driver_nl80211.c revision 6dd24fc3792d71edccef9b09140f9a44b063a553
1/* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 * 13 * Alternatively, this software may be distributed under the terms of BSD 14 * license. 15 * 16 * See README and COPYING for more details. 17 */ 18 19#include "includes.h" 20#include <sys/ioctl.h> 21#include <sys/types.h> 22#include <sys/stat.h> 23#include <fcntl.h> 24#include <net/if.h> 25#include <netlink/genl/genl.h> 26#include <netlink/genl/family.h> 27#include <netlink/genl/ctrl.h> 28#include <linux/rtnetlink.h> 29#include <netpacket/packet.h> 30#include <linux/filter.h> 31#include "nl80211_copy.h" 32 33#include "common.h" 34#include "eloop.h" 35#include "utils/list.h" 36#include "common/ieee802_11_defs.h" 37#include "netlink.h" 38#include "linux_ioctl.h" 39#include "radiotap.h" 40#include "radiotap_iter.h" 41#include "rfkill.h" 42#include "driver.h" 43#if defined(ANDROID_BRCM_P2P_PATCH) && !defined(HOSTAPD) 44#include "wpa_supplicant_i.h" 45#endif 46#ifdef ANDROID 47#define WPA_EVENT_DRIVER_STATE "CTRL-EVENT-DRIVER-STATE " 48#endif 49#ifdef CONFIG_LIBNL20 50/* libnl 2.0 compatibility code */ 51#define nl_handle nl_sock 52#define nl80211_handle_alloc nl_socket_alloc_cb 53#define nl80211_handle_destroy nl_socket_free 54#else 55/* 56 * libnl 1.1 has a bug, it tries to allocate socket numbers densely 57 * but when you free a socket again it will mess up its bitmap and 58 * and use the wrong number the next time it needs a socket ID. 59 * Therefore, we wrap the handle alloc/destroy and add our own pid 60 * accounting. 61 */ 62static uint32_t port_bitmap[32] = { 0 }; 63 64static struct nl_handle *nl80211_handle_alloc(void *cb) 65{ 66 struct nl_handle *handle; 67 uint32_t pid = getpid() & 0x3FFFFF; 68 int i; 69 70 handle = nl_handle_alloc_cb(cb); 71 72 for (i = 0; i < 1024; i++) { 73 if (port_bitmap[i / 32] & (1 << (i % 32))) 74 continue; 75 port_bitmap[i / 32] |= 1 << (i % 32); 76 pid += i << 22; 77 break; 78 } 79 80 nl_socket_set_local_port(handle, pid); 81 82 return handle; 83} 84 85static void nl80211_handle_destroy(struct nl_handle *handle) 86{ 87 uint32_t port = nl_socket_get_local_port(handle); 88 89 port >>= 22; 90 port_bitmap[port / 32] &= ~(1 << (port % 32)); 91 92 nl_handle_destroy(handle); 93} 94#endif /* CONFIG_LIBNL20 */ 95 96 97#ifndef IFF_LOWER_UP 98#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 99#endif 100#ifndef IFF_DORMANT 101#define IFF_DORMANT 0x20000 /* driver signals dormant */ 102#endif 103 104#ifndef IF_OPER_DORMANT 105#define IF_OPER_DORMANT 5 106#endif 107#ifndef IF_OPER_UP 108#define IF_OPER_UP 6 109#endif 110 111struct nl80211_global { 112 struct dl_list interfaces; 113}; 114 115struct i802_bss { 116 struct wpa_driver_nl80211_data *drv; 117 struct i802_bss *next; 118 int ifindex; 119 char ifname[IFNAMSIZ + 1]; 120 char brname[IFNAMSIZ]; 121 unsigned int beacon_set:1; 122 unsigned int added_if_into_bridge:1; 123 unsigned int added_bridge:1; 124}; 125 126struct wpa_driver_nl80211_data { 127 struct nl80211_global *global; 128 struct dl_list list; 129 u8 addr[ETH_ALEN]; 130 char phyname[32]; 131 void *ctx; 132 struct netlink_data *netlink; 133 int ioctl_sock; /* socket for ioctl() use */ 134 int ifindex; 135 int if_removed; 136 int if_disabled; 137 struct rfkill_data *rfkill; 138 struct wpa_driver_capa capa; 139 int has_capability; 140 141 int operstate; 142 143 int scan_complete_events; 144 145 struct nl_handle *nl_handle; 146 struct nl_handle *nl_handle_event; 147 struct nl_handle *nl_handle_preq; 148 struct nl_cache *nl_cache; 149 struct nl_cache *nl_cache_event; 150 struct nl_cache *nl_cache_preq; 151 struct nl_cb *nl_cb; 152 struct genl_family *nl80211; 153 154 u8 auth_bssid[ETH_ALEN]; 155 u8 bssid[ETH_ALEN]; 156 int associated; 157 u8 ssid[32]; 158 size_t ssid_len; 159 int nlmode; 160 int ap_scan_as_station; 161 unsigned int assoc_freq; 162 163 int monitor_sock; 164 int monitor_ifidx; 165 int no_monitor_iface_capab; 166 int disable_11b_rates; 167 168 unsigned int pending_remain_on_chan:1; 169 170 u64 remain_on_chan_cookie; 171 u64 send_action_cookie; 172 173 unsigned int last_mgmt_freq; 174 175 struct wpa_driver_scan_filter *filter_ssids; 176 size_t num_filter_ssids; 177 178 struct i802_bss first_bss; 179 180#ifdef HOSTAPD 181 int eapol_sock; /* socket for EAPOL frames */ 182 183 int default_if_indices[16]; 184 int *if_indices; 185 int num_if_indices; 186 187 int last_freq; 188 int last_freq_ht; 189#endif /* HOSTAPD */ 190}; 191 192 193static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 194 void *timeout_ctx); 195static int wpa_driver_nl80211_set_mode(void *priv, int mode); 196static int 197wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv); 198static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 199 const u8 *addr, int cmd, u16 reason_code, 200 int local_state_change); 201static void nl80211_remove_monitor_interface( 202 struct wpa_driver_nl80211_data *drv); 203static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv, 204 unsigned int freq, unsigned int wait, 205 const u8 *buf, size_t buf_len, u64 *cookie); 206static int wpa_driver_nl80211_probe_req_report(void *priv, int report); 207 208#ifdef HOSTAPD 209static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 210static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 211static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 212static int wpa_driver_nl80211_if_remove(void *priv, 213 enum wpa_driver_if_type type, 214 const char *ifname); 215#else /* HOSTAPD */ 216static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 217{ 218 return 0; 219} 220#endif /* HOSTAPD */ 221 222#ifdef ANDROID 223extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf, 224 size_t buf_len); 225#endif 226 227static int i802_set_freq(void *priv, struct hostapd_freq_params *freq); 228static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 229 int ifindex, int disabled); 230 231static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv); 232 233 234struct nl80211_bss_info_arg { 235 struct wpa_driver_nl80211_data *drv; 236 struct wpa_scan_results *res; 237 unsigned int assoc_freq; 238}; 239 240static int bss_info_handler(struct nl_msg *msg, void *arg); 241 242 243/* nl80211 code */ 244static int ack_handler(struct nl_msg *msg, void *arg) 245{ 246 int *err = arg; 247 *err = 0; 248 return NL_STOP; 249} 250 251static int finish_handler(struct nl_msg *msg, void *arg) 252{ 253 int *ret = arg; 254 *ret = 0; 255 return NL_SKIP; 256} 257 258static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 259 void *arg) 260{ 261 int *ret = arg; 262 *ret = err->error; 263 return NL_SKIP; 264} 265 266 267static int no_seq_check(struct nl_msg *msg, void *arg) 268{ 269 return NL_OK; 270} 271 272 273static int send_and_recv(struct wpa_driver_nl80211_data *drv, 274 struct nl_handle *nl_handle, struct nl_msg *msg, 275 int (*valid_handler)(struct nl_msg *, void *), 276 void *valid_data) 277{ 278 struct nl_cb *cb; 279 int err = -ENOMEM; 280 281 cb = nl_cb_clone(drv->nl_cb); 282 if (!cb) 283 goto out; 284 285 err = nl_send_auto_complete(nl_handle, msg); 286 if (err < 0) 287 goto out; 288 289 err = 1; 290 291 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 292 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 293 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 294 295 if (valid_handler) 296 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 297 valid_handler, valid_data); 298 299 while (err > 0) 300 nl_recvmsgs(nl_handle, cb); 301 out: 302 nl_cb_put(cb); 303 nlmsg_free(msg); 304 return err; 305} 306 307 308int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 309 struct nl_msg *msg, 310 int (*valid_handler)(struct nl_msg *, void *), 311 void *valid_data) 312{ 313 return send_and_recv(drv, drv->nl_handle, msg, valid_handler, 314 valid_data); 315} 316 317 318struct family_data { 319 const char *group; 320 int id; 321}; 322 323 324static int family_handler(struct nl_msg *msg, void *arg) 325{ 326 struct family_data *res = arg; 327 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 328 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 329 struct nlattr *mcgrp; 330 int i; 331 332 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 333 genlmsg_attrlen(gnlh, 0), NULL); 334 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 335 return NL_SKIP; 336 337 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 338 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 339 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 340 nla_len(mcgrp), NULL); 341 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 342 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 343 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 344 res->group, 345 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 346 continue; 347 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 348 break; 349 }; 350 351 return NL_SKIP; 352} 353 354 355static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv, 356 const char *family, const char *group) 357{ 358 struct nl_msg *msg; 359 int ret = -1; 360 struct family_data res = { group, -ENOENT }; 361 362 msg = nlmsg_alloc(); 363 if (!msg) 364 return -ENOMEM; 365 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"), 366 0, 0, CTRL_CMD_GETFAMILY, 0); 367 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 368 369 ret = send_and_recv_msgs(drv, msg, family_handler, &res); 370 msg = NULL; 371 if (ret == 0) 372 ret = res.id; 373 374nla_put_failure: 375 nlmsg_free(msg); 376 return ret; 377} 378 379 380static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 381{ 382 struct i802_bss *bss = priv; 383 struct wpa_driver_nl80211_data *drv = bss->drv; 384 if (!drv->associated) 385 return -1; 386 os_memcpy(bssid, drv->bssid, ETH_ALEN); 387 return 0; 388} 389 390 391static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 392{ 393 struct i802_bss *bss = priv; 394 struct wpa_driver_nl80211_data *drv = bss->drv; 395 if (!drv->associated) 396 return -1; 397 os_memcpy(ssid, drv->ssid, drv->ssid_len); 398 return drv->ssid_len; 399} 400 401 402static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv, 403 char *buf, size_t len, int del) 404{ 405 union wpa_event_data event; 406 407 os_memset(&event, 0, sizeof(event)); 408 if (len > sizeof(event.interface_status.ifname)) 409 len = sizeof(event.interface_status.ifname) - 1; 410 os_memcpy(event.interface_status.ifname, buf, len); 411 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 412 EVENT_INTERFACE_ADDED; 413 414 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 415 del ? "DEL" : "NEW", 416 event.interface_status.ifname, 417 del ? "removed" : "added"); 418 419 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) { 420 if (del) 421 drv->if_removed = 1; 422 else 423 drv->if_removed = 0; 424 } 425 426 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 427} 428 429 430static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 431 u8 *buf, size_t len) 432{ 433 int attrlen, rta_len; 434 struct rtattr *attr; 435 436 attrlen = len; 437 attr = (struct rtattr *) buf; 438 439 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 440 while (RTA_OK(attr, attrlen)) { 441 if (attr->rta_type == IFLA_IFNAME) { 442 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname) 443 == 0) 444 return 1; 445 else 446 break; 447 } 448 attr = RTA_NEXT(attr, attrlen); 449 } 450 451 return 0; 452} 453 454 455static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 456 int ifindex, u8 *buf, size_t len) 457{ 458 if (drv->ifindex == ifindex) 459 return 1; 460 461 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 462 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname); 463 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 464 "interface"); 465 wpa_driver_nl80211_finish_drv_init(drv); 466 return 1; 467 } 468 469 return 0; 470} 471 472 473static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 474 struct ifinfomsg *ifi, 475 u8 *buf, size_t len) 476{ 477 struct wpa_driver_nl80211_data *drv = ctx; 478 int attrlen, rta_len; 479 struct rtattr *attr; 480 u32 brid = 0; 481 482 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, buf, len) && 483 !have_ifidx(drv, ifi->ifi_index)) { 484 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign " 485 "ifindex %d", ifi->ifi_index); 486 return; 487 } 488 489 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 490 "(%s%s%s%s)", 491 drv->operstate, ifi->ifi_flags, 492 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 493 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 494 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 495 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 496 497 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 498 wpa_printf(MSG_DEBUG, "nl80211: Interface down"); 499 drv->if_disabled = 1; 500 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL); 501 } 502 503 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 504 wpa_printf(MSG_DEBUG, "nl80211: Interface up"); 505 drv->if_disabled = 0; 506 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL); 507 } 508 509 /* 510 * Some drivers send the association event before the operup event--in 511 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 512 * fails. This will hit us when wpa_supplicant does not need to do 513 * IEEE 802.1X authentication 514 */ 515 if (drv->operstate == 1 && 516 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 517 !(ifi->ifi_flags & IFF_RUNNING)) 518 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 519 -1, IF_OPER_UP); 520 521 attrlen = len; 522 attr = (struct rtattr *) buf; 523 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 524 while (RTA_OK(attr, attrlen)) { 525 if (attr->rta_type == IFLA_IFNAME) { 526 wpa_driver_nl80211_event_link( 527 drv, 528 ((char *) attr) + rta_len, 529 attr->rta_len - rta_len, 0); 530 } else if (attr->rta_type == IFLA_MASTER) 531 brid = nla_get_u32((struct nlattr *) attr); 532 attr = RTA_NEXT(attr, attrlen); 533 } 534 535#ifdef HOSTAPD 536 if (ifi->ifi_family == AF_BRIDGE && brid) { 537 /* device has been added to bridge */ 538 char namebuf[IFNAMSIZ]; 539 if_indextoname(brid, namebuf); 540 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 541 brid, namebuf); 542 add_ifidx(drv, brid); 543 } 544#endif /* HOSTAPD */ 545} 546 547 548static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 549 struct ifinfomsg *ifi, 550 u8 *buf, size_t len) 551{ 552 struct wpa_driver_nl80211_data *drv = ctx; 553 int attrlen, rta_len; 554 struct rtattr *attr; 555 u32 brid = 0; 556 557 attrlen = len; 558 attr = (struct rtattr *) buf; 559 560 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 561 while (RTA_OK(attr, attrlen)) { 562 if (attr->rta_type == IFLA_IFNAME) { 563 wpa_driver_nl80211_event_link( 564 drv, 565 ((char *) attr) + rta_len, 566 attr->rta_len - rta_len, 1); 567 } else if (attr->rta_type == IFLA_MASTER) 568 brid = nla_get_u32((struct nlattr *) attr); 569 attr = RTA_NEXT(attr, attrlen); 570 } 571 572#ifdef HOSTAPD 573 if (ifi->ifi_family == AF_BRIDGE && brid) { 574 /* device has been removed from bridge */ 575 char namebuf[IFNAMSIZ]; 576 if_indextoname(brid, namebuf); 577 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 578 "%s", brid, namebuf); 579 del_ifidx(drv, brid); 580 } 581#endif /* HOSTAPD */ 582} 583 584 585static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 586 const u8 *frame, size_t len) 587{ 588 const struct ieee80211_mgmt *mgmt; 589 union wpa_event_data event; 590 591 mgmt = (const struct ieee80211_mgmt *) frame; 592 if (len < 24 + sizeof(mgmt->u.auth)) { 593 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 594 "frame"); 595 return; 596 } 597 598 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 599 os_memset(&event, 0, sizeof(event)); 600 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 601 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 602 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 603 if (len > 24 + sizeof(mgmt->u.auth)) { 604 event.auth.ies = mgmt->u.auth.variable; 605 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 606 } 607 608 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 609} 610 611 612static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv) 613{ 614 struct nl_msg *msg; 615 int ret; 616 struct nl80211_bss_info_arg arg; 617 618 os_memset(&arg, 0, sizeof(arg)); 619 msg = nlmsg_alloc(); 620 if (!msg) 621 goto nla_put_failure; 622 623 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP, 624 NL80211_CMD_GET_SCAN, 0); 625 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 626 627 arg.drv = drv; 628 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 629 msg = NULL; 630 if (ret == 0) { 631 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the " 632 "associated BSS from scan results: %u MHz", 633 arg.assoc_freq); 634 return arg.assoc_freq ? arg.assoc_freq : drv->assoc_freq; 635 } 636 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 637 "(%s)", ret, strerror(-ret)); 638nla_put_failure: 639 nlmsg_free(msg); 640 return drv->assoc_freq; 641} 642 643 644static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 645 const u8 *frame, size_t len) 646{ 647 const struct ieee80211_mgmt *mgmt; 648 union wpa_event_data event; 649 u16 status; 650#ifdef ANDROID_BRCM_P2P_PATCH 651 struct wpa_supplicant *wpa_s = drv->ctx; 652#endif 653 654 mgmt = (const struct ieee80211_mgmt *) frame; 655#if (defined (CONFIG_AP) || defined (HOSTAPD) ) && defined (ANDROID_BRCM_P2P_PATCH) 656 if (drv->nlmode == NL80211_IFTYPE_AP || drv->nlmode == NL80211_IFTYPE_P2P_GO) { 657 if (len < 24 + sizeof(mgmt->u.assoc_req)) { 658 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 659 "frame"); 660 return; 661 } 662 os_memset(&event, 0, sizeof(event)); 663 event.assoc_info.freq = drv->assoc_freq; 664 event.assoc_info.req_ies = (u8 *) mgmt->u.assoc_req.variable; 665 event.assoc_info.req_ies_len = len - 24 - sizeof(mgmt->u.assoc_req); 666 event.assoc_info.addr = mgmt->sa; 667 } else { 668#endif 669 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 670 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 671 "frame"); 672 return; 673 } 674 675 status = le_to_host16(mgmt->u.assoc_resp.status_code); 676 if (status != WLAN_STATUS_SUCCESS) { 677 os_memset(&event, 0, sizeof(event)); 678 event.assoc_reject.bssid = mgmt->bssid; 679 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 680 event.assoc_reject.resp_ies = 681 (u8 *) mgmt->u.assoc_resp.variable; 682 event.assoc_reject.resp_ies_len = 683 len - 24 - sizeof(mgmt->u.assoc_resp); 684 } 685 event.assoc_reject.status_code = status; 686 687 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 688 return; 689 } 690 691 drv->associated = 1; 692 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 693 694 os_memset(&event, 0, sizeof(event)); 695 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 696 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 697 event.assoc_info.resp_ies_len = 698 len - 24 - sizeof(mgmt->u.assoc_resp); 699 } 700 701 event.assoc_info.freq = drv->assoc_freq; 702#if (defined (CONFIG_AP) || defined(HOSTAPD)) && defined (ANDROID_BRCM_P2P_PATCH) 703 } 704#endif 705 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 706} 707 708 709static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 710 enum nl80211_commands cmd, struct nlattr *status, 711 struct nlattr *addr, struct nlattr *req_ie, 712 struct nlattr *resp_ie) 713{ 714 union wpa_event_data event; 715 716 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 717 /* 718 * Avoid reporting two association events that would confuse 719 * the core code. 720 */ 721 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 722 "when using userspace SME", cmd); 723 return; 724 } 725 726 os_memset(&event, 0, sizeof(event)); 727 if (cmd == NL80211_CMD_CONNECT && 728 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 729 if (addr) 730 event.assoc_reject.bssid = nla_data(addr); 731 if (resp_ie) { 732 event.assoc_reject.resp_ies = nla_data(resp_ie); 733 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 734 } 735 event.assoc_reject.status_code = nla_get_u16(status); 736 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 737 return; 738 } 739 740 drv->associated = 1; 741 if (addr) 742 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 743 744 if (req_ie) { 745 event.assoc_info.req_ies = nla_data(req_ie); 746 event.assoc_info.req_ies_len = nla_len(req_ie); 747 } 748 if (resp_ie) { 749 event.assoc_info.resp_ies = nla_data(resp_ie); 750 event.assoc_info.resp_ies_len = nla_len(resp_ie); 751 } 752 753 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 754 755 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 756} 757 758 759static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 760 enum nl80211_commands cmd, struct nlattr *addr) 761{ 762 union wpa_event_data event; 763 enum wpa_event_type ev; 764 765 if (nla_len(addr) != ETH_ALEN) 766 return; 767 768 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 769 cmd, MAC2STR((u8 *) nla_data(addr))); 770 771 if (cmd == NL80211_CMD_AUTHENTICATE) 772 ev = EVENT_AUTH_TIMED_OUT; 773 else if (cmd == NL80211_CMD_ASSOCIATE) 774 ev = EVENT_ASSOC_TIMED_OUT; 775 else 776 return; 777 778 os_memset(&event, 0, sizeof(event)); 779 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 780 wpa_supplicant_event(drv->ctx, ev, &event); 781} 782 783 784static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv, 785 struct nlattr *freq, const u8 *frame, size_t len) 786{ 787 const struct ieee80211_mgmt *mgmt; 788 union wpa_event_data event; 789 u16 fc, stype; 790 791 mgmt = (const struct ieee80211_mgmt *) frame; 792 if (len < 24) { 793 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame"); 794 return; 795 } 796 797 fc = le_to_host16(mgmt->frame_control); 798 stype = WLAN_FC_GET_STYPE(fc); 799 800 os_memset(&event, 0, sizeof(event)); 801 if (freq) { 802 event.rx_action.freq = nla_get_u32(freq); 803 drv->last_mgmt_freq = event.rx_action.freq; 804 } 805 if (stype == WLAN_FC_STYPE_ACTION) { 806 event.rx_action.da = mgmt->da; 807 event.rx_action.sa = mgmt->sa; 808 event.rx_action.bssid = mgmt->bssid; 809 event.rx_action.category = mgmt->u.action.category; 810 event.rx_action.data = &mgmt->u.action.category + 1; 811 event.rx_action.len = frame + len - event.rx_action.data; 812 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event); 813 } else { 814 event.rx_mgmt.frame = frame; 815 event.rx_mgmt.frame_len = len; 816 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 817 } 818} 819 820 821static void mlme_event_action_tx_status(struct wpa_driver_nl80211_data *drv, 822 struct nlattr *cookie, const u8 *frame, 823 size_t len, struct nlattr *ack) 824{ 825 union wpa_event_data event; 826 const struct ieee80211_hdr *hdr; 827 u16 fc; 828 u64 cookie_val; 829 830 if (!cookie) 831 return; 832 833 cookie_val = nla_get_u64(cookie); 834 wpa_printf(MSG_DEBUG, "nl80211: Action TX status: cookie=0%llx%s " 835 "(ack=%d)", 836 (long long unsigned int) cookie_val, 837 cookie_val == drv->send_action_cookie ? 838 " (match)" : " (unknown)", ack != NULL); 839 if (cookie_val != drv->send_action_cookie) 840 return; 841 842 hdr = (const struct ieee80211_hdr *) frame; 843 fc = le_to_host16(hdr->frame_control); 844 845 os_memset(&event, 0, sizeof(event)); 846 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 847 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 848 event.tx_status.dst = hdr->addr1; 849 event.tx_status.data = frame; 850 event.tx_status.data_len = len; 851 event.tx_status.ack = ack != NULL; 852 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 853} 854 855 856static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 857 enum wpa_event_type type, 858 const u8 *frame, size_t len) 859{ 860 const struct ieee80211_mgmt *mgmt; 861 union wpa_event_data event; 862 const u8 *bssid = NULL; 863 u16 reason_code = 0; 864 865 mgmt = (const struct ieee80211_mgmt *) frame; 866 if (len >= 24) { 867 bssid = mgmt->bssid; 868 869 if (drv->associated != 0 && 870 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 871 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 872 /* 873 * We have presumably received this deauth as a 874 * response to a clear_state_mismatch() outgoing 875 * deauth. Don't let it take us offline! 876 */ 877 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 878 "from Unknown BSSID " MACSTR " -- ignoring", 879 MAC2STR(bssid)); 880 return; 881 } 882 } 883 884 drv->associated = 0; 885 os_memset(&event, 0, sizeof(event)); 886 887 /* Note: Same offset for Reason Code in both frame subtypes */ 888 if (len >= 24 + sizeof(mgmt->u.deauth)) 889 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 890 891 if (type == EVENT_DISASSOC) { 892#ifdef ANDROID_BRCM_P2P_PATCH 893 if (drv->nlmode == NL80211_IFTYPE_AP || 894 drv->nlmode == NL80211_IFTYPE_P2P_GO) { 895 event.disassoc_info.addr = mgmt->sa; 896 } else 897#endif 898 event.disassoc_info.addr = bssid; 899 event.disassoc_info.reason_code = reason_code; 900 if (frame + len > mgmt->u.disassoc.variable) { 901 event.disassoc_info.ie = mgmt->u.disassoc.variable; 902 event.disassoc_info.ie_len = frame + len - 903 mgmt->u.disassoc.variable; 904 } 905 } else { 906#ifdef ANDROID_BRCM_P2P_PATCH 907 if (drv->nlmode == NL80211_IFTYPE_AP || 908 drv->nlmode == NL80211_IFTYPE_P2P_GO) { 909 event.deauth_info.addr = mgmt->sa; 910 } else 911#endif 912 event.deauth_info.addr = bssid; 913 event.deauth_info.reason_code = reason_code; 914 if (frame + len > mgmt->u.deauth.variable) { 915 event.deauth_info.ie = mgmt->u.deauth.variable; 916 event.deauth_info.ie_len = frame + len - 917 mgmt->u.deauth.variable; 918 } 919 } 920 921 wpa_supplicant_event(drv->ctx, type, &event); 922} 923 924 925static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 926 enum wpa_event_type type, 927 const u8 *frame, size_t len) 928{ 929 const struct ieee80211_mgmt *mgmt; 930 union wpa_event_data event; 931 u16 reason_code = 0; 932 933 if (len < 24) 934 return; 935 936 mgmt = (const struct ieee80211_mgmt *) frame; 937 938 os_memset(&event, 0, sizeof(event)); 939 /* Note: Same offset for Reason Code in both frame subtypes */ 940 if (len >= 24 + sizeof(mgmt->u.deauth)) 941 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 942 943 if (type == EVENT_UNPROT_DISASSOC) { 944 event.unprot_disassoc.sa = mgmt->sa; 945 event.unprot_disassoc.da = mgmt->da; 946 event.unprot_disassoc.reason_code = reason_code; 947 } else { 948 event.unprot_deauth.sa = mgmt->sa; 949 event.unprot_deauth.da = mgmt->da; 950 event.unprot_deauth.reason_code = reason_code; 951 } 952 953 wpa_supplicant_event(drv->ctx, type, &event); 954} 955 956 957static void mlme_event(struct wpa_driver_nl80211_data *drv, 958 enum nl80211_commands cmd, struct nlattr *frame, 959 struct nlattr *addr, struct nlattr *timed_out, 960 struct nlattr *freq, struct nlattr *ack, 961 struct nlattr *cookie) 962{ 963 if (timed_out && addr) { 964 mlme_timeout_event(drv, cmd, addr); 965 return; 966 } 967 968 if (frame == NULL) { 969 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame " 970 "data", cmd); 971 return; 972 } 973 974 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd); 975 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 976 nla_data(frame), nla_len(frame)); 977 978 switch (cmd) { 979 case NL80211_CMD_AUTHENTICATE: 980 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 981 break; 982 case NL80211_CMD_ASSOCIATE: 983 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 984 break; 985 case NL80211_CMD_DEAUTHENTICATE: 986 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 987 nla_data(frame), nla_len(frame)); 988 break; 989 case NL80211_CMD_DISASSOCIATE: 990 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 991 nla_data(frame), nla_len(frame)); 992 break; 993 case NL80211_CMD_FRAME: 994 mlme_event_mgmt(drv, freq, nla_data(frame), nla_len(frame)); 995 break; 996 case NL80211_CMD_FRAME_TX_STATUS: 997 mlme_event_action_tx_status(drv, cookie, nla_data(frame), 998 nla_len(frame), ack); 999 break; 1000 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1001 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 1002 nla_data(frame), nla_len(frame)); 1003 break; 1004 case NL80211_CMD_UNPROT_DISASSOCIATE: 1005 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 1006 nla_data(frame), nla_len(frame)); 1007 break; 1008 default: 1009 break; 1010 } 1011} 1012 1013 1014static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv, 1015 struct nlattr *tb[]) 1016{ 1017 union wpa_event_data data; 1018 1019 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 1020 os_memset(&data, 0, sizeof(data)); 1021 if (tb[NL80211_ATTR_MAC]) { 1022 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 1023 nla_data(tb[NL80211_ATTR_MAC]), 1024 nla_len(tb[NL80211_ATTR_MAC])); 1025 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 1026 } 1027 if (tb[NL80211_ATTR_KEY_SEQ]) { 1028 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 1029 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 1030 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 1031 } 1032 if (tb[NL80211_ATTR_KEY_TYPE]) { 1033 enum nl80211_key_type key_type = 1034 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 1035 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 1036 if (key_type == NL80211_KEYTYPE_PAIRWISE) 1037 data.michael_mic_failure.unicast = 1; 1038 } else 1039 data.michael_mic_failure.unicast = 1; 1040 1041 if (tb[NL80211_ATTR_KEY_IDX]) { 1042 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 1043 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 1044 } 1045 1046 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 1047} 1048 1049 1050static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 1051 struct nlattr *tb[]) 1052{ 1053 if (tb[NL80211_ATTR_MAC] == NULL) { 1054 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 1055 "event"); 1056 return; 1057 } 1058 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1059 drv->associated = 1; 1060 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 1061 MAC2STR(drv->bssid)); 1062 1063 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 1064} 1065 1066 1067static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 1068 int cancel_event, struct nlattr *tb[]) 1069{ 1070 unsigned int freq, chan_type, duration; 1071 union wpa_event_data data; 1072 u64 cookie; 1073 1074 if (tb[NL80211_ATTR_WIPHY_FREQ]) 1075 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 1076 else 1077 freq = 0; 1078 1079 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 1080 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1081 else 1082 chan_type = 0; 1083 1084 if (tb[NL80211_ATTR_DURATION]) 1085 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 1086 else 1087 duration = 0; 1088 1089 if (tb[NL80211_ATTR_COOKIE]) 1090 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 1091 else 1092 cookie = 0; 1093 1094 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 1095 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 1096 cancel_event, freq, chan_type, duration, 1097 (long long unsigned int) cookie, 1098 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 1099 1100 if (cookie != drv->remain_on_chan_cookie) 1101 return; /* not for us */ 1102 1103 drv->pending_remain_on_chan = !cancel_event; 1104 1105 os_memset(&data, 0, sizeof(data)); 1106 data.remain_on_channel.freq = freq; 1107 data.remain_on_channel.duration = duration; 1108 wpa_supplicant_event(drv->ctx, cancel_event ? 1109 EVENT_CANCEL_REMAIN_ON_CHANNEL : 1110 EVENT_REMAIN_ON_CHANNEL, &data); 1111} 1112 1113 1114static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 1115 struct nlattr *tb[]) 1116{ 1117 union wpa_event_data event; 1118 struct nlattr *nl; 1119 int rem; 1120 struct scan_info *info; 1121#define MAX_REPORT_FREQS 50 1122 int freqs[MAX_REPORT_FREQS]; 1123 int num_freqs = 0; 1124 1125 os_memset(&event, 0, sizeof(event)); 1126 info = &event.scan_info; 1127 info->aborted = aborted; 1128 1129 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 1130 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 1131 struct wpa_driver_scan_ssid *s = 1132 &info->ssids[info->num_ssids]; 1133 s->ssid = nla_data(nl); 1134 s->ssid_len = nla_len(nl); 1135 info->num_ssids++; 1136 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 1137 break; 1138 } 1139 } 1140 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 1141 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 1142 { 1143 freqs[num_freqs] = nla_get_u32(nl); 1144 num_freqs++; 1145 if (num_freqs == MAX_REPORT_FREQS - 1) 1146 break; 1147 } 1148 info->freqs = freqs; 1149 info->num_freqs = num_freqs; 1150 } 1151 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 1152} 1153 1154 1155static int get_link_signal(struct nl_msg *msg, void *arg) 1156{ 1157 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1158 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1159 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1]; 1160 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = { 1161 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 }, 1162 }; 1163 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1]; 1164 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = { 1165 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 }, 1166 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 }, 1167 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG }, 1168 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG }, 1169 }; 1170 struct wpa_signal_info *sig_change = arg; 1171 1172 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1173 genlmsg_attrlen(gnlh, 0), NULL); 1174 if (!tb[NL80211_ATTR_STA_INFO] || 1175 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX, 1176 tb[NL80211_ATTR_STA_INFO], policy)) 1177 return NL_SKIP; 1178 if (!sinfo[NL80211_STA_INFO_SIGNAL]) 1179 return NL_SKIP; 1180 1181 sig_change->current_signal = 1182 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]); 1183 1184 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) { 1185 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX, 1186 sinfo[NL80211_STA_INFO_TX_BITRATE], 1187 rate_policy)) { 1188 sig_change->current_txrate = 0; 1189 } else { 1190 if (rinfo[NL80211_RATE_INFO_BITRATE]) { 1191 sig_change->current_txrate = 1192 nla_get_u16(rinfo[ 1193 NL80211_RATE_INFO_BITRATE]) * 100; 1194 } 1195 } 1196 } 1197 1198 return NL_SKIP; 1199} 1200 1201 1202static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, 1203 struct wpa_signal_info *sig) 1204{ 1205 struct nl_msg *msg; 1206 1207 sig->current_signal = -9999; 1208 sig->current_txrate = 0; 1209 1210 msg = nlmsg_alloc(); 1211 if (!msg) 1212 return -ENOMEM; 1213 1214 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1215 0, NL80211_CMD_GET_STATION, 0); 1216 1217 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1218 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 1219 1220 return send_and_recv_msgs(drv, msg, get_link_signal, sig); 1221 nla_put_failure: 1222 return -ENOBUFS; 1223} 1224 1225 1226static int get_link_noise(struct nl_msg *msg, void *arg) 1227{ 1228 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1229 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1230 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 1231 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 1232 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 1233 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 1234 }; 1235 struct wpa_signal_info *sig_change = arg; 1236 1237 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1238 genlmsg_attrlen(gnlh, 0), NULL); 1239 1240 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 1241 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!"); 1242 return NL_SKIP; 1243 } 1244 1245 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 1246 tb[NL80211_ATTR_SURVEY_INFO], 1247 survey_policy)) { 1248 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested " 1249 "attributes!"); 1250 return NL_SKIP; 1251 } 1252 1253 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 1254 return NL_SKIP; 1255 1256 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 1257 sig_change->frequency) 1258 return NL_SKIP; 1259 1260 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 1261 return NL_SKIP; 1262 1263 sig_change->current_noise = 1264 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 1265 1266 return NL_SKIP; 1267} 1268 1269 1270static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, 1271 struct wpa_signal_info *sig_change) 1272{ 1273 struct nl_msg *msg; 1274 1275 sig_change->current_noise = 9999; 1276 sig_change->frequency = drv->assoc_freq; 1277 1278 msg = nlmsg_alloc(); 1279 if (!msg) 1280 return -ENOMEM; 1281 1282 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1283 NLM_F_DUMP, NL80211_CMD_GET_SURVEY, 0); 1284 1285 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1286 1287 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change); 1288 nla_put_failure: 1289 return -ENOBUFS; 1290} 1291 1292 1293static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 1294 struct nlattr *tb[]) 1295{ 1296 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 1297 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 1298 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 1299 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 1300 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 1301 }; 1302 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 1303 enum nl80211_cqm_rssi_threshold_event event; 1304 union wpa_event_data ed; 1305 struct wpa_signal_info sig; 1306 int res; 1307 1308 if (tb[NL80211_ATTR_CQM] == NULL || 1309 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 1310 cqm_policy)) { 1311 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 1312 return; 1313 } 1314 1315 os_memset(&ed, 0, sizeof(ed)); 1316 1317 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 1318 if (!tb[NL80211_ATTR_MAC]) 1319 return; 1320 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 1321 ETH_ALEN); 1322 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 1323 return; 1324 } 1325 1326 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 1327 return; 1328 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 1329 1330 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 1331 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1332 "event: RSSI high"); 1333 ed.signal_change.above_threshold = 1; 1334 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 1335 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1336 "event: RSSI low"); 1337 ed.signal_change.above_threshold = 0; 1338 } else 1339 return; 1340 1341 res = nl80211_get_link_signal(drv, &sig); 1342 if (res == 0) { 1343 ed.signal_change.current_signal = sig.current_signal; 1344 ed.signal_change.current_txrate = sig.current_txrate; 1345 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 1346 sig.current_signal, sig.current_txrate); 1347 } 1348 1349 res = nl80211_get_link_noise(drv, &sig); 1350 if (res == 0) { 1351 ed.signal_change.current_noise = sig.current_noise; 1352 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 1353 sig.current_noise); 1354 } 1355 1356 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 1357} 1358 1359 1360static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 1361 struct nlattr **tb) 1362{ 1363 u8 *addr; 1364 union wpa_event_data data; 1365 1366 if (tb[NL80211_ATTR_MAC] == NULL) 1367 return; 1368 addr = nla_data(tb[NL80211_ATTR_MAC]); 1369 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 1370 1371 if (drv->nlmode == NL80211_IFTYPE_AP && 1372 drv->no_monitor_iface_capab) { 1373 u8 *ies = NULL; 1374 size_t ies_len = 0; 1375 if (tb[NL80211_ATTR_IE]) { 1376 ies = nla_data(tb[NL80211_ATTR_IE]); 1377 ies_len = nla_len(tb[NL80211_ATTR_IE]); 1378 } 1379 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 1380 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0); 1381 return; 1382 } 1383 1384 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1385 return; 1386 1387 os_memset(&data, 0, sizeof(data)); 1388 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 1389 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data); 1390} 1391 1392 1393static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 1394 struct nlattr **tb) 1395{ 1396 u8 *addr; 1397 union wpa_event_data data; 1398 1399 if (tb[NL80211_ATTR_MAC] == NULL) 1400 return; 1401 addr = nla_data(tb[NL80211_ATTR_MAC]); 1402 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 1403 MAC2STR(addr)); 1404 1405 if (drv->nlmode == NL80211_IFTYPE_AP && 1406 drv->no_monitor_iface_capab) { 1407 drv_event_disassoc(drv->ctx, addr); 1408 return; 1409 } 1410 1411 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1412 return; 1413 1414 os_memset(&data, 0, sizeof(data)); 1415 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 1416 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 1417} 1418 1419 1420static int process_event(struct nl_msg *msg, void *arg) 1421{ 1422 struct wpa_driver_nl80211_data *drv = arg; 1423 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1424 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1425 union wpa_event_data data; 1426 1427 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1428 genlmsg_attrlen(gnlh, 0), NULL); 1429 1430 if (tb[NL80211_ATTR_IFINDEX]) { 1431 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 1432 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) { 1433 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)" 1434 " for foreign interface (ifindex %d)", 1435 gnlh->cmd, ifindex); 1436 return NL_SKIP; 1437 } 1438 } 1439 1440 if (drv->ap_scan_as_station && 1441 (gnlh->cmd == NL80211_CMD_NEW_SCAN_RESULTS || 1442 gnlh->cmd == NL80211_CMD_SCAN_ABORTED)) { 1443 wpa_driver_nl80211_set_mode(&drv->first_bss, 1444 IEEE80211_MODE_AP); 1445 drv->ap_scan_as_station = 0; 1446 } 1447 1448 switch (gnlh->cmd) { 1449 case NL80211_CMD_TRIGGER_SCAN: 1450 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger"); 1451 break; 1452 case NL80211_CMD_NEW_SCAN_RESULTS: 1453 wpa_printf(MSG_DEBUG, "nl80211: New scan results available"); 1454 drv->scan_complete_events = 1; 1455 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1456 drv->ctx); 1457 send_scan_event(drv, 0, tb); 1458 break; 1459 case NL80211_CMD_SCAN_ABORTED: 1460 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted"); 1461 /* 1462 * Need to indicate that scan results are available in order 1463 * not to make wpa_supplicant stop its scanning. 1464 */ 1465 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1466 drv->ctx); 1467 send_scan_event(drv, 1, tb); 1468 break; 1469 case NL80211_CMD_AUTHENTICATE: 1470 case NL80211_CMD_ASSOCIATE: 1471 case NL80211_CMD_DEAUTHENTICATE: 1472 case NL80211_CMD_DISASSOCIATE: 1473 case NL80211_CMD_FRAME: 1474 case NL80211_CMD_FRAME_TX_STATUS: 1475 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1476 case NL80211_CMD_UNPROT_DISASSOCIATE: 1477 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME], 1478 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 1479 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 1480 tb[NL80211_ATTR_COOKIE]); 1481 break; 1482 case NL80211_CMD_CONNECT: 1483 case NL80211_CMD_ROAM: 1484 mlme_event_connect(drv, gnlh->cmd, 1485 tb[NL80211_ATTR_STATUS_CODE], 1486 tb[NL80211_ATTR_MAC], 1487 tb[NL80211_ATTR_REQ_IE], 1488 tb[NL80211_ATTR_RESP_IE]); 1489 break; 1490 case NL80211_CMD_DISCONNECT: 1491 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1492 /* 1493 * Avoid reporting two disassociation events that could 1494 * confuse the core code. 1495 */ 1496 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1497 "event when using userspace SME"); 1498 break; 1499 } 1500 drv->associated = 0; 1501 os_memset(&data, 0, sizeof(data)); 1502 if (tb[NL80211_ATTR_REASON_CODE]) { 1503 data.disassoc_info.reason_code = 1504 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 1505#ifdef ANDROID 1506 if (data.disassoc_info.reason_code == WLAN_REASON_UNSPECIFIED) 1507 wpa_msg(drv->ctx, MSG_INFO, 1508 WPA_EVENT_DRIVER_STATE "HANGED"); 1509#endif 1510 } 1511 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data); 1512 break; 1513 case NL80211_CMD_MICHAEL_MIC_FAILURE: 1514 mlme_event_michael_mic_failure(drv, tb); 1515 break; 1516 case NL80211_CMD_JOIN_IBSS: 1517 mlme_event_join_ibss(drv, tb); 1518 break; 1519 case NL80211_CMD_REMAIN_ON_CHANNEL: 1520 mlme_event_remain_on_channel(drv, 0, tb); 1521 break; 1522 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 1523 mlme_event_remain_on_channel(drv, 1, tb); 1524 break; 1525 case NL80211_CMD_NOTIFY_CQM: 1526 nl80211_cqm_event(drv, tb); 1527 break; 1528 case NL80211_CMD_REG_CHANGE: 1529 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 1530 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 1531 NULL); 1532 break; 1533 case NL80211_CMD_REG_BEACON_HINT: 1534 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 1535 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 1536 NULL); 1537 break; 1538 case NL80211_CMD_NEW_STATION: 1539 nl80211_new_station_event(drv, tb); 1540 break; 1541 case NL80211_CMD_DEL_STATION: 1542 nl80211_del_station_event(drv, tb); 1543 break; 1544 default: 1545 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 1546 "(cmd=%d)", gnlh->cmd); 1547 break; 1548 } 1549 1550 return NL_SKIP; 1551} 1552 1553 1554static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 1555 void *handle) 1556{ 1557 struct nl_cb *cb; 1558 struct wpa_driver_nl80211_data *drv = eloop_ctx; 1559 1560 wpa_printf(MSG_DEBUG, "nl80211: Event message available"); 1561 1562 cb = nl_cb_clone(drv->nl_cb); 1563 if (!cb) 1564 return; 1565 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 1566 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv); 1567 nl_recvmsgs(handle, cb); 1568 nl_cb_put(cb); 1569} 1570 1571 1572/** 1573 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 1574 * @priv: driver_nl80211 private data 1575 * @alpha2_arg: country to which to switch to 1576 * Returns: 0 on success, -1 on failure 1577 * 1578 * This asks nl80211 to set the regulatory domain for given 1579 * country ISO / IEC alpha2. 1580 */ 1581static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 1582{ 1583 struct i802_bss *bss = priv; 1584 struct wpa_driver_nl80211_data *drv = bss->drv; 1585 char alpha2[3]; 1586 struct nl_msg *msg; 1587 1588 msg = nlmsg_alloc(); 1589 if (!msg) 1590 return -ENOMEM; 1591 1592 alpha2[0] = alpha2_arg[0]; 1593 alpha2[1] = alpha2_arg[1]; 1594 alpha2[2] = '\0'; 1595 1596 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1597 0, NL80211_CMD_REQ_SET_REG, 0); 1598 1599 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 1600 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 1601 return -EINVAL; 1602 return 0; 1603nla_put_failure: 1604 return -EINVAL; 1605} 1606 1607 1608struct wiphy_info_data { 1609 int max_scan_ssids; 1610 int ap_supported; 1611 int p2p_supported; 1612 int auth_supported; 1613 int connect_supported; 1614 int offchan_tx_supported; 1615 int max_remain_on_chan; 1616}; 1617 1618 1619static int wiphy_info_handler(struct nl_msg *msg, void *arg) 1620{ 1621 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1622 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1623 struct wiphy_info_data *info = arg; 1624 int p2p_go_supported = 0, p2p_client_supported = 0; 1625 1626 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1627 genlmsg_attrlen(gnlh, 0), NULL); 1628 1629 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 1630 info->max_scan_ssids = 1631 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 1632 1633 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) { 1634 struct nlattr *nl_mode; 1635 int i; 1636 nla_for_each_nested(nl_mode, 1637 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) { 1638 switch (nla_type(nl_mode)) { 1639 case NL80211_IFTYPE_AP: 1640 info->ap_supported = 1; 1641 break; 1642 case NL80211_IFTYPE_P2P_GO: 1643 p2p_go_supported = 1; 1644 break; 1645 case NL80211_IFTYPE_P2P_CLIENT: 1646 p2p_client_supported = 1; 1647 break; 1648 } 1649 } 1650 } 1651 1652 info->p2p_supported = p2p_go_supported && p2p_client_supported; 1653 1654 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) { 1655 struct nlattr *nl_cmd; 1656 int i; 1657 1658 nla_for_each_nested(nl_cmd, 1659 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) { 1660 u32 cmd = nla_get_u32(nl_cmd); 1661 if (cmd == NL80211_CMD_AUTHENTICATE) 1662 info->auth_supported = 1; 1663 else if (cmd == NL80211_CMD_CONNECT) 1664 info->connect_supported = 1; 1665 } 1666 } 1667 1668 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) 1669 info->offchan_tx_supported = 1; 1670 1671 if (tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]) 1672 info->max_remain_on_chan = 1673 nla_get_u32(tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]); 1674 1675 return NL_SKIP; 1676} 1677 1678 1679static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 1680 struct wiphy_info_data *info) 1681{ 1682 struct nl_msg *msg; 1683 1684 os_memset(info, 0, sizeof(*info)); 1685 1686 /* default to 5000 since early versions of mac80211 don't set it */ 1687 info->max_remain_on_chan = 5000; 1688 1689 msg = nlmsg_alloc(); 1690 if (!msg) 1691 return -1; 1692 1693 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1694 0, NL80211_CMD_GET_WIPHY, 0); 1695 1696 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex); 1697 1698 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0) 1699 return 0; 1700 msg = NULL; 1701nla_put_failure: 1702 nlmsg_free(msg); 1703 return -1; 1704} 1705 1706 1707static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 1708{ 1709 struct wiphy_info_data info; 1710 if (wpa_driver_nl80211_get_info(drv, &info)) 1711 return -1; 1712 drv->has_capability = 1; 1713 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */ 1714 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 1715 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 1716 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 1717 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 1718 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 | 1719 WPA_DRIVER_CAPA_ENC_WEP104 | 1720 WPA_DRIVER_CAPA_ENC_TKIP | 1721 WPA_DRIVER_CAPA_ENC_CCMP; 1722 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 1723 WPA_DRIVER_AUTH_SHARED | 1724 WPA_DRIVER_AUTH_LEAP; 1725 1726 drv->capa.max_scan_ssids = info.max_scan_ssids; 1727 if (info.ap_supported) 1728 drv->capa.flags |= WPA_DRIVER_FLAGS_AP; 1729 1730 if (info.auth_supported) 1731 drv->capa.flags |= WPA_DRIVER_FLAGS_SME; 1732 else if (!info.connect_supported) { 1733 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 1734 "authentication/association or connect commands"); 1735 return -1; 1736 } 1737 1738 if (info.offchan_tx_supported) { 1739 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based " 1740 "off-channel TX"); 1741 drv->capa.flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 1742 } 1743 1744 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES; 1745 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 1746 if (info.p2p_supported) 1747 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE; 1748 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 1749 drv->capa.max_remain_on_chan = info.max_remain_on_chan; 1750 1751 return 0; 1752} 1753 1754 1755static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) 1756{ 1757 int ret; 1758 1759 /* Initialize generic netlink and nl80211 */ 1760 1761 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 1762 if (drv->nl_cb == NULL) { 1763 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1764 "callbacks"); 1765 goto err1; 1766 } 1767 1768 drv->nl_handle = nl80211_handle_alloc(drv->nl_cb); 1769 if (drv->nl_handle == NULL) { 1770 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1771 "callbacks"); 1772 goto err2; 1773 } 1774 1775 drv->nl_handle_event = nl80211_handle_alloc(drv->nl_cb); 1776 if (drv->nl_handle_event == NULL) { 1777 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1778 "callbacks (event)"); 1779 goto err2b; 1780 } 1781 1782 if (genl_connect(drv->nl_handle)) { 1783 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 1784 "netlink"); 1785 goto err3; 1786 } 1787 1788 if (genl_connect(drv->nl_handle_event)) { 1789 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 1790 "netlink (event)"); 1791 goto err3; 1792 } 1793 1794#ifdef CONFIG_LIBNL20 1795 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) { 1796 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1797 "netlink cache"); 1798 goto err3; 1799 } 1800 if (genl_ctrl_alloc_cache(drv->nl_handle_event, &drv->nl_cache_event) < 1801 0) { 1802 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1803 "netlink cache (event)"); 1804 goto err3b; 1805 } 1806#else /* CONFIG_LIBNL20 */ 1807 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle); 1808 if (drv->nl_cache == NULL) { 1809 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1810 "netlink cache"); 1811 goto err3; 1812 } 1813 drv->nl_cache_event = genl_ctrl_alloc_cache(drv->nl_handle_event); 1814 if (drv->nl_cache_event == NULL) { 1815 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1816 "netlink cache (event)"); 1817 goto err3b; 1818 } 1819#endif /* CONFIG_LIBNL20 */ 1820 1821 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211"); 1822 if (drv->nl80211 == NULL) { 1823 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 1824 "found"); 1825 goto err4; 1826 } 1827 1828 ret = nl_get_multicast_id(drv, "nl80211", "scan"); 1829 if (ret >= 0) 1830 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1831 if (ret < 0) { 1832 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 1833 "membership for scan events: %d (%s)", 1834 ret, strerror(-ret)); 1835 goto err4; 1836 } 1837 1838 ret = nl_get_multicast_id(drv, "nl80211", "mlme"); 1839 if (ret >= 0) 1840 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1841 if (ret < 0) { 1842 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 1843 "membership for mlme events: %d (%s)", 1844 ret, strerror(-ret)); 1845 goto err4; 1846 } 1847 1848 ret = nl_get_multicast_id(drv, "nl80211", "regulatory"); 1849 if (ret >= 0) 1850 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1851 if (ret < 0) { 1852 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 1853 "membership for regulatory events: %d (%s)", 1854 ret, strerror(-ret)); 1855 /* Continue without regulatory events */ 1856 } 1857 1858 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_event), 1859 wpa_driver_nl80211_event_receive, drv, 1860 drv->nl_handle_event); 1861 1862 return 0; 1863 1864err4: 1865 nl_cache_free(drv->nl_cache_event); 1866err3b: 1867 nl_cache_free(drv->nl_cache); 1868err3: 1869 nl80211_handle_destroy(drv->nl_handle_event); 1870err2b: 1871 nl80211_handle_destroy(drv->nl_handle); 1872err2: 1873 nl_cb_put(drv->nl_cb); 1874err1: 1875 return -1; 1876} 1877 1878 1879static void wpa_driver_nl80211_rfkill_blocked(void *ctx) 1880{ 1881 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); 1882 /* 1883 * This may be for any interface; use ifdown event to disable 1884 * interface. 1885 */ 1886} 1887 1888 1889static void wpa_driver_nl80211_rfkill_unblocked(void *ctx) 1890{ 1891 struct wpa_driver_nl80211_data *drv = ctx; 1892 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked"); 1893 if (linux_set_iface_flags(drv->ioctl_sock, drv->first_bss.ifname, 1)) { 1894 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP " 1895 "after rfkill unblock"); 1896 return; 1897 } 1898 /* rtnetlink ifup handler will report interface as enabled */ 1899} 1900 1901 1902static void nl80211_get_phy_name(struct wpa_driver_nl80211_data *drv) 1903{ 1904 /* Find phy (radio) to which this interface belongs */ 1905 char buf[90], *pos; 1906 int f, rv; 1907 1908 drv->phyname[0] = '\0'; 1909 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name", 1910 drv->first_bss.ifname); 1911 f = open(buf, O_RDONLY); 1912 if (f < 0) { 1913 wpa_printf(MSG_DEBUG, "Could not open file %s: %s", 1914 buf, strerror(errno)); 1915 return; 1916 } 1917 1918 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1); 1919 close(f); 1920 if (rv < 0) { 1921 wpa_printf(MSG_DEBUG, "Could not read file %s: %s", 1922 buf, strerror(errno)); 1923 return; 1924 } 1925 1926 drv->phyname[rv] = '\0'; 1927 pos = os_strchr(drv->phyname, '\n'); 1928 if (pos) 1929 *pos = '\0'; 1930 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s", 1931 drv->first_bss.ifname, drv->phyname); 1932} 1933 1934 1935/** 1936 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 1937 * @ctx: context to be used when calling wpa_supplicant functions, 1938 * e.g., wpa_supplicant_event() 1939 * @ifname: interface name, e.g., wlan0 1940 * @global_priv: private driver global data from global_init() 1941 * Returns: Pointer to private data, %NULL on failure 1942 */ 1943static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, 1944 void *global_priv) 1945{ 1946 struct wpa_driver_nl80211_data *drv; 1947 struct netlink_config *cfg; 1948 struct rfkill_config *rcfg; 1949 struct i802_bss *bss; 1950 1951 drv = os_zalloc(sizeof(*drv)); 1952 if (drv == NULL) 1953 return NULL; 1954 drv->global = global_priv; 1955 drv->ctx = ctx; 1956 bss = &drv->first_bss; 1957 bss->drv = drv; 1958 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 1959 drv->monitor_ifidx = -1; 1960 drv->monitor_sock = -1; 1961 drv->ioctl_sock = -1; 1962 1963 if (wpa_driver_nl80211_init_nl(drv)) { 1964 os_free(drv); 1965 return NULL; 1966 } 1967 1968 nl80211_get_phy_name(drv); 1969 1970 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 1971 if (drv->ioctl_sock < 0) { 1972 perror("socket(PF_INET,SOCK_DGRAM)"); 1973 goto failed; 1974 } 1975 1976 cfg = os_zalloc(sizeof(*cfg)); 1977 if (cfg == NULL) 1978 goto failed; 1979 cfg->ctx = drv; 1980 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 1981 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 1982 drv->netlink = netlink_init(cfg); 1983 if (drv->netlink == NULL) { 1984 os_free(cfg); 1985 goto failed; 1986 } 1987 1988 rcfg = os_zalloc(sizeof(*rcfg)); 1989 if (rcfg == NULL) 1990 goto failed; 1991 rcfg->ctx = drv; 1992 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 1993 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked; 1994 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked; 1995 drv->rfkill = rfkill_init(rcfg); 1996 if (drv->rfkill == NULL) { 1997 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available"); 1998 os_free(rcfg); 1999 } 2000 2001 if (wpa_driver_nl80211_finish_drv_init(drv)) 2002 goto failed; 2003 2004 if (drv->global) 2005 dl_list_add(&drv->global->interfaces, &drv->list); 2006 2007 return bss; 2008 2009failed: 2010 rfkill_deinit(drv->rfkill); 2011 netlink_deinit(drv->netlink); 2012 if (drv->ioctl_sock >= 0) 2013 close(drv->ioctl_sock); 2014 2015 genl_family_put(drv->nl80211); 2016 nl_cache_free(drv->nl_cache); 2017 nl80211_handle_destroy(drv->nl_handle); 2018 nl_cb_put(drv->nl_cb); 2019 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 2020 2021 os_free(drv); 2022 return NULL; 2023} 2024 2025 2026static int nl80211_register_frame(struct wpa_driver_nl80211_data *drv, 2027 struct nl_handle *nl_handle, 2028 u16 type, const u8 *match, size_t match_len) 2029{ 2030 struct nl_msg *msg; 2031 int ret = -1; 2032 2033 msg = nlmsg_alloc(); 2034 if (!msg) 2035 return -1; 2036 2037 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 2038 NL80211_CMD_REGISTER_ACTION, 0); 2039 2040 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2041 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type); 2042 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 2043 2044 ret = send_and_recv(drv, nl_handle, msg, NULL, NULL); 2045 msg = NULL; 2046 if (ret) { 2047 wpa_printf(MSG_DEBUG, "nl80211: Register frame command " 2048 "failed (type=%u): ret=%d (%s)", 2049 type, ret, strerror(-ret)); 2050 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 2051 match, match_len); 2052 goto nla_put_failure; 2053 } 2054 ret = 0; 2055nla_put_failure: 2056 nlmsg_free(msg); 2057 return ret; 2058} 2059 2060 2061static int nl80211_register_action_frame(struct wpa_driver_nl80211_data *drv, 2062 const u8 *match, size_t match_len) 2063{ 2064 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4); 2065 return nl80211_register_frame(drv, drv->nl_handle_event, 2066 type, match, match_len); 2067} 2068 2069 2070static int nl80211_register_action_frames(struct wpa_driver_nl80211_data *drv) 2071{ 2072#ifdef CONFIG_P2P 2073 /* GAS Initial Request */ 2074 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0a", 2) < 0) 2075 return -1; 2076 /* GAS Initial Response */ 2077 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0b", 2) < 0) 2078 return -1; 2079 /* GAS Comeback Request */ 2080 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0c", 2) < 0) 2081 return -1; 2082 /* GAS Comeback Response */ 2083 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0d", 2) < 0) 2084 return -1; 2085 /* P2P Public Action */ 2086 if (nl80211_register_action_frame(drv, 2087 (u8 *) "\x04\x09\x50\x6f\x9a\x09", 2088 6) < 0) 2089 return -1; 2090 /* P2P Action */ 2091 if (nl80211_register_action_frame(drv, 2092 (u8 *) "\x7f\x50\x6f\x9a\x09", 2093 5) < 0) 2094 return -1; 2095#endif /* CONFIG_P2P */ 2096#ifdef CONFIG_IEEE80211W 2097 /* SA Query Response */ 2098 if (nl80211_register_action_frame(drv, (u8 *) "\x08\x01", 2) < 0) 2099 return -1; 2100#endif /* CONFIG_IEEE80211W */ 2101 2102 /* FT Action frames */ 2103 if (nl80211_register_action_frame(drv, (u8 *) "\x06", 1) < 0) 2104 return -1; 2105 else 2106 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 2107 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 2108 2109 return 0; 2110} 2111 2112 2113static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx) 2114{ 2115 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 2116} 2117 2118 2119static int 2120wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv) 2121{ 2122 struct i802_bss *bss = &drv->first_bss; 2123 int send_rfkill_event = 0; 2124 2125 drv->ifindex = if_nametoindex(bss->ifname); 2126 drv->first_bss.ifindex = drv->ifindex; 2127 2128#ifndef HOSTAPD 2129 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA) < 0) { 2130 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to " 2131 "use managed mode"); 2132 } 2133 2134 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) { 2135 if (rfkill_is_blocked(drv->rfkill)) { 2136 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable " 2137 "interface '%s' due to rfkill", 2138 bss->ifname); 2139 drv->if_disabled = 1; 2140 send_rfkill_event = 1; 2141 } else { 2142 wpa_printf(MSG_ERROR, "nl80211: Could not set " 2143 "interface '%s' UP", bss->ifname); 2144 return -1; 2145 } 2146 } 2147 2148 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 2149 1, IF_OPER_DORMANT); 2150#endif /* HOSTAPD */ 2151 2152 if (wpa_driver_nl80211_capa(drv)) 2153 return -1; 2154 2155 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, drv->addr)) 2156 return -1; 2157 2158 if (nl80211_register_action_frames(drv) < 0) { 2159 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 2160 "frame processing - ignore for now"); 2161 /* 2162 * Older kernel versions did not support this, so ignore the 2163 * error for now. Some functionality may not be available 2164 * because of this. 2165 */ 2166 } 2167 2168 if (send_rfkill_event) { 2169 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill, 2170 drv, drv->ctx); 2171 } 2172 2173 return 0; 2174} 2175 2176 2177static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 2178{ 2179 struct nl_msg *msg; 2180 2181 msg = nlmsg_alloc(); 2182 if (!msg) 2183 return -ENOMEM; 2184 2185 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2186 0, NL80211_CMD_DEL_BEACON, 0); 2187 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2188 2189 return send_and_recv_msgs(drv, msg, NULL, NULL); 2190 nla_put_failure: 2191 return -ENOBUFS; 2192} 2193 2194 2195/** 2196 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 2197 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init() 2198 * 2199 * Shut down driver interface and processing of driver events. Free 2200 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 2201 */ 2202static void wpa_driver_nl80211_deinit(void *priv) 2203{ 2204 struct i802_bss *bss = priv; 2205 struct wpa_driver_nl80211_data *drv = bss->drv; 2206 2207 if (drv->nl_handle_preq) 2208 wpa_driver_nl80211_probe_req_report(bss, 0); 2209 if (bss->added_if_into_bridge) { 2210 if (linux_br_del_if(drv->ioctl_sock, bss->brname, bss->ifname) 2211 < 0) 2212 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 2213 "interface %s from bridge %s: %s", 2214 bss->ifname, bss->brname, strerror(errno)); 2215 } 2216 if (bss->added_bridge) { 2217 if (linux_br_del(drv->ioctl_sock, bss->brname) < 0) 2218 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 2219 "bridge %s: %s", 2220 bss->brname, strerror(errno)); 2221 } 2222 2223 nl80211_remove_monitor_interface(drv); 2224 2225 if (drv->nlmode == NL80211_IFTYPE_AP) 2226 wpa_driver_nl80211_del_beacon(drv); 2227 2228#ifdef HOSTAPD 2229 if (drv->last_freq_ht) { 2230 /* Clear HT flags from the driver */ 2231 struct hostapd_freq_params freq; 2232 os_memset(&freq, 0, sizeof(freq)); 2233 freq.freq = drv->last_freq; 2234 i802_set_freq(priv, &freq); 2235 } 2236 2237 if (drv->eapol_sock >= 0) { 2238 eloop_unregister_read_sock(drv->eapol_sock); 2239 close(drv->eapol_sock); 2240 } 2241 2242 if (drv->if_indices != drv->default_if_indices) 2243 os_free(drv->if_indices); 2244#endif /* HOSTAPD */ 2245 2246 if (drv->disable_11b_rates) 2247 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 2248 2249 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP); 2250 netlink_deinit(drv->netlink); 2251 rfkill_deinit(drv->rfkill); 2252 2253 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 2254 2255 (void) linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0); 2256 wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA); 2257 2258 if (drv->ioctl_sock >= 0) 2259 close(drv->ioctl_sock); 2260 2261 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 2262 genl_family_put(drv->nl80211); 2263 nl_cache_free(drv->nl_cache); 2264 nl_cache_free(drv->nl_cache_event); 2265 nl80211_handle_destroy(drv->nl_handle); 2266 nl80211_handle_destroy(drv->nl_handle_event); 2267 nl_cb_put(drv->nl_cb); 2268 2269 os_free(drv->filter_ssids); 2270 2271 if (drv->global) 2272 dl_list_del(&drv->list); 2273 2274 os_free(drv); 2275} 2276 2277 2278/** 2279 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 2280 * @eloop_ctx: Driver private data 2281 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 2282 * 2283 * This function can be used as registered timeout when starting a scan to 2284 * generate a scan completed event if the driver does not report this. 2285 */ 2286static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 2287{ 2288 struct wpa_driver_nl80211_data *drv = eloop_ctx; 2289 if (drv->ap_scan_as_station) { 2290 wpa_driver_nl80211_set_mode(&drv->first_bss, 2291 IEEE80211_MODE_AP); 2292 drv->ap_scan_as_station = 0; 2293 } 2294 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 2295 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 2296} 2297 2298 2299/** 2300 * wpa_driver_nl80211_scan - Request the driver to initiate scan 2301 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 2302 * @params: Scan parameters 2303 * Returns: 0 on success, -1 on failure 2304 */ 2305static int wpa_driver_nl80211_scan(void *priv, 2306 struct wpa_driver_scan_params *params) 2307{ 2308 struct i802_bss *bss = priv; 2309 struct wpa_driver_nl80211_data *drv = bss->drv; 2310 int ret = 0, timeout; 2311 struct nl_msg *msg, *ssids, *freqs; 2312 size_t i; 2313 2314 msg = nlmsg_alloc(); 2315 ssids = nlmsg_alloc(); 2316 freqs = nlmsg_alloc(); 2317 if (!msg || !ssids || !freqs) { 2318 nlmsg_free(msg); 2319 nlmsg_free(ssids); 2320 nlmsg_free(freqs); 2321 return -1; 2322 } 2323 2324 os_free(drv->filter_ssids); 2325 drv->filter_ssids = params->filter_ssids; 2326 params->filter_ssids = NULL; 2327 drv->num_filter_ssids = params->num_filter_ssids; 2328 2329 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 2330 NL80211_CMD_TRIGGER_SCAN, 0); 2331 2332 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2333 2334 for (i = 0; i < params->num_ssids; i++) { 2335 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 2336 params->ssids[i].ssid, 2337 params->ssids[i].ssid_len); 2338 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len, 2339 params->ssids[i].ssid); 2340 } 2341 if (params->num_ssids) 2342 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids); 2343 2344 if (params->extra_ies) { 2345 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan extra IEs", 2346 params->extra_ies, params->extra_ies_len); 2347 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len, 2348 params->extra_ies); 2349 } 2350 2351 if (params->freqs) { 2352 for (i = 0; params->freqs[i]; i++) { 2353 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 2354 "MHz", params->freqs[i]); 2355 NLA_PUT_U32(freqs, i + 1, params->freqs[i]); 2356 } 2357 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs); 2358 } 2359 2360 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2361 msg = NULL; 2362 if (ret) { 2363 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 2364 "(%s)", ret, strerror(-ret)); 2365#ifdef HOSTAPD 2366 if (drv->nlmode == NL80211_IFTYPE_AP) { 2367 /* 2368 * mac80211 does not allow scan requests in AP mode, so 2369 * try to do this in station mode. 2370 */ 2371 if (wpa_driver_nl80211_set_mode(bss, 2372 IEEE80211_MODE_INFRA)) 2373 goto nla_put_failure; 2374 2375 if (wpa_driver_nl80211_scan(drv, params)) { 2376 wpa_driver_nl80211_set_mode(bss, 2377 IEEE80211_MODE_AP); 2378 goto nla_put_failure; 2379 } 2380 2381 /* Restore AP mode when processing scan results */ 2382 drv->ap_scan_as_station = 1; 2383 ret = 0; 2384 } else 2385 goto nla_put_failure; 2386#else /* HOSTAPD */ 2387 goto nla_put_failure; 2388#endif /* HOSTAPD */ 2389 } 2390 2391 /* Not all drivers generate "scan completed" wireless event, so try to 2392 * read results after a timeout. */ 2393 timeout = 10; 2394 if (drv->scan_complete_events) { 2395 /* 2396 * The driver seems to deliver events to notify when scan is 2397 * complete, so use longer timeout to avoid race conditions 2398 * with scanning and following association request. 2399 */ 2400 timeout = 30; 2401 } 2402 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 2403 "seconds", ret, timeout); 2404 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 2405 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 2406 drv, drv->ctx); 2407 2408nla_put_failure: 2409 nlmsg_free(ssids); 2410 nlmsg_free(msg); 2411 nlmsg_free(freqs); 2412 return ret; 2413} 2414 2415 2416static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 2417{ 2418 const u8 *end, *pos; 2419 2420 if (ies == NULL) 2421 return NULL; 2422 2423 pos = ies; 2424 end = ies + ies_len; 2425 2426 while (pos + 1 < end) { 2427 if (pos + 2 + pos[1] > end) 2428 break; 2429 if (pos[0] == ie) 2430 return pos; 2431 pos += 2 + pos[1]; 2432 } 2433 2434 return NULL; 2435} 2436 2437 2438static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 2439 const u8 *ie, size_t ie_len) 2440{ 2441 const u8 *ssid; 2442 size_t i; 2443 2444 if (drv->filter_ssids == NULL) 2445 return 0; 2446 2447 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 2448 if (ssid == NULL) 2449 return 1; 2450 2451 for (i = 0; i < drv->num_filter_ssids; i++) { 2452 if (ssid[1] == drv->filter_ssids[i].ssid_len && 2453 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 2454 0) 2455 return 0; 2456 } 2457 2458 return 1; 2459} 2460 2461 2462static int bss_info_handler(struct nl_msg *msg, void *arg) 2463{ 2464 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2465 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2466 struct nlattr *bss[NL80211_BSS_MAX + 1]; 2467 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 2468 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 2469 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 2470 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 2471 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 2472 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 2473 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 2474 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 2475 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 2476 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 2477 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 2478 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 2479 }; 2480 struct nl80211_bss_info_arg *_arg = arg; 2481 struct wpa_scan_results *res = _arg->res; 2482 struct wpa_scan_res **tmp; 2483 struct wpa_scan_res *r; 2484 const u8 *ie, *beacon_ie; 2485 size_t ie_len, beacon_ie_len; 2486 u8 *pos; 2487 size_t i; 2488 2489 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2490 genlmsg_attrlen(gnlh, 0), NULL); 2491 if (!tb[NL80211_ATTR_BSS]) 2492 return NL_SKIP; 2493 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 2494 bss_policy)) 2495 return NL_SKIP; 2496 if (bss[NL80211_BSS_STATUS]) { 2497 enum nl80211_bss_status status; 2498 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 2499 if (status == NL80211_BSS_STATUS_ASSOCIATED && 2500 bss[NL80211_BSS_FREQUENCY]) { 2501 _arg->assoc_freq = 2502 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 2503 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz", 2504 _arg->assoc_freq); 2505 } 2506 } 2507 if (!res) 2508 return NL_SKIP; 2509 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 2510 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 2511 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 2512 } else { 2513 ie = NULL; 2514 ie_len = 0; 2515 } 2516 if (bss[NL80211_BSS_BEACON_IES]) { 2517 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 2518 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 2519 } else { 2520 beacon_ie = NULL; 2521 beacon_ie_len = 0; 2522 } 2523 2524 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 2525 ie ? ie_len : beacon_ie_len)) 2526 return NL_SKIP; 2527 2528 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 2529 if (r == NULL) 2530 return NL_SKIP; 2531 if (bss[NL80211_BSS_BSSID]) 2532 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 2533 ETH_ALEN); 2534 if (bss[NL80211_BSS_FREQUENCY]) 2535 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 2536 if (bss[NL80211_BSS_BEACON_INTERVAL]) 2537 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 2538 if (bss[NL80211_BSS_CAPABILITY]) 2539 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 2540 r->flags |= WPA_SCAN_NOISE_INVALID; 2541 if (bss[NL80211_BSS_SIGNAL_MBM]) { 2542 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 2543 r->level /= 100; /* mBm to dBm */ 2544 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 2545 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 2546 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 2547 r->flags |= WPA_SCAN_LEVEL_INVALID; 2548 } else 2549 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 2550 if (bss[NL80211_BSS_TSF]) 2551 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 2552 if (bss[NL80211_BSS_SEEN_MS_AGO]) 2553 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 2554 r->ie_len = ie_len; 2555 pos = (u8 *) (r + 1); 2556 if (ie) { 2557 os_memcpy(pos, ie, ie_len); 2558 pos += ie_len; 2559 } 2560 r->beacon_ie_len = beacon_ie_len; 2561 if (beacon_ie) 2562 os_memcpy(pos, beacon_ie, beacon_ie_len); 2563 2564 if (bss[NL80211_BSS_STATUS]) { 2565 enum nl80211_bss_status status; 2566 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 2567 switch (status) { 2568 case NL80211_BSS_STATUS_AUTHENTICATED: 2569 r->flags |= WPA_SCAN_AUTHENTICATED; 2570 break; 2571 case NL80211_BSS_STATUS_ASSOCIATED: 2572 r->flags |= WPA_SCAN_ASSOCIATED; 2573 break; 2574 default: 2575 break; 2576 } 2577 } 2578 2579 /* 2580 * cfg80211 maintains separate BSS table entries for APs if the same 2581 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does 2582 * not use frequency as a separate key in the BSS table, so filter out 2583 * duplicated entries. Prefer associated BSS entry in such a case in 2584 * order to get the correct frequency into the BSS table. 2585 */ 2586 for (i = 0; i < res->num; i++) { 2587 const u8 *s1, *s2; 2588 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0) 2589 continue; 2590 2591 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1), 2592 res->res[i]->ie_len, WLAN_EID_SSID); 2593 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID); 2594 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] || 2595 os_memcmp(s1, s2, 2 + s1[1]) != 0) 2596 continue; 2597 2598 /* Same BSSID,SSID was already included in scan results */ 2599 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result " 2600 "for " MACSTR, MAC2STR(r->bssid)); 2601 2602 if ((r->flags & WPA_SCAN_ASSOCIATED) && 2603 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) { 2604 os_free(res->res[i]); 2605 res->res[i] = r; 2606 } else 2607 os_free(r); 2608 return NL_SKIP; 2609 } 2610 2611 tmp = os_realloc(res->res, 2612 (res->num + 1) * sizeof(struct wpa_scan_res *)); 2613 if (tmp == NULL) { 2614 os_free(r); 2615 return NL_SKIP; 2616 } 2617 tmp[res->num++] = r; 2618 res->res = tmp; 2619 2620 return NL_SKIP; 2621} 2622 2623 2624static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 2625 const u8 *addr) 2626{ 2627 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 2628 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 2629 "mismatch (" MACSTR ")", MAC2STR(addr)); 2630 wpa_driver_nl80211_mlme(drv, addr, 2631 NL80211_CMD_DEAUTHENTICATE, 2632 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 2633 } 2634} 2635 2636 2637static void wpa_driver_nl80211_check_bss_status( 2638 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 2639{ 2640 size_t i; 2641 2642 for (i = 0; i < res->num; i++) { 2643 struct wpa_scan_res *r = res->res[i]; 2644 if (r->flags & WPA_SCAN_AUTHENTICATED) { 2645 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 2646 "indicates BSS status with " MACSTR 2647 " as authenticated", 2648 MAC2STR(r->bssid)); 2649 if (drv->nlmode == NL80211_IFTYPE_STATION && 2650 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 2651 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 2652 0) { 2653 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 2654 " in local state (auth=" MACSTR 2655 " assoc=" MACSTR ")", 2656 MAC2STR(drv->auth_bssid), 2657 MAC2STR(drv->bssid)); 2658 clear_state_mismatch(drv, r->bssid); 2659 } 2660 } 2661 2662 if (r->flags & WPA_SCAN_ASSOCIATED) { 2663 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 2664 "indicate BSS status with " MACSTR 2665 " as associated", 2666 MAC2STR(r->bssid)); 2667 if (drv->nlmode == NL80211_IFTYPE_STATION && 2668 !drv->associated) { 2669 wpa_printf(MSG_DEBUG, "nl80211: Local state " 2670 "(not associated) does not match " 2671 "with BSS state"); 2672 clear_state_mismatch(drv, r->bssid); 2673 } else if (drv->nlmode == NL80211_IFTYPE_STATION && 2674 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 2675 0) { 2676 wpa_printf(MSG_DEBUG, "nl80211: Local state " 2677 "(associated with " MACSTR ") does " 2678 "not match with BSS state", 2679 MAC2STR(drv->bssid)); 2680 clear_state_mismatch(drv, r->bssid); 2681 clear_state_mismatch(drv, drv->bssid); 2682 } 2683 } 2684 } 2685} 2686 2687 2688static void wpa_scan_results_free(struct wpa_scan_results *res) 2689{ 2690 size_t i; 2691 2692 if (res == NULL) 2693 return; 2694 2695 for (i = 0; i < res->num; i++) 2696 os_free(res->res[i]); 2697 os_free(res->res); 2698 os_free(res); 2699} 2700 2701 2702static struct wpa_scan_results * 2703nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 2704{ 2705 struct nl_msg *msg; 2706 struct wpa_scan_results *res; 2707 int ret; 2708 struct nl80211_bss_info_arg arg; 2709 2710 res = os_zalloc(sizeof(*res)); 2711 if (res == NULL) 2712 return NULL; 2713 msg = nlmsg_alloc(); 2714 if (!msg) 2715 goto nla_put_failure; 2716 2717 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP, 2718 NL80211_CMD_GET_SCAN, 0); 2719 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2720 2721 arg.drv = drv; 2722 arg.res = res; 2723 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 2724 msg = NULL; 2725 if (ret == 0) { 2726 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)", 2727 (unsigned long) res->num); 2728 return res; 2729 } 2730 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 2731 "(%s)", ret, strerror(-ret)); 2732nla_put_failure: 2733 nlmsg_free(msg); 2734 wpa_scan_results_free(res); 2735 return NULL; 2736} 2737 2738 2739/** 2740 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 2741 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 2742 * Returns: Scan results on success, -1 on failure 2743 */ 2744static struct wpa_scan_results * 2745wpa_driver_nl80211_get_scan_results(void *priv) 2746{ 2747 struct i802_bss *bss = priv; 2748 struct wpa_driver_nl80211_data *drv = bss->drv; 2749 struct wpa_scan_results *res; 2750 2751 res = nl80211_get_scan_results(drv); 2752 if (res) 2753 wpa_driver_nl80211_check_bss_status(drv, res); 2754 return res; 2755} 2756 2757 2758static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 2759{ 2760 struct wpa_scan_results *res; 2761 size_t i; 2762 2763 res = nl80211_get_scan_results(drv); 2764 if (res == NULL) { 2765 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 2766 return; 2767 } 2768 2769 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 2770 for (i = 0; i < res->num; i++) { 2771 struct wpa_scan_res *r = res->res[i]; 2772 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 2773 (int) i, (int) res->num, MAC2STR(r->bssid), 2774 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 2775 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 2776 } 2777 2778 wpa_scan_results_free(res); 2779} 2780 2781 2782static int wpa_driver_nl80211_set_key(const char *ifname, void *priv, 2783 enum wpa_alg alg, const u8 *addr, 2784 int key_idx, int set_tx, 2785 const u8 *seq, size_t seq_len, 2786 const u8 *key, size_t key_len) 2787{ 2788 struct i802_bss *bss = priv; 2789 struct wpa_driver_nl80211_data *drv = bss->drv; 2790 int ifindex = if_nametoindex(ifname); 2791 struct nl_msg *msg; 2792 int ret; 2793 2794 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d " 2795 "set_tx=%d seq_len=%lu key_len=%lu", 2796 __func__, ifindex, alg, addr, key_idx, set_tx, 2797 (unsigned long) seq_len, (unsigned long) key_len); 2798 2799 msg = nlmsg_alloc(); 2800 if (!msg) 2801 return -ENOMEM; 2802 2803 if (alg == WPA_ALG_NONE) { 2804 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2805 0, NL80211_CMD_DEL_KEY, 0); 2806 } else { 2807 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2808 0, NL80211_CMD_NEW_KEY, 0); 2809 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 2810 switch (alg) { 2811 case WPA_ALG_WEP: 2812 if (key_len == 5) 2813 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2814 WLAN_CIPHER_SUITE_WEP40); 2815 else 2816 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2817 WLAN_CIPHER_SUITE_WEP104); 2818 break; 2819 case WPA_ALG_TKIP: 2820 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2821 WLAN_CIPHER_SUITE_TKIP); 2822 break; 2823 case WPA_ALG_CCMP: 2824 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2825 WLAN_CIPHER_SUITE_CCMP); 2826 break; 2827 case WPA_ALG_IGTK: 2828 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2829 WLAN_CIPHER_SUITE_AES_CMAC); 2830 break; 2831 default: 2832 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 2833 "algorithm %d", __func__, alg); 2834 nlmsg_free(msg); 2835 return -1; 2836 } 2837 } 2838 2839 if (seq && seq_len) 2840 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 2841 2842 if (addr && !is_broadcast_ether_addr(addr)) { 2843 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 2844 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 2845 2846 if (alg != WPA_ALG_WEP && key_idx && !set_tx) { 2847 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK"); 2848 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, 2849 NL80211_KEYTYPE_GROUP); 2850 } 2851 } else if (addr && is_broadcast_ether_addr(addr)) { 2852 struct nl_msg *types; 2853 int err; 2854 wpa_printf(MSG_DEBUG, " broadcast key"); 2855 types = nlmsg_alloc(); 2856 if (!types) 2857 goto nla_put_failure; 2858 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 2859 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 2860 types); 2861 nlmsg_free(types); 2862 if (err) 2863 goto nla_put_failure; 2864 } 2865 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 2866 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 2867 2868 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2869 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 2870 ret = 0; 2871 if (ret) 2872 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 2873 ret, strerror(-ret)); 2874 2875 /* 2876 * If we failed or don't need to set the default TX key (below), 2877 * we're done here. 2878 */ 2879 if (ret || !set_tx || alg == WPA_ALG_NONE) 2880 return ret; 2881 if (drv->nlmode == NL80211_IFTYPE_AP && addr && 2882 !is_broadcast_ether_addr(addr)) 2883 return ret; 2884 2885 msg = nlmsg_alloc(); 2886 if (!msg) 2887 return -ENOMEM; 2888 2889 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2890 0, NL80211_CMD_SET_KEY, 0); 2891 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 2892 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 2893 if (alg == WPA_ALG_IGTK) 2894 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 2895 else 2896 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 2897 if (addr && is_broadcast_ether_addr(addr)) { 2898 struct nl_msg *types; 2899 int err; 2900 types = nlmsg_alloc(); 2901 if (!types) 2902 goto nla_put_failure; 2903 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 2904 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 2905 types); 2906 nlmsg_free(types); 2907 if (err) 2908 goto nla_put_failure; 2909 } else if (addr) { 2910 struct nl_msg *types; 2911 int err; 2912 types = nlmsg_alloc(); 2913 if (!types) 2914 goto nla_put_failure; 2915 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_UNICAST); 2916 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 2917 types); 2918 nlmsg_free(types); 2919 if (err) 2920 goto nla_put_failure; 2921 } 2922 2923 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2924 if (ret == -ENOENT) 2925 ret = 0; 2926 if (ret) 2927 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 2928 "err=%d %s)", ret, strerror(-ret)); 2929 return ret; 2930 2931nla_put_failure: 2932 return -ENOBUFS; 2933} 2934 2935 2936static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 2937 int key_idx, int defkey, 2938 const u8 *seq, size_t seq_len, 2939 const u8 *key, size_t key_len) 2940{ 2941 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 2942 if (!key_attr) 2943 return -1; 2944 2945 if (defkey && alg == WPA_ALG_IGTK) 2946 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 2947 else if (defkey) 2948 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 2949 2950 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 2951 2952 switch (alg) { 2953 case WPA_ALG_WEP: 2954 if (key_len == 5) 2955 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2956 WLAN_CIPHER_SUITE_WEP40); 2957 else 2958 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2959 WLAN_CIPHER_SUITE_WEP104); 2960 break; 2961 case WPA_ALG_TKIP: 2962 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP); 2963 break; 2964 case WPA_ALG_CCMP: 2965 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP); 2966 break; 2967 case WPA_ALG_IGTK: 2968 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2969 WLAN_CIPHER_SUITE_AES_CMAC); 2970 break; 2971 default: 2972 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 2973 "algorithm %d", __func__, alg); 2974 return -1; 2975 } 2976 2977 if (seq && seq_len) 2978 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 2979 2980 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 2981 2982 nla_nest_end(msg, key_attr); 2983 2984 return 0; 2985 nla_put_failure: 2986 return -1; 2987} 2988 2989 2990static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 2991 struct nl_msg *msg) 2992{ 2993 int i, privacy = 0; 2994 struct nlattr *nl_keys, *nl_key; 2995 2996 for (i = 0; i < 4; i++) { 2997 if (!params->wep_key[i]) 2998 continue; 2999 privacy = 1; 3000 break; 3001 } 3002 if (params->wps == WPS_MODE_PRIVACY) 3003 privacy = 1; 3004 if (params->pairwise_suite && 3005 params->pairwise_suite != WPA_CIPHER_NONE) 3006 privacy = 1; 3007 3008 if (!privacy) 3009 return 0; 3010 3011 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 3012 3013 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 3014 if (!nl_keys) 3015 goto nla_put_failure; 3016 3017 for (i = 0; i < 4; i++) { 3018 if (!params->wep_key[i]) 3019 continue; 3020 3021 nl_key = nla_nest_start(msg, i); 3022 if (!nl_key) 3023 goto nla_put_failure; 3024 3025 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 3026 params->wep_key[i]); 3027 if (params->wep_key_len[i] == 5) 3028 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 3029 WLAN_CIPHER_SUITE_WEP40); 3030 else 3031 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 3032 WLAN_CIPHER_SUITE_WEP104); 3033 3034 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 3035 3036 if (i == params->wep_tx_keyidx) 3037 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 3038 3039 nla_nest_end(msg, nl_key); 3040 } 3041 nla_nest_end(msg, nl_keys); 3042 3043 return 0; 3044 3045nla_put_failure: 3046 return -ENOBUFS; 3047} 3048 3049 3050static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 3051 const u8 *addr, int cmd, u16 reason_code, 3052 int local_state_change) 3053{ 3054 int ret = -1; 3055 struct nl_msg *msg; 3056 3057 msg = nlmsg_alloc(); 3058 if (!msg) 3059 return -1; 3060 3061 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0); 3062 3063 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3064 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 3065 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 3066 if (local_state_change) 3067 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 3068 3069 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3070 msg = NULL; 3071 if (ret) { 3072 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 3073 "(%s)", ret, strerror(-ret)); 3074 goto nla_put_failure; 3075 } 3076 ret = 0; 3077 3078nla_put_failure: 3079 nlmsg_free(msg); 3080 return ret; 3081} 3082 3083 3084static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 3085 const u8 *addr, int reason_code) 3086{ 3087 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 3088 __func__, MAC2STR(addr), reason_code); 3089 drv->associated = 0; 3090 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT, 3091 reason_code, 0); 3092} 3093 3094 3095static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr, 3096 int reason_code) 3097{ 3098 struct i802_bss *bss = priv; 3099 struct wpa_driver_nl80211_data *drv = bss->drv; 3100 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 3101 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 3102 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 3103 __func__, MAC2STR(addr), reason_code); 3104 drv->associated = 0; 3105 if (drv->nlmode == NL80211_IFTYPE_ADHOC) 3106 return nl80211_leave_ibss(drv); 3107 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 3108 reason_code, 0); 3109} 3110 3111 3112static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr, 3113 int reason_code) 3114{ 3115 struct i802_bss *bss = priv; 3116 struct wpa_driver_nl80211_data *drv = bss->drv; 3117 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 3118 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 3119 wpa_printf(MSG_DEBUG, "%s", __func__); 3120 drv->associated = 0; 3121 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE, 3122 reason_code, 0); 3123} 3124 3125 3126static int wpa_driver_nl80211_authenticate( 3127 void *priv, struct wpa_driver_auth_params *params) 3128{ 3129 struct i802_bss *bss = priv; 3130 struct wpa_driver_nl80211_data *drv = bss->drv; 3131 int ret = -1, i; 3132 struct nl_msg *msg; 3133 enum nl80211_auth_type type; 3134 int count = 0; 3135 3136 drv->associated = 0; 3137 os_memset(drv->auth_bssid, 0, ETH_ALEN); 3138 /* FIX: IBSS mode */ 3139 if (drv->nlmode != NL80211_IFTYPE_STATION && 3140 wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA) < 0) 3141 return -1; 3142 3143retry: 3144 msg = nlmsg_alloc(); 3145 if (!msg) 3146 return -1; 3147 3148 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 3149 drv->ifindex); 3150 3151 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3152 NL80211_CMD_AUTHENTICATE, 0); 3153 3154 for (i = 0; i < 4; i++) { 3155 if (!params->wep_key[i]) 3156 continue; 3157 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP, 3158 NULL, i, 3159 i == params->wep_tx_keyidx, NULL, 0, 3160 params->wep_key[i], 3161 params->wep_key_len[i]); 3162 if (params->wep_tx_keyidx != i) 3163 continue; 3164 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 3165 params->wep_key[i], params->wep_key_len[i])) { 3166 nlmsg_free(msg); 3167 return -1; 3168 } 3169 } 3170 3171 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3172 if (params->bssid) { 3173 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 3174 MAC2STR(params->bssid)); 3175 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 3176 } 3177 if (params->freq) { 3178 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 3179 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 3180 } 3181 if (params->ssid) { 3182 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 3183 params->ssid, params->ssid_len); 3184 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 3185 params->ssid); 3186 } 3187 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 3188 if (params->ie) 3189 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 3190 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 3191 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 3192 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 3193 type = NL80211_AUTHTYPE_SHARED_KEY; 3194 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 3195 type = NL80211_AUTHTYPE_NETWORK_EAP; 3196 else if (params->auth_alg & WPA_AUTH_ALG_FT) 3197 type = NL80211_AUTHTYPE_FT; 3198 else 3199 goto nla_put_failure; 3200 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 3201 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 3202 if (params->local_state_change) { 3203 wpa_printf(MSG_DEBUG, " * Local state change only"); 3204 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 3205 } 3206 3207 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3208 msg = NULL; 3209 if (ret) { 3210 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 3211 "(%s)", ret, strerror(-ret)); 3212 count++; 3213 if (ret == -EALREADY && count == 1 && params->bssid && 3214 !params->local_state_change) { 3215 /* 3216 * mac80211 does not currently accept new 3217 * authentication if we are already authenticated. As a 3218 * workaround, force deauthentication and try again. 3219 */ 3220 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 3221 "after forced deauthentication"); 3222 wpa_driver_nl80211_deauthenticate( 3223 bss, params->bssid, 3224 WLAN_REASON_PREV_AUTH_NOT_VALID); 3225 nlmsg_free(msg); 3226 goto retry; 3227 } 3228 goto nla_put_failure; 3229 } 3230 ret = 0; 3231 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 3232 "successfully"); 3233 3234nla_put_failure: 3235 nlmsg_free(msg); 3236 return ret; 3237} 3238 3239 3240struct phy_info_arg { 3241 u16 *num_modes; 3242 struct hostapd_hw_modes *modes; 3243}; 3244 3245static int phy_info_handler(struct nl_msg *msg, void *arg) 3246{ 3247 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3248 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3249 struct phy_info_arg *phy_info = arg; 3250 3251 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 3252 3253 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 3254 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 3255 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 3256 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 3257 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG }, 3258 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG }, 3259 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 3260 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 3261 }; 3262 3263 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 3264 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 3265 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 3266 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG }, 3267 }; 3268 3269 struct nlattr *nl_band; 3270 struct nlattr *nl_freq; 3271 struct nlattr *nl_rate; 3272 int rem_band, rem_freq, rem_rate; 3273 struct hostapd_hw_modes *mode; 3274 int idx, mode_is_set; 3275 3276 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3277 genlmsg_attrlen(gnlh, 0), NULL); 3278 3279 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 3280 return NL_SKIP; 3281 3282 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) { 3283 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode)); 3284 if (!mode) 3285 return NL_SKIP; 3286 phy_info->modes = mode; 3287 3288 mode_is_set = 0; 3289 3290 mode = &phy_info->modes[*(phy_info->num_modes)]; 3291 memset(mode, 0, sizeof(*mode)); 3292 *(phy_info->num_modes) += 1; 3293 3294 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 3295 nla_len(nl_band), NULL); 3296 3297 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) { 3298 mode->ht_capab = nla_get_u16( 3299 tb_band[NL80211_BAND_ATTR_HT_CAPA]); 3300 } 3301 3302 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) { 3303 mode->a_mpdu_params |= nla_get_u8( 3304 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) & 3305 0x03; 3306 } 3307 3308 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) { 3309 mode->a_mpdu_params |= nla_get_u8( 3310 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) << 3311 2; 3312 } 3313 3314 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] && 3315 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) { 3316 u8 *mcs; 3317 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 3318 os_memcpy(mode->mcs_set, mcs, 16); 3319 } 3320 3321 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 3322 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 3323 nla_len(nl_freq), freq_policy); 3324 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 3325 continue; 3326 mode->num_channels++; 3327 } 3328 3329 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data)); 3330 if (!mode->channels) 3331 return NL_SKIP; 3332 3333 idx = 0; 3334 3335 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 3336 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 3337 nla_len(nl_freq), freq_policy); 3338 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 3339 continue; 3340 3341 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 3342 mode->channels[idx].flag = 0; 3343 3344 if (!mode_is_set) { 3345 /* crude heuristic */ 3346 if (mode->channels[idx].freq < 4000) 3347 mode->mode = HOSTAPD_MODE_IEEE80211B; 3348 else 3349 mode->mode = HOSTAPD_MODE_IEEE80211A; 3350 mode_is_set = 1; 3351 } 3352 3353 /* crude heuristic */ 3354 if (mode->channels[idx].freq < 4000) 3355 if (mode->channels[idx].freq == 2484) 3356 mode->channels[idx].chan = 14; 3357 else 3358 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5; 3359 else 3360 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000; 3361 3362 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 3363 mode->channels[idx].flag |= 3364 HOSTAPD_CHAN_DISABLED; 3365 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN]) 3366 mode->channels[idx].flag |= 3367 HOSTAPD_CHAN_PASSIVE_SCAN; 3368 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS]) 3369 mode->channels[idx].flag |= 3370 HOSTAPD_CHAN_NO_IBSS; 3371 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 3372 mode->channels[idx].flag |= 3373 HOSTAPD_CHAN_RADAR; 3374 3375 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] && 3376 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 3377 mode->channels[idx].max_tx_power = 3378 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100; 3379 3380 idx++; 3381 } 3382 3383 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 3384 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 3385 nla_len(nl_rate), rate_policy); 3386 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 3387 continue; 3388 mode->num_rates++; 3389 } 3390 3391 mode->rates = os_zalloc(mode->num_rates * sizeof(int)); 3392 if (!mode->rates) 3393 return NL_SKIP; 3394 3395 idx = 0; 3396 3397 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 3398 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 3399 nla_len(nl_rate), rate_policy); 3400 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 3401 continue; 3402 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]); 3403 3404 /* crude heuristic */ 3405 if (mode->mode == HOSTAPD_MODE_IEEE80211B && 3406 mode->rates[idx] > 200) 3407 mode->mode = HOSTAPD_MODE_IEEE80211G; 3408 3409 idx++; 3410 } 3411 } 3412 3413 return NL_SKIP; 3414} 3415 3416static struct hostapd_hw_modes * 3417wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes) 3418{ 3419 u16 m; 3420 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 3421 int i, mode11g_idx = -1; 3422 3423 /* If only 802.11g mode is included, use it to construct matching 3424 * 802.11b mode data. */ 3425 3426 for (m = 0; m < *num_modes; m++) { 3427 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 3428 return modes; /* 802.11b already included */ 3429 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 3430 mode11g_idx = m; 3431 } 3432 3433 if (mode11g_idx < 0) 3434 return modes; /* 2.4 GHz band not supported at all */ 3435 3436 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes)); 3437 if (nmodes == NULL) 3438 return modes; /* Could not add 802.11b mode */ 3439 3440 mode = &nmodes[*num_modes]; 3441 os_memset(mode, 0, sizeof(*mode)); 3442 (*num_modes)++; 3443 modes = nmodes; 3444 3445 mode->mode = HOSTAPD_MODE_IEEE80211B; 3446 3447 mode11g = &modes[mode11g_idx]; 3448 mode->num_channels = mode11g->num_channels; 3449 mode->channels = os_malloc(mode11g->num_channels * 3450 sizeof(struct hostapd_channel_data)); 3451 if (mode->channels == NULL) { 3452 (*num_modes)--; 3453 return modes; /* Could not add 802.11b mode */ 3454 } 3455 os_memcpy(mode->channels, mode11g->channels, 3456 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 3457 3458 mode->num_rates = 0; 3459 mode->rates = os_malloc(4 * sizeof(int)); 3460 if (mode->rates == NULL) { 3461 os_free(mode->channels); 3462 (*num_modes)--; 3463 return modes; /* Could not add 802.11b mode */ 3464 } 3465 3466 for (i = 0; i < mode11g->num_rates; i++) { 3467 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 3468 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 3469 continue; 3470 mode->rates[mode->num_rates] = mode11g->rates[i]; 3471 mode->num_rates++; 3472 if (mode->num_rates == 4) 3473 break; 3474 } 3475 3476 if (mode->num_rates == 0) { 3477 os_free(mode->channels); 3478 os_free(mode->rates); 3479 (*num_modes)--; 3480 return modes; /* No 802.11b rates */ 3481 } 3482 3483 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 3484 "information"); 3485 3486 return modes; 3487} 3488 3489 3490static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start, 3491 int end) 3492{ 3493 int c; 3494 3495 for (c = 0; c < mode->num_channels; c++) { 3496 struct hostapd_channel_data *chan = &mode->channels[c]; 3497 if (chan->freq - 10 >= start && chan->freq + 10 <= end) 3498 chan->flag |= HOSTAPD_CHAN_HT40; 3499 } 3500} 3501 3502 3503static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start, 3504 int end) 3505{ 3506 int c; 3507 3508 for (c = 0; c < mode->num_channels; c++) { 3509 struct hostapd_channel_data *chan = &mode->channels[c]; 3510 if (!(chan->flag & HOSTAPD_CHAN_HT40)) 3511 continue; 3512 if (chan->freq - 30 >= start && chan->freq - 10 <= end) 3513 chan->flag |= HOSTAPD_CHAN_HT40MINUS; 3514 if (chan->freq + 10 >= start && chan->freq + 30 <= end) 3515 chan->flag |= HOSTAPD_CHAN_HT40PLUS; 3516 } 3517} 3518 3519 3520static void nl80211_reg_rule_ht40(struct nlattr *tb[], 3521 struct phy_info_arg *results) 3522{ 3523 u32 start, end, max_bw; 3524 u16 m; 3525 3526 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 3527 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 3528 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 3529 return; 3530 3531 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 3532 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 3533 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 3534 3535 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz", 3536 start, end, max_bw); 3537 if (max_bw < 40) 3538 return; 3539 3540 for (m = 0; m < *results->num_modes; m++) { 3541 if (!(results->modes[m].ht_capab & 3542 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 3543 continue; 3544 nl80211_set_ht40_mode(&results->modes[m], start, end); 3545 } 3546} 3547 3548 3549static void nl80211_reg_rule_sec(struct nlattr *tb[], 3550 struct phy_info_arg *results) 3551{ 3552 u32 start, end, max_bw; 3553 u16 m; 3554 3555 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 3556 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 3557 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 3558 return; 3559 3560 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 3561 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 3562 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 3563 3564 if (max_bw < 20) 3565 return; 3566 3567 for (m = 0; m < *results->num_modes; m++) { 3568 if (!(results->modes[m].ht_capab & 3569 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 3570 continue; 3571 nl80211_set_ht40_mode_sec(&results->modes[m], start, end); 3572 } 3573} 3574 3575 3576static int nl80211_get_reg(struct nl_msg *msg, void *arg) 3577{ 3578 struct phy_info_arg *results = arg; 3579 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3580 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3581 struct nlattr *nl_rule; 3582 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1]; 3583 int rem_rule; 3584 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 3585 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 3586 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 3587 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 3588 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 3589 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 3590 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 3591 }; 3592 3593 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3594 genlmsg_attrlen(gnlh, 0), NULL); 3595 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] || 3596 !tb_msg[NL80211_ATTR_REG_RULES]) { 3597 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information " 3598 "available"); 3599 return NL_SKIP; 3600 } 3601 3602 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s", 3603 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2])); 3604 3605 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 3606 { 3607 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 3608 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 3609 nl80211_reg_rule_ht40(tb_rule, results); 3610 } 3611 3612 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 3613 { 3614 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 3615 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 3616 nl80211_reg_rule_sec(tb_rule, results); 3617 } 3618 3619 return NL_SKIP; 3620} 3621 3622 3623static int nl80211_set_ht40_flags(struct wpa_driver_nl80211_data *drv, 3624 struct phy_info_arg *results) 3625{ 3626 struct nl_msg *msg; 3627 3628 msg = nlmsg_alloc(); 3629 if (!msg) 3630 return -ENOMEM; 3631 3632 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3633 0, NL80211_CMD_GET_REG, 0); 3634 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results); 3635} 3636 3637 3638static struct hostapd_hw_modes * 3639wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 3640{ 3641 struct i802_bss *bss = priv; 3642 struct wpa_driver_nl80211_data *drv = bss->drv; 3643 struct nl_msg *msg; 3644 struct phy_info_arg result = { 3645 .num_modes = num_modes, 3646 .modes = NULL, 3647 }; 3648 3649 *num_modes = 0; 3650 *flags = 0; 3651 3652 msg = nlmsg_alloc(); 3653 if (!msg) 3654 return NULL; 3655 3656 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3657 0, NL80211_CMD_GET_WIPHY, 0); 3658 3659 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3660 3661 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) { 3662 nl80211_set_ht40_flags(drv, &result); 3663 return wpa_driver_nl80211_add_11b(result.modes, num_modes); 3664 } 3665 nla_put_failure: 3666 return NULL; 3667} 3668 3669 3670static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv, 3671 const void *data, size_t len, 3672 int encrypt) 3673{ 3674 __u8 rtap_hdr[] = { 3675 0x00, 0x00, /* radiotap version */ 3676 0x0e, 0x00, /* radiotap length */ 3677 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 3678 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 3679 0x00, /* padding */ 3680 0x00, 0x00, /* RX and TX flags to indicate that */ 3681 0x00, 0x00, /* this is the injected frame directly */ 3682 }; 3683 struct iovec iov[2] = { 3684 { 3685 .iov_base = &rtap_hdr, 3686 .iov_len = sizeof(rtap_hdr), 3687 }, 3688 { 3689 .iov_base = (void *) data, 3690 .iov_len = len, 3691 } 3692 }; 3693 struct msghdr msg = { 3694 .msg_name = NULL, 3695 .msg_namelen = 0, 3696 .msg_iov = iov, 3697 .msg_iovlen = 2, 3698 .msg_control = NULL, 3699 .msg_controllen = 0, 3700 .msg_flags = 0, 3701 }; 3702 int res; 3703 3704 if (encrypt) 3705 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 3706 3707 if (drv->monitor_sock < 0) { 3708 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available " 3709 "for %s", __func__); 3710 return -1; 3711 } 3712 3713 res = sendmsg(drv->monitor_sock, &msg, 0); 3714 if (res < 0) { 3715 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno)); 3716 return -1; 3717 } 3718 return 0; 3719} 3720 3721 3722static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data, 3723 size_t data_len) 3724{ 3725 struct i802_bss *bss = priv; 3726 struct wpa_driver_nl80211_data *drv = bss->drv; 3727 struct ieee80211_mgmt *mgmt; 3728 int encrypt = 1; 3729 u16 fc; 3730 3731 mgmt = (struct ieee80211_mgmt *) data; 3732 fc = le_to_host16(mgmt->frame_control); 3733#ifndef ANDROID_BRCM_P2P_PATCH 3734 if (drv->nlmode == NL80211_IFTYPE_STATION && 3735#else 3736 if ( 3737#endif 3738 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 3739 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) { 3740 /* 3741 * The use of last_mgmt_freq is a bit of a hack, 3742 * but it works due to the single-threaded nature 3743 * of wpa_supplicant. 3744 */ 3745 return nl80211_send_frame_cmd(drv, drv->last_mgmt_freq, 0, 3746 data, data_len, NULL); 3747 } 3748 3749 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 3750 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 3751 /* 3752 * Only one of the authentication frame types is encrypted. 3753 * In order for static WEP encryption to work properly (i.e., 3754 * to not encrypt the frame), we need to tell mac80211 about 3755 * the frames that must not be encrypted. 3756 */ 3757 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 3758 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 3759 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 3760 encrypt = 0; 3761 } 3762 3763 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt); 3764} 3765 3766 3767static int wpa_driver_nl80211_set_beacon(void *priv, 3768 const u8 *head, size_t head_len, 3769 const u8 *tail, size_t tail_len, 3770 int dtim_period, int beacon_int) 3771{ 3772 struct i802_bss *bss = priv; 3773 struct wpa_driver_nl80211_data *drv = bss->drv; 3774 struct nl_msg *msg; 3775 u8 cmd = NL80211_CMD_NEW_BEACON; 3776 int ret; 3777 int beacon_set; 3778 int ifindex = if_nametoindex(bss->ifname); 3779#ifdef ANDROID_BRCM_P2P_PATCH 3780 beacon_set = 1; 3781#else 3782 beacon_set = bss->beacon_set; 3783#endif 3784 3785 msg = nlmsg_alloc(); 3786 if (!msg) 3787 return -ENOMEM; 3788 3789 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 3790 beacon_set); 3791 if (beacon_set) 3792 cmd = NL80211_CMD_SET_BEACON; 3793 3794 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3795 0, cmd, 0); 3796 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head); 3797 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail); 3798 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 3799 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, beacon_int); 3800 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period); 3801 3802 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3803 if (ret) { 3804 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 3805 ret, strerror(-ret)); 3806 } else { 3807 bss->beacon_set = 1; 3808 } 3809#if defined(ANDROID_BRCM_P2P_PATCH) && defined(HOSTAPD) 3810 wpa_driver_nl80211_probe_req_report(priv, 1); 3811#endif 3812 return ret; 3813 nla_put_failure: 3814 return -ENOBUFS; 3815} 3816 3817 3818static int wpa_driver_nl80211_set_freq(struct wpa_driver_nl80211_data *drv, 3819 int freq, int ht_enabled, 3820 int sec_channel_offset) 3821{ 3822 struct nl_msg *msg; 3823 int ret; 3824 3825 msg = nlmsg_alloc(); 3826 if (!msg) 3827 return -1; 3828 3829 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3830 NL80211_CMD_SET_WIPHY, 0); 3831 3832 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3833 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 3834 if (ht_enabled) { 3835 switch (sec_channel_offset) { 3836 case -1: 3837 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3838 NL80211_CHAN_HT40MINUS); 3839 break; 3840 case 1: 3841 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3842 NL80211_CHAN_HT40PLUS); 3843 break; 3844 default: 3845#ifndef ANDROID_BRCM_P2P_PATCH 3846/* Should be change to HT20 as a default value because P2P firmware does not support 11n for BCM4329 */ 3847 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3848 NL80211_CHAN_HT20); 3849#else 3850 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3851 NL80211_CHAN_NO_HT); 3852#endif 3853 break; 3854 } 3855 } 3856 3857 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3858 if (ret == 0) 3859 return 0; 3860 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 3861 "%d (%s)", freq, ret, strerror(-ret)); 3862nla_put_failure: 3863 return -1; 3864} 3865 3866 3867static int wpa_driver_nl80211_sta_add(void *priv, 3868 struct hostapd_sta_add_params *params) 3869{ 3870 struct i802_bss *bss = priv; 3871 struct wpa_driver_nl80211_data *drv = bss->drv; 3872 struct nl_msg *msg; 3873 int ret = -ENOBUFS; 3874 3875 msg = nlmsg_alloc(); 3876 if (!msg) 3877 return -ENOMEM; 3878 3879 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3880 0, NL80211_CMD_NEW_STATION, 0); 3881 3882 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 3883 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 3884 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 3885 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 3886 params->supp_rates); 3887 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 3888 params->listen_interval); 3889 if (params->ht_capabilities) { 3890 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 3891 sizeof(*params->ht_capabilities), 3892 params->ht_capabilities); 3893 } 3894 3895 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3896 if (ret) 3897 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION " 3898 "result: %d (%s)", ret, strerror(-ret)); 3899 if (ret == -EEXIST) 3900 ret = 0; 3901 nla_put_failure: 3902 return ret; 3903} 3904 3905 3906static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr) 3907{ 3908 struct i802_bss *bss = priv; 3909 struct wpa_driver_nl80211_data *drv = bss->drv; 3910 struct nl_msg *msg; 3911 int ret; 3912 3913 msg = nlmsg_alloc(); 3914 if (!msg) 3915 return -ENOMEM; 3916 3917 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3918 0, NL80211_CMD_DEL_STATION, 0); 3919 3920 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 3921 if_nametoindex(bss->ifname)); 3922 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 3923 3924 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3925 if (ret == -ENOENT) 3926 return 0; 3927 return ret; 3928 nla_put_failure: 3929 return -ENOBUFS; 3930} 3931 3932 3933static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 3934 int ifidx) 3935{ 3936 struct nl_msg *msg; 3937 3938 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 3939 3940#ifdef HOSTAPD 3941 /* stop listening for EAPOL on this interface */ 3942 del_ifidx(drv, ifidx); 3943#endif /* HOSTAPD */ 3944 3945 msg = nlmsg_alloc(); 3946 if (!msg) 3947 goto nla_put_failure; 3948 3949 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3950 0, NL80211_CMD_DEL_INTERFACE, 0); 3951 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 3952 3953 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 3954 return; 3955 nla_put_failure: 3956 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 3957} 3958 3959 3960static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 3961 const char *ifname, 3962 enum nl80211_iftype iftype, 3963 const u8 *addr, int wds) 3964{ 3965 struct nl_msg *msg, *flags = NULL; 3966 int ifidx; 3967 int ret = -ENOBUFS; 3968 3969 msg = nlmsg_alloc(); 3970 if (!msg) 3971 return -1; 3972 3973 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3974 0, NL80211_CMD_NEW_INTERFACE, 0); 3975 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3976 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 3977 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 3978 3979 if (iftype == NL80211_IFTYPE_MONITOR) { 3980 int err; 3981 3982 flags = nlmsg_alloc(); 3983 if (!flags) 3984 goto nla_put_failure; 3985 3986 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES); 3987 3988 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags); 3989 3990 nlmsg_free(flags); 3991 3992 if (err) 3993 goto nla_put_failure; 3994 } else if (wds) { 3995 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 3996 } 3997 3998 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3999 if (ret) { 4000 nla_put_failure: 4001 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 4002 ifname, ret, strerror(-ret)); 4003 return ret; 4004 } 4005 4006 ifidx = if_nametoindex(ifname); 4007 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 4008 ifname, ifidx); 4009 4010 if (ifidx <= 0) 4011 return -1; 4012 4013#ifdef HOSTAPD 4014 /* start listening for EAPOL on this interface */ 4015 add_ifidx(drv, ifidx); 4016#endif /* HOSTAPD */ 4017 4018 if (addr && iftype != NL80211_IFTYPE_MONITOR && 4019 linux_set_ifhwaddr(drv->ioctl_sock, ifname, addr)) { 4020 nl80211_remove_iface(drv, ifidx); 4021 return -1; 4022 } 4023 4024 return ifidx; 4025} 4026 4027 4028static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 4029 const char *ifname, enum nl80211_iftype iftype, 4030 const u8 *addr, int wds) 4031{ 4032 int ret; 4033 4034 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds); 4035 4036 /* if error occured and interface exists already */ 4037 if (ret == -ENFILE && if_nametoindex(ifname)) { 4038 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 4039 4040 /* Try to remove the interface that was already there. */ 4041 nl80211_remove_iface(drv, if_nametoindex(ifname)); 4042 4043 /* Try to create the interface again */ 4044 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 4045 wds); 4046 } 4047 4048 if (ret >= 0 && drv->disable_11b_rates) 4049 nl80211_disable_11b_rates(drv, ret, 1); 4050 4051 return ret; 4052} 4053 4054 4055static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 4056{ 4057 struct ieee80211_hdr *hdr; 4058 u16 fc; 4059 union wpa_event_data event; 4060 4061 hdr = (struct ieee80211_hdr *) buf; 4062 fc = le_to_host16(hdr->frame_control); 4063 4064 os_memset(&event, 0, sizeof(event)); 4065 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 4066 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 4067 event.tx_status.dst = hdr->addr1; 4068 event.tx_status.data = buf; 4069 event.tx_status.data_len = len; 4070 event.tx_status.ack = ok; 4071 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 4072} 4073 4074 4075static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 4076 u8 *buf, size_t len) 4077{ 4078 union wpa_event_data event; 4079 os_memset(&event, 0, sizeof(event)); 4080 event.rx_from_unknown.frame = buf; 4081 event.rx_from_unknown.len = len; 4082 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 4083} 4084 4085 4086static void handle_frame(struct wpa_driver_nl80211_data *drv, 4087 u8 *buf, size_t len, int datarate, int ssi_signal) 4088{ 4089 struct ieee80211_hdr *hdr; 4090 u16 fc; 4091 union wpa_event_data event; 4092 4093 hdr = (struct ieee80211_hdr *) buf; 4094 fc = le_to_host16(hdr->frame_control); 4095 4096 switch (WLAN_FC_GET_TYPE(fc)) { 4097 case WLAN_FC_TYPE_MGMT: 4098 os_memset(&event, 0, sizeof(event)); 4099 event.rx_mgmt.frame = buf; 4100 event.rx_mgmt.frame_len = len; 4101 event.rx_mgmt.datarate = datarate; 4102 event.rx_mgmt.ssi_signal = ssi_signal; 4103 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 4104 break; 4105 case WLAN_FC_TYPE_CTRL: 4106 /* can only get here with PS-Poll frames */ 4107 wpa_printf(MSG_DEBUG, "CTRL"); 4108 from_unknown_sta(drv, buf, len); 4109 break; 4110 case WLAN_FC_TYPE_DATA: 4111 from_unknown_sta(drv, buf, len); 4112 break; 4113 } 4114} 4115 4116 4117static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 4118{ 4119 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4120 int len; 4121 unsigned char buf[3000]; 4122 struct ieee80211_radiotap_iterator iter; 4123 int ret; 4124 int datarate = 0, ssi_signal = 0; 4125 int injected = 0, failed = 0, rxflags = 0; 4126 4127 len = recv(sock, buf, sizeof(buf), 0); 4128 if (len < 0) { 4129 perror("recv"); 4130 return; 4131 } 4132 4133 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) { 4134 printf("received invalid radiotap frame\n"); 4135 return; 4136 } 4137 4138 while (1) { 4139 ret = ieee80211_radiotap_iterator_next(&iter); 4140 if (ret == -ENOENT) 4141 break; 4142 if (ret) { 4143 printf("received invalid radiotap frame (%d)\n", ret); 4144 return; 4145 } 4146 switch (iter.this_arg_index) { 4147 case IEEE80211_RADIOTAP_FLAGS: 4148 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 4149 len -= 4; 4150 break; 4151 case IEEE80211_RADIOTAP_RX_FLAGS: 4152 rxflags = 1; 4153 break; 4154 case IEEE80211_RADIOTAP_TX_FLAGS: 4155 injected = 1; 4156 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 4157 IEEE80211_RADIOTAP_F_TX_FAIL; 4158 break; 4159 case IEEE80211_RADIOTAP_DATA_RETRIES: 4160 break; 4161 case IEEE80211_RADIOTAP_CHANNEL: 4162 /* TODO: convert from freq/flags to channel number */ 4163 break; 4164 case IEEE80211_RADIOTAP_RATE: 4165 datarate = *iter.this_arg * 5; 4166 break; 4167 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 4168 ssi_signal = *iter.this_arg; 4169 break; 4170 } 4171 } 4172 4173 if (rxflags && injected) 4174 return; 4175 4176 if (!injected) 4177 handle_frame(drv, buf + iter.max_length, 4178 len - iter.max_length, datarate, ssi_signal); 4179 else 4180 handle_tx_callback(drv->ctx, buf + iter.max_length, 4181 len - iter.max_length, !failed); 4182} 4183 4184 4185/* 4186 * we post-process the filter code later and rewrite 4187 * this to the offset to the last instruction 4188 */ 4189#define PASS 0xFF 4190#define FAIL 0xFE 4191 4192static struct sock_filter msock_filter_insns[] = { 4193 /* 4194 * do a little-endian load of the radiotap length field 4195 */ 4196 /* load lower byte into A */ 4197 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 4198 /* put it into X (== index register) */ 4199 BPF_STMT(BPF_MISC| BPF_TAX, 0), 4200 /* load upper byte into A */ 4201 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 4202 /* left-shift it by 8 */ 4203 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 4204 /* or with X */ 4205 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 4206 /* put result into X */ 4207 BPF_STMT(BPF_MISC| BPF_TAX, 0), 4208 4209 /* 4210 * Allow management frames through, this also gives us those 4211 * management frames that we sent ourselves with status 4212 */ 4213 /* load the lower byte of the IEEE 802.11 frame control field */ 4214 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 4215 /* mask off frame type and version */ 4216 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 4217 /* accept frame if it's both 0, fall through otherwise */ 4218 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 4219 4220 /* 4221 * TODO: add a bit to radiotap RX flags that indicates 4222 * that the sending station is not associated, then 4223 * add a filter here that filters on our DA and that flag 4224 * to allow us to deauth frames to that bad station. 4225 * 4226 * For now allow all To DS data frames through. 4227 */ 4228 /* load the IEEE 802.11 frame control field */ 4229 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0), 4230 /* mask off frame type, version and DS status */ 4231 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03), 4232 /* accept frame if version 0, type 2 and To DS, fall through otherwise 4233 */ 4234 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0), 4235 4236#if 0 4237 /* 4238 * drop non-data frames 4239 */ 4240 /* load the lower byte of the frame control field */ 4241 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 4242 /* mask off QoS bit */ 4243 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 4244 /* drop non-data frames */ 4245 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 4246#endif 4247 /* load the upper byte of the frame control field */ 4248 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 4249 /* mask off toDS/fromDS */ 4250 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 4251 /* accept WDS frames */ 4252 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 4253 4254 /* 4255 * add header length to index 4256 */ 4257 /* load the lower byte of the frame control field */ 4258 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 4259 /* mask off QoS bit */ 4260 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 4261 /* right shift it by 6 to give 0 or 2 */ 4262 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 4263 /* add data frame header length */ 4264 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 4265 /* add index, was start of 802.11 header */ 4266 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 4267 /* move to index, now start of LL header */ 4268 BPF_STMT(BPF_MISC | BPF_TAX, 0), 4269 4270 /* 4271 * Accept empty data frames, we use those for 4272 * polling activity. 4273 */ 4274 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 4275 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 4276 4277 /* 4278 * Accept EAPOL frames 4279 */ 4280 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 4281 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 4282 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 4283 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 4284 4285 /* keep these last two statements or change the code below */ 4286 /* return 0 == "DROP" */ 4287 BPF_STMT(BPF_RET | BPF_K, 0), 4288 /* return ~0 == "keep all" */ 4289 BPF_STMT(BPF_RET | BPF_K, ~0), 4290}; 4291 4292static struct sock_fprog msock_filter = { 4293 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]), 4294 .filter = msock_filter_insns, 4295}; 4296 4297 4298static int add_monitor_filter(int s) 4299{ 4300 int idx; 4301 4302 /* rewrite all PASS/FAIL jump offsets */ 4303 for (idx = 0; idx < msock_filter.len; idx++) { 4304 struct sock_filter *insn = &msock_filter_insns[idx]; 4305 4306 if (BPF_CLASS(insn->code) == BPF_JMP) { 4307 if (insn->code == (BPF_JMP|BPF_JA)) { 4308 if (insn->k == PASS) 4309 insn->k = msock_filter.len - idx - 2; 4310 else if (insn->k == FAIL) 4311 insn->k = msock_filter.len - idx - 3; 4312 } 4313 4314 if (insn->jt == PASS) 4315 insn->jt = msock_filter.len - idx - 2; 4316 else if (insn->jt == FAIL) 4317 insn->jt = msock_filter.len - idx - 3; 4318 4319 if (insn->jf == PASS) 4320 insn->jf = msock_filter.len - idx - 2; 4321 else if (insn->jf == FAIL) 4322 insn->jf = msock_filter.len - idx - 3; 4323 } 4324 } 4325 4326 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 4327 &msock_filter, sizeof(msock_filter))) { 4328 perror("SO_ATTACH_FILTER"); 4329 return -1; 4330 } 4331 4332 return 0; 4333} 4334 4335 4336static void nl80211_remove_monitor_interface( 4337 struct wpa_driver_nl80211_data *drv) 4338{ 4339 if (drv->monitor_ifidx >= 0) { 4340 nl80211_remove_iface(drv, drv->monitor_ifidx); 4341 drv->monitor_ifidx = -1; 4342 } 4343 if (drv->monitor_sock >= 0) { 4344 eloop_unregister_read_sock(drv->monitor_sock); 4345 close(drv->monitor_sock); 4346 drv->monitor_sock = -1; 4347 } 4348} 4349 4350 4351static int 4352nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 4353{ 4354 char buf[IFNAMSIZ]; 4355 struct sockaddr_ll ll; 4356 int optval; 4357 socklen_t optlen; 4358#ifdef ANDROID_BRCM_P2P_PATCH 4359 snprintf(buf, IFNAMSIZ, "%s%s", WPA_MONITOR_IFNAME_PREFIX, drv->first_bss.ifname); 4360#else 4361 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname); 4362#endif 4363 buf[IFNAMSIZ - 1] = '\0'; 4364 4365 drv->monitor_ifidx = 4366 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 4367 0); 4368 4369 if (drv->monitor_ifidx == -EOPNOTSUPP) { 4370 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support " 4371 "monitor interface type - try to run without it"); 4372 drv->no_monitor_iface_capab = 1; 4373 } 4374 4375 if (drv->monitor_ifidx < 0) 4376 return -1; 4377 4378 if (linux_set_iface_flags(drv->ioctl_sock, buf, 1)) 4379 goto error; 4380 4381 memset(&ll, 0, sizeof(ll)); 4382 ll.sll_family = AF_PACKET; 4383 ll.sll_ifindex = drv->monitor_ifidx; 4384 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 4385 if (drv->monitor_sock < 0) { 4386 perror("socket[PF_PACKET,SOCK_RAW]"); 4387 goto error; 4388 } 4389 4390 if (add_monitor_filter(drv->monitor_sock)) { 4391 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 4392 "interface; do filtering in user space"); 4393 /* This works, but will cost in performance. */ 4394 } 4395 4396 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 4397 perror("monitor socket bind"); 4398 goto error; 4399 } 4400 4401 optlen = sizeof(optval); 4402 optval = 20; 4403 if (setsockopt 4404 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 4405 perror("Failed to set socket priority"); 4406 goto error; 4407 } 4408 4409 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 4410 drv, NULL)) { 4411 printf("Could not register monitor read socket\n"); 4412 goto error; 4413 } 4414 4415 return 0; 4416 error: 4417 nl80211_remove_monitor_interface(drv); 4418 return -1; 4419} 4420 4421 4422static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 4423 4424static int wpa_driver_nl80211_hapd_send_eapol( 4425 void *priv, const u8 *addr, const u8 *data, 4426 size_t data_len, int encrypt, const u8 *own_addr, u32 flags) 4427{ 4428 struct i802_bss *bss = priv; 4429 struct wpa_driver_nl80211_data *drv = bss->drv; 4430 struct ieee80211_hdr *hdr; 4431 size_t len; 4432 u8 *pos; 4433 int res; 4434 int qos = flags & WPA_STA_WMM; 4435 4436 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 4437 data_len; 4438 hdr = os_zalloc(len); 4439 if (hdr == NULL) { 4440 printf("malloc() failed for i802_send_data(len=%lu)\n", 4441 (unsigned long) len); 4442 return -1; 4443 } 4444 4445 hdr->frame_control = 4446 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 4447 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 4448 if (encrypt) 4449 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 4450 if (qos) { 4451 hdr->frame_control |= 4452 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 4453 } 4454 4455 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 4456 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 4457 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 4458 pos = (u8 *) (hdr + 1); 4459 4460 if (qos) { 4461 /* add an empty QoS header if needed */ 4462 pos[0] = 0; 4463 pos[1] = 0; 4464 pos += 2; 4465 } 4466 4467 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 4468 pos += sizeof(rfc1042_header); 4469 WPA_PUT_BE16(pos, ETH_P_PAE); 4470 pos += 2; 4471 memcpy(pos, data, data_len); 4472 4473 res = wpa_driver_nl80211_send_frame(drv, (u8 *) hdr, len, encrypt); 4474 if (res < 0) { 4475 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 4476 "failed: %d (%s)", 4477 (unsigned long) len, errno, strerror(errno)); 4478 } 4479 os_free(hdr); 4480 4481 return res; 4482} 4483 4484 4485static u32 sta_flags_nl80211(int flags) 4486{ 4487 u32 f = 0; 4488 4489 if (flags & WPA_STA_AUTHORIZED) 4490 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 4491 if (flags & WPA_STA_WMM) 4492 f |= BIT(NL80211_STA_FLAG_WME); 4493 if (flags & WPA_STA_SHORT_PREAMBLE) 4494 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 4495 if (flags & WPA_STA_MFP) 4496 f |= BIT(NL80211_STA_FLAG_MFP); 4497 4498 return f; 4499} 4500 4501 4502static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 4503 int total_flags, 4504 int flags_or, int flags_and) 4505{ 4506 struct i802_bss *bss = priv; 4507 struct wpa_driver_nl80211_data *drv = bss->drv; 4508 struct nl_msg *msg, *flags = NULL; 4509 struct nl80211_sta_flag_update upd; 4510 4511 msg = nlmsg_alloc(); 4512 if (!msg) 4513 return -ENOMEM; 4514 4515 flags = nlmsg_alloc(); 4516 if (!flags) { 4517 nlmsg_free(msg); 4518 return -ENOMEM; 4519 } 4520 4521 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4522 0, NL80211_CMD_SET_STATION, 0); 4523 4524 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 4525 if_nametoindex(bss->ifname)); 4526 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 4527 4528 /* 4529 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 4530 * can be removed eventually. 4531 */ 4532 if (total_flags & WPA_STA_AUTHORIZED) 4533 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED); 4534 4535 if (total_flags & WPA_STA_WMM) 4536 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME); 4537 4538 if (total_flags & WPA_STA_SHORT_PREAMBLE) 4539 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE); 4540 4541 if (total_flags & WPA_STA_MFP) 4542 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP); 4543 4544 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags)) 4545 goto nla_put_failure; 4546 4547 os_memset(&upd, 0, sizeof(upd)); 4548 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 4549 upd.set = sta_flags_nl80211(flags_or); 4550 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 4551 4552 nlmsg_free(flags); 4553 4554 return send_and_recv_msgs(drv, msg, NULL, NULL); 4555 nla_put_failure: 4556 nlmsg_free(flags); 4557 return -ENOBUFS; 4558} 4559 4560 4561static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 4562 struct wpa_driver_associate_params *params) 4563{ 4564 if (params->p2p) 4565 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P " 4566 "group (GO)"); 4567 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode) || 4568 wpa_driver_nl80211_set_freq(drv, params->freq, 0, 0)) { 4569 nl80211_remove_monitor_interface(drv); 4570 return -1; 4571 } 4572 4573 /* TODO: setup monitor interface (and add code somewhere to remove this 4574 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */ 4575 4576 return 0; 4577} 4578 4579 4580static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 4581{ 4582 struct nl_msg *msg; 4583 int ret = -1; 4584 4585 msg = nlmsg_alloc(); 4586 if (!msg) 4587 return -1; 4588 4589 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4590 NL80211_CMD_LEAVE_IBSS, 0); 4591 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4592 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4593 msg = NULL; 4594 if (ret) { 4595 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 4596 "(%s)", ret, strerror(-ret)); 4597 goto nla_put_failure; 4598 } 4599 4600 ret = 0; 4601 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 4602 4603nla_put_failure: 4604 nlmsg_free(msg); 4605 return ret; 4606} 4607 4608 4609static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 4610 struct wpa_driver_associate_params *params) 4611{ 4612 struct nl_msg *msg; 4613 int ret = -1; 4614 int count = 0; 4615 4616 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 4617 4618 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode)) { 4619 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 4620 "IBSS mode"); 4621 return -1; 4622 } 4623 4624retry: 4625 msg = nlmsg_alloc(); 4626 if (!msg) 4627 return -1; 4628 4629 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4630 NL80211_CMD_JOIN_IBSS, 0); 4631 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4632 4633 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 4634 goto nla_put_failure; 4635 4636 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 4637 params->ssid, params->ssid_len); 4638 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 4639 params->ssid); 4640 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 4641 drv->ssid_len = params->ssid_len; 4642 4643 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 4644 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 4645 4646 ret = nl80211_set_conn_keys(params, msg); 4647 if (ret) 4648 goto nla_put_failure; 4649 4650 if (params->wpa_ie) { 4651 wpa_hexdump(MSG_DEBUG, 4652 " * Extra IEs for Beacon/Probe Response frames", 4653 params->wpa_ie, params->wpa_ie_len); 4654 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 4655 params->wpa_ie); 4656 } 4657 4658 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4659 msg = NULL; 4660 if (ret) { 4661 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 4662 ret, strerror(-ret)); 4663 count++; 4664 if (ret == -EALREADY && count == 1) { 4665 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 4666 "forced leave"); 4667 nl80211_leave_ibss(drv); 4668 nlmsg_free(msg); 4669 goto retry; 4670 } 4671 4672 goto nla_put_failure; 4673 } 4674 ret = 0; 4675 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 4676 4677nla_put_failure: 4678 nlmsg_free(msg); 4679 return ret; 4680} 4681 4682 4683static int wpa_driver_nl80211_connect( 4684 struct wpa_driver_nl80211_data *drv, 4685 struct wpa_driver_associate_params *params) 4686{ 4687 struct nl_msg *msg; 4688 enum nl80211_auth_type type; 4689 int ret = 0; 4690 int algs; 4691 4692 msg = nlmsg_alloc(); 4693 if (!msg) 4694 return -1; 4695 4696 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 4697 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4698 NL80211_CMD_CONNECT, 0); 4699 4700 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4701 if (params->bssid) { 4702 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 4703 MAC2STR(params->bssid)); 4704 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 4705 } 4706 if (params->freq) { 4707 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 4708 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 4709 } 4710 if (params->ssid) { 4711 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 4712 params->ssid, params->ssid_len); 4713 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 4714 params->ssid); 4715 if (params->ssid_len > sizeof(drv->ssid)) 4716 goto nla_put_failure; 4717 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 4718 drv->ssid_len = params->ssid_len; 4719 } 4720 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 4721 if (params->wpa_ie) 4722 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 4723 params->wpa_ie); 4724 4725 algs = 0; 4726 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 4727 algs++; 4728 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 4729 algs++; 4730 if (params->auth_alg & WPA_AUTH_ALG_LEAP) 4731 algs++; 4732 if (algs > 1) { 4733 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " 4734 "selection"); 4735 goto skip_auth_type; 4736 } 4737 4738 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 4739 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 4740 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 4741 type = NL80211_AUTHTYPE_SHARED_KEY; 4742 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 4743 type = NL80211_AUTHTYPE_NETWORK_EAP; 4744 else if (params->auth_alg & WPA_AUTH_ALG_FT) 4745 type = NL80211_AUTHTYPE_FT; 4746 else 4747 goto nla_put_failure; 4748 4749 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 4750 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 4751 4752skip_auth_type: 4753 if (params->wpa_ie && params->wpa_ie_len) { 4754 enum nl80211_wpa_versions ver; 4755 4756 if (params->wpa_ie[0] == WLAN_EID_RSN) 4757 ver = NL80211_WPA_VERSION_2; 4758 else 4759 ver = NL80211_WPA_VERSION_1; 4760 4761 wpa_printf(MSG_DEBUG, " * WPA Version %d", ver); 4762 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 4763 } 4764 4765 if (params->pairwise_suite != CIPHER_NONE) { 4766 int cipher; 4767 4768 switch (params->pairwise_suite) { 4769 case CIPHER_WEP40: 4770 cipher = WLAN_CIPHER_SUITE_WEP40; 4771 break; 4772 case CIPHER_WEP104: 4773 cipher = WLAN_CIPHER_SUITE_WEP104; 4774 break; 4775 case CIPHER_CCMP: 4776 cipher = WLAN_CIPHER_SUITE_CCMP; 4777 break; 4778 case CIPHER_TKIP: 4779 default: 4780 cipher = WLAN_CIPHER_SUITE_TKIP; 4781 break; 4782 } 4783 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 4784 } 4785 4786 if (params->group_suite != CIPHER_NONE) { 4787 int cipher; 4788 4789 switch (params->group_suite) { 4790 case CIPHER_WEP40: 4791 cipher = WLAN_CIPHER_SUITE_WEP40; 4792 break; 4793 case CIPHER_WEP104: 4794 cipher = WLAN_CIPHER_SUITE_WEP104; 4795 break; 4796 case CIPHER_CCMP: 4797 cipher = WLAN_CIPHER_SUITE_CCMP; 4798 break; 4799 case CIPHER_TKIP: 4800 default: 4801 cipher = WLAN_CIPHER_SUITE_TKIP; 4802 break; 4803 } 4804 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 4805 } 4806 4807 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 4808 params->key_mgmt_suite == KEY_MGMT_PSK) { 4809 int mgmt = WLAN_AKM_SUITE_PSK; 4810 4811 switch (params->key_mgmt_suite) { 4812 case KEY_MGMT_802_1X: 4813 mgmt = WLAN_AKM_SUITE_8021X; 4814 break; 4815 case KEY_MGMT_PSK: 4816 default: 4817 mgmt = WLAN_AKM_SUITE_PSK; 4818 break; 4819 } 4820 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 4821 } 4822 4823 ret = nl80211_set_conn_keys(params, msg); 4824 if (ret) 4825 goto nla_put_failure; 4826 4827 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4828 msg = NULL; 4829 if (ret) { 4830 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 4831 "(%s)", ret, strerror(-ret)); 4832 goto nla_put_failure; 4833 } 4834 ret = 0; 4835 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 4836 4837nla_put_failure: 4838 nlmsg_free(msg); 4839 return ret; 4840 4841} 4842 4843 4844static int wpa_driver_nl80211_associate( 4845 void *priv, struct wpa_driver_associate_params *params) 4846{ 4847 struct i802_bss *bss = priv; 4848 struct wpa_driver_nl80211_data *drv = bss->drv; 4849 int ret = -1; 4850 struct nl_msg *msg; 4851 4852 if (params->mode == IEEE80211_MODE_AP) 4853 return wpa_driver_nl80211_ap(drv, params); 4854 4855 if (params->mode == IEEE80211_MODE_IBSS) 4856 return wpa_driver_nl80211_ibss(drv, params); 4857 4858 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 4859 if (wpa_driver_nl80211_set_mode(priv, params->mode) < 0) 4860 return -1; 4861 return wpa_driver_nl80211_connect(drv, params); 4862 } 4863 4864 drv->associated = 0; 4865 4866 msg = nlmsg_alloc(); 4867 if (!msg) 4868 return -1; 4869 4870 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 4871 drv->ifindex); 4872 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4873 NL80211_CMD_ASSOCIATE, 0); 4874 4875 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4876 if (params->bssid) { 4877 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 4878 MAC2STR(params->bssid)); 4879 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 4880 } 4881 if (params->freq) { 4882 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 4883 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 4884 drv->assoc_freq = params->freq; 4885 } else 4886 drv->assoc_freq = 0; 4887 if (params->ssid) { 4888 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 4889 params->ssid, params->ssid_len); 4890 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 4891 params->ssid); 4892 if (params->ssid_len > sizeof(drv->ssid)) 4893 goto nla_put_failure; 4894 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 4895 drv->ssid_len = params->ssid_len; 4896 } 4897 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 4898 if (params->wpa_ie) 4899 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 4900 params->wpa_ie); 4901 4902 if (params->pairwise_suite != CIPHER_NONE) { 4903 int cipher; 4904 4905 switch (params->pairwise_suite) { 4906 case CIPHER_WEP40: 4907 cipher = WLAN_CIPHER_SUITE_WEP40; 4908 break; 4909 case CIPHER_WEP104: 4910 cipher = WLAN_CIPHER_SUITE_WEP104; 4911 break; 4912 case CIPHER_CCMP: 4913 cipher = WLAN_CIPHER_SUITE_CCMP; 4914 break; 4915 case CIPHER_TKIP: 4916 default: 4917 cipher = WLAN_CIPHER_SUITE_TKIP; 4918 break; 4919 } 4920 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher); 4921 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 4922 } 4923 4924 if (params->group_suite != CIPHER_NONE) { 4925 int cipher; 4926 4927 switch (params->group_suite) { 4928 case CIPHER_WEP40: 4929 cipher = WLAN_CIPHER_SUITE_WEP40; 4930 break; 4931 case CIPHER_WEP104: 4932 cipher = WLAN_CIPHER_SUITE_WEP104; 4933 break; 4934 case CIPHER_CCMP: 4935 cipher = WLAN_CIPHER_SUITE_CCMP; 4936 break; 4937 case CIPHER_TKIP: 4938 default: 4939 cipher = WLAN_CIPHER_SUITE_TKIP; 4940 break; 4941 } 4942 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher); 4943 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 4944 } 4945 4946#ifdef CONFIG_IEEE80211W 4947 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 4948 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 4949#endif /* CONFIG_IEEE80211W */ 4950 4951 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 4952 4953 if (params->prev_bssid) { 4954 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 4955 MAC2STR(params->prev_bssid)); 4956 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 4957 params->prev_bssid); 4958 } 4959 4960 if (params->p2p) 4961 wpa_printf(MSG_DEBUG, " * P2P group"); 4962 4963 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4964 msg = NULL; 4965 if (ret) { 4966 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 4967 "(%s)", ret, strerror(-ret)); 4968 nl80211_dump_scan(drv); 4969 goto nla_put_failure; 4970 } 4971 ret = 0; 4972 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 4973 "successfully"); 4974 4975nla_put_failure: 4976 nlmsg_free(msg); 4977 return ret; 4978} 4979 4980 4981static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 4982 int ifindex, int mode) 4983{ 4984 struct nl_msg *msg; 4985 int ret = -ENOBUFS; 4986 4987 msg = nlmsg_alloc(); 4988 if (!msg) 4989 return -ENOMEM; 4990 4991 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4992 0, NL80211_CMD_SET_INTERFACE, 0); 4993 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 4994 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 4995 4996 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4997 if (!ret) 4998 return 0; 4999nla_put_failure: 5000 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 5001 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 5002 return ret; 5003} 5004 5005 5006static int wpa_driver_nl80211_set_mode(void *priv, int mode) 5007{ 5008 struct i802_bss *bss = priv; 5009 struct wpa_driver_nl80211_data *drv = bss->drv; 5010 int ret = -1; 5011 int nlmode; 5012 int i; 5013 5014 switch (mode) { 5015 case 0: 5016 nlmode = NL80211_IFTYPE_STATION; 5017 break; 5018 case 1: 5019 nlmode = NL80211_IFTYPE_ADHOC; 5020 break; 5021 case 2: 5022 nlmode = NL80211_IFTYPE_AP; 5023 break; 5024 default: 5025 return -1; 5026 } 5027 5028 if (nl80211_set_mode(drv, drv->ifindex, nlmode) == 0) { 5029 drv->nlmode = nlmode; 5030 ret = 0; 5031 goto done; 5032 } 5033 5034 if (nlmode == drv->nlmode) { 5035 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 5036 "requested mode - ignore error"); 5037 ret = 0; 5038 goto done; /* Already in the requested mode */ 5039 } 5040 5041 /* mac80211 doesn't allow mode changes while the device is up, so 5042 * take the device down, try to set the mode again, and bring the 5043 * device back up. 5044 */ 5045 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting " 5046 "interface down"); 5047 for (i = 0; i < 10; i++) { 5048 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0) == 5049 0) { 5050 /* Try to set the mode again while the interface is 5051 * down */ 5052 ret = nl80211_set_mode(drv, drv->ifindex, nlmode); 5053 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 5054 1)) 5055 ret = -1; 5056 if (!ret) 5057 break; 5058 } else 5059 wpa_printf(MSG_DEBUG, "nl80211: Failed to set " 5060 "interface down"); 5061 os_sleep(0, 100000); 5062 } 5063 5064 if (!ret) { 5065 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 5066 "interface is down"); 5067 drv->nlmode = nlmode; 5068 } 5069 5070done: 5071 if (!ret && nlmode == NL80211_IFTYPE_AP) { 5072 /* Setup additional AP mode functionality if needed */ 5073 if (!drv->no_monitor_iface_capab && drv->monitor_ifidx < 0 && 5074 nl80211_create_monitor_interface(drv) && 5075 !drv->no_monitor_iface_capab) 5076 return -1; 5077 } else if (!ret && nlmode != NL80211_IFTYPE_AP) { 5078 /* Remove additional AP mode functionality */ 5079 nl80211_remove_monitor_interface(drv); 5080 bss->beacon_set = 0; 5081 } 5082 5083 if (ret) 5084 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 5085 "from %d failed", nlmode, drv->nlmode); 5086 5087 return ret; 5088} 5089 5090 5091static int wpa_driver_nl80211_get_capa(void *priv, 5092 struct wpa_driver_capa *capa) 5093{ 5094 struct i802_bss *bss = priv; 5095 struct wpa_driver_nl80211_data *drv = bss->drv; 5096 if (!drv->has_capability) 5097 return -1; 5098 os_memcpy(capa, &drv->capa, sizeof(*capa)); 5099 return 0; 5100} 5101 5102 5103static int wpa_driver_nl80211_set_operstate(void *priv, int state) 5104{ 5105 struct i802_bss *bss = priv; 5106 struct wpa_driver_nl80211_data *drv = bss->drv; 5107 5108 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 5109 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 5110 drv->operstate = state; 5111 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1, 5112 state ? IF_OPER_UP : IF_OPER_DORMANT); 5113} 5114 5115 5116static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 5117{ 5118 struct i802_bss *bss = priv; 5119 struct wpa_driver_nl80211_data *drv = bss->drv; 5120 struct nl_msg *msg; 5121 struct nl80211_sta_flag_update upd; 5122 5123 msg = nlmsg_alloc(); 5124 if (!msg) 5125 return -ENOMEM; 5126 5127 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5128 0, NL80211_CMD_SET_STATION, 0); 5129 5130 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 5131 if_nametoindex(bss->ifname)); 5132 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 5133 5134 os_memset(&upd, 0, sizeof(upd)); 5135 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 5136 if (authorized) 5137 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 5138 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 5139 5140 return send_and_recv_msgs(drv, msg, NULL, NULL); 5141 nla_put_failure: 5142 return -ENOBUFS; 5143} 5144 5145 5146/* Set kernel driver on given frequency (MHz) */ 5147static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 5148{ 5149 struct i802_bss *bss = priv; 5150 struct wpa_driver_nl80211_data *drv = bss->drv; 5151 return wpa_driver_nl80211_set_freq(drv, freq->freq, freq->ht_enabled, 5152 freq->sec_channel_offset); 5153} 5154 5155 5156#if defined(HOSTAPD) || defined(CONFIG_AP) 5157 5158static inline int min_int(int a, int b) 5159{ 5160 if (a < b) 5161 return a; 5162 return b; 5163} 5164 5165 5166static int get_key_handler(struct nl_msg *msg, void *arg) 5167{ 5168 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 5169 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5170 5171 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5172 genlmsg_attrlen(gnlh, 0), NULL); 5173 5174 /* 5175 * TODO: validate the key index and mac address! 5176 * Otherwise, there's a race condition as soon as 5177 * the kernel starts sending key notifications. 5178 */ 5179 5180 if (tb[NL80211_ATTR_KEY_SEQ]) 5181 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 5182 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 5183 return NL_SKIP; 5184} 5185 5186 5187static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 5188 int idx, u8 *seq) 5189{ 5190 struct i802_bss *bss = priv; 5191 struct wpa_driver_nl80211_data *drv = bss->drv; 5192 struct nl_msg *msg; 5193 5194 msg = nlmsg_alloc(); 5195 if (!msg) 5196 return -ENOMEM; 5197 5198 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5199 0, NL80211_CMD_GET_KEY, 0); 5200 5201 if (addr) 5202 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5203 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 5204 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 5205 5206 memset(seq, 0, 6); 5207 5208 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 5209 nla_put_failure: 5210 return -ENOBUFS; 5211} 5212 5213 5214static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates, 5215 int mode) 5216{ 5217 struct i802_bss *bss = priv; 5218 struct wpa_driver_nl80211_data *drv = bss->drv; 5219 struct nl_msg *msg; 5220 u8 rates[NL80211_MAX_SUPP_RATES]; 5221 u8 rates_len = 0; 5222 int i; 5223 5224 msg = nlmsg_alloc(); 5225 if (!msg) 5226 return -ENOMEM; 5227 5228 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 5229 NL80211_CMD_SET_BSS, 0); 5230 5231 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++) 5232 rates[rates_len++] = basic_rates[i] / 5; 5233 5234 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 5235 5236 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5237 5238 return send_and_recv_msgs(drv, msg, NULL, NULL); 5239 nla_put_failure: 5240 return -ENOBUFS; 5241} 5242 5243 5244static int i802_set_rts(void *priv, int rts) 5245{ 5246 struct i802_bss *bss = priv; 5247 struct wpa_driver_nl80211_data *drv = bss->drv; 5248 struct nl_msg *msg; 5249 int ret = -ENOBUFS; 5250 u32 val; 5251 5252 msg = nlmsg_alloc(); 5253 if (!msg) 5254 return -ENOMEM; 5255 5256 if (rts >= 2347) 5257 val = (u32) -1; 5258 else 5259 val = rts; 5260 5261 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5262 0, NL80211_CMD_SET_WIPHY, 0); 5263 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5264 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 5265 5266 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5267 if (!ret) 5268 return 0; 5269nla_put_failure: 5270 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 5271 "%d (%s)", rts, ret, strerror(-ret)); 5272 return ret; 5273} 5274 5275 5276static int i802_set_frag(void *priv, int frag) 5277{ 5278 struct i802_bss *bss = priv; 5279 struct wpa_driver_nl80211_data *drv = bss->drv; 5280 struct nl_msg *msg; 5281 int ret = -ENOBUFS; 5282 u32 val; 5283 5284 msg = nlmsg_alloc(); 5285 if (!msg) 5286 return -ENOMEM; 5287 5288 if (frag >= 2346) 5289 val = (u32) -1; 5290 else 5291 val = frag; 5292 5293 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5294 0, NL80211_CMD_SET_WIPHY, 0); 5295 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5296 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 5297 5298 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5299 if (!ret) 5300 return 0; 5301nla_put_failure: 5302 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 5303 "%d: %d (%s)", frag, ret, strerror(-ret)); 5304 return ret; 5305} 5306 5307 5308static int i802_flush(void *priv) 5309{ 5310 struct i802_bss *bss = priv; 5311 struct wpa_driver_nl80211_data *drv = bss->drv; 5312 struct nl_msg *msg; 5313 5314 msg = nlmsg_alloc(); 5315 if (!msg) 5316 return -1; 5317 5318 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5319 0, NL80211_CMD_DEL_STATION, 0); 5320 5321 /* 5322 * XXX: FIX! this needs to flush all VLANs too 5323 */ 5324 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 5325 if_nametoindex(bss->ifname)); 5326 5327 return send_and_recv_msgs(drv, msg, NULL, NULL); 5328 nla_put_failure: 5329 return -ENOBUFS; 5330} 5331 5332 5333static int get_sta_handler(struct nl_msg *msg, void *arg) 5334{ 5335 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 5336 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5337 struct hostap_sta_driver_data *data = arg; 5338 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 5339 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 5340 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 5341 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 5342 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 5343 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 5344 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 5345 }; 5346 5347 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5348 genlmsg_attrlen(gnlh, 0), NULL); 5349 5350 /* 5351 * TODO: validate the interface and mac address! 5352 * Otherwise, there's a race condition as soon as 5353 * the kernel starts sending station notifications. 5354 */ 5355 5356 if (!tb[NL80211_ATTR_STA_INFO]) { 5357 wpa_printf(MSG_DEBUG, "sta stats missing!"); 5358 return NL_SKIP; 5359 } 5360 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 5361 tb[NL80211_ATTR_STA_INFO], 5362 stats_policy)) { 5363 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 5364 return NL_SKIP; 5365 } 5366 5367 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 5368 data->inactive_msec = 5369 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 5370 if (stats[NL80211_STA_INFO_RX_BYTES]) 5371 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 5372 if (stats[NL80211_STA_INFO_TX_BYTES]) 5373 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 5374 if (stats[NL80211_STA_INFO_RX_PACKETS]) 5375 data->rx_packets = 5376 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 5377 if (stats[NL80211_STA_INFO_TX_PACKETS]) 5378 data->tx_packets = 5379 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 5380 5381 return NL_SKIP; 5382} 5383 5384static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data, 5385 const u8 *addr) 5386{ 5387 struct i802_bss *bss = priv; 5388 struct wpa_driver_nl80211_data *drv = bss->drv; 5389 struct nl_msg *msg; 5390 5391 os_memset(data, 0, sizeof(*data)); 5392 msg = nlmsg_alloc(); 5393 if (!msg) 5394 return -ENOMEM; 5395 5396 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5397 0, NL80211_CMD_GET_STATION, 0); 5398 5399 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5400 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5401 5402 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 5403 nla_put_failure: 5404 return -ENOBUFS; 5405} 5406 5407 5408static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 5409 int cw_min, int cw_max, int burst_time) 5410{ 5411 struct i802_bss *bss = priv; 5412 struct wpa_driver_nl80211_data *drv = bss->drv; 5413 struct nl_msg *msg; 5414 struct nlattr *txq, *params; 5415 5416 msg = nlmsg_alloc(); 5417 if (!msg) 5418 return -1; 5419 5420 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5421 0, NL80211_CMD_SET_WIPHY, 0); 5422 5423 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5424 5425 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 5426 if (!txq) 5427 goto nla_put_failure; 5428 5429 /* We are only sending parameters for a single TXQ at a time */ 5430 params = nla_nest_start(msg, 1); 5431 if (!params) 5432 goto nla_put_failure; 5433 5434 switch (queue) { 5435 case 0: 5436 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO); 5437 break; 5438 case 1: 5439 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI); 5440 break; 5441 case 2: 5442 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE); 5443 break; 5444 case 3: 5445 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK); 5446 break; 5447 } 5448 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 5449 * 32 usec, so need to convert the value here. */ 5450 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 5451 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 5452 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 5453 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 5454 5455 nla_nest_end(msg, params); 5456 5457 nla_nest_end(msg, txq); 5458 5459 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 5460 return 0; 5461 nla_put_failure: 5462 return -1; 5463} 5464 5465 5466static int i802_set_bss(void *priv, int cts, int preamble, int slot, 5467 int ht_opmode) 5468{ 5469 struct i802_bss *bss = priv; 5470 struct wpa_driver_nl80211_data *drv = bss->drv; 5471 struct nl_msg *msg; 5472 5473 msg = nlmsg_alloc(); 5474 if (!msg) 5475 return -ENOMEM; 5476 5477 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 5478 NL80211_CMD_SET_BSS, 0); 5479 5480 if (cts >= 0) 5481 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 5482 if (preamble >= 0) 5483 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 5484 if (slot >= 0) 5485 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 5486 if (ht_opmode >= 0) 5487 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode); 5488 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5489 5490 return send_and_recv_msgs(drv, msg, NULL, NULL); 5491 nla_put_failure: 5492 return -ENOBUFS; 5493} 5494 5495 5496static int i802_set_cts_protect(void *priv, int value) 5497{ 5498 return i802_set_bss(priv, value, -1, -1, -1); 5499} 5500 5501 5502static int i802_set_preamble(void *priv, int value) 5503{ 5504 return i802_set_bss(priv, -1, value, -1, -1); 5505} 5506 5507 5508static int i802_set_short_slot_time(void *priv, int value) 5509{ 5510 return i802_set_bss(priv, -1, -1, value, -1); 5511} 5512 5513 5514static int i802_set_sta_vlan(void *priv, const u8 *addr, 5515 const char *ifname, int vlan_id) 5516{ 5517 struct i802_bss *bss = priv; 5518 struct wpa_driver_nl80211_data *drv = bss->drv; 5519 struct nl_msg *msg; 5520 int ret = -ENOBUFS; 5521 5522 msg = nlmsg_alloc(); 5523 if (!msg) 5524 return -ENOMEM; 5525 5526 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5527 0, NL80211_CMD_SET_STATION, 0); 5528 5529 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 5530 if_nametoindex(bss->ifname)); 5531 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5532 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 5533 if_nametoindex(ifname)); 5534 5535 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5536 if (ret < 0) { 5537 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 5538 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 5539 MAC2STR(addr), ifname, vlan_id, ret, 5540 strerror(-ret)); 5541 } 5542 nla_put_failure: 5543 return ret; 5544} 5545 5546 5547static int i802_set_ht_params(void *priv, const u8 *ht_capab, 5548 size_t ht_capab_len, const u8 *ht_oper, 5549 size_t ht_oper_len) 5550{ 5551 if (ht_oper_len >= 6) { 5552 /* ht opmode uses 16bit in octet 5 & 6 */ 5553 u16 ht_opmode = le_to_host16(((u16 *) ht_oper)[2]); 5554 return i802_set_bss(priv, -1, -1, -1, ht_opmode); 5555 } else 5556 return -1; 5557} 5558 5559 5560static int i802_get_inact_sec(void *priv, const u8 *addr) 5561{ 5562 struct hostap_sta_driver_data data; 5563 int ret; 5564 5565 data.inactive_msec = (unsigned long) -1; 5566 ret = i802_read_sta_data(priv, &data, addr); 5567 if (ret || data.inactive_msec == (unsigned long) -1) 5568 return -1; 5569 return data.inactive_msec / 1000; 5570} 5571 5572 5573static int i802_sta_clear_stats(void *priv, const u8 *addr) 5574{ 5575#if 0 5576 /* TODO */ 5577#endif 5578 return 0; 5579} 5580 5581 5582static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 5583 int reason) 5584{ 5585 struct i802_bss *bss = priv; 5586 struct ieee80211_mgmt mgmt; 5587 5588 memset(&mgmt, 0, sizeof(mgmt)); 5589 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 5590 WLAN_FC_STYPE_DEAUTH); 5591 memcpy(mgmt.da, addr, ETH_ALEN); 5592 memcpy(mgmt.sa, own_addr, ETH_ALEN); 5593 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 5594 mgmt.u.deauth.reason_code = host_to_le16(reason); 5595 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 5596 IEEE80211_HDRLEN + 5597 sizeof(mgmt.u.deauth)); 5598} 5599 5600 5601static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 5602 int reason) 5603{ 5604 struct i802_bss *bss = priv; 5605 struct ieee80211_mgmt mgmt; 5606 5607 memset(&mgmt, 0, sizeof(mgmt)); 5608 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 5609 WLAN_FC_STYPE_DISASSOC); 5610 memcpy(mgmt.da, addr, ETH_ALEN); 5611 memcpy(mgmt.sa, own_addr, ETH_ALEN); 5612 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 5613 mgmt.u.disassoc.reason_code = host_to_le16(reason); 5614 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 5615 IEEE80211_HDRLEN + 5616 sizeof(mgmt.u.disassoc)); 5617} 5618 5619#endif /* HOSTAPD || CONFIG_AP */ 5620 5621#ifdef HOSTAPD 5622 5623static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 5624{ 5625 int i; 5626 int *old; 5627 5628 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 5629 ifidx); 5630 for (i = 0; i < drv->num_if_indices; i++) { 5631 if (drv->if_indices[i] == 0) { 5632 drv->if_indices[i] = ifidx; 5633 return; 5634 } 5635 } 5636 5637 if (drv->if_indices != drv->default_if_indices) 5638 old = drv->if_indices; 5639 else 5640 old = NULL; 5641 5642 drv->if_indices = os_realloc(old, 5643 sizeof(int) * (drv->num_if_indices + 1)); 5644 if (!drv->if_indices) { 5645 if (!old) 5646 drv->if_indices = drv->default_if_indices; 5647 else 5648 drv->if_indices = old; 5649 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 5650 "interfaces"); 5651 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 5652 return; 5653 } else if (!old) 5654 os_memcpy(drv->if_indices, drv->default_if_indices, 5655 sizeof(drv->default_if_indices)); 5656 drv->if_indices[drv->num_if_indices] = ifidx; 5657 drv->num_if_indices++; 5658} 5659 5660 5661static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 5662{ 5663 int i; 5664 5665 for (i = 0; i < drv->num_if_indices; i++) { 5666 if (drv->if_indices[i] == ifidx) { 5667 drv->if_indices[i] = 0; 5668 break; 5669 } 5670 } 5671} 5672 5673 5674static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 5675{ 5676 int i; 5677 5678 for (i = 0; i < drv->num_if_indices; i++) 5679 if (drv->if_indices[i] == ifidx) 5680 return 1; 5681 5682 return 0; 5683} 5684 5685 5686static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, 5687 const char *bridge_ifname) 5688{ 5689 struct i802_bss *bss = priv; 5690 struct wpa_driver_nl80211_data *drv = bss->drv; 5691 char name[IFNAMSIZ + 1]; 5692 5693 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 5694 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 5695 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 5696 if (val) { 5697 if (!if_nametoindex(name)) { 5698 if (nl80211_create_iface(drv, name, 5699 NL80211_IFTYPE_AP_VLAN, 5700 NULL, 1) < 0) 5701 return -1; 5702 if (bridge_ifname && 5703 linux_br_add_if(drv->ioctl_sock, bridge_ifname, 5704 name) < 0) 5705 return -1; 5706 } 5707 linux_set_iface_flags(drv->ioctl_sock, name, 1); 5708 return i802_set_sta_vlan(priv, addr, name, 0); 5709 } else { 5710 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 5711 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN, 5712 name); 5713 } 5714} 5715 5716 5717static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 5718{ 5719 struct wpa_driver_nl80211_data *drv = eloop_ctx; 5720 struct sockaddr_ll lladdr; 5721 unsigned char buf[3000]; 5722 int len; 5723 socklen_t fromlen = sizeof(lladdr); 5724 5725 len = recvfrom(sock, buf, sizeof(buf), 0, 5726 (struct sockaddr *)&lladdr, &fromlen); 5727 if (len < 0) { 5728 perror("recv"); 5729 return; 5730 } 5731 5732 if (have_ifidx(drv, lladdr.sll_ifindex)) 5733 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 5734} 5735 5736 5737static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 5738 struct i802_bss *bss, 5739 const char *brname, const char *ifname) 5740{ 5741 int ifindex; 5742 char in_br[IFNAMSIZ]; 5743 5744 os_strlcpy(bss->brname, brname, IFNAMSIZ); 5745 ifindex = if_nametoindex(brname); 5746 if (ifindex == 0) { 5747 /* 5748 * Bridge was configured, but the bridge device does 5749 * not exist. Try to add it now. 5750 */ 5751 if (linux_br_add(drv->ioctl_sock, brname) < 0) { 5752 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 5753 "bridge interface %s: %s", 5754 brname, strerror(errno)); 5755 return -1; 5756 } 5757 bss->added_bridge = 1; 5758 add_ifidx(drv, if_nametoindex(brname)); 5759 } 5760 5761 if (linux_br_get(in_br, ifname) == 0) { 5762 if (os_strcmp(in_br, brname) == 0) 5763 return 0; /* already in the bridge */ 5764 5765 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 5766 "bridge %s", ifname, in_br); 5767 if (linux_br_del_if(drv->ioctl_sock, in_br, ifname) < 0) { 5768 wpa_printf(MSG_ERROR, "nl80211: Failed to " 5769 "remove interface %s from bridge " 5770 "%s: %s", 5771 ifname, brname, strerror(errno)); 5772 return -1; 5773 } 5774 } 5775 5776 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 5777 ifname, brname); 5778 if (linux_br_add_if(drv->ioctl_sock, brname, ifname) < 0) { 5779 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 5780 "into bridge %s: %s", 5781 ifname, brname, strerror(errno)); 5782 return -1; 5783 } 5784 bss->added_if_into_bridge = 1; 5785 5786 return 0; 5787} 5788 5789 5790static void *i802_init(struct hostapd_data *hapd, 5791 struct wpa_init_params *params) 5792{ 5793 struct wpa_driver_nl80211_data *drv; 5794 struct i802_bss *bss; 5795 size_t i; 5796 char brname[IFNAMSIZ]; 5797 int ifindex, br_ifindex; 5798 int br_added = 0; 5799 5800 bss = wpa_driver_nl80211_init(hapd, params->ifname, NULL); 5801 if (bss == NULL) 5802 return NULL; 5803 5804 drv = bss->drv; 5805 drv->nlmode = NL80211_IFTYPE_AP; 5806 if (linux_br_get(brname, params->ifname) == 0) { 5807 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 5808 params->ifname, brname); 5809 br_ifindex = if_nametoindex(brname); 5810 } else { 5811 brname[0] = '\0'; 5812 br_ifindex = 0; 5813 } 5814 5815 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 5816 drv->if_indices = drv->default_if_indices; 5817 for (i = 0; i < params->num_bridge; i++) { 5818 if (params->bridge[i]) { 5819 ifindex = if_nametoindex(params->bridge[i]); 5820 if (ifindex) 5821 add_ifidx(drv, ifindex); 5822 if (ifindex == br_ifindex) 5823 br_added = 1; 5824 } 5825 } 5826 if (!br_added && br_ifindex && 5827 (params->num_bridge == 0 || !params->bridge[0])) 5828 add_ifidx(drv, br_ifindex); 5829 5830 /* start listening for EAPOL on the default AP interface */ 5831 add_ifidx(drv, drv->ifindex); 5832 5833 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0)) 5834 goto failed; 5835 5836 if (params->bssid) { 5837 if (linux_set_ifhwaddr(drv->ioctl_sock, bss->ifname, 5838 params->bssid)) 5839 goto failed; 5840 } 5841 5842 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_AP)) { 5843 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s " 5844 "into AP mode", bss->ifname); 5845 goto failed; 5846 } 5847 5848 if (params->num_bridge && params->bridge[0] && 5849 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0) 5850 goto failed; 5851 5852 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) 5853 goto failed; 5854 5855 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 5856 if (drv->eapol_sock < 0) { 5857 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)"); 5858 goto failed; 5859 } 5860 5861 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 5862 { 5863 printf("Could not register read socket for eapol\n"); 5864 goto failed; 5865 } 5866 5867 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, params->own_addr)) 5868 goto failed; 5869 5870 return bss; 5871 5872failed: 5873 nl80211_remove_monitor_interface(drv); 5874 rfkill_deinit(drv->rfkill); 5875 netlink_deinit(drv->netlink); 5876 if (drv->ioctl_sock >= 0) 5877 close(drv->ioctl_sock); 5878 5879 genl_family_put(drv->nl80211); 5880 nl_cache_free(drv->nl_cache); 5881 nl80211_handle_destroy(drv->nl_handle); 5882 nl_cb_put(drv->nl_cb); 5883 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 5884 5885 os_free(drv); 5886 return NULL; 5887} 5888 5889 5890static void i802_deinit(void *priv) 5891{ 5892 wpa_driver_nl80211_deinit(priv); 5893} 5894 5895#endif /* HOSTAPD */ 5896 5897 5898static enum nl80211_iftype wpa_driver_nl80211_if_type( 5899 enum wpa_driver_if_type type) 5900{ 5901 switch (type) { 5902 case WPA_IF_STATION: 5903 return NL80211_IFTYPE_STATION; 5904 case WPA_IF_P2P_CLIENT: 5905 case WPA_IF_P2P_GROUP: 5906 return NL80211_IFTYPE_P2P_CLIENT; 5907 case WPA_IF_AP_VLAN: 5908 return NL80211_IFTYPE_AP_VLAN; 5909 case WPA_IF_AP_BSS: 5910 return NL80211_IFTYPE_AP; 5911 case WPA_IF_P2P_GO: 5912 return NL80211_IFTYPE_P2P_GO; 5913 } 5914 return -1; 5915} 5916 5917 5918#ifdef CONFIG_P2P 5919 5920static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr) 5921{ 5922 struct wpa_driver_nl80211_data *drv; 5923 dl_list_for_each(drv, &global->interfaces, 5924 struct wpa_driver_nl80211_data, list) { 5925 if (os_memcmp(addr, drv->addr, ETH_ALEN) == 0) 5926 return 1; 5927 } 5928 return 0; 5929} 5930 5931 5932static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv, 5933 u8 *new_addr) 5934{ 5935 unsigned int idx; 5936 5937 if (!drv->global) 5938 return -1; 5939 5940 os_memcpy(new_addr, drv->addr, ETH_ALEN); 5941 for (idx = 0; idx < 64; idx++) { 5942 new_addr[0] = drv->addr[0] | 0x02; 5943 new_addr[0] ^= idx << 2; 5944 if (!nl80211_addr_in_use(drv->global, new_addr)) 5945 break; 5946 } 5947 if (idx == 64) 5948 return -1; 5949 5950 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address " 5951 MACSTR, MAC2STR(new_addr)); 5952 5953 return 0; 5954} 5955 5956#endif /* CONFIG_P2P */ 5957 5958 5959static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 5960 const char *ifname, const u8 *addr, 5961 void *bss_ctx, void **drv_priv, 5962 char *force_ifname, u8 *if_addr, 5963 const char *bridge) 5964{ 5965 struct i802_bss *bss = priv; 5966 struct wpa_driver_nl80211_data *drv = bss->drv; 5967 int ifidx; 5968#ifdef HOSTAPD 5969 struct i802_bss *new_bss = NULL; 5970 5971 if (type == WPA_IF_AP_BSS) { 5972 new_bss = os_zalloc(sizeof(*new_bss)); 5973 if (new_bss == NULL) 5974 return -1; 5975 } 5976#endif /* HOSTAPD */ 5977 5978 if (addr) 5979 os_memcpy(if_addr, addr, ETH_ALEN); 5980 ifidx = nl80211_create_iface(drv, ifname, 5981 wpa_driver_nl80211_if_type(type), addr, 5982 0); 5983 if (ifidx < 0) { 5984#ifdef HOSTAPD 5985 os_free(new_bss); 5986#endif /* HOSTAPD */ 5987 return -1; 5988 } 5989 5990 if (!addr && 5991 linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, if_addr) < 0) { 5992 nl80211_remove_iface(drv, ifidx); 5993 return -1; 5994 } 5995 5996#ifdef CONFIG_P2P 5997 if (!addr && 5998 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP || 5999 type == WPA_IF_P2P_GO)) { 6000 /* Enforce unique P2P Interface Address */ 6001 u8 new_addr[ETH_ALEN], own_addr[ETH_ALEN]; 6002 6003 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) 6004 < 0 || 6005 linux_get_ifhwaddr(drv->ioctl_sock, ifname, new_addr) < 0) 6006 { 6007 nl80211_remove_iface(drv, ifidx); 6008 return -1; 6009 } 6010 if (os_memcmp(own_addr, new_addr, ETH_ALEN) == 0) { 6011 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address " 6012 "for P2P group interface"); 6013 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) { 6014 nl80211_remove_iface(drv, ifidx); 6015 return -1; 6016 } 6017 if (linux_set_ifhwaddr(drv->ioctl_sock, ifname, 6018 new_addr) < 0) { 6019 nl80211_remove_iface(drv, ifidx); 6020 return -1; 6021 } 6022 os_memcpy(if_addr, new_addr, ETH_ALEN); 6023 } 6024#ifdef ANDROID_BRCM_P2P_PATCH 6025 else { 6026 /* P2P_ADDR: Driver uses a different mac address than the primary mac */ 6027 wpa_printf(MSG_DEBUG, "nl80211: Driver uses a " 6028 "different mac address for the Virtual I/F. Get that and store it locally"); 6029 os_memcpy(if_addr, new_addr, ETH_ALEN); 6030 6031 } 6032#endif 6033 } 6034#endif /* CONFIG_P2P */ 6035 6036#ifdef HOSTAPD 6037 if (bridge && 6038 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) { 6039 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new " 6040 "interface %s to a bridge %s", ifname, bridge); 6041 nl80211_remove_iface(drv, ifidx); 6042 os_free(new_bss); 6043 return -1; 6044 } 6045 6046 if (type == WPA_IF_AP_BSS) { 6047 if (linux_set_iface_flags(drv->ioctl_sock, ifname, 1)) { 6048 nl80211_remove_iface(drv, ifidx); 6049 os_free(new_bss); 6050 return -1; 6051 } 6052 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 6053 new_bss->ifindex = ifidx; 6054 new_bss->drv = drv; 6055 new_bss->next = drv->first_bss.next; 6056 drv->first_bss.next = new_bss; 6057 if (drv_priv) 6058 *drv_priv = new_bss; 6059 } 6060#endif /* HOSTAPD */ 6061 6062 return 0; 6063} 6064 6065 6066static int wpa_driver_nl80211_if_remove(void *priv, 6067 enum wpa_driver_if_type type, 6068 const char *ifname) 6069{ 6070 struct i802_bss *bss = priv; 6071 struct wpa_driver_nl80211_data *drv = bss->drv; 6072 int ifindex = if_nametoindex(ifname); 6073 6074 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d", 6075 __func__, type, ifname, ifindex); 6076 if (ifindex <= 0) 6077 return -1; 6078 6079#ifdef HOSTAPD 6080 if (bss->added_if_into_bridge) { 6081 if (linux_br_del_if(drv->ioctl_sock, bss->brname, bss->ifname) 6082 < 0) 6083 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 6084 "interface %s from bridge %s: %s", 6085 bss->ifname, bss->brname, strerror(errno)); 6086 } 6087 if (bss->added_bridge) { 6088 if (linux_br_del(drv->ioctl_sock, bss->brname) < 0) 6089 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 6090 "bridge %s: %s", 6091 bss->brname, strerror(errno)); 6092 } 6093#endif /* HOSTAPD */ 6094 6095 nl80211_remove_iface(drv, ifindex); 6096 6097#ifdef HOSTAPD 6098 if (type != WPA_IF_AP_BSS) 6099 return 0; 6100 6101 if (bss != &drv->first_bss) { 6102 struct i802_bss *tbss; 6103 6104 for (tbss = &drv->first_bss; tbss; tbss = tbss->next) { 6105 if (tbss->next == bss) { 6106 tbss->next = bss->next; 6107 os_free(bss); 6108 bss = NULL; 6109 break; 6110 } 6111 } 6112 if (bss) 6113 wpa_printf(MSG_INFO, "nl80211: %s - could not find " 6114 "BSS %p in the list", __func__, bss); 6115 } 6116#endif /* HOSTAPD */ 6117 6118 return 0; 6119} 6120 6121 6122static int cookie_handler(struct nl_msg *msg, void *arg) 6123{ 6124 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 6125 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6126 u64 *cookie = arg; 6127 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6128 genlmsg_attrlen(gnlh, 0), NULL); 6129 if (tb[NL80211_ATTR_COOKIE]) 6130 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 6131 return NL_SKIP; 6132} 6133 6134 6135static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv, 6136 unsigned int freq, unsigned int wait, 6137 const u8 *buf, size_t buf_len, 6138 u64 *cookie_out) 6139{ 6140 struct nl_msg *msg; 6141 u64 cookie; 6142 int ret = -1; 6143 6144 msg = nlmsg_alloc(); 6145 if (!msg) 6146 return -1; 6147 6148 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6149 NL80211_CMD_FRAME, 0); 6150 6151 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6152 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 6153#ifndef ANDROID_BRCM_P2P_PATCH 6154 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait); 6155#endif 6156 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 6157 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf); 6158 6159 cookie = 0; 6160 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 6161 msg = NULL; 6162 if (ret) { 6163 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d " 6164 "(%s)", ret, strerror(-ret)); 6165 goto nla_put_failure; 6166 } 6167 wpa_printf(MSG_DEBUG, "nl80211: Frame TX command accepted; " 6168 "cookie 0x%llx", (long long unsigned int) cookie); 6169 6170 if (cookie_out) 6171 *cookie_out = cookie; 6172 6173nla_put_failure: 6174 nlmsg_free(msg); 6175 return ret; 6176} 6177 6178 6179static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq, 6180 unsigned int wait_time, 6181 const u8 *dst, const u8 *src, 6182 const u8 *bssid, 6183 const u8 *data, size_t data_len) 6184{ 6185 struct i802_bss *bss = priv; 6186 struct wpa_driver_nl80211_data *drv = bss->drv; 6187 int ret = -1; 6188 u8 *buf; 6189 struct ieee80211_hdr *hdr; 6190 6191 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, " 6192 "wait=%d ms)", drv->ifindex, wait_time); 6193 6194 buf = os_zalloc(24 + data_len); 6195 if (buf == NULL) 6196 return ret; 6197 os_memcpy(buf + 24, data, data_len); 6198 hdr = (struct ieee80211_hdr *) buf; 6199 hdr->frame_control = 6200 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 6201 os_memcpy(hdr->addr1, dst, ETH_ALEN); 6202 os_memcpy(hdr->addr2, src, ETH_ALEN); 6203 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 6204 6205 if (drv->nlmode == NL80211_IFTYPE_AP) 6206 ret = wpa_driver_nl80211_send_mlme(priv, buf, 24 + data_len); 6207 else 6208 ret = nl80211_send_frame_cmd(drv, freq, wait_time, buf, 6209 24 + data_len, 6210 &drv->send_action_cookie); 6211 6212 os_free(buf); 6213 return ret; 6214} 6215 6216 6217static void wpa_driver_nl80211_send_action_cancel_wait(void *priv) 6218{ 6219 struct i802_bss *bss = priv; 6220 struct wpa_driver_nl80211_data *drv = bss->drv; 6221 struct nl_msg *msg; 6222 int ret; 6223 6224 msg = nlmsg_alloc(); 6225 if (!msg) 6226 return; 6227 6228 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6229 NL80211_CMD_FRAME_WAIT_CANCEL, 0); 6230 6231 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6232 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie); 6233 6234 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6235 msg = NULL; 6236 if (ret) 6237 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d " 6238 "(%s)", ret, strerror(-ret)); 6239 6240 nla_put_failure: 6241 nlmsg_free(msg); 6242} 6243 6244 6245static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 6246 unsigned int duration) 6247{ 6248 struct i802_bss *bss = priv; 6249 struct wpa_driver_nl80211_data *drv = bss->drv; 6250 struct nl_msg *msg; 6251 int ret; 6252 u64 cookie; 6253 6254 msg = nlmsg_alloc(); 6255 if (!msg) 6256 return -1; 6257 6258 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6259 NL80211_CMD_REMAIN_ON_CHANNEL, 0); 6260 6261 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6262 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 6263 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 6264 6265 cookie = 0; 6266 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 6267 if (ret == 0) { 6268 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 6269 "0x%llx for freq=%u MHz duration=%u", 6270 (long long unsigned int) cookie, freq, duration); 6271 drv->remain_on_chan_cookie = cookie; 6272 return 0; 6273 } 6274 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 6275 "(freq=%d duration=%u): %d (%s)", 6276 freq, duration, ret, strerror(-ret)); 6277nla_put_failure: 6278 return -1; 6279} 6280 6281 6282static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 6283{ 6284 struct i802_bss *bss = priv; 6285 struct wpa_driver_nl80211_data *drv = bss->drv; 6286 struct nl_msg *msg; 6287 int ret; 6288 6289 if (!drv->pending_remain_on_chan) { 6290 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 6291 "to cancel"); 6292 return -1; 6293 } 6294 6295 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 6296 "0x%llx", 6297 (long long unsigned int) drv->remain_on_chan_cookie); 6298 6299 msg = nlmsg_alloc(); 6300 if (!msg) 6301 return -1; 6302 6303 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6304 NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 0); 6305 6306 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6307 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 6308 6309 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6310 if (ret == 0) 6311 return 0; 6312 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 6313 "%d (%s)", ret, strerror(-ret)); 6314nla_put_failure: 6315 return -1; 6316} 6317 6318 6319static int wpa_driver_nl80211_probe_req_report(void *priv, int report) 6320{ 6321 struct i802_bss *bss = priv; 6322 struct wpa_driver_nl80211_data *drv = bss->drv; 6323#ifndef ANDROID_BRCM_P2P_PATCH 6324 if (drv->nlmode != NL80211_IFTYPE_STATION) { 6325 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only " 6326 "allowed in station mode (iftype=%d)", 6327 drv->nlmode); 6328 return -1; 6329 } 6330#endif 6331 if (!report) { 6332 if (drv->nl_handle_preq) { 6333 eloop_unregister_read_sock( 6334 nl_socket_get_fd(drv->nl_handle_preq)); 6335 nl_cache_free(drv->nl_cache_preq); 6336 nl80211_handle_destroy(drv->nl_handle_preq); 6337 drv->nl_handle_preq = NULL; 6338 } 6339 return 0; 6340 } 6341 6342 if (drv->nl_handle_preq) { 6343 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting " 6344 "already on!"); 6345 return 0; 6346 } 6347 6348 drv->nl_handle_preq = nl80211_handle_alloc(drv->nl_cb); 6349 if (drv->nl_handle_preq == NULL) { 6350 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate " 6351 "netlink callbacks (preq)"); 6352 goto out_err1; 6353 } 6354 6355 if (genl_connect(drv->nl_handle_preq)) { 6356 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to " 6357 "generic netlink (preq)"); 6358 goto out_err2; 6359 return -1; 6360 } 6361 6362#ifdef CONFIG_LIBNL20 6363 if (genl_ctrl_alloc_cache(drv->nl_handle_preq, 6364 &drv->nl_cache_preq) < 0) { 6365 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 6366 "netlink cache (preq)"); 6367 goto out_err2; 6368 } 6369#else /* CONFIG_LIBNL20 */ 6370 drv->nl_cache_preq = genl_ctrl_alloc_cache(drv->nl_handle_preq); 6371 if (drv->nl_cache_preq == NULL) { 6372 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 6373 "netlink cache (preq)"); 6374 goto out_err2; 6375 } 6376#endif /* CONFIG_LIBNL20 */ 6377 6378 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6379 (WLAN_FC_TYPE_MGMT << 2) | 6380 (WLAN_FC_STYPE_PROBE_REQ << 4), 6381 NULL, 0) < 0) { 6382 goto out_err3; 6383 } 6384 6385#ifdef ANDROID_BRCM_P2P_PATCH 6386 if (drv->nlmode != NL80211_IFTYPE_AP && 6387 drv->nlmode != NL80211_IFTYPE_P2P_GO) { 6388 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only " 6389 "allowed in AP or P2P GO mode (iftype=%d)", 6390 drv->nlmode); 6391 goto done; 6392 } 6393 6394 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6395 (WLAN_FC_TYPE_MGMT << 2) | 6396 (WLAN_FC_STYPE_ASSOC_REQ << 4), 6397 NULL, 0) < 0) { 6398 goto out_err3; 6399 } 6400 6401 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6402 (WLAN_FC_TYPE_MGMT << 2) | 6403 (WLAN_FC_STYPE_REASSOC_REQ << 4), 6404 NULL, 0) < 0) { 6405 goto out_err3; 6406 } 6407 6408 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6409 (WLAN_FC_TYPE_MGMT << 2) | 6410 (WLAN_FC_STYPE_DISASSOC << 4), 6411 NULL, 0) < 0) { 6412 goto out_err3; 6413 } 6414 6415 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6416 (WLAN_FC_TYPE_MGMT << 2) | 6417 (WLAN_FC_STYPE_DEAUTH << 4), 6418 NULL, 0) < 0) { 6419 goto out_err3; 6420 } 6421 6422done: 6423#endif 6424 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_preq), 6425 wpa_driver_nl80211_event_receive, drv, 6426 drv->nl_handle_preq); 6427 6428 return 0; 6429 6430 out_err3: 6431 nl_cache_free(drv->nl_cache_preq); 6432 out_err2: 6433 nl80211_handle_destroy(drv->nl_handle_preq); 6434 drv->nl_handle_preq = NULL; 6435 out_err1: 6436 return -1; 6437} 6438 6439 6440static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 6441 int ifindex, int disabled) 6442{ 6443 struct nl_msg *msg; 6444 struct nlattr *bands, *band; 6445 int ret; 6446 6447 msg = nlmsg_alloc(); 6448 if (!msg) 6449 return -1; 6450 6451 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6452 NL80211_CMD_SET_TX_BITRATE_MASK, 0); 6453 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 6454 6455 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 6456 if (!bands) 6457 goto nla_put_failure; 6458 6459 /* 6460 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 6461 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 6462 * rates. All 5 GHz rates are left enabled. 6463 */ 6464 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 6465 if (!band) 6466 goto nla_put_failure; 6467 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 6468 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 6469 nla_nest_end(msg, band); 6470 6471 nla_nest_end(msg, bands); 6472 6473 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6474 msg = NULL; 6475 if (ret) { 6476 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 6477 "(%s)", ret, strerror(-ret)); 6478 } 6479 6480 return ret; 6481 6482nla_put_failure: 6483 nlmsg_free(msg); 6484 return -1; 6485} 6486 6487 6488static int wpa_driver_nl80211_disable_11b_rates(void *priv, int disabled) 6489{ 6490 struct i802_bss *bss = priv; 6491 struct wpa_driver_nl80211_data *drv = bss->drv; 6492 drv->disable_11b_rates = disabled; 6493 return nl80211_disable_11b_rates(drv, drv->ifindex, disabled); 6494} 6495 6496 6497static int wpa_driver_nl80211_deinit_ap(void *priv) 6498{ 6499 struct i802_bss *bss = priv; 6500 struct wpa_driver_nl80211_data *drv = bss->drv; 6501 if (drv->nlmode != NL80211_IFTYPE_AP) 6502 return -1; 6503 wpa_driver_nl80211_del_beacon(drv); 6504 return wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA); 6505} 6506 6507 6508static void wpa_driver_nl80211_resume(void *priv) 6509{ 6510 struct i802_bss *bss = priv; 6511 struct wpa_driver_nl80211_data *drv = bss->drv; 6512 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) { 6513 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on " 6514 "resume event"); 6515 } 6516} 6517 6518 6519static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 6520 const u8 *ies, size_t ies_len) 6521{ 6522 struct i802_bss *bss = priv; 6523 struct wpa_driver_nl80211_data *drv = bss->drv; 6524 int ret; 6525 u8 *data, *pos; 6526 size_t data_len; 6527 u8 own_addr[ETH_ALEN]; 6528 6529 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) < 0) 6530 return -1; 6531 6532 if (action != 1) { 6533 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 6534 "action %d", action); 6535 return -1; 6536 } 6537 6538 /* 6539 * Action frame payload: 6540 * Category[1] = 6 (Fast BSS Transition) 6541 * Action[1] = 1 (Fast BSS Transition Request) 6542 * STA Address 6543 * Target AP Address 6544 * FT IEs 6545 */ 6546 6547 data_len = 2 + 2 * ETH_ALEN + ies_len; 6548 data = os_malloc(data_len); 6549 if (data == NULL) 6550 return -1; 6551 pos = data; 6552 *pos++ = 0x06; /* FT Action category */ 6553 *pos++ = action; 6554 os_memcpy(pos, own_addr, ETH_ALEN); 6555 pos += ETH_ALEN; 6556 os_memcpy(pos, target_ap, ETH_ALEN); 6557 pos += ETH_ALEN; 6558 os_memcpy(pos, ies, ies_len); 6559 6560 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0, 6561 drv->bssid, own_addr, drv->bssid, 6562 data, data_len); 6563 os_free(data); 6564 6565 return ret; 6566} 6567 6568 6569static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 6570{ 6571 struct i802_bss *bss = priv; 6572 struct wpa_driver_nl80211_data *drv = bss->drv; 6573 struct nl_msg *msg, *cqm = NULL; 6574 6575 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 6576 "hysteresis=%d", threshold, hysteresis); 6577 6578 msg = nlmsg_alloc(); 6579 if (!msg) 6580 return -1; 6581 6582 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 6583 0, NL80211_CMD_SET_CQM, 0); 6584 6585 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 6586 6587 cqm = nlmsg_alloc(); 6588 if (cqm == NULL) 6589 return -1; 6590 6591 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 6592 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 6593 nla_put_nested(msg, NL80211_ATTR_CQM, cqm); 6594 6595 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 6596 return 0; 6597 msg = NULL; 6598 6599nla_put_failure: 6600 if (cqm) 6601 nlmsg_free(cqm); 6602 nlmsg_free(msg); 6603 return -1; 6604} 6605 6606 6607static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si) 6608{ 6609 struct i802_bss *bss = priv; 6610 struct wpa_driver_nl80211_data *drv = bss->drv; 6611 int res; 6612 6613 os_memset(si, 0, sizeof(*si)); 6614 res = nl80211_get_link_signal(drv, si); 6615 if (res != 0) 6616 return res; 6617 6618 return nl80211_get_link_noise(drv, si); 6619} 6620 6621 6622static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 6623 int encrypt) 6624{ 6625 struct i802_bss *bss = priv; 6626 struct wpa_driver_nl80211_data *drv = bss->drv; 6627 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt); 6628} 6629 6630 6631static int nl80211_set_intra_bss(void *priv, int enabled) 6632{ 6633 struct i802_bss *bss = priv; 6634 struct wpa_driver_nl80211_data *drv = bss->drv; 6635 struct nl_msg *msg; 6636 6637 msg = nlmsg_alloc(); 6638 if (!msg) 6639 return -ENOMEM; 6640 6641 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6642 NL80211_CMD_SET_BSS, 0); 6643 6644 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 6645 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, !enabled); 6646 6647 return send_and_recv_msgs(drv, msg, NULL, NULL); 6648 nla_put_failure: 6649 return -ENOBUFS; 6650} 6651 6652 6653static int nl80211_set_param(void *priv, const char *param) 6654{ 6655 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param); 6656 if (param == NULL) 6657 return 0; 6658 6659#ifdef CONFIG_P2P 6660 if (os_strstr(param, "use_p2p_group_interface=1")) { 6661 struct i802_bss *bss = priv; 6662 struct wpa_driver_nl80211_data *drv = bss->drv; 6663 6664 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 6665 "interface"); 6666 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 6667 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 6668 } 6669#endif /* CONFIG_P2P */ 6670 6671 return 0; 6672} 6673 6674 6675static void * nl80211_global_init(void) 6676{ 6677 struct nl80211_global *global; 6678 global = os_zalloc(sizeof(*global)); 6679 if (global == NULL) 6680 return NULL; 6681 dl_list_init(&global->interfaces); 6682 return global; 6683} 6684 6685 6686static void nl80211_global_deinit(void *priv) 6687{ 6688 struct nl80211_global *global = priv; 6689 if (global == NULL) 6690 return; 6691 if (!dl_list_empty(&global->interfaces)) { 6692 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at " 6693 "nl80211_global_deinit", 6694 dl_list_len(&global->interfaces)); 6695 } 6696 os_free(global); 6697} 6698 6699 6700static const char * nl80211_get_radio_name(void *priv) 6701{ 6702 struct i802_bss *bss = priv; 6703 struct wpa_driver_nl80211_data *drv = bss->drv; 6704 return drv->phyname; 6705} 6706 6707 6708static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid, 6709 const u8 *pmkid) 6710{ 6711 struct nl_msg *msg; 6712 6713 msg = nlmsg_alloc(); 6714 if (!msg) 6715 return -ENOMEM; 6716 6717 genlmsg_put(msg, 0, 0, genl_family_get_id(bss->drv->nl80211), 0, 0, 6718 cmd, 0); 6719 6720 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 6721 if (pmkid) 6722 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid); 6723 if (bssid) 6724 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 6725 6726 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 6727 nla_put_failure: 6728 return -ENOBUFS; 6729} 6730 6731 6732static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 6733{ 6734 struct i802_bss *bss = priv; 6735 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid)); 6736 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid); 6737} 6738 6739 6740static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 6741{ 6742 struct i802_bss *bss = priv; 6743 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR, 6744 MAC2STR(bssid)); 6745 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid); 6746} 6747 6748 6749static int nl80211_flush_pmkid(void *priv) 6750{ 6751 struct i802_bss *bss = priv; 6752 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs"); 6753 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL); 6754} 6755 6756 6757const struct wpa_driver_ops wpa_driver_nl80211_ops = { 6758 .name = "nl80211", 6759 .desc = "Linux nl80211/cfg80211", 6760 .get_bssid = wpa_driver_nl80211_get_bssid, 6761 .get_ssid = wpa_driver_nl80211_get_ssid, 6762 .set_key = wpa_driver_nl80211_set_key, 6763 .scan2 = wpa_driver_nl80211_scan, 6764 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 6765 .deauthenticate = wpa_driver_nl80211_deauthenticate, 6766 .disassociate = wpa_driver_nl80211_disassociate, 6767 .authenticate = wpa_driver_nl80211_authenticate, 6768 .associate = wpa_driver_nl80211_associate, 6769 .global_init = nl80211_global_init, 6770 .global_deinit = nl80211_global_deinit, 6771 .init2 = wpa_driver_nl80211_init, 6772 .deinit = wpa_driver_nl80211_deinit, 6773 .get_capa = wpa_driver_nl80211_get_capa, 6774 .set_operstate = wpa_driver_nl80211_set_operstate, 6775 .set_supp_port = wpa_driver_nl80211_set_supp_port, 6776 .set_country = wpa_driver_nl80211_set_country, 6777 .set_beacon = wpa_driver_nl80211_set_beacon, 6778 .if_add = wpa_driver_nl80211_if_add, 6779 .if_remove = wpa_driver_nl80211_if_remove, 6780 .send_mlme = wpa_driver_nl80211_send_mlme, 6781 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 6782 .sta_add = wpa_driver_nl80211_sta_add, 6783 .sta_remove = wpa_driver_nl80211_sta_remove, 6784 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 6785 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 6786#ifdef HOSTAPD 6787 .hapd_init = i802_init, 6788 .hapd_deinit = i802_deinit, 6789 .set_wds_sta = i802_set_wds_sta, 6790#endif /* HOSTAPD */ 6791#if defined(HOSTAPD) || defined(CONFIG_AP) 6792 .get_seqnum = i802_get_seqnum, 6793 .flush = i802_flush, 6794 .read_sta_data = i802_read_sta_data, 6795 .get_inact_sec = i802_get_inact_sec, 6796 .sta_clear_stats = i802_sta_clear_stats, 6797 .set_rts = i802_set_rts, 6798 .set_frag = i802_set_frag, 6799 .set_cts_protect = i802_set_cts_protect, 6800 .set_preamble = i802_set_preamble, 6801 .set_short_slot_time = i802_set_short_slot_time, 6802 .set_tx_queue_params = i802_set_tx_queue_params, 6803 .set_sta_vlan = i802_set_sta_vlan, 6804 .set_ht_params = i802_set_ht_params, 6805 .set_rate_sets = i802_set_rate_sets, 6806 .sta_deauth = i802_sta_deauth, 6807 .sta_disassoc = i802_sta_disassoc, 6808#endif /* HOSTAPD || CONFIG_AP */ 6809 .set_freq = i802_set_freq, 6810 .send_action = wpa_driver_nl80211_send_action, 6811 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait, 6812 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 6813 .cancel_remain_on_channel = 6814 wpa_driver_nl80211_cancel_remain_on_channel, 6815 .probe_req_report = wpa_driver_nl80211_probe_req_report, 6816 .disable_11b_rates = wpa_driver_nl80211_disable_11b_rates, 6817 .deinit_ap = wpa_driver_nl80211_deinit_ap, 6818 .resume = wpa_driver_nl80211_resume, 6819 .send_ft_action = nl80211_send_ft_action, 6820 .signal_monitor = nl80211_signal_monitor, 6821 .signal_poll = nl80211_signal_poll, 6822 .send_frame = nl80211_send_frame, 6823 .set_intra_bss = nl80211_set_intra_bss, 6824 .set_param = nl80211_set_param, 6825 .get_radio_name = nl80211_get_radio_name, 6826 .add_pmkid = nl80211_add_pmkid, 6827 .remove_pmkid = nl80211_remove_pmkid, 6828 .flush_pmkid = nl80211_flush_pmkid, 6829#ifdef ANDROID 6830 .driver_cmd = wpa_driver_nl80211_driver_cmd, 6831#endif 6832}; 6833