1/* 2 * WPA Supplicant - Layer2 packet handling with Microsoft NDISUIO 3 * Copyright (c) 2003-2006, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This implementation requires Windows specific event loop implementation, 9 * i.e., eloop_win.c. In addition, the NDISUIO connection is shared with 10 * driver_ndis.c, so only that driver interface can be used and 11 * CONFIG_USE_NDISUIO must be defined. 12 * 13 * WinXP version of the code uses overlapped I/O and a single threaded design 14 * with callback functions from I/O code. WinCE version uses a separate RX 15 * thread that blocks on ReadFile() whenever the media status is connected. 16 */ 17 18#include "includes.h" 19#include <winsock2.h> 20#include <ntddndis.h> 21 22#ifdef _WIN32_WCE 23#include <winioctl.h> 24#include <nuiouser.h> 25#endif /* _WIN32_WCE */ 26 27#include "common.h" 28#include "eloop.h" 29#include "l2_packet.h" 30 31#ifndef _WIN32_WCE 32/* from nuiouser.h */ 33#define FSCTL_NDISUIO_BASE FILE_DEVICE_NETWORK 34#define _NDISUIO_CTL_CODE(_Function, _Method, _Access) \ 35 CTL_CODE(FSCTL_NDISUIO_BASE, _Function, _Method, _Access) 36#define IOCTL_NDISUIO_SET_ETHER_TYPE \ 37 _NDISUIO_CTL_CODE(0x202, METHOD_BUFFERED, \ 38 FILE_READ_ACCESS | FILE_WRITE_ACCESS) 39#endif /* _WIN32_WCE */ 40 41/* From driver_ndis.c to shared the handle to NDISUIO */ 42HANDLE driver_ndis_get_ndisuio_handle(void); 43 44/* 45 * NDISUIO supports filtering of only one ethertype at the time, so we must 46 * fake support for two (EAPOL and RSN pre-auth) by switching to pre-auth 47 * whenever wpa_supplicant is trying to pre-authenticate and then switching 48 * back to EAPOL when pre-authentication has been completed. 49 */ 50 51struct l2_packet_data; 52 53struct l2_packet_ndisuio_global { 54 int refcount; 55 unsigned short first_proto; 56 struct l2_packet_data *l2[2]; 57#ifdef _WIN32_WCE 58 HANDLE rx_thread; 59 HANDLE stop_request; 60 HANDLE ready_for_read; 61 HANDLE rx_processed; 62#endif /* _WIN32_WCE */ 63}; 64 65static struct l2_packet_ndisuio_global *l2_ndisuio_global = NULL; 66 67struct l2_packet_data { 68 char ifname[100]; 69 u8 own_addr[ETH_ALEN]; 70 void (*rx_callback)(void *ctx, const u8 *src_addr, 71 const u8 *buf, size_t len); 72 void *rx_callback_ctx; 73 int l2_hdr; /* whether to include layer 2 (Ethernet) header in calls to 74 * rx_callback and l2_packet_send() */ 75 HANDLE rx_avail; 76#ifndef _WIN32_WCE 77 OVERLAPPED rx_overlapped; 78#endif /* _WIN32_WCE */ 79 u8 rx_buf[1514]; 80 DWORD rx_written; 81}; 82 83 84int l2_packet_get_own_addr(struct l2_packet_data *l2, u8 *addr) 85{ 86 os_memcpy(addr, l2->own_addr, ETH_ALEN); 87 return 0; 88} 89 90 91int l2_packet_send(struct l2_packet_data *l2, const u8 *dst_addr, u16 proto, 92 const u8 *buf, size_t len) 93{ 94 BOOL res; 95 DWORD written; 96 struct l2_ethhdr *eth; 97#ifndef _WIN32_WCE 98 OVERLAPPED overlapped; 99#endif /* _WIN32_WCE */ 100 OVERLAPPED *o; 101 102 if (l2 == NULL) 103 return -1; 104 105#ifdef _WIN32_WCE 106 o = NULL; 107#else /* _WIN32_WCE */ 108 os_memset(&overlapped, 0, sizeof(overlapped)); 109 o = &overlapped; 110#endif /* _WIN32_WCE */ 111 112 if (l2->l2_hdr) { 113 res = WriteFile(driver_ndis_get_ndisuio_handle(), buf, len, 114 &written, o); 115 } else { 116 size_t mlen = sizeof(*eth) + len; 117 eth = os_malloc(mlen); 118 if (eth == NULL) 119 return -1; 120 121 os_memcpy(eth->h_dest, dst_addr, ETH_ALEN); 122 os_memcpy(eth->h_source, l2->own_addr, ETH_ALEN); 123 eth->h_proto = htons(proto); 124 os_memcpy(eth + 1, buf, len); 125 res = WriteFile(driver_ndis_get_ndisuio_handle(), eth, mlen, 126 &written, o); 127 os_free(eth); 128 } 129 130 if (!res) { 131 DWORD err = GetLastError(); 132#ifndef _WIN32_WCE 133 if (err == ERROR_IO_PENDING) { 134 wpa_printf(MSG_DEBUG, "L2(NDISUIO): Wait for pending " 135 "write to complete"); 136 res = GetOverlappedResult( 137 driver_ndis_get_ndisuio_handle(), &overlapped, 138 &written, TRUE); 139 if (!res) { 140 wpa_printf(MSG_DEBUG, "L2(NDISUIO): " 141 "GetOverlappedResult failed: %d", 142 (int) GetLastError()); 143 return -1; 144 } 145 return 0; 146 } 147#endif /* _WIN32_WCE */ 148 wpa_printf(MSG_DEBUG, "L2(NDISUIO): WriteFile failed: %d", 149 (int) GetLastError()); 150 return -1; 151 } 152 153 return 0; 154} 155 156 157static void l2_packet_callback(struct l2_packet_data *l2); 158 159#ifdef _WIN32_WCE 160static void l2_packet_rx_thread_try_read(struct l2_packet_data *l2) 161{ 162 HANDLE handles[2]; 163 164 wpa_printf(MSG_MSGDUMP, "l2_packet_rx_thread: -> ReadFile"); 165 if (!ReadFile(driver_ndis_get_ndisuio_handle(), l2->rx_buf, 166 sizeof(l2->rx_buf), &l2->rx_written, NULL)) { 167 DWORD err = GetLastError(); 168 wpa_printf(MSG_DEBUG, "l2_packet_rx_thread: ReadFile failed: " 169 "%d", (int) err); 170 /* 171 * ReadFile on NDISUIO/WinCE returns ERROR_DEVICE_NOT_CONNECTED 172 * error whenever the connection is not up. Yield the thread to 173 * avoid triggering a busy loop. Connection event should stop 174 * us from looping for long, but we need to allow enough CPU 175 * for the main thread to process the media disconnection. 176 */ 177 Sleep(100); 178 return; 179 } 180 181 wpa_printf(MSG_DEBUG, "l2_packet_rx_thread: Read %d byte packet", 182 (int) l2->rx_written); 183 184 /* 185 * Notify the main thread about the availability of a frame and wait 186 * for the frame to be processed. 187 */ 188 SetEvent(l2->rx_avail); 189 handles[0] = l2_ndisuio_global->stop_request; 190 handles[1] = l2_ndisuio_global->rx_processed; 191 WaitForMultipleObjects(2, handles, FALSE, INFINITE); 192 ResetEvent(l2_ndisuio_global->rx_processed); 193} 194 195 196static DWORD WINAPI l2_packet_rx_thread(LPVOID arg) 197{ 198 struct l2_packet_data *l2 = arg; 199 DWORD res; 200 HANDLE handles[2]; 201 int run = 1; 202 203 wpa_printf(MSG_DEBUG, "L2(NDISUIO): RX thread started"); 204 handles[0] = l2_ndisuio_global->stop_request; 205 handles[1] = l2_ndisuio_global->ready_for_read; 206 207 /* 208 * Unfortunately, NDISUIO on WinCE does not seem to support waiting 209 * on the handle. There do not seem to be anything else that we could 210 * wait for either. If one were to modify NDISUIO to set a named event 211 * whenever packets are available, this event could be used here to 212 * avoid having to poll for new packets or we could even move to use a 213 * single threaded design. 214 * 215 * In addition, NDISUIO on WinCE is returning 216 * ERROR_DEVICE_NOT_CONNECTED whenever ReadFile() is attempted while 217 * the adapter is not in connected state. For now, we are just using a 218 * local event to allow ReadFile calls only after having received NDIS 219 * media connect event. This event could be easily converted to handle 220 * another event if the protocol driver is replaced with somewhat more 221 * useful design. 222 */ 223 224 while (l2_ndisuio_global && run) { 225 res = WaitForMultipleObjects(2, handles, FALSE, INFINITE); 226 switch (res) { 227 case WAIT_OBJECT_0: 228 wpa_printf(MSG_DEBUG, "l2_packet_rx_thread: Received " 229 "request to stop RX thread"); 230 run = 0; 231 break; 232 case WAIT_OBJECT_0 + 1: 233 l2_packet_rx_thread_try_read(l2); 234 break; 235 case WAIT_FAILED: 236 default: 237 wpa_printf(MSG_DEBUG, "l2_packet_rx_thread: " 238 "WaitForMultipleObjects failed: %d", 239 (int) GetLastError()); 240 run = 0; 241 break; 242 } 243 } 244 245 wpa_printf(MSG_DEBUG, "L2(NDISUIO): RX thread stopped"); 246 247 return 0; 248} 249#else /* _WIN32_WCE */ 250static int l2_ndisuio_start_read(struct l2_packet_data *l2, int recursive) 251{ 252 os_memset(&l2->rx_overlapped, 0, sizeof(l2->rx_overlapped)); 253 l2->rx_overlapped.hEvent = l2->rx_avail; 254 if (!ReadFile(driver_ndis_get_ndisuio_handle(), l2->rx_buf, 255 sizeof(l2->rx_buf), &l2->rx_written, &l2->rx_overlapped)) 256 { 257 DWORD err = GetLastError(); 258 if (err != ERROR_IO_PENDING) { 259 wpa_printf(MSG_DEBUG, "L2(NDISUIO): ReadFile failed: " 260 "%d", (int) err); 261 return -1; 262 } 263 /* 264 * Once read is completed, l2_packet_rx_event() will be 265 * called. 266 */ 267 } else { 268 wpa_printf(MSG_DEBUG, "L2(NDISUIO): ReadFile returned data " 269 "without wait for completion"); 270 if (!recursive) 271 l2_packet_callback(l2); 272 } 273 274 return 0; 275} 276#endif /* _WIN32_WCE */ 277 278 279static void l2_packet_callback(struct l2_packet_data *l2) 280{ 281 const u8 *rx_buf, *rx_src; 282 size_t rx_len; 283 struct l2_ethhdr *ethhdr = (struct l2_ethhdr *) l2->rx_buf; 284 285 wpa_printf(MSG_DEBUG, "L2(NDISUIO): Read %d bytes", 286 (int) l2->rx_written); 287 288 if (l2->l2_hdr || l2->rx_written < sizeof(*ethhdr)) { 289 rx_buf = (u8 *) ethhdr; 290 rx_len = l2->rx_written; 291 } else { 292 rx_buf = (u8 *) (ethhdr + 1); 293 rx_len = l2->rx_written - sizeof(*ethhdr); 294 } 295 rx_src = ethhdr->h_source; 296 297 l2->rx_callback(l2->rx_callback_ctx, rx_src, rx_buf, rx_len); 298#ifndef _WIN32_WCE 299 l2_ndisuio_start_read(l2, 1); 300#endif /* _WIN32_WCE */ 301} 302 303 304static void l2_packet_rx_event(void *eloop_data, void *user_data) 305{ 306 struct l2_packet_data *l2 = eloop_data; 307 308 if (l2_ndisuio_global) 309 l2 = l2_ndisuio_global->l2[l2_ndisuio_global->refcount - 1]; 310 311 ResetEvent(l2->rx_avail); 312 313#ifndef _WIN32_WCE 314 if (!GetOverlappedResult(driver_ndis_get_ndisuio_handle(), 315 &l2->rx_overlapped, &l2->rx_written, FALSE)) { 316 wpa_printf(MSG_DEBUG, "L2(NDISUIO): GetOverlappedResult " 317 "failed: %d", (int) GetLastError()); 318 return; 319 } 320#endif /* _WIN32_WCE */ 321 322 l2_packet_callback(l2); 323 324#ifdef _WIN32_WCE 325 SetEvent(l2_ndisuio_global->rx_processed); 326#endif /* _WIN32_WCE */ 327} 328 329 330static int l2_ndisuio_set_ether_type(unsigned short protocol) 331{ 332 USHORT proto = htons(protocol); 333 DWORD written; 334 335 if (!DeviceIoControl(driver_ndis_get_ndisuio_handle(), 336 IOCTL_NDISUIO_SET_ETHER_TYPE, &proto, 337 sizeof(proto), NULL, 0, &written, NULL)) { 338 wpa_printf(MSG_ERROR, "L2(NDISUIO): " 339 "IOCTL_NDISUIO_SET_ETHER_TYPE failed: %d", 340 (int) GetLastError()); 341 return -1; 342 } 343 344 return 0; 345} 346 347 348struct l2_packet_data * l2_packet_init( 349 const char *ifname, const u8 *own_addr, unsigned short protocol, 350 void (*rx_callback)(void *ctx, const u8 *src_addr, 351 const u8 *buf, size_t len), 352 void *rx_callback_ctx, int l2_hdr) 353{ 354 struct l2_packet_data *l2; 355 356 if (l2_ndisuio_global == NULL) { 357 l2_ndisuio_global = os_zalloc(sizeof(*l2_ndisuio_global)); 358 if (l2_ndisuio_global == NULL) 359 return NULL; 360 l2_ndisuio_global->first_proto = protocol; 361 } 362 if (l2_ndisuio_global->refcount >= 2) { 363 wpa_printf(MSG_ERROR, "L2(NDISUIO): Not more than two " 364 "simultaneous connections allowed"); 365 return NULL; 366 } 367 l2_ndisuio_global->refcount++; 368 369 l2 = os_zalloc(sizeof(struct l2_packet_data)); 370 if (l2 == NULL) 371 return NULL; 372 l2_ndisuio_global->l2[l2_ndisuio_global->refcount - 1] = l2; 373 374 os_strlcpy(l2->ifname, ifname, sizeof(l2->ifname)); 375 l2->rx_callback = rx_callback; 376 l2->rx_callback_ctx = rx_callback_ctx; 377 l2->l2_hdr = l2_hdr; 378 379 if (own_addr) 380 os_memcpy(l2->own_addr, own_addr, ETH_ALEN); 381 382 if (l2_ndisuio_set_ether_type(protocol) < 0) { 383 os_free(l2); 384 return NULL; 385 } 386 387 if (l2_ndisuio_global->refcount > 1) { 388 wpa_printf(MSG_DEBUG, "L2(NDISUIO): Temporarily setting " 389 "filtering ethertype to %04x", protocol); 390 if (l2_ndisuio_global->l2[0]) 391 l2->rx_avail = l2_ndisuio_global->l2[0]->rx_avail; 392 return l2; 393 } 394 395 l2->rx_avail = CreateEvent(NULL, TRUE, FALSE, NULL); 396 if (l2->rx_avail == NULL) { 397 os_free(l2); 398 return NULL; 399 } 400 401 eloop_register_event(l2->rx_avail, sizeof(l2->rx_avail), 402 l2_packet_rx_event, l2, NULL); 403 404#ifdef _WIN32_WCE 405 l2_ndisuio_global->stop_request = CreateEvent(NULL, TRUE, FALSE, NULL); 406 /* 407 * This event is being set based on media connect/disconnect 408 * notifications in driver_ndis.c. 409 */ 410 l2_ndisuio_global->ready_for_read = 411 CreateEvent(NULL, TRUE, FALSE, TEXT("WpaSupplicantConnected")); 412 l2_ndisuio_global->rx_processed = CreateEvent(NULL, TRUE, FALSE, NULL); 413 if (l2_ndisuio_global->stop_request == NULL || 414 l2_ndisuio_global->ready_for_read == NULL || 415 l2_ndisuio_global->rx_processed == NULL) { 416 if (l2_ndisuio_global->stop_request) { 417 CloseHandle(l2_ndisuio_global->stop_request); 418 l2_ndisuio_global->stop_request = NULL; 419 } 420 if (l2_ndisuio_global->ready_for_read) { 421 CloseHandle(l2_ndisuio_global->ready_for_read); 422 l2_ndisuio_global->ready_for_read = NULL; 423 } 424 if (l2_ndisuio_global->rx_processed) { 425 CloseHandle(l2_ndisuio_global->rx_processed); 426 l2_ndisuio_global->rx_processed = NULL; 427 } 428 eloop_unregister_event(l2->rx_avail, sizeof(l2->rx_avail)); 429 os_free(l2); 430 return NULL; 431 } 432 433 l2_ndisuio_global->rx_thread = CreateThread(NULL, 0, 434 l2_packet_rx_thread, l2, 0, 435 NULL); 436 if (l2_ndisuio_global->rx_thread == NULL) { 437 wpa_printf(MSG_INFO, "L2(NDISUIO): Failed to create RX " 438 "thread: %d", (int) GetLastError()); 439 eloop_unregister_event(l2->rx_avail, sizeof(l2->rx_avail)); 440 CloseHandle(l2_ndisuio_global->stop_request); 441 l2_ndisuio_global->stop_request = NULL; 442 os_free(l2); 443 return NULL; 444 } 445#else /* _WIN32_WCE */ 446 l2_ndisuio_start_read(l2, 0); 447#endif /* _WIN32_WCE */ 448 449 return l2; 450} 451 452 453struct l2_packet_data * l2_packet_init_bridge( 454 const char *br_ifname, const char *ifname, const u8 *own_addr, 455 unsigned short protocol, 456 void (*rx_callback)(void *ctx, const u8 *src_addr, 457 const u8 *buf, size_t len), 458 void *rx_callback_ctx, int l2_hdr) 459{ 460 return l2_packet_init(br_ifname, own_addr, protocol, rx_callback, 461 rx_callback_ctx, l2_hdr); 462} 463 464 465void l2_packet_deinit(struct l2_packet_data *l2) 466{ 467 if (l2 == NULL) 468 return; 469 470 if (l2_ndisuio_global) { 471 l2_ndisuio_global->refcount--; 472 l2_ndisuio_global->l2[l2_ndisuio_global->refcount] = NULL; 473 if (l2_ndisuio_global->refcount) { 474 wpa_printf(MSG_DEBUG, "L2(NDISUIO): restore filtering " 475 "ethertype to %04x", 476 l2_ndisuio_global->first_proto); 477 l2_ndisuio_set_ether_type( 478 l2_ndisuio_global->first_proto); 479 return; 480 } 481 482#ifdef _WIN32_WCE 483 wpa_printf(MSG_DEBUG, "L2(NDISUIO): Waiting for RX thread to " 484 "stop"); 485 SetEvent(l2_ndisuio_global->stop_request); 486 /* 487 * Cancel pending ReadFile() in the RX thread (if we were still 488 * connected at this point). 489 */ 490 if (!DeviceIoControl(driver_ndis_get_ndisuio_handle(), 491 IOCTL_CANCEL_READ, NULL, 0, NULL, 0, NULL, 492 NULL)) { 493 wpa_printf(MSG_DEBUG, "L2(NDISUIO): IOCTL_CANCEL_READ " 494 "failed: %d", (int) GetLastError()); 495 /* RX thread will exit blocking ReadFile once NDISUIO 496 * notices that the adapter is disconnected. */ 497 } 498 WaitForSingleObject(l2_ndisuio_global->rx_thread, INFINITE); 499 wpa_printf(MSG_DEBUG, "L2(NDISUIO): RX thread exited"); 500 CloseHandle(l2_ndisuio_global->rx_thread); 501 CloseHandle(l2_ndisuio_global->stop_request); 502 CloseHandle(l2_ndisuio_global->ready_for_read); 503 CloseHandle(l2_ndisuio_global->rx_processed); 504#endif /* _WIN32_WCE */ 505 506 os_free(l2_ndisuio_global); 507 l2_ndisuio_global = NULL; 508 } 509 510#ifndef _WIN32_WCE 511 CancelIo(driver_ndis_get_ndisuio_handle()); 512#endif /* _WIN32_WCE */ 513 514 eloop_unregister_event(l2->rx_avail, sizeof(l2->rx_avail)); 515 CloseHandle(l2->rx_avail); 516 os_free(l2); 517} 518 519 520int l2_packet_get_ip_addr(struct l2_packet_data *l2, char *buf, size_t len) 521{ 522 return -1; 523} 524 525 526void l2_packet_notify_auth_start(struct l2_packet_data *l2) 527{ 528} 529 530 531int l2_packet_set_packet_filter(struct l2_packet_data *l2, 532 enum l2_packet_filter_type type) 533{ 534 return -1; 535} 536