• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Driver interaction with generic Linux Wireless Extensions
3  * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file implements a driver interface for the Linux Wireless Extensions.
9  * When used with WE-18 or newer, this interface can be used as-is with number
10  * of drivers. In addition to this, some of the common functions in this file
11  * can be used by other driver interface implementations that use generic WE
12  * ioctls, but require private ioctls for some of the functionality.
13  */
14 
15 #include "includes.h"
16 #include <sys/ioctl.h>
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <fcntl.h>
20 #include <net/if_arp.h>
21 
22 #include "linux_wext.h"
23 #include "common.h"
24 #include "eloop.h"
25 #include "common/ieee802_11_defs.h"
26 #include "common/wpa_common.h"
27 #include "priv_netlink.h"
28 #include "netlink.h"
29 #include "linux_ioctl.h"
30 #include "rfkill.h"
31 #include "driver.h"
32 #include "driver_wext.h"
33 
34 static int wpa_driver_wext_flush_pmkid(void *priv);
35 static int wpa_driver_wext_get_range(void *priv);
36 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv);
37 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv);
38 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg);
39 
40 
wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data * drv,int idx,u32 value)41 int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv,
42 				   int idx, u32 value)
43 {
44 	struct iwreq iwr;
45 	int ret = 0;
46 
47 	os_memset(&iwr, 0, sizeof(iwr));
48 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
49 	iwr.u.param.flags = idx & IW_AUTH_INDEX;
50 	iwr.u.param.value = value;
51 
52 	if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
53 		if (errno != EOPNOTSUPP) {
54 			wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
55 				   "value 0x%x) failed: %s)",
56 				   idx, value, strerror(errno));
57 		}
58 		ret = errno == EOPNOTSUPP ? -2 : -1;
59 	}
60 
61 	return ret;
62 }
63 
64 
65 /**
66  * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP
67  * @priv: Pointer to private wext data from wpa_driver_wext_init()
68  * @bssid: Buffer for BSSID
69  * Returns: 0 on success, -1 on failure
70  */
wpa_driver_wext_get_bssid(void * priv,u8 * bssid)71 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid)
72 {
73 	struct wpa_driver_wext_data *drv = priv;
74 	struct iwreq iwr;
75 	int ret = 0;
76 
77 	os_memset(&iwr, 0, sizeof(iwr));
78 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
79 
80 	if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
81 		perror("ioctl[SIOCGIWAP]");
82 		ret = -1;
83 	}
84 	os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
85 
86 	return ret;
87 }
88 
89 
90 /**
91  * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP
92  * @priv: Pointer to private wext data from wpa_driver_wext_init()
93  * @bssid: BSSID
94  * Returns: 0 on success, -1 on failure
95  */
wpa_driver_wext_set_bssid(void * priv,const u8 * bssid)96 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid)
97 {
98 	struct wpa_driver_wext_data *drv = priv;
99 	struct iwreq iwr;
100 	int ret = 0;
101 
102 	os_memset(&iwr, 0, sizeof(iwr));
103 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
104 	iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
105 	if (bssid)
106 		os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
107 	else
108 		os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
109 
110 	if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
111 		perror("ioctl[SIOCSIWAP]");
112 		ret = -1;
113 	}
114 
115 	return ret;
116 }
117 
118 
119 /**
120  * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID
121  * @priv: Pointer to private wext data from wpa_driver_wext_init()
122  * @ssid: Buffer for the SSID; must be at least 32 bytes long
123  * Returns: SSID length on success, -1 on failure
124  */
wpa_driver_wext_get_ssid(void * priv,u8 * ssid)125 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid)
126 {
127 	struct wpa_driver_wext_data *drv = priv;
128 	struct iwreq iwr;
129 	int ret = 0;
130 
131 	os_memset(&iwr, 0, sizeof(iwr));
132 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
133 	iwr.u.essid.pointer = (caddr_t) ssid;
134 	iwr.u.essid.length = 32;
135 
136 	if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
137 		perror("ioctl[SIOCGIWESSID]");
138 		ret = -1;
139 	} else {
140 		ret = iwr.u.essid.length;
141 		if (ret > 32)
142 			ret = 32;
143 		/* Some drivers include nul termination in the SSID, so let's
144 		 * remove it here before further processing. WE-21 changes this
145 		 * to explicitly require the length _not_ to include nul
146 		 * termination. */
147 		if (ret > 0 && ssid[ret - 1] == '\0' &&
148 		    drv->we_version_compiled < 21)
149 			ret--;
150 	}
151 
152 	return ret;
153 }
154 
155 
156 /**
157  * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID
158  * @priv: Pointer to private wext data from wpa_driver_wext_init()
159  * @ssid: SSID
160  * @ssid_len: Length of SSID (0..32)
161  * Returns: 0 on success, -1 on failure
162  */
wpa_driver_wext_set_ssid(void * priv,const u8 * ssid,size_t ssid_len)163 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
164 {
165 	struct wpa_driver_wext_data *drv = priv;
166 	struct iwreq iwr;
167 	int ret = 0;
168 	char buf[33];
169 
170 	if (ssid_len > 32)
171 		return -1;
172 
173 	os_memset(&iwr, 0, sizeof(iwr));
174 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
175 	/* flags: 1 = ESSID is active, 0 = not (promiscuous) */
176 	iwr.u.essid.flags = (ssid_len != 0);
177 	os_memset(buf, 0, sizeof(buf));
178 	os_memcpy(buf, ssid, ssid_len);
179 	iwr.u.essid.pointer = (caddr_t) buf;
180 	if (drv->we_version_compiled < 21) {
181 		/* For historic reasons, set SSID length to include one extra
182 		 * character, C string nul termination, even though SSID is
183 		 * really an octet string that should not be presented as a C
184 		 * string. Some Linux drivers decrement the length by one and
185 		 * can thus end up missing the last octet of the SSID if the
186 		 * length is not incremented here. WE-21 changes this to
187 		 * explicitly require the length _not_ to include nul
188 		 * termination. */
189 		if (ssid_len)
190 			ssid_len++;
191 	}
192 	iwr.u.essid.length = ssid_len;
193 
194 	if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
195 		perror("ioctl[SIOCSIWESSID]");
196 		ret = -1;
197 	}
198 
199 	return ret;
200 }
201 
202 
203 /**
204  * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ
205  * @priv: Pointer to private wext data from wpa_driver_wext_init()
206  * @freq: Frequency in MHz
207  * Returns: 0 on success, -1 on failure
208  */
wpa_driver_wext_set_freq(void * priv,int freq)209 int wpa_driver_wext_set_freq(void *priv, int freq)
210 {
211 	struct wpa_driver_wext_data *drv = priv;
212 	struct iwreq iwr;
213 	int ret = 0;
214 
215 	os_memset(&iwr, 0, sizeof(iwr));
216 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
217 	iwr.u.freq.m = freq * 100000;
218 	iwr.u.freq.e = 1;
219 
220 	if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
221 		perror("ioctl[SIOCSIWFREQ]");
222 		ret = -1;
223 	}
224 
225 	return ret;
226 }
227 
228 
229 static void
wpa_driver_wext_event_wireless_custom(void * ctx,char * custom)230 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
231 {
232 	union wpa_event_data data;
233 
234 	wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
235 		   custom);
236 
237 	os_memset(&data, 0, sizeof(data));
238 	/* Host AP driver */
239 	if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
240 		data.michael_mic_failure.unicast =
241 			os_strstr(custom, " unicast ") != NULL;
242 		/* TODO: parse parameters(?) */
243 		wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
244 	} else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
245 		char *spos;
246 		int bytes;
247 		u8 *req_ies = NULL, *resp_ies = NULL;
248 
249 		spos = custom + 17;
250 
251 		bytes = strspn(spos, "0123456789abcdefABCDEF");
252 		if (!bytes || (bytes & 1))
253 			return;
254 		bytes /= 2;
255 
256 		req_ies = os_malloc(bytes);
257 		if (req_ies == NULL ||
258 		    hexstr2bin(spos, req_ies, bytes) < 0)
259 			goto done;
260 		data.assoc_info.req_ies = req_ies;
261 		data.assoc_info.req_ies_len = bytes;
262 
263 		spos += bytes * 2;
264 
265 		data.assoc_info.resp_ies = NULL;
266 		data.assoc_info.resp_ies_len = 0;
267 
268 		if (os_strncmp(spos, " RespIEs=", 9) == 0) {
269 			spos += 9;
270 
271 			bytes = strspn(spos, "0123456789abcdefABCDEF");
272 			if (!bytes || (bytes & 1))
273 				goto done;
274 			bytes /= 2;
275 
276 			resp_ies = os_malloc(bytes);
277 			if (resp_ies == NULL ||
278 			    hexstr2bin(spos, resp_ies, bytes) < 0)
279 				goto done;
280 			data.assoc_info.resp_ies = resp_ies;
281 			data.assoc_info.resp_ies_len = bytes;
282 		}
283 
284 		wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
285 
286 	done:
287 		os_free(resp_ies);
288 		os_free(req_ies);
289 #ifdef CONFIG_PEERKEY
290 	} else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
291 		if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
292 			wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
293 				   "STKSTART.request '%s'", custom + 17);
294 			return;
295 		}
296 		wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
297 #endif /* CONFIG_PEERKEY */
298 	}
299 }
300 
301 
wpa_driver_wext_event_wireless_michaelmicfailure(void * ctx,const char * ev,size_t len)302 static int wpa_driver_wext_event_wireless_michaelmicfailure(
303 	void *ctx, const char *ev, size_t len)
304 {
305 	const struct iw_michaelmicfailure *mic;
306 	union wpa_event_data data;
307 
308 	if (len < sizeof(*mic))
309 		return -1;
310 
311 	mic = (const struct iw_michaelmicfailure *) ev;
312 
313 	wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
314 		   "flags=0x%x src_addr=" MACSTR, mic->flags,
315 		   MAC2STR(mic->src_addr.sa_data));
316 
317 	os_memset(&data, 0, sizeof(data));
318 	data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
319 	wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
320 
321 	return 0;
322 }
323 
324 
wpa_driver_wext_event_wireless_pmkidcand(struct wpa_driver_wext_data * drv,const char * ev,size_t len)325 static int wpa_driver_wext_event_wireless_pmkidcand(
326 	struct wpa_driver_wext_data *drv, const char *ev, size_t len)
327 {
328 	const struct iw_pmkid_cand *cand;
329 	union wpa_event_data data;
330 	const u8 *addr;
331 
332 	if (len < sizeof(*cand))
333 		return -1;
334 
335 	cand = (const struct iw_pmkid_cand *) ev;
336 	addr = (const u8 *) cand->bssid.sa_data;
337 
338 	wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
339 		   "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
340 		   cand->index, MAC2STR(addr));
341 
342 	os_memset(&data, 0, sizeof(data));
343 	os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
344 	data.pmkid_candidate.index = cand->index;
345 	data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
346 	wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
347 
348 	return 0;
349 }
350 
351 
wpa_driver_wext_event_wireless_assocreqie(struct wpa_driver_wext_data * drv,const char * ev,int len)352 static int wpa_driver_wext_event_wireless_assocreqie(
353 	struct wpa_driver_wext_data *drv, const char *ev, int len)
354 {
355 	if (len < 0)
356 		return -1;
357 
358 	wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
359 		    len);
360 	os_free(drv->assoc_req_ies);
361 	drv->assoc_req_ies = os_malloc(len);
362 	if (drv->assoc_req_ies == NULL) {
363 		drv->assoc_req_ies_len = 0;
364 		return -1;
365 	}
366 	os_memcpy(drv->assoc_req_ies, ev, len);
367 	drv->assoc_req_ies_len = len;
368 
369 	return 0;
370 }
371 
372 
wpa_driver_wext_event_wireless_assocrespie(struct wpa_driver_wext_data * drv,const char * ev,int len)373 static int wpa_driver_wext_event_wireless_assocrespie(
374 	struct wpa_driver_wext_data *drv, const char *ev, int len)
375 {
376 	if (len < 0)
377 		return -1;
378 
379 	wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
380 		    len);
381 	os_free(drv->assoc_resp_ies);
382 	drv->assoc_resp_ies = os_malloc(len);
383 	if (drv->assoc_resp_ies == NULL) {
384 		drv->assoc_resp_ies_len = 0;
385 		return -1;
386 	}
387 	os_memcpy(drv->assoc_resp_ies, ev, len);
388 	drv->assoc_resp_ies_len = len;
389 
390 	return 0;
391 }
392 
393 
wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data * drv)394 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv)
395 {
396 	union wpa_event_data data;
397 
398 	if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
399 		return;
400 
401 	os_memset(&data, 0, sizeof(data));
402 	if (drv->assoc_req_ies) {
403 		data.assoc_info.req_ies = drv->assoc_req_ies;
404 		data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
405 	}
406 	if (drv->assoc_resp_ies) {
407 		data.assoc_info.resp_ies = drv->assoc_resp_ies;
408 		data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
409 	}
410 
411 	wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
412 
413 	os_free(drv->assoc_req_ies);
414 	drv->assoc_req_ies = NULL;
415 	os_free(drv->assoc_resp_ies);
416 	drv->assoc_resp_ies = NULL;
417 }
418 
419 
wpa_driver_wext_event_wireless(struct wpa_driver_wext_data * drv,char * data,int len)420 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
421 					   char *data, int len)
422 {
423 	struct iw_event iwe_buf, *iwe = &iwe_buf;
424 	char *pos, *end, *custom, *buf;
425 
426 	pos = data;
427 	end = data + len;
428 
429 	while (pos + IW_EV_LCP_LEN <= end) {
430 		/* Event data may be unaligned, so make a local, aligned copy
431 		 * before processing. */
432 		os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
433 		wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
434 			   iwe->cmd, iwe->len);
435 		if (iwe->len <= IW_EV_LCP_LEN)
436 			return;
437 
438 		custom = pos + IW_EV_POINT_LEN;
439 		if (drv->we_version_compiled > 18 &&
440 		    (iwe->cmd == IWEVMICHAELMICFAILURE ||
441 		     iwe->cmd == IWEVCUSTOM ||
442 		     iwe->cmd == IWEVASSOCREQIE ||
443 		     iwe->cmd == IWEVASSOCRESPIE ||
444 		     iwe->cmd == IWEVPMKIDCAND)) {
445 			/* WE-19 removed the pointer from struct iw_point */
446 			char *dpos = (char *) &iwe_buf.u.data.length;
447 			int dlen = dpos - (char *) &iwe_buf;
448 			os_memcpy(dpos, pos + IW_EV_LCP_LEN,
449 				  sizeof(struct iw_event) - dlen);
450 		} else {
451 			os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
452 			custom += IW_EV_POINT_OFF;
453 		}
454 
455 		switch (iwe->cmd) {
456 		case SIOCGIWAP:
457 			wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
458 				   MACSTR,
459 				   MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
460 			if (is_zero_ether_addr(
461 				    (const u8 *) iwe->u.ap_addr.sa_data) ||
462 			    os_memcmp(iwe->u.ap_addr.sa_data,
463 				      "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
464 			    0) {
465 				os_free(drv->assoc_req_ies);
466 				drv->assoc_req_ies = NULL;
467 				os_free(drv->assoc_resp_ies);
468 				drv->assoc_resp_ies = NULL;
469 				wpa_supplicant_event(drv->ctx, EVENT_DISASSOC,
470 						     NULL);
471 
472 			} else {
473 				wpa_driver_wext_event_assoc_ies(drv);
474 				wpa_supplicant_event(drv->ctx, EVENT_ASSOC,
475 						     NULL);
476 			}
477 			break;
478 		case IWEVMICHAELMICFAILURE:
479 			if (custom + iwe->u.data.length > end) {
480 				wpa_printf(MSG_DEBUG, "WEXT: Invalid "
481 					   "IWEVMICHAELMICFAILURE length");
482 				return;
483 			}
484 			wpa_driver_wext_event_wireless_michaelmicfailure(
485 				drv->ctx, custom, iwe->u.data.length);
486 			break;
487 		case IWEVCUSTOM:
488 			if (custom + iwe->u.data.length > end) {
489 				wpa_printf(MSG_DEBUG, "WEXT: Invalid "
490 					   "IWEVCUSTOM length");
491 				return;
492 			}
493 			buf = dup_binstr(custom, iwe->u.data.length);
494 			if (buf == NULL)
495 				return;
496 			wpa_driver_wext_event_wireless_custom(drv->ctx, buf);
497 			os_free(buf);
498 			break;
499 		case SIOCGIWSCAN:
500 			drv->scan_complete_events = 1;
501 			eloop_cancel_timeout(wpa_driver_wext_scan_timeout,
502 					     drv, drv->ctx);
503 			wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS,
504 					     NULL);
505 			break;
506 		case IWEVASSOCREQIE:
507 			if (custom + iwe->u.data.length > end) {
508 				wpa_printf(MSG_DEBUG, "WEXT: Invalid "
509 					   "IWEVASSOCREQIE length");
510 				return;
511 			}
512 			wpa_driver_wext_event_wireless_assocreqie(
513 				drv, custom, iwe->u.data.length);
514 			break;
515 		case IWEVASSOCRESPIE:
516 			if (custom + iwe->u.data.length > end) {
517 				wpa_printf(MSG_DEBUG, "WEXT: Invalid "
518 					   "IWEVASSOCRESPIE length");
519 				return;
520 			}
521 			wpa_driver_wext_event_wireless_assocrespie(
522 				drv, custom, iwe->u.data.length);
523 			break;
524 		case IWEVPMKIDCAND:
525 			if (custom + iwe->u.data.length > end) {
526 				wpa_printf(MSG_DEBUG, "WEXT: Invalid "
527 					   "IWEVPMKIDCAND length");
528 				return;
529 			}
530 			wpa_driver_wext_event_wireless_pmkidcand(
531 				drv, custom, iwe->u.data.length);
532 			break;
533 		}
534 
535 		pos += iwe->len;
536 	}
537 }
538 
539 
wpa_driver_wext_event_link(struct wpa_driver_wext_data * drv,char * buf,size_t len,int del)540 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv,
541 				       char *buf, size_t len, int del)
542 {
543 	union wpa_event_data event;
544 
545 	os_memset(&event, 0, sizeof(event));
546 	if (len > sizeof(event.interface_status.ifname))
547 		len = sizeof(event.interface_status.ifname) - 1;
548 	os_memcpy(event.interface_status.ifname, buf, len);
549 	event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
550 		EVENT_INTERFACE_ADDED;
551 
552 	wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
553 		   del ? "DEL" : "NEW",
554 		   event.interface_status.ifname,
555 		   del ? "removed" : "added");
556 
557 	if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
558 		if (del) {
559 			if (drv->if_removed) {
560 				wpa_printf(MSG_DEBUG, "WEXT: if_removed "
561 					   "already set - ignore event");
562 				return;
563 			}
564 			drv->if_removed = 1;
565 		} else {
566 			if (if_nametoindex(drv->ifname) == 0) {
567 				wpa_printf(MSG_DEBUG, "WEXT: Interface %s "
568 					   "does not exist - ignore "
569 					   "RTM_NEWLINK",
570 					   drv->ifname);
571 				return;
572 			}
573 			if (!drv->if_removed) {
574 				wpa_printf(MSG_DEBUG, "WEXT: if_removed "
575 					   "already cleared - ignore event");
576 				return;
577 			}
578 			drv->if_removed = 0;
579 		}
580 	}
581 
582 	wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
583 }
584 
585 
wpa_driver_wext_own_ifname(struct wpa_driver_wext_data * drv,u8 * buf,size_t len)586 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv,
587 				      u8 *buf, size_t len)
588 {
589 	int attrlen, rta_len;
590 	struct rtattr *attr;
591 
592 	attrlen = len;
593 	attr = (struct rtattr *) buf;
594 
595 	rta_len = RTA_ALIGN(sizeof(struct rtattr));
596 	while (RTA_OK(attr, attrlen)) {
597 		if (attr->rta_type == IFLA_IFNAME) {
598 			if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
599 			    == 0)
600 				return 1;
601 			else
602 				break;
603 		}
604 		attr = RTA_NEXT(attr, attrlen);
605 	}
606 
607 	return 0;
608 }
609 
610 
wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data * drv,int ifindex,u8 * buf,size_t len)611 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv,
612 				       int ifindex, u8 *buf, size_t len)
613 {
614 	if (drv->ifindex == ifindex || drv->ifindex2 == ifindex)
615 		return 1;
616 
617 	if (drv->if_removed && wpa_driver_wext_own_ifname(drv, buf, len)) {
618 		drv->ifindex = if_nametoindex(drv->ifname);
619 		wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed "
620 			   "interface");
621 		wpa_driver_wext_finish_drv_init(drv);
622 		return 1;
623 	}
624 
625 	return 0;
626 }
627 
628 
wpa_driver_wext_event_rtm_newlink(void * ctx,struct ifinfomsg * ifi,u8 * buf,size_t len)629 static void wpa_driver_wext_event_rtm_newlink(void *ctx, struct ifinfomsg *ifi,
630 					      u8 *buf, size_t len)
631 {
632 	struct wpa_driver_wext_data *drv = ctx;
633 	int attrlen, rta_len;
634 	struct rtattr *attr;
635 	char namebuf[IFNAMSIZ];
636 
637 	if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, buf, len)) {
638 		wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
639 			   ifi->ifi_index);
640 		return;
641 	}
642 
643 	wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
644 		   "(%s%s%s%s)",
645 		   drv->operstate, ifi->ifi_flags,
646 		   (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
647 		   (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
648 		   (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
649 		   (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
650 
651 	if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
652 		wpa_printf(MSG_DEBUG, "WEXT: Interface down");
653 		drv->if_disabled = 1;
654 		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL);
655 	}
656 
657 	if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
658 		if (if_indextoname(ifi->ifi_index, namebuf) &&
659 		    linux_iface_up(drv->ioctl_sock, drv->ifname) == 0) {
660 			wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up "
661 				   "event since interface %s is down",
662 				   namebuf);
663 		} else if (if_nametoindex(drv->ifname) == 0) {
664 			wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up "
665 				   "event since interface %s does not exist",
666 				   drv->ifname);
667 		} else if (drv->if_removed) {
668 			wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up "
669 				   "event since interface %s is marked "
670 				   "removed", drv->ifname);
671 		} else {
672 			wpa_printf(MSG_DEBUG, "WEXT: Interface up");
673 			drv->if_disabled = 0;
674 			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
675 					     NULL);
676 		}
677 	}
678 
679 	/*
680 	 * Some drivers send the association event before the operup event--in
681 	 * this case, lifting operstate in wpa_driver_wext_set_operstate()
682 	 * fails. This will hit us when wpa_supplicant does not need to do
683 	 * IEEE 802.1X authentication
684 	 */
685 	if (drv->operstate == 1 &&
686 	    (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
687 	    !(ifi->ifi_flags & IFF_RUNNING))
688 		netlink_send_oper_ifla(drv->netlink, drv->ifindex,
689 				       -1, IF_OPER_UP);
690 
691 	attrlen = len;
692 	attr = (struct rtattr *) buf;
693 
694 	rta_len = RTA_ALIGN(sizeof(struct rtattr));
695 	while (RTA_OK(attr, attrlen)) {
696 		if (attr->rta_type == IFLA_WIRELESS) {
697 			wpa_driver_wext_event_wireless(
698 				drv, ((char *) attr) + rta_len,
699 				attr->rta_len - rta_len);
700 		} else if (attr->rta_type == IFLA_IFNAME) {
701 			wpa_driver_wext_event_link(drv,
702 						   ((char *) attr) + rta_len,
703 						   attr->rta_len - rta_len, 0);
704 		}
705 		attr = RTA_NEXT(attr, attrlen);
706 	}
707 }
708 
709 
wpa_driver_wext_event_rtm_dellink(void * ctx,struct ifinfomsg * ifi,u8 * buf,size_t len)710 static void wpa_driver_wext_event_rtm_dellink(void *ctx, struct ifinfomsg *ifi,
711 					      u8 *buf, size_t len)
712 {
713 	struct wpa_driver_wext_data *drv = ctx;
714 	int attrlen, rta_len;
715 	struct rtattr *attr;
716 
717 	attrlen = len;
718 	attr = (struct rtattr *) buf;
719 
720 	rta_len = RTA_ALIGN(sizeof(struct rtattr));
721 	while (RTA_OK(attr, attrlen)) {
722 		if (attr->rta_type == IFLA_IFNAME) {
723 			wpa_driver_wext_event_link(drv,
724 						   ((char *) attr) + rta_len,
725 						   attr->rta_len - rta_len, 1);
726 		}
727 		attr = RTA_NEXT(attr, attrlen);
728 	}
729 }
730 
731 
wpa_driver_wext_rfkill_blocked(void * ctx)732 static void wpa_driver_wext_rfkill_blocked(void *ctx)
733 {
734 	wpa_printf(MSG_DEBUG, "WEXT: RFKILL blocked");
735 	/*
736 	 * This may be for any interface; use ifdown event to disable
737 	 * interface.
738 	 */
739 }
740 
741 
wpa_driver_wext_rfkill_unblocked(void * ctx)742 static void wpa_driver_wext_rfkill_unblocked(void *ctx)
743 {
744 	struct wpa_driver_wext_data *drv = ctx;
745 	wpa_printf(MSG_DEBUG, "WEXT: RFKILL unblocked");
746 	if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1)) {
747 		wpa_printf(MSG_DEBUG, "WEXT: Could not set interface UP "
748 			   "after rfkill unblock");
749 		return;
750 	}
751 	/* rtnetlink ifup handler will report interface as enabled */
752 }
753 
754 
wext_get_phy_name(struct wpa_driver_wext_data * drv)755 static void wext_get_phy_name(struct wpa_driver_wext_data *drv)
756 {
757 	/* Find phy (radio) to which this interface belongs */
758 	char buf[90], *pos;
759 	int f, rv;
760 
761 	drv->phyname[0] = '\0';
762 	snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name",
763 		 drv->ifname);
764 	f = open(buf, O_RDONLY);
765 	if (f < 0) {
766 		wpa_printf(MSG_DEBUG, "Could not open file %s: %s",
767 			   buf, strerror(errno));
768 		return;
769 	}
770 
771 	rv = read(f, drv->phyname, sizeof(drv->phyname) - 1);
772 	close(f);
773 	if (rv < 0) {
774 		wpa_printf(MSG_DEBUG, "Could not read file %s: %s",
775 			   buf, strerror(errno));
776 		return;
777 	}
778 
779 	drv->phyname[rv] = '\0';
780 	pos = os_strchr(drv->phyname, '\n');
781 	if (pos)
782 		*pos = '\0';
783 	wpa_printf(MSG_DEBUG, "wext: interface %s phy: %s",
784 		   drv->ifname, drv->phyname);
785 }
786 
787 
788 /**
789  * wpa_driver_wext_init - Initialize WE driver interface
790  * @ctx: context to be used when calling wpa_supplicant functions,
791  * e.g., wpa_supplicant_event()
792  * @ifname: interface name, e.g., wlan0
793  * Returns: Pointer to private data, %NULL on failure
794  */
wpa_driver_wext_init(void * ctx,const char * ifname)795 void * wpa_driver_wext_init(void *ctx, const char *ifname)
796 {
797 	struct wpa_driver_wext_data *drv;
798 	struct netlink_config *cfg;
799 	struct rfkill_config *rcfg;
800 	char path[128];
801 	struct stat buf;
802 
803 	drv = os_zalloc(sizeof(*drv));
804 	if (drv == NULL)
805 		return NULL;
806 	drv->ctx = ctx;
807 	os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
808 
809 	os_snprintf(path, sizeof(path), "/sys/class/net/%s/phy80211", ifname);
810 	if (stat(path, &buf) == 0) {
811 		wpa_printf(MSG_DEBUG, "WEXT: cfg80211-based driver detected");
812 		drv->cfg80211 = 1;
813 		wext_get_phy_name(drv);
814 	}
815 
816 	drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
817 	if (drv->ioctl_sock < 0) {
818 		perror("socket(PF_INET,SOCK_DGRAM)");
819 		goto err1;
820 	}
821 
822 	cfg = os_zalloc(sizeof(*cfg));
823 	if (cfg == NULL)
824 		goto err1;
825 	cfg->ctx = drv;
826 	cfg->newlink_cb = wpa_driver_wext_event_rtm_newlink;
827 	cfg->dellink_cb = wpa_driver_wext_event_rtm_dellink;
828 	drv->netlink = netlink_init(cfg);
829 	if (drv->netlink == NULL) {
830 		os_free(cfg);
831 		goto err2;
832 	}
833 
834 	rcfg = os_zalloc(sizeof(*rcfg));
835 	if (rcfg == NULL)
836 		goto err3;
837 	rcfg->ctx = drv;
838 	os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
839 	rcfg->blocked_cb = wpa_driver_wext_rfkill_blocked;
840 	rcfg->unblocked_cb = wpa_driver_wext_rfkill_unblocked;
841 	drv->rfkill = rfkill_init(rcfg);
842 	if (drv->rfkill == NULL) {
843 		wpa_printf(MSG_DEBUG, "WEXT: RFKILL status not available");
844 		os_free(rcfg);
845 	}
846 
847 	drv->mlme_sock = -1;
848 
849 	if (wpa_driver_wext_finish_drv_init(drv) < 0)
850 		goto err3;
851 
852 	wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 1);
853 
854 	return drv;
855 
856 err3:
857 	rfkill_deinit(drv->rfkill);
858 	netlink_deinit(drv->netlink);
859 err2:
860 	close(drv->ioctl_sock);
861 err1:
862 	os_free(drv);
863 	return NULL;
864 }
865 
866 
wpa_driver_wext_send_rfkill(void * eloop_ctx,void * timeout_ctx)867 static void wpa_driver_wext_send_rfkill(void *eloop_ctx, void *timeout_ctx)
868 {
869 	wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
870 }
871 
872 
wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data * drv)873 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv)
874 {
875 	int send_rfkill_event = 0;
876 
877 	if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1) < 0) {
878 		if (rfkill_is_blocked(drv->rfkill)) {
879 			wpa_printf(MSG_DEBUG, "WEXT: Could not yet enable "
880 				   "interface '%s' due to rfkill",
881 				   drv->ifname);
882 			drv->if_disabled = 1;
883 			send_rfkill_event = 1;
884 		} else {
885 			wpa_printf(MSG_ERROR, "WEXT: Could not set "
886 				   "interface '%s' UP", drv->ifname);
887 			return -1;
888 		}
889 	}
890 
891 	/*
892 	 * Make sure that the driver does not have any obsolete PMKID entries.
893 	 */
894 	wpa_driver_wext_flush_pmkid(drv);
895 
896 	if (wpa_driver_wext_set_mode(drv, 0) < 0) {
897 		wpa_printf(MSG_DEBUG, "Could not configure driver to use "
898 			   "managed mode");
899 		/* Try to use it anyway */
900 	}
901 
902 	wpa_driver_wext_get_range(drv);
903 
904 	/*
905 	 * Unlock the driver's BSSID and force to a random SSID to clear any
906 	 * previous association the driver might have when the supplicant
907 	 * starts up.
908 	 */
909 	wpa_driver_wext_disconnect(drv);
910 
911 	drv->ifindex = if_nametoindex(drv->ifname);
912 
913 	if (os_strncmp(drv->ifname, "wlan", 4) == 0) {
914 		/*
915 		 * Host AP driver may use both wlan# and wifi# interface in
916 		 * wireless events. Since some of the versions included WE-18
917 		 * support, let's add the alternative ifindex also from
918 		 * driver_wext.c for the time being. This may be removed at
919 		 * some point once it is believed that old versions of the
920 		 * driver are not in use anymore.
921 		 */
922 		char ifname2[IFNAMSIZ + 1];
923 		os_strlcpy(ifname2, drv->ifname, sizeof(ifname2));
924 		os_memcpy(ifname2, "wifi", 4);
925 		wpa_driver_wext_alternative_ifindex(drv, ifname2);
926 	}
927 
928 	netlink_send_oper_ifla(drv->netlink, drv->ifindex,
929 			       1, IF_OPER_DORMANT);
930 
931 	if (send_rfkill_event) {
932 		eloop_register_timeout(0, 0, wpa_driver_wext_send_rfkill,
933 				       drv, drv->ctx);
934 	}
935 
936 	return 0;
937 }
938 
939 
940 /**
941  * wpa_driver_wext_deinit - Deinitialize WE driver interface
942  * @priv: Pointer to private wext data from wpa_driver_wext_init()
943  *
944  * Shut down driver interface and processing of driver events. Free
945  * private data buffer if one was allocated in wpa_driver_wext_init().
946  */
wpa_driver_wext_deinit(void * priv)947 void wpa_driver_wext_deinit(void *priv)
948 {
949 	struct wpa_driver_wext_data *drv = priv;
950 
951 	wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 0);
952 
953 	eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
954 
955 	/*
956 	 * Clear possibly configured driver parameters in order to make it
957 	 * easier to use the driver after wpa_supplicant has been terminated.
958 	 */
959 	wpa_driver_wext_disconnect(drv);
960 
961 	netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP);
962 	netlink_deinit(drv->netlink);
963 	rfkill_deinit(drv->rfkill);
964 
965 	if (drv->mlme_sock >= 0)
966 		eloop_unregister_read_sock(drv->mlme_sock);
967 
968 	(void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0);
969 
970 	close(drv->ioctl_sock);
971 	if (drv->mlme_sock >= 0)
972 		close(drv->mlme_sock);
973 	os_free(drv->assoc_req_ies);
974 	os_free(drv->assoc_resp_ies);
975 	os_free(drv);
976 }
977 
978 
979 /**
980  * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion
981  * @eloop_ctx: Unused
982  * @timeout_ctx: ctx argument given to wpa_driver_wext_init()
983  *
984  * This function can be used as registered timeout when starting a scan to
985  * generate a scan completed event if the driver does not report this.
986  */
wpa_driver_wext_scan_timeout(void * eloop_ctx,void * timeout_ctx)987 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx)
988 {
989 	wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
990 	wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
991 }
992 
993 
994 /**
995  * wpa_driver_wext_scan - Request the driver to initiate scan
996  * @priv: Pointer to private wext data from wpa_driver_wext_init()
997  * @param: Scan parameters (specific SSID to scan for (ProbeReq), etc.)
998  * Returns: 0 on success, -1 on failure
999  */
wpa_driver_wext_scan(void * priv,struct wpa_driver_scan_params * params)1000 int wpa_driver_wext_scan(void *priv, struct wpa_driver_scan_params *params)
1001 {
1002 	struct wpa_driver_wext_data *drv = priv;
1003 	struct iwreq iwr;
1004 	int ret = 0, timeout;
1005 	struct iw_scan_req req;
1006 	const u8 *ssid = params->ssids[0].ssid;
1007 	size_t ssid_len = params->ssids[0].ssid_len;
1008 
1009 	if (ssid_len > IW_ESSID_MAX_SIZE) {
1010 		wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
1011 			   __FUNCTION__, (unsigned long) ssid_len);
1012 		return -1;
1013 	}
1014 
1015 	os_memset(&iwr, 0, sizeof(iwr));
1016 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1017 
1018 	if (ssid && ssid_len) {
1019 		os_memset(&req, 0, sizeof(req));
1020 		req.essid_len = ssid_len;
1021 		req.bssid.sa_family = ARPHRD_ETHER;
1022 		os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
1023 		os_memcpy(req.essid, ssid, ssid_len);
1024 		iwr.u.data.pointer = (caddr_t) &req;
1025 		iwr.u.data.length = sizeof(req);
1026 		iwr.u.data.flags = IW_SCAN_THIS_ESSID;
1027 	}
1028 
1029 	if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
1030 		perror("ioctl[SIOCSIWSCAN]");
1031 		ret = -1;
1032 	}
1033 
1034 	/* Not all drivers generate "scan completed" wireless event, so try to
1035 	 * read results after a timeout. */
1036 	timeout = 10;
1037 	if (drv->scan_complete_events) {
1038 		/*
1039 		 * The driver seems to deliver SIOCGIWSCAN events to notify
1040 		 * when scan is complete, so use longer timeout to avoid race
1041 		 * conditions with scanning and following association request.
1042 		 */
1043 		timeout = 30;
1044 	}
1045 	wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1046 		   "seconds", ret, timeout);
1047 	eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1048 	eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv,
1049 			       drv->ctx);
1050 
1051 	return ret;
1052 }
1053 
1054 
wpa_driver_wext_giwscan(struct wpa_driver_wext_data * drv,size_t * len)1055 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv,
1056 				    size_t *len)
1057 {
1058 	struct iwreq iwr;
1059 	u8 *res_buf;
1060 	size_t res_buf_len;
1061 
1062 	res_buf_len = IW_SCAN_MAX_DATA;
1063 	for (;;) {
1064 		res_buf = os_malloc(res_buf_len);
1065 		if (res_buf == NULL)
1066 			return NULL;
1067 		os_memset(&iwr, 0, sizeof(iwr));
1068 		os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1069 		iwr.u.data.pointer = res_buf;
1070 		iwr.u.data.length = res_buf_len;
1071 
1072 		if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
1073 			break;
1074 
1075 		if (errno == E2BIG && res_buf_len < 65535) {
1076 			os_free(res_buf);
1077 			res_buf = NULL;
1078 			res_buf_len *= 2;
1079 			if (res_buf_len > 65535)
1080 				res_buf_len = 65535; /* 16-bit length field */
1081 			wpa_printf(MSG_DEBUG, "Scan results did not fit - "
1082 				   "trying larger buffer (%lu bytes)",
1083 				   (unsigned long) res_buf_len);
1084 		} else {
1085 			perror("ioctl[SIOCGIWSCAN]");
1086 			os_free(res_buf);
1087 			return NULL;
1088 		}
1089 	}
1090 
1091 	if (iwr.u.data.length > res_buf_len) {
1092 		os_free(res_buf);
1093 		return NULL;
1094 	}
1095 	*len = iwr.u.data.length;
1096 
1097 	return res_buf;
1098 }
1099 
1100 
1101 /*
1102  * Data structure for collecting WEXT scan results. This is needed to allow
1103  * the various methods of reporting IEs to be combined into a single IE buffer.
1104  */
1105 struct wext_scan_data {
1106 	struct wpa_scan_res res;
1107 	u8 *ie;
1108 	size_t ie_len;
1109 	u8 ssid[32];
1110 	size_t ssid_len;
1111 	int maxrate;
1112 };
1113 
1114 
wext_get_scan_mode(struct iw_event * iwe,struct wext_scan_data * res)1115 static void wext_get_scan_mode(struct iw_event *iwe,
1116 			       struct wext_scan_data *res)
1117 {
1118 	if (iwe->u.mode == IW_MODE_ADHOC)
1119 		res->res.caps |= IEEE80211_CAP_IBSS;
1120 	else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA)
1121 		res->res.caps |= IEEE80211_CAP_ESS;
1122 }
1123 
1124 
wext_get_scan_ssid(struct iw_event * iwe,struct wext_scan_data * res,char * custom,char * end)1125 static void wext_get_scan_ssid(struct iw_event *iwe,
1126 			       struct wext_scan_data *res, char *custom,
1127 			       char *end)
1128 {
1129 	int ssid_len = iwe->u.essid.length;
1130 	if (custom + ssid_len > end)
1131 		return;
1132 	if (iwe->u.essid.flags &&
1133 	    ssid_len > 0 &&
1134 	    ssid_len <= IW_ESSID_MAX_SIZE) {
1135 		os_memcpy(res->ssid, custom, ssid_len);
1136 		res->ssid_len = ssid_len;
1137 	}
1138 }
1139 
1140 
wext_get_scan_freq(struct iw_event * iwe,struct wext_scan_data * res)1141 static void wext_get_scan_freq(struct iw_event *iwe,
1142 			       struct wext_scan_data *res)
1143 {
1144 	int divi = 1000000, i;
1145 
1146 	if (iwe->u.freq.e == 0) {
1147 		/*
1148 		 * Some drivers do not report frequency, but a channel.
1149 		 * Try to map this to frequency by assuming they are using
1150 		 * IEEE 802.11b/g.  But don't overwrite a previously parsed
1151 		 * frequency if the driver sends both frequency and channel,
1152 		 * since the driver may be sending an A-band channel that we
1153 		 * don't handle here.
1154 		 */
1155 
1156 		if (res->res.freq)
1157 			return;
1158 
1159 		if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
1160 			res->res.freq = 2407 + 5 * iwe->u.freq.m;
1161 			return;
1162 		} else if (iwe->u.freq.m == 14) {
1163 			res->res.freq = 2484;
1164 			return;
1165 		}
1166 	}
1167 
1168 	if (iwe->u.freq.e > 6) {
1169 		wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID="
1170 			   MACSTR " m=%d e=%d)",
1171 			   MAC2STR(res->res.bssid), iwe->u.freq.m,
1172 			   iwe->u.freq.e);
1173 		return;
1174 	}
1175 
1176 	for (i = 0; i < iwe->u.freq.e; i++)
1177 		divi /= 10;
1178 	res->res.freq = iwe->u.freq.m / divi;
1179 }
1180 
1181 
wext_get_scan_qual(struct wpa_driver_wext_data * drv,struct iw_event * iwe,struct wext_scan_data * res)1182 static void wext_get_scan_qual(struct wpa_driver_wext_data *drv,
1183 			       struct iw_event *iwe,
1184 			       struct wext_scan_data *res)
1185 {
1186 	res->res.qual = iwe->u.qual.qual;
1187 	res->res.noise = iwe->u.qual.noise;
1188 	res->res.level = iwe->u.qual.level;
1189 	if (iwe->u.qual.updated & IW_QUAL_QUAL_INVALID)
1190 		res->res.flags |= WPA_SCAN_QUAL_INVALID;
1191 	if (iwe->u.qual.updated & IW_QUAL_LEVEL_INVALID)
1192 		res->res.flags |= WPA_SCAN_LEVEL_INVALID;
1193 	if (iwe->u.qual.updated & IW_QUAL_NOISE_INVALID)
1194 		res->res.flags |= WPA_SCAN_NOISE_INVALID;
1195 	if (iwe->u.qual.updated & IW_QUAL_DBM)
1196 		res->res.flags |= WPA_SCAN_LEVEL_DBM;
1197 	if ((iwe->u.qual.updated & IW_QUAL_DBM) ||
1198 	    ((iwe->u.qual.level != 0) &&
1199 	     (iwe->u.qual.level > drv->max_level))) {
1200 		if (iwe->u.qual.level >= 64)
1201 			res->res.level -= 0x100;
1202 		if (iwe->u.qual.noise >= 64)
1203 			res->res.noise -= 0x100;
1204 	}
1205 }
1206 
1207 
wext_get_scan_encode(struct iw_event * iwe,struct wext_scan_data * res)1208 static void wext_get_scan_encode(struct iw_event *iwe,
1209 				 struct wext_scan_data *res)
1210 {
1211 	if (!(iwe->u.data.flags & IW_ENCODE_DISABLED))
1212 		res->res.caps |= IEEE80211_CAP_PRIVACY;
1213 }
1214 
1215 
wext_get_scan_rate(struct iw_event * iwe,struct wext_scan_data * res,char * pos,char * end)1216 static void wext_get_scan_rate(struct iw_event *iwe,
1217 			       struct wext_scan_data *res, char *pos,
1218 			       char *end)
1219 {
1220 	int maxrate;
1221 	char *custom = pos + IW_EV_LCP_LEN;
1222 	struct iw_param p;
1223 	size_t clen;
1224 
1225 	clen = iwe->len;
1226 	if (custom + clen > end)
1227 		return;
1228 	maxrate = 0;
1229 	while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
1230 		/* Note: may be misaligned, make a local, aligned copy */
1231 		os_memcpy(&p, custom, sizeof(struct iw_param));
1232 		if (p.value > maxrate)
1233 			maxrate = p.value;
1234 		clen -= sizeof(struct iw_param);
1235 		custom += sizeof(struct iw_param);
1236 	}
1237 
1238 	/* Convert the maxrate from WE-style (b/s units) to
1239 	 * 802.11 rates (500000 b/s units).
1240 	 */
1241 	res->maxrate = maxrate / 500000;
1242 }
1243 
1244 
wext_get_scan_iwevgenie(struct iw_event * iwe,struct wext_scan_data * res,char * custom,char * end)1245 static void wext_get_scan_iwevgenie(struct iw_event *iwe,
1246 				    struct wext_scan_data *res, char *custom,
1247 				    char *end)
1248 {
1249 	char *genie, *gpos, *gend;
1250 	u8 *tmp;
1251 
1252 	if (iwe->u.data.length == 0)
1253 		return;
1254 
1255 	gpos = genie = custom;
1256 	gend = genie + iwe->u.data.length;
1257 	if (gend > end) {
1258 		wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1259 		return;
1260 	}
1261 
1262 	tmp = os_realloc(res->ie, res->ie_len + gend - gpos);
1263 	if (tmp == NULL)
1264 		return;
1265 	os_memcpy(tmp + res->ie_len, gpos, gend - gpos);
1266 	res->ie = tmp;
1267 	res->ie_len += gend - gpos;
1268 }
1269 
1270 
wext_get_scan_custom(struct iw_event * iwe,struct wext_scan_data * res,char * custom,char * end)1271 static void wext_get_scan_custom(struct iw_event *iwe,
1272 				 struct wext_scan_data *res, char *custom,
1273 				 char *end)
1274 {
1275 	size_t clen;
1276 	u8 *tmp;
1277 
1278 	clen = iwe->u.data.length;
1279 	if (custom + clen > end)
1280 		return;
1281 
1282 	if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
1283 		char *spos;
1284 		int bytes;
1285 		spos = custom + 7;
1286 		bytes = custom + clen - spos;
1287 		if (bytes & 1 || bytes == 0)
1288 			return;
1289 		bytes /= 2;
1290 		tmp = os_realloc(res->ie, res->ie_len + bytes);
1291 		if (tmp == NULL)
1292 			return;
1293 		res->ie = tmp;
1294 		if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0)
1295 			return;
1296 		res->ie_len += bytes;
1297 	} else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) {
1298 		char *spos;
1299 		int bytes;
1300 		spos = custom + 7;
1301 		bytes = custom + clen - spos;
1302 		if (bytes & 1 || bytes == 0)
1303 			return;
1304 		bytes /= 2;
1305 		tmp = os_realloc(res->ie, res->ie_len + bytes);
1306 		if (tmp == NULL)
1307 			return;
1308 		res->ie = tmp;
1309 		if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0)
1310 			return;
1311 		res->ie_len += bytes;
1312 	} else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) {
1313 		char *spos;
1314 		int bytes;
1315 		u8 bin[8];
1316 		spos = custom + 4;
1317 		bytes = custom + clen - spos;
1318 		if (bytes != 16) {
1319 			wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
1320 			return;
1321 		}
1322 		bytes /= 2;
1323 		if (hexstr2bin(spos, bin, bytes) < 0) {
1324 			wpa_printf(MSG_DEBUG, "WEXT: Invalid TSF value");
1325 			return;
1326 		}
1327 		res->res.tsf += WPA_GET_BE64(bin);
1328 	}
1329 }
1330 
1331 
wext_19_iw_point(struct wpa_driver_wext_data * drv,u16 cmd)1332 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd)
1333 {
1334 	return drv->we_version_compiled > 18 &&
1335 		(cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE ||
1336 		 cmd == IWEVGENIE || cmd == IWEVCUSTOM);
1337 }
1338 
1339 
wpa_driver_wext_add_scan_entry(struct wpa_scan_results * res,struct wext_scan_data * data)1340 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res,
1341 					   struct wext_scan_data *data)
1342 {
1343 	struct wpa_scan_res **tmp;
1344 	struct wpa_scan_res *r;
1345 	size_t extra_len;
1346 	u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL;
1347 
1348 	/* Figure out whether we need to fake any IEs */
1349 	pos = data->ie;
1350 	end = pos + data->ie_len;
1351 	while (pos && pos + 1 < end) {
1352 		if (pos + 2 + pos[1] > end)
1353 			break;
1354 		if (pos[0] == WLAN_EID_SSID)
1355 			ssid_ie = pos;
1356 		else if (pos[0] == WLAN_EID_SUPP_RATES)
1357 			rate_ie = pos;
1358 		else if (pos[0] == WLAN_EID_EXT_SUPP_RATES)
1359 			rate_ie = pos;
1360 		pos += 2 + pos[1];
1361 	}
1362 
1363 	extra_len = 0;
1364 	if (ssid_ie == NULL)
1365 		extra_len += 2 + data->ssid_len;
1366 	if (rate_ie == NULL && data->maxrate)
1367 		extra_len += 3;
1368 
1369 	r = os_zalloc(sizeof(*r) + extra_len + data->ie_len);
1370 	if (r == NULL)
1371 		return;
1372 	os_memcpy(r, &data->res, sizeof(*r));
1373 	r->ie_len = extra_len + data->ie_len;
1374 	pos = (u8 *) (r + 1);
1375 	if (ssid_ie == NULL) {
1376 		/*
1377 		 * Generate a fake SSID IE since the driver did not report
1378 		 * a full IE list.
1379 		 */
1380 		*pos++ = WLAN_EID_SSID;
1381 		*pos++ = data->ssid_len;
1382 		os_memcpy(pos, data->ssid, data->ssid_len);
1383 		pos += data->ssid_len;
1384 	}
1385 	if (rate_ie == NULL && data->maxrate) {
1386 		/*
1387 		 * Generate a fake Supported Rates IE since the driver did not
1388 		 * report a full IE list.
1389 		 */
1390 		*pos++ = WLAN_EID_SUPP_RATES;
1391 		*pos++ = 1;
1392 		*pos++ = data->maxrate;
1393 	}
1394 	if (data->ie)
1395 		os_memcpy(pos, data->ie, data->ie_len);
1396 
1397 	tmp = os_realloc_array(res->res, res->num + 1,
1398 			       sizeof(struct wpa_scan_res *));
1399 	if (tmp == NULL) {
1400 		os_free(r);
1401 		return;
1402 	}
1403 	tmp[res->num++] = r;
1404 	res->res = tmp;
1405 }
1406 
1407 
1408 /**
1409  * wpa_driver_wext_get_scan_results - Fetch the latest scan results
1410  * @priv: Pointer to private wext data from wpa_driver_wext_init()
1411  * Returns: Scan results on success, -1 on failure
1412  */
wpa_driver_wext_get_scan_results(void * priv)1413 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv)
1414 {
1415 	struct wpa_driver_wext_data *drv = priv;
1416 	size_t len;
1417 	int first;
1418 	u8 *res_buf;
1419 	struct iw_event iwe_buf, *iwe = &iwe_buf;
1420 	char *pos, *end, *custom;
1421 	struct wpa_scan_results *res;
1422 	struct wext_scan_data data;
1423 
1424 	res_buf = wpa_driver_wext_giwscan(drv, &len);
1425 	if (res_buf == NULL)
1426 		return NULL;
1427 
1428 	first = 1;
1429 
1430 	res = os_zalloc(sizeof(*res));
1431 	if (res == NULL) {
1432 		os_free(res_buf);
1433 		return NULL;
1434 	}
1435 
1436 	pos = (char *) res_buf;
1437 	end = (char *) res_buf + len;
1438 	os_memset(&data, 0, sizeof(data));
1439 
1440 	while (pos + IW_EV_LCP_LEN <= end) {
1441 		/* Event data may be unaligned, so make a local, aligned copy
1442 		 * before processing. */
1443 		os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1444 		if (iwe->len <= IW_EV_LCP_LEN)
1445 			break;
1446 
1447 		custom = pos + IW_EV_POINT_LEN;
1448 		if (wext_19_iw_point(drv, iwe->cmd)) {
1449 			/* WE-19 removed the pointer from struct iw_point */
1450 			char *dpos = (char *) &iwe_buf.u.data.length;
1451 			int dlen = dpos - (char *) &iwe_buf;
1452 			os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1453 				  sizeof(struct iw_event) - dlen);
1454 		} else {
1455 			os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1456 			custom += IW_EV_POINT_OFF;
1457 		}
1458 
1459 		switch (iwe->cmd) {
1460 		case SIOCGIWAP:
1461 			if (!first)
1462 				wpa_driver_wext_add_scan_entry(res, &data);
1463 			first = 0;
1464 			os_free(data.ie);
1465 			os_memset(&data, 0, sizeof(data));
1466 			os_memcpy(data.res.bssid,
1467 				  iwe->u.ap_addr.sa_data, ETH_ALEN);
1468 			break;
1469 		case SIOCGIWMODE:
1470 			wext_get_scan_mode(iwe, &data);
1471 			break;
1472 		case SIOCGIWESSID:
1473 			wext_get_scan_ssid(iwe, &data, custom, end);
1474 			break;
1475 		case SIOCGIWFREQ:
1476 			wext_get_scan_freq(iwe, &data);
1477 			break;
1478 		case IWEVQUAL:
1479 			wext_get_scan_qual(drv, iwe, &data);
1480 			break;
1481 		case SIOCGIWENCODE:
1482 			wext_get_scan_encode(iwe, &data);
1483 			break;
1484 		case SIOCGIWRATE:
1485 			wext_get_scan_rate(iwe, &data, pos, end);
1486 			break;
1487 		case IWEVGENIE:
1488 			wext_get_scan_iwevgenie(iwe, &data, custom, end);
1489 			break;
1490 		case IWEVCUSTOM:
1491 			wext_get_scan_custom(iwe, &data, custom, end);
1492 			break;
1493 		}
1494 
1495 		pos += iwe->len;
1496 	}
1497 	os_free(res_buf);
1498 	res_buf = NULL;
1499 	if (!first)
1500 		wpa_driver_wext_add_scan_entry(res, &data);
1501 	os_free(data.ie);
1502 
1503 	wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1504 		   (unsigned long) len, (unsigned long) res->num);
1505 
1506 	return res;
1507 }
1508 
1509 
wpa_driver_wext_get_range(void * priv)1510 static int wpa_driver_wext_get_range(void *priv)
1511 {
1512 	struct wpa_driver_wext_data *drv = priv;
1513 	struct iw_range *range;
1514 	struct iwreq iwr;
1515 	int minlen;
1516 	size_t buflen;
1517 
1518 	/*
1519 	 * Use larger buffer than struct iw_range in order to allow the
1520 	 * structure to grow in the future.
1521 	 */
1522 	buflen = sizeof(struct iw_range) + 500;
1523 	range = os_zalloc(buflen);
1524 	if (range == NULL)
1525 		return -1;
1526 
1527 	os_memset(&iwr, 0, sizeof(iwr));
1528 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1529 	iwr.u.data.pointer = (caddr_t) range;
1530 	iwr.u.data.length = buflen;
1531 
1532 	minlen = ((char *) &range->enc_capa) - (char *) range +
1533 		sizeof(range->enc_capa);
1534 
1535 	if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1536 		perror("ioctl[SIOCGIWRANGE]");
1537 		os_free(range);
1538 		return -1;
1539 	} else if (iwr.u.data.length >= minlen &&
1540 		   range->we_version_compiled >= 18) {
1541 		wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1542 			   "WE(source)=%d enc_capa=0x%x",
1543 			   range->we_version_compiled,
1544 			   range->we_version_source,
1545 			   range->enc_capa);
1546 		drv->has_capability = 1;
1547 		drv->we_version_compiled = range->we_version_compiled;
1548 		if (range->enc_capa & IW_ENC_CAPA_WPA) {
1549 			drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1550 				WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1551 		}
1552 		if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1553 			drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1554 				WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1555 		}
1556 		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1557 			WPA_DRIVER_CAPA_ENC_WEP104;
1558 		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP128;
1559 		if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1560 			drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1561 		if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1562 			drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1563 		if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE)
1564 			drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
1565 		drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1566 			WPA_DRIVER_AUTH_SHARED |
1567 			WPA_DRIVER_AUTH_LEAP;
1568 		drv->capa.max_scan_ssids = 1;
1569 
1570 		wpa_printf(MSG_DEBUG, "  capabilities: key_mgmt 0x%x enc 0x%x "
1571 			   "flags 0x%x",
1572 			   drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags);
1573 	} else {
1574 		wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1575 			   "assuming WPA is not supported");
1576 	}
1577 
1578 	drv->max_level = range->max_qual.level;
1579 
1580 	os_free(range);
1581 	return 0;
1582 }
1583 
1584 
wpa_driver_wext_set_psk(struct wpa_driver_wext_data * drv,const u8 * psk)1585 static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv,
1586 				   const u8 *psk)
1587 {
1588 	struct iw_encode_ext *ext;
1589 	struct iwreq iwr;
1590 	int ret;
1591 
1592 	wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1593 
1594 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1595 		return 0;
1596 
1597 	if (!psk)
1598 		return 0;
1599 
1600 	os_memset(&iwr, 0, sizeof(iwr));
1601 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1602 
1603 	ext = os_zalloc(sizeof(*ext) + PMK_LEN);
1604 	if (ext == NULL)
1605 		return -1;
1606 
1607 	iwr.u.encoding.pointer = (caddr_t) ext;
1608 	iwr.u.encoding.length = sizeof(*ext) + PMK_LEN;
1609 	ext->key_len = PMK_LEN;
1610 	os_memcpy(&ext->key, psk, ext->key_len);
1611 	ext->alg = IW_ENCODE_ALG_PMK;
1612 
1613 	ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr);
1614 	if (ret < 0)
1615 		perror("ioctl[SIOCSIWENCODEEXT] PMK");
1616 	os_free(ext);
1617 
1618 	return ret;
1619 }
1620 
1621 
wpa_driver_wext_set_key_ext(void * priv,enum wpa_alg alg,const u8 * addr,int key_idx,int set_tx,const u8 * seq,size_t seq_len,const u8 * key,size_t key_len)1622 static int wpa_driver_wext_set_key_ext(void *priv, enum wpa_alg alg,
1623 				       const u8 *addr, int key_idx,
1624 				       int set_tx, const u8 *seq,
1625 				       size_t seq_len,
1626 				       const u8 *key, size_t key_len)
1627 {
1628 	struct wpa_driver_wext_data *drv = priv;
1629 	struct iwreq iwr;
1630 	int ret = 0;
1631 	struct iw_encode_ext *ext;
1632 
1633 	if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) {
1634 		wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu",
1635 			   __FUNCTION__, (unsigned long) seq_len);
1636 		return -1;
1637 	}
1638 
1639 	ext = os_zalloc(sizeof(*ext) + key_len);
1640 	if (ext == NULL)
1641 		return -1;
1642 	os_memset(&iwr, 0, sizeof(iwr));
1643 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1644 	iwr.u.encoding.flags = key_idx + 1;
1645 	iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1646 	if (alg == WPA_ALG_NONE)
1647 		iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1648 	iwr.u.encoding.pointer = (caddr_t) ext;
1649 	iwr.u.encoding.length = sizeof(*ext) + key_len;
1650 
1651 	if (addr == NULL || is_broadcast_ether_addr(addr))
1652 		ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
1653 	if (set_tx)
1654 		ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
1655 
1656 	ext->addr.sa_family = ARPHRD_ETHER;
1657 	if (addr)
1658 		os_memcpy(ext->addr.sa_data, addr, ETH_ALEN);
1659 	else
1660 		os_memset(ext->addr.sa_data, 0xff, ETH_ALEN);
1661 	if (key && key_len) {
1662 		os_memcpy(ext + 1, key, key_len);
1663 		ext->key_len = key_len;
1664 	}
1665 	switch (alg) {
1666 	case WPA_ALG_NONE:
1667 		ext->alg = IW_ENCODE_ALG_NONE;
1668 		break;
1669 	case WPA_ALG_WEP:
1670 		ext->alg = IW_ENCODE_ALG_WEP;
1671 		break;
1672 	case WPA_ALG_TKIP:
1673 		ext->alg = IW_ENCODE_ALG_TKIP;
1674 		break;
1675 	case WPA_ALG_CCMP:
1676 		ext->alg = IW_ENCODE_ALG_CCMP;
1677 		break;
1678 	case WPA_ALG_PMK:
1679 		ext->alg = IW_ENCODE_ALG_PMK;
1680 		break;
1681 #ifdef CONFIG_IEEE80211W
1682 	case WPA_ALG_IGTK:
1683 		ext->alg = IW_ENCODE_ALG_AES_CMAC;
1684 		break;
1685 #endif /* CONFIG_IEEE80211W */
1686 	default:
1687 		wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d",
1688 			   __FUNCTION__, alg);
1689 		os_free(ext);
1690 		return -1;
1691 	}
1692 
1693 	if (seq && seq_len) {
1694 		ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID;
1695 		os_memcpy(ext->rx_seq, seq, seq_len);
1696 	}
1697 
1698 	if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) {
1699 		ret = errno == EOPNOTSUPP ? -2 : -1;
1700 		if (errno == ENODEV) {
1701 			/*
1702 			 * ndiswrapper seems to be returning incorrect error
1703 			 * code.. */
1704 			ret = -2;
1705 		}
1706 
1707 		perror("ioctl[SIOCSIWENCODEEXT]");
1708 	}
1709 
1710 	os_free(ext);
1711 	return ret;
1712 }
1713 
1714 
1715 /**
1716  * wpa_driver_wext_set_key - Configure encryption key
1717  * @priv: Pointer to private wext data from wpa_driver_wext_init()
1718  * @priv: Private driver interface data
1719  * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
1720  *	%WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key.
1721  * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for
1722  *	broadcast/default keys
1723  * @key_idx: key index (0..3), usually 0 for unicast keys
1724  * @set_tx: Configure this key as the default Tx key (only used when
1725  *	driver does not support separate unicast/individual key
1726  * @seq: Sequence number/packet number, seq_len octets, the next
1727  *	packet number to be used for in replay protection; configured
1728  *	for Rx keys (in most cases, this is only used with broadcast
1729  *	keys and set to zero for unicast keys)
1730  * @seq_len: Length of the seq, depends on the algorithm:
1731  *	TKIP: 6 octets, CCMP: 6 octets
1732  * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
1733  *	8-byte Rx Mic Key
1734  * @key_len: Length of the key buffer in octets (WEP: 5 or 13,
1735  *	TKIP: 32, CCMP: 16)
1736  * Returns: 0 on success, -1 on failure
1737  *
1738  * This function uses SIOCSIWENCODEEXT by default, but tries to use
1739  * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key.
1740  */
wpa_driver_wext_set_key(const char * ifname,void * priv,enum wpa_alg alg,const u8 * addr,int key_idx,int set_tx,const u8 * seq,size_t seq_len,const u8 * key,size_t key_len)1741 int wpa_driver_wext_set_key(const char *ifname, void *priv, enum wpa_alg alg,
1742 			    const u8 *addr, int key_idx,
1743 			    int set_tx, const u8 *seq, size_t seq_len,
1744 			    const u8 *key, size_t key_len)
1745 {
1746 	struct wpa_driver_wext_data *drv = priv;
1747 	struct iwreq iwr;
1748 	int ret = 0;
1749 
1750 	wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu "
1751 		   "key_len=%lu",
1752 		   __FUNCTION__, alg, key_idx, set_tx,
1753 		   (unsigned long) seq_len, (unsigned long) key_len);
1754 
1755 	ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx,
1756 					  seq, seq_len, key, key_len);
1757 	if (ret == 0)
1758 		return 0;
1759 
1760 	if (ret == -2 &&
1761 	    (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) {
1762 		wpa_printf(MSG_DEBUG, "Driver did not support "
1763 			   "SIOCSIWENCODEEXT, trying SIOCSIWENCODE");
1764 		ret = 0;
1765 	} else {
1766 		wpa_printf(MSG_DEBUG, "Driver did not support "
1767 			   "SIOCSIWENCODEEXT");
1768 		return ret;
1769 	}
1770 
1771 	os_memset(&iwr, 0, sizeof(iwr));
1772 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1773 	iwr.u.encoding.flags = key_idx + 1;
1774 	iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1775 	if (alg == WPA_ALG_NONE)
1776 		iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1777 	iwr.u.encoding.pointer = (caddr_t) key;
1778 	iwr.u.encoding.length = key_len;
1779 
1780 	if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1781 		perror("ioctl[SIOCSIWENCODE]");
1782 		ret = -1;
1783 	}
1784 
1785 	if (set_tx && alg != WPA_ALG_NONE) {
1786 		os_memset(&iwr, 0, sizeof(iwr));
1787 		os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1788 		iwr.u.encoding.flags = key_idx + 1;
1789 		iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1790 		iwr.u.encoding.pointer = (caddr_t) NULL;
1791 		iwr.u.encoding.length = 0;
1792 		if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1793 			perror("ioctl[SIOCSIWENCODE] (set_tx)");
1794 			ret = -1;
1795 		}
1796 	}
1797 
1798 	return ret;
1799 }
1800 
1801 
wpa_driver_wext_set_countermeasures(void * priv,int enabled)1802 static int wpa_driver_wext_set_countermeasures(void *priv,
1803 					       int enabled)
1804 {
1805 	struct wpa_driver_wext_data *drv = priv;
1806 	wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1807 	return wpa_driver_wext_set_auth_param(drv,
1808 					      IW_AUTH_TKIP_COUNTERMEASURES,
1809 					      enabled);
1810 }
1811 
1812 
wpa_driver_wext_set_drop_unencrypted(void * priv,int enabled)1813 static int wpa_driver_wext_set_drop_unencrypted(void *priv,
1814 						int enabled)
1815 {
1816 	struct wpa_driver_wext_data *drv = priv;
1817 	wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1818 	drv->use_crypt = enabled;
1819 	return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
1820 					      enabled);
1821 }
1822 
1823 
wpa_driver_wext_mlme(struct wpa_driver_wext_data * drv,const u8 * addr,int cmd,int reason_code)1824 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv,
1825 				const u8 *addr, int cmd, int reason_code)
1826 {
1827 	struct iwreq iwr;
1828 	struct iw_mlme mlme;
1829 	int ret = 0;
1830 
1831 	os_memset(&iwr, 0, sizeof(iwr));
1832 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1833 	os_memset(&mlme, 0, sizeof(mlme));
1834 	mlme.cmd = cmd;
1835 	mlme.reason_code = reason_code;
1836 	mlme.addr.sa_family = ARPHRD_ETHER;
1837 	os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
1838 	iwr.u.data.pointer = (caddr_t) &mlme;
1839 	iwr.u.data.length = sizeof(mlme);
1840 
1841 	if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
1842 		perror("ioctl[SIOCSIWMLME]");
1843 		ret = -1;
1844 	}
1845 
1846 	return ret;
1847 }
1848 
1849 
wpa_driver_wext_disconnect(struct wpa_driver_wext_data * drv)1850 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv)
1851 {
1852 	struct iwreq iwr;
1853 	const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
1854 	u8 ssid[32];
1855 	int i;
1856 
1857 	/*
1858 	 * Only force-disconnect when the card is in infrastructure mode,
1859 	 * otherwise the driver might interpret the cleared BSSID and random
1860 	 * SSID as an attempt to create a new ad-hoc network.
1861 	 */
1862 	os_memset(&iwr, 0, sizeof(iwr));
1863 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1864 	if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
1865 		perror("ioctl[SIOCGIWMODE]");
1866 		iwr.u.mode = IW_MODE_INFRA;
1867 	}
1868 
1869 	if (iwr.u.mode == IW_MODE_INFRA) {
1870 		/* Clear the BSSID selection */
1871 		if (wpa_driver_wext_set_bssid(drv, null_bssid) < 0) {
1872 			wpa_printf(MSG_DEBUG, "WEXT: Failed to clear BSSID "
1873 				   "selection on disconnect");
1874 		}
1875 
1876 		if (drv->cfg80211) {
1877 			/*
1878 			 * cfg80211 supports SIOCSIWMLME commands, so there is
1879 			 * no need for the random SSID hack, but clear the
1880 			 * SSID.
1881 			 */
1882 			if (wpa_driver_wext_set_ssid(drv, (u8 *) "", 0) < 0) {
1883 				wpa_printf(MSG_DEBUG, "WEXT: Failed to clear "
1884 					   "SSID on disconnect");
1885 			}
1886 			return;
1887 		}
1888 
1889 		/*
1890 		 * Set a random SSID to make sure the driver will not be trying
1891 		 * to associate with something even if it does not understand
1892 		 * SIOCSIWMLME commands (or tries to associate automatically
1893 		 * after deauth/disassoc).
1894 		 */
1895 		for (i = 0; i < 32; i++)
1896 			ssid[i] = rand() & 0xFF;
1897 		if (wpa_driver_wext_set_ssid(drv, ssid, 32) < 0) {
1898 			wpa_printf(MSG_DEBUG, "WEXT: Failed to set bogus "
1899 				   "SSID to disconnect");
1900 		}
1901 	}
1902 }
1903 
1904 
wpa_driver_wext_deauthenticate(void * priv,const u8 * addr,int reason_code)1905 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr,
1906 					  int reason_code)
1907 {
1908 	struct wpa_driver_wext_data *drv = priv;
1909 	int ret;
1910 	wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1911 	ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
1912 	wpa_driver_wext_disconnect(drv);
1913 	return ret;
1914 }
1915 
1916 
wpa_driver_wext_set_gen_ie(void * priv,const u8 * ie,size_t ie_len)1917 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
1918 				      size_t ie_len)
1919 {
1920 	struct wpa_driver_wext_data *drv = priv;
1921 	struct iwreq iwr;
1922 	int ret = 0;
1923 
1924 	os_memset(&iwr, 0, sizeof(iwr));
1925 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1926 	iwr.u.data.pointer = (caddr_t) ie;
1927 	iwr.u.data.length = ie_len;
1928 
1929 	if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
1930 		perror("ioctl[SIOCSIWGENIE]");
1931 		ret = -1;
1932 	}
1933 
1934 	return ret;
1935 }
1936 
1937 
wpa_driver_wext_cipher2wext(int cipher)1938 int wpa_driver_wext_cipher2wext(int cipher)
1939 {
1940 	switch (cipher) {
1941 	case WPA_CIPHER_NONE:
1942 		return IW_AUTH_CIPHER_NONE;
1943 	case WPA_CIPHER_WEP40:
1944 		return IW_AUTH_CIPHER_WEP40;
1945 	case WPA_CIPHER_TKIP:
1946 		return IW_AUTH_CIPHER_TKIP;
1947 	case WPA_CIPHER_CCMP:
1948 		return IW_AUTH_CIPHER_CCMP;
1949 	case WPA_CIPHER_WEP104:
1950 		return IW_AUTH_CIPHER_WEP104;
1951 	default:
1952 		return 0;
1953 	}
1954 }
1955 
1956 
wpa_driver_wext_keymgmt2wext(int keymgmt)1957 int wpa_driver_wext_keymgmt2wext(int keymgmt)
1958 {
1959 	switch (keymgmt) {
1960 	case WPA_KEY_MGMT_IEEE8021X:
1961 	case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
1962 		return IW_AUTH_KEY_MGMT_802_1X;
1963 	case WPA_KEY_MGMT_PSK:
1964 		return IW_AUTH_KEY_MGMT_PSK;
1965 	default:
1966 		return 0;
1967 	}
1968 }
1969 
1970 
1971 static int
wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data * drv,struct wpa_driver_associate_params * params)1972 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv,
1973 				  struct wpa_driver_associate_params *params)
1974 {
1975 	struct iwreq iwr;
1976 	int ret = 0;
1977 
1978 	wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
1979 		   "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
1980 
1981 	os_memset(&iwr, 0, sizeof(iwr));
1982 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1983 	/* Just changing mode, not actual keys */
1984 	iwr.u.encoding.flags = 0;
1985 	iwr.u.encoding.pointer = (caddr_t) NULL;
1986 	iwr.u.encoding.length = 0;
1987 
1988 	/*
1989 	 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
1990 	 * different things. Here they are used to indicate Open System vs.
1991 	 * Shared Key authentication algorithm. However, some drivers may use
1992 	 * them to select between open/restricted WEP encrypted (open = allow
1993 	 * both unencrypted and encrypted frames; restricted = only allow
1994 	 * encrypted frames).
1995 	 */
1996 
1997 	if (!drv->use_crypt) {
1998 		iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1999 	} else {
2000 		if (params->auth_alg & WPA_AUTH_ALG_OPEN)
2001 			iwr.u.encoding.flags |= IW_ENCODE_OPEN;
2002 		if (params->auth_alg & WPA_AUTH_ALG_SHARED)
2003 			iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
2004 	}
2005 
2006 	if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
2007 		perror("ioctl[SIOCSIWENCODE]");
2008 		ret = -1;
2009 	}
2010 
2011 	return ret;
2012 }
2013 
2014 
wpa_driver_wext_associate(void * priv,struct wpa_driver_associate_params * params)2015 int wpa_driver_wext_associate(void *priv,
2016 			      struct wpa_driver_associate_params *params)
2017 {
2018 	struct wpa_driver_wext_data *drv = priv;
2019 	int ret = 0;
2020 	int allow_unencrypted_eapol;
2021 	int value;
2022 
2023 	wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2024 
2025 	if (drv->cfg80211) {
2026 		/*
2027 		 * Stop cfg80211 from trying to associate before we are done
2028 		 * with all parameters.
2029 		 */
2030 		if (wpa_driver_wext_set_ssid(drv, (u8 *) "", 0) < 0) {
2031 			wpa_printf(MSG_DEBUG,
2032 				   "WEXT: Failed to clear SSID to stop pending cfg80211 association attempts (if any)");
2033 			/* continue anyway */
2034 		}
2035 	}
2036 
2037 	if (wpa_driver_wext_set_drop_unencrypted(drv, params->drop_unencrypted)
2038 	    < 0)
2039 		ret = -1;
2040 	if (wpa_driver_wext_set_auth_alg(drv, params->auth_alg) < 0)
2041 		ret = -1;
2042 	if (wpa_driver_wext_set_mode(drv, params->mode) < 0)
2043 		ret = -1;
2044 
2045 	/*
2046 	 * If the driver did not support SIOCSIWAUTH, fallback to
2047 	 * SIOCSIWENCODE here.
2048 	 */
2049 	if (drv->auth_alg_fallback &&
2050 	    wpa_driver_wext_auth_alg_fallback(drv, params) < 0)
2051 		ret = -1;
2052 
2053 	if (!params->bssid &&
2054 	    wpa_driver_wext_set_bssid(drv, NULL) < 0)
2055 		ret = -1;
2056 
2057 	/* TODO: should consider getting wpa version and cipher/key_mgmt suites
2058 	 * from configuration, not from here, where only the selected suite is
2059 	 * available */
2060 	if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
2061 	    < 0)
2062 		ret = -1;
2063 	if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
2064 		value = IW_AUTH_WPA_VERSION_DISABLED;
2065 	else if (params->wpa_ie[0] == WLAN_EID_RSN)
2066 		value = IW_AUTH_WPA_VERSION_WPA2;
2067 	else
2068 		value = IW_AUTH_WPA_VERSION_WPA;
2069 	if (wpa_driver_wext_set_auth_param(drv,
2070 					   IW_AUTH_WPA_VERSION, value) < 0)
2071 		ret = -1;
2072 	value = wpa_driver_wext_cipher2wext(params->pairwise_suite);
2073 	if (wpa_driver_wext_set_auth_param(drv,
2074 					   IW_AUTH_CIPHER_PAIRWISE, value) < 0)
2075 		ret = -1;
2076 	value = wpa_driver_wext_cipher2wext(params->group_suite);
2077 	if (wpa_driver_wext_set_auth_param(drv,
2078 					   IW_AUTH_CIPHER_GROUP, value) < 0)
2079 		ret = -1;
2080 	value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite);
2081 	if (wpa_driver_wext_set_auth_param(drv,
2082 					   IW_AUTH_KEY_MGMT, value) < 0)
2083 		ret = -1;
2084 	value = params->key_mgmt_suite != WPA_KEY_MGMT_NONE ||
2085 		params->pairwise_suite != WPA_CIPHER_NONE ||
2086 		params->group_suite != WPA_CIPHER_NONE ||
2087 		params->wpa_ie_len;
2088 	if (wpa_driver_wext_set_auth_param(drv,
2089 					   IW_AUTH_PRIVACY_INVOKED, value) < 0)
2090 		ret = -1;
2091 
2092 	/* Allow unencrypted EAPOL messages even if pairwise keys are set when
2093 	 * not using WPA. IEEE 802.1X specifies that these frames are not
2094 	 * encrypted, but WPA encrypts them when pairwise keys are in use. */
2095 	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
2096 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK)
2097 		allow_unencrypted_eapol = 0;
2098 	else
2099 		allow_unencrypted_eapol = 1;
2100 
2101 	if (wpa_driver_wext_set_psk(drv, params->psk) < 0)
2102 		ret = -1;
2103 	if (wpa_driver_wext_set_auth_param(drv,
2104 					   IW_AUTH_RX_UNENCRYPTED_EAPOL,
2105 					   allow_unencrypted_eapol) < 0)
2106 		ret = -1;
2107 #ifdef CONFIG_IEEE80211W
2108 	switch (params->mgmt_frame_protection) {
2109 	case NO_MGMT_FRAME_PROTECTION:
2110 		value = IW_AUTH_MFP_DISABLED;
2111 		break;
2112 	case MGMT_FRAME_PROTECTION_OPTIONAL:
2113 		value = IW_AUTH_MFP_OPTIONAL;
2114 		break;
2115 	case MGMT_FRAME_PROTECTION_REQUIRED:
2116 		value = IW_AUTH_MFP_REQUIRED;
2117 		break;
2118 	};
2119 	if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0)
2120 		ret = -1;
2121 #endif /* CONFIG_IEEE80211W */
2122 	if (params->freq.freq &&
2123 	    wpa_driver_wext_set_freq(drv, params->freq.freq) < 0)
2124 		ret = -1;
2125 	if (!drv->cfg80211 &&
2126 	    wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2127 		ret = -1;
2128 	if (params->bssid &&
2129 	    wpa_driver_wext_set_bssid(drv, params->bssid) < 0)
2130 		ret = -1;
2131 	if (drv->cfg80211 &&
2132 	    wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2133 		ret = -1;
2134 
2135 	return ret;
2136 }
2137 
2138 
wpa_driver_wext_set_auth_alg(void * priv,int auth_alg)2139 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
2140 {
2141 	struct wpa_driver_wext_data *drv = priv;
2142 	int algs = 0, res;
2143 
2144 	if (auth_alg & WPA_AUTH_ALG_OPEN)
2145 		algs |= IW_AUTH_ALG_OPEN_SYSTEM;
2146 	if (auth_alg & WPA_AUTH_ALG_SHARED)
2147 		algs |= IW_AUTH_ALG_SHARED_KEY;
2148 	if (auth_alg & WPA_AUTH_ALG_LEAP)
2149 		algs |= IW_AUTH_ALG_LEAP;
2150 	if (algs == 0) {
2151 		/* at least one algorithm should be set */
2152 		algs = IW_AUTH_ALG_OPEN_SYSTEM;
2153 	}
2154 
2155 	res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
2156 					     algs);
2157 	drv->auth_alg_fallback = res == -2;
2158 	return res;
2159 }
2160 
2161 
2162 /**
2163  * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
2164  * @priv: Pointer to private wext data from wpa_driver_wext_init()
2165  * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2166  * Returns: 0 on success, -1 on failure
2167  */
wpa_driver_wext_set_mode(void * priv,int mode)2168 int wpa_driver_wext_set_mode(void *priv, int mode)
2169 {
2170 	struct wpa_driver_wext_data *drv = priv;
2171 	struct iwreq iwr;
2172 	int ret = -1;
2173 	unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA;
2174 
2175 	os_memset(&iwr, 0, sizeof(iwr));
2176 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2177 	iwr.u.mode = new_mode;
2178 	if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) {
2179 		ret = 0;
2180 		goto done;
2181 	}
2182 
2183 	if (errno != EBUSY) {
2184 		perror("ioctl[SIOCSIWMODE]");
2185 		goto done;
2186 	}
2187 
2188 	/* mac80211 doesn't allow mode changes while the device is up, so if
2189 	 * the device isn't in the mode we're about to change to, take device
2190 	 * down, try to set the mode again, and bring it back up.
2191 	 */
2192 	if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
2193 		perror("ioctl[SIOCGIWMODE]");
2194 		goto done;
2195 	}
2196 
2197 	if (iwr.u.mode == new_mode) {
2198 		ret = 0;
2199 		goto done;
2200 	}
2201 
2202 	if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0) == 0) {
2203 		/* Try to set the mode again while the interface is down */
2204 		iwr.u.mode = new_mode;
2205 		if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0)
2206 			perror("ioctl[SIOCSIWMODE]");
2207 		else
2208 			ret = 0;
2209 
2210 		(void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1);
2211 	}
2212 
2213 done:
2214 	return ret;
2215 }
2216 
2217 
wpa_driver_wext_pmksa(struct wpa_driver_wext_data * drv,u32 cmd,const u8 * bssid,const u8 * pmkid)2218 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv,
2219 				 u32 cmd, const u8 *bssid, const u8 *pmkid)
2220 {
2221 	struct iwreq iwr;
2222 	struct iw_pmksa pmksa;
2223 	int ret = 0;
2224 
2225 	os_memset(&iwr, 0, sizeof(iwr));
2226 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2227 	os_memset(&pmksa, 0, sizeof(pmksa));
2228 	pmksa.cmd = cmd;
2229 	pmksa.bssid.sa_family = ARPHRD_ETHER;
2230 	if (bssid)
2231 		os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2232 	if (pmkid)
2233 		os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2234 	iwr.u.data.pointer = (caddr_t) &pmksa;
2235 	iwr.u.data.length = sizeof(pmksa);
2236 
2237 	if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2238 		if (errno != EOPNOTSUPP)
2239 			perror("ioctl[SIOCSIWPMKSA]");
2240 		ret = -1;
2241 	}
2242 
2243 	return ret;
2244 }
2245 
2246 
wpa_driver_wext_add_pmkid(void * priv,const u8 * bssid,const u8 * pmkid)2247 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid,
2248 				     const u8 *pmkid)
2249 {
2250 	struct wpa_driver_wext_data *drv = priv;
2251 	return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
2252 }
2253 
2254 
wpa_driver_wext_remove_pmkid(void * priv,const u8 * bssid,const u8 * pmkid)2255 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid,
2256 		 			const u8 *pmkid)
2257 {
2258 	struct wpa_driver_wext_data *drv = priv;
2259 	return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
2260 }
2261 
2262 
wpa_driver_wext_flush_pmkid(void * priv)2263 static int wpa_driver_wext_flush_pmkid(void *priv)
2264 {
2265 	struct wpa_driver_wext_data *drv = priv;
2266 	return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2267 }
2268 
2269 
wpa_driver_wext_get_capa(void * priv,struct wpa_driver_capa * capa)2270 int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa)
2271 {
2272 	struct wpa_driver_wext_data *drv = priv;
2273 	if (!drv->has_capability)
2274 		return -1;
2275 	os_memcpy(capa, &drv->capa, sizeof(*capa));
2276 	return 0;
2277 }
2278 
2279 
wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data * drv,const char * ifname)2280 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
2281 					const char *ifname)
2282 {
2283 	if (ifname == NULL) {
2284 		drv->ifindex2 = -1;
2285 		return 0;
2286 	}
2287 
2288 	drv->ifindex2 = if_nametoindex(ifname);
2289 	if (drv->ifindex2 <= 0)
2290 		return -1;
2291 
2292 	wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for "
2293 		   "wireless events", drv->ifindex2, ifname);
2294 
2295 	return 0;
2296 }
2297 
2298 
wpa_driver_wext_set_operstate(void * priv,int state)2299 int wpa_driver_wext_set_operstate(void *priv, int state)
2300 {
2301 	struct wpa_driver_wext_data *drv = priv;
2302 
2303 	wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2304 		   __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2305 	drv->operstate = state;
2306 	return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
2307 				      state ? IF_OPER_UP : IF_OPER_DORMANT);
2308 }
2309 
2310 
wpa_driver_wext_get_version(struct wpa_driver_wext_data * drv)2311 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv)
2312 {
2313 	return drv->we_version_compiled;
2314 }
2315 
2316 
wext_get_radio_name(void * priv)2317 static const char * wext_get_radio_name(void *priv)
2318 {
2319 	struct wpa_driver_wext_data *drv = priv;
2320 	return drv->phyname;
2321 }
2322 
2323 
wpa_driver_wext_signal_poll(void * priv,struct wpa_signal_info * si)2324 static int wpa_driver_wext_signal_poll(void *priv, struct wpa_signal_info *si)
2325 {
2326 	struct wpa_driver_wext_data *drv = priv;
2327 	struct iw_statistics stats;
2328 	struct iwreq iwr;
2329 
2330 	os_memset(si, 0, sizeof(*si));
2331 	si->current_signal = -9999;
2332 	si->current_noise = 9999;
2333 	si->chanwidth = CHAN_WIDTH_UNKNOWN;
2334 
2335 	os_memset(&iwr, 0, sizeof(iwr));
2336 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2337 	iwr.u.data.pointer = (caddr_t) &stats;
2338 	iwr.u.data.length = sizeof(stats);
2339 	iwr.u.data.flags = 1;
2340 
2341 	if (ioctl(drv->ioctl_sock, SIOCGIWSTATS, &iwr) < 0) {
2342 		wpa_printf(MSG_ERROR, "WEXT: SIOCGIWSTATS: %s",
2343 			   strerror(errno));
2344 		return -1;
2345 	}
2346 
2347 	si->current_signal = stats.qual.level -
2348 		((stats.qual.updated & IW_QUAL_DBM) ? 0x100 : 0);
2349 	si->current_noise = stats.qual.noise -
2350 		((stats.qual.updated & IW_QUAL_DBM) ? 0x100 : 0);
2351 	return 0;
2352 }
2353 
2354 
2355 const struct wpa_driver_ops wpa_driver_wext_ops = {
2356 	.name = "wext",
2357 	.desc = "Linux wireless extensions (generic)",
2358 	.get_bssid = wpa_driver_wext_get_bssid,
2359 	.get_ssid = wpa_driver_wext_get_ssid,
2360 	.set_key = wpa_driver_wext_set_key,
2361 	.set_countermeasures = wpa_driver_wext_set_countermeasures,
2362 	.scan2 = wpa_driver_wext_scan,
2363 	.get_scan_results2 = wpa_driver_wext_get_scan_results,
2364 	.deauthenticate = wpa_driver_wext_deauthenticate,
2365 	.associate = wpa_driver_wext_associate,
2366 	.init = wpa_driver_wext_init,
2367 	.deinit = wpa_driver_wext_deinit,
2368 	.add_pmkid = wpa_driver_wext_add_pmkid,
2369 	.remove_pmkid = wpa_driver_wext_remove_pmkid,
2370 	.flush_pmkid = wpa_driver_wext_flush_pmkid,
2371 	.get_capa = wpa_driver_wext_get_capa,
2372 	.set_operstate = wpa_driver_wext_set_operstate,
2373 	.get_radio_name = wext_get_radio_name,
2374 	.signal_poll = wpa_driver_wext_signal_poll,
2375 };
2376