search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use generic driver event notification for AP mode assoc/disassoc
[hostap-gosc2009.git] / src / drivers / driver_wext.c
blob210e29bcf180b0852155e99cb22f12769c2319c7
1 /*
2 * WPA Supplicant - driver interaction with generic Linux Wireless Extensions
3 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 *
14 * This file implements a driver interface for the Linux Wireless Extensions.
15 * When used with WE-18 or newer, this interface can be used as-is with number
16 * of drivers. In addition to this, some of the common functions in this file
17 * can be used by other driver interface implementations that use generic WE
18 * ioctls, but require private ioctls for some of the functionality.
19 */
20
21 #include "includes.h"
22 #include <sys/ioctl.h>
23 #include <net/if_arp.h>
24
25 #include "wireless_copy.h"
26 #include "common.h"
27 #include "eloop.h"
28 #include "common/ieee802_11_defs.h"
29 #include "common/wpa_common.h"
30 #include "priv_netlink.h"
31 #include "netlink.h"
32 #include "driver.h"
33 #include "driver_wext.h"
34
35
36 static int wpa_driver_wext_flush_pmkid(void *priv);
37 static int wpa_driver_wext_get_range(void *priv);
38 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv);
39 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv);
40 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg);
41
42
43 int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv,
44 int idx, u32 value)
45 {
46 struct iwreq iwr;
47 int ret = 0;
48
49 os_memset(&iwr, 0, sizeof(iwr));
50 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
51 iwr.u.param.flags = idx & IW_AUTH_INDEX;
52 iwr.u.param.value = value;
53
54 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
55 if (errno != EOPNOTSUPP) {
56 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
57 "value 0x%x) failed: %s)",
58 idx, value, strerror(errno));
59 }
60 ret = errno == EOPNOTSUPP ? -2 : -1;
61 }
62
63 return ret;
64 }
65
66
67 /**
68 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP
69 * @priv: Pointer to private wext data from wpa_driver_wext_init()
70 * @bssid: Buffer for BSSID
71 * Returns: 0 on success, -1 on failure
72 */
73 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid)
74 {
75 struct wpa_driver_wext_data *drv = priv;
76 struct iwreq iwr;
77 int ret = 0;
78
79 os_memset(&iwr, 0, sizeof(iwr));
80 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
81
82 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
83 perror("ioctl[SIOCGIWAP]");
84 ret = -1;
85 }
86 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
87
88 return ret;
89 }
90
91
92 /**
93 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP
94 * @priv: Pointer to private wext data from wpa_driver_wext_init()
95 * @bssid: BSSID
96 * Returns: 0 on success, -1 on failure
97 */
98 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid)
99 {
100 struct wpa_driver_wext_data *drv = priv;
101 struct iwreq iwr;
102 int ret = 0;
103
104 os_memset(&iwr, 0, sizeof(iwr));
105 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
106 iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
107 if (bssid)
108 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
109 else
110 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
111
112 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
113 perror("ioctl[SIOCSIWAP]");
114 ret = -1;
115 }
116
117 return ret;
118 }
119
120
121 /**
122 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID
123 * @priv: Pointer to private wext data from wpa_driver_wext_init()
124 * @ssid: Buffer for the SSID; must be at least 32 bytes long
125 * Returns: SSID length on success, -1 on failure
126 */
127 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid)
128 {
129 struct wpa_driver_wext_data *drv = priv;
130 struct iwreq iwr;
131 int ret = 0;
132
133 os_memset(&iwr, 0, sizeof(iwr));
134 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
135 iwr.u.essid.pointer = (caddr_t) ssid;
136 iwr.u.essid.length = 32;
137
138 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
139 perror("ioctl[SIOCGIWESSID]");
140 ret = -1;
141 } else {
142 ret = iwr.u.essid.length;
143 if (ret > 32)
144 ret = 32;
145 /* Some drivers include nul termination in the SSID, so let's
146 * remove it here before further processing. WE-21 changes this
147 * to explicitly require the length _not_ to include nul
148 * termination. */
149 if (ret > 0 && ssid[ret - 1] == '\0' &&
150 drv->we_version_compiled < 21)
151 ret--;
152 }
153
154 return ret;
155 }
156
157
158 /**
159 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID
160 * @priv: Pointer to private wext data from wpa_driver_wext_init()
161 * @ssid: SSID
162 * @ssid_len: Length of SSID (0..32)
163 * Returns: 0 on success, -1 on failure
164 */
165 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
166 {
167 struct wpa_driver_wext_data *drv = priv;
168 struct iwreq iwr;
169 int ret = 0;
170 char buf[33];
171
172 if (ssid_len > 32)
173 return -1;
174
175 os_memset(&iwr, 0, sizeof(iwr));
176 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
177 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */
178 iwr.u.essid.flags = (ssid_len != 0);
179 os_memset(buf, 0, sizeof(buf));
180 os_memcpy(buf, ssid, ssid_len);
181 iwr.u.essid.pointer = (caddr_t) buf;
182 if (drv->we_version_compiled < 21) {
183 /* For historic reasons, set SSID length to include one extra
184 * character, C string nul termination, even though SSID is
185 * really an octet string that should not be presented as a C
186 * string. Some Linux drivers decrement the length by one and
187 * can thus end up missing the last octet of the SSID if the
188 * length is not incremented here. WE-21 changes this to
189 * explicitly require the length _not_ to include nul
190 * termination. */
191 if (ssid_len)
192 ssid_len++;
193 }
194 iwr.u.essid.length = ssid_len;
195
196 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
197 perror("ioctl[SIOCSIWESSID]");
198 ret = -1;
199 }
200
201 return ret;
202 }
203
204
205 /**
206 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ
207 * @priv: Pointer to private wext data from wpa_driver_wext_init()
208 * @freq: Frequency in MHz
209 * Returns: 0 on success, -1 on failure
210 */
211 int wpa_driver_wext_set_freq(void *priv, int freq)
212 {
213 struct wpa_driver_wext_data *drv = priv;
214 struct iwreq iwr;
215 int ret = 0;
216
217 os_memset(&iwr, 0, sizeof(iwr));
218 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
219 iwr.u.freq.m = freq * 100000;
220 iwr.u.freq.e = 1;
221
222 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
223 perror("ioctl[SIOCSIWFREQ]");
224 ret = -1;
225 }
226
227 return ret;
228 }
229
230
231 static void
232 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
233 {
234 union wpa_event_data data;
235
236 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
237 custom);
238
239 os_memset(&data, 0, sizeof(data));
240 /* Host AP driver */
241 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
242 data.michael_mic_failure.unicast =
243 os_strstr(custom, " unicast ") != NULL;
244 /* TODO: parse parameters(?) */
245 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
246 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
247 char *spos;
248 int bytes;
249 u8 *req_ies = NULL, *resp_ies = NULL;
250
251 spos = custom + 17;
252
253 bytes = strspn(spos, "0123456789abcdefABCDEF");
254 if (!bytes || (bytes & 1))
255 return;
256 bytes /= 2;
257
258 req_ies = os_malloc(bytes);
259 if (req_ies == NULL)
260 return;
261 hexstr2bin(spos, req_ies, bytes);
262 data.assoc_info.req_ies = req_ies;
263 data.assoc_info.req_ies_len = bytes;
264
265 spos += bytes * 2;
266
267 data.assoc_info.resp_ies = NULL;
268 data.assoc_info.resp_ies_len = 0;
269
270 if (os_strncmp(spos, " RespIEs=", 9) == 0) {
271 spos += 9;
272
273 bytes = strspn(spos, "0123456789abcdefABCDEF");
274 if (!bytes || (bytes & 1))
275 goto done;
276 bytes /= 2;
277
278 resp_ies = os_malloc(bytes);
279 if (resp_ies == NULL)
280 goto done;
281 hexstr2bin(spos, resp_ies, bytes);
282 data.assoc_info.resp_ies = resp_ies;
283 data.assoc_info.resp_ies_len = bytes;
284 }
285
286 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
287
288 done:
289 os_free(resp_ies);
290 os_free(req_ies);
291 #ifdef CONFIG_PEERKEY
292 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
293 if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
294 wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
295 "STKSTART.request '%s'", custom + 17);
296 return;
297 }
298 wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
299 #endif /* CONFIG_PEERKEY */
300 }
301 }
302
303
304 static int wpa_driver_wext_event_wireless_michaelmicfailure(
305 void *ctx, const char *ev, size_t len)
306 {
307 const struct iw_michaelmicfailure *mic;
308 union wpa_event_data data;
309
310 if (len < sizeof(*mic))
311 return -1;
312
313 mic = (const struct iw_michaelmicfailure *) ev;
314
315 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
316 "flags=0x%x src_addr=" MACSTR, mic->flags,
317 MAC2STR(mic->src_addr.sa_data));
318
319 os_memset(&data, 0, sizeof(data));
320 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
321 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
322
323 return 0;
324 }
325
326
327 static int wpa_driver_wext_event_wireless_pmkidcand(
328 struct wpa_driver_wext_data *drv, const char *ev, size_t len)
329 {
330 const struct iw_pmkid_cand *cand;
331 union wpa_event_data data;
332 const u8 *addr;
333
334 if (len < sizeof(*cand))
335 return -1;
336
337 cand = (const struct iw_pmkid_cand *) ev;
338 addr = (const u8 *) cand->bssid.sa_data;
339
340 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
341 "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
342 cand->index, MAC2STR(addr));
343
344 os_memset(&data, 0, sizeof(data));
345 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
346 data.pmkid_candidate.index = cand->index;
347 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
348 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
349
350 return 0;
351 }
352
353
354 static int wpa_driver_wext_event_wireless_assocreqie(
355 struct wpa_driver_wext_data *drv, const char *ev, int len)
356 {
357 if (len < 0)
358 return -1;
359
360 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
361 len);
362 os_free(drv->assoc_req_ies);
363 drv->assoc_req_ies = os_malloc(len);
364 if (drv->assoc_req_ies == NULL) {
365 drv->assoc_req_ies_len = 0;
366 return -1;
367 }
368 os_memcpy(drv->assoc_req_ies, ev, len);
369 drv->assoc_req_ies_len = len;
370
371 return 0;
372 }
373
374
375 static int wpa_driver_wext_event_wireless_assocrespie(
376 struct wpa_driver_wext_data *drv, const char *ev, int len)
377 {
378 if (len < 0)
379 return -1;
380
381 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
382 len);
383 os_free(drv->assoc_resp_ies);
384 drv->assoc_resp_ies = os_malloc(len);
385 if (drv->assoc_resp_ies == NULL) {
386 drv->assoc_resp_ies_len = 0;
387 return -1;
388 }
389 os_memcpy(drv->assoc_resp_ies, ev, len);
390 drv->assoc_resp_ies_len = len;
391
392 return 0;
393 }
394
395
396 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv)
397 {
398 union wpa_event_data data;
399
400 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
401 return;
402
403 os_memset(&data, 0, sizeof(data));
404 if (drv->assoc_req_ies) {
405 data.assoc_info.req_ies = drv->assoc_req_ies;
406 data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
407 }
408 if (drv->assoc_resp_ies) {
409 data.assoc_info.resp_ies = drv->assoc_resp_ies;
410 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
411 }
412
413 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
414
415 os_free(drv->assoc_req_ies);
416 drv->assoc_req_ies = NULL;
417 os_free(drv->assoc_resp_ies);
418 drv->assoc_resp_ies = NULL;
419 }
420
421
422 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
423 char *data, int len)
424 {
425 struct iw_event iwe_buf, *iwe = &iwe_buf;
426 char *pos, *end, *custom, *buf;
427
428 pos = data;
429 end = data + len;
430
431 while (pos + IW_EV_LCP_LEN <= end) {
432 /* Event data may be unaligned, so make a local, aligned copy
433 * before processing. */
434 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
435 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
436 iwe->cmd, iwe->len);
437 if (iwe->len <= IW_EV_LCP_LEN)
438 return;
439
440 custom = pos + IW_EV_POINT_LEN;
441 if (drv->we_version_compiled > 18 &&
442 (iwe->cmd == IWEVMICHAELMICFAILURE ||
443 iwe->cmd == IWEVCUSTOM ||
444 iwe->cmd == IWEVASSOCREQIE ||
445 iwe->cmd == IWEVASSOCRESPIE ||
446 iwe->cmd == IWEVPMKIDCAND)) {
447 /* WE-19 removed the pointer from struct iw_point */
448 char *dpos = (char *) &iwe_buf.u.data.length;
449 int dlen = dpos - (char *) &iwe_buf;
450 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
451 sizeof(struct iw_event) - dlen);
452 } else {
453 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
454 custom += IW_EV_POINT_OFF;
455 }
456
457 switch (iwe->cmd) {
458 case SIOCGIWAP:
459 wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
460 MACSTR,
461 MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
462 if (is_zero_ether_addr(
463 (const u8 *) iwe->u.ap_addr.sa_data) ||
464 os_memcmp(iwe->u.ap_addr.sa_data,
465 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
466 0) {
467 os_free(drv->assoc_req_ies);
468 drv->assoc_req_ies = NULL;
469 os_free(drv->assoc_resp_ies);
470 drv->assoc_resp_ies = NULL;
471 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC,
472 NULL);
473
474 } else {
475 wpa_driver_wext_event_assoc_ies(drv);
476 wpa_supplicant_event(drv->ctx, EVENT_ASSOC,
477 NULL);
478 }
479 break;
480 case IWEVMICHAELMICFAILURE:
481 if (custom + iwe->u.data.length > end) {
482 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
483 "IWEVMICHAELMICFAILURE length");
484 return;
485 }
486 wpa_driver_wext_event_wireless_michaelmicfailure(
487 drv->ctx, custom, iwe->u.data.length);
488 break;
489 case IWEVCUSTOM:
490 if (custom + iwe->u.data.length > end) {
491 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
492 "IWEVCUSTOM length");
493 return;
494 }
495 buf = os_malloc(iwe->u.data.length + 1);
496 if (buf == NULL)
497 return;
498 os_memcpy(buf, custom, iwe->u.data.length);
499 buf[iwe->u.data.length] = '\0';
500 wpa_driver_wext_event_wireless_custom(drv->ctx, buf);
501 os_free(buf);
502 break;
503 case SIOCGIWSCAN:
504 drv->scan_complete_events = 1;
505 eloop_cancel_timeout(wpa_driver_wext_scan_timeout,
506 drv, drv->ctx);
507 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS,
508 NULL);
509 break;
510 case IWEVASSOCREQIE:
511 if (custom + iwe->u.data.length > end) {
512 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
513 "IWEVASSOCREQIE length");
514 return;
515 }
516 wpa_driver_wext_event_wireless_assocreqie(
517 drv, custom, iwe->u.data.length);
518 break;
519 case IWEVASSOCRESPIE:
520 if (custom + iwe->u.data.length > end) {
521 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
522 "IWEVASSOCRESPIE length");
523 return;
524 }
525 wpa_driver_wext_event_wireless_assocrespie(
526 drv, custom, iwe->u.data.length);
527 break;
528 case IWEVPMKIDCAND:
529 if (custom + iwe->u.data.length > end) {
530 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
531 "IWEVPMKIDCAND length");
532 return;
533 }
534 wpa_driver_wext_event_wireless_pmkidcand(
535 drv, custom, iwe->u.data.length);
536 break;
537 }
538
539 pos += iwe->len;
540 }
541 }
542
543
544 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv,
545 char *buf, size_t len, int del)
546 {
547 union wpa_event_data event;
548
549 os_memset(&event, 0, sizeof(event));
550 if (len > sizeof(event.interface_status.ifname))
551 len = sizeof(event.interface_status.ifname) - 1;
552 os_memcpy(event.interface_status.ifname, buf, len);
553 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
554 EVENT_INTERFACE_ADDED;
555
556 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
557 del ? "DEL" : "NEW",
558 event.interface_status.ifname,
559 del ? "removed" : "added");
560
561 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
562 if (del)
563 drv->if_removed = 1;
564 else
565 drv->if_removed = 0;
566 }
567
568 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
569 }
570
571
572 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv,
573 u8 *buf, size_t len)
574 {
575 int attrlen, rta_len;
576 struct rtattr *attr;
577
578 attrlen = len;
579 attr = (struct rtattr *) buf;
580
581 rta_len = RTA_ALIGN(sizeof(struct rtattr));
582 while (RTA_OK(attr, attrlen)) {
583 if (attr->rta_type == IFLA_IFNAME) {
584 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
585 == 0)
586 return 1;
587 else
588 break;
589 }
590 attr = RTA_NEXT(attr, attrlen);
591 }
592
593 return 0;
594 }
595
596
597 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv,
598 int ifindex, u8 *buf, size_t len)
599 {
600 if (drv->ifindex == ifindex || drv->ifindex2 == ifindex)
601 return 1;
602
603 if (drv->if_removed && wpa_driver_wext_own_ifname(drv, buf, len)) {
604 drv->ifindex = if_nametoindex(drv->ifname);
605 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed "
606 "interface");
607 wpa_driver_wext_finish_drv_init(drv);
608 return 1;
609 }
610
611 return 0;
612 }
613
614
615 static void wpa_driver_wext_event_rtm_newlink(void *ctx, struct ifinfomsg *ifi,
616 u8 *buf, size_t len)
617 {
618 struct wpa_driver_wext_data *drv = ctx;
619 int attrlen, rta_len;
620 struct rtattr *attr;
621
622 if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, buf, len)) {
623 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
624 ifi->ifi_index);
625 return;
626 }
627
628 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
629 "(%s%s%s%s)",
630 drv->operstate, ifi->ifi_flags,
631 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
632 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
633 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
634 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
635 /*
636 * Some drivers send the association event before the operup event--in
637 * this case, lifting operstate in wpa_driver_wext_set_operstate()
638 * fails. This will hit us when wpa_supplicant does not need to do
639 * IEEE 802.1X authentication
640 */
641 if (drv->operstate == 1 &&
642 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
643 !(ifi->ifi_flags & IFF_RUNNING))
644 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
645 -1, IF_OPER_UP);
646
647 attrlen = len;
648 attr = (struct rtattr *) buf;
649
650 rta_len = RTA_ALIGN(sizeof(struct rtattr));
651 while (RTA_OK(attr, attrlen)) {
652 if (attr->rta_type == IFLA_WIRELESS) {
653 wpa_driver_wext_event_wireless(
654 drv, ((char *) attr) + rta_len,
655 attr->rta_len - rta_len);
656 } else if (attr->rta_type == IFLA_IFNAME) {
657 wpa_driver_wext_event_link(drv,
658 ((char *) attr) + rta_len,
659 attr->rta_len - rta_len, 0);
660 }
661 attr = RTA_NEXT(attr, attrlen);
662 }
663 }
664
665
666 static void wpa_driver_wext_event_rtm_dellink(void *ctx, struct ifinfomsg *ifi,
667 u8 *buf, size_t len)
668 {
669 struct wpa_driver_wext_data *drv = ctx;
670 int attrlen, rta_len;
671 struct rtattr *attr;
672
673 attrlen = len;
674 attr = (struct rtattr *) buf;
675
676 rta_len = RTA_ALIGN(sizeof(struct rtattr));
677 while (RTA_OK(attr, attrlen)) {
678 if (attr->rta_type == IFLA_IFNAME) {
679 wpa_driver_wext_event_link(drv,
680 ((char *) attr) + rta_len,
681 attr->rta_len - rta_len, 1);
682 }
683 attr = RTA_NEXT(attr, attrlen);
684 }
685 }
686
687
688 static int wpa_driver_wext_get_ifflags_ifname(struct wpa_driver_wext_data *drv,
689 const char *ifname, int *flags)
690 {
691 struct ifreq ifr;
692
693 os_memset(&ifr, 0, sizeof(ifr));
694 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
695 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
696 perror("ioctl[SIOCGIFFLAGS]");
697 return -1;
698 }
699 *flags = ifr.ifr_flags & 0xffff;
700 return 0;
701 }
702
703
704 /**
705 * wpa_driver_wext_get_ifflags - Get interface flags (SIOCGIFFLAGS)
706 * @drv: driver_wext private data
707 * @flags: Pointer to returned flags value
708 * Returns: 0 on success, -1 on failure
709 */
710 int wpa_driver_wext_get_ifflags(struct wpa_driver_wext_data *drv, int *flags)
711 {
712 return wpa_driver_wext_get_ifflags_ifname(drv, drv->ifname, flags);
713 }
714
715
716 static int wpa_driver_wext_set_ifflags_ifname(struct wpa_driver_wext_data *drv,
717 const char *ifname, int flags)
718 {
719 struct ifreq ifr;
720
721 os_memset(&ifr, 0, sizeof(ifr));
722 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
723 ifr.ifr_flags = flags & 0xffff;
724 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
725 perror("SIOCSIFFLAGS");
726 return -1;
727 }
728 return 0;
729 }
730
731
732 /**
733 * wpa_driver_wext_set_ifflags - Set interface flags (SIOCSIFFLAGS)
734 * @drv: driver_wext private data
735 * @flags: New value for flags
736 * Returns: 0 on success, -1 on failure
737 */
738 int wpa_driver_wext_set_ifflags(struct wpa_driver_wext_data *drv, int flags)
739 {
740 return wpa_driver_wext_set_ifflags_ifname(drv, drv->ifname, flags);
741 }
742
743
744 /**
745 * wpa_driver_wext_init - Initialize WE driver interface
746 * @ctx: context to be used when calling wpa_supplicant functions,
747 * e.g., wpa_supplicant_event()
748 * @ifname: interface name, e.g., wlan0
749 * Returns: Pointer to private data, %NULL on failure
750 */
751 void * wpa_driver_wext_init(void *ctx, const char *ifname)
752 {
753 struct wpa_driver_wext_data *drv;
754 struct netlink_config *cfg;
755
756 drv = os_zalloc(sizeof(*drv));
757 if (drv == NULL)
758 return NULL;
759 drv->ctx = ctx;
760 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
761
762 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
763 if (drv->ioctl_sock < 0) {
764 perror("socket(PF_INET,SOCK_DGRAM)");
765 goto err1;
766 }
767
768 cfg = os_zalloc(sizeof(*cfg));
769 if (cfg == NULL)
770 goto err1;
771 cfg->ctx = drv;
772 cfg->newlink_cb = wpa_driver_wext_event_rtm_newlink;
773 cfg->dellink_cb = wpa_driver_wext_event_rtm_dellink;
774 drv->netlink = netlink_init(cfg);
775 if (drv->netlink == NULL) {
776 os_free(cfg);
777 goto err2;
778 }
779
780 drv->mlme_sock = -1;
781
782 if (wpa_driver_wext_finish_drv_init(drv) < 0)
783 goto err3;
784
785 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 1);
786
787 return drv;
788
789 err3:
790 netlink_deinit(drv->netlink);
791 err2:
792 close(drv->ioctl_sock);
793 err1:
794 os_free(drv);
795 return NULL;
796 }
797
798
799 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv)
800 {
801 int flags;
802
803 if (wpa_driver_wext_get_ifflags(drv, &flags) != 0) {
804 wpa_printf(MSG_ERROR, "Could not get interface '%s' flags",
805 drv->ifname);
806 return -1;
807 }
808
809 if (!(flags & IFF_UP)) {
810 if (wpa_driver_wext_set_ifflags(drv, flags | IFF_UP) != 0) {
811 wpa_printf(MSG_ERROR, "Could not set interface '%s' "
812 "UP", drv->ifname);
813 return -1;
814 } else {
815 /*
816 * Wait some time to allow driver to initialize before
817 * starting configuring the driver. This seems to be
818 * needed at least some drivers that load firmware etc.
819 * when the interface is set up.
820 */
821 wpa_printf(MSG_DEBUG, "Interface %s set UP - waiting "
822 "a second for the driver to complete "
823 "initialization", drv->ifname);
824 sleep(1);
825 }
826 }
827
828 /*
829 * Make sure that the driver does not have any obsolete PMKID entries.
830 */
831 wpa_driver_wext_flush_pmkid(drv);
832
833 if (wpa_driver_wext_set_mode(drv, 0) < 0) {
834 wpa_printf(MSG_DEBUG, "Could not configure driver to use "
835 "managed mode");
836 /* Try to use it anyway */
837 }
838
839 wpa_driver_wext_get_range(drv);
840
841 /*
842 * Unlock the driver's BSSID and force to a random SSID to clear any
843 * previous association the driver might have when the supplicant
844 * starts up.
845 */
846 wpa_driver_wext_disconnect(drv);
847
848 drv->ifindex = if_nametoindex(drv->ifname);
849
850 if (os_strncmp(drv->ifname, "wlan", 4) == 0) {
851 /*
852 * Host AP driver may use both wlan# and wifi# interface in
853 * wireless events. Since some of the versions included WE-18
854 * support, let's add the alternative ifindex also from
855 * driver_wext.c for the time being. This may be removed at
856 * some point once it is believed that old versions of the
857 * driver are not in use anymore.
858 */
859 char ifname2[IFNAMSIZ + 1];
860 os_strlcpy(ifname2, drv->ifname, sizeof(ifname2));
861 os_memcpy(ifname2, "wifi", 4);
862 wpa_driver_wext_alternative_ifindex(drv, ifname2);
863 }
864
865 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
866 1, IF_OPER_DORMANT);
867
868 return 0;
869 }
870
871
872 /**
873 * wpa_driver_wext_deinit - Deinitialize WE driver interface
874 * @priv: Pointer to private wext data from wpa_driver_wext_init()
875 *
876 * Shut down driver interface and processing of driver events. Free
877 * private data buffer if one was allocated in wpa_driver_wext_init().
878 */
879 void wpa_driver_wext_deinit(void *priv)
880 {
881 struct wpa_driver_wext_data *drv = priv;
882 int flags;
883
884 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 0);
885
886 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
887
888 /*
889 * Clear possibly configured driver parameters in order to make it
890 * easier to use the driver after wpa_supplicant has been terminated.
891 */
892 wpa_driver_wext_disconnect(drv);
893
894 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP);
895 netlink_deinit(drv->netlink);
896
897 if (drv->mlme_sock >= 0)
898 eloop_unregister_read_sock(drv->mlme_sock);
899
900 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0)
901 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
902
903 close(drv->ioctl_sock);
904 if (drv->mlme_sock >= 0)
905 close(drv->mlme_sock);
906 os_free(drv->assoc_req_ies);
907 os_free(drv->assoc_resp_ies);
908 os_free(drv);
909 }
910
911
912 /**
913 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion
914 * @eloop_ctx: Unused
915 * @timeout_ctx: ctx argument given to wpa_driver_wext_init()
916 *
917 * This function can be used as registered timeout when starting a scan to
918 * generate a scan completed event if the driver does not report this.
919 */
920 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx)
921 {
922 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
923 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
924 }
925
926
927 /**
928 * wpa_driver_wext_scan - Request the driver to initiate scan
929 * @priv: Pointer to private wext data from wpa_driver_wext_init()
930 * @param: Scan parameters (specific SSID to scan for (ProbeReq), etc.)
931 * Returns: 0 on success, -1 on failure
932 */
933 int wpa_driver_wext_scan(void *priv, struct wpa_driver_scan_params *params)
934 {
935 struct wpa_driver_wext_data *drv = priv;
936 struct iwreq iwr;
937 int ret = 0, timeout;
938 struct iw_scan_req req;
939 const u8 *ssid = params->ssids[0].ssid;
940 size_t ssid_len = params->ssids[0].ssid_len;
941
942 if (ssid_len > IW_ESSID_MAX_SIZE) {
943 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
944 __FUNCTION__, (unsigned long) ssid_len);
945 return -1;
946 }
947
948 os_memset(&iwr, 0, sizeof(iwr));
949 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
950
951 if (ssid && ssid_len) {
952 os_memset(&req, 0, sizeof(req));
953 req.essid_len = ssid_len;
954 req.bssid.sa_family = ARPHRD_ETHER;
955 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
956 os_memcpy(req.essid, ssid, ssid_len);
957 iwr.u.data.pointer = (caddr_t) &req;
958 iwr.u.data.length = sizeof(req);
959 iwr.u.data.flags = IW_SCAN_THIS_ESSID;
960 }
961
962 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
963 perror("ioctl[SIOCSIWSCAN]");
964 ret = -1;
965 }
966
967 /* Not all drivers generate "scan completed" wireless event, so try to
968 * read results after a timeout. */
969 timeout = 5;
970 if (drv->scan_complete_events) {
971 /*
972 * The driver seems to deliver SIOCGIWSCAN events to notify
973 * when scan is complete, so use longer timeout to avoid race
974 * conditions with scanning and following association request.
975 */
976 timeout = 30;
977 }
978 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
979 "seconds", ret, timeout);
980 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
981 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv,
982 drv->ctx);
983
984 return ret;
985 }
986
987
988 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv,
989 size_t *len)
990 {
991 struct iwreq iwr;
992 u8 *res_buf;
993 size_t res_buf_len;
994
995 res_buf_len = IW_SCAN_MAX_DATA;
996 for (;;) {
997 res_buf = os_malloc(res_buf_len);
998 if (res_buf == NULL)
999 return NULL;
1000 os_memset(&iwr, 0, sizeof(iwr));
1001 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1002 iwr.u.data.pointer = res_buf;
1003 iwr.u.data.length = res_buf_len;
1004
1005 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
1006 break;
1007
1008 if (errno == E2BIG && res_buf_len < 65535) {
1009 os_free(res_buf);
1010 res_buf = NULL;
1011 res_buf_len *= 2;
1012 if (res_buf_len > 65535)
1013 res_buf_len = 65535; /* 16-bit length field */
1014 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
1015 "trying larger buffer (%lu bytes)",
1016 (unsigned long) res_buf_len);
1017 } else {
1018 perror("ioctl[SIOCGIWSCAN]");
1019 os_free(res_buf);
1020 return NULL;
1021 }
1022 }
1023
1024 if (iwr.u.data.length > res_buf_len) {
1025 os_free(res_buf);
1026 return NULL;
1027 }
1028 *len = iwr.u.data.length;
1029
1030 return res_buf;
1031 }
1032
1033
1034 /*
1035 * Data structure for collecting WEXT scan results. This is needed to allow
1036 * the various methods of reporting IEs to be combined into a single IE buffer.
1037 */
1038 struct wext_scan_data {
1039 struct wpa_scan_res res;
1040 u8 *ie;
1041 size_t ie_len;
1042 u8 ssid[32];
1043 size_t ssid_len;
1044 int maxrate;
1045 };
1046
1047
1048 static void wext_get_scan_mode(struct iw_event *iwe,
1049 struct wext_scan_data *res)
1050 {
1051 if (iwe->u.mode == IW_MODE_ADHOC)
1052 res->res.caps |= IEEE80211_CAP_IBSS;
1053 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA)
1054 res->res.caps |= IEEE80211_CAP_ESS;
1055 }
1056
1057
1058 static void wext_get_scan_ssid(struct iw_event *iwe,
1059 struct wext_scan_data *res, char *custom,
1060 char *end)
1061 {
1062 int ssid_len = iwe->u.essid.length;
1063 if (custom + ssid_len > end)
1064 return;
1065 if (iwe->u.essid.flags &&
1066 ssid_len > 0 &&
1067 ssid_len <= IW_ESSID_MAX_SIZE) {
1068 os_memcpy(res->ssid, custom, ssid_len);
1069 res->ssid_len = ssid_len;
1070 }
1071 }
1072
1073
1074 static void wext_get_scan_freq(struct iw_event *iwe,
1075 struct wext_scan_data *res)
1076 {
1077 int divi = 1000000, i;
1078
1079 if (iwe->u.freq.e == 0) {
1080 /*
1081 * Some drivers do not report frequency, but a channel.
1082 * Try to map this to frequency by assuming they are using
1083 * IEEE 802.11b/g. But don't overwrite a previously parsed
1084 * frequency if the driver sends both frequency and channel,
1085 * since the driver may be sending an A-band channel that we
1086 * don't handle here.
1087 */
1088
1089 if (res->res.freq)
1090 return;
1091
1092 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
1093 res->res.freq = 2407 + 5 * iwe->u.freq.m;
1094 return;
1095 } else if (iwe->u.freq.m == 14) {
1096 res->res.freq = 2484;
1097 return;
1098 }
1099 }
1100
1101 if (iwe->u.freq.e > 6) {
1102 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID="
1103 MACSTR " m=%d e=%d)",
1104 MAC2STR(res->res.bssid), iwe->u.freq.m,
1105 iwe->u.freq.e);
1106 return;
1107 }
1108
1109 for (i = 0; i < iwe->u.freq.e; i++)
1110 divi /= 10;
1111 res->res.freq = iwe->u.freq.m / divi;
1112 }
1113
1114
1115 static void wext_get_scan_qual(struct iw_event *iwe,
1116 struct wext_scan_data *res)
1117 {
1118 res->res.qual = iwe->u.qual.qual;
1119 res->res.noise = iwe->u.qual.noise;
1120 res->res.level = iwe->u.qual.level;
1121 if (iwe->u.qual.updated & IW_QUAL_QUAL_INVALID)
1122 res->res.flags |= WPA_SCAN_QUAL_INVALID;
1123 if (iwe->u.qual.updated & IW_QUAL_LEVEL_INVALID)
1124 res->res.flags |= WPA_SCAN_LEVEL_INVALID;
1125 if (iwe->u.qual.updated & IW_QUAL_NOISE_INVALID)
1126 res->res.flags |= WPA_SCAN_NOISE_INVALID;
1127 if (iwe->u.qual.updated & IW_QUAL_DBM)
1128 res->res.flags |= WPA_SCAN_LEVEL_DBM;
1129 }
1130
1131
1132 static void wext_get_scan_encode(struct iw_event *iwe,
1133 struct wext_scan_data *res)
1134 {
1135 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED))
1136 res->res.caps |= IEEE80211_CAP_PRIVACY;
1137 }
1138
1139
1140 static void wext_get_scan_rate(struct iw_event *iwe,
1141 struct wext_scan_data *res, char *pos,
1142 char *end)
1143 {
1144 int maxrate;
1145 char *custom = pos + IW_EV_LCP_LEN;
1146 struct iw_param p;
1147 size_t clen;
1148
1149 clen = iwe->len;
1150 if (custom + clen > end)
1151 return;
1152 maxrate = 0;
1153 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
1154 /* Note: may be misaligned, make a local, aligned copy */
1155 os_memcpy(&p, custom, sizeof(struct iw_param));
1156 if (p.value > maxrate)
1157 maxrate = p.value;
1158 clen -= sizeof(struct iw_param);
1159 custom += sizeof(struct iw_param);
1160 }
1161
1162 /* Convert the maxrate from WE-style (b/s units) to
1163 * 802.11 rates (500000 b/s units).
1164 */
1165 res->maxrate = maxrate / 500000;
1166 }
1167
1168
1169 static void wext_get_scan_iwevgenie(struct iw_event *iwe,
1170 struct wext_scan_data *res, char *custom,
1171 char *end)
1172 {
1173 char *genie, *gpos, *gend;
1174 u8 *tmp;
1175
1176 if (iwe->u.data.length == 0)
1177 return;
1178
1179 gpos = genie = custom;
1180 gend = genie + iwe->u.data.length;
1181 if (gend > end) {
1182 wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1183 return;
1184 }
1185
1186 tmp = os_realloc(res->ie, res->ie_len + gend - gpos);
1187 if (tmp == NULL)
1188 return;
1189 os_memcpy(tmp + res->ie_len, gpos, gend - gpos);
1190 res->ie = tmp;
1191 res->ie_len += gend - gpos;
1192 }
1193
1194
1195 static void wext_get_scan_custom(struct iw_event *iwe,
1196 struct wext_scan_data *res, char *custom,
1197 char *end)
1198 {
1199 size_t clen;
1200 u8 *tmp;
1201
1202 clen = iwe->u.data.length;
1203 if (custom + clen > end)
1204 return;
1205
1206 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
1207 char *spos;
1208 int bytes;
1209 spos = custom + 7;
1210 bytes = custom + clen - spos;
1211 if (bytes & 1 || bytes == 0)
1212 return;
1213 bytes /= 2;
1214 tmp = os_realloc(res->ie, res->ie_len + bytes);
1215 if (tmp == NULL)
1216 return;
1217 hexstr2bin(spos, tmp + res->ie_len, bytes);
1218 res->ie = tmp;
1219 res->ie_len += bytes;
1220 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) {
1221 char *spos;
1222 int bytes;
1223 spos = custom + 7;
1224 bytes = custom + clen - spos;
1225 if (bytes & 1 || bytes == 0)
1226 return;
1227 bytes /= 2;
1228 tmp = os_realloc(res->ie, res->ie_len + bytes);
1229 if (tmp == NULL)
1230 return;
1231 hexstr2bin(spos, tmp + res->ie_len, bytes);
1232 res->ie = tmp;
1233 res->ie_len += bytes;
1234 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) {
1235 char *spos;
1236 int bytes;
1237 u8 bin[8];
1238 spos = custom + 4;
1239 bytes = custom + clen - spos;
1240 if (bytes != 16) {
1241 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
1242 return;
1243 }
1244 bytes /= 2;
1245 hexstr2bin(spos, bin, bytes);
1246 res->res.tsf += WPA_GET_BE64(bin);
1247 }
1248 }
1249
1250
1251 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd)
1252 {
1253 return drv->we_version_compiled > 18 &&
1254 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE ||
1255 cmd == IWEVGENIE || cmd == IWEVCUSTOM);
1256 }
1257
1258
1259 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res,
1260 struct wext_scan_data *data)
1261 {
1262 struct wpa_scan_res **tmp;
1263 struct wpa_scan_res *r;
1264 size_t extra_len;
1265 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL;
1266
1267 /* Figure out whether we need to fake any IEs */
1268 pos = data->ie;
1269 end = pos + data->ie_len;
1270 while (pos && pos + 1 < end) {
1271 if (pos + 2 + pos[1] > end)
1272 break;
1273 if (pos[0] == WLAN_EID_SSID)
1274 ssid_ie = pos;
1275 else if (pos[0] == WLAN_EID_SUPP_RATES)
1276 rate_ie = pos;
1277 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES)
1278 rate_ie = pos;
1279 pos += 2 + pos[1];
1280 }
1281
1282 extra_len = 0;
1283 if (ssid_ie == NULL)
1284 extra_len += 2 + data->ssid_len;
1285 if (rate_ie == NULL && data->maxrate)
1286 extra_len += 3;
1287
1288 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len);
1289 if (r == NULL)
1290 return;
1291 os_memcpy(r, &data->res, sizeof(*r));
1292 r->ie_len = extra_len + data->ie_len;
1293 pos = (u8 *) (r + 1);
1294 if (ssid_ie == NULL) {
1295 /*
1296 * Generate a fake SSID IE since the driver did not report
1297 * a full IE list.
1298 */
1299 *pos++ = WLAN_EID_SSID;
1300 *pos++ = data->ssid_len;
1301 os_memcpy(pos, data->ssid, data->ssid_len);
1302 pos += data->ssid_len;
1303 }
1304 if (rate_ie == NULL && data->maxrate) {
1305 /*
1306 * Generate a fake Supported Rates IE since the driver did not
1307 * report a full IE list.
1308 */
1309 *pos++ = WLAN_EID_SUPP_RATES;
1310 *pos++ = 1;
1311 *pos++ = data->maxrate;
1312 }
1313 if (data->ie)
1314 os_memcpy(pos, data->ie, data->ie_len);
1315
1316 tmp = os_realloc(res->res,
1317 (res->num + 1) * sizeof(struct wpa_scan_res *));
1318 if (tmp == NULL) {
1319 os_free(r);
1320 return;
1321 }
1322 tmp[res->num++] = r;
1323 res->res = tmp;
1324 }
1325
1326
1327 /**
1328 * wpa_driver_wext_get_scan_results - Fetch the latest scan results
1329 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1330 * Returns: Scan results on success, -1 on failure
1331 */
1332 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv)
1333 {
1334 struct wpa_driver_wext_data *drv = priv;
1335 size_t ap_num = 0, len;
1336 int first;
1337 u8 *res_buf;
1338 struct iw_event iwe_buf, *iwe = &iwe_buf;
1339 char *pos, *end, *custom;
1340 struct wpa_scan_results *res;
1341 struct wext_scan_data data;
1342
1343 res_buf = wpa_driver_wext_giwscan(drv, &len);
1344 if (res_buf == NULL)
1345 return NULL;
1346
1347 ap_num = 0;
1348 first = 1;
1349
1350 res = os_zalloc(sizeof(*res));
1351 if (res == NULL) {
1352 os_free(res_buf);
1353 return NULL;
1354 }
1355
1356 pos = (char *) res_buf;
1357 end = (char *) res_buf + len;
1358 os_memset(&data, 0, sizeof(data));
1359
1360 while (pos + IW_EV_LCP_LEN <= end) {
1361 /* Event data may be unaligned, so make a local, aligned copy
1362 * before processing. */
1363 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1364 if (iwe->len <= IW_EV_LCP_LEN)
1365 break;
1366
1367 custom = pos + IW_EV_POINT_LEN;
1368 if (wext_19_iw_point(drv, iwe->cmd)) {
1369 /* WE-19 removed the pointer from struct iw_point */
1370 char *dpos = (char *) &iwe_buf.u.data.length;
1371 int dlen = dpos - (char *) &iwe_buf;
1372 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1373 sizeof(struct iw_event) - dlen);
1374 } else {
1375 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1376 custom += IW_EV_POINT_OFF;
1377 }
1378
1379 switch (iwe->cmd) {
1380 case SIOCGIWAP:
1381 if (!first)
1382 wpa_driver_wext_add_scan_entry(res, &data);
1383 first = 0;
1384 os_free(data.ie);
1385 os_memset(&data, 0, sizeof(data));
1386 os_memcpy(data.res.bssid,
1387 iwe->u.ap_addr.sa_data, ETH_ALEN);
1388 break;
1389 case SIOCGIWMODE:
1390 wext_get_scan_mode(iwe, &data);
1391 break;
1392 case SIOCGIWESSID:
1393 wext_get_scan_ssid(iwe, &data, custom, end);
1394 break;
1395 case SIOCGIWFREQ:
1396 wext_get_scan_freq(iwe, &data);
1397 break;
1398 case IWEVQUAL:
1399 wext_get_scan_qual(iwe, &data);
1400 break;
1401 case SIOCGIWENCODE:
1402 wext_get_scan_encode(iwe, &data);
1403 break;
1404 case SIOCGIWRATE:
1405 wext_get_scan_rate(iwe, &data, pos, end);
1406 break;
1407 case IWEVGENIE:
1408 wext_get_scan_iwevgenie(iwe, &data, custom, end);
1409 break;
1410 case IWEVCUSTOM:
1411 wext_get_scan_custom(iwe, &data, custom, end);
1412 break;
1413 }
1414
1415 pos += iwe->len;
1416 }
1417 os_free(res_buf);
1418 res_buf = NULL;
1419 if (!first)
1420 wpa_driver_wext_add_scan_entry(res, &data);
1421 os_free(data.ie);
1422
1423 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1424 (unsigned long) len, (unsigned long) res->num);
1425
1426 return res;
1427 }
1428
1429
1430 static int wpa_driver_wext_get_range(void *priv)
1431 {
1432 struct wpa_driver_wext_data *drv = priv;
1433 struct iw_range *range;
1434 struct iwreq iwr;
1435 int minlen;
1436 size_t buflen;
1437
1438 /*
1439 * Use larger buffer than struct iw_range in order to allow the
1440 * structure to grow in the future.
1441 */
1442 buflen = sizeof(struct iw_range) + 500;
1443 range = os_zalloc(buflen);
1444 if (range == NULL)
1445 return -1;
1446
1447 os_memset(&iwr, 0, sizeof(iwr));
1448 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1449 iwr.u.data.pointer = (caddr_t) range;
1450 iwr.u.data.length = buflen;
1451
1452 minlen = ((char *) &range->enc_capa) - (char *) range +
1453 sizeof(range->enc_capa);
1454
1455 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1456 perror("ioctl[SIOCGIWRANGE]");
1457 os_free(range);
1458 return -1;
1459 } else if (iwr.u.data.length >= minlen &&
1460 range->we_version_compiled >= 18) {
1461 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1462 "WE(source)=%d enc_capa=0x%x",
1463 range->we_version_compiled,
1464 range->we_version_source,
1465 range->enc_capa);
1466 drv->has_capability = 1;
1467 drv->we_version_compiled = range->we_version_compiled;
1468 if (range->enc_capa & IW_ENC_CAPA_WPA) {
1469 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1470 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1471 }
1472 if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1473 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1474 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1475 }
1476 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1477 WPA_DRIVER_CAPA_ENC_WEP104;
1478 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1479 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1480 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1481 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1482 if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE)
1483 drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
1484 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1485 WPA_DRIVER_AUTH_SHARED |
1486 WPA_DRIVER_AUTH_LEAP;
1487 drv->capa.max_scan_ssids = 1;
1488
1489 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x "
1490 "flags 0x%x",
1491 drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags);
1492 } else {
1493 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1494 "assuming WPA is not supported");
1495 }
1496
1497 os_free(range);
1498 return 0;
1499 }
1500
1501
1502 static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv,
1503 const u8 *psk)
1504 {
1505 struct iw_encode_ext *ext;
1506 struct iwreq iwr;
1507 int ret;
1508
1509 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1510
1511 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1512 return 0;
1513
1514 if (!psk)
1515 return 0;
1516
1517 os_memset(&iwr, 0, sizeof(iwr));
1518 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1519
1520 ext = os_zalloc(sizeof(*ext) + PMK_LEN);
1521 if (ext == NULL)
1522 return -1;
1523
1524 iwr.u.encoding.pointer = (caddr_t) ext;
1525 iwr.u.encoding.length = sizeof(*ext) + PMK_LEN;
1526 ext->key_len = PMK_LEN;
1527 os_memcpy(&ext->key, psk, ext->key_len);
1528 ext->alg = IW_ENCODE_ALG_PMK;
1529
1530 ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr);
1531 if (ret < 0)
1532 perror("ioctl[SIOCSIWENCODEEXT] PMK");
1533 os_free(ext);
1534
1535 return ret;
1536 }
1537
1538
1539 static int wpa_driver_wext_set_key_ext(void *priv, enum wpa_alg alg,
1540 const u8 *addr, int key_idx,
1541 int set_tx, const u8 *seq,
1542 size_t seq_len,
1543 const u8 *key, size_t key_len)
1544 {
1545 struct wpa_driver_wext_data *drv = priv;
1546 struct iwreq iwr;
1547 int ret = 0;
1548 struct iw_encode_ext *ext;
1549
1550 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) {
1551 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu",
1552 __FUNCTION__, (unsigned long) seq_len);
1553 return -1;
1554 }
1555
1556 ext = os_zalloc(sizeof(*ext) + key_len);
1557 if (ext == NULL)
1558 return -1;
1559 os_memset(&iwr, 0, sizeof(iwr));
1560 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1561 iwr.u.encoding.flags = key_idx + 1;
1562 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1563 if (alg == WPA_ALG_NONE)
1564 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1565 iwr.u.encoding.pointer = (caddr_t) ext;
1566 iwr.u.encoding.length = sizeof(*ext) + key_len;
1567
1568 if (addr == NULL ||
1569 os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0)
1570 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
1571 if (set_tx)
1572 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
1573
1574 ext->addr.sa_family = ARPHRD_ETHER;
1575 if (addr)
1576 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN);
1577 else
1578 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN);
1579 if (key && key_len) {
1580 os_memcpy(ext + 1, key, key_len);
1581 ext->key_len = key_len;
1582 }
1583 switch (alg) {
1584 case WPA_ALG_NONE:
1585 ext->alg = IW_ENCODE_ALG_NONE;
1586 break;
1587 case WPA_ALG_WEP:
1588 ext->alg = IW_ENCODE_ALG_WEP;
1589 break;
1590 case WPA_ALG_TKIP:
1591 ext->alg = IW_ENCODE_ALG_TKIP;
1592 break;
1593 case WPA_ALG_CCMP:
1594 ext->alg = IW_ENCODE_ALG_CCMP;
1595 break;
1596 case WPA_ALG_PMK:
1597 ext->alg = IW_ENCODE_ALG_PMK;
1598 break;
1599 #ifdef CONFIG_IEEE80211W
1600 case WPA_ALG_IGTK:
1601 ext->alg = IW_ENCODE_ALG_AES_CMAC;
1602 break;
1603 #endif /* CONFIG_IEEE80211W */
1604 default:
1605 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d",
1606 __FUNCTION__, alg);
1607 os_free(ext);
1608 return -1;
1609 }
1610
1611 if (seq && seq_len) {
1612 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID;
1613 os_memcpy(ext->rx_seq, seq, seq_len);
1614 }
1615
1616 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) {
1617 ret = errno == EOPNOTSUPP ? -2 : -1;
1618 if (errno == ENODEV) {
1619 /*
1620 * ndiswrapper seems to be returning incorrect error
1621 * code.. */
1622 ret = -2;
1623 }
1624
1625 perror("ioctl[SIOCSIWENCODEEXT]");
1626 }
1627
1628 os_free(ext);
1629 return ret;
1630 }
1631
1632
1633 /**
1634 * wpa_driver_wext_set_key - Configure encryption key
1635 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1636 * @priv: Private driver interface data
1637 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
1638 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key.
1639 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for
1640 * broadcast/default keys
1641 * @key_idx: key index (0..3), usually 0 for unicast keys
1642 * @set_tx: Configure this key as the default Tx key (only used when
1643 * driver does not support separate unicast/individual key
1644 * @seq: Sequence number/packet number, seq_len octets, the next
1645 * packet number to be used for in replay protection; configured
1646 * for Rx keys (in most cases, this is only used with broadcast
1647 * keys and set to zero for unicast keys)
1648 * @seq_len: Length of the seq, depends on the algorithm:
1649 * TKIP: 6 octets, CCMP: 6 octets
1650 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
1651 * 8-byte Rx Mic Key
1652 * @key_len: Length of the key buffer in octets (WEP: 5 or 13,
1653 * TKIP: 32, CCMP: 16)
1654 * Returns: 0 on success, -1 on failure
1655 *
1656 * This function uses SIOCSIWENCODEEXT by default, but tries to use
1657 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key.
1658 */
1659 int wpa_driver_wext_set_key(const char *ifname, void *priv, enum wpa_alg alg,
1660 const u8 *addr, int key_idx,
1661 int set_tx, const u8 *seq, size_t seq_len,
1662 const u8 *key, size_t key_len)
1663 {
1664 struct wpa_driver_wext_data *drv = priv;
1665 struct iwreq iwr;
1666 int ret = 0;
1667
1668 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu "
1669 "key_len=%lu",
1670 __FUNCTION__, alg, key_idx, set_tx,
1671 (unsigned long) seq_len, (unsigned long) key_len);
1672
1673 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx,
1674 seq, seq_len, key, key_len);
1675 if (ret == 0)
1676 return 0;
1677
1678 if (ret == -2 &&
1679 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) {
1680 wpa_printf(MSG_DEBUG, "Driver did not support "
1681 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE");
1682 ret = 0;
1683 } else {
1684 wpa_printf(MSG_DEBUG, "Driver did not support "
1685 "SIOCSIWENCODEEXT");
1686 return ret;
1687 }
1688
1689 os_memset(&iwr, 0, sizeof(iwr));
1690 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1691 iwr.u.encoding.flags = key_idx + 1;
1692 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1693 if (alg == WPA_ALG_NONE)
1694 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1695 iwr.u.encoding.pointer = (caddr_t) key;
1696 iwr.u.encoding.length = key_len;
1697
1698 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1699 perror("ioctl[SIOCSIWENCODE]");
1700 ret = -1;
1701 }
1702
1703 if (set_tx && alg != WPA_ALG_NONE) {
1704 os_memset(&iwr, 0, sizeof(iwr));
1705 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1706 iwr.u.encoding.flags = key_idx + 1;
1707 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1708 iwr.u.encoding.pointer = (caddr_t) NULL;
1709 iwr.u.encoding.length = 0;
1710 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1711 perror("ioctl[SIOCSIWENCODE] (set_tx)");
1712 ret = -1;
1713 }
1714 }
1715
1716 return ret;
1717 }
1718
1719
1720 static int wpa_driver_wext_set_countermeasures(void *priv,
1721 int enabled)
1722 {
1723 struct wpa_driver_wext_data *drv = priv;
1724 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1725 return wpa_driver_wext_set_auth_param(drv,
1726 IW_AUTH_TKIP_COUNTERMEASURES,
1727 enabled);
1728 }
1729
1730
1731 static int wpa_driver_wext_set_drop_unencrypted(void *priv,
1732 int enabled)
1733 {
1734 struct wpa_driver_wext_data *drv = priv;
1735 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1736 drv->use_crypt = enabled;
1737 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
1738 enabled);
1739 }
1740
1741
1742 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv,
1743 const u8 *addr, int cmd, int reason_code)
1744 {
1745 struct iwreq iwr;
1746 struct iw_mlme mlme;
1747 int ret = 0;
1748
1749 os_memset(&iwr, 0, sizeof(iwr));
1750 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1751 os_memset(&mlme, 0, sizeof(mlme));
1752 mlme.cmd = cmd;
1753 mlme.reason_code = reason_code;
1754 mlme.addr.sa_family = ARPHRD_ETHER;
1755 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
1756 iwr.u.data.pointer = (caddr_t) &mlme;
1757 iwr.u.data.length = sizeof(mlme);
1758
1759 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
1760 perror("ioctl[SIOCSIWMLME]");
1761 ret = -1;
1762 }
1763
1764 return ret;
1765 }
1766
1767
1768 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv)
1769 {
1770 struct iwreq iwr;
1771 const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
1772 u8 ssid[32];
1773 int i;
1774
1775 /*
1776 * Only force-disconnect when the card is in infrastructure mode,
1777 * otherwise the driver might interpret the cleared BSSID and random
1778 * SSID as an attempt to create a new ad-hoc network.
1779 */
1780 os_memset(&iwr, 0, sizeof(iwr));
1781 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1782 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
1783 perror("ioctl[SIOCGIWMODE]");
1784 iwr.u.mode = IW_MODE_INFRA;
1785 }
1786
1787 if (iwr.u.mode == IW_MODE_INFRA) {
1788 /*
1789 * Clear the BSSID selection and set a random SSID to make sure
1790 * the driver will not be trying to associate with something
1791 * even if it does not understand SIOCSIWMLME commands (or
1792 * tries to associate automatically after deauth/disassoc).
1793 */
1794 wpa_driver_wext_set_bssid(drv, null_bssid);
1795
1796 for (i = 0; i < 32; i++)
1797 ssid[i] = rand() & 0xFF;
1798 wpa_driver_wext_set_ssid(drv, ssid, 32);
1799 }
1800 }
1801
1802
1803 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr,
1804 int reason_code)
1805 {
1806 struct wpa_driver_wext_data *drv = priv;
1807 int ret;
1808 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1809 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
1810 wpa_driver_wext_disconnect(drv);
1811 return ret;
1812 }
1813
1814
1815 static int wpa_driver_wext_disassociate(void *priv, const u8 *addr,
1816 int reason_code)
1817 {
1818 struct wpa_driver_wext_data *drv = priv;
1819 int ret;
1820 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1821 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC, reason_code);
1822 wpa_driver_wext_disconnect(drv);
1823 return ret;
1824 }
1825
1826
1827 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
1828 size_t ie_len)
1829 {
1830 struct wpa_driver_wext_data *drv = priv;
1831 struct iwreq iwr;
1832 int ret = 0;
1833
1834 os_memset(&iwr, 0, sizeof(iwr));
1835 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1836 iwr.u.data.pointer = (caddr_t) ie;
1837 iwr.u.data.length = ie_len;
1838
1839 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
1840 perror("ioctl[SIOCSIWGENIE]");
1841 ret = -1;
1842 }
1843
1844 return ret;
1845 }
1846
1847
1848 int wpa_driver_wext_cipher2wext(int cipher)
1849 {
1850 switch (cipher) {
1851 case CIPHER_NONE:
1852 return IW_AUTH_CIPHER_NONE;
1853 case CIPHER_WEP40:
1854 return IW_AUTH_CIPHER_WEP40;
1855 case CIPHER_TKIP:
1856 return IW_AUTH_CIPHER_TKIP;
1857 case CIPHER_CCMP:
1858 return IW_AUTH_CIPHER_CCMP;
1859 case CIPHER_WEP104:
1860 return IW_AUTH_CIPHER_WEP104;
1861 default:
1862 return 0;
1863 }
1864 }
1865
1866
1867 int wpa_driver_wext_keymgmt2wext(int keymgmt)
1868 {
1869 switch (keymgmt) {
1870 case KEY_MGMT_802_1X:
1871 case KEY_MGMT_802_1X_NO_WPA:
1872 return IW_AUTH_KEY_MGMT_802_1X;
1873 case KEY_MGMT_PSK:
1874 return IW_AUTH_KEY_MGMT_PSK;
1875 default:
1876 return 0;
1877 }
1878 }
1879
1880
1881 static int
1882 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv,
1883 struct wpa_driver_associate_params *params)
1884 {
1885 struct iwreq iwr;
1886 int ret = 0;
1887
1888 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
1889 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
1890
1891 os_memset(&iwr, 0, sizeof(iwr));
1892 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1893 /* Just changing mode, not actual keys */
1894 iwr.u.encoding.flags = 0;
1895 iwr.u.encoding.pointer = (caddr_t) NULL;
1896 iwr.u.encoding.length = 0;
1897
1898 /*
1899 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
1900 * different things. Here they are used to indicate Open System vs.
1901 * Shared Key authentication algorithm. However, some drivers may use
1902 * them to select between open/restricted WEP encrypted (open = allow
1903 * both unencrypted and encrypted frames; restricted = only allow
1904 * encrypted frames).
1905 */
1906
1907 if (!drv->use_crypt) {
1908 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1909 } else {
1910 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
1911 iwr.u.encoding.flags |= IW_ENCODE_OPEN;
1912 if (params->auth_alg & AUTH_ALG_SHARED_KEY)
1913 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
1914 }
1915
1916 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1917 perror("ioctl[SIOCSIWENCODE]");
1918 ret = -1;
1919 }
1920
1921 return ret;
1922 }
1923
1924
1925 int wpa_driver_wext_associate(void *priv,
1926 struct wpa_driver_associate_params *params)
1927 {
1928 struct wpa_driver_wext_data *drv = priv;
1929 int ret = 0;
1930 int allow_unencrypted_eapol;
1931 int value;
1932
1933 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1934
1935 if (wpa_driver_wext_set_drop_unencrypted(drv, params->drop_unencrypted)
1936 < 0)
1937 ret = -1;
1938 if (wpa_driver_wext_set_auth_alg(drv, params->auth_alg) < 0)
1939 ret = -1;
1940 if (wpa_driver_wext_set_mode(drv, params->mode) < 0)
1941 ret = -1;
1942
1943 /*
1944 * If the driver did not support SIOCSIWAUTH, fallback to
1945 * SIOCSIWENCODE here.
1946 */
1947 if (drv->auth_alg_fallback &&
1948 wpa_driver_wext_auth_alg_fallback(drv, params) < 0)
1949 ret = -1;
1950
1951 if (!params->bssid &&
1952 wpa_driver_wext_set_bssid(drv, NULL) < 0)
1953 ret = -1;
1954
1955 /* TODO: should consider getting wpa version and cipher/key_mgmt suites
1956 * from configuration, not from here, where only the selected suite is
1957 * available */
1958 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
1959 < 0)
1960 ret = -1;
1961 if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
1962 value = IW_AUTH_WPA_VERSION_DISABLED;
1963 else if (params->wpa_ie[0] == WLAN_EID_RSN)
1964 value = IW_AUTH_WPA_VERSION_WPA2;
1965 else
1966 value = IW_AUTH_WPA_VERSION_WPA;
1967 if (wpa_driver_wext_set_auth_param(drv,
1968 IW_AUTH_WPA_VERSION, value) < 0)
1969 ret = -1;
1970 value = wpa_driver_wext_cipher2wext(params->pairwise_suite);
1971 if (wpa_driver_wext_set_auth_param(drv,
1972 IW_AUTH_CIPHER_PAIRWISE, value) < 0)
1973 ret = -1;
1974 value = wpa_driver_wext_cipher2wext(params->group_suite);
1975 if (wpa_driver_wext_set_auth_param(drv,
1976 IW_AUTH_CIPHER_GROUP, value) < 0)
1977 ret = -1;
1978 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite);
1979 if (wpa_driver_wext_set_auth_param(drv,
1980 IW_AUTH_KEY_MGMT, value) < 0)
1981 ret = -1;
1982 value = params->key_mgmt_suite != KEY_MGMT_NONE ||
1983 params->pairwise_suite != CIPHER_NONE ||
1984 params->group_suite != CIPHER_NONE ||
1985 params->wpa_ie_len;
1986 if (wpa_driver_wext_set_auth_param(drv,
1987 IW_AUTH_PRIVACY_INVOKED, value) < 0)
1988 ret = -1;
1989
1990 /* Allow unencrypted EAPOL messages even if pairwise keys are set when
1991 * not using WPA. IEEE 802.1X specifies that these frames are not
1992 * encrypted, but WPA encrypts them when pairwise keys are in use. */
1993 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
1994 params->key_mgmt_suite == KEY_MGMT_PSK)
1995 allow_unencrypted_eapol = 0;
1996 else
1997 allow_unencrypted_eapol = 1;
1998
1999 if (wpa_driver_wext_set_psk(drv, params->psk) < 0)
2000 ret = -1;
2001 if (wpa_driver_wext_set_auth_param(drv,
2002 IW_AUTH_RX_UNENCRYPTED_EAPOL,
2003 allow_unencrypted_eapol) < 0)
2004 ret = -1;
2005 #ifdef CONFIG_IEEE80211W
2006 switch (params->mgmt_frame_protection) {
2007 case NO_MGMT_FRAME_PROTECTION:
2008 value = IW_AUTH_MFP_DISABLED;
2009 break;
2010 case MGMT_FRAME_PROTECTION_OPTIONAL:
2011 value = IW_AUTH_MFP_OPTIONAL;
2012 break;
2013 case MGMT_FRAME_PROTECTION_REQUIRED:
2014 value = IW_AUTH_MFP_REQUIRED;
2015 break;
2016 };
2017 if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0)
2018 ret = -1;
2019 #endif /* CONFIG_IEEE80211W */
2020 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0)
2021 ret = -1;
2022 if (wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2023 ret = -1;
2024 if (params->bssid &&
2025 wpa_driver_wext_set_bssid(drv, params->bssid) < 0)
2026 ret = -1;
2027
2028 return ret;
2029 }
2030
2031
2032 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
2033 {
2034 struct wpa_driver_wext_data *drv = priv;
2035 int algs = 0, res;
2036
2037 if (auth_alg & AUTH_ALG_OPEN_SYSTEM)
2038 algs |= IW_AUTH_ALG_OPEN_SYSTEM;
2039 if (auth_alg & AUTH_ALG_SHARED_KEY)
2040 algs |= IW_AUTH_ALG_SHARED_KEY;
2041 if (auth_alg & AUTH_ALG_LEAP)
2042 algs |= IW_AUTH_ALG_LEAP;
2043 if (algs == 0) {
2044 /* at least one algorithm should be set */
2045 algs = IW_AUTH_ALG_OPEN_SYSTEM;
2046 }
2047
2048 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
2049 algs);
2050 drv->auth_alg_fallback = res == -2;
2051 return res;
2052 }
2053
2054
2055 /**
2056 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
2057 * @priv: Pointer to private wext data from wpa_driver_wext_init()
2058 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2059 * Returns: 0 on success, -1 on failure
2060 */
2061 int wpa_driver_wext_set_mode(void *priv, int mode)
2062 {
2063 struct wpa_driver_wext_data *drv = priv;
2064 struct iwreq iwr;
2065 int ret = -1, flags;
2066 unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA;
2067
2068 os_memset(&iwr, 0, sizeof(iwr));
2069 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2070 iwr.u.mode = new_mode;
2071 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) {
2072 ret = 0;
2073 goto done;
2074 }
2075
2076 if (errno != EBUSY) {
2077 perror("ioctl[SIOCSIWMODE]");
2078 goto done;
2079 }
2080
2081 /* mac80211 doesn't allow mode changes while the device is up, so if
2082 * the device isn't in the mode we're about to change to, take device
2083 * down, try to set the mode again, and bring it back up.
2084 */
2085 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
2086 perror("ioctl[SIOCGIWMODE]");
2087 goto done;
2088 }
2089
2090 if (iwr.u.mode == new_mode) {
2091 ret = 0;
2092 goto done;
2093 }
2094
2095 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0) {
2096 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
2097
2098 /* Try to set the mode again while the interface is down */
2099 iwr.u.mode = new_mode;
2100 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0)
2101 perror("ioctl[SIOCSIWMODE]");
2102 else
2103 ret = 0;
2104
2105 /* Ignore return value of get_ifflags to ensure that the device
2106 * is always up like it was before this function was called.
2107 */
2108 (void) wpa_driver_wext_get_ifflags(drv, &flags);
2109 (void) wpa_driver_wext_set_ifflags(drv, flags | IFF_UP);
2110 }
2111
2112 done:
2113 return ret;
2114 }
2115
2116
2117 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv,
2118 u32 cmd, const u8 *bssid, const u8 *pmkid)
2119 {
2120 struct iwreq iwr;
2121 struct iw_pmksa pmksa;
2122 int ret = 0;
2123
2124 os_memset(&iwr, 0, sizeof(iwr));
2125 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2126 os_memset(&pmksa, 0, sizeof(pmksa));
2127 pmksa.cmd = cmd;
2128 pmksa.bssid.sa_family = ARPHRD_ETHER;
2129 if (bssid)
2130 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2131 if (pmkid)
2132 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2133 iwr.u.data.pointer = (caddr_t) &pmksa;
2134 iwr.u.data.length = sizeof(pmksa);
2135
2136 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2137 if (errno != EOPNOTSUPP)
2138 perror("ioctl[SIOCSIWPMKSA]");
2139 ret = -1;
2140 }
2141
2142 return ret;
2143 }
2144
2145
2146 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid,
2147 const u8 *pmkid)
2148 {
2149 struct wpa_driver_wext_data *drv = priv;
2150 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
2151 }
2152
2153
2154 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid,
2155 const u8 *pmkid)
2156 {
2157 struct wpa_driver_wext_data *drv = priv;
2158 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
2159 }
2160
2161
2162 static int wpa_driver_wext_flush_pmkid(void *priv)
2163 {
2164 struct wpa_driver_wext_data *drv = priv;
2165 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2166 }
2167
2168
2169 int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa)
2170 {
2171 struct wpa_driver_wext_data *drv = priv;
2172 if (!drv->has_capability)
2173 return -1;
2174 os_memcpy(capa, &drv->capa, sizeof(*capa));
2175 return 0;
2176 }
2177
2178
2179 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
2180 const char *ifname)
2181 {
2182 if (ifname == NULL) {
2183 drv->ifindex2 = -1;
2184 return 0;
2185 }
2186
2187 drv->ifindex2 = if_nametoindex(ifname);
2188 if (drv->ifindex2 <= 0)
2189 return -1;
2190
2191 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for "
2192 "wireless events", drv->ifindex2, ifname);
2193
2194 return 0;
2195 }
2196
2197
2198 int wpa_driver_wext_set_operstate(void *priv, int state)
2199 {
2200 struct wpa_driver_wext_data *drv = priv;
2201
2202 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2203 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2204 drv->operstate = state;
2205 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
2206 state ? IF_OPER_UP : IF_OPER_DORMANT);
2207 }
2208
2209
2210 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv)
2211 {
2212 return drv->we_version_compiled;
2213 }
2214
2215
2216 const struct wpa_driver_ops wpa_driver_wext_ops = {
2217 .name = "wext",
2218 .desc = "Linux wireless extensions (generic)",
2219 .get_bssid = wpa_driver_wext_get_bssid,
2220 .get_ssid = wpa_driver_wext_get_ssid,
2221 .set_key = wpa_driver_wext_set_key,
2222 .set_countermeasures = wpa_driver_wext_set_countermeasures,
2223 .scan2 = wpa_driver_wext_scan,
2224 .get_scan_results2 = wpa_driver_wext_get_scan_results,
2225 .deauthenticate = wpa_driver_wext_deauthenticate,
2226 .disassociate = wpa_driver_wext_disassociate,
2227 .associate = wpa_driver_wext_associate,
2228 .init = wpa_driver_wext_init,
2229 .deinit = wpa_driver_wext_deinit,
2230 .add_pmkid = wpa_driver_wext_add_pmkid,
2231 .remove_pmkid = wpa_driver_wext_remove_pmkid,
2232 .flush_pmkid = wpa_driver_wext_flush_pmkid,
2233 .get_capa = wpa_driver_wext_get_capa,
2234 .set_operstate = wpa_driver_wext_set_operstate,
2235 };