ieee80211_tx_h_check_assoc() was dropping everything else than probe
requests during software scan. So the null frame with the power save
bit was dropped and AP never received it. This meant that AP never
buffered any frames for the station during software scan.
Fix this by allowing to transmit both probe request and null frames
during software scan. Tested with stlc45xx.
Signed-off-by: Kalle Valo <[email protected]>
---
net/mac80211/scan.c | 13 +++++++++++++
net/mac80211/tx.c | 9 ++++++++-
2 files changed, 21 insertions(+), 1 deletions(-)
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 5030a3c..46f35dc 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -409,6 +409,19 @@ int ieee80211_start_scan(struct ieee80211_sub_if_data *scan_sdata,
return 0;
}
+ /*
+ * Hardware/driver doesn't support hw_scan, so use software
+ * scanning instead. First send a nullfunc frame with power save
+ * bit on so that AP will buffer the frames for us while we are not
+ * listening, then send probe requests to each channel and wait for
+ * the responses. After all channels are scanned, tune back to the
+ * original channel and send a nullfunc frame with power save bit
+ * off to trigger the AP to send us all the buffered frames.
+ *
+ * Note that while local->sw_scanning is true everything else but
+ * nullfunc frames and probe requests will be dropped in
+ * ieee80211_tx_h_check_assoc().
+ */
local->sw_scanning = true;
if (local->ops->sw_scan_start)
local->ops->sw_scan_start(local_to_hw(local));
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 457238a..525d261 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -193,7 +193,14 @@ ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
return TX_CONTINUE;
if (unlikely(tx->local->sw_scanning) &&
- !ieee80211_is_probe_req(hdr->frame_control))
+ !ieee80211_is_probe_req(hdr->frame_control) &&
+ !ieee80211_is_nullfunc(hdr->frame_control))
+ /*
+ * When software scanning only nullfunc frames (to notify
+ * the sleep state to the AP) and probe requests (for the
+ * active scan) are allowed, everything else should be
+ * dropped. See ieee80211_start_scan() for more.
+ */
return TX_DROP;
if (tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
Johannes Berg <[email protected]> writes:
> On Wed, 2009-03-18 at 11:25 +0200, Kalle Valo wrote:
>
>> + /*
>> + * When software scanning only nullfunc frames (to notify
>> + * the sleep state to the AP) and probe requests (for the
>> + * active scan) are allowed, everything else should be
>> + * dropped. See ieee80211_start_scan() for more.
>> + */
>> return TX_DROP;
>
> That makes it sounds "too correct" to drop frames it seems. Should we
> say something like
>
> ... and probe requests (...) are allowed, all other frames
> should not be sent and we should not get here, but if we do
> nonetheless,drop them to avoid sending them off-channel.
>
> Or even add this link:
> http://article.gmane.org/gmane.linux.kernel.wireless.general/30089
Ok, I'll improve it.
> (you also forgot to s/null/nullfunc/ in the subject :) )
Heh, I'll fix that.
v4 coming up.
--
Kalle Valo
On Wed, 2009-03-18 at 11:25 +0200, Kalle Valo wrote:
> diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
> index 457238a..525d261 100644
> --- a/net/mac80211/tx.c
> +++ b/net/mac80211/tx.c
> @@ -193,7 +193,14 @@ ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
> return TX_CONTINUE;
>
> if (unlikely(tx->local->sw_scanning) &&
> - !ieee80211_is_probe_req(hdr->frame_control))
> + !ieee80211_is_probe_req(hdr->frame_control) &&
> + !ieee80211_is_nullfunc(hdr->frame_control))
> + /*
> + * When software scanning only nullfunc frames (to notify
> + * the sleep state to the AP) and probe requests (for the
> + * active scan) are allowed, everything else should be
> + * dropped. See ieee80211_start_scan() for more.
> + */
> return TX_DROP;
That makes it sounds "too correct" to drop frames it seems. Should we
say something like
... and probe requests (...) are allowed, all other frames
should not be sent and we should not get here, but if we do
nonetheless,drop them to avoid sending them off-channel.
Or even add this link:
http://article.gmane.org/gmane.linux.kernel.wireless.general/30089
(you also forgot to s/null/nullfunc/ in the subject :) )
johannes