search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dbus: Share the same function for type to type-as-string conversion
[hostap-gosc2009.git] / src / drivers / driver_wext.c
blob5bc2efee01809587e7b14a938146009899e06021
1 /*
2 * WPA Supplicant - driver interaction with generic Linux Wireless Extensions
3 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 *
14 * This file implements a driver interface for the Linux Wireless Extensions.
15 * When used with WE-18 or newer, this interface can be used as-is with number
16 * of drivers. In addition to this, some of the common functions in this file
17 * can be used by other driver interface implementations that use generic WE
18 * ioctls, but require private ioctls for some of the functionality.
19 */
20
21 #include "includes.h"
22 #include <sys/ioctl.h>
23 #include <net/if_arp.h>
24
25 #include "wireless_copy.h"
26 #include "common.h"
27 #include "eloop.h"
28 #include "common/ieee802_11_defs.h"
29 #include "common/wpa_common.h"
30 #include "priv_netlink.h"
31 #include "netlink.h"
32 #include "driver.h"
33 #include "driver_wext.h"
34
35
36 static int wpa_driver_wext_flush_pmkid(void *priv);
37 static int wpa_driver_wext_get_range(void *priv);
38 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv);
39 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv);
40 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg);
41
42
43 int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv,
44 int idx, u32 value)
45 {
46 struct iwreq iwr;
47 int ret = 0;
48
49 os_memset(&iwr, 0, sizeof(iwr));
50 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
51 iwr.u.param.flags = idx & IW_AUTH_INDEX;
52 iwr.u.param.value = value;
53
54 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
55 if (errno != EOPNOTSUPP) {
56 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
57 "value 0x%x) failed: %s)",
58 idx, value, strerror(errno));
59 }
60 ret = errno == EOPNOTSUPP ? -2 : -1;
61 }
62
63 return ret;
64 }
65
66
67 /**
68 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP
69 * @priv: Pointer to private wext data from wpa_driver_wext_init()
70 * @bssid: Buffer for BSSID
71 * Returns: 0 on success, -1 on failure
72 */
73 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid)
74 {
75 struct wpa_driver_wext_data *drv = priv;
76 struct iwreq iwr;
77 int ret = 0;
78
79 os_memset(&iwr, 0, sizeof(iwr));
80 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
81
82 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
83 perror("ioctl[SIOCGIWAP]");
84 ret = -1;
85 }
86 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
87
88 return ret;
89 }
90
91
92 /**
93 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP
94 * @priv: Pointer to private wext data from wpa_driver_wext_init()
95 * @bssid: BSSID
96 * Returns: 0 on success, -1 on failure
97 */
98 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid)
99 {
100 struct wpa_driver_wext_data *drv = priv;
101 struct iwreq iwr;
102 int ret = 0;
103
104 os_memset(&iwr, 0, sizeof(iwr));
105 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
106 iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
107 if (bssid)
108 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
109 else
110 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
111
112 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
113 perror("ioctl[SIOCSIWAP]");
114 ret = -1;
115 }
116
117 return ret;
118 }
119
120
121 /**
122 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID
123 * @priv: Pointer to private wext data from wpa_driver_wext_init()
124 * @ssid: Buffer for the SSID; must be at least 32 bytes long
125 * Returns: SSID length on success, -1 on failure
126 */
127 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid)
128 {
129 struct wpa_driver_wext_data *drv = priv;
130 struct iwreq iwr;
131 int ret = 0;
132
133 os_memset(&iwr, 0, sizeof(iwr));
134 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
135 iwr.u.essid.pointer = (caddr_t) ssid;
136 iwr.u.essid.length = 32;
137
138 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
139 perror("ioctl[SIOCGIWESSID]");
140 ret = -1;
141 } else {
142 ret = iwr.u.essid.length;
143 if (ret > 32)
144 ret = 32;
145 /* Some drivers include nul termination in the SSID, so let's
146 * remove it here before further processing. WE-21 changes this
147 * to explicitly require the length _not_ to include nul
148 * termination. */
149 if (ret > 0 && ssid[ret - 1] == '\0' &&
150 drv->we_version_compiled < 21)
151 ret--;
152 }
153
154 return ret;
155 }
156
157
158 /**
159 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID
160 * @priv: Pointer to private wext data from wpa_driver_wext_init()
161 * @ssid: SSID
162 * @ssid_len: Length of SSID (0..32)
163 * Returns: 0 on success, -1 on failure
164 */
165 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
166 {
167 struct wpa_driver_wext_data *drv = priv;
168 struct iwreq iwr;
169 int ret = 0;
170 char buf[33];
171
172 if (ssid_len > 32)
173 return -1;
174
175 os_memset(&iwr, 0, sizeof(iwr));
176 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
177 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */
178 iwr.u.essid.flags = (ssid_len != 0);
179 os_memset(buf, 0, sizeof(buf));
180 os_memcpy(buf, ssid, ssid_len);
181 iwr.u.essid.pointer = (caddr_t) buf;
182 if (drv->we_version_compiled < 21) {
183 /* For historic reasons, set SSID length to include one extra
184 * character, C string nul termination, even though SSID is
185 * really an octet string that should not be presented as a C
186 * string. Some Linux drivers decrement the length by one and
187 * can thus end up missing the last octet of the SSID if the
188 * length is not incremented here. WE-21 changes this to
189 * explicitly require the length _not_ to include nul
190 * termination. */
191 if (ssid_len)
192 ssid_len++;
193 }
194 iwr.u.essid.length = ssid_len;
195
196 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
197 perror("ioctl[SIOCSIWESSID]");
198 ret = -1;
199 }
200
201 return ret;
202 }
203
204
205 /**
206 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ
207 * @priv: Pointer to private wext data from wpa_driver_wext_init()
208 * @freq: Frequency in MHz
209 * Returns: 0 on success, -1 on failure
210 */
211 int wpa_driver_wext_set_freq(void *priv, int freq)
212 {
213 struct wpa_driver_wext_data *drv = priv;
214 struct iwreq iwr;
215 int ret = 0;
216
217 os_memset(&iwr, 0, sizeof(iwr));
218 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
219 iwr.u.freq.m = freq * 100000;
220 iwr.u.freq.e = 1;
221
222 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
223 perror("ioctl[SIOCSIWFREQ]");
224 ret = -1;
225 }
226
227 return ret;
228 }
229
230
231 static void
232 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
233 {
234 union wpa_event_data data;
235
236 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
237 custom);
238
239 os_memset(&data, 0, sizeof(data));
240 /* Host AP driver */
241 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
242 data.michael_mic_failure.unicast =
243 os_strstr(custom, " unicast ") != NULL;
244 /* TODO: parse parameters(?) */
245 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
246 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
247 char *spos;
248 int bytes;
249
250 spos = custom + 17;
251
252 bytes = strspn(spos, "0123456789abcdefABCDEF");
253 if (!bytes || (bytes & 1))
254 return;
255 bytes /= 2;
256
257 data.assoc_info.req_ies = os_malloc(bytes);
258 if (data.assoc_info.req_ies == NULL)
259 return;
260
261 data.assoc_info.req_ies_len = bytes;
262 hexstr2bin(spos, data.assoc_info.req_ies, bytes);
263
264 spos += bytes * 2;
265
266 data.assoc_info.resp_ies = NULL;
267 data.assoc_info.resp_ies_len = 0;
268
269 if (os_strncmp(spos, " RespIEs=", 9) == 0) {
270 spos += 9;
271
272 bytes = strspn(spos, "0123456789abcdefABCDEF");
273 if (!bytes || (bytes & 1))
274 goto done;
275 bytes /= 2;
276
277 data.assoc_info.resp_ies = os_malloc(bytes);
278 if (data.assoc_info.resp_ies == NULL)
279 goto done;
280
281 data.assoc_info.resp_ies_len = bytes;
282 hexstr2bin(spos, data.assoc_info.resp_ies, bytes);
283 }
284
285 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
286
287 done:
288 os_free(data.assoc_info.resp_ies);
289 os_free(data.assoc_info.req_ies);
290 #ifdef CONFIG_PEERKEY
291 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
292 if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
293 wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
294 "STKSTART.request '%s'", custom + 17);
295 return;
296 }
297 wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
298 #endif /* CONFIG_PEERKEY */
299 }
300 }
301
302
303 static int wpa_driver_wext_event_wireless_michaelmicfailure(
304 void *ctx, const char *ev, size_t len)
305 {
306 const struct iw_michaelmicfailure *mic;
307 union wpa_event_data data;
308
309 if (len < sizeof(*mic))
310 return -1;
311
312 mic = (const struct iw_michaelmicfailure *) ev;
313
314 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
315 "flags=0x%x src_addr=" MACSTR, mic->flags,
316 MAC2STR(mic->src_addr.sa_data));
317
318 os_memset(&data, 0, sizeof(data));
319 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
320 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
321
322 return 0;
323 }
324
325
326 static int wpa_driver_wext_event_wireless_pmkidcand(
327 struct wpa_driver_wext_data *drv, const char *ev, size_t len)
328 {
329 const struct iw_pmkid_cand *cand;
330 union wpa_event_data data;
331 const u8 *addr;
332
333 if (len < sizeof(*cand))
334 return -1;
335
336 cand = (const struct iw_pmkid_cand *) ev;
337 addr = (const u8 *) cand->bssid.sa_data;
338
339 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
340 "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
341 cand->index, MAC2STR(addr));
342
343 os_memset(&data, 0, sizeof(data));
344 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
345 data.pmkid_candidate.index = cand->index;
346 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
347 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
348
349 return 0;
350 }
351
352
353 static int wpa_driver_wext_event_wireless_assocreqie(
354 struct wpa_driver_wext_data *drv, const char *ev, int len)
355 {
356 if (len < 0)
357 return -1;
358
359 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
360 len);
361 os_free(drv->assoc_req_ies);
362 drv->assoc_req_ies = os_malloc(len);
363 if (drv->assoc_req_ies == NULL) {
364 drv->assoc_req_ies_len = 0;
365 return -1;
366 }
367 os_memcpy(drv->assoc_req_ies, ev, len);
368 drv->assoc_req_ies_len = len;
369
370 return 0;
371 }
372
373
374 static int wpa_driver_wext_event_wireless_assocrespie(
375 struct wpa_driver_wext_data *drv, const char *ev, int len)
376 {
377 if (len < 0)
378 return -1;
379
380 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
381 len);
382 os_free(drv->assoc_resp_ies);
383 drv->assoc_resp_ies = os_malloc(len);
384 if (drv->assoc_resp_ies == NULL) {
385 drv->assoc_resp_ies_len = 0;
386 return -1;
387 }
388 os_memcpy(drv->assoc_resp_ies, ev, len);
389 drv->assoc_resp_ies_len = len;
390
391 return 0;
392 }
393
394
395 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv)
396 {
397 union wpa_event_data data;
398
399 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
400 return;
401
402 os_memset(&data, 0, sizeof(data));
403 if (drv->assoc_req_ies) {
404 data.assoc_info.req_ies = drv->assoc_req_ies;
405 drv->assoc_req_ies = NULL;
406 data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
407 }
408 if (drv->assoc_resp_ies) {
409 data.assoc_info.resp_ies = drv->assoc_resp_ies;
410 drv->assoc_resp_ies = NULL;
411 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
412 }
413
414 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
415
416 os_free(data.assoc_info.req_ies);
417 os_free(data.assoc_info.resp_ies);
418 }
419
420
421 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
422 char *data, int len)
423 {
424 struct iw_event iwe_buf, *iwe = &iwe_buf;
425 char *pos, *end, *custom, *buf;
426
427 pos = data;
428 end = data + len;
429
430 while (pos + IW_EV_LCP_LEN <= end) {
431 /* Event data may be unaligned, so make a local, aligned copy
432 * before processing. */
433 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
434 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
435 iwe->cmd, iwe->len);
436 if (iwe->len <= IW_EV_LCP_LEN)
437 return;
438
439 custom = pos + IW_EV_POINT_LEN;
440 if (drv->we_version_compiled > 18 &&
441 (iwe->cmd == IWEVMICHAELMICFAILURE ||
442 iwe->cmd == IWEVCUSTOM ||
443 iwe->cmd == IWEVASSOCREQIE ||
444 iwe->cmd == IWEVASSOCRESPIE ||
445 iwe->cmd == IWEVPMKIDCAND)) {
446 /* WE-19 removed the pointer from struct iw_point */
447 char *dpos = (char *) &iwe_buf.u.data.length;
448 int dlen = dpos - (char *) &iwe_buf;
449 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
450 sizeof(struct iw_event) - dlen);
451 } else {
452 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
453 custom += IW_EV_POINT_OFF;
454 }
455
456 switch (iwe->cmd) {
457 case SIOCGIWAP:
458 wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
459 MACSTR,
460 MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
461 if (is_zero_ether_addr(
462 (const u8 *) iwe->u.ap_addr.sa_data) ||
463 os_memcmp(iwe->u.ap_addr.sa_data,
464 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
465 0) {
466 os_free(drv->assoc_req_ies);
467 drv->assoc_req_ies = NULL;
468 os_free(drv->assoc_resp_ies);
469 drv->assoc_resp_ies = NULL;
470 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC,
471 NULL);
472
473 } else {
474 wpa_driver_wext_event_assoc_ies(drv);
475 wpa_supplicant_event(drv->ctx, EVENT_ASSOC,
476 NULL);
477 }
478 break;
479 case IWEVMICHAELMICFAILURE:
480 if (custom + iwe->u.data.length > end) {
481 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
482 "IWEVMICHAELMICFAILURE length");
483 return;
484 }
485 wpa_driver_wext_event_wireless_michaelmicfailure(
486 drv->ctx, custom, iwe->u.data.length);
487 break;
488 case IWEVCUSTOM:
489 if (custom + iwe->u.data.length > end) {
490 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
491 "IWEVCUSTOM length");
492 return;
493 }
494 buf = os_malloc(iwe->u.data.length + 1);
495 if (buf == NULL)
496 return;
497 os_memcpy(buf, custom, iwe->u.data.length);
498 buf[iwe->u.data.length] = '\0';
499 wpa_driver_wext_event_wireless_custom(drv->ctx, buf);
500 os_free(buf);
501 break;
502 case SIOCGIWSCAN:
503 drv->scan_complete_events = 1;
504 eloop_cancel_timeout(wpa_driver_wext_scan_timeout,
505 drv, drv->ctx);
506 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS,
507 NULL);
508 break;
509 case IWEVASSOCREQIE:
510 if (custom + iwe->u.data.length > end) {
511 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
512 "IWEVASSOCREQIE length");
513 return;
514 }
515 wpa_driver_wext_event_wireless_assocreqie(
516 drv, custom, iwe->u.data.length);
517 break;
518 case IWEVASSOCRESPIE:
519 if (custom + iwe->u.data.length > end) {
520 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
521 "IWEVASSOCRESPIE length");
522 return;
523 }
524 wpa_driver_wext_event_wireless_assocrespie(
525 drv, custom, iwe->u.data.length);
526 break;
527 case IWEVPMKIDCAND:
528 if (custom + iwe->u.data.length > end) {
529 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
530 "IWEVPMKIDCAND length");
531 return;
532 }
533 wpa_driver_wext_event_wireless_pmkidcand(
534 drv, custom, iwe->u.data.length);
535 break;
536 }
537
538 pos += iwe->len;
539 }
540 }
541
542
543 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv,
544 char *buf, size_t len, int del)
545 {
546 union wpa_event_data event;
547
548 os_memset(&event, 0, sizeof(event));
549 if (len > sizeof(event.interface_status.ifname))
550 len = sizeof(event.interface_status.ifname) - 1;
551 os_memcpy(event.interface_status.ifname, buf, len);
552 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
553 EVENT_INTERFACE_ADDED;
554
555 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
556 del ? "DEL" : "NEW",
557 event.interface_status.ifname,
558 del ? "removed" : "added");
559
560 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
561 if (del)
562 drv->if_removed = 1;
563 else
564 drv->if_removed = 0;
565 }
566
567 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
568 }
569
570
571 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv,
572 u8 *buf, size_t len)
573 {
574 int attrlen, rta_len;
575 struct rtattr *attr;
576
577 attrlen = len;
578 attr = (struct rtattr *) buf;
579
580 rta_len = RTA_ALIGN(sizeof(struct rtattr));
581 while (RTA_OK(attr, attrlen)) {
582 if (attr->rta_type == IFLA_IFNAME) {
583 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
584 == 0)
585 return 1;
586 else
587 break;
588 }
589 attr = RTA_NEXT(attr, attrlen);
590 }
591
592 return 0;
593 }
594
595
596 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv,
597 int ifindex, u8 *buf, size_t len)
598 {
599 if (drv->ifindex == ifindex || drv->ifindex2 == ifindex)
600 return 1;
601
602 if (drv->if_removed && wpa_driver_wext_own_ifname(drv, buf, len)) {
603 drv->ifindex = if_nametoindex(drv->ifname);
604 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed "
605 "interface");
606 wpa_driver_wext_finish_drv_init(drv);
607 return 1;
608 }
609
610 return 0;
611 }
612
613
614 static void wpa_driver_wext_event_rtm_newlink(void *ctx, struct ifinfomsg *ifi,
615 u8 *buf, size_t len)
616 {
617 struct wpa_driver_wext_data *drv = ctx;
618 int attrlen, rta_len;
619 struct rtattr *attr;
620
621 if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, buf, len)) {
622 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
623 ifi->ifi_index);
624 return;
625 }
626
627 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
628 "(%s%s%s%s)",
629 drv->operstate, ifi->ifi_flags,
630 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
631 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
632 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
633 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
634 /*
635 * Some drivers send the association event before the operup event--in
636 * this case, lifting operstate in wpa_driver_wext_set_operstate()
637 * fails. This will hit us when wpa_supplicant does not need to do
638 * IEEE 802.1X authentication
639 */
640 if (drv->operstate == 1 &&
641 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
642 !(ifi->ifi_flags & IFF_RUNNING))
643 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
644 -1, IF_OPER_UP);
645
646 attrlen = len;
647 attr = (struct rtattr *) buf;
648
649 rta_len = RTA_ALIGN(sizeof(struct rtattr));
650 while (RTA_OK(attr, attrlen)) {
651 if (attr->rta_type == IFLA_WIRELESS) {
652 wpa_driver_wext_event_wireless(
653 drv, ((char *) attr) + rta_len,
654 attr->rta_len - rta_len);
655 } else if (attr->rta_type == IFLA_IFNAME) {
656 wpa_driver_wext_event_link(drv,
657 ((char *) attr) + rta_len,
658 attr->rta_len - rta_len, 0);
659 }
660 attr = RTA_NEXT(attr, attrlen);
661 }
662 }
663
664
665 static void wpa_driver_wext_event_rtm_dellink(void *ctx, struct ifinfomsg *ifi,
666 u8 *buf, size_t len)
667 {
668 struct wpa_driver_wext_data *drv = ctx;
669 int attrlen, rta_len;
670 struct rtattr *attr;
671
672 attrlen = len;
673 attr = (struct rtattr *) buf;
674
675 rta_len = RTA_ALIGN(sizeof(struct rtattr));
676 while (RTA_OK(attr, attrlen)) {
677 if (attr->rta_type == IFLA_IFNAME) {
678 wpa_driver_wext_event_link(drv,
679 ((char *) attr) + rta_len,
680 attr->rta_len - rta_len, 1);
681 }
682 attr = RTA_NEXT(attr, attrlen);
683 }
684 }
685
686
687 static int wpa_driver_wext_get_ifflags_ifname(struct wpa_driver_wext_data *drv,
688 const char *ifname, int *flags)
689 {
690 struct ifreq ifr;
691
692 os_memset(&ifr, 0, sizeof(ifr));
693 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
694 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
695 perror("ioctl[SIOCGIFFLAGS]");
696 return -1;
697 }
698 *flags = ifr.ifr_flags & 0xffff;
699 return 0;
700 }
701
702
703 /**
704 * wpa_driver_wext_get_ifflags - Get interface flags (SIOCGIFFLAGS)
705 * @drv: driver_wext private data
706 * @flags: Pointer to returned flags value
707 * Returns: 0 on success, -1 on failure
708 */
709 int wpa_driver_wext_get_ifflags(struct wpa_driver_wext_data *drv, int *flags)
710 {
711 return wpa_driver_wext_get_ifflags_ifname(drv, drv->ifname, flags);
712 }
713
714
715 static int wpa_driver_wext_set_ifflags_ifname(struct wpa_driver_wext_data *drv,
716 const char *ifname, int flags)
717 {
718 struct ifreq ifr;
719
720 os_memset(&ifr, 0, sizeof(ifr));
721 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
722 ifr.ifr_flags = flags & 0xffff;
723 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
724 perror("SIOCSIFFLAGS");
725 return -1;
726 }
727 return 0;
728 }
729
730
731 /**
732 * wpa_driver_wext_set_ifflags - Set interface flags (SIOCSIFFLAGS)
733 * @drv: driver_wext private data
734 * @flags: New value for flags
735 * Returns: 0 on success, -1 on failure
736 */
737 int wpa_driver_wext_set_ifflags(struct wpa_driver_wext_data *drv, int flags)
738 {
739 return wpa_driver_wext_set_ifflags_ifname(drv, drv->ifname, flags);
740 }
741
742
743 /**
744 * wpa_driver_wext_init - Initialize WE driver interface
745 * @ctx: context to be used when calling wpa_supplicant functions,
746 * e.g., wpa_supplicant_event()
747 * @ifname: interface name, e.g., wlan0
748 * Returns: Pointer to private data, %NULL on failure
749 */
750 void * wpa_driver_wext_init(void *ctx, const char *ifname)
751 {
752 struct wpa_driver_wext_data *drv;
753 struct netlink_config *cfg;
754
755 drv = os_zalloc(sizeof(*drv));
756 if (drv == NULL)
757 return NULL;
758 drv->ctx = ctx;
759 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
760
761 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
762 if (drv->ioctl_sock < 0) {
763 perror("socket(PF_INET,SOCK_DGRAM)");
764 goto err1;
765 }
766
767 cfg = os_zalloc(sizeof(*cfg));
768 if (cfg == NULL)
769 goto err1;
770 cfg->ctx = drv;
771 cfg->newlink_cb = wpa_driver_wext_event_rtm_newlink;
772 cfg->dellink_cb = wpa_driver_wext_event_rtm_dellink;
773 drv->netlink = netlink_init(cfg);
774 if (drv->netlink == NULL) {
775 os_free(cfg);
776 goto err2;
777 }
778
779 drv->mlme_sock = -1;
780
781 if (wpa_driver_wext_finish_drv_init(drv) < 0)
782 goto err3;
783
784 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 1);
785
786 return drv;
787
788 err3:
789 netlink_deinit(drv->netlink);
790 err2:
791 close(drv->ioctl_sock);
792 err1:
793 os_free(drv);
794 return NULL;
795 }
796
797
798 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv)
799 {
800 int flags;
801
802 if (wpa_driver_wext_get_ifflags(drv, &flags) != 0) {
803 wpa_printf(MSG_ERROR, "Could not get interface '%s' flags",
804 drv->ifname);
805 return -1;
806 }
807
808 if (!(flags & IFF_UP)) {
809 if (wpa_driver_wext_set_ifflags(drv, flags | IFF_UP) != 0) {
810 wpa_printf(MSG_ERROR, "Could not set interface '%s' "
811 "UP", drv->ifname);
812 return -1;
813 } else {
814 /*
815 * Wait some time to allow driver to initialize before
816 * starting configuring the driver. This seems to be
817 * needed at least some drivers that load firmware etc.
818 * when the interface is set up.
819 */
820 wpa_printf(MSG_DEBUG, "Interface %s set UP - waiting "
821 "a second for the driver to complete "
822 "initialization", drv->ifname);
823 sleep(1);
824 }
825 }
826
827 /*
828 * Make sure that the driver does not have any obsolete PMKID entries.
829 */
830 wpa_driver_wext_flush_pmkid(drv);
831
832 if (wpa_driver_wext_set_mode(drv, 0) < 0) {
833 wpa_printf(MSG_DEBUG, "Could not configure driver to use "
834 "managed mode");
835 /* Try to use it anyway */
836 }
837
838 wpa_driver_wext_get_range(drv);
839
840 /*
841 * Unlock the driver's BSSID and force to a random SSID to clear any
842 * previous association the driver might have when the supplicant
843 * starts up.
844 */
845 wpa_driver_wext_disconnect(drv);
846
847 drv->ifindex = if_nametoindex(drv->ifname);
848
849 if (os_strncmp(drv->ifname, "wlan", 4) == 0) {
850 /*
851 * Host AP driver may use both wlan# and wifi# interface in
852 * wireless events. Since some of the versions included WE-18
853 * support, let's add the alternative ifindex also from
854 * driver_wext.c for the time being. This may be removed at
855 * some point once it is believed that old versions of the
856 * driver are not in use anymore.
857 */
858 char ifname2[IFNAMSIZ + 1];
859 os_strlcpy(ifname2, drv->ifname, sizeof(ifname2));
860 os_memcpy(ifname2, "wifi", 4);
861 wpa_driver_wext_alternative_ifindex(drv, ifname2);
862 }
863
864 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
865 1, IF_OPER_DORMANT);
866
867 return 0;
868 }
869
870
871 /**
872 * wpa_driver_wext_deinit - Deinitialize WE driver interface
873 * @priv: Pointer to private wext data from wpa_driver_wext_init()
874 *
875 * Shut down driver interface and processing of driver events. Free
876 * private data buffer if one was allocated in wpa_driver_wext_init().
877 */
878 void wpa_driver_wext_deinit(void *priv)
879 {
880 struct wpa_driver_wext_data *drv = priv;
881 int flags;
882
883 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 0);
884
885 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
886
887 /*
888 * Clear possibly configured driver parameters in order to make it
889 * easier to use the driver after wpa_supplicant has been terminated.
890 */
891 wpa_driver_wext_disconnect(drv);
892
893 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP);
894 netlink_deinit(drv->netlink);
895
896 if (drv->mlme_sock >= 0)
897 eloop_unregister_read_sock(drv->mlme_sock);
898
899 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0)
900 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
901
902 close(drv->ioctl_sock);
903 if (drv->mlme_sock >= 0)
904 close(drv->mlme_sock);
905 os_free(drv->assoc_req_ies);
906 os_free(drv->assoc_resp_ies);
907 os_free(drv);
908 }
909
910
911 /**
912 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion
913 * @eloop_ctx: Unused
914 * @timeout_ctx: ctx argument given to wpa_driver_wext_init()
915 *
916 * This function can be used as registered timeout when starting a scan to
917 * generate a scan completed event if the driver does not report this.
918 */
919 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx)
920 {
921 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
922 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
923 }
924
925
926 /**
927 * wpa_driver_wext_scan - Request the driver to initiate scan
928 * @priv: Pointer to private wext data from wpa_driver_wext_init()
929 * @param: Scan parameters (specific SSID to scan for (ProbeReq), etc.)
930 * Returns: 0 on success, -1 on failure
931 */
932 int wpa_driver_wext_scan(void *priv, struct wpa_driver_scan_params *params)
933 {
934 struct wpa_driver_wext_data *drv = priv;
935 struct iwreq iwr;
936 int ret = 0, timeout;
937 struct iw_scan_req req;
938 const u8 *ssid = params->ssids[0].ssid;
939 size_t ssid_len = params->ssids[0].ssid_len;
940
941 if (ssid_len > IW_ESSID_MAX_SIZE) {
942 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
943 __FUNCTION__, (unsigned long) ssid_len);
944 return -1;
945 }
946
947 os_memset(&iwr, 0, sizeof(iwr));
948 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
949
950 if (ssid && ssid_len) {
951 os_memset(&req, 0, sizeof(req));
952 req.essid_len = ssid_len;
953 req.bssid.sa_family = ARPHRD_ETHER;
954 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
955 os_memcpy(req.essid, ssid, ssid_len);
956 iwr.u.data.pointer = (caddr_t) &req;
957 iwr.u.data.length = sizeof(req);
958 iwr.u.data.flags = IW_SCAN_THIS_ESSID;
959 }
960
961 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
962 perror("ioctl[SIOCSIWSCAN]");
963 ret = -1;
964 }
965
966 /* Not all drivers generate "scan completed" wireless event, so try to
967 * read results after a timeout. */
968 timeout = 5;
969 if (drv->scan_complete_events) {
970 /*
971 * The driver seems to deliver SIOCGIWSCAN events to notify
972 * when scan is complete, so use longer timeout to avoid race
973 * conditions with scanning and following association request.
974 */
975 timeout = 30;
976 }
977 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
978 "seconds", ret, timeout);
979 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
980 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv,
981 drv->ctx);
982
983 return ret;
984 }
985
986
987 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv,
988 size_t *len)
989 {
990 struct iwreq iwr;
991 u8 *res_buf;
992 size_t res_buf_len;
993
994 res_buf_len = IW_SCAN_MAX_DATA;
995 for (;;) {
996 res_buf = os_malloc(res_buf_len);
997 if (res_buf == NULL)
998 return NULL;
999 os_memset(&iwr, 0, sizeof(iwr));
1000 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1001 iwr.u.data.pointer = res_buf;
1002 iwr.u.data.length = res_buf_len;
1003
1004 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
1005 break;
1006
1007 if (errno == E2BIG && res_buf_len < 65535) {
1008 os_free(res_buf);
1009 res_buf = NULL;
1010 res_buf_len *= 2;
1011 if (res_buf_len > 65535)
1012 res_buf_len = 65535; /* 16-bit length field */
1013 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
1014 "trying larger buffer (%lu bytes)",
1015 (unsigned long) res_buf_len);
1016 } else {
1017 perror("ioctl[SIOCGIWSCAN]");
1018 os_free(res_buf);
1019 return NULL;
1020 }
1021 }
1022
1023 if (iwr.u.data.length > res_buf_len) {
1024 os_free(res_buf);
1025 return NULL;
1026 }
1027 *len = iwr.u.data.length;
1028
1029 return res_buf;
1030 }
1031
1032
1033 /*
1034 * Data structure for collecting WEXT scan results. This is needed to allow
1035 * the various methods of reporting IEs to be combined into a single IE buffer.
1036 */
1037 struct wext_scan_data {
1038 struct wpa_scan_res res;
1039 u8 *ie;
1040 size_t ie_len;
1041 u8 ssid[32];
1042 size_t ssid_len;
1043 int maxrate;
1044 };
1045
1046
1047 static void wext_get_scan_mode(struct iw_event *iwe,
1048 struct wext_scan_data *res)
1049 {
1050 if (iwe->u.mode == IW_MODE_ADHOC)
1051 res->res.caps |= IEEE80211_CAP_IBSS;
1052 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA)
1053 res->res.caps |= IEEE80211_CAP_ESS;
1054 }
1055
1056
1057 static void wext_get_scan_ssid(struct iw_event *iwe,
1058 struct wext_scan_data *res, char *custom,
1059 char *end)
1060 {
1061 int ssid_len = iwe->u.essid.length;
1062 if (custom + ssid_len > end)
1063 return;
1064 if (iwe->u.essid.flags &&
1065 ssid_len > 0 &&
1066 ssid_len <= IW_ESSID_MAX_SIZE) {
1067 os_memcpy(res->ssid, custom, ssid_len);
1068 res->ssid_len = ssid_len;
1069 }
1070 }
1071
1072
1073 static void wext_get_scan_freq(struct iw_event *iwe,
1074 struct wext_scan_data *res)
1075 {
1076 int divi = 1000000, i;
1077
1078 if (iwe->u.freq.e == 0) {
1079 /*
1080 * Some drivers do not report frequency, but a channel.
1081 * Try to map this to frequency by assuming they are using
1082 * IEEE 802.11b/g. But don't overwrite a previously parsed
1083 * frequency if the driver sends both frequency and channel,
1084 * since the driver may be sending an A-band channel that we
1085 * don't handle here.
1086 */
1087
1088 if (res->res.freq)
1089 return;
1090
1091 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
1092 res->res.freq = 2407 + 5 * iwe->u.freq.m;
1093 return;
1094 } else if (iwe->u.freq.m == 14) {
1095 res->res.freq = 2484;
1096 return;
1097 }
1098 }
1099
1100 if (iwe->u.freq.e > 6) {
1101 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID="
1102 MACSTR " m=%d e=%d)",
1103 MAC2STR(res->res.bssid), iwe->u.freq.m,
1104 iwe->u.freq.e);
1105 return;
1106 }
1107
1108 for (i = 0; i < iwe->u.freq.e; i++)
1109 divi /= 10;
1110 res->res.freq = iwe->u.freq.m / divi;
1111 }
1112
1113
1114 static void wext_get_scan_qual(struct iw_event *iwe,
1115 struct wext_scan_data *res)
1116 {
1117 res->res.qual = iwe->u.qual.qual;
1118 res->res.noise = iwe->u.qual.noise;
1119 res->res.level = iwe->u.qual.level;
1120 if (iwe->u.qual.updated & IW_QUAL_QUAL_INVALID)
1121 res->res.flags |= WPA_SCAN_QUAL_INVALID;
1122 if (iwe->u.qual.updated & IW_QUAL_LEVEL_INVALID)
1123 res->res.flags |= WPA_SCAN_LEVEL_INVALID;
1124 if (iwe->u.qual.updated & IW_QUAL_NOISE_INVALID)
1125 res->res.flags |= WPA_SCAN_NOISE_INVALID;
1126 if (iwe->u.qual.updated & IW_QUAL_DBM)
1127 res->res.flags |= WPA_SCAN_LEVEL_DBM;
1128 }
1129
1130
1131 static void wext_get_scan_encode(struct iw_event *iwe,
1132 struct wext_scan_data *res)
1133 {
1134 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED))
1135 res->res.caps |= IEEE80211_CAP_PRIVACY;
1136 }
1137
1138
1139 static void wext_get_scan_rate(struct iw_event *iwe,
1140 struct wext_scan_data *res, char *pos,
1141 char *end)
1142 {
1143 int maxrate;
1144 char *custom = pos + IW_EV_LCP_LEN;
1145 struct iw_param p;
1146 size_t clen;
1147
1148 clen = iwe->len;
1149 if (custom + clen > end)
1150 return;
1151 maxrate = 0;
1152 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
1153 /* Note: may be misaligned, make a local, aligned copy */
1154 os_memcpy(&p, custom, sizeof(struct iw_param));
1155 if (p.value > maxrate)
1156 maxrate = p.value;
1157 clen -= sizeof(struct iw_param);
1158 custom += sizeof(struct iw_param);
1159 }
1160
1161 /* Convert the maxrate from WE-style (b/s units) to
1162 * 802.11 rates (500000 b/s units).
1163 */
1164 res->maxrate = maxrate / 500000;
1165 }
1166
1167
1168 static void wext_get_scan_iwevgenie(struct iw_event *iwe,
1169 struct wext_scan_data *res, char *custom,
1170 char *end)
1171 {
1172 char *genie, *gpos, *gend;
1173 u8 *tmp;
1174
1175 if (iwe->u.data.length == 0)
1176 return;
1177
1178 gpos = genie = custom;
1179 gend = genie + iwe->u.data.length;
1180 if (gend > end) {
1181 wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1182 return;
1183 }
1184
1185 tmp = os_realloc(res->ie, res->ie_len + gend - gpos);
1186 if (tmp == NULL)
1187 return;
1188 os_memcpy(tmp + res->ie_len, gpos, gend - gpos);
1189 res->ie = tmp;
1190 res->ie_len += gend - gpos;
1191 }
1192
1193
1194 static void wext_get_scan_custom(struct iw_event *iwe,
1195 struct wext_scan_data *res, char *custom,
1196 char *end)
1197 {
1198 size_t clen;
1199 u8 *tmp;
1200
1201 clen = iwe->u.data.length;
1202 if (custom + clen > end)
1203 return;
1204
1205 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
1206 char *spos;
1207 int bytes;
1208 spos = custom + 7;
1209 bytes = custom + clen - spos;
1210 if (bytes & 1 || bytes == 0)
1211 return;
1212 bytes /= 2;
1213 tmp = os_realloc(res->ie, res->ie_len + bytes);
1214 if (tmp == NULL)
1215 return;
1216 hexstr2bin(spos, tmp + res->ie_len, bytes);
1217 res->ie = tmp;
1218 res->ie_len += bytes;
1219 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) {
1220 char *spos;
1221 int bytes;
1222 spos = custom + 7;
1223 bytes = custom + clen - spos;
1224 if (bytes & 1 || bytes == 0)
1225 return;
1226 bytes /= 2;
1227 tmp = os_realloc(res->ie, res->ie_len + bytes);
1228 if (tmp == NULL)
1229 return;
1230 hexstr2bin(spos, tmp + res->ie_len, bytes);
1231 res->ie = tmp;
1232 res->ie_len += bytes;
1233 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) {
1234 char *spos;
1235 int bytes;
1236 u8 bin[8];
1237 spos = custom + 4;
1238 bytes = custom + clen - spos;
1239 if (bytes != 16) {
1240 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
1241 return;
1242 }
1243 bytes /= 2;
1244 hexstr2bin(spos, bin, bytes);
1245 res->res.tsf += WPA_GET_BE64(bin);
1246 }
1247 }
1248
1249
1250 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd)
1251 {
1252 return drv->we_version_compiled > 18 &&
1253 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE ||
1254 cmd == IWEVGENIE || cmd == IWEVCUSTOM);
1255 }
1256
1257
1258 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res,
1259 struct wext_scan_data *data)
1260 {
1261 struct wpa_scan_res **tmp;
1262 struct wpa_scan_res *r;
1263 size_t extra_len;
1264 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL;
1265
1266 /* Figure out whether we need to fake any IEs */
1267 pos = data->ie;
1268 end = pos + data->ie_len;
1269 while (pos && pos + 1 < end) {
1270 if (pos + 2 + pos[1] > end)
1271 break;
1272 if (pos[0] == WLAN_EID_SSID)
1273 ssid_ie = pos;
1274 else if (pos[0] == WLAN_EID_SUPP_RATES)
1275 rate_ie = pos;
1276 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES)
1277 rate_ie = pos;
1278 pos += 2 + pos[1];
1279 }
1280
1281 extra_len = 0;
1282 if (ssid_ie == NULL)
1283 extra_len += 2 + data->ssid_len;
1284 if (rate_ie == NULL && data->maxrate)
1285 extra_len += 3;
1286
1287 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len);
1288 if (r == NULL)
1289 return;
1290 os_memcpy(r, &data->res, sizeof(*r));
1291 r->ie_len = extra_len + data->ie_len;
1292 pos = (u8 *) (r + 1);
1293 if (ssid_ie == NULL) {
1294 /*
1295 * Generate a fake SSID IE since the driver did not report
1296 * a full IE list.
1297 */
1298 *pos++ = WLAN_EID_SSID;
1299 *pos++ = data->ssid_len;
1300 os_memcpy(pos, data->ssid, data->ssid_len);
1301 pos += data->ssid_len;
1302 }
1303 if (rate_ie == NULL && data->maxrate) {
1304 /*
1305 * Generate a fake Supported Rates IE since the driver did not
1306 * report a full IE list.
1307 */
1308 *pos++ = WLAN_EID_SUPP_RATES;
1309 *pos++ = 1;
1310 *pos++ = data->maxrate;
1311 }
1312 if (data->ie)
1313 os_memcpy(pos, data->ie, data->ie_len);
1314
1315 tmp = os_realloc(res->res,
1316 (res->num + 1) * sizeof(struct wpa_scan_res *));
1317 if (tmp == NULL) {
1318 os_free(r);
1319 return;
1320 }
1321 tmp[res->num++] = r;
1322 res->res = tmp;
1323 }
1324
1325
1326 /**
1327 * wpa_driver_wext_get_scan_results - Fetch the latest scan results
1328 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1329 * Returns: Scan results on success, -1 on failure
1330 */
1331 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv)
1332 {
1333 struct wpa_driver_wext_data *drv = priv;
1334 size_t ap_num = 0, len;
1335 int first;
1336 u8 *res_buf;
1337 struct iw_event iwe_buf, *iwe = &iwe_buf;
1338 char *pos, *end, *custom;
1339 struct wpa_scan_results *res;
1340 struct wext_scan_data data;
1341
1342 res_buf = wpa_driver_wext_giwscan(drv, &len);
1343 if (res_buf == NULL)
1344 return NULL;
1345
1346 ap_num = 0;
1347 first = 1;
1348
1349 res = os_zalloc(sizeof(*res));
1350 if (res == NULL) {
1351 os_free(res_buf);
1352 return NULL;
1353 }
1354
1355 pos = (char *) res_buf;
1356 end = (char *) res_buf + len;
1357 os_memset(&data, 0, sizeof(data));
1358
1359 while (pos + IW_EV_LCP_LEN <= end) {
1360 /* Event data may be unaligned, so make a local, aligned copy
1361 * before processing. */
1362 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1363 if (iwe->len <= IW_EV_LCP_LEN)
1364 break;
1365
1366 custom = pos + IW_EV_POINT_LEN;
1367 if (wext_19_iw_point(drv, iwe->cmd)) {
1368 /* WE-19 removed the pointer from struct iw_point */
1369 char *dpos = (char *) &iwe_buf.u.data.length;
1370 int dlen = dpos - (char *) &iwe_buf;
1371 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1372 sizeof(struct iw_event) - dlen);
1373 } else {
1374 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1375 custom += IW_EV_POINT_OFF;
1376 }
1377
1378 switch (iwe->cmd) {
1379 case SIOCGIWAP:
1380 if (!first)
1381 wpa_driver_wext_add_scan_entry(res, &data);
1382 first = 0;
1383 os_free(data.ie);
1384 os_memset(&data, 0, sizeof(data));
1385 os_memcpy(data.res.bssid,
1386 iwe->u.ap_addr.sa_data, ETH_ALEN);
1387 break;
1388 case SIOCGIWMODE:
1389 wext_get_scan_mode(iwe, &data);
1390 break;
1391 case SIOCGIWESSID:
1392 wext_get_scan_ssid(iwe, &data, custom, end);
1393 break;
1394 case SIOCGIWFREQ:
1395 wext_get_scan_freq(iwe, &data);
1396 break;
1397 case IWEVQUAL:
1398 wext_get_scan_qual(iwe, &data);
1399 break;
1400 case SIOCGIWENCODE:
1401 wext_get_scan_encode(iwe, &data);
1402 break;
1403 case SIOCGIWRATE:
1404 wext_get_scan_rate(iwe, &data, pos, end);
1405 break;
1406 case IWEVGENIE:
1407 wext_get_scan_iwevgenie(iwe, &data, custom, end);
1408 break;
1409 case IWEVCUSTOM:
1410 wext_get_scan_custom(iwe, &data, custom, end);
1411 break;
1412 }
1413
1414 pos += iwe->len;
1415 }
1416 os_free(res_buf);
1417 res_buf = NULL;
1418 if (!first)
1419 wpa_driver_wext_add_scan_entry(res, &data);
1420 os_free(data.ie);
1421
1422 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1423 (unsigned long) len, (unsigned long) res->num);
1424
1425 return res;
1426 }
1427
1428
1429 static int wpa_driver_wext_get_range(void *priv)
1430 {
1431 struct wpa_driver_wext_data *drv = priv;
1432 struct iw_range *range;
1433 struct iwreq iwr;
1434 int minlen;
1435 size_t buflen;
1436
1437 /*
1438 * Use larger buffer than struct iw_range in order to allow the
1439 * structure to grow in the future.
1440 */
1441 buflen = sizeof(struct iw_range) + 500;
1442 range = os_zalloc(buflen);
1443 if (range == NULL)
1444 return -1;
1445
1446 os_memset(&iwr, 0, sizeof(iwr));
1447 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1448 iwr.u.data.pointer = (caddr_t) range;
1449 iwr.u.data.length = buflen;
1450
1451 minlen = ((char *) &range->enc_capa) - (char *) range +
1452 sizeof(range->enc_capa);
1453
1454 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1455 perror("ioctl[SIOCGIWRANGE]");
1456 os_free(range);
1457 return -1;
1458 } else if (iwr.u.data.length >= minlen &&
1459 range->we_version_compiled >= 18) {
1460 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1461 "WE(source)=%d enc_capa=0x%x",
1462 range->we_version_compiled,
1463 range->we_version_source,
1464 range->enc_capa);
1465 drv->has_capability = 1;
1466 drv->we_version_compiled = range->we_version_compiled;
1467 if (range->enc_capa & IW_ENC_CAPA_WPA) {
1468 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1469 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1470 }
1471 if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1472 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1473 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1474 }
1475 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1476 WPA_DRIVER_CAPA_ENC_WEP104;
1477 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1478 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1479 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1480 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1481 if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE)
1482 drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
1483 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1484 WPA_DRIVER_AUTH_SHARED |
1485 WPA_DRIVER_AUTH_LEAP;
1486 drv->capa.max_scan_ssids = 1;
1487
1488 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x "
1489 "flags 0x%x",
1490 drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags);
1491 } else {
1492 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1493 "assuming WPA is not supported");
1494 }
1495
1496 os_free(range);
1497 return 0;
1498 }
1499
1500
1501 static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv,
1502 const u8 *psk)
1503 {
1504 struct iw_encode_ext *ext;
1505 struct iwreq iwr;
1506 int ret;
1507
1508 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1509
1510 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1511 return 0;
1512
1513 if (!psk)
1514 return 0;
1515
1516 os_memset(&iwr, 0, sizeof(iwr));
1517 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1518
1519 ext = os_zalloc(sizeof(*ext) + PMK_LEN);
1520 if (ext == NULL)
1521 return -1;
1522
1523 iwr.u.encoding.pointer = (caddr_t) ext;
1524 iwr.u.encoding.length = sizeof(*ext) + PMK_LEN;
1525 ext->key_len = PMK_LEN;
1526 os_memcpy(&ext->key, psk, ext->key_len);
1527 ext->alg = IW_ENCODE_ALG_PMK;
1528
1529 ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr);
1530 if (ret < 0)
1531 perror("ioctl[SIOCSIWENCODEEXT] PMK");
1532 os_free(ext);
1533
1534 return ret;
1535 }
1536
1537
1538 static int wpa_driver_wext_set_key_ext(void *priv, enum wpa_alg alg,
1539 const u8 *addr, int key_idx,
1540 int set_tx, const u8 *seq,
1541 size_t seq_len,
1542 const u8 *key, size_t key_len)
1543 {
1544 struct wpa_driver_wext_data *drv = priv;
1545 struct iwreq iwr;
1546 int ret = 0;
1547 struct iw_encode_ext *ext;
1548
1549 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) {
1550 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu",
1551 __FUNCTION__, (unsigned long) seq_len);
1552 return -1;
1553 }
1554
1555 ext = os_zalloc(sizeof(*ext) + key_len);
1556 if (ext == NULL)
1557 return -1;
1558 os_memset(&iwr, 0, sizeof(iwr));
1559 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1560 iwr.u.encoding.flags = key_idx + 1;
1561 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1562 if (alg == WPA_ALG_NONE)
1563 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1564 iwr.u.encoding.pointer = (caddr_t) ext;
1565 iwr.u.encoding.length = sizeof(*ext) + key_len;
1566
1567 if (addr == NULL ||
1568 os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0)
1569 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
1570 if (set_tx)
1571 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
1572
1573 ext->addr.sa_family = ARPHRD_ETHER;
1574 if (addr)
1575 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN);
1576 else
1577 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN);
1578 if (key && key_len) {
1579 os_memcpy(ext + 1, key, key_len);
1580 ext->key_len = key_len;
1581 }
1582 switch (alg) {
1583 case WPA_ALG_NONE:
1584 ext->alg = IW_ENCODE_ALG_NONE;
1585 break;
1586 case WPA_ALG_WEP:
1587 ext->alg = IW_ENCODE_ALG_WEP;
1588 break;
1589 case WPA_ALG_TKIP:
1590 ext->alg = IW_ENCODE_ALG_TKIP;
1591 break;
1592 case WPA_ALG_CCMP:
1593 ext->alg = IW_ENCODE_ALG_CCMP;
1594 break;
1595 case WPA_ALG_PMK:
1596 ext->alg = IW_ENCODE_ALG_PMK;
1597 break;
1598 #ifdef CONFIG_IEEE80211W
1599 case WPA_ALG_IGTK:
1600 ext->alg = IW_ENCODE_ALG_AES_CMAC;
1601 break;
1602 #endif /* CONFIG_IEEE80211W */
1603 default:
1604 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d",
1605 __FUNCTION__, alg);
1606 os_free(ext);
1607 return -1;
1608 }
1609
1610 if (seq && seq_len) {
1611 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID;
1612 os_memcpy(ext->rx_seq, seq, seq_len);
1613 }
1614
1615 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) {
1616 ret = errno == EOPNOTSUPP ? -2 : -1;
1617 if (errno == ENODEV) {
1618 /*
1619 * ndiswrapper seems to be returning incorrect error
1620 * code.. */
1621 ret = -2;
1622 }
1623
1624 perror("ioctl[SIOCSIWENCODEEXT]");
1625 }
1626
1627 os_free(ext);
1628 return ret;
1629 }
1630
1631
1632 /**
1633 * wpa_driver_wext_set_key - Configure encryption key
1634 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1635 * @priv: Private driver interface data
1636 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
1637 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key.
1638 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for
1639 * broadcast/default keys
1640 * @key_idx: key index (0..3), usually 0 for unicast keys
1641 * @set_tx: Configure this key as the default Tx key (only used when
1642 * driver does not support separate unicast/individual key
1643 * @seq: Sequence number/packet number, seq_len octets, the next
1644 * packet number to be used for in replay protection; configured
1645 * for Rx keys (in most cases, this is only used with broadcast
1646 * keys and set to zero for unicast keys)
1647 * @seq_len: Length of the seq, depends on the algorithm:
1648 * TKIP: 6 octets, CCMP: 6 octets
1649 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
1650 * 8-byte Rx Mic Key
1651 * @key_len: Length of the key buffer in octets (WEP: 5 or 13,
1652 * TKIP: 32, CCMP: 16)
1653 * Returns: 0 on success, -1 on failure
1654 *
1655 * This function uses SIOCSIWENCODEEXT by default, but tries to use
1656 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key.
1657 */
1658 int wpa_driver_wext_set_key(const char *ifname, void *priv, enum wpa_alg alg,
1659 const u8 *addr, int key_idx,
1660 int set_tx, const u8 *seq, size_t seq_len,
1661 const u8 *key, size_t key_len)
1662 {
1663 struct wpa_driver_wext_data *drv = priv;
1664 struct iwreq iwr;
1665 int ret = 0;
1666
1667 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu "
1668 "key_len=%lu",
1669 __FUNCTION__, alg, key_idx, set_tx,
1670 (unsigned long) seq_len, (unsigned long) key_len);
1671
1672 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx,
1673 seq, seq_len, key, key_len);
1674 if (ret == 0)
1675 return 0;
1676
1677 if (ret == -2 &&
1678 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) {
1679 wpa_printf(MSG_DEBUG, "Driver did not support "
1680 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE");
1681 ret = 0;
1682 } else {
1683 wpa_printf(MSG_DEBUG, "Driver did not support "
1684 "SIOCSIWENCODEEXT");
1685 return ret;
1686 }
1687
1688 os_memset(&iwr, 0, sizeof(iwr));
1689 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1690 iwr.u.encoding.flags = key_idx + 1;
1691 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1692 if (alg == WPA_ALG_NONE)
1693 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1694 iwr.u.encoding.pointer = (caddr_t) key;
1695 iwr.u.encoding.length = key_len;
1696
1697 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1698 perror("ioctl[SIOCSIWENCODE]");
1699 ret = -1;
1700 }
1701
1702 if (set_tx && alg != WPA_ALG_NONE) {
1703 os_memset(&iwr, 0, sizeof(iwr));
1704 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1705 iwr.u.encoding.flags = key_idx + 1;
1706 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1707 iwr.u.encoding.pointer = (caddr_t) NULL;
1708 iwr.u.encoding.length = 0;
1709 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1710 perror("ioctl[SIOCSIWENCODE] (set_tx)");
1711 ret = -1;
1712 }
1713 }
1714
1715 return ret;
1716 }
1717
1718
1719 static int wpa_driver_wext_set_countermeasures(void *priv,
1720 int enabled)
1721 {
1722 struct wpa_driver_wext_data *drv = priv;
1723 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1724 return wpa_driver_wext_set_auth_param(drv,
1725 IW_AUTH_TKIP_COUNTERMEASURES,
1726 enabled);
1727 }
1728
1729
1730 static int wpa_driver_wext_set_drop_unencrypted(void *priv,
1731 int enabled)
1732 {
1733 struct wpa_driver_wext_data *drv = priv;
1734 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1735 drv->use_crypt = enabled;
1736 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
1737 enabled);
1738 }
1739
1740
1741 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv,
1742 const u8 *addr, int cmd, int reason_code)
1743 {
1744 struct iwreq iwr;
1745 struct iw_mlme mlme;
1746 int ret = 0;
1747
1748 os_memset(&iwr, 0, sizeof(iwr));
1749 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1750 os_memset(&mlme, 0, sizeof(mlme));
1751 mlme.cmd = cmd;
1752 mlme.reason_code = reason_code;
1753 mlme.addr.sa_family = ARPHRD_ETHER;
1754 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
1755 iwr.u.data.pointer = (caddr_t) &mlme;
1756 iwr.u.data.length = sizeof(mlme);
1757
1758 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
1759 perror("ioctl[SIOCSIWMLME]");
1760 ret = -1;
1761 }
1762
1763 return ret;
1764 }
1765
1766
1767 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv)
1768 {
1769 struct iwreq iwr;
1770 const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
1771 u8 ssid[32];
1772 int i;
1773
1774 /*
1775 * Only force-disconnect when the card is in infrastructure mode,
1776 * otherwise the driver might interpret the cleared BSSID and random
1777 * SSID as an attempt to create a new ad-hoc network.
1778 */
1779 os_memset(&iwr, 0, sizeof(iwr));
1780 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1781 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
1782 perror("ioctl[SIOCGIWMODE]");
1783 iwr.u.mode = IW_MODE_INFRA;
1784 }
1785
1786 if (iwr.u.mode == IW_MODE_INFRA) {
1787 /*
1788 * Clear the BSSID selection and set a random SSID to make sure
1789 * the driver will not be trying to associate with something
1790 * even if it does not understand SIOCSIWMLME commands (or
1791 * tries to associate automatically after deauth/disassoc).
1792 */
1793 wpa_driver_wext_set_bssid(drv, null_bssid);
1794
1795 for (i = 0; i < 32; i++)
1796 ssid[i] = rand() & 0xFF;
1797 wpa_driver_wext_set_ssid(drv, ssid, 32);
1798 }
1799 }
1800
1801
1802 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr,
1803 int reason_code)
1804 {
1805 struct wpa_driver_wext_data *drv = priv;
1806 int ret;
1807 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1808 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
1809 wpa_driver_wext_disconnect(drv);
1810 return ret;
1811 }
1812
1813
1814 static int wpa_driver_wext_disassociate(void *priv, const u8 *addr,
1815 int reason_code)
1816 {
1817 struct wpa_driver_wext_data *drv = priv;
1818 int ret;
1819 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1820 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC, reason_code);
1821 wpa_driver_wext_disconnect(drv);
1822 return ret;
1823 }
1824
1825
1826 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
1827 size_t ie_len)
1828 {
1829 struct wpa_driver_wext_data *drv = priv;
1830 struct iwreq iwr;
1831 int ret = 0;
1832
1833 os_memset(&iwr, 0, sizeof(iwr));
1834 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1835 iwr.u.data.pointer = (caddr_t) ie;
1836 iwr.u.data.length = ie_len;
1837
1838 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
1839 perror("ioctl[SIOCSIWGENIE]");
1840 ret = -1;
1841 }
1842
1843 return ret;
1844 }
1845
1846
1847 int wpa_driver_wext_cipher2wext(int cipher)
1848 {
1849 switch (cipher) {
1850 case CIPHER_NONE:
1851 return IW_AUTH_CIPHER_NONE;
1852 case CIPHER_WEP40:
1853 return IW_AUTH_CIPHER_WEP40;
1854 case CIPHER_TKIP:
1855 return IW_AUTH_CIPHER_TKIP;
1856 case CIPHER_CCMP:
1857 return IW_AUTH_CIPHER_CCMP;
1858 case CIPHER_WEP104:
1859 return IW_AUTH_CIPHER_WEP104;
1860 default:
1861 return 0;
1862 }
1863 }
1864
1865
1866 int wpa_driver_wext_keymgmt2wext(int keymgmt)
1867 {
1868 switch (keymgmt) {
1869 case KEY_MGMT_802_1X:
1870 case KEY_MGMT_802_1X_NO_WPA:
1871 return IW_AUTH_KEY_MGMT_802_1X;
1872 case KEY_MGMT_PSK:
1873 return IW_AUTH_KEY_MGMT_PSK;
1874 default:
1875 return 0;
1876 }
1877 }
1878
1879
1880 static int
1881 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv,
1882 struct wpa_driver_associate_params *params)
1883 {
1884 struct iwreq iwr;
1885 int ret = 0;
1886
1887 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
1888 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
1889
1890 os_memset(&iwr, 0, sizeof(iwr));
1891 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1892 /* Just changing mode, not actual keys */
1893 iwr.u.encoding.flags = 0;
1894 iwr.u.encoding.pointer = (caddr_t) NULL;
1895 iwr.u.encoding.length = 0;
1896
1897 /*
1898 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
1899 * different things. Here they are used to indicate Open System vs.
1900 * Shared Key authentication algorithm. However, some drivers may use
1901 * them to select between open/restricted WEP encrypted (open = allow
1902 * both unencrypted and encrypted frames; restricted = only allow
1903 * encrypted frames).
1904 */
1905
1906 if (!drv->use_crypt) {
1907 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1908 } else {
1909 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
1910 iwr.u.encoding.flags |= IW_ENCODE_OPEN;
1911 if (params->auth_alg & AUTH_ALG_SHARED_KEY)
1912 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
1913 }
1914
1915 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1916 perror("ioctl[SIOCSIWENCODE]");
1917 ret = -1;
1918 }
1919
1920 return ret;
1921 }
1922
1923
1924 int wpa_driver_wext_associate(void *priv,
1925 struct wpa_driver_associate_params *params)
1926 {
1927 struct wpa_driver_wext_data *drv = priv;
1928 int ret = 0;
1929 int allow_unencrypted_eapol;
1930 int value;
1931
1932 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1933
1934 if (wpa_driver_wext_set_drop_unencrypted(drv, params->drop_unencrypted)
1935 < 0)
1936 ret = -1;
1937 if (wpa_driver_wext_set_auth_alg(drv, params->auth_alg) < 0)
1938 ret = -1;
1939 if (wpa_driver_wext_set_mode(drv, params->mode) < 0)
1940 ret = -1;
1941
1942 /*
1943 * If the driver did not support SIOCSIWAUTH, fallback to
1944 * SIOCSIWENCODE here.
1945 */
1946 if (drv->auth_alg_fallback &&
1947 wpa_driver_wext_auth_alg_fallback(drv, params) < 0)
1948 ret = -1;
1949
1950 if (!params->bssid &&
1951 wpa_driver_wext_set_bssid(drv, NULL) < 0)
1952 ret = -1;
1953
1954 /* TODO: should consider getting wpa version and cipher/key_mgmt suites
1955 * from configuration, not from here, where only the selected suite is
1956 * available */
1957 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
1958 < 0)
1959 ret = -1;
1960 if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
1961 value = IW_AUTH_WPA_VERSION_DISABLED;
1962 else if (params->wpa_ie[0] == WLAN_EID_RSN)
1963 value = IW_AUTH_WPA_VERSION_WPA2;
1964 else
1965 value = IW_AUTH_WPA_VERSION_WPA;
1966 if (wpa_driver_wext_set_auth_param(drv,
1967 IW_AUTH_WPA_VERSION, value) < 0)
1968 ret = -1;
1969 value = wpa_driver_wext_cipher2wext(params->pairwise_suite);
1970 if (wpa_driver_wext_set_auth_param(drv,
1971 IW_AUTH_CIPHER_PAIRWISE, value) < 0)
1972 ret = -1;
1973 value = wpa_driver_wext_cipher2wext(params->group_suite);
1974 if (wpa_driver_wext_set_auth_param(drv,
1975 IW_AUTH_CIPHER_GROUP, value) < 0)
1976 ret = -1;
1977 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite);
1978 if (wpa_driver_wext_set_auth_param(drv,
1979 IW_AUTH_KEY_MGMT, value) < 0)
1980 ret = -1;
1981 value = params->key_mgmt_suite != KEY_MGMT_NONE ||
1982 params->pairwise_suite != CIPHER_NONE ||
1983 params->group_suite != CIPHER_NONE ||
1984 params->wpa_ie_len;
1985 if (wpa_driver_wext_set_auth_param(drv,
1986 IW_AUTH_PRIVACY_INVOKED, value) < 0)
1987 ret = -1;
1988
1989 /* Allow unencrypted EAPOL messages even if pairwise keys are set when
1990 * not using WPA. IEEE 802.1X specifies that these frames are not
1991 * encrypted, but WPA encrypts them when pairwise keys are in use. */
1992 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
1993 params->key_mgmt_suite == KEY_MGMT_PSK)
1994 allow_unencrypted_eapol = 0;
1995 else
1996 allow_unencrypted_eapol = 1;
1997
1998 if (wpa_driver_wext_set_psk(drv, params->psk) < 0)
1999 ret = -1;
2000 if (wpa_driver_wext_set_auth_param(drv,
2001 IW_AUTH_RX_UNENCRYPTED_EAPOL,
2002 allow_unencrypted_eapol) < 0)
2003 ret = -1;
2004 #ifdef CONFIG_IEEE80211W
2005 switch (params->mgmt_frame_protection) {
2006 case NO_MGMT_FRAME_PROTECTION:
2007 value = IW_AUTH_MFP_DISABLED;
2008 break;
2009 case MGMT_FRAME_PROTECTION_OPTIONAL:
2010 value = IW_AUTH_MFP_OPTIONAL;
2011 break;
2012 case MGMT_FRAME_PROTECTION_REQUIRED:
2013 value = IW_AUTH_MFP_REQUIRED;
2014 break;
2015 };
2016 if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0)
2017 ret = -1;
2018 #endif /* CONFIG_IEEE80211W */
2019 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0)
2020 ret = -1;
2021 if (wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2022 ret = -1;
2023 if (params->bssid &&
2024 wpa_driver_wext_set_bssid(drv, params->bssid) < 0)
2025 ret = -1;
2026
2027 return ret;
2028 }
2029
2030
2031 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
2032 {
2033 struct wpa_driver_wext_data *drv = priv;
2034 int algs = 0, res;
2035
2036 if (auth_alg & AUTH_ALG_OPEN_SYSTEM)
2037 algs |= IW_AUTH_ALG_OPEN_SYSTEM;
2038 if (auth_alg & AUTH_ALG_SHARED_KEY)
2039 algs |= IW_AUTH_ALG_SHARED_KEY;
2040 if (auth_alg & AUTH_ALG_LEAP)
2041 algs |= IW_AUTH_ALG_LEAP;
2042 if (algs == 0) {
2043 /* at least one algorithm should be set */
2044 algs = IW_AUTH_ALG_OPEN_SYSTEM;
2045 }
2046
2047 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
2048 algs);
2049 drv->auth_alg_fallback = res == -2;
2050 return res;
2051 }
2052
2053
2054 /**
2055 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
2056 * @priv: Pointer to private wext data from wpa_driver_wext_init()
2057 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2058 * Returns: 0 on success, -1 on failure
2059 */
2060 int wpa_driver_wext_set_mode(void *priv, int mode)
2061 {
2062 struct wpa_driver_wext_data *drv = priv;
2063 struct iwreq iwr;
2064 int ret = -1, flags;
2065 unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA;
2066
2067 os_memset(&iwr, 0, sizeof(iwr));
2068 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2069 iwr.u.mode = new_mode;
2070 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) {
2071 ret = 0;
2072 goto done;
2073 }
2074
2075 if (errno != EBUSY) {
2076 perror("ioctl[SIOCSIWMODE]");
2077 goto done;
2078 }
2079
2080 /* mac80211 doesn't allow mode changes while the device is up, so if
2081 * the device isn't in the mode we're about to change to, take device
2082 * down, try to set the mode again, and bring it back up.
2083 */
2084 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
2085 perror("ioctl[SIOCGIWMODE]");
2086 goto done;
2087 }
2088
2089 if (iwr.u.mode == new_mode) {
2090 ret = 0;
2091 goto done;
2092 }
2093
2094 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0) {
2095 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
2096
2097 /* Try to set the mode again while the interface is down */
2098 iwr.u.mode = new_mode;
2099 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0)
2100 perror("ioctl[SIOCSIWMODE]");
2101 else
2102 ret = 0;
2103
2104 /* Ignore return value of get_ifflags to ensure that the device
2105 * is always up like it was before this function was called.
2106 */
2107 (void) wpa_driver_wext_get_ifflags(drv, &flags);
2108 (void) wpa_driver_wext_set_ifflags(drv, flags | IFF_UP);
2109 }
2110
2111 done:
2112 return ret;
2113 }
2114
2115
2116 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv,
2117 u32 cmd, const u8 *bssid, const u8 *pmkid)
2118 {
2119 struct iwreq iwr;
2120 struct iw_pmksa pmksa;
2121 int ret = 0;
2122
2123 os_memset(&iwr, 0, sizeof(iwr));
2124 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2125 os_memset(&pmksa, 0, sizeof(pmksa));
2126 pmksa.cmd = cmd;
2127 pmksa.bssid.sa_family = ARPHRD_ETHER;
2128 if (bssid)
2129 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2130 if (pmkid)
2131 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2132 iwr.u.data.pointer = (caddr_t) &pmksa;
2133 iwr.u.data.length = sizeof(pmksa);
2134
2135 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2136 if (errno != EOPNOTSUPP)
2137 perror("ioctl[SIOCSIWPMKSA]");
2138 ret = -1;
2139 }
2140
2141 return ret;
2142 }
2143
2144
2145 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid,
2146 const u8 *pmkid)
2147 {
2148 struct wpa_driver_wext_data *drv = priv;
2149 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
2150 }
2151
2152
2153 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid,
2154 const u8 *pmkid)
2155 {
2156 struct wpa_driver_wext_data *drv = priv;
2157 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
2158 }
2159
2160
2161 static int wpa_driver_wext_flush_pmkid(void *priv)
2162 {
2163 struct wpa_driver_wext_data *drv = priv;
2164 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2165 }
2166
2167
2168 int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa)
2169 {
2170 struct wpa_driver_wext_data *drv = priv;
2171 if (!drv->has_capability)
2172 return -1;
2173 os_memcpy(capa, &drv->capa, sizeof(*capa));
2174 return 0;
2175 }
2176
2177
2178 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
2179 const char *ifname)
2180 {
2181 if (ifname == NULL) {
2182 drv->ifindex2 = -1;
2183 return 0;
2184 }
2185
2186 drv->ifindex2 = if_nametoindex(ifname);
2187 if (drv->ifindex2 <= 0)
2188 return -1;
2189
2190 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for "
2191 "wireless events", drv->ifindex2, ifname);
2192
2193 return 0;
2194 }
2195
2196
2197 int wpa_driver_wext_set_operstate(void *priv, int state)
2198 {
2199 struct wpa_driver_wext_data *drv = priv;
2200
2201 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2202 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2203 drv->operstate = state;
2204 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
2205 state ? IF_OPER_UP : IF_OPER_DORMANT);
2206 }
2207
2208
2209 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv)
2210 {
2211 return drv->we_version_compiled;
2212 }
2213
2214
2215 const struct wpa_driver_ops wpa_driver_wext_ops = {
2216 .name = "wext",
2217 .desc = "Linux wireless extensions (generic)",
2218 .get_bssid = wpa_driver_wext_get_bssid,
2219 .get_ssid = wpa_driver_wext_get_ssid,
2220 .set_key = wpa_driver_wext_set_key,
2221 .set_countermeasures = wpa_driver_wext_set_countermeasures,
2222 .scan2 = wpa_driver_wext_scan,
2223 .get_scan_results2 = wpa_driver_wext_get_scan_results,
2224 .deauthenticate = wpa_driver_wext_deauthenticate,
2225 .disassociate = wpa_driver_wext_disassociate,
2226 .associate = wpa_driver_wext_associate,
2227 .init = wpa_driver_wext_init,
2228 .deinit = wpa_driver_wext_deinit,
2229 .add_pmkid = wpa_driver_wext_add_pmkid,
2230 .remove_pmkid = wpa_driver_wext_remove_pmkid,
2231 .flush_pmkid = wpa_driver_wext_flush_pmkid,
2232 .get_capa = wpa_driver_wext_get_capa,
2233 .set_operstate = wpa_driver_wext_set_operstate,
2234 };