2 * hostapd / Driver interaction with Atheros driver
3 * Copyright (c) 2004, Sam Leffler <sam@errno.com>
4 * Copyright (c) 2004, Video54 Technologies
5 * Copyright (c) 2005-2007, Jouni Malinen <j@w1.fi>
6 * Copyright (c) 2009, Atheros Communications
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
12 * Alternatively, this software may be distributed under the terms of BSD
15 * See README and COPYING for more details.
20 #include <sys/ioctl.h>
24 #ifdef WORDS_BIGENDIAN
25 #define _BYTE_ORDER _BIG_ENDIAN
27 #define _BYTE_ORDER _LITTLE_ENDIAN
29 #endif /* _BYTE_ORDER */
31 #include <net80211/ieee80211.h>
32 #include <net80211/_ieee80211.h>
33 #include <net80211/ieee80211_crypto.h>
36 * Note, the ATH_WPS_IE setting must match with the driver build.. If the
37 * driver does not include this, the IEEE80211_IOCTL_GETWPAIE ioctl will fail.
40 #include <net80211/ieee80211_ioctl.h>
43 #ifdef IEEE80211_IOCTL_FILTERFRAME
44 #include <netpacket/packet.h>
46 #ifndef ETH_P_80211_RAW
47 #define ETH_P_80211_RAW 0x0019
49 #endif /* IEEE80211_IOCTL_FILTERFRAME */
50 #endif /* CONFIG_WPS */
53 * Avoid conflicts with hostapd definitions by undefining couple of defines
54 * from madwifi header files.
59 #include "wireless_copy.h"
63 #include "priv_netlink.h"
64 #include "l2_packet/l2_packet.h"
65 #include "common/ieee802_11_defs.h"
67 #include "linux_ioctl.h"
70 struct madwifi_driver_data {
71 struct hostapd_data *hapd; /* back pointer */
73 char iface[IFNAMSIZ + 1];
75 struct l2_packet_data *sock_xmit; /* raw packet xmit socket */
76 struct l2_packet_data *sock_recv; /* raw packet recv socket */
77 int ioctl_sock; /* socket for ioctl() use */
78 struct netlink_data *netlink;
80 u8 acct_mac[ETH_ALEN];
81 struct hostap_sta_driver_data acct_data;
83 struct l2_packet_data *sock_raw; /* raw 802.11 management frames */
86 static int madwifi_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
90 set80211priv(struct madwifi_driver_data *drv, int op, void *data, int len)
93 int do_inline = len < IFNAMSIZ;
95 /* Certain ioctls must use the non-inlined method */
96 if (op == IEEE80211_IOCTL_SET_APPIEBUF ||
97 op == IEEE80211_IOCTL_FILTERFRAME)
100 memset(&iwr, 0, sizeof(iwr));
101 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
104 * Argument data fits inline; put it there.
106 memcpy(iwr.u.name, data, len);
109 * Argument data too big for inline transfer; setup a
110 * parameter block instead; the kernel will transfer
111 * the data for the driver.
113 iwr.u.data.pointer = data;
114 iwr.u.data.length = len;
117 if (ioctl(drv->ioctl_sock, op, &iwr) < 0) {
118 int first = IEEE80211_IOCTL_SETPARAM;
119 static const char *opnames[] = {
120 "ioctl[IEEE80211_IOCTL_SETPARAM]",
121 "ioctl[IEEE80211_IOCTL_GETPARAM]",
122 "ioctl[IEEE80211_IOCTL_SETKEY]",
123 "ioctl[IEEE80211_IOCTL_SETWMMPARAMS]",
124 "ioctl[IEEE80211_IOCTL_DELKEY]",
125 "ioctl[IEEE80211_IOCTL_GETWMMPARAMS]",
126 "ioctl[IEEE80211_IOCTL_SETMLME]",
127 "ioctl[IEEE80211_IOCTL_GETCHANINFO]",
128 "ioctl[IEEE80211_IOCTL_SETOPTIE]",
129 "ioctl[IEEE80211_IOCTL_GETOPTIE]",
130 "ioctl[IEEE80211_IOCTL_ADDMAC]",
131 "ioctl[IEEE80211_IOCTL_DELMAC]",
132 "ioctl[IEEE80211_IOCTL_GETCHANLIST]",
133 "ioctl[IEEE80211_IOCTL_SETCHANLIST]",
134 "ioctl[IEEE80211_IOCTL_KICKMAC]",
135 "ioctl[IEEE80211_IOCTL_CHANSWITCH]",
136 "ioctl[IEEE80211_IOCTL_GETMODE]",
137 "ioctl[IEEE80211_IOCTL_SETMODE]",
138 "ioctl[IEEE80211_IOCTL_GET_APPIEBUF]",
139 "ioctl[IEEE80211_IOCTL_SET_APPIEBUF]",
141 "ioctl[IEEE80211_IOCTL_FILTERFRAME]",
143 int idx = op - first;
145 idx < (int) (sizeof(opnames) / sizeof(opnames[0])) &&
147 perror(opnames[idx]);
149 perror("ioctl[unknown???]");
150 wpa_printf(MSG_DEBUG, "Failed ioctl: 0x%x", op);
158 set80211param(struct madwifi_driver_data *drv, int op, int arg)
162 memset(&iwr, 0, sizeof(iwr));
163 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
165 memcpy(iwr.u.name+sizeof(__u32), &arg, sizeof(arg));
167 if (ioctl(drv->ioctl_sock, IEEE80211_IOCTL_SETPARAM, &iwr) < 0) {
168 perror("ioctl[IEEE80211_IOCTL_SETPARAM]");
169 wpa_printf(MSG_DEBUG, "%s: Failed to set parameter (op %d "
170 "arg %d)", __func__, op, arg);
176 #ifndef CONFIG_NO_STDOUT_DEBUG
178 ether_sprintf(const u8 *addr)
180 static char buf[sizeof(MACSTR)];
183 snprintf(buf, sizeof(buf), MACSTR, MAC2STR(addr));
185 snprintf(buf, sizeof(buf), MACSTR, 0,0,0,0,0,0);
188 #endif /* CONFIG_NO_STDOUT_DEBUG */
191 * Configure WPA parameters.
194 madwifi_configure_wpa(struct madwifi_driver_data *drv,
195 struct wpa_bss_params *params)
199 switch (params->wpa_group) {
200 case WPA_CIPHER_CCMP:
201 v = IEEE80211_CIPHER_AES_CCM;
203 case WPA_CIPHER_TKIP:
204 v = IEEE80211_CIPHER_TKIP;
206 case WPA_CIPHER_WEP104:
207 v = IEEE80211_CIPHER_WEP;
209 case WPA_CIPHER_WEP40:
210 v = IEEE80211_CIPHER_WEP;
212 case WPA_CIPHER_NONE:
213 v = IEEE80211_CIPHER_NONE;
216 wpa_printf(MSG_ERROR, "Unknown group key cipher %u",
220 wpa_printf(MSG_DEBUG, "%s: group key cipher=%d", __func__, v);
221 if (set80211param(drv, IEEE80211_PARAM_MCASTCIPHER, v)) {
222 printf("Unable to set group key cipher to %u\n", v);
225 if (v == IEEE80211_CIPHER_WEP) {
226 /* key length is done only for specific ciphers */
227 v = (params->wpa_group == WPA_CIPHER_WEP104 ? 13 : 5);
228 if (set80211param(drv, IEEE80211_PARAM_MCASTKEYLEN, v)) {
229 printf("Unable to set group key length to %u\n", v);
235 if (params->wpa_pairwise & WPA_CIPHER_CCMP)
236 v |= 1<<IEEE80211_CIPHER_AES_CCM;
237 if (params->wpa_pairwise & WPA_CIPHER_TKIP)
238 v |= 1<<IEEE80211_CIPHER_TKIP;
239 if (params->wpa_pairwise & WPA_CIPHER_NONE)
240 v |= 1<<IEEE80211_CIPHER_NONE;
241 wpa_printf(MSG_DEBUG, "%s: pairwise key ciphers=0x%x", __func__, v);
242 if (set80211param(drv, IEEE80211_PARAM_UCASTCIPHERS, v)) {
243 printf("Unable to set pairwise key ciphers to 0x%x\n", v);
247 wpa_printf(MSG_DEBUG, "%s: key management algorithms=0x%x",
248 __func__, params->wpa_key_mgmt);
249 if (set80211param(drv, IEEE80211_PARAM_KEYMGTALGS,
250 params->wpa_key_mgmt)) {
251 printf("Unable to set key management algorithms to 0x%x\n",
252 params->wpa_key_mgmt);
257 if (params->rsn_preauth)
259 wpa_printf(MSG_DEBUG, "%s: rsn capabilities=0x%x",
260 __func__, params->rsn_preauth);
261 if (set80211param(drv, IEEE80211_PARAM_RSNCAPS, v)) {
262 printf("Unable to set RSN capabilities to 0x%x\n", v);
266 wpa_printf(MSG_DEBUG, "%s: enable WPA=0x%x", __func__, params->wpa);
267 if (set80211param(drv, IEEE80211_PARAM_WPA, params->wpa)) {
268 printf("Unable to set WPA to %u\n", params->wpa);
275 madwifi_set_ieee8021x(void *priv, struct wpa_bss_params *params)
277 struct madwifi_driver_data *drv = priv;
279 wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, params->enabled);
281 if (!params->enabled) {
282 /* XXX restore state */
283 return set80211param(priv, IEEE80211_PARAM_AUTHMODE,
284 IEEE80211_AUTH_AUTO);
286 if (!params->wpa && !params->ieee802_1x) {
287 hostapd_logger(drv->hapd, NULL, HOSTAPD_MODULE_DRIVER,
288 HOSTAPD_LEVEL_WARNING, "No 802.1X or WPA enabled!");
291 if (params->wpa && madwifi_configure_wpa(drv, params) != 0) {
292 hostapd_logger(drv->hapd, NULL, HOSTAPD_MODULE_DRIVER,
293 HOSTAPD_LEVEL_WARNING, "Error configuring WPA state!");
296 if (set80211param(priv, IEEE80211_PARAM_AUTHMODE,
297 (params->wpa ? IEEE80211_AUTH_WPA : IEEE80211_AUTH_8021X))) {
298 hostapd_logger(drv->hapd, NULL, HOSTAPD_MODULE_DRIVER,
299 HOSTAPD_LEVEL_WARNING, "Error enabling WPA/802.1X!");
307 madwifi_set_privacy(const char *ifname, void *priv, int enabled)
309 struct madwifi_driver_data *drv = priv;
311 wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
313 return set80211param(drv, IEEE80211_PARAM_PRIVACY, enabled);
317 madwifi_set_sta_authorized(void *priv, const u8 *addr, int authorized)
319 struct madwifi_driver_data *drv = priv;
320 struct ieee80211req_mlme mlme;
323 wpa_printf(MSG_DEBUG, "%s: addr=%s authorized=%d",
324 __func__, ether_sprintf(addr), authorized);
327 mlme.im_op = IEEE80211_MLME_AUTHORIZE;
329 mlme.im_op = IEEE80211_MLME_UNAUTHORIZE;
331 memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
332 ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme));
334 wpa_printf(MSG_DEBUG, "%s: Failed to %sauthorize STA " MACSTR,
335 __func__, authorized ? "" : "un", MAC2STR(addr));
342 madwifi_sta_set_flags(void *priv, const u8 *addr, int total_flags,
343 int flags_or, int flags_and)
345 /* For now, only support setting Authorized flag */
346 if (flags_or & WPA_STA_AUTHORIZED)
347 return madwifi_set_sta_authorized(priv, addr, 1);
348 if (!(flags_and & WPA_STA_AUTHORIZED))
349 return madwifi_set_sta_authorized(priv, addr, 0);
354 madwifi_del_key(void *priv, const u8 *addr, int key_idx)
356 struct madwifi_driver_data *drv = priv;
357 struct ieee80211req_del_key wk;
360 wpa_printf(MSG_DEBUG, "%s: addr=%s key_idx=%d",
361 __func__, ether_sprintf(addr), key_idx);
363 memset(&wk, 0, sizeof(wk));
365 memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN);
366 wk.idk_keyix = (u8) IEEE80211_KEYIX_NONE;
368 wk.idk_keyix = key_idx;
371 ret = set80211priv(drv, IEEE80211_IOCTL_DELKEY, &wk, sizeof(wk));
373 wpa_printf(MSG_DEBUG, "%s: Failed to delete key (addr %s"
374 " key_idx %d)", __func__, ether_sprintf(addr),
382 madwifi_set_key(const char *ifname, void *priv, enum wpa_alg alg,
383 const u8 *addr, int key_idx, int set_tx, const u8 *seq,
384 size_t seq_len, const u8 *key, size_t key_len)
386 struct madwifi_driver_data *drv = priv;
387 struct ieee80211req_key wk;
391 if (alg == WPA_ALG_NONE)
392 return madwifi_del_key(drv, addr, key_idx);
394 wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%s key_idx=%d",
395 __func__, alg, ether_sprintf(addr), key_idx);
399 cipher = IEEE80211_CIPHER_WEP;
402 cipher = IEEE80211_CIPHER_TKIP;
405 cipher = IEEE80211_CIPHER_AES_CCM;
408 printf("%s: unknown/unsupported algorithm %d\n",
413 if (key_len > sizeof(wk.ik_keydata)) {
414 printf("%s: key length %lu too big\n", __func__,
415 (unsigned long) key_len);
419 memset(&wk, 0, sizeof(wk));
421 wk.ik_flags = IEEE80211_KEY_RECV | IEEE80211_KEY_XMIT;
423 memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
424 wk.ik_keyix = key_idx;
425 wk.ik_flags |= IEEE80211_KEY_DEFAULT;
427 memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
428 wk.ik_keyix = IEEE80211_KEYIX_NONE;
430 wk.ik_keylen = key_len;
431 memcpy(wk.ik_keydata, key, key_len);
433 ret = set80211priv(drv, IEEE80211_IOCTL_SETKEY, &wk, sizeof(wk));
435 wpa_printf(MSG_DEBUG, "%s: Failed to set key (addr %s"
436 " key_idx %d alg %d key_len %lu set_tx %d)",
437 __func__, ether_sprintf(wk.ik_macaddr), key_idx,
438 alg, (unsigned long) key_len, set_tx);
446 madwifi_get_seqnum(const char *ifname, void *priv, const u8 *addr, int idx,
449 struct madwifi_driver_data *drv = priv;
450 struct ieee80211req_key wk;
452 wpa_printf(MSG_DEBUG, "%s: addr=%s idx=%d",
453 __func__, ether_sprintf(addr), idx);
455 memset(&wk, 0, sizeof(wk));
457 memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
459 memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
462 if (set80211priv(drv, IEEE80211_IOCTL_GETKEY, &wk, sizeof(wk))) {
463 wpa_printf(MSG_DEBUG, "%s: Failed to get encryption data "
464 "(addr " MACSTR " key_idx %d)",
465 __func__, MAC2STR(wk.ik_macaddr), idx);
469 #ifdef WORDS_BIGENDIAN
472 * wk.ik_keytsc is in host byte order (big endian), need to
473 * swap it to match with the byte order used in WPA.
476 u8 tmp[WPA_KEY_RSC_LEN];
477 memcpy(tmp, &wk.ik_keytsc, sizeof(wk.ik_keytsc));
478 for (i = 0; i < WPA_KEY_RSC_LEN; i++) {
479 seq[i] = tmp[WPA_KEY_RSC_LEN - i - 1];
482 #else /* WORDS_BIGENDIAN */
483 memcpy(seq, &wk.ik_keytsc, sizeof(wk.ik_keytsc));
484 #endif /* WORDS_BIGENDIAN */
490 madwifi_flush(void *priv)
492 u8 allsta[IEEE80211_ADDR_LEN];
493 memset(allsta, 0xff, IEEE80211_ADDR_LEN);
494 return madwifi_sta_deauth(priv, NULL, allsta,
495 IEEE80211_REASON_AUTH_LEAVE);
500 madwifi_read_sta_driver_data(void *priv, struct hostap_sta_driver_data *data,
503 struct madwifi_driver_data *drv = priv;
504 struct ieee80211req_sta_stats stats;
506 memset(data, 0, sizeof(*data));
509 * Fetch statistics for station from the system.
511 memset(&stats, 0, sizeof(stats));
512 memcpy(stats.is_u.macaddr, addr, IEEE80211_ADDR_LEN);
513 if (set80211priv(drv, IEEE80211_IOCTL_STA_STATS,
514 &stats, sizeof(stats))) {
515 wpa_printf(MSG_DEBUG, "%s: Failed to fetch STA stats (addr "
516 MACSTR ")", __func__, MAC2STR(addr));
517 if (memcmp(addr, drv->acct_mac, ETH_ALEN) == 0) {
518 memcpy(data, &drv->acct_data, sizeof(*data));
522 printf("Failed to get station stats information element.\n");
526 data->rx_packets = stats.is_stats.ns_rx_data;
527 data->rx_bytes = stats.is_stats.ns_rx_bytes;
528 data->tx_packets = stats.is_stats.ns_tx_data;
529 data->tx_bytes = stats.is_stats.ns_tx_bytes;
535 madwifi_sta_clear_stats(void *priv, const u8 *addr)
537 struct madwifi_driver_data *drv = priv;
538 struct ieee80211req_mlme mlme;
541 wpa_printf(MSG_DEBUG, "%s: addr=%s", __func__, ether_sprintf(addr));
543 mlme.im_op = IEEE80211_MLME_CLEAR_STATS;
544 memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
545 ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme,
548 wpa_printf(MSG_DEBUG, "%s: Failed to clear STA stats (addr "
549 MACSTR ")", __func__, MAC2STR(addr));
557 madwifi_set_opt_ie(const char *ifname, void *priv, const u8 *ie, size_t ie_len)
560 * Do nothing; we setup parameters at startup that define the
561 * contents of the beacon information element.
567 madwifi_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
570 struct madwifi_driver_data *drv = priv;
571 struct ieee80211req_mlme mlme;
574 wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d",
575 __func__, ether_sprintf(addr), reason_code);
577 mlme.im_op = IEEE80211_MLME_DEAUTH;
578 mlme.im_reason = reason_code;
579 memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
580 ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme));
582 wpa_printf(MSG_DEBUG, "%s: Failed to deauth STA (addr " MACSTR
584 __func__, MAC2STR(addr), reason_code);
591 madwifi_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
594 struct madwifi_driver_data *drv = priv;
595 struct ieee80211req_mlme mlme;
598 wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d",
599 __func__, ether_sprintf(addr), reason_code);
601 mlme.im_op = IEEE80211_MLME_DISASSOC;
602 mlme.im_reason = reason_code;
603 memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
604 ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme));
606 wpa_printf(MSG_DEBUG, "%s: Failed to disassoc STA (addr "
607 MACSTR " reason %d)",
608 __func__, MAC2STR(addr), reason_code);
615 static void madwifi_raw_receive(void *ctx, const u8 *src_addr, const u8 *buf,
618 struct madwifi_driver_data *drv = ctx;
619 const struct ieee80211_mgmt *mgmt;
621 union wpa_event_data event;
623 /* Send Probe Request information to WPS processing */
625 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req))
627 mgmt = (const struct ieee80211_mgmt *) buf;
629 fc = le_to_host16(mgmt->frame_control);
630 if (WLAN_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT ||
631 WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_PROBE_REQ)
634 os_memset(&event, 0, sizeof(event));
635 event.rx_probe_req.sa = mgmt->sa;
636 event.rx_probe_req.ie = mgmt->u.probe_req.variable;
637 event.rx_probe_req.ie_len =
638 len - (IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req));
639 wpa_supplicant_event(drv->hapd, EVENT_RX_PROBE_REQ, &event);
641 #endif /* CONFIG_WPS */
643 static int madwifi_receive_probe_req(struct madwifi_driver_data *drv)
647 struct ieee80211req_set_filter filt;
649 wpa_printf(MSG_DEBUG, "%s Enter", __func__);
650 filt.app_filterype = IEEE80211_FILTER_TYPE_PROBE_REQ;
652 ret = set80211priv(drv, IEEE80211_IOCTL_FILTERFRAME, &filt,
653 sizeof(struct ieee80211req_set_filter));
657 drv->sock_raw = l2_packet_init(drv->iface, NULL, ETH_P_80211_RAW,
658 madwifi_raw_receive, drv, 1);
659 if (drv->sock_raw == NULL)
661 #endif /* CONFIG_WPS */
667 madwifi_set_wps_ie(void *priv, const u8 *ie, size_t len, u32 frametype)
669 struct madwifi_driver_data *drv = priv;
671 struct ieee80211req_getset_appiebuf *beac_ie;
673 wpa_printf(MSG_DEBUG, "%s buflen = %lu", __func__,
674 (unsigned long) len);
676 beac_ie = (struct ieee80211req_getset_appiebuf *) buf;
677 beac_ie->app_frmtype = frametype;
678 beac_ie->app_buflen = len;
679 memcpy(&(beac_ie->app_buf[0]), ie, len);
681 return set80211priv(drv, IEEE80211_IOCTL_SET_APPIEBUF, beac_ie,
682 sizeof(struct ieee80211req_getset_appiebuf) + len);
686 madwifi_set_ap_wps_ie(const char *ifname, void *priv,
687 const struct wpabuf *beacon,
688 const struct wpabuf *proberesp)
690 if (madwifi_set_wps_ie(priv, beacon ? wpabuf_head(beacon) : NULL,
691 beacon ? wpabuf_len(beacon) : 0,
692 IEEE80211_APPIE_FRAME_BEACON))
694 return madwifi_set_wps_ie(priv,
695 proberesp ? wpabuf_head(proberesp) : NULL,
696 proberesp ? wpabuf_len(proberesp): 0,
697 IEEE80211_APPIE_FRAME_PROBE_RESP);
699 #else /* CONFIG_WPS */
700 #define madwifi_set_ap_wps_ie NULL
701 #endif /* CONFIG_WPS */
704 madwifi_new_sta(struct madwifi_driver_data *drv, u8 addr[IEEE80211_ADDR_LEN])
706 struct hostapd_data *hapd = drv->hapd;
707 struct ieee80211req_wpaie ie;
712 * Fetch negotiated WPA/RSN parameters from the system.
714 memset(&ie, 0, sizeof(ie));
715 memcpy(ie.wpa_macaddr, addr, IEEE80211_ADDR_LEN);
716 if (set80211priv(drv, IEEE80211_IOCTL_GETWPAIE, &ie, sizeof(ie))) {
718 * See ATH_WPS_IE comment in the beginning of the file for a
719 * possible cause for the failure..
721 wpa_printf(MSG_DEBUG, "%s: Failed to get WPA/RSN IE: %s",
722 __func__, strerror(errno));
725 wpa_hexdump(MSG_MSGDUMP, "madwifi req WPA IE",
726 ie.wpa_ie, IEEE80211_MAX_OPT_IE);
727 wpa_hexdump(MSG_MSGDUMP, "madwifi req RSN IE",
728 ie.rsn_ie, IEEE80211_MAX_OPT_IE);
730 /* madwifi seems to return some random data if WPA/RSN IE is not set.
731 * Assume the IE was not included if the IE type is unknown. */
732 if (iebuf[0] != WLAN_EID_VENDOR_SPECIFIC)
734 if (iebuf[1] == 0 && ie.rsn_ie[1] > 0) {
735 /* madwifi-ng svn #1453 added rsn_ie. Use it, if wpa_ie was not
736 * set. This is needed for WPA2. */
738 if (iebuf[0] != WLAN_EID_RSN)
749 drv_event_assoc(hapd, addr, iebuf, ielen);
751 if (memcmp(addr, drv->acct_mac, ETH_ALEN) == 0) {
752 /* Cached accounting data is not valid anymore. */
753 memset(drv->acct_mac, 0, ETH_ALEN);
754 memset(&drv->acct_data, 0, sizeof(drv->acct_data));
759 madwifi_wireless_event_wireless_custom(struct madwifi_driver_data *drv,
760 char *custom, char *end)
762 wpa_printf(MSG_DEBUG, "Custom wireless event: '%s'", custom);
764 if (strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
767 pos = strstr(custom, "addr=");
769 wpa_printf(MSG_DEBUG,
770 "MLME-MICHAELMICFAILURE.indication "
771 "without sender address ignored");
775 if (hwaddr_aton(pos, addr) == 0) {
776 union wpa_event_data data;
777 os_memset(&data, 0, sizeof(data));
778 data.michael_mic_failure.unicast = 1;
779 data.michael_mic_failure.src = addr;
780 wpa_supplicant_event(drv->hapd,
781 EVENT_MICHAEL_MIC_FAILURE, &data);
783 wpa_printf(MSG_DEBUG,
784 "MLME-MICHAELMICFAILURE.indication "
785 "with invalid MAC address");
787 } else if (strncmp(custom, "STA-TRAFFIC-STAT", 16) == 0) {
791 while ((key = strchr(key, '\n')) != NULL) {
793 value = strchr(key, '=');
797 val = strtoul(value, NULL, 10);
798 if (strcmp(key, "mac") == 0)
799 hwaddr_aton(value, drv->acct_mac);
800 else if (strcmp(key, "rx_packets") == 0)
801 drv->acct_data.rx_packets = val;
802 else if (strcmp(key, "tx_packets") == 0)
803 drv->acct_data.tx_packets = val;
804 else if (strcmp(key, "rx_bytes") == 0)
805 drv->acct_data.rx_bytes = val;
806 else if (strcmp(key, "tx_bytes") == 0)
807 drv->acct_data.tx_bytes = val;
811 } else if (strncmp(custom, "PUSH-BUTTON.indication", 22) == 0) {
812 /* Some atheros kernels send push button as a wireless event */
813 /* PROBLEM! this event is received for ALL BSSs ...
814 * so all are enabled for WPS... ugh.
816 wpa_supplicant_event(drv->hapd, EVENT_WPS_BUTTON_PUSHED, NULL);
817 } else if (strncmp(custom, "Manage.prob_req ", 16) == 0) {
819 * Atheros driver uses a hack to pass Probe Request frames as a
820 * binary data in the custom wireless event. The old way (using
821 * packet sniffing) didn't work when bridging.
822 * Format: "Manage.prob_req <frame len>" | zero padding | frame
824 #define WPS_FRAM_TAG_SIZE 30 /* hardcoded in driver */
825 int len = atoi(custom + 16);
826 if (len < 0 || custom + WPS_FRAM_TAG_SIZE + len > end) {
827 wpa_printf(MSG_DEBUG, "Invalid Manage.prob_req event "
831 madwifi_raw_receive(drv, NULL,
832 (u8 *) custom + WPS_FRAM_TAG_SIZE, len);
833 #endif /* CONFIG_WPS */
838 madwifi_wireless_event_wireless(struct madwifi_driver_data *drv,
841 struct iw_event iwe_buf, *iwe = &iwe_buf;
842 char *pos, *end, *custom, *buf;
847 while (pos + IW_EV_LCP_LEN <= end) {
848 /* Event data may be unaligned, so make a local, aligned copy
849 * before processing. */
850 memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
851 wpa_printf(MSG_MSGDUMP, "Wireless event: cmd=0x%x len=%d",
853 if (iwe->len <= IW_EV_LCP_LEN)
856 custom = pos + IW_EV_POINT_LEN;
857 if (drv->we_version > 18 &&
858 (iwe->cmd == IWEVMICHAELMICFAILURE ||
859 iwe->cmd == IWEVASSOCREQIE ||
860 iwe->cmd == IWEVCUSTOM)) {
861 /* WE-19 removed the pointer from struct iw_point */
862 char *dpos = (char *) &iwe_buf.u.data.length;
863 int dlen = dpos - (char *) &iwe_buf;
864 memcpy(dpos, pos + IW_EV_LCP_LEN,
865 sizeof(struct iw_event) - dlen);
867 memcpy(&iwe_buf, pos, sizeof(struct iw_event));
868 custom += IW_EV_POINT_OFF;
873 drv_event_disassoc(drv->hapd,
874 (u8 *) iwe->u.addr.sa_data);
877 madwifi_new_sta(drv, (u8 *) iwe->u.addr.sa_data);
880 /* Driver hack.. Use IWEVASSOCREQIE to bypass
881 * IWEVCUSTOM size limitations. Need to handle this
882 * just like IWEVCUSTOM.
885 if (custom + iwe->u.data.length > end)
887 buf = malloc(iwe->u.data.length + 1);
890 memcpy(buf, custom, iwe->u.data.length);
891 buf[iwe->u.data.length] = '\0';
892 madwifi_wireless_event_wireless_custom(
893 drv, buf, buf + iwe->u.data.length);
904 madwifi_wireless_event_rtm_newlink(void *ctx,
905 struct ifinfomsg *ifi, u8 *buf, size_t len)
907 struct madwifi_driver_data *drv = ctx;
908 int attrlen, rta_len;
911 if (ifi->ifi_index != drv->ifindex)
915 attr = (struct rtattr *) buf;
917 rta_len = RTA_ALIGN(sizeof(struct rtattr));
918 while (RTA_OK(attr, attrlen)) {
919 if (attr->rta_type == IFLA_WIRELESS) {
920 madwifi_wireless_event_wireless(
921 drv, ((char *) attr) + rta_len,
922 attr->rta_len - rta_len);
924 attr = RTA_NEXT(attr, attrlen);
930 madwifi_get_we_version(struct madwifi_driver_data *drv)
932 struct iw_range *range;
940 * Use larger buffer than struct iw_range in order to allow the
941 * structure to grow in the future.
943 buflen = sizeof(struct iw_range) + 500;
944 range = os_zalloc(buflen);
948 memset(&iwr, 0, sizeof(iwr));
949 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
950 iwr.u.data.pointer = (caddr_t) range;
951 iwr.u.data.length = buflen;
953 minlen = ((char *) &range->enc_capa) - (char *) range +
954 sizeof(range->enc_capa);
956 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
957 perror("ioctl[SIOCGIWRANGE]");
960 } else if (iwr.u.data.length >= minlen &&
961 range->we_version_compiled >= 18) {
962 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
963 "WE(source)=%d enc_capa=0x%x",
964 range->we_version_compiled,
965 range->we_version_source,
967 drv->we_version = range->we_version_compiled;
976 madwifi_wireless_event_init(struct madwifi_driver_data *drv)
978 struct netlink_config *cfg;
980 madwifi_get_we_version(drv);
982 cfg = os_zalloc(sizeof(*cfg));
986 cfg->newlink_cb = madwifi_wireless_event_rtm_newlink;
987 drv->netlink = netlink_init(cfg);
988 if (drv->netlink == NULL) {
998 madwifi_send_eapol(void *priv, const u8 *addr, const u8 *data, size_t data_len,
999 int encrypt, const u8 *own_addr)
1001 struct madwifi_driver_data *drv = priv;
1002 unsigned char buf[3000];
1003 unsigned char *bp = buf;
1004 struct l2_ethhdr *eth;
1009 * Prepend the Ethernet header. If the caller left us
1010 * space at the front we could just insert it but since
1011 * we don't know we copy to a local buffer. Given the frequency
1012 * and size of frames this probably doesn't matter.
1014 len = data_len + sizeof(struct l2_ethhdr);
1015 if (len > sizeof(buf)) {
1018 printf("EAPOL frame discarded, cannot malloc temp "
1019 "buffer of size %lu!\n", (unsigned long) len);
1023 eth = (struct l2_ethhdr *) bp;
1024 memcpy(eth->h_dest, addr, ETH_ALEN);
1025 memcpy(eth->h_source, own_addr, ETH_ALEN);
1026 eth->h_proto = host_to_be16(ETH_P_EAPOL);
1027 memcpy(eth+1, data, data_len);
1029 wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", bp, len);
1031 status = l2_packet_send(drv->sock_xmit, addr, ETH_P_EAPOL, bp, len);
1039 handle_read(void *ctx, const u8 *src_addr, const u8 *buf, size_t len)
1041 struct madwifi_driver_data *drv = ctx;
1042 drv_event_eapol_rx(drv->hapd, src_addr, buf + sizeof(struct l2_ethhdr),
1043 len - sizeof(struct l2_ethhdr));
1047 madwifi_init(struct hostapd_data *hapd, struct wpa_init_params *params)
1049 struct madwifi_driver_data *drv;
1053 drv = os_zalloc(sizeof(struct madwifi_driver_data));
1055 printf("Could not allocate memory for madwifi driver data\n");
1060 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1061 if (drv->ioctl_sock < 0) {
1062 perror("socket[PF_INET,SOCK_DGRAM]");
1065 memcpy(drv->iface, params->ifname, sizeof(drv->iface));
1067 memset(&ifr, 0, sizeof(ifr));
1068 os_strlcpy(ifr.ifr_name, drv->iface, sizeof(ifr.ifr_name));
1069 if (ioctl(drv->ioctl_sock, SIOCGIFINDEX, &ifr) != 0) {
1070 perror("ioctl(SIOCGIFINDEX)");
1073 drv->ifindex = ifr.ifr_ifindex;
1075 drv->sock_xmit = l2_packet_init(drv->iface, NULL, ETH_P_EAPOL,
1076 handle_read, drv, 1);
1077 if (drv->sock_xmit == NULL)
1079 if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr))
1081 if (params->bridge[0]) {
1082 wpa_printf(MSG_DEBUG, "Configure bridge %s for EAPOL traffic.",
1084 drv->sock_recv = l2_packet_init(params->bridge[0], NULL,
1085 ETH_P_EAPOL, handle_read, drv,
1087 if (drv->sock_recv == NULL)
1090 drv->sock_recv = drv->sock_xmit;
1092 memset(&iwr, 0, sizeof(iwr));
1093 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
1095 iwr.u.mode = IW_MODE_MASTER;
1097 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0) {
1098 perror("ioctl[SIOCSIWMODE]");
1099 printf("Could not set interface to master mode!\n");
1103 /* mark down during setup */
1104 linux_set_iface_flags(drv->ioctl_sock, drv->iface, 0);
1105 madwifi_set_privacy(drv->iface, drv, 0); /* default to no privacy */
1107 madwifi_receive_probe_req(drv);
1109 if (madwifi_wireless_event_init(drv))
1114 if (drv->sock_xmit != NULL)
1115 l2_packet_deinit(drv->sock_xmit);
1116 if (drv->ioctl_sock >= 0)
1117 close(drv->ioctl_sock);
1125 madwifi_deinit(void *priv)
1127 struct madwifi_driver_data *drv = priv;
1129 netlink_deinit(drv->netlink);
1130 (void) linux_set_iface_flags(drv->ioctl_sock, drv->iface, 0);
1131 if (drv->ioctl_sock >= 0)
1132 close(drv->ioctl_sock);
1133 if (drv->sock_recv != NULL && drv->sock_recv != drv->sock_xmit)
1134 l2_packet_deinit(drv->sock_recv);
1135 if (drv->sock_xmit != NULL)
1136 l2_packet_deinit(drv->sock_xmit);
1138 l2_packet_deinit(drv->sock_raw);
1143 madwifi_set_ssid(const char *ifname, void *priv, const u8 *buf, int len)
1145 struct madwifi_driver_data *drv = priv;
1148 memset(&iwr, 0, sizeof(iwr));
1149 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
1150 iwr.u.essid.flags = 1; /* SSID active */
1151 iwr.u.essid.pointer = (caddr_t) buf;
1152 iwr.u.essid.length = len + 1;
1154 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
1155 perror("ioctl[SIOCSIWESSID]");
1156 printf("len=%d\n", len);
1163 madwifi_get_ssid(const char *ifname, void *priv, u8 *buf, int len)
1165 struct madwifi_driver_data *drv = priv;
1169 memset(&iwr, 0, sizeof(iwr));
1170 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
1171 iwr.u.essid.pointer = (caddr_t) buf;
1172 iwr.u.essid.length = len;
1174 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
1175 perror("ioctl[SIOCGIWESSID]");
1178 ret = iwr.u.essid.length;
1184 madwifi_set_countermeasures(void *priv, int enabled)
1186 struct madwifi_driver_data *drv = priv;
1187 wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
1188 return set80211param(drv, IEEE80211_PARAM_COUNTERMEASURES, enabled);
1192 madwifi_commit(void *priv)
1194 struct madwifi_driver_data *drv = priv;
1195 return linux_set_iface_flags(drv->ioctl_sock, drv->iface, 1);
1198 const struct wpa_driver_ops wpa_driver_atheros_ops = {
1200 .hapd_init = madwifi_init,
1201 .deinit = madwifi_deinit,
1202 .set_ieee8021x = madwifi_set_ieee8021x,
1203 .set_privacy = madwifi_set_privacy,
1204 .set_key = madwifi_set_key,
1205 .get_seqnum = madwifi_get_seqnum,
1206 .flush = madwifi_flush,
1207 .set_generic_elem = madwifi_set_opt_ie,
1208 .sta_set_flags = madwifi_sta_set_flags,
1209 .read_sta_data = madwifi_read_sta_driver_data,
1210 .hapd_send_eapol = madwifi_send_eapol,
1211 .sta_disassoc = madwifi_sta_disassoc,
1212 .sta_deauth = madwifi_sta_deauth,
1213 .hapd_set_ssid = madwifi_set_ssid,
1214 .hapd_get_ssid = madwifi_get_ssid,
1215 .set_countermeasures = madwifi_set_countermeasures,
1216 .sta_clear_stats = madwifi_sta_clear_stats,
1217 .commit = madwifi_commit,
1218 .set_ap_wps_ie = madwifi_set_ap_wps_ie,