1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86#include <linux/module.h>
87#include <linux/types.h>
88#include <linux/netdevice.h>
89#include <linux/proc_fs.h>
90#include <linux/rtnetlink.h>
91#include <linux/seq_file.h>
92#include <linux/init.h>
93#include <linux/if_arp.h>
94#include <linux/etherdevice.h>
95#include <linux/interrupt.h>
96#include <net/net_namespace.h>
97
98#include <linux/wireless.h>
99#include <net/iw_handler.h>
100#include <net/netlink.h>
101#include <net/wext.h>
102
103#include <asm/uaccess.h>
104
105
106
107
108
109
110
111
112
113
114static const struct iw_ioctl_description standard_ioctl[] = {
115 [SIOCSIWCOMMIT - SIOCIWFIRST] = {
116 .header_type = IW_HEADER_TYPE_NULL,
117 },
118 [SIOCGIWNAME - SIOCIWFIRST] = {
119 .header_type = IW_HEADER_TYPE_CHAR,
120 .flags = IW_DESCR_FLAG_DUMP,
121 },
122 [SIOCSIWNWID - SIOCIWFIRST] = {
123 .header_type = IW_HEADER_TYPE_PARAM,
124 .flags = IW_DESCR_FLAG_EVENT,
125 },
126 [SIOCGIWNWID - SIOCIWFIRST] = {
127 .header_type = IW_HEADER_TYPE_PARAM,
128 .flags = IW_DESCR_FLAG_DUMP,
129 },
130 [SIOCSIWFREQ - SIOCIWFIRST] = {
131 .header_type = IW_HEADER_TYPE_FREQ,
132 .flags = IW_DESCR_FLAG_EVENT,
133 },
134 [SIOCGIWFREQ - SIOCIWFIRST] = {
135 .header_type = IW_HEADER_TYPE_FREQ,
136 .flags = IW_DESCR_FLAG_DUMP,
137 },
138 [SIOCSIWMODE - SIOCIWFIRST] = {
139 .header_type = IW_HEADER_TYPE_UINT,
140 .flags = IW_DESCR_FLAG_EVENT,
141 },
142 [SIOCGIWMODE - SIOCIWFIRST] = {
143 .header_type = IW_HEADER_TYPE_UINT,
144 .flags = IW_DESCR_FLAG_DUMP,
145 },
146 [SIOCSIWSENS - SIOCIWFIRST] = {
147 .header_type = IW_HEADER_TYPE_PARAM,
148 },
149 [SIOCGIWSENS - SIOCIWFIRST] = {
150 .header_type = IW_HEADER_TYPE_PARAM,
151 },
152 [SIOCSIWRANGE - SIOCIWFIRST] = {
153 .header_type = IW_HEADER_TYPE_NULL,
154 },
155 [SIOCGIWRANGE - SIOCIWFIRST] = {
156 .header_type = IW_HEADER_TYPE_POINT,
157 .token_size = 1,
158 .max_tokens = sizeof(struct iw_range),
159 .flags = IW_DESCR_FLAG_DUMP,
160 },
161 [SIOCSIWPRIV - SIOCIWFIRST] = {
162 .header_type = IW_HEADER_TYPE_NULL,
163 },
164 [SIOCGIWPRIV - SIOCIWFIRST] = {
165 .header_type = IW_HEADER_TYPE_POINT,
166 .token_size = sizeof(struct iw_priv_args),
167 .max_tokens = 16,
168 .flags = IW_DESCR_FLAG_NOMAX,
169 },
170 [SIOCSIWSTATS - SIOCIWFIRST] = {
171 .header_type = IW_HEADER_TYPE_NULL,
172 },
173 [SIOCGIWSTATS - SIOCIWFIRST] = {
174 .header_type = IW_HEADER_TYPE_POINT,
175 .token_size = 1,
176 .max_tokens = sizeof(struct iw_statistics),
177 .flags = IW_DESCR_FLAG_DUMP,
178 },
179 [SIOCSIWSPY - SIOCIWFIRST] = {
180 .header_type = IW_HEADER_TYPE_POINT,
181 .token_size = sizeof(struct sockaddr),
182 .max_tokens = IW_MAX_SPY,
183 },
184 [SIOCGIWSPY - SIOCIWFIRST] = {
185 .header_type = IW_HEADER_TYPE_POINT,
186 .token_size = sizeof(struct sockaddr) +
187 sizeof(struct iw_quality),
188 .max_tokens = IW_MAX_SPY,
189 },
190 [SIOCSIWTHRSPY - SIOCIWFIRST] = {
191 .header_type = IW_HEADER_TYPE_POINT,
192 .token_size = sizeof(struct iw_thrspy),
193 .min_tokens = 1,
194 .max_tokens = 1,
195 },
196 [SIOCGIWTHRSPY - SIOCIWFIRST] = {
197 .header_type = IW_HEADER_TYPE_POINT,
198 .token_size = sizeof(struct iw_thrspy),
199 .min_tokens = 1,
200 .max_tokens = 1,
201 },
202 [SIOCSIWAP - SIOCIWFIRST] = {
203 .header_type = IW_HEADER_TYPE_ADDR,
204 },
205 [SIOCGIWAP - SIOCIWFIRST] = {
206 .header_type = IW_HEADER_TYPE_ADDR,
207 .flags = IW_DESCR_FLAG_DUMP,
208 },
209 [SIOCSIWMLME - SIOCIWFIRST] = {
210 .header_type = IW_HEADER_TYPE_POINT,
211 .token_size = 1,
212 .min_tokens = sizeof(struct iw_mlme),
213 .max_tokens = sizeof(struct iw_mlme),
214 },
215 [SIOCGIWAPLIST - SIOCIWFIRST] = {
216 .header_type = IW_HEADER_TYPE_POINT,
217 .token_size = sizeof(struct sockaddr) +
218 sizeof(struct iw_quality),
219 .max_tokens = IW_MAX_AP,
220 .flags = IW_DESCR_FLAG_NOMAX,
221 },
222 [SIOCSIWSCAN - SIOCIWFIRST] = {
223 .header_type = IW_HEADER_TYPE_POINT,
224 .token_size = 1,
225 .min_tokens = 0,
226 .max_tokens = sizeof(struct iw_scan_req),
227 },
228 [SIOCGIWSCAN - SIOCIWFIRST] = {
229 .header_type = IW_HEADER_TYPE_POINT,
230 .token_size = 1,
231 .max_tokens = IW_SCAN_MAX_DATA,
232 .flags = IW_DESCR_FLAG_NOMAX,
233 },
234 [SIOCSIWESSID - SIOCIWFIRST] = {
235 .header_type = IW_HEADER_TYPE_POINT,
236 .token_size = 1,
237 .max_tokens = IW_ESSID_MAX_SIZE,
238 .flags = IW_DESCR_FLAG_EVENT,
239 },
240 [SIOCGIWESSID - SIOCIWFIRST] = {
241 .header_type = IW_HEADER_TYPE_POINT,
242 .token_size = 1,
243 .max_tokens = IW_ESSID_MAX_SIZE,
244 .flags = IW_DESCR_FLAG_DUMP,
245 },
246 [SIOCSIWNICKN - SIOCIWFIRST] = {
247 .header_type = IW_HEADER_TYPE_POINT,
248 .token_size = 1,
249 .max_tokens = IW_ESSID_MAX_SIZE,
250 },
251 [SIOCGIWNICKN - SIOCIWFIRST] = {
252 .header_type = IW_HEADER_TYPE_POINT,
253 .token_size = 1,
254 .max_tokens = IW_ESSID_MAX_SIZE,
255 },
256 [SIOCSIWRATE - SIOCIWFIRST] = {
257 .header_type = IW_HEADER_TYPE_PARAM,
258 },
259 [SIOCGIWRATE - SIOCIWFIRST] = {
260 .header_type = IW_HEADER_TYPE_PARAM,
261 },
262 [SIOCSIWRTS - SIOCIWFIRST] = {
263 .header_type = IW_HEADER_TYPE_PARAM,
264 },
265 [SIOCGIWRTS - SIOCIWFIRST] = {
266 .header_type = IW_HEADER_TYPE_PARAM,
267 },
268 [SIOCSIWFRAG - SIOCIWFIRST] = {
269 .header_type = IW_HEADER_TYPE_PARAM,
270 },
271 [SIOCGIWFRAG - SIOCIWFIRST] = {
272 .header_type = IW_HEADER_TYPE_PARAM,
273 },
274 [SIOCSIWTXPOW - SIOCIWFIRST] = {
275 .header_type = IW_HEADER_TYPE_PARAM,
276 },
277 [SIOCGIWTXPOW - SIOCIWFIRST] = {
278 .header_type = IW_HEADER_TYPE_PARAM,
279 },
280 [SIOCSIWRETRY - SIOCIWFIRST] = {
281 .header_type = IW_HEADER_TYPE_PARAM,
282 },
283 [SIOCGIWRETRY - SIOCIWFIRST] = {
284 .header_type = IW_HEADER_TYPE_PARAM,
285 },
286 [SIOCSIWENCODE - SIOCIWFIRST] = {
287 .header_type = IW_HEADER_TYPE_POINT,
288 .token_size = 1,
289 .max_tokens = IW_ENCODING_TOKEN_MAX,
290 .flags = IW_DESCR_FLAG_EVENT | IW_DESCR_FLAG_RESTRICT,
291 },
292 [SIOCGIWENCODE - SIOCIWFIRST] = {
293 .header_type = IW_HEADER_TYPE_POINT,
294 .token_size = 1,
295 .max_tokens = IW_ENCODING_TOKEN_MAX,
296 .flags = IW_DESCR_FLAG_DUMP | IW_DESCR_FLAG_RESTRICT,
297 },
298 [SIOCSIWPOWER - SIOCIWFIRST] = {
299 .header_type = IW_HEADER_TYPE_PARAM,
300 },
301 [SIOCGIWPOWER - SIOCIWFIRST] = {
302 .header_type = IW_HEADER_TYPE_PARAM,
303 },
304 [SIOCSIWGENIE - SIOCIWFIRST] = {
305 .header_type = IW_HEADER_TYPE_POINT,
306 .token_size = 1,
307 .max_tokens = IW_GENERIC_IE_MAX,
308 },
309 [SIOCGIWGENIE - SIOCIWFIRST] = {
310 .header_type = IW_HEADER_TYPE_POINT,
311 .token_size = 1,
312 .max_tokens = IW_GENERIC_IE_MAX,
313 },
314 [SIOCSIWAUTH - SIOCIWFIRST] = {
315 .header_type = IW_HEADER_TYPE_PARAM,
316 },
317 [SIOCGIWAUTH - SIOCIWFIRST] = {
318 .header_type = IW_HEADER_TYPE_PARAM,
319 },
320 [SIOCSIWENCODEEXT - SIOCIWFIRST] = {
321 .header_type = IW_HEADER_TYPE_POINT,
322 .token_size = 1,
323 .min_tokens = sizeof(struct iw_encode_ext),
324 .max_tokens = sizeof(struct iw_encode_ext) +
325 IW_ENCODING_TOKEN_MAX,
326 },
327 [SIOCGIWENCODEEXT - SIOCIWFIRST] = {
328 .header_type = IW_HEADER_TYPE_POINT,
329 .token_size = 1,
330 .min_tokens = sizeof(struct iw_encode_ext),
331 .max_tokens = sizeof(struct iw_encode_ext) +
332 IW_ENCODING_TOKEN_MAX,
333 },
334 [SIOCSIWPMKSA - SIOCIWFIRST] = {
335 .header_type = IW_HEADER_TYPE_POINT,
336 .token_size = 1,
337 .min_tokens = sizeof(struct iw_pmksa),
338 .max_tokens = sizeof(struct iw_pmksa),
339 },
340};
341static const unsigned standard_ioctl_num = ARRAY_SIZE(standard_ioctl);
342
343
344
345
346
347static const struct iw_ioctl_description standard_event[] = {
348 [IWEVTXDROP - IWEVFIRST] = {
349 .header_type = IW_HEADER_TYPE_ADDR,
350 },
351 [IWEVQUAL - IWEVFIRST] = {
352 .header_type = IW_HEADER_TYPE_QUAL,
353 },
354 [IWEVCUSTOM - IWEVFIRST] = {
355 .header_type = IW_HEADER_TYPE_POINT,
356 .token_size = 1,
357 .max_tokens = IW_CUSTOM_MAX,
358 },
359 [IWEVREGISTERED - IWEVFIRST] = {
360 .header_type = IW_HEADER_TYPE_ADDR,
361 },
362 [IWEVEXPIRED - IWEVFIRST] = {
363 .header_type = IW_HEADER_TYPE_ADDR,
364 },
365 [IWEVGENIE - IWEVFIRST] = {
366 .header_type = IW_HEADER_TYPE_POINT,
367 .token_size = 1,
368 .max_tokens = IW_GENERIC_IE_MAX,
369 },
370 [IWEVMICHAELMICFAILURE - IWEVFIRST] = {
371 .header_type = IW_HEADER_TYPE_POINT,
372 .token_size = 1,
373 .max_tokens = sizeof(struct iw_michaelmicfailure),
374 },
375 [IWEVASSOCREQIE - IWEVFIRST] = {
376 .header_type = IW_HEADER_TYPE_POINT,
377 .token_size = 1,
378 .max_tokens = IW_GENERIC_IE_MAX,
379 },
380 [IWEVASSOCRESPIE - IWEVFIRST] = {
381 .header_type = IW_HEADER_TYPE_POINT,
382 .token_size = 1,
383 .max_tokens = IW_GENERIC_IE_MAX,
384 },
385 [IWEVPMKIDCAND - IWEVFIRST] = {
386 .header_type = IW_HEADER_TYPE_POINT,
387 .token_size = 1,
388 .max_tokens = sizeof(struct iw_pmkid_cand),
389 },
390};
391static const unsigned standard_event_num = ARRAY_SIZE(standard_event);
392
393
394static const char iw_priv_type_size[] = {
395 0,
396 1,
397 1,
398 0,
399 sizeof(__u32),
400 sizeof(struct iw_freq),
401 sizeof(struct sockaddr),
402 0,
403};
404
405
406static const int event_type_size[] = {
407 IW_EV_LCP_LEN,
408 0,
409 IW_EV_CHAR_LEN,
410 0,
411 IW_EV_UINT_LEN,
412 IW_EV_FREQ_LEN,
413 IW_EV_ADDR_LEN,
414 0,
415 IW_EV_POINT_LEN,
416 IW_EV_PARAM_LEN,
417 IW_EV_QUAL_LEN,
418};
419
420
421static const int event_type_pk_size[] = {
422 IW_EV_LCP_PK_LEN,
423 0,
424 IW_EV_CHAR_PK_LEN,
425 0,
426 IW_EV_UINT_PK_LEN,
427 IW_EV_FREQ_PK_LEN,
428 IW_EV_ADDR_PK_LEN,
429 0,
430 IW_EV_POINT_PK_LEN,
431 IW_EV_PARAM_PK_LEN,
432 IW_EV_QUAL_PK_LEN,
433};
434
435
436
437
438
439
440
441
442
443
444
445static iw_handler get_handler(struct net_device *dev, unsigned int cmd)
446{
447
448 unsigned int index;
449
450
451 if (dev->wireless_handlers == NULL)
452 return NULL;
453
454
455 index = cmd - SIOCIWFIRST;
456 if (index < dev->wireless_handlers->num_standard)
457 return dev->wireless_handlers->standard[index];
458
459
460 index = cmd - SIOCIWFIRSTPRIV;
461 if (index < dev->wireless_handlers->num_private)
462 return dev->wireless_handlers->private[index];
463
464
465 return NULL;
466}
467
468
469
470
471
472static struct iw_statistics *get_wireless_stats(struct net_device *dev)
473{
474
475 if ((dev->wireless_handlers != NULL) &&
476 (dev->wireless_handlers->get_wireless_stats != NULL))
477 return dev->wireless_handlers->get_wireless_stats(dev);
478
479
480 return NULL;
481}
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502static int call_commit_handler(struct net_device *dev)
503{
504 if ((netif_running(dev)) &&
505 (dev->wireless_handlers->standard[0] != NULL))
506
507 return dev->wireless_handlers->standard[0](dev, NULL,
508 NULL, NULL);
509 else
510 return 0;
511}
512
513
514
515
516
517static inline int get_priv_size(__u16 args)
518{
519 int num = args & IW_PRIV_SIZE_MASK;
520 int type = (args & IW_PRIV_TYPE_MASK) >> 12;
521
522 return num * iw_priv_type_size[type];
523}
524
525
526
527
528
529static inline int adjust_priv_size(__u16 args,
530 union iwreq_data * wrqu)
531{
532 int num = wrqu->data.length;
533 int max = args & IW_PRIV_SIZE_MASK;
534 int type = (args & IW_PRIV_TYPE_MASK) >> 12;
535
536
537 if (max < num)
538 num = max;
539
540 return num * iw_priv_type_size[type];
541}
542
543
544
545
546
547
548
549static int iw_handler_get_iwstats(struct net_device * dev,
550 struct iw_request_info * info,
551 union iwreq_data * wrqu,
552 char * extra)
553{
554
555 struct iw_statistics *stats;
556
557 stats = get_wireless_stats(dev);
558 if (stats) {
559
560 memcpy(extra, stats, sizeof(struct iw_statistics));
561 wrqu->data.length = sizeof(struct iw_statistics);
562
563
564 if (wrqu->data.flags != 0)
565 stats->qual.updated &= ~IW_QUAL_ALL_UPDATED;
566 return 0;
567 } else
568 return -EOPNOTSUPP;
569}
570
571
572
573
574
575
576
577static int iw_handler_get_private(struct net_device * dev,
578 struct iw_request_info * info,
579 union iwreq_data * wrqu,
580 char * extra)
581{
582
583 if ((dev->wireless_handlers->num_private_args == 0) ||
584 (dev->wireless_handlers->private_args == NULL))
585 return -EOPNOTSUPP;
586
587
588 if (wrqu->data.length < dev->wireless_handlers->num_private_args) {
589
590
591
592 wrqu->data.length = dev->wireless_handlers->num_private_args;
593 return -E2BIG;
594 }
595
596
597 wrqu->data.length = dev->wireless_handlers->num_private_args;
598
599
600 memcpy(extra, dev->wireless_handlers->private_args,
601 sizeof(struct iw_priv_args) * wrqu->data.length);
602
603 return 0;
604}
605
606
607
608
609
610
611
612
613
614
615
616
617#ifdef CONFIG_PROC_FS
618
619
620
621
622
623static void wireless_seq_printf_stats(struct seq_file *seq,
624 struct net_device *dev)
625{
626
627 struct iw_statistics *stats = get_wireless_stats(dev);
628
629 if (stats) {
630 seq_printf(seq, "%6s: %04x %3d%c %3d%c %3d%c %6d %6d %6d "
631 "%6d %6d %6d\n",
632 dev->name, stats->status, stats->qual.qual,
633 stats->qual.updated & IW_QUAL_QUAL_UPDATED
634 ? '.' : ' ',
635 ((__s32) stats->qual.level) -
636 ((stats->qual.updated & IW_QUAL_DBM) ? 0x100 : 0),
637 stats->qual.updated & IW_QUAL_LEVEL_UPDATED
638 ? '.' : ' ',
639 ((__s32) stats->qual.noise) -
640 ((stats->qual.updated & IW_QUAL_DBM) ? 0x100 : 0),
641 stats->qual.updated & IW_QUAL_NOISE_UPDATED
642 ? '.' : ' ',
643 stats->discard.nwid, stats->discard.code,
644 stats->discard.fragment, stats->discard.retries,
645 stats->discard.misc, stats->miss.beacon);
646 stats->qual.updated &= ~IW_QUAL_ALL_UPDATED;
647 }
648}
649
650
651
652
653
654static int wireless_seq_show(struct seq_file *seq, void *v)
655{
656 if (v == SEQ_START_TOKEN)
657 seq_printf(seq, "Inter-| sta-| Quality | Discarded "
658 "packets | Missed | WE\n"
659 " face | tus | link level noise | nwid "
660 "crypt frag retry misc | beacon | %d\n",
661 WIRELESS_EXT);
662 else
663 wireless_seq_printf_stats(seq, v);
664 return 0;
665}
666
667static const struct seq_operations wireless_seq_ops = {
668 .start = dev_seq_start,
669 .next = dev_seq_next,
670 .stop = dev_seq_stop,
671 .show = wireless_seq_show,
672};
673
674static int wireless_seq_open(struct inode *inode, struct file *file)
675{
676 struct seq_file *seq;
677 int res;
678 res = seq_open(file, &wireless_seq_ops);
679 if (!res) {
680 seq = file->private_data;
681 seq->private = get_proc_net(inode);
682 if (!seq->private) {
683 seq_release(inode, file);
684 res = -ENXIO;
685 }
686 }
687 return res;
688}
689
690static int wireless_seq_release(struct inode *inode, struct file *file)
691{
692 struct seq_file *seq = file->private_data;
693 struct net *net = seq->private;
694 put_net(net);
695 return seq_release(inode, file);
696}
697
698static const struct file_operations wireless_seq_fops = {
699 .owner = THIS_MODULE,
700 .open = wireless_seq_open,
701 .read = seq_read,
702 .llseek = seq_lseek,
703 .release = wireless_seq_release,
704};
705
706int wext_proc_init(struct net *net)
707{
708
709 if (!proc_net_fops_create(net, "wireless", S_IRUGO, &wireless_seq_fops))
710 return -ENOMEM;
711
712 return 0;
713}
714
715void wext_proc_exit(struct net *net)
716{
717 proc_net_remove(net, "wireless");
718}
719#endif
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735static int ioctl_standard_call(struct net_device * dev,
736 struct ifreq * ifr,
737 unsigned int cmd,
738 iw_handler handler)
739{
740 struct iwreq * iwr = (struct iwreq *) ifr;
741 const struct iw_ioctl_description * descr;
742 struct iw_request_info info;
743 int ret = -EINVAL;
744
745
746 if ((cmd - SIOCIWFIRST) >= standard_ioctl_num)
747 return -EOPNOTSUPP;
748 descr = &(standard_ioctl[cmd - SIOCIWFIRST]);
749
750
751 info.cmd = cmd;
752 info.flags = 0;
753
754
755 if (descr->header_type != IW_HEADER_TYPE_POINT) {
756
757
758 ret = handler(dev, &info, &(iwr->u), NULL);
759
760
761 if ((descr->flags & IW_DESCR_FLAG_EVENT) &&
762 ((ret == 0) || (ret == -EIWCOMMIT)))
763 wireless_send_event(dev, cmd, &(iwr->u), NULL);
764 } else {
765 char * extra;
766 int extra_size;
767 int user_length = 0;
768 int err;
769 int essid_compat = 0;
770
771
772
773 extra_size = descr->max_tokens * descr->token_size;
774
775
776 switch (cmd) {
777 case SIOCSIWESSID:
778 case SIOCGIWESSID:
779 case SIOCSIWNICKN:
780 case SIOCGIWNICKN:
781 if (iwr->u.data.length == descr->max_tokens + 1)
782 essid_compat = 1;
783 else if (IW_IS_SET(cmd) && (iwr->u.data.length != 0)) {
784 char essid[IW_ESSID_MAX_SIZE + 1];
785
786 err = copy_from_user(essid, iwr->u.data.pointer,
787 iwr->u.data.length *
788 descr->token_size);
789 if (err)
790 return -EFAULT;
791
792 if (essid[iwr->u.data.length - 1] == '\0')
793 essid_compat = 1;
794 }
795 break;
796 default:
797 break;
798 }
799
800 iwr->u.data.length -= essid_compat;
801
802
803 if (IW_IS_SET(cmd)) {
804
805 if ((iwr->u.data.pointer == NULL) &&
806 (iwr->u.data.length != 0))
807 return -EFAULT;
808
809 if (iwr->u.data.length > descr->max_tokens)
810 return -E2BIG;
811 if (iwr->u.data.length < descr->min_tokens)
812 return -EINVAL;
813 } else {
814
815 if (iwr->u.data.pointer == NULL)
816 return -EFAULT;
817
818 user_length = iwr->u.data.length;
819
820
821
822
823
824
825 if ((descr->flags & IW_DESCR_FLAG_NOMAX) &&
826 (user_length > descr->max_tokens)) {
827
828
829
830 extra_size = user_length * descr->token_size;
831
832
833
834
835 }
836 }
837
838
839
840 extra = kzalloc(extra_size, GFP_KERNEL);
841 if (extra == NULL)
842 return -ENOMEM;
843
844
845 if (IW_IS_SET(cmd) && (iwr->u.data.length != 0)) {
846 err = copy_from_user(extra, iwr->u.data.pointer,
847 iwr->u.data.length *
848 descr->token_size);
849 if (err) {
850 kfree(extra);
851 return -EFAULT;
852 }
853 }
854
855
856 ret = handler(dev, &info, &(iwr->u), extra);
857
858 iwr->u.data.length += essid_compat;
859
860
861 if (!ret && IW_IS_GET(cmd)) {
862
863 if (user_length < iwr->u.data.length) {
864 kfree(extra);
865 return -E2BIG;
866 }
867
868 err = copy_to_user(iwr->u.data.pointer, extra,
869 iwr->u.data.length *
870 descr->token_size);
871 if (err)
872 ret = -EFAULT;
873 }
874
875
876 if ((descr->flags & IW_DESCR_FLAG_EVENT) &&
877 ((ret == 0) || (ret == -EIWCOMMIT))) {
878 if (descr->flags & IW_DESCR_FLAG_RESTRICT)
879
880
881 wireless_send_event(dev, cmd, &(iwr->u), NULL);
882 else
883 wireless_send_event(dev, cmd, &(iwr->u),
884 extra);
885 }
886
887
888 kfree(extra);
889 }
890
891
892 if (ret == -EIWCOMMIT)
893 ret = call_commit_handler(dev);
894
895
896
897 return ret;
898}
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916static int ioctl_private_call(struct net_device *dev, struct ifreq *ifr,
917 unsigned int cmd, iw_handler handler)
918{
919 struct iwreq * iwr = (struct iwreq *) ifr;
920 const struct iw_priv_args * descr = NULL;
921 struct iw_request_info info;
922 int extra_size = 0;
923 int i;
924 int ret = -EINVAL;
925
926
927 for (i = 0; i < dev->wireless_handlers->num_private_args; i++)
928 if (cmd == dev->wireless_handlers->private_args[i].cmd) {
929 descr = &(dev->wireless_handlers->private_args[i]);
930 break;
931 }
932
933
934 if (descr != NULL) {
935 if (IW_IS_SET(cmd)) {
936 int offset = 0;
937
938 if (descr->name[0] == '\0')
939
940 offset = sizeof(__u32);
941
942
943 extra_size = get_priv_size(descr->set_args);
944
945
946 if ((descr->set_args & IW_PRIV_SIZE_FIXED) &&
947 ((extra_size + offset) <= IFNAMSIZ))
948 extra_size = 0;
949 } else {
950
951 extra_size = get_priv_size(descr->get_args);
952
953
954 if ((descr->get_args & IW_PRIV_SIZE_FIXED) &&
955 (extra_size <= IFNAMSIZ))
956 extra_size = 0;
957 }
958 }
959
960
961 info.cmd = cmd;
962 info.flags = 0;
963
964
965 if (extra_size == 0) {
966
967 ret = handler(dev, &info, &(iwr->u), (char *) &(iwr->u));
968 } else {
969 char * extra;
970 int err;
971
972
973 if (IW_IS_SET(cmd)) {
974
975 if ((iwr->u.data.pointer == NULL) &&
976 (iwr->u.data.length != 0))
977 return -EFAULT;
978
979
980 if (iwr->u.data.length > (descr->set_args &
981 IW_PRIV_SIZE_MASK))
982 return -E2BIG;
983 } else if (iwr->u.data.pointer == NULL)
984 return -EFAULT;
985
986
987
988 extra = kmalloc(extra_size, GFP_KERNEL);
989 if (extra == NULL)
990 return -ENOMEM;
991
992
993 if (IW_IS_SET(cmd) && (iwr->u.data.length != 0)) {
994 err = copy_from_user(extra, iwr->u.data.pointer,
995 extra_size);
996 if (err) {
997 kfree(extra);
998 return -EFAULT;
999 }
1000 }
1001
1002
1003 ret = handler(dev, &info, &(iwr->u), extra);
1004
1005
1006 if (!ret && IW_IS_GET(cmd)) {
1007
1008
1009
1010 if (!(descr->get_args & IW_PRIV_SIZE_FIXED)) {
1011 extra_size = adjust_priv_size(descr->get_args,
1012 &(iwr->u));
1013 }
1014
1015 err = copy_to_user(iwr->u.data.pointer, extra,
1016 extra_size);
1017 if (err)
1018 ret = -EFAULT;
1019 }
1020
1021
1022 kfree(extra);
1023 }
1024
1025
1026
1027 if (ret == -EIWCOMMIT)
1028 ret = call_commit_handler(dev);
1029
1030 return ret;
1031}
1032
1033
1034
1035
1036
1037
1038static int wireless_process_ioctl(struct net *net, struct ifreq *ifr, unsigned int cmd)
1039{
1040 struct net_device *dev;
1041 iw_handler handler;
1042
1043
1044
1045
1046
1047 if ((dev = __dev_get_by_name(net, ifr->ifr_name)) == NULL)
1048 return -ENODEV;
1049
1050
1051
1052
1053 if (cmd == SIOCGIWSTATS)
1054 return ioctl_standard_call(dev, ifr, cmd,
1055 &iw_handler_get_iwstats);
1056
1057 if (cmd == SIOCGIWPRIV && dev->wireless_handlers)
1058 return ioctl_standard_call(dev, ifr, cmd,
1059 &iw_handler_get_private);
1060
1061
1062 if (!netif_device_present(dev))
1063 return -ENODEV;
1064
1065
1066 handler = get_handler(dev, cmd);
1067 if (handler) {
1068
1069 if (cmd < SIOCIWFIRSTPRIV)
1070 return ioctl_standard_call(dev, ifr, cmd, handler);
1071 else
1072 return ioctl_private_call(dev, ifr, cmd, handler);
1073 }
1074
1075 if (dev->do_ioctl)
1076 return dev->do_ioctl(dev, ifr, cmd);
1077 return -EOPNOTSUPP;
1078}
1079
1080
1081int wext_handle_ioctl(struct net *net, struct ifreq *ifr, unsigned int cmd,
1082 void __user *arg)
1083{
1084 int ret;
1085
1086
1087
1088
1089 if ((IW_IS_SET(cmd) || cmd == SIOCGIWENCODE || cmd == SIOCGIWENCODEEXT)
1090 && !capable(CAP_NET_ADMIN))
1091 return -EPERM;
1092
1093 dev_load(net, ifr->ifr_name);
1094 rtnl_lock();
1095 ret = wireless_process_ioctl(net, ifr, cmd);
1096 rtnl_unlock();
1097 if (IW_IS_GET(cmd) && copy_to_user(arg, ifr, sizeof(struct iwreq)))
1098 return -EFAULT;
1099 return ret;
1100}
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125static struct sk_buff_head wireless_nlevent_queue;
1126
1127static int __init wireless_nlevent_init(void)
1128{
1129 skb_queue_head_init(&wireless_nlevent_queue);
1130 return 0;
1131}
1132
1133subsys_initcall(wireless_nlevent_init);
1134
1135static void wireless_nlevent_process(unsigned long data)
1136{
1137 struct sk_buff *skb;
1138
1139 while ((skb = skb_dequeue(&wireless_nlevent_queue)))
1140 rtnl_notify(skb, 0, RTNLGRP_LINK, NULL, GFP_ATOMIC);
1141}
1142
1143static DECLARE_TASKLET(wireless_nlevent_tasklet, wireless_nlevent_process, 0);
1144
1145
1146
1147
1148
1149
1150
1151
1152static int rtnetlink_fill_iwinfo(struct sk_buff *skb, struct net_device *dev,
1153 int type, char *event, int event_len)
1154{
1155 struct ifinfomsg *r;
1156 struct nlmsghdr *nlh;
1157
1158 nlh = nlmsg_put(skb, 0, 0, type, sizeof(*r), 0);
1159 if (nlh == NULL)
1160 return -EMSGSIZE;
1161
1162 r = nlmsg_data(nlh);
1163 r->ifi_family = AF_UNSPEC;
1164 r->__ifi_pad = 0;
1165 r->ifi_type = dev->type;
1166 r->ifi_index = dev->ifindex;
1167 r->ifi_flags = dev_get_flags(dev);
1168 r->ifi_change = 0;
1169
1170
1171 NLA_PUT(skb, IFLA_WIRELESS, event_len, event);
1172
1173 return nlmsg_end(skb, nlh);
1174
1175nla_put_failure:
1176 nlmsg_cancel(skb, nlh);
1177 return -EMSGSIZE;
1178}
1179
1180
1181
1182
1183
1184
1185
1186
1187static void rtmsg_iwinfo(struct net_device *dev, char *event, int event_len)
1188{
1189 struct sk_buff *skb;
1190 int err;
1191
1192 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
1193 if (!skb)
1194 return;
1195
1196 err = rtnetlink_fill_iwinfo(skb, dev, RTM_NEWLINK, event, event_len);
1197 if (err < 0) {
1198 WARN_ON(err == -EMSGSIZE);
1199 kfree_skb(skb);
1200 return;
1201 }
1202
1203 NETLINK_CB(skb).dst_group = RTNLGRP_LINK;
1204 skb_queue_tail(&wireless_nlevent_queue, skb);
1205 tasklet_schedule(&wireless_nlevent_tasklet);
1206}
1207
1208
1209
1210
1211
1212
1213
1214void wireless_send_event(struct net_device * dev,
1215 unsigned int cmd,
1216 union iwreq_data * wrqu,
1217 char * extra)
1218{
1219 const struct iw_ioctl_description * descr = NULL;
1220 int extra_len = 0;
1221 struct iw_event *event;
1222 int event_len;
1223 int hdr_len;
1224 int wrqu_off = 0;
1225
1226 unsigned cmd_index;
1227
1228
1229 if (cmd <= SIOCIWLAST) {
1230 cmd_index = cmd - SIOCIWFIRST;
1231 if (cmd_index < standard_ioctl_num)
1232 descr = &(standard_ioctl[cmd_index]);
1233 } else {
1234 cmd_index = cmd - IWEVFIRST;
1235 if (cmd_index < standard_event_num)
1236 descr = &(standard_event[cmd_index]);
1237 }
1238
1239 if (descr == NULL) {
1240
1241
1242
1243
1244
1245
1246
1247 printk(KERN_ERR "%s (WE) : Invalid/Unknown Wireless Event (0x%04X)\n",
1248 dev->name, cmd);
1249 return;
1250 }
1251
1252
1253 if (descr->header_type == IW_HEADER_TYPE_POINT) {
1254
1255 if (wrqu->data.length > descr->max_tokens) {
1256 printk(KERN_ERR "%s (WE) : Wireless Event too big (%d)\n", dev->name, wrqu->data.length);
1257 return;
1258 }
1259 if (wrqu->data.length < descr->min_tokens) {
1260 printk(KERN_ERR "%s (WE) : Wireless Event too small (%d)\n", dev->name, wrqu->data.length);
1261 return;
1262 }
1263
1264 if (extra != NULL)
1265 extra_len = wrqu->data.length * descr->token_size;
1266
1267 wrqu_off = IW_EV_POINT_OFF;
1268 }
1269
1270
1271 hdr_len = event_type_size[descr->header_type];
1272 event_len = hdr_len + extra_len;
1273
1274
1275 event = kmalloc(event_len, GFP_ATOMIC);
1276 if (event == NULL)
1277 return;
1278
1279
1280 event->len = event_len;
1281 event->cmd = cmd;
1282 memcpy(&event->u, ((char *) wrqu) + wrqu_off, hdr_len - IW_EV_LCP_LEN);
1283 if (extra)
1284 memcpy(((char *) event) + hdr_len, extra, extra_len);
1285
1286
1287 rtmsg_iwinfo(dev, (char *) event, event_len);
1288
1289
1290 kfree(event);
1291
1292 return;
1293}
1294EXPORT_SYMBOL(wireless_send_event);
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314static inline struct iw_spy_data *get_spydata(struct net_device *dev)
1315{
1316
1317 if (dev->wireless_data)
1318 return dev->wireless_data->spy_data;
1319 return NULL;
1320}
1321
1322
1323
1324
1325
1326int iw_handler_set_spy(struct net_device * dev,
1327 struct iw_request_info * info,
1328 union iwreq_data * wrqu,
1329 char * extra)
1330{
1331 struct iw_spy_data * spydata = get_spydata(dev);
1332 struct sockaddr * address = (struct sockaddr *) extra;
1333
1334
1335 if (!spydata)
1336 return -EOPNOTSUPP;
1337
1338
1339
1340
1341 spydata->spy_number = 0;
1342
1343
1344
1345
1346
1347
1348
1349 smp_wmb();
1350
1351
1352 if (wrqu->data.length > 0) {
1353 int i;
1354
1355
1356 for (i = 0; i < wrqu->data.length; i++)
1357 memcpy(spydata->spy_address[i], address[i].sa_data,
1358 ETH_ALEN);
1359
1360 memset(spydata->spy_stat, 0,
1361 sizeof(struct iw_quality) * IW_MAX_SPY);
1362 }
1363
1364
1365 smp_wmb();
1366
1367
1368 spydata->spy_number = wrqu->data.length;
1369
1370 return 0;
1371}
1372EXPORT_SYMBOL(iw_handler_set_spy);
1373
1374
1375
1376
1377
1378int iw_handler_get_spy(struct net_device * dev,
1379 struct iw_request_info * info,
1380 union iwreq_data * wrqu,
1381 char * extra)
1382{
1383 struct iw_spy_data * spydata = get_spydata(dev);
1384 struct sockaddr * address = (struct sockaddr *) extra;
1385 int i;
1386
1387
1388 if (!spydata)
1389 return -EOPNOTSUPP;
1390
1391 wrqu->data.length = spydata->spy_number;
1392
1393
1394 for (i = 0; i < spydata->spy_number; i++) {
1395 memcpy(address[i].sa_data, spydata->spy_address[i], ETH_ALEN);
1396 address[i].sa_family = AF_UNIX;
1397 }
1398
1399 if (spydata->spy_number > 0)
1400 memcpy(extra + (sizeof(struct sockaddr) *spydata->spy_number),
1401 spydata->spy_stat,
1402 sizeof(struct iw_quality) * spydata->spy_number);
1403
1404 for (i = 0; i < spydata->spy_number; i++)
1405 spydata->spy_stat[i].updated &= ~IW_QUAL_ALL_UPDATED;
1406 return 0;
1407}
1408EXPORT_SYMBOL(iw_handler_get_spy);
1409
1410
1411
1412
1413
1414int iw_handler_set_thrspy(struct net_device * dev,
1415 struct iw_request_info *info,
1416 union iwreq_data * wrqu,
1417 char * extra)
1418{
1419 struct iw_spy_data * spydata = get_spydata(dev);
1420 struct iw_thrspy * threshold = (struct iw_thrspy *) extra;
1421
1422
1423 if (!spydata)
1424 return -EOPNOTSUPP;
1425
1426
1427 memcpy(&(spydata->spy_thr_low), &(threshold->low),
1428 2 * sizeof(struct iw_quality));
1429
1430
1431 memset(spydata->spy_thr_under, '\0', sizeof(spydata->spy_thr_under));
1432
1433 return 0;
1434}
1435EXPORT_SYMBOL(iw_handler_set_thrspy);
1436
1437
1438
1439
1440
1441int iw_handler_get_thrspy(struct net_device * dev,
1442 struct iw_request_info *info,
1443 union iwreq_data * wrqu,
1444 char * extra)
1445{
1446 struct iw_spy_data * spydata = get_spydata(dev);
1447 struct iw_thrspy * threshold = (struct iw_thrspy *) extra;
1448
1449
1450 if (!spydata)
1451 return -EOPNOTSUPP;
1452
1453
1454 memcpy(&(threshold->low), &(spydata->spy_thr_low),
1455 2 * sizeof(struct iw_quality));
1456
1457 return 0;
1458}
1459EXPORT_SYMBOL(iw_handler_get_thrspy);
1460
1461
1462
1463
1464
1465static void iw_send_thrspy_event(struct net_device * dev,
1466 struct iw_spy_data * spydata,
1467 unsigned char * address,
1468 struct iw_quality * wstats)
1469{
1470 union iwreq_data wrqu;
1471 struct iw_thrspy threshold;
1472
1473
1474 wrqu.data.length = 1;
1475 wrqu.data.flags = 0;
1476
1477 memcpy(threshold.addr.sa_data, address, ETH_ALEN);
1478 threshold.addr.sa_family = ARPHRD_ETHER;
1479
1480 memcpy(&(threshold.qual), wstats, sizeof(struct iw_quality));
1481
1482 memcpy(&(threshold.low), &(spydata->spy_thr_low),
1483 2 * sizeof(struct iw_quality));
1484
1485
1486 wireless_send_event(dev, SIOCGIWTHRSPY, &wrqu, (char *) &threshold);
1487}
1488
1489
1490
1491
1492
1493
1494
1495
1496void wireless_spy_update(struct net_device * dev,
1497 unsigned char * address,
1498 struct iw_quality * wstats)
1499{
1500 struct iw_spy_data * spydata = get_spydata(dev);
1501 int i;
1502 int match = -1;
1503
1504
1505 if (!spydata)
1506 return;
1507
1508
1509 for (i = 0; i < spydata->spy_number; i++)
1510 if (!compare_ether_addr(address, spydata->spy_address[i])) {
1511 memcpy(&(spydata->spy_stat[i]), wstats,
1512 sizeof(struct iw_quality));
1513 match = i;
1514 }
1515
1516
1517
1518
1519
1520 if (match >= 0) {
1521 if (spydata->spy_thr_under[match]) {
1522 if (wstats->level > spydata->spy_thr_high.level) {
1523 spydata->spy_thr_under[match] = 0;
1524 iw_send_thrspy_event(dev, spydata,
1525 address, wstats);
1526 }
1527 } else {
1528 if (wstats->level < spydata->spy_thr_low.level) {
1529 spydata->spy_thr_under[match] = 1;
1530 iw_send_thrspy_event(dev, spydata,
1531 address, wstats);
1532 }
1533 }
1534 }
1535}
1536EXPORT_SYMBOL(wireless_spy_update);
1537
