1 /* 2 * WPA Supplicant - driver interaction with generic Linux Wireless Extensions 3 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 * 14 * This file implements a driver interface for the Linux Wireless Extensions. 15 * When used with WE-18 or newer, this interface can be used as-is with number 16 * of drivers. In addition to this, some of the common functions in this file 17 * can be used by other driver interface implementations that use generic WE 18 * ioctls, but require private ioctls for some of the functionality. 19 */ 20 21 #include "includes.h" 22 #include <sys/ioctl.h> 23 #include <net/if_arp.h> 24 25 #include "wireless_copy.h" 26 #include "common.h" 27 #include "driver.h" 28 #include "eloop.h" 29 #include "priv_netlink.h" 30 #include "driver_wext.h" 31 #include "ieee802_11_defs.h" 32 #include "wpa_common.h" 33 34 35 static int wpa_driver_wext_flush_pmkid(void *priv); 36 static int wpa_driver_wext_get_range(void *priv); 37 static void wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv); 38 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv); 39 40 41 static int wpa_driver_wext_send_oper_ifla(struct wpa_driver_wext_data *drv, 42 int linkmode, int operstate) 43 { 44 struct { 45 struct nlmsghdr hdr; 46 struct ifinfomsg ifinfo; 47 char opts[16]; 48 } req; 49 struct rtattr *rta; 50 static int nl_seq; 51 ssize_t ret; 52 53 os_memset(&req, 0, sizeof(req)); 54 55 req.hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)); 56 req.hdr.nlmsg_type = RTM_SETLINK; 57 req.hdr.nlmsg_flags = NLM_F_REQUEST; 58 req.hdr.nlmsg_seq = ++nl_seq; 59 req.hdr.nlmsg_pid = 0; 60 61 req.ifinfo.ifi_family = AF_UNSPEC; 62 req.ifinfo.ifi_type = 0; 63 req.ifinfo.ifi_index = drv->ifindex; 64 req.ifinfo.ifi_flags = 0; 65 req.ifinfo.ifi_change = 0; 66 67 if (linkmode != -1) { 68 rta = aliasing_hide_typecast( 69 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len)), 70 struct rtattr); 71 rta->rta_type = IFLA_LINKMODE; 72 rta->rta_len = RTA_LENGTH(sizeof(char)); 73 *((char *) RTA_DATA(rta)) = linkmode; 74 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) + 75 RTA_LENGTH(sizeof(char)); 76 } 77 if (operstate != -1) { 78 rta = (struct rtattr *) 79 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len)); 80 rta->rta_type = IFLA_OPERSTATE; 81 rta->rta_len = RTA_LENGTH(sizeof(char)); 82 *((char *) RTA_DATA(rta)) = operstate; 83 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) + 84 RTA_LENGTH(sizeof(char)); 85 } 86 87 wpa_printf(MSG_DEBUG, "WEXT: Operstate: linkmode=%d, operstate=%d", 88 linkmode, operstate); 89 90 ret = send(drv->event_sock, &req, req.hdr.nlmsg_len, 0); 91 if (ret < 0) { 92 wpa_printf(MSG_DEBUG, "WEXT: Sending operstate IFLA failed: " 93 "%s (assume operstate is not supported)", 94 strerror(errno)); 95 } 96 97 return ret < 0 ? -1 : 0; 98 } 99 100 101 int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv, 102 int idx, u32 value) 103 { 104 struct iwreq iwr; 105 int ret = 0; 106 107 os_memset(&iwr, 0, sizeof(iwr)); 108 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 109 iwr.u.param.flags = idx & IW_AUTH_INDEX; 110 iwr.u.param.value = value; 111 112 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) { 113 if (errno != EOPNOTSUPP) { 114 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d " 115 "value 0x%x) failed: %s)", 116 idx, value, strerror(errno)); 117 } 118 ret = errno == EOPNOTSUPP ? -2 : -1; 119 } 120 121 return ret; 122 } 123 124 125 /** 126 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP 127 * @priv: Pointer to private wext data from wpa_driver_wext_init() 128 * @bssid: Buffer for BSSID 129 * Returns: 0 on success, -1 on failure 130 */ 131 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid) 132 { 133 struct wpa_driver_wext_data *drv = priv; 134 struct iwreq iwr; 135 int ret = 0; 136 137 os_memset(&iwr, 0, sizeof(iwr)); 138 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 139 140 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) { 141 perror("ioctl[SIOCGIWAP]"); 142 ret = -1; 143 } 144 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN); 145 146 return ret; 147 } 148 149 150 /** 151 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP 152 * @priv: Pointer to private wext data from wpa_driver_wext_init() 153 * @bssid: BSSID 154 * Returns: 0 on success, -1 on failure 155 */ 156 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid) 157 { 158 struct wpa_driver_wext_data *drv = priv; 159 struct iwreq iwr; 160 int ret = 0; 161 162 os_memset(&iwr, 0, sizeof(iwr)); 163 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 164 iwr.u.ap_addr.sa_family = ARPHRD_ETHER; 165 if (bssid) 166 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN); 167 else 168 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN); 169 170 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) { 171 perror("ioctl[SIOCSIWAP]"); 172 ret = -1; 173 } 174 175 return ret; 176 } 177 178 179 /** 180 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID 181 * @priv: Pointer to private wext data from wpa_driver_wext_init() 182 * @ssid: Buffer for the SSID; must be at least 32 bytes long 183 * Returns: SSID length on success, -1 on failure 184 */ 185 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid) 186 { 187 struct wpa_driver_wext_data *drv = priv; 188 struct iwreq iwr; 189 int ret = 0; 190 191 os_memset(&iwr, 0, sizeof(iwr)); 192 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 193 iwr.u.essid.pointer = (caddr_t) ssid; 194 iwr.u.essid.length = 32; 195 196 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) { 197 perror("ioctl[SIOCGIWESSID]"); 198 ret = -1; 199 } else { 200 ret = iwr.u.essid.length; 201 if (ret > 32) 202 ret = 32; 203 /* Some drivers include nul termination in the SSID, so let's 204 * remove it here before further processing. WE-21 changes this 205 * to explicitly require the length _not_ to include nul 206 * termination. */ 207 if (ret > 0 && ssid[ret - 1] == '\0' && 208 drv->we_version_compiled < 21) 209 ret--; 210 } 211 212 return ret; 213 } 214 215 216 /** 217 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID 218 * @priv: Pointer to private wext data from wpa_driver_wext_init() 219 * @ssid: SSID 220 * @ssid_len: Length of SSID (0..32) 221 * Returns: 0 on success, -1 on failure 222 */ 223 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len) 224 { 225 struct wpa_driver_wext_data *drv = priv; 226 struct iwreq iwr; 227 int ret = 0; 228 char buf[33]; 229 230 if (ssid_len > 32) 231 return -1; 232 233 os_memset(&iwr, 0, sizeof(iwr)); 234 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 235 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */ 236 iwr.u.essid.flags = (ssid_len != 0); 237 os_memset(buf, 0, sizeof(buf)); 238 os_memcpy(buf, ssid, ssid_len); 239 iwr.u.essid.pointer = (caddr_t) buf; 240 if (drv->we_version_compiled < 21) { 241 /* For historic reasons, set SSID length to include one extra 242 * character, C string nul termination, even though SSID is 243 * really an octet string that should not be presented as a C 244 * string. Some Linux drivers decrement the length by one and 245 * can thus end up missing the last octet of the SSID if the 246 * length is not incremented here. WE-21 changes this to 247 * explicitly require the length _not_ to include nul 248 * termination. */ 249 if (ssid_len) 250 ssid_len++; 251 } 252 iwr.u.essid.length = ssid_len; 253 254 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) { 255 perror("ioctl[SIOCSIWESSID]"); 256 ret = -1; 257 } 258 259 return ret; 260 } 261 262 263 /** 264 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ 265 * @priv: Pointer to private wext data from wpa_driver_wext_init() 266 * @freq: Frequency in MHz 267 * Returns: 0 on success, -1 on failure 268 */ 269 int wpa_driver_wext_set_freq(void *priv, int freq) 270 { 271 struct wpa_driver_wext_data *drv = priv; 272 struct iwreq iwr; 273 int ret = 0; 274 275 os_memset(&iwr, 0, sizeof(iwr)); 276 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 277 iwr.u.freq.m = freq * 100000; 278 iwr.u.freq.e = 1; 279 280 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) { 281 perror("ioctl[SIOCSIWFREQ]"); 282 ret = -1; 283 } 284 285 return ret; 286 } 287 288 289 static void 290 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom) 291 { 292 union wpa_event_data data; 293 294 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'", 295 custom); 296 297 os_memset(&data, 0, sizeof(data)); 298 /* Host AP driver */ 299 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) { 300 data.michael_mic_failure.unicast = 301 os_strstr(custom, " unicast ") != NULL; 302 /* TODO: parse parameters(?) */ 303 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 304 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) { 305 char *spos; 306 int bytes; 307 308 spos = custom + 17; 309 310 bytes = strspn(spos, "0123456789abcdefABCDEF"); 311 if (!bytes || (bytes & 1)) 312 return; 313 bytes /= 2; 314 315 data.assoc_info.req_ies = os_malloc(bytes); 316 if (data.assoc_info.req_ies == NULL) 317 return; 318 319 data.assoc_info.req_ies_len = bytes; 320 hexstr2bin(spos, data.assoc_info.req_ies, bytes); 321 322 spos += bytes * 2; 323 324 data.assoc_info.resp_ies = NULL; 325 data.assoc_info.resp_ies_len = 0; 326 327 if (os_strncmp(spos, " RespIEs=", 9) == 0) { 328 spos += 9; 329 330 bytes = strspn(spos, "0123456789abcdefABCDEF"); 331 if (!bytes || (bytes & 1)) 332 goto done; 333 bytes /= 2; 334 335 data.assoc_info.resp_ies = os_malloc(bytes); 336 if (data.assoc_info.resp_ies == NULL) 337 goto done; 338 339 data.assoc_info.resp_ies_len = bytes; 340 hexstr2bin(spos, data.assoc_info.resp_ies, bytes); 341 } 342 343 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data); 344 345 done: 346 os_free(data.assoc_info.resp_ies); 347 os_free(data.assoc_info.req_ies); 348 #ifdef CONFIG_PEERKEY 349 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) { 350 if (hwaddr_aton(custom + 17, data.stkstart.peer)) { 351 wpa_printf(MSG_DEBUG, "WEXT: unrecognized " 352 "STKSTART.request '%s'", custom + 17); 353 return; 354 } 355 wpa_supplicant_event(ctx, EVENT_STKSTART, &data); 356 #endif /* CONFIG_PEERKEY */ 357 } 358 } 359 360 361 static int wpa_driver_wext_event_wireless_michaelmicfailure( 362 void *ctx, const char *ev, size_t len) 363 { 364 const struct iw_michaelmicfailure *mic; 365 union wpa_event_data data; 366 367 if (len < sizeof(*mic)) 368 return -1; 369 370 mic = (const struct iw_michaelmicfailure *) ev; 371 372 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: " 373 "flags=0x%x src_addr=" MACSTR, mic->flags, 374 MAC2STR(mic->src_addr.sa_data)); 375 376 os_memset(&data, 0, sizeof(data)); 377 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP); 378 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 379 380 return 0; 381 } 382 383 384 static int wpa_driver_wext_event_wireless_pmkidcand( 385 struct wpa_driver_wext_data *drv, const char *ev, size_t len) 386 { 387 const struct iw_pmkid_cand *cand; 388 union wpa_event_data data; 389 const u8 *addr; 390 391 if (len < sizeof(*cand)) 392 return -1; 393 394 cand = (const struct iw_pmkid_cand *) ev; 395 addr = (const u8 *) cand->bssid.sa_data; 396 397 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: " 398 "flags=0x%x index=%d bssid=" MACSTR, cand->flags, 399 cand->index, MAC2STR(addr)); 400 401 os_memset(&data, 0, sizeof(data)); 402 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN); 403 data.pmkid_candidate.index = cand->index; 404 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH; 405 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 406 407 return 0; 408 } 409 410 411 static int wpa_driver_wext_event_wireless_assocreqie( 412 struct wpa_driver_wext_data *drv, const char *ev, int len) 413 { 414 if (len < 0) 415 return -1; 416 417 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev, 418 len); 419 os_free(drv->assoc_req_ies); 420 drv->assoc_req_ies = os_malloc(len); 421 if (drv->assoc_req_ies == NULL) { 422 drv->assoc_req_ies_len = 0; 423 return -1; 424 } 425 os_memcpy(drv->assoc_req_ies, ev, len); 426 drv->assoc_req_ies_len = len; 427 428 return 0; 429 } 430 431 432 static int wpa_driver_wext_event_wireless_assocrespie( 433 struct wpa_driver_wext_data *drv, const char *ev, int len) 434 { 435 if (len < 0) 436 return -1; 437 438 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev, 439 len); 440 os_free(drv->assoc_resp_ies); 441 drv->assoc_resp_ies = os_malloc(len); 442 if (drv->assoc_resp_ies == NULL) { 443 drv->assoc_resp_ies_len = 0; 444 return -1; 445 } 446 os_memcpy(drv->assoc_resp_ies, ev, len); 447 drv->assoc_resp_ies_len = len; 448 449 return 0; 450 } 451 452 453 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv) 454 { 455 union wpa_event_data data; 456 457 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL) 458 return; 459 460 os_memset(&data, 0, sizeof(data)); 461 if (drv->assoc_req_ies) { 462 data.assoc_info.req_ies = drv->assoc_req_ies; 463 drv->assoc_req_ies = NULL; 464 data.assoc_info.req_ies_len = drv->assoc_req_ies_len; 465 } 466 if (drv->assoc_resp_ies) { 467 data.assoc_info.resp_ies = drv->assoc_resp_ies; 468 drv->assoc_resp_ies = NULL; 469 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len; 470 } 471 472 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data); 473 474 os_free(data.assoc_info.req_ies); 475 os_free(data.assoc_info.resp_ies); 476 } 477 478 479 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv, 480 void *ctx, char *data, int len) 481 { 482 struct iw_event iwe_buf, *iwe = &iwe_buf; 483 char *pos, *end, *custom, *buf; 484 485 pos = data; 486 end = data + len; 487 488 while (pos + IW_EV_LCP_LEN <= end) { 489 /* Event data may be unaligned, so make a local, aligned copy 490 * before processing. */ 491 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN); 492 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d", 493 iwe->cmd, iwe->len); 494 if (iwe->len <= IW_EV_LCP_LEN) 495 return; 496 497 custom = pos + IW_EV_POINT_LEN; 498 if (drv->we_version_compiled > 18 && 499 (iwe->cmd == IWEVMICHAELMICFAILURE || 500 iwe->cmd == IWEVCUSTOM || 501 iwe->cmd == IWEVASSOCREQIE || 502 iwe->cmd == IWEVASSOCRESPIE || 503 iwe->cmd == IWEVPMKIDCAND)) { 504 /* WE-19 removed the pointer from struct iw_point */ 505 char *dpos = (char *) &iwe_buf.u.data.length; 506 int dlen = dpos - (char *) &iwe_buf; 507 os_memcpy(dpos, pos + IW_EV_LCP_LEN, 508 sizeof(struct iw_event) - dlen); 509 } else { 510 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event)); 511 custom += IW_EV_POINT_OFF; 512 } 513 514 switch (iwe->cmd) { 515 case SIOCGIWAP: 516 wpa_printf(MSG_DEBUG, "Wireless event: new AP: " 517 MACSTR, 518 MAC2STR((u8 *) iwe->u.ap_addr.sa_data)); 519 if (is_zero_ether_addr( 520 (const u8 *) iwe->u.ap_addr.sa_data) || 521 os_memcmp(iwe->u.ap_addr.sa_data, 522 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) == 523 0) { 524 os_free(drv->assoc_req_ies); 525 drv->assoc_req_ies = NULL; 526 os_free(drv->assoc_resp_ies); 527 drv->assoc_resp_ies = NULL; 528 wpa_supplicant_event(ctx, EVENT_DISASSOC, 529 NULL); 530 531 } else { 532 wpa_driver_wext_event_assoc_ies(drv); 533 wpa_supplicant_event(ctx, EVENT_ASSOC, NULL); 534 } 535 break; 536 case IWEVMICHAELMICFAILURE: 537 if (custom + iwe->u.data.length > end) { 538 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 539 "IWEVMICHAELMICFAILURE length"); 540 return; 541 } 542 wpa_driver_wext_event_wireless_michaelmicfailure( 543 ctx, custom, iwe->u.data.length); 544 break; 545 case IWEVCUSTOM: 546 if (custom + iwe->u.data.length > end) { 547 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 548 "IWEVCUSTOM length"); 549 return; 550 } 551 buf = os_malloc(iwe->u.data.length + 1); 552 if (buf == NULL) 553 return; 554 os_memcpy(buf, custom, iwe->u.data.length); 555 buf[iwe->u.data.length] = '\0'; 556 wpa_driver_wext_event_wireless_custom(ctx, buf); 557 os_free(buf); 558 break; 559 case SIOCGIWSCAN: 560 drv->scan_complete_events = 1; 561 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, 562 drv, ctx); 563 wpa_supplicant_event(ctx, EVENT_SCAN_RESULTS, NULL); 564 break; 565 case IWEVASSOCREQIE: 566 if (custom + iwe->u.data.length > end) { 567 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 568 "IWEVASSOCREQIE length"); 569 return; 570 } 571 wpa_driver_wext_event_wireless_assocreqie( 572 drv, custom, iwe->u.data.length); 573 break; 574 case IWEVASSOCRESPIE: 575 if (custom + iwe->u.data.length > end) { 576 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 577 "IWEVASSOCRESPIE length"); 578 return; 579 } 580 wpa_driver_wext_event_wireless_assocrespie( 581 drv, custom, iwe->u.data.length); 582 break; 583 case IWEVPMKIDCAND: 584 if (custom + iwe->u.data.length > end) { 585 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 586 "IWEVPMKIDCAND length"); 587 return; 588 } 589 wpa_driver_wext_event_wireless_pmkidcand( 590 drv, custom, iwe->u.data.length); 591 break; 592 } 593 594 pos += iwe->len; 595 } 596 } 597 598 599 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv, 600 void *ctx, char *buf, size_t len, 601 int del) 602 { 603 union wpa_event_data event; 604 605 os_memset(&event, 0, sizeof(event)); 606 if (len > sizeof(event.interface_status.ifname)) 607 len = sizeof(event.interface_status.ifname) - 1; 608 os_memcpy(event.interface_status.ifname, buf, len); 609 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 610 EVENT_INTERFACE_ADDED; 611 612 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 613 del ? "DEL" : "NEW", 614 event.interface_status.ifname, 615 del ? "removed" : "added"); 616 617 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) { 618 if (del) 619 drv->if_removed = 1; 620 else 621 drv->if_removed = 0; 622 } 623 624 wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event); 625 } 626 627 628 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv, 629 struct nlmsghdr *h) 630 { 631 struct ifinfomsg *ifi; 632 int attrlen, nlmsg_len, rta_len; 633 struct rtattr *attr; 634 635 ifi = NLMSG_DATA(h); 636 637 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg)); 638 639 attrlen = h->nlmsg_len - nlmsg_len; 640 if (attrlen < 0) 641 return 0; 642 643 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len); 644 645 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 646 while (RTA_OK(attr, attrlen)) { 647 if (attr->rta_type == IFLA_IFNAME) { 648 if (os_strcmp(((char *) attr) + rta_len, drv->ifname) 649 == 0) 650 return 1; 651 else 652 break; 653 } 654 attr = RTA_NEXT(attr, attrlen); 655 } 656 657 return 0; 658 } 659 660 661 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv, 662 int ifindex, struct nlmsghdr *h) 663 { 664 if (drv->ifindex == ifindex || drv->ifindex2 == ifindex) 665 return 1; 666 667 if (drv->if_removed && wpa_driver_wext_own_ifname(drv, h)) { 668 drv->ifindex = if_nametoindex(drv->ifname); 669 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed " 670 "interface"); 671 wpa_driver_wext_finish_drv_init(drv); 672 return 1; 673 } 674 675 return 0; 676 } 677 678 679 static void wpa_driver_wext_event_rtm_newlink(struct wpa_driver_wext_data *drv, 680 void *ctx, struct nlmsghdr *h, 681 size_t len) 682 { 683 struct ifinfomsg *ifi; 684 int attrlen, nlmsg_len, rta_len; 685 struct rtattr * attr; 686 687 if (len < sizeof(*ifi)) 688 return; 689 690 ifi = NLMSG_DATA(h); 691 692 if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, h)) { 693 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d", 694 ifi->ifi_index); 695 return; 696 } 697 698 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 699 "(%s%s%s%s)", 700 drv->operstate, ifi->ifi_flags, 701 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 702 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 703 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 704 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 705 /* 706 * Some drivers send the association event before the operup event--in 707 * this case, lifting operstate in wpa_driver_wext_set_operstate() 708 * fails. This will hit us when wpa_supplicant does not need to do 709 * IEEE 802.1X authentication 710 */ 711 if (drv->operstate == 1 && 712 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 713 !(ifi->ifi_flags & IFF_RUNNING)) 714 wpa_driver_wext_send_oper_ifla(drv, -1, IF_OPER_UP); 715 716 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg)); 717 718 attrlen = h->nlmsg_len - nlmsg_len; 719 if (attrlen < 0) 720 return; 721 722 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len); 723 724 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 725 while (RTA_OK(attr, attrlen)) { 726 if (attr->rta_type == IFLA_WIRELESS) { 727 wpa_driver_wext_event_wireless( 728 drv, ctx, ((char *) attr) + rta_len, 729 attr->rta_len - rta_len); 730 } else if (attr->rta_type == IFLA_IFNAME) { 731 wpa_driver_wext_event_link(drv, ctx, 732 ((char *) attr) + rta_len, 733 attr->rta_len - rta_len, 0); 734 } 735 attr = RTA_NEXT(attr, attrlen); 736 } 737 } 738 739 740 static void wpa_driver_wext_event_rtm_dellink(struct wpa_driver_wext_data *drv, 741 void *ctx, struct nlmsghdr *h, 742 size_t len) 743 { 744 struct ifinfomsg *ifi; 745 int attrlen, nlmsg_len, rta_len; 746 struct rtattr * attr; 747 748 if (len < sizeof(*ifi)) 749 return; 750 751 ifi = NLMSG_DATA(h); 752 753 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg)); 754 755 attrlen = h->nlmsg_len - nlmsg_len; 756 if (attrlen < 0) 757 return; 758 759 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len); 760 761 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 762 while (RTA_OK(attr, attrlen)) { 763 if (attr->rta_type == IFLA_IFNAME) { 764 wpa_driver_wext_event_link(drv, ctx, 765 ((char *) attr) + rta_len, 766 attr->rta_len - rta_len, 1); 767 } 768 attr = RTA_NEXT(attr, attrlen); 769 } 770 } 771 772 773 static void wpa_driver_wext_event_receive(int sock, void *eloop_ctx, 774 void *sock_ctx) 775 { 776 char buf[8192]; 777 int left; 778 struct sockaddr_nl from; 779 socklen_t fromlen; 780 struct nlmsghdr *h; 781 int max_events = 10; 782 783 try_again: 784 fromlen = sizeof(from); 785 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT, 786 (struct sockaddr *) &from, &fromlen); 787 if (left < 0) { 788 if (errno != EINTR && errno != EAGAIN) 789 perror("recvfrom(netlink)"); 790 return; 791 } 792 793 h = (struct nlmsghdr *) buf; 794 while (left >= (int) sizeof(*h)) { 795 int len, plen; 796 797 len = h->nlmsg_len; 798 plen = len - sizeof(*h); 799 if (len > left || plen < 0) { 800 wpa_printf(MSG_DEBUG, "Malformed netlink message: " 801 "len=%d left=%d plen=%d", 802 len, left, plen); 803 break; 804 } 805 806 switch (h->nlmsg_type) { 807 case RTM_NEWLINK: 808 wpa_driver_wext_event_rtm_newlink(eloop_ctx, sock_ctx, 809 h, plen); 810 break; 811 case RTM_DELLINK: 812 wpa_driver_wext_event_rtm_dellink(eloop_ctx, sock_ctx, 813 h, plen); 814 break; 815 } 816 817 len = NLMSG_ALIGN(len); 818 left -= len; 819 h = (struct nlmsghdr *) ((char *) h + len); 820 } 821 822 if (left > 0) { 823 wpa_printf(MSG_DEBUG, "%d extra bytes in the end of netlink " 824 "message", left); 825 } 826 827 if (--max_events > 0) { 828 /* 829 * Try to receive all events in one eloop call in order to 830 * limit race condition on cases where AssocInfo event, Assoc 831 * event, and EAPOL frames are received more or less at the 832 * same time. We want to process the event messages first 833 * before starting EAPOL processing. 834 */ 835 goto try_again; 836 } 837 } 838 839 840 static int wpa_driver_wext_get_ifflags_ifname(struct wpa_driver_wext_data *drv, 841 const char *ifname, int *flags) 842 { 843 struct ifreq ifr; 844 845 os_memset(&ifr, 0, sizeof(ifr)); 846 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ); 847 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) { 848 perror("ioctl[SIOCGIFFLAGS]"); 849 return -1; 850 } 851 *flags = ifr.ifr_flags & 0xffff; 852 return 0; 853 } 854 855 856 /** 857 * wpa_driver_wext_get_ifflags - Get interface flags (SIOCGIFFLAGS) 858 * @drv: driver_wext private data 859 * @flags: Pointer to returned flags value 860 * Returns: 0 on success, -1 on failure 861 */ 862 int wpa_driver_wext_get_ifflags(struct wpa_driver_wext_data *drv, int *flags) 863 { 864 return wpa_driver_wext_get_ifflags_ifname(drv, drv->ifname, flags); 865 } 866 867 868 static int wpa_driver_wext_set_ifflags_ifname(struct wpa_driver_wext_data *drv, 869 const char *ifname, int flags) 870 { 871 struct ifreq ifr; 872 873 os_memset(&ifr, 0, sizeof(ifr)); 874 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ); 875 ifr.ifr_flags = flags & 0xffff; 876 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) { 877 perror("SIOCSIFFLAGS"); 878 return -1; 879 } 880 return 0; 881 } 882 883 884 /** 885 * wpa_driver_wext_set_ifflags - Set interface flags (SIOCSIFFLAGS) 886 * @drv: driver_wext private data 887 * @flags: New value for flags 888 * Returns: 0 on success, -1 on failure 889 */ 890 int wpa_driver_wext_set_ifflags(struct wpa_driver_wext_data *drv, int flags) 891 { 892 return wpa_driver_wext_set_ifflags_ifname(drv, drv->ifname, flags); 893 } 894 895 896 /** 897 * wpa_driver_wext_init - Initialize WE driver interface 898 * @ctx: context to be used when calling wpa_supplicant functions, 899 * e.g., wpa_supplicant_event() 900 * @ifname: interface name, e.g., wlan0 901 * Returns: Pointer to private data, %NULL on failure 902 */ 903 void * wpa_driver_wext_init(void *ctx, const char *ifname) 904 { 905 int s; 906 struct sockaddr_nl local; 907 struct wpa_driver_wext_data *drv; 908 909 drv = os_zalloc(sizeof(*drv)); 910 if (drv == NULL) 911 return NULL; 912 drv->ctx = ctx; 913 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname)); 914 915 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 916 if (drv->ioctl_sock < 0) { 917 perror("socket(PF_INET,SOCK_DGRAM)"); 918 os_free(drv); 919 return NULL; 920 } 921 922 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); 923 if (s < 0) { 924 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)"); 925 close(drv->ioctl_sock); 926 os_free(drv); 927 return NULL; 928 } 929 930 os_memset(&local, 0, sizeof(local)); 931 local.nl_family = AF_NETLINK; 932 local.nl_groups = RTMGRP_LINK; 933 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) { 934 perror("bind(netlink)"); 935 close(s); 936 close(drv->ioctl_sock); 937 os_free(drv); 938 return NULL; 939 } 940 941 eloop_register_read_sock(s, wpa_driver_wext_event_receive, drv, ctx); 942 drv->event_sock = s; 943 944 drv->mlme_sock = -1; 945 946 wpa_driver_wext_finish_drv_init(drv); 947 948 return drv; 949 } 950 951 952 static void wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv) 953 { 954 int flags; 955 956 if (wpa_driver_wext_get_ifflags(drv, &flags) != 0) 957 printf("Could not get interface '%s' flags\n", drv->ifname); 958 else if (!(flags & IFF_UP)) { 959 if (wpa_driver_wext_set_ifflags(drv, flags | IFF_UP) != 0) { 960 printf("Could not set interface '%s' UP\n", 961 drv->ifname); 962 } else { 963 /* 964 * Wait some time to allow driver to initialize before 965 * starting configuring the driver. This seems to be 966 * needed at least some drivers that load firmware etc. 967 * when the interface is set up. 968 */ 969 wpa_printf(MSG_DEBUG, "Interface %s set UP - waiting " 970 "a second for the driver to complete " 971 "initialization", drv->ifname); 972 sleep(1); 973 } 974 } 975 976 /* 977 * Make sure that the driver does not have any obsolete PMKID entries. 978 */ 979 wpa_driver_wext_flush_pmkid(drv); 980 981 if (wpa_driver_wext_set_mode(drv, 0) < 0) { 982 printf("Could not configure driver to use managed mode\n"); 983 } 984 985 wpa_driver_wext_get_range(drv); 986 987 /* 988 * Unlock the driver's BSSID and force to a random SSID to clear any 989 * previous association the driver might have when the supplicant 990 * starts up. 991 */ 992 wpa_driver_wext_disconnect(drv); 993 994 drv->ifindex = if_nametoindex(drv->ifname); 995 996 if (os_strncmp(drv->ifname, "wlan", 4) == 0) { 997 /* 998 * Host AP driver may use both wlan# and wifi# interface in 999 * wireless events. Since some of the versions included WE-18 1000 * support, let's add the alternative ifindex also from 1001 * driver_wext.c for the time being. This may be removed at 1002 * some point once it is believed that old versions of the 1003 * driver are not in use anymore. 1004 */ 1005 char ifname2[IFNAMSIZ + 1]; 1006 os_strlcpy(ifname2, drv->ifname, sizeof(ifname2)); 1007 os_memcpy(ifname2, "wifi", 4); 1008 wpa_driver_wext_alternative_ifindex(drv, ifname2); 1009 } 1010 1011 wpa_driver_wext_send_oper_ifla(drv, 1, IF_OPER_DORMANT); 1012 } 1013 1014 1015 /** 1016 * wpa_driver_wext_deinit - Deinitialize WE driver interface 1017 * @priv: Pointer to private wext data from wpa_driver_wext_init() 1018 * 1019 * Shut down driver interface and processing of driver events. Free 1020 * private data buffer if one was allocated in wpa_driver_wext_init(). 1021 */ 1022 void wpa_driver_wext_deinit(void *priv) 1023 { 1024 struct wpa_driver_wext_data *drv = priv; 1025 int flags; 1026 1027 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx); 1028 1029 /* 1030 * Clear possibly configured driver parameters in order to make it 1031 * easier to use the driver after wpa_supplicant has been terminated. 1032 */ 1033 wpa_driver_wext_disconnect(drv); 1034 1035 wpa_driver_wext_send_oper_ifla(priv, 0, IF_OPER_UP); 1036 1037 eloop_unregister_read_sock(drv->event_sock); 1038 if (drv->mlme_sock >= 0) 1039 eloop_unregister_read_sock(drv->mlme_sock); 1040 1041 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0) 1042 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP); 1043 1044 close(drv->event_sock); 1045 close(drv->ioctl_sock); 1046 if (drv->mlme_sock >= 0) 1047 close(drv->mlme_sock); 1048 os_free(drv->assoc_req_ies); 1049 os_free(drv->assoc_resp_ies); 1050 os_free(drv); 1051 } 1052 1053 1054 /** 1055 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion 1056 * @eloop_ctx: Unused 1057 * @timeout_ctx: ctx argument given to wpa_driver_wext_init() 1058 * 1059 * This function can be used as registered timeout when starting a scan to 1060 * generate a scan completed event if the driver does not report this. 1061 */ 1062 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx) 1063 { 1064 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 1065 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 1066 } 1067 1068 1069 /** 1070 * wpa_driver_wext_scan - Request the driver to initiate scan 1071 * @priv: Pointer to private wext data from wpa_driver_wext_init() 1072 * @ssid: Specific SSID to scan for (ProbeReq) or %NULL to scan for 1073 * all SSIDs (either active scan with broadcast SSID or passive 1074 * scan 1075 * @ssid_len: Length of the SSID 1076 * Returns: 0 on success, -1 on failure 1077 */ 1078 int wpa_driver_wext_scan(void *priv, const u8 *ssid, size_t ssid_len) 1079 { 1080 struct wpa_driver_wext_data *drv = priv; 1081 struct iwreq iwr; 1082 int ret = 0, timeout; 1083 struct iw_scan_req req; 1084 1085 if (ssid_len > IW_ESSID_MAX_SIZE) { 1086 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)", 1087 __FUNCTION__, (unsigned long) ssid_len); 1088 return -1; 1089 } 1090 1091 os_memset(&iwr, 0, sizeof(iwr)); 1092 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1093 1094 if (ssid && ssid_len) { 1095 os_memset(&req, 0, sizeof(req)); 1096 req.essid_len = ssid_len; 1097 req.bssid.sa_family = ARPHRD_ETHER; 1098 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN); 1099 os_memcpy(req.essid, ssid, ssid_len); 1100 iwr.u.data.pointer = (caddr_t) &req; 1101 iwr.u.data.length = sizeof(req); 1102 iwr.u.data.flags = IW_SCAN_THIS_ESSID; 1103 } 1104 1105 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) { 1106 perror("ioctl[SIOCSIWSCAN]"); 1107 ret = -1; 1108 } 1109 1110 /* Not all drivers generate "scan completed" wireless event, so try to 1111 * read results after a timeout. */ 1112 timeout = 5; 1113 if (drv->scan_complete_events) { 1114 /* 1115 * The driver seems to deliver SIOCGIWSCAN events to notify 1116 * when scan is complete, so use longer timeout to avoid race 1117 * conditions with scanning and following association request. 1118 */ 1119 timeout = 30; 1120 } 1121 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 1122 "seconds", ret, timeout); 1123 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx); 1124 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv, 1125 drv->ctx); 1126 1127 return ret; 1128 } 1129 1130 1131 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv, 1132 size_t *len) 1133 { 1134 struct iwreq iwr; 1135 u8 *res_buf; 1136 size_t res_buf_len; 1137 1138 res_buf_len = IW_SCAN_MAX_DATA; 1139 for (;;) { 1140 res_buf = os_malloc(res_buf_len); 1141 if (res_buf == NULL) 1142 return NULL; 1143 os_memset(&iwr, 0, sizeof(iwr)); 1144 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1145 iwr.u.data.pointer = res_buf; 1146 iwr.u.data.length = res_buf_len; 1147 1148 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0) 1149 break; 1150 1151 if (errno == E2BIG && res_buf_len < 65535) { 1152 os_free(res_buf); 1153 res_buf = NULL; 1154 res_buf_len *= 2; 1155 if (res_buf_len > 65535) 1156 res_buf_len = 65535; /* 16-bit length field */ 1157 wpa_printf(MSG_DEBUG, "Scan results did not fit - " 1158 "trying larger buffer (%lu bytes)", 1159 (unsigned long) res_buf_len); 1160 } else { 1161 perror("ioctl[SIOCGIWSCAN]"); 1162 os_free(res_buf); 1163 return NULL; 1164 } 1165 } 1166 1167 if (iwr.u.data.length > res_buf_len) { 1168 os_free(res_buf); 1169 return NULL; 1170 } 1171 *len = iwr.u.data.length; 1172 1173 return res_buf; 1174 } 1175 1176 1177 /* 1178 * Data structure for collecting WEXT scan results. This is needed to allow 1179 * the various methods of reporting IEs to be combined into a single IE buffer. 1180 */ 1181 struct wext_scan_data { 1182 struct wpa_scan_res res; 1183 u8 *ie; 1184 size_t ie_len; 1185 u8 ssid[32]; 1186 size_t ssid_len; 1187 int maxrate; 1188 }; 1189 1190 1191 static void wext_get_scan_mode(struct iw_event *iwe, 1192 struct wext_scan_data *res) 1193 { 1194 if (iwe->u.mode == IW_MODE_ADHOC) 1195 res->res.caps |= IEEE80211_CAP_IBSS; 1196 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA) 1197 res->res.caps |= IEEE80211_CAP_ESS; 1198 } 1199 1200 1201 static void wext_get_scan_ssid(struct iw_event *iwe, 1202 struct wext_scan_data *res, char *custom, 1203 char *end) 1204 { 1205 int ssid_len = iwe->u.essid.length; 1206 if (custom + ssid_len > end) 1207 return; 1208 if (iwe->u.essid.flags && 1209 ssid_len > 0 && 1210 ssid_len <= IW_ESSID_MAX_SIZE) { 1211 os_memcpy(res->ssid, custom, ssid_len); 1212 res->ssid_len = ssid_len; 1213 } 1214 } 1215 1216 1217 static void wext_get_scan_freq(struct iw_event *iwe, 1218 struct wext_scan_data *res) 1219 { 1220 int divi = 1000000, i; 1221 1222 if (iwe->u.freq.e == 0) { 1223 /* 1224 * Some drivers do not report frequency, but a channel. 1225 * Try to map this to frequency by assuming they are using 1226 * IEEE 802.11b/g. But don't overwrite a previously parsed 1227 * frequency if the driver sends both frequency and channel, 1228 * since the driver may be sending an A-band channel that we 1229 * don't handle here. 1230 */ 1231 1232 if (res->res.freq) 1233 return; 1234 1235 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) { 1236 res->res.freq = 2407 + 5 * iwe->u.freq.m; 1237 return; 1238 } else if (iwe->u.freq.m == 14) { 1239 res->res.freq = 2484; 1240 return; 1241 } 1242 } 1243 1244 if (iwe->u.freq.e > 6) { 1245 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID=" 1246 MACSTR " m=%d e=%d)", 1247 MAC2STR(res->res.bssid), iwe->u.freq.m, 1248 iwe->u.freq.e); 1249 return; 1250 } 1251 1252 for (i = 0; i < iwe->u.freq.e; i++) 1253 divi /= 10; 1254 res->res.freq = iwe->u.freq.m / divi; 1255 } 1256 1257 1258 static void wext_get_scan_qual(struct iw_event *iwe, 1259 struct wext_scan_data *res) 1260 { 1261 res->res.qual = iwe->u.qual.qual; 1262 res->res.noise = iwe->u.qual.noise; 1263 res->res.level = iwe->u.qual.level; 1264 } 1265 1266 1267 static void wext_get_scan_encode(struct iw_event *iwe, 1268 struct wext_scan_data *res) 1269 { 1270 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED)) 1271 res->res.caps |= IEEE80211_CAP_PRIVACY; 1272 } 1273 1274 1275 static void wext_get_scan_rate(struct iw_event *iwe, 1276 struct wext_scan_data *res, char *pos, 1277 char *end) 1278 { 1279 int maxrate; 1280 char *custom = pos + IW_EV_LCP_LEN; 1281 struct iw_param p; 1282 size_t clen; 1283 1284 clen = iwe->len; 1285 if (custom + clen > end) 1286 return; 1287 maxrate = 0; 1288 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) { 1289 /* Note: may be misaligned, make a local, aligned copy */ 1290 os_memcpy(&p, custom, sizeof(struct iw_param)); 1291 if (p.value > maxrate) 1292 maxrate = p.value; 1293 clen -= sizeof(struct iw_param); 1294 custom += sizeof(struct iw_param); 1295 } 1296 1297 /* Convert the maxrate from WE-style (b/s units) to 1298 * 802.11 rates (500000 b/s units). 1299 */ 1300 res->maxrate = maxrate / 500000; 1301 } 1302 1303 1304 static void wext_get_scan_iwevgenie(struct iw_event *iwe, 1305 struct wext_scan_data *res, char *custom, 1306 char *end) 1307 { 1308 char *genie, *gpos, *gend; 1309 u8 *tmp; 1310 1311 if (iwe->u.data.length == 0) 1312 return; 1313 1314 gpos = genie = custom; 1315 gend = genie + iwe->u.data.length; 1316 if (gend > end) { 1317 wpa_printf(MSG_INFO, "IWEVGENIE overflow"); 1318 return; 1319 } 1320 1321 tmp = os_realloc(res->ie, res->ie_len + gend - gpos); 1322 if (tmp == NULL) 1323 return; 1324 os_memcpy(tmp + res->ie_len, gpos, gend - gpos); 1325 res->ie = tmp; 1326 res->ie_len += gend - gpos; 1327 } 1328 1329 1330 static void wext_get_scan_custom(struct iw_event *iwe, 1331 struct wext_scan_data *res, char *custom, 1332 char *end) 1333 { 1334 size_t clen; 1335 u8 *tmp; 1336 1337 clen = iwe->u.data.length; 1338 if (custom + clen > end) 1339 return; 1340 1341 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) { 1342 char *spos; 1343 int bytes; 1344 spos = custom + 7; 1345 bytes = custom + clen - spos; 1346 if (bytes & 1 || bytes == 0) 1347 return; 1348 bytes /= 2; 1349 tmp = os_realloc(res->ie, res->ie_len + bytes); 1350 if (tmp == NULL) 1351 return; 1352 hexstr2bin(spos, tmp + res->ie_len, bytes); 1353 res->ie = tmp; 1354 res->ie_len += bytes; 1355 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) { 1356 char *spos; 1357 int bytes; 1358 spos = custom + 7; 1359 bytes = custom + clen - spos; 1360 if (bytes & 1 || bytes == 0) 1361 return; 1362 bytes /= 2; 1363 tmp = os_realloc(res->ie, res->ie_len + bytes); 1364 if (tmp == NULL) 1365 return; 1366 hexstr2bin(spos, tmp + res->ie_len, bytes); 1367 res->ie = tmp; 1368 res->ie_len += bytes; 1369 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) { 1370 char *spos; 1371 int bytes; 1372 u8 bin[8]; 1373 spos = custom + 4; 1374 bytes = custom + clen - spos; 1375 if (bytes != 16) { 1376 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes); 1377 return; 1378 } 1379 bytes /= 2; 1380 hexstr2bin(spos, bin, bytes); 1381 res->res.tsf += WPA_GET_BE64(bin); 1382 } 1383 } 1384 1385 1386 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd) 1387 { 1388 return drv->we_version_compiled > 18 && 1389 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE || 1390 cmd == IWEVGENIE || cmd == IWEVCUSTOM); 1391 } 1392 1393 1394 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res, 1395 struct wext_scan_data *data) 1396 { 1397 struct wpa_scan_res **tmp; 1398 struct wpa_scan_res *r; 1399 size_t extra_len; 1400 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL; 1401 1402 /* Figure out whether we need to fake any IEs */ 1403 pos = data->ie; 1404 end = pos + data->ie_len; 1405 while (pos && pos + 1 < end) { 1406 if (pos + 2 + pos[1] > end) 1407 break; 1408 if (pos[0] == WLAN_EID_SSID) 1409 ssid_ie = pos; 1410 else if (pos[0] == WLAN_EID_SUPP_RATES) 1411 rate_ie = pos; 1412 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES) 1413 rate_ie = pos; 1414 pos += 2 + pos[1]; 1415 } 1416 1417 extra_len = 0; 1418 if (ssid_ie == NULL) 1419 extra_len += 2 + data->ssid_len; 1420 if (rate_ie == NULL && data->maxrate) 1421 extra_len += 3; 1422 1423 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len); 1424 if (r == NULL) 1425 return; 1426 os_memcpy(r, &data->res, sizeof(*r)); 1427 r->ie_len = extra_len + data->ie_len; 1428 pos = (u8 *) (r + 1); 1429 if (ssid_ie == NULL) { 1430 /* 1431 * Generate a fake SSID IE since the driver did not report 1432 * a full IE list. 1433 */ 1434 *pos++ = WLAN_EID_SSID; 1435 *pos++ = data->ssid_len; 1436 os_memcpy(pos, data->ssid, data->ssid_len); 1437 pos += data->ssid_len; 1438 } 1439 if (rate_ie == NULL && data->maxrate) { 1440 /* 1441 * Generate a fake Supported Rates IE since the driver did not 1442 * report a full IE list. 1443 */ 1444 *pos++ = WLAN_EID_SUPP_RATES; 1445 *pos++ = 1; 1446 *pos++ = data->maxrate; 1447 } 1448 if (data->ie) 1449 os_memcpy(pos, data->ie, data->ie_len); 1450 1451 tmp = os_realloc(res->res, 1452 (res->num + 1) * sizeof(struct wpa_scan_res *)); 1453 if (tmp == NULL) { 1454 os_free(r); 1455 return; 1456 } 1457 tmp[res->num++] = r; 1458 res->res = tmp; 1459 } 1460 1461 1462 /** 1463 * wpa_driver_wext_get_scan_results - Fetch the latest scan results 1464 * @priv: Pointer to private wext data from wpa_driver_wext_init() 1465 * Returns: Scan results on success, -1 on failure 1466 */ 1467 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv) 1468 { 1469 struct wpa_driver_wext_data *drv = priv; 1470 size_t ap_num = 0, len; 1471 int first; 1472 u8 *res_buf; 1473 struct iw_event iwe_buf, *iwe = &iwe_buf; 1474 char *pos, *end, *custom; 1475 struct wpa_scan_results *res; 1476 struct wext_scan_data data; 1477 1478 res_buf = wpa_driver_wext_giwscan(drv, &len); 1479 if (res_buf == NULL) 1480 return NULL; 1481 1482 ap_num = 0; 1483 first = 1; 1484 1485 res = os_zalloc(sizeof(*res)); 1486 if (res == NULL) { 1487 os_free(res_buf); 1488 return NULL; 1489 } 1490 1491 pos = (char *) res_buf; 1492 end = (char *) res_buf + len; 1493 os_memset(&data, 0, sizeof(data)); 1494 1495 while (pos + IW_EV_LCP_LEN <= end) { 1496 /* Event data may be unaligned, so make a local, aligned copy 1497 * before processing. */ 1498 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN); 1499 if (iwe->len <= IW_EV_LCP_LEN) 1500 break; 1501 1502 custom = pos + IW_EV_POINT_LEN; 1503 if (wext_19_iw_point(drv, iwe->cmd)) { 1504 /* WE-19 removed the pointer from struct iw_point */ 1505 char *dpos = (char *) &iwe_buf.u.data.length; 1506 int dlen = dpos - (char *) &iwe_buf; 1507 os_memcpy(dpos, pos + IW_EV_LCP_LEN, 1508 sizeof(struct iw_event) - dlen); 1509 } else { 1510 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event)); 1511 custom += IW_EV_POINT_OFF; 1512 } 1513 1514 switch (iwe->cmd) { 1515 case SIOCGIWAP: 1516 if (!first) 1517 wpa_driver_wext_add_scan_entry(res, &data); 1518 first = 0; 1519 os_free(data.ie); 1520 os_memset(&data, 0, sizeof(data)); 1521 os_memcpy(data.res.bssid, 1522 iwe->u.ap_addr.sa_data, ETH_ALEN); 1523 break; 1524 case SIOCGIWMODE: 1525 wext_get_scan_mode(iwe, &data); 1526 break; 1527 case SIOCGIWESSID: 1528 wext_get_scan_ssid(iwe, &data, custom, end); 1529 break; 1530 case SIOCGIWFREQ: 1531 wext_get_scan_freq(iwe, &data); 1532 break; 1533 case IWEVQUAL: 1534 wext_get_scan_qual(iwe, &data); 1535 break; 1536 case SIOCGIWENCODE: 1537 wext_get_scan_encode(iwe, &data); 1538 break; 1539 case SIOCGIWRATE: 1540 wext_get_scan_rate(iwe, &data, pos, end); 1541 break; 1542 case IWEVGENIE: 1543 wext_get_scan_iwevgenie(iwe, &data, custom, end); 1544 break; 1545 case IWEVCUSTOM: 1546 wext_get_scan_custom(iwe, &data, custom, end); 1547 break; 1548 } 1549 1550 pos += iwe->len; 1551 } 1552 os_free(res_buf); 1553 res_buf = NULL; 1554 if (!first) 1555 wpa_driver_wext_add_scan_entry(res, &data); 1556 os_free(data.ie); 1557 1558 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)", 1559 (unsigned long) len, (unsigned long) res->num); 1560 1561 return res; 1562 } 1563 1564 1565 static int wpa_driver_wext_get_range(void *priv) 1566 { 1567 struct wpa_driver_wext_data *drv = priv; 1568 struct iw_range *range; 1569 struct iwreq iwr; 1570 int minlen; 1571 size_t buflen; 1572 1573 /* 1574 * Use larger buffer than struct iw_range in order to allow the 1575 * structure to grow in the future. 1576 */ 1577 buflen = sizeof(struct iw_range) + 500; 1578 range = os_zalloc(buflen); 1579 if (range == NULL) 1580 return -1; 1581 1582 os_memset(&iwr, 0, sizeof(iwr)); 1583 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1584 iwr.u.data.pointer = (caddr_t) range; 1585 iwr.u.data.length = buflen; 1586 1587 minlen = ((char *) &range->enc_capa) - (char *) range + 1588 sizeof(range->enc_capa); 1589 1590 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) { 1591 perror("ioctl[SIOCGIWRANGE]"); 1592 os_free(range); 1593 return -1; 1594 } else if (iwr.u.data.length >= minlen && 1595 range->we_version_compiled >= 18) { 1596 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d " 1597 "WE(source)=%d enc_capa=0x%x", 1598 range->we_version_compiled, 1599 range->we_version_source, 1600 range->enc_capa); 1601 drv->has_capability = 1; 1602 drv->we_version_compiled = range->we_version_compiled; 1603 if (range->enc_capa & IW_ENC_CAPA_WPA) { 1604 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA | 1605 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK; 1606 } 1607 if (range->enc_capa & IW_ENC_CAPA_WPA2) { 1608 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 1609 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 1610 } 1611 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 | 1612 WPA_DRIVER_CAPA_ENC_WEP104; 1613 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP) 1614 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; 1615 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP) 1616 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; 1617 if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE) 1618 drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE; 1619 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 1620 WPA_DRIVER_AUTH_SHARED | 1621 WPA_DRIVER_AUTH_LEAP; 1622 1623 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x " 1624 "flags 0x%x", 1625 drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags); 1626 } else { 1627 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - " 1628 "assuming WPA is not supported"); 1629 } 1630 1631 os_free(range); 1632 return 0; 1633 } 1634 1635 1636 static int wpa_driver_wext_set_wpa(void *priv, int enabled) 1637 { 1638 struct wpa_driver_wext_data *drv = priv; 1639 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1640 1641 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 1642 enabled); 1643 } 1644 1645 1646 static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv, 1647 const u8 *psk) 1648 { 1649 struct iw_encode_ext *ext; 1650 struct iwreq iwr; 1651 int ret; 1652 1653 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1654 1655 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) 1656 return 0; 1657 1658 if (!psk) 1659 return 0; 1660 1661 os_memset(&iwr, 0, sizeof(iwr)); 1662 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1663 1664 ext = os_zalloc(sizeof(*ext) + PMK_LEN); 1665 if (ext == NULL) 1666 return -1; 1667 1668 iwr.u.encoding.pointer = (caddr_t) ext; 1669 iwr.u.encoding.length = sizeof(*ext) + PMK_LEN; 1670 ext->key_len = PMK_LEN; 1671 os_memcpy(&ext->key, psk, ext->key_len); 1672 ext->alg = IW_ENCODE_ALG_PMK; 1673 1674 ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr); 1675 if (ret < 0) 1676 perror("ioctl[SIOCSIWENCODEEXT] PMK"); 1677 os_free(ext); 1678 1679 return ret; 1680 } 1681 1682 1683 static int wpa_driver_wext_set_key_ext(void *priv, wpa_alg alg, 1684 const u8 *addr, int key_idx, 1685 int set_tx, const u8 *seq, 1686 size_t seq_len, 1687 const u8 *key, size_t key_len) 1688 { 1689 struct wpa_driver_wext_data *drv = priv; 1690 struct iwreq iwr; 1691 int ret = 0; 1692 struct iw_encode_ext *ext; 1693 1694 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) { 1695 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu", 1696 __FUNCTION__, (unsigned long) seq_len); 1697 return -1; 1698 } 1699 1700 ext = os_zalloc(sizeof(*ext) + key_len); 1701 if (ext == NULL) 1702 return -1; 1703 os_memset(&iwr, 0, sizeof(iwr)); 1704 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1705 iwr.u.encoding.flags = key_idx + 1; 1706 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1707 if (alg == WPA_ALG_NONE) 1708 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 1709 iwr.u.encoding.pointer = (caddr_t) ext; 1710 iwr.u.encoding.length = sizeof(*ext) + key_len; 1711 1712 if (addr == NULL || 1713 os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0) 1714 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY; 1715 if (set_tx) 1716 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY; 1717 1718 ext->addr.sa_family = ARPHRD_ETHER; 1719 if (addr) 1720 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN); 1721 else 1722 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN); 1723 if (key && key_len) { 1724 os_memcpy(ext + 1, key, key_len); 1725 ext->key_len = key_len; 1726 } 1727 switch (alg) { 1728 case WPA_ALG_NONE: 1729 ext->alg = IW_ENCODE_ALG_NONE; 1730 break; 1731 case WPA_ALG_WEP: 1732 ext->alg = IW_ENCODE_ALG_WEP; 1733 break; 1734 case WPA_ALG_TKIP: 1735 ext->alg = IW_ENCODE_ALG_TKIP; 1736 break; 1737 case WPA_ALG_CCMP: 1738 ext->alg = IW_ENCODE_ALG_CCMP; 1739 break; 1740 case WPA_ALG_PMK: 1741 ext->alg = IW_ENCODE_ALG_PMK; 1742 break; 1743 #ifdef CONFIG_IEEE80211W 1744 case WPA_ALG_IGTK: 1745 ext->alg = IW_ENCODE_ALG_AES_CMAC; 1746 break; 1747 #endif /* CONFIG_IEEE80211W */ 1748 default: 1749 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d", 1750 __FUNCTION__, alg); 1751 os_free(ext); 1752 return -1; 1753 } 1754 1755 if (seq && seq_len) { 1756 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID; 1757 os_memcpy(ext->rx_seq, seq, seq_len); 1758 } 1759 1760 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) { 1761 ret = errno == EOPNOTSUPP ? -2 : -1; 1762 if (errno == ENODEV) { 1763 /* 1764 * ndiswrapper seems to be returning incorrect error 1765 * code.. */ 1766 ret = -2; 1767 } 1768 1769 perror("ioctl[SIOCSIWENCODEEXT]"); 1770 } 1771 1772 os_free(ext); 1773 return ret; 1774 } 1775 1776 1777 /** 1778 * wpa_driver_wext_set_key - Configure encryption key 1779 * @priv: Pointer to private wext data from wpa_driver_wext_init() 1780 * @priv: Private driver interface data 1781 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP, 1782 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key. 1783 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for 1784 * broadcast/default keys 1785 * @key_idx: key index (0..3), usually 0 for unicast keys 1786 * @set_tx: Configure this key as the default Tx key (only used when 1787 * driver does not support separate unicast/individual key 1788 * @seq: Sequence number/packet number, seq_len octets, the next 1789 * packet number to be used for in replay protection; configured 1790 * for Rx keys (in most cases, this is only used with broadcast 1791 * keys and set to zero for unicast keys) 1792 * @seq_len: Length of the seq, depends on the algorithm: 1793 * TKIP: 6 octets, CCMP: 6 octets 1794 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key, 1795 * 8-byte Rx Mic Key 1796 * @key_len: Length of the key buffer in octets (WEP: 5 or 13, 1797 * TKIP: 32, CCMP: 16) 1798 * Returns: 0 on success, -1 on failure 1799 * 1800 * This function uses SIOCSIWENCODEEXT by default, but tries to use 1801 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key. 1802 */ 1803 int wpa_driver_wext_set_key(void *priv, wpa_alg alg, 1804 const u8 *addr, int key_idx, 1805 int set_tx, const u8 *seq, size_t seq_len, 1806 const u8 *key, size_t key_len) 1807 { 1808 struct wpa_driver_wext_data *drv = priv; 1809 struct iwreq iwr; 1810 int ret = 0; 1811 1812 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu " 1813 "key_len=%lu", 1814 __FUNCTION__, alg, key_idx, set_tx, 1815 (unsigned long) seq_len, (unsigned long) key_len); 1816 1817 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx, 1818 seq, seq_len, key, key_len); 1819 if (ret == 0) 1820 return 0; 1821 1822 if (ret == -2 && 1823 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) { 1824 wpa_printf(MSG_DEBUG, "Driver did not support " 1825 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE"); 1826 ret = 0; 1827 } else { 1828 wpa_printf(MSG_DEBUG, "Driver did not support " 1829 "SIOCSIWENCODEEXT"); 1830 return ret; 1831 } 1832 1833 os_memset(&iwr, 0, sizeof(iwr)); 1834 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1835 iwr.u.encoding.flags = key_idx + 1; 1836 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1837 if (alg == WPA_ALG_NONE) 1838 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 1839 iwr.u.encoding.pointer = (caddr_t) key; 1840 iwr.u.encoding.length = key_len; 1841 1842 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 1843 perror("ioctl[SIOCSIWENCODE]"); 1844 ret = -1; 1845 } 1846 1847 if (set_tx && alg != WPA_ALG_NONE) { 1848 os_memset(&iwr, 0, sizeof(iwr)); 1849 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1850 iwr.u.encoding.flags = key_idx + 1; 1851 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1852 iwr.u.encoding.pointer = (caddr_t) NULL; 1853 iwr.u.encoding.length = 0; 1854 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 1855 perror("ioctl[SIOCSIWENCODE] (set_tx)"); 1856 ret = -1; 1857 } 1858 } 1859 1860 return ret; 1861 } 1862 1863 1864 static int wpa_driver_wext_set_countermeasures(void *priv, 1865 int enabled) 1866 { 1867 struct wpa_driver_wext_data *drv = priv; 1868 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1869 return wpa_driver_wext_set_auth_param(drv, 1870 IW_AUTH_TKIP_COUNTERMEASURES, 1871 enabled); 1872 } 1873 1874 1875 static int wpa_driver_wext_set_drop_unencrypted(void *priv, 1876 int enabled) 1877 { 1878 struct wpa_driver_wext_data *drv = priv; 1879 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1880 drv->use_crypt = enabled; 1881 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED, 1882 enabled); 1883 } 1884 1885 1886 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv, 1887 const u8 *addr, int cmd, int reason_code) 1888 { 1889 struct iwreq iwr; 1890 struct iw_mlme mlme; 1891 int ret = 0; 1892 1893 os_memset(&iwr, 0, sizeof(iwr)); 1894 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1895 os_memset(&mlme, 0, sizeof(mlme)); 1896 mlme.cmd = cmd; 1897 mlme.reason_code = reason_code; 1898 mlme.addr.sa_family = ARPHRD_ETHER; 1899 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN); 1900 iwr.u.data.pointer = (caddr_t) &mlme; 1901 iwr.u.data.length = sizeof(mlme); 1902 1903 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) { 1904 perror("ioctl[SIOCSIWMLME]"); 1905 ret = -1; 1906 } 1907 1908 return ret; 1909 } 1910 1911 1912 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv) 1913 { 1914 struct iwreq iwr; 1915 const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 }; 1916 u8 ssid[32]; 1917 int i; 1918 1919 /* 1920 * Only force-disconnect when the card is in infrastructure mode, 1921 * otherwise the driver might interpret the cleared BSSID and random 1922 * SSID as an attempt to create a new ad-hoc network. 1923 */ 1924 os_memset(&iwr, 0, sizeof(iwr)); 1925 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1926 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) { 1927 perror("ioctl[SIOCGIWMODE]"); 1928 iwr.u.mode = IW_MODE_INFRA; 1929 } 1930 1931 if (iwr.u.mode == IW_MODE_INFRA) { 1932 /* 1933 * Clear the BSSID selection and set a random SSID to make sure 1934 * the driver will not be trying to associate with something 1935 * even if it does not understand SIOCSIWMLME commands (or 1936 * tries to associate automatically after deauth/disassoc). 1937 */ 1938 wpa_driver_wext_set_bssid(drv, null_bssid); 1939 1940 for (i = 0; i < 32; i++) 1941 ssid[i] = rand() & 0xFF; 1942 wpa_driver_wext_set_ssid(drv, ssid, 32); 1943 } 1944 } 1945 1946 1947 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr, 1948 int reason_code) 1949 { 1950 struct wpa_driver_wext_data *drv = priv; 1951 int ret; 1952 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1953 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code); 1954 wpa_driver_wext_disconnect(drv); 1955 return ret; 1956 } 1957 1958 1959 static int wpa_driver_wext_disassociate(void *priv, const u8 *addr, 1960 int reason_code) 1961 { 1962 struct wpa_driver_wext_data *drv = priv; 1963 int ret; 1964 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1965 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC, reason_code); 1966 wpa_driver_wext_disconnect(drv); 1967 return ret; 1968 } 1969 1970 1971 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie, 1972 size_t ie_len) 1973 { 1974 struct wpa_driver_wext_data *drv = priv; 1975 struct iwreq iwr; 1976 int ret = 0; 1977 1978 os_memset(&iwr, 0, sizeof(iwr)); 1979 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1980 iwr.u.data.pointer = (caddr_t) ie; 1981 iwr.u.data.length = ie_len; 1982 1983 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) { 1984 perror("ioctl[SIOCSIWGENIE]"); 1985 ret = -1; 1986 } 1987 1988 return ret; 1989 } 1990 1991 1992 int wpa_driver_wext_cipher2wext(int cipher) 1993 { 1994 switch (cipher) { 1995 case CIPHER_NONE: 1996 return IW_AUTH_CIPHER_NONE; 1997 case CIPHER_WEP40: 1998 return IW_AUTH_CIPHER_WEP40; 1999 case CIPHER_TKIP: 2000 return IW_AUTH_CIPHER_TKIP; 2001 case CIPHER_CCMP: 2002 return IW_AUTH_CIPHER_CCMP; 2003 case CIPHER_WEP104: 2004 return IW_AUTH_CIPHER_WEP104; 2005 default: 2006 return 0; 2007 } 2008 } 2009 2010 2011 int wpa_driver_wext_keymgmt2wext(int keymgmt) 2012 { 2013 switch (keymgmt) { 2014 case KEY_MGMT_802_1X: 2015 case KEY_MGMT_802_1X_NO_WPA: 2016 return IW_AUTH_KEY_MGMT_802_1X; 2017 case KEY_MGMT_PSK: 2018 return IW_AUTH_KEY_MGMT_PSK; 2019 default: 2020 return 0; 2021 } 2022 } 2023 2024 2025 static int 2026 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv, 2027 struct wpa_driver_associate_params *params) 2028 { 2029 struct iwreq iwr; 2030 int ret = 0; 2031 2032 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support " 2033 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE"); 2034 2035 os_memset(&iwr, 0, sizeof(iwr)); 2036 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2037 /* Just changing mode, not actual keys */ 2038 iwr.u.encoding.flags = 0; 2039 iwr.u.encoding.pointer = (caddr_t) NULL; 2040 iwr.u.encoding.length = 0; 2041 2042 /* 2043 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two 2044 * different things. Here they are used to indicate Open System vs. 2045 * Shared Key authentication algorithm. However, some drivers may use 2046 * them to select between open/restricted WEP encrypted (open = allow 2047 * both unencrypted and encrypted frames; restricted = only allow 2048 * encrypted frames). 2049 */ 2050 2051 if (!drv->use_crypt) { 2052 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 2053 } else { 2054 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM) 2055 iwr.u.encoding.flags |= IW_ENCODE_OPEN; 2056 if (params->auth_alg & AUTH_ALG_SHARED_KEY) 2057 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED; 2058 } 2059 2060 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 2061 perror("ioctl[SIOCSIWENCODE]"); 2062 ret = -1; 2063 } 2064 2065 return ret; 2066 } 2067 2068 2069 int wpa_driver_wext_associate(void *priv, 2070 struct wpa_driver_associate_params *params) 2071 { 2072 struct wpa_driver_wext_data *drv = priv; 2073 int ret = 0; 2074 int allow_unencrypted_eapol; 2075 int value; 2076 2077 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 2078 2079 /* 2080 * If the driver did not support SIOCSIWAUTH, fallback to 2081 * SIOCSIWENCODE here. 2082 */ 2083 if (drv->auth_alg_fallback && 2084 wpa_driver_wext_auth_alg_fallback(drv, params) < 0) 2085 ret = -1; 2086 2087 if (!params->bssid && 2088 wpa_driver_wext_set_bssid(drv, NULL) < 0) 2089 ret = -1; 2090 2091 /* TODO: should consider getting wpa version and cipher/key_mgmt suites 2092 * from configuration, not from here, where only the selected suite is 2093 * available */ 2094 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len) 2095 < 0) 2096 ret = -1; 2097 if (params->wpa_ie == NULL || params->wpa_ie_len == 0) 2098 value = IW_AUTH_WPA_VERSION_DISABLED; 2099 else if (params->wpa_ie[0] == WLAN_EID_RSN) 2100 value = IW_AUTH_WPA_VERSION_WPA2; 2101 else 2102 value = IW_AUTH_WPA_VERSION_WPA; 2103 if (wpa_driver_wext_set_auth_param(drv, 2104 IW_AUTH_WPA_VERSION, value) < 0) 2105 ret = -1; 2106 value = wpa_driver_wext_cipher2wext(params->pairwise_suite); 2107 if (wpa_driver_wext_set_auth_param(drv, 2108 IW_AUTH_CIPHER_PAIRWISE, value) < 0) 2109 ret = -1; 2110 value = wpa_driver_wext_cipher2wext(params->group_suite); 2111 if (wpa_driver_wext_set_auth_param(drv, 2112 IW_AUTH_CIPHER_GROUP, value) < 0) 2113 ret = -1; 2114 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite); 2115 if (wpa_driver_wext_set_auth_param(drv, 2116 IW_AUTH_KEY_MGMT, value) < 0) 2117 ret = -1; 2118 value = params->key_mgmt_suite != KEY_MGMT_NONE || 2119 params->pairwise_suite != CIPHER_NONE || 2120 params->group_suite != CIPHER_NONE || 2121 params->wpa_ie_len; 2122 if (wpa_driver_wext_set_auth_param(drv, 2123 IW_AUTH_PRIVACY_INVOKED, value) < 0) 2124 ret = -1; 2125 2126 /* Allow unencrypted EAPOL messages even if pairwise keys are set when 2127 * not using WPA. IEEE 802.1X specifies that these frames are not 2128 * encrypted, but WPA encrypts them when pairwise keys are in use. */ 2129 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 2130 params->key_mgmt_suite == KEY_MGMT_PSK) 2131 allow_unencrypted_eapol = 0; 2132 else 2133 allow_unencrypted_eapol = 1; 2134 2135 if (wpa_driver_wext_set_psk(drv, params->psk) < 0) 2136 ret = -1; 2137 if (wpa_driver_wext_set_auth_param(drv, 2138 IW_AUTH_RX_UNENCRYPTED_EAPOL, 2139 allow_unencrypted_eapol) < 0) 2140 ret = -1; 2141 #ifdef CONFIG_IEEE80211W 2142 switch (params->mgmt_frame_protection) { 2143 case NO_MGMT_FRAME_PROTECTION: 2144 value = IW_AUTH_MFP_DISABLED; 2145 break; 2146 case MGMT_FRAME_PROTECTION_OPTIONAL: 2147 value = IW_AUTH_MFP_OPTIONAL; 2148 break; 2149 case MGMT_FRAME_PROTECTION_REQUIRED: 2150 value = IW_AUTH_MFP_REQUIRED; 2151 break; 2152 }; 2153 if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0) 2154 ret = -1; 2155 #endif /* CONFIG_IEEE80211W */ 2156 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0) 2157 ret = -1; 2158 if (wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0) 2159 ret = -1; 2160 if (params->bssid && 2161 wpa_driver_wext_set_bssid(drv, params->bssid) < 0) 2162 ret = -1; 2163 2164 return ret; 2165 } 2166 2167 2168 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg) 2169 { 2170 struct wpa_driver_wext_data *drv = priv; 2171 int algs = 0, res; 2172 2173 if (auth_alg & AUTH_ALG_OPEN_SYSTEM) 2174 algs |= IW_AUTH_ALG_OPEN_SYSTEM; 2175 if (auth_alg & AUTH_ALG_SHARED_KEY) 2176 algs |= IW_AUTH_ALG_SHARED_KEY; 2177 if (auth_alg & AUTH_ALG_LEAP) 2178 algs |= IW_AUTH_ALG_LEAP; 2179 if (algs == 0) { 2180 /* at least one algorithm should be set */ 2181 algs = IW_AUTH_ALG_OPEN_SYSTEM; 2182 } 2183 2184 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG, 2185 algs); 2186 drv->auth_alg_fallback = res == -2; 2187 return res; 2188 } 2189 2190 2191 /** 2192 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE 2193 * @priv: Pointer to private wext data from wpa_driver_wext_init() 2194 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS 2195 * Returns: 0 on success, -1 on failure 2196 */ 2197 int wpa_driver_wext_set_mode(void *priv, int mode) 2198 { 2199 struct wpa_driver_wext_data *drv = priv; 2200 struct iwreq iwr; 2201 int ret = -1, flags; 2202 unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA; 2203 2204 os_memset(&iwr, 0, sizeof(iwr)); 2205 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2206 iwr.u.mode = new_mode; 2207 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) { 2208 ret = 0; 2209 goto done; 2210 } 2211 2212 if (errno != EBUSY) { 2213 perror("ioctl[SIOCSIWMODE]"); 2214 goto done; 2215 } 2216 2217 /* mac80211 doesn't allow mode changes while the device is up, so if 2218 * the device isn't in the mode we're about to change to, take device 2219 * down, try to set the mode again, and bring it back up. 2220 */ 2221 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) { 2222 perror("ioctl[SIOCGIWMODE]"); 2223 goto done; 2224 } 2225 2226 if (iwr.u.mode == new_mode) { 2227 ret = 0; 2228 goto done; 2229 } 2230 2231 if (wpa_driver_wext_get_ifflags(drv, &flags) == 0) { 2232 (void) wpa_driver_wext_set_ifflags(drv, flags & ~IFF_UP); 2233 2234 /* Try to set the mode again while the interface is down */ 2235 iwr.u.mode = new_mode; 2236 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0) 2237 perror("ioctl[SIOCSIWMODE]"); 2238 else 2239 ret = 0; 2240 2241 /* Ignore return value of get_ifflags to ensure that the device 2242 * is always up like it was before this function was called. 2243 */ 2244 (void) wpa_driver_wext_get_ifflags(drv, &flags); 2245 (void) wpa_driver_wext_set_ifflags(drv, flags | IFF_UP); 2246 } 2247 2248 done: 2249 return ret; 2250 } 2251 2252 2253 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv, 2254 u32 cmd, const u8 *bssid, const u8 *pmkid) 2255 { 2256 struct iwreq iwr; 2257 struct iw_pmksa pmksa; 2258 int ret = 0; 2259 2260 os_memset(&iwr, 0, sizeof(iwr)); 2261 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2262 os_memset(&pmksa, 0, sizeof(pmksa)); 2263 pmksa.cmd = cmd; 2264 pmksa.bssid.sa_family = ARPHRD_ETHER; 2265 if (bssid) 2266 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN); 2267 if (pmkid) 2268 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN); 2269 iwr.u.data.pointer = (caddr_t) &pmksa; 2270 iwr.u.data.length = sizeof(pmksa); 2271 2272 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) { 2273 if (errno != EOPNOTSUPP) 2274 perror("ioctl[SIOCSIWPMKSA]"); 2275 ret = -1; 2276 } 2277 2278 return ret; 2279 } 2280 2281 2282 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid, 2283 const u8 *pmkid) 2284 { 2285 struct wpa_driver_wext_data *drv = priv; 2286 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid); 2287 } 2288 2289 2290 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid, 2291 const u8 *pmkid) 2292 { 2293 struct wpa_driver_wext_data *drv = priv; 2294 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid); 2295 } 2296 2297 2298 static int wpa_driver_wext_flush_pmkid(void *priv) 2299 { 2300 struct wpa_driver_wext_data *drv = priv; 2301 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL); 2302 } 2303 2304 2305 int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa) 2306 { 2307 struct wpa_driver_wext_data *drv = priv; 2308 if (!drv->has_capability) 2309 return -1; 2310 os_memcpy(capa, &drv->capa, sizeof(*capa)); 2311 return 0; 2312 } 2313 2314 2315 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv, 2316 const char *ifname) 2317 { 2318 if (ifname == NULL) { 2319 drv->ifindex2 = -1; 2320 return 0; 2321 } 2322 2323 drv->ifindex2 = if_nametoindex(ifname); 2324 if (drv->ifindex2 <= 0) 2325 return -1; 2326 2327 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for " 2328 "wireless events", drv->ifindex2, ifname); 2329 2330 return 0; 2331 } 2332 2333 2334 int wpa_driver_wext_set_operstate(void *priv, int state) 2335 { 2336 struct wpa_driver_wext_data *drv = priv; 2337 2338 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 2339 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 2340 drv->operstate = state; 2341 return wpa_driver_wext_send_oper_ifla( 2342 drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT); 2343 } 2344 2345 2346 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv) 2347 { 2348 return drv->we_version_compiled; 2349 } 2350 2351 2352 const struct wpa_driver_ops wpa_driver_wext_ops = { 2353 .name = "wext", 2354 .desc = "Linux wireless extensions (generic)", 2355 .get_bssid = wpa_driver_wext_get_bssid, 2356 .get_ssid = wpa_driver_wext_get_ssid, 2357 .set_wpa = wpa_driver_wext_set_wpa, 2358 .set_key = wpa_driver_wext_set_key, 2359 .set_countermeasures = wpa_driver_wext_set_countermeasures, 2360 .set_drop_unencrypted = wpa_driver_wext_set_drop_unencrypted, 2361 .scan = wpa_driver_wext_scan, 2362 .get_scan_results2 = wpa_driver_wext_get_scan_results, 2363 .deauthenticate = wpa_driver_wext_deauthenticate, 2364 .disassociate = wpa_driver_wext_disassociate, 2365 .set_mode = wpa_driver_wext_set_mode, 2366 .associate = wpa_driver_wext_associate, 2367 .set_auth_alg = wpa_driver_wext_set_auth_alg, 2368 .init = wpa_driver_wext_init, 2369 .deinit = wpa_driver_wext_deinit, 2370 .add_pmkid = wpa_driver_wext_add_pmkid, 2371 .remove_pmkid = wpa_driver_wext_remove_pmkid, 2372 .flush_pmkid = wpa_driver_wext_flush_pmkid, 2373 .get_capa = wpa_driver_wext_get_capa, 2374 .set_operstate = wpa_driver_wext_set_operstate, 2375 }; 2376