1 /* 2 * Driver interaction with generic Linux Wireless Extensions 3 * Copyright (c) 2003-2010, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file implements a driver interface for the Linux Wireless Extensions. 9 * When used with WE-18 or newer, this interface can be used as-is with number 10 * of drivers. In addition to this, some of the common functions in this file 11 * can be used by other driver interface implementations that use generic WE 12 * ioctls, but require private ioctls for some of the functionality. 13 */ 14 15 #include "includes.h" 16 #include <sys/ioctl.h> 17 #include <sys/types.h> 18 #include <sys/stat.h> 19 #include <fcntl.h> 20 #include <net/if_arp.h> 21 22 #include "linux_wext.h" 23 #include "common.h" 24 #include "eloop.h" 25 #include "common/ieee802_11_defs.h" 26 #include "common/wpa_common.h" 27 #include "priv_netlink.h" 28 #include "netlink.h" 29 #include "linux_ioctl.h" 30 #include "rfkill.h" 31 #include "driver.h" 32 #include "driver_wext.h" 33 34 #ifdef ANDROID 35 #include "android_drv.h" 36 #endif /* ANDROID */ 37 38 static int wpa_driver_wext_flush_pmkid(void *priv); 39 static int wpa_driver_wext_get_range(void *priv); 40 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv); 41 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv); 42 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg); 43 44 45 int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv, 46 int idx, u32 value) 47 { 48 struct iwreq iwr; 49 int ret = 0; 50 51 os_memset(&iwr, 0, sizeof(iwr)); 52 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 53 iwr.u.param.flags = idx & IW_AUTH_INDEX; 54 iwr.u.param.value = value; 55 56 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) { 57 if (errno != EOPNOTSUPP) { 58 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d " 59 "value 0x%x) failed: %s)", 60 idx, value, strerror(errno)); 61 } 62 ret = errno == EOPNOTSUPP ? -2 : -1; 63 } 64 65 return ret; 66 } 67 68 69 /** 70 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP 71 * @priv: Pointer to private wext data from wpa_driver_wext_init() 72 * @bssid: Buffer for BSSID 73 * Returns: 0 on success, -1 on failure 74 */ 75 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid) 76 { 77 struct wpa_driver_wext_data *drv = priv; 78 struct iwreq iwr; 79 int ret = 0; 80 81 os_memset(&iwr, 0, sizeof(iwr)); 82 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 83 84 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) { 85 perror("ioctl[SIOCGIWAP]"); 86 ret = -1; 87 } 88 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN); 89 90 return ret; 91 } 92 93 94 /** 95 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP 96 * @priv: Pointer to private wext data from wpa_driver_wext_init() 97 * @bssid: BSSID 98 * Returns: 0 on success, -1 on failure 99 */ 100 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid) 101 { 102 struct wpa_driver_wext_data *drv = priv; 103 struct iwreq iwr; 104 int ret = 0; 105 106 os_memset(&iwr, 0, sizeof(iwr)); 107 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 108 iwr.u.ap_addr.sa_family = ARPHRD_ETHER; 109 if (bssid) 110 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN); 111 else 112 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN); 113 114 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) { 115 perror("ioctl[SIOCSIWAP]"); 116 ret = -1; 117 } 118 119 return ret; 120 } 121 122 123 /** 124 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID 125 * @priv: Pointer to private wext data from wpa_driver_wext_init() 126 * @ssid: Buffer for the SSID; must be at least 32 bytes long 127 * Returns: SSID length on success, -1 on failure 128 */ 129 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid) 130 { 131 struct wpa_driver_wext_data *drv = priv; 132 struct iwreq iwr; 133 int ret = 0; 134 135 os_memset(&iwr, 0, sizeof(iwr)); 136 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 137 iwr.u.essid.pointer = (caddr_t) ssid; 138 iwr.u.essid.length = 32; 139 140 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) { 141 perror("ioctl[SIOCGIWESSID]"); 142 ret = -1; 143 } else { 144 ret = iwr.u.essid.length; 145 if (ret > 32) 146 ret = 32; 147 /* Some drivers include nul termination in the SSID, so let's 148 * remove it here before further processing. WE-21 changes this 149 * to explicitly require the length _not_ to include nul 150 * termination. */ 151 if (ret > 0 && ssid[ret - 1] == '\0' && 152 drv->we_version_compiled < 21) 153 ret--; 154 } 155 156 return ret; 157 } 158 159 160 /** 161 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID 162 * @priv: Pointer to private wext data from wpa_driver_wext_init() 163 * @ssid: SSID 164 * @ssid_len: Length of SSID (0..32) 165 * Returns: 0 on success, -1 on failure 166 */ 167 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len) 168 { 169 struct wpa_driver_wext_data *drv = priv; 170 struct iwreq iwr; 171 int ret = 0; 172 char buf[33]; 173 174 if (ssid_len > 32) 175 return -1; 176 177 os_memset(&iwr, 0, sizeof(iwr)); 178 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 179 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */ 180 iwr.u.essid.flags = (ssid_len != 0); 181 os_memset(buf, 0, sizeof(buf)); 182 os_memcpy(buf, ssid, ssid_len); 183 iwr.u.essid.pointer = (caddr_t) buf; 184 if (drv->we_version_compiled < 21) { 185 /* For historic reasons, set SSID length to include one extra 186 * character, C string nul termination, even though SSID is 187 * really an octet string that should not be presented as a C 188 * string. Some Linux drivers decrement the length by one and 189 * can thus end up missing the last octet of the SSID if the 190 * length is not incremented here. WE-21 changes this to 191 * explicitly require the length _not_ to include nul 192 * termination. */ 193 if (ssid_len) 194 ssid_len++; 195 } 196 iwr.u.essid.length = ssid_len; 197 198 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) { 199 perror("ioctl[SIOCSIWESSID]"); 200 ret = -1; 201 } 202 203 return ret; 204 } 205 206 207 /** 208 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ 209 * @priv: Pointer to private wext data from wpa_driver_wext_init() 210 * @freq: Frequency in MHz 211 * Returns: 0 on success, -1 on failure 212 */ 213 int wpa_driver_wext_set_freq(void *priv, int freq) 214 { 215 struct wpa_driver_wext_data *drv = priv; 216 struct iwreq iwr; 217 int ret = 0; 218 219 os_memset(&iwr, 0, sizeof(iwr)); 220 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 221 iwr.u.freq.m = freq * 100000; 222 iwr.u.freq.e = 1; 223 224 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) { 225 perror("ioctl[SIOCSIWFREQ]"); 226 ret = -1; 227 } 228 229 return ret; 230 } 231 232 233 static void 234 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom) 235 { 236 union wpa_event_data data; 237 238 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'", 239 custom); 240 241 os_memset(&data, 0, sizeof(data)); 242 /* Host AP driver */ 243 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) { 244 data.michael_mic_failure.unicast = 245 os_strstr(custom, " unicast ") != NULL; 246 /* TODO: parse parameters(?) */ 247 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 248 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) { 249 char *spos; 250 int bytes; 251 u8 *req_ies = NULL, *resp_ies = NULL; 252 253 spos = custom + 17; 254 255 bytes = strspn(spos, "0123456789abcdefABCDEF"); 256 if (!bytes || (bytes & 1)) 257 return; 258 bytes /= 2; 259 260 req_ies = os_malloc(bytes); 261 if (req_ies == NULL || 262 hexstr2bin(spos, req_ies, bytes) < 0) 263 goto done; 264 data.assoc_info.req_ies = req_ies; 265 data.assoc_info.req_ies_len = bytes; 266 267 spos += bytes * 2; 268 269 data.assoc_info.resp_ies = NULL; 270 data.assoc_info.resp_ies_len = 0; 271 272 if (os_strncmp(spos, " RespIEs=", 9) == 0) { 273 spos += 9; 274 275 bytes = strspn(spos, "0123456789abcdefABCDEF"); 276 if (!bytes || (bytes & 1)) 277 goto done; 278 bytes /= 2; 279 280 resp_ies = os_malloc(bytes); 281 if (resp_ies == NULL || 282 hexstr2bin(spos, resp_ies, bytes) < 0) 283 goto done; 284 data.assoc_info.resp_ies = resp_ies; 285 data.assoc_info.resp_ies_len = bytes; 286 } 287 288 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data); 289 290 done: 291 os_free(resp_ies); 292 os_free(req_ies); 293 #ifdef CONFIG_PEERKEY 294 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) { 295 if (hwaddr_aton(custom + 17, data.stkstart.peer)) { 296 wpa_printf(MSG_DEBUG, "WEXT: unrecognized " 297 "STKSTART.request '%s'", custom + 17); 298 return; 299 } 300 wpa_supplicant_event(ctx, EVENT_STKSTART, &data); 301 #endif /* CONFIG_PEERKEY */ 302 #ifdef ANDROID 303 } else if (os_strncmp(custom, "STOP", 4) == 0) { 304 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STOPPED"); 305 } else if (os_strncmp(custom, "START", 5) == 0) { 306 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STARTED"); 307 } else if (os_strncmp(custom, "HANG", 4) == 0) { 308 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED"); 309 #endif /* ANDROID */ 310 } 311 } 312 313 314 static int wpa_driver_wext_event_wireless_michaelmicfailure( 315 void *ctx, const char *ev, size_t len) 316 { 317 const struct iw_michaelmicfailure *mic; 318 union wpa_event_data data; 319 320 if (len < sizeof(*mic)) 321 return -1; 322 323 mic = (const struct iw_michaelmicfailure *) ev; 324 325 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: " 326 "flags=0x%x src_addr=" MACSTR, mic->flags, 327 MAC2STR(mic->src_addr.sa_data)); 328 329 os_memset(&data, 0, sizeof(data)); 330 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP); 331 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 332 333 return 0; 334 } 335 336 337 static int wpa_driver_wext_event_wireless_pmkidcand( 338 struct wpa_driver_wext_data *drv, const char *ev, size_t len) 339 { 340 const struct iw_pmkid_cand *cand; 341 union wpa_event_data data; 342 const u8 *addr; 343 344 if (len < sizeof(*cand)) 345 return -1; 346 347 cand = (const struct iw_pmkid_cand *) ev; 348 addr = (const u8 *) cand->bssid.sa_data; 349 350 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: " 351 "flags=0x%x index=%d bssid=" MACSTR, cand->flags, 352 cand->index, MAC2STR(addr)); 353 354 os_memset(&data, 0, sizeof(data)); 355 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN); 356 data.pmkid_candidate.index = cand->index; 357 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH; 358 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 359 360 return 0; 361 } 362 363 364 static int wpa_driver_wext_event_wireless_assocreqie( 365 struct wpa_driver_wext_data *drv, const char *ev, int len) 366 { 367 if (len < 0) 368 return -1; 369 370 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev, 371 len); 372 os_free(drv->assoc_req_ies); 373 drv->assoc_req_ies = os_malloc(len); 374 if (drv->assoc_req_ies == NULL) { 375 drv->assoc_req_ies_len = 0; 376 return -1; 377 } 378 os_memcpy(drv->assoc_req_ies, ev, len); 379 drv->assoc_req_ies_len = len; 380 381 return 0; 382 } 383 384 385 static int wpa_driver_wext_event_wireless_assocrespie( 386 struct wpa_driver_wext_data *drv, const char *ev, int len) 387 { 388 if (len < 0) 389 return -1; 390 391 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev, 392 len); 393 os_free(drv->assoc_resp_ies); 394 drv->assoc_resp_ies = os_malloc(len); 395 if (drv->assoc_resp_ies == NULL) { 396 drv->assoc_resp_ies_len = 0; 397 return -1; 398 } 399 os_memcpy(drv->assoc_resp_ies, ev, len); 400 drv->assoc_resp_ies_len = len; 401 402 return 0; 403 } 404 405 406 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv) 407 { 408 union wpa_event_data data; 409 410 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL) 411 return; 412 413 os_memset(&data, 0, sizeof(data)); 414 if (drv->assoc_req_ies) { 415 data.assoc_info.req_ies = drv->assoc_req_ies; 416 data.assoc_info.req_ies_len = drv->assoc_req_ies_len; 417 } 418 if (drv->assoc_resp_ies) { 419 data.assoc_info.resp_ies = drv->assoc_resp_ies; 420 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len; 421 } 422 423 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data); 424 425 os_free(drv->assoc_req_ies); 426 drv->assoc_req_ies = NULL; 427 os_free(drv->assoc_resp_ies); 428 drv->assoc_resp_ies = NULL; 429 } 430 431 432 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv, 433 char *data, int len) 434 { 435 struct iw_event iwe_buf, *iwe = &iwe_buf; 436 char *pos, *end, *custom, *buf; 437 438 pos = data; 439 end = data + len; 440 441 while (pos + IW_EV_LCP_LEN <= end) { 442 /* Event data may be unaligned, so make a local, aligned copy 443 * before processing. */ 444 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN); 445 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d", 446 iwe->cmd, iwe->len); 447 if (iwe->len <= IW_EV_LCP_LEN) 448 return; 449 450 custom = pos + IW_EV_POINT_LEN; 451 if (drv->we_version_compiled > 18 && 452 (iwe->cmd == IWEVMICHAELMICFAILURE || 453 iwe->cmd == IWEVCUSTOM || 454 iwe->cmd == IWEVASSOCREQIE || 455 iwe->cmd == IWEVASSOCRESPIE || 456 iwe->cmd == IWEVPMKIDCAND)) { 457 /* WE-19 removed the pointer from struct iw_point */ 458 char *dpos = (char *) &iwe_buf.u.data.length; 459 int dlen = dpos - (char *) &iwe_buf; 460 os_memcpy(dpos, pos + IW_EV_LCP_LEN, 461 sizeof(struct iw_event) - dlen); 462 } else { 463 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event)); 464 custom += IW_EV_POINT_OFF; 465 } 466 467 switch (iwe->cmd) { 468 case SIOCGIWAP: 469 wpa_printf(MSG_DEBUG, "Wireless event: new AP: " 470 MACSTR, 471 MAC2STR((u8 *) iwe->u.ap_addr.sa_data)); 472 if (is_zero_ether_addr( 473 (const u8 *) iwe->u.ap_addr.sa_data) || 474 os_memcmp(iwe->u.ap_addr.sa_data, 475 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) == 476 0) { 477 os_free(drv->assoc_req_ies); 478 drv->assoc_req_ies = NULL; 479 os_free(drv->assoc_resp_ies); 480 drv->assoc_resp_ies = NULL; 481 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, 482 NULL); 483 484 } else { 485 wpa_driver_wext_event_assoc_ies(drv); 486 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, 487 NULL); 488 } 489 break; 490 case IWEVMICHAELMICFAILURE: 491 if (custom + iwe->u.data.length > end) { 492 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 493 "IWEVMICHAELMICFAILURE length"); 494 return; 495 } 496 wpa_driver_wext_event_wireless_michaelmicfailure( 497 drv->ctx, custom, iwe->u.data.length); 498 break; 499 case IWEVCUSTOM: 500 if (custom + iwe->u.data.length > end) { 501 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 502 "IWEVCUSTOM length"); 503 return; 504 } 505 buf = os_malloc(iwe->u.data.length + 1); 506 if (buf == NULL) 507 return; 508 os_memcpy(buf, custom, iwe->u.data.length); 509 buf[iwe->u.data.length] = '\0'; 510 wpa_driver_wext_event_wireless_custom(drv->ctx, buf); 511 os_free(buf); 512 break; 513 case SIOCGIWSCAN: 514 drv->scan_complete_events = 1; 515 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, 516 drv, drv->ctx); 517 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, 518 NULL); 519 break; 520 case IWEVASSOCREQIE: 521 if (custom + iwe->u.data.length > end) { 522 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 523 "IWEVASSOCREQIE length"); 524 return; 525 } 526 wpa_driver_wext_event_wireless_assocreqie( 527 drv, custom, iwe->u.data.length); 528 break; 529 case IWEVASSOCRESPIE: 530 if (custom + iwe->u.data.length > end) { 531 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 532 "IWEVASSOCRESPIE length"); 533 return; 534 } 535 wpa_driver_wext_event_wireless_assocrespie( 536 drv, custom, iwe->u.data.length); 537 break; 538 case IWEVPMKIDCAND: 539 if (custom + iwe->u.data.length > end) { 540 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 541 "IWEVPMKIDCAND length"); 542 return; 543 } 544 wpa_driver_wext_event_wireless_pmkidcand( 545 drv, custom, iwe->u.data.length); 546 break; 547 } 548 549 pos += iwe->len; 550 } 551 } 552 553 554 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv, 555 char *buf, size_t len, int del) 556 { 557 union wpa_event_data event; 558 559 os_memset(&event, 0, sizeof(event)); 560 if (len > sizeof(event.interface_status.ifname)) 561 len = sizeof(event.interface_status.ifname) - 1; 562 os_memcpy(event.interface_status.ifname, buf, len); 563 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 564 EVENT_INTERFACE_ADDED; 565 566 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 567 del ? "DEL" : "NEW", 568 event.interface_status.ifname, 569 del ? "removed" : "added"); 570 571 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) { 572 if (del) { 573 if (drv->if_removed) { 574 wpa_printf(MSG_DEBUG, "WEXT: if_removed " 575 "already set - ignore event"); 576 return; 577 } 578 drv->if_removed = 1; 579 } else { 580 if (if_nametoindex(drv->ifname) == 0) { 581 wpa_printf(MSG_DEBUG, "WEXT: Interface %s " 582 "does not exist - ignore " 583 "RTM_NEWLINK", 584 drv->ifname); 585 return; 586 } 587 if (!drv->if_removed) { 588 wpa_printf(MSG_DEBUG, "WEXT: if_removed " 589 "already cleared - ignore event"); 590 return; 591 } 592 drv->if_removed = 0; 593 } 594 } 595 596 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 597 } 598 599 600 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv, 601 u8 *buf, size_t len) 602 { 603 int attrlen, rta_len; 604 struct rtattr *attr; 605 606 attrlen = len; 607 attr = (struct rtattr *) buf; 608 609 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 610 while (RTA_OK(attr, attrlen)) { 611 if (attr->rta_type == IFLA_IFNAME) { 612 if (os_strcmp(((char *) attr) + rta_len, drv->ifname) 613 == 0) 614 return 1; 615 else 616 break; 617 } 618 attr = RTA_NEXT(attr, attrlen); 619 } 620 621 return 0; 622 } 623 624 625 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv, 626 int ifindex, u8 *buf, size_t len) 627 { 628 if (drv->ifindex == ifindex || drv->ifindex2 == ifindex) 629 return 1; 630 631 if (drv->if_removed && wpa_driver_wext_own_ifname(drv, buf, len)) { 632 drv->ifindex = if_nametoindex(drv->ifname); 633 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed " 634 "interface"); 635 wpa_driver_wext_finish_drv_init(drv); 636 return 1; 637 } 638 639 return 0; 640 } 641 642 643 static void wpa_driver_wext_event_rtm_newlink(void *ctx, struct ifinfomsg *ifi, 644 u8 *buf, size_t len) 645 { 646 struct wpa_driver_wext_data *drv = ctx; 647 int attrlen, rta_len; 648 struct rtattr *attr; 649 char namebuf[IFNAMSIZ]; 650 651 if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, buf, len)) { 652 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d", 653 ifi->ifi_index); 654 return; 655 } 656 657 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 658 "(%s%s%s%s)", 659 drv->operstate, ifi->ifi_flags, 660 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 661 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 662 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 663 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 664 665 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 666 wpa_printf(MSG_DEBUG, "WEXT: Interface down"); 667 drv->if_disabled = 1; 668 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL); 669 } 670 671 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 672 if (if_indextoname(ifi->ifi_index, namebuf) && 673 linux_iface_up(drv->ioctl_sock, drv->ifname) == 0) { 674 wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up " 675 "event since interface %s is down", 676 namebuf); 677 } else if (if_nametoindex(drv->ifname) == 0) { 678 wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up " 679 "event since interface %s does not exist", 680 drv->ifname); 681 } else if (drv->if_removed) { 682 wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up " 683 "event since interface %s is marked " 684 "removed", drv->ifname); 685 } else { 686 wpa_printf(MSG_DEBUG, "WEXT: Interface up"); 687 drv->if_disabled = 0; 688 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, 689 NULL); 690 } 691 } 692 693 /* 694 * Some drivers send the association event before the operup event--in 695 * this case, lifting operstate in wpa_driver_wext_set_operstate() 696 * fails. This will hit us when wpa_supplicant does not need to do 697 * IEEE 802.1X authentication 698 */ 699 if (drv->operstate == 1 && 700 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 701 !(ifi->ifi_flags & IFF_RUNNING)) 702 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 703 -1, IF_OPER_UP); 704 705 attrlen = len; 706 attr = (struct rtattr *) buf; 707 708 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 709 while (RTA_OK(attr, attrlen)) { 710 if (attr->rta_type == IFLA_WIRELESS) { 711 wpa_driver_wext_event_wireless( 712 drv, ((char *) attr) + rta_len, 713 attr->rta_len - rta_len); 714 } else if (attr->rta_type == IFLA_IFNAME) { 715 wpa_driver_wext_event_link(drv, 716 ((char *) attr) + rta_len, 717 attr->rta_len - rta_len, 0); 718 } 719 attr = RTA_NEXT(attr, attrlen); 720 } 721 } 722 723 724 static void wpa_driver_wext_event_rtm_dellink(void *ctx, struct ifinfomsg *ifi, 725 u8 *buf, size_t len) 726 { 727 struct wpa_driver_wext_data *drv = ctx; 728 int attrlen, rta_len; 729 struct rtattr *attr; 730 731 attrlen = len; 732 attr = (struct rtattr *) buf; 733 734 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 735 while (RTA_OK(attr, attrlen)) { 736 if (attr->rta_type == IFLA_IFNAME) { 737 wpa_driver_wext_event_link(drv, 738 ((char *) attr) + rta_len, 739 attr->rta_len - rta_len, 1); 740 } 741 attr = RTA_NEXT(attr, attrlen); 742 } 743 } 744 745 746 static void wpa_driver_wext_rfkill_blocked(void *ctx) 747 { 748 wpa_printf(MSG_DEBUG, "WEXT: RFKILL blocked"); 749 /* 750 * This may be for any interface; use ifdown event to disable 751 * interface. 752 */ 753 } 754 755 756 static void wpa_driver_wext_rfkill_unblocked(void *ctx) 757 { 758 struct wpa_driver_wext_data *drv = ctx; 759 wpa_printf(MSG_DEBUG, "WEXT: RFKILL unblocked"); 760 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1)) { 761 wpa_printf(MSG_DEBUG, "WEXT: Could not set interface UP " 762 "after rfkill unblock"); 763 return; 764 } 765 /* rtnetlink ifup handler will report interface as enabled */ 766 } 767 768 769 static void wext_get_phy_name(struct wpa_driver_wext_data *drv) 770 { 771 /* Find phy (radio) to which this interface belongs */ 772 char buf[90], *pos; 773 int f, rv; 774 775 drv->phyname[0] = '\0'; 776 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name", 777 drv->ifname); 778 f = open(buf, O_RDONLY); 779 if (f < 0) { 780 wpa_printf(MSG_DEBUG, "Could not open file %s: %s", 781 buf, strerror(errno)); 782 return; 783 } 784 785 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1); 786 close(f); 787 if (rv < 0) { 788 wpa_printf(MSG_DEBUG, "Could not read file %s: %s", 789 buf, strerror(errno)); 790 return; 791 } 792 793 drv->phyname[rv] = '\0'; 794 pos = os_strchr(drv->phyname, '\n'); 795 if (pos) 796 *pos = '\0'; 797 wpa_printf(MSG_DEBUG, "wext: interface %s phy: %s", 798 drv->ifname, drv->phyname); 799 } 800 801 802 /** 803 * wpa_driver_wext_init - Initialize WE driver interface 804 * @ctx: context to be used when calling wpa_supplicant functions, 805 * e.g., wpa_supplicant_event() 806 * @ifname: interface name, e.g., wlan0 807 * Returns: Pointer to private data, %NULL on failure 808 */ 809 void * wpa_driver_wext_init(void *ctx, const char *ifname) 810 { 811 struct wpa_driver_wext_data *drv; 812 struct netlink_config *cfg; 813 struct rfkill_config *rcfg; 814 char path[128]; 815 struct stat buf; 816 817 drv = os_zalloc(sizeof(*drv)); 818 if (drv == NULL) 819 return NULL; 820 drv->ctx = ctx; 821 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname)); 822 823 os_snprintf(path, sizeof(path), "/sys/class/net/%s/phy80211", ifname); 824 if (stat(path, &buf) == 0) { 825 wpa_printf(MSG_DEBUG, "WEXT: cfg80211-based driver detected"); 826 drv->cfg80211 = 1; 827 wext_get_phy_name(drv); 828 } 829 830 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 831 if (drv->ioctl_sock < 0) { 832 perror("socket(PF_INET,SOCK_DGRAM)"); 833 goto err1; 834 } 835 836 cfg = os_zalloc(sizeof(*cfg)); 837 if (cfg == NULL) 838 goto err1; 839 cfg->ctx = drv; 840 cfg->newlink_cb = wpa_driver_wext_event_rtm_newlink; 841 cfg->dellink_cb = wpa_driver_wext_event_rtm_dellink; 842 drv->netlink = netlink_init(cfg); 843 if (drv->netlink == NULL) { 844 os_free(cfg); 845 goto err2; 846 } 847 848 rcfg = os_zalloc(sizeof(*rcfg)); 849 if (rcfg == NULL) 850 goto err3; 851 rcfg->ctx = drv; 852 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 853 rcfg->blocked_cb = wpa_driver_wext_rfkill_blocked; 854 rcfg->unblocked_cb = wpa_driver_wext_rfkill_unblocked; 855 drv->rfkill = rfkill_init(rcfg); 856 if (drv->rfkill == NULL) { 857 wpa_printf(MSG_DEBUG, "WEXT: RFKILL status not available"); 858 os_free(rcfg); 859 } 860 861 drv->mlme_sock = -1; 862 863 #ifdef ANDROID 864 drv->errors = 0; 865 drv->driver_is_started = TRUE; 866 drv->bgscan_enabled = 0; 867 #endif /* ANDROID */ 868 869 if (wpa_driver_wext_finish_drv_init(drv) < 0) 870 goto err3; 871 872 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 1); 873 874 return drv; 875 876 err3: 877 rfkill_deinit(drv->rfkill); 878 netlink_deinit(drv->netlink); 879 err2: 880 close(drv->ioctl_sock); 881 err1: 882 os_free(drv); 883 return NULL; 884 } 885 886 887 static void wpa_driver_wext_send_rfkill(void *eloop_ctx, void *timeout_ctx) 888 { 889 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 890 } 891 892 893 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv) 894 { 895 int send_rfkill_event = 0; 896 897 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1) < 0) { 898 if (rfkill_is_blocked(drv->rfkill)) { 899 wpa_printf(MSG_DEBUG, "WEXT: Could not yet enable " 900 "interface '%s' due to rfkill", 901 drv->ifname); 902 drv->if_disabled = 1; 903 send_rfkill_event = 1; 904 } else { 905 wpa_printf(MSG_ERROR, "WEXT: Could not set " 906 "interface '%s' UP", drv->ifname); 907 return -1; 908 } 909 } 910 911 /* 912 * Make sure that the driver does not have any obsolete PMKID entries. 913 */ 914 wpa_driver_wext_flush_pmkid(drv); 915 916 if (wpa_driver_wext_set_mode(drv, 0) < 0) { 917 wpa_printf(MSG_DEBUG, "Could not configure driver to use " 918 "managed mode"); 919 /* Try to use it anyway */ 920 } 921 922 wpa_driver_wext_get_range(drv); 923 924 /* 925 * Unlock the driver's BSSID and force to a random SSID to clear any 926 * previous association the driver might have when the supplicant 927 * starts up. 928 */ 929 wpa_driver_wext_disconnect(drv); 930 931 drv->ifindex = if_nametoindex(drv->ifname); 932 933 if (os_strncmp(drv->ifname, "wlan", 4) == 0) { 934 /* 935 * Host AP driver may use both wlan# and wifi# interface in 936 * wireless events. Since some of the versions included WE-18 937 * support, let's add the alternative ifindex also from 938 * driver_wext.c for the time being. This may be removed at 939 * some point once it is believed that old versions of the 940 * driver are not in use anymore. 941 */ 942 char ifname2[IFNAMSIZ + 1]; 943 os_strlcpy(ifname2, drv->ifname, sizeof(ifname2)); 944 os_memcpy(ifname2, "wifi", 4); 945 wpa_driver_wext_alternative_ifindex(drv, ifname2); 946 } 947 948 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 949 1, IF_OPER_DORMANT); 950 951 if (send_rfkill_event) { 952 eloop_register_timeout(0, 0, wpa_driver_wext_send_rfkill, 953 drv, drv->ctx); 954 } 955 956 return 0; 957 } 958 959 960 /** 961 * wpa_driver_wext_deinit - Deinitialize WE driver interface 962 * @priv: Pointer to private wext data from wpa_driver_wext_init() 963 * 964 * Shut down driver interface and processing of driver events. Free 965 * private data buffer if one was allocated in wpa_driver_wext_init(). 966 */ 967 void wpa_driver_wext_deinit(void *priv) 968 { 969 struct wpa_driver_wext_data *drv = priv; 970 971 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 0); 972 973 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx); 974 975 /* 976 * Clear possibly configured driver parameters in order to make it 977 * easier to use the driver after wpa_supplicant has been terminated. 978 */ 979 wpa_driver_wext_disconnect(drv); 980 981 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP); 982 netlink_deinit(drv->netlink); 983 rfkill_deinit(drv->rfkill); 984 985 if (drv->mlme_sock >= 0) 986 eloop_unregister_read_sock(drv->mlme_sock); 987 988 (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0); 989 990 close(drv->ioctl_sock); 991 if (drv->mlme_sock >= 0) 992 close(drv->mlme_sock); 993 os_free(drv->assoc_req_ies); 994 os_free(drv->assoc_resp_ies); 995 os_free(drv); 996 } 997 998 999 /** 1000 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion 1001 * @eloop_ctx: Unused 1002 * @timeout_ctx: ctx argument given to wpa_driver_wext_init() 1003 * 1004 * This function can be used as registered timeout when starting a scan to 1005 * generate a scan completed event if the driver does not report this. 1006 */ 1007 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx) 1008 { 1009 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 1010 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 1011 } 1012 1013 1014 /** 1015 * wpa_driver_wext_scan - Request the driver to initiate scan 1016 * @priv: Pointer to private wext data from wpa_driver_wext_init() 1017 * @param: Scan parameters (specific SSID to scan for (ProbeReq), etc.) 1018 * Returns: 0 on success, -1 on failure 1019 */ 1020 int wpa_driver_wext_scan(void *priv, struct wpa_driver_scan_params *params) 1021 { 1022 struct wpa_driver_wext_data *drv = priv; 1023 struct iwreq iwr; 1024 int ret = 0, timeout; 1025 struct iw_scan_req req; 1026 const u8 *ssid = params->ssids[0].ssid; 1027 size_t ssid_len = params->ssids[0].ssid_len; 1028 1029 if (ssid_len > IW_ESSID_MAX_SIZE) { 1030 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)", 1031 __FUNCTION__, (unsigned long) ssid_len); 1032 return -1; 1033 } 1034 1035 os_memset(&iwr, 0, sizeof(iwr)); 1036 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1037 1038 if (ssid && ssid_len) { 1039 os_memset(&req, 0, sizeof(req)); 1040 req.essid_len = ssid_len; 1041 req.bssid.sa_family = ARPHRD_ETHER; 1042 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN); 1043 os_memcpy(req.essid, ssid, ssid_len); 1044 iwr.u.data.pointer = (caddr_t) &req; 1045 iwr.u.data.length = sizeof(req); 1046 iwr.u.data.flags = IW_SCAN_THIS_ESSID; 1047 } 1048 1049 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) { 1050 perror("ioctl[SIOCSIWSCAN]"); 1051 ret = -1; 1052 } 1053 1054 /* Not all drivers generate "scan completed" wireless event, so try to 1055 * read results after a timeout. */ 1056 timeout = 10; 1057 if (drv->scan_complete_events) { 1058 /* 1059 * The driver seems to deliver SIOCGIWSCAN events to notify 1060 * when scan is complete, so use longer timeout to avoid race 1061 * conditions with scanning and following association request. 1062 */ 1063 timeout = 30; 1064 } 1065 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 1066 "seconds", ret, timeout); 1067 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx); 1068 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv, 1069 drv->ctx); 1070 1071 return ret; 1072 } 1073 1074 1075 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv, 1076 size_t *len) 1077 { 1078 struct iwreq iwr; 1079 u8 *res_buf; 1080 size_t res_buf_len; 1081 1082 res_buf_len = IW_SCAN_MAX_DATA; 1083 for (;;) { 1084 res_buf = os_malloc(res_buf_len); 1085 if (res_buf == NULL) 1086 return NULL; 1087 os_memset(&iwr, 0, sizeof(iwr)); 1088 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1089 iwr.u.data.pointer = res_buf; 1090 iwr.u.data.length = res_buf_len; 1091 1092 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0) 1093 break; 1094 1095 if (errno == E2BIG && res_buf_len < 65535) { 1096 os_free(res_buf); 1097 res_buf = NULL; 1098 res_buf_len *= 2; 1099 if (res_buf_len > 65535) 1100 res_buf_len = 65535; /* 16-bit length field */ 1101 wpa_printf(MSG_DEBUG, "Scan results did not fit - " 1102 "trying larger buffer (%lu bytes)", 1103 (unsigned long) res_buf_len); 1104 } else { 1105 perror("ioctl[SIOCGIWSCAN]"); 1106 os_free(res_buf); 1107 return NULL; 1108 } 1109 } 1110 1111 if (iwr.u.data.length > res_buf_len) { 1112 os_free(res_buf); 1113 return NULL; 1114 } 1115 *len = iwr.u.data.length; 1116 1117 return res_buf; 1118 } 1119 1120 1121 /* 1122 * Data structure for collecting WEXT scan results. This is needed to allow 1123 * the various methods of reporting IEs to be combined into a single IE buffer. 1124 */ 1125 struct wext_scan_data { 1126 struct wpa_scan_res res; 1127 u8 *ie; 1128 size_t ie_len; 1129 u8 ssid[32]; 1130 size_t ssid_len; 1131 int maxrate; 1132 }; 1133 1134 1135 static void wext_get_scan_mode(struct iw_event *iwe, 1136 struct wext_scan_data *res) 1137 { 1138 if (iwe->u.mode == IW_MODE_ADHOC) 1139 res->res.caps |= IEEE80211_CAP_IBSS; 1140 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA) 1141 res->res.caps |= IEEE80211_CAP_ESS; 1142 } 1143 1144 1145 static void wext_get_scan_ssid(struct iw_event *iwe, 1146 struct wext_scan_data *res, char *custom, 1147 char *end) 1148 { 1149 int ssid_len = iwe->u.essid.length; 1150 if (custom + ssid_len > end) 1151 return; 1152 if (iwe->u.essid.flags && 1153 ssid_len > 0 && 1154 ssid_len <= IW_ESSID_MAX_SIZE) { 1155 os_memcpy(res->ssid, custom, ssid_len); 1156 res->ssid_len = ssid_len; 1157 } 1158 } 1159 1160 1161 static void wext_get_scan_freq(struct iw_event *iwe, 1162 struct wext_scan_data *res) 1163 { 1164 int divi = 1000000, i; 1165 1166 if (iwe->u.freq.e == 0) { 1167 /* 1168 * Some drivers do not report frequency, but a channel. 1169 * Try to map this to frequency by assuming they are using 1170 * IEEE 802.11b/g. But don't overwrite a previously parsed 1171 * frequency if the driver sends both frequency and channel, 1172 * since the driver may be sending an A-band channel that we 1173 * don't handle here. 1174 */ 1175 1176 if (res->res.freq) 1177 return; 1178 1179 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) { 1180 res->res.freq = 2407 + 5 * iwe->u.freq.m; 1181 return; 1182 } else if (iwe->u.freq.m == 14) { 1183 res->res.freq = 2484; 1184 return; 1185 } 1186 } 1187 1188 if (iwe->u.freq.e > 6) { 1189 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID=" 1190 MACSTR " m=%d e=%d)", 1191 MAC2STR(res->res.bssid), iwe->u.freq.m, 1192 iwe->u.freq.e); 1193 return; 1194 } 1195 1196 for (i = 0; i < iwe->u.freq.e; i++) 1197 divi /= 10; 1198 res->res.freq = iwe->u.freq.m / divi; 1199 } 1200 1201 1202 static void wext_get_scan_qual(struct wpa_driver_wext_data *drv, 1203 struct iw_event *iwe, 1204 struct wext_scan_data *res) 1205 { 1206 res->res.qual = iwe->u.qual.qual; 1207 res->res.noise = iwe->u.qual.noise; 1208 res->res.level = iwe->u.qual.level; 1209 if (iwe->u.qual.updated & IW_QUAL_QUAL_INVALID) 1210 res->res.flags |= WPA_SCAN_QUAL_INVALID; 1211 if (iwe->u.qual.updated & IW_QUAL_LEVEL_INVALID) 1212 res->res.flags |= WPA_SCAN_LEVEL_INVALID; 1213 if (iwe->u.qual.updated & IW_QUAL_NOISE_INVALID) 1214 res->res.flags |= WPA_SCAN_NOISE_INVALID; 1215 if (iwe->u.qual.updated & IW_QUAL_DBM) 1216 res->res.flags |= WPA_SCAN_LEVEL_DBM; 1217 if ((iwe->u.qual.updated & IW_QUAL_DBM) || 1218 ((iwe->u.qual.level != 0) && 1219 (iwe->u.qual.level > drv->max_level))) { 1220 if (iwe->u.qual.level >= 64) 1221 res->res.level -= 0x100; 1222 if (iwe->u.qual.noise >= 64) 1223 res->res.noise -= 0x100; 1224 } 1225 } 1226 1227 1228 static void wext_get_scan_encode(struct iw_event *iwe, 1229 struct wext_scan_data *res) 1230 { 1231 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED)) 1232 res->res.caps |= IEEE80211_CAP_PRIVACY; 1233 } 1234 1235 1236 static void wext_get_scan_rate(struct iw_event *iwe, 1237 struct wext_scan_data *res, char *pos, 1238 char *end) 1239 { 1240 int maxrate; 1241 char *custom = pos + IW_EV_LCP_LEN; 1242 struct iw_param p; 1243 size_t clen; 1244 1245 clen = iwe->len; 1246 if (custom + clen > end) 1247 return; 1248 maxrate = 0; 1249 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) { 1250 /* Note: may be misaligned, make a local, aligned copy */ 1251 os_memcpy(&p, custom, sizeof(struct iw_param)); 1252 if (p.value > maxrate) 1253 maxrate = p.value; 1254 clen -= sizeof(struct iw_param); 1255 custom += sizeof(struct iw_param); 1256 } 1257 1258 /* Convert the maxrate from WE-style (b/s units) to 1259 * 802.11 rates (500000 b/s units). 1260 */ 1261 res->maxrate = maxrate / 500000; 1262 } 1263 1264 1265 static void wext_get_scan_iwevgenie(struct iw_event *iwe, 1266 struct wext_scan_data *res, char *custom, 1267 char *end) 1268 { 1269 char *genie, *gpos, *gend; 1270 u8 *tmp; 1271 1272 if (iwe->u.data.length == 0) 1273 return; 1274 1275 gpos = genie = custom; 1276 gend = genie + iwe->u.data.length; 1277 if (gend > end) { 1278 wpa_printf(MSG_INFO, "IWEVGENIE overflow"); 1279 return; 1280 } 1281 1282 tmp = os_realloc(res->ie, res->ie_len + gend - gpos); 1283 if (tmp == NULL) 1284 return; 1285 os_memcpy(tmp + res->ie_len, gpos, gend - gpos); 1286 res->ie = tmp; 1287 res->ie_len += gend - gpos; 1288 } 1289 1290 1291 static void wext_get_scan_custom(struct iw_event *iwe, 1292 struct wext_scan_data *res, char *custom, 1293 char *end) 1294 { 1295 size_t clen; 1296 u8 *tmp; 1297 1298 clen = iwe->u.data.length; 1299 if (custom + clen > end) 1300 return; 1301 1302 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) { 1303 char *spos; 1304 int bytes; 1305 spos = custom + 7; 1306 bytes = custom + clen - spos; 1307 if (bytes & 1 || bytes == 0) 1308 return; 1309 bytes /= 2; 1310 tmp = os_realloc(res->ie, res->ie_len + bytes); 1311 if (tmp == NULL) 1312 return; 1313 res->ie = tmp; 1314 if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0) 1315 return; 1316 res->ie_len += bytes; 1317 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) { 1318 char *spos; 1319 int bytes; 1320 spos = custom + 7; 1321 bytes = custom + clen - spos; 1322 if (bytes & 1 || bytes == 0) 1323 return; 1324 bytes /= 2; 1325 tmp = os_realloc(res->ie, res->ie_len + bytes); 1326 if (tmp == NULL) 1327 return; 1328 res->ie = tmp; 1329 if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0) 1330 return; 1331 res->ie_len += bytes; 1332 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) { 1333 char *spos; 1334 int bytes; 1335 u8 bin[8]; 1336 spos = custom + 4; 1337 bytes = custom + clen - spos; 1338 if (bytes != 16) { 1339 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes); 1340 return; 1341 } 1342 bytes /= 2; 1343 if (hexstr2bin(spos, bin, bytes) < 0) { 1344 wpa_printf(MSG_DEBUG, "WEXT: Invalid TSF value"); 1345 return; 1346 } 1347 res->res.tsf += WPA_GET_BE64(bin); 1348 } 1349 } 1350 1351 1352 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd) 1353 { 1354 return drv->we_version_compiled > 18 && 1355 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE || 1356 cmd == IWEVGENIE || cmd == IWEVCUSTOM); 1357 } 1358 1359 1360 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res, 1361 struct wext_scan_data *data) 1362 { 1363 struct wpa_scan_res **tmp; 1364 struct wpa_scan_res *r; 1365 size_t extra_len; 1366 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL; 1367 1368 /* Figure out whether we need to fake any IEs */ 1369 pos = data->ie; 1370 end = pos + data->ie_len; 1371 while (pos && pos + 1 < end) { 1372 if (pos + 2 + pos[1] > end) 1373 break; 1374 if (pos[0] == WLAN_EID_SSID) 1375 ssid_ie = pos; 1376 else if (pos[0] == WLAN_EID_SUPP_RATES) 1377 rate_ie = pos; 1378 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES) 1379 rate_ie = pos; 1380 pos += 2 + pos[1]; 1381 } 1382 1383 extra_len = 0; 1384 if (ssid_ie == NULL) 1385 extra_len += 2 + data->ssid_len; 1386 if (rate_ie == NULL && data->maxrate) 1387 extra_len += 3; 1388 1389 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len); 1390 if (r == NULL) 1391 return; 1392 os_memcpy(r, &data->res, sizeof(*r)); 1393 r->ie_len = extra_len + data->ie_len; 1394 pos = (u8 *) (r + 1); 1395 if (ssid_ie == NULL) { 1396 /* 1397 * Generate a fake SSID IE since the driver did not report 1398 * a full IE list. 1399 */ 1400 *pos++ = WLAN_EID_SSID; 1401 *pos++ = data->ssid_len; 1402 os_memcpy(pos, data->ssid, data->ssid_len); 1403 pos += data->ssid_len; 1404 } 1405 if (rate_ie == NULL && data->maxrate) { 1406 /* 1407 * Generate a fake Supported Rates IE since the driver did not 1408 * report a full IE list. 1409 */ 1410 *pos++ = WLAN_EID_SUPP_RATES; 1411 *pos++ = 1; 1412 *pos++ = data->maxrate; 1413 } 1414 if (data->ie) 1415 os_memcpy(pos, data->ie, data->ie_len); 1416 1417 tmp = os_realloc_array(res->res, res->num + 1, 1418 sizeof(struct wpa_scan_res *)); 1419 if (tmp == NULL) { 1420 os_free(r); 1421 return; 1422 } 1423 tmp[res->num++] = r; 1424 res->res = tmp; 1425 } 1426 1427 1428 /** 1429 * wpa_driver_wext_get_scan_results - Fetch the latest scan results 1430 * @priv: Pointer to private wext data from wpa_driver_wext_init() 1431 * Returns: Scan results on success, -1 on failure 1432 */ 1433 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv) 1434 { 1435 struct wpa_driver_wext_data *drv = priv; 1436 size_t len; 1437 int first; 1438 u8 *res_buf; 1439 struct iw_event iwe_buf, *iwe = &iwe_buf; 1440 char *pos, *end, *custom; 1441 struct wpa_scan_results *res; 1442 struct wext_scan_data data; 1443 1444 res_buf = wpa_driver_wext_giwscan(drv, &len); 1445 if (res_buf == NULL) 1446 return NULL; 1447 1448 first = 1; 1449 1450 res = os_zalloc(sizeof(*res)); 1451 if (res == NULL) { 1452 os_free(res_buf); 1453 return NULL; 1454 } 1455 1456 pos = (char *) res_buf; 1457 end = (char *) res_buf + len; 1458 os_memset(&data, 0, sizeof(data)); 1459 1460 while (pos + IW_EV_LCP_LEN <= end) { 1461 /* Event data may be unaligned, so make a local, aligned copy 1462 * before processing. */ 1463 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN); 1464 if (iwe->len <= IW_EV_LCP_LEN) 1465 break; 1466 1467 custom = pos + IW_EV_POINT_LEN; 1468 if (wext_19_iw_point(drv, iwe->cmd)) { 1469 /* WE-19 removed the pointer from struct iw_point */ 1470 char *dpos = (char *) &iwe_buf.u.data.length; 1471 int dlen = dpos - (char *) &iwe_buf; 1472 os_memcpy(dpos, pos + IW_EV_LCP_LEN, 1473 sizeof(struct iw_event) - dlen); 1474 } else { 1475 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event)); 1476 custom += IW_EV_POINT_OFF; 1477 } 1478 1479 switch (iwe->cmd) { 1480 case SIOCGIWAP: 1481 if (!first) 1482 wpa_driver_wext_add_scan_entry(res, &data); 1483 first = 0; 1484 os_free(data.ie); 1485 os_memset(&data, 0, sizeof(data)); 1486 os_memcpy(data.res.bssid, 1487 iwe->u.ap_addr.sa_data, ETH_ALEN); 1488 break; 1489 case SIOCGIWMODE: 1490 wext_get_scan_mode(iwe, &data); 1491 break; 1492 case SIOCGIWESSID: 1493 wext_get_scan_ssid(iwe, &data, custom, end); 1494 break; 1495 case SIOCGIWFREQ: 1496 wext_get_scan_freq(iwe, &data); 1497 break; 1498 case IWEVQUAL: 1499 wext_get_scan_qual(drv, iwe, &data); 1500 break; 1501 case SIOCGIWENCODE: 1502 wext_get_scan_encode(iwe, &data); 1503 break; 1504 case SIOCGIWRATE: 1505 wext_get_scan_rate(iwe, &data, pos, end); 1506 break; 1507 case IWEVGENIE: 1508 wext_get_scan_iwevgenie(iwe, &data, custom, end); 1509 break; 1510 case IWEVCUSTOM: 1511 wext_get_scan_custom(iwe, &data, custom, end); 1512 break; 1513 } 1514 1515 pos += iwe->len; 1516 } 1517 os_free(res_buf); 1518 res_buf = NULL; 1519 if (!first) 1520 wpa_driver_wext_add_scan_entry(res, &data); 1521 os_free(data.ie); 1522 1523 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)", 1524 (unsigned long) len, (unsigned long) res->num); 1525 1526 return res; 1527 } 1528 1529 1530 static int wpa_driver_wext_get_range(void *priv) 1531 { 1532 struct wpa_driver_wext_data *drv = priv; 1533 struct iw_range *range; 1534 struct iwreq iwr; 1535 int minlen; 1536 size_t buflen; 1537 1538 /* 1539 * Use larger buffer than struct iw_range in order to allow the 1540 * structure to grow in the future. 1541 */ 1542 buflen = sizeof(struct iw_range) + 500; 1543 range = os_zalloc(buflen); 1544 if (range == NULL) 1545 return -1; 1546 1547 os_memset(&iwr, 0, sizeof(iwr)); 1548 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1549 iwr.u.data.pointer = (caddr_t) range; 1550 iwr.u.data.length = buflen; 1551 1552 minlen = ((char *) &range->enc_capa) - (char *) range + 1553 sizeof(range->enc_capa); 1554 1555 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) { 1556 perror("ioctl[SIOCGIWRANGE]"); 1557 os_free(range); 1558 return -1; 1559 } else if (iwr.u.data.length >= minlen && 1560 range->we_version_compiled >= 18) { 1561 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d " 1562 "WE(source)=%d enc_capa=0x%x", 1563 range->we_version_compiled, 1564 range->we_version_source, 1565 range->enc_capa); 1566 drv->has_capability = 1; 1567 drv->we_version_compiled = range->we_version_compiled; 1568 if (range->enc_capa & IW_ENC_CAPA_WPA) { 1569 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA | 1570 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK; 1571 } 1572 if (range->enc_capa & IW_ENC_CAPA_WPA2) { 1573 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 1574 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 1575 } 1576 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 | 1577 WPA_DRIVER_CAPA_ENC_WEP104; 1578 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP128; 1579 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP) 1580 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; 1581 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP) 1582 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; 1583 if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE) 1584 drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE; 1585 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 1586 WPA_DRIVER_AUTH_SHARED | 1587 WPA_DRIVER_AUTH_LEAP; 1588 drv->capa.max_scan_ssids = 1; 1589 1590 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x " 1591 "flags 0x%x", 1592 drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags); 1593 } else { 1594 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - " 1595 "assuming WPA is not supported"); 1596 } 1597 1598 drv->max_level = range->max_qual.level; 1599 1600 os_free(range); 1601 return 0; 1602 } 1603 1604 1605 static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv, 1606 const u8 *psk) 1607 { 1608 struct iw_encode_ext *ext; 1609 struct iwreq iwr; 1610 int ret; 1611 1612 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1613 1614 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) 1615 return 0; 1616 1617 if (!psk) 1618 return 0; 1619 1620 os_memset(&iwr, 0, sizeof(iwr)); 1621 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1622 1623 ext = os_zalloc(sizeof(*ext) + PMK_LEN); 1624 if (ext == NULL) 1625 return -1; 1626 1627 iwr.u.encoding.pointer = (caddr_t) ext; 1628 iwr.u.encoding.length = sizeof(*ext) + PMK_LEN; 1629 ext->key_len = PMK_LEN; 1630 os_memcpy(&ext->key, psk, ext->key_len); 1631 ext->alg = IW_ENCODE_ALG_PMK; 1632 1633 ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr); 1634 if (ret < 0) 1635 perror("ioctl[SIOCSIWENCODEEXT] PMK"); 1636 os_free(ext); 1637 1638 return ret; 1639 } 1640 1641 1642 static int wpa_driver_wext_set_key_ext(void *priv, enum wpa_alg alg, 1643 const u8 *addr, int key_idx, 1644 int set_tx, const u8 *seq, 1645 size_t seq_len, 1646 const u8 *key, size_t key_len) 1647 { 1648 struct wpa_driver_wext_data *drv = priv; 1649 struct iwreq iwr; 1650 int ret = 0; 1651 struct iw_encode_ext *ext; 1652 1653 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) { 1654 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu", 1655 __FUNCTION__, (unsigned long) seq_len); 1656 return -1; 1657 } 1658 1659 ext = os_zalloc(sizeof(*ext) + key_len); 1660 if (ext == NULL) 1661 return -1; 1662 os_memset(&iwr, 0, sizeof(iwr)); 1663 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1664 iwr.u.encoding.flags = key_idx + 1; 1665 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1666 if (alg == WPA_ALG_NONE) 1667 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 1668 iwr.u.encoding.pointer = (caddr_t) ext; 1669 iwr.u.encoding.length = sizeof(*ext) + key_len; 1670 1671 if (addr == NULL || is_broadcast_ether_addr(addr)) 1672 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY; 1673 if (set_tx) 1674 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY; 1675 1676 ext->addr.sa_family = ARPHRD_ETHER; 1677 if (addr) 1678 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN); 1679 else 1680 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN); 1681 if (key && key_len) { 1682 os_memcpy(ext + 1, key, key_len); 1683 ext->key_len = key_len; 1684 } 1685 switch (alg) { 1686 case WPA_ALG_NONE: 1687 ext->alg = IW_ENCODE_ALG_NONE; 1688 break; 1689 case WPA_ALG_WEP: 1690 ext->alg = IW_ENCODE_ALG_WEP; 1691 break; 1692 case WPA_ALG_TKIP: 1693 ext->alg = IW_ENCODE_ALG_TKIP; 1694 break; 1695 case WPA_ALG_CCMP: 1696 ext->alg = IW_ENCODE_ALG_CCMP; 1697 break; 1698 case WPA_ALG_PMK: 1699 ext->alg = IW_ENCODE_ALG_PMK; 1700 break; 1701 #ifdef CONFIG_IEEE80211W 1702 case WPA_ALG_IGTK: 1703 ext->alg = IW_ENCODE_ALG_AES_CMAC; 1704 break; 1705 #endif /* CONFIG_IEEE80211W */ 1706 default: 1707 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d", 1708 __FUNCTION__, alg); 1709 os_free(ext); 1710 return -1; 1711 } 1712 1713 if (seq && seq_len) { 1714 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID; 1715 os_memcpy(ext->rx_seq, seq, seq_len); 1716 } 1717 1718 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) { 1719 ret = errno == EOPNOTSUPP ? -2 : -1; 1720 if (errno == ENODEV) { 1721 /* 1722 * ndiswrapper seems to be returning incorrect error 1723 * code.. */ 1724 ret = -2; 1725 } 1726 1727 perror("ioctl[SIOCSIWENCODEEXT]"); 1728 } 1729 1730 os_free(ext); 1731 return ret; 1732 } 1733 1734 1735 /** 1736 * wpa_driver_wext_set_key - Configure encryption key 1737 * @priv: Pointer to private wext data from wpa_driver_wext_init() 1738 * @priv: Private driver interface data 1739 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP, 1740 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key. 1741 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for 1742 * broadcast/default keys 1743 * @key_idx: key index (0..3), usually 0 for unicast keys 1744 * @set_tx: Configure this key as the default Tx key (only used when 1745 * driver does not support separate unicast/individual key 1746 * @seq: Sequence number/packet number, seq_len octets, the next 1747 * packet number to be used for in replay protection; configured 1748 * for Rx keys (in most cases, this is only used with broadcast 1749 * keys and set to zero for unicast keys) 1750 * @seq_len: Length of the seq, depends on the algorithm: 1751 * TKIP: 6 octets, CCMP: 6 octets 1752 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key, 1753 * 8-byte Rx Mic Key 1754 * @key_len: Length of the key buffer in octets (WEP: 5 or 13, 1755 * TKIP: 32, CCMP: 16) 1756 * Returns: 0 on success, -1 on failure 1757 * 1758 * This function uses SIOCSIWENCODEEXT by default, but tries to use 1759 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key. 1760 */ 1761 int wpa_driver_wext_set_key(const char *ifname, void *priv, enum wpa_alg alg, 1762 const u8 *addr, int key_idx, 1763 int set_tx, const u8 *seq, size_t seq_len, 1764 const u8 *key, size_t key_len) 1765 { 1766 struct wpa_driver_wext_data *drv = priv; 1767 struct iwreq iwr; 1768 int ret = 0; 1769 1770 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu " 1771 "key_len=%lu", 1772 __FUNCTION__, alg, key_idx, set_tx, 1773 (unsigned long) seq_len, (unsigned long) key_len); 1774 1775 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx, 1776 seq, seq_len, key, key_len); 1777 if (ret == 0) 1778 return 0; 1779 1780 if (ret == -2 && 1781 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) { 1782 wpa_printf(MSG_DEBUG, "Driver did not support " 1783 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE"); 1784 ret = 0; 1785 } else { 1786 wpa_printf(MSG_DEBUG, "Driver did not support " 1787 "SIOCSIWENCODEEXT"); 1788 return ret; 1789 } 1790 1791 os_memset(&iwr, 0, sizeof(iwr)); 1792 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1793 iwr.u.encoding.flags = key_idx + 1; 1794 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1795 if (alg == WPA_ALG_NONE) 1796 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 1797 iwr.u.encoding.pointer = (caddr_t) key; 1798 iwr.u.encoding.length = key_len; 1799 1800 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 1801 perror("ioctl[SIOCSIWENCODE]"); 1802 ret = -1; 1803 } 1804 1805 if (set_tx && alg != WPA_ALG_NONE) { 1806 os_memset(&iwr, 0, sizeof(iwr)); 1807 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1808 iwr.u.encoding.flags = key_idx + 1; 1809 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1810 iwr.u.encoding.pointer = (caddr_t) NULL; 1811 iwr.u.encoding.length = 0; 1812 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 1813 perror("ioctl[SIOCSIWENCODE] (set_tx)"); 1814 ret = -1; 1815 } 1816 } 1817 1818 return ret; 1819 } 1820 1821 1822 static int wpa_driver_wext_set_countermeasures(void *priv, 1823 int enabled) 1824 { 1825 struct wpa_driver_wext_data *drv = priv; 1826 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1827 return wpa_driver_wext_set_auth_param(drv, 1828 IW_AUTH_TKIP_COUNTERMEASURES, 1829 enabled); 1830 } 1831 1832 1833 static int wpa_driver_wext_set_drop_unencrypted(void *priv, 1834 int enabled) 1835 { 1836 struct wpa_driver_wext_data *drv = priv; 1837 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1838 drv->use_crypt = enabled; 1839 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED, 1840 enabled); 1841 } 1842 1843 1844 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv, 1845 const u8 *addr, int cmd, int reason_code) 1846 { 1847 struct iwreq iwr; 1848 struct iw_mlme mlme; 1849 int ret = 0; 1850 1851 os_memset(&iwr, 0, sizeof(iwr)); 1852 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1853 os_memset(&mlme, 0, sizeof(mlme)); 1854 mlme.cmd = cmd; 1855 mlme.reason_code = reason_code; 1856 mlme.addr.sa_family = ARPHRD_ETHER; 1857 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN); 1858 iwr.u.data.pointer = (caddr_t) &mlme; 1859 iwr.u.data.length = sizeof(mlme); 1860 1861 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) { 1862 perror("ioctl[SIOCSIWMLME]"); 1863 ret = -1; 1864 } 1865 1866 return ret; 1867 } 1868 1869 1870 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv) 1871 { 1872 struct iwreq iwr; 1873 const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 }; 1874 #ifndef ANDROID 1875 u8 ssid[32]; 1876 int i; 1877 #endif /* ANDROID */ 1878 1879 /* 1880 * Only force-disconnect when the card is in infrastructure mode, 1881 * otherwise the driver might interpret the cleared BSSID and random 1882 * SSID as an attempt to create a new ad-hoc network. 1883 */ 1884 os_memset(&iwr, 0, sizeof(iwr)); 1885 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1886 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) { 1887 perror("ioctl[SIOCGIWMODE]"); 1888 iwr.u.mode = IW_MODE_INFRA; 1889 } 1890 1891 if (iwr.u.mode == IW_MODE_INFRA) { 1892 /* Clear the BSSID selection */ 1893 if (wpa_driver_wext_set_bssid(drv, null_bssid) < 0) { 1894 wpa_printf(MSG_DEBUG, "WEXT: Failed to clear BSSID " 1895 "selection on disconnect"); 1896 } 1897 1898 #ifndef ANDROID 1899 if (drv->cfg80211) { 1900 /* 1901 * cfg80211 supports SIOCSIWMLME commands, so there is 1902 * no need for the random SSID hack, but clear the 1903 * SSID. 1904 */ 1905 if (wpa_driver_wext_set_ssid(drv, (u8 *) "", 0) < 0) { 1906 wpa_printf(MSG_DEBUG, "WEXT: Failed to clear " 1907 "SSID on disconnect"); 1908 } 1909 return; 1910 } 1911 1912 /* 1913 * Set a random SSID to make sure the driver will not be trying 1914 * to associate with something even if it does not understand 1915 * SIOCSIWMLME commands (or tries to associate automatically 1916 * after deauth/disassoc). 1917 */ 1918 for (i = 0; i < 32; i++) 1919 ssid[i] = rand() & 0xFF; 1920 if (wpa_driver_wext_set_ssid(drv, ssid, 32) < 0) { 1921 wpa_printf(MSG_DEBUG, "WEXT: Failed to set bogus " 1922 "SSID to disconnect"); 1923 } 1924 #endif /* ANDROID */ 1925 } 1926 } 1927 1928 1929 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr, 1930 int reason_code) 1931 { 1932 struct wpa_driver_wext_data *drv = priv; 1933 int ret; 1934 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1935 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code); 1936 wpa_driver_wext_disconnect(drv); 1937 return ret; 1938 } 1939 1940 1941 static int wpa_driver_wext_disassociate(void *priv, const u8 *addr, 1942 int reason_code) 1943 { 1944 struct wpa_driver_wext_data *drv = priv; 1945 int ret; 1946 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1947 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DISASSOC, reason_code); 1948 wpa_driver_wext_disconnect(drv); 1949 return ret; 1950 } 1951 1952 1953 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie, 1954 size_t ie_len) 1955 { 1956 struct wpa_driver_wext_data *drv = priv; 1957 struct iwreq iwr; 1958 int ret = 0; 1959 1960 os_memset(&iwr, 0, sizeof(iwr)); 1961 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1962 iwr.u.data.pointer = (caddr_t) ie; 1963 iwr.u.data.length = ie_len; 1964 1965 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) { 1966 perror("ioctl[SIOCSIWGENIE]"); 1967 ret = -1; 1968 } 1969 1970 return ret; 1971 } 1972 1973 1974 int wpa_driver_wext_cipher2wext(int cipher) 1975 { 1976 switch (cipher) { 1977 case CIPHER_NONE: 1978 return IW_AUTH_CIPHER_NONE; 1979 case CIPHER_WEP40: 1980 return IW_AUTH_CIPHER_WEP40; 1981 case CIPHER_TKIP: 1982 return IW_AUTH_CIPHER_TKIP; 1983 case CIPHER_CCMP: 1984 return IW_AUTH_CIPHER_CCMP; 1985 case CIPHER_WEP104: 1986 return IW_AUTH_CIPHER_WEP104; 1987 default: 1988 return 0; 1989 } 1990 } 1991 1992 1993 int wpa_driver_wext_keymgmt2wext(int keymgmt) 1994 { 1995 switch (keymgmt) { 1996 case KEY_MGMT_802_1X: 1997 case KEY_MGMT_802_1X_NO_WPA: 1998 return IW_AUTH_KEY_MGMT_802_1X; 1999 case KEY_MGMT_PSK: 2000 return IW_AUTH_KEY_MGMT_PSK; 2001 default: 2002 return 0; 2003 } 2004 } 2005 2006 2007 static int 2008 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv, 2009 struct wpa_driver_associate_params *params) 2010 { 2011 struct iwreq iwr; 2012 int ret = 0; 2013 2014 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support " 2015 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE"); 2016 2017 os_memset(&iwr, 0, sizeof(iwr)); 2018 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2019 /* Just changing mode, not actual keys */ 2020 iwr.u.encoding.flags = 0; 2021 iwr.u.encoding.pointer = (caddr_t) NULL; 2022 iwr.u.encoding.length = 0; 2023 2024 /* 2025 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two 2026 * different things. Here they are used to indicate Open System vs. 2027 * Shared Key authentication algorithm. However, some drivers may use 2028 * them to select between open/restricted WEP encrypted (open = allow 2029 * both unencrypted and encrypted frames; restricted = only allow 2030 * encrypted frames). 2031 */ 2032 2033 if (!drv->use_crypt) { 2034 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 2035 } else { 2036 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 2037 iwr.u.encoding.flags |= IW_ENCODE_OPEN; 2038 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 2039 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED; 2040 } 2041 2042 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 2043 perror("ioctl[SIOCSIWENCODE]"); 2044 ret = -1; 2045 } 2046 2047 return ret; 2048 } 2049 2050 2051 int wpa_driver_wext_associate(void *priv, 2052 struct wpa_driver_associate_params *params) 2053 { 2054 struct wpa_driver_wext_data *drv = priv; 2055 int ret = 0; 2056 int allow_unencrypted_eapol; 2057 int value; 2058 2059 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 2060 2061 if (drv->cfg80211) { 2062 /* 2063 * Stop cfg80211 from trying to associate before we are done 2064 * with all parameters. 2065 */ 2066 wpa_driver_wext_set_ssid(drv, (u8 *) "", 0); 2067 } 2068 2069 if (wpa_driver_wext_set_drop_unencrypted(drv, params->drop_unencrypted) 2070 < 0) 2071 ret = -1; 2072 if (wpa_driver_wext_set_auth_alg(drv, params->auth_alg) < 0) 2073 ret = -1; 2074 if (wpa_driver_wext_set_mode(drv, params->mode) < 0) 2075 ret = -1; 2076 2077 /* 2078 * If the driver did not support SIOCSIWAUTH, fallback to 2079 * SIOCSIWENCODE here. 2080 */ 2081 if (drv->auth_alg_fallback && 2082 wpa_driver_wext_auth_alg_fallback(drv, params) < 0) 2083 ret = -1; 2084 2085 if (!params->bssid && 2086 wpa_driver_wext_set_bssid(drv, NULL) < 0) 2087 ret = -1; 2088 2089 /* TODO: should consider getting wpa version and cipher/key_mgmt suites 2090 * from configuration, not from here, where only the selected suite is 2091 * available */ 2092 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len) 2093 < 0) 2094 ret = -1; 2095 if (params->wpa_ie == NULL || params->wpa_ie_len == 0) 2096 value = IW_AUTH_WPA_VERSION_DISABLED; 2097 else if (params->wpa_ie[0] == WLAN_EID_RSN) 2098 value = IW_AUTH_WPA_VERSION_WPA2; 2099 else 2100 value = IW_AUTH_WPA_VERSION_WPA; 2101 if (wpa_driver_wext_set_auth_param(drv, 2102 IW_AUTH_WPA_VERSION, value) < 0) 2103 ret = -1; 2104 value = wpa_driver_wext_cipher2wext(params->pairwise_suite); 2105 if (wpa_driver_wext_set_auth_param(drv, 2106 IW_AUTH_CIPHER_PAIRWISE, value) < 0) 2107 ret = -1; 2108 value = wpa_driver_wext_cipher2wext(params->group_suite); 2109 if (wpa_driver_wext_set_auth_param(drv, 2110 IW_AUTH_CIPHER_GROUP, value) < 0) 2111 ret = -1; 2112 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite); 2113 if (wpa_driver_wext_set_auth_param(drv, 2114 IW_AUTH_KEY_MGMT, value) < 0) 2115 ret = -1; 2116 value = params->key_mgmt_suite != KEY_MGMT_NONE || 2117 params->pairwise_suite != CIPHER_NONE || 2118 params->group_suite != CIPHER_NONE || 2119 params->wpa_ie_len; 2120 if (wpa_driver_wext_set_auth_param(drv, 2121 IW_AUTH_PRIVACY_INVOKED, value) < 0) 2122 ret = -1; 2123 2124 /* Allow unencrypted EAPOL messages even if pairwise keys are set when 2125 * not using WPA. IEEE 802.1X specifies that these frames are not 2126 * encrypted, but WPA encrypts them when pairwise keys are in use. */ 2127 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 2128 params->key_mgmt_suite == KEY_MGMT_PSK) 2129 allow_unencrypted_eapol = 0; 2130 else 2131 allow_unencrypted_eapol = 1; 2132 2133 if (wpa_driver_wext_set_psk(drv, params->psk) < 0) 2134 ret = -1; 2135 if (wpa_driver_wext_set_auth_param(drv, 2136 IW_AUTH_RX_UNENCRYPTED_EAPOL, 2137 allow_unencrypted_eapol) < 0) 2138 ret = -1; 2139 #ifdef CONFIG_IEEE80211W 2140 switch (params->mgmt_frame_protection) { 2141 case NO_MGMT_FRAME_PROTECTION: 2142 value = IW_AUTH_MFP_DISABLED; 2143 break; 2144 case MGMT_FRAME_PROTECTION_OPTIONAL: 2145 value = IW_AUTH_MFP_OPTIONAL; 2146 break; 2147 case MGMT_FRAME_PROTECTION_REQUIRED: 2148 value = IW_AUTH_MFP_REQUIRED; 2149 break; 2150 }; 2151 if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0) 2152 ret = -1; 2153 #endif /* CONFIG_IEEE80211W */ 2154 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0) 2155 ret = -1; 2156 if (!drv->cfg80211 && 2157 wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0) 2158 ret = -1; 2159 if (params->bssid && 2160 wpa_driver_wext_set_bssid(drv, params->bssid) < 0) 2161 ret = -1; 2162 if (drv->cfg80211 && 2163 wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0) 2164 ret = -1; 2165 2166 return ret; 2167 } 2168 2169 2170 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg) 2171 { 2172 struct wpa_driver_wext_data *drv = priv; 2173 int algs = 0, res; 2174 2175 if (auth_alg & WPA_AUTH_ALG_OPEN) 2176 algs |= IW_AUTH_ALG_OPEN_SYSTEM; 2177 if (auth_alg & WPA_AUTH_ALG_SHARED) 2178 algs |= IW_AUTH_ALG_SHARED_KEY; 2179 if (auth_alg & WPA_AUTH_ALG_LEAP) 2180 algs |= IW_AUTH_ALG_LEAP; 2181 if (algs == 0) { 2182 /* at least one algorithm should be set */ 2183 algs = IW_AUTH_ALG_OPEN_SYSTEM; 2184 } 2185 2186 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG, 2187 algs); 2188 drv->auth_alg_fallback = res == -2; 2189 return res; 2190 } 2191 2192 2193 /** 2194 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE 2195 * @priv: Pointer to private wext data from wpa_driver_wext_init() 2196 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS 2197 * Returns: 0 on success, -1 on failure 2198 */ 2199 int wpa_driver_wext_set_mode(void *priv, int mode) 2200 { 2201 struct wpa_driver_wext_data *drv = priv; 2202 struct iwreq iwr; 2203 int ret = -1; 2204 unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA; 2205 2206 os_memset(&iwr, 0, sizeof(iwr)); 2207 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2208 iwr.u.mode = new_mode; 2209 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) { 2210 ret = 0; 2211 goto done; 2212 } 2213 2214 if (errno != EBUSY) { 2215 perror("ioctl[SIOCSIWMODE]"); 2216 goto done; 2217 } 2218 2219 /* mac80211 doesn't allow mode changes while the device is up, so if 2220 * the device isn't in the mode we're about to change to, take device 2221 * down, try to set the mode again, and bring it back up. 2222 */ 2223 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) { 2224 perror("ioctl[SIOCGIWMODE]"); 2225 goto done; 2226 } 2227 2228 if (iwr.u.mode == new_mode) { 2229 ret = 0; 2230 goto done; 2231 } 2232 2233 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0) == 0) { 2234 /* Try to set the mode again while the interface is down */ 2235 iwr.u.mode = new_mode; 2236 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0) 2237 perror("ioctl[SIOCSIWMODE]"); 2238 else 2239 ret = 0; 2240 2241 (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1); 2242 } 2243 2244 done: 2245 return ret; 2246 } 2247 2248 2249 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv, 2250 u32 cmd, const u8 *bssid, const u8 *pmkid) 2251 { 2252 struct iwreq iwr; 2253 struct iw_pmksa pmksa; 2254 int ret = 0; 2255 2256 os_memset(&iwr, 0, sizeof(iwr)); 2257 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2258 os_memset(&pmksa, 0, sizeof(pmksa)); 2259 pmksa.cmd = cmd; 2260 pmksa.bssid.sa_family = ARPHRD_ETHER; 2261 if (bssid) 2262 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN); 2263 if (pmkid) 2264 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN); 2265 iwr.u.data.pointer = (caddr_t) &pmksa; 2266 iwr.u.data.length = sizeof(pmksa); 2267 2268 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) { 2269 if (errno != EOPNOTSUPP) 2270 perror("ioctl[SIOCSIWPMKSA]"); 2271 ret = -1; 2272 } 2273 2274 return ret; 2275 } 2276 2277 2278 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid, 2279 const u8 *pmkid) 2280 { 2281 struct wpa_driver_wext_data *drv = priv; 2282 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid); 2283 } 2284 2285 2286 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid, 2287 const u8 *pmkid) 2288 { 2289 struct wpa_driver_wext_data *drv = priv; 2290 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid); 2291 } 2292 2293 2294 static int wpa_driver_wext_flush_pmkid(void *priv) 2295 { 2296 struct wpa_driver_wext_data *drv = priv; 2297 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL); 2298 } 2299 2300 2301 int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa) 2302 { 2303 struct wpa_driver_wext_data *drv = priv; 2304 if (!drv->has_capability) 2305 return -1; 2306 os_memcpy(capa, &drv->capa, sizeof(*capa)); 2307 return 0; 2308 } 2309 2310 2311 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv, 2312 const char *ifname) 2313 { 2314 if (ifname == NULL) { 2315 drv->ifindex2 = -1; 2316 return 0; 2317 } 2318 2319 drv->ifindex2 = if_nametoindex(ifname); 2320 if (drv->ifindex2 <= 0) 2321 return -1; 2322 2323 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for " 2324 "wireless events", drv->ifindex2, ifname); 2325 2326 return 0; 2327 } 2328 2329 2330 int wpa_driver_wext_set_operstate(void *priv, int state) 2331 { 2332 struct wpa_driver_wext_data *drv = priv; 2333 2334 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 2335 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 2336 drv->operstate = state; 2337 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1, 2338 state ? IF_OPER_UP : IF_OPER_DORMANT); 2339 } 2340 2341 2342 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv) 2343 { 2344 return drv->we_version_compiled; 2345 } 2346 2347 2348 static const char * wext_get_radio_name(void *priv) 2349 { 2350 struct wpa_driver_wext_data *drv = priv; 2351 return drv->phyname; 2352 } 2353 2354 2355 #ifdef ANDROID 2356 2357 static int android_wext_cmd(struct wpa_driver_wext_data *drv, const char *cmd) 2358 { 2359 struct iwreq iwr; 2360 char buf[MAX_DRV_CMD_SIZE]; 2361 int ret; 2362 2363 os_memset(&iwr, 0, sizeof(iwr)); 2364 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2365 2366 os_memset(buf, 0, sizeof(buf)); 2367 os_strlcpy(buf, cmd, sizeof(buf)); 2368 2369 iwr.u.data.pointer = buf; 2370 iwr.u.data.length = sizeof(buf); 2371 2372 ret = ioctl(drv->ioctl_sock, SIOCSIWPRIV, &iwr); 2373 2374 if (ret < 0) { 2375 wpa_printf(MSG_ERROR, "%s failed (%d): %s", __func__, ret, 2376 cmd); 2377 drv->errors++; 2378 if (drv->errors > DRV_NUMBER_SEQUENTIAL_ERRORS) { 2379 drv->errors = 0; 2380 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE 2381 "HANGED"); 2382 } 2383 return ret; 2384 } 2385 2386 drv->errors = 0; 2387 return 0; 2388 } 2389 2390 2391 static int wext_sched_scan(void *priv, struct wpa_driver_scan_params *params, 2392 u32 interval) 2393 { 2394 struct wpa_driver_wext_data *drv = priv; 2395 struct iwreq iwr; 2396 int ret = 0, i = 0, bp; 2397 char buf[WEXT_PNO_MAX_COMMAND_SIZE]; 2398 2399 bp = WEXT_PNOSETUP_HEADER_SIZE; 2400 os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp); 2401 buf[bp++] = WEXT_PNO_TLV_PREFIX; 2402 buf[bp++] = WEXT_PNO_TLV_VERSION; 2403 buf[bp++] = WEXT_PNO_TLV_SUBVERSION; 2404 buf[bp++] = WEXT_PNO_TLV_RESERVED; 2405 2406 while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) { 2407 /* 2408 * Check that there is enough space needed for 1 more SSID, the 2409 * other sections and null termination. 2410 */ 2411 if ((bp + WEXT_PNO_SSID_HEADER_SIZE + IW_ESSID_MAX_SIZE + 2412 WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf)) 2413 break; 2414 2415 wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan", 2416 params->ssids[i].ssid, 2417 params->ssids[i].ssid_len); 2418 buf[bp++] = WEXT_PNO_SSID_SECTION; 2419 buf[bp++] = params->ssids[i].ssid_len; 2420 os_memcpy(&buf[bp], params->ssids[i].ssid, 2421 params->ssids[i].ssid_len); 2422 bp += params->ssids[i].ssid_len; 2423 i++; 2424 } 2425 2426 buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION; 2427 /* TODO: consider using interval parameter (interval in msec) instead 2428 * of hardcoded value here */ 2429 os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x", 2430 WEXT_PNO_SCAN_INTERVAL); 2431 bp += WEXT_PNO_SCAN_INTERVAL_LENGTH; 2432 2433 buf[bp++] = WEXT_PNO_REPEAT_SECTION; 2434 os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x", 2435 WEXT_PNO_REPEAT); 2436 bp += WEXT_PNO_REPEAT_LENGTH; 2437 2438 buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION; 2439 os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x", 2440 WEXT_PNO_MAX_REPEAT); 2441 bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1; 2442 2443 os_memset(&iwr, 0, sizeof(iwr)); 2444 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2445 iwr.u.data.pointer = buf; 2446 iwr.u.data.length = bp; 2447 2448 ret = ioctl(drv->ioctl_sock, SIOCSIWPRIV, &iwr); 2449 if (ret < 0) { 2450 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d", 2451 ret); 2452 drv->errors++; 2453 if (drv->errors > DRV_NUMBER_SEQUENTIAL_ERRORS) { 2454 drv->errors = 0; 2455 wpa_msg(drv->ctx, MSG_INFO, 2456 WPA_EVENT_DRIVER_STATE "HANGED"); 2457 } 2458 return ret; 2459 } 2460 2461 drv->errors = 0; 2462 drv->bgscan_enabled = 1; 2463 2464 return android_wext_cmd(drv, "PNOFORCE 1"); 2465 } 2466 2467 2468 static int wext_stop_sched_scan(void *priv) 2469 { 2470 struct wpa_driver_wext_data *drv = priv; 2471 drv->bgscan_enabled = 0; 2472 return android_wext_cmd(drv, "PNOFORCE 0"); 2473 } 2474 2475 #endif /* ANDROID */ 2476 2477 2478 const struct wpa_driver_ops wpa_driver_wext_ops = { 2479 .name = "wext", 2480 .desc = "Linux wireless extensions (generic)", 2481 .get_bssid = wpa_driver_wext_get_bssid, 2482 .get_ssid = wpa_driver_wext_get_ssid, 2483 .set_key = wpa_driver_wext_set_key, 2484 .set_countermeasures = wpa_driver_wext_set_countermeasures, 2485 .scan2 = wpa_driver_wext_scan, 2486 .get_scan_results2 = wpa_driver_wext_get_scan_results, 2487 .deauthenticate = wpa_driver_wext_deauthenticate, 2488 .disassociate = wpa_driver_wext_disassociate, 2489 .associate = wpa_driver_wext_associate, 2490 .init = wpa_driver_wext_init, 2491 .deinit = wpa_driver_wext_deinit, 2492 .add_pmkid = wpa_driver_wext_add_pmkid, 2493 .remove_pmkid = wpa_driver_wext_remove_pmkid, 2494 .flush_pmkid = wpa_driver_wext_flush_pmkid, 2495 .get_capa = wpa_driver_wext_get_capa, 2496 .set_operstate = wpa_driver_wext_set_operstate, 2497 .get_radio_name = wext_get_radio_name, 2498 #ifdef ANDROID 2499 .sched_scan = wext_sched_scan, 2500 .stop_sched_scan = wext_stop_sched_scan, 2501 #endif /* ANDROID */ 2502 }; 2503
