1/*
2 * WPA Supplicant - driver interaction with BSD net80211 layer
3 * Copyright (c) 2004, Sam Leffler <sam@errno.com>
4 * Copyright (c) 2004, 2Wire, Inc
5 *
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
8 */
9
10#include "includes.h"
11#include <sys/ioctl.h>
12#include <sys/sysctl.h>
13
14#include "common.h"
15#include "driver.h"
16#include "eloop.h"
17#include "common/ieee802_11_defs.h"
18#include "common/wpa_common.h"
19
20#include <net/if.h>
21#include <net/if_media.h>
22
23#ifdef __NetBSD__
24#include <net/if_ether.h>
25#else
26#include <net/ethernet.h>
27#endif
28#include <net/route.h>
29
30#ifdef __DragonFly__
31#include <netproto/802_11/ieee80211_ioctl.h>
32#include <netproto/802_11/ieee80211_dragonfly.h>
33#else /* __DragonFly__ */
34#ifdef __GLIBC__
35#include <netinet/ether.h>
36#endif /* __GLIBC__ */
37#include <net80211/ieee80211.h>
38#include <net80211/ieee80211_ioctl.h>
39#include <net80211/ieee80211_crypto.h>
40#endif /* __DragonFly__ || __GLIBC__ */
41#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
42#include <net80211/ieee80211_freebsd.h>
43#endif
44#if __NetBSD__
45#include <net80211/ieee80211_netbsd.h>
46#endif
47
48#include "l2_packet/l2_packet.h"
49
50struct bsd_driver_global {
51	void		*ctx;
52	int		sock;			/* socket for 802.11 ioctls */
53	int		route;			/* routing socket for events */
54	char		*event_buf;
55	size_t		event_buf_len;
56	struct dl_list	ifaces;			/* list of interfaces */
57};
58
59struct bsd_driver_data {
60	struct dl_list	list;
61	struct bsd_driver_global *global;
62	struct hostapd_data *hapd;	/* back pointer */
63
64	struct l2_packet_data *sock_xmit;/* raw packet xmit socket */
65	char	ifname[IFNAMSIZ+1];	/* interface name */
66	int	flags;
67	unsigned int ifindex;		/* interface index */
68	int	if_removed;		/* has the interface been removed? */
69	void	*ctx;
70	struct wpa_driver_capa capa;	/* driver capability */
71	int	is_ap;			/* Access point mode */
72	int	prev_roaming;	/* roaming state to restore on deinit */
73	int	prev_privacy;	/* privacy state to restore on deinit */
74	int	prev_wpa;	/* wpa state to restore on deinit */
75	enum ieee80211_opmode opmode;	/* operation mode */
76};
77
78/* Generic functions for hostapd and wpa_supplicant */
79static struct bsd_driver_data *
80bsd_get_drvindex(void *priv, unsigned int ifindex)
81{
82	struct bsd_driver_global *global = priv;
83	struct bsd_driver_data *drv;
84
85	dl_list_for_each(drv, &global->ifaces, struct bsd_driver_data, list) {
86		if (drv->ifindex == ifindex)
87			return drv;
88	}
89	return NULL;
90}
91
92#ifndef HOSTAPD
93static struct bsd_driver_data *
94bsd_get_drvname(void *priv, const char *ifname)
95{
96	struct bsd_driver_global *global = priv;
97	struct bsd_driver_data *drv;
98
99	dl_list_for_each(drv, &global->ifaces, struct bsd_driver_data, list) {
100		if (os_strcmp(drv->ifname, ifname) == 0)
101			return drv;
102	}
103	return NULL;
104}
105#endif /* HOSTAPD */
106
107static int
108bsd_set80211(void *priv, int op, int val, const void *arg, int arg_len)
109{
110	struct bsd_driver_data *drv = priv;
111	struct ieee80211req ireq;
112
113	if (drv->ifindex == 0 || drv->if_removed)
114		return -1;
115
116	os_memset(&ireq, 0, sizeof(ireq));
117	os_strlcpy(ireq.i_name, drv->ifname, sizeof(ireq.i_name));
118	ireq.i_type = op;
119	ireq.i_val = val;
120	ireq.i_data = (void *) arg;
121	ireq.i_len = arg_len;
122
123	if (ioctl(drv->global->sock, SIOCS80211, &ireq) < 0) {
124		wpa_printf(MSG_ERROR, "ioctl[SIOCS80211, op=%u, val=%u, "
125			   "arg_len=%u]: %s", op, val, arg_len,
126			   strerror(errno));
127		return -1;
128	}
129	return 0;
130}
131
132static int
133bsd_get80211(void *priv, struct ieee80211req *ireq, int op, void *arg,
134	     int arg_len)
135{
136	struct bsd_driver_data *drv = priv;
137
138	os_memset(ireq, 0, sizeof(*ireq));
139	os_strlcpy(ireq->i_name, drv->ifname, sizeof(ireq->i_name));
140	ireq->i_type = op;
141	ireq->i_len = arg_len;
142	ireq->i_data = arg;
143
144	if (ioctl(drv->global->sock, SIOCG80211, ireq) < 0) {
145		wpa_printf(MSG_ERROR, "ioctl[SIOCG80211, op=%u, "
146			   "arg_len=%u]: %s", op, arg_len, strerror(errno));
147		return -1;
148	}
149	return 0;
150}
151
152static int
153get80211var(struct bsd_driver_data *drv, int op, void *arg, int arg_len)
154{
155	struct ieee80211req ireq;
156
157	if (bsd_get80211(drv, &ireq, op, arg, arg_len) < 0)
158		return -1;
159	return ireq.i_len;
160}
161
162static int
163set80211var(struct bsd_driver_data *drv, int op, const void *arg, int arg_len)
164{
165	return bsd_set80211(drv, op, 0, arg, arg_len);
166}
167
168static int
169set80211param(struct bsd_driver_data *drv, int op, int arg)
170{
171	return bsd_set80211(drv, op, arg, NULL, 0);
172}
173
174static int
175bsd_get_ssid(void *priv, u8 *ssid, int len)
176{
177	struct bsd_driver_data *drv = priv;
178#ifdef SIOCG80211NWID
179	struct ieee80211_nwid nwid;
180	struct ifreq ifr;
181
182	os_memset(&ifr, 0, sizeof(ifr));
183	os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
184	ifr.ifr_data = (void *)&nwid;
185	if (ioctl(drv->global->sock, SIOCG80211NWID, &ifr) < 0 ||
186	    nwid.i_len > IEEE80211_NWID_LEN)
187		return -1;
188	os_memcpy(ssid, nwid.i_nwid, nwid.i_len);
189	return nwid.i_len;
190#else
191	return get80211var(drv, IEEE80211_IOC_SSID, ssid, IEEE80211_NWID_LEN);
192#endif
193}
194
195static int
196bsd_set_ssid(void *priv, const u8 *ssid, int ssid_len)
197{
198	struct bsd_driver_data *drv = priv;
199#ifdef SIOCS80211NWID
200	struct ieee80211_nwid nwid;
201	struct ifreq ifr;
202
203	os_memcpy(nwid.i_nwid, ssid, ssid_len);
204	nwid.i_len = ssid_len;
205	os_memset(&ifr, 0, sizeof(ifr));
206	os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
207	ifr.ifr_data = (void *)&nwid;
208	return ioctl(drv->global->sock, SIOCS80211NWID, &ifr);
209#else
210	return set80211var(drv, IEEE80211_IOC_SSID, ssid, ssid_len);
211#endif
212}
213
214static int
215bsd_get_if_media(void *priv)
216{
217	struct bsd_driver_data *drv = priv;
218	struct ifmediareq ifmr;
219
220	os_memset(&ifmr, 0, sizeof(ifmr));
221	os_strlcpy(ifmr.ifm_name, drv->ifname, sizeof(ifmr.ifm_name));
222
223	if (ioctl(drv->global->sock, SIOCGIFMEDIA, &ifmr) < 0) {
224		wpa_printf(MSG_ERROR, "%s: SIOCGIFMEDIA %s", __func__,
225			   strerror(errno));
226		return -1;
227	}
228
229	return ifmr.ifm_current;
230}
231
232static int
233bsd_set_if_media(void *priv, int media)
234{
235	struct bsd_driver_data *drv = priv;
236	struct ifreq ifr;
237
238	os_memset(&ifr, 0, sizeof(ifr));
239	os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
240	ifr.ifr_media = media;
241
242	if (ioctl(drv->global->sock, SIOCSIFMEDIA, &ifr) < 0) {
243		wpa_printf(MSG_ERROR, "%s: SIOCSIFMEDIA %s", __func__,
244			   strerror(errno));
245		return -1;
246	}
247
248	return 0;
249}
250
251static int
252bsd_set_mediaopt(void *priv, uint32_t mask, uint32_t mode)
253{
254	int media = bsd_get_if_media(priv);
255
256	if (media < 0)
257		return -1;
258	media &= ~mask;
259	media |= mode;
260	if (bsd_set_if_media(priv, media) < 0)
261		return -1;
262	return 0;
263}
264
265static int
266bsd_del_key(void *priv, const u8 *addr, int key_idx)
267{
268	struct ieee80211req_del_key wk;
269
270	os_memset(&wk, 0, sizeof(wk));
271	if (addr == NULL) {
272		wpa_printf(MSG_DEBUG, "%s: key_idx=%d", __func__, key_idx);
273		wk.idk_keyix = key_idx;
274	} else {
275		wpa_printf(MSG_DEBUG, "%s: addr=" MACSTR, __func__,
276			   MAC2STR(addr));
277		os_memcpy(wk.idk_macaddr, addr, IEEE80211_ADDR_LEN);
278		wk.idk_keyix = (u_int8_t) IEEE80211_KEYIX_NONE;	/* XXX */
279	}
280
281	return set80211var(priv, IEEE80211_IOC_DELKEY, &wk, sizeof(wk));
282}
283
284static int
285bsd_send_mlme_param(void *priv, const u8 op, const u16 reason, const u8 *addr)
286{
287	struct ieee80211req_mlme mlme;
288
289	os_memset(&mlme, 0, sizeof(mlme));
290	mlme.im_op = op;
291	mlme.im_reason = reason;
292	os_memcpy(mlme.im_macaddr, addr, IEEE80211_ADDR_LEN);
293	return set80211var(priv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme));
294}
295
296static int
297bsd_ctrl_iface(void *priv, int enable)
298{
299	struct bsd_driver_data *drv = priv;
300	struct ifreq ifr;
301
302	os_memset(&ifr, 0, sizeof(ifr));
303	os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
304
305	if (ioctl(drv->global->sock, SIOCGIFFLAGS, &ifr) < 0) {
306		wpa_printf(MSG_ERROR, "ioctl[SIOCGIFFLAGS]: %s",
307			   strerror(errno));
308		return -1;
309	}
310	drv->flags = ifr.ifr_flags;
311
312	if (enable) {
313		if (ifr.ifr_flags & IFF_UP)
314			return 0;
315		ifr.ifr_flags |= IFF_UP;
316	} else {
317		if (!(ifr.ifr_flags & IFF_UP))
318			return 0;
319		ifr.ifr_flags &= ~IFF_UP;
320	}
321
322	if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) {
323		wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s",
324			   strerror(errno));
325		return -1;
326	}
327
328	drv->flags = ifr.ifr_flags;
329	return 0;
330}
331
332static int
333bsd_set_key(const char *ifname, void *priv, enum wpa_alg alg,
334	    const unsigned char *addr, int key_idx, int set_tx, const u8 *seq,
335	    size_t seq_len, const u8 *key, size_t key_len)
336{
337	struct ieee80211req_key wk;
338#ifdef IEEE80211_KEY_NOREPLAY
339	struct bsd_driver_data *drv = priv;
340#endif /* IEEE80211_KEY_NOREPLAY */
341
342	wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%p key_idx=%d set_tx=%d "
343		   "seq_len=%zu key_len=%zu", __func__, alg, addr, key_idx,
344		   set_tx, seq_len, key_len);
345
346	if (alg == WPA_ALG_NONE) {
347#ifndef HOSTAPD
348		if (addr == NULL || is_broadcast_ether_addr(addr))
349			return bsd_del_key(priv, NULL, key_idx);
350		else
351#endif /* HOSTAPD */
352			return bsd_del_key(priv, addr, key_idx);
353	}
354
355	os_memset(&wk, 0, sizeof(wk));
356	switch (alg) {
357	case WPA_ALG_WEP:
358		wk.ik_type = IEEE80211_CIPHER_WEP;
359		break;
360	case WPA_ALG_TKIP:
361		wk.ik_type = IEEE80211_CIPHER_TKIP;
362		break;
363	case WPA_ALG_CCMP:
364		wk.ik_type = IEEE80211_CIPHER_AES_CCM;
365		break;
366	default:
367		wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg);
368		return -1;
369	}
370
371	wk.ik_flags = IEEE80211_KEY_RECV;
372	if (set_tx)
373		wk.ik_flags |= IEEE80211_KEY_XMIT;
374
375	if (addr == NULL) {
376		os_memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
377		wk.ik_keyix = key_idx;
378	} else {
379		os_memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
380		/*
381		 * Deduce whether group/global or unicast key by checking
382		 * the address (yech).  Note also that we can only mark global
383		 * keys default; doing this for a unicast key is an error.
384		 */
385		if (is_broadcast_ether_addr(addr)) {
386			wk.ik_flags |= IEEE80211_KEY_GROUP;
387			wk.ik_keyix = key_idx;
388		} else {
389			wk.ik_keyix = key_idx == 0 ? IEEE80211_KEYIX_NONE :
390				key_idx;
391		}
392	}
393	if (wk.ik_keyix != IEEE80211_KEYIX_NONE && set_tx)
394		wk.ik_flags |= IEEE80211_KEY_DEFAULT;
395#ifndef HOSTAPD
396#ifdef IEEE80211_KEY_NOREPLAY
397	/*
398	 * Ignore replay failures in IBSS and AHDEMO mode.
399	 */
400	if (drv->opmode == IEEE80211_M_IBSS ||
401	    drv->opmode == IEEE80211_M_AHDEMO)
402		wk.ik_flags |= IEEE80211_KEY_NOREPLAY;
403#endif /* IEEE80211_KEY_NOREPLAY */
404#endif /* HOSTAPD */
405	wk.ik_keylen = key_len;
406	if (seq) {
407#ifdef WORDS_BIGENDIAN
408		/*
409		 * wk.ik_keyrsc is in host byte order (big endian), need to
410		 * swap it to match with the byte order used in WPA.
411		 */
412		int i;
413		u8 *keyrsc = (u8 *) &wk.ik_keyrsc;
414		for (i = 0; i < seq_len; i++)
415			keyrsc[WPA_KEY_RSC_LEN - i - 1] = seq[i];
416#else /* WORDS_BIGENDIAN */
417		os_memcpy(&wk.ik_keyrsc, seq, seq_len);
418#endif /* WORDS_BIGENDIAN */
419	}
420	os_memcpy(wk.ik_keydata, key, key_len);
421
422	return set80211var(priv, IEEE80211_IOC_WPAKEY, &wk, sizeof(wk));
423}
424
425static int
426bsd_configure_wpa(void *priv, struct wpa_bss_params *params)
427{
428#ifndef IEEE80211_IOC_APPIE
429	static const char *ciphernames[] =
430		{ "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE" };
431	int v;
432
433	switch (params->wpa_group) {
434	case WPA_CIPHER_CCMP:
435		v = IEEE80211_CIPHER_AES_CCM;
436		break;
437	case WPA_CIPHER_TKIP:
438		v = IEEE80211_CIPHER_TKIP;
439		break;
440	case WPA_CIPHER_WEP104:
441		v = IEEE80211_CIPHER_WEP;
442		break;
443	case WPA_CIPHER_WEP40:
444		v = IEEE80211_CIPHER_WEP;
445		break;
446	case WPA_CIPHER_NONE:
447		v = IEEE80211_CIPHER_NONE;
448		break;
449	default:
450		wpa_printf(MSG_INFO, "Unknown group key cipher %u",
451			   params->wpa_group);
452		return -1;
453	}
454	wpa_printf(MSG_DEBUG, "%s: group key cipher=%s (%u)",
455		   __func__, ciphernames[v], v);
456	if (set80211param(priv, IEEE80211_IOC_MCASTCIPHER, v)) {
457		wpa_printf(MSG_INFO,
458			   "Unable to set group key cipher to %u (%s)",
459			   v, ciphernames[v]);
460		return -1;
461	}
462	if (v == IEEE80211_CIPHER_WEP) {
463		/* key length is done only for specific ciphers */
464		v = (params->wpa_group == WPA_CIPHER_WEP104 ? 13 : 5);
465		if (set80211param(priv, IEEE80211_IOC_MCASTKEYLEN, v)) {
466			wpa_printf(MSG_INFO,
467				   "Unable to set group key length to %u", v);
468			return -1;
469		}
470	}
471
472	v = 0;
473	if (params->wpa_pairwise & WPA_CIPHER_CCMP)
474		v |= 1<<IEEE80211_CIPHER_AES_CCM;
475	if (params->wpa_pairwise & WPA_CIPHER_TKIP)
476		v |= 1<<IEEE80211_CIPHER_TKIP;
477	if (params->wpa_pairwise & WPA_CIPHER_NONE)
478		v |= 1<<IEEE80211_CIPHER_NONE;
479	wpa_printf(MSG_DEBUG, "%s: pairwise key ciphers=0x%x", __func__, v);
480	if (set80211param(priv, IEEE80211_IOC_UCASTCIPHERS, v)) {
481		wpa_printf(MSG_INFO,
482			   "Unable to set pairwise key ciphers to 0x%x", v);
483		return -1;
484	}
485
486	wpa_printf(MSG_DEBUG, "%s: key management algorithms=0x%x",
487		   __func__, params->wpa_key_mgmt);
488	if (set80211param(priv, IEEE80211_IOC_KEYMGTALGS,
489			  params->wpa_key_mgmt)) {
490		wpa_printf(MSG_INFO,
491			   "Unable to set key management algorithms to 0x%x",
492			   params->wpa_key_mgmt);
493		return -1;
494	}
495
496	v = 0;
497	if (params->rsn_preauth)
498		v |= BIT(0);
499	wpa_printf(MSG_DEBUG, "%s: rsn capabilities=0x%x",
500		   __func__, params->rsn_preauth);
501	if (set80211param(priv, IEEE80211_IOC_RSNCAPS, v)) {
502		wpa_printf(MSG_INFO, "Unable to set RSN capabilities to 0x%x",
503			   v);
504		return -1;
505	}
506#endif /* IEEE80211_IOC_APPIE */
507
508	wpa_printf(MSG_DEBUG, "%s: enable WPA= 0x%x", __func__, params->wpa);
509	if (set80211param(priv, IEEE80211_IOC_WPA, params->wpa)) {
510		wpa_printf(MSG_INFO, "Unable to set WPA to %u", params->wpa);
511		return -1;
512	}
513	return 0;
514}
515
516static int
517bsd_set_ieee8021x(void *priv, struct wpa_bss_params *params)
518{
519	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, params->enabled);
520
521	if (!params->enabled) {
522		/* XXX restore state */
523		return set80211param(priv, IEEE80211_IOC_AUTHMODE,
524				     IEEE80211_AUTH_AUTO);
525	}
526	if (!params->wpa && !params->ieee802_1x) {
527		wpa_printf(MSG_ERROR, "%s: No 802.1X or WPA enabled",
528			   __func__);
529		return -1;
530	}
531	if (params->wpa && bsd_configure_wpa(priv, params) != 0) {
532		wpa_printf(MSG_ERROR, "%s: Failed to configure WPA state",
533			   __func__);
534		return -1;
535	}
536	if (set80211param(priv, IEEE80211_IOC_AUTHMODE,
537		(params->wpa ? IEEE80211_AUTH_WPA : IEEE80211_AUTH_8021X))) {
538		wpa_printf(MSG_ERROR, "%s: Failed to enable WPA/802.1X",
539			   __func__);
540		return -1;
541	}
542	return bsd_ctrl_iface(priv, 1);
543}
544
545static void
546bsd_new_sta(void *priv, void *ctx, u8 addr[IEEE80211_ADDR_LEN])
547{
548	struct ieee80211req_wpaie ie;
549	int ielen = 0;
550	u8 *iebuf = NULL;
551
552	/*
553	 * Fetch and validate any negotiated WPA/RSN parameters.
554	 */
555	memset(&ie, 0, sizeof(ie));
556	memcpy(ie.wpa_macaddr, addr, IEEE80211_ADDR_LEN);
557	if (get80211var(priv, IEEE80211_IOC_WPAIE, &ie, sizeof(ie)) < 0) {
558		wpa_printf(MSG_INFO,
559			   "Failed to get WPA/RSN information element");
560		goto no_ie;
561	}
562	iebuf = ie.wpa_ie;
563	ielen = ie.wpa_ie[1];
564	if (ielen == 0)
565		iebuf = NULL;
566	else
567		ielen += 2;
568
569no_ie:
570	drv_event_assoc(ctx, addr, iebuf, ielen, 0);
571}
572
573static int
574bsd_send_eapol(void *priv, const u8 *addr, const u8 *data, size_t data_len,
575	       int encrypt, const u8 *own_addr, u32 flags)
576{
577	struct bsd_driver_data *drv = priv;
578
579	wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", data, data_len);
580
581	return l2_packet_send(drv->sock_xmit, addr, ETH_P_EAPOL, data,
582			      data_len);
583}
584
585static int
586bsd_set_freq(void *priv, struct hostapd_freq_params *freq)
587{
588	struct bsd_driver_data *drv = priv;
589#ifdef SIOCS80211CHANNEL
590	struct ieee80211chanreq creq;
591#endif /* SIOCS80211CHANNEL */
592	u32 mode;
593	int channel = freq->channel;
594
595	if (channel < 14) {
596		mode =
597#ifdef CONFIG_IEEE80211N
598			freq->ht_enabled ? IFM_IEEE80211_11NG :
599#endif /* CONFIG_IEEE80211N */
600		        IFM_IEEE80211_11G;
601	} else if (channel == 14) {
602		mode = IFM_IEEE80211_11B;
603	} else {
604		mode =
605#ifdef CONFIG_IEEE80211N
606			freq->ht_enabled ? IFM_IEEE80211_11NA :
607#endif /* CONFIG_IEEE80211N */
608			IFM_IEEE80211_11A;
609	}
610	if (bsd_set_mediaopt(drv, IFM_MMASK, mode) < 0) {
611		wpa_printf(MSG_ERROR, "%s: failed to set modulation mode",
612			   __func__);
613		return -1;
614	}
615
616#ifdef SIOCS80211CHANNEL
617	os_memset(&creq, 0, sizeof(creq));
618	os_strlcpy(creq.i_name, drv->ifname, sizeof(creq.i_name));
619	creq.i_channel = (u_int16_t)channel;
620	return ioctl(drv->global->sock, SIOCS80211CHANNEL, &creq);
621#else /* SIOCS80211CHANNEL */
622	return set80211param(priv, IEEE80211_IOC_CHANNEL, channel);
623#endif /* SIOCS80211CHANNEL */
624}
625
626static int
627bsd_set_opt_ie(void *priv, const u8 *ie, size_t ie_len)
628{
629#ifdef IEEE80211_IOC_APPIE
630	wpa_printf(MSG_DEBUG, "%s: set WPA+RSN ie (len %lu)", __func__,
631		   (unsigned long)ie_len);
632	return bsd_set80211(priv, IEEE80211_IOC_APPIE, IEEE80211_APPIE_WPA,
633			    ie, ie_len);
634#endif /* IEEE80211_IOC_APPIE */
635	return 0;
636}
637
638static size_t
639rtbuf_len(void)
640{
641	size_t len;
642
643	int mib[6] = {CTL_NET, AF_ROUTE, 0, AF_INET, NET_RT_DUMP, 0};
644
645	if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0) {
646		wpa_printf(MSG_WARNING, "%s failed: %s", __func__,
647			   strerror(errno));
648		len = 2048;
649	}
650
651	return (len == 0) ? 2048 : len;
652}
653
654#ifdef HOSTAPD
655
656/*
657 * Avoid conflicts with hostapd definitions by undefining couple of defines
658 * from net80211 header files.
659 */
660#undef RSN_VERSION
661#undef WPA_VERSION
662#undef WPA_OUI_TYPE
663
664static int bsd_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
665			  u16 reason_code);
666
667static const char *
668ether_sprintf(const u8 *addr)
669{
670	static char buf[sizeof(MACSTR)];
671
672	if (addr != NULL)
673		snprintf(buf, sizeof(buf), MACSTR, MAC2STR(addr));
674	else
675		snprintf(buf, sizeof(buf), MACSTR, 0,0,0,0,0,0);
676	return buf;
677}
678
679static int
680bsd_set_privacy(void *priv, int enabled)
681{
682	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
683
684	return set80211param(priv, IEEE80211_IOC_PRIVACY, enabled);
685}
686
687static int
688bsd_get_seqnum(const char *ifname, void *priv, const u8 *addr, int idx,
689	       u8 *seq)
690{
691	struct ieee80211req_key wk;
692
693	wpa_printf(MSG_DEBUG, "%s: addr=%s idx=%d",
694		   __func__, ether_sprintf(addr), idx);
695
696	memset(&wk, 0, sizeof(wk));
697	if (addr == NULL)
698		memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
699	else
700		memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
701	wk.ik_keyix = idx;
702
703	if (get80211var(priv, IEEE80211_IOC_WPAKEY, &wk, sizeof(wk)) < 0) {
704		wpa_printf(MSG_INFO, "Failed to get encryption");
705		return -1;
706	}
707
708#ifdef WORDS_BIGENDIAN
709	{
710		/*
711		 * wk.ik_keytsc is in host byte order (big endian), need to
712		 * swap it to match with the byte order used in WPA.
713		 */
714		int i;
715		u8 tmp[WPA_KEY_RSC_LEN];
716		memcpy(tmp, &wk.ik_keytsc, sizeof(wk.ik_keytsc));
717		for (i = 0; i < WPA_KEY_RSC_LEN; i++) {
718			seq[i] = tmp[WPA_KEY_RSC_LEN - i - 1];
719		}
720	}
721#else /* WORDS_BIGENDIAN */
722	memcpy(seq, &wk.ik_keytsc, sizeof(wk.ik_keytsc));
723#endif /* WORDS_BIGENDIAN */
724	return 0;
725}
726
727
728static int
729bsd_flush(void *priv)
730{
731	u8 allsta[IEEE80211_ADDR_LEN];
732
733	memset(allsta, 0xff, IEEE80211_ADDR_LEN);
734	return bsd_sta_deauth(priv, NULL, allsta, IEEE80211_REASON_AUTH_LEAVE);
735}
736
737
738static int
739bsd_read_sta_driver_data(void *priv, struct hostap_sta_driver_data *data,
740			 const u8 *addr)
741{
742	struct ieee80211req_sta_stats stats;
743
744	memcpy(stats.is_u.macaddr, addr, IEEE80211_ADDR_LEN);
745	if (get80211var(priv, IEEE80211_IOC_STA_STATS, &stats, sizeof(stats))
746	    > 0) {
747		/* XXX? do packets counts include non-data frames? */
748		data->rx_packets = stats.is_stats.ns_rx_data;
749		data->rx_bytes = stats.is_stats.ns_rx_bytes;
750		data->tx_packets = stats.is_stats.ns_tx_data;
751		data->tx_bytes = stats.is_stats.ns_tx_bytes;
752	}
753	return 0;
754}
755
756static int
757bsd_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, u16 reason_code)
758{
759	return bsd_send_mlme_param(priv, IEEE80211_MLME_DEAUTH, reason_code,
760				   addr);
761}
762
763static int
764bsd_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
765		 u16 reason_code)
766{
767	return bsd_send_mlme_param(priv, IEEE80211_MLME_DISASSOC, reason_code,
768				   addr);
769}
770
771static void
772bsd_wireless_event_receive(int sock, void *ctx, void *sock_ctx)
773{
774	struct bsd_driver_global *global = sock_ctx;
775	struct bsd_driver_data *drv;
776	struct if_announcemsghdr *ifan;
777	struct rt_msghdr *rtm;
778	struct ieee80211_michael_event *mic;
779	struct ieee80211_join_event *join;
780	struct ieee80211_leave_event *leave;
781	int n;
782	union wpa_event_data data;
783
784	n = read(sock, global->event_buf, global->event_buf_len);
785	if (n < 0) {
786		if (errno != EINTR && errno != EAGAIN)
787			wpa_printf(MSG_ERROR, "%s read() failed: %s",
788				   __func__, strerror(errno));
789		return;
790	}
791
792	rtm = (struct rt_msghdr *) global->event_buf;
793	if (rtm->rtm_version != RTM_VERSION) {
794		wpa_printf(MSG_DEBUG, "Invalid routing message version=%d",
795			   rtm->rtm_version);
796		return;
797	}
798	switch (rtm->rtm_type) {
799	case RTM_IEEE80211:
800		ifan = (struct if_announcemsghdr *) rtm;
801		drv = bsd_get_drvindex(global, ifan->ifan_index);
802		if (drv == NULL)
803			return;
804		switch (ifan->ifan_what) {
805		case RTM_IEEE80211_ASSOC:
806		case RTM_IEEE80211_REASSOC:
807		case RTM_IEEE80211_DISASSOC:
808		case RTM_IEEE80211_SCAN:
809			break;
810		case RTM_IEEE80211_LEAVE:
811			leave = (struct ieee80211_leave_event *) &ifan[1];
812			drv_event_disassoc(drv->hapd, leave->iev_addr);
813			break;
814		case RTM_IEEE80211_JOIN:
815#ifdef RTM_IEEE80211_REJOIN
816		case RTM_IEEE80211_REJOIN:
817#endif
818			join = (struct ieee80211_join_event *) &ifan[1];
819			bsd_new_sta(drv, drv->hapd, join->iev_addr);
820			break;
821		case RTM_IEEE80211_REPLAY:
822			/* ignore */
823			break;
824		case RTM_IEEE80211_MICHAEL:
825			mic = (struct ieee80211_michael_event *) &ifan[1];
826			wpa_printf(MSG_DEBUG,
827				"Michael MIC failure wireless event: "
828				"keyix=%u src_addr=" MACSTR, mic->iev_keyix,
829				MAC2STR(mic->iev_src));
830			os_memset(&data, 0, sizeof(data));
831			data.michael_mic_failure.unicast = 1;
832			data.michael_mic_failure.src = mic->iev_src;
833			wpa_supplicant_event(drv->hapd,
834					     EVENT_MICHAEL_MIC_FAILURE, &data);
835			break;
836		}
837		break;
838	}
839}
840
841static void
842handle_read(void *ctx, const u8 *src_addr, const u8 *buf, size_t len)
843{
844	struct bsd_driver_data *drv = ctx;
845	drv_event_eapol_rx(drv->hapd, src_addr, buf, len);
846}
847
848static void *
849bsd_init(struct hostapd_data *hapd, struct wpa_init_params *params)
850{
851	struct bsd_driver_data *drv;
852
853	drv = os_zalloc(sizeof(struct bsd_driver_data));
854	if (drv == NULL) {
855		wpa_printf(MSG_ERROR, "Could not allocate memory for bsd driver data");
856		return NULL;
857	}
858
859	drv->ifindex = if_nametoindex(params->ifname);
860	if (drv->ifindex == 0) {
861		wpa_printf(MSG_DEBUG, "%s: interface %s does not exist",
862			   __func__, params->ifname);
863		goto bad;
864	}
865
866	drv->hapd = hapd;
867	drv->global = params->global_priv;
868	os_strlcpy(drv->ifname, params->ifname, sizeof(drv->ifname));
869
870	drv->sock_xmit = l2_packet_init(drv->ifname, NULL, ETH_P_EAPOL,
871					handle_read, drv, 0);
872	if (drv->sock_xmit == NULL)
873		goto bad;
874	if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr))
875		goto bad;
876
877	/* mark down during setup */
878	if (bsd_ctrl_iface(drv, 0) < 0)
879		goto bad;
880
881	if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) {
882		wpa_printf(MSG_ERROR, "%s: failed to set operation mode",
883			   __func__);
884		goto bad;
885	}
886
887	dl_list_add(&drv->global->ifaces, &drv->list);
888
889	return drv;
890bad:
891	if (drv->sock_xmit != NULL)
892		l2_packet_deinit(drv->sock_xmit);
893	os_free(drv);
894	return NULL;
895}
896
897
898static void
899bsd_deinit(void *priv)
900{
901	struct bsd_driver_data *drv = priv;
902
903	if (drv->ifindex != 0)
904		bsd_ctrl_iface(drv, 0);
905	if (drv->sock_xmit != NULL)
906		l2_packet_deinit(drv->sock_xmit);
907	os_free(drv);
908}
909
910
911static int
912bsd_commit(void *priv)
913{
914	return bsd_ctrl_iface(priv, 1);
915}
916
917
918static int
919bsd_set_sta_authorized(void *priv, const u8 *addr,
920		       unsigned int total_flags, unsigned int flags_or,
921		       unsigned int flags_and)
922{
923	int authorized = -1;
924
925	/* For now, only support setting Authorized flag */
926	if (flags_or & WPA_STA_AUTHORIZED)
927		authorized = 1;
928	if (!(flags_and & WPA_STA_AUTHORIZED))
929		authorized = 0;
930
931	if (authorized < 0)
932		return 0;
933
934	return bsd_send_mlme_param(priv, authorized ?
935				   IEEE80211_MLME_AUTHORIZE :
936				   IEEE80211_MLME_UNAUTHORIZE, 0, addr);
937}
938#else /* HOSTAPD */
939
940static int
941get80211param(struct bsd_driver_data *drv, int op)
942{
943	struct ieee80211req ireq;
944
945	if (bsd_get80211(drv, &ireq, op, NULL, 0) < 0)
946		return -1;
947	return ireq.i_val;
948}
949
950static int
951wpa_driver_bsd_get_bssid(void *priv, u8 *bssid)
952{
953	struct bsd_driver_data *drv = priv;
954#ifdef SIOCG80211BSSID
955	struct ieee80211_bssid bs;
956
957	os_strlcpy(bs.i_name, drv->ifname, sizeof(bs.i_name));
958	if (ioctl(drv->global->sock, SIOCG80211BSSID, &bs) < 0)
959		return -1;
960	os_memcpy(bssid, bs.i_bssid, sizeof(bs.i_bssid));
961	return 0;
962#else
963	return get80211var(drv, IEEE80211_IOC_BSSID,
964		bssid, IEEE80211_ADDR_LEN) < 0 ? -1 : 0;
965#endif
966}
967
968static int
969wpa_driver_bsd_get_ssid(void *priv, u8 *ssid)
970{
971	struct bsd_driver_data *drv = priv;
972	return bsd_get_ssid(drv, ssid, 0);
973}
974
975static int
976wpa_driver_bsd_set_wpa_ie(struct bsd_driver_data *drv, const u8 *wpa_ie,
977			  size_t wpa_ie_len)
978{
979#ifdef IEEE80211_IOC_APPIE
980	return bsd_set_opt_ie(drv, wpa_ie, wpa_ie_len);
981#else /* IEEE80211_IOC_APPIE */
982	return set80211var(drv, IEEE80211_IOC_OPTIE, wpa_ie, wpa_ie_len);
983#endif /* IEEE80211_IOC_APPIE */
984}
985
986static int
987wpa_driver_bsd_set_wpa_internal(void *priv, int wpa, int privacy)
988{
989	int ret = 0;
990
991	wpa_printf(MSG_DEBUG, "%s: wpa=%d privacy=%d",
992		__func__, wpa, privacy);
993
994	if (!wpa && wpa_driver_bsd_set_wpa_ie(priv, NULL, 0) < 0)
995		ret = -1;
996	if (set80211param(priv, IEEE80211_IOC_PRIVACY, privacy) < 0)
997		ret = -1;
998	if (set80211param(priv, IEEE80211_IOC_WPA, wpa) < 0)
999		ret = -1;
1000
1001	return ret;
1002}
1003
1004static int
1005wpa_driver_bsd_set_wpa(void *priv, int enabled)
1006{
1007	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
1008
1009	return wpa_driver_bsd_set_wpa_internal(priv, enabled ? 3 : 0, enabled);
1010}
1011
1012static int
1013wpa_driver_bsd_set_countermeasures(void *priv, int enabled)
1014{
1015	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
1016	return set80211param(priv, IEEE80211_IOC_COUNTERMEASURES, enabled);
1017}
1018
1019
1020static int
1021wpa_driver_bsd_set_drop_unencrypted(void *priv, int enabled)
1022{
1023	wpa_printf(MSG_DEBUG, "%s: enabled=%d", __func__, enabled);
1024	return set80211param(priv, IEEE80211_IOC_DROPUNENCRYPTED, enabled);
1025}
1026
1027static int
1028wpa_driver_bsd_deauthenticate(void *priv, const u8 *addr, u16 reason_code)
1029{
1030	return bsd_send_mlme_param(priv, IEEE80211_MLME_DEAUTH, reason_code,
1031				   addr);
1032}
1033
1034static int
1035wpa_driver_bsd_set_auth_alg(void *priv, int auth_alg)
1036{
1037	int authmode;
1038
1039	if ((auth_alg & WPA_AUTH_ALG_OPEN) &&
1040	    (auth_alg & WPA_AUTH_ALG_SHARED))
1041		authmode = IEEE80211_AUTH_AUTO;
1042	else if (auth_alg & WPA_AUTH_ALG_SHARED)
1043		authmode = IEEE80211_AUTH_SHARED;
1044	else
1045		authmode = IEEE80211_AUTH_OPEN;
1046
1047	return set80211param(priv, IEEE80211_IOC_AUTHMODE, authmode);
1048}
1049
1050static void
1051handle_read(void *ctx, const u8 *src_addr, const u8 *buf, size_t len)
1052{
1053	struct bsd_driver_data *drv = ctx;
1054
1055	drv_event_eapol_rx(drv->ctx, src_addr, buf, len);
1056}
1057
1058static int
1059wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
1060{
1061	struct bsd_driver_data *drv = priv;
1062	struct ieee80211req_mlme mlme;
1063	u32 mode;
1064	int privacy;
1065	int ret = 0;
1066
1067	wpa_printf(MSG_DEBUG,
1068		"%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
1069		, __func__
1070		   , (unsigned int) params->ssid_len, params->ssid
1071		, (unsigned int) params->wpa_ie_len
1072		, params->pairwise_suite
1073		, params->group_suite
1074		, params->key_mgmt_suite
1075	);
1076
1077	switch (params->mode) {
1078	case IEEE80211_MODE_INFRA:
1079		mode = 0 /* STA */;
1080		break;
1081	case IEEE80211_MODE_IBSS:
1082		/*
1083		 * Ref bin/203086 - FreeBSD's net80211 currently uses
1084		 * IFM_IEEE80211_ADHOC.
1085		 */
1086#if 0
1087		mode = IFM_IEEE80211_IBSS;
1088#endif
1089		mode = IFM_IEEE80211_ADHOC;
1090		break;
1091	case IEEE80211_MODE_AP:
1092		mode = IFM_IEEE80211_HOSTAP;
1093		break;
1094	default:
1095		wpa_printf(MSG_ERROR, "%s: unknown operation mode", __func__);
1096		return -1;
1097	}
1098	if (bsd_set_mediaopt(drv, IFM_OMASK, mode) < 0) {
1099		wpa_printf(MSG_ERROR, "%s: failed to set operation mode",
1100			   __func__);
1101		return -1;
1102	}
1103
1104	if (params->mode == IEEE80211_MODE_AP) {
1105		drv->sock_xmit = l2_packet_init(drv->ifname, NULL, ETH_P_EAPOL,
1106						handle_read, drv, 0);
1107		if (drv->sock_xmit == NULL)
1108			return -1;
1109		drv->is_ap = 1;
1110		return 0;
1111	}
1112
1113	if (wpa_driver_bsd_set_drop_unencrypted(drv, params->drop_unencrypted)
1114	    < 0)
1115		ret = -1;
1116	if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0)
1117		ret = -1;
1118	/* XXX error handling is wrong but unclear what to do... */
1119	if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0)
1120		return -1;
1121
1122	privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
1123	    params->group_suite == WPA_CIPHER_NONE &&
1124	    params->key_mgmt_suite == WPA_KEY_MGMT_NONE &&
1125	    params->wpa_ie_len == 0);
1126	wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy);
1127
1128	if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
1129		return -1;
1130
1131	if (params->wpa_ie_len &&
1132	    set80211param(drv, IEEE80211_IOC_WPA,
1133			  params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
1134		return -1;
1135
1136	/*
1137	 * NB: interface must be marked UP for association
1138	 * or scanning (ap_scan=2)
1139	 */
1140	if (bsd_ctrl_iface(drv, 1) < 0)
1141		return -1;
1142
1143	os_memset(&mlme, 0, sizeof(mlme));
1144	mlme.im_op = IEEE80211_MLME_ASSOC;
1145	if (params->ssid != NULL)
1146		os_memcpy(mlme.im_ssid, params->ssid, params->ssid_len);
1147	mlme.im_ssid_len = params->ssid_len;
1148	if (params->bssid != NULL)
1149		os_memcpy(mlme.im_macaddr, params->bssid, IEEE80211_ADDR_LEN);
1150	if (set80211var(drv, IEEE80211_IOC_MLME, &mlme, sizeof(mlme)) < 0)
1151		return -1;
1152	return ret;
1153}
1154
1155static int
1156wpa_driver_bsd_scan(void *priv, struct wpa_driver_scan_params *params)
1157{
1158	struct bsd_driver_data *drv = priv;
1159#ifdef IEEE80211_IOC_SCAN_MAX_SSID
1160	struct ieee80211_scan_req sr;
1161	int i;
1162#endif /* IEEE80211_IOC_SCAN_MAX_SSID */
1163
1164	if (bsd_set_mediaopt(drv, IFM_OMASK, 0 /* STA */) < 0) {
1165		wpa_printf(MSG_ERROR, "%s: failed to set operation mode",
1166			   __func__);
1167		return -1;
1168	}
1169
1170	if (set80211param(drv, IEEE80211_IOC_ROAMING,
1171			  IEEE80211_ROAMING_MANUAL) < 0) {
1172		wpa_printf(MSG_ERROR, "%s: failed to set "
1173			   "wpa_supplicant-based roaming: %s", __func__,
1174			   strerror(errno));
1175		return -1;
1176	}
1177
1178	if (wpa_driver_bsd_set_wpa(drv, 1) < 0) {
1179		wpa_printf(MSG_ERROR, "%s: failed to set wpa: %s", __func__,
1180			   strerror(errno));
1181		return -1;
1182	}
1183
1184	/* NB: interface must be marked UP to do a scan */
1185	if (bsd_ctrl_iface(drv, 1) < 0)
1186		return -1;
1187
1188#ifdef IEEE80211_IOC_SCAN_MAX_SSID
1189	os_memset(&sr, 0, sizeof(sr));
1190	sr.sr_flags = IEEE80211_IOC_SCAN_ACTIVE | IEEE80211_IOC_SCAN_ONCE |
1191		IEEE80211_IOC_SCAN_NOJOIN;
1192	sr.sr_duration = IEEE80211_IOC_SCAN_FOREVER;
1193	if (params->num_ssids > 0) {
1194		sr.sr_nssid = params->num_ssids;
1195#if 0
1196		/* Boundary check is done by upper layer */
1197		if (sr.sr_nssid > IEEE80211_IOC_SCAN_MAX_SSID)
1198			sr.sr_nssid = IEEE80211_IOC_SCAN_MAX_SSID;
1199#endif
1200
1201		/* NB: check scan cache first */
1202		sr.sr_flags |= IEEE80211_IOC_SCAN_CHECK;
1203	}
1204	for (i = 0; i < sr.sr_nssid; i++) {
1205		sr.sr_ssid[i].len = params->ssids[i].ssid_len;
1206		os_memcpy(sr.sr_ssid[i].ssid, params->ssids[i].ssid,
1207			  sr.sr_ssid[i].len);
1208	}
1209
1210	/* NB: net80211 delivers a scan complete event so no need to poll */
1211	return set80211var(drv, IEEE80211_IOC_SCAN_REQ, &sr, sizeof(sr));
1212#else /* IEEE80211_IOC_SCAN_MAX_SSID */
1213	/* set desired ssid before scan */
1214	if (bsd_set_ssid(drv, params->ssids[0].ssid,
1215			 params->ssids[0].ssid_len) < 0)
1216		return -1;
1217
1218	/* NB: net80211 delivers a scan complete event so no need to poll */
1219	return set80211param(drv, IEEE80211_IOC_SCAN_REQ, 0);
1220#endif /* IEEE80211_IOC_SCAN_MAX_SSID */
1221}
1222
1223static void
1224wpa_driver_bsd_event_receive(int sock, void *ctx, void *sock_ctx)
1225{
1226	struct bsd_driver_global *global = sock_ctx;
1227	struct bsd_driver_data *drv;
1228	struct if_announcemsghdr *ifan;
1229	struct if_msghdr *ifm;
1230	struct rt_msghdr *rtm;
1231	union wpa_event_data event;
1232	struct ieee80211_michael_event *mic;
1233	struct ieee80211_leave_event *leave;
1234	struct ieee80211_join_event *join;
1235	int n;
1236
1237	/*
1238	 * CID 1394785: Memory - illegal access (STRING_NULL):
1239	 * Though global->event_buf is a char *, it actually contains
1240	 * a struct rt_msghdr *. See below.
1241	 */
1242	n = read(sock, global->event_buf, global->event_buf_len);
1243	if (n < 0) {
1244		if (errno != EINTR && errno != EAGAIN)
1245			wpa_printf(MSG_ERROR, "%s read() failed: %s",
1246				   __func__, strerror(errno));
1247		return;
1248	}
1249
1250	/*
1251	 * CID 1394785: global->event_buf is assigned here to a
1252	 * struct rt_msghdr *.
1253	 */
1254	rtm = (struct rt_msghdr *) global->event_buf;
1255	if (rtm->rtm_version != RTM_VERSION) {
1256		wpa_printf(MSG_DEBUG, "Invalid routing message version=%d",
1257			   rtm->rtm_version);
1258		return;
1259	}
1260	os_memset(&event, 0, sizeof(event));
1261	switch (rtm->rtm_type) {
1262	case RTM_IFANNOUNCE:
1263		ifan = (struct if_announcemsghdr *) rtm;
1264		switch (ifan->ifan_what) {
1265		case IFAN_DEPARTURE:
1266			drv = bsd_get_drvindex(global, ifan->ifan_index);
1267			if (drv)
1268				drv->if_removed = 1;
1269			event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
1270			break;
1271		case IFAN_ARRIVAL:
1272			drv = bsd_get_drvname(global, ifan->ifan_name);
1273			if (drv) {
1274				drv->ifindex = ifan->ifan_index;
1275				drv->if_removed = 0;
1276			}
1277			event.interface_status.ievent = EVENT_INTERFACE_ADDED;
1278			break;
1279		default:
1280			wpa_printf(MSG_DEBUG, "RTM_IFANNOUNCE: unknown action");
1281			return;
1282		}
1283		wpa_printf(MSG_DEBUG, "RTM_IFANNOUNCE: Interface '%s' %s",
1284			   ifan->ifan_name,
1285			   ifan->ifan_what == IFAN_DEPARTURE ?
1286				"removed" : "added");
1287		os_strlcpy(event.interface_status.ifname, ifan->ifan_name,
1288			   sizeof(event.interface_status.ifname));
1289		if (drv) {
1290			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS,
1291					     &event);
1292			/*
1293			 * Set ifindex to zero after sending the event as the
1294			 * event might query the driver to ensure a match.
1295			 */
1296			if (ifan->ifan_what == IFAN_DEPARTURE)
1297				drv->ifindex = 0;
1298		} else {
1299			wpa_supplicant_event_global(global->ctx,
1300						    EVENT_INTERFACE_STATUS,
1301						    &event);
1302		}
1303		break;
1304	case RTM_IEEE80211:
1305		ifan = (struct if_announcemsghdr *) rtm;
1306		drv = bsd_get_drvindex(global, ifan->ifan_index);
1307		if (drv == NULL)
1308			return;
1309		switch (ifan->ifan_what) {
1310		case RTM_IEEE80211_ASSOC:
1311		case RTM_IEEE80211_REASSOC:
1312			if (drv->is_ap)
1313				break;
1314			wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
1315			break;
1316		case RTM_IEEE80211_DISASSOC:
1317			if (drv->is_ap)
1318				break;
1319			wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
1320			break;
1321		case RTM_IEEE80211_SCAN:
1322			if (drv->is_ap)
1323				break;
1324			wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS,
1325					     NULL);
1326			break;
1327		case RTM_IEEE80211_LEAVE:
1328			leave = (struct ieee80211_leave_event *) &ifan[1];
1329			drv_event_disassoc(drv->ctx, leave->iev_addr);
1330			break;
1331		case RTM_IEEE80211_JOIN:
1332#ifdef RTM_IEEE80211_REJOIN
1333		case RTM_IEEE80211_REJOIN:
1334#endif
1335			join = (struct ieee80211_join_event *) &ifan[1];
1336			bsd_new_sta(drv, drv->ctx, join->iev_addr);
1337			break;
1338		case RTM_IEEE80211_REPLAY:
1339			/* ignore */
1340			break;
1341		case RTM_IEEE80211_MICHAEL:
1342			mic = (struct ieee80211_michael_event *) &ifan[1];
1343			wpa_printf(MSG_DEBUG,
1344				"Michael MIC failure wireless event: "
1345				"keyix=%u src_addr=" MACSTR, mic->iev_keyix,
1346				MAC2STR(mic->iev_src));
1347
1348			os_memset(&event, 0, sizeof(event));
1349			event.michael_mic_failure.unicast =
1350				!IEEE80211_IS_MULTICAST(mic->iev_dst);
1351			wpa_supplicant_event(drv->ctx,
1352					     EVENT_MICHAEL_MIC_FAILURE, &event);
1353			break;
1354		}
1355		break;
1356	case RTM_IFINFO:
1357		ifm = (struct if_msghdr *) rtm;
1358		drv = bsd_get_drvindex(global, ifm->ifm_index);
1359		if (drv == NULL)
1360			return;
1361		if (((ifm->ifm_flags & IFF_UP) == 0 ||
1362		    (ifm->ifm_flags & IFF_RUNNING) == 0) &&
1363		    (drv->flags & IFF_UP) != 0 &&
1364		    (drv->flags & IFF_RUNNING) != 0) {
1365			wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN",
1366				   drv->ifname);
1367			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED,
1368					     NULL);
1369		} else if ((ifm->ifm_flags & IFF_UP) != 0 &&
1370		    (ifm->ifm_flags & IFF_RUNNING) != 0 &&
1371		    ((drv->flags & IFF_UP) == 0 ||
1372		    (drv->flags & IFF_RUNNING)  == 0)) {
1373			wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
1374				   drv->ifname);
1375			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
1376					     NULL);
1377		}
1378		drv->flags = ifm->ifm_flags;
1379		break;
1380	}
1381}
1382
1383static void
1384wpa_driver_bsd_add_scan_entry(struct wpa_scan_results *res,
1385			      struct ieee80211req_scan_result *sr)
1386{
1387	struct wpa_scan_res *result, **tmp;
1388	size_t extra_len;
1389	u8 *pos;
1390
1391	extra_len = 2 + sr->isr_ssid_len;
1392	extra_len += 2 + sr->isr_nrates;
1393	extra_len += 3; /* ERP IE */
1394	extra_len += sr->isr_ie_len;
1395
1396	result = os_zalloc(sizeof(*result) + extra_len);
1397	if (result == NULL)
1398		return;
1399	os_memcpy(result->bssid, sr->isr_bssid, ETH_ALEN);
1400	result->freq = sr->isr_freq;
1401	result->beacon_int = sr->isr_intval;
1402	result->caps = sr->isr_capinfo;
1403	result->qual = sr->isr_rssi;
1404	result->noise = sr->isr_noise;
1405
1406#ifdef __FreeBSD__
1407	/*
1408	 * the rssi value reported by the kernel is in 0.5dB steps relative to
1409	 * the reported noise floor. see ieee80211_node.h for details.
1410	 */
1411	result->level = sr->isr_rssi / 2 + sr->isr_noise;
1412#else
1413	result->level = sr->isr_rssi;
1414#endif
1415
1416	pos = (u8 *)(result + 1);
1417
1418	*pos++ = WLAN_EID_SSID;
1419	*pos++ = sr->isr_ssid_len;
1420	os_memcpy(pos, sr + 1, sr->isr_ssid_len);
1421	pos += sr->isr_ssid_len;
1422
1423	/*
1424	 * Deal all rates as supported rate.
1425	 * Because net80211 doesn't report extended supported rate or not.
1426	 */
1427	*pos++ = WLAN_EID_SUPP_RATES;
1428	*pos++ = sr->isr_nrates;
1429	os_memcpy(pos, sr->isr_rates, sr->isr_nrates);
1430	pos += sr->isr_nrates;
1431
1432	*pos++ = WLAN_EID_ERP_INFO;
1433	*pos++ = 1;
1434	*pos++ = sr->isr_erp;
1435
1436#if defined(__DragonFly__) || defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
1437	os_memcpy(pos, (u8 *)(sr + 1) + sr->isr_ssid_len + sr->isr_meshid_len,
1438		  sr->isr_ie_len);
1439#else
1440	os_memcpy(pos, (u8 *)(sr + 1) + sr->isr_ssid_len, sr->isr_ie_len);
1441#endif
1442	pos += sr->isr_ie_len;
1443
1444	result->ie_len = pos - (u8 *)(result + 1);
1445
1446	tmp = os_realloc_array(res->res, res->num + 1,
1447			       sizeof(struct wpa_scan_res *));
1448	if (tmp == NULL) {
1449		os_free(result);
1450		return;
1451	}
1452	tmp[res->num++] = result;
1453	res->res = tmp;
1454}
1455
1456struct wpa_scan_results *
1457wpa_driver_bsd_get_scan_results2(void *priv)
1458{
1459	struct ieee80211req_scan_result *sr;
1460	struct wpa_scan_results *res;
1461	int len, rest;
1462	uint8_t buf[24*1024], *pos;
1463
1464	len = get80211var(priv, IEEE80211_IOC_SCAN_RESULTS, buf, 24*1024);
1465	if (len < 0)
1466		return NULL;
1467
1468	res = os_zalloc(sizeof(*res));
1469	if (res == NULL)
1470		return NULL;
1471
1472	pos = buf;
1473	rest = len;
1474	while (rest >= sizeof(struct ieee80211req_scan_result)) {
1475		sr = (struct ieee80211req_scan_result *)pos;
1476		wpa_driver_bsd_add_scan_entry(res, sr);
1477		pos += sr->isr_len;
1478		rest -= sr->isr_len;
1479	}
1480
1481	wpa_printf(MSG_DEBUG, "Received %d bytes of scan results (%lu BSSes)",
1482		   len, (unsigned long)res->num);
1483
1484	return res;
1485}
1486
1487static int wpa_driver_bsd_capa(struct bsd_driver_data *drv)
1488{
1489#ifdef IEEE80211_IOC_DEVCAPS
1490/* kernel definitions copied from net80211/ieee80211_var.h */
1491#define IEEE80211_CIPHER_WEP            0
1492#define IEEE80211_CIPHER_TKIP           1
1493#define IEEE80211_CIPHER_AES_CCM        3
1494#define IEEE80211_CRYPTO_WEP            (1<<IEEE80211_CIPHER_WEP)
1495#define IEEE80211_CRYPTO_TKIP           (1<<IEEE80211_CIPHER_TKIP)
1496#define IEEE80211_CRYPTO_AES_CCM        (1<<IEEE80211_CIPHER_AES_CCM)
1497#define IEEE80211_C_HOSTAP      0x00000400      /* CAPABILITY: HOSTAP avail */
1498#define IEEE80211_C_WPA1        0x00800000      /* CAPABILITY: WPA1 avail */
1499#define IEEE80211_C_WPA2        0x01000000      /* CAPABILITY: WPA2 avail */
1500	struct ieee80211_devcaps_req devcaps;
1501
1502	if (get80211var(drv, IEEE80211_IOC_DEVCAPS, &devcaps,
1503			sizeof(devcaps)) < 0) {
1504		wpa_printf(MSG_ERROR, "failed to IEEE80211_IOC_DEVCAPS: %s",
1505			   strerror(errno));
1506		return -1;
1507	}
1508
1509	wpa_printf(MSG_DEBUG, "%s: drivercaps=0x%08x,cryptocaps=0x%08x",
1510		   __func__, devcaps.dc_drivercaps, devcaps.dc_cryptocaps);
1511
1512	if (devcaps.dc_drivercaps & IEEE80211_C_WPA1)
1513		drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1514			WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1515	if (devcaps.dc_drivercaps & IEEE80211_C_WPA2)
1516		drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1517			WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1518
1519#ifdef __FreeBSD__
1520	drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1521	    WPA_DRIVER_CAPA_ENC_WEP104 |
1522	    WPA_DRIVER_CAPA_ENC_TKIP |
1523	    WPA_DRIVER_CAPA_ENC_CCMP;
1524#else
1525	/*
1526	 * XXX
1527	 * FreeBSD exports hardware cryptocaps.  These have no meaning for wpa
1528	 * since net80211 performs software crypto.
1529	 */
1530	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP)
1531		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1532			WPA_DRIVER_CAPA_ENC_WEP104;
1533	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_TKIP)
1534		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1535	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
1536		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1537#endif
1538
1539	if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP)
1540		drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
1541#undef IEEE80211_CIPHER_WEP
1542#undef IEEE80211_CIPHER_TKIP
1543#undef IEEE80211_CIPHER_AES_CCM
1544#undef IEEE80211_CRYPTO_WEP
1545#undef IEEE80211_CRYPTO_TKIP
1546#undef IEEE80211_CRYPTO_AES_CCM
1547#undef IEEE80211_C_HOSTAP
1548#undef IEEE80211_C_WPA1
1549#undef IEEE80211_C_WPA2
1550#else /* IEEE80211_IOC_DEVCAPS */
1551	/* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
1552	drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1553		WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
1554		WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1555		WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1556	drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
1557		WPA_DRIVER_CAPA_ENC_WEP104 |
1558		WPA_DRIVER_CAPA_ENC_TKIP |
1559		WPA_DRIVER_CAPA_ENC_CCMP;
1560	drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
1561#endif /* IEEE80211_IOC_DEVCAPS */
1562#ifdef IEEE80211_IOC_SCAN_MAX_SSID
1563	drv->capa.max_scan_ssids = IEEE80211_IOC_SCAN_MAX_SSID;
1564#else /* IEEE80211_IOC_SCAN_MAX_SSID */
1565	drv->capa.max_scan_ssids = 1;
1566#endif /* IEEE80211_IOC_SCAN_MAX_SSID */
1567	drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1568		WPA_DRIVER_AUTH_SHARED |
1569		WPA_DRIVER_AUTH_LEAP;
1570	return 0;
1571}
1572
1573static enum ieee80211_opmode
1574get80211opmode(struct bsd_driver_data *drv)
1575{
1576	struct ifmediareq ifmr;
1577
1578	(void) memset(&ifmr, 0, sizeof(ifmr));
1579	(void) os_strlcpy(ifmr.ifm_name, drv->ifname, sizeof(ifmr.ifm_name));
1580
1581	if (ioctl(drv->global->sock, SIOCGIFMEDIA, (caddr_t)&ifmr) >= 0) {
1582		if (ifmr.ifm_current & IFM_IEEE80211_ADHOC) {
1583			if (ifmr.ifm_current & IFM_FLAG0)
1584				return IEEE80211_M_AHDEMO;
1585			else
1586				return IEEE80211_M_IBSS;
1587		}
1588		if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP)
1589			return IEEE80211_M_HOSTAP;
1590		if (ifmr.ifm_current & IFM_IEEE80211_IBSS)
1591			return IEEE80211_M_IBSS;
1592		if (ifmr.ifm_current & IFM_IEEE80211_MONITOR)
1593			return IEEE80211_M_MONITOR;
1594#ifdef IEEE80211_M_MBSS
1595		if (ifmr.ifm_current & IFM_IEEE80211_MBSS)
1596			return IEEE80211_M_MBSS;
1597#endif /* IEEE80211_M_MBSS */
1598	}
1599	return IEEE80211_M_STA;
1600}
1601
1602static void *
1603wpa_driver_bsd_init(void *ctx, const char *ifname, void *priv)
1604{
1605#define	GETPARAM(drv, param, v) \
1606	(((v) = get80211param(drv, param)) != -1)
1607	struct bsd_driver_data *drv;
1608
1609	drv = os_zalloc(sizeof(*drv));
1610	if (drv == NULL)
1611		return NULL;
1612
1613	/*
1614	 * NB: We require the interface name be mappable to an index.
1615	 *     This implies we do not support having wpa_supplicant
1616	 *     wait for an interface to appear.  This seems ok; that
1617	 *     doesn't belong here; it's really the job of devd.
1618	 */
1619	drv->ifindex = if_nametoindex(ifname);
1620	if (drv->ifindex == 0) {
1621		wpa_printf(MSG_DEBUG, "%s: interface %s does not exist",
1622			   __func__, ifname);
1623		goto fail;
1624	}
1625
1626	drv->ctx = ctx;
1627	drv->global = priv;
1628	os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
1629
1630	if (!GETPARAM(drv, IEEE80211_IOC_ROAMING, drv->prev_roaming)) {
1631		wpa_printf(MSG_DEBUG, "%s: failed to get roaming state: %s",
1632			__func__, strerror(errno));
1633		goto fail;
1634	}
1635	if (!GETPARAM(drv, IEEE80211_IOC_PRIVACY, drv->prev_privacy)) {
1636		wpa_printf(MSG_DEBUG, "%s: failed to get privacy state: %s",
1637			__func__, strerror(errno));
1638		goto fail;
1639	}
1640	if (!GETPARAM(drv, IEEE80211_IOC_WPA, drv->prev_wpa)) {
1641		wpa_printf(MSG_DEBUG, "%s: failed to get wpa state: %s",
1642			__func__, strerror(errno));
1643		goto fail;
1644	}
1645
1646	if (wpa_driver_bsd_capa(drv))
1647		goto fail;
1648
1649	/* Down interface during setup. */
1650	if (bsd_ctrl_iface(drv, 0) < 0)
1651		goto fail;
1652
1653	drv->opmode = get80211opmode(drv);
1654	dl_list_add(&drv->global->ifaces, &drv->list);
1655
1656	return drv;
1657fail:
1658	os_free(drv);
1659	return NULL;
1660#undef GETPARAM
1661}
1662
1663static void
1664wpa_driver_bsd_deinit(void *priv)
1665{
1666	struct bsd_driver_data *drv = priv;
1667
1668	if (drv->ifindex != 0 && !drv->if_removed) {
1669		wpa_driver_bsd_set_wpa(drv, 0);
1670
1671		/* NB: mark interface down */
1672		bsd_ctrl_iface(drv, 0);
1673
1674		wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa,
1675						drv->prev_privacy);
1676
1677		if (set80211param(drv, IEEE80211_IOC_ROAMING, drv->prev_roaming)
1678		    < 0)
1679			wpa_printf(MSG_DEBUG,
1680				   "%s: failed to restore roaming state",
1681				   __func__);
1682	}
1683
1684	if (drv->sock_xmit != NULL)
1685		l2_packet_deinit(drv->sock_xmit);
1686	dl_list_del(&drv->list);
1687	os_free(drv);
1688}
1689
1690static int
1691wpa_driver_bsd_get_capa(void *priv, struct wpa_driver_capa *capa)
1692{
1693	struct bsd_driver_data *drv = priv;
1694
1695	os_memcpy(capa, &drv->capa, sizeof(*capa));
1696	return 0;
1697}
1698#endif /* HOSTAPD */
1699
1700static void *
1701bsd_global_init(void *ctx)
1702{
1703	struct bsd_driver_global *global;
1704
1705	global = os_zalloc(sizeof(*global));
1706	if (global == NULL)
1707		return NULL;
1708
1709	global->ctx = ctx;
1710	dl_list_init(&global->ifaces);
1711
1712	global->sock = socket(PF_INET, SOCK_DGRAM, 0);
1713	if (global->sock < 0) {
1714		wpa_printf(MSG_ERROR, "socket[PF_INET,SOCK_DGRAM]: %s",
1715			   strerror(errno));
1716		goto fail1;
1717	}
1718
1719	global->route = socket(PF_ROUTE, SOCK_RAW, 0);
1720	if (global->route < 0) {
1721		wpa_printf(MSG_ERROR, "socket[PF_ROUTE,SOCK_RAW]: %s",
1722			   strerror(errno));
1723		goto fail;
1724	}
1725
1726	global->event_buf_len = rtbuf_len();
1727	global->event_buf = os_malloc(global->event_buf_len);
1728	if (global->event_buf == NULL) {
1729		wpa_printf(MSG_ERROR, "%s: os_malloc() failed", __func__);
1730		goto fail;
1731	}
1732
1733#ifdef HOSTAPD
1734	eloop_register_read_sock(global->route, bsd_wireless_event_receive,
1735				 NULL, global);
1736
1737#else /* HOSTAPD */
1738	eloop_register_read_sock(global->route, wpa_driver_bsd_event_receive,
1739				 NULL, global);
1740#endif /* HOSTAPD */
1741
1742	return global;
1743
1744fail:
1745	close(global->sock);
1746fail1:
1747	os_free(global);
1748	return NULL;
1749}
1750
1751static void
1752bsd_global_deinit(void *priv)
1753{
1754	struct bsd_driver_global *global = priv;
1755
1756	eloop_unregister_read_sock(global->route);
1757	(void) close(global->route);
1758	(void) close(global->sock);
1759	os_free(global);
1760}
1761
1762
1763const struct wpa_driver_ops wpa_driver_bsd_ops = {
1764	.name			= "bsd",
1765	.desc			= "BSD 802.11 support",
1766	.global_init		= bsd_global_init,
1767	.global_deinit		= bsd_global_deinit,
1768#ifdef HOSTAPD
1769	.hapd_init		= bsd_init,
1770	.hapd_deinit		= bsd_deinit,
1771	.set_privacy		= bsd_set_privacy,
1772	.get_seqnum		= bsd_get_seqnum,
1773	.flush			= bsd_flush,
1774	.read_sta_data		= bsd_read_sta_driver_data,
1775	.sta_disassoc		= bsd_sta_disassoc,
1776	.sta_deauth		= bsd_sta_deauth,
1777	.sta_set_flags		= bsd_set_sta_authorized,
1778	.commit			= bsd_commit,
1779#else /* HOSTAPD */
1780	.init2			= wpa_driver_bsd_init,
1781	.deinit			= wpa_driver_bsd_deinit,
1782	.get_bssid		= wpa_driver_bsd_get_bssid,
1783	.get_ssid		= wpa_driver_bsd_get_ssid,
1784	.set_countermeasures	= wpa_driver_bsd_set_countermeasures,
1785	.scan2			= wpa_driver_bsd_scan,
1786	.get_scan_results2	= wpa_driver_bsd_get_scan_results2,
1787	.deauthenticate		= wpa_driver_bsd_deauthenticate,
1788	.associate		= wpa_driver_bsd_associate,
1789	.get_capa		= wpa_driver_bsd_get_capa,
1790#endif /* HOSTAPD */
1791	.set_freq		= bsd_set_freq,
1792	.set_key		= bsd_set_key,
1793	.set_ieee8021x		= bsd_set_ieee8021x,
1794	.hapd_set_ssid		= bsd_set_ssid,
1795	.hapd_get_ssid		= bsd_get_ssid,
1796	.hapd_send_eapol	= bsd_send_eapol,
1797	.set_generic_elem	= bsd_set_opt_ie,
1798};
1799