1 /* 2 * Driver interaction with generic Linux Wireless Extensions 3 * Copyright (c) 2003-2010, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * This file implements a driver interface for the Linux Wireless Extensions. 9 * When used with WE-18 or newer, this interface can be used as-is with number 10 * of drivers. In addition to this, some of the common functions in this file 11 * can be used by other driver interface implementations that use generic WE 12 * ioctls, but require private ioctls for some of the functionality. 13 */ 14 15 #include "includes.h" 16 #include <sys/ioctl.h> 17 #include <sys/types.h> 18 #include <sys/stat.h> 19 #include <fcntl.h> 20 #include <net/if_arp.h> 21 22 #include "linux_wext.h" 23 #include "common.h" 24 #include "eloop.h" 25 #include "common/ieee802_11_defs.h" 26 #include "common/wpa_common.h" 27 #include "priv_netlink.h" 28 #include "netlink.h" 29 #include "linux_ioctl.h" 30 #include "rfkill.h" 31 #include "driver.h" 32 #include "driver_wext.h" 33 34 #ifdef ANDROID 35 #include "android_drv.h" 36 #endif /* ANDROID */ 37 38 static int wpa_driver_wext_flush_pmkid(void *priv); 39 static int wpa_driver_wext_get_range(void *priv); 40 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv); 41 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv); 42 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg); 43 44 45 int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv, 46 int idx, u32 value) 47 { 48 struct iwreq iwr; 49 int ret = 0; 50 51 os_memset(&iwr, 0, sizeof(iwr)); 52 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 53 iwr.u.param.flags = idx & IW_AUTH_INDEX; 54 iwr.u.param.value = value; 55 56 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) { 57 if (errno != EOPNOTSUPP) { 58 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d " 59 "value 0x%x) failed: %s)", 60 idx, value, strerror(errno)); 61 } 62 ret = errno == EOPNOTSUPP ? -2 : -1; 63 } 64 65 return ret; 66 } 67 68 69 /** 70 * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP 71 * @priv: Pointer to private wext data from wpa_driver_wext_init() 72 * @bssid: Buffer for BSSID 73 * Returns: 0 on success, -1 on failure 74 */ 75 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid) 76 { 77 struct wpa_driver_wext_data *drv = priv; 78 struct iwreq iwr; 79 int ret = 0; 80 81 os_memset(&iwr, 0, sizeof(iwr)); 82 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 83 84 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) { 85 perror("ioctl[SIOCGIWAP]"); 86 ret = -1; 87 } 88 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN); 89 90 return ret; 91 } 92 93 94 /** 95 * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP 96 * @priv: Pointer to private wext data from wpa_driver_wext_init() 97 * @bssid: BSSID 98 * Returns: 0 on success, -1 on failure 99 */ 100 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid) 101 { 102 struct wpa_driver_wext_data *drv = priv; 103 struct iwreq iwr; 104 int ret = 0; 105 106 os_memset(&iwr, 0, sizeof(iwr)); 107 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 108 iwr.u.ap_addr.sa_family = ARPHRD_ETHER; 109 if (bssid) 110 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN); 111 else 112 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN); 113 114 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) { 115 perror("ioctl[SIOCSIWAP]"); 116 ret = -1; 117 } 118 119 return ret; 120 } 121 122 123 /** 124 * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID 125 * @priv: Pointer to private wext data from wpa_driver_wext_init() 126 * @ssid: Buffer for the SSID; must be at least 32 bytes long 127 * Returns: SSID length on success, -1 on failure 128 */ 129 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid) 130 { 131 struct wpa_driver_wext_data *drv = priv; 132 struct iwreq iwr; 133 int ret = 0; 134 135 os_memset(&iwr, 0, sizeof(iwr)); 136 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 137 iwr.u.essid.pointer = (caddr_t) ssid; 138 iwr.u.essid.length = 32; 139 140 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) { 141 perror("ioctl[SIOCGIWESSID]"); 142 ret = -1; 143 } else { 144 ret = iwr.u.essid.length; 145 if (ret > 32) 146 ret = 32; 147 /* Some drivers include nul termination in the SSID, so let's 148 * remove it here before further processing. WE-21 changes this 149 * to explicitly require the length _not_ to include nul 150 * termination. */ 151 if (ret > 0 && ssid[ret - 1] == '\0' && 152 drv->we_version_compiled < 21) 153 ret--; 154 } 155 156 return ret; 157 } 158 159 160 /** 161 * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID 162 * @priv: Pointer to private wext data from wpa_driver_wext_init() 163 * @ssid: SSID 164 * @ssid_len: Length of SSID (0..32) 165 * Returns: 0 on success, -1 on failure 166 */ 167 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len) 168 { 169 struct wpa_driver_wext_data *drv = priv; 170 struct iwreq iwr; 171 int ret = 0; 172 char buf[33]; 173 174 if (ssid_len > 32) 175 return -1; 176 177 os_memset(&iwr, 0, sizeof(iwr)); 178 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 179 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */ 180 iwr.u.essid.flags = (ssid_len != 0); 181 os_memset(buf, 0, sizeof(buf)); 182 os_memcpy(buf, ssid, ssid_len); 183 iwr.u.essid.pointer = (caddr_t) buf; 184 if (drv->we_version_compiled < 21) { 185 /* For historic reasons, set SSID length to include one extra 186 * character, C string nul termination, even though SSID is 187 * really an octet string that should not be presented as a C 188 * string. Some Linux drivers decrement the length by one and 189 * can thus end up missing the last octet of the SSID if the 190 * length is not incremented here. WE-21 changes this to 191 * explicitly require the length _not_ to include nul 192 * termination. */ 193 if (ssid_len) 194 ssid_len++; 195 } 196 iwr.u.essid.length = ssid_len; 197 198 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) { 199 perror("ioctl[SIOCSIWESSID]"); 200 ret = -1; 201 } 202 203 return ret; 204 } 205 206 207 /** 208 * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ 209 * @priv: Pointer to private wext data from wpa_driver_wext_init() 210 * @freq: Frequency in MHz 211 * Returns: 0 on success, -1 on failure 212 */ 213 int wpa_driver_wext_set_freq(void *priv, int freq) 214 { 215 struct wpa_driver_wext_data *drv = priv; 216 struct iwreq iwr; 217 int ret = 0; 218 219 os_memset(&iwr, 0, sizeof(iwr)); 220 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 221 iwr.u.freq.m = freq * 100000; 222 iwr.u.freq.e = 1; 223 224 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) { 225 perror("ioctl[SIOCSIWFREQ]"); 226 ret = -1; 227 } 228 229 return ret; 230 } 231 232 233 static void 234 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom) 235 { 236 union wpa_event_data data; 237 238 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'", 239 custom); 240 241 os_memset(&data, 0, sizeof(data)); 242 /* Host AP driver */ 243 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) { 244 data.michael_mic_failure.unicast = 245 os_strstr(custom, " unicast ") != NULL; 246 /* TODO: parse parameters(?) */ 247 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 248 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) { 249 char *spos; 250 int bytes; 251 u8 *req_ies = NULL, *resp_ies = NULL; 252 253 spos = custom + 17; 254 255 bytes = strspn(spos, "0123456789abcdefABCDEF"); 256 if (!bytes || (bytes & 1)) 257 return; 258 bytes /= 2; 259 260 req_ies = os_malloc(bytes); 261 if (req_ies == NULL || 262 hexstr2bin(spos, req_ies, bytes) < 0) 263 goto done; 264 data.assoc_info.req_ies = req_ies; 265 data.assoc_info.req_ies_len = bytes; 266 267 spos += bytes * 2; 268 269 data.assoc_info.resp_ies = NULL; 270 data.assoc_info.resp_ies_len = 0; 271 272 if (os_strncmp(spos, " RespIEs=", 9) == 0) { 273 spos += 9; 274 275 bytes = strspn(spos, "0123456789abcdefABCDEF"); 276 if (!bytes || (bytes & 1)) 277 goto done; 278 bytes /= 2; 279 280 resp_ies = os_malloc(bytes); 281 if (resp_ies == NULL || 282 hexstr2bin(spos, resp_ies, bytes) < 0) 283 goto done; 284 data.assoc_info.resp_ies = resp_ies; 285 data.assoc_info.resp_ies_len = bytes; 286 } 287 288 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data); 289 290 done: 291 os_free(resp_ies); 292 os_free(req_ies); 293 #ifdef CONFIG_PEERKEY 294 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) { 295 if (hwaddr_aton(custom + 17, data.stkstart.peer)) { 296 wpa_printf(MSG_DEBUG, "WEXT: unrecognized " 297 "STKSTART.request '%s'", custom + 17); 298 return; 299 } 300 wpa_supplicant_event(ctx, EVENT_STKSTART, &data); 301 #endif /* CONFIG_PEERKEY */ 302 #ifdef ANDROID 303 } else if (os_strncmp(custom, "STOP", 4) == 0) { 304 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STOPPED"); 305 } else if (os_strncmp(custom, "START", 5) == 0) { 306 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "STARTED"); 307 } else if (os_strncmp(custom, "HANG", 4) == 0) { 308 wpa_msg(ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED"); 309 #endif /* ANDROID */ 310 } 311 } 312 313 314 static int wpa_driver_wext_event_wireless_michaelmicfailure( 315 void *ctx, const char *ev, size_t len) 316 { 317 const struct iw_michaelmicfailure *mic; 318 union wpa_event_data data; 319 320 if (len < sizeof(*mic)) 321 return -1; 322 323 mic = (const struct iw_michaelmicfailure *) ev; 324 325 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: " 326 "flags=0x%x src_addr=" MACSTR, mic->flags, 327 MAC2STR(mic->src_addr.sa_data)); 328 329 os_memset(&data, 0, sizeof(data)); 330 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP); 331 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 332 333 return 0; 334 } 335 336 337 static int wpa_driver_wext_event_wireless_pmkidcand( 338 struct wpa_driver_wext_data *drv, const char *ev, size_t len) 339 { 340 const struct iw_pmkid_cand *cand; 341 union wpa_event_data data; 342 const u8 *addr; 343 344 if (len < sizeof(*cand)) 345 return -1; 346 347 cand = (const struct iw_pmkid_cand *) ev; 348 addr = (const u8 *) cand->bssid.sa_data; 349 350 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: " 351 "flags=0x%x index=%d bssid=" MACSTR, cand->flags, 352 cand->index, MAC2STR(addr)); 353 354 os_memset(&data, 0, sizeof(data)); 355 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN); 356 data.pmkid_candidate.index = cand->index; 357 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH; 358 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 359 360 return 0; 361 } 362 363 364 static int wpa_driver_wext_event_wireless_assocreqie( 365 struct wpa_driver_wext_data *drv, const char *ev, int len) 366 { 367 if (len < 0) 368 return -1; 369 370 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev, 371 len); 372 os_free(drv->assoc_req_ies); 373 drv->assoc_req_ies = os_malloc(len); 374 if (drv->assoc_req_ies == NULL) { 375 drv->assoc_req_ies_len = 0; 376 return -1; 377 } 378 os_memcpy(drv->assoc_req_ies, ev, len); 379 drv->assoc_req_ies_len = len; 380 381 return 0; 382 } 383 384 385 static int wpa_driver_wext_event_wireless_assocrespie( 386 struct wpa_driver_wext_data *drv, const char *ev, int len) 387 { 388 if (len < 0) 389 return -1; 390 391 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev, 392 len); 393 os_free(drv->assoc_resp_ies); 394 drv->assoc_resp_ies = os_malloc(len); 395 if (drv->assoc_resp_ies == NULL) { 396 drv->assoc_resp_ies_len = 0; 397 return -1; 398 } 399 os_memcpy(drv->assoc_resp_ies, ev, len); 400 drv->assoc_resp_ies_len = len; 401 402 return 0; 403 } 404 405 406 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv) 407 { 408 union wpa_event_data data; 409 410 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL) 411 return; 412 413 os_memset(&data, 0, sizeof(data)); 414 if (drv->assoc_req_ies) { 415 data.assoc_info.req_ies = drv->assoc_req_ies; 416 data.assoc_info.req_ies_len = drv->assoc_req_ies_len; 417 } 418 if (drv->assoc_resp_ies) { 419 data.assoc_info.resp_ies = drv->assoc_resp_ies; 420 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len; 421 } 422 423 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data); 424 425 os_free(drv->assoc_req_ies); 426 drv->assoc_req_ies = NULL; 427 os_free(drv->assoc_resp_ies); 428 drv->assoc_resp_ies = NULL; 429 } 430 431 432 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv, 433 char *data, int len) 434 { 435 struct iw_event iwe_buf, *iwe = &iwe_buf; 436 char *pos, *end, *custom, *buf; 437 438 pos = data; 439 end = data + len; 440 441 while (pos + IW_EV_LCP_LEN <= end) { 442 /* Event data may be unaligned, so make a local, aligned copy 443 * before processing. */ 444 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN); 445 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d", 446 iwe->cmd, iwe->len); 447 if (iwe->len <= IW_EV_LCP_LEN) 448 return; 449 450 custom = pos + IW_EV_POINT_LEN; 451 if (drv->we_version_compiled > 18 && 452 (iwe->cmd == IWEVMICHAELMICFAILURE || 453 iwe->cmd == IWEVCUSTOM || 454 iwe->cmd == IWEVASSOCREQIE || 455 iwe->cmd == IWEVASSOCRESPIE || 456 iwe->cmd == IWEVPMKIDCAND)) { 457 /* WE-19 removed the pointer from struct iw_point */ 458 char *dpos = (char *) &iwe_buf.u.data.length; 459 int dlen = dpos - (char *) &iwe_buf; 460 os_memcpy(dpos, pos + IW_EV_LCP_LEN, 461 sizeof(struct iw_event) - dlen); 462 } else { 463 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event)); 464 custom += IW_EV_POINT_OFF; 465 } 466 467 switch (iwe->cmd) { 468 case SIOCGIWAP: 469 wpa_printf(MSG_DEBUG, "Wireless event: new AP: " 470 MACSTR, 471 MAC2STR((u8 *) iwe->u.ap_addr.sa_data)); 472 if (is_zero_ether_addr( 473 (const u8 *) iwe->u.ap_addr.sa_data) || 474 os_memcmp(iwe->u.ap_addr.sa_data, 475 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) == 476 0) { 477 os_free(drv->assoc_req_ies); 478 drv->assoc_req_ies = NULL; 479 os_free(drv->assoc_resp_ies); 480 drv->assoc_resp_ies = NULL; 481 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, 482 NULL); 483 484 } else { 485 wpa_driver_wext_event_assoc_ies(drv); 486 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, 487 NULL); 488 } 489 break; 490 case IWEVMICHAELMICFAILURE: 491 if (custom + iwe->u.data.length > end) { 492 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 493 "IWEVMICHAELMICFAILURE length"); 494 return; 495 } 496 wpa_driver_wext_event_wireless_michaelmicfailure( 497 drv->ctx, custom, iwe->u.data.length); 498 break; 499 case IWEVCUSTOM: 500 if (custom + iwe->u.data.length > end) { 501 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 502 "IWEVCUSTOM length"); 503 return; 504 } 505 buf = dup_binstr(custom, iwe->u.data.length); 506 if (buf == NULL) 507 return; 508 wpa_driver_wext_event_wireless_custom(drv->ctx, buf); 509 os_free(buf); 510 break; 511 case SIOCGIWSCAN: 512 drv->scan_complete_events = 1; 513 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, 514 drv, drv->ctx); 515 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, 516 NULL); 517 break; 518 case IWEVASSOCREQIE: 519 if (custom + iwe->u.data.length > end) { 520 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 521 "IWEVASSOCREQIE length"); 522 return; 523 } 524 wpa_driver_wext_event_wireless_assocreqie( 525 drv, custom, iwe->u.data.length); 526 break; 527 case IWEVASSOCRESPIE: 528 if (custom + iwe->u.data.length > end) { 529 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 530 "IWEVASSOCRESPIE length"); 531 return; 532 } 533 wpa_driver_wext_event_wireless_assocrespie( 534 drv, custom, iwe->u.data.length); 535 break; 536 case IWEVPMKIDCAND: 537 if (custom + iwe->u.data.length > end) { 538 wpa_printf(MSG_DEBUG, "WEXT: Invalid " 539 "IWEVPMKIDCAND length"); 540 return; 541 } 542 wpa_driver_wext_event_wireless_pmkidcand( 543 drv, custom, iwe->u.data.length); 544 break; 545 } 546 547 pos += iwe->len; 548 } 549 } 550 551 552 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv, 553 char *buf, size_t len, int del) 554 { 555 union wpa_event_data event; 556 557 os_memset(&event, 0, sizeof(event)); 558 if (len > sizeof(event.interface_status.ifname)) 559 len = sizeof(event.interface_status.ifname) - 1; 560 os_memcpy(event.interface_status.ifname, buf, len); 561 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 562 EVENT_INTERFACE_ADDED; 563 564 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 565 del ? "DEL" : "NEW", 566 event.interface_status.ifname, 567 del ? "removed" : "added"); 568 569 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) { 570 if (del) { 571 if (drv->if_removed) { 572 wpa_printf(MSG_DEBUG, "WEXT: if_removed " 573 "already set - ignore event"); 574 return; 575 } 576 drv->if_removed = 1; 577 } else { 578 if (if_nametoindex(drv->ifname) == 0) { 579 wpa_printf(MSG_DEBUG, "WEXT: Interface %s " 580 "does not exist - ignore " 581 "RTM_NEWLINK", 582 drv->ifname); 583 return; 584 } 585 if (!drv->if_removed) { 586 wpa_printf(MSG_DEBUG, "WEXT: if_removed " 587 "already cleared - ignore event"); 588 return; 589 } 590 drv->if_removed = 0; 591 } 592 } 593 594 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 595 } 596 597 598 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv, 599 u8 *buf, size_t len) 600 { 601 int attrlen, rta_len; 602 struct rtattr *attr; 603 604 attrlen = len; 605 attr = (struct rtattr *) buf; 606 607 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 608 while (RTA_OK(attr, attrlen)) { 609 if (attr->rta_type == IFLA_IFNAME) { 610 if (os_strcmp(((char *) attr) + rta_len, drv->ifname) 611 == 0) 612 return 1; 613 else 614 break; 615 } 616 attr = RTA_NEXT(attr, attrlen); 617 } 618 619 return 0; 620 } 621 622 623 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv, 624 int ifindex, u8 *buf, size_t len) 625 { 626 if (drv->ifindex == ifindex || drv->ifindex2 == ifindex) 627 return 1; 628 629 if (drv->if_removed && wpa_driver_wext_own_ifname(drv, buf, len)) { 630 drv->ifindex = if_nametoindex(drv->ifname); 631 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed " 632 "interface"); 633 wpa_driver_wext_finish_drv_init(drv); 634 return 1; 635 } 636 637 return 0; 638 } 639 640 641 static void wpa_driver_wext_event_rtm_newlink(void *ctx, struct ifinfomsg *ifi, 642 u8 *buf, size_t len) 643 { 644 struct wpa_driver_wext_data *drv = ctx; 645 int attrlen, rta_len; 646 struct rtattr *attr; 647 char namebuf[IFNAMSIZ]; 648 649 if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, buf, len)) { 650 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d", 651 ifi->ifi_index); 652 return; 653 } 654 655 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 656 "(%s%s%s%s)", 657 drv->operstate, ifi->ifi_flags, 658 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 659 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 660 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 661 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 662 663 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 664 wpa_printf(MSG_DEBUG, "WEXT: Interface down"); 665 drv->if_disabled = 1; 666 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL); 667 } 668 669 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 670 if (if_indextoname(ifi->ifi_index, namebuf) && 671 linux_iface_up(drv->ioctl_sock, drv->ifname) == 0) { 672 wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up " 673 "event since interface %s is down", 674 namebuf); 675 } else if (if_nametoindex(drv->ifname) == 0) { 676 wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up " 677 "event since interface %s does not exist", 678 drv->ifname); 679 } else if (drv->if_removed) { 680 wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up " 681 "event since interface %s is marked " 682 "removed", drv->ifname); 683 } else { 684 wpa_printf(MSG_DEBUG, "WEXT: Interface up"); 685 drv->if_disabled = 0; 686 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, 687 NULL); 688 } 689 } 690 691 /* 692 * Some drivers send the association event before the operup event--in 693 * this case, lifting operstate in wpa_driver_wext_set_operstate() 694 * fails. This will hit us when wpa_supplicant does not need to do 695 * IEEE 802.1X authentication 696 */ 697 if (drv->operstate == 1 && 698 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 699 !(ifi->ifi_flags & IFF_RUNNING)) 700 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 701 -1, IF_OPER_UP); 702 703 attrlen = len; 704 attr = (struct rtattr *) buf; 705 706 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 707 while (RTA_OK(attr, attrlen)) { 708 if (attr->rta_type == IFLA_WIRELESS) { 709 wpa_driver_wext_event_wireless( 710 drv, ((char *) attr) + rta_len, 711 attr->rta_len - rta_len); 712 } else if (attr->rta_type == IFLA_IFNAME) { 713 wpa_driver_wext_event_link(drv, 714 ((char *) attr) + rta_len, 715 attr->rta_len - rta_len, 0); 716 } 717 attr = RTA_NEXT(attr, attrlen); 718 } 719 } 720 721 722 static void wpa_driver_wext_event_rtm_dellink(void *ctx, struct ifinfomsg *ifi, 723 u8 *buf, size_t len) 724 { 725 struct wpa_driver_wext_data *drv = ctx; 726 int attrlen, rta_len; 727 struct rtattr *attr; 728 729 attrlen = len; 730 attr = (struct rtattr *) buf; 731 732 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 733 while (RTA_OK(attr, attrlen)) { 734 if (attr->rta_type == IFLA_IFNAME) { 735 wpa_driver_wext_event_link(drv, 736 ((char *) attr) + rta_len, 737 attr->rta_len - rta_len, 1); 738 } 739 attr = RTA_NEXT(attr, attrlen); 740 } 741 } 742 743 744 static void wpa_driver_wext_rfkill_blocked(void *ctx) 745 { 746 wpa_printf(MSG_DEBUG, "WEXT: RFKILL blocked"); 747 /* 748 * This may be for any interface; use ifdown event to disable 749 * interface. 750 */ 751 } 752 753 754 static void wpa_driver_wext_rfkill_unblocked(void *ctx) 755 { 756 struct wpa_driver_wext_data *drv = ctx; 757 wpa_printf(MSG_DEBUG, "WEXT: RFKILL unblocked"); 758 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1)) { 759 wpa_printf(MSG_DEBUG, "WEXT: Could not set interface UP " 760 "after rfkill unblock"); 761 return; 762 } 763 /* rtnetlink ifup handler will report interface as enabled */ 764 } 765 766 767 static void wext_get_phy_name(struct wpa_driver_wext_data *drv) 768 { 769 /* Find phy (radio) to which this interface belongs */ 770 char buf[90], *pos; 771 int f, rv; 772 773 drv->phyname[0] = '\0'; 774 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name", 775 drv->ifname); 776 f = open(buf, O_RDONLY); 777 if (f < 0) { 778 wpa_printf(MSG_DEBUG, "Could not open file %s: %s", 779 buf, strerror(errno)); 780 return; 781 } 782 783 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1); 784 close(f); 785 if (rv < 0) { 786 wpa_printf(MSG_DEBUG, "Could not read file %s: %s", 787 buf, strerror(errno)); 788 return; 789 } 790 791 drv->phyname[rv] = '\0'; 792 pos = os_strchr(drv->phyname, '\n'); 793 if (pos) 794 *pos = '\0'; 795 wpa_printf(MSG_DEBUG, "wext: interface %s phy: %s", 796 drv->ifname, drv->phyname); 797 } 798 799 800 /** 801 * wpa_driver_wext_init - Initialize WE driver interface 802 * @ctx: context to be used when calling wpa_supplicant functions, 803 * e.g., wpa_supplicant_event() 804 * @ifname: interface name, e.g., wlan0 805 * Returns: Pointer to private data, %NULL on failure 806 */ 807 void * wpa_driver_wext_init(void *ctx, const char *ifname) 808 { 809 struct wpa_driver_wext_data *drv; 810 struct netlink_config *cfg; 811 struct rfkill_config *rcfg; 812 char path[128]; 813 struct stat buf; 814 815 drv = os_zalloc(sizeof(*drv)); 816 if (drv == NULL) 817 return NULL; 818 drv->ctx = ctx; 819 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname)); 820 821 os_snprintf(path, sizeof(path), "/sys/class/net/%s/phy80211", ifname); 822 if (stat(path, &buf) == 0) { 823 wpa_printf(MSG_DEBUG, "WEXT: cfg80211-based driver detected"); 824 drv->cfg80211 = 1; 825 wext_get_phy_name(drv); 826 } 827 828 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 829 if (drv->ioctl_sock < 0) { 830 perror("socket(PF_INET,SOCK_DGRAM)"); 831 goto err1; 832 } 833 834 cfg = os_zalloc(sizeof(*cfg)); 835 if (cfg == NULL) 836 goto err1; 837 cfg->ctx = drv; 838 cfg->newlink_cb = wpa_driver_wext_event_rtm_newlink; 839 cfg->dellink_cb = wpa_driver_wext_event_rtm_dellink; 840 drv->netlink = netlink_init(cfg); 841 if (drv->netlink == NULL) { 842 os_free(cfg); 843 goto err2; 844 } 845 846 rcfg = os_zalloc(sizeof(*rcfg)); 847 if (rcfg == NULL) 848 goto err3; 849 rcfg->ctx = drv; 850 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 851 rcfg->blocked_cb = wpa_driver_wext_rfkill_blocked; 852 rcfg->unblocked_cb = wpa_driver_wext_rfkill_unblocked; 853 drv->rfkill = rfkill_init(rcfg); 854 if (drv->rfkill == NULL) { 855 wpa_printf(MSG_DEBUG, "WEXT: RFKILL status not available"); 856 os_free(rcfg); 857 } 858 859 drv->mlme_sock = -1; 860 861 #ifdef ANDROID 862 drv->errors = 0; 863 drv->driver_is_started = TRUE; 864 drv->bgscan_enabled = 0; 865 #endif /* ANDROID */ 866 867 if (wpa_driver_wext_finish_drv_init(drv) < 0) 868 goto err3; 869 870 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 1); 871 872 return drv; 873 874 err3: 875 rfkill_deinit(drv->rfkill); 876 netlink_deinit(drv->netlink); 877 err2: 878 close(drv->ioctl_sock); 879 err1: 880 os_free(drv); 881 return NULL; 882 } 883 884 885 static void wpa_driver_wext_send_rfkill(void *eloop_ctx, void *timeout_ctx) 886 { 887 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 888 } 889 890 891 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv) 892 { 893 int send_rfkill_event = 0; 894 895 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1) < 0) { 896 if (rfkill_is_blocked(drv->rfkill)) { 897 wpa_printf(MSG_DEBUG, "WEXT: Could not yet enable " 898 "interface '%s' due to rfkill", 899 drv->ifname); 900 drv->if_disabled = 1; 901 send_rfkill_event = 1; 902 } else { 903 wpa_printf(MSG_ERROR, "WEXT: Could not set " 904 "interface '%s' UP", drv->ifname); 905 return -1; 906 } 907 } 908 909 /* 910 * Make sure that the driver does not have any obsolete PMKID entries. 911 */ 912 wpa_driver_wext_flush_pmkid(drv); 913 914 if (wpa_driver_wext_set_mode(drv, 0) < 0) { 915 wpa_printf(MSG_DEBUG, "Could not configure driver to use " 916 "managed mode"); 917 /* Try to use it anyway */ 918 } 919 920 wpa_driver_wext_get_range(drv); 921 922 /* 923 * Unlock the driver's BSSID and force to a random SSID to clear any 924 * previous association the driver might have when the supplicant 925 * starts up. 926 */ 927 wpa_driver_wext_disconnect(drv); 928 929 drv->ifindex = if_nametoindex(drv->ifname); 930 931 if (os_strncmp(drv->ifname, "wlan", 4) == 0) { 932 /* 933 * Host AP driver may use both wlan# and wifi# interface in 934 * wireless events. Since some of the versions included WE-18 935 * support, let's add the alternative ifindex also from 936 * driver_wext.c for the time being. This may be removed at 937 * some point once it is believed that old versions of the 938 * driver are not in use anymore. 939 */ 940 char ifname2[IFNAMSIZ + 1]; 941 os_strlcpy(ifname2, drv->ifname, sizeof(ifname2)); 942 os_memcpy(ifname2, "wifi", 4); 943 wpa_driver_wext_alternative_ifindex(drv, ifname2); 944 } 945 946 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 947 1, IF_OPER_DORMANT); 948 949 if (send_rfkill_event) { 950 eloop_register_timeout(0, 0, wpa_driver_wext_send_rfkill, 951 drv, drv->ctx); 952 } 953 954 return 0; 955 } 956 957 958 /** 959 * wpa_driver_wext_deinit - Deinitialize WE driver interface 960 * @priv: Pointer to private wext data from wpa_driver_wext_init() 961 * 962 * Shut down driver interface and processing of driver events. Free 963 * private data buffer if one was allocated in wpa_driver_wext_init(). 964 */ 965 void wpa_driver_wext_deinit(void *priv) 966 { 967 struct wpa_driver_wext_data *drv = priv; 968 969 wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 0); 970 971 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx); 972 973 /* 974 * Clear possibly configured driver parameters in order to make it 975 * easier to use the driver after wpa_supplicant has been terminated. 976 */ 977 wpa_driver_wext_disconnect(drv); 978 979 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP); 980 netlink_deinit(drv->netlink); 981 rfkill_deinit(drv->rfkill); 982 983 if (drv->mlme_sock >= 0) 984 eloop_unregister_read_sock(drv->mlme_sock); 985 986 (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0); 987 988 close(drv->ioctl_sock); 989 if (drv->mlme_sock >= 0) 990 close(drv->mlme_sock); 991 os_free(drv->assoc_req_ies); 992 os_free(drv->assoc_resp_ies); 993 os_free(drv); 994 } 995 996 997 /** 998 * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion 999 * @eloop_ctx: Unused 1000 * @timeout_ctx: ctx argument given to wpa_driver_wext_init() 1001 * 1002 * This function can be used as registered timeout when starting a scan to 1003 * generate a scan completed event if the driver does not report this. 1004 */ 1005 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx) 1006 { 1007 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 1008 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 1009 } 1010 1011 1012 /** 1013 * wpa_driver_wext_scan - Request the driver to initiate scan 1014 * @priv: Pointer to private wext data from wpa_driver_wext_init() 1015 * @param: Scan parameters (specific SSID to scan for (ProbeReq), etc.) 1016 * Returns: 0 on success, -1 on failure 1017 */ 1018 int wpa_driver_wext_scan(void *priv, struct wpa_driver_scan_params *params) 1019 { 1020 struct wpa_driver_wext_data *drv = priv; 1021 struct iwreq iwr; 1022 int ret = 0, timeout; 1023 struct iw_scan_req req; 1024 const u8 *ssid = params->ssids[0].ssid; 1025 size_t ssid_len = params->ssids[0].ssid_len; 1026 1027 if (ssid_len > IW_ESSID_MAX_SIZE) { 1028 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)", 1029 __FUNCTION__, (unsigned long) ssid_len); 1030 return -1; 1031 } 1032 1033 os_memset(&iwr, 0, sizeof(iwr)); 1034 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1035 1036 if (ssid && ssid_len) { 1037 os_memset(&req, 0, sizeof(req)); 1038 req.essid_len = ssid_len; 1039 req.bssid.sa_family = ARPHRD_ETHER; 1040 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN); 1041 os_memcpy(req.essid, ssid, ssid_len); 1042 iwr.u.data.pointer = (caddr_t) &req; 1043 iwr.u.data.length = sizeof(req); 1044 iwr.u.data.flags = IW_SCAN_THIS_ESSID; 1045 } 1046 1047 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) { 1048 perror("ioctl[SIOCSIWSCAN]"); 1049 ret = -1; 1050 } 1051 1052 /* Not all drivers generate "scan completed" wireless event, so try to 1053 * read results after a timeout. */ 1054 timeout = 10; 1055 if (drv->scan_complete_events) { 1056 /* 1057 * The driver seems to deliver SIOCGIWSCAN events to notify 1058 * when scan is complete, so use longer timeout to avoid race 1059 * conditions with scanning and following association request. 1060 */ 1061 timeout = 30; 1062 } 1063 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 1064 "seconds", ret, timeout); 1065 eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx); 1066 eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv, 1067 drv->ctx); 1068 1069 return ret; 1070 } 1071 1072 1073 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv, 1074 size_t *len) 1075 { 1076 struct iwreq iwr; 1077 u8 *res_buf; 1078 size_t res_buf_len; 1079 1080 res_buf_len = IW_SCAN_MAX_DATA; 1081 for (;;) { 1082 res_buf = os_malloc(res_buf_len); 1083 if (res_buf == NULL) 1084 return NULL; 1085 os_memset(&iwr, 0, sizeof(iwr)); 1086 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1087 iwr.u.data.pointer = res_buf; 1088 iwr.u.data.length = res_buf_len; 1089 1090 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0) 1091 break; 1092 1093 if (errno == E2BIG && res_buf_len < 65535) { 1094 os_free(res_buf); 1095 res_buf = NULL; 1096 res_buf_len *= 2; 1097 if (res_buf_len > 65535) 1098 res_buf_len = 65535; /* 16-bit length field */ 1099 wpa_printf(MSG_DEBUG, "Scan results did not fit - " 1100 "trying larger buffer (%lu bytes)", 1101 (unsigned long) res_buf_len); 1102 } else { 1103 perror("ioctl[SIOCGIWSCAN]"); 1104 os_free(res_buf); 1105 return NULL; 1106 } 1107 } 1108 1109 if (iwr.u.data.length > res_buf_len) { 1110 os_free(res_buf); 1111 return NULL; 1112 } 1113 *len = iwr.u.data.length; 1114 1115 return res_buf; 1116 } 1117 1118 1119 /* 1120 * Data structure for collecting WEXT scan results. This is needed to allow 1121 * the various methods of reporting IEs to be combined into a single IE buffer. 1122 */ 1123 struct wext_scan_data { 1124 struct wpa_scan_res res; 1125 u8 *ie; 1126 size_t ie_len; 1127 u8 ssid[32]; 1128 size_t ssid_len; 1129 int maxrate; 1130 }; 1131 1132 1133 static void wext_get_scan_mode(struct iw_event *iwe, 1134 struct wext_scan_data *res) 1135 { 1136 if (iwe->u.mode == IW_MODE_ADHOC) 1137 res->res.caps |= IEEE80211_CAP_IBSS; 1138 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA) 1139 res->res.caps |= IEEE80211_CAP_ESS; 1140 } 1141 1142 1143 static void wext_get_scan_ssid(struct iw_event *iwe, 1144 struct wext_scan_data *res, char *custom, 1145 char *end) 1146 { 1147 int ssid_len = iwe->u.essid.length; 1148 if (custom + ssid_len > end) 1149 return; 1150 if (iwe->u.essid.flags && 1151 ssid_len > 0 && 1152 ssid_len <= IW_ESSID_MAX_SIZE) { 1153 os_memcpy(res->ssid, custom, ssid_len); 1154 res->ssid_len = ssid_len; 1155 } 1156 } 1157 1158 1159 static void wext_get_scan_freq(struct iw_event *iwe, 1160 struct wext_scan_data *res) 1161 { 1162 int divi = 1000000, i; 1163 1164 if (iwe->u.freq.e == 0) { 1165 /* 1166 * Some drivers do not report frequency, but a channel. 1167 * Try to map this to frequency by assuming they are using 1168 * IEEE 802.11b/g. But don't overwrite a previously parsed 1169 * frequency if the driver sends both frequency and channel, 1170 * since the driver may be sending an A-band channel that we 1171 * don't handle here. 1172 */ 1173 1174 if (res->res.freq) 1175 return; 1176 1177 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) { 1178 res->res.freq = 2407 + 5 * iwe->u.freq.m; 1179 return; 1180 } else if (iwe->u.freq.m == 14) { 1181 res->res.freq = 2484; 1182 return; 1183 } 1184 } 1185 1186 if (iwe->u.freq.e > 6) { 1187 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID=" 1188 MACSTR " m=%d e=%d)", 1189 MAC2STR(res->res.bssid), iwe->u.freq.m, 1190 iwe->u.freq.e); 1191 return; 1192 } 1193 1194 for (i = 0; i < iwe->u.freq.e; i++) 1195 divi /= 10; 1196 res->res.freq = iwe->u.freq.m / divi; 1197 } 1198 1199 1200 static void wext_get_scan_qual(struct wpa_driver_wext_data *drv, 1201 struct iw_event *iwe, 1202 struct wext_scan_data *res) 1203 { 1204 res->res.qual = iwe->u.qual.qual; 1205 res->res.noise = iwe->u.qual.noise; 1206 res->res.level = iwe->u.qual.level; 1207 if (iwe->u.qual.updated & IW_QUAL_QUAL_INVALID) 1208 res->res.flags |= WPA_SCAN_QUAL_INVALID; 1209 if (iwe->u.qual.updated & IW_QUAL_LEVEL_INVALID) 1210 res->res.flags |= WPA_SCAN_LEVEL_INVALID; 1211 if (iwe->u.qual.updated & IW_QUAL_NOISE_INVALID) 1212 res->res.flags |= WPA_SCAN_NOISE_INVALID; 1213 if (iwe->u.qual.updated & IW_QUAL_DBM) 1214 res->res.flags |= WPA_SCAN_LEVEL_DBM; 1215 if ((iwe->u.qual.updated & IW_QUAL_DBM) || 1216 ((iwe->u.qual.level != 0) && 1217 (iwe->u.qual.level > drv->max_level))) { 1218 if (iwe->u.qual.level >= 64) 1219 res->res.level -= 0x100; 1220 if (iwe->u.qual.noise >= 64) 1221 res->res.noise -= 0x100; 1222 } 1223 } 1224 1225 1226 static void wext_get_scan_encode(struct iw_event *iwe, 1227 struct wext_scan_data *res) 1228 { 1229 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED)) 1230 res->res.caps |= IEEE80211_CAP_PRIVACY; 1231 } 1232 1233 1234 static void wext_get_scan_rate(struct iw_event *iwe, 1235 struct wext_scan_data *res, char *pos, 1236 char *end) 1237 { 1238 int maxrate; 1239 char *custom = pos + IW_EV_LCP_LEN; 1240 struct iw_param p; 1241 size_t clen; 1242 1243 clen = iwe->len; 1244 if (custom + clen > end) 1245 return; 1246 maxrate = 0; 1247 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) { 1248 /* Note: may be misaligned, make a local, aligned copy */ 1249 os_memcpy(&p, custom, sizeof(struct iw_param)); 1250 if (p.value > maxrate) 1251 maxrate = p.value; 1252 clen -= sizeof(struct iw_param); 1253 custom += sizeof(struct iw_param); 1254 } 1255 1256 /* Convert the maxrate from WE-style (b/s units) to 1257 * 802.11 rates (500000 b/s units). 1258 */ 1259 res->maxrate = maxrate / 500000; 1260 } 1261 1262 1263 static void wext_get_scan_iwevgenie(struct iw_event *iwe, 1264 struct wext_scan_data *res, char *custom, 1265 char *end) 1266 { 1267 char *genie, *gpos, *gend; 1268 u8 *tmp; 1269 1270 if (iwe->u.data.length == 0) 1271 return; 1272 1273 gpos = genie = custom; 1274 gend = genie + iwe->u.data.length; 1275 if (gend > end) { 1276 wpa_printf(MSG_INFO, "IWEVGENIE overflow"); 1277 return; 1278 } 1279 1280 tmp = os_realloc(res->ie, res->ie_len + gend - gpos); 1281 if (tmp == NULL) 1282 return; 1283 os_memcpy(tmp + res->ie_len, gpos, gend - gpos); 1284 res->ie = tmp; 1285 res->ie_len += gend - gpos; 1286 } 1287 1288 1289 static void wext_get_scan_custom(struct iw_event *iwe, 1290 struct wext_scan_data *res, char *custom, 1291 char *end) 1292 { 1293 size_t clen; 1294 u8 *tmp; 1295 1296 clen = iwe->u.data.length; 1297 if (custom + clen > end) 1298 return; 1299 1300 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) { 1301 char *spos; 1302 int bytes; 1303 spos = custom + 7; 1304 bytes = custom + clen - spos; 1305 if (bytes & 1 || bytes == 0) 1306 return; 1307 bytes /= 2; 1308 tmp = os_realloc(res->ie, res->ie_len + bytes); 1309 if (tmp == NULL) 1310 return; 1311 res->ie = tmp; 1312 if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0) 1313 return; 1314 res->ie_len += bytes; 1315 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) { 1316 char *spos; 1317 int bytes; 1318 spos = custom + 7; 1319 bytes = custom + clen - spos; 1320 if (bytes & 1 || bytes == 0) 1321 return; 1322 bytes /= 2; 1323 tmp = os_realloc(res->ie, res->ie_len + bytes); 1324 if (tmp == NULL) 1325 return; 1326 res->ie = tmp; 1327 if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0) 1328 return; 1329 res->ie_len += bytes; 1330 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) { 1331 char *spos; 1332 int bytes; 1333 u8 bin[8]; 1334 spos = custom + 4; 1335 bytes = custom + clen - spos; 1336 if (bytes != 16) { 1337 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes); 1338 return; 1339 } 1340 bytes /= 2; 1341 if (hexstr2bin(spos, bin, bytes) < 0) { 1342 wpa_printf(MSG_DEBUG, "WEXT: Invalid TSF value"); 1343 return; 1344 } 1345 res->res.tsf += WPA_GET_BE64(bin); 1346 } 1347 } 1348 1349 1350 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd) 1351 { 1352 return drv->we_version_compiled > 18 && 1353 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE || 1354 cmd == IWEVGENIE || cmd == IWEVCUSTOM); 1355 } 1356 1357 1358 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res, 1359 struct wext_scan_data *data) 1360 { 1361 struct wpa_scan_res **tmp; 1362 struct wpa_scan_res *r; 1363 size_t extra_len; 1364 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL; 1365 1366 /* Figure out whether we need to fake any IEs */ 1367 pos = data->ie; 1368 end = pos + data->ie_len; 1369 while (pos && pos + 1 < end) { 1370 if (pos + 2 + pos[1] > end) 1371 break; 1372 if (pos[0] == WLAN_EID_SSID) 1373 ssid_ie = pos; 1374 else if (pos[0] == WLAN_EID_SUPP_RATES) 1375 rate_ie = pos; 1376 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES) 1377 rate_ie = pos; 1378 pos += 2 + pos[1]; 1379 } 1380 1381 extra_len = 0; 1382 if (ssid_ie == NULL) 1383 extra_len += 2 + data->ssid_len; 1384 if (rate_ie == NULL && data->maxrate) 1385 extra_len += 3; 1386 1387 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len); 1388 if (r == NULL) 1389 return; 1390 os_memcpy(r, &data->res, sizeof(*r)); 1391 r->ie_len = extra_len + data->ie_len; 1392 pos = (u8 *) (r + 1); 1393 if (ssid_ie == NULL) { 1394 /* 1395 * Generate a fake SSID IE since the driver did not report 1396 * a full IE list. 1397 */ 1398 *pos++ = WLAN_EID_SSID; 1399 *pos++ = data->ssid_len; 1400 os_memcpy(pos, data->ssid, data->ssid_len); 1401 pos += data->ssid_len; 1402 } 1403 if (rate_ie == NULL && data->maxrate) { 1404 /* 1405 * Generate a fake Supported Rates IE since the driver did not 1406 * report a full IE list. 1407 */ 1408 *pos++ = WLAN_EID_SUPP_RATES; 1409 *pos++ = 1; 1410 *pos++ = data->maxrate; 1411 } 1412 if (data->ie) 1413 os_memcpy(pos, data->ie, data->ie_len); 1414 1415 tmp = os_realloc_array(res->res, res->num + 1, 1416 sizeof(struct wpa_scan_res *)); 1417 if (tmp == NULL) { 1418 os_free(r); 1419 return; 1420 } 1421 tmp[res->num++] = r; 1422 res->res = tmp; 1423 } 1424 1425 1426 /** 1427 * wpa_driver_wext_get_scan_results - Fetch the latest scan results 1428 * @priv: Pointer to private wext data from wpa_driver_wext_init() 1429 * Returns: Scan results on success, -1 on failure 1430 */ 1431 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv) 1432 { 1433 struct wpa_driver_wext_data *drv = priv; 1434 size_t len; 1435 int first; 1436 u8 *res_buf; 1437 struct iw_event iwe_buf, *iwe = &iwe_buf; 1438 char *pos, *end, *custom; 1439 struct wpa_scan_results *res; 1440 struct wext_scan_data data; 1441 1442 res_buf = wpa_driver_wext_giwscan(drv, &len); 1443 if (res_buf == NULL) 1444 return NULL; 1445 1446 first = 1; 1447 1448 res = os_zalloc(sizeof(*res)); 1449 if (res == NULL) { 1450 os_free(res_buf); 1451 return NULL; 1452 } 1453 1454 pos = (char *) res_buf; 1455 end = (char *) res_buf + len; 1456 os_memset(&data, 0, sizeof(data)); 1457 1458 while (pos + IW_EV_LCP_LEN <= end) { 1459 /* Event data may be unaligned, so make a local, aligned copy 1460 * before processing. */ 1461 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN); 1462 if (iwe->len <= IW_EV_LCP_LEN) 1463 break; 1464 1465 custom = pos + IW_EV_POINT_LEN; 1466 if (wext_19_iw_point(drv, iwe->cmd)) { 1467 /* WE-19 removed the pointer from struct iw_point */ 1468 char *dpos = (char *) &iwe_buf.u.data.length; 1469 int dlen = dpos - (char *) &iwe_buf; 1470 os_memcpy(dpos, pos + IW_EV_LCP_LEN, 1471 sizeof(struct iw_event) - dlen); 1472 } else { 1473 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event)); 1474 custom += IW_EV_POINT_OFF; 1475 } 1476 1477 switch (iwe->cmd) { 1478 case SIOCGIWAP: 1479 if (!first) 1480 wpa_driver_wext_add_scan_entry(res, &data); 1481 first = 0; 1482 os_free(data.ie); 1483 os_memset(&data, 0, sizeof(data)); 1484 os_memcpy(data.res.bssid, 1485 iwe->u.ap_addr.sa_data, ETH_ALEN); 1486 break; 1487 case SIOCGIWMODE: 1488 wext_get_scan_mode(iwe, &data); 1489 break; 1490 case SIOCGIWESSID: 1491 wext_get_scan_ssid(iwe, &data, custom, end); 1492 break; 1493 case SIOCGIWFREQ: 1494 wext_get_scan_freq(iwe, &data); 1495 break; 1496 case IWEVQUAL: 1497 wext_get_scan_qual(drv, iwe, &data); 1498 break; 1499 case SIOCGIWENCODE: 1500 wext_get_scan_encode(iwe, &data); 1501 break; 1502 case SIOCGIWRATE: 1503 wext_get_scan_rate(iwe, &data, pos, end); 1504 break; 1505 case IWEVGENIE: 1506 wext_get_scan_iwevgenie(iwe, &data, custom, end); 1507 break; 1508 case IWEVCUSTOM: 1509 wext_get_scan_custom(iwe, &data, custom, end); 1510 break; 1511 } 1512 1513 pos += iwe->len; 1514 } 1515 os_free(res_buf); 1516 res_buf = NULL; 1517 if (!first) 1518 wpa_driver_wext_add_scan_entry(res, &data); 1519 os_free(data.ie); 1520 1521 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)", 1522 (unsigned long) len, (unsigned long) res->num); 1523 1524 return res; 1525 } 1526 1527 1528 static int wpa_driver_wext_get_range(void *priv) 1529 { 1530 struct wpa_driver_wext_data *drv = priv; 1531 struct iw_range *range; 1532 struct iwreq iwr; 1533 int minlen; 1534 size_t buflen; 1535 1536 /* 1537 * Use larger buffer than struct iw_range in order to allow the 1538 * structure to grow in the future. 1539 */ 1540 buflen = sizeof(struct iw_range) + 500; 1541 range = os_zalloc(buflen); 1542 if (range == NULL) 1543 return -1; 1544 1545 os_memset(&iwr, 0, sizeof(iwr)); 1546 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1547 iwr.u.data.pointer = (caddr_t) range; 1548 iwr.u.data.length = buflen; 1549 1550 minlen = ((char *) &range->enc_capa) - (char *) range + 1551 sizeof(range->enc_capa); 1552 1553 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) { 1554 perror("ioctl[SIOCGIWRANGE]"); 1555 os_free(range); 1556 return -1; 1557 } else if (iwr.u.data.length >= minlen && 1558 range->we_version_compiled >= 18) { 1559 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d " 1560 "WE(source)=%d enc_capa=0x%x", 1561 range->we_version_compiled, 1562 range->we_version_source, 1563 range->enc_capa); 1564 drv->has_capability = 1; 1565 drv->we_version_compiled = range->we_version_compiled; 1566 if (range->enc_capa & IW_ENC_CAPA_WPA) { 1567 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA | 1568 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK; 1569 } 1570 if (range->enc_capa & IW_ENC_CAPA_WPA2) { 1571 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 1572 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 1573 } 1574 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 | 1575 WPA_DRIVER_CAPA_ENC_WEP104; 1576 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP128; 1577 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP) 1578 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; 1579 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP) 1580 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; 1581 if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE) 1582 drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE; 1583 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 1584 WPA_DRIVER_AUTH_SHARED | 1585 WPA_DRIVER_AUTH_LEAP; 1586 drv->capa.max_scan_ssids = 1; 1587 1588 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x " 1589 "flags 0x%x", 1590 drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags); 1591 } else { 1592 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - " 1593 "assuming WPA is not supported"); 1594 } 1595 1596 drv->max_level = range->max_qual.level; 1597 1598 os_free(range); 1599 return 0; 1600 } 1601 1602 1603 static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv, 1604 const u8 *psk) 1605 { 1606 struct iw_encode_ext *ext; 1607 struct iwreq iwr; 1608 int ret; 1609 1610 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1611 1612 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) 1613 return 0; 1614 1615 if (!psk) 1616 return 0; 1617 1618 os_memset(&iwr, 0, sizeof(iwr)); 1619 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1620 1621 ext = os_zalloc(sizeof(*ext) + PMK_LEN); 1622 if (ext == NULL) 1623 return -1; 1624 1625 iwr.u.encoding.pointer = (caddr_t) ext; 1626 iwr.u.encoding.length = sizeof(*ext) + PMK_LEN; 1627 ext->key_len = PMK_LEN; 1628 os_memcpy(&ext->key, psk, ext->key_len); 1629 ext->alg = IW_ENCODE_ALG_PMK; 1630 1631 ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr); 1632 if (ret < 0) 1633 perror("ioctl[SIOCSIWENCODEEXT] PMK"); 1634 os_free(ext); 1635 1636 return ret; 1637 } 1638 1639 1640 static int wpa_driver_wext_set_key_ext(void *priv, enum wpa_alg alg, 1641 const u8 *addr, int key_idx, 1642 int set_tx, const u8 *seq, 1643 size_t seq_len, 1644 const u8 *key, size_t key_len) 1645 { 1646 struct wpa_driver_wext_data *drv = priv; 1647 struct iwreq iwr; 1648 int ret = 0; 1649 struct iw_encode_ext *ext; 1650 1651 if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) { 1652 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu", 1653 __FUNCTION__, (unsigned long) seq_len); 1654 return -1; 1655 } 1656 1657 ext = os_zalloc(sizeof(*ext) + key_len); 1658 if (ext == NULL) 1659 return -1; 1660 os_memset(&iwr, 0, sizeof(iwr)); 1661 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1662 iwr.u.encoding.flags = key_idx + 1; 1663 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1664 if (alg == WPA_ALG_NONE) 1665 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 1666 iwr.u.encoding.pointer = (caddr_t) ext; 1667 iwr.u.encoding.length = sizeof(*ext) + key_len; 1668 1669 if (addr == NULL || is_broadcast_ether_addr(addr)) 1670 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY; 1671 if (set_tx) 1672 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY; 1673 1674 ext->addr.sa_family = ARPHRD_ETHER; 1675 if (addr) 1676 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN); 1677 else 1678 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN); 1679 if (key && key_len) { 1680 os_memcpy(ext + 1, key, key_len); 1681 ext->key_len = key_len; 1682 } 1683 switch (alg) { 1684 case WPA_ALG_NONE: 1685 ext->alg = IW_ENCODE_ALG_NONE; 1686 break; 1687 case WPA_ALG_WEP: 1688 ext->alg = IW_ENCODE_ALG_WEP; 1689 break; 1690 case WPA_ALG_TKIP: 1691 ext->alg = IW_ENCODE_ALG_TKIP; 1692 break; 1693 case WPA_ALG_CCMP: 1694 ext->alg = IW_ENCODE_ALG_CCMP; 1695 break; 1696 case WPA_ALG_PMK: 1697 ext->alg = IW_ENCODE_ALG_PMK; 1698 break; 1699 #ifdef CONFIG_IEEE80211W 1700 case WPA_ALG_IGTK: 1701 ext->alg = IW_ENCODE_ALG_AES_CMAC; 1702 break; 1703 #endif /* CONFIG_IEEE80211W */ 1704 default: 1705 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d", 1706 __FUNCTION__, alg); 1707 os_free(ext); 1708 return -1; 1709 } 1710 1711 if (seq && seq_len) { 1712 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID; 1713 os_memcpy(ext->rx_seq, seq, seq_len); 1714 } 1715 1716 if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) { 1717 ret = errno == EOPNOTSUPP ? -2 : -1; 1718 if (errno == ENODEV) { 1719 /* 1720 * ndiswrapper seems to be returning incorrect error 1721 * code.. */ 1722 ret = -2; 1723 } 1724 1725 perror("ioctl[SIOCSIWENCODEEXT]"); 1726 } 1727 1728 os_free(ext); 1729 return ret; 1730 } 1731 1732 1733 /** 1734 * wpa_driver_wext_set_key - Configure encryption key 1735 * @priv: Pointer to private wext data from wpa_driver_wext_init() 1736 * @priv: Private driver interface data 1737 * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP, 1738 * %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key. 1739 * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for 1740 * broadcast/default keys 1741 * @key_idx: key index (0..3), usually 0 for unicast keys 1742 * @set_tx: Configure this key as the default Tx key (only used when 1743 * driver does not support separate unicast/individual key 1744 * @seq: Sequence number/packet number, seq_len octets, the next 1745 * packet number to be used for in replay protection; configured 1746 * for Rx keys (in most cases, this is only used with broadcast 1747 * keys and set to zero for unicast keys) 1748 * @seq_len: Length of the seq, depends on the algorithm: 1749 * TKIP: 6 octets, CCMP: 6 octets 1750 * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key, 1751 * 8-byte Rx Mic Key 1752 * @key_len: Length of the key buffer in octets (WEP: 5 or 13, 1753 * TKIP: 32, CCMP: 16) 1754 * Returns: 0 on success, -1 on failure 1755 * 1756 * This function uses SIOCSIWENCODEEXT by default, but tries to use 1757 * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key. 1758 */ 1759 int wpa_driver_wext_set_key(const char *ifname, void *priv, enum wpa_alg alg, 1760 const u8 *addr, int key_idx, 1761 int set_tx, const u8 *seq, size_t seq_len, 1762 const u8 *key, size_t key_len) 1763 { 1764 struct wpa_driver_wext_data *drv = priv; 1765 struct iwreq iwr; 1766 int ret = 0; 1767 1768 wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu " 1769 "key_len=%lu", 1770 __FUNCTION__, alg, key_idx, set_tx, 1771 (unsigned long) seq_len, (unsigned long) key_len); 1772 1773 ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx, 1774 seq, seq_len, key, key_len); 1775 if (ret == 0) 1776 return 0; 1777 1778 if (ret == -2 && 1779 (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) { 1780 wpa_printf(MSG_DEBUG, "Driver did not support " 1781 "SIOCSIWENCODEEXT, trying SIOCSIWENCODE"); 1782 ret = 0; 1783 } else { 1784 wpa_printf(MSG_DEBUG, "Driver did not support " 1785 "SIOCSIWENCODEEXT"); 1786 return ret; 1787 } 1788 1789 os_memset(&iwr, 0, sizeof(iwr)); 1790 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1791 iwr.u.encoding.flags = key_idx + 1; 1792 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1793 if (alg == WPA_ALG_NONE) 1794 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 1795 iwr.u.encoding.pointer = (caddr_t) key; 1796 iwr.u.encoding.length = key_len; 1797 1798 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 1799 perror("ioctl[SIOCSIWENCODE]"); 1800 ret = -1; 1801 } 1802 1803 if (set_tx && alg != WPA_ALG_NONE) { 1804 os_memset(&iwr, 0, sizeof(iwr)); 1805 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1806 iwr.u.encoding.flags = key_idx + 1; 1807 iwr.u.encoding.flags |= IW_ENCODE_TEMP; 1808 iwr.u.encoding.pointer = (caddr_t) NULL; 1809 iwr.u.encoding.length = 0; 1810 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 1811 perror("ioctl[SIOCSIWENCODE] (set_tx)"); 1812 ret = -1; 1813 } 1814 } 1815 1816 return ret; 1817 } 1818 1819 1820 static int wpa_driver_wext_set_countermeasures(void *priv, 1821 int enabled) 1822 { 1823 struct wpa_driver_wext_data *drv = priv; 1824 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1825 return wpa_driver_wext_set_auth_param(drv, 1826 IW_AUTH_TKIP_COUNTERMEASURES, 1827 enabled); 1828 } 1829 1830 1831 static int wpa_driver_wext_set_drop_unencrypted(void *priv, 1832 int enabled) 1833 { 1834 struct wpa_driver_wext_data *drv = priv; 1835 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1836 drv->use_crypt = enabled; 1837 return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED, 1838 enabled); 1839 } 1840 1841 1842 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv, 1843 const u8 *addr, int cmd, int reason_code) 1844 { 1845 struct iwreq iwr; 1846 struct iw_mlme mlme; 1847 int ret = 0; 1848 1849 os_memset(&iwr, 0, sizeof(iwr)); 1850 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1851 os_memset(&mlme, 0, sizeof(mlme)); 1852 mlme.cmd = cmd; 1853 mlme.reason_code = reason_code; 1854 mlme.addr.sa_family = ARPHRD_ETHER; 1855 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN); 1856 iwr.u.data.pointer = (caddr_t) &mlme; 1857 iwr.u.data.length = sizeof(mlme); 1858 1859 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) { 1860 perror("ioctl[SIOCSIWMLME]"); 1861 ret = -1; 1862 } 1863 1864 return ret; 1865 } 1866 1867 1868 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv) 1869 { 1870 struct iwreq iwr; 1871 const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 }; 1872 #ifndef ANDROID 1873 u8 ssid[32]; 1874 int i; 1875 #endif /* ANDROID */ 1876 1877 /* 1878 * Only force-disconnect when the card is in infrastructure mode, 1879 * otherwise the driver might interpret the cleared BSSID and random 1880 * SSID as an attempt to create a new ad-hoc network. 1881 */ 1882 os_memset(&iwr, 0, sizeof(iwr)); 1883 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1884 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) { 1885 perror("ioctl[SIOCGIWMODE]"); 1886 iwr.u.mode = IW_MODE_INFRA; 1887 } 1888 1889 if (iwr.u.mode == IW_MODE_INFRA) { 1890 /* Clear the BSSID selection */ 1891 if (wpa_driver_wext_set_bssid(drv, null_bssid) < 0) { 1892 wpa_printf(MSG_DEBUG, "WEXT: Failed to clear BSSID " 1893 "selection on disconnect"); 1894 } 1895 1896 #ifndef ANDROID 1897 if (drv->cfg80211) { 1898 /* 1899 * cfg80211 supports SIOCSIWMLME commands, so there is 1900 * no need for the random SSID hack, but clear the 1901 * SSID. 1902 */ 1903 if (wpa_driver_wext_set_ssid(drv, (u8 *) "", 0) < 0) { 1904 wpa_printf(MSG_DEBUG, "WEXT: Failed to clear " 1905 "SSID on disconnect"); 1906 } 1907 return; 1908 } 1909 1910 /* 1911 * Set a random SSID to make sure the driver will not be trying 1912 * to associate with something even if it does not understand 1913 * SIOCSIWMLME commands (or tries to associate automatically 1914 * after deauth/disassoc). 1915 */ 1916 for (i = 0; i < 32; i++) 1917 ssid[i] = rand() & 0xFF; 1918 if (wpa_driver_wext_set_ssid(drv, ssid, 32) < 0) { 1919 wpa_printf(MSG_DEBUG, "WEXT: Failed to set bogus " 1920 "SSID to disconnect"); 1921 } 1922 #endif /* ANDROID */ 1923 } 1924 } 1925 1926 1927 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr, 1928 int reason_code) 1929 { 1930 struct wpa_driver_wext_data *drv = priv; 1931 int ret; 1932 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1933 ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code); 1934 wpa_driver_wext_disconnect(drv); 1935 return ret; 1936 } 1937 1938 1939 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie, 1940 size_t ie_len) 1941 { 1942 struct wpa_driver_wext_data *drv = priv; 1943 struct iwreq iwr; 1944 int ret = 0; 1945 1946 os_memset(&iwr, 0, sizeof(iwr)); 1947 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1948 iwr.u.data.pointer = (caddr_t) ie; 1949 iwr.u.data.length = ie_len; 1950 1951 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) { 1952 perror("ioctl[SIOCSIWGENIE]"); 1953 ret = -1; 1954 } 1955 1956 return ret; 1957 } 1958 1959 1960 int wpa_driver_wext_cipher2wext(int cipher) 1961 { 1962 switch (cipher) { 1963 case CIPHER_NONE: 1964 return IW_AUTH_CIPHER_NONE; 1965 case CIPHER_WEP40: 1966 return IW_AUTH_CIPHER_WEP40; 1967 case CIPHER_TKIP: 1968 return IW_AUTH_CIPHER_TKIP; 1969 case CIPHER_CCMP: 1970 return IW_AUTH_CIPHER_CCMP; 1971 case CIPHER_WEP104: 1972 return IW_AUTH_CIPHER_WEP104; 1973 default: 1974 return 0; 1975 } 1976 } 1977 1978 1979 int wpa_driver_wext_keymgmt2wext(int keymgmt) 1980 { 1981 switch (keymgmt) { 1982 case KEY_MGMT_802_1X: 1983 case KEY_MGMT_802_1X_NO_WPA: 1984 return IW_AUTH_KEY_MGMT_802_1X; 1985 case KEY_MGMT_PSK: 1986 return IW_AUTH_KEY_MGMT_PSK; 1987 default: 1988 return 0; 1989 } 1990 } 1991 1992 1993 static int 1994 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv, 1995 struct wpa_driver_associate_params *params) 1996 { 1997 struct iwreq iwr; 1998 int ret = 0; 1999 2000 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support " 2001 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE"); 2002 2003 os_memset(&iwr, 0, sizeof(iwr)); 2004 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2005 /* Just changing mode, not actual keys */ 2006 iwr.u.encoding.flags = 0; 2007 iwr.u.encoding.pointer = (caddr_t) NULL; 2008 iwr.u.encoding.length = 0; 2009 2010 /* 2011 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two 2012 * different things. Here they are used to indicate Open System vs. 2013 * Shared Key authentication algorithm. However, some drivers may use 2014 * them to select between open/restricted WEP encrypted (open = allow 2015 * both unencrypted and encrypted frames; restricted = only allow 2016 * encrypted frames). 2017 */ 2018 2019 if (!drv->use_crypt) { 2020 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 2021 } else { 2022 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 2023 iwr.u.encoding.flags |= IW_ENCODE_OPEN; 2024 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 2025 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED; 2026 } 2027 2028 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 2029 perror("ioctl[SIOCSIWENCODE]"); 2030 ret = -1; 2031 } 2032 2033 return ret; 2034 } 2035 2036 2037 int wpa_driver_wext_associate(void *priv, 2038 struct wpa_driver_associate_params *params) 2039 { 2040 struct wpa_driver_wext_data *drv = priv; 2041 int ret = 0; 2042 int allow_unencrypted_eapol; 2043 int value; 2044 2045 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 2046 2047 if (drv->cfg80211) { 2048 /* 2049 * Stop cfg80211 from trying to associate before we are done 2050 * with all parameters. 2051 */ 2052 wpa_driver_wext_set_ssid(drv, (u8 *) "", 0); 2053 } 2054 2055 if (wpa_driver_wext_set_drop_unencrypted(drv, params->drop_unencrypted) 2056 < 0) 2057 ret = -1; 2058 if (wpa_driver_wext_set_auth_alg(drv, params->auth_alg) < 0) 2059 ret = -1; 2060 if (wpa_driver_wext_set_mode(drv, params->mode) < 0) 2061 ret = -1; 2062 2063 /* 2064 * If the driver did not support SIOCSIWAUTH, fallback to 2065 * SIOCSIWENCODE here. 2066 */ 2067 if (drv->auth_alg_fallback && 2068 wpa_driver_wext_auth_alg_fallback(drv, params) < 0) 2069 ret = -1; 2070 2071 if (!params->bssid && 2072 wpa_driver_wext_set_bssid(drv, NULL) < 0) 2073 ret = -1; 2074 2075 /* TODO: should consider getting wpa version and cipher/key_mgmt suites 2076 * from configuration, not from here, where only the selected suite is 2077 * available */ 2078 if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len) 2079 < 0) 2080 ret = -1; 2081 if (params->wpa_ie == NULL || params->wpa_ie_len == 0) 2082 value = IW_AUTH_WPA_VERSION_DISABLED; 2083 else if (params->wpa_ie[0] == WLAN_EID_RSN) 2084 value = IW_AUTH_WPA_VERSION_WPA2; 2085 else 2086 value = IW_AUTH_WPA_VERSION_WPA; 2087 if (wpa_driver_wext_set_auth_param(drv, 2088 IW_AUTH_WPA_VERSION, value) < 0) 2089 ret = -1; 2090 value = wpa_driver_wext_cipher2wext(params->pairwise_suite); 2091 if (wpa_driver_wext_set_auth_param(drv, 2092 IW_AUTH_CIPHER_PAIRWISE, value) < 0) 2093 ret = -1; 2094 value = wpa_driver_wext_cipher2wext(params->group_suite); 2095 if (wpa_driver_wext_set_auth_param(drv, 2096 IW_AUTH_CIPHER_GROUP, value) < 0) 2097 ret = -1; 2098 value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite); 2099 if (wpa_driver_wext_set_auth_param(drv, 2100 IW_AUTH_KEY_MGMT, value) < 0) 2101 ret = -1; 2102 value = params->key_mgmt_suite != KEY_MGMT_NONE || 2103 params->pairwise_suite != CIPHER_NONE || 2104 params->group_suite != CIPHER_NONE || 2105 params->wpa_ie_len; 2106 if (wpa_driver_wext_set_auth_param(drv, 2107 IW_AUTH_PRIVACY_INVOKED, value) < 0) 2108 ret = -1; 2109 2110 /* Allow unencrypted EAPOL messages even if pairwise keys are set when 2111 * not using WPA. IEEE 802.1X specifies that these frames are not 2112 * encrypted, but WPA encrypts them when pairwise keys are in use. */ 2113 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 2114 params->key_mgmt_suite == KEY_MGMT_PSK) 2115 allow_unencrypted_eapol = 0; 2116 else 2117 allow_unencrypted_eapol = 1; 2118 2119 if (wpa_driver_wext_set_psk(drv, params->psk) < 0) 2120 ret = -1; 2121 if (wpa_driver_wext_set_auth_param(drv, 2122 IW_AUTH_RX_UNENCRYPTED_EAPOL, 2123 allow_unencrypted_eapol) < 0) 2124 ret = -1; 2125 #ifdef CONFIG_IEEE80211W 2126 switch (params->mgmt_frame_protection) { 2127 case NO_MGMT_FRAME_PROTECTION: 2128 value = IW_AUTH_MFP_DISABLED; 2129 break; 2130 case MGMT_FRAME_PROTECTION_OPTIONAL: 2131 value = IW_AUTH_MFP_OPTIONAL; 2132 break; 2133 case MGMT_FRAME_PROTECTION_REQUIRED: 2134 value = IW_AUTH_MFP_REQUIRED; 2135 break; 2136 }; 2137 if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0) 2138 ret = -1; 2139 #endif /* CONFIG_IEEE80211W */ 2140 if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0) 2141 ret = -1; 2142 if (!drv->cfg80211 && 2143 wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0) 2144 ret = -1; 2145 if (params->bssid && 2146 wpa_driver_wext_set_bssid(drv, params->bssid) < 0) 2147 ret = -1; 2148 if (drv->cfg80211 && 2149 wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0) 2150 ret = -1; 2151 2152 return ret; 2153 } 2154 2155 2156 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg) 2157 { 2158 struct wpa_driver_wext_data *drv = priv; 2159 int algs = 0, res; 2160 2161 if (auth_alg & WPA_AUTH_ALG_OPEN) 2162 algs |= IW_AUTH_ALG_OPEN_SYSTEM; 2163 if (auth_alg & WPA_AUTH_ALG_SHARED) 2164 algs |= IW_AUTH_ALG_SHARED_KEY; 2165 if (auth_alg & WPA_AUTH_ALG_LEAP) 2166 algs |= IW_AUTH_ALG_LEAP; 2167 if (algs == 0) { 2168 /* at least one algorithm should be set */ 2169 algs = IW_AUTH_ALG_OPEN_SYSTEM; 2170 } 2171 2172 res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG, 2173 algs); 2174 drv->auth_alg_fallback = res == -2; 2175 return res; 2176 } 2177 2178 2179 /** 2180 * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE 2181 * @priv: Pointer to private wext data from wpa_driver_wext_init() 2182 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS 2183 * Returns: 0 on success, -1 on failure 2184 */ 2185 int wpa_driver_wext_set_mode(void *priv, int mode) 2186 { 2187 struct wpa_driver_wext_data *drv = priv; 2188 struct iwreq iwr; 2189 int ret = -1; 2190 unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA; 2191 2192 os_memset(&iwr, 0, sizeof(iwr)); 2193 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2194 iwr.u.mode = new_mode; 2195 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) { 2196 ret = 0; 2197 goto done; 2198 } 2199 2200 if (errno != EBUSY) { 2201 perror("ioctl[SIOCSIWMODE]"); 2202 goto done; 2203 } 2204 2205 /* mac80211 doesn't allow mode changes while the device is up, so if 2206 * the device isn't in the mode we're about to change to, take device 2207 * down, try to set the mode again, and bring it back up. 2208 */ 2209 if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) { 2210 perror("ioctl[SIOCGIWMODE]"); 2211 goto done; 2212 } 2213 2214 if (iwr.u.mode == new_mode) { 2215 ret = 0; 2216 goto done; 2217 } 2218 2219 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0) == 0) { 2220 /* Try to set the mode again while the interface is down */ 2221 iwr.u.mode = new_mode; 2222 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0) 2223 perror("ioctl[SIOCSIWMODE]"); 2224 else 2225 ret = 0; 2226 2227 (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1); 2228 } 2229 2230 done: 2231 return ret; 2232 } 2233 2234 2235 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv, 2236 u32 cmd, const u8 *bssid, const u8 *pmkid) 2237 { 2238 struct iwreq iwr; 2239 struct iw_pmksa pmksa; 2240 int ret = 0; 2241 2242 os_memset(&iwr, 0, sizeof(iwr)); 2243 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2244 os_memset(&pmksa, 0, sizeof(pmksa)); 2245 pmksa.cmd = cmd; 2246 pmksa.bssid.sa_family = ARPHRD_ETHER; 2247 if (bssid) 2248 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN); 2249 if (pmkid) 2250 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN); 2251 iwr.u.data.pointer = (caddr_t) &pmksa; 2252 iwr.u.data.length = sizeof(pmksa); 2253 2254 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) { 2255 if (errno != EOPNOTSUPP) 2256 perror("ioctl[SIOCSIWPMKSA]"); 2257 ret = -1; 2258 } 2259 2260 return ret; 2261 } 2262 2263 2264 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid, 2265 const u8 *pmkid) 2266 { 2267 struct wpa_driver_wext_data *drv = priv; 2268 return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid); 2269 } 2270 2271 2272 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid, 2273 const u8 *pmkid) 2274 { 2275 struct wpa_driver_wext_data *drv = priv; 2276 return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid); 2277 } 2278 2279 2280 static int wpa_driver_wext_flush_pmkid(void *priv) 2281 { 2282 struct wpa_driver_wext_data *drv = priv; 2283 return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL); 2284 } 2285 2286 2287 int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa) 2288 { 2289 struct wpa_driver_wext_data *drv = priv; 2290 if (!drv->has_capability) 2291 return -1; 2292 os_memcpy(capa, &drv->capa, sizeof(*capa)); 2293 return 0; 2294 } 2295 2296 2297 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv, 2298 const char *ifname) 2299 { 2300 if (ifname == NULL) { 2301 drv->ifindex2 = -1; 2302 return 0; 2303 } 2304 2305 drv->ifindex2 = if_nametoindex(ifname); 2306 if (drv->ifindex2 <= 0) 2307 return -1; 2308 2309 wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for " 2310 "wireless events", drv->ifindex2, ifname); 2311 2312 return 0; 2313 } 2314 2315 2316 int wpa_driver_wext_set_operstate(void *priv, int state) 2317 { 2318 struct wpa_driver_wext_data *drv = priv; 2319 2320 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 2321 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 2322 drv->operstate = state; 2323 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1, 2324 state ? IF_OPER_UP : IF_OPER_DORMANT); 2325 } 2326 2327 2328 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv) 2329 { 2330 return drv->we_version_compiled; 2331 } 2332 2333 2334 static const char * wext_get_radio_name(void *priv) 2335 { 2336 struct wpa_driver_wext_data *drv = priv; 2337 return drv->phyname; 2338 } 2339 2340 2341 #ifdef ANDROID 2342 2343 static int android_wext_cmd(struct wpa_driver_wext_data *drv, const char *cmd) 2344 { 2345 struct iwreq iwr; 2346 char buf[MAX_DRV_CMD_SIZE]; 2347 int ret; 2348 2349 os_memset(&iwr, 0, sizeof(iwr)); 2350 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2351 2352 os_memset(buf, 0, sizeof(buf)); 2353 os_strlcpy(buf, cmd, sizeof(buf)); 2354 2355 iwr.u.data.pointer = buf; 2356 iwr.u.data.length = sizeof(buf); 2357 2358 ret = ioctl(drv->ioctl_sock, SIOCSIWPRIV, &iwr); 2359 2360 if (ret < 0) { 2361 wpa_printf(MSG_ERROR, "%s failed (%d): %s", __func__, ret, 2362 cmd); 2363 drv->errors++; 2364 if (drv->errors > DRV_NUMBER_SEQUENTIAL_ERRORS) { 2365 drv->errors = 0; 2366 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE 2367 "HANGED"); 2368 } 2369 return ret; 2370 } 2371 2372 drv->errors = 0; 2373 return 0; 2374 } 2375 2376 2377 static int wext_sched_scan(void *priv, struct wpa_driver_scan_params *params, 2378 u32 interval) 2379 { 2380 struct wpa_driver_wext_data *drv = priv; 2381 struct iwreq iwr; 2382 int ret = 0, i = 0, bp; 2383 char buf[WEXT_PNO_MAX_COMMAND_SIZE]; 2384 2385 bp = WEXT_PNOSETUP_HEADER_SIZE; 2386 os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp); 2387 buf[bp++] = WEXT_PNO_TLV_PREFIX; 2388 buf[bp++] = WEXT_PNO_TLV_VERSION; 2389 buf[bp++] = WEXT_PNO_TLV_SUBVERSION; 2390 buf[bp++] = WEXT_PNO_TLV_RESERVED; 2391 2392 while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) { 2393 /* 2394 * Check that there is enough space needed for 1 more SSID, the 2395 * other sections and null termination. 2396 */ 2397 if ((bp + WEXT_PNO_SSID_HEADER_SIZE + IW_ESSID_MAX_SIZE + 2398 WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf)) 2399 break; 2400 2401 wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan", 2402 params->ssids[i].ssid, 2403 params->ssids[i].ssid_len); 2404 buf[bp++] = WEXT_PNO_SSID_SECTION; 2405 buf[bp++] = params->ssids[i].ssid_len; 2406 os_memcpy(&buf[bp], params->ssids[i].ssid, 2407 params->ssids[i].ssid_len); 2408 bp += params->ssids[i].ssid_len; 2409 i++; 2410 } 2411 2412 buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION; 2413 /* TODO: consider using interval parameter (interval in msec) instead 2414 * of hardcoded value here */ 2415 os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x", 2416 WEXT_PNO_SCAN_INTERVAL); 2417 bp += WEXT_PNO_SCAN_INTERVAL_LENGTH; 2418 2419 buf[bp++] = WEXT_PNO_REPEAT_SECTION; 2420 os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x", 2421 WEXT_PNO_REPEAT); 2422 bp += WEXT_PNO_REPEAT_LENGTH; 2423 2424 buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION; 2425 os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x", 2426 WEXT_PNO_MAX_REPEAT); 2427 bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1; 2428 2429 os_memset(&iwr, 0, sizeof(iwr)); 2430 os_strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2431 iwr.u.data.pointer = buf; 2432 iwr.u.data.length = bp; 2433 2434 ret = ioctl(drv->ioctl_sock, SIOCSIWPRIV, &iwr); 2435 if (ret < 0) { 2436 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d", 2437 ret); 2438 drv->errors++; 2439 if (drv->errors > DRV_NUMBER_SEQUENTIAL_ERRORS) { 2440 drv->errors = 0; 2441 wpa_msg(drv->ctx, MSG_INFO, 2442 WPA_EVENT_DRIVER_STATE "HANGED"); 2443 } 2444 return ret; 2445 } 2446 2447 drv->errors = 0; 2448 drv->bgscan_enabled = 1; 2449 2450 return android_wext_cmd(drv, "PNOFORCE 1"); 2451 } 2452 2453 2454 static int wext_stop_sched_scan(void *priv) 2455 { 2456 struct wpa_driver_wext_data *drv = priv; 2457 drv->bgscan_enabled = 0; 2458 return android_wext_cmd(drv, "PNOFORCE 0"); 2459 } 2460 2461 #endif /* ANDROID */ 2462 2463 2464 const struct wpa_driver_ops wpa_driver_wext_ops = { 2465 .name = "wext", 2466 .desc = "Linux wireless extensions (generic)", 2467 .get_bssid = wpa_driver_wext_get_bssid, 2468 .get_ssid = wpa_driver_wext_get_ssid, 2469 .set_key = wpa_driver_wext_set_key, 2470 .set_countermeasures = wpa_driver_wext_set_countermeasures, 2471 .scan2 = wpa_driver_wext_scan, 2472 .get_scan_results2 = wpa_driver_wext_get_scan_results, 2473 .deauthenticate = wpa_driver_wext_deauthenticate, 2474 .associate = wpa_driver_wext_associate, 2475 .init = wpa_driver_wext_init, 2476 .deinit = wpa_driver_wext_deinit, 2477 .add_pmkid = wpa_driver_wext_add_pmkid, 2478 .remove_pmkid = wpa_driver_wext_remove_pmkid, 2479 .flush_pmkid = wpa_driver_wext_flush_pmkid, 2480 .get_capa = wpa_driver_wext_get_capa, 2481 .set_operstate = wpa_driver_wext_set_operstate, 2482 .get_radio_name = wext_get_radio_name, 2483 #ifdef ANDROID 2484 .sched_scan = wext_sched_scan, 2485 .stop_sched_scan = wext_stop_sched_scan, 2486 #endif /* ANDROID */ 2487 }; 2488