Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 6e933c1e09094a8972ef1e782c57f8b3c55c91d0 / . / src / drivers / driver_wext.c
blob: f7df7cba3a04e4838e223a4b8deeae2eb90e629e [file] [log] [blame]
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1/*
2 * Driver interaction with generic Linux Wireless Extensions
3 * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 *
14 * This file implements a driver interface for the Linux Wireless Extensions.
15 * When used with WE-18 or newer, this interface can be used as-is with number
16 * of drivers. In addition to this, some of the common functions in this file
17 * can be used by other driver interface implementations that use generic WE
18 * ioctls, but require private ioctls for some of the functionality.
19 */
20
21#include "includes.h"
22#include <sys/ioctl.h>
23#include <sys/types.h>
24#include <sys/stat.h>
25#include <fcntl.h>
26#include <net/if_arp.h>
27
28#include "wireless_copy.h"
29#include "common.h"
30#include "eloop.h"
31#include "common/ieee802_11_defs.h"
32#include "common/wpa_common.h"
33#include "priv_netlink.h"
34#include "netlink.h"
35#include "linux_ioctl.h"
36#include "rfkill.h"
37#include "driver.h"
38#include "driver_wext.h"
39
40
41static int wpa_driver_wext_flush_pmkid(void *priv);
42static int wpa_driver_wext_get_range(void *priv);
43static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv);
44static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv);
45static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg);
Dmitry Shmidt886c3ff2011-05-24 15:31:25 -0700[diff] [blame]46#ifdef ANDROID
47extern int wpa_driver_wext_driver_cmd(void *priv, char *cmd, char *buf,
48 size_t buf_len);
49extern int wpa_driver_wext_combo_scan(void *priv,
50 struct wpa_driver_scan_params *params);
51#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]52
53int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv,
54 int idx, u32 value)
55{
56 struct iwreq iwr;
57 int ret = 0;
58
59 os_memset(&iwr, 0, sizeof(iwr));
60 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
61 iwr.u.param.flags = idx & IW_AUTH_INDEX;
62 iwr.u.param.value = value;
63
64 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
65 if (errno != EOPNOTSUPP) {
66 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
67 "value 0x%x) failed: %s)",
68 idx, value, strerror(errno));
69 }
70 ret = errno == EOPNOTSUPP ? -2 : -1;
71 }
72
73 return ret;
74}
75
76
77/**
78 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP
79 * @priv: Pointer to private wext data from wpa_driver_wext_init()
80 * @bssid: Buffer for BSSID
81 * Returns: 0 on success, -1 on failure
82 */
83int wpa_driver_wext_get_bssid(void *priv, u8 *bssid)
84{
85 struct wpa_driver_wext_data *drv = priv;
86 struct iwreq iwr;
87 int ret = 0;
88
89 os_memset(&iwr, 0, sizeof(iwr));
90 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
91
92 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
93 perror("ioctl[SIOCGIWAP]");
94 ret = -1;
95 }
96 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
97
98 return ret;
99}
100
101
102/**
103 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP
104 * @priv: Pointer to private wext data from wpa_driver_wext_init()
105 * @bssid: BSSID
106 * Returns: 0 on success, -1 on failure
107 */
108int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid)
109{
110 struct wpa_driver_wext_data *drv = priv;
111 struct iwreq iwr;
112 int ret = 0;
113
114 os_memset(&iwr, 0, sizeof(iwr));
115 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
116 iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
117 if (bssid)
118 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
119 else
120 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
121
122 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
123 perror("ioctl[SIOCSIWAP]");
124 ret = -1;
125 }
126
127 return ret;
128}
129
130
131/**
132 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID
133 * @priv: Pointer to private wext data from wpa_driver_wext_init()
134 * @ssid: Buffer for the SSID; must be at least 32 bytes long
135 * Returns: SSID length on success, -1 on failure
136 */
137int wpa_driver_wext_get_ssid(void *priv, u8 *ssid)
138{
139 struct wpa_driver_wext_data *drv = priv;
140 struct iwreq iwr;
141 int ret = 0;
142
143 os_memset(&iwr, 0, sizeof(iwr));
144 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
145 iwr.u.essid.pointer = (caddr_t) ssid;
146 iwr.u.essid.length = 32;
147
148 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
149 perror("ioctl[SIOCGIWESSID]");
150 ret = -1;
151 } else {
152 ret = iwr.u.essid.length;
153 if (ret > 32)
154 ret = 32;
155 /* Some drivers include nul termination in the SSID, so let's
156 * remove it here before further processing. WE-21 changes this
157 * to explicitly require the length _not_ to include nul
158 * termination. */
159 if (ret > 0 && ssid[ret - 1] == '\0' &&
160 drv->we_version_compiled < 21)
161 ret--;
162 }
163
164 return ret;
165}
166
167
168/**
169 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID
170 * @priv: Pointer to private wext data from wpa_driver_wext_init()
171 * @ssid: SSID
172 * @ssid_len: Length of SSID (0..32)
173 * Returns: 0 on success, -1 on failure
174 */
175int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
176{
177 struct wpa_driver_wext_data *drv = priv;
178 struct iwreq iwr;
179 int ret = 0;
180 char buf[33];
181
182 if (ssid_len > 32)
183 return -1;
184
185 os_memset(&iwr, 0, sizeof(iwr));
186 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
187 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */
188 iwr.u.essid.flags = (ssid_len != 0);
189 os_memset(buf, 0, sizeof(buf));
190 os_memcpy(buf, ssid, ssid_len);
191 iwr.u.essid.pointer = (caddr_t) buf;
192 if (drv->we_version_compiled < 21) {
193 /* For historic reasons, set SSID length to include one extra
194 * character, C string nul termination, even though SSID is
195 * really an octet string that should not be presented as a C
196 * string. Some Linux drivers decrement the length by one and
197 * can thus end up missing the last octet of the SSID if the
198 * length is not incremented here. WE-21 changes this to
199 * explicitly require the length _not_ to include nul
200 * termination. */
201 if (ssid_len)
202 ssid_len++;
203 }
204 iwr.u.essid.length = ssid_len;
205
206 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
207 perror("ioctl[SIOCSIWESSID]");
208 ret = -1;
209 }
210
211 return ret;
212}
213
214
215/**
216 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ
217 * @priv: Pointer to private wext data from wpa_driver_wext_init()
218 * @freq: Frequency in MHz
219 * Returns: 0 on success, -1 on failure
220 */
221int wpa_driver_wext_set_freq(void *priv, int freq)
222{
223 struct wpa_driver_wext_data *drv = priv;
224 struct iwreq iwr;
225 int ret = 0;
226
227 os_memset(&iwr, 0, sizeof(iwr));
228 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
229 iwr.u.freq.m = freq * 100000;
230 iwr.u.freq.e = 1;
231
232 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
233 perror("ioctl[SIOCSIWFREQ]");
234 ret = -1;
235 }
236
237 return ret;
238}
239
240
241static void
242wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
243{
244 union wpa_event_data data;
245
246 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
247 custom);
248
249 os_memset(&data, 0, sizeof(data));
250 /* Host AP driver */
251 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
252 data.michael_mic_failure.unicast =
253 os_strstr(custom, " unicast ") != NULL;
254 /* TODO: parse parameters(?) */
255 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
256 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
257 char *spos;
258 int bytes;
259 u8 *req_ies = NULL, *resp_ies = NULL;
260
261 spos = custom + 17;
262
263 bytes = strspn(spos, "0123456789abcdefABCDEF");
264 if (!bytes || (bytes & 1))
265 return;
266 bytes /= 2;
267
268 req_ies = os_malloc(bytes);
269 if (req_ies == NULL ||
270 hexstr2bin(spos, req_ies, bytes) < 0)
271 goto done;
272 data.assoc_info.req_ies = req_ies;
273 data.assoc_info.req_ies_len = bytes;
274
275 spos += bytes * 2;
276
277 data.assoc_info.resp_ies = NULL;
278 data.assoc_info.resp_ies_len = 0;
279
280 if (os_strncmp(spos, " RespIEs=", 9) == 0) {
281 spos += 9;
282
283 bytes = strspn(spos, "0123456789abcdefABCDEF");
284 if (!bytes || (bytes & 1))
285 goto done;
286 bytes /= 2;
287
288 resp_ies = os_malloc(bytes);
289 if (resp_ies == NULL ||
290 hexstr2bin(spos, resp_ies, bytes) < 0)
291 goto done;
292 data.assoc_info.resp_ies = resp_ies;
293 data.assoc_info.resp_ies_len = bytes;
294 }
295
296 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
297
298 done:
299 os_free(resp_ies);
300 os_free(req_ies);
301#ifdef CONFIG_PEERKEY
302 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
303 if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
304 wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
305 "STKSTART.request '%s'", custom + 17);
306 return;
307 }
308 wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
309#endif /* CONFIG_PEERKEY */
Dmitry Shmidt886c3ff2011-05-24 15:31:25 -0700[diff] [blame]310#ifdef ANDROID
311 } else if (os_strncmp(custom, "STOP", 4) == 0) {
312 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STOPPED");
313 } else if (os_strncmp(custom, "START", 5) == 0) {
314 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STARTED");
315 } else if (os_strncmp(custom, "HANG", 4) == 0) {
316 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED");
317#endif /* ANDROID */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]318 }
319}
320
321
322static int wpa_driver_wext_event_wireless_michaelmicfailure(
323 void *ctx, const char *ev, size_t len)
324{
325 const struct iw_michaelmicfailure *mic;
326 union wpa_event_data data;
327
328 if (len < sizeof(*mic))
329 return -1;
330
331 mic = (const struct iw_michaelmicfailure *) ev;
332
333 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
334 "flags=0x%x src_addr=" MACSTR, mic->flags,
335 MAC2STR(mic->src_addr.sa_data));
336
337 os_memset(&data, 0, sizeof(data));
338 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
339 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
340
341 return 0;
342}
343
344
345static int wpa_driver_wext_event_wireless_pmkidcand(
346 struct wpa_driver_wext_data *drv, const char *ev, size_t len)
347{
348 const struct iw_pmkid_cand *cand;
349 union wpa_event_data data;
350 const u8 *addr;
351
352 if (len < sizeof(*cand))
353 return -1;
354
355 cand = (const struct iw_pmkid_cand *) ev;
356 addr = (const u8 *) cand->bssid.sa_data;
357
358 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
359 "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
360 cand->index, MAC2STR(addr));
361
362 os_memset(&data, 0, sizeof(data));
363 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
364 data.pmkid_candidate.index = cand->index;
365 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
366 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
367
368 return 0;
369}
370
371
372static int wpa_driver_wext_event_wireless_assocreqie(
373 struct wpa_driver_wext_data *drv, const char *ev, int len)
374{
375 if (len < 0)
376 return -1;
377
378 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
379 len);
380 os_free(drv->assoc_req_ies);
381 drv->assoc_req_ies = os_malloc(len);
382 if (drv->assoc_req_ies == NULL) {
383 drv->assoc_req_ies_len = 0;
384 return -1;
385 }
386 os_memcpy(drv->assoc_req_ies, ev, len);
387 drv->assoc_req_ies_len = len;
388
389 return 0;
390}
391
392
393static int wpa_driver_wext_event_wireless_assocrespie(
394 struct wpa_driver_wext_data *drv, const char *ev, int len)
395{
396 if (len < 0)
397 return -1;
398
399 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
400 len);
401 os_free(drv->assoc_resp_ies);
402 drv->assoc_resp_ies = os_malloc(len);
403 if (drv->assoc_resp_ies == NULL) {
404 drv->assoc_resp_ies_len = 0;
405 return -1;
406 }
407 os_memcpy(drv->assoc_resp_ies, ev, len);
408 drv->assoc_resp_ies_len = len;
409
410 return 0;
411}
412
413
414static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv)
415{
416 union wpa_event_data data;
417
418 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
419 return;
420
421 os_memset(&data, 0, sizeof(data));
422 if (drv->assoc_req_ies) {
423 data.assoc_info.req_ies = drv->assoc_req_ies;
424 data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
425 }
426 if (drv->assoc_resp_ies) {
427 data.assoc_info.resp_ies = drv->assoc_resp_ies;
428 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
429 }
430
431 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
432
433 os_free(drv->assoc_req_ies);
434 drv->assoc_req_ies = NULL;
435 os_free(drv->assoc_resp_ies);
436 drv->assoc_resp_ies = NULL;
437}
438
439
440static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
441 char *data, int len)
442{
443 struct iw_event iwe_buf, *iwe = &iwe_buf;
444 char *pos, *end, *custom, *buf;
445
446 pos = data;
447 end = data + len;
448
449 while (pos + IW_EV_LCP_LEN <= end) {
450 /* Event data may be unaligned, so make a local, aligned copy
451 * before processing. */
452 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
453 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
454 iwe->cmd, iwe->len);
455 if (iwe->len <= IW_EV_LCP_LEN)
456 return;
457
458 custom = pos + IW_EV_POINT_LEN;
459 if (drv->we_version_compiled > 18 &&
460 (iwe->cmd == IWEVMICHAELMICFAILURE ||
461 iwe->cmd == IWEVCUSTOM ||
462 iwe->cmd == IWEVASSOCREQIE ||
463 iwe->cmd == IWEVASSOCRESPIE ||
464 iwe->cmd == IWEVPMKIDCAND)) {
465 /* WE-19 removed the pointer from struct iw_point */
466 char *dpos = (char *) &iwe_buf.u.data.length;
467 int dlen = dpos - (char *) &iwe_buf;
468 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
469 sizeof(struct iw_event) - dlen);
470 } else {
471 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
472 custom += IW_EV_POINT_OFF;
473 }
474
475 switch (iwe->cmd) {
476 case SIOCGIWAP:
477 wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
478 MACSTR,
479 MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
480 if (is_zero_ether_addr(
481 (const u8 *) iwe->u.ap_addr.sa_data) ||
482 os_memcmp(iwe->u.ap_addr.sa_data,
483 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
484 0) {
485 os_free(drv->assoc_req_ies);
486 drv->assoc_req_ies = NULL;
487 os_free(drv->assoc_resp_ies);
488 drv->assoc_resp_ies = NULL;
Dmitry Shmidt29991f42011-05-24 15:40:26 -0700[diff] [blame]489#ifdef ANDROID
490 if (!drv->skip_disconnect) {
491 drv->skip_disconnect = 1;
492#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]493 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC,
494 NULL);
Dmitry Shmidt29991f42011-05-24 15:40:26 -0700[diff] [blame]495#ifdef ANDROID
496 }
497#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]498 } else {
Dmitry Shmidt29991f42011-05-24 15:40:26 -0700[diff] [blame]499#ifdef ANDROID
500 drv->skip_disconnect = 0;
501#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]502 wpa_driver_wext_event_assoc_ies(drv);
503 wpa_supplicant_event(drv->ctx, EVENT_ASSOC,
504 NULL);
505 }
506 break;
507 case IWEVMICHAELMICFAILURE:
508 if (custom + iwe->u.data.length > end) {
509 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
510 "IWEVMICHAELMICFAILURE length");
511 return;
512 }
513 wpa_driver_wext_event_wireless_michaelmicfailure(
514 drv->ctx, custom, iwe->u.data.length);
515 break;
516 case IWEVCUSTOM:
517 if (custom + iwe->u.data.length > end) {
518 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
519 "IWEVCUSTOM length");
520 return;
521 }
522 buf = os_malloc(iwe->u.data.length + 1);
523 if (buf == NULL)
524 return;
525 os_memcpy(buf, custom, iwe->u.data.length);
526 buf[iwe->u.data.length] = '\0';
527 wpa_driver_wext_event_wireless_custom(drv->ctx, buf);
528 os_free(buf);
529 break;
530 case SIOCGIWSCAN:
531 drv->scan_complete_events = 1;
532 eloop_cancel_timeout(wpa_driver_wext_scan_timeout,
533 drv, drv->ctx);
534 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS,
535 NULL);
536 break;
537 case IWEVASSOCREQIE:
538 if (custom + iwe->u.data.length > end) {
539 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
540 "IWEVASSOCREQIE length");
541 return;
542 }
543 wpa_driver_wext_event_wireless_assocreqie(
544 drv, custom, iwe->u.data.length);
545 break;
546 case IWEVASSOCRESPIE:
547 if (custom + iwe->u.data.length > end) {
548 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
549 "IWEVASSOCRESPIE length");
550 return;
551 }
552 wpa_driver_wext_event_wireless_assocrespie(
553 drv, custom, iwe->u.data.length);
554 break;
555 case IWEVPMKIDCAND:
556 if (custom + iwe->u.data.length > end) {
557 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
558 "IWEVPMKIDCAND length");
559 return;
560 }
561 wpa_driver_wext_event_wireless_pmkidcand(
562 drv, custom, iwe->u.data.length);
563 break;
564 }
565
566 pos += iwe->len;
567 }
568}
569
570
571static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv,
572 char *buf, size_t len, int del)
573{
574 union wpa_event_data event;
575
576 os_memset(&event, 0, sizeof(event));
577 if (len > sizeof(event.interface_status.ifname))
578 len = sizeof(event.interface_status.ifname) - 1;
579 os_memcpy(event.interface_status.ifname, buf, len);
580 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
581 EVENT_INTERFACE_ADDED;
582
583 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
584 del ? "DEL" : "NEW",
585 event.interface_status.ifname,
586 del ? "removed" : "added");
587
588 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
589 if (del)
590 drv->if_removed = 1;
591 else
592 drv->if_removed = 0;
593 }
594
595 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
596}
597
598
599static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv,
600 u8 *buf, size_t len)
601{
602 int attrlen, rta_len;
603 struct rtattr *attr;
604
605 attrlen = len;
606 attr = (struct rtattr *) buf;
607
608 rta_len = RTA_ALIGN(sizeof(struct rtattr));
609 while (RTA_OK(attr, attrlen)) {
610 if (attr->rta_type == IFLA_IFNAME) {
611 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
612 == 0)
613 return 1;
614 else
615 break;
616 }
617 attr = RTA_NEXT(attr, attrlen);
618 }
619
620 return 0;
621}
622
623
624static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv,
625 int ifindex, u8 *buf, size_t len)
626{
627 if (drv->ifindex == ifindex || drv->ifindex2 == ifindex)
628 return 1;
629
630 if (drv->if_removed && wpa_driver_wext_own_ifname(drv, buf, len)) {
631 drv->ifindex = if_nametoindex(drv->ifname);
632 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed "
633 "interface");
634 wpa_driver_wext_finish_drv_init(drv);
635 return 1;
636 }
637
638 return 0;
639}
640
641
642static void wpa_driver_wext_event_rtm_newlink(void *ctx, struct ifinfomsg *ifi,
643 u8 *buf, size_t len)
644{
645 struct wpa_driver_wext_data *drv = ctx;
646 int attrlen, rta_len;
647 struct rtattr *attr;
648
649 if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, buf, len)) {
650 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
651 ifi->ifi_index);
652 return;
653 }
654
655 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
656 "(%s%s%s%s)",
657 drv->operstate, ifi->ifi_flags,
658 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
659 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
660 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
661 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
662
663 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
664 wpa_printf(MSG_DEBUG, "WEXT: Interface down");
665 drv->if_disabled = 1;
666 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL);
667 }
668
669 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
670 wpa_printf(MSG_DEBUG, "WEXT: Interface up");
671 drv->if_disabled = 0;
672 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL);
673 }
674
675 /*
676 * Some drivers send the association event before the operup event--in
677 * this case, lifting operstate in wpa_driver_wext_set_operstate()
678 * fails. This will hit us when wpa_supplicant does not need to do
679 * IEEE 802.1X authentication
680 */
681 if (drv->operstate == 1 &&
682 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
683 !(ifi->ifi_flags & IFF_RUNNING))
684 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
685 -1, IF_OPER_UP);
686
687 attrlen = len;
688 attr = (struct rtattr *) buf;
689
690 rta_len = RTA_ALIGN(sizeof(struct rtattr));
691 while (RTA_OK(attr, attrlen)) {
692 if (attr->rta_type == IFLA_WIRELESS) {
693 wpa_driver_wext_event_wireless(
694 drv, ((char *) attr) + rta_len,
695 attr->rta_len - rta_len);
696 } else if (attr->rta_type == IFLA_IFNAME) {
697 wpa_driver_wext_event_link(drv,
698 ((char *) attr) + rta_len,
699 attr->rta_len - rta_len, 0);
700 }
701 attr = RTA_NEXT(attr, attrlen);
702 }
703}
704
705
706static void wpa_driver_wext_event_rtm_dellink(void *ctx, struct ifinfomsg *ifi,
707 u8 *buf, size_t len)
708{
709 struct wpa_driver_wext_data *drv = ctx;
710 int attrlen, rta_len;
711 struct rtattr *attr;
712
713 attrlen = len;
714 attr = (struct rtattr *) buf;
715
716 rta_len = RTA_ALIGN(sizeof(struct rtattr));
717 while (RTA_OK(attr, attrlen)) {
718 if (attr->rta_type == IFLA_IFNAME) {
719 wpa_driver_wext_event_link(drv,
720 ((char *) attr) + rta_len,
721 attr->rta_len - rta_len, 1);
722 }
723 attr = RTA_NEXT(attr, attrlen);
724 }
725}
726
727
728static void wpa_driver_wext_rfkill_blocked(void *ctx)
729{
730 wpa_printf(MSG_DEBUG, "WEXT: RFKILL blocked");
731 /*
732 * This may be for any interface; use ifdown event to disable
733 * interface.
734 */
735}
736
737
738static void wpa_driver_wext_rfkill_unblocked(void *ctx)
739{
740 struct wpa_driver_wext_data *drv = ctx;
741 wpa_printf(MSG_DEBUG, "WEXT: RFKILL unblocked");
742 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1)) {
743 wpa_printf(MSG_DEBUG, "WEXT: Could not set interface UP "
744 "after rfkill unblock");
745 return;
746 }
747 /* rtnetlink ifup handler will report interface as enabled */
748}
749
750
751static void wext_get_phy_name(struct wpa_driver_wext_data *drv)
752{
753 /* Find phy (radio) to which this interface belongs */
754 char buf[90], *pos;
755 int f, rv;
756
757 drv->phyname[0] = '\0';
758 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name",
759 drv->ifname);
760 f = open(buf, O_RDONLY);
761 if (f < 0) {
762 wpa_printf(MSG_DEBUG, "Could not open file %s: %s",
763 buf, strerror(errno));
764 return;
765 }
766
767 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1);
768 close(f);
769 if (rv < 0) {
770 wpa_printf(MSG_DEBUG, "Could not read file %s: %s",
771 buf, strerror(errno));
772 return;
773 }
774
775 drv->phyname[rv] = '\0';
776 pos = os_strchr(drv->phyname, '\n');
777 if (pos)
778 *pos = '\0';
779 wpa_printf(MSG_DEBUG, "wext: interface %s phy: %s",
780 drv->ifname, drv->phyname);
781}
782
783
784/**
785 * wpa_driver_wext_init - Initialize WE driver interface
786 * @ctx: context to be used when calling wpa_supplicant functions,
787 * e.g., wpa_supplicant_event()
788 * @ifname: interface name, e.g., wlan0
789 * Returns: Pointer to private data, %NULL on failure
790 */
791void * wpa_driver_wext_init(void *ctx, const char *ifname)
792{
793 struct wpa_driver_wext_data *drv;
794 struct netlink_config *cfg;
795 struct rfkill_config *rcfg;
796 char path[128];
797 struct stat buf;
798
799 drv = os_zalloc(sizeof(*drv));
800 if (drv == NULL)
801 return NULL;
802 drv->ctx = ctx;
803 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
804
805 os_snprintf(path, sizeof(path), "/sys/class/net/%s/phy80211", ifname);
806 if (stat(path, &buf) == 0) {
807 wpa_printf(MSG_DEBUG, "WEXT: cfg80211-based driver detected");
808 drv->cfg80211 = 1;
809 wext_get_phy_name(drv);
810 }
811
812 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
813 if (drv->ioctl_sock < 0) {
814 perror("socket(PF_INET,SOCK_DGRAM)");
815 goto err1;
816 }
817
818 cfg = os_zalloc(sizeof(*cfg));
819 if (cfg == NULL)
820 goto err1;
821 cfg->ctx = drv;
822 cfg->newlink_cb = wpa_driver_wext_event_rtm_newlink;
823 cfg->dellink_cb = wpa_driver_wext_event_rtm_dellink;
824 drv->netlink = netlink_init(cfg);
825 if (drv->netlink == NULL) {
826 os_free(cfg);
827 goto err2;
828 }
829
830 rcfg = os_zalloc(sizeof(*rcfg));
831 if (rcfg == NULL)
832 goto err3;
833 rcfg->ctx = drv;
834 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
835 rcfg->blocked_cb = wpa_driver_wext_rfkill_blocked;
836 rcfg->unblocked_cb = wpa_driver_wext_rfkill_unblocked;
837 drv->rfkill = rfkill_init(rcfg);
838 if (drv->rfkill == NULL) {
839 wpa_printf(MSG_DEBUG, "WEXT: RFKILL status not available");
840 os_free(rcfg);
841 }
842
843 drv->mlme_sock = -1;
Dmitry Shmidt886c3ff2011-05-24 15:31:25 -0700[diff] [blame]844#ifdef ANDROID
845 drv->errors = 0;
846 drv->driver_is_started = TRUE;
847 drv->skip_disconnect = 0;
848 drv->bgscan_enabled = 0;
849#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]850
851 if (wpa_driver_wext_finish_drv_init(drv) < 0)
852 goto err3;
853
854 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 1);
855
856 return drv;
857
858err3:
859 rfkill_deinit(drv->rfkill);
860 netlink_deinit(drv->netlink);
861err2:
862 close(drv->ioctl_sock);
863err1:
864 os_free(drv);
865 return NULL;
866}
867
868
869static void wpa_driver_wext_send_rfkill(void *eloop_ctx, void *timeout_ctx)
870{
871 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
872}
873
874
875static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv)
876{
877 int send_rfkill_event = 0;
878
879 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1) < 0) {
880 if (rfkill_is_blocked(drv->rfkill)) {
881 wpa_printf(MSG_DEBUG, "WEXT: Could not yet enable "
882 "interface '%s' due to rfkill",
883 drv->ifname);
884 drv->if_disabled = 1;
885 send_rfkill_event = 1;
886 } else {
887 wpa_printf(MSG_ERROR, "WEXT: Could not set "
888 "interface '%s' UP", drv->ifname);
889 return -1;
890 }
891 }
892
893 /*
894 * Make sure that the driver does not have any obsolete PMKID entries.
895 */
896 wpa_driver_wext_flush_pmkid(drv);
897
898 if (wpa_driver_wext_set_mode(drv, 0) < 0) {
899 wpa_printf(MSG_DEBUG, "Could not configure driver to use "
900 "managed mode");
901 /* Try to use it anyway */
902 }
903
904 wpa_driver_wext_get_range(drv);
905
906 /*
907 * Unlock the driver's BSSID and force to a random SSID to clear any
908 * previous association the driver might have when the supplicant
909 * starts up.
910 */
911 wpa_driver_wext_disconnect(drv);
912
913 drv->ifindex = if_nametoindex(drv->ifname);
914
915 if (os_strncmp(drv->ifname, "wlan", 4) == 0) {
916 /*
917 * Host AP driver may use both wlan# and wifi# interface in
918 * wireless events. Since some of the versions included WE-18
919 * support, let's add the alternative ifindex also from
920 * driver_wext.c for the time being. This may be removed at
921 * some point once it is believed that old versions of the
922 * driver are not in use anymore.
923 */
924 char ifname2[IFNAMSIZ + 1];
925 os_strlcpy(ifname2, drv->ifname, sizeof(ifname2));
926 os_memcpy(ifname2, "wifi", 4);
927 wpa_driver_wext_alternative_ifindex(drv, ifname2);
928 }
929
930 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
931 1, IF_OPER_DORMANT);
932
933 if (send_rfkill_event) {
934 eloop_register_timeout(0, 0, wpa_driver_wext_send_rfkill,
935 drv, drv->ctx);
936 }
937
938 return 0;
939}
940
941
942/**
943 * wpa_driver_wext_deinit - Deinitialize WE driver interface
944 * @priv: Pointer to private wext data from wpa_driver_wext_init()
945 *
946 * Shut down driver interface and processing of driver events. Free
947 * private data buffer if one was allocated in wpa_driver_wext_init().
948 */
949void wpa_driver_wext_deinit(void *priv)
950{
951 struct wpa_driver_wext_data *drv = priv;
952
953 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 0);
954
955 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
956
957 /*
958 * Clear possibly configured driver parameters in order to make it
959 * easier to use the driver after wpa_supplicant has been terminated.
960 */
961 wpa_driver_wext_disconnect(drv);
962
963 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP);
964 netlink_deinit(drv->netlink);
965 rfkill_deinit(drv->rfkill);
966
967 if (drv->mlme_sock >= 0)
968 eloop_unregister_read_sock(drv->mlme_sock);
969
970 (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0);
971
972 close(drv->ioctl_sock);
973 if (drv->mlme_sock >= 0)
974 close(drv->mlme_sock);
975 os_free(drv->assoc_req_ies);
976 os_free(drv->assoc_resp_ies);
977 os_free(drv);
978}
979
980
981/**
982 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion
983 * @eloop_ctx: Unused
984 * @timeout_ctx: ctx argument given to wpa_driver_wext_init()
985 *
986 * This function can be used as registered timeout when starting a scan to
987 * generate a scan completed event if the driver does not report this.
988 */
989void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx)
990{
991 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
992 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
993}
994
995
996/**
997 * wpa_driver_wext_scan - Request the driver to initiate scan
998 * @priv: Pointer to private wext data from wpa_driver_wext_init()
999 * @param: Scan parameters (specific SSID to scan for (ProbeReq), etc.)
1000 * Returns: 0 on success, -1 on failure
1001 */
1002int wpa_driver_wext_scan(void *priv, struct wpa_driver_scan_params *params)
1003{
1004 struct wpa_driver_wext_data *drv = priv;
1005 struct iwreq iwr;
1006 int ret = 0, timeout;
1007 struct iw_scan_req req;
1008 const u8 *ssid = params->ssids[0].ssid;
1009 size_t ssid_len = params->ssids[0].ssid_len;
1010
Dmitry Shmidt886c3ff2011-05-24 15:31:25 -0700[diff] [blame]1011#ifdef ANDROID
1012 if (drv->capa.max_scan_ssids > 1) {
1013 ret = wpa_driver_wext_combo_scan(priv, params);
1014 goto scan_out;
1015 }
1016#endif
1017
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1018 if (ssid_len > IW_ESSID_MAX_SIZE) {
1019 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
1020 __FUNCTION__, (unsigned long) ssid_len);
1021 return -1;
1022 }
1023
1024 os_memset(&iwr, 0, sizeof(iwr));
1025 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1026
1027 if (ssid && ssid_len) {
1028 os_memset(&req, 0, sizeof(req));
1029 req.essid_len = ssid_len;
1030 req.bssid.sa_family = ARPHRD_ETHER;
1031 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
1032 os_memcpy(req.essid, ssid, ssid_len);
1033 iwr.u.data.pointer = (caddr_t) &req;
1034 iwr.u.data.length = sizeof(req);
1035 iwr.u.data.flags = IW_SCAN_THIS_ESSID;
1036 }
1037
1038 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
1039 perror("ioctl[SIOCSIWSCAN]");
1040 ret = -1;
1041 }
1042
Dmitry Shmidt886c3ff2011-05-24 15:31:25 -0700[diff] [blame]1043#ifdef ANDROID
1044scan_out:
1045#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1046 /* Not all drivers generate "scan completed" wireless event, so try to
1047 * read results after a timeout. */
Dmitry Shmidt886c3ff2011-05-24 15:31:25 -0700[diff] [blame]1048 timeout = 10;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1049 if (drv->scan_complete_events) {
1050 /*
1051 * The driver seems to deliver SIOCGIWSCAN events to notify
1052 * when scan is complete, so use longer timeout to avoid race
1053 * conditions with scanning and following association request.
1054 */
1055 timeout = 30;
1056 }
1057 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1058 "seconds", ret, timeout);
1059 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1060 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv,
1061 drv->ctx);
1062
1063 return ret;
1064}
1065
1066
1067static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv,
1068 size_t *len)
1069{
1070 struct iwreq iwr;
1071 u8 *res_buf;
1072 size_t res_buf_len;
1073
1074 res_buf_len = IW_SCAN_MAX_DATA;
1075 for (;;) {
1076 res_buf = os_malloc(res_buf_len);
1077 if (res_buf == NULL)
1078 return NULL;
1079 os_memset(&iwr, 0, sizeof(iwr));
1080 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1081 iwr.u.data.pointer = res_buf;
1082 iwr.u.data.length = res_buf_len;
1083
1084 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
1085 break;
1086
1087 if (errno == E2BIG && res_buf_len < 65535) {
1088 os_free(res_buf);
1089 res_buf = NULL;
1090 res_buf_len *= 2;
1091 if (res_buf_len > 65535)
1092 res_buf_len = 65535; /* 16-bit length field */
1093 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
1094 "trying larger buffer (%lu bytes)",
1095 (unsigned long) res_buf_len);
1096 } else {
1097 perror("ioctl[SIOCGIWSCAN]");
1098 os_free(res_buf);
1099 return NULL;
1100 }
1101 }
1102
1103 if (iwr.u.data.length > res_buf_len) {
1104 os_free(res_buf);
1105 return NULL;
1106 }
1107 *len = iwr.u.data.length;
1108
1109 return res_buf;
1110}
1111
1112
1113/*
1114 * Data structure for collecting WEXT scan results. This is needed to allow
1115 * the various methods of reporting IEs to be combined into a single IE buffer.
1116 */
1117struct wext_scan_data {
1118 struct wpa_scan_res res;
1119 u8 *ie;
1120 size_t ie_len;
1121 u8 ssid[32];
1122 size_t ssid_len;
1123 int maxrate;
1124};
1125
1126
1127static void wext_get_scan_mode(struct iw_event *iwe,
1128 struct wext_scan_data *res)
1129{
1130 if (iwe->u.mode == IW_MODE_ADHOC)
1131 res->res.caps |= IEEE80211_CAP_IBSS;
1132 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA)
1133 res->res.caps |= IEEE80211_CAP_ESS;
1134}
1135
1136
1137static void wext_get_scan_ssid(struct iw_event *iwe,
1138 struct wext_scan_data *res, char *custom,
1139 char *end)
1140{
1141 int ssid_len = iwe->u.essid.length;
1142 if (custom + ssid_len > end)
1143 return;
1144 if (iwe->u.essid.flags &&
1145 ssid_len > 0 &&
1146 ssid_len <= IW_ESSID_MAX_SIZE) {
1147 os_memcpy(res->ssid, custom, ssid_len);
1148 res->ssid_len = ssid_len;
1149 }
1150}
1151
1152
1153static void wext_get_scan_freq(struct iw_event *iwe,
1154 struct wext_scan_data *res)
1155{
1156 int divi = 1000000, i;
1157
1158 if (iwe->u.freq.e == 0) {
1159 /*
1160 * Some drivers do not report frequency, but a channel.
1161 * Try to map this to frequency by assuming they are using
1162 * IEEE 802.11b/g. But don't overwrite a previously parsed
1163 * frequency if the driver sends both frequency and channel,
1164 * since the driver may be sending an A-band channel that we
1165 * don't handle here.
1166 */
1167
1168 if (res->res.freq)
1169 return;
1170
1171 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
1172 res->res.freq = 2407 + 5 * iwe->u.freq.m;
1173 return;
1174 } else if (iwe->u.freq.m == 14) {
1175 res->res.freq = 2484;
1176 return;
1177 }
1178 }
1179
1180 if (iwe->u.freq.e > 6) {
1181 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID="
1182 MACSTR " m=%d e=%d)",
1183 MAC2STR(res->res.bssid), iwe->u.freq.m,
1184 iwe->u.freq.e);
1185 return;
1186 }
1187
1188 for (i = 0; i < iwe->u.freq.e; i++)
1189 divi /= 10;
1190 res->res.freq = iwe->u.freq.m / divi;
1191}
1192
1193
1194static void wext_get_scan_qual(struct wpa_driver_wext_data *drv,
1195 struct iw_event *iwe,
1196 struct wext_scan_data *res)
1197{
1198 res->res.qual = iwe->u.qual.qual;
1199 res->res.noise = iwe->u.qual.noise;
1200 res->res.level = iwe->u.qual.level;
1201 if (iwe->u.qual.updated & IW_QUAL_QUAL_INVALID)
1202 res->res.flags |= WPA_SCAN_QUAL_INVALID;
1203 if (iwe->u.qual.updated & IW_QUAL_LEVEL_INVALID)
1204 res->res.flags |= WPA_SCAN_LEVEL_INVALID;
1205 if (iwe->u.qual.updated & IW_QUAL_NOISE_INVALID)
1206 res->res.flags |= WPA_SCAN_NOISE_INVALID;
1207 if (iwe->u.qual.updated & IW_QUAL_DBM)
1208 res->res.flags |= WPA_SCAN_LEVEL_DBM;
1209 if ((iwe->u.qual.updated & IW_QUAL_DBM) ||
1210 ((iwe->u.qual.level != 0) &&
1211 (iwe->u.qual.level > drv->max_level))) {
1212 if (iwe->u.qual.level >= 64)
1213 res->res.level -= 0x100;
1214 if (iwe->u.qual.noise >= 64)
1215 res->res.noise -= 0x100;
1216 }
1217}
1218
1219
1220static void wext_get_scan_encode(struct iw_event *iwe,
1221 struct wext_scan_data *res)
1222{
1223 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED))
1224 res->res.caps |= IEEE80211_CAP_PRIVACY;
1225}
1226
1227
1228static void wext_get_scan_rate(struct iw_event *iwe,
1229 struct wext_scan_data *res, char *pos,
1230 char *end)
1231{
1232 int maxrate;
1233 char *custom = pos + IW_EV_LCP_LEN;
1234 struct iw_param p;
1235 size_t clen;
1236
1237 clen = iwe->len;
1238 if (custom + clen > end)
1239 return;
1240 maxrate = 0;
1241 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
1242 /* Note: may be misaligned, make a local, aligned copy */
1243 os_memcpy(&p, custom, sizeof(struct iw_param));
1244 if (p.value > maxrate)
1245 maxrate = p.value;
1246 clen -= sizeof(struct iw_param);
1247 custom += sizeof(struct iw_param);
1248 }
1249
1250 /* Convert the maxrate from WE-style (b/s units) to
1251 * 802.11 rates (500000 b/s units).
1252 */
1253 res->maxrate = maxrate / 500000;
1254}
1255
1256
1257static void wext_get_scan_iwevgenie(struct iw_event *iwe,
1258 struct wext_scan_data *res, char *custom,
1259 char *end)
1260{
1261 char *genie, *gpos, *gend;
1262 u8 *tmp;
1263
1264 if (iwe->u.data.length == 0)
1265 return;
1266
1267 gpos = genie = custom;
1268 gend = genie + iwe->u.data.length;
1269 if (gend > end) {
1270 wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1271 return;
1272 }
1273
1274 tmp = os_realloc(res->ie, res->ie_len + gend - gpos);
1275 if (tmp == NULL)
1276 return;
1277 os_memcpy(tmp + res->ie_len, gpos, gend - gpos);
1278 res->ie = tmp;
1279 res->ie_len += gend - gpos;
1280}
1281
1282
1283static void wext_get_scan_custom(struct iw_event *iwe,
1284 struct wext_scan_data *res, char *custom,
1285 char *end)
1286{
1287 size_t clen;
1288 u8 *tmp;
1289
1290 clen = iwe->u.data.length;
1291 if (custom + clen > end)
1292 return;
1293
1294 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
1295 char *spos;
1296 int bytes;
1297 spos = custom + 7;
1298 bytes = custom + clen - spos;
1299 if (bytes & 1 || bytes == 0)
1300 return;
1301 bytes /= 2;
1302 tmp = os_realloc(res->ie, res->ie_len + bytes);
1303 if (tmp == NULL)
1304 return;
1305 res->ie = tmp;
1306 if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0)
1307 return;
1308 res->ie_len += bytes;
1309 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) {
1310 char *spos;
1311 int bytes;
1312 spos = custom + 7;
1313 bytes = custom + clen - spos;
1314 if (bytes & 1 || bytes == 0)
1315 return;
1316 bytes /= 2;
1317 tmp = os_realloc(res->ie, res->ie_len + bytes);
1318 if (tmp == NULL)
1319 return;
1320 res->ie = tmp;
1321 if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0)
1322 return;
1323 res->ie_len += bytes;
1324 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) {
1325 char *spos;
1326 int bytes;
1327 u8 bin[8];
1328 spos = custom + 4;
1329 bytes = custom + clen - spos;
1330 if (bytes != 16) {
1331 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
1332 return;
1333 }
1334 bytes /= 2;
1335 if (hexstr2bin(spos, bin, bytes) < 0) {
1336 wpa_printf(MSG_DEBUG, "WEXT: Invalid TSF value");
1337 return;
1338 }
1339 res->res.tsf += WPA_GET_BE64(bin);
1340 }
1341}
1342
1343
1344static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd)
1345{
1346 return drv->we_version_compiled > 18 &&
1347 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE ||
1348 cmd == IWEVGENIE || cmd == IWEVCUSTOM);
1349}
1350
1351
1352static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res,
1353 struct wext_scan_data *data)
1354{
1355 struct wpa_scan_res **tmp;
1356 struct wpa_scan_res *r;
1357 size_t extra_len;
1358 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL;
1359
1360 /* Figure out whether we need to fake any IEs */
1361 pos = data->ie;
1362 end = pos + data->ie_len;
1363 while (pos && pos + 1 < end) {
1364 if (pos + 2 + pos[1] > end)
1365 break;
1366 if (pos[0] == WLAN_EID_SSID)
1367 ssid_ie = pos;
1368 else if (pos[0] == WLAN_EID_SUPP_RATES)
1369 rate_ie = pos;
1370 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES)
1371 rate_ie = pos;
1372 pos += 2 + pos[1];
1373 }
1374
1375 extra_len = 0;
1376 if (ssid_ie == NULL)
1377 extra_len += 2 + data->ssid_len;
1378 if (rate_ie == NULL && data->maxrate)
1379 extra_len += 3;
1380
1381 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len);
1382 if (r == NULL)
1383 return;
1384 os_memcpy(r, &data->res, sizeof(*r));
1385 r->ie_len = extra_len + data->ie_len;
1386 pos = (u8 *) (r + 1);
1387 if (ssid_ie == NULL) {
1388 /*
1389 * Generate a fake SSID IE since the driver did not report
1390 * a full IE list.
1391 */
1392 *pos++ = WLAN_EID_SSID;
1393 *pos++ = data->ssid_len;
1394 os_memcpy(pos, data->ssid, data->ssid_len);
1395 pos += data->ssid_len;
1396 }
1397 if (rate_ie == NULL && data->maxrate) {
1398 /*
1399 * Generate a fake Supported Rates IE since the driver did not
1400 * report a full IE list.
1401 */
1402 *pos++ = WLAN_EID_SUPP_RATES;
1403 *pos++ = 1;
1404 *pos++ = data->maxrate;
1405 }
1406 if (data->ie)
1407 os_memcpy(pos, data->ie, data->ie_len);
1408
1409 tmp = os_realloc(res->res,
1410 (res->num + 1) * sizeof(struct wpa_scan_res *));
1411 if (tmp == NULL) {
1412 os_free(r);
1413 return;
1414 }
1415 tmp[res->num++] = r;
1416 res->res = tmp;
1417}
1418
1419
1420/**
1421 * wpa_driver_wext_get_scan_results - Fetch the latest scan results
1422 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1423 * Returns: Scan results on success, -1 on failure
1424 */
1425struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv)
1426{
1427 struct wpa_driver_wext_data *drv = priv;
1428 size_t ap_num = 0, len;
1429 int first;
1430 u8 *res_buf;
1431 struct iw_event iwe_buf, *iwe = &iwe_buf;
1432 char *pos, *end, *custom;
1433 struct wpa_scan_results *res;
1434 struct wext_scan_data data;
1435
1436 res_buf = wpa_driver_wext_giwscan(drv, &len);
1437 if (res_buf == NULL)
1438 return NULL;
1439
1440 ap_num = 0;
1441 first = 1;
1442
1443 res = os_zalloc(sizeof(*res));
1444 if (res == NULL) {
1445 os_free(res_buf);
1446 return NULL;
1447 }
1448
1449 pos = (char *) res_buf;
1450 end = (char *) res_buf + len;
1451 os_memset(&data, 0, sizeof(data));
1452
1453 while (pos + IW_EV_LCP_LEN <= end) {
1454 /* Event data may be unaligned, so make a local, aligned copy
1455 * before processing. */
1456 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1457 if (iwe->len <= IW_EV_LCP_LEN)
1458 break;
1459
1460 custom = pos + IW_EV_POINT_LEN;
1461 if (wext_19_iw_point(drv, iwe->cmd)) {
1462 /* WE-19 removed the pointer from struct iw_point */
1463 char *dpos = (char *) &iwe_buf.u.data.length;
1464 int dlen = dpos - (char *) &iwe_buf;
1465 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1466 sizeof(struct iw_event) - dlen);
1467 } else {
1468 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1469 custom += IW_EV_POINT_OFF;
1470 }
1471
1472 switch (iwe->cmd) {
1473 case SIOCGIWAP:
1474 if (!first)
1475 wpa_driver_wext_add_scan_entry(res, &data);
1476 first = 0;
1477 os_free(data.ie);
1478 os_memset(&data, 0, sizeof(data));
1479 os_memcpy(data.res.bssid,
1480 iwe->u.ap_addr.sa_data, ETH_ALEN);
1481 break;
1482 case SIOCGIWMODE:
1483 wext_get_scan_mode(iwe, &data);
1484 break;
1485 case SIOCGIWESSID:
1486 wext_get_scan_ssid(iwe, &data, custom, end);
1487 break;
1488 case SIOCGIWFREQ:
1489 wext_get_scan_freq(iwe, &data);
1490 break;
1491 case IWEVQUAL:
1492 wext_get_scan_qual(drv, iwe, &data);
1493 break;
1494 case SIOCGIWENCODE:
1495 wext_get_scan_encode(iwe, &data);
1496 break;
1497 case SIOCGIWRATE:
1498 wext_get_scan_rate(iwe, &data, pos, end);
1499 break;
1500 case IWEVGENIE:
1501 wext_get_scan_iwevgenie(iwe, &data, custom, end);
1502 break;
1503 case IWEVCUSTOM:
1504 wext_get_scan_custom(iwe, &data, custom, end);
1505 break;
1506 }
1507
1508 pos += iwe->len;
1509 }
1510 os_free(res_buf);
1511 res_buf = NULL;
1512 if (!first)
1513 wpa_driver_wext_add_scan_entry(res, &data);
1514 os_free(data.ie);
1515
1516 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1517 (unsigned long) len, (unsigned long) res->num);
1518
1519 return res;
1520}
1521
1522
1523static int wpa_driver_wext_get_range(void *priv)
1524{
1525 struct wpa_driver_wext_data *drv = priv;
1526 struct iw_range *range;
1527 struct iwreq iwr;
1528 int minlen;
1529 size_t buflen;
1530
1531 /*
1532 * Use larger buffer than struct iw_range in order to allow the
1533 * structure to grow in the future.
1534 */
1535 buflen = sizeof(struct iw_range) + 500;
1536 range = os_zalloc(buflen);
1537 if (range == NULL)
1538 return -1;
1539
1540 os_memset(&iwr, 0, sizeof(iwr));
1541 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1542 iwr.u.data.pointer = (caddr_t) range;
1543 iwr.u.data.length = buflen;
1544
1545 minlen = ((char *) &range->enc_capa) - (char *) range +
1546 sizeof(range->enc_capa);
1547
1548 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1549 perror("ioctl[SIOCGIWRANGE]");
1550 os_free(range);
1551 return -1;
1552 } else if (iwr.u.data.length >= minlen &&
1553 range->we_version_compiled >= 18) {
1554 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1555 "WE(source)=%d enc_capa=0x%x",
1556 range->we_version_compiled,
1557 range->we_version_source,
1558 range->enc_capa);
1559 drv->has_capability = 1;
1560 drv->we_version_compiled = range->we_version_compiled;
1561 if (range->enc_capa & IW_ENC_CAPA_WPA) {
1562 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1563 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1564 }
1565 if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1566 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1567 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1568 }
1569 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1570 WPA_DRIVER_CAPA_ENC_WEP104;
1571 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1572 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1573 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1574 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1575 if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE)
1576 drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
1577 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1578 WPA_DRIVER_AUTH_SHARED |
1579 WPA_DRIVER_AUTH_LEAP;
Dmitry Shmidt886c3ff2011-05-24 15:31:25 -0700[diff] [blame]1580#ifdef ANDROID
1581 drv->capa.max_scan_ssids = WEXT_CSCAN_AMOUNT;
1582#else
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1583 drv->capa.max_scan_ssids = 1;
Dmitry Shmidt886c3ff2011-05-24 15:31:25 -0700[diff] [blame]1584#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1585
1586 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x "
1587 "flags 0x%x",
1588 drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags);
1589 } else {
1590 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1591 "assuming WPA is not supported");
1592 }
1593
1594 drv->max_level = range->max_qual.level;
1595
1596 os_free(range);
1597 return 0;
1598}
1599
1600
1601static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv,
1602 const u8 *psk)
1603{
1604 struct iw_encode_ext *ext;
1605 struct iwreq iwr;
1606 int ret;
1607
1608 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1609
1610 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1611 return 0;
1612
1613 if (!psk)
1614 return 0;
1615
1616 os_memset(&iwr, 0, sizeof(iwr));
1617 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1618
1619 ext = os_zalloc(sizeof(*ext) + PMK_LEN);
1620 if (ext == NULL)
1621 return -1;
1622
1623 iwr.u.encoding.pointer = (caddr_t) ext;
1624 iwr.u.encoding.length = sizeof(*ext) + PMK_LEN;
1625 ext->key_len = PMK_LEN;
1626 os_memcpy(&ext->key, psk, ext->key_len);
1627 ext->alg = IW_ENCODE_ALG_PMK;
1628
1629 ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr);
1630 if (ret < 0)
1631 perror("ioctl[SIOCSIWENCODEEXT] PMK");
1632 os_free(ext);
1633
1634 return ret;
1635}
1636
1637
1638static int wpa_driver_wext_set_key_ext(void *priv, enum wpa_alg alg,
1639 const u8 *addr, int key_idx,
1640 int set_tx, const u8 *seq,
1641 size_t seq_len,
1642 const u8 *key, size_t key_len)
1643{
1644 struct wpa_driver_wext_data *drv = priv;
1645 struct iwreq iwr;
1646 int ret = 0;
1647 struct iw_encode_ext *ext;
1648
1649 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) {
1650 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu",
1651 __FUNCTION__, (unsigned long) seq_len);
1652 return -1;
1653 }
1654
1655 ext = os_zalloc(sizeof(*ext) + key_len);
1656 if (ext == NULL)
1657 return -1;
1658 os_memset(&iwr, 0, sizeof(iwr));
1659 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1660 iwr.u.encoding.flags = key_idx + 1;
1661 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1662 if (alg == WPA_ALG_NONE)
1663 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1664 iwr.u.encoding.pointer = (caddr_t) ext;
1665 iwr.u.encoding.length = sizeof(*ext) + key_len;
1666
1667 if (addr == NULL || is_broadcast_ether_addr(addr))
1668 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
1669 if (set_tx)
1670 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
1671
1672 ext->addr.sa_family = ARPHRD_ETHER;
1673 if (addr)
1674 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN);
1675 else
1676 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN);
1677 if (key && key_len) {
1678 os_memcpy(ext + 1, key, key_len);
1679 ext->key_len = key_len;
1680 }
1681 switch (alg) {
1682 case WPA_ALG_NONE:
1683 ext->alg = IW_ENCODE_ALG_NONE;
1684 break;
1685 case WPA_ALG_WEP:
1686 ext->alg = IW_ENCODE_ALG_WEP;
1687 break;
1688 case WPA_ALG_TKIP:
1689 ext->alg = IW_ENCODE_ALG_TKIP;
1690 break;
1691 case WPA_ALG_CCMP:
1692 ext->alg = IW_ENCODE_ALG_CCMP;
1693 break;
1694 case WPA_ALG_PMK:
1695 ext->alg = IW_ENCODE_ALG_PMK;
1696 break;
1697#ifdef CONFIG_IEEE80211W
1698 case WPA_ALG_IGTK:
1699 ext->alg = IW_ENCODE_ALG_AES_CMAC;
1700 break;
1701#endif /* CONFIG_IEEE80211W */
1702 default:
1703 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d",
1704 __FUNCTION__, alg);
1705 os_free(ext);
1706 return -1;
1707 }
1708
1709 if (seq && seq_len) {
1710 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID;
1711 os_memcpy(ext->rx_seq, seq, seq_len);
1712 }
1713
1714 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) {
1715 ret = errno == EOPNOTSUPP ? -2 : -1;
1716 if (errno == ENODEV) {
1717 /*
1718 * ndiswrapper seems to be returning incorrect error
1719 * code.. */
1720 ret = -2;
1721 }
1722
1723 perror("ioctl[SIOCSIWENCODEEXT]");
1724 }
1725
1726 os_free(ext);
1727 return ret;
1728}
1729
1730
1731/**
1732 * wpa_driver_wext_set_key - Configure encryption key
1733 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1734 * @priv: Private driver interface data
1735 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
1736 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key.
1737 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for
1738 * broadcast/default keys
1739 * @key_idx: key index (0..3), usually 0 for unicast keys
1740 * @set_tx: Configure this key as the default Tx key (only used when
1741 * driver does not support separate unicast/individual key
1742 * @seq: Sequence number/packet number, seq_len octets, the next
1743 * packet number to be used for in replay protection; configured
1744 * for Rx keys (in most cases, this is only used with broadcast
1745 * keys and set to zero for unicast keys)
1746 * @seq_len: Length of the seq, depends on the algorithm:
1747 * TKIP: 6 octets, CCMP: 6 octets
1748 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
1749 * 8-byte Rx Mic Key
1750 * @key_len: Length of the key buffer in octets (WEP: 5 or 13,
1751 * TKIP: 32, CCMP: 16)
1752 * Returns: 0 on success, -1 on failure
1753 *
1754 * This function uses SIOCSIWENCODEEXT by default, but tries to use
1755 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key.
1756 */
1757int wpa_driver_wext_set_key(const char *ifname, void *priv, enum wpa_alg alg,
1758 const u8 *addr, int key_idx,
1759 int set_tx, const u8 *seq, size_t seq_len,
1760 const u8 *key, size_t key_len)
1761{
1762 struct wpa_driver_wext_data *drv = priv;
1763 struct iwreq iwr;
1764 int ret = 0;
1765
1766 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu "
1767 "key_len=%lu",
1768 __FUNCTION__, alg, key_idx, set_tx,
1769 (unsigned long) seq_len, (unsigned long) key_len);
1770
1771 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx,
1772 seq, seq_len, key, key_len);
1773 if (ret == 0)
1774 return 0;
1775
1776 if (ret == -2 &&
1777 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) {
1778 wpa_printf(MSG_DEBUG, "Driver did not support "
1779 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE");
1780 ret = 0;
1781 } else {
1782 wpa_printf(MSG_DEBUG, "Driver did not support "
1783 "SIOCSIWENCODEEXT");
1784 return ret;
1785 }
1786
1787 os_memset(&iwr, 0, sizeof(iwr));
1788 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1789 iwr.u.encoding.flags = key_idx + 1;
1790 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1791 if (alg == WPA_ALG_NONE)
1792 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1793 iwr.u.encoding.pointer = (caddr_t) key;
1794 iwr.u.encoding.length = key_len;
1795
1796 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1797 perror("ioctl[SIOCSIWENCODE]");
1798 ret = -1;
1799 }
1800
1801 if (set_tx && alg != WPA_ALG_NONE) {
1802 os_memset(&iwr, 0, sizeof(iwr));
1803 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1804 iwr.u.encoding.flags = key_idx + 1;
1805 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1806 iwr.u.encoding.pointer = (caddr_t) NULL;
1807 iwr.u.encoding.length = 0;
1808 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1809 perror("ioctl[SIOCSIWENCODE] (set_tx)");
1810 ret = -1;
1811 }
1812 }
1813
1814 return ret;
1815}
1816
1817
1818static int wpa_driver_wext_set_countermeasures(void *priv,
1819 int enabled)
1820{
1821 struct wpa_driver_wext_data *drv = priv;
1822 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1823 return wpa_driver_wext_set_auth_param(drv,
1824 IW_AUTH_TKIP_COUNTERMEASURES,
1825 enabled);
1826}
1827
1828
1829static int wpa_driver_wext_set_drop_unencrypted(void *priv,
1830 int enabled)
1831{
1832 struct wpa_driver_wext_data *drv = priv;
1833 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1834 drv->use_crypt = enabled;
1835 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
1836 enabled);
1837}
1838
1839
1840static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv,
1841 const u8 *addr, int cmd, int reason_code)
1842{
1843 struct iwreq iwr;
1844 struct iw_mlme mlme;
1845 int ret = 0;
1846
1847 os_memset(&iwr, 0, sizeof(iwr));
1848 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1849 os_memset(&mlme, 0, sizeof(mlme));
1850 mlme.cmd = cmd;
1851 mlme.reason_code = reason_code;
1852 mlme.addr.sa_family = ARPHRD_ETHER;
1853 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
1854 iwr.u.data.pointer = (caddr_t) &mlme;
1855 iwr.u.data.length = sizeof(mlme);
1856
1857 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
1858 perror("ioctl[SIOCSIWMLME]");
1859 ret = -1;
1860 }
1861
1862 return ret;
1863}
1864
1865
1866static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv)
1867{
1868 struct iwreq iwr;
1869 const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
1870 u8 ssid[32];
1871 int i;
1872
1873 /*
1874 * Only force-disconnect when the card is in infrastructure mode,
1875 * otherwise the driver might interpret the cleared BSSID and random
1876 * SSID as an attempt to create a new ad-hoc network.
1877 */
1878 os_memset(&iwr, 0, sizeof(iwr));
1879 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1880 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
1881 perror("ioctl[SIOCGIWMODE]");
1882 iwr.u.mode = IW_MODE_INFRA;
1883 }
1884
1885 if (iwr.u.mode == IW_MODE_INFRA) {
1886 if (drv->cfg80211) {
1887 /*
1888 * cfg80211 supports SIOCSIWMLME commands, so there is
1889 * no need for the random SSID hack, but clear the
1890 * BSSID and SSID.
1891 */
1892 if (wpa_driver_wext_set_bssid(drv, null_bssid) < 0 ||
Dmitry Shmidt886c3ff2011-05-24 15:31:25 -0700[diff] [blame]1893#ifdef ANDROID
1894 0) {
1895#else
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1896 wpa_driver_wext_set_ssid(drv, (u8 *) "", 0) < 0) {
Dmitry Shmidt886c3ff2011-05-24 15:31:25 -0700[diff] [blame]1897#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1898 wpa_printf(MSG_DEBUG, "WEXT: Failed to clear "
1899 "to disconnect");
1900 }
1901 return;
1902 }
1903 /*
1904 * Clear the BSSID selection and set a random SSID to make sure
1905 * the driver will not be trying to associate with something
1906 * even if it does not understand SIOCSIWMLME commands (or
1907 * tries to associate automatically after deauth/disassoc).
1908 */
1909 for (i = 0; i < 32; i++)
1910 ssid[i] = rand() & 0xFF;
1911 if (wpa_driver_wext_set_bssid(drv, null_bssid) < 0 ||
Dmitry Shmidt886c3ff2011-05-24 15:31:25 -0700[diff] [blame]1912#ifdef ANDROID
1913 0) {
1914#else
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1915 wpa_driver_wext_set_ssid(drv, ssid, 32) < 0) {
Dmitry Shmidt886c3ff2011-05-24 15:31:25 -0700[diff] [blame]1916#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1917 wpa_printf(MSG_DEBUG, "WEXT: Failed to set bogus "
1918 "BSSID/SSID to disconnect");
1919 }
1920 }
1921}
1922
1923
1924static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr,
1925 int reason_code)
1926{
1927 struct wpa_driver_wext_data *drv = priv;
1928 int ret;
1929 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1930 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
1931 wpa_driver_wext_disconnect(drv);
1932 return ret;
1933}
1934
1935
1936static int wpa_driver_wext_disassociate(void *priv, const u8 *addr,
1937 int reason_code)
1938{
1939 struct wpa_driver_wext_data *drv = priv;
1940 int ret;
1941 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1942 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC, reason_code);
1943 wpa_driver_wext_disconnect(drv);
1944 return ret;
1945}
1946
1947
1948static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
1949 size_t ie_len)
1950{
1951 struct wpa_driver_wext_data *drv = priv;
1952 struct iwreq iwr;
1953 int ret = 0;
1954
1955 os_memset(&iwr, 0, sizeof(iwr));
1956 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1957 iwr.u.data.pointer = (caddr_t) ie;
1958 iwr.u.data.length = ie_len;
1959
1960 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
1961 perror("ioctl[SIOCSIWGENIE]");
1962 ret = -1;
1963 }
1964
1965 return ret;
1966}
1967
1968
1969int wpa_driver_wext_cipher2wext(int cipher)
1970{
1971 switch (cipher) {
1972 case CIPHER_NONE:
1973 return IW_AUTH_CIPHER_NONE;
1974 case CIPHER_WEP40:
1975 return IW_AUTH_CIPHER_WEP40;
1976 case CIPHER_TKIP:
1977 return IW_AUTH_CIPHER_TKIP;
1978 case CIPHER_CCMP:
1979 return IW_AUTH_CIPHER_CCMP;
1980 case CIPHER_WEP104:
1981 return IW_AUTH_CIPHER_WEP104;
1982 default:
1983 return 0;
1984 }
1985}
1986
1987
1988int wpa_driver_wext_keymgmt2wext(int keymgmt)
1989{
1990 switch (keymgmt) {
1991 case KEY_MGMT_802_1X:
1992 case KEY_MGMT_802_1X_NO_WPA:
1993 return IW_AUTH_KEY_MGMT_802_1X;
1994 case KEY_MGMT_PSK:
1995 return IW_AUTH_KEY_MGMT_PSK;
1996 default:
1997 return 0;
1998 }
1999}
2000
2001
2002static int
2003wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv,
2004 struct wpa_driver_associate_params *params)
2005{
2006 struct iwreq iwr;
2007 int ret = 0;
2008
2009 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
2010 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
2011
2012 os_memset(&iwr, 0, sizeof(iwr));
2013 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2014 /* Just changing mode, not actual keys */
2015 iwr.u.encoding.flags = 0;
2016 iwr.u.encoding.pointer = (caddr_t) NULL;
2017 iwr.u.encoding.length = 0;
2018
2019 /*
2020 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
2021 * different things. Here they are used to indicate Open System vs.
2022 * Shared Key authentication algorithm. However, some drivers may use
2023 * them to select between open/restricted WEP encrypted (open = allow
2024 * both unencrypted and encrypted frames; restricted = only allow
2025 * encrypted frames).
2026 */
2027
2028 if (!drv->use_crypt) {
2029 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
2030 } else {
2031 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
2032 iwr.u.encoding.flags |= IW_ENCODE_OPEN;
2033 if (params->auth_alg & WPA_AUTH_ALG_SHARED)
2034 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
2035 }
2036
2037 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
2038 perror("ioctl[SIOCSIWENCODE]");
2039 ret = -1;
2040 }
2041
2042 return ret;
2043}
2044
2045
2046int wpa_driver_wext_associate(void *priv,
2047 struct wpa_driver_associate_params *params)
2048{
2049 struct wpa_driver_wext_data *drv = priv;
2050 int ret = 0;
2051 int allow_unencrypted_eapol;
2052 int value;
2053
2054 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
Dmitry Shmidt29991f42011-05-24 15:40:26 -0700[diff] [blame]2055#ifdef ANDROID
2056 drv->skip_disconnect = 0;
2057#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2058 if (drv->cfg80211) {
2059 /*
2060 * Stop cfg80211 from trying to associate before we are done
2061 * with all parameters.
2062 */
2063 wpa_driver_wext_set_ssid(drv, (u8 *) "", 0);
2064 }
2065
2066 if (wpa_driver_wext_set_drop_unencrypted(drv, params->drop_unencrypted)
2067 < 0)
2068 ret = -1;
2069 if (wpa_driver_wext_set_auth_alg(drv, params->auth_alg) < 0)
2070 ret = -1;
2071 if (wpa_driver_wext_set_mode(drv, params->mode) < 0)
2072 ret = -1;
2073
2074 /*
2075 * If the driver did not support SIOCSIWAUTH, fallback to
2076 * SIOCSIWENCODE here.
2077 */
2078 if (drv->auth_alg_fallback &&
2079 wpa_driver_wext_auth_alg_fallback(drv, params) < 0)
2080 ret = -1;
2081
2082 if (!params->bssid &&
2083 wpa_driver_wext_set_bssid(drv, NULL) < 0)
2084 ret = -1;
2085
2086 /* TODO: should consider getting wpa version and cipher/key_mgmt suites
2087 * from configuration, not from here, where only the selected suite is
2088 * available */
2089 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
2090 < 0)
2091 ret = -1;
2092 if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
2093 value = IW_AUTH_WPA_VERSION_DISABLED;
2094 else if (params->wpa_ie[0] == WLAN_EID_RSN)
2095 value = IW_AUTH_WPA_VERSION_WPA2;
2096 else
2097 value = IW_AUTH_WPA_VERSION_WPA;
2098 if (wpa_driver_wext_set_auth_param(drv,
2099 IW_AUTH_WPA_VERSION, value) < 0)
2100 ret = -1;
2101 value = wpa_driver_wext_cipher2wext(params->pairwise_suite);
2102 if (wpa_driver_wext_set_auth_param(drv,
2103 IW_AUTH_CIPHER_PAIRWISE, value) < 0)
2104 ret = -1;
2105 value = wpa_driver_wext_cipher2wext(params->group_suite);
2106 if (wpa_driver_wext_set_auth_param(drv,
2107 IW_AUTH_CIPHER_GROUP, value) < 0)
2108 ret = -1;
2109 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite);
2110 if (wpa_driver_wext_set_auth_param(drv,
2111 IW_AUTH_KEY_MGMT, value) < 0)
2112 ret = -1;
2113 value = params->key_mgmt_suite != KEY_MGMT_NONE ||
2114 params->pairwise_suite != CIPHER_NONE ||
2115 params->group_suite != CIPHER_NONE ||
2116 params->wpa_ie_len;
2117 if (wpa_driver_wext_set_auth_param(drv,
2118 IW_AUTH_PRIVACY_INVOKED, value) < 0)
2119 ret = -1;
2120
2121 /* Allow unencrypted EAPOL messages even if pairwise keys are set when
2122 * not using WPA. IEEE 802.1X specifies that these frames are not
2123 * encrypted, but WPA encrypts them when pairwise keys are in use. */
2124 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
2125 params->key_mgmt_suite == KEY_MGMT_PSK)
2126 allow_unencrypted_eapol = 0;
2127 else
2128 allow_unencrypted_eapol = 1;
2129
2130 if (wpa_driver_wext_set_psk(drv, params->psk) < 0)
2131 ret = -1;
2132 if (wpa_driver_wext_set_auth_param(drv,
2133 IW_AUTH_RX_UNENCRYPTED_EAPOL,
2134 allow_unencrypted_eapol) < 0)
2135 ret = -1;
2136#ifdef CONFIG_IEEE80211W
2137 switch (params->mgmt_frame_protection) {
2138 case NO_MGMT_FRAME_PROTECTION:
2139 value = IW_AUTH_MFP_DISABLED;
2140 break;
2141 case MGMT_FRAME_PROTECTION_OPTIONAL:
2142 value = IW_AUTH_MFP_OPTIONAL;
2143 break;
2144 case MGMT_FRAME_PROTECTION_REQUIRED:
2145 value = IW_AUTH_MFP_REQUIRED;
2146 break;
2147 };
2148 if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0)
2149 ret = -1;
2150#endif /* CONFIG_IEEE80211W */
2151 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0)
2152 ret = -1;
2153 if (!drv->cfg80211 &&
2154 wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2155 ret = -1;
2156 if (params->bssid &&
2157 wpa_driver_wext_set_bssid(drv, params->bssid) < 0)
2158 ret = -1;
2159 if (drv->cfg80211 &&
2160 wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2161 ret = -1;
2162
2163 return ret;
2164}
2165
2166
2167static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
2168{
2169 struct wpa_driver_wext_data *drv = priv;
2170 int algs = 0, res;
2171
2172 if (auth_alg & WPA_AUTH_ALG_OPEN)
2173 algs |= IW_AUTH_ALG_OPEN_SYSTEM;
2174 if (auth_alg & WPA_AUTH_ALG_SHARED)
2175 algs |= IW_AUTH_ALG_SHARED_KEY;
2176 if (auth_alg & WPA_AUTH_ALG_LEAP)
2177 algs |= IW_AUTH_ALG_LEAP;
2178 if (algs == 0) {
2179 /* at least one algorithm should be set */
2180 algs = IW_AUTH_ALG_OPEN_SYSTEM;
2181 }
2182
2183 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
2184 algs);
2185 drv->auth_alg_fallback = res == -2;
2186 return res;
2187}
2188
2189
2190/**
2191 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
2192 * @priv: Pointer to private wext data from wpa_driver_wext_init()
2193 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2194 * Returns: 0 on success, -1 on failure
2195 */
2196int wpa_driver_wext_set_mode(void *priv, int mode)
2197{
2198 struct wpa_driver_wext_data *drv = priv;
2199 struct iwreq iwr;
2200 int ret = -1;
2201 unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA;
2202
2203 os_memset(&iwr, 0, sizeof(iwr));
2204 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2205 iwr.u.mode = new_mode;
2206 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) {
2207 ret = 0;
2208 goto done;
2209 }
2210
2211 if (errno != EBUSY) {
2212 perror("ioctl[SIOCSIWMODE]");
2213 goto done;
2214 }
2215
2216 /* mac80211 doesn't allow mode changes while the device is up, so if
2217 * the device isn't in the mode we're about to change to, take device
2218 * down, try to set the mode again, and bring it back up.
2219 */
2220 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
2221 perror("ioctl[SIOCGIWMODE]");
2222 goto done;
2223 }
2224
2225 if (iwr.u.mode == new_mode) {
2226 ret = 0;
2227 goto done;
2228 }
2229
2230 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0) == 0) {
2231 /* Try to set the mode again while the interface is down */
2232 iwr.u.mode = new_mode;
2233 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0)
2234 perror("ioctl[SIOCSIWMODE]");
2235 else
2236 ret = 0;
2237
2238 (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1);
2239 }
2240
2241done:
2242 return ret;
2243}
2244
2245
2246static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv,
2247 u32 cmd, const u8 *bssid, const u8 *pmkid)
2248{
2249 struct iwreq iwr;
2250 struct iw_pmksa pmksa;
2251 int ret = 0;
2252
2253 os_memset(&iwr, 0, sizeof(iwr));
2254 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2255 os_memset(&pmksa, 0, sizeof(pmksa));
2256 pmksa.cmd = cmd;
2257 pmksa.bssid.sa_family = ARPHRD_ETHER;
2258 if (bssid)
2259 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2260 if (pmkid)
2261 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2262 iwr.u.data.pointer = (caddr_t) &pmksa;
2263 iwr.u.data.length = sizeof(pmksa);
2264
2265 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2266 if (errno != EOPNOTSUPP)
2267 perror("ioctl[SIOCSIWPMKSA]");
2268 ret = -1;
2269 }
2270
2271 return ret;
2272}
2273
2274
2275static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid,
2276 const u8 *pmkid)
2277{
2278 struct wpa_driver_wext_data *drv = priv;
2279 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
2280}
2281
2282
2283static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid,
2284 const u8 *pmkid)
2285{
2286 struct wpa_driver_wext_data *drv = priv;
2287 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
2288}
2289
2290
2291static int wpa_driver_wext_flush_pmkid(void *priv)
2292{
2293 struct wpa_driver_wext_data *drv = priv;
2294 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2295}
2296
2297
2298int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa)
2299{
2300 struct wpa_driver_wext_data *drv = priv;
2301 if (!drv->has_capability)
2302 return -1;
2303 os_memcpy(capa, &drv->capa, sizeof(*capa));
2304 return 0;
2305}
2306
2307
2308int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
2309 const char *ifname)
2310{
2311 if (ifname == NULL) {
2312 drv->ifindex2 = -1;
2313 return 0;
2314 }
2315
2316 drv->ifindex2 = if_nametoindex(ifname);
2317 if (drv->ifindex2 <= 0)
2318 return -1;
2319
2320 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for "
2321 "wireless events", drv->ifindex2, ifname);
2322
2323 return 0;
2324}
2325
2326
2327int wpa_driver_wext_set_operstate(void *priv, int state)
2328{
2329 struct wpa_driver_wext_data *drv = priv;
2330
2331 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2332 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2333 drv->operstate = state;
2334 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
2335 state ? IF_OPER_UP : IF_OPER_DORMANT);
2336}
2337
2338
2339int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv)
2340{
2341 return drv->we_version_compiled;
2342}
2343
2344
2345static const char * wext_get_radio_name(void *priv)
2346{
2347 struct wpa_driver_wext_data *drv = priv;
2348 return drv->phyname;
2349}
2350
2351
2352const struct wpa_driver_ops wpa_driver_wext_ops = {
2353 .name = "wext",
2354 .desc = "Linux wireless extensions (generic)",
2355 .get_bssid = wpa_driver_wext_get_bssid,
2356 .get_ssid = wpa_driver_wext_get_ssid,
2357 .set_key = wpa_driver_wext_set_key,
2358 .set_countermeasures = wpa_driver_wext_set_countermeasures,
2359 .scan2 = wpa_driver_wext_scan,
2360 .get_scan_results2 = wpa_driver_wext_get_scan_results,
2361 .deauthenticate = wpa_driver_wext_deauthenticate,
2362 .disassociate = wpa_driver_wext_disassociate,
2363 .associate = wpa_driver_wext_associate,
2364 .init = wpa_driver_wext_init,
2365 .deinit = wpa_driver_wext_deinit,
2366 .add_pmkid = wpa_driver_wext_add_pmkid,
2367 .remove_pmkid = wpa_driver_wext_remove_pmkid,
2368 .flush_pmkid = wpa_driver_wext_flush_pmkid,
2369 .get_capa = wpa_driver_wext_get_capa,
2370 .set_operstate = wpa_driver_wext_set_operstate,
2371 .get_radio_name = wext_get_radio_name,
Dmitry Shmidt886c3ff2011-05-24 15:31:25 -0700[diff] [blame]2372#ifdef ANDROID
2373 .driver_cmd = wpa_driver_wext_driver_cmd,
2374#endif
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2375};