2 * WPA Supplicant - driver interaction with generic Linux Wireless Extensions
3 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
14 * This file implements a driver interface for the Linux Wireless Extensions.
15 * When used with WE-18 or newer, this interface can be used as-is with number
16 * of drivers. In addition to this, some of the common functions in this file
17 * can be used by other driver interface implementations that use generic WE
18 * ioctls, but require private ioctls for some of the functionality.
22 #include <sys/ioctl.h>
23 #include <net/if_arp.h>
25 #include "wireless_copy.h"
29 #include "priv_netlink.h"
30 #include "driver_wext.h"
31 #include "ieee802_11_defs.h"
33 #ifdef CONFIG_CLIENT_MLME
34 #include <netpacket/packet.h>
35 /* old definitions from net/mac80211 */
37 typedef u32 __bitwise __be32;
38 typedef u64 __bitwise __be64;
40 #define PRISM2_IOCTL_PRISM2_PARAM (SIOCIWFIRSTPRIV + 0)
41 #define PRISM2_IOCTL_GET_PRISM2_PARAM (SIOCIWFIRSTPRIV + 1)
42 #define PRISM2_IOCTL_HOSTAPD (SIOCIWFIRSTPRIV + 3)
44 #define PRISM2_PARAM_USER_SPACE_MLME 1045
45 #define PRISM2_PARAM_MGMT_IF 1046
46 #define PRISM2_HOSTAPD_ADD_STA 2
47 #define PRISM2_HOSTAPD_REMOVE_STA 3
48 #define PRISM2_HOSTAPD_GET_HW_FEATURES 1002
49 #define PRISM2_HOSTAPD_MAX_BUF_SIZE 2048
52 #define ALIGNED __attribute__ ((aligned))
55 struct prism2_hostapd_param {
57 u8 sta_addr[ETH_ALEN];
65 #define IEEE80211_STA_DYNAMIC_ENC BIT(0)
72 u8 data[0] ALIGNED; /* num_modes * feature data */
75 u16 mode; /* MODE_* */
76 u16 num_supported_rates;
78 u8 data[0] ALIGNED; /* num_supported_rates * u16 +
79 * num_basic_rates * u16 */
82 u16 mode; /* MODE_* */
85 u8 power_level; /* regulatory limit in dBm */
90 } set_regulatory_domain;
96 u32 burst_time; /* maximum burst time in 0.1 ms, i.e.,
102 struct hostapd_ioctl_hw_modes_hdr {
109 * frame format for the management interface that is slated
110 * to be replaced by "cooked monitor" with radiotap
112 #define IEEE80211_FI_VERSION 0x80211001
113 struct ieee80211_frame_info {
129 /* Note: this structure is otherwise identical to capture format used
130 * in linux-wlan-ng, but this additional field is used to provide meta
131 * data about the frame to hostapd. This was the easiest method for
132 * providing this information, but this might change in the future. */
134 } __attribute__ ((packed));
136 /* old mode definitions */
138 MODE_IEEE80211A = 0 /* IEEE 802.11a */,
139 MODE_IEEE80211B = 1 /* IEEE 802.11b only */,
140 MODE_ATHEROS_TURBO = 2 /* Atheros Turbo mode (2x.11a at 5 GHz) */,
141 MODE_IEEE80211G = 3 /* IEEE 802.11g (and 802.11b compatibility) */,
142 MODE_ATHEROS_TURBOG = 4 /* Atheros Turbo mode (2x.11g at 2.4 GHz) */,
143 NUM_IEEE80211_MODES = 5
147 #define ETH_P_ALL 0x0003
149 #endif /* CONFIG_CLIENT_MLME */
152 struct wpa_driver_wext_data {
157 char ifname[IFNAMSIZ + 1];
161 size_t assoc_req_ies_len;
163 size_t assoc_resp_ies_len;
164 struct wpa_driver_capa capa;
166 int we_version_compiled;
168 /* for set_auth_alg fallback */
170 int auth_alg_fallback;
174 char mlmedev[IFNAMSIZ + 1];
176 int scan_complete_events;
180 static int wpa_driver_wext_flush_pmkid(void *priv);
181 static int wpa_driver_wext_get_range(void *priv);
183 static int wpa_driver_wext_send_oper_ifla(struct wpa_driver_wext_data *drv,
184 int linkmode, int operstate)
188 struct ifinfomsg ifinfo;
195 os_memset(&req, 0, sizeof(req));
197 req.hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
198 req.hdr.nlmsg_type = RTM_SETLINK;
199 req.hdr.nlmsg_flags = NLM_F_REQUEST;
200 req.hdr.nlmsg_seq = ++nl_seq;
201 req.hdr.nlmsg_pid = 0;
203 req.ifinfo.ifi_family = AF_UNSPEC;
204 req.ifinfo.ifi_type = 0;
205 req.ifinfo.ifi_index = drv->ifindex;
206 req.ifinfo.ifi_flags = 0;
207 req.ifinfo.ifi_change = 0;
209 if (linkmode != -1) {
210 rta = (struct rtattr *)
211 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
212 rta->rta_type = IFLA_LINKMODE;
213 rta->rta_len = RTA_LENGTH(sizeof(char));
214 *((char *) RTA_DATA(rta)) = linkmode;
215 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
216 RTA_LENGTH(sizeof(char));
218 if (operstate != -1) {
219 rta = (struct rtattr *)
220 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
221 rta->rta_type = IFLA_OPERSTATE;
222 rta->rta_len = RTA_LENGTH(sizeof(char));
223 *((char *) RTA_DATA(rta)) = operstate;
224 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
225 RTA_LENGTH(sizeof(char));
228 wpa_printf(MSG_DEBUG, "WEXT: Operstate: linkmode=%d, operstate=%d",
229 linkmode, operstate);
231 ret = send(drv->event_sock, &req, req.hdr.nlmsg_len, 0);
233 wpa_printf(MSG_DEBUG, "WEXT: Sending operstate IFLA failed: "
234 "%s (assume operstate is not supported)",
238 return ret < 0 ? -1 : 0;
242 static int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv,
248 os_memset(&iwr, 0, sizeof(iwr));
249 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
250 iwr.u.param.flags = idx & IW_AUTH_INDEX;
251 iwr.u.param.value = value;
253 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
254 perror("ioctl[SIOCSIWAUTH]");
255 fprintf(stderr, "WEXT auth param %d value 0x%x - ",
257 ret = errno == EOPNOTSUPP ? -2 : -1;
265 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP
266 * @priv: Pointer to private wext data from wpa_driver_wext_init()
267 * @bssid: Buffer for BSSID
268 * Returns: 0 on success, -1 on failure
270 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid)
272 struct wpa_driver_wext_data *drv = priv;
276 os_memset(&iwr, 0, sizeof(iwr));
277 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
279 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
280 perror("ioctl[SIOCGIWAP]");
283 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
290 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP
291 * @priv: Pointer to private wext data from wpa_driver_wext_init()
293 * Returns: 0 on success, -1 on failure
295 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid)
297 struct wpa_driver_wext_data *drv = priv;
301 os_memset(&iwr, 0, sizeof(iwr));
302 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
303 iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
305 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
307 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
309 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
310 perror("ioctl[SIOCSIWAP]");
319 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID
320 * @priv: Pointer to private wext data from wpa_driver_wext_init()
321 * @ssid: Buffer for the SSID; must be at least 32 bytes long
322 * Returns: SSID length on success, -1 on failure
324 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid)
326 struct wpa_driver_wext_data *drv = priv;
330 os_memset(&iwr, 0, sizeof(iwr));
331 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
332 iwr.u.essid.pointer = (caddr_t) ssid;
333 iwr.u.essid.length = 32;
335 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
336 perror("ioctl[SIOCGIWESSID]");
339 ret = iwr.u.essid.length;
342 /* Some drivers include nul termination in the SSID, so let's
343 * remove it here before further processing. WE-21 changes this
344 * to explicitly require the length _not_ to include nul
346 if (ret > 0 && ssid[ret - 1] == '\0' &&
347 drv->we_version_compiled < 21)
356 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID
357 * @priv: Pointer to private wext data from wpa_driver_wext_init()
359 * @ssid_len: Length of SSID (0..32)
360 * Returns: 0 on success, -1 on failure
362 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
364 struct wpa_driver_wext_data *drv = priv;
372 os_memset(&iwr, 0, sizeof(iwr));
373 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
374 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */
375 iwr.u.essid.flags = (ssid_len != 0);
376 os_memset(buf, 0, sizeof(buf));
377 os_memcpy(buf, ssid, ssid_len);
378 iwr.u.essid.pointer = (caddr_t) buf;
379 if (drv->we_version_compiled < 21) {
380 /* For historic reasons, set SSID length to include one extra
381 * character, C string nul termination, even though SSID is
382 * really an octet string that should not be presented as a C
383 * string. Some Linux drivers decrement the length by one and
384 * can thus end up missing the last octet of the SSID if the
385 * length is not incremented here. WE-21 changes this to
386 * explicitly require the length _not_ to include nul
391 iwr.u.essid.length = ssid_len;
393 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
394 perror("ioctl[SIOCSIWESSID]");
403 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ
404 * @priv: Pointer to private wext data from wpa_driver_wext_init()
405 * @freq: Frequency in MHz
406 * Returns: 0 on success, -1 on failure
408 int wpa_driver_wext_set_freq(void *priv, int freq)
410 struct wpa_driver_wext_data *drv = priv;
414 os_memset(&iwr, 0, sizeof(iwr));
415 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
416 iwr.u.freq.m = freq * 100000;
419 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
420 perror("ioctl[SIOCSIWFREQ]");
429 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
431 union wpa_event_data data;
433 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
436 os_memset(&data, 0, sizeof(data));
438 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
439 data.michael_mic_failure.unicast =
440 os_strstr(custom, " unicast ") != NULL;
441 /* TODO: parse parameters(?) */
442 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
443 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
449 bytes = strspn(spos, "0123456789abcdefABCDEF");
450 if (!bytes || (bytes & 1))
454 data.assoc_info.req_ies = os_malloc(bytes);
455 if (data.assoc_info.req_ies == NULL)
458 data.assoc_info.req_ies_len = bytes;
459 hexstr2bin(spos, data.assoc_info.req_ies, bytes);
463 data.assoc_info.resp_ies = NULL;
464 data.assoc_info.resp_ies_len = 0;
466 if (os_strncmp(spos, " RespIEs=", 9) == 0) {
469 bytes = strspn(spos, "0123456789abcdefABCDEF");
470 if (!bytes || (bytes & 1))
474 data.assoc_info.resp_ies = os_malloc(bytes);
475 if (data.assoc_info.resp_ies == NULL)
478 data.assoc_info.resp_ies_len = bytes;
479 hexstr2bin(spos, data.assoc_info.resp_ies, bytes);
482 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
485 os_free(data.assoc_info.resp_ies);
486 os_free(data.assoc_info.req_ies);
487 #ifdef CONFIG_PEERKEY
488 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
489 if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
490 wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
491 "STKSTART.request '%s'", custom + 17);
494 wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
495 #endif /* CONFIG_PEERKEY */
500 static int wpa_driver_wext_event_wireless_michaelmicfailure(
501 void *ctx, const char *ev, size_t len)
503 const struct iw_michaelmicfailure *mic;
504 union wpa_event_data data;
506 if (len < sizeof(*mic))
509 mic = (const struct iw_michaelmicfailure *) ev;
511 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
512 "flags=0x%x src_addr=" MACSTR, mic->flags,
513 MAC2STR(mic->src_addr.sa_data));
515 os_memset(&data, 0, sizeof(data));
516 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
517 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
523 static int wpa_driver_wext_event_wireless_pmkidcand(
524 struct wpa_driver_wext_data *drv, const char *ev, size_t len)
526 const struct iw_pmkid_cand *cand;
527 union wpa_event_data data;
530 if (len < sizeof(*cand))
533 cand = (const struct iw_pmkid_cand *) ev;
534 addr = (const u8 *) cand->bssid.sa_data;
536 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
537 "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
538 cand->index, MAC2STR(addr));
540 os_memset(&data, 0, sizeof(data));
541 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
542 data.pmkid_candidate.index = cand->index;
543 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
544 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
550 static int wpa_driver_wext_event_wireless_assocreqie(
551 struct wpa_driver_wext_data *drv, const char *ev, int len)
556 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
558 os_free(drv->assoc_req_ies);
559 drv->assoc_req_ies = os_malloc(len);
560 if (drv->assoc_req_ies == NULL) {
561 drv->assoc_req_ies_len = 0;
564 os_memcpy(drv->assoc_req_ies, ev, len);
565 drv->assoc_req_ies_len = len;
571 static int wpa_driver_wext_event_wireless_assocrespie(
572 struct wpa_driver_wext_data *drv, const char *ev, int len)
577 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
579 os_free(drv->assoc_resp_ies);
580 drv->assoc_resp_ies = os_malloc(len);
581 if (drv->assoc_resp_ies == NULL) {
582 drv->assoc_resp_ies_len = 0;
585 os_memcpy(drv->assoc_resp_ies, ev, len);
586 drv->assoc_resp_ies_len = len;
592 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv)
594 union wpa_event_data data;
596 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
599 os_memset(&data, 0, sizeof(data));
600 if (drv->assoc_req_ies) {
601 data.assoc_info.req_ies = drv->assoc_req_ies;
602 drv->assoc_req_ies = NULL;
603 data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
605 if (drv->assoc_resp_ies) {
606 data.assoc_info.resp_ies = drv->assoc_resp_ies;
607 drv->assoc_resp_ies = NULL;
608 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
611 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
613 os_free(data.assoc_info.req_ies);
614 os_free(data.assoc_info.resp_ies);
618 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
619 void *ctx, char *data, int len)
621 struct iw_event iwe_buf, *iwe = &iwe_buf;
622 char *pos, *end, *custom, *buf;
627 while (pos + IW_EV_LCP_LEN <= end) {
628 /* Event data may be unaligned, so make a local, aligned copy
629 * before processing. */
630 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
631 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
633 if (iwe->len <= IW_EV_LCP_LEN)
636 custom = pos + IW_EV_POINT_LEN;
637 if (drv->we_version_compiled > 18 &&
638 (iwe->cmd == IWEVMICHAELMICFAILURE ||
639 iwe->cmd == IWEVCUSTOM ||
640 iwe->cmd == IWEVASSOCREQIE ||
641 iwe->cmd == IWEVASSOCRESPIE ||
642 iwe->cmd == IWEVPMKIDCAND)) {
643 /* WE-19 removed the pointer from struct iw_point */
644 char *dpos = (char *) &iwe_buf.u.data.length;
645 int dlen = dpos - (char *) &iwe_buf;
646 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
647 sizeof(struct iw_event) - dlen);
649 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
650 custom += IW_EV_POINT_OFF;
655 wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
657 MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
658 if (os_memcmp(iwe->u.ap_addr.sa_data,
659 "\x00\x00\x00\x00\x00\x00", ETH_ALEN) ==
661 os_memcmp(iwe->u.ap_addr.sa_data,
662 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
664 os_free(drv->assoc_req_ies);
665 drv->assoc_req_ies = NULL;
666 os_free(drv->assoc_resp_ies);
667 drv->assoc_resp_ies = NULL;
668 wpa_supplicant_event(ctx, EVENT_DISASSOC,
672 wpa_driver_wext_event_assoc_ies(drv);
673 wpa_supplicant_event(ctx, EVENT_ASSOC, NULL);
676 case IWEVMICHAELMICFAILURE:
677 wpa_driver_wext_event_wireless_michaelmicfailure(
678 ctx, custom, iwe->u.data.length);
681 if (custom + iwe->u.data.length > end)
683 buf = os_malloc(iwe->u.data.length + 1);
686 os_memcpy(buf, custom, iwe->u.data.length);
687 buf[iwe->u.data.length] = '\0';
688 wpa_driver_wext_event_wireless_custom(ctx, buf);
692 drv->scan_complete_events = 1;
693 eloop_cancel_timeout(wpa_driver_wext_scan_timeout,
695 wpa_supplicant_event(ctx, EVENT_SCAN_RESULTS, NULL);
698 wpa_driver_wext_event_wireless_assocreqie(
699 drv, custom, iwe->u.data.length);
701 case IWEVASSOCRESPIE:
702 wpa_driver_wext_event_wireless_assocrespie(
703 drv, custom, iwe->u.data.length);
706 wpa_driver_wext_event_wireless_pmkidcand(
707 drv, custom, iwe->u.data.length);
716 static void wpa_driver_wext_event_link(void *ctx, char *buf, size_t len,
719 union wpa_event_data event;
721 os_memset(&event, 0, sizeof(event));
722 if (len > sizeof(event.interface_status.ifname))
723 len = sizeof(event.interface_status.ifname) - 1;
724 os_memcpy(event.interface_status.ifname, buf, len);
725 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
726 EVENT_INTERFACE_ADDED;
728 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
730 event.interface_status.ifname,
731 del ? "removed" : "added");
733 wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event);
737 static void wpa_driver_wext_event_rtm_newlink(struct wpa_driver_wext_data *drv,
738 void *ctx, struct nlmsghdr *h,
741 struct ifinfomsg *ifi;
742 int attrlen, nlmsg_len, rta_len;
743 struct rtattr * attr;
745 if (len < sizeof(*ifi))
750 if (drv->ifindex != ifi->ifi_index && drv->ifindex2 != ifi->ifi_index)
752 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
757 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
759 drv->operstate, ifi->ifi_flags,
760 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
761 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
762 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
763 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT" : "");
765 * Some drivers send the association event before the operup event--in
766 * this case, lifting operstate in wpa_driver_wext_set_operstate()
767 * fails. This will hit us when wpa_supplicant does not need to do
768 * IEEE 802.1X authentication
770 if (drv->operstate == 1 &&
771 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
772 !(ifi->ifi_flags & IFF_RUNNING))
773 wpa_driver_wext_send_oper_ifla(drv, -1, IF_OPER_UP);
775 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
777 attrlen = h->nlmsg_len - nlmsg_len;
781 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
783 rta_len = RTA_ALIGN(sizeof(struct rtattr));
784 while (RTA_OK(attr, attrlen)) {
785 if (attr->rta_type == IFLA_WIRELESS) {
786 wpa_driver_wext_event_wireless(
787 drv, ctx, ((char *) attr) + rta_len,
788 attr->rta_len - rta_len);
789 } else if (attr->rta_type == IFLA_IFNAME) {
790 wpa_driver_wext_event_link(ctx,
791 ((char *) attr) + rta_len,
792 attr->rta_len - rta_len, 0);
794 attr = RTA_NEXT(attr, attrlen);
799 static void wpa_driver_wext_event_rtm_dellink(struct wpa_driver_wext_data *drv,
800 void *ctx, struct nlmsghdr *h,
803 struct ifinfomsg *ifi;
804 int attrlen, nlmsg_len, rta_len;
805 struct rtattr * attr;
807 if (len < sizeof(*ifi))
812 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
814 attrlen = h->nlmsg_len - nlmsg_len;
818 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
820 rta_len = RTA_ALIGN(sizeof(struct rtattr));
821 while (RTA_OK(attr, attrlen)) {
822 if (attr->rta_type == IFLA_IFNAME) {
823 wpa_driver_wext_event_link(ctx,
824 ((char *) attr) + rta_len,
825 attr->rta_len - rta_len, 1);
827 attr = RTA_NEXT(attr, attrlen);
832 static void wpa_driver_wext_event_receive(int sock, void *eloop_ctx,
837 struct sockaddr_nl from;
843 fromlen = sizeof(from);
844 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
845 (struct sockaddr *) &from, &fromlen);
847 if (errno != EINTR && errno != EAGAIN)
848 perror("recvfrom(netlink)");
852 h = (struct nlmsghdr *) buf;
853 while (left >= (int) sizeof(*h)) {
857 plen = len - sizeof(*h);
858 if (len > left || plen < 0) {
859 wpa_printf(MSG_DEBUG, "Malformed netlink message: "
860 "len=%d left=%d plen=%d",
865 switch (h->nlmsg_type) {
867 wpa_driver_wext_event_rtm_newlink(eloop_ctx, sock_ctx,
871 wpa_driver_wext_event_rtm_dellink(eloop_ctx, sock_ctx,
876 len = NLMSG_ALIGN(len);
878 h = (struct nlmsghdr *) ((char *) h + len);
882 wpa_printf(MSG_DEBUG, "%d extra bytes in the end of netlink "
886 if (--max_events > 0) {
888 * Try to receive all events in one eloop call in order to
889 * limit race condition on cases where AssocInfo event, Assoc
890 * event, and EAPOL frames are received more or less at the
891 * same time. We want to process the event messages first
892 * before starting EAPOL processing.
899 static int wpa_driver_wext_get_ifflags_ifname(struct wpa_driver_wext_data *drv,
900 const char *ifname, int *flags)
904 os_memset(&ifr, 0, sizeof(ifr));
905 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
906 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
907 perror("ioctl[SIOCGIFFLAGS]");
910 *flags = ifr.ifr_flags & 0xffff;
916 * wpa_driver_wext_get_ifflags - Get interface flags (SIOCGIFFLAGS)
917 * @drv: driver_wext private data
918 * @flags: Pointer to returned flags value
919 * Returns: 0 on success, -1 on failure
921 int wpa_driver_wext_get_ifflags(struct wpa_driver_wext_data *drv, int *flags)
923 return wpa_driver_wext_get_ifflags_ifname(drv, drv->ifname, flags);
927 static int wpa_driver_wext_set_ifflags_ifname(struct wpa_driver_wext_data *drv,
928 const char *ifname, int flags)
932 os_memset(&ifr, 0, sizeof(ifr));
933 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
934 ifr.ifr_flags = flags & 0xffff;
935 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
936 perror("SIOCSIFFLAGS");
943 #ifdef CONFIG_CLIENT_MLME
945 static int wpa_driver_prism2_param_set(struct wpa_driver_wext_data *drv,
946 int param, int value)
951 os_memset(&iwr, 0, sizeof(iwr));
952 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
953 i = (int *) iwr.u.name;
957 return ioctl(drv->ioctl_sock, PRISM2_IOCTL_PRISM2_PARAM, &iwr);
961 static int wpa_driver_prism2_param_get(struct wpa_driver_wext_data *drv,
967 os_memset(&iwr, 0, sizeof(iwr));
968 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
969 i = (int *) iwr.u.name;
972 if (ioctl(drv->ioctl_sock, PRISM2_IOCTL_GET_PRISM2_PARAM, &iwr) < 0) {
973 perror("ioctl[PRISM2_IOCTL_GET_PRISM2_PARAM]");
980 #endif /* CONFIG_CLIENT_MLME */
984 * wpa_driver_wext_set_ifflags - Set interface flags (SIOCSIFFLAGS)
985 * @drv: driver_wext private data
986 * @flags: New value for flags
987 * Returns: 0 on success, -1 on failure
989 int wpa_driver_wext_set_ifflags(struct wpa_driver_wext_data *drv, int flags)
991 return wpa_driver_wext_set_ifflags_ifname(drv, drv->ifname, flags);
996 * wpa_driver_wext_init - Initialize WE driver interface
997 * @ctx: context to be used when calling wpa_supplicant functions,
998 * e.g., wpa_supplicant_event()
999 * @ifname: interface name, e.g., wlan0
1000 * Returns: Pointer to private data, %NULL on failure
1002 void * wpa_driver_wext_init(void *ctx, const char *ifname)
1005 struct sockaddr_nl local;
1006 struct wpa_driver_wext_data *drv;
1008 drv = os_zalloc(sizeof(*drv));
1012 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
1014 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1015 if (drv->ioctl_sock < 0) {
1016 perror("socket(PF_INET,SOCK_DGRAM)");
1021 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
1023 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
1024 close(drv->ioctl_sock);
1029 os_memset(&local, 0, sizeof(local));
1030 local.nl_family = AF_NETLINK;
1031 local.nl_groups = RTMGRP_LINK;
1032 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
1033 perror("bind(netlink)");
1035 close(drv->ioctl_sock);
1040 eloop_register_read_sock(s, wpa_driver_wext_event_receive, drv, ctx);
1041 drv->event_sock = s;
1043 drv->mlme_sock = -1;
1045 if (wpa_driver_wext_get_ifflags(drv, &flags) != 0)
1046 printf("Could not get interface '%s' flags\n", drv->ifname);
1047 else if (!(flags & IFF_UP)) {
1048 if (wpa_driver_wext_set_ifflags(drv, flags | IFF_UP) != 0) {
1049 printf("Could not set interface '%s' UP\n",
1053 * Wait some time to allow driver to initialize before
1054 * starting configuring the driver. This seems to be
1055 * needed at least some drivers that load firmware etc.
1056 * when the interface is set up.
1058 wpa_printf(MSG_DEBUG, "Interface %s set UP - waiting "
1059 "a second for the driver to complete "
1060 "initialization", drv->ifname);
1066 * Make sure that the driver does not have any obsolete PMKID entries.
1068 wpa_driver_wext_flush_pmkid(drv);
1070 if (wpa_driver_wext_set_mode(drv, 0) < 0) {
1071 printf("Could not configure driver to use managed mode\n");
1074 wpa_driver_wext_get_range(drv);
1076 drv->ifindex = if_nametoindex(drv->ifname);
1078 if (os_strncmp(ifname, "wlan", 4) == 0) {
1080 * Host AP driver may use both wlan# and wifi# interface in
1081 * wireless events. Since some of the versions included WE-18
1082 * support, let's add the alternative ifindex also from
1083 * driver_wext.c for the time being. This may be removed at
1084 * some point once it is believed that old versions of the
1085 * driver are not in use anymore.
1087 char ifname2[IFNAMSIZ + 1];
1088 os_strlcpy(ifname2, ifname, sizeof(ifname2));
1089 os_memcpy(ifname2, "wifi", 4);
1090 wpa_driver_wext_alternative_ifindex(drv, ifname2);
1093 wpa_driver_wext_send_oper_ifla(drv, 1, IF_OPER_DORMANT);
1100 * wpa_driver_wext_deinit - Deinitialize WE driver interface
1101 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1103 * Shut down driver interface and processing of driver events. Free
1104 * private data buffer if one was allocated in wpa_driver_wext_init().
1106 void wpa_driver_wext_deinit(void *priv)
1108 struct wpa_driver_wext_data *drv = priv;
1111 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1114 * Clear possibly configured driver parameters in order to make it
1115 * easier to use the driver after wpa_supplicant has been terminated.
1117 (void) wpa_driver_wext_set_bssid(drv,
1118 (u8 *) "\x00\x00\x00\x00\x00\x00");
1120 wpa_driver_wext_send_oper_ifla(priv, 0, IF_OPER_UP);
1122 eloop_unregister_read_sock(drv->event_sock);
1123 if (drv->mlme_sock >= 0)
1124 eloop_unregister_read_sock(drv->mlme_sock);
1126 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0)
1127 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP);
1129 #ifdef CONFIG_CLIENT_MLME
1130 if (drv->mlmedev[0]) {
1131 if (wpa_driver_wext_get_ifflags_ifname(drv, drv->mlmedev,
1133 (void) wpa_driver_wext_set_ifflags_ifname(
1134 drv, drv->mlmedev, flags & ~IFF_UP);
1135 wpa_driver_prism2_param_set(drv, PRISM2_PARAM_MGMT_IF, 0);
1136 wpa_driver_prism2_param_set(drv, PRISM2_PARAM_USER_SPACE_MLME,
1139 #endif /* CONFIG_CLIENT_MLME */
1141 close(drv->event_sock);
1142 close(drv->ioctl_sock);
1143 if (drv->mlme_sock >= 0)
1144 close(drv->mlme_sock);
1145 os_free(drv->assoc_req_ies);
1146 os_free(drv->assoc_resp_ies);
1152 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion
1153 * @eloop_ctx: Unused
1154 * @timeout_ctx: ctx argument given to wpa_driver_wext_init()
1156 * This function can be used as registered timeout when starting a scan to
1157 * generate a scan completed event if the driver does not report this.
1159 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1161 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1162 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1167 * wpa_driver_wext_scan - Request the driver to initiate scan
1168 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1169 * @ssid: Specific SSID to scan for (ProbeReq) or %NULL to scan for
1170 * all SSIDs (either active scan with broadcast SSID or passive
1172 * @ssid_len: Length of the SSID
1173 * Returns: 0 on success, -1 on failure
1175 int wpa_driver_wext_scan(void *priv, const u8 *ssid, size_t ssid_len)
1177 struct wpa_driver_wext_data *drv = priv;
1179 int ret = 0, timeout;
1180 struct iw_scan_req req;
1182 if (ssid_len > IW_ESSID_MAX_SIZE) {
1183 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
1184 __FUNCTION__, (unsigned long) ssid_len);
1188 os_memset(&iwr, 0, sizeof(iwr));
1189 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1191 if (ssid && ssid_len) {
1192 os_memset(&req, 0, sizeof(req));
1193 req.essid_len = ssid_len;
1194 req.bssid.sa_family = ARPHRD_ETHER;
1195 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
1196 os_memcpy(req.essid, ssid, ssid_len);
1197 iwr.u.data.pointer = (caddr_t) &req;
1198 iwr.u.data.length = sizeof(req);
1199 iwr.u.data.flags = IW_SCAN_THIS_ESSID;
1202 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
1203 perror("ioctl[SIOCSIWSCAN]");
1207 /* Not all drivers generate "scan completed" wireless event, so try to
1208 * read results after a timeout. */
1210 if (drv->scan_complete_events) {
1212 * The driver seems to deliver SIOCGIWSCAN events to notify
1213 * when scan is complete, so use longer timeout to avoid race
1214 * conditions with scanning and following association request.
1218 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1219 "seconds", ret, timeout);
1220 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1221 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv,
1228 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv,
1235 res_buf_len = IW_SCAN_MAX_DATA;
1237 res_buf = os_malloc(res_buf_len);
1238 if (res_buf == NULL)
1240 os_memset(&iwr, 0, sizeof(iwr));
1241 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1242 iwr.u.data.pointer = res_buf;
1243 iwr.u.data.length = res_buf_len;
1245 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
1248 if (errno == E2BIG && res_buf_len < 100000) {
1252 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
1253 "trying larger buffer (%lu bytes)",
1254 (unsigned long) res_buf_len);
1256 perror("ioctl[SIOCGIWSCAN]");
1262 if (iwr.u.data.length > res_buf_len) {
1266 *len = iwr.u.data.length;
1273 * Data structure for collecting WEXT scan results. This is needed to allow
1274 * the various methods of reporting IEs to be combined into a single IE buffer.
1276 struct wext_scan_data {
1277 struct wpa_scan_res res;
1286 static void wext_get_scan_mode(struct iw_event *iwe,
1287 struct wext_scan_data *res)
1289 if (iwe->u.mode == IW_MODE_ADHOC)
1290 res->res.caps |= IEEE80211_CAP_IBSS;
1291 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA)
1292 res->res.caps |= IEEE80211_CAP_ESS;
1296 static void wext_get_scan_ssid(struct iw_event *iwe,
1297 struct wext_scan_data *res, char *custom,
1300 int ssid_len = iwe->u.essid.length;
1301 if (custom + ssid_len > end)
1303 if (iwe->u.essid.flags &&
1305 ssid_len <= IW_ESSID_MAX_SIZE) {
1306 os_memcpy(res->ssid, custom, ssid_len);
1307 res->ssid_len = ssid_len;
1312 static void wext_get_scan_freq(struct iw_event *iwe,
1313 struct wext_scan_data *res)
1315 int divi = 1000000, i;
1317 if (iwe->u.freq.e == 0) {
1319 * Some drivers do not report frequency, but a channel.
1320 * Try to map this to frequency by assuming they are using
1323 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
1324 res->res.freq = 2407 + 5 * iwe->u.freq.m;
1326 } else if (iwe->u.freq.m == 14) {
1327 res->res.freq = 2484;
1332 if (iwe->u.freq.e > 6) {
1333 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID="
1334 MACSTR " m=%d e=%d)",
1335 MAC2STR(res->res.bssid), iwe->u.freq.m,
1340 for (i = 0; i < iwe->u.freq.e; i++)
1342 res->res.freq = iwe->u.freq.m / divi;
1346 static void wext_get_scan_qual(struct iw_event *iwe,
1347 struct wext_scan_data *res)
1349 res->res.qual = iwe->u.qual.qual;
1350 res->res.noise = iwe->u.qual.noise;
1351 res->res.level = iwe->u.qual.level;
1355 static void wext_get_scan_encode(struct iw_event *iwe,
1356 struct wext_scan_data *res)
1358 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED))
1359 res->res.caps |= IEEE80211_CAP_PRIVACY;
1363 static void wext_get_scan_rate(struct iw_event *iwe,
1364 struct wext_scan_data *res, char *pos,
1368 char *custom = pos + IW_EV_LCP_LEN;
1373 if (custom + clen > end)
1376 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
1377 /* Note: may be misaligned, make a local, aligned copy */
1378 os_memcpy(&p, custom, sizeof(struct iw_param));
1379 if (p.value > maxrate)
1381 clen -= sizeof(struct iw_param);
1382 custom += sizeof(struct iw_param);
1384 res->maxrate = maxrate;
1388 static void wext_get_scan_iwevgenie(struct iw_event *iwe,
1389 struct wext_scan_data *res, char *custom,
1392 char *genie, *gpos, *gend;
1395 gpos = genie = custom;
1396 gend = genie + iwe->u.data.length;
1398 wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1402 tmp = os_realloc(res->ie, res->ie_len + gend - gpos);
1405 os_memcpy(tmp + res->ie_len, gpos, gend - gpos);
1407 res->ie_len += gend - gpos;
1411 static void wext_get_scan_custom(struct iw_event *iwe,
1412 struct wext_scan_data *res, char *custom,
1418 clen = iwe->u.data.length;
1419 if (custom + clen > end)
1422 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
1426 bytes = custom + clen - spos;
1430 tmp = os_realloc(res->ie, res->ie_len + bytes);
1433 hexstr2bin(spos, tmp + res->ie_len, bytes);
1435 res->ie_len += bytes;
1436 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) {
1440 bytes = custom + clen - spos;
1444 tmp = os_realloc(res->ie, res->ie_len + bytes);
1447 hexstr2bin(spos, tmp + res->ie_len, bytes);
1449 res->ie_len += bytes;
1450 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) {
1455 bytes = custom + clen - spos;
1457 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
1461 hexstr2bin(spos, bin, bytes);
1462 res->res.tsf += WPA_GET_BE64(bin);
1467 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd)
1469 return drv->we_version_compiled > 18 &&
1470 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE ||
1471 cmd == IWEVGENIE || cmd == IWEVCUSTOM);
1475 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res,
1476 struct wext_scan_data *data)
1478 struct wpa_scan_res **tmp;
1479 struct wpa_scan_res *r;
1481 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL;
1483 /* Figure out whether we need to fake any IEs */
1485 end = pos + data->ie_len;
1486 while (pos && pos + 1 < end) {
1487 if (pos + 2 + pos[1] > end)
1489 if (pos[0] == WLAN_EID_SSID)
1491 else if (pos[0] == WLAN_EID_SUPP_RATES)
1493 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES)
1499 if (ssid_ie == NULL)
1500 extra_len += 2 + data->ssid_len;
1501 if (rate_ie == NULL && data->maxrate)
1504 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len);
1507 os_memcpy(r, &data->res, sizeof(*r));
1508 r->ie_len = extra_len + data->ie_len;
1509 pos = (u8 *) (r + 1);
1510 if (ssid_ie == NULL) {
1512 * Generate a fake SSID IE since the driver did not report
1515 *pos++ = WLAN_EID_SSID;
1516 *pos++ = data->ssid_len;
1517 os_memcpy(pos, data->ssid, data->ssid_len);
1518 pos += data->ssid_len;
1520 if (rate_ie == NULL && data->maxrate) {
1522 * Generate a fake Supported Rates IE since the driver did not
1523 * report a full IE list.
1525 *pos++ = WLAN_EID_SUPP_RATES;
1527 *pos++ = data->maxrate;
1530 os_memcpy(pos, data->ie, data->ie_len);
1532 tmp = os_realloc(res->res,
1533 (res->num + 1) * sizeof(struct wpa_scan_res *));
1538 tmp[res->num++] = r;
1544 * wpa_driver_wext_get_scan_results - Fetch the latest scan results
1545 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1546 * Returns: Scan results on success, -1 on failure
1548 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv)
1550 struct wpa_driver_wext_data *drv = priv;
1551 size_t ap_num = 0, len;
1554 struct iw_event iwe_buf, *iwe = &iwe_buf;
1555 char *pos, *end, *custom;
1556 struct wpa_scan_results *res;
1557 struct wext_scan_data data;
1559 res_buf = wpa_driver_wext_giwscan(drv, &len);
1560 if (res_buf == NULL)
1566 res = os_zalloc(sizeof(*res));
1572 pos = (char *) res_buf;
1573 end = (char *) res_buf + len;
1574 os_memset(&data, 0, sizeof(data));
1576 while (pos + IW_EV_LCP_LEN <= end) {
1577 /* Event data may be unaligned, so make a local, aligned copy
1578 * before processing. */
1579 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1580 if (iwe->len <= IW_EV_LCP_LEN)
1583 custom = pos + IW_EV_POINT_LEN;
1584 if (wext_19_iw_point(drv, iwe->cmd)) {
1585 /* WE-19 removed the pointer from struct iw_point */
1586 char *dpos = (char *) &iwe_buf.u.data.length;
1587 int dlen = dpos - (char *) &iwe_buf;
1588 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1589 sizeof(struct iw_event) - dlen);
1591 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1592 custom += IW_EV_POINT_OFF;
1598 wpa_driver_wext_add_scan_entry(res, &data);
1601 os_memset(&data, 0, sizeof(data));
1602 os_memcpy(data.res.bssid,
1603 iwe->u.ap_addr.sa_data, ETH_ALEN);
1606 wext_get_scan_mode(iwe, &data);
1609 wext_get_scan_ssid(iwe, &data, custom, end);
1612 wext_get_scan_freq(iwe, &data);
1615 wext_get_scan_qual(iwe, &data);
1618 wext_get_scan_encode(iwe, &data);
1621 wext_get_scan_rate(iwe, &data, pos, end);
1624 wext_get_scan_iwevgenie(iwe, &data, custom, end);
1627 wext_get_scan_custom(iwe, &data, custom, end);
1636 wpa_driver_wext_add_scan_entry(res, &data);
1639 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1640 (unsigned long) len, (unsigned long) res->num);
1646 static int wpa_driver_wext_get_range(void *priv)
1648 struct wpa_driver_wext_data *drv = priv;
1649 struct iw_range *range;
1655 * Use larger buffer than struct iw_range in order to allow the
1656 * structure to grow in the future.
1658 buflen = sizeof(struct iw_range) + 500;
1659 range = os_zalloc(buflen);
1663 os_memset(&iwr, 0, sizeof(iwr));
1664 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1665 iwr.u.data.pointer = (caddr_t) range;
1666 iwr.u.data.length = buflen;
1668 minlen = ((char *) &range->enc_capa) - (char *) range +
1669 sizeof(range->enc_capa);
1671 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1672 perror("ioctl[SIOCGIWRANGE]");
1675 } else if (iwr.u.data.length >= minlen &&
1676 range->we_version_compiled >= 18) {
1677 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1678 "WE(source)=%d enc_capa=0x%x",
1679 range->we_version_compiled,
1680 range->we_version_source,
1682 drv->has_capability = 1;
1683 drv->we_version_compiled = range->we_version_compiled;
1684 if (range->enc_capa & IW_ENC_CAPA_WPA) {
1685 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1686 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1688 if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1689 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1690 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1692 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1693 WPA_DRIVER_CAPA_ENC_WEP104;
1694 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1695 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1696 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1697 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1698 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x",
1699 drv->capa.key_mgmt, drv->capa.enc);
1701 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1702 "assuming WPA is not supported");
1710 static int wpa_driver_wext_set_wpa(void *priv, int enabled)
1712 struct wpa_driver_wext_data *drv = priv;
1713 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1715 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED,
1720 static int wpa_driver_wext_set_key_ext(void *priv, wpa_alg alg,
1721 const u8 *addr, int key_idx,
1722 int set_tx, const u8 *seq,
1724 const u8 *key, size_t key_len)
1726 struct wpa_driver_wext_data *drv = priv;
1729 struct iw_encode_ext *ext;
1731 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) {
1732 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu",
1733 __FUNCTION__, (unsigned long) seq_len);
1737 ext = os_zalloc(sizeof(*ext) + key_len);
1740 os_memset(&iwr, 0, sizeof(iwr));
1741 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1742 iwr.u.encoding.flags = key_idx + 1;
1743 if (alg == WPA_ALG_NONE)
1744 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1745 iwr.u.encoding.pointer = (caddr_t) ext;
1746 iwr.u.encoding.length = sizeof(*ext) + key_len;
1749 os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0)
1750 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
1752 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
1754 ext->addr.sa_family = ARPHRD_ETHER;
1756 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN);
1758 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN);
1759 if (key && key_len) {
1760 os_memcpy(ext + 1, key, key_len);
1761 ext->key_len = key_len;
1765 ext->alg = IW_ENCODE_ALG_NONE;
1768 ext->alg = IW_ENCODE_ALG_WEP;
1771 ext->alg = IW_ENCODE_ALG_TKIP;
1774 ext->alg = IW_ENCODE_ALG_CCMP;
1777 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d",
1783 if (seq && seq_len) {
1784 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID;
1785 os_memcpy(ext->rx_seq, seq, seq_len);
1788 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) {
1789 ret = errno == EOPNOTSUPP ? -2 : -1;
1790 if (errno == ENODEV) {
1792 * ndiswrapper seems to be returning incorrect error
1797 perror("ioctl[SIOCSIWENCODEEXT]");
1806 * wpa_driver_wext_set_key - Configure encryption key
1807 * @priv: Pointer to private wext data from wpa_driver_wext_init()
1808 * @priv: Private driver interface data
1809 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
1810 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key.
1811 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for
1812 * broadcast/default keys
1813 * @key_idx: key index (0..3), usually 0 for unicast keys
1814 * @set_tx: Configure this key as the default Tx key (only used when
1815 * driver does not support separate unicast/individual key
1816 * @seq: Sequence number/packet number, seq_len octets, the next
1817 * packet number to be used for in replay protection; configured
1818 * for Rx keys (in most cases, this is only used with broadcast
1819 * keys and set to zero for unicast keys)
1820 * @seq_len: Length of the seq, depends on the algorithm:
1821 * TKIP: 6 octets, CCMP: 6 octets
1822 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
1824 * @key_len: Length of the key buffer in octets (WEP: 5 or 13,
1825 * TKIP: 32, CCMP: 16)
1826 * Returns: 0 on success, -1 on failure
1828 * This function uses SIOCSIWENCODEEXT by default, but tries to use
1829 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key.
1831 int wpa_driver_wext_set_key(void *priv, wpa_alg alg,
1832 const u8 *addr, int key_idx,
1833 int set_tx, const u8 *seq, size_t seq_len,
1834 const u8 *key, size_t key_len)
1836 struct wpa_driver_wext_data *drv = priv;
1840 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu "
1842 __FUNCTION__, alg, key_idx, set_tx,
1843 (unsigned long) seq_len, (unsigned long) key_len);
1845 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx,
1846 seq, seq_len, key, key_len);
1851 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) {
1852 wpa_printf(MSG_DEBUG, "Driver did not support "
1853 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE");
1856 wpa_printf(MSG_DEBUG, "Driver did not support "
1857 "SIOCSIWENCODEEXT");
1861 os_memset(&iwr, 0, sizeof(iwr));
1862 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1863 iwr.u.encoding.flags = key_idx + 1;
1864 if (alg == WPA_ALG_NONE)
1865 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1866 iwr.u.encoding.pointer = (caddr_t) key;
1867 iwr.u.encoding.length = key_len;
1869 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1870 perror("ioctl[SIOCSIWENCODE]");
1874 if (set_tx && alg != WPA_ALG_NONE) {
1875 os_memset(&iwr, 0, sizeof(iwr));
1876 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1877 iwr.u.encoding.flags = key_idx + 1;
1878 iwr.u.encoding.pointer = (caddr_t) NULL;
1879 iwr.u.encoding.length = 0;
1880 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1881 perror("ioctl[SIOCSIWENCODE] (set_tx)");
1890 static int wpa_driver_wext_set_countermeasures(void *priv,
1893 struct wpa_driver_wext_data *drv = priv;
1894 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1895 return wpa_driver_wext_set_auth_param(drv,
1896 IW_AUTH_TKIP_COUNTERMEASURES,
1901 static int wpa_driver_wext_set_drop_unencrypted(void *priv,
1904 struct wpa_driver_wext_data *drv = priv;
1905 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1906 drv->use_crypt = enabled;
1907 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
1912 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv,
1913 const u8 *addr, int cmd, int reason_code)
1916 struct iw_mlme mlme;
1919 os_memset(&iwr, 0, sizeof(iwr));
1920 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1921 os_memset(&mlme, 0, sizeof(mlme));
1923 mlme.reason_code = reason_code;
1924 mlme.addr.sa_family = ARPHRD_ETHER;
1925 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
1926 iwr.u.data.pointer = (caddr_t) &mlme;
1927 iwr.u.data.length = sizeof(mlme);
1929 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
1930 perror("ioctl[SIOCSIWMLME]");
1938 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr,
1941 struct wpa_driver_wext_data *drv = priv;
1942 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1943 return wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
1947 static int wpa_driver_wext_disassociate(void *priv, const u8 *addr,
1950 struct wpa_driver_wext_data *drv = priv;
1951 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1952 return wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC,
1957 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
1960 struct wpa_driver_wext_data *drv = priv;
1964 os_memset(&iwr, 0, sizeof(iwr));
1965 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1966 iwr.u.data.pointer = (caddr_t) ie;
1967 iwr.u.data.length = ie_len;
1969 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
1970 perror("ioctl[SIOCSIWGENIE]");
1978 static int wpa_driver_wext_cipher2wext(int cipher)
1982 return IW_AUTH_CIPHER_NONE;
1984 return IW_AUTH_CIPHER_WEP40;
1986 return IW_AUTH_CIPHER_TKIP;
1988 return IW_AUTH_CIPHER_CCMP;
1990 return IW_AUTH_CIPHER_WEP104;
1997 static int wpa_driver_wext_keymgmt2wext(int keymgmt)
2000 case KEY_MGMT_802_1X:
2001 case KEY_MGMT_802_1X_NO_WPA:
2002 return IW_AUTH_KEY_MGMT_802_1X;
2004 return IW_AUTH_KEY_MGMT_PSK;
2012 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv,
2013 struct wpa_driver_associate_params *params)
2018 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
2019 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
2021 os_memset(&iwr, 0, sizeof(iwr));
2022 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2023 /* Just changing mode, not actual keys */
2024 iwr.u.encoding.flags = 0;
2025 iwr.u.encoding.pointer = (caddr_t) NULL;
2026 iwr.u.encoding.length = 0;
2029 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
2030 * different things. Here they are used to indicate Open System vs.
2031 * Shared Key authentication algorithm. However, some drivers may use
2032 * them to select between open/restricted WEP encrypted (open = allow
2033 * both unencrypted and encrypted frames; restricted = only allow
2034 * encrypted frames).
2037 if (!drv->use_crypt) {
2038 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
2040 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
2041 iwr.u.encoding.flags |= IW_ENCODE_OPEN;
2042 if (params->auth_alg & AUTH_ALG_SHARED_KEY)
2043 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
2046 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
2047 perror("ioctl[SIOCSIWENCODE]");
2056 wpa_driver_wext_associate(void *priv,
2057 struct wpa_driver_associate_params *params)
2059 struct wpa_driver_wext_data *drv = priv;
2061 int allow_unencrypted_eapol;
2064 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2067 * If the driver did not support SIOCSIWAUTH, fallback to
2068 * SIOCSIWENCODE here.
2070 if (drv->auth_alg_fallback &&
2071 wpa_driver_wext_auth_alg_fallback(drv, params) < 0)
2074 if (!params->bssid &&
2075 wpa_driver_wext_set_bssid(drv, NULL) < 0)
2078 if (wpa_driver_wext_set_mode(drv, params->mode) < 0)
2080 /* TODO: should consider getting wpa version and cipher/key_mgmt suites
2081 * from configuration, not from here, where only the selected suite is
2083 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
2086 if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
2087 value = IW_AUTH_WPA_VERSION_DISABLED;
2088 else if (params->wpa_ie[0] == WLAN_EID_RSN)
2089 value = IW_AUTH_WPA_VERSION_WPA2;
2091 value = IW_AUTH_WPA_VERSION_WPA;
2092 if (wpa_driver_wext_set_auth_param(drv,
2093 IW_AUTH_WPA_VERSION, value) < 0)
2095 value = wpa_driver_wext_cipher2wext(params->pairwise_suite);
2096 if (wpa_driver_wext_set_auth_param(drv,
2097 IW_AUTH_CIPHER_PAIRWISE, value) < 0)
2099 value = wpa_driver_wext_cipher2wext(params->group_suite);
2100 if (wpa_driver_wext_set_auth_param(drv,
2101 IW_AUTH_CIPHER_GROUP, value) < 0)
2103 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite);
2104 if (wpa_driver_wext_set_auth_param(drv,
2105 IW_AUTH_KEY_MGMT, value) < 0)
2107 value = params->key_mgmt_suite != KEY_MGMT_NONE ||
2108 params->pairwise_suite != CIPHER_NONE ||
2109 params->group_suite != CIPHER_NONE ||
2111 if (wpa_driver_wext_set_auth_param(drv,
2112 IW_AUTH_PRIVACY_INVOKED, value) < 0)
2115 /* Allow unencrypted EAPOL messages even if pairwise keys are set when
2116 * not using WPA. IEEE 802.1X specifies that these frames are not
2117 * encrypted, but WPA encrypts them when pairwise keys are in use. */
2118 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
2119 params->key_mgmt_suite == KEY_MGMT_PSK)
2120 allow_unencrypted_eapol = 0;
2122 allow_unencrypted_eapol = 1;
2124 if (wpa_driver_wext_set_auth_param(drv,
2125 IW_AUTH_RX_UNENCRYPTED_EAPOL,
2126 allow_unencrypted_eapol) < 0)
2128 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0)
2130 if (wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2132 if (params->bssid &&
2133 wpa_driver_wext_set_bssid(drv, params->bssid) < 0)
2140 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
2142 struct wpa_driver_wext_data *drv = priv;
2145 if (auth_alg & AUTH_ALG_OPEN_SYSTEM)
2146 algs |= IW_AUTH_ALG_OPEN_SYSTEM;
2147 if (auth_alg & AUTH_ALG_SHARED_KEY)
2148 algs |= IW_AUTH_ALG_SHARED_KEY;
2149 if (auth_alg & AUTH_ALG_LEAP)
2150 algs |= IW_AUTH_ALG_LEAP;
2152 /* at least one algorithm should be set */
2153 algs = IW_AUTH_ALG_OPEN_SYSTEM;
2156 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
2158 drv->auth_alg_fallback = res == -2;
2164 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
2165 * @priv: Pointer to private wext data from wpa_driver_wext_init()
2166 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2167 * Returns: 0 on success, -1 on failure
2169 int wpa_driver_wext_set_mode(void *priv, int mode)
2171 struct wpa_driver_wext_data *drv = priv;
2175 os_memset(&iwr, 0, sizeof(iwr));
2176 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2177 iwr.u.mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA;
2179 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0) {
2180 perror("ioctl[SIOCSIWMODE]");
2188 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv,
2189 u32 cmd, const u8 *bssid, const u8 *pmkid)
2192 struct iw_pmksa pmksa;
2195 os_memset(&iwr, 0, sizeof(iwr));
2196 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2197 os_memset(&pmksa, 0, sizeof(pmksa));
2199 pmksa.bssid.sa_family = ARPHRD_ETHER;
2201 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2203 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2204 iwr.u.data.pointer = (caddr_t) &pmksa;
2205 iwr.u.data.length = sizeof(pmksa);
2207 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2208 if (errno != EOPNOTSUPP)
2209 perror("ioctl[SIOCSIWPMKSA]");
2217 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid,
2220 struct wpa_driver_wext_data *drv = priv;
2221 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
2225 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid,
2228 struct wpa_driver_wext_data *drv = priv;
2229 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
2233 static int wpa_driver_wext_flush_pmkid(void *priv)
2235 struct wpa_driver_wext_data *drv = priv;
2236 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2240 static int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa)
2242 struct wpa_driver_wext_data *drv = priv;
2243 if (!drv->has_capability)
2245 os_memcpy(capa, &drv->capa, sizeof(*capa));
2250 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
2253 if (ifname == NULL) {
2258 drv->ifindex2 = if_nametoindex(ifname);
2259 if (drv->ifindex2 <= 0)
2262 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for "
2263 "wireless events", drv->ifindex2, ifname);
2269 int wpa_driver_wext_set_operstate(void *priv, int state)
2271 struct wpa_driver_wext_data *drv = priv;
2273 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2274 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2275 drv->operstate = state;
2276 return wpa_driver_wext_send_oper_ifla(
2277 drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT);
2281 #ifdef CONFIG_CLIENT_MLME
2282 static int hostapd_ioctl(struct wpa_driver_wext_data *drv,
2283 struct prism2_hostapd_param *param, int len)
2287 os_memset(&iwr, 0, sizeof(iwr));
2288 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2289 iwr.u.data.pointer = (caddr_t) param;
2290 iwr.u.data.length = len;
2292 if (ioctl(drv->ioctl_sock, PRISM2_IOCTL_HOSTAPD, &iwr) < 0) {
2293 perror("ioctl[PRISM2_IOCTL_HOSTAPD]");
2301 static struct wpa_hw_modes *
2302 wpa_driver_wext_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
2304 struct wpa_driver_wext_data *drv = priv;
2305 struct prism2_hostapd_param *param;
2307 struct wpa_hw_modes *modes = NULL;
2310 param = os_zalloc(PRISM2_HOSTAPD_MAX_BUF_SIZE);
2313 param->cmd = PRISM2_HOSTAPD_GET_HW_FEATURES;
2315 if (hostapd_ioctl(drv, param, PRISM2_HOSTAPD_MAX_BUF_SIZE) < 0) {
2316 perror("ioctl[PRISM2_IOCTL_HOSTAPD]");
2320 *num_modes = param->u.hw_features.num_modes;
2321 *flags = param->u.hw_features.flags;
2323 pos = param->u.hw_features.data;
2324 end = pos + PRISM2_HOSTAPD_MAX_BUF_SIZE -
2325 (param->u.hw_features.data - (u8 *) param);
2327 modes = os_zalloc(*num_modes * sizeof(struct wpa_hw_modes));
2331 for (i = 0; i < *num_modes; i++) {
2332 struct hostapd_ioctl_hw_modes_hdr *hdr;
2333 struct wpa_hw_modes *feature;
2336 hdr = (struct hostapd_ioctl_hw_modes_hdr *) pos;
2337 pos = (u8 *) (hdr + 1);
2338 clen = hdr->num_channels * sizeof(struct wpa_channel_data);
2339 rlen = hdr->num_rates * sizeof(struct wpa_rate_data);
2341 feature = &modes[i];
2342 switch (hdr->mode) {
2343 case MODE_IEEE80211A:
2344 feature->mode = WPA_MODE_IEEE80211A;
2346 case MODE_IEEE80211B:
2347 feature->mode = WPA_MODE_IEEE80211B;
2349 case MODE_IEEE80211G:
2350 feature->mode = WPA_MODE_IEEE80211G;
2352 case MODE_ATHEROS_TURBO:
2353 case MODE_ATHEROS_TURBOG:
2354 wpa_printf(MSG_ERROR, "Skip unsupported hw_mode=%d in "
2355 "get_hw_features data", hdr->mode);
2359 wpa_printf(MSG_ERROR, "Unknown hw_mode=%d in "
2360 "get_hw_features data", hdr->mode);
2361 wpa_supplicant_sta_free_hw_features(modes, *num_modes);
2365 feature->num_channels = hdr->num_channels;
2366 feature->num_rates = hdr->num_rates;
2368 feature->channels = os_malloc(clen);
2369 feature->rates = os_malloc(rlen);
2370 if (!feature->channels || !feature->rates ||
2371 pos + clen + rlen > end) {
2372 wpa_supplicant_sta_free_hw_features(modes, *num_modes);
2377 os_memcpy(feature->channels, pos, clen);
2379 os_memcpy(feature->rates, pos, rlen);
2389 int wpa_driver_wext_set_channel(void *priv, wpa_hw_mode phymode, int chan,
2392 return wpa_driver_wext_set_freq(priv, freq);
2396 static void wpa_driver_wext_mlme_read(int sock, void *eloop_ctx,
2399 struct wpa_driver_wext_data *drv = eloop_ctx;
2401 unsigned char buf[3000];
2402 struct ieee80211_frame_info *fi;
2403 struct ieee80211_rx_status rx_status;
2405 len = recv(sock, buf, sizeof(buf), 0);
2407 perror("recv[MLME]");
2411 if (len < (int) sizeof(struct ieee80211_frame_info)) {
2412 wpa_printf(MSG_DEBUG, "WEXT: Too short MLME frame (len=%d)",
2417 fi = (struct ieee80211_frame_info *) buf;
2418 if (ntohl(fi->version) != IEEE80211_FI_VERSION) {
2419 wpa_printf(MSG_DEBUG, "WEXT: Invalid MLME frame info version "
2420 "0x%x", ntohl(fi->version));
2424 os_memset(&rx_status, 0, sizeof(rx_status));
2425 rx_status.ssi = ntohl(fi->ssi_signal);
2426 rx_status.channel = ntohl(fi->channel);
2428 wpa_supplicant_sta_rx(drv->ctx,
2429 buf + sizeof(struct ieee80211_frame_info),
2430 len - sizeof(struct ieee80211_frame_info),
2435 static int wpa_driver_wext_open_mlme(struct wpa_driver_wext_data *drv)
2437 int flags, ifindex, s;
2438 struct sockaddr_ll addr;
2441 if (wpa_driver_prism2_param_set(drv, PRISM2_PARAM_USER_SPACE_MLME, 1) <
2443 wpa_printf(MSG_ERROR, "WEXT: Failed to configure driver to "
2444 "use user space MLME");
2448 if (wpa_driver_prism2_param_set(drv, PRISM2_PARAM_MGMT_IF, 1) < 0) {
2449 wpa_printf(MSG_ERROR, "WEXT: Failed to add management "
2450 "interface for user space MLME");
2454 ifindex = wpa_driver_prism2_param_get(drv, PRISM2_PARAM_MGMT_IF);
2456 wpa_printf(MSG_ERROR, "WEXT: MLME management device not "
2461 os_memset(&ifr, 0, sizeof(ifr));
2462 ifr.ifr_ifindex = ifindex;
2463 if (ioctl(drv->ioctl_sock, SIOCGIFNAME, &ifr) != 0) {
2464 perror("ioctl(SIOCGIFNAME)");
2467 os_strlcpy(drv->mlmedev, ifr.ifr_name, sizeof(drv->mlmedev));
2468 wpa_printf(MSG_DEBUG, "WEXT: MLME management device '%s'",
2471 if (wpa_driver_wext_get_ifflags_ifname(drv, drv->mlmedev, &flags) != 0
2472 || wpa_driver_wext_set_ifflags_ifname(drv, drv->mlmedev,
2473 flags | IFF_UP) != 0) {
2474 wpa_printf(MSG_ERROR, "WEXT: Could not set interface "
2475 "'%s' UP", drv->mlmedev);
2479 s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
2481 perror("socket[PF_PACKET,SOCK_RAW]");
2485 os_memset(&addr, 0, sizeof(addr));
2486 addr.sll_family = AF_PACKET;
2487 addr.sll_ifindex = ifindex;
2489 if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
2490 perror("bind(MLME)");
2494 if (eloop_register_read_sock(s, wpa_driver_wext_mlme_read, drv, NULL))
2496 wpa_printf(MSG_ERROR, "WEXT: Could not register MLME read "
2506 static int wpa_driver_wext_send_mlme(void *priv, const u8 *data,
2509 struct wpa_driver_wext_data *drv = priv;
2512 ret = send(drv->mlme_sock, data, data_len, 0);
2514 perror("send[MLME]");
2522 static int wpa_driver_wext_mlme_add_sta(void *priv, const u8 *addr,
2523 const u8 *supp_rates,
2524 size_t supp_rates_len)
2526 struct wpa_driver_wext_data *drv = priv;
2527 struct prism2_hostapd_param param;
2530 os_memset(¶m, 0, sizeof(param));
2531 param.cmd = PRISM2_HOSTAPD_ADD_STA;
2532 os_memcpy(param.sta_addr, addr, ETH_ALEN);
2533 len = supp_rates_len;
2534 if (len > sizeof(param.u.add_sta.supp_rates))
2535 len = sizeof(param.u.add_sta.supp_rates);
2536 os_memcpy(param.u.add_sta.supp_rates, supp_rates, len);
2537 return hostapd_ioctl(drv, ¶m, sizeof(param));
2541 static int wpa_driver_wext_mlme_remove_sta(void *priv, const u8 *addr)
2543 struct wpa_driver_wext_data *drv = priv;
2544 struct prism2_hostapd_param param;
2546 os_memset(¶m, 0, sizeof(param));
2547 param.cmd = PRISM2_HOSTAPD_REMOVE_STA;
2548 os_memcpy(param.sta_addr, addr, ETH_ALEN);
2549 return hostapd_ioctl(drv, ¶m, sizeof(param));
2552 #endif /* CONFIG_CLIENT_MLME */
2555 static int wpa_driver_wext_set_param(void *priv, const char *param)
2557 #ifdef CONFIG_CLIENT_MLME
2558 struct wpa_driver_wext_data *drv = priv;
2563 wpa_printf(MSG_DEBUG, "%s: param='%s'", __func__, param);
2565 if (os_strstr(param, "use_mlme=1")) {
2566 wpa_printf(MSG_DEBUG, "WEXT: Using user space MLME");
2567 drv->capa.flags |= WPA_DRIVER_FLAGS_USER_SPACE_MLME;
2569 drv->mlme_sock = wpa_driver_wext_open_mlme(drv);
2570 if (drv->mlme_sock < 0)
2573 #endif /* CONFIG_CLIENT_MLME */
2579 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv)
2581 return drv->we_version_compiled;
2585 const struct wpa_driver_ops wpa_driver_wext_ops = {
2587 .desc = "Linux wireless extensions (generic)",
2588 .get_bssid = wpa_driver_wext_get_bssid,
2589 .get_ssid = wpa_driver_wext_get_ssid,
2590 .set_wpa = wpa_driver_wext_set_wpa,
2591 .set_key = wpa_driver_wext_set_key,
2592 .set_countermeasures = wpa_driver_wext_set_countermeasures,
2593 .set_drop_unencrypted = wpa_driver_wext_set_drop_unencrypted,
2594 .scan = wpa_driver_wext_scan,
2595 .get_scan_results2 = wpa_driver_wext_get_scan_results,
2596 .deauthenticate = wpa_driver_wext_deauthenticate,
2597 .disassociate = wpa_driver_wext_disassociate,
2598 .associate = wpa_driver_wext_associate,
2599 .set_auth_alg = wpa_driver_wext_set_auth_alg,
2600 .init = wpa_driver_wext_init,
2601 .deinit = wpa_driver_wext_deinit,
2602 .set_param = wpa_driver_wext_set_param,
2603 .add_pmkid = wpa_driver_wext_add_pmkid,
2604 .remove_pmkid = wpa_driver_wext_remove_pmkid,
2605 .flush_pmkid = wpa_driver_wext_flush_pmkid,
2606 .get_capa = wpa_driver_wext_get_capa,
2607 .set_operstate = wpa_driver_wext_set_operstate,
2608 #ifdef CONFIG_CLIENT_MLME
2609 .get_hw_feature_data = wpa_driver_wext_get_hw_feature_data,
2610 .set_channel = wpa_driver_wext_set_channel,
2611 .set_ssid = wpa_driver_wext_set_ssid,
2612 .set_bssid = wpa_driver_wext_set_bssid,
2613 .send_mlme = wpa_driver_wext_send_mlme,
2614 .mlme_add_sta = wpa_driver_wext_mlme_add_sta,
2615 .mlme_remove_sta = wpa_driver_wext_mlme_remove_sta,
2616 #endif /* CONFIG_CLIENT_MLME */