2 * WPA Supplicant - driver interaction with generic Linux Wireless Extensions
3 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
14 * This file implements a driver interface for the Linux Wireless Extensions.
15 * When used with WE-18 or newer, this interface can be used as-is with number
16 * of drivers. In addition to this, some of the common functions in this file
17 * can be used by other driver interface implementations that use generic WE
18 * ioctls, but require private ioctls for some of the functionality.
22 #include <sys/ioctl.h>
23 #include <net/if_arp.h>
26 #include "wireless_copy.h"
30 #include "priv_netlink.h"
31 #include "driver_wext.h"
32 #include "ieee802_11_defs.h"
33 #include "wpa_common.h"
35 #include "wpa_supplicant_i.h"
36 #include "config_ssid.h"
39 static int wpa_driver_wext_flush_pmkid(void *priv);
40 static int wpa_driver_wext_get_range(void *priv);
41 static void wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv);
42 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv);
45 static int wpa_driver_wext_send_oper_ifla(struct wpa_driver_wext_data *drv,
46 int linkmode, int operstate)
50 struct ifinfomsg ifinfo;
57 os_memset(&req, 0, sizeof(req));
59 req.hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
60 req.hdr.nlmsg_type = RTM_SETLINK;
61 req.hdr.nlmsg_flags = NLM_F_REQUEST;
62 req.hdr.nlmsg_seq = ++nl_seq;
63 req.hdr.nlmsg_pid = 0;
65 req.ifinfo.ifi_family = AF_UNSPEC;
66 req.ifinfo.ifi_type = 0;
67 req.ifinfo.ifi_index = drv->ifindex;
68 req.ifinfo.ifi_flags = 0;
69 req.ifinfo.ifi_change = 0;
72 rta = aliasing_hide_typecast(
73 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len)),
75 rta->rta_type = IFLA_LINKMODE;
76 rta->rta_len = RTA_LENGTH(sizeof(char));
77 *((char *) RTA_DATA(rta)) = linkmode;
78 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
79 RTA_LENGTH(sizeof(char));
81 if (operstate != -1) {
82 rta = (struct rtattr *)
83 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
84 rta->rta_type = IFLA_OPERSTATE;
85 rta->rta_len = RTA_LENGTH(sizeof(char));
86 *((char *) RTA_DATA(rta)) = operstate;
87 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
88 RTA_LENGTH(sizeof(char));
91 wpa_printf(MSG_DEBUG, "WEXT: Operstate: linkmode=%d, operstate=%d",
94 ret = send(drv->event_sock, &req, req.hdr.nlmsg_len, 0);
96 wpa_printf(MSG_DEBUG, "WEXT: Sending operstate IFLA failed: "
97 "%s (assume operstate is not supported)",
101 return ret < 0 ? -1 : 0;
105 int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv,
111 os_memset(&iwr, 0, sizeof(iwr));
112 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
113 iwr.u.param.flags = idx & IW_AUTH_INDEX;
114 iwr.u.param.value = value;
116 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
117 if (errno != EOPNOTSUPP) {
118 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
119 "value 0x%x) failed: %s)",
120 idx, value, strerror(errno));
122 ret = errno == EOPNOTSUPP ? -2 : -1;
130 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP
131 * @priv: Pointer to private wext data from wpa_driver_wext_init()
132 * @bssid: Buffer for BSSID
133 * Returns: 0 on success, -1 on failure
135 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid)
137 struct wpa_driver_wext_data *drv = priv;
141 os_memset(&iwr, 0, sizeof(iwr));
142 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
144 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
145 wpa_printf(MSG_ERROR, "ioctl[SIOCGIWAP]");
148 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
155 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP
156 * @priv: Pointer to private wext data from wpa_driver_wext_init()
158 * Returns: 0 on success, -1 on failure
160 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid)
162 struct wpa_driver_wext_data *drv = priv;
166 os_memset(&iwr, 0, sizeof(iwr));
167 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
168 iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
170 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
172 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
174 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
175 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWAP]");
184 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID
185 * @priv: Pointer to private wext data from wpa_driver_wext_init()
186 * @ssid: Buffer for the SSID; must be at least 32 bytes long
187 * Returns: SSID length on success, -1 on failure
189 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid)
191 struct wpa_driver_wext_data *drv = priv;
195 os_memset(&iwr, 0, sizeof(iwr));
196 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
197 iwr.u.essid.pointer = (caddr_t) ssid;
198 iwr.u.essid.length = 32;
200 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
201 wpa_printf(MSG_ERROR, "ioctl[SIOCGIWESSID]");
204 ret = iwr.u.essid.length;
207 /* Some drivers include nul termination in the SSID, so let's
208 * remove it here before further processing. WE-21 changes this
209 * to explicitly require the length _not_ to include nul
211 if (ret > 0 && ssid[ret - 1] == '\0' &&
212 drv->we_version_compiled < 21)
221 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID
222 * @priv: Pointer to private wext data from wpa_driver_wext_init()
224 * @ssid_len: Length of SSID (0..32)
225 * Returns: 0 on success, -1 on failure
227 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
229 struct wpa_driver_wext_data *drv = priv;
237 os_memset(&iwr, 0, sizeof(iwr));
238 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
239 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */
240 iwr.u.essid.flags = (ssid_len != 0);
241 os_memset(buf, 0, sizeof(buf));
242 os_memcpy(buf, ssid, ssid_len);
243 iwr.u.essid.pointer = (caddr_t) buf;
244 if (drv->we_version_compiled < 21) {
245 /* For historic reasons, set SSID length to include one extra
246 * character, C string nul termination, even though SSID is
247 * really an octet string that should not be presented as a C
248 * string. Some Linux drivers decrement the length by one and
249 * can thus end up missing the last octet of the SSID if the
250 * length is not incremented here. WE-21 changes this to
251 * explicitly require the length _not_ to include nul
256 iwr.u.essid.length = ssid_len;
258 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
259 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWESSID]");
268 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ
269 * @priv: Pointer to private wext data from wpa_driver_wext_init()
270 * @freq: Frequency in MHz
271 * Returns: 0 on success, -1 on failure
273 int wpa_driver_wext_set_freq(void *priv, int freq)
275 struct wpa_driver_wext_data *drv = priv;
279 os_memset(&iwr, 0, sizeof(iwr));
280 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
281 iwr.u.freq.m = freq * 100000;
284 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
285 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWFREQ]");
294 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
296 union wpa_event_data data;
298 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
301 os_memset(&data, 0, sizeof(data));
303 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
304 data.michael_mic_failure.unicast =
305 os_strstr(custom, " unicast ") != NULL;
306 /* TODO: parse parameters(?) */
307 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
308 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
314 bytes = strspn(spos, "0123456789abcdefABCDEF");
315 if (!bytes || (bytes & 1))
319 data.assoc_info.req_ies = os_malloc(bytes);
320 if (data.assoc_info.req_ies == NULL)
323 data.assoc_info.req_ies_len = bytes;
324 hexstr2bin(spos, data.assoc_info.req_ies, bytes);
328 data.assoc_info.resp_ies = NULL;
329 data.assoc_info.resp_ies_len = 0;
331 if (os_strncmp(spos, " RespIEs=", 9) == 0) {
334 bytes = strspn(spos, "0123456789abcdefABCDEF");
335 if (!bytes || (bytes & 1))
339 data.assoc_info.resp_ies = os_malloc(bytes);
340 if (data.assoc_info.resp_ies == NULL)
343 data.assoc_info.resp_ies_len = bytes;
344 hexstr2bin(spos, data.assoc_info.resp_ies, bytes);
347 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
350 os_free(data.assoc_info.resp_ies);
351 os_free(data.assoc_info.req_ies);
352 #ifdef CONFIG_PEERKEY
353 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
354 if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
355 wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
356 "STKSTART.request '%s'", custom + 17);
359 wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
360 #endif /* CONFIG_PEERKEY */
362 } else if (os_strncmp(custom, "STOP", 4) == 0) {
363 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STOPPED");
364 } else if (os_strncmp(custom, "START", 5) == 0) {
365 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STARTED");
366 } else if (os_strncmp(custom, "HANG", 4) == 0) {
367 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED");
373 static int wpa_driver_wext_event_wireless_michaelmicfailure(
374 void *ctx, const char *ev, size_t len)
376 const struct iw_michaelmicfailure *mic;
377 union wpa_event_data data;
379 if (len < sizeof(*mic))
382 mic = (const struct iw_michaelmicfailure *) ev;
384 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
385 "flags=0x%x src_addr=" MACSTR, mic->flags,
386 MAC2STR(mic->src_addr.sa_data));
388 os_memset(&data, 0, sizeof(data));
389 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
390 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
396 static int wpa_driver_wext_event_wireless_pmkidcand(
397 struct wpa_driver_wext_data *drv, const char *ev, size_t len)
399 const struct iw_pmkid_cand *cand;
400 union wpa_event_data data;
403 if (len < sizeof(*cand))
406 cand = (const struct iw_pmkid_cand *) ev;
407 addr = (const u8 *) cand->bssid.sa_data;
409 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
410 "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
411 cand->index, MAC2STR(addr));
413 os_memset(&data, 0, sizeof(data));
414 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
415 data.pmkid_candidate.index = cand->index;
416 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
417 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
423 static int wpa_driver_wext_event_wireless_assocreqie(
424 struct wpa_driver_wext_data *drv, const char *ev, int len)
429 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
431 os_free(drv->assoc_req_ies);
432 drv->assoc_req_ies = os_malloc(len);
433 if (drv->assoc_req_ies == NULL) {
434 drv->assoc_req_ies_len = 0;
437 os_memcpy(drv->assoc_req_ies, ev, len);
438 drv->assoc_req_ies_len = len;
444 static int wpa_driver_wext_event_wireless_assocrespie(
445 struct wpa_driver_wext_data *drv, const char *ev, int len)
450 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
452 os_free(drv->assoc_resp_ies);
453 drv->assoc_resp_ies = os_malloc(len);
454 if (drv->assoc_resp_ies == NULL) {
455 drv->assoc_resp_ies_len = 0;
458 os_memcpy(drv->assoc_resp_ies, ev, len);
459 drv->assoc_resp_ies_len = len;
465 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv)
467 union wpa_event_data data;
469 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
472 os_memset(&data, 0, sizeof(data));
473 if (drv->assoc_req_ies) {
474 data.assoc_info.req_ies = drv->assoc_req_ies;
475 drv->assoc_req_ies = NULL;
476 data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
478 if (drv->assoc_resp_ies) {
479 data.assoc_info.resp_ies = drv->assoc_resp_ies;
480 drv->assoc_resp_ies = NULL;
481 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
484 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
486 os_free(data.assoc_info.req_ies);
487 os_free(data.assoc_info.resp_ies);
491 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
492 void *ctx, char *data, int len)
494 struct iw_event iwe_buf, *iwe = &iwe_buf;
495 char *pos, *end, *custom, *buf;
500 while (pos + IW_EV_LCP_LEN <= end) {
501 /* Event data may be unaligned, so make a local, aligned copy
502 * before processing. */
503 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
504 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
506 if (iwe->len <= IW_EV_LCP_LEN)
509 custom = pos + IW_EV_POINT_LEN;
510 if (drv->we_version_compiled > 18 &&
511 (iwe->cmd == IWEVMICHAELMICFAILURE ||
512 iwe->cmd == IWEVCUSTOM ||
513 iwe->cmd == IWEVASSOCREQIE ||
514 iwe->cmd == IWEVASSOCRESPIE ||
515 iwe->cmd == IWEVPMKIDCAND)) {
516 /* WE-19 removed the pointer from struct iw_point */
517 char *dpos = (char *) &iwe_buf.u.data.length;
518 int dlen = dpos - (char *) &iwe_buf;
519 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
520 sizeof(struct iw_event) - dlen);
522 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
523 custom += IW_EV_POINT_OFF;
528 wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
530 MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
531 if (is_zero_ether_addr(
532 (const u8 *) iwe->u.ap_addr.sa_data) ||
533 os_memcmp(iwe->u.ap_addr.sa_data,
534 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
536 os_free(drv->assoc_req_ies);
537 drv->assoc_req_ies = NULL;
538 os_free(drv->assoc_resp_ies);
539 drv->assoc_resp_ies = NULL;
541 if (!drv->skip_disconnect) {
542 drv->skip_disconnect = 1;
544 wpa_supplicant_event(ctx, EVENT_DISASSOC,
547 wpa_driver_wext_disconnect(drv);
553 drv->skip_disconnect = 0;
555 wpa_driver_wext_event_assoc_ies(drv);
556 wpa_supplicant_event(ctx, EVENT_ASSOC, NULL);
559 case IWEVMICHAELMICFAILURE:
560 if (custom + iwe->u.data.length > end) {
561 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
562 "IWEVMICHAELMICFAILURE length");
565 wpa_driver_wext_event_wireless_michaelmicfailure(
566 ctx, custom, iwe->u.data.length);
569 if (custom + iwe->u.data.length > end) {
570 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
571 "IWEVCUSTOM length");
574 buf = os_malloc(iwe->u.data.length + 1);
577 os_memcpy(buf, custom, iwe->u.data.length);
578 buf[iwe->u.data.length] = '\0';
579 wpa_driver_wext_event_wireless_custom(ctx, buf);
583 drv->scan_complete_events = 1;
584 eloop_cancel_timeout(wpa_driver_wext_scan_timeout,
586 wpa_supplicant_event(ctx, EVENT_SCAN_RESULTS, NULL);
589 if (custom + iwe->u.data.length > end) {
590 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
591 "IWEVASSOCREQIE length");
594 wpa_driver_wext_event_wireless_assocreqie(
595 drv, custom, iwe->u.data.length);
597 case IWEVASSOCRESPIE:
598 if (custom + iwe->u.data.length > end) {
599 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
600 "IWEVASSOCRESPIE length");
603 wpa_driver_wext_event_wireless_assocrespie(
604 drv, custom, iwe->u.data.length);
607 if (custom + iwe->u.data.length > end) {
608 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
609 "IWEVPMKIDCAND length");
612 wpa_driver_wext_event_wireless_pmkidcand(
613 drv, custom, iwe->u.data.length);
622 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv,
623 void *ctx, char *buf, size_t len,
626 union wpa_event_data event;
628 os_memset(&event, 0, sizeof(event));
629 if (len > sizeof(event.interface_status.ifname))
630 len = sizeof(event.interface_status.ifname) - 1;
631 os_memcpy(event.interface_status.ifname, buf, len);
632 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
633 EVENT_INTERFACE_ADDED;
635 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
637 event.interface_status.ifname,
638 del ? "removed" : "added");
640 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
647 wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event);
651 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv,
654 struct ifinfomsg *ifi;
655 int attrlen, nlmsg_len, rta_len;
660 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
662 attrlen = h->nlmsg_len - nlmsg_len;
666 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
668 rta_len = RTA_ALIGN(sizeof(struct rtattr));
669 while (RTA_OK(attr, attrlen)) {
670 if (attr->rta_type == IFLA_IFNAME) {
671 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
677 attr = RTA_NEXT(attr, attrlen);
684 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv,
685 int ifindex, struct nlmsghdr *h)
687 if (drv->ifindex == ifindex || drv->ifindex2 == ifindex)
690 if (drv->if_removed && wpa_driver_wext_own_ifname(drv, h)) {
691 drv->ifindex = if_nametoindex(drv->ifname);
692 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed "
694 wpa_driver_wext_finish_drv_init(drv);
702 static void wpa_driver_wext_event_rtm_newlink(struct wpa_driver_wext_data *drv,
703 void *ctx, struct nlmsghdr *h,
706 struct ifinfomsg *ifi;
707 int attrlen, nlmsg_len, rta_len;
708 struct rtattr * attr;
710 if (len < sizeof(*ifi))
715 if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, h)) {
716 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
721 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
723 drv->operstate, ifi->ifi_flags,
724 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
725 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
726 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
727 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
729 * Some drivers send the association event before the operup event--in
730 * this case, lifting operstate in wpa_driver_wext_set_operstate()
731 * fails. This will hit us when wpa_supplicant does not need to do
732 * IEEE 802.1X authentication
734 if (drv->operstate == 1 &&
735 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
736 !(ifi->ifi_flags & IFF_RUNNING))
737 wpa_driver_wext_send_oper_ifla(drv, -1, IF_OPER_UP);
739 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
741 attrlen = h->nlmsg_len - nlmsg_len;
745 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
747 rta_len = RTA_ALIGN(sizeof(struct rtattr));
748 while (RTA_OK(attr, attrlen)) {
749 if (attr->rta_type == IFLA_WIRELESS) {
750 wpa_driver_wext_event_wireless(
751 drv, ctx, ((char *) attr) + rta_len,
752 attr->rta_len - rta_len);
753 } else if (attr->rta_type == IFLA_IFNAME) {
754 wpa_driver_wext_event_link(drv, ctx,
755 ((char *) attr) + rta_len,
756 attr->rta_len - rta_len, 0);
758 attr = RTA_NEXT(attr, attrlen);
763 static void wpa_driver_wext_event_rtm_dellink(struct wpa_driver_wext_data *drv,
764 void *ctx, struct nlmsghdr *h,
767 struct ifinfomsg *ifi;
768 int attrlen, nlmsg_len, rta_len;
769 struct rtattr * attr;
771 if (len < sizeof(*ifi))
776 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
778 attrlen = h->nlmsg_len - nlmsg_len;
782 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
784 rta_len = RTA_ALIGN(sizeof(struct rtattr));
785 while (RTA_OK(attr, attrlen)) {
786 if (attr->rta_type == IFLA_IFNAME) {
787 wpa_driver_wext_event_link(drv, ctx,
788 ((char *) attr) + rta_len,
789 attr->rta_len - rta_len, 1);
791 attr = RTA_NEXT(attr, attrlen);
796 static void wpa_driver_wext_event_receive(int sock, void *eloop_ctx,
801 struct sockaddr_nl from;
807 fromlen = sizeof(from);
808 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
809 (struct sockaddr *) &from, &fromlen);
811 if (errno != EINTR && errno != EAGAIN)
812 wpa_printf(MSG_ERROR, "%s: recvfrom(netlink): %d", __func__, errno);
816 h = (struct nlmsghdr *) buf;
817 while (left >= (int) sizeof(*h)) {
821 plen = len - sizeof(*h);
822 if (len > left || plen < 0) {
823 wpa_printf(MSG_DEBUG, "Malformed netlink message: "
824 "len=%d left=%d plen=%d",
829 switch (h->nlmsg_type) {
831 wpa_driver_wext_event_rtm_newlink(eloop_ctx, sock_ctx,
835 wpa_driver_wext_event_rtm_dellink(eloop_ctx, sock_ctx,
840 len = NLMSG_ALIGN(len);
842 h = (struct nlmsghdr *) ((char *) h + len);
846 wpa_printf(MSG_DEBUG, "%d extra bytes in the end of netlink "
850 if (--max_events > 0) {
852 * Try to receive all events in one eloop call in order to
853 * limit race condition on cases where AssocInfo event, Assoc
854 * event, and EAPOL frames are received more or less at the
855 * same time. We want to process the event messages first
856 * before starting EAPOL processing.
863 static int wpa_driver_wext_get_ifflags_ifname(struct wpa_driver_wext_data *drv,
864 const char *ifname, int *flags)
868 os_memset(&ifr, 0, sizeof(ifr));
869 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
870 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
871 wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]");
874 *flags = ifr.ifr_flags & 0xffff;
880 * wpa_driver_wext_get_ifflags - Get interface flags (SIOCGIFFLAGS)
881 * @drv: driver_wext private data
882 * @flags: Pointer to returned flags value
883 * Returns: 0 on success, -1 on failure
885 int wpa_driver_wext_get_ifflags(struct wpa_driver_wext_data *drv, int *flags)
887 return wpa_driver_wext_get_ifflags_ifname(drv, drv->ifname, flags);
891 static int wpa_driver_wext_set_ifflags_ifname(struct wpa_driver_wext_data *drv,
892 const char *ifname, int flags)
896 os_memset(&ifr, 0, sizeof(ifr));
897 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
898 ifr.ifr_flags = flags & 0xffff;
899 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
900 wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]");
908 * wpa_driver_wext_set_ifflags - Set interface flags (SIOCSIFFLAGS)
909 * @drv: driver_wext private data
910 * @flags: New value for flags
911 * Returns: 0 on success, -1 on failure
913 int wpa_driver_wext_set_ifflags(struct wpa_driver_wext_data *drv, int flags)
915 return wpa_driver_wext_set_ifflags_ifname(drv, drv->ifname, flags);
920 * wpa_driver_wext_init - Initialize WE driver interface
921 * @ctx: context to be used when calling wpa_supplicant functions,
922 * e.g., wpa_supplicant_event()
923 * @ifname: interface name, e.g., wlan0
924 * Returns: Pointer to private data, %NULL on failure
926 void * wpa_driver_wext_init(void *ctx, const char *ifname)
929 struct sockaddr_nl local;
930 struct wpa_driver_wext_data *drv;
932 drv = os_zalloc(sizeof(*drv));
936 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
938 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
939 if (drv->ioctl_sock < 0) {
940 wpa_printf(MSG_ERROR, "%s: socket(PF_INET,SOCK_DGRAM)", __func__);
945 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
947 wpa_printf(MSG_ERROR, "%s: socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)", __func__);
948 close(drv->ioctl_sock);
953 os_memset(&local, 0, sizeof(local));
954 local.nl_family = AF_NETLINK;
955 local.nl_groups = RTMGRP_LINK;
956 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
957 wpa_printf(MSG_ERROR, "bind(netlink)");
959 close(drv->ioctl_sock);
964 eloop_register_read_sock(s, wpa_driver_wext_event_receive, drv, ctx);
970 drv->driver_is_started = TRUE;
971 drv->skip_disconnect = 0;
973 wpa_driver_wext_finish_drv_init(drv);
979 static void wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv)
983 if (wpa_driver_wext_get_ifflags(drv, &flags) != 0)
984 printf("Could not get interface '%s' flags\n", drv->ifname);
985 else if (!(flags & IFF_UP)) {
986 if (wpa_driver_wext_set_ifflags(drv, flags | IFF_UP) != 0) {
987 printf("Could not set interface '%s' UP\n",
991 * Wait some time to allow driver to initialize before
992 * starting configuring the driver. This seems to be
993 * needed at least some drivers that load firmware etc.
994 * when the interface is set up.
996 wpa_printf(MSG_DEBUG, "Interface %s set UP - waiting "
997 "a second for the driver to complete "
998 "initialization", drv->ifname);
1004 * Make sure that the driver does not have any obsolete PMKID entries.
1006 wpa_driver_wext_flush_pmkid(drv);
1008 if (wpa_driver_wext_set_mode(drv, 0) < 0) {
1009 printf("Could not configure driver to use managed mode\n");
1012 wpa_driver_wext_get_range(drv);
1015 * Unlock the driver's BSSID and force to a random SSID to clear any
1016 * previous association the driver might have when the supplicant
1019 wpa_driver_wext_disconnect(drv);
1021 drv->ifindex = if_nametoindex(drv->ifname);
1023 if (os_strncmp(drv->ifname, "wlan", 4) == 0) {
1025 * Host AP driver may use both wlan# and wifi# interface in
1026 * wireless events. Since some of the versions included WE-18
1027 * support, let's add the alternative ifindex also from
1028 * driver_wext.c for the time being. This may be removed at
1029 * some point once it is believed that old versions of the
1030 * driver are not in use anymore.
1032 char ifname2[IFNAMSIZ + 1];
1033 os_strlcpy(ifname2, drv->ifname, sizeof(ifname2));
1034 os_memcpy(ifname2, "wifi", 4);
1035 wpa_driver_wext_alternative_ifindex(drv, ifname2);
1038 wpa_driver_wext_send_oper_ifla(drv, 1, IF_OPER_DORMANT);
1043 * wpa_driver_wext_deinit - Deinitialize WE driver interface
1044 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1046 * Shut down driver interface and processing of driver events. Free
1047 * private data buffer if one was allocated in wpa_driver_wext_init().
1049 void wpa_driver_wext_deinit(void *priv)
1051 struct wpa_driver_wext_data *drv = priv;
1054 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1057 * Clear possibly configured driver parameters in order to make it
1058 * easier to use the driver after wpa_supplicant has been terminated.
1060 wpa_driver_wext_disconnect(drv);
1062 wpa_driver_wext_send_oper_ifla(priv, 0, IF_OPER_UP);
1064 eloop_unregister_read_sock(drv->event_sock);
1065 if (drv->mlme_sock >= 0)
1066 eloop_unregister_read_sock(drv->mlme_sock);
1068 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0)
1069 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
1071 close(drv->event_sock);
1072 close(drv->ioctl_sock);
1073 if (drv->mlme_sock >= 0)
1074 close(drv->mlme_sock);
1075 os_free(drv->assoc_req_ies);
1076 os_free(drv->assoc_resp_ies);
1081 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion
1082 * @eloop_ctx: Unused
1083 * @timeout_ctx: ctx argument given to wpa_driver_wext_init()
1085 * This function can be used as registered timeout when starting a scan to
1086 * generate a scan completed event if the driver does not report this.
1088 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1090 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1091 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1095 * wpa_driver_wext_set_scan_timeout - Set scan timeout to report scan completion
1096 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1098 * This function can be used to set registered timeout when starting a scan to
1099 * generate a scan completed event if the driver does not report this.
1101 static void wpa_driver_wext_set_scan_timeout(void *priv)
1103 struct wpa_driver_wext_data *drv = priv;
1104 int timeout = 10; /* In case scan A and B bands it can be long */
1106 /* Not all drivers generate "scan completed" wireless event, so try to
1107 * read results after a timeout. */
1108 if (drv->scan_complete_events) {
1110 * The driver seems to deliver SIOCGIWSCAN events to notify
1111 * when scan is complete, so use longer timeout to avoid race
1112 * conditions with scanning and following association request.
1116 wpa_printf(MSG_DEBUG, "Scan requested - scan timeout %d seconds",
1118 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1119 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv,
1124 * wpa_driver_wext_scan - Request the driver to initiate scan
1125 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1126 * @ssid: Specific SSID to scan for (ProbeReq) or %NULL to scan for
1127 * all SSIDs (either active scan with broadcast SSID or passive
1129 * @ssid_len: Length of the SSID
1130 * Returns: 0 on success, -1 on failure
1132 int wpa_driver_wext_scan(void *priv, const u8 *ssid, size_t ssid_len)
1134 struct wpa_driver_wext_data *drv = priv;
1137 struct iw_scan_req req;
1139 struct wpa_supplicant *wpa_s = (struct wpa_supplicant *)(drv->ctx);
1140 int scan_probe_flag = 0;
1143 wpa_printf(MSG_ERROR, "%s: Start", __func__);
1145 if (ssid_len > IW_ESSID_MAX_SIZE) {
1146 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
1147 __FUNCTION__, (unsigned long) ssid_len);
1151 os_memset(&iwr, 0, sizeof(iwr));
1152 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1155 if (wpa_s->prev_scan_ssid != BROADCAST_SSID_SCAN) {
1156 scan_probe_flag = wpa_s->prev_scan_ssid->scan_ssid;
1158 wpa_printf(MSG_DEBUG, "%s: specific scan = %d", __func__,
1159 (scan_probe_flag && (ssid && ssid_len)) ? 1 : 0);
1160 if (scan_probe_flag && (ssid && ssid_len)) {
1162 if (ssid && ssid_len) {
1164 os_memset(&req, 0, sizeof(req));
1165 req.essid_len = ssid_len;
1166 req.bssid.sa_family = ARPHRD_ETHER;
1167 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
1168 os_memcpy(req.essid, ssid, ssid_len);
1169 iwr.u.data.pointer = (caddr_t) &req;
1170 iwr.u.data.length = sizeof(req);
1171 iwr.u.data.flags = IW_SCAN_THIS_ESSID;
1174 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
1175 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWSCAN]");
1179 wpa_driver_wext_set_scan_timeout(priv);
1185 * wpa_driver_wext_combo_scan - Request the driver to initiate combo scan
1186 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1187 * @ssid_ptr: Pointer to current SSID from configuration list or %NULL to
1188 * scan for all SSIDs (either active scan with broadcast SSID or passive
1190 * @ssid_conf: SSID list from the configuration
1191 * Returns: 0 on success, -1 on failure
1192 * Also updates @ssid_ptr to next specific scan item
1194 int wpa_driver_wext_combo_scan(void *priv, struct wpa_ssid **ssid_ptr,
1195 struct wpa_ssid *ssid_conf)
1197 char buf[WEXT_CSCAN_BUF_LEN];
1198 struct wpa_driver_wext_data *drv = priv;
1200 int ret = 0, timeout, i = 0, bp;
1201 struct wpa_ssid *ssid, *ssid_orig;
1203 size_t ssid_len = 0;
1205 struct wpa_supplicant *wpa_s = (struct wpa_supplicant *)(drv->ctx);
1206 int scan_probe_flag = 0;
1208 if (!drv->driver_is_started) {
1209 wpa_printf(MSG_ERROR, "%s: Driver stopped", __func__);
1213 wpa_printf(MSG_ERROR, "%s: Start", __func__);
1215 /* Set list of SSIDs */
1216 ssid_orig = (*ssid_ptr);
1217 ssid = (*ssid_ptr) ? (*ssid_ptr) : ssid_conf;
1218 bp = WEXT_CSCAN_HEADER_SIZE;
1219 os_memcpy(buf, WEXT_CSCAN_HEADER, bp);
1220 while (i < WEXT_CSCAN_AMOUNT) {
1221 if ((bp + IW_ESSID_MAX_SIZE + 10) >= (int)sizeof(buf))
1226 if (!ssid->disabled && ssid->scan_ssid) {
1227 wpa_printf(MSG_DEBUG, "For Scan: %s", ssid->ssid);
1228 buf[bp++] = WEXT_CSCAN_SSID_SECTION;
1229 buf[bp++] = ssid->ssid_len;
1230 os_memcpy(&buf[bp], ssid->ssid, ssid->ssid_len);
1231 bp += ssid->ssid_len;
1237 /* Set list of channels */
1238 buf[bp++] = WEXT_CSCAN_CHANNEL_SECTION;
1241 /* Set passive dwell time (default is 250) */
1242 buf[bp++] = WEXT_CSCAN_PASV_DWELL_SECTION;
1243 buf[bp++] = (u8)WEXT_CSCAN_PASV_DWELL_TIME;
1244 buf[bp++] = (u8)(WEXT_CSCAN_PASV_DWELL_TIME >> 8);
1246 /* Set home dwell time (default is 40) */
1247 buf[bp++] = WEXT_CSCAN_HOME_DWELL_SECTION;
1248 buf[bp++] = (u8)WEXT_CSCAN_HOME_DWELL_TIME;
1249 buf[bp++] = (u8)(WEXT_CSCAN_HOME_DWELL_TIME >> 8);
1251 os_memset(&iwr, 0, sizeof(iwr));
1252 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1253 iwr.u.data.pointer = buf;
1254 iwr.u.data.length = bp;
1256 if ((ret = ioctl(drv->ioctl_sock, SIOCSIWPRIV, &iwr)) < 0) {
1257 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (cscan): %d", ret);
1258 *ssid_ptr = ssid_orig;
1259 /* goto old_scan; */
1262 wpa_driver_wext_set_scan_timeout(priv);
1268 ssid_nm = (*ssid_ptr)->ssid;
1269 ssid_len = (*ssid_ptr)->ssid_len;
1272 return wpa_driver_wext_scan(priv, ssid_nm, ssid_len);
1276 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv,
1283 res_buf_len = IW_SCAN_MAX_DATA;
1285 res_buf = os_malloc(res_buf_len);
1286 if (res_buf == NULL)
1288 os_memset(&iwr, 0, sizeof(iwr));
1289 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1290 iwr.u.data.pointer = res_buf;
1291 iwr.u.data.length = res_buf_len;
1293 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
1296 if (errno == E2BIG && res_buf_len < 65535) {
1300 if (res_buf_len > 65535)
1301 res_buf_len = 65535; /* 16-bit length field */
1302 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
1303 "trying larger buffer (%lu bytes)",
1304 (unsigned long) res_buf_len);
1306 wpa_printf(MSG_ERROR, "ioctl[SIOCGIWSCAN]: %d", errno);
1312 if (iwr.u.data.length > res_buf_len) {
1316 *len = iwr.u.data.length;
1323 * Data structure for collecting WEXT scan results. This is needed to allow
1324 * the various methods of reporting IEs to be combined into a single IE buffer.
1326 struct wext_scan_data {
1327 struct wpa_scan_res res;
1336 static void wext_get_scan_mode(struct iw_event *iwe,
1337 struct wext_scan_data *res)
1339 if (iwe->u.mode == IW_MODE_ADHOC)
1340 res->res.caps |= IEEE80211_CAP_IBSS;
1341 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA)
1342 res->res.caps |= IEEE80211_CAP_ESS;
1346 static void wext_get_scan_ssid(struct iw_event *iwe,
1347 struct wext_scan_data *res, char *custom,
1350 int ssid_len = iwe->u.essid.length;
1351 if (custom + ssid_len > end)
1353 if (iwe->u.essid.flags &&
1355 ssid_len <= IW_ESSID_MAX_SIZE) {
1356 os_memcpy(res->ssid, custom, ssid_len);
1357 res->ssid_len = ssid_len;
1362 static void wext_get_scan_freq(struct iw_event *iwe,
1363 struct wext_scan_data *res)
1365 int divi = 1000000, i;
1367 if (iwe->u.freq.e == 0) {
1369 * Some drivers do not report frequency, but a channel.
1370 * Try to map this to frequency by assuming they are using
1371 * IEEE 802.11b/g. But don't overwrite a previously parsed
1372 * frequency if the driver sends both frequency and channel,
1373 * since the driver may be sending an A-band channel that we
1374 * don't handle here.
1380 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
1381 res->res.freq = 2407 + 5 * iwe->u.freq.m;
1383 } else if (iwe->u.freq.m == 14) {
1384 res->res.freq = 2484;
1389 if (iwe->u.freq.e > 6) {
1390 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID="
1391 MACSTR " m=%d e=%d)",
1392 MAC2STR(res->res.bssid), iwe->u.freq.m,
1397 for (i = 0; i < iwe->u.freq.e; i++)
1399 res->res.freq = iwe->u.freq.m / divi;
1403 static void wext_get_scan_qual(struct iw_event *iwe,
1404 struct wext_scan_data *res)
1406 res->res.qual = iwe->u.qual.qual;
1407 res->res.noise = iwe->u.qual.noise;
1408 res->res.level = iwe->u.qual.level;
1412 static void wext_get_scan_encode(struct iw_event *iwe,
1413 struct wext_scan_data *res)
1415 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED))
1416 res->res.caps |= IEEE80211_CAP_PRIVACY;
1420 static void wext_get_scan_rate(struct iw_event *iwe,
1421 struct wext_scan_data *res, char *pos,
1425 char *custom = pos + IW_EV_LCP_LEN;
1430 if (custom + clen > end)
1433 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
1434 /* Note: may be misaligned, make a local, aligned copy */
1435 os_memcpy(&p, custom, sizeof(struct iw_param));
1436 if (p.value > maxrate)
1438 clen -= sizeof(struct iw_param);
1439 custom += sizeof(struct iw_param);
1442 /* Convert the maxrate from WE-style (b/s units) to
1443 * 802.11 rates (500000 b/s units).
1445 res->maxrate = maxrate / 500000;
1449 static void wext_get_scan_iwevgenie(struct iw_event *iwe,
1450 struct wext_scan_data *res, char *custom,
1453 char *genie, *gpos, *gend;
1456 if (iwe->u.data.length == 0)
1459 gpos = genie = custom;
1460 gend = genie + iwe->u.data.length;
1462 wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1466 tmp = os_realloc(res->ie, res->ie_len + gend - gpos);
1469 os_memcpy(tmp + res->ie_len, gpos, gend - gpos);
1471 res->ie_len += gend - gpos;
1475 static void wext_get_scan_custom(struct iw_event *iwe,
1476 struct wext_scan_data *res, char *custom,
1482 clen = iwe->u.data.length;
1483 if (custom + clen > end)
1486 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
1490 bytes = custom + clen - spos;
1491 if (bytes & 1 || bytes == 0)
1494 tmp = os_realloc(res->ie, res->ie_len + bytes);
1497 hexstr2bin(spos, tmp + res->ie_len, bytes);
1499 res->ie_len += bytes;
1500 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) {
1504 bytes = custom + clen - spos;
1505 if (bytes & 1 || bytes == 0)
1508 tmp = os_realloc(res->ie, res->ie_len + bytes);
1511 hexstr2bin(spos, tmp + res->ie_len, bytes);
1513 res->ie_len += bytes;
1514 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) {
1519 bytes = custom + clen - spos;
1521 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
1525 hexstr2bin(spos, bin, bytes);
1526 res->res.tsf += WPA_GET_BE64(bin);
1531 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd)
1533 return drv->we_version_compiled > 18 &&
1534 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE ||
1535 cmd == IWEVGENIE || cmd == IWEVCUSTOM);
1539 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res,
1540 struct wext_scan_data *data)
1542 struct wpa_scan_res **tmp;
1543 struct wpa_scan_res *r;
1545 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL;
1547 /* Figure out whether we need to fake any IEs */
1549 end = pos + data->ie_len;
1550 while (pos && pos + 1 < end) {
1551 if (pos + 2 + pos[1] > end)
1553 if (pos[0] == WLAN_EID_SSID)
1555 else if (pos[0] == WLAN_EID_SUPP_RATES)
1557 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES)
1563 if (ssid_ie == NULL)
1564 extra_len += 2 + data->ssid_len;
1565 if (rate_ie == NULL && data->maxrate)
1568 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len);
1571 os_memcpy(r, &data->res, sizeof(*r));
1572 r->ie_len = extra_len + data->ie_len;
1573 pos = (u8 *) (r + 1);
1574 if (ssid_ie == NULL) {
1576 * Generate a fake SSID IE since the driver did not report
1579 *pos++ = WLAN_EID_SSID;
1580 *pos++ = data->ssid_len;
1581 os_memcpy(pos, data->ssid, data->ssid_len);
1582 pos += data->ssid_len;
1584 if (rate_ie == NULL && data->maxrate) {
1586 * Generate a fake Supported Rates IE since the driver did not
1587 * report a full IE list.
1589 *pos++ = WLAN_EID_SUPP_RATES;
1591 *pos++ = data->maxrate;
1594 os_memcpy(pos, data->ie, data->ie_len);
1596 tmp = os_realloc(res->res,
1597 (res->num + 1) * sizeof(struct wpa_scan_res *));
1602 tmp[res->num++] = r;
1608 * wpa_driver_wext_get_scan_results - Fetch the latest scan results
1609 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1610 * Returns: Scan results on success, -1 on failure
1612 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv)
1614 struct wpa_driver_wext_data *drv = priv;
1615 size_t ap_num = 0, len;
1618 struct iw_event iwe_buf, *iwe = &iwe_buf;
1619 char *pos, *end, *custom;
1620 struct wpa_scan_results *res;
1621 struct wext_scan_data data;
1624 /* To make sure correctly parse scan results which is impacted by wext
1625 * version, first check range->we_version, if it is default value (0),
1626 * update again here */
1627 if (drv->we_version_compiled == 0)
1628 wpa_driver_wext_get_range(drv);
1631 res_buf = wpa_driver_wext_giwscan(drv, &len);
1632 if (res_buf == NULL)
1638 res = os_zalloc(sizeof(*res));
1644 pos = (char *) res_buf;
1645 end = (char *) res_buf + len;
1646 os_memset(&data, 0, sizeof(data));
1648 while (pos + IW_EV_LCP_LEN <= end) {
1649 /* Event data may be unaligned, so make a local, aligned copy
1650 * before processing. */
1651 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1652 if (iwe->len <= IW_EV_LCP_LEN)
1655 custom = pos + IW_EV_POINT_LEN;
1656 if (wext_19_iw_point(drv, iwe->cmd)) {
1657 /* WE-19 removed the pointer from struct iw_point */
1658 char *dpos = (char *) &iwe_buf.u.data.length;
1659 int dlen = dpos - (char *) &iwe_buf;
1660 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1661 sizeof(struct iw_event) - dlen);
1663 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1664 custom += IW_EV_POINT_OFF;
1670 wpa_driver_wext_add_scan_entry(res, &data);
1673 os_memset(&data, 0, sizeof(data));
1674 os_memcpy(data.res.bssid,
1675 iwe->u.ap_addr.sa_data, ETH_ALEN);
1678 wext_get_scan_mode(iwe, &data);
1681 wext_get_scan_ssid(iwe, &data, custom, end);
1684 wext_get_scan_freq(iwe, &data);
1687 wext_get_scan_qual(iwe, &data);
1690 wext_get_scan_encode(iwe, &data);
1693 wext_get_scan_rate(iwe, &data, pos, end);
1696 wext_get_scan_iwevgenie(iwe, &data, custom, end);
1699 wext_get_scan_custom(iwe, &data, custom, end);
1708 wpa_driver_wext_add_scan_entry(res, &data);
1711 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1712 (unsigned long) len, (unsigned long) res->num);
1718 static int wpa_driver_wext_get_range(void *priv)
1720 struct wpa_driver_wext_data *drv = priv;
1721 struct iw_range *range;
1727 * Use larger buffer than struct iw_range in order to allow the
1728 * structure to grow in the future.
1730 buflen = sizeof(struct iw_range) + 500;
1731 range = os_zalloc(buflen);
1735 os_memset(&iwr, 0, sizeof(iwr));
1736 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1737 iwr.u.data.pointer = (caddr_t) range;
1738 iwr.u.data.length = buflen;
1740 minlen = ((char *) &range->enc_capa) - (char *) range +
1741 sizeof(range->enc_capa);
1743 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1744 wpa_printf(MSG_ERROR, "ioctl[SIOCGIRANGE]");
1747 } else if (iwr.u.data.length >= minlen &&
1748 range->we_version_compiled >= 18) {
1749 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1750 "WE(source)=%d enc_capa=0x%x",
1751 range->we_version_compiled,
1752 range->we_version_source,
1754 drv->has_capability = 1;
1755 drv->we_version_compiled = range->we_version_compiled;
1756 if (range->enc_capa & IW_ENC_CAPA_WPA) {
1757 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1758 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1760 if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1761 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1762 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1764 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1765 WPA_DRIVER_CAPA_ENC_WEP104;
1766 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1767 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1768 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1769 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1770 if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE)
1771 drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
1772 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1773 WPA_DRIVER_AUTH_SHARED |
1774 WPA_DRIVER_AUTH_LEAP;
1776 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x "
1778 drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags);
1780 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1781 "assuming WPA is not supported");
1789 static int wpa_driver_wext_set_wpa(void *priv, int enabled)
1791 struct wpa_driver_wext_data *drv = priv;
1792 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1794 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED,
1799 static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv,
1802 struct iw_encode_ext *ext;
1806 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1808 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1814 os_memset(&iwr, 0, sizeof(iwr));
1815 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1817 ext = os_zalloc(sizeof(*ext) + PMK_LEN);
1821 iwr.u.encoding.pointer = (caddr_t) ext;
1822 iwr.u.encoding.length = sizeof(*ext) + PMK_LEN;
1823 ext->key_len = PMK_LEN;
1824 os_memcpy(&ext->key, psk, ext->key_len);
1825 ext->alg = IW_ENCODE_ALG_PMK;
1827 ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr);
1829 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWENCODEEXT] PMK");
1836 static int wpa_driver_wext_set_key_ext(void *priv, wpa_alg alg,
1837 const u8 *addr, int key_idx,
1838 int set_tx, const u8 *seq,
1840 const u8 *key, size_t key_len)
1842 struct wpa_driver_wext_data *drv = priv;
1845 struct iw_encode_ext *ext;
1847 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) {
1848 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu",
1849 __FUNCTION__, (unsigned long) seq_len);
1853 ext = os_zalloc(sizeof(*ext) + key_len);
1856 os_memset(&iwr, 0, sizeof(iwr));
1857 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1858 iwr.u.encoding.flags = key_idx + 1;
1859 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1860 if (alg == WPA_ALG_NONE)
1861 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1862 iwr.u.encoding.pointer = (caddr_t) ext;
1863 iwr.u.encoding.length = sizeof(*ext) + key_len;
1866 os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0)
1867 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
1869 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
1871 ext->addr.sa_family = ARPHRD_ETHER;
1873 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN);
1875 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN);
1876 if (key && key_len) {
1877 os_memcpy(ext + 1, key, key_len);
1878 ext->key_len = key_len;
1882 ext->alg = IW_ENCODE_ALG_NONE;
1885 ext->alg = IW_ENCODE_ALG_WEP;
1888 ext->alg = IW_ENCODE_ALG_TKIP;
1891 ext->alg = IW_ENCODE_ALG_CCMP;
1894 ext->alg = IW_ENCODE_ALG_PMK;
1896 #ifdef CONFIG_IEEE80211W
1898 ext->alg = IW_ENCODE_ALG_AES_CMAC;
1900 #endif /* CONFIG_IEEE80211W */
1902 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d",
1908 if (seq && seq_len) {
1909 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID;
1910 os_memcpy(ext->rx_seq, seq, seq_len);
1913 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) {
1914 ret = errno == EOPNOTSUPP ? -2 : -1;
1915 if (errno == ENODEV) {
1917 * ndiswrapper seems to be returning incorrect error
1922 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWENCODEEXT]");
1931 * wpa_driver_wext_set_key - Configure encryption key
1932 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1933 * @priv: Private driver interface data
1934 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
1935 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key.
1936 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for
1937 * broadcast/default keys
1938 * @key_idx: key index (0..3), usually 0 for unicast keys
1939 * @set_tx: Configure this key as the default Tx key (only used when
1940 * driver does not support separate unicast/individual key
1941 * @seq: Sequence number/packet number, seq_len octets, the next
1942 * packet number to be used for in replay protection; configured
1943 * for Rx keys (in most cases, this is only used with broadcast
1944 * keys and set to zero for unicast keys)
1945 * @seq_len: Length of the seq, depends on the algorithm:
1946 * TKIP: 6 octets, CCMP: 6 octets
1947 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
1949 * @key_len: Length of the key buffer in octets (WEP: 5 or 13,
1950 * TKIP: 32, CCMP: 16)
1951 * Returns: 0 on success, -1 on failure
1953 * This function uses SIOCSIWENCODEEXT by default, but tries to use
1954 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key.
1956 int wpa_driver_wext_set_key(void *priv, wpa_alg alg,
1957 const u8 *addr, int key_idx,
1958 int set_tx, const u8 *seq, size_t seq_len,
1959 const u8 *key, size_t key_len)
1961 struct wpa_driver_wext_data *drv = priv;
1965 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu "
1967 __FUNCTION__, alg, key_idx, set_tx,
1968 (unsigned long) seq_len, (unsigned long) key_len);
1970 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx,
1971 seq, seq_len, key, key_len);
1976 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) {
1977 wpa_printf(MSG_DEBUG, "Driver did not support "
1978 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE");
1981 wpa_printf(MSG_DEBUG, "Driver did not support "
1982 "SIOCSIWENCODEEXT");
1986 os_memset(&iwr, 0, sizeof(iwr));
1987 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1988 iwr.u.encoding.flags = key_idx + 1;
1989 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1990 if (alg == WPA_ALG_NONE)
1991 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1992 iwr.u.encoding.pointer = (caddr_t) key;
1993 iwr.u.encoding.length = key_len;
1995 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1996 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWENCODE]");
2000 if (set_tx && alg != WPA_ALG_NONE) {
2001 os_memset(&iwr, 0, sizeof(iwr));
2002 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2003 iwr.u.encoding.flags = key_idx + 1;
2004 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
2005 iwr.u.encoding.pointer = (caddr_t) NULL;
2006 iwr.u.encoding.length = 0;
2007 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
2008 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWENCODE] (set_tx)");
2017 static int wpa_driver_wext_set_countermeasures(void *priv,
2020 struct wpa_driver_wext_data *drv = priv;
2021 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2022 return wpa_driver_wext_set_auth_param(drv,
2023 IW_AUTH_TKIP_COUNTERMEASURES,
2028 static int wpa_driver_wext_set_drop_unencrypted(void *priv,
2031 struct wpa_driver_wext_data *drv = priv;
2032 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2033 drv->use_crypt = enabled;
2034 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
2039 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv,
2040 const u8 *addr, int cmd, int reason_code)
2043 struct iw_mlme mlme;
2046 os_memset(&iwr, 0, sizeof(iwr));
2047 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2048 os_memset(&mlme, 0, sizeof(mlme));
2050 mlme.reason_code = reason_code;
2051 mlme.addr.sa_family = ARPHRD_ETHER;
2052 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
2053 iwr.u.data.pointer = (caddr_t) &mlme;
2054 iwr.u.data.length = sizeof(mlme);
2056 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
2057 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWMLME]");
2065 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv)
2068 const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
2075 * Only force-disconnect when the card is in infrastructure mode,
2076 * otherwise the driver might interpret the cleared BSSID and random
2077 * SSID as an attempt to create a new ad-hoc network.
2079 os_memset(&iwr, 0, sizeof(iwr));
2080 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2081 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
2082 wpa_printf(MSG_ERROR, "ioctl[SIOCGIWMODE]");
2083 iwr.u.mode = IW_MODE_INFRA;
2086 if (iwr.u.mode == IW_MODE_INFRA) {
2088 * Clear the BSSID selection and set a random SSID to make sure
2089 * the driver will not be trying to associate with something
2090 * even if it does not understand SIOCSIWMLME commands (or
2091 * tries to associate automatically after deauth/disassoc).
2093 wpa_driver_wext_set_bssid(drv, null_bssid);
2095 for (i = 0; i < 32; i++)
2096 ssid[i] = rand() & 0xFF;
2097 wpa_driver_wext_set_ssid(drv, ssid, 32);
2103 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr,
2106 struct wpa_driver_wext_data *drv = priv;
2108 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2109 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
2110 wpa_driver_wext_disconnect(drv);
2115 static int wpa_driver_wext_disassociate(void *priv, const u8 *addr,
2118 struct wpa_driver_wext_data *drv = priv;
2120 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2121 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC, reason_code);
2122 wpa_driver_wext_disconnect(drv);
2127 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
2130 struct wpa_driver_wext_data *drv = priv;
2134 os_memset(&iwr, 0, sizeof(iwr));
2135 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2136 iwr.u.data.pointer = (caddr_t) ie;
2137 iwr.u.data.length = ie_len;
2139 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
2140 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWGENIE]");
2148 int wpa_driver_wext_cipher2wext(int cipher)
2152 return IW_AUTH_CIPHER_NONE;
2154 return IW_AUTH_CIPHER_WEP40;
2156 return IW_AUTH_CIPHER_TKIP;
2158 return IW_AUTH_CIPHER_CCMP;
2160 return IW_AUTH_CIPHER_WEP104;
2167 int wpa_driver_wext_keymgmt2wext(int keymgmt)
2170 case KEY_MGMT_802_1X:
2171 case KEY_MGMT_802_1X_NO_WPA:
2172 return IW_AUTH_KEY_MGMT_802_1X;
2174 return IW_AUTH_KEY_MGMT_PSK;
2182 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv,
2183 struct wpa_driver_associate_params *params)
2188 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
2189 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
2191 os_memset(&iwr, 0, sizeof(iwr));
2192 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2193 /* Just changing mode, not actual keys */
2194 iwr.u.encoding.flags = 0;
2195 iwr.u.encoding.pointer = (caddr_t) NULL;
2196 iwr.u.encoding.length = 0;
2199 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
2200 * different things. Here they are used to indicate Open System vs.
2201 * Shared Key authentication algorithm. However, some drivers may use
2202 * them to select between open/restricted WEP encrypted (open = allow
2203 * both unencrypted and encrypted frames; restricted = only allow
2204 * encrypted frames).
2207 if (!drv->use_crypt) {
2208 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
2210 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
2211 iwr.u.encoding.flags |= IW_ENCODE_OPEN;
2212 if (params->auth_alg & AUTH_ALG_SHARED_KEY)
2213 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
2216 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
2217 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWENCODE]");
2225 int wpa_driver_wext_associate(void *priv,
2226 struct wpa_driver_associate_params *params)
2228 struct wpa_driver_wext_data *drv = priv;
2230 int allow_unencrypted_eapol;
2233 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2236 drv->skip_disconnect = 0;
2239 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0) {
2240 if (!(flags & IFF_UP)) {
2241 wpa_driver_wext_set_ifflags(drv, flags | IFF_UP);
2246 * If the driver did not support SIOCSIWAUTH, fallback to
2247 * SIOCSIWENCODE here.
2249 if (drv->auth_alg_fallback &&
2250 wpa_driver_wext_auth_alg_fallback(drv, params) < 0)
2253 if (!params->bssid &&
2254 wpa_driver_wext_set_bssid(drv, NULL) < 0)
2257 /* TODO: should consider getting wpa version and cipher/key_mgmt suites
2258 * from configuration, not from here, where only the selected suite is
2260 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
2263 if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
2264 value = IW_AUTH_WPA_VERSION_DISABLED;
2265 else if (params->wpa_ie[0] == WLAN_EID_RSN)
2266 value = IW_AUTH_WPA_VERSION_WPA2;
2268 value = IW_AUTH_WPA_VERSION_WPA;
2269 if (wpa_driver_wext_set_auth_param(drv,
2270 IW_AUTH_WPA_VERSION, value) < 0)
2272 value = wpa_driver_wext_cipher2wext(params->pairwise_suite);
2273 if (wpa_driver_wext_set_auth_param(drv,
2274 IW_AUTH_CIPHER_PAIRWISE, value) < 0)
2276 value = wpa_driver_wext_cipher2wext(params->group_suite);
2277 if (wpa_driver_wext_set_auth_param(drv,
2278 IW_AUTH_CIPHER_GROUP, value) < 0)
2280 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite);
2281 if (wpa_driver_wext_set_auth_param(drv,
2282 IW_AUTH_KEY_MGMT, value) < 0)
2284 value = params->key_mgmt_suite != KEY_MGMT_NONE ||
2285 params->pairwise_suite != CIPHER_NONE ||
2286 params->group_suite != CIPHER_NONE ||
2288 if (wpa_driver_wext_set_auth_param(drv,
2289 IW_AUTH_PRIVACY_INVOKED, value) < 0)
2292 /* Allow unencrypted EAPOL messages even if pairwise keys are set when
2293 * not using WPA. IEEE 802.1X specifies that these frames are not
2294 * encrypted, but WPA encrypts them when pairwise keys are in use. */
2295 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
2296 params->key_mgmt_suite == KEY_MGMT_PSK)
2297 allow_unencrypted_eapol = 0;
2299 allow_unencrypted_eapol = 1;
2301 if (wpa_driver_wext_set_psk(drv, params->psk) < 0)
2303 if (wpa_driver_wext_set_auth_param(drv,
2304 IW_AUTH_RX_UNENCRYPTED_EAPOL,
2305 allow_unencrypted_eapol) < 0)
2307 #ifdef CONFIG_IEEE80211W
2308 switch (params->mgmt_frame_protection) {
2309 case NO_MGMT_FRAME_PROTECTION:
2310 value = IW_AUTH_MFP_DISABLED;
2312 case MGMT_FRAME_PROTECTION_OPTIONAL:
2313 value = IW_AUTH_MFP_OPTIONAL;
2315 case MGMT_FRAME_PROTECTION_REQUIRED:
2316 value = IW_AUTH_MFP_REQUIRED;
2319 if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0)
2321 #endif /* CONFIG_IEEE80211W */
2322 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0)
2324 if (wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2326 if (params->bssid &&
2327 wpa_driver_wext_set_bssid(drv, params->bssid) < 0)
2334 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
2336 struct wpa_driver_wext_data *drv = priv;
2339 if (auth_alg & AUTH_ALG_OPEN_SYSTEM)
2340 algs |= IW_AUTH_ALG_OPEN_SYSTEM;
2341 if (auth_alg & AUTH_ALG_SHARED_KEY)
2342 algs |= IW_AUTH_ALG_SHARED_KEY;
2343 if (auth_alg & AUTH_ALG_LEAP)
2344 algs |= IW_AUTH_ALG_LEAP;
2346 /* at least one algorithm should be set */
2347 algs = IW_AUTH_ALG_OPEN_SYSTEM;
2350 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
2352 drv->auth_alg_fallback = res == -2;
2358 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
2359 * @priv: Pointer to private wext data from wpa_driver_wext_init()
2360 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2361 * Returns: 0 on success, -1 on failure
2363 int wpa_driver_wext_set_mode(void *priv, int mode)
2365 struct wpa_driver_wext_data *drv = priv;
2367 int ret = -1, flags;
2368 unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA;
2370 os_memset(&iwr, 0, sizeof(iwr));
2371 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2372 iwr.u.mode = new_mode;
2373 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) {
2378 if (errno != EBUSY) {
2379 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWMODE]");
2383 /* mac80211 doesn't allow mode changes while the device is up, so if
2384 * the device isn't in the mode we're about to change to, take device
2385 * down, try to set the mode again, and bring it back up.
2387 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
2388 wpa_printf(MSG_ERROR, "ioctl[SIOCGIWMODE]");
2392 if (iwr.u.mode == new_mode) {
2397 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0) {
2398 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
2400 /* Try to set the mode again while the interface is down */
2401 iwr.u.mode = new_mode;
2402 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0)
2403 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWMODE]");
2407 /* Ignore return value of get_ifflags to ensure that the device
2408 * is always up like it was before this function was called.
2410 (void) wpa_driver_wext_get_ifflags(drv, &flags);
2411 (void) wpa_driver_wext_set_ifflags(drv, flags | IFF_UP);
2419 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv,
2420 u32 cmd, const u8 *bssid, const u8 *pmkid)
2423 struct iw_pmksa pmksa;
2426 os_memset(&iwr, 0, sizeof(iwr));
2427 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2428 os_memset(&pmksa, 0, sizeof(pmksa));
2430 pmksa.bssid.sa_family = ARPHRD_ETHER;
2432 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2434 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2435 iwr.u.data.pointer = (caddr_t) &pmksa;
2436 iwr.u.data.length = sizeof(pmksa);
2438 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2439 if (errno != EOPNOTSUPP)
2440 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPMKSA]");
2448 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid,
2451 struct wpa_driver_wext_data *drv = priv;
2452 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
2456 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid,
2459 struct wpa_driver_wext_data *drv = priv;
2460 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
2464 static int wpa_driver_wext_flush_pmkid(void *priv)
2466 struct wpa_driver_wext_data *drv = priv;
2467 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2471 int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa)
2473 struct wpa_driver_wext_data *drv = priv;
2474 if (!drv->has_capability)
2476 os_memcpy(capa, &drv->capa, sizeof(*capa));
2481 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
2484 if (ifname == NULL) {
2489 drv->ifindex2 = if_nametoindex(ifname);
2490 if (drv->ifindex2 <= 0)
2493 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for "
2494 "wireless events", drv->ifindex2, ifname);
2500 int wpa_driver_wext_set_operstate(void *priv, int state)
2502 struct wpa_driver_wext_data *drv = priv;
2504 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2505 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2506 drv->operstate = state;
2507 return wpa_driver_wext_send_oper_ifla(
2508 drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT);
2512 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv)
2514 return drv->we_version_compiled;
2519 static int wpa_driver_wext_set_cscan_params(char *buf, size_t buf_len, char *cmd)
2523 u16 pasv_dwell = WEXT_CSCAN_PASV_DWELL_TIME_DEF;
2526 wpa_printf(MSG_DEBUG, "%s: %s", __func__, cmd);
2528 /* Get command parameters */
2529 pasv_ptr = os_strstr(cmd, ",TIME=");
2533 pasv_dwell = (u16)atoi(pasv_ptr);
2534 if (pasv_dwell == 0)
2535 pasv_dwell = WEXT_CSCAN_PASV_DWELL_TIME_DEF;
2537 channel = (u8)atoi(cmd + 5);
2539 bp = WEXT_CSCAN_HEADER_SIZE;
2540 os_memcpy(buf, WEXT_CSCAN_HEADER, bp);
2542 /* Set list of channels */
2543 buf[bp++] = WEXT_CSCAN_CHANNEL_SECTION;
2544 buf[bp++] = channel;
2546 i = (pasv_dwell - 1) / WEXT_CSCAN_PASV_DWELL_TIME_DEF;
2547 for (; i > 0; i--) {
2548 if ((size_t)(bp + 12) >= buf_len)
2550 buf[bp++] = WEXT_CSCAN_CHANNEL_SECTION;
2551 buf[bp++] = channel;
2554 if (pasv_dwell > WEXT_CSCAN_PASV_DWELL_TIME_MAX)
2555 pasv_dwell = WEXT_CSCAN_PASV_DWELL_TIME_MAX;
2558 /* Set passive dwell time (default is 250) */
2559 buf[bp++] = WEXT_CSCAN_PASV_DWELL_SECTION;
2561 buf[bp++] = (u8)WEXT_CSCAN_PASV_DWELL_TIME_DEF;
2562 buf[bp++] = (u8)(WEXT_CSCAN_PASV_DWELL_TIME_DEF >> 8);
2564 buf[bp++] = (u8)pasv_dwell;
2565 buf[bp++] = (u8)(pasv_dwell >> 8);
2568 /* Set home dwell time (default is 40) */
2569 buf[bp++] = WEXT_CSCAN_HOME_DWELL_SECTION;
2570 buf[bp++] = (u8)WEXT_CSCAN_HOME_DWELL_TIME;
2571 buf[bp++] = (u8)(WEXT_CSCAN_HOME_DWELL_TIME >> 8);
2573 /* Set cscan type */
2574 buf[bp++] = WEXT_CSCAN_TYPE_SECTION;
2575 buf[bp++] = WEXT_CSCAN_TYPE_PASSIVE;
2579 static char *wpa_driver_get_country_code(int channels)
2581 char *country = "US"; /* WEXT_NUMBER_SCAN_CHANNELS_FCC */
2583 if (channels == WEXT_NUMBER_SCAN_CHANNELS_ETSI)
2585 else if( channels == WEXT_NUMBER_SCAN_CHANNELS_MKK1)
2590 static int wpa_driver_priv_driver_cmd( void *priv, char *cmd, char *buf, size_t buf_len )
2592 struct wpa_driver_wext_data *drv = priv;
2593 struct wpa_supplicant *wpa_s = (struct wpa_supplicant *)(drv->ctx);
2597 wpa_printf(MSG_DEBUG, "%s %s len = %d", __func__, cmd, buf_len);
2599 if (!drv->driver_is_started && (os_strcasecmp(cmd, "START") != 0)) {
2600 wpa_printf(MSG_ERROR,"WEXT: Driver not initialized yet");
2604 if (os_strcasecmp(cmd, "RSSI-APPROX") == 0) {
2605 os_strncpy(cmd, "RSSI", MAX_DRV_CMD_SIZE);
2606 } else if( os_strncasecmp(cmd, "SCAN-CHANNELS", 13) == 0 ) {
2609 no_of_chan = atoi(cmd + 13);
2610 os_snprintf(cmd, MAX_DRV_CMD_SIZE, "COUNTRY %s",
2611 wpa_driver_get_country_code(no_of_chan));
2612 } else if (os_strcasecmp(cmd, "STOP") == 0) {
2613 if ((wpa_driver_wext_get_ifflags(drv, &flags) == 0) &&
2615 wpa_printf(MSG_ERROR, "WEXT: %s when iface is UP", cmd);
2616 wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
2618 } else if( os_strcasecmp(cmd, "RELOAD") == 0 ) {
2619 wpa_printf(MSG_DEBUG,"Reload command");
2620 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED");
2624 os_memset(&iwr, 0, sizeof(iwr));
2625 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2626 os_memcpy(buf, cmd, strlen(cmd) + 1);
2627 iwr.u.data.pointer = buf;
2628 iwr.u.data.length = buf_len;
2630 if( os_strncasecmp(cmd, "CSCAN", 5) == 0 ) {
2631 if (!wpa_s->scanning && ((wpa_s->wpa_state <= WPA_SCANNING) ||
2632 (wpa_s->wpa_state >= WPA_COMPLETED))) {
2633 iwr.u.data.length = wpa_driver_wext_set_cscan_params(buf, buf_len, cmd);
2635 wpa_printf(MSG_ERROR, "Ongoing Scan action...");
2640 ret = ioctl(drv->ioctl_sock, SIOCSIWPRIV, &iwr);
2643 wpa_printf(MSG_ERROR, "%s failed (%d): %s", __func__, ret, cmd);
2645 if (drv->errors > WEXT_NUMBER_SEQUENTIAL_ERRORS) {
2647 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED");
2652 if ((os_strcasecmp(cmd, "RSSI") == 0) ||
2653 (os_strcasecmp(cmd, "LINKSPEED") == 0) ||
2654 (os_strcasecmp(cmd, "MACADDR") == 0) ||
2655 (os_strcasecmp(cmd, "GETPOWER") == 0) ||
2656 (os_strcasecmp(cmd, "GETBAND") == 0)) {
2658 } else if (os_strcasecmp(cmd, "START") == 0) {
2659 drv->driver_is_started = TRUE;
2660 /* os_sleep(0, WPA_DRIVER_WEXT_WAIT_US);
2661 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STARTED"); */
2662 } else if (os_strcasecmp(cmd, "STOP") == 0) {
2663 drv->driver_is_started = FALSE;
2664 /* wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STOPPED"); */
2665 } else if (os_strncasecmp(cmd, "CSCAN", 5) == 0) {
2666 wpa_driver_wext_set_scan_timeout(priv);
2667 wpa_supplicant_notify_scanning(wpa_s, 1);
2669 wpa_printf(MSG_DEBUG, "%s %s len = %d, %d", __func__, buf, ret, strlen(buf));
2676 const struct wpa_driver_ops wpa_driver_wext_ops = {
2678 .desc = "Linux wireless extensions (generic)",
2679 .get_bssid = wpa_driver_wext_get_bssid,
2680 .get_ssid = wpa_driver_wext_get_ssid,
2681 .set_wpa = wpa_driver_wext_set_wpa,
2682 .set_key = wpa_driver_wext_set_key,
2683 .set_countermeasures = wpa_driver_wext_set_countermeasures,
2684 .set_drop_unencrypted = wpa_driver_wext_set_drop_unencrypted,
2685 .scan = wpa_driver_wext_scan,
2686 .combo_scan = wpa_driver_wext_combo_scan,
2687 .get_scan_results2 = wpa_driver_wext_get_scan_results,
2688 .deauthenticate = wpa_driver_wext_deauthenticate,
2689 .disassociate = wpa_driver_wext_disassociate,
2690 .set_mode = wpa_driver_wext_set_mode,
2691 .associate = wpa_driver_wext_associate,
2692 .set_auth_alg = wpa_driver_wext_set_auth_alg,
2693 .init = wpa_driver_wext_init,
2694 .deinit = wpa_driver_wext_deinit,
2695 .add_pmkid = wpa_driver_wext_add_pmkid,
2696 .remove_pmkid = wpa_driver_wext_remove_pmkid,
2697 .flush_pmkid = wpa_driver_wext_flush_pmkid,
2698 .get_capa = wpa_driver_wext_get_capa,
2699 .set_operstate = wpa_driver_wext_set_operstate,
2701 .driver_cmd = wpa_driver_priv_driver_cmd,