xref: /freebsd/contrib/wpa/src/drivers/driver_bsd.c (revision 62cfcf62f627e5093fb37026a6d8c98e4d2ef04c)
1 /*
2  * WPA Supplicant - driver interaction with BSD net80211 layer
3  * Copyright (c) 2004, Sam Leffler <sam@errno.com>
4  * Copyright (c) 2004, 2Wire, Inc
5  *
6  * This software may be distributed under the terms of the BSD license.
7  * See README for more details.
8  */
9 
10 #include "includes.h"
11 #include <sys/ioctl.h>
12 #include <sys/sysctl.h>
13 
14 #include "common.h"
15 #include "driver.h"
16 #include "eloop.h"
17 #include "common/ieee802_11_defs.h"
18 #include "common/wpa_common.h"
19 
20 #include <net/if.h>
21 #include <net/if_media.h>
22 
23 #ifdef __NetBSD__
24 #include <net/if_ether.h>
25 #else
26 #include <net/ethernet.h>
27 #endif
28 #include <net/route.h>
29 
30 #ifdef __DragonFly__
31 #include <netproto/802_11/ieee80211_ioctl.h>
32 #include <netproto/802_11/ieee80211_dragonfly.h>
33 #else /* __DragonFly__ */
34 #ifdef __GLIBC__
35 #include <netinet/ether.h>
36 #endif /* __GLIBC__ */
37 #include <net80211/ieee80211.h>
38 #include <net80211/ieee80211_ioctl.h>
39 #include <net80211/ieee80211_crypto.h>
40 #endif /* __DragonFly__ || __GLIBC__ */
41 #if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
42 #include <net80211/ieee80211_freebsd.h>
43 #endif
44 #if __NetBSD__
45 #include <net80211/ieee80211_netbsd.h>
46 #endif
47 
48 #include "l2_packet/l2_packet.h"
49 
50 struct bsd_driver_global {
51 	void		*ctx;
52 	int		sock;			/* socket for 802.11 ioctls */
53 	int		route;			/* routing socket for events */
54 	char		*event_buf;
55 	size_t		event_buf_len;
56 	struct dl_list	ifaces;			/* list of interfaces */
57 };
58 
59 struct bsd_driver_data {
60 	struct dl_list	list;
61 	struct bsd_driver_global *global;
62 	struct hostapd_data *hapd;	/* back pointer */
63 
64 	struct l2_packet_data *sock_xmit;/* raw packet xmit socket */
65 	char	ifname[IFNAMSIZ+1];	/* interface name */
66 	int	flags;
67 	unsigned int ifindex;		/* interface index */
68 	int	if_removed;		/* has the interface been removed? */
69 	void	*ctx;
70 	struct wpa_driver_capa capa;	/* driver capability */
71 	int	is_ap;			/* Access point mode */
72 	int	prev_roaming;	/* roaming state to restore on deinit */
73 	int	prev_privacy;	/* privacy state to restore on deinit */
74 	int	prev_wpa;	/* wpa state to restore on deinit */
75 	enum ieee80211_opmode opmode;	/* operation mode */
76 };
77 
78 /* Generic functions for hostapd and wpa_supplicant */
79 static struct bsd_driver_data *
80 bsd_get_drvindex(void *priv, unsigned int ifindex)
81 {
82 	struct bsd_driver_global *global = priv;
83 	struct bsd_driver_data *drv;
84 
85 	dl_list_for_each(drv, &global->ifaces, struct bsd_driver_data, list) {
86 		if (drv->ifindex == ifindex)
87 			return drv;
88 	}
89 	return NULL;
90 }
91 
92 #ifndef HOSTAPD
93 static struct bsd_driver_data *
94 bsd_get_drvname(void *priv, const char *ifname)
95 {
96 	struct bsd_driver_global *global = priv;
97 	struct bsd_driver_data *drv;
98 
99 	dl_list_for_each(drv, &global->ifaces, struct bsd_driver_data, list) {
100 		if (os_strcmp(drv->ifname, ifname) == 0)
101 			return drv;
102 	}
103 	return NULL;
104 }
105 #endif /* HOSTAPD */
106 
107 static int
108 bsd_set80211(void *priv, int op, int val, const void *arg, int arg_len)
109 {
110 	struct bsd_driver_data *drv = priv;
111 	struct ieee80211req ireq;
112 
113 	if (drv->ifindex == 0 || drv->if_removed)
114 		return -1;
115 
116 	os_memset(&ireq, 0, sizeof(ireq));
117 	os_strlcpy(ireq.i_name, drv->ifname, sizeof(ireq.i_name));
118 	ireq.i_type = op;
119 	ireq.i_val = val;
120 	ireq.i_data = (void *) arg;
121 	ireq.i_len = arg_len;
122 
123 	if (ioctl(drv->global->sock, SIOCS80211, &ireq) < 0) {
124 		wpa_printf(MSG_ERROR, "ioctl[SIOCS80211, op=%u, val=%u, "
125 			   "arg_len=%u]: %s", op, val, arg_len,
126 			   strerror(errno));
127 		return -1;
128 	}
129 	return 0;
130 }
131 
132 static int
133 bsd_get80211(void *priv, struct ieee80211req *ireq, int op, void *arg,
134 	     int arg_len)
135 {
136 	struct bsd_driver_data *drv = priv;
137 
138 	os_memset(ireq, 0, sizeof(*ireq));
139 	os_strlcpy(ireq->i_name, drv->ifname, sizeof(ireq->i_name));
140 	ireq->i_type = op;
141 	ireq->i_len = arg_len;
142 	ireq->i_data = arg;
143 
144 	if (ioctl(drv->global->sock, SIOCG80211, ireq) < 0) {
145 		wpa_printf(MSG_ERROR, "ioctl[SIOCG80211, op=%u, "
146 			   "arg_len=%u]: %s", op, arg_len, strerror(errno));
147 		return -1;
148 	}
149 	return 0;
150 }
151 
152 static int
153 get80211var(struct bsd_driver_data *drv, int op, void *arg, int arg_len)
154 {
155 	struct ieee80211req ireq;
156 
157 	if (bsd_get80211(drv, &ireq, op, arg, arg_len) < 0)
158 		return -1;
159 	return ireq.i_len;
160 }
161 
162 static int
163 set80211var(struct bsd_driver_data *drv, int op, const void *arg, int arg_len)
164 {
165 	return bsd_set80211(drv, op, 0, arg, arg_len);
166 }
167 
168 static int
169 set80211param(struct bsd_driver_data *drv, int op, int arg)
170 {
171 	return bsd_set80211(drv, op, arg, NULL, 0);
172 }
173 
174 static int
175 bsd_get_ssid(void *priv, u8 *ssid, int len)
176 {
177 	struct bsd_driver_data *drv = priv;
178 #ifdef SIOCG80211NWID
179 	struct ieee80211_nwid nwid;
180 	struct ifreq ifr;
181 
182 	os_memset(&ifr, 0, sizeof(ifr));
183 	os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
184 	ifr.ifr_data = (void *)&nwid;
185 	if (ioctl(drv->global->sock, SIOCG80211NWID, &ifr) < 0 ||
186 	    nwid.i_len > IEEE80211_NWID_LEN)
187 		return -1;
188 	os_memcpy(ssid, nwid.i_nwid, nwid.i_len);
189 	return nwid.i_len;
190 #else
191 	return get80211var(drv, IEEE80211_IOC_SSID, ssid, IEEE80211_NWID_LEN);
192 #endif
193 }
194 
195 static int
196 bsd_set_ssid(void *priv, const u8 *ssid, int ssid_len)
197 {
198 	struct bsd_driver_data *drv = priv;
199 #ifdef SIOCS80211NWID
200 	struct ieee80211_nwid nwid;
201 	struct ifreq ifr;
202 
203 	os_memcpy(nwid.i_nwid, ssid, ssid_len);
204 	nwid.i_len = ssid_len;
205 	os_memset(&ifr, 0, sizeof(ifr));
206 	os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
207 	ifr.ifr_data = (void *)&nwid;
208 	return ioctl(drv->global->sock, SIOCS80211NWID, &ifr);
209 #else
210 	return set80211var(drv, IEEE80211_IOC_SSID, ssid, ssid_len);
211 #endif
212 }
213 
214 static int
215 bsd_get_if_media(void *priv)
216 {
217 	struct bsd_driver_data *drv = priv;
218 	struct ifmediareq ifmr;
219 
220 	os_memset(&ifmr, 0, sizeof(ifmr));
221 	os_strlcpy(ifmr.ifm_name, drv->ifname, sizeof(ifmr.ifm_name));
222 
223 	if (ioctl(drv->global->sock, SIOCGIFMEDIA, &ifmr) < 0) {
224 		wpa_printf(MSG_ERROR, "%s: SIOCGIFMEDIA %s", __func__,
225 			   strerror(errno));
226 		return -1;
227 	}
228 
229 	return ifmr.ifm_current;
230 }
231 
232 static int
233 bsd_set_if_media(void *priv, int media)
234 {
235 	struct bsd_driver_data *drv = priv;
236 	struct ifreq ifr;
237 
238 	os_memset(&ifr, 0, sizeof(ifr));
239 	os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
240 	ifr.ifr_media = media;
241 
242 	if (ioctl(drv->global->sock, SIOCSIFMEDIA, &ifr) < 0) {
243 		wpa_printf(MSG_ERROR, "%s: SIOCSIFMEDIA %s", __func__,
244 			   strerror(errno));
245 		return -1;
246 	}
247 
248 	return 0;
249 }
250 
251 static int
252 bsd_set_mediaopt(void *priv, uint32_t mask, uint32_t mode)
253 {
254 	int media = bsd_get_if_media(priv);
255 
256 	if (media < 0)
257 		return -1;
258 	media &= ~mask;
259 	media |= mode;
260 	if (bsd_set_if_media(priv, media) < 0)
261 		return -1;
262 	return 0;
263 }
264 
265 static int
266 bsd_del_key(void *priv, const u8 *addr, int key_idx)
267 {
268 	struct ieee80211req_del_key wk;
269 
270 	os_memset(&wk, 0, sizeof(wk));
271 	if (addr == NULL) {
272 		wpa_printf(MSG_DEBUG, "%s: key_idx=%d", __func__, key_idx);
273 		wk.idk_keyix = key_idx;
274 	} else {
275 		wpa_printf(MSG_DEBUG, "%s: addr=" MACSTR, __func__,
276 			   MAC2STR(addr));
277 		os_memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN);
278 		wk.idk_keyix = (u_int8_t) IEEE80211_KEYIX_NONE;	/* XXX */
279 	}
280 
281 	return set80211var(priv, IEEE80211_IOC_DELKEY, &wk, sizeof(wk));
282 }
283 
284 static int
285 bsd_send_mlme_param(void *priv, const u8 op, const u16 reason, const u8 *addr)
286 {
287 	struct ieee80211req_mlme mlme;
288 
289 	os_memset(&mlme, 0, sizeof(mlme));
290 	mlme.im_op = op;
291 	mlme.im_reason = reason;
292 	os_memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
293 	return set80211var(priv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme));
294 }
295 
296 static int
297 bsd_ctrl_iface(void *priv, int enable)
298 {
299 	struct bsd_driver_data *drv = priv;
300 	struct ifreq ifr;
301 
302 	os_memset(&ifr, 0, sizeof(ifr));
303 	os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
304 
305 	if (ioctl(drv->global->sock, SIOCGIFFLAGS, &ifr) < 0) {
306 		wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]: %s",
307 			   strerror(errno));
308 		return -1;
309 	}
310 	drv->flags = ifr.ifr_flags;
311 
312 	if (enable) {
313 		if (ifr.ifr_flags & IFF_UP)
314 			return 0;
315 		ifr.ifr_flags |= IFF_UP;
316 	} else {
317 		if (!(ifr.ifr_flags & IFF_UP))
318 			return 0;
319 		ifr.ifr_flags &= ~IFF_UP;
320 	}
321 
322 	if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) {
323 		wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s",
324 			   strerror(errno));
325 		return -1;
326 	}
327 
328 	drv->flags = ifr.ifr_flags;
329 	return 0;
330 }
331 
332 static int
333 bsd_set_key(const char *ifname, void *priv, enum wpa_alg alg,
334 	    const unsigned char *addr, int key_idx, int set_tx, const u8 *seq,
335 	    size_t seq_len, const u8 *key, size_t key_len)
336 {
337 	struct ieee80211req_key wk;
338 #ifdef IEEE80211_KEY_NOREPLAY
339 	struct bsd_driver_data *drv = priv;
340 #endif /* IEEE80211_KEY_NOREPLAY */
341 
342 	wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%p key_idx=%d set_tx=%d "
343 		   "seq_len=%zu key_len=%zu", __func__, alg, addr, key_idx,
344 		   set_tx, seq_len, key_len);
345 
346 	if (alg == WPA_ALG_NONE) {
347 #ifndef HOSTAPD
348 		if (addr == NULL || is_broadcast_ether_addr(addr))
349 			return bsd_del_key(priv, NULL, key_idx);
350 		else
351 #endif /* HOSTAPD */
352 			return bsd_del_key(priv, addr, key_idx);
353 	}
354 
355 	os_memset(&wk, 0, sizeof(wk));
356 	switch (alg) {
357 	case WPA_ALG_WEP:
358 		wk.ik_type = IEEE80211_CIPHER_WEP;
359 		break;
360 	case WPA_ALG_TKIP:
361 		wk.ik_type = IEEE80211_CIPHER_TKIP;
362 		break;
363 	case WPA_ALG_CCMP:
364 		wk.ik_type = IEEE80211_CIPHER_AES_CCM;
365 		break;
366 	default:
367 		wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg);
368 		return -1;
369 	}
370 
371 	wk.ik_flags = IEEE80211_KEY_RECV;
372 	if (set_tx)
373 		wk.ik_flags |= IEEE80211_KEY_XMIT;
374 
375 	if (addr == NULL) {
376 		os_memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
377 		wk.ik_keyix = key_idx;
378 	} else {
379 		os_memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
380 		/*
381 		 * Deduce whether group/global or unicast key by checking
382 		 * the address (yech).  Note also that we can only mark global
383 		 * keys default; doing this for a unicast key is an error.
384 		 */
385 		if (is_broadcast_ether_addr(addr)) {
386 			wk.ik_flags |= IEEE80211_KEY_GROUP;
387 			wk.ik_keyix = key_idx;
388 		} else {
389 			wk.ik_keyix = key_idx == 0 ? IEEE80211_KEYIX_NONE :
390 				key_idx;
391 		}
392 	}
393 	if (wk.ik_keyix != IEEE80211_KEYIX_NONE && set_tx)
394 		wk.ik_flags |= IEEE80211_KEY_DEFAULT;
395 #ifndef HOSTAPD
396 #ifdef IEEE80211_KEY_NOREPLAY
397 	/*
398 	 * Ignore replay failures in IBSS and AHDEMO mode.
399 	 */
400 	if (drv->opmode == IEEE80211_M_IBSS ||
401 	    drv->opmode == IEEE80211_M_AHDEMO)
402 		wk.ik_flags |= IEEE80211_KEY_NOREPLAY;
403 #endif /* IEEE80211_KEY_NOREPLAY */
404 #endif /* HOSTAPD */
405 	wk.ik_keylen = key_len;
406 	if (seq) {
407 #ifdef WORDS_BIGENDIAN
408 		/*
409 		 * wk.ik_keyrsc is in host byte order (big endian), need to
410 		 * swap it to match with the byte order used in WPA.
411 		 */
412 		int i;
413 		u8 *keyrsc = (u8 *) &wk.ik_keyrsc;
414 		for (i = 0; i < seq_len; i++)
415 			keyrsc[WPA_KEY_RSC_LEN - i - 1] = seq[i];
416 #else /* WORDS_BIGENDIAN */
417 		os_memcpy(&wk.ik_keyrsc, seq, seq_len);
418 #endif /* WORDS_BIGENDIAN */
419 	}
420 	os_memcpy(wk.ik_keydata, key, key_len);
421 
422 	return set80211var(priv, IEEE80211_IOC_WPAKEY, &wk, sizeof(wk));
423 }
424 
425 static int
426 bsd_configure_wpa(void *priv, struct wpa_bss_params *params)
427 {
428 #ifndef IEEE80211_IOC_APPIE
429 	static const char *ciphernames[] =
430 		{ "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE" };
431 	int v;
432 
433 	switch (params->wpa_group) {
434 	case WPA_CIPHER_CCMP:
435 		v = IEEE80211_CIPHER_AES_CCM;
436 		break;
437 	case WPA_CIPHER_TKIP:
438 		v = IEEE80211_CIPHER_TKIP;
439 		break;
440 	case WPA_CIPHER_WEP104:
441 		v = IEEE80211_CIPHER_WEP;
442 		break;
443 	case WPA_CIPHER_WEP40:
444 		v = IEEE80211_CIPHER_WEP;
445 		break;
446 	case WPA_CIPHER_NONE:
447 		v = IEEE80211_CIPHER_NONE;
448 		break;
449 	default:
450 		wpa_printf(MSG_INFO, "Unknown group key cipher %u",
451 			   params->wpa_group);
452 		return -1;
453 	}
454 	wpa_printf(MSG_DEBUG, "%s: group key cipher=%s (%u)",
455 		   __func__, ciphernames[v], v);
456 	if (set80211param(priv, IEEE80211_IOC_MCASTCIPHER, v)) {
457 		wpa_printf(MSG_INFO,
458 			   "Unable to set group key cipher to %u (%s)",
459 			   v, ciphernames[v]);
460 		return -1;
461 	}
462 	if (v == IEEE80211_CIPHER_WEP) {
463 		/* key length is done only for specific ciphers */
464 		v = (params->wpa_group == WPA_CIPHER_WEP104 ? 13 : 5);
465 		if (set80211param(priv, IEEE80211_IOC_MCASTKEYLEN, v)) {
466 			wpa_printf(MSG_INFO,
467 				   "Unable to set group key length to %u", v);
468 			return -1;
469 		}
470 	}
471 
472 	v = 0;
473 	if (params->wpa_pairwise & WPA_CIPHER_CCMP)
474 		v |= 1<<IEEE80211_CIPHER_AES_CCM;
475 	if (params->wpa_pairwise & WPA_CIPHER_TKIP)
476 		v |= 1<<IEEE80211_CIPHER_TKIP;
477 	if (params->wpa_pairwise & WPA_CIPHER_NONE)
478 		v |= 1<<IEEE80211_CIPHER_NONE;
479 	wpa_printf(MSG_DEBUG, "%s: pairwise key ciphers=0x%x", __func__, v);
480 	if (set80211param(priv, IEEE80211_IOC_UCASTCIPHERS, v)) {
481 		wpa_printf(MSG_INFO,
482 			   "Unable to set pairwise key ciphers to 0x%x", v);
483 		return -1;
484 	}
485 
486 	wpa_printf(MSG_DEBUG, "%s: key management algorithms=0x%x",
487 		   __func__, params->wpa_key_mgmt);
488 	if (set80211param(priv, IEEE80211_IOC_KEYMGTALGS,
489 			  params->wpa_key_mgmt)) {
490 		wpa_printf(MSG_INFO,
491 			   "Unable to set key management algorithms to 0x%x",
492 			   params->wpa_key_mgmt);
493 		return -1;
494 	}
495 
496 	v = 0;
497 	if (params->rsn_preauth)
498 		v |= BIT(0);
499 	wpa_printf(MSG_DEBUG, "%s: rsn capabilities=0x%x",
500 		   __func__, params->rsn_preauth);
501 	if (set80211param(priv, IEEE80211_IOC_RSNCAPS, v)) {
502 		wpa_printf(MSG_INFO, "Unable to set RSN capabilities to 0x%x",
503 			   v);
504 		return -1;
505 	}
506 #endif /* IEEE80211_IOC_APPIE */
507 
508 	wpa_printf(MSG_DEBUG, "%s: enable WPA= 0x%x", __func__, params->wpa);
509 	if (set80211param(priv, IEEE80211_IOC_WPA, params->wpa)) {
510 		wpa_printf(MSG_INFO, "Unable to set WPA to %u", params->wpa);
511 		return -1;
512 	}
513 	return 0;
514 }
515 
516 static int
517 bsd_set_ieee8021x(void *priv, struct wpa_bss_params *params)
518 {
519 	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, params->enabled);
520 
521 	if (!params->enabled) {
522 		/* XXX restore state */
523 		return set80211param(priv, IEEE80211_IOC_AUTHMODE,
524 				     IEEE80211_AUTH_AUTO);
525 	}
526 	if (!params->wpa && !params->ieee802_1x) {
527 		wpa_printf(MSG_ERROR, "%s: No 802.1X or WPA enabled",
528 			   __func__);
529 		return -1;
530 	}
531 	if (params->wpa && bsd_configure_wpa(priv, params) != 0) {
532 		wpa_printf(MSG_ERROR, "%s: Failed to configure WPA state",
533 			   __func__);
534 		return -1;
535 	}
536 	if (set80211param(priv, IEEE80211_IOC_AUTHMODE,
537 		(params->wpa ? IEEE80211_AUTH_WPA : IEEE80211_AUTH_8021X))) {
538 		wpa_printf(MSG_ERROR, "%s: Failed to enable WPA/802.1X",
539 			   __func__);
540 		return -1;
541 	}
542 	return bsd_ctrl_iface(priv, 1);
543 }
544 
545 static void
546 bsd_new_sta(void *priv, void *ctx, u8 addr[IEEE80211_ADDR_LEN])
547 {
548 	struct ieee80211req_wpaie ie;
549 	int ielen = 0;
550 	u8 *iebuf = NULL;
551 
552 	/*
553 	 * Fetch and validate any negotiated WPA/RSN parameters.
554 	 */
555 	memset(&ie, 0, sizeof(ie));
556 	memcpy(ie.wpa_macaddr, addr, IEEE80211_ADDR_LEN);
557 	if (get80211var(priv, IEEE80211_IOC_WPAIE, &ie, sizeof(ie)) < 0) {
558 		wpa_printf(MSG_INFO,
559 			   "Failed to get WPA/RSN information element");
560 		goto no_ie;
561 	}
562 	iebuf = ie.wpa_ie;
563 	ielen = ie.wpa_ie[1];
564 	if (ielen == 0)
565 		iebuf = NULL;
566 	else
567 		ielen += 2;
568 
569 no_ie:
570 	drv_event_assoc(ctx, addr, iebuf, ielen, 0);
571 }
572 
573 static int
574 bsd_send_eapol(void *priv, const u8 *addr, const u8 *data, size_t data_len,
575 	       int encrypt, const u8 *own_addr, u32 flags)
576 {
577 	struct bsd_driver_data *drv = priv;
578 
579 	wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", data, data_len);
580 
581 	return l2_packet_send(drv->sock_xmit, addr, ETH_P_EAPOL, data,
582 			      data_len);
583 }
584 
585 static int
586 bsd_set_freq(void *priv, struct hostapd_freq_params *freq)
587 {
588 	struct bsd_driver_data *drv = priv;
589 #ifdef SIOCS80211CHANNEL
590 	struct ieee80211chanreq creq;
591 #endif /* SIOCS80211CHANNEL */
592 	u32 mode;
593 	int channel = freq->channel;
594 
595 	if (channel < 14) {
596 		mode =
597 #ifdef CONFIG_IEEE80211N
598 			freq->ht_enabled ? IFM_IEEE80211_11NG :
599 #endif /* CONFIG_IEEE80211N */
600 		        IFM_IEEE80211_11G;
601 	} else if (channel == 14) {
602 		mode = IFM_IEEE80211_11B;
603 	} else {
604 		mode =
605 #ifdef CONFIG_IEEE80211N
606 			freq->ht_enabled ? IFM_IEEE80211_11NA :
607 #endif /* CONFIG_IEEE80211N */
608 			IFM_IEEE80211_11A;
609 	}
610 	if (bsd_set_mediaopt(drv, IFM_MMASK, mode) < 0) {
611 		wpa_printf(MSG_ERROR, "%s: failed to set modulation mode",
612 			   __func__);
613 		return -1;
614 	}
615 
616 #ifdef SIOCS80211CHANNEL
617 	os_memset(&creq, 0, sizeof(creq));
618 	os_strlcpy(creq.i_name, drv->ifname, sizeof(creq.i_name));
619 	creq.i_channel = (u_int16_t)channel;
620 	return ioctl(drv->global->sock, SIOCS80211CHANNEL, &creq);
621 #else /* SIOCS80211CHANNEL */
622 	return set80211param(priv, IEEE80211_IOC_CHANNEL, channel);
623 #endif /* SIOCS80211CHANNEL */
624 }
625 
626 static int
627 bsd_set_opt_ie(void *priv, const u8 *ie, size_t ie_len)
628 {
629 #ifdef IEEE80211_IOC_APPIE
630 	wpa_printf(MSG_DEBUG, "%s: set WPA+RSN ie (len %lu)", __func__,
631 		   (unsigned long)ie_len);
632 	return bsd_set80211(priv, IEEE80211_IOC_APPIE, IEEE80211_APPIE_WPA,
633 			    ie, ie_len);
634 #endif /* IEEE80211_IOC_APPIE */
635 	return 0;
636 }
637 
638 static size_t
639 rtbuf_len(void)
640 {
641 	size_t len;
642 
643 	int mib[6] = {CTL_NET, AF_ROUTE, 0, AF_INET, NET_RT_DUMP, 0};
644 
645 	if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0) {
646 		wpa_printf(MSG_WARNING, "%s failed: %s", __func__,
647 			   strerror(errno));
648 		len = 2048;
649 	}
650 
651 	return len;
652 }
653 
654 #ifdef HOSTAPD
655 
656 /*
657  * Avoid conflicts with hostapd definitions by undefining couple of defines
658  * from net80211 header files.
659  */
660 #undef RSN_VERSION
661 #undef WPA_VERSION
662 #undef WPA_OUI_TYPE
663 
664 static int bsd_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
665 			  u16 reason_code);
666 
667 static const char *
668 ether_sprintf(const u8 *addr)
669 {
670 	static char buf[sizeof(MACSTR)];
671 
672 	if (addr != NULL)
673 		snprintf(buf, sizeof(buf), MACSTR, MAC2STR(addr));
674 	else
675 		snprintf(buf, sizeof(buf), MACSTR, 0,0,0,0,0,0);
676 	return buf;
677 }
678 
679 static int
680 bsd_set_privacy(void *priv, int enabled)
681 {
682 	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
683 
684 	return set80211param(priv, IEEE80211_IOC_PRIVACY, enabled);
685 }
686 
687 static int
688 bsd_get_seqnum(const char *ifname, void *priv, const u8 *addr, int idx,
689 	       u8 *seq)
690 {
691 	struct ieee80211req_key wk;
692 
693 	wpa_printf(MSG_DEBUG, "%s: addr=%s idx=%d",
694 		   __func__, ether_sprintf(addr), idx);
695 
696 	memset(&wk, 0, sizeof(wk));
697 	if (addr == NULL)
698 		memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
699 	else
700 		memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
701 	wk.ik_keyix = idx;
702 
703 	if (get80211var(priv, IEEE80211_IOC_WPAKEY, &wk, sizeof(wk)) < 0) {
704 		wpa_printf(MSG_INFO, "Failed to get encryption");
705 		return -1;
706 	}
707 
708 #ifdef WORDS_BIGENDIAN
709 	{
710 		/*
711 		 * wk.ik_keytsc is in host byte order (big endian), need to
712 		 * swap it to match with the byte order used in WPA.
713 		 */
714 		int i;
715 		u8 tmp[WPA_KEY_RSC_LEN];
716 		memcpy(tmp, &wk.ik_keytsc, sizeof(wk.ik_keytsc));
717 		for (i = 0; i < WPA_KEY_RSC_LEN; i++) {
718 			seq[i] = tmp[WPA_KEY_RSC_LEN - i - 1];
719 		}
720 	}
721 #else /* WORDS_BIGENDIAN */
722 	memcpy(seq, &wk.ik_keytsc, sizeof(wk.ik_keytsc));
723 #endif /* WORDS_BIGENDIAN */
724 	return 0;
725 }
726 
727 
728 static int
729 bsd_flush(void *priv)
730 {
731 	u8 allsta[IEEE80211_ADDR_LEN];
732 
733 	memset(allsta, 0xff, IEEE80211_ADDR_LEN);
734 	return bsd_sta_deauth(priv, NULL, allsta, IEEE80211_REASON_AUTH_LEAVE);
735 }
736 
737 
738 static int
739 bsd_read_sta_driver_data(void *priv, struct hostap_sta_driver_data *data,
740 			 const u8 *addr)
741 {
742 	struct ieee80211req_sta_stats stats;
743 
744 	memcpy(stats.is_u.macaddr, addr, IEEE80211_ADDR_LEN);
745 	if (get80211var(priv, IEEE80211_IOC_STA_STATS, &stats, sizeof(stats))
746 	    > 0) {
747 		/* XXX? do packets counts include non-data frames? */
748 		data->rx_packets = stats.is_stats.ns_rx_data;
749 		data->rx_bytes = stats.is_stats.ns_rx_bytes;
750 		data->tx_packets = stats.is_stats.ns_tx_data;
751 		data->tx_bytes = stats.is_stats.ns_tx_bytes;
752 	}
753 	return 0;
754 }
755 
756 static int
757 bsd_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, u16 reason_code)
758 {
759 	return bsd_send_mlme_param(priv, IEEE80211_MLME_DEAUTH, reason_code,
760 				   addr);
761 }
762 
763 static int
764 bsd_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
765 		 u16 reason_code)
766 {
767 	return bsd_send_mlme_param(priv, IEEE80211_MLME_DISASSOC, reason_code,
768 				   addr);
769 }
770 
771 static void
772 bsd_wireless_event_receive(int sock, void *ctx, void *sock_ctx)
773 {
774 	struct bsd_driver_global *global = sock_ctx;
775 	struct bsd_driver_data *drv;
776 	struct if_announcemsghdr *ifan;
777 	struct rt_msghdr *rtm;
778 	struct ieee80211_michael_event *mic;
779 	struct ieee80211_join_event *join;
780 	struct ieee80211_leave_event *leave;
781 	int n;
782 	union wpa_event_data data;
783 
784 	n = read(sock, global->event_buf, global->event_buf_len);
785 	if (n < 0) {
786 		if (errno != EINTR && errno != EAGAIN)
787 			wpa_printf(MSG_ERROR, "%s read() failed: %s",
788 				   __func__, strerror(errno));
789 		return;
790 	}
791 
792 	rtm = (struct rt_msghdr *) global->event_buf;
793 	if (rtm->rtm_version != RTM_VERSION) {
794 		wpa_printf(MSG_DEBUG, "Invalid routing message version=%d",
795 			   rtm->rtm_version);
796 		return;
797 	}
798 	switch (rtm->rtm_type) {
799 	case RTM_IEEE80211:
800 		ifan = (struct if_announcemsghdr *) rtm;
801 		drv = bsd_get_drvindex(global, ifan->ifan_index);
802 		if (drv == NULL)
803 			return;
804 		switch (ifan->ifan_what) {
805 		case RTM_IEEE80211_ASSOC:
806 		case RTM_IEEE80211_REASSOC:
807 		case RTM_IEEE80211_DISASSOC:
808 		case RTM_IEEE80211_SCAN:
809 			break;
810 		case RTM_IEEE80211_LEAVE:
811 			leave = (struct ieee80211_leave_event *) &ifan[1];
812 			drv_event_disassoc(drv->hapd, leave->iev_addr);
813 			break;
814 		case RTM_IEEE80211_JOIN:
815 #ifdef RTM_IEEE80211_REJOIN
816 		case RTM_IEEE80211_REJOIN:
817 #endif
818 			join = (struct ieee80211_join_event *) &ifan[1];
819 			bsd_new_sta(drv, drv->hapd, join->iev_addr);
820 			break;
821 		case RTM_IEEE80211_REPLAY:
822 			/* ignore */
823 			break;
824 		case RTM_IEEE80211_MICHAEL:
825 			mic = (struct ieee80211_michael_event *) &ifan[1];
826 			wpa_printf(MSG_DEBUG,
827 				"Michael MIC failure wireless event: "
828 				"keyix=%u src_addr=" MACSTR, mic->iev_keyix,
829 				MAC2STR(mic->iev_src));
830 			os_memset(&data, 0, sizeof(data));
831 			data.michael_mic_failure.unicast = 1;
832 			data.michael_mic_failure.src = mic->iev_src;
833 			wpa_supplicant_event(drv->hapd,
834 					     EVENT_MICHAEL_MIC_FAILURE, &data);
835 			break;
836 		}
837 		break;
838 	}
839 }
840 
841 static void
842 handle_read(void *ctx, const u8 *src_addr, const u8 *buf, size_t len)
843 {
844 	struct bsd_driver_data *drv = ctx;
845 	drv_event_eapol_rx(drv->hapd, src_addr, buf, len);
846 }
847 
848 static void *
849 bsd_init(struct hostapd_data *hapd, struct wpa_init_params *params)
850 {
851 	struct bsd_driver_data *drv;
852 
853 	drv = os_zalloc(sizeof(struct bsd_driver_data));
854 	if (drv == NULL) {
855 		wpa_printf(MSG_ERROR, "Could not allocate memory for bsd driver data");
856 		return NULL;
857 	}
858 
859 	drv->ifindex = if_nametoindex(params->ifname);
860 	if (drv->ifindex == 0) {
861 		wpa_printf(MSG_DEBUG, "%s: interface %s does not exist",
862 			   __func__, params->ifname);
863 		goto bad;
864 	}
865 
866 	drv->hapd = hapd;
867 	drv->global = params->global_priv;
868 	os_strlcpy(drv->ifname, params->ifname, sizeof(drv->ifname));
869 
870 	drv->sock_xmit = l2_packet_init(drv->ifname, NULL, ETH_P_EAPOL,
871 					handle_read, drv, 0);
872 	if (drv->sock_xmit == NULL)
873 		goto bad;
874 	if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr))
875 		goto bad;
876 
877 	/* mark down during setup */
878 	if (bsd_ctrl_iface(drv, 0) < 0)
879 		goto bad;
880 
881 	if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) {
882 		wpa_printf(MSG_ERROR, "%s: failed to set operation mode",
883 			   __func__);
884 		goto bad;
885 	}
886 
887 	dl_list_add(&drv->global->ifaces, &drv->list);
888 
889 	return drv;
890 bad:
891 	if (drv->sock_xmit != NULL)
892 		l2_packet_deinit(drv->sock_xmit);
893 	os_free(drv);
894 	return NULL;
895 }
896 
897 
898 static void
899 bsd_deinit(void *priv)
900 {
901 	struct bsd_driver_data *drv = priv;
902 
903 	if (drv->ifindex != 0)
904 		bsd_ctrl_iface(drv, 0);
905 	if (drv->sock_xmit != NULL)
906 		l2_packet_deinit(drv->sock_xmit);
907 	os_free(drv);
908 }
909 
910 
911 static int
912 bsd_commit(void *priv)
913 {
914 	return bsd_ctrl_iface(priv, 1);
915 }
916 
917 
918 static int
919 bsd_set_sta_authorized(void *priv, const u8 *addr,
920 		       unsigned int total_flags, unsigned int flags_or,
921 		       unsigned int flags_and)
922 {
923 	int authorized = -1;
924 
925 	/* For now, only support setting Authorized flag */
926 	if (flags_or & WPA_STA_AUTHORIZED)
927 		authorized = 1;
928 	if (!(flags_and & WPA_STA_AUTHORIZED))
929 		authorized = 0;
930 
931 	if (authorized < 0)
932 		return 0;
933 
934 	return bsd_send_mlme_param(priv, authorized ?
935 				   IEEE80211_MLME_AUTHORIZE :
936 				   IEEE80211_MLME_UNAUTHORIZE, 0, addr);
937 }
938 #else /* HOSTAPD */
939 
940 static int
941 get80211param(struct bsd_driver_data *drv, int op)
942 {
943 	struct ieee80211req ireq;
944 
945 	if (bsd_get80211(drv, &ireq, op, NULL, 0) < 0)
946 		return -1;
947 	return ireq.i_val;
948 }
949 
950 static int
951 wpa_driver_bsd_get_bssid(void *priv, u8 *bssid)
952 {
953 	struct bsd_driver_data *drv = priv;
954 #ifdef SIOCG80211BSSID
955 	struct ieee80211_bssid bs;
956 
957 	os_strlcpy(bs.i_name, drv->ifname, sizeof(bs.i_name));
958 	if (ioctl(drv->global->sock, SIOCG80211BSSID, &bs) < 0)
959 		return -1;
960 	os_memcpy(bssid, bs.i_bssid, sizeof(bs.i_bssid));
961 	return 0;
962 #else
963 	return get80211var(drv, IEEE80211_IOC_BSSID,
964 		bssid, IEEE80211_ADDR_LEN) < 0 ? -1 : 0;
965 #endif
966 }
967 
968 static int
969 wpa_driver_bsd_get_ssid(void *priv, u8 *ssid)
970 {
971 	struct bsd_driver_data *drv = priv;
972 	return bsd_get_ssid(drv, ssid, 0);
973 }
974 
975 static int
976 wpa_driver_bsd_set_wpa_ie(struct bsd_driver_data *drv, const u8 *wpa_ie,
977 			  size_t wpa_ie_len)
978 {
979 #ifdef IEEE80211_IOC_APPIE
980 	return bsd_set_opt_ie(drv, wpa_ie, wpa_ie_len);
981 #else /* IEEE80211_IOC_APPIE */
982 	return set80211var(drv, IEEE80211_IOC_OPTIE, wpa_ie, wpa_ie_len);
983 #endif /* IEEE80211_IOC_APPIE */
984 }
985 
986 static int
987 wpa_driver_bsd_set_wpa_internal(void *priv, int wpa, int privacy)
988 {
989 	int ret = 0;
990 
991 	wpa_printf(MSG_DEBUG, "%s: wpa=%d privacy=%d",
992 		__func__, wpa, privacy);
993 
994 	if (!wpa && wpa_driver_bsd_set_wpa_ie(priv, NULL, 0) < 0)
995 		ret = -1;
996 	if (set80211param(priv, IEEE80211_IOC_PRIVACY, privacy) < 0)
997 		ret = -1;
998 	if (set80211param(priv, IEEE80211_IOC_WPA, wpa) < 0)
999 		ret = -1;
1000 
1001 	return ret;
1002 }
1003 
1004 static int
1005 wpa_driver_bsd_set_wpa(void *priv, int enabled)
1006 {
1007 	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
1008 
1009 	return wpa_driver_bsd_set_wpa_internal(priv, enabled ? 3 : 0, enabled);
1010 }
1011 
1012 static int
1013 wpa_driver_bsd_set_countermeasures(void *priv, int enabled)
1014 {
1015 	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
1016 	return set80211param(priv, IEEE80211_IOC_COUNTERMEASURES, enabled);
1017 }
1018 
1019 
1020 static int
1021 wpa_driver_bsd_set_drop_unencrypted(void *priv, int enabled)
1022 {
1023 	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
1024 	return set80211param(priv, IEEE80211_IOC_DROPUNENCRYPTED, enabled);
1025 }
1026 
1027 static int
1028 wpa_driver_bsd_deauthenticate(void *priv, const u8 *addr, u16 reason_code)
1029 {
1030 	return bsd_send_mlme_param(priv, IEEE80211_MLME_DEAUTH, reason_code,
1031 				   addr);
1032 }
1033 
1034 static int
1035 wpa_driver_bsd_set_auth_alg(void *priv, int auth_alg)
1036 {
1037 	int authmode;
1038 
1039 	if ((auth_alg & WPA_AUTH_ALG_OPEN) &&
1040 	    (auth_alg & WPA_AUTH_ALG_SHARED))
1041 		authmode = IEEE80211_AUTH_AUTO;
1042 	else if (auth_alg & WPA_AUTH_ALG_SHARED)
1043 		authmode = IEEE80211_AUTH_SHARED;
1044 	else
1045 		authmode = IEEE80211_AUTH_OPEN;
1046 
1047 	return set80211param(priv, IEEE80211_IOC_AUTHMODE, authmode);
1048 }
1049 
1050 static void
1051 handle_read(void *ctx, const u8 *src_addr, const u8 *buf, size_t len)
1052 {
1053 	struct bsd_driver_data *drv = ctx;
1054 
1055 	drv_event_eapol_rx(drv->ctx, src_addr, buf, len);
1056 }
1057 
1058 static int
1059 wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
1060 {
1061 	struct bsd_driver_data *drv = priv;
1062 	struct ieee80211req_mlme mlme;
1063 	u32 mode;
1064 	int privacy;
1065 	int ret = 0;
1066 
1067 	wpa_printf(MSG_DEBUG,
1068 		"%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
1069 		, __func__
1070 		   , (unsigned int) params->ssid_len, params->ssid
1071 		, (unsigned int) params->wpa_ie_len
1072 		, params->pairwise_suite
1073 		, params->group_suite
1074 		, params->key_mgmt_suite
1075 	);
1076 
1077 	switch (params->mode) {
1078 	case IEEE80211_MODE_INFRA:
1079 		mode = 0 /* STA */;
1080 		break;
1081 	case IEEE80211_MODE_IBSS:
1082 		/*
1083 		 * Ref bin/203086 - FreeBSD's net80211 currently uses
1084 		 * IFM_IEEE80211_ADHOC.
1085 		 */
1086 #if 0
1087 		mode = IFM_IEEE80211_IBSS;
1088 #endif
1089 		mode = IFM_IEEE80211_ADHOC;
1090 		break;
1091 	case IEEE80211_MODE_AP:
1092 		mode = IFM_IEEE80211_HOSTAP;
1093 		break;
1094 	default:
1095 		wpa_printf(MSG_ERROR, "%s: unknown operation mode", __func__);
1096 		return -1;
1097 	}
1098 	if (bsd_set_mediaopt(drv, IFM_OMASK, mode) < 0) {
1099 		wpa_printf(MSG_ERROR, "%s: failed to set operation mode",
1100 			   __func__);
1101 		return -1;
1102 	}
1103 
1104 	if (params->mode == IEEE80211_MODE_AP) {
1105 		drv->sock_xmit = l2_packet_init(drv->ifname, NULL, ETH_P_EAPOL,
1106 						handle_read, drv, 0);
1107 		if (drv->sock_xmit == NULL)
1108 			return -1;
1109 		drv->is_ap = 1;
1110 		return 0;
1111 	}
1112 
1113 	if (wpa_driver_bsd_set_drop_unencrypted(drv, params->drop_unencrypted)
1114 	    < 0)
1115 		ret = -1;
1116 	if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0)
1117 		ret = -1;
1118 	/* XXX error handling is wrong but unclear what to do... */
1119 	if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0)
1120 		return -1;
1121 
1122 	privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
1123 	    params->group_suite == WPA_CIPHER_NONE &&
1124 	    params->key_mgmt_suite == WPA_KEY_MGMT_NONE &&
1125 	    params->wpa_ie_len == 0);
1126 	wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy);
1127 
1128 	if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
1129 		return -1;
1130 
1131 	if (params->wpa_ie_len &&
1132 	    set80211param(drv, IEEE80211_IOC_WPA,
1133 			  params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
1134 		return -1;
1135 
1136 	/*
1137 	 * NB: interface must be marked UP for association
1138 	 * or scanning (ap_scan=2)
1139 	 */
1140 	if (bsd_ctrl_iface(drv, 1) < 0)
1141 		return -1;
1142 
1143 	os_memset(&mlme, 0, sizeof(mlme));
1144 	mlme.im_op = IEEE80211_MLME_ASSOC;
1145 	if (params->ssid != NULL)
1146 		os_memcpy(mlme.im_ssid, params->ssid, params->ssid_len);
1147 	mlme.im_ssid_len = params->ssid_len;
1148 	if (params->bssid != NULL)
1149 		os_memcpy(mlme.im_macaddr, params->bssid, IEEE80211_ADDR_LEN);
1150 	if (set80211var(drv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme)) < 0)
1151 		return -1;
1152 	return ret;
1153 }
1154 
1155 static int
1156 wpa_driver_bsd_scan(void *priv, struct wpa_driver_scan_params *params)
1157 {
1158 	struct bsd_driver_data *drv = priv;
1159 #ifdef IEEE80211_IOC_SCAN_MAX_SSID
1160 	struct ieee80211_scan_req sr;
1161 	int i;
1162 #endif /* IEEE80211_IOC_SCAN_MAX_SSID */
1163 
1164 	if (bsd_set_mediaopt(drv, IFM_OMASK, 0 /* STA */) < 0) {
1165 		wpa_printf(MSG_ERROR, "%s: failed to set operation mode",
1166 			   __func__);
1167 		return -1;
1168 	}
1169 
1170 	if (set80211param(drv, IEEE80211_IOC_ROAMING,
1171 			  IEEE80211_ROAMING_MANUAL) < 0) {
1172 		wpa_printf(MSG_ERROR, "%s: failed to set "
1173 			   "wpa_supplicant-based roaming: %s", __func__,
1174 			   strerror(errno));
1175 		return -1;
1176 	}
1177 
1178 	if (wpa_driver_bsd_set_wpa(drv, 1) < 0) {
1179 		wpa_printf(MSG_ERROR, "%s: failed to set wpa: %s", __func__,
1180 			   strerror(errno));
1181 		return -1;
1182 	}
1183 
1184 	/* NB: interface must be marked UP to do a scan */
1185 	if (bsd_ctrl_iface(drv, 1) < 0)
1186 		return -1;
1187 
1188 #ifdef IEEE80211_IOC_SCAN_MAX_SSID
1189 	os_memset(&sr, 0, sizeof(sr));
1190 	sr.sr_flags = IEEE80211_IOC_SCAN_ACTIVE | IEEE80211_IOC_SCAN_ONCE |
1191 		IEEE80211_IOC_SCAN_NOJOIN;
1192 	sr.sr_duration = IEEE80211_IOC_SCAN_FOREVER;
1193 	if (params->num_ssids > 0) {
1194 		sr.sr_nssid = params->num_ssids;
1195 #if 0
1196 		/* Boundary check is done by upper layer */
1197 		if (sr.sr_nssid > IEEE80211_IOC_SCAN_MAX_SSID)
1198 			sr.sr_nssid = IEEE80211_IOC_SCAN_MAX_SSID;
1199 #endif
1200 
1201 		/* NB: check scan cache first */
1202 		sr.sr_flags |= IEEE80211_IOC_SCAN_CHECK;
1203 	}
1204 	for (i = 0; i < sr.sr_nssid; i++) {
1205 		sr.sr_ssid[i].len = params->ssids[i].ssid_len;
1206 		os_memcpy(sr.sr_ssid[i].ssid, params->ssids[i].ssid,
1207 			  sr.sr_ssid[i].len);
1208 	}
1209 
1210 	/* NB: net80211 delivers a scan complete event so no need to poll */
1211 	return set80211var(drv, IEEE80211_IOC_SCAN_REQ, &sr, sizeof(sr));
1212 #else /* IEEE80211_IOC_SCAN_MAX_SSID */
1213 	/* set desired ssid before scan */
1214 	if (bsd_set_ssid(drv, params->ssids[0].ssid,
1215 			 params->ssids[0].ssid_len) < 0)
1216 		return -1;
1217 
1218 	/* NB: net80211 delivers a scan complete event so no need to poll */
1219 	return set80211param(drv, IEEE80211_IOC_SCAN_REQ, 0);
1220 #endif /* IEEE80211_IOC_SCAN_MAX_SSID */
1221 }
1222 
1223 static void
1224 wpa_driver_bsd_event_receive(int sock, void *ctx, void *sock_ctx)
1225 {
1226 	struct bsd_driver_global *global = sock_ctx;
1227 	struct bsd_driver_data *drv;
1228 	struct if_announcemsghdr *ifan;
1229 	struct if_msghdr *ifm;
1230 	struct rt_msghdr *rtm;
1231 	union wpa_event_data event;
1232 	struct ieee80211_michael_event *mic;
1233 	struct ieee80211_leave_event *leave;
1234 	struct ieee80211_join_event *join;
1235 	int n;
1236 
1237 	/*
1238 	 * CID 1394785: Memory - illegal access (STRING_NULL):
1239 	 * Though global->event_buf is a char *, it actually contains
1240 	 * a struct rt_msghdr *. See below.
1241 	 */
1242 	n = read(sock, global->event_buf, global->event_buf_len);
1243 	if (n < 0) {
1244 		if (errno != EINTR && errno != EAGAIN)
1245 			wpa_printf(MSG_ERROR, "%s read() failed: %s",
1246 				   __func__, strerror(errno));
1247 		return;
1248 	}
1249 
1250 	/*
1251 	 * CID 1394785: global->event_buf is assigned here to a
1252 	 * struct rt_msghdr *.
1253 	 */
1254 	rtm = (struct rt_msghdr *) global->event_buf;
1255 	if (rtm->rtm_version != RTM_VERSION) {
1256 		wpa_printf(MSG_DEBUG, "Invalid routing message version=%d",
1257 			   rtm->rtm_version);
1258 		return;
1259 	}
1260 	os_memset(&event, 0, sizeof(event));
1261 	switch (rtm->rtm_type) {
1262 	case RTM_IFANNOUNCE:
1263 		ifan = (struct if_announcemsghdr *) rtm;
1264 		switch (ifan->ifan_what) {
1265 		case IFAN_DEPARTURE:
1266 			drv = bsd_get_drvindex(global, ifan->ifan_index);
1267 			if (drv)
1268 				drv->if_removed = 1;
1269 			event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
1270 			break;
1271 		case IFAN_ARRIVAL:
1272 			drv = bsd_get_drvname(global, ifan->ifan_name);
1273 			if (drv) {
1274 				drv->ifindex = ifan->ifan_index;
1275 				drv->if_removed = 0;
1276 			}
1277 			event.interface_status.ievent = EVENT_INTERFACE_ADDED;
1278 			break;
1279 		default:
1280 			wpa_printf(MSG_DEBUG, "RTM_IFANNOUNCE: unknown action");
1281 			return;
1282 		}
1283 		wpa_printf(MSG_DEBUG, "RTM_IFANNOUNCE: Interface '%s' %s",
1284 			   ifan->ifan_name,
1285 			   ifan->ifan_what == IFAN_DEPARTURE ?
1286 				"removed" : "added");
1287 		os_strlcpy(event.interface_status.ifname, ifan->ifan_name,
1288 			   sizeof(event.interface_status.ifname));
1289 		if (drv) {
1290 			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS,
1291 					     &event);
1292 			/*
1293 			 * Set ifindex to zero after sending the event as the
1294 			 * event might query the driver to ensure a match.
1295 			 */
1296 			if (ifan->ifan_what == IFAN_DEPARTURE)
1297 				drv->ifindex = 0;
1298 		} else {
1299 			wpa_supplicant_event_global(global->ctx,
1300 						    EVENT_INTERFACE_STATUS,
1301 						    &event);
1302 		}
1303 		break;
1304 	case RTM_IEEE80211:
1305 		ifan = (struct if_announcemsghdr *) rtm;
1306 		drv = bsd_get_drvindex(global, ifan->ifan_index);
1307 		if (drv == NULL)
1308 			return;
1309 		switch (ifan->ifan_what) {
1310 		case RTM_IEEE80211_ASSOC:
1311 		case RTM_IEEE80211_REASSOC:
1312 			if (drv->is_ap)
1313 				break;
1314 			wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
1315 			break;
1316 		case RTM_IEEE80211_DISASSOC:
1317 			if (drv->is_ap)
1318 				break;
1319 			wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
1320 			break;
1321 		case RTM_IEEE80211_SCAN:
1322 			if (drv->is_ap)
1323 				break;
1324 			wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS,
1325 					     NULL);
1326 			break;
1327 		case RTM_IEEE80211_LEAVE:
1328 			leave = (struct ieee80211_leave_event *) &ifan[1];
1329 			drv_event_disassoc(drv->ctx, leave->iev_addr);
1330 			break;
1331 		case RTM_IEEE80211_JOIN:
1332 #ifdef RTM_IEEE80211_REJOIN
1333 		case RTM_IEEE80211_REJOIN:
1334 #endif
1335 			join = (struct ieee80211_join_event *) &ifan[1];
1336 			bsd_new_sta(drv, drv->ctx, join->iev_addr);
1337 			break;
1338 		case RTM_IEEE80211_REPLAY:
1339 			/* ignore */
1340 			break;
1341 		case RTM_IEEE80211_MICHAEL:
1342 			mic = (struct ieee80211_michael_event *) &ifan[1];
1343 			wpa_printf(MSG_DEBUG,
1344 				"Michael MIC failure wireless event: "
1345 				"keyix=%u src_addr=" MACSTR, mic->iev_keyix,
1346 				MAC2STR(mic->iev_src));
1347 
1348 			os_memset(&event, 0, sizeof(event));
1349 			event.michael_mic_failure.unicast =
1350 				!IEEE80211_IS_MULTICAST(mic->iev_dst);
1351 			wpa_supplicant_event(drv->ctx,
1352 					     EVENT_MICHAEL_MIC_FAILURE, &event);
1353 			break;
1354 		}
1355 		break;
1356 	case RTM_IFINFO:
1357 		ifm = (struct if_msghdr *) rtm;
1358 		drv = bsd_get_drvindex(global, ifm->ifm_index);
1359 		if (drv == NULL)
1360 			return;
1361 		if (((ifm->ifm_flags & IFF_UP) == 0 ||
1362 		    (ifm->ifm_flags & IFF_RUNNING) == 0) &&
1363 		    (drv->flags & IFF_UP) != 0 &&
1364 		    (drv->flags & IFF_RUNNING) != 0) {
1365 			wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN",
1366 				   drv->ifname);
1367 			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED,
1368 					     NULL);
1369 		} else if ((ifm->ifm_flags & IFF_UP) != 0 &&
1370 		    (ifm->ifm_flags & IFF_RUNNING) != 0 &&
1371 		    ((drv->flags & IFF_UP) == 0 ||
1372 		    (drv->flags & IFF_RUNNING)  == 0)) {
1373 			wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
1374 				   drv->ifname);
1375 			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
1376 					     NULL);
1377 		}
1378 		drv->flags = ifm->ifm_flags;
1379 		break;
1380 	}
1381 }
1382 
1383 static void
1384 wpa_driver_bsd_add_scan_entry(struct wpa_scan_results *res,
1385 			      struct ieee80211req_scan_result *sr)
1386 {
1387 	struct wpa_scan_res *result, **tmp;
1388 	size_t extra_len;
1389 	u8 *pos;
1390 
1391 	extra_len = 2 + sr->isr_ssid_len;
1392 	extra_len += 2 + sr->isr_nrates;
1393 	extra_len += 3; /* ERP IE */
1394 	extra_len += sr->isr_ie_len;
1395 
1396 	result = os_zalloc(sizeof(*result) + extra_len);
1397 	if (result == NULL)
1398 		return;
1399 	os_memcpy(result->bssid, sr->isr_bssid, ETH_ALEN);
1400 	result->freq = sr->isr_freq;
1401 	result->beacon_int = sr->isr_intval;
1402 	result->caps = sr->isr_capinfo;
1403 	result->qual = sr->isr_rssi;
1404 	result->noise = sr->isr_noise;
1405 
1406 #ifdef __FreeBSD__
1407 	/*
1408 	 * the rssi value reported by the kernel is in 0.5dB steps relative to
1409 	 * the reported noise floor. see ieee80211_node.h for details.
1410 	 */
1411 	result->level = sr->isr_rssi / 2 + sr->isr_noise;
1412 #else
1413 	result->level = sr->isr_rssi;
1414 #endif
1415 
1416 	pos = (u8 *)(result + 1);
1417 
1418 	*pos++ = WLAN_EID_SSID;
1419 	*pos++ = sr->isr_ssid_len;
1420 	os_memcpy(pos, sr + 1, sr->isr_ssid_len);
1421 	pos += sr->isr_ssid_len;
1422 
1423 	/*
1424 	 * Deal all rates as supported rate.
1425 	 * Because net80211 doesn't report extended supported rate or not.
1426 	 */
1427 	*pos++ = WLAN_EID_SUPP_RATES;
1428 	*pos++ = sr->isr_nrates;
1429 	os_memcpy(pos, sr->isr_rates, sr->isr_nrates);
1430 	pos += sr->isr_nrates;
1431 
1432 	*pos++ = WLAN_EID_ERP_INFO;
1433 	*pos++ = 1;
1434 	*pos++ = sr->isr_erp;
1435 
1436 #if defined(__DragonFly__) || defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
1437 	os_memcpy(pos, (u8 *)(sr + 1) + sr->isr_ssid_len + sr->isr_meshid_len,
1438 		  sr->isr_ie_len);
1439 #else
1440 	os_memcpy(pos, (u8 *)(sr + 1) + sr->isr_ssid_len, sr->isr_ie_len);
1441 #endif
1442 	pos += sr->isr_ie_len;
1443 
1444 	result->ie_len = pos - (u8 *)(result + 1);
1445 
1446 	tmp = os_realloc_array(res->res, res->num + 1,
1447 			       sizeof(struct wpa_scan_res *));
1448 	if (tmp == NULL) {
1449 		os_free(result);
1450 		return;
1451 	}
1452 	tmp[res->num++] = result;
1453 	res->res = tmp;
1454 }
1455 
1456 struct wpa_scan_results *
1457 wpa_driver_bsd_get_scan_results2(void *priv)
1458 {
1459 	struct ieee80211req_scan_result *sr;
1460 	struct wpa_scan_results *res;
1461 	int len, rest;
1462 	uint8_t buf[24*1024], *pos;
1463 
1464 	len = get80211var(priv, IEEE80211_IOC_SCAN_RESULTS, buf, 24*1024);
1465 	if (len < 0)
1466 		return NULL;
1467 
1468 	res = os_zalloc(sizeof(*res));
1469 	if (res == NULL)
1470 		return NULL;
1471 
1472 	pos = buf;
1473 	rest = len;
1474 	while (rest >= sizeof(struct ieee80211req_scan_result)) {
1475 		sr = (struct ieee80211req_scan_result *)pos;
1476 		wpa_driver_bsd_add_scan_entry(res, sr);
1477 		pos += sr->isr_len;
1478 		rest -= sr->isr_len;
1479 	}
1480 
1481 	wpa_printf(MSG_DEBUG, "Received %d bytes of scan results (%lu BSSes)",
1482 		   len, (unsigned long)res->num);
1483 
1484 	return res;
1485 }
1486 
1487 static int wpa_driver_bsd_capa(struct bsd_driver_data *drv)
1488 {
1489 #ifdef IEEE80211_IOC_DEVCAPS
1490 /* kernel definitions copied from net80211/ieee80211_var.h */
1491 #define IEEE80211_CIPHER_WEP            0
1492 #define IEEE80211_CIPHER_TKIP           1
1493 #define IEEE80211_CIPHER_AES_CCM        3
1494 #define IEEE80211_CRYPTO_WEP            (1<<IEEE80211_CIPHER_WEP)
1495 #define IEEE80211_CRYPTO_TKIP           (1<<IEEE80211_CIPHER_TKIP)
1496 #define IEEE80211_CRYPTO_AES_CCM        (1<<IEEE80211_CIPHER_AES_CCM)
1497 #define IEEE80211_C_HOSTAP      0x00000400      /* CAPABILITY: HOSTAP avail */
1498 #define IEEE80211_C_WPA1        0x00800000      /* CAPABILITY: WPA1 avail */
1499 #define IEEE80211_C_WPA2        0x01000000      /* CAPABILITY: WPA2 avail */
1500 	struct ieee80211_devcaps_req devcaps;
1501 
1502 	if (get80211var(drv, IEEE80211_IOC_DEVCAPS, &devcaps,
1503 			sizeof(devcaps)) < 0) {
1504 		wpa_printf(MSG_ERROR, "failed to IEEE80211_IOC_DEVCAPS: %s",
1505 			   strerror(errno));
1506 		return -1;
1507 	}
1508 
1509 	wpa_printf(MSG_DEBUG, "%s: drivercaps=0x%08x,cryptocaps=0x%08x",
1510 		   __func__, devcaps.dc_drivercaps, devcaps.dc_cryptocaps);
1511 
1512 	if (devcaps.dc_drivercaps & IEEE80211_C_WPA1)
1513 		drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1514 			WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1515 	if (devcaps.dc_drivercaps & IEEE80211_C_WPA2)
1516 		drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1517 			WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1518 
1519 #ifdef __FreeBSD__
1520 	drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1521 	    WPA_DRIVER_CAPA_ENC_WEP104 |
1522 	    WPA_DRIVER_CAPA_ENC_TKIP |
1523 	    WPA_DRIVER_CAPA_ENC_CCMP;
1524 #else
1525 	/*
1526 	 * XXX
1527 	 * FreeBSD exports hardware cryptocaps.  These have no meaning for wpa
1528 	 * since net80211 performs software crypto.
1529 	 */
1530 	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP)
1531 		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1532 			WPA_DRIVER_CAPA_ENC_WEP104;
1533 	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_TKIP)
1534 		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1535 	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
1536 		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1537 #endif
1538 
1539 	if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP)
1540 		drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
1541 #undef IEEE80211_CIPHER_WEP
1542 #undef IEEE80211_CIPHER_TKIP
1543 #undef IEEE80211_CIPHER_AES_CCM
1544 #undef IEEE80211_CRYPTO_WEP
1545 #undef IEEE80211_CRYPTO_TKIP
1546 #undef IEEE80211_CRYPTO_AES_CCM
1547 #undef IEEE80211_C_HOSTAP
1548 #undef IEEE80211_C_WPA1
1549 #undef IEEE80211_C_WPA2
1550 #else /* IEEE80211_IOC_DEVCAPS */
1551 	/* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
1552 	drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1553 		WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
1554 		WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1555 		WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1556 	drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
1557 		WPA_DRIVER_CAPA_ENC_WEP104 |
1558 		WPA_DRIVER_CAPA_ENC_TKIP |
1559 		WPA_DRIVER_CAPA_ENC_CCMP;
1560 	drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
1561 #endif /* IEEE80211_IOC_DEVCAPS */
1562 #ifdef IEEE80211_IOC_SCAN_MAX_SSID
1563 	drv->capa.max_scan_ssids = IEEE80211_IOC_SCAN_MAX_SSID;
1564 #else /* IEEE80211_IOC_SCAN_MAX_SSID */
1565 	drv->capa.max_scan_ssids = 1;
1566 #endif /* IEEE80211_IOC_SCAN_MAX_SSID */
1567 	drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1568 		WPA_DRIVER_AUTH_SHARED |
1569 		WPA_DRIVER_AUTH_LEAP;
1570 	return 0;
1571 }
1572 
1573 static enum ieee80211_opmode
1574 get80211opmode(struct bsd_driver_data *drv)
1575 {
1576 	struct ifmediareq ifmr;
1577 
1578 	(void) memset(&ifmr, 0, sizeof(ifmr));
1579 	(void) os_strlcpy(ifmr.ifm_name, drv->ifname, sizeof(ifmr.ifm_name));
1580 
1581 	if (ioctl(drv->global->sock, SIOCGIFMEDIA, (caddr_t)&ifmr) >= 0) {
1582 		if (ifmr.ifm_current & IFM_IEEE80211_ADHOC) {
1583 			if (ifmr.ifm_current & IFM_FLAG0)
1584 				return IEEE80211_M_AHDEMO;
1585 			else
1586 				return IEEE80211_M_IBSS;
1587 		}
1588 		if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP)
1589 			return IEEE80211_M_HOSTAP;
1590 		if (ifmr.ifm_current & IFM_IEEE80211_IBSS)
1591 			return IEEE80211_M_IBSS;
1592 		if (ifmr.ifm_current & IFM_IEEE80211_MONITOR)
1593 			return IEEE80211_M_MONITOR;
1594 #ifdef IEEE80211_M_MBSS
1595 		if (ifmr.ifm_current & IFM_IEEE80211_MBSS)
1596 			return IEEE80211_M_MBSS;
1597 #endif /* IEEE80211_M_MBSS */
1598 	}
1599 	return IEEE80211_M_STA;
1600 }
1601 
1602 static void *
1603 wpa_driver_bsd_init(void *ctx, const char *ifname, void *priv)
1604 {
1605 #define	GETPARAM(drv, param, v) \
1606 	(((v) = get80211param(drv, param)) != -1)
1607 	struct bsd_driver_data *drv;
1608 
1609 	drv = os_zalloc(sizeof(*drv));
1610 	if (drv == NULL)
1611 		return NULL;
1612 
1613 	/*
1614 	 * NB: We require the interface name be mappable to an index.
1615 	 *     This implies we do not support having wpa_supplicant
1616 	 *     wait for an interface to appear.  This seems ok; that
1617 	 *     doesn't belong here; it's really the job of devd.
1618 	 */
1619 	drv->ifindex = if_nametoindex(ifname);
1620 	if (drv->ifindex == 0) {
1621 		wpa_printf(MSG_DEBUG, "%s: interface %s does not exist",
1622 			   __func__, ifname);
1623 		goto fail;
1624 	}
1625 
1626 	drv->ctx = ctx;
1627 	drv->global = priv;
1628 	os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
1629 
1630 	if (!GETPARAM(drv, IEEE80211_IOC_ROAMING, drv->prev_roaming)) {
1631 		wpa_printf(MSG_DEBUG, "%s: failed to get roaming state: %s",
1632 			__func__, strerror(errno));
1633 		goto fail;
1634 	}
1635 	if (!GETPARAM(drv, IEEE80211_IOC_PRIVACY, drv->prev_privacy)) {
1636 		wpa_printf(MSG_DEBUG, "%s: failed to get privacy state: %s",
1637 			__func__, strerror(errno));
1638 		goto fail;
1639 	}
1640 	if (!GETPARAM(drv, IEEE80211_IOC_WPA, drv->prev_wpa)) {
1641 		wpa_printf(MSG_DEBUG, "%s: failed to get wpa state: %s",
1642 			__func__, strerror(errno));
1643 		goto fail;
1644 	}
1645 
1646 	if (wpa_driver_bsd_capa(drv))
1647 		goto fail;
1648 
1649 	/* Down interface during setup. */
1650 	if (bsd_ctrl_iface(drv, 0) < 0)
1651 		goto fail;
1652 
1653 	drv->opmode = get80211opmode(drv);
1654 	dl_list_add(&drv->global->ifaces, &drv->list);
1655 
1656 	return drv;
1657 fail:
1658 	os_free(drv);
1659 	return NULL;
1660 #undef GETPARAM
1661 }
1662 
1663 static void
1664 wpa_driver_bsd_deinit(void *priv)
1665 {
1666 	struct bsd_driver_data *drv = priv;
1667 
1668 	if (drv->ifindex != 0 && !drv->if_removed) {
1669 		wpa_driver_bsd_set_wpa(drv, 0);
1670 
1671 		/* NB: mark interface down */
1672 		bsd_ctrl_iface(drv, 0);
1673 
1674 		wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa,
1675 						drv->prev_privacy);
1676 
1677 		if (set80211param(drv, IEEE80211_IOC_ROAMING, drv->prev_roaming)
1678 		    < 0)
1679 			wpa_printf(MSG_DEBUG,
1680 				   "%s: failed to restore roaming state",
1681 				   __func__);
1682 	}
1683 
1684 	if (drv->sock_xmit != NULL)
1685 		l2_packet_deinit(drv->sock_xmit);
1686 	dl_list_del(&drv->list);
1687 	os_free(drv);
1688 }
1689 
1690 static int
1691 wpa_driver_bsd_get_capa(void *priv, struct wpa_driver_capa *capa)
1692 {
1693 	struct bsd_driver_data *drv = priv;
1694 
1695 	os_memcpy(capa, &drv->capa, sizeof(*capa));
1696 	return 0;
1697 }
1698 #endif /* HOSTAPD */
1699 
1700 static void *
1701 bsd_global_init(void *ctx)
1702 {
1703 	struct bsd_driver_global *global;
1704 
1705 	global = os_zalloc(sizeof(*global));
1706 	if (global == NULL)
1707 		return NULL;
1708 
1709 	global->ctx = ctx;
1710 	dl_list_init(&global->ifaces);
1711 
1712 	global->sock = socket(PF_INET, SOCK_DGRAM, 0);
1713 	if (global->sock < 0) {
1714 		wpa_printf(MSG_ERROR, "socket[PF_INET,SOCK_DGRAM]: %s",
1715 			   strerror(errno));
1716 		goto fail1;
1717 	}
1718 
1719 	global->route = socket(PF_ROUTE, SOCK_RAW, 0);
1720 	if (global->route < 0) {
1721 		wpa_printf(MSG_ERROR, "socket[PF_ROUTE,SOCK_RAW]: %s",
1722 			   strerror(errno));
1723 		goto fail;
1724 	}
1725 
1726 	global->event_buf_len = rtbuf_len();
1727 	global->event_buf = os_malloc(global->event_buf_len);
1728 	if (global->event_buf == NULL) {
1729 		wpa_printf(MSG_ERROR, "%s: os_malloc() failed", __func__);
1730 		goto fail;
1731 	}
1732 
1733 #ifdef HOSTAPD
1734 	eloop_register_read_sock(global->route, bsd_wireless_event_receive,
1735 				 NULL, global);
1736 
1737 #else /* HOSTAPD */
1738 	eloop_register_read_sock(global->route, wpa_driver_bsd_event_receive,
1739 				 NULL, global);
1740 #endif /* HOSTAPD */
1741 
1742 	return global;
1743 
1744 fail:
1745 	close(global->sock);
1746 fail1:
1747 	os_free(global);
1748 	return NULL;
1749 }
1750 
1751 static void
1752 bsd_global_deinit(void *priv)
1753 {
1754 	struct bsd_driver_global *global = priv;
1755 
1756 	eloop_unregister_read_sock(global->route);
1757 	(void) close(global->route);
1758 	(void) close(global->sock);
1759 	os_free(global);
1760 }
1761 
1762 
1763 const struct wpa_driver_ops wpa_driver_bsd_ops = {
1764 	.name			= "bsd",
1765 	.desc			= "BSD 802.11 support",
1766 	.global_init		= bsd_global_init,
1767 	.global_deinit		= bsd_global_deinit,
1768 #ifdef HOSTAPD
1769 	.hapd_init		= bsd_init,
1770 	.hapd_deinit		= bsd_deinit,
1771 	.set_privacy		= bsd_set_privacy,
1772 	.get_seqnum		= bsd_get_seqnum,
1773 	.flush			= bsd_flush,
1774 	.read_sta_data		= bsd_read_sta_driver_data,
1775 	.sta_disassoc		= bsd_sta_disassoc,
1776 	.sta_deauth		= bsd_sta_deauth,
1777 	.sta_set_flags		= bsd_set_sta_authorized,
1778 	.commit			= bsd_commit,
1779 #else /* HOSTAPD */
1780 	.init2			= wpa_driver_bsd_init,
1781 	.deinit			= wpa_driver_bsd_deinit,
1782 	.get_bssid		= wpa_driver_bsd_get_bssid,
1783 	.get_ssid		= wpa_driver_bsd_get_ssid,
1784 	.set_countermeasures	= wpa_driver_bsd_set_countermeasures,
1785 	.scan2			= wpa_driver_bsd_scan,
1786 	.get_scan_results2	= wpa_driver_bsd_get_scan_results2,
1787 	.deauthenticate		= wpa_driver_bsd_deauthenticate,
1788 	.associate		= wpa_driver_bsd_associate,
1789 	.get_capa		= wpa_driver_bsd_get_capa,
1790 #endif /* HOSTAPD */
1791 	.set_freq		= bsd_set_freq,
1792 	.set_key		= bsd_set_key,
1793 	.set_ieee8021x		= bsd_set_ieee8021x,
1794 	.hapd_set_ssid		= bsd_set_ssid,
1795 	.hapd_get_ssid		= bsd_get_ssid,
1796 	.hapd_send_eapol	= bsd_send_eapol,
1797 	.set_generic_elem	= bsd_set_opt_ie,
1798 };
1799