2 * wlc - Broadcom Wireless Driver Control Utility
4 * Copyright (C) 2006 Felix Fietkau <nbd@openwrt.org>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
17 #include <sys/types.h>
29 #include <proto/802.11.h>
33 #define PTABLE_MAGIC 0xbadc0ded
38 #define PTABLE_END 0xffffffff
41 * Copy each token in wordlist delimited by space into word
42 * Taken from Broadcom shutils.h
44 #define foreach(word, wordlist, next) \
45 for (next = &wordlist[strspn(wordlist, " ")], \
46 strncpy(word, next, sizeof(word)), \
47 word[strcspn(word, " ")] = '\0', \
48 word[sizeof(word) - 1] = '\0', \
49 next = strchr(next, ' '); \
51 next = next ? &next[strspn(next, " ")] : "", \
52 strncpy(word, next, sizeof(word)), \
53 word[strcspn(word, " ")] = '\0', \
54 word[sizeof(word) - 1] = '\0', \
55 next = strchr(next, ' '))
57 static char wlbuf[8192];
58 static char interface[16] = "wl0";
59 static unsigned long ptable[128];
60 static unsigned long kmem_offset = 0;
61 static int vif = 0, debug = 1, fromstdin = 0;
72 PARAM_OPTIONS = 0x0f0,
84 int (*handler)(wlc_param param, void *data, void *value);
93 /* can't use the system include because of the stupid broadcom header files */
94 extern struct ether_addr *ether_aton(const char *asc);
95 extern char *ether_ntoa(const struct ether_addr *addr);
98 * find the starting point of wl.o in memory
99 * by reading /proc/ksyms
101 static inline void wlc_get_mem_offset(void)
106 /* yes, i'm lazy ;) */
107 f = popen("grep '\\[wl]' /proc/ksyms | sort", "r");
108 if (fgets(s, 64, f) == 0)
114 kmem_offset = strtoul(s, NULL, 16);
117 if (kmem_offset < 0xc0000000)
122 static int ptable_init(void)
128 if (ptable[0] == PTABLE_MAGIC)
131 glob("/lib/modules/2.4.*/wl.o.patch", 0, NULL, &globbuf);
133 if (globbuf.gl_pathv[0] == NULL)
136 if ((fd = open(globbuf.gl_pathv[0], O_RDONLY)) < 0)
139 if (fstat(fd, &statbuf) < 0)
142 if (statbuf.st_size < 512)
145 if (read(fd, ptable, 512) < 512)
148 if (ptable[0] != PTABLE_MAGIC)
153 wlc_get_mem_offset();
154 if (kmem_offset == 0)
165 static inline unsigned long wlc_kmem_read(unsigned long offset)
170 if ((fd = open("/dev/kmem", O_RDONLY )) < 0)
173 lseek(fd, 0x70000000, SEEK_SET);
174 lseek(fd, (kmem_offset - 0x70000000) + offset, SEEK_CUR);
181 static inline void wlc_kmem_write(unsigned long offset, unsigned long value)
185 if ((fd = open("/dev/kmem", O_WRONLY )) < 0)
188 lseek(fd, 0x70000000, SEEK_SET);
189 lseek(fd, (kmem_offset - 0x70000000) + offset, SEEK_CUR);
190 write(fd, &value, 4);
194 static int wlc_patcher_getval(unsigned long key, unsigned long *val)
196 unsigned long *pt = &ptable[1];
199 if (ptable_init() < 0) {
200 fprintf(stderr, "Could not load the ptable\n");
204 while (*pt != PTABLE_END) {
206 tmp = wlc_kmem_read(pt[1]);
221 static int wlc_patcher_setval(unsigned long key, unsigned long val)
223 unsigned long *pt = &ptable[1];
225 if (ptable_init() < 0) {
226 fprintf(stderr, "Could not load the ptable\n");
230 if (val != 0xffffffff)
231 val = (pt[2] & ~(0xffff)) | (val & 0xffff);
233 while (*pt != PTABLE_END) {
235 if (val == 0xffffffff) /* default */
238 wlc_kmem_write(pt[1], val);
246 static int wlc_slottime(wlc_param param, void *data, void *value)
248 int *val = (int *) value;
251 if ((param & PARAM_MODE) == SET) {
252 wlc_patcher_setval(PTABLE_SLT1, *val);
253 wlc_patcher_setval(PTABLE_SLT2, ((*val == -1) ? *val : *val + 510));
254 } else if ((param & PARAM_MODE) == GET) {
255 ret = wlc_patcher_getval(PTABLE_SLT1, (unsigned long *) val);
256 if (*val != 0xffffffff)
263 static int wlc_noack(wlc_param param, void *data, void *value)
265 int *val = (int *) value;
268 if ((param & PARAM_MODE) == SET) {
269 wlc_patcher_setval(PTABLE_ACKW, ((*val) ? 1 : 0));
270 } else if ((param & PARAM_MODE) == GET) {
271 ret = wlc_patcher_getval(PTABLE_ACKW, (unsigned long *) val);
273 *val = (*val ? 1 : 0);
279 static int wlc_ibss_merge(wlc_param param, void *data, void *value)
281 int *val = (int *) value;
284 if ((param & PARAM_MODE) == SET) {
285 /* overwrite the instruction with 'lui v0,0x0' - fake a return
286 * status of 0 for wlc_bcn_tsf_later */
287 wlc_patcher_setval(PTABLE_ACKW, ((*val) ? -1 : 0x3c020000));
288 } else if ((param & PARAM_MODE) == GET) {
289 ret = wlc_patcher_getval(PTABLE_ACKW, (unsigned long *) val);
290 *val = ((*val == -1) ? 1 : 0);
296 static int wlc_ioctl(wlc_param param, void *data, void *value)
298 unsigned int *var = ((unsigned int *) data);
299 unsigned int ioc = *var;
302 return wl_ioctl(interface, ioc, NULL, 0);
304 switch(param & PARAM_TYPE) {
306 return wl_ioctl(interface, ((param & SET) ? (ioc) : (ioc >> 16)) & 0xffff, value, sizeof(int));
308 return wl_ioctl(interface, ((param & SET) ? (ioc) : (ioc >> 16)) & 0xffff, value, BUFSIZE);
313 static int wlc_iovar(wlc_param param, void *data, void *value)
315 int *val = (int *) value;
316 char *iov = *((char **) data);
320 switch(param & PARAM_TYPE) {
322 ret = wl_iovar_setint(interface, iov, *val);
326 switch(param & PARAM_TYPE) {
328 ret = wl_iovar_getint(interface, iov, val);
335 static int wlc_bssiovar(wlc_param param, void *data, void *value)
337 int *val = (int *) value;
338 char *iov = *((char **) data);
342 switch(param & PARAM_TYPE) {
344 ret = wl_bssiovar_setint(interface, iov, vif, *val);
348 switch(param & PARAM_TYPE) {
350 ret = wl_bssiovar_getint(interface, iov, vif, val);
357 static int wlc_vif_enabled(wlc_param param, void *data, void *value)
359 int *val = (int *) value;
363 sprintf((char *) buf, "bss");
366 buf[2] = (*val ? 1 : 0);
367 ret = wl_ioctl(interface, WLC_SET_VAR, buf, sizeof(buf));
368 } else if (param & GET) {
369 ret = wl_ioctl(interface, WLC_GET_VAR, buf, sizeof(buf));
376 static int wlc_ssid(wlc_param param, void *data, void *value)
378 int ret = -1, ret2 = -1;
379 char *dest = (char *) value;
382 if ((param & PARAM_MODE) == GET) {
383 ret = wl_bssiovar_get(interface, "ssid", vif, &ssid, sizeof(ssid));
386 /* if we can't get the ssid through the bssiovar, try WLC_GET_SSID */
387 ret = wl_ioctl(interface, WLC_GET_SSID, &ssid, sizeof(ssid));
390 memcpy(dest, ssid.SSID, ssid.SSID_len);
391 dest[ssid.SSID_len] = 0;
393 } else if ((param & PARAM_MODE) == SET) {
394 strncpy(ssid.SSID, value, 32);
395 ssid.SSID_len = strlen(value);
397 if (ssid.SSID_len > 32)
401 /* for the main interface, also try the WLC_SET_SSID call */
402 ret2 = wl_ioctl(interface, WLC_SET_SSID, &ssid, sizeof(ssid));
405 ret = wl_bssiovar_set(interface, "ssid", vif, &ssid, sizeof(ssid));
406 ret = (!ret2 ? 0 : ret);
412 static int wlc_int(wlc_param param, void *data, void *value)
414 int *var = *((int **) data);
415 int *val = (int *) value;
417 if ((param & PARAM_MODE) == SET) {
419 } else if ((param & PARAM_MODE) == GET) {
426 static int wlc_flag(wlc_param param, void *data, void *value)
428 int *var = *((int **) data);
435 static int wlc_string(wlc_param param, void *data, void *value)
437 char *var = *((char **) data);
439 if ((param & PARAM_MODE) == GET) {
446 static int wlc_afterburner(wlc_param param, void *data, void *value)
448 int *val = (int *) value;
451 if ((param & PARAM_MODE) == GET) {
452 ret = wl_iovar_getint(interface, "afterburner", val);
454 wl_iovar_setint(interface, "wlfeatureflag", (*val ? 3 : 0));
455 ret = wl_iovar_setint(interface, "afterburner", (*val ? 1 : 0));
456 wl_iovar_setint(interface, "afterburner_override", *val);
462 static int wlc_maclist(wlc_param param, void *data, void *value)
464 unsigned int *var = ((unsigned int *) data);
465 unsigned int ioc = *var;
466 int limit = (sizeof(wlbuf) - 4) / sizeof(struct ether_addr);
467 struct maclist *list = (struct maclist *) wlbuf;
468 char *str = (char *) value;
470 struct ether_addr *addr;
474 if ((param & PARAM_MODE) == GET) {
476 ret = wl_ioctl(interface, (ioc >> 16) & 0xffff, wlbuf, sizeof(wlbuf));
480 str += sprintf(str, "%s%s", ((((char *) value) == str) ? "" : " "), ether_ntoa(&list->ea[list->count-- - 1]));
484 while (*str && isspace(*str))
491 if (wl_ioctl(interface, (ioc >> 16) & 0xffff, wlbuf, sizeof(wlbuf)) == 0)
494 while (*str && isspace(*str))
499 memset(wlbuf, 0, sizeof(wlbuf));
501 foreach(astr, str, p) {
502 if (list->count >= limit)
505 if ((addr = ether_aton(astr)) != NULL)
506 memcpy(&list->ea[list->count++], addr, sizeof(struct ether_addr));
509 return wl_ioctl(interface, ioc & 0xffff, wlbuf, sizeof(wlbuf));
513 static int wlc_radio(wlc_param param, void *data, void *value)
515 int *val = (int *) value;
518 if ((param & PARAM_MODE) == GET) {
519 ret = wl_ioctl(interface, WLC_GET_RADIO, val, sizeof(int));
520 *val = ((*val & 1) ? 0 : 1);
522 *val = (1 << 16) | (*val ? 0 : 1);
523 ret = wl_ioctl(interface, WLC_SET_RADIO, val, sizeof(int));
529 static int wlc_wsec_key(wlc_param param, void *null, void *value)
531 wl_wsec_key_t wsec_key;
532 unsigned char *index = value;
535 unsigned char hex[3];
537 if ((param & PARAM_MODE) != SET)
540 memset(&wsec_key, 0, sizeof(wsec_key));
541 if (index[0] == '=') {
542 wsec_key.flags = WL_PRIMARY_KEY;
546 if ((index[0] < '1') || (index[0] > '4') || (index[1] != ','))
550 if (strncmp(key, "d:", 2) == 0) { /* delete key */
551 } else if (strncmp(key, "s:", 2) == 0) { /* ascii key */
553 wsec_key.len = strlen(key);
555 if ((wsec_key.len != 5) && (wsec_key.len != 13))
558 strcpy(wsec_key.data, key);
559 } else { /* hex key */
560 wsec_key.len = strlen(key);
561 if ((wsec_key.len != 10) && (wsec_key.len != 26))
565 data = wsec_key.data;
570 *(data++) = (unsigned char) strtoul(hex, NULL, 16);
574 return wl_bssiovar_set(interface, "wsec_key", vif, &wsec_key, sizeof(wsec_key));
577 static inline int cw2ecw(int cw)
580 for (cw++, i = 0; cw; i++) cw >>=1;
584 static int wlc_wme_ac(wlc_param param, void *data, void *value)
586 char *type = *((char **) data);
587 char *settings = (char *) value;
588 char cmd[100], *p, *val;
589 edcf_acparam_t params[AC_COUNT];
595 if ((param & PARAM_MODE) != SET)
598 memset(params, 0, sizeof(params));
599 ret = wl_iovar_get(interface, type, params, sizeof(params));
600 memset(buf, 0, BUFSIZE);
602 buf += strlen(buf) + 1;
604 foreach(cmd, settings, p) {
605 val = strchr(cmd, '=');
607 if (strcmp(cmd, "be") == 0)
609 else if (strcmp(cmd, "bk") == 0)
611 else if (strcmp(cmd, "vi") == 0)
613 else if (strcmp(cmd, "vo") == 0)
619 params[cur].ACI = (params[cur].ACI & (0x3 << 5)) | (cur << 5);
623 intval = strtoul(val, NULL, 10);
624 if (strcmp(cmd, "cwmin") == 0)
625 params[cur].ECW = (params[cur].ECW & ~(0xf)) | cw2ecw(intval);
626 else if (strcmp(cmd, "ecwmin") == 0)
627 params[cur].ECW = (params[cur].ECW & ~(0xf)) | (intval & 0xf);
628 else if (strcmp(cmd, "cwmax") == 0)
629 params[cur].ECW = (params[cur].ECW & ~(0xf << 4)) | (cw2ecw(intval) << 4);
630 else if (strcmp(cmd, "ecwmax") == 0)
631 params[cur].ECW = (params[cur].ECW & ~(0xf << 4)) | ((intval & 0xf) << 4);
632 else if (strcmp(cmd, "aifsn") == 0)
633 params[cur].ACI = (params[cur].ACI & ~(0xf)) | (intval & 0xf);
634 else if (strcmp(cmd, "txop") == 0)
635 params[cur].TXOP = intval >> 5;
636 else if (strcmp(cmd, "force") == 0)
637 params[cur].ACI = (params[cur].ACI & ~(1 << 4)) | ((intval) ? (1 << 4) : 0);
640 memcpy(buf, ¶ms[cur], sizeof(edcf_acparam_t));
641 wl_ioctl(interface, WLC_SET_VAR, wlbuf, BUFSIZE);
647 static const struct wlc_call wlc_calls[] = {
650 .param = STRING|NOARG,
651 .handler = wlc_string,
653 .desc = "Version of this program"
660 .desc = "wlc debug level"
666 .data.ptr = &fromstdin,
667 .desc = "Accept input from stdin"
672 .handler = wlc_ioctl,
674 .desc = "Bring the interface up"
679 .handler = wlc_ioctl,
680 .data.num = WLC_DOWN,
681 .desc = "Bring the interface down"
686 .handler = wlc_radio,
687 .desc = "Radio enabled flag"
692 .handler = wlc_ioctl,
693 .data.num = ((WLC_GET_AP << 16) | WLC_SET_AP),
694 .desc = "Access Point mode"
699 .handler = wlc_iovar,
701 .desc = "Multi-ssid mode"
706 .handler = wlc_iovar,
708 .desc = "AP+STA mode"
713 .handler = wlc_ioctl,
714 .data.num = ((WLC_GET_INFRA << 16) | WLC_SET_INFRA),
715 .desc = "Infrastructure mode"
720 .handler = wlc_ioctl,
721 .data.num = ((WLC_GET_WET << 16) | WLC_SET_WET),
722 .desc = "Wireless repeater mode",
725 .name = "statimeout",
727 .handler = wlc_iovar,
728 .data.str = "sta_retry_time",
729 .desc = "STA connection timeout"
734 .handler = wlc_ioctl,
735 .data.num = ((WLC_GET_COUNTRY << 16) | WLC_SET_COUNTRY),
736 .desc = "Country code"
741 .handler = wlc_ioctl,
742 .data.num = ((WLC_GET_CHANNEL << 16) | WLC_SET_CHANNEL),
750 .desc = "Current vif index"
755 .handler = wlc_vif_enabled,
756 .desc = "vif enabled flag"
762 .desc = "Interface ESSID"
767 .handler = wlc_bssiovar,
768 .data.str = "closednet",
769 .desc = "Hidden ESSID flag"
774 .handler = wlc_bssiovar,
776 .desc = "Security mode flags"
781 .handler = wlc_wsec_key,
782 .desc = "Set/Remove WEP keys"
785 .name = "wsec_restrict",
787 .handler = wlc_bssiovar,
788 .data.str = "wsec_restrict",
789 .desc = "Drop unencrypted traffic"
792 .name = "eap_restrict",
794 .handler = wlc_bssiovar,
795 .data.str = "eap_restrict",
796 .desc = "Only allow 802.1X traffic until 802.1X authorized"
801 .handler = wlc_bssiovar,
802 .data.str = "wpa_auth",
803 .desc = "WPA authentication modes"
806 .name = "ap_isolate",
808 .handler = wlc_bssiovar,
809 .data.str = "ap_isolate",
810 .desc = "Isolate connected clients"
813 .name = "supplicant",
815 .handler = wlc_iovar,
816 .data.str = "sup_wpa",
817 .desc = "Built-in WPA supplicant"
822 .handler = wlc_iovar,
823 .data.str = "maxassoc",
824 .desc = "Max. number of associated clients",
829 .handler = wlc_iovar,
831 .desc = "WME enabled"
836 .handler = wlc_wme_ac,
837 .data.str = "wme_ac_ap",
838 .desc = "Set WME AC options for AP mode",
841 .name = "wme_ac_sta",
843 .handler = wlc_wme_ac,
844 .data.str = "wme_ac_sta",
845 .desc = "Set WME AC options for STA mode",
850 .handler = wlc_iovar,
851 .data.str = "wme_noack",
852 .desc = "WME ACK disable request",
855 .name = "fragthresh",
857 .handler = wlc_iovar,
858 .data.str = "fragthresh",
859 .desc = "Fragmentation threshold",
864 .handler = wlc_iovar,
865 .data.str = "rtsthresh",
866 .desc = "RTS threshold"
871 .handler = wlc_ioctl,
872 .data.num = ((WLC_GET_ANTDIV << 16) | WLC_SET_ANTDIV),
873 .desc = "Rx antenna selection"
878 .handler = wlc_ioctl,
879 .data.num = ((WLC_GET_TXANT << 16) | WLC_SET_TXANT),
880 .desc = "Tx antenna selection"
885 .handler = wlc_ioctl,
886 .data.num = ((WLC_GET_DTIMPRD << 16) | WLC_SET_DTIMPRD),
887 .desc = "DTIM period",
892 .handler = wlc_ioctl,
893 .data.num = ((WLC_GET_BCNPRD << 16) | WLC_SET_BCNPRD),
894 .desc = "Beacon interval"
897 .name = "frameburst",
899 .handler = wlc_ioctl,
900 .data.num = ((WLC_GET_FAKEFRAG << 16) | WLC_SET_FAKEFRAG),
901 .desc = "Framebursting"
906 .handler = wlc_ioctl,
907 .data.num = ((WLC_GET_MONITOR << 16) | WLC_SET_MONITOR),
908 .desc = "Monitor mode"
913 .handler = wlc_ioctl,
914 .data.num = ((WLC_GET_PASSIVE << 16) | WLC_SET_PASSIVE),
915 .desc = "Passive mode"
920 .handler = wlc_ioctl,
921 .data.num = ((WLC_GET_MACMODE << 16) | WLC_SET_MACMODE),
922 .desc = "MAC filter mode (0:disabled, 1:deny, 2:allow)"
927 .data.num = ((WLC_GET_MACLIST << 16) | WLC_SET_MACLIST),
928 .handler = wlc_maclist,
929 .desc = "MAC filter list"
934 .handler = wlc_ioctl,
935 .data.num = ((WLC_GET_LAZYWDS << 16) | WLC_SET_LAZYWDS),
936 .desc = "Automatic WDS"
941 .data.num = ((WLC_GET_WDSLIST << 16) | WLC_SET_WDSLIST),
942 .handler = wlc_maclist,
943 .desc = "WDS connection list"
946 .name = "wdstimeout",
948 .handler = wlc_iovar,
949 .data.str = "wdstimeout",
950 .desc = "WDS link detection timeout"
953 .name = "afterburner",
955 .handler = wlc_afterburner,
956 .desc = "Broadcom Afterburner"
961 .handler = wlc_slottime,
962 .desc = "Slot time (-1 = auto)"
967 .handler = wlc_noack,
968 .desc = "Tx ACK enabled flag"
971 .name = "ibss_merge",
973 .handler = wlc_ibss_merge,
974 .desc = "Allow IBSS merge in Ad-Hoc mode"
977 #define wlc_calls_size (sizeof(wlc_calls) / sizeof(struct wlc_call))
979 static void usage(char *cmd)
982 fprintf(stderr, "Usage: %s <command> [<argument> ...]\n"
984 "Available commands:\n", cmd);
985 for (i = 0; i < wlc_calls_size; i++) {
986 fprintf(stderr, "\t%-16s\t%s\n", wlc_calls[i].name ?: "", wlc_calls[i].desc ?: "");
988 fprintf(stderr, "\n");
992 static int do_command(const struct wlc_call *cmd, char *arg)
994 static char buf[BUFSIZE];
1001 fprintf(stderr, "do_command %-16s\t'%s'\n", cmd->name, arg);
1004 if ((arg == NULL) && ((cmd->param & PARAM_TYPE) != NONE)) {
1006 ret = cmd->handler(cmd->param | GET, (void *) &cmd->data, (void *) buf);
1008 switch(cmd->param & PARAM_TYPE) {
1010 intval = *((int *) buf);
1013 format = "0x%08x\n";
1014 else if (intval > 255)
1015 format = "0x%04x\n";
1019 fprintf(stdout, format, intval);
1022 fprintf(stdout, "%s\n", buf);
1027 switch(cmd->param & PARAM_TYPE) {
1029 intval = strtoul(arg, &end, 10);
1030 if (end && !(*end)) {
1031 memcpy(buf, &intval, sizeof(intval));
1033 fprintf(stderr, "%s: Invalid argument\n", cmd->name);
1038 strncpy(buf, arg, BUFSIZE);
1039 buf[BUFSIZE - 1] = 0;
1042 ret = cmd->handler(cmd->param | SET, (void *) &cmd->data, (void *) buf);
1045 if ((debug > 0) && (ret != 0))
1046 fprintf(stderr, "Command '%s %s' failed: %d\n", (set == 1 ? "set" : "get"), cmd->name, ret);
1051 static struct wlc_call *find_cmd(char *name)
1053 int found = 0, i = 0;
1055 while (!found && (i < wlc_calls_size)) {
1056 if (strcmp(name, wlc_calls[i].name) == 0)
1062 return (struct wlc_call *) (found ? &wlc_calls[i] : NULL);
1065 int main(int argc, char **argv)
1067 static char buf[BUFSIZE];
1069 char *cmd = argv[0];
1070 struct wlc_call *call;
1076 for(interface[2] = '0'; (interface[2] < '3') && (wl_probe(interface) != 0); interface[2]++);
1077 if (interface[2] == '3') {
1078 fprintf(stderr, "No Broadcom wl interface found!\n");
1084 while ((argc > 0) && (argv[0] != NULL)) {
1085 if ((call = find_cmd(argv[0])) == NULL) {
1086 fprintf(stderr, "Invalid command: %s\n\n", argv[0]);
1089 if ((argc > 1) && (!(call->param & NOARG))) {
1090 ret = do_command(call, argv[1]);
1094 ret = do_command(call, NULL);
1100 while (fromstdin && !feof(stdin)) {
1102 fgets(buf, BUFSIZE - 1, stdin);
1107 if ((s = strchr(buf, '\r')) != NULL)
1109 if ((s = strchr(buf, '\n')) != NULL)
1119 if ((s2 = strchr(buf, ' ')) != NULL)
1122 while (s2 && isspace(*s2))
1125 if ((call = find_cmd(buf)) == NULL) {
1126 fprintf(stderr, "Invalid command: %s\n", buf);
1129 ret = do_command(call, ((call->param & NOARG) ? NULL : s2));