WLAN services

Revision as of 17:26, 7 June 2022 by Hexkyz (talk | contribs)

wlan:inf

This is "nn::wlan::detail::IInfraManager".

Cmd Name
0 #OpenMode
1 #CloseMode
2 #GetMacAddress
3 #StartScan
4 #StopScan
5 #Connect
6 #CancelConnect
7 #Disconnect
8 #GetSystemEvent
9 #GetConnectionStatus
10 #GetState
11 #GetScanResult
12 #GetRssi
13 #ChangeRxAntenna
14 #GetFwVersion
15 #RequestSleep
16 #RequestWakeUp
17 #ConnectWithWps
18 [3.0.0+]
19 [3.0.0+]
20 [3.0.0+]
21 [3.0.0+]
22 [3.0.0+]
23 [3.0.0+]
24 [3.0.0+]
25 [3.0.0+]
26 [4.0.0+]
27 [4.0.0+]
28 [5.0.0+] #InitializeWlan
29 [7.0.0+] #FinalizeWlan
30 [8.0.0+] #SetWowlDelayedWakeTime
31 [11.0.0+]
32 [11.0.0+]
33 [11.0.0+]
34 [11.0.0+]
35 [11.0.0+]
36 [11.0.0+]
37 [11.0.0+]
38 [13.0.0+] #SetDfrts

[4.0.0+] Connect now takes an additional 4-bytes of input.

[5.0.0+] Cmd24 now returns a total of 0x58-bytes of output instead of 0x5C.

[7.0.0+] Input/output for cmds 27/28 were swapped, perhaps these cmds were swapped?

OpenMode

No input/output.

Sends command message 0x99 to the state machine.

This is used by nifm.

CloseMode

No input/output.

Sends command message 0x9A to the state machine.

This is used by nifm.

GetMacAddress

No input. Returns an output #MacAddress.

Sends command message 0x18 (GetMacAddress) to the state machine.

This is used by nifm.

StartScan

Takes a type-0x15 input buffer buffer containing a #ScanRequest. No output.

Sends command messages 0xA (SetWlanInterfaceUpDown) and 0x14 (ScanRequest) to the state machine.

This is used by nifm.

StopScan

No input/output.

Sends command message 0x16 (CancelScan) to the state machine.

This is used by nifm.

Connect

Takes an input #ConnectParam. No output.

Sends command messages 0xA (SetWlanInterfaceUpDown), 0x11 (SetBeaconLostTimeout) and 0x20 (JoinNetworkSta) to the state machine.

This is used by nifm.

CancelConnect

No input/output.

Sends command message 0x23 (CancelJoinNetwork) to the state machine.

This is used by nifm.

Disconnect

No input/output.

Sends command message 0x24 (DisconnectRequest) to the state machine.

This is used by nifm.

GetSystemEvent

Takes an input u32 SystemEventType. Returns an output Event handle.

This is used by nifm.

GetConnectionStatus

No input. Returns an output #ConnectionStatus.

Sends command message 0x80 (GetState) to the state machine, to check current state. Then this copies data from state to output (unrelated to message 0x80).

This is used by nifm.

GetState

No input. Returns an output #State.

Sends command message 0x80 (GetState) to the state machine.

This is used by nifm.

GetScanResult

Takes a type-0x6 output buffer containing a #ScanResult. No output.

Sends command message 0x15 (BssInfoListGet) to the state machine.

This is used by nifm.

GetRssi

No input. Returns an output u32 Rssi.

Sends command message 0x2E (GetRssi) to the state machine.

This is used by nifm.

ChangeRxAntenna

Takes an input u32. No output.

Sends command message 0x30 (SetRxChain) to the state machine.

The input value must be 1-3.

The message handler calls two vfuncs. The first vfunc uses the input u32 directly to configure "rxchain". The second vfunc configures "btc_params" with data determined using the input value.

This is not used on retail.

GetFwVersion

Takes a type-0xA output buffer containing a #FwVersion. No output.

Sends command message 0x33 (GetFwVersion) to the state machine. The handler validates state, then gets the value for config "ver".

This is not used on retail.

RequestSleep

No input/output.

Sends command messages 0x24 (DisconnectRequest), 0x34 (RequestSleep), 0x3D and 0x3E to the state machine.

This is used by nifm.

RequestWakeUp

No input/output.

Sends command messages 0x1 (InitalizeWlanDriver), 0x24 (DisconnectRequest), 0x35 (RequestWakeUp), 0x3E, 0x80 (GetState) and 0x81 (GetStateBeforeSleep) to the state machine.

First message GetState is sent, returning 0 if state is 0xC, or throwing error if it isn't 0xA. Then message RequestWakeUp is sent, if successful then message 0x3E is sent and 0 is returned.

If RequestWakeUp fails it will immediately return the Result, unless the Result is one of the following:

  • 0xE86B (normal non-wowl codepath was previously used during RequestSleep): Sends message InitalizeWlanDriver, returning a Result on failure. Then message GetStateBeforeSleep is sent. If the output state is 0x1, it returns 0. If not 0x2 or the second output field is non-zero, it will Abort. Uses GetState to verify the state is valid, returning the Result from that on failure. Otherwise this will return the Result from sending command request 0x99 with param=0.
  • 0xE66B: Sends message 0x3E. Uses GetState to verify the state is valid, when valid then message DisconnectRequest is sent. If state-validation/DisconnectRequest failed this will Abort, otherwise this then returns 0.

This is used by nifm.

ConnectWithWps

Takes a type-0x9 input buffer containing a #WpsPin and two input u32s WpsMethod and BeaconLostTimeout. No output.

Sends command messages 0xA (SetWlanInterfaceUpDown), 0x11 (SetBeaconLostTimeout) and 0x21 (JoinNetworkStaWithWps) to the state machine.

This is not used on retail.

Cmd18

No input, returns an output u32.

Sends command message 0x80 (GetState) to the state machine, to check current state. Sends command message 0x36 to the state machine to get a value from state, which is then passed to a vfunc call. That func checks bits in the input to determine what value to return, which is then written to the output u32.

This is not used on retail.

Cmd19

Takes an input #MacAddress, three input u16s SrcPort, DstPort and Unk0, and three input u32s SrcIp, DstIp and Unk1. No output.

This copies the input data into state, and sets a flag in state. The input is written into state with the following structure: #MacAddress, SrcIp, DstIp, SrcPort, DstPort, Unk1, Unk0.

This data is used during RequestSleep if a state field is set for using it (the codepath using this will throw an error if this data was not set). This data is cleared afterwards regardless of whether it was used. This is used for configuring various config related to wowl/tcpka/etc (wake-on-WLAN/TCP keep-alive). Note that an error is thrown if "wowl_activate" isn't set but sysmodule-side doesn't do so - this seems to be set automatically at some point.

This is used by nifm.

Cmd20

No input/output.

This clears the state set by #Cmd19.

This is not used on retail.

Cmd21

No input, returns an output u32.

Same as #Cmd18 except the value from the request is returned directly, without calling the vfunc.

This is not used on retail.

Cmd22

Takes an input u32, no output.

Same as #Cmd21 except this uses message 0x37 with the input u32. This is handled by writing the u32 into a global field (default value is 0xBC), which is used during configuration for "wowl".

This is not used on retail.

Cmd23

Takes an input u32, no output.

Sends command message 0x38 to the state machine. This is handled by writing the input value into a global flags field. The default value is 0x3 (all flag bits set). These flag bits are checked during the RequestSleep code handling the state for #Cmd19.

This is not used on retail.

Cmd24

No input, returns a 0x20-byte struct and a 0x38-byte struct.

Sends command message 0x39 to the state machine, with 0x20-bytes from the output being copied to the first output struct. Sends command message 0x3A to the state machine, with 0x38-bytes from the output being copied to the second output struct.

These requests get data from state.

This is not used on retail.

Cmd25

Takes two input bools, no output.

When the first bool flag is set, sends command message 0x3B to the state machine. When the second bool flag is set, sends command message 0x3C to the state machine. Then 0 is returned.

Both requests are handled by clearing various data in state.

This is not used on retail.

Cmd26

No input/output.

This sends a request which sets a global flag.

This flag is eventually checked by code which runs via RequestSleep, and in one case with wlan:dtc cmd19 (also used by requests done by nnMain/RequestWakeUp).

This is not used on retail.

Cmd27

Takes a type-0xA output buffer containing an array of 2-byte entries, returns an output u32 total_out.

This memcpys data from state into the output buffer, clamped to a maximum of 0x40 entries (nifm hard-codes the count to 0x26).

This is used by nifm.

InitializeWlan

No input/output.

Sends command message 0x1 (InitalizeWlanDriver) to the state machine.

This is not used on retail.

FinalizeWlan

No input/output.

Sends command message 0x2 (FinalizeWlanDriver) to the state machine.

This is not used on retail.

SetWowlDelayedWakeTime

Unofficial name.

Takes an input s32 WowlDelayedWakeTime. No output.

WowlDelayedWakeTime must be <=0xE10 (3600) and >= -1. This value is written into state, then this returns 0.

The user-process code using this cmd also has the above bounds check.

This is used by wlan during RequestSleep from the same code using the state set by #Cmd19.

This cmd is used by nifm with a value from state, prior to using RequestSleep.

Cmd31

No input/output.

Stubbed, just returns an error.

This is not used on retail.

Cmd32

No input/output.

Stubbed, just returns an error.

This is not used on retail.

Cmd33

Takes an input #MacAddress and a type-0x5 input buffer, no output.

Stubbed, just returns an error.

This is not used on retail.

Cmd34

Takes a type-0x6 output buffer and returns a total of 0x10-bytes.

Stubbed, just returns an error.

This is not used on retail.

Cmd35

No input/output.

Stubbed, just returns an error.

This is not used on retail.

Cmd36

Takes two input u64s, no output.

Stubbed, just returns an error.

This is not used on retail.

Cmd37

Takes an input u32, no output.

Stubbed, just returns an error.

This is not used on retail.

SetDfrts

Unofficial name.

Takes an input u32 Mode. No output.

Mode must be 0 or 1.

Sends command message 0x32 to the state machine.

The state machine then handles this by issuing the WLC_SET_VAR ioctl for the "pm2_sleep_ret_ext" variable. Mode is used to select between 2 sets of hardcoded parameters as follows:

 struct wl_pm2_sleep_ret_ext {
   u8 logic;
   u8 PAD;
   u16 low_ms;
   u16 high_ms;
   u16 rx_pkts_threshold;
   u16 tx_pkts_threshold;
   u16 txrx_pkts_threshold;
   u32 rx_bytes_threshold;
   u32 tx_bytes_threshold;
   u32 txrx_bytes_threshold;
 };
 
 wl_pm2_sleep_ret_ext args = {0};
 
 if (mode == 0) {
   args.logic = 2;
   args.low_ms = 2000;
   args.high_ms = 5000;
   args.rx_pkts_threshold = 10;
 } else if (mode == 1) {
   args.logic = 2;
   args.low_ms = 200;
   args.high_ms = 800;
   args.rx_pkts_threshold = 10;
 }

Afterwards, the WLC_SET_PM ioctl is issued with the argument value 2 (PM2).

This is used by nifm.

wlan:lcl

This is "nn::wlan::detail::ILocalManager".

Cmd Name
0 OpenMasterMode
1 CloseMasterMode
2 OpenClientMode
3 CloseClientMode
4 OpenSpectatorMode
5 CloseSpectatorMode
6 GetMacAddress
7 CreateBss
8 DestroyBss
9 StartScan
10 StopScan
11 Connect
12 CancelConnect
13 Join
14 CancelJoin
15 Disconnect
16 SetBeaconLostCount
17 GetSystemEvent
18 GetConnectionStatus
19 GetClientStatus
20 GetBssIndicationEvent
21 GetBssIndicationInfo
22 GetState
23 GetAllowedChannels
24 AddIe
25 DeleteIe
26 PutFrameRaw
27 CancelGetFrame
28 CreateRxEntry
29 DeleteRxEntry
30 AddEthertypeToRxEntry
31 DeleteEthertypeFromRxEntry
32 AddMatchingDataToRxEntry
33 RemoveMatchingDataFromRxEntry
34 GetScanResult
35 PutActionFrameOneShot
36 SetActionFrameWithBeacon
37 CancelActionFrameWithBeacon
38 CreateRxEntryForActionFrame
39 DeleteRxEntryForActionFrame
40 AddSubtypeToRxEntryForActionFrame
41 DeleteSubtypeFromRxEntryForActionFrame
42 CancelGetActionFrame
43 GetRssi
44 SetMaxAssociationNumber
45 [4.0.0+]
46 [4.0.0+]
47 [4.0.0+]
48 [10.0.0+] ([4.0.0-8.1.0])
49 [6.0.0-8.1.0]
50 [6.0.0-8.1.0]
51 [8.0.0-8.1.0]
52 [8.0.0-8.1.0]
49 [13.0.0+]
50 [13.0.0+]
51 [13.0.0+]

[4.0.0+] CreateBss, Connect, and Join now takes an additional 4-bytes of input.

[5.0.0+] GetAllowedChannels now returns a total of 4-bytes of output instead of 0x50, and now takes a type-0xA output buffer.

[9.0.0+] Almost all cmds had input/output changed / cmds moved around (?).

[10.0.0+] Cmd46 now takes a total of 1-byte of input instead of 6-bytes, while cmd47 now takes a total of 6-bytes of input instead of 1-byte.

wlan:lg

This is "nn::wlan::detail::ILocalGetFrame".

Cmd Name
0 GetFrameRaw

wlan:lga

This is "nn::wlan::detail::ILocalGetActionFrame".

Cmd Name
0 GetActionFrame

[5.0.0+] Cmd0 now takes an additional 4-bytes of input, and returns an additional 4-bytes of output.

wlan:sg

This is "nn::wlan::detail::ISocketGetFrame".

Cmd Name
0 GetFrameRaw

wlan:soc

This is "nn::wlan::detail::ISocketManager".

Cmd Name
0 PutFrameRaw
1 CancelGetFrame
2 CreateRxEntry
3 DeleteRxEntry
4 AddEthertypeToRxEntry
5 DeleteEthertypeFromRxEntry
6 GetMacAddress
7 SwitchTsfTimerFunction
8 GetDeltaTimeBetweenSystemAndTsf
9 RegisterSharedMemory
10 UnregisterSharedMemory
11 EnableSharedMemory
12 [6.0.0+] #SetMulticastList

SetMulticastList

Unofficial name.

Takes an input #MulticastList. No output.

wlan:dtc

This is "nn::wlan::detail::IDetectManager".

This was added with [6.0.0+].

Cmd Name
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

[7.0.0+] Cmd14 now takes an input u8.

Ssid

This is "nn::wlan::Ssid". This is a 0x22-byte struct.

Offset Size Description
0x0 0x1 Length
0x1 0x20 Ssid
0x21 0x1 Reserved

MacAddress

This is a 0x6-byte struct with 1-byte alignment.

ConnectParam

This is a 0x80-byte struct.

Offset Size Description
0x0 0x22 Ssid
0x22 0x6 Bssid
0x28 0x1
0x29 0x1 Reserved
0x2A 0x2 Channel
0x2C 0x4 PrivacyMode
0x30 0x4 GroupPrivacyMode
0x34 0x4 KeyIdx
0x38 0x40 SecurityKey
0x78 0x4 Reserved
0x7C 0x4 BeaconLostTimeout

ConnectionStatus

This is a 0x3C-byte struct.

Offset Size Description
0x0 0x4 ConnectionState
0x4 0x4
0x8 0x2 Channel
0xA 0x6 Bssid
0x10 0x22 Ssid
0x32 0x2
0x34 0x2
0x36 0x2
0x38 0x2
0x3A 0x2 Reserved

ScanRequest

This is a 0x1B8-byte struct.

Offset Size Description
0x0 0x4 ScanType
0x4 0x2 * 38
0x50 0x1
0x51 0x3 Reserved
0x54 0x4 ChannelScanTime
0x58 0x4 HomeChannelTime
0x5C 0x22 * 10 Array of Ssid
0x1B0 0x1 SsidCount
0x1B1 0x6 Bssid
0x1B7 0x1 Reserved

ScanResult

Offset Size Description
0x0 0x4 ScanBufferCapacity
0x4 0x4 BssInfoSize
0x8 0x4 BssInfoCount
0xC Variable Array of #BssInfo

BssInfo

This is a 0x58-byte struct.

ConnectionState

This is "nn::wlan::ConnectionState".

Value Description
0 None
1 Idle
2 Connected
3 Scanning
4 Connecting
5 CancelingScan
6 Disconnecting

State

Value Description
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

WpsPin

This is a 0x8-byte string.

MulticastList

This is a 0x31-byte struct.

Offset Size Description
0x0 0x1 Count
0x1 0x30 Array of #MacAddress

FwVersion

This is a 0x100-byte string.

System Version Firmware String
[1.0.0] 4356a3-roml/pcie-ag-msgbuf-splitrx-pktctx-keepalive-sr-proptxstatus-ampduhostreorder-dlystat-rxdesens-ntdds3-btcdyn-trfmgmt-pspretend-btafh-pktfilter-wowlpf-aoe Version: 7.35.252.58 CRC: f592f3bf Date: Tue 2016-10-04 23:54:54 PDT Ucode Ver: 1020.221 FWID: 01-5ec2fbfd
[2.0.0-2.2.0] 4356a3-roml/pcie-ag-msgbuf-splitrx-pktctx-keepalive-sr-proptxstatus-ampduhostreorder-dlystat-rxdesens-ntdds3-btcdyn-trfmgmt-pspretend-btafh-pktfilter-wowlpf-gtkoe-aoe Version: 7.35.64.1 CRC: 301f7804 Date: Fri 2017-02-17 01:03:01 PST Ucode Ver: 1020.223 FWID: 01-82d1f902
[3.0.0-3.0.2] 4356a3-roml/pcie-ag-msgbuf-splitrx-pktctx-keepalive-sr-proptxstatus-ampduhostreorder-dlystat-rxdesens-ntdds3-btcdyn-trfmgmt-pspretend-btafh-pktfilter-wowlpf-gtkoe-aoe-tcpkaoe Version: 7.35.252.70 CRC: f3b554fd Date: Thu 2017-05-04 19:04:04 PDT Ucode Ver: 1020.223 FWID: 01-5d27fda5
[4.0.0] 4356a3-roml/pcie-ag-msgbuf-splitrx-pktctx-keepalive-sr-proptxstatus-ampduhostreorder-dlystat-rxdesens-ntdds3-btcdyn-trfmgmt-pspretend-btafh-pktfilter-wowlpf-gtkoe-aoe-tcpkaoe Version: 7.35.252.75 (r666384) CRC: 58f59a6f Date: Wed 2017-08-16 22:27:11 PDT Ucode Ver: 1020.223
[5.0.0-5.1.0] 4356a3-roml/pcie-ag-msgbuf-splitrx-pktctx-keepalive-sr-proptxstatus-ampduhostreorder-dlystat-rxdesens-ntdds3-btcdyn-trfmgmt-pspretend-btafh-pktfilter-wowlpf-gtkoe-aoe-tcpkaoe Version: 7.78.1.1 (r683984) CRC: 6a10caf9 Date: Wed 2018-02-21 21:43:01 PST Ucode Ver: 1020.223 FWID 01-ae4e196d
[6.0.0-6.2.0] 4356a3-roml/pcie-ag-msgbuf-splitrx-pktctx-keepalive-sr-proptxstatus-ampduhostreorder-dlystat-rxdesens-clm_4356a3_ntd-ntdds3-btcdyn-trfmgmt-pspretend-btafh-pktfilter-wowlpf-gtkoe-aoe-tcpkaoe-aloe Version: 7.35.252.84 (r692035) CRC: 937bcfc9 Date: Tue 2018-06-19 19:36:54 PDT Ucode Ver: 1020.225 FWID 01-71fd007e
[7.0.0] 4356a3-roml/pcie-ag-msgbuf-splitrx-pktctx-keepalive-sr-proptxstatus-ampduhostreorder-dlystat-rxdesens-clm_4356a3_ntd-noclminc-ntdds3-btcdyn-trfmgmt-pspretend-btafh-pktfilter-wowlpf-gtkoe-aoe-tcpkaoe-aloe Version: 7.35.252.87 (r708450) CRC: 5f41af12 Date: Thu 2018-10-25 19:11:47 PDT Ucode Ver: 1020.226 FWID 01-377c0939
[8.0.0-8.1.0] 4356a3-roml/pcie-ag-msgbuf-splitrx-pktctx-keepalive-sr-proptxstatus-ampduhostreorder-dlystat-rxdesens-clm_4356a3_ntd-noclminc-ntdds3-btcdyn-trfmgmt-pspretend-btafh-pktfilter-wowlpf-gtkoe-aoe-tcpkaoe-aloe Version: 7.35.252.90 (r711053) CRC: 30dcf8a5 Date: Thu 2019-02-28 18:12:24 PST Ucode Ver: 1020.226 FWID 01-e691490c
[9.0.0-9.1.0] 4356a3-roml/pcie-ag-msgbuf-splitrx-pktctx-keepalive-sr-proptxstatus-ampduhostreorder-dlystat-rxdesens-clm_4356a3_ntd-noclminc-ntdds3-btcdyn-trfmgmt-pspretend-btafh-pktfilter-wowlpf-gtkoe-aoe-tcpkaoe-aloe Version: 7.35.252.93 (r717555) CRC: d8363dad Date: Mon 2019-07-01 23:43:14 PDT Ucode Ver: 1020.228 FWID 01-c90a462
[10.0.0-10.1.0] 4356a3-roml/pcie-ag-msgbuf-splitrx-pktctx-keepalive-sr-proptxstatus-ampduhostreorder-dlystat-rxdesens-clm_4356a3_ntd-noclminc-ntdds3-btcdyn-trfmgmt-pspretend-btafh-pktfilter-wowlpf-gtkoe-aoe-tcpkaoe-aloe Version: 7.35.252.96 (r723441) CRC: f6823c05 Date: Tue 2019-11-19 22:31:29 PST Ucode Ver: 1020.228 FWID 01-a1b7e0a4
[11.0.0] 4356a3-roml/pcie-ag-msgbuf-splitrx-pktctx-keepalive-sr-proptxstatus-ampduhostreorder-dlystat-rxdesens-clm_4356a3_ntd-noclminc-ntdds3-btcdyn-trfmgmt-pspretend-btafh-pktfilter-wowlpf-gtkoe-aoe-tcpkaoe-aloe Version: 7.35.252.99 (r725630) CRC: 320007b0 Date: Mon 2020-05-25 19:51:18 PDT Ucode Ver: 1020.228 FWID 01-822b442d
[12.0.0-13.0.0] 4356a3-roml/pcie-ag-msgbuf-splitrx-pktctx-keepalive-sr-proptxstatus-ampduhostreorder-dlystat-rxdesens-clm_4356a3_ntd-noclminc-ntdds3-btcdyn-trfmgmt-pspretend-btafh-pktfilter-wowlpf-gtkoe-aoe-tcpkaoe-aloe Version: 7.35.252.104 (r728022) CRC: f0b454ec Date: Wed 2021-02-24 04:39:25 PST Ucode Ver: 1020.228 FWID 01-fbba058
[14.0.0] 4356a3-roml/pcie-ag-msgbuf-splitrx-pktctx-keepalive-sr-proptxstatus-ampduhostreorder-dlystat-rxdesens-clm_4356a3_ntd-noclminc-ntdds3-btcdyn-trfmgmt-pspretend-btafh-pktfilter-wowlpf-gtkoe-aoe-tcpkaoe-aloe Version: 7.35.252.108 (c216b7c) CRC: 1be69227 Date: Sun 2021-08-29 19:24:39 PDT Ucode Ver: 1020.228 FWID 01-65333037
  • [2.0.0+] Besides the version update, added "gtkoe" to the string.
  • [3.0.0+] Besides the version update, added "tcpkaoe" to the string.
  • [6.0.0+] Besides the version update, added "clm_4356a3_ntd" to the string.
  • [7.0.0+] Besides the version update, added "noclminc" to the string.

Notes

Originally wlan-sysmodule had a func called from nnMain which (among other things) handled configuring GPIO WifiReset (uses commands SetDirection and SetValue with input value 1), when not disabled by a system-setting. This GPIO functionality was removed from wlan with [7.0.0+], it was redundant since pcie already had code handling that GPIO as well.