The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/net80211/ieee80211_ioctl.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*      $NetBSD: ieee80211_ioctl.c,v 1.55 2011/04/02 08:11:32 mbalmer Exp $     */
    2 /*-
    3  * Copyright (c) 2001 Atsushi Onoe
    4  * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
    5  * All rights reserved.
    6  *
    7  * Redistribution and use in source and binary forms, with or without
    8  * modification, are permitted provided that the following conditions
    9  * are met:
   10  * 1. Redistributions of source code must retain the above copyright
   11  *    notice, this list of conditions and the following disclaimer.
   12  * 2. Redistributions in binary form must reproduce the above copyright
   13  *    notice, this list of conditions and the following disclaimer in the
   14  *    documentation and/or other materials provided with the distribution.
   15  * 3. The name of the author may not be used to endorse or promote products
   16  *    derived from this software without specific prior written permission.
   17  *
   18  * Alternatively, this software may be distributed under the terms of the
   19  * GNU General Public License ("GPL") version 2 as published by the Free
   20  * Software Foundation.
   21  *
   22  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   23  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   24  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   25  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
   26  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   27  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   28  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   29  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   30  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   31  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   32  */
   33 
   34 #include <sys/cdefs.h>
   35 #ifdef __FreeBSD__
   36 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_ioctl.c,v 1.35 2005/08/30 14:27:47 avatar Exp $");
   37 #endif
   38 #ifdef __NetBSD__
   39 __KERNEL_RCSID(0, "$NetBSD: ieee80211_ioctl.c,v 1.55 2011/04/02 08:11:32 mbalmer Exp $");
   40 #endif
   41 
   42 /*
   43  * IEEE 802.11 ioctl support (FreeBSD-specific)
   44  */
   45 
   46 #include "opt_inet.h"
   47 #include "opt_compat_netbsd.h"
   48 
   49 #include <sys/endian.h>
   50 #include <sys/param.h>
   51 #include <sys/kernel.h>
   52 #include <sys/socket.h>
   53 #include <sys/sockio.h>
   54 #include <sys/systm.h>
   55 #include <sys/proc.h>
   56 #include <sys/kauth.h>
   57  
   58 #include <net/if.h>
   59 #include <net/if_arp.h>
   60 #include <net/if_media.h>
   61 #include <net/if_ether.h>
   62 
   63 #ifdef INET
   64 #include <netinet/in.h>
   65 #include <netinet/if_inarp.h>
   66 #endif
   67 
   68 #include <net80211/ieee80211_var.h>
   69 #include <net80211/ieee80211_ioctl.h>
   70 
   71 #include <dev/ic/wi_ieee.h>
   72 
   73 #if defined(COMPAT_09) || defined(COMPAT_10) || defined(COMPAT_11) || \
   74     defined(COMPAT_12) || defined(COMPAT_13) || defined(COMPAT_14) || \
   75     defined(COMPAT_15) || defined(COMPAT_16) || defined(COMPAT_20) || \
   76     defined(COMPAT_30) || defined(COMPAT_40)
   77 #include <compat/sys/sockio.h>
   78 #endif
   79 
   80 #ifdef __FreeBSD__
   81 #define IS_UP(_ic) \
   82         (((_ic)->ic_ifp->if_flags & IFF_UP) &&                  \
   83             ((_ic)->ic_ifp->if_drv_flags & IFF_DRV_RUNNING))
   84 #endif
   85 #ifdef __NetBSD__
   86 #define IS_UP(_ic) \
   87         (((_ic)->ic_ifp->if_flags & IFF_UP) &&                  \
   88             ((_ic)->ic_ifp->if_flags & IFF_RUNNING))
   89 #endif
   90 #define IS_UP_AUTO(_ic) \
   91         (IS_UP(_ic) && (_ic)->ic_roaming == IEEE80211_ROAMING_AUTO)
   92 
   93 /*
   94  * XXX
   95  * Wireless LAN specific configuration interface, which is compatible
   96  * with wicontrol(8).
   97  */
   98 
   99 struct wi_read_ap_args {
  100         int     i;              /* result count */
  101         struct wi_apinfo *ap;   /* current entry in result buffer */
  102         void *  max;            /* result buffer bound */
  103 };
  104 
  105 static void
  106 wi_read_ap_result(void *arg, struct ieee80211_node *ni)
  107 {
  108         struct ieee80211com *ic = ni->ni_ic;
  109         struct wi_read_ap_args *sa = arg;
  110         struct wi_apinfo *ap = sa->ap;
  111         struct ieee80211_rateset *rs;
  112         int j;
  113 
  114         if ((void *)(ap + 1) > sa->max)
  115                 return;
  116         memset(ap, 0, sizeof(struct wi_apinfo));
  117         if (ic->ic_opmode == IEEE80211_M_HOSTAP) {
  118                 IEEE80211_ADDR_COPY(ap->bssid, ni->ni_macaddr);
  119                 ap->namelen = ic->ic_des_esslen;
  120                 if (ic->ic_des_esslen)
  121                         memcpy(ap->name, ic->ic_des_essid,
  122                             ic->ic_des_esslen);
  123         } else {
  124                 IEEE80211_ADDR_COPY(ap->bssid, ni->ni_bssid);
  125                 ap->namelen = ni->ni_esslen;
  126                 if (ni->ni_esslen)
  127                         memcpy(ap->name, ni->ni_essid,
  128                             ni->ni_esslen);
  129         }
  130         ap->channel = ieee80211_chan2ieee(ic, ni->ni_chan);
  131         ap->signal = ic->ic_node_getrssi(ni);
  132         ap->capinfo = ni->ni_capinfo;
  133         ap->interval = ni->ni_intval;
  134         rs = &ni->ni_rates;
  135         for (j = 0; j < rs->rs_nrates; j++) {
  136                 if (rs->rs_rates[j] & IEEE80211_RATE_BASIC) {
  137                         ap->rate = (rs->rs_rates[j] &
  138                             IEEE80211_RATE_VAL) * 5; /* XXX */
  139                 }
  140         }
  141         sa->i++;
  142         sa->ap++;
  143 }
  144 
  145 struct wi_read_prism2_args {
  146         int     i;              /* result count */
  147         struct wi_scan_res *res;/* current entry in result buffer */
  148         void *  max;            /* result buffer bound */
  149 };
  150 
  151 #if 0
  152 static void
  153 wi_read_prism2_result(void *arg, struct ieee80211_node *ni)
  154 {
  155         struct ieee80211com *ic = ni->ni_ic;
  156         struct wi_read_prism2_args *sa = arg;
  157         struct wi_scan_res *res = sa->res;
  158 
  159         if ((void *)(res + 1) > sa->max)
  160                 return;
  161         res->wi_chan = ieee80211_chan2ieee(ic, ni->ni_chan);
  162         res->wi_noise = 0;
  163         res->wi_signal = ic->ic_node_getrssi(ni);
  164         IEEE80211_ADDR_COPY(res->wi_bssid, ni->ni_bssid);
  165         res->wi_interval = ni->ni_intval;
  166         res->wi_capinfo = ni->ni_capinfo;
  167         res->wi_ssid_len = ni->ni_esslen;
  168         memcpy(res->wi_ssid, ni->ni_essid, IEEE80211_NWID_LEN);
  169         /* NB: assumes wi_srates holds <= ni->ni_rates */
  170         memcpy(res->wi_srates, ni->ni_rates.rs_rates,
  171                 sizeof(res->wi_srates));
  172         if (ni->ni_rates.rs_nrates < 10)
  173                 res->wi_srates[ni->ni_rates.rs_nrates] = 0;
  174         res->wi_rate = ni->ni_rates.rs_rates[ni->ni_txrate];
  175         res->wi_rsvd = 0;
  176 
  177         sa->i++;
  178         sa->res++;
  179 }
  180 
  181 struct wi_read_sigcache_args {
  182         int     i;              /* result count */
  183         struct wi_sigcache *wsc;/* current entry in result buffer */
  184         void *  max;            /* result buffer bound */
  185 };
  186 
  187 static void
  188 wi_read_sigcache(void *arg, struct ieee80211_node *ni)
  189 {
  190         struct ieee80211com *ic = ni->ni_ic;
  191         struct wi_read_sigcache_args *sa = arg;
  192         struct wi_sigcache *wsc = sa->wsc;
  193 
  194         if ((void *)(wsc + 1) > sa->max)
  195                 return;
  196         memset(wsc, 0, sizeof(struct wi_sigcache));
  197         IEEE80211_ADDR_COPY(wsc->macsrc, ni->ni_macaddr);
  198         wsc->signal = ic->ic_node_getrssi(ni);
  199 
  200         sa->wsc++;
  201         sa->i++;
  202 }
  203 #endif
  204 
  205 int
  206 ieee80211_cfgget(struct ieee80211com *ic, u_long cmd, void *data)
  207 {
  208         struct ifnet *ifp = ic->ic_ifp;
  209         int i, j, error;
  210         struct ifreq *ifr = (struct ifreq *)data;
  211         struct wi_req *wreq;
  212         struct wi_ltv_keys *keys;
  213 
  214         wreq = malloc(sizeof(*wreq), M_TEMP, M_WAITOK);
  215         error = copyin(ifr->ifr_data, wreq, sizeof(*wreq));
  216         if (error)
  217                 goto out;
  218         wreq->wi_len = 0;
  219         switch (wreq->wi_type) {
  220         case WI_RID_SERIALNO:
  221         case WI_RID_STA_IDENTITY:
  222                 /* nothing appropriate */
  223                 break;
  224         case WI_RID_NODENAME:
  225                 strlcpy((char *)&wreq->wi_val[1], hostname,
  226                     sizeof(wreq->wi_val) - sizeof(wreq->wi_val[0]));
  227                 wreq->wi_val[0] = htole16(strlen(hostname));
  228                 wreq->wi_len = (1 + strlen(hostname) + 1) / 2;
  229                 break;
  230         case WI_RID_CURRENT_SSID:
  231                 if (ic->ic_state != IEEE80211_S_RUN) {
  232                         wreq->wi_val[0] = 0;
  233                         wreq->wi_len = 1;
  234                         break;
  235                 }
  236                 wreq->wi_val[0] = htole16(ic->ic_bss->ni_esslen);
  237                 memcpy(&wreq->wi_val[1], ic->ic_bss->ni_essid,
  238                     ic->ic_bss->ni_esslen);
  239                 wreq->wi_len = (1 + ic->ic_bss->ni_esslen + 1) / 2;
  240                 break;
  241         case WI_RID_OWN_SSID:
  242         case WI_RID_DESIRED_SSID:
  243                 wreq->wi_val[0] = htole16(ic->ic_des_esslen);
  244                 memcpy(&wreq->wi_val[1], ic->ic_des_essid, ic->ic_des_esslen);
  245                 wreq->wi_len = (1 + ic->ic_des_esslen + 1) / 2;
  246                 break;
  247         case WI_RID_CURRENT_BSSID:
  248                 if (ic->ic_state == IEEE80211_S_RUN)
  249                         IEEE80211_ADDR_COPY(wreq->wi_val, ic->ic_bss->ni_bssid);
  250                 else
  251                         memset(wreq->wi_val, 0, IEEE80211_ADDR_LEN);
  252                 wreq->wi_len = IEEE80211_ADDR_LEN / 2;
  253                 break;
  254         case WI_RID_CHANNEL_LIST:
  255                 memset(wreq->wi_val, 0, sizeof(wreq->wi_val));
  256                 /*
  257                  * Since channel 0 is not available for DS, channel 1
  258                  * is assigned to LSB on WaveLAN.
  259                  */
  260                 if (ic->ic_phytype == IEEE80211_T_DS)
  261                         i = 1;
  262                 else
  263                         i = 0;
  264                 for (j = 0; i <= IEEE80211_CHAN_MAX; i++, j++)
  265                         if (isset(ic->ic_chan_active, i)) {
  266                                 setbit((u_int8_t *)wreq->wi_val, j);
  267                                 wreq->wi_len = j / 16 + 1;
  268                         }
  269                 break;
  270         case WI_RID_OWN_CHNL:
  271                 wreq->wi_val[0] = htole16(
  272                         ieee80211_chan2ieee(ic, ic->ic_ibss_chan));
  273                 wreq->wi_len = 1;
  274                 break;
  275         case WI_RID_CURRENT_CHAN:
  276                 wreq->wi_val[0] = htole16(
  277                         ieee80211_chan2ieee(ic, ic->ic_curchan));
  278                 wreq->wi_len = 1;
  279                 break;
  280         case WI_RID_COMMS_QUALITY:
  281                 wreq->wi_val[0] = 0;                            /* quality */
  282                 wreq->wi_val[1] = htole16(ic->ic_node_getrssi(ic->ic_bss));
  283                 wreq->wi_val[2] = 0;                            /* noise */
  284                 wreq->wi_len = 3;
  285                 break;
  286         case WI_RID_PROMISC:
  287                 wreq->wi_val[0] = htole16((ifp->if_flags & IFF_PROMISC) ? 1 : 0);
  288                 wreq->wi_len = 1;
  289                 break;
  290         case WI_RID_PORTTYPE:
  291                 wreq->wi_val[0] = htole16(ic->ic_opmode);
  292                 wreq->wi_len = 1;
  293                 break;
  294         case WI_RID_MAC_NODE:
  295                 IEEE80211_ADDR_COPY(wreq->wi_val, ic->ic_myaddr);
  296                 wreq->wi_len = IEEE80211_ADDR_LEN / 2;
  297                 break;
  298         case WI_RID_TX_RATE:
  299                 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE)
  300                         wreq->wi_val[0] = 0;    /* auto */
  301                 else
  302                         wreq->wi_val[0] = htole16(
  303                             (ic->ic_sup_rates[ic->ic_curmode].rs_rates[ic->ic_fixed_rate] &
  304                             IEEE80211_RATE_VAL) / 2);
  305                 wreq->wi_len = 1;
  306                 break;
  307         case WI_RID_CUR_TX_RATE:
  308                 wreq->wi_val[0] = htole16(
  309                     (ic->ic_bss->ni_rates.rs_rates[ic->ic_bss->ni_txrate] &
  310                     IEEE80211_RATE_VAL) / 2);
  311                 wreq->wi_len = 1;
  312                 break;
  313         case WI_RID_FRAG_THRESH:
  314                 wreq->wi_val[0] = htole16(ic->ic_fragthreshold);
  315                 wreq->wi_len = 1;
  316                 break;
  317         case WI_RID_RTS_THRESH:
  318                 wreq->wi_val[0] = htole16(ic->ic_rtsthreshold);
  319                 wreq->wi_len = 1;
  320                 break;
  321         case WI_RID_CREATE_IBSS:
  322                 wreq->wi_val[0] =
  323                     htole16((ic->ic_flags & IEEE80211_F_IBSSON) ? 1 : 0);
  324                 wreq->wi_len = 1;
  325                 break;
  326         case WI_RID_MICROWAVE_OVEN:
  327                 wreq->wi_val[0] = 0;    /* no ... not supported */
  328                 wreq->wi_len = 1;
  329                 break;
  330         case WI_RID_ROAMING_MODE:
  331                 wreq->wi_val[0] = htole16(ic->ic_roaming);      /* XXX map */
  332                 wreq->wi_len = 1;
  333                 break;
  334         case WI_RID_SYSTEM_SCALE:
  335                 wreq->wi_val[0] = htole16(1);   /* low density ... not supp */
  336                 wreq->wi_len = 1;
  337                 break;
  338         case WI_RID_PM_ENABLED:
  339                 wreq->wi_val[0] =
  340                     htole16((ic->ic_flags & IEEE80211_F_PMGTON) ? 1 : 0);
  341                 wreq->wi_len = 1;
  342                 break;
  343         case WI_RID_MAX_SLEEP:
  344                 wreq->wi_val[0] = htole16(ic->ic_lintval);
  345                 wreq->wi_len = 1;
  346                 break;
  347         case WI_RID_CUR_BEACON_INT:
  348                 wreq->wi_val[0] = htole16(ic->ic_bss->ni_intval);
  349                 wreq->wi_len = 1;
  350                 break;
  351         case WI_RID_WEP_AVAIL:
  352                 wreq->wi_val[0] = htole16(1);   /* always available */
  353                 wreq->wi_len = 1;
  354                 break;
  355         case WI_RID_CNFAUTHMODE:
  356                 wreq->wi_val[0] = htole16(1);   /* TODO: open system only */
  357                 wreq->wi_len = 1;
  358                 break;
  359         case WI_RID_ENCRYPTION:
  360                 wreq->wi_val[0] =
  361                     htole16((ic->ic_flags & IEEE80211_F_PRIVACY) ? 1 : 0);
  362                 wreq->wi_len = 1;
  363                 break;
  364         case WI_RID_TX_CRYPT_KEY:
  365                 wreq->wi_val[0] = htole16(ic->ic_def_txkey);
  366                 wreq->wi_len = 1;
  367                 break;
  368         case WI_RID_DEFLT_CRYPT_KEYS:
  369                 keys = (struct wi_ltv_keys *)wreq;
  370                 /* do not show keys to non-root user */
  371                 error = kauth_authorize_network(curlwp->l_cred,
  372                     KAUTH_NETWORK_INTERFACE,
  373                     KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp,
  374                     NULL, NULL);
  375                 if (error) {
  376                         memset(keys, 0, sizeof(*keys));
  377                         error = 0;
  378                         break;
  379                 }
  380                 for (i = 0; i < IEEE80211_WEP_NKID; i++) {
  381                         keys->wi_keys[i].wi_keylen =
  382                             htole16(ic->ic_nw_keys[i].wk_keylen);
  383                         memcpy(keys->wi_keys[i].wi_keydat,
  384                             ic->ic_nw_keys[i].wk_key,
  385                             ic->ic_nw_keys[i].wk_keylen);
  386                 }
  387                 wreq->wi_len = sizeof(*keys) / 2;
  388                 break;
  389         case WI_RID_MAX_DATALEN:
  390                 wreq->wi_val[0] = htole16(ic->ic_fragthreshold);
  391                 wreq->wi_len = 1;
  392                 break;
  393         case WI_RID_DBM_ADJUST:
  394                 /* not supported, we just pass rssi value from driver. */
  395                 break;
  396         case WI_RID_IFACE_STATS:
  397                 /* XXX: should be implemented in lower drivers */
  398                 break;
  399         case WI_RID_READ_APS:
  400                 /*
  401                  * Don't return results until active scan completes.
  402                  */
  403                 if ((ic->ic_flags & (IEEE80211_F_SCAN|IEEE80211_F_ASCAN)) == 0) {
  404                         struct wi_read_ap_args args;
  405 
  406                         args.i = 0;
  407                         args.ap = (void *)((char *)wreq->wi_val + sizeof(i));
  408                         args.max = (void *)(wreq + 1);
  409                         ieee80211_iterate_nodes(&ic->ic_scan,
  410                                 wi_read_ap_result, &args);
  411                         memcpy(wreq->wi_val, &args.i, sizeof(args.i));
  412                         wreq->wi_len = (sizeof(int) +
  413                                 sizeof(struct wi_apinfo) * args.i) / 2;
  414                 } else
  415                         error = EINPROGRESS;
  416                 break;
  417 #if 0
  418         case WI_RID_SCAN_RES:                   /* compatibility interface */
  419                 if ((ic->ic_flags & (IEEE80211_F_SCAN|IEEE80211_F_ASCAN)) == 0) {
  420                         struct wi_read_prism2_args args;
  421                         struct wi_scan_p2_hdr *p2;
  422 
  423                         /* NB: use Prism2 format so we can include rate info */
  424                         p2 = (struct wi_scan_p2_hdr *)wreq->wi_val;
  425                         args.i = 0;
  426                         args.res = (void *)&p2[1];
  427                         args.max = (void *)(wreq + 1);
  428                         ieee80211_iterate_nodes(&ic->ic_scan,
  429                                 wi_read_prism2_result, &args);
  430                         p2->wi_rsvd = 0;
  431                         p2->wi_reason = args.i;
  432                         wreq->wi_len = (sizeof(*p2) +
  433                                 sizeof(struct wi_scan_res) * args.i) / 2;
  434                 } else
  435                         error = EINPROGRESS;
  436                 break;
  437         case WI_RID_READ_CACHE: {
  438                 struct wi_read_sigcache_args args;
  439                 args.i = 0;
  440                 args.wsc = (struct wi_sigcache *) wreq->wi_val;
  441                 args.max = (void *)(wreq + 1);
  442                 ieee80211_iterate_nodes(&ic->ic_scan, wi_read_sigcache, &args);
  443                 wreq->wi_len = sizeof(struct wi_sigcache) * args.i / 2;
  444                 break;
  445         }
  446 #endif
  447         default:
  448                 error = EINVAL;
  449                 break;
  450         }
  451         if (error == 0) {
  452                 wreq->wi_len++;
  453                 error = copyout(wreq, ifr->ifr_data, sizeof(*wreq));
  454         }
  455 out:
  456         free(wreq, M_TEMP);
  457         return error;
  458 }
  459 
  460 static int
  461 findrate(struct ieee80211com *ic, enum ieee80211_phymode mode, int rate)
  462 {
  463 #define IEEERATE(_ic,_m,_i) \
  464         ((_ic)->ic_sup_rates[_m].rs_rates[_i] & IEEE80211_RATE_VAL)
  465         int i, nrates = ic->ic_sup_rates[mode].rs_nrates;
  466         for (i = 0; i < nrates; i++)
  467                 if (IEEERATE(ic, mode, i) == rate)
  468                         return i;
  469         return -1;
  470 #undef IEEERATE
  471 }
  472 
  473 /*
  474  * Prepare to do a user-initiated scan for AP's.  If no
  475  * current/default channel is setup or the current channel
  476  * is invalid then pick the first available channel from
  477  * the active list as the place to start the scan.
  478  */
  479 static int
  480 ieee80211_setupscan(struct ieee80211com *ic, const u_int8_t chanlist[])
  481 {
  482 
  483         /*
  484          * XXX don't permit a scan to be started unless we
  485          * know the device is ready.  For the moment this means
  486          * the device is marked up as this is the required to
  487          * initialize the hardware.  It would be better to permit
  488          * scanning prior to being up but that'll require some
  489          * changes to the infrastructure.
  490          */
  491         if (!IS_UP(ic))
  492                 return EINVAL;
  493         memcpy(ic->ic_chan_active, chanlist, sizeof(ic->ic_chan_active));
  494         /*
  495          * We force the state to INIT before calling ieee80211_new_state
  496          * to get ieee80211_begin_scan called.  We really want to scan w/o
  497          * altering the current state but that's not possible right now.
  498          */
  499         /* XXX handle proberequest case */
  500         ic->ic_state = IEEE80211_S_INIT;        /* XXX bypass state machine */
  501         return 0;
  502 }
  503 
  504 int
  505 ieee80211_cfgset(struct ieee80211com *ic, u_long cmd, void *data)
  506 {
  507         struct ifnet *ifp = ic->ic_ifp;
  508         int i, j, len, error, rate;
  509         struct ifreq *ifr = (struct ifreq *)data;
  510         struct wi_ltv_keys *keys;
  511         struct wi_req *wreq;
  512         u_int8_t chanlist[IEEE80211_CHAN_BYTES];
  513 
  514         wreq = malloc(sizeof(*wreq), M_TEMP, M_WAITOK);
  515         error = copyin(ifr->ifr_data, wreq, sizeof(*wreq));
  516         if (error)
  517                 goto out;
  518         len = wreq->wi_len ? (wreq->wi_len - 1) * 2 : 0;
  519         switch (wreq->wi_type) {
  520         case WI_RID_SERIALNO:
  521         case WI_RID_NODENAME:
  522         case WI_RID_CURRENT_SSID:
  523                 error = EPERM;
  524                 goto out;
  525         case WI_RID_OWN_SSID:
  526         case WI_RID_DESIRED_SSID:
  527                 if (le16toh(wreq->wi_val[0]) * 2 > len ||
  528                     le16toh(wreq->wi_val[0]) > IEEE80211_NWID_LEN) {
  529                         error = ENOSPC;
  530                         break;
  531                 }
  532                 memset(ic->ic_des_essid, 0, sizeof(ic->ic_des_essid));
  533                 ic->ic_des_esslen = le16toh(wreq->wi_val[0]) * 2;
  534                 memcpy(ic->ic_des_essid, &wreq->wi_val[1], ic->ic_des_esslen);
  535                 error = ENETRESET;
  536                 break;
  537         case WI_RID_CURRENT_BSSID:
  538                 error = EPERM;
  539                 goto out;
  540         case WI_RID_OWN_CHNL:
  541                 if (len != 2)
  542                         goto invalid;
  543                 i = le16toh(wreq->wi_val[0]);
  544                 if (i < 0 ||
  545                     i > IEEE80211_CHAN_MAX ||
  546                     isclr(ic->ic_chan_active, i))
  547                         goto invalid;
  548                 ic->ic_ibss_chan = &ic->ic_channels[i];
  549                 if (ic->ic_opmode == IEEE80211_M_MONITOR)
  550                         error = IS_UP(ic) ? ic->ic_reset(ic->ic_ifp) : 0;
  551                 else
  552                         error = ENETRESET;
  553                 break;
  554         case WI_RID_CURRENT_CHAN:
  555         case WI_RID_COMMS_QUALITY:
  556                 error = EPERM;
  557                 goto out;
  558         case WI_RID_PROMISC:
  559                 if (len != 2)
  560                         goto invalid;
  561                 if (ifp->if_flags & IFF_PROMISC) {
  562                         if (wreq->wi_val[0] == 0) {
  563                                 ifp->if_flags &= ~IFF_PROMISC;
  564                                 error = ENETRESET;
  565                         }
  566                 } else {
  567                         if (wreq->wi_val[0] != 0) {
  568                                 ifp->if_flags |= IFF_PROMISC;
  569                                 error = ENETRESET;
  570                         }
  571                 }
  572                 break;
  573         case WI_RID_PORTTYPE:
  574                 if (len != 2)
  575                         goto invalid;
  576                 switch (le16toh(wreq->wi_val[0])) {
  577                 case IEEE80211_M_STA:
  578                         break;
  579                 case IEEE80211_M_IBSS:
  580                         if (!(ic->ic_caps & IEEE80211_C_IBSS))
  581                                 goto invalid;
  582                         break;
  583                 case IEEE80211_M_AHDEMO:
  584                         if (ic->ic_phytype != IEEE80211_T_DS ||
  585                             !(ic->ic_caps & IEEE80211_C_AHDEMO))
  586                                 goto invalid;
  587                         break;
  588                 case IEEE80211_M_HOSTAP:
  589                         if (!(ic->ic_caps & IEEE80211_C_HOSTAP))
  590                                 goto invalid;
  591                         break;
  592                 default:
  593                         goto invalid;
  594                 }
  595                 if (le16toh(wreq->wi_val[0]) != ic->ic_opmode) {
  596                         ic->ic_opmode = le16toh(wreq->wi_val[0]);
  597                         error = IS_UP(ic) ? ic->ic_reset(ic->ic_ifp) : 0;
  598                 }
  599                 break;
  600 #if 0
  601         case WI_RID_MAC_NODE:
  602                 if (len != IEEE80211_ADDR_LEN)
  603                         goto invalid;
  604                 IEEE80211_ADDR_COPY(LLADDR(ifp->if_sadl), wreq->wi_val);
  605                 /* if_init will copy lladdr into ic_myaddr */
  606                 error = ENETRESET;
  607                 break;
  608 #endif
  609         case WI_RID_TX_RATE:
  610                 if (len != 2)
  611                         goto invalid;
  612                 if (wreq->wi_val[0] == 0) {
  613                         /* auto */
  614                         ic->ic_fixed_rate = IEEE80211_FIXED_RATE_NONE;
  615                         break;
  616                 }
  617                 rate = 2 * le16toh(wreq->wi_val[0]);
  618                 if (ic->ic_curmode == IEEE80211_MODE_AUTO) {
  619                         /*
  620                          * In autoselect mode search for the rate.  We take
  621                          * the first instance which may not be right, but we
  622                          * are limited by the interface.  Note that we also
  623                          * lock the mode to insure the rate is meaningful
  624                          * when it is used.
  625                          */
  626                         for (j = IEEE80211_MODE_11A;
  627                              j < IEEE80211_MODE_MAX; j++) {
  628                                 if ((ic->ic_modecaps & (1<<j)) == 0)
  629                                         continue;
  630                                 i = findrate(ic, j, rate);
  631                                 if (i != -1) {
  632                                         /* lock mode too */
  633                                         ic->ic_curmode = j;
  634                                         goto setrate;
  635                                 }
  636                         }
  637                 } else {
  638                         i = findrate(ic, ic->ic_curmode, rate);
  639                         if (i != -1)
  640                                 goto setrate;
  641                 }
  642                 goto invalid;
  643         setrate:
  644                 ic->ic_fixed_rate = i;
  645                 error = IS_UP(ic) ? ic->ic_reset(ic->ic_ifp) : 0;
  646                 break;
  647         case WI_RID_CUR_TX_RATE:
  648                 error = EPERM;
  649                 goto out;
  650         case WI_RID_FRAG_THRESH:
  651                 if (len != 2)
  652                         goto invalid;
  653                 ic->ic_fragthreshold = le16toh(wreq->wi_val[0]);
  654                 error = ENETRESET;
  655                 break;
  656         case WI_RID_RTS_THRESH:
  657                 if (len != 2)
  658                         goto invalid;
  659                 ic->ic_rtsthreshold = le16toh(wreq->wi_val[0]);
  660                 error = ENETRESET;
  661                 break;
  662         case WI_RID_CREATE_IBSS:
  663                 if (len != 2)
  664                         goto invalid;
  665                 if (wreq->wi_val[0] != 0) {
  666                         if ((ic->ic_caps & IEEE80211_C_IBSS) == 0)
  667                                 goto invalid;
  668                         if ((ic->ic_flags & IEEE80211_F_IBSSON) == 0) {
  669                                 ic->ic_flags |= IEEE80211_F_IBSSON;
  670                                 if (ic->ic_opmode == IEEE80211_M_IBSS &&
  671                                     ic->ic_state == IEEE80211_S_SCAN)
  672                                         error = IS_UP_AUTO(ic) ? ENETRESET : 0;
  673                         }
  674                 } else {
  675                         if (ic->ic_flags & IEEE80211_F_IBSSON) {
  676                                 ic->ic_flags &= ~IEEE80211_F_IBSSON;
  677                                 if (ic->ic_flags & IEEE80211_F_SIBSS) {
  678                                         ic->ic_flags &= ~IEEE80211_F_SIBSS;
  679                                         error = IS_UP_AUTO(ic) ? ENETRESET : 0;
  680                                 }
  681                         }
  682                 }
  683                 break;
  684         case WI_RID_MICROWAVE_OVEN:
  685                 if (len != 2)
  686                         goto invalid;
  687                 if (wreq->wi_val[0] != 0)
  688                         goto invalid;           /* not supported */
  689                 break;
  690         case WI_RID_ROAMING_MODE:
  691                 if (len != 2)
  692                         goto invalid;
  693                 i = le16toh(wreq->wi_val[0]);
  694                 if (i > IEEE80211_ROAMING_MANUAL)
  695                         goto invalid;           /* not supported */
  696                 ic->ic_roaming = i;
  697                 break;
  698         case WI_RID_SYSTEM_SCALE:
  699                 if (len != 2)
  700                         goto invalid;
  701                 if (le16toh(wreq->wi_val[0]) != 1)
  702                         goto invalid;           /* not supported */
  703                 break;
  704         case WI_RID_PM_ENABLED:
  705                 if (len != 2)
  706                         goto invalid;
  707                 if (wreq->wi_val[0] != 0) {
  708                         if ((ic->ic_caps & IEEE80211_C_PMGT) == 0)
  709                                 goto invalid;
  710                         if ((ic->ic_flags & IEEE80211_F_PMGTON) == 0) {
  711                                 ic->ic_flags |= IEEE80211_F_PMGTON;
  712                                 error = IS_UP(ic) ? ic->ic_reset(ic->ic_ifp) : 0;
  713                         }
  714                 } else {
  715                         if (ic->ic_flags & IEEE80211_F_PMGTON) {
  716                                 ic->ic_flags &= ~IEEE80211_F_PMGTON;
  717                                 error = IS_UP(ic) ? ic->ic_reset(ic->ic_ifp) : 0;
  718                         }
  719                 }
  720                 break;
  721         case WI_RID_MAX_SLEEP:
  722                 if (len != 2)
  723                         goto invalid;
  724                 ic->ic_lintval = le16toh(wreq->wi_val[0]);
  725                 if (ic->ic_flags & IEEE80211_F_PMGTON)
  726                         error = IS_UP(ic) ? ic->ic_reset(ic->ic_ifp) : 0;
  727                 break;
  728         case WI_RID_CUR_BEACON_INT:
  729         case WI_RID_WEP_AVAIL:
  730                 error = EPERM;
  731                 goto out;
  732         case WI_RID_CNFAUTHMODE:
  733                 if (len != 2)
  734                         goto invalid;
  735                 i = le16toh(wreq->wi_val[0]);
  736                 if (i > IEEE80211_AUTH_WPA)
  737                         goto invalid;
  738                 ic->ic_bss->ni_authmode = i;            /* XXX ENETRESET? */
  739                 error = ENETRESET;
  740                 break;
  741         case WI_RID_ENCRYPTION:
  742                 if (len != 2)
  743                         goto invalid;
  744                 if (wreq->wi_val[0] != 0) {
  745                         if ((ic->ic_caps & IEEE80211_C_WEP) == 0)
  746                                 goto invalid;
  747                         if ((ic->ic_flags & IEEE80211_F_PRIVACY) == 0) {
  748                                 ic->ic_flags |= IEEE80211_F_PRIVACY;
  749                                 error = ENETRESET;
  750                         }
  751                 } else {
  752                         if (ic->ic_flags & IEEE80211_F_PRIVACY) {
  753                                 ic->ic_flags &= ~IEEE80211_F_PRIVACY;
  754                                 error = ENETRESET;
  755                         }
  756                 }
  757                 break;
  758         case WI_RID_TX_CRYPT_KEY:
  759                 if (len != 2)
  760                         goto invalid;
  761                 i = le16toh(wreq->wi_val[0]);
  762                 if (i >= IEEE80211_WEP_NKID)
  763                         goto invalid;
  764                 ic->ic_def_txkey = i;
  765                 error = IS_UP(ic) ? ic->ic_reset(ic->ic_ifp) : 0;
  766                 break;
  767         case WI_RID_DEFLT_CRYPT_KEYS:
  768                 if (len != sizeof(struct wi_ltv_keys))
  769                         goto invalid;
  770                 keys = (struct wi_ltv_keys *)wreq;
  771                 for (i = 0; i < IEEE80211_WEP_NKID; i++) {
  772                         len = le16toh(keys->wi_keys[i].wi_keylen);
  773                         if (len != 0 && len < IEEE80211_WEP_KEYLEN)
  774                                 goto invalid;
  775                         if (len > IEEE80211_KEYBUF_SIZE)
  776                                 goto invalid;
  777                 }
  778                 for (i = 0; i < IEEE80211_WEP_NKID; i++) {
  779                         struct ieee80211_key *k = &ic->ic_nw_keys[i];
  780 
  781                         len = le16toh(keys->wi_keys[i].wi_keylen);
  782                         k->wk_keylen = len;
  783                         k->wk_flags = IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV;
  784                         memset(k->wk_key, 0, sizeof(k->wk_key));
  785                         memcpy(k->wk_key, keys->wi_keys[i].wi_keydat, len);
  786 #if 0
  787                         k->wk_type = IEEE80211_CIPHER_WEP;
  788 #endif
  789                 }
  790                 error = ENETRESET;
  791                 break;
  792         case WI_RID_MAX_DATALEN:
  793                 if (len != 2)
  794                         goto invalid;
  795                 len = le16toh(wreq->wi_val[0]);
  796                 if (len < 350 /* ? */ || len > IEEE80211_MAX_LEN)
  797                         goto invalid;
  798                 ic->ic_fragthreshold = len;
  799                 error = IS_UP(ic) ? ic->ic_reset(ic->ic_ifp) : 0;
  800                 break;
  801         case WI_RID_IFACE_STATS:
  802                 error = EPERM;
  803                 break;
  804         case WI_RID_SCAN_REQ:                   /* XXX wicontrol */
  805                 if (ic->ic_opmode == IEEE80211_M_HOSTAP)
  806                         break;
  807                 error = ieee80211_setupscan(ic, ic->ic_chan_avail);
  808                 if (error == 0)
  809                         error = ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
  810                 break;
  811         case WI_RID_SCAN_APS:
  812                 if (ic->ic_opmode == IEEE80211_M_HOSTAP)
  813                         break;
  814                 len--;                  /* XXX: tx rate? */
  815                 /* FALLTHRU */
  816         case WI_RID_CHANNEL_LIST:
  817                 memset(chanlist, 0, sizeof(chanlist));
  818                 /*
  819                  * Since channel 0 is not available for DS, channel 1
  820                  * is assigned to LSB on WaveLAN.
  821                  */
  822                 if (ic->ic_phytype == IEEE80211_T_DS)
  823                         i = 1;
  824                 else
  825                         i = 0;
  826                 for (j = 0; i <= IEEE80211_CHAN_MAX; i++, j++) {
  827                         if ((j / 8) >= len)
  828                                 break;
  829                         if (isclr((u_int8_t *)wreq->wi_val, j))
  830                                 continue;
  831                         if (isclr(ic->ic_chan_active, i)) {
  832                                 if (wreq->wi_type != WI_RID_CHANNEL_LIST)
  833                                         continue;
  834                                 if (isclr(ic->ic_chan_avail, i)) {
  835                                         error = EPERM;
  836                                         goto out;
  837                                 }
  838                         }
  839                         setbit(chanlist, i);
  840                 }
  841                 error = ieee80211_setupscan(ic, chanlist);
  842                 if (wreq->wi_type == WI_RID_CHANNEL_LIST) {
  843                         /* NB: ignore error from ieee80211_setupscan */
  844                         error = ENETRESET;
  845                 } else if (error == 0)
  846                         error = ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
  847                 break;
  848         default:
  849                 goto invalid;
  850         }
  851         if (error == ENETRESET && !IS_UP_AUTO(ic))
  852                 error = 0;
  853 out:
  854         free(wreq, M_TEMP);
  855         return error;
  856 invalid:
  857         free(wreq, M_TEMP);
  858         return EINVAL;
  859 }
  860 
  861 static int
  862 cap2cipher(int flag)
  863 {
  864         switch (flag) {
  865         case IEEE80211_C_WEP:           return IEEE80211_CIPHER_WEP;
  866         case IEEE80211_C_AES:           return IEEE80211_CIPHER_AES_OCB;
  867         case IEEE80211_C_AES_CCM:       return IEEE80211_CIPHER_AES_CCM;
  868         case IEEE80211_C_CKIP:          return IEEE80211_CIPHER_CKIP;
  869         case IEEE80211_C_TKIP:          return IEEE80211_CIPHER_TKIP;
  870         }
  871         return -1;
  872 }
  873 
  874 static int
  875 ieee80211_ioctl_getkey(struct ieee80211com *ic, struct ieee80211req *ireq)
  876 {
  877         struct ieee80211_node *ni;
  878         struct ieee80211req_key ik;
  879         struct ieee80211_key *wk;
  880         const struct ieee80211_cipher *cip;
  881         u_int kid;
  882         int error;
  883 
  884         if (ireq->i_len != sizeof(ik))
  885                 return EINVAL;
  886         error = copyin(ireq->i_data, &ik, sizeof(ik));
  887         if (error)
  888                 return error;
  889         kid = ik.ik_keyix;
  890         if (kid == IEEE80211_KEYIX_NONE) {
  891                 ni = ieee80211_find_node(&ic->ic_sta, ik.ik_macaddr);
  892                 if (ni == NULL)
  893                         return EINVAL;          /* XXX */
  894                 wk = &ni->ni_ucastkey;
  895         } else {
  896                 if (kid >= IEEE80211_WEP_NKID)
  897                         return EINVAL;
  898                 wk = &ic->ic_nw_keys[kid];
  899                 IEEE80211_ADDR_COPY(&ik.ik_macaddr, ic->ic_bss->ni_macaddr);
  900                 ni = NULL;
  901         }
  902         cip = wk->wk_cipher;
  903         ik.ik_type = cip->ic_cipher;
  904         ik.ik_keylen = wk->wk_keylen;
  905         ik.ik_flags = wk->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV);
  906         if (wk->wk_keyix == ic->ic_def_txkey)
  907                 ik.ik_flags |= IEEE80211_KEY_DEFAULT;
  908         if (kauth_authorize_network(curlwp->l_cred, KAUTH_NETWORK_INTERFACE,
  909             KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ic->ic_ifp, NULL, NULL) == 0) {
  910                 /* NB: only root can read key data */
  911                 ik.ik_keyrsc = wk->wk_keyrsc;
  912                 ik.ik_keytsc = wk->wk_keytsc;
  913                 memcpy(ik.ik_keydata, wk->wk_key, wk->wk_keylen);
  914                 if (cip->ic_cipher == IEEE80211_CIPHER_TKIP) {
  915                         memcpy(ik.ik_keydata+wk->wk_keylen,
  916                                 wk->wk_key + IEEE80211_KEYBUF_SIZE,
  917                                 IEEE80211_MICBUF_SIZE);
  918                         ik.ik_keylen += IEEE80211_MICBUF_SIZE;
  919                 }
  920         } else {
  921                 ik.ik_keyrsc = 0;
  922                 ik.ik_keytsc = 0;
  923                 memset(ik.ik_keydata, 0, sizeof(ik.ik_keydata));
  924         }
  925         if (ni != NULL)
  926                 ieee80211_free_node(ni);
  927         return copyout(&ik, ireq->i_data, sizeof(ik));
  928 }
  929 
  930 static int
  931 ieee80211_ioctl_getchanlist(struct ieee80211com *ic, struct ieee80211req *ireq)
  932 {
  933         size_t len = ireq->i_len;
  934 
  935         if (sizeof(ic->ic_chan_active) < len) {
  936                 len = sizeof(ic->ic_chan_active);
  937         }
  938         return copyout(&ic->ic_chan_active, ireq->i_data, len);
  939 }
  940 
  941 static int
  942 ieee80211_ioctl_getchaninfo(struct ieee80211com *ic, struct ieee80211req *ireq)
  943 {
  944         struct ieee80211req_chaninfo *chans;
  945         int i, space, error;
  946 
  947         /*
  948          * Since channel 0 is not available for DS, channel 1
  949          * is assigned to LSB on WaveLAN.
  950          */
  951         if (ic->ic_phytype == IEEE80211_T_DS)
  952                 i = 1;
  953         else
  954                 i = 0;
  955 
  956         chans = malloc(sizeof(*chans), M_TEMP, M_WAITOK|M_ZERO);
  957 
  958         for (; i <= IEEE80211_CHAN_MAX; i++)
  959                 if (isset(ic->ic_chan_avail, i)) {
  960                         struct ieee80211_channel *c = &ic->ic_channels[i];
  961                         chans->ic_chans[chans->ic_nchans].ic_freq = c->ic_freq;
  962                         chans->ic_chans[chans->ic_nchans].ic_flags = c->ic_flags;
  963                         chans->ic_nchans++;
  964                 }
  965         space = __offsetof(struct ieee80211req_chaninfo,
  966             ic_chans[chans->ic_nchans]);
  967         if (space > ireq->i_len)
  968                 space = ireq->i_len;
  969         error = copyout(chans, ireq->i_data, space);
  970         free(chans, M_TEMP);
  971         return error;
  972 }
  973 
  974 static int
  975 ieee80211_ioctl_getwpaie(struct ieee80211com *ic, struct ieee80211req *ireq)
  976 {
  977         struct ieee80211_node *ni;
  978         struct ieee80211req_wpaie wpaie;
  979         int error;
  980 
  981         if (ireq->i_len < IEEE80211_ADDR_LEN)
  982                 return EINVAL;
  983         error = copyin(ireq->i_data, wpaie.wpa_macaddr, IEEE80211_ADDR_LEN);
  984         if (error != 0)
  985                 return error;
  986         ni = ieee80211_find_node(&ic->ic_sta, wpaie.wpa_macaddr);
  987         if (ni == NULL)
  988                 return EINVAL;          /* XXX */
  989         memset(wpaie.wpa_ie, 0, sizeof(wpaie.wpa_ie));
  990         if (ni->ni_wpa_ie != NULL) {
  991                 int ielen = ni->ni_wpa_ie[1] + 2;
  992                 if (ielen > sizeof(wpaie.wpa_ie))
  993                         ielen = sizeof(wpaie.wpa_ie);
  994                 memcpy(wpaie.wpa_ie, ni->ni_wpa_ie, ielen);
  995         }
  996         ieee80211_free_node(ni);
  997         if (ireq->i_len > sizeof(wpaie))
  998                 ireq->i_len = sizeof(wpaie);
  999         return copyout(&wpaie, ireq->i_data, ireq->i_len);
 1000 }
 1001 
 1002 static int
 1003 ieee80211_ioctl_getstastats(struct ieee80211com *ic, struct ieee80211req *ireq)
 1004 {
 1005         struct ieee80211_node *ni;
 1006         u_int8_t macaddr[IEEE80211_ADDR_LEN];
 1007         const int off = __offsetof(struct ieee80211req_sta_stats, is_stats);
 1008         int error;
 1009 
 1010         if (ireq->i_len < off)
 1011                 return EINVAL;
 1012         error = copyin(ireq->i_data, macaddr, IEEE80211_ADDR_LEN);
 1013         if (error != 0)
 1014                 return error;
 1015         ni = ieee80211_find_node(&ic->ic_sta, macaddr);
 1016         if (ni == NULL)
 1017                 return EINVAL;          /* XXX */
 1018         if (ireq->i_len > sizeof(struct ieee80211req_sta_stats))
 1019                 ireq->i_len = sizeof(struct ieee80211req_sta_stats);
 1020         /* NB: copy out only the statistics */
 1021         error = copyout(&ni->ni_stats, (u_int8_t *) ireq->i_data + off,
 1022                         ireq->i_len - off);
 1023         ieee80211_free_node(ni);
 1024         return error;
 1025 }
 1026 
 1027 static void
 1028 get_scan_result(struct ieee80211req_scan_result *sr,
 1029         const struct ieee80211_node *ni)
 1030 {
 1031         struct ieee80211com *ic = ni->ni_ic;
 1032         u_int ielen = 0;
 1033 
 1034         memset(sr, 0, sizeof(*sr));
 1035         sr->isr_ssid_len = ni->ni_esslen;
 1036         if (ni->ni_wpa_ie != NULL)
 1037                 ielen += 2+ni->ni_wpa_ie[1];
 1038         if (ni->ni_wme_ie != NULL)
 1039                 ielen += 2+ni->ni_wme_ie[1];
 1040 
 1041         /*
 1042          * The value sr->isr_ie_len is defined as a uint8_t, so we
 1043          * need to be careful to avoid an integer overflow.  If the
 1044          * value would overflow, we will set isr_ie_len to zero, and
 1045          * ieee80211_ioctl_getscanresults (below) will avoid copying
 1046          * the (overflowing) data.
 1047          */
 1048         if (ielen > 255)
 1049                 ielen = 0;
 1050         sr->isr_ie_len = ielen;
 1051         sr->isr_len = sizeof(*sr) + sr->isr_ssid_len + sr->isr_ie_len;
 1052         sr->isr_len = roundup(sr->isr_len, sizeof(u_int32_t));
 1053         if (ni->ni_chan != IEEE80211_CHAN_ANYC) {
 1054                 sr->isr_freq = ni->ni_chan->ic_freq;
 1055                 sr->isr_flags = ni->ni_chan->ic_flags;
 1056         }
 1057         sr->isr_rssi = ic->ic_node_getrssi(ni);
 1058         sr->isr_intval = ni->ni_intval;
 1059         sr->isr_capinfo = ni->ni_capinfo;
 1060         sr->isr_erp = ni->ni_erp;
 1061         IEEE80211_ADDR_COPY(sr->isr_bssid, ni->ni_bssid);
 1062         sr->isr_nrates = ni->ni_rates.rs_nrates;
 1063         if (sr->isr_nrates > 15)
 1064                 sr->isr_nrates = 15;
 1065         memcpy(sr->isr_rates, ni->ni_rates.rs_rates, sr->isr_nrates);
 1066 }
 1067 
 1068 static int
 1069 ieee80211_ioctl_getscanresults(struct ieee80211com *ic, struct ieee80211req *ireq)
 1070 {
 1071         union {
 1072                 struct ieee80211req_scan_result res;
 1073                 char data[sizeof(struct ieee80211req_scan_result) + IEEE80211_NWID_LEN + 256 * 2];
 1074         } u;
 1075         struct ieee80211req_scan_result *sr = &u.res;
 1076         struct ieee80211_node_table *nt;
 1077         struct ieee80211_node *ni;
 1078         int error, space;
 1079         u_int8_t *p, *cp;
 1080 
 1081         p = ireq->i_data;
 1082         space = ireq->i_len;
 1083         error = 0;
 1084         /* XXX locking */
 1085         nt =  &ic->ic_scan;
 1086         TAILQ_FOREACH(ni, &nt->nt_node, ni_list) {
 1087                 /* NB: skip pre-scan node state */ 
 1088                 if (ni->ni_chan == IEEE80211_CHAN_ANYC)
 1089                         continue;
 1090                 get_scan_result(sr, ni);
 1091                 if (sr->isr_len > sizeof(u))
 1092                         continue;               /* XXX */
 1093                 if (space < sr->isr_len)
 1094                         break;
 1095                 cp = (u_int8_t *)(sr+1);
 1096                 memcpy(cp, ni->ni_essid, ni->ni_esslen);
 1097                 cp += ni->ni_esslen;
 1098                 if (sr->isr_ie_len > 0 && ni->ni_wpa_ie != NULL) {
 1099                         memcpy(cp, ni->ni_wpa_ie, 2+ni->ni_wpa_ie[1]);
 1100                         cp += 2+ni->ni_wpa_ie[1];
 1101                 }
 1102                 if (sr->isr_ie_len > 0 && ni->ni_wme_ie != NULL) {
 1103                         memcpy(cp, ni->ni_wme_ie, 2+ni->ni_wme_ie[1]);
 1104                         cp += 2+ni->ni_wme_ie[1];
 1105                 }
 1106                 error = copyout(sr, p, sr->isr_len);
 1107                 if (error)
 1108                         break;
 1109                 p += sr->isr_len;
 1110                 space -= sr->isr_len;
 1111         }
 1112         ireq->i_len -= space;
 1113         return error;
 1114 }
 1115 
 1116 struct stainforeq {
 1117         struct ieee80211com *ic;
 1118         struct ieee80211req_sta_info *si;
 1119         size_t  space;
 1120 };
 1121 
 1122 static size_t
 1123 sta_space(const struct ieee80211_node *ni, size_t *ielen)
 1124 {
 1125         *ielen = 0;
 1126         if (ni->ni_wpa_ie != NULL)
 1127                 *ielen += 2+ni->ni_wpa_ie[1];
 1128         if (ni->ni_wme_ie != NULL)
 1129                 *ielen += 2+ni->ni_wme_ie[1];
 1130         return roundup(sizeof(struct ieee80211req_sta_info) + *ielen,
 1131                       sizeof(u_int32_t));
 1132 }
 1133 
 1134 static void
 1135 get_sta_space(void *arg, struct ieee80211_node *ni)
 1136 {
 1137         struct stainforeq *req = arg;
 1138         struct ieee80211com *ic = ni->ni_ic;
 1139         size_t ielen;
 1140 
 1141         if (ic->ic_opmode == IEEE80211_M_HOSTAP &&
 1142             ni->ni_associd == 0)        /* only associated stations */
 1143                 return;
 1144         req->space += sta_space(ni, &ielen);
 1145 }
 1146 
 1147 static void
 1148 get_sta_info(void *arg, struct ieee80211_node *ni)
 1149 {
 1150         struct stainforeq *req = arg;
 1151         struct ieee80211com *ic = ni->ni_ic;
 1152         struct ieee80211req_sta_info *si;
 1153         size_t ielen, len;
 1154         u_int8_t *cp;
 1155 
 1156         if (ic->ic_opmode == IEEE80211_M_HOSTAP &&
 1157             ni->ni_associd == 0)        /* only associated stations */
 1158                 return;
 1159         if (ni->ni_chan == IEEE80211_CHAN_ANYC) /* XXX bogus entry */
 1160                 return;
 1161         len = sta_space(ni, &ielen);
 1162         if (len > req->space)
 1163                 return;
 1164         si = req->si;
 1165         si->isi_len = len;
 1166         si->isi_ie_len = ielen;
 1167         si->isi_freq = ni->ni_chan->ic_freq;
 1168         si->isi_flags = ni->ni_chan->ic_flags;
 1169         si->isi_state = ni->ni_flags;
 1170         si->isi_authmode = ni->ni_authmode;
 1171         si->isi_rssi = ic->ic_node_getrssi(ni);
 1172         si->isi_capinfo = ni->ni_capinfo;
 1173         si->isi_erp = ni->ni_erp;
 1174         IEEE80211_ADDR_COPY(si->isi_macaddr, ni->ni_macaddr);
 1175         si->isi_nrates = ni->ni_rates.rs_nrates;
 1176         if (si->isi_nrates > 15)
 1177                 si->isi_nrates = 15;
 1178         memcpy(si->isi_rates, ni->ni_rates.rs_rates, si->isi_nrates);
 1179         si->isi_txrate = ni->ni_txrate;
 1180         si->isi_associd = ni->ni_associd;
 1181         si->isi_txpower = ni->ni_txpower;
 1182         si->isi_vlan = ni->ni_vlan;
 1183         if (ni->ni_flags & IEEE80211_NODE_QOS) {
 1184                 memcpy(si->isi_txseqs, ni->ni_txseqs, sizeof(ni->ni_txseqs));
 1185                 memcpy(si->isi_rxseqs, ni->ni_rxseqs, sizeof(ni->ni_rxseqs));
 1186         } else {
 1187                 si->isi_txseqs[0] = ni->ni_txseqs[0];
 1188                 si->isi_rxseqs[0] = ni->ni_rxseqs[0];
 1189         }
 1190         /* NB: leave all cases in case we relax ni_associd == 0 check */
 1191         if (ieee80211_node_is_authorized(ni))
 1192                 si->isi_inact = ic->ic_inact_run;
 1193         else if (ni->ni_associd != 0)
 1194                 si->isi_inact = ic->ic_inact_auth;
 1195         else
 1196                 si->isi_inact = ic->ic_inact_init;
 1197         si->isi_inact = (si->isi_inact - ni->ni_inact) * IEEE80211_INACT_WAIT;
 1198 
 1199         cp = (u_int8_t *)(si+1);
 1200         if (ni->ni_wpa_ie != NULL) {
 1201                 memcpy(cp, ni->ni_wpa_ie, 2+ni->ni_wpa_ie[1]);
 1202                 cp += 2+ni->ni_wpa_ie[1];
 1203         }
 1204         if (ni->ni_wme_ie != NULL) {
 1205                 memcpy(cp, ni->ni_wme_ie, 2+ni->ni_wme_ie[1]);
 1206                 cp += 2+ni->ni_wme_ie[1];
 1207         }
 1208 
 1209         req->si = (struct ieee80211req_sta_info *)(((u_int8_t *)si) + len);
 1210         req->space -= len;
 1211 }
 1212 
 1213 static int
 1214 ieee80211_ioctl_getstainfo(struct ieee80211com *ic, struct ieee80211req *ireq)
 1215 {
 1216         struct stainforeq req;
 1217         int error;
 1218 
 1219         if (ireq->i_len < sizeof(struct stainforeq))
 1220                 return EFAULT;
 1221 
 1222         error = 0;
 1223         req.space = 0;
 1224         ieee80211_iterate_nodes(&ic->ic_sta, get_sta_space, &req);
 1225         if (req.space > ireq->i_len)
 1226                 req.space = ireq->i_len;
 1227         if (req.space > 0) {
 1228                 size_t space;
 1229                 void *p;
 1230 
 1231                 space = req.space;
 1232                 /* XXX M_WAITOK after driver lock released */
 1233                 p = malloc(space, M_TEMP, M_NOWAIT);
 1234                 if (p == NULL)
 1235                         return ENOMEM;
 1236                 req.si = p;
 1237                 ieee80211_iterate_nodes(&ic->ic_sta, get_sta_info, &req);
 1238                 ireq->i_len = space - req.space;
 1239                 error = copyout(p, ireq->i_data, ireq->i_len);
 1240                 free(p, M_TEMP);
 1241         } else
 1242                 ireq->i_len = 0;
 1243 
 1244         return error;
 1245 }
 1246 
 1247 static int
 1248 ieee80211_ioctl_getstatxpow(struct ieee80211com *ic, struct ieee80211req *ireq)
 1249 {
 1250         struct ieee80211_node *ni;
 1251         struct ieee80211req_sta_txpow txpow;
 1252         int error;
 1253 
 1254         if (ireq->i_len != sizeof(txpow))
 1255                 return EINVAL;
 1256         error = copyin(ireq->i_data, &txpow, sizeof(txpow));
 1257         if (error != 0)
 1258                 return error;
 1259         ni = ieee80211_find_node(&ic->ic_sta, txpow.it_macaddr);
 1260         if (ni == NULL)
 1261                 return EINVAL;          /* XXX */
 1262         txpow.it_txpow = ni->ni_txpower;
 1263         error = copyout(&txpow, ireq->i_data, sizeof(txpow));
 1264         ieee80211_free_node(ni);
 1265         return error;
 1266 }
 1267 
 1268 static int
 1269 ieee80211_ioctl_getwmeparam(struct ieee80211com *ic, struct ieee80211req *ireq)
 1270 {
 1271         struct ieee80211_wme_state *wme = &ic->ic_wme;
 1272         struct wmeParams *wmep;
 1273         int ac;
 1274 
 1275         if ((ic->ic_caps & IEEE80211_C_WME) == 0)
 1276                 return EINVAL;
 1277 
 1278         ac = (ireq->i_len & IEEE80211_WMEPARAM_VAL);
 1279         if (ac >= WME_NUM_AC)
 1280                 ac = WME_AC_BE;
 1281         if (ireq->i_len & IEEE80211_WMEPARAM_BSS)
 1282                 wmep = &wme->wme_wmeBssChanParams.cap_wmeParams[ac];
 1283         else
 1284                 wmep = &wme->wme_wmeChanParams.cap_wmeParams[ac];
 1285         switch (ireq->i_type) {
 1286         case IEEE80211_IOC_WME_CWMIN:           /* WME: CWmin */
 1287                 ireq->i_val = wmep->wmep_logcwmin;
 1288                 break;
 1289         case IEEE80211_IOC_WME_CWMAX:           /* WME: CWmax */
 1290                 ireq->i_val = wmep->wmep_logcwmax;
 1291                 break;
 1292         case IEEE80211_IOC_WME_AIFS:            /* WME: AIFS */
 1293                 ireq->i_val = wmep->wmep_aifsn;
 1294                 break;
 1295         case IEEE80211_IOC_WME_TXOPLIMIT:       /* WME: txops limit */
 1296                 ireq->i_val = wmep->wmep_txopLimit;
 1297                 break;
 1298         case IEEE80211_IOC_WME_ACM:             /* WME: ACM (bss only) */
 1299                 wmep = &wme->wme_wmeBssChanParams.cap_wmeParams[ac];
 1300                 ireq->i_val = wmep->wmep_acm;
 1301                 break;
 1302         case IEEE80211_IOC_WME_ACKPOLICY:       /* WME: ACK policy (!bss only)*/
 1303                 wmep = &wme->wme_wmeChanParams.cap_wmeParams[ac];
 1304                 ireq->i_val = !wmep->wmep_noackPolicy;
 1305                 break;
 1306         }
 1307         return 0;
 1308 }
 1309 
 1310 static int
 1311 ieee80211_ioctl_getmaccmd(struct ieee80211com *ic, struct ieee80211req *ireq)
 1312 {
 1313         const struct ieee80211_aclator *acl = ic->ic_acl;
 1314 
 1315         return (acl == NULL ? EINVAL : acl->iac_getioctl(ic, ireq));
 1316 }
 1317 
 1318 #if defined(COMPAT_FREEBSD_NET80211)
 1319 static int
 1320 ieee80211_ioctl_get80211_fbsd(struct ieee80211com *ic, u_long cmd,
 1321     struct ieee80211req *ireq)
 1322 {
 1323         u_int kid, len;
 1324         u_int8_t tmpkey[IEEE80211_KEYBUF_SIZE];
 1325         char tmpssid[IEEE80211_NWID_LEN];
 1326         struct ifnet *ifp = ic->ic_ifp;
 1327 
 1328         int error = 0;
 1329 
 1330         switch (ireq->i_type) {
 1331         case IEEE80211_IOC_SSID:
 1332                 switch (ic->ic_state) {
 1333                 case IEEE80211_S_INIT:
 1334                 case IEEE80211_S_SCAN:
 1335                         ireq->i_len = ic->ic_des_esslen;
 1336                         memcpy(tmpssid, ic->ic_des_essid, ireq->i_len);
 1337                         break;
 1338                 default:
 1339                         ireq->i_len = ic->ic_bss->ni_esslen;
 1340                         memcpy(tmpssid, ic->ic_bss->ni_essid,
 1341                                 ireq->i_len);
 1342                         break;
 1343                 }
 1344                 error = copyout(tmpssid, ireq->i_data, ireq->i_len);
 1345                 break;
 1346         case IEEE80211_IOC_NUMSSIDS:
 1347                 ireq->i_val = 1;
 1348                 break;
 1349         case IEEE80211_IOC_WEP:
 1350                 if ((ic->ic_flags & IEEE80211_F_PRIVACY) == 0)
 1351                         ireq->i_val = IEEE80211_WEP_OFF;
 1352                 else if (ic->ic_flags & IEEE80211_F_DROPUNENC)
 1353                         ireq->i_val = IEEE80211_WEP_ON;
 1354                 else
 1355                         ireq->i_val = IEEE80211_WEP_MIXED;
 1356                 break;
 1357         case IEEE80211_IOC_WEPKEY:
 1358                 kid = (u_int) ireq->i_val;
 1359                 if (kid >= IEEE80211_WEP_NKID)
 1360                         return EINVAL;
 1361                 len = (u_int) ic->ic_nw_keys[kid].wk_keylen;
 1362                 /* NB: only root can read WEP keys */
 1363                 if (kauth_authorize_network(curlwp->l_cred,
 1364                     KAUTH_NETWORK_INTERFACE,
 1365                     KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, NULL,
 1366                     NULL) == 0) {
 1367                         memcpy(tmpkey, ic->ic_nw_keys[kid].wk_key, len);
 1368                 } else {
 1369                         memset(tmpkey, 0, len);
 1370                 }
 1371                 ireq->i_len = len;
 1372                 error = copyout(tmpkey, ireq->i_data, len);
 1373                 break;
 1374         case IEEE80211_IOC_NUMWEPKEYS:
 1375                 ireq->i_val = IEEE80211_WEP_NKID;
 1376                 break;
 1377         case IEEE80211_IOC_WEPTXKEY:
 1378                 ireq->i_val = ic->ic_def_txkey;
 1379                 break;
 1380         case IEEE80211_IOC_CHANNEL:
 1381                 ireq->i_val = ieee80211_chan2ieee(ic, ic->ic_curchan);
 1382                 break;
 1383         case IEEE80211_IOC_POWERSAVE:
 1384                 if (ic->ic_flags & IEEE80211_F_PMGTON)
 1385                         ireq->i_val = IEEE80211_POWERSAVE_ON;
 1386                 else
 1387                         ireq->i_val = IEEE80211_POWERSAVE_OFF;
 1388                 break;
 1389         case IEEE80211_IOC_POWERSAVESLEEP:
 1390                 ireq->i_val = ic->ic_lintval;
 1391                 break;
 1392         case IEEE80211_IOC_BSSID:
 1393                 if (ireq->i_len != IEEE80211_ADDR_LEN)
 1394                         return EINVAL;
 1395                 error = copyout(ic->ic_state == IEEE80211_S_RUN ?
 1396                                         ic->ic_bss->ni_bssid :
 1397                                         ic->ic_des_bssid,
 1398                                 ireq->i_data, ireq->i_len);
 1399                 break;
 1400         default:
 1401                 error = EINVAL;
 1402                 break;
 1403         }
 1404         return error;
 1405 }
 1406 #endif /* COMPAT_FREEBSD_NET80211 */
 1407 
 1408 /*
 1409  * When building the kernel with -O2 on the i386 architecture, gcc
 1410  * seems to want to inline this function into ieee80211_ioctl()
 1411  * (which is the only routine that calls it). When this happens,
 1412  * ieee80211_ioctl() ends up consuming an additional 2K of stack
 1413  * space. (Exactly why it needs so much is unclear.) The problem
 1414  * is that it's possible for ieee80211_ioctl() to invoke other
 1415  * routines (including driver init functions) which could then find
 1416  * themselves perilously close to exhausting the stack.
 1417  *
 1418  * To avoid this, we deliberately prevent gcc from inlining this
 1419  * routine. Another way to avoid this is to use less agressive
 1420  * optimization when compiling this file (i.e. -O instead of -O2)
 1421  * but special-casing the compilation of this one module in the
 1422  * build system would be awkward.
 1423  */
 1424 #ifdef __GNUC__
 1425 __attribute__ ((__noinline__))
 1426 #endif
 1427 static int
 1428 ieee80211_ioctl_get80211(struct ieee80211com *ic, u_long cmd,
 1429     struct ieee80211req *ireq)
 1430 {
 1431         const struct ieee80211_rsnparms *rsn = &ic->ic_bss->ni_rsn;
 1432         int error = 0;
 1433         u_int m;
 1434 
 1435         switch (ireq->i_type) {
 1436         case IEEE80211_IOC_AUTHMODE:
 1437                 if (ic->ic_flags & IEEE80211_F_WPA)
 1438                         ireq->i_val = IEEE80211_AUTH_WPA;
 1439                 else
 1440                         ireq->i_val = ic->ic_bss->ni_authmode;
 1441                 break;
 1442         case IEEE80211_IOC_RTSTHRESHOLD:
 1443                 ireq->i_val = ic->ic_rtsthreshold;
 1444                 break;
 1445         case IEEE80211_IOC_PROTMODE:
 1446                 ireq->i_val = ic->ic_protmode;
 1447                 break;
 1448         case IEEE80211_IOC_TXPOWER:
 1449                 if ((ic->ic_caps & IEEE80211_C_TXPMGT) == 0)
 1450                         return EINVAL;
 1451                 ireq->i_val = ic->ic_txpowlimit;
 1452                 break;
 1453         case IEEE80211_IOC_MCASTCIPHER:
 1454                 ireq->i_val = rsn->rsn_mcastcipher;
 1455                 break;
 1456         case IEEE80211_IOC_MCASTKEYLEN:
 1457                 ireq->i_val = rsn->rsn_mcastkeylen;
 1458                 break;
 1459         case IEEE80211_IOC_UCASTCIPHERS:
 1460                 ireq->i_val = 0;
 1461                 for (m = 0x1; m != 0; m <<= 1)
 1462                         if (rsn->rsn_ucastcipherset & m)
 1463                                 ireq->i_val |= 1<<cap2cipher(m);
 1464                 break;
 1465         case IEEE80211_IOC_UCASTCIPHER:
 1466                 ireq->i_val = rsn->rsn_ucastcipher;
 1467                 break;
 1468         case IEEE80211_IOC_UCASTKEYLEN:
 1469                 ireq->i_val = rsn->rsn_ucastkeylen;
 1470                 break;
 1471         case IEEE80211_IOC_KEYMGTALGS:
 1472                 ireq->i_val = rsn->rsn_keymgmtset;
 1473                 break;
 1474         case IEEE80211_IOC_RSNCAPS:
 1475                 ireq->i_val = rsn->rsn_caps;
 1476                 break;
 1477         case IEEE80211_IOC_WPA:
 1478                 switch (ic->ic_flags & IEEE80211_F_WPA) {
 1479                 case IEEE80211_F_WPA1:
 1480                         ireq->i_val = 1;
 1481                         break;
 1482                 case IEEE80211_F_WPA2:
 1483                         ireq->i_val = 2;
 1484                         break;
 1485                 case IEEE80211_F_WPA1 | IEEE80211_F_WPA2:
 1486                         ireq->i_val = 3;
 1487                         break;
 1488                 default:
 1489                         ireq->i_val = 0;
 1490                         break;
 1491                 }
 1492                 break;
 1493         case IEEE80211_IOC_CHANLIST:
 1494                 error = ieee80211_ioctl_getchanlist(ic, ireq);
 1495                 break;
 1496         case IEEE80211_IOC_ROAMING:
 1497                 ireq->i_val = ic->ic_roaming;
 1498                 break;
 1499         case IEEE80211_IOC_PRIVACY:
 1500                 ireq->i_val = (ic->ic_flags & IEEE80211_F_PRIVACY) != 0;
 1501                 break;
 1502         case IEEE80211_IOC_DROPUNENCRYPTED:
 1503                 ireq->i_val = (ic->ic_flags & IEEE80211_F_DROPUNENC) != 0;
 1504                 break;
 1505         case IEEE80211_IOC_COUNTERMEASURES:
 1506                 ireq->i_val = (ic->ic_flags & IEEE80211_F_COUNTERM) != 0;
 1507                 break;
 1508         case IEEE80211_IOC_DRIVER_CAPS:
 1509                 ireq->i_val = ic->ic_caps>>16;
 1510                 ireq->i_len = ic->ic_caps&0xffff;
 1511                 break;
 1512         case IEEE80211_IOC_WME:
 1513                 ireq->i_val = (ic->ic_flags & IEEE80211_F_WME) != 0;
 1514                 break;
 1515         case IEEE80211_IOC_HIDESSID:
 1516                 ireq->i_val = (ic->ic_flags & IEEE80211_F_HIDESSID) != 0;
 1517                 break;
 1518         case IEEE80211_IOC_APBRIDGE:
 1519                 ireq->i_val = (ic->ic_flags & IEEE80211_F_NOBRIDGE) == 0;
 1520                 break;
 1521         case IEEE80211_IOC_OPTIE:
 1522                 if (ic->ic_opt_ie == NULL)
 1523                         return EINVAL;
 1524                 /* NB: truncate, caller can check length */
 1525                 if (ireq->i_len > ic->ic_opt_ie_len)
 1526                         ireq->i_len = ic->ic_opt_ie_len;
 1527                 error = copyout(ic->ic_opt_ie, ireq->i_data, ireq->i_len);
 1528                 break;
 1529         case IEEE80211_IOC_WPAKEY:
 1530                 error = ieee80211_ioctl_getkey(ic, ireq);
 1531                 break;
 1532         case IEEE80211_IOC_CHANINFO:
 1533                 error = ieee80211_ioctl_getchaninfo(ic, ireq);
 1534                 break;
 1535         case IEEE80211_IOC_WPAIE:
 1536                 error = ieee80211_ioctl_getwpaie(ic, ireq);
 1537                 break;
 1538         case IEEE80211_IOC_SCAN_RESULTS:
 1539                 error = ieee80211_ioctl_getscanresults(ic, ireq);
 1540                 break;
 1541         case IEEE80211_IOC_STA_STATS:
 1542                 error = ieee80211_ioctl_getstastats(ic, ireq);
 1543                 break;
 1544         case IEEE80211_IOC_TXPOWMAX:
 1545                 ireq->i_val = ic->ic_bss->ni_txpower;
 1546                 break;
 1547         case IEEE80211_IOC_STA_TXPOW:
 1548                 error = ieee80211_ioctl_getstatxpow(ic, ireq);
 1549                 break;
 1550         case IEEE80211_IOC_STA_INFO:
 1551                 error = ieee80211_ioctl_getstainfo(ic, ireq);
 1552                 break;
 1553         case IEEE80211_IOC_WME_CWMIN:           /* WME: CWmin */
 1554         case IEEE80211_IOC_WME_CWMAX:           /* WME: CWmax */
 1555         case IEEE80211_IOC_WME_AIFS:            /* WME: AIFS */
 1556         case IEEE80211_IOC_WME_TXOPLIMIT:       /* WME: txops limit */
 1557         case IEEE80211_IOC_WME_ACM:             /* WME: ACM (bss only) */
 1558         case IEEE80211_IOC_WME_ACKPOLICY:       /* WME: ACK policy (bss only) */
 1559                 error = ieee80211_ioctl_getwmeparam(ic, ireq);
 1560                 break;
 1561         case IEEE80211_IOC_DTIM_PERIOD:
 1562                 ireq->i_val = ic->ic_dtim_period;
 1563                 break;
 1564         case IEEE80211_IOC_BEACON_INTERVAL:
 1565                 /* NB: get from ic_bss for station mode */
 1566                 ireq->i_val = ic->ic_bss->ni_intval;
 1567                 break;
 1568         case IEEE80211_IOC_PUREG:
 1569                 ireq->i_val = (ic->ic_flags & IEEE80211_F_PUREG) != 0;
 1570                 break;
 1571         case IEEE80211_IOC_MCAST_RATE:
 1572                 ireq->i_val = ic->ic_mcast_rate;
 1573                 break;
 1574         case IEEE80211_IOC_FRAGTHRESHOLD:
 1575                 ireq->i_val = ic->ic_fragthreshold;
 1576                 break;
 1577         case IEEE80211_IOC_MACCMD:
 1578                 error = ieee80211_ioctl_getmaccmd(ic, ireq);
 1579                 break;
 1580         default:
 1581 #if defined(COMPAT_FREEBSD_NET80211)
 1582                 error = ieee80211_ioctl_get80211_fbsd(ic, cmd, ireq);
 1583 #else
 1584                 error = EINVAL;
 1585 #endif /* COMPAT_FREEBSD_NET80211 */
 1586                 break;
 1587         }
 1588         return error;
 1589 }
 1590 
 1591 static int
 1592 ieee80211_ioctl_setoptie(struct ieee80211com *ic, struct ieee80211req *ireq)
 1593 {
 1594         int error;
 1595         void *ie;
 1596 
 1597         /*
 1598          * NB: Doing this for ap operation could be useful (e.g. for
 1599          *     WPA and/or WME) except that it typically is worthless
 1600          *     without being able to intervene when processing
 1601          *     association response frames--so disallow it for now.
 1602          */
 1603         if (ic->ic_opmode != IEEE80211_M_STA)
 1604                 return EINVAL;
 1605         if (ireq->i_len > IEEE80211_MAX_OPT_IE)
 1606                 return EINVAL;
 1607         /* NB: data.length is validated by the wireless extensions code */
 1608         ie = malloc(ireq->i_len, M_DEVBUF, M_WAITOK);
 1609         if (ie == NULL)
 1610                 return ENOMEM;
 1611         error = copyin(ireq->i_data, ie, ireq->i_len);
 1612         /* XXX sanity check data? */
 1613         if (ic->ic_opt_ie != NULL)
 1614                 free(ic->ic_opt_ie, M_DEVBUF);
 1615         ic->ic_opt_ie = ie;
 1616         ic->ic_opt_ie_len = ireq->i_len;
 1617         return 0;
 1618 }
 1619 
 1620 static int
 1621 ieee80211_ioctl_setkey(struct ieee80211com *ic, struct ieee80211req *ireq)
 1622 {
 1623         struct ieee80211req_key ik;
 1624         struct ieee80211_node *ni;
 1625         struct ieee80211_key *wk;
 1626         u_int16_t kid;
 1627         int error;
 1628 
 1629         if (ireq->i_len != sizeof(ik))
 1630                 return EINVAL;
 1631         error = copyin(ireq->i_data, &ik, sizeof(ik));
 1632         if (error)
 1633                 return error;
 1634         /* NB: cipher support is verified by ieee80211_crypt_newkey */
 1635         /* NB: this also checks ik->ik_keylen > sizeof(wk->wk_key) */
 1636         if (ik.ik_keylen > sizeof(ik.ik_keydata))
 1637                 return E2BIG;
 1638         kid = ik.ik_keyix;
 1639         if (kid == IEEE80211_KEYIX_NONE) {
 1640                 /* XXX unicast keys currently must be tx/rx */
 1641                 if (ik.ik_flags != (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))
 1642                         return EINVAL;
 1643                 if (ic->ic_opmode == IEEE80211_M_STA) {
 1644                         ni = ieee80211_ref_node(ic->ic_bss);
 1645                         if (!IEEE80211_ADDR_EQ(ik.ik_macaddr, ni->ni_bssid)) {
 1646                                 ieee80211_free_node(ni);
 1647                                 return EADDRNOTAVAIL;
 1648                         }
 1649                 } else {
 1650                         ni = ieee80211_find_node(&ic->ic_sta, ik.ik_macaddr);
 1651                         if (ni == NULL)
 1652                                 return ENOENT;
 1653                 }
 1654                 wk = &ni->ni_ucastkey;
 1655         } else {
 1656                 if (kid >= IEEE80211_WEP_NKID)
 1657                         return EINVAL;
 1658                 wk = &ic->ic_nw_keys[kid];
 1659                 ni = NULL;
 1660         }
 1661         error = 0;
 1662         ieee80211_key_update_begin(ic);
 1663         if (ieee80211_crypto_newkey(ic, ik.ik_type, ik.ik_flags, wk)) {
 1664                 wk->wk_keylen = ik.ik_keylen;
 1665                 /* NB: MIC presence is implied by cipher type */
 1666                 if (wk->wk_keylen > IEEE80211_KEYBUF_SIZE)
 1667                         wk->wk_keylen = IEEE80211_KEYBUF_SIZE;
 1668                 wk->wk_keyrsc = ik.ik_keyrsc;
 1669                 wk->wk_keytsc = 0;                      /* new key, reset */
 1670                 memset(wk->wk_key, 0, sizeof(wk->wk_key));
 1671                 memcpy(wk->wk_key, ik.ik_keydata, ik.ik_keylen);
 1672                 if (!ieee80211_crypto_setkey(ic, wk,
 1673                     ni != NULL ? ni->ni_macaddr : ik.ik_macaddr))
 1674                         error = EIO;
 1675                 else if ((ik.ik_flags & IEEE80211_KEY_DEFAULT))
 1676                         ic->ic_def_txkey = kid;
 1677         } else
 1678                 error = ENXIO;
 1679         ieee80211_key_update_end(ic);
 1680         if (ni != NULL)
 1681                 ieee80211_free_node(ni);
 1682         return error;
 1683 }
 1684 
 1685 static int
 1686 ieee80211_ioctl_delkey(struct ieee80211com *ic, struct ieee80211req *ireq)
 1687 {
 1688         struct ieee80211req_del_key dk;
 1689         int kid, error;
 1690 
 1691         if (ireq->i_len != sizeof(dk))
 1692                 return EINVAL;
 1693         error = copyin(ireq->i_data, &dk, sizeof(dk));
 1694         if (error)
 1695                 return error;
 1696         kid = dk.idk_keyix;
 1697         /* XXX u_int8_t -> u_int16_t */
 1698         if (dk.idk_keyix == (u_int8_t) IEEE80211_KEYIX_NONE) {
 1699                 struct ieee80211_node *ni;
 1700 
 1701                 if (ic->ic_opmode == IEEE80211_M_STA) {
 1702                         ni = ieee80211_ref_node(ic->ic_bss);
 1703                         if (!IEEE80211_ADDR_EQ(dk.idk_macaddr, ni->ni_bssid)) {
 1704                                 ieee80211_free_node(ni);
 1705                                 return EADDRNOTAVAIL;
 1706                         }
 1707                 } else {
 1708                         ni = ieee80211_find_node(&ic->ic_sta, dk.idk_macaddr);
 1709                         if (ni == NULL)
 1710                                 return ENOENT;
 1711                 }
 1712                 /* XXX error return */
 1713                 ieee80211_node_delucastkey(ni);
 1714                 ieee80211_free_node(ni);
 1715         } else {
 1716                 if (kid >= IEEE80211_WEP_NKID)
 1717                         return EINVAL;
 1718                 /* XXX error return */
 1719                 ieee80211_crypto_delkey(ic, &ic->ic_nw_keys[kid]);
 1720         }
 1721         return 0;
 1722 }
 1723 
 1724 #ifndef IEEE80211_NO_HOSTAP
 1725 static void
 1726 domlme(void *arg, struct ieee80211_node *ni)
 1727 {
 1728         struct ieee80211com *ic = ni->ni_ic;
 1729         struct ieee80211req_mlme *mlme = arg;
 1730 
 1731         if (ni->ni_associd != 0) {
 1732                 IEEE80211_SEND_MGMT(ic, ni,
 1733                         mlme->im_op == IEEE80211_MLME_DEAUTH ?
 1734                                 IEEE80211_FC0_SUBTYPE_DEAUTH :
 1735                                 IEEE80211_FC0_SUBTYPE_DISASSOC,
 1736                         mlme->im_reason);
 1737         }
 1738         ieee80211_node_leave(ic, ni);
 1739 }
 1740 #endif /* !IEEE80211_NO_HOSTAP */
 1741 
 1742 static int
 1743 ieee80211_ioctl_setmlme(struct ieee80211com *ic, struct ieee80211req *ireq)
 1744 {
 1745         struct ieee80211req_mlme mlme;
 1746         struct ieee80211_node *ni;
 1747         int error;
 1748 
 1749         if (ireq->i_len != sizeof(mlme))
 1750                 return EINVAL;
 1751         error = copyin(ireq->i_data, &mlme, sizeof(mlme));
 1752         if (error)
 1753                 return error;
 1754         switch (mlme.im_op) {
 1755         case IEEE80211_MLME_ASSOC:
 1756                 if (ic->ic_opmode != IEEE80211_M_STA)
 1757                         return EINVAL;
 1758                 /* XXX must be in S_SCAN state? */
 1759 
 1760                 if (mlme.im_ssid_len != 0) {
 1761                         /*
 1762                          * Desired ssid specified; must match both bssid and
 1763                          * ssid to distinguish ap advertising multiple ssid's.
 1764                          */
 1765                         ni = ieee80211_find_node_with_ssid(&ic->ic_scan,
 1766                                 mlme.im_macaddr,
 1767                                 mlme.im_ssid_len, mlme.im_ssid);
 1768                 } else {
 1769                         /*
 1770                          * Normal case; just match bssid.
 1771                          */
 1772                         ni = ieee80211_find_node(&ic->ic_scan, mlme.im_macaddr);
 1773                 }
 1774                 if (ni == NULL)
 1775                         return EINVAL;
 1776                 if (!ieee80211_sta_join(ic, ni)) {
 1777                         ieee80211_free_node(ni);
 1778                         return EINVAL;
 1779                 }
 1780                 break;
 1781         case IEEE80211_MLME_DISASSOC:
 1782         case IEEE80211_MLME_DEAUTH:
 1783                 switch (ic->ic_opmode) {
 1784                 case IEEE80211_M_STA:
 1785                         /* XXX not quite right */
 1786                         ieee80211_new_state(ic, IEEE80211_S_INIT,
 1787                                 mlme.im_reason);
 1788                         break;
 1789                 case IEEE80211_M_HOSTAP:
 1790 #ifndef IEEE80211_NO_HOSTAP
 1791                         /* NB: the broadcast address means do 'em all */
 1792                         if (!IEEE80211_ADDR_EQ(mlme.im_macaddr, ic->ic_ifp->if_broadcastaddr)) {
 1793                                 if ((ni = ieee80211_find_node(&ic->ic_sta,
 1794                                                 mlme.im_macaddr)) == NULL)
 1795                                         return EINVAL;
 1796                                 domlme(&mlme, ni);
 1797                                 ieee80211_free_node(ni);
 1798                         } else {
 1799                                 ieee80211_iterate_nodes(&ic->ic_sta,
 1800                                                 domlme, &mlme);
 1801                         }
 1802 #endif /* !IEEE80211_NO_HOSTAP */
 1803                         break;
 1804                 default:
 1805                         return EINVAL;
 1806                 }
 1807                 break;
 1808         case IEEE80211_MLME_AUTHORIZE:
 1809         case IEEE80211_MLME_UNAUTHORIZE:
 1810                 if (ic->ic_opmode != IEEE80211_M_HOSTAP)
 1811                         return EINVAL;
 1812                 ni = ieee80211_find_node(&ic->ic_sta, mlme.im_macaddr);
 1813                 if (ni == NULL)
 1814                         return EINVAL;
 1815                 if (mlme.im_op == IEEE80211_MLME_AUTHORIZE)
 1816                         ieee80211_node_authorize(ni);
 1817                 else
 1818                         ieee80211_node_unauthorize(ni);
 1819                 ieee80211_free_node(ni);
 1820                 break;
 1821         default:
 1822                 return EINVAL;
 1823         }
 1824         return 0;
 1825 }
 1826 
 1827 static int
 1828 ieee80211_ioctl_macmac(struct ieee80211com *ic, struct ieee80211req *ireq)
 1829 {
 1830         u_int8_t mac[IEEE80211_ADDR_LEN];
 1831         const struct ieee80211_aclator *acl = ic->ic_acl;
 1832         int error;
 1833 
 1834         if (ireq->i_len != sizeof(mac))
 1835                 return EINVAL;
 1836         error = copyin(ireq->i_data, mac, ireq->i_len);
 1837         if (error)
 1838                 return error;
 1839         if (acl == NULL) {
 1840                 acl = ieee80211_aclator_get("mac");
 1841                 if (acl == NULL || !acl->iac_attach(ic))
 1842                         return EINVAL;
 1843                 ic->ic_acl = acl;
 1844         }
 1845         if (ireq->i_type == IEEE80211_IOC_ADDMAC)
 1846                 acl->iac_add(ic, mac);
 1847         else
 1848                 acl->iac_remove(ic, mac);
 1849         return 0;
 1850 }
 1851 
 1852 static int
 1853 ieee80211_ioctl_setmaccmd(struct ieee80211com *ic, struct ieee80211req *ireq)
 1854 {
 1855         const struct ieee80211_aclator *acl = ic->ic_acl;
 1856 
 1857         switch (ireq->i_val) {
 1858         case IEEE80211_MACCMD_POLICY_OPEN:
 1859         case IEEE80211_MACCMD_POLICY_ALLOW:
 1860         case IEEE80211_MACCMD_POLICY_DENY:
 1861                 if (acl == NULL) {
 1862                         acl = ieee80211_aclator_get("mac");
 1863                         if (acl == NULL || !acl->iac_attach(ic))
 1864                                 return EINVAL;
 1865                         ic->ic_acl = acl;
 1866                 }
 1867                 acl->iac_setpolicy(ic, ireq->i_val);
 1868                 break;
 1869         case IEEE80211_MACCMD_FLUSH:
 1870                 if (acl != NULL)
 1871                         acl->iac_flush(ic);
 1872                 /* NB: silently ignore when not in use */
 1873                 break;
 1874         case IEEE80211_MACCMD_DETACH:
 1875                 if (acl != NULL) {
 1876                         ic->ic_acl = NULL;
 1877                         acl->iac_detach(ic);
 1878                 }
 1879                 break;
 1880         default:
 1881                 if (acl == NULL)
 1882                         return EINVAL;
 1883                 else
 1884                         return acl->iac_setioctl(ic, ireq);
 1885         }
 1886         return 0;
 1887 }
 1888 
 1889 static int
 1890 ieee80211_ioctl_setchanlist(struct ieee80211com *ic, struct ieee80211req *ireq)
 1891 {
 1892         struct ieee80211req_chanlist list;
 1893         u_int8_t chanlist[IEEE80211_CHAN_BYTES];
 1894         int i, j, error;
 1895 
 1896         if (ireq->i_len != sizeof(list))
 1897                 return EINVAL;
 1898         error = copyin(ireq->i_data, &list, sizeof(list));
 1899         if (error)
 1900                 return error;
 1901         memset(chanlist, 0, sizeof(chanlist));
 1902         /*
 1903          * Since channel 0 is not available for DS, channel 1
 1904          * is assigned to LSB on WaveLAN.
 1905          */
 1906         if (ic->ic_phytype == IEEE80211_T_DS)
 1907                 i = 1;
 1908         else
 1909                 i = 0;
 1910         for (j = 0; i <= IEEE80211_CHAN_MAX; i++, j++) {
 1911                 /*
 1912                  * NB: silently discard unavailable channels so users
 1913                  *     can specify 1-255 to get all available channels.
 1914                  */
 1915                 if (isset(list.ic_channels, j) && isset(ic->ic_chan_avail, i))
 1916                         setbit(chanlist, i);
 1917         }
 1918         if (ic->ic_ibss_chan == NULL ||
 1919             isclr(chanlist, ieee80211_chan2ieee(ic, ic->ic_ibss_chan))) {
 1920                 for (i = 0; i <= IEEE80211_CHAN_MAX; i++)
 1921                         if (isset(chanlist, i)) {
 1922                                 ic->ic_ibss_chan = &ic->ic_channels[i];
 1923                                 goto found;
 1924                         }
 1925                 return EINVAL;                  /* no active channels */
 1926 found:
 1927                 ;
 1928         }
 1929         memcpy(ic->ic_chan_active, chanlist, sizeof(ic->ic_chan_active));
 1930         return IS_UP_AUTO(ic) ? ENETRESET : 0;
 1931 }
 1932 
 1933 static int
 1934 ieee80211_ioctl_setstatxpow(struct ieee80211com *ic, struct ieee80211req *ireq)
 1935 {
 1936         struct ieee80211_node *ni;
 1937         struct ieee80211req_sta_txpow txpow;
 1938         int error;
 1939 
 1940         if (ireq->i_len != sizeof(txpow))
 1941                 return EINVAL;
 1942         error = copyin(ireq->i_data, &txpow, sizeof(txpow));
 1943         if (error != 0)
 1944                 return error;
 1945         ni = ieee80211_find_node(&ic->ic_sta, txpow.it_macaddr);
 1946         if (ni == NULL)
 1947                 return EINVAL;          /* XXX */
 1948         ni->ni_txpower = txpow.it_txpow;
 1949         ieee80211_free_node(ni);
 1950         return error;
 1951 }
 1952 
 1953 static int
 1954 ieee80211_ioctl_setwmeparam(struct ieee80211com *ic, struct ieee80211req *ireq)
 1955 {
 1956         struct ieee80211_wme_state *wme = &ic->ic_wme;
 1957         struct wmeParams *wmep, *chanp;
 1958         int isbss, ac;
 1959 
 1960         if ((ic->ic_caps & IEEE80211_C_WME) == 0)
 1961                 return EINVAL;
 1962 
 1963         isbss = (ireq->i_len & IEEE80211_WMEPARAM_BSS);
 1964         ac = (ireq->i_len & IEEE80211_WMEPARAM_VAL);
 1965         if (ac >= WME_NUM_AC)
 1966                 ac = WME_AC_BE;
 1967         if (isbss) {
 1968                 chanp = &wme->wme_bssChanParams.cap_wmeParams[ac];
 1969                 wmep = &wme->wme_wmeBssChanParams.cap_wmeParams[ac];
 1970         } else {
 1971                 chanp = &wme->wme_chanParams.cap_wmeParams[ac];
 1972                 wmep = &wme->wme_wmeChanParams.cap_wmeParams[ac];
 1973         }
 1974         switch (ireq->i_type) {
 1975         case IEEE80211_IOC_WME_CWMIN:           /* WME: CWmin */
 1976                 if (isbss) {
 1977                         wmep->wmep_logcwmin = ireq->i_val;
 1978                         if ((wme->wme_flags & WME_F_AGGRMODE) == 0)
 1979                                 chanp->wmep_logcwmin = ireq->i_val;
 1980                 } else {
 1981                         wmep->wmep_logcwmin = chanp->wmep_logcwmin =
 1982                                 ireq->i_val;
 1983                 }
 1984                 break;
 1985         case IEEE80211_IOC_WME_CWMAX:           /* WME: CWmax */
 1986                 if (isbss) {
 1987                         wmep->wmep_logcwmax = ireq->i_val;
 1988                         if ((wme->wme_flags & WME_F_AGGRMODE) == 0)
 1989                                 chanp->wmep_logcwmax = ireq->i_val;
 1990                 } else {
 1991                         wmep->wmep_logcwmax = chanp->wmep_logcwmax =
 1992                                 ireq->i_val;
 1993                 }
 1994                 break;
 1995         case IEEE80211_IOC_WME_AIFS:            /* WME: AIFS */
 1996                 if (isbss) {
 1997                         wmep->wmep_aifsn = ireq->i_val;
 1998                         if ((wme->wme_flags & WME_F_AGGRMODE) == 0)
 1999                                 chanp->wmep_aifsn = ireq->i_val;
 2000                 } else {
 2001                         wmep->wmep_aifsn = chanp->wmep_aifsn = ireq->i_val;
 2002                 }
 2003                 break;
 2004         case IEEE80211_IOC_WME_TXOPLIMIT:       /* WME: txops limit */
 2005                 if (isbss) {
 2006                         wmep->wmep_txopLimit = ireq->i_val;
 2007                         if ((wme->wme_flags & WME_F_AGGRMODE) == 0)
 2008                                 chanp->wmep_txopLimit = ireq->i_val;
 2009                 } else {
 2010                         wmep->wmep_txopLimit = chanp->wmep_txopLimit =
 2011                                 ireq->i_val;
 2012                 }
 2013                 break;
 2014         case IEEE80211_IOC_WME_ACM:             /* WME: ACM (bss only) */
 2015                 wmep->wmep_acm = ireq->i_val;
 2016                 if ((wme->wme_flags & WME_F_AGGRMODE) == 0)
 2017                         chanp->wmep_acm = ireq->i_val;
 2018                 break;
 2019         case IEEE80211_IOC_WME_ACKPOLICY:       /* WME: ACK policy (!bss only)*/
 2020                 wmep->wmep_noackPolicy = chanp->wmep_noackPolicy =
 2021                         (ireq->i_val) == 0;
 2022                 break;
 2023         }
 2024         ieee80211_wme_updateparams(ic);
 2025         return 0;
 2026 }
 2027 
 2028 static int
 2029 cipher2cap(int cipher)
 2030 {
 2031         switch (cipher) {
 2032         case IEEE80211_CIPHER_WEP:      return IEEE80211_C_WEP;
 2033         case IEEE80211_CIPHER_AES_OCB:  return IEEE80211_C_AES;
 2034         case IEEE80211_CIPHER_AES_CCM:  return IEEE80211_C_AES_CCM;
 2035         case IEEE80211_CIPHER_CKIP:     return IEEE80211_C_CKIP;
 2036         case IEEE80211_CIPHER_TKIP:     return IEEE80211_C_TKIP;
 2037         }
 2038         return 0;
 2039 }
 2040 
 2041 static int
 2042 ieee80211_ioctl_set80211(struct ieee80211com *ic, u_long cmd,
 2043     struct ieee80211req *ireq)
 2044 {
 2045 #if defined(__FreeBSD__) || defined(COMPAT_FREEBSD_NET80211)
 2046         static const u_int8_t zerobssid[IEEE80211_ADDR_LEN];
 2047         u_int8_t tmpkey[IEEE80211_KEYBUF_SIZE];
 2048         char tmpssid[IEEE80211_NWID_LEN];
 2049         u_int8_t tmpbssid[IEEE80211_ADDR_LEN];
 2050         struct ieee80211_key *k;
 2051         u_int kid;
 2052 #endif /* __FreeBSD__ || COMPAT_FREEBSD_NET80211 */
 2053         struct ieee80211_rsnparms *rsn = &ic->ic_bss->ni_rsn;
 2054         int error;
 2055         const struct ieee80211_authenticator *auth;
 2056         int j, caps;
 2057 
 2058         error = 0;
 2059         switch (ireq->i_type) {
 2060 #if defined(__FreeBSD__) || defined(COMPAT_FREEBSD_NET80211)
 2061         case IEEE80211_IOC_SSID:
 2062                 if (ireq->i_val != 0 ||
 2063                     ireq->i_len > IEEE80211_NWID_LEN)
 2064                         return EINVAL;
 2065                 error = copyin(ireq->i_data, tmpssid, ireq->i_len);
 2066                 if (error)
 2067                         break;
 2068                 memset(ic->ic_des_essid, 0, IEEE80211_NWID_LEN);
 2069                 ic->ic_des_esslen = ireq->i_len;
 2070                 memcpy(ic->ic_des_essid, tmpssid, ireq->i_len);
 2071                 error = ENETRESET;
 2072                 break;
 2073 #endif /* __FreeBSD__ || COMPAT_FREEBSD_NET80211 */
 2074         case IEEE80211_IOC_WEP:
 2075                 switch (ireq->i_val) {
 2076                 case IEEE80211_WEP_OFF:
 2077                         ic->ic_flags &= ~IEEE80211_F_PRIVACY;
 2078                         ic->ic_flags &= ~IEEE80211_F_DROPUNENC;
 2079                         break;
 2080                 case IEEE80211_WEP_ON:
 2081                         ic->ic_flags |= IEEE80211_F_PRIVACY;
 2082                         ic->ic_flags |= IEEE80211_F_DROPUNENC;
 2083                         break;
 2084                 case IEEE80211_WEP_MIXED:
 2085                         ic->ic_flags |= IEEE80211_F_PRIVACY;
 2086                         ic->ic_flags &= ~IEEE80211_F_DROPUNENC;
 2087                         break;
 2088                 }
 2089                 error = ENETRESET;
 2090                 break;
 2091 #if defined(__FreeBSD__) || defined(COMPAT_FREEBSD_NET80211)
 2092         case IEEE80211_IOC_WEPKEY:
 2093                 kid = (u_int) ireq->i_val;
 2094                 if (kid >= IEEE80211_WEP_NKID)
 2095                         return EINVAL;
 2096                 k = &ic->ic_nw_keys[kid];
 2097                 if (ireq->i_len == 0) {
 2098                         /* zero-len =>'s delete any existing key */
 2099                         (void) ieee80211_crypto_delkey(ic, k);
 2100                         break;
 2101                 }
 2102                 if (ireq->i_len > sizeof(tmpkey))
 2103                         return EINVAL;
 2104                 memset(tmpkey, 0, sizeof(tmpkey));
 2105                 error = copyin(ireq->i_data, tmpkey, ireq->i_len);
 2106                 if (error)
 2107                         break;
 2108                 ieee80211_key_update_begin(ic);
 2109                 k->wk_keyix = kid;      /* NB: force fixed key id */
 2110                 if (ieee80211_crypto_newkey(ic, IEEE80211_CIPHER_WEP,
 2111                     IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV, k)) {
 2112                         k->wk_keylen = ireq->i_len;
 2113                         memcpy(k->wk_key, tmpkey, sizeof(tmpkey));
 2114                         if  (!ieee80211_crypto_setkey(ic, k, ic->ic_myaddr))
 2115                                 error = EINVAL;
 2116                 } else
 2117                         error = EINVAL;
 2118                 ieee80211_key_update_end(ic);
 2119                 if (!error)                     /* NB: for compatibility */
 2120                         error = ENETRESET;
 2121                 break;
 2122         case IEEE80211_IOC_WEPTXKEY:
 2123                 kid = (u_int) ireq->i_val;
 2124                 if (kid >= IEEE80211_WEP_NKID &&
 2125                     (u_int16_t) kid != IEEE80211_KEYIX_NONE)
 2126                         return EINVAL;
 2127                 ic->ic_def_txkey = kid;
 2128                 error = ENETRESET;      /* push to hardware */
 2129                 break;
 2130 #endif /* __FreeBSD__ || COMPAT_FREEBSD_NET80211 */
 2131         case IEEE80211_IOC_AUTHMODE:
 2132                 switch (ireq->i_val) {
 2133                 case IEEE80211_AUTH_WPA:
 2134                 case IEEE80211_AUTH_8021X:      /* 802.1x */
 2135                 case IEEE80211_AUTH_OPEN:       /* open */
 2136                 case IEEE80211_AUTH_SHARED:     /* shared-key */
 2137                 case IEEE80211_AUTH_AUTO:       /* auto */
 2138                         auth = ieee80211_authenticator_get(ireq->i_val);
 2139                         if (auth == NULL)
 2140                                 return EINVAL;
 2141                         break;
 2142                 default:
 2143                         return EINVAL;
 2144                 }
 2145                 switch (ireq->i_val) {
 2146                 case IEEE80211_AUTH_WPA:        /* WPA w/ 802.1x */
 2147                         ic->ic_flags |= IEEE80211_F_PRIVACY;
 2148                         ireq->i_val = IEEE80211_AUTH_8021X;
 2149                         break;
 2150                 case IEEE80211_AUTH_OPEN:       /* open */
 2151                         ic->ic_flags &= ~(IEEE80211_F_WPA|IEEE80211_F_PRIVACY);
 2152                         break;
 2153                 case IEEE80211_AUTH_SHARED:     /* shared-key */
 2154                 case IEEE80211_AUTH_8021X:      /* 802.1x */
 2155                         ic->ic_flags &= ~IEEE80211_F_WPA;
 2156                         /* both require a key so mark the PRIVACY capability */
 2157                         ic->ic_flags |= IEEE80211_F_PRIVACY;
 2158                         break;
 2159                 case IEEE80211_AUTH_AUTO:       /* auto */
 2160                         ic->ic_flags &= ~IEEE80211_F_WPA;
 2161                         /* XXX PRIVACY handling? */
 2162                         /* XXX what's the right way to do this? */
 2163                         break;
 2164                 }
 2165                 /* NB: authenticator attach/detach happens on state change */
 2166                 ic->ic_bss->ni_authmode = ireq->i_val;
 2167                 /* XXX mixed/mode/usage? */
 2168                 ic->ic_auth = auth;
 2169                 error = ENETRESET;
 2170                 break;
 2171 #if defined(__FreeBSD__) || defined(COMPAT_FREEBSD_NET80211)
 2172         case IEEE80211_IOC_CHANNEL:
 2173                 /* XXX 0xffff overflows 16-bit signed */
 2174                 if (ireq->i_val == 0 ||
 2175                     ireq->i_val == (int16_t) IEEE80211_CHAN_ANY)
 2176                         ic->ic_des_chan = IEEE80211_CHAN_ANYC;
 2177                 else if ((u_int) ireq->i_val > IEEE80211_CHAN_MAX ||
 2178                     isclr(ic->ic_chan_active, ireq->i_val)) {
 2179                         return EINVAL;
 2180                 } else
 2181                         ic->ic_ibss_chan = ic->ic_des_chan =
 2182                                 &ic->ic_channels[ireq->i_val];
 2183                 switch (ic->ic_state) {
 2184                 case IEEE80211_S_INIT:
 2185                 case IEEE80211_S_SCAN:
 2186                         error = ENETRESET;
 2187                         break;
 2188                 default:
 2189                         /*
 2190                          * If the desired channel has changed (to something
 2191                          * other than any) and we're not already scanning,
 2192                          * then kick the state machine.
 2193                          */
 2194                         if (ic->ic_des_chan != IEEE80211_CHAN_ANYC &&
 2195                             ic->ic_bss->ni_chan != ic->ic_des_chan &&
 2196                             (ic->ic_flags & IEEE80211_F_SCAN) == 0)
 2197                                 error = ENETRESET;
 2198                         break;
 2199                 }
 2200                 if (error == ENETRESET &&
 2201                         ic->ic_opmode == IEEE80211_M_MONITOR) {
 2202                         if (IS_UP(ic)) {
 2203                                 /*
 2204                                  * Monitor mode can switch directly.
 2205                                  */
 2206                                 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC)
 2207                                         ic->ic_curchan = ic->ic_des_chan;
 2208                                 error = ic->ic_reset(ic->ic_ifp);
 2209                         } else
 2210                                 error = 0;
 2211                 }
 2212                 break;
 2213         case IEEE80211_IOC_POWERSAVE:
 2214                 switch (ireq->i_val) {
 2215                 case IEEE80211_POWERSAVE_OFF:
 2216                         if (ic->ic_flags & IEEE80211_F_PMGTON) {
 2217                                 ic->ic_flags &= ~IEEE80211_F_PMGTON;
 2218                                 error = ENETRESET;
 2219                         }
 2220                         break;
 2221                 case IEEE80211_POWERSAVE_ON:
 2222                         if ((ic->ic_caps & IEEE80211_C_PMGT) == 0)
 2223                                 error = EINVAL;
 2224                         else if ((ic->ic_flags & IEEE80211_F_PMGTON) == 0) {
 2225                                 ic->ic_flags |= IEEE80211_F_PMGTON;
 2226                                 error = ENETRESET;
 2227                         }
 2228                         break;
 2229                 default:
 2230                         error = EINVAL;
 2231                         break;
 2232                 }
 2233                 break;
 2234         case IEEE80211_IOC_POWERSAVESLEEP:
 2235                 if (ireq->i_val < 0)
 2236                         return EINVAL;
 2237                 ic->ic_lintval = ireq->i_val;
 2238                 error = IS_UP(ic) ? ic->ic_reset(ic->ic_ifp) : 0;
 2239                 break;
 2240 #endif /* __FreeBSD__ || COMPAT_FREEBSD_NET80211 */
 2241         case IEEE80211_IOC_RTSTHRESHOLD:
 2242                 if (!(IEEE80211_RTS_MIN <= ireq->i_val &&
 2243                       ireq->i_val <= IEEE80211_RTS_MAX))
 2244                         return EINVAL;
 2245                 ic->ic_rtsthreshold = ireq->i_val;
 2246                 error = IS_UP(ic) ? ic->ic_reset(ic->ic_ifp) : 0;
 2247                 break;
 2248         case IEEE80211_IOC_PROTMODE:
 2249                 if (ireq->i_val > IEEE80211_PROT_RTSCTS)
 2250                         return EINVAL;
 2251                 ic->ic_protmode = ireq->i_val;
 2252                 /* NB: if not operating in 11g this can wait */
 2253                 if (ic->ic_curmode == IEEE80211_MODE_11G)
 2254                         error = IS_UP(ic) ? ic->ic_reset(ic->ic_ifp) : 0;
 2255                 break;
 2256         case IEEE80211_IOC_TXPOWER:
 2257                 if ((ic->ic_caps & IEEE80211_C_TXPMGT) == 0)
 2258                         return EINVAL;
 2259                 if (!(IEEE80211_TXPOWER_MIN < ireq->i_val &&
 2260                       ireq->i_val < IEEE80211_TXPOWER_MAX))
 2261                         return EINVAL;
 2262                 ic->ic_txpowlimit = ireq->i_val;
 2263                 error = IS_UP(ic) ? ic->ic_reset(ic->ic_ifp) : 0;
 2264                 break;
 2265         case IEEE80211_IOC_ROAMING:
 2266                 if (!(IEEE80211_ROAMING_DEVICE <= ireq->i_val &&
 2267                     ireq->i_val <= IEEE80211_ROAMING_MANUAL))
 2268                         return EINVAL;
 2269                 ic->ic_roaming = ireq->i_val;
 2270                 /* XXXX reset? */
 2271                 break;
 2272         case IEEE80211_IOC_PRIVACY:
 2273                 if (ireq->i_val) {
 2274                         /* XXX check for key state? */
 2275                         ic->ic_flags |= IEEE80211_F_PRIVACY;
 2276                 } else
 2277                         ic->ic_flags &= ~IEEE80211_F_PRIVACY;
 2278                 break;
 2279         case IEEE80211_IOC_DROPUNENCRYPTED:
 2280                 if (ireq->i_val)
 2281                         ic->ic_flags |= IEEE80211_F_DROPUNENC;
 2282                 else
 2283                         ic->ic_flags &= ~IEEE80211_F_DROPUNENC;
 2284                 break;
 2285         case IEEE80211_IOC_WPAKEY:
 2286                 error = ieee80211_ioctl_setkey(ic, ireq);
 2287                 break;
 2288         case IEEE80211_IOC_DELKEY:
 2289                 error = ieee80211_ioctl_delkey(ic, ireq);
 2290                 break;
 2291         case IEEE80211_IOC_MLME:
 2292                 error = ieee80211_ioctl_setmlme(ic, ireq);
 2293                 break;
 2294         case IEEE80211_IOC_OPTIE:
 2295                 error = ieee80211_ioctl_setoptie(ic, ireq);
 2296                 break;
 2297         case IEEE80211_IOC_COUNTERMEASURES:
 2298                 if (ireq->i_val) {
 2299                         if ((ic->ic_flags & IEEE80211_F_WPA) == 0)
 2300                                 return EINVAL;
 2301                         ic->ic_flags |= IEEE80211_F_COUNTERM;
 2302                 } else
 2303                         ic->ic_flags &= ~IEEE80211_F_COUNTERM;
 2304                 break;
 2305         case IEEE80211_IOC_WPA:
 2306                 if (ireq->i_val > 3)
 2307                         return EINVAL;
 2308                 /* XXX verify ciphers available */
 2309                 ic->ic_flags &= ~IEEE80211_F_WPA;
 2310                 switch (ireq->i_val) {
 2311                 case 1:
 2312                         ic->ic_flags |= IEEE80211_F_WPA1;
 2313                         break;
 2314                 case 2:
 2315                         ic->ic_flags |= IEEE80211_F_WPA2;
 2316                         break;
 2317                 case 3:
 2318                         ic->ic_flags |= IEEE80211_F_WPA1 | IEEE80211_F_WPA2;
 2319                         break;
 2320                 }
 2321                 error = ENETRESET;              /* XXX? */
 2322                 break;
 2323         case IEEE80211_IOC_WME:
 2324                 if (ireq->i_val) {
 2325                         if ((ic->ic_caps & IEEE80211_C_WME) == 0)
 2326                                 return EINVAL;
 2327                         ic->ic_flags |= IEEE80211_F_WME;
 2328                 } else
 2329                         ic->ic_flags &= ~IEEE80211_F_WME;
 2330                 error = ENETRESET;              /* XXX maybe not for station? */
 2331                 break;
 2332         case IEEE80211_IOC_HIDESSID:
 2333                 if (ireq->i_val)
 2334                         ic->ic_flags |= IEEE80211_F_HIDESSID;
 2335                 else
 2336                         ic->ic_flags &= ~IEEE80211_F_HIDESSID;
 2337                 error = ENETRESET;
 2338                 break;
 2339         case IEEE80211_IOC_APBRIDGE:
 2340                 if (ireq->i_val == 0)
 2341                         ic->ic_flags |= IEEE80211_F_NOBRIDGE;
 2342                 else
 2343                         ic->ic_flags &= ~IEEE80211_F_NOBRIDGE;
 2344                 break;
 2345         case IEEE80211_IOC_MCASTCIPHER:
 2346                 if ((ic->ic_caps & cipher2cap(ireq->i_val)) == 0 &&
 2347                     !ieee80211_crypto_available(ireq->i_val))
 2348                         return EINVAL;
 2349                 rsn->rsn_mcastcipher = ireq->i_val;
 2350                 error = (ic->ic_flags & IEEE80211_F_WPA) ? ENETRESET : 0;
 2351                 break;
 2352         case IEEE80211_IOC_MCASTKEYLEN:
 2353                 if (!(0 < ireq->i_val && ireq->i_val < IEEE80211_KEYBUF_SIZE))
 2354                         return EINVAL;
 2355                 /* XXX no way to verify driver capability */
 2356                 rsn->rsn_mcastkeylen = ireq->i_val;
 2357                 error = (ic->ic_flags & IEEE80211_F_WPA) ? ENETRESET : 0;
 2358                 break;
 2359         case IEEE80211_IOC_UCASTCIPHERS:
 2360                 /*
 2361                  * Convert user-specified cipher set to the set
 2362                  * we can support (via hardware or software).
 2363                  * NB: this logic intentionally ignores unknown and
 2364                  * unsupported ciphers so folks can specify 0xff or
 2365                  * similar and get all available ciphers.
 2366                  */
 2367                 caps = 0;
 2368                 for (j = 1; j < 32; j++)        /* NB: skip WEP */
 2369                         if ((ireq->i_val & (1<<j)) &&
 2370                             ((ic->ic_caps & cipher2cap(j)) ||
 2371                              ieee80211_crypto_available(j)))
 2372                                 caps |= 1<<j;
 2373                 if (caps == 0)                  /* nothing available */
 2374                         return EINVAL;
 2375                 /* XXX verify ciphers ok for unicast use? */
 2376                 /* XXX disallow if running as it'll have no effect */
 2377                 rsn->rsn_ucastcipherset = caps;
 2378                 error = (ic->ic_flags & IEEE80211_F_WPA) ? ENETRESET : 0;
 2379                 break;
 2380         case IEEE80211_IOC_UCASTCIPHER:
 2381                 if ((rsn->rsn_ucastcipherset & cipher2cap(ireq->i_val)) == 0)
 2382                         return EINVAL;
 2383                 rsn->rsn_ucastcipher = ireq->i_val;
 2384                 break;
 2385         case IEEE80211_IOC_UCASTKEYLEN:
 2386                 if (!(0 < ireq->i_val && ireq->i_val < IEEE80211_KEYBUF_SIZE))
 2387                         return EINVAL;
 2388                 /* XXX no way to verify driver capability */
 2389                 rsn->rsn_ucastkeylen = ireq->i_val;
 2390                 break;
 2391         case IEEE80211_IOC_DRIVER_CAPS:
 2392                 /* NB: for testing */
 2393                 ic->ic_caps = (((u_int16_t) ireq->i_val) << 16) |
 2394                                ((u_int16_t) ireq->i_len);
 2395                 break;
 2396         case IEEE80211_IOC_KEYMGTALGS:
 2397                 /* XXX check */
 2398                 rsn->rsn_keymgmtset = ireq->i_val;
 2399                 error = (ic->ic_flags & IEEE80211_F_WPA) ? ENETRESET : 0;
 2400                 break;
 2401         case IEEE80211_IOC_RSNCAPS:
 2402                 /* XXX check */
 2403                 rsn->rsn_caps = ireq->i_val;
 2404                 error = (ic->ic_flags & IEEE80211_F_WPA) ? ENETRESET : 0;
 2405                 break;
 2406 #if defined(__FreeBSD__) || defined(COMPAT_FREEBSD_NET80211)
 2407         case IEEE80211_IOC_BSSID:
 2408                 /* NB: should only be set when in STA mode */
 2409                 if (ic->ic_opmode != IEEE80211_M_STA)
 2410                         return EINVAL;
 2411                 if (ireq->i_len != sizeof(tmpbssid))
 2412                         return EINVAL;
 2413                 error = copyin(ireq->i_data, tmpbssid, ireq->i_len);
 2414                 if (error)
 2415                         break;
 2416                 IEEE80211_ADDR_COPY(ic->ic_des_bssid, tmpbssid);
 2417                 if (IEEE80211_ADDR_EQ(ic->ic_des_bssid, zerobssid))
 2418                         ic->ic_flags &= ~IEEE80211_F_DESBSSID;
 2419                 else
 2420                         ic->ic_flags |= IEEE80211_F_DESBSSID;
 2421                 error = ENETRESET;
 2422                 break;
 2423 #endif /* __FreeBSD__ || COMPAT_FREEBSD_NET80211 */
 2424         case IEEE80211_IOC_CHANLIST:
 2425                 error = ieee80211_ioctl_setchanlist(ic, ireq);
 2426                 break;
 2427         case IEEE80211_IOC_SCAN_REQ:
 2428                 if (ic->ic_opmode == IEEE80211_M_HOSTAP)        /* XXX ignore */
 2429                         break;
 2430                 error = ieee80211_setupscan(ic, ic->ic_chan_avail);
 2431                 if (error == 0)         /* XXX background scan */
 2432                         error = ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
 2433                 break;
 2434         case IEEE80211_IOC_ADDMAC:
 2435         case IEEE80211_IOC_DELMAC:
 2436                 error = ieee80211_ioctl_macmac(ic, ireq);
 2437                 break;
 2438         case IEEE80211_IOC_MACCMD:
 2439                 error = ieee80211_ioctl_setmaccmd(ic, ireq);
 2440                 break;
 2441         case IEEE80211_IOC_STA_TXPOW:
 2442                 error = ieee80211_ioctl_setstatxpow(ic, ireq);
 2443                 break;
 2444         case IEEE80211_IOC_WME_CWMIN:           /* WME: CWmin */
 2445         case IEEE80211_IOC_WME_CWMAX:           /* WME: CWmax */
 2446         case IEEE80211_IOC_WME_AIFS:            /* WME: AIFS */
 2447         case IEEE80211_IOC_WME_TXOPLIMIT:       /* WME: txops limit */
 2448         case IEEE80211_IOC_WME_ACM:             /* WME: ACM (bss only) */
 2449         case IEEE80211_IOC_WME_ACKPOLICY:       /* WME: ACK policy (bss only) */
 2450                 error = ieee80211_ioctl_setwmeparam(ic, ireq);
 2451                 break;
 2452         case IEEE80211_IOC_DTIM_PERIOD:
 2453                 if (ic->ic_opmode != IEEE80211_M_HOSTAP &&
 2454                     ic->ic_opmode != IEEE80211_M_IBSS)
 2455                         return EINVAL;
 2456                 if (IEEE80211_DTIM_MIN <= ireq->i_val &&
 2457                     ireq->i_val <= IEEE80211_DTIM_MAX) {
 2458                         ic->ic_dtim_period = ireq->i_val;
 2459                         error = ENETRESET;              /* requires restart */
 2460                 } else
 2461                         error = EINVAL;
 2462                 break;
 2463         case IEEE80211_IOC_BEACON_INTERVAL:
 2464                 if (ic->ic_opmode != IEEE80211_M_HOSTAP &&
 2465                     ic->ic_opmode != IEEE80211_M_IBSS)
 2466                         return EINVAL;
 2467                 if (IEEE80211_BINTVAL_MIN <= ireq->i_val &&
 2468                     ireq->i_val <= IEEE80211_BINTVAL_MAX) {
 2469                         ic->ic_bintval = ireq->i_val;
 2470                         error = ENETRESET;              /* requires restart */
 2471                 } else
 2472                         error = EINVAL;
 2473                 break;
 2474         case IEEE80211_IOC_PUREG:
 2475                 if (ireq->i_val)
 2476                         ic->ic_flags |= IEEE80211_F_PUREG;
 2477                 else
 2478                         ic->ic_flags &= ~IEEE80211_F_PUREG;
 2479                 /* NB: reset only if we're operating on an 11g channel */
 2480                 if (ic->ic_curmode == IEEE80211_MODE_11G)
 2481                         error = ENETRESET;
 2482                 break;
 2483         case IEEE80211_IOC_MCAST_RATE:
 2484                 ic->ic_mcast_rate = ireq->i_val & IEEE80211_RATE_VAL;
 2485                 break;
 2486         case IEEE80211_IOC_FRAGTHRESHOLD:
 2487                 if ((ic->ic_caps & IEEE80211_C_TXFRAG) == 0 &&
 2488                     ireq->i_val != IEEE80211_FRAG_MAX)
 2489                         return EINVAL;
 2490                 if (!(IEEE80211_FRAG_MIN <= ireq->i_val &&
 2491                       ireq->i_val <= IEEE80211_FRAG_MAX))
 2492                         return EINVAL;
 2493                 ic->ic_fragthreshold = ireq->i_val;
 2494                 error = IS_UP(ic) ? ic->ic_reset(ic->ic_ifp) : 0;
 2495                 break;
 2496         default:
 2497                 error = EINVAL;
 2498                 break;
 2499         }
 2500         if (error == ENETRESET && !IS_UP_AUTO(ic))
 2501                 error = 0;
 2502         return error;
 2503 }
 2504 
 2505 #ifdef __FreeBSD__
 2506 int
 2507 ieee80211_ioctl(struct ieee80211com *ic, u_long cmd, void *data)
 2508 {
 2509         struct ifnet *ifp = ic->ic_ifp;
 2510         int error = 0;
 2511         struct ifreq *ifr;
 2512         struct ifaddr *ifa;                     /* XXX */
 2513 
 2514         switch (cmd) {
 2515         case SIOCSIFMEDIA:
 2516         case SIOCGIFMEDIA:
 2517                 error = ifmedia_ioctl(ifp, (struct ifreq *) data,
 2518                                 &ic->ic_media, cmd);
 2519                 break;
 2520         case SIOCG80211:
 2521                 error = ieee80211_ioctl_get80211(ic, cmd,
 2522                                 (struct ieee80211req *) data);
 2523                 break;
 2524         case SIOCS80211:
 2525                 error = suser(curthread);
 2526                 if (error == 0)
 2527                         error = ieee80211_ioctl_set80211(ic, cmd,
 2528                                         (struct ieee80211req *) data);
 2529                 break;
 2530         case SIOCGIFGENERIC:
 2531                 error = ieee80211_cfgget(ic, cmd, data);
 2532                 break;
 2533         case SIOCSIFGENERIC:
 2534                 error = suser(curthread);
 2535                 if (error)
 2536                         break;
 2537                 error = ieee80211_cfgset(ic, cmd, data);
 2538                 break;
 2539         case SIOCG80211STATS:
 2540                 ifr = (struct ifreq *)data;
 2541                 copyout(&ic->ic_stats, ifr->ifr_data, sizeof (ic->ic_stats));
 2542                 break;
 2543         case SIOCSIFMTU:
 2544                 ifr = (struct ifreq *)data;
 2545                 if (!(IEEE80211_MTU_MIN <= ifr->ifr_mtu &&
 2546                     ifr->ifr_mtu <= IEEE80211_MTU_MAX))
 2547                         error = EINVAL;
 2548                 else
 2549                         ifp->if_mtu = ifr->ifr_mtu;
 2550                 break;
 2551         default:
 2552                 error = ether_ioctl(ifp, cmd, data);
 2553                 break;
 2554         }
 2555         return error;
 2556 }
 2557 #endif /* __FreeBSD__ */
 2558 
 2559 #ifdef COMPAT_20
 2560 static void
 2561 ieee80211_get_ostats(struct ieee80211_ostats *ostats,
 2562     struct ieee80211_stats *stats)
 2563 {
 2564 #define COPYSTATS1(__ostats, __nstats, __dstmemb, __srcmemb, __lastmemb)\
 2565         (void)memcpy(&(__ostats)->__dstmemb, &(__nstats)->__srcmemb,    \
 2566             offsetof(struct ieee80211_stats, __lastmemb) -              \
 2567             offsetof(struct ieee80211_stats, __srcmemb))
 2568 #define COPYSTATS(__ostats, __nstats, __dstmemb, __lastmemb)            \
 2569         COPYSTATS1(__ostats, __nstats, __dstmemb, __dstmemb, __lastmemb)
 2570 
 2571         COPYSTATS(ostats, stats, is_rx_badversion, is_rx_unencrypted);
 2572         COPYSTATS(ostats, stats, is_rx_wepfail, is_rx_beacon);
 2573         COPYSTATS(ostats, stats, is_rx_rstoobig, is_rx_auth_countermeasures);
 2574         COPYSTATS(ostats, stats, is_rx_assoc_bss, is_rx_assoc_badwpaie);
 2575         COPYSTATS(ostats, stats, is_rx_deauth, is_rx_unauth);
 2576         COPYSTATS1(ostats, stats, is_tx_nombuf, is_tx_nobuf, is_tx_badcipher);
 2577         COPYSTATS(ostats, stats, is_scan_active, is_crypto_tkip);
 2578 }
 2579 #endif /* COMPAT_20 */
 2580 
 2581 #ifdef __NetBSD__
 2582 int
 2583 ieee80211_ioctl(struct ieee80211com *ic, u_long cmd, void *data)
 2584 {
 2585         struct ifnet *ifp = ic->ic_ifp;
 2586         struct ifreq *ifr = (struct ifreq *)data;
 2587         int i, error = 0, kid, klen, s;
 2588         struct ieee80211_key *k;
 2589         struct ieee80211_nwid nwid;
 2590         struct ieee80211_nwkey *nwkey;
 2591         struct ieee80211_power *power;
 2592         struct ieee80211_bssid *bssid;
 2593         struct ieee80211chanreq *chanreq;
 2594         struct ieee80211_channel *chan;
 2595         uint32_t oflags;
 2596 #ifdef COMPAT_20
 2597         struct ieee80211_ostats ostats;
 2598 #endif /* COMPAT_20 */
 2599         static const u_int8_t zerobssid[IEEE80211_ADDR_LEN];
 2600         u_int8_t tmpkey[IEEE80211_WEP_NKID][IEEE80211_KEYBUF_SIZE];
 2601 
 2602         switch (cmd) {
 2603 #ifdef OSIOCSIFMEDIA
 2604         case OSIOCSIFMEDIA:
 2605 #endif
 2606         case SIOCSIFMEDIA:
 2607         case SIOCGIFMEDIA:
 2608                 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
 2609                 break;
 2610         case SIOCG80211:
 2611                 error = ieee80211_ioctl_get80211(ic, cmd,
 2612                                 (struct ieee80211req *) data);
 2613                 break;
 2614         case SIOCS80211:
 2615                 if ((error = kauth_authorize_network(curlwp->l_cred,
 2616                     KAUTH_NETWORK_INTERFACE,
 2617                     KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
 2618                     NULL)) != 0)
 2619                         break;
 2620                 error = ieee80211_ioctl_set80211(ic, cmd,
 2621                                 (struct ieee80211req *) data);
 2622                 break;
 2623         case SIOCS80211NWID:
 2624                 if ((error = copyin(ifr->ifr_data, &nwid, sizeof(nwid))) != 0)
 2625                         break;
 2626                 if (nwid.i_len > IEEE80211_NWID_LEN) {
 2627                         error = EINVAL;
 2628                         break;
 2629                 }
 2630                 memset(ic->ic_des_essid, 0, IEEE80211_NWID_LEN);
 2631                 ic->ic_des_esslen = nwid.i_len;
 2632                 memcpy(ic->ic_des_essid, nwid.i_nwid, nwid.i_len);
 2633                 error = ENETRESET;
 2634                 break;
 2635         case SIOCG80211NWID:
 2636                 memset(&nwid, 0, sizeof(nwid));
 2637                 switch (ic->ic_state) {
 2638                 case IEEE80211_S_INIT:
 2639                 case IEEE80211_S_SCAN:
 2640                         nwid.i_len = ic->ic_des_esslen;
 2641                         memcpy(nwid.i_nwid, ic->ic_des_essid, nwid.i_len);
 2642                         break;
 2643                 default:
 2644                         nwid.i_len = ic->ic_bss->ni_esslen;
 2645                         memcpy(nwid.i_nwid, ic->ic_bss->ni_essid, nwid.i_len);
 2646                         break;
 2647                 }
 2648                 error = copyout(&nwid, ifr->ifr_data, sizeof(nwid));
 2649                 break;
 2650         case SIOCS80211NWKEY:
 2651                 nwkey = (struct ieee80211_nwkey *)data;
 2652                 /* transmit key index out of range? */
 2653                 kid = nwkey->i_defkid - 1;
 2654                 if (kid < 0 || kid >= IEEE80211_WEP_NKID) {
 2655                         error = EINVAL;
 2656                         break;
 2657                 }
 2658                 /* no such transmit key is set? */
 2659                 if (nwkey->i_key[kid].i_keylen == 0 ||
 2660                     (nwkey->i_key[kid].i_keylen == -1 &&
 2661                      ic->ic_nw_keys[kid].wk_keylen == 0)) {
 2662                         if (nwkey->i_wepon != IEEE80211_NWKEY_OPEN) {
 2663                                 error = EINVAL;
 2664                                 break;
 2665                         }
 2666                 }
 2667                 /* check key lengths */
 2668                 for (kid = 0; kid < IEEE80211_WEP_NKID; kid++) {
 2669                         klen = nwkey->i_key[kid].i_keylen;
 2670                         if ((klen > 0 &&
 2671                             klen < IEEE80211_WEP_KEYLEN) ||
 2672                             klen > sizeof(ic->ic_nw_keys[kid].wk_key)) {
 2673                                 error = EINVAL;
 2674                                 break;
 2675                         }
 2676                 }
 2677 
 2678                 if (error)
 2679                         break;
 2680 
 2681                 /* copy in keys */
 2682                 (void)memset(tmpkey, 0, sizeof(tmpkey));
 2683                 for (kid = 0; kid < IEEE80211_WEP_NKID; kid++) {
 2684                         klen = nwkey->i_key[kid].i_keylen;
 2685                         if (klen <= 0)
 2686                                 continue;
 2687                         if ((error = copyin(nwkey->i_key[kid].i_keydat,
 2688                             tmpkey[kid], klen)) != 0)
 2689                                 break;
 2690                 }
 2691 
 2692                 if (error)
 2693                         break;
 2694 
 2695                 /* set keys */
 2696                 ieee80211_key_update_begin(ic);
 2697                 for (kid = 0; kid < IEEE80211_WEP_NKID; kid++) {
 2698                         klen = nwkey->i_key[kid].i_keylen;
 2699                         if (klen <= 0)
 2700                                 continue;
 2701                         k = &ic->ic_nw_keys[kid];
 2702                         k->wk_keyix = kid;
 2703                         if (!ieee80211_crypto_newkey(ic, IEEE80211_CIPHER_WEP,
 2704                             IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV, k)) {
 2705                                 error = EINVAL;
 2706                                 continue;
 2707                         }
 2708                         k->wk_keylen = nwkey->i_key[kid].i_keylen;
 2709                         (void)memcpy(k->wk_key, tmpkey[kid],
 2710                             sizeof(tmpkey[kid]));
 2711                         if (!ieee80211_crypto_setkey(ic, k, ic->ic_myaddr))
 2712                                 error = EINVAL;
 2713                 }
 2714                 ieee80211_key_update_end(ic);
 2715 
 2716                 if (error)
 2717                         break;
 2718 
 2719                 /* delete keys */
 2720                 for (kid = 0; kid < IEEE80211_WEP_NKID; kid++) {
 2721                         klen = nwkey->i_key[kid].i_keylen;
 2722                         k = &ic->ic_nw_keys[kid];
 2723                         if (klen <= 0)
 2724                                 (void)ieee80211_crypto_delkey(ic, k);
 2725                 }
 2726 
 2727                 /* set transmit key */
 2728                 kid = nwkey->i_defkid - 1;
 2729                 if (ic->ic_def_txkey != kid) {
 2730                         ic->ic_def_txkey = kid;
 2731                         error = ENETRESET;
 2732                 }
 2733                 oflags = ic->ic_flags;
 2734                 if (nwkey->i_wepon == IEEE80211_NWKEY_OPEN) {
 2735                         ic->ic_flags &= ~IEEE80211_F_PRIVACY;
 2736                         ic->ic_flags &= ~IEEE80211_F_DROPUNENC;
 2737                 } else {
 2738                         ic->ic_flags |= IEEE80211_F_PRIVACY;
 2739                         ic->ic_flags |= IEEE80211_F_DROPUNENC;
 2740                 }
 2741                 if (oflags != ic->ic_flags)
 2742                         error = ENETRESET;
 2743                 break;
 2744         case SIOCG80211NWKEY:
 2745                 nwkey = (struct ieee80211_nwkey *)data;
 2746                 if (ic->ic_flags & IEEE80211_F_PRIVACY)
 2747                         nwkey->i_wepon = IEEE80211_NWKEY_WEP;
 2748                 else
 2749                         nwkey->i_wepon = IEEE80211_NWKEY_OPEN;
 2750                 nwkey->i_defkid = ic->ic_def_txkey + 1;
 2751                 for (i = 0; i < IEEE80211_WEP_NKID; i++) {
 2752                         if (nwkey->i_key[i].i_keydat == NULL)
 2753                                 continue;
 2754                         /* do not show any keys to non-root user */
 2755                         if ((error = kauth_authorize_network(curlwp->l_cred,
 2756                             KAUTH_NETWORK_INTERFACE,
 2757                             KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp,
 2758                             (void *)cmd, NULL)) != 0)
 2759                                 break;
 2760                         nwkey->i_key[i].i_keylen = ic->ic_nw_keys[i].wk_keylen;
 2761                         if ((error = copyout(ic->ic_nw_keys[i].wk_key,
 2762                             nwkey->i_key[i].i_keydat,
 2763                             ic->ic_nw_keys[i].wk_keylen)) != 0)
 2764                                 break;
 2765                 }
 2766                 break;
 2767         case SIOCS80211POWER:
 2768                 power = (struct ieee80211_power *)data;
 2769                 ic->ic_lintval = power->i_maxsleep;
 2770                 if (power->i_enabled != 0) {
 2771                         if ((ic->ic_caps & IEEE80211_C_PMGT) == 0)
 2772                                 error = EINVAL;
 2773                         else if ((ic->ic_flags & IEEE80211_F_PMGTON) == 0) {
 2774                                 ic->ic_flags |= IEEE80211_F_PMGTON;
 2775                                 error = ENETRESET;
 2776                         }
 2777                 } else {
 2778                         if (ic->ic_flags & IEEE80211_F_PMGTON) {
 2779                                 ic->ic_flags &= ~IEEE80211_F_PMGTON;
 2780                                 error = ENETRESET;
 2781                         }
 2782                 }
 2783                 break;
 2784         case SIOCG80211POWER:
 2785                 power = (struct ieee80211_power *)data;
 2786                 power->i_enabled = (ic->ic_flags & IEEE80211_F_PMGTON) ? 1 : 0;
 2787                 power->i_maxsleep = ic->ic_lintval;
 2788                 break;
 2789         case SIOCS80211BSSID:
 2790                 bssid = (struct ieee80211_bssid *)data;
 2791                 IEEE80211_ADDR_COPY(ic->ic_des_bssid, bssid->i_bssid);
 2792                 if (IEEE80211_ADDR_EQ(ic->ic_des_bssid, zerobssid))
 2793                         ic->ic_flags &= ~IEEE80211_F_DESBSSID;
 2794                 else
 2795                         ic->ic_flags |= IEEE80211_F_DESBSSID;
 2796                 error = ENETRESET;
 2797                 break;
 2798         case SIOCG80211BSSID:
 2799                 bssid = (struct ieee80211_bssid *)data;
 2800                 switch (ic->ic_state) {
 2801                 case IEEE80211_S_INIT:
 2802                 case IEEE80211_S_SCAN:
 2803                         if (ic->ic_opmode == IEEE80211_M_HOSTAP)
 2804                                 IEEE80211_ADDR_COPY(bssid->i_bssid,
 2805                                     ic->ic_myaddr);
 2806                         else if (ic->ic_flags & IEEE80211_F_DESBSSID)
 2807                                 IEEE80211_ADDR_COPY(bssid->i_bssid,
 2808                                     ic->ic_des_bssid);
 2809                         else
 2810                                 memset(bssid->i_bssid, 0, IEEE80211_ADDR_LEN);
 2811                         break;
 2812                 default:
 2813                         IEEE80211_ADDR_COPY(bssid->i_bssid,
 2814                             ic->ic_bss->ni_bssid);
 2815                         break;
 2816                 }
 2817                 break;
 2818         case SIOCS80211CHANNEL:
 2819                 chanreq = (struct ieee80211chanreq *)data;
 2820                 if (chanreq->i_channel == IEEE80211_CHAN_ANY)
 2821                         ic->ic_des_chan = IEEE80211_CHAN_ANYC;
 2822                 else if (chanreq->i_channel > IEEE80211_CHAN_MAX ||
 2823                     isclr(ic->ic_chan_active, chanreq->i_channel)) {
 2824                         error = EINVAL;
 2825                         break;
 2826                 } else
 2827                         ic->ic_ibss_chan = ic->ic_des_chan =
 2828                             &ic->ic_channels[chanreq->i_channel];
 2829                 switch (ic->ic_state) {
 2830                 case IEEE80211_S_INIT:
 2831                 case IEEE80211_S_SCAN:
 2832                         error = ENETRESET;
 2833                         break;
 2834                 default:
 2835                         if (ic->ic_opmode == IEEE80211_M_STA) {
 2836                                 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC &&
 2837                                     ic->ic_bss->ni_chan != ic->ic_des_chan)
 2838                                         error = ENETRESET;
 2839                         } else {
 2840                                 if (ic->ic_bss->ni_chan != ic->ic_ibss_chan)
 2841                                         error = ENETRESET;
 2842                         }
 2843                         break;
 2844                 }
 2845                 break;
 2846         case SIOCG80211CHANNEL:
 2847                 chanreq = (struct ieee80211chanreq *)data;
 2848                 switch (ic->ic_state) {
 2849                 case IEEE80211_S_INIT:
 2850                 case IEEE80211_S_SCAN:
 2851                         if (ic->ic_opmode == IEEE80211_M_STA)
 2852                                 chan = ic->ic_des_chan;
 2853                         else
 2854                                 chan = ic->ic_ibss_chan;
 2855                         break;
 2856                 default:
 2857                         chan = ic->ic_curchan;
 2858                         break;
 2859                 }
 2860                 chanreq->i_channel = ieee80211_chan2ieee(ic, chan);
 2861                 break;
 2862         case SIOCGIFGENERIC:
 2863                 error = ieee80211_cfgget(ic, cmd, data);
 2864                 break;
 2865         case SIOCSIFGENERIC:
 2866                 error = kauth_authorize_network(curlwp->l_cred,
 2867                     KAUTH_NETWORK_INTERFACE,
 2868                     KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
 2869                     NULL);
 2870                 if (error)
 2871                         break;
 2872                 error = ieee80211_cfgset(ic, cmd, data);
 2873                 break;
 2874 #ifdef COMPAT_20
 2875         case OSIOCG80211STATS:
 2876         case OSIOCG80211ZSTATS:
 2877                 ifr = (struct ifreq *)data;
 2878                 s = splnet();
 2879                 ieee80211_get_ostats(&ostats, &ic->ic_stats);
 2880                 error = copyout(&ostats, ifr->ifr_data, sizeof(ostats));
 2881                 if (error == 0 && cmd == OSIOCG80211ZSTATS)
 2882                         (void)memset(&ic->ic_stats, 0, sizeof(ic->ic_stats));
 2883                 splx(s);
 2884                 break;
 2885 #endif /* COMPAT_20 */
 2886         case SIOCG80211ZSTATS:
 2887         case SIOCG80211STATS:
 2888                 ifr = (struct ifreq *)data;
 2889                 s = splnet();
 2890                 error = copyout(&ic->ic_stats, ifr->ifr_buf,
 2891                     MIN(sizeof(ic->ic_stats), ifr->ifr_buflen));
 2892                 if (error == 0 && cmd == SIOCG80211ZSTATS)
 2893                         (void)memset(&ic->ic_stats, 0, sizeof(ic->ic_stats));
 2894                 splx(s);
 2895                 break;
 2896         case SIOCSIFMTU:
 2897                 ifr = (struct ifreq *)data;
 2898                 if (!(IEEE80211_MTU_MIN <= ifr->ifr_mtu &&
 2899                     ifr->ifr_mtu <= IEEE80211_MTU_MAX))
 2900                         error = EINVAL;
 2901                 else if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET)
 2902                         error = 0;
 2903                 break;
 2904         default:
 2905                 error = ether_ioctl(ifp, cmd, data);
 2906                 break;
 2907         }
 2908         return error;
 2909 }
 2910 #endif /* __NetBSD__ */

Cache object: a3a043c6af4df8ab9ed0cc04cd955d57


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.