search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Expand PMF_FN_* macros.
[netbsd-mini2440.git] / dist / wpa / src / drivers / driver_wext.c
blob6aac4276a7ade623262fe9d21f3d95254cd163e8
1 /*
2 * WPA Supplicant - driver interaction with generic Linux Wireless Extensions
3 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 *
14 * This file implements a driver interface for the Linux Wireless Extensions.
15 * When used with WE-18 or newer, this interface can be used as-is with number
16 * of drivers. In addition to this, some of the common functions in this file
17 * can be used by other driver interface implementations that use generic WE
18 * ioctls, but require private ioctls for some of the functionality.
19 */
20
21 #include "includes.h"
22 #include <sys/ioctl.h>
23 #include <net/if_arp.h>
24
25 #include "wireless_copy.h"
26 #include "common.h"
27 #include "driver.h"
28 #include "eloop.h"
29 #include "priv_netlink.h"
30 #include "driver_wext.h"
31 #include "ieee802_11_defs.h"
32 #include "wpa_common.h"
33
34 #ifdef CONFIG_CLIENT_MLME
35 #include <netpacket/packet.h>
36 /* old definitions from net/mac80211 */
37
38 typedef u32 __bitwise __be32;
39 typedef u64 __bitwise __be64;
40
41 #define PRISM2_IOCTL_PRISM2_PARAM (SIOCIWFIRSTPRIV + 0)
42 #define PRISM2_IOCTL_GET_PRISM2_PARAM (SIOCIWFIRSTPRIV + 1)
43 #define PRISM2_IOCTL_HOSTAPD (SIOCIWFIRSTPRIV + 3)
44
45 #define PRISM2_PARAM_USER_SPACE_MLME 1045
46 #define PRISM2_PARAM_MGMT_IF 1046
47 #define PRISM2_HOSTAPD_ADD_STA 2
48 #define PRISM2_HOSTAPD_REMOVE_STA 3
49 #define PRISM2_HOSTAPD_GET_HW_FEATURES 1002
50 #define PRISM2_HOSTAPD_MAX_BUF_SIZE 2048
51
52 #ifndef ALIGNED
53 #define ALIGNED __attribute__ ((aligned))
54 #endif
55
56 struct prism2_hostapd_param {
57 u32 cmd;
58 u8 sta_addr[ETH_ALEN];
59 u8 pad[2];
60 union {
61 struct {
62 u16 aid;
63 u16 capability;
64 u8 supp_rates[32];
65 u8 wds_flags;
66 #define IEEE80211_STA_DYNAMIC_ENC BIT(0)
67 u8 enc_flags;
68 u16 listen_interval;
69 } add_sta;
70 struct {
71 u16 num_modes;
72 u16 flags;
73 u8 data[0] ALIGNED; /* num_modes * feature data */
74 } hw_features;
75 struct {
76 u16 mode; /* MODE_* */
77 u16 num_supported_rates;
78 u16 num_basic_rates;
79 u8 data[0] ALIGNED; /* num_supported_rates * u16 +
80 * num_basic_rates * u16 */
81 } set_rate_sets;
82 struct {
83 u16 mode; /* MODE_* */
84 u16 chan;
85 u32 flag;
86 u8 power_level; /* regulatory limit in dBm */
87 u8 antenna_max;
88 } set_channel_flag;
89 struct {
90 u32 rd;
91 } set_regulatory_domain;
92 struct {
93 u32 queue;
94 s32 aifs;
95 u32 cw_min;
96 u32 cw_max;
97 u32 burst_time; /* maximum burst time in 0.1 ms, i.e.,
98 * 10 = 1 ms */
99 } tx_queue_params;
100 } u;
101 };
102
103 struct hostapd_ioctl_hw_modes_hdr {
104 int mode;
105 int num_channels;
106 int num_rates;
107 };
108
109 /*
110 * frame format for the management interface that is slated
111 * to be replaced by "cooked monitor" with radiotap
112 */
113 #define IEEE80211_FI_VERSION 0x80211001
114 struct ieee80211_frame_info {
115 __be32 version;
116 __be32 length;
117 __be64 mactime;
118 __be64 hosttime;
119 __be32 phytype;
120 __be32 channel;
121 __be32 datarate;
122 __be32 antenna;
123 __be32 priority;
124 __be32 ssi_type;
125 __be32 ssi_signal;
126 __be32 ssi_noise;
127 __be32 preamble;
128 __be32 encoding;
129
130 /* Note: this structure is otherwise identical to capture format used
131 * in linux-wlan-ng, but this additional field is used to provide meta
132 * data about the frame to hostapd. This was the easiest method for
133 * providing this information, but this might change in the future. */
134 __be32 msg_type;
135 } __attribute__ ((packed));
136
137 /* old mode definitions */
138 enum {
139 MODE_IEEE80211A = 0 /* IEEE 802.11a */,
140 MODE_IEEE80211B = 1 /* IEEE 802.11b only */,
141 MODE_ATHEROS_TURBO = 2 /* Atheros Turbo mode (2x.11a at 5 GHz) */,
142 MODE_IEEE80211G = 3 /* IEEE 802.11g (and 802.11b compatibility) */,
143 MODE_ATHEROS_TURBOG = 4 /* Atheros Turbo mode (2x.11g at 2.4 GHz) */,
144 NUM_IEEE80211_MODES = 5
145 };
146
147 #ifndef ETH_P_ALL
148 #define ETH_P_ALL 0x0003
149 #endif
150 #endif /* CONFIG_CLIENT_MLME */
151
152
153
154
155 static int wpa_driver_wext_flush_pmkid(void *priv);
156 static int wpa_driver_wext_get_range(void *priv);
157 static void wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv);
158
159
160 static int wpa_driver_wext_send_oper_ifla(struct wpa_driver_wext_data *drv,
161 int linkmode, int operstate)
162 {
163 struct {
164 struct nlmsghdr hdr;
165 struct ifinfomsg ifinfo;
166 char opts[16];
167 } req;
168 struct rtattr *rta;
169 static int nl_seq;
170 ssize_t ret;
171
172 os_memset(&req, 0, sizeof(req));
173
174 req.hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
175 req.hdr.nlmsg_type = RTM_SETLINK;
176 req.hdr.nlmsg_flags = NLM_F_REQUEST;
177 req.hdr.nlmsg_seq = ++nl_seq;
178 req.hdr.nlmsg_pid = 0;
179
180 req.ifinfo.ifi_family = AF_UNSPEC;
181 req.ifinfo.ifi_type = 0;
182 req.ifinfo.ifi_index = drv->ifindex;
183 req.ifinfo.ifi_flags = 0;
184 req.ifinfo.ifi_change = 0;
185
186 if (linkmode != -1) {
187 rta = (struct rtattr *)
188 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
189 rta->rta_type = IFLA_LINKMODE;
190 rta->rta_len = RTA_LENGTH(sizeof(char));
191 *((char *) RTA_DATA(rta)) = linkmode;
192 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
193 RTA_LENGTH(sizeof(char));
194 }
195 if (operstate != -1) {
196 rta = (struct rtattr *)
197 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
198 rta->rta_type = IFLA_OPERSTATE;
199 rta->rta_len = RTA_LENGTH(sizeof(char));
200 *((char *) RTA_DATA(rta)) = operstate;
201 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
202 RTA_LENGTH(sizeof(char));
203 }
204
205 wpa_printf(MSG_DEBUG, "WEXT: Operstate: linkmode=%d, operstate=%d",
206 linkmode, operstate);
207
208 ret = send(drv->event_sock, &req, req.hdr.nlmsg_len, 0);
209 if (ret < 0) {
210 wpa_printf(MSG_DEBUG, "WEXT: Sending operstate IFLA failed: "
211 "%s (assume operstate is not supported)",
212 strerror(errno));
213 }
214
215 return ret < 0 ? -1 : 0;
216 }
217
218
219 int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv,
220 int idx, u32 value)
221 {
222 struct iwreq iwr;
223 int ret = 0;
224
225 os_memset(&iwr, 0, sizeof(iwr));
226 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
227 iwr.u.param.flags = idx & IW_AUTH_INDEX;
228 iwr.u.param.value = value;
229
230 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
231 if (errno != EOPNOTSUPP) {
232 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
233 "value 0x%x) failed: %s)",
234 idx, value, strerror(errno));
235 }
236 ret = errno == EOPNOTSUPP ? -2 : -1;
237 }
238
239 return ret;
240 }
241
242
243 /**
244 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP
245 * @priv: Pointer to private wext data from wpa_driver_wext_init()
246 * @bssid: Buffer for BSSID
247 * Returns: 0 on success, -1 on failure
248 */
249 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid)
250 {
251 struct wpa_driver_wext_data *drv = priv;
252 struct iwreq iwr;
253 int ret = 0;
254
255 os_memset(&iwr, 0, sizeof(iwr));
256 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
257
258 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
259 perror("ioctl[SIOCGIWAP]");
260 ret = -1;
261 }
262 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
263
264 return ret;
265 }
266
267
268 /**
269 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP
270 * @priv: Pointer to private wext data from wpa_driver_wext_init()
271 * @bssid: BSSID
272 * Returns: 0 on success, -1 on failure
273 */
274 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid)
275 {
276 struct wpa_driver_wext_data *drv = priv;
277 struct iwreq iwr;
278 int ret = 0;
279
280 os_memset(&iwr, 0, sizeof(iwr));
281 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
282 iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
283 if (bssid)
284 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
285 else
286 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
287
288 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
289 perror("ioctl[SIOCSIWAP]");
290 ret = -1;
291 }
292
293 return ret;
294 }
295
296
297 /**
298 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID
299 * @priv: Pointer to private wext data from wpa_driver_wext_init()
300 * @ssid: Buffer for the SSID; must be at least 32 bytes long
301 * Returns: SSID length on success, -1 on failure
302 */
303 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid)
304 {
305 struct wpa_driver_wext_data *drv = priv;
306 struct iwreq iwr;
307 int ret = 0;
308
309 os_memset(&iwr, 0, sizeof(iwr));
310 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
311 iwr.u.essid.pointer = (caddr_t) ssid;
312 iwr.u.essid.length = 32;
313
314 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
315 perror("ioctl[SIOCGIWESSID]");
316 ret = -1;
317 } else {
318 ret = iwr.u.essid.length;
319 if (ret > 32)
320 ret = 32;
321 /* Some drivers include nul termination in the SSID, so let's
322 * remove it here before further processing. WE-21 changes this
323 * to explicitly require the length _not_ to include nul
324 * termination. */
325 if (ret > 0 && ssid[ret - 1] == '\0' &&
326 drv->we_version_compiled < 21)
327 ret--;
328 }
329
330 return ret;
331 }
332
333
334 /**
335 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID
336 * @priv: Pointer to private wext data from wpa_driver_wext_init()
337 * @ssid: SSID
338 * @ssid_len: Length of SSID (0..32)
339 * Returns: 0 on success, -1 on failure
340 */
341 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
342 {
343 struct wpa_driver_wext_data *drv = priv;
344 struct iwreq iwr;
345 int ret = 0;
346 char buf[33];
347
348 if (ssid_len > 32)
349 return -1;
350
351 os_memset(&iwr, 0, sizeof(iwr));
352 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
353 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */
354 iwr.u.essid.flags = (ssid_len != 0);
355 os_memset(buf, 0, sizeof(buf));
356 os_memcpy(buf, ssid, ssid_len);
357 iwr.u.essid.pointer = (caddr_t) buf;
358 if (drv->we_version_compiled < 21) {
359 /* For historic reasons, set SSID length to include one extra
360 * character, C string nul termination, even though SSID is
361 * really an octet string that should not be presented as a C
362 * string. Some Linux drivers decrement the length by one and
363 * can thus end up missing the last octet of the SSID if the
364 * length is not incremented here. WE-21 changes this to
365 * explicitly require the length _not_ to include nul
366 * termination. */
367 if (ssid_len)
368 ssid_len++;
369 }
370 iwr.u.essid.length = ssid_len;
371
372 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
373 perror("ioctl[SIOCSIWESSID]");
374 ret = -1;
375 }
376
377 return ret;
378 }
379
380
381 /**
382 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ
383 * @priv: Pointer to private wext data from wpa_driver_wext_init()
384 * @freq: Frequency in MHz
385 * Returns: 0 on success, -1 on failure
386 */
387 int wpa_driver_wext_set_freq(void *priv, int freq)
388 {
389 struct wpa_driver_wext_data *drv = priv;
390 struct iwreq iwr;
391 int ret = 0;
392
393 os_memset(&iwr, 0, sizeof(iwr));
394 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
395 iwr.u.freq.m = freq * 100000;
396 iwr.u.freq.e = 1;
397
398 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
399 perror("ioctl[SIOCSIWFREQ]");
400 ret = -1;
401 }
402
403 return ret;
404 }
405
406
407 static void
408 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
409 {
410 union wpa_event_data data;
411
412 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
413 custom);
414
415 os_memset(&data, 0, sizeof(data));
416 /* Host AP driver */
417 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
418 data.michael_mic_failure.unicast =
419 os_strstr(custom, " unicast ") != NULL;
420 /* TODO: parse parameters(?) */
421 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
422 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
423 char *spos;
424 int bytes;
425
426 spos = custom + 17;
427
428 bytes = strspn(spos, "0123456789abcdefABCDEF");
429 if (!bytes || (bytes & 1))
430 return;
431 bytes /= 2;
432
433 data.assoc_info.req_ies = os_malloc(bytes);
434 if (data.assoc_info.req_ies == NULL)
435 return;
436
437 data.assoc_info.req_ies_len = bytes;
438 hexstr2bin(spos, data.assoc_info.req_ies, bytes);
439
440 spos += bytes * 2;
441
442 data.assoc_info.resp_ies = NULL;
443 data.assoc_info.resp_ies_len = 0;
444
445 if (os_strncmp(spos, " RespIEs=", 9) == 0) {
446 spos += 9;
447
448 bytes = strspn(spos, "0123456789abcdefABCDEF");
449 if (!bytes || (bytes & 1))
450 goto done;
451 bytes /= 2;
452
453 data.assoc_info.resp_ies = os_malloc(bytes);
454 if (data.assoc_info.resp_ies == NULL)
455 goto done;
456
457 data.assoc_info.resp_ies_len = bytes;
458 hexstr2bin(spos, data.assoc_info.resp_ies, bytes);
459 }
460
461 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
462
463 done:
464 os_free(data.assoc_info.resp_ies);
465 os_free(data.assoc_info.req_ies);
466 #ifdef CONFIG_PEERKEY
467 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
468 if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
469 wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
470 "STKSTART.request '%s'", custom + 17);
471 return;
472 }
473 wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
474 #endif /* CONFIG_PEERKEY */
475 }
476 }
477
478
479 static int wpa_driver_wext_event_wireless_michaelmicfailure(
480 void *ctx, const char *ev, size_t len)
481 {
482 const struct iw_michaelmicfailure *mic;
483 union wpa_event_data data;
484
485 if (len < sizeof(*mic))
486 return -1;
487
488 mic = (const struct iw_michaelmicfailure *) ev;
489
490 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
491 "flags=0x%x src_addr=" MACSTR, mic->flags,
492 MAC2STR(mic->src_addr.sa_data));
493
494 os_memset(&data, 0, sizeof(data));
495 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
496 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
497
498 return 0;
499 }
500
501
502 static int wpa_driver_wext_event_wireless_pmkidcand(
503 struct wpa_driver_wext_data *drv, const char *ev, size_t len)
504 {
505 const struct iw_pmkid_cand *cand;
506 union wpa_event_data data;
507 const u8 *addr;
508
509 if (len < sizeof(*cand))
510 return -1;
511
512 cand = (const struct iw_pmkid_cand *) ev;
513 addr = (const u8 *) cand->bssid.sa_data;
514
515 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
516 "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
517 cand->index, MAC2STR(addr));
518
519 os_memset(&data, 0, sizeof(data));
520 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
521 data.pmkid_candidate.index = cand->index;
522 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
523 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
524
525 return 0;
526 }
527
528
529 static int wpa_driver_wext_event_wireless_assocreqie(
530 struct wpa_driver_wext_data *drv, const char *ev, int len)
531 {
532 if (len < 0)
533 return -1;
534
535 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
536 len);
537 os_free(drv->assoc_req_ies);
538 drv->assoc_req_ies = os_malloc(len);
539 if (drv->assoc_req_ies == NULL) {
540 drv->assoc_req_ies_len = 0;
541 return -1;
542 }
543 os_memcpy(drv->assoc_req_ies, ev, len);
544 drv->assoc_req_ies_len = len;
545
546 return 0;
547 }
548
549
550 static int wpa_driver_wext_event_wireless_assocrespie(
551 struct wpa_driver_wext_data *drv, const char *ev, int len)
552 {
553 if (len < 0)
554 return -1;
555
556 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
557 len);
558 os_free(drv->assoc_resp_ies);
559 drv->assoc_resp_ies = os_malloc(len);
560 if (drv->assoc_resp_ies == NULL) {
561 drv->assoc_resp_ies_len = 0;
562 return -1;
563 }
564 os_memcpy(drv->assoc_resp_ies, ev, len);
565 drv->assoc_resp_ies_len = len;
566
567 return 0;
568 }
569
570
571 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv)
572 {
573 union wpa_event_data data;
574
575 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
576 return;
577
578 os_memset(&data, 0, sizeof(data));
579 if (drv->assoc_req_ies) {
580 data.assoc_info.req_ies = drv->assoc_req_ies;
581 drv->assoc_req_ies = NULL;
582 data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
583 }
584 if (drv->assoc_resp_ies) {
585 data.assoc_info.resp_ies = drv->assoc_resp_ies;
586 drv->assoc_resp_ies = NULL;
587 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
588 }
589
590 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
591
592 os_free(data.assoc_info.req_ies);
593 os_free(data.assoc_info.resp_ies);
594 }
595
596
597 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
598 void *ctx, char *data, int len)
599 {
600 struct iw_event iwe_buf, *iwe = &iwe_buf;
601 char *pos, *end, *custom, *buf;
602
603 pos = data;
604 end = data + len;
605
606 while (pos + IW_EV_LCP_LEN <= end) {
607 /* Event data may be unaligned, so make a local, aligned copy
608 * before processing. */
609 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
610 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
611 iwe->cmd, iwe->len);
612 if (iwe->len <= IW_EV_LCP_LEN)
613 return;
614
615 custom = pos + IW_EV_POINT_LEN;
616 if (drv->we_version_compiled > 18 &&
617 (iwe->cmd == IWEVMICHAELMICFAILURE ||
618 iwe->cmd == IWEVCUSTOM ||
619 iwe->cmd == IWEVASSOCREQIE ||
620 iwe->cmd == IWEVASSOCRESPIE ||
621 iwe->cmd == IWEVPMKIDCAND)) {
622 /* WE-19 removed the pointer from struct iw_point */
623 char *dpos = (char *) &iwe_buf.u.data.length;
624 int dlen = dpos - (char *) &iwe_buf;
625 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
626 sizeof(struct iw_event) - dlen);
627 } else {
628 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
629 custom += IW_EV_POINT_OFF;
630 }
631
632 switch (iwe->cmd) {
633 case SIOCGIWAP:
634 wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
635 MACSTR,
636 MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
637 if (is_zero_ether_addr(
638 (const u8 *) iwe->u.ap_addr.sa_data) ||
639 os_memcmp(iwe->u.ap_addr.sa_data,
640 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
641 0) {
642 os_free(drv->assoc_req_ies);
643 drv->assoc_req_ies = NULL;
644 os_free(drv->assoc_resp_ies);
645 drv->assoc_resp_ies = NULL;
646 wpa_supplicant_event(ctx, EVENT_DISASSOC,
647 NULL);
648
649 } else {
650 wpa_driver_wext_event_assoc_ies(drv);
651 wpa_supplicant_event(ctx, EVENT_ASSOC, NULL);
652 }
653 break;
654 case IWEVMICHAELMICFAILURE:
655 wpa_driver_wext_event_wireless_michaelmicfailure(
656 ctx, custom, iwe->u.data.length);
657 break;
658 case IWEVCUSTOM:
659 if (custom + iwe->u.data.length > end)
660 return;
661 buf = os_malloc(iwe->u.data.length + 1);
662 if (buf == NULL)
663 return;
664 os_memcpy(buf, custom, iwe->u.data.length);
665 buf[iwe->u.data.length] = '\0';
666 wpa_driver_wext_event_wireless_custom(ctx, buf);
667 os_free(buf);
668 break;
669 case SIOCGIWSCAN:
670 drv->scan_complete_events = 1;
671 eloop_cancel_timeout(wpa_driver_wext_scan_timeout,
672 drv, ctx);
673 wpa_supplicant_event(ctx, EVENT_SCAN_RESULTS, NULL);
674 break;
675 case IWEVASSOCREQIE:
676 wpa_driver_wext_event_wireless_assocreqie(
677 drv, custom, iwe->u.data.length);
678 break;
679 case IWEVASSOCRESPIE:
680 wpa_driver_wext_event_wireless_assocrespie(
681 drv, custom, iwe->u.data.length);
682 break;
683 case IWEVPMKIDCAND:
684 wpa_driver_wext_event_wireless_pmkidcand(
685 drv, custom, iwe->u.data.length);
686 break;
687 }
688
689 pos += iwe->len;
690 }
691 }
692
693
694 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv,
695 void *ctx, char *buf, size_t len,
696 int del)
697 {
698 union wpa_event_data event;
699
700 os_memset(&event, 0, sizeof(event));
701 if (len > sizeof(event.interface_status.ifname))
702 len = sizeof(event.interface_status.ifname) - 1;
703 os_memcpy(event.interface_status.ifname, buf, len);
704 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
705 EVENT_INTERFACE_ADDED;
706
707 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
708 del ? "DEL" : "NEW",
709 event.interface_status.ifname,
710 del ? "removed" : "added");
711
712 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
713 if (del)
714 drv->if_removed = 1;
715 else
716 drv->if_removed = 0;
717 }
718
719 wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event);
720 }
721
722
723 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv,
724 struct nlmsghdr *h)
725 {
726 struct ifinfomsg *ifi;
727 int attrlen, nlmsg_len, rta_len;
728 struct rtattr *attr;
729
730 ifi = NLMSG_DATA(h);
731
732 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
733
734 attrlen = h->nlmsg_len - nlmsg_len;
735 if (attrlen < 0)
736 return 0;
737
738 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
739
740 rta_len = RTA_ALIGN(sizeof(struct rtattr));
741 while (RTA_OK(attr, attrlen)) {
742 if (attr->rta_type == IFLA_IFNAME) {
743 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
744 == 0)
745 return 1;
746 else
747 break;
748 }
749 attr = RTA_NEXT(attr, attrlen);
750 }
751
752 return 0;
753 }
754
755
756 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv,
757 int ifindex, struct nlmsghdr *h)
758 {
759 if (drv->ifindex == ifindex || drv->ifindex2 == ifindex)
760 return 1;
761
762 if (drv->if_removed && wpa_driver_wext_own_ifname(drv, h)) {
763 drv->ifindex = if_nametoindex(drv->ifname);
764 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed "
765 "interface");
766 wpa_driver_wext_finish_drv_init(drv);
767 return 1;
768 }
769
770 return 0;
771 }
772
773
774 static void wpa_driver_wext_event_rtm_newlink(struct wpa_driver_wext_data *drv,
775 void *ctx, struct nlmsghdr *h,
776 size_t len)
777 {
778 struct ifinfomsg *ifi;
779 int attrlen, nlmsg_len, rta_len;
780 struct rtattr * attr;
781
782 if (len < sizeof(*ifi))
783 return;
784
785 ifi = NLMSG_DATA(h);
786
787 if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, h)) {
788 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
789 ifi->ifi_index);
790 return;
791 }
792
793 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
794 "(%s%s%s%s)",
795 drv->operstate, ifi->ifi_flags,
796 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
797 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
798 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
799 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
800 /*
801 * Some drivers send the association event before the operup event--in
802 * this case, lifting operstate in wpa_driver_wext_set_operstate()
803 * fails. This will hit us when wpa_supplicant does not need to do
804 * IEEE 802.1X authentication
805 */
806 if (drv->operstate == 1 &&
807 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
808 !(ifi->ifi_flags & IFF_RUNNING))
809 wpa_driver_wext_send_oper_ifla(drv, -1, IF_OPER_UP);
810
811 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
812
813 attrlen = h->nlmsg_len - nlmsg_len;
814 if (attrlen < 0)
815 return;
816
817 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
818
819 rta_len = RTA_ALIGN(sizeof(struct rtattr));
820 while (RTA_OK(attr, attrlen)) {
821 if (attr->rta_type == IFLA_WIRELESS) {
822 wpa_driver_wext_event_wireless(
823 drv, ctx, ((char *) attr) + rta_len,
824 attr->rta_len - rta_len);
825 } else if (attr->rta_type == IFLA_IFNAME) {
826 wpa_driver_wext_event_link(drv, ctx,
827 ((char *) attr) + rta_len,
828 attr->rta_len - rta_len, 0);
829 }
830 attr = RTA_NEXT(attr, attrlen);
831 }
832 }
833
834
835 static void wpa_driver_wext_event_rtm_dellink(struct wpa_driver_wext_data *drv,
836 void *ctx, struct nlmsghdr *h,
837 size_t len)
838 {
839 struct ifinfomsg *ifi;
840 int attrlen, nlmsg_len, rta_len;
841 struct rtattr * attr;
842
843 if (len < sizeof(*ifi))
844 return;
845
846 ifi = NLMSG_DATA(h);
847
848 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
849
850 attrlen = h->nlmsg_len - nlmsg_len;
851 if (attrlen < 0)
852 return;
853
854 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
855
856 rta_len = RTA_ALIGN(sizeof(struct rtattr));
857 while (RTA_OK(attr, attrlen)) {
858 if (attr->rta_type == IFLA_IFNAME) {
859 wpa_driver_wext_event_link(drv, ctx,
860 ((char *) attr) + rta_len,
861 attr->rta_len - rta_len, 1);
862 }
863 attr = RTA_NEXT(attr, attrlen);
864 }
865 }
866
867
868 static void wpa_driver_wext_event_receive(int sock, void *eloop_ctx,
869 void *sock_ctx)
870 {
871 char buf[8192];
872 int left;
873 struct sockaddr_nl from;
874 socklen_t fromlen;
875 struct nlmsghdr *h;
876 int max_events = 10;
877
878 try_again:
879 fromlen = sizeof(from);
880 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
881 (struct sockaddr *) &from, &fromlen);
882 if (left < 0) {
883 if (errno != EINTR && errno != EAGAIN)
884 perror("recvfrom(netlink)");
885 return;
886 }
887
888 h = (struct nlmsghdr *) buf;
889 while (left >= (int) sizeof(*h)) {
890 int len, plen;
891
892 len = h->nlmsg_len;
893 plen = len - sizeof(*h);
894 if (len > left || plen < 0) {
895 wpa_printf(MSG_DEBUG, "Malformed netlink message: "
896 "len=%d left=%d plen=%d",
897 len, left, plen);
898 break;
899 }
900
901 switch (h->nlmsg_type) {
902 case RTM_NEWLINK:
903 wpa_driver_wext_event_rtm_newlink(eloop_ctx, sock_ctx,
904 h, plen);
905 break;
906 case RTM_DELLINK:
907 wpa_driver_wext_event_rtm_dellink(eloop_ctx, sock_ctx,
908 h, plen);
909 break;
910 }
911
912 len = NLMSG_ALIGN(len);
913 left -= len;
914 h = (struct nlmsghdr *) ((char *) h + len);
915 }
916
917 if (left > 0) {
918 wpa_printf(MSG_DEBUG, "%d extra bytes in the end of netlink "
919 "message", left);
920 }
921
922 if (--max_events > 0) {
923 /*
924 * Try to receive all events in one eloop call in order to
925 * limit race condition on cases where AssocInfo event, Assoc
926 * event, and EAPOL frames are received more or less at the
927 * same time. We want to process the event messages first
928 * before starting EAPOL processing.
929 */
930 goto try_again;
931 }
932 }
933
934
935 static int wpa_driver_wext_get_ifflags_ifname(struct wpa_driver_wext_data *drv,
936 const char *ifname, int *flags)
937 {
938 struct ifreq ifr;
939
940 os_memset(&ifr, 0, sizeof(ifr));
941 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
942 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
943 perror("ioctl[SIOCGIFFLAGS]");
944 return -1;
945 }
946 *flags = ifr.ifr_flags & 0xffff;
947 return 0;
948 }
949
950
951 /**
952 * wpa_driver_wext_get_ifflags - Get interface flags (SIOCGIFFLAGS)
953 * @drv: driver_wext private data
954 * @flags: Pointer to returned flags value
955 * Returns: 0 on success, -1 on failure
956 */
957 int wpa_driver_wext_get_ifflags(struct wpa_driver_wext_data *drv, int *flags)
958 {
959 return wpa_driver_wext_get_ifflags_ifname(drv, drv->ifname, flags);
960 }
961
962
963 static int wpa_driver_wext_set_ifflags_ifname(struct wpa_driver_wext_data *drv,
964 const char *ifname, int flags)
965 {
966 struct ifreq ifr;
967
968 os_memset(&ifr, 0, sizeof(ifr));
969 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
970 ifr.ifr_flags = flags & 0xffff;
971 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
972 perror("SIOCSIFFLAGS");
973 return -1;
974 }
975 return 0;
976 }
977
978
979 #ifdef CONFIG_CLIENT_MLME
980
981 static int wpa_driver_prism2_param_set(struct wpa_driver_wext_data *drv,
982 int param, int value)
983 {
984 struct iwreq iwr;
985 int *i;
986
987 os_memset(&iwr, 0, sizeof(iwr));
988 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
989 i = (int *) iwr.u.name;
990 *i++ = param;
991 *i++ = value;
992
993 return ioctl(drv->ioctl_sock, PRISM2_IOCTL_PRISM2_PARAM, &iwr);
994 }
995
996
997 static int wpa_driver_prism2_param_get(struct wpa_driver_wext_data *drv,
998 int param)
999 {
1000 struct iwreq iwr;
1001 int *i;
1002
1003 os_memset(&iwr, 0, sizeof(iwr));
1004 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1005 i = (int *) iwr.u.name;
1006 *i = param;
1007
1008 if (ioctl(drv->ioctl_sock, PRISM2_IOCTL_GET_PRISM2_PARAM, &iwr) < 0) {
1009 perror("ioctl[PRISM2_IOCTL_GET_PRISM2_PARAM]");
1010 return -1;
1011 }
1012
1013 return *i;
1014 }
1015
1016 #endif /* CONFIG_CLIENT_MLME */
1017
1018
1019 /**
1020 * wpa_driver_wext_set_ifflags - Set interface flags (SIOCSIFFLAGS)
1021 * @drv: driver_wext private data
1022 * @flags: New value for flags
1023 * Returns: 0 on success, -1 on failure
1024 */
1025 int wpa_driver_wext_set_ifflags(struct wpa_driver_wext_data *drv, int flags)
1026 {
1027 return wpa_driver_wext_set_ifflags_ifname(drv, drv->ifname, flags);
1028 }
1029
1030
1031 /**
1032 * wpa_driver_wext_init - Initialize WE driver interface
1033 * @ctx: context to be used when calling wpa_supplicant functions,
1034 * e.g., wpa_supplicant_event()
1035 * @ifname: interface name, e.g., wlan0
1036 * Returns: Pointer to private data, %NULL on failure
1037 */
1038 void * wpa_driver_wext_init(void *ctx, const char *ifname)
1039 {
1040 int s;
1041 struct sockaddr_nl local;
1042 struct wpa_driver_wext_data *drv;
1043
1044 drv = os_zalloc(sizeof(*drv));
1045 if (drv == NULL)
1046 return NULL;
1047 drv->ctx = ctx;
1048 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
1049
1050 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1051 if (drv->ioctl_sock < 0) {
1052 perror("socket(PF_INET,SOCK_DGRAM)");
1053 os_free(drv);
1054 return NULL;
1055 }
1056
1057 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
1058 if (s < 0) {
1059 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
1060 close(drv->ioctl_sock);
1061 os_free(drv);
1062 return NULL;
1063 }
1064
1065 os_memset(&local, 0, sizeof(local));
1066 local.nl_family = AF_NETLINK;
1067 local.nl_groups = RTMGRP_LINK;
1068 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
1069 perror("bind(netlink)");
1070 close(s);
1071 close(drv->ioctl_sock);
1072 os_free(drv);
1073 return NULL;
1074 }
1075
1076 eloop_register_read_sock(s, wpa_driver_wext_event_receive, drv, ctx);
1077 drv->event_sock = s;
1078
1079 drv->mlme_sock = -1;
1080
1081 wpa_driver_wext_finish_drv_init(drv);
1082
1083 return drv;
1084 }
1085
1086
1087 static void wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv)
1088 {
1089 int flags;
1090
1091 if (wpa_driver_wext_get_ifflags(drv, &flags) != 0)
1092 printf("Could not get interface '%s' flags\n", drv->ifname);
1093 else if (!(flags & IFF_UP)) {
1094 if (wpa_driver_wext_set_ifflags(drv, flags | IFF_UP) != 0) {
1095 printf("Could not set interface '%s' UP\n",
1096 drv->ifname);
1097 } else {
1098 /*
1099 * Wait some time to allow driver to initialize before
1100 * starting configuring the driver. This seems to be
1101 * needed at least some drivers that load firmware etc.
1102 * when the interface is set up.
1103 */
1104 wpa_printf(MSG_DEBUG, "Interface %s set UP - waiting "
1105 "a second for the driver to complete "
1106 "initialization", drv->ifname);
1107 sleep(1);
1108 }
1109 }
1110
1111 /*
1112 * Make sure that the driver does not have any obsolete PMKID entries.
1113 */
1114 wpa_driver_wext_flush_pmkid(drv);
1115
1116 if (wpa_driver_wext_set_mode(drv, 0) < 0) {
1117 printf("Could not configure driver to use managed mode\n");
1118 }
1119
1120 wpa_driver_wext_get_range(drv);
1121
1122 drv->ifindex = if_nametoindex(drv->ifname);
1123
1124 if (os_strncmp(drv->ifname, "wlan", 4) == 0) {
1125 /*
1126 * Host AP driver may use both wlan# and wifi# interface in
1127 * wireless events. Since some of the versions included WE-18
1128 * support, let's add the alternative ifindex also from
1129 * driver_wext.c for the time being. This may be removed at
1130 * some point once it is believed that old versions of the
1131 * driver are not in use anymore.
1132 */
1133 char ifname2[IFNAMSIZ + 1];
1134 os_strlcpy(ifname2, drv->ifname, sizeof(ifname2));
1135 os_memcpy(ifname2, "wifi", 4);
1136 wpa_driver_wext_alternative_ifindex(drv, ifname2);
1137 }
1138
1139 wpa_driver_wext_send_oper_ifla(drv, 1, IF_OPER_DORMANT);
1140 }
1141
1142
1143 /**
1144 * wpa_driver_wext_deinit - Deinitialize WE driver interface
1145 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1146 *
1147 * Shut down driver interface and processing of driver events. Free
1148 * private data buffer if one was allocated in wpa_driver_wext_init().
1149 */
1150 void wpa_driver_wext_deinit(void *priv)
1151 {
1152 struct wpa_driver_wext_data *drv = priv;
1153 int flags;
1154
1155 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1156
1157 /*
1158 * Clear possibly configured driver parameters in order to make it
1159 * easier to use the driver after wpa_supplicant has been terminated.
1160 */
1161 (void) wpa_driver_wext_set_bssid(drv,
1162 (u8 *) "\x00\x00\x00\x00\x00\x00");
1163
1164 wpa_driver_wext_send_oper_ifla(priv, 0, IF_OPER_UP);
1165
1166 eloop_unregister_read_sock(drv->event_sock);
1167 if (drv->mlme_sock >= 0)
1168 eloop_unregister_read_sock(drv->mlme_sock);
1169
1170 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0)
1171 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
1172
1173 #ifdef CONFIG_CLIENT_MLME
1174 if (drv->mlmedev[0]) {
1175 if (wpa_driver_wext_get_ifflags_ifname(drv, drv->mlmedev,
1176 &flags) == 0)
1177 (void) wpa_driver_wext_set_ifflags_ifname(
1178 drv, drv->mlmedev, flags & ~IFF_UP);
1179 wpa_driver_prism2_param_set(drv, PRISM2_PARAM_MGMT_IF, 0);
1180 wpa_driver_prism2_param_set(drv, PRISM2_PARAM_USER_SPACE_MLME,
1181 0);
1182 }
1183 #endif /* CONFIG_CLIENT_MLME */
1184
1185 close(drv->event_sock);
1186 close(drv->ioctl_sock);
1187 if (drv->mlme_sock >= 0)
1188 close(drv->mlme_sock);
1189 os_free(drv->assoc_req_ies);
1190 os_free(drv->assoc_resp_ies);
1191 os_free(drv);
1192 }
1193
1194
1195 /**
1196 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion
1197 * @eloop_ctx: Unused
1198 * @timeout_ctx: ctx argument given to wpa_driver_wext_init()
1199 *
1200 * This function can be used as registered timeout when starting a scan to
1201 * generate a scan completed event if the driver does not report this.
1202 */
1203 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1204 {
1205 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1206 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1207 }
1208
1209
1210 /**
1211 * wpa_driver_wext_scan - Request the driver to initiate scan
1212 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1213 * @ssid: Specific SSID to scan for (ProbeReq) or %NULL to scan for
1214 * all SSIDs (either active scan with broadcast SSID or passive
1215 * scan
1216 * @ssid_len: Length of the SSID
1217 * Returns: 0 on success, -1 on failure
1218 */
1219 int wpa_driver_wext_scan(void *priv, const u8 *ssid, size_t ssid_len)
1220 {
1221 struct wpa_driver_wext_data *drv = priv;
1222 struct iwreq iwr;
1223 int ret = 0, timeout;
1224 struct iw_scan_req req;
1225
1226 if (ssid_len > IW_ESSID_MAX_SIZE) {
1227 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
1228 __FUNCTION__, (unsigned long) ssid_len);
1229 return -1;
1230 }
1231
1232 os_memset(&iwr, 0, sizeof(iwr));
1233 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1234
1235 if (ssid && ssid_len) {
1236 os_memset(&req, 0, sizeof(req));
1237 req.essid_len = ssid_len;
1238 req.bssid.sa_family = ARPHRD_ETHER;
1239 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
1240 os_memcpy(req.essid, ssid, ssid_len);
1241 iwr.u.data.pointer = (caddr_t) &req;
1242 iwr.u.data.length = sizeof(req);
1243 iwr.u.data.flags = IW_SCAN_THIS_ESSID;
1244 }
1245
1246 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
1247 perror("ioctl[SIOCSIWSCAN]");
1248 ret = -1;
1249 }
1250
1251 /* Not all drivers generate "scan completed" wireless event, so try to
1252 * read results after a timeout. */
1253 timeout = 5;
1254 if (drv->scan_complete_events) {
1255 /*
1256 * The driver seems to deliver SIOCGIWSCAN events to notify
1257 * when scan is complete, so use longer timeout to avoid race
1258 * conditions with scanning and following association request.
1259 */
1260 timeout = 30;
1261 }
1262 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1263 "seconds", ret, timeout);
1264 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1265 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv,
1266 drv->ctx);
1267
1268 return ret;
1269 }
1270
1271
1272 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv,
1273 size_t *len)
1274 {
1275 struct iwreq iwr;
1276 u8 *res_buf;
1277 size_t res_buf_len;
1278
1279 res_buf_len = IW_SCAN_MAX_DATA;
1280 for (;;) {
1281 res_buf = os_malloc(res_buf_len);
1282 if (res_buf == NULL)
1283 return NULL;
1284 os_memset(&iwr, 0, sizeof(iwr));
1285 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1286 iwr.u.data.pointer = res_buf;
1287 iwr.u.data.length = res_buf_len;
1288
1289 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
1290 break;
1291
1292 if (errno == E2BIG && res_buf_len < 100000) {
1293 os_free(res_buf);
1294 res_buf = NULL;
1295 res_buf_len *= 2;
1296 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
1297 "trying larger buffer (%lu bytes)",
1298 (unsigned long) res_buf_len);
1299 } else {
1300 perror("ioctl[SIOCGIWSCAN]");
1301 os_free(res_buf);
1302 return NULL;
1303 }
1304 }
1305
1306 if (iwr.u.data.length > res_buf_len) {
1307 os_free(res_buf);
1308 return NULL;
1309 }
1310 *len = iwr.u.data.length;
1311
1312 return res_buf;
1313 }
1314
1315
1316 /*
1317 * Data structure for collecting WEXT scan results. This is needed to allow
1318 * the various methods of reporting IEs to be combined into a single IE buffer.
1319 */
1320 struct wext_scan_data {
1321 struct wpa_scan_res res;
1322 u8 *ie;
1323 size_t ie_len;
1324 u8 ssid[32];
1325 size_t ssid_len;
1326 int maxrate;
1327 };
1328
1329
1330 static void wext_get_scan_mode(struct iw_event *iwe,
1331 struct wext_scan_data *res)
1332 {
1333 if (iwe->u.mode == IW_MODE_ADHOC)
1334 res->res.caps |= IEEE80211_CAP_IBSS;
1335 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA)
1336 res->res.caps |= IEEE80211_CAP_ESS;
1337 }
1338
1339
1340 static void wext_get_scan_ssid(struct iw_event *iwe,
1341 struct wext_scan_data *res, char *custom,
1342 char *end)
1343 {
1344 int ssid_len = iwe->u.essid.length;
1345 if (custom + ssid_len > end)
1346 return;
1347 if (iwe->u.essid.flags &&
1348 ssid_len > 0 &&
1349 ssid_len <= IW_ESSID_MAX_SIZE) {
1350 os_memcpy(res->ssid, custom, ssid_len);
1351 res->ssid_len = ssid_len;
1352 }
1353 }
1354
1355
1356 static void wext_get_scan_freq(struct iw_event *iwe,
1357 struct wext_scan_data *res)
1358 {
1359 int divi = 1000000, i;
1360
1361 if (iwe->u.freq.e == 0) {
1362 /*
1363 * Some drivers do not report frequency, but a channel.
1364 * Try to map this to frequency by assuming they are using
1365 * IEEE 802.11b/g. But don't overwrite a previously parsed
1366 * frequency if the driver sends both frequency and channel,
1367 * since the driver may be sending an A-band channel that we
1368 * don't handle here.
1369 */
1370
1371 if (res->res.freq)
1372 return;
1373
1374 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
1375 res->res.freq = 2407 + 5 * iwe->u.freq.m;
1376 return;
1377 } else if (iwe->u.freq.m == 14) {
1378 res->res.freq = 2484;
1379 return;
1380 }
1381 }
1382
1383 if (iwe->u.freq.e > 6) {
1384 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID="
1385 MACSTR " m=%d e=%d)",
1386 MAC2STR(res->res.bssid), iwe->u.freq.m,
1387 iwe->u.freq.e);
1388 return;
1389 }
1390
1391 for (i = 0; i < iwe->u.freq.e; i++)
1392 divi /= 10;
1393 res->res.freq = iwe->u.freq.m / divi;
1394 }
1395
1396
1397 static void wext_get_scan_qual(struct iw_event *iwe,
1398 struct wext_scan_data *res)
1399 {
1400 res->res.qual = iwe->u.qual.qual;
1401 res->res.noise = iwe->u.qual.noise;
1402 res->res.level = iwe->u.qual.level;
1403 }
1404
1405
1406 static void wext_get_scan_encode(struct iw_event *iwe,
1407 struct wext_scan_data *res)
1408 {
1409 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED))
1410 res->res.caps |= IEEE80211_CAP_PRIVACY;
1411 }
1412
1413
1414 static void wext_get_scan_rate(struct iw_event *iwe,
1415 struct wext_scan_data *res, char *pos,
1416 char *end)
1417 {
1418 int maxrate;
1419 char *custom = pos + IW_EV_LCP_LEN;
1420 struct iw_param p;
1421 size_t clen;
1422
1423 clen = iwe->len;
1424 if (custom + clen > end)
1425 return;
1426 maxrate = 0;
1427 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
1428 /* Note: may be misaligned, make a local, aligned copy */
1429 os_memcpy(&p, custom, sizeof(struct iw_param));
1430 if (p.value > maxrate)
1431 maxrate = p.value;
1432 clen -= sizeof(struct iw_param);
1433 custom += sizeof(struct iw_param);
1434 }
1435
1436 /* Convert the maxrate from WE-style (b/s units) to
1437 * 802.11 rates (500000 b/s units).
1438 */
1439 res->maxrate = maxrate / 500000;
1440 }
1441
1442
1443 static void wext_get_scan_iwevgenie(struct iw_event *iwe,
1444 struct wext_scan_data *res, char *custom,
1445 char *end)
1446 {
1447 char *genie, *gpos, *gend;
1448 u8 *tmp;
1449
1450 gpos = genie = custom;
1451 gend = genie + iwe->u.data.length;
1452 if (gend > end) {
1453 wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1454 return;
1455 }
1456
1457 tmp = os_realloc(res->ie, res->ie_len + gend - gpos);
1458 if (tmp == NULL)
1459 return;
1460 os_memcpy(tmp + res->ie_len, gpos, gend - gpos);
1461 res->ie = tmp;
1462 res->ie_len += gend - gpos;
1463 }
1464
1465
1466 static void wext_get_scan_custom(struct iw_event *iwe,
1467 struct wext_scan_data *res, char *custom,
1468 char *end)
1469 {
1470 size_t clen;
1471 u8 *tmp;
1472
1473 clen = iwe->u.data.length;
1474 if (custom + clen > end)
1475 return;
1476
1477 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
1478 char *spos;
1479 int bytes;
1480 spos = custom + 7;
1481 bytes = custom + clen - spos;
1482 if (bytes & 1)
1483 return;
1484 bytes /= 2;
1485 tmp = os_realloc(res->ie, res->ie_len + bytes);
1486 if (tmp == NULL)
1487 return;
1488 hexstr2bin(spos, tmp + res->ie_len, bytes);
1489 res->ie = tmp;
1490 res->ie_len += bytes;
1491 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) {
1492 char *spos;
1493 int bytes;
1494 spos = custom + 7;
1495 bytes = custom + clen - spos;
1496 if (bytes & 1)
1497 return;
1498 bytes /= 2;
1499 tmp = os_realloc(res->ie, res->ie_len + bytes);
1500 if (tmp == NULL)
1501 return;
1502 hexstr2bin(spos, tmp + res->ie_len, bytes);
1503 res->ie = tmp;
1504 res->ie_len += bytes;
1505 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) {
1506 char *spos;
1507 int bytes;
1508 u8 bin[8];
1509 spos = custom + 4;
1510 bytes = custom + clen - spos;
1511 if (bytes != 16) {
1512 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
1513 return;
1514 }
1515 bytes /= 2;
1516 hexstr2bin(spos, bin, bytes);
1517 res->res.tsf += WPA_GET_BE64(bin);
1518 }
1519 }
1520
1521
1522 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd)
1523 {
1524 return drv->we_version_compiled > 18 &&
1525 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE ||
1526 cmd == IWEVGENIE || cmd == IWEVCUSTOM);
1527 }
1528
1529
1530 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res,
1531 struct wext_scan_data *data)
1532 {
1533 struct wpa_scan_res **tmp;
1534 struct wpa_scan_res *r;
1535 size_t extra_len;
1536 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL;
1537
1538 /* Figure out whether we need to fake any IEs */
1539 pos = data->ie;
1540 end = pos + data->ie_len;
1541 while (pos && pos + 1 < end) {
1542 if (pos + 2 + pos[1] > end)
1543 break;
1544 if (pos[0] == WLAN_EID_SSID)
1545 ssid_ie = pos;
1546 else if (pos[0] == WLAN_EID_SUPP_RATES)
1547 rate_ie = pos;
1548 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES)
1549 rate_ie = pos;
1550 pos += 2 + pos[1];
1551 }
1552
1553 extra_len = 0;
1554 if (ssid_ie == NULL)
1555 extra_len += 2 + data->ssid_len;
1556 if (rate_ie == NULL && data->maxrate)
1557 extra_len += 3;
1558
1559 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len);
1560 if (r == NULL)
1561 return;
1562 os_memcpy(r, &data->res, sizeof(*r));
1563 r->ie_len = extra_len + data->ie_len;
1564 pos = (u8 *) (r + 1);
1565 if (ssid_ie == NULL) {
1566 /*
1567 * Generate a fake SSID IE since the driver did not report
1568 * a full IE list.
1569 */
1570 *pos++ = WLAN_EID_SSID;
1571 *pos++ = data->ssid_len;
1572 os_memcpy(pos, data->ssid, data->ssid_len);
1573 pos += data->ssid_len;
1574 }
1575 if (rate_ie == NULL && data->maxrate) {
1576 /*
1577 * Generate a fake Supported Rates IE since the driver did not
1578 * report a full IE list.
1579 */
1580 *pos++ = WLAN_EID_SUPP_RATES;
1581 *pos++ = 1;
1582 *pos++ = data->maxrate;
1583 }
1584 if (data->ie)
1585 os_memcpy(pos, data->ie, data->ie_len);
1586
1587 tmp = os_realloc(res->res,
1588 (res->num + 1) * sizeof(struct wpa_scan_res *));
1589 if (tmp == NULL) {
1590 os_free(r);
1591 return;
1592 }
1593 tmp[res->num++] = r;
1594 res->res = tmp;
1595 }
1596
1597
1598 /**
1599 * wpa_driver_wext_get_scan_results - Fetch the latest scan results
1600 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1601 * Returns: Scan results on success, -1 on failure
1602 */
1603 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv)
1604 {
1605 struct wpa_driver_wext_data *drv = priv;
1606 size_t ap_num = 0, len;
1607 int first;
1608 u8 *res_buf;
1609 struct iw_event iwe_buf, *iwe = &iwe_buf;
1610 char *pos, *end, *custom;
1611 struct wpa_scan_results *res;
1612 struct wext_scan_data data;
1613
1614 res_buf = wpa_driver_wext_giwscan(drv, &len);
1615 if (res_buf == NULL)
1616 return NULL;
1617
1618 ap_num = 0;
1619 first = 1;
1620
1621 res = os_zalloc(sizeof(*res));
1622 if (res == NULL) {
1623 os_free(res_buf);
1624 return NULL;
1625 }
1626
1627 pos = (char *) res_buf;
1628 end = (char *) res_buf + len;
1629 os_memset(&data, 0, sizeof(data));
1630
1631 while (pos + IW_EV_LCP_LEN <= end) {
1632 /* Event data may be unaligned, so make a local, aligned copy
1633 * before processing. */
1634 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1635 if (iwe->len <= IW_EV_LCP_LEN)
1636 break;
1637
1638 custom = pos + IW_EV_POINT_LEN;
1639 if (wext_19_iw_point(drv, iwe->cmd)) {
1640 /* WE-19 removed the pointer from struct iw_point */
1641 char *dpos = (char *) &iwe_buf.u.data.length;
1642 int dlen = dpos - (char *) &iwe_buf;
1643 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1644 sizeof(struct iw_event) - dlen);
1645 } else {
1646 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1647 custom += IW_EV_POINT_OFF;
1648 }
1649
1650 switch (iwe->cmd) {
1651 case SIOCGIWAP:
1652 if (!first)
1653 wpa_driver_wext_add_scan_entry(res, &data);
1654 first = 0;
1655 os_free(data.ie);
1656 os_memset(&data, 0, sizeof(data));
1657 os_memcpy(data.res.bssid,
1658 iwe->u.ap_addr.sa_data, ETH_ALEN);
1659 break;
1660 case SIOCGIWMODE:
1661 wext_get_scan_mode(iwe, &data);
1662 break;
1663 case SIOCGIWESSID:
1664 wext_get_scan_ssid(iwe, &data, custom, end);
1665 break;
1666 case SIOCGIWFREQ:
1667 wext_get_scan_freq(iwe, &data);
1668 break;
1669 case IWEVQUAL:
1670 wext_get_scan_qual(iwe, &data);
1671 break;
1672 case SIOCGIWENCODE:
1673 wext_get_scan_encode(iwe, &data);
1674 break;
1675 case SIOCGIWRATE:
1676 wext_get_scan_rate(iwe, &data, pos, end);
1677 break;
1678 case IWEVGENIE:
1679 wext_get_scan_iwevgenie(iwe, &data, custom, end);
1680 break;
1681 case IWEVCUSTOM:
1682 wext_get_scan_custom(iwe, &data, custom, end);
1683 break;
1684 }
1685
1686 pos += iwe->len;
1687 }
1688 os_free(res_buf);
1689 res_buf = NULL;
1690 if (!first)
1691 wpa_driver_wext_add_scan_entry(res, &data);
1692 os_free(data.ie);
1693
1694 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1695 (unsigned long) len, (unsigned long) res->num);
1696
1697 return res;
1698 }
1699
1700
1701 static int wpa_driver_wext_get_range(void *priv)
1702 {
1703 struct wpa_driver_wext_data *drv = priv;
1704 struct iw_range *range;
1705 struct iwreq iwr;
1706 int minlen;
1707 size_t buflen;
1708
1709 /*
1710 * Use larger buffer than struct iw_range in order to allow the
1711 * structure to grow in the future.
1712 */
1713 buflen = sizeof(struct iw_range) + 500;
1714 range = os_zalloc(buflen);
1715 if (range == NULL)
1716 return -1;
1717
1718 os_memset(&iwr, 0, sizeof(iwr));
1719 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1720 iwr.u.data.pointer = (caddr_t) range;
1721 iwr.u.data.length = buflen;
1722
1723 minlen = ((char *) &range->enc_capa) - (char *) range +
1724 sizeof(range->enc_capa);
1725
1726 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1727 perror("ioctl[SIOCGIWRANGE]");
1728 os_free(range);
1729 return -1;
1730 } else if (iwr.u.data.length >= minlen &&
1731 range->we_version_compiled >= 18) {
1732 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1733 "WE(source)=%d enc_capa=0x%x",
1734 range->we_version_compiled,
1735 range->we_version_source,
1736 range->enc_capa);
1737 drv->has_capability = 1;
1738 drv->we_version_compiled = range->we_version_compiled;
1739 if (range->enc_capa & IW_ENC_CAPA_WPA) {
1740 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1741 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1742 }
1743 if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1744 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1745 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1746 }
1747 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1748 WPA_DRIVER_CAPA_ENC_WEP104;
1749 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1750 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1751 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1752 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1753 if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE)
1754 drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
1755
1756 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x "
1757 "flags 0x%x",
1758 drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags);
1759 } else {
1760 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1761 "assuming WPA is not supported");
1762 }
1763
1764 os_free(range);
1765 return 0;
1766 }
1767
1768
1769 static int wpa_driver_wext_set_wpa(void *priv, int enabled)
1770 {
1771 struct wpa_driver_wext_data *drv = priv;
1772 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1773
1774 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED,
1775 enabled);
1776 }
1777
1778
1779 static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv,
1780 const u8 *psk)
1781 {
1782 struct iw_encode_ext *ext;
1783 struct iwreq iwr;
1784 int ret;
1785
1786 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1787
1788 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1789 return 0;
1790
1791 if (!psk)
1792 return 0;
1793
1794 os_memset(&iwr, 0, sizeof(iwr));
1795 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1796
1797 ext = os_zalloc(sizeof(*ext) + PMK_LEN);
1798 if (ext == NULL)
1799 return -1;
1800
1801 iwr.u.encoding.pointer = (caddr_t) ext;
1802 iwr.u.encoding.length = sizeof(*ext) + PMK_LEN;
1803 ext->key_len = PMK_LEN;
1804 os_memcpy(&ext->key, psk, ext->key_len);
1805 ext->alg = IW_ENCODE_ALG_PMK;
1806
1807 ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr);
1808 if (ret < 0)
1809 perror("ioctl[SIOCSIWENCODEEXT] PMK");
1810 os_free(ext);
1811
1812 return ret;
1813 }
1814
1815
1816 static int wpa_driver_wext_set_key_ext(void *priv, wpa_alg alg,
1817 const u8 *addr, int key_idx,
1818 int set_tx, const u8 *seq,
1819 size_t seq_len,
1820 const u8 *key, size_t key_len)
1821 {
1822 struct wpa_driver_wext_data *drv = priv;
1823 struct iwreq iwr;
1824 int ret = 0;
1825 struct iw_encode_ext *ext;
1826
1827 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) {
1828 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu",
1829 __FUNCTION__, (unsigned long) seq_len);
1830 return -1;
1831 }
1832
1833 ext = os_zalloc(sizeof(*ext) + key_len);
1834 if (ext == NULL)
1835 return -1;
1836 os_memset(&iwr, 0, sizeof(iwr));
1837 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1838 iwr.u.encoding.flags = key_idx + 1;
1839 if (alg == WPA_ALG_NONE)
1840 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1841 iwr.u.encoding.pointer = (caddr_t) ext;
1842 iwr.u.encoding.length = sizeof(*ext) + key_len;
1843
1844 if (addr == NULL ||
1845 os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0)
1846 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
1847 if (set_tx)
1848 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
1849
1850 ext->addr.sa_family = ARPHRD_ETHER;
1851 if (addr)
1852 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN);
1853 else
1854 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN);
1855 if (key && key_len) {
1856 os_memcpy(ext + 1, key, key_len);
1857 ext->key_len = key_len;
1858 }
1859 switch (alg) {
1860 case WPA_ALG_NONE:
1861 ext->alg = IW_ENCODE_ALG_NONE;
1862 break;
1863 case WPA_ALG_WEP:
1864 ext->alg = IW_ENCODE_ALG_WEP;
1865 break;
1866 case WPA_ALG_TKIP:
1867 ext->alg = IW_ENCODE_ALG_TKIP;
1868 break;
1869 case WPA_ALG_CCMP:
1870 ext->alg = IW_ENCODE_ALG_CCMP;
1871 break;
1872 case WPA_ALG_PMK:
1873 ext->alg = IW_ENCODE_ALG_PMK;
1874 break;
1875 #ifdef WEXT_MFP_PENDING
1876 #ifdef CONFIG_IEEE80211W
1877 case WPA_ALG_IGTK:
1878 ext->alg = IW_ENCODE_ALG_AES_CMAC;
1879 break;
1880 #endif /* CONFIG_IEEE80211W */
1881 #endif /* WEXT_MFP_PENDING */
1882 default:
1883 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d",
1884 __FUNCTION__, alg);
1885 os_free(ext);
1886 return -1;
1887 }
1888
1889 if (seq && seq_len) {
1890 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID;
1891 os_memcpy(ext->rx_seq, seq, seq_len);
1892 }
1893
1894 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) {
1895 ret = errno == EOPNOTSUPP ? -2 : -1;
1896 if (errno == ENODEV) {
1897 /*
1898 * ndiswrapper seems to be returning incorrect error
1899 * code.. */
1900 ret = -2;
1901 }
1902
1903 perror("ioctl[SIOCSIWENCODEEXT]");
1904 }
1905
1906 os_free(ext);
1907 return ret;
1908 }
1909
1910
1911 /**
1912 * wpa_driver_wext_set_key - Configure encryption key
1913 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1914 * @priv: Private driver interface data
1915 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
1916 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key.
1917 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for
1918 * broadcast/default keys
1919 * @key_idx: key index (0..3), usually 0 for unicast keys
1920 * @set_tx: Configure this key as the default Tx key (only used when
1921 * driver does not support separate unicast/individual key
1922 * @seq: Sequence number/packet number, seq_len octets, the next
1923 * packet number to be used for in replay protection; configured
1924 * for Rx keys (in most cases, this is only used with broadcast
1925 * keys and set to zero for unicast keys)
1926 * @seq_len: Length of the seq, depends on the algorithm:
1927 * TKIP: 6 octets, CCMP: 6 octets
1928 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
1929 * 8-byte Rx Mic Key
1930 * @key_len: Length of the key buffer in octets (WEP: 5 or 13,
1931 * TKIP: 32, CCMP: 16)
1932 * Returns: 0 on success, -1 on failure
1933 *
1934 * This function uses SIOCSIWENCODEEXT by default, but tries to use
1935 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key.
1936 */
1937 int wpa_driver_wext_set_key(void *priv, wpa_alg alg,
1938 const u8 *addr, int key_idx,
1939 int set_tx, const u8 *seq, size_t seq_len,
1940 const u8 *key, size_t key_len)
1941 {
1942 struct wpa_driver_wext_data *drv = priv;
1943 struct iwreq iwr;
1944 int ret = 0;
1945
1946 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu "
1947 "key_len=%lu",
1948 __FUNCTION__, alg, key_idx, set_tx,
1949 (unsigned long) seq_len, (unsigned long) key_len);
1950
1951 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx,
1952 seq, seq_len, key, key_len);
1953 if (ret == 0)
1954 return 0;
1955
1956 if (ret == -2 &&
1957 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) {
1958 wpa_printf(MSG_DEBUG, "Driver did not support "
1959 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE");
1960 ret = 0;
1961 } else {
1962 wpa_printf(MSG_DEBUG, "Driver did not support "
1963 "SIOCSIWENCODEEXT");
1964 return ret;
1965 }
1966
1967 os_memset(&iwr, 0, sizeof(iwr));
1968 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1969 iwr.u.encoding.flags = key_idx + 1;
1970 if (alg == WPA_ALG_NONE)
1971 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1972 iwr.u.encoding.pointer = (caddr_t) key;
1973 iwr.u.encoding.length = key_len;
1974
1975 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1976 perror("ioctl[SIOCSIWENCODE]");
1977 ret = -1;
1978 }
1979
1980 if (set_tx && alg != WPA_ALG_NONE) {
1981 os_memset(&iwr, 0, sizeof(iwr));
1982 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1983 iwr.u.encoding.flags = key_idx + 1;
1984 iwr.u.encoding.pointer = (caddr_t) NULL;
1985 iwr.u.encoding.length = 0;
1986 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1987 perror("ioctl[SIOCSIWENCODE] (set_tx)");
1988 ret = -1;
1989 }
1990 }
1991
1992 return ret;
1993 }
1994
1995
1996 static int wpa_driver_wext_set_countermeasures(void *priv,
1997 int enabled)
1998 {
1999 struct wpa_driver_wext_data *drv = priv;
2000 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2001 return wpa_driver_wext_set_auth_param(drv,
2002 IW_AUTH_TKIP_COUNTERMEASURES,
2003 enabled);
2004 }
2005
2006
2007 static int wpa_driver_wext_set_drop_unencrypted(void *priv,
2008 int enabled)
2009 {
2010 struct wpa_driver_wext_data *drv = priv;
2011 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2012 drv->use_crypt = enabled;
2013 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
2014 enabled);
2015 }
2016
2017
2018 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv,
2019 const u8 *addr, int cmd, int reason_code)
2020 {
2021 struct iwreq iwr;
2022 struct iw_mlme mlme;
2023 int ret = 0;
2024
2025 os_memset(&iwr, 0, sizeof(iwr));
2026 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2027 os_memset(&mlme, 0, sizeof(mlme));
2028 mlme.cmd = cmd;
2029 mlme.reason_code = reason_code;
2030 mlme.addr.sa_family = ARPHRD_ETHER;
2031 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
2032 iwr.u.data.pointer = (caddr_t) &mlme;
2033 iwr.u.data.length = sizeof(mlme);
2034
2035 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
2036 perror("ioctl[SIOCSIWMLME]");
2037 ret = -1;
2038 }
2039
2040 return ret;
2041 }
2042
2043
2044 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr,
2045 int reason_code)
2046 {
2047 struct wpa_driver_wext_data *drv = priv;
2048 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2049 return wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
2050 }
2051
2052
2053 static int wpa_driver_wext_disassociate(void *priv, const u8 *addr,
2054 int reason_code)
2055 {
2056 struct wpa_driver_wext_data *drv = priv;
2057 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2058 return wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC,
2059 reason_code);
2060 }
2061
2062
2063 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
2064 size_t ie_len)
2065 {
2066 struct wpa_driver_wext_data *drv = priv;
2067 struct iwreq iwr;
2068 int ret = 0;
2069
2070 os_memset(&iwr, 0, sizeof(iwr));
2071 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2072 iwr.u.data.pointer = (caddr_t) ie;
2073 iwr.u.data.length = ie_len;
2074
2075 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
2076 perror("ioctl[SIOCSIWGENIE]");
2077 ret = -1;
2078 }
2079
2080 return ret;
2081 }
2082
2083
2084 int wpa_driver_wext_cipher2wext(int cipher)
2085 {
2086 switch (cipher) {
2087 case CIPHER_NONE:
2088 return IW_AUTH_CIPHER_NONE;
2089 case CIPHER_WEP40:
2090 return IW_AUTH_CIPHER_WEP40;
2091 case CIPHER_TKIP:
2092 return IW_AUTH_CIPHER_TKIP;
2093 case CIPHER_CCMP:
2094 return IW_AUTH_CIPHER_CCMP;
2095 case CIPHER_WEP104:
2096 return IW_AUTH_CIPHER_WEP104;
2097 default:
2098 return 0;
2099 }
2100 }
2101
2102
2103 int wpa_driver_wext_keymgmt2wext(int keymgmt)
2104 {
2105 switch (keymgmt) {
2106 case KEY_MGMT_802_1X:
2107 case KEY_MGMT_802_1X_NO_WPA:
2108 return IW_AUTH_KEY_MGMT_802_1X;
2109 case KEY_MGMT_PSK:
2110 return IW_AUTH_KEY_MGMT_PSK;
2111 default:
2112 return 0;
2113 }
2114 }
2115
2116
2117 static int
2118 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv,
2119 struct wpa_driver_associate_params *params)
2120 {
2121 struct iwreq iwr;
2122 int ret = 0;
2123
2124 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
2125 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
2126
2127 os_memset(&iwr, 0, sizeof(iwr));
2128 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2129 /* Just changing mode, not actual keys */
2130 iwr.u.encoding.flags = 0;
2131 iwr.u.encoding.pointer = (caddr_t) NULL;
2132 iwr.u.encoding.length = 0;
2133
2134 /*
2135 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
2136 * different things. Here they are used to indicate Open System vs.
2137 * Shared Key authentication algorithm. However, some drivers may use
2138 * them to select between open/restricted WEP encrypted (open = allow
2139 * both unencrypted and encrypted frames; restricted = only allow
2140 * encrypted frames).
2141 */
2142
2143 if (!drv->use_crypt) {
2144 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
2145 } else {
2146 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
2147 iwr.u.encoding.flags |= IW_ENCODE_OPEN;
2148 if (params->auth_alg & AUTH_ALG_SHARED_KEY)
2149 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
2150 }
2151
2152 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
2153 perror("ioctl[SIOCSIWENCODE]");
2154 ret = -1;
2155 }
2156
2157 return ret;
2158 }
2159
2160
2161 int wpa_driver_wext_associate(void *priv,
2162 struct wpa_driver_associate_params *params)
2163 {
2164 struct wpa_driver_wext_data *drv = priv;
2165 int ret = 0;
2166 int allow_unencrypted_eapol;
2167 int value;
2168
2169 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2170
2171 /*
2172 * If the driver did not support SIOCSIWAUTH, fallback to
2173 * SIOCSIWENCODE here.
2174 */
2175 if (drv->auth_alg_fallback &&
2176 wpa_driver_wext_auth_alg_fallback(drv, params) < 0)
2177 ret = -1;
2178
2179 if (!params->bssid &&
2180 wpa_driver_wext_set_bssid(drv, NULL) < 0)
2181 ret = -1;
2182
2183 if (wpa_driver_wext_set_mode(drv, params->mode) < 0)
2184 ret = -1;
2185 /* TODO: should consider getting wpa version and cipher/key_mgmt suites
2186 * from configuration, not from here, where only the selected suite is
2187 * available */
2188 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
2189 < 0)
2190 ret = -1;
2191 if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
2192 value = IW_AUTH_WPA_VERSION_DISABLED;
2193 else if (params->wpa_ie[0] == WLAN_EID_RSN)
2194 value = IW_AUTH_WPA_VERSION_WPA2;
2195 else
2196 value = IW_AUTH_WPA_VERSION_WPA;
2197 if (wpa_driver_wext_set_auth_param(drv,
2198 IW_AUTH_WPA_VERSION, value) < 0)
2199 ret = -1;
2200 value = wpa_driver_wext_cipher2wext(params->pairwise_suite);
2201 if (wpa_driver_wext_set_auth_param(drv,
2202 IW_AUTH_CIPHER_PAIRWISE, value) < 0)
2203 ret = -1;
2204 value = wpa_driver_wext_cipher2wext(params->group_suite);
2205 if (wpa_driver_wext_set_auth_param(drv,
2206 IW_AUTH_CIPHER_GROUP, value) < 0)
2207 ret = -1;
2208 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite);
2209 if (wpa_driver_wext_set_auth_param(drv,
2210 IW_AUTH_KEY_MGMT, value) < 0)
2211 ret = -1;
2212 value = params->key_mgmt_suite != KEY_MGMT_NONE ||
2213 params->pairwise_suite != CIPHER_NONE ||
2214 params->group_suite != CIPHER_NONE ||
2215 params->wpa_ie_len;
2216 if (wpa_driver_wext_set_auth_param(drv,
2217 IW_AUTH_PRIVACY_INVOKED, value) < 0)
2218 ret = -1;
2219
2220 /* Allow unencrypted EAPOL messages even if pairwise keys are set when
2221 * not using WPA. IEEE 802.1X specifies that these frames are not
2222 * encrypted, but WPA encrypts them when pairwise keys are in use. */
2223 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
2224 params->key_mgmt_suite == KEY_MGMT_PSK)
2225 allow_unencrypted_eapol = 0;
2226 else
2227 allow_unencrypted_eapol = 1;
2228
2229 if (wpa_driver_wext_set_psk(drv, params->psk) < 0)
2230 ret = -1;
2231 if (wpa_driver_wext_set_auth_param(drv,
2232 IW_AUTH_RX_UNENCRYPTED_EAPOL,
2233 allow_unencrypted_eapol) < 0)
2234 ret = -1;
2235 #ifdef WEXT_MFP_PENDING
2236 #ifdef CONFIG_IEEE80211W
2237 switch (params->mgmt_frame_protection) {
2238 case NO_MGMT_FRAME_PROTECTION:
2239 value = IW_AUTH_MFP_DISABLED;
2240 break;
2241 case MGMT_FRAME_PROTECTION_OPTIONAL:
2242 value = IW_AUTH_MFP_OPTIONAL;
2243 break;
2244 case MGMT_FRAME_PROTECTION_REQUIRED:
2245 value = IW_AUTH_MFP_REQUIRED;
2246 break;
2247 };
2248 if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0)
2249 ret = -1;
2250 #endif /* CONFIG_IEEE80211W */
2251 #endif /* WEXT_MFP_PENDING */
2252 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0)
2253 ret = -1;
2254 if (wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2255 ret = -1;
2256 if (params->bssid &&
2257 wpa_driver_wext_set_bssid(drv, params->bssid) < 0)
2258 ret = -1;
2259
2260 return ret;
2261 }
2262
2263
2264 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
2265 {
2266 struct wpa_driver_wext_data *drv = priv;
2267 int algs = 0, res;
2268
2269 if (auth_alg & AUTH_ALG_OPEN_SYSTEM)
2270 algs |= IW_AUTH_ALG_OPEN_SYSTEM;
2271 if (auth_alg & AUTH_ALG_SHARED_KEY)
2272 algs |= IW_AUTH_ALG_SHARED_KEY;
2273 if (auth_alg & AUTH_ALG_LEAP)
2274 algs |= IW_AUTH_ALG_LEAP;
2275 if (algs == 0) {
2276 /* at least one algorithm should be set */
2277 algs = IW_AUTH_ALG_OPEN_SYSTEM;
2278 }
2279
2280 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
2281 algs);
2282 drv->auth_alg_fallback = res == -2;
2283 return res;
2284 }
2285
2286
2287 /**
2288 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
2289 * @priv: Pointer to private wext data from wpa_driver_wext_init()
2290 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2291 * Returns: 0 on success, -1 on failure
2292 */
2293 int wpa_driver_wext_set_mode(void *priv, int mode)
2294 {
2295 struct wpa_driver_wext_data *drv = priv;
2296 struct iwreq iwr;
2297 int ret = -1, flags;
2298 unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA;
2299
2300 os_memset(&iwr, 0, sizeof(iwr));
2301 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2302 iwr.u.mode = new_mode;
2303 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) {
2304 ret = 0;
2305 goto done;
2306 }
2307
2308 if (errno != EBUSY) {
2309 perror("ioctl[SIOCSIWMODE]");
2310 goto done;
2311 }
2312
2313 /* mac80211 doesn't allow mode changes while the device is up, so if
2314 * the device isn't in the mode we're about to change to, take device
2315 * down, try to set the mode again, and bring it back up.
2316 */
2317 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
2318 perror("ioctl[SIOCGIWMODE]");
2319 goto done;
2320 }
2321
2322 if (iwr.u.mode == new_mode) {
2323 ret = 0;
2324 goto done;
2325 }
2326
2327 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0) {
2328 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
2329
2330 /* Try to set the mode again while the interface is down */
2331 iwr.u.mode = new_mode;
2332 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0)
2333 perror("ioctl[SIOCSIWMODE]");
2334 else
2335 ret = 0;
2336
2337 /* Ignore return value of get_ifflags to ensure that the device
2338 * is always up like it was before this function was called.
2339 */
2340 (void) wpa_driver_wext_get_ifflags(drv, &flags);
2341 (void) wpa_driver_wext_set_ifflags(drv, flags | IFF_UP);
2342 }
2343
2344 done:
2345 return ret;
2346 }
2347
2348
2349 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv,
2350 u32 cmd, const u8 *bssid, const u8 *pmkid)
2351 {
2352 struct iwreq iwr;
2353 struct iw_pmksa pmksa;
2354 int ret = 0;
2355
2356 os_memset(&iwr, 0, sizeof(iwr));
2357 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2358 os_memset(&pmksa, 0, sizeof(pmksa));
2359 pmksa.cmd = cmd;
2360 pmksa.bssid.sa_family = ARPHRD_ETHER;
2361 if (bssid)
2362 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2363 if (pmkid)
2364 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2365 iwr.u.data.pointer = (caddr_t) &pmksa;
2366 iwr.u.data.length = sizeof(pmksa);
2367
2368 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2369 if (errno != EOPNOTSUPP)
2370 perror("ioctl[SIOCSIWPMKSA]");
2371 ret = -1;
2372 }
2373
2374 return ret;
2375 }
2376
2377
2378 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid,
2379 const u8 *pmkid)
2380 {
2381 struct wpa_driver_wext_data *drv = priv;
2382 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
2383 }
2384
2385
2386 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid,
2387 const u8 *pmkid)
2388 {
2389 struct wpa_driver_wext_data *drv = priv;
2390 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
2391 }
2392
2393
2394 static int wpa_driver_wext_flush_pmkid(void *priv)
2395 {
2396 struct wpa_driver_wext_data *drv = priv;
2397 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2398 }
2399
2400
2401 int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa)
2402 {
2403 struct wpa_driver_wext_data *drv = priv;
2404 if (!drv->has_capability)
2405 return -1;
2406 os_memcpy(capa, &drv->capa, sizeof(*capa));
2407 return 0;
2408 }
2409
2410
2411 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
2412 const char *ifname)
2413 {
2414 if (ifname == NULL) {
2415 drv->ifindex2 = -1;
2416 return 0;
2417 }
2418
2419 drv->ifindex2 = if_nametoindex(ifname);
2420 if (drv->ifindex2 <= 0)
2421 return -1;
2422
2423 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for "
2424 "wireless events", drv->ifindex2, ifname);
2425
2426 return 0;
2427 }
2428
2429
2430 int wpa_driver_wext_set_operstate(void *priv, int state)
2431 {
2432 struct wpa_driver_wext_data *drv = priv;
2433
2434 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2435 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2436 drv->operstate = state;
2437 return wpa_driver_wext_send_oper_ifla(
2438 drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT);
2439 }
2440
2441
2442 #ifdef CONFIG_CLIENT_MLME
2443 static int hostapd_ioctl(struct wpa_driver_wext_data *drv,
2444 struct prism2_hostapd_param *param, int len)
2445 {
2446 struct iwreq iwr;
2447
2448 os_memset(&iwr, 0, sizeof(iwr));
2449 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2450 iwr.u.data.pointer = (caddr_t) param;
2451 iwr.u.data.length = len;
2452
2453 if (ioctl(drv->ioctl_sock, PRISM2_IOCTL_HOSTAPD, &iwr) < 0) {
2454 perror("ioctl[PRISM2_IOCTL_HOSTAPD]");
2455 return -1;
2456 }
2457
2458 return 0;
2459 }
2460
2461
2462 static struct wpa_hw_modes *
2463 wpa_driver_wext_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
2464 {
2465 struct wpa_driver_wext_data *drv = priv;
2466 struct prism2_hostapd_param *param;
2467 u8 *pos, *end;
2468 struct wpa_hw_modes *modes = NULL;
2469 int i;
2470
2471 param = os_zalloc(PRISM2_HOSTAPD_MAX_BUF_SIZE);
2472 if (param == NULL)
2473 return NULL;
2474 param->cmd = PRISM2_HOSTAPD_GET_HW_FEATURES;
2475
2476 if (hostapd_ioctl(drv, param, PRISM2_HOSTAPD_MAX_BUF_SIZE) < 0) {
2477 perror("ioctl[PRISM2_IOCTL_HOSTAPD]");
2478 goto out;
2479 }
2480
2481 *num_modes = param->u.hw_features.num_modes;
2482 *flags = param->u.hw_features.flags;
2483
2484 pos = param->u.hw_features.data;
2485 end = pos + PRISM2_HOSTAPD_MAX_BUF_SIZE -
2486 (param->u.hw_features.data - (u8 *) param);
2487
2488 modes = os_zalloc(*num_modes * sizeof(struct wpa_hw_modes));
2489 if (modes == NULL)
2490 goto out;
2491
2492 for (i = 0; i < *num_modes; i++) {
2493 struct hostapd_ioctl_hw_modes_hdr *hdr;
2494 struct wpa_hw_modes *feature;
2495 int clen, rlen;
2496
2497 hdr = (struct hostapd_ioctl_hw_modes_hdr *) pos;
2498 pos = (u8 *) (hdr + 1);
2499 clen = hdr->num_channels * sizeof(struct wpa_channel_data);
2500 rlen = hdr->num_rates * sizeof(struct wpa_rate_data);
2501
2502 feature = &modes[i];
2503 switch (hdr->mode) {
2504 case MODE_IEEE80211A:
2505 feature->mode = WPA_MODE_IEEE80211A;
2506 break;
2507 case MODE_IEEE80211B:
2508 feature->mode = WPA_MODE_IEEE80211B;
2509 break;
2510 case MODE_IEEE80211G:
2511 feature->mode = WPA_MODE_IEEE80211G;
2512 break;
2513 case MODE_ATHEROS_TURBO:
2514 case MODE_ATHEROS_TURBOG:
2515 wpa_printf(MSG_ERROR, "Skip unsupported hw_mode=%d in "
2516 "get_hw_features data", hdr->mode);
2517 pos += clen + rlen;
2518 continue;
2519 default:
2520 wpa_printf(MSG_ERROR, "Unknown hw_mode=%d in "
2521 "get_hw_features data", hdr->mode);
2522 wpa_supplicant_sta_free_hw_features(modes, *num_modes);
2523 modes = NULL;
2524 break;
2525 }
2526 feature->num_channels = hdr->num_channels;
2527 feature->num_rates = hdr->num_rates;
2528
2529 feature->channels = os_malloc(clen);
2530 feature->rates = os_malloc(rlen);
2531 if (!feature->channels || !feature->rates ||
2532 pos + clen + rlen > end) {
2533 wpa_supplicant_sta_free_hw_features(modes, *num_modes);
2534 modes = NULL;
2535 break;
2536 }
2537
2538 os_memcpy(feature->channels, pos, clen);
2539 pos += clen;
2540 os_memcpy(feature->rates, pos, rlen);
2541 pos += rlen;
2542 }
2543
2544 out:
2545 os_free(param);
2546 return modes;
2547 }
2548
2549
2550 int wpa_driver_wext_set_channel(void *priv, wpa_hw_mode phymode, int chan,
2551 int freq)
2552 {
2553 return wpa_driver_wext_set_freq(priv, freq);
2554 }
2555
2556
2557 static void wpa_driver_wext_mlme_read(int sock, void *eloop_ctx,
2558 void *sock_ctx)
2559 {
2560 struct wpa_driver_wext_data *drv = eloop_ctx;
2561 int len;
2562 unsigned char buf[3000];
2563 struct ieee80211_frame_info *fi;
2564 struct ieee80211_rx_status rx_status;
2565
2566 len = recv(sock, buf, sizeof(buf), 0);
2567 if (len < 0) {
2568 perror("recv[MLME]");
2569 return;
2570 }
2571
2572 if (len < (int) sizeof(struct ieee80211_frame_info)) {
2573 wpa_printf(MSG_DEBUG, "WEXT: Too short MLME frame (len=%d)",
2574 len);
2575 return;
2576 }
2577
2578 fi = (struct ieee80211_frame_info *) buf;
2579 if (ntohl(fi->version) != IEEE80211_FI_VERSION) {
2580 wpa_printf(MSG_DEBUG, "WEXT: Invalid MLME frame info version "
2581 "0x%x", ntohl(fi->version));
2582 return;
2583 }
2584
2585 os_memset(&rx_status, 0, sizeof(rx_status));
2586 rx_status.ssi = ntohl(fi->ssi_signal);
2587 rx_status.channel = ntohl(fi->channel);
2588
2589 wpa_supplicant_sta_rx(drv->ctx,
2590 buf + sizeof(struct ieee80211_frame_info),
2591 len - sizeof(struct ieee80211_frame_info),
2592 &rx_status);
2593 }
2594
2595
2596 static int wpa_driver_wext_open_mlme(struct wpa_driver_wext_data *drv)
2597 {
2598 int flags, ifindex, s;
2599 struct sockaddr_ll addr;
2600 struct ifreq ifr;
2601
2602 if (wpa_driver_prism2_param_set(drv, PRISM2_PARAM_USER_SPACE_MLME, 1) <
2603 0) {
2604 wpa_printf(MSG_ERROR, "WEXT: Failed to configure driver to "
2605 "use user space MLME");
2606 return -1;
2607 }
2608
2609 if (wpa_driver_prism2_param_set(drv, PRISM2_PARAM_MGMT_IF, 1) < 0) {
2610 wpa_printf(MSG_ERROR, "WEXT: Failed to add management "
2611 "interface for user space MLME");
2612 return -1;
2613 }
2614
2615 ifindex = wpa_driver_prism2_param_get(drv, PRISM2_PARAM_MGMT_IF);
2616 if (ifindex <= 0) {
2617 wpa_printf(MSG_ERROR, "WEXT: MLME management device not "
2618 "found");
2619 return -1;
2620 }
2621
2622 os_memset(&ifr, 0, sizeof(ifr));
2623 ifr.ifr_ifindex = ifindex;
2624 if (ioctl(drv->ioctl_sock, SIOCGIFNAME, &ifr) != 0) {
2625 perror("ioctl(SIOCGIFNAME)");
2626 return -1;
2627 }
2628 os_strlcpy(drv->mlmedev, ifr.ifr_name, sizeof(drv->mlmedev));
2629 wpa_printf(MSG_DEBUG, "WEXT: MLME management device '%s'",
2630 drv->mlmedev);
2631
2632 if (wpa_driver_wext_get_ifflags_ifname(drv, drv->mlmedev, &flags) != 0
2633 || wpa_driver_wext_set_ifflags_ifname(drv, drv->mlmedev,
2634 flags | IFF_UP) != 0) {
2635 wpa_printf(MSG_ERROR, "WEXT: Could not set interface "
2636 "'%s' UP", drv->mlmedev);
2637 return -1;
2638 }
2639
2640 s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
2641 if (s < 0) {
2642 perror("socket[PF_PACKET,SOCK_RAW]");
2643 return -1;
2644 }
2645
2646 os_memset(&addr, 0, sizeof(addr));
2647 addr.sll_family = AF_PACKET;
2648 addr.sll_ifindex = ifindex;
2649
2650 if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
2651 perror("bind(MLME)");
2652 return -1;
2653 }
2654
2655 if (eloop_register_read_sock(s, wpa_driver_wext_mlme_read, drv, NULL))
2656 {
2657 wpa_printf(MSG_ERROR, "WEXT: Could not register MLME read "
2658 "socket");
2659 close(s);
2660 return -1;
2661 }
2662
2663 return s;
2664 }
2665
2666
2667 static int wpa_driver_wext_send_mlme(void *priv, const u8 *data,
2668 size_t data_len)
2669 {
2670 struct wpa_driver_wext_data *drv = priv;
2671 int ret;
2672
2673 ret = send(drv->mlme_sock, data, data_len, 0);
2674 if (ret < 0) {
2675 perror("send[MLME]");
2676 return -1;
2677 }
2678
2679 return 0;
2680 }
2681
2682
2683 static int wpa_driver_wext_mlme_add_sta(void *priv, const u8 *addr,
2684 const u8 *supp_rates,
2685 size_t supp_rates_len)
2686 {
2687 struct wpa_driver_wext_data *drv = priv;
2688 struct prism2_hostapd_param param;
2689 size_t len;
2690
2691 os_memset(&param, 0, sizeof(param));
2692 param.cmd = PRISM2_HOSTAPD_ADD_STA;
2693 os_memcpy(param.sta_addr, addr, ETH_ALEN);
2694 len = supp_rates_len;
2695 if (len > sizeof(param.u.add_sta.supp_rates))
2696 len = sizeof(param.u.add_sta.supp_rates);
2697 os_memcpy(param.u.add_sta.supp_rates, supp_rates, len);
2698 return hostapd_ioctl(drv, &param, sizeof(param));
2699 }
2700
2701
2702 static int wpa_driver_wext_mlme_remove_sta(void *priv, const u8 *addr)
2703 {
2704 struct wpa_driver_wext_data *drv = priv;
2705 struct prism2_hostapd_param param;
2706
2707 os_memset(&param, 0, sizeof(param));
2708 param.cmd = PRISM2_HOSTAPD_REMOVE_STA;
2709 os_memcpy(param.sta_addr, addr, ETH_ALEN);
2710 return hostapd_ioctl(drv, &param, sizeof(param));
2711 }
2712
2713 #endif /* CONFIG_CLIENT_MLME */
2714
2715
2716 static int wpa_driver_wext_set_param(void *priv, const char *param)
2717 {
2718 #ifdef CONFIG_CLIENT_MLME
2719 struct wpa_driver_wext_data *drv = priv;
2720
2721 if (param == NULL)
2722 return 0;
2723
2724 wpa_printf(MSG_DEBUG, "%s: param='%s'", __func__, param);
2725
2726 if (os_strstr(param, "use_mlme=1")) {
2727 wpa_printf(MSG_DEBUG, "WEXT: Using user space MLME");
2728 drv->capa.flags |= WPA_DRIVER_FLAGS_USER_SPACE_MLME;
2729
2730 drv->mlme_sock = wpa_driver_wext_open_mlme(drv);
2731 if (drv->mlme_sock < 0)
2732 return -1;
2733 }
2734 #endif /* CONFIG_CLIENT_MLME */
2735
2736 return 0;
2737 }
2738
2739
2740 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv)
2741 {
2742 return drv->we_version_compiled;
2743 }
2744
2745
2746 const struct wpa_driver_ops wpa_driver_wext_ops = {
2747 .name = "wext",
2748 .desc = "Linux wireless extensions (generic)",
2749 .get_bssid = wpa_driver_wext_get_bssid,
2750 .get_ssid = wpa_driver_wext_get_ssid,
2751 .set_wpa = wpa_driver_wext_set_wpa,
2752 .set_key = wpa_driver_wext_set_key,
2753 .set_countermeasures = wpa_driver_wext_set_countermeasures,
2754 .set_drop_unencrypted = wpa_driver_wext_set_drop_unencrypted,
2755 .scan = wpa_driver_wext_scan,
2756 .get_scan_results2 = wpa_driver_wext_get_scan_results,
2757 .deauthenticate = wpa_driver_wext_deauthenticate,
2758 .disassociate = wpa_driver_wext_disassociate,
2759 .associate = wpa_driver_wext_associate,
2760 .set_auth_alg = wpa_driver_wext_set_auth_alg,
2761 .init = wpa_driver_wext_init,
2762 .deinit = wpa_driver_wext_deinit,
2763 .set_param = wpa_driver_wext_set_param,
2764 .add_pmkid = wpa_driver_wext_add_pmkid,
2765 .remove_pmkid = wpa_driver_wext_remove_pmkid,
2766 .flush_pmkid = wpa_driver_wext_flush_pmkid,
2767 .get_capa = wpa_driver_wext_get_capa,
2768 .set_operstate = wpa_driver_wext_set_operstate,
2769 #ifdef CONFIG_CLIENT_MLME
2770 .get_hw_feature_data = wpa_driver_wext_get_hw_feature_data,
2771 .set_channel = wpa_driver_wext_set_channel,
2772 .set_ssid = wpa_driver_wext_set_ssid,
2773 .set_bssid = wpa_driver_wext_set_bssid,
2774 .send_mlme = wpa_driver_wext_send_mlme,
2775 .mlme_add_sta = wpa_driver_wext_mlme_add_sta,
2776 .mlme_remove_sta = wpa_driver_wext_mlme_remove_sta,
2777 #endif /* CONFIG_CLIENT_MLME */
2778 };
NetBSD on the FriendlyARM MINI2440