driver_wext.c revision 29991f40caccd6c45cd7c56ca597f370a4f2b9eb
1/* 2 * Driver interaction with generic Linux Wireless Extensions 3 * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 * 14 * This file implements a driver interface for the Linux Wireless Extensions. 15 * When used with WE-18 or newer, this interface can be used as-is with number 16 * of drivers. In addition to this, some of the common functions in this file 17 * can be used by other driver interface implementations that use generic WE 18 * ioctls, but require private ioctls for some of the functionality. 19 */ 20 21#include "includes.h" 22#include <sys/ioctl.h> 23#include <sys/types.h> 24#include <sys/stat.h> 25#include <fcntl.h> 26#include <net/if_arp.h> 27 28#include "wireless_copy.h" 29#include "common.h" 30#include "eloop.h" 31#include "common/ieee802_11_defs.h" 32#include "common/wpa_common.h" 33#include "priv_netlink.h" 34#include "netlink.h" 35#include "linux_ioctl.h" 36#include "rfkill.h" 37#include "driver.h" 38#include "driver_wext.h" 39 40 41static int wpa_driver_wext_flush_pmkid(void *priv); 42static int wpa_driver_wext_get_range(void *priv); 43static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv); 44static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv); 45static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg); 46#ifdef ANDROID 47extern int wpa_driver_wext_driver_cmd(void *priv, char *cmd, char *buf, 48 size_t buf_len); 49extern int wpa_driver_wext_combo_scan(void *priv, 50 struct wpa_driver_scan_params *params); 51#endif 52 53int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv, 54 int idx, u32 value) 55{ 56 struct iwreq iwr; 57 int ret = 0; 58 59 os_memset(&iwr, 0, sizeof(iwr)); 60 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 61 iwr.u.param.flags = idx & IW_AUTH_INDEX; 62 iwr.u.param.value = value; 63 64 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) { 65 if (errno != EOPNOTSUPP) { 66 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d " 67 "value 0x%x) failed: %s)", 68 idx, value, strerror(errno)); 69 } 70 ret = errno == EOPNOTSUPP ? -2 : -1; 71 } 72 73 return ret; 74} 75 76 77/** 78 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP 79 * @priv: Pointer to private wext data from wpa_driver_wext_init() 80 * @bssid: Buffer for BSSID 81 * Returns: 0 on success, -1 on failure 82 */ 83int wpa_driver_wext_get_bssid(void *priv, u8 *bssid) 84{ 85 struct wpa_driver_wext_data *drv = priv; 86 struct iwreq iwr; 87 int ret = 0; 88 89 os_memset(&iwr, 0, sizeof(iwr)); 90 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 91 92 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) { 93 perror("ioctl[SIOCGIWAP]"); 94 ret = -1; 95 } 96 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN); 97 98 return ret; 99} 100 101 102/** 103 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP 104 * @priv: Pointer to private wext data from wpa_driver_wext_init() 105 * @bssid: BSSID 106 * Returns: 0 on success, -1 on failure 107 */ 108int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid) 109{ 110 struct wpa_driver_wext_data *drv = priv; 111 struct iwreq iwr; 112 int ret = 0; 113 114 os_memset(&iwr, 0, sizeof(iwr)); 115 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 116 iwr.u.ap_addr.sa_family = ARPHRD_ETHER; 117 if (bssid) 118 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN); 119 else 120 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN); 121 122 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) { 123 perror("ioctl[SIOCSIWAP]"); 124 ret = -1; 125 } 126 127 return ret; 128} 129 130 131/** 132 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID 133 * @priv: Pointer to private wext data from wpa_driver_wext_init() 134 * @ssid: Buffer for the SSID; must be at least 32 bytes long 135 * Returns: SSID length on success, -1 on failure 136 */ 137int wpa_driver_wext_get_ssid(void *priv, u8 *ssid) 138{ 139 struct wpa_driver_wext_data *drv = priv; 140 struct iwreq iwr; 141 int ret = 0; 142 143 os_memset(&iwr, 0, sizeof(iwr)); 144 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 145 iwr.u.essid.pointer = (caddr_t) ssid; 146 iwr.u.essid.length = 32; 147 148 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) { 149 perror("ioctl[SIOCGIWESSID]"); 150 ret = -1; 151 } else { 152 ret = iwr.u.essid.length; 153 if (ret > 32) 154 ret = 32; 155 /* Some drivers include nul termination in the SSID, so let's 156 * remove it here before further processing. WE-21 changes this 157 * to explicitly require the length _not_ to include nul 158 * termination. */ 159 if (ret > 0 && ssid[ret - 1] == '\0' && 160 drv->we_version_compiled < 21) 161 ret--; 162 } 163 164 return ret; 165} 166 167 168/** 169 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID 170 * @priv: Pointer to private wext data from wpa_driver_wext_init() 171 * @ssid: SSID 172 * @ssid_len: Length of SSID (0..32) 173 * Returns: 0 on success, -1 on failure 174 */ 175int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len) 176{ 177 struct wpa_driver_wext_data *drv = priv; 178 struct iwreq iwr; 179 int ret = 0; 180 char buf[33]; 181 182 if (ssid_len > 32) 183 return -1; 184 185 os_memset(&iwr, 0, sizeof(iwr)); 186 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 187 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */ 188 iwr.u.essid.flags = (ssid_len != 0); 189 os_memset(buf, 0, sizeof(buf)); 190 os_memcpy(buf, ssid, ssid_len); 191 iwr.u.essid.pointer = (caddr_t) buf; 192 if (drv->we_version_compiled < 21) { 193 /* For historic reasons, set SSID length to include one extra 194 * character, C string nul termination, even though SSID is 195 * really an octet string that should not be presented as a C 196 * string. Some Linux drivers decrement the length by one and 197 * can thus end up missing the last octet of the SSID if the 198 * length is not incremented here. WE-21 changes this to 199 * explicitly require the length _not_ to include nul 200 * termination. */ 201 if (ssid_len) 202 ssid_len++; 203 } 204 iwr.u.essid.length = ssid_len; 205 206 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) { 207 perror("ioctl[SIOCSIWESSID]"); 208 ret = -1; 209 } 210 211 return ret; 212} 213 214 215/** 216 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ 217 * @priv: Pointer to private wext data from wpa_driver_wext_init() 218 * @freq: Frequency in MHz 219 * Returns: 0 on success, -1 on failure 220 */ 221int wpa_driver_wext_set_freq(void *priv, int freq) 222{ 223 struct wpa_driver_wext_data *drv = priv; 224 struct iwreq iwr; 225 int ret = 0; 226 227 os_memset(&iwr, 0, sizeof(iwr)); 228 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 229 iwr.u.freq.m = freq * 100000; 230 iwr.u.freq.e = 1; 231 232 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) { 233 perror("ioctl[SIOCSIWFREQ]"); 234 ret = -1; 235 } 236 237 return ret; 238} 239 240 241static void 242wpa_driver_wext_event_wireless_custom(void *ctx, char *custom) 243{ 244 union wpa_event_data data; 245 246 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'", 247 custom); 248 249 os_memset(&data, 0, sizeof(data)); 250 /* Host AP driver */ 251 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) { 252 data.michael_mic_failure.unicast = 253 os_strstr(custom, " unicast ") != NULL; 254 /* TODO: parse parameters(?) */ 255 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 256 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) { 257 char *spos; 258 int bytes; 259 u8 *req_ies = NULL, *resp_ies = NULL; 260 261 spos = custom + 17; 262 263 bytes = strspn(spos, "0123456789abcdefABCDEF"); 264 if (!bytes || (bytes & 1)) 265 return; 266 bytes /= 2; 267 268 req_ies = os_malloc(bytes); 269 if (req_ies == NULL || 270 hexstr2bin(spos, req_ies, bytes) < 0) 271 goto done; 272 data.assoc_info.req_ies = req_ies; 273 data.assoc_info.req_ies_len = bytes; 274 275 spos += bytes * 2; 276 277 data.assoc_info.resp_ies = NULL; 278 data.assoc_info.resp_ies_len = 0; 279 280 if (os_strncmp(spos, " RespIEs=", 9) == 0) { 281 spos += 9; 282 283 bytes = strspn(spos, "0123456789abcdefABCDEF"); 284 if (!bytes || (bytes & 1)) 285 goto done; 286 bytes /= 2; 287 288 resp_ies = os_malloc(bytes); 289 if (resp_ies == NULL || 290 hexstr2bin(spos, resp_ies, bytes) < 0) 291 goto done; 292 data.assoc_info.resp_ies = resp_ies; 293 data.assoc_info.resp_ies_len = bytes; 294 } 295 296 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data); 297 298 done: 299 os_free(resp_ies); 300 os_free(req_ies); 301#ifdef CONFIG_PEERKEY 302 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) { 303 if (hwaddr_aton(custom + 17, data.stkstart.peer)) { 304 wpa_printf(MSG_DEBUG, "WEXT: unrecognized " 305 "STKSTART.request '%s'", custom + 17); 306 return; 307 } 308 wpa_supplicant_event(ctx, EVENT_STKSTART, &data); 309#endif /* CONFIG_PEERKEY */ 310#ifdef ANDROID 311 } else if (os_strncmp(custom, "STOP", 4) == 0) { 312 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STOPPED"); 313 } else if (os_strncmp(custom, "START", 5) == 0) { 314 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STARTED"); 315 } else if (os_strncmp(custom, "HANG", 4) == 0) { 316 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED"); 317#endif /* ANDROID */ 318 } 319} 320 321 322static int wpa_driver_wext_event_wireless_michaelmicfailure( 323 void *ctx, const char *ev, size_t len) 324{ 325 const struct iw_michaelmicfailure *mic; 326 union wpa_event_data data; 327 328 if (len < sizeof(*mic)) 329 return -1; 330 331 mic = (const struct iw_michaelmicfailure *) ev; 332 333 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: " 334 "flags=0x%x src_addr=" MACSTR, mic->flags, 335 MAC2STR(mic->src_addr.sa_data)); 336 337 os_memset(&data, 0, sizeof(data)); 338 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP); 339 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 340 341 return 0; 342} 343 344 345static int wpa_driver_wext_event_wireless_pmkidcand( 346 struct wpa_driver_wext_data *drv, const char *ev, size_t len) 347{ 348 const struct iw_pmkid_cand *cand; 349 union wpa_event_data data; 350 const u8 *addr; 351 352 if (len < sizeof(*cand)) 353 return -1; 354 355 cand = (const struct iw_pmkid_cand *) ev; 356 addr = (const u8 *) cand->bssid.sa_data; 357 358 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: " 359 "flags=0x%x index=%d bssid=" MACSTR, cand->flags, 360 cand->index, MAC2STR(addr)); 361 362 os_memset(&data, 0, sizeof(data)); 363 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN); 364 data.pmkid_candidate.index = cand->index; 365 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH; 366 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 367 368 return 0; 369} 370 371 372static int wpa_driver_wext_event_wireless_assocreqie( 373 struct wpa_driver_wext_data *drv, const char *ev, int len) 374{ 375 if (len < 0) 376 return -1; 377 378 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev, 379 len); 380 os_free(drv->assoc_req_ies); 381 drv->assoc_req_ies = os_malloc(len); 382 if (drv->assoc_req_ies == NULL) { 383 drv->assoc_req_ies_len = 0; 384 return -1; 385 } 386 os_memcpy(drv->assoc_req_ies, ev, len); 387 drv->assoc_req_ies_len = len; 388 389 return 0; 390} 391 392 393static int wpa_driver_wext_event_wireless_assocrespie( 394 struct wpa_driver_wext_data *drv, const char *ev, int len) 395{ 396 if (len < 0) 397 return -1; 398 399 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev, 400 len); 401 os_free(drv->assoc_resp_ies); 402 drv->assoc_resp_ies = os_malloc(len); 403 if (drv->assoc_resp_ies == NULL) { 404 drv->assoc_resp_ies_len = 0; 405 return -1; 406 } 407 os_memcpy(drv->assoc_resp_ies, ev, len); 408 drv->assoc_resp_ies_len = len; 409 410 return 0; 411} 412 413 414static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv) 415{ 416 union wpa_event_data data; 417 418 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL) 419 return; 420 421 os_memset(&data, 0, sizeof(data)); 422 if (drv->assoc_req_ies) { 423 data.assoc_info.req_ies = drv->assoc_req_ies; 424 data.assoc_info.req_ies_len = drv->assoc_req_ies_len; 425 } 426 if (drv->assoc_resp_ies) { 427 data.assoc_info.resp_ies = drv->assoc_resp_ies; 428 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len; 429 } 430 431 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data); 432 433 os_free(drv->assoc_req_ies); 434 drv->assoc_req_ies = NULL; 435 os_free(drv->assoc_resp_ies); 436 drv->assoc_resp_ies = NULL; 437} 438 439 440static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv, 441 char *data, int len) 442{ 443 struct iw_event iwe_buf, *iwe = &iwe_buf; 444 char *pos, *end, *custom, *buf; 445 446 pos = data; 447 end = data + len; 448 449 while (pos + IW_EV_LCP_LEN <= end) { 450 /* Event data may be unaligned, so make a local, aligned copy 451 * before processing. */ 452 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN); 453 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d", 454 iwe->cmd, iwe->len); 455 if (iwe->len <= IW_EV_LCP_LEN) 456 return; 457 458 custom = pos + IW_EV_POINT_LEN; 459 if (drv->we_version_compiled > 18 && 460 (iwe->cmd == IWEVMICHAELMICFAILURE || 461 iwe->cmd == IWEVCUSTOM || 462 iwe->cmd == IWEVASSOCREQIE || 463 iwe->cmd == IWEVASSOCRESPIE || 464 iwe->cmd == IWEVPMKIDCAND)) { 465 /* WE-19 removed the pointer from struct iw_point */ 466 char *dpos = (char *) &iwe_buf.u.data.length; 467 int dlen = dpos - (char *) &iwe_buf; 468 os_memcpy(dpos, pos + IW_EV_LCP_LEN, 469 sizeof(struct iw_event) - dlen); 470 } else { 471 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event)); 472 custom += IW_EV_POINT_OFF; 473 } 474 475 switch (iwe->cmd) { 476 case SIOCGIWAP: 477 wpa_printf(MSG_DEBUG, "Wireless event: new AP: " 478 MACSTR, 479 MAC2STR((u8 *) iwe->u.ap_addr.sa_data)); 480 if (is_zero_ether_addr( 481 (const u8 *) iwe->u.ap_addr.sa_data) || 482 os_memcmp(iwe->u.ap_addr.sa_data, 483 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) == 484 0) { 485 os_free(drv->assoc_req_ies); 486 drv->assoc_req_ies = NULL; 487 os_free(drv->assoc_resp_ies); 488 drv->assoc_resp_ies = NULL; 489#ifdef ANDROID 490 if (!drv->skip_disconnect) { 491 drv->skip_disconnect = 1; 492#endif 493 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, 494 NULL); 495#ifdef ANDROID 496 } 497#endif 498 } else { 499#ifdef ANDROID 500 drv->skip_disconnect = 0; 501#endif 502 wpa_driver_wext_event_assoc_ies(drv); 503 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, 504 NULL); 505 } 506 break; 507 case IWEVMICHAELMICFAILURE: 508 if (custom + iwe->u.data.length > end) { 509 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 510 "IWEVMICHAELMICFAILURE length"); 511 return; 512 } 513 wpa_driver_wext_event_wireless_michaelmicfailure( 514 drv->ctx, custom, iwe->u.data.length); 515 break; 516 case IWEVCUSTOM: 517 if (custom + iwe->u.data.length > end) { 518 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 519 "IWEVCUSTOM length"); 520 return; 521 } 522 buf = os_malloc(iwe->u.data.length + 1); 523 if (buf == NULL) 524 return; 525 os_memcpy(buf, custom, iwe->u.data.length); 526 buf[iwe->u.data.length] = '\0'; 527 wpa_driver_wext_event_wireless_custom(drv->ctx, buf); 528 os_free(buf); 529 break; 530 case SIOCGIWSCAN: 531 drv->scan_complete_events = 1; 532 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, 533 drv, drv->ctx); 534 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, 535 NULL); 536 break; 537 case IWEVASSOCREQIE: 538 if (custom + iwe->u.data.length > end) { 539 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 540 "IWEVASSOCREQIE length"); 541 return; 542 } 543 wpa_driver_wext_event_wireless_assocreqie( 544 drv, custom, iwe->u.data.length); 545 break; 546 case IWEVASSOCRESPIE: 547 if (custom + iwe->u.data.length > end) { 548 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 549 "IWEVASSOCRESPIE length"); 550 return; 551 } 552 wpa_driver_wext_event_wireless_assocrespie( 553 drv, custom, iwe->u.data.length); 554 break; 555 case IWEVPMKIDCAND: 556 if (custom + iwe->u.data.length > end) { 557 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 558 "IWEVPMKIDCAND length"); 559 return; 560 } 561 wpa_driver_wext_event_wireless_pmkidcand( 562 drv, custom, iwe->u.data.length); 563 break; 564 } 565 566 pos += iwe->len; 567 } 568} 569 570 571static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv, 572 char *buf, size_t len, int del) 573{ 574 union wpa_event_data event; 575 576 os_memset(&event, 0, sizeof(event)); 577 if (len > sizeof(event.interface_status.ifname)) 578 len = sizeof(event.interface_status.ifname) - 1; 579 os_memcpy(event.interface_status.ifname, buf, len); 580 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 581 EVENT_INTERFACE_ADDED; 582 583 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 584 del ? "DEL" : "NEW", 585 event.interface_status.ifname, 586 del ? "removed" : "added"); 587 588 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) { 589 if (del) 590 drv->if_removed = 1; 591 else 592 drv->if_removed = 0; 593 } 594 595 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 596} 597 598 599static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv, 600 u8 *buf, size_t len) 601{ 602 int attrlen, rta_len; 603 struct rtattr *attr; 604 605 attrlen = len; 606 attr = (struct rtattr *) buf; 607 608 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 609 while (RTA_OK(attr, attrlen)) { 610 if (attr->rta_type == IFLA_IFNAME) { 611 if (os_strcmp(((char *) attr) + rta_len, drv->ifname) 612 == 0) 613 return 1; 614 else 615 break; 616 } 617 attr = RTA_NEXT(attr, attrlen); 618 } 619 620 return 0; 621} 622 623 624static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv, 625 int ifindex, u8 *buf, size_t len) 626{ 627 if (drv->ifindex == ifindex || drv->ifindex2 == ifindex) 628 return 1; 629 630 if (drv->if_removed && wpa_driver_wext_own_ifname(drv, buf, len)) { 631 drv->ifindex = if_nametoindex(drv->ifname); 632 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed " 633 "interface"); 634 wpa_driver_wext_finish_drv_init(drv); 635 return 1; 636 } 637 638 return 0; 639} 640 641 642static void wpa_driver_wext_event_rtm_newlink(void *ctx, struct ifinfomsg *ifi, 643 u8 *buf, size_t len) 644{ 645 struct wpa_driver_wext_data *drv = ctx; 646 int attrlen, rta_len; 647 struct rtattr *attr; 648 649 if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, buf, len)) { 650 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d", 651 ifi->ifi_index); 652 return; 653 } 654 655 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 656 "(%s%s%s%s)", 657 drv->operstate, ifi->ifi_flags, 658 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 659 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 660 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 661 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 662 663 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 664 wpa_printf(MSG_DEBUG, "WEXT: Interface down"); 665 drv->if_disabled = 1; 666 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL); 667 } 668 669 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 670 wpa_printf(MSG_DEBUG, "WEXT: Interface up"); 671 drv->if_disabled = 0; 672 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL); 673 } 674 675 /* 676 * Some drivers send the association event before the operup event--in 677 * this case, lifting operstate in wpa_driver_wext_set_operstate() 678 * fails. This will hit us when wpa_supplicant does not need to do 679 * IEEE 802.1X authentication 680 */ 681 if (drv->operstate == 1 && 682 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 683 !(ifi->ifi_flags & IFF_RUNNING)) 684 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 685 -1, IF_OPER_UP); 686 687 attrlen = len; 688 attr = (struct rtattr *) buf; 689 690 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 691 while (RTA_OK(attr, attrlen)) { 692 if (attr->rta_type == IFLA_WIRELESS) { 693 wpa_driver_wext_event_wireless( 694 drv, ((char *) attr) + rta_len, 695 attr->rta_len - rta_len); 696 } else if (attr->rta_type == IFLA_IFNAME) { 697 wpa_driver_wext_event_link(drv, 698 ((char *) attr) + rta_len, 699 attr->rta_len - rta_len, 0); 700 } 701 attr = RTA_NEXT(attr, attrlen); 702 } 703} 704 705 706static void wpa_driver_wext_event_rtm_dellink(void *ctx, struct ifinfomsg *ifi, 707 u8 *buf, size_t len) 708{ 709 struct wpa_driver_wext_data *drv = ctx; 710 int attrlen, rta_len; 711 struct rtattr *attr; 712 713 attrlen = len; 714 attr = (struct rtattr *) buf; 715 716 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 717 while (RTA_OK(attr, attrlen)) { 718 if (attr->rta_type == IFLA_IFNAME) { 719 wpa_driver_wext_event_link(drv, 720 ((char *) attr) + rta_len, 721 attr->rta_len - rta_len, 1); 722 } 723 attr = RTA_NEXT(attr, attrlen); 724 } 725} 726 727 728static void wpa_driver_wext_rfkill_blocked(void *ctx) 729{ 730 wpa_printf(MSG_DEBUG, "WEXT: RFKILL blocked"); 731 /* 732 * This may be for any interface; use ifdown event to disable 733 * interface. 734 */ 735} 736 737 738static void wpa_driver_wext_rfkill_unblocked(void *ctx) 739{ 740 struct wpa_driver_wext_data *drv = ctx; 741 wpa_printf(MSG_DEBUG, "WEXT: RFKILL unblocked"); 742 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1)) { 743 wpa_printf(MSG_DEBUG, "WEXT: Could not set interface UP " 744 "after rfkill unblock"); 745 return; 746 } 747 /* rtnetlink ifup handler will report interface as enabled */ 748} 749 750 751static void wext_get_phy_name(struct wpa_driver_wext_data *drv) 752{ 753 /* Find phy (radio) to which this interface belongs */ 754 char buf[90], *pos; 755 int f, rv; 756 757 drv->phyname[0] = '\0'; 758 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name", 759 drv->ifname); 760 f = open(buf, O_RDONLY); 761 if (f < 0) { 762 wpa_printf(MSG_DEBUG, "Could not open file %s: %s", 763 buf, strerror(errno)); 764 return; 765 } 766 767 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1); 768 close(f); 769 if (rv < 0) { 770 wpa_printf(MSG_DEBUG, "Could not read file %s: %s", 771 buf, strerror(errno)); 772 return; 773 } 774 775 drv->phyname[rv] = '\0'; 776 pos = os_strchr(drv->phyname, '\n'); 777 if (pos) 778 *pos = '\0'; 779 wpa_printf(MSG_DEBUG, "wext: interface %s phy: %s", 780 drv->ifname, drv->phyname); 781} 782 783 784/** 785 * wpa_driver_wext_init - Initialize WE driver interface 786 * @ctx: context to be used when calling wpa_supplicant functions, 787 * e.g., wpa_supplicant_event() 788 * @ifname: interface name, e.g., wlan0 789 * Returns: Pointer to private data, %NULL on failure 790 */ 791void * wpa_driver_wext_init(void *ctx, const char *ifname) 792{ 793 struct wpa_driver_wext_data *drv; 794 struct netlink_config *cfg; 795 struct rfkill_config *rcfg; 796 char path[128]; 797 struct stat buf; 798 799 drv = os_zalloc(sizeof(*drv)); 800 if (drv == NULL) 801 return NULL; 802 drv->ctx = ctx; 803 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname)); 804 805 os_snprintf(path, sizeof(path), "/sys/class/net/%s/phy80211", ifname); 806 if (stat(path, &buf) == 0) { 807 wpa_printf(MSG_DEBUG, "WEXT: cfg80211-based driver detected"); 808 drv->cfg80211 = 1; 809 wext_get_phy_name(drv); 810 } 811 812 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 813 if (drv->ioctl_sock < 0) { 814 perror("socket(PF_INET,SOCK_DGRAM)"); 815 goto err1; 816 } 817 818 cfg = os_zalloc(sizeof(*cfg)); 819 if (cfg == NULL) 820 goto err1; 821 cfg->ctx = drv; 822 cfg->newlink_cb = wpa_driver_wext_event_rtm_newlink; 823 cfg->dellink_cb = wpa_driver_wext_event_rtm_dellink; 824 drv->netlink = netlink_init(cfg); 825 if (drv->netlink == NULL) { 826 os_free(cfg); 827 goto err2; 828 } 829 830 rcfg = os_zalloc(sizeof(*rcfg)); 831 if (rcfg == NULL) 832 goto err3; 833 rcfg->ctx = drv; 834 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 835 rcfg->blocked_cb = wpa_driver_wext_rfkill_blocked; 836 rcfg->unblocked_cb = wpa_driver_wext_rfkill_unblocked; 837 drv->rfkill = rfkill_init(rcfg); 838 if (drv->rfkill == NULL) { 839 wpa_printf(MSG_DEBUG, "WEXT: RFKILL status not available"); 840 os_free(rcfg); 841 } 842 843 drv->mlme_sock = -1; 844#ifdef ANDROID 845 drv->errors = 0; 846 drv->driver_is_started = TRUE; 847 drv->skip_disconnect = 0; 848 drv->bgscan_enabled = 0; 849#endif 850 851 if (wpa_driver_wext_finish_drv_init(drv) < 0) 852 goto err3; 853 854 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 1); 855 856 return drv; 857 858err3: 859 rfkill_deinit(drv->rfkill); 860 netlink_deinit(drv->netlink); 861err2: 862 close(drv->ioctl_sock); 863err1: 864 os_free(drv); 865 return NULL; 866} 867 868 869static void wpa_driver_wext_send_rfkill(void *eloop_ctx, void *timeout_ctx) 870{ 871 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 872} 873 874 875static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv) 876{ 877 int send_rfkill_event = 0; 878 879 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1) < 0) { 880 if (rfkill_is_blocked(drv->rfkill)) { 881 wpa_printf(MSG_DEBUG, "WEXT: Could not yet enable " 882 "interface '%s' due to rfkill", 883 drv->ifname); 884 drv->if_disabled = 1; 885 send_rfkill_event = 1; 886 } else { 887 wpa_printf(MSG_ERROR, "WEXT: Could not set " 888 "interface '%s' UP", drv->ifname); 889 return -1; 890 } 891 } 892 893 /* 894 * Make sure that the driver does not have any obsolete PMKID entries. 895 */ 896 wpa_driver_wext_flush_pmkid(drv); 897 898 if (wpa_driver_wext_set_mode(drv, 0) < 0) { 899 wpa_printf(MSG_DEBUG, "Could not configure driver to use " 900 "managed mode"); 901 /* Try to use it anyway */ 902 } 903 904 wpa_driver_wext_get_range(drv); 905 906 /* 907 * Unlock the driver's BSSID and force to a random SSID to clear any 908 * previous association the driver might have when the supplicant 909 * starts up. 910 */ 911 wpa_driver_wext_disconnect(drv); 912 913 drv->ifindex = if_nametoindex(drv->ifname); 914 915 if (os_strncmp(drv->ifname, "wlan", 4) == 0) { 916 /* 917 * Host AP driver may use both wlan# and wifi# interface in 918 * wireless events. Since some of the versions included WE-18 919 * support, let's add the alternative ifindex also from 920 * driver_wext.c for the time being. This may be removed at 921 * some point once it is believed that old versions of the 922 * driver are not in use anymore. 923 */ 924 char ifname2[IFNAMSIZ + 1]; 925 os_strlcpy(ifname2, drv->ifname, sizeof(ifname2)); 926 os_memcpy(ifname2, "wifi", 4); 927 wpa_driver_wext_alternative_ifindex(drv, ifname2); 928 } 929 930 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 931 1, IF_OPER_DORMANT); 932 933 if (send_rfkill_event) { 934 eloop_register_timeout(0, 0, wpa_driver_wext_send_rfkill, 935 drv, drv->ctx); 936 } 937 938 return 0; 939} 940 941 942/** 943 * wpa_driver_wext_deinit - Deinitialize WE driver interface 944 * @priv: Pointer to private wext data from wpa_driver_wext_init() 945 * 946 * Shut down driver interface and processing of driver events. Free 947 * private data buffer if one was allocated in wpa_driver_wext_init(). 948 */ 949void wpa_driver_wext_deinit(void *priv) 950{ 951 struct wpa_driver_wext_data *drv = priv; 952 953 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 0); 954 955 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx); 956 957 /* 958 * Clear possibly configured driver parameters in order to make it 959 * easier to use the driver after wpa_supplicant has been terminated. 960 */ 961 wpa_driver_wext_disconnect(drv); 962 963 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP); 964 netlink_deinit(drv->netlink); 965 rfkill_deinit(drv->rfkill); 966 967 if (drv->mlme_sock >= 0) 968 eloop_unregister_read_sock(drv->mlme_sock); 969 970 (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0); 971 972 close(drv->ioctl_sock); 973 if (drv->mlme_sock >= 0) 974 close(drv->mlme_sock); 975 os_free(drv->assoc_req_ies); 976 os_free(drv->assoc_resp_ies); 977 os_free(drv); 978} 979 980 981/** 982 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion 983 * @eloop_ctx: Unused 984 * @timeout_ctx: ctx argument given to wpa_driver_wext_init() 985 * 986 * This function can be used as registered timeout when starting a scan to 987 * generate a scan completed event if the driver does not report this. 988 */ 989void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx) 990{ 991 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 992 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 993} 994 995 996/** 997 * wpa_driver_wext_scan - Request the driver to initiate scan 998 * @priv: Pointer to private wext data from wpa_driver_wext_init() 999 * @param: Scan parameters (specific SSID to scan for (ProbeReq), etc.) 1000 * Returns: 0 on success, -1 on failure 1001 */ 1002int wpa_driver_wext_scan(void *priv, struct wpa_driver_scan_params *params) 1003{ 1004 struct wpa_driver_wext_data *drv = priv; 1005 struct iwreq iwr; 1006 int ret = 0, timeout; 1007 struct iw_scan_req req; 1008 const u8 *ssid = params->ssids[0].ssid; 1009 size_t ssid_len = params->ssids[0].ssid_len; 1010 1011#ifdef ANDROID 1012 if (drv->capa.max_scan_ssids > 1) { 1013 ret = wpa_driver_wext_combo_scan(priv, params); 1014 goto scan_out; 1015 } 1016#endif 1017 1018 if (ssid_len > IW_ESSID_MAX_SIZE) { 1019 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)", 1020 __FUNCTION__, (unsigned long) ssid_len); 1021 return -1; 1022 } 1023 1024 os_memset(&iwr, 0, sizeof(iwr)); 1025 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1026 1027 if (ssid && ssid_len) { 1028 os_memset(&req, 0, sizeof(req)); 1029 req.essid_len = ssid_len; 1030 req.bssid.sa_family = ARPHRD_ETHER; 1031 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN); 1032 os_memcpy(req.essid, ssid, ssid_len); 1033 iwr.u.data.pointer = (caddr_t) &req; 1034 iwr.u.data.length = sizeof(req); 1035 iwr.u.data.flags = IW_SCAN_THIS_ESSID; 1036 } 1037 1038 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) { 1039 perror("ioctl[SIOCSIWSCAN]"); 1040 ret = -1; 1041 } 1042 1043#ifdef ANDROID 1044scan_out: 1045#endif 1046 /* Not all drivers generate "scan completed" wireless event, so try to 1047 * read results after a timeout. */ 1048 timeout = 10; 1049 if (drv->scan_complete_events) { 1050 /* 1051 * The driver seems to deliver SIOCGIWSCAN events to notify 1052 * when scan is complete, so use longer timeout to avoid race 1053 * conditions with scanning and following association request. 1054 */ 1055 timeout = 30; 1056 } 1057 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 1058 "seconds", ret, timeout); 1059 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx); 1060 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv, 1061 drv->ctx); 1062 1063 return ret; 1064} 1065 1066 1067static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv, 1068 size_t *len) 1069{ 1070 struct iwreq iwr; 1071 u8 *res_buf; 1072 size_t res_buf_len; 1073 1074 res_buf_len = IW_SCAN_MAX_DATA; 1075 for (;;) { 1076 res_buf = os_malloc(res_buf_len); 1077 if (res_buf == NULL) 1078 return NULL; 1079 os_memset(&iwr, 0, sizeof(iwr)); 1080 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1081 iwr.u.data.pointer = res_buf; 1082 iwr.u.data.length = res_buf_len; 1083 1084 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0) 1085 break; 1086 1087 if (errno == E2BIG && res_buf_len < 65535) { 1088 os_free(res_buf); 1089 res_buf = NULL; 1090 res_buf_len *= 2; 1091 if (res_buf_len > 65535) 1092 res_buf_len = 65535; /* 16-bit length field */ 1093 wpa_printf(MSG_DEBUG, "Scan results did not fit - " 1094 "trying larger buffer (%lu bytes)", 1095 (unsigned long) res_buf_len); 1096 } else { 1097 perror("ioctl[SIOCGIWSCAN]"); 1098 os_free(res_buf); 1099 return NULL; 1100 } 1101 } 1102 1103 if (iwr.u.data.length > res_buf_len) { 1104 os_free(res_buf); 1105 return NULL; 1106 } 1107 *len = iwr.u.data.length; 1108 1109 return res_buf; 1110} 1111 1112 1113/* 1114 * Data structure for collecting WEXT scan results. This is needed to allow 1115 * the various methods of reporting IEs to be combined into a single IE buffer. 1116 */ 1117struct wext_scan_data { 1118 struct wpa_scan_res res; 1119 u8 *ie; 1120 size_t ie_len; 1121 u8 ssid[32]; 1122 size_t ssid_len; 1123 int maxrate; 1124}; 1125 1126 1127static void wext_get_scan_mode(struct iw_event *iwe, 1128 struct wext_scan_data *res) 1129{ 1130 if (iwe->u.mode == IW_MODE_ADHOC) 1131 res->res.caps |= IEEE80211_CAP_IBSS; 1132 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA) 1133 res->res.caps |= IEEE80211_CAP_ESS; 1134} 1135 1136 1137static void wext_get_scan_ssid(struct iw_event *iwe, 1138 struct wext_scan_data *res, char *custom, 1139 char *end) 1140{ 1141 int ssid_len = iwe->u.essid.length; 1142 if (custom + ssid_len > end) 1143 return; 1144 if (iwe->u.essid.flags && 1145 ssid_len > 0 && 1146 ssid_len <= IW_ESSID_MAX_SIZE) { 1147 os_memcpy(res->ssid, custom, ssid_len); 1148 res->ssid_len = ssid_len; 1149 } 1150} 1151 1152 1153static void wext_get_scan_freq(struct iw_event *iwe, 1154 struct wext_scan_data *res) 1155{ 1156 int divi = 1000000, i; 1157 1158 if (iwe->u.freq.e == 0) { 1159 /* 1160 * Some drivers do not report frequency, but a channel. 1161 * Try to map this to frequency by assuming they are using 1162 * IEEE 802.11b/g. But don't overwrite a previously parsed 1163 * frequency if the driver sends both frequency and channel, 1164 * since the driver may be sending an A-band channel that we 1165 * don't handle here. 1166 */ 1167 1168 if (res->res.freq) 1169 return; 1170 1171 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) { 1172 res->res.freq = 2407 + 5 * iwe->u.freq.m; 1173 return; 1174 } else if (iwe->u.freq.m == 14) { 1175 res->res.freq = 2484; 1176 return; 1177 } 1178 } 1179 1180 if (iwe->u.freq.e > 6) { 1181 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID=" 1182 MACSTR " m=%d e=%d)", 1183 MAC2STR(res->res.bssid), iwe->u.freq.m, 1184 iwe->u.freq.e); 1185 return; 1186 } 1187 1188 for (i = 0; i < iwe->u.freq.e; i++) 1189 divi /= 10; 1190 res->res.freq = iwe->u.freq.m / divi; 1191} 1192 1193 1194static void wext_get_scan_qual(struct wpa_driver_wext_data *drv, 1195 struct iw_event *iwe, 1196 struct wext_scan_data *res) 1197{ 1198 res->res.qual = iwe->u.qual.qual; 1199 res->res.noise = iwe->u.qual.noise; 1200 res->res.level = iwe->u.qual.level; 1201 if (iwe->u.qual.updated & IW_QUAL_QUAL_INVALID) 1202 res->res.flags |= WPA_SCAN_QUAL_INVALID; 1203 if (iwe->u.qual.updated & IW_QUAL_LEVEL_INVALID) 1204 res->res.flags |= WPA_SCAN_LEVEL_INVALID; 1205 if (iwe->u.qual.updated & IW_QUAL_NOISE_INVALID) 1206 res->res.flags |= WPA_SCAN_NOISE_INVALID; 1207 if (iwe->u.qual.updated & IW_QUAL_DBM) 1208 res->res.flags |= WPA_SCAN_LEVEL_DBM; 1209 if ((iwe->u.qual.updated & IW_QUAL_DBM) || 1210 ((iwe->u.qual.level != 0) && 1211 (iwe->u.qual.level > drv->max_level))) { 1212 if (iwe->u.qual.level >= 64) 1213 res->res.level -= 0x100; 1214 if (iwe->u.qual.noise >= 64) 1215 res->res.noise -= 0x100; 1216 } 1217} 1218 1219 1220static void wext_get_scan_encode(struct iw_event *iwe, 1221 struct wext_scan_data *res) 1222{ 1223 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED)) 1224 res->res.caps |= IEEE80211_CAP_PRIVACY; 1225} 1226 1227 1228static void wext_get_scan_rate(struct iw_event *iwe, 1229 struct wext_scan_data *res, char *pos, 1230 char *end) 1231{ 1232 int maxrate; 1233 char *custom = pos + IW_EV_LCP_LEN; 1234 struct iw_param p; 1235 size_t clen; 1236 1237 clen = iwe->len; 1238 if (custom + clen > end) 1239 return; 1240 maxrate = 0; 1241 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) { 1242 /* Note: may be misaligned, make a local, aligned copy */ 1243 os_memcpy(&p, custom, sizeof(struct iw_param)); 1244 if (p.value > maxrate) 1245 maxrate = p.value; 1246 clen -= sizeof(struct iw_param); 1247 custom += sizeof(struct iw_param); 1248 } 1249 1250 /* Convert the maxrate from WE-style (b/s units) to 1251 * 802.11 rates (500000 b/s units). 1252 */ 1253 res->maxrate = maxrate / 500000; 1254} 1255 1256 1257static void wext_get_scan_iwevgenie(struct iw_event *iwe, 1258 struct wext_scan_data *res, char *custom, 1259 char *end) 1260{ 1261 char *genie, *gpos, *gend; 1262 u8 *tmp; 1263 1264 if (iwe->u.data.length == 0) 1265 return; 1266 1267 gpos = genie = custom; 1268 gend = genie + iwe->u.data.length; 1269 if (gend > end) { 1270 wpa_printf(MSG_INFO, "IWEVGENIE overflow"); 1271 return; 1272 } 1273 1274 tmp = os_realloc(res->ie, res->ie_len + gend - gpos); 1275 if (tmp == NULL) 1276 return; 1277 os_memcpy(tmp + res->ie_len, gpos, gend - gpos); 1278 res->ie = tmp; 1279 res->ie_len += gend - gpos; 1280} 1281 1282 1283static void wext_get_scan_custom(struct iw_event *iwe, 1284 struct wext_scan_data *res, char *custom, 1285 char *end) 1286{ 1287 size_t clen; 1288 u8 *tmp; 1289 1290 clen = iwe->u.data.length; 1291 if (custom + clen > end) 1292 return; 1293 1294 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) { 1295 char *spos; 1296 int bytes; 1297 spos = custom + 7; 1298 bytes = custom + clen - spos; 1299 if (bytes & 1 || bytes == 0) 1300 return; 1301 bytes /= 2; 1302 tmp = os_realloc(res->ie, res->ie_len + bytes); 1303 if (tmp == NULL) 1304 return; 1305 res->ie = tmp; 1306 if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0) 1307 return; 1308 res->ie_len += bytes; 1309 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) { 1310 char *spos; 1311 int bytes; 1312 spos = custom + 7; 1313 bytes = custom + clen - spos; 1314 if (bytes & 1 || bytes == 0) 1315 return; 1316 bytes /= 2; 1317 tmp = os_realloc(res->ie, res->ie_len + bytes); 1318 if (tmp == NULL) 1319 return; 1320 res->ie = tmp; 1321 if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0) 1322 return; 1323 res->ie_len += bytes; 1324 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) { 1325 char *spos; 1326 int bytes; 1327 u8 bin[8]; 1328 spos = custom + 4; 1329 bytes = custom + clen - spos; 1330 if (bytes != 16) { 1331 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes); 1332 return; 1333 } 1334 bytes /= 2; 1335 if (hexstr2bin(spos, bin, bytes) < 0) { 1336 wpa_printf(MSG_DEBUG, "WEXT: Invalid TSF value"); 1337 return; 1338 } 1339 res->res.tsf += WPA_GET_BE64(bin); 1340 } 1341} 1342 1343 1344static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd) 1345{ 1346 return drv->we_version_compiled > 18 && 1347 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE || 1348 cmd == IWEVGENIE || cmd == IWEVCUSTOM); 1349} 1350 1351 1352static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res, 1353 struct wext_scan_data *data) 1354{ 1355 struct wpa_scan_res **tmp; 1356 struct wpa_scan_res *r; 1357 size_t extra_len; 1358 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL; 1359 1360 /* Figure out whether we need to fake any IEs */ 1361 pos = data->ie; 1362 end = pos + data->ie_len; 1363 while (pos && pos + 1 < end) { 1364 if (pos + 2 + pos[1] > end) 1365 break; 1366 if (pos[0] == WLAN_EID_SSID) 1367 ssid_ie = pos; 1368 else if (pos[0] == WLAN_EID_SUPP_RATES) 1369 rate_ie = pos; 1370 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES) 1371 rate_ie = pos; 1372 pos += 2 + pos[1]; 1373 } 1374 1375 extra_len = 0; 1376 if (ssid_ie == NULL) 1377 extra_len += 2 + data->ssid_len; 1378 if (rate_ie == NULL && data->maxrate) 1379 extra_len += 3; 1380 1381 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len); 1382 if (r == NULL) 1383 return; 1384 os_memcpy(r, &data->res, sizeof(*r)); 1385 r->ie_len = extra_len + data->ie_len; 1386 pos = (u8 *) (r + 1); 1387 if (ssid_ie == NULL) { 1388 /* 1389 * Generate a fake SSID IE since the driver did not report 1390 * a full IE list. 1391 */ 1392 *pos++ = WLAN_EID_SSID; 1393 *pos++ = data->ssid_len; 1394 os_memcpy(pos, data->ssid, data->ssid_len); 1395 pos += data->ssid_len; 1396 } 1397 if (rate_ie == NULL && data->maxrate) { 1398 /* 1399 * Generate a fake Supported Rates IE since the driver did not 1400 * report a full IE list. 1401 */ 1402 *pos++ = WLAN_EID_SUPP_RATES; 1403 *pos++ = 1; 1404 *pos++ = data->maxrate; 1405 } 1406 if (data->ie) 1407 os_memcpy(pos, data->ie, data->ie_len); 1408 1409 tmp = os_realloc(res->res, 1410 (res->num + 1) * sizeof(struct wpa_scan_res *)); 1411 if (tmp == NULL) { 1412 os_free(r); 1413 return; 1414 } 1415 tmp[res->num++] = r; 1416 res->res = tmp; 1417} 1418 1419 1420/** 1421 * wpa_driver_wext_get_scan_results - Fetch the latest scan results 1422 * @priv: Pointer to private wext data from wpa_driver_wext_init() 1423 * Returns: Scan results on success, -1 on failure 1424 */ 1425struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv) 1426{ 1427 struct wpa_driver_wext_data *drv = priv; 1428 size_t ap_num = 0, len; 1429 int first; 1430 u8 *res_buf; 1431 struct iw_event iwe_buf, *iwe = &iwe_buf; 1432 char *pos, *end, *custom; 1433 struct wpa_scan_results *res; 1434 struct wext_scan_data data; 1435 1436 res_buf = wpa_driver_wext_giwscan(drv, &len); 1437 if (res_buf == NULL) 1438 return NULL; 1439 1440 ap_num = 0; 1441 first = 1; 1442 1443 res = os_zalloc(sizeof(*res)); 1444 if (res == NULL) { 1445 os_free(res_buf); 1446 return NULL; 1447 } 1448 1449 pos = (char *) res_buf; 1450 end = (char *) res_buf + len; 1451 os_memset(&data, 0, sizeof(data)); 1452 1453 while (pos + IW_EV_LCP_LEN <= end) { 1454 /* Event data may be unaligned, so make a local, aligned copy 1455 * before processing. */ 1456 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN); 1457 if (iwe->len <= IW_EV_LCP_LEN) 1458 break; 1459 1460 custom = pos + IW_EV_POINT_LEN; 1461 if (wext_19_iw_point(drv, iwe->cmd)) { 1462 /* WE-19 removed the pointer from struct iw_point */ 1463 char *dpos = (char *) &iwe_buf.u.data.length; 1464 int dlen = dpos - (char *) &iwe_buf; 1465 os_memcpy(dpos, pos + IW_EV_LCP_LEN, 1466 sizeof(struct iw_event) - dlen); 1467 } else { 1468 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event)); 1469 custom += IW_EV_POINT_OFF; 1470 } 1471 1472 switch (iwe->cmd) { 1473 case SIOCGIWAP: 1474 if (!first) 1475 wpa_driver_wext_add_scan_entry(res, &data); 1476 first = 0; 1477 os_free(data.ie); 1478 os_memset(&data, 0, sizeof(data)); 1479 os_memcpy(data.res.bssid, 1480 iwe->u.ap_addr.sa_data, ETH_ALEN); 1481 break; 1482 case SIOCGIWMODE: 1483 wext_get_scan_mode(iwe, &data); 1484 break; 1485 case SIOCGIWESSID: 1486 wext_get_scan_ssid(iwe, &data, custom, end); 1487 break; 1488 case SIOCGIWFREQ: 1489 wext_get_scan_freq(iwe, &data); 1490 break; 1491 case IWEVQUAL: 1492 wext_get_scan_qual(drv, iwe, &data); 1493 break; 1494 case SIOCGIWENCODE: 1495 wext_get_scan_encode(iwe, &data); 1496 break; 1497 case SIOCGIWRATE: 1498 wext_get_scan_rate(iwe, &data, pos, end); 1499 break; 1500 case IWEVGENIE: 1501 wext_get_scan_iwevgenie(iwe, &data, custom, end); 1502 break; 1503 case IWEVCUSTOM: 1504 wext_get_scan_custom(iwe, &data, custom, end); 1505 break; 1506 } 1507 1508 pos += iwe->len; 1509 } 1510 os_free(res_buf); 1511 res_buf = NULL; 1512 if (!first) 1513 wpa_driver_wext_add_scan_entry(res, &data); 1514 os_free(data.ie); 1515 1516 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)", 1517 (unsigned long) len, (unsigned long) res->num); 1518 1519 return res; 1520} 1521 1522 1523static int wpa_driver_wext_get_range(void *priv) 1524{ 1525 struct wpa_driver_wext_data *drv = priv; 1526 struct iw_range *range; 1527 struct iwreq iwr; 1528 int minlen; 1529 size_t buflen; 1530 1531 /* 1532 * Use larger buffer than struct iw_range in order to allow the 1533 * structure to grow in the future. 1534 */ 1535 buflen = sizeof(struct iw_range) + 500; 1536 range = os_zalloc(buflen); 1537 if (range == NULL) 1538 return -1; 1539 1540 os_memset(&iwr, 0, sizeof(iwr)); 1541 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1542 iwr.u.data.pointer = (caddr_t) range; 1543 iwr.u.data.length = buflen; 1544 1545 minlen = ((char *) &range->enc_capa) - (char *) range + 1546 sizeof(range->enc_capa); 1547 1548 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) { 1549 perror("ioctl[SIOCGIWRANGE]"); 1550 os_free(range); 1551 return -1; 1552 } else if (iwr.u.data.length >= minlen && 1553 range->we_version_compiled >= 18) { 1554 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d " 1555 "WE(source)=%d enc_capa=0x%x", 1556 range->we_version_compiled, 1557 range->we_version_source, 1558 range->enc_capa); 1559 drv->has_capability = 1; 1560 drv->we_version_compiled = range->we_version_compiled; 1561 if (range->enc_capa & IW_ENC_CAPA_WPA) { 1562 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA | 1563 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK; 1564 } 1565 if (range->enc_capa & IW_ENC_CAPA_WPA2) { 1566 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 1567 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 1568 } 1569 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 | 1570 WPA_DRIVER_CAPA_ENC_WEP104; 1571 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP) 1572 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; 1573 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP) 1574 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; 1575 if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE) 1576 drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE; 1577 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 1578 WPA_DRIVER_AUTH_SHARED | 1579 WPA_DRIVER_AUTH_LEAP; 1580#ifdef ANDROID 1581 drv->capa.max_scan_ssids = WEXT_CSCAN_AMOUNT; 1582#else 1583 drv->capa.max_scan_ssids = 1; 1584#endif 1585 1586 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x " 1587 "flags 0x%x", 1588 drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags); 1589 } else { 1590 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - " 1591 "assuming WPA is not supported"); 1592 } 1593 1594 drv->max_level = range->max_qual.level; 1595 1596 os_free(range); 1597 return 0; 1598} 1599 1600 1601static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv, 1602 const u8 *psk) 1603{ 1604 struct iw_encode_ext *ext; 1605 struct iwreq iwr; 1606 int ret; 1607 1608 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1609 1610 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) 1611 return 0; 1612 1613 if (!psk) 1614 return 0; 1615 1616 os_memset(&iwr, 0, sizeof(iwr)); 1617 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1618 1619 ext = os_zalloc(sizeof(*ext) + PMK_LEN); 1620 if (ext == NULL) 1621 return -1; 1622 1623 iwr.u.encoding.pointer = (caddr_t) ext; 1624 iwr.u.encoding.length = sizeof(*ext) + PMK_LEN; 1625 ext->key_len = PMK_LEN; 1626 os_memcpy(&ext->key, psk, ext->key_len); 1627 ext->alg = IW_ENCODE_ALG_PMK; 1628 1629 ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr); 1630 if (ret < 0) 1631 perror("ioctl[SIOCSIWENCODEEXT] PMK"); 1632 os_free(ext); 1633 1634 return ret; 1635} 1636 1637 1638static int wpa_driver_wext_set_key_ext(void *priv, enum wpa_alg alg, 1639 const u8 *addr, int key_idx, 1640 int set_tx, const u8 *seq, 1641 size_t seq_len, 1642 const u8 *key, size_t key_len) 1643{ 1644 struct wpa_driver_wext_data *drv = priv; 1645 struct iwreq iwr; 1646 int ret = 0; 1647 struct iw_encode_ext *ext; 1648 1649 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) { 1650 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu", 1651 __FUNCTION__, (unsigned long) seq_len); 1652 return -1; 1653 } 1654 1655 ext = os_zalloc(sizeof(*ext) + key_len); 1656 if (ext == NULL) 1657 return -1; 1658 os_memset(&iwr, 0, sizeof(iwr)); 1659 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1660 iwr.u.encoding.flags = key_idx + 1; 1661 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1662 if (alg == WPA_ALG_NONE) 1663 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 1664 iwr.u.encoding.pointer = (caddr_t) ext; 1665 iwr.u.encoding.length = sizeof(*ext) + key_len; 1666 1667 if (addr == NULL || is_broadcast_ether_addr(addr)) 1668 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY; 1669 if (set_tx) 1670 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY; 1671 1672 ext->addr.sa_family = ARPHRD_ETHER; 1673 if (addr) 1674 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN); 1675 else 1676 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN); 1677 if (key && key_len) { 1678 os_memcpy(ext + 1, key, key_len); 1679 ext->key_len = key_len; 1680 } 1681 switch (alg) { 1682 case WPA_ALG_NONE: 1683 ext->alg = IW_ENCODE_ALG_NONE; 1684 break; 1685 case WPA_ALG_WEP: 1686 ext->alg = IW_ENCODE_ALG_WEP; 1687 break; 1688 case WPA_ALG_TKIP: 1689 ext->alg = IW_ENCODE_ALG_TKIP; 1690 break; 1691 case WPA_ALG_CCMP: 1692 ext->alg = IW_ENCODE_ALG_CCMP; 1693 break; 1694 case WPA_ALG_PMK: 1695 ext->alg = IW_ENCODE_ALG_PMK; 1696 break; 1697#ifdef CONFIG_IEEE80211W 1698 case WPA_ALG_IGTK: 1699 ext->alg = IW_ENCODE_ALG_AES_CMAC; 1700 break; 1701#endif /* CONFIG_IEEE80211W */ 1702 default: 1703 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d", 1704 __FUNCTION__, alg); 1705 os_free(ext); 1706 return -1; 1707 } 1708 1709 if (seq && seq_len) { 1710 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID; 1711 os_memcpy(ext->rx_seq, seq, seq_len); 1712 } 1713 1714 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) { 1715 ret = errno == EOPNOTSUPP ? -2 : -1; 1716 if (errno == ENODEV) { 1717 /* 1718 * ndiswrapper seems to be returning incorrect error 1719 * code.. */ 1720 ret = -2; 1721 } 1722 1723 perror("ioctl[SIOCSIWENCODEEXT]"); 1724 } 1725 1726 os_free(ext); 1727 return ret; 1728} 1729 1730 1731/** 1732 * wpa_driver_wext_set_key - Configure encryption key 1733 * @priv: Pointer to private wext data from wpa_driver_wext_init() 1734 * @priv: Private driver interface data 1735 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP, 1736 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key. 1737 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for 1738 * broadcast/default keys 1739 * @key_idx: key index (0..3), usually 0 for unicast keys 1740 * @set_tx: Configure this key as the default Tx key (only used when 1741 * driver does not support separate unicast/individual key 1742 * @seq: Sequence number/packet number, seq_len octets, the next 1743 * packet number to be used for in replay protection; configured 1744 * for Rx keys (in most cases, this is only used with broadcast 1745 * keys and set to zero for unicast keys) 1746 * @seq_len: Length of the seq, depends on the algorithm: 1747 * TKIP: 6 octets, CCMP: 6 octets 1748 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key, 1749 * 8-byte Rx Mic Key 1750 * @key_len: Length of the key buffer in octets (WEP: 5 or 13, 1751 * TKIP: 32, CCMP: 16) 1752 * Returns: 0 on success, -1 on failure 1753 * 1754 * This function uses SIOCSIWENCODEEXT by default, but tries to use 1755 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key. 1756 */ 1757int wpa_driver_wext_set_key(const char *ifname, void *priv, enum wpa_alg alg, 1758 const u8 *addr, int key_idx, 1759 int set_tx, const u8 *seq, size_t seq_len, 1760 const u8 *key, size_t key_len) 1761{ 1762 struct wpa_driver_wext_data *drv = priv; 1763 struct iwreq iwr; 1764 int ret = 0; 1765 1766 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu " 1767 "key_len=%lu", 1768 __FUNCTION__, alg, key_idx, set_tx, 1769 (unsigned long) seq_len, (unsigned long) key_len); 1770 1771 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx, 1772 seq, seq_len, key, key_len); 1773 if (ret == 0) 1774 return 0; 1775 1776 if (ret == -2 && 1777 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) { 1778 wpa_printf(MSG_DEBUG, "Driver did not support " 1779 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE"); 1780 ret = 0; 1781 } else { 1782 wpa_printf(MSG_DEBUG, "Driver did not support " 1783 "SIOCSIWENCODEEXT"); 1784 return ret; 1785 } 1786 1787 os_memset(&iwr, 0, sizeof(iwr)); 1788 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1789 iwr.u.encoding.flags = key_idx + 1; 1790 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1791 if (alg == WPA_ALG_NONE) 1792 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 1793 iwr.u.encoding.pointer = (caddr_t) key; 1794 iwr.u.encoding.length = key_len; 1795 1796 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 1797 perror("ioctl[SIOCSIWENCODE]"); 1798 ret = -1; 1799 } 1800 1801 if (set_tx && alg != WPA_ALG_NONE) { 1802 os_memset(&iwr, 0, sizeof(iwr)); 1803 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1804 iwr.u.encoding.flags = key_idx + 1; 1805 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1806 iwr.u.encoding.pointer = (caddr_t) NULL; 1807 iwr.u.encoding.length = 0; 1808 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 1809 perror("ioctl[SIOCSIWENCODE] (set_tx)"); 1810 ret = -1; 1811 } 1812 } 1813 1814 return ret; 1815} 1816 1817 1818static int wpa_driver_wext_set_countermeasures(void *priv, 1819 int enabled) 1820{ 1821 struct wpa_driver_wext_data *drv = priv; 1822 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1823 return wpa_driver_wext_set_auth_param(drv, 1824 IW_AUTH_TKIP_COUNTERMEASURES, 1825 enabled); 1826} 1827 1828 1829static int wpa_driver_wext_set_drop_unencrypted(void *priv, 1830 int enabled) 1831{ 1832 struct wpa_driver_wext_data *drv = priv; 1833 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1834 drv->use_crypt = enabled; 1835 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED, 1836 enabled); 1837} 1838 1839 1840static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv, 1841 const u8 *addr, int cmd, int reason_code) 1842{ 1843 struct iwreq iwr; 1844 struct iw_mlme mlme; 1845 int ret = 0; 1846 1847 os_memset(&iwr, 0, sizeof(iwr)); 1848 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1849 os_memset(&mlme, 0, sizeof(mlme)); 1850 mlme.cmd = cmd; 1851 mlme.reason_code = reason_code; 1852 mlme.addr.sa_family = ARPHRD_ETHER; 1853 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN); 1854 iwr.u.data.pointer = (caddr_t) &mlme; 1855 iwr.u.data.length = sizeof(mlme); 1856 1857 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) { 1858 perror("ioctl[SIOCSIWMLME]"); 1859 ret = -1; 1860 } 1861 1862 return ret; 1863} 1864 1865 1866static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv) 1867{ 1868 struct iwreq iwr; 1869 const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 }; 1870 u8 ssid[32]; 1871 int i; 1872 1873 /* 1874 * Only force-disconnect when the card is in infrastructure mode, 1875 * otherwise the driver might interpret the cleared BSSID and random 1876 * SSID as an attempt to create a new ad-hoc network. 1877 */ 1878 os_memset(&iwr, 0, sizeof(iwr)); 1879 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1880 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) { 1881 perror("ioctl[SIOCGIWMODE]"); 1882 iwr.u.mode = IW_MODE_INFRA; 1883 } 1884 1885 if (iwr.u.mode == IW_MODE_INFRA) { 1886 if (drv->cfg80211) { 1887 /* 1888 * cfg80211 supports SIOCSIWMLME commands, so there is 1889 * no need for the random SSID hack, but clear the 1890 * BSSID and SSID. 1891 */ 1892 if (wpa_driver_wext_set_bssid(drv, null_bssid) < 0 || 1893#ifdef ANDROID 1894 0) { 1895#else 1896 wpa_driver_wext_set_ssid(drv, (u8 *) "", 0) < 0) { 1897#endif 1898 wpa_printf(MSG_DEBUG, "WEXT: Failed to clear " 1899 "to disconnect"); 1900 } 1901 return; 1902 } 1903 /* 1904 * Clear the BSSID selection and set a random SSID to make sure 1905 * the driver will not be trying to associate with something 1906 * even if it does not understand SIOCSIWMLME commands (or 1907 * tries to associate automatically after deauth/disassoc). 1908 */ 1909 for (i = 0; i < 32; i++) 1910 ssid[i] = rand() & 0xFF; 1911 if (wpa_driver_wext_set_bssid(drv, null_bssid) < 0 || 1912#ifdef ANDROID 1913 0) { 1914#else 1915 wpa_driver_wext_set_ssid(drv, ssid, 32) < 0) { 1916#endif 1917 wpa_printf(MSG_DEBUG, "WEXT: Failed to set bogus " 1918 "BSSID/SSID to disconnect"); 1919 } 1920 } 1921} 1922 1923 1924static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr, 1925 int reason_code) 1926{ 1927 struct wpa_driver_wext_data *drv = priv; 1928 int ret; 1929 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1930 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code); 1931 wpa_driver_wext_disconnect(drv); 1932 return ret; 1933} 1934 1935 1936static int wpa_driver_wext_disassociate(void *priv, const u8 *addr, 1937 int reason_code) 1938{ 1939 struct wpa_driver_wext_data *drv = priv; 1940 int ret; 1941 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1942 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC, reason_code); 1943 wpa_driver_wext_disconnect(drv); 1944 return ret; 1945} 1946 1947 1948static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie, 1949 size_t ie_len) 1950{ 1951 struct wpa_driver_wext_data *drv = priv; 1952 struct iwreq iwr; 1953 int ret = 0; 1954 1955 os_memset(&iwr, 0, sizeof(iwr)); 1956 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1957 iwr.u.data.pointer = (caddr_t) ie; 1958 iwr.u.data.length = ie_len; 1959 1960 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) { 1961 perror("ioctl[SIOCSIWGENIE]"); 1962 ret = -1; 1963 } 1964 1965 return ret; 1966} 1967 1968 1969int wpa_driver_wext_cipher2wext(int cipher) 1970{ 1971 switch (cipher) { 1972 case CIPHER_NONE: 1973 return IW_AUTH_CIPHER_NONE; 1974 case CIPHER_WEP40: 1975 return IW_AUTH_CIPHER_WEP40; 1976 case CIPHER_TKIP: 1977 return IW_AUTH_CIPHER_TKIP; 1978 case CIPHER_CCMP: 1979 return IW_AUTH_CIPHER_CCMP; 1980 case CIPHER_WEP104: 1981 return IW_AUTH_CIPHER_WEP104; 1982 default: 1983 return 0; 1984 } 1985} 1986 1987 1988int wpa_driver_wext_keymgmt2wext(int keymgmt) 1989{ 1990 switch (keymgmt) { 1991 case KEY_MGMT_802_1X: 1992 case KEY_MGMT_802_1X_NO_WPA: 1993 return IW_AUTH_KEY_MGMT_802_1X; 1994 case KEY_MGMT_PSK: 1995 return IW_AUTH_KEY_MGMT_PSK; 1996 default: 1997 return 0; 1998 } 1999} 2000 2001 2002static int 2003wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv, 2004 struct wpa_driver_associate_params *params) 2005{ 2006 struct iwreq iwr; 2007 int ret = 0; 2008 2009 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support " 2010 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE"); 2011 2012 os_memset(&iwr, 0, sizeof(iwr)); 2013 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2014 /* Just changing mode, not actual keys */ 2015 iwr.u.encoding.flags = 0; 2016 iwr.u.encoding.pointer = (caddr_t) NULL; 2017 iwr.u.encoding.length = 0; 2018 2019 /* 2020 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two 2021 * different things. Here they are used to indicate Open System vs. 2022 * Shared Key authentication algorithm. However, some drivers may use 2023 * them to select between open/restricted WEP encrypted (open = allow 2024 * both unencrypted and encrypted frames; restricted = only allow 2025 * encrypted frames). 2026 */ 2027 2028 if (!drv->use_crypt) { 2029 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 2030 } else { 2031 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 2032 iwr.u.encoding.flags |= IW_ENCODE_OPEN; 2033 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 2034 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED; 2035 } 2036 2037 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 2038 perror("ioctl[SIOCSIWENCODE]"); 2039 ret = -1; 2040 } 2041 2042 return ret; 2043} 2044 2045 2046int wpa_driver_wext_associate(void *priv, 2047 struct wpa_driver_associate_params *params) 2048{ 2049 struct wpa_driver_wext_data *drv = priv; 2050 int ret = 0; 2051 int allow_unencrypted_eapol; 2052 int value; 2053 2054 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 2055#ifdef ANDROID 2056 drv->skip_disconnect = 0; 2057#endif 2058 if (drv->cfg80211) { 2059 /* 2060 * Stop cfg80211 from trying to associate before we are done 2061 * with all parameters. 2062 */ 2063 wpa_driver_wext_set_ssid(drv, (u8 *) "", 0); 2064 } 2065 2066 if (wpa_driver_wext_set_drop_unencrypted(drv, params->drop_unencrypted) 2067 < 0) 2068 ret = -1; 2069 if (wpa_driver_wext_set_auth_alg(drv, params->auth_alg) < 0) 2070 ret = -1; 2071 if (wpa_driver_wext_set_mode(drv, params->mode) < 0) 2072 ret = -1; 2073 2074 /* 2075 * If the driver did not support SIOCSIWAUTH, fallback to 2076 * SIOCSIWENCODE here. 2077 */ 2078 if (drv->auth_alg_fallback && 2079 wpa_driver_wext_auth_alg_fallback(drv, params) < 0) 2080 ret = -1; 2081 2082 if (!params->bssid && 2083 wpa_driver_wext_set_bssid(drv, NULL) < 0) 2084 ret = -1; 2085 2086 /* TODO: should consider getting wpa version and cipher/key_mgmt suites 2087 * from configuration, not from here, where only the selected suite is 2088 * available */ 2089 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len) 2090 < 0) 2091 ret = -1; 2092 if (params->wpa_ie == NULL || params->wpa_ie_len == 0) 2093 value = IW_AUTH_WPA_VERSION_DISABLED; 2094 else if (params->wpa_ie[0] == WLAN_EID_RSN) 2095 value = IW_AUTH_WPA_VERSION_WPA2; 2096 else 2097 value = IW_AUTH_WPA_VERSION_WPA; 2098 if (wpa_driver_wext_set_auth_param(drv, 2099 IW_AUTH_WPA_VERSION, value) < 0) 2100 ret = -1; 2101 value = wpa_driver_wext_cipher2wext(params->pairwise_suite); 2102 if (wpa_driver_wext_set_auth_param(drv, 2103 IW_AUTH_CIPHER_PAIRWISE, value) < 0) 2104 ret = -1; 2105 value = wpa_driver_wext_cipher2wext(params->group_suite); 2106 if (wpa_driver_wext_set_auth_param(drv, 2107 IW_AUTH_CIPHER_GROUP, value) < 0) 2108 ret = -1; 2109 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite); 2110 if (wpa_driver_wext_set_auth_param(drv, 2111 IW_AUTH_KEY_MGMT, value) < 0) 2112 ret = -1; 2113 value = params->key_mgmt_suite != KEY_MGMT_NONE || 2114 params->pairwise_suite != CIPHER_NONE || 2115 params->group_suite != CIPHER_NONE || 2116 params->wpa_ie_len; 2117 if (wpa_driver_wext_set_auth_param(drv, 2118 IW_AUTH_PRIVACY_INVOKED, value) < 0) 2119 ret = -1; 2120 2121 /* Allow unencrypted EAPOL messages even if pairwise keys are set when 2122 * not using WPA. IEEE 802.1X specifies that these frames are not 2123 * encrypted, but WPA encrypts them when pairwise keys are in use. */ 2124 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 2125 params->key_mgmt_suite == KEY_MGMT_PSK) 2126 allow_unencrypted_eapol = 0; 2127 else 2128 allow_unencrypted_eapol = 1; 2129 2130 if (wpa_driver_wext_set_psk(drv, params->psk) < 0) 2131 ret = -1; 2132 if (wpa_driver_wext_set_auth_param(drv, 2133 IW_AUTH_RX_UNENCRYPTED_EAPOL, 2134 allow_unencrypted_eapol) < 0) 2135 ret = -1; 2136#ifdef CONFIG_IEEE80211W 2137 switch (params->mgmt_frame_protection) { 2138 case NO_MGMT_FRAME_PROTECTION: 2139 value = IW_AUTH_MFP_DISABLED; 2140 break; 2141 case MGMT_FRAME_PROTECTION_OPTIONAL: 2142 value = IW_AUTH_MFP_OPTIONAL; 2143 break; 2144 case MGMT_FRAME_PROTECTION_REQUIRED: 2145 value = IW_AUTH_MFP_REQUIRED; 2146 break; 2147 }; 2148 if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0) 2149 ret = -1; 2150#endif /* CONFIG_IEEE80211W */ 2151 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0) 2152 ret = -1; 2153 if (!drv->cfg80211 && 2154 wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0) 2155 ret = -1; 2156 if (params->bssid && 2157 wpa_driver_wext_set_bssid(drv, params->bssid) < 0) 2158 ret = -1; 2159 if (drv->cfg80211 && 2160 wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0) 2161 ret = -1; 2162 2163 return ret; 2164} 2165 2166 2167static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg) 2168{ 2169 struct wpa_driver_wext_data *drv = priv; 2170 int algs = 0, res; 2171 2172 if (auth_alg & WPA_AUTH_ALG_OPEN) 2173 algs |= IW_AUTH_ALG_OPEN_SYSTEM; 2174 if (auth_alg & WPA_AUTH_ALG_SHARED) 2175 algs |= IW_AUTH_ALG_SHARED_KEY; 2176 if (auth_alg & WPA_AUTH_ALG_LEAP) 2177 algs |= IW_AUTH_ALG_LEAP; 2178 if (algs == 0) { 2179 /* at least one algorithm should be set */ 2180 algs = IW_AUTH_ALG_OPEN_SYSTEM; 2181 } 2182 2183 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG, 2184 algs); 2185 drv->auth_alg_fallback = res == -2; 2186 return res; 2187} 2188 2189 2190/** 2191 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE 2192 * @priv: Pointer to private wext data from wpa_driver_wext_init() 2193 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS 2194 * Returns: 0 on success, -1 on failure 2195 */ 2196int wpa_driver_wext_set_mode(void *priv, int mode) 2197{ 2198 struct wpa_driver_wext_data *drv = priv; 2199 struct iwreq iwr; 2200 int ret = -1; 2201 unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA; 2202 2203 os_memset(&iwr, 0, sizeof(iwr)); 2204 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2205 iwr.u.mode = new_mode; 2206 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) { 2207 ret = 0; 2208 goto done; 2209 } 2210 2211 if (errno != EBUSY) { 2212 perror("ioctl[SIOCSIWMODE]"); 2213 goto done; 2214 } 2215 2216 /* mac80211 doesn't allow mode changes while the device is up, so if 2217 * the device isn't in the mode we're about to change to, take device 2218 * down, try to set the mode again, and bring it back up. 2219 */ 2220 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) { 2221 perror("ioctl[SIOCGIWMODE]"); 2222 goto done; 2223 } 2224 2225 if (iwr.u.mode == new_mode) { 2226 ret = 0; 2227 goto done; 2228 } 2229 2230 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0) == 0) { 2231 /* Try to set the mode again while the interface is down */ 2232 iwr.u.mode = new_mode; 2233 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0) 2234 perror("ioctl[SIOCSIWMODE]"); 2235 else 2236 ret = 0; 2237 2238 (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1); 2239 } 2240 2241done: 2242 return ret; 2243} 2244 2245 2246static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv, 2247 u32 cmd, const u8 *bssid, const u8 *pmkid) 2248{ 2249 struct iwreq iwr; 2250 struct iw_pmksa pmksa; 2251 int ret = 0; 2252 2253 os_memset(&iwr, 0, sizeof(iwr)); 2254 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2255 os_memset(&pmksa, 0, sizeof(pmksa)); 2256 pmksa.cmd = cmd; 2257 pmksa.bssid.sa_family = ARPHRD_ETHER; 2258 if (bssid) 2259 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN); 2260 if (pmkid) 2261 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN); 2262 iwr.u.data.pointer = (caddr_t) &pmksa; 2263 iwr.u.data.length = sizeof(pmksa); 2264 2265 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) { 2266 if (errno != EOPNOTSUPP) 2267 perror("ioctl[SIOCSIWPMKSA]"); 2268 ret = -1; 2269 } 2270 2271 return ret; 2272} 2273 2274 2275static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid, 2276 const u8 *pmkid) 2277{ 2278 struct wpa_driver_wext_data *drv = priv; 2279 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid); 2280} 2281 2282 2283static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid, 2284 const u8 *pmkid) 2285{ 2286 struct wpa_driver_wext_data *drv = priv; 2287 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid); 2288} 2289 2290 2291static int wpa_driver_wext_flush_pmkid(void *priv) 2292{ 2293 struct wpa_driver_wext_data *drv = priv; 2294 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL); 2295} 2296 2297 2298int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa) 2299{ 2300 struct wpa_driver_wext_data *drv = priv; 2301 if (!drv->has_capability) 2302 return -1; 2303 os_memcpy(capa, &drv->capa, sizeof(*capa)); 2304 return 0; 2305} 2306 2307 2308int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv, 2309 const char *ifname) 2310{ 2311 if (ifname == NULL) { 2312 drv->ifindex2 = -1; 2313 return 0; 2314 } 2315 2316 drv->ifindex2 = if_nametoindex(ifname); 2317 if (drv->ifindex2 <= 0) 2318 return -1; 2319 2320 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for " 2321 "wireless events", drv->ifindex2, ifname); 2322 2323 return 0; 2324} 2325 2326 2327int wpa_driver_wext_set_operstate(void *priv, int state) 2328{ 2329 struct wpa_driver_wext_data *drv = priv; 2330 2331 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 2332 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 2333 drv->operstate = state; 2334 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1, 2335 state ? IF_OPER_UP : IF_OPER_DORMANT); 2336} 2337 2338 2339int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv) 2340{ 2341 return drv->we_version_compiled; 2342} 2343 2344 2345static const char * wext_get_radio_name(void *priv) 2346{ 2347 struct wpa_driver_wext_data *drv = priv; 2348 return drv->phyname; 2349} 2350 2351 2352const struct wpa_driver_ops wpa_driver_wext_ops = { 2353 .name = "wext", 2354 .desc = "Linux wireless extensions (generic)", 2355 .get_bssid = wpa_driver_wext_get_bssid, 2356 .get_ssid = wpa_driver_wext_get_ssid, 2357 .set_key = wpa_driver_wext_set_key, 2358 .set_countermeasures = wpa_driver_wext_set_countermeasures, 2359 .scan2 = wpa_driver_wext_scan, 2360 .get_scan_results2 = wpa_driver_wext_get_scan_results, 2361 .deauthenticate = wpa_driver_wext_deauthenticate, 2362 .disassociate = wpa_driver_wext_disassociate, 2363 .associate = wpa_driver_wext_associate, 2364 .init = wpa_driver_wext_init, 2365 .deinit = wpa_driver_wext_deinit, 2366 .add_pmkid = wpa_driver_wext_add_pmkid, 2367 .remove_pmkid = wpa_driver_wext_remove_pmkid, 2368 .flush_pmkid = wpa_driver_wext_flush_pmkid, 2369 .get_capa = wpa_driver_wext_get_capa, 2370 .set_operstate = wpa_driver_wext_set_operstate, 2371 .get_radio_name = wext_get_radio_name, 2372#ifdef ANDROID 2373 .driver_cmd = wpa_driver_wext_driver_cmd, 2374#endif 2375}; 2376