Disconnect hostapd from building in base
[dragonfly.git] / contrib / hostapd / src / drivers / driver_test.c
1 /*
2  * Testing driver interface for a simulated network driver
3  * Copyright (c) 2004-2010, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8
9 /* Make sure we get winsock2.h for Windows build to get sockaddr_storage */
10 #include "build_config.h"
11 #ifdef CONFIG_NATIVE_WINDOWS
12 #include <winsock2.h>
13 #endif /* CONFIG_NATIVE_WINDOWS */
14
15 #include "utils/includes.h"
16
17 #ifndef CONFIG_NATIVE_WINDOWS
18 #include <sys/un.h>
19 #include <dirent.h>
20 #include <sys/stat.h>
21 #define DRIVER_TEST_UNIX
22 #endif /* CONFIG_NATIVE_WINDOWS */
23
24 #include "utils/common.h"
25 #include "utils/eloop.h"
26 #include "utils/list.h"
27 #include "utils/trace.h"
28 #include "common/ieee802_11_defs.h"
29 #include "crypto/sha1.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wps/wps.h"
32 #include "driver.h"
33
34
35 struct test_client_socket {
36         struct test_client_socket *next;
37         u8 addr[ETH_ALEN];
38         struct sockaddr_un un;
39         socklen_t unlen;
40         struct test_driver_bss *bss;
41 };
42
43 struct test_driver_bss {
44         struct wpa_driver_test_data *drv;
45         struct dl_list list;
46         void *bss_ctx;
47         char ifname[IFNAMSIZ];
48         u8 bssid[ETH_ALEN];
49         u8 *ie;
50         size_t ielen;
51         u8 *wps_beacon_ie;
52         size_t wps_beacon_ie_len;
53         u8 *wps_probe_resp_ie;
54         size_t wps_probe_resp_ie_len;
55         u8 ssid[32];
56         size_t ssid_len;
57         int privacy;
58 };
59
60 struct wpa_driver_test_global {
61         int bss_add_used;
62         u8 req_addr[ETH_ALEN];
63 };
64
65 struct wpa_driver_test_data {
66         struct wpa_driver_test_global *global;
67         void *ctx;
68         WPA_TRACE_REF(ctx);
69         u8 own_addr[ETH_ALEN];
70         int test_socket;
71 #ifdef DRIVER_TEST_UNIX
72         struct sockaddr_un hostapd_addr;
73 #endif /* DRIVER_TEST_UNIX */
74         int hostapd_addr_set;
75         struct sockaddr_in hostapd_addr_udp;
76         int hostapd_addr_udp_set;
77         char *own_socket_path;
78         char *test_dir;
79 #define MAX_SCAN_RESULTS 30
80         struct wpa_scan_res *scanres[MAX_SCAN_RESULTS];
81         size_t num_scanres;
82         int use_associnfo;
83         u8 assoc_wpa_ie[80];
84         size_t assoc_wpa_ie_len;
85         int associated;
86         u8 *probe_req_ie;
87         size_t probe_req_ie_len;
88         u8 probe_req_ssid[32];
89         size_t probe_req_ssid_len;
90         int ibss;
91         int ap;
92
93         struct test_client_socket *cli;
94         struct dl_list bss;
95         int udp_port;
96
97         int alloc_iface_idx;
98
99         int probe_req_report;
100         unsigned int remain_on_channel_freq;
101         unsigned int remain_on_channel_duration;
102
103         int current_freq;
104 };
105
106
107 static void wpa_driver_test_deinit(void *priv);
108 static int wpa_driver_test_attach(struct wpa_driver_test_data *drv,
109                                   const char *dir, int ap);
110 static void wpa_driver_test_close_test_socket(
111         struct wpa_driver_test_data *drv);
112 static void test_remain_on_channel_timeout(void *eloop_ctx, void *timeout_ctx);
113
114
115 static void test_driver_free_bss(struct test_driver_bss *bss)
116 {
117         os_free(bss->ie);
118         os_free(bss->wps_beacon_ie);
119         os_free(bss->wps_probe_resp_ie);
120         os_free(bss);
121 }
122
123
124 static void test_driver_free_bsses(struct wpa_driver_test_data *drv)
125 {
126         struct test_driver_bss *bss, *tmp;
127
128         dl_list_for_each_safe(bss, tmp, &drv->bss, struct test_driver_bss,
129                               list) {
130                 dl_list_del(&bss->list);
131                 test_driver_free_bss(bss);
132         }
133 }
134
135
136 static struct test_client_socket *
137 test_driver_get_cli(struct wpa_driver_test_data *drv, struct sockaddr_un *from,
138                     socklen_t fromlen)
139 {
140         struct test_client_socket *cli = drv->cli;
141
142         while (cli) {
143                 if (cli->unlen == fromlen &&
144                     strncmp(cli->un.sun_path, from->sun_path,
145                             fromlen - sizeof(cli->un.sun_family)) == 0)
146                         return cli;
147                 cli = cli->next;
148         }
149
150         return NULL;
151 }
152
153
154 static int test_driver_send_eapol(void *priv, const u8 *addr, const u8 *data,
155                                   size_t data_len, int encrypt,
156                                   const u8 *own_addr, u32 flags)
157 {
158         struct test_driver_bss *dbss = priv;
159         struct wpa_driver_test_data *drv = dbss->drv;
160         struct test_client_socket *cli;
161         struct msghdr msg;
162         struct iovec io[3];
163         struct l2_ethhdr eth;
164
165         if (drv->test_socket < 0)
166                 return -1;
167
168         cli = drv->cli;
169         while (cli) {
170                 if (memcmp(cli->addr, addr, ETH_ALEN) == 0)
171                         break;
172                 cli = cli->next;
173         }
174
175         if (!cli) {
176                 wpa_printf(MSG_DEBUG, "%s: no destination client entry",
177                            __func__);
178                 return -1;
179         }
180
181         memcpy(eth.h_dest, addr, ETH_ALEN);
182         memcpy(eth.h_source, own_addr, ETH_ALEN);
183         eth.h_proto = host_to_be16(ETH_P_EAPOL);
184
185         io[0].iov_base = "EAPOL ";
186         io[0].iov_len = 6;
187         io[1].iov_base = &eth;
188         io[1].iov_len = sizeof(eth);
189         io[2].iov_base = (u8 *) data;
190         io[2].iov_len = data_len;
191
192         memset(&msg, 0, sizeof(msg));
193         msg.msg_iov = io;
194         msg.msg_iovlen = 3;
195         msg.msg_name = &cli->un;
196         msg.msg_namelen = cli->unlen;
197         return sendmsg(drv->test_socket, &msg, 0);
198 }
199
200
201 static int test_driver_send_ether(void *priv, const u8 *dst, const u8 *src,
202                                   u16 proto, const u8 *data, size_t data_len)
203 {
204         struct test_driver_bss *dbss = priv;
205         struct wpa_driver_test_data *drv = dbss->drv;
206         struct msghdr msg;
207         struct iovec io[3];
208         struct l2_ethhdr eth;
209         char desttxt[30];
210         struct sockaddr_un addr;
211         struct dirent *dent;
212         DIR *dir;
213         int ret = 0, broadcast = 0, count = 0;
214
215         if (drv->test_socket < 0 || drv->test_dir == NULL) {
216                 wpa_printf(MSG_DEBUG, "%s: invalid parameters (sock=%d "
217                            "test_dir=%p)",
218                            __func__, drv->test_socket, drv->test_dir);
219                 return -1;
220         }
221
222         broadcast = memcmp(dst, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0;
223         snprintf(desttxt, sizeof(desttxt), MACSTR, MAC2STR(dst));
224
225         memcpy(eth.h_dest, dst, ETH_ALEN);
226         memcpy(eth.h_source, src, ETH_ALEN);
227         eth.h_proto = host_to_be16(proto);
228
229         io[0].iov_base = "ETHER ";
230         io[0].iov_len = 6;
231         io[1].iov_base = &eth;
232         io[1].iov_len = sizeof(eth);
233         io[2].iov_base = (u8 *) data;
234         io[2].iov_len = data_len;
235
236         memset(&msg, 0, sizeof(msg));
237         msg.msg_iov = io;
238         msg.msg_iovlen = 3;
239
240         dir = opendir(drv->test_dir);
241         if (dir == NULL) {
242                 perror("test_driver: opendir");
243                 return -1;
244         }
245         while ((dent = readdir(dir))) {
246 #ifdef _DIRENT_HAVE_D_TYPE
247                 /* Skip the file if it is not a socket. Also accept
248                  * DT_UNKNOWN (0) in case the C library or underlying file
249                  * system does not support d_type. */
250                 if (dent->d_type != DT_SOCK && dent->d_type != DT_UNKNOWN)
251                         continue;
252 #endif /* _DIRENT_HAVE_D_TYPE */
253                 if (strcmp(dent->d_name, ".") == 0 ||
254                     strcmp(dent->d_name, "..") == 0)
255                         continue;
256
257                 memset(&addr, 0, sizeof(addr));
258                 addr.sun_family = AF_UNIX;
259                 snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/%s",
260                          drv->test_dir, dent->d_name);
261
262                 if (strcmp(addr.sun_path, drv->own_socket_path) == 0)
263                         continue;
264                 if (!broadcast && strstr(dent->d_name, desttxt) == NULL)
265                         continue;
266
267                 wpa_printf(MSG_DEBUG, "%s: Send ether frame to %s",
268                            __func__, dent->d_name);
269
270                 msg.msg_name = &addr;
271                 msg.msg_namelen = sizeof(addr);
272                 ret = sendmsg(drv->test_socket, &msg, 0);
273                 if (ret < 0)
274                         perror("driver_test: sendmsg");
275                 count++;
276         }
277         closedir(dir);
278
279         if (!broadcast && count == 0) {
280                 wpa_printf(MSG_DEBUG, "%s: Destination " MACSTR " not found",
281                            __func__, MAC2STR(dst));
282                 return -1;
283         }
284
285         return ret;
286 }
287
288
289 static int wpa_driver_test_send_mlme(void *priv, const u8 *data,
290                                      size_t data_len, int noack)
291 {
292         struct test_driver_bss *dbss = priv;
293         struct wpa_driver_test_data *drv = dbss->drv;
294         struct msghdr msg;
295         struct iovec io[2];
296         const u8 *dest;
297         struct sockaddr_un addr;
298         struct dirent *dent;
299         DIR *dir;
300         int broadcast;
301         int ret = 0;
302         struct ieee80211_hdr *hdr;
303         u16 fc;
304         char cmd[50];
305         int freq;
306 #ifdef HOSTAPD
307         char desttxt[30];
308 #endif /* HOSTAPD */
309         union wpa_event_data event;
310
311         wpa_hexdump(MSG_MSGDUMP, "test_send_mlme", data, data_len);
312         if (drv->test_socket < 0 || data_len < 10) {
313                 wpa_printf(MSG_DEBUG, "%s: invalid parameters (sock=%d len=%lu"
314                            " test_dir=%p)",
315                            __func__, drv->test_socket,
316                            (unsigned long) data_len,
317                            drv->test_dir);
318                 return -1;
319         }
320
321         dest = data + 4;
322         broadcast = os_memcmp(dest, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0;
323
324 #ifdef HOSTAPD
325         snprintf(desttxt, sizeof(desttxt), MACSTR, MAC2STR(dest));
326 #endif /* HOSTAPD */
327
328         if (drv->remain_on_channel_freq)
329                 freq = drv->remain_on_channel_freq;
330         else
331                 freq = drv->current_freq;
332         wpa_printf(MSG_DEBUG, "test_driver(%s): MLME TX on freq %d MHz",
333                    dbss->ifname, freq);
334         os_snprintf(cmd, sizeof(cmd), "MLME freq=%d ", freq);
335         io[0].iov_base = cmd;
336         io[0].iov_len = os_strlen(cmd);
337         io[1].iov_base = (void *) data;
338         io[1].iov_len = data_len;
339
340         os_memset(&msg, 0, sizeof(msg));
341         msg.msg_iov = io;
342         msg.msg_iovlen = 2;
343
344 #ifdef HOSTAPD
345         if (drv->test_dir == NULL) {
346                 wpa_printf(MSG_DEBUG, "%s: test_dir == NULL", __func__);
347                 return -1;
348         }
349
350         dir = opendir(drv->test_dir);
351         if (dir == NULL) {
352                 perror("test_driver: opendir");
353                 return -1;
354         }
355         while ((dent = readdir(dir))) {
356 #ifdef _DIRENT_HAVE_D_TYPE
357                 /* Skip the file if it is not a socket. Also accept
358                  * DT_UNKNOWN (0) in case the C library or underlying file
359                  * system does not support d_type. */
360                 if (dent->d_type != DT_SOCK && dent->d_type != DT_UNKNOWN)
361                         continue;
362 #endif /* _DIRENT_HAVE_D_TYPE */
363                 if (os_strcmp(dent->d_name, ".") == 0 ||
364                     os_strcmp(dent->d_name, "..") == 0)
365                         continue;
366
367                 os_memset(&addr, 0, sizeof(addr));
368                 addr.sun_family = AF_UNIX;
369                 os_snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/%s",
370                             drv->test_dir, dent->d_name);
371
372                 if (os_strcmp(addr.sun_path, drv->own_socket_path) == 0)
373                         continue;
374                 if (!broadcast && os_strstr(dent->d_name, desttxt) == NULL)
375                         continue;
376
377                 wpa_printf(MSG_DEBUG, "%s: Send management frame to %s",
378                            __func__, dent->d_name);
379
380                 msg.msg_name = &addr;
381                 msg.msg_namelen = sizeof(addr);
382                 ret = sendmsg(drv->test_socket, &msg, 0);
383                 if (ret < 0)
384                         perror("driver_test: sendmsg(test_socket)");
385         }
386         closedir(dir);
387 #else /* HOSTAPD */
388
389         if (os_memcmp(dest, dbss->bssid, ETH_ALEN) == 0 ||
390             drv->test_dir == NULL) {
391                 if (drv->hostapd_addr_udp_set) {
392                         msg.msg_name = &drv->hostapd_addr_udp;
393                         msg.msg_namelen = sizeof(drv->hostapd_addr_udp);
394                 } else {
395 #ifdef DRIVER_TEST_UNIX
396                         msg.msg_name = &drv->hostapd_addr;
397                         msg.msg_namelen = sizeof(drv->hostapd_addr);
398 #endif /* DRIVER_TEST_UNIX */
399                 }
400         } else if (broadcast) {
401                 dir = opendir(drv->test_dir);
402                 if (dir == NULL)
403                         return -1;
404                 while ((dent = readdir(dir))) {
405 #ifdef _DIRENT_HAVE_D_TYPE
406                         /* Skip the file if it is not a socket.
407                          * Also accept DT_UNKNOWN (0) in case
408                          * the C library or underlying file
409                          * system does not support d_type. */
410                         if (dent->d_type != DT_SOCK &&
411                             dent->d_type != DT_UNKNOWN)
412                                 continue;
413 #endif /* _DIRENT_HAVE_D_TYPE */
414                         if (os_strcmp(dent->d_name, ".") == 0 ||
415                             os_strcmp(dent->d_name, "..") == 0)
416                                 continue;
417                         wpa_printf(MSG_DEBUG, "%s: Send broadcast MLME to %s",
418                                    __func__, dent->d_name);
419                         os_memset(&addr, 0, sizeof(addr));
420                         addr.sun_family = AF_UNIX;
421                         os_snprintf(addr.sun_path, sizeof(addr.sun_path),
422                                     "%s/%s", drv->test_dir, dent->d_name);
423
424                         msg.msg_name = &addr;
425                         msg.msg_namelen = sizeof(addr);
426
427                         ret = sendmsg(drv->test_socket, &msg, 0);
428                         if (ret < 0)
429                                 perror("driver_test: sendmsg(test_socket)");
430                 }
431                 closedir(dir);
432                 return ret;
433         } else {
434                 struct stat st;
435                 os_memset(&addr, 0, sizeof(addr));
436                 addr.sun_family = AF_UNIX;
437                 os_snprintf(addr.sun_path, sizeof(addr.sun_path),
438                             "%s/AP-" MACSTR, drv->test_dir, MAC2STR(dest));
439                 if (stat(addr.sun_path, &st) < 0) {
440                         os_snprintf(addr.sun_path, sizeof(addr.sun_path),
441                                     "%s/STA-" MACSTR,
442                                     drv->test_dir, MAC2STR(dest));
443                 }
444                 msg.msg_name = &addr;
445                 msg.msg_namelen = sizeof(addr);
446         }
447
448         if (sendmsg(drv->test_socket, &msg, 0) < 0) {
449                 perror("sendmsg(test_socket)");
450                 return -1;
451         }
452 #endif /* HOSTAPD */
453
454         hdr = (struct ieee80211_hdr *) data;
455         fc = le_to_host16(hdr->frame_control);
456
457         os_memset(&event, 0, sizeof(event));
458         event.tx_status.type = WLAN_FC_GET_TYPE(fc);
459         event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
460         event.tx_status.dst = hdr->addr1;
461         event.tx_status.data = data;
462         event.tx_status.data_len = data_len;
463         event.tx_status.ack = ret >= 0;
464         wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event);
465
466         return ret;
467 }
468
469
470 static void test_driver_scan(struct wpa_driver_test_data *drv,
471                              struct sockaddr_un *from, socklen_t fromlen,
472                              char *data)
473 {
474         char buf[512], *pos, *end;
475         int ret;
476         struct test_driver_bss *bss;
477         u8 sa[ETH_ALEN];
478         u8 ie[512];
479         size_t ielen;
480         union wpa_event_data event;
481
482         /* data: optional [ ' ' | STA-addr | ' ' | IEs(hex) ] */
483
484         wpa_printf(MSG_DEBUG, "test_driver: SCAN");
485
486         if (*data) {
487                 if (*data != ' ' ||
488                     hwaddr_aton(data + 1, sa)) {
489                         wpa_printf(MSG_DEBUG, "test_driver: Unexpected SCAN "
490                                    "command format");
491                         return;
492                 }
493
494                 data += 18;
495                 while (*data == ' ')
496                         data++;
497                 ielen = os_strlen(data) / 2;
498                 if (ielen > sizeof(ie))
499                         ielen = sizeof(ie);
500                 if (hexstr2bin(data, ie, ielen) < 0)
501                         ielen = 0;
502
503                 wpa_printf(MSG_DEBUG, "test_driver: Scan from " MACSTR,
504                            MAC2STR(sa));
505                 wpa_hexdump(MSG_MSGDUMP, "test_driver: scan IEs", ie, ielen);
506
507                 os_memset(&event, 0, sizeof(event));
508                 event.rx_probe_req.sa = sa;
509                 event.rx_probe_req.ie = ie;
510                 event.rx_probe_req.ie_len = ielen;
511                 wpa_supplicant_event(drv->ctx, EVENT_RX_PROBE_REQ, &event);
512         }
513
514         dl_list_for_each(bss, &drv->bss, struct test_driver_bss, list) {
515                 pos = buf;
516                 end = buf + sizeof(buf);
517
518                 /* reply: SCANRESP BSSID SSID IEs */
519                 ret = snprintf(pos, end - pos, "SCANRESP " MACSTR " ",
520                                MAC2STR(bss->bssid));
521                 if (ret < 0 || ret >= end - pos)
522                         return;
523                 pos += ret;
524                 pos += wpa_snprintf_hex(pos, end - pos,
525                                         bss->ssid, bss->ssid_len);
526                 ret = snprintf(pos, end - pos, " ");
527                 if (ret < 0 || ret >= end - pos)
528                         return;
529                 pos += ret;
530                 pos += wpa_snprintf_hex(pos, end - pos, bss->ie, bss->ielen);
531                 pos += wpa_snprintf_hex(pos, end - pos, bss->wps_probe_resp_ie,
532                                         bss->wps_probe_resp_ie_len);
533
534                 if (bss->privacy) {
535                         ret = snprintf(pos, end - pos, " PRIVACY");
536                         if (ret < 0 || ret >= end - pos)
537                                 return;
538                         pos += ret;
539                 }
540
541                 sendto(drv->test_socket, buf, pos - buf, 0,
542                        (struct sockaddr *) from, fromlen);
543         }
544 }
545
546
547 static void test_driver_assoc(struct wpa_driver_test_data *drv,
548                               struct sockaddr_un *from, socklen_t fromlen,
549                               char *data)
550 {
551         struct test_client_socket *cli;
552         u8 ie[256], ssid[32];
553         size_t ielen, ssid_len = 0;
554         char *pos, *pos2, cmd[50];
555         struct test_driver_bss *bss, *tmp;
556
557         /* data: STA-addr SSID(hex) IEs(hex) */
558
559         cli = os_zalloc(sizeof(*cli));
560         if (cli == NULL)
561                 return;
562
563         if (hwaddr_aton(data, cli->addr)) {
564                 printf("test_socket: Invalid MAC address '%s' in ASSOC\n",
565                        data);
566                 os_free(cli);
567                 return;
568         }
569         pos = data + 17;
570         while (*pos == ' ')
571                 pos++;
572         pos2 = strchr(pos, ' ');
573         ielen = 0;
574         if (pos2) {
575                 ssid_len = (pos2 - pos) / 2;
576                 if (hexstr2bin(pos, ssid, ssid_len) < 0) {
577                         wpa_printf(MSG_DEBUG, "%s: Invalid SSID", __func__);
578                         os_free(cli);
579                         return;
580                 }
581                 wpa_hexdump_ascii(MSG_DEBUG, "test_driver_assoc: SSID",
582                                   ssid, ssid_len);
583
584                 pos = pos2 + 1;
585                 ielen = strlen(pos) / 2;
586                 if (ielen > sizeof(ie))
587                         ielen = sizeof(ie);
588                 if (hexstr2bin(pos, ie, ielen) < 0)
589                         ielen = 0;
590         }
591
592         bss = NULL;
593         dl_list_for_each(tmp, &drv->bss, struct test_driver_bss, list) {
594                 if (tmp->ssid_len == ssid_len &&
595                     os_memcmp(tmp->ssid, ssid, ssid_len) == 0) {
596                         bss = tmp;
597                         break;
598                 }
599         }
600         if (bss == NULL) {
601                 wpa_printf(MSG_DEBUG, "%s: No matching SSID found from "
602                            "configured BSSes", __func__);
603                 os_free(cli);
604                 return;
605         }
606
607         cli->bss = bss;
608         memcpy(&cli->un, from, sizeof(cli->un));
609         cli->unlen = fromlen;
610         cli->next = drv->cli;
611         drv->cli = cli;
612         wpa_hexdump_ascii(MSG_DEBUG, "test_socket: ASSOC sun_path",
613                           (const u8 *) cli->un.sun_path,
614                           cli->unlen - sizeof(cli->un.sun_family));
615
616         snprintf(cmd, sizeof(cmd), "ASSOCRESP " MACSTR " 0",
617                  MAC2STR(bss->bssid));
618         sendto(drv->test_socket, cmd, strlen(cmd), 0,
619                (struct sockaddr *) from, fromlen);
620
621         drv_event_assoc(bss->bss_ctx, cli->addr, ie, ielen, 0);
622 }
623
624
625 static void test_driver_disassoc(struct wpa_driver_test_data *drv,
626                                  struct sockaddr_un *from, socklen_t fromlen)
627 {
628         struct test_client_socket *cli;
629
630         cli = test_driver_get_cli(drv, from, fromlen);
631         if (!cli)
632                 return;
633
634         drv_event_disassoc(drv->ctx, cli->addr);
635 }
636
637
638 static void test_driver_eapol(struct wpa_driver_test_data *drv,
639                               struct sockaddr_un *from, socklen_t fromlen,
640                               u8 *data, size_t datalen)
641 {
642 #ifdef HOSTAPD
643         struct test_client_socket *cli;
644 #endif /* HOSTAPD */
645         const u8 *src = NULL;
646
647         if (datalen > 14) {
648                 /* Skip Ethernet header */
649                 src = data + ETH_ALEN;
650                 wpa_printf(MSG_DEBUG, "test_driver: dst=" MACSTR " src="
651                            MACSTR " proto=%04x",
652                            MAC2STR(data), MAC2STR(src),
653                            WPA_GET_BE16(data + 2 * ETH_ALEN));
654                 data += 14;
655                 datalen -= 14;
656         }
657
658 #ifdef HOSTAPD
659         cli = test_driver_get_cli(drv, from, fromlen);
660         if (cli) {
661                 drv_event_eapol_rx(cli->bss->bss_ctx, cli->addr, data,
662                                    datalen);
663         } else {
664                 wpa_printf(MSG_DEBUG, "test_socket: EAPOL from unknown "
665                            "client");
666         }
667 #else /* HOSTAPD */
668         if (src)
669                 drv_event_eapol_rx(drv->ctx, src, data, datalen);
670 #endif /* HOSTAPD */
671 }
672
673
674 static void test_driver_ether(struct wpa_driver_test_data *drv,
675                               struct sockaddr_un *from, socklen_t fromlen,
676                               u8 *data, size_t datalen)
677 {
678         struct l2_ethhdr *eth;
679
680         if (datalen < sizeof(*eth))
681                 return;
682
683         eth = (struct l2_ethhdr *) data;
684         wpa_printf(MSG_DEBUG, "test_driver: RX ETHER dst=" MACSTR " src="
685                    MACSTR " proto=%04x",
686                    MAC2STR(eth->h_dest), MAC2STR(eth->h_source),
687                    be_to_host16(eth->h_proto));
688
689 #ifdef CONFIG_IEEE80211R
690         if (be_to_host16(eth->h_proto) == ETH_P_RRB) {
691                 union wpa_event_data ev;
692                 os_memset(&ev, 0, sizeof(ev));
693                 ev.ft_rrb_rx.src = eth->h_source;
694                 ev.ft_rrb_rx.data = data + sizeof(*eth);
695                 ev.ft_rrb_rx.data_len = datalen - sizeof(*eth);
696         }
697 #endif /* CONFIG_IEEE80211R */
698 }
699
700
701 static void test_driver_mlme(struct wpa_driver_test_data *drv,
702                              struct sockaddr_un *from, socklen_t fromlen,
703                              u8 *data, size_t datalen)
704 {
705         struct ieee80211_hdr *hdr;
706         u16 fc;
707         union wpa_event_data event;
708         int freq = 0, own_freq;
709         struct test_driver_bss *bss;
710
711         bss = dl_list_first(&drv->bss, struct test_driver_bss, list);
712
713         if (datalen > 6 && os_memcmp(data, "freq=", 5) == 0) {
714                 size_t pos;
715                 for (pos = 5; pos < datalen; pos++) {
716                         if (data[pos] == ' ')
717                                 break;
718                 }
719                 if (pos < datalen) {
720                         freq = atoi((const char *) &data[5]);
721                         wpa_printf(MSG_DEBUG, "test_driver(%s): MLME RX on "
722                                    "freq %d MHz", bss->ifname, freq);
723                         pos++;
724                         data += pos;
725                         datalen -= pos;
726                 }
727         }
728
729         if (drv->remain_on_channel_freq)
730                 own_freq = drv->remain_on_channel_freq;
731         else
732                 own_freq = drv->current_freq;
733
734         if (freq && own_freq && freq != own_freq) {
735                 wpa_printf(MSG_DEBUG, "test_driver(%s): Ignore MLME RX on "
736                            "another frequency %d MHz (own %d MHz)",
737                            bss->ifname, freq, own_freq);
738                 return;
739         }
740
741         hdr = (struct ieee80211_hdr *) data;
742
743         if (test_driver_get_cli(drv, from, fromlen) == NULL && datalen >= 16) {
744                 struct test_client_socket *cli;
745                 cli = os_zalloc(sizeof(*cli));
746                 if (cli == NULL)
747                         return;
748                 wpa_printf(MSG_DEBUG, "Adding client entry for " MACSTR,
749                            MAC2STR(hdr->addr2));
750                 memcpy(cli->addr, hdr->addr2, ETH_ALEN);
751                 memcpy(&cli->un, from, sizeof(cli->un));
752                 cli->unlen = fromlen;
753                 cli->next = drv->cli;
754                 drv->cli = cli;
755         }
756
757         wpa_hexdump(MSG_MSGDUMP, "test_driver_mlme: received frame",
758                     data, datalen);
759         fc = le_to_host16(hdr->frame_control);
760         if (WLAN_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT) {
761                 wpa_printf(MSG_ERROR, "%s: received non-mgmt frame",
762                            __func__);
763                 return;
764         }
765
766         os_memset(&event, 0, sizeof(event));
767         event.rx_mgmt.frame = data;
768         event.rx_mgmt.frame_len = datalen;
769         wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
770 }
771
772
773 static void test_driver_receive_unix(int sock, void *eloop_ctx, void *sock_ctx)
774 {
775         struct wpa_driver_test_data *drv = eloop_ctx;
776         char buf[2000];
777         int res;
778         struct sockaddr_un from;
779         socklen_t fromlen = sizeof(from);
780
781         res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
782                        (struct sockaddr *) &from, &fromlen);
783         if (res < 0) {
784                 perror("recvfrom(test_socket)");
785                 return;
786         }
787         buf[res] = '\0';
788
789         wpa_printf(MSG_DEBUG, "test_driver: received %u bytes", res);
790
791         if (strncmp(buf, "SCAN", 4) == 0) {
792                 test_driver_scan(drv, &from, fromlen, buf + 4);
793         } else if (strncmp(buf, "ASSOC ", 6) == 0) {
794                 test_driver_assoc(drv, &from, fromlen, buf + 6);
795         } else if (strcmp(buf, "DISASSOC") == 0) {
796                 test_driver_disassoc(drv, &from, fromlen);
797         } else if (strncmp(buf, "EAPOL ", 6) == 0) {
798                 test_driver_eapol(drv, &from, fromlen, (u8 *) buf + 6,
799                                   res - 6);
800         } else if (strncmp(buf, "ETHER ", 6) == 0) {
801                 test_driver_ether(drv, &from, fromlen, (u8 *) buf + 6,
802                                   res - 6);
803         } else if (strncmp(buf, "MLME ", 5) == 0) {
804                 test_driver_mlme(drv, &from, fromlen, (u8 *) buf + 5, res - 5);
805         } else {
806                 wpa_hexdump_ascii(MSG_DEBUG, "Unknown test_socket command",
807                                   (u8 *) buf, res);
808         }
809 }
810
811
812 static int test_driver_set_generic_elem(void *priv,
813                                         const u8 *elem, size_t elem_len)
814 {
815         struct test_driver_bss *bss = priv;
816
817         os_free(bss->ie);
818
819         if (elem == NULL) {
820                 bss->ie = NULL;
821                 bss->ielen = 0;
822                 return 0;
823         }
824
825         bss->ie = os_malloc(elem_len);
826         if (bss->ie == NULL) {
827                 bss->ielen = 0;
828                 return -1;
829         }
830
831         memcpy(bss->ie, elem, elem_len);
832         bss->ielen = elem_len;
833         return 0;
834 }
835
836
837 static int test_driver_set_ap_wps_ie(void *priv, const struct wpabuf *beacon,
838                                      const struct wpabuf *proberesp,
839                                      const struct wpabuf *assocresp)
840 {
841         struct test_driver_bss *bss = priv;
842
843         if (beacon == NULL)
844                 wpa_printf(MSG_DEBUG, "test_driver: Clear Beacon WPS IE");
845         else
846                 wpa_hexdump_buf(MSG_DEBUG, "test_driver: Beacon WPS IE",
847                                 beacon);
848
849         os_free(bss->wps_beacon_ie);
850
851         if (beacon == NULL) {
852                 bss->wps_beacon_ie = NULL;
853                 bss->wps_beacon_ie_len = 0;
854         } else {
855                 bss->wps_beacon_ie = os_malloc(wpabuf_len(beacon));
856                 if (bss->wps_beacon_ie == NULL) {
857                         bss->wps_beacon_ie_len = 0;
858                         return -1;
859                 }
860
861                 os_memcpy(bss->wps_beacon_ie, wpabuf_head(beacon),
862                           wpabuf_len(beacon));
863                 bss->wps_beacon_ie_len = wpabuf_len(beacon);
864         }
865
866         if (proberesp == NULL)
867                 wpa_printf(MSG_DEBUG, "test_driver: Clear Probe Response WPS "
868                            "IE");
869         else
870                 wpa_hexdump_buf(MSG_DEBUG, "test_driver: Probe Response WPS "
871                                 "IE", proberesp);
872
873         os_free(bss->wps_probe_resp_ie);
874
875         if (proberesp == NULL) {
876                 bss->wps_probe_resp_ie = NULL;
877                 bss->wps_probe_resp_ie_len = 0;
878         } else {
879                 bss->wps_probe_resp_ie = os_malloc(wpabuf_len(proberesp));
880                 if (bss->wps_probe_resp_ie == NULL) {
881                         bss->wps_probe_resp_ie_len = 0;
882                         return -1;
883                 }
884
885                 os_memcpy(bss->wps_probe_resp_ie, wpabuf_head(proberesp),
886                           wpabuf_len(proberesp));
887                 bss->wps_probe_resp_ie_len = wpabuf_len(proberesp);
888         }
889
890         return 0;
891 }
892
893
894 static int test_driver_sta_deauth(void *priv, const u8 *own_addr,
895                                   const u8 *addr, int reason)
896 {
897         struct test_driver_bss *dbss = priv;
898         struct wpa_driver_test_data *drv = dbss->drv;
899         struct test_client_socket *cli;
900
901         if (drv->test_socket < 0)
902                 return -1;
903
904         cli = drv->cli;
905         while (cli) {
906                 if (memcmp(cli->addr, addr, ETH_ALEN) == 0)
907                         break;
908                 cli = cli->next;
909         }
910
911         if (!cli)
912                 return -1;
913
914         return sendto(drv->test_socket, "DEAUTH", 6, 0,
915                       (struct sockaddr *) &cli->un, cli->unlen);
916 }
917
918
919 static int test_driver_sta_disassoc(void *priv, const u8 *own_addr,
920                                     const u8 *addr, int reason)
921 {
922         struct test_driver_bss *dbss = priv;
923         struct wpa_driver_test_data *drv = dbss->drv;
924         struct test_client_socket *cli;
925
926         if (drv->test_socket < 0)
927                 return -1;
928
929         cli = drv->cli;
930         while (cli) {
931                 if (memcmp(cli->addr, addr, ETH_ALEN) == 0)
932                         break;
933                 cli = cli->next;
934         }
935
936         if (!cli)
937                 return -1;
938
939         return sendto(drv->test_socket, "DISASSOC", 8, 0,
940                       (struct sockaddr *) &cli->un, cli->unlen);
941 }
942
943
944 static int test_driver_bss_add(void *priv, const char *ifname, const u8 *bssid,
945                                void *bss_ctx, void **drv_priv)
946 {
947         struct test_driver_bss *dbss = priv;
948         struct wpa_driver_test_data *drv = dbss->drv;
949         struct test_driver_bss *bss;
950
951         wpa_printf(MSG_DEBUG, "%s(ifname=%s bssid=" MACSTR ")",
952                    __func__, ifname, MAC2STR(bssid));
953
954         bss = os_zalloc(sizeof(*bss));
955         if (bss == NULL)
956                 return -1;
957
958         bss->bss_ctx = bss_ctx;
959         bss->drv = drv;
960         os_strlcpy(bss->ifname, ifname, IFNAMSIZ);
961         os_memcpy(bss->bssid, bssid, ETH_ALEN);
962
963         dl_list_add(&drv->bss, &bss->list);
964         if (drv->global) {
965                 drv->global->bss_add_used = 1;
966                 os_memcpy(drv->global->req_addr, bssid, ETH_ALEN);
967         }
968
969         if (drv_priv)
970                 *drv_priv = bss;
971
972         return 0;
973 }
974
975
976 static int test_driver_bss_remove(void *priv, const char *ifname)
977 {
978         struct test_driver_bss *dbss = priv;
979         struct wpa_driver_test_data *drv = dbss->drv;
980         struct test_driver_bss *bss;
981         struct test_client_socket *cli, *prev_c;
982
983         wpa_printf(MSG_DEBUG, "%s(ifname=%s)", __func__, ifname);
984
985         dl_list_for_each(bss, &drv->bss, struct test_driver_bss, list) {
986                 if (strcmp(bss->ifname, ifname) != 0)
987                         continue;
988
989                 for (prev_c = NULL, cli = drv->cli; cli;
990                      prev_c = cli, cli = cli->next) {
991                         if (cli->bss != bss)
992                                 continue;
993                         if (prev_c)
994                                 prev_c->next = cli->next;
995                         else
996                                 drv->cli = cli->next;
997                         os_free(cli);
998                         break;
999                 }
1000
1001                 dl_list_del(&bss->list);
1002                 test_driver_free_bss(bss);
1003                 return 0;
1004         }
1005
1006         return -1;
1007 }
1008
1009
1010 static int test_driver_if_add(void *priv, enum wpa_driver_if_type type,
1011                               const char *ifname, const u8 *addr,
1012                               void *bss_ctx, void **drv_priv,
1013                               char *force_ifname, u8 *if_addr,
1014                               const char *bridge, int use_existing)
1015 {
1016         struct test_driver_bss *dbss = priv;
1017         struct wpa_driver_test_data *drv = dbss->drv;
1018
1019         wpa_printf(MSG_DEBUG, "%s(type=%d ifname=%s bss_ctx=%p)",
1020                    __func__, type, ifname, bss_ctx);
1021         if (addr)
1022                 os_memcpy(if_addr, addr, ETH_ALEN);
1023         else {
1024                 drv->alloc_iface_idx++;
1025                 if_addr[0] = 0x02; /* locally administered */
1026                 sha1_prf(drv->own_addr, ETH_ALEN,
1027                          "hostapd test addr generation",
1028                          (const u8 *) &drv->alloc_iface_idx,
1029                          sizeof(drv->alloc_iface_idx),
1030                          if_addr + 1, ETH_ALEN - 1);
1031         }
1032         if (type == WPA_IF_AP_BSS || type == WPA_IF_P2P_GO ||
1033             type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP)
1034                 return test_driver_bss_add(priv, ifname, if_addr, bss_ctx,
1035                                            drv_priv);
1036         return 0;
1037 }
1038
1039
1040 static int test_driver_if_remove(void *priv, enum wpa_driver_if_type type,
1041                                  const char *ifname)
1042 {
1043         wpa_printf(MSG_DEBUG, "%s(type=%d ifname=%s)", __func__, type, ifname);
1044         if (type == WPA_IF_AP_BSS || type == WPA_IF_P2P_GO ||
1045             type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP)
1046                 return test_driver_bss_remove(priv, ifname);
1047         return 0;
1048 }
1049
1050
1051 static int test_driver_set_ssid(void *priv, const u8 *buf, int len)
1052 {
1053         struct test_driver_bss *bss = priv;
1054
1055         wpa_printf(MSG_DEBUG, "%s(ifname=%s)", __func__, bss->ifname);
1056         if (len < 0)
1057                 return -1;
1058         wpa_hexdump_ascii(MSG_DEBUG, "test_driver_set_ssid: SSID", buf, len);
1059
1060         if ((size_t) len > sizeof(bss->ssid))
1061                 return -1;
1062
1063         os_memcpy(bss->ssid, buf, len);
1064         bss->ssid_len = len;
1065
1066         return 0;
1067 }
1068
1069
1070 static int test_driver_set_privacy(void *priv, int enabled)
1071 {
1072         struct test_driver_bss *dbss = priv;
1073
1074         wpa_printf(MSG_DEBUG, "%s(enabled=%d)",  __func__, enabled);
1075         dbss->privacy = enabled;
1076
1077         return 0;
1078 }
1079
1080
1081 static int test_driver_set_sta_vlan(void *priv, const u8 *addr,
1082                                     const char *ifname, int vlan_id)
1083 {
1084         wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " ifname=%s vlan_id=%d)",
1085                    __func__, MAC2STR(addr), ifname, vlan_id);
1086         return 0;
1087 }
1088
1089
1090 static int test_driver_sta_add(void *priv,
1091                                struct hostapd_sta_add_params *params)
1092 {
1093         struct test_driver_bss *bss = priv;
1094         struct wpa_driver_test_data *drv = bss->drv;
1095         struct test_client_socket *cli;
1096
1097         wpa_printf(MSG_DEBUG, "%s(ifname=%s addr=" MACSTR " aid=%d "
1098                    "capability=0x%x listen_interval=%d)",
1099                    __func__, bss->ifname, MAC2STR(params->addr), params->aid,
1100                    params->capability, params->listen_interval);
1101         wpa_hexdump(MSG_DEBUG, "test_driver_sta_add - supp_rates",
1102                     params->supp_rates, params->supp_rates_len);
1103
1104         cli = drv->cli;
1105         while (cli) {
1106                 if (os_memcmp(cli->addr, params->addr, ETH_ALEN) == 0)
1107                         break;
1108                 cli = cli->next;
1109         }
1110         if (!cli) {
1111                 wpa_printf(MSG_DEBUG, "%s: no matching client entry",
1112                            __func__);
1113                 return -1;
1114         }
1115
1116         cli->bss = bss;
1117
1118         return 0;
1119 }
1120
1121
1122 static struct wpa_driver_test_data * test_alloc_data(void *ctx,
1123                                                      const char *ifname)
1124 {
1125         struct wpa_driver_test_data *drv;
1126         struct test_driver_bss *bss;
1127
1128         drv = os_zalloc(sizeof(struct wpa_driver_test_data));
1129         if (drv == NULL) {
1130                 wpa_printf(MSG_ERROR, "Could not allocate memory for test "
1131                            "driver data");
1132                 return NULL;
1133         }
1134
1135         bss = os_zalloc(sizeof(struct test_driver_bss));
1136         if (bss == NULL) {
1137                 os_free(drv);
1138                 return NULL;
1139         }
1140
1141         drv->ctx = ctx;
1142         wpa_trace_add_ref(drv, ctx, ctx);
1143         dl_list_init(&drv->bss);
1144         dl_list_add(&drv->bss, &bss->list);
1145         os_strlcpy(bss->ifname, ifname, IFNAMSIZ);
1146         bss->bss_ctx = ctx;
1147         bss->drv = drv;
1148
1149         /* Generate a MAC address to help testing with multiple STAs */
1150         drv->own_addr[0] = 0x02; /* locally administered */
1151         sha1_prf((const u8 *) ifname, os_strlen(ifname),
1152                  "test mac addr generation",
1153                  NULL, 0, drv->own_addr + 1, ETH_ALEN - 1);
1154
1155         return drv;
1156 }
1157
1158
1159 static void * test_driver_init(struct hostapd_data *hapd,
1160                                struct wpa_init_params *params)
1161 {
1162         struct wpa_driver_test_data *drv;
1163         struct sockaddr_un addr_un;
1164         struct sockaddr_in addr_in;
1165         struct sockaddr *addr;
1166         socklen_t alen;
1167         struct test_driver_bss *bss;
1168
1169         drv = test_alloc_data(hapd, params->ifname);
1170         if (drv == NULL)
1171                 return NULL;
1172         drv->ap = 1;
1173         bss = dl_list_first(&drv->bss, struct test_driver_bss, list);
1174         drv->global = params->global_priv;
1175
1176         bss->bss_ctx = hapd;
1177         os_memcpy(bss->bssid, drv->own_addr, ETH_ALEN);
1178         os_memcpy(params->own_addr, drv->own_addr, ETH_ALEN);
1179
1180         if (params->test_socket) {
1181                 if (os_strlen(params->test_socket) >=
1182                     sizeof(addr_un.sun_path)) {
1183                         printf("Too long test_socket path\n");
1184                         wpa_driver_test_deinit(bss);
1185                         return NULL;
1186                 }
1187                 if (strncmp(params->test_socket, "DIR:", 4) == 0) {
1188                         size_t len = strlen(params->test_socket) + 30;
1189                         drv->test_dir = os_strdup(params->test_socket + 4);
1190                         drv->own_socket_path = os_malloc(len);
1191                         if (drv->own_socket_path) {
1192                                 snprintf(drv->own_socket_path, len,
1193                                          "%s/AP-" MACSTR,
1194                                          params->test_socket + 4,
1195                                          MAC2STR(params->own_addr));
1196                         }
1197                 } else if (strncmp(params->test_socket, "UDP:", 4) == 0) {
1198                         drv->udp_port = atoi(params->test_socket + 4);
1199                 } else {
1200                         drv->own_socket_path = os_strdup(params->test_socket);
1201                 }
1202                 if (drv->own_socket_path == NULL && drv->udp_port == 0) {
1203                         wpa_driver_test_deinit(bss);
1204                         return NULL;
1205                 }
1206
1207                 drv->test_socket = socket(drv->udp_port ? PF_INET : PF_UNIX,
1208                                           SOCK_DGRAM, 0);
1209                 if (drv->test_socket < 0) {
1210                         perror("socket");
1211                         wpa_driver_test_deinit(bss);
1212                         return NULL;
1213                 }
1214
1215                 if (drv->udp_port) {
1216                         os_memset(&addr_in, 0, sizeof(addr_in));
1217                         addr_in.sin_family = AF_INET;
1218                         addr_in.sin_port = htons(drv->udp_port);
1219                         addr = (struct sockaddr *) &addr_in;
1220                         alen = sizeof(addr_in);
1221                 } else {
1222                         os_memset(&addr_un, 0, sizeof(addr_un));
1223                         addr_un.sun_family = AF_UNIX;
1224                         os_strlcpy(addr_un.sun_path, drv->own_socket_path,
1225                                    sizeof(addr_un.sun_path));
1226                         addr = (struct sockaddr *) &addr_un;
1227                         alen = sizeof(addr_un);
1228                 }
1229                 if (bind(drv->test_socket, addr, alen) < 0) {
1230                         perror("test-driver-init: bind(PF_UNIX)");
1231                         close(drv->test_socket);
1232                         if (drv->own_socket_path)
1233                                 unlink(drv->own_socket_path);
1234                         wpa_driver_test_deinit(bss);
1235                         return NULL;
1236                 }
1237                 eloop_register_read_sock(drv->test_socket,
1238                                          test_driver_receive_unix, drv, NULL);
1239         } else
1240                 drv->test_socket = -1;
1241
1242         return bss;
1243 }
1244
1245
1246 static void wpa_driver_test_poll(void *eloop_ctx, void *timeout_ctx)
1247 {
1248         struct wpa_driver_test_data *drv = eloop_ctx;
1249
1250 #ifdef DRIVER_TEST_UNIX
1251         if (drv->associated && drv->hostapd_addr_set) {
1252                 struct stat st;
1253                 if (stat(drv->hostapd_addr.sun_path, &st) < 0) {
1254                         wpa_printf(MSG_DEBUG, "%s: lost connection to AP: %s",
1255                                    __func__, strerror(errno));
1256                         drv->associated = 0;
1257                         wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
1258                 }
1259         }
1260 #endif /* DRIVER_TEST_UNIX */
1261
1262         eloop_register_timeout(1, 0, wpa_driver_test_poll, drv, NULL);
1263 }
1264
1265
1266 static void wpa_driver_test_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1267 {
1268         wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1269         wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1270 }
1271
1272
1273 #ifdef DRIVER_TEST_UNIX
1274 static void wpa_driver_scan_dir(struct wpa_driver_test_data *drv,
1275                                 const char *path)
1276 {
1277         struct dirent *dent;
1278         DIR *dir;
1279         struct sockaddr_un addr;
1280         char cmd[512], *pos, *end;
1281         int ret;
1282
1283         dir = opendir(path);
1284         if (dir == NULL)
1285                 return;
1286
1287         end = cmd + sizeof(cmd);
1288         pos = cmd;
1289         ret = os_snprintf(pos, end - pos, "SCAN " MACSTR,
1290                           MAC2STR(drv->own_addr));
1291         if (ret >= 0 && ret < end - pos)
1292                 pos += ret;
1293         if (drv->probe_req_ie) {
1294                 ret = os_snprintf(pos, end - pos, " ");
1295                 if (ret >= 0 && ret < end - pos)
1296                         pos += ret;
1297                 pos += wpa_snprintf_hex(pos, end - pos, drv->probe_req_ie,
1298                                         drv->probe_req_ie_len);
1299         }
1300         if (drv->probe_req_ssid_len) {
1301                 /* Add SSID IE */
1302                 ret = os_snprintf(pos, end - pos, "%02x%02x",
1303                                   WLAN_EID_SSID,
1304                                   (unsigned int) drv->probe_req_ssid_len);
1305                 if (ret >= 0 && ret < end - pos)
1306                         pos += ret;
1307                 pos += wpa_snprintf_hex(pos, end - pos, drv->probe_req_ssid,
1308                                         drv->probe_req_ssid_len);
1309         }
1310         end[-1] = '\0';
1311
1312         while ((dent = readdir(dir))) {
1313                 if (os_strncmp(dent->d_name, "AP-", 3) != 0 &&
1314                     os_strncmp(dent->d_name, "STA-", 4) != 0)
1315                         continue;
1316                 if (drv->own_socket_path) {
1317                         size_t olen, dlen;
1318                         olen = os_strlen(drv->own_socket_path);
1319                         dlen = os_strlen(dent->d_name);
1320                         if (olen >= dlen &&
1321                             os_strcmp(dent->d_name,
1322                                       drv->own_socket_path + olen - dlen) == 0)
1323                                 continue;
1324                 }
1325                 wpa_printf(MSG_DEBUG, "%s: SCAN %s", __func__, dent->d_name);
1326
1327                 os_memset(&addr, 0, sizeof(addr));
1328                 addr.sun_family = AF_UNIX;
1329                 os_snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/%s",
1330                             path, dent->d_name);
1331
1332                 if (sendto(drv->test_socket, cmd, os_strlen(cmd), 0,
1333                            (struct sockaddr *) &addr, sizeof(addr)) < 0) {
1334                         perror("sendto(test_socket)");
1335                 }
1336         }
1337         closedir(dir);
1338 }
1339 #endif /* DRIVER_TEST_UNIX */
1340
1341
1342 static int wpa_driver_test_scan(void *priv,
1343                                 struct wpa_driver_scan_params *params)
1344 {
1345         struct test_driver_bss *dbss = priv;
1346         struct wpa_driver_test_data *drv = dbss->drv;
1347         size_t i;
1348
1349         wpa_printf(MSG_DEBUG, "%s: priv=%p", __func__, priv);
1350
1351         os_free(drv->probe_req_ie);
1352         if (params->extra_ies) {
1353                 drv->probe_req_ie = os_malloc(params->extra_ies_len);
1354                 if (drv->probe_req_ie == NULL) {
1355                         drv->probe_req_ie_len = 0;
1356                         return -1;
1357                 }
1358                 os_memcpy(drv->probe_req_ie, params->extra_ies,
1359                           params->extra_ies_len);
1360                 drv->probe_req_ie_len = params->extra_ies_len;
1361         } else {
1362                 drv->probe_req_ie = NULL;
1363                 drv->probe_req_ie_len = 0;
1364         }
1365
1366         for (i = 0; i < params->num_ssids; i++)
1367                 wpa_hexdump(MSG_DEBUG, "Scan SSID",
1368                             params->ssids[i].ssid, params->ssids[i].ssid_len);
1369         drv->probe_req_ssid_len = 0;
1370         if (params->num_ssids) {
1371                 os_memcpy(drv->probe_req_ssid, params->ssids[0].ssid,
1372                           params->ssids[0].ssid_len);
1373                 drv->probe_req_ssid_len = params->ssids[0].ssid_len;
1374         }
1375         wpa_hexdump(MSG_DEBUG, "Scan extra IE(s)",
1376                     params->extra_ies, params->extra_ies_len);
1377
1378         drv->num_scanres = 0;
1379
1380 #ifdef DRIVER_TEST_UNIX
1381         if (drv->test_socket >= 0 && drv->test_dir)
1382                 wpa_driver_scan_dir(drv, drv->test_dir);
1383
1384         if (drv->test_socket >= 0 && drv->hostapd_addr_set &&
1385             sendto(drv->test_socket, "SCAN", 4, 0,
1386                    (struct sockaddr *) &drv->hostapd_addr,
1387                    sizeof(drv->hostapd_addr)) < 0) {
1388                 perror("sendto(test_socket)");
1389         }
1390 #endif /* DRIVER_TEST_UNIX */
1391
1392         if (drv->test_socket >= 0 && drv->hostapd_addr_udp_set &&
1393             sendto(drv->test_socket, "SCAN", 4, 0,
1394                    (struct sockaddr *) &drv->hostapd_addr_udp,
1395                    sizeof(drv->hostapd_addr_udp)) < 0) {
1396                 perror("sendto(test_socket)");
1397         }
1398
1399         eloop_cancel_timeout(wpa_driver_test_scan_timeout, drv, drv->ctx);
1400         eloop_register_timeout(1, 0, wpa_driver_test_scan_timeout, drv,
1401                                drv->ctx);
1402         return 0;
1403 }
1404
1405
1406 static struct wpa_scan_results * wpa_driver_test_get_scan_results2(void *priv)
1407 {
1408         struct test_driver_bss *dbss = priv;
1409         struct wpa_driver_test_data *drv = dbss->drv;
1410         struct wpa_scan_results *res;
1411         size_t i;
1412
1413         res = os_zalloc(sizeof(*res));
1414         if (res == NULL)
1415                 return NULL;
1416
1417         res->res = os_calloc(drv->num_scanres, sizeof(struct wpa_scan_res *));
1418         if (res->res == NULL) {
1419                 os_free(res);
1420                 return NULL;
1421         }
1422
1423         for (i = 0; i < drv->num_scanres; i++) {
1424                 struct wpa_scan_res *r;
1425                 if (drv->scanres[i] == NULL)
1426                         continue;
1427                 r = os_malloc(sizeof(*r) + drv->scanres[i]->ie_len);
1428                 if (r == NULL)
1429                         break;
1430                 os_memcpy(r, drv->scanres[i],
1431                           sizeof(*r) + drv->scanres[i]->ie_len);
1432                 res->res[res->num++] = r;
1433         }
1434
1435         return res;
1436 }
1437
1438
1439 static int wpa_driver_test_set_key(const char *ifname, void *priv,
1440                                    enum wpa_alg alg, const u8 *addr,
1441                                    int key_idx, int set_tx,
1442                                    const u8 *seq, size_t seq_len,
1443                                    const u8 *key, size_t key_len)
1444 {
1445         wpa_printf(MSG_DEBUG, "%s: ifname=%s priv=%p alg=%d key_idx=%d "
1446                    "set_tx=%d",
1447                    __func__, ifname, priv, alg, key_idx, set_tx);
1448         if (addr)
1449                 wpa_printf(MSG_DEBUG, "   addr=" MACSTR, MAC2STR(addr));
1450         if (seq)
1451                 wpa_hexdump(MSG_DEBUG, "   seq", seq, seq_len);
1452         if (key)
1453                 wpa_hexdump_key(MSG_DEBUG, "   key", key, key_len);
1454         return 0;
1455 }
1456
1457
1458 static int wpa_driver_update_mode(struct wpa_driver_test_data *drv, int ap)
1459 {
1460         if (ap && !drv->ap) {
1461                 wpa_driver_test_close_test_socket(drv);
1462                 wpa_driver_test_attach(drv, drv->test_dir, 1);
1463                 drv->ap = 1;
1464         } else if (!ap && drv->ap) {
1465                 wpa_driver_test_close_test_socket(drv);
1466                 wpa_driver_test_attach(drv, drv->test_dir, 0);
1467                 drv->ap = 0;
1468         }
1469
1470         return 0;
1471 }
1472
1473
1474 static int wpa_driver_test_associate(
1475         void *priv, struct wpa_driver_associate_params *params)
1476 {
1477         struct test_driver_bss *dbss = priv;
1478         struct wpa_driver_test_data *drv = dbss->drv;
1479         wpa_printf(MSG_DEBUG, "%s: priv=%p freq=%d pairwise_suite=%d "
1480                    "group_suite=%d key_mgmt_suite=%d auth_alg=%d mode=%d",
1481                    __func__, priv, params->freq, params->pairwise_suite,
1482                    params->group_suite, params->key_mgmt_suite,
1483                    params->auth_alg, params->mode);
1484         wpa_driver_update_mode(drv, params->mode == IEEE80211_MODE_AP);
1485         if (params->bssid) {
1486                 wpa_printf(MSG_DEBUG, "   bssid=" MACSTR,
1487                            MAC2STR(params->bssid));
1488         }
1489         if (params->ssid) {
1490                 wpa_hexdump_ascii(MSG_DEBUG, "   ssid",
1491                                   params->ssid, params->ssid_len);
1492         }
1493         if (params->wpa_ie) {
1494                 wpa_hexdump(MSG_DEBUG, "   wpa_ie",
1495                             params->wpa_ie, params->wpa_ie_len);
1496                 drv->assoc_wpa_ie_len = params->wpa_ie_len;
1497                 if (drv->assoc_wpa_ie_len > sizeof(drv->assoc_wpa_ie))
1498                         drv->assoc_wpa_ie_len = sizeof(drv->assoc_wpa_ie);
1499                 os_memcpy(drv->assoc_wpa_ie, params->wpa_ie,
1500                           drv->assoc_wpa_ie_len);
1501         } else
1502                 drv->assoc_wpa_ie_len = 0;
1503
1504         wpa_driver_update_mode(drv, params->mode == IEEE80211_MODE_AP);
1505
1506         drv->ibss = params->mode == IEEE80211_MODE_IBSS;
1507         dbss->privacy = params->key_mgmt_suite &
1508                 (WPA_KEY_MGMT_IEEE8021X |
1509                  WPA_KEY_MGMT_PSK |
1510                  WPA_KEY_MGMT_WPA_NONE |
1511                  WPA_KEY_MGMT_FT_IEEE8021X |
1512                  WPA_KEY_MGMT_FT_PSK |
1513                  WPA_KEY_MGMT_IEEE8021X_SHA256 |
1514                  WPA_KEY_MGMT_PSK_SHA256);
1515         if (params->wep_key_len[params->wep_tx_keyidx])
1516                 dbss->privacy = 1;
1517
1518 #ifdef DRIVER_TEST_UNIX
1519         if (drv->test_dir && params->bssid &&
1520             params->mode != IEEE80211_MODE_IBSS) {
1521                 os_memset(&drv->hostapd_addr, 0, sizeof(drv->hostapd_addr));
1522                 drv->hostapd_addr.sun_family = AF_UNIX;
1523                 os_snprintf(drv->hostapd_addr.sun_path,
1524                             sizeof(drv->hostapd_addr.sun_path),
1525                             "%s/AP-" MACSTR,
1526                             drv->test_dir, MAC2STR(params->bssid));
1527                 drv->hostapd_addr_set = 1;
1528         }
1529 #endif /* DRIVER_TEST_UNIX */
1530
1531         if (params->mode == IEEE80211_MODE_AP) {
1532                 os_memcpy(dbss->ssid, params->ssid, params->ssid_len);
1533                 dbss->ssid_len = params->ssid_len;
1534                 os_memcpy(dbss->bssid, drv->own_addr, ETH_ALEN);
1535                 if (params->wpa_ie && params->wpa_ie_len) {
1536                         dbss->ie = os_malloc(params->wpa_ie_len);
1537                         if (dbss->ie) {
1538                                 os_memcpy(dbss->ie, params->wpa_ie,
1539                                           params->wpa_ie_len);
1540                                 dbss->ielen = params->wpa_ie_len;
1541                         }
1542                 }
1543         } else if (drv->test_socket >= 0 &&
1544                    (drv->hostapd_addr_set || drv->hostapd_addr_udp_set)) {
1545                 char cmd[200], *pos, *end;
1546                 int ret;
1547                 end = cmd + sizeof(cmd);
1548                 pos = cmd;
1549                 ret = os_snprintf(pos, end - pos, "ASSOC " MACSTR " ",
1550                                   MAC2STR(drv->own_addr));
1551                 if (ret >= 0 && ret < end - pos)
1552                         pos += ret;
1553                 pos += wpa_snprintf_hex(pos, end - pos, params->ssid,
1554                                         params->ssid_len);
1555                 ret = os_snprintf(pos, end - pos, " ");
1556                 if (ret >= 0 && ret < end - pos)
1557                         pos += ret;
1558                 pos += wpa_snprintf_hex(pos, end - pos, params->wpa_ie,
1559                                         params->wpa_ie_len);
1560                 end[-1] = '\0';
1561 #ifdef DRIVER_TEST_UNIX
1562                 if (drv->hostapd_addr_set &&
1563                     sendto(drv->test_socket, cmd, os_strlen(cmd), 0,
1564                            (struct sockaddr *) &drv->hostapd_addr,
1565                            sizeof(drv->hostapd_addr)) < 0) {
1566                         perror("sendto(test_socket)");
1567                         return -1;
1568                 }
1569 #endif /* DRIVER_TEST_UNIX */
1570                 if (drv->hostapd_addr_udp_set &&
1571                     sendto(drv->test_socket, cmd, os_strlen(cmd), 0,
1572                            (struct sockaddr *) &drv->hostapd_addr_udp,
1573                            sizeof(drv->hostapd_addr_udp)) < 0) {
1574                         perror("sendto(test_socket)");
1575                         return -1;
1576                 }
1577
1578                 os_memcpy(dbss->ssid, params->ssid, params->ssid_len);
1579                 dbss->ssid_len = params->ssid_len;
1580         } else {
1581                 drv->associated = 1;
1582                 if (params->mode == IEEE80211_MODE_IBSS) {
1583                         os_memcpy(dbss->ssid, params->ssid, params->ssid_len);
1584                         dbss->ssid_len = params->ssid_len;
1585                         if (params->bssid)
1586                                 os_memcpy(dbss->bssid, params->bssid,
1587                                           ETH_ALEN);
1588                         else {
1589                                 os_get_random(dbss->bssid, ETH_ALEN);
1590                                 dbss->bssid[0] &= ~0x01;
1591                                 dbss->bssid[0] |= 0x02;
1592                         }
1593                 }
1594                 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
1595         }
1596
1597         return 0;
1598 }
1599
1600
1601 static int wpa_driver_test_get_bssid(void *priv, u8 *bssid)
1602 {
1603         struct test_driver_bss *dbss = priv;
1604         os_memcpy(bssid, dbss->bssid, ETH_ALEN);
1605         return 0;
1606 }
1607
1608
1609 static int wpa_driver_test_get_ssid(void *priv, u8 *ssid)
1610 {
1611         struct test_driver_bss *dbss = priv;
1612         os_memcpy(ssid, dbss->ssid, 32);
1613         return dbss->ssid_len;
1614 }
1615
1616
1617 static int wpa_driver_test_send_disassoc(struct wpa_driver_test_data *drv)
1618 {
1619 #ifdef DRIVER_TEST_UNIX
1620         if (drv->test_socket >= 0 &&
1621             sendto(drv->test_socket, "DISASSOC", 8, 0,
1622                    (struct sockaddr *) &drv->hostapd_addr,
1623                    sizeof(drv->hostapd_addr)) < 0) {
1624                 perror("sendto(test_socket)");
1625                 return -1;
1626         }
1627 #endif /* DRIVER_TEST_UNIX */
1628         if (drv->test_socket >= 0 && drv->hostapd_addr_udp_set &&
1629             sendto(drv->test_socket, "DISASSOC", 8, 0,
1630                    (struct sockaddr *) &drv->hostapd_addr_udp,
1631                    sizeof(drv->hostapd_addr_udp)) < 0) {
1632                 perror("sendto(test_socket)");
1633                 return -1;
1634         }
1635         return 0;
1636 }
1637
1638
1639 static int wpa_driver_test_deauthenticate(void *priv, const u8 *addr,
1640                                           int reason_code)
1641 {
1642         struct test_driver_bss *dbss = priv;
1643         struct wpa_driver_test_data *drv = dbss->drv;
1644         wpa_printf(MSG_DEBUG, "%s addr=" MACSTR " reason_code=%d",
1645                    __func__, MAC2STR(addr), reason_code);
1646         os_memset(dbss->bssid, 0, ETH_ALEN);
1647         drv->associated = 0;
1648         wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
1649         return wpa_driver_test_send_disassoc(drv);
1650 }
1651
1652
1653 static const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie)
1654 {
1655         const u8 *end, *pos;
1656
1657         pos = (const u8 *) (res + 1);
1658         end = pos + res->ie_len;
1659
1660         while (pos + 1 < end) {
1661                 if (pos + 2 + pos[1] > end)
1662                         break;
1663                 if (pos[0] == ie)
1664                         return pos;
1665                 pos += 2 + pos[1];
1666         }
1667
1668         return NULL;
1669 }
1670
1671
1672 static void wpa_driver_test_scanresp(struct wpa_driver_test_data *drv,
1673                                      struct sockaddr *from,
1674                                      socklen_t fromlen,
1675                                      const char *data)
1676 {
1677         struct wpa_scan_res *res;
1678         const char *pos, *pos2;
1679         size_t len;
1680         u8 *ie_pos, *ie_start, *ie_end;
1681 #define MAX_IE_LEN 1000
1682         const u8 *ds_params;
1683
1684         wpa_printf(MSG_DEBUG, "test_driver: SCANRESP %s", data);
1685         if (drv->num_scanres >= MAX_SCAN_RESULTS) {
1686                 wpa_printf(MSG_DEBUG, "test_driver: No room for the new scan "
1687                            "result");
1688                 return;
1689         }
1690
1691         /* SCANRESP BSSID SSID IEs */
1692
1693         res = os_zalloc(sizeof(*res) + MAX_IE_LEN);
1694         if (res == NULL)
1695                 return;
1696         ie_start = ie_pos = (u8 *) (res + 1);
1697         ie_end = ie_pos + MAX_IE_LEN;
1698
1699         if (hwaddr_aton(data, res->bssid)) {
1700                 wpa_printf(MSG_DEBUG, "test_driver: invalid BSSID in scanres");
1701                 os_free(res);
1702                 return;
1703         }
1704
1705         pos = data + 17;
1706         while (*pos == ' ')
1707                 pos++;
1708         pos2 = os_strchr(pos, ' ');
1709         if (pos2 == NULL) {
1710                 wpa_printf(MSG_DEBUG, "test_driver: invalid SSID termination "
1711                            "in scanres");
1712                 os_free(res);
1713                 return;
1714         }
1715         len = (pos2 - pos) / 2;
1716         if (len > 32)
1717                 len = 32;
1718         /*
1719          * Generate SSID IE from the SSID field since this IE is not included
1720          * in the main IE field.
1721          */
1722         *ie_pos++ = WLAN_EID_SSID;
1723         *ie_pos++ = len;
1724         if (hexstr2bin(pos, ie_pos, len) < 0) {
1725                 wpa_printf(MSG_DEBUG, "test_driver: invalid SSID in scanres");
1726                 os_free(res);
1727                 return;
1728         }
1729         ie_pos += len;
1730
1731         pos = pos2 + 1;
1732         pos2 = os_strchr(pos, ' ');
1733         if (pos2 == NULL)
1734                 len = os_strlen(pos) / 2;
1735         else
1736                 len = (pos2 - pos) / 2;
1737         if ((int) len > ie_end - ie_pos)
1738                 len = ie_end - ie_pos;
1739         if (hexstr2bin(pos, ie_pos, len) < 0) {
1740                 wpa_printf(MSG_DEBUG, "test_driver: invalid IEs in scanres");
1741                 os_free(res);
1742                 return;
1743         }
1744         ie_pos += len;
1745         res->ie_len = ie_pos - ie_start;
1746
1747         if (pos2) {
1748                 pos = pos2 + 1;
1749                 while (*pos == ' ')
1750                         pos++;
1751                 if (os_strstr(pos, "PRIVACY"))
1752                         res->caps |= IEEE80211_CAP_PRIVACY;
1753                 if (os_strstr(pos, "IBSS"))
1754                         res->caps |= IEEE80211_CAP_IBSS;
1755         }
1756
1757         ds_params = wpa_scan_get_ie(res, WLAN_EID_DS_PARAMS);
1758         if (ds_params && ds_params[1] > 0) {
1759                 if (ds_params[2] >= 1 && ds_params[2] <= 13)
1760                         res->freq = 2407 + ds_params[2] * 5;
1761         }
1762
1763         os_free(drv->scanres[drv->num_scanres]);
1764         drv->scanres[drv->num_scanres++] = res;
1765 }
1766
1767
1768 static void wpa_driver_test_assocresp(struct wpa_driver_test_data *drv,
1769                                       struct sockaddr *from,
1770                                       socklen_t fromlen,
1771                                       const char *data)
1772 {
1773         struct test_driver_bss *bss;
1774
1775         bss = dl_list_first(&drv->bss, struct test_driver_bss, list);
1776
1777         /* ASSOCRESP BSSID <res> */
1778         if (hwaddr_aton(data, bss->bssid)) {
1779                 wpa_printf(MSG_DEBUG, "test_driver: invalid BSSID in "
1780                            "assocresp");
1781         }
1782         if (drv->use_associnfo) {
1783                 union wpa_event_data event;
1784                 os_memset(&event, 0, sizeof(event));
1785                 event.assoc_info.req_ies = drv->assoc_wpa_ie;
1786                 event.assoc_info.req_ies_len = drv->assoc_wpa_ie_len;
1787                 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &event);
1788         }
1789         drv->associated = 1;
1790         wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
1791 }
1792
1793
1794 static void wpa_driver_test_disassoc(struct wpa_driver_test_data *drv,
1795                                      struct sockaddr *from,
1796                                      socklen_t fromlen)
1797 {
1798         drv->associated = 0;
1799         wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
1800 }
1801
1802
1803 static void wpa_driver_test_eapol(struct wpa_driver_test_data *drv,
1804                                   struct sockaddr *from,
1805                                   socklen_t fromlen,
1806                                   const u8 *data, size_t data_len)
1807 {
1808         const u8 *src;
1809         struct test_driver_bss *bss;
1810
1811         bss = dl_list_first(&drv->bss, struct test_driver_bss, list);
1812
1813         if (data_len > 14) {
1814                 /* Skip Ethernet header */
1815                 src = data + ETH_ALEN;
1816                 data += 14;
1817                 data_len -= 14;
1818         } else
1819                 src = bss->bssid;
1820
1821         drv_event_eapol_rx(drv->ctx, src, data, data_len);
1822 }
1823
1824
1825 static void wpa_driver_test_mlme(struct wpa_driver_test_data *drv,
1826                                  struct sockaddr *from,
1827                                  socklen_t fromlen,
1828                                  const u8 *data, size_t data_len)
1829 {
1830         int freq = 0, own_freq;
1831         union wpa_event_data event;
1832         const struct ieee80211_mgmt *mgmt;
1833         u16 fc;
1834         struct test_driver_bss *bss;
1835
1836         bss = dl_list_first(&drv->bss, struct test_driver_bss, list);
1837         if (data_len > 6 && os_memcmp(data, "freq=", 5) == 0) {
1838                 size_t pos;
1839                 for (pos = 5; pos < data_len; pos++) {
1840                         if (data[pos] == ' ')
1841                                 break;
1842                 }
1843                 if (pos < data_len) {
1844                         freq = atoi((const char *) &data[5]);
1845                         wpa_printf(MSG_DEBUG, "test_driver(%s): MLME RX on "
1846                                    "freq %d MHz", bss->ifname, freq);
1847                         pos++;
1848                         data += pos;
1849                         data_len -= pos;
1850                 }
1851         }
1852
1853         if (drv->remain_on_channel_freq)
1854                 own_freq = drv->remain_on_channel_freq;
1855         else
1856                 own_freq = drv->current_freq;
1857
1858         if (freq && own_freq && freq != own_freq) {
1859                 wpa_printf(MSG_DEBUG, "test_driver(%s): Ignore MLME RX on "
1860                            "another frequency %d MHz (own %d MHz)",
1861                            bss->ifname, freq, own_freq);
1862                 return;
1863         }
1864
1865         os_memset(&event, 0, sizeof(event));
1866         event.mlme_rx.buf = data;
1867         event.mlme_rx.len = data_len;
1868         event.mlme_rx.freq = freq;
1869         wpa_supplicant_event(drv->ctx, EVENT_MLME_RX, &event);
1870
1871         mgmt = (const struct ieee80211_mgmt *) data;
1872         fc = le_to_host16(mgmt->frame_control);
1873
1874         if (drv->probe_req_report && data_len >= 24) {
1875                 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
1876                     WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_REQ) {
1877                         os_memset(&event, 0, sizeof(event));
1878                         event.rx_probe_req.sa = mgmt->sa;
1879                         event.rx_probe_req.da = mgmt->da;
1880                         event.rx_probe_req.bssid = mgmt->bssid;
1881                         event.rx_probe_req.ie = mgmt->u.probe_req.variable;
1882                         event.rx_probe_req.ie_len =
1883                                 data_len - (mgmt->u.probe_req.variable - data);
1884                         wpa_supplicant_event(drv->ctx, EVENT_RX_PROBE_REQ,
1885                                              &event);
1886                 }
1887         }
1888 }
1889
1890
1891 static void wpa_driver_test_scan_cmd(struct wpa_driver_test_data *drv,
1892                                      struct sockaddr *from,
1893                                      socklen_t fromlen,
1894                                      const u8 *data, size_t data_len)
1895 {
1896         char buf[512], *pos, *end;
1897         int ret;
1898         struct test_driver_bss *bss;
1899
1900         bss = dl_list_first(&drv->bss, struct test_driver_bss, list);
1901
1902         /* data: optional [ STA-addr | ' ' | IEs(hex) ] */
1903
1904         if (!drv->ibss)
1905                 return;
1906
1907         pos = buf;
1908         end = buf + sizeof(buf);
1909
1910         /* reply: SCANRESP BSSID SSID IEs */
1911         ret = snprintf(pos, end - pos, "SCANRESP " MACSTR " ",
1912                        MAC2STR(bss->bssid));
1913         if (ret < 0 || ret >= end - pos)
1914                 return;
1915         pos += ret;
1916         pos += wpa_snprintf_hex(pos, end - pos,
1917                                 bss->ssid, bss->ssid_len);
1918         ret = snprintf(pos, end - pos, " ");
1919         if (ret < 0 || ret >= end - pos)
1920                 return;
1921         pos += ret;
1922         pos += wpa_snprintf_hex(pos, end - pos, drv->assoc_wpa_ie,
1923                                 drv->assoc_wpa_ie_len);
1924
1925         if (bss->privacy) {
1926                 ret = snprintf(pos, end - pos, " PRIVACY");
1927                 if (ret < 0 || ret >= end - pos)
1928                         return;
1929                 pos += ret;
1930         }
1931
1932         ret = snprintf(pos, end - pos, " IBSS");
1933         if (ret < 0 || ret >= end - pos)
1934                 return;
1935         pos += ret;
1936
1937         sendto(drv->test_socket, buf, pos - buf, 0,
1938                (struct sockaddr *) from, fromlen);
1939 }
1940
1941
1942 static void wpa_driver_test_receive_unix(int sock, void *eloop_ctx,
1943                                          void *sock_ctx)
1944 {
1945         struct wpa_driver_test_data *drv = eloop_ctx;
1946         char *buf;
1947         int res;
1948         struct sockaddr_storage from;
1949         socklen_t fromlen = sizeof(from);
1950         const size_t buflen = 2000;
1951
1952         if (drv->ap) {
1953                 test_driver_receive_unix(sock, eloop_ctx, sock_ctx);
1954                 return;
1955         }
1956
1957         buf = os_malloc(buflen);
1958         if (buf == NULL)
1959                 return;
1960         res = recvfrom(sock, buf, buflen - 1, 0,
1961                        (struct sockaddr *) &from, &fromlen);
1962         if (res < 0) {
1963                 perror("recvfrom(test_socket)");
1964                 os_free(buf);
1965                 return;
1966         }
1967         buf[res] = '\0';
1968
1969         wpa_printf(MSG_DEBUG, "test_driver: received %u bytes", res);
1970
1971         if (os_strncmp(buf, "SCANRESP ", 9) == 0) {
1972                 wpa_driver_test_scanresp(drv, (struct sockaddr *) &from,
1973                                          fromlen, buf + 9);
1974         } else if (os_strncmp(buf, "ASSOCRESP ", 10) == 0) {
1975                 wpa_driver_test_assocresp(drv, (struct sockaddr *) &from,
1976                                           fromlen, buf + 10);
1977         } else if (os_strcmp(buf, "DISASSOC") == 0) {
1978                 wpa_driver_test_disassoc(drv, (struct sockaddr *) &from,
1979                                          fromlen);
1980         } else if (os_strcmp(buf, "DEAUTH") == 0) {
1981                 wpa_driver_test_disassoc(drv, (struct sockaddr *) &from,
1982                                          fromlen);
1983         } else if (os_strncmp(buf, "EAPOL ", 6) == 0) {
1984                 wpa_driver_test_eapol(drv, (struct sockaddr *) &from, fromlen,
1985                                       (const u8 *) buf + 6, res - 6);
1986         } else if (os_strncmp(buf, "MLME ", 5) == 0) {
1987                 wpa_driver_test_mlme(drv, (struct sockaddr *) &from, fromlen,
1988                                      (const u8 *) buf + 5, res - 5);
1989         } else if (os_strncmp(buf, "SCAN ", 5) == 0) {
1990                 wpa_driver_test_scan_cmd(drv, (struct sockaddr *) &from,
1991                                          fromlen,
1992                                          (const u8 *) buf + 5, res - 5);
1993         } else {
1994                 wpa_hexdump_ascii(MSG_DEBUG, "Unknown test_socket command",
1995                                   (u8 *) buf, res);
1996         }
1997         os_free(buf);
1998 }
1999
2000
2001 static void * wpa_driver_test_init2(void *ctx, const char *ifname,
2002                                     void *global_priv)
2003 {
2004         struct wpa_driver_test_data *drv;
2005         struct wpa_driver_test_global *global = global_priv;
2006         struct test_driver_bss *bss;
2007
2008         drv = test_alloc_data(ctx, ifname);
2009         if (drv == NULL)
2010                 return NULL;
2011         bss = dl_list_first(&drv->bss, struct test_driver_bss, list);
2012         drv->global = global_priv;
2013         drv->test_socket = -1;
2014
2015         /* Set dummy BSSID and SSID for testing. */
2016         bss->bssid[0] = 0x02;
2017         bss->bssid[1] = 0x00;
2018         bss->bssid[2] = 0x00;
2019         bss->bssid[3] = 0x00;
2020         bss->bssid[4] = 0x00;
2021         bss->bssid[5] = 0x01;
2022         os_memcpy(bss->ssid, "test", 5);
2023         bss->ssid_len = 4;
2024
2025         if (global->bss_add_used) {
2026                 os_memcpy(drv->own_addr, global->req_addr, ETH_ALEN);
2027                 global->bss_add_used = 0;
2028         }
2029
2030         eloop_register_timeout(1, 0, wpa_driver_test_poll, drv, NULL);
2031
2032         return bss;
2033 }
2034
2035
2036 static void wpa_driver_test_close_test_socket(struct wpa_driver_test_data *drv)
2037 {
2038         if (drv->test_socket >= 0) {
2039                 eloop_unregister_read_sock(drv->test_socket);
2040                 close(drv->test_socket);
2041                 drv->test_socket = -1;
2042         }
2043
2044         if (drv->own_socket_path) {
2045                 unlink(drv->own_socket_path);
2046                 os_free(drv->own_socket_path);
2047                 drv->own_socket_path = NULL;
2048         }
2049 }
2050
2051
2052 static void wpa_driver_test_deinit(void *priv)
2053 {
2054         struct test_driver_bss *dbss = priv;
2055         struct wpa_driver_test_data *drv = dbss->drv;
2056         struct test_client_socket *cli, *prev;
2057         int i;
2058
2059         cli = drv->cli;
2060         while (cli) {
2061                 prev = cli;
2062                 cli = cli->next;
2063                 os_free(prev);
2064         }
2065
2066 #ifdef HOSTAPD
2067         /* There should be only one BSS remaining at this point. */
2068         if (dl_list_len(&drv->bss) != 1)
2069                 wpa_printf(MSG_ERROR, "%s: %u remaining BSS entries",
2070                            __func__, dl_list_len(&drv->bss));
2071 #endif /* HOSTAPD */
2072
2073         test_driver_free_bsses(drv);
2074
2075         wpa_driver_test_close_test_socket(drv);
2076         eloop_cancel_timeout(wpa_driver_test_scan_timeout, drv, drv->ctx);
2077         eloop_cancel_timeout(wpa_driver_test_poll, drv, NULL);
2078         eloop_cancel_timeout(test_remain_on_channel_timeout, drv, NULL);
2079         os_free(drv->test_dir);
2080         for (i = 0; i < MAX_SCAN_RESULTS; i++)
2081                 os_free(drv->scanres[i]);
2082         os_free(drv->probe_req_ie);
2083         wpa_trace_remove_ref(drv, ctx, drv->ctx);
2084         os_free(drv);
2085 }
2086
2087
2088 static int wpa_driver_test_attach(struct wpa_driver_test_data *drv,
2089                                   const char *dir, int ap)
2090 {
2091 #ifdef DRIVER_TEST_UNIX
2092         static unsigned int counter = 0;
2093         struct sockaddr_un addr;
2094         size_t len;
2095
2096         os_free(drv->own_socket_path);
2097         if (dir) {
2098                 len = os_strlen(dir) + 30;
2099                 drv->own_socket_path = os_malloc(len);
2100                 if (drv->own_socket_path == NULL)
2101                         return -1;
2102                 os_snprintf(drv->own_socket_path, len, "%s/%s-" MACSTR,
2103                             dir, ap ? "AP" : "STA", MAC2STR(drv->own_addr));
2104         } else {
2105                 drv->own_socket_path = os_malloc(100);
2106                 if (drv->own_socket_path == NULL)
2107                         return -1;
2108                 os_snprintf(drv->own_socket_path, 100,
2109                             "/tmp/wpa_supplicant_test-%d-%d",
2110                             getpid(), counter++);
2111         }
2112
2113         drv->test_socket = socket(PF_UNIX, SOCK_DGRAM, 0);
2114         if (drv->test_socket < 0) {
2115                 perror("socket(PF_UNIX)");
2116                 os_free(drv->own_socket_path);
2117                 drv->own_socket_path = NULL;
2118                 return -1;
2119         }
2120
2121         os_memset(&addr, 0, sizeof(addr));
2122         addr.sun_family = AF_UNIX;
2123         os_strlcpy(addr.sun_path, drv->own_socket_path, sizeof(addr.sun_path));
2124         if (bind(drv->test_socket, (struct sockaddr *) &addr,
2125                  sizeof(addr)) < 0) {
2126                 perror("test-driver-attach: bind(PF_UNIX)");
2127                 close(drv->test_socket);
2128                 unlink(drv->own_socket_path);
2129                 os_free(drv->own_socket_path);
2130                 drv->own_socket_path = NULL;
2131                 return -1;
2132         }
2133
2134         eloop_register_read_sock(drv->test_socket,
2135                                  wpa_driver_test_receive_unix, drv, NULL);
2136
2137         return 0;
2138 #else /* DRIVER_TEST_UNIX */
2139         return -1;
2140 #endif /* DRIVER_TEST_UNIX */
2141 }
2142
2143
2144 static int wpa_driver_test_attach_udp(struct wpa_driver_test_data *drv,
2145                                       char *dst)
2146 {
2147         char *pos;
2148
2149         pos = os_strchr(dst, ':');
2150         if (pos == NULL)
2151                 return -1;
2152         *pos++ = '\0';
2153         wpa_printf(MSG_DEBUG, "%s: addr=%s port=%s", __func__, dst, pos);
2154
2155         drv->test_socket = socket(PF_INET, SOCK_DGRAM, 0);
2156         if (drv->test_socket < 0) {
2157                 perror("socket(PF_INET)");
2158                 return -1;
2159         }
2160
2161         os_memset(&drv->hostapd_addr_udp, 0, sizeof(drv->hostapd_addr_udp));
2162         drv->hostapd_addr_udp.sin_family = AF_INET;
2163 #if defined(CONFIG_NATIVE_WINDOWS) || defined(CONFIG_ANSI_C_EXTRA)
2164         {
2165                 int a[4];
2166                 u8 *pos;
2167                 sscanf(dst, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]);
2168                 pos = (u8 *) &drv->hostapd_addr_udp.sin_addr;
2169                 *pos++ = a[0];
2170                 *pos++ = a[1];
2171                 *pos++ = a[2];
2172                 *pos++ = a[3];
2173         }
2174 #else /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */
2175         inet_aton(dst, &drv->hostapd_addr_udp.sin_addr);
2176 #endif /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */
2177         drv->hostapd_addr_udp.sin_port = htons(atoi(pos));
2178
2179         drv->hostapd_addr_udp_set = 1;
2180
2181         eloop_register_read_sock(drv->test_socket,
2182                                  wpa_driver_test_receive_unix, drv, NULL);
2183
2184         return 0;
2185 }
2186
2187
2188 static int wpa_driver_test_set_param(void *priv, const char *param)
2189 {
2190         struct test_driver_bss *dbss = priv;
2191         struct wpa_driver_test_data *drv = dbss->drv;
2192         const char *pos;
2193
2194         wpa_printf(MSG_DEBUG, "%s: param='%s'", __func__, param);
2195         if (param == NULL)
2196                 return 0;
2197
2198         wpa_driver_test_close_test_socket(drv);
2199
2200 #ifdef DRIVER_TEST_UNIX
2201         pos = os_strstr(param, "test_socket=");
2202         if (pos) {
2203                 const char *pos2;
2204                 size_t len;
2205
2206                 pos += 12;
2207                 pos2 = os_strchr(pos, ' ');
2208                 if (pos2)
2209                         len = pos2 - pos;
2210                 else
2211                         len = os_strlen(pos);
2212                 if (len > sizeof(drv->hostapd_addr.sun_path))
2213                         return -1;
2214                 os_memset(&drv->hostapd_addr, 0, sizeof(drv->hostapd_addr));
2215                 drv->hostapd_addr.sun_family = AF_UNIX;
2216                 os_memcpy(drv->hostapd_addr.sun_path, pos, len);
2217                 drv->hostapd_addr_set = 1;
2218         }
2219 #endif /* DRIVER_TEST_UNIX */
2220
2221         pos = os_strstr(param, "test_dir=");
2222         if (pos) {
2223                 char *end;
2224                 os_free(drv->test_dir);
2225                 drv->test_dir = os_strdup(pos + 9);
2226                 if (drv->test_dir == NULL)
2227                         return -1;
2228                 end = os_strchr(drv->test_dir, ' ');
2229                 if (end)
2230                         *end = '\0';
2231                 if (wpa_driver_test_attach(drv, drv->test_dir, 0))
2232                         return -1;
2233         } else {
2234                 pos = os_strstr(param, "test_udp=");
2235                 if (pos) {
2236                         char *dst, *epos;
2237                         dst = os_strdup(pos + 9);
2238                         if (dst == NULL)
2239                                 return -1;
2240                         epos = os_strchr(dst, ' ');
2241                         if (epos)
2242                                 *epos = '\0';
2243                         if (wpa_driver_test_attach_udp(drv, dst))
2244                                 return -1;
2245                         os_free(dst);
2246                 } else if (wpa_driver_test_attach(drv, NULL, 0))
2247                         return -1;
2248         }
2249
2250         if (os_strstr(param, "use_associnfo=1")) {
2251                 wpa_printf(MSG_DEBUG, "test_driver: Use AssocInfo events");
2252                 drv->use_associnfo = 1;
2253         }
2254
2255         return 0;
2256 }
2257
2258
2259 static const u8 * wpa_driver_test_get_mac_addr(void *priv)
2260 {
2261         struct test_driver_bss *dbss = priv;
2262         struct wpa_driver_test_data *drv = dbss->drv;
2263         wpa_printf(MSG_DEBUG, "%s", __func__);
2264         return drv->own_addr;
2265 }
2266
2267
2268 static int wpa_driver_test_send_eapol(void *priv, const u8 *dest, u16 proto,
2269                                       const u8 *data, size_t data_len)
2270 {
2271         struct test_driver_bss *dbss = priv;
2272         struct wpa_driver_test_data *drv = dbss->drv;
2273         char *msg;
2274         size_t msg_len;
2275         struct l2_ethhdr eth;
2276         struct sockaddr *addr;
2277         socklen_t alen;
2278 #ifdef DRIVER_TEST_UNIX
2279         struct sockaddr_un addr_un;
2280 #endif /* DRIVER_TEST_UNIX */
2281
2282         wpa_hexdump(MSG_MSGDUMP, "test_send_eapol TX frame", data, data_len);
2283
2284         os_memset(&eth, 0, sizeof(eth));
2285         os_memcpy(eth.h_dest, dest, ETH_ALEN);
2286         os_memcpy(eth.h_source, drv->own_addr, ETH_ALEN);
2287         eth.h_proto = host_to_be16(proto);
2288
2289         msg_len = 6 + sizeof(eth) + data_len;
2290         msg = os_malloc(msg_len);
2291         if (msg == NULL)
2292                 return -1;
2293         os_memcpy(msg, "EAPOL ", 6);
2294         os_memcpy(msg + 6, &eth, sizeof(eth));
2295         os_memcpy(msg + 6 + sizeof(eth), data, data_len);
2296
2297         if (os_memcmp(dest, dbss->bssid, ETH_ALEN) == 0 ||
2298             drv->test_dir == NULL) {
2299                 if (drv->hostapd_addr_udp_set) {
2300                         addr = (struct sockaddr *) &drv->hostapd_addr_udp;
2301                         alen = sizeof(drv->hostapd_addr_udp);
2302                 } else {
2303 #ifdef DRIVER_TEST_UNIX
2304                         addr = (struct sockaddr *) &drv->hostapd_addr;
2305                         alen = sizeof(drv->hostapd_addr);
2306 #else /* DRIVER_TEST_UNIX */
2307                         os_free(msg);
2308                         return -1;
2309 #endif /* DRIVER_TEST_UNIX */
2310                 }
2311         } else {
2312 #ifdef DRIVER_TEST_UNIX
2313                 struct stat st;
2314                 os_memset(&addr_un, 0, sizeof(addr_un));
2315                 addr_un.sun_family = AF_UNIX;
2316                 os_snprintf(addr_un.sun_path, sizeof(addr_un.sun_path),
2317                             "%s/STA-" MACSTR, drv->test_dir, MAC2STR(dest));
2318                 if (stat(addr_un.sun_path, &st) < 0) {
2319                         os_snprintf(addr_un.sun_path, sizeof(addr_un.sun_path),
2320                                     "%s/AP-" MACSTR,
2321                                     drv->test_dir, MAC2STR(dest));
2322                 }
2323                 addr = (struct sockaddr *) &addr_un;
2324                 alen = sizeof(addr_un);
2325 #else /* DRIVER_TEST_UNIX */
2326                 os_free(msg);
2327                 return -1;
2328 #endif /* DRIVER_TEST_UNIX */
2329         }
2330
2331         if (sendto(drv->test_socket, msg, msg_len, 0, addr, alen) < 0) {
2332                 perror("sendmsg(test_socket)");
2333                 os_free(msg);
2334                 return -1;
2335         }
2336
2337         os_free(msg);
2338         return 0;
2339 }
2340
2341
2342 static int wpa_driver_test_get_capa(void *priv, struct wpa_driver_capa *capa)
2343 {
2344         os_memset(capa, 0, sizeof(*capa));
2345         capa->key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
2346                 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
2347                 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
2348                 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK |
2349                 WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE |
2350                 WPA_DRIVER_CAPA_KEY_MGMT_FT |
2351                 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
2352         capa->enc = WPA_DRIVER_CAPA_ENC_WEP40 |
2353                 WPA_DRIVER_CAPA_ENC_WEP104 |
2354                 WPA_DRIVER_CAPA_ENC_TKIP |
2355                 WPA_DRIVER_CAPA_ENC_CCMP;
2356         capa->auth = WPA_DRIVER_AUTH_OPEN |
2357                 WPA_DRIVER_AUTH_SHARED |
2358                 WPA_DRIVER_AUTH_LEAP;
2359         capa->flags |= WPA_DRIVER_FLAGS_AP;
2360         capa->flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
2361         capa->flags |= WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE;
2362         capa->flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE;
2363         capa->max_scan_ssids = 2;
2364         capa->max_remain_on_chan = 60000;
2365
2366         return 0;
2367 }
2368
2369
2370 static int wpa_driver_test_mlme_setprotection(void *priv, const u8 *addr,
2371                                               int protect_type,
2372                                               int key_type)
2373 {
2374         wpa_printf(MSG_DEBUG, "%s: protect_type=%d key_type=%d",
2375                    __func__, protect_type, key_type);
2376
2377         if (addr) {
2378                 wpa_printf(MSG_DEBUG, "%s: addr=" MACSTR,
2379                            __func__, MAC2STR(addr));
2380         }
2381
2382         return 0;
2383 }
2384
2385
2386 static void * wpa_driver_test_global_init(void)
2387 {
2388         struct wpa_driver_test_global *global;
2389
2390         global = os_zalloc(sizeof(*global));
2391         return global;
2392 }
2393
2394
2395 static void wpa_driver_test_global_deinit(void *priv)
2396 {
2397         struct wpa_driver_test_global *global = priv;
2398         os_free(global);
2399 }
2400
2401
2402 static struct wpa_interface_info *
2403 wpa_driver_test_get_interfaces(void *global_priv)
2404 {
2405         /* struct wpa_driver_test_global *global = priv; */
2406         struct wpa_interface_info *iface;
2407
2408         iface = os_zalloc(sizeof(*iface));
2409         if (iface == NULL)
2410                 return iface;
2411         iface->ifname = os_strdup("sta0");
2412         iface->desc = os_strdup("test interface 0");
2413         iface->drv_name = "test";
2414         iface->next = os_zalloc(sizeof(*iface));
2415         if (iface->next) {
2416                 iface->next->ifname = os_strdup("sta1");
2417                 iface->next->desc = os_strdup("test interface 1");
2418                 iface->next->drv_name = "test";
2419         }
2420
2421         return iface;
2422 }
2423
2424
2425 static struct hostapd_hw_modes *
2426 wpa_driver_test_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
2427 {
2428         struct hostapd_hw_modes *modes;
2429         size_t i;
2430
2431         *num_modes = 3;
2432         *flags = 0;
2433         modes = os_calloc(*num_modes, sizeof(struct hostapd_hw_modes));
2434         if (modes == NULL)
2435                 return NULL;
2436         modes[0].mode = HOSTAPD_MODE_IEEE80211G;
2437         modes[0].num_channels = 11;
2438         modes[0].num_rates = 12;
2439         modes[0].channels = os_calloc(11, sizeof(struct hostapd_channel_data));
2440         modes[0].rates = os_calloc(modes[0].num_rates, sizeof(int));
2441         if (modes[0].channels == NULL || modes[0].rates == NULL)
2442                 goto fail;
2443         for (i = 0; i < 11; i++) {
2444                 modes[0].channels[i].chan = i + 1;
2445                 modes[0].channels[i].freq = 2412 + 5 * i;
2446                 modes[0].channels[i].flag = 0;
2447         }
2448         modes[0].rates[0] = 10;
2449         modes[0].rates[1] = 20;
2450         modes[0].rates[2] = 55;
2451         modes[0].rates[3] = 110;
2452         modes[0].rates[4] = 60;
2453         modes[0].rates[5] = 90;
2454         modes[0].rates[6] = 120;
2455         modes[0].rates[7] = 180;
2456         modes[0].rates[8] = 240;
2457         modes[0].rates[9] = 360;
2458         modes[0].rates[10] = 480;
2459         modes[0].rates[11] = 540;
2460
2461         modes[1].mode = HOSTAPD_MODE_IEEE80211B;
2462         modes[1].num_channels = 11;
2463         modes[1].num_rates = 4;
2464         modes[1].channels = os_calloc(11, sizeof(struct hostapd_channel_data));
2465         modes[1].rates = os_calloc(modes[1].num_rates, sizeof(int));
2466         if (modes[1].channels == NULL || modes[1].rates == NULL)
2467                 goto fail;
2468         for (i = 0; i < 11; i++) {
2469                 modes[1].channels[i].chan = i + 1;
2470                 modes[1].channels[i].freq = 2412 + 5 * i;
2471                 modes[1].channels[i].flag = 0;
2472         }
2473         modes[1].rates[0] = 10;
2474         modes[1].rates[1] = 20;
2475         modes[1].rates[2] = 55;
2476         modes[1].rates[3] = 110;
2477
2478         modes[2].mode = HOSTAPD_MODE_IEEE80211A;
2479         modes[2].num_channels = 1;
2480         modes[2].num_rates = 8;
2481         modes[2].channels = os_calloc(1, sizeof(struct hostapd_channel_data));
2482         modes[2].rates = os_calloc(modes[2].num_rates, sizeof(int));
2483         if (modes[2].channels == NULL || modes[2].rates == NULL)
2484                 goto fail;
2485         modes[2].channels[0].chan = 60;
2486         modes[2].channels[0].freq = 5300;
2487         modes[2].channels[0].flag = 0;
2488         modes[2].rates[0] = 60;
2489         modes[2].rates[1] = 90;
2490         modes[2].rates[2] = 120;
2491         modes[2].rates[3] = 180;
2492         modes[2].rates[4] = 240;
2493         modes[2].rates[5] = 360;
2494         modes[2].rates[6] = 480;
2495         modes[2].rates[7] = 540;
2496
2497         return modes;
2498
2499 fail:
2500         if (modes) {
2501                 for (i = 0; i < *num_modes; i++) {
2502                         os_free(modes[i].channels);
2503                         os_free(modes[i].rates);
2504                 }
2505                 os_free(modes);
2506         }
2507         return NULL;
2508 }
2509
2510
2511 static int wpa_driver_test_set_freq(void *priv,
2512                                     struct hostapd_freq_params *freq)
2513 {
2514         struct test_driver_bss *dbss = priv;
2515         struct wpa_driver_test_data *drv = dbss->drv;
2516         wpa_printf(MSG_DEBUG, "test: set_freq %u MHz", freq->freq);
2517         drv->current_freq = freq->freq;
2518         return 0;
2519 }
2520
2521
2522 static int wpa_driver_test_send_action(void *priv, unsigned int freq,
2523                                        unsigned int wait,
2524                                        const u8 *dst, const u8 *src,
2525                                        const u8 *bssid,
2526                                        const u8 *data, size_t data_len,
2527                                        int no_cck)
2528 {
2529         struct test_driver_bss *dbss = priv;
2530         struct wpa_driver_test_data *drv = dbss->drv;
2531         int ret = -1;
2532         u8 *buf;
2533         struct ieee80211_hdr *hdr;
2534
2535         wpa_printf(MSG_DEBUG, "test: Send Action frame");
2536
2537         if ((drv->remain_on_channel_freq &&
2538              freq != drv->remain_on_channel_freq) ||
2539             (drv->remain_on_channel_freq == 0 &&
2540              freq != (unsigned int) drv->current_freq)) {
2541                 wpa_printf(MSG_DEBUG, "test: Reject Action frame TX on "
2542                            "unexpected channel: freq=%u MHz (current_freq=%u "
2543                            "MHz, remain-on-channel freq=%u MHz)",
2544                            freq, drv->current_freq,
2545                            drv->remain_on_channel_freq);
2546                 return -1;
2547         }
2548
2549         buf = os_zalloc(24 + data_len);
2550         if (buf == NULL)
2551                 return ret;
2552         os_memcpy(buf + 24, data, data_len);
2553         hdr = (struct ieee80211_hdr *) buf;
2554         hdr->frame_control =
2555                 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
2556         os_memcpy(hdr->addr1, dst, ETH_ALEN);
2557         os_memcpy(hdr->addr2, src, ETH_ALEN);
2558         os_memcpy(hdr->addr3, bssid, ETH_ALEN);
2559
2560         ret = wpa_driver_test_send_mlme(priv, buf, 24 + data_len, 0);
2561         os_free(buf);
2562         return ret;
2563 }
2564
2565
2566 static void test_remain_on_channel_timeout(void *eloop_ctx, void *timeout_ctx)
2567 {
2568         struct wpa_driver_test_data *drv = eloop_ctx;
2569         union wpa_event_data data;
2570
2571         wpa_printf(MSG_DEBUG, "test: Remain-on-channel timeout");
2572
2573         os_memset(&data, 0, sizeof(data));
2574         data.remain_on_channel.freq = drv->remain_on_channel_freq;
2575         data.remain_on_channel.duration = drv->remain_on_channel_duration;
2576
2577         drv->remain_on_channel_freq = 0;
2578
2579         wpa_supplicant_event(drv->ctx, EVENT_CANCEL_REMAIN_ON_CHANNEL, &data);
2580 }
2581
2582
2583 static int wpa_driver_test_remain_on_channel(void *priv, unsigned int freq,
2584                                              unsigned int duration)
2585 {
2586         struct test_driver_bss *dbss = priv;
2587         struct wpa_driver_test_data *drv = dbss->drv;
2588         union wpa_event_data data;
2589
2590         wpa_printf(MSG_DEBUG, "%s(freq=%u, duration=%u)",
2591                    __func__, freq, duration);
2592         if (drv->remain_on_channel_freq &&
2593             drv->remain_on_channel_freq != freq) {
2594                 wpa_printf(MSG_DEBUG, "test: Refuse concurrent "
2595                            "remain_on_channel request");
2596                 return -1;
2597         }
2598
2599         drv->remain_on_channel_freq = freq;
2600         drv->remain_on_channel_duration = duration;
2601         eloop_cancel_timeout(test_remain_on_channel_timeout, drv, NULL);
2602         eloop_register_timeout(duration / 1000, (duration % 1000) * 1000,
2603                                test_remain_on_channel_timeout, drv, NULL);
2604
2605         os_memset(&data, 0, sizeof(data));
2606         data.remain_on_channel.freq = freq;
2607         data.remain_on_channel.duration = duration;
2608         wpa_supplicant_event(drv->ctx, EVENT_REMAIN_ON_CHANNEL, &data);
2609
2610         return 0;
2611 }
2612
2613
2614 static int wpa_driver_test_cancel_remain_on_channel(void *priv)
2615 {
2616         struct test_driver_bss *dbss = priv;
2617         struct wpa_driver_test_data *drv = dbss->drv;
2618         wpa_printf(MSG_DEBUG, "%s", __func__);
2619         if (!drv->remain_on_channel_freq)
2620                 return -1;
2621         drv->remain_on_channel_freq = 0;
2622         eloop_cancel_timeout(test_remain_on_channel_timeout, drv, NULL);
2623         return 0;
2624 }
2625
2626
2627 static int wpa_driver_test_probe_req_report(void *priv, int report)
2628 {
2629         struct test_driver_bss *dbss = priv;
2630         struct wpa_driver_test_data *drv = dbss->drv;
2631         wpa_printf(MSG_DEBUG, "%s(report=%d)", __func__, report);
2632         drv->probe_req_report = report;
2633         return 0;
2634 }
2635
2636
2637 const struct wpa_driver_ops wpa_driver_test_ops = {
2638         "test",
2639         "wpa_supplicant test driver",
2640         .hapd_init = test_driver_init,
2641         .hapd_deinit = wpa_driver_test_deinit,
2642         .hapd_send_eapol = test_driver_send_eapol,
2643         .send_mlme = wpa_driver_test_send_mlme,
2644         .set_generic_elem = test_driver_set_generic_elem,
2645         .sta_deauth = test_driver_sta_deauth,
2646         .sta_disassoc = test_driver_sta_disassoc,
2647         .get_hw_feature_data = wpa_driver_test_get_hw_feature_data,
2648         .if_add = test_driver_if_add,
2649         .if_remove = test_driver_if_remove,
2650         .hapd_set_ssid = test_driver_set_ssid,
2651         .set_privacy = test_driver_set_privacy,
2652         .set_sta_vlan = test_driver_set_sta_vlan,
2653         .sta_add = test_driver_sta_add,
2654         .send_ether = test_driver_send_ether,
2655         .set_ap_wps_ie = test_driver_set_ap_wps_ie,
2656         .get_bssid = wpa_driver_test_get_bssid,
2657         .get_ssid = wpa_driver_test_get_ssid,
2658         .set_key = wpa_driver_test_set_key,
2659         .deinit = wpa_driver_test_deinit,
2660         .set_param = wpa_driver_test_set_param,
2661         .deauthenticate = wpa_driver_test_deauthenticate,
2662         .associate = wpa_driver_test_associate,
2663         .get_capa = wpa_driver_test_get_capa,
2664         .get_mac_addr = wpa_driver_test_get_mac_addr,
2665         .send_eapol = wpa_driver_test_send_eapol,
2666         .mlme_setprotection = wpa_driver_test_mlme_setprotection,
2667         .get_scan_results2 = wpa_driver_test_get_scan_results2,
2668         .global_init = wpa_driver_test_global_init,
2669         .global_deinit = wpa_driver_test_global_deinit,
2670         .init2 = wpa_driver_test_init2,
2671         .get_interfaces = wpa_driver_test_get_interfaces,
2672         .scan2 = wpa_driver_test_scan,
2673         .set_freq = wpa_driver_test_set_freq,
2674         .send_action = wpa_driver_test_send_action,
2675         .remain_on_channel = wpa_driver_test_remain_on_channel,
2676         .cancel_remain_on_channel = wpa_driver_test_cancel_remain_on_channel,
2677         .probe_req_report = wpa_driver_test_probe_req_report,
2678 };