net80211: introduce two extra ieee80211_notify_scan_done()

We have multiple problems with scanning currently, one being that
an initial scan restarts itself and we are unable to start another
scan. wpa_supplicant in that case never shows scan results.
Starting wpa_cli you may see: <3>CTRL-EVENT-SCAN-FAILED ret=-1 retry=1
messages.
Add two extra calls to ieee80211_notify_scan_done() at the end of scans
(before possible restarts). That will get wpa_supplicant to get
scan results and possibly start associating to a BSSID and get us out
of scan. This is kind-of a bandaid but on short notice may help to
improve the situation for some.

Based on analysis by: enweiwu
Submitted by: enweiwu (initial version)
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Tested by: cy, (others I cannot find email/PR for anymore)
Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D38661

net80211: mark argument to scan_curchan_task() __unused

Mostly as documentation mark an unused argument to scan_curchan_task()
as __unused. We may possibly want to check all callers in the future
and see if the argument was supposed to be useful or should be entirely
removed.

Sponsored by: The FreeBSD Foundation
MFC after: 3 days

sys: Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

net80211: define mask for ss_flags rather than using hardcoded 0xfff

scan state ss_flags in two places cut off the "internal" GOTPICK
options. Replace the hardcoded 0xfff with a defined mask.
Note that "internal" flags is confusing as we also supplement the
the 16bit by another 16bit of "internal flags" passed around but
comaparing to GOTPICK never stored to my understanding.

No functional change.

Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D38832

net80211: ieee80211_swscan_bg_scan() track return variable under lock

As the comment says it probably does not matter but use a local
variable to track state under lock so we can return the last known
good state of what we thought we were operating under after unlocking.

Likely no functional changes.

Sponsored by: The FreeBSD Foundation
MFC atfer: 3 days
Reviewed by: enweiwu, adrian
Differential Revision: https://reviews.freebsd.org/D38660

IfAPI: Explicitly include <net/if_private.h> in netstack

Summary:
In preparation of making if_t completely opaque outside of the netstack,
explicitly include the header. <net/if_var.h> will stop including the
header in the future.

Sponsored by: Juniper Networks, Inc.
Reviewed by: glebius, melifaro
Differential Revision: https://reviews.freebsd.org/D38200

net: clean up empty lines in .c and .h files

[net80211] Add some more debugging during scanning

I'm trying to chase down more weird "I am not doing an incremental scan
when being asked" issues so these debugging statements help.
Notably, I've added more debugging around reasons why the scan is skipped -
eg because the cache is considered hot.

This should be a no-op unless you care about the debugging output!

[net80211] Fix interrupted scan logic and ticks comparison

The scan task refactoring stuff circa 2014-2016 broke the blocking task
into a taskqueue with some async bits, but it apparently broke scans
being interrupted by traffic.

Notably - the new "field" SCAN_PAUSE sets both SCAN_INTERRUPT and SCAN_CANCEL,
and a bunch of existing code was checking for SCAN_CANCEL only and breaking
the scan. Unfortunately it was then (a) cancelling the scan entirely and
(b) not notifying userland that scan was done.

So:
* Update the calls to scan_end() to only pass in 1 (saying the scan is complete)
if SCAN_CANCEL is set WITHOUT SCAN_INTERRUPT. If both are set then yes,
the scan is interrupted, but it isn't canceled - it's just paused.
* Update the "did the scan flags change whilst the driver was called" logic
to check for canceled scans, not interrupted scans.
* The "scan done" logic now explicitly checks for either interrupted or
completed scans. This accounts for the situation where a scan is being
aborted via traffic but it ALSO happens to have finished (ie the last
channel was checked.)

This doesn't ENTIRELY fix scanning as the resume function is broken
due to incorrect ticks math. Thus, the second half of this patch
changes the ieee80211_ticks_*() macros to use int instead of long,
matching the logic that the TCP code does with ticks and handles
wrapping / negative ticks values. If cast to long then the wrapping
math wouldn't work right (ie, if ticks was actually negative,
ie, after the system has been up for a while.)

This allows contbgscan() to correctly calculate if a scan should
continue based on ticks and ic->ic_lastdata .

Reviewed by: bz
Differential Revision: https://reviews.freebsd.org/D25031

[net80211] don't abort a background scan upon reception of a single packet.

Full offload drivers don't need this behaviour - they do it in firmware.

[net80211] Initial full-offload scan support.

This is a very simple addition to the net80211 scan support.

It doesn't implement a replacement scan interface - it just disables
the pieces that we should disable to make this lifecycle a bit
more managable.

There's more work to come before full scan offload support is available
but it should be good enough for driver work.

* add a flag to say "full offload"
* don't do probe requests when scanning full-offload - firmware can do that
* don't do powersave transitions and buffering - firmware can do that

tested:

* iwm(4) - STA mode
* ath10k port (local, not in freebsd-head yet)

Reviewed by: avos
Differential Revision: https://reviews.freebsd.org/D8262

net80211: do not cancel scan when packet is sent.

Restore pre-r300383 behavior when a frame is sent:
- stop scan;
- send frame;
- when beacon arrives and our bit in TIM is not set - restart the scan.

NOTE:
Ideally, this should introduce new interface (ieee80211_pause_anyscan());
however, since ieee80211_cancel_anyscan() is not used by drivers and only
called by ieee80211_start_pkt() the current patch overrides it's behavior
instead.

Tested with Intel 3945BG, STA mode

Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D7979

net80211: send RTM_IEEE80211_SCAN event when scan was cancelled.

wpa_supplicant(8) expects to see 'scan complete' event after every
scan command; in case, when event is not sent it will hang for
indefinite time.

PR: 209198

net80211: drop some unused variables / local macros

Most of them left after some commits (r178354, r191544, r287197 etc.);
some were never used.

Found by: Clang Static Analyzer

sys/net*: minor spelling fixes.

No functional change.

net80211: refresh comments for ieee80211_scan_next() and
ieee80211_scan_done().

Refresh comments that reference scan_next() method
(does not exist since r191746) + fix spelling of 'current'.

Differential Revision: https://reviews.freebsd.org/D5137

net80211: do not reschedule scan_curchan_task() if the scan was canceled.

This should fix possible use-after-free in the scheduled task.

PR: 208605

[net80211] migrate the time_* macros to ieee80211_* namespace.

It turns out that these will clash very annoyingly with the linux
macros in the linuxkpi layer, so let the wookie^Wlinux win.

The only user that I can find is ath(4), so fix it there too.

Fix !IEEE80211_DEBUG build.

net80211: cleanup ieee80211_scan_sw.c

Make it look more consistently.
No functional changes.

Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D5152

net80211: refactor scan_signal()

- Pass scan state and additional internal flags as a parameters.
- Add locked version.

Tested with:
* Intel 3945BG, STA mode.
* RTL8188EU, STA mode.

Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D5148

net80211: wakeup scan_start() task when null data frame was actually
transmitted

- Use M_TXCB mechanism to report about null data frame transmission.
- Increase timeout from 1 to 10 ms (the previous one may be not enough
for non-empty queue).

Tested with:
* Intel 3945BG, STA mode.
* RTL8188CUS, STA mode.

Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D5147

net80211: split scan_task() (#3) (into scan_start() and
scan_curchan_task() functions)

(This part should fix the problem, described in
https://lists.freebsd.org/pipermail/freebsd-wireless/2016-January/006420.html)

- Rename ss_scan_task into ss_scan_start (better describes it's
current purpose)
- Utilize taskqueue_*_timeout() functions instead of current mechanism:
* reschedule scan_curchan_task() via taskqueue_enqueue_timeout()
for every 'maxdwell' msecs (will replace infinite loop + sleeping
for 'maxdwell' period via cv_wait());
* rerun the task immediately when an external event occurs
(instead of waking it up via cv_signal())

Also, use mtx_sleep() to wait for null frame transmission
(allows to drop conditional variable).

Tested with:
* Intel 3945BG, STA mode;
* RTL8188EU, STA mode.

Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D5145

net80211: split scan_task() (#2) (add scan_end() function)

Tested with:
* Intel 3945BG, STA mode.
* RTL8188EU, IBSS mode.

Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D5143

net80211: split scan_task() (#1) (replace 'done' label with scan_done()
function)

Tested with:
* Intel 3945BG, STA mode.
* RTL8188EU, IBSS mode.

Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D5142

net80211: utilize ss_scanend variable from scan_state structure

Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D5140

net80211: reduce code verbosity in scan_task() (ieee80211_scan_sw.c)

Add local *ss_priv variable (no functional changes)

Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D5139

net80211: reduce code duplication between ieee80211_swscan_cancel_scan()
and ieee80211_swscan_cancel_anyscan()

Tested with:
* Intel 3945BG, STA mode.
* RTL8188EU, HOSTAP mode.

Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D5133

These files were getting sys/malloc.h and vm/uma.h with header pollution
via sys/mbuf.h

[net80211] fix duration field; it's unsigned, but not long.

Submitted by: Imre Vadasz <imre@vdsz.com>
Obtained from: DragonflyBSD

[net80211] document the (not completely complete) set of places where
we're assuming hz=1000 and not gracefully handling when it isn't.

The math involved will return 0 for hz < 1000, which it is on some
platforms and on DragonflyBSD.

This doesn't fix it, it:

* converts one manual use over to use the macro, and
* comments where it needs some thought/fixing.

I'll think about this a bit more before fixing it.

Submitted by: imre@vdsz.com

Break out the current 802.11 software scan methods into an indirect table.

In order for drivers to provide an alternate set of scan methods,
these have to finally use an indirection table and all of the calls
in ieee80211_scan.c need to use said table.

For all existing drivers - this is basically a glorified, KBI-breaking
functional no-op.

This is also not the final form - too much functionality is currently
hiding in ieee80211_scan_sw.c that should be in ieee80211_scan.c.
That'll be the target of some follow-up commits.

Note:

* You have to recompile your kernel/drivers after this - the net80211 KBI has
changed.
* I'm not yet planning on bumping any versioning - I have a few more things
to shuffle around.

Tested:

* urtwn(4) - STA mode
* Intel 7260 in local repo - overriding the methods and table at
attach time has the desired effect (ie, all the methods are called,
but nothing is ever performed.)

Remove the start-scan call and re-inline it for now.

Convert malloc/free back to #define's, as part of OS portability work.

DragonflyBSD uses the FreeBSD wireless stack and drivers. Their malloc()
API is named differently, so they don't have userland/kernel symbol
clashes like we do (think libuinet.)

So, to make it easier for them and to port to other BSDs/other operating
systems, start hiding the malloc specific bits behind defines in
ieee80211_freebsd.h.

DragonflyBSD can now put these portability defines in their local
ieee80211_dragonflybsd.h.

This should be a great big no-op for everyone running wifi.

TODO:

* kill M_WAITOK - some platforms just don't want you to use it
* .. and/or handle it returning NULL rather than waiting forever.
* MALLOC_DEFINE() ?
* Migrate the well-known malloc names (eg M_TEMP) to net80211
namespace defines.

Prepare for supporting driver-overridden curchan when submitting scan
results.

Right now the scan infrastructure assumes the channel is under net80211
control, and that when receiving beacon frames for scanning, the
current channel is indeed what ic_curchan is set to.

But firmware NICs with firmware scan support need more than this -
they can do background scans whilst hiding the off-channel behaviour
from net80211. Ie, net80211 still thinks everything is associated
and on the main channel, but it's getting scan results from all the
background traffic.

However sta_add() pays attention to ic_curchan and discards scan
results that aren't on the right channel. CCK beacon frames can be
decoded from adjacent channels so the receive path and sta_add
discard these as appropriate. This is fine for software scanning
like for ath(4), but not for firmware NICs. So with those, the
whole concept of background firmware scanning won't work without
major hacks (eg, overriding ic_curchan before calling the beacon
input / scan add.)

As part of my scan overhaul, modify sta_add() and the scan_add()
APIs to take an explicit current channel. The normal RX path
will set it to ic_curchan so it's a no-op. However, drivers may
decide to (eventually!) override the scan method to set the
"right" current channel based on what the firmware reports the
scan state is.

So for example, iwn, rsu and other NICs will eventually do this:

* driver issues scan start firmware command;
* firmware sends a "scan start on channel X" notify;
* firmware sends a bunch of beacon RX's as part of
the scan results;
* .. and the driver will replace scan_add() curchan with channel X,
so scan results are correct.
* firmware sends a "scan start on channel Y" notify;
* firmware sends more beacons...
* .. the driver replaces scan_add() curchan with channel Y.

Note:

* Eventually, net80211 should eventually grow the idea of a per-packet
current channel. It's possible in various modes (eg WAVE, P2P, etc)
that individual frames can come in from different channels and that
is under firmware control rather than driver/net80211 control, so
we should support that.

Turn ieee80211_start_scan_locked() into a swscan module private method.

It turns out that ieee80211_start_scan_locked() is only ever called by
the swscan code and it won't likely be required by firmware scanning
implementations.

So, don't bother keeping it in ieee80211_scan.c and it likely won't
become an API call.

Tested:

* Intel 5100, STA mode
* AR5416, STA mode

Global-ify channel_type() - this fixes non-debug net80211 builds.

Refactor and split out the net80211 software scan engine from the rest
of the scan API.

The eventual aim is to have 'ieee80211_scan.c' have the net80211 and
driver facing scan API to start, finish and continue doing scanning
while 'ieee80211_swscan.c' implements the software scanner that
runs the scan task, handles probe request/reply bits, configures
the VAP off-channel, changes channel and does the scanning bits.

For NICs that do no scanning at all, the existing code is needed.
ath(4) and most of the other NICs (dumb USB ones in particular)
do little to no scan offload - it's all done in software.

Some NICs may do single channel at a time scanning; I haven't really
checked them out in detail.

iwn(4), the upcoming 7260 driver stuff, the new Qualcomm Atheros
11ac chipsets and the Atheros mobile/USB full-offload chips all
have complete scan engines in firmware. We don't have to drive
any of it at all - the firmware just needs to be told what to scan,
when to scan, how long to scan. It'll take care of going off
channel, pausing TX/RX appropriately, sending sleep notification
to the AP, sending probe requests and handling probe responses.
It'll do passive/active scan itself. It's almost completely
transparent to the network stack - all we see are scan notifications
when it finishes scanning each channel and beacons/probe responses
when it does its thing. Once it's done we get a final notification
that the scan is complete, with some scan results in the message.
The iwn(4) NICs handle doing active scanning too as an option
and will handle waiting appropriately on 5GHz passive channels
before active scanning.

There's some more refactoring, tidying up and lock assertions to
sprinkle around to tidy this whole thing up before I turn swscan.c
into another set of ic methods to override by the driver or
alternate scan module. So in theory this is all one big no-op
commit. In theory.

Tested:

* iwn(4) 5200, STA mode
* ath(4) 6205, STA mode
* ath(4) - various NICs, AP mode