/*********************************************************************************************************
** 函数名称: ioctl_private_iw_point
** 功能描述: ioctl priv
** 输 入 :
** 输 出 : OK or ERROR
** 全局变量:
** 调用模块:
*********************************************************************************************************/
static int ioctl_private_iw_point (struct iw_point *iwp, unsigned int cmd,
const struct iw_priv_args *descr,
iw_handler handler, struct netif *dev,
struct iw_request_info *info, int extra_size)
{
char *extra;
int err;
/* Check what user space is giving us */
if (IW_IS_SET(cmd)) {
if (!iwp->pointer && iwp->length != 0) {
return (-EFAULT);
}
if (iwp->length > (descr->set_args & IW_PRIV_SIZE_MASK)) {
return (-E2BIG);
}
} else if (!iwp->pointer) {
return (-EFAULT);
}
extra = kzalloc(extra_size, GFP_KERNEL);
if (!extra) {
return -ENOMEM;
}
/* If it is a SET, get all the extra data in here */
if (IW_IS_SET(cmd) && (iwp->length != 0)) {
if (copy_from_user(extra, iwp->pointer, extra_size)) {
err = -EFAULT;
goto out;
}
}
/* Call the handler */
err = handler(dev, info, (union iwreq_data *) iwp, extra);
/* If we have something to return to the user */
if (!err && IW_IS_GET(cmd)) {
/* Adjust for the actual length if it's variable,
* avoid leaking kernel bits outside.
*/
if (!(descr->get_args & IW_PRIV_SIZE_FIXED)) {
extra_size = adjust_priv_size(descr->get_args, iwp);
}
if (copy_to_user(iwp->pointer, extra, extra_size)) {
err = -EFAULT;
}
}
out:
kfree(extra);
return (err);
}
/* entry point from dev ioctl */
int wext_handle_ioctl(struct net *net, struct ifreq *ifr, unsigned int cmd,
void __user *arg)
{
int ret;
/* If command is `set a parameter', or
* `get the encoding parameters', check if
* the user has the right to do it */
if ((IW_IS_SET(cmd) || cmd == SIOCGIWENCODE || cmd == SIOCGIWENCODEEXT)
&& !capable(CAP_NET_ADMIN))
return -EPERM;
dev_load(net, ifr->ifr_name);
rtnl_lock();
ret = wireless_process_ioctl(net, ifr, cmd);
rtnl_unlock();
if (IW_IS_GET(cmd) && copy_to_user(arg, ifr, sizeof(struct iwreq)))
return -EFAULT;
return ret;
}
static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd,
const struct iw_ioctl_description *descr,
iw_handler handler, struct net_device *dev,
struct iw_request_info *info)
{
int err, extra_size, user_length = 0, essid_compat = 0;
char *extra;
/* Calculate space needed by arguments. Always allocate
* for max space.
*/
extra_size = descr->max_tokens * descr->token_size;
/* Check need for ESSID compatibility for WE < 21 */
switch (cmd) {
case SIOCSIWESSID:
case SIOCGIWESSID:
case SIOCSIWNICKN:
case SIOCGIWNICKN:
if (iwp->length == descr->max_tokens + 1)
essid_compat = 1;
else if (IW_IS_SET(cmd) && (iwp->length != 0)) {
char essid[IW_ESSID_MAX_SIZE + 1];
unsigned int len;
len = iwp->length * descr->token_size;
if (len > IW_ESSID_MAX_SIZE)
return -EFAULT;
err = copy_from_user(essid, iwp->pointer, len);
if (err)
return -EFAULT;
if (essid[iwp->length - 1] == '\0')
essid_compat = 1;
}
break;
default:
break;
}
iwp->length -= essid_compat;
/* Check what user space is giving us */
if (IW_IS_SET(cmd)) {
/* Check NULL pointer */
if (!iwp->pointer && iwp->length != 0)
return -EFAULT;
/* Check if number of token fits within bounds */
if (iwp->length > descr->max_tokens)
return -E2BIG;
if (iwp->length < descr->min_tokens)
return -EINVAL;
} else {
/* Check NULL pointer */
if (!iwp->pointer)
return -EFAULT;
/* Save user space buffer size for checking */
user_length = iwp->length;
/* Don't check if user_length > max to allow forward
* compatibility. The test user_length < min is
* implied by the test at the end.
*/
/* Support for very large requests */
if ((descr->flags & IW_DESCR_FLAG_NOMAX) &&
(user_length > descr->max_tokens)) {
/* Allow userspace to GET more than max so
* we can support any size GET requests.
* There is still a limit : -ENOMEM.
*/
extra_size = user_length * descr->token_size;
/* Note : user_length is originally a __u16,
* and token_size is controlled by us,
* so extra_size won't get negative and
* won't overflow...
*/
}
}
/* kzalloc() ensures NULL-termination for essid_compat. */
extra = kzalloc(extra_size, GFP_KERNEL);
if (!extra)
return -ENOMEM;
/* If it is a SET, get all the extra data in here */
if (IW_IS_SET(cmd) && (iwp->length != 0)) {
if (copy_from_user(extra, iwp->pointer,
iwp->length *
descr->token_size)) {
err = -EFAULT;
goto out;
}
if (cmd == SIOCSIWENCODEEXT) {
struct iw_encode_ext *ee = (void *) extra;
if (iwp->length < sizeof(*ee) + ee->key_len)
return -EFAULT;
}
}
if (IW_IS_GET(cmd) && !(descr->flags & IW_DESCR_FLAG_NOMAX)) {
/*
* If this is a GET, but not NOMAX, it means that the extra
* data is not bounded by userspace, but by max_tokens. Thus
* set the length to max_tokens. This matches the extra data
* allocation.
* The driver should fill it with the number of tokens it
* provided, and it may check iwp->length rather than having
* knowledge of max_tokens. If the driver doesn't change the
* iwp->length, this ioctl just copies back max_token tokens
* filled with zeroes. Hopefully the driver isn't claiming
* them to be valid data.
*/
iwp->length = descr->max_tokens;
}
err = handler(dev, info, (union iwreq_data *) iwp, extra);
iwp->length += essid_compat;
/* If we have something to return to the user */
if (!err && IW_IS_GET(cmd)) {
/* Check if there is enough buffer up there */
if (user_length < iwp->length) {
err = -E2BIG;
goto out;
}
if (copy_to_user(iwp->pointer, extra,
iwp->length *
descr->token_size)) {
err = -EFAULT;
goto out;
}
}
/* Generate an event to notify listeners of the change */
if ((descr->flags & IW_DESCR_FLAG_EVENT) &&
((err == 0) || (err == -EIWCOMMIT))) {
union iwreq_data *data = (union iwreq_data *) iwp;
if (descr->flags & IW_DESCR_FLAG_RESTRICT)
/* If the event is restricted, don't
* export the payload.
*/
wireless_send_event(dev, cmd, data, NULL);
else
wireless_send_event(dev, cmd, data, extra);
}
out:
kfree(extra);
return err;
}
/*
* Wrapper to call a private Wireless Extension handler.
* We do various checks and also take care of moving data between
* user space and kernel space.
* It's not as nice and slimline as the standard wrapper. The cause
* is struct iw_priv_args, which was not really designed for the
* job we are going here.
*
* IMPORTANT : This function prevent to set and get data on the same
* IOCTL and enforce the SET/GET convention. Not doing it would be
* far too hairy...
* If you need to set and get data at the same time, please don't use
* a iw_handler but process it in your ioctl handler (i.e. use the
* old driver API).
*/
static inline int ioctl_private_call(struct net_device * dev,
struct ifreq * ifr,
unsigned int cmd,
iw_handler handler)
{
struct iwreq * iwr = (struct iwreq *) ifr;
struct iw_priv_args * descr = NULL;
struct iw_request_info info;
int extra_size = 0;
int i;
int ret = -EINVAL;
/* Get the description of the IOCTL */
for(i = 0; i < dev->wireless_handlers->num_private_args; i++)
if(cmd == dev->wireless_handlers->private_args[i].cmd) {
descr = &(dev->wireless_handlers->private_args[i]);
break;
}
#ifdef WE_IOCTL_DEBUG
printk(KERN_DEBUG "%s (WE) : Found private handler for 0x%04X\n",
ifr->ifr_name, cmd);
if(descr) {
printk(KERN_DEBUG "%s (WE) : Name %s, set %X, get %X\n",
dev->name, descr->name,
descr->set_args, descr->get_args);
}
#endif /* WE_IOCTL_DEBUG */
/* Compute the size of the set/get arguments */
if(descr != NULL) {
if(IW_IS_SET(cmd)) {
int offset = 0; /* For sub-ioctls */
/* Check for sub-ioctl handler */
if(descr->name[0] == '\0')
/* Reserve one int for sub-ioctl index */
offset = sizeof(__u32);
/* Size of set arguments */
extra_size = get_priv_size(descr->set_args);
/* Does it fits in iwr ? */
if((descr->set_args & IW_PRIV_SIZE_FIXED) &&
((extra_size + offset) <= IFNAMSIZ))
extra_size = 0;
} else {
/* Size of set arguments */
extra_size = get_priv_size(descr->get_args);
/* Does it fits in iwr ? */
if((descr->get_args & IW_PRIV_SIZE_FIXED) &&
(extra_size <= IFNAMSIZ))
extra_size = 0;
}
}
/* Prepare the call */
info.cmd = cmd;
info.flags = 0;
/* Check if we have a pointer to user space data or not. */
if(extra_size == 0) {
/* No extra arguments. Trivial to handle */
ret = handler(dev, &info, &(iwr->u), (char *) &(iwr->u));
} else {
char * extra;
int err;
/* Check what user space is giving us */
if(IW_IS_SET(cmd)) {
/* Check NULL pointer */
if((iwr->u.data.pointer == NULL) &&
(iwr->u.data.length != 0))
return -EFAULT;
/* Does it fits within bounds ? */
if(iwr->u.data.length > (descr->set_args &
IW_PRIV_SIZE_MASK))
return -E2BIG;
} else {
/* Check NULL pointer */
if(iwr->u.data.pointer == NULL)
return -EFAULT;
}
#ifdef WE_IOCTL_DEBUG
printk(KERN_DEBUG "%s (WE) : Malloc %d bytes\n",
dev->name, extra_size);
#endif /* WE_IOCTL_DEBUG */
/* Always allocate for max space. Easier, and won't last
* long... */
extra = kmalloc(extra_size, GFP_KERNEL);
if (extra == NULL) {
return -ENOMEM;
}
/* If it is a SET, get all the extra data in here */
if(IW_IS_SET(cmd) && (iwr->u.data.length != 0)) {
err = copy_from_user(extra, iwr->u.data.pointer,
extra_size);
if (err) {
kfree(extra);
return -EFAULT;
}
#ifdef WE_IOCTL_DEBUG
printk(KERN_DEBUG "%s (WE) : Got %d elem\n",
dev->name, iwr->u.data.length);
#endif /* WE_IOCTL_DEBUG */
}
/* Call the handler */
ret = handler(dev, &info, &(iwr->u), extra);
/* If we have something to return to the user */
if (!ret && IW_IS_GET(cmd)) {
err = copy_to_user(iwr->u.data.pointer, extra,
extra_size);
if (err)
ret = -EFAULT;
#ifdef WE_IOCTL_DEBUG
printk(KERN_DEBUG "%s (WE) : Wrote %d elem\n",
dev->name, iwr->u.data.length);
#endif /* WE_IOCTL_DEBUG */
}
/* Cleanup - I told you it wasn't that long ;-) */
kfree(extra);
}
/* Call commit handler if needed and defined */
if(ret == -EIWCOMMIT)
ret = call_commit_handler(dev);
return ret;
}
/*
* Wrapper to call a standard Wireless Extension handler.
* We do various checks and also take care of moving data between
* user space and kernel space.
*/
static inline int ioctl_standard_call(struct net_device * dev,
struct ifreq * ifr,
unsigned int cmd,
iw_handler handler)
{
struct iwreq * iwr = (struct iwreq *) ifr;
const struct iw_ioctl_description * descr;
struct iw_request_info info;
int ret = -EINVAL;
int user_size = 0;
/* Get the description of the IOCTL */
if((cmd - SIOCIWFIRST) >= standard_ioctl_num)
return -EOPNOTSUPP;
descr = &(standard_ioctl[cmd - SIOCIWFIRST]);
#ifdef WE_IOCTL_DEBUG
printk(KERN_DEBUG "%s (WE) : Found standard handler for 0x%04X\n",
ifr->ifr_name, cmd);
printk(KERN_DEBUG "%s (WE) : Header type : %d, Token type : %d, size : %d, token : %d\n", dev->name, descr->header_type, descr->token_type, descr->token_size, descr->max_tokens);
#endif /* WE_IOCTL_DEBUG */
/* Prepare the call */
info.cmd = cmd;
info.flags = 0;
/* Check if we have a pointer to user space data or not */
if(descr->header_type != IW_HEADER_TYPE_POINT) {
/* No extra arguments. Trivial to handle */
ret = handler(dev, &info, &(iwr->u), NULL);
#ifdef WE_SET_EVENT
/* Generate an event to notify listeners of the change */
if((descr->flags & IW_DESCR_FLAG_EVENT) &&
((ret == 0) || (ret == -EIWCOMMIT)))
wireless_send_event(dev, cmd, &(iwr->u), NULL);
#endif /* WE_SET_EVENT */
} else {
char * extra;
int err;
/* Check what user space is giving us */
if(IW_IS_SET(cmd)) {
/* Check NULL pointer */
if((iwr->u.data.pointer == NULL) &&
(iwr->u.data.length != 0))
return -EFAULT;
/* Check if number of token fits within bounds */
if(iwr->u.data.length > descr->max_tokens)
return -E2BIG;
if(iwr->u.data.length < descr->min_tokens)
return -EINVAL;
} else {
/* Check NULL pointer */
if(iwr->u.data.pointer == NULL)
return -EFAULT;
/* Save user space buffer size for checking */
user_size = iwr->u.data.length;
}
#ifdef WE_IOCTL_DEBUG
printk(KERN_DEBUG "%s (WE) : Malloc %d bytes\n",
dev->name, descr->max_tokens * descr->token_size);
#endif /* WE_IOCTL_DEBUG */
/* Always allocate for max space. Easier, and won't last
* long... */
extra = kmalloc(descr->max_tokens * descr->token_size,
GFP_KERNEL);
if (extra == NULL) {
return -ENOMEM;
}
/* If it is a SET, get all the extra data in here */
if(IW_IS_SET(cmd) && (iwr->u.data.length != 0)) {
err = copy_from_user(extra, iwr->u.data.pointer,
iwr->u.data.length *
descr->token_size);
if (err) {
kfree(extra);
return -EFAULT;
}
#ifdef WE_IOCTL_DEBUG
printk(KERN_DEBUG "%s (WE) : Got %d bytes\n",
dev->name,
iwr->u.data.length * descr->token_size);
#endif /* WE_IOCTL_DEBUG */
}
/* Call the handler */
ret = handler(dev, &info, &(iwr->u), extra);
/* If we have something to return to the user */
if (!ret && IW_IS_GET(cmd)) {
#ifdef WE_STRICT_WRITE
/* Check if there is enough buffer up there */
if(user_size < iwr->u.data.length) {
printk(KERN_ERR "%s (WE) : Buffer for request %04X too small (%d<%d)\n", dev->name, cmd, user_size, iwr->u.data.length);
kfree(extra);
return -E2BIG;
}
#endif /* WE_STRICT_WRITE */
err = copy_to_user(iwr->u.data.pointer, extra,
iwr->u.data.length *
descr->token_size);
if (err)
ret = -EFAULT;
#ifdef WE_IOCTL_DEBUG
printk(KERN_DEBUG "%s (WE) : Wrote %d bytes\n",
dev->name,
iwr->u.data.length * descr->token_size);
#endif /* WE_IOCTL_DEBUG */
}
#ifdef WE_SET_EVENT
/* Generate an event to notify listeners of the change */
if((descr->flags & IW_DESCR_FLAG_EVENT) &&
((ret == 0) || (ret == -EIWCOMMIT))) {
if(descr->flags & IW_DESCR_FLAG_RESTRICT)
/* If the event is restricted, don't
* export the payload */
wireless_send_event(dev, cmd, &(iwr->u), NULL);
else
wireless_send_event(dev, cmd, &(iwr->u),
extra);
}
#endif /* WE_SET_EVENT */
/* Cleanup - I told you it wasn't that long ;-) */
kfree(extra);
}
/* Call commit handler if needed and defined */
if(ret == -EIWCOMMIT)
ret = call_commit_handler(dev);
/* Here, we will generate the appropriate event if needed */
return ret;
}
/*
* Print one element from the scanning results
*/
static inline int
print_event_token(struct iw_event * event, /* Extracted token */
struct iw_range * iw_range, /* Range info */
int has_range)
{
char buffer[128]; /* Temporary buffer */
char buffer2[30]; /* Temporary buffer */
char * prefix = (IW_IS_GET(event->cmd) ? "New" : "Set");
/* Now, let's decode the event */
switch(event->cmd)
{
/* ----- set events ----- */
/* Events that result from a "SET XXX" operation by the user */
case SIOCSIWNWID:
if(event->u.nwid.disabled)
printf("Set NWID:off/any\n");
else
printf("Set NWID:%X\n", event->u.nwid.value);
break;
case SIOCSIWFREQ:
case SIOCGIWFREQ:
{
double freq; /* Frequency/channel */
int channel = -1; /* Converted to channel */
freq = iw_freq2float(&(event->u.freq));
if(has_range)
{
if(freq < KILO)
/* Convert channel to frequency if possible */
channel = iw_channel_to_freq((int) freq, &freq, iw_range);
else
/* Convert frequency to channel if possible */
channel = iw_freq_to_channel(freq, iw_range);
}
iw_print_freq(buffer, sizeof(buffer),
freq, channel, event->u.freq.flags);
printf("%s %s\n", prefix, buffer);
}
break;
case SIOCSIWMODE:
printf("Set Mode:%s\n",
iw_operation_mode[event->u.mode]);
break;
case SIOCSIWESSID:
case SIOCGIWESSID:
{
char essid[IW_ESSID_MAX_SIZE+1];
memset(essid, '\0', sizeof(essid));
if((event->u.essid.pointer) && (event->u.essid.length))
memcpy(essid, event->u.essid.pointer, event->u.essid.length);
if(event->u.essid.flags)
{
/* Does it have an ESSID index ? */
if((event->u.essid.flags & IW_ENCODE_INDEX) > 1)
printf("%s ESSID:\"%s\" [%d]\n", prefix, essid,
(event->u.essid.flags & IW_ENCODE_INDEX));
else
printf("%s ESSID:\"%s\"\n", prefix, essid);
}
else
printf("%s ESSID:off/any\n", prefix);
}
break;
case SIOCSIWENCODE:
{
unsigned char key[IW_ENCODING_TOKEN_MAX];
if(event->u.data.pointer)
memcpy(key, event->u.data.pointer, event->u.data.length);
else
event->u.data.flags |= IW_ENCODE_NOKEY;
printf("Set Encryption key:");
if(event->u.data.flags & IW_ENCODE_DISABLED)
printf("off\n");
else
{
/* Display the key */
iw_print_key(buffer, sizeof(buffer), key, event->u.data.length,
event->u.data.flags);
printf("%s", buffer);
/* Other info... */
if((event->u.data.flags & IW_ENCODE_INDEX) > 1)
printf(" [%d]", event->u.data.flags & IW_ENCODE_INDEX);
if(event->u.data.flags & IW_ENCODE_RESTRICTED)
printf(" Security mode:restricted");
if(event->u.data.flags & IW_ENCODE_OPEN)
printf(" Security mode:open");
printf("\n");
}
}
break;
/* ----- driver events ----- */
/* Events generated by the driver when something important happens */
case SIOCGIWAP:
printf("New Access Point/Cell address:%s\n",
iw_sawap_ntop(&event->u.ap_addr, buffer));
break;
case SIOCGIWSCAN:
printf("Scan request completed\n");
break;
case IWEVTXDROP:
printf("Tx packet dropped:%s\n",
iw_saether_ntop(&event->u.addr, buffer));
break;
case IWEVCUSTOM:
{
char custom[IW_CUSTOM_MAX+1];
memset(custom, '\0', sizeof(custom));
if((event->u.data.pointer) && (event->u.data.length))
memcpy(custom, event->u.data.pointer, event->u.data.length);
printf("Custom driver event:%s\n", custom);
}
break;
case IWEVREGISTERED:
printf("Registered node:%s\n",
iw_saether_ntop(&event->u.addr, buffer));
break;
case IWEVEXPIRED:
printf("Expired node:%s\n",
iw_saether_ntop(&event->u.addr, buffer));
break;
case SIOCGIWTHRSPY:
{
struct iw_thrspy threshold;
if((event->u.data.pointer) && (event->u.data.length))
{
memcpy(&threshold, event->u.data.pointer,
sizeof(struct iw_thrspy));
printf("Spy threshold crossed on address:%s\n",
iw_saether_ntop(&threshold.addr, buffer));
iw_print_stats(buffer, sizeof(buffer),
&threshold.qual, iw_range, has_range);
printf(" Link %s\n", buffer);
}
else
printf("Invalid Spy Threshold event\n");
}
break;
/* ----- driver WPA events ----- */
/* Events generated by the driver, used for WPA operation */
case IWEVMICHAELMICFAILURE:
if(event->u.data.length >= sizeof(struct iw_michaelmicfailure))
{
struct iw_michaelmicfailure mf;
memcpy(&mf, event->u.data.pointer, sizeof(mf));
printf("Michael MIC failure flags:0x%X src_addr:%s tsc:%s\n",
mf.flags,
iw_saether_ntop(&mf.src_addr, buffer2),
iw_hexdump(buffer, sizeof(buffer),
mf.tsc, IW_ENCODE_SEQ_MAX_SIZE));
}
break;
case IWEVASSOCREQIE:
printf("Association Request IEs:%s\n",
iw_hexdump(buffer, sizeof(buffer),
event->u.data.pointer, event->u.data.length));
break;
case IWEVASSOCRESPIE:
printf("Association Response IEs:%s\n",
iw_hexdump(buffer, sizeof(buffer),
event->u.data.pointer, event->u.data.length));
break;
case IWEVPMKIDCAND:
if(event->u.data.length >= sizeof(struct iw_pmkid_cand))
{
struct iw_pmkid_cand cand;
memcpy(&cand, event->u.data.pointer, sizeof(cand));
printf("PMKID candidate flags:0x%X index:%d bssid:%s\n",
cand.flags, cand.index,
iw_saether_ntop(&cand.bssid, buffer));
}
break;
/* ----- junk ----- */
/* other junk not currently in use */
case SIOCGIWRATE:
iw_print_bitrate(buffer, sizeof(buffer), event->u.bitrate.value);
printf("New Bit Rate:%s\n", buffer);
break;
case SIOCGIWNAME:
printf("Protocol:%-1.16s\n", event->u.name);
break;
case IWEVQUAL:
{
event->u.qual.updated = 0x0; /* Not that reliable, disable */
iw_print_stats(buffer, sizeof(buffer),
&event->u.qual, iw_range, has_range);
printf("Link %s\n", buffer);
break;
}
default:
printf("(Unknown Wireless event 0x%04X)\n", event->cmd);
} /* switch(event->cmd) */
return(0);
}
/*
* Wrapper to call a standard Wireless Extension handler.
* We do various checks and also take care of moving data between
* user space and kernel space.
*/
static int ioctl_standard_call(struct net_device * dev,
struct ifreq * ifr,
unsigned int cmd,
iw_handler handler)
{
struct iwreq * iwr = (struct iwreq *) ifr;
const struct iw_ioctl_description * descr;
struct iw_request_info info;
int ret = -EINVAL;
/* Get the description of the IOCTL */
if ((cmd - SIOCIWFIRST) >= standard_ioctl_num)
return -EOPNOTSUPP;
descr = &(standard_ioctl[cmd - SIOCIWFIRST]);
/* Prepare the call */
info.cmd = cmd;
info.flags = 0;
/* Check if we have a pointer to user space data or not */
if (descr->header_type != IW_HEADER_TYPE_POINT) {
/* No extra arguments. Trivial to handle */
ret = handler(dev, &info, &(iwr->u), NULL);
/* Generate an event to notify listeners of the change */
if ((descr->flags & IW_DESCR_FLAG_EVENT) &&
((ret == 0) || (ret == -EIWCOMMIT)))
wireless_send_event(dev, cmd, &(iwr->u), NULL);
} else {
char * extra;
int extra_size;
int user_length = 0;
int err;
int essid_compat = 0;
/* Calculate space needed by arguments. Always allocate
* for max space. Easier, and won't last long... */
extra_size = descr->max_tokens * descr->token_size;
/* Check need for ESSID compatibility for WE < 21 */
switch (cmd) {
case SIOCSIWESSID:
case SIOCGIWESSID:
case SIOCSIWNICKN:
case SIOCGIWNICKN:
if (iwr->u.data.length == descr->max_tokens + 1)
essid_compat = 1;
else if (IW_IS_SET(cmd) && (iwr->u.data.length != 0)) {
char essid[IW_ESSID_MAX_SIZE + 1];
err = copy_from_user(essid, iwr->u.data.pointer,
iwr->u.data.length *
descr->token_size);
if (err)
return -EFAULT;
if (essid[iwr->u.data.length - 1] == '\0')
essid_compat = 1;
}
break;
default:
break;
}
iwr->u.data.length -= essid_compat;
/* Check what user space is giving us */
if (IW_IS_SET(cmd)) {
/* Check NULL pointer */
if ((iwr->u.data.pointer == NULL) &&
(iwr->u.data.length != 0))
return -EFAULT;
/* Check if number of token fits within bounds */
if (iwr->u.data.length > descr->max_tokens)
return -E2BIG;
if (iwr->u.data.length < descr->min_tokens)
return -EINVAL;
} else {
/* Check NULL pointer */
if (iwr->u.data.pointer == NULL)
return -EFAULT;
/* Save user space buffer size for checking */
user_length = iwr->u.data.length;
/* Don't check if user_length > max to allow forward
* compatibility. The test user_length < min is
* implied by the test at the end. */
/* Support for very large requests */
if ((descr->flags & IW_DESCR_FLAG_NOMAX) &&
(user_length > descr->max_tokens)) {
/* Allow userspace to GET more than max so
* we can support any size GET requests.
* There is still a limit : -ENOMEM. */
extra_size = user_length * descr->token_size;
/* Note : user_length is originally a __u16,
* and token_size is controlled by us,
* so extra_size won't get negative and
* won't overflow... */
}
}
/* Create the kernel buffer */
/* kzalloc ensures NULL-termination for essid_compat */
extra = kzalloc(extra_size, GFP_KERNEL);
if (extra == NULL)
return -ENOMEM;
/* If it is a SET, get all the extra data in here */
if (IW_IS_SET(cmd) && (iwr->u.data.length != 0)) {
err = copy_from_user(extra, iwr->u.data.pointer,
iwr->u.data.length *
descr->token_size);
if (err) {
kfree(extra);
return -EFAULT;
}
}
/* Call the handler */
ret = handler(dev, &info, &(iwr->u), extra);
iwr->u.data.length += essid_compat;
/* If we have something to return to the user */
if (!ret && IW_IS_GET(cmd)) {
/* Check if there is enough buffer up there */
if (user_length < iwr->u.data.length) {
kfree(extra);
return -E2BIG;
}
err = copy_to_user(iwr->u.data.pointer, extra,
iwr->u.data.length *
descr->token_size);
if (err)
ret = -EFAULT;
}
/* Generate an event to notify listeners of the change */
if ((descr->flags & IW_DESCR_FLAG_EVENT) &&
((ret == 0) || (ret == -EIWCOMMIT))) {
if (descr->flags & IW_DESCR_FLAG_RESTRICT)
/* If the event is restricted, don't
* export the payload */
wireless_send_event(dev, cmd, &(iwr->u), NULL);
else
wireless_send_event(dev, cmd, &(iwr->u),
extra);
}
/* Cleanup - I told you it wasn't that long ;-) */
kfree(extra);
}
/* Call commit handler if needed and defined */
if (ret == -EIWCOMMIT)
ret = call_commit_handler(dev);
/* Here, we will generate the appropriate event if needed */
return ret;
}
/* ---------------------------------------------------------------- */
static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd,
const struct iw_ioctl_description *descr,
iw_handler handler, struct net_device *dev,
struct iw_request_info *info)
{
int err, extra_size, user_length = 0;
char *extra;
/* Calculate space needed by arguments. Always allocate
* for max space.
*/
extra_size = descr->max_tokens * descr->token_size;
/* Check what user space is giving us */
if (IW_IS_SET(cmd)) {
/* Check NULL pointer */
if (!iwp->pointer && iwp->length != 0)
return -EFAULT;
/* Check if number of token fits within bounds */
if (iwp->length > descr->max_tokens)
return -E2BIG;
if (iwp->length < descr->min_tokens)
return -EINVAL;
} else {
/* Check NULL pointer */
if (!iwp->pointer)
return -EFAULT;
/* Save user space buffer size for checking */
user_length = iwp->length;
/* Don't check if user_length > max to allow forward
* compatibility. The test user_length < min is
* implied by the test at the end.
*/
/* Support for very large requests */
if ((descr->flags & IW_DESCR_FLAG_NOMAX) &&
(user_length > descr->max_tokens)) {
/* Allow userspace to GET more than max so
* we can support any size GET requests.
* There is still a limit : -ENOMEM.
*/
extra_size = user_length * descr->token_size;
/* Note : user_length is originally a __u16,
* and token_size is controlled by us,
* so extra_size won't get negative and
* won't overflow...
*/
}
}
extra = kzalloc(extra_size, GFP_KERNEL);
if (!extra)
return -ENOMEM;
/* If it is a SET, get all the extra data in here */
if (IW_IS_SET(cmd) && (iwp->length != 0)) {
if (copy_from_user(extra, iwp->pointer,
iwp->length *
descr->token_size)) {
err = -EFAULT;
goto out;
}
if (cmd == SIOCSIWENCODEEXT) {
struct iw_encode_ext *ee = (void *) extra;
if (iwp->length < sizeof(*ee) + ee->key_len)
return -EFAULT;
}
}
err = handler(dev, info, (union iwreq_data *) iwp, extra);
/* If we have something to return to the user */
if (!err && IW_IS_GET(cmd)) {
/* Check if there is enough buffer up there */
if (user_length < iwp->length) {
err = -E2BIG;
goto out;
}
if (copy_to_user(iwp->pointer, extra,
iwp->length *
descr->token_size)) {
err = -EFAULT;
goto out;
}
}
/* Generate an event to notify listeners of the change */
if ((descr->flags & IW_DESCR_FLAG_EVENT) && err == -EIWCOMMIT) {
union iwreq_data *data = (union iwreq_data *) iwp;
if (descr->flags & IW_DESCR_FLAG_RESTRICT)
/* If the event is restricted, don't
* export the payload.
*/
wireless_send_event(dev, cmd, data, NULL);
else
wireless_send_event(dev, cmd, data, extra);
}
out:
kfree(extra);
return err;
}
/*
* Wrapper to call a standard Wireless Extension handler.
* We do various checks and also take care of moving data between
* user space and kernel space.
*/
static inline int ioctl_standard_call(struct net_device * dev,
struct ifreq * ifr,
unsigned int cmd,
iw_handler handler)
{
struct iwreq * iwr = (struct iwreq *) ifr;
const struct iw_ioctl_description * descr;
struct iw_request_info info;
int ret = -EINVAL;
/* Get the description of the IOCTL */
descr = &(standard_ioctl[cmd - SIOCIWFIRST]);
#ifdef WE_IOCTL_DEBUG
printk(KERN_DEBUG "%s : Found standard handler for 0x%04X\n",
ifr->ifr_name, cmd);
printk(KERN_DEBUG "Header type : %d, token type : %d, token_size : %d, max_token : %d\n", descr->header_type, descr->token_type, descr->token_size, descr->max_tokens);
#endif /* WE_IOCTL_DEBUG */
/* Prepare the call */
info.cmd = cmd;
info.flags = 0;
/* Check if we have a pointer to user space data or not */
if(descr->header_type != IW_HEADER_TYPE_POINT) {
/* No extra arguments. Trivial to handle */
ret = handler(dev, &info, &(iwr->u), NULL);
} else {
char * extra;
int err;
/* Check what user space is giving us */
if(IW_IS_SET(cmd)) {
/* Check NULL pointer */
if((iwr->u.data.pointer == NULL) &&
(iwr->u.data.length != 0))
return -EFAULT;
/* Check if number of token fits within bounds */
if(iwr->u.data.length > descr->max_tokens)
return -E2BIG;
if(iwr->u.data.length < descr->min_tokens)
return -EINVAL;
} else {
/* Check NULL pointer */
if(iwr->u.data.pointer == NULL)
return -EFAULT;
#ifdef WE_STRICT_WRITE
/* Check if there is enough buffer up there */
if(iwr->u.data.length < descr->max_tokens)
return -E2BIG;
#endif /* WE_STRICT_WRITE */
}
#ifdef WE_IOCTL_DEBUG
printk(KERN_DEBUG "Malloc %d bytes\n",
descr->max_tokens * descr->token_size);
#endif /* WE_IOCTL_DEBUG */
/* Always allocate for max space. Easier, and won't last
* long... */
extra = kmalloc(descr->max_tokens * descr->token_size,
GFP_KERNEL);
if (extra == NULL) {
return -ENOMEM;
}
/* If it is a SET, get all the extra data in here */
if(IW_IS_SET(cmd) && (iwr->u.data.length != 0)) {
err = copy_from_user(extra, iwr->u.data.pointer,
iwr->u.data.length *
descr->token_size);
if (err) {
kfree(extra);
return -EFAULT;
}
#ifdef WE_IOCTL_DEBUG
printk(KERN_DEBUG "Got %d bytes\n",
iwr->u.data.length * descr->token_size);
#endif /* WE_IOCTL_DEBUG */
}
/* Call the handler */
ret = handler(dev, &info, &(iwr->u), extra);
/* If we have something to return to the user */
if (!ret && IW_IS_GET(cmd)) {
err = copy_to_user(iwr->u.data.pointer, extra,
iwr->u.data.length *
descr->token_size);
if (err)
ret = -EFAULT;
#ifdef WE_IOCTL_DEBUG
printk(KERN_DEBUG "Wrote %d bytes\n",
iwr->u.data.length * descr->token_size);
#endif /* WE_IOCTL_DEBUG */
}
/* Cleanup - I told you it wasn't that long ;-) */
kfree(extra);
}
/* Call commit handler if needed and defined */
if(ret == -EIWCOMMIT)
ret = call_commit_handler(dev);
/* Here, we will generate the appropriate event if needed */
return ret;
}
static int dev_ifsioc(void *arg, unsigned int getset)
{
struct ifreq ifr;
struct device *dev;
int ret;
/*
* Fetch the caller's info block into kernel space
*/
int err=verify_area(VERIFY_WRITE, arg, sizeof(struct ifreq));
if(err)
return err;
memcpy_fromfs(&ifr, arg, sizeof(struct ifreq));
/*
* See which interface the caller is talking about.
*/
/*
*
* net_alias_dev_get(): dev_get() with added alias naming magic.
* only allow alias creation/deletion if (getset==SIOCSIFADDR)
*
*/
#ifdef CONFIG_KERNELD
dev_load(ifr.ifr_name);
#endif
#ifdef CONFIG_NET_ALIAS
if ((dev = net_alias_dev_get(ifr.ifr_name, getset == SIOCSIFADDR, &err, NULL, NULL)) == NULL)
return(err);
#else
if ((dev = dev_get(ifr.ifr_name)) == NULL)
return(-ENODEV);
#endif
switch(getset)
{
case SIOCGIFFLAGS: /* Get interface flags */
ifr.ifr_flags = (dev->flags & ~IFF_SOFTHEADERS);
goto rarok;
case SIOCSIFFLAGS: /* Set interface flags */
{
int old_flags = dev->flags;
if(securelevel>0)
ifr.ifr_flags&=~IFF_PROMISC;
/*
* We are not allowed to potentially close/unload
* a device until we get this lock.
*/
dev_lock_wait();
/*
* Set the flags on our device.
*/
dev->flags = (ifr.ifr_flags & (
IFF_BROADCAST | IFF_DEBUG | IFF_LOOPBACK |
IFF_POINTOPOINT | IFF_NOTRAILERS | IFF_RUNNING |
IFF_NOARP | IFF_PROMISC | IFF_ALLMULTI | IFF_SLAVE | IFF_MASTER
| IFF_MULTICAST)) | (dev->flags & (IFF_SOFTHEADERS|IFF_UP));
/*
* Load in the correct multicast list now the flags have changed.
*/
dev_mc_upload(dev);
/*
* Have we downed the interface. We handle IFF_UP ourselves
* according to user attempts to set it, rather than blindly
* setting it.
*/
if ((old_flags^ifr.ifr_flags)&IFF_UP) /* Bit is different ? */
{
if(old_flags&IFF_UP) /* Gone down */
ret=dev_close(dev);
else /* Come up */
{
ret=dev_open(dev);
if(ret<0)
dev->flags&=~IFF_UP; /* Open failed */
}
}
else
ret=0;
/*
* Load in the correct multicast list now the flags have changed.
*/
dev_mc_upload(dev);
}
break;
case SIOCGIFADDR: /* Get interface address (and family) */
if(ifr.ifr_addr.sa_family==AF_UNSPEC)
{
memcpy(ifr.ifr_hwaddr.sa_data,dev->dev_addr, MAX_ADDR_LEN);
ifr.ifr_hwaddr.sa_family=dev->type;
goto rarok;
}
else
{
(*(struct sockaddr_in *)
&ifr.ifr_addr).sin_addr.s_addr = dev->pa_addr;
(*(struct sockaddr_in *)
&ifr.ifr_addr).sin_family = dev->family;
(*(struct sockaddr_in *)
&ifr.ifr_addr).sin_port = 0;
}
goto rarok;
case SIOCSIFADDR: /* Set interface address (and family) */
/*
* BSDism. SIOCSIFADDR family=AF_UNSPEC sets the
* physical address. We can cope with this now.
*/
if(ifr.ifr_addr.sa_family==AF_UNSPEC)
{
if(dev->set_mac_address==NULL)
return -EOPNOTSUPP;
if(securelevel>0)
return -EPERM;
ret=dev->set_mac_address(dev,&ifr.ifr_addr);
}
else
{
u32 new_pa_addr = (*(struct sockaddr_in *)
&ifr.ifr_addr).sin_addr.s_addr;
u16 new_family = ifr.ifr_addr.sa_family;
if (new_family == dev->family &&
new_pa_addr == dev->pa_addr) {
ret =0;
break;
}
if (dev->flags & IFF_UP)
notifier_call_chain(&netdev_chain, NETDEV_DOWN, dev);
/*
* if dev is an alias, must rehash to update
* address change
*/
#ifdef CONFIG_NET_ALIAS
if (net_alias_is(dev))
net_alias_dev_rehash(dev ,&ifr.ifr_addr);
#endif
dev->pa_addr = new_pa_addr;
dev->family = new_family;
#ifdef CONFIG_INET
/* This is naughty. When net-032e comes out It wants moving into the net032
code not the kernel. Till then it can sit here (SIGH) */
if (!dev->pa_mask)
dev->pa_mask = ip_get_mask(dev->pa_addr);
#endif
if (!dev->pa_brdaddr)
dev->pa_brdaddr = dev->pa_addr | ~dev->pa_mask;
if (dev->flags & IFF_UP)
notifier_call_chain(&netdev_chain, NETDEV_UP, dev);
ret = 0;
}
break;
case SIOCGIFBRDADDR: /* Get the broadcast address */
(*(struct sockaddr_in *)
&ifr.ifr_broadaddr).sin_addr.s_addr = dev->pa_brdaddr;
(*(struct sockaddr_in *)
&ifr.ifr_broadaddr).sin_family = dev->family;
(*(struct sockaddr_in *)
&ifr.ifr_broadaddr).sin_port = 0;
goto rarok;
case SIOCSIFBRDADDR: /* Set the broadcast address */
dev->pa_brdaddr = (*(struct sockaddr_in *)
&ifr.ifr_broadaddr).sin_addr.s_addr;
ret = 0;
break;
case SIOCGIFDSTADDR: /* Get the destination address (for point-to-point links) */
(*(struct sockaddr_in *)
&ifr.ifr_dstaddr).sin_addr.s_addr = dev->pa_dstaddr;
(*(struct sockaddr_in *)
&ifr.ifr_dstaddr).sin_family = dev->family;
(*(struct sockaddr_in *)
&ifr.ifr_dstaddr).sin_port = 0;
goto rarok;
case SIOCSIFDSTADDR: /* Set the destination address (for point-to-point links) */
dev->pa_dstaddr = (*(struct sockaddr_in *)
&ifr.ifr_dstaddr).sin_addr.s_addr;
ret = 0;
break;
case SIOCGIFNETMASK: /* Get the netmask for the interface */
(*(struct sockaddr_in *)
&ifr.ifr_netmask).sin_addr.s_addr = dev->pa_mask;
(*(struct sockaddr_in *)
&ifr.ifr_netmask).sin_family = dev->family;
(*(struct sockaddr_in *)
&ifr.ifr_netmask).sin_port = 0;
goto rarok;
case SIOCSIFNETMASK: /* Set the netmask for the interface */
{
unsigned long mask = (*(struct sockaddr_in *)
&ifr.ifr_netmask).sin_addr.s_addr;
ret = -EINVAL;
/*
* The mask we set must be legal.
*/
if (bad_mask(mask,0))
break;
dev->pa_mask = mask;
ret = 0;
}
break;
case SIOCGIFMETRIC: /* Get the metric on the interface (currently unused) */
ifr.ifr_metric = dev->metric;
goto rarok;
case SIOCSIFMETRIC: /* Set the metric on the interface (currently unused) */
dev->metric = ifr.ifr_metric;
ret=0;
break;
case SIOCGIFMTU: /* Get the MTU of a device */
ifr.ifr_mtu = dev->mtu;
goto rarok;
case SIOCSIFMTU: /* Set the MTU of a device */
if (dev->change_mtu)
ret = dev->change_mtu(dev, ifr.ifr_mtu);
else
{
/*
* MTU must be positive.
*/
if(ifr.ifr_mtu<68)
return -EINVAL;
dev->mtu = ifr.ifr_mtu;
ret = 0;
}
break;
case SIOCGIFMEM: /* Get the per device memory space. We can add this but currently
do not support it */
ret = -EINVAL;
break;
case SIOCSIFMEM: /* Set the per device memory buffer space. Not applicable in our case */
ret = -EINVAL;
break;
case SIOCGIFHWADDR:
memcpy(ifr.ifr_hwaddr.sa_data,dev->dev_addr, MAX_ADDR_LEN);
ifr.ifr_hwaddr.sa_family=dev->type;
goto rarok;
case SIOCSIFHWADDR:
if(dev->set_mac_address==NULL)
return -EOPNOTSUPP;
if(securelevel > 0)
return -EPERM;
if(ifr.ifr_hwaddr.sa_family!=dev->type)
return -EINVAL;
ret=dev->set_mac_address(dev,&ifr.ifr_hwaddr);
break;
case SIOCGIFMAP:
ifr.ifr_map.mem_start=dev->mem_start;
ifr.ifr_map.mem_end=dev->mem_end;
ifr.ifr_map.base_addr=dev->base_addr;
ifr.ifr_map.irq=dev->irq;
ifr.ifr_map.dma=dev->dma;
ifr.ifr_map.port=dev->if_port;
goto rarok;
case SIOCSIFMAP:
if(dev->set_config==NULL)
return -EOPNOTSUPP;
return dev->set_config(dev,&ifr.ifr_map);
case SIOCADDMULTI:
if(dev->set_multicast_list==NULL)
return -EINVAL;
if(ifr.ifr_hwaddr.sa_family!=AF_UNSPEC)
return -EINVAL;
dev_mc_add(dev,ifr.ifr_hwaddr.sa_data, dev->addr_len, 1);
return 0;
case SIOCDELMULTI:
if(dev->set_multicast_list==NULL)
return -EINVAL;
if(ifr.ifr_hwaddr.sa_family!=AF_UNSPEC)
return -EINVAL;
dev_mc_delete(dev,ifr.ifr_hwaddr.sa_data,dev->addr_len, 1);
return 0;
/*
* Unknown or private ioctl
*/
default:
if((getset >= SIOCDEVPRIVATE) &&
(getset <= (SIOCDEVPRIVATE + 15))) {
if(dev->do_ioctl==NULL)
return -EOPNOTSUPP;
ret=dev->do_ioctl(dev, &ifr, getset);
memcpy_tofs(arg,&ifr,sizeof(struct ifreq));
break;
}
#ifdef CONFIG_NET_RADIO
if((getset >= SIOCIWFIRST) &&
(getset <= SIOCIWLAST))
{
if(dev->do_ioctl==NULL)
return -EOPNOTSUPP;
/* Perform the ioctl */
ret=dev->do_ioctl(dev, &ifr, getset);
/* If return args... */
if(IW_IS_GET(getset))
memcpy_tofs(arg, &ifr,
sizeof(struct ifreq));
break;
}
#endif /* CONFIG_NET_RADIO */
ret = -EINVAL;
}
return(ret);
/*
* The load of calls that return an ifreq and ok (saves memory).
*/
rarok:
memcpy_tofs(arg, &ifr, sizeof(struct ifreq));
return 0;
}
static io_return_t
device_get_status (void *d, dev_flavor_t flavor, dev_status_t status,
mach_msg_type_number_t *count)
{
if (flavor == NET_FLAGS)
{
struct net_data *net = (struct net_data *) d;
if (*count != 1)
return D_INVALID_SIZE;
status[0] = net->dev->flags;
return D_SUCCESS;
}
if(flavor >= SIOCIWFIRST && flavor <= SIOCIWLAST)
{
/* handle wireless ioctl */
if(! IW_IS_GET(flavor))
return D_INVALID_OPERATION;
if(*count * sizeof(int) < sizeof(struct ifreq))
return D_INVALID_OPERATION;
struct net_data *nd = d;
struct linux_device *dev = nd->dev;
if(! dev->do_ioctl)
return D_INVALID_OPERATION;
int result;
if (flavor == SIOCGIWRANGE || flavor == SIOCGIWENCODE
|| flavor == SIOCGIWESSID || flavor == SIOCGIWNICKN
|| flavor == SIOCGIWSPY)
{
/*
* These ioctls require an `iw_point' as their argument (i.e.
* they want to return some data to userspace.
* Therefore supply some sane values and carry the data back
* to userspace right behind the `struct iwreq'.
*/
struct iw_point *iwp = &((struct iwreq *) status)->u.data;
iwp->length = *count * sizeof (dev_status_t) - sizeof (struct ifreq);
iwp->pointer = (void *) status + sizeof (struct ifreq);
result = dev->do_ioctl (dev, (struct ifreq *) status, flavor);
*count = ((sizeof (struct ifreq) + iwp->length)
/ sizeof (dev_status_t));
if (iwp->length % sizeof (dev_status_t))
(*count) ++;
}
else
{
*count = sizeof(struct ifreq) / sizeof(int);
result = dev->do_ioctl(dev, (struct ifreq *) status, flavor);
}
return result ? D_IO_ERROR : D_SUCCESS;
}
else
{
/* common get_status request */
return net_getstat (&((struct net_data *) d)->ifnet, flavor,
status, count);
}
}
