iwconfig is reporting an error after having called the kernel; the tool uses the following ioctl to set either the channel or frequency:
./include/uapi/linux/wireless.h:#define SIOCSIWFREQ 0x8B04 /* set channel/frequency (Hz) */
The driver:
https://wireless.wiki.kernel.org/en/users/Drivers/wcn36xx
For the extensions, the ioctl calls into net/wireless/wext-compat.c (function cfg80211_wext_siwfreq(…))
I did some debugging and the error comes from:
cfg80211_mgd_wext_siwfreq → cfg80211_set_monitor_channel-> cfg80211_has_monitors_only (returns EBUSY).
Unfortunately I am out of my depth on this (not sure what this check is doing and the implications of bypassing it). Having said that and just for a quick test, I commented out the error case:
int cfg80211_set_monitor_channel(struct cfg80211_registered_device *rdev,
struct cfg80211_chan_def chandef)
{
if (!rdev->ops->set_monitor_channel)
return -EOPNOTSUPP;
if (!cfg80211_has_monitors_only(rdev)) {
printk(“cfg has monitors only\n”);
/ return -EBUSY; */
}
return rdev_set_monitor_channel(rdev, chandef);
}
The frequency can now be changed to any of the valid values defined in drivers/net/wireless/ath/wcn36xx/main.c:
/* The wcn firmware expects channel values to matching
* their mnemonic values. So use these for .hw_value. */
static struct ieee80211_channel wcn_2ghz_channels[] = {
CHAN2G(2412, 1), /* Channel 1 */
CHAN2G(2417, 2), /* Channel 2 */
CHAN2G(2422, 3), /* Channel 3 */
CHAN2G(2427, 4), /* Channel 4 */
CHAN2G(2432, 5), /* Channel 5 */
CHAN2G(2437, 6), /* Channel 6 */
CHAN2G(2442, 7), /* Channel 7 */
CHAN2G(2447, 8), /* Channel 8 */
CHAN2G(2452, 9), /* Channel 9 */
CHAN2G(2457, 10), /* Channel 10 */
CHAN2G(2462, 11), /* Channel 11 */
CHAN2G(2467, 12), /* Channel 12 */
CHAN2G(2472, 13), /* Channel 13 */
CHAN2G(2484, 14) /* Channel 14 */
};
For a test, I selected 2484GHz
dragonboard-410c:~# iwconfig wlan0 freq 2.484G
dragonboard-410c:~# iwconfig wlan0
wlan0 IEEE 802.11abgn ESSID:off/any
Mode:Managed Frequency:2.484 GHz Access Point: Not-Associated
Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
As I said, I dont know enough about the wireless framework to understand the implications of having hacked the kernel in this way.