1 /* 2 * hostapd / Driver interaction with Atheros driver 3 * Copyright (c) 2004, Sam Leffler <sam@errno.com> 4 * Copyright (c) 2004, Video54 Technologies 5 * Copyright (c) 2005-2007, Jouni Malinen <j@w1.fi> 6 * Copyright (c) 2009, Atheros Communications 7 * 8 * This software may be distributed under the terms of the BSD license. 9 * See README for more details. 10 */ 11 12 #include "includes.h" 13 #include <net/if.h> 14 #include <sys/ioctl.h> 15 16 #include "common.h" 17 #include "eloop.h" 18 #include "common/ieee802_11_defs.h" 19 #include "l2_packet/l2_packet.h" 20 #include "p2p/p2p.h" 21 22 #include "common.h" 23 #ifndef _BYTE_ORDER 24 #ifdef WORDS_BIGENDIAN 25 #define _BYTE_ORDER _BIG_ENDIAN 26 #else 27 #define _BYTE_ORDER _LITTLE_ENDIAN 28 #endif 29 #endif /* _BYTE_ORDER */ 30 31 /* 32 * Note, the ATH_WPS_IE setting must match with the driver build.. If the 33 * driver does not include this, the IEEE80211_IOCTL_GETWPAIE ioctl will fail. 34 */ 35 #define ATH_WPS_IE 36 37 #include "ieee80211_external.h" 38 39 40 #ifdef CONFIG_WPS 41 #include <netpacket/packet.h> 42 #endif /* CONFIG_WPS */ 43 44 #ifndef ETH_P_80211_RAW 45 #define ETH_P_80211_RAW 0x0019 46 #endif 47 48 #include "linux_wext.h" 49 50 #include "driver.h" 51 #include "eloop.h" 52 #include "priv_netlink.h" 53 #include "l2_packet/l2_packet.h" 54 #include "common/ieee802_11_defs.h" 55 #include "netlink.h" 56 #include "linux_ioctl.h" 57 58 59 struct atheros_driver_data { 60 struct hostapd_data *hapd; /* back pointer */ 61 62 char iface[IFNAMSIZ + 1]; 63 int ifindex; 64 struct l2_packet_data *sock_xmit; /* raw packet xmit socket */ 65 struct l2_packet_data *sock_recv; /* raw packet recv socket */ 66 int ioctl_sock; /* socket for ioctl() use */ 67 struct netlink_data *netlink; 68 int we_version; 69 u8 acct_mac[ETH_ALEN]; 70 struct hostap_sta_driver_data acct_data; 71 72 struct l2_packet_data *sock_raw; /* raw 802.11 management frames */ 73 struct wpabuf *wpa_ie; 74 struct wpabuf *wps_beacon_ie; 75 struct wpabuf *wps_probe_resp_ie; 76 u8 own_addr[ETH_ALEN]; 77 }; 78 79 static int atheros_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 80 int reason_code); 81 static int atheros_set_privacy(void *priv, int enabled); 82 83 static const char * athr_get_ioctl_name(int op) 84 { 85 switch (op) { 86 case IEEE80211_IOCTL_SETPARAM: 87 return "SETPARAM"; 88 case IEEE80211_IOCTL_GETPARAM: 89 return "GETPARAM"; 90 case IEEE80211_IOCTL_SETKEY: 91 return "SETKEY"; 92 case IEEE80211_IOCTL_SETWMMPARAMS: 93 return "SETWMMPARAMS"; 94 case IEEE80211_IOCTL_DELKEY: 95 return "DELKEY"; 96 case IEEE80211_IOCTL_GETWMMPARAMS: 97 return "GETWMMPARAMS"; 98 case IEEE80211_IOCTL_SETMLME: 99 return "SETMLME"; 100 case IEEE80211_IOCTL_GETCHANINFO: 101 return "GETCHANINFO"; 102 case IEEE80211_IOCTL_SETOPTIE: 103 return "SETOPTIE"; 104 case IEEE80211_IOCTL_GETOPTIE: 105 return "GETOPTIE"; 106 case IEEE80211_IOCTL_ADDMAC: 107 return "ADDMAC"; 108 case IEEE80211_IOCTL_DELMAC: 109 return "DELMAC"; 110 case IEEE80211_IOCTL_GETCHANLIST: 111 return "GETCHANLIST"; 112 case IEEE80211_IOCTL_SETCHANLIST: 113 return "SETCHANLIST"; 114 case IEEE80211_IOCTL_KICKMAC: 115 return "KICKMAC"; 116 case IEEE80211_IOCTL_CHANSWITCH: 117 return "CHANSWITCH"; 118 case IEEE80211_IOCTL_GETMODE: 119 return "GETMODE"; 120 case IEEE80211_IOCTL_SETMODE: 121 return "SETMODE"; 122 case IEEE80211_IOCTL_GET_APPIEBUF: 123 return "GET_APPIEBUF"; 124 case IEEE80211_IOCTL_SET_APPIEBUF: 125 return "SET_APPIEBUF"; 126 case IEEE80211_IOCTL_SET_ACPARAMS: 127 return "SET_ACPARAMS"; 128 case IEEE80211_IOCTL_FILTERFRAME: 129 return "FILTERFRAME"; 130 case IEEE80211_IOCTL_SET_RTPARAMS: 131 return "SET_RTPARAMS"; 132 case IEEE80211_IOCTL_SET_MEDENYENTRY: 133 return "SET_MEDENYENTRY"; 134 case IEEE80211_IOCTL_GET_MACADDR: 135 return "GET_MACADDR"; 136 case IEEE80211_IOCTL_SET_HBRPARAMS: 137 return "SET_HBRPARAMS"; 138 case IEEE80211_IOCTL_SET_RXTIMEOUT: 139 return "SET_RXTIMEOUT"; 140 case IEEE80211_IOCTL_STA_STATS: 141 return "STA_STATS"; 142 case IEEE80211_IOCTL_GETWPAIE: 143 return "GETWPAIE"; 144 default: 145 return "??"; 146 } 147 } 148 149 150 static const char * athr_get_param_name(int op) 151 { 152 switch (op) { 153 case IEEE80211_IOC_MCASTCIPHER: 154 return "MCASTCIPHER"; 155 case IEEE80211_PARAM_MCASTKEYLEN: 156 return "MCASTKEYLEN"; 157 case IEEE80211_PARAM_UCASTCIPHERS: 158 return "UCASTCIPHERS"; 159 case IEEE80211_PARAM_KEYMGTALGS: 160 return "KEYMGTALGS"; 161 case IEEE80211_PARAM_RSNCAPS: 162 return "RSNCAPS"; 163 case IEEE80211_PARAM_WPA: 164 return "WPA"; 165 case IEEE80211_PARAM_AUTHMODE: 166 return "AUTHMODE"; 167 case IEEE80211_PARAM_PRIVACY: 168 return "PRIVACY"; 169 case IEEE80211_PARAM_COUNTERMEASURES: 170 return "COUNTERMEASURES"; 171 default: 172 return "??"; 173 } 174 } 175 176 177 static int 178 set80211priv(struct atheros_driver_data *drv, int op, void *data, int len) 179 { 180 struct iwreq iwr; 181 int do_inline = len < IFNAMSIZ; 182 183 /* Certain ioctls must use the non-inlined method */ 184 if (op == IEEE80211_IOCTL_SET_APPIEBUF || 185 op == IEEE80211_IOCTL_FILTERFRAME) 186 do_inline = 0; 187 188 memset(&iwr, 0, sizeof(iwr)); 189 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ); 190 if (do_inline) { 191 /* 192 * Argument data fits inline; put it there. 193 */ 194 memcpy(iwr.u.name, data, len); 195 } else { 196 /* 197 * Argument data too big for inline transfer; setup a 198 * parameter block instead; the kernel will transfer 199 * the data for the driver. 200 */ 201 iwr.u.data.pointer = data; 202 iwr.u.data.length = len; 203 } 204 205 if (ioctl(drv->ioctl_sock, op, &iwr) < 0) { 206 wpa_printf(MSG_DEBUG, "atheros: %s: %s: ioctl op=0x%x " 207 "(%s) len=%d failed: %d (%s)", 208 __func__, drv->iface, op, 209 athr_get_ioctl_name(op), 210 len, errno, strerror(errno)); 211 return -1; 212 } 213 return 0; 214 } 215 216 static int 217 set80211param(struct atheros_driver_data *drv, int op, int arg) 218 { 219 struct iwreq iwr; 220 221 memset(&iwr, 0, sizeof(iwr)); 222 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ); 223 iwr.u.mode = op; 224 memcpy(iwr.u.name+sizeof(__u32), &arg, sizeof(arg)); 225 226 if (ioctl(drv->ioctl_sock, IEEE80211_IOCTL_SETPARAM, &iwr) < 0) { 227 perror("ioctl[IEEE80211_IOCTL_SETPARAM]"); 228 wpa_printf(MSG_DEBUG, "%s: %s: Failed to set parameter (op %d " 229 "(%s) arg %d)", __func__, drv->iface, op, 230 athr_get_param_name(op), arg); 231 return -1; 232 } 233 return 0; 234 } 235 236 #ifndef CONFIG_NO_STDOUT_DEBUG 237 static const char * 238 ether_sprintf(const u8 *addr) 239 { 240 static char buf[sizeof(MACSTR)]; 241 242 if (addr != NULL) 243 snprintf(buf, sizeof(buf), MACSTR, MAC2STR(addr)); 244 else 245 snprintf(buf, sizeof(buf), MACSTR, 0,0,0,0,0,0); 246 return buf; 247 } 248 #endif /* CONFIG_NO_STDOUT_DEBUG */ 249 250 /* 251 * Configure WPA parameters. 252 */ 253 static int 254 atheros_configure_wpa(struct atheros_driver_data *drv, 255 struct wpa_bss_params *params) 256 { 257 int v; 258 259 switch (params->wpa_group) { 260 case WPA_CIPHER_CCMP: 261 v = IEEE80211_CIPHER_AES_CCM; 262 break; 263 case WPA_CIPHER_TKIP: 264 v = IEEE80211_CIPHER_TKIP; 265 break; 266 case WPA_CIPHER_WEP104: 267 v = IEEE80211_CIPHER_WEP; 268 break; 269 case WPA_CIPHER_WEP40: 270 v = IEEE80211_CIPHER_WEP; 271 break; 272 case WPA_CIPHER_NONE: 273 v = IEEE80211_CIPHER_NONE; 274 break; 275 default: 276 wpa_printf(MSG_ERROR, "Unknown group key cipher %u", 277 params->wpa_group); 278 return -1; 279 } 280 wpa_printf(MSG_DEBUG, "%s: group key cipher=%d", __func__, v); 281 if (set80211param(drv, IEEE80211_PARAM_MCASTCIPHER, v)) { 282 printf("Unable to set group key cipher to %u\n", v); 283 return -1; 284 } 285 if (v == IEEE80211_CIPHER_WEP) { 286 /* key length is done only for specific ciphers */ 287 v = (params->wpa_group == WPA_CIPHER_WEP104 ? 13 : 5); 288 if (set80211param(drv, IEEE80211_PARAM_MCASTKEYLEN, v)) { 289 printf("Unable to set group key length to %u\n", v); 290 return -1; 291 } 292 } 293 294 v = 0; 295 if (params->wpa_pairwise & WPA_CIPHER_CCMP) 296 v |= 1<<IEEE80211_CIPHER_AES_CCM; 297 if (params->wpa_pairwise & WPA_CIPHER_TKIP) 298 v |= 1<<IEEE80211_CIPHER_TKIP; 299 if (params->wpa_pairwise & WPA_CIPHER_NONE) 300 v |= 1<<IEEE80211_CIPHER_NONE; 301 wpa_printf(MSG_DEBUG, "%s: pairwise key ciphers=0x%x", __func__, v); 302 if (set80211param(drv, IEEE80211_PARAM_UCASTCIPHERS, v)) { 303 printf("Unable to set pairwise key ciphers to 0x%x\n", v); 304 return -1; 305 } 306 307 wpa_printf(MSG_DEBUG, "%s: key management algorithms=0x%x", 308 __func__, params->wpa_key_mgmt); 309 if (set80211param(drv, IEEE80211_PARAM_KEYMGTALGS, 310 params->wpa_key_mgmt)) { 311 printf("Unable to set key management algorithms to 0x%x\n", 312 params->wpa_key_mgmt); 313 return -1; 314 } 315 316 v = 0; 317 if (params->rsn_preauth) 318 v |= BIT(0); 319 #ifdef CONFIG_IEEE80211W 320 if (params->ieee80211w != NO_MGMT_FRAME_PROTECTION) { 321 v |= BIT(7); 322 if (params->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) 323 v |= BIT(6); 324 } 325 #endif /* CONFIG_IEEE80211W */ 326 327 wpa_printf(MSG_DEBUG, "%s: rsn capabilities=0x%x", __func__, v); 328 if (set80211param(drv, IEEE80211_PARAM_RSNCAPS, v)) { 329 printf("Unable to set RSN capabilities to 0x%x\n", v); 330 return -1; 331 } 332 333 wpa_printf(MSG_DEBUG, "%s: enable WPA=0x%x", __func__, params->wpa); 334 if (set80211param(drv, IEEE80211_PARAM_WPA, params->wpa)) { 335 printf("Unable to set WPA to %u\n", params->wpa); 336 return -1; 337 } 338 return 0; 339 } 340 341 static int 342 atheros_set_ieee8021x(void *priv, struct wpa_bss_params *params) 343 { 344 struct atheros_driver_data *drv = priv; 345 346 wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, params->enabled); 347 348 if (!params->enabled) { 349 /* XXX restore state */ 350 if (set80211param(priv, IEEE80211_PARAM_AUTHMODE, 351 IEEE80211_AUTH_AUTO) < 0) 352 return -1; 353 /* IEEE80211_AUTH_AUTO ends up enabling Privacy; clear that */ 354 return atheros_set_privacy(drv, 0); 355 } 356 if (!params->wpa && !params->ieee802_1x) { 357 wpa_printf(MSG_WARNING, "No 802.1X or WPA enabled!"); 358 return -1; 359 } 360 if (params->wpa && atheros_configure_wpa(drv, params) != 0) { 361 wpa_printf(MSG_WARNING, "Error configuring WPA state!"); 362 return -1; 363 } 364 if (set80211param(priv, IEEE80211_PARAM_AUTHMODE, 365 (params->wpa ? IEEE80211_AUTH_WPA : IEEE80211_AUTH_8021X))) { 366 wpa_printf(MSG_WARNING, "Error enabling WPA/802.1X!"); 367 return -1; 368 } 369 370 return 0; 371 } 372 373 static int 374 atheros_set_privacy(void *priv, int enabled) 375 { 376 struct atheros_driver_data *drv = priv; 377 378 wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled); 379 380 return set80211param(drv, IEEE80211_PARAM_PRIVACY, enabled); 381 } 382 383 static int 384 atheros_set_sta_authorized(void *priv, const u8 *addr, int authorized) 385 { 386 struct atheros_driver_data *drv = priv; 387 struct ieee80211req_mlme mlme; 388 int ret; 389 390 wpa_printf(MSG_DEBUG, "%s: addr=%s authorized=%d", 391 __func__, ether_sprintf(addr), authorized); 392 393 if (authorized) 394 mlme.im_op = IEEE80211_MLME_AUTHORIZE; 395 else 396 mlme.im_op = IEEE80211_MLME_UNAUTHORIZE; 397 mlme.im_reason = 0; 398 memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN); 399 ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme)); 400 if (ret < 0) { 401 wpa_printf(MSG_DEBUG, "%s: Failed to %sauthorize STA " MACSTR, 402 __func__, authorized ? "" : "un", MAC2STR(addr)); 403 } 404 405 return ret; 406 } 407 408 static int 409 atheros_sta_set_flags(void *priv, const u8 *addr, 410 int total_flags, int flags_or, int flags_and) 411 { 412 /* For now, only support setting Authorized flag */ 413 if (flags_or & WPA_STA_AUTHORIZED) 414 return atheros_set_sta_authorized(priv, addr, 1); 415 if (!(flags_and & WPA_STA_AUTHORIZED)) 416 return atheros_set_sta_authorized(priv, addr, 0); 417 return 0; 418 } 419 420 static int 421 atheros_del_key(void *priv, const u8 *addr, int key_idx) 422 { 423 struct atheros_driver_data *drv = priv; 424 struct ieee80211req_del_key wk; 425 int ret; 426 427 wpa_printf(MSG_DEBUG, "%s: addr=%s key_idx=%d", 428 __func__, ether_sprintf(addr), key_idx); 429 430 memset(&wk, 0, sizeof(wk)); 431 if (addr != NULL) { 432 memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN); 433 wk.idk_keyix = (u8) IEEE80211_KEYIX_NONE; 434 } else { 435 wk.idk_keyix = key_idx; 436 } 437 438 ret = set80211priv(drv, IEEE80211_IOCTL_DELKEY, &wk, sizeof(wk)); 439 if (ret < 0) { 440 wpa_printf(MSG_DEBUG, "%s: Failed to delete key (addr %s" 441 " key_idx %d)", __func__, ether_sprintf(addr), 442 key_idx); 443 } 444 445 return ret; 446 } 447 448 static int 449 atheros_set_key(const char *ifname, void *priv, enum wpa_alg alg, 450 const u8 *addr, int key_idx, int set_tx, const u8 *seq, 451 size_t seq_len, const u8 *key, size_t key_len) 452 { 453 struct atheros_driver_data *drv = priv; 454 struct ieee80211req_key wk; 455 u_int8_t cipher; 456 int ret; 457 458 if (alg == WPA_ALG_NONE) 459 return atheros_del_key(drv, addr, key_idx); 460 461 wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%s key_idx=%d", 462 __func__, alg, ether_sprintf(addr), key_idx); 463 464 switch (alg) { 465 case WPA_ALG_WEP: 466 cipher = IEEE80211_CIPHER_WEP; 467 break; 468 case WPA_ALG_TKIP: 469 cipher = IEEE80211_CIPHER_TKIP; 470 break; 471 case WPA_ALG_CCMP: 472 cipher = IEEE80211_CIPHER_AES_CCM; 473 break; 474 #ifdef CONFIG_IEEE80211W 475 case WPA_ALG_IGTK: 476 cipher = IEEE80211_CIPHER_AES_CMAC; 477 break; 478 #endif /* CONFIG_IEEE80211W */ 479 default: 480 printf("%s: unknown/unsupported algorithm %d\n", 481 __func__, alg); 482 return -1; 483 } 484 485 if (key_len > sizeof(wk.ik_keydata)) { 486 printf("%s: key length %lu too big\n", __func__, 487 (unsigned long) key_len); 488 return -3; 489 } 490 491 memset(&wk, 0, sizeof(wk)); 492 wk.ik_type = cipher; 493 wk.ik_flags = IEEE80211_KEY_RECV | IEEE80211_KEY_XMIT; 494 if (addr == NULL || is_broadcast_ether_addr(addr)) { 495 memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN); 496 wk.ik_keyix = key_idx; 497 if (set_tx) 498 wk.ik_flags |= IEEE80211_KEY_DEFAULT; 499 } else { 500 memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN); 501 wk.ik_keyix = IEEE80211_KEYIX_NONE; 502 } 503 wk.ik_keylen = key_len; 504 memcpy(wk.ik_keydata, key, key_len); 505 506 ret = set80211priv(drv, IEEE80211_IOCTL_SETKEY, &wk, sizeof(wk)); 507 if (ret < 0) { 508 wpa_printf(MSG_DEBUG, "%s: Failed to set key (addr %s" 509 " key_idx %d alg %d key_len %lu set_tx %d)", 510 __func__, ether_sprintf(wk.ik_macaddr), key_idx, 511 alg, (unsigned long) key_len, set_tx); 512 } 513 514 return ret; 515 } 516 517 518 static int 519 atheros_get_seqnum(const char *ifname, void *priv, const u8 *addr, int idx, 520 u8 *seq) 521 { 522 struct atheros_driver_data *drv = priv; 523 struct ieee80211req_key wk; 524 525 wpa_printf(MSG_DEBUG, "%s: addr=%s idx=%d", 526 __func__, ether_sprintf(addr), idx); 527 528 memset(&wk, 0, sizeof(wk)); 529 if (addr == NULL) 530 memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN); 531 else 532 memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN); 533 wk.ik_keyix = idx; 534 535 if (set80211priv(drv, IEEE80211_IOCTL_GETKEY, &wk, sizeof(wk))) { 536 wpa_printf(MSG_DEBUG, "%s: Failed to get encryption data " 537 "(addr " MACSTR " key_idx %d)", 538 __func__, MAC2STR(wk.ik_macaddr), idx); 539 return -1; 540 } 541 542 #ifdef WORDS_BIGENDIAN 543 { 544 /* 545 * wk.ik_keytsc is in host byte order (big endian), need to 546 * swap it to match with the byte order used in WPA. 547 */ 548 int i; 549 #ifndef WPA_KEY_RSC_LEN 550 #define WPA_KEY_RSC_LEN 8 551 #endif 552 u8 tmp[WPA_KEY_RSC_LEN]; 553 memcpy(tmp, &wk.ik_keytsc, sizeof(wk.ik_keytsc)); 554 for (i = 0; i < WPA_KEY_RSC_LEN; i++) { 555 seq[i] = tmp[WPA_KEY_RSC_LEN - i - 1]; 556 } 557 } 558 #else /* WORDS_BIGENDIAN */ 559 memcpy(seq, &wk.ik_keytsc, sizeof(wk.ik_keytsc)); 560 #endif /* WORDS_BIGENDIAN */ 561 return 0; 562 } 563 564 565 static int 566 atheros_flush(void *priv) 567 { 568 u8 allsta[IEEE80211_ADDR_LEN]; 569 memset(allsta, 0xff, IEEE80211_ADDR_LEN); 570 return atheros_sta_deauth(priv, NULL, allsta, 571 IEEE80211_REASON_AUTH_LEAVE); 572 } 573 574 575 static int 576 atheros_read_sta_driver_data(void *priv, struct hostap_sta_driver_data *data, 577 const u8 *addr) 578 { 579 struct atheros_driver_data *drv = priv; 580 struct ieee80211req_sta_stats stats; 581 582 memset(data, 0, sizeof(*data)); 583 584 /* 585 * Fetch statistics for station from the system. 586 */ 587 memset(&stats, 0, sizeof(stats)); 588 memcpy(stats.is_u.macaddr, addr, IEEE80211_ADDR_LEN); 589 if (set80211priv(drv, IEEE80211_IOCTL_STA_STATS, 590 &stats, sizeof(stats))) { 591 wpa_printf(MSG_DEBUG, "%s: Failed to fetch STA stats (addr " 592 MACSTR ")", __func__, MAC2STR(addr)); 593 if (memcmp(addr, drv->acct_mac, ETH_ALEN) == 0) { 594 memcpy(data, &drv->acct_data, sizeof(*data)); 595 return 0; 596 } 597 598 printf("Failed to get station stats information element.\n"); 599 return -1; 600 } 601 602 data->rx_packets = stats.is_stats.ns_rx_data; 603 data->rx_bytes = stats.is_stats.ns_rx_bytes; 604 data->tx_packets = stats.is_stats.ns_tx_data; 605 data->tx_bytes = stats.is_stats.ns_tx_bytes; 606 return 0; 607 } 608 609 610 static int 611 atheros_sta_clear_stats(void *priv, const u8 *addr) 612 { 613 struct atheros_driver_data *drv = priv; 614 struct ieee80211req_mlme mlme; 615 int ret; 616 617 wpa_printf(MSG_DEBUG, "%s: addr=%s", __func__, ether_sprintf(addr)); 618 619 mlme.im_op = IEEE80211_MLME_CLEAR_STATS; 620 memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN); 621 ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, 622 sizeof(mlme)); 623 if (ret < 0) { 624 wpa_printf(MSG_DEBUG, "%s: Failed to clear STA stats (addr " 625 MACSTR ")", __func__, MAC2STR(addr)); 626 } 627 628 return ret; 629 } 630 631 632 static int 633 atheros_set_opt_ie(void *priv, const u8 *ie, size_t ie_len) 634 { 635 struct atheros_driver_data *drv = priv; 636 u8 buf[512]; 637 struct ieee80211req_getset_appiebuf *app_ie; 638 639 wpa_printf(MSG_DEBUG, "%s buflen = %lu", __func__, 640 (unsigned long) ie_len); 641 wpa_hexdump(MSG_DEBUG, "atheros: set_generic_elem", ie, ie_len); 642 643 wpabuf_free(drv->wpa_ie); 644 drv->wpa_ie = wpabuf_alloc_copy(ie, ie_len); 645 646 app_ie = (struct ieee80211req_getset_appiebuf *) buf; 647 os_memcpy(&(app_ie->app_buf[0]), ie, ie_len); 648 app_ie->app_buflen = ie_len; 649 650 app_ie->app_frmtype = IEEE80211_APPIE_FRAME_BEACON; 651 652 /* append WPS IE for Beacon */ 653 if (drv->wps_beacon_ie != NULL) { 654 os_memcpy(&(app_ie->app_buf[ie_len]), 655 wpabuf_head(drv->wps_beacon_ie), 656 wpabuf_len(drv->wps_beacon_ie)); 657 app_ie->app_buflen = ie_len + wpabuf_len(drv->wps_beacon_ie); 658 } 659 wpa_hexdump(MSG_DEBUG, "atheros: SET_APPIEBUF(Beacon)", 660 app_ie->app_buf, app_ie->app_buflen); 661 set80211priv(drv, IEEE80211_IOCTL_SET_APPIEBUF, app_ie, 662 sizeof(struct ieee80211req_getset_appiebuf) + 663 app_ie->app_buflen); 664 665 /* append WPS IE for Probe Response */ 666 app_ie->app_frmtype = IEEE80211_APPIE_FRAME_PROBE_RESP; 667 if (drv->wps_probe_resp_ie != NULL) { 668 os_memcpy(&(app_ie->app_buf[ie_len]), 669 wpabuf_head(drv->wps_probe_resp_ie), 670 wpabuf_len(drv->wps_probe_resp_ie)); 671 app_ie->app_buflen = ie_len + 672 wpabuf_len(drv->wps_probe_resp_ie); 673 } else 674 app_ie->app_buflen = ie_len; 675 wpa_hexdump(MSG_DEBUG, "atheros: SET_APPIEBUF(ProbeResp)", 676 app_ie->app_buf, app_ie->app_buflen); 677 set80211priv(drv, IEEE80211_IOCTL_SET_APPIEBUF, app_ie, 678 sizeof(struct ieee80211req_getset_appiebuf) + 679 app_ie->app_buflen); 680 return 0; 681 } 682 683 static int 684 atheros_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 685 int reason_code) 686 { 687 struct atheros_driver_data *drv = priv; 688 struct ieee80211req_mlme mlme; 689 int ret; 690 691 wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d", 692 __func__, ether_sprintf(addr), reason_code); 693 694 mlme.im_op = IEEE80211_MLME_DEAUTH; 695 mlme.im_reason = reason_code; 696 memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN); 697 ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme)); 698 if (ret < 0) { 699 wpa_printf(MSG_DEBUG, "%s: Failed to deauth STA (addr " MACSTR 700 " reason %d)", 701 __func__, MAC2STR(addr), reason_code); 702 } 703 704 return ret; 705 } 706 707 static int 708 atheros_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 709 int reason_code) 710 { 711 struct atheros_driver_data *drv = priv; 712 struct ieee80211req_mlme mlme; 713 int ret; 714 715 wpa_printf(MSG_DEBUG, "%s: addr=%s reason_code=%d", 716 __func__, ether_sprintf(addr), reason_code); 717 718 mlme.im_op = IEEE80211_MLME_DISASSOC; 719 mlme.im_reason = reason_code; 720 memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN); 721 ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme)); 722 if (ret < 0) { 723 wpa_printf(MSG_DEBUG, "%s: Failed to disassoc STA (addr " 724 MACSTR " reason %d)", 725 __func__, MAC2STR(addr), reason_code); 726 } 727 728 return ret; 729 } 730 731 #ifdef CONFIG_WPS 732 static void atheros_raw_recv_wps(void *ctx, const u8 *src_addr, const u8 *buf, 733 size_t len) 734 { 735 struct atheros_driver_data *drv = ctx; 736 const struct ieee80211_mgmt *mgmt; 737 u16 fc; 738 union wpa_event_data event; 739 740 /* Send Probe Request information to WPS processing */ 741 742 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req)) 743 return; 744 mgmt = (const struct ieee80211_mgmt *) buf; 745 746 fc = le_to_host16(mgmt->frame_control); 747 if (WLAN_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT || 748 WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_PROBE_REQ) 749 return; 750 751 os_memset(&event, 0, sizeof(event)); 752 event.rx_probe_req.sa = mgmt->sa; 753 event.rx_probe_req.da = mgmt->da; 754 event.rx_probe_req.bssid = mgmt->bssid; 755 event.rx_probe_req.ie = mgmt->u.probe_req.variable; 756 event.rx_probe_req.ie_len = 757 len - (IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req)); 758 wpa_supplicant_event(drv->hapd, EVENT_RX_PROBE_REQ, &event); 759 } 760 #endif /* CONFIG_WPS */ 761 762 #ifdef CONFIG_IEEE80211R 763 static void atheros_raw_recv_11r(void *ctx, const u8 *src_addr, const u8 *buf, 764 size_t len) 765 { 766 struct atheros_driver_data *drv = ctx; 767 union wpa_event_data event; 768 const struct ieee80211_mgmt *mgmt; 769 u16 fc; 770 u16 stype; 771 int ielen; 772 const u8 *iebuf; 773 774 /* Do 11R processing for ASSOC/AUTH/FT ACTION frames */ 775 if (len < IEEE80211_HDRLEN) 776 return; 777 mgmt = (const struct ieee80211_mgmt *) buf; 778 779 fc = le_to_host16(mgmt->frame_control); 780 781 if (WLAN_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT) 782 return; 783 stype = WLAN_FC_GET_STYPE(fc); 784 785 wpa_printf(MSG_DEBUG, "%s: subtype 0x%x len %d", __func__, stype, 786 (int) len); 787 788 if (os_memcmp(drv->own_addr, mgmt->bssid, ETH_ALEN) != 0) { 789 wpa_printf(MSG_DEBUG, "%s: BSSID does not match - ignore", 790 __func__); 791 return; 792 } 793 switch (stype) { 794 case WLAN_FC_STYPE_ASSOC_REQ: 795 if (len - IEEE80211_HDRLEN < sizeof(mgmt->u.assoc_req)) 796 break; 797 ielen = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req)); 798 iebuf = mgmt->u.assoc_req.variable; 799 drv_event_assoc(drv->hapd, mgmt->sa, iebuf, ielen, 0); 800 break; 801 case WLAN_FC_STYPE_REASSOC_REQ: 802 if (len - IEEE80211_HDRLEN < sizeof(mgmt->u.reassoc_req)) 803 break; 804 ielen = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req)); 805 iebuf = mgmt->u.reassoc_req.variable; 806 drv_event_assoc(drv->hapd, mgmt->sa, iebuf, ielen, 1); 807 break; 808 case WLAN_FC_STYPE_ACTION: 809 os_memset(&event, 0, sizeof(event)); 810 event.rx_mgmt.frame = buf; 811 event.rx_mgmt.frame_len = len; 812 wpa_supplicant_event(drv->hapd, EVENT_RX_MGMT, &event); 813 break; 814 case WLAN_FC_STYPE_AUTH: 815 if (len - IEEE80211_HDRLEN < sizeof(mgmt->u.auth)) 816 break; 817 os_memset(&event, 0, sizeof(event)); 818 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 819 os_memcpy(event.auth.bssid, mgmt->bssid, ETH_ALEN); 820 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 821 event.auth.status_code = 822 le_to_host16(mgmt->u.auth.status_code); 823 event.auth.auth_transaction = 824 le_to_host16(mgmt->u.auth.auth_transaction); 825 event.auth.ies = mgmt->u.auth.variable; 826 event.auth.ies_len = len - IEEE80211_HDRLEN - 827 sizeof(mgmt->u.auth); 828 wpa_supplicant_event(drv->hapd, EVENT_AUTH, &event); 829 break; 830 default: 831 break; 832 } 833 } 834 #endif /* CONFIG_IEEE80211R */ 835 836 #ifdef CONFIG_HS20 837 static void atheros_raw_recv_hs20(void *ctx, const u8 *src_addr, const u8 *buf, 838 size_t len) 839 { 840 struct atheros_driver_data *drv = ctx; 841 const struct ieee80211_mgmt *mgmt; 842 u16 fc; 843 union wpa_event_data event; 844 845 /* Send the Action frame for HS20 processing */ 846 847 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.action.category) + 848 sizeof(mgmt->u.action.u.public_action)) 849 return; 850 851 mgmt = (const struct ieee80211_mgmt *) buf; 852 853 fc = le_to_host16(mgmt->frame_control); 854 if (WLAN_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT || 855 WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_ACTION || 856 mgmt->u.action.category != WLAN_ACTION_PUBLIC) 857 return; 858 859 wpa_printf(MSG_DEBUG, "%s:Received Public Action frame", __func__); 860 861 os_memset(&event, 0, sizeof(event)); 862 event.rx_mgmt.frame = (const u8 *) mgmt; 863 event.rx_mgmt.frame_len = len; 864 wpa_supplicant_event(drv->hapd, EVENT_RX_MGMT, &event); 865 } 866 867 #endif /* CONFIG_HS20 */ 868 869 870 static int atheros_set_qos_map(void *ctx, const u8 *qos_map_set, 871 u8 qos_map_set_len) 872 { 873 #ifdef CONFIG_ATHEROS_QOS_MAP 874 struct atheros_driver_data *drv = ctx; 875 struct ieee80211req_athdbg req; 876 struct ieee80211_qos_map *qos_map = &req.data.qos_map; 877 struct iwreq iwr; 878 int i, up_start; 879 880 if (qos_map_set_len < 16 || qos_map_set_len > 58 || 881 qos_map_set_len & 1) { 882 wpa_printf(MSG_ERROR, "Invalid QoS Map"); 883 return -1; 884 } else { 885 memset(&req, 0, sizeof(struct ieee80211req_athdbg)); 886 req.cmd = IEEE80211_DBGREQ_SETQOSMAPCONF; 887 os_memset(&iwr, 0, sizeof(iwr)); 888 os_strlcpy(iwr.ifr_name, drv->iface, sizeof(iwr.ifr_name)); 889 iwr.u.data.pointer = (void *) &req; 890 iwr.u.data.length = sizeof(struct ieee80211req_athdbg); 891 } 892 893 qos_map->valid = 1; 894 qos_map->num_dscp_except = (qos_map_set_len - 16) / 2; 895 if (qos_map->num_dscp_except) { 896 for (i = 0; i < qos_map->num_dscp_except; i++) { 897 qos_map->dscp_exception[i].dscp = qos_map_set[i * 2]; 898 qos_map->dscp_exception[i].up = qos_map_set[i * 2 + 1]; 899 } 900 } 901 902 up_start = qos_map_set_len - 16; 903 for (i = 0; i < IEEE80211_MAX_QOS_UP_RANGE; i++) { 904 qos_map->up[i].low = qos_map_set[up_start + (i * 2)]; 905 qos_map->up[i].high = qos_map_set[up_start + (i * 2) + 1]; 906 } 907 908 if (ioctl(drv->ioctl_sock, IEEE80211_IOCTL_DBGREQ, &iwr) < 0) { 909 perror("ioctl[IEEE80211_IOCTL_DBGREQ]"); 910 wpa_printf(MSG_DEBUG, "%s: %s: Failed to set QoS Map", 911 __func__, drv->iface); 912 return -1; 913 } 914 #endif /* CONFIG_ATHEROS_QOS_MAP */ 915 916 return 0; 917 } 918 919 #if defined(CONFIG_WNM) && !defined(CONFIG_IEEE80211R) 920 static void atheros_raw_recv_11v(void *ctx, const u8 *src_addr, const u8 *buf, 921 size_t len) 922 { 923 struct atheros_driver_data *drv = ctx; 924 union wpa_event_data event; 925 const struct ieee80211_mgmt *mgmt; 926 u16 fc; 927 u16 stype; 928 929 /* Do 11R processing for WNM ACTION frames */ 930 if (len < IEEE80211_HDRLEN) 931 return; 932 mgmt = (const struct ieee80211_mgmt *) buf; 933 934 fc = le_to_host16(mgmt->frame_control); 935 936 if (WLAN_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT) 937 return; 938 stype = WLAN_FC_GET_STYPE(fc); 939 940 wpa_printf(MSG_DEBUG, "%s: subtype 0x%x len %d", __func__, stype, 941 (int) len); 942 943 if (os_memcmp(drv->own_addr, mgmt->bssid, ETH_ALEN) != 0) { 944 wpa_printf(MSG_DEBUG, "%s: BSSID does not match - ignore", 945 __func__); 946 return; 947 } 948 949 switch (stype) { 950 case WLAN_FC_STYPE_ACTION: 951 os_memset(&event, 0, sizeof(event)); 952 event.rx_mgmt.frame = buf; 953 event.rx_mgmt.frame_len = len; 954 wpa_supplicant_event(drv->hapd, EVENT_RX_MGMT, &event); 955 break; 956 default: 957 break; 958 } 959 } 960 #endif /* CONFIG_WNM */ 961 962 #if defined(CONFIG_WPS) || defined(CONFIG_IEEE80211R) || defined(CONFIG_WNM) 963 static void atheros_raw_receive(void *ctx, const u8 *src_addr, const u8 *buf, 964 size_t len) 965 { 966 #ifdef CONFIG_WPS 967 atheros_raw_recv_wps(ctx, src_addr, buf, len); 968 #endif /* CONFIG_WPS */ 969 #ifdef CONFIG_IEEE80211R 970 atheros_raw_recv_11r(ctx, src_addr, buf, len); 971 #endif /* CONFIG_IEEE80211R */ 972 #if defined(CONFIG_WNM) && !defined(CONFIG_IEEE80211R) 973 atheros_raw_recv_11v(ctx, src_addr, buf, len); 974 #endif /* CONFIG_WNM */ 975 #ifdef CONFIG_HS20 976 atheros_raw_recv_hs20(ctx, src_addr, buf, len); 977 #endif /* CONFIG_HS20 */ 978 } 979 #endif /* CONFIG_WPS || CONFIG_IEEE80211R */ 980 981 static int atheros_receive_pkt(struct atheros_driver_data *drv) 982 { 983 int ret = 0; 984 struct ieee80211req_set_filter filt; 985 986 wpa_printf(MSG_DEBUG, "%s Enter", __func__); 987 filt.app_filterype = 0; 988 #ifdef CONFIG_WPS 989 filt.app_filterype |= IEEE80211_FILTER_TYPE_PROBE_REQ; 990 #endif /* CONFIG_WPS */ 991 #ifdef CONFIG_IEEE80211R 992 filt.app_filterype |= (IEEE80211_FILTER_TYPE_ASSOC_REQ | 993 IEEE80211_FILTER_TYPE_AUTH | 994 IEEE80211_FILTER_TYPE_ACTION); 995 #endif 996 #ifdef CONFIG_WNM 997 filt.app_filterype |= IEEE80211_FILTER_TYPE_ACTION; 998 #endif /* CONFIG_WNM */ 999 #ifdef CONFIG_HS20 1000 filt.app_filterype |= IEEE80211_FILTER_TYPE_ACTION; 1001 #endif /* CONFIG_HS20 */ 1002 if (filt.app_filterype) { 1003 ret = set80211priv(drv, IEEE80211_IOCTL_FILTERFRAME, &filt, 1004 sizeof(struct ieee80211req_set_filter)); 1005 if (ret) 1006 return ret; 1007 } 1008 1009 #if defined(CONFIG_WPS) || defined(CONFIG_IEEE80211R) 1010 drv->sock_raw = l2_packet_init(drv->iface, NULL, ETH_P_80211_RAW, 1011 atheros_raw_receive, drv, 1); 1012 if (drv->sock_raw == NULL) 1013 return -1; 1014 #endif /* CONFIG_WPS || CONFIG_IEEE80211R */ 1015 return ret; 1016 } 1017 1018 static int atheros_reset_appfilter(struct atheros_driver_data *drv) 1019 { 1020 struct ieee80211req_set_filter filt; 1021 filt.app_filterype = 0; 1022 return set80211priv(drv, IEEE80211_IOCTL_FILTERFRAME, &filt, 1023 sizeof(struct ieee80211req_set_filter)); 1024 } 1025 1026 #ifdef CONFIG_WPS 1027 static int 1028 atheros_set_wps_ie(void *priv, const u8 *ie, size_t len, u32 frametype) 1029 { 1030 struct atheros_driver_data *drv = priv; 1031 u8 buf[512]; 1032 struct ieee80211req_getset_appiebuf *beac_ie; 1033 1034 wpa_printf(MSG_DEBUG, "%s buflen = %lu frametype=%u", __func__, 1035 (unsigned long) len, frametype); 1036 wpa_hexdump(MSG_DEBUG, "atheros: IE", ie, len); 1037 1038 beac_ie = (struct ieee80211req_getset_appiebuf *) buf; 1039 beac_ie->app_frmtype = frametype; 1040 beac_ie->app_buflen = len; 1041 os_memcpy(&(beac_ie->app_buf[0]), ie, len); 1042 1043 /* append the WPA/RSN IE if it is set already */ 1044 if (((frametype == IEEE80211_APPIE_FRAME_BEACON) || 1045 (frametype == IEEE80211_APPIE_FRAME_PROBE_RESP)) && 1046 (drv->wpa_ie != NULL)) { 1047 wpa_hexdump_buf(MSG_DEBUG, "atheros: Append WPA/RSN IE", 1048 drv->wpa_ie); 1049 os_memcpy(&(beac_ie->app_buf[len]), wpabuf_head(drv->wpa_ie), 1050 wpabuf_len(drv->wpa_ie)); 1051 beac_ie->app_buflen += wpabuf_len(drv->wpa_ie); 1052 } 1053 1054 wpa_hexdump(MSG_DEBUG, "atheros: SET_APPIEBUF", 1055 beac_ie->app_buf, beac_ie->app_buflen); 1056 return set80211priv(drv, IEEE80211_IOCTL_SET_APPIEBUF, beac_ie, 1057 sizeof(struct ieee80211req_getset_appiebuf) + 1058 beac_ie->app_buflen); 1059 } 1060 1061 static int 1062 atheros_set_ap_wps_ie(void *priv, const struct wpabuf *beacon, 1063 const struct wpabuf *proberesp, 1064 const struct wpabuf *assocresp) 1065 { 1066 struct atheros_driver_data *drv = priv; 1067 1068 wpa_hexdump_buf(MSG_DEBUG, "atheros: set_ap_wps_ie - beacon", beacon); 1069 wpa_hexdump_buf(MSG_DEBUG, "atheros: set_ap_wps_ie - proberesp", 1070 proberesp); 1071 wpa_hexdump_buf(MSG_DEBUG, "atheros: set_ap_wps_ie - assocresp", 1072 assocresp); 1073 wpabuf_free(drv->wps_beacon_ie); 1074 drv->wps_beacon_ie = beacon ? wpabuf_dup(beacon) : NULL; 1075 wpabuf_free(drv->wps_probe_resp_ie); 1076 drv->wps_probe_resp_ie = proberesp ? wpabuf_dup(proberesp) : NULL; 1077 1078 atheros_set_wps_ie(priv, assocresp ? wpabuf_head(assocresp) : NULL, 1079 assocresp ? wpabuf_len(assocresp) : 0, 1080 IEEE80211_APPIE_FRAME_ASSOC_RESP); 1081 if (atheros_set_wps_ie(priv, beacon ? wpabuf_head(beacon) : NULL, 1082 beacon ? wpabuf_len(beacon) : 0, 1083 IEEE80211_APPIE_FRAME_BEACON)) 1084 return -1; 1085 return atheros_set_wps_ie(priv, 1086 proberesp ? wpabuf_head(proberesp) : NULL, 1087 proberesp ? wpabuf_len(proberesp): 0, 1088 IEEE80211_APPIE_FRAME_PROBE_RESP); 1089 } 1090 #else /* CONFIG_WPS */ 1091 #define atheros_set_ap_wps_ie NULL 1092 #endif /* CONFIG_WPS */ 1093 1094 #ifdef CONFIG_IEEE80211R 1095 static int 1096 atheros_sta_auth(void *priv, const u8 *own_addr, const u8 *addr, u16 seq, 1097 u16 status_code, const u8 *ie, size_t len) 1098 { 1099 struct atheros_driver_data *drv = priv; 1100 struct ieee80211req_mlme mlme; 1101 int ret; 1102 1103 wpa_printf(MSG_DEBUG, "%s: addr=%s status_code=%d", 1104 __func__, ether_sprintf(addr), status_code); 1105 1106 mlme.im_op = IEEE80211_MLME_AUTH; 1107 mlme.im_reason = status_code; 1108 mlme.im_seq = seq; 1109 os_memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN); 1110 mlme.im_optie_len = len; 1111 if (len) { 1112 if (len < IEEE80211_MAX_OPT_IE) { 1113 os_memcpy(mlme.im_optie, ie, len); 1114 } else { 1115 wpa_printf(MSG_DEBUG, "%s: Not enough space to copy " 1116 "opt_ie STA (addr " MACSTR " reason %d, " 1117 "ie_len %d)", 1118 __func__, MAC2STR(addr), status_code, 1119 (int) len); 1120 return -1; 1121 } 1122 } 1123 ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme)); 1124 if (ret < 0) { 1125 wpa_printf(MSG_DEBUG, "%s: Failed to auth STA (addr " MACSTR 1126 " reason %d)", 1127 __func__, MAC2STR(addr), status_code); 1128 } 1129 return ret; 1130 } 1131 1132 static int 1133 atheros_sta_assoc(void *priv, const u8 *own_addr, const u8 *addr, 1134 int reassoc, u16 status_code, const u8 *ie, size_t len) 1135 { 1136 struct atheros_driver_data *drv = priv; 1137 struct ieee80211req_mlme mlme; 1138 int ret; 1139 1140 wpa_printf(MSG_DEBUG, "%s: addr=%s status_code=%d reassoc %d", 1141 __func__, ether_sprintf(addr), status_code, reassoc); 1142 1143 if (reassoc) 1144 mlme.im_op = IEEE80211_MLME_REASSOC; 1145 else 1146 mlme.im_op = IEEE80211_MLME_ASSOC; 1147 mlme.im_reason = status_code; 1148 os_memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN); 1149 mlme.im_optie_len = len; 1150 if (len) { 1151 if (len < IEEE80211_MAX_OPT_IE) { 1152 os_memcpy(mlme.im_optie, ie, len); 1153 } else { 1154 wpa_printf(MSG_DEBUG, "%s: Not enough space to copy " 1155 "opt_ie STA (addr " MACSTR " reason %d, " 1156 "ie_len %d)", 1157 __func__, MAC2STR(addr), status_code, 1158 (int) len); 1159 return -1; 1160 } 1161 } 1162 ret = set80211priv(drv, IEEE80211_IOCTL_SETMLME, &mlme, sizeof(mlme)); 1163 if (ret < 0) { 1164 wpa_printf(MSG_DEBUG, "%s: Failed to assoc STA (addr " MACSTR 1165 " reason %d)", 1166 __func__, MAC2STR(addr), status_code); 1167 } 1168 return ret; 1169 } 1170 #endif /* CONFIG_IEEE80211R */ 1171 1172 static void 1173 atheros_new_sta(struct atheros_driver_data *drv, u8 addr[IEEE80211_ADDR_LEN]) 1174 { 1175 struct hostapd_data *hapd = drv->hapd; 1176 struct ieee80211req_wpaie ie; 1177 int ielen = 0; 1178 u8 *iebuf = NULL; 1179 1180 /* 1181 * Fetch negotiated WPA/RSN parameters from the system. 1182 */ 1183 memset(&ie, 0, sizeof(ie)); 1184 memcpy(ie.wpa_macaddr, addr, IEEE80211_ADDR_LEN); 1185 if (set80211priv(drv, IEEE80211_IOCTL_GETWPAIE, &ie, sizeof(ie))) { 1186 /* 1187 * See ATH_WPS_IE comment in the beginning of the file for a 1188 * possible cause for the failure.. 1189 */ 1190 wpa_printf(MSG_DEBUG, "%s: Failed to get WPA/RSN IE: %s", 1191 __func__, strerror(errno)); 1192 goto no_ie; 1193 } 1194 wpa_hexdump(MSG_MSGDUMP, "atheros req WPA IE", 1195 ie.wpa_ie, IEEE80211_MAX_OPT_IE); 1196 wpa_hexdump(MSG_MSGDUMP, "atheros req RSN IE", 1197 ie.rsn_ie, IEEE80211_MAX_OPT_IE); 1198 #ifdef ATH_WPS_IE 1199 wpa_hexdump(MSG_MSGDUMP, "atheros req WPS IE", 1200 ie.wps_ie, IEEE80211_MAX_OPT_IE); 1201 #endif /* ATH_WPS_IE */ 1202 iebuf = ie.wpa_ie; 1203 /* atheros seems to return some random data if WPA/RSN IE is not set. 1204 * Assume the IE was not included if the IE type is unknown. */ 1205 if (iebuf[0] != WLAN_EID_VENDOR_SPECIFIC) 1206 iebuf[1] = 0; 1207 if (iebuf[1] == 0 && ie.rsn_ie[1] > 0) { 1208 /* atheros-ng svn #1453 added rsn_ie. Use it, if wpa_ie was not 1209 * set. This is needed for WPA2. */ 1210 iebuf = ie.rsn_ie; 1211 if (iebuf[0] != WLAN_EID_RSN) 1212 iebuf[1] = 0; 1213 } 1214 1215 ielen = iebuf[1]; 1216 1217 #ifdef ATH_WPS_IE 1218 /* if WPS IE is present, preference is given to WPS */ 1219 if (ie.wps_ie && 1220 (ie.wps_ie[1] > 0 && (ie.wps_ie[0] == WLAN_EID_VENDOR_SPECIFIC))) { 1221 iebuf = ie.wps_ie; 1222 ielen = ie.wps_ie[1]; 1223 } 1224 #endif /* ATH_WPS_IE */ 1225 1226 if (ielen == 0) 1227 iebuf = NULL; 1228 else 1229 ielen += 2; 1230 1231 no_ie: 1232 drv_event_assoc(hapd, addr, iebuf, ielen, 0); 1233 1234 if (memcmp(addr, drv->acct_mac, ETH_ALEN) == 0) { 1235 /* Cached accounting data is not valid anymore. */ 1236 memset(drv->acct_mac, 0, ETH_ALEN); 1237 memset(&drv->acct_data, 0, sizeof(drv->acct_data)); 1238 } 1239 } 1240 1241 static void 1242 atheros_wireless_event_wireless_custom(struct atheros_driver_data *drv, 1243 char *custom, char *end) 1244 { 1245 wpa_printf(MSG_DEBUG, "Custom wireless event: '%s'", custom); 1246 1247 if (strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) { 1248 char *pos; 1249 u8 addr[ETH_ALEN]; 1250 pos = strstr(custom, "addr="); 1251 if (pos == NULL) { 1252 wpa_printf(MSG_DEBUG, 1253 "MLME-MICHAELMICFAILURE.indication " 1254 "without sender address ignored"); 1255 return; 1256 } 1257 pos += 5; 1258 if (hwaddr_aton(pos, addr) == 0) { 1259 union wpa_event_data data; 1260 os_memset(&data, 0, sizeof(data)); 1261 data.michael_mic_failure.unicast = 1; 1262 data.michael_mic_failure.src = addr; 1263 wpa_supplicant_event(drv->hapd, 1264 EVENT_MICHAEL_MIC_FAILURE, &data); 1265 } else { 1266 wpa_printf(MSG_DEBUG, 1267 "MLME-MICHAELMICFAILURE.indication " 1268 "with invalid MAC address"); 1269 } 1270 } else if (strncmp(custom, "STA-TRAFFIC-STAT", 16) == 0) { 1271 char *key, *value; 1272 u32 val; 1273 key = custom; 1274 while ((key = strchr(key, '\n')) != NULL) { 1275 key++; 1276 value = strchr(key, '='); 1277 if (value == NULL) 1278 continue; 1279 *value++ = '\0'; 1280 val = strtoul(value, NULL, 10); 1281 if (strcmp(key, "mac") == 0) 1282 hwaddr_aton(value, drv->acct_mac); 1283 else if (strcmp(key, "rx_packets") == 0) 1284 drv->acct_data.rx_packets = val; 1285 else if (strcmp(key, "tx_packets") == 0) 1286 drv->acct_data.tx_packets = val; 1287 else if (strcmp(key, "rx_bytes") == 0) 1288 drv->acct_data.rx_bytes = val; 1289 else if (strcmp(key, "tx_bytes") == 0) 1290 drv->acct_data.tx_bytes = val; 1291 key = value; 1292 } 1293 #ifdef CONFIG_WPS 1294 } else if (strncmp(custom, "PUSH-BUTTON.indication", 22) == 0) { 1295 /* Some atheros kernels send push button as a wireless event */ 1296 /* PROBLEM! this event is received for ALL BSSs ... 1297 * so all are enabled for WPS... ugh. 1298 */ 1299 wpa_supplicant_event(drv->hapd, EVENT_WPS_BUTTON_PUSHED, NULL); 1300 #endif /* CONFIG_WPS */ 1301 #if defined(CONFIG_WPS) || defined(CONFIG_IEEE80211R) || defined(CONFIG_HS20) 1302 #define MGMT_FRAM_TAG_SIZE 30 /* hardcoded in driver */ 1303 } else if (strncmp(custom, "Manage.prob_req ", 16) == 0) { 1304 /* 1305 * Atheros driver uses a hack to pass Probe Request frames as a 1306 * binary data in the custom wireless event. The old way (using 1307 * packet sniffing) didn't work when bridging. 1308 * Format: "Manage.prob_req <frame len>" | zero padding | frame 1309 */ 1310 int len = atoi(custom + 16); 1311 if (len < 0 || custom + MGMT_FRAM_TAG_SIZE + len > end) { 1312 wpa_printf(MSG_DEBUG, "Invalid Manage.prob_req event " 1313 "length %d", len); 1314 return; 1315 } 1316 atheros_raw_receive(drv, NULL, 1317 (u8 *) custom + MGMT_FRAM_TAG_SIZE, len); 1318 } else if (strncmp(custom, "Manage.assoc_req ", 17) == 0) { 1319 /* Format: "Manage.assoc_req <frame len>" | zero padding | 1320 * frame */ 1321 int len = atoi(custom + 17); 1322 if (len < 0 || custom + MGMT_FRAM_TAG_SIZE + len > end) { 1323 wpa_printf(MSG_DEBUG, "Invalid Manage.prob_req/" 1324 "assoc_req/auth event length %d", len); 1325 return; 1326 } 1327 atheros_raw_receive(drv, NULL, 1328 (u8 *) custom + MGMT_FRAM_TAG_SIZE, len); 1329 } else if (strncmp(custom, "Manage.action ", 14) == 0) { 1330 /* Format: "Manage.assoc_req <frame len>" | zero padding | 1331 * frame */ 1332 int len = atoi(custom + 14); 1333 if (len < 0 || custom + MGMT_FRAM_TAG_SIZE + len > end) { 1334 wpa_printf(MSG_DEBUG, "Invalid Manage.prob_req/" 1335 "assoc_req/auth event length %d", len); 1336 return; 1337 } 1338 atheros_raw_receive(drv, NULL, 1339 (u8 *) custom + MGMT_FRAM_TAG_SIZE, len); 1340 } else if (strncmp(custom, "Manage.auth ", 12) == 0) { 1341 /* Format: "Manage.auth <frame len>" | zero padding | frame 1342 */ 1343 int len = atoi(custom + 12); 1344 if (len < 0 || custom + MGMT_FRAM_TAG_SIZE + len > end) { 1345 wpa_printf(MSG_DEBUG, "Invalid Manage.prob_req/" 1346 "assoc_req/auth event length %d", len); 1347 return; 1348 } 1349 atheros_raw_receive(drv, NULL, 1350 (u8 *) custom + MGMT_FRAM_TAG_SIZE, len); 1351 #endif /* CONFIG_WPS or CONFIG_IEEE80211R */ 1352 } 1353 } 1354 1355 /* 1356 * Handle size of data problem. WEXT only allows data of 256 bytes for custom 1357 * events, and p2p data can be much bigger. So the athr driver sends a small 1358 * event telling me to collect the big data with an ioctl. 1359 * On the first event, send all pending events to supplicant. 1360 */ 1361 static void fetch_pending_big_events(struct atheros_driver_data *drv) 1362 { 1363 union wpa_event_data event; 1364 const struct ieee80211_mgmt *mgmt; 1365 u8 tbuf[IW_PRIV_SIZE_MASK]; /* max size is 2047 bytes */ 1366 u16 fc, stype; 1367 struct iwreq iwr; 1368 size_t data_len; 1369 u32 freq, frame_type; 1370 1371 while (1) { 1372 os_memset(&iwr, 0, sizeof(iwr)); 1373 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ); 1374 1375 iwr.u.data.pointer = (void *) tbuf; 1376 iwr.u.data.length = sizeof(tbuf); 1377 iwr.u.data.flags = IEEE80211_IOC_P2P_FETCH_FRAME; 1378 1379 if (ioctl(drv->ioctl_sock, IEEE80211_IOCTL_P2P_BIG_PARAM, &iwr) 1380 < 0) { 1381 if (errno == ENOSPC) { 1382 wpa_printf(MSG_DEBUG, "%s:%d exit", 1383 __func__, __LINE__); 1384 return; 1385 } 1386 wpa_printf(MSG_DEBUG, "athr: %s: P2P_BIG_PARAM[" 1387 "P2P_FETCH_FRAME] failed: %s", 1388 __func__, strerror(errno)); 1389 return; 1390 } 1391 data_len = iwr.u.data.length; 1392 wpa_hexdump(MSG_DEBUG, "athr: P2P_FETCH_FRAME data", 1393 (u8 *) tbuf, data_len); 1394 if (data_len < sizeof(freq) + sizeof(frame_type) + 24) { 1395 wpa_printf(MSG_DEBUG, "athr: frame too short"); 1396 continue; 1397 } 1398 os_memcpy(&freq, tbuf, sizeof(freq)); 1399 os_memcpy(&frame_type, &tbuf[sizeof(freq)], 1400 sizeof(frame_type)); 1401 mgmt = (void *) &tbuf[sizeof(freq) + sizeof(frame_type)]; 1402 data_len -= sizeof(freq) + sizeof(frame_type); 1403 1404 if (frame_type == IEEE80211_EV_RX_MGMT) { 1405 fc = le_to_host16(mgmt->frame_control); 1406 stype = WLAN_FC_GET_STYPE(fc); 1407 1408 wpa_printf(MSG_DEBUG, "athr: EV_RX_MGMT stype=%u " 1409 "freq=%u len=%u", stype, freq, (int) data_len); 1410 1411 if (stype == WLAN_FC_STYPE_ACTION) { 1412 os_memset(&event, 0, sizeof(event)); 1413 event.rx_mgmt.frame = (const u8 *) mgmt; 1414 event.rx_mgmt.frame_len = data_len; 1415 wpa_supplicant_event(drv->hapd, EVENT_RX_MGMT, 1416 &event); 1417 continue; 1418 } 1419 } else { 1420 wpa_printf(MSG_DEBUG, "athr: %s unknown type %d", 1421 __func__, frame_type); 1422 continue; 1423 } 1424 } 1425 } 1426 1427 static void 1428 atheros_wireless_event_atheros_custom(struct atheros_driver_data *drv, 1429 int opcode, char *buf, int len) 1430 { 1431 switch (opcode) { 1432 case IEEE80211_EV_RX_MGMT: 1433 wpa_printf(MSG_DEBUG, "WEXT: EV_RX_MGMT"); 1434 fetch_pending_big_events(drv); 1435 break; 1436 default: 1437 break; 1438 } 1439 } 1440 1441 static void 1442 atheros_wireless_event_wireless(struct atheros_driver_data *drv, 1443 char *data, int len) 1444 { 1445 struct iw_event iwe_buf, *iwe = &iwe_buf; 1446 char *pos, *end, *custom, *buf; 1447 1448 pos = data; 1449 end = data + len; 1450 1451 while (pos + IW_EV_LCP_LEN <= end) { 1452 /* Event data may be unaligned, so make a local, aligned copy 1453 * before processing. */ 1454 memcpy(&iwe_buf, pos, IW_EV_LCP_LEN); 1455 wpa_printf(MSG_MSGDUMP, "Wireless event: cmd=0x%x len=%d", 1456 iwe->cmd, iwe->len); 1457 if (iwe->len <= IW_EV_LCP_LEN) 1458 return; 1459 1460 custom = pos + IW_EV_POINT_LEN; 1461 if (drv->we_version > 18 && 1462 (iwe->cmd == IWEVMICHAELMICFAILURE || 1463 iwe->cmd == IWEVASSOCREQIE || 1464 iwe->cmd == IWEVCUSTOM)) { 1465 /* WE-19 removed the pointer from struct iw_point */ 1466 char *dpos = (char *) &iwe_buf.u.data.length; 1467 int dlen = dpos - (char *) &iwe_buf; 1468 memcpy(dpos, pos + IW_EV_LCP_LEN, 1469 sizeof(struct iw_event) - dlen); 1470 } else { 1471 memcpy(&iwe_buf, pos, sizeof(struct iw_event)); 1472 custom += IW_EV_POINT_OFF; 1473 } 1474 1475 switch (iwe->cmd) { 1476 case IWEVEXPIRED: 1477 drv_event_disassoc(drv->hapd, 1478 (u8 *) iwe->u.addr.sa_data); 1479 break; 1480 case IWEVREGISTERED: 1481 atheros_new_sta(drv, (u8 *) iwe->u.addr.sa_data); 1482 break; 1483 case IWEVASSOCREQIE: 1484 /* Driver hack.. Use IWEVASSOCREQIE to bypass 1485 * IWEVCUSTOM size limitations. Need to handle this 1486 * just like IWEVCUSTOM. 1487 */ 1488 case IWEVCUSTOM: 1489 if (custom + iwe->u.data.length > end) 1490 return; 1491 buf = malloc(iwe->u.data.length + 1); 1492 if (buf == NULL) 1493 return; /* XXX */ 1494 memcpy(buf, custom, iwe->u.data.length); 1495 buf[iwe->u.data.length] = '\0'; 1496 1497 if (iwe->u.data.flags != 0) { 1498 atheros_wireless_event_atheros_custom( 1499 drv, (int) iwe->u.data.flags, 1500 buf, len); 1501 } else { 1502 atheros_wireless_event_wireless_custom( 1503 drv, buf, buf + iwe->u.data.length); 1504 } 1505 free(buf); 1506 break; 1507 } 1508 1509 pos += iwe->len; 1510 } 1511 } 1512 1513 1514 static void 1515 atheros_wireless_event_rtm_newlink(void *ctx, 1516 struct ifinfomsg *ifi, u8 *buf, size_t len) 1517 { 1518 struct atheros_driver_data *drv = ctx; 1519 int attrlen, rta_len; 1520 struct rtattr *attr; 1521 1522 if (ifi->ifi_index != drv->ifindex) 1523 return; 1524 1525 attrlen = len; 1526 attr = (struct rtattr *) buf; 1527 1528 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 1529 while (RTA_OK(attr, attrlen)) { 1530 if (attr->rta_type == IFLA_WIRELESS) { 1531 atheros_wireless_event_wireless( 1532 drv, ((char *) attr) + rta_len, 1533 attr->rta_len - rta_len); 1534 } 1535 attr = RTA_NEXT(attr, attrlen); 1536 } 1537 } 1538 1539 1540 static int 1541 atheros_get_we_version(struct atheros_driver_data *drv) 1542 { 1543 struct iw_range *range; 1544 struct iwreq iwr; 1545 int minlen; 1546 size_t buflen; 1547 1548 drv->we_version = 0; 1549 1550 /* 1551 * Use larger buffer than struct iw_range in order to allow the 1552 * structure to grow in the future. 1553 */ 1554 buflen = sizeof(struct iw_range) + 500; 1555 range = os_zalloc(buflen); 1556 if (range == NULL) 1557 return -1; 1558 1559 memset(&iwr, 0, sizeof(iwr)); 1560 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ); 1561 iwr.u.data.pointer = (caddr_t) range; 1562 iwr.u.data.length = buflen; 1563 1564 minlen = ((char *) &range->enc_capa) - (char *) range + 1565 sizeof(range->enc_capa); 1566 1567 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) { 1568 perror("ioctl[SIOCGIWRANGE]"); 1569 free(range); 1570 return -1; 1571 } else if (iwr.u.data.length >= minlen && 1572 range->we_version_compiled >= 18) { 1573 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d " 1574 "WE(source)=%d enc_capa=0x%x", 1575 range->we_version_compiled, 1576 range->we_version_source, 1577 range->enc_capa); 1578 drv->we_version = range->we_version_compiled; 1579 } 1580 1581 os_free(range); 1582 return 0; 1583 } 1584 1585 1586 static int 1587 atheros_wireless_event_init(struct atheros_driver_data *drv) 1588 { 1589 struct netlink_config *cfg; 1590 1591 atheros_get_we_version(drv); 1592 1593 cfg = os_zalloc(sizeof(*cfg)); 1594 if (cfg == NULL) 1595 return -1; 1596 cfg->ctx = drv; 1597 cfg->newlink_cb = atheros_wireless_event_rtm_newlink; 1598 drv->netlink = netlink_init(cfg); 1599 if (drv->netlink == NULL) { 1600 os_free(cfg); 1601 return -1; 1602 } 1603 1604 return 0; 1605 } 1606 1607 1608 static int 1609 atheros_send_eapol(void *priv, const u8 *addr, const u8 *data, size_t data_len, 1610 int encrypt, const u8 *own_addr, u32 flags) 1611 { 1612 struct atheros_driver_data *drv = priv; 1613 unsigned char buf[3000]; 1614 unsigned char *bp = buf; 1615 struct l2_ethhdr *eth; 1616 size_t len; 1617 int status; 1618 1619 /* 1620 * Prepend the Ethernet header. If the caller left us 1621 * space at the front we could just insert it but since 1622 * we don't know we copy to a local buffer. Given the frequency 1623 * and size of frames this probably doesn't matter. 1624 */ 1625 len = data_len + sizeof(struct l2_ethhdr); 1626 if (len > sizeof(buf)) { 1627 bp = malloc(len); 1628 if (bp == NULL) { 1629 printf("EAPOL frame discarded, cannot malloc temp " 1630 "buffer of size %lu!\n", (unsigned long) len); 1631 return -1; 1632 } 1633 } 1634 eth = (struct l2_ethhdr *) bp; 1635 memcpy(eth->h_dest, addr, ETH_ALEN); 1636 memcpy(eth->h_source, own_addr, ETH_ALEN); 1637 eth->h_proto = host_to_be16(ETH_P_EAPOL); 1638 memcpy(eth+1, data, data_len); 1639 1640 wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", bp, len); 1641 1642 status = l2_packet_send(drv->sock_xmit, addr, ETH_P_EAPOL, bp, len); 1643 1644 if (bp != buf) 1645 free(bp); 1646 return status; 1647 } 1648 1649 static void 1650 handle_read(void *ctx, const u8 *src_addr, const u8 *buf, size_t len) 1651 { 1652 struct atheros_driver_data *drv = ctx; 1653 drv_event_eapol_rx(drv->hapd, src_addr, buf + sizeof(struct l2_ethhdr), 1654 len - sizeof(struct l2_ethhdr)); 1655 } 1656 1657 static void * 1658 atheros_init(struct hostapd_data *hapd, struct wpa_init_params *params) 1659 { 1660 struct atheros_driver_data *drv; 1661 struct ifreq ifr; 1662 struct iwreq iwr; 1663 char brname[IFNAMSIZ]; 1664 1665 drv = os_zalloc(sizeof(struct atheros_driver_data)); 1666 if (drv == NULL) { 1667 printf("Could not allocate memory for atheros driver data\n"); 1668 return NULL; 1669 } 1670 1671 drv->hapd = hapd; 1672 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 1673 if (drv->ioctl_sock < 0) { 1674 perror("socket[PF_INET,SOCK_DGRAM]"); 1675 goto bad; 1676 } 1677 memcpy(drv->iface, params->ifname, sizeof(drv->iface)); 1678 1679 memset(&ifr, 0, sizeof(ifr)); 1680 os_strlcpy(ifr.ifr_name, drv->iface, sizeof(ifr.ifr_name)); 1681 if (ioctl(drv->ioctl_sock, SIOCGIFINDEX, &ifr) != 0) { 1682 perror("ioctl(SIOCGIFINDEX)"); 1683 goto bad; 1684 } 1685 drv->ifindex = ifr.ifr_ifindex; 1686 1687 drv->sock_xmit = l2_packet_init(drv->iface, NULL, ETH_P_EAPOL, 1688 handle_read, drv, 1); 1689 if (drv->sock_xmit == NULL) 1690 goto bad; 1691 if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr)) 1692 goto bad; 1693 os_memcpy(drv->own_addr, params->own_addr, ETH_ALEN); 1694 if (params->bridge[0]) { 1695 wpa_printf(MSG_DEBUG, "Configure bridge %s for EAPOL traffic.", 1696 params->bridge[0]); 1697 drv->sock_recv = l2_packet_init(params->bridge[0], NULL, 1698 ETH_P_EAPOL, handle_read, drv, 1699 1); 1700 if (drv->sock_recv == NULL) 1701 goto bad; 1702 } else if (linux_br_get(brname, drv->iface) == 0) { 1703 wpa_printf(MSG_DEBUG, "Interface in bridge %s; configure for " 1704 "EAPOL receive", brname); 1705 drv->sock_recv = l2_packet_init(brname, NULL, ETH_P_EAPOL, 1706 handle_read, drv, 1); 1707 if (drv->sock_recv == NULL) 1708 goto bad; 1709 } else 1710 drv->sock_recv = drv->sock_xmit; 1711 1712 memset(&iwr, 0, sizeof(iwr)); 1713 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ); 1714 1715 iwr.u.mode = IW_MODE_MASTER; 1716 1717 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0) { 1718 perror("ioctl[SIOCSIWMODE]"); 1719 printf("Could not set interface to master mode!\n"); 1720 goto bad; 1721 } 1722 1723 /* mark down during setup */ 1724 linux_set_iface_flags(drv->ioctl_sock, drv->iface, 0); 1725 atheros_set_privacy(drv, 0); /* default to no privacy */ 1726 1727 if (atheros_receive_pkt(drv)) 1728 goto bad; 1729 1730 if (atheros_wireless_event_init(drv)) 1731 goto bad; 1732 1733 return drv; 1734 bad: 1735 atheros_reset_appfilter(drv); 1736 if (drv->sock_raw) 1737 l2_packet_deinit(drv->sock_raw); 1738 if (drv->sock_recv != NULL && drv->sock_recv != drv->sock_xmit) 1739 l2_packet_deinit(drv->sock_recv); 1740 if (drv->sock_xmit != NULL) 1741 l2_packet_deinit(drv->sock_xmit); 1742 if (drv->ioctl_sock >= 0) 1743 close(drv->ioctl_sock); 1744 if (drv != NULL) 1745 free(drv); 1746 return NULL; 1747 } 1748 1749 1750 static void 1751 atheros_deinit(void *priv) 1752 { 1753 struct atheros_driver_data *drv = priv; 1754 1755 atheros_reset_appfilter(drv); 1756 netlink_deinit(drv->netlink); 1757 (void) linux_set_iface_flags(drv->ioctl_sock, drv->iface, 0); 1758 if (drv->ioctl_sock >= 0) 1759 close(drv->ioctl_sock); 1760 if (drv->sock_recv != NULL && drv->sock_recv != drv->sock_xmit) 1761 l2_packet_deinit(drv->sock_recv); 1762 if (drv->sock_xmit != NULL) 1763 l2_packet_deinit(drv->sock_xmit); 1764 if (drv->sock_raw) 1765 l2_packet_deinit(drv->sock_raw); 1766 wpabuf_free(drv->wpa_ie); 1767 wpabuf_free(drv->wps_beacon_ie); 1768 wpabuf_free(drv->wps_probe_resp_ie); 1769 free(drv); 1770 } 1771 1772 static int 1773 atheros_set_ssid(void *priv, const u8 *buf, int len) 1774 { 1775 struct atheros_driver_data *drv = priv; 1776 struct iwreq iwr; 1777 1778 memset(&iwr, 0, sizeof(iwr)); 1779 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ); 1780 iwr.u.essid.flags = 1; /* SSID active */ 1781 iwr.u.essid.pointer = (caddr_t) buf; 1782 iwr.u.essid.length = len + 1; 1783 1784 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) { 1785 perror("ioctl[SIOCSIWESSID]"); 1786 printf("len=%d\n", len); 1787 return -1; 1788 } 1789 return 0; 1790 } 1791 1792 static int 1793 atheros_get_ssid(void *priv, u8 *buf, int len) 1794 { 1795 struct atheros_driver_data *drv = priv; 1796 struct iwreq iwr; 1797 int ret = 0; 1798 1799 memset(&iwr, 0, sizeof(iwr)); 1800 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ); 1801 iwr.u.essid.pointer = (caddr_t) buf; 1802 iwr.u.essid.length = (len > IW_ESSID_MAX_SIZE) ? 1803 IW_ESSID_MAX_SIZE : len; 1804 1805 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) { 1806 perror("ioctl[SIOCGIWESSID]"); 1807 ret = -1; 1808 } else 1809 ret = iwr.u.essid.length; 1810 1811 return ret; 1812 } 1813 1814 static int 1815 atheros_set_countermeasures(void *priv, int enabled) 1816 { 1817 struct atheros_driver_data *drv = priv; 1818 wpa_printf(MSG_DEBUG, "%s: enabled=%d", __FUNCTION__, enabled); 1819 return set80211param(drv, IEEE80211_PARAM_COUNTERMEASURES, enabled); 1820 } 1821 1822 static int 1823 atheros_commit(void *priv) 1824 { 1825 struct atheros_driver_data *drv = priv; 1826 return linux_set_iface_flags(drv->ioctl_sock, drv->iface, 1); 1827 } 1828 1829 static int atheros_set_authmode(void *priv, int auth_algs) 1830 { 1831 int authmode; 1832 1833 if ((auth_algs & WPA_AUTH_ALG_OPEN) && 1834 (auth_algs & WPA_AUTH_ALG_SHARED)) 1835 authmode = IEEE80211_AUTH_AUTO; 1836 else if (auth_algs & WPA_AUTH_ALG_OPEN) 1837 authmode = IEEE80211_AUTH_OPEN; 1838 else if (auth_algs & WPA_AUTH_ALG_SHARED) 1839 authmode = IEEE80211_AUTH_SHARED; 1840 else 1841 return -1; 1842 1843 return set80211param(priv, IEEE80211_PARAM_AUTHMODE, authmode); 1844 } 1845 1846 static int atheros_set_ap(void *priv, struct wpa_driver_ap_params *params) 1847 { 1848 /* 1849 * TODO: Use this to replace set_authmode, set_privacy, set_ieee8021x, 1850 * set_generic_elem, and hapd_set_ssid. 1851 */ 1852 1853 wpa_printf(MSG_DEBUG, "atheros: set_ap - pairwise_ciphers=0x%x " 1854 "group_cipher=0x%x key_mgmt_suites=0x%x auth_algs=0x%x " 1855 "wpa_version=0x%x privacy=%d interworking=%d", 1856 params->pairwise_ciphers, params->group_cipher, 1857 params->key_mgmt_suites, params->auth_algs, 1858 params->wpa_version, params->privacy, params->interworking); 1859 wpa_hexdump_ascii(MSG_DEBUG, "atheros: SSID", 1860 params->ssid, params->ssid_len); 1861 if (params->hessid) 1862 wpa_printf(MSG_DEBUG, "atheros: HESSID " MACSTR, 1863 MAC2STR(params->hessid)); 1864 wpa_hexdump_buf(MSG_DEBUG, "atheros: beacon_ies", 1865 params->beacon_ies); 1866 wpa_hexdump_buf(MSG_DEBUG, "atheros: proberesp_ies", 1867 params->proberesp_ies); 1868 wpa_hexdump_buf(MSG_DEBUG, "atheros: assocresp_ies", 1869 params->assocresp_ies); 1870 1871 return 0; 1872 } 1873 1874 1875 #ifdef CONFIG_IEEE80211R 1876 1877 static int atheros_send_mgmt(void *priv, const u8 *frm, size_t data_len, 1878 int noack) 1879 { 1880 struct atheros_driver_data *drv = priv; 1881 u8 buf[1510]; 1882 const struct ieee80211_mgmt *mgmt; 1883 struct ieee80211req_mgmtbuf *mgmt_frm; 1884 1885 mgmt = (const struct ieee80211_mgmt *) frm; 1886 wpa_printf(MSG_DEBUG, "%s frmlen = %lu " MACSTR, __func__, 1887 (unsigned long) data_len, MAC2STR(mgmt->da)); 1888 mgmt_frm = (struct ieee80211req_mgmtbuf *) buf; 1889 memcpy(mgmt_frm->macaddr, (u8 *)mgmt->da, IEEE80211_ADDR_LEN); 1890 mgmt_frm->buflen = data_len; 1891 if (&mgmt_frm->buf[0] + data_len > buf + sizeof(buf)) { 1892 wpa_printf(MSG_INFO, "atheros: Too long frame for " 1893 "atheros_send_mgmt (%u)", (unsigned int) data_len); 1894 return -1; 1895 } 1896 os_memcpy(&mgmt_frm->buf[0], frm, data_len); 1897 return set80211priv(drv, IEEE80211_IOCTL_SEND_MGMT, mgmt_frm, 1898 sizeof(struct ieee80211req_mgmtbuf) + data_len); 1899 } 1900 1901 1902 static int atheros_add_tspec(void *priv, const u8 *addr, u8 *tspec_ie, 1903 size_t tspec_ielen) 1904 { 1905 struct atheros_driver_data *drv = priv; 1906 int retv; 1907 struct ieee80211req_res req; 1908 struct ieee80211req_res_addts *addts = &req.u.addts; 1909 1910 wpa_printf(MSG_DEBUG, "%s", __func__); 1911 req.type = IEEE80211_RESREQ_ADDTS; 1912 os_memcpy(&req.macaddr[0], addr, IEEE80211_ADDR_LEN); 1913 os_memcpy(addts->tspecie, tspec_ie, tspec_ielen); 1914 retv = set80211priv(drv, IEEE80211_IOCTL_RES_REQ, &req, 1915 sizeof(struct ieee80211req_res)); 1916 if (retv < 0) { 1917 wpa_printf(MSG_DEBUG, "%s IEEE80211_IOCTL_RES_REQ FAILED " 1918 "retv = %d", __func__, retv); 1919 return -1; 1920 } 1921 os_memcpy(tspec_ie, addts->tspecie, tspec_ielen); 1922 return addts->status; 1923 } 1924 1925 1926 static int atheros_add_sta_node(void *priv, const u8 *addr, u16 auth_alg) 1927 { 1928 struct atheros_driver_data *drv = priv; 1929 struct ieee80211req_res req; 1930 struct ieee80211req_res_addnode *addnode = &req.u.addnode; 1931 1932 wpa_printf(MSG_DEBUG, "%s", __func__); 1933 req.type = IEEE80211_RESREQ_ADDNODE; 1934 os_memcpy(&req.macaddr[0], addr, IEEE80211_ADDR_LEN); 1935 addnode->auth_alg = auth_alg; 1936 return set80211priv(drv, IEEE80211_IOCTL_RES_REQ, &req, 1937 sizeof(struct ieee80211req_res)); 1938 } 1939 1940 #endif /* CONFIG_IEEE80211R */ 1941 1942 1943 /* Use only to set a big param, get will not work. */ 1944 static int 1945 set80211big(struct atheros_driver_data *drv, int op, const void *data, int len) 1946 { 1947 struct iwreq iwr; 1948 1949 os_memset(&iwr, 0, sizeof(iwr)); 1950 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ); 1951 1952 iwr.u.data.pointer = (void *) data; 1953 iwr.u.data.length = len; 1954 iwr.u.data.flags = op; 1955 wpa_printf(MSG_DEBUG, "%s: op=0x%x=%d (%s) len=0x%x", 1956 __func__, op, op, athr_get_param_name(op), len); 1957 1958 if (ioctl(drv->ioctl_sock, IEEE80211_IOCTL_P2P_BIG_PARAM, &iwr) < 0) { 1959 wpa_printf(MSG_DEBUG, "%s: op=0x%x (%s) subop=0x%x=%d " 1960 "value=0x%x,0x%x failed: %d (%s)", 1961 __func__, op, athr_get_ioctl_name(op), iwr.u.mode, 1962 iwr.u.mode, iwr.u.data.length, 1963 iwr.u.data.flags, errno, strerror(errno)); 1964 return -1; 1965 } 1966 return 0; 1967 } 1968 1969 1970 static int atheros_send_action(void *priv, unsigned int freq, 1971 unsigned int wait, 1972 const u8 *dst, const u8 *src, 1973 const u8 *bssid, 1974 const u8 *data, size_t data_len, int no_cck) 1975 { 1976 struct atheros_driver_data *drv = priv; 1977 struct ieee80211_p2p_send_action *act; 1978 int res; 1979 1980 act = os_zalloc(sizeof(*act) + data_len); 1981 if (act == NULL) 1982 return -1; 1983 act->freq = freq; 1984 os_memcpy(act->dst_addr, dst, ETH_ALEN); 1985 os_memcpy(act->src_addr, src, ETH_ALEN); 1986 os_memcpy(act->bssid, bssid, ETH_ALEN); 1987 os_memcpy(act + 1, data, data_len); 1988 wpa_printf(MSG_DEBUG, "%s: freq=%d, wait=%u, dst=" MACSTR ", src=" 1989 MACSTR ", bssid=" MACSTR, 1990 __func__, act->freq, wait, MAC2STR(act->dst_addr), 1991 MAC2STR(act->src_addr), MAC2STR(act->bssid)); 1992 wpa_hexdump(MSG_MSGDUMP, "athr: act", (u8 *) act, sizeof(*act)); 1993 wpa_hexdump(MSG_MSGDUMP, "athr: data", data, data_len); 1994 1995 res = set80211big(drv, IEEE80211_IOC_P2P_SEND_ACTION, 1996 act, sizeof(*act) + data_len); 1997 os_free(act); 1998 return res; 1999 } 2000 2001 2002 #if defined(CONFIG_WNM) && defined(IEEE80211_APPIE_FRAME_WNM) 2003 static int athr_wnm_tfs(struct atheros_driver_data *drv, const u8* peer, 2004 u8 *ie, u16 *len, enum wnm_oper oper) 2005 { 2006 #define IEEE80211_APPIE_MAX 1024 /* max appie buffer size */ 2007 u8 buf[IEEE80211_APPIE_MAX]; 2008 struct ieee80211req_getset_appiebuf *tfs_ie; 2009 u16 val; 2010 2011 wpa_printf(MSG_DEBUG, "atheros: ifname=%s, WNM TFS IE oper=%d " MACSTR, 2012 drv->iface, oper, MAC2STR(peer)); 2013 2014 switch (oper) { 2015 case WNM_SLEEP_TFS_REQ_IE_SET: 2016 if (*len > IEEE80211_APPIE_MAX - 2017 sizeof(struct ieee80211req_getset_appiebuf)) { 2018 wpa_printf(MSG_DEBUG, "TFS Req IE(s) too large"); 2019 return -1; 2020 } 2021 tfs_ie = (struct ieee80211req_getset_appiebuf *) buf; 2022 tfs_ie->app_frmtype = IEEE80211_APPIE_FRAME_WNM; 2023 tfs_ie->app_buflen = ETH_ALEN + 2 + 2 + *len; 2024 2025 /* Command header for driver */ 2026 os_memcpy(&(tfs_ie->app_buf[0]), peer, ETH_ALEN); 2027 val = oper; 2028 os_memcpy(&(tfs_ie->app_buf[0]) + ETH_ALEN, &val, 2); 2029 val = *len; 2030 os_memcpy(&(tfs_ie->app_buf[0]) + ETH_ALEN + 2, &val, 2); 2031 2032 /* copy the ie */ 2033 os_memcpy(&(tfs_ie->app_buf[0]) + ETH_ALEN + 2 + 2, ie, *len); 2034 2035 if (set80211priv(drv, IEEE80211_IOCTL_SET_APPIEBUF, tfs_ie, 2036 IEEE80211_APPIE_MAX)) { 2037 wpa_printf(MSG_DEBUG, "%s: Failed to set WNM TFS IE: " 2038 "%s", __func__, strerror(errno)); 2039 return -1; 2040 } 2041 break; 2042 case WNM_SLEEP_TFS_RESP_IE_ADD: 2043 tfs_ie = (struct ieee80211req_getset_appiebuf *) buf; 2044 tfs_ie->app_frmtype = IEEE80211_APPIE_FRAME_WNM; 2045 tfs_ie->app_buflen = IEEE80211_APPIE_MAX - 2046 sizeof(struct ieee80211req_getset_appiebuf); 2047 /* Command header for driver */ 2048 os_memcpy(&(tfs_ie->app_buf[0]), peer, ETH_ALEN); 2049 val = oper; 2050 os_memcpy(&(tfs_ie->app_buf[0]) + ETH_ALEN, &val, 2); 2051 val = 0; 2052 os_memcpy(&(tfs_ie->app_buf[0]) + ETH_ALEN + 2, &val, 2); 2053 2054 if (set80211priv(drv, IEEE80211_IOCTL_GET_APPIEBUF, tfs_ie, 2055 IEEE80211_APPIE_MAX)) { 2056 wpa_printf(MSG_DEBUG, "%s: Failed to get WNM TFS IE: " 2057 "%s", __func__, strerror(errno)); 2058 return -1; 2059 } 2060 2061 *len = tfs_ie->app_buflen; 2062 os_memcpy(ie, &(tfs_ie->app_buf[0]), *len); 2063 wpa_printf(MSG_DEBUG, "atheros: %c len=%d", tfs_ie->app_buf[0], 2064 *len); 2065 break; 2066 case WNM_SLEEP_TFS_RESP_IE_NONE: 2067 *len = 0; 2068 break; 2069 case WNM_SLEEP_TFS_IE_DEL: 2070 tfs_ie = (struct ieee80211req_getset_appiebuf *) buf; 2071 tfs_ie->app_frmtype = IEEE80211_APPIE_FRAME_WNM; 2072 tfs_ie->app_buflen = IEEE80211_APPIE_MAX - 2073 sizeof(struct ieee80211req_getset_appiebuf); 2074 /* Command header for driver */ 2075 os_memcpy(&(tfs_ie->app_buf[0]), peer, ETH_ALEN); 2076 val = oper; 2077 os_memcpy(&(tfs_ie->app_buf[0]) + ETH_ALEN, &val, 2); 2078 val = 0; 2079 os_memcpy(&(tfs_ie->app_buf[0]) + ETH_ALEN + 2, &val, 2); 2080 2081 if (set80211priv(drv, IEEE80211_IOCTL_SET_APPIEBUF, tfs_ie, 2082 IEEE80211_APPIE_MAX)) { 2083 wpa_printf(MSG_DEBUG, "%s: Failed to set WNM TFS IE: " 2084 "%s", __func__, strerror(errno)); 2085 return -1; 2086 } 2087 break; 2088 default: 2089 wpa_printf(MSG_DEBUG, "Unsupported TFS oper %d", oper); 2090 break; 2091 } 2092 2093 return 0; 2094 } 2095 2096 2097 static int atheros_wnm_sleep(struct atheros_driver_data *drv, 2098 const u8 *peer, enum wnm_oper oper) 2099 { 2100 u8 *data, *pos; 2101 size_t dlen; 2102 int ret; 2103 u16 val; 2104 2105 wpa_printf(MSG_DEBUG, "atheros: WNM-Sleep Oper %d, " MACSTR, 2106 oper, MAC2STR(peer)); 2107 2108 dlen = ETH_ALEN + 2 + 2; 2109 data = os_malloc(dlen); 2110 if (data == NULL) 2111 return -1; 2112 2113 /* Command header for driver */ 2114 pos = data; 2115 os_memcpy(pos, peer, ETH_ALEN); 2116 pos += ETH_ALEN; 2117 2118 val = oper; 2119 os_memcpy(pos, &val, 2); 2120 pos += 2; 2121 2122 val = 0; 2123 os_memcpy(pos, &val, 2); 2124 2125 ret = atheros_set_wps_ie(drv, data, dlen, IEEE80211_APPIE_FRAME_WNM); 2126 2127 os_free(data); 2128 2129 return ret; 2130 } 2131 2132 2133 static int atheros_wnm_oper(void *priv, enum wnm_oper oper, const u8 *peer, 2134 u8 *buf, u16 *buf_len) 2135 { 2136 struct atheros_driver_data *drv = priv; 2137 2138 switch (oper) { 2139 case WNM_SLEEP_ENTER_CONFIRM: 2140 case WNM_SLEEP_ENTER_FAIL: 2141 case WNM_SLEEP_EXIT_CONFIRM: 2142 case WNM_SLEEP_EXIT_FAIL: 2143 return atheros_wnm_sleep(drv, peer, oper); 2144 case WNM_SLEEP_TFS_REQ_IE_SET: 2145 case WNM_SLEEP_TFS_RESP_IE_ADD: 2146 case WNM_SLEEP_TFS_RESP_IE_NONE: 2147 case WNM_SLEEP_TFS_IE_DEL: 2148 return athr_wnm_tfs(drv, peer, buf, buf_len, oper); 2149 default: 2150 wpa_printf(MSG_DEBUG, "atheros: Unsupported WNM operation %d", 2151 oper); 2152 return -1; 2153 } 2154 } 2155 #endif /* CONFIG_WNM && IEEE80211_APPIE_FRAME_WNM */ 2156 2157 2158 const struct wpa_driver_ops wpa_driver_atheros_ops = { 2159 .name = "atheros", 2160 .hapd_init = atheros_init, 2161 .hapd_deinit = atheros_deinit, 2162 .set_ieee8021x = atheros_set_ieee8021x, 2163 .set_privacy = atheros_set_privacy, 2164 .set_key = atheros_set_key, 2165 .get_seqnum = atheros_get_seqnum, 2166 .flush = atheros_flush, 2167 .set_generic_elem = atheros_set_opt_ie, 2168 .sta_set_flags = atheros_sta_set_flags, 2169 .read_sta_data = atheros_read_sta_driver_data, 2170 .hapd_send_eapol = atheros_send_eapol, 2171 .sta_disassoc = atheros_sta_disassoc, 2172 .sta_deauth = atheros_sta_deauth, 2173 .hapd_set_ssid = atheros_set_ssid, 2174 .hapd_get_ssid = atheros_get_ssid, 2175 .set_countermeasures = atheros_set_countermeasures, 2176 .sta_clear_stats = atheros_sta_clear_stats, 2177 .commit = atheros_commit, 2178 .set_ap_wps_ie = atheros_set_ap_wps_ie, 2179 .set_authmode = atheros_set_authmode, 2180 .set_ap = atheros_set_ap, 2181 #ifdef CONFIG_IEEE80211R 2182 .sta_assoc = atheros_sta_assoc, 2183 .sta_auth = atheros_sta_auth, 2184 .send_mlme = atheros_send_mgmt, 2185 .add_tspec = atheros_add_tspec, 2186 .add_sta_node = atheros_add_sta_node, 2187 #endif /* CONFIG_IEEE80211R */ 2188 .send_action = atheros_send_action, 2189 #if defined(CONFIG_WNM) && defined(IEEE80211_APPIE_FRAME_WNM) 2190 .wnm_oper = atheros_wnm_oper, 2191 #endif /* CONFIG_WNM && IEEE80211_APPIE_FRAME_WNM */ 2192 .set_qos_map = atheros_set_qos_map, 2193 }; 2194