2 * WPA Supplicant - driver interaction with generic Linux Wireless Extensions
3 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
14 * This file implements a driver interface for the Linux Wireless Extensions.
15 * When used with WE-18 or newer, this interface can be used as-is with number
16 * of drivers. In addition to this, some of the common functions in this file
17 * can be used by other driver interface implementations that use generic WE
18 * ioctls, but require private ioctls for some of the functionality.
22 #include <sys/ioctl.h>
23 #include <net/if_arp.h>
25 #include "wireless_copy.h"
28 #include "l2_packet.h"
30 #include "wpa_supplicant.h"
31 #include "priv_netlink.h"
32 #include "driver_wext.h"
35 #ifdef CONFIG_CLIENT_MLME
36 #include <netpacket/packet.h>
37 #include <hostapd_ioctl.h>
38 #include <ieee80211_common.h>
39 /* from net/mac80211.h */
41 MODE_IEEE80211A = 0 /* IEEE 802.11a */,
42 MODE_IEEE80211B = 1 /* IEEE 802.11b only */,
43 MODE_ATHEROS_TURBO = 2 /* Atheros Turbo mode (2x.11a at 5 GHz) */,
44 MODE_IEEE80211G = 3 /* IEEE 802.11g (and 802.11b compatibility) */,
45 MODE_ATHEROS_TURBOG = 4 /* Atheros Turbo mode (2x.11g at 2.4 GHz) */,
46 NUM_IEEE80211_MODES = 5
52 #define ETH_P_ALL 0x0003
54 #endif /* CONFIG_CLIENT_MLME */
57 struct wpa_driver_wext_data {
62 char ifname[IFNAMSIZ + 1];
67 size_t assoc_req_ies_len;
69 size_t assoc_resp_ies_len;
70 struct wpa_driver_capa capa;
72 int we_version_compiled;
74 /* for set_auth_alg fallback */
76 int auth_alg_fallback;
80 char mlmedev[IFNAMSIZ + 1];
82 int scan_complete_events;
86 static int wpa_driver_wext_flush_pmkid(void *priv);
87 static int wpa_driver_wext_get_range(void *priv);
88 static void wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv);
91 static int wpa_driver_wext_send_oper_ifla(struct wpa_driver_wext_data *drv,
92 int linkmode, int operstate)
96 struct ifinfomsg ifinfo;
103 req.hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
104 req.hdr.nlmsg_type = RTM_SETLINK;
105 req.hdr.nlmsg_flags = NLM_F_REQUEST;
106 req.hdr.nlmsg_seq = ++nl_seq;
107 req.hdr.nlmsg_pid = 0;
109 req.ifinfo.ifi_family = AF_UNSPEC;
110 req.ifinfo.ifi_type = 0;
111 req.ifinfo.ifi_index = drv->ifindex;
112 req.ifinfo.ifi_flags = 0;
113 req.ifinfo.ifi_change = 0;
115 if (linkmode != -1) {
116 rta = (struct rtattr *)
117 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
118 rta->rta_type = IFLA_LINKMODE;
119 rta->rta_len = RTA_LENGTH(sizeof(char));
120 *((char *) RTA_DATA(rta)) = linkmode;
121 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
122 RTA_LENGTH(sizeof(char));
124 if (operstate != -1) {
125 rta = (struct rtattr *)
126 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
127 rta->rta_type = IFLA_OPERSTATE;
128 rta->rta_len = RTA_LENGTH(sizeof(char));
129 *((char *) RTA_DATA(rta)) = operstate;
130 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
131 RTA_LENGTH(sizeof(char));
134 wpa_printf(MSG_DEBUG, "WEXT: Operstate: linkmode=%d, operstate=%d",
135 linkmode, operstate);
137 ret = send(drv->event_sock, &req, req.hdr.nlmsg_len, 0);
139 wpa_printf(MSG_DEBUG, "WEXT: Sending operstate IFLA failed: "
140 "%s (assume operstate is not supported)",
144 return ret < 0 ? -1 : 0;
148 static int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv,
154 os_memset(&iwr, 0, sizeof(iwr));
155 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
156 iwr.u.param.flags = idx & IW_AUTH_INDEX;
157 iwr.u.param.value = value;
159 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
160 if (errno != EOPNOTSUPP) {
161 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
162 "value 0x%x) failed: %s)",
163 idx, value, strerror(errno));
165 ret = errno == EOPNOTSUPP ? -2 : -1;
173 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP
174 * @priv: Pointer to private wext data from wpa_driver_wext_init()
175 * @bssid: Buffer for BSSID
176 * Returns: 0 on success, -1 on failure
178 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid)
180 struct wpa_driver_wext_data *drv = priv;
184 os_memset(&iwr, 0, sizeof(iwr));
185 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
187 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
188 perror("ioctl[SIOCGIWAP]");
191 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
198 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP
199 * @priv: Pointer to private wext data from wpa_driver_wext_init()
201 * Returns: 0 on success, -1 on failure
203 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid)
205 struct wpa_driver_wext_data *drv = priv;
209 os_memset(&iwr, 0, sizeof(iwr));
210 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
211 iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
213 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
215 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
217 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
218 perror("ioctl[SIOCSIWAP]");
227 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID
228 * @priv: Pointer to private wext data from wpa_driver_wext_init()
229 * @ssid: Buffer for the SSID; must be at least 32 bytes long
230 * Returns: SSID length on success, -1 on failure
232 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid)
234 struct wpa_driver_wext_data *drv = priv;
238 os_memset(&iwr, 0, sizeof(iwr));
239 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
240 iwr.u.essid.pointer = (caddr_t) ssid;
241 iwr.u.essid.length = 32;
243 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
244 perror("ioctl[SIOCGIWESSID]");
247 ret = iwr.u.essid.length;
250 /* Some drivers include nul termination in the SSID, so let's
251 * remove it here before further processing. WE-21 changes this
252 * to explicitly require the length _not_ to include nul
254 if (ret > 0 && ssid[ret - 1] == '\0' &&
255 drv->we_version_compiled < 21)
264 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID
265 * @priv: Pointer to private wext data from wpa_driver_wext_init()
267 * @ssid_len: Length of SSID (0..32)
268 * Returns: 0 on success, -1 on failure
270 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
272 struct wpa_driver_wext_data *drv = priv;
280 os_memset(&iwr, 0, sizeof(iwr));
281 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
282 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */
283 iwr.u.essid.flags = (ssid_len != 0);
284 os_memset(buf, 0, sizeof(buf));
285 os_memcpy(buf, ssid, ssid_len);
286 iwr.u.essid.pointer = (caddr_t) buf;
287 if (drv->we_version_compiled < 21) {
288 /* For historic reasons, set SSID length to include one extra
289 * character, C string nul termination, even though SSID is
290 * really an octet string that should not be presented as a C
291 * string. Some Linux drivers decrement the length by one and
292 * can thus end up missing the last octet of the SSID if the
293 * length is not incremented here. WE-21 changes this to
294 * explicitly require the length _not_ to include nul
299 iwr.u.essid.length = ssid_len;
301 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
302 perror("ioctl[SIOCSIWESSID]");
311 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ
312 * @priv: Pointer to private wext data from wpa_driver_wext_init()
313 * @freq: Frequency in MHz
314 * Returns: 0 on success, -1 on failure
316 int wpa_driver_wext_set_freq(void *priv, int freq)
318 struct wpa_driver_wext_data *drv = priv;
322 os_memset(&iwr, 0, sizeof(iwr));
323 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
324 iwr.u.freq.m = freq * 100000;
327 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
328 perror("ioctl[SIOCSIWFREQ]");
337 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
339 union wpa_event_data data;
341 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
344 os_memset(&data, 0, sizeof(data));
346 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
347 data.michael_mic_failure.unicast =
348 os_strstr(custom, " unicast ") != NULL;
349 /* TODO: parse parameters(?) */
350 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
351 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
357 bytes = strspn(spos, "0123456789abcdefABCDEF");
358 if (!bytes || (bytes & 1))
362 data.assoc_info.req_ies = os_malloc(bytes);
363 if (data.assoc_info.req_ies == NULL)
366 data.assoc_info.req_ies_len = bytes;
367 hexstr2bin(spos, data.assoc_info.req_ies, bytes);
371 data.assoc_info.resp_ies = NULL;
372 data.assoc_info.resp_ies_len = 0;
374 if (os_strncmp(spos, " RespIEs=", 9) == 0) {
377 bytes = strspn(spos, "0123456789abcdefABCDEF");
378 if (!bytes || (bytes & 1))
382 data.assoc_info.resp_ies = os_malloc(bytes);
383 if (data.assoc_info.resp_ies == NULL)
386 data.assoc_info.resp_ies_len = bytes;
387 hexstr2bin(spos, data.assoc_info.resp_ies, bytes);
390 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
393 os_free(data.assoc_info.resp_ies);
394 os_free(data.assoc_info.req_ies);
395 #ifdef CONFIG_PEERKEY
396 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
397 if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
398 wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
399 "STKSTART.request '%s'", custom + 17);
402 wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
403 #endif /* CONFIG_PEERKEY */
408 static int wpa_driver_wext_event_wireless_michaelmicfailure(
409 void *ctx, const char *ev, size_t len)
411 const struct iw_michaelmicfailure *mic;
412 union wpa_event_data data;
414 if (len < sizeof(*mic))
417 mic = (const struct iw_michaelmicfailure *) ev;
419 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
420 "flags=0x%x src_addr=" MACSTR, mic->flags,
421 MAC2STR(mic->src_addr.sa_data));
423 os_memset(&data, 0, sizeof(data));
424 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
425 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
431 static int wpa_driver_wext_event_wireless_pmkidcand(
432 struct wpa_driver_wext_data *drv, const char *ev, size_t len)
434 const struct iw_pmkid_cand *cand;
435 union wpa_event_data data;
438 if (len < sizeof(*cand))
441 cand = (const struct iw_pmkid_cand *) ev;
442 addr = (const u8 *) cand->bssid.sa_data;
444 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
445 "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
446 cand->index, MAC2STR(addr));
448 os_memset(&data, 0, sizeof(data));
449 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
450 data.pmkid_candidate.index = cand->index;
451 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
452 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
458 static int wpa_driver_wext_event_wireless_assocreqie(
459 struct wpa_driver_wext_data *drv, const char *ev, int len)
464 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
466 os_free(drv->assoc_req_ies);
467 drv->assoc_req_ies = os_malloc(len);
468 if (drv->assoc_req_ies == NULL) {
469 drv->assoc_req_ies_len = 0;
472 os_memcpy(drv->assoc_req_ies, ev, len);
473 drv->assoc_req_ies_len = len;
479 static int wpa_driver_wext_event_wireless_assocrespie(
480 struct wpa_driver_wext_data *drv, const char *ev, int len)
485 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
487 os_free(drv->assoc_resp_ies);
488 drv->assoc_resp_ies = os_malloc(len);
489 if (drv->assoc_resp_ies == NULL) {
490 drv->assoc_resp_ies_len = 0;
493 os_memcpy(drv->assoc_resp_ies, ev, len);
494 drv->assoc_resp_ies_len = len;
500 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv)
502 union wpa_event_data data;
504 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
507 os_memset(&data, 0, sizeof(data));
508 if (drv->assoc_req_ies) {
509 data.assoc_info.req_ies = drv->assoc_req_ies;
510 drv->assoc_req_ies = NULL;
511 data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
513 if (drv->assoc_resp_ies) {
514 data.assoc_info.resp_ies = drv->assoc_resp_ies;
515 drv->assoc_resp_ies = NULL;
516 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
519 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
521 os_free(data.assoc_info.req_ies);
522 os_free(data.assoc_info.resp_ies);
526 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
527 void *ctx, char *data, int len)
529 struct iw_event iwe_buf, *iwe = &iwe_buf;
530 char *pos, *end, *custom, *buf;
535 while (pos + IW_EV_LCP_LEN <= end) {
536 /* Event data may be unaligned, so make a local, aligned copy
537 * before processing. */
538 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
539 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
541 if (iwe->len <= IW_EV_LCP_LEN)
544 custom = pos + IW_EV_POINT_LEN;
545 if (drv->we_version_compiled > 18 &&
546 (iwe->cmd == IWEVMICHAELMICFAILURE ||
547 iwe->cmd == IWEVCUSTOM ||
548 iwe->cmd == IWEVASSOCREQIE ||
549 iwe->cmd == IWEVASSOCRESPIE ||
550 iwe->cmd == IWEVPMKIDCAND)) {
551 /* WE-19 removed the pointer from struct iw_point */
552 char *dpos = (char *) &iwe_buf.u.data.length;
553 int dlen = dpos - (char *) &iwe_buf;
554 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
555 sizeof(struct iw_event) - dlen);
557 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
558 custom += IW_EV_POINT_OFF;
563 wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
565 MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
566 if (os_memcmp(iwe->u.ap_addr.sa_data,
567 "\x00\x00\x00\x00\x00\x00", ETH_ALEN) ==
569 os_memcmp(iwe->u.ap_addr.sa_data,
570 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
572 os_free(drv->assoc_req_ies);
573 drv->assoc_req_ies = NULL;
574 os_free(drv->assoc_resp_ies);
575 drv->assoc_resp_ies = NULL;
576 wpa_supplicant_event(ctx, EVENT_DISASSOC,
580 wpa_driver_wext_event_assoc_ies(drv);
581 wpa_supplicant_event(ctx, EVENT_ASSOC, NULL);
584 case IWEVMICHAELMICFAILURE:
585 if (custom + iwe->u.data.length > end) {
586 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
587 "IWEVMICHAELMICFAILURE length");
590 wpa_driver_wext_event_wireless_michaelmicfailure(
591 ctx, custom, iwe->u.data.length);
594 if (custom + iwe->u.data.length > end) {
595 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
596 "IWEVCUSTOM length");
599 buf = os_malloc(iwe->u.data.length + 1);
602 os_memcpy(buf, custom, iwe->u.data.length);
603 buf[iwe->u.data.length] = '\0';
604 wpa_driver_wext_event_wireless_custom(ctx, buf);
608 drv->scan_complete_events = 1;
609 eloop_cancel_timeout(wpa_driver_wext_scan_timeout,
611 wpa_supplicant_event(ctx, EVENT_SCAN_RESULTS, NULL);
614 if (custom + iwe->u.data.length > end) {
615 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
616 "IWEVASSOCREQIE length");
619 wpa_driver_wext_event_wireless_assocreqie(
620 drv, custom, iwe->u.data.length);
622 case IWEVASSOCRESPIE:
623 if (custom + iwe->u.data.length > end) {
624 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
625 "IWEVASSOCRESPIE length");
628 wpa_driver_wext_event_wireless_assocrespie(
629 drv, custom, iwe->u.data.length);
632 if (custom + iwe->u.data.length > end) {
633 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
634 "IWEVPMKIDCAND length");
637 wpa_driver_wext_event_wireless_pmkidcand(
638 drv, custom, iwe->u.data.length);
647 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv,
648 void *ctx, char *buf, size_t len,
651 union wpa_event_data event;
653 os_memset(&event, 0, sizeof(event));
654 if (len > sizeof(event.interface_status.ifname))
655 len = sizeof(event.interface_status.ifname) - 1;
656 os_memcpy(event.interface_status.ifname, buf, len);
657 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
658 EVENT_INTERFACE_ADDED;
660 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
662 event.interface_status.ifname,
663 del ? "removed" : "added");
665 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
672 wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event);
676 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv,
679 struct ifinfomsg *ifi;
680 int attrlen, nlmsg_len, rta_len;
685 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
687 attrlen = h->nlmsg_len - nlmsg_len;
691 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
693 rta_len = RTA_ALIGN(sizeof(struct rtattr));
694 while (RTA_OK(attr, attrlen)) {
695 if (attr->rta_type == IFLA_IFNAME) {
696 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
702 attr = RTA_NEXT(attr, attrlen);
709 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv,
710 int ifindex, struct nlmsghdr *h)
712 if (drv->ifindex == ifindex || drv->ifindex2 == ifindex)
715 if (drv->if_removed && wpa_driver_wext_own_ifname(drv, h)) {
716 drv->ifindex = if_nametoindex(drv->ifname);
717 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed "
719 wpa_driver_wext_finish_drv_init(drv);
727 static void wpa_driver_wext_event_rtm_newlink(struct wpa_driver_wext_data *drv,
728 void *ctx, struct nlmsghdr *h,
731 struct ifinfomsg *ifi;
732 int attrlen, nlmsg_len, rta_len;
733 struct rtattr * attr;
735 if (len < sizeof(*ifi))
740 if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, h)) {
741 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
746 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
748 drv->operstate, ifi->ifi_flags,
749 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
750 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
751 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
752 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
754 * Some drivers send the association event before the operup event--in
755 * this case, lifting operstate in wpa_driver_wext_set_operstate()
756 * fails. This will hit us when wpa_supplicant does not need to do
757 * IEEE 802.1X authentication
759 if (drv->operstate == 1 &&
760 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
761 !(ifi->ifi_flags & IFF_RUNNING))
762 wpa_driver_wext_send_oper_ifla(drv, -1, IF_OPER_UP);
764 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
766 attrlen = h->nlmsg_len - nlmsg_len;
770 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
772 rta_len = RTA_ALIGN(sizeof(struct rtattr));
773 while (RTA_OK(attr, attrlen)) {
774 if (attr->rta_type == IFLA_WIRELESS) {
775 wpa_driver_wext_event_wireless(
776 drv, ctx, ((char *) attr) + rta_len,
777 attr->rta_len - rta_len);
778 } else if (attr->rta_type == IFLA_IFNAME) {
779 wpa_driver_wext_event_link(drv, ctx,
780 ((char *) attr) + rta_len,
781 attr->rta_len - rta_len, 0);
783 attr = RTA_NEXT(attr, attrlen);
788 static void wpa_driver_wext_event_rtm_dellink(struct wpa_driver_wext_data *drv,
789 void *ctx, struct nlmsghdr *h,
792 struct ifinfomsg *ifi;
793 int attrlen, nlmsg_len, rta_len;
794 struct rtattr * attr;
796 if (len < sizeof(*ifi))
801 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
803 attrlen = h->nlmsg_len - nlmsg_len;
807 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
809 rta_len = RTA_ALIGN(sizeof(struct rtattr));
810 while (RTA_OK(attr, attrlen)) {
811 if (attr->rta_type == IFLA_IFNAME) {
812 wpa_driver_wext_event_link(drv, ctx,
813 ((char *) attr) + rta_len,
814 attr->rta_len - rta_len, 1);
816 attr = RTA_NEXT(attr, attrlen);
821 static void wpa_driver_wext_event_receive(int sock, void *eloop_ctx,
826 struct sockaddr_nl from;
832 fromlen = sizeof(from);
833 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
834 (struct sockaddr *) &from, &fromlen);
836 if (errno != EINTR && errno != EAGAIN)
837 perror("recvfrom(netlink)");
841 h = (struct nlmsghdr *) buf;
842 while (left >= (int) sizeof(*h)) {
846 plen = len - sizeof(*h);
847 if (len > left || plen < 0) {
848 wpa_printf(MSG_DEBUG, "Malformed netlink message: "
849 "len=%d left=%d plen=%d",
854 switch (h->nlmsg_type) {
856 wpa_driver_wext_event_rtm_newlink(eloop_ctx, sock_ctx,
860 wpa_driver_wext_event_rtm_dellink(eloop_ctx, sock_ctx,
865 len = NLMSG_ALIGN(len);
867 h = (struct nlmsghdr *) ((char *) h + len);
871 wpa_printf(MSG_DEBUG, "%d extra bytes in the end of netlink "
875 if (--max_events > 0) {
877 * Try to receive all events in one eloop call in order to
878 * limit race condition on cases where AssocInfo event, Assoc
879 * event, and EAPOL frames are received more or less at the
880 * same time. We want to process the event messages first
881 * before starting EAPOL processing.
888 static int wpa_driver_wext_get_ifflags_ifname(struct wpa_driver_wext_data *drv,
889 const char *ifname, int *flags)
893 os_memset(&ifr, 0, sizeof(ifr));
894 os_strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
895 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
896 perror("ioctl[SIOCGIFFLAGS]");
899 *flags = ifr.ifr_flags & 0xffff;
905 * wpa_driver_wext_get_ifflags - Get interface flags (SIOCGIFFLAGS)
906 * @drv: driver_wext private data
907 * @flags: Pointer to returned flags value
908 * Returns: 0 on success, -1 on failure
910 int wpa_driver_wext_get_ifflags(struct wpa_driver_wext_data *drv, int *flags)
912 return wpa_driver_wext_get_ifflags_ifname(drv, drv->ifname, flags);
916 static int wpa_driver_wext_set_ifflags_ifname(struct wpa_driver_wext_data *drv,
917 const char *ifname, int flags)
921 os_memset(&ifr, 0, sizeof(ifr));
922 os_strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
923 ifr.ifr_flags = flags & 0xffff;
924 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
925 perror("SIOCSIFFLAGS");
933 * wpa_driver_wext_set_ifflags - Set interface flags (SIOCSIFFLAGS)
934 * @drv: driver_wext private data
935 * @flags: New value for flags
936 * Returns: 0 on success, -1 on failure
938 int wpa_driver_wext_set_ifflags(struct wpa_driver_wext_data *drv, int flags)
940 return wpa_driver_wext_set_ifflags_ifname(drv, drv->ifname, flags);
945 * wpa_driver_wext_init - Initialize WE driver interface
946 * @ctx: context to be used when calling wpa_supplicant functions,
947 * e.g., wpa_supplicant_event()
948 * @ifname: interface name, e.g., wlan0
949 * Returns: Pointer to private data, %NULL on failure
951 void * wpa_driver_wext_init(void *ctx, const char *ifname)
954 struct sockaddr_nl local;
955 struct wpa_driver_wext_data *drv;
957 drv = os_zalloc(sizeof(*drv));
961 os_strncpy(drv->ifname, ifname, sizeof(drv->ifname));
963 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
964 if (drv->ioctl_sock < 0) {
965 perror("socket(PF_INET,SOCK_DGRAM)");
970 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
972 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
973 close(drv->ioctl_sock);
978 os_memset(&local, 0, sizeof(local));
979 local.nl_family = AF_NETLINK;
980 local.nl_groups = RTMGRP_LINK;
981 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
982 perror("bind(netlink)");
984 close(drv->ioctl_sock);
989 eloop_register_read_sock(s, wpa_driver_wext_event_receive, drv, ctx);
994 wpa_driver_wext_finish_drv_init(drv);
1000 static void wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv)
1005 * Make sure that the driver does not have any obsolete PMKID entries.
1007 wpa_driver_wext_flush_pmkid(drv);
1009 if (wpa_driver_wext_set_mode(drv, 0) < 0) {
1010 printf("Could not configure driver to use managed mode\n");
1013 if (wpa_driver_wext_get_ifflags(drv, &flags) != 0 ||
1014 wpa_driver_wext_set_ifflags(drv, flags | IFF_UP) != 0) {
1015 printf("Could not set interface '%s' UP\n", drv->ifname);
1018 wpa_driver_wext_get_range(drv);
1020 drv->ifindex = if_nametoindex(drv->ifname);
1022 if (os_strncmp(drv->ifname, "wlan", 4) == 0) {
1024 * Host AP driver may use both wlan# and wifi# interface in
1025 * wireless events. Since some of the versions included WE-18
1026 * support, let's add the alternative ifindex also from
1027 * driver_wext.c for the time being. This may be removed at
1028 * some point once it is believed that old versions of the
1029 * driver are not in use anymore.
1031 char ifname2[IFNAMSIZ + 1];
1032 os_strncpy(ifname2, drv->ifname, sizeof(ifname2));
1033 os_memcpy(ifname2, "wifi", 4);
1034 wpa_driver_wext_alternative_ifindex(drv, ifname2);
1037 wpa_driver_wext_send_oper_ifla(drv, 1, IF_OPER_DORMANT);
1042 * wpa_driver_wext_deinit - Deinitialize WE driver interface
1043 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1045 * Shut down driver interface and processing of driver events. Free
1046 * private data buffer if one was allocated in wpa_driver_wext_init().
1048 void wpa_driver_wext_deinit(void *priv)
1050 struct wpa_driver_wext_data *drv = priv;
1053 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1056 * Clear possibly configured driver parameters in order to make it
1057 * easier to use the driver after wpa_supplicant has been terminated.
1059 wpa_driver_wext_set_bssid(drv, (u8 *) "\x00\x00\x00\x00\x00\x00");
1061 wpa_driver_wext_send_oper_ifla(priv, 0, IF_OPER_UP);
1063 eloop_unregister_read_sock(drv->event_sock);
1064 if (drv->mlme_sock >= 0)
1065 eloop_unregister_read_sock(drv->mlme_sock);
1067 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0)
1068 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
1070 #ifdef CONFIG_CLIENT_MLME
1071 if (drv->mlmedev[0] &&
1072 wpa_driver_wext_get_ifflags_ifname(drv, drv->mlmedev, &flags) == 0)
1073 (void) wpa_driver_wext_set_ifflags_ifname(drv, drv->mlmedev,
1075 #endif /* CONFIG_CLIENT_MLME */
1077 close(drv->event_sock);
1078 close(drv->ioctl_sock);
1079 if (drv->mlme_sock >= 0)
1080 close(drv->mlme_sock);
1081 os_free(drv->assoc_req_ies);
1082 os_free(drv->assoc_resp_ies);
1088 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion
1089 * @eloop_ctx: Unused
1090 * @timeout_ctx: ctx argument given to wpa_driver_wext_init()
1092 * This function can be used as registered timeout when starting a scan to
1093 * generate a scan completed event if the driver does not report this.
1095 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1097 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1098 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1103 * wpa_driver_wext_scan - Request the driver to initiate scan
1104 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1105 * @ssid: Specific SSID to scan for (ProbeReq) or %NULL to scan for
1106 * all SSIDs (either active scan with broadcast SSID or passive
1108 * @ssid_len: Length of the SSID
1109 * Returns: 0 on success, -1 on failure
1111 int wpa_driver_wext_scan(void *priv, const u8 *ssid, size_t ssid_len)
1113 struct wpa_driver_wext_data *drv = priv;
1115 int ret = 0, timeout;
1116 struct iw_scan_req req;
1118 if (ssid_len > IW_ESSID_MAX_SIZE) {
1119 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
1120 __FUNCTION__, (unsigned long) ssid_len);
1124 os_memset(&iwr, 0, sizeof(iwr));
1125 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1127 if (ssid && ssid_len) {
1128 os_memset(&req, 0, sizeof(req));
1129 req.essid_len = ssid_len;
1130 req.bssid.sa_family = ARPHRD_ETHER;
1131 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
1132 os_memcpy(req.essid, ssid, ssid_len);
1133 iwr.u.data.pointer = (caddr_t) &req;
1134 iwr.u.data.length = sizeof(req);
1135 iwr.u.data.flags = IW_SCAN_THIS_ESSID;
1138 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
1139 perror("ioctl[SIOCSIWSCAN]");
1143 /* Not all drivers generate "scan completed" wireless event, so try to
1144 * read results after a timeout. */
1146 if (drv->scan_complete_events) {
1148 * The driver seems to deliver SIOCGIWSCAN events to notify
1149 * when scan is complete, so use longer timeout to avoid race
1150 * conditions with scanning and following association request.
1154 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1155 "seconds", ret, timeout);
1156 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1157 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv,
1164 /* Compare function for sorting scan results. Return >0 if @b is considered
1166 static int wpa_scan_result_compar(const void *a, const void *b)
1168 const struct wpa_scan_result *wa = a;
1169 const struct wpa_scan_result *wb = b;
1171 /* WPA/WPA2 support preferred */
1172 if ((wb->wpa_ie_len || wb->rsn_ie_len) &&
1173 !(wa->wpa_ie_len || wa->rsn_ie_len))
1175 if (!(wb->wpa_ie_len || wb->rsn_ie_len) &&
1176 (wa->wpa_ie_len || wa->rsn_ie_len))
1179 /* privacy support preferred */
1180 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 &&
1181 (wb->caps & IEEE80211_CAP_PRIVACY))
1183 if ((wa->caps & IEEE80211_CAP_PRIVACY) &&
1184 (wb->caps & IEEE80211_CAP_PRIVACY) == 0)
1187 /* best/max rate preferred if signal level close enough XXX */
1188 if (wa->maxrate != wb->maxrate && abs(wb->level - wa->level) < 5)
1189 return wb->maxrate - wa->maxrate;
1191 /* use freq for channel preference */
1193 /* all things being equal, use signal level; if signal levels are
1194 * identical, use quality values since some drivers may only report
1195 * that value and leave the signal level zero */
1196 if (wb->level == wa->level)
1197 return wb->qual - wa->qual;
1198 return wb->level - wa->level;
1203 * wpa_driver_wext_get_scan_results - Fetch the latest scan results
1204 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1205 * @results: Pointer to buffer for scan results
1206 * @max_size: Maximum number of entries (buffer size)
1207 * Returns: Number of scan result entries used on success, -1 on
1210 * If scan results include more than max_size BSSes, max_size will be
1211 * returned and the remaining entries will not be included in the
1214 int wpa_driver_wext_get_scan_results(void *priv,
1215 struct wpa_scan_result *results,
1218 struct wpa_driver_wext_data *drv = priv;
1223 struct iw_event iwe_buf, *iwe = &iwe_buf;
1224 char *pos, *end, *custom, *genie, *gpos, *gend;
1226 size_t len, clen, res_buf_len;
1228 os_memset(results, 0, max_size * sizeof(struct wpa_scan_result));
1230 res_buf_len = IW_SCAN_MAX_DATA;
1232 res_buf = os_malloc(res_buf_len);
1233 if (res_buf == NULL)
1235 os_memset(&iwr, 0, sizeof(iwr));
1236 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1237 iwr.u.data.pointer = res_buf;
1238 iwr.u.data.length = res_buf_len;
1240 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
1243 if (errno == E2BIG && res_buf_len < 100000) {
1247 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
1248 "trying larger buffer (%lu bytes)",
1249 (unsigned long) res_buf_len);
1251 perror("ioctl[SIOCGIWSCAN]");
1257 len = iwr.u.data.length;
1261 pos = (char *) res_buf;
1262 end = (char *) res_buf + len;
1264 while (pos + IW_EV_LCP_LEN <= end) {
1266 /* Event data may be unaligned, so make a local, aligned copy
1267 * before processing. */
1268 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1269 if (iwe->len <= IW_EV_LCP_LEN)
1272 custom = pos + IW_EV_POINT_LEN;
1273 if (drv->we_version_compiled > 18 &&
1274 (iwe->cmd == SIOCGIWESSID ||
1275 iwe->cmd == SIOCGIWENCODE ||
1276 iwe->cmd == IWEVGENIE ||
1277 iwe->cmd == IWEVCUSTOM)) {
1278 /* WE-19 removed the pointer from struct iw_point */
1279 char *dpos = (char *) &iwe_buf.u.data.length;
1280 int dlen = dpos - (char *) &iwe_buf;
1281 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1282 sizeof(struct iw_event) - dlen);
1284 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1285 custom += IW_EV_POINT_OFF;
1293 if (ap_num < max_size) {
1294 os_memcpy(results[ap_num].bssid,
1295 iwe->u.ap_addr.sa_data, ETH_ALEN);
1299 if (ap_num >= max_size)
1301 if (iwe->u.mode == IW_MODE_ADHOC)
1302 results[ap_num].caps |= IEEE80211_CAP_IBSS;
1303 else if (iwe->u.mode == IW_MODE_MASTER ||
1304 iwe->u.mode == IW_MODE_INFRA)
1305 results[ap_num].caps |= IEEE80211_CAP_ESS;
1308 ssid_len = iwe->u.essid.length;
1309 if (custom + ssid_len > end)
1311 if (iwe->u.essid.flags &&
1313 ssid_len <= IW_ESSID_MAX_SIZE) {
1314 if (ap_num < max_size) {
1315 os_memcpy(results[ap_num].ssid, custom,
1317 results[ap_num].ssid_len = ssid_len;
1322 if (ap_num < max_size) {
1323 int divi = 1000000, i;
1324 if (iwe->u.freq.e == 0) {
1326 * Some drivers do not report
1327 * frequency, but a channel. Try to map
1328 * this to frequency by assuming they
1329 * are using IEEE 802.11b/g. But don't
1330 * overwrite a previously parsed
1331 * frequency if the driver sends both
1332 * frequency and channel, since the
1333 * driver may be sending an A-band
1334 * channel that we don't handle here.
1337 if (results[ap_num].freq)
1340 if (iwe->u.freq.m >= 1 &&
1341 iwe->u.freq.m <= 13) {
1342 results[ap_num].freq =
1346 } else if (iwe->u.freq.m == 14) {
1347 results[ap_num].freq = 2484;
1351 if (iwe->u.freq.e > 6) {
1353 MSG_DEBUG, "Invalid freq "
1354 "in scan results (BSSID="
1355 MACSTR ": m=%d e=%d\n",
1356 MAC2STR(results[ap_num].bssid),
1357 iwe->u.freq.m, iwe->u.freq.e);
1360 for (i = 0; i < iwe->u.freq.e; i++)
1362 results[ap_num].freq = iwe->u.freq.m / divi;
1366 if (ap_num < max_size) {
1367 results[ap_num].qual = iwe->u.qual.qual;
1368 results[ap_num].noise = iwe->u.qual.noise;
1369 results[ap_num].level = iwe->u.qual.level;
1373 if (ap_num < max_size &&
1374 !(iwe->u.data.flags & IW_ENCODE_DISABLED))
1375 results[ap_num].caps |= IEEE80211_CAP_PRIVACY;
1378 custom = pos + IW_EV_LCP_LEN;
1380 if (custom + clen > end)
1383 while (((ssize_t) clen) >=
1384 (ssize_t) sizeof(struct iw_param)) {
1385 /* Note: may be misaligned, make a local,
1387 os_memcpy(&p, custom, sizeof(struct iw_param));
1388 if (p.value > maxrate)
1390 clen -= sizeof(struct iw_param);
1391 custom += sizeof(struct iw_param);
1393 if (ap_num < max_size)
1394 results[ap_num].maxrate = maxrate;
1397 if (ap_num >= max_size)
1399 gpos = genie = custom;
1400 gend = genie + iwe->u.data.length;
1402 wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1405 while (gpos + 1 < gend &&
1406 gpos + 2 + (u8) gpos[1] <= gend) {
1407 u8 ie = gpos[0], ielen = gpos[1] + 2;
1408 if (ielen > SSID_MAX_WPA_IE_LEN) {
1413 case GENERIC_INFO_ELEM:
1414 if (ielen < 2 + 4 ||
1416 "\x00\x50\xf2\x01", 4) !=
1419 os_memcpy(results[ap_num].wpa_ie, gpos,
1421 results[ap_num].wpa_ie_len = ielen;
1424 os_memcpy(results[ap_num].rsn_ie, gpos,
1426 results[ap_num].rsn_ie_len = ielen;
1433 clen = iwe->u.data.length;
1434 if (custom + clen > end)
1437 os_strncmp(custom, "wpa_ie=", 7) == 0 &&
1438 ap_num < max_size) {
1442 bytes = custom + clen - spos;
1446 if (bytes > SSID_MAX_WPA_IE_LEN) {
1447 wpa_printf(MSG_INFO, "Too long WPA IE "
1451 hexstr2bin(spos, results[ap_num].wpa_ie,
1453 results[ap_num].wpa_ie_len = bytes;
1454 } else if (clen > 7 &&
1455 os_strncmp(custom, "rsn_ie=", 7) == 0 &&
1456 ap_num < max_size) {
1460 bytes = custom + clen - spos;
1464 if (bytes > SSID_MAX_WPA_IE_LEN) {
1465 wpa_printf(MSG_INFO, "Too long RSN IE "
1469 hexstr2bin(spos, results[ap_num].rsn_ie,
1471 results[ap_num].rsn_ie_len = bytes;
1482 if (ap_num > max_size) {
1483 wpa_printf(MSG_DEBUG, "Too small scan result buffer - "
1484 "%lu BSSes but room only for %lu",
1485 (unsigned long) ap_num,
1486 (unsigned long) max_size);
1489 qsort(results, ap_num, sizeof(struct wpa_scan_result),
1490 wpa_scan_result_compar);
1492 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1493 (unsigned long) len, (unsigned long) ap_num);
1499 static int wpa_driver_wext_get_range(void *priv)
1501 struct wpa_driver_wext_data *drv = priv;
1502 struct iw_range *range;
1508 * Use larger buffer than struct iw_range in order to allow the
1509 * structure to grow in the future.
1511 buflen = sizeof(struct iw_range) + 500;
1512 range = os_zalloc(buflen);
1516 os_memset(&iwr, 0, sizeof(iwr));
1517 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1518 iwr.u.data.pointer = (caddr_t) range;
1519 iwr.u.data.length = buflen;
1521 minlen = ((char *) &range->enc_capa) - (char *) range +
1522 sizeof(range->enc_capa);
1524 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1525 perror("ioctl[SIOCGIWRANGE]");
1528 } else if (iwr.u.data.length >= minlen &&
1529 range->we_version_compiled >= 18) {
1530 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1531 "WE(source)=%d enc_capa=0x%x",
1532 range->we_version_compiled,
1533 range->we_version_source,
1535 drv->has_capability = 1;
1536 drv->we_version_compiled = range->we_version_compiled;
1537 if (range->enc_capa & IW_ENC_CAPA_WPA) {
1538 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1539 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1541 if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1542 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1543 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1545 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1546 WPA_DRIVER_CAPA_ENC_WEP104;
1547 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1548 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1549 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1550 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1551 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x",
1552 drv->capa.key_mgmt, drv->capa.enc);
1554 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1555 "assuming WPA is not supported");
1563 static int wpa_driver_wext_set_wpa(void *priv, int enabled)
1565 struct wpa_driver_wext_data *drv = priv;
1566 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1568 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED,
1573 static int wpa_driver_wext_set_key_ext(void *priv, wpa_alg alg,
1574 const u8 *addr, int key_idx,
1575 int set_tx, const u8 *seq,
1577 const u8 *key, size_t key_len)
1579 struct wpa_driver_wext_data *drv = priv;
1582 struct iw_encode_ext *ext;
1584 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) {
1585 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu",
1586 __FUNCTION__, (unsigned long) seq_len);
1590 ext = os_zalloc(sizeof(*ext) + key_len);
1593 os_memset(&iwr, 0, sizeof(iwr));
1594 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1595 iwr.u.encoding.flags = key_idx + 1;
1596 if (alg == WPA_ALG_NONE)
1597 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1598 iwr.u.encoding.pointer = (caddr_t) ext;
1599 iwr.u.encoding.length = sizeof(*ext) + key_len;
1602 os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0)
1603 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
1605 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
1607 ext->addr.sa_family = ARPHRD_ETHER;
1609 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN);
1611 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN);
1612 if (key && key_len) {
1613 os_memcpy(ext + 1, key, key_len);
1614 ext->key_len = key_len;
1618 ext->alg = IW_ENCODE_ALG_NONE;
1621 ext->alg = IW_ENCODE_ALG_WEP;
1624 ext->alg = IW_ENCODE_ALG_TKIP;
1627 ext->alg = IW_ENCODE_ALG_CCMP;
1630 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d",
1636 if (seq && seq_len) {
1637 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID;
1638 os_memcpy(ext->rx_seq, seq, seq_len);
1641 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) {
1642 ret = errno == EOPNOTSUPP ? -2 : -1;
1643 if (errno == ENODEV) {
1645 * ndiswrapper seems to be returning incorrect error
1650 perror("ioctl[SIOCSIWENCODEEXT]");
1659 * wpa_driver_wext_set_key - Configure encryption key
1660 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1661 * @priv: Private driver interface data
1662 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
1663 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key.
1664 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for
1665 * broadcast/default keys
1666 * @key_idx: key index (0..3), usually 0 for unicast keys
1667 * @set_tx: Configure this key as the default Tx key (only used when
1668 * driver does not support separate unicast/individual key
1669 * @seq: Sequence number/packet number, seq_len octets, the next
1670 * packet number to be used for in replay protection; configured
1671 * for Rx keys (in most cases, this is only used with broadcast
1672 * keys and set to zero for unicast keys)
1673 * @seq_len: Length of the seq, depends on the algorithm:
1674 * TKIP: 6 octets, CCMP: 6 octets
1675 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
1677 * @key_len: Length of the key buffer in octets (WEP: 5 or 13,
1678 * TKIP: 32, CCMP: 16)
1679 * Returns: 0 on success, -1 on failure
1681 * This function uses SIOCSIWENCODEEXT by default, but tries to use
1682 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key.
1684 int wpa_driver_wext_set_key(void *priv, wpa_alg alg,
1685 const u8 *addr, int key_idx,
1686 int set_tx, const u8 *seq, size_t seq_len,
1687 const u8 *key, size_t key_len)
1689 struct wpa_driver_wext_data *drv = priv;
1693 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu "
1695 __FUNCTION__, alg, key_idx, set_tx,
1696 (unsigned long) seq_len, (unsigned long) key_len);
1698 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx,
1699 seq, seq_len, key, key_len);
1704 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) {
1705 wpa_printf(MSG_DEBUG, "Driver did not support "
1706 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE");
1709 wpa_printf(MSG_DEBUG, "Driver did not support "
1710 "SIOCSIWENCODEEXT");
1714 os_memset(&iwr, 0, sizeof(iwr));
1715 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1716 iwr.u.encoding.flags = key_idx + 1;
1717 if (alg == WPA_ALG_NONE)
1718 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1719 iwr.u.encoding.pointer = (caddr_t) key;
1720 iwr.u.encoding.length = key_len;
1722 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1723 perror("ioctl[SIOCSIWENCODE]");
1727 if (set_tx && alg != WPA_ALG_NONE) {
1728 os_memset(&iwr, 0, sizeof(iwr));
1729 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1730 iwr.u.encoding.flags = key_idx + 1;
1731 iwr.u.encoding.pointer = (caddr_t) NULL;
1732 iwr.u.encoding.length = 0;
1733 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1734 perror("ioctl[SIOCSIWENCODE] (set_tx)");
1743 static int wpa_driver_wext_set_countermeasures(void *priv,
1746 struct wpa_driver_wext_data *drv = priv;
1747 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1748 return wpa_driver_wext_set_auth_param(drv,
1749 IW_AUTH_TKIP_COUNTERMEASURES,
1754 static int wpa_driver_wext_set_drop_unencrypted(void *priv,
1757 struct wpa_driver_wext_data *drv = priv;
1758 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1759 drv->use_crypt = enabled;
1760 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
1765 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv,
1766 const u8 *addr, int cmd, int reason_code)
1769 struct iw_mlme mlme;
1772 os_memset(&iwr, 0, sizeof(iwr));
1773 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1774 os_memset(&mlme, 0, sizeof(mlme));
1776 mlme.reason_code = reason_code;
1777 mlme.addr.sa_family = ARPHRD_ETHER;
1778 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
1779 iwr.u.data.pointer = (caddr_t) &mlme;
1780 iwr.u.data.length = sizeof(mlme);
1782 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
1783 perror("ioctl[SIOCSIWMLME]");
1791 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr,
1794 struct wpa_driver_wext_data *drv = priv;
1795 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1796 return wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
1800 static int wpa_driver_wext_disassociate(void *priv, const u8 *addr,
1803 struct wpa_driver_wext_data *drv = priv;
1804 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1805 return wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC,
1810 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
1813 struct wpa_driver_wext_data *drv = priv;
1817 os_memset(&iwr, 0, sizeof(iwr));
1818 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1819 iwr.u.data.pointer = (caddr_t) ie;
1820 iwr.u.data.length = ie_len;
1822 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
1823 perror("ioctl[SIOCSIWGENIE]");
1831 static int wpa_driver_wext_cipher2wext(int cipher)
1835 return IW_AUTH_CIPHER_NONE;
1837 return IW_AUTH_CIPHER_WEP40;
1839 return IW_AUTH_CIPHER_TKIP;
1841 return IW_AUTH_CIPHER_CCMP;
1843 return IW_AUTH_CIPHER_WEP104;
1850 static int wpa_driver_wext_keymgmt2wext(int keymgmt)
1853 case KEY_MGMT_802_1X:
1854 case KEY_MGMT_802_1X_NO_WPA:
1855 return IW_AUTH_KEY_MGMT_802_1X;
1857 return IW_AUTH_KEY_MGMT_PSK;
1865 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv,
1866 struct wpa_driver_associate_params *params)
1871 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
1872 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
1874 os_memset(&iwr, 0, sizeof(iwr));
1875 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1876 /* Just changing mode, not actual keys */
1877 iwr.u.encoding.flags = 0;
1878 iwr.u.encoding.pointer = (caddr_t) NULL;
1879 iwr.u.encoding.length = 0;
1882 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
1883 * different things. Here they are used to indicate Open System vs.
1884 * Shared Key authentication algorithm. However, some drivers may use
1885 * them to select between open/restricted WEP encrypted (open = allow
1886 * both unencrypted and encrypted frames; restricted = only allow
1887 * encrypted frames).
1890 if (!drv->use_crypt) {
1891 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1893 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
1894 iwr.u.encoding.flags |= IW_ENCODE_OPEN;
1895 if (params->auth_alg & AUTH_ALG_SHARED_KEY)
1896 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
1899 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1900 perror("ioctl[SIOCSIWENCODE]");
1909 wpa_driver_wext_associate(void *priv,
1910 struct wpa_driver_associate_params *params)
1912 struct wpa_driver_wext_data *drv = priv;
1914 int allow_unencrypted_eapol;
1917 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1920 * If the driver did not support SIOCSIWAUTH, fallback to
1921 * SIOCSIWENCODE here.
1923 if (drv->auth_alg_fallback &&
1924 wpa_driver_wext_auth_alg_fallback(drv, params) < 0)
1927 if (!params->bssid &&
1928 wpa_driver_wext_set_bssid(drv, NULL) < 0)
1931 if (wpa_driver_wext_set_mode(drv, params->mode) < 0)
1933 /* TODO: should consider getting wpa version and cipher/key_mgmt suites
1934 * from configuration, not from here, where only the selected suite is
1936 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
1939 if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
1940 value = IW_AUTH_WPA_VERSION_DISABLED;
1941 else if (params->wpa_ie[0] == RSN_INFO_ELEM)
1942 value = IW_AUTH_WPA_VERSION_WPA2;
1944 value = IW_AUTH_WPA_VERSION_WPA;
1945 if (wpa_driver_wext_set_auth_param(drv,
1946 IW_AUTH_WPA_VERSION, value) < 0)
1948 value = wpa_driver_wext_cipher2wext(params->pairwise_suite);
1949 if (wpa_driver_wext_set_auth_param(drv,
1950 IW_AUTH_CIPHER_PAIRWISE, value) < 0)
1952 value = wpa_driver_wext_cipher2wext(params->group_suite);
1953 if (wpa_driver_wext_set_auth_param(drv,
1954 IW_AUTH_CIPHER_GROUP, value) < 0)
1956 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite);
1957 if (wpa_driver_wext_set_auth_param(drv,
1958 IW_AUTH_KEY_MGMT, value) < 0)
1960 value = params->key_mgmt_suite != KEY_MGMT_NONE ||
1961 params->pairwise_suite != CIPHER_NONE ||
1962 params->group_suite != CIPHER_NONE ||
1964 if (wpa_driver_wext_set_auth_param(drv,
1965 IW_AUTH_PRIVACY_INVOKED, value) < 0)
1968 /* Allow unencrypted EAPOL messages even if pairwise keys are set when
1969 * not using WPA. IEEE 802.1X specifies that these frames are not
1970 * encrypted, but WPA encrypts them when pairwise keys are in use. */
1971 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
1972 params->key_mgmt_suite == KEY_MGMT_PSK)
1973 allow_unencrypted_eapol = 0;
1975 allow_unencrypted_eapol = 1;
1977 if (wpa_driver_wext_set_auth_param(drv,
1978 IW_AUTH_RX_UNENCRYPTED_EAPOL,
1979 allow_unencrypted_eapol) < 0)
1981 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0)
1983 if (wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
1985 if (params->bssid &&
1986 wpa_driver_wext_set_bssid(drv, params->bssid) < 0)
1993 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
1995 struct wpa_driver_wext_data *drv = priv;
1998 if (auth_alg & AUTH_ALG_OPEN_SYSTEM)
1999 algs |= IW_AUTH_ALG_OPEN_SYSTEM;
2000 if (auth_alg & AUTH_ALG_SHARED_KEY)
2001 algs |= IW_AUTH_ALG_SHARED_KEY;
2002 if (auth_alg & AUTH_ALG_LEAP)
2003 algs |= IW_AUTH_ALG_LEAP;
2005 /* at least one algorithm should be set */
2006 algs = IW_AUTH_ALG_OPEN_SYSTEM;
2009 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
2011 drv->auth_alg_fallback = res == -2;
2017 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
2018 * @priv: Pointer to private wext data from wpa_driver_wext_init()
2019 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2020 * Returns: 0 on success, -1 on failure
2022 int wpa_driver_wext_set_mode(void *priv, int mode)
2024 struct wpa_driver_wext_data *drv = priv;
2026 int ret = -1, flags;
2027 unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA;
2029 os_memset(&iwr, 0, sizeof(iwr));
2030 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2031 iwr.u.mode = new_mode;
2032 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) {
2037 if (errno != EBUSY) {
2038 perror("ioctl[SIOCSIWMODE]");
2042 /* mac80211 doesn't allow mode changes while the device is up, so if
2043 * the device isn't in the mode we're about to change to, take device
2044 * down, try to set the mode again, and bring it back up.
2046 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
2047 perror("ioctl[SIOCGIWMODE]");
2051 if (iwr.u.mode == new_mode) {
2056 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0) {
2057 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
2059 /* Try to set the mode again while the interface is down */
2060 iwr.u.mode = new_mode;
2061 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0)
2062 perror("ioctl[SIOCSIWMODE]");
2066 /* Ignore return value of get_ifflags to ensure that the device
2067 * is always up like it was before this function was called.
2069 (void) wpa_driver_wext_get_ifflags(drv, &flags);
2070 (void) wpa_driver_wext_set_ifflags(drv, flags | IFF_UP);
2078 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv,
2079 u32 cmd, const u8 *bssid, const u8 *pmkid)
2082 struct iw_pmksa pmksa;
2085 os_memset(&iwr, 0, sizeof(iwr));
2086 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2087 os_memset(&pmksa, 0, sizeof(pmksa));
2089 pmksa.bssid.sa_family = ARPHRD_ETHER;
2091 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2093 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2094 iwr.u.data.pointer = (caddr_t) &pmksa;
2095 iwr.u.data.length = sizeof(pmksa);
2097 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2098 if (errno != EOPNOTSUPP)
2099 perror("ioctl[SIOCSIWPMKSA]");
2107 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid,
2110 struct wpa_driver_wext_data *drv = priv;
2111 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
2115 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid,
2118 struct wpa_driver_wext_data *drv = priv;
2119 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
2123 static int wpa_driver_wext_flush_pmkid(void *priv)
2125 struct wpa_driver_wext_data *drv = priv;
2126 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2130 static int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa)
2132 struct wpa_driver_wext_data *drv = priv;
2133 if (!drv->has_capability)
2135 os_memcpy(capa, &drv->capa, sizeof(*capa));
2140 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
2143 if (ifname == NULL) {
2148 drv->ifindex2 = if_nametoindex(ifname);
2149 if (drv->ifindex2 <= 0)
2152 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for "
2153 "wireless events", drv->ifindex2, ifname);
2159 int wpa_driver_wext_set_operstate(void *priv, int state)
2161 struct wpa_driver_wext_data *drv = priv;
2163 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2164 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2165 drv->operstate = state;
2166 return wpa_driver_wext_send_oper_ifla(
2167 drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT);
2171 #ifdef CONFIG_CLIENT_MLME
2172 static int hostapd_ioctl(struct wpa_driver_wext_data *drv,
2173 struct prism2_hostapd_param *param, int len)
2177 os_memset(&iwr, 0, sizeof(iwr));
2178 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2179 iwr.u.data.pointer = (caddr_t) param;
2180 iwr.u.data.length = len;
2182 if (ioctl(drv->ioctl_sock, PRISM2_IOCTL_HOSTAPD, &iwr) < 0) {
2183 perror("ioctl[PRISM2_IOCTL_HOSTAPD]");
2191 static struct wpa_hw_modes *
2192 wpa_driver_wext_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
2194 struct wpa_driver_wext_data *drv = priv;
2195 struct prism2_hostapd_param *param;
2197 struct wpa_hw_modes *modes = NULL;
2200 param = os_zalloc(PRISM2_HOSTAPD_MAX_BUF_SIZE);
2203 param->cmd = PRISM2_HOSTAPD_GET_HW_FEATURES;
2205 if (hostapd_ioctl(drv, param, PRISM2_HOSTAPD_MAX_BUF_SIZE) < 0) {
2206 perror("ioctl[PRISM2_IOCTL_HOSTAPD]");
2210 *num_modes = param->u.hw_features.num_modes;
2211 *flags = param->u.hw_features.flags;
2213 pos = param->u.hw_features.data;
2214 end = pos + PRISM2_HOSTAPD_MAX_BUF_SIZE -
2215 (param->u.hw_features.data - (u8 *) param);
2217 modes = os_zalloc(*num_modes * sizeof(struct wpa_hw_modes));
2221 for (i = 0; i < *num_modes; i++) {
2222 struct hostapd_ioctl_hw_modes_hdr *hdr;
2223 struct wpa_hw_modes *feature;
2226 hdr = (struct hostapd_ioctl_hw_modes_hdr *) pos;
2227 pos = (u8 *) (hdr + 1);
2228 clen = hdr->num_channels * sizeof(struct wpa_channel_data);
2229 rlen = hdr->num_rates * sizeof(struct wpa_rate_data);
2231 feature = &modes[i];
2232 switch (hdr->mode) {
2233 case MODE_IEEE80211A:
2234 feature->mode = WPA_MODE_IEEE80211A;
2236 case MODE_IEEE80211B:
2237 feature->mode = WPA_MODE_IEEE80211B;
2239 case MODE_IEEE80211G:
2240 feature->mode = WPA_MODE_IEEE80211G;
2242 case MODE_ATHEROS_TURBO:
2243 case MODE_ATHEROS_TURBOG:
2244 wpa_printf(MSG_ERROR, "Skip unsupported hw_mode=%d in "
2245 "get_hw_features data", hdr->mode);
2249 wpa_printf(MSG_ERROR, "Unknown hw_mode=%d in "
2250 "get_hw_features data", hdr->mode);
2251 ieee80211_sta_free_hw_features(modes, *num_modes);
2255 feature->num_channels = hdr->num_channels;
2256 feature->num_rates = hdr->num_rates;
2258 feature->channels = os_malloc(clen);
2259 feature->rates = os_malloc(rlen);
2260 if (!feature->channels || !feature->rates ||
2261 pos + clen + rlen > end) {
2262 ieee80211_sta_free_hw_features(modes, *num_modes);
2267 os_memcpy(feature->channels, pos, clen);
2269 os_memcpy(feature->rates, pos, rlen);
2279 int wpa_driver_wext_set_channel(void *priv, wpa_hw_mode phymode, int chan,
2282 return wpa_driver_wext_set_freq(priv, freq);
2286 static void wpa_driver_wext_mlme_read(int sock, void *eloop_ctx,
2289 struct wpa_driver_wext_data *drv = eloop_ctx;
2291 unsigned char buf[3000];
2292 struct ieee80211_frame_info *fi;
2293 struct ieee80211_rx_status rx_status;
2295 len = recv(sock, buf, sizeof(buf), 0);
2297 perror("recv[MLME]");
2301 if (len < (int) sizeof(struct ieee80211_frame_info)) {
2302 wpa_printf(MSG_DEBUG, "WEXT: Too short MLME frame (len=%d)",
2307 fi = (struct ieee80211_frame_info *) buf;
2308 if (ntohl(fi->version) != IEEE80211_FI_VERSION) {
2309 wpa_printf(MSG_DEBUG, "WEXT: Invalid MLME frame info version "
2310 "0x%x", ntohl(fi->version));
2314 os_memset(&rx_status, 0, sizeof(rx_status));
2315 rx_status.ssi = ntohl(fi->ssi_signal);
2316 rx_status.channel = ntohl(fi->channel);
2318 ieee80211_sta_rx(drv->ctx, buf + sizeof(struct ieee80211_frame_info),
2319 len - sizeof(struct ieee80211_frame_info),
2324 static int wpa_driver_wext_open_mlme(struct wpa_driver_wext_data *drv)
2326 int flags, ifindex, s, *i;
2327 struct sockaddr_ll addr;
2330 os_memset(&iwr, 0, sizeof(iwr));
2331 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2332 i = (int *) iwr.u.name;
2333 *i++ = PRISM2_PARAM_USER_SPACE_MLME;
2336 if (ioctl(drv->ioctl_sock, PRISM2_IOCTL_PRISM2_PARAM, &iwr) < 0) {
2337 wpa_printf(MSG_ERROR, "WEXT: Failed to configure driver to "
2338 "use user space MLME");
2342 ifindex = if_nametoindex(drv->mlmedev);
2344 wpa_printf(MSG_ERROR, "WEXT: mlmedev='%s' not found",
2349 if (wpa_driver_wext_get_ifflags_ifname(drv, drv->mlmedev, &flags) != 0
2350 || wpa_driver_wext_set_ifflags_ifname(drv, drv->mlmedev,
2351 flags | IFF_UP) != 0) {
2352 wpa_printf(MSG_ERROR, "WEXT: Could not set interface "
2353 "'%s' UP", drv->mlmedev);
2357 s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
2359 perror("socket[PF_PACKET,SOCK_RAW]");
2363 os_memset(&addr, 0, sizeof(addr));
2364 addr.sll_family = AF_PACKET;
2365 addr.sll_ifindex = ifindex;
2367 if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
2368 perror("bind(MLME)");
2372 if (eloop_register_read_sock(s, wpa_driver_wext_mlme_read, drv, NULL))
2374 wpa_printf(MSG_ERROR, "WEXT: Could not register MLME read "
2384 static int wpa_driver_wext_send_mlme(void *priv, const u8 *data,
2387 struct wpa_driver_wext_data *drv = priv;
2390 ret = send(drv->mlme_sock, data, data_len, 0);
2392 perror("send[MLME]");
2400 static int wpa_driver_wext_mlme_add_sta(void *priv, const u8 *addr,
2401 const u8 *supp_rates,
2402 size_t supp_rates_len)
2404 struct wpa_driver_wext_data *drv = priv;
2405 struct prism2_hostapd_param param;
2408 os_memset(¶m, 0, sizeof(param));
2409 param.cmd = PRISM2_HOSTAPD_ADD_STA;
2410 os_memcpy(param.sta_addr, addr, ETH_ALEN);
2411 len = supp_rates_len;
2412 if (len > sizeof(param.u.add_sta.supp_rates))
2413 len = sizeof(param.u.add_sta.supp_rates);
2414 os_memcpy(param.u.add_sta.supp_rates, supp_rates, len);
2415 return hostapd_ioctl(drv, ¶m, sizeof(param));
2419 static int wpa_driver_wext_mlme_remove_sta(void *priv, const u8 *addr)
2421 struct wpa_driver_wext_data *drv = priv;
2422 struct prism2_hostapd_param param;
2424 os_memset(¶m, 0, sizeof(param));
2425 param.cmd = PRISM2_HOSTAPD_REMOVE_STA;
2426 os_memcpy(param.sta_addr, addr, ETH_ALEN);
2427 return hostapd_ioctl(drv, ¶m, sizeof(param));
2430 #endif /* CONFIG_CLIENT_MLME */
2433 static int wpa_driver_wext_set_param(void *priv, const char *param)
2435 #ifdef CONFIG_CLIENT_MLME
2436 struct wpa_driver_wext_data *drv = priv;
2437 const char *pos, *pos2;
2443 wpa_printf(MSG_DEBUG, "%s: param='%s'", __func__, param);
2445 pos = os_strstr(param, "mlmedev=");
2448 pos2 = os_strchr(pos, ' ');
2452 len = os_strlen(pos);
2453 if (len + 1 > sizeof(drv->mlmedev))
2455 os_memcpy(drv->mlmedev, pos, len);
2456 drv->mlmedev[len] = '\0';
2457 wpa_printf(MSG_DEBUG, "WEXT: Using user space MLME with "
2458 "mlmedev='%s'", drv->mlmedev);
2459 drv->capa.flags |= WPA_DRIVER_FLAGS_USER_SPACE_MLME;
2461 drv->mlme_sock = wpa_driver_wext_open_mlme(drv);
2462 if (drv->mlme_sock < 0)
2465 #endif /* CONFIG_CLIENT_MLME */
2471 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv)
2473 return drv->we_version_compiled;
2477 const struct wpa_driver_ops wpa_driver_wext_ops = {
2479 .desc = "Linux wireless extensions (generic)",
2480 .get_bssid = wpa_driver_wext_get_bssid,
2481 .get_ssid = wpa_driver_wext_get_ssid,
2482 .set_wpa = wpa_driver_wext_set_wpa,
2483 .set_key = wpa_driver_wext_set_key,
2484 .set_countermeasures = wpa_driver_wext_set_countermeasures,
2485 .set_drop_unencrypted = wpa_driver_wext_set_drop_unencrypted,
2486 .scan = wpa_driver_wext_scan,
2487 .get_scan_results = wpa_driver_wext_get_scan_results,
2488 .deauthenticate = wpa_driver_wext_deauthenticate,
2489 .disassociate = wpa_driver_wext_disassociate,
2490 .associate = wpa_driver_wext_associate,
2491 .set_auth_alg = wpa_driver_wext_set_auth_alg,
2492 .init = wpa_driver_wext_init,
2493 .deinit = wpa_driver_wext_deinit,
2494 .set_param = wpa_driver_wext_set_param,
2495 .add_pmkid = wpa_driver_wext_add_pmkid,
2496 .remove_pmkid = wpa_driver_wext_remove_pmkid,
2497 .flush_pmkid = wpa_driver_wext_flush_pmkid,
2498 .get_capa = wpa_driver_wext_get_capa,
2499 .set_operstate = wpa_driver_wext_set_operstate,
2500 #ifdef CONFIG_CLIENT_MLME
2501 .get_hw_feature_data = wpa_driver_wext_get_hw_feature_data,
2502 .set_channel = wpa_driver_wext_set_channel,
2503 .set_ssid = wpa_driver_wext_set_ssid,
2504 .set_bssid = wpa_driver_wext_set_bssid,
2505 .send_mlme = wpa_driver_wext_send_mlme,
2506 .mlme_add_sta = wpa_driver_wext_mlme_add_sta,
2507 .mlme_remove_sta = wpa_driver_wext_mlme_remove_sta,
2508 #endif /* CONFIG_CLIENT_MLME */