WRT AC series: What information elements are used for 802.11k - RRM?

I know this isn't the best place to ask this, but mwlwifi is not an upstream driver and the driver developer has basically abandoned it and no datasheets are available.

I managed to see that the 88W8864 is able to support 802.11k by editing:
core.h
debugfs.c and
hif/fwcmd.c

Wireshark frames now show 802.11k support, whereas before, the tag 'RM Enabled Capabilities' did not exist:

Screen Shot 2019-11-05 at 17.06.39.png1920×604 88 KB

In the vif DebugFS file, it shows up as RRM (as coded in the DebugFS edit):

root@OpenWrt:~# cat /sys/kernel/debug/ieee80211/phy0/mwlwifi/vif

macid: 0
type: ap
ssid: 
mac address: 
channel: 100: width: 3
freq: 5500 freq1: 5530 freq2: 0
hw_crypto_enabled: true
key idx: 1
IV: 000000003544
WMM:
0x00 0x00 0x86 0xdd 0x60 0x01 0xb9 0xa4 
0x00 0x20 0x06 0x40 0xfd 0x0f 0x9f 0xd4 
0x96 0x05 0x00 0x00 0x18 0x09 0xbf 0xd0 
0x0d 0xb2 
RSN:
RSN48:
0xef 0x43 0x1a 0xbb 0xdc 0xdb 0x5c 0xe7 
0xad 0xcb 0xed 0xcc 0x8c 0xad 0xf9 0x51 
0x2f 0x42 0x42 0x15 0x2d 0xa5 0x24 0x2b 
0x9a 0x89 
MDE:
0xe4 0x5d 0xf7 0xd9 0x0f 
RRM:
0x2b 0xa4 0x68 0x71 0x0e 0xf5 0x52 
HT:
0x2d 0x1a 0x6f 0x00 0x17 0xff 0xff 0xff 
0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00 
0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00 
0x00 0x00 0x00 0x00 0x3d 0x16 0x64 0x05 
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
0x00 0x00 0x00 0x00 0x7f 0x08 0x04 0x00 
0x08 0x02 0x00 0x00 0x01 0x40 
VHT:
0xbf 0x0c 0x30 0x19 0x80 0x33 0xea 0xff 
0x00 0x00 0xea 0xff 0x00 0x00 0xc0 0x05 
0x01 0x6a 0x00 0xfc 0xff 

I was wondering, if anyone knows that anything else needs to be done...

Do I need to add and of these?
WLAN_EID_FAST_BSS_TRANSITION
WLAN_EID_MEASURE_REPORT
WLAN_EID_MEASURE_REQUEST

I know full well this is going to be trial and error to see what IEs get passed to the binary blob...

Right now, 802.11r and 802.11v seems supported out of the box in current mwlwifi master. I was wondering if any of these are also needed/may help the other protocols besides 802.11k...

Could u maybe share your code? Is this a softmac? Is 802.11k handled in mac80211 or cfg80211 or directly in the driver or worse is it in firmware?

This patch won't cleanly apply to mwlwifi master but here it is, based off of this commit:

From 0a9643468fadf00a69ef62dc5ab422b651ec8ffc Mon Sep 17 00:00:00 2001
Date: Tue, 5 Nov 2019 16:02:55 +0800
Subject: [PATCH] 802.11k RRM

---
 core.h      | 2 ++
 debugfs.c   | 2 ++
 hif/fwcmd.c | 8 ++++++++
 3 files changed, 12 insertions(+)

diff --git a/core.h b/core.h
index 072ecd2..2f1ddde 100644
--- a/core.h
+++ b/core.h
@@ -366,6 +366,7 @@ struct beacon_info {
 	u8 *ie_rsn48_ptr;
 	u8 *ie_mde_ptr;
+	u8 *ie_rrm_ptr;
 	u8 *ie_ht_ptr;
 	u8 *ie_vht_ptr;
 	u8 *ie_country_ptr;
@@ -378,6 +379,7 @@ struct beacon_info {
 	u8 ie_rsn48_len;
 	u8 ie_mde_len;
+	u8 ie_rrm_len;
 	u8 ie_ht_len;
 	u8 ie_vht_len;
 	u8 ie_country_len;
diff --git a/debugfs.c b/debugfs.c
index 786c1a8..ce6b646 100644
--- a/debugfs.c
+++ b/debugfs.c
@@ -517,6 +517,8 @@ static ssize_t mwl_debugfs_vif_read(struct file *file, char __user *ubuf,
 			  beacon_info->ie_mde_len, "MDE:");
+		dump_data(p, size, &len, beacon_info->ie_rrm_ptr,
+			  beacon_info->ie_rrm_len, "RRM:");
 		dump_data(p, size, &len, beacon_info->ie_ht_ptr,
 			  beacon_info->ie_ht_len, "HT:");
 		dump_data(p, size, &len, beacon_info->ie_vht_ptr,
diff --git a/hif/fwcmd.c b/hif/fwcmd.c
index 02c7701..d24a6d3 100644
--- a/hif/fwcmd.c
+++ b/hif/fwcmd.c
@@ -492,6 +492,10 @@ static void mwl_fwcmd_parse_beacon(struct mwl_priv *priv,
+		case WLAN_EID_RRM_ENABLED_CAPABILITIES:
+			beacon_info->ie_rrm_len = (elen + 2);
+			beacon_info->ie_rrm_ptr = (pos - 2);
+			break;
 		case WLAN_EID_HT_CAPABILITY:
 		case WLAN_EID_HT_OPERATION:
 		case WLAN_EID_OVERLAP_BSS_SCAN_PARAM:
@@ -622,6 +626,10 @@ static int mwl_fwcmd_set_ies(struct mwl_priv *priv, struct mwl_vif *mwl_vif)
 
+	memcpy(pcmd->ie_list_proprietary + ie_list_len_proprietary,
+	       beacon->ie_rrm_ptr, beacon->ie_rrm_len);
+	ie_list_len_proprietary += mwl_vif->beacon_info.ie_rrm_len;
+
 	pcmd->ie_list_len_proprietary = cpu_to_le16(ie_list_len_proprietary);
 
 	if (mwl_hif_exec_cmd(priv->hw, HOSTCMD_CMD_SET_IES)) {

It's softmac/thinmac, but it parses all IEs before sending it out. Datasheets are unavailable so I don't know if it even supports 802.11kv (it does support 802.11r though).

Firmware. Everything seems to be passed to the firmware. It seems to be based off of mwifiex.

Just to be sure: Did u enabled 802.11k support in hostapd configuration?
https://patchwork.ozlabs.org/patch/1187696/

Yep, running of off master.

Using this guys' script to collect the neighbours.

Sry, right now I do not have the time to look at this.
Somewhere must be the 802.11k functionality implemented. If it is in firmware, it would be very bad, as I would guess that the firmware is not open code? :S
Just looked in the kernel and searched for neighbor and the only thing I found was the ath6kl (and this is full mac driver...)

I need to understand, where the logic from 802.11k is happening. There the received neighbor report frames are handled... Maybe u should contact the developer again or ask on hostapd mailing list or the other wireless malinglists. Or on the mac80211 mailing list.

Did u looked with monitor interface at the 802.11 frames and searched, if a neighbor report is exchanged?

I hope someone else in the forum can help you.