summaryrefslogtreecommitdiff
path: root/package/iwinfo/src/iwinfo_wext_scan.c
diff options
context:
space:
mode:
Diffstat (limited to 'package/iwinfo/src/iwinfo_wext_scan.c')
-rw-r--r--package/iwinfo/src/iwinfo_wext_scan.c646
1 files changed, 646 insertions, 0 deletions
diff --git a/package/iwinfo/src/iwinfo_wext_scan.c b/package/iwinfo/src/iwinfo_wext_scan.c
new file mode 100644
index 0000000000..11725c9385
--- /dev/null
+++ b/package/iwinfo/src/iwinfo_wext_scan.c
@@ -0,0 +1,646 @@
+/*
+ * iwinfo - Wireless Information Library - Linux Wireless Extension Backend
+ *
+ * Copyright (C) 2009-2010 Jo-Philipp Wich <xm@subsignal.org>
+ *
+ * The iwinfo library is free software: you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * The iwinfo library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with the iwinfo library. If not, see http://www.gnu.org/licenses/.
+ *
+ * Parts of this code are derived from the Linux wireless tools, iwlib.c,
+ * iwlist.c and iwconfig.c in particular.
+ */
+
+#include "iwinfo.h"
+#include "iwinfo/wext_scan.h"
+
+
+static int wext_ioctl(const char *ifname, int cmd, struct iwreq *wrq)
+{
+ strncpy(wrq->ifr_name, ifname, IFNAMSIZ);
+ return iwinfo_ioctl(cmd, wrq);
+}
+
+static inline double wext_freq2float(const struct iw_freq *in)
+{
+ int i;
+ double res = (double) in->m;
+ for(i = 0; i < in->e; i++) res *= 10;
+ return res;
+}
+
+static inline int wext_extract_event(struct stream_descr *stream, struct iw_event *iwe, int wev)
+{
+ const struct iw_ioctl_description *descr = NULL;
+ int event_type = 0;
+ unsigned int event_len = 1;
+ char *pointer;
+ unsigned cmd_index; /* *MUST* be unsigned */
+
+ /* Check for end of stream */
+ if((stream->current + IW_EV_LCP_PK_LEN) > stream->end)
+ return 0;
+
+ /* Extract the event header (to get the event id).
+ * Note : the event may be unaligned, therefore copy... */
+ memcpy((char *) iwe, stream->current, IW_EV_LCP_PK_LEN);
+
+ /* Check invalid events */
+ if(iwe->len <= IW_EV_LCP_PK_LEN)
+ return -1;
+
+ /* Get the type and length of that event */
+ if(iwe->cmd <= SIOCIWLAST)
+ {
+ cmd_index = iwe->cmd - SIOCIWFIRST;
+ if(cmd_index < standard_ioctl_num)
+ descr = &(standard_ioctl_descr[cmd_index]);
+ }
+ else
+ {
+ cmd_index = iwe->cmd - IWEVFIRST;
+ if(cmd_index < standard_event_num)
+ descr = &(standard_event_descr[cmd_index]);
+ }
+
+ if(descr != NULL)
+ event_type = descr->header_type;
+
+ /* Unknown events -> event_type=0 => IW_EV_LCP_PK_LEN */
+ event_len = event_type_size[event_type];
+
+ /* Fixup for earlier version of WE */
+ if((wev <= 18) && (event_type == IW_HEADER_TYPE_POINT))
+ event_len += IW_EV_POINT_OFF;
+
+ /* Check if we know about this event */
+ if(event_len <= IW_EV_LCP_PK_LEN)
+ {
+ /* Skip to next event */
+ stream->current += iwe->len;
+ return 2;
+ }
+
+ event_len -= IW_EV_LCP_PK_LEN;
+
+ /* Set pointer on data */
+ if(stream->value != NULL)
+ pointer = stream->value; /* Next value in event */
+ else
+ pointer = stream->current + IW_EV_LCP_PK_LEN; /* First value in event */
+
+ /* Copy the rest of the event (at least, fixed part) */
+ if((pointer + event_len) > stream->end)
+ {
+ /* Go to next event */
+ stream->current += iwe->len;
+ return -2;
+ }
+
+ /* Fixup for WE-19 and later : pointer no longer in the stream */
+ /* Beware of alignement. Dest has local alignement, not packed */
+ if( (wev > 18) && (event_type == IW_HEADER_TYPE_POINT) )
+ memcpy((char *) iwe + IW_EV_LCP_LEN + IW_EV_POINT_OFF, pointer, event_len);
+ else
+ memcpy((char *) iwe + IW_EV_LCP_LEN, pointer, event_len);
+
+ /* Skip event in the stream */
+ pointer += event_len;
+
+ /* Special processing for iw_point events */
+ if(event_type == IW_HEADER_TYPE_POINT)
+ {
+ /* Check the length of the payload */
+ unsigned int extra_len = iwe->len - (event_len + IW_EV_LCP_PK_LEN);
+ if(extra_len > 0)
+ {
+ /* Set pointer on variable part (warning : non aligned) */
+ iwe->u.data.pointer = pointer;
+
+ /* Check that we have a descriptor for the command */
+ if(descr == NULL)
+ /* Can't check payload -> unsafe... */
+ iwe->u.data.pointer = NULL; /* Discard paylod */
+ else
+ {
+ /* Those checks are actually pretty hard to trigger,
+ * because of the checks done in the kernel... */
+
+ unsigned int token_len = iwe->u.data.length * descr->token_size;
+
+ /* Ugly fixup for alignement issues.
+ * If the kernel is 64 bits and userspace 32 bits,
+ * we have an extra 4+4 bytes.
+ * Fixing that in the kernel would break 64 bits userspace. */
+ if((token_len != extra_len) && (extra_len >= 4))
+ {
+ uint16_t alt_dlen = *((uint16_t *) pointer);
+ unsigned int alt_token_len = alt_dlen * descr->token_size;
+ if((alt_token_len + 8) == extra_len)
+ {
+ /* Ok, let's redo everything */
+ pointer -= event_len;
+ pointer += 4;
+ /* Dest has local alignement, not packed */
+ memcpy((char *) iwe + IW_EV_LCP_LEN + IW_EV_POINT_OFF, pointer, event_len);
+ pointer += event_len + 4;
+ iwe->u.data.pointer = pointer;
+ token_len = alt_token_len;
+ }
+ }
+
+ /* Discard bogus events which advertise more tokens than
+ * what they carry... */
+ if(token_len > extra_len)
+ iwe->u.data.pointer = NULL; /* Discard paylod */
+
+ /* Check that the advertised token size is not going to
+ * produce buffer overflow to our caller... */
+ if((iwe->u.data.length > descr->max_tokens)
+ && !(descr->flags & IW_DESCR_FLAG_NOMAX))
+ iwe->u.data.pointer = NULL; /* Discard paylod */
+
+ /* Same for underflows... */
+ if(iwe->u.data.length < descr->min_tokens)
+ iwe->u.data.pointer = NULL; /* Discard paylod */
+ }
+ }
+ else
+ /* No data */
+ iwe->u.data.pointer = NULL;
+
+ /* Go to next event */
+ stream->current += iwe->len;
+ }
+ else
+ {
+ /* Ugly fixup for alignement issues.
+ * If the kernel is 64 bits and userspace 32 bits,
+ * we have an extra 4 bytes.
+ * Fixing that in the kernel would break 64 bits userspace. */
+ if((stream->value == NULL)
+ && ((((iwe->len - IW_EV_LCP_PK_LEN) % event_len) == 4)
+ || ((iwe->len == 12) && ((event_type == IW_HEADER_TYPE_UINT) ||
+ (event_type == IW_HEADER_TYPE_QUAL))) ))
+ {
+ pointer -= event_len;
+ pointer += 4;
+ /* Beware of alignement. Dest has local alignement, not packed */
+ memcpy((char *) iwe + IW_EV_LCP_LEN, pointer, event_len);
+ pointer += event_len;
+ }
+
+ /* Is there more value in the event ? */
+ if((pointer + event_len) <= (stream->current + iwe->len))
+ /* Go to next value */
+ stream->value = pointer;
+ else
+ {
+ /* Go to next event */
+ stream->value = NULL;
+ stream->current += iwe->len;
+ }
+ }
+
+ return 1;
+}
+
+static inline void wext_fill_wpa(unsigned char *iebuf, int buflen, struct iwinfo_scanlist_entry *e)
+{
+ int ielen = iebuf[1] + 2;
+ int offset = 2; /* Skip the IE id, and the length. */
+ unsigned char wpa1_oui[3] = {0x00, 0x50, 0xf2};
+ unsigned char wpa2_oui[3] = {0x00, 0x0f, 0xac};
+ unsigned char *wpa_oui;
+ int i;
+ uint16_t ver = 0;
+ uint16_t cnt = 0;
+ int wpa1 = 0, wpa2 = 0;
+ char buf[256];
+
+ struct iwinfo_crypto_entry *ce = &e->crypto;
+
+ if(ielen > buflen)
+ ielen = buflen;
+
+ switch(iebuf[0])
+ {
+ case 0x30: /* WPA2 */
+ /* Check if we have enough data */
+ if(ielen < 4)
+ return;
+
+ wpa_oui = wpa2_oui;
+ break;
+
+ case 0xdd: /* WPA or else */
+ wpa_oui = wpa1_oui;
+ /* Not all IEs that start with 0xdd are WPA.
+ * * So check that the OUI is valid. */
+ if((ielen < 8) || ((memcmp(&iebuf[offset], wpa_oui, 3) != 0)
+ && (iebuf[offset+3] == 0x01)))
+ return;
+
+ offset += 4;
+ break;
+
+ default:
+ return;
+ }
+
+ /* Pick version number (little endian) */
+ ver = iebuf[offset] | (iebuf[offset + 1] << 8);
+ offset += 2;
+
+ if(iebuf[0] == 0xdd)
+ wpa1 = 1;
+
+ if(iebuf[0] == 0x30)
+ wpa2 = 1;
+
+ if( wpa1 && (ce->wpa_version == 2) )
+ ce->wpa_version = 3;
+ else if( wpa2 && (ce->wpa_version == 1) )
+ ce->wpa_version = 3;
+ else if( wpa1 && !ce->wpa_version )
+ ce->wpa_version = 1;
+ else if( wpa2 && !ce->wpa_version )
+ ce->wpa_version = 2;
+
+ if(ielen < (offset + 4))
+ {
+ ce->group_ciphers |= (1<<2); /* TKIP */
+ ce->pair_ciphers |= (1<<2); /* TKIP */
+ ce->auth_suites |= (1<<2); /* PSK */
+ return;
+ }
+
+ if(memcmp(&iebuf[offset], wpa_oui, 3) != 0)
+ ce->group_ciphers |= (1<<7); /* Proprietary */
+ else
+ ce->group_ciphers |= (1<<iebuf[offset+3]);
+
+ offset += 4;
+
+ if(ielen < (offset + 2))
+ {
+ ce->pair_ciphers |= (1<<2); /* TKIP */
+ ce->auth_suites |= (1<<2); /* PSK */
+ return;
+ }
+
+ /* Otherwise, we have some number of pairwise ciphers. */
+ cnt = iebuf[offset] | (iebuf[offset + 1] << 8);
+ offset += 2;
+
+ if(ielen < (offset + 4*cnt))
+ return;
+
+ *buf = '\0';
+ for(i = 0; i < cnt; i++)
+ {
+ if(memcmp(&iebuf[offset], wpa_oui, 3) != 0)
+ ce->pair_ciphers |= (1<<7); /* Proprietary */
+ else if(iebuf[offset+3] <= IW_IE_CYPHER_NUM)
+ ce->pair_ciphers |= (1<<iebuf[offset+3]);
+ //else
+ // ce->pair_ciphers[ce->pair_cipher_num++] = 255; /* Unknown */
+
+ offset += 4;
+ }
+
+ /* Check if we are done */
+ if(ielen < (offset + 2))
+ return;
+
+ /* Now, we have authentication suites. */
+ cnt = iebuf[offset] | (iebuf[offset + 1] << 8);
+ offset += 2;
+ *buf = '\0';
+
+ if(ielen < (offset + 4*cnt))
+ return;
+
+ for(i = 0; i < cnt; i++)
+ {
+ if(memcmp(&iebuf[offset], wpa_oui, 3) != 0)
+ ce->auth_suites |= (1<<7); /* Proprietary */
+ else if(iebuf[offset+3] <= IW_IE_KEY_MGMT_NUM)
+ ce->auth_suites |= (1<<iebuf[offset+3]);
+ //else
+ // ce->auth_suites[ce->auth_suite_num++] = 255; /* Unknown */
+
+ offset += 4;
+ }
+}
+
+
+static inline void wext_fill_entry(struct stream_descr *stream, struct iw_event *event,
+ struct iw_range *iw_range, int has_range, struct iwinfo_scanlist_entry *e)
+{
+ int i;
+ double freq;
+
+ /* Now, let's decode the event */
+ switch(event->cmd)
+ {
+ case SIOCGIWAP:
+ memcpy(e->mac, &event->u.ap_addr.sa_data, 6);
+ break;
+
+ case SIOCGIWFREQ:
+ if( event->u.freq.m >= 1000 )
+ {
+ freq = wext_freq2float(&(event->u.freq));
+
+ for(i = 0; i < iw_range->num_frequency; i++)
+ {
+ if( wext_freq2float(&iw_range->freq[i]) == freq )
+ {
+ e->channel = iw_range->freq[i].i;
+ break;
+ }
+ }
+ }
+ else
+ {
+ e->channel = event->u.freq.m;
+ }
+
+ break;
+
+ case SIOCGIWMODE:
+ switch(event->u.mode)
+ {
+ case 1:
+ sprintf((char *) e->mode, "Ad-Hoc");
+ break;
+
+ case 2:
+ case 3:
+ sprintf((char *) e->mode, "Master");
+ break;
+
+ default:
+ sprintf((char *) e->mode, "Unknown");
+ }
+
+ break;
+
+ case SIOCGIWESSID:
+ if( event->u.essid.pointer && event->u.essid.length && event->u.essid.flags )
+ memcpy(e->ssid, event->u.essid.pointer, event->u.essid.length);
+
+ break;
+
+ case SIOCGIWENCODE:
+ e->crypto.enabled = !(event->u.data.flags & IW_ENCODE_DISABLED);
+ break;
+
+ case IWEVQUAL:
+ e->signal = event->u.qual.level;
+ e->quality = event->u.qual.qual;
+ e->quality_max = iw_range->max_qual.qual;
+ break;
+#if 0
+ case SIOCGIWRATE:
+ if(state->val_index == 0)
+ {
+ lua_pushstring(L, "bitrates");
+ lua_newtable(L);
+ }
+ //iw_print_bitrate(buffer, sizeof(buffer), event->u.bitrate.value);
+ snprintf(buffer, sizeof(buffer), "%d", event->u.bitrate.value);
+ lua_pushinteger(L, state->val_index + 1);
+ lua_pushstring(L, buffer);
+ lua_settable(L, -3);
+
+ /* Check for termination */
+ if(stream->value == NULL)
+ {
+ lua_settable(L, -3);
+ state->val_index = 0;
+ } else
+ state->val_index++;
+ break;
+#endif
+ case IWEVGENIE:
+ i = 0;
+
+ while(i <= (event->u.data.length - 2))
+ {
+ switch(((unsigned char *)event->u.data.pointer)[i])
+ {
+ case 0xdd: /* WPA1 (and other) */
+ case 0x30: /* WPA2 */
+ wext_fill_wpa((unsigned char *)event->u.data.pointer + i,
+ event->u.data.length, e);
+
+ break;
+ }
+
+ i += ((unsigned char *)event->u.data.pointer)[i+1] + 2;
+ }
+
+ break;
+ }
+}
+
+
+int wext_get_scanlist(const char *ifname, char *buf, int *len)
+{
+ struct iwreq wrq;
+ struct iw_scan_req scanopt; /* Options for 'set' */
+ unsigned char *buffer = NULL; /* Results */
+ int buflen = IW_SCAN_MAX_DATA; /* Min for compat WE<17 */
+ struct iw_range range;
+ int has_range = 1;
+ struct timeval tv; /* Select timeout */
+ int timeout = 15000000; /* 15s */
+
+ int entrylen = 0;
+ struct iwinfo_scanlist_entry e;
+
+ wrq.u.data.pointer = (caddr_t) &range;
+ wrq.u.data.length = sizeof(struct iw_range);
+ wrq.u.data.flags = 0;
+
+ if( wext_ioctl(ifname, SIOCGIWRANGE, &wrq) >= 0 )
+ {
+ /* Init timeout value -> 250ms between set and first get */
+ tv.tv_sec = 0;
+ tv.tv_usec = 250000;
+
+ /* Clean up set args */
+ memset(&scanopt, 0, sizeof(scanopt));
+
+ wrq.u.data.pointer = NULL;
+ wrq.u.data.flags = 0;
+ wrq.u.data.length = 0;
+
+ /* Initiate Scanning */
+ if( wext_ioctl(ifname, SIOCSIWSCAN, &wrq) >= 0 )
+ {
+ timeout -= tv.tv_usec;
+
+ /* Forever */
+ while(1)
+ {
+ fd_set rfds; /* File descriptors for select */
+ int last_fd; /* Last fd */
+ int ret;
+
+ /* Guess what ? We must re-generate rfds each time */
+ FD_ZERO(&rfds);
+ last_fd = -1;
+ /* In here, add the rtnetlink fd in the list */
+
+ /* Wait until something happens */
+ ret = select(last_fd + 1, &rfds, NULL, NULL, &tv);
+
+ /* Check if there was an error */
+ if(ret < 0)
+ {
+ if(errno == EAGAIN || errno == EINTR)
+ continue;
+
+ return -1;
+ }
+
+ /* Check if there was a timeout */
+ if(ret == 0)
+ {
+ unsigned char *newbuf;
+
+ realloc:
+ /* (Re)allocate the buffer - realloc(NULL, len) == malloc(len) */
+ newbuf = realloc(buffer, buflen);
+ if(newbuf == NULL)
+ {
+ if(buffer)
+ free(buffer);
+
+ return -1;
+ }
+
+ buffer = newbuf;
+
+ /* Try to read the results */
+ wrq.u.data.pointer = buffer;
+ wrq.u.data.flags = 0;
+ wrq.u.data.length = buflen;
+
+ if( wext_ioctl(ifname, SIOCGIWSCAN, &wrq) )
+ {
+ /* Check if buffer was too small (WE-17 only) */
+ if((errno == E2BIG) && (range.we_version_compiled > 16))
+ {
+ /* Some driver may return very large scan results, either
+ * because there are many cells, or because they have many
+ * large elements in cells (like IWEVCUSTOM). Most will
+ * only need the regular sized buffer. We now use a dynamic
+ * allocation of the buffer to satisfy everybody. Of course,
+ * as we don't know in advance the size of the array, we try
+ * various increasing sizes. Jean II */
+
+ /* Check if the driver gave us any hints. */
+ if(wrq.u.data.length > buflen)
+ buflen = wrq.u.data.length;
+ else
+ buflen *= 2;
+
+ /* Try again */
+ goto realloc;
+ }
+
+ /* Check if results not available yet */
+ if(errno == EAGAIN)
+ {
+ /* Restart timer for only 100ms*/
+ tv.tv_sec = 0;
+ tv.tv_usec = 100000;
+ timeout -= tv.tv_usec;
+
+ if(timeout > 0)
+ continue; /* Try again later */
+ }
+
+ /* Bad error */
+ free(buffer);
+ return -1;
+
+ } else {
+ /* We have the results, go to process them */
+ break;
+ }
+ }
+ }
+
+ if( wrq.u.data.length )
+ {
+ struct iw_event iwe;
+ struct stream_descr stream;
+ int ret;
+ int first = 1;
+
+ memset(&stream, 0, sizeof(stream));
+ stream.current = (char *)buffer;
+ stream.end = (char *)buffer + wrq.u.data.length;
+
+ do
+ {
+ /* Extract an event and print it */
+ ret = wext_extract_event(&stream, &iwe, range.we_version_compiled);
+
+ if(ret >= 0)
+ {
+ if( (iwe.cmd == SIOCGIWAP) || (ret == 0) )
+ {
+ if( first )
+ {
+ first = 0;
+ }
+ else if( (entrylen + sizeof(struct iwinfo_scanlist_entry)) <= IWINFO_BUFSIZE )
+ {
+ /* if encryption is off, clear the crypto strunct */
+ if( !e.crypto.enabled )
+ memset(&e.crypto, 0, sizeof(struct iwinfo_crypto_entry));
+
+ memcpy(&buf[entrylen], &e, sizeof(struct iwinfo_scanlist_entry));
+ entrylen += sizeof(struct iwinfo_scanlist_entry);
+ }
+ else
+ {
+ /* we exceed the callers buffer size, abort here ... */
+ break;
+ }
+
+ memset(&e, 0, sizeof(struct iwinfo_scanlist_entry));
+ }
+
+ wext_fill_entry(&stream, &iwe, &range, has_range, &e);
+ }
+
+ } while(ret > 0);
+
+ free(buffer);
+ *len = entrylen;
+ return 0;
+ }
+
+ *len = 0;
+ free(buffer);
+ return 0;
+ }
+ }
+
+ return -1;
+}