2 * WPA Supplicant - driver interaction with MADWIFI 802.11 driver
3 * Copyright (c) 2004, Sam Leffler <sam@errno.com>
4 * Copyright (c) 2004, Video54 Technologies
5 * Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * Alternatively, this software may be distributed under the terms of BSD
14 * See README and COPYING for more details.
16 * While this driver wrapper supports both AP (hostapd) and station
17 * (wpa_supplicant) operations, the station side is deprecated and
18 * driver_wext.c should be used instead. This driver wrapper should only be
19 * used with hostapd for AP mode functionality.
23 #include <sys/ioctl.h>
27 #include "driver_wext.h"
29 #include "common/ieee802_11_defs.h"
30 #include "wireless_copy.h"
33 * Avoid conflicts with wpa_supplicant definitions by undefining a definition.
37 #include <include/compat.h>
38 #include <net80211/ieee80211.h>
40 /* Assume this is built against BSD branch of madwifi driver. */
42 #include <net80211/_ieee80211.h>
43 #endif /* WME_NUM_AC */
44 #include <net80211/ieee80211_crypto.h>
45 #include <net80211/ieee80211_ioctl.h>
48 #ifdef IEEE80211_IOCTL_FILTERFRAME
49 #include <netpacket/packet.h>
51 #ifndef ETH_P_80211_RAW
52 #define ETH_P_80211_RAW 0x0019
54 #endif /* IEEE80211_IOCTL_FILTERFRAME */
55 #endif /* CONFIG_WPS */
58 * Avoid conflicts with hostapd definitions by undefining couple of defines
59 * from madwifi header files.
67 #ifdef IEEE80211_IOCTL_SETWMMPARAMS
68 /* Assume this is built against madwifi-ng */
70 #endif /* IEEE80211_IOCTL_SETWMMPARAMS */
75 #include "priv_netlink.h"
76 #include "l2_packet/l2_packet.h"
79 struct madwifi_driver_data {
80 struct hostapd_data *hapd; /* back pointer */
82 char iface[IFNAMSIZ + 1];
84 struct l2_packet_data *sock_xmit; /* raw packet xmit socket */
85 struct l2_packet_data *sock_recv; /* raw packet recv socket */
86 int ioctl_sock; /* socket for ioctl() use */
87 int wext_sock; /* socket for wireless events */
89 u8 acct_mac[ETH_ALEN];
90 struct hostap_sta_driver_data acct_data;
92 struct l2_packet_data *sock_raw; /* raw 802.11 management frames */
95 static int madwifi_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
99 set80211priv(struct madwifi_driver_data *drv, int op, void *data, int len)
102 int do_inline = len < IFNAMSIZ;
104 memset(&iwr, 0, sizeof(iwr));
105 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
106 #ifdef IEEE80211_IOCTL_FILTERFRAME
107 /* FILTERFRAME must be NOT inline, regardless of size. */
108 if (op == IEEE80211_IOCTL_FILTERFRAME)
110 #endif /* IEEE80211_IOCTL_FILTERFRAME */
111 if (op == IEEE80211_IOCTL_SET_APPIEBUF)
115 * Argument data fits inline; put it there.
117 memcpy(iwr.u.name, data, len);
120 * Argument data too big for inline transfer; setup a
121 * parameter block instead; the kernel will transfer
122 * the data for the driver.
124 iwr.u.data.pointer = data;
125 iwr.u.data.length = len;
128 if (ioctl(drv->ioctl_sock, op, &iwr) < 0) {
130 int first = IEEE80211_IOCTL_SETPARAM;
131 static const char *opnames[] = {
132 "ioctl[IEEE80211_IOCTL_SETPARAM]",
133 "ioctl[IEEE80211_IOCTL_GETPARAM]",
134 "ioctl[IEEE80211_IOCTL_SETMODE]",
135 "ioctl[IEEE80211_IOCTL_GETMODE]",
136 "ioctl[IEEE80211_IOCTL_SETWMMPARAMS]",
137 "ioctl[IEEE80211_IOCTL_GETWMMPARAMS]",
138 "ioctl[IEEE80211_IOCTL_SETCHANLIST]",
139 "ioctl[IEEE80211_IOCTL_GETCHANLIST]",
140 "ioctl[IEEE80211_IOCTL_CHANSWITCH]",
141 "ioctl[IEEE80211_IOCTL_GET_APPIEBUF]",
142 "ioctl[IEEE80211_IOCTL_SET_APPIEBUF]",
143 "ioctl[IEEE80211_IOCTL_GETSCANRESULTS]",
144 "ioctl[IEEE80211_IOCTL_FILTERFRAME]",
145 "ioctl[IEEE80211_IOCTL_GETCHANINFO]",
146 "ioctl[IEEE80211_IOCTL_SETOPTIE]",
147 "ioctl[IEEE80211_IOCTL_GETOPTIE]",
148 "ioctl[IEEE80211_IOCTL_SETMLME]",
150 "ioctl[IEEE80211_IOCTL_SETKEY]",
152 "ioctl[IEEE80211_IOCTL_DELKEY]",
154 "ioctl[IEEE80211_IOCTL_ADDMAC]",
156 "ioctl[IEEE80211_IOCTL_DELMAC]",
158 "ioctl[IEEE80211_IOCTL_WDSMAC]",
160 "ioctl[IEEE80211_IOCTL_WDSDELMAC]",
162 "ioctl[IEEE80211_IOCTL_KICKMAC]",
164 #else /* MADWIFI_NG */
165 int first = IEEE80211_IOCTL_SETPARAM;
166 static const char *opnames[] = {
167 "ioctl[IEEE80211_IOCTL_SETPARAM]",
168 "ioctl[IEEE80211_IOCTL_GETPARAM]",
169 "ioctl[IEEE80211_IOCTL_SETKEY]",
170 "ioctl[SIOCIWFIRSTPRIV+3]",
171 "ioctl[IEEE80211_IOCTL_DELKEY]",
172 "ioctl[SIOCIWFIRSTPRIV+5]",
173 "ioctl[IEEE80211_IOCTL_SETMLME]",
174 "ioctl[SIOCIWFIRSTPRIV+7]",
175 "ioctl[IEEE80211_IOCTL_SETOPTIE]",
176 "ioctl[IEEE80211_IOCTL_GETOPTIE]",
177 "ioctl[IEEE80211_IOCTL_ADDMAC]",
178 "ioctl[SIOCIWFIRSTPRIV+11]",
179 "ioctl[IEEE80211_IOCTL_DELMAC]",
180 "ioctl[SIOCIWFIRSTPRIV+13]",
181 "ioctl[IEEE80211_IOCTL_CHANLIST]",
182 "ioctl[SIOCIWFIRSTPRIV+15]",
183 "ioctl[IEEE80211_IOCTL_GETRSN]",
184 "ioctl[SIOCIWFIRSTPRIV+17]",
185 "ioctl[IEEE80211_IOCTL_GETKEY]",
187 #endif /* MADWIFI_NG */
188 int idx = op - first;
190 idx < (int) (sizeof(opnames) / sizeof(opnames[0])) &&
192 perror(opnames[idx]);
194 perror("ioctl[unknown???]");
201 set80211param(struct madwifi_driver_data *drv, int op, int arg)
205 memset(&iwr, 0, sizeof(iwr));
206 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
208 memcpy(iwr.u.name+sizeof(__u32), &arg, sizeof(arg));
210 if (ioctl(drv->ioctl_sock, IEEE80211_IOCTL_SETPARAM, &iwr) < 0) {
211 perror("ioctl[IEEE80211_IOCTL_SETPARAM]");
212 wpa_printf(MSG_DEBUG, "%s: Failed to set parameter (op %d "
213 "arg %d)", __func__, op, arg);
219 #ifndef CONFIG_NO_STDOUT_DEBUG
221 ether_sprintf(const u8 *addr)
223 static char buf[sizeof(MACSTR)];
226 snprintf(buf, sizeof(buf), MACSTR, MAC2STR(addr));
228 snprintf(buf, sizeof(buf), MACSTR, 0,0,0,0,0,0);
231 #endif /* CONFIG_NO_STDOUT_DEBUG */
234 * Configure WPA parameters.
237 madwifi_configure_wpa(struct madwifi_driver_data *drv,
238 struct wpa_bss_params *params)
242 switch (params->wpa_group) {
243 case WPA_CIPHER_CCMP:
244 v = IEEE80211_CIPHER_AES_CCM;
246 case WPA_CIPHER_TKIP:
247 v = IEEE80211_CIPHER_TKIP;
249 case WPA_CIPHER_WEP104:
250 v = IEEE80211_CIPHER_WEP;
252 case WPA_CIPHER_WEP40:
253 v = IEEE80211_CIPHER_WEP;
255 case WPA_CIPHER_NONE:
256 v = IEEE80211_CIPHER_NONE;
259 wpa_printf(MSG_ERROR, "Unknown group key cipher %u",
263 wpa_printf(MSG_DEBUG, "%s: group key cipher=%d", __func__, v);
264 if (set80211param(drv, IEEE80211_PARAM_MCASTCIPHER, v)) {
265 printf("Unable to set group key cipher to %u\n", v);
268 if (v == IEEE80211_CIPHER_WEP) {
269 /* key length is done only for specific ciphers */
270 v = (params->wpa_group == WPA_CIPHER_WEP104 ? 13 : 5);
271 if (set80211param(drv, IEEE80211_PARAM_MCASTKEYLEN, v)) {
272 printf("Unable to set group key length to %u\n", v);
278 if (params->wpa_pairwise & WPA_CIPHER_CCMP)
279 v |= 1<<IEEE80211_CIPHER_AES_CCM;
280 if (params->wpa_pairwise & WPA_CIPHER_TKIP)
281 v |= 1<<IEEE80211_CIPHER_TKIP;
282 if (params->wpa_pairwise & WPA_CIPHER_NONE)
283 v |= 1<<IEEE80211_CIPHER_NONE;
284 wpa_printf(MSG_DEBUG, "%s: pairwise key ciphers=0x%x", __func__, v);
285 if (set80211param(drv, IEEE80211_PARAM_UCASTCIPHERS, v)) {
286 printf("Unable to set pairwise key ciphers to 0x%x\n", v);
290 wpa_printf(MSG_DEBUG, "%s: key management algorithms=0x%x",
291 __func__, params->wpa_key_mgmt);
292 if (set80211param(drv, IEEE80211_PARAM_KEYMGTALGS,
293 params->wpa_key_mgmt)) {
294 printf("Unable to set key management algorithms to 0x%x\n",
295 params->wpa_key_mgmt);
300 if (params->rsn_preauth)
302 wpa_printf(MSG_DEBUG, "%s: rsn capabilities=0x%x",
303 __func__, params->rsn_preauth);
304 if (set80211param(drv, IEEE80211_PARAM_RSNCAPS, v)) {
305 printf("Unable to set RSN capabilities to 0x%x\n", v);
309 wpa_printf(MSG_DEBUG, "%s: enable WPA=0x%x", __func__, params->wpa);
310 if (set80211param(drv, IEEE80211_PARAM_WPA, params->wpa)) {
311 printf("Unable to set WPA to %u\n", params->wpa);
319 madwifi_set_iface_flags(void *priv, int dev_up)
321 struct madwifi_driver_data *drv = priv;
324 wpa_printf(MSG_DEBUG, "%s: dev_up=%d", __func__, dev_up);
326 if (drv->ioctl_sock < 0)
329 memset(&ifr, 0, sizeof(ifr));
330 os_strlcpy(ifr.ifr_name, drv->iface, IFNAMSIZ);
332 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, &ifr) != 0) {
333 perror("ioctl[SIOCGIFFLAGS]");
338 ifr.ifr_flags |= IFF_UP;
340 ifr.ifr_flags &= ~IFF_UP;
342 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, &ifr) != 0) {
343 perror("ioctl[SIOCSIFFLAGS]");
351 madwifi_set_ieee8021x(void *priv, struct wpa_bss_params *params)
353 struct madwifi_driver_data *drv = priv;
355 wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, params->enabled);
357 if (!params->enabled) {
358 /* XXX restore state */
359 return set80211param(priv, IEEE80211_PARAM_AUTHMODE,
360 IEEE80211_AUTH_AUTO);
362 if (!params->wpa && !params->ieee802_1x) {
363 hostapd_logger(drv->hapd, NULL, HOSTAPD_MODULE_DRIVER,
364 HOSTAPD_LEVEL_WARNING, "No 802.1X or WPA enabled!");
367 if (params->wpa && madwifi_configure_wpa(drv, params) != 0) {
368 hostapd_logger(drv->hapd, NULL, HOSTAPD_MODULE_DRIVER,
369 HOSTAPD_LEVEL_WARNING, "Error configuring WPA state!");
372 if (set80211param(priv, IEEE80211_PARAM_AUTHMODE,
373 (params->wpa ? IEEE80211_AUTH_WPA : IEEE80211_AUTH_8021X))) {
374 hostapd_logger(drv->hapd, NULL, HOSTAPD_MODULE_DRIVER,
375 HOSTAPD_LEVEL_WARNING, "Error enabling WPA/802.1X!");
383 madwifi_set_privacy(const char *ifname, void *priv, int enabled)
385 struct madwifi_driver_data *drv = priv;
387 wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
389 return set80211param(drv, IEEE80211_PARAM_PRIVACY, enabled);
393 madwifi_set_sta_authorized(void *priv, const u8 *addr, int authorized)
395 struct madwifi_driver_data *drv = priv;
396 struct ieee80211req_mlme mlme;
399 wpa_printf(MSG_DEBUG, "%s: addr=%s authorized=%d",
400 __func__, ether_sprintf(addr), authorized);
403 mlme.im_op = IEEE80211_MLME_AUTHORIZE;
405 mlme.im_op = IEEE80211_MLME_UNAUTHORIZE;
407 memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
408 ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme));
410 wpa_printf(MSG_DEBUG, "%s: Failed to %sauthorize STA " MACSTR,
411 __func__, authorized ? "" : "un", MAC2STR(addr));
418 madwifi_sta_set_flags(void *priv, const u8 *addr, int total_flags,
419 int flags_or, int flags_and)
421 /* For now, only support setting Authorized flag */
422 if (flags_or & WPA_STA_AUTHORIZED)
423 return madwifi_set_sta_authorized(priv, addr, 1);
424 if (!(flags_and & WPA_STA_AUTHORIZED))
425 return madwifi_set_sta_authorized(priv, addr, 0);
430 madwifi_del_key(void *priv, const u8 *addr, int key_idx)
432 struct madwifi_driver_data *drv = priv;
433 struct ieee80211req_del_key wk;
436 wpa_printf(MSG_DEBUG, "%s: addr=%s key_idx=%d",
437 __func__, ether_sprintf(addr), key_idx);
439 memset(&wk, 0, sizeof(wk));
441 memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN);
442 wk.idk_keyix = (u8) IEEE80211_KEYIX_NONE;
444 wk.idk_keyix = key_idx;
447 ret = set80211priv(drv, IEEE80211_IOCTL_DELKEY, &wk, sizeof(wk));
449 wpa_printf(MSG_DEBUG, "%s: Failed to delete key (addr %s"
450 " key_idx %d)", __func__, ether_sprintf(addr),
458 wpa_driver_madwifi_set_key(const char *ifname, void *priv, wpa_alg alg,
459 const u8 *addr, int key_idx, int set_tx,
460 const u8 *seq, size_t seq_len,
461 const u8 *key, size_t key_len)
463 struct madwifi_driver_data *drv = priv;
464 struct ieee80211req_key wk;
468 if (alg == WPA_ALG_NONE)
469 return madwifi_del_key(drv, addr, key_idx);
471 wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%s key_idx=%d",
472 __func__, alg, ether_sprintf(addr), key_idx);
474 if (alg == WPA_ALG_WEP)
475 cipher = IEEE80211_CIPHER_WEP;
476 else if (alg == WPA_ALG_TKIP)
477 cipher = IEEE80211_CIPHER_TKIP;
478 else if (alg == WPA_ALG_CCMP)
479 cipher = IEEE80211_CIPHER_AES_CCM;
481 printf("%s: unknown/unsupported algorithm %d\n",
486 if (key_len > sizeof(wk.ik_keydata)) {
487 printf("%s: key length %lu too big\n", __func__,
488 (unsigned long) key_len);
492 memset(&wk, 0, sizeof(wk));
494 wk.ik_flags = IEEE80211_KEY_RECV | IEEE80211_KEY_XMIT;
496 memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
497 wk.ik_keyix = key_idx;
498 wk.ik_flags |= IEEE80211_KEY_DEFAULT;
500 memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
501 wk.ik_keyix = IEEE80211_KEYIX_NONE;
503 wk.ik_keylen = key_len;
504 memcpy(wk.ik_keydata, key, key_len);
506 ret = set80211priv(drv, IEEE80211_IOCTL_SETKEY, &wk, sizeof(wk));
508 wpa_printf(MSG_DEBUG, "%s: Failed to set key (addr %s"
509 " key_idx %d alg %d key_len %lu set_tx %d)",
510 __func__, ether_sprintf(wk.ik_macaddr), key_idx,
511 alg, (unsigned long) key_len, set_tx);
519 madwifi_get_seqnum(const char *ifname, void *priv, const u8 *addr, int idx,
522 struct madwifi_driver_data *drv = priv;
523 struct ieee80211req_key wk;
525 wpa_printf(MSG_DEBUG, "%s: addr=%s idx=%d",
526 __func__, ether_sprintf(addr), idx);
528 memset(&wk, 0, sizeof(wk));
530 memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
532 memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
535 if (set80211priv(drv, IEEE80211_IOCTL_GETKEY, &wk, sizeof(wk))) {
536 wpa_printf(MSG_DEBUG, "%s: Failed to get encryption data "
537 "(addr " MACSTR " key_idx %d)",
538 __func__, MAC2STR(wk.ik_macaddr), idx);
542 #ifdef WORDS_BIGENDIAN
545 * wk.ik_keytsc is in host byte order (big endian), need to
546 * swap it to match with the byte order used in WPA.
549 u8 tmp[WPA_KEY_RSC_LEN];
550 memcpy(tmp, &wk.ik_keytsc, sizeof(wk.ik_keytsc));
551 for (i = 0; i < WPA_KEY_RSC_LEN; i++) {
552 seq[i] = tmp[WPA_KEY_RSC_LEN - i - 1];
555 #else /* WORDS_BIGENDIAN */
556 memcpy(seq, &wk.ik_keytsc, sizeof(wk.ik_keytsc));
557 #endif /* WORDS_BIGENDIAN */
563 madwifi_flush(void *priv)
566 u8 allsta[IEEE80211_ADDR_LEN];
567 memset(allsta, 0xff, IEEE80211_ADDR_LEN);
568 return madwifi_sta_deauth(priv, NULL, allsta,
569 IEEE80211_REASON_AUTH_LEAVE);
570 #else /* MADWIFI_BSD */
572 #endif /* MADWIFI_BSD */
577 madwifi_read_sta_driver_data(void *priv, struct hostap_sta_driver_data *data,
580 struct madwifi_driver_data *drv = priv;
583 struct ieee80211req_sta_stats stats;
585 memset(data, 0, sizeof(*data));
588 * Fetch statistics for station from the system.
590 memset(&stats, 0, sizeof(stats));
591 memcpy(stats.is_u.macaddr, addr, IEEE80211_ADDR_LEN);
592 if (set80211priv(drv,
594 IEEE80211_IOCTL_STA_STATS,
595 #else /* MADWIFI_NG */
596 IEEE80211_IOCTL_GETSTASTATS,
597 #endif /* MADWIFI_NG */
598 &stats, sizeof(stats))) {
599 wpa_printf(MSG_DEBUG, "%s: Failed to fetch STA stats (addr "
600 MACSTR ")", __func__, MAC2STR(addr));
601 if (memcmp(addr, drv->acct_mac, ETH_ALEN) == 0) {
602 memcpy(data, &drv->acct_data, sizeof(*data));
606 printf("Failed to get station stats information element.\n");
610 data->rx_packets = stats.is_stats.ns_rx_data;
611 data->rx_bytes = stats.is_stats.ns_rx_bytes;
612 data->tx_packets = stats.is_stats.ns_tx_data;
613 data->tx_bytes = stats.is_stats.ns_tx_bytes;
616 #else /* MADWIFI_BSD */
618 char buf[1024], line[128], *pos;
622 memset(data, 0, sizeof(*data));
623 snprintf(buf, sizeof(buf), "/proc/net/madwifi/%s/" MACSTR,
624 drv->iface, MAC2STR(addr));
628 if (memcmp(addr, drv->acct_mac, ETH_ALEN) != 0)
630 memcpy(data, &drv->acct_data, sizeof(*data));
633 /* Need to read proc file with in one piece, so use large enough
635 setbuffer(f, buf, sizeof(buf));
637 while (fgets(line, sizeof(line), f)) {
638 pos = strchr(line, '=');
642 val = strtoul(pos, NULL, 10);
643 if (strcmp(line, "rx_packets") == 0)
644 data->rx_packets = val;
645 else if (strcmp(line, "tx_packets") == 0)
646 data->tx_packets = val;
647 else if (strcmp(line, "rx_bytes") == 0)
648 data->rx_bytes = val;
649 else if (strcmp(line, "tx_bytes") == 0)
650 data->tx_bytes = val;
656 #endif /* MADWIFI_BSD */
661 madwifi_sta_clear_stats(void *priv, const u8 *addr)
663 #if defined(MADWIFI_BSD) && defined(IEEE80211_MLME_CLEAR_STATS)
664 struct madwifi_driver_data *drv = priv;
665 struct ieee80211req_mlme mlme;
668 wpa_printf(MSG_DEBUG, "%s: addr=%s", __func__, ether_sprintf(addr));
670 mlme.im_op = IEEE80211_MLME_CLEAR_STATS;
671 memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
672 ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme,
675 wpa_printf(MSG_DEBUG, "%s: Failed to clear STA stats (addr "
676 MACSTR ")", __func__, MAC2STR(addr));
680 #else /* MADWIFI_BSD && IEEE80211_MLME_CLEAR_STATS */
682 #endif /* MADWIFI_BSD && IEEE80211_MLME_CLEAR_STATS */
687 madwifi_set_opt_ie(const char *ifname, void *priv, const u8 *ie, size_t ie_len)
690 * Do nothing; we setup parameters at startup that define the
691 * contents of the beacon information element.
697 madwifi_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
700 struct madwifi_driver_data *drv = priv;
701 struct ieee80211req_mlme mlme;
704 wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d",
705 __func__, ether_sprintf(addr), reason_code);
707 mlme.im_op = IEEE80211_MLME_DEAUTH;
708 mlme.im_reason = reason_code;
709 memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
710 ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme));
712 wpa_printf(MSG_DEBUG, "%s: Failed to deauth STA (addr " MACSTR
714 __func__, MAC2STR(addr), reason_code);
721 madwifi_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
724 struct madwifi_driver_data *drv = priv;
725 struct ieee80211req_mlme mlme;
728 wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d",
729 __func__, ether_sprintf(addr), reason_code);
731 mlme.im_op = IEEE80211_MLME_DISASSOC;
732 mlme.im_reason = reason_code;
733 memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
734 ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme));
736 wpa_printf(MSG_DEBUG, "%s: Failed to disassoc STA (addr "
737 MACSTR " reason %d)",
738 __func__, MAC2STR(addr), reason_code);
745 #ifdef IEEE80211_IOCTL_FILTERFRAME
746 static void madwifi_raw_receive(void *ctx, const u8 *src_addr, const u8 *buf,
749 struct madwifi_driver_data *drv = ctx;
750 const struct ieee80211_mgmt *mgmt;
755 /* Send Probe Request information to WPS processing */
757 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req))
759 mgmt = (const struct ieee80211_mgmt *) buf;
761 fc = le_to_host16(mgmt->frame_control);
762 if (WLAN_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT ||
763 WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_PROBE_REQ)
767 ie = mgmt->u.probe_req.variable;
768 ie_len = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req));
770 hostapd_probe_req_rx(drv->hapd, mgmt->sa, ie, ie_len);
772 #endif /* IEEE80211_IOCTL_FILTERFRAME */
773 #endif /* CONFIG_WPS */
775 static int madwifi_receive_probe_req(struct madwifi_driver_data *drv)
779 #ifdef IEEE80211_IOCTL_FILTERFRAME
780 struct ieee80211req_set_filter filt;
782 wpa_printf(MSG_DEBUG, "%s Enter", __func__);
783 filt.app_filterype = IEEE80211_FILTER_TYPE_PROBE_REQ;
785 ret = set80211priv(drv, IEEE80211_IOCTL_FILTERFRAME, &filt,
786 sizeof(struct ieee80211req_set_filter));
790 drv->sock_raw = l2_packet_init(drv->iface, NULL, ETH_P_80211_RAW,
791 madwifi_raw_receive, drv, 1);
792 if (drv->sock_raw == NULL)
794 #endif /* IEEE80211_IOCTL_FILTERFRAME */
795 #endif /* CONFIG_WPS */
801 madwifi_set_wps_ie(void *priv, const u8 *ie, size_t len, u32 frametype)
803 struct madwifi_driver_data *drv = priv;
805 struct ieee80211req_getset_appiebuf *beac_ie;
807 wpa_printf(MSG_DEBUG, "%s buflen = %lu", __func__,
808 (unsigned long) len);
810 beac_ie = (struct ieee80211req_getset_appiebuf *) buf;
811 beac_ie->app_frmtype = frametype;
812 beac_ie->app_buflen = len;
813 memcpy(&(beac_ie->app_buf[0]), ie, len);
815 return set80211priv(drv, IEEE80211_IOCTL_SET_APPIEBUF, beac_ie,
816 sizeof(struct ieee80211req_getset_appiebuf) + len);
820 madwifi_set_wps_beacon_ie(const char *ifname, void *priv, const u8 *ie,
823 return madwifi_set_wps_ie(priv, ie, len, IEEE80211_APPIE_FRAME_BEACON);
827 madwifi_set_wps_probe_resp_ie(const char *ifname, void *priv, const u8 *ie,
830 return madwifi_set_wps_ie(priv, ie, len,
831 IEEE80211_APPIE_FRAME_PROBE_RESP);
833 #else /* CONFIG_WPS */
834 #define madwifi_set_wps_beacon_ie NULL
835 #define madwifi_set_wps_probe_resp_ie NULL
836 #endif /* CONFIG_WPS */
839 madwifi_new_sta(struct madwifi_driver_data *drv, u8 addr[IEEE80211_ADDR_LEN])
841 struct hostapd_data *hapd = drv->hapd;
842 struct ieee80211req_wpaie ie;
847 * Fetch negotiated WPA/RSN parameters from the system.
849 memset(&ie, 0, sizeof(ie));
850 memcpy(ie.wpa_macaddr, addr, IEEE80211_ADDR_LEN);
851 if (set80211priv(drv, IEEE80211_IOCTL_GETWPAIE, &ie, sizeof(ie))) {
852 wpa_printf(MSG_DEBUG, "%s: Failed to get WPA/RSN IE",
856 wpa_hexdump(MSG_MSGDUMP, "madwifi req WPA IE",
857 ie.wpa_ie, IEEE80211_MAX_OPT_IE);
859 /* madwifi seems to return some random data if WPA/RSN IE is not set.
860 * Assume the IE was not included if the IE type is unknown. */
861 if (iebuf[0] != WLAN_EID_VENDOR_SPECIFIC)
864 wpa_hexdump(MSG_MSGDUMP, "madwifi req RSN IE",
865 ie.rsn_ie, IEEE80211_MAX_OPT_IE);
866 if (iebuf[1] == 0 && ie.rsn_ie[1] > 0) {
867 /* madwifi-ng svn #1453 added rsn_ie. Use it, if wpa_ie was not
868 * set. This is needed for WPA2. */
870 if (iebuf[0] != WLAN_EID_RSN)
873 #endif /* MADWIFI_NG */
882 res = hostapd_notif_assoc(hapd, addr, iebuf, ielen);
884 if (memcmp(addr, drv->acct_mac, ETH_ALEN) == 0) {
885 /* Cached accounting data is not valid anymore. */
886 memset(drv->acct_mac, 0, ETH_ALEN);
887 memset(&drv->acct_data, 0, sizeof(drv->acct_data));
894 madwifi_wireless_event_wireless_custom(struct madwifi_driver_data *drv,
897 wpa_printf(MSG_DEBUG, "Custom wireless event: '%s'", custom);
899 if (strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
902 pos = strstr(custom, "addr=");
904 wpa_printf(MSG_DEBUG,
905 "MLME-MICHAELMICFAILURE.indication "
906 "without sender address ignored");
910 if (hwaddr_aton(pos, addr) == 0) {
911 union wpa_event_data data;
912 os_memset(&data, 0, sizeof(data));
913 data.michael_mic_failure.unicast = 1;
914 data.michael_mic_failure.src = addr;
915 wpa_supplicant_event(drv->hapd,
916 EVENT_MICHAEL_MIC_FAILURE, &data);
918 wpa_printf(MSG_DEBUG,
919 "MLME-MICHAELMICFAILURE.indication "
920 "with invalid MAC address");
922 } else if (strncmp(custom, "STA-TRAFFIC-STAT", 16) == 0) {
926 while ((key = strchr(key, '\n')) != NULL) {
928 value = strchr(key, '=');
932 val = strtoul(value, NULL, 10);
933 if (strcmp(key, "mac") == 0)
934 hwaddr_aton(value, drv->acct_mac);
935 else if (strcmp(key, "rx_packets") == 0)
936 drv->acct_data.rx_packets = val;
937 else if (strcmp(key, "tx_packets") == 0)
938 drv->acct_data.tx_packets = val;
939 else if (strcmp(key, "rx_bytes") == 0)
940 drv->acct_data.rx_bytes = val;
941 else if (strcmp(key, "tx_bytes") == 0)
942 drv->acct_data.tx_bytes = val;
949 madwifi_wireless_event_wireless(struct madwifi_driver_data *drv,
952 struct iw_event iwe_buf, *iwe = &iwe_buf;
953 char *pos, *end, *custom, *buf;
958 while (pos + IW_EV_LCP_LEN <= end) {
959 /* Event data may be unaligned, so make a local, aligned copy
960 * before processing. */
961 memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
962 wpa_printf(MSG_MSGDUMP, "Wireless event: cmd=0x%x len=%d",
964 if (iwe->len <= IW_EV_LCP_LEN)
967 custom = pos + IW_EV_POINT_LEN;
968 if (drv->we_version > 18 &&
969 (iwe->cmd == IWEVMICHAELMICFAILURE ||
970 iwe->cmd == IWEVCUSTOM)) {
971 /* WE-19 removed the pointer from struct iw_point */
972 char *dpos = (char *) &iwe_buf.u.data.length;
973 int dlen = dpos - (char *) &iwe_buf;
974 memcpy(dpos, pos + IW_EV_LCP_LEN,
975 sizeof(struct iw_event) - dlen);
977 memcpy(&iwe_buf, pos, sizeof(struct iw_event));
978 custom += IW_EV_POINT_OFF;
983 hostapd_notif_disassoc(drv->hapd,
984 (u8 *) iwe->u.addr.sa_data);
987 madwifi_new_sta(drv, (u8 *) iwe->u.addr.sa_data);
990 if (custom + iwe->u.data.length > end)
992 buf = malloc(iwe->u.data.length + 1);
995 memcpy(buf, custom, iwe->u.data.length);
996 buf[iwe->u.data.length] = '\0';
997 madwifi_wireless_event_wireless_custom(drv, buf);
1008 madwifi_wireless_event_rtm_newlink(struct madwifi_driver_data *drv,
1009 struct nlmsghdr *h, int len)
1011 struct ifinfomsg *ifi;
1012 int attrlen, nlmsg_len, rta_len;
1013 struct rtattr * attr;
1015 if (len < (int) sizeof(*ifi))
1018 ifi = NLMSG_DATA(h);
1020 if (ifi->ifi_index != drv->ifindex)
1023 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
1025 attrlen = NLMSG_PAYLOAD(h, sizeof(struct ifinfomsg));
1029 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
1031 rta_len = RTA_ALIGN(sizeof(struct rtattr));
1032 while (RTA_OK(attr, attrlen)) {
1033 if (attr->rta_type == IFLA_WIRELESS) {
1034 madwifi_wireless_event_wireless(
1035 drv, ((char *) attr) + rta_len,
1036 attr->rta_len - rta_len);
1038 attr = RTA_NEXT(attr, attrlen);
1044 madwifi_wireless_event_receive(int sock, void *eloop_ctx, void *sock_ctx)
1048 struct sockaddr_nl from;
1051 struct madwifi_driver_data *drv = eloop_ctx;
1053 fromlen = sizeof(from);
1054 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
1055 (struct sockaddr *) &from, &fromlen);
1057 if (errno != EINTR && errno != EAGAIN)
1058 perror("recvfrom(netlink)");
1062 h = (struct nlmsghdr *) buf;
1063 while (left >= (int) sizeof(*h)) {
1067 plen = len - sizeof(*h);
1068 if (len > left || plen < 0) {
1069 printf("Malformed netlink message: "
1070 "len=%d left=%d plen=%d\n",
1075 switch (h->nlmsg_type) {
1077 madwifi_wireless_event_rtm_newlink(drv, h, plen);
1081 len = NLMSG_ALIGN(len);
1083 h = (struct nlmsghdr *) ((char *) h + len);
1087 printf("%d extra bytes in the end of netlink message\n", left);
1093 madwifi_get_we_version(struct madwifi_driver_data *drv)
1095 struct iw_range *range;
1100 drv->we_version = 0;
1103 * Use larger buffer than struct iw_range in order to allow the
1104 * structure to grow in the future.
1106 buflen = sizeof(struct iw_range) + 500;
1107 range = os_zalloc(buflen);
1111 memset(&iwr, 0, sizeof(iwr));
1112 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
1113 iwr.u.data.pointer = (caddr_t) range;
1114 iwr.u.data.length = buflen;
1116 minlen = ((char *) &range->enc_capa) - (char *) range +
1117 sizeof(range->enc_capa);
1119 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1120 perror("ioctl[SIOCGIWRANGE]");
1123 } else if (iwr.u.data.length >= minlen &&
1124 range->we_version_compiled >= 18) {
1125 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1126 "WE(source)=%d enc_capa=0x%x",
1127 range->we_version_compiled,
1128 range->we_version_source,
1130 drv->we_version = range->we_version_compiled;
1139 madwifi_wireless_event_init(struct madwifi_driver_data *drv)
1142 struct sockaddr_nl local;
1144 madwifi_get_we_version(drv);
1146 drv->wext_sock = -1;
1148 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
1150 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
1154 memset(&local, 0, sizeof(local));
1155 local.nl_family = AF_NETLINK;
1156 local.nl_groups = RTMGRP_LINK;
1157 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
1158 perror("bind(netlink)");
1163 eloop_register_read_sock(s, madwifi_wireless_event_receive, drv, NULL);
1171 madwifi_wireless_event_deinit(struct madwifi_driver_data *drv)
1173 if (drv->wext_sock < 0)
1175 eloop_unregister_read_sock(drv->wext_sock);
1176 close(drv->wext_sock);
1181 madwifi_send_eapol(void *priv, const u8 *addr, const u8 *data, size_t data_len,
1182 int encrypt, const u8 *own_addr)
1184 struct madwifi_driver_data *drv = priv;
1185 unsigned char buf[3000];
1186 unsigned char *bp = buf;
1187 struct l2_ethhdr *eth;
1192 * Prepend the Ethernet header. If the caller left us
1193 * space at the front we could just insert it but since
1194 * we don't know we copy to a local buffer. Given the frequency
1195 * and size of frames this probably doesn't matter.
1197 len = data_len + sizeof(struct l2_ethhdr);
1198 if (len > sizeof(buf)) {
1201 printf("EAPOL frame discarded, cannot malloc temp "
1202 "buffer of size %lu!\n", (unsigned long) len);
1206 eth = (struct l2_ethhdr *) bp;
1207 memcpy(eth->h_dest, addr, ETH_ALEN);
1208 memcpy(eth->h_source, own_addr, ETH_ALEN);
1209 eth->h_proto = host_to_be16(ETH_P_EAPOL);
1210 memcpy(eth+1, data, data_len);
1212 wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", bp, len);
1214 status = l2_packet_send(drv->sock_xmit, addr, ETH_P_EAPOL, bp, len);
1222 handle_read(void *ctx, const u8 *src_addr, const u8 *buf, size_t len)
1224 struct madwifi_driver_data *drv = ctx;
1225 hostapd_eapol_receive(drv->hapd, src_addr,
1226 buf + sizeof(struct l2_ethhdr),
1227 len - sizeof(struct l2_ethhdr));
1231 madwifi_init(struct hostapd_data *hapd, struct wpa_init_params *params)
1233 struct madwifi_driver_data *drv;
1237 drv = os_zalloc(sizeof(struct madwifi_driver_data));
1239 printf("Could not allocate memory for madwifi driver data\n");
1244 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1245 if (drv->ioctl_sock < 0) {
1246 perror("socket[PF_INET,SOCK_DGRAM]");
1249 memcpy(drv->iface, params->ifname, sizeof(drv->iface));
1251 memset(&ifr, 0, sizeof(ifr));
1252 os_strlcpy(ifr.ifr_name, drv->iface, sizeof(ifr.ifr_name));
1253 if (ioctl(drv->ioctl_sock, SIOCGIFINDEX, &ifr) != 0) {
1254 perror("ioctl(SIOCGIFINDEX)");
1257 drv->ifindex = ifr.ifr_ifindex;
1259 drv->sock_xmit = l2_packet_init(drv->iface, NULL, ETH_P_EAPOL,
1260 handle_read, drv, 1);
1261 if (drv->sock_xmit == NULL)
1263 if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr))
1265 if (params->bridge[0]) {
1266 wpa_printf(MSG_DEBUG, "Configure bridge %s for EAPOL traffic.",
1268 drv->sock_recv = l2_packet_init(params->bridge[0], NULL,
1269 ETH_P_EAPOL, handle_read, drv,
1271 if (drv->sock_recv == NULL)
1274 drv->sock_recv = drv->sock_xmit;
1276 memset(&iwr, 0, sizeof(iwr));
1277 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
1279 iwr.u.mode = IW_MODE_MASTER;
1281 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0) {
1282 perror("ioctl[SIOCSIWMODE]");
1283 printf("Could not set interface to master mode!\n");
1287 madwifi_set_iface_flags(drv, 0); /* mark down during setup */
1288 madwifi_set_privacy(drv->iface, drv, 0); /* default to no privacy */
1290 madwifi_receive_probe_req(drv);
1292 if (madwifi_wireless_event_init(drv))
1297 if (drv->sock_xmit != NULL)
1298 l2_packet_deinit(drv->sock_xmit);
1299 if (drv->ioctl_sock >= 0)
1300 close(drv->ioctl_sock);
1308 madwifi_deinit(void *priv)
1310 struct madwifi_driver_data *drv = priv;
1312 madwifi_wireless_event_deinit(drv);
1313 (void) madwifi_set_iface_flags(drv, 0);
1314 if (drv->ioctl_sock >= 0)
1315 close(drv->ioctl_sock);
1316 if (drv->sock_recv != NULL && drv->sock_recv != drv->sock_xmit)
1317 l2_packet_deinit(drv->sock_recv);
1318 if (drv->sock_xmit != NULL)
1319 l2_packet_deinit(drv->sock_xmit);
1321 l2_packet_deinit(drv->sock_raw);
1326 madwifi_set_ssid(const char *ifname, void *priv, const u8 *buf, int len)
1328 struct madwifi_driver_data *drv = priv;
1331 memset(&iwr, 0, sizeof(iwr));
1332 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
1333 iwr.u.essid.flags = 1; /* SSID active */
1334 iwr.u.essid.pointer = (caddr_t) buf;
1335 iwr.u.essid.length = len + 1;
1337 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
1338 perror("ioctl[SIOCSIWESSID]");
1339 printf("len=%d\n", len);
1346 madwifi_get_ssid(const char *ifname, void *priv, u8 *buf, int len)
1348 struct madwifi_driver_data *drv = priv;
1352 memset(&iwr, 0, sizeof(iwr));
1353 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
1354 iwr.u.essid.pointer = (caddr_t) buf;
1355 iwr.u.essid.length = len;
1357 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
1358 perror("ioctl[SIOCGIWESSID]");
1361 ret = iwr.u.essid.length;
1367 madwifi_set_countermeasures(void *priv, int enabled)
1369 struct madwifi_driver_data *drv = priv;
1370 wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
1371 return set80211param(drv, IEEE80211_PARAM_COUNTERMEASURES, enabled);
1375 madwifi_commit(void *priv)
1377 return madwifi_set_iface_flags(priv, 1);
1382 struct wpa_driver_madwifi_data {
1383 void *wext; /* private data for driver_wext */
1385 char ifname[IFNAMSIZ + 1];
1389 static int wpa_driver_madwifi_set_auth_alg(void *priv, int auth_alg);
1390 static int wpa_driver_madwifi_set_probe_req_ie(void *priv, const u8 *ies,
1395 set80211priv(struct wpa_driver_madwifi_data *drv, int op, void *data, int len,
1400 os_memset(&iwr, 0, sizeof(iwr));
1401 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1402 if (len < IFNAMSIZ &&
1403 op != IEEE80211_IOCTL_SET_APPIEBUF) {
1405 * Argument data fits inline; put it there.
1407 os_memcpy(iwr.u.name, data, len);
1410 * Argument data too big for inline transfer; setup a
1411 * parameter block instead; the kernel will transfer
1412 * the data for the driver.
1414 iwr.u.data.pointer = data;
1415 iwr.u.data.length = len;
1418 if (ioctl(drv->sock, op, &iwr) < 0) {
1421 int first = IEEE80211_IOCTL_SETPARAM;
1422 int last = IEEE80211_IOCTL_KICKMAC;
1423 static const char *opnames[] = {
1424 "ioctl[IEEE80211_IOCTL_SETPARAM]",
1425 "ioctl[IEEE80211_IOCTL_GETPARAM]",
1426 "ioctl[IEEE80211_IOCTL_SETMODE]",
1427 "ioctl[IEEE80211_IOCTL_GETMODE]",
1428 "ioctl[IEEE80211_IOCTL_SETWMMPARAMS]",
1429 "ioctl[IEEE80211_IOCTL_GETWMMPARAMS]",
1430 "ioctl[IEEE80211_IOCTL_SETCHANLIST]",
1431 "ioctl[IEEE80211_IOCTL_GETCHANLIST]",
1432 "ioctl[IEEE80211_IOCTL_CHANSWITCH]",
1434 "ioctl[IEEE80211_IOCTL_SET_APPIEBUF]",
1435 "ioctl[IEEE80211_IOCTL_GETSCANRESULTS]",
1437 "ioctl[IEEE80211_IOCTL_GETCHANINFO]",
1438 "ioctl[IEEE80211_IOCTL_SETOPTIE]",
1439 "ioctl[IEEE80211_IOCTL_GETOPTIE]",
1440 "ioctl[IEEE80211_IOCTL_SETMLME]",
1442 "ioctl[IEEE80211_IOCTL_SETKEY]",
1444 "ioctl[IEEE80211_IOCTL_DELKEY]",
1446 "ioctl[IEEE80211_IOCTL_ADDMAC]",
1448 "ioctl[IEEE80211_IOCTL_DELMAC]",
1450 "ioctl[IEEE80211_IOCTL_WDSMAC]",
1452 "ioctl[IEEE80211_IOCTL_WDSDELMAC]",
1454 "ioctl[IEEE80211_IOCTL_KICKMAC]",
1456 #else /* MADWIFI_NG */
1457 int first = IEEE80211_IOCTL_SETPARAM;
1458 int last = IEEE80211_IOCTL_CHANLIST;
1459 static const char *opnames[] = {
1460 "ioctl[IEEE80211_IOCTL_SETPARAM]",
1461 "ioctl[IEEE80211_IOCTL_GETPARAM]",
1462 "ioctl[IEEE80211_IOCTL_SETKEY]",
1463 "ioctl[IEEE80211_IOCTL_GETKEY]",
1464 "ioctl[IEEE80211_IOCTL_DELKEY]",
1466 "ioctl[IEEE80211_IOCTL_SETMLME]",
1468 "ioctl[IEEE80211_IOCTL_SETOPTIE]",
1469 "ioctl[IEEE80211_IOCTL_GETOPTIE]",
1470 "ioctl[IEEE80211_IOCTL_ADDMAC]",
1472 "ioctl[IEEE80211_IOCTL_DELMAC]",
1474 "ioctl[IEEE80211_IOCTL_CHANLIST]",
1476 #endif /* MADWIFI_NG */
1477 int idx = op - first;
1478 if (first <= op && op <= last &&
1479 idx < (int) (sizeof(opnames) / sizeof(opnames[0]))
1481 perror(opnames[idx]);
1483 perror("ioctl[unknown???]");
1491 set80211param(struct wpa_driver_madwifi_data *drv, int op, int arg,
1496 os_memset(&iwr, 0, sizeof(iwr));
1497 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1499 os_memcpy(iwr.u.name+sizeof(u32), &arg, sizeof(arg));
1501 if (ioctl(drv->sock, IEEE80211_IOCTL_SETPARAM, &iwr) < 0) {
1503 perror("ioctl[IEEE80211_IOCTL_SETPARAM]");
1510 wpa_driver_madwifi_set_wpa_ie(struct wpa_driver_madwifi_data *drv,
1511 const u8 *wpa_ie, size_t wpa_ie_len)
1515 os_memset(&iwr, 0, sizeof(iwr));
1516 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1517 /* NB: SETOPTIE is not fixed-size so must not be inlined */
1518 iwr.u.data.pointer = (void *) wpa_ie;
1519 iwr.u.data.length = wpa_ie_len;
1521 if (ioctl(drv->sock, IEEE80211_IOCTL_SETOPTIE, &iwr) < 0) {
1522 perror("ioctl[IEEE80211_IOCTL_SETOPTIE]");
1529 wpa_driver_madwifi_del_key(struct wpa_driver_madwifi_data *drv, int key_idx,
1532 struct ieee80211req_del_key wk;
1534 wpa_printf(MSG_DEBUG, "%s: keyidx=%d", __FUNCTION__, key_idx);
1535 os_memset(&wk, 0, sizeof(wk));
1536 wk.idk_keyix = key_idx;
1538 os_memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN);
1540 return set80211priv(drv, IEEE80211_IOCTL_DELKEY, &wk, sizeof(wk), 1);
1544 wpa_driver_madwifi_set_key(const char *ifname, void *priv, wpa_alg alg,
1545 const u8 *addr, int key_idx, int set_tx,
1546 const u8 *seq, size_t seq_len,
1547 const u8 *key, size_t key_len)
1549 struct wpa_driver_madwifi_data *drv = priv;
1550 struct ieee80211req_key wk;
1554 if (alg == WPA_ALG_NONE)
1555 return wpa_driver_madwifi_del_key(drv, key_idx, addr);
1559 if (addr == NULL || os_memcmp(addr, "\xff\xff\xff\xff\xff\xff",
1562 * madwifi did not seem to like static WEP key
1563 * configuration with IEEE80211_IOCTL_SETKEY, so use
1564 * Linux wireless extensions ioctl for this.
1566 return wpa_driver_wext_set_key(ifname, drv->wext, alg,
1567 addr, key_idx, set_tx,
1572 cipher = IEEE80211_CIPHER_WEP;
1576 cipher = IEEE80211_CIPHER_TKIP;
1580 cipher = IEEE80211_CIPHER_AES_CCM;
1583 wpa_printf(MSG_DEBUG, "%s: unknown/unsupported algorithm %d",
1588 wpa_printf(MSG_DEBUG, "%s: alg=%s key_idx=%d set_tx=%d seq_len=%lu "
1589 "key_len=%lu", __FUNCTION__, alg_name, key_idx, set_tx,
1590 (unsigned long) seq_len, (unsigned long) key_len);
1592 if (seq_len > sizeof(u_int64_t)) {
1593 wpa_printf(MSG_DEBUG, "%s: seq_len %lu too big",
1594 __FUNCTION__, (unsigned long) seq_len);
1597 if (key_len > sizeof(wk.ik_keydata)) {
1598 wpa_printf(MSG_DEBUG, "%s: key length %lu too big",
1599 __FUNCTION__, (unsigned long) key_len);
1603 os_memset(&wk, 0, sizeof(wk));
1604 wk.ik_type = cipher;
1605 wk.ik_flags = IEEE80211_KEY_RECV;
1607 os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0)
1608 wk.ik_flags |= IEEE80211_KEY_GROUP;
1610 wk.ik_flags |= IEEE80211_KEY_XMIT | IEEE80211_KEY_DEFAULT;
1611 os_memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
1613 os_memset(wk.ik_macaddr, 0, IEEE80211_ADDR_LEN);
1614 wk.ik_keyix = key_idx;
1615 wk.ik_keylen = key_len;
1616 #ifdef WORDS_BIGENDIAN
1617 #define WPA_KEY_RSC_LEN 8
1620 u8 tmp[WPA_KEY_RSC_LEN];
1621 os_memset(tmp, 0, sizeof(tmp));
1622 for (i = 0; i < seq_len; i++)
1623 tmp[WPA_KEY_RSC_LEN - i - 1] = seq[i];
1624 os_memcpy(&wk.ik_keyrsc, tmp, WPA_KEY_RSC_LEN);
1626 #else /* WORDS_BIGENDIAN */
1627 os_memcpy(&wk.ik_keyrsc, seq, seq_len);
1628 #endif /* WORDS_BIGENDIAN */
1629 os_memcpy(wk.ik_keydata, key, key_len);
1631 return set80211priv(drv, IEEE80211_IOCTL_SETKEY, &wk, sizeof(wk), 1);
1635 wpa_driver_madwifi_set_countermeasures(void *priv, int enabled)
1637 struct wpa_driver_madwifi_data *drv = priv;
1638 wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled);
1639 return set80211param(drv, IEEE80211_PARAM_COUNTERMEASURES, enabled, 1);
1643 wpa_driver_madwifi_deauthenticate(void *priv, const u8 *addr, int reason_code)
1645 struct wpa_driver_madwifi_data *drv = priv;
1646 struct ieee80211req_mlme mlme;
1648 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1649 mlme.im_op = IEEE80211_MLME_DEAUTH;
1650 mlme.im_reason = reason_code;
1651 os_memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
1652 return set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme), 1);
1656 wpa_driver_madwifi_disassociate(void *priv, const u8 *addr, int reason_code)
1658 struct wpa_driver_madwifi_data *drv = priv;
1659 struct ieee80211req_mlme mlme;
1661 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1662 mlme.im_op = IEEE80211_MLME_DISASSOC;
1663 mlme.im_reason = reason_code;
1664 os_memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
1665 return set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme), 1);
1669 wpa_driver_madwifi_associate(void *priv,
1670 struct wpa_driver_associate_params *params)
1672 struct wpa_driver_madwifi_data *drv = priv;
1673 struct ieee80211req_mlme mlme;
1674 int ret = 0, privacy = 1;
1676 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1678 if (set80211param(drv, IEEE80211_PARAM_DROPUNENCRYPTED,
1679 params->drop_unencrypted, 1) < 0)
1681 if (wpa_driver_madwifi_set_auth_alg(drv, params->auth_alg) < 0)
1685 * NB: Don't need to set the freq or cipher-related state as
1686 * this is implied by the bssid which is used to locate
1687 * the scanned node state which holds it. The ssid is
1688 * needed to disambiguate an AP that broadcasts multiple
1689 * ssid's but uses the same bssid.
1691 /* XXX error handling is wrong but unclear what to do... */
1692 if (wpa_driver_madwifi_set_wpa_ie(drv, params->wpa_ie,
1693 params->wpa_ie_len) < 0)
1696 if (params->pairwise_suite == CIPHER_NONE &&
1697 params->group_suite == CIPHER_NONE &&
1698 params->key_mgmt_suite == KEY_MGMT_NONE &&
1699 params->wpa_ie_len == 0)
1702 if (set80211param(drv, IEEE80211_PARAM_PRIVACY, privacy, 1) < 0)
1705 if (params->wpa_ie_len &&
1706 set80211param(drv, IEEE80211_PARAM_WPA,
1707 params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1, 1) < 0)
1710 if (params->bssid == NULL) {
1711 /* ap_scan=2 mode - driver takes care of AP selection and
1713 /* FIX: this does not seem to work; would probably need to
1714 * change something in the driver */
1715 if (set80211param(drv, IEEE80211_PARAM_ROAMING, 0, 1) < 0)
1718 if (wpa_driver_wext_set_ssid(drv->wext, params->ssid,
1719 params->ssid_len) < 0)
1722 if (set80211param(drv, IEEE80211_PARAM_ROAMING, 2, 1) < 0)
1724 if (wpa_driver_wext_set_ssid(drv->wext, params->ssid,
1725 params->ssid_len) < 0)
1727 os_memset(&mlme, 0, sizeof(mlme));
1728 mlme.im_op = IEEE80211_MLME_ASSOC;
1729 os_memcpy(mlme.im_macaddr, params->bssid, IEEE80211_ADDR_LEN);
1730 if (set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme,
1731 sizeof(mlme), 1) < 0) {
1732 wpa_printf(MSG_DEBUG, "%s: SETMLME[ASSOC] failed",
1742 wpa_driver_madwifi_set_auth_alg(void *priv, int auth_alg)
1744 struct wpa_driver_madwifi_data *drv = priv;
1747 if ((auth_alg & AUTH_ALG_OPEN_SYSTEM) &&
1748 (auth_alg & AUTH_ALG_SHARED_KEY))
1749 authmode = IEEE80211_AUTH_AUTO;
1750 else if (auth_alg & AUTH_ALG_SHARED_KEY)
1751 authmode = IEEE80211_AUTH_SHARED;
1753 authmode = IEEE80211_AUTH_OPEN;
1755 return set80211param(drv, IEEE80211_PARAM_AUTHMODE, authmode, 1);
1759 wpa_driver_madwifi_scan(void *priv, struct wpa_driver_scan_params *params)
1761 struct wpa_driver_madwifi_data *drv = priv;
1764 const u8 *ssid = params->ssids[0].ssid;
1765 size_t ssid_len = params->ssids[0].ssid_len;
1767 wpa_driver_madwifi_set_probe_req_ie(drv, params->extra_ies,
1768 params->extra_ies_len);
1770 os_memset(&iwr, 0, sizeof(iwr));
1771 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1773 /* set desired ssid before scan */
1774 /* FIX: scan should not break the current association, so using
1775 * set_ssid may not be the best way of doing this.. */
1776 if (wpa_driver_wext_set_ssid(drv->wext, ssid, ssid_len) < 0)
1779 if (ioctl(drv->sock, SIOCSIWSCAN, &iwr) < 0) {
1780 perror("ioctl[SIOCSIWSCAN]");
1785 * madwifi delivers a scan complete event so no need to poll, but
1786 * register a backup timeout anyway to make sure that we recover even
1787 * if the driver does not send this event for any reason. This timeout
1788 * will only be used if the event is not delivered (event handler will
1789 * cancel the timeout).
1791 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv->wext,
1793 eloop_register_timeout(30, 0, wpa_driver_wext_scan_timeout, drv->wext,
1799 static int wpa_driver_madwifi_get_bssid(void *priv, u8 *bssid)
1801 struct wpa_driver_madwifi_data *drv = priv;
1802 return wpa_driver_wext_get_bssid(drv->wext, bssid);
1806 static int wpa_driver_madwifi_get_ssid(void *priv, u8 *ssid)
1808 struct wpa_driver_madwifi_data *drv = priv;
1809 return wpa_driver_wext_get_ssid(drv->wext, ssid);
1813 static struct wpa_scan_results *
1814 wpa_driver_madwifi_get_scan_results(void *priv)
1816 struct wpa_driver_madwifi_data *drv = priv;
1817 return wpa_driver_wext_get_scan_results(drv->wext);
1821 static int wpa_driver_madwifi_set_operstate(void *priv, int state)
1823 struct wpa_driver_madwifi_data *drv = priv;
1824 return wpa_driver_wext_set_operstate(drv->wext, state);
1828 static int wpa_driver_madwifi_set_probe_req_ie(void *priv, const u8 *ies,
1831 struct ieee80211req_getset_appiebuf *probe_req_ie;
1834 probe_req_ie = os_malloc(sizeof(*probe_req_ie) + ies_len);
1835 if (probe_req_ie == NULL)
1838 probe_req_ie->app_frmtype = IEEE80211_APPIE_FRAME_PROBE_REQ;
1839 probe_req_ie->app_buflen = ies_len;
1840 os_memcpy(probe_req_ie->app_buf, ies, ies_len);
1842 ret = set80211priv(priv, IEEE80211_IOCTL_SET_APPIEBUF, probe_req_ie,
1843 sizeof(struct ieee80211req_getset_appiebuf) +
1846 os_free(probe_req_ie);
1852 static void * wpa_driver_madwifi_init(void *ctx, const char *ifname)
1854 struct wpa_driver_madwifi_data *drv;
1856 drv = os_zalloc(sizeof(*drv));
1859 drv->wext = wpa_driver_wext_init(ctx, ifname);
1860 if (drv->wext == NULL)
1864 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
1865 drv->sock = socket(PF_INET, SOCK_DGRAM, 0);
1869 if (set80211param(drv, IEEE80211_PARAM_ROAMING, 2, 1) < 0) {
1870 wpa_printf(MSG_DEBUG, "%s: failed to set wpa_supplicant-based "
1871 "roaming", __FUNCTION__);
1875 if (set80211param(drv, IEEE80211_PARAM_WPA, 3, 1) < 0) {
1876 wpa_printf(MSG_DEBUG, "%s: failed to enable WPA support",
1886 wpa_driver_wext_deinit(drv->wext);
1893 static void wpa_driver_madwifi_deinit(void *priv)
1895 struct wpa_driver_madwifi_data *drv = priv;
1897 if (wpa_driver_madwifi_set_wpa_ie(drv, NULL, 0) < 0) {
1898 wpa_printf(MSG_DEBUG, "%s: failed to clear WPA IE",
1901 if (set80211param(drv, IEEE80211_PARAM_ROAMING, 0, 1) < 0) {
1902 wpa_printf(MSG_DEBUG, "%s: failed to enable driver-based "
1903 "roaming", __FUNCTION__);
1905 if (set80211param(drv, IEEE80211_PARAM_PRIVACY, 0, 1) < 0) {
1906 wpa_printf(MSG_DEBUG, "%s: failed to disable forced Privacy "
1907 "flag", __FUNCTION__);
1909 if (set80211param(drv, IEEE80211_PARAM_WPA, 0, 1) < 0) {
1910 wpa_printf(MSG_DEBUG, "%s: failed to disable WPA",
1914 wpa_driver_wext_deinit(drv->wext);
1920 #endif /* HOSTAPD */
1923 const struct wpa_driver_ops wpa_driver_madwifi_ops = {
1925 .desc = "MADWIFI 802.11 support (Atheros, etc.)",
1926 .set_key = wpa_driver_madwifi_set_key,
1928 .hapd_init = madwifi_init,
1929 .hapd_deinit = madwifi_deinit,
1930 .set_ieee8021x = madwifi_set_ieee8021x,
1931 .set_privacy = madwifi_set_privacy,
1932 .get_seqnum = madwifi_get_seqnum,
1933 .flush = madwifi_flush,
1934 .set_generic_elem = madwifi_set_opt_ie,
1935 .sta_set_flags = madwifi_sta_set_flags,
1936 .read_sta_data = madwifi_read_sta_driver_data,
1937 .hapd_send_eapol = madwifi_send_eapol,
1938 .sta_disassoc = madwifi_sta_disassoc,
1939 .sta_deauth = madwifi_sta_deauth,
1940 .hapd_set_ssid = madwifi_set_ssid,
1941 .hapd_get_ssid = madwifi_get_ssid,
1942 .hapd_set_countermeasures = madwifi_set_countermeasures,
1943 .sta_clear_stats = madwifi_sta_clear_stats,
1944 .commit = madwifi_commit,
1945 .set_wps_beacon_ie = madwifi_set_wps_beacon_ie,
1946 .set_wps_probe_resp_ie = madwifi_set_wps_probe_resp_ie,
1948 .get_bssid = wpa_driver_madwifi_get_bssid,
1949 .get_ssid = wpa_driver_madwifi_get_ssid,
1950 .init = wpa_driver_madwifi_init,
1951 .deinit = wpa_driver_madwifi_deinit,
1952 .set_countermeasures = wpa_driver_madwifi_set_countermeasures,
1953 .scan2 = wpa_driver_madwifi_scan,
1954 .get_scan_results2 = wpa_driver_madwifi_get_scan_results,
1955 .deauthenticate = wpa_driver_madwifi_deauthenticate,
1956 .disassociate = wpa_driver_madwifi_disassociate,
1957 .associate = wpa_driver_madwifi_associate,
1958 .set_operstate = wpa_driver_madwifi_set_operstate,
1959 #endif /* HOSTAPD */