1 /* 2 * Driver interaction with generic Linux Wireless Extensions 3 * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 * 14 * This file implements a driver interface for the Linux Wireless Extensions. 15 * When used with WE-18 or newer, this interface can be used as-is with number 16 * of drivers. In addition to this, some of the common functions in this file 17 * can be used by other driver interface implementations that use generic WE 18 * ioctls, but require private ioctls for some of the functionality. 19 */ 20 21 #include "includes.h" 22 #include <sys/ioctl.h> 23 #include <sys/stat.h> 24 #include <net/if_arp.h> 25 26 #include "wireless_copy.h" 27 #include "common.h" 28 #include "eloop.h" 29 #include "common/ieee802_11_defs.h" 30 #include "common/wpa_common.h" 31 #include "priv_netlink.h" 32 #include "netlink.h" 33 #include "linux_ioctl.h" 34 #include "driver.h" 35 #include "driver_wext.h" 36 37 38 static int wpa_driver_wext_flush_pmkid(void *priv); 39 static int wpa_driver_wext_get_range(void *priv); 40 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv); 41 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv); 42 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg); 43 44 45 int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv, 46 int idx, u32 value) 47 { 48 struct iwreq iwr; 49 int ret = 0; 50 51 os_memset(&iwr, 0, sizeof(iwr)); 52 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 53 iwr.u.param.flags = idx & IW_AUTH_INDEX; 54 iwr.u.param.value = value; 55 56 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) { 57 if (errno != EOPNOTSUPP) { 58 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d " 59 "value 0x%x) failed: %s)", 60 idx, value, strerror(errno)); 61 } 62 ret = errno == EOPNOTSUPP ? -2 : -1; 63 } 64 65 return ret; 66 } 67 68 69 /** 70 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP 71 * @priv: Pointer to private wext data from wpa_driver_wext_init() 72 * @bssid: Buffer for BSSID 73 * Returns: 0 on success, -1 on failure 74 */ 75 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid) 76 { 77 struct wpa_driver_wext_data *drv = priv; 78 struct iwreq iwr; 79 int ret = 0; 80 81 os_memset(&iwr, 0, sizeof(iwr)); 82 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 83 84 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) { 85 perror("ioctl[SIOCGIWAP]"); 86 ret = -1; 87 } 88 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN); 89 90 return ret; 91 } 92 93 94 /** 95 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP 96 * @priv: Pointer to private wext data from wpa_driver_wext_init() 97 * @bssid: BSSID 98 * Returns: 0 on success, -1 on failure 99 */ 100 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid) 101 { 102 struct wpa_driver_wext_data *drv = priv; 103 struct iwreq iwr; 104 int ret = 0; 105 106 os_memset(&iwr, 0, sizeof(iwr)); 107 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 108 iwr.u.ap_addr.sa_family = ARPHRD_ETHER; 109 if (bssid) 110 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN); 111 else 112 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN); 113 114 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) { 115 perror("ioctl[SIOCSIWAP]"); 116 ret = -1; 117 } 118 119 return ret; 120 } 121 122 123 /** 124 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID 125 * @priv: Pointer to private wext data from wpa_driver_wext_init() 126 * @ssid: Buffer for the SSID; must be at least 32 bytes long 127 * Returns: SSID length on success, -1 on failure 128 */ 129 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid) 130 { 131 struct wpa_driver_wext_data *drv = priv; 132 struct iwreq iwr; 133 int ret = 0; 134 135 os_memset(&iwr, 0, sizeof(iwr)); 136 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 137 iwr.u.essid.pointer = (caddr_t) ssid; 138 iwr.u.essid.length = 32; 139 140 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) { 141 perror("ioctl[SIOCGIWESSID]"); 142 ret = -1; 143 } else { 144 ret = iwr.u.essid.length; 145 if (ret > 32) 146 ret = 32; 147 /* Some drivers include nul termination in the SSID, so let's 148 * remove it here before further processing. WE-21 changes this 149 * to explicitly require the length _not_ to include nul 150 * termination. */ 151 if (ret > 0 && ssid[ret - 1] == '\0' && 152 drv->we_version_compiled < 21) 153 ret--; 154 } 155 156 return ret; 157 } 158 159 160 /** 161 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID 162 * @priv: Pointer to private wext data from wpa_driver_wext_init() 163 * @ssid: SSID 164 * @ssid_len: Length of SSID (0..32) 165 * Returns: 0 on success, -1 on failure 166 */ 167 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len) 168 { 169 struct wpa_driver_wext_data *drv = priv; 170 struct iwreq iwr; 171 int ret = 0; 172 char buf[33]; 173 174 if (ssid_len > 32) 175 return -1; 176 177 os_memset(&iwr, 0, sizeof(iwr)); 178 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 179 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */ 180 iwr.u.essid.flags = (ssid_len != 0); 181 os_memset(buf, 0, sizeof(buf)); 182 os_memcpy(buf, ssid, ssid_len); 183 iwr.u.essid.pointer = (caddr_t) buf; 184 if (drv->we_version_compiled < 21) { 185 /* For historic reasons, set SSID length to include one extra 186 * character, C string nul termination, even though SSID is 187 * really an octet string that should not be presented as a C 188 * string. Some Linux drivers decrement the length by one and 189 * can thus end up missing the last octet of the SSID if the 190 * length is not incremented here. WE-21 changes this to 191 * explicitly require the length _not_ to include nul 192 * termination. */ 193 if (ssid_len) 194 ssid_len++; 195 } 196 iwr.u.essid.length = ssid_len; 197 198 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) { 199 perror("ioctl[SIOCSIWESSID]"); 200 ret = -1; 201 } 202 203 return ret; 204 } 205 206 207 /** 208 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ 209 * @priv: Pointer to private wext data from wpa_driver_wext_init() 210 * @freq: Frequency in MHz 211 * Returns: 0 on success, -1 on failure 212 */ 213 int wpa_driver_wext_set_freq(void *priv, int freq) 214 { 215 struct wpa_driver_wext_data *drv = priv; 216 struct iwreq iwr; 217 int ret = 0; 218 219 os_memset(&iwr, 0, sizeof(iwr)); 220 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 221 iwr.u.freq.m = freq * 100000; 222 iwr.u.freq.e = 1; 223 224 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) { 225 perror("ioctl[SIOCSIWFREQ]"); 226 ret = -1; 227 } 228 229 return ret; 230 } 231 232 233 static void 234 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom) 235 { 236 union wpa_event_data data; 237 238 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'", 239 custom); 240 241 os_memset(&data, 0, sizeof(data)); 242 /* Host AP driver */ 243 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) { 244 data.michael_mic_failure.unicast = 245 os_strstr(custom, " unicast ") != NULL; 246 /* TODO: parse parameters(?) */ 247 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 248 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) { 249 char *spos; 250 int bytes; 251 u8 *req_ies = NULL, *resp_ies = NULL; 252 253 spos = custom + 17; 254 255 bytes = strspn(spos, "0123456789abcdefABCDEF"); 256 if (!bytes || (bytes & 1)) 257 return; 258 bytes /= 2; 259 260 req_ies = os_malloc(bytes); 261 if (req_ies == NULL || 262 hexstr2bin(spos, req_ies, bytes) < 0) 263 goto done; 264 data.assoc_info.req_ies = req_ies; 265 data.assoc_info.req_ies_len = bytes; 266 267 spos += bytes * 2; 268 269 data.assoc_info.resp_ies = NULL; 270 data.assoc_info.resp_ies_len = 0; 271 272 if (os_strncmp(spos, " RespIEs=", 9) == 0) { 273 spos += 9; 274 275 bytes = strspn(spos, "0123456789abcdefABCDEF"); 276 if (!bytes || (bytes & 1)) 277 goto done; 278 bytes /= 2; 279 280 resp_ies = os_malloc(bytes); 281 if (resp_ies == NULL || 282 hexstr2bin(spos, resp_ies, bytes) < 0) 283 goto done; 284 data.assoc_info.resp_ies = resp_ies; 285 data.assoc_info.resp_ies_len = bytes; 286 } 287 288 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data); 289 290 done: 291 os_free(resp_ies); 292 os_free(req_ies); 293 #ifdef CONFIG_PEERKEY 294 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) { 295 if (hwaddr_aton(custom + 17, data.stkstart.peer)) { 296 wpa_printf(MSG_DEBUG, "WEXT: unrecognized " 297 "STKSTART.request '%s'", custom + 17); 298 return; 299 } 300 wpa_supplicant_event(ctx, EVENT_STKSTART, &data); 301 #endif /* CONFIG_PEERKEY */ 302 } 303 } 304 305 306 static int wpa_driver_wext_event_wireless_michaelmicfailure( 307 void *ctx, const char *ev, size_t len) 308 { 309 const struct iw_michaelmicfailure *mic; 310 union wpa_event_data data; 311 312 if (len < sizeof(*mic)) 313 return -1; 314 315 mic = (const struct iw_michaelmicfailure *) ev; 316 317 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: " 318 "flags=0x%x src_addr=" MACSTR, mic->flags, 319 MAC2STR(mic->src_addr.sa_data)); 320 321 os_memset(&data, 0, sizeof(data)); 322 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP); 323 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 324 325 return 0; 326 } 327 328 329 static int wpa_driver_wext_event_wireless_pmkidcand( 330 struct wpa_driver_wext_data *drv, const char *ev, size_t len) 331 { 332 const struct iw_pmkid_cand *cand; 333 union wpa_event_data data; 334 const u8 *addr; 335 336 if (len < sizeof(*cand)) 337 return -1; 338 339 cand = (const struct iw_pmkid_cand *) ev; 340 addr = (const u8 *) cand->bssid.sa_data; 341 342 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: " 343 "flags=0x%x index=%d bssid=" MACSTR, cand->flags, 344 cand->index, MAC2STR(addr)); 345 346 os_memset(&data, 0, sizeof(data)); 347 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN); 348 data.pmkid_candidate.index = cand->index; 349 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH; 350 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 351 352 return 0; 353 } 354 355 356 static int wpa_driver_wext_event_wireless_assocreqie( 357 struct wpa_driver_wext_data *drv, const char *ev, int len) 358 { 359 if (len < 0) 360 return -1; 361 362 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev, 363 len); 364 os_free(drv->assoc_req_ies); 365 drv->assoc_req_ies = os_malloc(len); 366 if (drv->assoc_req_ies == NULL) { 367 drv->assoc_req_ies_len = 0; 368 return -1; 369 } 370 os_memcpy(drv->assoc_req_ies, ev, len); 371 drv->assoc_req_ies_len = len; 372 373 return 0; 374 } 375 376 377 static int wpa_driver_wext_event_wireless_assocrespie( 378 struct wpa_driver_wext_data *drv, const char *ev, int len) 379 { 380 if (len < 0) 381 return -1; 382 383 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev, 384 len); 385 os_free(drv->assoc_resp_ies); 386 drv->assoc_resp_ies = os_malloc(len); 387 if (drv->assoc_resp_ies == NULL) { 388 drv->assoc_resp_ies_len = 0; 389 return -1; 390 } 391 os_memcpy(drv->assoc_resp_ies, ev, len); 392 drv->assoc_resp_ies_len = len; 393 394 return 0; 395 } 396 397 398 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv) 399 { 400 union wpa_event_data data; 401 402 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL) 403 return; 404 405 os_memset(&data, 0, sizeof(data)); 406 if (drv->assoc_req_ies) { 407 data.assoc_info.req_ies = drv->assoc_req_ies; 408 data.assoc_info.req_ies_len = drv->assoc_req_ies_len; 409 } 410 if (drv->assoc_resp_ies) { 411 data.assoc_info.resp_ies = drv->assoc_resp_ies; 412 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len; 413 } 414 415 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data); 416 417 os_free(drv->assoc_req_ies); 418 drv->assoc_req_ies = NULL; 419 os_free(drv->assoc_resp_ies); 420 drv->assoc_resp_ies = NULL; 421 } 422 423 424 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv, 425 char *data, int len) 426 { 427 struct iw_event iwe_buf, *iwe = &iwe_buf; 428 char *pos, *end, *custom, *buf; 429 430 pos = data; 431 end = data + len; 432 433 while (pos + IW_EV_LCP_LEN <= end) { 434 /* Event data may be unaligned, so make a local, aligned copy 435 * before processing. */ 436 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN); 437 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d", 438 iwe->cmd, iwe->len); 439 if (iwe->len <= IW_EV_LCP_LEN) 440 return; 441 442 custom = pos + IW_EV_POINT_LEN; 443 if (drv->we_version_compiled > 18 && 444 (iwe->cmd == IWEVMICHAELMICFAILURE || 445 iwe->cmd == IWEVCUSTOM || 446 iwe->cmd == IWEVASSOCREQIE || 447 iwe->cmd == IWEVASSOCRESPIE || 448 iwe->cmd == IWEVPMKIDCAND)) { 449 /* WE-19 removed the pointer from struct iw_point */ 450 char *dpos = (char *) &iwe_buf.u.data.length; 451 int dlen = dpos - (char *) &iwe_buf; 452 os_memcpy(dpos, pos + IW_EV_LCP_LEN, 453 sizeof(struct iw_event) - dlen); 454 } else { 455 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event)); 456 custom += IW_EV_POINT_OFF; 457 } 458 459 switch (iwe->cmd) { 460 case SIOCGIWAP: 461 wpa_printf(MSG_DEBUG, "Wireless event: new AP: " 462 MACSTR, 463 MAC2STR((u8 *) iwe->u.ap_addr.sa_data)); 464 if (is_zero_ether_addr( 465 (const u8 *) iwe->u.ap_addr.sa_data) || 466 os_memcmp(iwe->u.ap_addr.sa_data, 467 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) == 468 0) { 469 os_free(drv->assoc_req_ies); 470 drv->assoc_req_ies = NULL; 471 os_free(drv->assoc_resp_ies); 472 drv->assoc_resp_ies = NULL; 473 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, 474 NULL); 475 476 } else { 477 wpa_driver_wext_event_assoc_ies(drv); 478 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, 479 NULL); 480 } 481 break; 482 case IWEVMICHAELMICFAILURE: 483 if (custom + iwe->u.data.length > end) { 484 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 485 "IWEVMICHAELMICFAILURE length"); 486 return; 487 } 488 wpa_driver_wext_event_wireless_michaelmicfailure( 489 drv->ctx, custom, iwe->u.data.length); 490 break; 491 case IWEVCUSTOM: 492 if (custom + iwe->u.data.length > end) { 493 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 494 "IWEVCUSTOM length"); 495 return; 496 } 497 buf = os_malloc(iwe->u.data.length + 1); 498 if (buf == NULL) 499 return; 500 os_memcpy(buf, custom, iwe->u.data.length); 501 buf[iwe->u.data.length] = '\0'; 502 wpa_driver_wext_event_wireless_custom(drv->ctx, buf); 503 os_free(buf); 504 break; 505 case SIOCGIWSCAN: 506 drv->scan_complete_events = 1; 507 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, 508 drv, drv->ctx); 509 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, 510 NULL); 511 break; 512 case IWEVASSOCREQIE: 513 if (custom + iwe->u.data.length > end) { 514 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 515 "IWEVASSOCREQIE length"); 516 return; 517 } 518 wpa_driver_wext_event_wireless_assocreqie( 519 drv, custom, iwe->u.data.length); 520 break; 521 case IWEVASSOCRESPIE: 522 if (custom + iwe->u.data.length > end) { 523 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 524 "IWEVASSOCRESPIE length"); 525 return; 526 } 527 wpa_driver_wext_event_wireless_assocrespie( 528 drv, custom, iwe->u.data.length); 529 break; 530 case IWEVPMKIDCAND: 531 if (custom + iwe->u.data.length > end) { 532 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 533 "IWEVPMKIDCAND length"); 534 return; 535 } 536 wpa_driver_wext_event_wireless_pmkidcand( 537 drv, custom, iwe->u.data.length); 538 break; 539 } 540 541 pos += iwe->len; 542 } 543 } 544 545 546 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv, 547 char *buf, size_t len, int del) 548 { 549 union wpa_event_data event; 550 551 os_memset(&event, 0, sizeof(event)); 552 if (len > sizeof(event.interface_status.ifname)) 553 len = sizeof(event.interface_status.ifname) - 1; 554 os_memcpy(event.interface_status.ifname, buf, len); 555 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 556 EVENT_INTERFACE_ADDED; 557 558 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 559 del ? "DEL" : "NEW", 560 event.interface_status.ifname, 561 del ? "removed" : "added"); 562 563 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) { 564 if (del) 565 drv->if_removed = 1; 566 else 567 drv->if_removed = 0; 568 } 569 570 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 571 } 572 573 574 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv, 575 u8 *buf, size_t len) 576 { 577 int attrlen, rta_len; 578 struct rtattr *attr; 579 580 attrlen = len; 581 attr = (struct rtattr *) buf; 582 583 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 584 while (RTA_OK(attr, attrlen)) { 585 if (attr->rta_type == IFLA_IFNAME) { 586 if (os_strcmp(((char *) attr) + rta_len, drv->ifname) 587 == 0) 588 return 1; 589 else 590 break; 591 } 592 attr = RTA_NEXT(attr, attrlen); 593 } 594 595 return 0; 596 } 597 598 599 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv, 600 int ifindex, u8 *buf, size_t len) 601 { 602 if (drv->ifindex == ifindex || drv->ifindex2 == ifindex) 603 return 1; 604 605 if (drv->if_removed && wpa_driver_wext_own_ifname(drv, buf, len)) { 606 drv->ifindex = if_nametoindex(drv->ifname); 607 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed " 608 "interface"); 609 wpa_driver_wext_finish_drv_init(drv); 610 return 1; 611 } 612 613 return 0; 614 } 615 616 617 static void wpa_driver_wext_event_rtm_newlink(void *ctx, struct ifinfomsg *ifi, 618 u8 *buf, size_t len) 619 { 620 struct wpa_driver_wext_data *drv = ctx; 621 int attrlen, rta_len; 622 struct rtattr *attr; 623 624 if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, buf, len)) { 625 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d", 626 ifi->ifi_index); 627 return; 628 } 629 630 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 631 "(%s%s%s%s)", 632 drv->operstate, ifi->ifi_flags, 633 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 634 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 635 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 636 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 637 /* 638 * Some drivers send the association event before the operup event--in 639 * this case, lifting operstate in wpa_driver_wext_set_operstate() 640 * fails. This will hit us when wpa_supplicant does not need to do 641 * IEEE 802.1X authentication 642 */ 643 if (drv->operstate == 1 && 644 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 645 !(ifi->ifi_flags & IFF_RUNNING)) 646 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 647 -1, IF_OPER_UP); 648 649 attrlen = len; 650 attr = (struct rtattr *) buf; 651 652 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 653 while (RTA_OK(attr, attrlen)) { 654 if (attr->rta_type == IFLA_WIRELESS) { 655 wpa_driver_wext_event_wireless( 656 drv, ((char *) attr) + rta_len, 657 attr->rta_len - rta_len); 658 } else if (attr->rta_type == IFLA_IFNAME) { 659 wpa_driver_wext_event_link(drv, 660 ((char *) attr) + rta_len, 661 attr->rta_len - rta_len, 0); 662 } 663 attr = RTA_NEXT(attr, attrlen); 664 } 665 } 666 667 668 static void wpa_driver_wext_event_rtm_dellink(void *ctx, struct ifinfomsg *ifi, 669 u8 *buf, size_t len) 670 { 671 struct wpa_driver_wext_data *drv = ctx; 672 int attrlen, rta_len; 673 struct rtattr *attr; 674 675 attrlen = len; 676 attr = (struct rtattr *) buf; 677 678 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 679 while (RTA_OK(attr, attrlen)) { 680 if (attr->rta_type == IFLA_IFNAME) { 681 wpa_driver_wext_event_link(drv, 682 ((char *) attr) + rta_len, 683 attr->rta_len - rta_len, 1); 684 } 685 attr = RTA_NEXT(attr, attrlen); 686 } 687 } 688 689 690 /** 691 * wpa_driver_wext_init - Initialize WE driver interface 692 * @ctx: context to be used when calling wpa_supplicant functions, 693 * e.g., wpa_supplicant_event() 694 * @ifname: interface name, e.g., wlan0 695 * Returns: Pointer to private data, %NULL on failure 696 */ 697 void * wpa_driver_wext_init(void *ctx, const char *ifname) 698 { 699 struct wpa_driver_wext_data *drv; 700 struct netlink_config *cfg; 701 char path[128]; 702 struct stat buf; 703 704 drv = os_zalloc(sizeof(*drv)); 705 if (drv == NULL) 706 return NULL; 707 drv->ctx = ctx; 708 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname)); 709 710 os_snprintf(path, sizeof(path), "/sys/class/net/%s/phy80211", ifname); 711 if (stat(path, &buf) == 0) { 712 wpa_printf(MSG_DEBUG, "WEXT: cfg80211-based driver detected"); 713 drv->cfg80211 = 1; 714 } 715 716 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 717 if (drv->ioctl_sock < 0) { 718 perror("socket(PF_INET,SOCK_DGRAM)"); 719 goto err1; 720 } 721 722 cfg = os_zalloc(sizeof(*cfg)); 723 if (cfg == NULL) 724 goto err1; 725 cfg->ctx = drv; 726 cfg->newlink_cb = wpa_driver_wext_event_rtm_newlink; 727 cfg->dellink_cb = wpa_driver_wext_event_rtm_dellink; 728 drv->netlink = netlink_init(cfg); 729 if (drv->netlink == NULL) { 730 os_free(cfg); 731 goto err2; 732 } 733 734 drv->mlme_sock = -1; 735 736 if (wpa_driver_wext_finish_drv_init(drv) < 0) 737 goto err3; 738 739 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 1); 740 741 return drv; 742 743 err3: 744 netlink_deinit(drv->netlink); 745 err2: 746 close(drv->ioctl_sock); 747 err1: 748 os_free(drv); 749 return NULL; 750 } 751 752 753 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv) 754 { 755 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1) < 0) 756 return -1; 757 758 /* 759 * Make sure that the driver does not have any obsolete PMKID entries. 760 */ 761 wpa_driver_wext_flush_pmkid(drv); 762 763 if (wpa_driver_wext_set_mode(drv, 0) < 0) { 764 wpa_printf(MSG_DEBUG, "Could not configure driver to use " 765 "managed mode"); 766 /* Try to use it anyway */ 767 } 768 769 wpa_driver_wext_get_range(drv); 770 771 /* 772 * Unlock the driver's BSSID and force to a random SSID to clear any 773 * previous association the driver might have when the supplicant 774 * starts up. 775 */ 776 wpa_driver_wext_disconnect(drv); 777 778 drv->ifindex = if_nametoindex(drv->ifname); 779 780 if (os_strncmp(drv->ifname, "wlan", 4) == 0) { 781 /* 782 * Host AP driver may use both wlan# and wifi# interface in 783 * wireless events. Since some of the versions included WE-18 784 * support, let's add the alternative ifindex also from 785 * driver_wext.c for the time being. This may be removed at 786 * some point once it is believed that old versions of the 787 * driver are not in use anymore. 788 */ 789 char ifname2[IFNAMSIZ + 1]; 790 os_strlcpy(ifname2, drv->ifname, sizeof(ifname2)); 791 os_memcpy(ifname2, "wifi", 4); 792 wpa_driver_wext_alternative_ifindex(drv, ifname2); 793 } 794 795 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 796 1, IF_OPER_DORMANT); 797 798 return 0; 799 } 800 801 802 /** 803 * wpa_driver_wext_deinit - Deinitialize WE driver interface 804 * @priv: Pointer to private wext data from wpa_driver_wext_init() 805 * 806 * Shut down driver interface and processing of driver events. Free 807 * private data buffer if one was allocated in wpa_driver_wext_init(). 808 */ 809 void wpa_driver_wext_deinit(void *priv) 810 { 811 struct wpa_driver_wext_data *drv = priv; 812 813 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 0); 814 815 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx); 816 817 /* 818 * Clear possibly configured driver parameters in order to make it 819 * easier to use the driver after wpa_supplicant has been terminated. 820 */ 821 wpa_driver_wext_disconnect(drv); 822 823 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP); 824 netlink_deinit(drv->netlink); 825 826 if (drv->mlme_sock >= 0) 827 eloop_unregister_read_sock(drv->mlme_sock); 828 829 (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0); 830 831 close(drv->ioctl_sock); 832 if (drv->mlme_sock >= 0) 833 close(drv->mlme_sock); 834 os_free(drv->assoc_req_ies); 835 os_free(drv->assoc_resp_ies); 836 os_free(drv); 837 } 838 839 840 /** 841 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion 842 * @eloop_ctx: Unused 843 * @timeout_ctx: ctx argument given to wpa_driver_wext_init() 844 * 845 * This function can be used as registered timeout when starting a scan to 846 * generate a scan completed event if the driver does not report this. 847 */ 848 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx) 849 { 850 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 851 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 852 } 853 854 855 /** 856 * wpa_driver_wext_scan - Request the driver to initiate scan 857 * @priv: Pointer to private wext data from wpa_driver_wext_init() 858 * @param: Scan parameters (specific SSID to scan for (ProbeReq), etc.) 859 * Returns: 0 on success, -1 on failure 860 */ 861 int wpa_driver_wext_scan(void *priv, struct wpa_driver_scan_params *params) 862 { 863 struct wpa_driver_wext_data *drv = priv; 864 struct iwreq iwr; 865 int ret = 0, timeout; 866 struct iw_scan_req req; 867 const u8 *ssid = params->ssids[0].ssid; 868 size_t ssid_len = params->ssids[0].ssid_len; 869 870 if (ssid_len > IW_ESSID_MAX_SIZE) { 871 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)", 872 __FUNCTION__, (unsigned long) ssid_len); 873 return -1; 874 } 875 876 os_memset(&iwr, 0, sizeof(iwr)); 877 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 878 879 if (ssid && ssid_len) { 880 os_memset(&req, 0, sizeof(req)); 881 req.essid_len = ssid_len; 882 req.bssid.sa_family = ARPHRD_ETHER; 883 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN); 884 os_memcpy(req.essid, ssid, ssid_len); 885 iwr.u.data.pointer = (caddr_t) &req; 886 iwr.u.data.length = sizeof(req); 887 iwr.u.data.flags = IW_SCAN_THIS_ESSID; 888 } 889 890 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) { 891 perror("ioctl[SIOCSIWSCAN]"); 892 ret = -1; 893 } 894 895 /* Not all drivers generate "scan completed" wireless event, so try to 896 * read results after a timeout. */ 897 timeout = 5; 898 if (drv->scan_complete_events) { 899 /* 900 * The driver seems to deliver SIOCGIWSCAN events to notify 901 * when scan is complete, so use longer timeout to avoid race 902 * conditions with scanning and following association request. 903 */ 904 timeout = 30; 905 } 906 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 907 "seconds", ret, timeout); 908 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx); 909 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv, 910 drv->ctx); 911 912 return ret; 913 } 914 915 916 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv, 917 size_t *len) 918 { 919 struct iwreq iwr; 920 u8 *res_buf; 921 size_t res_buf_len; 922 923 res_buf_len = IW_SCAN_MAX_DATA; 924 for (;;) { 925 res_buf = os_malloc(res_buf_len); 926 if (res_buf == NULL) 927 return NULL; 928 os_memset(&iwr, 0, sizeof(iwr)); 929 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 930 iwr.u.data.pointer = res_buf; 931 iwr.u.data.length = res_buf_len; 932 933 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0) 934 break; 935 936 if (errno == E2BIG && res_buf_len < 65535) { 937 os_free(res_buf); 938 res_buf = NULL; 939 res_buf_len *= 2; 940 if (res_buf_len > 65535) 941 res_buf_len = 65535; /* 16-bit length field */ 942 wpa_printf(MSG_DEBUG, "Scan results did not fit - " 943 "trying larger buffer (%lu bytes)", 944 (unsigned long) res_buf_len); 945 } else { 946 perror("ioctl[SIOCGIWSCAN]"); 947 os_free(res_buf); 948 return NULL; 949 } 950 } 951 952 if (iwr.u.data.length > res_buf_len) { 953 os_free(res_buf); 954 return NULL; 955 } 956 *len = iwr.u.data.length; 957 958 return res_buf; 959 } 960 961 962 /* 963 * Data structure for collecting WEXT scan results. This is needed to allow 964 * the various methods of reporting IEs to be combined into a single IE buffer. 965 */ 966 struct wext_scan_data { 967 struct wpa_scan_res res; 968 u8 *ie; 969 size_t ie_len; 970 u8 ssid[32]; 971 size_t ssid_len; 972 int maxrate; 973 }; 974 975 976 static void wext_get_scan_mode(struct iw_event *iwe, 977 struct wext_scan_data *res) 978 { 979 if (iwe->u.mode == IW_MODE_ADHOC) 980 res->res.caps |= IEEE80211_CAP_IBSS; 981 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA) 982 res->res.caps |= IEEE80211_CAP_ESS; 983 } 984 985 986 static void wext_get_scan_ssid(struct iw_event *iwe, 987 struct wext_scan_data *res, char *custom, 988 char *end) 989 { 990 int ssid_len = iwe->u.essid.length; 991 if (custom + ssid_len > end) 992 return; 993 if (iwe->u.essid.flags && 994 ssid_len > 0 && 995 ssid_len <= IW_ESSID_MAX_SIZE) { 996 os_memcpy(res->ssid, custom, ssid_len); 997 res->ssid_len = ssid_len; 998 } 999 } 1000 1001 1002 static void wext_get_scan_freq(struct iw_event *iwe, 1003 struct wext_scan_data *res) 1004 { 1005 int divi = 1000000, i; 1006 1007 if (iwe->u.freq.e == 0) { 1008 /* 1009 * Some drivers do not report frequency, but a channel. 1010 * Try to map this to frequency by assuming they are using 1011 * IEEE 802.11b/g. But don't overwrite a previously parsed 1012 * frequency if the driver sends both frequency and channel, 1013 * since the driver may be sending an A-band channel that we 1014 * don't handle here. 1015 */ 1016 1017 if (res->res.freq) 1018 return; 1019 1020 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) { 1021 res->res.freq = 2407 + 5 * iwe->u.freq.m; 1022 return; 1023 } else if (iwe->u.freq.m == 14) { 1024 res->res.freq = 2484; 1025 return; 1026 } 1027 } 1028 1029 if (iwe->u.freq.e > 6) { 1030 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID=" 1031 MACSTR " m=%d e=%d)", 1032 MAC2STR(res->res.bssid), iwe->u.freq.m, 1033 iwe->u.freq.e); 1034 return; 1035 } 1036 1037 for (i = 0; i < iwe->u.freq.e; i++) 1038 divi /= 10; 1039 res->res.freq = iwe->u.freq.m / divi; 1040 } 1041 1042 1043 static void wext_get_scan_qual(struct iw_event *iwe, 1044 struct wext_scan_data *res) 1045 { 1046 res->res.qual = iwe->u.qual.qual; 1047 res->res.noise = iwe->u.qual.noise; 1048 res->res.level = iwe->u.qual.level; 1049 if (iwe->u.qual.updated & IW_QUAL_QUAL_INVALID) 1050 res->res.flags |= WPA_SCAN_QUAL_INVALID; 1051 if (iwe->u.qual.updated & IW_QUAL_LEVEL_INVALID) 1052 res->res.flags |= WPA_SCAN_LEVEL_INVALID; 1053 if (iwe->u.qual.updated & IW_QUAL_NOISE_INVALID) 1054 res->res.flags |= WPA_SCAN_NOISE_INVALID; 1055 if (iwe->u.qual.updated & IW_QUAL_DBM) 1056 res->res.flags |= WPA_SCAN_LEVEL_DBM; 1057 } 1058 1059 1060 static void wext_get_scan_encode(struct iw_event *iwe, 1061 struct wext_scan_data *res) 1062 { 1063 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED)) 1064 res->res.caps |= IEEE80211_CAP_PRIVACY; 1065 } 1066 1067 1068 static void wext_get_scan_rate(struct iw_event *iwe, 1069 struct wext_scan_data *res, char *pos, 1070 char *end) 1071 { 1072 int maxrate; 1073 char *custom = pos + IW_EV_LCP_LEN; 1074 struct iw_param p; 1075 size_t clen; 1076 1077 clen = iwe->len; 1078 if (custom + clen > end) 1079 return; 1080 maxrate = 0; 1081 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) { 1082 /* Note: may be misaligned, make a local, aligned copy */ 1083 os_memcpy(&p, custom, sizeof(struct iw_param)); 1084 if (p.value > maxrate) 1085 maxrate = p.value; 1086 clen -= sizeof(struct iw_param); 1087 custom += sizeof(struct iw_param); 1088 } 1089 1090 /* Convert the maxrate from WE-style (b/s units) to 1091 * 802.11 rates (500000 b/s units). 1092 */ 1093 res->maxrate = maxrate / 500000; 1094 } 1095 1096 1097 static void wext_get_scan_iwevgenie(struct iw_event *iwe, 1098 struct wext_scan_data *res, char *custom, 1099 char *end) 1100 { 1101 char *genie, *gpos, *gend; 1102 u8 *tmp; 1103 1104 if (iwe->u.data.length == 0) 1105 return; 1106 1107 gpos = genie = custom; 1108 gend = genie + iwe->u.data.length; 1109 if (gend > end) { 1110 wpa_printf(MSG_INFO, "IWEVGENIE overflow"); 1111 return; 1112 } 1113 1114 tmp = os_realloc(res->ie, res->ie_len + gend - gpos); 1115 if (tmp == NULL) 1116 return; 1117 os_memcpy(tmp + res->ie_len, gpos, gend - gpos); 1118 res->ie = tmp; 1119 res->ie_len += gend - gpos; 1120 } 1121 1122 1123 static void wext_get_scan_custom(struct iw_event *iwe, 1124 struct wext_scan_data *res, char *custom, 1125 char *end) 1126 { 1127 size_t clen; 1128 u8 *tmp; 1129 1130 clen = iwe->u.data.length; 1131 if (custom + clen > end) 1132 return; 1133 1134 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) { 1135 char *spos; 1136 int bytes; 1137 spos = custom + 7; 1138 bytes = custom + clen - spos; 1139 if (bytes & 1 || bytes == 0) 1140 return; 1141 bytes /= 2; 1142 tmp = os_realloc(res->ie, res->ie_len + bytes); 1143 if (tmp == NULL) 1144 return; 1145 res->ie = tmp; 1146 if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0) 1147 return; 1148 res->ie_len += bytes; 1149 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) { 1150 char *spos; 1151 int bytes; 1152 spos = custom + 7; 1153 bytes = custom + clen - spos; 1154 if (bytes & 1 || bytes == 0) 1155 return; 1156 bytes /= 2; 1157 tmp = os_realloc(res->ie, res->ie_len + bytes); 1158 if (tmp == NULL) 1159 return; 1160 res->ie = tmp; 1161 if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0) 1162 return; 1163 res->ie_len += bytes; 1164 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) { 1165 char *spos; 1166 int bytes; 1167 u8 bin[8]; 1168 spos = custom + 4; 1169 bytes = custom + clen - spos; 1170 if (bytes != 16) { 1171 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes); 1172 return; 1173 } 1174 bytes /= 2; 1175 if (hexstr2bin(spos, bin, bytes) < 0) { 1176 wpa_printf(MSG_DEBUG, "WEXT: Invalid TSF value"); 1177 return; 1178 } 1179 res->res.tsf += WPA_GET_BE64(bin); 1180 } 1181 } 1182 1183 1184 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd) 1185 { 1186 return drv->we_version_compiled > 18 && 1187 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE || 1188 cmd == IWEVGENIE || cmd == IWEVCUSTOM); 1189 } 1190 1191 1192 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res, 1193 struct wext_scan_data *data) 1194 { 1195 struct wpa_scan_res **tmp; 1196 struct wpa_scan_res *r; 1197 size_t extra_len; 1198 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL; 1199 1200 /* Figure out whether we need to fake any IEs */ 1201 pos = data->ie; 1202 end = pos + data->ie_len; 1203 while (pos && pos + 1 < end) { 1204 if (pos + 2 + pos[1] > end) 1205 break; 1206 if (pos[0] == WLAN_EID_SSID) 1207 ssid_ie = pos; 1208 else if (pos[0] == WLAN_EID_SUPP_RATES) 1209 rate_ie = pos; 1210 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES) 1211 rate_ie = pos; 1212 pos += 2 + pos[1]; 1213 } 1214 1215 extra_len = 0; 1216 if (ssid_ie == NULL) 1217 extra_len += 2 + data->ssid_len; 1218 if (rate_ie == NULL && data->maxrate) 1219 extra_len += 3; 1220 1221 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len); 1222 if (r == NULL) 1223 return; 1224 os_memcpy(r, &data->res, sizeof(*r)); 1225 r->ie_len = extra_len + data->ie_len; 1226 pos = (u8 *) (r + 1); 1227 if (ssid_ie == NULL) { 1228 /* 1229 * Generate a fake SSID IE since the driver did not report 1230 * a full IE list. 1231 */ 1232 *pos++ = WLAN_EID_SSID; 1233 *pos++ = data->ssid_len; 1234 os_memcpy(pos, data->ssid, data->ssid_len); 1235 pos += data->ssid_len; 1236 } 1237 if (rate_ie == NULL && data->maxrate) { 1238 /* 1239 * Generate a fake Supported Rates IE since the driver did not 1240 * report a full IE list. 1241 */ 1242 *pos++ = WLAN_EID_SUPP_RATES; 1243 *pos++ = 1; 1244 *pos++ = data->maxrate; 1245 } 1246 if (data->ie) 1247 os_memcpy(pos, data->ie, data->ie_len); 1248 1249 tmp = os_realloc(res->res, 1250 (res->num + 1) * sizeof(struct wpa_scan_res *)); 1251 if (tmp == NULL) { 1252 os_free(r); 1253 return; 1254 } 1255 tmp[res->num++] = r; 1256 res->res = tmp; 1257 } 1258 1259 1260 /** 1261 * wpa_driver_wext_get_scan_results - Fetch the latest scan results 1262 * @priv: Pointer to private wext data from wpa_driver_wext_init() 1263 * Returns: Scan results on success, -1 on failure 1264 */ 1265 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv) 1266 { 1267 struct wpa_driver_wext_data *drv = priv; 1268 size_t ap_num = 0, len; 1269 int first; 1270 u8 *res_buf; 1271 struct iw_event iwe_buf, *iwe = &iwe_buf; 1272 char *pos, *end, *custom; 1273 struct wpa_scan_results *res; 1274 struct wext_scan_data data; 1275 1276 res_buf = wpa_driver_wext_giwscan(drv, &len); 1277 if (res_buf == NULL) 1278 return NULL; 1279 1280 ap_num = 0; 1281 first = 1; 1282 1283 res = os_zalloc(sizeof(*res)); 1284 if (res == NULL) { 1285 os_free(res_buf); 1286 return NULL; 1287 } 1288 1289 pos = (char *) res_buf; 1290 end = (char *) res_buf + len; 1291 os_memset(&data, 0, sizeof(data)); 1292 1293 while (pos + IW_EV_LCP_LEN <= end) { 1294 /* Event data may be unaligned, so make a local, aligned copy 1295 * before processing. */ 1296 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN); 1297 if (iwe->len <= IW_EV_LCP_LEN) 1298 break; 1299 1300 custom = pos + IW_EV_POINT_LEN; 1301 if (wext_19_iw_point(drv, iwe->cmd)) { 1302 /* WE-19 removed the pointer from struct iw_point */ 1303 char *dpos = (char *) &iwe_buf.u.data.length; 1304 int dlen = dpos - (char *) &iwe_buf; 1305 os_memcpy(dpos, pos + IW_EV_LCP_LEN, 1306 sizeof(struct iw_event) - dlen); 1307 } else { 1308 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event)); 1309 custom += IW_EV_POINT_OFF; 1310 } 1311 1312 switch (iwe->cmd) { 1313 case SIOCGIWAP: 1314 if (!first) 1315 wpa_driver_wext_add_scan_entry(res, &data); 1316 first = 0; 1317 os_free(data.ie); 1318 os_memset(&data, 0, sizeof(data)); 1319 os_memcpy(data.res.bssid, 1320 iwe->u.ap_addr.sa_data, ETH_ALEN); 1321 break; 1322 case SIOCGIWMODE: 1323 wext_get_scan_mode(iwe, &data); 1324 break; 1325 case SIOCGIWESSID: 1326 wext_get_scan_ssid(iwe, &data, custom, end); 1327 break; 1328 case SIOCGIWFREQ: 1329 wext_get_scan_freq(iwe, &data); 1330 break; 1331 case IWEVQUAL: 1332 wext_get_scan_qual(iwe, &data); 1333 break; 1334 case SIOCGIWENCODE: 1335 wext_get_scan_encode(iwe, &data); 1336 break; 1337 case SIOCGIWRATE: 1338 wext_get_scan_rate(iwe, &data, pos, end); 1339 break; 1340 case IWEVGENIE: 1341 wext_get_scan_iwevgenie(iwe, &data, custom, end); 1342 break; 1343 case IWEVCUSTOM: 1344 wext_get_scan_custom(iwe, &data, custom, end); 1345 break; 1346 } 1347 1348 pos += iwe->len; 1349 } 1350 os_free(res_buf); 1351 res_buf = NULL; 1352 if (!first) 1353 wpa_driver_wext_add_scan_entry(res, &data); 1354 os_free(data.ie); 1355 1356 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)", 1357 (unsigned long) len, (unsigned long) res->num); 1358 1359 return res; 1360 } 1361 1362 1363 static int wpa_driver_wext_get_range(void *priv) 1364 { 1365 struct wpa_driver_wext_data *drv = priv; 1366 struct iw_range *range; 1367 struct iwreq iwr; 1368 int minlen; 1369 size_t buflen; 1370 1371 /* 1372 * Use larger buffer than struct iw_range in order to allow the 1373 * structure to grow in the future. 1374 */ 1375 buflen = sizeof(struct iw_range) + 500; 1376 range = os_zalloc(buflen); 1377 if (range == NULL) 1378 return -1; 1379 1380 os_memset(&iwr, 0, sizeof(iwr)); 1381 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1382 iwr.u.data.pointer = (caddr_t) range; 1383 iwr.u.data.length = buflen; 1384 1385 minlen = ((char *) &range->enc_capa) - (char *) range + 1386 sizeof(range->enc_capa); 1387 1388 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) { 1389 perror("ioctl[SIOCGIWRANGE]"); 1390 os_free(range); 1391 return -1; 1392 } else if (iwr.u.data.length >= minlen && 1393 range->we_version_compiled >= 18) { 1394 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d " 1395 "WE(source)=%d enc_capa=0x%x", 1396 range->we_version_compiled, 1397 range->we_version_source, 1398 range->enc_capa); 1399 drv->has_capability = 1; 1400 drv->we_version_compiled = range->we_version_compiled; 1401 if (range->enc_capa & IW_ENC_CAPA_WPA) { 1402 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA | 1403 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK; 1404 } 1405 if (range->enc_capa & IW_ENC_CAPA_WPA2) { 1406 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 1407 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 1408 } 1409 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 | 1410 WPA_DRIVER_CAPA_ENC_WEP104; 1411 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP) 1412 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; 1413 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP) 1414 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; 1415 if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE) 1416 drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE; 1417 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 1418 WPA_DRIVER_AUTH_SHARED | 1419 WPA_DRIVER_AUTH_LEAP; 1420 drv->capa.max_scan_ssids = 1; 1421 1422 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x " 1423 "flags 0x%x", 1424 drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags); 1425 } else { 1426 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - " 1427 "assuming WPA is not supported"); 1428 } 1429 1430 os_free(range); 1431 return 0; 1432 } 1433 1434 1435 static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv, 1436 const u8 *psk) 1437 { 1438 struct iw_encode_ext *ext; 1439 struct iwreq iwr; 1440 int ret; 1441 1442 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1443 1444 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) 1445 return 0; 1446 1447 if (!psk) 1448 return 0; 1449 1450 os_memset(&iwr, 0, sizeof(iwr)); 1451 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1452 1453 ext = os_zalloc(sizeof(*ext) + PMK_LEN); 1454 if (ext == NULL) 1455 return -1; 1456 1457 iwr.u.encoding.pointer = (caddr_t) ext; 1458 iwr.u.encoding.length = sizeof(*ext) + PMK_LEN; 1459 ext->key_len = PMK_LEN; 1460 os_memcpy(&ext->key, psk, ext->key_len); 1461 ext->alg = IW_ENCODE_ALG_PMK; 1462 1463 ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr); 1464 if (ret < 0) 1465 perror("ioctl[SIOCSIWENCODEEXT] PMK"); 1466 os_free(ext); 1467 1468 return ret; 1469 } 1470 1471 1472 static int wpa_driver_wext_set_key_ext(void *priv, enum wpa_alg alg, 1473 const u8 *addr, int key_idx, 1474 int set_tx, const u8 *seq, 1475 size_t seq_len, 1476 const u8 *key, size_t key_len) 1477 { 1478 struct wpa_driver_wext_data *drv = priv; 1479 struct iwreq iwr; 1480 int ret = 0; 1481 struct iw_encode_ext *ext; 1482 1483 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) { 1484 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu", 1485 __FUNCTION__, (unsigned long) seq_len); 1486 return -1; 1487 } 1488 1489 ext = os_zalloc(sizeof(*ext) + key_len); 1490 if (ext == NULL) 1491 return -1; 1492 os_memset(&iwr, 0, sizeof(iwr)); 1493 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1494 iwr.u.encoding.flags = key_idx + 1; 1495 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1496 if (alg == WPA_ALG_NONE) 1497 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 1498 iwr.u.encoding.pointer = (caddr_t) ext; 1499 iwr.u.encoding.length = sizeof(*ext) + key_len; 1500 1501 if (addr == NULL || 1502 os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0) 1503 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY; 1504 if (set_tx) 1505 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY; 1506 1507 ext->addr.sa_family = ARPHRD_ETHER; 1508 if (addr) 1509 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN); 1510 else 1511 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN); 1512 if (key && key_len) { 1513 os_memcpy(ext + 1, key, key_len); 1514 ext->key_len = key_len; 1515 } 1516 switch (alg) { 1517 case WPA_ALG_NONE: 1518 ext->alg = IW_ENCODE_ALG_NONE; 1519 break; 1520 case WPA_ALG_WEP: 1521 ext->alg = IW_ENCODE_ALG_WEP; 1522 break; 1523 case WPA_ALG_TKIP: 1524 ext->alg = IW_ENCODE_ALG_TKIP; 1525 break; 1526 case WPA_ALG_CCMP: 1527 ext->alg = IW_ENCODE_ALG_CCMP; 1528 break; 1529 case WPA_ALG_PMK: 1530 ext->alg = IW_ENCODE_ALG_PMK; 1531 break; 1532 #ifdef CONFIG_IEEE80211W 1533 case WPA_ALG_IGTK: 1534 ext->alg = IW_ENCODE_ALG_AES_CMAC; 1535 break; 1536 #endif /* CONFIG_IEEE80211W */ 1537 default: 1538 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d", 1539 __FUNCTION__, alg); 1540 os_free(ext); 1541 return -1; 1542 } 1543 1544 if (seq && seq_len) { 1545 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID; 1546 os_memcpy(ext->rx_seq, seq, seq_len); 1547 } 1548 1549 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) { 1550 ret = errno == EOPNOTSUPP ? -2 : -1; 1551 if (errno == ENODEV) { 1552 /* 1553 * ndiswrapper seems to be returning incorrect error 1554 * code.. */ 1555 ret = -2; 1556 } 1557 1558 perror("ioctl[SIOCSIWENCODEEXT]"); 1559 } 1560 1561 os_free(ext); 1562 return ret; 1563 } 1564 1565 1566 /** 1567 * wpa_driver_wext_set_key - Configure encryption key 1568 * @priv: Pointer to private wext data from wpa_driver_wext_init() 1569 * @priv: Private driver interface data 1570 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP, 1571 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key. 1572 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for 1573 * broadcast/default keys 1574 * @key_idx: key index (0..3), usually 0 for unicast keys 1575 * @set_tx: Configure this key as the default Tx key (only used when 1576 * driver does not support separate unicast/individual key 1577 * @seq: Sequence number/packet number, seq_len octets, the next 1578 * packet number to be used for in replay protection; configured 1579 * for Rx keys (in most cases, this is only used with broadcast 1580 * keys and set to zero for unicast keys) 1581 * @seq_len: Length of the seq, depends on the algorithm: 1582 * TKIP: 6 octets, CCMP: 6 octets 1583 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key, 1584 * 8-byte Rx Mic Key 1585 * @key_len: Length of the key buffer in octets (WEP: 5 or 13, 1586 * TKIP: 32, CCMP: 16) 1587 * Returns: 0 on success, -1 on failure 1588 * 1589 * This function uses SIOCSIWENCODEEXT by default, but tries to use 1590 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key. 1591 */ 1592 int wpa_driver_wext_set_key(const char *ifname, void *priv, enum wpa_alg alg, 1593 const u8 *addr, int key_idx, 1594 int set_tx, const u8 *seq, size_t seq_len, 1595 const u8 *key, size_t key_len) 1596 { 1597 struct wpa_driver_wext_data *drv = priv; 1598 struct iwreq iwr; 1599 int ret = 0; 1600 1601 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu " 1602 "key_len=%lu", 1603 __FUNCTION__, alg, key_idx, set_tx, 1604 (unsigned long) seq_len, (unsigned long) key_len); 1605 1606 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx, 1607 seq, seq_len, key, key_len); 1608 if (ret == 0) 1609 return 0; 1610 1611 if (ret == -2 && 1612 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) { 1613 wpa_printf(MSG_DEBUG, "Driver did not support " 1614 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE"); 1615 ret = 0; 1616 } else { 1617 wpa_printf(MSG_DEBUG, "Driver did not support " 1618 "SIOCSIWENCODEEXT"); 1619 return ret; 1620 } 1621 1622 os_memset(&iwr, 0, sizeof(iwr)); 1623 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1624 iwr.u.encoding.flags = key_idx + 1; 1625 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1626 if (alg == WPA_ALG_NONE) 1627 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 1628 iwr.u.encoding.pointer = (caddr_t) key; 1629 iwr.u.encoding.length = key_len; 1630 1631 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 1632 perror("ioctl[SIOCSIWENCODE]"); 1633 ret = -1; 1634 } 1635 1636 if (set_tx && alg != WPA_ALG_NONE) { 1637 os_memset(&iwr, 0, sizeof(iwr)); 1638 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1639 iwr.u.encoding.flags = key_idx + 1; 1640 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1641 iwr.u.encoding.pointer = (caddr_t) NULL; 1642 iwr.u.encoding.length = 0; 1643 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 1644 perror("ioctl[SIOCSIWENCODE] (set_tx)"); 1645 ret = -1; 1646 } 1647 } 1648 1649 return ret; 1650 } 1651 1652 1653 static int wpa_driver_wext_set_countermeasures(void *priv, 1654 int enabled) 1655 { 1656 struct wpa_driver_wext_data *drv = priv; 1657 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1658 return wpa_driver_wext_set_auth_param(drv, 1659 IW_AUTH_TKIP_COUNTERMEASURES, 1660 enabled); 1661 } 1662 1663 1664 static int wpa_driver_wext_set_drop_unencrypted(void *priv, 1665 int enabled) 1666 { 1667 struct wpa_driver_wext_data *drv = priv; 1668 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1669 drv->use_crypt = enabled; 1670 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED, 1671 enabled); 1672 } 1673 1674 1675 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv, 1676 const u8 *addr, int cmd, int reason_code) 1677 { 1678 struct iwreq iwr; 1679 struct iw_mlme mlme; 1680 int ret = 0; 1681 1682 os_memset(&iwr, 0, sizeof(iwr)); 1683 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1684 os_memset(&mlme, 0, sizeof(mlme)); 1685 mlme.cmd = cmd; 1686 mlme.reason_code = reason_code; 1687 mlme.addr.sa_family = ARPHRD_ETHER; 1688 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN); 1689 iwr.u.data.pointer = (caddr_t) &mlme; 1690 iwr.u.data.length = sizeof(mlme); 1691 1692 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) { 1693 perror("ioctl[SIOCSIWMLME]"); 1694 ret = -1; 1695 } 1696 1697 return ret; 1698 } 1699 1700 1701 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv) 1702 { 1703 struct iwreq iwr; 1704 const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 }; 1705 u8 ssid[32]; 1706 int i; 1707 1708 /* 1709 * Only force-disconnect when the card is in infrastructure mode, 1710 * otherwise the driver might interpret the cleared BSSID and random 1711 * SSID as an attempt to create a new ad-hoc network. 1712 */ 1713 os_memset(&iwr, 0, sizeof(iwr)); 1714 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1715 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) { 1716 perror("ioctl[SIOCGIWMODE]"); 1717 iwr.u.mode = IW_MODE_INFRA; 1718 } 1719 1720 if (iwr.u.mode == IW_MODE_INFRA) { 1721 if (drv->cfg80211) { 1722 /* 1723 * cfg80211 supports SIOCSIWMLME commands, so there is 1724 * no need for the random SSID hack, but clear the 1725 * BSSID and SSID. 1726 */ 1727 if (wpa_driver_wext_set_bssid(drv, null_bssid) < 0 || 1728 wpa_driver_wext_set_ssid(drv, (u8 *) "", 0) < 0) { 1729 wpa_printf(MSG_DEBUG, "WEXT: Failed to clear " 1730 "to disconnect"); 1731 } 1732 return; 1733 } 1734 /* 1735 * Clear the BSSID selection and set a random SSID to make sure 1736 * the driver will not be trying to associate with something 1737 * even if it does not understand SIOCSIWMLME commands (or 1738 * tries to associate automatically after deauth/disassoc). 1739 */ 1740 for (i = 0; i < 32; i++) 1741 ssid[i] = rand() & 0xFF; 1742 if (wpa_driver_wext_set_bssid(drv, null_bssid) < 0 || 1743 wpa_driver_wext_set_ssid(drv, ssid, 32) < 0) { 1744 wpa_printf(MSG_DEBUG, "WEXT: Failed to set bogus " 1745 "BSSID/SSID to disconnect"); 1746 } 1747 } 1748 } 1749 1750 1751 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr, 1752 int reason_code) 1753 { 1754 struct wpa_driver_wext_data *drv = priv; 1755 int ret; 1756 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1757 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code); 1758 wpa_driver_wext_disconnect(drv); 1759 return ret; 1760 } 1761 1762 1763 static int wpa_driver_wext_disassociate(void *priv, const u8 *addr, 1764 int reason_code) 1765 { 1766 struct wpa_driver_wext_data *drv = priv; 1767 int ret; 1768 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1769 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC, reason_code); 1770 wpa_driver_wext_disconnect(drv); 1771 return ret; 1772 } 1773 1774 1775 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie, 1776 size_t ie_len) 1777 { 1778 struct wpa_driver_wext_data *drv = priv; 1779 struct iwreq iwr; 1780 int ret = 0; 1781 1782 os_memset(&iwr, 0, sizeof(iwr)); 1783 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1784 iwr.u.data.pointer = (caddr_t) ie; 1785 iwr.u.data.length = ie_len; 1786 1787 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) { 1788 perror("ioctl[SIOCSIWGENIE]"); 1789 ret = -1; 1790 } 1791 1792 return ret; 1793 } 1794 1795 1796 int wpa_driver_wext_cipher2wext(int cipher) 1797 { 1798 switch (cipher) { 1799 case CIPHER_NONE: 1800 return IW_AUTH_CIPHER_NONE; 1801 case CIPHER_WEP40: 1802 return IW_AUTH_CIPHER_WEP40; 1803 case CIPHER_TKIP: 1804 return IW_AUTH_CIPHER_TKIP; 1805 case CIPHER_CCMP: 1806 return IW_AUTH_CIPHER_CCMP; 1807 case CIPHER_WEP104: 1808 return IW_AUTH_CIPHER_WEP104; 1809 default: 1810 return 0; 1811 } 1812 } 1813 1814 1815 int wpa_driver_wext_keymgmt2wext(int keymgmt) 1816 { 1817 switch (keymgmt) { 1818 case KEY_MGMT_802_1X: 1819 case KEY_MGMT_802_1X_NO_WPA: 1820 return IW_AUTH_KEY_MGMT_802_1X; 1821 case KEY_MGMT_PSK: 1822 return IW_AUTH_KEY_MGMT_PSK; 1823 default: 1824 return 0; 1825 } 1826 } 1827 1828 1829 static int 1830 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv, 1831 struct wpa_driver_associate_params *params) 1832 { 1833 struct iwreq iwr; 1834 int ret = 0; 1835 1836 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support " 1837 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE"); 1838 1839 os_memset(&iwr, 0, sizeof(iwr)); 1840 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1841 /* Just changing mode, not actual keys */ 1842 iwr.u.encoding.flags = 0; 1843 iwr.u.encoding.pointer = (caddr_t) NULL; 1844 iwr.u.encoding.length = 0; 1845 1846 /* 1847 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two 1848 * different things. Here they are used to indicate Open System vs. 1849 * Shared Key authentication algorithm. However, some drivers may use 1850 * them to select between open/restricted WEP encrypted (open = allow 1851 * both unencrypted and encrypted frames; restricted = only allow 1852 * encrypted frames). 1853 */ 1854 1855 if (!drv->use_crypt) { 1856 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 1857 } else { 1858 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 1859 iwr.u.encoding.flags |= IW_ENCODE_OPEN; 1860 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 1861 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED; 1862 } 1863 1864 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 1865 perror("ioctl[SIOCSIWENCODE]"); 1866 ret = -1; 1867 } 1868 1869 return ret; 1870 } 1871 1872 1873 int wpa_driver_wext_associate(void *priv, 1874 struct wpa_driver_associate_params *params) 1875 { 1876 struct wpa_driver_wext_data *drv = priv; 1877 int ret = 0; 1878 int allow_unencrypted_eapol; 1879 int value; 1880 1881 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1882 1883 if (drv->cfg80211) { 1884 /* 1885 * Stop cfg80211 from trying to associate before we are done 1886 * with all parameters. 1887 */ 1888 wpa_driver_wext_set_ssid(drv, (u8 *) "", 0); 1889 } 1890 1891 if (wpa_driver_wext_set_drop_unencrypted(drv, params->drop_unencrypted) 1892 < 0) 1893 ret = -1; 1894 if (wpa_driver_wext_set_auth_alg(drv, params->auth_alg) < 0) 1895 ret = -1; 1896 if (wpa_driver_wext_set_mode(drv, params->mode) < 0) 1897 ret = -1; 1898 1899 /* 1900 * If the driver did not support SIOCSIWAUTH, fallback to 1901 * SIOCSIWENCODE here. 1902 */ 1903 if (drv->auth_alg_fallback && 1904 wpa_driver_wext_auth_alg_fallback(drv, params) < 0) 1905 ret = -1; 1906 1907 if (!params->bssid && 1908 wpa_driver_wext_set_bssid(drv, NULL) < 0) 1909 ret = -1; 1910 1911 /* TODO: should consider getting wpa version and cipher/key_mgmt suites 1912 * from configuration, not from here, where only the selected suite is 1913 * available */ 1914 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len) 1915 < 0) 1916 ret = -1; 1917 if (params->wpa_ie == NULL || params->wpa_ie_len == 0) 1918 value = IW_AUTH_WPA_VERSION_DISABLED; 1919 else if (params->wpa_ie[0] == WLAN_EID_RSN) 1920 value = IW_AUTH_WPA_VERSION_WPA2; 1921 else 1922 value = IW_AUTH_WPA_VERSION_WPA; 1923 if (wpa_driver_wext_set_auth_param(drv, 1924 IW_AUTH_WPA_VERSION, value) < 0) 1925 ret = -1; 1926 value = wpa_driver_wext_cipher2wext(params->pairwise_suite); 1927 if (wpa_driver_wext_set_auth_param(drv, 1928 IW_AUTH_CIPHER_PAIRWISE, value) < 0) 1929 ret = -1; 1930 value = wpa_driver_wext_cipher2wext(params->group_suite); 1931 if (wpa_driver_wext_set_auth_param(drv, 1932 IW_AUTH_CIPHER_GROUP, value) < 0) 1933 ret = -1; 1934 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite); 1935 if (wpa_driver_wext_set_auth_param(drv, 1936 IW_AUTH_KEY_MGMT, value) < 0) 1937 ret = -1; 1938 value = params->key_mgmt_suite != KEY_MGMT_NONE || 1939 params->pairwise_suite != CIPHER_NONE || 1940 params->group_suite != CIPHER_NONE || 1941 params->wpa_ie_len; 1942 if (wpa_driver_wext_set_auth_param(drv, 1943 IW_AUTH_PRIVACY_INVOKED, value) < 0) 1944 ret = -1; 1945 1946 /* Allow unencrypted EAPOL messages even if pairwise keys are set when 1947 * not using WPA. IEEE 802.1X specifies that these frames are not 1948 * encrypted, but WPA encrypts them when pairwise keys are in use. */ 1949 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 1950 params->key_mgmt_suite == KEY_MGMT_PSK) 1951 allow_unencrypted_eapol = 0; 1952 else 1953 allow_unencrypted_eapol = 1; 1954 1955 if (wpa_driver_wext_set_psk(drv, params->psk) < 0) 1956 ret = -1; 1957 if (wpa_driver_wext_set_auth_param(drv, 1958 IW_AUTH_RX_UNENCRYPTED_EAPOL, 1959 allow_unencrypted_eapol) < 0) 1960 ret = -1; 1961 #ifdef CONFIG_IEEE80211W 1962 switch (params->mgmt_frame_protection) { 1963 case NO_MGMT_FRAME_PROTECTION: 1964 value = IW_AUTH_MFP_DISABLED; 1965 break; 1966 case MGMT_FRAME_PROTECTION_OPTIONAL: 1967 value = IW_AUTH_MFP_OPTIONAL; 1968 break; 1969 case MGMT_FRAME_PROTECTION_REQUIRED: 1970 value = IW_AUTH_MFP_REQUIRED; 1971 break; 1972 }; 1973 if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0) 1974 ret = -1; 1975 #endif /* CONFIG_IEEE80211W */ 1976 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0) 1977 ret = -1; 1978 if (!drv->cfg80211 && 1979 wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0) 1980 ret = -1; 1981 if (params->bssid && 1982 wpa_driver_wext_set_bssid(drv, params->bssid) < 0) 1983 ret = -1; 1984 if (drv->cfg80211 && 1985 wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0) 1986 ret = -1; 1987 1988 return ret; 1989 } 1990 1991 1992 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg) 1993 { 1994 struct wpa_driver_wext_data *drv = priv; 1995 int algs = 0, res; 1996 1997 if (auth_alg & WPA_AUTH_ALG_OPEN) 1998 algs |= IW_AUTH_ALG_OPEN_SYSTEM; 1999 if (auth_alg & WPA_AUTH_ALG_SHARED) 2000 algs |= IW_AUTH_ALG_SHARED_KEY; 2001 if (auth_alg & WPA_AUTH_ALG_LEAP) 2002 algs |= IW_AUTH_ALG_LEAP; 2003 if (algs == 0) { 2004 /* at least one algorithm should be set */ 2005 algs = IW_AUTH_ALG_OPEN_SYSTEM; 2006 } 2007 2008 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG, 2009 algs); 2010 drv->auth_alg_fallback = res == -2; 2011 return res; 2012 } 2013 2014 2015 /** 2016 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE 2017 * @priv: Pointer to private wext data from wpa_driver_wext_init() 2018 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS 2019 * Returns: 0 on success, -1 on failure 2020 */ 2021 int wpa_driver_wext_set_mode(void *priv, int mode) 2022 { 2023 struct wpa_driver_wext_data *drv = priv; 2024 struct iwreq iwr; 2025 int ret = -1; 2026 unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA; 2027 2028 os_memset(&iwr, 0, sizeof(iwr)); 2029 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2030 iwr.u.mode = new_mode; 2031 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) { 2032 ret = 0; 2033 goto done; 2034 } 2035 2036 if (errno != EBUSY) { 2037 perror("ioctl[SIOCSIWMODE]"); 2038 goto done; 2039 } 2040 2041 /* mac80211 doesn't allow mode changes while the device is up, so if 2042 * the device isn't in the mode we're about to change to, take device 2043 * down, try to set the mode again, and bring it back up. 2044 */ 2045 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) { 2046 perror("ioctl[SIOCGIWMODE]"); 2047 goto done; 2048 } 2049 2050 if (iwr.u.mode == new_mode) { 2051 ret = 0; 2052 goto done; 2053 } 2054 2055 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0) == 0) { 2056 /* Try to set the mode again while the interface is down */ 2057 iwr.u.mode = new_mode; 2058 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0) 2059 perror("ioctl[SIOCSIWMODE]"); 2060 else 2061 ret = 0; 2062 2063 (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1); 2064 } 2065 2066 done: 2067 return ret; 2068 } 2069 2070 2071 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv, 2072 u32 cmd, const u8 *bssid, const u8 *pmkid) 2073 { 2074 struct iwreq iwr; 2075 struct iw_pmksa pmksa; 2076 int ret = 0; 2077 2078 os_memset(&iwr, 0, sizeof(iwr)); 2079 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2080 os_memset(&pmksa, 0, sizeof(pmksa)); 2081 pmksa.cmd = cmd; 2082 pmksa.bssid.sa_family = ARPHRD_ETHER; 2083 if (bssid) 2084 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN); 2085 if (pmkid) 2086 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN); 2087 iwr.u.data.pointer = (caddr_t) &pmksa; 2088 iwr.u.data.length = sizeof(pmksa); 2089 2090 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) { 2091 if (errno != EOPNOTSUPP) 2092 perror("ioctl[SIOCSIWPMKSA]"); 2093 ret = -1; 2094 } 2095 2096 return ret; 2097 } 2098 2099 2100 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid, 2101 const u8 *pmkid) 2102 { 2103 struct wpa_driver_wext_data *drv = priv; 2104 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid); 2105 } 2106 2107 2108 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid, 2109 const u8 *pmkid) 2110 { 2111 struct wpa_driver_wext_data *drv = priv; 2112 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid); 2113 } 2114 2115 2116 static int wpa_driver_wext_flush_pmkid(void *priv) 2117 { 2118 struct wpa_driver_wext_data *drv = priv; 2119 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL); 2120 } 2121 2122 2123 int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa) 2124 { 2125 struct wpa_driver_wext_data *drv = priv; 2126 if (!drv->has_capability) 2127 return -1; 2128 os_memcpy(capa, &drv->capa, sizeof(*capa)); 2129 return 0; 2130 } 2131 2132 2133 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv, 2134 const char *ifname) 2135 { 2136 if (ifname == NULL) { 2137 drv->ifindex2 = -1; 2138 return 0; 2139 } 2140 2141 drv->ifindex2 = if_nametoindex(ifname); 2142 if (drv->ifindex2 <= 0) 2143 return -1; 2144 2145 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for " 2146 "wireless events", drv->ifindex2, ifname); 2147 2148 return 0; 2149 } 2150 2151 2152 int wpa_driver_wext_set_operstate(void *priv, int state) 2153 { 2154 struct wpa_driver_wext_data *drv = priv; 2155 2156 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 2157 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 2158 drv->operstate = state; 2159 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1, 2160 state ? IF_OPER_UP : IF_OPER_DORMANT); 2161 } 2162 2163 2164 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv) 2165 { 2166 return drv->we_version_compiled; 2167 } 2168 2169 2170 const struct wpa_driver_ops wpa_driver_wext_ops = { 2171 .name = "wext", 2172 .desc = "Linux wireless extensions (generic)", 2173 .get_bssid = wpa_driver_wext_get_bssid, 2174 .get_ssid = wpa_driver_wext_get_ssid, 2175 .set_key = wpa_driver_wext_set_key, 2176 .set_countermeasures = wpa_driver_wext_set_countermeasures, 2177 .scan2 = wpa_driver_wext_scan, 2178 .get_scan_results2 = wpa_driver_wext_get_scan_results, 2179 .deauthenticate = wpa_driver_wext_deauthenticate, 2180 .disassociate = wpa_driver_wext_disassociate, 2181 .associate = wpa_driver_wext_associate, 2182 .init = wpa_driver_wext_init, 2183 .deinit = wpa_driver_wext_deinit, 2184 .add_pmkid = wpa_driver_wext_add_pmkid, 2185 .remove_pmkid = wpa_driver_wext_remove_pmkid, 2186 .flush_pmkid = wpa_driver_wext_flush_pmkid, 2187 .get_capa = wpa_driver_wext_get_capa, 2188 .set_operstate = wpa_driver_wext_set_operstate, 2189 }; 2190