Disconnect hostapd from building in base
[dragonfly.git] / contrib / hostapd / src / drivers / driver_wext.c
1 /*
2  * Driver interaction with generic Linux Wireless Extensions
3  * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file implements a driver interface for the Linux Wireless Extensions.
9  * When used with WE-18 or newer, this interface can be used as-is with number
10  * of drivers. In addition to this, some of the common functions in this file
11  * can be used by other driver interface implementations that use generic WE
12  * ioctls, but require private ioctls for some of the functionality.
13  */
14
15 #include "includes.h"
16 #include <sys/ioctl.h>
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <fcntl.h>
20 #include <net/if_arp.h>
21
22 #include "linux_wext.h"
23 #include "common.h"
24 #include "eloop.h"
25 #include "common/ieee802_11_defs.h"
26 #include "common/wpa_common.h"
27 #include "priv_netlink.h"
28 #include "netlink.h"
29 #include "linux_ioctl.h"
30 #include "rfkill.h"
31 #include "driver.h"
32 #include "driver_wext.h"
33
34 static int wpa_driver_wext_flush_pmkid(void *priv);
35 static int wpa_driver_wext_get_range(void *priv);
36 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv);
37 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv);
38 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg);
39
40
41 int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv,
42                                    int idx, u32 value)
43 {
44         struct iwreq iwr;
45         int ret = 0;
46
47         os_memset(&iwr, 0, sizeof(iwr));
48         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
49         iwr.u.param.flags = idx & IW_AUTH_INDEX;
50         iwr.u.param.value = value;
51
52         if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
53                 if (errno != EOPNOTSUPP) {
54                         wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
55                                    "value 0x%x) failed: %s)",
56                                    idx, value, strerror(errno));
57                 }
58                 ret = errno == EOPNOTSUPP ? -2 : -1;
59         }
60
61         return ret;
62 }
63
64
65 /**
66  * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP
67  * @priv: Pointer to private wext data from wpa_driver_wext_init()
68  * @bssid: Buffer for BSSID
69  * Returns: 0 on success, -1 on failure
70  */
71 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid)
72 {
73         struct wpa_driver_wext_data *drv = priv;
74         struct iwreq iwr;
75         int ret = 0;
76
77         os_memset(&iwr, 0, sizeof(iwr));
78         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
79
80         if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
81                 perror("ioctl[SIOCGIWAP]");
82                 ret = -1;
83         }
84         os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
85
86         return ret;
87 }
88
89
90 /**
91  * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP
92  * @priv: Pointer to private wext data from wpa_driver_wext_init()
93  * @bssid: BSSID
94  * Returns: 0 on success, -1 on failure
95  */
96 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid)
97 {
98         struct wpa_driver_wext_data *drv = priv;
99         struct iwreq iwr;
100         int ret = 0;
101
102         os_memset(&iwr, 0, sizeof(iwr));
103         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
104         iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
105         if (bssid)
106                 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
107         else
108                 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
109
110         if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
111                 perror("ioctl[SIOCSIWAP]");
112                 ret = -1;
113         }
114
115         return ret;
116 }
117
118
119 /**
120  * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID
121  * @priv: Pointer to private wext data from wpa_driver_wext_init()
122  * @ssid: Buffer for the SSID; must be at least 32 bytes long
123  * Returns: SSID length on success, -1 on failure
124  */
125 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid)
126 {
127         struct wpa_driver_wext_data *drv = priv;
128         struct iwreq iwr;
129         int ret = 0;
130
131         os_memset(&iwr, 0, sizeof(iwr));
132         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
133         iwr.u.essid.pointer = (caddr_t) ssid;
134         iwr.u.essid.length = 32;
135
136         if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
137                 perror("ioctl[SIOCGIWESSID]");
138                 ret = -1;
139         } else {
140                 ret = iwr.u.essid.length;
141                 if (ret > 32)
142                         ret = 32;
143                 /* Some drivers include nul termination in the SSID, so let's
144                  * remove it here before further processing. WE-21 changes this
145                  * to explicitly require the length _not_ to include nul
146                  * termination. */
147                 if (ret > 0 && ssid[ret - 1] == '\0' &&
148                     drv->we_version_compiled < 21)
149                         ret--;
150         }
151
152         return ret;
153 }
154
155
156 /**
157  * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID
158  * @priv: Pointer to private wext data from wpa_driver_wext_init()
159  * @ssid: SSID
160  * @ssid_len: Length of SSID (0..32)
161  * Returns: 0 on success, -1 on failure
162  */
163 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
164 {
165         struct wpa_driver_wext_data *drv = priv;
166         struct iwreq iwr;
167         int ret = 0;
168         char buf[33];
169
170         if (ssid_len > 32)
171                 return -1;
172
173         os_memset(&iwr, 0, sizeof(iwr));
174         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
175         /* flags: 1 = ESSID is active, 0 = not (promiscuous) */
176         iwr.u.essid.flags = (ssid_len != 0);
177         os_memset(buf, 0, sizeof(buf));
178         os_memcpy(buf, ssid, ssid_len);
179         iwr.u.essid.pointer = (caddr_t) buf;
180         if (drv->we_version_compiled < 21) {
181                 /* For historic reasons, set SSID length to include one extra
182                  * character, C string nul termination, even though SSID is
183                  * really an octet string that should not be presented as a C
184                  * string. Some Linux drivers decrement the length by one and
185                  * can thus end up missing the last octet of the SSID if the
186                  * length is not incremented here. WE-21 changes this to
187                  * explicitly require the length _not_ to include nul
188                  * termination. */
189                 if (ssid_len)
190                         ssid_len++;
191         }
192         iwr.u.essid.length = ssid_len;
193
194         if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
195                 perror("ioctl[SIOCSIWESSID]");
196                 ret = -1;
197         }
198
199         return ret;
200 }
201
202
203 /**
204  * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ
205  * @priv: Pointer to private wext data from wpa_driver_wext_init()
206  * @freq: Frequency in MHz
207  * Returns: 0 on success, -1 on failure
208  */
209 int wpa_driver_wext_set_freq(void *priv, int freq)
210 {
211         struct wpa_driver_wext_data *drv = priv;
212         struct iwreq iwr;
213         int ret = 0;
214
215         os_memset(&iwr, 0, sizeof(iwr));
216         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
217         iwr.u.freq.m = freq * 100000;
218         iwr.u.freq.e = 1;
219
220         if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
221                 perror("ioctl[SIOCSIWFREQ]");
222                 ret = -1;
223         }
224
225         return ret;
226 }
227
228
229 static void
230 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
231 {
232         union wpa_event_data data;
233
234         wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
235                    custom);
236
237         os_memset(&data, 0, sizeof(data));
238         /* Host AP driver */
239         if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
240                 data.michael_mic_failure.unicast =
241                         os_strstr(custom, " unicast ") != NULL;
242                 /* TODO: parse parameters(?) */
243                 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
244         } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
245                 char *spos;
246                 int bytes;
247                 u8 *req_ies = NULL, *resp_ies = NULL;
248
249                 spos = custom + 17;
250
251                 bytes = strspn(spos, "0123456789abcdefABCDEF");
252                 if (!bytes || (bytes & 1))
253                         return;
254                 bytes /= 2;
255
256                 req_ies = os_malloc(bytes);
257                 if (req_ies == NULL ||
258                     hexstr2bin(spos, req_ies, bytes) < 0)
259                         goto done;
260                 data.assoc_info.req_ies = req_ies;
261                 data.assoc_info.req_ies_len = bytes;
262
263                 spos += bytes * 2;
264
265                 data.assoc_info.resp_ies = NULL;
266                 data.assoc_info.resp_ies_len = 0;
267
268                 if (os_strncmp(spos, " RespIEs=", 9) == 0) {
269                         spos += 9;
270
271                         bytes = strspn(spos, "0123456789abcdefABCDEF");
272                         if (!bytes || (bytes & 1))
273                                 goto done;
274                         bytes /= 2;
275
276                         resp_ies = os_malloc(bytes);
277                         if (resp_ies == NULL ||
278                             hexstr2bin(spos, resp_ies, bytes) < 0)
279                                 goto done;
280                         data.assoc_info.resp_ies = resp_ies;
281                         data.assoc_info.resp_ies_len = bytes;
282                 }
283
284                 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
285
286         done:
287                 os_free(resp_ies);
288                 os_free(req_ies);
289 #ifdef CONFIG_PEERKEY
290         } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
291                 if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
292                         wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
293                                    "STKSTART.request '%s'", custom + 17);
294                         return;
295                 }
296                 wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
297 #endif /* CONFIG_PEERKEY */
298         }
299 }
300
301
302 static int wpa_driver_wext_event_wireless_michaelmicfailure(
303         void *ctx, const char *ev, size_t len)
304 {
305         const struct iw_michaelmicfailure *mic;
306         union wpa_event_data data;
307
308         if (len < sizeof(*mic))
309                 return -1;
310
311         mic = (const struct iw_michaelmicfailure *) ev;
312
313         wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
314                    "flags=0x%x src_addr=" MACSTR, mic->flags,
315                    MAC2STR(mic->src_addr.sa_data));
316
317         os_memset(&data, 0, sizeof(data));
318         data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
319         wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
320
321         return 0;
322 }
323
324
325 static int wpa_driver_wext_event_wireless_pmkidcand(
326         struct wpa_driver_wext_data *drv, const char *ev, size_t len)
327 {
328         const struct iw_pmkid_cand *cand;
329         union wpa_event_data data;
330         const u8 *addr;
331
332         if (len < sizeof(*cand))
333                 return -1;
334
335         cand = (const struct iw_pmkid_cand *) ev;
336         addr = (const u8 *) cand->bssid.sa_data;
337
338         wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
339                    "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
340                    cand->index, MAC2STR(addr));
341
342         os_memset(&data, 0, sizeof(data));
343         os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
344         data.pmkid_candidate.index = cand->index;
345         data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
346         wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
347
348         return 0;
349 }
350
351
352 static int wpa_driver_wext_event_wireless_assocreqie(
353         struct wpa_driver_wext_data *drv, const char *ev, int len)
354 {
355         if (len < 0)
356                 return -1;
357
358         wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
359                     len);
360         os_free(drv->assoc_req_ies);
361         drv->assoc_req_ies = os_malloc(len);
362         if (drv->assoc_req_ies == NULL) {
363                 drv->assoc_req_ies_len = 0;
364                 return -1;
365         }
366         os_memcpy(drv->assoc_req_ies, ev, len);
367         drv->assoc_req_ies_len = len;
368
369         return 0;
370 }
371
372
373 static int wpa_driver_wext_event_wireless_assocrespie(
374         struct wpa_driver_wext_data *drv, const char *ev, int len)
375 {
376         if (len < 0)
377                 return -1;
378
379         wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
380                     len);
381         os_free(drv->assoc_resp_ies);
382         drv->assoc_resp_ies = os_malloc(len);
383         if (drv->assoc_resp_ies == NULL) {
384                 drv->assoc_resp_ies_len = 0;
385                 return -1;
386         }
387         os_memcpy(drv->assoc_resp_ies, ev, len);
388         drv->assoc_resp_ies_len = len;
389
390         return 0;
391 }
392
393
394 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv)
395 {
396         union wpa_event_data data;
397
398         if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
399                 return;
400
401         os_memset(&data, 0, sizeof(data));
402         if (drv->assoc_req_ies) {
403                 data.assoc_info.req_ies = drv->assoc_req_ies;
404                 data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
405         }
406         if (drv->assoc_resp_ies) {
407                 data.assoc_info.resp_ies = drv->assoc_resp_ies;
408                 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
409         }
410
411         wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
412
413         os_free(drv->assoc_req_ies);
414         drv->assoc_req_ies = NULL;
415         os_free(drv->assoc_resp_ies);
416         drv->assoc_resp_ies = NULL;
417 }
418
419
420 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
421                                            char *data, int len)
422 {
423         struct iw_event iwe_buf, *iwe = &iwe_buf;
424         char *pos, *end, *custom, *buf;
425
426         pos = data;
427         end = data + len;
428
429         while (pos + IW_EV_LCP_LEN <= end) {
430                 /* Event data may be unaligned, so make a local, aligned copy
431                  * before processing. */
432                 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
433                 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
434                            iwe->cmd, iwe->len);
435                 if (iwe->len <= IW_EV_LCP_LEN)
436                         return;
437
438                 custom = pos + IW_EV_POINT_LEN;
439                 if (drv->we_version_compiled > 18 &&
440                     (iwe->cmd == IWEVMICHAELMICFAILURE ||
441                      iwe->cmd == IWEVCUSTOM ||
442                      iwe->cmd == IWEVASSOCREQIE ||
443                      iwe->cmd == IWEVASSOCRESPIE ||
444                      iwe->cmd == IWEVPMKIDCAND)) {
445                         /* WE-19 removed the pointer from struct iw_point */
446                         char *dpos = (char *) &iwe_buf.u.data.length;
447                         int dlen = dpos - (char *) &iwe_buf;
448                         os_memcpy(dpos, pos + IW_EV_LCP_LEN,
449                                   sizeof(struct iw_event) - dlen);
450                 } else {
451                         os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
452                         custom += IW_EV_POINT_OFF;
453                 }
454
455                 switch (iwe->cmd) {
456                 case SIOCGIWAP:
457                         wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
458                                    MACSTR,
459                                    MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
460                         if (is_zero_ether_addr(
461                                     (const u8 *) iwe->u.ap_addr.sa_data) ||
462                             os_memcmp(iwe->u.ap_addr.sa_data,
463                                       "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
464                             0) {
465                                 os_free(drv->assoc_req_ies);
466                                 drv->assoc_req_ies = NULL;
467                                 os_free(drv->assoc_resp_ies);
468                                 drv->assoc_resp_ies = NULL;
469                                 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC,
470                                                      NULL);
471                         
472                         } else {
473                                 wpa_driver_wext_event_assoc_ies(drv);
474                                 wpa_supplicant_event(drv->ctx, EVENT_ASSOC,
475                                                      NULL);
476                         }
477                         break;
478                 case IWEVMICHAELMICFAILURE:
479                         if (custom + iwe->u.data.length > end) {
480                                 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
481                                            "IWEVMICHAELMICFAILURE length");
482                                 return;
483                         }
484                         wpa_driver_wext_event_wireless_michaelmicfailure(
485                                 drv->ctx, custom, iwe->u.data.length);
486                         break;
487                 case IWEVCUSTOM:
488                         if (custom + iwe->u.data.length > end) {
489                                 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
490                                            "IWEVCUSTOM length");
491                                 return;
492                         }
493                         buf = dup_binstr(custom, iwe->u.data.length);
494                         if (buf == NULL)
495                                 return;
496                         wpa_driver_wext_event_wireless_custom(drv->ctx, buf);
497                         os_free(buf);
498                         break;
499                 case SIOCGIWSCAN:
500                         drv->scan_complete_events = 1;
501                         eloop_cancel_timeout(wpa_driver_wext_scan_timeout,
502                                              drv, drv->ctx);
503                         wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS,
504                                              NULL);
505                         break;
506                 case IWEVASSOCREQIE:
507                         if (custom + iwe->u.data.length > end) {
508                                 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
509                                            "IWEVASSOCREQIE length");
510                                 return;
511                         }
512                         wpa_driver_wext_event_wireless_assocreqie(
513                                 drv, custom, iwe->u.data.length);
514                         break;
515                 case IWEVASSOCRESPIE:
516                         if (custom + iwe->u.data.length > end) {
517                                 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
518                                            "IWEVASSOCRESPIE length");
519                                 return;
520                         }
521                         wpa_driver_wext_event_wireless_assocrespie(
522                                 drv, custom, iwe->u.data.length);
523                         break;
524                 case IWEVPMKIDCAND:
525                         if (custom + iwe->u.data.length > end) {
526                                 wpa_printf(MSG_DEBUG, "WEXT: Invalid "
527                                            "IWEVPMKIDCAND length");
528                                 return;
529                         }
530                         wpa_driver_wext_event_wireless_pmkidcand(
531                                 drv, custom, iwe->u.data.length);
532                         break;
533                 }
534
535                 pos += iwe->len;
536         }
537 }
538
539
540 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv,
541                                        char *buf, size_t len, int del)
542 {
543         union wpa_event_data event;
544
545         os_memset(&event, 0, sizeof(event));
546         if (len > sizeof(event.interface_status.ifname))
547                 len = sizeof(event.interface_status.ifname) - 1;
548         os_memcpy(event.interface_status.ifname, buf, len);
549         event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
550                 EVENT_INTERFACE_ADDED;
551
552         wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
553                    del ? "DEL" : "NEW",
554                    event.interface_status.ifname,
555                    del ? "removed" : "added");
556
557         if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
558                 if (del) {
559                         if (drv->if_removed) {
560                                 wpa_printf(MSG_DEBUG, "WEXT: if_removed "
561                                            "already set - ignore event");
562                                 return;
563                         }
564                         drv->if_removed = 1;
565                 } else {
566                         if (if_nametoindex(drv->ifname) == 0) {
567                                 wpa_printf(MSG_DEBUG, "WEXT: Interface %s "
568                                            "does not exist - ignore "
569                                            "RTM_NEWLINK",
570                                            drv->ifname);
571                                 return;
572                         }
573                         if (!drv->if_removed) {
574                                 wpa_printf(MSG_DEBUG, "WEXT: if_removed "
575                                            "already cleared - ignore event");
576                                 return;
577                         }
578                         drv->if_removed = 0;
579                 }
580         }
581
582         wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
583 }
584
585
586 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv,
587                                       u8 *buf, size_t len)
588 {
589         int attrlen, rta_len;
590         struct rtattr *attr;
591
592         attrlen = len;
593         attr = (struct rtattr *) buf;
594
595         rta_len = RTA_ALIGN(sizeof(struct rtattr));
596         while (RTA_OK(attr, attrlen)) {
597                 if (attr->rta_type == IFLA_IFNAME) {
598                         if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
599                             == 0)
600                                 return 1;
601                         else
602                                 break;
603                 }
604                 attr = RTA_NEXT(attr, attrlen);
605         }
606
607         return 0;
608 }
609
610
611 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv,
612                                        int ifindex, u8 *buf, size_t len)
613 {
614         if (drv->ifindex == ifindex || drv->ifindex2 == ifindex)
615                 return 1;
616
617         if (drv->if_removed && wpa_driver_wext_own_ifname(drv, buf, len)) {
618                 drv->ifindex = if_nametoindex(drv->ifname);
619                 wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed "
620                            "interface");
621                 wpa_driver_wext_finish_drv_init(drv);
622                 return 1;
623         }
624
625         return 0;
626 }
627
628
629 static void wpa_driver_wext_event_rtm_newlink(void *ctx, struct ifinfomsg *ifi,
630                                               u8 *buf, size_t len)
631 {
632         struct wpa_driver_wext_data *drv = ctx;
633         int attrlen, rta_len;
634         struct rtattr *attr;
635         char namebuf[IFNAMSIZ];
636
637         if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, buf, len)) {
638                 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
639                            ifi->ifi_index);
640                 return;
641         }
642
643         wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
644                    "(%s%s%s%s)",
645                    drv->operstate, ifi->ifi_flags,
646                    (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
647                    (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
648                    (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
649                    (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
650
651         if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
652                 wpa_printf(MSG_DEBUG, "WEXT: Interface down");
653                 drv->if_disabled = 1;
654                 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL);
655         }
656
657         if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
658                 if (if_indextoname(ifi->ifi_index, namebuf) &&
659                     linux_iface_up(drv->ioctl_sock, drv->ifname) == 0) {
660                         wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up "
661                                    "event since interface %s is down",
662                                    namebuf);
663                 } else if (if_nametoindex(drv->ifname) == 0) {
664                         wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up "
665                                    "event since interface %s does not exist",
666                                    drv->ifname);
667                 } else if (drv->if_removed) {
668                         wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up "
669                                    "event since interface %s is marked "
670                                    "removed", drv->ifname);
671                 } else {
672                         wpa_printf(MSG_DEBUG, "WEXT: Interface up");
673                         drv->if_disabled = 0;
674                         wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
675                                              NULL);
676                 }
677         }
678
679         /*
680          * Some drivers send the association event before the operup event--in
681          * this case, lifting operstate in wpa_driver_wext_set_operstate()
682          * fails. This will hit us when wpa_supplicant does not need to do
683          * IEEE 802.1X authentication
684          */
685         if (drv->operstate == 1 &&
686             (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
687             !(ifi->ifi_flags & IFF_RUNNING))
688                 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
689                                        -1, IF_OPER_UP);
690
691         attrlen = len;
692         attr = (struct rtattr *) buf;
693
694         rta_len = RTA_ALIGN(sizeof(struct rtattr));
695         while (RTA_OK(attr, attrlen)) {
696                 if (attr->rta_type == IFLA_WIRELESS) {
697                         wpa_driver_wext_event_wireless(
698                                 drv, ((char *) attr) + rta_len,
699                                 attr->rta_len - rta_len);
700                 } else if (attr->rta_type == IFLA_IFNAME) {
701                         wpa_driver_wext_event_link(drv,
702                                                    ((char *) attr) + rta_len,
703                                                    attr->rta_len - rta_len, 0);
704                 }
705                 attr = RTA_NEXT(attr, attrlen);
706         }
707 }
708
709
710 static void wpa_driver_wext_event_rtm_dellink(void *ctx, struct ifinfomsg *ifi,
711                                               u8 *buf, size_t len)
712 {
713         struct wpa_driver_wext_data *drv = ctx;
714         int attrlen, rta_len;
715         struct rtattr *attr;
716
717         attrlen = len;
718         attr = (struct rtattr *) buf;
719
720         rta_len = RTA_ALIGN(sizeof(struct rtattr));
721         while (RTA_OK(attr, attrlen)) {
722                 if (attr->rta_type == IFLA_IFNAME) {
723                         wpa_driver_wext_event_link(drv,
724                                                    ((char *) attr) + rta_len,
725                                                    attr->rta_len - rta_len, 1);
726                 }
727                 attr = RTA_NEXT(attr, attrlen);
728         }
729 }
730
731
732 static void wpa_driver_wext_rfkill_blocked(void *ctx)
733 {
734         wpa_printf(MSG_DEBUG, "WEXT: RFKILL blocked");
735         /*
736          * This may be for any interface; use ifdown event to disable
737          * interface.
738          */
739 }
740
741
742 static void wpa_driver_wext_rfkill_unblocked(void *ctx)
743 {
744         struct wpa_driver_wext_data *drv = ctx;
745         wpa_printf(MSG_DEBUG, "WEXT: RFKILL unblocked");
746         if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1)) {
747                 wpa_printf(MSG_DEBUG, "WEXT: Could not set interface UP "
748                            "after rfkill unblock");
749                 return;
750         }
751         /* rtnetlink ifup handler will report interface as enabled */
752 }
753
754
755 static void wext_get_phy_name(struct wpa_driver_wext_data *drv)
756 {
757         /* Find phy (radio) to which this interface belongs */
758         char buf[90], *pos;
759         int f, rv;
760
761         drv->phyname[0] = '\0';
762         snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name",
763                  drv->ifname);
764         f = open(buf, O_RDONLY);
765         if (f < 0) {
766                 wpa_printf(MSG_DEBUG, "Could not open file %s: %s",
767                            buf, strerror(errno));
768                 return;
769         }
770
771         rv = read(f, drv->phyname, sizeof(drv->phyname) - 1);
772         close(f);
773         if (rv < 0) {
774                 wpa_printf(MSG_DEBUG, "Could not read file %s: %s",
775                            buf, strerror(errno));
776                 return;
777         }
778
779         drv->phyname[rv] = '\0';
780         pos = os_strchr(drv->phyname, '\n');
781         if (pos)
782                 *pos = '\0';
783         wpa_printf(MSG_DEBUG, "wext: interface %s phy: %s",
784                    drv->ifname, drv->phyname);
785 }
786
787
788 /**
789  * wpa_driver_wext_init - Initialize WE driver interface
790  * @ctx: context to be used when calling wpa_supplicant functions,
791  * e.g., wpa_supplicant_event()
792  * @ifname: interface name, e.g., wlan0
793  * Returns: Pointer to private data, %NULL on failure
794  */
795 void * wpa_driver_wext_init(void *ctx, const char *ifname)
796 {
797         struct wpa_driver_wext_data *drv;
798         struct netlink_config *cfg;
799         struct rfkill_config *rcfg;
800         char path[128];
801         struct stat buf;
802
803         drv = os_zalloc(sizeof(*drv));
804         if (drv == NULL)
805                 return NULL;
806         drv->ctx = ctx;
807         os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
808
809         os_snprintf(path, sizeof(path), "/sys/class/net/%s/phy80211", ifname);
810         if (stat(path, &buf) == 0) {
811                 wpa_printf(MSG_DEBUG, "WEXT: cfg80211-based driver detected");
812                 drv->cfg80211 = 1;
813                 wext_get_phy_name(drv);
814         }
815
816         drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
817         if (drv->ioctl_sock < 0) {
818                 perror("socket(PF_INET,SOCK_DGRAM)");
819                 goto err1;
820         }
821
822         cfg = os_zalloc(sizeof(*cfg));
823         if (cfg == NULL)
824                 goto err1;
825         cfg->ctx = drv;
826         cfg->newlink_cb = wpa_driver_wext_event_rtm_newlink;
827         cfg->dellink_cb = wpa_driver_wext_event_rtm_dellink;
828         drv->netlink = netlink_init(cfg);
829         if (drv->netlink == NULL) {
830                 os_free(cfg);
831                 goto err2;
832         }
833
834         rcfg = os_zalloc(sizeof(*rcfg));
835         if (rcfg == NULL)
836                 goto err3;
837         rcfg->ctx = drv;
838         os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
839         rcfg->blocked_cb = wpa_driver_wext_rfkill_blocked;
840         rcfg->unblocked_cb = wpa_driver_wext_rfkill_unblocked;
841         drv->rfkill = rfkill_init(rcfg);
842         if (drv->rfkill == NULL) {
843                 wpa_printf(MSG_DEBUG, "WEXT: RFKILL status not available");
844                 os_free(rcfg);
845         }
846
847         drv->mlme_sock = -1;
848
849         if (wpa_driver_wext_finish_drv_init(drv) < 0)
850                 goto err3;
851
852         wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 1);
853
854         return drv;
855
856 err3:
857         rfkill_deinit(drv->rfkill);
858         netlink_deinit(drv->netlink);
859 err2:
860         close(drv->ioctl_sock);
861 err1:
862         os_free(drv);
863         return NULL;
864 }
865
866
867 static void wpa_driver_wext_send_rfkill(void *eloop_ctx, void *timeout_ctx)
868 {
869         wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
870 }
871
872
873 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv)
874 {
875         int send_rfkill_event = 0;
876
877         if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1) < 0) {
878                 if (rfkill_is_blocked(drv->rfkill)) {
879                         wpa_printf(MSG_DEBUG, "WEXT: Could not yet enable "
880                                    "interface '%s' due to rfkill",
881                                    drv->ifname);
882                         drv->if_disabled = 1;
883                         send_rfkill_event = 1;
884                 } else {
885                         wpa_printf(MSG_ERROR, "WEXT: Could not set "
886                                    "interface '%s' UP", drv->ifname);
887                         return -1;
888                 }
889         }
890
891         /*
892          * Make sure that the driver does not have any obsolete PMKID entries.
893          */
894         wpa_driver_wext_flush_pmkid(drv);
895
896         if (wpa_driver_wext_set_mode(drv, 0) < 0) {
897                 wpa_printf(MSG_DEBUG, "Could not configure driver to use "
898                            "managed mode");
899                 /* Try to use it anyway */
900         }
901
902         wpa_driver_wext_get_range(drv);
903
904         /*
905          * Unlock the driver's BSSID and force to a random SSID to clear any
906          * previous association the driver might have when the supplicant
907          * starts up.
908          */
909         wpa_driver_wext_disconnect(drv);
910
911         drv->ifindex = if_nametoindex(drv->ifname);
912
913         if (os_strncmp(drv->ifname, "wlan", 4) == 0) {
914                 /*
915                  * Host AP driver may use both wlan# and wifi# interface in
916                  * wireless events. Since some of the versions included WE-18
917                  * support, let's add the alternative ifindex also from
918                  * driver_wext.c for the time being. This may be removed at
919                  * some point once it is believed that old versions of the
920                  * driver are not in use anymore.
921                  */
922                 char ifname2[IFNAMSIZ + 1];
923                 os_strlcpy(ifname2, drv->ifname, sizeof(ifname2));
924                 os_memcpy(ifname2, "wifi", 4);
925                 wpa_driver_wext_alternative_ifindex(drv, ifname2);
926         }
927
928         netlink_send_oper_ifla(drv->netlink, drv->ifindex,
929                                1, IF_OPER_DORMANT);
930
931         if (send_rfkill_event) {
932                 eloop_register_timeout(0, 0, wpa_driver_wext_send_rfkill,
933                                        drv, drv->ctx);
934         }
935
936         return 0;
937 }
938
939
940 /**
941  * wpa_driver_wext_deinit - Deinitialize WE driver interface
942  * @priv: Pointer to private wext data from wpa_driver_wext_init()
943  *
944  * Shut down driver interface and processing of driver events. Free
945  * private data buffer if one was allocated in wpa_driver_wext_init().
946  */
947 void wpa_driver_wext_deinit(void *priv)
948 {
949         struct wpa_driver_wext_data *drv = priv;
950
951         wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 0);
952
953         eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
954
955         /*
956          * Clear possibly configured driver parameters in order to make it
957          * easier to use the driver after wpa_supplicant has been terminated.
958          */
959         wpa_driver_wext_disconnect(drv);
960
961         netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP);
962         netlink_deinit(drv->netlink);
963         rfkill_deinit(drv->rfkill);
964
965         if (drv->mlme_sock >= 0)
966                 eloop_unregister_read_sock(drv->mlme_sock);
967
968         (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0);
969
970         close(drv->ioctl_sock);
971         if (drv->mlme_sock >= 0)
972                 close(drv->mlme_sock);
973         os_free(drv->assoc_req_ies);
974         os_free(drv->assoc_resp_ies);
975         os_free(drv);
976 }
977
978
979 /**
980  * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion
981  * @eloop_ctx: Unused
982  * @timeout_ctx: ctx argument given to wpa_driver_wext_init()
983  *
984  * This function can be used as registered timeout when starting a scan to
985  * generate a scan completed event if the driver does not report this.
986  */
987 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx)
988 {
989         wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
990         wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
991 }
992
993
994 /**
995  * wpa_driver_wext_scan - Request the driver to initiate scan
996  * @priv: Pointer to private wext data from wpa_driver_wext_init()
997  * @param: Scan parameters (specific SSID to scan for (ProbeReq), etc.)
998  * Returns: 0 on success, -1 on failure
999  */
1000 int wpa_driver_wext_scan(void *priv, struct wpa_driver_scan_params *params)
1001 {
1002         struct wpa_driver_wext_data *drv = priv;
1003         struct iwreq iwr;
1004         int ret = 0, timeout;
1005         struct iw_scan_req req;
1006         const u8 *ssid = params->ssids[0].ssid;
1007         size_t ssid_len = params->ssids[0].ssid_len;
1008
1009         if (ssid_len > IW_ESSID_MAX_SIZE) {
1010                 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
1011                            __FUNCTION__, (unsigned long) ssid_len);
1012                 return -1;
1013         }
1014
1015         os_memset(&iwr, 0, sizeof(iwr));
1016         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1017
1018         if (ssid && ssid_len) {
1019                 os_memset(&req, 0, sizeof(req));
1020                 req.essid_len = ssid_len;
1021                 req.bssid.sa_family = ARPHRD_ETHER;
1022                 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
1023                 os_memcpy(req.essid, ssid, ssid_len);
1024                 iwr.u.data.pointer = (caddr_t) &req;
1025                 iwr.u.data.length = sizeof(req);
1026                 iwr.u.data.flags = IW_SCAN_THIS_ESSID;
1027         }
1028
1029         if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
1030                 perror("ioctl[SIOCSIWSCAN]");
1031                 ret = -1;
1032         }
1033
1034         /* Not all drivers generate "scan completed" wireless event, so try to
1035          * read results after a timeout. */
1036         timeout = 10;
1037         if (drv->scan_complete_events) {
1038                 /*
1039                  * The driver seems to deliver SIOCGIWSCAN events to notify
1040                  * when scan is complete, so use longer timeout to avoid race
1041                  * conditions with scanning and following association request.
1042                  */
1043                 timeout = 30;
1044         }
1045         wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1046                    "seconds", ret, timeout);
1047         eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1048         eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv,
1049                                drv->ctx);
1050
1051         return ret;
1052 }
1053
1054
1055 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv,
1056                                     size_t *len)
1057 {
1058         struct iwreq iwr;
1059         u8 *res_buf;
1060         size_t res_buf_len;
1061
1062         res_buf_len = IW_SCAN_MAX_DATA;
1063         for (;;) {
1064                 res_buf = os_malloc(res_buf_len);
1065                 if (res_buf == NULL)
1066                         return NULL;
1067                 os_memset(&iwr, 0, sizeof(iwr));
1068                 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1069                 iwr.u.data.pointer = res_buf;
1070                 iwr.u.data.length = res_buf_len;
1071
1072                 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
1073                         break;
1074
1075                 if (errno == E2BIG && res_buf_len < 65535) {
1076                         os_free(res_buf);
1077                         res_buf = NULL;
1078                         res_buf_len *= 2;
1079                         if (res_buf_len > 65535)
1080                                 res_buf_len = 65535; /* 16-bit length field */
1081                         wpa_printf(MSG_DEBUG, "Scan results did not fit - "
1082                                    "trying larger buffer (%lu bytes)",
1083                                    (unsigned long) res_buf_len);
1084                 } else {
1085                         perror("ioctl[SIOCGIWSCAN]");
1086                         os_free(res_buf);
1087                         return NULL;
1088                 }
1089         }
1090
1091         if (iwr.u.data.length > res_buf_len) {
1092                 os_free(res_buf);
1093                 return NULL;
1094         }
1095         *len = iwr.u.data.length;
1096
1097         return res_buf;
1098 }
1099
1100
1101 /*
1102  * Data structure for collecting WEXT scan results. This is needed to allow
1103  * the various methods of reporting IEs to be combined into a single IE buffer.
1104  */
1105 struct wext_scan_data {
1106         struct wpa_scan_res res;
1107         u8 *ie;
1108         size_t ie_len;
1109         u8 ssid[32];
1110         size_t ssid_len;
1111         int maxrate;
1112 };
1113
1114
1115 static void wext_get_scan_mode(struct iw_event *iwe,
1116                                struct wext_scan_data *res)
1117 {
1118         if (iwe->u.mode == IW_MODE_ADHOC)
1119                 res->res.caps |= IEEE80211_CAP_IBSS;
1120         else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA)
1121                 res->res.caps |= IEEE80211_CAP_ESS;
1122 }
1123
1124
1125 static void wext_get_scan_ssid(struct iw_event *iwe,
1126                                struct wext_scan_data *res, char *custom,
1127                                char *end)
1128 {
1129         int ssid_len = iwe->u.essid.length;
1130         if (custom + ssid_len > end)
1131                 return;
1132         if (iwe->u.essid.flags &&
1133             ssid_len > 0 &&
1134             ssid_len <= IW_ESSID_MAX_SIZE) {
1135                 os_memcpy(res->ssid, custom, ssid_len);
1136                 res->ssid_len = ssid_len;
1137         }
1138 }
1139
1140
1141 static void wext_get_scan_freq(struct iw_event *iwe,
1142                                struct wext_scan_data *res)
1143 {
1144         int divi = 1000000, i;
1145
1146         if (iwe->u.freq.e == 0) {
1147                 /*
1148                  * Some drivers do not report frequency, but a channel.
1149                  * Try to map this to frequency by assuming they are using
1150                  * IEEE 802.11b/g.  But don't overwrite a previously parsed
1151                  * frequency if the driver sends both frequency and channel,
1152                  * since the driver may be sending an A-band channel that we
1153                  * don't handle here.
1154                  */
1155
1156                 if (res->res.freq)
1157                         return;
1158
1159                 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
1160                         res->res.freq = 2407 + 5 * iwe->u.freq.m;
1161                         return;
1162                 } else if (iwe->u.freq.m == 14) {
1163                         res->res.freq = 2484;
1164                         return;
1165                 }
1166         }
1167
1168         if (iwe->u.freq.e > 6) {
1169                 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID="
1170                            MACSTR " m=%d e=%d)",
1171                            MAC2STR(res->res.bssid), iwe->u.freq.m,
1172                            iwe->u.freq.e);
1173                 return;
1174         }
1175
1176         for (i = 0; i < iwe->u.freq.e; i++)
1177                 divi /= 10;
1178         res->res.freq = iwe->u.freq.m / divi;
1179 }
1180
1181
1182 static void wext_get_scan_qual(struct wpa_driver_wext_data *drv,
1183                                struct iw_event *iwe,
1184                                struct wext_scan_data *res)
1185 {
1186         res->res.qual = iwe->u.qual.qual;
1187         res->res.noise = iwe->u.qual.noise;
1188         res->res.level = iwe->u.qual.level;
1189         if (iwe->u.qual.updated & IW_QUAL_QUAL_INVALID)
1190                 res->res.flags |= WPA_SCAN_QUAL_INVALID;
1191         if (iwe->u.qual.updated & IW_QUAL_LEVEL_INVALID)
1192                 res->res.flags |= WPA_SCAN_LEVEL_INVALID;
1193         if (iwe->u.qual.updated & IW_QUAL_NOISE_INVALID)
1194                 res->res.flags |= WPA_SCAN_NOISE_INVALID;
1195         if (iwe->u.qual.updated & IW_QUAL_DBM)
1196                 res->res.flags |= WPA_SCAN_LEVEL_DBM;
1197         if ((iwe->u.qual.updated & IW_QUAL_DBM) ||
1198             ((iwe->u.qual.level != 0) &&
1199              (iwe->u.qual.level > drv->max_level))) {
1200                 if (iwe->u.qual.level >= 64)
1201                         res->res.level -= 0x100;
1202                 if (iwe->u.qual.noise >= 64)
1203                         res->res.noise -= 0x100;
1204         }
1205 }
1206
1207
1208 static void wext_get_scan_encode(struct iw_event *iwe,
1209                                  struct wext_scan_data *res)
1210 {
1211         if (!(iwe->u.data.flags & IW_ENCODE_DISABLED))
1212                 res->res.caps |= IEEE80211_CAP_PRIVACY;
1213 }
1214
1215
1216 static void wext_get_scan_rate(struct iw_event *iwe,
1217                                struct wext_scan_data *res, char *pos,
1218                                char *end)
1219 {
1220         int maxrate;
1221         char *custom = pos + IW_EV_LCP_LEN;
1222         struct iw_param p;
1223         size_t clen;
1224
1225         clen = iwe->len;
1226         if (custom + clen > end)
1227                 return;
1228         maxrate = 0;
1229         while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
1230                 /* Note: may be misaligned, make a local, aligned copy */
1231                 os_memcpy(&p, custom, sizeof(struct iw_param));
1232                 if (p.value > maxrate)
1233                         maxrate = p.value;
1234                 clen -= sizeof(struct iw_param);
1235                 custom += sizeof(struct iw_param);
1236         }
1237
1238         /* Convert the maxrate from WE-style (b/s units) to
1239          * 802.11 rates (500000 b/s units).
1240          */
1241         res->maxrate = maxrate / 500000;
1242 }
1243
1244
1245 static void wext_get_scan_iwevgenie(struct iw_event *iwe,
1246                                     struct wext_scan_data *res, char *custom,
1247                                     char *end)
1248 {
1249         char *genie, *gpos, *gend;
1250         u8 *tmp;
1251
1252         if (iwe->u.data.length == 0)
1253                 return;
1254
1255         gpos = genie = custom;
1256         gend = genie + iwe->u.data.length;
1257         if (gend > end) {
1258                 wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1259                 return;
1260         }
1261
1262         tmp = os_realloc(res->ie, res->ie_len + gend - gpos);
1263         if (tmp == NULL)
1264                 return;
1265         os_memcpy(tmp + res->ie_len, gpos, gend - gpos);
1266         res->ie = tmp;
1267         res->ie_len += gend - gpos;
1268 }
1269
1270
1271 static void wext_get_scan_custom(struct iw_event *iwe,
1272                                  struct wext_scan_data *res, char *custom,
1273                                  char *end)
1274 {
1275         size_t clen;
1276         u8 *tmp;
1277
1278         clen = iwe->u.data.length;
1279         if (custom + clen > end)
1280                 return;
1281
1282         if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
1283                 char *spos;
1284                 int bytes;
1285                 spos = custom + 7;
1286                 bytes = custom + clen - spos;
1287                 if (bytes & 1 || bytes == 0)
1288                         return;
1289                 bytes /= 2;
1290                 tmp = os_realloc(res->ie, res->ie_len + bytes);
1291                 if (tmp == NULL)
1292                         return;
1293                 res->ie = tmp;
1294                 if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0)
1295                         return;
1296                 res->ie_len += bytes;
1297         } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) {
1298                 char *spos;
1299                 int bytes;
1300                 spos = custom + 7;
1301                 bytes = custom + clen - spos;
1302                 if (bytes & 1 || bytes == 0)
1303                         return;
1304                 bytes /= 2;
1305                 tmp = os_realloc(res->ie, res->ie_len + bytes);
1306                 if (tmp == NULL)
1307                         return;
1308                 res->ie = tmp;
1309                 if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0)
1310                         return;
1311                 res->ie_len += bytes;
1312         } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) {
1313                 char *spos;
1314                 int bytes;
1315                 u8 bin[8];
1316                 spos = custom + 4;
1317                 bytes = custom + clen - spos;
1318                 if (bytes != 16) {
1319                         wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
1320                         return;
1321                 }
1322                 bytes /= 2;
1323                 if (hexstr2bin(spos, bin, bytes) < 0) {
1324                         wpa_printf(MSG_DEBUG, "WEXT: Invalid TSF value");
1325                         return;
1326                 }
1327                 res->res.tsf += WPA_GET_BE64(bin);
1328         }
1329 }
1330
1331
1332 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd)
1333 {
1334         return drv->we_version_compiled > 18 &&
1335                 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE ||
1336                  cmd == IWEVGENIE || cmd == IWEVCUSTOM);
1337 }
1338
1339
1340 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res,
1341                                            struct wext_scan_data *data)
1342 {
1343         struct wpa_scan_res **tmp;
1344         struct wpa_scan_res *r;
1345         size_t extra_len;
1346         u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL;
1347
1348         /* Figure out whether we need to fake any IEs */
1349         pos = data->ie;
1350         end = pos + data->ie_len;
1351         while (pos && pos + 1 < end) {
1352                 if (pos + 2 + pos[1] > end)
1353                         break;
1354                 if (pos[0] == WLAN_EID_SSID)
1355                         ssid_ie = pos;
1356                 else if (pos[0] == WLAN_EID_SUPP_RATES)
1357                         rate_ie = pos;
1358                 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES)
1359                         rate_ie = pos;
1360                 pos += 2 + pos[1];
1361         }
1362
1363         extra_len = 0;
1364         if (ssid_ie == NULL)
1365                 extra_len += 2 + data->ssid_len;
1366         if (rate_ie == NULL && data->maxrate)
1367                 extra_len += 3;
1368
1369         r = os_zalloc(sizeof(*r) + extra_len + data->ie_len);
1370         if (r == NULL)
1371                 return;
1372         os_memcpy(r, &data->res, sizeof(*r));
1373         r->ie_len = extra_len + data->ie_len;
1374         pos = (u8 *) (r + 1);
1375         if (ssid_ie == NULL) {
1376                 /*
1377                  * Generate a fake SSID IE since the driver did not report
1378                  * a full IE list.
1379                  */
1380                 *pos++ = WLAN_EID_SSID;
1381                 *pos++ = data->ssid_len;
1382                 os_memcpy(pos, data->ssid, data->ssid_len);
1383                 pos += data->ssid_len;
1384         }
1385         if (rate_ie == NULL && data->maxrate) {
1386                 /*
1387                  * Generate a fake Supported Rates IE since the driver did not
1388                  * report a full IE list.
1389                  */
1390                 *pos++ = WLAN_EID_SUPP_RATES;
1391                 *pos++ = 1;
1392                 *pos++ = data->maxrate;
1393         }
1394         if (data->ie)
1395                 os_memcpy(pos, data->ie, data->ie_len);
1396
1397         tmp = os_realloc_array(res->res, res->num + 1,
1398                                sizeof(struct wpa_scan_res *));
1399         if (tmp == NULL) {
1400                 os_free(r);
1401                 return;
1402         }
1403         tmp[res->num++] = r;
1404         res->res = tmp;
1405 }
1406
1407
1408 /**
1409  * wpa_driver_wext_get_scan_results - Fetch the latest scan results
1410  * @priv: Pointer to private wext data from wpa_driver_wext_init()
1411  * Returns: Scan results on success, -1 on failure
1412  */
1413 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv)
1414 {
1415         struct wpa_driver_wext_data *drv = priv;
1416         size_t len;
1417         int first;
1418         u8 *res_buf;
1419         struct iw_event iwe_buf, *iwe = &iwe_buf;
1420         char *pos, *end, *custom;
1421         struct wpa_scan_results *res;
1422         struct wext_scan_data data;
1423
1424         res_buf = wpa_driver_wext_giwscan(drv, &len);
1425         if (res_buf == NULL)
1426                 return NULL;
1427
1428         first = 1;
1429
1430         res = os_zalloc(sizeof(*res));
1431         if (res == NULL) {
1432                 os_free(res_buf);
1433                 return NULL;
1434         }
1435
1436         pos = (char *) res_buf;
1437         end = (char *) res_buf + len;
1438         os_memset(&data, 0, sizeof(data));
1439
1440         while (pos + IW_EV_LCP_LEN <= end) {
1441                 /* Event data may be unaligned, so make a local, aligned copy
1442                  * before processing. */
1443                 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1444                 if (iwe->len <= IW_EV_LCP_LEN)
1445                         break;
1446
1447                 custom = pos + IW_EV_POINT_LEN;
1448                 if (wext_19_iw_point(drv, iwe->cmd)) {
1449                         /* WE-19 removed the pointer from struct iw_point */
1450                         char *dpos = (char *) &iwe_buf.u.data.length;
1451                         int dlen = dpos - (char *) &iwe_buf;
1452                         os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1453                                   sizeof(struct iw_event) - dlen);
1454                 } else {
1455                         os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1456                         custom += IW_EV_POINT_OFF;
1457                 }
1458
1459                 switch (iwe->cmd) {
1460                 case SIOCGIWAP:
1461                         if (!first)
1462                                 wpa_driver_wext_add_scan_entry(res, &data);
1463                         first = 0;
1464                         os_free(data.ie);
1465                         os_memset(&data, 0, sizeof(data));
1466                         os_memcpy(data.res.bssid,
1467                                   iwe->u.ap_addr.sa_data, ETH_ALEN);
1468                         break;
1469                 case SIOCGIWMODE:
1470                         wext_get_scan_mode(iwe, &data);
1471                         break;
1472                 case SIOCGIWESSID:
1473                         wext_get_scan_ssid(iwe, &data, custom, end);
1474                         break;
1475                 case SIOCGIWFREQ:
1476                         wext_get_scan_freq(iwe, &data);
1477                         break;
1478                 case IWEVQUAL:
1479                         wext_get_scan_qual(drv, iwe, &data);
1480                         break;
1481                 case SIOCGIWENCODE:
1482                         wext_get_scan_encode(iwe, &data);
1483                         break;
1484                 case SIOCGIWRATE:
1485                         wext_get_scan_rate(iwe, &data, pos, end);
1486                         break;
1487                 case IWEVGENIE:
1488                         wext_get_scan_iwevgenie(iwe, &data, custom, end);
1489                         break;
1490                 case IWEVCUSTOM:
1491                         wext_get_scan_custom(iwe, &data, custom, end);
1492                         break;
1493                 }
1494
1495                 pos += iwe->len;
1496         }
1497         os_free(res_buf);
1498         res_buf = NULL;
1499         if (!first)
1500                 wpa_driver_wext_add_scan_entry(res, &data);
1501         os_free(data.ie);
1502
1503         wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1504                    (unsigned long) len, (unsigned long) res->num);
1505
1506         return res;
1507 }
1508
1509
1510 static int wpa_driver_wext_get_range(void *priv)
1511 {
1512         struct wpa_driver_wext_data *drv = priv;
1513         struct iw_range *range;
1514         struct iwreq iwr;
1515         int minlen;
1516         size_t buflen;
1517
1518         /*
1519          * Use larger buffer than struct iw_range in order to allow the
1520          * structure to grow in the future.
1521          */
1522         buflen = sizeof(struct iw_range) + 500;
1523         range = os_zalloc(buflen);
1524         if (range == NULL)
1525                 return -1;
1526
1527         os_memset(&iwr, 0, sizeof(iwr));
1528         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1529         iwr.u.data.pointer = (caddr_t) range;
1530         iwr.u.data.length = buflen;
1531
1532         minlen = ((char *) &range->enc_capa) - (char *) range +
1533                 sizeof(range->enc_capa);
1534
1535         if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1536                 perror("ioctl[SIOCGIWRANGE]");
1537                 os_free(range);
1538                 return -1;
1539         } else if (iwr.u.data.length >= minlen &&
1540                    range->we_version_compiled >= 18) {
1541                 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1542                            "WE(source)=%d enc_capa=0x%x",
1543                            range->we_version_compiled,
1544                            range->we_version_source,
1545                            range->enc_capa);
1546                 drv->has_capability = 1;
1547                 drv->we_version_compiled = range->we_version_compiled;
1548                 if (range->enc_capa & IW_ENC_CAPA_WPA) {
1549                         drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1550                                 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1551                 }
1552                 if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1553                         drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1554                                 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1555                 }
1556                 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1557                         WPA_DRIVER_CAPA_ENC_WEP104;
1558                 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP128;
1559                 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1560                         drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1561                 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1562                         drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1563                 if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE)
1564                         drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
1565                 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1566                         WPA_DRIVER_AUTH_SHARED |
1567                         WPA_DRIVER_AUTH_LEAP;
1568                 drv->capa.max_scan_ssids = 1;
1569
1570                 wpa_printf(MSG_DEBUG, "  capabilities: key_mgmt 0x%x enc 0x%x "
1571                            "flags 0x%x",
1572                            drv->capa.key_mgmt, drv->capa.enc, drv->capa.flags);
1573         } else {
1574                 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1575                            "assuming WPA is not supported");
1576         }
1577
1578         drv->max_level = range->max_qual.level;
1579
1580         os_free(range);
1581         return 0;
1582 }
1583
1584
1585 static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv,
1586                                    const u8 *psk)
1587 {
1588         struct iw_encode_ext *ext;
1589         struct iwreq iwr;
1590         int ret;
1591
1592         wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1593
1594         if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
1595                 return 0;
1596
1597         if (!psk)
1598                 return 0;
1599
1600         os_memset(&iwr, 0, sizeof(iwr));
1601         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1602
1603         ext = os_zalloc(sizeof(*ext) + PMK_LEN);
1604         if (ext == NULL)
1605                 return -1;
1606
1607         iwr.u.encoding.pointer = (caddr_t) ext;
1608         iwr.u.encoding.length = sizeof(*ext) + PMK_LEN;
1609         ext->key_len = PMK_LEN;
1610         os_memcpy(&ext->key, psk, ext->key_len);
1611         ext->alg = IW_ENCODE_ALG_PMK;
1612
1613         ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr);
1614         if (ret < 0)
1615                 perror("ioctl[SIOCSIWENCODEEXT] PMK");
1616         os_free(ext);
1617
1618         return ret;
1619 }
1620
1621
1622 static int wpa_driver_wext_set_key_ext(void *priv, enum wpa_alg alg,
1623                                        const u8 *addr, int key_idx,
1624                                        int set_tx, const u8 *seq,
1625                                        size_t seq_len,
1626                                        const u8 *key, size_t key_len)
1627 {
1628         struct wpa_driver_wext_data *drv = priv;
1629         struct iwreq iwr;
1630         int ret = 0;
1631         struct iw_encode_ext *ext;
1632
1633         if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) {
1634                 wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu",
1635                            __FUNCTION__, (unsigned long) seq_len);
1636                 return -1;
1637         }
1638
1639         ext = os_zalloc(sizeof(*ext) + key_len);
1640         if (ext == NULL)
1641                 return -1;
1642         os_memset(&iwr, 0, sizeof(iwr));
1643         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1644         iwr.u.encoding.flags = key_idx + 1;
1645         iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1646         if (alg == WPA_ALG_NONE)
1647                 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1648         iwr.u.encoding.pointer = (caddr_t) ext;
1649         iwr.u.encoding.length = sizeof(*ext) + key_len;
1650
1651         if (addr == NULL || is_broadcast_ether_addr(addr))
1652                 ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
1653         if (set_tx)
1654                 ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
1655
1656         ext->addr.sa_family = ARPHRD_ETHER;
1657         if (addr)
1658                 os_memcpy(ext->addr.sa_data, addr, ETH_ALEN);
1659         else
1660                 os_memset(ext->addr.sa_data, 0xff, ETH_ALEN);
1661         if (key && key_len) {
1662                 os_memcpy(ext + 1, key, key_len);
1663                 ext->key_len = key_len;
1664         }
1665         switch (alg) {
1666         case WPA_ALG_NONE:
1667                 ext->alg = IW_ENCODE_ALG_NONE;
1668                 break;
1669         case WPA_ALG_WEP:
1670                 ext->alg = IW_ENCODE_ALG_WEP;
1671                 break;
1672         case WPA_ALG_TKIP:
1673                 ext->alg = IW_ENCODE_ALG_TKIP;
1674                 break;
1675         case WPA_ALG_CCMP:
1676                 ext->alg = IW_ENCODE_ALG_CCMP;
1677                 break;
1678         case WPA_ALG_PMK:
1679                 ext->alg = IW_ENCODE_ALG_PMK;
1680                 break;
1681 #ifdef CONFIG_IEEE80211W
1682         case WPA_ALG_IGTK:
1683                 ext->alg = IW_ENCODE_ALG_AES_CMAC;
1684                 break;
1685 #endif /* CONFIG_IEEE80211W */
1686         default:
1687                 wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d",
1688                            __FUNCTION__, alg);
1689                 os_free(ext);
1690                 return -1;
1691         }
1692
1693         if (seq && seq_len) {
1694                 ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID;
1695                 os_memcpy(ext->rx_seq, seq, seq_len);
1696         }
1697
1698         if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) {
1699                 ret = errno == EOPNOTSUPP ? -2 : -1;
1700                 if (errno == ENODEV) {
1701                         /*
1702                          * ndiswrapper seems to be returning incorrect error
1703                          * code.. */
1704                         ret = -2;
1705                 }
1706
1707                 perror("ioctl[SIOCSIWENCODEEXT]");
1708         }
1709
1710         os_free(ext);
1711         return ret;
1712 }
1713
1714
1715 /**
1716  * wpa_driver_wext_set_key - Configure encryption key
1717  * @priv: Pointer to private wext data from wpa_driver_wext_init()
1718  * @priv: Private driver interface data
1719  * @alg: Encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
1720  *      %WPA_ALG_TKIP, %WPA_ALG_CCMP); %WPA_ALG_NONE clears the key.
1721  * @addr: Address of the peer STA or ff:ff:ff:ff:ff:ff for
1722  *      broadcast/default keys
1723  * @key_idx: key index (0..3), usually 0 for unicast keys
1724  * @set_tx: Configure this key as the default Tx key (only used when
1725  *      driver does not support separate unicast/individual key
1726  * @seq: Sequence number/packet number, seq_len octets, the next
1727  *      packet number to be used for in replay protection; configured
1728  *      for Rx keys (in most cases, this is only used with broadcast
1729  *      keys and set to zero for unicast keys)
1730  * @seq_len: Length of the seq, depends on the algorithm:
1731  *      TKIP: 6 octets, CCMP: 6 octets
1732  * @key: Key buffer; TKIP: 16-byte temporal key, 8-byte Tx Mic key,
1733  *      8-byte Rx Mic Key
1734  * @key_len: Length of the key buffer in octets (WEP: 5 or 13,
1735  *      TKIP: 32, CCMP: 16)
1736  * Returns: 0 on success, -1 on failure
1737  *
1738  * This function uses SIOCSIWENCODEEXT by default, but tries to use
1739  * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key.
1740  */
1741 int wpa_driver_wext_set_key(const char *ifname, void *priv, enum wpa_alg alg,
1742                             const u8 *addr, int key_idx,
1743                             int set_tx, const u8 *seq, size_t seq_len,
1744                             const u8 *key, size_t key_len)
1745 {
1746         struct wpa_driver_wext_data *drv = priv;
1747         struct iwreq iwr;
1748         int ret = 0;
1749
1750         wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu "
1751                    "key_len=%lu",
1752                    __FUNCTION__, alg, key_idx, set_tx,
1753                    (unsigned long) seq_len, (unsigned long) key_len);
1754
1755         ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx,
1756                                           seq, seq_len, key, key_len);
1757         if (ret == 0)
1758                 return 0;
1759
1760         if (ret == -2 &&
1761             (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) {
1762                 wpa_printf(MSG_DEBUG, "Driver did not support "
1763                            "SIOCSIWENCODEEXT, trying SIOCSIWENCODE");
1764                 ret = 0;
1765         } else {
1766                 wpa_printf(MSG_DEBUG, "Driver did not support "
1767                            "SIOCSIWENCODEEXT");
1768                 return ret;
1769         }
1770
1771         os_memset(&iwr, 0, sizeof(iwr));
1772         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1773         iwr.u.encoding.flags = key_idx + 1;
1774         iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1775         if (alg == WPA_ALG_NONE)
1776                 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1777         iwr.u.encoding.pointer = (caddr_t) key;
1778         iwr.u.encoding.length = key_len;
1779
1780         if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1781                 perror("ioctl[SIOCSIWENCODE]");
1782                 ret = -1;
1783         }
1784
1785         if (set_tx && alg != WPA_ALG_NONE) {
1786                 os_memset(&iwr, 0, sizeof(iwr));
1787                 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1788                 iwr.u.encoding.flags = key_idx + 1;
1789                 iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1790                 iwr.u.encoding.pointer = (caddr_t) NULL;
1791                 iwr.u.encoding.length = 0;
1792                 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1793                         perror("ioctl[SIOCSIWENCODE] (set_tx)");
1794                         ret = -1;
1795                 }
1796         }
1797
1798         return ret;
1799 }
1800
1801
1802 static int wpa_driver_wext_set_countermeasures(void *priv,
1803                                                int enabled)
1804 {
1805         struct wpa_driver_wext_data *drv = priv;
1806         wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1807         return wpa_driver_wext_set_auth_param(drv,
1808                                               IW_AUTH_TKIP_COUNTERMEASURES,
1809                                               enabled);
1810 }
1811
1812
1813 static int wpa_driver_wext_set_drop_unencrypted(void *priv,
1814                                                 int enabled)
1815 {
1816         struct wpa_driver_wext_data *drv = priv;
1817         wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1818         drv->use_crypt = enabled;
1819         return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
1820                                               enabled);
1821 }
1822
1823
1824 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv,
1825                                 const u8 *addr, int cmd, int reason_code)
1826 {
1827         struct iwreq iwr;
1828         struct iw_mlme mlme;
1829         int ret = 0;
1830
1831         os_memset(&iwr, 0, sizeof(iwr));
1832         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1833         os_memset(&mlme, 0, sizeof(mlme));
1834         mlme.cmd = cmd;
1835         mlme.reason_code = reason_code;
1836         mlme.addr.sa_family = ARPHRD_ETHER;
1837         os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
1838         iwr.u.data.pointer = (caddr_t) &mlme;
1839         iwr.u.data.length = sizeof(mlme);
1840
1841         if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
1842                 perror("ioctl[SIOCSIWMLME]");
1843                 ret = -1;
1844         }
1845
1846         return ret;
1847 }
1848
1849
1850 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv)
1851 {
1852         struct iwreq iwr;
1853         const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
1854         u8 ssid[32];
1855         int i;
1856
1857         /*
1858          * Only force-disconnect when the card is in infrastructure mode,
1859          * otherwise the driver might interpret the cleared BSSID and random
1860          * SSID as an attempt to create a new ad-hoc network.
1861          */
1862         os_memset(&iwr, 0, sizeof(iwr));
1863         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1864         if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
1865                 perror("ioctl[SIOCGIWMODE]");
1866                 iwr.u.mode = IW_MODE_INFRA;
1867         }
1868
1869         if (iwr.u.mode == IW_MODE_INFRA) {
1870                 /* Clear the BSSID selection */
1871                 if (wpa_driver_wext_set_bssid(drv, null_bssid) < 0) {
1872                         wpa_printf(MSG_DEBUG, "WEXT: Failed to clear BSSID "
1873                                    "selection on disconnect");
1874                 }
1875
1876                 if (drv->cfg80211) {
1877                         /*
1878                          * cfg80211 supports SIOCSIWMLME commands, so there is
1879                          * no need for the random SSID hack, but clear the
1880                          * SSID.
1881                          */
1882                         if (wpa_driver_wext_set_ssid(drv, (u8 *) "", 0) < 0) {
1883                                 wpa_printf(MSG_DEBUG, "WEXT: Failed to clear "
1884                                            "SSID on disconnect");
1885                         }
1886                         return;
1887                 }
1888
1889                 /*
1890                  * Set a random SSID to make sure the driver will not be trying
1891                  * to associate with something even if it does not understand
1892                  * SIOCSIWMLME commands (or tries to associate automatically
1893                  * after deauth/disassoc).
1894                  */
1895                 for (i = 0; i < 32; i++)
1896                         ssid[i] = rand() & 0xFF;
1897                 if (wpa_driver_wext_set_ssid(drv, ssid, 32) < 0) {
1898                         wpa_printf(MSG_DEBUG, "WEXT: Failed to set bogus "
1899                                    "SSID to disconnect");
1900                 }
1901         }
1902 }
1903
1904
1905 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr,
1906                                           int reason_code)
1907 {
1908         struct wpa_driver_wext_data *drv = priv;
1909         int ret;
1910         wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1911         ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
1912         wpa_driver_wext_disconnect(drv);
1913         return ret;
1914 }
1915
1916
1917 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
1918                                       size_t ie_len)
1919 {
1920         struct wpa_driver_wext_data *drv = priv;
1921         struct iwreq iwr;
1922         int ret = 0;
1923
1924         os_memset(&iwr, 0, sizeof(iwr));
1925         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1926         iwr.u.data.pointer = (caddr_t) ie;
1927         iwr.u.data.length = ie_len;
1928
1929         if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
1930                 perror("ioctl[SIOCSIWGENIE]");
1931                 ret = -1;
1932         }
1933
1934         return ret;
1935 }
1936
1937
1938 int wpa_driver_wext_cipher2wext(int cipher)
1939 {
1940         switch (cipher) {
1941         case WPA_CIPHER_NONE:
1942                 return IW_AUTH_CIPHER_NONE;
1943         case WPA_CIPHER_WEP40:
1944                 return IW_AUTH_CIPHER_WEP40;
1945         case WPA_CIPHER_TKIP:
1946                 return IW_AUTH_CIPHER_TKIP;
1947         case WPA_CIPHER_CCMP:
1948                 return IW_AUTH_CIPHER_CCMP;
1949         case WPA_CIPHER_WEP104:
1950                 return IW_AUTH_CIPHER_WEP104;
1951         default:
1952                 return 0;
1953         }
1954 }
1955
1956
1957 int wpa_driver_wext_keymgmt2wext(int keymgmt)
1958 {
1959         switch (keymgmt) {
1960         case WPA_KEY_MGMT_IEEE8021X:
1961         case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
1962                 return IW_AUTH_KEY_MGMT_802_1X;
1963         case WPA_KEY_MGMT_PSK:
1964                 return IW_AUTH_KEY_MGMT_PSK;
1965         default:
1966                 return 0;
1967         }
1968 }
1969
1970
1971 static int
1972 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv,
1973                                   struct wpa_driver_associate_params *params)
1974 {
1975         struct iwreq iwr;
1976         int ret = 0;
1977
1978         wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
1979                    "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
1980
1981         os_memset(&iwr, 0, sizeof(iwr));
1982         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1983         /* Just changing mode, not actual keys */
1984         iwr.u.encoding.flags = 0;
1985         iwr.u.encoding.pointer = (caddr_t) NULL;
1986         iwr.u.encoding.length = 0;
1987
1988         /*
1989          * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
1990          * different things. Here they are used to indicate Open System vs.
1991          * Shared Key authentication algorithm. However, some drivers may use
1992          * them to select between open/restricted WEP encrypted (open = allow
1993          * both unencrypted and encrypted frames; restricted = only allow
1994          * encrypted frames).
1995          */
1996
1997         if (!drv->use_crypt) {
1998                 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1999         } else {
2000                 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
2001                         iwr.u.encoding.flags |= IW_ENCODE_OPEN;
2002                 if (params->auth_alg & WPA_AUTH_ALG_SHARED)
2003                         iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
2004         }
2005
2006         if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
2007                 perror("ioctl[SIOCSIWENCODE]");
2008                 ret = -1;
2009         }
2010
2011         return ret;
2012 }
2013
2014
2015 int wpa_driver_wext_associate(void *priv,
2016                               struct wpa_driver_associate_params *params)
2017 {
2018         struct wpa_driver_wext_data *drv = priv;
2019         int ret = 0;
2020         int allow_unencrypted_eapol;
2021         int value;
2022
2023         wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2024
2025         if (drv->cfg80211) {
2026                 /*
2027                  * Stop cfg80211 from trying to associate before we are done
2028                  * with all parameters.
2029                  */
2030                 wpa_driver_wext_set_ssid(drv, (u8 *) "", 0);
2031         }
2032
2033         if (wpa_driver_wext_set_drop_unencrypted(drv, params->drop_unencrypted)
2034             < 0)
2035                 ret = -1;
2036         if (wpa_driver_wext_set_auth_alg(drv, params->auth_alg) < 0)
2037                 ret = -1;
2038         if (wpa_driver_wext_set_mode(drv, params->mode) < 0)
2039                 ret = -1;
2040
2041         /*
2042          * If the driver did not support SIOCSIWAUTH, fallback to
2043          * SIOCSIWENCODE here.
2044          */
2045         if (drv->auth_alg_fallback &&
2046             wpa_driver_wext_auth_alg_fallback(drv, params) < 0)
2047                 ret = -1;
2048
2049         if (!params->bssid &&
2050             wpa_driver_wext_set_bssid(drv, NULL) < 0)
2051                 ret = -1;
2052
2053         /* TODO: should consider getting wpa version and cipher/key_mgmt suites
2054          * from configuration, not from here, where only the selected suite is
2055          * available */
2056         if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
2057             < 0)
2058                 ret = -1;
2059         if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
2060                 value = IW_AUTH_WPA_VERSION_DISABLED;
2061         else if (params->wpa_ie[0] == WLAN_EID_RSN)
2062                 value = IW_AUTH_WPA_VERSION_WPA2;
2063         else
2064                 value = IW_AUTH_WPA_VERSION_WPA;
2065         if (wpa_driver_wext_set_auth_param(drv,
2066                                            IW_AUTH_WPA_VERSION, value) < 0)
2067                 ret = -1;
2068         value = wpa_driver_wext_cipher2wext(params->pairwise_suite);
2069         if (wpa_driver_wext_set_auth_param(drv,
2070                                            IW_AUTH_CIPHER_PAIRWISE, value) < 0)
2071                 ret = -1;
2072         value = wpa_driver_wext_cipher2wext(params->group_suite);
2073         if (wpa_driver_wext_set_auth_param(drv,
2074                                            IW_AUTH_CIPHER_GROUP, value) < 0)
2075                 ret = -1;
2076         value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite);
2077         if (wpa_driver_wext_set_auth_param(drv,
2078                                            IW_AUTH_KEY_MGMT, value) < 0)
2079                 ret = -1;
2080         value = params->key_mgmt_suite != WPA_KEY_MGMT_NONE ||
2081                 params->pairwise_suite != WPA_CIPHER_NONE ||
2082                 params->group_suite != WPA_CIPHER_NONE ||
2083                 params->wpa_ie_len;
2084         if (wpa_driver_wext_set_auth_param(drv,
2085                                            IW_AUTH_PRIVACY_INVOKED, value) < 0)
2086                 ret = -1;
2087
2088         /* Allow unencrypted EAPOL messages even if pairwise keys are set when
2089          * not using WPA. IEEE 802.1X specifies that these frames are not
2090          * encrypted, but WPA encrypts them when pairwise keys are in use. */
2091         if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
2092             params->key_mgmt_suite == WPA_KEY_MGMT_PSK)
2093                 allow_unencrypted_eapol = 0;
2094         else
2095                 allow_unencrypted_eapol = 1;
2096
2097         if (wpa_driver_wext_set_psk(drv, params->psk) < 0)
2098                 ret = -1;
2099         if (wpa_driver_wext_set_auth_param(drv,
2100                                            IW_AUTH_RX_UNENCRYPTED_EAPOL,
2101                                            allow_unencrypted_eapol) < 0)
2102                 ret = -1;
2103 #ifdef CONFIG_IEEE80211W
2104         switch (params->mgmt_frame_protection) {
2105         case NO_MGMT_FRAME_PROTECTION:
2106                 value = IW_AUTH_MFP_DISABLED;
2107                 break;
2108         case MGMT_FRAME_PROTECTION_OPTIONAL:
2109                 value = IW_AUTH_MFP_OPTIONAL;
2110                 break;
2111         case MGMT_FRAME_PROTECTION_REQUIRED:
2112                 value = IW_AUTH_MFP_REQUIRED;
2113                 break;
2114         };
2115         if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0)
2116                 ret = -1;
2117 #endif /* CONFIG_IEEE80211W */
2118         if (params->freq && wpa_driver_wext_set_freq(drv, params->freq) < 0)
2119                 ret = -1;
2120         if (!drv->cfg80211 &&
2121             wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2122                 ret = -1;
2123         if (params->bssid &&
2124             wpa_driver_wext_set_bssid(drv, params->bssid) < 0)
2125                 ret = -1;
2126         if (drv->cfg80211 &&
2127             wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2128                 ret = -1;
2129
2130         return ret;
2131 }
2132
2133
2134 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
2135 {
2136         struct wpa_driver_wext_data *drv = priv;
2137         int algs = 0, res;
2138
2139         if (auth_alg & WPA_AUTH_ALG_OPEN)
2140                 algs |= IW_AUTH_ALG_OPEN_SYSTEM;
2141         if (auth_alg & WPA_AUTH_ALG_SHARED)
2142                 algs |= IW_AUTH_ALG_SHARED_KEY;
2143         if (auth_alg & WPA_AUTH_ALG_LEAP)
2144                 algs |= IW_AUTH_ALG_LEAP;
2145         if (algs == 0) {
2146                 /* at least one algorithm should be set */
2147                 algs = IW_AUTH_ALG_OPEN_SYSTEM;
2148         }
2149
2150         res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
2151                                              algs);
2152         drv->auth_alg_fallback = res == -2;
2153         return res;
2154 }
2155
2156
2157 /**
2158  * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
2159  * @priv: Pointer to private wext data from wpa_driver_wext_init()
2160  * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2161  * Returns: 0 on success, -1 on failure
2162  */
2163 int wpa_driver_wext_set_mode(void *priv, int mode)
2164 {
2165         struct wpa_driver_wext_data *drv = priv;
2166         struct iwreq iwr;
2167         int ret = -1;
2168         unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA;
2169
2170         os_memset(&iwr, 0, sizeof(iwr));
2171         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2172         iwr.u.mode = new_mode;
2173         if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) {
2174                 ret = 0;
2175                 goto done;
2176         }
2177
2178         if (errno != EBUSY) {
2179                 perror("ioctl[SIOCSIWMODE]");
2180                 goto done;
2181         }
2182
2183         /* mac80211 doesn't allow mode changes while the device is up, so if
2184          * the device isn't in the mode we're about to change to, take device
2185          * down, try to set the mode again, and bring it back up.
2186          */
2187         if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
2188                 perror("ioctl[SIOCGIWMODE]");
2189                 goto done;
2190         }
2191
2192         if (iwr.u.mode == new_mode) {
2193                 ret = 0;
2194                 goto done;
2195         }
2196
2197         if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0) == 0) {
2198                 /* Try to set the mode again while the interface is down */
2199                 iwr.u.mode = new_mode;
2200                 if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0)
2201                         perror("ioctl[SIOCSIWMODE]");
2202                 else
2203                         ret = 0;
2204
2205                 (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1);
2206         }
2207
2208 done:
2209         return ret;
2210 }
2211
2212
2213 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv,
2214                                  u32 cmd, const u8 *bssid, const u8 *pmkid)
2215 {
2216         struct iwreq iwr;
2217         struct iw_pmksa pmksa;
2218         int ret = 0;
2219
2220         os_memset(&iwr, 0, sizeof(iwr));
2221         os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2222         os_memset(&pmksa, 0, sizeof(pmksa));
2223         pmksa.cmd = cmd;
2224         pmksa.bssid.sa_family = ARPHRD_ETHER;
2225         if (bssid)
2226                 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2227         if (pmkid)
2228                 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2229         iwr.u.data.pointer = (caddr_t) &pmksa;
2230         iwr.u.data.length = sizeof(pmksa);
2231
2232         if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2233                 if (errno != EOPNOTSUPP)
2234                         perror("ioctl[SIOCSIWPMKSA]");
2235                 ret = -1;
2236         }
2237
2238         return ret;
2239 }
2240
2241
2242 static int wpa_driver_wext_add_pmkid(void *priv, const u8 *bssid,
2243                                      const u8 *pmkid)
2244 {
2245         struct wpa_driver_wext_data *drv = priv;
2246         return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
2247 }
2248
2249
2250 static int wpa_driver_wext_remove_pmkid(void *priv, const u8 *bssid,
2251                                         const u8 *pmkid)
2252 {
2253         struct wpa_driver_wext_data *drv = priv;
2254         return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
2255 }
2256
2257
2258 static int wpa_driver_wext_flush_pmkid(void *priv)
2259 {
2260         struct wpa_driver_wext_data *drv = priv;
2261         return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2262 }
2263
2264
2265 int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa)
2266 {
2267         struct wpa_driver_wext_data *drv = priv;
2268         if (!drv->has_capability)
2269                 return -1;
2270         os_memcpy(capa, &drv->capa, sizeof(*capa));
2271         return 0;
2272 }
2273
2274
2275 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
2276                                         const char *ifname)
2277 {
2278         if (ifname == NULL) {
2279                 drv->ifindex2 = -1;
2280                 return 0;
2281         }
2282
2283         drv->ifindex2 = if_nametoindex(ifname);
2284         if (drv->ifindex2 <= 0)
2285                 return -1;
2286
2287         wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for "
2288                    "wireless events", drv->ifindex2, ifname);
2289
2290         return 0;
2291 }
2292
2293
2294 int wpa_driver_wext_set_operstate(void *priv, int state)
2295 {
2296         struct wpa_driver_wext_data *drv = priv;
2297
2298         wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2299                    __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2300         drv->operstate = state;
2301         return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
2302                                       state ? IF_OPER_UP : IF_OPER_DORMANT);
2303 }
2304
2305
2306 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv)
2307 {
2308         return drv->we_version_compiled;
2309 }
2310
2311
2312 static const char * wext_get_radio_name(void *priv)
2313 {
2314         struct wpa_driver_wext_data *drv = priv;
2315         return drv->phyname;
2316 }
2317
2318
2319 const struct wpa_driver_ops wpa_driver_wext_ops = {
2320         .name = "wext",
2321         .desc = "Linux wireless extensions (generic)",
2322         .get_bssid = wpa_driver_wext_get_bssid,
2323         .get_ssid = wpa_driver_wext_get_ssid,
2324         .set_key = wpa_driver_wext_set_key,
2325         .set_countermeasures = wpa_driver_wext_set_countermeasures,
2326         .scan2 = wpa_driver_wext_scan,
2327         .get_scan_results2 = wpa_driver_wext_get_scan_results,
2328         .deauthenticate = wpa_driver_wext_deauthenticate,
2329         .associate = wpa_driver_wext_associate,
2330         .init = wpa_driver_wext_init,
2331         .deinit = wpa_driver_wext_deinit,
2332         .add_pmkid = wpa_driver_wext_add_pmkid,
2333         .remove_pmkid = wpa_driver_wext_remove_pmkid,
2334         .flush_pmkid = wpa_driver_wext_flush_pmkid,
2335         .get_capa = wpa_driver_wext_get_capa,
2336         .set_operstate = wpa_driver_wext_set_operstate,
2337         .get_radio_name = wext_get_radio_name,
2338 };