driver_nl80211.c revision 15907098d1f67c24bb000e593e279af173cf57d7
1/* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This software may be distributed under the terms of the BSD license. 10 * See README for more details. 11 */ 12 13#include "includes.h" 14#include <sys/ioctl.h> 15#include <sys/types.h> 16#include <sys/stat.h> 17#include <fcntl.h> 18#include <net/if.h> 19#include <netlink/genl/genl.h> 20#include <netlink/genl/family.h> 21#include <netlink/genl/ctrl.h> 22#include <linux/rtnetlink.h> 23#include <netpacket/packet.h> 24#include <linux/filter.h> 25#include <linux/errqueue.h> 26#include "nl80211_copy.h" 27 28#include "common.h" 29#include "eloop.h" 30#include "utils/list.h" 31#include "common/qca-vendor.h" 32#include "common/ieee802_11_defs.h" 33#include "common/ieee802_11_common.h" 34#include "l2_packet/l2_packet.h" 35#include "netlink.h" 36#include "linux_ioctl.h" 37#include "radiotap.h" 38#include "radiotap_iter.h" 39#include "rfkill.h" 40#include "driver.h" 41 42#ifndef SO_WIFI_STATUS 43# if defined(__sparc__) 44# define SO_WIFI_STATUS 0x0025 45# elif defined(__parisc__) 46# define SO_WIFI_STATUS 0x4022 47# else 48# define SO_WIFI_STATUS 41 49# endif 50 51# define SCM_WIFI_STATUS SO_WIFI_STATUS 52#endif 53 54#ifndef SO_EE_ORIGIN_TXSTATUS 55#define SO_EE_ORIGIN_TXSTATUS 4 56#endif 57 58#ifndef PACKET_TX_TIMESTAMP 59#define PACKET_TX_TIMESTAMP 16 60#endif 61 62#ifdef ANDROID 63#include "android_drv.h" 64#endif /* ANDROID */ 65#ifdef CONFIG_LIBNL20 66/* libnl 2.0 compatibility code */ 67#define nl_handle nl_sock 68#define nl80211_handle_alloc nl_socket_alloc_cb 69#define nl80211_handle_destroy nl_socket_free 70#else 71/* 72 * libnl 1.1 has a bug, it tries to allocate socket numbers densely 73 * but when you free a socket again it will mess up its bitmap and 74 * and use the wrong number the next time it needs a socket ID. 75 * Therefore, we wrap the handle alloc/destroy and add our own pid 76 * accounting. 77 */ 78static uint32_t port_bitmap[32] = { 0 }; 79 80static struct nl_handle *nl80211_handle_alloc(void *cb) 81{ 82 struct nl_handle *handle; 83 uint32_t pid = getpid() & 0x3FFFFF; 84 int i; 85 86 handle = nl_handle_alloc_cb(cb); 87 88 for (i = 0; i < 1024; i++) { 89 if (port_bitmap[i / 32] & (1 << (i % 32))) 90 continue; 91 port_bitmap[i / 32] |= 1 << (i % 32); 92 pid += i << 22; 93 break; 94 } 95 96 nl_socket_set_local_port(handle, pid); 97 98 return handle; 99} 100 101static void nl80211_handle_destroy(struct nl_handle *handle) 102{ 103 uint32_t port = nl_socket_get_local_port(handle); 104 105 port >>= 22; 106 port_bitmap[port / 32] &= ~(1 << (port % 32)); 107 108 nl_handle_destroy(handle); 109} 110#endif /* CONFIG_LIBNL20 */ 111 112 113#ifdef ANDROID 114/* system/core/libnl_2 does not include nl_socket_set_nonblocking() */ 115static int android_nl_socket_set_nonblocking(struct nl_handle *handle) 116{ 117 return fcntl(nl_socket_get_fd(handle), F_SETFL, O_NONBLOCK); 118} 119#undef nl_socket_set_nonblocking 120#define nl_socket_set_nonblocking(h) android_nl_socket_set_nonblocking(h) 121#endif /* ANDROID */ 122 123 124static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg) 125{ 126 struct nl_handle *handle; 127 128 handle = nl80211_handle_alloc(cb); 129 if (handle == NULL) { 130 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 131 "callbacks (%s)", dbg); 132 return NULL; 133 } 134 135 if (genl_connect(handle)) { 136 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 137 "netlink (%s)", dbg); 138 nl80211_handle_destroy(handle); 139 return NULL; 140 } 141 142 return handle; 143} 144 145 146static void nl_destroy_handles(struct nl_handle **handle) 147{ 148 if (*handle == NULL) 149 return; 150 nl80211_handle_destroy(*handle); 151 *handle = NULL; 152} 153 154 155#if __WORDSIZE == 64 156#define ELOOP_SOCKET_INVALID (intptr_t) 0x8888888888888889ULL 157#else 158#define ELOOP_SOCKET_INVALID (intptr_t) 0x88888889ULL 159#endif 160 161static void nl80211_register_eloop_read(struct nl_handle **handle, 162 eloop_sock_handler handler, 163 void *eloop_data) 164{ 165 nl_socket_set_nonblocking(*handle); 166 eloop_register_read_sock(nl_socket_get_fd(*handle), handler, 167 eloop_data, *handle); 168 *handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID); 169} 170 171 172static void nl80211_destroy_eloop_handle(struct nl_handle **handle) 173{ 174 *handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID); 175 eloop_unregister_read_sock(nl_socket_get_fd(*handle)); 176 nl_destroy_handles(handle); 177} 178 179 180#ifndef IFF_LOWER_UP 181#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 182#endif 183#ifndef IFF_DORMANT 184#define IFF_DORMANT 0x20000 /* driver signals dormant */ 185#endif 186 187#ifndef IF_OPER_DORMANT 188#define IF_OPER_DORMANT 5 189#endif 190#ifndef IF_OPER_UP 191#define IF_OPER_UP 6 192#endif 193 194struct nl80211_global { 195 struct dl_list interfaces; 196 int if_add_ifindex; 197 u64 if_add_wdevid; 198 int if_add_wdevid_set; 199 struct netlink_data *netlink; 200 struct nl_cb *nl_cb; 201 struct nl_handle *nl; 202 int nl80211_id; 203 int ioctl_sock; /* socket for ioctl() use */ 204 205 struct nl_handle *nl_event; 206}; 207 208struct nl80211_wiphy_data { 209 struct dl_list list; 210 struct dl_list bsss; 211 struct dl_list drvs; 212 213 struct nl_handle *nl_beacons; 214 struct nl_cb *nl_cb; 215 216 int wiphy_idx; 217}; 218 219static void nl80211_global_deinit(void *priv); 220 221struct i802_bss { 222 struct wpa_driver_nl80211_data *drv; 223 struct i802_bss *next; 224 int ifindex; 225 u64 wdev_id; 226 char ifname[IFNAMSIZ + 1]; 227 char brname[IFNAMSIZ]; 228 unsigned int beacon_set:1; 229 unsigned int added_if_into_bridge:1; 230 unsigned int added_bridge:1; 231 unsigned int in_deinit:1; 232 unsigned int wdev_id_set:1; 233 unsigned int added_if:1; 234 235 u8 addr[ETH_ALEN]; 236 237 int freq; 238 int if_dynamic; 239 240 void *ctx; 241 struct nl_handle *nl_preq, *nl_mgmt; 242 struct nl_cb *nl_cb; 243 244 struct nl80211_wiphy_data *wiphy_data; 245 struct dl_list wiphy_list; 246}; 247 248struct wpa_driver_nl80211_data { 249 struct nl80211_global *global; 250 struct dl_list list; 251 struct dl_list wiphy_list; 252 char phyname[32]; 253 void *ctx; 254 int ifindex; 255 int if_removed; 256 int if_disabled; 257 int ignore_if_down_event; 258 struct rfkill_data *rfkill; 259 struct wpa_driver_capa capa; 260 u8 *extended_capa, *extended_capa_mask; 261 unsigned int extended_capa_len; 262 int has_capability; 263 264 int operstate; 265 266 int scan_complete_events; 267 enum scan_states { 268 NO_SCAN, SCAN_REQUESTED, SCAN_STARTED, SCAN_COMPLETED, 269 SCAN_ABORTED, SCHED_SCAN_STARTED, SCHED_SCAN_STOPPED, 270 SCHED_SCAN_RESULTS 271 } scan_state; 272 273 struct nl_cb *nl_cb; 274 275 u8 auth_bssid[ETH_ALEN]; 276 u8 auth_attempt_bssid[ETH_ALEN]; 277 u8 bssid[ETH_ALEN]; 278 u8 prev_bssid[ETH_ALEN]; 279 int associated; 280 u8 ssid[32]; 281 size_t ssid_len; 282 enum nl80211_iftype nlmode; 283 enum nl80211_iftype ap_scan_as_station; 284 unsigned int assoc_freq; 285 286 int monitor_sock; 287 int monitor_ifidx; 288 int monitor_refcount; 289 290 unsigned int disabled_11b_rates:1; 291 unsigned int pending_remain_on_chan:1; 292 unsigned int in_interface_list:1; 293 unsigned int device_ap_sme:1; 294 unsigned int poll_command_supported:1; 295 unsigned int data_tx_status:1; 296 unsigned int scan_for_auth:1; 297 unsigned int retry_auth:1; 298 unsigned int use_monitor:1; 299 unsigned int ignore_next_local_disconnect:1; 300 unsigned int allow_p2p_device:1; 301 unsigned int hostapd:1; 302 unsigned int start_mode_ap:1; 303 unsigned int start_iface_up:1; 304 unsigned int test_use_roc_tx:1; 305 unsigned int ignore_deauth_event:1; 306 unsigned int dfs_vendor_cmd_avail:1; 307 308 u64 remain_on_chan_cookie; 309 u64 send_action_cookie; 310 311 unsigned int last_mgmt_freq; 312 313 struct wpa_driver_scan_filter *filter_ssids; 314 size_t num_filter_ssids; 315 316 struct i802_bss *first_bss; 317 318 int eapol_tx_sock; 319 320 int eapol_sock; /* socket for EAPOL frames */ 321 322 int default_if_indices[16]; 323 int *if_indices; 324 int num_if_indices; 325 326 /* From failed authentication command */ 327 int auth_freq; 328 u8 auth_bssid_[ETH_ALEN]; 329 u8 auth_ssid[32]; 330 size_t auth_ssid_len; 331 int auth_alg; 332 u8 *auth_ie; 333 size_t auth_ie_len; 334 u8 auth_wep_key[4][16]; 335 size_t auth_wep_key_len[4]; 336 int auth_wep_tx_keyidx; 337 int auth_local_state_change; 338 int auth_p2p; 339}; 340 341 342static void wpa_driver_nl80211_deinit(struct i802_bss *bss); 343static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 344 void *timeout_ctx); 345static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 346 enum nl80211_iftype nlmode); 347static int 348wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv, 349 const u8 *set_addr, int first); 350static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 351 const u8 *addr, int cmd, u16 reason_code, 352 int local_state_change); 353static void nl80211_remove_monitor_interface( 354 struct wpa_driver_nl80211_data *drv); 355static int nl80211_send_frame_cmd(struct i802_bss *bss, 356 unsigned int freq, unsigned int wait, 357 const u8 *buf, size_t buf_len, u64 *cookie, 358 int no_cck, int no_ack, int offchanok); 359static int nl80211_register_frame(struct i802_bss *bss, 360 struct nl_handle *hl_handle, 361 u16 type, const u8 *match, size_t match_len); 362static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, 363 int report); 364#ifdef ANDROID 365static int android_pno_start(struct i802_bss *bss, 366 struct wpa_driver_scan_params *params); 367static int android_pno_stop(struct i802_bss *bss); 368extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf, 369 size_t buf_len); 370#endif /* ANDROID */ 371#ifdef ANDROID_P2P 372int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration); 373int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len); 374int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow); 375int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon, 376 const struct wpabuf *proberesp, 377 const struct wpabuf *assocresp); 378#endif /* ANDROID_P2P */ 379 380static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 381static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 382static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 383static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, 384 enum wpa_driver_if_type type, 385 const char *ifname); 386 387static int wpa_driver_nl80211_set_freq(struct i802_bss *bss, 388 struct hostapd_freq_params *freq); 389static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 390 int ifindex, int disabled); 391 392static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv); 393static int wpa_driver_nl80211_authenticate_retry( 394 struct wpa_driver_nl80211_data *drv); 395 396static int i802_set_iface_flags(struct i802_bss *bss, int up); 397 398 399static const char * nl80211_command_to_string(enum nl80211_commands cmd) 400{ 401#define C2S(x) case x: return #x; 402 switch (cmd) { 403 C2S(NL80211_CMD_UNSPEC) 404 C2S(NL80211_CMD_GET_WIPHY) 405 C2S(NL80211_CMD_SET_WIPHY) 406 C2S(NL80211_CMD_NEW_WIPHY) 407 C2S(NL80211_CMD_DEL_WIPHY) 408 C2S(NL80211_CMD_GET_INTERFACE) 409 C2S(NL80211_CMD_SET_INTERFACE) 410 C2S(NL80211_CMD_NEW_INTERFACE) 411 C2S(NL80211_CMD_DEL_INTERFACE) 412 C2S(NL80211_CMD_GET_KEY) 413 C2S(NL80211_CMD_SET_KEY) 414 C2S(NL80211_CMD_NEW_KEY) 415 C2S(NL80211_CMD_DEL_KEY) 416 C2S(NL80211_CMD_GET_BEACON) 417 C2S(NL80211_CMD_SET_BEACON) 418 C2S(NL80211_CMD_START_AP) 419 C2S(NL80211_CMD_STOP_AP) 420 C2S(NL80211_CMD_GET_STATION) 421 C2S(NL80211_CMD_SET_STATION) 422 C2S(NL80211_CMD_NEW_STATION) 423 C2S(NL80211_CMD_DEL_STATION) 424 C2S(NL80211_CMD_GET_MPATH) 425 C2S(NL80211_CMD_SET_MPATH) 426 C2S(NL80211_CMD_NEW_MPATH) 427 C2S(NL80211_CMD_DEL_MPATH) 428 C2S(NL80211_CMD_SET_BSS) 429 C2S(NL80211_CMD_SET_REG) 430 C2S(NL80211_CMD_REQ_SET_REG) 431 C2S(NL80211_CMD_GET_MESH_CONFIG) 432 C2S(NL80211_CMD_SET_MESH_CONFIG) 433 C2S(NL80211_CMD_SET_MGMT_EXTRA_IE) 434 C2S(NL80211_CMD_GET_REG) 435 C2S(NL80211_CMD_GET_SCAN) 436 C2S(NL80211_CMD_TRIGGER_SCAN) 437 C2S(NL80211_CMD_NEW_SCAN_RESULTS) 438 C2S(NL80211_CMD_SCAN_ABORTED) 439 C2S(NL80211_CMD_REG_CHANGE) 440 C2S(NL80211_CMD_AUTHENTICATE) 441 C2S(NL80211_CMD_ASSOCIATE) 442 C2S(NL80211_CMD_DEAUTHENTICATE) 443 C2S(NL80211_CMD_DISASSOCIATE) 444 C2S(NL80211_CMD_MICHAEL_MIC_FAILURE) 445 C2S(NL80211_CMD_REG_BEACON_HINT) 446 C2S(NL80211_CMD_JOIN_IBSS) 447 C2S(NL80211_CMD_LEAVE_IBSS) 448 C2S(NL80211_CMD_TESTMODE) 449 C2S(NL80211_CMD_CONNECT) 450 C2S(NL80211_CMD_ROAM) 451 C2S(NL80211_CMD_DISCONNECT) 452 C2S(NL80211_CMD_SET_WIPHY_NETNS) 453 C2S(NL80211_CMD_GET_SURVEY) 454 C2S(NL80211_CMD_NEW_SURVEY_RESULTS) 455 C2S(NL80211_CMD_SET_PMKSA) 456 C2S(NL80211_CMD_DEL_PMKSA) 457 C2S(NL80211_CMD_FLUSH_PMKSA) 458 C2S(NL80211_CMD_REMAIN_ON_CHANNEL) 459 C2S(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL) 460 C2S(NL80211_CMD_SET_TX_BITRATE_MASK) 461 C2S(NL80211_CMD_REGISTER_FRAME) 462 C2S(NL80211_CMD_FRAME) 463 C2S(NL80211_CMD_FRAME_TX_STATUS) 464 C2S(NL80211_CMD_SET_POWER_SAVE) 465 C2S(NL80211_CMD_GET_POWER_SAVE) 466 C2S(NL80211_CMD_SET_CQM) 467 C2S(NL80211_CMD_NOTIFY_CQM) 468 C2S(NL80211_CMD_SET_CHANNEL) 469 C2S(NL80211_CMD_SET_WDS_PEER) 470 C2S(NL80211_CMD_FRAME_WAIT_CANCEL) 471 C2S(NL80211_CMD_JOIN_MESH) 472 C2S(NL80211_CMD_LEAVE_MESH) 473 C2S(NL80211_CMD_UNPROT_DEAUTHENTICATE) 474 C2S(NL80211_CMD_UNPROT_DISASSOCIATE) 475 C2S(NL80211_CMD_NEW_PEER_CANDIDATE) 476 C2S(NL80211_CMD_GET_WOWLAN) 477 C2S(NL80211_CMD_SET_WOWLAN) 478 C2S(NL80211_CMD_START_SCHED_SCAN) 479 C2S(NL80211_CMD_STOP_SCHED_SCAN) 480 C2S(NL80211_CMD_SCHED_SCAN_RESULTS) 481 C2S(NL80211_CMD_SCHED_SCAN_STOPPED) 482 C2S(NL80211_CMD_SET_REKEY_OFFLOAD) 483 C2S(NL80211_CMD_PMKSA_CANDIDATE) 484 C2S(NL80211_CMD_TDLS_OPER) 485 C2S(NL80211_CMD_TDLS_MGMT) 486 C2S(NL80211_CMD_UNEXPECTED_FRAME) 487 C2S(NL80211_CMD_PROBE_CLIENT) 488 C2S(NL80211_CMD_REGISTER_BEACONS) 489 C2S(NL80211_CMD_UNEXPECTED_4ADDR_FRAME) 490 C2S(NL80211_CMD_SET_NOACK_MAP) 491 C2S(NL80211_CMD_CH_SWITCH_NOTIFY) 492 C2S(NL80211_CMD_START_P2P_DEVICE) 493 C2S(NL80211_CMD_STOP_P2P_DEVICE) 494 C2S(NL80211_CMD_CONN_FAILED) 495 C2S(NL80211_CMD_SET_MCAST_RATE) 496 C2S(NL80211_CMD_SET_MAC_ACL) 497 C2S(NL80211_CMD_RADAR_DETECT) 498 C2S(NL80211_CMD_GET_PROTOCOL_FEATURES) 499 C2S(NL80211_CMD_UPDATE_FT_IES) 500 C2S(NL80211_CMD_FT_EVENT) 501 C2S(NL80211_CMD_CRIT_PROTOCOL_START) 502 C2S(NL80211_CMD_CRIT_PROTOCOL_STOP) 503 C2S(NL80211_CMD_GET_COALESCE) 504 C2S(NL80211_CMD_SET_COALESCE) 505 C2S(NL80211_CMD_CHANNEL_SWITCH) 506 C2S(NL80211_CMD_VENDOR) 507 C2S(NL80211_CMD_SET_QOS_MAP) 508 default: 509 return "NL80211_CMD_UNKNOWN"; 510 } 511#undef C2S 512} 513 514 515/* Converts nl80211_chan_width to a common format */ 516static enum chan_width convert2width(int width) 517{ 518 switch (width) { 519 case NL80211_CHAN_WIDTH_20_NOHT: 520 return CHAN_WIDTH_20_NOHT; 521 case NL80211_CHAN_WIDTH_20: 522 return CHAN_WIDTH_20; 523 case NL80211_CHAN_WIDTH_40: 524 return CHAN_WIDTH_40; 525 case NL80211_CHAN_WIDTH_80: 526 return CHAN_WIDTH_80; 527 case NL80211_CHAN_WIDTH_80P80: 528 return CHAN_WIDTH_80P80; 529 case NL80211_CHAN_WIDTH_160: 530 return CHAN_WIDTH_160; 531 } 532 return CHAN_WIDTH_UNKNOWN; 533} 534 535 536static int is_ap_interface(enum nl80211_iftype nlmode) 537{ 538 return (nlmode == NL80211_IFTYPE_AP || 539 nlmode == NL80211_IFTYPE_P2P_GO); 540} 541 542 543static int is_sta_interface(enum nl80211_iftype nlmode) 544{ 545 return (nlmode == NL80211_IFTYPE_STATION || 546 nlmode == NL80211_IFTYPE_P2P_CLIENT); 547} 548 549 550static int is_p2p_net_interface(enum nl80211_iftype nlmode) 551{ 552 return (nlmode == NL80211_IFTYPE_P2P_CLIENT || 553 nlmode == NL80211_IFTYPE_P2P_GO); 554} 555 556 557static void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv) 558{ 559 if (drv->associated) 560 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 561 drv->associated = 0; 562 os_memset(drv->bssid, 0, ETH_ALEN); 563} 564 565 566struct nl80211_bss_info_arg { 567 struct wpa_driver_nl80211_data *drv; 568 struct wpa_scan_results *res; 569 unsigned int assoc_freq; 570 u8 assoc_bssid[ETH_ALEN]; 571}; 572 573static int bss_info_handler(struct nl_msg *msg, void *arg); 574 575 576/* nl80211 code */ 577static int ack_handler(struct nl_msg *msg, void *arg) 578{ 579 int *err = arg; 580 *err = 0; 581 return NL_STOP; 582} 583 584static int finish_handler(struct nl_msg *msg, void *arg) 585{ 586 int *ret = arg; 587 *ret = 0; 588 return NL_SKIP; 589} 590 591static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 592 void *arg) 593{ 594 int *ret = arg; 595 *ret = err->error; 596 return NL_SKIP; 597} 598 599 600static int no_seq_check(struct nl_msg *msg, void *arg) 601{ 602 return NL_OK; 603} 604 605 606static int send_and_recv(struct nl80211_global *global, 607 struct nl_handle *nl_handle, struct nl_msg *msg, 608 int (*valid_handler)(struct nl_msg *, void *), 609 void *valid_data) 610{ 611 struct nl_cb *cb; 612 int err = -ENOMEM; 613 614 cb = nl_cb_clone(global->nl_cb); 615 if (!cb) 616 goto out; 617 618 err = nl_send_auto_complete(nl_handle, msg); 619 if (err < 0) 620 goto out; 621 622 err = 1; 623 624 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 625 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 626 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 627 628 if (valid_handler) 629 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 630 valid_handler, valid_data); 631 632 while (err > 0) { 633 int res = nl_recvmsgs(nl_handle, cb); 634 if (res) { 635 wpa_printf(MSG_INFO, 636 "nl80211: %s->nl_recvmsgs failed: %d", 637 __func__, res); 638 } 639 } 640 out: 641 nl_cb_put(cb); 642 nlmsg_free(msg); 643 return err; 644} 645 646 647static int send_and_recv_msgs_global(struct nl80211_global *global, 648 struct nl_msg *msg, 649 int (*valid_handler)(struct nl_msg *, void *), 650 void *valid_data) 651{ 652 return send_and_recv(global, global->nl, msg, valid_handler, 653 valid_data); 654} 655 656 657static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 658 struct nl_msg *msg, 659 int (*valid_handler)(struct nl_msg *, void *), 660 void *valid_data) 661{ 662 return send_and_recv(drv->global, drv->global->nl, msg, 663 valid_handler, valid_data); 664} 665 666 667struct family_data { 668 const char *group; 669 int id; 670}; 671 672 673static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss) 674{ 675 if (bss->wdev_id_set) 676 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 677 else 678 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 679 return 0; 680 681nla_put_failure: 682 return -1; 683} 684 685 686static int family_handler(struct nl_msg *msg, void *arg) 687{ 688 struct family_data *res = arg; 689 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 690 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 691 struct nlattr *mcgrp; 692 int i; 693 694 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 695 genlmsg_attrlen(gnlh, 0), NULL); 696 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 697 return NL_SKIP; 698 699 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 700 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 701 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 702 nla_len(mcgrp), NULL); 703 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 704 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 705 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 706 res->group, 707 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 708 continue; 709 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 710 break; 711 }; 712 713 return NL_SKIP; 714} 715 716 717static int nl_get_multicast_id(struct nl80211_global *global, 718 const char *family, const char *group) 719{ 720 struct nl_msg *msg; 721 int ret = -1; 722 struct family_data res = { group, -ENOENT }; 723 724 msg = nlmsg_alloc(); 725 if (!msg) 726 return -ENOMEM; 727 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"), 728 0, 0, CTRL_CMD_GETFAMILY, 0); 729 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 730 731 ret = send_and_recv_msgs_global(global, msg, family_handler, &res); 732 msg = NULL; 733 if (ret == 0) 734 ret = res.id; 735 736nla_put_failure: 737 nlmsg_free(msg); 738 return ret; 739} 740 741 742static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv, 743 struct nl_msg *msg, int flags, uint8_t cmd) 744{ 745 return genlmsg_put(msg, 0, 0, drv->global->nl80211_id, 746 0, flags, cmd, 0); 747} 748 749 750struct wiphy_idx_data { 751 int wiphy_idx; 752 enum nl80211_iftype nlmode; 753 u8 *macaddr; 754}; 755 756 757static int netdev_info_handler(struct nl_msg *msg, void *arg) 758{ 759 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 760 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 761 struct wiphy_idx_data *info = arg; 762 763 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 764 genlmsg_attrlen(gnlh, 0), NULL); 765 766 if (tb[NL80211_ATTR_WIPHY]) 767 info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 768 769 if (tb[NL80211_ATTR_IFTYPE]) 770 info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]); 771 772 if (tb[NL80211_ATTR_MAC] && info->macaddr) 773 os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]), 774 ETH_ALEN); 775 776 return NL_SKIP; 777} 778 779 780static int nl80211_get_wiphy_index(struct i802_bss *bss) 781{ 782 struct nl_msg *msg; 783 struct wiphy_idx_data data = { 784 .wiphy_idx = -1, 785 .macaddr = NULL, 786 }; 787 788 msg = nlmsg_alloc(); 789 if (!msg) 790 return NL80211_IFTYPE_UNSPECIFIED; 791 792 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 793 794 if (nl80211_set_iface_id(msg, bss) < 0) 795 goto nla_put_failure; 796 797 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 798 return data.wiphy_idx; 799 msg = NULL; 800nla_put_failure: 801 nlmsg_free(msg); 802 return -1; 803} 804 805 806static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss) 807{ 808 struct nl_msg *msg; 809 struct wiphy_idx_data data = { 810 .nlmode = NL80211_IFTYPE_UNSPECIFIED, 811 .macaddr = NULL, 812 }; 813 814 msg = nlmsg_alloc(); 815 if (!msg) 816 return -1; 817 818 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 819 820 if (nl80211_set_iface_id(msg, bss) < 0) 821 goto nla_put_failure; 822 823 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 824 return data.nlmode; 825 msg = NULL; 826nla_put_failure: 827 nlmsg_free(msg); 828 return NL80211_IFTYPE_UNSPECIFIED; 829} 830 831 832static int nl80211_get_macaddr(struct i802_bss *bss) 833{ 834 struct nl_msg *msg; 835 struct wiphy_idx_data data = { 836 .macaddr = bss->addr, 837 }; 838 839 msg = nlmsg_alloc(); 840 if (!msg) 841 return NL80211_IFTYPE_UNSPECIFIED; 842 843 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 844 if (nl80211_set_iface_id(msg, bss) < 0) 845 goto nla_put_failure; 846 847 return send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data); 848 849nla_put_failure: 850 nlmsg_free(msg); 851 return NL80211_IFTYPE_UNSPECIFIED; 852} 853 854 855static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv, 856 struct nl80211_wiphy_data *w) 857{ 858 struct nl_msg *msg; 859 int ret = -1; 860 861 msg = nlmsg_alloc(); 862 if (!msg) 863 return -1; 864 865 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS); 866 867 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx); 868 869 ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL); 870 msg = NULL; 871 if (ret) { 872 wpa_printf(MSG_DEBUG, "nl80211: Register beacons command " 873 "failed: ret=%d (%s)", 874 ret, strerror(-ret)); 875 goto nla_put_failure; 876 } 877 ret = 0; 878nla_put_failure: 879 nlmsg_free(msg); 880 return ret; 881} 882 883 884static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle) 885{ 886 struct nl80211_wiphy_data *w = eloop_ctx; 887 int res; 888 889 wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available"); 890 891 res = nl_recvmsgs(handle, w->nl_cb); 892 if (res) { 893 wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d", 894 __func__, res); 895 } 896} 897 898 899static int process_beacon_event(struct nl_msg *msg, void *arg) 900{ 901 struct nl80211_wiphy_data *w = arg; 902 struct wpa_driver_nl80211_data *drv; 903 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 904 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 905 union wpa_event_data event; 906 907 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 908 genlmsg_attrlen(gnlh, 0), NULL); 909 910 if (gnlh->cmd != NL80211_CMD_FRAME) { 911 wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)", 912 gnlh->cmd); 913 return NL_SKIP; 914 } 915 916 if (!tb[NL80211_ATTR_FRAME]) 917 return NL_SKIP; 918 919 dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data, 920 wiphy_list) { 921 os_memset(&event, 0, sizeof(event)); 922 event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]); 923 event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]); 924 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 925 } 926 927 return NL_SKIP; 928} 929 930 931static struct nl80211_wiphy_data * 932nl80211_get_wiphy_data_ap(struct i802_bss *bss) 933{ 934 static DEFINE_DL_LIST(nl80211_wiphys); 935 struct nl80211_wiphy_data *w; 936 int wiphy_idx, found = 0; 937 struct i802_bss *tmp_bss; 938 939 if (bss->wiphy_data != NULL) 940 return bss->wiphy_data; 941 942 wiphy_idx = nl80211_get_wiphy_index(bss); 943 944 dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) { 945 if (w->wiphy_idx == wiphy_idx) 946 goto add; 947 } 948 949 /* alloc new one */ 950 w = os_zalloc(sizeof(*w)); 951 if (w == NULL) 952 return NULL; 953 w->wiphy_idx = wiphy_idx; 954 dl_list_init(&w->bsss); 955 dl_list_init(&w->drvs); 956 957 w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 958 if (!w->nl_cb) { 959 os_free(w); 960 return NULL; 961 } 962 nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 963 nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event, 964 w); 965 966 w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb, 967 "wiphy beacons"); 968 if (w->nl_beacons == NULL) { 969 os_free(w); 970 return NULL; 971 } 972 973 if (nl80211_register_beacons(bss->drv, w)) { 974 nl_destroy_handles(&w->nl_beacons); 975 os_free(w); 976 return NULL; 977 } 978 979 nl80211_register_eloop_read(&w->nl_beacons, nl80211_recv_beacons, w); 980 981 dl_list_add(&nl80211_wiphys, &w->list); 982 983add: 984 /* drv entry for this bss already there? */ 985 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 986 if (tmp_bss->drv == bss->drv) { 987 found = 1; 988 break; 989 } 990 } 991 /* if not add it */ 992 if (!found) 993 dl_list_add(&w->drvs, &bss->drv->wiphy_list); 994 995 dl_list_add(&w->bsss, &bss->wiphy_list); 996 bss->wiphy_data = w; 997 return w; 998} 999 1000 1001static void nl80211_put_wiphy_data_ap(struct i802_bss *bss) 1002{ 1003 struct nl80211_wiphy_data *w = bss->wiphy_data; 1004 struct i802_bss *tmp_bss; 1005 int found = 0; 1006 1007 if (w == NULL) 1008 return; 1009 bss->wiphy_data = NULL; 1010 dl_list_del(&bss->wiphy_list); 1011 1012 /* still any for this drv present? */ 1013 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 1014 if (tmp_bss->drv == bss->drv) { 1015 found = 1; 1016 break; 1017 } 1018 } 1019 /* if not remove it */ 1020 if (!found) 1021 dl_list_del(&bss->drv->wiphy_list); 1022 1023 if (!dl_list_empty(&w->bsss)) 1024 return; 1025 1026 nl80211_destroy_eloop_handle(&w->nl_beacons); 1027 1028 nl_cb_put(w->nl_cb); 1029 dl_list_del(&w->list); 1030 os_free(w); 1031} 1032 1033 1034static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 1035{ 1036 struct i802_bss *bss = priv; 1037 struct wpa_driver_nl80211_data *drv = bss->drv; 1038 if (!drv->associated) 1039 return -1; 1040 os_memcpy(bssid, drv->bssid, ETH_ALEN); 1041 return 0; 1042} 1043 1044 1045static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 1046{ 1047 struct i802_bss *bss = priv; 1048 struct wpa_driver_nl80211_data *drv = bss->drv; 1049 if (!drv->associated) 1050 return -1; 1051 os_memcpy(ssid, drv->ssid, drv->ssid_len); 1052 return drv->ssid_len; 1053} 1054 1055 1056static void wpa_driver_nl80211_event_newlink( 1057 struct wpa_driver_nl80211_data *drv, char *ifname) 1058{ 1059 union wpa_event_data event; 1060 1061 if (os_strcmp(drv->first_bss->ifname, ifname) == 0) { 1062 if (if_nametoindex(drv->first_bss->ifname) == 0) { 1063 wpa_printf(MSG_DEBUG, "nl80211: Interface %s does not exist - ignore RTM_NEWLINK", 1064 drv->first_bss->ifname); 1065 return; 1066 } 1067 if (!drv->if_removed) 1068 return; 1069 wpa_printf(MSG_DEBUG, "nl80211: Mark if_removed=0 for %s based on RTM_NEWLINK event", 1070 drv->first_bss->ifname); 1071 drv->if_removed = 0; 1072 } 1073 1074 os_memset(&event, 0, sizeof(event)); 1075 os_strlcpy(event.interface_status.ifname, ifname, 1076 sizeof(event.interface_status.ifname)); 1077 event.interface_status.ievent = EVENT_INTERFACE_ADDED; 1078 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 1079} 1080 1081 1082static void wpa_driver_nl80211_event_dellink( 1083 struct wpa_driver_nl80211_data *drv, char *ifname) 1084{ 1085 union wpa_event_data event; 1086 1087 if (os_strcmp(drv->first_bss->ifname, ifname) == 0) { 1088 if (drv->if_removed) { 1089 wpa_printf(MSG_DEBUG, "nl80211: if_removed already set - ignore RTM_DELLINK event for %s", 1090 ifname); 1091 return; 1092 } 1093 wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed - mark if_removed=1", 1094 ifname); 1095 drv->if_removed = 1; 1096 } else { 1097 wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed", 1098 ifname); 1099 } 1100 1101 os_memset(&event, 0, sizeof(event)); 1102 os_strlcpy(event.interface_status.ifname, ifname, 1103 sizeof(event.interface_status.ifname)); 1104 event.interface_status.ievent = EVENT_INTERFACE_REMOVED; 1105 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 1106} 1107 1108 1109static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 1110 u8 *buf, size_t len) 1111{ 1112 int attrlen, rta_len; 1113 struct rtattr *attr; 1114 1115 attrlen = len; 1116 attr = (struct rtattr *) buf; 1117 1118 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 1119 while (RTA_OK(attr, attrlen)) { 1120 if (attr->rta_type == IFLA_IFNAME) { 1121 if (os_strcmp(((char *) attr) + rta_len, 1122 drv->first_bss->ifname) == 0) 1123 return 1; 1124 else 1125 break; 1126 } 1127 attr = RTA_NEXT(attr, attrlen); 1128 } 1129 1130 return 0; 1131} 1132 1133 1134static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 1135 int ifindex, u8 *buf, size_t len) 1136{ 1137 if (drv->ifindex == ifindex) 1138 return 1; 1139 1140 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 1141 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 1142 "interface"); 1143 wpa_driver_nl80211_finish_drv_init(drv, NULL, 0); 1144 return 1; 1145 } 1146 1147 return 0; 1148} 1149 1150 1151static struct wpa_driver_nl80211_data * 1152nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len) 1153{ 1154 struct wpa_driver_nl80211_data *drv; 1155 dl_list_for_each(drv, &global->interfaces, 1156 struct wpa_driver_nl80211_data, list) { 1157 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) || 1158 have_ifidx(drv, idx)) 1159 return drv; 1160 } 1161 return NULL; 1162} 1163 1164 1165static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 1166 struct ifinfomsg *ifi, 1167 u8 *buf, size_t len) 1168{ 1169 struct nl80211_global *global = ctx; 1170 struct wpa_driver_nl80211_data *drv; 1171 int attrlen; 1172 struct rtattr *attr; 1173 u32 brid = 0; 1174 char namebuf[IFNAMSIZ]; 1175 char ifname[IFNAMSIZ + 1]; 1176 char extra[100], *pos, *end; 1177 1178 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 1179 if (!drv) { 1180 wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_NEWLINK event for foreign ifindex %d", 1181 ifi->ifi_index); 1182 return; 1183 } 1184 1185 extra[0] = '\0'; 1186 pos = extra; 1187 end = pos + sizeof(extra); 1188 ifname[0] = '\0'; 1189 1190 attrlen = len; 1191 attr = (struct rtattr *) buf; 1192 while (RTA_OK(attr, attrlen)) { 1193 switch (attr->rta_type) { 1194 case IFLA_IFNAME: 1195 if (RTA_PAYLOAD(attr) >= IFNAMSIZ) 1196 break; 1197 os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); 1198 ifname[RTA_PAYLOAD(attr)] = '\0'; 1199 break; 1200 case IFLA_MASTER: 1201 brid = nla_get_u32((struct nlattr *) attr); 1202 pos += os_snprintf(pos, end - pos, " master=%u", brid); 1203 break; 1204 case IFLA_WIRELESS: 1205 pos += os_snprintf(pos, end - pos, " wext"); 1206 break; 1207 case IFLA_OPERSTATE: 1208 pos += os_snprintf(pos, end - pos, " operstate=%u", 1209 nla_get_u32((struct nlattr *) attr)); 1210 break; 1211 case IFLA_LINKMODE: 1212 pos += os_snprintf(pos, end - pos, " linkmode=%u", 1213 nla_get_u32((struct nlattr *) attr)); 1214 break; 1215 } 1216 attr = RTA_NEXT(attr, attrlen); 1217 } 1218 extra[sizeof(extra) - 1] = '\0'; 1219 1220 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: ifi_index=%d ifname=%s%s ifi_flags=0x%x (%s%s%s%s)", 1221 ifi->ifi_index, ifname, extra, ifi->ifi_flags, 1222 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 1223 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 1224 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 1225 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 1226 1227 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 1228 if (if_indextoname(ifi->ifi_index, namebuf) && 1229 linux_iface_up(drv->global->ioctl_sock, 1230 drv->first_bss->ifname) > 0) { 1231 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 1232 "event since interface %s is up", namebuf); 1233 return; 1234 } 1235 wpa_printf(MSG_DEBUG, "nl80211: Interface down"); 1236 if (drv->ignore_if_down_event) { 1237 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 1238 "event generated by mode change"); 1239 drv->ignore_if_down_event = 0; 1240 } else { 1241 drv->if_disabled = 1; 1242 wpa_supplicant_event(drv->ctx, 1243 EVENT_INTERFACE_DISABLED, NULL); 1244 1245 /* 1246 * Try to get drv again, since it may be removed as 1247 * part of the EVENT_INTERFACE_DISABLED handling for 1248 * dynamic interfaces 1249 */ 1250 drv = nl80211_find_drv(global, ifi->ifi_index, 1251 buf, len); 1252 if (!drv) 1253 return; 1254 } 1255 } 1256 1257 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 1258 if (if_indextoname(ifi->ifi_index, namebuf) && 1259 linux_iface_up(drv->global->ioctl_sock, 1260 drv->first_bss->ifname) == 0) { 1261 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1262 "event since interface %s is down", 1263 namebuf); 1264 } else if (if_nametoindex(drv->first_bss->ifname) == 0) { 1265 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1266 "event since interface %s does not exist", 1267 drv->first_bss->ifname); 1268 } else if (drv->if_removed) { 1269 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1270 "event since interface %s is marked " 1271 "removed", drv->first_bss->ifname); 1272 } else { 1273 wpa_printf(MSG_DEBUG, "nl80211: Interface up"); 1274 drv->if_disabled = 0; 1275 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, 1276 NULL); 1277 } 1278 } 1279 1280 /* 1281 * Some drivers send the association event before the operup event--in 1282 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 1283 * fails. This will hit us when wpa_supplicant does not need to do 1284 * IEEE 802.1X authentication 1285 */ 1286 if (drv->operstate == 1 && 1287 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 1288 !(ifi->ifi_flags & IFF_RUNNING)) { 1289 wpa_printf(MSG_DEBUG, "nl80211: Set IF_OPER_UP again based on ifi_flags and expected operstate"); 1290 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 1291 -1, IF_OPER_UP); 1292 } 1293 1294 if (ifname[0]) 1295 wpa_driver_nl80211_event_newlink(drv, ifname); 1296 1297 if (ifi->ifi_family == AF_BRIDGE && brid) { 1298 /* device has been added to bridge */ 1299 if_indextoname(brid, namebuf); 1300 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 1301 brid, namebuf); 1302 add_ifidx(drv, brid); 1303 } 1304} 1305 1306 1307static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 1308 struct ifinfomsg *ifi, 1309 u8 *buf, size_t len) 1310{ 1311 struct nl80211_global *global = ctx; 1312 struct wpa_driver_nl80211_data *drv; 1313 int attrlen; 1314 struct rtattr *attr; 1315 u32 brid = 0; 1316 char ifname[IFNAMSIZ + 1]; 1317 1318 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 1319 if (!drv) { 1320 wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_DELLINK event for foreign ifindex %d", 1321 ifi->ifi_index); 1322 return; 1323 } 1324 1325 ifname[0] = '\0'; 1326 1327 attrlen = len; 1328 attr = (struct rtattr *) buf; 1329 while (RTA_OK(attr, attrlen)) { 1330 switch (attr->rta_type) { 1331 case IFLA_IFNAME: 1332 if (RTA_PAYLOAD(attr) >= IFNAMSIZ) 1333 break; 1334 os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); 1335 ifname[RTA_PAYLOAD(attr)] = '\0'; 1336 break; 1337 case IFLA_MASTER: 1338 brid = nla_get_u32((struct nlattr *) attr); 1339 break; 1340 } 1341 attr = RTA_NEXT(attr, attrlen); 1342 } 1343 1344 if (ifname[0]) 1345 wpa_driver_nl80211_event_dellink(drv, ifname); 1346 1347 if (ifi->ifi_family == AF_BRIDGE && brid) { 1348 /* device has been removed from bridge */ 1349 char namebuf[IFNAMSIZ]; 1350 if_indextoname(brid, namebuf); 1351 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 1352 "%s", brid, namebuf); 1353 del_ifidx(drv, brid); 1354 } 1355} 1356 1357 1358static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 1359 const u8 *frame, size_t len) 1360{ 1361 const struct ieee80211_mgmt *mgmt; 1362 union wpa_event_data event; 1363 1364 wpa_printf(MSG_DEBUG, "nl80211: Authenticate event"); 1365 mgmt = (const struct ieee80211_mgmt *) frame; 1366 if (len < 24 + sizeof(mgmt->u.auth)) { 1367 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1368 "frame"); 1369 return; 1370 } 1371 1372 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 1373 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 1374 os_memset(&event, 0, sizeof(event)); 1375 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 1376 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 1377 event.auth.auth_transaction = 1378 le_to_host16(mgmt->u.auth.auth_transaction); 1379 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 1380 if (len > 24 + sizeof(mgmt->u.auth)) { 1381 event.auth.ies = mgmt->u.auth.variable; 1382 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 1383 } 1384 1385 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 1386} 1387 1388 1389static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv) 1390{ 1391 struct nl_msg *msg; 1392 int ret; 1393 struct nl80211_bss_info_arg arg; 1394 1395 os_memset(&arg, 0, sizeof(arg)); 1396 msg = nlmsg_alloc(); 1397 if (!msg) 1398 goto nla_put_failure; 1399 1400 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 1401 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1402 1403 arg.drv = drv; 1404 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 1405 msg = NULL; 1406 if (ret == 0) { 1407 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the " 1408 "associated BSS from scan results: %u MHz", 1409 arg.assoc_freq); 1410 if (arg.assoc_freq) 1411 drv->assoc_freq = arg.assoc_freq; 1412 return drv->assoc_freq; 1413 } 1414 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 1415 "(%s)", ret, strerror(-ret)); 1416nla_put_failure: 1417 nlmsg_free(msg); 1418 return drv->assoc_freq; 1419} 1420 1421 1422static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 1423 const u8 *frame, size_t len) 1424{ 1425 const struct ieee80211_mgmt *mgmt; 1426 union wpa_event_data event; 1427 u16 status; 1428 1429 wpa_printf(MSG_DEBUG, "nl80211: Associate event"); 1430 mgmt = (const struct ieee80211_mgmt *) frame; 1431 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 1432 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1433 "frame"); 1434 return; 1435 } 1436 1437 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1438 if (status != WLAN_STATUS_SUCCESS) { 1439 os_memset(&event, 0, sizeof(event)); 1440 event.assoc_reject.bssid = mgmt->bssid; 1441 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1442 event.assoc_reject.resp_ies = 1443 (u8 *) mgmt->u.assoc_resp.variable; 1444 event.assoc_reject.resp_ies_len = 1445 len - 24 - sizeof(mgmt->u.assoc_resp); 1446 } 1447 event.assoc_reject.status_code = status; 1448 1449 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1450 return; 1451 } 1452 1453 drv->associated = 1; 1454 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 1455 os_memcpy(drv->prev_bssid, mgmt->sa, ETH_ALEN); 1456 1457 os_memset(&event, 0, sizeof(event)); 1458 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1459 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 1460 event.assoc_info.resp_ies_len = 1461 len - 24 - sizeof(mgmt->u.assoc_resp); 1462 } 1463 1464 event.assoc_info.freq = drv->assoc_freq; 1465 1466 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1467} 1468 1469 1470static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 1471 enum nl80211_commands cmd, struct nlattr *status, 1472 struct nlattr *addr, struct nlattr *req_ie, 1473 struct nlattr *resp_ie) 1474{ 1475 union wpa_event_data event; 1476 1477 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1478 /* 1479 * Avoid reporting two association events that would confuse 1480 * the core code. 1481 */ 1482 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 1483 "when using userspace SME", cmd); 1484 return; 1485 } 1486 1487 if (cmd == NL80211_CMD_CONNECT) 1488 wpa_printf(MSG_DEBUG, "nl80211: Connect event"); 1489 else if (cmd == NL80211_CMD_ROAM) 1490 wpa_printf(MSG_DEBUG, "nl80211: Roam event"); 1491 1492 os_memset(&event, 0, sizeof(event)); 1493 if (cmd == NL80211_CMD_CONNECT && 1494 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 1495 if (addr) 1496 event.assoc_reject.bssid = nla_data(addr); 1497 if (resp_ie) { 1498 event.assoc_reject.resp_ies = nla_data(resp_ie); 1499 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 1500 } 1501 event.assoc_reject.status_code = nla_get_u16(status); 1502 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1503 return; 1504 } 1505 1506 drv->associated = 1; 1507 if (addr) { 1508 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 1509 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 1510 } 1511 1512 if (req_ie) { 1513 event.assoc_info.req_ies = nla_data(req_ie); 1514 event.assoc_info.req_ies_len = nla_len(req_ie); 1515 } 1516 if (resp_ie) { 1517 event.assoc_info.resp_ies = nla_data(resp_ie); 1518 event.assoc_info.resp_ies_len = nla_len(resp_ie); 1519 } 1520 1521 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 1522 1523 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1524} 1525 1526 1527static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv, 1528 struct nlattr *reason, struct nlattr *addr, 1529 struct nlattr *by_ap) 1530{ 1531 union wpa_event_data data; 1532 unsigned int locally_generated = by_ap == NULL; 1533 1534 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1535 /* 1536 * Avoid reporting two disassociation events that could 1537 * confuse the core code. 1538 */ 1539 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1540 "event when using userspace SME"); 1541 return; 1542 } 1543 1544 if (drv->ignore_next_local_disconnect) { 1545 drv->ignore_next_local_disconnect = 0; 1546 if (locally_generated) { 1547 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1548 "event triggered during reassociation"); 1549 return; 1550 } 1551 wpa_printf(MSG_WARNING, "nl80211: Was expecting local " 1552 "disconnect but got another disconnect " 1553 "event first"); 1554 } 1555 1556 wpa_printf(MSG_DEBUG, "nl80211: Disconnect event"); 1557 nl80211_mark_disconnected(drv); 1558 os_memset(&data, 0, sizeof(data)); 1559 if (reason) 1560 data.deauth_info.reason_code = nla_get_u16(reason); 1561 data.deauth_info.locally_generated = by_ap == NULL; 1562 wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, &data); 1563} 1564 1565 1566static int calculate_chan_offset(int width, int freq, int cf1, int cf2) 1567{ 1568 int freq1 = 0; 1569 1570 switch (convert2width(width)) { 1571 case CHAN_WIDTH_20_NOHT: 1572 case CHAN_WIDTH_20: 1573 return 0; 1574 case CHAN_WIDTH_40: 1575 freq1 = cf1 - 10; 1576 break; 1577 case CHAN_WIDTH_80: 1578 freq1 = cf1 - 30; 1579 break; 1580 case CHAN_WIDTH_160: 1581 freq1 = cf1 - 70; 1582 break; 1583 case CHAN_WIDTH_UNKNOWN: 1584 case CHAN_WIDTH_80P80: 1585 /* FIXME: implement this */ 1586 return 0; 1587 } 1588 1589 return (abs(freq - freq1) / 20) % 2 == 0 ? 1 : -1; 1590} 1591 1592 1593static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv, 1594 struct nlattr *ifindex, struct nlattr *freq, 1595 struct nlattr *type, struct nlattr *bw, 1596 struct nlattr *cf1, struct nlattr *cf2) 1597{ 1598 struct i802_bss *bss; 1599 union wpa_event_data data; 1600 int ht_enabled = 1; 1601 int chan_offset = 0; 1602 int ifidx; 1603 1604 wpa_printf(MSG_DEBUG, "nl80211: Channel switch event"); 1605 1606 if (!freq) 1607 return; 1608 1609 ifidx = nla_get_u32(ifindex); 1610 for (bss = drv->first_bss; bss; bss = bss->next) 1611 if (bss->ifindex == ifidx) 1612 break; 1613 1614 if (bss == NULL) { 1615 wpa_printf(MSG_WARNING, "nl80211: Unknown ifindex (%d) for channel switch, ignoring", 1616 ifidx); 1617 return; 1618 } 1619 1620 if (type) { 1621 switch (nla_get_u32(type)) { 1622 case NL80211_CHAN_NO_HT: 1623 ht_enabled = 0; 1624 break; 1625 case NL80211_CHAN_HT20: 1626 break; 1627 case NL80211_CHAN_HT40PLUS: 1628 chan_offset = 1; 1629 break; 1630 case NL80211_CHAN_HT40MINUS: 1631 chan_offset = -1; 1632 break; 1633 } 1634 } else if (bw && cf1) { 1635 /* This can happen for example with VHT80 ch switch */ 1636 chan_offset = calculate_chan_offset(nla_get_u32(bw), 1637 nla_get_u32(freq), 1638 nla_get_u32(cf1), 1639 cf2 ? nla_get_u32(cf2) : 0); 1640 } else { 1641 wpa_printf(MSG_WARNING, "nl80211: Unknown secondary channel information - following channel definition calculations may fail"); 1642 } 1643 1644 os_memset(&data, 0, sizeof(data)); 1645 data.ch_switch.freq = nla_get_u32(freq); 1646 data.ch_switch.ht_enabled = ht_enabled; 1647 data.ch_switch.ch_offset = chan_offset; 1648 if (bw) 1649 data.ch_switch.ch_width = convert2width(nla_get_u32(bw)); 1650 if (cf1) 1651 data.ch_switch.cf1 = nla_get_u32(cf1); 1652 if (cf2) 1653 data.ch_switch.cf2 = nla_get_u32(cf2); 1654 1655 bss->freq = data.ch_switch.freq; 1656 1657 wpa_supplicant_event(drv->ctx, EVENT_CH_SWITCH, &data); 1658} 1659 1660 1661static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 1662 enum nl80211_commands cmd, struct nlattr *addr) 1663{ 1664 union wpa_event_data event; 1665 enum wpa_event_type ev; 1666 1667 if (nla_len(addr) != ETH_ALEN) 1668 return; 1669 1670 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 1671 cmd, MAC2STR((u8 *) nla_data(addr))); 1672 1673 if (cmd == NL80211_CMD_AUTHENTICATE) 1674 ev = EVENT_AUTH_TIMED_OUT; 1675 else if (cmd == NL80211_CMD_ASSOCIATE) 1676 ev = EVENT_ASSOC_TIMED_OUT; 1677 else 1678 return; 1679 1680 os_memset(&event, 0, sizeof(event)); 1681 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 1682 wpa_supplicant_event(drv->ctx, ev, &event); 1683} 1684 1685 1686static void mlme_event_mgmt(struct i802_bss *bss, 1687 struct nlattr *freq, struct nlattr *sig, 1688 const u8 *frame, size_t len) 1689{ 1690 struct wpa_driver_nl80211_data *drv = bss->drv; 1691 const struct ieee80211_mgmt *mgmt; 1692 union wpa_event_data event; 1693 u16 fc, stype; 1694 int ssi_signal = 0; 1695 int rx_freq = 0; 1696 1697 wpa_printf(MSG_MSGDUMP, "nl80211: Frame event"); 1698 mgmt = (const struct ieee80211_mgmt *) frame; 1699 if (len < 24) { 1700 wpa_printf(MSG_DEBUG, "nl80211: Too short management frame"); 1701 return; 1702 } 1703 1704 fc = le_to_host16(mgmt->frame_control); 1705 stype = WLAN_FC_GET_STYPE(fc); 1706 1707 if (sig) 1708 ssi_signal = (s32) nla_get_u32(sig); 1709 1710 os_memset(&event, 0, sizeof(event)); 1711 if (freq) { 1712 event.rx_mgmt.freq = nla_get_u32(freq); 1713 rx_freq = drv->last_mgmt_freq = event.rx_mgmt.freq; 1714 } 1715 wpa_printf(MSG_DEBUG, 1716 "nl80211: RX frame freq=%d ssi_signal=%d stype=%u len=%u", 1717 rx_freq, ssi_signal, stype, (unsigned int) len); 1718 event.rx_mgmt.frame = frame; 1719 event.rx_mgmt.frame_len = len; 1720 event.rx_mgmt.ssi_signal = ssi_signal; 1721 event.rx_mgmt.drv_priv = bss; 1722 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 1723} 1724 1725 1726static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv, 1727 struct nlattr *cookie, const u8 *frame, 1728 size_t len, struct nlattr *ack) 1729{ 1730 union wpa_event_data event; 1731 const struct ieee80211_hdr *hdr; 1732 u16 fc; 1733 1734 wpa_printf(MSG_DEBUG, "nl80211: Frame TX status event"); 1735 if (!is_ap_interface(drv->nlmode)) { 1736 u64 cookie_val; 1737 1738 if (!cookie) 1739 return; 1740 1741 cookie_val = nla_get_u64(cookie); 1742 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:" 1743 " cookie=0%llx%s (ack=%d)", 1744 (long long unsigned int) cookie_val, 1745 cookie_val == drv->send_action_cookie ? 1746 " (match)" : " (unknown)", ack != NULL); 1747 if (cookie_val != drv->send_action_cookie) 1748 return; 1749 } 1750 1751 hdr = (const struct ieee80211_hdr *) frame; 1752 fc = le_to_host16(hdr->frame_control); 1753 1754 os_memset(&event, 0, sizeof(event)); 1755 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 1756 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 1757 event.tx_status.dst = hdr->addr1; 1758 event.tx_status.data = frame; 1759 event.tx_status.data_len = len; 1760 event.tx_status.ack = ack != NULL; 1761 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 1762} 1763 1764 1765static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 1766 enum wpa_event_type type, 1767 const u8 *frame, size_t len) 1768{ 1769 const struct ieee80211_mgmt *mgmt; 1770 union wpa_event_data event; 1771 const u8 *bssid = NULL; 1772 u16 reason_code = 0; 1773 1774 if (type == EVENT_DEAUTH) 1775 wpa_printf(MSG_DEBUG, "nl80211: Deauthenticate event"); 1776 else 1777 wpa_printf(MSG_DEBUG, "nl80211: Disassociate event"); 1778 1779 mgmt = (const struct ieee80211_mgmt *) frame; 1780 if (len >= 24) { 1781 bssid = mgmt->bssid; 1782 1783 if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) && 1784 !drv->associated && 1785 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0 && 1786 os_memcmp(bssid, drv->auth_attempt_bssid, ETH_ALEN) != 0 && 1787 os_memcmp(bssid, drv->prev_bssid, ETH_ALEN) == 0) { 1788 /* 1789 * Avoid issues with some roaming cases where 1790 * disconnection event for the old AP may show up after 1791 * we have started connection with the new AP. 1792 */ 1793 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth/disassoc event from old AP " MACSTR " when already authenticating with " MACSTR, 1794 MAC2STR(bssid), 1795 MAC2STR(drv->auth_attempt_bssid)); 1796 return; 1797 } 1798 1799 if (drv->associated != 0 && 1800 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 1801 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 1802 /* 1803 * We have presumably received this deauth as a 1804 * response to a clear_state_mismatch() outgoing 1805 * deauth. Don't let it take us offline! 1806 */ 1807 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 1808 "from Unknown BSSID " MACSTR " -- ignoring", 1809 MAC2STR(bssid)); 1810 return; 1811 } 1812 } 1813 1814 nl80211_mark_disconnected(drv); 1815 os_memset(&event, 0, sizeof(event)); 1816 1817 /* Note: Same offset for Reason Code in both frame subtypes */ 1818 if (len >= 24 + sizeof(mgmt->u.deauth)) 1819 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1820 1821 if (type == EVENT_DISASSOC) { 1822 event.disassoc_info.locally_generated = 1823 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 1824 event.disassoc_info.addr = bssid; 1825 event.disassoc_info.reason_code = reason_code; 1826 if (frame + len > mgmt->u.disassoc.variable) { 1827 event.disassoc_info.ie = mgmt->u.disassoc.variable; 1828 event.disassoc_info.ie_len = frame + len - 1829 mgmt->u.disassoc.variable; 1830 } 1831 } else { 1832 if (drv->ignore_deauth_event) { 1833 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event due to previous forced deauth-during-auth"); 1834 drv->ignore_deauth_event = 0; 1835 return; 1836 } 1837 event.deauth_info.locally_generated = 1838 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 1839 event.deauth_info.addr = bssid; 1840 event.deauth_info.reason_code = reason_code; 1841 if (frame + len > mgmt->u.deauth.variable) { 1842 event.deauth_info.ie = mgmt->u.deauth.variable; 1843 event.deauth_info.ie_len = frame + len - 1844 mgmt->u.deauth.variable; 1845 } 1846 } 1847 1848 wpa_supplicant_event(drv->ctx, type, &event); 1849} 1850 1851 1852static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 1853 enum wpa_event_type type, 1854 const u8 *frame, size_t len) 1855{ 1856 const struct ieee80211_mgmt *mgmt; 1857 union wpa_event_data event; 1858 u16 reason_code = 0; 1859 1860 if (type == EVENT_UNPROT_DEAUTH) 1861 wpa_printf(MSG_DEBUG, "nl80211: Unprot Deauthenticate event"); 1862 else 1863 wpa_printf(MSG_DEBUG, "nl80211: Unprot Disassociate event"); 1864 1865 if (len < 24) 1866 return; 1867 1868 mgmt = (const struct ieee80211_mgmt *) frame; 1869 1870 os_memset(&event, 0, sizeof(event)); 1871 /* Note: Same offset for Reason Code in both frame subtypes */ 1872 if (len >= 24 + sizeof(mgmt->u.deauth)) 1873 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1874 1875 if (type == EVENT_UNPROT_DISASSOC) { 1876 event.unprot_disassoc.sa = mgmt->sa; 1877 event.unprot_disassoc.da = mgmt->da; 1878 event.unprot_disassoc.reason_code = reason_code; 1879 } else { 1880 event.unprot_deauth.sa = mgmt->sa; 1881 event.unprot_deauth.da = mgmt->da; 1882 event.unprot_deauth.reason_code = reason_code; 1883 } 1884 1885 wpa_supplicant_event(drv->ctx, type, &event); 1886} 1887 1888 1889static void mlme_event(struct i802_bss *bss, 1890 enum nl80211_commands cmd, struct nlattr *frame, 1891 struct nlattr *addr, struct nlattr *timed_out, 1892 struct nlattr *freq, struct nlattr *ack, 1893 struct nlattr *cookie, struct nlattr *sig) 1894{ 1895 struct wpa_driver_nl80211_data *drv = bss->drv; 1896 const u8 *data; 1897 size_t len; 1898 1899 if (timed_out && addr) { 1900 mlme_timeout_event(drv, cmd, addr); 1901 return; 1902 } 1903 1904 if (frame == NULL) { 1905 wpa_printf(MSG_DEBUG, 1906 "nl80211: MLME event %d (%s) without frame data", 1907 cmd, nl80211_command_to_string(cmd)); 1908 return; 1909 } 1910 1911 data = nla_data(frame); 1912 len = nla_len(frame); 1913 if (len < 4 + 2 * ETH_ALEN) { 1914 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" 1915 MACSTR ") - too short", 1916 cmd, nl80211_command_to_string(cmd), bss->ifname, 1917 MAC2STR(bss->addr)); 1918 return; 1919 } 1920 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" MACSTR 1921 ") A1=" MACSTR " A2=" MACSTR, cmd, 1922 nl80211_command_to_string(cmd), bss->ifname, 1923 MAC2STR(bss->addr), MAC2STR(data + 4), 1924 MAC2STR(data + 4 + ETH_ALEN)); 1925 if (cmd != NL80211_CMD_FRAME_TX_STATUS && !(data[4] & 0x01) && 1926 os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 && 1927 os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) { 1928 wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event " 1929 "for foreign address", bss->ifname); 1930 return; 1931 } 1932 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 1933 nla_data(frame), nla_len(frame)); 1934 1935 switch (cmd) { 1936 case NL80211_CMD_AUTHENTICATE: 1937 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 1938 break; 1939 case NL80211_CMD_ASSOCIATE: 1940 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 1941 break; 1942 case NL80211_CMD_DEAUTHENTICATE: 1943 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 1944 nla_data(frame), nla_len(frame)); 1945 break; 1946 case NL80211_CMD_DISASSOCIATE: 1947 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 1948 nla_data(frame), nla_len(frame)); 1949 break; 1950 case NL80211_CMD_FRAME: 1951 mlme_event_mgmt(bss, freq, sig, nla_data(frame), 1952 nla_len(frame)); 1953 break; 1954 case NL80211_CMD_FRAME_TX_STATUS: 1955 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame), 1956 nla_len(frame), ack); 1957 break; 1958 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1959 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 1960 nla_data(frame), nla_len(frame)); 1961 break; 1962 case NL80211_CMD_UNPROT_DISASSOCIATE: 1963 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 1964 nla_data(frame), nla_len(frame)); 1965 break; 1966 default: 1967 break; 1968 } 1969} 1970 1971 1972static void mlme_event_michael_mic_failure(struct i802_bss *bss, 1973 struct nlattr *tb[]) 1974{ 1975 union wpa_event_data data; 1976 1977 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 1978 os_memset(&data, 0, sizeof(data)); 1979 if (tb[NL80211_ATTR_MAC]) { 1980 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 1981 nla_data(tb[NL80211_ATTR_MAC]), 1982 nla_len(tb[NL80211_ATTR_MAC])); 1983 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 1984 } 1985 if (tb[NL80211_ATTR_KEY_SEQ]) { 1986 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 1987 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 1988 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 1989 } 1990 if (tb[NL80211_ATTR_KEY_TYPE]) { 1991 enum nl80211_key_type key_type = 1992 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 1993 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 1994 if (key_type == NL80211_KEYTYPE_PAIRWISE) 1995 data.michael_mic_failure.unicast = 1; 1996 } else 1997 data.michael_mic_failure.unicast = 1; 1998 1999 if (tb[NL80211_ATTR_KEY_IDX]) { 2000 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 2001 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 2002 } 2003 2004 wpa_supplicant_event(bss->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 2005} 2006 2007 2008static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 2009 struct nlattr *tb[]) 2010{ 2011 if (tb[NL80211_ATTR_MAC] == NULL) { 2012 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 2013 "event"); 2014 return; 2015 } 2016 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2017 2018 drv->associated = 1; 2019 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 2020 MAC2STR(drv->bssid)); 2021 2022 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 2023} 2024 2025 2026static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 2027 int cancel_event, struct nlattr *tb[]) 2028{ 2029 unsigned int freq, chan_type, duration; 2030 union wpa_event_data data; 2031 u64 cookie; 2032 2033 if (tb[NL80211_ATTR_WIPHY_FREQ]) 2034 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 2035 else 2036 freq = 0; 2037 2038 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 2039 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 2040 else 2041 chan_type = 0; 2042 2043 if (tb[NL80211_ATTR_DURATION]) 2044 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 2045 else 2046 duration = 0; 2047 2048 if (tb[NL80211_ATTR_COOKIE]) 2049 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 2050 else 2051 cookie = 0; 2052 2053 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 2054 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 2055 cancel_event, freq, chan_type, duration, 2056 (long long unsigned int) cookie, 2057 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 2058 2059 if (cookie != drv->remain_on_chan_cookie) 2060 return; /* not for us */ 2061 2062 if (cancel_event) 2063 drv->pending_remain_on_chan = 0; 2064 2065 os_memset(&data, 0, sizeof(data)); 2066 data.remain_on_channel.freq = freq; 2067 data.remain_on_channel.duration = duration; 2068 wpa_supplicant_event(drv->ctx, cancel_event ? 2069 EVENT_CANCEL_REMAIN_ON_CHANNEL : 2070 EVENT_REMAIN_ON_CHANNEL, &data); 2071} 2072 2073 2074static void mlme_event_ft_event(struct wpa_driver_nl80211_data *drv, 2075 struct nlattr *tb[]) 2076{ 2077 union wpa_event_data data; 2078 2079 os_memset(&data, 0, sizeof(data)); 2080 2081 if (tb[NL80211_ATTR_IE]) { 2082 data.ft_ies.ies = nla_data(tb[NL80211_ATTR_IE]); 2083 data.ft_ies.ies_len = nla_len(tb[NL80211_ATTR_IE]); 2084 } 2085 2086 if (tb[NL80211_ATTR_IE_RIC]) { 2087 data.ft_ies.ric_ies = nla_data(tb[NL80211_ATTR_IE_RIC]); 2088 data.ft_ies.ric_ies_len = nla_len(tb[NL80211_ATTR_IE_RIC]); 2089 } 2090 2091 if (tb[NL80211_ATTR_MAC]) 2092 os_memcpy(data.ft_ies.target_ap, 2093 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2094 2095 wpa_printf(MSG_DEBUG, "nl80211: FT event target_ap " MACSTR, 2096 MAC2STR(data.ft_ies.target_ap)); 2097 2098 wpa_supplicant_event(drv->ctx, EVENT_FT_RESPONSE, &data); 2099} 2100 2101 2102static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 2103 struct nlattr *tb[]) 2104{ 2105 union wpa_event_data event; 2106 struct nlattr *nl; 2107 int rem; 2108 struct scan_info *info; 2109#define MAX_REPORT_FREQS 50 2110 int freqs[MAX_REPORT_FREQS]; 2111 int num_freqs = 0; 2112 2113 if (drv->scan_for_auth) { 2114 drv->scan_for_auth = 0; 2115 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing " 2116 "cfg80211 BSS entry"); 2117 wpa_driver_nl80211_authenticate_retry(drv); 2118 return; 2119 } 2120 2121 os_memset(&event, 0, sizeof(event)); 2122 info = &event.scan_info; 2123 info->aborted = aborted; 2124 2125 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 2126 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 2127 struct wpa_driver_scan_ssid *s = 2128 &info->ssids[info->num_ssids]; 2129 s->ssid = nla_data(nl); 2130 s->ssid_len = nla_len(nl); 2131 wpa_printf(MSG_DEBUG, "nl80211: Scan probed for SSID '%s'", 2132 wpa_ssid_txt(s->ssid, s->ssid_len)); 2133 info->num_ssids++; 2134 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 2135 break; 2136 } 2137 } 2138 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 2139 char msg[200], *pos, *end; 2140 int res; 2141 2142 pos = msg; 2143 end = pos + sizeof(msg); 2144 *pos = '\0'; 2145 2146 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 2147 { 2148 freqs[num_freqs] = nla_get_u32(nl); 2149 res = os_snprintf(pos, end - pos, " %d", 2150 freqs[num_freqs]); 2151 if (res > 0 && end - pos > res) 2152 pos += res; 2153 num_freqs++; 2154 if (num_freqs == MAX_REPORT_FREQS - 1) 2155 break; 2156 } 2157 info->freqs = freqs; 2158 info->num_freqs = num_freqs; 2159 wpa_printf(MSG_DEBUG, "nl80211: Scan included frequencies:%s", 2160 msg); 2161 } 2162 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 2163} 2164 2165 2166static int get_link_signal(struct nl_msg *msg, void *arg) 2167{ 2168 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2169 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2170 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1]; 2171 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = { 2172 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 }, 2173 [NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 }, 2174 }; 2175 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1]; 2176 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = { 2177 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 }, 2178 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 }, 2179 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG }, 2180 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG }, 2181 }; 2182 struct wpa_signal_info *sig_change = arg; 2183 2184 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2185 genlmsg_attrlen(gnlh, 0), NULL); 2186 if (!tb[NL80211_ATTR_STA_INFO] || 2187 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX, 2188 tb[NL80211_ATTR_STA_INFO], policy)) 2189 return NL_SKIP; 2190 if (!sinfo[NL80211_STA_INFO_SIGNAL]) 2191 return NL_SKIP; 2192 2193 sig_change->current_signal = 2194 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]); 2195 2196 if (sinfo[NL80211_STA_INFO_SIGNAL_AVG]) 2197 sig_change->avg_signal = 2198 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]); 2199 else 2200 sig_change->avg_signal = 0; 2201 2202 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) { 2203 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX, 2204 sinfo[NL80211_STA_INFO_TX_BITRATE], 2205 rate_policy)) { 2206 sig_change->current_txrate = 0; 2207 } else { 2208 if (rinfo[NL80211_RATE_INFO_BITRATE]) { 2209 sig_change->current_txrate = 2210 nla_get_u16(rinfo[ 2211 NL80211_RATE_INFO_BITRATE]) * 100; 2212 } 2213 } 2214 } 2215 2216 return NL_SKIP; 2217} 2218 2219 2220static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, 2221 struct wpa_signal_info *sig) 2222{ 2223 struct nl_msg *msg; 2224 2225 sig->current_signal = -9999; 2226 sig->current_txrate = 0; 2227 2228 msg = nlmsg_alloc(); 2229 if (!msg) 2230 return -ENOMEM; 2231 2232 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 2233 2234 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2235 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 2236 2237 return send_and_recv_msgs(drv, msg, get_link_signal, sig); 2238 nla_put_failure: 2239 nlmsg_free(msg); 2240 return -ENOBUFS; 2241} 2242 2243 2244static int get_link_noise(struct nl_msg *msg, void *arg) 2245{ 2246 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2247 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2248 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 2249 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 2250 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 2251 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 2252 }; 2253 struct wpa_signal_info *sig_change = arg; 2254 2255 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2256 genlmsg_attrlen(gnlh, 0), NULL); 2257 2258 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 2259 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!"); 2260 return NL_SKIP; 2261 } 2262 2263 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 2264 tb[NL80211_ATTR_SURVEY_INFO], 2265 survey_policy)) { 2266 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested " 2267 "attributes!"); 2268 return NL_SKIP; 2269 } 2270 2271 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 2272 return NL_SKIP; 2273 2274 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 2275 sig_change->frequency) 2276 return NL_SKIP; 2277 2278 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 2279 return NL_SKIP; 2280 2281 sig_change->current_noise = 2282 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 2283 2284 return NL_SKIP; 2285} 2286 2287 2288static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, 2289 struct wpa_signal_info *sig_change) 2290{ 2291 struct nl_msg *msg; 2292 2293 sig_change->current_noise = 9999; 2294 sig_change->frequency = drv->assoc_freq; 2295 2296 msg = nlmsg_alloc(); 2297 if (!msg) 2298 return -ENOMEM; 2299 2300 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 2301 2302 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2303 2304 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change); 2305 nla_put_failure: 2306 nlmsg_free(msg); 2307 return -ENOBUFS; 2308} 2309 2310 2311static int get_noise_for_scan_results(struct nl_msg *msg, void *arg) 2312{ 2313 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2314 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2315 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 2316 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 2317 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 2318 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 2319 }; 2320 struct wpa_scan_results *scan_results = arg; 2321 struct wpa_scan_res *scan_res; 2322 size_t i; 2323 2324 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2325 genlmsg_attrlen(gnlh, 0), NULL); 2326 2327 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 2328 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing"); 2329 return NL_SKIP; 2330 } 2331 2332 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 2333 tb[NL80211_ATTR_SURVEY_INFO], 2334 survey_policy)) { 2335 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested " 2336 "attributes"); 2337 return NL_SKIP; 2338 } 2339 2340 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 2341 return NL_SKIP; 2342 2343 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 2344 return NL_SKIP; 2345 2346 for (i = 0; i < scan_results->num; ++i) { 2347 scan_res = scan_results->res[i]; 2348 if (!scan_res) 2349 continue; 2350 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 2351 scan_res->freq) 2352 continue; 2353 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID)) 2354 continue; 2355 scan_res->noise = (s8) 2356 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 2357 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID; 2358 } 2359 2360 return NL_SKIP; 2361} 2362 2363 2364static int nl80211_get_noise_for_scan_results( 2365 struct wpa_driver_nl80211_data *drv, 2366 struct wpa_scan_results *scan_res) 2367{ 2368 struct nl_msg *msg; 2369 2370 msg = nlmsg_alloc(); 2371 if (!msg) 2372 return -ENOMEM; 2373 2374 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 2375 2376 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2377 2378 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, 2379 scan_res); 2380 nla_put_failure: 2381 nlmsg_free(msg); 2382 return -ENOBUFS; 2383} 2384 2385 2386static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 2387 struct nlattr *tb[]) 2388{ 2389 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 2390 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 2391 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 2392 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 2393 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 2394 }; 2395 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 2396 enum nl80211_cqm_rssi_threshold_event event; 2397 union wpa_event_data ed; 2398 struct wpa_signal_info sig; 2399 int res; 2400 2401 if (tb[NL80211_ATTR_CQM] == NULL || 2402 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 2403 cqm_policy)) { 2404 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 2405 return; 2406 } 2407 2408 os_memset(&ed, 0, sizeof(ed)); 2409 2410 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 2411 if (!tb[NL80211_ATTR_MAC]) 2412 return; 2413 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 2414 ETH_ALEN); 2415 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 2416 return; 2417 } 2418 2419 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 2420 return; 2421 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 2422 2423 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 2424 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 2425 "event: RSSI high"); 2426 ed.signal_change.above_threshold = 1; 2427 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 2428 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 2429 "event: RSSI low"); 2430 ed.signal_change.above_threshold = 0; 2431 } else 2432 return; 2433 2434 res = nl80211_get_link_signal(drv, &sig); 2435 if (res == 0) { 2436 ed.signal_change.current_signal = sig.current_signal; 2437 ed.signal_change.current_txrate = sig.current_txrate; 2438 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 2439 sig.current_signal, sig.current_txrate); 2440 } 2441 2442 res = nl80211_get_link_noise(drv, &sig); 2443 if (res == 0) { 2444 ed.signal_change.current_noise = sig.current_noise; 2445 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 2446 sig.current_noise); 2447 } 2448 2449 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 2450} 2451 2452 2453static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 2454 struct nlattr **tb) 2455{ 2456 u8 *addr; 2457 union wpa_event_data data; 2458 2459 if (tb[NL80211_ATTR_MAC] == NULL) 2460 return; 2461 addr = nla_data(tb[NL80211_ATTR_MAC]); 2462 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 2463 2464 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 2465 u8 *ies = NULL; 2466 size_t ies_len = 0; 2467 if (tb[NL80211_ATTR_IE]) { 2468 ies = nla_data(tb[NL80211_ATTR_IE]); 2469 ies_len = nla_len(tb[NL80211_ATTR_IE]); 2470 } 2471 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 2472 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0); 2473 return; 2474 } 2475 2476 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 2477 return; 2478 2479 os_memset(&data, 0, sizeof(data)); 2480 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 2481 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data); 2482} 2483 2484 2485static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 2486 struct nlattr **tb) 2487{ 2488 u8 *addr; 2489 union wpa_event_data data; 2490 2491 if (tb[NL80211_ATTR_MAC] == NULL) 2492 return; 2493 addr = nla_data(tb[NL80211_ATTR_MAC]); 2494 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 2495 MAC2STR(addr)); 2496 2497 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 2498 drv_event_disassoc(drv->ctx, addr); 2499 return; 2500 } 2501 2502 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 2503 return; 2504 2505 os_memset(&data, 0, sizeof(data)); 2506 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 2507 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 2508} 2509 2510 2511static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv, 2512 struct nlattr **tb) 2513{ 2514 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA]; 2515 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = { 2516 [NL80211_REKEY_DATA_KEK] = { 2517 .minlen = NL80211_KEK_LEN, 2518 .maxlen = NL80211_KEK_LEN, 2519 }, 2520 [NL80211_REKEY_DATA_KCK] = { 2521 .minlen = NL80211_KCK_LEN, 2522 .maxlen = NL80211_KCK_LEN, 2523 }, 2524 [NL80211_REKEY_DATA_REPLAY_CTR] = { 2525 .minlen = NL80211_REPLAY_CTR_LEN, 2526 .maxlen = NL80211_REPLAY_CTR_LEN, 2527 }, 2528 }; 2529 union wpa_event_data data; 2530 2531 if (!tb[NL80211_ATTR_MAC]) 2532 return; 2533 if (!tb[NL80211_ATTR_REKEY_DATA]) 2534 return; 2535 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA, 2536 tb[NL80211_ATTR_REKEY_DATA], rekey_policy)) 2537 return; 2538 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]) 2539 return; 2540 2541 os_memset(&data, 0, sizeof(data)); 2542 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]); 2543 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR, 2544 MAC2STR(data.driver_gtk_rekey.bssid)); 2545 data.driver_gtk_rekey.replay_ctr = 2546 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]); 2547 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter", 2548 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN); 2549 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data); 2550} 2551 2552 2553static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv, 2554 struct nlattr **tb) 2555{ 2556 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE]; 2557 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = { 2558 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 }, 2559 [NL80211_PMKSA_CANDIDATE_BSSID] = { 2560 .minlen = ETH_ALEN, 2561 .maxlen = ETH_ALEN, 2562 }, 2563 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG }, 2564 }; 2565 union wpa_event_data data; 2566 2567 wpa_printf(MSG_DEBUG, "nl80211: PMKSA candidate event"); 2568 2569 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE]) 2570 return; 2571 if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE, 2572 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy)) 2573 return; 2574 if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] || 2575 !cand[NL80211_PMKSA_CANDIDATE_BSSID]) 2576 return; 2577 2578 os_memset(&data, 0, sizeof(data)); 2579 os_memcpy(data.pmkid_candidate.bssid, 2580 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN); 2581 data.pmkid_candidate.index = 2582 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]); 2583 data.pmkid_candidate.preauth = 2584 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL; 2585 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 2586} 2587 2588 2589static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv, 2590 struct nlattr **tb) 2591{ 2592 union wpa_event_data data; 2593 2594 wpa_printf(MSG_DEBUG, "nl80211: Probe client event"); 2595 2596 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK]) 2597 return; 2598 2599 os_memset(&data, 0, sizeof(data)); 2600 os_memcpy(data.client_poll.addr, 2601 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2602 2603 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data); 2604} 2605 2606 2607static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv, 2608 struct nlattr **tb) 2609{ 2610 union wpa_event_data data; 2611 2612 wpa_printf(MSG_DEBUG, "nl80211: TDLS operation event"); 2613 2614 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_TDLS_OPERATION]) 2615 return; 2616 2617 os_memset(&data, 0, sizeof(data)); 2618 os_memcpy(data.tdls.peer, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2619 switch (nla_get_u8(tb[NL80211_ATTR_TDLS_OPERATION])) { 2620 case NL80211_TDLS_SETUP: 2621 wpa_printf(MSG_DEBUG, "nl80211: TDLS setup request for peer " 2622 MACSTR, MAC2STR(data.tdls.peer)); 2623 data.tdls.oper = TDLS_REQUEST_SETUP; 2624 break; 2625 case NL80211_TDLS_TEARDOWN: 2626 wpa_printf(MSG_DEBUG, "nl80211: TDLS teardown request for peer " 2627 MACSTR, MAC2STR(data.tdls.peer)); 2628 data.tdls.oper = TDLS_REQUEST_TEARDOWN; 2629 break; 2630 default: 2631 wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione " 2632 "event"); 2633 return; 2634 } 2635 if (tb[NL80211_ATTR_REASON_CODE]) { 2636 data.tdls.reason_code = 2637 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 2638 } 2639 2640 wpa_supplicant_event(drv->ctx, EVENT_TDLS, &data); 2641} 2642 2643 2644static void nl80211_stop_ap(struct wpa_driver_nl80211_data *drv, 2645 struct nlattr **tb) 2646{ 2647 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_UNAVAILABLE, NULL); 2648} 2649 2650 2651static void nl80211_connect_failed_event(struct wpa_driver_nl80211_data *drv, 2652 struct nlattr **tb) 2653{ 2654 union wpa_event_data data; 2655 u32 reason; 2656 2657 wpa_printf(MSG_DEBUG, "nl80211: Connect failed event"); 2658 2659 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_CONN_FAILED_REASON]) 2660 return; 2661 2662 os_memset(&data, 0, sizeof(data)); 2663 os_memcpy(data.connect_failed_reason.addr, 2664 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2665 2666 reason = nla_get_u32(tb[NL80211_ATTR_CONN_FAILED_REASON]); 2667 switch (reason) { 2668 case NL80211_CONN_FAIL_MAX_CLIENTS: 2669 wpa_printf(MSG_DEBUG, "nl80211: Max client reached"); 2670 data.connect_failed_reason.code = MAX_CLIENT_REACHED; 2671 break; 2672 case NL80211_CONN_FAIL_BLOCKED_CLIENT: 2673 wpa_printf(MSG_DEBUG, "nl80211: Blocked client " MACSTR 2674 " tried to connect", 2675 MAC2STR(data.connect_failed_reason.addr)); 2676 data.connect_failed_reason.code = BLOCKED_CLIENT; 2677 break; 2678 default: 2679 wpa_printf(MSG_DEBUG, "nl8021l: Unknown connect failed reason " 2680 "%u", reason); 2681 return; 2682 } 2683 2684 wpa_supplicant_event(drv->ctx, EVENT_CONNECT_FAILED_REASON, &data); 2685} 2686 2687 2688static void nl80211_radar_event(struct wpa_driver_nl80211_data *drv, 2689 struct nlattr **tb) 2690{ 2691 union wpa_event_data data; 2692 enum nl80211_radar_event event_type; 2693 2694 if (!tb[NL80211_ATTR_WIPHY_FREQ] || !tb[NL80211_ATTR_RADAR_EVENT]) 2695 return; 2696 2697 os_memset(&data, 0, sizeof(data)); 2698 data.dfs_event.freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 2699 event_type = nla_get_u32(tb[NL80211_ATTR_RADAR_EVENT]); 2700 2701 /* Check HT params */ 2702 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 2703 data.dfs_event.ht_enabled = 1; 2704 data.dfs_event.chan_offset = 0; 2705 2706 switch (nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])) { 2707 case NL80211_CHAN_NO_HT: 2708 data.dfs_event.ht_enabled = 0; 2709 break; 2710 case NL80211_CHAN_HT20: 2711 break; 2712 case NL80211_CHAN_HT40PLUS: 2713 data.dfs_event.chan_offset = 1; 2714 break; 2715 case NL80211_CHAN_HT40MINUS: 2716 data.dfs_event.chan_offset = -1; 2717 break; 2718 } 2719 } 2720 2721 /* Get VHT params */ 2722 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) 2723 data.dfs_event.chan_width = 2724 convert2width(nla_get_u32( 2725 tb[NL80211_ATTR_CHANNEL_WIDTH])); 2726 if (tb[NL80211_ATTR_CENTER_FREQ1]) 2727 data.dfs_event.cf1 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 2728 if (tb[NL80211_ATTR_CENTER_FREQ2]) 2729 data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 2730 2731 wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz, ht: %d, offset: %d, width: %d, cf1: %dMHz, cf2: %dMHz", 2732 data.dfs_event.freq, data.dfs_event.ht_enabled, 2733 data.dfs_event.chan_offset, data.dfs_event.chan_width, 2734 data.dfs_event.cf1, data.dfs_event.cf2); 2735 2736 switch (event_type) { 2737 case NL80211_RADAR_DETECTED: 2738 wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data); 2739 break; 2740 case NL80211_RADAR_CAC_FINISHED: 2741 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data); 2742 break; 2743 case NL80211_RADAR_CAC_ABORTED: 2744 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data); 2745 break; 2746 case NL80211_RADAR_NOP_FINISHED: 2747 wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data); 2748 break; 2749 default: 2750 wpa_printf(MSG_DEBUG, "nl80211: Unknown radar event %d " 2751 "received", event_type); 2752 break; 2753 } 2754} 2755 2756 2757static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb, 2758 int wds) 2759{ 2760 struct wpa_driver_nl80211_data *drv = bss->drv; 2761 union wpa_event_data event; 2762 2763 if (!tb[NL80211_ATTR_MAC]) 2764 return; 2765 2766 os_memset(&event, 0, sizeof(event)); 2767 event.rx_from_unknown.bssid = bss->addr; 2768 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]); 2769 event.rx_from_unknown.wds = wds; 2770 2771 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 2772} 2773 2774 2775static void qca_nl80211_avoid_freq(struct wpa_driver_nl80211_data *drv, 2776 const u8 *data, size_t len) 2777{ 2778 u32 i, count; 2779 union wpa_event_data event; 2780 struct wpa_freq_range *range = NULL; 2781 const struct qca_avoid_freq_list *freq_range; 2782 2783 freq_range = (const struct qca_avoid_freq_list *) data; 2784 if (len < sizeof(freq_range->count)) 2785 return; 2786 2787 count = freq_range->count; 2788 if (len < sizeof(freq_range->count) + 2789 count * sizeof(struct qca_avoid_freq_range)) { 2790 wpa_printf(MSG_DEBUG, "nl80211: Ignored too short avoid frequency list (len=%u)", 2791 (unsigned int) len); 2792 return; 2793 } 2794 2795 if (count > 0) { 2796 range = os_calloc(count, sizeof(struct wpa_freq_range)); 2797 if (range == NULL) 2798 return; 2799 } 2800 2801 os_memset(&event, 0, sizeof(event)); 2802 for (i = 0; i < count; i++) { 2803 unsigned int idx = event.freq_range.num; 2804 range[idx].min = freq_range->range[i].start_freq; 2805 range[idx].max = freq_range->range[i].end_freq; 2806 wpa_printf(MSG_DEBUG, "nl80211: Avoid frequency range: %u-%u", 2807 range[idx].min, range[idx].max); 2808 if (range[idx].min > range[idx].max) { 2809 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid frequency range"); 2810 continue; 2811 } 2812 event.freq_range.num++; 2813 } 2814 event.freq_range.range = range; 2815 2816 wpa_supplicant_event(drv->ctx, EVENT_AVOID_FREQUENCIES, &event); 2817 2818 os_free(range); 2819} 2820 2821 2822static void nl80211_vendor_event_qca(struct wpa_driver_nl80211_data *drv, 2823 u32 subcmd, u8 *data, size_t len) 2824{ 2825 switch (subcmd) { 2826 case QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY: 2827 qca_nl80211_avoid_freq(drv, data, len); 2828 break; 2829 default: 2830 wpa_printf(MSG_DEBUG, 2831 "nl80211: Ignore unsupported QCA vendor event %u", 2832 subcmd); 2833 break; 2834 } 2835} 2836 2837 2838static void nl80211_vendor_event(struct wpa_driver_nl80211_data *drv, 2839 struct nlattr **tb) 2840{ 2841 u32 vendor_id, subcmd, wiphy = 0; 2842 int wiphy_idx; 2843 u8 *data = NULL; 2844 size_t len = 0; 2845 2846 if (!tb[NL80211_ATTR_VENDOR_ID] || 2847 !tb[NL80211_ATTR_VENDOR_SUBCMD]) 2848 return; 2849 2850 vendor_id = nla_get_u32(tb[NL80211_ATTR_VENDOR_ID]); 2851 subcmd = nla_get_u32(tb[NL80211_ATTR_VENDOR_SUBCMD]); 2852 2853 if (tb[NL80211_ATTR_WIPHY]) 2854 wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 2855 2856 wpa_printf(MSG_DEBUG, "nl80211: Vendor event: wiphy=%u vendor_id=0x%x subcmd=%u", 2857 wiphy, vendor_id, subcmd); 2858 2859 if (tb[NL80211_ATTR_VENDOR_DATA]) { 2860 data = nla_data(tb[NL80211_ATTR_VENDOR_DATA]); 2861 len = nla_len(tb[NL80211_ATTR_VENDOR_DATA]); 2862 wpa_hexdump(MSG_MSGDUMP, "nl80211: Vendor data", data, len); 2863 } 2864 2865 wiphy_idx = nl80211_get_wiphy_index(drv->first_bss); 2866 if (wiphy_idx >= 0 && wiphy_idx != (int) wiphy) { 2867 wpa_printf(MSG_DEBUG, "nl80211: Ignore vendor event for foreign wiphy %u (own: %d)", 2868 wiphy, wiphy_idx); 2869 return; 2870 } 2871 2872 switch (vendor_id) { 2873 case OUI_QCA: 2874 nl80211_vendor_event_qca(drv, subcmd, data, len); 2875 break; 2876 default: 2877 wpa_printf(MSG_DEBUG, "nl80211: Ignore unsupported vendor event"); 2878 break; 2879 } 2880} 2881 2882 2883static void do_process_drv_event(struct i802_bss *bss, int cmd, 2884 struct nlattr **tb) 2885{ 2886 struct wpa_driver_nl80211_data *drv = bss->drv; 2887 union wpa_event_data data; 2888 2889 wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s", 2890 cmd, nl80211_command_to_string(cmd), bss->ifname); 2891 2892 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED && 2893 (cmd == NL80211_CMD_NEW_SCAN_RESULTS || 2894 cmd == NL80211_CMD_SCAN_ABORTED)) { 2895 wpa_driver_nl80211_set_mode(drv->first_bss, 2896 drv->ap_scan_as_station); 2897 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 2898 } 2899 2900 switch (cmd) { 2901 case NL80211_CMD_TRIGGER_SCAN: 2902 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan trigger"); 2903 drv->scan_state = SCAN_STARTED; 2904 if (drv->scan_for_auth) { 2905 /* 2906 * Cannot indicate EVENT_SCAN_STARTED here since we skip 2907 * EVENT_SCAN_RESULTS in scan_for_auth case and the 2908 * upper layer implementation could get confused about 2909 * scanning state. 2910 */ 2911 wpa_printf(MSG_DEBUG, "nl80211: Do not indicate scan-start event due to internal scan_for_auth"); 2912 break; 2913 } 2914 wpa_supplicant_event(drv->ctx, EVENT_SCAN_STARTED, NULL); 2915 break; 2916 case NL80211_CMD_START_SCHED_SCAN: 2917 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan started"); 2918 drv->scan_state = SCHED_SCAN_STARTED; 2919 break; 2920 case NL80211_CMD_SCHED_SCAN_STOPPED: 2921 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan stopped"); 2922 drv->scan_state = SCHED_SCAN_STOPPED; 2923 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL); 2924 break; 2925 case NL80211_CMD_NEW_SCAN_RESULTS: 2926 wpa_dbg(drv->ctx, MSG_DEBUG, 2927 "nl80211: New scan results available"); 2928 drv->scan_state = SCAN_COMPLETED; 2929 drv->scan_complete_events = 1; 2930 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2931 drv->ctx); 2932 send_scan_event(drv, 0, tb); 2933 break; 2934 case NL80211_CMD_SCHED_SCAN_RESULTS: 2935 wpa_dbg(drv->ctx, MSG_DEBUG, 2936 "nl80211: New sched scan results available"); 2937 drv->scan_state = SCHED_SCAN_RESULTS; 2938 send_scan_event(drv, 0, tb); 2939 break; 2940 case NL80211_CMD_SCAN_ABORTED: 2941 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan aborted"); 2942 drv->scan_state = SCAN_ABORTED; 2943 /* 2944 * Need to indicate that scan results are available in order 2945 * not to make wpa_supplicant stop its scanning. 2946 */ 2947 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2948 drv->ctx); 2949 send_scan_event(drv, 1, tb); 2950 break; 2951 case NL80211_CMD_AUTHENTICATE: 2952 case NL80211_CMD_ASSOCIATE: 2953 case NL80211_CMD_DEAUTHENTICATE: 2954 case NL80211_CMD_DISASSOCIATE: 2955 case NL80211_CMD_FRAME_TX_STATUS: 2956 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 2957 case NL80211_CMD_UNPROT_DISASSOCIATE: 2958 mlme_event(bss, cmd, tb[NL80211_ATTR_FRAME], 2959 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 2960 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 2961 tb[NL80211_ATTR_COOKIE], 2962 tb[NL80211_ATTR_RX_SIGNAL_DBM]); 2963 break; 2964 case NL80211_CMD_CONNECT: 2965 case NL80211_CMD_ROAM: 2966 mlme_event_connect(drv, cmd, 2967 tb[NL80211_ATTR_STATUS_CODE], 2968 tb[NL80211_ATTR_MAC], 2969 tb[NL80211_ATTR_REQ_IE], 2970 tb[NL80211_ATTR_RESP_IE]); 2971 break; 2972 case NL80211_CMD_CH_SWITCH_NOTIFY: 2973 mlme_event_ch_switch(drv, 2974 tb[NL80211_ATTR_IFINDEX], 2975 tb[NL80211_ATTR_WIPHY_FREQ], 2976 tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE], 2977 tb[NL80211_ATTR_CHANNEL_WIDTH], 2978 tb[NL80211_ATTR_CENTER_FREQ1], 2979 tb[NL80211_ATTR_CENTER_FREQ2]); 2980 break; 2981 case NL80211_CMD_DISCONNECT: 2982 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE], 2983 tb[NL80211_ATTR_MAC], 2984 tb[NL80211_ATTR_DISCONNECTED_BY_AP]); 2985 break; 2986 case NL80211_CMD_MICHAEL_MIC_FAILURE: 2987 mlme_event_michael_mic_failure(bss, tb); 2988 break; 2989 case NL80211_CMD_JOIN_IBSS: 2990 mlme_event_join_ibss(drv, tb); 2991 break; 2992 case NL80211_CMD_REMAIN_ON_CHANNEL: 2993 mlme_event_remain_on_channel(drv, 0, tb); 2994 break; 2995 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 2996 mlme_event_remain_on_channel(drv, 1, tb); 2997 break; 2998 case NL80211_CMD_NOTIFY_CQM: 2999 nl80211_cqm_event(drv, tb); 3000 break; 3001 case NL80211_CMD_REG_CHANGE: 3002 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 3003 if (tb[NL80211_ATTR_REG_INITIATOR] == NULL) 3004 break; 3005 os_memset(&data, 0, sizeof(data)); 3006 switch (nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR])) { 3007 case NL80211_REGDOM_SET_BY_CORE: 3008 data.channel_list_changed.initiator = 3009 REGDOM_SET_BY_CORE; 3010 break; 3011 case NL80211_REGDOM_SET_BY_USER: 3012 data.channel_list_changed.initiator = 3013 REGDOM_SET_BY_USER; 3014 break; 3015 case NL80211_REGDOM_SET_BY_DRIVER: 3016 data.channel_list_changed.initiator = 3017 REGDOM_SET_BY_DRIVER; 3018 break; 3019 case NL80211_REGDOM_SET_BY_COUNTRY_IE: 3020 data.channel_list_changed.initiator = 3021 REGDOM_SET_BY_COUNTRY_IE; 3022 break; 3023 default: 3024 wpa_printf(MSG_DEBUG, "nl80211: Unknown reg change initiator %d received", 3025 nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR])); 3026 break; 3027 } 3028 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 3029 &data); 3030 break; 3031 case NL80211_CMD_REG_BEACON_HINT: 3032 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 3033 os_memset(&data, 0, sizeof(data)); 3034 data.channel_list_changed.initiator = REGDOM_BEACON_HINT; 3035 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 3036 &data); 3037 break; 3038 case NL80211_CMD_NEW_STATION: 3039 nl80211_new_station_event(drv, tb); 3040 break; 3041 case NL80211_CMD_DEL_STATION: 3042 nl80211_del_station_event(drv, tb); 3043 break; 3044 case NL80211_CMD_SET_REKEY_OFFLOAD: 3045 nl80211_rekey_offload_event(drv, tb); 3046 break; 3047 case NL80211_CMD_PMKSA_CANDIDATE: 3048 nl80211_pmksa_candidate_event(drv, tb); 3049 break; 3050 case NL80211_CMD_PROBE_CLIENT: 3051 nl80211_client_probe_event(drv, tb); 3052 break; 3053 case NL80211_CMD_TDLS_OPER: 3054 nl80211_tdls_oper_event(drv, tb); 3055 break; 3056 case NL80211_CMD_CONN_FAILED: 3057 nl80211_connect_failed_event(drv, tb); 3058 break; 3059 case NL80211_CMD_FT_EVENT: 3060 mlme_event_ft_event(drv, tb); 3061 break; 3062 case NL80211_CMD_RADAR_DETECT: 3063 nl80211_radar_event(drv, tb); 3064 break; 3065 case NL80211_CMD_STOP_AP: 3066 nl80211_stop_ap(drv, tb); 3067 break; 3068 case NL80211_CMD_VENDOR: 3069 nl80211_vendor_event(drv, tb); 3070 break; 3071 default: 3072 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event " 3073 "(cmd=%d)", cmd); 3074 break; 3075 } 3076} 3077 3078 3079static int process_drv_event(struct nl_msg *msg, void *arg) 3080{ 3081 struct wpa_driver_nl80211_data *drv = arg; 3082 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3083 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3084 struct i802_bss *bss; 3085 int ifidx = -1; 3086 3087 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3088 genlmsg_attrlen(gnlh, 0), NULL); 3089 3090 if (tb[NL80211_ATTR_IFINDEX]) { 3091 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 3092 3093 for (bss = drv->first_bss; bss; bss = bss->next) 3094 if (ifidx == -1 || ifidx == bss->ifindex) { 3095 do_process_drv_event(bss, gnlh->cmd, tb); 3096 return NL_SKIP; 3097 } 3098 wpa_printf(MSG_DEBUG, 3099 "nl80211: Ignored event (cmd=%d) for foreign interface (ifindex %d)", 3100 gnlh->cmd, ifidx); 3101 } else if (tb[NL80211_ATTR_WDEV]) { 3102 u64 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 3103 wpa_printf(MSG_DEBUG, "nl80211: Process event on P2P device"); 3104 for (bss = drv->first_bss; bss; bss = bss->next) { 3105 if (bss->wdev_id_set && wdev_id == bss->wdev_id) { 3106 do_process_drv_event(bss, gnlh->cmd, tb); 3107 return NL_SKIP; 3108 } 3109 } 3110 wpa_printf(MSG_DEBUG, 3111 "nl80211: Ignored event (cmd=%d) for foreign interface (wdev 0x%llx)", 3112 gnlh->cmd, (long long unsigned int) wdev_id); 3113 } 3114 3115 return NL_SKIP; 3116} 3117 3118 3119static int process_global_event(struct nl_msg *msg, void *arg) 3120{ 3121 struct nl80211_global *global = arg; 3122 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3123 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3124 struct wpa_driver_nl80211_data *drv, *tmp; 3125 int ifidx = -1; 3126 struct i802_bss *bss; 3127 u64 wdev_id = 0; 3128 int wdev_id_set = 0; 3129 3130 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3131 genlmsg_attrlen(gnlh, 0), NULL); 3132 3133 if (tb[NL80211_ATTR_IFINDEX]) 3134 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 3135 else if (tb[NL80211_ATTR_WDEV]) { 3136 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 3137 wdev_id_set = 1; 3138 } 3139 3140 dl_list_for_each_safe(drv, tmp, &global->interfaces, 3141 struct wpa_driver_nl80211_data, list) { 3142 for (bss = drv->first_bss; bss; bss = bss->next) { 3143 if ((ifidx == -1 && !wdev_id_set) || 3144 ifidx == bss->ifindex || 3145 (wdev_id_set && bss->wdev_id_set && 3146 wdev_id == bss->wdev_id)) { 3147 do_process_drv_event(bss, gnlh->cmd, tb); 3148 return NL_SKIP; 3149 } 3150 } 3151 } 3152 3153 return NL_SKIP; 3154} 3155 3156 3157static int process_bss_event(struct nl_msg *msg, void *arg) 3158{ 3159 struct i802_bss *bss = arg; 3160 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3161 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3162 3163 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3164 genlmsg_attrlen(gnlh, 0), NULL); 3165 3166 wpa_printf(MSG_DEBUG, "nl80211: BSS Event %d (%s) received for %s", 3167 gnlh->cmd, nl80211_command_to_string(gnlh->cmd), 3168 bss->ifname); 3169 3170 switch (gnlh->cmd) { 3171 case NL80211_CMD_FRAME: 3172 case NL80211_CMD_FRAME_TX_STATUS: 3173 mlme_event(bss, gnlh->cmd, tb[NL80211_ATTR_FRAME], 3174 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 3175 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 3176 tb[NL80211_ATTR_COOKIE], 3177 tb[NL80211_ATTR_RX_SIGNAL_DBM]); 3178 break; 3179 case NL80211_CMD_UNEXPECTED_FRAME: 3180 nl80211_spurious_frame(bss, tb, 0); 3181 break; 3182 case NL80211_CMD_UNEXPECTED_4ADDR_FRAME: 3183 nl80211_spurious_frame(bss, tb, 1); 3184 break; 3185 default: 3186 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 3187 "(cmd=%d)", gnlh->cmd); 3188 break; 3189 } 3190 3191 return NL_SKIP; 3192} 3193 3194 3195static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 3196 void *handle) 3197{ 3198 struct nl_cb *cb = eloop_ctx; 3199 int res; 3200 3201 wpa_printf(MSG_MSGDUMP, "nl80211: Event message available"); 3202 3203 res = nl_recvmsgs(handle, cb); 3204 if (res) { 3205 wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d", 3206 __func__, res); 3207 } 3208} 3209 3210 3211/** 3212 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 3213 * @priv: driver_nl80211 private data 3214 * @alpha2_arg: country to which to switch to 3215 * Returns: 0 on success, -1 on failure 3216 * 3217 * This asks nl80211 to set the regulatory domain for given 3218 * country ISO / IEC alpha2. 3219 */ 3220static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 3221{ 3222 struct i802_bss *bss = priv; 3223 struct wpa_driver_nl80211_data *drv = bss->drv; 3224 char alpha2[3]; 3225 struct nl_msg *msg; 3226 3227 msg = nlmsg_alloc(); 3228 if (!msg) 3229 return -ENOMEM; 3230 3231 alpha2[0] = alpha2_arg[0]; 3232 alpha2[1] = alpha2_arg[1]; 3233 alpha2[2] = '\0'; 3234 3235 nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG); 3236 3237 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 3238 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 3239 return -EINVAL; 3240 return 0; 3241nla_put_failure: 3242 nlmsg_free(msg); 3243 return -EINVAL; 3244} 3245 3246 3247static int nl80211_get_country(struct nl_msg *msg, void *arg) 3248{ 3249 char *alpha2 = arg; 3250 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3251 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3252 3253 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3254 genlmsg_attrlen(gnlh, 0), NULL); 3255 if (!tb_msg[NL80211_ATTR_REG_ALPHA2]) { 3256 wpa_printf(MSG_DEBUG, "nl80211: No country information available"); 3257 return NL_SKIP; 3258 } 3259 os_strlcpy(alpha2, nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 3); 3260 return NL_SKIP; 3261} 3262 3263 3264static int wpa_driver_nl80211_get_country(void *priv, char *alpha2) 3265{ 3266 struct i802_bss *bss = priv; 3267 struct wpa_driver_nl80211_data *drv = bss->drv; 3268 struct nl_msg *msg; 3269 int ret; 3270 3271 msg = nlmsg_alloc(); 3272 if (!msg) 3273 return -ENOMEM; 3274 3275 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 3276 alpha2[0] = '\0'; 3277 ret = send_and_recv_msgs(drv, msg, nl80211_get_country, alpha2); 3278 if (!alpha2[0]) 3279 ret = -1; 3280 3281 return ret; 3282} 3283 3284 3285static int protocol_feature_handler(struct nl_msg *msg, void *arg) 3286{ 3287 u32 *feat = arg; 3288 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3289 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3290 3291 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3292 genlmsg_attrlen(gnlh, 0), NULL); 3293 3294 if (tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]) 3295 *feat = nla_get_u32(tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]); 3296 3297 return NL_SKIP; 3298} 3299 3300 3301static u32 get_nl80211_protocol_features(struct wpa_driver_nl80211_data *drv) 3302{ 3303 u32 feat = 0; 3304 struct nl_msg *msg; 3305 3306 msg = nlmsg_alloc(); 3307 if (!msg) 3308 goto nla_put_failure; 3309 3310 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_PROTOCOL_FEATURES); 3311 if (send_and_recv_msgs(drv, msg, protocol_feature_handler, &feat) == 0) 3312 return feat; 3313 3314 msg = NULL; 3315nla_put_failure: 3316 nlmsg_free(msg); 3317 return 0; 3318} 3319 3320 3321struct wiphy_info_data { 3322 struct wpa_driver_nl80211_data *drv; 3323 struct wpa_driver_capa *capa; 3324 3325 unsigned int num_multichan_concurrent; 3326 3327 unsigned int error:1; 3328 unsigned int device_ap_sme:1; 3329 unsigned int poll_command_supported:1; 3330 unsigned int data_tx_status:1; 3331 unsigned int monitor_supported:1; 3332 unsigned int auth_supported:1; 3333 unsigned int connect_supported:1; 3334 unsigned int p2p_go_supported:1; 3335 unsigned int p2p_client_supported:1; 3336 unsigned int p2p_concurrent:1; 3337 unsigned int channel_switch_supported:1; 3338 unsigned int set_qos_map_supported:1; 3339}; 3340 3341 3342static unsigned int probe_resp_offload_support(int supp_protocols) 3343{ 3344 unsigned int prot = 0; 3345 3346 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS) 3347 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS; 3348 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2) 3349 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2; 3350 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P) 3351 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P; 3352 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U) 3353 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING; 3354 3355 return prot; 3356} 3357 3358 3359static void wiphy_info_supported_iftypes(struct wiphy_info_data *info, 3360 struct nlattr *tb) 3361{ 3362 struct nlattr *nl_mode; 3363 int i; 3364 3365 if (tb == NULL) 3366 return; 3367 3368 nla_for_each_nested(nl_mode, tb, i) { 3369 switch (nla_type(nl_mode)) { 3370 case NL80211_IFTYPE_AP: 3371 info->capa->flags |= WPA_DRIVER_FLAGS_AP; 3372 break; 3373 case NL80211_IFTYPE_ADHOC: 3374 info->capa->flags |= WPA_DRIVER_FLAGS_IBSS; 3375 break; 3376 case NL80211_IFTYPE_P2P_DEVICE: 3377 info->capa->flags |= 3378 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE; 3379 break; 3380 case NL80211_IFTYPE_P2P_GO: 3381 info->p2p_go_supported = 1; 3382 break; 3383 case NL80211_IFTYPE_P2P_CLIENT: 3384 info->p2p_client_supported = 1; 3385 break; 3386 case NL80211_IFTYPE_MONITOR: 3387 info->monitor_supported = 1; 3388 break; 3389 } 3390 } 3391} 3392 3393 3394static int wiphy_info_iface_comb_process(struct wiphy_info_data *info, 3395 struct nlattr *nl_combi) 3396{ 3397 struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB]; 3398 struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT]; 3399 struct nlattr *nl_limit, *nl_mode; 3400 int err, rem_limit, rem_mode; 3401 int combination_has_p2p = 0, combination_has_mgd = 0; 3402 static struct nla_policy 3403 iface_combination_policy[NUM_NL80211_IFACE_COMB] = { 3404 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED }, 3405 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 }, 3406 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG }, 3407 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 }, 3408 [NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS] = { .type = NLA_U32 }, 3409 }, 3410 iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = { 3411 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED }, 3412 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 }, 3413 }; 3414 3415 err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB, 3416 nl_combi, iface_combination_policy); 3417 if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] || 3418 !tb_comb[NL80211_IFACE_COMB_MAXNUM] || 3419 !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]) 3420 return 0; /* broken combination */ 3421 3422 if (tb_comb[NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS]) 3423 info->capa->flags |= WPA_DRIVER_FLAGS_RADAR; 3424 3425 nla_for_each_nested(nl_limit, tb_comb[NL80211_IFACE_COMB_LIMITS], 3426 rem_limit) { 3427 err = nla_parse_nested(tb_limit, MAX_NL80211_IFACE_LIMIT, 3428 nl_limit, iface_limit_policy); 3429 if (err || !tb_limit[NL80211_IFACE_LIMIT_TYPES]) 3430 return 0; /* broken combination */ 3431 3432 nla_for_each_nested(nl_mode, 3433 tb_limit[NL80211_IFACE_LIMIT_TYPES], 3434 rem_mode) { 3435 int ift = nla_type(nl_mode); 3436 if (ift == NL80211_IFTYPE_P2P_GO || 3437 ift == NL80211_IFTYPE_P2P_CLIENT) 3438 combination_has_p2p = 1; 3439 if (ift == NL80211_IFTYPE_STATION) 3440 combination_has_mgd = 1; 3441 } 3442 if (combination_has_p2p && combination_has_mgd) 3443 break; 3444 } 3445 3446 if (combination_has_p2p && combination_has_mgd) { 3447 info->p2p_concurrent = 1; 3448 info->num_multichan_concurrent = 3449 nla_get_u32(tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]); 3450 return 1; 3451 } 3452 3453 return 0; 3454} 3455 3456 3457static void wiphy_info_iface_comb(struct wiphy_info_data *info, 3458 struct nlattr *tb) 3459{ 3460 struct nlattr *nl_combi; 3461 int rem_combi; 3462 3463 if (tb == NULL) 3464 return; 3465 3466 nla_for_each_nested(nl_combi, tb, rem_combi) { 3467 if (wiphy_info_iface_comb_process(info, nl_combi) > 0) 3468 break; 3469 } 3470} 3471 3472 3473static void wiphy_info_supp_cmds(struct wiphy_info_data *info, 3474 struct nlattr *tb) 3475{ 3476 struct nlattr *nl_cmd; 3477 int i; 3478 3479 if (tb == NULL) 3480 return; 3481 3482 nla_for_each_nested(nl_cmd, tb, i) { 3483 switch (nla_get_u32(nl_cmd)) { 3484 case NL80211_CMD_AUTHENTICATE: 3485 info->auth_supported = 1; 3486 break; 3487 case NL80211_CMD_CONNECT: 3488 info->connect_supported = 1; 3489 break; 3490 case NL80211_CMD_START_SCHED_SCAN: 3491 info->capa->sched_scan_supported = 1; 3492 break; 3493 case NL80211_CMD_PROBE_CLIENT: 3494 info->poll_command_supported = 1; 3495 break; 3496 case NL80211_CMD_CHANNEL_SWITCH: 3497 info->channel_switch_supported = 1; 3498 break; 3499 case NL80211_CMD_SET_QOS_MAP: 3500 info->set_qos_map_supported = 1; 3501 break; 3502 } 3503 } 3504} 3505 3506 3507static void wiphy_info_cipher_suites(struct wiphy_info_data *info, 3508 struct nlattr *tb) 3509{ 3510 int i, num; 3511 u32 *ciphers; 3512 3513 if (tb == NULL) 3514 return; 3515 3516 num = nla_len(tb) / sizeof(u32); 3517 ciphers = nla_data(tb); 3518 for (i = 0; i < num; i++) { 3519 u32 c = ciphers[i]; 3520 3521 wpa_printf(MSG_DEBUG, "nl80211: Supported cipher %02x-%02x-%02x:%d", 3522 c >> 24, (c >> 16) & 0xff, 3523 (c >> 8) & 0xff, c & 0xff); 3524 switch (c) { 3525 case WLAN_CIPHER_SUITE_CCMP_256: 3526 info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP_256; 3527 break; 3528 case WLAN_CIPHER_SUITE_GCMP_256: 3529 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP_256; 3530 break; 3531 case WLAN_CIPHER_SUITE_CCMP: 3532 info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP; 3533 break; 3534 case WLAN_CIPHER_SUITE_GCMP: 3535 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP; 3536 break; 3537 case WLAN_CIPHER_SUITE_TKIP: 3538 info->capa->enc |= WPA_DRIVER_CAPA_ENC_TKIP; 3539 break; 3540 case WLAN_CIPHER_SUITE_WEP104: 3541 info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP104; 3542 break; 3543 case WLAN_CIPHER_SUITE_WEP40: 3544 info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP40; 3545 break; 3546 case WLAN_CIPHER_SUITE_AES_CMAC: 3547 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP; 3548 break; 3549 case WLAN_CIPHER_SUITE_BIP_GMAC_128: 3550 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_128; 3551 break; 3552 case WLAN_CIPHER_SUITE_BIP_GMAC_256: 3553 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_256; 3554 break; 3555 case WLAN_CIPHER_SUITE_BIP_CMAC_256: 3556 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_CMAC_256; 3557 break; 3558 case WLAN_CIPHER_SUITE_NO_GROUP_ADDR: 3559 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GTK_NOT_USED; 3560 break; 3561 } 3562 } 3563} 3564 3565 3566static void wiphy_info_max_roc(struct wpa_driver_capa *capa, 3567 struct nlattr *tb) 3568{ 3569 if (tb) 3570 capa->max_remain_on_chan = nla_get_u32(tb); 3571} 3572 3573 3574static void wiphy_info_tdls(struct wpa_driver_capa *capa, struct nlattr *tdls, 3575 struct nlattr *ext_setup) 3576{ 3577 if (tdls == NULL) 3578 return; 3579 3580 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported"); 3581 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT; 3582 3583 if (ext_setup) { 3584 wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup"); 3585 capa->flags |= WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP; 3586 } 3587} 3588 3589 3590static void wiphy_info_feature_flags(struct wiphy_info_data *info, 3591 struct nlattr *tb) 3592{ 3593 u32 flags; 3594 struct wpa_driver_capa *capa = info->capa; 3595 3596 if (tb == NULL) 3597 return; 3598 3599 flags = nla_get_u32(tb); 3600 3601 if (flags & NL80211_FEATURE_SK_TX_STATUS) 3602 info->data_tx_status = 1; 3603 3604 if (flags & NL80211_FEATURE_INACTIVITY_TIMER) 3605 capa->flags |= WPA_DRIVER_FLAGS_INACTIVITY_TIMER; 3606 3607 if (flags & NL80211_FEATURE_SAE) 3608 capa->flags |= WPA_DRIVER_FLAGS_SAE; 3609 3610 if (flags & NL80211_FEATURE_NEED_OBSS_SCAN) 3611 capa->flags |= WPA_DRIVER_FLAGS_OBSS_SCAN; 3612} 3613 3614 3615static void wiphy_info_probe_resp_offload(struct wpa_driver_capa *capa, 3616 struct nlattr *tb) 3617{ 3618 u32 protocols; 3619 3620 if (tb == NULL) 3621 return; 3622 3623 protocols = nla_get_u32(tb); 3624 wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response offload in AP " 3625 "mode"); 3626 capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD; 3627 capa->probe_resp_offloads = probe_resp_offload_support(protocols); 3628} 3629 3630 3631static int wiphy_info_handler(struct nl_msg *msg, void *arg) 3632{ 3633 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3634 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3635 struct wiphy_info_data *info = arg; 3636 struct wpa_driver_capa *capa = info->capa; 3637 struct wpa_driver_nl80211_data *drv = info->drv; 3638 3639 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3640 genlmsg_attrlen(gnlh, 0), NULL); 3641 3642 if (tb[NL80211_ATTR_WIPHY_NAME]) 3643 os_strlcpy(drv->phyname, 3644 nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]), 3645 sizeof(drv->phyname)); 3646 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 3647 capa->max_scan_ssids = 3648 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 3649 3650 if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]) 3651 capa->max_sched_scan_ssids = 3652 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]); 3653 3654 if (tb[NL80211_ATTR_MAX_MATCH_SETS]) 3655 capa->max_match_sets = 3656 nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]); 3657 3658 if (tb[NL80211_ATTR_MAC_ACL_MAX]) 3659 capa->max_acl_mac_addrs = 3660 nla_get_u8(tb[NL80211_ATTR_MAC_ACL_MAX]); 3661 3662 wiphy_info_supported_iftypes(info, tb[NL80211_ATTR_SUPPORTED_IFTYPES]); 3663 wiphy_info_iface_comb(info, tb[NL80211_ATTR_INTERFACE_COMBINATIONS]); 3664 wiphy_info_supp_cmds(info, tb[NL80211_ATTR_SUPPORTED_COMMANDS]); 3665 wiphy_info_cipher_suites(info, tb[NL80211_ATTR_CIPHER_SUITES]); 3666 3667 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) { 3668 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based " 3669 "off-channel TX"); 3670 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 3671 } 3672 3673 if (tb[NL80211_ATTR_ROAM_SUPPORT]) { 3674 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming"); 3675 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION; 3676 } 3677 3678 wiphy_info_max_roc(capa, 3679 tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]); 3680 3681 if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD]) 3682 capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD; 3683 3684 wiphy_info_tdls(capa, tb[NL80211_ATTR_TDLS_SUPPORT], 3685 tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]); 3686 3687 if (tb[NL80211_ATTR_DEVICE_AP_SME]) 3688 info->device_ap_sme = 1; 3689 3690 wiphy_info_feature_flags(info, tb[NL80211_ATTR_FEATURE_FLAGS]); 3691 wiphy_info_probe_resp_offload(capa, 3692 tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]); 3693 3694 if (tb[NL80211_ATTR_EXT_CAPA] && tb[NL80211_ATTR_EXT_CAPA_MASK] && 3695 drv->extended_capa == NULL) { 3696 drv->extended_capa = 3697 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3698 if (drv->extended_capa) { 3699 os_memcpy(drv->extended_capa, 3700 nla_data(tb[NL80211_ATTR_EXT_CAPA]), 3701 nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3702 drv->extended_capa_len = 3703 nla_len(tb[NL80211_ATTR_EXT_CAPA]); 3704 } 3705 drv->extended_capa_mask = 3706 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3707 if (drv->extended_capa_mask) { 3708 os_memcpy(drv->extended_capa_mask, 3709 nla_data(tb[NL80211_ATTR_EXT_CAPA]), 3710 nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3711 } else { 3712 os_free(drv->extended_capa); 3713 drv->extended_capa = NULL; 3714 drv->extended_capa_len = 0; 3715 } 3716 } 3717 3718 if (tb[NL80211_ATTR_VENDOR_DATA]) { 3719 struct nlattr *nl; 3720 int rem; 3721 3722 nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_DATA], rem) { 3723 struct nl80211_vendor_cmd_info *vinfo; 3724 if (nla_len(nl) != sizeof(*vinfo)) { 3725 wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info"); 3726 continue; 3727 } 3728 vinfo = nla_data(nl); 3729 if (vinfo->subcmd == 3730 QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY) 3731 drv->dfs_vendor_cmd_avail = 1; 3732 3733 wpa_printf(MSG_DEBUG, "nl80211: Supported vendor command: vendor_id=0x%x subcmd=%u", 3734 vinfo->vendor_id, vinfo->subcmd); 3735 } 3736 } 3737 3738 if (tb[NL80211_ATTR_VENDOR_EVENTS]) { 3739 struct nlattr *nl; 3740 int rem; 3741 3742 nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_EVENTS], rem) { 3743 struct nl80211_vendor_cmd_info *vinfo; 3744 if (nla_len(nl) != sizeof(*vinfo)) { 3745 wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info"); 3746 continue; 3747 } 3748 vinfo = nla_data(nl); 3749 wpa_printf(MSG_DEBUG, "nl80211: Supported vendor event: vendor_id=0x%x subcmd=%u", 3750 vinfo->vendor_id, vinfo->subcmd); 3751 } 3752 } 3753 3754 return NL_SKIP; 3755} 3756 3757 3758static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 3759 struct wiphy_info_data *info) 3760{ 3761 u32 feat; 3762 struct nl_msg *msg; 3763 3764 os_memset(info, 0, sizeof(*info)); 3765 info->capa = &drv->capa; 3766 info->drv = drv; 3767 3768 msg = nlmsg_alloc(); 3769 if (!msg) 3770 return -1; 3771 3772 feat = get_nl80211_protocol_features(drv); 3773 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP) 3774 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY); 3775 else 3776 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 3777 3778 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP); 3779 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 3780 goto nla_put_failure; 3781 3782 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info)) 3783 return -1; 3784 3785 if (info->auth_supported) 3786 drv->capa.flags |= WPA_DRIVER_FLAGS_SME; 3787 else if (!info->connect_supported) { 3788 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 3789 "authentication/association or connect commands"); 3790 info->error = 1; 3791 } 3792 3793 if (info->p2p_go_supported && info->p2p_client_supported) 3794 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE; 3795 if (info->p2p_concurrent) { 3796 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 3797 "interface (driver advertised support)"); 3798 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 3799 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 3800 } 3801 if (info->num_multichan_concurrent > 1) { 3802 wpa_printf(MSG_DEBUG, "nl80211: Enable multi-channel " 3803 "concurrent (driver advertised support)"); 3804 drv->capa.num_multichan_concurrent = 3805 info->num_multichan_concurrent; 3806 } 3807 3808 /* default to 5000 since early versions of mac80211 don't set it */ 3809 if (!drv->capa.max_remain_on_chan) 3810 drv->capa.max_remain_on_chan = 5000; 3811 3812 if (info->channel_switch_supported) 3813 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_CSA; 3814 3815 return 0; 3816nla_put_failure: 3817 nlmsg_free(msg); 3818 return -1; 3819} 3820 3821 3822static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 3823{ 3824 struct wiphy_info_data info; 3825 if (wpa_driver_nl80211_get_info(drv, &info)) 3826 return -1; 3827 3828 if (info.error) 3829 return -1; 3830 3831 drv->has_capability = 1; 3832 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 3833 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 3834 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 3835 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 3836 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 3837 WPA_DRIVER_AUTH_SHARED | 3838 WPA_DRIVER_AUTH_LEAP; 3839 3840 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES; 3841 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 3842 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 3843 3844 /* 3845 * As all cfg80211 drivers must support cases where the AP interface is 3846 * removed without the knowledge of wpa_supplicant/hostapd, e.g., in 3847 * case that the user space daemon has crashed, they must be able to 3848 * cleanup all stations and key entries in the AP tear down flow. Thus, 3849 * this flag can/should always be set for cfg80211 drivers. 3850 */ 3851 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_TEARDOWN_SUPPORT; 3852 3853 if (!info.device_ap_sme) { 3854 drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS; 3855 3856 /* 3857 * No AP SME is currently assumed to also indicate no AP MLME 3858 * in the driver/firmware. 3859 */ 3860 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_MLME; 3861 } 3862 3863 drv->device_ap_sme = info.device_ap_sme; 3864 drv->poll_command_supported = info.poll_command_supported; 3865 drv->data_tx_status = info.data_tx_status; 3866 if (info.set_qos_map_supported) 3867 drv->capa.flags |= WPA_DRIVER_FLAGS_QOS_MAPPING; 3868 3869 /* 3870 * If poll command and tx status are supported, mac80211 is new enough 3871 * to have everything we need to not need monitor interfaces. 3872 */ 3873 drv->use_monitor = !info.poll_command_supported || !info.data_tx_status; 3874 3875 if (drv->device_ap_sme && drv->use_monitor) { 3876 /* 3877 * Non-mac80211 drivers may not support monitor interface. 3878 * Make sure we do not get stuck with incorrect capability here 3879 * by explicitly testing this. 3880 */ 3881 if (!info.monitor_supported) { 3882 wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor " 3883 "with device_ap_sme since no monitor mode " 3884 "support detected"); 3885 drv->use_monitor = 0; 3886 } 3887 } 3888 3889 /* 3890 * If we aren't going to use monitor interfaces, but the 3891 * driver doesn't support data TX status, we won't get TX 3892 * status for EAPOL frames. 3893 */ 3894 if (!drv->use_monitor && !info.data_tx_status) 3895 drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 3896 3897 return 0; 3898} 3899 3900 3901#ifdef ANDROID 3902static int android_genl_ctrl_resolve(struct nl_handle *handle, 3903 const char *name) 3904{ 3905 /* 3906 * Android ICS has very minimal genl_ctrl_resolve() implementation, so 3907 * need to work around that. 3908 */ 3909 struct nl_cache *cache = NULL; 3910 struct genl_family *nl80211 = NULL; 3911 int id = -1; 3912 3913 if (genl_ctrl_alloc_cache(handle, &cache) < 0) { 3914 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 3915 "netlink cache"); 3916 goto fail; 3917 } 3918 3919 nl80211 = genl_ctrl_search_by_name(cache, name); 3920 if (nl80211 == NULL) 3921 goto fail; 3922 3923 id = genl_family_get_id(nl80211); 3924 3925fail: 3926 if (nl80211) 3927 genl_family_put(nl80211); 3928 if (cache) 3929 nl_cache_free(cache); 3930 3931 return id; 3932} 3933#define genl_ctrl_resolve android_genl_ctrl_resolve 3934#endif /* ANDROID */ 3935 3936 3937static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global) 3938{ 3939 int ret; 3940 3941 global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 3942 if (global->nl_cb == NULL) { 3943 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 3944 "callbacks"); 3945 return -1; 3946 } 3947 3948 global->nl = nl_create_handle(global->nl_cb, "nl"); 3949 if (global->nl == NULL) 3950 goto err; 3951 3952 global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211"); 3953 if (global->nl80211_id < 0) { 3954 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 3955 "found"); 3956 goto err; 3957 } 3958 3959 global->nl_event = nl_create_handle(global->nl_cb, "event"); 3960 if (global->nl_event == NULL) 3961 goto err; 3962 3963 ret = nl_get_multicast_id(global, "nl80211", "scan"); 3964 if (ret >= 0) 3965 ret = nl_socket_add_membership(global->nl_event, ret); 3966 if (ret < 0) { 3967 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 3968 "membership for scan events: %d (%s)", 3969 ret, strerror(-ret)); 3970 goto err; 3971 } 3972 3973 ret = nl_get_multicast_id(global, "nl80211", "mlme"); 3974 if (ret >= 0) 3975 ret = nl_socket_add_membership(global->nl_event, ret); 3976 if (ret < 0) { 3977 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 3978 "membership for mlme events: %d (%s)", 3979 ret, strerror(-ret)); 3980 goto err; 3981 } 3982 3983 ret = nl_get_multicast_id(global, "nl80211", "regulatory"); 3984 if (ret >= 0) 3985 ret = nl_socket_add_membership(global->nl_event, ret); 3986 if (ret < 0) { 3987 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 3988 "membership for regulatory events: %d (%s)", 3989 ret, strerror(-ret)); 3990 /* Continue without regulatory events */ 3991 } 3992 3993 ret = nl_get_multicast_id(global, "nl80211", "vendor"); 3994 if (ret >= 0) 3995 ret = nl_socket_add_membership(global->nl_event, ret); 3996 if (ret < 0) { 3997 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 3998 "membership for vendor events: %d (%s)", 3999 ret, strerror(-ret)); 4000 /* Continue without vendor events */ 4001 } 4002 4003 nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 4004 no_seq_check, NULL); 4005 nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 4006 process_global_event, global); 4007 4008 nl80211_register_eloop_read(&global->nl_event, 4009 wpa_driver_nl80211_event_receive, 4010 global->nl_cb); 4011 4012 return 0; 4013 4014err: 4015 nl_destroy_handles(&global->nl_event); 4016 nl_destroy_handles(&global->nl); 4017 nl_cb_put(global->nl_cb); 4018 global->nl_cb = NULL; 4019 return -1; 4020} 4021 4022 4023static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) 4024{ 4025 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 4026 if (!drv->nl_cb) { 4027 wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct"); 4028 return -1; 4029 } 4030 4031 nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 4032 no_seq_check, NULL); 4033 nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 4034 process_drv_event, drv); 4035 4036 return 0; 4037} 4038 4039 4040static void wpa_driver_nl80211_rfkill_blocked(void *ctx) 4041{ 4042 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); 4043 /* 4044 * This may be for any interface; use ifdown event to disable 4045 * interface. 4046 */ 4047} 4048 4049 4050static void wpa_driver_nl80211_rfkill_unblocked(void *ctx) 4051{ 4052 struct wpa_driver_nl80211_data *drv = ctx; 4053 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked"); 4054 if (i802_set_iface_flags(drv->first_bss, 1)) { 4055 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP " 4056 "after rfkill unblock"); 4057 return; 4058 } 4059 /* rtnetlink ifup handler will report interface as enabled */ 4060} 4061 4062 4063static void wpa_driver_nl80211_handle_eapol_tx_status(int sock, 4064 void *eloop_ctx, 4065 void *handle) 4066{ 4067 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4068 u8 data[2048]; 4069 struct msghdr msg; 4070 struct iovec entry; 4071 u8 control[512]; 4072 struct cmsghdr *cmsg; 4073 int res, found_ee = 0, found_wifi = 0, acked = 0; 4074 union wpa_event_data event; 4075 4076 memset(&msg, 0, sizeof(msg)); 4077 msg.msg_iov = &entry; 4078 msg.msg_iovlen = 1; 4079 entry.iov_base = data; 4080 entry.iov_len = sizeof(data); 4081 msg.msg_control = &control; 4082 msg.msg_controllen = sizeof(control); 4083 4084 res = recvmsg(sock, &msg, MSG_ERRQUEUE); 4085 /* if error or not fitting 802.3 header, return */ 4086 if (res < 14) 4087 return; 4088 4089 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) 4090 { 4091 if (cmsg->cmsg_level == SOL_SOCKET && 4092 cmsg->cmsg_type == SCM_WIFI_STATUS) { 4093 int *ack; 4094 4095 found_wifi = 1; 4096 ack = (void *)CMSG_DATA(cmsg); 4097 acked = *ack; 4098 } 4099 4100 if (cmsg->cmsg_level == SOL_PACKET && 4101 cmsg->cmsg_type == PACKET_TX_TIMESTAMP) { 4102 struct sock_extended_err *err = 4103 (struct sock_extended_err *)CMSG_DATA(cmsg); 4104 4105 if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS) 4106 found_ee = 1; 4107 } 4108 } 4109 4110 if (!found_ee || !found_wifi) 4111 return; 4112 4113 memset(&event, 0, sizeof(event)); 4114 event.eapol_tx_status.dst = data; 4115 event.eapol_tx_status.data = data + 14; 4116 event.eapol_tx_status.data_len = res - 14; 4117 event.eapol_tx_status.ack = acked; 4118 wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event); 4119} 4120 4121 4122static int nl80211_init_bss(struct i802_bss *bss) 4123{ 4124 bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 4125 if (!bss->nl_cb) 4126 return -1; 4127 4128 nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 4129 no_seq_check, NULL); 4130 nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 4131 process_bss_event, bss); 4132 4133 return 0; 4134} 4135 4136 4137static void nl80211_destroy_bss(struct i802_bss *bss) 4138{ 4139 nl_cb_put(bss->nl_cb); 4140 bss->nl_cb = NULL; 4141} 4142 4143 4144static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname, 4145 void *global_priv, int hostapd, 4146 const u8 *set_addr) 4147{ 4148 struct wpa_driver_nl80211_data *drv; 4149 struct rfkill_config *rcfg; 4150 struct i802_bss *bss; 4151 4152 if (global_priv == NULL) 4153 return NULL; 4154 drv = os_zalloc(sizeof(*drv)); 4155 if (drv == NULL) 4156 return NULL; 4157 drv->global = global_priv; 4158 drv->ctx = ctx; 4159 drv->hostapd = !!hostapd; 4160 drv->eapol_sock = -1; 4161 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 4162 drv->if_indices = drv->default_if_indices; 4163 4164 drv->first_bss = os_zalloc(sizeof(*drv->first_bss)); 4165 if (!drv->first_bss) { 4166 os_free(drv); 4167 return NULL; 4168 } 4169 bss = drv->first_bss; 4170 bss->drv = drv; 4171 bss->ctx = ctx; 4172 4173 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 4174 drv->monitor_ifidx = -1; 4175 drv->monitor_sock = -1; 4176 drv->eapol_tx_sock = -1; 4177 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 4178 4179 if (wpa_driver_nl80211_init_nl(drv)) { 4180 os_free(drv); 4181 return NULL; 4182 } 4183 4184 if (nl80211_init_bss(bss)) 4185 goto failed; 4186 4187 rcfg = os_zalloc(sizeof(*rcfg)); 4188 if (rcfg == NULL) 4189 goto failed; 4190 rcfg->ctx = drv; 4191 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 4192 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked; 4193 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked; 4194 drv->rfkill = rfkill_init(rcfg); 4195 if (drv->rfkill == NULL) { 4196 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available"); 4197 os_free(rcfg); 4198 } 4199 4200 if (linux_iface_up(drv->global->ioctl_sock, ifname) > 0) 4201 drv->start_iface_up = 1; 4202 4203 if (wpa_driver_nl80211_finish_drv_init(drv, set_addr, 1)) 4204 goto failed; 4205 4206 drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0); 4207 if (drv->eapol_tx_sock < 0) 4208 goto failed; 4209 4210 if (drv->data_tx_status) { 4211 int enabled = 1; 4212 4213 if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS, 4214 &enabled, sizeof(enabled)) < 0) { 4215 wpa_printf(MSG_DEBUG, 4216 "nl80211: wifi status sockopt failed\n"); 4217 drv->data_tx_status = 0; 4218 if (!drv->use_monitor) 4219 drv->capa.flags &= 4220 ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 4221 } else { 4222 eloop_register_read_sock(drv->eapol_tx_sock, 4223 wpa_driver_nl80211_handle_eapol_tx_status, 4224 drv, NULL); 4225 } 4226 } 4227 4228 if (drv->global) { 4229 dl_list_add(&drv->global->interfaces, &drv->list); 4230 drv->in_interface_list = 1; 4231 } 4232 4233 return bss; 4234 4235failed: 4236 wpa_driver_nl80211_deinit(bss); 4237 return NULL; 4238} 4239 4240 4241/** 4242 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 4243 * @ctx: context to be used when calling wpa_supplicant functions, 4244 * e.g., wpa_supplicant_event() 4245 * @ifname: interface name, e.g., wlan0 4246 * @global_priv: private driver global data from global_init() 4247 * Returns: Pointer to private data, %NULL on failure 4248 */ 4249static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, 4250 void *global_priv) 4251{ 4252 return wpa_driver_nl80211_drv_init(ctx, ifname, global_priv, 0, NULL); 4253} 4254 4255 4256static int nl80211_register_frame(struct i802_bss *bss, 4257 struct nl_handle *nl_handle, 4258 u16 type, const u8 *match, size_t match_len) 4259{ 4260 struct wpa_driver_nl80211_data *drv = bss->drv; 4261 struct nl_msg *msg; 4262 int ret = -1; 4263 char buf[30]; 4264 4265 msg = nlmsg_alloc(); 4266 if (!msg) 4267 return -1; 4268 4269 buf[0] = '\0'; 4270 wpa_snprintf_hex(buf, sizeof(buf), match, match_len); 4271 wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x nl_handle=%p match=%s", 4272 type, nl_handle, buf); 4273 4274 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION); 4275 4276 if (nl80211_set_iface_id(msg, bss) < 0) 4277 goto nla_put_failure; 4278 4279 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type); 4280 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 4281 4282 ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL); 4283 msg = NULL; 4284 if (ret) { 4285 wpa_printf(MSG_DEBUG, "nl80211: Register frame command " 4286 "failed (type=%u): ret=%d (%s)", 4287 type, ret, strerror(-ret)); 4288 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 4289 match, match_len); 4290 goto nla_put_failure; 4291 } 4292 ret = 0; 4293nla_put_failure: 4294 nlmsg_free(msg); 4295 return ret; 4296} 4297 4298 4299static int nl80211_alloc_mgmt_handle(struct i802_bss *bss) 4300{ 4301 struct wpa_driver_nl80211_data *drv = bss->drv; 4302 4303 if (bss->nl_mgmt) { 4304 wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting " 4305 "already on! (nl_mgmt=%p)", bss->nl_mgmt); 4306 return -1; 4307 } 4308 4309 bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt"); 4310 if (bss->nl_mgmt == NULL) 4311 return -1; 4312 4313 return 0; 4314} 4315 4316 4317static void nl80211_mgmt_handle_register_eloop(struct i802_bss *bss) 4318{ 4319 nl80211_register_eloop_read(&bss->nl_mgmt, 4320 wpa_driver_nl80211_event_receive, 4321 bss->nl_cb); 4322} 4323 4324 4325static int nl80211_register_action_frame(struct i802_bss *bss, 4326 const u8 *match, size_t match_len) 4327{ 4328 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4); 4329 return nl80211_register_frame(bss, bss->nl_mgmt, 4330 type, match, match_len); 4331} 4332 4333 4334static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss) 4335{ 4336 struct wpa_driver_nl80211_data *drv = bss->drv; 4337 int ret = 0; 4338 4339 if (nl80211_alloc_mgmt_handle(bss)) 4340 return -1; 4341 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP " 4342 "handle %p", bss->nl_mgmt); 4343 4344 if (drv->nlmode == NL80211_IFTYPE_ADHOC) { 4345 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4); 4346 4347 /* register for any AUTH message */ 4348 nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0); 4349 } 4350 4351#ifdef CONFIG_INTERWORKING 4352 /* QoS Map Configure */ 4353 if (nl80211_register_action_frame(bss, (u8 *) "\x01\x04", 2) < 0) 4354 ret = -1; 4355#endif /* CONFIG_INTERWORKING */ 4356#if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING) 4357 /* GAS Initial Request */ 4358 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0) 4359 ret = -1; 4360 /* GAS Initial Response */ 4361 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0) 4362 ret = -1; 4363 /* GAS Comeback Request */ 4364 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0) 4365 ret = -1; 4366 /* GAS Comeback Response */ 4367 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0) 4368 ret = -1; 4369 /* Protected GAS Initial Request */ 4370 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0a", 2) < 0) 4371 ret = -1; 4372 /* Protected GAS Initial Response */ 4373 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0b", 2) < 0) 4374 ret = -1; 4375 /* Protected GAS Comeback Request */ 4376 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0c", 2) < 0) 4377 ret = -1; 4378 /* Protected GAS Comeback Response */ 4379 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0d", 2) < 0) 4380 ret = -1; 4381#endif /* CONFIG_P2P || CONFIG_INTERWORKING */ 4382#ifdef CONFIG_P2P 4383 /* P2P Public Action */ 4384 if (nl80211_register_action_frame(bss, 4385 (u8 *) "\x04\x09\x50\x6f\x9a\x09", 4386 6) < 0) 4387 ret = -1; 4388 /* P2P Action */ 4389 if (nl80211_register_action_frame(bss, 4390 (u8 *) "\x7f\x50\x6f\x9a\x09", 4391 5) < 0) 4392 ret = -1; 4393#endif /* CONFIG_P2P */ 4394#ifdef CONFIG_IEEE80211W 4395 /* SA Query Response */ 4396 if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0) 4397 ret = -1; 4398#endif /* CONFIG_IEEE80211W */ 4399#ifdef CONFIG_TDLS 4400 if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) { 4401 /* TDLS Discovery Response */ 4402 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) < 4403 0) 4404 ret = -1; 4405 } 4406#endif /* CONFIG_TDLS */ 4407 4408 /* FT Action frames */ 4409 if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0) 4410 ret = -1; 4411 else 4412 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 4413 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 4414 4415 /* WNM - BSS Transition Management Request */ 4416 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0) 4417 ret = -1; 4418 /* WNM-Sleep Mode Response */ 4419 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0) 4420 ret = -1; 4421 4422#ifdef CONFIG_HS20 4423 /* WNM-Notification */ 4424 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x1a", 2) < 0) 4425 return -1; 4426#endif /* CONFIG_HS20 */ 4427 4428 nl80211_mgmt_handle_register_eloop(bss); 4429 4430 return ret; 4431} 4432 4433 4434static int nl80211_register_spurious_class3(struct i802_bss *bss) 4435{ 4436 struct wpa_driver_nl80211_data *drv = bss->drv; 4437 struct nl_msg *msg; 4438 int ret = -1; 4439 4440 msg = nlmsg_alloc(); 4441 if (!msg) 4442 return -1; 4443 4444 nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME); 4445 4446 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 4447 4448 ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL); 4449 msg = NULL; 4450 if (ret) { 4451 wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 " 4452 "failed: ret=%d (%s)", 4453 ret, strerror(-ret)); 4454 goto nla_put_failure; 4455 } 4456 ret = 0; 4457nla_put_failure: 4458 nlmsg_free(msg); 4459 return ret; 4460} 4461 4462 4463static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss) 4464{ 4465 static const int stypes[] = { 4466 WLAN_FC_STYPE_AUTH, 4467 WLAN_FC_STYPE_ASSOC_REQ, 4468 WLAN_FC_STYPE_REASSOC_REQ, 4469 WLAN_FC_STYPE_DISASSOC, 4470 WLAN_FC_STYPE_DEAUTH, 4471 WLAN_FC_STYPE_ACTION, 4472 WLAN_FC_STYPE_PROBE_REQ, 4473/* Beacon doesn't work as mac80211 doesn't currently allow 4474 * it, but it wouldn't really be the right thing anyway as 4475 * it isn't per interface ... maybe just dump the scan 4476 * results periodically for OLBC? 4477 */ 4478// WLAN_FC_STYPE_BEACON, 4479 }; 4480 unsigned int i; 4481 4482 if (nl80211_alloc_mgmt_handle(bss)) 4483 return -1; 4484 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 4485 "handle %p", bss->nl_mgmt); 4486 4487 for (i = 0; i < ARRAY_SIZE(stypes); i++) { 4488 if (nl80211_register_frame(bss, bss->nl_mgmt, 4489 (WLAN_FC_TYPE_MGMT << 2) | 4490 (stypes[i] << 4), 4491 NULL, 0) < 0) { 4492 goto out_err; 4493 } 4494 } 4495 4496 if (nl80211_register_spurious_class3(bss)) 4497 goto out_err; 4498 4499 if (nl80211_get_wiphy_data_ap(bss) == NULL) 4500 goto out_err; 4501 4502 nl80211_mgmt_handle_register_eloop(bss); 4503 return 0; 4504 4505out_err: 4506 nl_destroy_handles(&bss->nl_mgmt); 4507 return -1; 4508} 4509 4510 4511static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss) 4512{ 4513 if (nl80211_alloc_mgmt_handle(bss)) 4514 return -1; 4515 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 4516 "handle %p (device SME)", bss->nl_mgmt); 4517 4518 if (nl80211_register_frame(bss, bss->nl_mgmt, 4519 (WLAN_FC_TYPE_MGMT << 2) | 4520 (WLAN_FC_STYPE_ACTION << 4), 4521 NULL, 0) < 0) 4522 goto out_err; 4523 4524 nl80211_mgmt_handle_register_eloop(bss); 4525 return 0; 4526 4527out_err: 4528 nl_destroy_handles(&bss->nl_mgmt); 4529 return -1; 4530} 4531 4532 4533static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason) 4534{ 4535 if (bss->nl_mgmt == NULL) 4536 return; 4537 wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p " 4538 "(%s)", bss->nl_mgmt, reason); 4539 nl80211_destroy_eloop_handle(&bss->nl_mgmt); 4540 4541 nl80211_put_wiphy_data_ap(bss); 4542} 4543 4544 4545static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx) 4546{ 4547 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 4548} 4549 4550 4551static void nl80211_del_p2pdev(struct i802_bss *bss) 4552{ 4553 struct wpa_driver_nl80211_data *drv = bss->drv; 4554 struct nl_msg *msg; 4555 int ret; 4556 4557 msg = nlmsg_alloc(); 4558 if (!msg) 4559 return; 4560 4561 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 4562 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 4563 4564 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4565 msg = NULL; 4566 4567 wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s", 4568 bss->ifname, (long long unsigned int) bss->wdev_id, 4569 strerror(-ret)); 4570 4571nla_put_failure: 4572 nlmsg_free(msg); 4573} 4574 4575 4576static int nl80211_set_p2pdev(struct i802_bss *bss, int start) 4577{ 4578 struct wpa_driver_nl80211_data *drv = bss->drv; 4579 struct nl_msg *msg; 4580 int ret = -1; 4581 4582 msg = nlmsg_alloc(); 4583 if (!msg) 4584 return -1; 4585 4586 if (start) 4587 nl80211_cmd(drv, msg, 0, NL80211_CMD_START_P2P_DEVICE); 4588 else 4589 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_P2P_DEVICE); 4590 4591 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 4592 4593 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4594 msg = NULL; 4595 4596 wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s", 4597 start ? "Start" : "Stop", 4598 bss->ifname, (long long unsigned int) bss->wdev_id, 4599 strerror(-ret)); 4600 4601nla_put_failure: 4602 nlmsg_free(msg); 4603 return ret; 4604} 4605 4606 4607static int i802_set_iface_flags(struct i802_bss *bss, int up) 4608{ 4609 enum nl80211_iftype nlmode; 4610 4611 nlmode = nl80211_get_ifmode(bss); 4612 if (nlmode != NL80211_IFTYPE_P2P_DEVICE) { 4613 return linux_set_iface_flags(bss->drv->global->ioctl_sock, 4614 bss->ifname, up); 4615 } 4616 4617 /* P2P Device has start/stop which is equivalent */ 4618 return nl80211_set_p2pdev(bss, up); 4619} 4620 4621 4622static int 4623wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv, 4624 const u8 *set_addr, int first) 4625{ 4626 struct i802_bss *bss = drv->first_bss; 4627 int send_rfkill_event = 0; 4628 enum nl80211_iftype nlmode; 4629 4630 drv->ifindex = if_nametoindex(bss->ifname); 4631 bss->ifindex = drv->ifindex; 4632 bss->wdev_id = drv->global->if_add_wdevid; 4633 bss->wdev_id_set = drv->global->if_add_wdevid_set; 4634 4635 bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex; 4636 bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set; 4637 drv->global->if_add_wdevid_set = 0; 4638 4639 if (wpa_driver_nl80211_capa(drv)) 4640 return -1; 4641 4642 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s", 4643 bss->ifname, drv->phyname); 4644 4645 if (set_addr && 4646 (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) || 4647 linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 4648 set_addr))) 4649 return -1; 4650 4651 if (first && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP) 4652 drv->start_mode_ap = 1; 4653 4654 if (drv->hostapd) 4655 nlmode = NL80211_IFTYPE_AP; 4656 else if (bss->if_dynamic) 4657 nlmode = nl80211_get_ifmode(bss); 4658 else 4659 nlmode = NL80211_IFTYPE_STATION; 4660 4661 if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) { 4662 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver mode"); 4663 return -1; 4664 } 4665 4666 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) 4667 nl80211_get_macaddr(bss); 4668 4669 if (!rfkill_is_blocked(drv->rfkill)) { 4670 int ret = i802_set_iface_flags(bss, 1); 4671 if (ret) { 4672 wpa_printf(MSG_ERROR, "nl80211: Could not set " 4673 "interface '%s' UP", bss->ifname); 4674 return ret; 4675 } 4676 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) 4677 return ret; 4678 } else { 4679 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable " 4680 "interface '%s' due to rfkill", bss->ifname); 4681 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) 4682 return 0; 4683 drv->if_disabled = 1; 4684 send_rfkill_event = 1; 4685 } 4686 4687 if (!drv->hostapd) 4688 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 4689 1, IF_OPER_DORMANT); 4690 4691 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 4692 bss->addr)) 4693 return -1; 4694 4695 if (send_rfkill_event) { 4696 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill, 4697 drv, drv->ctx); 4698 } 4699 4700 return 0; 4701} 4702 4703 4704static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 4705{ 4706 struct nl_msg *msg; 4707 4708 msg = nlmsg_alloc(); 4709 if (!msg) 4710 return -ENOMEM; 4711 4712 wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)", 4713 drv->ifindex); 4714 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON); 4715 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4716 4717 return send_and_recv_msgs(drv, msg, NULL, NULL); 4718 nla_put_failure: 4719 nlmsg_free(msg); 4720 return -ENOBUFS; 4721} 4722 4723 4724/** 4725 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 4726 * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init() 4727 * 4728 * Shut down driver interface and processing of driver events. Free 4729 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 4730 */ 4731static void wpa_driver_nl80211_deinit(struct i802_bss *bss) 4732{ 4733 struct wpa_driver_nl80211_data *drv = bss->drv; 4734 4735 bss->in_deinit = 1; 4736 if (drv->data_tx_status) 4737 eloop_unregister_read_sock(drv->eapol_tx_sock); 4738 if (drv->eapol_tx_sock >= 0) 4739 close(drv->eapol_tx_sock); 4740 4741 if (bss->nl_preq) 4742 wpa_driver_nl80211_probe_req_report(bss, 0); 4743 if (bss->added_if_into_bridge) { 4744 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 4745 bss->ifname) < 0) 4746 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 4747 "interface %s from bridge %s: %s", 4748 bss->ifname, bss->brname, strerror(errno)); 4749 } 4750 if (bss->added_bridge) { 4751 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 4752 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 4753 "bridge %s: %s", 4754 bss->brname, strerror(errno)); 4755 } 4756 4757 nl80211_remove_monitor_interface(drv); 4758 4759 if (is_ap_interface(drv->nlmode)) 4760 wpa_driver_nl80211_del_beacon(drv); 4761 4762 if (drv->eapol_sock >= 0) { 4763 eloop_unregister_read_sock(drv->eapol_sock); 4764 close(drv->eapol_sock); 4765 } 4766 4767 if (drv->if_indices != drv->default_if_indices) 4768 os_free(drv->if_indices); 4769 4770 if (drv->disabled_11b_rates) 4771 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 4772 4773 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0, 4774 IF_OPER_UP); 4775 rfkill_deinit(drv->rfkill); 4776 4777 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 4778 4779 if (!drv->start_iface_up) 4780 (void) i802_set_iface_flags(bss, 0); 4781 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) { 4782 if (!drv->hostapd || !drv->start_mode_ap) 4783 wpa_driver_nl80211_set_mode(bss, 4784 NL80211_IFTYPE_STATION); 4785 nl80211_mgmt_unsubscribe(bss, "deinit"); 4786 } else { 4787 nl80211_mgmt_unsubscribe(bss, "deinit"); 4788 nl80211_del_p2pdev(bss); 4789 } 4790 nl_cb_put(drv->nl_cb); 4791 4792 nl80211_destroy_bss(drv->first_bss); 4793 4794 os_free(drv->filter_ssids); 4795 4796 os_free(drv->auth_ie); 4797 4798 if (drv->in_interface_list) 4799 dl_list_del(&drv->list); 4800 4801 os_free(drv->extended_capa); 4802 os_free(drv->extended_capa_mask); 4803 os_free(drv->first_bss); 4804 os_free(drv); 4805} 4806 4807 4808/** 4809 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 4810 * @eloop_ctx: Driver private data 4811 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 4812 * 4813 * This function can be used as registered timeout when starting a scan to 4814 * generate a scan completed event if the driver does not report this. 4815 */ 4816static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 4817{ 4818 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4819 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) { 4820 wpa_driver_nl80211_set_mode(drv->first_bss, 4821 drv->ap_scan_as_station); 4822 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 4823 } 4824 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 4825 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 4826} 4827 4828 4829static struct nl_msg * 4830nl80211_scan_common(struct wpa_driver_nl80211_data *drv, u8 cmd, 4831 struct wpa_driver_scan_params *params, u64 *wdev_id) 4832{ 4833 struct nl_msg *msg; 4834 size_t i; 4835 4836 msg = nlmsg_alloc(); 4837 if (!msg) 4838 return NULL; 4839 4840 nl80211_cmd(drv, msg, 0, cmd); 4841 4842 if (!wdev_id) 4843 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4844 else 4845 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, *wdev_id); 4846 4847 if (params->num_ssids) { 4848 struct nlattr *ssids; 4849 4850 ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 4851 if (ssids == NULL) 4852 goto fail; 4853 for (i = 0; i < params->num_ssids; i++) { 4854 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 4855 params->ssids[i].ssid, 4856 params->ssids[i].ssid_len); 4857 if (nla_put(msg, i + 1, params->ssids[i].ssid_len, 4858 params->ssids[i].ssid) < 0) 4859 goto fail; 4860 } 4861 nla_nest_end(msg, ssids); 4862 } 4863 4864 if (params->extra_ies) { 4865 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", 4866 params->extra_ies, params->extra_ies_len); 4867 if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len, 4868 params->extra_ies) < 0) 4869 goto fail; 4870 } 4871 4872 if (params->freqs) { 4873 struct nlattr *freqs; 4874 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 4875 if (freqs == NULL) 4876 goto fail; 4877 for (i = 0; params->freqs[i]; i++) { 4878 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 4879 "MHz", params->freqs[i]); 4880 if (nla_put_u32(msg, i + 1, params->freqs[i]) < 0) 4881 goto fail; 4882 } 4883 nla_nest_end(msg, freqs); 4884 } 4885 4886 os_free(drv->filter_ssids); 4887 drv->filter_ssids = params->filter_ssids; 4888 params->filter_ssids = NULL; 4889 drv->num_filter_ssids = params->num_filter_ssids; 4890 4891 if (params->only_new_results) { 4892 wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_FLUSH"); 4893 NLA_PUT_U32(msg, NL80211_ATTR_SCAN_FLAGS, 4894 NL80211_SCAN_FLAG_FLUSH); 4895 } 4896 4897 return msg; 4898 4899fail: 4900nla_put_failure: 4901 nlmsg_free(msg); 4902 return NULL; 4903} 4904 4905 4906/** 4907 * wpa_driver_nl80211_scan - Request the driver to initiate scan 4908 * @bss: Pointer to private driver data from wpa_driver_nl80211_init() 4909 * @params: Scan parameters 4910 * Returns: 0 on success, -1 on failure 4911 */ 4912static int wpa_driver_nl80211_scan(struct i802_bss *bss, 4913 struct wpa_driver_scan_params *params) 4914{ 4915 struct wpa_driver_nl80211_data *drv = bss->drv; 4916 int ret = -1, timeout; 4917 struct nl_msg *msg = NULL; 4918 4919 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request"); 4920 drv->scan_for_auth = 0; 4921 4922 msg = nl80211_scan_common(drv, NL80211_CMD_TRIGGER_SCAN, params, 4923 bss->wdev_id_set ? &bss->wdev_id : NULL); 4924 if (!msg) 4925 return -1; 4926 4927 if (params->p2p_probe) { 4928 struct nlattr *rates; 4929 4930 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates"); 4931 4932 rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES); 4933 if (rates == NULL) 4934 goto nla_put_failure; 4935 4936 /* 4937 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates 4938 * by masking out everything else apart from the OFDM rates 6, 4939 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz 4940 * rates are left enabled. 4941 */ 4942 NLA_PUT(msg, NL80211_BAND_2GHZ, 8, 4943 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 4944 nla_nest_end(msg, rates); 4945 4946 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 4947 } 4948 4949 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4950 msg = NULL; 4951 if (ret) { 4952 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 4953 "(%s)", ret, strerror(-ret)); 4954 if (drv->hostapd && is_ap_interface(drv->nlmode)) { 4955 enum nl80211_iftype old_mode = drv->nlmode; 4956 4957 /* 4958 * mac80211 does not allow scan requests in AP mode, so 4959 * try to do this in station mode. 4960 */ 4961 if (wpa_driver_nl80211_set_mode( 4962 bss, NL80211_IFTYPE_STATION)) 4963 goto nla_put_failure; 4964 4965 if (wpa_driver_nl80211_scan(bss, params)) { 4966 wpa_driver_nl80211_set_mode(bss, drv->nlmode); 4967 goto nla_put_failure; 4968 } 4969 4970 /* Restore AP mode when processing scan results */ 4971 drv->ap_scan_as_station = old_mode; 4972 ret = 0; 4973 } else 4974 goto nla_put_failure; 4975 } 4976 4977 drv->scan_state = SCAN_REQUESTED; 4978 /* Not all drivers generate "scan completed" wireless event, so try to 4979 * read results after a timeout. */ 4980 timeout = 10; 4981 if (drv->scan_complete_events) { 4982 /* 4983 * The driver seems to deliver events to notify when scan is 4984 * complete, so use longer timeout to avoid race conditions 4985 * with scanning and following association request. 4986 */ 4987 timeout = 30; 4988 } 4989 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 4990 "seconds", ret, timeout); 4991 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 4992 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 4993 drv, drv->ctx); 4994 4995nla_put_failure: 4996 nlmsg_free(msg); 4997 return ret; 4998} 4999 5000 5001/** 5002 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan 5003 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 5004 * @params: Scan parameters 5005 * @interval: Interval between scan cycles in milliseconds 5006 * Returns: 0 on success, -1 on failure or if not supported 5007 */ 5008static int wpa_driver_nl80211_sched_scan(void *priv, 5009 struct wpa_driver_scan_params *params, 5010 u32 interval) 5011{ 5012 struct i802_bss *bss = priv; 5013 struct wpa_driver_nl80211_data *drv = bss->drv; 5014 int ret = -1; 5015 struct nl_msg *msg; 5016 size_t i; 5017 5018 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request"); 5019 5020#ifdef ANDROID 5021 if (!drv->capa.sched_scan_supported) 5022 return android_pno_start(bss, params); 5023#endif /* ANDROID */ 5024 5025 msg = nl80211_scan_common(drv, NL80211_CMD_START_SCHED_SCAN, params, 5026 bss->wdev_id_set ? &bss->wdev_id : NULL); 5027 if (!msg) 5028 goto nla_put_failure; 5029 5030 NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval); 5031 5032 if ((drv->num_filter_ssids && 5033 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) || 5034 params->filter_rssi) { 5035 struct nlattr *match_sets; 5036 match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH); 5037 if (match_sets == NULL) 5038 goto nla_put_failure; 5039 5040 for (i = 0; i < drv->num_filter_ssids; i++) { 5041 struct nlattr *match_set_ssid; 5042 wpa_hexdump_ascii(MSG_MSGDUMP, 5043 "nl80211: Sched scan filter SSID", 5044 drv->filter_ssids[i].ssid, 5045 drv->filter_ssids[i].ssid_len); 5046 5047 match_set_ssid = nla_nest_start(msg, i + 1); 5048 if (match_set_ssid == NULL) 5049 goto nla_put_failure; 5050 NLA_PUT(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID, 5051 drv->filter_ssids[i].ssid_len, 5052 drv->filter_ssids[i].ssid); 5053 if (params->filter_rssi) 5054 NLA_PUT_U32(msg, 5055 NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 5056 params->filter_rssi); 5057 5058 nla_nest_end(msg, match_set_ssid); 5059 } 5060 5061 /* 5062 * Due to backward compatibility code, newer kernels treat this 5063 * matchset (with only an RSSI filter) as the default for all 5064 * other matchsets, unless it's the only one, in which case the 5065 * matchset will actually allow all SSIDs above the RSSI. 5066 */ 5067 if (params->filter_rssi) { 5068 struct nlattr *match_set_rssi; 5069 match_set_rssi = nla_nest_start(msg, 0); 5070 if (match_set_rssi == NULL) 5071 goto nla_put_failure; 5072 NLA_PUT_U32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 5073 params->filter_rssi); 5074 wpa_printf(MSG_MSGDUMP, 5075 "nl80211: Sched scan RSSI filter %d dBm", 5076 params->filter_rssi); 5077 nla_nest_end(msg, match_set_rssi); 5078 } 5079 5080 nla_nest_end(msg, match_sets); 5081 } 5082 5083 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5084 5085 /* TODO: if we get an error here, we should fall back to normal scan */ 5086 5087 msg = NULL; 5088 if (ret) { 5089 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: " 5090 "ret=%d (%s)", ret, strerror(-ret)); 5091 goto nla_put_failure; 5092 } 5093 5094 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - " 5095 "scan interval %d msec", ret, interval); 5096 5097nla_put_failure: 5098 nlmsg_free(msg); 5099 return ret; 5100} 5101 5102 5103/** 5104 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan 5105 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 5106 * Returns: 0 on success, -1 on failure or if not supported 5107 */ 5108static int wpa_driver_nl80211_stop_sched_scan(void *priv) 5109{ 5110 struct i802_bss *bss = priv; 5111 struct wpa_driver_nl80211_data *drv = bss->drv; 5112 int ret = 0; 5113 struct nl_msg *msg; 5114 5115#ifdef ANDROID 5116 if (!drv->capa.sched_scan_supported) 5117 return android_pno_stop(bss); 5118#endif /* ANDROID */ 5119 5120 msg = nlmsg_alloc(); 5121 if (!msg) 5122 return -1; 5123 5124 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN); 5125 5126 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5127 5128 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5129 msg = NULL; 5130 if (ret) { 5131 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: " 5132 "ret=%d (%s)", ret, strerror(-ret)); 5133 goto nla_put_failure; 5134 } 5135 5136 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret); 5137 5138nla_put_failure: 5139 nlmsg_free(msg); 5140 return ret; 5141} 5142 5143 5144static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 5145{ 5146 const u8 *end, *pos; 5147 5148 if (ies == NULL) 5149 return NULL; 5150 5151 pos = ies; 5152 end = ies + ies_len; 5153 5154 while (pos + 1 < end) { 5155 if (pos + 2 + pos[1] > end) 5156 break; 5157 if (pos[0] == ie) 5158 return pos; 5159 pos += 2 + pos[1]; 5160 } 5161 5162 return NULL; 5163} 5164 5165 5166static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 5167 const u8 *ie, size_t ie_len) 5168{ 5169 const u8 *ssid; 5170 size_t i; 5171 5172 if (drv->filter_ssids == NULL) 5173 return 0; 5174 5175 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 5176 if (ssid == NULL) 5177 return 1; 5178 5179 for (i = 0; i < drv->num_filter_ssids; i++) { 5180 if (ssid[1] == drv->filter_ssids[i].ssid_len && 5181 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 5182 0) 5183 return 0; 5184 } 5185 5186 return 1; 5187} 5188 5189 5190static int bss_info_handler(struct nl_msg *msg, void *arg) 5191{ 5192 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 5193 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5194 struct nlattr *bss[NL80211_BSS_MAX + 1]; 5195 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 5196 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 5197 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 5198 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 5199 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 5200 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 5201 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 5202 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 5203 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 5204 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 5205 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 5206 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 5207 }; 5208 struct nl80211_bss_info_arg *_arg = arg; 5209 struct wpa_scan_results *res = _arg->res; 5210 struct wpa_scan_res **tmp; 5211 struct wpa_scan_res *r; 5212 const u8 *ie, *beacon_ie; 5213 size_t ie_len, beacon_ie_len; 5214 u8 *pos; 5215 size_t i; 5216 5217 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5218 genlmsg_attrlen(gnlh, 0), NULL); 5219 if (!tb[NL80211_ATTR_BSS]) 5220 return NL_SKIP; 5221 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 5222 bss_policy)) 5223 return NL_SKIP; 5224 if (bss[NL80211_BSS_STATUS]) { 5225 enum nl80211_bss_status status; 5226 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 5227 if (status == NL80211_BSS_STATUS_ASSOCIATED && 5228 bss[NL80211_BSS_FREQUENCY]) { 5229 _arg->assoc_freq = 5230 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 5231 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz", 5232 _arg->assoc_freq); 5233 } 5234 if (status == NL80211_BSS_STATUS_ASSOCIATED && 5235 bss[NL80211_BSS_BSSID]) { 5236 os_memcpy(_arg->assoc_bssid, 5237 nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN); 5238 wpa_printf(MSG_DEBUG, "nl80211: Associated with " 5239 MACSTR, MAC2STR(_arg->assoc_bssid)); 5240 } 5241 } 5242 if (!res) 5243 return NL_SKIP; 5244 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 5245 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 5246 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 5247 } else { 5248 ie = NULL; 5249 ie_len = 0; 5250 } 5251 if (bss[NL80211_BSS_BEACON_IES]) { 5252 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 5253 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 5254 } else { 5255 beacon_ie = NULL; 5256 beacon_ie_len = 0; 5257 } 5258 5259 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 5260 ie ? ie_len : beacon_ie_len)) 5261 return NL_SKIP; 5262 5263 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 5264 if (r == NULL) 5265 return NL_SKIP; 5266 if (bss[NL80211_BSS_BSSID]) 5267 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 5268 ETH_ALEN); 5269 if (bss[NL80211_BSS_FREQUENCY]) 5270 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 5271 if (bss[NL80211_BSS_BEACON_INTERVAL]) 5272 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 5273 if (bss[NL80211_BSS_CAPABILITY]) 5274 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 5275 r->flags |= WPA_SCAN_NOISE_INVALID; 5276 if (bss[NL80211_BSS_SIGNAL_MBM]) { 5277 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 5278 r->level /= 100; /* mBm to dBm */ 5279 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 5280 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 5281 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 5282 r->flags |= WPA_SCAN_QUAL_INVALID; 5283 } else 5284 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 5285 if (bss[NL80211_BSS_TSF]) 5286 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 5287 if (bss[NL80211_BSS_SEEN_MS_AGO]) 5288 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 5289 r->ie_len = ie_len; 5290 pos = (u8 *) (r + 1); 5291 if (ie) { 5292 os_memcpy(pos, ie, ie_len); 5293 pos += ie_len; 5294 } 5295 r->beacon_ie_len = beacon_ie_len; 5296 if (beacon_ie) 5297 os_memcpy(pos, beacon_ie, beacon_ie_len); 5298 5299 if (bss[NL80211_BSS_STATUS]) { 5300 enum nl80211_bss_status status; 5301 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 5302 switch (status) { 5303 case NL80211_BSS_STATUS_AUTHENTICATED: 5304 r->flags |= WPA_SCAN_AUTHENTICATED; 5305 break; 5306 case NL80211_BSS_STATUS_ASSOCIATED: 5307 r->flags |= WPA_SCAN_ASSOCIATED; 5308 break; 5309 default: 5310 break; 5311 } 5312 } 5313 5314 /* 5315 * cfg80211 maintains separate BSS table entries for APs if the same 5316 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does 5317 * not use frequency as a separate key in the BSS table, so filter out 5318 * duplicated entries. Prefer associated BSS entry in such a case in 5319 * order to get the correct frequency into the BSS table. Similarly, 5320 * prefer newer entries over older. 5321 */ 5322 for (i = 0; i < res->num; i++) { 5323 const u8 *s1, *s2; 5324 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0) 5325 continue; 5326 5327 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1), 5328 res->res[i]->ie_len, WLAN_EID_SSID); 5329 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID); 5330 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] || 5331 os_memcmp(s1, s2, 2 + s1[1]) != 0) 5332 continue; 5333 5334 /* Same BSSID,SSID was already included in scan results */ 5335 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result " 5336 "for " MACSTR, MAC2STR(r->bssid)); 5337 5338 if (((r->flags & WPA_SCAN_ASSOCIATED) && 5339 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) || 5340 r->age < res->res[i]->age) { 5341 os_free(res->res[i]); 5342 res->res[i] = r; 5343 } else 5344 os_free(r); 5345 return NL_SKIP; 5346 } 5347 5348 tmp = os_realloc_array(res->res, res->num + 1, 5349 sizeof(struct wpa_scan_res *)); 5350 if (tmp == NULL) { 5351 os_free(r); 5352 return NL_SKIP; 5353 } 5354 tmp[res->num++] = r; 5355 res->res = tmp; 5356 5357 return NL_SKIP; 5358} 5359 5360 5361static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 5362 const u8 *addr) 5363{ 5364 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 5365 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 5366 "mismatch (" MACSTR ")", MAC2STR(addr)); 5367 wpa_driver_nl80211_mlme(drv, addr, 5368 NL80211_CMD_DEAUTHENTICATE, 5369 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 5370 } 5371} 5372 5373 5374static void wpa_driver_nl80211_check_bss_status( 5375 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 5376{ 5377 size_t i; 5378 5379 for (i = 0; i < res->num; i++) { 5380 struct wpa_scan_res *r = res->res[i]; 5381 if (r->flags & WPA_SCAN_AUTHENTICATED) { 5382 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 5383 "indicates BSS status with " MACSTR 5384 " as authenticated", 5385 MAC2STR(r->bssid)); 5386 if (is_sta_interface(drv->nlmode) && 5387 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 5388 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 5389 0) { 5390 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 5391 " in local state (auth=" MACSTR 5392 " assoc=" MACSTR ")", 5393 MAC2STR(drv->auth_bssid), 5394 MAC2STR(drv->bssid)); 5395 clear_state_mismatch(drv, r->bssid); 5396 } 5397 } 5398 5399 if (r->flags & WPA_SCAN_ASSOCIATED) { 5400 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 5401 "indicate BSS status with " MACSTR 5402 " as associated", 5403 MAC2STR(r->bssid)); 5404 if (is_sta_interface(drv->nlmode) && 5405 !drv->associated) { 5406 wpa_printf(MSG_DEBUG, "nl80211: Local state " 5407 "(not associated) does not match " 5408 "with BSS state"); 5409 clear_state_mismatch(drv, r->bssid); 5410 } else if (is_sta_interface(drv->nlmode) && 5411 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 5412 0) { 5413 wpa_printf(MSG_DEBUG, "nl80211: Local state " 5414 "(associated with " MACSTR ") does " 5415 "not match with BSS state", 5416 MAC2STR(drv->bssid)); 5417 clear_state_mismatch(drv, r->bssid); 5418 clear_state_mismatch(drv, drv->bssid); 5419 } 5420 } 5421 } 5422} 5423 5424 5425static struct wpa_scan_results * 5426nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 5427{ 5428 struct nl_msg *msg; 5429 struct wpa_scan_results *res; 5430 int ret; 5431 struct nl80211_bss_info_arg arg; 5432 5433 res = os_zalloc(sizeof(*res)); 5434 if (res == NULL) 5435 return NULL; 5436 msg = nlmsg_alloc(); 5437 if (!msg) 5438 goto nla_put_failure; 5439 5440 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 5441 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 5442 goto nla_put_failure; 5443 5444 arg.drv = drv; 5445 arg.res = res; 5446 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 5447 msg = NULL; 5448 if (ret == 0) { 5449 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu " 5450 "BSSes)", (unsigned long) res->num); 5451 nl80211_get_noise_for_scan_results(drv, res); 5452 return res; 5453 } 5454 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 5455 "(%s)", ret, strerror(-ret)); 5456nla_put_failure: 5457 nlmsg_free(msg); 5458 wpa_scan_results_free(res); 5459 return NULL; 5460} 5461 5462 5463/** 5464 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 5465 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 5466 * Returns: Scan results on success, -1 on failure 5467 */ 5468static struct wpa_scan_results * 5469wpa_driver_nl80211_get_scan_results(void *priv) 5470{ 5471 struct i802_bss *bss = priv; 5472 struct wpa_driver_nl80211_data *drv = bss->drv; 5473 struct wpa_scan_results *res; 5474 5475 res = nl80211_get_scan_results(drv); 5476 if (res) 5477 wpa_driver_nl80211_check_bss_status(drv, res); 5478 return res; 5479} 5480 5481 5482static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 5483{ 5484 struct wpa_scan_results *res; 5485 size_t i; 5486 5487 res = nl80211_get_scan_results(drv); 5488 if (res == NULL) { 5489 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 5490 return; 5491 } 5492 5493 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 5494 for (i = 0; i < res->num; i++) { 5495 struct wpa_scan_res *r = res->res[i]; 5496 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 5497 (int) i, (int) res->num, MAC2STR(r->bssid), 5498 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 5499 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 5500 } 5501 5502 wpa_scan_results_free(res); 5503} 5504 5505 5506static u32 wpa_alg_to_cipher_suite(enum wpa_alg alg, size_t key_len) 5507{ 5508 switch (alg) { 5509 case WPA_ALG_WEP: 5510 if (key_len == 5) 5511 return WLAN_CIPHER_SUITE_WEP40; 5512 return WLAN_CIPHER_SUITE_WEP104; 5513 case WPA_ALG_TKIP: 5514 return WLAN_CIPHER_SUITE_TKIP; 5515 case WPA_ALG_CCMP: 5516 return WLAN_CIPHER_SUITE_CCMP; 5517 case WPA_ALG_GCMP: 5518 return WLAN_CIPHER_SUITE_GCMP; 5519 case WPA_ALG_CCMP_256: 5520 return WLAN_CIPHER_SUITE_CCMP_256; 5521 case WPA_ALG_GCMP_256: 5522 return WLAN_CIPHER_SUITE_GCMP_256; 5523 case WPA_ALG_IGTK: 5524 return WLAN_CIPHER_SUITE_AES_CMAC; 5525 case WPA_ALG_BIP_GMAC_128: 5526 return WLAN_CIPHER_SUITE_BIP_GMAC_128; 5527 case WPA_ALG_BIP_GMAC_256: 5528 return WLAN_CIPHER_SUITE_BIP_GMAC_256; 5529 case WPA_ALG_BIP_CMAC_256: 5530 return WLAN_CIPHER_SUITE_BIP_CMAC_256; 5531 case WPA_ALG_SMS4: 5532 return WLAN_CIPHER_SUITE_SMS4; 5533 case WPA_ALG_KRK: 5534 return WLAN_CIPHER_SUITE_KRK; 5535 case WPA_ALG_NONE: 5536 case WPA_ALG_PMK: 5537 wpa_printf(MSG_ERROR, "nl80211: Unexpected encryption algorithm %d", 5538 alg); 5539 return 0; 5540 } 5541 5542 wpa_printf(MSG_ERROR, "nl80211: Unsupported encryption algorithm %d", 5543 alg); 5544 return 0; 5545} 5546 5547 5548static u32 wpa_cipher_to_cipher_suite(unsigned int cipher) 5549{ 5550 switch (cipher) { 5551 case WPA_CIPHER_CCMP_256: 5552 return WLAN_CIPHER_SUITE_CCMP_256; 5553 case WPA_CIPHER_GCMP_256: 5554 return WLAN_CIPHER_SUITE_GCMP_256; 5555 case WPA_CIPHER_CCMP: 5556 return WLAN_CIPHER_SUITE_CCMP; 5557 case WPA_CIPHER_GCMP: 5558 return WLAN_CIPHER_SUITE_GCMP; 5559 case WPA_CIPHER_TKIP: 5560 return WLAN_CIPHER_SUITE_TKIP; 5561 case WPA_CIPHER_WEP104: 5562 return WLAN_CIPHER_SUITE_WEP104; 5563 case WPA_CIPHER_WEP40: 5564 return WLAN_CIPHER_SUITE_WEP40; 5565 case WPA_CIPHER_GTK_NOT_USED: 5566 return WLAN_CIPHER_SUITE_NO_GROUP_ADDR; 5567 } 5568 5569 return 0; 5570} 5571 5572 5573static int wpa_cipher_to_cipher_suites(unsigned int ciphers, u32 suites[], 5574 int max_suites) 5575{ 5576 int num_suites = 0; 5577 5578 if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP_256) 5579 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP_256; 5580 if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP_256) 5581 suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP_256; 5582 if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP) 5583 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP; 5584 if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP) 5585 suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP; 5586 if (num_suites < max_suites && ciphers & WPA_CIPHER_TKIP) 5587 suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP; 5588 if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP104) 5589 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104; 5590 if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP40) 5591 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40; 5592 5593 return num_suites; 5594} 5595 5596 5597static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss, 5598 enum wpa_alg alg, const u8 *addr, 5599 int key_idx, int set_tx, 5600 const u8 *seq, size_t seq_len, 5601 const u8 *key, size_t key_len) 5602{ 5603 struct wpa_driver_nl80211_data *drv = bss->drv; 5604 int ifindex; 5605 struct nl_msg *msg; 5606 int ret; 5607 int tdls = 0; 5608 5609 /* Ignore for P2P Device */ 5610 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) 5611 return 0; 5612 5613 ifindex = if_nametoindex(ifname); 5614 wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d " 5615 "set_tx=%d seq_len=%lu key_len=%lu", 5616 __func__, ifindex, ifname, alg, addr, key_idx, set_tx, 5617 (unsigned long) seq_len, (unsigned long) key_len); 5618#ifdef CONFIG_TDLS 5619 if (key_idx == -1) { 5620 key_idx = 0; 5621 tdls = 1; 5622 } 5623#endif /* CONFIG_TDLS */ 5624 5625 msg = nlmsg_alloc(); 5626 if (!msg) 5627 return -ENOMEM; 5628 5629 if (alg == WPA_ALG_NONE) { 5630 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY); 5631 } else { 5632 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY); 5633 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 5634 wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len); 5635 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 5636 wpa_alg_to_cipher_suite(alg, key_len)); 5637 } 5638 5639 if (seq && seq_len) { 5640 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 5641 wpa_hexdump(MSG_DEBUG, "nl80211: KEY_SEQ", seq, seq_len); 5642 } 5643 5644 if (addr && !is_broadcast_ether_addr(addr)) { 5645 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 5646 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5647 5648 if (alg != WPA_ALG_WEP && key_idx && !set_tx) { 5649 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK"); 5650 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, 5651 NL80211_KEYTYPE_GROUP); 5652 } 5653 } else if (addr && is_broadcast_ether_addr(addr)) { 5654 struct nlattr *types; 5655 5656 wpa_printf(MSG_DEBUG, " broadcast key"); 5657 5658 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5659 if (!types) 5660 goto nla_put_failure; 5661 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 5662 nla_nest_end(msg, types); 5663 } 5664 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 5665 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5666 5667 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5668 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 5669 ret = 0; 5670 if (ret) 5671 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 5672 ret, strerror(-ret)); 5673 5674 /* 5675 * If we failed or don't need to set the default TX key (below), 5676 * we're done here. 5677 */ 5678 if (ret || !set_tx || alg == WPA_ALG_NONE || tdls) 5679 return ret; 5680 if (is_ap_interface(drv->nlmode) && addr && 5681 !is_broadcast_ether_addr(addr)) 5682 return ret; 5683 5684 msg = nlmsg_alloc(); 5685 if (!msg) 5686 return -ENOMEM; 5687 5688 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY); 5689 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 5690 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5691 if (alg == WPA_ALG_IGTK) 5692 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 5693 else 5694 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 5695 if (addr && is_broadcast_ether_addr(addr)) { 5696 struct nlattr *types; 5697 5698 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5699 if (!types) 5700 goto nla_put_failure; 5701 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 5702 nla_nest_end(msg, types); 5703 } else if (addr) { 5704 struct nlattr *types; 5705 5706 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5707 if (!types) 5708 goto nla_put_failure; 5709 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_UNICAST); 5710 nla_nest_end(msg, types); 5711 } 5712 5713 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5714 if (ret == -ENOENT) 5715 ret = 0; 5716 if (ret) 5717 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 5718 "err=%d %s)", ret, strerror(-ret)); 5719 return ret; 5720 5721nla_put_failure: 5722 nlmsg_free(msg); 5723 return -ENOBUFS; 5724} 5725 5726 5727static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 5728 int key_idx, int defkey, 5729 const u8 *seq, size_t seq_len, 5730 const u8 *key, size_t key_len) 5731{ 5732 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 5733 if (!key_attr) 5734 return -1; 5735 5736 if (defkey && alg == WPA_ALG_IGTK) 5737 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 5738 else if (defkey) 5739 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 5740 5741 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 5742 5743 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5744 wpa_alg_to_cipher_suite(alg, key_len)); 5745 5746 if (seq && seq_len) 5747 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 5748 5749 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 5750 5751 nla_nest_end(msg, key_attr); 5752 5753 return 0; 5754 nla_put_failure: 5755 return -1; 5756} 5757 5758 5759static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 5760 struct nl_msg *msg) 5761{ 5762 int i, privacy = 0; 5763 struct nlattr *nl_keys, *nl_key; 5764 5765 for (i = 0; i < 4; i++) { 5766 if (!params->wep_key[i]) 5767 continue; 5768 privacy = 1; 5769 break; 5770 } 5771 if (params->wps == WPS_MODE_PRIVACY) 5772 privacy = 1; 5773 if (params->pairwise_suite && 5774 params->pairwise_suite != WPA_CIPHER_NONE) 5775 privacy = 1; 5776 5777 if (!privacy) 5778 return 0; 5779 5780 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 5781 5782 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 5783 if (!nl_keys) 5784 goto nla_put_failure; 5785 5786 for (i = 0; i < 4; i++) { 5787 if (!params->wep_key[i]) 5788 continue; 5789 5790 nl_key = nla_nest_start(msg, i); 5791 if (!nl_key) 5792 goto nla_put_failure; 5793 5794 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 5795 params->wep_key[i]); 5796 if (params->wep_key_len[i] == 5) 5797 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5798 WLAN_CIPHER_SUITE_WEP40); 5799 else 5800 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5801 WLAN_CIPHER_SUITE_WEP104); 5802 5803 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 5804 5805 if (i == params->wep_tx_keyidx) 5806 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 5807 5808 nla_nest_end(msg, nl_key); 5809 } 5810 nla_nest_end(msg, nl_keys); 5811 5812 return 0; 5813 5814nla_put_failure: 5815 return -ENOBUFS; 5816} 5817 5818 5819static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 5820 const u8 *addr, int cmd, u16 reason_code, 5821 int local_state_change) 5822{ 5823 int ret = -1; 5824 struct nl_msg *msg; 5825 5826 msg = nlmsg_alloc(); 5827 if (!msg) 5828 return -1; 5829 5830 nl80211_cmd(drv, msg, 0, cmd); 5831 5832 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5833 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 5834 if (addr) 5835 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5836 if (local_state_change) 5837 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 5838 5839 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5840 msg = NULL; 5841 if (ret) { 5842 wpa_dbg(drv->ctx, MSG_DEBUG, 5843 "nl80211: MLME command failed: reason=%u ret=%d (%s)", 5844 reason_code, ret, strerror(-ret)); 5845 goto nla_put_failure; 5846 } 5847 ret = 0; 5848 5849nla_put_failure: 5850 nlmsg_free(msg); 5851 return ret; 5852} 5853 5854 5855static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 5856 int reason_code) 5857{ 5858 int ret; 5859 5860 wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code); 5861 nl80211_mark_disconnected(drv); 5862 /* Disconnect command doesn't need BSSID - it uses cached value */ 5863 ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT, 5864 reason_code, 0); 5865 /* 5866 * For locally generated disconnect, supplicant already generates a 5867 * DEAUTH event, so ignore the event from NL80211. 5868 */ 5869 drv->ignore_next_local_disconnect = ret == 0; 5870 5871 return ret; 5872} 5873 5874 5875static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss, 5876 const u8 *addr, int reason_code) 5877{ 5878 struct wpa_driver_nl80211_data *drv = bss->drv; 5879 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 5880 return wpa_driver_nl80211_disconnect(drv, reason_code); 5881 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 5882 __func__, MAC2STR(addr), reason_code); 5883 nl80211_mark_disconnected(drv); 5884 if (drv->nlmode == NL80211_IFTYPE_ADHOC) 5885 return nl80211_leave_ibss(drv); 5886 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 5887 reason_code, 0); 5888} 5889 5890 5891static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv, 5892 struct wpa_driver_auth_params *params) 5893{ 5894 int i; 5895 5896 drv->auth_freq = params->freq; 5897 drv->auth_alg = params->auth_alg; 5898 drv->auth_wep_tx_keyidx = params->wep_tx_keyidx; 5899 drv->auth_local_state_change = params->local_state_change; 5900 drv->auth_p2p = params->p2p; 5901 5902 if (params->bssid) 5903 os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN); 5904 else 5905 os_memset(drv->auth_bssid_, 0, ETH_ALEN); 5906 5907 if (params->ssid) { 5908 os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len); 5909 drv->auth_ssid_len = params->ssid_len; 5910 } else 5911 drv->auth_ssid_len = 0; 5912 5913 5914 os_free(drv->auth_ie); 5915 drv->auth_ie = NULL; 5916 drv->auth_ie_len = 0; 5917 if (params->ie) { 5918 drv->auth_ie = os_malloc(params->ie_len); 5919 if (drv->auth_ie) { 5920 os_memcpy(drv->auth_ie, params->ie, params->ie_len); 5921 drv->auth_ie_len = params->ie_len; 5922 } 5923 } 5924 5925 for (i = 0; i < 4; i++) { 5926 if (params->wep_key[i] && params->wep_key_len[i] && 5927 params->wep_key_len[i] <= 16) { 5928 os_memcpy(drv->auth_wep_key[i], params->wep_key[i], 5929 params->wep_key_len[i]); 5930 drv->auth_wep_key_len[i] = params->wep_key_len[i]; 5931 } else 5932 drv->auth_wep_key_len[i] = 0; 5933 } 5934} 5935 5936 5937static int wpa_driver_nl80211_authenticate( 5938 struct i802_bss *bss, struct wpa_driver_auth_params *params) 5939{ 5940 struct wpa_driver_nl80211_data *drv = bss->drv; 5941 int ret = -1, i; 5942 struct nl_msg *msg; 5943 enum nl80211_auth_type type; 5944 enum nl80211_iftype nlmode; 5945 int count = 0; 5946 int is_retry; 5947 5948 is_retry = drv->retry_auth; 5949 drv->retry_auth = 0; 5950 drv->ignore_deauth_event = 0; 5951 5952 nl80211_mark_disconnected(drv); 5953 os_memset(drv->auth_bssid, 0, ETH_ALEN); 5954 if (params->bssid) 5955 os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN); 5956 else 5957 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 5958 /* FIX: IBSS mode */ 5959 nlmode = params->p2p ? 5960 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 5961 if (drv->nlmode != nlmode && 5962 wpa_driver_nl80211_set_mode(bss, nlmode) < 0) 5963 return -1; 5964 5965retry: 5966 msg = nlmsg_alloc(); 5967 if (!msg) 5968 return -1; 5969 5970 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 5971 drv->ifindex); 5972 5973 nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE); 5974 5975 for (i = 0; i < 4; i++) { 5976 if (!params->wep_key[i]) 5977 continue; 5978 wpa_driver_nl80211_set_key(bss->ifname, bss, WPA_ALG_WEP, 5979 NULL, i, 5980 i == params->wep_tx_keyidx, NULL, 0, 5981 params->wep_key[i], 5982 params->wep_key_len[i]); 5983 if (params->wep_tx_keyidx != i) 5984 continue; 5985 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 5986 params->wep_key[i], params->wep_key_len[i])) { 5987 nlmsg_free(msg); 5988 return -1; 5989 } 5990 } 5991 5992 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5993 if (params->bssid) { 5994 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 5995 MAC2STR(params->bssid)); 5996 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 5997 } 5998 if (params->freq) { 5999 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 6000 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 6001 } 6002 if (params->ssid) { 6003 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 6004 params->ssid, params->ssid_len); 6005 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 6006 params->ssid); 6007 } 6008 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 6009 if (params->ie) 6010 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 6011 if (params->sae_data) { 6012 wpa_hexdump(MSG_DEBUG, " * SAE data", params->sae_data, 6013 params->sae_data_len); 6014 NLA_PUT(msg, NL80211_ATTR_SAE_DATA, params->sae_data_len, 6015 params->sae_data); 6016 } 6017 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 6018 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 6019 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 6020 type = NL80211_AUTHTYPE_SHARED_KEY; 6021 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 6022 type = NL80211_AUTHTYPE_NETWORK_EAP; 6023 else if (params->auth_alg & WPA_AUTH_ALG_FT) 6024 type = NL80211_AUTHTYPE_FT; 6025 else if (params->auth_alg & WPA_AUTH_ALG_SAE) 6026 type = NL80211_AUTHTYPE_SAE; 6027 else 6028 goto nla_put_failure; 6029 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 6030 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 6031 if (params->local_state_change) { 6032 wpa_printf(MSG_DEBUG, " * Local state change only"); 6033 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 6034 } 6035 6036 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6037 msg = NULL; 6038 if (ret) { 6039 wpa_dbg(drv->ctx, MSG_DEBUG, 6040 "nl80211: MLME command failed (auth): ret=%d (%s)", 6041 ret, strerror(-ret)); 6042 count++; 6043 if (ret == -EALREADY && count == 1 && params->bssid && 6044 !params->local_state_change) { 6045 /* 6046 * mac80211 does not currently accept new 6047 * authentication if we are already authenticated. As a 6048 * workaround, force deauthentication and try again. 6049 */ 6050 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 6051 "after forced deauthentication"); 6052 drv->ignore_deauth_event = 1; 6053 wpa_driver_nl80211_deauthenticate( 6054 bss, params->bssid, 6055 WLAN_REASON_PREV_AUTH_NOT_VALID); 6056 nlmsg_free(msg); 6057 goto retry; 6058 } 6059 6060 if (ret == -ENOENT && params->freq && !is_retry) { 6061 /* 6062 * cfg80211 has likely expired the BSS entry even 6063 * though it was previously available in our internal 6064 * BSS table. To recover quickly, start a single 6065 * channel scan on the specified channel. 6066 */ 6067 struct wpa_driver_scan_params scan; 6068 int freqs[2]; 6069 6070 os_memset(&scan, 0, sizeof(scan)); 6071 scan.num_ssids = 1; 6072 if (params->ssid) { 6073 scan.ssids[0].ssid = params->ssid; 6074 scan.ssids[0].ssid_len = params->ssid_len; 6075 } 6076 freqs[0] = params->freq; 6077 freqs[1] = 0; 6078 scan.freqs = freqs; 6079 wpa_printf(MSG_DEBUG, "nl80211: Trigger single " 6080 "channel scan to refresh cfg80211 BSS " 6081 "entry"); 6082 ret = wpa_driver_nl80211_scan(bss, &scan); 6083 if (ret == 0) { 6084 nl80211_copy_auth_params(drv, params); 6085 drv->scan_for_auth = 1; 6086 } 6087 } else if (is_retry) { 6088 /* 6089 * Need to indicate this with an event since the return 6090 * value from the retry is not delivered to core code. 6091 */ 6092 union wpa_event_data event; 6093 wpa_printf(MSG_DEBUG, "nl80211: Authentication retry " 6094 "failed"); 6095 os_memset(&event, 0, sizeof(event)); 6096 os_memcpy(event.timeout_event.addr, drv->auth_bssid_, 6097 ETH_ALEN); 6098 wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT, 6099 &event); 6100 } 6101 6102 goto nla_put_failure; 6103 } 6104 ret = 0; 6105 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 6106 "successfully"); 6107 6108nla_put_failure: 6109 nlmsg_free(msg); 6110 return ret; 6111} 6112 6113 6114static int wpa_driver_nl80211_authenticate_retry( 6115 struct wpa_driver_nl80211_data *drv) 6116{ 6117 struct wpa_driver_auth_params params; 6118 struct i802_bss *bss = drv->first_bss; 6119 int i; 6120 6121 wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again"); 6122 6123 os_memset(¶ms, 0, sizeof(params)); 6124 params.freq = drv->auth_freq; 6125 params.auth_alg = drv->auth_alg; 6126 params.wep_tx_keyidx = drv->auth_wep_tx_keyidx; 6127 params.local_state_change = drv->auth_local_state_change; 6128 params.p2p = drv->auth_p2p; 6129 6130 if (!is_zero_ether_addr(drv->auth_bssid_)) 6131 params.bssid = drv->auth_bssid_; 6132 6133 if (drv->auth_ssid_len) { 6134 params.ssid = drv->auth_ssid; 6135 params.ssid_len = drv->auth_ssid_len; 6136 } 6137 6138 params.ie = drv->auth_ie; 6139 params.ie_len = drv->auth_ie_len; 6140 6141 for (i = 0; i < 4; i++) { 6142 if (drv->auth_wep_key_len[i]) { 6143 params.wep_key[i] = drv->auth_wep_key[i]; 6144 params.wep_key_len[i] = drv->auth_wep_key_len[i]; 6145 } 6146 } 6147 6148 drv->retry_auth = 1; 6149 return wpa_driver_nl80211_authenticate(bss, ¶ms); 6150} 6151 6152 6153struct phy_info_arg { 6154 u16 *num_modes; 6155 struct hostapd_hw_modes *modes; 6156 int last_mode, last_chan_idx; 6157}; 6158 6159static void phy_info_ht_capa(struct hostapd_hw_modes *mode, struct nlattr *capa, 6160 struct nlattr *ampdu_factor, 6161 struct nlattr *ampdu_density, 6162 struct nlattr *mcs_set) 6163{ 6164 if (capa) 6165 mode->ht_capab = nla_get_u16(capa); 6166 6167 if (ampdu_factor) 6168 mode->a_mpdu_params |= nla_get_u8(ampdu_factor) & 0x03; 6169 6170 if (ampdu_density) 6171 mode->a_mpdu_params |= nla_get_u8(ampdu_density) << 2; 6172 6173 if (mcs_set && nla_len(mcs_set) >= 16) { 6174 u8 *mcs; 6175 mcs = nla_data(mcs_set); 6176 os_memcpy(mode->mcs_set, mcs, 16); 6177 } 6178} 6179 6180 6181static void phy_info_vht_capa(struct hostapd_hw_modes *mode, 6182 struct nlattr *capa, 6183 struct nlattr *mcs_set) 6184{ 6185 if (capa) 6186 mode->vht_capab = nla_get_u32(capa); 6187 6188 if (mcs_set && nla_len(mcs_set) >= 8) { 6189 u8 *mcs; 6190 mcs = nla_data(mcs_set); 6191 os_memcpy(mode->vht_mcs_set, mcs, 8); 6192 } 6193} 6194 6195 6196static void phy_info_freq(struct hostapd_hw_modes *mode, 6197 struct hostapd_channel_data *chan, 6198 struct nlattr *tb_freq[]) 6199{ 6200 u8 channel; 6201 chan->freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 6202 chan->flag = 0; 6203 if (ieee80211_freq_to_chan(chan->freq, &channel) != NUM_HOSTAPD_MODES) 6204 chan->chan = channel; 6205 6206 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 6207 chan->flag |= HOSTAPD_CHAN_DISABLED; 6208 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IR]) 6209 chan->flag |= HOSTAPD_CHAN_PASSIVE_SCAN | HOSTAPD_CHAN_NO_IBSS; 6210 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 6211 chan->flag |= HOSTAPD_CHAN_RADAR; 6212 6213 if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]) { 6214 enum nl80211_dfs_state state = 6215 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]); 6216 6217 switch (state) { 6218 case NL80211_DFS_USABLE: 6219 chan->flag |= HOSTAPD_CHAN_DFS_USABLE; 6220 break; 6221 case NL80211_DFS_AVAILABLE: 6222 chan->flag |= HOSTAPD_CHAN_DFS_AVAILABLE; 6223 break; 6224 case NL80211_DFS_UNAVAILABLE: 6225 chan->flag |= HOSTAPD_CHAN_DFS_UNAVAILABLE; 6226 break; 6227 } 6228 } 6229} 6230 6231 6232static int phy_info_freqs(struct phy_info_arg *phy_info, 6233 struct hostapd_hw_modes *mode, struct nlattr *tb) 6234{ 6235 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 6236 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 6237 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 6238 [NL80211_FREQUENCY_ATTR_NO_IR] = { .type = NLA_FLAG }, 6239 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 6240 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 6241 [NL80211_FREQUENCY_ATTR_DFS_STATE] = { .type = NLA_U32 }, 6242 }; 6243 int new_channels = 0; 6244 struct hostapd_channel_data *channel; 6245 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 6246 struct nlattr *nl_freq; 6247 int rem_freq, idx; 6248 6249 if (tb == NULL) 6250 return NL_OK; 6251 6252 nla_for_each_nested(nl_freq, tb, rem_freq) { 6253 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 6254 nla_data(nl_freq), nla_len(nl_freq), freq_policy); 6255 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 6256 continue; 6257 new_channels++; 6258 } 6259 6260 channel = os_realloc_array(mode->channels, 6261 mode->num_channels + new_channels, 6262 sizeof(struct hostapd_channel_data)); 6263 if (!channel) 6264 return NL_SKIP; 6265 6266 mode->channels = channel; 6267 mode->num_channels += new_channels; 6268 6269 idx = phy_info->last_chan_idx; 6270 6271 nla_for_each_nested(nl_freq, tb, rem_freq) { 6272 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 6273 nla_data(nl_freq), nla_len(nl_freq), freq_policy); 6274 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 6275 continue; 6276 phy_info_freq(mode, &mode->channels[idx], tb_freq); 6277 idx++; 6278 } 6279 phy_info->last_chan_idx = idx; 6280 6281 return NL_OK; 6282} 6283 6284 6285static int phy_info_rates(struct hostapd_hw_modes *mode, struct nlattr *tb) 6286{ 6287 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 6288 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 6289 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = 6290 { .type = NLA_FLAG }, 6291 }; 6292 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 6293 struct nlattr *nl_rate; 6294 int rem_rate, idx; 6295 6296 if (tb == NULL) 6297 return NL_OK; 6298 6299 nla_for_each_nested(nl_rate, tb, rem_rate) { 6300 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 6301 nla_data(nl_rate), nla_len(nl_rate), 6302 rate_policy); 6303 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 6304 continue; 6305 mode->num_rates++; 6306 } 6307 6308 mode->rates = os_calloc(mode->num_rates, sizeof(int)); 6309 if (!mode->rates) 6310 return NL_SKIP; 6311 6312 idx = 0; 6313 6314 nla_for_each_nested(nl_rate, tb, rem_rate) { 6315 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 6316 nla_data(nl_rate), nla_len(nl_rate), 6317 rate_policy); 6318 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 6319 continue; 6320 mode->rates[idx] = nla_get_u32( 6321 tb_rate[NL80211_BITRATE_ATTR_RATE]); 6322 idx++; 6323 } 6324 6325 return NL_OK; 6326} 6327 6328 6329static int phy_info_band(struct phy_info_arg *phy_info, struct nlattr *nl_band) 6330{ 6331 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 6332 struct hostapd_hw_modes *mode; 6333 int ret; 6334 6335 if (phy_info->last_mode != nl_band->nla_type) { 6336 mode = os_realloc_array(phy_info->modes, 6337 *phy_info->num_modes + 1, 6338 sizeof(*mode)); 6339 if (!mode) 6340 return NL_SKIP; 6341 phy_info->modes = mode; 6342 6343 mode = &phy_info->modes[*(phy_info->num_modes)]; 6344 os_memset(mode, 0, sizeof(*mode)); 6345 mode->mode = NUM_HOSTAPD_MODES; 6346 mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN | 6347 HOSTAPD_MODE_FLAG_VHT_INFO_KNOWN; 6348 6349 /* 6350 * Unsupported VHT MCS stream is defined as value 3, so the VHT 6351 * MCS RX/TX map must be initialized with 0xffff to mark all 8 6352 * possible streams as unsupported. This will be overridden if 6353 * driver advertises VHT support. 6354 */ 6355 mode->vht_mcs_set[0] = 0xff; 6356 mode->vht_mcs_set[1] = 0xff; 6357 mode->vht_mcs_set[4] = 0xff; 6358 mode->vht_mcs_set[5] = 0xff; 6359 6360 *(phy_info->num_modes) += 1; 6361 phy_info->last_mode = nl_band->nla_type; 6362 phy_info->last_chan_idx = 0; 6363 } else 6364 mode = &phy_info->modes[*(phy_info->num_modes) - 1]; 6365 6366 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 6367 nla_len(nl_band), NULL); 6368 6369 phy_info_ht_capa(mode, tb_band[NL80211_BAND_ATTR_HT_CAPA], 6370 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR], 6371 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY], 6372 tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 6373 phy_info_vht_capa(mode, tb_band[NL80211_BAND_ATTR_VHT_CAPA], 6374 tb_band[NL80211_BAND_ATTR_VHT_MCS_SET]); 6375 ret = phy_info_freqs(phy_info, mode, tb_band[NL80211_BAND_ATTR_FREQS]); 6376 if (ret != NL_OK) 6377 return ret; 6378 ret = phy_info_rates(mode, tb_band[NL80211_BAND_ATTR_RATES]); 6379 if (ret != NL_OK) 6380 return ret; 6381 6382 return NL_OK; 6383} 6384 6385 6386static int phy_info_handler(struct nl_msg *msg, void *arg) 6387{ 6388 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 6389 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6390 struct phy_info_arg *phy_info = arg; 6391 struct nlattr *nl_band; 6392 int rem_band; 6393 6394 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6395 genlmsg_attrlen(gnlh, 0), NULL); 6396 6397 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 6398 return NL_SKIP; 6399 6400 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) 6401 { 6402 int res = phy_info_band(phy_info, nl_band); 6403 if (res != NL_OK) 6404 return res; 6405 } 6406 6407 return NL_SKIP; 6408} 6409 6410 6411static struct hostapd_hw_modes * 6412wpa_driver_nl80211_postprocess_modes(struct hostapd_hw_modes *modes, 6413 u16 *num_modes) 6414{ 6415 u16 m; 6416 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 6417 int i, mode11g_idx = -1; 6418 6419 /* heuristic to set up modes */ 6420 for (m = 0; m < *num_modes; m++) { 6421 if (!modes[m].num_channels) 6422 continue; 6423 if (modes[m].channels[0].freq < 4000) { 6424 modes[m].mode = HOSTAPD_MODE_IEEE80211B; 6425 for (i = 0; i < modes[m].num_rates; i++) { 6426 if (modes[m].rates[i] > 200) { 6427 modes[m].mode = HOSTAPD_MODE_IEEE80211G; 6428 break; 6429 } 6430 } 6431 } else if (modes[m].channels[0].freq > 50000) 6432 modes[m].mode = HOSTAPD_MODE_IEEE80211AD; 6433 else 6434 modes[m].mode = HOSTAPD_MODE_IEEE80211A; 6435 } 6436 6437 /* If only 802.11g mode is included, use it to construct matching 6438 * 802.11b mode data. */ 6439 6440 for (m = 0; m < *num_modes; m++) { 6441 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 6442 return modes; /* 802.11b already included */ 6443 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 6444 mode11g_idx = m; 6445 } 6446 6447 if (mode11g_idx < 0) 6448 return modes; /* 2.4 GHz band not supported at all */ 6449 6450 nmodes = os_realloc_array(modes, *num_modes + 1, sizeof(*nmodes)); 6451 if (nmodes == NULL) 6452 return modes; /* Could not add 802.11b mode */ 6453 6454 mode = &nmodes[*num_modes]; 6455 os_memset(mode, 0, sizeof(*mode)); 6456 (*num_modes)++; 6457 modes = nmodes; 6458 6459 mode->mode = HOSTAPD_MODE_IEEE80211B; 6460 6461 mode11g = &modes[mode11g_idx]; 6462 mode->num_channels = mode11g->num_channels; 6463 mode->channels = os_malloc(mode11g->num_channels * 6464 sizeof(struct hostapd_channel_data)); 6465 if (mode->channels == NULL) { 6466 (*num_modes)--; 6467 return modes; /* Could not add 802.11b mode */ 6468 } 6469 os_memcpy(mode->channels, mode11g->channels, 6470 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 6471 6472 mode->num_rates = 0; 6473 mode->rates = os_malloc(4 * sizeof(int)); 6474 if (mode->rates == NULL) { 6475 os_free(mode->channels); 6476 (*num_modes)--; 6477 return modes; /* Could not add 802.11b mode */ 6478 } 6479 6480 for (i = 0; i < mode11g->num_rates; i++) { 6481 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 6482 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 6483 continue; 6484 mode->rates[mode->num_rates] = mode11g->rates[i]; 6485 mode->num_rates++; 6486 if (mode->num_rates == 4) 6487 break; 6488 } 6489 6490 if (mode->num_rates == 0) { 6491 os_free(mode->channels); 6492 os_free(mode->rates); 6493 (*num_modes)--; 6494 return modes; /* No 802.11b rates */ 6495 } 6496 6497 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 6498 "information"); 6499 6500 return modes; 6501} 6502 6503 6504static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start, 6505 int end) 6506{ 6507 int c; 6508 6509 for (c = 0; c < mode->num_channels; c++) { 6510 struct hostapd_channel_data *chan = &mode->channels[c]; 6511 if (chan->freq - 10 >= start && chan->freq + 10 <= end) 6512 chan->flag |= HOSTAPD_CHAN_HT40; 6513 } 6514} 6515 6516 6517static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start, 6518 int end) 6519{ 6520 int c; 6521 6522 for (c = 0; c < mode->num_channels; c++) { 6523 struct hostapd_channel_data *chan = &mode->channels[c]; 6524 if (!(chan->flag & HOSTAPD_CHAN_HT40)) 6525 continue; 6526 if (chan->freq - 30 >= start && chan->freq - 10 <= end) 6527 chan->flag |= HOSTAPD_CHAN_HT40MINUS; 6528 if (chan->freq + 10 >= start && chan->freq + 30 <= end) 6529 chan->flag |= HOSTAPD_CHAN_HT40PLUS; 6530 } 6531} 6532 6533 6534static void nl80211_reg_rule_max_eirp(u32 start, u32 end, u32 max_eirp, 6535 struct phy_info_arg *results) 6536{ 6537 u16 m; 6538 6539 for (m = 0; m < *results->num_modes; m++) { 6540 int c; 6541 struct hostapd_hw_modes *mode = &results->modes[m]; 6542 6543 for (c = 0; c < mode->num_channels; c++) { 6544 struct hostapd_channel_data *chan = &mode->channels[c]; 6545 if ((u32) chan->freq - 10 >= start && 6546 (u32) chan->freq + 10 <= end) 6547 chan->max_tx_power = max_eirp; 6548 } 6549 } 6550} 6551 6552 6553static void nl80211_reg_rule_ht40(u32 start, u32 end, 6554 struct phy_info_arg *results) 6555{ 6556 u16 m; 6557 6558 for (m = 0; m < *results->num_modes; m++) { 6559 if (!(results->modes[m].ht_capab & 6560 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6561 continue; 6562 nl80211_set_ht40_mode(&results->modes[m], start, end); 6563 } 6564} 6565 6566 6567static void nl80211_reg_rule_sec(struct nlattr *tb[], 6568 struct phy_info_arg *results) 6569{ 6570 u32 start, end, max_bw; 6571 u16 m; 6572 6573 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6574 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6575 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6576 return; 6577 6578 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6579 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6580 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6581 6582 if (max_bw < 20) 6583 return; 6584 6585 for (m = 0; m < *results->num_modes; m++) { 6586 if (!(results->modes[m].ht_capab & 6587 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6588 continue; 6589 nl80211_set_ht40_mode_sec(&results->modes[m], start, end); 6590 } 6591} 6592 6593 6594static void nl80211_set_vht_mode(struct hostapd_hw_modes *mode, int start, 6595 int end) 6596{ 6597 int c; 6598 6599 for (c = 0; c < mode->num_channels; c++) { 6600 struct hostapd_channel_data *chan = &mode->channels[c]; 6601 if (chan->freq - 10 >= start && chan->freq + 70 <= end) 6602 chan->flag |= HOSTAPD_CHAN_VHT_10_70; 6603 6604 if (chan->freq - 30 >= start && chan->freq + 50 <= end) 6605 chan->flag |= HOSTAPD_CHAN_VHT_30_50; 6606 6607 if (chan->freq - 50 >= start && chan->freq + 30 <= end) 6608 chan->flag |= HOSTAPD_CHAN_VHT_50_30; 6609 6610 if (chan->freq - 70 >= start && chan->freq + 10 <= end) 6611 chan->flag |= HOSTAPD_CHAN_VHT_70_10; 6612 } 6613} 6614 6615 6616static void nl80211_reg_rule_vht(struct nlattr *tb[], 6617 struct phy_info_arg *results) 6618{ 6619 u32 start, end, max_bw; 6620 u16 m; 6621 6622 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6623 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6624 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6625 return; 6626 6627 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6628 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6629 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6630 6631 if (max_bw < 80) 6632 return; 6633 6634 for (m = 0; m < *results->num_modes; m++) { 6635 if (!(results->modes[m].ht_capab & 6636 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6637 continue; 6638 /* TODO: use a real VHT support indication */ 6639 if (!results->modes[m].vht_capab) 6640 continue; 6641 6642 nl80211_set_vht_mode(&results->modes[m], start, end); 6643 } 6644} 6645 6646 6647static const char * dfs_domain_name(enum nl80211_dfs_regions region) 6648{ 6649 switch (region) { 6650 case NL80211_DFS_UNSET: 6651 return "DFS-UNSET"; 6652 case NL80211_DFS_FCC: 6653 return "DFS-FCC"; 6654 case NL80211_DFS_ETSI: 6655 return "DFS-ETSI"; 6656 case NL80211_DFS_JP: 6657 return "DFS-JP"; 6658 default: 6659 return "DFS-invalid"; 6660 } 6661} 6662 6663 6664static int nl80211_get_reg(struct nl_msg *msg, void *arg) 6665{ 6666 struct phy_info_arg *results = arg; 6667 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 6668 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6669 struct nlattr *nl_rule; 6670 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1]; 6671 int rem_rule; 6672 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 6673 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 6674 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 6675 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 6676 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 6677 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 6678 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 6679 }; 6680 6681 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6682 genlmsg_attrlen(gnlh, 0), NULL); 6683 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] || 6684 !tb_msg[NL80211_ATTR_REG_RULES]) { 6685 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information " 6686 "available"); 6687 return NL_SKIP; 6688 } 6689 6690 if (tb_msg[NL80211_ATTR_DFS_REGION]) { 6691 enum nl80211_dfs_regions dfs_domain; 6692 dfs_domain = nla_get_u8(tb_msg[NL80211_ATTR_DFS_REGION]); 6693 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s (%s)", 6694 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 6695 dfs_domain_name(dfs_domain)); 6696 } else { 6697 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s", 6698 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2])); 6699 } 6700 6701 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6702 { 6703 u32 start, end, max_eirp = 0, max_bw = 0, flags = 0; 6704 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6705 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6706 if (tb_rule[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6707 tb_rule[NL80211_ATTR_FREQ_RANGE_END] == NULL) 6708 continue; 6709 start = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6710 end = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6711 if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 6712 max_eirp = nla_get_u32(tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) / 100; 6713 if (tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 6714 max_bw = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6715 if (tb_rule[NL80211_ATTR_REG_RULE_FLAGS]) 6716 flags = nla_get_u32(tb_rule[NL80211_ATTR_REG_RULE_FLAGS]); 6717 6718 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz %u mBm%s%s%s%s%s%s%s%s", 6719 start, end, max_bw, max_eirp, 6720 flags & NL80211_RRF_NO_OFDM ? " (no OFDM)" : "", 6721 flags & NL80211_RRF_NO_CCK ? " (no CCK)" : "", 6722 flags & NL80211_RRF_NO_INDOOR ? " (no indoor)" : "", 6723 flags & NL80211_RRF_NO_OUTDOOR ? " (no outdoor)" : 6724 "", 6725 flags & NL80211_RRF_DFS ? " (DFS)" : "", 6726 flags & NL80211_RRF_PTP_ONLY ? " (PTP only)" : "", 6727 flags & NL80211_RRF_PTMP_ONLY ? " (PTMP only)" : "", 6728 flags & NL80211_RRF_NO_IR ? " (no IR)" : ""); 6729 if (max_bw >= 40) 6730 nl80211_reg_rule_ht40(start, end, results); 6731 if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 6732 nl80211_reg_rule_max_eirp(start, end, max_eirp, 6733 results); 6734 } 6735 6736 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6737 { 6738 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6739 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6740 nl80211_reg_rule_sec(tb_rule, results); 6741 } 6742 6743 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6744 { 6745 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6746 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6747 nl80211_reg_rule_vht(tb_rule, results); 6748 } 6749 6750 return NL_SKIP; 6751} 6752 6753 6754static int nl80211_set_regulatory_flags(struct wpa_driver_nl80211_data *drv, 6755 struct phy_info_arg *results) 6756{ 6757 struct nl_msg *msg; 6758 6759 msg = nlmsg_alloc(); 6760 if (!msg) 6761 return -ENOMEM; 6762 6763 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 6764 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results); 6765} 6766 6767 6768static struct hostapd_hw_modes * 6769wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 6770{ 6771 u32 feat; 6772 struct i802_bss *bss = priv; 6773 struct wpa_driver_nl80211_data *drv = bss->drv; 6774 struct nl_msg *msg; 6775 struct phy_info_arg result = { 6776 .num_modes = num_modes, 6777 .modes = NULL, 6778 .last_mode = -1, 6779 }; 6780 6781 *num_modes = 0; 6782 *flags = 0; 6783 6784 msg = nlmsg_alloc(); 6785 if (!msg) 6786 return NULL; 6787 6788 feat = get_nl80211_protocol_features(drv); 6789 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP) 6790 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY); 6791 else 6792 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 6793 6794 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP); 6795 if (nl80211_set_iface_id(msg, bss) < 0) 6796 goto nla_put_failure; 6797 6798 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) { 6799 nl80211_set_regulatory_flags(drv, &result); 6800 return wpa_driver_nl80211_postprocess_modes(result.modes, 6801 num_modes); 6802 } 6803 msg = NULL; 6804 nla_put_failure: 6805 nlmsg_free(msg); 6806 return NULL; 6807} 6808 6809 6810static int wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data *drv, 6811 const void *data, size_t len, 6812 int encrypt, int noack) 6813{ 6814 __u8 rtap_hdr[] = { 6815 0x00, 0x00, /* radiotap version */ 6816 0x0e, 0x00, /* radiotap length */ 6817 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 6818 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 6819 0x00, /* padding */ 6820 0x00, 0x00, /* RX and TX flags to indicate that */ 6821 0x00, 0x00, /* this is the injected frame directly */ 6822 }; 6823 struct iovec iov[2] = { 6824 { 6825 .iov_base = &rtap_hdr, 6826 .iov_len = sizeof(rtap_hdr), 6827 }, 6828 { 6829 .iov_base = (void *) data, 6830 .iov_len = len, 6831 } 6832 }; 6833 struct msghdr msg = { 6834 .msg_name = NULL, 6835 .msg_namelen = 0, 6836 .msg_iov = iov, 6837 .msg_iovlen = 2, 6838 .msg_control = NULL, 6839 .msg_controllen = 0, 6840 .msg_flags = 0, 6841 }; 6842 int res; 6843 u16 txflags = 0; 6844 6845 if (encrypt) 6846 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 6847 6848 if (drv->monitor_sock < 0) { 6849 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available " 6850 "for %s", __func__); 6851 return -1; 6852 } 6853 6854 if (noack) 6855 txflags |= IEEE80211_RADIOTAP_F_TX_NOACK; 6856 WPA_PUT_LE16(&rtap_hdr[12], txflags); 6857 6858 res = sendmsg(drv->monitor_sock, &msg, 0); 6859 if (res < 0) { 6860 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno)); 6861 return -1; 6862 } 6863 return 0; 6864} 6865 6866 6867static int wpa_driver_nl80211_send_frame(struct i802_bss *bss, 6868 const void *data, size_t len, 6869 int encrypt, int noack, 6870 unsigned int freq, int no_cck, 6871 int offchanok, unsigned int wait_time) 6872{ 6873 struct wpa_driver_nl80211_data *drv = bss->drv; 6874 u64 cookie; 6875 int res; 6876 6877 if (freq == 0) { 6878 wpa_printf(MSG_DEBUG, "nl80211: send_frame - Use bss->freq=%u", 6879 bss->freq); 6880 freq = bss->freq; 6881 } 6882 6883 if (drv->use_monitor) { 6884 wpa_printf(MSG_DEBUG, "nl80211: send_frame(freq=%u bss->freq=%u) -> send_mntr", 6885 freq, bss->freq); 6886 return wpa_driver_nl80211_send_mntr(drv, data, len, 6887 encrypt, noack); 6888 } 6889 6890 wpa_printf(MSG_DEBUG, "nl80211: send_frame -> send_frame_cmd"); 6891 res = nl80211_send_frame_cmd(bss, freq, wait_time, data, len, 6892 &cookie, no_cck, noack, offchanok); 6893 if (res == 0 && !noack) { 6894 const struct ieee80211_mgmt *mgmt; 6895 u16 fc; 6896 6897 mgmt = (const struct ieee80211_mgmt *) data; 6898 fc = le_to_host16(mgmt->frame_control); 6899 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6900 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION) { 6901 wpa_printf(MSG_MSGDUMP, 6902 "nl80211: Update send_action_cookie from 0x%llx to 0x%llx", 6903 (long long unsigned int) 6904 drv->send_action_cookie, 6905 (long long unsigned int) cookie); 6906 drv->send_action_cookie = cookie; 6907 } 6908 } 6909 6910 return res; 6911} 6912 6913 6914static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data, 6915 size_t data_len, int noack, 6916 unsigned int freq, int no_cck, 6917 int offchanok, 6918 unsigned int wait_time) 6919{ 6920 struct wpa_driver_nl80211_data *drv = bss->drv; 6921 struct ieee80211_mgmt *mgmt; 6922 int encrypt = 1; 6923 u16 fc; 6924 6925 mgmt = (struct ieee80211_mgmt *) data; 6926 fc = le_to_host16(mgmt->frame_control); 6927 wpa_printf(MSG_DEBUG, "nl80211: send_mlme - noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u fc=0x%x nlmode=%d", 6928 noack, freq, no_cck, offchanok, wait_time, fc, drv->nlmode); 6929 6930 if ((is_sta_interface(drv->nlmode) || 6931 drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) && 6932 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6933 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) { 6934 /* 6935 * The use of last_mgmt_freq is a bit of a hack, 6936 * but it works due to the single-threaded nature 6937 * of wpa_supplicant. 6938 */ 6939 if (freq == 0) { 6940 wpa_printf(MSG_DEBUG, "nl80211: Use last_mgmt_freq=%d", 6941 drv->last_mgmt_freq); 6942 freq = drv->last_mgmt_freq; 6943 } 6944 return nl80211_send_frame_cmd(bss, freq, 0, 6945 data, data_len, NULL, 1, noack, 6946 1); 6947 } 6948 6949 if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) { 6950 if (freq == 0) { 6951 wpa_printf(MSG_DEBUG, "nl80211: Use bss->freq=%d", 6952 bss->freq); 6953 freq = bss->freq; 6954 } 6955 return nl80211_send_frame_cmd(bss, freq, 6956 (int) freq == bss->freq ? 0 : 6957 wait_time, 6958 data, data_len, 6959 &drv->send_action_cookie, 6960 no_cck, noack, offchanok); 6961 } 6962 6963 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6964 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 6965 /* 6966 * Only one of the authentication frame types is encrypted. 6967 * In order for static WEP encryption to work properly (i.e., 6968 * to not encrypt the frame), we need to tell mac80211 about 6969 * the frames that must not be encrypted. 6970 */ 6971 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 6972 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 6973 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 6974 encrypt = 0; 6975 } 6976 6977 wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame"); 6978 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 6979 noack, freq, no_cck, offchanok, 6980 wait_time); 6981} 6982 6983 6984static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble, 6985 int slot, int ht_opmode, int ap_isolate, 6986 int *basic_rates) 6987{ 6988 struct wpa_driver_nl80211_data *drv = bss->drv; 6989 struct nl_msg *msg; 6990 6991 msg = nlmsg_alloc(); 6992 if (!msg) 6993 return -ENOMEM; 6994 6995 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS); 6996 6997 if (cts >= 0) 6998 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 6999 if (preamble >= 0) 7000 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 7001 if (slot >= 0) 7002 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 7003 if (ht_opmode >= 0) 7004 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode); 7005 if (ap_isolate >= 0) 7006 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate); 7007 7008 if (basic_rates) { 7009 u8 rates[NL80211_MAX_SUPP_RATES]; 7010 u8 rates_len = 0; 7011 int i; 7012 7013 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; 7014 i++) 7015 rates[rates_len++] = basic_rates[i] / 5; 7016 7017 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 7018 } 7019 7020 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 7021 7022 return send_and_recv_msgs(drv, msg, NULL, NULL); 7023 nla_put_failure: 7024 nlmsg_free(msg); 7025 return -ENOBUFS; 7026} 7027 7028 7029static int wpa_driver_nl80211_set_acl(void *priv, 7030 struct hostapd_acl_params *params) 7031{ 7032 struct i802_bss *bss = priv; 7033 struct wpa_driver_nl80211_data *drv = bss->drv; 7034 struct nl_msg *msg; 7035 struct nlattr *acl; 7036 unsigned int i; 7037 int ret = 0; 7038 7039 if (!(drv->capa.max_acl_mac_addrs)) 7040 return -ENOTSUP; 7041 7042 if (params->num_mac_acl > drv->capa.max_acl_mac_addrs) 7043 return -ENOTSUP; 7044 7045 msg = nlmsg_alloc(); 7046 if (!msg) 7047 return -ENOMEM; 7048 7049 wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)", 7050 params->acl_policy ? "Accept" : "Deny", params->num_mac_acl); 7051 7052 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_MAC_ACL); 7053 7054 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7055 7056 NLA_PUT_U32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ? 7057 NL80211_ACL_POLICY_DENY_UNLESS_LISTED : 7058 NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED); 7059 7060 acl = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS); 7061 if (acl == NULL) 7062 goto nla_put_failure; 7063 7064 for (i = 0; i < params->num_mac_acl; i++) 7065 NLA_PUT(msg, i + 1, ETH_ALEN, params->mac_acl[i].addr); 7066 7067 nla_nest_end(msg, acl); 7068 7069 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7070 msg = NULL; 7071 if (ret) { 7072 wpa_printf(MSG_DEBUG, "nl80211: Failed to set MAC ACL: %d (%s)", 7073 ret, strerror(-ret)); 7074 } 7075 7076nla_put_failure: 7077 nlmsg_free(msg); 7078 7079 return ret; 7080} 7081 7082 7083static int wpa_driver_nl80211_set_ap(void *priv, 7084 struct wpa_driver_ap_params *params) 7085{ 7086 struct i802_bss *bss = priv; 7087 struct wpa_driver_nl80211_data *drv = bss->drv; 7088 struct nl_msg *msg; 7089 u8 cmd = NL80211_CMD_NEW_BEACON; 7090 int ret; 7091 int beacon_set; 7092 int ifindex = if_nametoindex(bss->ifname); 7093 int num_suites; 7094 u32 suites[10], suite; 7095 u32 ver; 7096 7097 beacon_set = bss->beacon_set; 7098 7099 msg = nlmsg_alloc(); 7100 if (!msg) 7101 return -ENOMEM; 7102 7103 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 7104 beacon_set); 7105 if (beacon_set) 7106 cmd = NL80211_CMD_SET_BEACON; 7107 7108 nl80211_cmd(drv, msg, 0, cmd); 7109 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon head", 7110 params->head, params->head_len); 7111 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head); 7112 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon tail", 7113 params->tail, params->tail_len); 7114 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail); 7115 wpa_printf(MSG_DEBUG, "nl80211: ifindex=%d", ifindex); 7116 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 7117 wpa_printf(MSG_DEBUG, "nl80211: beacon_int=%d", params->beacon_int); 7118 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int); 7119 wpa_printf(MSG_DEBUG, "nl80211: dtim_period=%d", params->dtim_period); 7120 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period); 7121 wpa_hexdump_ascii(MSG_DEBUG, "nl80211: ssid", 7122 params->ssid, params->ssid_len); 7123 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 7124 params->ssid); 7125 if (params->proberesp && params->proberesp_len) { 7126 wpa_hexdump(MSG_DEBUG, "nl80211: proberesp (offload)", 7127 params->proberesp, params->proberesp_len); 7128 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len, 7129 params->proberesp); 7130 } 7131 switch (params->hide_ssid) { 7132 case NO_SSID_HIDING: 7133 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID not in use"); 7134 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7135 NL80211_HIDDEN_SSID_NOT_IN_USE); 7136 break; 7137 case HIDDEN_SSID_ZERO_LEN: 7138 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero len"); 7139 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7140 NL80211_HIDDEN_SSID_ZERO_LEN); 7141 break; 7142 case HIDDEN_SSID_ZERO_CONTENTS: 7143 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero contents"); 7144 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7145 NL80211_HIDDEN_SSID_ZERO_CONTENTS); 7146 break; 7147 } 7148 wpa_printf(MSG_DEBUG, "nl80211: privacy=%d", params->privacy); 7149 if (params->privacy) 7150 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 7151 wpa_printf(MSG_DEBUG, "nl80211: auth_algs=0x%x", params->auth_algs); 7152 if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) == 7153 (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) { 7154 /* Leave out the attribute */ 7155 } else if (params->auth_algs & WPA_AUTH_ALG_SHARED) 7156 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 7157 NL80211_AUTHTYPE_SHARED_KEY); 7158 else 7159 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 7160 NL80211_AUTHTYPE_OPEN_SYSTEM); 7161 7162 wpa_printf(MSG_DEBUG, "nl80211: wpa_version=0x%x", params->wpa_version); 7163 ver = 0; 7164 if (params->wpa_version & WPA_PROTO_WPA) 7165 ver |= NL80211_WPA_VERSION_1; 7166 if (params->wpa_version & WPA_PROTO_RSN) 7167 ver |= NL80211_WPA_VERSION_2; 7168 if (ver) 7169 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 7170 7171 wpa_printf(MSG_DEBUG, "nl80211: key_mgmt_suites=0x%x", 7172 params->key_mgmt_suites); 7173 num_suites = 0; 7174 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X) 7175 suites[num_suites++] = WLAN_AKM_SUITE_8021X; 7176 if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK) 7177 suites[num_suites++] = WLAN_AKM_SUITE_PSK; 7178 if (num_suites) { 7179 NLA_PUT(msg, NL80211_ATTR_AKM_SUITES, 7180 num_suites * sizeof(u32), suites); 7181 } 7182 7183 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X && 7184 params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)) 7185 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT); 7186 7187 wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x", 7188 params->pairwise_ciphers); 7189 num_suites = wpa_cipher_to_cipher_suites(params->pairwise_ciphers, 7190 suites, ARRAY_SIZE(suites)); 7191 if (num_suites) { 7192 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, 7193 num_suites * sizeof(u32), suites); 7194 } 7195 7196 wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x", 7197 params->group_cipher); 7198 suite = wpa_cipher_to_cipher_suite(params->group_cipher); 7199 if (suite) 7200 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite); 7201 7202 if (params->beacon_ies) { 7203 wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies", 7204 params->beacon_ies); 7205 NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies), 7206 wpabuf_head(params->beacon_ies)); 7207 } 7208 if (params->proberesp_ies) { 7209 wpa_hexdump_buf(MSG_DEBUG, "nl80211: proberesp_ies", 7210 params->proberesp_ies); 7211 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 7212 wpabuf_len(params->proberesp_ies), 7213 wpabuf_head(params->proberesp_ies)); 7214 } 7215 if (params->assocresp_ies) { 7216 wpa_hexdump_buf(MSG_DEBUG, "nl80211: assocresp_ies", 7217 params->assocresp_ies); 7218 NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP, 7219 wpabuf_len(params->assocresp_ies), 7220 wpabuf_head(params->assocresp_ies)); 7221 } 7222 7223 if (drv->capa.flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER) { 7224 wpa_printf(MSG_DEBUG, "nl80211: ap_max_inactivity=%d", 7225 params->ap_max_inactivity); 7226 NLA_PUT_U16(msg, NL80211_ATTR_INACTIVITY_TIMEOUT, 7227 params->ap_max_inactivity); 7228 } 7229 7230 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7231 if (ret) { 7232 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 7233 ret, strerror(-ret)); 7234 } else { 7235 bss->beacon_set = 1; 7236 nl80211_set_bss(bss, params->cts_protect, params->preamble, 7237 params->short_slot_time, params->ht_opmode, 7238 params->isolate, params->basic_rates); 7239 } 7240 return ret; 7241 nla_put_failure: 7242 nlmsg_free(msg); 7243 return -ENOBUFS; 7244} 7245 7246 7247static int nl80211_put_freq_params(struct nl_msg *msg, 7248 struct hostapd_freq_params *freq) 7249{ 7250 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq); 7251 if (freq->vht_enabled) { 7252 switch (freq->bandwidth) { 7253 case 20: 7254 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7255 NL80211_CHAN_WIDTH_20); 7256 break; 7257 case 40: 7258 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7259 NL80211_CHAN_WIDTH_40); 7260 break; 7261 case 80: 7262 if (freq->center_freq2) 7263 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7264 NL80211_CHAN_WIDTH_80P80); 7265 else 7266 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7267 NL80211_CHAN_WIDTH_80); 7268 break; 7269 case 160: 7270 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7271 NL80211_CHAN_WIDTH_160); 7272 break; 7273 default: 7274 return -EINVAL; 7275 } 7276 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1); 7277 if (freq->center_freq2) 7278 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2, 7279 freq->center_freq2); 7280 } else if (freq->ht_enabled) { 7281 switch (freq->sec_channel_offset) { 7282 case -1: 7283 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7284 NL80211_CHAN_HT40MINUS); 7285 break; 7286 case 1: 7287 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7288 NL80211_CHAN_HT40PLUS); 7289 break; 7290 default: 7291 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7292 NL80211_CHAN_HT20); 7293 break; 7294 } 7295 } 7296 return 0; 7297 7298nla_put_failure: 7299 return -ENOBUFS; 7300} 7301 7302 7303static int wpa_driver_nl80211_set_freq(struct i802_bss *bss, 7304 struct hostapd_freq_params *freq) 7305{ 7306 struct wpa_driver_nl80211_data *drv = bss->drv; 7307 struct nl_msg *msg; 7308 int ret; 7309 7310 wpa_printf(MSG_DEBUG, 7311 "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)", 7312 freq->freq, freq->ht_enabled, freq->vht_enabled, 7313 freq->bandwidth, freq->center_freq1, freq->center_freq2); 7314 msg = nlmsg_alloc(); 7315 if (!msg) 7316 return -1; 7317 7318 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 7319 7320 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7321 if (nl80211_put_freq_params(msg, freq) < 0) 7322 goto nla_put_failure; 7323 7324 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7325 msg = NULL; 7326 if (ret == 0) { 7327 bss->freq = freq->freq; 7328 return 0; 7329 } 7330 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 7331 "%d (%s)", freq->freq, ret, strerror(-ret)); 7332nla_put_failure: 7333 nlmsg_free(msg); 7334 return -1; 7335} 7336 7337 7338static u32 sta_flags_nl80211(int flags) 7339{ 7340 u32 f = 0; 7341 7342 if (flags & WPA_STA_AUTHORIZED) 7343 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 7344 if (flags & WPA_STA_WMM) 7345 f |= BIT(NL80211_STA_FLAG_WME); 7346 if (flags & WPA_STA_SHORT_PREAMBLE) 7347 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 7348 if (flags & WPA_STA_MFP) 7349 f |= BIT(NL80211_STA_FLAG_MFP); 7350 if (flags & WPA_STA_TDLS_PEER) 7351 f |= BIT(NL80211_STA_FLAG_TDLS_PEER); 7352 7353 return f; 7354} 7355 7356 7357static int wpa_driver_nl80211_sta_add(void *priv, 7358 struct hostapd_sta_add_params *params) 7359{ 7360 struct i802_bss *bss = priv; 7361 struct wpa_driver_nl80211_data *drv = bss->drv; 7362 struct nl_msg *msg; 7363 struct nl80211_sta_flag_update upd; 7364 int ret = -ENOBUFS; 7365 7366 if ((params->flags & WPA_STA_TDLS_PEER) && 7367 !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 7368 return -EOPNOTSUPP; 7369 7370 msg = nlmsg_alloc(); 7371 if (!msg) 7372 return -ENOMEM; 7373 7374 wpa_printf(MSG_DEBUG, "nl80211: %s STA " MACSTR, 7375 params->set ? "Set" : "Add", MAC2STR(params->addr)); 7376 nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION : 7377 NL80211_CMD_NEW_STATION); 7378 7379 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 7380 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 7381 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 7382 params->supp_rates); 7383 wpa_hexdump(MSG_DEBUG, " * supported rates", params->supp_rates, 7384 params->supp_rates_len); 7385 if (!params->set) { 7386 if (params->aid) { 7387 wpa_printf(MSG_DEBUG, " * aid=%u", params->aid); 7388 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 7389 } else { 7390 /* 7391 * cfg80211 validates that AID is non-zero, so we have 7392 * to make this a non-zero value for the TDLS case where 7393 * a dummy STA entry is used for now. 7394 */ 7395 wpa_printf(MSG_DEBUG, " * aid=1 (TDLS workaround)"); 7396 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, 1); 7397 } 7398 wpa_printf(MSG_DEBUG, " * listen_interval=%u", 7399 params->listen_interval); 7400 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 7401 params->listen_interval); 7402 } else if (params->aid && (params->flags & WPA_STA_TDLS_PEER)) { 7403 wpa_printf(MSG_DEBUG, " * peer_aid=%u", params->aid); 7404 NLA_PUT_U16(msg, NL80211_ATTR_PEER_AID, params->aid); 7405 } 7406 if (params->ht_capabilities) { 7407 wpa_hexdump(MSG_DEBUG, " * ht_capabilities", 7408 (u8 *) params->ht_capabilities, 7409 sizeof(*params->ht_capabilities)); 7410 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 7411 sizeof(*params->ht_capabilities), 7412 params->ht_capabilities); 7413 } 7414 7415 if (params->vht_capabilities) { 7416 wpa_hexdump(MSG_DEBUG, " * vht_capabilities", 7417 (u8 *) params->vht_capabilities, 7418 sizeof(*params->vht_capabilities)); 7419 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, 7420 sizeof(*params->vht_capabilities), 7421 params->vht_capabilities); 7422 } 7423 7424 if (params->vht_opmode_enabled) { 7425 wpa_printf(MSG_DEBUG, " * opmode=%u", params->vht_opmode); 7426 NLA_PUT_U8(msg, NL80211_ATTR_OPMODE_NOTIF, 7427 params->vht_opmode); 7428 } 7429 7430 wpa_printf(MSG_DEBUG, " * capability=0x%x", params->capability); 7431 NLA_PUT_U16(msg, NL80211_ATTR_STA_CAPABILITY, params->capability); 7432 7433 if (params->ext_capab) { 7434 wpa_hexdump(MSG_DEBUG, " * ext_capab", 7435 params->ext_capab, params->ext_capab_len); 7436 NLA_PUT(msg, NL80211_ATTR_STA_EXT_CAPABILITY, 7437 params->ext_capab_len, params->ext_capab); 7438 } 7439 7440 if (params->supp_channels) { 7441 wpa_hexdump(MSG_DEBUG, " * supported channels", 7442 params->supp_channels, params->supp_channels_len); 7443 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_CHANNELS, 7444 params->supp_channels_len, params->supp_channels); 7445 } 7446 7447 if (params->supp_oper_classes) { 7448 wpa_hexdump(MSG_DEBUG, " * supported operating classes", 7449 params->supp_oper_classes, 7450 params->supp_oper_classes_len); 7451 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES, 7452 params->supp_oper_classes_len, 7453 params->supp_oper_classes); 7454 } 7455 7456 os_memset(&upd, 0, sizeof(upd)); 7457 upd.mask = sta_flags_nl80211(params->flags); 7458 upd.set = upd.mask; 7459 wpa_printf(MSG_DEBUG, " * flags set=0x%x mask=0x%x", 7460 upd.set, upd.mask); 7461 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 7462 7463 if (params->flags & WPA_STA_WMM) { 7464 struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME); 7465 7466 if (!wme) 7467 goto nla_put_failure; 7468 7469 wpa_printf(MSG_DEBUG, " * qosinfo=0x%x", params->qosinfo); 7470 NLA_PUT_U8(msg, NL80211_STA_WME_UAPSD_QUEUES, 7471 params->qosinfo & WMM_QOSINFO_STA_AC_MASK); 7472 NLA_PUT_U8(msg, NL80211_STA_WME_MAX_SP, 7473 (params->qosinfo >> WMM_QOSINFO_STA_SP_SHIFT) & 7474 WMM_QOSINFO_STA_SP_MASK); 7475 nla_nest_end(msg, wme); 7476 } 7477 7478 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7479 msg = NULL; 7480 if (ret) 7481 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION " 7482 "result: %d (%s)", params->set ? "SET" : "NEW", ret, 7483 strerror(-ret)); 7484 if (ret == -EEXIST) 7485 ret = 0; 7486 nla_put_failure: 7487 nlmsg_free(msg); 7488 return ret; 7489} 7490 7491 7492static int wpa_driver_nl80211_sta_remove(struct i802_bss *bss, const u8 *addr) 7493{ 7494 struct wpa_driver_nl80211_data *drv = bss->drv; 7495 struct nl_msg *msg; 7496 int ret; 7497 7498 msg = nlmsg_alloc(); 7499 if (!msg) 7500 return -ENOMEM; 7501 7502 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 7503 7504 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 7505 if_nametoindex(bss->ifname)); 7506 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7507 7508 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7509 wpa_printf(MSG_DEBUG, "nl80211: sta_remove -> DEL_STATION %s " MACSTR 7510 " --> %d (%s)", 7511 bss->ifname, MAC2STR(addr), ret, strerror(-ret)); 7512 if (ret == -ENOENT) 7513 return 0; 7514 return ret; 7515 nla_put_failure: 7516 nlmsg_free(msg); 7517 return -ENOBUFS; 7518} 7519 7520 7521static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 7522 int ifidx) 7523{ 7524 struct nl_msg *msg; 7525 7526 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 7527 7528 /* stop listening for EAPOL on this interface */ 7529 del_ifidx(drv, ifidx); 7530 7531 msg = nlmsg_alloc(); 7532 if (!msg) 7533 goto nla_put_failure; 7534 7535 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 7536 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 7537 7538 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 7539 return; 7540 msg = NULL; 7541 nla_put_failure: 7542 nlmsg_free(msg); 7543 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 7544} 7545 7546 7547static const char * nl80211_iftype_str(enum nl80211_iftype mode) 7548{ 7549 switch (mode) { 7550 case NL80211_IFTYPE_ADHOC: 7551 return "ADHOC"; 7552 case NL80211_IFTYPE_STATION: 7553 return "STATION"; 7554 case NL80211_IFTYPE_AP: 7555 return "AP"; 7556 case NL80211_IFTYPE_AP_VLAN: 7557 return "AP_VLAN"; 7558 case NL80211_IFTYPE_WDS: 7559 return "WDS"; 7560 case NL80211_IFTYPE_MONITOR: 7561 return "MONITOR"; 7562 case NL80211_IFTYPE_MESH_POINT: 7563 return "MESH_POINT"; 7564 case NL80211_IFTYPE_P2P_CLIENT: 7565 return "P2P_CLIENT"; 7566 case NL80211_IFTYPE_P2P_GO: 7567 return "P2P_GO"; 7568 case NL80211_IFTYPE_P2P_DEVICE: 7569 return "P2P_DEVICE"; 7570 default: 7571 return "unknown"; 7572 } 7573} 7574 7575 7576static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 7577 const char *ifname, 7578 enum nl80211_iftype iftype, 7579 const u8 *addr, int wds, 7580 int (*handler)(struct nl_msg *, void *), 7581 void *arg) 7582{ 7583 struct nl_msg *msg; 7584 int ifidx; 7585 int ret = -ENOBUFS; 7586 7587 wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)", 7588 iftype, nl80211_iftype_str(iftype)); 7589 7590 msg = nlmsg_alloc(); 7591 if (!msg) 7592 return -1; 7593 7594 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE); 7595 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 7596 goto nla_put_failure; 7597 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 7598 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 7599 7600 if (iftype == NL80211_IFTYPE_MONITOR) { 7601 struct nlattr *flags; 7602 7603 flags = nla_nest_start(msg, NL80211_ATTR_MNTR_FLAGS); 7604 if (!flags) 7605 goto nla_put_failure; 7606 7607 NLA_PUT_FLAG(msg, NL80211_MNTR_FLAG_COOK_FRAMES); 7608 7609 nla_nest_end(msg, flags); 7610 } else if (wds) { 7611 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 7612 } 7613 7614 ret = send_and_recv_msgs(drv, msg, handler, arg); 7615 msg = NULL; 7616 if (ret) { 7617 nla_put_failure: 7618 nlmsg_free(msg); 7619 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 7620 ifname, ret, strerror(-ret)); 7621 return ret; 7622 } 7623 7624 if (iftype == NL80211_IFTYPE_P2P_DEVICE) 7625 return 0; 7626 7627 ifidx = if_nametoindex(ifname); 7628 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 7629 ifname, ifidx); 7630 7631 if (ifidx <= 0) 7632 return -1; 7633 7634 /* start listening for EAPOL on this interface */ 7635 add_ifidx(drv, ifidx); 7636 7637 if (addr && iftype != NL80211_IFTYPE_MONITOR && 7638 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) { 7639 nl80211_remove_iface(drv, ifidx); 7640 return -1; 7641 } 7642 7643 return ifidx; 7644} 7645 7646 7647static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 7648 const char *ifname, enum nl80211_iftype iftype, 7649 const u8 *addr, int wds, 7650 int (*handler)(struct nl_msg *, void *), 7651 void *arg, int use_existing) 7652{ 7653 int ret; 7654 7655 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds, handler, 7656 arg); 7657 7658 /* if error occurred and interface exists already */ 7659 if (ret == -ENFILE && if_nametoindex(ifname)) { 7660 if (use_existing) { 7661 wpa_printf(MSG_DEBUG, "nl80211: Continue using existing interface %s", 7662 ifname); 7663 return -ENFILE; 7664 } 7665 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 7666 7667 /* Try to remove the interface that was already there. */ 7668 nl80211_remove_iface(drv, if_nametoindex(ifname)); 7669 7670 /* Try to create the interface again */ 7671 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 7672 wds, handler, arg); 7673 } 7674 7675 if (ret >= 0 && is_p2p_net_interface(iftype)) 7676 nl80211_disable_11b_rates(drv, ret, 1); 7677 7678 return ret; 7679} 7680 7681 7682static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 7683{ 7684 struct ieee80211_hdr *hdr; 7685 u16 fc; 7686 union wpa_event_data event; 7687 7688 hdr = (struct ieee80211_hdr *) buf; 7689 fc = le_to_host16(hdr->frame_control); 7690 7691 os_memset(&event, 0, sizeof(event)); 7692 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 7693 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 7694 event.tx_status.dst = hdr->addr1; 7695 event.tx_status.data = buf; 7696 event.tx_status.data_len = len; 7697 event.tx_status.ack = ok; 7698 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 7699} 7700 7701 7702static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 7703 u8 *buf, size_t len) 7704{ 7705 struct ieee80211_hdr *hdr = (void *)buf; 7706 u16 fc; 7707 union wpa_event_data event; 7708 7709 if (len < sizeof(*hdr)) 7710 return; 7711 7712 fc = le_to_host16(hdr->frame_control); 7713 7714 os_memset(&event, 0, sizeof(event)); 7715 event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len); 7716 event.rx_from_unknown.addr = hdr->addr2; 7717 event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) == 7718 (WLAN_FC_FROMDS | WLAN_FC_TODS); 7719 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 7720} 7721 7722 7723static void handle_frame(struct wpa_driver_nl80211_data *drv, 7724 u8 *buf, size_t len, int datarate, int ssi_signal) 7725{ 7726 struct ieee80211_hdr *hdr; 7727 u16 fc; 7728 union wpa_event_data event; 7729 7730 hdr = (struct ieee80211_hdr *) buf; 7731 fc = le_to_host16(hdr->frame_control); 7732 7733 switch (WLAN_FC_GET_TYPE(fc)) { 7734 case WLAN_FC_TYPE_MGMT: 7735 os_memset(&event, 0, sizeof(event)); 7736 event.rx_mgmt.frame = buf; 7737 event.rx_mgmt.frame_len = len; 7738 event.rx_mgmt.datarate = datarate; 7739 event.rx_mgmt.ssi_signal = ssi_signal; 7740 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 7741 break; 7742 case WLAN_FC_TYPE_CTRL: 7743 /* can only get here with PS-Poll frames */ 7744 wpa_printf(MSG_DEBUG, "CTRL"); 7745 from_unknown_sta(drv, buf, len); 7746 break; 7747 case WLAN_FC_TYPE_DATA: 7748 from_unknown_sta(drv, buf, len); 7749 break; 7750 } 7751} 7752 7753 7754static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 7755{ 7756 struct wpa_driver_nl80211_data *drv = eloop_ctx; 7757 int len; 7758 unsigned char buf[3000]; 7759 struct ieee80211_radiotap_iterator iter; 7760 int ret; 7761 int datarate = 0, ssi_signal = 0; 7762 int injected = 0, failed = 0, rxflags = 0; 7763 7764 len = recv(sock, buf, sizeof(buf), 0); 7765 if (len < 0) { 7766 wpa_printf(MSG_ERROR, "nl80211: Monitor socket recv failed: %s", 7767 strerror(errno)); 7768 return; 7769 } 7770 7771 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) { 7772 wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame"); 7773 return; 7774 } 7775 7776 while (1) { 7777 ret = ieee80211_radiotap_iterator_next(&iter); 7778 if (ret == -ENOENT) 7779 break; 7780 if (ret) { 7781 wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame (%d)", 7782 ret); 7783 return; 7784 } 7785 switch (iter.this_arg_index) { 7786 case IEEE80211_RADIOTAP_FLAGS: 7787 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 7788 len -= 4; 7789 break; 7790 case IEEE80211_RADIOTAP_RX_FLAGS: 7791 rxflags = 1; 7792 break; 7793 case IEEE80211_RADIOTAP_TX_FLAGS: 7794 injected = 1; 7795 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 7796 IEEE80211_RADIOTAP_F_TX_FAIL; 7797 break; 7798 case IEEE80211_RADIOTAP_DATA_RETRIES: 7799 break; 7800 case IEEE80211_RADIOTAP_CHANNEL: 7801 /* TODO: convert from freq/flags to channel number */ 7802 break; 7803 case IEEE80211_RADIOTAP_RATE: 7804 datarate = *iter.this_arg * 5; 7805 break; 7806 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: 7807 ssi_signal = (s8) *iter.this_arg; 7808 break; 7809 } 7810 } 7811 7812 if (rxflags && injected) 7813 return; 7814 7815 if (!injected) 7816 handle_frame(drv, buf + iter.max_length, 7817 len - iter.max_length, datarate, ssi_signal); 7818 else 7819 handle_tx_callback(drv->ctx, buf + iter.max_length, 7820 len - iter.max_length, !failed); 7821} 7822 7823 7824/* 7825 * we post-process the filter code later and rewrite 7826 * this to the offset to the last instruction 7827 */ 7828#define PASS 0xFF 7829#define FAIL 0xFE 7830 7831static struct sock_filter msock_filter_insns[] = { 7832 /* 7833 * do a little-endian load of the radiotap length field 7834 */ 7835 /* load lower byte into A */ 7836 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 7837 /* put it into X (== index register) */ 7838 BPF_STMT(BPF_MISC| BPF_TAX, 0), 7839 /* load upper byte into A */ 7840 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 7841 /* left-shift it by 8 */ 7842 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 7843 /* or with X */ 7844 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 7845 /* put result into X */ 7846 BPF_STMT(BPF_MISC| BPF_TAX, 0), 7847 7848 /* 7849 * Allow management frames through, this also gives us those 7850 * management frames that we sent ourselves with status 7851 */ 7852 /* load the lower byte of the IEEE 802.11 frame control field */ 7853 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7854 /* mask off frame type and version */ 7855 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 7856 /* accept frame if it's both 0, fall through otherwise */ 7857 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 7858 7859 /* 7860 * TODO: add a bit to radiotap RX flags that indicates 7861 * that the sending station is not associated, then 7862 * add a filter here that filters on our DA and that flag 7863 * to allow us to deauth frames to that bad station. 7864 * 7865 * For now allow all To DS data frames through. 7866 */ 7867 /* load the IEEE 802.11 frame control field */ 7868 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0), 7869 /* mask off frame type, version and DS status */ 7870 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03), 7871 /* accept frame if version 0, type 2 and To DS, fall through otherwise 7872 */ 7873 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0), 7874 7875#if 0 7876 /* 7877 * drop non-data frames 7878 */ 7879 /* load the lower byte of the frame control field */ 7880 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7881 /* mask off QoS bit */ 7882 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 7883 /* drop non-data frames */ 7884 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 7885#endif 7886 /* load the upper byte of the frame control field */ 7887 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 7888 /* mask off toDS/fromDS */ 7889 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 7890 /* accept WDS frames */ 7891 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 7892 7893 /* 7894 * add header length to index 7895 */ 7896 /* load the lower byte of the frame control field */ 7897 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7898 /* mask off QoS bit */ 7899 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 7900 /* right shift it by 6 to give 0 or 2 */ 7901 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 7902 /* add data frame header length */ 7903 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 7904 /* add index, was start of 802.11 header */ 7905 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 7906 /* move to index, now start of LL header */ 7907 BPF_STMT(BPF_MISC | BPF_TAX, 0), 7908 7909 /* 7910 * Accept empty data frames, we use those for 7911 * polling activity. 7912 */ 7913 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 7914 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 7915 7916 /* 7917 * Accept EAPOL frames 7918 */ 7919 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 7920 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 7921 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 7922 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 7923 7924 /* keep these last two statements or change the code below */ 7925 /* return 0 == "DROP" */ 7926 BPF_STMT(BPF_RET | BPF_K, 0), 7927 /* return ~0 == "keep all" */ 7928 BPF_STMT(BPF_RET | BPF_K, ~0), 7929}; 7930 7931static struct sock_fprog msock_filter = { 7932 .len = ARRAY_SIZE(msock_filter_insns), 7933 .filter = msock_filter_insns, 7934}; 7935 7936 7937static int add_monitor_filter(int s) 7938{ 7939 int idx; 7940 7941 /* rewrite all PASS/FAIL jump offsets */ 7942 for (idx = 0; idx < msock_filter.len; idx++) { 7943 struct sock_filter *insn = &msock_filter_insns[idx]; 7944 7945 if (BPF_CLASS(insn->code) == BPF_JMP) { 7946 if (insn->code == (BPF_JMP|BPF_JA)) { 7947 if (insn->k == PASS) 7948 insn->k = msock_filter.len - idx - 2; 7949 else if (insn->k == FAIL) 7950 insn->k = msock_filter.len - idx - 3; 7951 } 7952 7953 if (insn->jt == PASS) 7954 insn->jt = msock_filter.len - idx - 2; 7955 else if (insn->jt == FAIL) 7956 insn->jt = msock_filter.len - idx - 3; 7957 7958 if (insn->jf == PASS) 7959 insn->jf = msock_filter.len - idx - 2; 7960 else if (insn->jf == FAIL) 7961 insn->jf = msock_filter.len - idx - 3; 7962 } 7963 } 7964 7965 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 7966 &msock_filter, sizeof(msock_filter))) { 7967 wpa_printf(MSG_ERROR, "nl80211: setsockopt(SO_ATTACH_FILTER) failed: %s", 7968 strerror(errno)); 7969 return -1; 7970 } 7971 7972 return 0; 7973} 7974 7975 7976static void nl80211_remove_monitor_interface( 7977 struct wpa_driver_nl80211_data *drv) 7978{ 7979 if (drv->monitor_refcount > 0) 7980 drv->monitor_refcount--; 7981 wpa_printf(MSG_DEBUG, "nl80211: Remove monitor interface: refcount=%d", 7982 drv->monitor_refcount); 7983 if (drv->monitor_refcount > 0) 7984 return; 7985 7986 if (drv->monitor_ifidx >= 0) { 7987 nl80211_remove_iface(drv, drv->monitor_ifidx); 7988 drv->monitor_ifidx = -1; 7989 } 7990 if (drv->monitor_sock >= 0) { 7991 eloop_unregister_read_sock(drv->monitor_sock); 7992 close(drv->monitor_sock); 7993 drv->monitor_sock = -1; 7994 } 7995} 7996 7997 7998static int 7999nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 8000{ 8001 char buf[IFNAMSIZ]; 8002 struct sockaddr_ll ll; 8003 int optval; 8004 socklen_t optlen; 8005 8006 if (drv->monitor_ifidx >= 0) { 8007 drv->monitor_refcount++; 8008 wpa_printf(MSG_DEBUG, "nl80211: Re-use existing monitor interface: refcount=%d", 8009 drv->monitor_refcount); 8010 return 0; 8011 } 8012 8013 if (os_strncmp(drv->first_bss->ifname, "p2p-", 4) == 0) { 8014 /* 8015 * P2P interface name is of the format p2p-%s-%d. For monitor 8016 * interface name corresponding to P2P GO, replace "p2p-" with 8017 * "mon-" to retain the same interface name length and to 8018 * indicate that it is a monitor interface. 8019 */ 8020 snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss->ifname + 4); 8021 } else { 8022 /* Non-P2P interface with AP functionality. */ 8023 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss->ifname); 8024 } 8025 8026 buf[IFNAMSIZ - 1] = '\0'; 8027 8028 drv->monitor_ifidx = 8029 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 8030 0, NULL, NULL, 0); 8031 8032 if (drv->monitor_ifidx == -EOPNOTSUPP) { 8033 /* 8034 * This is backward compatibility for a few versions of 8035 * the kernel only that didn't advertise the right 8036 * attributes for the only driver that then supported 8037 * AP mode w/o monitor -- ath6kl. 8038 */ 8039 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support " 8040 "monitor interface type - try to run without it"); 8041 drv->device_ap_sme = 1; 8042 } 8043 8044 if (drv->monitor_ifidx < 0) 8045 return -1; 8046 8047 if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1)) 8048 goto error; 8049 8050 memset(&ll, 0, sizeof(ll)); 8051 ll.sll_family = AF_PACKET; 8052 ll.sll_ifindex = drv->monitor_ifidx; 8053 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 8054 if (drv->monitor_sock < 0) { 8055 wpa_printf(MSG_ERROR, "nl80211: socket[PF_PACKET,SOCK_RAW] failed: %s", 8056 strerror(errno)); 8057 goto error; 8058 } 8059 8060 if (add_monitor_filter(drv->monitor_sock)) { 8061 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 8062 "interface; do filtering in user space"); 8063 /* This works, but will cost in performance. */ 8064 } 8065 8066 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 8067 wpa_printf(MSG_ERROR, "nl80211: monitor socket bind failed: %s", 8068 strerror(errno)); 8069 goto error; 8070 } 8071 8072 optlen = sizeof(optval); 8073 optval = 20; 8074 if (setsockopt 8075 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 8076 wpa_printf(MSG_ERROR, "nl80211: Failed to set socket priority: %s", 8077 strerror(errno)); 8078 goto error; 8079 } 8080 8081 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 8082 drv, NULL)) { 8083 wpa_printf(MSG_INFO, "nl80211: Could not register monitor read socket"); 8084 goto error; 8085 } 8086 8087 drv->monitor_refcount++; 8088 return 0; 8089 error: 8090 nl80211_remove_monitor_interface(drv); 8091 return -1; 8092} 8093 8094 8095static int nl80211_setup_ap(struct i802_bss *bss) 8096{ 8097 struct wpa_driver_nl80211_data *drv = bss->drv; 8098 8099 wpa_printf(MSG_DEBUG, "nl80211: Setup AP(%s) - device_ap_sme=%d use_monitor=%d", 8100 bss->ifname, drv->device_ap_sme, drv->use_monitor); 8101 8102 /* 8103 * Disable Probe Request reporting unless we need it in this way for 8104 * devices that include the AP SME, in the other case (unless using 8105 * monitor iface) we'll get it through the nl_mgmt socket instead. 8106 */ 8107 if (!drv->device_ap_sme) 8108 wpa_driver_nl80211_probe_req_report(bss, 0); 8109 8110 if (!drv->device_ap_sme && !drv->use_monitor) 8111 if (nl80211_mgmt_subscribe_ap(bss)) 8112 return -1; 8113 8114 if (drv->device_ap_sme && !drv->use_monitor) 8115 if (nl80211_mgmt_subscribe_ap_dev_sme(bss)) 8116 return -1; 8117 8118 if (!drv->device_ap_sme && drv->use_monitor && 8119 nl80211_create_monitor_interface(drv) && 8120 !drv->device_ap_sme) 8121 return -1; 8122 8123 if (drv->device_ap_sme && 8124 wpa_driver_nl80211_probe_req_report(bss, 1) < 0) { 8125 wpa_printf(MSG_DEBUG, "nl80211: Failed to enable " 8126 "Probe Request frame reporting in AP mode"); 8127 /* Try to survive without this */ 8128 } 8129 8130 return 0; 8131} 8132 8133 8134static void nl80211_teardown_ap(struct i802_bss *bss) 8135{ 8136 struct wpa_driver_nl80211_data *drv = bss->drv; 8137 8138 wpa_printf(MSG_DEBUG, "nl80211: Teardown AP(%s) - device_ap_sme=%d use_monitor=%d", 8139 bss->ifname, drv->device_ap_sme, drv->use_monitor); 8140 if (drv->device_ap_sme) { 8141 wpa_driver_nl80211_probe_req_report(bss, 0); 8142 if (!drv->use_monitor) 8143 nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)"); 8144 } else if (drv->use_monitor) 8145 nl80211_remove_monitor_interface(drv); 8146 else 8147 nl80211_mgmt_unsubscribe(bss, "AP teardown"); 8148 8149 bss->beacon_set = 0; 8150} 8151 8152 8153static int nl80211_send_eapol_data(struct i802_bss *bss, 8154 const u8 *addr, const u8 *data, 8155 size_t data_len) 8156{ 8157 struct sockaddr_ll ll; 8158 int ret; 8159 8160 if (bss->drv->eapol_tx_sock < 0) { 8161 wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL"); 8162 return -1; 8163 } 8164 8165 os_memset(&ll, 0, sizeof(ll)); 8166 ll.sll_family = AF_PACKET; 8167 ll.sll_ifindex = bss->ifindex; 8168 ll.sll_protocol = htons(ETH_P_PAE); 8169 ll.sll_halen = ETH_ALEN; 8170 os_memcpy(ll.sll_addr, addr, ETH_ALEN); 8171 ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0, 8172 (struct sockaddr *) &ll, sizeof(ll)); 8173 if (ret < 0) 8174 wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s", 8175 strerror(errno)); 8176 8177 return ret; 8178} 8179 8180 8181static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 8182 8183static int wpa_driver_nl80211_hapd_send_eapol( 8184 void *priv, const u8 *addr, const u8 *data, 8185 size_t data_len, int encrypt, const u8 *own_addr, u32 flags) 8186{ 8187 struct i802_bss *bss = priv; 8188 struct wpa_driver_nl80211_data *drv = bss->drv; 8189 struct ieee80211_hdr *hdr; 8190 size_t len; 8191 u8 *pos; 8192 int res; 8193 int qos = flags & WPA_STA_WMM; 8194 8195 if (drv->device_ap_sme || !drv->use_monitor) 8196 return nl80211_send_eapol_data(bss, addr, data, data_len); 8197 8198 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 8199 data_len; 8200 hdr = os_zalloc(len); 8201 if (hdr == NULL) { 8202 wpa_printf(MSG_INFO, "nl80211: Failed to allocate EAPOL buffer(len=%lu)", 8203 (unsigned long) len); 8204 return -1; 8205 } 8206 8207 hdr->frame_control = 8208 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 8209 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 8210 if (encrypt) 8211 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 8212 if (qos) { 8213 hdr->frame_control |= 8214 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 8215 } 8216 8217 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 8218 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 8219 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 8220 pos = (u8 *) (hdr + 1); 8221 8222 if (qos) { 8223 /* Set highest priority in QoS header */ 8224 pos[0] = 7; 8225 pos[1] = 0; 8226 pos += 2; 8227 } 8228 8229 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 8230 pos += sizeof(rfc1042_header); 8231 WPA_PUT_BE16(pos, ETH_P_PAE); 8232 pos += 2; 8233 memcpy(pos, data, data_len); 8234 8235 res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0, 8236 0, 0, 0, 0); 8237 if (res < 0) { 8238 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 8239 "failed: %d (%s)", 8240 (unsigned long) len, errno, strerror(errno)); 8241 } 8242 os_free(hdr); 8243 8244 return res; 8245} 8246 8247 8248static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 8249 int total_flags, 8250 int flags_or, int flags_and) 8251{ 8252 struct i802_bss *bss = priv; 8253 struct wpa_driver_nl80211_data *drv = bss->drv; 8254 struct nl_msg *msg; 8255 struct nlattr *flags; 8256 struct nl80211_sta_flag_update upd; 8257 8258 msg = nlmsg_alloc(); 8259 if (!msg) 8260 return -ENOMEM; 8261 8262 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 8263 8264 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 8265 if_nametoindex(bss->ifname)); 8266 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8267 8268 /* 8269 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 8270 * can be removed eventually. 8271 */ 8272 flags = nla_nest_start(msg, NL80211_ATTR_STA_FLAGS); 8273 if (!flags) 8274 goto nla_put_failure; 8275 if (total_flags & WPA_STA_AUTHORIZED) 8276 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_AUTHORIZED); 8277 8278 if (total_flags & WPA_STA_WMM) 8279 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_WME); 8280 8281 if (total_flags & WPA_STA_SHORT_PREAMBLE) 8282 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_SHORT_PREAMBLE); 8283 8284 if (total_flags & WPA_STA_MFP) 8285 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_MFP); 8286 8287 if (total_flags & WPA_STA_TDLS_PEER) 8288 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_TDLS_PEER); 8289 8290 nla_nest_end(msg, flags); 8291 8292 os_memset(&upd, 0, sizeof(upd)); 8293 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 8294 upd.set = sta_flags_nl80211(flags_or); 8295 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 8296 8297 return send_and_recv_msgs(drv, msg, NULL, NULL); 8298 nla_put_failure: 8299 nlmsg_free(msg); 8300 return -ENOBUFS; 8301} 8302 8303 8304static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 8305 struct wpa_driver_associate_params *params) 8306{ 8307 enum nl80211_iftype nlmode, old_mode; 8308 struct hostapd_freq_params freq = { 8309 .freq = params->freq, 8310 }; 8311 8312 if (params->p2p) { 8313 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P " 8314 "group (GO)"); 8315 nlmode = NL80211_IFTYPE_P2P_GO; 8316 } else 8317 nlmode = NL80211_IFTYPE_AP; 8318 8319 old_mode = drv->nlmode; 8320 if (wpa_driver_nl80211_set_mode(drv->first_bss, nlmode)) { 8321 nl80211_remove_monitor_interface(drv); 8322 return -1; 8323 } 8324 8325 if (wpa_driver_nl80211_set_freq(drv->first_bss, &freq)) { 8326 if (old_mode != nlmode) 8327 wpa_driver_nl80211_set_mode(drv->first_bss, old_mode); 8328 nl80211_remove_monitor_interface(drv); 8329 return -1; 8330 } 8331 8332 return 0; 8333} 8334 8335 8336static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 8337{ 8338 struct nl_msg *msg; 8339 int ret = -1; 8340 8341 msg = nlmsg_alloc(); 8342 if (!msg) 8343 return -1; 8344 8345 nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS); 8346 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8347 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8348 msg = NULL; 8349 if (ret) { 8350 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 8351 "(%s)", ret, strerror(-ret)); 8352 goto nla_put_failure; 8353 } 8354 8355 ret = 0; 8356 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 8357 8358nla_put_failure: 8359 if (wpa_driver_nl80211_set_mode(drv->first_bss, 8360 NL80211_IFTYPE_STATION)) { 8361 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 8362 "station mode"); 8363 } 8364 8365 nlmsg_free(msg); 8366 return ret; 8367} 8368 8369 8370static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 8371 struct wpa_driver_associate_params *params) 8372{ 8373 struct nl_msg *msg; 8374 int ret = -1; 8375 int count = 0; 8376 8377 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 8378 8379 if (wpa_driver_nl80211_set_mode(drv->first_bss, 8380 NL80211_IFTYPE_ADHOC)) { 8381 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 8382 "IBSS mode"); 8383 return -1; 8384 } 8385 8386retry: 8387 msg = nlmsg_alloc(); 8388 if (!msg) 8389 return -1; 8390 8391 nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS); 8392 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8393 8394 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 8395 goto nla_put_failure; 8396 8397 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 8398 params->ssid, params->ssid_len); 8399 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 8400 params->ssid); 8401 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 8402 drv->ssid_len = params->ssid_len; 8403 8404 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 8405 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 8406 8407 if (params->beacon_int > 0) { 8408 wpa_printf(MSG_DEBUG, " * beacon_int=%d", params->beacon_int); 8409 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, 8410 params->beacon_int); 8411 } 8412 8413 ret = nl80211_set_conn_keys(params, msg); 8414 if (ret) 8415 goto nla_put_failure; 8416 8417 if (params->bssid && params->fixed_bssid) { 8418 wpa_printf(MSG_DEBUG, " * BSSID=" MACSTR, 8419 MAC2STR(params->bssid)); 8420 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 8421 } 8422 8423 if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X || 8424 params->key_mgmt_suite == WPA_KEY_MGMT_PSK || 8425 params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 || 8426 params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) { 8427 wpa_printf(MSG_DEBUG, " * control port"); 8428 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 8429 } 8430 8431 if (params->wpa_ie) { 8432 wpa_hexdump(MSG_DEBUG, 8433 " * Extra IEs for Beacon/Probe Response frames", 8434 params->wpa_ie, params->wpa_ie_len); 8435 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 8436 params->wpa_ie); 8437 } 8438 8439 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8440 msg = NULL; 8441 if (ret) { 8442 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 8443 ret, strerror(-ret)); 8444 count++; 8445 if (ret == -EALREADY && count == 1) { 8446 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 8447 "forced leave"); 8448 nl80211_leave_ibss(drv); 8449 nlmsg_free(msg); 8450 goto retry; 8451 } 8452 8453 goto nla_put_failure; 8454 } 8455 ret = 0; 8456 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 8457 8458nla_put_failure: 8459 nlmsg_free(msg); 8460 return ret; 8461} 8462 8463 8464static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, 8465 struct wpa_driver_associate_params *params, 8466 struct nl_msg *msg) 8467{ 8468 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8469 8470 if (params->bssid) { 8471 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 8472 MAC2STR(params->bssid)); 8473 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 8474 } 8475 8476 if (params->bssid_hint) { 8477 wpa_printf(MSG_DEBUG, " * bssid_hint=" MACSTR, 8478 MAC2STR(params->bssid_hint)); 8479 NLA_PUT(msg, NL80211_ATTR_MAC_HINT, ETH_ALEN, 8480 params->bssid_hint); 8481 } 8482 8483 if (params->freq) { 8484 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 8485 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 8486 drv->assoc_freq = params->freq; 8487 } else 8488 drv->assoc_freq = 0; 8489 8490 if (params->freq_hint) { 8491 wpa_printf(MSG_DEBUG, " * freq_hint=%d", params->freq_hint); 8492 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ_HINT, 8493 params->freq_hint); 8494 } 8495 8496 if (params->bg_scan_period >= 0) { 8497 wpa_printf(MSG_DEBUG, " * bg scan period=%d", 8498 params->bg_scan_period); 8499 NLA_PUT_U16(msg, NL80211_ATTR_BG_SCAN_PERIOD, 8500 params->bg_scan_period); 8501 } 8502 8503 if (params->ssid) { 8504 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 8505 params->ssid, params->ssid_len); 8506 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 8507 params->ssid); 8508 if (params->ssid_len > sizeof(drv->ssid)) 8509 goto nla_put_failure; 8510 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 8511 drv->ssid_len = params->ssid_len; 8512 } 8513 8514 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 8515 if (params->wpa_ie) 8516 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 8517 params->wpa_ie); 8518 8519 if (params->wpa_proto) { 8520 enum nl80211_wpa_versions ver = 0; 8521 8522 if (params->wpa_proto & WPA_PROTO_WPA) 8523 ver |= NL80211_WPA_VERSION_1; 8524 if (params->wpa_proto & WPA_PROTO_RSN) 8525 ver |= NL80211_WPA_VERSION_2; 8526 8527 wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver); 8528 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 8529 } 8530 8531 if (params->pairwise_suite != WPA_CIPHER_NONE) { 8532 u32 cipher = wpa_cipher_to_cipher_suite(params->pairwise_suite); 8533 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher); 8534 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 8535 } 8536 8537 if (params->group_suite == WPA_CIPHER_GTK_NOT_USED && 8538 !(drv->capa.enc & WPA_DRIVER_CAPA_ENC_GTK_NOT_USED)) { 8539 /* 8540 * This is likely to work even though many drivers do not 8541 * advertise support for operations without GTK. 8542 */ 8543 wpa_printf(MSG_DEBUG, " * skip group cipher configuration for GTK_NOT_USED due to missing driver support advertisement"); 8544 } else if (params->group_suite != WPA_CIPHER_NONE) { 8545 u32 cipher = wpa_cipher_to_cipher_suite(params->group_suite); 8546 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher); 8547 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 8548 } 8549 8550 if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X || 8551 params->key_mgmt_suite == WPA_KEY_MGMT_PSK || 8552 params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X || 8553 params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK || 8554 params->key_mgmt_suite == WPA_KEY_MGMT_CCKM || 8555 params->key_mgmt_suite == WPA_KEY_MGMT_OSEN) { 8556 int mgmt = WLAN_AKM_SUITE_PSK; 8557 8558 switch (params->key_mgmt_suite) { 8559 case WPA_KEY_MGMT_CCKM: 8560 mgmt = WLAN_AKM_SUITE_CCKM; 8561 break; 8562 case WPA_KEY_MGMT_IEEE8021X: 8563 mgmt = WLAN_AKM_SUITE_8021X; 8564 break; 8565 case WPA_KEY_MGMT_FT_IEEE8021X: 8566 mgmt = WLAN_AKM_SUITE_FT_8021X; 8567 break; 8568 case WPA_KEY_MGMT_FT_PSK: 8569 mgmt = WLAN_AKM_SUITE_FT_PSK; 8570 break; 8571 case WPA_KEY_MGMT_OSEN: 8572 mgmt = WLAN_AKM_SUITE_OSEN; 8573 break; 8574 case WPA_KEY_MGMT_PSK: 8575 default: 8576 mgmt = WLAN_AKM_SUITE_PSK; 8577 break; 8578 } 8579 wpa_printf(MSG_DEBUG, " * akm=0x%x", mgmt); 8580 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 8581 } 8582 8583 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 8584 8585 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 8586 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 8587 8588 if (params->disable_ht) 8589 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT); 8590 8591 if (params->htcaps && params->htcaps_mask) { 8592 int sz = sizeof(struct ieee80211_ht_capabilities); 8593 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps); 8594 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz, 8595 params->htcaps_mask); 8596 } 8597 8598#ifdef CONFIG_VHT_OVERRIDES 8599 if (params->disable_vht) { 8600 wpa_printf(MSG_DEBUG, " * VHT disabled"); 8601 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_VHT); 8602 } 8603 8604 if (params->vhtcaps && params->vhtcaps_mask) { 8605 int sz = sizeof(struct ieee80211_vht_capabilities); 8606 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, sz, params->vhtcaps); 8607 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz, 8608 params->vhtcaps_mask); 8609 } 8610#endif /* CONFIG_VHT_OVERRIDES */ 8611 8612 if (params->p2p) 8613 wpa_printf(MSG_DEBUG, " * P2P group"); 8614 8615 return 0; 8616nla_put_failure: 8617 return -1; 8618} 8619 8620 8621static int wpa_driver_nl80211_try_connect( 8622 struct wpa_driver_nl80211_data *drv, 8623 struct wpa_driver_associate_params *params) 8624{ 8625 struct nl_msg *msg; 8626 enum nl80211_auth_type type; 8627 int ret; 8628 int algs; 8629 8630 msg = nlmsg_alloc(); 8631 if (!msg) 8632 return -1; 8633 8634 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 8635 nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT); 8636 8637 ret = nl80211_connect_common(drv, params, msg); 8638 if (ret) 8639 goto nla_put_failure; 8640 8641 algs = 0; 8642 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 8643 algs++; 8644 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 8645 algs++; 8646 if (params->auth_alg & WPA_AUTH_ALG_LEAP) 8647 algs++; 8648 if (algs > 1) { 8649 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " 8650 "selection"); 8651 goto skip_auth_type; 8652 } 8653 8654 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 8655 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 8656 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 8657 type = NL80211_AUTHTYPE_SHARED_KEY; 8658 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 8659 type = NL80211_AUTHTYPE_NETWORK_EAP; 8660 else if (params->auth_alg & WPA_AUTH_ALG_FT) 8661 type = NL80211_AUTHTYPE_FT; 8662 else 8663 goto nla_put_failure; 8664 8665 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 8666 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 8667 8668skip_auth_type: 8669 ret = nl80211_set_conn_keys(params, msg); 8670 if (ret) 8671 goto nla_put_failure; 8672 8673 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8674 msg = NULL; 8675 if (ret) { 8676 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 8677 "(%s)", ret, strerror(-ret)); 8678 goto nla_put_failure; 8679 } 8680 ret = 0; 8681 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 8682 8683nla_put_failure: 8684 nlmsg_free(msg); 8685 return ret; 8686 8687} 8688 8689 8690static int wpa_driver_nl80211_connect( 8691 struct wpa_driver_nl80211_data *drv, 8692 struct wpa_driver_associate_params *params) 8693{ 8694 int ret = wpa_driver_nl80211_try_connect(drv, params); 8695 if (ret == -EALREADY) { 8696 /* 8697 * cfg80211 does not currently accept new connections if 8698 * we are already connected. As a workaround, force 8699 * disconnection and try again. 8700 */ 8701 wpa_printf(MSG_DEBUG, "nl80211: Explicitly " 8702 "disconnecting before reassociation " 8703 "attempt"); 8704 if (wpa_driver_nl80211_disconnect( 8705 drv, WLAN_REASON_PREV_AUTH_NOT_VALID)) 8706 return -1; 8707 ret = wpa_driver_nl80211_try_connect(drv, params); 8708 } 8709 return ret; 8710} 8711 8712 8713static int wpa_driver_nl80211_associate( 8714 void *priv, struct wpa_driver_associate_params *params) 8715{ 8716 struct i802_bss *bss = priv; 8717 struct wpa_driver_nl80211_data *drv = bss->drv; 8718 int ret; 8719 struct nl_msg *msg; 8720 8721 if (params->mode == IEEE80211_MODE_AP) 8722 return wpa_driver_nl80211_ap(drv, params); 8723 8724 if (params->mode == IEEE80211_MODE_IBSS) 8725 return wpa_driver_nl80211_ibss(drv, params); 8726 8727 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 8728 enum nl80211_iftype nlmode = params->p2p ? 8729 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 8730 8731 if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0) 8732 return -1; 8733 return wpa_driver_nl80211_connect(drv, params); 8734 } 8735 8736 nl80211_mark_disconnected(drv); 8737 8738 msg = nlmsg_alloc(); 8739 if (!msg) 8740 return -1; 8741 8742 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 8743 drv->ifindex); 8744 nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE); 8745 8746 ret = nl80211_connect_common(drv, params, msg); 8747 if (ret) 8748 goto nla_put_failure; 8749 8750 if (params->prev_bssid) { 8751 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 8752 MAC2STR(params->prev_bssid)); 8753 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 8754 params->prev_bssid); 8755 } 8756 8757 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8758 msg = NULL; 8759 if (ret) { 8760 wpa_dbg(drv->ctx, MSG_DEBUG, 8761 "nl80211: MLME command failed (assoc): ret=%d (%s)", 8762 ret, strerror(-ret)); 8763 nl80211_dump_scan(drv); 8764 goto nla_put_failure; 8765 } 8766 ret = 0; 8767 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 8768 "successfully"); 8769 8770nla_put_failure: 8771 nlmsg_free(msg); 8772 return ret; 8773} 8774 8775 8776static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 8777 int ifindex, enum nl80211_iftype mode) 8778{ 8779 struct nl_msg *msg; 8780 int ret = -ENOBUFS; 8781 8782 wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)", 8783 ifindex, mode, nl80211_iftype_str(mode)); 8784 8785 msg = nlmsg_alloc(); 8786 if (!msg) 8787 return -ENOMEM; 8788 8789 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE); 8790 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 8791 goto nla_put_failure; 8792 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 8793 8794 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8795 msg = NULL; 8796 if (!ret) 8797 return 0; 8798nla_put_failure: 8799 nlmsg_free(msg); 8800 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 8801 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 8802 return ret; 8803} 8804 8805 8806static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 8807 enum nl80211_iftype nlmode) 8808{ 8809 struct wpa_driver_nl80211_data *drv = bss->drv; 8810 int ret = -1; 8811 int i; 8812 int was_ap = is_ap_interface(drv->nlmode); 8813 int res; 8814 8815 res = nl80211_set_mode(drv, drv->ifindex, nlmode); 8816 if (res && nlmode == nl80211_get_ifmode(bss)) 8817 res = 0; 8818 8819 if (res == 0) { 8820 drv->nlmode = nlmode; 8821 ret = 0; 8822 goto done; 8823 } 8824 8825 if (res == -ENODEV) 8826 return -1; 8827 8828 if (nlmode == drv->nlmode) { 8829 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 8830 "requested mode - ignore error"); 8831 ret = 0; 8832 goto done; /* Already in the requested mode */ 8833 } 8834 8835 /* mac80211 doesn't allow mode changes while the device is up, so 8836 * take the device down, try to set the mode again, and bring the 8837 * device back up. 8838 */ 8839 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting " 8840 "interface down"); 8841 for (i = 0; i < 10; i++) { 8842 res = i802_set_iface_flags(bss, 0); 8843 if (res == -EACCES || res == -ENODEV) 8844 break; 8845 if (res == 0) { 8846 /* Try to set the mode again while the interface is 8847 * down */ 8848 ret = nl80211_set_mode(drv, drv->ifindex, nlmode); 8849 if (ret == -EACCES) 8850 break; 8851 res = i802_set_iface_flags(bss, 1); 8852 if (res && !ret) 8853 ret = -1; 8854 else if (ret != -EBUSY) 8855 break; 8856 } else 8857 wpa_printf(MSG_DEBUG, "nl80211: Failed to set " 8858 "interface down"); 8859 os_sleep(0, 100000); 8860 } 8861 8862 if (!ret) { 8863 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 8864 "interface is down"); 8865 drv->nlmode = nlmode; 8866 drv->ignore_if_down_event = 1; 8867 } 8868 8869done: 8870 if (ret) { 8871 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 8872 "from %d failed", nlmode, drv->nlmode); 8873 return ret; 8874 } 8875 8876 if (is_p2p_net_interface(nlmode)) 8877 nl80211_disable_11b_rates(drv, drv->ifindex, 1); 8878 else if (drv->disabled_11b_rates) 8879 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 8880 8881 if (is_ap_interface(nlmode)) { 8882 nl80211_mgmt_unsubscribe(bss, "start AP"); 8883 /* Setup additional AP mode functionality if needed */ 8884 if (nl80211_setup_ap(bss)) 8885 return -1; 8886 } else if (was_ap) { 8887 /* Remove additional AP mode functionality */ 8888 nl80211_teardown_ap(bss); 8889 } else { 8890 nl80211_mgmt_unsubscribe(bss, "mode change"); 8891 } 8892 8893 if (!bss->in_deinit && !is_ap_interface(nlmode) && 8894 nl80211_mgmt_subscribe_non_ap(bss) < 0) 8895 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 8896 "frame processing - ignore for now"); 8897 8898 return 0; 8899} 8900 8901 8902static int dfs_info_handler(struct nl_msg *msg, void *arg) 8903{ 8904 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 8905 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 8906 int *dfs_capability_ptr = arg; 8907 8908 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 8909 genlmsg_attrlen(gnlh, 0), NULL); 8910 8911 if (tb[NL80211_ATTR_VENDOR_DATA]) { 8912 struct nlattr *nl_vend = tb[NL80211_ATTR_VENDOR_DATA]; 8913 struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1]; 8914 8915 nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_MAX, 8916 nla_data(nl_vend), nla_len(nl_vend), NULL); 8917 8918 if (tb_vendor[QCA_WLAN_VENDOR_ATTR_DFS]) { 8919 u32 val; 8920 val = nla_get_u32(tb_vendor[QCA_WLAN_VENDOR_ATTR_DFS]); 8921 wpa_printf(MSG_DEBUG, "nl80211: DFS offload capability: %u", 8922 val); 8923 *dfs_capability_ptr = val; 8924 } 8925 } 8926 8927 return NL_SKIP; 8928} 8929 8930 8931static int wpa_driver_nl80211_get_capa(void *priv, 8932 struct wpa_driver_capa *capa) 8933{ 8934 struct i802_bss *bss = priv; 8935 struct wpa_driver_nl80211_data *drv = bss->drv; 8936 struct nl_msg *msg; 8937 int dfs_capability = 0; 8938 int ret = 0; 8939 8940 if (!drv->has_capability) 8941 return -1; 8942 os_memcpy(capa, &drv->capa, sizeof(*capa)); 8943 if (drv->extended_capa && drv->extended_capa_mask) { 8944 capa->extended_capa = drv->extended_capa; 8945 capa->extended_capa_mask = drv->extended_capa_mask; 8946 capa->extended_capa_len = drv->extended_capa_len; 8947 } 8948 8949 if ((capa->flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) && 8950 !drv->allow_p2p_device) { 8951 wpa_printf(MSG_DEBUG, "nl80211: Do not indicate P2P_DEVICE support (p2p_device=1 driver param not specified)"); 8952 capa->flags &= ~WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE; 8953 } 8954 8955 if (drv->dfs_vendor_cmd_avail == 1) { 8956 msg = nlmsg_alloc(); 8957 if (!msg) 8958 return -ENOMEM; 8959 8960 nl80211_cmd(drv, msg, 0, NL80211_CMD_VENDOR); 8961 8962 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8963 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA); 8964 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_SUBCMD, 8965 QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY); 8966 8967 ret = send_and_recv_msgs(drv, msg, dfs_info_handler, 8968 &dfs_capability); 8969 if (!ret) { 8970 if (dfs_capability) 8971 capa->flags |= WPA_DRIVER_FLAGS_DFS_OFFLOAD; 8972 } 8973 } 8974 8975 return ret; 8976 8977 nla_put_failure: 8978 nlmsg_free(msg); 8979 return -ENOBUFS; 8980} 8981 8982 8983static int wpa_driver_nl80211_set_operstate(void *priv, int state) 8984{ 8985 struct i802_bss *bss = priv; 8986 struct wpa_driver_nl80211_data *drv = bss->drv; 8987 8988 wpa_printf(MSG_DEBUG, "nl80211: Set %s operstate %d->%d (%s)", 8989 bss->ifname, drv->operstate, state, 8990 state ? "UP" : "DORMANT"); 8991 drv->operstate = state; 8992 return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1, 8993 state ? IF_OPER_UP : IF_OPER_DORMANT); 8994} 8995 8996 8997static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 8998{ 8999 struct i802_bss *bss = priv; 9000 struct wpa_driver_nl80211_data *drv = bss->drv; 9001 struct nl_msg *msg; 9002 struct nl80211_sta_flag_update upd; 9003 int ret = -ENOBUFS; 9004 9005 if (!drv->associated && is_zero_ether_addr(drv->bssid) && !authorized) { 9006 wpa_printf(MSG_DEBUG, "nl80211: Skip set_supp_port(unauthorized) while not associated"); 9007 return 0; 9008 } 9009 9010 wpa_printf(MSG_DEBUG, "nl80211: Set supplicant port %sauthorized for " 9011 MACSTR, authorized ? "" : "un", MAC2STR(drv->bssid)); 9012 9013 msg = nlmsg_alloc(); 9014 if (!msg) 9015 return -ENOMEM; 9016 9017 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 9018 9019 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9020 if_nametoindex(bss->ifname)); 9021 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 9022 9023 os_memset(&upd, 0, sizeof(upd)); 9024 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 9025 if (authorized) 9026 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 9027 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 9028 9029 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9030 msg = NULL; 9031 if (!ret) 9032 return 0; 9033 nla_put_failure: 9034 nlmsg_free(msg); 9035 wpa_printf(MSG_DEBUG, "nl80211: Failed to set STA flag: %d (%s)", 9036 ret, strerror(-ret)); 9037 return ret; 9038} 9039 9040 9041/* Set kernel driver on given frequency (MHz) */ 9042static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 9043{ 9044 struct i802_bss *bss = priv; 9045 return wpa_driver_nl80211_set_freq(bss, freq); 9046} 9047 9048 9049static inline int min_int(int a, int b) 9050{ 9051 if (a < b) 9052 return a; 9053 return b; 9054} 9055 9056 9057static int get_key_handler(struct nl_msg *msg, void *arg) 9058{ 9059 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9060 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9061 9062 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9063 genlmsg_attrlen(gnlh, 0), NULL); 9064 9065 /* 9066 * TODO: validate the key index and mac address! 9067 * Otherwise, there's a race condition as soon as 9068 * the kernel starts sending key notifications. 9069 */ 9070 9071 if (tb[NL80211_ATTR_KEY_SEQ]) 9072 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 9073 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 9074 return NL_SKIP; 9075} 9076 9077 9078static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 9079 int idx, u8 *seq) 9080{ 9081 struct i802_bss *bss = priv; 9082 struct wpa_driver_nl80211_data *drv = bss->drv; 9083 struct nl_msg *msg; 9084 9085 msg = nlmsg_alloc(); 9086 if (!msg) 9087 return -ENOMEM; 9088 9089 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY); 9090 9091 if (addr) 9092 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9093 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 9094 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 9095 9096 memset(seq, 0, 6); 9097 9098 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 9099 nla_put_failure: 9100 nlmsg_free(msg); 9101 return -ENOBUFS; 9102} 9103 9104 9105static int i802_set_rts(void *priv, int rts) 9106{ 9107 struct i802_bss *bss = priv; 9108 struct wpa_driver_nl80211_data *drv = bss->drv; 9109 struct nl_msg *msg; 9110 int ret = -ENOBUFS; 9111 u32 val; 9112 9113 msg = nlmsg_alloc(); 9114 if (!msg) 9115 return -ENOMEM; 9116 9117 if (rts >= 2347) 9118 val = (u32) -1; 9119 else 9120 val = rts; 9121 9122 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 9123 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 9124 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 9125 9126 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9127 msg = NULL; 9128 if (!ret) 9129 return 0; 9130nla_put_failure: 9131 nlmsg_free(msg); 9132 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 9133 "%d (%s)", rts, ret, strerror(-ret)); 9134 return ret; 9135} 9136 9137 9138static int i802_set_frag(void *priv, int frag) 9139{ 9140 struct i802_bss *bss = priv; 9141 struct wpa_driver_nl80211_data *drv = bss->drv; 9142 struct nl_msg *msg; 9143 int ret = -ENOBUFS; 9144 u32 val; 9145 9146 msg = nlmsg_alloc(); 9147 if (!msg) 9148 return -ENOMEM; 9149 9150 if (frag >= 2346) 9151 val = (u32) -1; 9152 else 9153 val = frag; 9154 9155 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 9156 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 9157 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 9158 9159 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9160 msg = NULL; 9161 if (!ret) 9162 return 0; 9163nla_put_failure: 9164 nlmsg_free(msg); 9165 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 9166 "%d: %d (%s)", frag, ret, strerror(-ret)); 9167 return ret; 9168} 9169 9170 9171static int i802_flush(void *priv) 9172{ 9173 struct i802_bss *bss = priv; 9174 struct wpa_driver_nl80211_data *drv = bss->drv; 9175 struct nl_msg *msg; 9176 int res; 9177 9178 msg = nlmsg_alloc(); 9179 if (!msg) 9180 return -1; 9181 9182 wpa_printf(MSG_DEBUG, "nl80211: flush -> DEL_STATION %s (all)", 9183 bss->ifname); 9184 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 9185 9186 /* 9187 * XXX: FIX! this needs to flush all VLANs too 9188 */ 9189 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9190 if_nametoindex(bss->ifname)); 9191 9192 res = send_and_recv_msgs(drv, msg, NULL, NULL); 9193 if (res) { 9194 wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d " 9195 "(%s)", res, strerror(-res)); 9196 } 9197 return res; 9198 nla_put_failure: 9199 nlmsg_free(msg); 9200 return -ENOBUFS; 9201} 9202 9203 9204static int get_sta_handler(struct nl_msg *msg, void *arg) 9205{ 9206 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9207 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9208 struct hostap_sta_driver_data *data = arg; 9209 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 9210 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 9211 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 9212 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 9213 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 9214 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 9215 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 9216 [NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32 }, 9217 }; 9218 9219 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9220 genlmsg_attrlen(gnlh, 0), NULL); 9221 9222 /* 9223 * TODO: validate the interface and mac address! 9224 * Otherwise, there's a race condition as soon as 9225 * the kernel starts sending station notifications. 9226 */ 9227 9228 if (!tb[NL80211_ATTR_STA_INFO]) { 9229 wpa_printf(MSG_DEBUG, "sta stats missing!"); 9230 return NL_SKIP; 9231 } 9232 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 9233 tb[NL80211_ATTR_STA_INFO], 9234 stats_policy)) { 9235 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 9236 return NL_SKIP; 9237 } 9238 9239 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 9240 data->inactive_msec = 9241 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 9242 if (stats[NL80211_STA_INFO_RX_BYTES]) 9243 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 9244 if (stats[NL80211_STA_INFO_TX_BYTES]) 9245 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 9246 if (stats[NL80211_STA_INFO_RX_PACKETS]) 9247 data->rx_packets = 9248 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 9249 if (stats[NL80211_STA_INFO_TX_PACKETS]) 9250 data->tx_packets = 9251 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 9252 if (stats[NL80211_STA_INFO_TX_FAILED]) 9253 data->tx_retry_failed = 9254 nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]); 9255 9256 return NL_SKIP; 9257} 9258 9259static int i802_read_sta_data(struct i802_bss *bss, 9260 struct hostap_sta_driver_data *data, 9261 const u8 *addr) 9262{ 9263 struct wpa_driver_nl80211_data *drv = bss->drv; 9264 struct nl_msg *msg; 9265 9266 os_memset(data, 0, sizeof(*data)); 9267 msg = nlmsg_alloc(); 9268 if (!msg) 9269 return -ENOMEM; 9270 9271 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 9272 9273 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9274 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 9275 9276 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 9277 nla_put_failure: 9278 nlmsg_free(msg); 9279 return -ENOBUFS; 9280} 9281 9282 9283static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 9284 int cw_min, int cw_max, int burst_time) 9285{ 9286 struct i802_bss *bss = priv; 9287 struct wpa_driver_nl80211_data *drv = bss->drv; 9288 struct nl_msg *msg; 9289 struct nlattr *txq, *params; 9290 9291 msg = nlmsg_alloc(); 9292 if (!msg) 9293 return -1; 9294 9295 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 9296 9297 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 9298 9299 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 9300 if (!txq) 9301 goto nla_put_failure; 9302 9303 /* We are only sending parameters for a single TXQ at a time */ 9304 params = nla_nest_start(msg, 1); 9305 if (!params) 9306 goto nla_put_failure; 9307 9308 switch (queue) { 9309 case 0: 9310 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO); 9311 break; 9312 case 1: 9313 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI); 9314 break; 9315 case 2: 9316 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE); 9317 break; 9318 case 3: 9319 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK); 9320 break; 9321 } 9322 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 9323 * 32 usec, so need to convert the value here. */ 9324 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 9325 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 9326 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 9327 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 9328 9329 nla_nest_end(msg, params); 9330 9331 nla_nest_end(msg, txq); 9332 9333 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 9334 return 0; 9335 msg = NULL; 9336 nla_put_failure: 9337 nlmsg_free(msg); 9338 return -1; 9339} 9340 9341 9342static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr, 9343 const char *ifname, int vlan_id) 9344{ 9345 struct wpa_driver_nl80211_data *drv = bss->drv; 9346 struct nl_msg *msg; 9347 int ret = -ENOBUFS; 9348 9349 msg = nlmsg_alloc(); 9350 if (!msg) 9351 return -ENOMEM; 9352 9353 wpa_printf(MSG_DEBUG, "nl80211: %s[%d]: set_sta_vlan(" MACSTR 9354 ", ifname=%s[%d], vlan_id=%d)", 9355 bss->ifname, if_nametoindex(bss->ifname), 9356 MAC2STR(addr), ifname, if_nametoindex(ifname), vlan_id); 9357 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 9358 9359 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9360 if_nametoindex(bss->ifname)); 9361 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9362 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 9363 if_nametoindex(ifname)); 9364 9365 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9366 msg = NULL; 9367 if (ret < 0) { 9368 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 9369 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 9370 MAC2STR(addr), ifname, vlan_id, ret, 9371 strerror(-ret)); 9372 } 9373 nla_put_failure: 9374 nlmsg_free(msg); 9375 return ret; 9376} 9377 9378 9379static int i802_get_inact_sec(void *priv, const u8 *addr) 9380{ 9381 struct hostap_sta_driver_data data; 9382 int ret; 9383 9384 data.inactive_msec = (unsigned long) -1; 9385 ret = i802_read_sta_data(priv, &data, addr); 9386 if (ret || data.inactive_msec == (unsigned long) -1) 9387 return -1; 9388 return data.inactive_msec / 1000; 9389} 9390 9391 9392static int i802_sta_clear_stats(void *priv, const u8 *addr) 9393{ 9394#if 0 9395 /* TODO */ 9396#endif 9397 return 0; 9398} 9399 9400 9401static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 9402 int reason) 9403{ 9404 struct i802_bss *bss = priv; 9405 struct wpa_driver_nl80211_data *drv = bss->drv; 9406 struct ieee80211_mgmt mgmt; 9407 9408 if (drv->device_ap_sme) 9409 return wpa_driver_nl80211_sta_remove(bss, addr); 9410 9411 memset(&mgmt, 0, sizeof(mgmt)); 9412 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 9413 WLAN_FC_STYPE_DEAUTH); 9414 memcpy(mgmt.da, addr, ETH_ALEN); 9415 memcpy(mgmt.sa, own_addr, ETH_ALEN); 9416 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 9417 mgmt.u.deauth.reason_code = host_to_le16(reason); 9418 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 9419 IEEE80211_HDRLEN + 9420 sizeof(mgmt.u.deauth), 0, 0, 0, 0, 9421 0); 9422} 9423 9424 9425static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 9426 int reason) 9427{ 9428 struct i802_bss *bss = priv; 9429 struct wpa_driver_nl80211_data *drv = bss->drv; 9430 struct ieee80211_mgmt mgmt; 9431 9432 if (drv->device_ap_sme) 9433 return wpa_driver_nl80211_sta_remove(bss, addr); 9434 9435 memset(&mgmt, 0, sizeof(mgmt)); 9436 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 9437 WLAN_FC_STYPE_DISASSOC); 9438 memcpy(mgmt.da, addr, ETH_ALEN); 9439 memcpy(mgmt.sa, own_addr, ETH_ALEN); 9440 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 9441 mgmt.u.disassoc.reason_code = host_to_le16(reason); 9442 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 9443 IEEE80211_HDRLEN + 9444 sizeof(mgmt.u.disassoc), 0, 0, 0, 0, 9445 0); 9446} 9447 9448 9449static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9450{ 9451 int i; 9452 int *old; 9453 9454 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 9455 ifidx); 9456 for (i = 0; i < drv->num_if_indices; i++) { 9457 if (drv->if_indices[i] == 0) { 9458 drv->if_indices[i] = ifidx; 9459 return; 9460 } 9461 } 9462 9463 if (drv->if_indices != drv->default_if_indices) 9464 old = drv->if_indices; 9465 else 9466 old = NULL; 9467 9468 drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1, 9469 sizeof(int)); 9470 if (!drv->if_indices) { 9471 if (!old) 9472 drv->if_indices = drv->default_if_indices; 9473 else 9474 drv->if_indices = old; 9475 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 9476 "interfaces"); 9477 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 9478 return; 9479 } else if (!old) 9480 os_memcpy(drv->if_indices, drv->default_if_indices, 9481 sizeof(drv->default_if_indices)); 9482 drv->if_indices[drv->num_if_indices] = ifidx; 9483 drv->num_if_indices++; 9484} 9485 9486 9487static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9488{ 9489 int i; 9490 9491 for (i = 0; i < drv->num_if_indices; i++) { 9492 if (drv->if_indices[i] == ifidx) { 9493 drv->if_indices[i] = 0; 9494 break; 9495 } 9496 } 9497} 9498 9499 9500static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9501{ 9502 int i; 9503 9504 for (i = 0; i < drv->num_if_indices; i++) 9505 if (drv->if_indices[i] == ifidx) 9506 return 1; 9507 9508 return 0; 9509} 9510 9511 9512static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, 9513 const char *bridge_ifname, char *ifname_wds) 9514{ 9515 struct i802_bss *bss = priv; 9516 struct wpa_driver_nl80211_data *drv = bss->drv; 9517 char name[IFNAMSIZ + 1]; 9518 9519 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 9520 if (ifname_wds) 9521 os_strlcpy(ifname_wds, name, IFNAMSIZ + 1); 9522 9523 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 9524 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 9525 if (val) { 9526 if (!if_nametoindex(name)) { 9527 if (nl80211_create_iface(drv, name, 9528 NL80211_IFTYPE_AP_VLAN, 9529 bss->addr, 1, NULL, NULL, 0) < 9530 0) 9531 return -1; 9532 if (bridge_ifname && 9533 linux_br_add_if(drv->global->ioctl_sock, 9534 bridge_ifname, name) < 0) 9535 return -1; 9536 } 9537 if (linux_set_iface_flags(drv->global->ioctl_sock, name, 1)) { 9538 wpa_printf(MSG_ERROR, "nl80211: Failed to set WDS STA " 9539 "interface %s up", name); 9540 } 9541 return i802_set_sta_vlan(priv, addr, name, 0); 9542 } else { 9543 if (bridge_ifname) 9544 linux_br_del_if(drv->global->ioctl_sock, bridge_ifname, 9545 name); 9546 9547 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 9548 nl80211_remove_iface(drv, if_nametoindex(name)); 9549 return 0; 9550 } 9551} 9552 9553 9554static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 9555{ 9556 struct wpa_driver_nl80211_data *drv = eloop_ctx; 9557 struct sockaddr_ll lladdr; 9558 unsigned char buf[3000]; 9559 int len; 9560 socklen_t fromlen = sizeof(lladdr); 9561 9562 len = recvfrom(sock, buf, sizeof(buf), 0, 9563 (struct sockaddr *)&lladdr, &fromlen); 9564 if (len < 0) { 9565 wpa_printf(MSG_ERROR, "nl80211: EAPOL recv failed: %s", 9566 strerror(errno)); 9567 return; 9568 } 9569 9570 if (have_ifidx(drv, lladdr.sll_ifindex)) 9571 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 9572} 9573 9574 9575static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 9576 struct i802_bss *bss, 9577 const char *brname, const char *ifname) 9578{ 9579 int ifindex; 9580 char in_br[IFNAMSIZ]; 9581 9582 os_strlcpy(bss->brname, brname, IFNAMSIZ); 9583 ifindex = if_nametoindex(brname); 9584 if (ifindex == 0) { 9585 /* 9586 * Bridge was configured, but the bridge device does 9587 * not exist. Try to add it now. 9588 */ 9589 if (linux_br_add(drv->global->ioctl_sock, brname) < 0) { 9590 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 9591 "bridge interface %s: %s", 9592 brname, strerror(errno)); 9593 return -1; 9594 } 9595 bss->added_bridge = 1; 9596 add_ifidx(drv, if_nametoindex(brname)); 9597 } 9598 9599 if (linux_br_get(in_br, ifname) == 0) { 9600 if (os_strcmp(in_br, brname) == 0) 9601 return 0; /* already in the bridge */ 9602 9603 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 9604 "bridge %s", ifname, in_br); 9605 if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) < 9606 0) { 9607 wpa_printf(MSG_ERROR, "nl80211: Failed to " 9608 "remove interface %s from bridge " 9609 "%s: %s", 9610 ifname, brname, strerror(errno)); 9611 return -1; 9612 } 9613 } 9614 9615 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 9616 ifname, brname); 9617 if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) { 9618 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 9619 "into bridge %s: %s", 9620 ifname, brname, strerror(errno)); 9621 return -1; 9622 } 9623 bss->added_if_into_bridge = 1; 9624 9625 return 0; 9626} 9627 9628 9629static void *i802_init(struct hostapd_data *hapd, 9630 struct wpa_init_params *params) 9631{ 9632 struct wpa_driver_nl80211_data *drv; 9633 struct i802_bss *bss; 9634 size_t i; 9635 char brname[IFNAMSIZ]; 9636 int ifindex, br_ifindex; 9637 int br_added = 0; 9638 9639 bss = wpa_driver_nl80211_drv_init(hapd, params->ifname, 9640 params->global_priv, 1, 9641 params->bssid); 9642 if (bss == NULL) 9643 return NULL; 9644 9645 drv = bss->drv; 9646 9647 if (linux_br_get(brname, params->ifname) == 0) { 9648 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 9649 params->ifname, brname); 9650 br_ifindex = if_nametoindex(brname); 9651 } else { 9652 brname[0] = '\0'; 9653 br_ifindex = 0; 9654 } 9655 9656 for (i = 0; i < params->num_bridge; i++) { 9657 if (params->bridge[i]) { 9658 ifindex = if_nametoindex(params->bridge[i]); 9659 if (ifindex) 9660 add_ifidx(drv, ifindex); 9661 if (ifindex == br_ifindex) 9662 br_added = 1; 9663 } 9664 } 9665 if (!br_added && br_ifindex && 9666 (params->num_bridge == 0 || !params->bridge[0])) 9667 add_ifidx(drv, br_ifindex); 9668 9669 /* start listening for EAPOL on the default AP interface */ 9670 add_ifidx(drv, drv->ifindex); 9671 9672 if (params->num_bridge && params->bridge[0] && 9673 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0) 9674 goto failed; 9675 9676 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 9677 if (drv->eapol_sock < 0) { 9678 wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s", 9679 strerror(errno)); 9680 goto failed; 9681 } 9682 9683 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 9684 { 9685 wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol"); 9686 goto failed; 9687 } 9688 9689 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 9690 params->own_addr)) 9691 goto failed; 9692 9693 memcpy(bss->addr, params->own_addr, ETH_ALEN); 9694 9695 return bss; 9696 9697failed: 9698 wpa_driver_nl80211_deinit(bss); 9699 return NULL; 9700} 9701 9702 9703static void i802_deinit(void *priv) 9704{ 9705 struct i802_bss *bss = priv; 9706 wpa_driver_nl80211_deinit(bss); 9707} 9708 9709 9710static enum nl80211_iftype wpa_driver_nl80211_if_type( 9711 enum wpa_driver_if_type type) 9712{ 9713 switch (type) { 9714 case WPA_IF_STATION: 9715 return NL80211_IFTYPE_STATION; 9716 case WPA_IF_P2P_CLIENT: 9717 case WPA_IF_P2P_GROUP: 9718 return NL80211_IFTYPE_P2P_CLIENT; 9719 case WPA_IF_AP_VLAN: 9720 return NL80211_IFTYPE_AP_VLAN; 9721 case WPA_IF_AP_BSS: 9722 return NL80211_IFTYPE_AP; 9723 case WPA_IF_P2P_GO: 9724 return NL80211_IFTYPE_P2P_GO; 9725 case WPA_IF_P2P_DEVICE: 9726 return NL80211_IFTYPE_P2P_DEVICE; 9727 } 9728 return -1; 9729} 9730 9731 9732#ifdef CONFIG_P2P 9733 9734static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr) 9735{ 9736 struct wpa_driver_nl80211_data *drv; 9737 dl_list_for_each(drv, &global->interfaces, 9738 struct wpa_driver_nl80211_data, list) { 9739 if (os_memcmp(addr, drv->first_bss->addr, ETH_ALEN) == 0) 9740 return 1; 9741 } 9742 return 0; 9743} 9744 9745 9746static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv, 9747 u8 *new_addr) 9748{ 9749 unsigned int idx; 9750 9751 if (!drv->global) 9752 return -1; 9753 9754 os_memcpy(new_addr, drv->first_bss->addr, ETH_ALEN); 9755 for (idx = 0; idx < 64; idx++) { 9756 new_addr[0] = drv->first_bss->addr[0] | 0x02; 9757 new_addr[0] ^= idx << 2; 9758 if (!nl80211_addr_in_use(drv->global, new_addr)) 9759 break; 9760 } 9761 if (idx == 64) 9762 return -1; 9763 9764 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address " 9765 MACSTR, MAC2STR(new_addr)); 9766 9767 return 0; 9768} 9769 9770#endif /* CONFIG_P2P */ 9771 9772 9773struct wdev_info { 9774 u64 wdev_id; 9775 int wdev_id_set; 9776 u8 macaddr[ETH_ALEN]; 9777}; 9778 9779static int nl80211_wdev_handler(struct nl_msg *msg, void *arg) 9780{ 9781 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9782 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9783 struct wdev_info *wi = arg; 9784 9785 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9786 genlmsg_attrlen(gnlh, 0), NULL); 9787 if (tb[NL80211_ATTR_WDEV]) { 9788 wi->wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 9789 wi->wdev_id_set = 1; 9790 } 9791 9792 if (tb[NL80211_ATTR_MAC]) 9793 os_memcpy(wi->macaddr, nla_data(tb[NL80211_ATTR_MAC]), 9794 ETH_ALEN); 9795 9796 return NL_SKIP; 9797} 9798 9799 9800static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 9801 const char *ifname, const u8 *addr, 9802 void *bss_ctx, void **drv_priv, 9803 char *force_ifname, u8 *if_addr, 9804 const char *bridge, int use_existing) 9805{ 9806 enum nl80211_iftype nlmode; 9807 struct i802_bss *bss = priv; 9808 struct wpa_driver_nl80211_data *drv = bss->drv; 9809 int ifidx; 9810 int added = 1; 9811 9812 if (addr) 9813 os_memcpy(if_addr, addr, ETH_ALEN); 9814 nlmode = wpa_driver_nl80211_if_type(type); 9815 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) { 9816 struct wdev_info p2pdev_info; 9817 9818 os_memset(&p2pdev_info, 0, sizeof(p2pdev_info)); 9819 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr, 9820 0, nl80211_wdev_handler, 9821 &p2pdev_info, use_existing); 9822 if (!p2pdev_info.wdev_id_set || ifidx != 0) { 9823 wpa_printf(MSG_ERROR, "nl80211: Failed to create a P2P Device interface %s", 9824 ifname); 9825 return -1; 9826 } 9827 9828 drv->global->if_add_wdevid = p2pdev_info.wdev_id; 9829 drv->global->if_add_wdevid_set = p2pdev_info.wdev_id_set; 9830 if (!is_zero_ether_addr(p2pdev_info.macaddr)) 9831 os_memcpy(if_addr, p2pdev_info.macaddr, ETH_ALEN); 9832 wpa_printf(MSG_DEBUG, "nl80211: New P2P Device interface %s (0x%llx) created", 9833 ifname, 9834 (long long unsigned int) p2pdev_info.wdev_id); 9835 } else { 9836 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr, 9837 0, NULL, NULL, use_existing); 9838 if (use_existing && ifidx == -ENFILE) { 9839 added = 0; 9840 ifidx = if_nametoindex(ifname); 9841 } else if (ifidx < 0) { 9842 return -1; 9843 } 9844 } 9845 9846 if (!addr) { 9847 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) 9848 os_memcpy(if_addr, bss->addr, ETH_ALEN); 9849 else if (linux_get_ifhwaddr(drv->global->ioctl_sock, 9850 bss->ifname, if_addr) < 0) { 9851 if (added) 9852 nl80211_remove_iface(drv, ifidx); 9853 return -1; 9854 } 9855 } 9856 9857#ifdef CONFIG_P2P 9858 if (!addr && 9859 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP || 9860 type == WPA_IF_P2P_GO)) { 9861 /* Enforce unique P2P Interface Address */ 9862 u8 new_addr[ETH_ALEN]; 9863 9864 if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname, 9865 new_addr) < 0) { 9866 nl80211_remove_iface(drv, ifidx); 9867 return -1; 9868 } 9869 if (nl80211_addr_in_use(drv->global, new_addr)) { 9870 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address " 9871 "for P2P group interface"); 9872 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) { 9873 nl80211_remove_iface(drv, ifidx); 9874 return -1; 9875 } 9876 if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 9877 new_addr) < 0) { 9878 nl80211_remove_iface(drv, ifidx); 9879 return -1; 9880 } 9881 } 9882 os_memcpy(if_addr, new_addr, ETH_ALEN); 9883 } 9884#endif /* CONFIG_P2P */ 9885 9886 if (type == WPA_IF_AP_BSS) { 9887 struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss)); 9888 if (new_bss == NULL) { 9889 if (added) 9890 nl80211_remove_iface(drv, ifidx); 9891 return -1; 9892 } 9893 9894 if (bridge && 9895 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) { 9896 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new " 9897 "interface %s to a bridge %s", 9898 ifname, bridge); 9899 if (added) 9900 nl80211_remove_iface(drv, ifidx); 9901 os_free(new_bss); 9902 return -1; 9903 } 9904 9905 if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1)) 9906 { 9907 nl80211_remove_iface(drv, ifidx); 9908 os_free(new_bss); 9909 return -1; 9910 } 9911 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 9912 os_memcpy(new_bss->addr, if_addr, ETH_ALEN); 9913 new_bss->ifindex = ifidx; 9914 new_bss->drv = drv; 9915 new_bss->next = drv->first_bss->next; 9916 new_bss->freq = drv->first_bss->freq; 9917 new_bss->ctx = bss_ctx; 9918 new_bss->added_if = added; 9919 drv->first_bss->next = new_bss; 9920 if (drv_priv) 9921 *drv_priv = new_bss; 9922 nl80211_init_bss(new_bss); 9923 9924 /* Subscribe management frames for this WPA_IF_AP_BSS */ 9925 if (nl80211_setup_ap(new_bss)) 9926 return -1; 9927 } 9928 9929 if (drv->global) 9930 drv->global->if_add_ifindex = ifidx; 9931 9932 return 0; 9933} 9934 9935 9936static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, 9937 enum wpa_driver_if_type type, 9938 const char *ifname) 9939{ 9940 struct wpa_driver_nl80211_data *drv = bss->drv; 9941 int ifindex = if_nametoindex(ifname); 9942 9943 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d added_if=%d", 9944 __func__, type, ifname, ifindex, bss->added_if); 9945 if (ifindex > 0 && (bss->added_if || bss->ifindex != ifindex)) 9946 nl80211_remove_iface(drv, ifindex); 9947 9948 if (type != WPA_IF_AP_BSS) 9949 return 0; 9950 9951 if (bss->added_if_into_bridge) { 9952 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 9953 bss->ifname) < 0) 9954 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 9955 "interface %s from bridge %s: %s", 9956 bss->ifname, bss->brname, strerror(errno)); 9957 } 9958 if (bss->added_bridge) { 9959 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 9960 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 9961 "bridge %s: %s", 9962 bss->brname, strerror(errno)); 9963 } 9964 9965 if (bss != drv->first_bss) { 9966 struct i802_bss *tbss; 9967 9968 wpa_printf(MSG_DEBUG, "nl80211: Not the first BSS - remove it"); 9969 for (tbss = drv->first_bss; tbss; tbss = tbss->next) { 9970 if (tbss->next == bss) { 9971 tbss->next = bss->next; 9972 /* Unsubscribe management frames */ 9973 nl80211_teardown_ap(bss); 9974 nl80211_destroy_bss(bss); 9975 os_free(bss); 9976 bss = NULL; 9977 break; 9978 } 9979 } 9980 if (bss) 9981 wpa_printf(MSG_INFO, "nl80211: %s - could not find " 9982 "BSS %p in the list", __func__, bss); 9983 } else { 9984 wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); 9985 nl80211_teardown_ap(bss); 9986 if (!bss->added_if && !drv->first_bss->next) 9987 wpa_driver_nl80211_del_beacon(drv); 9988 nl80211_destroy_bss(bss); 9989 if (!bss->added_if) 9990 i802_set_iface_flags(bss, 0); 9991 if (drv->first_bss->next) { 9992 drv->first_bss = drv->first_bss->next; 9993 drv->ctx = drv->first_bss->ctx; 9994 os_free(bss); 9995 } else { 9996 wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to"); 9997 } 9998 } 9999 10000 return 0; 10001} 10002 10003 10004static int cookie_handler(struct nl_msg *msg, void *arg) 10005{ 10006 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10007 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10008 u64 *cookie = arg; 10009 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10010 genlmsg_attrlen(gnlh, 0), NULL); 10011 if (tb[NL80211_ATTR_COOKIE]) 10012 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 10013 return NL_SKIP; 10014} 10015 10016 10017static int nl80211_send_frame_cmd(struct i802_bss *bss, 10018 unsigned int freq, unsigned int wait, 10019 const u8 *buf, size_t buf_len, 10020 u64 *cookie_out, int no_cck, int no_ack, 10021 int offchanok) 10022{ 10023 struct wpa_driver_nl80211_data *drv = bss->drv; 10024 struct nl_msg *msg; 10025 u64 cookie; 10026 int ret = -1; 10027 10028 msg = nlmsg_alloc(); 10029 if (!msg) 10030 return -1; 10031 10032 wpa_printf(MSG_MSGDUMP, "nl80211: CMD_FRAME freq=%u wait=%u no_cck=%d " 10033 "no_ack=%d offchanok=%d", 10034 freq, wait, no_cck, no_ack, offchanok); 10035 wpa_hexdump(MSG_MSGDUMP, "CMD_FRAME", buf, buf_len); 10036 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME); 10037 10038 if (nl80211_set_iface_id(msg, bss) < 0) 10039 goto nla_put_failure; 10040 if (freq) 10041 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 10042 if (wait) 10043 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait); 10044 if (offchanok && ((drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) || 10045 drv->test_use_roc_tx)) 10046 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 10047 if (no_cck) 10048 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 10049 if (no_ack) 10050 NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK); 10051 10052 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf); 10053 10054 cookie = 0; 10055 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 10056 msg = NULL; 10057 if (ret) { 10058 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d " 10059 "(%s) (freq=%u wait=%u)", ret, strerror(-ret), 10060 freq, wait); 10061 goto nla_put_failure; 10062 } 10063 wpa_printf(MSG_MSGDUMP, "nl80211: Frame TX command accepted%s; " 10064 "cookie 0x%llx", no_ack ? " (no ACK)" : "", 10065 (long long unsigned int) cookie); 10066 10067 if (cookie_out) 10068 *cookie_out = no_ack ? (u64) -1 : cookie; 10069 10070nla_put_failure: 10071 nlmsg_free(msg); 10072 return ret; 10073} 10074 10075 10076static int wpa_driver_nl80211_send_action(struct i802_bss *bss, 10077 unsigned int freq, 10078 unsigned int wait_time, 10079 const u8 *dst, const u8 *src, 10080 const u8 *bssid, 10081 const u8 *data, size_t data_len, 10082 int no_cck) 10083{ 10084 struct wpa_driver_nl80211_data *drv = bss->drv; 10085 int ret = -1; 10086 u8 *buf; 10087 struct ieee80211_hdr *hdr; 10088 10089 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, " 10090 "freq=%u MHz wait=%d ms no_cck=%d)", 10091 drv->ifindex, freq, wait_time, no_cck); 10092 10093 buf = os_zalloc(24 + data_len); 10094 if (buf == NULL) 10095 return ret; 10096 os_memcpy(buf + 24, data, data_len); 10097 hdr = (struct ieee80211_hdr *) buf; 10098 hdr->frame_control = 10099 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 10100 os_memcpy(hdr->addr1, dst, ETH_ALEN); 10101 os_memcpy(hdr->addr2, src, ETH_ALEN); 10102 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 10103 10104 if (is_ap_interface(drv->nlmode) && 10105 (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) || 10106 (int) freq == bss->freq || drv->device_ap_sme || 10107 !drv->use_monitor)) 10108 ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len, 10109 0, freq, no_cck, 1, 10110 wait_time); 10111 else 10112 ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf, 10113 24 + data_len, 10114 &drv->send_action_cookie, 10115 no_cck, 0, 1); 10116 10117 os_free(buf); 10118 return ret; 10119} 10120 10121 10122static void wpa_driver_nl80211_send_action_cancel_wait(void *priv) 10123{ 10124 struct i802_bss *bss = priv; 10125 struct wpa_driver_nl80211_data *drv = bss->drv; 10126 struct nl_msg *msg; 10127 int ret; 10128 10129 msg = nlmsg_alloc(); 10130 if (!msg) 10131 return; 10132 10133 wpa_printf(MSG_DEBUG, "nl80211: Cancel TX frame wait: cookie=0x%llx", 10134 (long long unsigned int) drv->send_action_cookie); 10135 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL); 10136 10137 if (nl80211_set_iface_id(msg, bss) < 0) 10138 goto nla_put_failure; 10139 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie); 10140 10141 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10142 msg = NULL; 10143 if (ret) 10144 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d " 10145 "(%s)", ret, strerror(-ret)); 10146 10147 nla_put_failure: 10148 nlmsg_free(msg); 10149} 10150 10151 10152static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 10153 unsigned int duration) 10154{ 10155 struct i802_bss *bss = priv; 10156 struct wpa_driver_nl80211_data *drv = bss->drv; 10157 struct nl_msg *msg; 10158 int ret; 10159 u64 cookie; 10160 10161 msg = nlmsg_alloc(); 10162 if (!msg) 10163 return -1; 10164 10165 nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL); 10166 10167 if (nl80211_set_iface_id(msg, bss) < 0) 10168 goto nla_put_failure; 10169 10170 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 10171 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 10172 10173 cookie = 0; 10174 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 10175 msg = NULL; 10176 if (ret == 0) { 10177 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 10178 "0x%llx for freq=%u MHz duration=%u", 10179 (long long unsigned int) cookie, freq, duration); 10180 drv->remain_on_chan_cookie = cookie; 10181 drv->pending_remain_on_chan = 1; 10182 return 0; 10183 } 10184 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 10185 "(freq=%d duration=%u): %d (%s)", 10186 freq, duration, ret, strerror(-ret)); 10187nla_put_failure: 10188 nlmsg_free(msg); 10189 return -1; 10190} 10191 10192 10193static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 10194{ 10195 struct i802_bss *bss = priv; 10196 struct wpa_driver_nl80211_data *drv = bss->drv; 10197 struct nl_msg *msg; 10198 int ret; 10199 10200 if (!drv->pending_remain_on_chan) { 10201 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 10202 "to cancel"); 10203 return -1; 10204 } 10205 10206 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 10207 "0x%llx", 10208 (long long unsigned int) drv->remain_on_chan_cookie); 10209 10210 msg = nlmsg_alloc(); 10211 if (!msg) 10212 return -1; 10213 10214 nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL); 10215 10216 if (nl80211_set_iface_id(msg, bss) < 0) 10217 goto nla_put_failure; 10218 10219 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 10220 10221 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10222 msg = NULL; 10223 if (ret == 0) 10224 return 0; 10225 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 10226 "%d (%s)", ret, strerror(-ret)); 10227nla_put_failure: 10228 nlmsg_free(msg); 10229 return -1; 10230} 10231 10232 10233static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, int report) 10234{ 10235 struct wpa_driver_nl80211_data *drv = bss->drv; 10236 10237 if (!report) { 10238 if (bss->nl_preq && drv->device_ap_sme && 10239 is_ap_interface(drv->nlmode)) { 10240 /* 10241 * Do not disable Probe Request reporting that was 10242 * enabled in nl80211_setup_ap(). 10243 */ 10244 wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of " 10245 "Probe Request reporting nl_preq=%p while " 10246 "in AP mode", bss->nl_preq); 10247 } else if (bss->nl_preq) { 10248 wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request " 10249 "reporting nl_preq=%p", bss->nl_preq); 10250 nl80211_destroy_eloop_handle(&bss->nl_preq); 10251 } 10252 return 0; 10253 } 10254 10255 if (bss->nl_preq) { 10256 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting " 10257 "already on! nl_preq=%p", bss->nl_preq); 10258 return 0; 10259 } 10260 10261 bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq"); 10262 if (bss->nl_preq == NULL) 10263 return -1; 10264 wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request " 10265 "reporting nl_preq=%p", bss->nl_preq); 10266 10267 if (nl80211_register_frame(bss, bss->nl_preq, 10268 (WLAN_FC_TYPE_MGMT << 2) | 10269 (WLAN_FC_STYPE_PROBE_REQ << 4), 10270 NULL, 0) < 0) 10271 goto out_err; 10272 10273 nl80211_register_eloop_read(&bss->nl_preq, 10274 wpa_driver_nl80211_event_receive, 10275 bss->nl_cb); 10276 10277 return 0; 10278 10279 out_err: 10280 nl_destroy_handles(&bss->nl_preq); 10281 return -1; 10282} 10283 10284 10285static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 10286 int ifindex, int disabled) 10287{ 10288 struct nl_msg *msg; 10289 struct nlattr *bands, *band; 10290 int ret; 10291 10292 msg = nlmsg_alloc(); 10293 if (!msg) 10294 return -1; 10295 10296 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK); 10297 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 10298 10299 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 10300 if (!bands) 10301 goto nla_put_failure; 10302 10303 /* 10304 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 10305 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 10306 * rates. All 5 GHz rates are left enabled. 10307 */ 10308 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 10309 if (!band) 10310 goto nla_put_failure; 10311 if (disabled) { 10312 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 10313 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 10314 } 10315 nla_nest_end(msg, band); 10316 10317 nla_nest_end(msg, bands); 10318 10319 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10320 msg = NULL; 10321 if (ret) { 10322 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 10323 "(%s)", ret, strerror(-ret)); 10324 } else 10325 drv->disabled_11b_rates = disabled; 10326 10327 return ret; 10328 10329nla_put_failure: 10330 nlmsg_free(msg); 10331 return -1; 10332} 10333 10334 10335static int wpa_driver_nl80211_deinit_ap(void *priv) 10336{ 10337 struct i802_bss *bss = priv; 10338 struct wpa_driver_nl80211_data *drv = bss->drv; 10339 if (!is_ap_interface(drv->nlmode)) 10340 return -1; 10341 wpa_driver_nl80211_del_beacon(drv); 10342 10343 /* 10344 * If the P2P GO interface was dynamically added, then it is 10345 * possible that the interface change to station is not possible. 10346 */ 10347 if (drv->nlmode == NL80211_IFTYPE_P2P_GO && bss->if_dynamic) 10348 return 0; 10349 10350 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 10351} 10352 10353 10354static int wpa_driver_nl80211_stop_ap(void *priv) 10355{ 10356 struct i802_bss *bss = priv; 10357 struct wpa_driver_nl80211_data *drv = bss->drv; 10358 if (!is_ap_interface(drv->nlmode)) 10359 return -1; 10360 wpa_driver_nl80211_del_beacon(drv); 10361 bss->beacon_set = 0; 10362 return 0; 10363} 10364 10365 10366static int wpa_driver_nl80211_deinit_p2p_cli(void *priv) 10367{ 10368 struct i802_bss *bss = priv; 10369 struct wpa_driver_nl80211_data *drv = bss->drv; 10370 if (drv->nlmode != NL80211_IFTYPE_P2P_CLIENT) 10371 return -1; 10372 10373 /* 10374 * If the P2P Client interface was dynamically added, then it is 10375 * possible that the interface change to station is not possible. 10376 */ 10377 if (bss->if_dynamic) 10378 return 0; 10379 10380 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 10381} 10382 10383 10384static void wpa_driver_nl80211_resume(void *priv) 10385{ 10386 struct i802_bss *bss = priv; 10387 10388 if (i802_set_iface_flags(bss, 1)) 10389 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event"); 10390} 10391 10392 10393static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 10394 const u8 *ies, size_t ies_len) 10395{ 10396 struct i802_bss *bss = priv; 10397 struct wpa_driver_nl80211_data *drv = bss->drv; 10398 int ret; 10399 u8 *data, *pos; 10400 size_t data_len; 10401 const u8 *own_addr = bss->addr; 10402 10403 if (action != 1) { 10404 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 10405 "action %d", action); 10406 return -1; 10407 } 10408 10409 /* 10410 * Action frame payload: 10411 * Category[1] = 6 (Fast BSS Transition) 10412 * Action[1] = 1 (Fast BSS Transition Request) 10413 * STA Address 10414 * Target AP Address 10415 * FT IEs 10416 */ 10417 10418 data_len = 2 + 2 * ETH_ALEN + ies_len; 10419 data = os_malloc(data_len); 10420 if (data == NULL) 10421 return -1; 10422 pos = data; 10423 *pos++ = 0x06; /* FT Action category */ 10424 *pos++ = action; 10425 os_memcpy(pos, own_addr, ETH_ALEN); 10426 pos += ETH_ALEN; 10427 os_memcpy(pos, target_ap, ETH_ALEN); 10428 pos += ETH_ALEN; 10429 os_memcpy(pos, ies, ies_len); 10430 10431 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0, 10432 drv->bssid, own_addr, drv->bssid, 10433 data, data_len, 0); 10434 os_free(data); 10435 10436 return ret; 10437} 10438 10439 10440static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 10441{ 10442 struct i802_bss *bss = priv; 10443 struct wpa_driver_nl80211_data *drv = bss->drv; 10444 struct nl_msg *msg; 10445 struct nlattr *cqm; 10446 int ret = -1; 10447 10448 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 10449 "hysteresis=%d", threshold, hysteresis); 10450 10451 msg = nlmsg_alloc(); 10452 if (!msg) 10453 return -1; 10454 10455 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM); 10456 10457 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10458 10459 cqm = nla_nest_start(msg, NL80211_ATTR_CQM); 10460 if (cqm == NULL) 10461 goto nla_put_failure; 10462 10463 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 10464 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 10465 nla_nest_end(msg, cqm); 10466 10467 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10468 msg = NULL; 10469 10470nla_put_failure: 10471 nlmsg_free(msg); 10472 return ret; 10473} 10474 10475 10476static int get_channel_width(struct nl_msg *msg, void *arg) 10477{ 10478 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10479 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10480 struct wpa_signal_info *sig_change = arg; 10481 10482 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10483 genlmsg_attrlen(gnlh, 0), NULL); 10484 10485 sig_change->center_frq1 = -1; 10486 sig_change->center_frq2 = -1; 10487 sig_change->chanwidth = CHAN_WIDTH_UNKNOWN; 10488 10489 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) { 10490 sig_change->chanwidth = convert2width( 10491 nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH])); 10492 if (tb[NL80211_ATTR_CENTER_FREQ1]) 10493 sig_change->center_frq1 = 10494 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 10495 if (tb[NL80211_ATTR_CENTER_FREQ2]) 10496 sig_change->center_frq2 = 10497 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 10498 } 10499 10500 return NL_SKIP; 10501} 10502 10503 10504static int nl80211_get_channel_width(struct wpa_driver_nl80211_data *drv, 10505 struct wpa_signal_info *sig) 10506{ 10507 struct nl_msg *msg; 10508 10509 msg = nlmsg_alloc(); 10510 if (!msg) 10511 return -ENOMEM; 10512 10513 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_INTERFACE); 10514 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10515 10516 return send_and_recv_msgs(drv, msg, get_channel_width, sig); 10517 10518nla_put_failure: 10519 nlmsg_free(msg); 10520 return -ENOBUFS; 10521} 10522 10523 10524static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si) 10525{ 10526 struct i802_bss *bss = priv; 10527 struct wpa_driver_nl80211_data *drv = bss->drv; 10528 int res; 10529 10530 os_memset(si, 0, sizeof(*si)); 10531 res = nl80211_get_link_signal(drv, si); 10532 if (res != 0) 10533 return res; 10534 10535 res = nl80211_get_channel_width(drv, si); 10536 if (res != 0) 10537 return res; 10538 10539 return nl80211_get_link_noise(drv, si); 10540} 10541 10542 10543static int wpa_driver_nl80211_shared_freq(void *priv) 10544{ 10545 struct i802_bss *bss = priv; 10546 struct wpa_driver_nl80211_data *drv = bss->drv; 10547 struct wpa_driver_nl80211_data *driver; 10548 int freq = 0; 10549 10550 /* 10551 * If the same PHY is in connected state with some other interface, 10552 * then retrieve the assoc freq. 10553 */ 10554 wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s", 10555 drv->phyname); 10556 10557 dl_list_for_each(driver, &drv->global->interfaces, 10558 struct wpa_driver_nl80211_data, list) { 10559 if (drv == driver || 10560 os_strcmp(drv->phyname, driver->phyname) != 0 || 10561 !driver->associated) 10562 continue; 10563 10564 wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s " 10565 MACSTR, 10566 driver->phyname, driver->first_bss->ifname, 10567 MAC2STR(driver->first_bss->addr)); 10568 if (is_ap_interface(driver->nlmode)) 10569 freq = driver->first_bss->freq; 10570 else 10571 freq = nl80211_get_assoc_freq(driver); 10572 wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d", 10573 drv->phyname, freq); 10574 } 10575 10576 if (!freq) 10577 wpa_printf(MSG_DEBUG, "nl80211: No shared interface for " 10578 "PHY (%s) in associated state", drv->phyname); 10579 10580 return freq; 10581} 10582 10583 10584static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 10585 int encrypt) 10586{ 10587 struct i802_bss *bss = priv; 10588 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0, 10589 0, 0, 0, 0); 10590} 10591 10592 10593static int nl80211_set_param(void *priv, const char *param) 10594{ 10595 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param); 10596 if (param == NULL) 10597 return 0; 10598 10599#ifdef CONFIG_P2P 10600 if (os_strstr(param, "use_p2p_group_interface=1")) { 10601 struct i802_bss *bss = priv; 10602 struct wpa_driver_nl80211_data *drv = bss->drv; 10603 10604 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 10605 "interface"); 10606 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 10607 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 10608 } 10609 10610 if (os_strstr(param, "p2p_device=1")) { 10611 struct i802_bss *bss = priv; 10612 struct wpa_driver_nl80211_data *drv = bss->drv; 10613 drv->allow_p2p_device = 1; 10614 } 10615#endif /* CONFIG_P2P */ 10616 10617 if (os_strstr(param, "use_monitor=1")) { 10618 struct i802_bss *bss = priv; 10619 struct wpa_driver_nl80211_data *drv = bss->drv; 10620 drv->use_monitor = 1; 10621 } 10622 10623 if (os_strstr(param, "force_connect_cmd=1")) { 10624 struct i802_bss *bss = priv; 10625 struct wpa_driver_nl80211_data *drv = bss->drv; 10626 drv->capa.flags &= ~WPA_DRIVER_FLAGS_SME; 10627 } 10628 10629 if (os_strstr(param, "no_offchannel_tx=1")) { 10630 struct i802_bss *bss = priv; 10631 struct wpa_driver_nl80211_data *drv = bss->drv; 10632 drv->capa.flags &= ~WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 10633 drv->test_use_roc_tx = 1; 10634 } 10635 10636 return 0; 10637} 10638 10639 10640static void * nl80211_global_init(void) 10641{ 10642 struct nl80211_global *global; 10643 struct netlink_config *cfg; 10644 10645 global = os_zalloc(sizeof(*global)); 10646 if (global == NULL) 10647 return NULL; 10648 global->ioctl_sock = -1; 10649 dl_list_init(&global->interfaces); 10650 global->if_add_ifindex = -1; 10651 10652 cfg = os_zalloc(sizeof(*cfg)); 10653 if (cfg == NULL) 10654 goto err; 10655 10656 cfg->ctx = global; 10657 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 10658 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 10659 global->netlink = netlink_init(cfg); 10660 if (global->netlink == NULL) { 10661 os_free(cfg); 10662 goto err; 10663 } 10664 10665 if (wpa_driver_nl80211_init_nl_global(global) < 0) 10666 goto err; 10667 10668 global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 10669 if (global->ioctl_sock < 0) { 10670 wpa_printf(MSG_ERROR, "nl80211: socket(PF_INET,SOCK_DGRAM) failed: %s", 10671 strerror(errno)); 10672 goto err; 10673 } 10674 10675 return global; 10676 10677err: 10678 nl80211_global_deinit(global); 10679 return NULL; 10680} 10681 10682 10683static void nl80211_global_deinit(void *priv) 10684{ 10685 struct nl80211_global *global = priv; 10686 if (global == NULL) 10687 return; 10688 if (!dl_list_empty(&global->interfaces)) { 10689 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at " 10690 "nl80211_global_deinit", 10691 dl_list_len(&global->interfaces)); 10692 } 10693 10694 if (global->netlink) 10695 netlink_deinit(global->netlink); 10696 10697 nl_destroy_handles(&global->nl); 10698 10699 if (global->nl_event) 10700 nl80211_destroy_eloop_handle(&global->nl_event); 10701 10702 nl_cb_put(global->nl_cb); 10703 10704 if (global->ioctl_sock >= 0) 10705 close(global->ioctl_sock); 10706 10707 os_free(global); 10708} 10709 10710 10711static const char * nl80211_get_radio_name(void *priv) 10712{ 10713 struct i802_bss *bss = priv; 10714 struct wpa_driver_nl80211_data *drv = bss->drv; 10715 return drv->phyname; 10716} 10717 10718 10719static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid, 10720 const u8 *pmkid) 10721{ 10722 struct nl_msg *msg; 10723 10724 msg = nlmsg_alloc(); 10725 if (!msg) 10726 return -ENOMEM; 10727 10728 nl80211_cmd(bss->drv, msg, 0, cmd); 10729 10730 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 10731 if (pmkid) 10732 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid); 10733 if (bssid) 10734 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 10735 10736 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 10737 nla_put_failure: 10738 nlmsg_free(msg); 10739 return -ENOBUFS; 10740} 10741 10742 10743static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 10744{ 10745 struct i802_bss *bss = priv; 10746 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid)); 10747 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid); 10748} 10749 10750 10751static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 10752{ 10753 struct i802_bss *bss = priv; 10754 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR, 10755 MAC2STR(bssid)); 10756 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid); 10757} 10758 10759 10760static int nl80211_flush_pmkid(void *priv) 10761{ 10762 struct i802_bss *bss = priv; 10763 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs"); 10764 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL); 10765} 10766 10767 10768static void clean_survey_results(struct survey_results *survey_results) 10769{ 10770 struct freq_survey *survey, *tmp; 10771 10772 if (dl_list_empty(&survey_results->survey_list)) 10773 return; 10774 10775 dl_list_for_each_safe(survey, tmp, &survey_results->survey_list, 10776 struct freq_survey, list) { 10777 dl_list_del(&survey->list); 10778 os_free(survey); 10779 } 10780} 10781 10782 10783static void add_survey(struct nlattr **sinfo, u32 ifidx, 10784 struct dl_list *survey_list) 10785{ 10786 struct freq_survey *survey; 10787 10788 survey = os_zalloc(sizeof(struct freq_survey)); 10789 if (!survey) 10790 return; 10791 10792 survey->ifidx = ifidx; 10793 survey->freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 10794 survey->filled = 0; 10795 10796 if (sinfo[NL80211_SURVEY_INFO_NOISE]) { 10797 survey->nf = (int8_t) 10798 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 10799 survey->filled |= SURVEY_HAS_NF; 10800 } 10801 10802 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]) { 10803 survey->channel_time = 10804 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]); 10805 survey->filled |= SURVEY_HAS_CHAN_TIME; 10806 } 10807 10808 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]) { 10809 survey->channel_time_busy = 10810 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]); 10811 survey->filled |= SURVEY_HAS_CHAN_TIME_BUSY; 10812 } 10813 10814 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]) { 10815 survey->channel_time_rx = 10816 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]); 10817 survey->filled |= SURVEY_HAS_CHAN_TIME_RX; 10818 } 10819 10820 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]) { 10821 survey->channel_time_tx = 10822 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]); 10823 survey->filled |= SURVEY_HAS_CHAN_TIME_TX; 10824 } 10825 10826 wpa_printf(MSG_DEBUG, "nl80211: Freq survey dump event (freq=%d MHz noise=%d channel_time=%ld busy_time=%ld tx_time=%ld rx_time=%ld filled=%04x)", 10827 survey->freq, 10828 survey->nf, 10829 (unsigned long int) survey->channel_time, 10830 (unsigned long int) survey->channel_time_busy, 10831 (unsigned long int) survey->channel_time_tx, 10832 (unsigned long int) survey->channel_time_rx, 10833 survey->filled); 10834 10835 dl_list_add_tail(survey_list, &survey->list); 10836} 10837 10838 10839static int check_survey_ok(struct nlattr **sinfo, u32 surveyed_freq, 10840 unsigned int freq_filter) 10841{ 10842 if (!freq_filter) 10843 return 1; 10844 10845 return freq_filter == surveyed_freq; 10846} 10847 10848 10849static int survey_handler(struct nl_msg *msg, void *arg) 10850{ 10851 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10852 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10853 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 10854 struct survey_results *survey_results; 10855 u32 surveyed_freq = 0; 10856 u32 ifidx; 10857 10858 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 10859 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 10860 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 10861 }; 10862 10863 survey_results = (struct survey_results *) arg; 10864 10865 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10866 genlmsg_attrlen(gnlh, 0), NULL); 10867 10868 if (!tb[NL80211_ATTR_IFINDEX]) 10869 return NL_SKIP; 10870 10871 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 10872 10873 if (!tb[NL80211_ATTR_SURVEY_INFO]) 10874 return NL_SKIP; 10875 10876 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 10877 tb[NL80211_ATTR_SURVEY_INFO], 10878 survey_policy)) 10879 return NL_SKIP; 10880 10881 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) { 10882 wpa_printf(MSG_ERROR, "nl80211: Invalid survey data"); 10883 return NL_SKIP; 10884 } 10885 10886 surveyed_freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 10887 10888 if (!check_survey_ok(sinfo, surveyed_freq, 10889 survey_results->freq_filter)) 10890 return NL_SKIP; 10891 10892 if (survey_results->freq_filter && 10893 survey_results->freq_filter != surveyed_freq) { 10894 wpa_printf(MSG_EXCESSIVE, "nl80211: Ignoring survey data for freq %d MHz", 10895 surveyed_freq); 10896 return NL_SKIP; 10897 } 10898 10899 add_survey(sinfo, ifidx, &survey_results->survey_list); 10900 10901 return NL_SKIP; 10902} 10903 10904 10905static int wpa_driver_nl80211_get_survey(void *priv, unsigned int freq) 10906{ 10907 struct i802_bss *bss = priv; 10908 struct wpa_driver_nl80211_data *drv = bss->drv; 10909 struct nl_msg *msg; 10910 int err = -ENOBUFS; 10911 union wpa_event_data data; 10912 struct survey_results *survey_results; 10913 10914 os_memset(&data, 0, sizeof(data)); 10915 survey_results = &data.survey_results; 10916 10917 dl_list_init(&survey_results->survey_list); 10918 10919 msg = nlmsg_alloc(); 10920 if (!msg) 10921 goto nla_put_failure; 10922 10923 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 10924 10925 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10926 10927 if (freq) 10928 data.survey_results.freq_filter = freq; 10929 10930 do { 10931 wpa_printf(MSG_DEBUG, "nl80211: Fetch survey data"); 10932 err = send_and_recv_msgs(drv, msg, survey_handler, 10933 survey_results); 10934 } while (err > 0); 10935 10936 if (err) { 10937 wpa_printf(MSG_ERROR, "nl80211: Failed to process survey data"); 10938 goto out_clean; 10939 } 10940 10941 wpa_supplicant_event(drv->ctx, EVENT_SURVEY, &data); 10942 10943out_clean: 10944 clean_survey_results(survey_results); 10945nla_put_failure: 10946 return err; 10947} 10948 10949 10950static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck, 10951 const u8 *replay_ctr) 10952{ 10953 struct i802_bss *bss = priv; 10954 struct wpa_driver_nl80211_data *drv = bss->drv; 10955 struct nlattr *replay_nested; 10956 struct nl_msg *msg; 10957 10958 msg = nlmsg_alloc(); 10959 if (!msg) 10960 return; 10961 10962 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 10963 10964 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10965 10966 replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 10967 if (!replay_nested) 10968 goto nla_put_failure; 10969 10970 NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek); 10971 NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck); 10972 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN, 10973 replay_ctr); 10974 10975 nla_nest_end(msg, replay_nested); 10976 10977 send_and_recv_msgs(drv, msg, NULL, NULL); 10978 return; 10979 nla_put_failure: 10980 nlmsg_free(msg); 10981} 10982 10983 10984static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr, 10985 const u8 *addr, int qos) 10986{ 10987 /* send data frame to poll STA and check whether 10988 * this frame is ACKed */ 10989 struct { 10990 struct ieee80211_hdr hdr; 10991 u16 qos_ctl; 10992 } STRUCT_PACKED nulldata; 10993 size_t size; 10994 10995 /* Send data frame to poll STA and check whether this frame is ACKed */ 10996 10997 os_memset(&nulldata, 0, sizeof(nulldata)); 10998 10999 if (qos) { 11000 nulldata.hdr.frame_control = 11001 IEEE80211_FC(WLAN_FC_TYPE_DATA, 11002 WLAN_FC_STYPE_QOS_NULL); 11003 size = sizeof(nulldata); 11004 } else { 11005 nulldata.hdr.frame_control = 11006 IEEE80211_FC(WLAN_FC_TYPE_DATA, 11007 WLAN_FC_STYPE_NULLFUNC); 11008 size = sizeof(struct ieee80211_hdr); 11009 } 11010 11011 nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS); 11012 os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN); 11013 os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 11014 os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 11015 11016 if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0, 11017 0, 0) < 0) 11018 wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to " 11019 "send poll frame"); 11020} 11021 11022static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr, 11023 int qos) 11024{ 11025 struct i802_bss *bss = priv; 11026 struct wpa_driver_nl80211_data *drv = bss->drv; 11027 struct nl_msg *msg; 11028 11029 if (!drv->poll_command_supported) { 11030 nl80211_send_null_frame(bss, own_addr, addr, qos); 11031 return; 11032 } 11033 11034 msg = nlmsg_alloc(); 11035 if (!msg) 11036 return; 11037 11038 nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT); 11039 11040 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 11041 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 11042 11043 send_and_recv_msgs(drv, msg, NULL, NULL); 11044 return; 11045 nla_put_failure: 11046 nlmsg_free(msg); 11047} 11048 11049 11050static int nl80211_set_power_save(struct i802_bss *bss, int enabled) 11051{ 11052 struct nl_msg *msg; 11053 11054 msg = nlmsg_alloc(); 11055 if (!msg) 11056 return -ENOMEM; 11057 11058 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_SET_POWER_SAVE); 11059 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 11060 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, 11061 enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED); 11062 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 11063nla_put_failure: 11064 nlmsg_free(msg); 11065 return -ENOBUFS; 11066} 11067 11068 11069static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps, 11070 int ctwindow) 11071{ 11072 struct i802_bss *bss = priv; 11073 11074 wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d " 11075 "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow); 11076 11077 if (opp_ps != -1 || ctwindow != -1) { 11078#ifdef ANDROID_P2P 11079 wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow); 11080#else /* ANDROID_P2P */ 11081 return -1; /* Not yet supported */ 11082#endif /* ANDROID_P2P */ 11083 } 11084 11085 if (legacy_ps == -1) 11086 return 0; 11087 if (legacy_ps != 0 && legacy_ps != 1) 11088 return -1; /* Not yet supported */ 11089 11090 return nl80211_set_power_save(bss, legacy_ps); 11091} 11092 11093 11094static int nl80211_start_radar_detection(void *priv, 11095 struct hostapd_freq_params *freq) 11096{ 11097 struct i802_bss *bss = priv; 11098 struct wpa_driver_nl80211_data *drv = bss->drv; 11099 struct nl_msg *msg; 11100 int ret; 11101 11102 wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)", 11103 freq->freq, freq->ht_enabled, freq->vht_enabled, 11104 freq->bandwidth, freq->center_freq1, freq->center_freq2); 11105 11106 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) { 11107 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support radar " 11108 "detection"); 11109 return -1; 11110 } 11111 11112 msg = nlmsg_alloc(); 11113 if (!msg) 11114 return -1; 11115 11116 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_RADAR_DETECT); 11117 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11118 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq); 11119 11120 if (freq->vht_enabled) { 11121 switch (freq->bandwidth) { 11122 case 20: 11123 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11124 NL80211_CHAN_WIDTH_20); 11125 break; 11126 case 40: 11127 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11128 NL80211_CHAN_WIDTH_40); 11129 break; 11130 case 80: 11131 if (freq->center_freq2) 11132 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11133 NL80211_CHAN_WIDTH_80P80); 11134 else 11135 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11136 NL80211_CHAN_WIDTH_80); 11137 break; 11138 case 160: 11139 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11140 NL80211_CHAN_WIDTH_160); 11141 break; 11142 default: 11143 return -1; 11144 } 11145 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1); 11146 if (freq->center_freq2) 11147 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2, 11148 freq->center_freq2); 11149 } else if (freq->ht_enabled) { 11150 switch (freq->sec_channel_offset) { 11151 case -1: 11152 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11153 NL80211_CHAN_HT40MINUS); 11154 break; 11155 case 1: 11156 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11157 NL80211_CHAN_HT40PLUS); 11158 break; 11159 default: 11160 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11161 NL80211_CHAN_HT20); 11162 break; 11163 } 11164 } 11165 11166 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11167 if (ret == 0) 11168 return 0; 11169 wpa_printf(MSG_DEBUG, "nl80211: Failed to start radar detection: " 11170 "%d (%s)", ret, strerror(-ret)); 11171nla_put_failure: 11172 return -1; 11173} 11174 11175#ifdef CONFIG_TDLS 11176 11177static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code, 11178 u8 dialog_token, u16 status_code, 11179 const u8 *buf, size_t len) 11180{ 11181 struct i802_bss *bss = priv; 11182 struct wpa_driver_nl80211_data *drv = bss->drv; 11183 struct nl_msg *msg; 11184 11185 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 11186 return -EOPNOTSUPP; 11187 11188 if (!dst) 11189 return -EINVAL; 11190 11191 msg = nlmsg_alloc(); 11192 if (!msg) 11193 return -ENOMEM; 11194 11195 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT); 11196 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11197 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 11198 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code); 11199 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token); 11200 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code); 11201 NLA_PUT(msg, NL80211_ATTR_IE, len, buf); 11202 11203 return send_and_recv_msgs(drv, msg, NULL, NULL); 11204 11205nla_put_failure: 11206 nlmsg_free(msg); 11207 return -ENOBUFS; 11208} 11209 11210 11211static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer) 11212{ 11213 struct i802_bss *bss = priv; 11214 struct wpa_driver_nl80211_data *drv = bss->drv; 11215 struct nl_msg *msg; 11216 enum nl80211_tdls_operation nl80211_oper; 11217 11218 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 11219 return -EOPNOTSUPP; 11220 11221 switch (oper) { 11222 case TDLS_DISCOVERY_REQ: 11223 nl80211_oper = NL80211_TDLS_DISCOVERY_REQ; 11224 break; 11225 case TDLS_SETUP: 11226 nl80211_oper = NL80211_TDLS_SETUP; 11227 break; 11228 case TDLS_TEARDOWN: 11229 nl80211_oper = NL80211_TDLS_TEARDOWN; 11230 break; 11231 case TDLS_ENABLE_LINK: 11232 nl80211_oper = NL80211_TDLS_ENABLE_LINK; 11233 break; 11234 case TDLS_DISABLE_LINK: 11235 nl80211_oper = NL80211_TDLS_DISABLE_LINK; 11236 break; 11237 case TDLS_ENABLE: 11238 return 0; 11239 case TDLS_DISABLE: 11240 return 0; 11241 default: 11242 return -EINVAL; 11243 } 11244 11245 msg = nlmsg_alloc(); 11246 if (!msg) 11247 return -ENOMEM; 11248 11249 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER); 11250 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper); 11251 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11252 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer); 11253 11254 return send_and_recv_msgs(drv, msg, NULL, NULL); 11255 11256nla_put_failure: 11257 nlmsg_free(msg); 11258 return -ENOBUFS; 11259} 11260 11261#endif /* CONFIG TDLS */ 11262 11263 11264#ifdef ANDROID 11265 11266typedef struct android_wifi_priv_cmd { 11267 char *buf; 11268 int used_len; 11269 int total_len; 11270} android_wifi_priv_cmd; 11271 11272static int drv_errors = 0; 11273 11274static void wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data *drv) 11275{ 11276 drv_errors++; 11277 if (drv_errors > DRV_NUMBER_SEQUENTIAL_ERRORS) { 11278 drv_errors = 0; 11279 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED"); 11280 } 11281} 11282 11283 11284static int android_priv_cmd(struct i802_bss *bss, const char *cmd) 11285{ 11286 struct wpa_driver_nl80211_data *drv = bss->drv; 11287 struct ifreq ifr; 11288 android_wifi_priv_cmd priv_cmd; 11289 char buf[MAX_DRV_CMD_SIZE]; 11290 int ret; 11291 11292 os_memset(&ifr, 0, sizeof(ifr)); 11293 os_memset(&priv_cmd, 0, sizeof(priv_cmd)); 11294 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 11295 11296 os_memset(buf, 0, sizeof(buf)); 11297 os_strlcpy(buf, cmd, sizeof(buf)); 11298 11299 priv_cmd.buf = buf; 11300 priv_cmd.used_len = sizeof(buf); 11301 priv_cmd.total_len = sizeof(buf); 11302 ifr.ifr_data = &priv_cmd; 11303 11304 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 11305 if (ret < 0) { 11306 wpa_printf(MSG_ERROR, "%s: failed to issue private commands", 11307 __func__); 11308 wpa_driver_send_hang_msg(drv); 11309 return ret; 11310 } 11311 11312 drv_errors = 0; 11313 return 0; 11314} 11315 11316 11317static int android_pno_start(struct i802_bss *bss, 11318 struct wpa_driver_scan_params *params) 11319{ 11320 struct wpa_driver_nl80211_data *drv = bss->drv; 11321 struct ifreq ifr; 11322 android_wifi_priv_cmd priv_cmd; 11323 int ret = 0, i = 0, bp; 11324 char buf[WEXT_PNO_MAX_COMMAND_SIZE]; 11325 11326 bp = WEXT_PNOSETUP_HEADER_SIZE; 11327 os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp); 11328 buf[bp++] = WEXT_PNO_TLV_PREFIX; 11329 buf[bp++] = WEXT_PNO_TLV_VERSION; 11330 buf[bp++] = WEXT_PNO_TLV_SUBVERSION; 11331 buf[bp++] = WEXT_PNO_TLV_RESERVED; 11332 11333 while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) { 11334 /* Check that there is enough space needed for 1 more SSID, the 11335 * other sections and null termination */ 11336 if ((bp + WEXT_PNO_SSID_HEADER_SIZE + MAX_SSID_LEN + 11337 WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf)) 11338 break; 11339 wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan", 11340 params->ssids[i].ssid, 11341 params->ssids[i].ssid_len); 11342 buf[bp++] = WEXT_PNO_SSID_SECTION; 11343 buf[bp++] = params->ssids[i].ssid_len; 11344 os_memcpy(&buf[bp], params->ssids[i].ssid, 11345 params->ssids[i].ssid_len); 11346 bp += params->ssids[i].ssid_len; 11347 i++; 11348 } 11349 11350 buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION; 11351 os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x", 11352 WEXT_PNO_SCAN_INTERVAL); 11353 bp += WEXT_PNO_SCAN_INTERVAL_LENGTH; 11354 11355 buf[bp++] = WEXT_PNO_REPEAT_SECTION; 11356 os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x", 11357 WEXT_PNO_REPEAT); 11358 bp += WEXT_PNO_REPEAT_LENGTH; 11359 11360 buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION; 11361 os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x", 11362 WEXT_PNO_MAX_REPEAT); 11363 bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1; 11364 11365 memset(&ifr, 0, sizeof(ifr)); 11366 memset(&priv_cmd, 0, sizeof(priv_cmd)); 11367 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 11368 11369 priv_cmd.buf = buf; 11370 priv_cmd.used_len = bp; 11371 priv_cmd.total_len = bp; 11372 ifr.ifr_data = &priv_cmd; 11373 11374 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 11375 11376 if (ret < 0) { 11377 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d", 11378 ret); 11379 wpa_driver_send_hang_msg(drv); 11380 return ret; 11381 } 11382 11383 drv_errors = 0; 11384 11385 return android_priv_cmd(bss, "PNOFORCE 1"); 11386} 11387 11388 11389static int android_pno_stop(struct i802_bss *bss) 11390{ 11391 return android_priv_cmd(bss, "PNOFORCE 0"); 11392} 11393 11394#endif /* ANDROID */ 11395 11396 11397static int driver_nl80211_set_key(const char *ifname, void *priv, 11398 enum wpa_alg alg, const u8 *addr, 11399 int key_idx, int set_tx, 11400 const u8 *seq, size_t seq_len, 11401 const u8 *key, size_t key_len) 11402{ 11403 struct i802_bss *bss = priv; 11404 return wpa_driver_nl80211_set_key(ifname, bss, alg, addr, key_idx, 11405 set_tx, seq, seq_len, key, key_len); 11406} 11407 11408 11409static int driver_nl80211_scan2(void *priv, 11410 struct wpa_driver_scan_params *params) 11411{ 11412 struct i802_bss *bss = priv; 11413 return wpa_driver_nl80211_scan(bss, params); 11414} 11415 11416 11417static int driver_nl80211_deauthenticate(void *priv, const u8 *addr, 11418 int reason_code) 11419{ 11420 struct i802_bss *bss = priv; 11421 return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code); 11422} 11423 11424 11425static int driver_nl80211_authenticate(void *priv, 11426 struct wpa_driver_auth_params *params) 11427{ 11428 struct i802_bss *bss = priv; 11429 return wpa_driver_nl80211_authenticate(bss, params); 11430} 11431 11432 11433static void driver_nl80211_deinit(void *priv) 11434{ 11435 struct i802_bss *bss = priv; 11436 wpa_driver_nl80211_deinit(bss); 11437} 11438 11439 11440static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type, 11441 const char *ifname) 11442{ 11443 struct i802_bss *bss = priv; 11444 return wpa_driver_nl80211_if_remove(bss, type, ifname); 11445} 11446 11447 11448static int driver_nl80211_send_mlme(void *priv, const u8 *data, 11449 size_t data_len, int noack) 11450{ 11451 struct i802_bss *bss = priv; 11452 return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack, 11453 0, 0, 0, 0); 11454} 11455 11456 11457static int driver_nl80211_sta_remove(void *priv, const u8 *addr) 11458{ 11459 struct i802_bss *bss = priv; 11460 return wpa_driver_nl80211_sta_remove(bss, addr); 11461} 11462 11463 11464static int driver_nl80211_set_sta_vlan(void *priv, const u8 *addr, 11465 const char *ifname, int vlan_id) 11466{ 11467 struct i802_bss *bss = priv; 11468 return i802_set_sta_vlan(bss, addr, ifname, vlan_id); 11469} 11470 11471 11472static int driver_nl80211_read_sta_data(void *priv, 11473 struct hostap_sta_driver_data *data, 11474 const u8 *addr) 11475{ 11476 struct i802_bss *bss = priv; 11477 return i802_read_sta_data(bss, data, addr); 11478} 11479 11480 11481static int driver_nl80211_send_action(void *priv, unsigned int freq, 11482 unsigned int wait_time, 11483 const u8 *dst, const u8 *src, 11484 const u8 *bssid, 11485 const u8 *data, size_t data_len, 11486 int no_cck) 11487{ 11488 struct i802_bss *bss = priv; 11489 return wpa_driver_nl80211_send_action(bss, freq, wait_time, dst, src, 11490 bssid, data, data_len, no_cck); 11491} 11492 11493 11494static int driver_nl80211_probe_req_report(void *priv, int report) 11495{ 11496 struct i802_bss *bss = priv; 11497 return wpa_driver_nl80211_probe_req_report(bss, report); 11498} 11499 11500 11501static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md, 11502 const u8 *ies, size_t ies_len) 11503{ 11504 int ret; 11505 struct nl_msg *msg; 11506 struct i802_bss *bss = priv; 11507 struct wpa_driver_nl80211_data *drv = bss->drv; 11508 u16 mdid = WPA_GET_LE16(md); 11509 11510 msg = nlmsg_alloc(); 11511 if (!msg) 11512 return -ENOMEM; 11513 11514 wpa_printf(MSG_DEBUG, "nl80211: Updating FT IEs"); 11515 nl80211_cmd(drv, msg, 0, NL80211_CMD_UPDATE_FT_IES); 11516 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11517 NLA_PUT(msg, NL80211_ATTR_IE, ies_len, ies); 11518 NLA_PUT_U16(msg, NL80211_ATTR_MDID, mdid); 11519 11520 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11521 if (ret) { 11522 wpa_printf(MSG_DEBUG, "nl80211: update_ft_ies failed " 11523 "err=%d (%s)", ret, strerror(-ret)); 11524 } 11525 11526 return ret; 11527 11528nla_put_failure: 11529 nlmsg_free(msg); 11530 return -ENOBUFS; 11531} 11532 11533 11534const u8 * wpa_driver_nl80211_get_macaddr(void *priv) 11535{ 11536 struct i802_bss *bss = priv; 11537 struct wpa_driver_nl80211_data *drv = bss->drv; 11538 11539 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) 11540 return NULL; 11541 11542 return bss->addr; 11543} 11544 11545 11546static const char * scan_state_str(enum scan_states scan_state) 11547{ 11548 switch (scan_state) { 11549 case NO_SCAN: 11550 return "NO_SCAN"; 11551 case SCAN_REQUESTED: 11552 return "SCAN_REQUESTED"; 11553 case SCAN_STARTED: 11554 return "SCAN_STARTED"; 11555 case SCAN_COMPLETED: 11556 return "SCAN_COMPLETED"; 11557 case SCAN_ABORTED: 11558 return "SCAN_ABORTED"; 11559 case SCHED_SCAN_STARTED: 11560 return "SCHED_SCAN_STARTED"; 11561 case SCHED_SCAN_STOPPED: 11562 return "SCHED_SCAN_STOPPED"; 11563 case SCHED_SCAN_RESULTS: 11564 return "SCHED_SCAN_RESULTS"; 11565 } 11566 11567 return "??"; 11568} 11569 11570 11571static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen) 11572{ 11573 struct i802_bss *bss = priv; 11574 struct wpa_driver_nl80211_data *drv = bss->drv; 11575 int res; 11576 char *pos, *end; 11577 11578 pos = buf; 11579 end = buf + buflen; 11580 11581 res = os_snprintf(pos, end - pos, 11582 "ifindex=%d\n" 11583 "ifname=%s\n" 11584 "brname=%s\n" 11585 "addr=" MACSTR "\n" 11586 "freq=%d\n" 11587 "%s%s%s%s%s", 11588 bss->ifindex, 11589 bss->ifname, 11590 bss->brname, 11591 MAC2STR(bss->addr), 11592 bss->freq, 11593 bss->beacon_set ? "beacon_set=1\n" : "", 11594 bss->added_if_into_bridge ? 11595 "added_if_into_bridge=1\n" : "", 11596 bss->added_bridge ? "added_bridge=1\n" : "", 11597 bss->in_deinit ? "in_deinit=1\n" : "", 11598 bss->if_dynamic ? "if_dynamic=1\n" : ""); 11599 if (res < 0 || res >= end - pos) 11600 return pos - buf; 11601 pos += res; 11602 11603 if (bss->wdev_id_set) { 11604 res = os_snprintf(pos, end - pos, "wdev_id=%llu\n", 11605 (unsigned long long) bss->wdev_id); 11606 if (res < 0 || res >= end - pos) 11607 return pos - buf; 11608 pos += res; 11609 } 11610 11611 res = os_snprintf(pos, end - pos, 11612 "phyname=%s\n" 11613 "drv_ifindex=%d\n" 11614 "operstate=%d\n" 11615 "scan_state=%s\n" 11616 "auth_bssid=" MACSTR "\n" 11617 "auth_attempt_bssid=" MACSTR "\n" 11618 "bssid=" MACSTR "\n" 11619 "prev_bssid=" MACSTR "\n" 11620 "associated=%d\n" 11621 "assoc_freq=%u\n" 11622 "monitor_sock=%d\n" 11623 "monitor_ifidx=%d\n" 11624 "monitor_refcount=%d\n" 11625 "last_mgmt_freq=%u\n" 11626 "eapol_tx_sock=%d\n" 11627 "%s%s%s%s%s%s%s%s%s%s%s%s%s", 11628 drv->phyname, 11629 drv->ifindex, 11630 drv->operstate, 11631 scan_state_str(drv->scan_state), 11632 MAC2STR(drv->auth_bssid), 11633 MAC2STR(drv->auth_attempt_bssid), 11634 MAC2STR(drv->bssid), 11635 MAC2STR(drv->prev_bssid), 11636 drv->associated, 11637 drv->assoc_freq, 11638 drv->monitor_sock, 11639 drv->monitor_ifidx, 11640 drv->monitor_refcount, 11641 drv->last_mgmt_freq, 11642 drv->eapol_tx_sock, 11643 drv->ignore_if_down_event ? 11644 "ignore_if_down_event=1\n" : "", 11645 drv->scan_complete_events ? 11646 "scan_complete_events=1\n" : "", 11647 drv->disabled_11b_rates ? 11648 "disabled_11b_rates=1\n" : "", 11649 drv->pending_remain_on_chan ? 11650 "pending_remain_on_chan=1\n" : "", 11651 drv->in_interface_list ? "in_interface_list=1\n" : "", 11652 drv->device_ap_sme ? "device_ap_sme=1\n" : "", 11653 drv->poll_command_supported ? 11654 "poll_command_supported=1\n" : "", 11655 drv->data_tx_status ? "data_tx_status=1\n" : "", 11656 drv->scan_for_auth ? "scan_for_auth=1\n" : "", 11657 drv->retry_auth ? "retry_auth=1\n" : "", 11658 drv->use_monitor ? "use_monitor=1\n" : "", 11659 drv->ignore_next_local_disconnect ? 11660 "ignore_next_local_disconnect=1\n" : "", 11661 drv->allow_p2p_device ? "allow_p2p_device=1\n" : ""); 11662 if (res < 0 || res >= end - pos) 11663 return pos - buf; 11664 pos += res; 11665 11666 if (drv->has_capability) { 11667 res = os_snprintf(pos, end - pos, 11668 "capa.key_mgmt=0x%x\n" 11669 "capa.enc=0x%x\n" 11670 "capa.auth=0x%x\n" 11671 "capa.flags=0x%x\n" 11672 "capa.max_scan_ssids=%d\n" 11673 "capa.max_sched_scan_ssids=%d\n" 11674 "capa.sched_scan_supported=%d\n" 11675 "capa.max_match_sets=%d\n" 11676 "capa.max_remain_on_chan=%u\n" 11677 "capa.max_stations=%u\n" 11678 "capa.probe_resp_offloads=0x%x\n" 11679 "capa.max_acl_mac_addrs=%u\n" 11680 "capa.num_multichan_concurrent=%u\n", 11681 drv->capa.key_mgmt, 11682 drv->capa.enc, 11683 drv->capa.auth, 11684 drv->capa.flags, 11685 drv->capa.max_scan_ssids, 11686 drv->capa.max_sched_scan_ssids, 11687 drv->capa.sched_scan_supported, 11688 drv->capa.max_match_sets, 11689 drv->capa.max_remain_on_chan, 11690 drv->capa.max_stations, 11691 drv->capa.probe_resp_offloads, 11692 drv->capa.max_acl_mac_addrs, 11693 drv->capa.num_multichan_concurrent); 11694 if (res < 0 || res >= end - pos) 11695 return pos - buf; 11696 pos += res; 11697 } 11698 11699 return pos - buf; 11700} 11701 11702 11703static int set_beacon_data(struct nl_msg *msg, struct beacon_data *settings) 11704{ 11705 if (settings->head) 11706 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, 11707 settings->head_len, settings->head); 11708 11709 if (settings->tail) 11710 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, 11711 settings->tail_len, settings->tail); 11712 11713 if (settings->beacon_ies) 11714 NLA_PUT(msg, NL80211_ATTR_IE, 11715 settings->beacon_ies_len, settings->beacon_ies); 11716 11717 if (settings->proberesp_ies) 11718 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 11719 settings->proberesp_ies_len, settings->proberesp_ies); 11720 11721 if (settings->assocresp_ies) 11722 NLA_PUT(msg, 11723 NL80211_ATTR_IE_ASSOC_RESP, 11724 settings->assocresp_ies_len, settings->assocresp_ies); 11725 11726 if (settings->probe_resp) 11727 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, 11728 settings->probe_resp_len, settings->probe_resp); 11729 11730 return 0; 11731 11732nla_put_failure: 11733 return -ENOBUFS; 11734} 11735 11736 11737static int nl80211_switch_channel(void *priv, struct csa_settings *settings) 11738{ 11739 struct nl_msg *msg; 11740 struct i802_bss *bss = priv; 11741 struct wpa_driver_nl80211_data *drv = bss->drv; 11742 struct nlattr *beacon_csa; 11743 int ret = -ENOBUFS; 11744 11745 wpa_printf(MSG_DEBUG, "nl80211: Channel switch request (cs_count=%u block_tx=%u freq=%d width=%d cf1=%d cf2=%d)", 11746 settings->cs_count, settings->block_tx, 11747 settings->freq_params.freq, settings->freq_params.bandwidth, 11748 settings->freq_params.center_freq1, 11749 settings->freq_params.center_freq2); 11750 11751 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_AP_CSA)) { 11752 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support channel switch command"); 11753 return -EOPNOTSUPP; 11754 } 11755 11756 if ((drv->nlmode != NL80211_IFTYPE_AP) && 11757 (drv->nlmode != NL80211_IFTYPE_P2P_GO)) 11758 return -EOPNOTSUPP; 11759 11760 /* check settings validity */ 11761 if (!settings->beacon_csa.tail || 11762 ((settings->beacon_csa.tail_len <= 11763 settings->counter_offset_beacon) || 11764 (settings->beacon_csa.tail[settings->counter_offset_beacon] != 11765 settings->cs_count))) 11766 return -EINVAL; 11767 11768 if (settings->beacon_csa.probe_resp && 11769 ((settings->beacon_csa.probe_resp_len <= 11770 settings->counter_offset_presp) || 11771 (settings->beacon_csa.probe_resp[settings->counter_offset_presp] != 11772 settings->cs_count))) 11773 return -EINVAL; 11774 11775 msg = nlmsg_alloc(); 11776 if (!msg) 11777 return -ENOMEM; 11778 11779 nl80211_cmd(drv, msg, 0, NL80211_CMD_CHANNEL_SWITCH); 11780 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11781 NLA_PUT_U32(msg, NL80211_ATTR_CH_SWITCH_COUNT, settings->cs_count); 11782 ret = nl80211_put_freq_params(msg, &settings->freq_params); 11783 if (ret) 11784 goto error; 11785 11786 if (settings->block_tx) 11787 NLA_PUT_FLAG(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX); 11788 11789 /* beacon_after params */ 11790 ret = set_beacon_data(msg, &settings->beacon_after); 11791 if (ret) 11792 goto error; 11793 11794 /* beacon_csa params */ 11795 beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES); 11796 if (!beacon_csa) 11797 goto nla_put_failure; 11798 11799 ret = set_beacon_data(msg, &settings->beacon_csa); 11800 if (ret) 11801 goto error; 11802 11803 NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_BEACON, 11804 settings->counter_offset_beacon); 11805 11806 if (settings->beacon_csa.probe_resp) 11807 NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_PRESP, 11808 settings->counter_offset_presp); 11809 11810 nla_nest_end(msg, beacon_csa); 11811 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11812 if (ret) { 11813 wpa_printf(MSG_DEBUG, "nl80211: switch_channel failed err=%d (%s)", 11814 ret, strerror(-ret)); 11815 } 11816 return ret; 11817 11818nla_put_failure: 11819 ret = -ENOBUFS; 11820error: 11821 nlmsg_free(msg); 11822 wpa_printf(MSG_DEBUG, "nl80211: Could not build channel switch request"); 11823 return ret; 11824} 11825 11826 11827#ifdef CONFIG_TESTING_OPTIONS 11828static int cmd_reply_handler(struct nl_msg *msg, void *arg) 11829{ 11830 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 11831 struct wpabuf *buf = arg; 11832 11833 if (!buf) 11834 return NL_SKIP; 11835 11836 if ((size_t) genlmsg_attrlen(gnlh, 0) > wpabuf_tailroom(buf)) { 11837 wpa_printf(MSG_INFO, "nl80211: insufficient buffer space for reply"); 11838 return NL_SKIP; 11839 } 11840 11841 wpabuf_put_data(buf, genlmsg_attrdata(gnlh, 0), 11842 genlmsg_attrlen(gnlh, 0)); 11843 11844 return NL_SKIP; 11845} 11846#endif /* CONFIG_TESTING_OPTIONS */ 11847 11848 11849static int vendor_reply_handler(struct nl_msg *msg, void *arg) 11850{ 11851 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 11852 struct nlattr *nl_vendor_reply, *nl; 11853 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 11854 struct wpabuf *buf = arg; 11855 int rem; 11856 11857 if (!buf) 11858 return NL_SKIP; 11859 11860 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 11861 genlmsg_attrlen(gnlh, 0), NULL); 11862 nl_vendor_reply = tb[NL80211_ATTR_VENDOR_DATA]; 11863 11864 if (!nl_vendor_reply) 11865 return NL_SKIP; 11866 11867 if ((size_t) nla_len(nl_vendor_reply) > wpabuf_tailroom(buf)) { 11868 wpa_printf(MSG_INFO, "nl80211: Vendor command: insufficient buffer space for reply"); 11869 return NL_SKIP; 11870 } 11871 11872 nla_for_each_nested(nl, nl_vendor_reply, rem) { 11873 wpabuf_put_data(buf, nla_data(nl), nla_len(nl)); 11874 } 11875 11876 return NL_SKIP; 11877} 11878 11879 11880static int nl80211_vendor_cmd(void *priv, unsigned int vendor_id, 11881 unsigned int subcmd, const u8 *data, 11882 size_t data_len, struct wpabuf *buf) 11883{ 11884 struct i802_bss *bss = priv; 11885 struct wpa_driver_nl80211_data *drv = bss->drv; 11886 struct nl_msg *msg; 11887 int ret; 11888 11889 msg = nlmsg_alloc(); 11890 if (!msg) 11891 return -ENOMEM; 11892 11893#ifdef CONFIG_TESTING_OPTIONS 11894 if (vendor_id == 0xffffffff) { 11895 nl80211_cmd(drv, msg, 0, subcmd); 11896 if (nlmsg_append(msg, (void *) data, data_len, NLMSG_ALIGNTO) < 11897 0) 11898 goto nla_put_failure; 11899 ret = send_and_recv_msgs(drv, msg, cmd_reply_handler, buf); 11900 if (ret) 11901 wpa_printf(MSG_DEBUG, "nl80211: command failed err=%d", 11902 ret); 11903 return ret; 11904 } 11905#endif /* CONFIG_TESTING_OPTIONS */ 11906 11907 nl80211_cmd(drv, msg, 0, NL80211_CMD_VENDOR); 11908 if (nl80211_set_iface_id(msg, bss) < 0) 11909 goto nla_put_failure; 11910 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_ID, vendor_id); 11911 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_SUBCMD, subcmd); 11912 if (data) 11913 NLA_PUT(msg, NL80211_ATTR_VENDOR_DATA, data_len, data); 11914 11915 ret = send_and_recv_msgs(drv, msg, vendor_reply_handler, buf); 11916 if (ret) 11917 wpa_printf(MSG_DEBUG, "nl80211: vendor command failed err=%d", 11918 ret); 11919 return ret; 11920 11921nla_put_failure: 11922 nlmsg_free(msg); 11923 return -ENOBUFS; 11924} 11925 11926 11927static int nl80211_set_qos_map(void *priv, const u8 *qos_map_set, 11928 u8 qos_map_set_len) 11929{ 11930 struct i802_bss *bss = priv; 11931 struct wpa_driver_nl80211_data *drv = bss->drv; 11932 struct nl_msg *msg; 11933 int ret; 11934 11935 msg = nlmsg_alloc(); 11936 if (!msg) 11937 return -ENOMEM; 11938 11939 wpa_hexdump(MSG_DEBUG, "nl80211: Setting QoS Map", 11940 qos_map_set, qos_map_set_len); 11941 11942 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_QOS_MAP); 11943 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11944 NLA_PUT(msg, NL80211_ATTR_QOS_MAP, qos_map_set_len, qos_map_set); 11945 11946 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11947 if (ret) 11948 wpa_printf(MSG_DEBUG, "nl80211: Setting QoS Map failed"); 11949 11950 return ret; 11951 11952nla_put_failure: 11953 nlmsg_free(msg); 11954 return -ENOBUFS; 11955} 11956 11957 11958const struct wpa_driver_ops wpa_driver_nl80211_ops = { 11959 .name = "nl80211", 11960 .desc = "Linux nl80211/cfg80211", 11961 .get_bssid = wpa_driver_nl80211_get_bssid, 11962 .get_ssid = wpa_driver_nl80211_get_ssid, 11963 .set_key = driver_nl80211_set_key, 11964 .scan2 = driver_nl80211_scan2, 11965 .sched_scan = wpa_driver_nl80211_sched_scan, 11966 .stop_sched_scan = wpa_driver_nl80211_stop_sched_scan, 11967 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 11968 .deauthenticate = driver_nl80211_deauthenticate, 11969 .authenticate = driver_nl80211_authenticate, 11970 .associate = wpa_driver_nl80211_associate, 11971 .global_init = nl80211_global_init, 11972 .global_deinit = nl80211_global_deinit, 11973 .init2 = wpa_driver_nl80211_init, 11974 .deinit = driver_nl80211_deinit, 11975 .get_capa = wpa_driver_nl80211_get_capa, 11976 .set_operstate = wpa_driver_nl80211_set_operstate, 11977 .set_supp_port = wpa_driver_nl80211_set_supp_port, 11978 .set_country = wpa_driver_nl80211_set_country, 11979 .get_country = wpa_driver_nl80211_get_country, 11980 .set_ap = wpa_driver_nl80211_set_ap, 11981 .set_acl = wpa_driver_nl80211_set_acl, 11982 .if_add = wpa_driver_nl80211_if_add, 11983 .if_remove = driver_nl80211_if_remove, 11984 .send_mlme = driver_nl80211_send_mlme, 11985 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 11986 .sta_add = wpa_driver_nl80211_sta_add, 11987 .sta_remove = driver_nl80211_sta_remove, 11988 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 11989 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 11990 .hapd_init = i802_init, 11991 .hapd_deinit = i802_deinit, 11992 .set_wds_sta = i802_set_wds_sta, 11993 .get_seqnum = i802_get_seqnum, 11994 .flush = i802_flush, 11995 .get_inact_sec = i802_get_inact_sec, 11996 .sta_clear_stats = i802_sta_clear_stats, 11997 .set_rts = i802_set_rts, 11998 .set_frag = i802_set_frag, 11999 .set_tx_queue_params = i802_set_tx_queue_params, 12000 .set_sta_vlan = driver_nl80211_set_sta_vlan, 12001 .sta_deauth = i802_sta_deauth, 12002 .sta_disassoc = i802_sta_disassoc, 12003 .read_sta_data = driver_nl80211_read_sta_data, 12004 .set_freq = i802_set_freq, 12005 .send_action = driver_nl80211_send_action, 12006 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait, 12007 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 12008 .cancel_remain_on_channel = 12009 wpa_driver_nl80211_cancel_remain_on_channel, 12010 .probe_req_report = driver_nl80211_probe_req_report, 12011 .deinit_ap = wpa_driver_nl80211_deinit_ap, 12012 .deinit_p2p_cli = wpa_driver_nl80211_deinit_p2p_cli, 12013 .resume = wpa_driver_nl80211_resume, 12014 .send_ft_action = nl80211_send_ft_action, 12015 .signal_monitor = nl80211_signal_monitor, 12016 .signal_poll = nl80211_signal_poll, 12017 .send_frame = nl80211_send_frame, 12018 .shared_freq = wpa_driver_nl80211_shared_freq, 12019 .set_param = nl80211_set_param, 12020 .get_radio_name = nl80211_get_radio_name, 12021 .add_pmkid = nl80211_add_pmkid, 12022 .remove_pmkid = nl80211_remove_pmkid, 12023 .flush_pmkid = nl80211_flush_pmkid, 12024 .set_rekey_info = nl80211_set_rekey_info, 12025 .poll_client = nl80211_poll_client, 12026 .set_p2p_powersave = nl80211_set_p2p_powersave, 12027 .start_dfs_cac = nl80211_start_radar_detection, 12028 .stop_ap = wpa_driver_nl80211_stop_ap, 12029#ifdef CONFIG_TDLS 12030 .send_tdls_mgmt = nl80211_send_tdls_mgmt, 12031 .tdls_oper = nl80211_tdls_oper, 12032#endif /* CONFIG_TDLS */ 12033 .update_ft_ies = wpa_driver_nl80211_update_ft_ies, 12034 .get_mac_addr = wpa_driver_nl80211_get_macaddr, 12035 .get_survey = wpa_driver_nl80211_get_survey, 12036 .status = wpa_driver_nl80211_status, 12037 .switch_channel = nl80211_switch_channel, 12038#ifdef ANDROID_P2P 12039 .set_noa = wpa_driver_set_p2p_noa, 12040 .get_noa = wpa_driver_get_p2p_noa, 12041 .set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie, 12042#endif /* ANDROID_P2P */ 12043#ifdef ANDROID 12044 .driver_cmd = wpa_driver_nl80211_driver_cmd, 12045#endif /* ANDROID */ 12046 .vendor_cmd = nl80211_vendor_cmd, 12047 .set_qos_map = nl80211_set_qos_map, 12048}; 12049