driver_nl80211.c revision d74fe090aaf0e309fe71eee2b0298f19226ea83d
1/* 2 * WPA Supplicant - driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15#include "includes.h" 16#include <sys/ioctl.h> 17#include <net/if_arp.h> 18#include <netlink/genl/genl.h> 19#include <netlink/genl/family.h> 20#include <netlink/genl/ctrl.h> 21#include "nl80211_copy.h" 22#ifdef CONFIG_CLIENT_MLME 23#include <netpacket/packet.h> 24#include <linux/if_ether.h> 25#include "radiotap.h" 26#include "radiotap_iter.h" 27#endif /* CONFIG_CLIENT_MLME */ 28 29#include "wireless_copy.h" 30#include "common.h" 31#include "driver.h" 32#include "eloop.h" 33#include "ieee802_11_defs.h" 34 35#ifndef IFF_LOWER_UP 36#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 37#endif 38#ifndef IFF_DORMANT 39#define IFF_DORMANT 0x20000 /* driver signals dormant */ 40#endif 41 42#ifndef IF_OPER_DORMANT 43#define IF_OPER_DORMANT 5 44#endif 45#ifndef IF_OPER_UP 46#define IF_OPER_UP 6 47#endif 48 49 50struct wpa_driver_nl80211_data { 51 void *ctx; 52 int wext_event_sock; 53 int ioctl_sock; 54 char ifname[IFNAMSIZ + 1]; 55 int ifindex; 56 int if_removed; 57 u8 *assoc_req_ies; 58 size_t assoc_req_ies_len; 59 u8 *assoc_resp_ies; 60 size_t assoc_resp_ies_len; 61 struct wpa_driver_capa capa; 62 int has_capability; 63 int we_version_compiled; 64 65 /* for set_auth_alg fallback */ 66 int use_crypt; 67 int auth_alg_fallback; 68 69 int operstate; 70 71 char mlmedev[IFNAMSIZ + 1]; 72 73 int scan_complete_events; 74 75 struct nl_handle *nl_handle; 76 struct nl_cache *nl_cache; 77 struct nl_cb *nl_cb; 78 struct genl_family *nl80211; 79 80#ifdef CONFIG_CLIENT_MLME 81 int monitor_sock; /* socket for monitor */ 82 int monitor_ifidx; 83#endif /* CONFIG_CLIENT_MLME */ 84}; 85 86 87static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 88 void *timeout_ctx); 89static int wpa_driver_nl80211_set_mode(void *priv, int mode); 90static int wpa_driver_nl80211_flush_pmkid(void *priv); 91static int wpa_driver_nl80211_get_range(void *priv); 92static void 93wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv); 94 95 96/* nl80211 code */ 97static int ack_handler(struct nl_msg *msg, void *arg) 98{ 99 int *err = arg; 100 *err = 0; 101 return NL_STOP; 102} 103 104static int finish_handler(struct nl_msg *msg, void *arg) 105{ 106 int *ret = arg; 107 *ret = 0; 108 return NL_SKIP; 109} 110 111static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 112 void *arg) 113{ 114 int *ret = arg; 115 *ret = err->error; 116 return NL_SKIP; 117} 118 119static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 120 struct nl_msg *msg, 121 int (*valid_handler)(struct nl_msg *, void *), 122 void *valid_data) 123{ 124 struct nl_cb *cb; 125 int err = -ENOMEM; 126 127 cb = nl_cb_clone(drv->nl_cb); 128 if (!cb) 129 goto out; 130 131 err = nl_send_auto_complete(drv->nl_handle, msg); 132 if (err < 0) 133 goto out; 134 135 err = 1; 136 137 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 138 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 139 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 140 141 if (valid_handler) 142 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 143 valid_handler, valid_data); 144 145 while (err > 0) 146 nl_recvmsgs(drv->nl_handle, cb); 147 out: 148 nl_cb_put(cb); 149 nlmsg_free(msg); 150 return err; 151} 152 153 154struct family_data { 155 const char *group; 156 int id; 157}; 158 159 160static int family_handler(struct nl_msg *msg, void *arg) 161{ 162 struct family_data *res = arg; 163 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 164 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 165 struct nlattr *mcgrp; 166 int i; 167 168 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 169 genlmsg_attrlen(gnlh, 0), NULL); 170 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 171 return NL_SKIP; 172 173 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 174 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 175 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 176 nla_len(mcgrp), NULL); 177 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 178 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 179 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 180 res->group, 181 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 182 continue; 183 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 184 break; 185 }; 186 187 return NL_SKIP; 188} 189 190 191static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv, 192 const char *family, const char *group) 193{ 194 struct nl_msg *msg; 195 int ret = -1; 196 struct family_data res = { group, -ENOENT }; 197 198 msg = nlmsg_alloc(); 199 if (!msg) 200 return -ENOMEM; 201 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"), 202 0, 0, CTRL_CMD_GETFAMILY, 0); 203 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 204 205 ret = send_and_recv_msgs(drv, msg, family_handler, &res); 206 msg = NULL; 207 if (ret == 0) 208 ret = res.id; 209 210nla_put_failure: 211 nlmsg_free(msg); 212 return ret; 213} 214 215 216static int wpa_driver_nl80211_send_oper_ifla( 217 struct wpa_driver_nl80211_data *drv, 218 int linkmode, int operstate) 219{ 220 struct { 221 struct nlmsghdr hdr; 222 struct ifinfomsg ifinfo; 223 char opts[16]; 224 } req; 225 struct rtattr *rta; 226 static int nl_seq; 227 ssize_t ret; 228 229 os_memset(&req, 0, sizeof(req)); 230 231 req.hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)); 232 req.hdr.nlmsg_type = RTM_SETLINK; 233 req.hdr.nlmsg_flags = NLM_F_REQUEST; 234 req.hdr.nlmsg_seq = ++nl_seq; 235 req.hdr.nlmsg_pid = 0; 236 237 req.ifinfo.ifi_family = AF_UNSPEC; 238 req.ifinfo.ifi_type = 0; 239 req.ifinfo.ifi_index = drv->ifindex; 240 req.ifinfo.ifi_flags = 0; 241 req.ifinfo.ifi_change = 0; 242 243 if (linkmode != -1) { 244 rta = (struct rtattr *) 245 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len)); 246 rta->rta_type = IFLA_LINKMODE; 247 rta->rta_len = RTA_LENGTH(sizeof(char)); 248 *((char *) RTA_DATA(rta)) = linkmode; 249 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) + 250 RTA_LENGTH(sizeof(char)); 251 } 252 if (operstate != -1) { 253 rta = (struct rtattr *) 254 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len)); 255 rta->rta_type = IFLA_OPERSTATE; 256 rta->rta_len = RTA_LENGTH(sizeof(char)); 257 *((char *) RTA_DATA(rta)) = operstate; 258 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) + 259 RTA_LENGTH(sizeof(char)); 260 } 261 262 wpa_printf(MSG_DEBUG, "WEXT: Operstate: linkmode=%d, operstate=%d", 263 linkmode, operstate); 264 265 ret = send(drv->wext_event_sock, &req, req.hdr.nlmsg_len, 0); 266 if (ret < 0) { 267 wpa_printf(MSG_DEBUG, "WEXT: Sending operstate IFLA failed: " 268 "%s (assume operstate is not supported)", 269 strerror(errno)); 270 } 271 272 return ret < 0 ? -1 : 0; 273} 274 275 276static int wpa_driver_nl80211_set_auth_param( 277 struct wpa_driver_nl80211_data *drv, int idx, u32 value) 278{ 279 struct iwreq iwr; 280 int ret = 0; 281 282 os_memset(&iwr, 0, sizeof(iwr)); 283 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 284 iwr.u.param.flags = idx & IW_AUTH_INDEX; 285 iwr.u.param.value = value; 286 287 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) { 288 if (errno != EOPNOTSUPP) { 289 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d " 290 "value 0x%x) failed: %s)", 291 idx, value, strerror(errno)); 292 } 293 ret = errno == EOPNOTSUPP ? -2 : -1; 294 } 295 296 return ret; 297} 298 299 300static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 301{ 302 struct wpa_driver_nl80211_data *drv = priv; 303 struct iwreq iwr; 304 int ret = 0; 305 306 os_memset(&iwr, 0, sizeof(iwr)); 307 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 308 309 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) { 310 perror("ioctl[SIOCGIWAP]"); 311 ret = -1; 312 } 313 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN); 314 315 return ret; 316} 317 318 319static int wpa_driver_nl80211_set_bssid(void *priv, const u8 *bssid) 320{ 321 struct wpa_driver_nl80211_data *drv = priv; 322 struct iwreq iwr; 323 int ret = 0; 324 325 os_memset(&iwr, 0, sizeof(iwr)); 326 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 327 iwr.u.ap_addr.sa_family = ARPHRD_ETHER; 328 if (bssid) 329 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN); 330 else 331 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN); 332 333 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) { 334 perror("ioctl[SIOCSIWAP]"); 335 ret = -1; 336 } 337 338 return ret; 339} 340 341 342static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 343{ 344 struct wpa_driver_nl80211_data *drv = priv; 345 struct iwreq iwr; 346 int ret = 0; 347 348 os_memset(&iwr, 0, sizeof(iwr)); 349 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 350 iwr.u.essid.pointer = (caddr_t) ssid; 351 iwr.u.essid.length = 32; 352 353 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) { 354 perror("ioctl[SIOCGIWESSID]"); 355 ret = -1; 356 } else { 357 ret = iwr.u.essid.length; 358 if (ret > 32) 359 ret = 32; 360 /* Some drivers include nul termination in the SSID, so let's 361 * remove it here before further processing. WE-21 changes this 362 * to explicitly require the length _not_ to include nul 363 * termination. */ 364 if (ret > 0 && ssid[ret - 1] == '\0' && 365 drv->we_version_compiled < 21) 366 ret--; 367 } 368 369 return ret; 370} 371 372 373static int wpa_driver_nl80211_set_ssid(void *priv, const u8 *ssid, 374 size_t ssid_len) 375{ 376 struct wpa_driver_nl80211_data *drv = priv; 377 struct iwreq iwr; 378 int ret = 0; 379 char buf[33]; 380 381 if (ssid_len > 32) 382 return -1; 383 384 os_memset(&iwr, 0, sizeof(iwr)); 385 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 386 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */ 387 iwr.u.essid.flags = (ssid_len != 0); 388 os_memset(buf, 0, sizeof(buf)); 389 os_memcpy(buf, ssid, ssid_len); 390 iwr.u.essid.pointer = (caddr_t) buf; 391 if (drv->we_version_compiled < 21) { 392 /* For historic reasons, set SSID length to include one extra 393 * character, C string nul termination, even though SSID is 394 * really an octet string that should not be presented as a C 395 * string. Some Linux drivers decrement the length by one and 396 * can thus end up missing the last octet of the SSID if the 397 * length is not incremented here. WE-21 changes this to 398 * explicitly require the length _not_ to include nul 399 * termination. */ 400 if (ssid_len) 401 ssid_len++; 402 } 403 iwr.u.essid.length = ssid_len; 404 405 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) { 406 perror("ioctl[SIOCSIWESSID]"); 407 ret = -1; 408 } 409 410 return ret; 411} 412 413 414static int wpa_driver_nl80211_set_freq(void *priv, int freq) 415{ 416 struct wpa_driver_nl80211_data *drv = priv; 417 struct iwreq iwr; 418 int ret = 0; 419 420 os_memset(&iwr, 0, sizeof(iwr)); 421 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 422 iwr.u.freq.m = freq * 100000; 423 iwr.u.freq.e = 1; 424 425 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) { 426 perror("ioctl[SIOCSIWFREQ]"); 427 ret = -1; 428 } 429 430 return ret; 431} 432 433 434static void 435wpa_driver_nl80211_event_wireless_custom(void *ctx, char *custom) 436{ 437 union wpa_event_data data; 438 439 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'", 440 custom); 441 442 os_memset(&data, 0, sizeof(data)); 443 /* Host AP driver */ 444 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) { 445 data.michael_mic_failure.unicast = 446 os_strstr(custom, " unicast ") != NULL; 447 /* TODO: parse parameters(?) */ 448 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 449 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) { 450 char *spos; 451 int bytes; 452 453 spos = custom + 17; 454 455 bytes = strspn(spos, "0123456789abcdefABCDEF"); 456 if (!bytes || (bytes & 1)) 457 return; 458 bytes /= 2; 459 460 data.assoc_info.req_ies = os_malloc(bytes); 461 if (data.assoc_info.req_ies == NULL) 462 return; 463 464 data.assoc_info.req_ies_len = bytes; 465 hexstr2bin(spos, data.assoc_info.req_ies, bytes); 466 467 spos += bytes * 2; 468 469 data.assoc_info.resp_ies = NULL; 470 data.assoc_info.resp_ies_len = 0; 471 472 if (os_strncmp(spos, " RespIEs=", 9) == 0) { 473 spos += 9; 474 475 bytes = strspn(spos, "0123456789abcdefABCDEF"); 476 if (!bytes || (bytes & 1)) 477 goto done; 478 bytes /= 2; 479 480 data.assoc_info.resp_ies = os_malloc(bytes); 481 if (data.assoc_info.resp_ies == NULL) 482 goto done; 483 484 data.assoc_info.resp_ies_len = bytes; 485 hexstr2bin(spos, data.assoc_info.resp_ies, bytes); 486 } 487 488 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data); 489 490 done: 491 os_free(data.assoc_info.resp_ies); 492 os_free(data.assoc_info.req_ies); 493#ifdef CONFIG_PEERKEY 494 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) { 495 if (hwaddr_aton(custom + 17, data.stkstart.peer)) { 496 wpa_printf(MSG_DEBUG, "WEXT: unrecognized " 497 "STKSTART.request '%s'", custom + 17); 498 return; 499 } 500 wpa_supplicant_event(ctx, EVENT_STKSTART, &data); 501#endif /* CONFIG_PEERKEY */ 502 } 503} 504 505 506static int wpa_driver_nl80211_event_wireless_michaelmicfailure( 507 void *ctx, const char *ev, size_t len) 508{ 509 const struct iw_michaelmicfailure *mic; 510 union wpa_event_data data; 511 512 if (len < sizeof(*mic)) 513 return -1; 514 515 mic = (const struct iw_michaelmicfailure *) ev; 516 517 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: " 518 "flags=0x%x src_addr=" MACSTR, mic->flags, 519 MAC2STR(mic->src_addr.sa_data)); 520 521 os_memset(&data, 0, sizeof(data)); 522 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP); 523 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 524 525 return 0; 526} 527 528 529static int wpa_driver_nl80211_event_wireless_pmkidcand( 530 struct wpa_driver_nl80211_data *drv, const char *ev, size_t len) 531{ 532 const struct iw_pmkid_cand *cand; 533 union wpa_event_data data; 534 const u8 *addr; 535 536 if (len < sizeof(*cand)) 537 return -1; 538 539 cand = (const struct iw_pmkid_cand *) ev; 540 addr = (const u8 *) cand->bssid.sa_data; 541 542 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: " 543 "flags=0x%x index=%d bssid=" MACSTR, cand->flags, 544 cand->index, MAC2STR(addr)); 545 546 os_memset(&data, 0, sizeof(data)); 547 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN); 548 data.pmkid_candidate.index = cand->index; 549 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH; 550 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 551 552 return 0; 553} 554 555 556static int wpa_driver_nl80211_event_wireless_assocreqie( 557 struct wpa_driver_nl80211_data *drv, const char *ev, int len) 558{ 559 if (len < 0) 560 return -1; 561 562 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev, 563 len); 564 os_free(drv->assoc_req_ies); 565 drv->assoc_req_ies = os_malloc(len); 566 if (drv->assoc_req_ies == NULL) { 567 drv->assoc_req_ies_len = 0; 568 return -1; 569 } 570 os_memcpy(drv->assoc_req_ies, ev, len); 571 drv->assoc_req_ies_len = len; 572 573 return 0; 574} 575 576 577static int wpa_driver_nl80211_event_wireless_assocrespie( 578 struct wpa_driver_nl80211_data *drv, const char *ev, int len) 579{ 580 if (len < 0) 581 return -1; 582 583 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev, 584 len); 585 os_free(drv->assoc_resp_ies); 586 drv->assoc_resp_ies = os_malloc(len); 587 if (drv->assoc_resp_ies == NULL) { 588 drv->assoc_resp_ies_len = 0; 589 return -1; 590 } 591 os_memcpy(drv->assoc_resp_ies, ev, len); 592 drv->assoc_resp_ies_len = len; 593 594 return 0; 595} 596 597 598static void wpa_driver_nl80211_event_assoc_ies(struct wpa_driver_nl80211_data *drv) 599{ 600 union wpa_event_data data; 601 602 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL) 603 return; 604 605 os_memset(&data, 0, sizeof(data)); 606 if (drv->assoc_req_ies) { 607 data.assoc_info.req_ies = drv->assoc_req_ies; 608 drv->assoc_req_ies = NULL; 609 data.assoc_info.req_ies_len = drv->assoc_req_ies_len; 610 } 611 if (drv->assoc_resp_ies) { 612 data.assoc_info.resp_ies = drv->assoc_resp_ies; 613 drv->assoc_resp_ies = NULL; 614 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len; 615 } 616 617 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data); 618 619 os_free(data.assoc_info.req_ies); 620 os_free(data.assoc_info.resp_ies); 621} 622 623 624static void wpa_driver_nl80211_event_wireless(struct wpa_driver_nl80211_data *drv, 625 void *ctx, char *data, int len) 626{ 627 struct iw_event iwe_buf, *iwe = &iwe_buf; 628 char *pos, *end, *custom, *buf; 629 630 pos = data; 631 end = data + len; 632 633 while (pos + IW_EV_LCP_LEN <= end) { 634 /* Event data may be unaligned, so make a local, aligned copy 635 * before processing. */ 636 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN); 637 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d", 638 iwe->cmd, iwe->len); 639 if (iwe->len <= IW_EV_LCP_LEN) 640 return; 641 642 custom = pos + IW_EV_POINT_LEN; 643 if (drv->we_version_compiled > 18 && 644 (iwe->cmd == IWEVMICHAELMICFAILURE || 645 iwe->cmd == IWEVCUSTOM || 646 iwe->cmd == IWEVASSOCREQIE || 647 iwe->cmd == IWEVASSOCRESPIE || 648 iwe->cmd == IWEVPMKIDCAND)) { 649 /* WE-19 removed the pointer from struct iw_point */ 650 char *dpos = (char *) &iwe_buf.u.data.length; 651 int dlen = dpos - (char *) &iwe_buf; 652 os_memcpy(dpos, pos + IW_EV_LCP_LEN, 653 sizeof(struct iw_event) - dlen); 654 } else { 655 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event)); 656 custom += IW_EV_POINT_OFF; 657 } 658 659 switch (iwe->cmd) { 660 case SIOCGIWAP: 661 wpa_printf(MSG_DEBUG, "Wireless event: new AP: " 662 MACSTR, 663 MAC2STR((u8 *) iwe->u.ap_addr.sa_data)); 664 if (is_zero_ether_addr( 665 (const u8 *) iwe->u.ap_addr.sa_data) || 666 os_memcmp(iwe->u.ap_addr.sa_data, 667 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) == 668 0) { 669 os_free(drv->assoc_req_ies); 670 drv->assoc_req_ies = NULL; 671 os_free(drv->assoc_resp_ies); 672 drv->assoc_resp_ies = NULL; 673 wpa_supplicant_event(ctx, EVENT_DISASSOC, 674 NULL); 675 676 } else { 677 wpa_driver_nl80211_event_assoc_ies(drv); 678 wpa_supplicant_event(ctx, EVENT_ASSOC, NULL); 679 } 680 break; 681 case IWEVMICHAELMICFAILURE: 682 wpa_driver_nl80211_event_wireless_michaelmicfailure( 683 ctx, custom, iwe->u.data.length); 684 break; 685 case IWEVCUSTOM: 686 if (custom + iwe->u.data.length > end) 687 return; 688 buf = os_malloc(iwe->u.data.length + 1); 689 if (buf == NULL) 690 return; 691 os_memcpy(buf, custom, iwe->u.data.length); 692 buf[iwe->u.data.length] = '\0'; 693 wpa_driver_nl80211_event_wireless_custom(ctx, buf); 694 os_free(buf); 695 break; 696 case IWEVASSOCREQIE: 697 wpa_driver_nl80211_event_wireless_assocreqie( 698 drv, custom, iwe->u.data.length); 699 break; 700 case IWEVASSOCRESPIE: 701 wpa_driver_nl80211_event_wireless_assocrespie( 702 drv, custom, iwe->u.data.length); 703 break; 704 case IWEVPMKIDCAND: 705 wpa_driver_nl80211_event_wireless_pmkidcand( 706 drv, custom, iwe->u.data.length); 707 break; 708 } 709 710 pos += iwe->len; 711 } 712} 713 714 715static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv, 716 void *ctx, char *buf, size_t len, 717 int del) 718{ 719 union wpa_event_data event; 720 721 os_memset(&event, 0, sizeof(event)); 722 if (len > sizeof(event.interface_status.ifname)) 723 len = sizeof(event.interface_status.ifname) - 1; 724 os_memcpy(event.interface_status.ifname, buf, len); 725 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 726 EVENT_INTERFACE_ADDED; 727 728 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 729 del ? "DEL" : "NEW", 730 event.interface_status.ifname, 731 del ? "removed" : "added"); 732 733 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) { 734 if (del) 735 drv->if_removed = 1; 736 else 737 drv->if_removed = 0; 738 } 739 740 wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event); 741} 742 743 744static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 745 struct nlmsghdr *h) 746{ 747 struct ifinfomsg *ifi; 748 int attrlen, _nlmsg_len, rta_len; 749 struct rtattr *attr; 750 751 ifi = NLMSG_DATA(h); 752 753 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg)); 754 755 attrlen = h->nlmsg_len - _nlmsg_len; 756 if (attrlen < 0) 757 return 0; 758 759 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len); 760 761 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 762 while (RTA_OK(attr, attrlen)) { 763 if (attr->rta_type == IFLA_IFNAME) { 764 if (os_strcmp(((char *) attr) + rta_len, drv->ifname) 765 == 0) 766 return 1; 767 else 768 break; 769 } 770 attr = RTA_NEXT(attr, attrlen); 771 } 772 773 return 0; 774} 775 776 777static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 778 int ifindex, struct nlmsghdr *h) 779{ 780 if (drv->ifindex == ifindex) 781 return 1; 782 783 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, h)) { 784 drv->ifindex = if_nametoindex(drv->ifname); 785 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 786 "interface"); 787 wpa_driver_nl80211_finish_drv_init(drv); 788 return 1; 789 } 790 791 return 0; 792} 793 794 795static void wpa_driver_nl80211_event_rtm_newlink(struct wpa_driver_nl80211_data *drv, 796 void *ctx, struct nlmsghdr *h, 797 size_t len) 798{ 799 struct ifinfomsg *ifi; 800 int attrlen, _nlmsg_len, rta_len; 801 struct rtattr * attr; 802 803 if (len < sizeof(*ifi)) 804 return; 805 806 ifi = NLMSG_DATA(h); 807 808 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, h)) { 809 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d", 810 ifi->ifi_index); 811 return; 812 } 813 814 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 815 "(%s%s%s%s)", 816 drv->operstate, ifi->ifi_flags, 817 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 818 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 819 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 820 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 821 /* 822 * Some drivers send the association event before the operup event--in 823 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 824 * fails. This will hit us when wpa_supplicant does not need to do 825 * IEEE 802.1X authentication 826 */ 827 if (drv->operstate == 1 && 828 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 829 !(ifi->ifi_flags & IFF_RUNNING)) 830 wpa_driver_nl80211_send_oper_ifla(drv, -1, IF_OPER_UP); 831 832 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg)); 833 834 attrlen = h->nlmsg_len - _nlmsg_len; 835 if (attrlen < 0) 836 return; 837 838 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len); 839 840 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 841 while (RTA_OK(attr, attrlen)) { 842 if (attr->rta_type == IFLA_WIRELESS) { 843 wpa_driver_nl80211_event_wireless( 844 drv, ctx, ((char *) attr) + rta_len, 845 attr->rta_len - rta_len); 846 } else if (attr->rta_type == IFLA_IFNAME) { 847 wpa_driver_nl80211_event_link( 848 drv, ctx, 849 ((char *) attr) + rta_len, 850 attr->rta_len - rta_len, 0); 851 } 852 attr = RTA_NEXT(attr, attrlen); 853 } 854} 855 856 857static void wpa_driver_nl80211_event_rtm_dellink(struct wpa_driver_nl80211_data *drv, 858 void *ctx, struct nlmsghdr *h, 859 size_t len) 860{ 861 struct ifinfomsg *ifi; 862 int attrlen, _nlmsg_len, rta_len; 863 struct rtattr * attr; 864 865 if (len < sizeof(*ifi)) 866 return; 867 868 ifi = NLMSG_DATA(h); 869 870 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg)); 871 872 attrlen = h->nlmsg_len - _nlmsg_len; 873 if (attrlen < 0) 874 return; 875 876 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len); 877 878 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 879 while (RTA_OK(attr, attrlen)) { 880 if (attr->rta_type == IFLA_IFNAME) { 881 wpa_driver_nl80211_event_link( 882 drv, ctx, 883 ((char *) attr) + rta_len, 884 attr->rta_len - rta_len, 1); 885 } 886 attr = RTA_NEXT(attr, attrlen); 887 } 888} 889 890 891static void wpa_driver_nl80211_event_receive_wext(int sock, void *eloop_ctx, 892 void *sock_ctx) 893{ 894 char buf[8192]; 895 int left; 896 struct sockaddr_nl from; 897 socklen_t fromlen; 898 struct nlmsghdr *h; 899 int max_events = 10; 900 901try_again: 902 fromlen = sizeof(from); 903 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT, 904 (struct sockaddr *) &from, &fromlen); 905 if (left < 0) { 906 if (errno != EINTR && errno != EAGAIN) 907 perror("recvfrom(netlink)"); 908 return; 909 } 910 911 h = (struct nlmsghdr *) buf; 912 while (left >= (int) sizeof(*h)) { 913 int len, plen; 914 915 len = h->nlmsg_len; 916 plen = len - sizeof(*h); 917 if (len > left || plen < 0) { 918 wpa_printf(MSG_DEBUG, "Malformed netlink message: " 919 "len=%d left=%d plen=%d", 920 len, left, plen); 921 break; 922 } 923 924 switch (h->nlmsg_type) { 925 case RTM_NEWLINK: 926 wpa_driver_nl80211_event_rtm_newlink(eloop_ctx, sock_ctx, 927 h, plen); 928 break; 929 case RTM_DELLINK: 930 wpa_driver_nl80211_event_rtm_dellink(eloop_ctx, sock_ctx, 931 h, plen); 932 break; 933 } 934 935 len = NLMSG_ALIGN(len); 936 left -= len; 937 h = (struct nlmsghdr *) ((char *) h + len); 938 } 939 940 if (left > 0) { 941 wpa_printf(MSG_DEBUG, "%d extra bytes in the end of netlink " 942 "message", left); 943 } 944 945 if (--max_events > 0) { 946 /* 947 * Try to receive all events in one eloop call in order to 948 * limit race condition on cases where AssocInfo event, Assoc 949 * event, and EAPOL frames are received more or less at the 950 * same time. We want to process the event messages first 951 * before starting EAPOL processing. 952 */ 953 goto try_again; 954 } 955} 956 957 958static int no_seq_check(struct nl_msg *msg, void *arg) 959{ 960 return NL_OK; 961} 962 963 964static int process_event(struct nl_msg *msg, void *arg) 965{ 966 struct wpa_driver_nl80211_data *drv = arg; 967 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 968 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 969 970 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 971 genlmsg_attrlen(gnlh, 0), NULL); 972 973 if (tb[NL80211_ATTR_IFINDEX]) { 974 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 975 if (ifindex != drv->ifindex) { 976 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)" 977 " for foreign interface (ifindex %d)", 978 gnlh->cmd, ifindex); 979 return NL_SKIP; 980 } 981 } 982 983 switch (gnlh->cmd) { 984 case NL80211_CMD_NEW_SCAN_RESULTS: 985 wpa_printf(MSG_DEBUG, "nl80211: New scan results available"); 986 drv->scan_complete_events = 1; 987 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 988 drv->ctx); 989 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, NULL); 990 break; 991 case NL80211_CMD_SCAN_ABORTED: 992 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted"); 993 /* 994 * Need to indicate that scan results are available in order 995 * not to make wpa_supplicant stop its scanning. 996 */ 997 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 998 drv->ctx); 999 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, NULL); 1000 break; 1001 default: 1002 wpa_printf(MSG_DEBUG, "nl0211: Ignored unknown event (cmd=%d)", 1003 gnlh->cmd); 1004 break; 1005 } 1006 1007 return NL_SKIP; 1008} 1009 1010 1011static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 1012 void *sock_ctx) 1013{ 1014 struct nl_cb *cb; 1015 struct wpa_driver_nl80211_data *drv = eloop_ctx; 1016 1017 wpa_printf(MSG_DEBUG, "nl80211: Event message available"); 1018 1019 cb = nl_cb_clone(drv->nl_cb); 1020 if (!cb) 1021 return; 1022 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 1023 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv); 1024 nl_recvmsgs(drv->nl_handle, cb); 1025 nl_cb_put(cb); 1026} 1027 1028 1029static int wpa_driver_nl80211_get_ifflags_ifname(struct wpa_driver_nl80211_data *drv, 1030 const char *ifname, int *flags) 1031{ 1032 struct ifreq ifr; 1033 1034 os_memset(&ifr, 0, sizeof(ifr)); 1035 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ); 1036 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) { 1037 perror("ioctl[SIOCGIFFLAGS]"); 1038 return -1; 1039 } 1040 *flags = ifr.ifr_flags & 0xffff; 1041 return 0; 1042} 1043 1044 1045/** 1046 * wpa_driver_nl80211_get_ifflags - Get interface flags (SIOCGIFFLAGS) 1047 * @drv: driver_nl80211 private data 1048 * @flags: Pointer to returned flags value 1049 * Returns: 0 on success, -1 on failure 1050 */ 1051static int wpa_driver_nl80211_get_ifflags(struct wpa_driver_nl80211_data *drv, 1052 int *flags) 1053{ 1054 return wpa_driver_nl80211_get_ifflags_ifname(drv, drv->ifname, flags); 1055} 1056 1057 1058static int wpa_driver_nl80211_set_ifflags_ifname( 1059 struct wpa_driver_nl80211_data *drv, 1060 const char *ifname, int flags) 1061{ 1062 struct ifreq ifr; 1063 1064 os_memset(&ifr, 0, sizeof(ifr)); 1065 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ); 1066 ifr.ifr_flags = flags & 0xffff; 1067 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) { 1068 perror("SIOCSIFFLAGS"); 1069 return -1; 1070 } 1071 return 0; 1072} 1073 1074 1075/** 1076 * wpa_driver_nl80211_set_ifflags - Set interface flags (SIOCSIFFLAGS) 1077 * @drv: driver_nl80211 private data 1078 * @flags: New value for flags 1079 * Returns: 0 on success, -1 on failure 1080 */ 1081static int wpa_driver_nl80211_set_ifflags(struct wpa_driver_nl80211_data *drv, 1082 int flags) 1083{ 1084 return wpa_driver_nl80211_set_ifflags_ifname(drv, drv->ifname, flags); 1085} 1086 1087 1088/** 1089 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 1090 * @priv: driver_nl80211 private data 1091 * @alpha2_arg: country to which to switch to 1092 * Returns: 0 on success, -1 on failure 1093 * 1094 * This asks nl80211 to set the regulatory domain for given 1095 * country ISO / IEC alpha2. 1096 */ 1097static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 1098{ 1099 struct wpa_driver_nl80211_data *drv = priv; 1100 char alpha2[3]; 1101 struct nl_msg *msg; 1102 1103 msg = nlmsg_alloc(); 1104 if (!msg) 1105 goto nla_put_failure; 1106 1107 alpha2[0] = alpha2_arg[0]; 1108 alpha2[1] = alpha2_arg[1]; 1109 alpha2[2] = '\0'; 1110 1111 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1112 0, NL80211_CMD_REQ_SET_REG, 0); 1113 1114 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 1115 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 1116 return -EINVAL; 1117 return 0; 1118nla_put_failure: 1119 return -EINVAL; 1120} 1121 1122 1123static int wpa_driver_nl80211_set_probe_req_ie(void *priv, const u8 *ies, 1124 size_t ies_len) 1125{ 1126 struct wpa_driver_nl80211_data *drv = priv; 1127 struct nl_msg *msg; 1128 int ret = -1; 1129 1130 msg = nlmsg_alloc(); 1131 if (!msg) 1132 return -ENOMEM; 1133 1134 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 1135 NL80211_CMD_SET_MGMT_EXTRA_IE, 0); 1136 1137 NLA_PUT_U8(msg, NL80211_ATTR_MGMT_SUBTYPE, 4 /* ProbeReq */); 1138 if (ies) 1139 NLA_PUT(msg, NL80211_ATTR_IE, ies_len, ies); 1140 1141 ret = 0; 1142 1143 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1144 1145 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 1146 return ret; 1147 1148nla_put_failure: 1149 return -ENOBUFS; 1150} 1151 1152 1153#ifdef CONFIG_CLIENT_MLME 1154 1155static int nl80211_set_vif(struct wpa_driver_nl80211_data *drv, 1156 int drop_unencrypted, int userspace_mlme) 1157{ 1158#ifdef NL80211_CMD_SET_VIF 1159 struct nl_msg *msg; 1160 int ret = -1; 1161 1162 msg = nlmsg_alloc(); 1163 if (!msg) 1164 return -ENOMEM; 1165 1166 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 1167 NL80211_CMD_SET_VIF, 0); 1168 1169 if (drop_unencrypted >= 0) 1170 NLA_PUT_U8(msg, NL80211_ATTR_VIF_DROP_UNENCRYPTED, 1171 drop_unencrypted); 1172 if (userspace_mlme >= 0) 1173 NLA_PUT_U8(msg, NL80211_ATTR_VIF_USERSPACE_MLME, 1174 userspace_mlme); 1175 1176 ret = 0; 1177 1178 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1179 1180 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 1181 return ret; 1182 1183nla_put_failure: 1184 return -ENOBUFS; 1185#else /* NL80211_CMD_SET_VIF */ 1186 return -1; 1187#endif /* NL80211_CMD_SET_VIF */ 1188} 1189 1190 1191static int wpa_driver_nl80211_set_userspace_mlme( 1192 struct wpa_driver_nl80211_data *drv, int enabled) 1193{ 1194 return nl80211_set_vif(drv, -1, enabled); 1195} 1196 1197 1198static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 1199 int ifidx) 1200{ 1201 struct nl_msg *msg; 1202 1203 msg = nlmsg_alloc(); 1204 if (!msg) 1205 goto nla_put_failure; 1206 1207 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1208 0, NL80211_CMD_DEL_INTERFACE, 0); 1209 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 1210 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 1211 return; 1212nla_put_failure: 1213 wpa_printf(MSG_ERROR, "nl80211: Failed to remove interface."); 1214} 1215 1216 1217static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 1218 const char *ifname, enum nl80211_iftype iftype) 1219{ 1220 struct nl_msg *msg, *flags = NULL; 1221 int ifidx, err; 1222 int ret = -ENOBUFS; 1223 1224 msg = nlmsg_alloc(); 1225 if (!msg) 1226 return -1; 1227 1228 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1229 0, NL80211_CMD_NEW_INTERFACE, 0); 1230 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname)); 1231 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 1232 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 1233 1234 if (iftype == NL80211_IFTYPE_MONITOR) { 1235 flags = nlmsg_alloc(); 1236 if (!flags) 1237 goto nla_put_failure; 1238 1239 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES); 1240 1241 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags); 1242 1243 nlmsg_free(flags); 1244 1245 if (err) 1246 goto nla_put_failure; 1247 } 1248 1249 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 1250 if (ret) { 1251 nla_put_failure: 1252 wpa_printf(MSG_ERROR, "nl80211: Failed to create interface %d", 1253 ret); 1254 return ret; 1255 } 1256 1257 ifidx = if_nametoindex(ifname); 1258 if (ifidx <= 0) 1259 return -1; 1260 1261 return ifidx; 1262} 1263 1264 1265static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 1266{ 1267 struct wpa_driver_nl80211_data *drv = eloop_ctx; 1268 int len; 1269 unsigned char buf[3000]; 1270 struct ieee80211_radiotap_iterator iter; 1271 int ret; 1272 int injected = 0, failed = 0, rxflags = 0; 1273 struct ieee80211_rx_status rx_status; 1274 1275 len = recv(sock, buf, sizeof(buf), 0); 1276 if (len < 0) { 1277 perror("recv"); 1278 return; 1279 } 1280 1281 if (ieee80211_radiotap_iterator_init(&iter, (void *) buf, len)) { 1282 wpa_printf(MSG_DEBUG, "nl80211: received invalid radiotap " 1283 "frame"); 1284 return; 1285 } 1286 1287 os_memset(&rx_status, 0, sizeof(rx_status)); 1288 1289 while (1) { 1290 ret = ieee80211_radiotap_iterator_next(&iter); 1291 if (ret == -ENOENT) 1292 break; 1293 if (ret) { 1294 wpa_printf(MSG_DEBUG, "nl80211: received invalid " 1295 "radiotap frame (%d)", ret); 1296 return; 1297 } 1298 switch (iter.this_arg_index) { 1299 case IEEE80211_RADIOTAP_FLAGS: 1300 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 1301 len -= 4; 1302 break; 1303 case IEEE80211_RADIOTAP_RX_FLAGS: 1304 rxflags = 1; 1305 break; 1306 case IEEE80211_RADIOTAP_TX_FLAGS: 1307 injected = 1; 1308 failed = le_to_host16((*(u16 *) iter.this_arg)) & 1309 IEEE80211_RADIOTAP_F_TX_FAIL; 1310 break; 1311 case IEEE80211_RADIOTAP_DATA_RETRIES: 1312 break; 1313 case IEEE80211_RADIOTAP_CHANNEL: 1314 /* TODO convert from freq/flags to channel number 1315 * rx_status.channel = XXX; 1316 */ 1317 break; 1318 case IEEE80211_RADIOTAP_RATE: 1319 break; 1320 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 1321 rx_status.ssi = *iter.this_arg; 1322 break; 1323 } 1324 } 1325 1326 if (rxflags && injected) 1327 return; 1328 1329 if (!injected) { 1330 wpa_supplicant_sta_rx(drv->ctx, buf + iter.max_length, 1331 len - iter.max_length, &rx_status); 1332 } else if (failed) { 1333 /* TX failure callback */ 1334 } else { 1335 /* TX success (ACK) callback */ 1336 } 1337} 1338 1339 1340static int wpa_driver_nl80211_create_monitor_interface( 1341 struct wpa_driver_nl80211_data *drv) 1342{ 1343 char buf[IFNAMSIZ]; 1344 struct sockaddr_ll ll; 1345 int optval, flags; 1346 socklen_t optlen; 1347 1348 os_snprintf(buf, IFNAMSIZ, "mon.%s", drv->ifname); 1349 buf[IFNAMSIZ - 1] = '\0'; 1350 1351 drv->monitor_ifidx = 1352 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR); 1353 1354 if (drv->monitor_ifidx < 0) 1355 return -1; 1356 1357 if (wpa_driver_nl80211_get_ifflags_ifname(drv, buf, &flags) != 0 || 1358 wpa_driver_nl80211_set_ifflags_ifname(drv, buf, flags | IFF_UP) != 1359 0) { 1360 wpa_printf(MSG_ERROR, "nl80211: Could not set interface '%s' " 1361 "UP", buf); 1362 goto error; 1363 } 1364 1365 os_memset(&ll, 0, sizeof(ll)); 1366 ll.sll_family = AF_PACKET; 1367 ll.sll_ifindex = drv->monitor_ifidx; 1368 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 1369 if (drv->monitor_sock < 0) { 1370 perror("socket[PF_PACKET,SOCK_RAW]"); 1371 goto error; 1372 } 1373 1374 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, 1375 sizeof(ll)) < 0) { 1376 perror("monitor socket bind"); 1377 goto error; 1378 } 1379 1380 optlen = sizeof(optval); 1381 optval = 20; 1382 if (setsockopt 1383 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 1384 perror("Failed to set socket priority"); 1385 goto error; 1386 } 1387 1388 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 1389 drv, NULL)) { 1390 wpa_printf(MSG_ERROR, "nl80211: Could not register monitor " 1391 "read socket"); 1392 goto error; 1393 } 1394 1395 return 0; 1396 1397 error: 1398 nl80211_remove_iface(drv, drv->monitor_ifidx); 1399 return -1; 1400} 1401 1402#endif /* CONFIG_CLIENT_MLME */ 1403 1404 1405/** 1406 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 1407 * @ctx: context to be used when calling wpa_supplicant functions, 1408 * e.g., wpa_supplicant_event() 1409 * @ifname: interface name, e.g., wlan0 1410 * Returns: Pointer to private data, %NULL on failure 1411 */ 1412static void * wpa_driver_nl80211_init(void *ctx, const char *ifname) 1413{ 1414 int s, ret; 1415 struct sockaddr_nl local; 1416 struct wpa_driver_nl80211_data *drv; 1417 1418 drv = os_zalloc(sizeof(*drv)); 1419 if (drv == NULL) 1420 return NULL; 1421 drv->ctx = ctx; 1422 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname)); 1423 1424 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 1425 if (drv->nl_cb == NULL) { 1426 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1427 "callbacks"); 1428 goto err1; 1429 } 1430 1431 drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb); 1432 if (drv->nl_handle == NULL) { 1433 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1434 "callbacks"); 1435 goto err2; 1436 } 1437 1438 if (genl_connect(drv->nl_handle)) { 1439 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 1440 "netlink"); 1441 goto err3; 1442 } 1443 1444 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle); 1445 if (drv->nl_cache == NULL) { 1446 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1447 "netlink cache"); 1448 goto err3; 1449 } 1450 1451 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211"); 1452 if (drv->nl80211 == NULL) { 1453 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 1454 "found"); 1455 goto err4; 1456 } 1457 1458 ret = nl_get_multicast_id(drv, "nl80211", "scan"); 1459 if (ret >= 0) 1460 ret = nl_socket_add_membership(drv->nl_handle, ret); 1461 if (ret < 0) { 1462 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 1463 "membership for scan events: %d (%s)", 1464 ret, strerror(-ret)); 1465 goto err4; 1466 } 1467 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle), 1468 wpa_driver_nl80211_event_receive, drv, ctx); 1469 1470 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 1471 if (drv->ioctl_sock < 0) { 1472 perror("socket(PF_INET,SOCK_DGRAM)"); 1473 goto err5; 1474 } 1475 1476 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); 1477 if (s < 0) { 1478 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)"); 1479 goto err6; 1480 } 1481 1482 os_memset(&local, 0, sizeof(local)); 1483 local.nl_family = AF_NETLINK; 1484 local.nl_groups = RTMGRP_LINK; 1485 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) { 1486 perror("bind(netlink)"); 1487 close(s); 1488 goto err6; 1489 } 1490 1491 eloop_register_read_sock(s, wpa_driver_nl80211_event_receive_wext, drv, 1492 ctx); 1493 drv->wext_event_sock = s; 1494 1495 wpa_driver_nl80211_finish_drv_init(drv); 1496 1497 return drv; 1498 1499err6: 1500 close(drv->ioctl_sock); 1501err5: 1502 genl_family_put(drv->nl80211); 1503err4: 1504 nl_cache_free(drv->nl_cache); 1505err3: 1506 nl_handle_destroy(drv->nl_handle); 1507err2: 1508 nl_cb_put(drv->nl_cb); 1509err1: 1510 os_free(drv); 1511 return NULL; 1512} 1513 1514 1515static void 1516wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv) 1517{ 1518 int flags; 1519 1520 if (wpa_driver_nl80211_get_ifflags(drv, &flags) != 0) 1521 printf("Could not get interface '%s' flags\n", drv->ifname); 1522 else if (!(flags & IFF_UP)) { 1523 if (wpa_driver_nl80211_set_ifflags(drv, flags | IFF_UP) != 0) { 1524 printf("Could not set interface '%s' UP\n", 1525 drv->ifname); 1526 } 1527 } 1528 1529 /* 1530 * Make sure that the driver does not have any obsolete PMKID entries. 1531 */ 1532 wpa_driver_nl80211_flush_pmkid(drv); 1533 1534 if (wpa_driver_nl80211_set_mode(drv, 0) < 0) { 1535 printf("Could not configure driver to use managed mode\n"); 1536 } 1537 1538 wpa_driver_nl80211_get_range(drv); 1539 1540 drv->ifindex = if_nametoindex(drv->ifname); 1541 1542 wpa_driver_nl80211_send_oper_ifla(drv, 1, IF_OPER_DORMANT); 1543} 1544 1545 1546/** 1547 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 1548 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init() 1549 * 1550 * Shut down driver interface and processing of driver events. Free 1551 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 1552 */ 1553static void wpa_driver_nl80211_deinit(void *priv) 1554{ 1555 struct wpa_driver_nl80211_data *drv = priv; 1556 int flags; 1557 1558#ifdef CONFIG_CLIENT_MLME 1559 if (drv->monitor_sock >= 0) { 1560 eloop_unregister_read_sock(drv->monitor_sock); 1561 close(drv->monitor_sock); 1562 } 1563 if (drv->monitor_ifidx > 0) 1564 nl80211_remove_iface(drv, drv->monitor_ifidx); 1565 if (drv->capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) 1566 wpa_driver_nl80211_set_userspace_mlme(drv, 0); 1567#endif /* CONFIG_CLIENT_MLME */ 1568 1569 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 1570 1571 /* 1572 * Clear possibly configured driver parameters in order to make it 1573 * easier to use the driver after wpa_supplicant has been terminated. 1574 */ 1575 (void) wpa_driver_nl80211_set_bssid(drv, 1576 (u8 *) "\x00\x00\x00\x00\x00\x00"); 1577 1578 wpa_driver_nl80211_send_oper_ifla(priv, 0, IF_OPER_UP); 1579 1580 eloop_unregister_read_sock(drv->wext_event_sock); 1581 1582 if (wpa_driver_nl80211_get_ifflags(drv, &flags) == 0) 1583 (void) wpa_driver_nl80211_set_ifflags(drv, flags & ~IFF_UP); 1584 1585 close(drv->wext_event_sock); 1586 close(drv->ioctl_sock); 1587 os_free(drv->assoc_req_ies); 1588 os_free(drv->assoc_resp_ies); 1589 1590 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle)); 1591 genl_family_put(drv->nl80211); 1592 nl_cache_free(drv->nl_cache); 1593 nl_handle_destroy(drv->nl_handle); 1594 nl_cb_put(drv->nl_cb); 1595 1596 os_free(drv); 1597} 1598 1599 1600/** 1601 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 1602 * @eloop_ctx: Unused 1603 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 1604 * 1605 * This function can be used as registered timeout when starting a scan to 1606 * generate a scan completed event if the driver does not report this. 1607 */ 1608static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 1609{ 1610 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 1611 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 1612} 1613 1614 1615/** 1616 * wpa_driver_nl80211_scan - Request the driver to initiate scan 1617 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 1618 * @ssid: Specific SSID to scan for (ProbeReq) or %NULL to scan for 1619 * all SSIDs (either active scan with broadcast SSID or passive 1620 * scan 1621 * @ssid_len: Length of the SSID 1622 * Returns: 0 on success, -1 on failure 1623 */ 1624static int wpa_driver_nl80211_scan(void *priv, const u8 *ssid, size_t ssid_len) 1625{ 1626 struct wpa_driver_nl80211_data *drv = priv; 1627 int ret = 0, timeout; 1628 struct nl_msg *msg, *ssids; 1629 1630 msg = nlmsg_alloc(); 1631 ssids = nlmsg_alloc(); 1632 if (!msg || !ssids) { 1633 nlmsg_free(msg); 1634 nlmsg_free(ssids); 1635 return -1; 1636 } 1637 1638 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 1639 NL80211_CMD_TRIGGER_SCAN, 0); 1640 1641 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1642 1643 if (ssid && ssid_len) { 1644 /* Request an active scan for a specific SSID */ 1645 NLA_PUT(ssids, 1, ssid_len, ssid); 1646 } else { 1647 /* Request an active scan for wildcard SSID */ 1648 NLA_PUT(ssids, 1, 0, ""); 1649 } 1650 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids); 1651 1652 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 1653 msg = NULL; 1654 if (ret) { 1655 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 1656 "(%s)", ret, strerror(-ret)); 1657 goto nla_put_failure; 1658 } 1659 1660 /* Not all drivers generate "scan completed" wireless event, so try to 1661 * read results after a timeout. */ 1662 timeout = 10; 1663 if (drv->scan_complete_events) { 1664 /* 1665 * The driver seems to deliver SIOCGIWSCAN events to notify 1666 * when scan is complete, so use longer timeout to avoid race 1667 * conditions with scanning and following association request. 1668 */ 1669 timeout = 30; 1670 } 1671 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 1672 "seconds", ret, timeout); 1673 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 1674 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 1675 drv, drv->ctx); 1676 1677nla_put_failure: 1678 nlmsg_free(ssids); 1679 nlmsg_free(msg); 1680 return ret; 1681} 1682 1683 1684static int bss_info_handler(struct nl_msg *msg, void *arg) 1685{ 1686 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1687 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1688 struct nlattr *bss[NL80211_BSS_MAX + 1]; 1689 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 1690 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 1691 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 1692 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 1693 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 1694 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 1695 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 1696 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 1697 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 1698 }; 1699 struct wpa_scan_results *res = arg; 1700 struct wpa_scan_res **tmp; 1701 struct wpa_scan_res *r; 1702 const u8 *ie; 1703 size_t ie_len; 1704 1705 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1706 genlmsg_attrlen(gnlh, 0), NULL); 1707 if (!tb[NL80211_ATTR_BSS]) 1708 return NL_SKIP; 1709 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 1710 bss_policy)) 1711 return NL_SKIP; 1712 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 1713 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 1714 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 1715 } else { 1716 ie = NULL; 1717 ie_len = 0; 1718 } 1719 1720 r = os_zalloc(sizeof(*r) + ie_len); 1721 if (r == NULL) 1722 return NL_SKIP; 1723 if (bss[NL80211_BSS_BSSID]) 1724 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 1725 ETH_ALEN); 1726 if (bss[NL80211_BSS_FREQUENCY]) 1727 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 1728 if (bss[NL80211_BSS_BEACON_INTERVAL]) 1729 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 1730 if (bss[NL80211_BSS_CAPABILITY]) 1731 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 1732 if (bss[NL80211_BSS_SIGNAL_UNSPEC]) 1733 r->qual = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 1734 if (bss[NL80211_BSS_SIGNAL_MBM]) 1735 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 1736 if (bss[NL80211_BSS_TSF]) 1737 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 1738 r->ie_len = ie_len; 1739 if (ie) 1740 os_memcpy(r + 1, ie, ie_len); 1741 1742 tmp = os_realloc(res->res, 1743 (res->num + 1) * sizeof(struct wpa_scan_res *)); 1744 if (tmp == NULL) { 1745 os_free(r); 1746 return NL_SKIP; 1747 } 1748 tmp[res->num++] = r; 1749 res->res = tmp; 1750 1751 return NL_SKIP; 1752} 1753 1754 1755/** 1756 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 1757 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 1758 * Returns: Scan results on success, -1 on failure 1759 */ 1760static struct wpa_scan_results * 1761wpa_driver_nl80211_get_scan_results(void *priv) 1762{ 1763 struct wpa_driver_nl80211_data *drv = priv; 1764 struct nl_msg *msg; 1765 struct wpa_scan_results *res; 1766 int ret; 1767 1768 res = os_zalloc(sizeof(*res)); 1769 if (res == NULL) 1770 return 0; 1771 msg = nlmsg_alloc(); 1772 if (!msg) 1773 goto nla_put_failure; 1774 1775 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP, 1776 NL80211_CMD_GET_SCAN, 0); 1777 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1778 1779 ret = send_and_recv_msgs(drv, msg, bss_info_handler, res); 1780 msg = NULL; 1781 if (ret == 0) { 1782 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)", 1783 (unsigned long) res->num); 1784 return res; 1785 } 1786 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 1787 "(%s)", ret, strerror(-ret)); 1788nla_put_failure: 1789 nlmsg_free(msg); 1790 wpa_scan_results_free(res); 1791 return NULL; 1792} 1793 1794 1795static int wpa_driver_nl80211_get_range(void *priv) 1796{ 1797 struct wpa_driver_nl80211_data *drv = priv; 1798 struct iw_range *range; 1799 struct iwreq iwr; 1800 int minlen; 1801 size_t buflen; 1802 1803 /* 1804 * Use larger buffer than struct iw_range in order to allow the 1805 * structure to grow in the future. 1806 */ 1807 buflen = sizeof(struct iw_range) + 500; 1808 range = os_zalloc(buflen); 1809 if (range == NULL) 1810 return -1; 1811 1812 os_memset(&iwr, 0, sizeof(iwr)); 1813 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1814 iwr.u.data.pointer = (caddr_t) range; 1815 iwr.u.data.length = buflen; 1816 1817 minlen = ((char *) &range->enc_capa) - (char *) range + 1818 sizeof(range->enc_capa); 1819 1820 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) { 1821 perror("ioctl[SIOCGIWRANGE]"); 1822 os_free(range); 1823 return -1; 1824 } else if (iwr.u.data.length >= minlen && 1825 range->we_version_compiled >= 18) { 1826 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d " 1827 "WE(source)=%d enc_capa=0x%x", 1828 range->we_version_compiled, 1829 range->we_version_source, 1830 range->enc_capa); 1831 drv->has_capability = 1; 1832 drv->we_version_compiled = range->we_version_compiled; 1833 if (range->enc_capa & IW_ENC_CAPA_WPA) { 1834 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA | 1835 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK; 1836 } 1837 if (range->enc_capa & IW_ENC_CAPA_WPA2) { 1838 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 1839 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 1840 } 1841 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 | 1842 WPA_DRIVER_CAPA_ENC_WEP104; 1843 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP) 1844 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; 1845 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP) 1846 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; 1847 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x", 1848 drv->capa.key_mgmt, drv->capa.enc); 1849 } else { 1850 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - " 1851 "assuming WPA is not supported"); 1852 } 1853 1854 os_free(range); 1855 return 0; 1856} 1857 1858 1859static int wpa_driver_nl80211_set_wpa(void *priv, int enabled) 1860{ 1861 struct wpa_driver_nl80211_data *drv = priv; 1862 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1863 1864 return wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_WPA_ENABLED, 1865 enabled); 1866} 1867 1868 1869static int wpa_driver_nl80211_set_key(void *priv, wpa_alg alg, 1870 const u8 *addr, int key_idx, 1871 int set_tx, const u8 *seq, 1872 size_t seq_len, 1873 const u8 *key, size_t key_len) 1874{ 1875 struct wpa_driver_nl80211_data *drv = priv; 1876 int err; 1877 struct nl_msg *msg; 1878 1879 wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%p key_idx=%d set_tx=%d " 1880 "seq_len=%lu key_len=%lu", 1881 __func__, alg, addr, key_idx, set_tx, 1882 (unsigned long) seq_len, (unsigned long) key_len); 1883 1884 msg = nlmsg_alloc(); 1885 if (msg == NULL) 1886 return -1; 1887 1888 if (alg == WPA_ALG_NONE) { 1889 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 1890 NL80211_CMD_DEL_KEY, 0); 1891 } else { 1892 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 1893 NL80211_CMD_NEW_KEY, 0); 1894 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 1895 switch (alg) { 1896 case WPA_ALG_WEP: 1897 if (key_len == 5) 1898 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 1899 0x000FAC01); 1900 else 1901 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 1902 0x000FAC05); 1903 break; 1904 case WPA_ALG_TKIP: 1905 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC02); 1906 break; 1907 case WPA_ALG_CCMP: 1908 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC04); 1909 break; 1910 default: 1911 nlmsg_free(msg); 1912 return -1; 1913 } 1914 } 1915 1916 if (addr && os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0) 1917 { 1918 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 1919 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 1920 } 1921 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 1922 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1923 1924 err = send_and_recv_msgs(drv, msg, NULL, NULL); 1925 if (err) { 1926 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d", err); 1927 return -1; 1928 } 1929 1930 if (set_tx && alg != WPA_ALG_NONE) { 1931 msg = nlmsg_alloc(); 1932 if (msg == NULL) 1933 return -1; 1934 1935 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1936 0, NL80211_CMD_SET_KEY, 0); 1937 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 1938 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1939 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 1940 1941 err = send_and_recv_msgs(drv, msg, NULL, NULL); 1942 if (err) { 1943 wpa_printf(MSG_DEBUG, "nl80211: set default key " 1944 "failed; err=%d", err); 1945 return -1; 1946 } 1947 } 1948 1949 return 0; 1950 1951nla_put_failure: 1952 return -ENOBUFS; 1953} 1954 1955 1956static int wpa_driver_nl80211_set_countermeasures(void *priv, 1957 int enabled) 1958{ 1959 struct wpa_driver_nl80211_data *drv = priv; 1960 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1961 return wpa_driver_nl80211_set_auth_param(drv, 1962 IW_AUTH_TKIP_COUNTERMEASURES, 1963 enabled); 1964} 1965 1966 1967static int wpa_driver_nl80211_set_drop_unencrypted(void *priv, 1968 int enabled) 1969{ 1970 struct wpa_driver_nl80211_data *drv = priv; 1971 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 1972 drv->use_crypt = enabled; 1973 return wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED, 1974 enabled); 1975} 1976 1977 1978static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 1979 const u8 *addr, int cmd, int reason_code) 1980{ 1981 struct iwreq iwr; 1982 struct iw_mlme mlme; 1983 int ret = 0; 1984 1985 os_memset(&iwr, 0, sizeof(iwr)); 1986 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 1987 os_memset(&mlme, 0, sizeof(mlme)); 1988 mlme.cmd = cmd; 1989 mlme.reason_code = reason_code; 1990 mlme.addr.sa_family = ARPHRD_ETHER; 1991 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN); 1992 iwr.u.data.pointer = (caddr_t) &mlme; 1993 iwr.u.data.length = sizeof(mlme); 1994 1995 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) { 1996 perror("ioctl[SIOCSIWMLME]"); 1997 ret = -1; 1998 } 1999 2000 return ret; 2001} 2002 2003 2004static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr, 2005 int reason_code) 2006{ 2007 struct wpa_driver_nl80211_data *drv = priv; 2008 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 2009 return wpa_driver_nl80211_mlme(drv, addr, IW_MLME_DEAUTH, reason_code); 2010} 2011 2012 2013static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr, 2014 int reason_code) 2015{ 2016 struct wpa_driver_nl80211_data *drv = priv; 2017 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 2018 return wpa_driver_nl80211_mlme(drv, addr, IW_MLME_DISASSOC, 2019 reason_code); 2020} 2021 2022 2023static int wpa_driver_nl80211_set_gen_ie(void *priv, const u8 *ie, 2024 size_t ie_len) 2025{ 2026 struct wpa_driver_nl80211_data *drv = priv; 2027 struct iwreq iwr; 2028 int ret = 0; 2029 2030 os_memset(&iwr, 0, sizeof(iwr)); 2031 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2032 iwr.u.data.pointer = (caddr_t) ie; 2033 iwr.u.data.length = ie_len; 2034 2035 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) { 2036 perror("ioctl[SIOCSIWGENIE]"); 2037 ret = -1; 2038 } 2039 2040 return ret; 2041} 2042 2043 2044static int wpa_driver_nl80211_cipher2wext(int cipher) 2045{ 2046 switch (cipher) { 2047 case CIPHER_NONE: 2048 return IW_AUTH_CIPHER_NONE; 2049 case CIPHER_WEP40: 2050 return IW_AUTH_CIPHER_WEP40; 2051 case CIPHER_TKIP: 2052 return IW_AUTH_CIPHER_TKIP; 2053 case CIPHER_CCMP: 2054 return IW_AUTH_CIPHER_CCMP; 2055 case CIPHER_WEP104: 2056 return IW_AUTH_CIPHER_WEP104; 2057 default: 2058 return 0; 2059 } 2060} 2061 2062 2063static int wpa_driver_nl80211_keymgmt2wext(int keymgmt) 2064{ 2065 switch (keymgmt) { 2066 case KEY_MGMT_802_1X: 2067 case KEY_MGMT_802_1X_NO_WPA: 2068 return IW_AUTH_KEY_MGMT_802_1X; 2069 case KEY_MGMT_PSK: 2070 return IW_AUTH_KEY_MGMT_PSK; 2071 default: 2072 return 0; 2073 } 2074} 2075 2076 2077static int 2078wpa_driver_nl80211_auth_alg_fallback(struct wpa_driver_nl80211_data *drv, 2079 struct wpa_driver_associate_params *params) 2080{ 2081 struct iwreq iwr; 2082 int ret = 0; 2083 2084 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support " 2085 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE"); 2086 2087 os_memset(&iwr, 0, sizeof(iwr)); 2088 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2089 /* Just changing mode, not actual keys */ 2090 iwr.u.encoding.flags = 0; 2091 iwr.u.encoding.pointer = (caddr_t) NULL; 2092 iwr.u.encoding.length = 0; 2093 2094 /* 2095 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two 2096 * different things. Here they are used to indicate Open System vs. 2097 * Shared Key authentication algorithm. However, some drivers may use 2098 * them to select between open/restricted WEP encrypted (open = allow 2099 * both unencrypted and encrypted frames; restricted = only allow 2100 * encrypted frames). 2101 */ 2102 2103 if (!drv->use_crypt) { 2104 iwr.u.encoding.flags |= IW_ENCODE_DISABLED; 2105 } else { 2106 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM) 2107 iwr.u.encoding.flags |= IW_ENCODE_OPEN; 2108 if (params->auth_alg & AUTH_ALG_SHARED_KEY) 2109 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED; 2110 } 2111 2112 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) { 2113 perror("ioctl[SIOCSIWENCODE]"); 2114 ret = -1; 2115 } 2116 2117 return ret; 2118} 2119 2120 2121static int wpa_driver_nl80211_associate( 2122 void *priv, struct wpa_driver_associate_params *params) 2123{ 2124 struct wpa_driver_nl80211_data *drv = priv; 2125 int ret = 0; 2126 int allow_unencrypted_eapol; 2127 int value; 2128 2129 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); 2130 2131 /* 2132 * If the driver did not support SIOCSIWAUTH, fallback to 2133 * SIOCSIWENCODE here. 2134 */ 2135 if (drv->auth_alg_fallback && 2136 wpa_driver_nl80211_auth_alg_fallback(drv, params) < 0) 2137 ret = -1; 2138 2139 if (!params->bssid && 2140 wpa_driver_nl80211_set_bssid(drv, NULL) < 0) 2141 ret = -1; 2142 2143 /* TODO: should consider getting wpa version and cipher/key_mgmt suites 2144 * from configuration, not from here, where only the selected suite is 2145 * available */ 2146 if (wpa_driver_nl80211_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len) 2147 < 0) 2148 ret = -1; 2149 if (params->wpa_ie == NULL || params->wpa_ie_len == 0) 2150 value = IW_AUTH_WPA_VERSION_DISABLED; 2151 else if (params->wpa_ie[0] == WLAN_EID_RSN) 2152 value = IW_AUTH_WPA_VERSION_WPA2; 2153 else 2154 value = IW_AUTH_WPA_VERSION_WPA; 2155 if (wpa_driver_nl80211_set_auth_param(drv, 2156 IW_AUTH_WPA_VERSION, value) < 0) 2157 ret = -1; 2158 value = wpa_driver_nl80211_cipher2wext(params->pairwise_suite); 2159 if (wpa_driver_nl80211_set_auth_param(drv, 2160 IW_AUTH_CIPHER_PAIRWISE, value) < 0) 2161 ret = -1; 2162 value = wpa_driver_nl80211_cipher2wext(params->group_suite); 2163 if (wpa_driver_nl80211_set_auth_param(drv, 2164 IW_AUTH_CIPHER_GROUP, value) < 0) 2165 ret = -1; 2166 value = wpa_driver_nl80211_keymgmt2wext(params->key_mgmt_suite); 2167 if (wpa_driver_nl80211_set_auth_param(drv, 2168 IW_AUTH_KEY_MGMT, value) < 0) 2169 ret = -1; 2170 value = params->key_mgmt_suite != KEY_MGMT_NONE || 2171 params->pairwise_suite != CIPHER_NONE || 2172 params->group_suite != CIPHER_NONE || 2173 params->wpa_ie_len; 2174 if (wpa_driver_nl80211_set_auth_param(drv, 2175 IW_AUTH_PRIVACY_INVOKED, value) < 0) 2176 ret = -1; 2177 2178 /* Allow unencrypted EAPOL messages even if pairwise keys are set when 2179 * not using WPA. IEEE 802.1X specifies that these frames are not 2180 * encrypted, but WPA encrypts them when pairwise keys are in use. */ 2181 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 2182 params->key_mgmt_suite == KEY_MGMT_PSK) 2183 allow_unencrypted_eapol = 0; 2184 else 2185 allow_unencrypted_eapol = 1; 2186 2187 if (wpa_driver_nl80211_set_auth_param(drv, 2188 IW_AUTH_RX_UNENCRYPTED_EAPOL, 2189 allow_unencrypted_eapol) < 0) 2190 ret = -1; 2191 if (params->freq && wpa_driver_nl80211_set_freq(drv, params->freq) < 0) 2192 ret = -1; 2193 if (wpa_driver_nl80211_set_ssid(drv, params->ssid, params->ssid_len) < 0) 2194 ret = -1; 2195 if (params->bssid && 2196 wpa_driver_nl80211_set_bssid(drv, params->bssid) < 0) 2197 ret = -1; 2198 2199 return ret; 2200} 2201 2202 2203static int wpa_driver_nl80211_set_auth_alg(void *priv, int auth_alg) 2204{ 2205 struct wpa_driver_nl80211_data *drv = priv; 2206 int algs = 0, res; 2207 2208 if (auth_alg & AUTH_ALG_OPEN_SYSTEM) 2209 algs |= IW_AUTH_ALG_OPEN_SYSTEM; 2210 if (auth_alg & AUTH_ALG_SHARED_KEY) 2211 algs |= IW_AUTH_ALG_SHARED_KEY; 2212 if (auth_alg & AUTH_ALG_LEAP) 2213 algs |= IW_AUTH_ALG_LEAP; 2214 if (algs == 0) { 2215 /* at least one algorithm should be set */ 2216 algs = IW_AUTH_ALG_OPEN_SYSTEM; 2217 } 2218 2219 res = wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG, 2220 algs); 2221 drv->auth_alg_fallback = res == -2; 2222 return res; 2223} 2224 2225 2226/** 2227 * wpa_driver_nl80211_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE 2228 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 2229 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS 2230 * Returns: 0 on success, -1 on failure 2231 */ 2232static int wpa_driver_nl80211_set_mode(void *priv, int mode) 2233{ 2234 struct wpa_driver_nl80211_data *drv = priv; 2235 int ret = -1, flags; 2236 struct nl_msg *msg; 2237 2238 msg = nlmsg_alloc(); 2239 if (!msg) 2240 return -1; 2241 2242 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2243 0, NL80211_CMD_SET_INTERFACE, 0); 2244 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2245 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, 2246 mode ? NL80211_IFTYPE_ADHOC : NL80211_IFTYPE_STATION); 2247 2248 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2249 if (!ret) 2250 return 0; 2251 else 2252 goto try_again; 2253 2254nla_put_failure: 2255 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface mode"); 2256 return -1; 2257 2258try_again: 2259 /* mac80211 doesn't allow mode changes while the device is up, so 2260 * take the device down, try to set the mode again, and bring the 2261 * device back up. 2262 */ 2263 if (wpa_driver_nl80211_get_ifflags(drv, &flags) == 0) { 2264 (void) wpa_driver_nl80211_set_ifflags(drv, flags & ~IFF_UP); 2265 2266 /* Try to set the mode again while the interface is down */ 2267 msg = nlmsg_alloc(); 2268 if (!msg) 2269 return -1; 2270 2271 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2272 0, NL80211_CMD_SET_INTERFACE, 0); 2273 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2274 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, 2275 mode ? NL80211_IFTYPE_ADHOC : 2276 NL80211_IFTYPE_STATION); 2277 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2278 if (ret) { 2279 wpa_printf(MSG_ERROR, "Failed to set interface %s " 2280 "mode", drv->ifname); 2281 } 2282 2283 /* Ignore return value of get_ifflags to ensure that the device 2284 * is always up like it was before this function was called. 2285 */ 2286 (void) wpa_driver_nl80211_get_ifflags(drv, &flags); 2287 (void) wpa_driver_nl80211_set_ifflags(drv, flags | IFF_UP); 2288 } 2289 2290 return ret; 2291} 2292 2293 2294static int wpa_driver_nl80211_pmksa(struct wpa_driver_nl80211_data *drv, 2295 u32 cmd, const u8 *bssid, const u8 *pmkid) 2296{ 2297 struct iwreq iwr; 2298 struct iw_pmksa pmksa; 2299 int ret = 0; 2300 2301 os_memset(&iwr, 0, sizeof(iwr)); 2302 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ); 2303 os_memset(&pmksa, 0, sizeof(pmksa)); 2304 pmksa.cmd = cmd; 2305 pmksa.bssid.sa_family = ARPHRD_ETHER; 2306 if (bssid) 2307 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN); 2308 if (pmkid) 2309 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN); 2310 iwr.u.data.pointer = (caddr_t) &pmksa; 2311 iwr.u.data.length = sizeof(pmksa); 2312 2313 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) { 2314 if (errno != EOPNOTSUPP) 2315 perror("ioctl[SIOCSIWPMKSA]"); 2316 ret = -1; 2317 } 2318 2319 return ret; 2320} 2321 2322 2323static int wpa_driver_nl80211_add_pmkid(void *priv, const u8 *bssid, 2324 const u8 *pmkid) 2325{ 2326 struct wpa_driver_nl80211_data *drv = priv; 2327 return wpa_driver_nl80211_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid); 2328} 2329 2330 2331static int wpa_driver_nl80211_remove_pmkid(void *priv, const u8 *bssid, 2332 const u8 *pmkid) 2333{ 2334 struct wpa_driver_nl80211_data *drv = priv; 2335 return wpa_driver_nl80211_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid); 2336} 2337 2338 2339static int wpa_driver_nl80211_flush_pmkid(void *priv) 2340{ 2341 struct wpa_driver_nl80211_data *drv = priv; 2342 return wpa_driver_nl80211_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL); 2343} 2344 2345 2346static int wpa_driver_nl80211_get_capa(void *priv, 2347 struct wpa_driver_capa *capa) 2348{ 2349 struct wpa_driver_nl80211_data *drv = priv; 2350 if (!drv->has_capability) 2351 return -1; 2352 os_memcpy(capa, &drv->capa, sizeof(*capa)); 2353 return 0; 2354} 2355 2356 2357static int wpa_driver_nl80211_set_operstate(void *priv, int state) 2358{ 2359 struct wpa_driver_nl80211_data *drv = priv; 2360 2361 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 2362 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 2363 drv->operstate = state; 2364 return wpa_driver_nl80211_send_oper_ifla( 2365 drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT); 2366} 2367 2368 2369#ifdef CONFIG_CLIENT_MLME 2370static int wpa_driver_nl80211_open_mlme(struct wpa_driver_nl80211_data *drv) 2371{ 2372 if (wpa_driver_nl80211_set_userspace_mlme(drv, 1) < 0) { 2373 wpa_printf(MSG_ERROR, "nl80211: Failed to enable userspace " 2374 "MLME"); 2375 return -1; 2376 } 2377 if (wpa_driver_nl80211_create_monitor_interface(drv)) { 2378 wpa_printf(MSG_ERROR, "nl80211: Failed to create monitor " 2379 "interface"); 2380 return -1; 2381 } 2382 return 0; 2383} 2384#endif /* CONFIG_CLIENT_MLME */ 2385 2386 2387static int wpa_driver_nl80211_set_param(void *priv, const char *param) 2388{ 2389#ifdef CONFIG_CLIENT_MLME 2390 struct wpa_driver_nl80211_data *drv = priv; 2391 2392 if (param == NULL) 2393 return 0; 2394 2395 wpa_printf(MSG_DEBUG, "%s: param='%s'", __func__, param); 2396 2397 if (os_strstr(param, "use_mlme=1")) { 2398 wpa_printf(MSG_DEBUG, "nl80211: Using user space MLME"); 2399 drv->capa.flags |= WPA_DRIVER_FLAGS_USER_SPACE_MLME; 2400 2401 if (wpa_driver_nl80211_open_mlme(drv)) 2402 return -1; 2403 } 2404#endif /* CONFIG_CLIENT_MLME */ 2405 2406 return 0; 2407} 2408 2409 2410#ifdef CONFIG_CLIENT_MLME 2411 2412struct phy_info_arg { 2413 u16 *num_modes; 2414 struct wpa_hw_modes *modes; 2415}; 2416 2417 2418static int phy_info_handler(struct nl_msg *msg, void *arg) 2419{ 2420 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 2421 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2422 struct phy_info_arg *phy_info = arg; 2423 2424 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 2425 2426 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 2427 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] 2428 = { 2429 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 2430 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 2431 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG }, 2432 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG }, 2433 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 2434 }; 2435 2436 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 2437 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 2438 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 2439 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = 2440 { .type = NLA_FLAG }, 2441 }; 2442 2443 struct nlattr *nl_band; 2444 struct nlattr *nl_freq; 2445 struct nlattr *nl_rate; 2446 int rem_band, rem_freq, rem_rate; 2447 struct wpa_hw_modes *mode; 2448 int idx, mode_is_set; 2449 2450 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2451 genlmsg_attrlen(gnlh, 0), NULL); 2452 2453 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 2454 return NL_SKIP; 2455 2456 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], 2457 rem_band) { 2458 mode = os_realloc(phy_info->modes, 2459 (*phy_info->num_modes + 1) * sizeof(*mode)); 2460 if (!mode) 2461 return NL_SKIP; 2462 phy_info->modes = mode; 2463 2464 mode_is_set = 0; 2465 2466 mode = &phy_info->modes[*(phy_info->num_modes)]; 2467 os_memset(mode, 0, sizeof(*mode)); 2468 *(phy_info->num_modes) += 1; 2469 2470 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 2471 nla_len(nl_band), NULL); 2472 2473 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], 2474 rem_freq) { 2475 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 2476 nla_data(nl_freq), nla_len(nl_freq), 2477 freq_policy); 2478 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 2479 continue; 2480 mode->num_channels++; 2481 } 2482 2483 mode->channels = os_zalloc(mode->num_channels * 2484 sizeof(struct wpa_channel_data)); 2485 if (!mode->channels) 2486 return NL_SKIP; 2487 2488 idx = 0; 2489 2490 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], 2491 rem_freq) { 2492 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 2493 nla_data(nl_freq), nla_len(nl_freq), 2494 freq_policy); 2495 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 2496 continue; 2497 2498 mode->channels[idx].freq = nla_get_u32( 2499 tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 2500 mode->channels[idx].flag |= WPA_CHAN_W_SCAN | 2501 WPA_CHAN_W_ACTIVE_SCAN | 2502 WPA_CHAN_W_IBSS; 2503 2504 if (!mode_is_set) { 2505 /* crude heuristic */ 2506 if (mode->channels[idx].freq < 4000) 2507 mode->mode = WPA_MODE_IEEE80211B; 2508 else 2509 mode->mode = WPA_MODE_IEEE80211A; 2510 mode_is_set = 1; 2511 } 2512 2513 /* crude heuristic */ 2514 if (mode->channels[idx].freq < 4000) { 2515 if (mode->channels[idx].freq == 2848) 2516 mode->channels[idx].chan = 14; 2517 else 2518 mode->channels[idx].chan = 2519 (mode->channels[idx].freq - 2520 2407) / 5; 2521 } else 2522 mode->channels[idx].chan = 2523 mode->channels[idx].freq / 5 - 1000; 2524 2525 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 2526 mode->channels[idx].flag &= ~WPA_CHAN_W_SCAN; 2527 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN]) 2528 mode->channels[idx].flag &= 2529 ~WPA_CHAN_W_ACTIVE_SCAN; 2530 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS]) 2531 mode->channels[idx].flag &= ~WPA_CHAN_W_IBSS; 2532 idx++; 2533 } 2534 2535 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], 2536 rem_rate) { 2537 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 2538 nla_data(nl_rate), nla_len(nl_rate), 2539 rate_policy); 2540 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 2541 continue; 2542 mode->num_rates++; 2543 } 2544 2545 mode->rates = os_zalloc(mode->num_rates * 2546 sizeof(struct wpa_rate_data)); 2547 if (!mode->rates) 2548 return NL_SKIP; 2549 2550 idx = 0; 2551 2552 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], 2553 rem_rate) { 2554 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 2555 nla_data(nl_rate), nla_len(nl_rate), 2556 rate_policy); 2557 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 2558 continue; 2559 mode->rates[idx].rate = nla_get_u32( 2560 tb_rate[NL80211_BITRATE_ATTR_RATE]); 2561 2562 /* crude heuristic */ 2563 if (mode->mode == WPA_MODE_IEEE80211B && 2564 mode->rates[idx].rate > 200) 2565 mode->mode = WPA_MODE_IEEE80211G; 2566 2567 if (tb_rate[NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE]) 2568 mode->rates[idx].flags |= WPA_RATE_PREAMBLE2; 2569 2570 idx++; 2571 } 2572 } 2573 2574 return NL_SKIP; 2575} 2576 2577 2578static struct wpa_hw_modes * 2579wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 2580{ 2581 struct wpa_driver_nl80211_data *drv = priv; 2582 struct nl_msg *msg; 2583 struct phy_info_arg result = { 2584 .num_modes = num_modes, 2585 .modes = NULL, 2586 }; 2587 2588 *num_modes = 0; 2589 *flags = 0; 2590 2591 msg = nlmsg_alloc(); 2592 if (!msg) 2593 return NULL; 2594 2595 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2596 0, NL80211_CMD_GET_WIPHY, 0); 2597 2598 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2599 2600 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) 2601 return result.modes; 2602nla_put_failure: 2603 return NULL; 2604} 2605 2606 2607static int wpa_driver_nl80211_set_channel(void *priv, wpa_hw_mode phymode, 2608 int chan, int freq) 2609{ 2610 return wpa_driver_nl80211_set_freq(priv, freq); 2611} 2612 2613 2614static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data, 2615 size_t data_len) 2616{ 2617 struct wpa_driver_nl80211_data *drv = priv; 2618 __u8 rtap_hdr[] = { 2619 0x00, 0x00, /* radiotap version */ 2620 0x0e, 0x00, /* radiotap length */ 2621 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 2622 0x0c, /* F_WEP | F_FRAG (encrypt/fragment if required) */ 2623 0x00, /* padding */ 2624 0x00, 0x00, /* RX and TX flags to indicate that */ 2625 0x00, 0x00, /* this is the injected frame directly */ 2626 }; 2627 struct iovec iov[2] = { 2628 { 2629 .iov_base = &rtap_hdr, 2630 .iov_len = sizeof(rtap_hdr), 2631 }, 2632 { 2633 .iov_base = (void *) data, 2634 .iov_len = data_len, 2635 } 2636 }; 2637 struct msghdr msg = { 2638 .msg_name = NULL, 2639 .msg_namelen = 0, 2640 .msg_iov = iov, 2641 .msg_iovlen = 2, 2642 .msg_control = NULL, 2643 .msg_controllen = 0, 2644 .msg_flags = 0, 2645 }; 2646 2647 if (sendmsg(drv->monitor_sock, &msg, 0) < 0) { 2648 perror("send[MLME]"); 2649 return -1; 2650 } 2651 2652 return 0; 2653} 2654 2655 2656static int wpa_driver_nl80211_mlme_add_sta(void *priv, const u8 *addr, 2657 const u8 *supp_rates, 2658 size_t supp_rates_len) 2659{ 2660 struct wpa_driver_nl80211_data *drv = priv; 2661 struct nl_msg *msg; 2662 int ret = -1; 2663 2664 msg = nlmsg_alloc(); 2665 if (!msg) 2666 return -ENOMEM; 2667 2668 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2669 0, NL80211_CMD_NEW_STATION, 0); 2670 2671 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2672 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 2673 /* TODO: Get proper Association ID and listen interval */ 2674 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, 1); 2675 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, supp_rates_len, 2676 supp_rates); 2677 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 1); 2678 2679 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2680 /* ignore EEXIST, this happens if a STA associates while associated */ 2681 if (ret == -EEXIST || ret >= 0) 2682 ret = 0; 2683 2684nla_put_failure: 2685 return ret; 2686} 2687 2688 2689static int wpa_driver_nl80211_mlme_remove_sta(void *priv, const u8 *addr) 2690{ 2691 struct wpa_driver_nl80211_data *drv = priv; 2692 struct nl_msg *msg; 2693 int ret = -1; 2694 2695 msg = nlmsg_alloc(); 2696 if (!msg) 2697 return -ENOMEM; 2698 2699 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2700 0, NL80211_CMD_DEL_STATION, 0); 2701 2702 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2703 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 2704 2705 ret = 0; 2706 2707 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2708 return ret; 2709 2710nla_put_failure: 2711 return -ENOBUFS; 2712} 2713 2714#endif /* CONFIG_CLIENT_MLME */ 2715 2716 2717const struct wpa_driver_ops wpa_driver_nl80211_ops = { 2718 .name = "nl80211", 2719 .desc = "Linux nl80211/cfg80211", 2720 .get_bssid = wpa_driver_nl80211_get_bssid, 2721 .get_ssid = wpa_driver_nl80211_get_ssid, 2722 .set_wpa = wpa_driver_nl80211_set_wpa, 2723 .set_key = wpa_driver_nl80211_set_key, 2724 .set_countermeasures = wpa_driver_nl80211_set_countermeasures, 2725 .set_drop_unencrypted = wpa_driver_nl80211_set_drop_unencrypted, 2726 .scan = wpa_driver_nl80211_scan, 2727 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 2728 .deauthenticate = wpa_driver_nl80211_deauthenticate, 2729 .disassociate = wpa_driver_nl80211_disassociate, 2730 .set_mode = wpa_driver_nl80211_set_mode, 2731 .associate = wpa_driver_nl80211_associate, 2732 .set_auth_alg = wpa_driver_nl80211_set_auth_alg, 2733 .init = wpa_driver_nl80211_init, 2734 .deinit = wpa_driver_nl80211_deinit, 2735 .set_param = wpa_driver_nl80211_set_param, 2736 .add_pmkid = wpa_driver_nl80211_add_pmkid, 2737 .remove_pmkid = wpa_driver_nl80211_remove_pmkid, 2738 .flush_pmkid = wpa_driver_nl80211_flush_pmkid, 2739 .get_capa = wpa_driver_nl80211_get_capa, 2740 .set_operstate = wpa_driver_nl80211_set_operstate, 2741 .set_country = wpa_driver_nl80211_set_country, 2742 .set_probe_req_ie = wpa_driver_nl80211_set_probe_req_ie, 2743#ifdef CONFIG_CLIENT_MLME 2744 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 2745 .set_channel = wpa_driver_nl80211_set_channel, 2746 .set_ssid = wpa_driver_nl80211_set_ssid, 2747 .set_bssid = wpa_driver_nl80211_set_bssid, 2748 .send_mlme = wpa_driver_nl80211_send_mlme, 2749 .mlme_add_sta = wpa_driver_nl80211_mlme_add_sta, 2750 .mlme_remove_sta = wpa_driver_nl80211_mlme_remove_sta, 2751#endif /* CONFIG_CLIENT_MLME */ 2752}; 2753