2 * WPA Supplicant - driver interaction with generic Linux Wireless Extensions
3 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
14 * This file implements a driver interface for the Linux Wireless Extensions.
15 * When used with WE-18 or newer, this interface can be used as-is with number
16 * of drivers. In addition to this, some of the common functions in this file
17 * can be used by other driver interface implementations that use generic WE
18 * ioctls, but require private ioctls for some of the functionality.
22 #include <sys/ioctl.h>
23 #include <net/if_arp.h>
26 #include "wireless_copy.h"
30 #include "priv_netlink.h"
31 #include "driver_wext.h"
32 #include "ieee802_11_defs.h"
33 #include "wpa_common.h"
35 #include "wpa_supplicant_i.h"
36 #include "config_ssid.h"
39 static int wpa_driver_wext_flush_pmkid(void *priv);
40 static int wpa_driver_wext_get_range(void *priv);
41 static void wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv);
42 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv);
45 static int wpa_driver_wext_send_oper_ifla(struct wpa_driver_wext_data *drv,
46 int linkmode, int operstate)
50 struct ifinfomsg ifinfo;
57 os_memset(&req, 0, sizeof(req));
59 req.hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
60 req.hdr.nlmsg_type = RTM_SETLINK;
61 req.hdr.nlmsg_flags = NLM_F_REQUEST;
62 req.hdr.nlmsg_seq = ++nl_seq;
63 req.hdr.nlmsg_pid = 0;
65 req.ifinfo.ifi_family = AF_UNSPEC;
66 req.ifinfo.ifi_type = 0;
67 req.ifinfo.ifi_index = drv->ifindex;
68 req.ifinfo.ifi_flags = 0;
69 req.ifinfo.ifi_change = 0;
72 rta = aliasing_hide_typecast(
73 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len)),
75 rta->rta_type = IFLA_LINKMODE;
76 rta->rta_len = RTA_LENGTH(sizeof(char));
77 *((char *) RTA_DATA(rta)) = linkmode;
78 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
79 RTA_LENGTH(sizeof(char));
81 if (operstate != -1) {
82 rta = (struct rtattr *)
83 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
84 rta->rta_type = IFLA_OPERSTATE;
85 rta->rta_len = RTA_LENGTH(sizeof(char));
86 *((char *) RTA_DATA(rta)) = operstate;
87 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
88 RTA_LENGTH(sizeof(char));
91 wpa_printf(MSG_DEBUG, "WEXT: Operstate: linkmode=%d, operstate=%d",
94 ret = send(drv->event_sock, &req, req.hdr.nlmsg_len, 0);
96 wpa_printf(MSG_DEBUG, "WEXT: Sending operstate IFLA failed: "
97 "%s (assume operstate is not supported)",
101 return ret < 0 ? -1 : 0;
105 int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv,
111 os_memset(&iwr, 0, sizeof(iwr));
112 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
113 iwr.u.param.flags = idx & IW_AUTH_INDEX;
114 iwr.u.param.value = value;
116 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
117 if (errno != EOPNOTSUPP) {
118 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
119 "value 0x%x) failed: %s)",
120 idx, value, strerror(errno));
122 ret = errno == EOPNOTSUPP ? -2 : -1;
130 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP
131 * @priv: Pointer to private wext data from wpa_driver_wext_init()
132 * @bssid: Buffer for BSSID
133 * Returns: 0 on success, -1 on failure
135 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid)
137 struct wpa_driver_wext_data *drv = priv;
141 os_memset(&iwr, 0, sizeof(iwr));
142 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
144 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
145 wpa_printf(MSG_ERROR, "ioctl[SIOCGIWAP]");
148 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
155 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP
156 * @priv: Pointer to private wext data from wpa_driver_wext_init()
158 * Returns: 0 on success, -1 on failure
160 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid)
162 struct wpa_driver_wext_data *drv = priv;
166 os_memset(&iwr, 0, sizeof(iwr));
167 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
168 iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
170 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
172 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
174 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
175 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWAP]");
184 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID
185 * @priv: Pointer to private wext data from wpa_driver_wext_init()
186 * @ssid: Buffer for the SSID; must be at least 32 bytes long
187 * Returns: SSID length on success, -1 on failure
189 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid)
191 struct wpa_driver_wext_data *drv = priv;
195 os_memset(&iwr, 0, sizeof(iwr));
196 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
197 iwr.u.essid.pointer = (caddr_t) ssid;
198 iwr.u.essid.length = 32;
200 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
201 wpa_printf(MSG_ERROR, "ioctl[SIOCGIWESSID]");
204 ret = iwr.u.essid.length;
207 /* Some drivers include nul termination in the SSID, so let's
208 * remove it here before further processing. WE-21 changes this
209 * to explicitly require the length _not_ to include nul
211 if (ret > 0 && ssid[ret - 1] == '\0' &&
212 drv->we_version_compiled < 21)
221 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID
222 * @priv: Pointer to private wext data from wpa_driver_wext_init()
224 * @ssid_len: Length of SSID (0..32)
225 * Returns: 0 on success, -1 on failure
227 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
229 struct wpa_driver_wext_data *drv = priv;
237 os_memset(&iwr, 0, sizeof(iwr));
238 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
239 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */
240 iwr.u.essid.flags = (ssid_len != 0);
241 os_memset(buf, 0, sizeof(buf));
242 os_memcpy(buf, ssid, ssid_len);
243 iwr.u.essid.pointer = (caddr_t) buf;
244 if (drv->we_version_compiled < 21) {
245 /* For historic reasons, set SSID length to include one extra
246 * character, C string nul termination, even though SSID is
247 * really an octet string that should not be presented as a C
248 * string. Some Linux drivers decrement the length by one and
249 * can thus end up missing the last octet of the SSID if the
250 * length is not incremented here. WE-21 changes this to
251 * explicitly require the length _not_ to include nul
256 iwr.u.essid.length = ssid_len;
258 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
259 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWESSID]");
268 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ
269 * @priv: Pointer to private wext data from wpa_driver_wext_init()
270 * @freq: Frequency in MHz
271 * Returns: 0 on success, -1 on failure
273 int wpa_driver_wext_set_freq(void *priv, int freq)
275 struct wpa_driver_wext_data *drv = priv;
279 os_memset(&iwr, 0, sizeof(iwr));
280 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
281 iwr.u.freq.m = freq * 100000;
284 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
285 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWFREQ]");
294 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
296 union wpa_event_data data;
298 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
301 os_memset(&data, 0, sizeof(data));
303 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
304 data.michael_mic_failure.unicast =
305 os_strstr(custom, " unicast ") != NULL;
306 /* TODO: parse parameters(?) */
307 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
308 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
314 bytes = strspn(spos, "0123456789abcdefABCDEF");
315 if (!bytes || (bytes & 1))
319 data.assoc_info.req_ies = os_malloc(bytes);
320 if (data.assoc_info.req_ies == NULL)
323 data.assoc_info.req_ies_len = bytes;
324 hexstr2bin(spos, data.assoc_info.req_ies, bytes);
328 data.assoc_info.resp_ies = NULL;
329 data.assoc_info.resp_ies_len = 0;
331 if (os_strncmp(spos, " RespIEs=", 9) == 0) {
334 bytes = strspn(spos, "0123456789abcdefABCDEF");
335 if (!bytes || (bytes & 1))
339 data.assoc_info.resp_ies = os_malloc(bytes);
340 if (data.assoc_info.resp_ies == NULL)
343 data.assoc_info.resp_ies_len = bytes;
344 hexstr2bin(spos, data.assoc_info.resp_ies, bytes);
347 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
350 os_free(data.assoc_info.resp_ies);
351 os_free(data.assoc_info.req_ies);
352 #ifdef CONFIG_PEERKEY
353 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
354 if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
355 wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
356 "STKSTART.request '%s'", custom + 17);
359 wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
360 #endif /* CONFIG_PEERKEY */
362 } else if (os_strncmp(custom, "STOP", 4) == 0) {
363 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STOPPED");
364 } else if (os_strncmp(custom, "START", 5) == 0) {
365 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STARTED");
366 } else if (os_strncmp(custom, "HANG", 4) == 0) {
367 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED");
373 static int wpa_driver_wext_event_wireless_michaelmicfailure(
374 void *ctx, const char *ev, size_t len)
376 const struct iw_michaelmicfailure *mic;
377 union wpa_event_data data;
379 if (len < sizeof(*mic))
382 mic = (const struct iw_michaelmicfailure *) ev;
384 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
385 "flags=0x%x src_addr=" MACSTR, mic->flags,
386 MAC2STR(mic->src_addr.sa_data));
388 os_memset(&data, 0, sizeof(data));
389 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
390 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
396 static int wpa_driver_wext_event_wireless_pmkidcand(
397 struct wpa_driver_wext_data *drv, const char *ev, size_t len)
399 const struct iw_pmkid_cand *cand;
400 union wpa_event_data data;
403 if (len < sizeof(*cand))
406 cand = (const struct iw_pmkid_cand *) ev;
407 addr = (const u8 *) cand->bssid.sa_data;
409 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
410 "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
411 cand->index, MAC2STR(addr));
413 os_memset(&data, 0, sizeof(data));
414 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
415 data.pmkid_candidate.index = cand->index;
416 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
417 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
423 static int wpa_driver_wext_event_wireless_assocreqie(
424 struct wpa_driver_wext_data *drv, const char *ev, int len)
429 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
431 os_free(drv->assoc_req_ies);
432 drv->assoc_req_ies = os_malloc(len);
433 if (drv->assoc_req_ies == NULL) {
434 drv->assoc_req_ies_len = 0;
437 os_memcpy(drv->assoc_req_ies, ev, len);
438 drv->assoc_req_ies_len = len;
444 static int wpa_driver_wext_event_wireless_assocrespie(
445 struct wpa_driver_wext_data *drv, const char *ev, int len)
450 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
452 os_free(drv->assoc_resp_ies);
453 drv->assoc_resp_ies = os_malloc(len);
454 if (drv->assoc_resp_ies == NULL) {
455 drv->assoc_resp_ies_len = 0;
458 os_memcpy(drv->assoc_resp_ies, ev, len);
459 drv->assoc_resp_ies_len = len;
465 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv)
467 union wpa_event_data data;
469 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
472 os_memset(&data, 0, sizeof(data));
473 if (drv->assoc_req_ies) {
474 data.assoc_info.req_ies = drv->assoc_req_ies;
475 drv->assoc_req_ies = NULL;
476 data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
478 if (drv->assoc_resp_ies) {
479 data.assoc_info.resp_ies = drv->assoc_resp_ies;
480 drv->assoc_resp_ies = NULL;
481 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
484 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
486 os_free(data.assoc_info.req_ies);
487 os_free(data.assoc_info.resp_ies);
491 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
492 void *ctx, char *data, int len)
494 struct iw_event iwe_buf, *iwe = &iwe_buf;
495 char *pos, *end, *custom, *buf;
500 while (pos + IW_EV_LCP_LEN <= end) {
501 /* Event data may be unaligned, so make a local, aligned copy
502 * before processing. */
503 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
504 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
506 if (iwe->len <= IW_EV_LCP_LEN)
509 custom = pos + IW_EV_POINT_LEN;
510 if (drv->we_version_compiled > 18 &&
511 (iwe->cmd == IWEVMICHAELMICFAILURE ||
512 iwe->cmd == IWEVCUSTOM ||
513 iwe->cmd == IWEVASSOCREQIE ||
514 iwe->cmd == IWEVASSOCRESPIE ||
515 iwe->cmd == IWEVPMKIDCAND)) {
516 /* WE-19 removed the pointer from struct iw_point */
517 char *dpos = (char *) &iwe_buf.u.data.length;
518 int dlen = dpos - (char *) &iwe_buf;
519 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
520 sizeof(struct iw_event) - dlen);
522 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
523 custom += IW_EV_POINT_OFF;
528 wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
530 MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
531 if (is_zero_ether_addr(
532 (const u8 *) iwe->u.ap_addr.sa_data) ||
533 os_memcmp(iwe->u.ap_addr.sa_data,
534 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
536 os_free(drv->assoc_req_ies);
537 drv->assoc_req_ies = NULL;
538 os_free(drv->assoc_resp_ies);
539 drv->assoc_resp_ies = NULL;
541 if (!drv->skip_disconnect) {
542 drv->skip_disconnect = 1;
544 wpa_supplicant_event(ctx, EVENT_DISASSOC,
552 drv->skip_disconnect = 0;
554 wpa_driver_wext_event_assoc_ies(drv);
555 wpa_supplicant_event(ctx, EVENT_ASSOC, NULL);
558 case IWEVMICHAELMICFAILURE:
559 if (custom + iwe->u.data.length > end) {
560 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
561 "IWEVMICHAELMICFAILURE length");
564 wpa_driver_wext_event_wireless_michaelmicfailure(
565 ctx, custom, iwe->u.data.length);
568 if (custom + iwe->u.data.length > end) {
569 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
570 "IWEVCUSTOM length");
573 buf = os_malloc(iwe->u.data.length + 1);
576 os_memcpy(buf, custom, iwe->u.data.length);
577 buf[iwe->u.data.length] = '\0';
578 wpa_driver_wext_event_wireless_custom(ctx, buf);
582 drv->scan_complete_events = 1;
583 eloop_cancel_timeout(wpa_driver_wext_scan_timeout,
585 wpa_supplicant_event(ctx, EVENT_SCAN_RESULTS, NULL);
588 if (custom + iwe->u.data.length > end) {
589 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
590 "IWEVASSOCREQIE length");
593 wpa_driver_wext_event_wireless_assocreqie(
594 drv, custom, iwe->u.data.length);
596 case IWEVASSOCRESPIE:
597 if (custom + iwe->u.data.length > end) {
598 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
599 "IWEVASSOCRESPIE length");
602 wpa_driver_wext_event_wireless_assocrespie(
603 drv, custom, iwe->u.data.length);
606 if (custom + iwe->u.data.length > end) {
607 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
608 "IWEVPMKIDCAND length");
611 wpa_driver_wext_event_wireless_pmkidcand(
612 drv, custom, iwe->u.data.length);
621 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv,
622 void *ctx, char *buf, size_t len,
625 union wpa_event_data event;
627 os_memset(&event, 0, sizeof(event));
628 if (len > sizeof(event.interface_status.ifname))
629 len = sizeof(event.interface_status.ifname) - 1;
630 os_memcpy(event.interface_status.ifname, buf, len);
631 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
632 EVENT_INTERFACE_ADDED;
634 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
636 event.interface_status.ifname,
637 del ? "removed" : "added");
639 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
646 wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event);
650 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv,
653 struct ifinfomsg *ifi;
654 int attrlen, nlmsg_len, rta_len;
659 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
661 attrlen = h->nlmsg_len - nlmsg_len;
665 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
667 rta_len = RTA_ALIGN(sizeof(struct rtattr));
668 while (RTA_OK(attr, attrlen)) {
669 if (attr->rta_type == IFLA_IFNAME) {
670 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
676 attr = RTA_NEXT(attr, attrlen);
683 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv,
684 int ifindex, struct nlmsghdr *h)
686 if (drv->ifindex == ifindex || drv->ifindex2 == ifindex)
689 if (drv->if_removed && wpa_driver_wext_own_ifname(drv, h)) {
690 drv->ifindex = if_nametoindex(drv->ifname);
691 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed "
693 wpa_driver_wext_finish_drv_init(drv);
701 static void wpa_driver_wext_event_rtm_newlink(struct wpa_driver_wext_data *drv,
702 void *ctx, struct nlmsghdr *h,
705 struct ifinfomsg *ifi;
706 int attrlen, nlmsg_len, rta_len;
707 struct rtattr * attr;
709 if (len < sizeof(*ifi))
714 if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, h)) {
715 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
720 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
722 drv->operstate, ifi->ifi_flags,
723 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
724 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
725 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
726 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
728 * Some drivers send the association event before the operup event--in
729 * this case, lifting operstate in wpa_driver_wext_set_operstate()
730 * fails. This will hit us when wpa_supplicant does not need to do
731 * IEEE 802.1X authentication
733 if (drv->operstate == 1 &&
734 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
735 !(ifi->ifi_flags & IFF_RUNNING))
736 wpa_driver_wext_send_oper_ifla(drv, -1, IF_OPER_UP);
738 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
740 attrlen = h->nlmsg_len - nlmsg_len;
744 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
746 rta_len = RTA_ALIGN(sizeof(struct rtattr));
747 while (RTA_OK(attr, attrlen)) {
748 if (attr->rta_type == IFLA_WIRELESS) {
749 wpa_driver_wext_event_wireless(
750 drv, ctx, ((char *) attr) + rta_len,
751 attr->rta_len - rta_len);
752 } else if (attr->rta_type == IFLA_IFNAME) {
753 wpa_driver_wext_event_link(drv, ctx,
754 ((char *) attr) + rta_len,
755 attr->rta_len - rta_len, 0);
757 attr = RTA_NEXT(attr, attrlen);
762 static void wpa_driver_wext_event_rtm_dellink(struct wpa_driver_wext_data *drv,
763 void *ctx, struct nlmsghdr *h,
766 struct ifinfomsg *ifi;
767 int attrlen, nlmsg_len, rta_len;
768 struct rtattr * attr;
770 if (len < sizeof(*ifi))
775 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
777 attrlen = h->nlmsg_len - nlmsg_len;
781 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
783 rta_len = RTA_ALIGN(sizeof(struct rtattr));
784 while (RTA_OK(attr, attrlen)) {
785 if (attr->rta_type == IFLA_IFNAME) {
786 wpa_driver_wext_event_link(drv, ctx,
787 ((char *) attr) + rta_len,
788 attr->rta_len - rta_len, 1);
790 attr = RTA_NEXT(attr, attrlen);
795 static void wpa_driver_wext_event_receive(int sock, void *eloop_ctx,
800 struct sockaddr_nl from;
806 fromlen = sizeof(from);
807 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
808 (struct sockaddr *) &from, &fromlen);
810 if (errno != EINTR && errno != EAGAIN)
811 wpa_printf(MSG_ERROR, "%s: recvfrom(netlink): %d", __func__, errno);
815 h = (struct nlmsghdr *) buf;
816 while (left >= (int) sizeof(*h)) {
820 plen = len - sizeof(*h);
821 if (len > left || plen < 0) {
822 wpa_printf(MSG_DEBUG, "Malformed netlink message: "
823 "len=%d left=%d plen=%d",
828 switch (h->nlmsg_type) {
830 wpa_driver_wext_event_rtm_newlink(eloop_ctx, sock_ctx,
834 wpa_driver_wext_event_rtm_dellink(eloop_ctx, sock_ctx,
839 len = NLMSG_ALIGN(len);
841 h = (struct nlmsghdr *) ((char *) h + len);
845 wpa_printf(MSG_DEBUG, "%d extra bytes in the end of netlink "
849 if (--max_events > 0) {
851 * Try to receive all events in one eloop call in order to
852 * limit race condition on cases where AssocInfo event, Assoc
853 * event, and EAPOL frames are received more or less at the
854 * same time. We want to process the event messages first
855 * before starting EAPOL processing.
862 static int wpa_driver_wext_get_ifflags_ifname(struct wpa_driver_wext_data *drv,
863 const char *ifname, int *flags)
867 os_memset(&ifr, 0, sizeof(ifr));
868 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
869 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
870 wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]");
873 *flags = ifr.ifr_flags & 0xffff;
879 * wpa_driver_wext_get_ifflags - Get interface flags (SIOCGIFFLAGS)
880 * @drv: driver_wext private data
881 * @flags: Pointer to returned flags value
882 * Returns: 0 on success, -1 on failure
884 int wpa_driver_wext_get_ifflags(struct wpa_driver_wext_data *drv, int *flags)
886 return wpa_driver_wext_get_ifflags_ifname(drv, drv->ifname, flags);
890 static int wpa_driver_wext_set_ifflags_ifname(struct wpa_driver_wext_data *drv,
891 const char *ifname, int flags)
895 os_memset(&ifr, 0, sizeof(ifr));
896 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
897 ifr.ifr_flags = flags & 0xffff;
898 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
899 wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]");
907 * wpa_driver_wext_set_ifflags - Set interface flags (SIOCSIFFLAGS)
908 * @drv: driver_wext private data
909 * @flags: New value for flags
910 * Returns: 0 on success, -1 on failure
912 int wpa_driver_wext_set_ifflags(struct wpa_driver_wext_data *drv, int flags)
914 return wpa_driver_wext_set_ifflags_ifname(drv, drv->ifname, flags);
919 * wpa_driver_wext_init - Initialize WE driver interface
920 * @ctx: context to be used when calling wpa_supplicant functions,
921 * e.g., wpa_supplicant_event()
922 * @ifname: interface name, e.g., wlan0
923 * Returns: Pointer to private data, %NULL on failure
925 void * wpa_driver_wext_init(void *ctx, const char *ifname)
928 struct sockaddr_nl local;
929 struct wpa_driver_wext_data *drv;
931 drv = os_zalloc(sizeof(*drv));
935 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
937 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
938 if (drv->ioctl_sock < 0) {
939 wpa_printf(MSG_ERROR, "%s: socket(PF_INET,SOCK_DGRAM)", __func__);
944 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
946 wpa_printf(MSG_ERROR, "%s: socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)", __func__);
947 close(drv->ioctl_sock);
952 os_memset(&local, 0, sizeof(local));
953 local.nl_family = AF_NETLINK;
954 local.nl_groups = RTMGRP_LINK;
955 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
956 wpa_printf(MSG_ERROR, "bind(netlink)");
958 close(drv->ioctl_sock);
963 eloop_register_read_sock(s, wpa_driver_wext_event_receive, drv, ctx);
969 drv->driver_is_started = TRUE;
970 drv->skip_disconnect = 0;
972 wpa_driver_wext_finish_drv_init(drv);
978 static void wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv)
982 if (wpa_driver_wext_get_ifflags(drv, &flags) != 0)
983 printf("Could not get interface '%s' flags\n", drv->ifname);
984 else if (!(flags & IFF_UP)) {
985 if (wpa_driver_wext_set_ifflags(drv, flags | IFF_UP) != 0) {
986 printf("Could not set interface '%s' UP\n",
990 * Wait some time to allow driver to initialize before
991 * starting configuring the driver. This seems to be
992 * needed at least some drivers that load firmware etc.
993 * when the interface is set up.
995 wpa_printf(MSG_DEBUG, "Interface %s set UP - waiting "
996 "a second for the driver to complete "
997 "initialization", drv->ifname);
1003 * Make sure that the driver does not have any obsolete PMKID entries.
1005 wpa_driver_wext_flush_pmkid(drv);
1007 if (wpa_driver_wext_set_mode(drv, 0) < 0) {
1008 printf("Could not configure driver to use managed mode\n");
1011 wpa_driver_wext_get_range(drv);
1014 * Unlock the driver's BSSID and force to a random SSID to clear any
1015 * previous association the driver might have when the supplicant
1018 wpa_driver_wext_disconnect(drv);
1020 drv->ifindex = if_nametoindex(drv->ifname);
1022 if (os_strncmp(drv->ifname, "wlan", 4) == 0) {
1024 * Host AP driver may use both wlan# and wifi# interface in
1025 * wireless events. Since some of the versions included WE-18
1026 * support, let's add the alternative ifindex also from
1027 * driver_wext.c for the time being. This may be removed at
1028 * some point once it is believed that old versions of the
1029 * driver are not in use anymore.
1031 char ifname2[IFNAMSIZ + 1];
1032 os_strlcpy(ifname2, drv->ifname, sizeof(ifname2));
1033 os_memcpy(ifname2, "wifi", 4);
1034 wpa_driver_wext_alternative_ifindex(drv, ifname2);
1037 wpa_driver_wext_send_oper_ifla(drv, 1, IF_OPER_DORMANT);
1042 * wpa_driver_wext_deinit - Deinitialize WE driver interface
1043 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1045 * Shut down driver interface and processing of driver events. Free
1046 * private data buffer if one was allocated in wpa_driver_wext_init().
1048 void wpa_driver_wext_deinit(void *priv)
1050 struct wpa_driver_wext_data *drv = priv;
1053 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1056 * Clear possibly configured driver parameters in order to make it
1057 * easier to use the driver after wpa_supplicant has been terminated.
1059 wpa_driver_wext_disconnect(drv);
1061 wpa_driver_wext_send_oper_ifla(priv, 0, IF_OPER_UP);
1063 eloop_unregister_read_sock(drv->event_sock);
1064 if (drv->mlme_sock >= 0)
1065 eloop_unregister_read_sock(drv->mlme_sock);
1067 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0)
1068 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
1070 close(drv->event_sock);
1071 close(drv->ioctl_sock);
1072 if (drv->mlme_sock >= 0)
1073 close(drv->mlme_sock);
1074 os_free(drv->assoc_req_ies);
1075 os_free(drv->assoc_resp_ies);
1080 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion
1081 * @eloop_ctx: Unused
1082 * @timeout_ctx: ctx argument given to wpa_driver_wext_init()
1084 * This function can be used as registered timeout when starting a scan to
1085 * generate a scan completed event if the driver does not report this.
1087 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1089 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1090 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1094 * wpa_driver_wext_set_scan_timeout - Set scan timeout to report scan completion
1095 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1097 * This function can be used to set registered timeout when starting a scan to
1098 * generate a scan completed event if the driver does not report this.
1100 static void wpa_driver_wext_set_scan_timeout(void *priv)
1102 struct wpa_driver_wext_data *drv = priv;
1103 int timeout = 10; /* In case scan A and B bands it can be long */
1105 /* Not all drivers generate "scan completed" wireless event, so try to
1106 * read results after a timeout. */
1107 if (drv->scan_complete_events) {
1109 * The driver seems to deliver SIOCGIWSCAN events to notify
1110 * when scan is complete, so use longer timeout to avoid race
1111 * conditions with scanning and following association request.
1115 wpa_printf(MSG_DEBUG, "Scan requested - scan timeout %d seconds",
1117 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1118 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv,
1123 * wpa_driver_wext_scan - Request the driver to initiate scan
1124 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1125 * @ssid: Specific SSID to scan for (ProbeReq) or %NULL to scan for
1126 * all SSIDs (either active scan with broadcast SSID or passive
1128 * @ssid_len: Length of the SSID
1129 * Returns: 0 on success, -1 on failure
1131 int wpa_driver_wext_scan(void *priv, const u8 *ssid, size_t ssid_len)
1133 struct wpa_driver_wext_data *drv = priv;
1136 struct iw_scan_req req;
1138 struct wpa_supplicant *wpa_s = (struct wpa_supplicant *)(drv->ctx);
1139 int scan_probe_flag = 0;
1142 if (ssid_len > IW_ESSID_MAX_SIZE) {
1143 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
1144 __FUNCTION__, (unsigned long) ssid_len);
1148 os_memset(&iwr, 0, sizeof(iwr));
1149 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1152 if (wpa_s->prev_scan_ssid != BROADCAST_SSID_SCAN) {
1153 scan_probe_flag = wpa_s->prev_scan_ssid->scan_ssid;
1155 wpa_printf(MSG_DEBUG, "%s: specific scan = %d", __func__,
1156 (scan_probe_flag && (ssid && ssid_len)) ? 1 : 0);
1157 if (scan_probe_flag && (ssid && ssid_len)) {
1159 if (ssid && ssid_len) {
1161 os_memset(&req, 0, sizeof(req));
1162 req.essid_len = ssid_len;
1163 req.bssid.sa_family = ARPHRD_ETHER;
1164 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
1165 os_memcpy(req.essid, ssid, ssid_len);
1166 iwr.u.data.pointer = (caddr_t) &req;
1167 iwr.u.data.length = sizeof(req);
1168 iwr.u.data.flags = IW_SCAN_THIS_ESSID;
1171 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
1172 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWSCAN]");
1176 wpa_driver_wext_set_scan_timeout(priv);
1182 * wpa_driver_wext_combo_scan - Request the driver to initiate combo scan
1183 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1184 * @ssid_ptr: Pointer to current SSID from configuration list or %NULL to
1185 * scan for all SSIDs (either active scan with broadcast SSID or passive
1187 * @ssid_conf: SSID list from the configuration
1188 * Returns: 0 on success, -1 on failure
1189 * Also updates @ssid_ptr to next specific scan item
1191 int wpa_driver_wext_combo_scan(void *priv, struct wpa_ssid **ssid_ptr,
1192 struct wpa_ssid *ssid_conf)
1194 char buf[WEXT_CSCAN_BUF_LEN];
1195 struct wpa_driver_wext_data *drv = priv;
1197 int ret = 0, timeout, i = 0, bp;
1198 struct wpa_ssid *ssid, *ssid_orig;
1200 size_t ssid_len = 0;
1202 struct wpa_supplicant *wpa_s = (struct wpa_supplicant *)(drv->ctx);
1203 int scan_probe_flag = 0;
1205 if (!drv->driver_is_started) {
1206 wpa_printf(MSG_DEBUG, "%s: Driver stopped", __func__);
1210 wpa_printf(MSG_DEBUG, "%s: Start", __func__);
1212 /* Set list of SSIDs */
1213 ssid_orig = (*ssid_ptr);
1214 ssid = (*ssid_ptr) ? (*ssid_ptr) : ssid_conf;
1215 bp = WEXT_CSCAN_HEADER_SIZE;
1216 os_memcpy(buf, WEXT_CSCAN_HEADER, bp);
1217 while (i < WEXT_CSCAN_AMOUNT) {
1218 if ((bp + IW_ESSID_MAX_SIZE + 10) >= (int)sizeof(buf))
1223 if (!ssid->disabled && ssid->scan_ssid) {
1224 wpa_printf(MSG_DEBUG, "For Scan: %s", ssid->ssid);
1225 buf[bp++] = WEXT_CSCAN_SSID_SECTION;
1226 buf[bp++] = ssid->ssid_len;
1227 os_memcpy(&buf[bp], ssid->ssid, ssid->ssid_len);
1228 bp += ssid->ssid_len;
1234 /* Set list of channels */
1235 buf[bp++] = WEXT_CSCAN_CHANNEL_SECTION;
1238 /* Set passive dwell time (default is 250) */
1239 buf[bp++] = WEXT_CSCAN_PASV_DWELL_SECTION;
1240 buf[bp++] = (u8)WEXT_CSCAN_PASV_DWELL_TIME;
1241 buf[bp++] = (u8)(WEXT_CSCAN_PASV_DWELL_TIME >> 8);
1243 /* Set home dwell time (default is 40) */
1244 buf[bp++] = WEXT_CSCAN_HOME_DWELL_SECTION;
1245 buf[bp++] = (u8)WEXT_CSCAN_HOME_DWELL_TIME;
1246 buf[bp++] = (u8)(WEXT_CSCAN_HOME_DWELL_TIME >> 8);
1248 os_memset(&iwr, 0, sizeof(iwr));
1249 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1250 iwr.u.data.pointer = buf;
1251 iwr.u.data.length = bp;
1253 if ((ret = ioctl(drv->ioctl_sock, SIOCSIWPRIV, &iwr)) < 0) {
1254 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (cscan): %d", ret);
1255 *ssid_ptr = ssid_orig;
1258 wpa_driver_wext_set_scan_timeout(priv);
1264 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv,
1271 res_buf_len = IW_SCAN_MAX_DATA;
1273 res_buf = os_malloc(res_buf_len);
1274 if (res_buf == NULL)
1276 os_memset(&iwr, 0, sizeof(iwr));
1277 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1278 iwr.u.data.pointer = res_buf;
1279 iwr.u.data.length = res_buf_len;
1281 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
1284 if (errno == E2BIG && res_buf_len < 65535) {
1288 if (res_buf_len > 65535)
1289 res_buf_len = 65535; /* 16-bit length field */
1290 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
1291 "trying larger buffer (%lu bytes)",
1292 (unsigned long) res_buf_len);
1294 wpa_printf(MSG_ERROR, "ioctl[SIOCGIWSCAN]: %d", errno);
1300 if (iwr.u.data.length > res_buf_len) {
1304 *len = iwr.u.data.length;
1311 * Data structure for collecting WEXT scan results. This is needed to allow
1312 * the various methods of reporting IEs to be combined into a single IE buffer.
1314 struct wext_scan_data {
1315 struct wpa_scan_res res;
1324 static void wext_get_scan_mode(struct iw_event *iwe,
1325 struct wext_scan_data *res)
1327 if (iwe->u.mode == IW_MODE_ADHOC)
1328 res->res.caps |= IEEE80211_CAP_IBSS;
1329 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA)
1330 res->res.caps |= IEEE80211_CAP_ESS;
1334 static void wext_get_scan_ssid(struct iw_event *iwe,
1335 struct wext_scan_data *res, char *custom,
1338 int ssid_len = iwe->u.essid.length;
1339 if (custom + ssid_len > end)
1341 if (iwe->u.essid.flags &&
1343 ssid_len <= IW_ESSID_MAX_SIZE) {
1344 os_memcpy(res->ssid, custom, ssid_len);
1345 res->ssid_len = ssid_len;
1350 static void wext_get_scan_freq(struct iw_event *iwe,
1351 struct wext_scan_data *res)
1353 int divi = 1000000, i;
1355 if (iwe->u.freq.e == 0) {
1357 * Some drivers do not report frequency, but a channel.
1358 * Try to map this to frequency by assuming they are using
1359 * IEEE 802.11b/g. But don't overwrite a previously parsed
1360 * frequency if the driver sends both frequency and channel,
1361 * since the driver may be sending an A-band channel that we
1362 * don't handle here.
1368 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
1369 res->res.freq = 2407 + 5 * iwe->u.freq.m;
1371 } else if (iwe->u.freq.m == 14) {
1372 res->res.freq = 2484;
1377 if (iwe->u.freq.e > 6) {
1378 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID="
1379 MACSTR " m=%d e=%d)",
1380 MAC2STR(res->res.bssid), iwe->u.freq.m,
1385 for (i = 0; i < iwe->u.freq.e; i++)
1387 res->res.freq = iwe->u.freq.m / divi;
1391 static void wext_get_scan_qual(struct iw_event *iwe,
1392 struct wext_scan_data *res)
1394 res->res.qual = iwe->u.qual.qual;
1395 res->res.noise = iwe->u.qual.noise;
1396 res->res.level = iwe->u.qual.level;
1400 static void wext_get_scan_encode(struct iw_event *iwe,
1401 struct wext_scan_data *res)
1403 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED))
1404 res->res.caps |= IEEE80211_CAP_PRIVACY;
1408 static void wext_get_scan_rate(struct iw_event *iwe,
1409 struct wext_scan_data *res, char *pos,
1413 char *custom = pos + IW_EV_LCP_LEN;
1418 if (custom + clen > end)
1421 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
1422 /* Note: may be misaligned, make a local, aligned copy */
1423 os_memcpy(&p, custom, sizeof(struct iw_param));
1424 if (p.value > maxrate)
1426 clen -= sizeof(struct iw_param);
1427 custom += sizeof(struct iw_param);
1430 /* Convert the maxrate from WE-style (b/s units) to
1431 * 802.11 rates (500000 b/s units).
1433 res->maxrate = maxrate / 500000;
1437 static void wext_get_scan_iwevgenie(struct iw_event *iwe,
1438 struct wext_scan_data *res, char *custom,
1441 char *genie, *gpos, *gend;
1444 if (iwe->u.data.length == 0)
1447 gpos = genie = custom;
1448 gend = genie + iwe->u.data.length;
1450 wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1454 tmp = os_realloc(res->ie, res->ie_len + gend - gpos);
1457 os_memcpy(tmp + res->ie_len, gpos, gend - gpos);
1459 res->ie_len += gend - gpos;
1463 static void wext_get_scan_custom(struct iw_event *iwe,
1464 struct wext_scan_data *res, char *custom,
1470 clen = iwe->u.data.length;
1471 if (custom + clen > end)
1474 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
1478 bytes = custom + clen - spos;
1479 if (bytes & 1 || bytes == 0)
1482 tmp = os_realloc(res->ie, res->ie_len + bytes);
1485 hexstr2bin(spos, tmp + res->ie_len, bytes);
1487 res->ie_len += bytes;
1488 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) {
1492 bytes = custom + clen - spos;
1493 if (bytes & 1 || bytes == 0)
1496 tmp = os_realloc(res->ie, res->ie_len + bytes);
1499 hexstr2bin(spos, tmp + res->ie_len, bytes);
1501 res->ie_len += bytes;
1502 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) {
1507 bytes = custom + clen - spos;
1509 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
1513 hexstr2bin(spos, bin, bytes);
1514 res->res.tsf += WPA_GET_BE64(bin);
1519 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd)
1521 return drv->we_version_compiled > 18 &&
1522 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE ||
1523 cmd == IWEVGENIE || cmd == IWEVCUSTOM);
1527 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res,
1528 struct wext_scan_data *data)
1530 struct wpa_scan_res **tmp;
1531 struct wpa_scan_res *r;
1533 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL;
1535 /* Figure out whether we need to fake any IEs */
1537 end = pos + data->ie_len;
1538 while (pos && pos + 1 < end) {
1539 if (pos + 2 + pos[1] > end)
1541 if (pos[0] == WLAN_EID_SSID)
1543 else if (pos[0] == WLAN_EID_SUPP_RATES)
1545 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES)
1551 if (ssid_ie == NULL)
1552 extra_len += 2 + data->ssid_len;
1553 if (rate_ie == NULL && data->maxrate)
1556 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len);
1559 os_memcpy(r, &data->res, sizeof(*r));
1560 r->ie_len = extra_len + data->ie_len;
1561 pos = (u8 *) (r + 1);
1562 if (ssid_ie == NULL) {
1564 * Generate a fake SSID IE since the driver did not report
1567 *pos++ = WLAN_EID_SSID;
1568 *pos++ = data->ssid_len;
1569 os_memcpy(pos, data->ssid, data->ssid_len);
1570 pos += data->ssid_len;
1572 if (rate_ie == NULL && data->maxrate) {
1574 * Generate a fake Supported Rates IE since the driver did not
1575 * report a full IE list.
1577 *pos++ = WLAN_EID_SUPP_RATES;
1579 *pos++ = data->maxrate;
1582 os_memcpy(pos, data->ie, data->ie_len);
1584 tmp = os_realloc(res->res,
1585 (res->num + 1) * sizeof(struct wpa_scan_res *));
1590 tmp[res->num++] = r;
1596 * wpa_driver_wext_get_scan_results - Fetch the latest scan results
1597 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1598 * Returns: Scan results on success, -1 on failure
1600 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv)
1602 struct wpa_driver_wext_data *drv = priv;
1603 size_t ap_num = 0, len;
1606 struct iw_event iwe_buf, *iwe = &iwe_buf;
1607 char *pos, *end, *custom;
1608 struct wpa_scan_results *res;
1609 struct wext_scan_data data;
1612 /* To make sure correctly parse scan results which is impacted by wext
1613 * version, first check range->we_version, if it is default value (0),
1614 * update again here */
1615 if (drv->we_version_compiled == 0)
1616 wpa_driver_wext_get_range(drv);
1619 res_buf = wpa_driver_wext_giwscan(drv, &len);
1620 if (res_buf == NULL)
1626 res = os_zalloc(sizeof(*res));
1632 pos = (char *) res_buf;
1633 end = (char *) res_buf + len;
1634 os_memset(&data, 0, sizeof(data));
1636 while (pos + IW_EV_LCP_LEN <= end) {
1637 /* Event data may be unaligned, so make a local, aligned copy
1638 * before processing. */
1639 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1640 if (iwe->len <= IW_EV_LCP_LEN)
1643 custom = pos + IW_EV_POINT_LEN;
1644 if (wext_19_iw_point(drv, iwe->cmd)) {
1645 /* WE-19 removed the pointer from struct iw_point */
1646 char *dpos = (char *) &iwe_buf.u.data.length;
1647 int dlen = dpos - (char *) &iwe_buf;
1648 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1649 sizeof(struct iw_event) - dlen);
1651 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1652 custom += IW_EV_POINT_OFF;
1658 wpa_driver_wext_add_scan_entry(res, &data);
1661 os_memset(&data, 0, sizeof(data));
1662 os_memcpy(data.res.bssid,
1663 iwe->u.ap_addr.sa_data, ETH_ALEN);
1666 wext_get_scan_mode(iwe, &data);
1669 wext_get_scan_ssid(iwe, &data, custom, end);
1672 wext_get_scan_freq(iwe, &data);
1675 wext_get_scan_qual(iwe, &data);
1678 wext_get_scan_encode(iwe, &data);
1681 wext_get_scan_rate(iwe, &data, pos, end);
1684 wext_get_scan_iwevgenie(iwe, &data, custom, end);
1687 wext_get_scan_custom(iwe, &data, custom, end);
1696 wpa_driver_wext_add_scan_entry(res, &data);
1699 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1700 (unsigned long) len, (unsigned long) res->num);
1706 static int wpa_driver_wext_get_range(void *priv)
1708 struct wpa_driver_wext_data *drv = priv;
1709 struct iw_range *range;
1715 * Use larger buffer than struct iw_range in order to allow the
1716 * structure to grow in the future.
1718 buflen = sizeof(struct iw_range) + 500;
1719 range = os_zalloc(buflen);
1723 os_memset(&iwr, 0, sizeof(iwr));
1724 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1725 iwr.u.data.pointer = (caddr_t) range;
1726 iwr.u.data.length = buflen;
1728 minlen = ((char *) &range->enc_capa) - (char *) range +
1729 sizeof(range->enc_capa);
1731 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1732 wpa_printf(MSG_ERROR, "ioctl[SIOCGIRANGE]");
1735 } else if (iwr.u.data.length >= minlen &&
1736 range->we_version_compiled >= 18) {
1737 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1738 "WE(source)=%d enc_capa=0x%x",
1739 range->we_version_compiled,
1740 range->we_version_source,
1742 drv->has_capability = 1;
1743 drv->we_version_compiled = range->we_version_compiled;
1744 if (range->enc_capa & IW_ENC_CAPA_WPA) {
1745 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1746 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1748 if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1749 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1750 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1752 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1753 WPA_DRIVER_CAPA_ENC_WEP104;
1754 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1755 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1756 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1757 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1758 if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE)
1759 drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
1760 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1761 WPA_DRIVER_AUTH_SHARED |
1762 WPA_DRIVER_AUTH_LEAP;
1764 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x "
1766 drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags);
1768 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1769 "assuming WPA is not supported");
1777 static int wpa_driver_wext_set_wpa(void *priv, int enabled)
1779 struct wpa_driver_wext_data *drv = priv;
1780 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1782 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED,
1787 static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv,
1790 struct iw_encode_ext *ext;
1794 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1796 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1802 os_memset(&iwr, 0, sizeof(iwr));
1803 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1805 ext = os_zalloc(sizeof(*ext) + PMK_LEN);
1809 iwr.u.encoding.pointer = (caddr_t) ext;
1810 iwr.u.encoding.length = sizeof(*ext) + PMK_LEN;
1811 ext->key_len = PMK_LEN;
1812 os_memcpy(&ext->key, psk, ext->key_len);
1813 ext->alg = IW_ENCODE_ALG_PMK;
1815 ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr);
1817 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWENCODEEXT] PMK");
1824 static int wpa_driver_wext_set_key_ext(void *priv, wpa_alg alg,
1825 const u8 *addr, int key_idx,
1826 int set_tx, const u8 *seq,
1828 const u8 *key, size_t key_len)
1830 struct wpa_driver_wext_data *drv = priv;
1833 struct iw_encode_ext *ext;
1835 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) {
1836 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu",
1837 __FUNCTION__, (unsigned long) seq_len);
1841 ext = os_zalloc(sizeof(*ext) + key_len);
1844 os_memset(&iwr, 0, sizeof(iwr));
1845 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1846 iwr.u.encoding.flags = key_idx + 1;
1847 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1848 if (alg == WPA_ALG_NONE)
1849 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1850 iwr.u.encoding.pointer = (caddr_t) ext;
1851 iwr.u.encoding.length = sizeof(*ext) + key_len;
1854 os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0)
1855 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
1857 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
1859 ext->addr.sa_family = ARPHRD_ETHER;
1861 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN);
1863 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN);
1864 if (key && key_len) {
1865 os_memcpy(ext + 1, key, key_len);
1866 ext->key_len = key_len;
1870 ext->alg = IW_ENCODE_ALG_NONE;
1873 ext->alg = IW_ENCODE_ALG_WEP;
1876 ext->alg = IW_ENCODE_ALG_TKIP;
1879 ext->alg = IW_ENCODE_ALG_CCMP;
1882 ext->alg = IW_ENCODE_ALG_PMK;
1884 #ifdef CONFIG_IEEE80211W
1886 ext->alg = IW_ENCODE_ALG_AES_CMAC;
1888 #endif /* CONFIG_IEEE80211W */
1890 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d",
1896 if (seq && seq_len) {
1897 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID;
1898 os_memcpy(ext->rx_seq, seq, seq_len);
1901 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) {
1902 ret = errno == EOPNOTSUPP ? -2 : -1;
1903 if (errno == ENODEV) {
1905 * ndiswrapper seems to be returning incorrect error
1910 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWENCODEEXT]");
1919 * wpa_driver_wext_set_key - Configure encryption key
1920 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1921 * @priv: Private driver interface data
1922 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
1923 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key.
1924 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for
1925 * broadcast/default keys
1926 * @key_idx: key index (0..3), usually 0 for unicast keys
1927 * @set_tx: Configure this key as the default Tx key (only used when
1928 * driver does not support separate unicast/individual key
1929 * @seq: Sequence number/packet number, seq_len octets, the next
1930 * packet number to be used for in replay protection; configured
1931 * for Rx keys (in most cases, this is only used with broadcast
1932 * keys and set to zero for unicast keys)
1933 * @seq_len: Length of the seq, depends on the algorithm:
1934 * TKIP: 6 octets, CCMP: 6 octets
1935 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
1937 * @key_len: Length of the key buffer in octets (WEP: 5 or 13,
1938 * TKIP: 32, CCMP: 16)
1939 * Returns: 0 on success, -1 on failure
1941 * This function uses SIOCSIWENCODEEXT by default, but tries to use
1942 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key.
1944 int wpa_driver_wext_set_key(void *priv, wpa_alg alg,
1945 const u8 *addr, int key_idx,
1946 int set_tx, const u8 *seq, size_t seq_len,
1947 const u8 *key, size_t key_len)
1949 struct wpa_driver_wext_data *drv = priv;
1953 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu "
1955 __FUNCTION__, alg, key_idx, set_tx,
1956 (unsigned long) seq_len, (unsigned long) key_len);
1958 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx,
1959 seq, seq_len, key, key_len);
1964 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) {
1965 wpa_printf(MSG_DEBUG, "Driver did not support "
1966 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE");
1969 wpa_printf(MSG_DEBUG, "Driver did not support "
1970 "SIOCSIWENCODEEXT");
1974 os_memset(&iwr, 0, sizeof(iwr));
1975 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1976 iwr.u.encoding.flags = key_idx + 1;
1977 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1978 if (alg == WPA_ALG_NONE)
1979 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1980 iwr.u.encoding.pointer = (caddr_t) key;
1981 iwr.u.encoding.length = key_len;
1983 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1984 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWENCODE]");
1988 if (set_tx && alg != WPA_ALG_NONE) {
1989 os_memset(&iwr, 0, sizeof(iwr));
1990 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1991 iwr.u.encoding.flags = key_idx + 1;
1992 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1993 iwr.u.encoding.pointer = (caddr_t) NULL;
1994 iwr.u.encoding.length = 0;
1995 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1996 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWENCODE] (set_tx)");
2005 static int wpa_driver_wext_set_countermeasures(void *priv,
2008 struct wpa_driver_wext_data *drv = priv;
2009 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2010 return wpa_driver_wext_set_auth_param(drv,
2011 IW_AUTH_TKIP_COUNTERMEASURES,
2016 static int wpa_driver_wext_set_drop_unencrypted(void *priv,
2019 struct wpa_driver_wext_data *drv = priv;
2020 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2021 drv->use_crypt = enabled;
2022 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
2027 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv,
2028 const u8 *addr, int cmd, int reason_code)
2031 struct iw_mlme mlme;
2034 os_memset(&iwr, 0, sizeof(iwr));
2035 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2036 os_memset(&mlme, 0, sizeof(mlme));
2038 mlme.reason_code = reason_code;
2039 mlme.addr.sa_family = ARPHRD_ETHER;
2040 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
2041 iwr.u.data.pointer = (caddr_t) &mlme;
2042 iwr.u.data.length = sizeof(mlme);
2044 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
2045 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWMLME]");
2053 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv)
2056 const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
2063 * Only force-disconnect when the card is in infrastructure mode,
2064 * otherwise the driver might interpret the cleared BSSID and random
2065 * SSID as an attempt to create a new ad-hoc network.
2067 os_memset(&iwr, 0, sizeof(iwr));
2068 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2069 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
2070 wpa_printf(MSG_ERROR, "ioctl[SIOCGIWMODE]");
2071 iwr.u.mode = IW_MODE_INFRA;
2074 if (iwr.u.mode == IW_MODE_INFRA) {
2076 * Clear the BSSID selection and set a random SSID to make sure
2077 * the driver will not be trying to associate with something
2078 * even if it does not understand SIOCSIWMLME commands (or
2079 * tries to associate automatically after deauth/disassoc).
2081 wpa_driver_wext_set_bssid(drv, null_bssid);
2083 for (i = 0; i < 32; i++)
2084 ssid[i] = rand() & 0xFF;
2085 wpa_driver_wext_set_ssid(drv, ssid, 32);
2091 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr,
2094 struct wpa_driver_wext_data *drv = priv;
2096 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2097 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
2098 wpa_driver_wext_disconnect(drv);
2103 static int wpa_driver_wext_disassociate(void *priv, const u8 *addr,
2106 struct wpa_driver_wext_data *drv = priv;
2108 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2109 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC, reason_code);
2110 wpa_driver_wext_disconnect(drv);
2115 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
2118 struct wpa_driver_wext_data *drv = priv;
2122 os_memset(&iwr, 0, sizeof(iwr));
2123 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2124 iwr.u.data.pointer = (caddr_t) ie;
2125 iwr.u.data.length = ie_len;
2127 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
2128 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWGENIE]");
2136 int wpa_driver_wext_cipher2wext(int cipher)
2140 return IW_AUTH_CIPHER_NONE;
2142 return IW_AUTH_CIPHER_WEP40;
2144 return IW_AUTH_CIPHER_TKIP;
2146 return IW_AUTH_CIPHER_CCMP;
2148 return IW_AUTH_CIPHER_WEP104;
2155 int wpa_driver_wext_keymgmt2wext(int keymgmt)
2158 case KEY_MGMT_802_1X:
2159 case KEY_MGMT_802_1X_NO_WPA:
2160 return IW_AUTH_KEY_MGMT_802_1X;
2162 return IW_AUTH_KEY_MGMT_PSK;
2170 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv,
2171 struct wpa_driver_associate_params *params)
2176 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
2177 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
2179 os_memset(&iwr, 0, sizeof(iwr));
2180 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2181 /* Just changing mode, not actual keys */
2182 iwr.u.encoding.flags = 0;
2183 iwr.u.encoding.pointer = (caddr_t) NULL;
2184 iwr.u.encoding.length = 0;
2187 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
2188 * different things. Here they are used to indicate Open System vs.
2189 * Shared Key authentication algorithm. However, some drivers may use
2190 * them to select between open/restricted WEP encrypted (open = allow
2191 * both unencrypted and encrypted frames; restricted = only allow
2192 * encrypted frames).
2195 if (!drv->use_crypt) {
2196 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
2198 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
2199 iwr.u.encoding.flags |= IW_ENCODE_OPEN;
2200 if (params->auth_alg & AUTH_ALG_SHARED_KEY)
2201 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
2204 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
2205 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWENCODE]");
2213 int wpa_driver_wext_associate(void *priv,
2214 struct wpa_driver_associate_params *params)
2216 struct wpa_driver_wext_data *drv = priv;
2218 int allow_unencrypted_eapol;
2221 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2224 drv->skip_disconnect = 0;
2227 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0) {
2228 if (!(flags & IFF_UP)) {
2229 wpa_driver_wext_set_ifflags(drv, flags | IFF_UP);
2234 * If the driver did not support SIOCSIWAUTH, fallback to
2235 * SIOCSIWENCODE here.
2237 if (drv->auth_alg_fallback &&
2238 wpa_driver_wext_auth_alg_fallback(drv, params) < 0)
2241 if (!params->bssid &&
2242 wpa_driver_wext_set_bssid(drv, NULL) < 0)
2245 /* TODO: should consider getting wpa version and cipher/key_mgmt suites
2246 * from configuration, not from here, where only the selected suite is
2248 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
2251 if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
2252 value = IW_AUTH_WPA_VERSION_DISABLED;
2253 else if (params->wpa_ie[0] == WLAN_EID_RSN)
2254 value = IW_AUTH_WPA_VERSION_WPA2;
2256 value = IW_AUTH_WPA_VERSION_WPA;
2257 if (wpa_driver_wext_set_auth_param(drv,
2258 IW_AUTH_WPA_VERSION, value) < 0)
2260 value = wpa_driver_wext_cipher2wext(params->pairwise_suite);
2261 if (wpa_driver_wext_set_auth_param(drv,
2262 IW_AUTH_CIPHER_PAIRWISE, value) < 0)
2264 value = wpa_driver_wext_cipher2wext(params->group_suite);
2265 if (wpa_driver_wext_set_auth_param(drv,
2266 IW_AUTH_CIPHER_GROUP, value) < 0)
2268 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite);
2269 if (wpa_driver_wext_set_auth_param(drv,
2270 IW_AUTH_KEY_MGMT, value) < 0)
2272 value = params->key_mgmt_suite != KEY_MGMT_NONE ||
2273 params->pairwise_suite != CIPHER_NONE ||
2274 params->group_suite != CIPHER_NONE ||
2276 if (wpa_driver_wext_set_auth_param(drv,
2277 IW_AUTH_PRIVACY_INVOKED, value) < 0)
2280 /* Allow unencrypted EAPOL messages even if pairwise keys are set when
2281 * not using WPA. IEEE 802.1X specifies that these frames are not
2282 * encrypted, but WPA encrypts them when pairwise keys are in use. */
2283 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
2284 params->key_mgmt_suite == KEY_MGMT_PSK)
2285 allow_unencrypted_eapol = 0;
2287 allow_unencrypted_eapol = 1;
2289 if (wpa_driver_wext_set_psk(drv, params->psk) < 0)
2291 if (wpa_driver_wext_set_auth_param(drv,
2292 IW_AUTH_RX_UNENCRYPTED_EAPOL,
2293 allow_unencrypted_eapol) < 0)
2295 #ifdef CONFIG_IEEE80211W
2296 switch (params->mgmt_frame_protection) {
2297 case NO_MGMT_FRAME_PROTECTION:
2298 value = IW_AUTH_MFP_DISABLED;
2300 case MGMT_FRAME_PROTECTION_OPTIONAL:
2301 value = IW_AUTH_MFP_OPTIONAL;
2303 case MGMT_FRAME_PROTECTION_REQUIRED:
2304 value = IW_AUTH_MFP_REQUIRED;
2307 if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0)
2309 #endif /* CONFIG_IEEE80211W */
2310 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0)
2312 if (wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2314 if (params->bssid &&
2315 wpa_driver_wext_set_bssid(drv, params->bssid) < 0)
2322 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
2324 struct wpa_driver_wext_data *drv = priv;
2327 if (auth_alg & AUTH_ALG_OPEN_SYSTEM)
2328 algs |= IW_AUTH_ALG_OPEN_SYSTEM;
2329 if (auth_alg & AUTH_ALG_SHARED_KEY)
2330 algs |= IW_AUTH_ALG_SHARED_KEY;
2331 if (auth_alg & AUTH_ALG_LEAP)
2332 algs |= IW_AUTH_ALG_LEAP;
2334 /* at least one algorithm should be set */
2335 algs = IW_AUTH_ALG_OPEN_SYSTEM;
2338 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
2340 drv->auth_alg_fallback = res == -2;
2346 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
2347 * @priv: Pointer to private wext data from wpa_driver_wext_init()
2348 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2349 * Returns: 0 on success, -1 on failure
2351 int wpa_driver_wext_set_mode(void *priv, int mode)
2353 struct wpa_driver_wext_data *drv = priv;
2355 int ret = -1, flags;
2356 unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA;
2358 os_memset(&iwr, 0, sizeof(iwr));
2359 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2360 iwr.u.mode = new_mode;
2361 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) {
2366 if (errno != EBUSY) {
2367 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWMODE]");
2371 /* mac80211 doesn't allow mode changes while the device is up, so if
2372 * the device isn't in the mode we're about to change to, take device
2373 * down, try to set the mode again, and bring it back up.
2375 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
2376 wpa_printf(MSG_ERROR, "ioctl[SIOCGIWMODE]");
2380 if (iwr.u.mode == new_mode) {
2385 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0) {
2386 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
2388 /* Try to set the mode again while the interface is down */
2389 iwr.u.mode = new_mode;
2390 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0)
2391 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWMODE]");
2395 /* Ignore return value of get_ifflags to ensure that the device
2396 * is always up like it was before this function was called.
2398 (void) wpa_driver_wext_get_ifflags(drv, &flags);
2399 (void) wpa_driver_wext_set_ifflags(drv, flags | IFF_UP);
2407 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv,
2408 u32 cmd, const u8 *bssid, const u8 *pmkid)
2411 struct iw_pmksa pmksa;
2414 os_memset(&iwr, 0, sizeof(iwr));
2415 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2416 os_memset(&pmksa, 0, sizeof(pmksa));
2418 pmksa.bssid.sa_family = ARPHRD_ETHER;
2420 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2422 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2423 iwr.u.data.pointer = (caddr_t) &pmksa;
2424 iwr.u.data.length = sizeof(pmksa);
2426 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2427 if (errno != EOPNOTSUPP)
2428 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPMKSA]");
2436 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid,
2439 struct wpa_driver_wext_data *drv = priv;
2440 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
2444 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid,
2447 struct wpa_driver_wext_data *drv = priv;
2448 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
2452 static int wpa_driver_wext_flush_pmkid(void *priv)
2454 struct wpa_driver_wext_data *drv = priv;
2455 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2459 int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa)
2461 struct wpa_driver_wext_data *drv = priv;
2462 if (!drv->has_capability)
2464 os_memcpy(capa, &drv->capa, sizeof(*capa));
2469 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
2472 if (ifname == NULL) {
2477 drv->ifindex2 = if_nametoindex(ifname);
2478 if (drv->ifindex2 <= 0)
2481 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for "
2482 "wireless events", drv->ifindex2, ifname);
2488 int wpa_driver_wext_set_operstate(void *priv, int state)
2490 struct wpa_driver_wext_data *drv = priv;
2492 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2493 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2494 drv->operstate = state;
2495 return wpa_driver_wext_send_oper_ifla(
2496 drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT);
2500 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv)
2502 return drv->we_version_compiled;
2507 static char *wpa_driver_get_country_code(int channels)
2509 char *country = "US"; /* WEXT_NUMBER_SCAN_CHANNELS_FCC */
2511 if (channels == WEXT_NUMBER_SCAN_CHANNELS_ETSI)
2513 else if( channels == WEXT_NUMBER_SCAN_CHANNELS_MKK1)
2518 static int wpa_driver_priv_driver_cmd( void *priv, char *cmd, char *buf, size_t buf_len )
2520 struct wpa_driver_wext_data *drv = priv;
2521 struct wpa_supplicant *wpa_s = (struct wpa_supplicant *)(drv->ctx);
2525 wpa_printf(MSG_DEBUG, "%s %s len = %d", __func__, cmd, buf_len);
2527 if (!drv->driver_is_started && (os_strcasecmp(cmd, "START") != 0)) {
2528 wpa_printf(MSG_ERROR,"WEXT: Driver not initialized yet");
2532 if (os_strcasecmp(cmd, "RSSI-APPROX") == 0) {
2533 os_strncpy(cmd, "RSSI", MAX_DRV_CMD_SIZE);
2534 } else if( os_strncasecmp(cmd, "SCAN-CHANNELS", 13) == 0 ) {
2537 no_of_chan = atoi(cmd + 13);
2538 os_snprintf(cmd, MAX_DRV_CMD_SIZE, "COUNTRY %s",
2539 wpa_driver_get_country_code(no_of_chan));
2540 } else if (os_strcasecmp(cmd, "STOP") == 0) {
2541 if ((wpa_driver_wext_get_ifflags(drv, &flags) == 0) &&
2543 wpa_printf(MSG_ERROR, "WEXT: %s when iface is UP", cmd);
2544 wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
2546 } else if( os_strcasecmp(cmd, "RELOAD") == 0 ) {
2547 wpa_printf(MSG_DEBUG,"Reload command");
2548 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED");
2552 os_memset(&iwr, 0, sizeof(iwr));
2553 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2554 os_memcpy(buf, cmd, strlen(cmd) + 1);
2555 iwr.u.data.pointer = buf;
2556 iwr.u.data.length = buf_len;
2558 ret = ioctl(drv->ioctl_sock, SIOCSIWPRIV, &iwr);
2561 wpa_printf(MSG_ERROR, "%s failed (%d): %s", __func__, ret, cmd);
2563 if (drv->errors > WEXT_NUMBER_SEQUENTIAL_ERRORS) {
2565 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED");
2570 if ((os_strcasecmp(cmd, "RSSI") == 0) ||
2571 (os_strcasecmp(cmd, "LINKSPEED") == 0) ||
2572 (os_strcasecmp(cmd, "MACADDR") == 0) ||
2573 (os_strcasecmp(cmd, "GETPOWER") == 0) ||
2574 (os_strcasecmp(cmd, "GETBAND") == 0)) {
2576 } else if (os_strcasecmp(cmd, "START") == 0) {
2577 drv->driver_is_started = TRUE;
2578 /* os_sleep(0, WPA_DRIVER_WEXT_WAIT_US);
2579 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STARTED"); */
2580 } else if (os_strcasecmp(cmd, "STOP") == 0) {
2581 drv->driver_is_started = FALSE;
2582 /* wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STOPPED"); */
2584 wpa_printf(MSG_DEBUG, "%s %s len = %d, %d", __func__, buf, ret, strlen(buf));
2591 const struct wpa_driver_ops wpa_driver_wext_ops = {
2593 .desc = "Linux wireless extensions (generic)",
2594 .get_bssid = wpa_driver_wext_get_bssid,
2595 .get_ssid = wpa_driver_wext_get_ssid,
2596 .set_wpa = wpa_driver_wext_set_wpa,
2597 .set_key = wpa_driver_wext_set_key,
2598 .set_countermeasures = wpa_driver_wext_set_countermeasures,
2599 .set_drop_unencrypted = wpa_driver_wext_set_drop_unencrypted,
2600 .scan = wpa_driver_wext_scan,
2601 .combo_scan = wpa_driver_wext_combo_scan,
2602 .get_scan_results2 = wpa_driver_wext_get_scan_results,
2603 .deauthenticate = wpa_driver_wext_deauthenticate,
2604 .disassociate = wpa_driver_wext_disassociate,
2605 .set_mode = wpa_driver_wext_set_mode,
2606 .associate = wpa_driver_wext_associate,
2607 .set_auth_alg = wpa_driver_wext_set_auth_alg,
2608 .init = wpa_driver_wext_init,
2609 .deinit = wpa_driver_wext_deinit,
2610 .add_pmkid = wpa_driver_wext_add_pmkid,
2611 .remove_pmkid = wpa_driver_wext_remove_pmkid,
2612 .flush_pmkid = wpa_driver_wext_flush_pmkid,
2613 .get_capa = wpa_driver_wext_get_capa,
2614 .set_operstate = wpa_driver_wext_set_operstate,
2616 .driver_cmd = wpa_driver_priv_driver_cmd,