional
211 // information about scan.
212 unsigned buckets_scanned; // a bitset of the buckets that were scanned.
213 // for example a value of 13 (0b1101) would
214 // indicate that buckets 0, 2 and 3 were
215 // scanned to produce this list of results.
216 // should be set to 0 if this information is
218 int num_results; // number of bssids retrieved by the scan
219 wifi_scan_result results[MAX_AP_CACHE_PER_SCAN]; // scan results - one for each bssid
220 } wifi_cached_scan_results;
222 wifi_error wifi_get_cached_gscan_results(wifi_interface_handle iface, byte flush,
223 int max, wifi_cached_scan_results *results, int *num);
227 void (*on_hotlist_ap_found)(wifi_request_id id,
228 unsigned num_results, wifi_scan_result *results);
229 void (*on_hotlist_ap_lost)(wifi_request_id id,
230 unsigned num_results, wifi_scan_result *results);
231 } wifi_hotlist_ap_found_handler;
234 mac_addr bssid; // AP BSSID
235 wifi_rssi low; // low threshold
236 wifi_rssi high; // high threshold
237 } ap_threshold_param;
240 int lost_ap_sample_size;
241 int num_bssid; // number of hotlist APs
242 ap_threshold_param ap[MAX_HOTLIST_APS]; // hotlist APs
243 } wifi_bssid_hotlist_params;
245 /* Set the BSSID Hotlist */
246 wifi_error wifi_set_bssid_hotlist(wifi_request_id id, wifi_interface_handle iface,
247 wifi_bssid_hotlist_params params, wifi_hotlist_ap_found_handler handler);
249 /* Clear the BSSID Hotlist */
250 wifi_error wifi_reset_bssid_hotlist(wifi_request_id id, wifi_interface_handle iface);
254 void (*on_hotlist_ssid_found)(wifi_request_id id,
255 unsigned num_results, wifi_scan_result *results);
256 void (*on_hotlist_ssid_lost)(wifi_request_id id,
257 unsigned num_results, wifi_scan_result *results);
258 } wifi_hotlist_ssid_handler;
261 char ssid[32+1]; // SSID
262 wifi_band band; // band for this set of threshold params
263 wifi_rssi low; // low threshold
264 wifi_rssi high; // high threshold
265 } ssid_threshold_param;
268 int lost_ssid_sample_size;
269 int num_ssid; // number of hotlist SSIDs
270 ssid_threshold_param ssid[MAX_HOTLIST_SSID]; // hotlist SSIDs
271 } wifi_ssid_hotlist_params;
273 /* BSSID blacklist */
275 int num_bssid; // number of blacklisted BSSIDs
276 mac_addr bssids[MAX_BLACKLIST_BSSID]; // blacklisted BSSIDs
279 /* Set the BSSID blacklist */
280 wifi_error wifi_set_bssid_blacklist(wifi_request_id id, wifi_interface_handle iface,
281 wifi_bssid_params params);
283 /* Significant wifi change */
285 mac_addr bssid; // BSSID
286 wifi_channel channel; // channel frequency in MHz
287 int num_rssi; // number of rssi samples
288 wifi_rssi rssi[]; // RSSI history in db
289 } wifi_significant_change_result;
292 void (*on_significant_change)(wifi_request_id id,
293 unsigned num_results, wifi_significant_change_result **results);
294 } wifi_significant_change_handler;
296 // The sample size parameters in the wifi_significant_change_params structure
297 // represent the number of occurence of a g-scan where the BSSID was seen and RSSI was
298 // collected for that BSSID, or, the BSSID was expected to be seen and didn't.
299 // for instance: lost_ap_sample_size : number of time a g-scan was performed on the
300 // channel the BSSID was seen last, and the BSSID was not seen during those g-scans
302 int rssi_sample_size; // number of samples for averaging RSSI
303 int lost_ap_sample_size; // number of samples to confirm AP loss
304 int min_breaching; // number of APs breaching threshold
305 int num_bssid; // max 64
306 ap_threshold_param ap[MAX_SIGNIFICANT_CHANGE_APS];
307 } wifi_significant_change_params;
309 /* Set the Signifcant AP change list */
310 wifi_error wifi_set_significant_change_handler(wifi_request_id id, wifi_interface_handle iface,
311 wifi_significant_change_params params, wifi_significant_change_handler handler);
313 /* Clear the Signifcant AP change list */
314 wifi_error wifi_reset_significant_change_handler(wifi_request_id id, wifi_interface_handle iface);
316 /* Random MAC OUI for PNO */
317 wifi_error wifi_set_scanning_mac_oui(wifi_interface_handle handle, oui scan_oui);
321 // Enhanced PNO feature is expected to be enabled all of the time (e.g. screen lit) and may thus
322 // require firmware to store a large number of networks, covering the whole list of known networks.
323 // Therefore, it is acceptable for firmware to store a crc24, crc32 or other short hash of the SSID,
324 // such that a low but non-zero probability of collision exist. With that scheme it should be
325 // possible for firmware to keep an entry as small as 4 bytes for each pno network.
326 // For instance, a firmware pn0 entry can be implemented in the form of:
327 // PNO ENTRY = crc24(3 bytes) | flags>>3 (5 bits) | auth flags(3 bits)
329 // No scans should be automatically performed by the chip. Instead all scan results from gscan
330 // should be scored and the wifi_epno_handler on_network_found callback should be called with
333 // A PNO network shall be reported once, that is, once a network is reported by firmware
334 // its entry shall be marked as "done" until framework calls wifi_set_epno_list again.
335 // Calling wifi_set_epno_list shall reset the "done" status of pno networks in firmware.
337 // A network should only be considered found if its RSSI is above the minimum RSSI for its
338 // frequency range (min5GHz_rssi and min24GHz_rssi for 5GHz and 2.4GHz networks respectively).
339 // When disconnected the list of scan results should be returned if any network is found.
340 // When connected the scan results shall be reported only if the score of any network in the scan
341 // is greater than that of the currently connected BSSID.
343 // The FW should calculate the score of all the candidates (including currently connected one)
344 // with following equation:
345 // RSSI score = (RSSI + 85) * 4;
346 // If RSSI score > initial_score_max , RSSI score = initial_score_max;
347 // final score = RSSI score
348 // + current_connection_bonus (if currently connected BSSID)
349 // + same_network_bonus (if network has SAME_NETWORK flag)
350 // + secure_bonus (if the network is not open)
351 // + band5GHz_bonus (if BSSID is on 5G)
352 // If there is a BSSID’s score > current BSSID’s score, then report the cached scan results
353 // at the end of the scan (excluding the ones on blacklist) to the upper layer.
354 // Additionally, all BSSIDs that are in the BSSID blacklist should be ignored by Enhanced PNO
356 // Whether directed scan needs to be performed (for hidden SSIDs)
357 #define WIFI_PNO_FLAG_DIRECTED_SCAN (1 << 0)
358 // Whether PNO event shall be triggered if the network is found on A band
359 #define WIFI_PNO_FLAG_A_BAND (1 << 1)
360 // Whether PNO event shall be triggered if the network is found on G band
361 #define WIFI_PNO_FLAG_G_BAND (1 << 2)
362 // Whether strict matching is required
363 // If required then the firmware must store the network's SSID and not just a hash
364 #define WIFI_PNO_FLAG_STRICT_MATCH (1 << 3)
365 // If this SSID should be considered the same network as the currently connected one for scoring
366 #define WIFI_PNO_FLAG_SAME_NETWORK (1 << 4)
368 // Code for matching the beacon AUTH IE - additional codes TBD
369 #define WIFI_PNO_AUTH_CODE_OPEN (1 << 0) // open
370 #define WIFI_PNO_AUTH_CODE_PSK (1 << 1) // WPA_PSK or WPA2PSK
371 #define WIFI_PNO_AUTH_CODE_EAPOL (1 << 2) // any EAPOL
374 char ssid[32+1]; // null terminated
375 byte flags; // WIFI_PNO_FLAG_XXX
376 byte auth_bit_field; // auth bit field for matching WPA IE
379 /* ePNO Parameters */
381 int min5GHz_rssi; // minimum 5GHz RSSI for a BSSID to be considered
382 int min24GHz_rssi; // minimum 2.4GHz RSSI for a BSSID to be considered
383 int initial_score_max; // the maximum score that a network can have before bonuses
384 int current_connection_bonus; // only report when there is a network's score this much higher
385 // than the current connection.
386 int same_network_bonus; // score bonus for all networks with the same network flag
387 int secure_bonus; // score bonus for networks that are not open
388 int band5GHz_bonus; // 5GHz RSSI score bonus (applied to all 5GHz networks)
389 int num_networks; // number of wifi_epno_network objects
390 wifi_epno_network networks[MAX_EPNO_NETWORKS]; // PNO networks
395 void (*on_network_found)(wifi_request_id id,
396 unsigned num_results, wifi_scan_result *results);
400 /* Set the ePNO list - enable ePNO with the given parameters */
401 wifi_error wifi_set_epno_list(wifi_request_id id, wifi_interface_handle iface,
402 const wifi_epno_params *epno_params, wifi_epno_handler handler);
404 /* Reset the ePNO list - no ePNO networks should be matched after this */
405 wifi_error wifi_reset_epno_list(wifi_request_id id, wifi_interface_handle iface);
409 int id; // identifier of this network block, report this in event
410 char realm[256]; // null terminated UTF8 encoded realm, 0 if unspecified
411 int64_t roamingConsortiumIds[16]; // roaming consortium ids to match, 0s if unspecified
412 byte plmn[3]; // mcc/mnc combination as per rules, 0s if unspecified
413 } wifi_passpoint_network;
416 void (*on_passpoint_network_found)(
418 int net_id, // network block identifier for the matched network
419 wifi_scan_result *result, // scan result, with channel and beacon information
420 int anqp_len, // length of ANQP blob
421 byte *anqp // ANQP data, in the information_element format
423 } wifi_passpoint_event_handler;
425 /* Sets a list for passpoint networks for PNO purposes; it should be matched
426 * against any passpoint networks (designated by Interworking element) found
427 * during regular PNO scan. */
428 wifi_error wifi_set_passpoint_list(wifi_request_id id, wifi_interface_handle iface, int num,
429 wifi_passpoint_network *networks, wifi_passpoint_event_handler handler);
431 /* Reset passpoint network list - no Passpoint networks should be matched after this */
432 wifi_error wifi_reset_passpoint_list(wifi_request_id id, wifi_interface_handle iface);