search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Share a single Linux ioctl helper fo setting interface up/down
[hostap-gosc2009.git] / src / drivers / driver_wext.c
blob541ea4cf9b6dc68f68424f6bef224025d8fed25d
1 /*
2 * WPA Supplicant - driver interaction with generic Linux Wireless Extensions
3 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 *
14 * This file implements a driver interface for the Linux Wireless Extensions.
15 * When used with WE-18 or newer, this interface can be used as-is with number
16 * of drivers. In addition to this, some of the common functions in this file
17 * can be used by other driver interface implementations that use generic WE
18 * ioctls, but require private ioctls for some of the functionality.
19 */
20
21 #include "includes.h"
22 #include <sys/ioctl.h>
23 #include <net/if_arp.h>
24
25 #include "wireless_copy.h"
26 #include "common.h"
27 #include "eloop.h"
28 #include "common/ieee802_11_defs.h"
29 #include "common/wpa_common.h"
30 #include "priv_netlink.h"
31 #include "netlink.h"
32 #include "linux_ioctl.h"
33 #include "driver.h"
34 #include "driver_wext.h"
35
36
37 static int wpa_driver_wext_flush_pmkid(void *priv);
38 static int wpa_driver_wext_get_range(void *priv);
39 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv);
40 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv);
41 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg);
42
43
44 int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv,
45 int idx, u32 value)
46 {
47 struct iwreq iwr;
48 int ret = 0;
49
50 os_memset(&iwr, 0, sizeof(iwr));
51 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
52 iwr.u.param.flags = idx & IW_AUTH_INDEX;
53 iwr.u.param.value = value;
54
55 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
56 if (errno != EOPNOTSUPP) {
57 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
58 "value 0x%x) failed: %s)",
59 idx, value, strerror(errno));
60 }
61 ret = errno == EOPNOTSUPP ? -2 : -1;
62 }
63
64 return ret;
65 }
66
67
68 /**
69 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP
70 * @priv: Pointer to private wext data from wpa_driver_wext_init()
71 * @bssid: Buffer for BSSID
72 * Returns: 0 on success, -1 on failure
73 */
74 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid)
75 {
76 struct wpa_driver_wext_data *drv = priv;
77 struct iwreq iwr;
78 int ret = 0;
79
80 os_memset(&iwr, 0, sizeof(iwr));
81 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
82
83 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
84 perror("ioctl[SIOCGIWAP]");
85 ret = -1;
86 }
87 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
88
89 return ret;
90 }
91
92
93 /**
94 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP
95 * @priv: Pointer to private wext data from wpa_driver_wext_init()
96 * @bssid: BSSID
97 * Returns: 0 on success, -1 on failure
98 */
99 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid)
100 {
101 struct wpa_driver_wext_data *drv = priv;
102 struct iwreq iwr;
103 int ret = 0;
104
105 os_memset(&iwr, 0, sizeof(iwr));
106 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
107 iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
108 if (bssid)
109 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
110 else
111 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
112
113 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
114 perror("ioctl[SIOCSIWAP]");
115 ret = -1;
116 }
117
118 return ret;
119 }
120
121
122 /**
123 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID
124 * @priv: Pointer to private wext data from wpa_driver_wext_init()
125 * @ssid: Buffer for the SSID; must be at least 32 bytes long
126 * Returns: SSID length on success, -1 on failure
127 */
128 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid)
129 {
130 struct wpa_driver_wext_data *drv = priv;
131 struct iwreq iwr;
132 int ret = 0;
133
134 os_memset(&iwr, 0, sizeof(iwr));
135 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
136 iwr.u.essid.pointer = (caddr_t) ssid;
137 iwr.u.essid.length = 32;
138
139 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
140 perror("ioctl[SIOCGIWESSID]");
141 ret = -1;
142 } else {
143 ret = iwr.u.essid.length;
144 if (ret > 32)
145 ret = 32;
146 /* Some drivers include nul termination in the SSID, so let's
147 * remove it here before further processing. WE-21 changes this
148 * to explicitly require the length _not_ to include nul
149 * termination. */
150 if (ret > 0 && ssid[ret - 1] == '\0' &&
151 drv->we_version_compiled < 21)
152 ret--;
153 }
154
155 return ret;
156 }
157
158
159 /**
160 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID
161 * @priv: Pointer to private wext data from wpa_driver_wext_init()
162 * @ssid: SSID
163 * @ssid_len: Length of SSID (0..32)
164 * Returns: 0 on success, -1 on failure
165 */
166 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
167 {
168 struct wpa_driver_wext_data *drv = priv;
169 struct iwreq iwr;
170 int ret = 0;
171 char buf[33];
172
173 if (ssid_len > 32)
174 return -1;
175
176 os_memset(&iwr, 0, sizeof(iwr));
177 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
178 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */
179 iwr.u.essid.flags = (ssid_len != 0);
180 os_memset(buf, 0, sizeof(buf));
181 os_memcpy(buf, ssid, ssid_len);
182 iwr.u.essid.pointer = (caddr_t) buf;
183 if (drv->we_version_compiled < 21) {
184 /* For historic reasons, set SSID length to include one extra
185 * character, C string nul termination, even though SSID is
186 * really an octet string that should not be presented as a C
187 * string. Some Linux drivers decrement the length by one and
188 * can thus end up missing the last octet of the SSID if the
189 * length is not incremented here. WE-21 changes this to
190 * explicitly require the length _not_ to include nul
191 * termination. */
192 if (ssid_len)
193 ssid_len++;
194 }
195 iwr.u.essid.length = ssid_len;
196
197 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
198 perror("ioctl[SIOCSIWESSID]");
199 ret = -1;
200 }
201
202 return ret;
203 }
204
205
206 /**
207 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ
208 * @priv: Pointer to private wext data from wpa_driver_wext_init()
209 * @freq: Frequency in MHz
210 * Returns: 0 on success, -1 on failure
211 */
212 int wpa_driver_wext_set_freq(void *priv, int freq)
213 {
214 struct wpa_driver_wext_data *drv = priv;
215 struct iwreq iwr;
216 int ret = 0;
217
218 os_memset(&iwr, 0, sizeof(iwr));
219 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
220 iwr.u.freq.m = freq * 100000;
221 iwr.u.freq.e = 1;
222
223 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
224 perror("ioctl[SIOCSIWFREQ]");
225 ret = -1;
226 }
227
228 return ret;
229 }
230
231
232 static void
233 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
234 {
235 union wpa_event_data data;
236
237 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
238 custom);
239
240 os_memset(&data, 0, sizeof(data));
241 /* Host AP driver */
242 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
243 data.michael_mic_failure.unicast =
244 os_strstr(custom, " unicast ") != NULL;
245 /* TODO: parse parameters(?) */
246 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
247 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
248 char *spos;
249 int bytes;
250 u8 *req_ies = NULL, *resp_ies = NULL;
251
252 spos = custom + 17;
253
254 bytes = strspn(spos, "0123456789abcdefABCDEF");
255 if (!bytes || (bytes & 1))
256 return;
257 bytes /= 2;
258
259 req_ies = os_malloc(bytes);
260 if (req_ies == NULL)
261 return;
262 hexstr2bin(spos, req_ies, bytes);
263 data.assoc_info.req_ies = req_ies;
264 data.assoc_info.req_ies_len = bytes;
265
266 spos += bytes * 2;
267
268 data.assoc_info.resp_ies = NULL;
269 data.assoc_info.resp_ies_len = 0;
270
271 if (os_strncmp(spos, " RespIEs=", 9) == 0) {
272 spos += 9;
273
274 bytes = strspn(spos, "0123456789abcdefABCDEF");
275 if (!bytes || (bytes & 1))
276 goto done;
277 bytes /= 2;
278
279 resp_ies = os_malloc(bytes);
280 if (resp_ies == NULL)
281 goto done;
282 hexstr2bin(spos, resp_ies, bytes);
283 data.assoc_info.resp_ies = resp_ies;
284 data.assoc_info.resp_ies_len = bytes;
285 }
286
287 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
288
289 done:
290 os_free(resp_ies);
291 os_free(req_ies);
292 #ifdef CONFIG_PEERKEY
293 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
294 if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
295 wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
296 "STKSTART.request '%s'", custom + 17);
297 return;
298 }
299 wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
300 #endif /* CONFIG_PEERKEY */
301 }
302 }
303
304
305 static int wpa_driver_wext_event_wireless_michaelmicfailure(
306 void *ctx, const char *ev, size_t len)
307 {
308 const struct iw_michaelmicfailure *mic;
309 union wpa_event_data data;
310
311 if (len < sizeof(*mic))
312 return -1;
313
314 mic = (const struct iw_michaelmicfailure *) ev;
315
316 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
317 "flags=0x%x src_addr=" MACSTR, mic->flags,
318 MAC2STR(mic->src_addr.sa_data));
319
320 os_memset(&data, 0, sizeof(data));
321 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
322 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
323
324 return 0;
325 }
326
327
328 static int wpa_driver_wext_event_wireless_pmkidcand(
329 struct wpa_driver_wext_data *drv, const char *ev, size_t len)
330 {
331 const struct iw_pmkid_cand *cand;
332 union wpa_event_data data;
333 const u8 *addr;
334
335 if (len < sizeof(*cand))
336 return -1;
337
338 cand = (const struct iw_pmkid_cand *) ev;
339 addr = (const u8 *) cand->bssid.sa_data;
340
341 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
342 "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
343 cand->index, MAC2STR(addr));
344
345 os_memset(&data, 0, sizeof(data));
346 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
347 data.pmkid_candidate.index = cand->index;
348 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
349 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
350
351 return 0;
352 }
353
354
355 static int wpa_driver_wext_event_wireless_assocreqie(
356 struct wpa_driver_wext_data *drv, const char *ev, int len)
357 {
358 if (len < 0)
359 return -1;
360
361 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
362 len);
363 os_free(drv->assoc_req_ies);
364 drv->assoc_req_ies = os_malloc(len);
365 if (drv->assoc_req_ies == NULL) {
366 drv->assoc_req_ies_len = 0;
367 return -1;
368 }
369 os_memcpy(drv->assoc_req_ies, ev, len);
370 drv->assoc_req_ies_len = len;
371
372 return 0;
373 }
374
375
376 static int wpa_driver_wext_event_wireless_assocrespie(
377 struct wpa_driver_wext_data *drv, const char *ev, int len)
378 {
379 if (len < 0)
380 return -1;
381
382 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
383 len);
384 os_free(drv->assoc_resp_ies);
385 drv->assoc_resp_ies = os_malloc(len);
386 if (drv->assoc_resp_ies == NULL) {
387 drv->assoc_resp_ies_len = 0;
388 return -1;
389 }
390 os_memcpy(drv->assoc_resp_ies, ev, len);
391 drv->assoc_resp_ies_len = len;
392
393 return 0;
394 }
395
396
397 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv)
398 {
399 union wpa_event_data data;
400
401 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
402 return;
403
404 os_memset(&data, 0, sizeof(data));
405 if (drv->assoc_req_ies) {
406 data.assoc_info.req_ies = drv->assoc_req_ies;
407 data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
408 }
409 if (drv->assoc_resp_ies) {
410 data.assoc_info.resp_ies = drv->assoc_resp_ies;
411 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
412 }
413
414 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
415
416 os_free(drv->assoc_req_ies);
417 drv->assoc_req_ies = NULL;
418 os_free(drv->assoc_resp_ies);
419 drv->assoc_resp_ies = NULL;
420 }
421
422
423 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
424 char *data, int len)
425 {
426 struct iw_event iwe_buf, *iwe = &iwe_buf;
427 char *pos, *end, *custom, *buf;
428
429 pos = data;
430 end = data + len;
431
432 while (pos + IW_EV_LCP_LEN <= end) {
433 /* Event data may be unaligned, so make a local, aligned copy
434 * before processing. */
435 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
436 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
437 iwe->cmd, iwe->len);
438 if (iwe->len <= IW_EV_LCP_LEN)
439 return;
440
441 custom = pos + IW_EV_POINT_LEN;
442 if (drv->we_version_compiled > 18 &&
443 (iwe->cmd == IWEVMICHAELMICFAILURE ||
444 iwe->cmd == IWEVCUSTOM ||
445 iwe->cmd == IWEVASSOCREQIE ||
446 iwe->cmd == IWEVASSOCRESPIE ||
447 iwe->cmd == IWEVPMKIDCAND)) {
448 /* WE-19 removed the pointer from struct iw_point */
449 char *dpos = (char *) &iwe_buf.u.data.length;
450 int dlen = dpos - (char *) &iwe_buf;
451 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
452 sizeof(struct iw_event) - dlen);
453 } else {
454 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
455 custom += IW_EV_POINT_OFF;
456 }
457
458 switch (iwe->cmd) {
459 case SIOCGIWAP:
460 wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
461 MACSTR,
462 MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
463 if (is_zero_ether_addr(
464 (const u8 *) iwe->u.ap_addr.sa_data) ||
465 os_memcmp(iwe->u.ap_addr.sa_data,
466 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
467 0) {
468 os_free(drv->assoc_req_ies);
469 drv->assoc_req_ies = NULL;
470 os_free(drv->assoc_resp_ies);
471 drv->assoc_resp_ies = NULL;
472 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC,
473 NULL);
474
475 } else {
476 wpa_driver_wext_event_assoc_ies(drv);
477 wpa_supplicant_event(drv->ctx, EVENT_ASSOC,
478 NULL);
479 }
480 break;
481 case IWEVMICHAELMICFAILURE:
482 if (custom + iwe->u.data.length > end) {
483 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
484 "IWEVMICHAELMICFAILURE length");
485 return;
486 }
487 wpa_driver_wext_event_wireless_michaelmicfailure(
488 drv->ctx, custom, iwe->u.data.length);
489 break;
490 case IWEVCUSTOM:
491 if (custom + iwe->u.data.length > end) {
492 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
493 "IWEVCUSTOM length");
494 return;
495 }
496 buf = os_malloc(iwe->u.data.length + 1);
497 if (buf == NULL)
498 return;
499 os_memcpy(buf, custom, iwe->u.data.length);
500 buf[iwe->u.data.length] = '\0';
501 wpa_driver_wext_event_wireless_custom(drv->ctx, buf);
502 os_free(buf);
503 break;
504 case SIOCGIWSCAN:
505 drv->scan_complete_events = 1;
506 eloop_cancel_timeout(wpa_driver_wext_scan_timeout,
507 drv, drv->ctx);
508 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS,
509 NULL);
510 break;
511 case IWEVASSOCREQIE:
512 if (custom + iwe->u.data.length > end) {
513 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
514 "IWEVASSOCREQIE length");
515 return;
516 }
517 wpa_driver_wext_event_wireless_assocreqie(
518 drv, custom, iwe->u.data.length);
519 break;
520 case IWEVASSOCRESPIE:
521 if (custom + iwe->u.data.length > end) {
522 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
523 "IWEVASSOCRESPIE length");
524 return;
525 }
526 wpa_driver_wext_event_wireless_assocrespie(
527 drv, custom, iwe->u.data.length);
528 break;
529 case IWEVPMKIDCAND:
530 if (custom + iwe->u.data.length > end) {
531 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
532 "IWEVPMKIDCAND length");
533 return;
534 }
535 wpa_driver_wext_event_wireless_pmkidcand(
536 drv, custom, iwe->u.data.length);
537 break;
538 }
539
540 pos += iwe->len;
541 }
542 }
543
544
545 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv,
546 char *buf, size_t len, int del)
547 {
548 union wpa_event_data event;
549
550 os_memset(&event, 0, sizeof(event));
551 if (len > sizeof(event.interface_status.ifname))
552 len = sizeof(event.interface_status.ifname) - 1;
553 os_memcpy(event.interface_status.ifname, buf, len);
554 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
555 EVENT_INTERFACE_ADDED;
556
557 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
558 del ? "DEL" : "NEW",
559 event.interface_status.ifname,
560 del ? "removed" : "added");
561
562 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
563 if (del)
564 drv->if_removed = 1;
565 else
566 drv->if_removed = 0;
567 }
568
569 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
570 }
571
572
573 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv,
574 u8 *buf, size_t len)
575 {
576 int attrlen, rta_len;
577 struct rtattr *attr;
578
579 attrlen = len;
580 attr = (struct rtattr *) buf;
581
582 rta_len = RTA_ALIGN(sizeof(struct rtattr));
583 while (RTA_OK(attr, attrlen)) {
584 if (attr->rta_type == IFLA_IFNAME) {
585 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
586 == 0)
587 return 1;
588 else
589 break;
590 }
591 attr = RTA_NEXT(attr, attrlen);
592 }
593
594 return 0;
595 }
596
597
598 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv,
599 int ifindex, u8 *buf, size_t len)
600 {
601 if (drv->ifindex == ifindex || drv->ifindex2 == ifindex)
602 return 1;
603
604 if (drv->if_removed && wpa_driver_wext_own_ifname(drv, buf, len)) {
605 drv->ifindex = if_nametoindex(drv->ifname);
606 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed "
607 "interface");
608 wpa_driver_wext_finish_drv_init(drv);
609 return 1;
610 }
611
612 return 0;
613 }
614
615
616 static void wpa_driver_wext_event_rtm_newlink(void *ctx, struct ifinfomsg *ifi,
617 u8 *buf, size_t len)
618 {
619 struct wpa_driver_wext_data *drv = ctx;
620 int attrlen, rta_len;
621 struct rtattr *attr;
622
623 if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, buf, len)) {
624 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
625 ifi->ifi_index);
626 return;
627 }
628
629 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
630 "(%s%s%s%s)",
631 drv->operstate, ifi->ifi_flags,
632 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
633 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
634 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
635 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
636 /*
637 * Some drivers send the association event before the operup event--in
638 * this case, lifting operstate in wpa_driver_wext_set_operstate()
639 * fails. This will hit us when wpa_supplicant does not need to do
640 * IEEE 802.1X authentication
641 */
642 if (drv->operstate == 1 &&
643 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
644 !(ifi->ifi_flags & IFF_RUNNING))
645 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
646 -1, IF_OPER_UP);
647
648 attrlen = len;
649 attr = (struct rtattr *) buf;
650
651 rta_len = RTA_ALIGN(sizeof(struct rtattr));
652 while (RTA_OK(attr, attrlen)) {
653 if (attr->rta_type == IFLA_WIRELESS) {
654 wpa_driver_wext_event_wireless(
655 drv, ((char *) attr) + rta_len,
656 attr->rta_len - rta_len);
657 } else if (attr->rta_type == IFLA_IFNAME) {
658 wpa_driver_wext_event_link(drv,
659 ((char *) attr) + rta_len,
660 attr->rta_len - rta_len, 0);
661 }
662 attr = RTA_NEXT(attr, attrlen);
663 }
664 }
665
666
667 static void wpa_driver_wext_event_rtm_dellink(void *ctx, struct ifinfomsg *ifi,
668 u8 *buf, size_t len)
669 {
670 struct wpa_driver_wext_data *drv = ctx;
671 int attrlen, rta_len;
672 struct rtattr *attr;
673
674 attrlen = len;
675 attr = (struct rtattr *) buf;
676
677 rta_len = RTA_ALIGN(sizeof(struct rtattr));
678 while (RTA_OK(attr, attrlen)) {
679 if (attr->rta_type == IFLA_IFNAME) {
680 wpa_driver_wext_event_link(drv,
681 ((char *) attr) + rta_len,
682 attr->rta_len - rta_len, 1);
683 }
684 attr = RTA_NEXT(attr, attrlen);
685 }
686 }
687
688
689 /**
690 * wpa_driver_wext_init - Initialize WE driver interface
691 * @ctx: context to be used when calling wpa_supplicant functions,
692 * e.g., wpa_supplicant_event()
693 * @ifname: interface name, e.g., wlan0
694 * Returns: Pointer to private data, %NULL on failure
695 */
696 void * wpa_driver_wext_init(void *ctx, const char *ifname)
697 {
698 struct wpa_driver_wext_data *drv;
699 struct netlink_config *cfg;
700
701 drv = os_zalloc(sizeof(*drv));
702 if (drv == NULL)
703 return NULL;
704 drv->ctx = ctx;
705 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
706
707 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
708 if (drv->ioctl_sock < 0) {
709 perror("socket(PF_INET,SOCK_DGRAM)");
710 goto err1;
711 }
712
713 cfg = os_zalloc(sizeof(*cfg));
714 if (cfg == NULL)
715 goto err1;
716 cfg->ctx = drv;
717 cfg->newlink_cb = wpa_driver_wext_event_rtm_newlink;
718 cfg->dellink_cb = wpa_driver_wext_event_rtm_dellink;
719 drv->netlink = netlink_init(cfg);
720 if (drv->netlink == NULL) {
721 os_free(cfg);
722 goto err2;
723 }
724
725 drv->mlme_sock = -1;
726
727 if (wpa_driver_wext_finish_drv_init(drv) < 0)
728 goto err3;
729
730 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 1);
731
732 return drv;
733
734 err3:
735 netlink_deinit(drv->netlink);
736 err2:
737 close(drv->ioctl_sock);
738 err1:
739 os_free(drv);
740 return NULL;
741 }
742
743
744 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv)
745 {
746 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1) < 0)
747 return -1;
748
749 /*
750 * Make sure that the driver does not have any obsolete PMKID entries.
751 */
752 wpa_driver_wext_flush_pmkid(drv);
753
754 if (wpa_driver_wext_set_mode(drv, 0) < 0) {
755 wpa_printf(MSG_DEBUG, "Could not configure driver to use "
756 "managed mode");
757 /* Try to use it anyway */
758 }
759
760 wpa_driver_wext_get_range(drv);
761
762 /*
763 * Unlock the driver's BSSID and force to a random SSID to clear any
764 * previous association the driver might have when the supplicant
765 * starts up.
766 */
767 wpa_driver_wext_disconnect(drv);
768
769 drv->ifindex = if_nametoindex(drv->ifname);
770
771 if (os_strncmp(drv->ifname, "wlan", 4) == 0) {
772 /*
773 * Host AP driver may use both wlan# and wifi# interface in
774 * wireless events. Since some of the versions included WE-18
775 * support, let's add the alternative ifindex also from
776 * driver_wext.c for the time being. This may be removed at
777 * some point once it is believed that old versions of the
778 * driver are not in use anymore.
779 */
780 char ifname2[IFNAMSIZ + 1];
781 os_strlcpy(ifname2, drv->ifname, sizeof(ifname2));
782 os_memcpy(ifname2, "wifi", 4);
783 wpa_driver_wext_alternative_ifindex(drv, ifname2);
784 }
785
786 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
787 1, IF_OPER_DORMANT);
788
789 return 0;
790 }
791
792
793 /**
794 * wpa_driver_wext_deinit - Deinitialize WE driver interface
795 * @priv: Pointer to private wext data from wpa_driver_wext_init()
796 *
797 * Shut down driver interface and processing of driver events. Free
798 * private data buffer if one was allocated in wpa_driver_wext_init().
799 */
800 void wpa_driver_wext_deinit(void *priv)
801 {
802 struct wpa_driver_wext_data *drv = priv;
803
804 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 0);
805
806 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
807
808 /*
809 * Clear possibly configured driver parameters in order to make it
810 * easier to use the driver after wpa_supplicant has been terminated.
811 */
812 wpa_driver_wext_disconnect(drv);
813
814 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP);
815 netlink_deinit(drv->netlink);
816
817 if (drv->mlme_sock >= 0)
818 eloop_unregister_read_sock(drv->mlme_sock);
819
820 (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0);
821
822 close(drv->ioctl_sock);
823 if (drv->mlme_sock >= 0)
824 close(drv->mlme_sock);
825 os_free(drv->assoc_req_ies);
826 os_free(drv->assoc_resp_ies);
827 os_free(drv);
828 }
829
830
831 /**
832 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion
833 * @eloop_ctx: Unused
834 * @timeout_ctx: ctx argument given to wpa_driver_wext_init()
835 *
836 * This function can be used as registered timeout when starting a scan to
837 * generate a scan completed event if the driver does not report this.
838 */
839 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx)
840 {
841 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
842 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
843 }
844
845
846 /**
847 * wpa_driver_wext_scan - Request the driver to initiate scan
848 * @priv: Pointer to private wext data from wpa_driver_wext_init()
849 * @param: Scan parameters (specific SSID to scan for (ProbeReq), etc.)
850 * Returns: 0 on success, -1 on failure
851 */
852 int wpa_driver_wext_scan(void *priv, struct wpa_driver_scan_params *params)
853 {
854 struct wpa_driver_wext_data *drv = priv;
855 struct iwreq iwr;
856 int ret = 0, timeout;
857 struct iw_scan_req req;
858 const u8 *ssid = params->ssids[0].ssid;
859 size_t ssid_len = params->ssids[0].ssid_len;
860
861 if (ssid_len > IW_ESSID_MAX_SIZE) {
862 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
863 __FUNCTION__, (unsigned long) ssid_len);
864 return -1;
865 }
866
867 os_memset(&iwr, 0, sizeof(iwr));
868 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
869
870 if (ssid && ssid_len) {
871 os_memset(&req, 0, sizeof(req));
872 req.essid_len = ssid_len;
873 req.bssid.sa_family = ARPHRD_ETHER;
874 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
875 os_memcpy(req.essid, ssid, ssid_len);
876 iwr.u.data.pointer = (caddr_t) &req;
877 iwr.u.data.length = sizeof(req);
878 iwr.u.data.flags = IW_SCAN_THIS_ESSID;
879 }
880
881 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
882 perror("ioctl[SIOCSIWSCAN]");
883 ret = -1;
884 }
885
886 /* Not all drivers generate "scan completed" wireless event, so try to
887 * read results after a timeout. */
888 timeout = 5;
889 if (drv->scan_complete_events) {
890 /*
891 * The driver seems to deliver SIOCGIWSCAN events to notify
892 * when scan is complete, so use longer timeout to avoid race
893 * conditions with scanning and following association request.
894 */
895 timeout = 30;
896 }
897 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
898 "seconds", ret, timeout);
899 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
900 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv,
901 drv->ctx);
902
903 return ret;
904 }
905
906
907 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv,
908 size_t *len)
909 {
910 struct iwreq iwr;
911 u8 *res_buf;
912 size_t res_buf_len;
913
914 res_buf_len = IW_SCAN_MAX_DATA;
915 for (;;) {
916 res_buf = os_malloc(res_buf_len);
917 if (res_buf == NULL)
918 return NULL;
919 os_memset(&iwr, 0, sizeof(iwr));
920 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
921 iwr.u.data.pointer = res_buf;
922 iwr.u.data.length = res_buf_len;
923
924 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
925 break;
926
927 if (errno == E2BIG && res_buf_len < 65535) {
928 os_free(res_buf);
929 res_buf = NULL;
930 res_buf_len *= 2;
931 if (res_buf_len > 65535)
932 res_buf_len = 65535; /* 16-bit length field */
933 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
934 "trying larger buffer (%lu bytes)",
935 (unsigned long) res_buf_len);
936 } else {
937 perror("ioctl[SIOCGIWSCAN]");
938 os_free(res_buf);
939 return NULL;
940 }
941 }
942
943 if (iwr.u.data.length > res_buf_len) {
944 os_free(res_buf);
945 return NULL;
946 }
947 *len = iwr.u.data.length;
948
949 return res_buf;
950 }
951
952
953 /*
954 * Data structure for collecting WEXT scan results. This is needed to allow
955 * the various methods of reporting IEs to be combined into a single IE buffer.
956 */
957 struct wext_scan_data {
958 struct wpa_scan_res res;
959 u8 *ie;
960 size_t ie_len;
961 u8 ssid[32];
962 size_t ssid_len;
963 int maxrate;
964 };
965
966
967 static void wext_get_scan_mode(struct iw_event *iwe,
968 struct wext_scan_data *res)
969 {
970 if (iwe->u.mode == IW_MODE_ADHOC)
971 res->res.caps |= IEEE80211_CAP_IBSS;
972 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA)
973 res->res.caps |= IEEE80211_CAP_ESS;
974 }
975
976
977 static void wext_get_scan_ssid(struct iw_event *iwe,
978 struct wext_scan_data *res, char *custom,
979 char *end)
980 {
981 int ssid_len = iwe->u.essid.length;
982 if (custom + ssid_len > end)
983 return;
984 if (iwe->u.essid.flags &&
985 ssid_len > 0 &&
986 ssid_len <= IW_ESSID_MAX_SIZE) {
987 os_memcpy(res->ssid, custom, ssid_len);
988 res->ssid_len = ssid_len;
989 }
990 }
991
992
993 static void wext_get_scan_freq(struct iw_event *iwe,
994 struct wext_scan_data *res)
995 {
996 int divi = 1000000, i;
997
998 if (iwe->u.freq.e == 0) {
999 /*
1000 * Some drivers do not report frequency, but a channel.
1001 * Try to map this to frequency by assuming they are using
1002 * IEEE 802.11b/g. But don't overwrite a previously parsed
1003 * frequency if the driver sends both frequency and channel,
1004 * since the driver may be sending an A-band channel that we
1005 * don't handle here.
1006 */
1007
1008 if (res->res.freq)
1009 return;
1010
1011 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
1012 res->res.freq = 2407 + 5 * iwe->u.freq.m;
1013 return;
1014 } else if (iwe->u.freq.m == 14) {
1015 res->res.freq = 2484;
1016 return;
1017 }
1018 }
1019
1020 if (iwe->u.freq.e > 6) {
1021 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID="
1022 MACSTR " m=%d e=%d)",
1023 MAC2STR(res->res.bssid), iwe->u.freq.m,
1024 iwe->u.freq.e);
1025 return;
1026 }
1027
1028 for (i = 0; i < iwe->u.freq.e; i++)
1029 divi /= 10;
1030 res->res.freq = iwe->u.freq.m / divi;
1031 }
1032
1033
1034 static void wext_get_scan_qual(struct iw_event *iwe,
1035 struct wext_scan_data *res)
1036 {
1037 res->res.qual = iwe->u.qual.qual;
1038 res->res.noise = iwe->u.qual.noise;
1039 res->res.level = iwe->u.qual.level;
1040 if (iwe->u.qual.updated & IW_QUAL_QUAL_INVALID)
1041 res->res.flags |= WPA_SCAN_QUAL_INVALID;
1042 if (iwe->u.qual.updated & IW_QUAL_LEVEL_INVALID)
1043 res->res.flags |= WPA_SCAN_LEVEL_INVALID;
1044 if (iwe->u.qual.updated & IW_QUAL_NOISE_INVALID)
1045 res->res.flags |= WPA_SCAN_NOISE_INVALID;
1046 if (iwe->u.qual.updated & IW_QUAL_DBM)
1047 res->res.flags |= WPA_SCAN_LEVEL_DBM;
1048 }
1049
1050
1051 static void wext_get_scan_encode(struct iw_event *iwe,
1052 struct wext_scan_data *res)
1053 {
1054 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED))
1055 res->res.caps |= IEEE80211_CAP_PRIVACY;
1056 }
1057
1058
1059 static void wext_get_scan_rate(struct iw_event *iwe,
1060 struct wext_scan_data *res, char *pos,
1061 char *end)
1062 {
1063 int maxrate;
1064 char *custom = pos + IW_EV_LCP_LEN;
1065 struct iw_param p;
1066 size_t clen;
1067
1068 clen = iwe->len;
1069 if (custom + clen > end)
1070 return;
1071 maxrate = 0;
1072 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
1073 /* Note: may be misaligned, make a local, aligned copy */
1074 os_memcpy(&p, custom, sizeof(struct iw_param));
1075 if (p.value > maxrate)
1076 maxrate = p.value;
1077 clen -= sizeof(struct iw_param);
1078 custom += sizeof(struct iw_param);
1079 }
1080
1081 /* Convert the maxrate from WE-style (b/s units) to
1082 * 802.11 rates (500000 b/s units).
1083 */
1084 res->maxrate = maxrate / 500000;
1085 }
1086
1087
1088 static void wext_get_scan_iwevgenie(struct iw_event *iwe,
1089 struct wext_scan_data *res, char *custom,
1090 char *end)
1091 {
1092 char *genie, *gpos, *gend;
1093 u8 *tmp;
1094
1095 if (iwe->u.data.length == 0)
1096 return;
1097
1098 gpos = genie = custom;
1099 gend = genie + iwe->u.data.length;
1100 if (gend > end) {
1101 wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1102 return;
1103 }
1104
1105 tmp = os_realloc(res->ie, res->ie_len + gend - gpos);
1106 if (tmp == NULL)
1107 return;
1108 os_memcpy(tmp + res->ie_len, gpos, gend - gpos);
1109 res->ie = tmp;
1110 res->ie_len += gend - gpos;
1111 }
1112
1113
1114 static void wext_get_scan_custom(struct iw_event *iwe,
1115 struct wext_scan_data *res, char *custom,
1116 char *end)
1117 {
1118 size_t clen;
1119 u8 *tmp;
1120
1121 clen = iwe->u.data.length;
1122 if (custom + clen > end)
1123 return;
1124
1125 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
1126 char *spos;
1127 int bytes;
1128 spos = custom + 7;
1129 bytes = custom + clen - spos;
1130 if (bytes & 1 || bytes == 0)
1131 return;
1132 bytes /= 2;
1133 tmp = os_realloc(res->ie, res->ie_len + bytes);
1134 if (tmp == NULL)
1135 return;
1136 hexstr2bin(spos, tmp + res->ie_len, bytes);
1137 res->ie = tmp;
1138 res->ie_len += bytes;
1139 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) {
1140 char *spos;
1141 int bytes;
1142 spos = custom + 7;
1143 bytes = custom + clen - spos;
1144 if (bytes & 1 || bytes == 0)
1145 return;
1146 bytes /= 2;
1147 tmp = os_realloc(res->ie, res->ie_len + bytes);
1148 if (tmp == NULL)
1149 return;
1150 hexstr2bin(spos, tmp + res->ie_len, bytes);
1151 res->ie = tmp;
1152 res->ie_len += bytes;
1153 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) {
1154 char *spos;
1155 int bytes;
1156 u8 bin[8];
1157 spos = custom + 4;
1158 bytes = custom + clen - spos;
1159 if (bytes != 16) {
1160 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
1161 return;
1162 }
1163 bytes /= 2;
1164 hexstr2bin(spos, bin, bytes);
1165 res->res.tsf += WPA_GET_BE64(bin);
1166 }
1167 }
1168
1169
1170 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd)
1171 {
1172 return drv->we_version_compiled > 18 &&
1173 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE ||
1174 cmd == IWEVGENIE || cmd == IWEVCUSTOM);
1175 }
1176
1177
1178 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res,
1179 struct wext_scan_data *data)
1180 {
1181 struct wpa_scan_res **tmp;
1182 struct wpa_scan_res *r;
1183 size_t extra_len;
1184 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL;
1185
1186 /* Figure out whether we need to fake any IEs */
1187 pos = data->ie;
1188 end = pos + data->ie_len;
1189 while (pos && pos + 1 < end) {
1190 if (pos + 2 + pos[1] > end)
1191 break;
1192 if (pos[0] == WLAN_EID_SSID)
1193 ssid_ie = pos;
1194 else if (pos[0] == WLAN_EID_SUPP_RATES)
1195 rate_ie = pos;
1196 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES)
1197 rate_ie = pos;
1198 pos += 2 + pos[1];
1199 }
1200
1201 extra_len = 0;
1202 if (ssid_ie == NULL)
1203 extra_len += 2 + data->ssid_len;
1204 if (rate_ie == NULL && data->maxrate)
1205 extra_len += 3;
1206
1207 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len);
1208 if (r == NULL)
1209 return;
1210 os_memcpy(r, &data->res, sizeof(*r));
1211 r->ie_len = extra_len + data->ie_len;
1212 pos = (u8 *) (r + 1);
1213 if (ssid_ie == NULL) {
1214 /*
1215 * Generate a fake SSID IE since the driver did not report
1216 * a full IE list.
1217 */
1218 *pos++ = WLAN_EID_SSID;
1219 *pos++ = data->ssid_len;
1220 os_memcpy(pos, data->ssid, data->ssid_len);
1221 pos += data->ssid_len;
1222 }
1223 if (rate_ie == NULL && data->maxrate) {
1224 /*
1225 * Generate a fake Supported Rates IE since the driver did not
1226 * report a full IE list.
1227 */
1228 *pos++ = WLAN_EID_SUPP_RATES;
1229 *pos++ = 1;
1230 *pos++ = data->maxrate;
1231 }
1232 if (data->ie)
1233 os_memcpy(pos, data->ie, data->ie_len);
1234
1235 tmp = os_realloc(res->res,
1236 (res->num + 1) * sizeof(struct wpa_scan_res *));
1237 if (tmp == NULL) {
1238 os_free(r);
1239 return;
1240 }
1241 tmp[res->num++] = r;
1242 res->res = tmp;
1243 }
1244
1245
1246 /**
1247 * wpa_driver_wext_get_scan_results - Fetch the latest scan results
1248 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1249 * Returns: Scan results on success, -1 on failure
1250 */
1251 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv)
1252 {
1253 struct wpa_driver_wext_data *drv = priv;
1254 size_t ap_num = 0, len;
1255 int first;
1256 u8 *res_buf;
1257 struct iw_event iwe_buf, *iwe = &iwe_buf;
1258 char *pos, *end, *custom;
1259 struct wpa_scan_results *res;
1260 struct wext_scan_data data;
1261
1262 res_buf = wpa_driver_wext_giwscan(drv, &len);
1263 if (res_buf == NULL)
1264 return NULL;
1265
1266 ap_num = 0;
1267 first = 1;
1268
1269 res = os_zalloc(sizeof(*res));
1270 if (res == NULL) {
1271 os_free(res_buf);
1272 return NULL;
1273 }
1274
1275 pos = (char *) res_buf;
1276 end = (char *) res_buf + len;
1277 os_memset(&data, 0, sizeof(data));
1278
1279 while (pos + IW_EV_LCP_LEN <= end) {
1280 /* Event data may be unaligned, so make a local, aligned copy
1281 * before processing. */
1282 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1283 if (iwe->len <= IW_EV_LCP_LEN)
1284 break;
1285
1286 custom = pos + IW_EV_POINT_LEN;
1287 if (wext_19_iw_point(drv, iwe->cmd)) {
1288 /* WE-19 removed the pointer from struct iw_point */
1289 char *dpos = (char *) &iwe_buf.u.data.length;
1290 int dlen = dpos - (char *) &iwe_buf;
1291 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1292 sizeof(struct iw_event) - dlen);
1293 } else {
1294 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1295 custom += IW_EV_POINT_OFF;
1296 }
1297
1298 switch (iwe->cmd) {
1299 case SIOCGIWAP:
1300 if (!first)
1301 wpa_driver_wext_add_scan_entry(res, &data);
1302 first = 0;
1303 os_free(data.ie);
1304 os_memset(&data, 0, sizeof(data));
1305 os_memcpy(data.res.bssid,
1306 iwe->u.ap_addr.sa_data, ETH_ALEN);
1307 break;
1308 case SIOCGIWMODE:
1309 wext_get_scan_mode(iwe, &data);
1310 break;
1311 case SIOCGIWESSID:
1312 wext_get_scan_ssid(iwe, &data, custom, end);
1313 break;
1314 case SIOCGIWFREQ:
1315 wext_get_scan_freq(iwe, &data);
1316 break;
1317 case IWEVQUAL:
1318 wext_get_scan_qual(iwe, &data);
1319 break;
1320 case SIOCGIWENCODE:
1321 wext_get_scan_encode(iwe, &data);
1322 break;
1323 case SIOCGIWRATE:
1324 wext_get_scan_rate(iwe, &data, pos, end);
1325 break;
1326 case IWEVGENIE:
1327 wext_get_scan_iwevgenie(iwe, &data, custom, end);
1328 break;
1329 case IWEVCUSTOM:
1330 wext_get_scan_custom(iwe, &data, custom, end);
1331 break;
1332 }
1333
1334 pos += iwe->len;
1335 }
1336 os_free(res_buf);
1337 res_buf = NULL;
1338 if (!first)
1339 wpa_driver_wext_add_scan_entry(res, &data);
1340 os_free(data.ie);
1341
1342 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1343 (unsigned long) len, (unsigned long) res->num);
1344
1345 return res;
1346 }
1347
1348
1349 static int wpa_driver_wext_get_range(void *priv)
1350 {
1351 struct wpa_driver_wext_data *drv = priv;
1352 struct iw_range *range;
1353 struct iwreq iwr;
1354 int minlen;
1355 size_t buflen;
1356
1357 /*
1358 * Use larger buffer than struct iw_range in order to allow the
1359 * structure to grow in the future.
1360 */
1361 buflen = sizeof(struct iw_range) + 500;
1362 range = os_zalloc(buflen);
1363 if (range == NULL)
1364 return -1;
1365
1366 os_memset(&iwr, 0, sizeof(iwr));
1367 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1368 iwr.u.data.pointer = (caddr_t) range;
1369 iwr.u.data.length = buflen;
1370
1371 minlen = ((char *) &range->enc_capa) - (char *) range +
1372 sizeof(range->enc_capa);
1373
1374 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1375 perror("ioctl[SIOCGIWRANGE]");
1376 os_free(range);
1377 return -1;
1378 } else if (iwr.u.data.length >= minlen &&
1379 range->we_version_compiled >= 18) {
1380 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1381 "WE(source)=%d enc_capa=0x%x",
1382 range->we_version_compiled,
1383 range->we_version_source,
1384 range->enc_capa);
1385 drv->has_capability = 1;
1386 drv->we_version_compiled = range->we_version_compiled;
1387 if (range->enc_capa & IW_ENC_CAPA_WPA) {
1388 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1389 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1390 }
1391 if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1392 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1393 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1394 }
1395 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1396 WPA_DRIVER_CAPA_ENC_WEP104;
1397 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1398 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1399 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1400 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1401 if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE)
1402 drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
1403 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1404 WPA_DRIVER_AUTH_SHARED |
1405 WPA_DRIVER_AUTH_LEAP;
1406 drv->capa.max_scan_ssids = 1;
1407
1408 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x "
1409 "flags 0x%x",
1410 drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags);
1411 } else {
1412 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1413 "assuming WPA is not supported");
1414 }
1415
1416 os_free(range);
1417 return 0;
1418 }
1419
1420
1421 static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv,
1422 const u8 *psk)
1423 {
1424 struct iw_encode_ext *ext;
1425 struct iwreq iwr;
1426 int ret;
1427
1428 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1429
1430 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1431 return 0;
1432
1433 if (!psk)
1434 return 0;
1435
1436 os_memset(&iwr, 0, sizeof(iwr));
1437 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1438
1439 ext = os_zalloc(sizeof(*ext) + PMK_LEN);
1440 if (ext == NULL)
1441 return -1;
1442
1443 iwr.u.encoding.pointer = (caddr_t) ext;
1444 iwr.u.encoding.length = sizeof(*ext) + PMK_LEN;
1445 ext->key_len = PMK_LEN;
1446 os_memcpy(&ext->key, psk, ext->key_len);
1447 ext->alg = IW_ENCODE_ALG_PMK;
1448
1449 ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr);
1450 if (ret < 0)
1451 perror("ioctl[SIOCSIWENCODEEXT] PMK");
1452 os_free(ext);
1453
1454 return ret;
1455 }
1456
1457
1458 static int wpa_driver_wext_set_key_ext(void *priv, enum wpa_alg alg,
1459 const u8 *addr, int key_idx,
1460 int set_tx, const u8 *seq,
1461 size_t seq_len,
1462 const u8 *key, size_t key_len)
1463 {
1464 struct wpa_driver_wext_data *drv = priv;
1465 struct iwreq iwr;
1466 int ret = 0;
1467 struct iw_encode_ext *ext;
1468
1469 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) {
1470 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu",
1471 __FUNCTION__, (unsigned long) seq_len);
1472 return -1;
1473 }
1474
1475 ext = os_zalloc(sizeof(*ext) + key_len);
1476 if (ext == NULL)
1477 return -1;
1478 os_memset(&iwr, 0, sizeof(iwr));
1479 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1480 iwr.u.encoding.flags = key_idx + 1;
1481 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1482 if (alg == WPA_ALG_NONE)
1483 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1484 iwr.u.encoding.pointer = (caddr_t) ext;
1485 iwr.u.encoding.length = sizeof(*ext) + key_len;
1486
1487 if (addr == NULL ||
1488 os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0)
1489 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
1490 if (set_tx)
1491 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
1492
1493 ext->addr.sa_family = ARPHRD_ETHER;
1494 if (addr)
1495 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN);
1496 else
1497 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN);
1498 if (key && key_len) {
1499 os_memcpy(ext + 1, key, key_len);
1500 ext->key_len = key_len;
1501 }
1502 switch (alg) {
1503 case WPA_ALG_NONE:
1504 ext->alg = IW_ENCODE_ALG_NONE;
1505 break;
1506 case WPA_ALG_WEP:
1507 ext->alg = IW_ENCODE_ALG_WEP;
1508 break;
1509 case WPA_ALG_TKIP:
1510 ext->alg = IW_ENCODE_ALG_TKIP;
1511 break;
1512 case WPA_ALG_CCMP:
1513 ext->alg = IW_ENCODE_ALG_CCMP;
1514 break;
1515 case WPA_ALG_PMK:
1516 ext->alg = IW_ENCODE_ALG_PMK;
1517 break;
1518 #ifdef CONFIG_IEEE80211W
1519 case WPA_ALG_IGTK:
1520 ext->alg = IW_ENCODE_ALG_AES_CMAC;
1521 break;
1522 #endif /* CONFIG_IEEE80211W */
1523 default:
1524 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d",
1525 __FUNCTION__, alg);
1526 os_free(ext);
1527 return -1;
1528 }
1529
1530 if (seq && seq_len) {
1531 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID;
1532 os_memcpy(ext->rx_seq, seq, seq_len);
1533 }
1534
1535 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) {
1536 ret = errno == EOPNOTSUPP ? -2 : -1;
1537 if (errno == ENODEV) {
1538 /*
1539 * ndiswrapper seems to be returning incorrect error
1540 * code.. */
1541 ret = -2;
1542 }
1543
1544 perror("ioctl[SIOCSIWENCODEEXT]");
1545 }
1546
1547 os_free(ext);
1548 return ret;
1549 }
1550
1551
1552 /**
1553 * wpa_driver_wext_set_key - Configure encryption key
1554 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1555 * @priv: Private driver interface data
1556 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
1557 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key.
1558 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for
1559 * broadcast/default keys
1560 * @key_idx: key index (0..3), usually 0 for unicast keys
1561 * @set_tx: Configure this key as the default Tx key (only used when
1562 * driver does not support separate unicast/individual key
1563 * @seq: Sequence number/packet number, seq_len octets, the next
1564 * packet number to be used for in replay protection; configured
1565 * for Rx keys (in most cases, this is only used with broadcast
1566 * keys and set to zero for unicast keys)
1567 * @seq_len: Length of the seq, depends on the algorithm:
1568 * TKIP: 6 octets, CCMP: 6 octets
1569 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
1570 * 8-byte Rx Mic Key
1571 * @key_len: Length of the key buffer in octets (WEP: 5 or 13,
1572 * TKIP: 32, CCMP: 16)
1573 * Returns: 0 on success, -1 on failure
1574 *
1575 * This function uses SIOCSIWENCODEEXT by default, but tries to use
1576 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key.
1577 */
1578 int wpa_driver_wext_set_key(const char *ifname, void *priv, enum wpa_alg alg,
1579 const u8 *addr, int key_idx,
1580 int set_tx, const u8 *seq, size_t seq_len,
1581 const u8 *key, size_t key_len)
1582 {
1583 struct wpa_driver_wext_data *drv = priv;
1584 struct iwreq iwr;
1585 int ret = 0;
1586
1587 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu "
1588 "key_len=%lu",
1589 __FUNCTION__, alg, key_idx, set_tx,
1590 (unsigned long) seq_len, (unsigned long) key_len);
1591
1592 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx,
1593 seq, seq_len, key, key_len);
1594 if (ret == 0)
1595 return 0;
1596
1597 if (ret == -2 &&
1598 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) {
1599 wpa_printf(MSG_DEBUG, "Driver did not support "
1600 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE");
1601 ret = 0;
1602 } else {
1603 wpa_printf(MSG_DEBUG, "Driver did not support "
1604 "SIOCSIWENCODEEXT");
1605 return ret;
1606 }
1607
1608 os_memset(&iwr, 0, sizeof(iwr));
1609 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1610 iwr.u.encoding.flags = key_idx + 1;
1611 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1612 if (alg == WPA_ALG_NONE)
1613 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1614 iwr.u.encoding.pointer = (caddr_t) key;
1615 iwr.u.encoding.length = key_len;
1616
1617 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1618 perror("ioctl[SIOCSIWENCODE]");
1619 ret = -1;
1620 }
1621
1622 if (set_tx && alg != WPA_ALG_NONE) {
1623 os_memset(&iwr, 0, sizeof(iwr));
1624 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1625 iwr.u.encoding.flags = key_idx + 1;
1626 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1627 iwr.u.encoding.pointer = (caddr_t) NULL;
1628 iwr.u.encoding.length = 0;
1629 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1630 perror("ioctl[SIOCSIWENCODE] (set_tx)");
1631 ret = -1;
1632 }
1633 }
1634
1635 return ret;
1636 }
1637
1638
1639 static int wpa_driver_wext_set_countermeasures(void *priv,
1640 int enabled)
1641 {
1642 struct wpa_driver_wext_data *drv = priv;
1643 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1644 return wpa_driver_wext_set_auth_param(drv,
1645 IW_AUTH_TKIP_COUNTERMEASURES,
1646 enabled);
1647 }
1648
1649
1650 static int wpa_driver_wext_set_drop_unencrypted(void *priv,
1651 int enabled)
1652 {
1653 struct wpa_driver_wext_data *drv = priv;
1654 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1655 drv->use_crypt = enabled;
1656 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
1657 enabled);
1658 }
1659
1660
1661 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv,
1662 const u8 *addr, int cmd, int reason_code)
1663 {
1664 struct iwreq iwr;
1665 struct iw_mlme mlme;
1666 int ret = 0;
1667
1668 os_memset(&iwr, 0, sizeof(iwr));
1669 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1670 os_memset(&mlme, 0, sizeof(mlme));
1671 mlme.cmd = cmd;
1672 mlme.reason_code = reason_code;
1673 mlme.addr.sa_family = ARPHRD_ETHER;
1674 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
1675 iwr.u.data.pointer = (caddr_t) &mlme;
1676 iwr.u.data.length = sizeof(mlme);
1677
1678 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
1679 perror("ioctl[SIOCSIWMLME]");
1680 ret = -1;
1681 }
1682
1683 return ret;
1684 }
1685
1686
1687 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv)
1688 {
1689 struct iwreq iwr;
1690 const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
1691 u8 ssid[32];
1692 int i;
1693
1694 /*
1695 * Only force-disconnect when the card is in infrastructure mode,
1696 * otherwise the driver might interpret the cleared BSSID and random
1697 * SSID as an attempt to create a new ad-hoc network.
1698 */
1699 os_memset(&iwr, 0, sizeof(iwr));
1700 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1701 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
1702 perror("ioctl[SIOCGIWMODE]");
1703 iwr.u.mode = IW_MODE_INFRA;
1704 }
1705
1706 if (iwr.u.mode == IW_MODE_INFRA) {
1707 /*
1708 * Clear the BSSID selection and set a random SSID to make sure
1709 * the driver will not be trying to associate with something
1710 * even if it does not understand SIOCSIWMLME commands (or
1711 * tries to associate automatically after deauth/disassoc).
1712 */
1713 wpa_driver_wext_set_bssid(drv, null_bssid);
1714
1715 for (i = 0; i < 32; i++)
1716 ssid[i] = rand() & 0xFF;
1717 wpa_driver_wext_set_ssid(drv, ssid, 32);
1718 }
1719 }
1720
1721
1722 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr,
1723 int reason_code)
1724 {
1725 struct wpa_driver_wext_data *drv = priv;
1726 int ret;
1727 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1728 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
1729 wpa_driver_wext_disconnect(drv);
1730 return ret;
1731 }
1732
1733
1734 static int wpa_driver_wext_disassociate(void *priv, const u8 *addr,
1735 int reason_code)
1736 {
1737 struct wpa_driver_wext_data *drv = priv;
1738 int ret;
1739 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1740 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC, reason_code);
1741 wpa_driver_wext_disconnect(drv);
1742 return ret;
1743 }
1744
1745
1746 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
1747 size_t ie_len)
1748 {
1749 struct wpa_driver_wext_data *drv = priv;
1750 struct iwreq iwr;
1751 int ret = 0;
1752
1753 os_memset(&iwr, 0, sizeof(iwr));
1754 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1755 iwr.u.data.pointer = (caddr_t) ie;
1756 iwr.u.data.length = ie_len;
1757
1758 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
1759 perror("ioctl[SIOCSIWGENIE]");
1760 ret = -1;
1761 }
1762
1763 return ret;
1764 }
1765
1766
1767 int wpa_driver_wext_cipher2wext(int cipher)
1768 {
1769 switch (cipher) {
1770 case CIPHER_NONE:
1771 return IW_AUTH_CIPHER_NONE;
1772 case CIPHER_WEP40:
1773 return IW_AUTH_CIPHER_WEP40;
1774 case CIPHER_TKIP:
1775 return IW_AUTH_CIPHER_TKIP;
1776 case CIPHER_CCMP:
1777 return IW_AUTH_CIPHER_CCMP;
1778 case CIPHER_WEP104:
1779 return IW_AUTH_CIPHER_WEP104;
1780 default:
1781 return 0;
1782 }
1783 }
1784
1785
1786 int wpa_driver_wext_keymgmt2wext(int keymgmt)
1787 {
1788 switch (keymgmt) {
1789 case KEY_MGMT_802_1X:
1790 case KEY_MGMT_802_1X_NO_WPA:
1791 return IW_AUTH_KEY_MGMT_802_1X;
1792 case KEY_MGMT_PSK:
1793 return IW_AUTH_KEY_MGMT_PSK;
1794 default:
1795 return 0;
1796 }
1797 }
1798
1799
1800 static int
1801 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv,
1802 struct wpa_driver_associate_params *params)
1803 {
1804 struct iwreq iwr;
1805 int ret = 0;
1806
1807 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
1808 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
1809
1810 os_memset(&iwr, 0, sizeof(iwr));
1811 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1812 /* Just changing mode, not actual keys */
1813 iwr.u.encoding.flags = 0;
1814 iwr.u.encoding.pointer = (caddr_t) NULL;
1815 iwr.u.encoding.length = 0;
1816
1817 /*
1818 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
1819 * different things. Here they are used to indicate Open System vs.
1820 * Shared Key authentication algorithm. However, some drivers may use
1821 * them to select between open/restricted WEP encrypted (open = allow
1822 * both unencrypted and encrypted frames; restricted = only allow
1823 * encrypted frames).
1824 */
1825
1826 if (!drv->use_crypt) {
1827 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1828 } else {
1829 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
1830 iwr.u.encoding.flags |= IW_ENCODE_OPEN;
1831 if (params->auth_alg & WPA_AUTH_ALG_SHARED)
1832 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
1833 }
1834
1835 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1836 perror("ioctl[SIOCSIWENCODE]");
1837 ret = -1;
1838 }
1839
1840 return ret;
1841 }
1842
1843
1844 int wpa_driver_wext_associate(void *priv,
1845 struct wpa_driver_associate_params *params)
1846 {
1847 struct wpa_driver_wext_data *drv = priv;
1848 int ret = 0;
1849 int allow_unencrypted_eapol;
1850 int value;
1851
1852 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1853
1854 if (wpa_driver_wext_set_drop_unencrypted(drv, params->drop_unencrypted)
1855 < 0)
1856 ret = -1;
1857 if (wpa_driver_wext_set_auth_alg(drv, params->auth_alg) < 0)
1858 ret = -1;
1859 if (wpa_driver_wext_set_mode(drv, params->mode) < 0)
1860 ret = -1;
1861
1862 /*
1863 * If the driver did not support SIOCSIWAUTH, fallback to
1864 * SIOCSIWENCODE here.
1865 */
1866 if (drv->auth_alg_fallback &&
1867 wpa_driver_wext_auth_alg_fallback(drv, params) < 0)
1868 ret = -1;
1869
1870 if (!params->bssid &&
1871 wpa_driver_wext_set_bssid(drv, NULL) < 0)
1872 ret = -1;
1873
1874 /* TODO: should consider getting wpa version and cipher/key_mgmt suites
1875 * from configuration, not from here, where only the selected suite is
1876 * available */
1877 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
1878 < 0)
1879 ret = -1;
1880 if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
1881 value = IW_AUTH_WPA_VERSION_DISABLED;
1882 else if (params->wpa_ie[0] == WLAN_EID_RSN)
1883 value = IW_AUTH_WPA_VERSION_WPA2;
1884 else
1885 value = IW_AUTH_WPA_VERSION_WPA;
1886 if (wpa_driver_wext_set_auth_param(drv,
1887 IW_AUTH_WPA_VERSION, value) < 0)
1888 ret = -1;
1889 value = wpa_driver_wext_cipher2wext(params->pairwise_suite);
1890 if (wpa_driver_wext_set_auth_param(drv,
1891 IW_AUTH_CIPHER_PAIRWISE, value) < 0)
1892 ret = -1;
1893 value = wpa_driver_wext_cipher2wext(params->group_suite);
1894 if (wpa_driver_wext_set_auth_param(drv,
1895 IW_AUTH_CIPHER_GROUP, value) < 0)
1896 ret = -1;
1897 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite);
1898 if (wpa_driver_wext_set_auth_param(drv,
1899 IW_AUTH_KEY_MGMT, value) < 0)
1900 ret = -1;
1901 value = params->key_mgmt_suite != KEY_MGMT_NONE ||
1902 params->pairwise_suite != CIPHER_NONE ||
1903 params->group_suite != CIPHER_NONE ||
1904 params->wpa_ie_len;
1905 if (wpa_driver_wext_set_auth_param(drv,
1906 IW_AUTH_PRIVACY_INVOKED, value) < 0)
1907 ret = -1;
1908
1909 /* Allow unencrypted EAPOL messages even if pairwise keys are set when
1910 * not using WPA. IEEE 802.1X specifies that these frames are not
1911 * encrypted, but WPA encrypts them when pairwise keys are in use. */
1912 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
1913 params->key_mgmt_suite == KEY_MGMT_PSK)
1914 allow_unencrypted_eapol = 0;
1915 else
1916 allow_unencrypted_eapol = 1;
1917
1918 if (wpa_driver_wext_set_psk(drv, params->psk) < 0)
1919 ret = -1;
1920 if (wpa_driver_wext_set_auth_param(drv,
1921 IW_AUTH_RX_UNENCRYPTED_EAPOL,
1922 allow_unencrypted_eapol) < 0)
1923 ret = -1;
1924 #ifdef CONFIG_IEEE80211W
1925 switch (params->mgmt_frame_protection) {
1926 case NO_MGMT_FRAME_PROTECTION:
1927 value = IW_AUTH_MFP_DISABLED;
1928 break;
1929 case MGMT_FRAME_PROTECTION_OPTIONAL:
1930 value = IW_AUTH_MFP_OPTIONAL;
1931 break;
1932 case MGMT_FRAME_PROTECTION_REQUIRED:
1933 value = IW_AUTH_MFP_REQUIRED;
1934 break;
1935 };
1936 if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0)
1937 ret = -1;
1938 #endif /* CONFIG_IEEE80211W */
1939 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0)
1940 ret = -1;
1941 if (wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
1942 ret = -1;
1943 if (params->bssid &&
1944 wpa_driver_wext_set_bssid(drv, params->bssid) < 0)
1945 ret = -1;
1946
1947 return ret;
1948 }
1949
1950
1951 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
1952 {
1953 struct wpa_driver_wext_data *drv = priv;
1954 int algs = 0, res;
1955
1956 if (auth_alg & WPA_AUTH_ALG_OPEN)
1957 algs |= IW_AUTH_ALG_OPEN_SYSTEM;
1958 if (auth_alg & WPA_AUTH_ALG_SHARED)
1959 algs |= IW_AUTH_ALG_SHARED_KEY;
1960 if (auth_alg & WPA_AUTH_ALG_LEAP)
1961 algs |= IW_AUTH_ALG_LEAP;
1962 if (algs == 0) {
1963 /* at least one algorithm should be set */
1964 algs = IW_AUTH_ALG_OPEN_SYSTEM;
1965 }
1966
1967 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
1968 algs);
1969 drv->auth_alg_fallback = res == -2;
1970 return res;
1971 }
1972
1973
1974 /**
1975 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
1976 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1977 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
1978 * Returns: 0 on success, -1 on failure
1979 */
1980 int wpa_driver_wext_set_mode(void *priv, int mode)
1981 {
1982 struct wpa_driver_wext_data *drv = priv;
1983 struct iwreq iwr;
1984 int ret = -1;
1985 unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA;
1986
1987 os_memset(&iwr, 0, sizeof(iwr));
1988 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1989 iwr.u.mode = new_mode;
1990 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) {
1991 ret = 0;
1992 goto done;
1993 }
1994
1995 if (errno != EBUSY) {
1996 perror("ioctl[SIOCSIWMODE]");
1997 goto done;
1998 }
1999
2000 /* mac80211 doesn't allow mode changes while the device is up, so if
2001 * the device isn't in the mode we're about to change to, take device
2002 * down, try to set the mode again, and bring it back up.
2003 */
2004 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
2005 perror("ioctl[SIOCGIWMODE]");
2006 goto done;
2007 }
2008
2009 if (iwr.u.mode == new_mode) {
2010 ret = 0;
2011 goto done;
2012 }
2013
2014 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0) == 0) {
2015 /* Try to set the mode again while the interface is down */
2016 iwr.u.mode = new_mode;
2017 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0)
2018 perror("ioctl[SIOCSIWMODE]");
2019 else
2020 ret = 0;
2021
2022 (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1);
2023 }
2024
2025 done:
2026 return ret;
2027 }
2028
2029
2030 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv,
2031 u32 cmd, const u8 *bssid, const u8 *pmkid)
2032 {
2033 struct iwreq iwr;
2034 struct iw_pmksa pmksa;
2035 int ret = 0;
2036
2037 os_memset(&iwr, 0, sizeof(iwr));
2038 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2039 os_memset(&pmksa, 0, sizeof(pmksa));
2040 pmksa.cmd = cmd;
2041 pmksa.bssid.sa_family = ARPHRD_ETHER;
2042 if (bssid)
2043 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2044 if (pmkid)
2045 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2046 iwr.u.data.pointer = (caddr_t) &pmksa;
2047 iwr.u.data.length = sizeof(pmksa);
2048
2049 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2050 if (errno != EOPNOTSUPP)
2051 perror("ioctl[SIOCSIWPMKSA]");
2052 ret = -1;
2053 }
2054
2055 return ret;
2056 }
2057
2058
2059 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid,
2060 const u8 *pmkid)
2061 {
2062 struct wpa_driver_wext_data *drv = priv;
2063 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
2064 }
2065
2066
2067 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid,
2068 const u8 *pmkid)
2069 {
2070 struct wpa_driver_wext_data *drv = priv;
2071 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
2072 }
2073
2074
2075 static int wpa_driver_wext_flush_pmkid(void *priv)
2076 {
2077 struct wpa_driver_wext_data *drv = priv;
2078 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2079 }
2080
2081
2082 int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa)
2083 {
2084 struct wpa_driver_wext_data *drv = priv;
2085 if (!drv->has_capability)
2086 return -1;
2087 os_memcpy(capa, &drv->capa, sizeof(*capa));
2088 return 0;
2089 }
2090
2091
2092 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
2093 const char *ifname)
2094 {
2095 if (ifname == NULL) {
2096 drv->ifindex2 = -1;
2097 return 0;
2098 }
2099
2100 drv->ifindex2 = if_nametoindex(ifname);
2101 if (drv->ifindex2 <= 0)
2102 return -1;
2103
2104 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for "
2105 "wireless events", drv->ifindex2, ifname);
2106
2107 return 0;
2108 }
2109
2110
2111 int wpa_driver_wext_set_operstate(void *priv, int state)
2112 {
2113 struct wpa_driver_wext_data *drv = priv;
2114
2115 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2116 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2117 drv->operstate = state;
2118 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
2119 state ? IF_OPER_UP : IF_OPER_DORMANT);
2120 }
2121
2122
2123 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv)
2124 {
2125 return drv->we_version_compiled;
2126 }
2127
2128
2129 const struct wpa_driver_ops wpa_driver_wext_ops = {
2130 .name = "wext",
2131 .desc = "Linux wireless extensions (generic)",
2132 .get_bssid = wpa_driver_wext_get_bssid,
2133 .get_ssid = wpa_driver_wext_get_ssid,
2134 .set_key = wpa_driver_wext_set_key,
2135 .set_countermeasures = wpa_driver_wext_set_countermeasures,
2136 .scan2 = wpa_driver_wext_scan,
2137 .get_scan_results2 = wpa_driver_wext_get_scan_results,
2138 .deauthenticate = wpa_driver_wext_deauthenticate,
2139 .disassociate = wpa_driver_wext_disassociate,
2140 .associate = wpa_driver_wext_associate,
2141 .init = wpa_driver_wext_init,
2142 .deinit = wpa_driver_wext_deinit,
2143 .add_pmkid = wpa_driver_wext_add_pmkid,
2144 .remove_pmkid = wpa_driver_wext_remove_pmkid,
2145 .flush_pmkid = wpa_driver_wext_flush_pmkid,
2146 .get_capa = wpa_driver_wext_get_capa,
2147 .set_operstate = wpa_driver_wext_set_operstate,
2148 };