Android Kernel, WiFi scan syscall

Question

I'm working on android kernel (jelly bean).

I've focused on the /net/mac80211/scan.c module and on the scan behavior, to understand how the PS_mode exactly works. Anyway I can't find any syscall calling the ieee80211_scan_work function (where the ieee80211_start_scan() func is called) of the kernel on a higher level.

I'm wondering if this function is even called by the API, does anyone know it, and if it does, which syscall is rised?

Answer 1

See my response here to get a general overview of mac80211: How to learn the structure of Linux wireless drivers (mac80211)?

The interface from userspace isn't based on syscalls but uses the netlink API. Scanning is done by sending a NL80211_CMD_TRIGGER_SCAN command. After you get a NL80211_CMD_NEW_SCAN_RESULTS event that scanning was finished, you issue a NL80211_CMD_GET_SCAN to get the scan results. To see examples of this look at wpa_supplicant code.

You can't see anyone calling ieee80211_scan_work because it's a workqueue handler. If you're not familiar with workqueue you can pick up a kernel book which explain them. This work gets initialized in ieee80211_alloc_hw() as the handler of local->scan_work.

The code which "gets this running" is in ieee80211_start_sw_scan() which actually queues scan_work. Note that scan_work is only used in SW scan which means that mac80211 manages the scan (ie it keeps a timer to switch channels and calls the lower HW driver to set the HW to the specific channel). This is used only depending on your HW capabilities. For some hardwares the scan is done completely by the HW driver or even in firmware. If your HW driver implements a HW scan it will implement the hw_scan mac80211 callback.