xref: /freebsd/contrib/wpa/src/drivers/driver_wext.c (revision 2a58b312b62f908ec92311d1bd8536dbaeb8e55b)
1 /*
2  * Driver interaction with generic Linux Wireless Extensions
3  * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file implements a driver interface for the Linux Wireless Extensions.
9  * When used with WE-18 or newer, this interface can be used as-is with number
10  * of drivers. In addition to this, some of the common functions in this file
11  * can be used by other driver interface implementations that use generic WE
12  * ioctls, but require private ioctls for some of the functionality.
13  */
14 
15 #include "includes.h"
16 #include <sys/ioctl.h>
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <fcntl.h>
20 #include <net/if_arp.h>
21 #include <dirent.h>
22 
23 #include "linux_wext.h"
24 #include "common.h"
25 #include "eloop.h"
26 #include "common/ieee802_11_defs.h"
27 #include "common/wpa_common.h"
28 #include "priv_netlink.h"
29 #include "netlink.h"
30 #include "linux_ioctl.h"
31 #include "rfkill.h"
32 #include "driver.h"
33 #include "driver_wext.h"
34 
35 static int wpa_driver_wext_flush_pmkid(void *priv);
36 static int wpa_driver_wext_get_range(void *priv);
37 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv);
38 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv);
39 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg);
40 
41 
42 int wpa_driver_wext_set_auth_param(struct wpa_driver_wext_data *drv,
43 				   int idx, u32 value)
44 {
45 	struct iwreq iwr;
46 	int ret = 0;
47 
48 	os_memset(&iwr, 0, sizeof(iwr));
49 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
50 	iwr.u.param.flags = idx & IW_AUTH_INDEX;
51 	iwr.u.param.value = value;
52 
53 	if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
54 		if (errno != EOPNOTSUPP) {
55 			wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
56 				   "value 0x%x) failed: %s)",
57 				   idx, value, strerror(errno));
58 		}
59 		ret = errno == EOPNOTSUPP ? -2 : -1;
60 	}
61 
62 	return ret;
63 }
64 
65 
66 /**
67  * wpa_driver_wext_get_bssid - Get BSSID, SIOCGIWAP
68  * @priv: Pointer to private wext data from wpa_driver_wext_init()
69  * @bssid: Buffer for BSSID
70  * Returns: 0 on success, -1 on failure
71  */
72 int wpa_driver_wext_get_bssid(void *priv, u8 *bssid)
73 {
74 	struct wpa_driver_wext_data *drv = priv;
75 	struct iwreq iwr;
76 	int ret = 0;
77 
78 	os_memset(&iwr, 0, sizeof(iwr));
79 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
80 
81 	if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
82 		wpa_printf(MSG_ERROR, "ioctl[SIOCGIWAP]: %s", strerror(errno));
83 		ret = -1;
84 	}
85 	os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
86 
87 	return ret;
88 }
89 
90 
91 /**
92  * wpa_driver_wext_set_bssid - Set BSSID, SIOCSIWAP
93  * @priv: Pointer to private wext data from wpa_driver_wext_init()
94  * @bssid: BSSID
95  * Returns: 0 on success, -1 on failure
96  */
97 int wpa_driver_wext_set_bssid(void *priv, const u8 *bssid)
98 {
99 	struct wpa_driver_wext_data *drv = priv;
100 	struct iwreq iwr;
101 	int ret = 0;
102 
103 	os_memset(&iwr, 0, sizeof(iwr));
104 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
105 	iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
106 	if (bssid)
107 		os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
108 	else
109 		os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
110 
111 	if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
112 		wpa_printf(MSG_ERROR, "ioctl[SIOCSIWAP]: %s", strerror(errno));
113 		ret = -1;
114 	}
115 
116 	return ret;
117 }
118 
119 
120 /**
121  * wpa_driver_wext_get_ssid - Get SSID, SIOCGIWESSID
122  * @priv: Pointer to private wext data from wpa_driver_wext_init()
123  * @ssid: Buffer for the SSID; must be at least 32 bytes long
124  * Returns: SSID length on success, -1 on failure
125  */
126 int wpa_driver_wext_get_ssid(void *priv, u8 *ssid)
127 {
128 	struct wpa_driver_wext_data *drv = priv;
129 	struct iwreq iwr;
130 	int ret = 0;
131 
132 	os_memset(&iwr, 0, sizeof(iwr));
133 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
134 	iwr.u.essid.pointer = (caddr_t) ssid;
135 	iwr.u.essid.length = SSID_MAX_LEN;
136 
137 	if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
138 		wpa_printf(MSG_ERROR, "ioctl[SIOCGIWESSID]: %s",
139 			   strerror(errno));
140 		ret = -1;
141 	} else {
142 		ret = iwr.u.essid.length;
143 		if (ret > SSID_MAX_LEN)
144 			ret = SSID_MAX_LEN;
145 		/* Some drivers include nul termination in the SSID, so let's
146 		 * remove it here before further processing. WE-21 changes this
147 		 * to explicitly require the length _not_ to include nul
148 		 * termination. */
149 		if (ret > 0 && ssid[ret - 1] == '\0' &&
150 		    drv->we_version_compiled < 21)
151 			ret--;
152 	}
153 
154 	return ret;
155 }
156 
157 
158 /**
159  * wpa_driver_wext_set_ssid - Set SSID, SIOCSIWESSID
160  * @priv: Pointer to private wext data from wpa_driver_wext_init()
161  * @ssid: SSID
162  * @ssid_len: Length of SSID (0..32)
163  * Returns: 0 on success, -1 on failure
164  */
165 int wpa_driver_wext_set_ssid(void *priv, const u8 *ssid, size_t ssid_len)
166 {
167 	struct wpa_driver_wext_data *drv = priv;
168 	struct iwreq iwr;
169 	int ret = 0;
170 	char buf[33];
171 
172 	if (ssid_len > SSID_MAX_LEN)
173 		return -1;
174 
175 	os_memset(&iwr, 0, sizeof(iwr));
176 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
177 	/* flags: 1 = ESSID is active, 0 = not (promiscuous) */
178 	iwr.u.essid.flags = (ssid_len != 0);
179 	os_memset(buf, 0, sizeof(buf));
180 	os_memcpy(buf, ssid, ssid_len);
181 	iwr.u.essid.pointer = (caddr_t) buf;
182 	if (drv->we_version_compiled < 21) {
183 		/* For historic reasons, set SSID length to include one extra
184 		 * character, C string nul termination, even though SSID is
185 		 * really an octet string that should not be presented as a C
186 		 * string. Some Linux drivers decrement the length by one and
187 		 * can thus end up missing the last octet of the SSID if the
188 		 * length is not incremented here. WE-21 changes this to
189 		 * explicitly require the length _not_ to include nul
190 		 * termination. */
191 		if (ssid_len)
192 			ssid_len++;
193 	}
194 	iwr.u.essid.length = ssid_len;
195 
196 	if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
197 		wpa_printf(MSG_ERROR, "ioctl[SIOCSIWESSID]: %s",
198 			   strerror(errno));
199 		ret = -1;
200 	}
201 
202 	return ret;
203 }
204 
205 
206 /**
207  * wpa_driver_wext_set_freq - Set frequency/channel, SIOCSIWFREQ
208  * @priv: Pointer to private wext data from wpa_driver_wext_init()
209  * @freq: Frequency in MHz
210  * Returns: 0 on success, -1 on failure
211  */
212 int wpa_driver_wext_set_freq(void *priv, int freq)
213 {
214 	struct wpa_driver_wext_data *drv = priv;
215 	struct iwreq iwr;
216 	int ret = 0;
217 
218 	os_memset(&iwr, 0, sizeof(iwr));
219 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
220 	iwr.u.freq.m = freq * 100000;
221 	iwr.u.freq.e = 1;
222 
223 	if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
224 		wpa_printf(MSG_ERROR, "ioctl[SIOCSIWFREQ]: %s",
225 			   strerror(errno));
226 		ret = -1;
227 	}
228 
229 	return ret;
230 }
231 
232 
233 static void
234 wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
235 {
236 	union wpa_event_data data;
237 
238 	wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
239 		   custom);
240 
241 	os_memset(&data, 0, sizeof(data));
242 	/* Host AP driver */
243 	if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
244 		data.michael_mic_failure.unicast =
245 			os_strstr(custom, " unicast ") != NULL;
246 		/* TODO: parse parameters(?) */
247 		wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
248 	} else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
249 		char *spos;
250 		int bytes;
251 		u8 *req_ies = NULL, *resp_ies = NULL;
252 
253 		spos = custom + 17;
254 
255 		bytes = strspn(spos, "0123456789abcdefABCDEF");
256 		if (!bytes || (bytes & 1))
257 			return;
258 		bytes /= 2;
259 
260 		req_ies = os_malloc(bytes);
261 		if (req_ies == NULL ||
262 		    hexstr2bin(spos, req_ies, bytes) < 0)
263 			goto done;
264 		data.assoc_info.req_ies = req_ies;
265 		data.assoc_info.req_ies_len = bytes;
266 
267 		spos += bytes * 2;
268 
269 		data.assoc_info.resp_ies = NULL;
270 		data.assoc_info.resp_ies_len = 0;
271 
272 		if (os_strncmp(spos, " RespIEs=", 9) == 0) {
273 			spos += 9;
274 
275 			bytes = strspn(spos, "0123456789abcdefABCDEF");
276 			if (!bytes || (bytes & 1))
277 				goto done;
278 			bytes /= 2;
279 
280 			resp_ies = os_malloc(bytes);
281 			if (resp_ies == NULL ||
282 			    hexstr2bin(spos, resp_ies, bytes) < 0)
283 				goto done;
284 			data.assoc_info.resp_ies = resp_ies;
285 			data.assoc_info.resp_ies_len = bytes;
286 		}
287 
288 		wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
289 
290 	done:
291 		os_free(resp_ies);
292 		os_free(req_ies);
293 	}
294 }
295 
296 
297 static int wpa_driver_wext_event_wireless_michaelmicfailure(
298 	void *ctx, const char *ev, size_t len)
299 {
300 	const struct iw_michaelmicfailure *mic;
301 	union wpa_event_data data;
302 
303 	if (len < sizeof(*mic))
304 		return -1;
305 
306 	mic = (const struct iw_michaelmicfailure *) ev;
307 
308 	wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
309 		   "flags=0x%x src_addr=" MACSTR, mic->flags,
310 		   MAC2STR(mic->src_addr.sa_data));
311 
312 	os_memset(&data, 0, sizeof(data));
313 	data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
314 	wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
315 
316 	return 0;
317 }
318 
319 
320 static int wpa_driver_wext_event_wireless_pmkidcand(
321 	struct wpa_driver_wext_data *drv, const char *ev, size_t len)
322 {
323 	const struct iw_pmkid_cand *cand;
324 	union wpa_event_data data;
325 	const u8 *addr;
326 
327 	if (len < sizeof(*cand))
328 		return -1;
329 
330 	cand = (const struct iw_pmkid_cand *) ev;
331 	addr = (const u8 *) cand->bssid.sa_data;
332 
333 	wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
334 		   "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
335 		   cand->index, MAC2STR(addr));
336 
337 	os_memset(&data, 0, sizeof(data));
338 	os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
339 	data.pmkid_candidate.index = cand->index;
340 	data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
341 	wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
342 
343 	return 0;
344 }
345 
346 
347 static int wpa_driver_wext_event_wireless_assocreqie(
348 	struct wpa_driver_wext_data *drv, const char *ev, int len)
349 {
350 	if (len < 0)
351 		return -1;
352 
353 	wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
354 		    len);
355 	os_free(drv->assoc_req_ies);
356 	drv->assoc_req_ies = os_memdup(ev, len);
357 	if (drv->assoc_req_ies == NULL) {
358 		drv->assoc_req_ies_len = 0;
359 		return -1;
360 	}
361 	drv->assoc_req_ies_len = len;
362 
363 	return 0;
364 }
365 
366 
367 static int wpa_driver_wext_event_wireless_assocrespie(
368 	struct wpa_driver_wext_data *drv, const char *ev, int len)
369 {
370 	if (len < 0)
371 		return -1;
372 
373 	wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
374 		    len);
375 	os_free(drv->assoc_resp_ies);
376 	drv->assoc_resp_ies = os_memdup(ev, len);
377 	if (drv->assoc_resp_ies == NULL) {
378 		drv->assoc_resp_ies_len = 0;
379 		return -1;
380 	}
381 	drv->assoc_resp_ies_len = len;
382 
383 	return 0;
384 }
385 
386 
387 static void wpa_driver_wext_event_assoc_ies(struct wpa_driver_wext_data *drv)
388 {
389 	union wpa_event_data data;
390 
391 	if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
392 		return;
393 
394 	os_memset(&data, 0, sizeof(data));
395 	if (drv->assoc_req_ies) {
396 		data.assoc_info.req_ies = drv->assoc_req_ies;
397 		data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
398 	}
399 	if (drv->assoc_resp_ies) {
400 		data.assoc_info.resp_ies = drv->assoc_resp_ies;
401 		data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
402 	}
403 
404 	wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
405 
406 	os_free(drv->assoc_req_ies);
407 	drv->assoc_req_ies = NULL;
408 	os_free(drv->assoc_resp_ies);
409 	drv->assoc_resp_ies = NULL;
410 }
411 
412 
413 static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv,
414 					   char *data, unsigned int len)
415 {
416 	struct iw_event iwe_buf, *iwe = &iwe_buf;
417 	char *pos, *end, *custom, *buf;
418 
419 	pos = data;
420 	end = data + len;
421 
422 	while ((size_t) (end - pos) >= IW_EV_LCP_LEN) {
423 		/* Event data may be unaligned, so make a local, aligned copy
424 		 * before processing. */
425 		os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
426 		wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
427 			   iwe->cmd, iwe->len);
428 		if (iwe->len <= IW_EV_LCP_LEN || iwe->len > end - pos)
429 			return;
430 
431 		custom = pos + IW_EV_POINT_LEN;
432 		if (drv->we_version_compiled > 18 &&
433 		    (iwe->cmd == IWEVMICHAELMICFAILURE ||
434 		     iwe->cmd == IWEVCUSTOM ||
435 		     iwe->cmd == IWEVASSOCREQIE ||
436 		     iwe->cmd == IWEVASSOCRESPIE ||
437 		     iwe->cmd == IWEVPMKIDCAND)) {
438 			/* WE-19 removed the pointer from struct iw_point */
439 			char *dpos = (char *) &iwe_buf.u.data.length;
440 			int dlen = dpos - (char *) &iwe_buf;
441 			os_memcpy(dpos, pos + IW_EV_LCP_LEN,
442 				  sizeof(struct iw_event) - dlen);
443 		} else {
444 			os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
445 			custom += IW_EV_POINT_OFF;
446 		}
447 
448 		switch (iwe->cmd) {
449 		case SIOCGIWAP:
450 			wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
451 				   MACSTR,
452 				   MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
453 			if (is_zero_ether_addr(
454 				    (const u8 *) iwe->u.ap_addr.sa_data) ||
455 			    os_memcmp(iwe->u.ap_addr.sa_data,
456 				      "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
457 			    0) {
458 				os_free(drv->assoc_req_ies);
459 				drv->assoc_req_ies = NULL;
460 				os_free(drv->assoc_resp_ies);
461 				drv->assoc_resp_ies = NULL;
462 				wpa_supplicant_event(drv->ctx, EVENT_DISASSOC,
463 						     NULL);
464 
465 			} else {
466 				wpa_driver_wext_event_assoc_ies(drv);
467 				wpa_supplicant_event(drv->ctx, EVENT_ASSOC,
468 						     NULL);
469 			}
470 			break;
471 		case IWEVMICHAELMICFAILURE:
472 			if (iwe->u.data.length > end - custom) {
473 				wpa_printf(MSG_DEBUG, "WEXT: Invalid "
474 					   "IWEVMICHAELMICFAILURE length");
475 				return;
476 			}
477 			wpa_driver_wext_event_wireless_michaelmicfailure(
478 				drv->ctx, custom, iwe->u.data.length);
479 			break;
480 		case IWEVCUSTOM:
481 			if (iwe->u.data.length > end - custom) {
482 				wpa_printf(MSG_DEBUG, "WEXT: Invalid "
483 					   "IWEVCUSTOM length");
484 				return;
485 			}
486 			buf = dup_binstr(custom, iwe->u.data.length);
487 			if (buf == NULL)
488 				return;
489 			wpa_driver_wext_event_wireless_custom(drv->ctx, buf);
490 			os_free(buf);
491 			break;
492 		case SIOCGIWSCAN:
493 			drv->scan_complete_events = 1;
494 			eloop_cancel_timeout(wpa_driver_wext_scan_timeout,
495 					     drv, drv->ctx);
496 			wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS,
497 					     NULL);
498 			break;
499 		case IWEVASSOCREQIE:
500 			if (iwe->u.data.length > end - custom) {
501 				wpa_printf(MSG_DEBUG, "WEXT: Invalid "
502 					   "IWEVASSOCREQIE length");
503 				return;
504 			}
505 			wpa_driver_wext_event_wireless_assocreqie(
506 				drv, custom, iwe->u.data.length);
507 			break;
508 		case IWEVASSOCRESPIE:
509 			if (iwe->u.data.length > end - custom) {
510 				wpa_printf(MSG_DEBUG, "WEXT: Invalid "
511 					   "IWEVASSOCRESPIE length");
512 				return;
513 			}
514 			wpa_driver_wext_event_wireless_assocrespie(
515 				drv, custom, iwe->u.data.length);
516 			break;
517 		case IWEVPMKIDCAND:
518 			if (iwe->u.data.length > end - custom) {
519 				wpa_printf(MSG_DEBUG, "WEXT: Invalid "
520 					   "IWEVPMKIDCAND length");
521 				return;
522 			}
523 			wpa_driver_wext_event_wireless_pmkidcand(
524 				drv, custom, iwe->u.data.length);
525 			break;
526 		}
527 
528 		pos += iwe->len;
529 	}
530 }
531 
532 
533 static void wpa_driver_wext_event_link(struct wpa_driver_wext_data *drv,
534 				       char *buf, size_t len, int del)
535 {
536 	union wpa_event_data event;
537 
538 	os_memset(&event, 0, sizeof(event));
539 	if (len > sizeof(event.interface_status.ifname))
540 		len = sizeof(event.interface_status.ifname) - 1;
541 	os_memcpy(event.interface_status.ifname, buf, len);
542 	event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
543 		EVENT_INTERFACE_ADDED;
544 
545 	wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
546 		   del ? "DEL" : "NEW",
547 		   event.interface_status.ifname,
548 		   del ? "removed" : "added");
549 
550 	if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
551 		if (del) {
552 			if (drv->if_removed) {
553 				wpa_printf(MSG_DEBUG, "WEXT: if_removed "
554 					   "already set - ignore event");
555 				return;
556 			}
557 			drv->if_removed = 1;
558 		} else {
559 			if (if_nametoindex(drv->ifname) == 0) {
560 				wpa_printf(MSG_DEBUG, "WEXT: Interface %s "
561 					   "does not exist - ignore "
562 					   "RTM_NEWLINK",
563 					   drv->ifname);
564 				return;
565 			}
566 			if (!drv->if_removed) {
567 				wpa_printf(MSG_DEBUG, "WEXT: if_removed "
568 					   "already cleared - ignore event");
569 				return;
570 			}
571 			drv->if_removed = 0;
572 		}
573 	}
574 
575 	wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
576 }
577 
578 
579 static int wpa_driver_wext_own_ifname(struct wpa_driver_wext_data *drv,
580 				      u8 *buf, size_t len)
581 {
582 	int attrlen, rta_len;
583 	struct rtattr *attr;
584 
585 	attrlen = len;
586 	attr = (struct rtattr *) buf;
587 
588 	rta_len = RTA_ALIGN(sizeof(struct rtattr));
589 	while (RTA_OK(attr, attrlen)) {
590 		if (attr->rta_type == IFLA_IFNAME) {
591 			if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
592 			    == 0)
593 				return 1;
594 			else
595 				break;
596 		}
597 		attr = RTA_NEXT(attr, attrlen);
598 	}
599 
600 	return 0;
601 }
602 
603 
604 static int wpa_driver_wext_own_ifindex(struct wpa_driver_wext_data *drv,
605 				       int ifindex, u8 *buf, size_t len)
606 {
607 	if (drv->ifindex == ifindex || drv->ifindex2 == ifindex)
608 		return 1;
609 
610 	if (drv->if_removed && wpa_driver_wext_own_ifname(drv, buf, len)) {
611 		drv->ifindex = if_nametoindex(drv->ifname);
612 		wpa_printf(MSG_DEBUG, "WEXT: Update ifindex for a removed "
613 			   "interface");
614 		wpa_driver_wext_finish_drv_init(drv);
615 		return 1;
616 	}
617 
618 	return 0;
619 }
620 
621 
622 static void wpa_driver_wext_event_rtm_newlink(void *ctx, struct ifinfomsg *ifi,
623 					      u8 *buf, size_t len)
624 {
625 	struct wpa_driver_wext_data *drv = ctx;
626 	int attrlen, rta_len;
627 	struct rtattr *attr;
628 	char namebuf[IFNAMSIZ];
629 
630 	if (!wpa_driver_wext_own_ifindex(drv, ifi->ifi_index, buf, len)) {
631 		wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
632 			   ifi->ifi_index);
633 		return;
634 	}
635 
636 	wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
637 		   "(%s%s%s%s)",
638 		   drv->operstate, ifi->ifi_flags,
639 		   (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
640 		   (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
641 		   (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
642 		   (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
643 
644 	if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
645 		wpa_printf(MSG_DEBUG, "WEXT: Interface down");
646 		drv->if_disabled = 1;
647 		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL);
648 	}
649 
650 	if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
651 		if (if_indextoname(ifi->ifi_index, namebuf) &&
652 		    linux_iface_up(drv->ioctl_sock, drv->ifname) == 0) {
653 			wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up "
654 				   "event since interface %s is down",
655 				   namebuf);
656 		} else if (if_nametoindex(drv->ifname) == 0) {
657 			wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up "
658 				   "event since interface %s does not exist",
659 				   drv->ifname);
660 		} else if (drv->if_removed) {
661 			wpa_printf(MSG_DEBUG, "WEXT: Ignore interface up "
662 				   "event since interface %s is marked "
663 				   "removed", drv->ifname);
664 		} else {
665 			wpa_printf(MSG_DEBUG, "WEXT: Interface up");
666 			drv->if_disabled = 0;
667 			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
668 					     NULL);
669 		}
670 	}
671 
672 	/*
673 	 * Some drivers send the association event before the operup event--in
674 	 * this case, lifting operstate in wpa_driver_wext_set_operstate()
675 	 * fails. This will hit us when wpa_supplicant does not need to do
676 	 * IEEE 802.1X authentication
677 	 */
678 	if (drv->operstate == 1 &&
679 	    (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
680 	    !(ifi->ifi_flags & IFF_RUNNING))
681 		netlink_send_oper_ifla(drv->netlink, drv->ifindex,
682 				       -1, IF_OPER_UP);
683 
684 	attrlen = len;
685 	attr = (struct rtattr *) buf;
686 
687 	rta_len = RTA_ALIGN(sizeof(struct rtattr));
688 	while (RTA_OK(attr, attrlen)) {
689 		if (attr->rta_type == IFLA_WIRELESS) {
690 			wpa_driver_wext_event_wireless(
691 				drv, ((char *) attr) + rta_len,
692 				attr->rta_len - rta_len);
693 		} else if (attr->rta_type == IFLA_IFNAME) {
694 			wpa_driver_wext_event_link(drv,
695 						   ((char *) attr) + rta_len,
696 						   attr->rta_len - rta_len, 0);
697 		}
698 		attr = RTA_NEXT(attr, attrlen);
699 	}
700 }
701 
702 
703 static void wpa_driver_wext_event_rtm_dellink(void *ctx, struct ifinfomsg *ifi,
704 					      u8 *buf, size_t len)
705 {
706 	struct wpa_driver_wext_data *drv = ctx;
707 	int attrlen, rta_len;
708 	struct rtattr *attr;
709 
710 	attrlen = len;
711 	attr = (struct rtattr *) buf;
712 
713 	rta_len = RTA_ALIGN(sizeof(struct rtattr));
714 	while (RTA_OK(attr, attrlen)) {
715 		if (attr->rta_type == IFLA_IFNAME) {
716 			wpa_driver_wext_event_link(drv,
717 						   ((char *) attr) + rta_len,
718 						   attr->rta_len - rta_len, 1);
719 		}
720 		attr = RTA_NEXT(attr, attrlen);
721 	}
722 }
723 
724 
725 static void wpa_driver_wext_rfkill_blocked(void *ctx)
726 {
727 	wpa_printf(MSG_DEBUG, "WEXT: RFKILL blocked");
728 	/*
729 	 * This may be for any interface; use ifdown event to disable
730 	 * interface.
731 	 */
732 }
733 
734 
735 static void wpa_driver_wext_rfkill_unblocked(void *ctx)
736 {
737 	struct wpa_driver_wext_data *drv = ctx;
738 	wpa_printf(MSG_DEBUG, "WEXT: RFKILL unblocked");
739 	if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1)) {
740 		wpa_printf(MSG_DEBUG, "WEXT: Could not set interface UP "
741 			   "after rfkill unblock");
742 		return;
743 	}
744 	/* rtnetlink ifup handler will report interface as enabled */
745 }
746 
747 
748 static void wext_get_phy_name(struct wpa_driver_wext_data *drv)
749 {
750 	/* Find phy (radio) to which this interface belongs */
751 	char buf[90], *pos;
752 	int f, rv;
753 
754 	drv->phyname[0] = '\0';
755 	snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name",
756 		 drv->ifname);
757 	f = open(buf, O_RDONLY);
758 	if (f < 0) {
759 		wpa_printf(MSG_DEBUG, "Could not open file %s: %s",
760 			   buf, strerror(errno));
761 		return;
762 	}
763 
764 	rv = read(f, drv->phyname, sizeof(drv->phyname) - 1);
765 	close(f);
766 	if (rv < 0) {
767 		wpa_printf(MSG_DEBUG, "Could not read file %s: %s",
768 			   buf, strerror(errno));
769 		return;
770 	}
771 
772 	drv->phyname[rv] = '\0';
773 	pos = os_strchr(drv->phyname, '\n');
774 	if (pos)
775 		*pos = '\0';
776 	wpa_printf(MSG_DEBUG, "wext: interface %s phy: %s",
777 		   drv->ifname, drv->phyname);
778 }
779 
780 
781 /**
782  * wpa_driver_wext_init - Initialize WE driver interface
783  * @ctx: context to be used when calling wpa_supplicant functions,
784  * e.g., wpa_supplicant_event()
785  * @ifname: interface name, e.g., wlan0
786  * Returns: Pointer to private data, %NULL on failure
787  */
788 void * wpa_driver_wext_init(void *ctx, const char *ifname)
789 {
790 	struct wpa_driver_wext_data *drv;
791 	struct netlink_config *cfg;
792 	struct rfkill_config *rcfg;
793 	char path[128];
794 	struct stat buf;
795 
796 	drv = os_zalloc(sizeof(*drv));
797 	if (drv == NULL)
798 		return NULL;
799 	drv->ctx = ctx;
800 	os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
801 
802 	os_snprintf(path, sizeof(path), "/sys/class/net/%s/phy80211", ifname);
803 	if (stat(path, &buf) == 0) {
804 		wpa_printf(MSG_DEBUG, "WEXT: cfg80211-based driver detected");
805 		drv->cfg80211 = 1;
806 		wext_get_phy_name(drv);
807 	}
808 
809 	drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
810 	if (drv->ioctl_sock < 0) {
811 		wpa_printf(MSG_ERROR, "socket(PF_INET,SOCK_DGRAM): %s",
812 			   strerror(errno));
813 		goto err1;
814 	}
815 
816 	cfg = os_zalloc(sizeof(*cfg));
817 	if (cfg == NULL)
818 		goto err1;
819 	cfg->ctx = drv;
820 	cfg->newlink_cb = wpa_driver_wext_event_rtm_newlink;
821 	cfg->dellink_cb = wpa_driver_wext_event_rtm_dellink;
822 	drv->netlink = netlink_init(cfg);
823 	if (drv->netlink == NULL) {
824 		os_free(cfg);
825 		goto err2;
826 	}
827 
828 	rcfg = os_zalloc(sizeof(*rcfg));
829 	if (rcfg == NULL)
830 		goto err3;
831 	rcfg->ctx = drv;
832 	os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
833 	rcfg->blocked_cb = wpa_driver_wext_rfkill_blocked;
834 	rcfg->unblocked_cb = wpa_driver_wext_rfkill_unblocked;
835 	drv->rfkill = rfkill_init(rcfg);
836 	if (drv->rfkill == NULL) {
837 		wpa_printf(MSG_DEBUG, "WEXT: RFKILL status not available");
838 		os_free(rcfg);
839 	}
840 
841 	drv->mlme_sock = -1;
842 
843 	if (wpa_driver_wext_finish_drv_init(drv) < 0)
844 		goto err3;
845 
846 	wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 1);
847 
848 	return drv;
849 
850 err3:
851 	rfkill_deinit(drv->rfkill);
852 	netlink_deinit(drv->netlink);
853 err2:
854 	close(drv->ioctl_sock);
855 err1:
856 	os_free(drv);
857 	return NULL;
858 }
859 
860 
861 static void wpa_driver_wext_send_rfkill(void *eloop_ctx, void *timeout_ctx)
862 {
863 	wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
864 }
865 
866 
867 static int wext_hostap_ifname(struct wpa_driver_wext_data *drv,
868 			      const char *ifname)
869 {
870 	char buf[200], *res;
871 	int type, ret;
872 	FILE *f;
873 
874 	if (strcmp(ifname, ".") == 0 || strcmp(ifname, "..") == 0)
875 		return -1;
876 
877 	ret = snprintf(buf, sizeof(buf), "/sys/class/net/%s/device/net/%s/type",
878 		       drv->ifname, ifname);
879 	if (os_snprintf_error(sizeof(buf), ret))
880 		return -1;
881 
882 	f = fopen(buf, "r");
883 	if (!f)
884 		return -1;
885 	res = fgets(buf, sizeof(buf), f);
886 	fclose(f);
887 
888 	type = res ? atoi(res) : -1;
889 	wpa_printf(MSG_DEBUG, "WEXT: hostap ifname %s type %d", ifname, type);
890 
891 	if (type == ARPHRD_IEEE80211) {
892 		wpa_printf(MSG_DEBUG,
893 			   "WEXT: Found hostap driver wifi# interface (%s)",
894 			   ifname);
895 		wpa_driver_wext_alternative_ifindex(drv, ifname);
896 		return 0;
897 	}
898 	return -1;
899 }
900 
901 
902 static int wext_add_hostap(struct wpa_driver_wext_data *drv)
903 {
904 	char buf[200];
905 	int n;
906 	struct dirent **names;
907 	int ret = -1;
908 
909 	snprintf(buf, sizeof(buf), "/sys/class/net/%s/device/net", drv->ifname);
910 	n = scandir(buf, &names, NULL, alphasort);
911 	if (n < 0)
912 		return -1;
913 
914 	while (n--) {
915 		if (ret < 0 && wext_hostap_ifname(drv, names[n]->d_name) == 0)
916 			ret = 0;
917 		free(names[n]);
918 	}
919 	free(names);
920 
921 	return ret;
922 }
923 
924 
925 static void wext_check_hostap(struct wpa_driver_wext_data *drv)
926 {
927 	char path[200], buf[200], *pos;
928 	ssize_t res;
929 
930 	/*
931 	 * Host AP driver may use both wlan# and wifi# interface in wireless
932 	 * events. Since some of the versions included WE-18 support, let's add
933 	 * the alternative ifindex also from driver_wext.c for the time being.
934 	 * This may be removed at some point once it is believed that old
935 	 * versions of the driver are not in use anymore. However, it looks like
936 	 * the wifi# interface is still used in the current kernel tree, so it
937 	 * may not really be possible to remove this before the Host AP driver
938 	 * gets removed from the kernel.
939 	 */
940 
941 	/* First, try to see if driver information is available from sysfs */
942 	snprintf(path, sizeof(path), "/sys/class/net/%s/device/driver",
943 		 drv->ifname);
944 	res = readlink(path, buf, sizeof(buf) - 1);
945 	if (res > 0) {
946 		buf[res] = '\0';
947 		pos = strrchr(buf, '/');
948 		if (pos)
949 			pos++;
950 		else
951 			pos = buf;
952 		wpa_printf(MSG_DEBUG, "WEXT: Driver: %s", pos);
953 		if (os_strncmp(pos, "hostap", 6) == 0 &&
954 		    wext_add_hostap(drv) == 0)
955 			return;
956 	}
957 
958 	/* Second, use the old design with hardcoded ifname */
959 	if (os_strncmp(drv->ifname, "wlan", 4) == 0) {
960 		char ifname2[IFNAMSIZ + 1];
961 		os_strlcpy(ifname2, drv->ifname, sizeof(ifname2));
962 		os_memcpy(ifname2, "wifi", 4);
963 		wpa_driver_wext_alternative_ifindex(drv, ifname2);
964 	}
965 }
966 
967 
968 static int wpa_driver_wext_finish_drv_init(struct wpa_driver_wext_data *drv)
969 {
970 	int send_rfkill_event = 0;
971 	int i;
972 
973 	if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1) < 0) {
974 		if (rfkill_is_blocked(drv->rfkill)) {
975 			wpa_printf(MSG_DEBUG, "WEXT: Could not yet enable "
976 				   "interface '%s' due to rfkill",
977 				   drv->ifname);
978 			drv->if_disabled = 1;
979 			send_rfkill_event = 1;
980 		} else {
981 			wpa_printf(MSG_ERROR, "WEXT: Could not set "
982 				   "interface '%s' UP", drv->ifname);
983 			return -1;
984 		}
985 	}
986 
987 	/*
988 	 * Make sure that the driver does not have any obsolete PMKID entries.
989 	 */
990 	wpa_driver_wext_flush_pmkid(drv);
991 
992 	if (wpa_driver_wext_set_mode(drv, 0) < 0) {
993 		wpa_printf(MSG_DEBUG, "Could not configure driver to use "
994 			   "managed mode");
995 		/* Try to use it anyway */
996 	}
997 
998 	wpa_driver_wext_get_range(drv);
999 
1000 	/* Update per interface supported AKMs */
1001 	for (i = 0; i < WPA_IF_MAX; i++)
1002 		drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt;
1003 
1004 	/*
1005 	 * Unlock the driver's BSSID and force to a random SSID to clear any
1006 	 * previous association the driver might have when the supplicant
1007 	 * starts up.
1008 	 */
1009 	wpa_driver_wext_disconnect(drv);
1010 
1011 	drv->ifindex = if_nametoindex(drv->ifname);
1012 
1013 	wext_check_hostap(drv);
1014 
1015 	netlink_send_oper_ifla(drv->netlink, drv->ifindex,
1016 			       1, IF_OPER_DORMANT);
1017 
1018 	if (send_rfkill_event) {
1019 		eloop_register_timeout(0, 0, wpa_driver_wext_send_rfkill,
1020 				       drv, drv->ctx);
1021 	}
1022 
1023 	return 0;
1024 }
1025 
1026 
1027 /**
1028  * wpa_driver_wext_deinit - Deinitialize WE driver interface
1029  * @priv: Pointer to private wext data from wpa_driver_wext_init()
1030  *
1031  * Shut down driver interface and processing of driver events. Free
1032  * private data buffer if one was allocated in wpa_driver_wext_init().
1033  */
1034 void wpa_driver_wext_deinit(void *priv)
1035 {
1036 	struct wpa_driver_wext_data *drv = priv;
1037 
1038 	wpa_driver_wext_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 0);
1039 
1040 	eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1041 	eloop_cancel_timeout(wpa_driver_wext_send_rfkill, drv, drv->ctx);
1042 
1043 	/*
1044 	 * Clear possibly configured driver parameters in order to make it
1045 	 * easier to use the driver after wpa_supplicant has been terminated.
1046 	 */
1047 	wpa_driver_wext_disconnect(drv);
1048 
1049 	netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP);
1050 	netlink_deinit(drv->netlink);
1051 	rfkill_deinit(drv->rfkill);
1052 
1053 	if (drv->mlme_sock >= 0)
1054 		eloop_unregister_read_sock(drv->mlme_sock);
1055 
1056 	(void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0);
1057 
1058 	close(drv->ioctl_sock);
1059 	if (drv->mlme_sock >= 0)
1060 		close(drv->mlme_sock);
1061 	os_free(drv->assoc_req_ies);
1062 	os_free(drv->assoc_resp_ies);
1063 	os_free(drv);
1064 }
1065 
1066 
1067 /**
1068  * wpa_driver_wext_scan_timeout - Scan timeout to report scan completion
1069  * @eloop_ctx: Unused
1070  * @timeout_ctx: ctx argument given to wpa_driver_wext_init()
1071  *
1072  * This function can be used as registered timeout when starting a scan to
1073  * generate a scan completed event if the driver does not report this.
1074  */
1075 void wpa_driver_wext_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1076 {
1077 	wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1078 	wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1079 }
1080 
1081 
1082 /**
1083  * wpa_driver_wext_scan - Request the driver to initiate scan
1084  * @priv: Pointer to private wext data from wpa_driver_wext_init()
1085  * @param: Scan parameters (specific SSID to scan for (ProbeReq), etc.)
1086  * Returns: 0 on success, -1 on failure
1087  */
1088 int wpa_driver_wext_scan(void *priv, struct wpa_driver_scan_params *params)
1089 {
1090 	struct wpa_driver_wext_data *drv = priv;
1091 	struct iwreq iwr;
1092 	int ret = 0, timeout;
1093 	struct iw_scan_req req;
1094 	const u8 *ssid = params->ssids[0].ssid;
1095 	size_t ssid_len = params->ssids[0].ssid_len;
1096 
1097 	if (ssid_len > IW_ESSID_MAX_SIZE) {
1098 		wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
1099 			   __FUNCTION__, (unsigned long) ssid_len);
1100 		return -1;
1101 	}
1102 
1103 	os_memset(&iwr, 0, sizeof(iwr));
1104 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1105 
1106 	if (ssid && ssid_len) {
1107 		os_memset(&req, 0, sizeof(req));
1108 		req.essid_len = ssid_len;
1109 		req.bssid.sa_family = ARPHRD_ETHER;
1110 		os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
1111 		os_memcpy(req.essid, ssid, ssid_len);
1112 		iwr.u.data.pointer = (caddr_t) &req;
1113 		iwr.u.data.length = sizeof(req);
1114 		iwr.u.data.flags = IW_SCAN_THIS_ESSID;
1115 	}
1116 
1117 	if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
1118 		wpa_printf(MSG_ERROR, "ioctl[SIOCSIWSCAN]: %s",
1119 			   strerror(errno));
1120 		ret = -1;
1121 	}
1122 
1123 	/* Not all drivers generate "scan completed" wireless event, so try to
1124 	 * read results after a timeout. */
1125 	timeout = 10;
1126 	if (drv->scan_complete_events) {
1127 		/*
1128 		 * The driver seems to deliver SIOCGIWSCAN events to notify
1129 		 * when scan is complete, so use longer timeout to avoid race
1130 		 * conditions with scanning and following association request.
1131 		 */
1132 		timeout = 30;
1133 	}
1134 	wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1135 		   "seconds", ret, timeout);
1136 	eloop_cancel_timeout(wpa_driver_wext_scan_timeout, drv, drv->ctx);
1137 	eloop_register_timeout(timeout, 0, wpa_driver_wext_scan_timeout, drv,
1138 			       drv->ctx);
1139 
1140 	return ret;
1141 }
1142 
1143 
1144 static u8 * wpa_driver_wext_giwscan(struct wpa_driver_wext_data *drv,
1145 				    size_t *len)
1146 {
1147 	struct iwreq iwr;
1148 	u8 *res_buf;
1149 	size_t res_buf_len;
1150 
1151 	res_buf_len = IW_SCAN_MAX_DATA;
1152 	for (;;) {
1153 		res_buf = os_malloc(res_buf_len);
1154 		if (res_buf == NULL)
1155 			return NULL;
1156 		os_memset(&iwr, 0, sizeof(iwr));
1157 		os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1158 		iwr.u.data.pointer = res_buf;
1159 		iwr.u.data.length = res_buf_len;
1160 
1161 		if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
1162 			break;
1163 
1164 		if (errno == E2BIG && res_buf_len < 65535) {
1165 			os_free(res_buf);
1166 			res_buf = NULL;
1167 			res_buf_len *= 2;
1168 			if (res_buf_len > 65535)
1169 				res_buf_len = 65535; /* 16-bit length field */
1170 			wpa_printf(MSG_DEBUG, "Scan results did not fit - "
1171 				   "trying larger buffer (%lu bytes)",
1172 				   (unsigned long) res_buf_len);
1173 		} else {
1174 			wpa_printf(MSG_ERROR, "ioctl[SIOCGIWSCAN]: %s",
1175 				   strerror(errno));
1176 			os_free(res_buf);
1177 			return NULL;
1178 		}
1179 	}
1180 
1181 	if (iwr.u.data.length > res_buf_len) {
1182 		os_free(res_buf);
1183 		return NULL;
1184 	}
1185 	*len = iwr.u.data.length;
1186 
1187 	return res_buf;
1188 }
1189 
1190 
1191 /*
1192  * Data structure for collecting WEXT scan results. This is needed to allow
1193  * the various methods of reporting IEs to be combined into a single IE buffer.
1194  */
1195 struct wext_scan_data {
1196 	struct wpa_scan_res res;
1197 	u8 *ie;
1198 	size_t ie_len;
1199 	u8 ssid[SSID_MAX_LEN];
1200 	size_t ssid_len;
1201 	int maxrate;
1202 };
1203 
1204 
1205 static void wext_get_scan_mode(struct iw_event *iwe,
1206 			       struct wext_scan_data *res)
1207 {
1208 	if (iwe->u.mode == IW_MODE_ADHOC)
1209 		res->res.caps |= IEEE80211_CAP_IBSS;
1210 	else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA)
1211 		res->res.caps |= IEEE80211_CAP_ESS;
1212 }
1213 
1214 
1215 static void wext_get_scan_ssid(struct iw_event *iwe,
1216 			       struct wext_scan_data *res, char *custom,
1217 			       char *end)
1218 {
1219 	int ssid_len = iwe->u.essid.length;
1220 	if (ssid_len > end - custom)
1221 		return;
1222 	if (iwe->u.essid.flags &&
1223 	    ssid_len > 0 &&
1224 	    ssid_len <= IW_ESSID_MAX_SIZE) {
1225 		os_memcpy(res->ssid, custom, ssid_len);
1226 		res->ssid_len = ssid_len;
1227 	}
1228 }
1229 
1230 
1231 static void wext_get_scan_freq(struct iw_event *iwe,
1232 			       struct wext_scan_data *res)
1233 {
1234 	int divi = 1000000, i;
1235 
1236 	if (iwe->u.freq.e == 0) {
1237 		/*
1238 		 * Some drivers do not report frequency, but a channel.
1239 		 * Try to map this to frequency by assuming they are using
1240 		 * IEEE 802.11b/g.  But don't overwrite a previously parsed
1241 		 * frequency if the driver sends both frequency and channel,
1242 		 * since the driver may be sending an A-band channel that we
1243 		 * don't handle here.
1244 		 */
1245 
1246 		if (res->res.freq)
1247 			return;
1248 
1249 		if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
1250 			res->res.freq = 2407 + 5 * iwe->u.freq.m;
1251 			return;
1252 		} else if (iwe->u.freq.m == 14) {
1253 			res->res.freq = 2484;
1254 			return;
1255 		}
1256 	}
1257 
1258 	if (iwe->u.freq.e > 6) {
1259 		wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID="
1260 			   MACSTR " m=%d e=%d)",
1261 			   MAC2STR(res->res.bssid), iwe->u.freq.m,
1262 			   iwe->u.freq.e);
1263 		return;
1264 	}
1265 
1266 	for (i = 0; i < iwe->u.freq.e; i++)
1267 		divi /= 10;
1268 	res->res.freq = iwe->u.freq.m / divi;
1269 }
1270 
1271 
1272 static void wext_get_scan_qual(struct wpa_driver_wext_data *drv,
1273 			       struct iw_event *iwe,
1274 			       struct wext_scan_data *res)
1275 {
1276 	res->res.qual = iwe->u.qual.qual;
1277 	res->res.noise = iwe->u.qual.noise;
1278 	res->res.level = iwe->u.qual.level;
1279 	if (iwe->u.qual.updated & IW_QUAL_QUAL_INVALID)
1280 		res->res.flags |= WPA_SCAN_QUAL_INVALID;
1281 	if (iwe->u.qual.updated & IW_QUAL_LEVEL_INVALID)
1282 		res->res.flags |= WPA_SCAN_LEVEL_INVALID;
1283 	if (iwe->u.qual.updated & IW_QUAL_NOISE_INVALID)
1284 		res->res.flags |= WPA_SCAN_NOISE_INVALID;
1285 	if (iwe->u.qual.updated & IW_QUAL_DBM)
1286 		res->res.flags |= WPA_SCAN_LEVEL_DBM;
1287 	if ((iwe->u.qual.updated & IW_QUAL_DBM) ||
1288 	    ((iwe->u.qual.level != 0) &&
1289 	     (iwe->u.qual.level > drv->max_level))) {
1290 		if (iwe->u.qual.level >= 64)
1291 			res->res.level -= 0x100;
1292 		if (iwe->u.qual.noise >= 64)
1293 			res->res.noise -= 0x100;
1294 	}
1295 }
1296 
1297 
1298 static void wext_get_scan_encode(struct iw_event *iwe,
1299 				 struct wext_scan_data *res)
1300 {
1301 	if (!(iwe->u.data.flags & IW_ENCODE_DISABLED))
1302 		res->res.caps |= IEEE80211_CAP_PRIVACY;
1303 }
1304 
1305 
1306 static void wext_get_scan_rate(struct iw_event *iwe,
1307 			       struct wext_scan_data *res, char *pos,
1308 			       char *end)
1309 {
1310 	int maxrate;
1311 	char *custom = pos + IW_EV_LCP_LEN;
1312 	struct iw_param p;
1313 	size_t clen;
1314 
1315 	clen = iwe->len;
1316 	if (clen > (size_t) (end - custom))
1317 		return;
1318 	maxrate = 0;
1319 	while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
1320 		/* Note: may be misaligned, make a local, aligned copy */
1321 		os_memcpy(&p, custom, sizeof(struct iw_param));
1322 		if (p.value > maxrate)
1323 			maxrate = p.value;
1324 		clen -= sizeof(struct iw_param);
1325 		custom += sizeof(struct iw_param);
1326 	}
1327 
1328 	/* Convert the maxrate from WE-style (b/s units) to
1329 	 * 802.11 rates (500000 b/s units).
1330 	 */
1331 	res->maxrate = maxrate / 500000;
1332 }
1333 
1334 
1335 static void wext_get_scan_iwevgenie(struct iw_event *iwe,
1336 				    struct wext_scan_data *res, char *custom,
1337 				    char *end)
1338 {
1339 	char *genie, *gpos, *gend;
1340 	u8 *tmp;
1341 
1342 	if (iwe->u.data.length == 0)
1343 		return;
1344 
1345 	gpos = genie = custom;
1346 	gend = genie + iwe->u.data.length;
1347 	if (gend > end) {
1348 		wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1349 		return;
1350 	}
1351 
1352 	tmp = os_realloc(res->ie, res->ie_len + gend - gpos);
1353 	if (tmp == NULL)
1354 		return;
1355 	os_memcpy(tmp + res->ie_len, gpos, gend - gpos);
1356 	res->ie = tmp;
1357 	res->ie_len += gend - gpos;
1358 }
1359 
1360 
1361 static void wext_get_scan_custom(struct iw_event *iwe,
1362 				 struct wext_scan_data *res, char *custom,
1363 				 char *end)
1364 {
1365 	size_t clen;
1366 	u8 *tmp;
1367 
1368 	clen = iwe->u.data.length;
1369 	if (clen > (size_t) (end - custom))
1370 		return;
1371 
1372 	if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
1373 		char *spos;
1374 		int bytes;
1375 		spos = custom + 7;
1376 		bytes = custom + clen - spos;
1377 		if (bytes & 1 || bytes == 0)
1378 			return;
1379 		bytes /= 2;
1380 		tmp = os_realloc(res->ie, res->ie_len + bytes);
1381 		if (tmp == NULL)
1382 			return;
1383 		res->ie = tmp;
1384 		if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0)
1385 			return;
1386 		res->ie_len += bytes;
1387 	} else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) {
1388 		char *spos;
1389 		int bytes;
1390 		spos = custom + 7;
1391 		bytes = custom + clen - spos;
1392 		if (bytes & 1 || bytes == 0)
1393 			return;
1394 		bytes /= 2;
1395 		tmp = os_realloc(res->ie, res->ie_len + bytes);
1396 		if (tmp == NULL)
1397 			return;
1398 		res->ie = tmp;
1399 		if (hexstr2bin(spos, tmp + res->ie_len, bytes) < 0)
1400 			return;
1401 		res->ie_len += bytes;
1402 	} else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) {
1403 		char *spos;
1404 		int bytes;
1405 		u8 bin[8];
1406 		spos = custom + 4;
1407 		bytes = custom + clen - spos;
1408 		if (bytes != 16) {
1409 			wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
1410 			return;
1411 		}
1412 		bytes /= 2;
1413 		if (hexstr2bin(spos, bin, bytes) < 0) {
1414 			wpa_printf(MSG_DEBUG, "WEXT: Invalid TSF value");
1415 			return;
1416 		}
1417 		res->res.tsf += WPA_GET_BE64(bin);
1418 	}
1419 }
1420 
1421 
1422 static int wext_19_iw_point(struct wpa_driver_wext_data *drv, u16 cmd)
1423 {
1424 	return drv->we_version_compiled > 18 &&
1425 		(cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE ||
1426 		 cmd == IWEVGENIE || cmd == IWEVCUSTOM);
1427 }
1428 
1429 
1430 static void wpa_driver_wext_add_scan_entry(struct wpa_scan_results *res,
1431 					   struct wext_scan_data *data)
1432 {
1433 	struct wpa_scan_res **tmp;
1434 	struct wpa_scan_res *r;
1435 	size_t extra_len;
1436 	u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL;
1437 
1438 	/* Figure out whether we need to fake any IEs */
1439 	pos = data->ie;
1440 	end = pos + data->ie_len;
1441 	while (pos && end - pos > 1) {
1442 		if (2 + pos[1] > end - pos)
1443 			break;
1444 		if (pos[0] == WLAN_EID_SSID)
1445 			ssid_ie = pos;
1446 		else if (pos[0] == WLAN_EID_SUPP_RATES)
1447 			rate_ie = pos;
1448 		else if (pos[0] == WLAN_EID_EXT_SUPP_RATES)
1449 			rate_ie = pos;
1450 		pos += 2 + pos[1];
1451 	}
1452 
1453 	extra_len = 0;
1454 	if (ssid_ie == NULL)
1455 		extra_len += 2 + data->ssid_len;
1456 	if (rate_ie == NULL && data->maxrate)
1457 		extra_len += 3;
1458 
1459 	r = os_zalloc(sizeof(*r) + extra_len + data->ie_len);
1460 	if (r == NULL)
1461 		return;
1462 	os_memcpy(r, &data->res, sizeof(*r));
1463 	r->ie_len = extra_len + data->ie_len;
1464 	pos = (u8 *) (r + 1);
1465 	if (ssid_ie == NULL) {
1466 		/*
1467 		 * Generate a fake SSID IE since the driver did not report
1468 		 * a full IE list.
1469 		 */
1470 		*pos++ = WLAN_EID_SSID;
1471 		*pos++ = data->ssid_len;
1472 		os_memcpy(pos, data->ssid, data->ssid_len);
1473 		pos += data->ssid_len;
1474 	}
1475 	if (rate_ie == NULL && data->maxrate) {
1476 		/*
1477 		 * Generate a fake Supported Rates IE since the driver did not
1478 		 * report a full IE list.
1479 		 */
1480 		*pos++ = WLAN_EID_SUPP_RATES;
1481 		*pos++ = 1;
1482 		*pos++ = data->maxrate;
1483 	}
1484 	if (data->ie)
1485 		os_memcpy(pos, data->ie, data->ie_len);
1486 
1487 	tmp = os_realloc_array(res->res, res->num + 1,
1488 			       sizeof(struct wpa_scan_res *));
1489 	if (tmp == NULL) {
1490 		os_free(r);
1491 		return;
1492 	}
1493 	tmp[res->num++] = r;
1494 	res->res = tmp;
1495 }
1496 
1497 
1498 /**
1499  * wpa_driver_wext_get_scan_results - Fetch the latest scan results
1500  * @priv: Pointer to private wext data from wpa_driver_wext_init()
1501  * Returns: Scan results on success, -1 on failure
1502  */
1503 struct wpa_scan_results * wpa_driver_wext_get_scan_results(void *priv)
1504 {
1505 	struct wpa_driver_wext_data *drv = priv;
1506 	size_t len;
1507 	int first;
1508 	u8 *res_buf;
1509 	struct iw_event iwe_buf, *iwe = &iwe_buf;
1510 	char *pos, *end, *custom;
1511 	struct wpa_scan_results *res;
1512 	struct wext_scan_data data;
1513 
1514 	res_buf = wpa_driver_wext_giwscan(drv, &len);
1515 	if (res_buf == NULL)
1516 		return NULL;
1517 
1518 	first = 1;
1519 
1520 	res = os_zalloc(sizeof(*res));
1521 	if (res == NULL) {
1522 		os_free(res_buf);
1523 		return NULL;
1524 	}
1525 
1526 	pos = (char *) res_buf;
1527 	end = (char *) res_buf + len;
1528 	os_memset(&data, 0, sizeof(data));
1529 
1530 	while ((size_t) (end - pos) >= IW_EV_LCP_LEN) {
1531 		/* Event data may be unaligned, so make a local, aligned copy
1532 		 * before processing. */
1533 		os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1534 		if (iwe->len <= IW_EV_LCP_LEN || iwe->len > end - pos)
1535 			break;
1536 
1537 		custom = pos + IW_EV_POINT_LEN;
1538 		if (wext_19_iw_point(drv, iwe->cmd)) {
1539 			/* WE-19 removed the pointer from struct iw_point */
1540 			char *dpos = (char *) &iwe_buf.u.data.length;
1541 			int dlen = dpos - (char *) &iwe_buf;
1542 			os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1543 				  sizeof(struct iw_event) - dlen);
1544 		} else {
1545 			os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1546 			custom += IW_EV_POINT_OFF;
1547 		}
1548 
1549 		switch (iwe->cmd) {
1550 		case SIOCGIWAP:
1551 			if (!first)
1552 				wpa_driver_wext_add_scan_entry(res, &data);
1553 			first = 0;
1554 			os_free(data.ie);
1555 			os_memset(&data, 0, sizeof(data));
1556 			os_memcpy(data.res.bssid,
1557 				  iwe->u.ap_addr.sa_data, ETH_ALEN);
1558 			break;
1559 		case SIOCGIWMODE:
1560 			wext_get_scan_mode(iwe, &data);
1561 			break;
1562 		case SIOCGIWESSID:
1563 			wext_get_scan_ssid(iwe, &data, custom, end);
1564 			break;
1565 		case SIOCGIWFREQ:
1566 			wext_get_scan_freq(iwe, &data);
1567 			break;
1568 		case IWEVQUAL:
1569 			wext_get_scan_qual(drv, iwe, &data);
1570 			break;
1571 		case SIOCGIWENCODE:
1572 			wext_get_scan_encode(iwe, &data);
1573 			break;
1574 		case SIOCGIWRATE:
1575 			wext_get_scan_rate(iwe, &data, pos, end);
1576 			break;
1577 		case IWEVGENIE:
1578 			wext_get_scan_iwevgenie(iwe, &data, custom, end);
1579 			break;
1580 		case IWEVCUSTOM:
1581 			wext_get_scan_custom(iwe, &data, custom, end);
1582 			break;
1583 		}
1584 
1585 		pos += iwe->len;
1586 	}
1587 	os_free(res_buf);
1588 	res_buf = NULL;
1589 	if (!first)
1590 		wpa_driver_wext_add_scan_entry(res, &data);
1591 	os_free(data.ie);
1592 
1593 	wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1594 		   (unsigned long) len, (unsigned long) res->num);
1595 
1596 	return res;
1597 }
1598 
1599 
1600 static int wpa_driver_wext_get_range(void *priv)
1601 {
1602 	struct wpa_driver_wext_data *drv = priv;
1603 	struct iw_range *range;
1604 	struct iwreq iwr;
1605 	int minlen;
1606 	size_t buflen;
1607 
1608 	/*
1609 	 * Use larger buffer than struct iw_range in order to allow the
1610 	 * structure to grow in the future.
1611 	 */
1612 	buflen = sizeof(struct iw_range) + 500;
1613 	range = os_zalloc(buflen);
1614 	if (range == NULL)
1615 		return -1;
1616 
1617 	os_memset(&iwr, 0, sizeof(iwr));
1618 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1619 	iwr.u.data.pointer = (caddr_t) range;
1620 	iwr.u.data.length = buflen;
1621 
1622 	minlen = ((char *) &range->enc_capa) - (char *) range +
1623 		sizeof(range->enc_capa);
1624 
1625 	if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1626 		wpa_printf(MSG_ERROR, "ioctl[SIOCGIWRANGE]: %s",
1627 			   strerror(errno));
1628 		os_free(range);
1629 		return -1;
1630 	} else if (iwr.u.data.length >= minlen &&
1631 		   range->we_version_compiled >= 18) {
1632 		wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1633 			   "WE(source)=%d enc_capa=0x%x",
1634 			   range->we_version_compiled,
1635 			   range->we_version_source,
1636 			   range->enc_capa);
1637 		drv->has_capability = 1;
1638 		drv->we_version_compiled = range->we_version_compiled;
1639 		if (range->enc_capa & IW_ENC_CAPA_WPA) {
1640 			drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1641 				WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1642 		}
1643 		if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1644 			drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1645 				WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1646 		}
1647 		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1648 			WPA_DRIVER_CAPA_ENC_WEP104;
1649 		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP128;
1650 		if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1651 			drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1652 		if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1653 			drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1654 		if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE)
1655 			drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK |
1656 				WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X;
1657 		drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1658 			WPA_DRIVER_AUTH_SHARED |
1659 			WPA_DRIVER_AUTH_LEAP;
1660 		drv->capa.max_scan_ssids = 1;
1661 
1662 		wpa_printf(MSG_DEBUG, "  capabilities: key_mgmt 0x%x enc 0x%x "
1663 			   "flags 0x%llx",
1664 			   drv->capa.key_mgmt, drv->capa.enc,
1665 			   (unsigned long long) drv->capa.flags);
1666 	} else {
1667 		wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1668 			   "assuming WPA is not supported");
1669 	}
1670 
1671 	drv->max_level = range->max_qual.level;
1672 
1673 	os_free(range);
1674 	return 0;
1675 }
1676 
1677 
1678 static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv,
1679 				   const u8 *psk)
1680 {
1681 	struct iw_encode_ext *ext;
1682 	struct iwreq iwr;
1683 	int ret;
1684 
1685 	wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1686 
1687 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X))
1688 		return 0;
1689 
1690 	if (!psk)
1691 		return 0;
1692 
1693 	os_memset(&iwr, 0, sizeof(iwr));
1694 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1695 
1696 	ext = os_zalloc(sizeof(*ext) + PMK_LEN);
1697 	if (ext == NULL)
1698 		return -1;
1699 
1700 	iwr.u.encoding.pointer = (caddr_t) ext;
1701 	iwr.u.encoding.length = sizeof(*ext) + PMK_LEN;
1702 	ext->key_len = PMK_LEN;
1703 	os_memcpy(&ext->key, psk, ext->key_len);
1704 	ext->alg = IW_ENCODE_ALG_PMK;
1705 
1706 	ret = ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr);
1707 	if (ret < 0)
1708 		wpa_printf(MSG_ERROR, "ioctl[SIOCSIWENCODEEXT] PMK: %s",
1709 			   strerror(errno));
1710 	os_free(ext);
1711 
1712 	return ret;
1713 }
1714 
1715 
1716 static int wpa_driver_wext_set_key_ext(void *priv, enum wpa_alg alg,
1717 				       const u8 *addr, int key_idx,
1718 				       int set_tx, const u8 *seq,
1719 				       size_t seq_len,
1720 				       const u8 *key, size_t key_len,
1721 				       enum key_flag key_flag)
1722 {
1723 	struct wpa_driver_wext_data *drv = priv;
1724 	struct iwreq iwr;
1725 	int ret = 0;
1726 	struct iw_encode_ext *ext;
1727 
1728 	if (seq_len > IW_ENCODE_SEQ_MAX_SIZE) {
1729 		wpa_printf(MSG_DEBUG, "%s: Invalid seq_len %lu",
1730 			   __FUNCTION__, (unsigned long) seq_len);
1731 		return -1;
1732 	}
1733 
1734 	ext = os_zalloc(sizeof(*ext) + key_len);
1735 	if (ext == NULL)
1736 		return -1;
1737 	os_memset(&iwr, 0, sizeof(iwr));
1738 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1739 	iwr.u.encoding.flags = key_idx + 1;
1740 	iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1741 	if (alg == WPA_ALG_NONE)
1742 		iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1743 	iwr.u.encoding.pointer = (caddr_t) ext;
1744 	iwr.u.encoding.length = sizeof(*ext) + key_len;
1745 
1746 	if (addr == NULL || is_broadcast_ether_addr(addr))
1747 		ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
1748 	if (set_tx)
1749 		ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
1750 
1751 	ext->addr.sa_family = ARPHRD_ETHER;
1752 	if (addr)
1753 		os_memcpy(ext->addr.sa_data, addr, ETH_ALEN);
1754 	else
1755 		os_memset(ext->addr.sa_data, 0xff, ETH_ALEN);
1756 	if (key && key_len) {
1757 		os_memcpy(ext + 1, key, key_len);
1758 		ext->key_len = key_len;
1759 	}
1760 	if (key_flag & KEY_FLAG_PMK) {
1761 		ext->alg = IW_ENCODE_ALG_PMK;
1762 	} else {
1763 		switch (alg) {
1764 		case WPA_ALG_NONE:
1765 			ext->alg = IW_ENCODE_ALG_NONE;
1766 			break;
1767 		case WPA_ALG_WEP:
1768 			ext->alg = IW_ENCODE_ALG_WEP;
1769 			break;
1770 		case WPA_ALG_TKIP:
1771 			ext->alg = IW_ENCODE_ALG_TKIP;
1772 			break;
1773 		case WPA_ALG_CCMP:
1774 			ext->alg = IW_ENCODE_ALG_CCMP;
1775 			break;
1776 		case WPA_ALG_BIP_CMAC_128:
1777 			ext->alg = IW_ENCODE_ALG_AES_CMAC;
1778 			break;
1779 		default:
1780 			wpa_printf(MSG_DEBUG, "%s: Unknown algorithm %d",
1781 				   __FUNCTION__, alg);
1782 			os_free(ext);
1783 			return -1;
1784 		}
1785 	}
1786 
1787 	if (seq && seq_len) {
1788 		ext->ext_flags |= IW_ENCODE_EXT_RX_SEQ_VALID;
1789 		os_memcpy(ext->rx_seq, seq, seq_len);
1790 	}
1791 
1792 	if (ioctl(drv->ioctl_sock, SIOCSIWENCODEEXT, &iwr) < 0) {
1793 		ret = errno == EOPNOTSUPP ? -2 : -1;
1794 		if (errno == ENODEV) {
1795 			/*
1796 			 * ndiswrapper seems to be returning incorrect error
1797 			 * code.. */
1798 			ret = -2;
1799 		}
1800 
1801 		wpa_printf(MSG_ERROR, "ioctl[SIOCSIWENCODEEXT]: %s",
1802 			   strerror(errno));
1803 	}
1804 
1805 	os_free(ext);
1806 	return ret;
1807 }
1808 
1809 
1810 /**
1811  * wpa_driver_wext_set_key - Configure encryption key
1812  * @priv: Pointer to private wext data from wpa_driver_wext_init()
1813  * @params: Key parameters
1814  * Returns: 0 on success, -1 on failure
1815  *
1816  * This function uses SIOCSIWENCODEEXT by default, but tries to use
1817  * SIOCSIWENCODE if the extended ioctl fails when configuring a WEP key.
1818  */
1819 static int wpa_driver_wext_set_key(void *priv,
1820 				   struct wpa_driver_set_key_params *params)
1821 {
1822 	struct wpa_driver_wext_data *drv = priv;
1823 	struct iwreq iwr;
1824 	int ret = 0;
1825 	enum wpa_alg alg = params->alg;
1826 	enum key_flag key_flag = params->key_flag;
1827 	const u8 *addr = params->addr;
1828 	int key_idx = params->key_idx;
1829 	int set_tx = params->set_tx;
1830 	const u8 *seq = params->seq;
1831 	size_t seq_len = params->seq_len;
1832 	const u8 *key = params->key;
1833 	size_t key_len = params->key_len;
1834 
1835 	wpa_printf(MSG_DEBUG, "%s: alg=%d key_idx=%d set_tx=%d seq_len=%lu "
1836 		   "key_len=%lu",
1837 		   __FUNCTION__, alg, key_idx, set_tx,
1838 		   (unsigned long) seq_len, (unsigned long) key_len);
1839 
1840 	ret = wpa_driver_wext_set_key_ext(drv, alg, addr, key_idx, set_tx,
1841 					  seq, seq_len, key, key_len, key_flag);
1842 	if (ret == 0)
1843 		return 0;
1844 
1845 	if (ret == -2 &&
1846 	    (alg == WPA_ALG_NONE || alg == WPA_ALG_WEP)) {
1847 		wpa_printf(MSG_DEBUG, "Driver did not support "
1848 			   "SIOCSIWENCODEEXT, trying SIOCSIWENCODE");
1849 		ret = 0;
1850 	} else {
1851 		wpa_printf(MSG_DEBUG, "Driver did not support "
1852 			   "SIOCSIWENCODEEXT");
1853 		return ret;
1854 	}
1855 
1856 	os_memset(&iwr, 0, sizeof(iwr));
1857 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1858 	iwr.u.encoding.flags = key_idx + 1;
1859 	iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1860 	if (alg == WPA_ALG_NONE)
1861 		iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1862 	iwr.u.encoding.pointer = (caddr_t) key;
1863 	iwr.u.encoding.length = key_len;
1864 
1865 	if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1866 		wpa_printf(MSG_ERROR, "ioctl[SIOCSIWENCODE]: %s",
1867 			   strerror(errno));
1868 		ret = -1;
1869 	}
1870 
1871 	if (set_tx && alg != WPA_ALG_NONE) {
1872 		os_memset(&iwr, 0, sizeof(iwr));
1873 		os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1874 		iwr.u.encoding.flags = key_idx + 1;
1875 		iwr.u.encoding.flags |= IW_ENCODE_TEMP;
1876 		iwr.u.encoding.pointer = (caddr_t) NULL;
1877 		iwr.u.encoding.length = 0;
1878 		if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1879 			wpa_printf(MSG_ERROR,
1880 				   "ioctl[SIOCSIWENCODE] (set_tx): %s",
1881 				   strerror(errno));
1882 			ret = -1;
1883 		}
1884 	}
1885 
1886 	return ret;
1887 }
1888 
1889 
1890 static int wpa_driver_wext_set_countermeasures(void *priv,
1891 					       int enabled)
1892 {
1893 	struct wpa_driver_wext_data *drv = priv;
1894 	wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1895 	return wpa_driver_wext_set_auth_param(drv,
1896 					      IW_AUTH_TKIP_COUNTERMEASURES,
1897 					      enabled);
1898 }
1899 
1900 
1901 static int wpa_driver_wext_set_drop_unencrypted(void *priv,
1902 						int enabled)
1903 {
1904 	struct wpa_driver_wext_data *drv = priv;
1905 	wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1906 	drv->use_crypt = enabled;
1907 	return wpa_driver_wext_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
1908 					      enabled);
1909 }
1910 
1911 
1912 static int wpa_driver_wext_mlme(struct wpa_driver_wext_data *drv,
1913 				const u8 *addr, int cmd, u16 reason_code)
1914 {
1915 	struct iwreq iwr;
1916 	struct iw_mlme mlme;
1917 	int ret = 0;
1918 
1919 	os_memset(&iwr, 0, sizeof(iwr));
1920 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1921 	os_memset(&mlme, 0, sizeof(mlme));
1922 	mlme.cmd = cmd;
1923 	mlme.reason_code = reason_code;
1924 	mlme.addr.sa_family = ARPHRD_ETHER;
1925 	os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
1926 	iwr.u.data.pointer = (caddr_t) &mlme;
1927 	iwr.u.data.length = sizeof(mlme);
1928 
1929 	if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
1930 		wpa_printf(MSG_ERROR, "ioctl[SIOCSIWMLME]: %s",
1931 			   strerror(errno));
1932 		ret = -1;
1933 	}
1934 
1935 	return ret;
1936 }
1937 
1938 
1939 static void wpa_driver_wext_disconnect(struct wpa_driver_wext_data *drv)
1940 {
1941 	struct iwreq iwr;
1942 	const u8 null_bssid[ETH_ALEN] = { 0, 0, 0, 0, 0, 0 };
1943 	u8 ssid[SSID_MAX_LEN];
1944 	int i;
1945 
1946 	/*
1947 	 * Only force-disconnect when the card is in infrastructure mode,
1948 	 * otherwise the driver might interpret the cleared BSSID and random
1949 	 * SSID as an attempt to create a new ad-hoc network.
1950 	 */
1951 	os_memset(&iwr, 0, sizeof(iwr));
1952 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1953 	if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
1954 		wpa_printf(MSG_ERROR, "ioctl[SIOCGIWMODE]: %s",
1955 			   strerror(errno));
1956 		iwr.u.mode = IW_MODE_INFRA;
1957 	}
1958 
1959 	if (iwr.u.mode == IW_MODE_INFRA) {
1960 		/* Clear the BSSID selection */
1961 		if (wpa_driver_wext_set_bssid(drv, null_bssid) < 0) {
1962 			wpa_printf(MSG_DEBUG, "WEXT: Failed to clear BSSID "
1963 				   "selection on disconnect");
1964 		}
1965 
1966 		if (drv->cfg80211) {
1967 			/*
1968 			 * cfg80211 supports SIOCSIWMLME commands, so there is
1969 			 * no need for the random SSID hack, but clear the
1970 			 * SSID.
1971 			 */
1972 			if (wpa_driver_wext_set_ssid(drv, (u8 *) "", 0) < 0) {
1973 				wpa_printf(MSG_DEBUG, "WEXT: Failed to clear "
1974 					   "SSID on disconnect");
1975 			}
1976 			return;
1977 		}
1978 
1979 		/*
1980 		 * Set a random SSID to make sure the driver will not be trying
1981 		 * to associate with something even if it does not understand
1982 		 * SIOCSIWMLME commands (or tries to associate automatically
1983 		 * after deauth/disassoc).
1984 		 */
1985 		for (i = 0; i < SSID_MAX_LEN; i++)
1986 			ssid[i] = rand() & 0xFF;
1987 		if (wpa_driver_wext_set_ssid(drv, ssid, SSID_MAX_LEN) < 0) {
1988 			wpa_printf(MSG_DEBUG, "WEXT: Failed to set bogus "
1989 				   "SSID to disconnect");
1990 		}
1991 	}
1992 }
1993 
1994 
1995 static int wpa_driver_wext_deauthenticate(void *priv, const u8 *addr,
1996 					  u16 reason_code)
1997 {
1998 	struct wpa_driver_wext_data *drv = priv;
1999 	int ret;
2000 	wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2001 	ret = wpa_driver_wext_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
2002 	wpa_driver_wext_disconnect(drv);
2003 	return ret;
2004 }
2005 
2006 
2007 static int wpa_driver_wext_set_gen_ie(void *priv, const u8 *ie,
2008 				      size_t ie_len)
2009 {
2010 	struct wpa_driver_wext_data *drv = priv;
2011 	struct iwreq iwr;
2012 	int ret = 0;
2013 
2014 	os_memset(&iwr, 0, sizeof(iwr));
2015 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2016 	iwr.u.data.pointer = (caddr_t) ie;
2017 	iwr.u.data.length = ie_len;
2018 
2019 	if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
2020 		wpa_printf(MSG_ERROR, "ioctl[SIOCSIWGENIE]: %s",
2021 			   strerror(errno));
2022 		ret = -1;
2023 	}
2024 
2025 	return ret;
2026 }
2027 
2028 
2029 int wpa_driver_wext_cipher2wext(int cipher)
2030 {
2031 	switch (cipher) {
2032 	case WPA_CIPHER_NONE:
2033 		return IW_AUTH_CIPHER_NONE;
2034 	case WPA_CIPHER_WEP40:
2035 		return IW_AUTH_CIPHER_WEP40;
2036 	case WPA_CIPHER_TKIP:
2037 		return IW_AUTH_CIPHER_TKIP;
2038 	case WPA_CIPHER_CCMP:
2039 		return IW_AUTH_CIPHER_CCMP;
2040 	case WPA_CIPHER_WEP104:
2041 		return IW_AUTH_CIPHER_WEP104;
2042 	default:
2043 		return 0;
2044 	}
2045 }
2046 
2047 
2048 int wpa_driver_wext_keymgmt2wext(int keymgmt)
2049 {
2050 	switch (keymgmt) {
2051 	case WPA_KEY_MGMT_IEEE8021X:
2052 	case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
2053 		return IW_AUTH_KEY_MGMT_802_1X;
2054 	case WPA_KEY_MGMT_PSK:
2055 		return IW_AUTH_KEY_MGMT_PSK;
2056 	default:
2057 		return 0;
2058 	}
2059 }
2060 
2061 
2062 static int
2063 wpa_driver_wext_auth_alg_fallback(struct wpa_driver_wext_data *drv,
2064 				  struct wpa_driver_associate_params *params)
2065 {
2066 	struct iwreq iwr;
2067 	int ret = 0;
2068 
2069 	wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
2070 		   "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
2071 
2072 	os_memset(&iwr, 0, sizeof(iwr));
2073 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2074 	/* Just changing mode, not actual keys */
2075 	iwr.u.encoding.flags = 0;
2076 	iwr.u.encoding.pointer = (caddr_t) NULL;
2077 	iwr.u.encoding.length = 0;
2078 
2079 	/*
2080 	 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
2081 	 * different things. Here they are used to indicate Open System vs.
2082 	 * Shared Key authentication algorithm. However, some drivers may use
2083 	 * them to select between open/restricted WEP encrypted (open = allow
2084 	 * both unencrypted and encrypted frames; restricted = only allow
2085 	 * encrypted frames).
2086 	 */
2087 
2088 	if (!drv->use_crypt) {
2089 		iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
2090 	} else {
2091 		if (params->auth_alg & WPA_AUTH_ALG_OPEN)
2092 			iwr.u.encoding.flags |= IW_ENCODE_OPEN;
2093 		if (params->auth_alg & WPA_AUTH_ALG_SHARED)
2094 			iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
2095 	}
2096 
2097 	if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
2098 		wpa_printf(MSG_ERROR, "ioctl[SIOCSIWENCODE]: %s",
2099 			   strerror(errno));
2100 		ret = -1;
2101 	}
2102 
2103 	return ret;
2104 }
2105 
2106 
2107 int wpa_driver_wext_associate(void *priv,
2108 			      struct wpa_driver_associate_params *params)
2109 {
2110 	struct wpa_driver_wext_data *drv = priv;
2111 	int ret = 0;
2112 	int allow_unencrypted_eapol;
2113 	int value;
2114 
2115 	wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2116 
2117 	if (drv->cfg80211) {
2118 		/*
2119 		 * Stop cfg80211 from trying to associate before we are done
2120 		 * with all parameters.
2121 		 */
2122 		if (wpa_driver_wext_set_ssid(drv, (u8 *) "", 0) < 0) {
2123 			wpa_printf(MSG_DEBUG,
2124 				   "WEXT: Failed to clear SSID to stop pending cfg80211 association attempts (if any)");
2125 			/* continue anyway */
2126 		}
2127 	}
2128 
2129 	if (wpa_driver_wext_set_drop_unencrypted(drv, params->drop_unencrypted)
2130 	    < 0)
2131 		ret = -1;
2132 	if (wpa_driver_wext_set_auth_alg(drv, params->auth_alg) < 0)
2133 		ret = -1;
2134 	if (wpa_driver_wext_set_mode(drv, params->mode) < 0)
2135 		ret = -1;
2136 
2137 	/*
2138 	 * If the driver did not support SIOCSIWAUTH, fallback to
2139 	 * SIOCSIWENCODE here.
2140 	 */
2141 	if (drv->auth_alg_fallback &&
2142 	    wpa_driver_wext_auth_alg_fallback(drv, params) < 0)
2143 		ret = -1;
2144 
2145 	if (!params->bssid &&
2146 	    wpa_driver_wext_set_bssid(drv, NULL) < 0)
2147 		ret = -1;
2148 
2149 	/* TODO: should consider getting wpa version and cipher/key_mgmt suites
2150 	 * from configuration, not from here, where only the selected suite is
2151 	 * available */
2152 	if (wpa_driver_wext_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
2153 	    < 0)
2154 		ret = -1;
2155 	if (params->wpa_proto & WPA_PROTO_RSN)
2156 		value = IW_AUTH_WPA_VERSION_WPA2;
2157 	else if (params->wpa_proto & WPA_PROTO_WPA)
2158 		value = IW_AUTH_WPA_VERSION_WPA;
2159 	else
2160 		value = IW_AUTH_WPA_VERSION_DISABLED;
2161 	if (wpa_driver_wext_set_auth_param(drv,
2162 					   IW_AUTH_WPA_VERSION, value) < 0)
2163 		ret = -1;
2164 	value = wpa_driver_wext_cipher2wext(params->pairwise_suite);
2165 	if (wpa_driver_wext_set_auth_param(drv,
2166 					   IW_AUTH_CIPHER_PAIRWISE, value) < 0)
2167 		ret = -1;
2168 	value = wpa_driver_wext_cipher2wext(params->group_suite);
2169 	if (wpa_driver_wext_set_auth_param(drv,
2170 					   IW_AUTH_CIPHER_GROUP, value) < 0)
2171 		ret = -1;
2172 	value = wpa_driver_wext_keymgmt2wext(params->key_mgmt_suite);
2173 	if (wpa_driver_wext_set_auth_param(drv,
2174 					   IW_AUTH_KEY_MGMT, value) < 0)
2175 		ret = -1;
2176 	value = params->key_mgmt_suite != WPA_KEY_MGMT_NONE ||
2177 		params->pairwise_suite != WPA_CIPHER_NONE ||
2178 		params->group_suite != WPA_CIPHER_NONE ||
2179 		(params->wpa_proto & (WPA_PROTO_RSN | WPA_PROTO_WPA));
2180 	if (wpa_driver_wext_set_auth_param(drv,
2181 					   IW_AUTH_PRIVACY_INVOKED, value) < 0)
2182 		ret = -1;
2183 
2184 	/* Allow unencrypted EAPOL messages even if pairwise keys are set when
2185 	 * not using WPA. IEEE 802.1X specifies that these frames are not
2186 	 * encrypted, but WPA encrypts them when pairwise keys are in use. */
2187 	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
2188 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK)
2189 		allow_unencrypted_eapol = 0;
2190 	else
2191 		allow_unencrypted_eapol = 1;
2192 
2193 	if (wpa_driver_wext_set_psk(drv, params->psk) < 0)
2194 		ret = -1;
2195 	if (wpa_driver_wext_set_auth_param(drv,
2196 					   IW_AUTH_RX_UNENCRYPTED_EAPOL,
2197 					   allow_unencrypted_eapol) < 0)
2198 		ret = -1;
2199 	switch (params->mgmt_frame_protection) {
2200 	case NO_MGMT_FRAME_PROTECTION:
2201 		value = IW_AUTH_MFP_DISABLED;
2202 		break;
2203 	case MGMT_FRAME_PROTECTION_OPTIONAL:
2204 		value = IW_AUTH_MFP_OPTIONAL;
2205 		break;
2206 	case MGMT_FRAME_PROTECTION_REQUIRED:
2207 		value = IW_AUTH_MFP_REQUIRED;
2208 		break;
2209 	};
2210 	if (wpa_driver_wext_set_auth_param(drv, IW_AUTH_MFP, value) < 0)
2211 		ret = -1;
2212 	if (params->freq.freq &&
2213 	    wpa_driver_wext_set_freq(drv, params->freq.freq) < 0)
2214 		ret = -1;
2215 	if (!drv->cfg80211 &&
2216 	    wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2217 		ret = -1;
2218 	if (params->bssid &&
2219 	    wpa_driver_wext_set_bssid(drv, params->bssid) < 0)
2220 		ret = -1;
2221 	if (drv->cfg80211 &&
2222 	    wpa_driver_wext_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2223 		ret = -1;
2224 
2225 	return ret;
2226 }
2227 
2228 
2229 static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
2230 {
2231 	struct wpa_driver_wext_data *drv = priv;
2232 	int algs = 0, res;
2233 
2234 	if (auth_alg & WPA_AUTH_ALG_OPEN)
2235 		algs |= IW_AUTH_ALG_OPEN_SYSTEM;
2236 	if (auth_alg & WPA_AUTH_ALG_SHARED)
2237 		algs |= IW_AUTH_ALG_SHARED_KEY;
2238 	if (auth_alg & WPA_AUTH_ALG_LEAP)
2239 		algs |= IW_AUTH_ALG_LEAP;
2240 	if (algs == 0) {
2241 		/* at least one algorithm should be set */
2242 		algs = IW_AUTH_ALG_OPEN_SYSTEM;
2243 	}
2244 
2245 	res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
2246 					     algs);
2247 	drv->auth_alg_fallback = res == -2;
2248 	return res;
2249 }
2250 
2251 
2252 /**
2253  * wpa_driver_wext_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
2254  * @priv: Pointer to private wext data from wpa_driver_wext_init()
2255  * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2256  * Returns: 0 on success, -1 on failure
2257  */
2258 int wpa_driver_wext_set_mode(void *priv, int mode)
2259 {
2260 	struct wpa_driver_wext_data *drv = priv;
2261 	struct iwreq iwr;
2262 	int ret = -1;
2263 	unsigned int new_mode = mode ? IW_MODE_ADHOC : IW_MODE_INFRA;
2264 
2265 	os_memset(&iwr, 0, sizeof(iwr));
2266 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2267 	iwr.u.mode = new_mode;
2268 	if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) == 0) {
2269 		ret = 0;
2270 		goto done;
2271 	}
2272 
2273 	if (errno != EBUSY) {
2274 		wpa_printf(MSG_ERROR, "ioctl[SIOCSIWMODE]: %s",
2275 			   strerror(errno));
2276 		goto done;
2277 	}
2278 
2279 	/* mac80211 doesn't allow mode changes while the device is up, so if
2280 	 * the device isn't in the mode we're about to change to, take device
2281 	 * down, try to set the mode again, and bring it back up.
2282 	 */
2283 	if (ioctl(drv->ioctl_sock, SIOCGIWMODE, &iwr) < 0) {
2284 		wpa_printf(MSG_ERROR, "ioctl[SIOCGIWMODE]: %s",
2285 			   strerror(errno));
2286 		goto done;
2287 	}
2288 
2289 	if (iwr.u.mode == new_mode) {
2290 		ret = 0;
2291 		goto done;
2292 	}
2293 
2294 	if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0) == 0) {
2295 		/* Try to set the mode again while the interface is down */
2296 		iwr.u.mode = new_mode;
2297 		if (ioctl(drv->ioctl_sock, SIOCSIWMODE, &iwr) < 0)
2298 			wpa_printf(MSG_ERROR, "ioctl[SIOCSIWMODE]: %s",
2299 				   strerror(errno));
2300 		else
2301 			ret = 0;
2302 
2303 		(void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1);
2304 	}
2305 
2306 done:
2307 	return ret;
2308 }
2309 
2310 
2311 static int wpa_driver_wext_pmksa(struct wpa_driver_wext_data *drv,
2312 				 u32 cmd, const u8 *bssid, const u8 *pmkid)
2313 {
2314 	struct iwreq iwr;
2315 	struct iw_pmksa pmksa;
2316 	int ret = 0;
2317 
2318 	os_memset(&iwr, 0, sizeof(iwr));
2319 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2320 	os_memset(&pmksa, 0, sizeof(pmksa));
2321 	pmksa.cmd = cmd;
2322 	pmksa.bssid.sa_family = ARPHRD_ETHER;
2323 	if (bssid)
2324 		os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2325 	if (pmkid)
2326 		os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2327 	iwr.u.data.pointer = (caddr_t) &pmksa;
2328 	iwr.u.data.length = sizeof(pmksa);
2329 
2330 	if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2331 		if (errno != EOPNOTSUPP)
2332 			wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPMKSA]: %s",
2333 				   strerror(errno));
2334 		ret = -1;
2335 	}
2336 
2337 	return ret;
2338 }
2339 
2340 
2341 static int wpa_driver_wext_add_pmkid(void *priv,
2342 				     struct wpa_pmkid_params *params)
2343 {
2344 	struct wpa_driver_wext_data *drv = priv;
2345 	return wpa_driver_wext_pmksa(drv, IW_PMKSA_ADD, params->bssid,
2346 				     params->pmkid);
2347 }
2348 
2349 
2350 static int wpa_driver_wext_remove_pmkid(void *priv,
2351 					struct wpa_pmkid_params *params)
2352 {
2353 	struct wpa_driver_wext_data *drv = priv;
2354 	return wpa_driver_wext_pmksa(drv, IW_PMKSA_REMOVE, params->bssid,
2355 				     params->pmkid);
2356 }
2357 
2358 
2359 static int wpa_driver_wext_flush_pmkid(void *priv)
2360 {
2361 	struct wpa_driver_wext_data *drv = priv;
2362 	return wpa_driver_wext_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2363 }
2364 
2365 
2366 int wpa_driver_wext_get_capa(void *priv, struct wpa_driver_capa *capa)
2367 {
2368 	struct wpa_driver_wext_data *drv = priv;
2369 	if (!drv->has_capability)
2370 		return -1;
2371 	os_memcpy(capa, &drv->capa, sizeof(*capa));
2372 	return 0;
2373 }
2374 
2375 
2376 int wpa_driver_wext_alternative_ifindex(struct wpa_driver_wext_data *drv,
2377 					const char *ifname)
2378 {
2379 	if (ifname == NULL) {
2380 		drv->ifindex2 = -1;
2381 		return 0;
2382 	}
2383 
2384 	drv->ifindex2 = if_nametoindex(ifname);
2385 	if (drv->ifindex2 <= 0)
2386 		return -1;
2387 
2388 	wpa_printf(MSG_DEBUG, "Added alternative ifindex %d (%s) for "
2389 		   "wireless events", drv->ifindex2, ifname);
2390 
2391 	return 0;
2392 }
2393 
2394 
2395 int wpa_driver_wext_set_operstate(void *priv, int state)
2396 {
2397 	struct wpa_driver_wext_data *drv = priv;
2398 
2399 	wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2400 		   __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2401 	drv->operstate = state;
2402 	return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
2403 				      state ? IF_OPER_UP : IF_OPER_DORMANT);
2404 }
2405 
2406 
2407 int wpa_driver_wext_get_version(struct wpa_driver_wext_data *drv)
2408 {
2409 	return drv->we_version_compiled;
2410 }
2411 
2412 
2413 static const char * wext_get_radio_name(void *priv)
2414 {
2415 	struct wpa_driver_wext_data *drv = priv;
2416 	return drv->phyname;
2417 }
2418 
2419 
2420 static int wpa_driver_wext_signal_poll(void *priv, struct wpa_signal_info *si)
2421 {
2422 	struct wpa_driver_wext_data *drv = priv;
2423 	struct iw_statistics stats;
2424 	struct iwreq iwr;
2425 
2426 	os_memset(si, 0, sizeof(*si));
2427 	si->current_signal = -WPA_INVALID_NOISE;
2428 	si->current_noise = WPA_INVALID_NOISE;
2429 	si->chanwidth = CHAN_WIDTH_UNKNOWN;
2430 
2431 	os_memset(&iwr, 0, sizeof(iwr));
2432 	os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2433 	iwr.u.data.pointer = (caddr_t) &stats;
2434 	iwr.u.data.length = sizeof(stats);
2435 	iwr.u.data.flags = 1;
2436 
2437 	if (ioctl(drv->ioctl_sock, SIOCGIWSTATS, &iwr) < 0) {
2438 		wpa_printf(MSG_ERROR, "WEXT: SIOCGIWSTATS: %s",
2439 			   strerror(errno));
2440 		return -1;
2441 	}
2442 
2443 	si->current_signal = stats.qual.level -
2444 		((stats.qual.updated & IW_QUAL_DBM) ? 0x100 : 0);
2445 	si->current_noise = stats.qual.noise -
2446 		((stats.qual.updated & IW_QUAL_DBM) ? 0x100 : 0);
2447 	return 0;
2448 }
2449 
2450 
2451 static int wpa_driver_wext_status(void *priv, char *buf, size_t buflen)
2452 {
2453 	struct wpa_driver_wext_data *drv = priv;
2454 	int res;
2455 	char *pos, *end;
2456 	unsigned char addr[ETH_ALEN];
2457 
2458 	pos = buf;
2459 	end = buf + buflen;
2460 
2461 	if (linux_get_ifhwaddr(drv->ioctl_sock, drv->ifname, addr))
2462 		return -1;
2463 
2464 	res = os_snprintf(pos, end - pos,
2465 			  "ifindex=%d\n"
2466 			  "ifname=%s\n"
2467 			  "addr=" MACSTR "\n",
2468 			  drv->ifindex,
2469 			  drv->ifname,
2470 			  MAC2STR(addr));
2471 	if (os_snprintf_error(end - pos, res))
2472 		return pos - buf;
2473 	pos += res;
2474 
2475 	return pos - buf;
2476 }
2477 
2478 const struct wpa_driver_ops wpa_driver_wext_ops = {
2479 	.name = "wext",
2480 	.desc = "Linux wireless extensions (generic)",
2481 	.get_bssid = wpa_driver_wext_get_bssid,
2482 	.get_ssid = wpa_driver_wext_get_ssid,
2483 	.set_key = wpa_driver_wext_set_key,
2484 	.set_countermeasures = wpa_driver_wext_set_countermeasures,
2485 	.scan2 = wpa_driver_wext_scan,
2486 	.get_scan_results2 = wpa_driver_wext_get_scan_results,
2487 	.deauthenticate = wpa_driver_wext_deauthenticate,
2488 	.associate = wpa_driver_wext_associate,
2489 	.init = wpa_driver_wext_init,
2490 	.deinit = wpa_driver_wext_deinit,
2491 	.add_pmkid = wpa_driver_wext_add_pmkid,
2492 	.remove_pmkid = wpa_driver_wext_remove_pmkid,
2493 	.flush_pmkid = wpa_driver_wext_flush_pmkid,
2494 	.get_capa = wpa_driver_wext_get_capa,
2495 	.set_operstate = wpa_driver_wext_set_operstate,
2496 	.get_radio_name = wext_get_radio_name,
2497 	.signal_poll = wpa_driver_wext_signal_poll,
2498 	.status = wpa_driver_wext_status,
2499 };
2500