2 * wlc - Broadcom Wireless Driver Control Utility
4 * Copyright (C) 2006 Felix Fietkau <nbd@openwrt.org>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
17 #include <sys/types.h>
29 #include <proto/802.11.h>
33 #define PTABLE_MAGIC 0xbadc0ded
38 #define PTABLE_END 0xffffffff
41 * Copy each token in wordlist delimited by space into word
42 * Taken from Broadcom shutils.h
44 #define foreach(word, wordlist, next) \
45 for (next = &wordlist[strspn(wordlist, " ")], \
46 strncpy(word, next, sizeof(word)), \
47 word[strcspn(word, " ")] = '\0', \
48 word[sizeof(word) - 1] = '\0', \
49 next = strchr(next, ' '); \
51 next = next ? &next[strspn(next, " ")] : "", \
52 strncpy(word, next, sizeof(word)), \
53 word[strcspn(word, " ")] = '\0', \
54 word[sizeof(word) - 1] = '\0', \
55 next = strchr(next, ' '))
57 static char wlbuf[8192];
58 static char interface[16] = "wl0";
59 static unsigned long ptable[128];
60 static unsigned long kmem_offset = 0;
61 static int vif = 0, debug = 1, fromstdin = 0;
72 PARAM_OPTIONS = 0x0f0,
84 int (*handler)(wlc_param param, void *data, void *value);
93 /* can't use the system include because of the stupid broadcom header files */
94 extern struct ether_addr *ether_aton(const char *asc);
95 extern char *ether_ntoa(const struct ether_addr *addr);
98 * find the starting point of wl.o in memory
99 * by reading /proc/ksyms
101 static inline void wlc_get_mem_offset(void)
106 /* yes, i'm lazy ;) */
107 f = popen("grep '\\[wl]' /proc/ksyms | sort", "r");
108 if (fgets(s, 64, f) == 0)
114 kmem_offset = strtoul(s, NULL, 16);
117 if (kmem_offset < 0xc0000000)
122 static int ptable_init(void)
128 if (ptable[0] == PTABLE_MAGIC)
131 glob("/lib/modules/2.4.*/wl.o", 0, NULL, &globbuf);
133 if (globbuf.gl_pathv[0] == NULL)
136 if ((fd = open(globbuf.gl_pathv[0], O_RDONLY)) < 0)
139 if (fstat(fd, &statbuf) < 0)
142 if (statbuf.st_size <= 512)
145 if (lseek(fd, statbuf.st_size - 512, SEEK_SET) < 0) {
150 if (read(fd, ptable, 512) < 512)
153 if (ptable[0] != PTABLE_MAGIC)
158 wlc_get_mem_offset();
159 if (kmem_offset == 0)
170 static inline unsigned long wlc_kmem_read(unsigned long offset)
175 if ((fd = open("/dev/kmem", O_RDONLY )) < 0)
178 lseek(fd, 0x70000000, SEEK_SET);
179 lseek(fd, (kmem_offset - 0x70000000) + offset, SEEK_CUR);
186 static inline void wlc_kmem_write(unsigned long offset, unsigned long value)
190 if ((fd = open("/dev/kmem", O_WRONLY )) < 0)
193 lseek(fd, 0x70000000, SEEK_SET);
194 lseek(fd, (kmem_offset - 0x70000000) + offset, SEEK_CUR);
195 write(fd, &value, 4);
199 static int wlc_patcher_getval(unsigned long key, unsigned long *val)
201 unsigned long *pt = &ptable[1];
204 if (ptable_init() < 0) {
205 fprintf(stderr, "Could not load the ptable\n");
209 while (*pt != PTABLE_END) {
211 tmp = wlc_kmem_read(pt[1]);
226 static int wlc_patcher_setval(unsigned long key, unsigned long val)
228 unsigned long *pt = &ptable[1];
230 if (ptable_init() < 0) {
231 fprintf(stderr, "Could not load the ptable\n");
235 if (val != 0xffffffff)
236 val = (pt[2] & ~(0xffff)) | (val & 0xffff);
238 while (*pt != PTABLE_END) {
240 if (val == 0xffffffff) /* default */
243 wlc_kmem_write(pt[1], val);
251 static int wlc_slottime(wlc_param param, void *data, void *value)
253 int *val = (int *) value;
256 if ((param & PARAM_MODE) == SET) {
257 wlc_patcher_setval(PTABLE_SLT1, *val);
258 wlc_patcher_setval(PTABLE_SLT2, ((*val == -1) ? *val : *val + 510));
259 } else if ((param & PARAM_MODE) == GET) {
260 ret = wlc_patcher_getval(PTABLE_SLT1, (unsigned long *) val);
261 if (*val != 0xffffffff)
268 static int wlc_noack(wlc_param param, void *data, void *value)
270 int *val = (int *) value;
273 if ((param & PARAM_MODE) == SET) {
274 wlc_patcher_setval(PTABLE_ACKW, ((*val) ? 1 : 0));
275 } else if ((param & PARAM_MODE) == GET) {
276 ret = wlc_patcher_getval(PTABLE_ACKW, (unsigned long *) val);
278 *val = (*val ? 1 : 0);
284 static int wlc_ibss_merge(wlc_param param, void *data, void *value)
286 int *val = (int *) value;
289 if ((param & PARAM_MODE) == SET) {
290 /* overwrite the instruction with 'lui v0,0x0' - fake a return
291 * status of 0 for wlc_bcn_tsf_later */
292 wlc_patcher_setval(PTABLE_ACKW, ((*val) ? -1 : 0x3c020000));
293 } else if ((param & PARAM_MODE) == GET) {
294 ret = wlc_patcher_getval(PTABLE_ACKW, (unsigned long *) val);
295 *val = ((*val == -1) ? 1 : 0);
301 static int wlc_ioctl(wlc_param param, void *data, void *value)
303 unsigned int *var = ((unsigned int *) data);
304 unsigned int ioc = *var;
307 return wl_ioctl(interface, ioc, NULL, 0);
309 switch(param & PARAM_TYPE) {
311 return wl_ioctl(interface, ((param & SET) ? (ioc) : (ioc >> 16)) & 0xffff, value, sizeof(int));
313 return wl_ioctl(interface, ((param & SET) ? (ioc) : (ioc >> 16)) & 0xffff, value, BUFSIZE);
318 static int wlc_iovar(wlc_param param, void *data, void *value)
320 int *val = (int *) value;
321 char *iov = *((char **) data);
325 switch(param & PARAM_TYPE) {
327 ret = wl_iovar_setint(interface, iov, *val);
331 switch(param & PARAM_TYPE) {
333 ret = wl_iovar_getint(interface, iov, val);
340 static int wlc_bssiovar(wlc_param param, void *data, void *value)
342 int *val = (int *) value;
343 char *iov = *((char **) data);
347 switch(param & PARAM_TYPE) {
349 ret = wl_bssiovar_setint(interface, iov, vif, *val);
353 switch(param & PARAM_TYPE) {
355 ret = wl_bssiovar_getint(interface, iov, vif, val);
362 static int wlc_vif_enabled(wlc_param param, void *data, void *value)
364 int *val = (int *) value;
368 sprintf((char *) buf, "bss");
371 buf[2] = (*val ? 1 : 0);
372 ret = wl_ioctl(interface, WLC_SET_VAR, buf, sizeof(buf));
373 } else if (param & GET) {
374 ret = wl_ioctl(interface, WLC_GET_VAR, buf, sizeof(buf));
381 static int wlc_ssid(wlc_param param, void *data, void *value)
383 int ret = -1, ret2 = -1;
384 char *dest = (char *) value;
387 if ((param & PARAM_MODE) == GET) {
388 ret = wl_bssiovar_get(interface, "ssid", vif, &ssid, sizeof(ssid));
391 /* if we can't get the ssid through the bssiovar, try WLC_GET_SSID */
392 ret = wl_ioctl(interface, WLC_GET_SSID, &ssid, sizeof(ssid));
395 memcpy(dest, ssid.SSID, ssid.SSID_len);
396 dest[ssid.SSID_len] = 0;
398 } else if ((param & PARAM_MODE) == SET) {
399 strncpy(ssid.SSID, value, 32);
400 ssid.SSID_len = strlen(value);
402 if (ssid.SSID_len > 32)
406 /* for the main interface, also try the WLC_SET_SSID call */
407 ret2 = wl_ioctl(interface, WLC_SET_SSID, &ssid, sizeof(ssid));
410 ret = wl_bssiovar_set(interface, "ssid", vif, &ssid, sizeof(ssid));
411 ret = (!ret2 ? 0 : ret);
417 static int wlc_int(wlc_param param, void *data, void *value)
419 int *var = *((int **) data);
420 int *val = (int *) value;
422 if ((param & PARAM_MODE) == SET) {
424 } else if ((param & PARAM_MODE) == GET) {
431 static int wlc_flag(wlc_param param, void *data, void *value)
433 int *var = *((int **) data);
440 static int wlc_string(wlc_param param, void *data, void *value)
442 char *var = *((char **) data);
444 if ((param & PARAM_MODE) == GET) {
451 static int wlc_afterburner(wlc_param param, void *data, void *value)
453 int *val = (int *) value;
456 if ((param & PARAM_MODE) == GET) {
457 ret = wl_iovar_getint(interface, "afterburner", val);
459 wl_iovar_setint(interface, "wlfeatureflag", (*val ? 3 : 0));
460 ret = wl_iovar_setint(interface, "afterburner", (*val ? 1 : 0));
461 wl_iovar_setint(interface, "afterburner_override", *val);
467 static int wlc_maclist(wlc_param param, void *data, void *value)
469 unsigned int *var = ((unsigned int *) data);
470 unsigned int ioc = *var;
471 int limit = (sizeof(wlbuf) - 4) / sizeof(struct ether_addr);
472 struct maclist *list = (struct maclist *) wlbuf;
473 char *str = (char *) value;
475 struct ether_addr *addr;
479 if ((param & PARAM_MODE) == GET) {
481 ret = wl_ioctl(interface, (ioc >> 16) & 0xffff, wlbuf, sizeof(wlbuf));
485 str += sprintf(str, "%s%s", ((((char *) value) == str) ? "" : " "), ether_ntoa(&list->ea[list->count-- - 1]));
489 while (*str && isspace(*str))
496 if (wl_ioctl(interface, (ioc >> 16) & 0xffff, wlbuf, sizeof(wlbuf)) == 0)
499 while (*str && isspace(*str))
504 memset(wlbuf, 0, sizeof(wlbuf));
506 foreach(astr, str, p) {
507 if (list->count >= limit)
510 if ((addr = ether_aton(astr)) != NULL)
511 memcpy(&list->ea[list->count++], addr, sizeof(struct ether_addr));
514 return wl_ioctl(interface, ioc & 0xffff, wlbuf, sizeof(wlbuf));
518 static int wlc_radio(wlc_param param, void *data, void *value)
520 int *val = (int *) value;
523 if ((param & PARAM_MODE) == GET) {
524 ret = wl_ioctl(interface, WLC_GET_RADIO, val, sizeof(int));
525 *val = ((*val & 1) ? 0 : 1);
527 *val = (1 << 16) | (*val ? 0 : 1);
528 ret = wl_ioctl(interface, WLC_SET_RADIO, val, sizeof(int));
534 static int wlc_wsec_key(wlc_param param, void *null, void *value)
536 wl_wsec_key_t wsec_key;
537 unsigned char *index = value;
540 unsigned char hex[3];
542 if ((param & PARAM_MODE) != SET)
545 memset(&wsec_key, 0, sizeof(wsec_key));
546 if (index[0] == '=') {
547 wsec_key.flags = WL_PRIMARY_KEY;
551 if ((index[0] < '1') || (index[0] > '4') || (index[1] != ','))
555 if (strncmp(key, "d:", 2) == 0) { /* delete key */
556 } else if (strncmp(key, "s:", 2) == 0) { /* ascii key */
558 wsec_key.len = strlen(key);
560 if ((wsec_key.len != 5) && (wsec_key.len != 13))
563 strcpy(wsec_key.data, key);
564 } else { /* hex key */
565 wsec_key.len = strlen(key);
566 if ((wsec_key.len != 10) && (wsec_key.len != 26))
570 data = wsec_key.data;
575 *(data++) = (unsigned char) strtoul(hex, NULL, 16);
579 return wl_bssiovar_set(interface, "wsec_key", vif, &wsec_key, sizeof(wsec_key));
582 static inline int cw2ecw(int cw)
585 for (cw++, i = 0; cw; i++) cw >>=1;
589 static int wlc_wme_ac(wlc_param param, void *data, void *value)
591 char *type = *((char **) data);
592 char *settings = (char *) value;
593 char cmd[100], *p, *val;
594 edcf_acparam_t params[AC_COUNT];
600 if ((param & PARAM_MODE) != SET)
603 memset(params, 0, sizeof(params));
604 ret = wl_iovar_get(interface, type, params, sizeof(params));
605 memset(buf, 0, BUFSIZE);
607 buf += strlen(buf) + 1;
609 foreach(cmd, settings, p) {
610 val = strchr(cmd, '=');
612 if (strcmp(cmd, "be") == 0)
614 else if (strcmp(cmd, "bk") == 0)
616 else if (strcmp(cmd, "vi") == 0)
618 else if (strcmp(cmd, "vo") == 0)
624 params[cur].ACI = (params[cur].ACI & (0x3 << 5)) | (cur << 5);
628 intval = strtoul(val, NULL, 10);
629 if (strcmp(cmd, "cwmin") == 0)
630 params[cur].ECW = (params[cur].ECW & ~(0xf)) | cw2ecw(intval);
631 else if (strcmp(cmd, "ecwmin") == 0)
632 params[cur].ECW = (params[cur].ECW & ~(0xf)) | (intval & 0xf);
633 else if (strcmp(cmd, "cwmax") == 0)
634 params[cur].ECW = (params[cur].ECW & ~(0xf << 4)) | (cw2ecw(intval) << 4);
635 else if (strcmp(cmd, "ecwmax") == 0)
636 params[cur].ECW = (params[cur].ECW & ~(0xf << 4)) | ((intval & 0xf) << 4);
637 else if (strcmp(cmd, "aifsn") == 0)
638 params[cur].ACI = (params[cur].ACI & ~(0xf)) | (intval & 0xf);
639 else if (strcmp(cmd, "txop") == 0)
640 params[cur].TXOP = intval >> 5;
641 else if (strcmp(cmd, "force") == 0)
642 params[cur].ACI = (params[cur].ACI & ~(1 << 4)) | ((intval) ? (1 << 4) : 0);
645 memcpy(buf, ¶ms[cur], sizeof(edcf_acparam_t));
646 wl_ioctl(interface, WLC_SET_VAR, wlbuf, BUFSIZE);
652 static const struct wlc_call wlc_calls[] = {
655 .param = STRING|NOARG,
656 .handler = wlc_string,
658 .desc = "Version of this program"
665 .desc = "wlc debug level"
671 .data.ptr = &fromstdin,
672 .desc = "Accept input from stdin"
677 .handler = wlc_ioctl,
679 .desc = "Bring the interface up"
684 .handler = wlc_ioctl,
685 .data.num = WLC_DOWN,
686 .desc = "Bring the interface down"
691 .handler = wlc_radio,
692 .desc = "Radio enabled flag"
697 .handler = wlc_ioctl,
698 .data.num = ((WLC_GET_AP << 16) | WLC_SET_AP),
699 .desc = "Access Point mode"
704 .handler = wlc_iovar,
706 .desc = "Multi-ssid mode"
711 .handler = wlc_iovar,
713 .desc = "AP+STA mode"
718 .handler = wlc_ioctl,
719 .data.num = ((WLC_GET_INFRA << 16) | WLC_SET_INFRA),
720 .desc = "Infrastructure mode"
725 .handler = wlc_ioctl,
726 .data.num = ((WLC_GET_WET << 16) | WLC_SET_WET),
727 .desc = "Wireless repeater mode",
730 .name = "statimeout",
732 .handler = wlc_iovar,
733 .data.str = "sta_retry_time",
734 .desc = "STA connection timeout"
739 .handler = wlc_ioctl,
740 .data.num = ((WLC_GET_COUNTRY << 16) | WLC_SET_COUNTRY),
741 .desc = "Country code"
746 .handler = wlc_ioctl,
747 .data.num = ((WLC_GET_CHANNEL << 16) | WLC_SET_CHANNEL),
755 .desc = "Current vif index"
760 .handler = wlc_vif_enabled,
761 .desc = "vif enabled flag"
767 .desc = "Interface ESSID"
772 .handler = wlc_bssiovar,
773 .data.str = "closednet",
774 .desc = "Hidden ESSID flag"
779 .handler = wlc_bssiovar,
781 .desc = "Security mode flags"
786 .handler = wlc_wsec_key,
787 .desc = "Set/Remove WEP keys"
790 .name = "wsec_restrict",
792 .handler = wlc_bssiovar,
793 .data.str = "wsec_restrict",
794 .desc = "Drop unencrypted traffic"
797 .name = "eap_restrict",
799 .handler = wlc_bssiovar,
800 .data.str = "eap_restrict",
801 .desc = "Only allow 802.1X traffic until 802.1X authorized"
806 .handler = wlc_bssiovar,
807 .data.str = "wpa_auth",
808 .desc = "WPA authentication modes"
811 .name = "ap_isolate",
813 .handler = wlc_bssiovar,
814 .data.str = "ap_isolate",
815 .desc = "Isolate connected clients"
818 .name = "supplicant",
820 .handler = wlc_iovar,
821 .data.str = "sup_wpa",
822 .desc = "Built-in WPA supplicant"
827 .handler = wlc_iovar,
828 .data.str = "maxassoc",
829 .desc = "Max. number of associated clients",
834 .handler = wlc_iovar,
836 .desc = "WME enabled"
841 .handler = wlc_wme_ac,
842 .data.str = "wme_ac_ap",
843 .desc = "Set WME AC options for AP mode",
846 .name = "wme_ac_sta",
848 .handler = wlc_wme_ac,
849 .data.str = "wme_ac_sta",
850 .desc = "Set WME AC options for STA mode",
855 .handler = wlc_iovar,
856 .data.str = "wme_noack",
857 .desc = "WME ACK disable request",
860 .name = "fragthresh",
862 .handler = wlc_iovar,
863 .data.str = "fragthresh",
864 .desc = "Fragmentation threshold",
869 .handler = wlc_iovar,
870 .data.str = "rtsthresh",
871 .desc = "RTS threshold"
876 .handler = wlc_ioctl,
877 .data.num = ((WLC_GET_ANTDIV << 16) | WLC_SET_ANTDIV),
878 .desc = "Rx antenna selection"
883 .handler = wlc_ioctl,
884 .data.num = ((WLC_GET_TXANT << 16) | WLC_SET_TXANT),
885 .desc = "Tx antenna selection"
890 .handler = wlc_ioctl,
891 .data.num = ((WLC_GET_DTIMPRD << 16) | WLC_SET_DTIMPRD),
892 .desc = "DTIM period",
897 .handler = wlc_ioctl,
898 .data.num = ((WLC_GET_BCNPRD << 16) | WLC_SET_BCNPRD),
899 .desc = "Beacon interval"
902 .name = "frameburst",
904 .handler = wlc_ioctl,
905 .data.num = ((WLC_GET_FAKEFRAG << 16) | WLC_SET_FAKEFRAG),
906 .desc = "Framebursting"
911 .handler = wlc_ioctl,
912 .data.num = ((WLC_GET_MONITOR << 16) | WLC_SET_MONITOR),
913 .desc = "Monitor mode"
918 .handler = wlc_ioctl,
919 .data.num = ((WLC_GET_PASSIVE << 16) | WLC_SET_PASSIVE),
920 .desc = "Passive mode"
925 .handler = wlc_ioctl,
926 .data.num = ((WLC_GET_MACMODE << 16) | WLC_SET_MACMODE),
927 .desc = "MAC filter mode (0:disabled, 1:deny, 2:allow)"
932 .data.num = ((WLC_GET_MACLIST << 16) | WLC_SET_MACLIST),
933 .handler = wlc_maclist,
934 .desc = "MAC filter list"
939 .handler = wlc_ioctl,
940 .data.num = ((WLC_GET_LAZYWDS << 16) | WLC_SET_LAZYWDS),
941 .desc = "Automatic WDS"
946 .data.num = ((WLC_GET_WDSLIST << 16) | WLC_SET_WDSLIST),
947 .handler = wlc_maclist,
948 .desc = "WDS connection list"
951 .name = "wdstimeout",
953 .handler = wlc_iovar,
954 .data.str = "wdstimeout",
955 .desc = "WDS link detection timeout"
958 .name = "afterburner",
960 .handler = wlc_afterburner,
961 .desc = "Broadcom Afterburner"
966 .handler = wlc_slottime,
967 .desc = "Slot time (-1 = auto)"
972 .handler = wlc_noack,
973 .desc = "Tx ACK enabled flag"
976 .name = "ibss_merge",
978 .handler = wlc_ibss_merge,
979 .desc = "Allow IBSS merge in Ad-Hoc mode"
982 #define wlc_calls_size (sizeof(wlc_calls) / sizeof(struct wlc_call))
984 static void usage(char *cmd)
987 fprintf(stderr, "Usage: %s <command> [<argument> ...]\n"
989 "Available commands:\n", cmd);
990 for (i = 0; i < wlc_calls_size; i++) {
991 fprintf(stderr, "\t%-16s\t%s\n", wlc_calls[i].name ?: "", wlc_calls[i].desc ?: "");
993 fprintf(stderr, "\n");
997 static int do_command(const struct wlc_call *cmd, char *arg)
999 static char buf[BUFSIZE];
1006 fprintf(stderr, "do_command %-16s\t'%s'\n", cmd->name, arg);
1009 if ((arg == NULL) && ((cmd->param & PARAM_TYPE) != NONE)) {
1011 ret = cmd->handler(cmd->param | GET, (void *) &cmd->data, (void *) buf);
1013 switch(cmd->param & PARAM_TYPE) {
1015 intval = *((int *) buf);
1018 format = "0x%08x\n";
1019 else if (intval > 255)
1020 format = "0x%04x\n";
1024 fprintf(stdout, format, intval);
1027 fprintf(stdout, "%s\n", buf);
1032 switch(cmd->param & PARAM_TYPE) {
1034 intval = strtoul(arg, &end, 10);
1035 if (end && !(*end)) {
1036 memcpy(buf, &intval, sizeof(intval));
1038 fprintf(stderr, "%s: Invalid argument\n", cmd->name);
1043 strncpy(buf, arg, BUFSIZE);
1044 buf[BUFSIZE - 1] = 0;
1047 ret = cmd->handler(cmd->param | SET, (void *) &cmd->data, (void *) buf);
1050 if ((debug > 0) && (ret != 0))
1051 fprintf(stderr, "Command '%s %s' failed: %d\n", (set == 1 ? "set" : "get"), cmd->name, ret);
1056 static struct wlc_call *find_cmd(char *name)
1058 int found = 0, i = 0;
1060 while (!found && (i < wlc_calls_size)) {
1061 if (strcmp(name, wlc_calls[i].name) == 0)
1067 return (struct wlc_call *) (found ? &wlc_calls[i] : NULL);
1070 int main(int argc, char **argv)
1072 static char buf[BUFSIZE];
1074 char *cmd = argv[0];
1075 struct wlc_call *call;
1081 for(interface[2] = '0'; (interface[2] < '3') && (wl_probe(interface) != 0); interface[2]++);
1082 if (interface[2] == '3') {
1083 fprintf(stderr, "No Broadcom wl interface found!\n");
1089 while ((argc > 0) && (argv[0] != NULL)) {
1090 if ((call = find_cmd(argv[0])) == NULL) {
1091 fprintf(stderr, "Invalid command: %s\n\n", argv[0]);
1094 if ((argc > 1) && (!(call->param & NOARG))) {
1095 ret = do_command(call, argv[1]);
1099 ret = do_command(call, NULL);
1105 while (fromstdin && !feof(stdin)) {
1107 fgets(buf, BUFSIZE - 1, stdin);
1112 if ((s = strchr(buf, '\r')) != NULL)
1114 if ((s = strchr(buf, '\n')) != NULL)
1124 if ((s2 = strchr(buf, ' ')) != NULL)
1127 while (s2 && isspace(*s2))
1130 if ((call = find_cmd(buf)) == NULL) {
1131 fprintf(stderr, "Invalid command: %s\n", buf);
1134 ret = do_command(call, ((call->param & NOARG) ? NULL : s2));