driver_nl80211.c revision c5ec7f57ead87efa365800228aa0b09a12d9e6c4
1/* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This software may be distributed under the terms of the BSD license. 10 * See README for more details. 11 */ 12 13#include "includes.h" 14#include <sys/ioctl.h> 15#include <sys/types.h> 16#include <sys/stat.h> 17#include <fcntl.h> 18#include <net/if.h> 19#include <netlink/genl/genl.h> 20#include <netlink/genl/family.h> 21#include <netlink/genl/ctrl.h> 22#include <linux/rtnetlink.h> 23#include <netpacket/packet.h> 24#include <linux/filter.h> 25#include <linux/errqueue.h> 26#include "nl80211_copy.h" 27 28#include "common.h" 29#include "eloop.h" 30#include "utils/list.h" 31#include "common/ieee802_11_defs.h" 32#include "common/ieee802_11_common.h" 33#include "l2_packet/l2_packet.h" 34#include "netlink.h" 35#include "linux_ioctl.h" 36#include "radiotap.h" 37#include "radiotap_iter.h" 38#include "rfkill.h" 39#include "driver.h" 40 41#ifndef SO_WIFI_STATUS 42# if defined(__sparc__) 43# define SO_WIFI_STATUS 0x0025 44# elif defined(__parisc__) 45# define SO_WIFI_STATUS 0x4022 46# else 47# define SO_WIFI_STATUS 41 48# endif 49 50# define SCM_WIFI_STATUS SO_WIFI_STATUS 51#endif 52 53#ifndef SO_EE_ORIGIN_TXSTATUS 54#define SO_EE_ORIGIN_TXSTATUS 4 55#endif 56 57#ifndef PACKET_TX_TIMESTAMP 58#define PACKET_TX_TIMESTAMP 16 59#endif 60 61#ifdef ANDROID 62#include "android_drv.h" 63#endif /* ANDROID */ 64#ifdef CONFIG_LIBNL20 65/* libnl 2.0 compatibility code */ 66#define nl_handle nl_sock 67#define nl80211_handle_alloc nl_socket_alloc_cb 68#define nl80211_handle_destroy nl_socket_free 69#else 70/* 71 * libnl 1.1 has a bug, it tries to allocate socket numbers densely 72 * but when you free a socket again it will mess up its bitmap and 73 * and use the wrong number the next time it needs a socket ID. 74 * Therefore, we wrap the handle alloc/destroy and add our own pid 75 * accounting. 76 */ 77static uint32_t port_bitmap[32] = { 0 }; 78 79static struct nl_handle *nl80211_handle_alloc(void *cb) 80{ 81 struct nl_handle *handle; 82 uint32_t pid = getpid() & 0x3FFFFF; 83 int i; 84 85 handle = nl_handle_alloc_cb(cb); 86 87 for (i = 0; i < 1024; i++) { 88 if (port_bitmap[i / 32] & (1 << (i % 32))) 89 continue; 90 port_bitmap[i / 32] |= 1 << (i % 32); 91 pid += i << 22; 92 break; 93 } 94 95 nl_socket_set_local_port(handle, pid); 96 97 return handle; 98} 99 100static void nl80211_handle_destroy(struct nl_handle *handle) 101{ 102 uint32_t port = nl_socket_get_local_port(handle); 103 104 port >>= 22; 105 port_bitmap[port / 32] &= ~(1 << (port % 32)); 106 107 nl_handle_destroy(handle); 108} 109#endif /* CONFIG_LIBNL20 */ 110 111 112static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg) 113{ 114 struct nl_handle *handle; 115 116 handle = nl80211_handle_alloc(cb); 117 if (handle == NULL) { 118 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 119 "callbacks (%s)", dbg); 120 return NULL; 121 } 122 123 if (genl_connect(handle)) { 124 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 125 "netlink (%s)", dbg); 126 nl80211_handle_destroy(handle); 127 return NULL; 128 } 129 130 return handle; 131} 132 133 134static void nl_destroy_handles(struct nl_handle **handle) 135{ 136 if (*handle == NULL) 137 return; 138 nl80211_handle_destroy(*handle); 139 *handle = NULL; 140} 141 142 143#ifndef IFF_LOWER_UP 144#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 145#endif 146#ifndef IFF_DORMANT 147#define IFF_DORMANT 0x20000 /* driver signals dormant */ 148#endif 149 150#ifndef IF_OPER_DORMANT 151#define IF_OPER_DORMANT 5 152#endif 153#ifndef IF_OPER_UP 154#define IF_OPER_UP 6 155#endif 156 157struct nl80211_global { 158 struct dl_list interfaces; 159 int if_add_ifindex; 160 struct netlink_data *netlink; 161 struct nl_cb *nl_cb; 162 struct nl_handle *nl; 163 int nl80211_id; 164 int ioctl_sock; /* socket for ioctl() use */ 165 166 struct nl_handle *nl_event; 167}; 168 169struct nl80211_wiphy_data { 170 struct dl_list list; 171 struct dl_list bsss; 172 struct dl_list drvs; 173 174 struct nl_handle *nl_beacons; 175 struct nl_cb *nl_cb; 176 177 int wiphy_idx; 178}; 179 180static void nl80211_global_deinit(void *priv); 181static void wpa_driver_nl80211_deinit(void *priv); 182 183struct i802_bss { 184 struct wpa_driver_nl80211_data *drv; 185 struct i802_bss *next; 186 int ifindex; 187 char ifname[IFNAMSIZ + 1]; 188 char brname[IFNAMSIZ]; 189 unsigned int beacon_set:1; 190 unsigned int added_if_into_bridge:1; 191 unsigned int added_bridge:1; 192 193 u8 addr[ETH_ALEN]; 194 195 int freq; 196 197 struct nl_handle *nl_preq, *nl_mgmt; 198 struct nl_cb *nl_cb; 199 200 struct nl80211_wiphy_data *wiphy_data; 201 struct dl_list wiphy_list; 202}; 203 204struct wpa_driver_nl80211_data { 205 struct nl80211_global *global; 206 struct dl_list list; 207 struct dl_list wiphy_list; 208 char phyname[32]; 209 void *ctx; 210 int ifindex; 211 int if_removed; 212 int if_disabled; 213 int ignore_if_down_event; 214 struct rfkill_data *rfkill; 215 struct wpa_driver_capa capa; 216 int has_capability; 217 218 int operstate; 219 220 int scan_complete_events; 221 222 struct nl_cb *nl_cb; 223 224 u8 auth_bssid[ETH_ALEN]; 225 u8 bssid[ETH_ALEN]; 226 int associated; 227 u8 ssid[32]; 228 size_t ssid_len; 229 enum nl80211_iftype nlmode; 230 enum nl80211_iftype ap_scan_as_station; 231 unsigned int assoc_freq; 232 233 int monitor_sock; 234 int monitor_ifidx; 235 int monitor_refcount; 236 237 unsigned int disabled_11b_rates:1; 238 unsigned int pending_remain_on_chan:1; 239 unsigned int in_interface_list:1; 240 unsigned int device_ap_sme:1; 241 unsigned int poll_command_supported:1; 242 unsigned int data_tx_status:1; 243 unsigned int scan_for_auth:1; 244 unsigned int retry_auth:1; 245 unsigned int use_monitor:1; 246 247 u64 remain_on_chan_cookie; 248 u64 send_action_cookie; 249 250 unsigned int last_mgmt_freq; 251 252 struct wpa_driver_scan_filter *filter_ssids; 253 size_t num_filter_ssids; 254 255 struct i802_bss first_bss; 256 257 int eapol_tx_sock; 258 259#ifdef HOSTAPD 260 int eapol_sock; /* socket for EAPOL frames */ 261 262 int default_if_indices[16]; 263 int *if_indices; 264 int num_if_indices; 265 266 int last_freq; 267 int last_freq_ht; 268#endif /* HOSTAPD */ 269 270 /* From failed authentication command */ 271 int auth_freq; 272 u8 auth_bssid_[ETH_ALEN]; 273 u8 auth_ssid[32]; 274 size_t auth_ssid_len; 275 int auth_alg; 276 u8 *auth_ie; 277 size_t auth_ie_len; 278 u8 auth_wep_key[4][16]; 279 size_t auth_wep_key_len[4]; 280 int auth_wep_tx_keyidx; 281 int auth_local_state_change; 282 int auth_p2p; 283}; 284 285 286static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 287 void *timeout_ctx); 288static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 289 enum nl80211_iftype nlmode); 290static int 291wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv); 292static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 293 const u8 *addr, int cmd, u16 reason_code, 294 int local_state_change); 295static void nl80211_remove_monitor_interface( 296 struct wpa_driver_nl80211_data *drv); 297static int nl80211_send_frame_cmd(struct i802_bss *bss, 298 unsigned int freq, unsigned int wait, 299 const u8 *buf, size_t buf_len, u64 *cookie, 300 int no_cck, int no_ack, int offchanok); 301static int wpa_driver_nl80211_probe_req_report(void *priv, int report); 302#ifdef ANDROID 303static int android_pno_start(struct i802_bss *bss, 304 struct wpa_driver_scan_params *params); 305static int android_pno_stop(struct i802_bss *bss); 306#endif /* ANDROID */ 307#ifdef ANDROID_P2P 308static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 309 enum wpa_event_type type, 310 const u8 *frame, size_t len); 311int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration); 312int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len); 313int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow); 314int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon, 315 const struct wpabuf *proberesp, 316 const struct wpabuf *assocresp); 317 318#endif 319#ifdef HOSTAPD 320static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 321static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 322static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 323static int wpa_driver_nl80211_if_remove(void *priv, 324 enum wpa_driver_if_type type, 325 const char *ifname); 326#else /* HOSTAPD */ 327static inline void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 328{ 329} 330 331static inline void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 332{ 333} 334 335static inline int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 336{ 337 return 0; 338} 339#endif /* HOSTAPD */ 340#ifdef ANDROID 341extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf, 342 size_t buf_len); 343#endif 344 345static int i802_set_freq(void *priv, struct hostapd_freq_params *freq); 346static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 347 int ifindex, int disabled); 348 349static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv); 350static int wpa_driver_nl80211_authenticate_retry( 351 struct wpa_driver_nl80211_data *drv); 352 353 354static int is_ap_interface(enum nl80211_iftype nlmode) 355{ 356 return (nlmode == NL80211_IFTYPE_AP || 357 nlmode == NL80211_IFTYPE_P2P_GO); 358} 359 360 361static int is_sta_interface(enum nl80211_iftype nlmode) 362{ 363 return (nlmode == NL80211_IFTYPE_STATION || 364 nlmode == NL80211_IFTYPE_P2P_CLIENT); 365} 366 367 368static int is_p2p_interface(enum nl80211_iftype nlmode) 369{ 370 return (nlmode == NL80211_IFTYPE_P2P_CLIENT || 371 nlmode == NL80211_IFTYPE_P2P_GO); 372} 373 374 375struct nl80211_bss_info_arg { 376 struct wpa_driver_nl80211_data *drv; 377 struct wpa_scan_results *res; 378 unsigned int assoc_freq; 379 u8 assoc_bssid[ETH_ALEN]; 380}; 381 382static int bss_info_handler(struct nl_msg *msg, void *arg); 383 384 385/* nl80211 code */ 386static int ack_handler(struct nl_msg *msg, void *arg) 387{ 388 int *err = arg; 389 *err = 0; 390 return NL_STOP; 391} 392 393static int finish_handler(struct nl_msg *msg, void *arg) 394{ 395 int *ret = arg; 396 *ret = 0; 397 return NL_SKIP; 398} 399 400static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 401 void *arg) 402{ 403 int *ret = arg; 404 *ret = err->error; 405 return NL_SKIP; 406} 407 408 409static int no_seq_check(struct nl_msg *msg, void *arg) 410{ 411 return NL_OK; 412} 413 414 415static int send_and_recv(struct nl80211_global *global, 416 struct nl_handle *nl_handle, struct nl_msg *msg, 417 int (*valid_handler)(struct nl_msg *, void *), 418 void *valid_data) 419{ 420 struct nl_cb *cb; 421 int err = -ENOMEM; 422 423 cb = nl_cb_clone(global->nl_cb); 424 if (!cb) 425 goto out; 426 427 err = nl_send_auto_complete(nl_handle, msg); 428 if (err < 0) 429 goto out; 430 431 err = 1; 432 433 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 434 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 435 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 436 437 if (valid_handler) 438 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 439 valid_handler, valid_data); 440 441 while (err > 0) 442 nl_recvmsgs(nl_handle, cb); 443 out: 444 nl_cb_put(cb); 445 nlmsg_free(msg); 446 return err; 447} 448 449 450static int send_and_recv_msgs_global(struct nl80211_global *global, 451 struct nl_msg *msg, 452 int (*valid_handler)(struct nl_msg *, void *), 453 void *valid_data) 454{ 455 return send_and_recv(global, global->nl, msg, valid_handler, 456 valid_data); 457} 458 459int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 460 struct nl_msg *msg, 461 int (*valid_handler)(struct nl_msg *, void *), 462 void *valid_data) 463{ 464 return send_and_recv(drv->global, drv->global->nl, msg, 465 valid_handler, valid_data); 466} 467 468 469struct family_data { 470 const char *group; 471 int id; 472}; 473 474 475static int family_handler(struct nl_msg *msg, void *arg) 476{ 477 struct family_data *res = arg; 478 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 479 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 480 struct nlattr *mcgrp; 481 int i; 482 483 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 484 genlmsg_attrlen(gnlh, 0), NULL); 485 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 486 return NL_SKIP; 487 488 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 489 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 490 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 491 nla_len(mcgrp), NULL); 492 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 493 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 494 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 495 res->group, 496 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 497 continue; 498 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 499 break; 500 }; 501 502 return NL_SKIP; 503} 504 505 506static int nl_get_multicast_id(struct nl80211_global *global, 507 const char *family, const char *group) 508{ 509 struct nl_msg *msg; 510 int ret = -1; 511 struct family_data res = { group, -ENOENT }; 512 513 msg = nlmsg_alloc(); 514 if (!msg) 515 return -ENOMEM; 516 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"), 517 0, 0, CTRL_CMD_GETFAMILY, 0); 518 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 519 520 ret = send_and_recv_msgs_global(global, msg, family_handler, &res); 521 msg = NULL; 522 if (ret == 0) 523 ret = res.id; 524 525nla_put_failure: 526 nlmsg_free(msg); 527 return ret; 528} 529 530 531static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv, 532 struct nl_msg *msg, int flags, uint8_t cmd) 533{ 534 return genlmsg_put(msg, 0, 0, drv->global->nl80211_id, 535 0, flags, cmd, 0); 536} 537 538 539struct wiphy_idx_data { 540 int wiphy_idx; 541}; 542 543 544static int netdev_info_handler(struct nl_msg *msg, void *arg) 545{ 546 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 547 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 548 struct wiphy_idx_data *info = arg; 549 550 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 551 genlmsg_attrlen(gnlh, 0), NULL); 552 553 if (tb[NL80211_ATTR_WIPHY]) 554 info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 555 556 return NL_SKIP; 557} 558 559 560static int nl80211_get_wiphy_index(struct i802_bss *bss) 561{ 562 struct nl_msg *msg; 563 struct wiphy_idx_data data = { 564 .wiphy_idx = -1, 565 }; 566 567 msg = nlmsg_alloc(); 568 if (!msg) 569 return -1; 570 571 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 572 573 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 574 575 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 576 return data.wiphy_idx; 577 msg = NULL; 578nla_put_failure: 579 nlmsg_free(msg); 580 return -1; 581} 582 583 584static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv, 585 struct nl80211_wiphy_data *w) 586{ 587 struct nl_msg *msg; 588 int ret = -1; 589 590 msg = nlmsg_alloc(); 591 if (!msg) 592 return -1; 593 594 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS); 595 596 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx); 597 598 ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL); 599 msg = NULL; 600 if (ret) { 601 wpa_printf(MSG_DEBUG, "nl80211: Register beacons command " 602 "failed: ret=%d (%s)", 603 ret, strerror(-ret)); 604 goto nla_put_failure; 605 } 606 ret = 0; 607nla_put_failure: 608 nlmsg_free(msg); 609 return ret; 610} 611 612 613static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle) 614{ 615 struct nl80211_wiphy_data *w = eloop_ctx; 616 617 wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available"); 618 619 nl_recvmsgs(handle, w->nl_cb); 620} 621 622 623static int process_beacon_event(struct nl_msg *msg, void *arg) 624{ 625 struct nl80211_wiphy_data *w = arg; 626 struct wpa_driver_nl80211_data *drv; 627 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 628 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 629 union wpa_event_data event; 630 631 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 632 genlmsg_attrlen(gnlh, 0), NULL); 633 634 if (gnlh->cmd != NL80211_CMD_FRAME) { 635 wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)", 636 gnlh->cmd); 637 return NL_SKIP; 638 } 639 640 if (!tb[NL80211_ATTR_FRAME]) 641 return NL_SKIP; 642 643 dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data, 644 wiphy_list) { 645 os_memset(&event, 0, sizeof(event)); 646 event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]); 647 event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]); 648 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 649 } 650 651 return NL_SKIP; 652} 653 654 655static struct nl80211_wiphy_data * 656nl80211_get_wiphy_data_ap(struct i802_bss *bss) 657{ 658 static DEFINE_DL_LIST(nl80211_wiphys); 659 struct nl80211_wiphy_data *w; 660 int wiphy_idx, found = 0; 661 struct i802_bss *tmp_bss; 662 663 if (bss->wiphy_data != NULL) 664 return bss->wiphy_data; 665 666 wiphy_idx = nl80211_get_wiphy_index(bss); 667 668 dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) { 669 if (w->wiphy_idx == wiphy_idx) 670 goto add; 671 } 672 673 /* alloc new one */ 674 w = os_zalloc(sizeof(*w)); 675 if (w == NULL) 676 return NULL; 677 w->wiphy_idx = wiphy_idx; 678 dl_list_init(&w->bsss); 679 dl_list_init(&w->drvs); 680 681 w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 682 if (!w->nl_cb) { 683 os_free(w); 684 return NULL; 685 } 686 nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 687 nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event, 688 w); 689 690 w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb, 691 "wiphy beacons"); 692 if (w->nl_beacons == NULL) { 693 os_free(w); 694 return NULL; 695 } 696 697 if (nl80211_register_beacons(bss->drv, w)) { 698 nl_destroy_handles(&w->nl_beacons); 699 os_free(w); 700 return NULL; 701 } 702 703 eloop_register_read_sock(nl_socket_get_fd(w->nl_beacons), 704 nl80211_recv_beacons, w, w->nl_beacons); 705 706 dl_list_add(&nl80211_wiphys, &w->list); 707 708add: 709 /* drv entry for this bss already there? */ 710 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 711 if (tmp_bss->drv == bss->drv) { 712 found = 1; 713 break; 714 } 715 } 716 /* if not add it */ 717 if (!found) 718 dl_list_add(&w->drvs, &bss->drv->wiphy_list); 719 720 dl_list_add(&w->bsss, &bss->wiphy_list); 721 bss->wiphy_data = w; 722 return w; 723} 724 725 726static void nl80211_put_wiphy_data_ap(struct i802_bss *bss) 727{ 728 struct nl80211_wiphy_data *w = bss->wiphy_data; 729 struct i802_bss *tmp_bss; 730 int found = 0; 731 732 if (w == NULL) 733 return; 734 bss->wiphy_data = NULL; 735 dl_list_del(&bss->wiphy_list); 736 737 /* still any for this drv present? */ 738 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 739 if (tmp_bss->drv == bss->drv) { 740 found = 1; 741 break; 742 } 743 } 744 /* if not remove it */ 745 if (!found) 746 dl_list_del(&bss->drv->wiphy_list); 747 748 if (!dl_list_empty(&w->bsss)) 749 return; 750 751 eloop_unregister_read_sock(nl_socket_get_fd(w->nl_beacons)); 752 753 nl_cb_put(w->nl_cb); 754 nl_destroy_handles(&w->nl_beacons); 755 dl_list_del(&w->list); 756 os_free(w); 757} 758 759 760static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 761{ 762 struct i802_bss *bss = priv; 763 struct wpa_driver_nl80211_data *drv = bss->drv; 764 if (!drv->associated) 765 return -1; 766 os_memcpy(bssid, drv->bssid, ETH_ALEN); 767 return 0; 768} 769 770 771static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 772{ 773 struct i802_bss *bss = priv; 774 struct wpa_driver_nl80211_data *drv = bss->drv; 775 if (!drv->associated) 776 return -1; 777 os_memcpy(ssid, drv->ssid, drv->ssid_len); 778 return drv->ssid_len; 779} 780 781 782static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv, 783 char *buf, size_t len, int del) 784{ 785 union wpa_event_data event; 786 787 os_memset(&event, 0, sizeof(event)); 788 if (len > sizeof(event.interface_status.ifname)) 789 len = sizeof(event.interface_status.ifname) - 1; 790 os_memcpy(event.interface_status.ifname, buf, len); 791 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 792 EVENT_INTERFACE_ADDED; 793 794 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 795 del ? "DEL" : "NEW", 796 event.interface_status.ifname, 797 del ? "removed" : "added"); 798 799 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) { 800 if (del) 801 drv->if_removed = 1; 802 else 803 drv->if_removed = 0; 804 } 805 806 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 807} 808 809 810static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 811 u8 *buf, size_t len) 812{ 813 int attrlen, rta_len; 814 struct rtattr *attr; 815 816 attrlen = len; 817 attr = (struct rtattr *) buf; 818 819 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 820 while (RTA_OK(attr, attrlen)) { 821 if (attr->rta_type == IFLA_IFNAME) { 822 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname) 823 == 0) 824 return 1; 825 else 826 break; 827 } 828 attr = RTA_NEXT(attr, attrlen); 829 } 830 831 return 0; 832} 833 834 835static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 836 int ifindex, u8 *buf, size_t len) 837{ 838 if (drv->ifindex == ifindex) 839 return 1; 840 841 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 842 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname); 843 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 844 "interface"); 845 wpa_driver_nl80211_finish_drv_init(drv); 846 return 1; 847 } 848 849 return 0; 850} 851 852 853static struct wpa_driver_nl80211_data * 854nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len) 855{ 856 struct wpa_driver_nl80211_data *drv; 857 dl_list_for_each(drv, &global->interfaces, 858 struct wpa_driver_nl80211_data, list) { 859 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) || 860 have_ifidx(drv, idx)) 861 return drv; 862 } 863 return NULL; 864} 865 866 867static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 868 struct ifinfomsg *ifi, 869 u8 *buf, size_t len) 870{ 871 struct nl80211_global *global = ctx; 872 struct wpa_driver_nl80211_data *drv; 873 int attrlen, rta_len; 874 struct rtattr *attr; 875 u32 brid = 0; 876 char namebuf[IFNAMSIZ]; 877 878 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 879 if (!drv) { 880 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign " 881 "ifindex %d", ifi->ifi_index); 882 return; 883 } 884 885 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 886 "(%s%s%s%s)", 887 drv->operstate, ifi->ifi_flags, 888 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 889 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 890 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 891 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 892 893 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 894 if (if_indextoname(ifi->ifi_index, namebuf) && 895 linux_iface_up(drv->global->ioctl_sock, 896 drv->first_bss.ifname) > 0) { 897 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 898 "event since interface %s is up", namebuf); 899 return; 900 } 901 wpa_printf(MSG_DEBUG, "nl80211: Interface down"); 902 if (drv->ignore_if_down_event) { 903 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 904 "event generated by mode change"); 905 drv->ignore_if_down_event = 0; 906 } else { 907 drv->if_disabled = 1; 908 wpa_supplicant_event(drv->ctx, 909 EVENT_INTERFACE_DISABLED, NULL); 910 } 911 } 912 913 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 914 if (if_indextoname(ifi->ifi_index, namebuf) && 915 linux_iface_up(drv->global->ioctl_sock, 916 drv->first_bss.ifname) == 0) { 917 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 918 "event since interface %s is down", 919 namebuf); 920 } else { 921 wpa_printf(MSG_DEBUG, "nl80211: Interface up"); 922 drv->if_disabled = 0; 923 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, 924 NULL); 925 } 926 } 927 928 /* 929 * Some drivers send the association event before the operup event--in 930 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 931 * fails. This will hit us when wpa_supplicant does not need to do 932 * IEEE 802.1X authentication 933 */ 934 if (drv->operstate == 1 && 935 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 936 !(ifi->ifi_flags & IFF_RUNNING)) 937 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 938 -1, IF_OPER_UP); 939 940 attrlen = len; 941 attr = (struct rtattr *) buf; 942 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 943 while (RTA_OK(attr, attrlen)) { 944 if (attr->rta_type == IFLA_IFNAME) { 945 wpa_driver_nl80211_event_link( 946 drv, 947 ((char *) attr) + rta_len, 948 attr->rta_len - rta_len, 0); 949 } else if (attr->rta_type == IFLA_MASTER) 950 brid = nla_get_u32((struct nlattr *) attr); 951 attr = RTA_NEXT(attr, attrlen); 952 } 953 954 if (ifi->ifi_family == AF_BRIDGE && brid) { 955 /* device has been added to bridge */ 956 if_indextoname(brid, namebuf); 957 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 958 brid, namebuf); 959 add_ifidx(drv, brid); 960 } 961} 962 963 964static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 965 struct ifinfomsg *ifi, 966 u8 *buf, size_t len) 967{ 968 struct nl80211_global *global = ctx; 969 struct wpa_driver_nl80211_data *drv; 970 int attrlen, rta_len; 971 struct rtattr *attr; 972 u32 brid = 0; 973 974 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 975 if (!drv) { 976 wpa_printf(MSG_DEBUG, "nl80211: Ignore dellink event for " 977 "foreign ifindex %d", ifi->ifi_index); 978 return; 979 } 980 981 attrlen = len; 982 attr = (struct rtattr *) buf; 983 984 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 985 while (RTA_OK(attr, attrlen)) { 986 if (attr->rta_type == IFLA_IFNAME) { 987 wpa_driver_nl80211_event_link( 988 drv, 989 ((char *) attr) + rta_len, 990 attr->rta_len - rta_len, 1); 991 } else if (attr->rta_type == IFLA_MASTER) 992 brid = nla_get_u32((struct nlattr *) attr); 993 attr = RTA_NEXT(attr, attrlen); 994 } 995 996 if (ifi->ifi_family == AF_BRIDGE && brid) { 997 /* device has been removed from bridge */ 998 char namebuf[IFNAMSIZ]; 999 if_indextoname(brid, namebuf); 1000 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 1001 "%s", brid, namebuf); 1002 del_ifidx(drv, brid); 1003 } 1004} 1005 1006 1007static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 1008 const u8 *frame, size_t len) 1009{ 1010 const struct ieee80211_mgmt *mgmt; 1011 union wpa_event_data event; 1012 1013 mgmt = (const struct ieee80211_mgmt *) frame; 1014 if (len < 24 + sizeof(mgmt->u.auth)) { 1015 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1016 "frame"); 1017 return; 1018 } 1019 1020 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 1021 os_memset(&event, 0, sizeof(event)); 1022 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 1023 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 1024 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 1025 if (len > 24 + sizeof(mgmt->u.auth)) { 1026 event.auth.ies = mgmt->u.auth.variable; 1027 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 1028 } 1029 1030 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 1031} 1032 1033 1034static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv) 1035{ 1036 struct nl_msg *msg; 1037 int ret; 1038 struct nl80211_bss_info_arg arg; 1039 1040 os_memset(&arg, 0, sizeof(arg)); 1041 msg = nlmsg_alloc(); 1042 if (!msg) 1043 goto nla_put_failure; 1044 1045 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 1046 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1047 1048 arg.drv = drv; 1049 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 1050 msg = NULL; 1051 if (ret == 0) { 1052 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the " 1053 "associated BSS from scan results: %u MHz", 1054 arg.assoc_freq); 1055 return arg.assoc_freq ? arg.assoc_freq : drv->assoc_freq; 1056 } 1057 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 1058 "(%s)", ret, strerror(-ret)); 1059nla_put_failure: 1060 nlmsg_free(msg); 1061 return drv->assoc_freq; 1062} 1063 1064 1065static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 1066 const u8 *frame, size_t len) 1067{ 1068 const struct ieee80211_mgmt *mgmt; 1069 union wpa_event_data event; 1070 u16 status; 1071 1072 mgmt = (const struct ieee80211_mgmt *) frame; 1073#if (defined (CONFIG_AP) || defined (HOSTAPD) ) && defined (ANDROID_P2P) 1074 if (drv->nlmode == NL80211_IFTYPE_AP || drv->nlmode == NL80211_IFTYPE_P2P_GO) { 1075 if (len < 24 + sizeof(mgmt->u.assoc_req)) { 1076 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1077 "frame"); 1078 return; 1079 } 1080 os_memset(&event, 0, sizeof(event)); 1081 event.assoc_info.freq = drv->assoc_freq; 1082 event.assoc_info.req_ies = (u8 *) mgmt->u.assoc_req.variable; 1083 event.assoc_info.req_ies_len = len - 24 - sizeof(mgmt->u.assoc_req); 1084 event.assoc_info.addr = mgmt->sa; 1085 } else { 1086#endif 1087 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 1088 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1089 "frame"); 1090 return; 1091 } 1092 1093 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1094 if (status != WLAN_STATUS_SUCCESS) { 1095 os_memset(&event, 0, sizeof(event)); 1096 event.assoc_reject.bssid = mgmt->bssid; 1097 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1098 event.assoc_reject.resp_ies = 1099 (u8 *) mgmt->u.assoc_resp.variable; 1100 event.assoc_reject.resp_ies_len = 1101 len - 24 - sizeof(mgmt->u.assoc_resp); 1102 } 1103 event.assoc_reject.status_code = status; 1104 1105 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1106 return; 1107 } 1108 1109 drv->associated = 1; 1110 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 1111 1112 os_memset(&event, 0, sizeof(event)); 1113 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1114 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 1115 event.assoc_info.resp_ies_len = 1116 len - 24 - sizeof(mgmt->u.assoc_resp); 1117 } 1118 1119 event.assoc_info.freq = drv->assoc_freq; 1120#if (defined (CONFIG_AP) || defined(HOSTAPD)) && defined (ANDROID_P2P) 1121 } 1122#endif 1123 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1124} 1125 1126 1127static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 1128 enum nl80211_commands cmd, struct nlattr *status, 1129 struct nlattr *addr, struct nlattr *req_ie, 1130 struct nlattr *resp_ie) 1131{ 1132 union wpa_event_data event; 1133 1134 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1135 /* 1136 * Avoid reporting two association events that would confuse 1137 * the core code. 1138 */ 1139 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 1140 "when using userspace SME", cmd); 1141 return; 1142 } 1143 1144 os_memset(&event, 0, sizeof(event)); 1145 if (cmd == NL80211_CMD_CONNECT && 1146 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 1147 if (addr) 1148 event.assoc_reject.bssid = nla_data(addr); 1149 if (resp_ie) { 1150 event.assoc_reject.resp_ies = nla_data(resp_ie); 1151 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 1152 } 1153 event.assoc_reject.status_code = nla_get_u16(status); 1154 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1155 return; 1156 } 1157 1158 drv->associated = 1; 1159 if (addr) 1160 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 1161 1162 if (req_ie) { 1163 event.assoc_info.req_ies = nla_data(req_ie); 1164 event.assoc_info.req_ies_len = nla_len(req_ie); 1165 } 1166 if (resp_ie) { 1167 event.assoc_info.resp_ies = nla_data(resp_ie); 1168 event.assoc_info.resp_ies_len = nla_len(resp_ie); 1169 } 1170 1171 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 1172 1173 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1174} 1175 1176 1177static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv, 1178 struct nlattr *reason, struct nlattr *addr, 1179 struct nlattr *by_ap) 1180{ 1181 union wpa_event_data data; 1182 1183 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1184 /* 1185 * Avoid reporting two disassociation events that could 1186 * confuse the core code. 1187 */ 1188 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1189 "event when using userspace SME"); 1190 return; 1191 } 1192 1193 drv->associated = 0; 1194 os_memset(&data, 0, sizeof(data)); 1195 if (reason) 1196 data.disassoc_info.reason_code = nla_get_u16(reason); 1197 data.disassoc_info.locally_generated = by_ap == NULL; 1198 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data); 1199} 1200 1201 1202static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 1203 enum nl80211_commands cmd, struct nlattr *addr) 1204{ 1205 union wpa_event_data event; 1206 enum wpa_event_type ev; 1207 1208 if (nla_len(addr) != ETH_ALEN) 1209 return; 1210 1211 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 1212 cmd, MAC2STR((u8 *) nla_data(addr))); 1213 1214 if (cmd == NL80211_CMD_AUTHENTICATE) 1215 ev = EVENT_AUTH_TIMED_OUT; 1216 else if (cmd == NL80211_CMD_ASSOCIATE) 1217 ev = EVENT_ASSOC_TIMED_OUT; 1218 else 1219 return; 1220 1221 os_memset(&event, 0, sizeof(event)); 1222 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 1223 wpa_supplicant_event(drv->ctx, ev, &event); 1224} 1225 1226 1227static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv, 1228 struct nlattr *freq, const u8 *frame, size_t len) 1229{ 1230 const struct ieee80211_mgmt *mgmt; 1231 union wpa_event_data event; 1232 u16 fc, stype; 1233 1234 mgmt = (const struct ieee80211_mgmt *) frame; 1235 if (len < 24) { 1236 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame"); 1237 return; 1238 } 1239 1240 fc = le_to_host16(mgmt->frame_control); 1241 stype = WLAN_FC_GET_STYPE(fc); 1242 1243 os_memset(&event, 0, sizeof(event)); 1244 if (freq) { 1245 event.rx_action.freq = nla_get_u32(freq); 1246 drv->last_mgmt_freq = event.rx_action.freq; 1247 } 1248 if (stype == WLAN_FC_STYPE_ACTION) { 1249 event.rx_action.da = mgmt->da; 1250 event.rx_action.sa = mgmt->sa; 1251 event.rx_action.bssid = mgmt->bssid; 1252 event.rx_action.category = mgmt->u.action.category; 1253 event.rx_action.data = &mgmt->u.action.category + 1; 1254 event.rx_action.len = frame + len - event.rx_action.data; 1255 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event); 1256#ifdef ANDROID_P2P 1257 } else if (stype == WLAN_FC_STYPE_ASSOC_REQ) { 1258 mlme_event_assoc(drv, frame, len); 1259 } else if (stype == WLAN_FC_STYPE_DISASSOC) { 1260 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, frame, len); 1261 } else if (stype == WLAN_FC_STYPE_DEAUTH) { 1262 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, frame, len); 1263#endif 1264 } else { 1265 event.rx_mgmt.frame = frame; 1266 event.rx_mgmt.frame_len = len; 1267 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 1268 } 1269} 1270 1271 1272static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv, 1273 struct nlattr *cookie, const u8 *frame, 1274 size_t len, struct nlattr *ack) 1275{ 1276 union wpa_event_data event; 1277 const struct ieee80211_hdr *hdr; 1278 u16 fc; 1279 1280 if (!is_ap_interface(drv->nlmode)) { 1281 u64 cookie_val; 1282 1283 if (!cookie) 1284 return; 1285 1286 cookie_val = nla_get_u64(cookie); 1287 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:" 1288 " cookie=0%llx%s (ack=%d)", 1289 (long long unsigned int) cookie_val, 1290 cookie_val == drv->send_action_cookie ? 1291 " (match)" : " (unknown)", ack != NULL); 1292 if (cookie_val != drv->send_action_cookie) 1293 return; 1294 } 1295 1296 hdr = (const struct ieee80211_hdr *) frame; 1297 fc = le_to_host16(hdr->frame_control); 1298 1299 os_memset(&event, 0, sizeof(event)); 1300 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 1301 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 1302 event.tx_status.dst = hdr->addr1; 1303 event.tx_status.data = frame; 1304 event.tx_status.data_len = len; 1305 event.tx_status.ack = ack != NULL; 1306 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 1307} 1308 1309 1310static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 1311 enum wpa_event_type type, 1312 const u8 *frame, size_t len) 1313{ 1314 const struct ieee80211_mgmt *mgmt; 1315 union wpa_event_data event; 1316 const u8 *bssid = NULL; 1317 u16 reason_code = 0; 1318 1319 mgmt = (const struct ieee80211_mgmt *) frame; 1320 if (len >= 24) { 1321 bssid = mgmt->bssid; 1322 1323 if (drv->associated != 0 && 1324 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 1325 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 1326 /* 1327 * We have presumably received this deauth as a 1328 * response to a clear_state_mismatch() outgoing 1329 * deauth. Don't let it take us offline! 1330 */ 1331 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 1332 "from Unknown BSSID " MACSTR " -- ignoring", 1333 MAC2STR(bssid)); 1334 return; 1335 } 1336 } 1337 1338 drv->associated = 0; 1339 os_memset(&event, 0, sizeof(event)); 1340 1341 /* Note: Same offset for Reason Code in both frame subtypes */ 1342 if (len >= 24 + sizeof(mgmt->u.deauth)) 1343 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1344 1345 if (type == EVENT_DISASSOC) { 1346 event.disassoc_info.locally_generated = 1347 !os_memcmp(mgmt->sa, drv->first_bss.addr, ETH_ALEN); 1348 1349#ifdef ANDROID_P2P 1350 if (drv->nlmode == NL80211_IFTYPE_AP || 1351 drv->nlmode == NL80211_IFTYPE_P2P_GO) { 1352 event.disassoc_info.addr = mgmt->sa; 1353 } else 1354#endif 1355 event.disassoc_info.addr = bssid; 1356 event.disassoc_info.reason_code = reason_code; 1357 if (frame + len > mgmt->u.disassoc.variable) { 1358 event.disassoc_info.ie = mgmt->u.disassoc.variable; 1359 event.disassoc_info.ie_len = frame + len - 1360 mgmt->u.disassoc.variable; 1361 } 1362 } else { 1363 event.deauth_info.locally_generated = 1364 !os_memcmp(mgmt->sa, drv->first_bss.addr, ETH_ALEN); 1365 1366#ifdef ANDROID_P2P 1367 if (drv->nlmode == NL80211_IFTYPE_AP || 1368 drv->nlmode == NL80211_IFTYPE_P2P_GO) { 1369 event.deauth_info.addr = mgmt->sa; 1370 } else 1371#endif 1372 event.deauth_info.addr = bssid; 1373 event.deauth_info.reason_code = reason_code; 1374 if (frame + len > mgmt->u.deauth.variable) { 1375 event.deauth_info.ie = mgmt->u.deauth.variable; 1376 event.deauth_info.ie_len = frame + len - 1377 mgmt->u.deauth.variable; 1378 } 1379 } 1380 1381 wpa_supplicant_event(drv->ctx, type, &event); 1382} 1383 1384 1385static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 1386 enum wpa_event_type type, 1387 const u8 *frame, size_t len) 1388{ 1389 const struct ieee80211_mgmt *mgmt; 1390 union wpa_event_data event; 1391 u16 reason_code = 0; 1392 1393 if (len < 24) 1394 return; 1395 1396 mgmt = (const struct ieee80211_mgmt *) frame; 1397 1398 os_memset(&event, 0, sizeof(event)); 1399 /* Note: Same offset for Reason Code in both frame subtypes */ 1400 if (len >= 24 + sizeof(mgmt->u.deauth)) 1401 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1402 1403 if (type == EVENT_UNPROT_DISASSOC) { 1404 event.unprot_disassoc.sa = mgmt->sa; 1405 event.unprot_disassoc.da = mgmt->da; 1406 event.unprot_disassoc.reason_code = reason_code; 1407 } else { 1408 event.unprot_deauth.sa = mgmt->sa; 1409 event.unprot_deauth.da = mgmt->da; 1410 event.unprot_deauth.reason_code = reason_code; 1411 } 1412 1413 wpa_supplicant_event(drv->ctx, type, &event); 1414} 1415 1416 1417static void mlme_event(struct wpa_driver_nl80211_data *drv, 1418 enum nl80211_commands cmd, struct nlattr *frame, 1419 struct nlattr *addr, struct nlattr *timed_out, 1420 struct nlattr *freq, struct nlattr *ack, 1421 struct nlattr *cookie) 1422{ 1423 if (timed_out && addr) { 1424 mlme_timeout_event(drv, cmd, addr); 1425 return; 1426 } 1427 1428 if (frame == NULL) { 1429 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame " 1430 "data", cmd); 1431 return; 1432 } 1433 1434 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd); 1435 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 1436 nla_data(frame), nla_len(frame)); 1437 1438 switch (cmd) { 1439 case NL80211_CMD_AUTHENTICATE: 1440 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 1441 break; 1442 case NL80211_CMD_ASSOCIATE: 1443 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 1444 break; 1445 case NL80211_CMD_DEAUTHENTICATE: 1446 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 1447 nla_data(frame), nla_len(frame)); 1448 break; 1449 case NL80211_CMD_DISASSOCIATE: 1450 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 1451 nla_data(frame), nla_len(frame)); 1452 break; 1453 case NL80211_CMD_FRAME: 1454 mlme_event_mgmt(drv, freq, nla_data(frame), nla_len(frame)); 1455 break; 1456 case NL80211_CMD_FRAME_TX_STATUS: 1457 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame), 1458 nla_len(frame), ack); 1459 break; 1460 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1461 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 1462 nla_data(frame), nla_len(frame)); 1463 break; 1464 case NL80211_CMD_UNPROT_DISASSOCIATE: 1465 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 1466 nla_data(frame), nla_len(frame)); 1467 break; 1468 default: 1469 break; 1470 } 1471} 1472 1473 1474static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv, 1475 struct nlattr *tb[]) 1476{ 1477 union wpa_event_data data; 1478 1479 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 1480 os_memset(&data, 0, sizeof(data)); 1481 if (tb[NL80211_ATTR_MAC]) { 1482 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 1483 nla_data(tb[NL80211_ATTR_MAC]), 1484 nla_len(tb[NL80211_ATTR_MAC])); 1485 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 1486 } 1487 if (tb[NL80211_ATTR_KEY_SEQ]) { 1488 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 1489 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 1490 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 1491 } 1492 if (tb[NL80211_ATTR_KEY_TYPE]) { 1493 enum nl80211_key_type key_type = 1494 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 1495 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 1496 if (key_type == NL80211_KEYTYPE_PAIRWISE) 1497 data.michael_mic_failure.unicast = 1; 1498 } else 1499 data.michael_mic_failure.unicast = 1; 1500 1501 if (tb[NL80211_ATTR_KEY_IDX]) { 1502 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 1503 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 1504 } 1505 1506 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 1507} 1508 1509 1510static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 1511 struct nlattr *tb[]) 1512{ 1513 if (tb[NL80211_ATTR_MAC] == NULL) { 1514 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 1515 "event"); 1516 return; 1517 } 1518 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1519 drv->associated = 1; 1520 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 1521 MAC2STR(drv->bssid)); 1522 1523 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 1524} 1525 1526 1527static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 1528 int cancel_event, struct nlattr *tb[]) 1529{ 1530 unsigned int freq, chan_type, duration; 1531 union wpa_event_data data; 1532 u64 cookie; 1533 1534 if (tb[NL80211_ATTR_WIPHY_FREQ]) 1535 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 1536 else 1537 freq = 0; 1538 1539 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 1540 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1541 else 1542 chan_type = 0; 1543 1544 if (tb[NL80211_ATTR_DURATION]) 1545 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 1546 else 1547 duration = 0; 1548 1549 if (tb[NL80211_ATTR_COOKIE]) 1550 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 1551 else 1552 cookie = 0; 1553 1554 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 1555 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 1556 cancel_event, freq, chan_type, duration, 1557 (long long unsigned int) cookie, 1558 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 1559 1560 if (cookie != drv->remain_on_chan_cookie) 1561 return; /* not for us */ 1562 1563 if (cancel_event) 1564 drv->pending_remain_on_chan = 0; 1565 1566 os_memset(&data, 0, sizeof(data)); 1567 data.remain_on_channel.freq = freq; 1568 data.remain_on_channel.duration = duration; 1569 wpa_supplicant_event(drv->ctx, cancel_event ? 1570 EVENT_CANCEL_REMAIN_ON_CHANNEL : 1571 EVENT_REMAIN_ON_CHANNEL, &data); 1572} 1573 1574 1575static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 1576 struct nlattr *tb[]) 1577{ 1578 union wpa_event_data event; 1579 struct nlattr *nl; 1580 int rem; 1581 struct scan_info *info; 1582#define MAX_REPORT_FREQS 50 1583 int freqs[MAX_REPORT_FREQS]; 1584 int num_freqs = 0; 1585 1586 if (drv->scan_for_auth) { 1587 drv->scan_for_auth = 0; 1588 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing " 1589 "cfg80211 BSS entry"); 1590 wpa_driver_nl80211_authenticate_retry(drv); 1591 return; 1592 } 1593 1594 os_memset(&event, 0, sizeof(event)); 1595 info = &event.scan_info; 1596 info->aborted = aborted; 1597 1598 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 1599 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 1600 struct wpa_driver_scan_ssid *s = 1601 &info->ssids[info->num_ssids]; 1602 s->ssid = nla_data(nl); 1603 s->ssid_len = nla_len(nl); 1604 info->num_ssids++; 1605 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 1606 break; 1607 } 1608 } 1609 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 1610 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 1611 { 1612 freqs[num_freqs] = nla_get_u32(nl); 1613 num_freqs++; 1614 if (num_freqs == MAX_REPORT_FREQS - 1) 1615 break; 1616 } 1617 info->freqs = freqs; 1618 info->num_freqs = num_freqs; 1619 } 1620 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 1621} 1622 1623 1624static int get_link_signal(struct nl_msg *msg, void *arg) 1625{ 1626 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1627 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1628 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1]; 1629 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = { 1630 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 }, 1631 }; 1632 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1]; 1633 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = { 1634 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 }, 1635 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 }, 1636 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG }, 1637 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG }, 1638 }; 1639 struct wpa_signal_info *sig_change = arg; 1640 1641 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1642 genlmsg_attrlen(gnlh, 0), NULL); 1643 if (!tb[NL80211_ATTR_STA_INFO] || 1644 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX, 1645 tb[NL80211_ATTR_STA_INFO], policy)) 1646 return NL_SKIP; 1647 if (!sinfo[NL80211_STA_INFO_SIGNAL]) 1648 return NL_SKIP; 1649 1650 sig_change->current_signal = 1651 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]); 1652 1653 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) { 1654 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX, 1655 sinfo[NL80211_STA_INFO_TX_BITRATE], 1656 rate_policy)) { 1657 sig_change->current_txrate = 0; 1658 } else { 1659 if (rinfo[NL80211_RATE_INFO_BITRATE]) { 1660 sig_change->current_txrate = 1661 nla_get_u16(rinfo[ 1662 NL80211_RATE_INFO_BITRATE]) * 100; 1663 } 1664 } 1665 } 1666 1667 return NL_SKIP; 1668} 1669 1670 1671static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, 1672 struct wpa_signal_info *sig) 1673{ 1674 struct nl_msg *msg; 1675 1676 sig->current_signal = -9999; 1677 sig->current_txrate = 0; 1678 1679 msg = nlmsg_alloc(); 1680 if (!msg) 1681 return -ENOMEM; 1682 1683 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 1684 1685 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1686 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 1687 1688 return send_and_recv_msgs(drv, msg, get_link_signal, sig); 1689 nla_put_failure: 1690 nlmsg_free(msg); 1691 return -ENOBUFS; 1692} 1693 1694 1695static int get_link_noise(struct nl_msg *msg, void *arg) 1696{ 1697 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1698 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1699 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 1700 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 1701 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 1702 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 1703 }; 1704 struct wpa_signal_info *sig_change = arg; 1705 1706 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1707 genlmsg_attrlen(gnlh, 0), NULL); 1708 1709 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 1710 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!"); 1711 return NL_SKIP; 1712 } 1713 1714 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 1715 tb[NL80211_ATTR_SURVEY_INFO], 1716 survey_policy)) { 1717 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested " 1718 "attributes!"); 1719 return NL_SKIP; 1720 } 1721 1722 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 1723 return NL_SKIP; 1724 1725 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 1726 sig_change->frequency) 1727 return NL_SKIP; 1728 1729 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 1730 return NL_SKIP; 1731 1732 sig_change->current_noise = 1733 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 1734 1735 return NL_SKIP; 1736} 1737 1738 1739static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, 1740 struct wpa_signal_info *sig_change) 1741{ 1742 struct nl_msg *msg; 1743 1744 sig_change->current_noise = 9999; 1745 sig_change->frequency = drv->assoc_freq; 1746 1747 msg = nlmsg_alloc(); 1748 if (!msg) 1749 return -ENOMEM; 1750 1751 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 1752 1753 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1754 1755 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change); 1756 nla_put_failure: 1757 nlmsg_free(msg); 1758 return -ENOBUFS; 1759} 1760 1761 1762static int get_noise_for_scan_results(struct nl_msg *msg, void *arg) 1763{ 1764 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1765 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1766 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 1767 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 1768 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 1769 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 1770 }; 1771 struct wpa_scan_results *scan_results = arg; 1772 struct wpa_scan_res *scan_res; 1773 size_t i; 1774 1775 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1776 genlmsg_attrlen(gnlh, 0), NULL); 1777 1778 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 1779 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing"); 1780 return NL_SKIP; 1781 } 1782 1783 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 1784 tb[NL80211_ATTR_SURVEY_INFO], 1785 survey_policy)) { 1786 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested " 1787 "attributes"); 1788 return NL_SKIP; 1789 } 1790 1791 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 1792 return NL_SKIP; 1793 1794 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 1795 return NL_SKIP; 1796 1797 for (i = 0; i < scan_results->num; ++i) { 1798 scan_res = scan_results->res[i]; 1799 if (!scan_res) 1800 continue; 1801 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 1802 scan_res->freq) 1803 continue; 1804 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID)) 1805 continue; 1806 scan_res->noise = (s8) 1807 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 1808 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID; 1809 } 1810 1811 return NL_SKIP; 1812} 1813 1814 1815static int nl80211_get_noise_for_scan_results( 1816 struct wpa_driver_nl80211_data *drv, 1817 struct wpa_scan_results *scan_res) 1818{ 1819 struct nl_msg *msg; 1820 1821 msg = nlmsg_alloc(); 1822 if (!msg) 1823 return -ENOMEM; 1824 1825 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 1826 1827 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1828 1829 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, 1830 scan_res); 1831 nla_put_failure: 1832 nlmsg_free(msg); 1833 return -ENOBUFS; 1834} 1835 1836 1837static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 1838 struct nlattr *tb[]) 1839{ 1840 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 1841 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 1842 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 1843 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 1844 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 1845 }; 1846 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 1847 enum nl80211_cqm_rssi_threshold_event event; 1848 union wpa_event_data ed; 1849 struct wpa_signal_info sig; 1850 int res; 1851 1852 if (tb[NL80211_ATTR_CQM] == NULL || 1853 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 1854 cqm_policy)) { 1855 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 1856 return; 1857 } 1858 1859 os_memset(&ed, 0, sizeof(ed)); 1860 1861 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 1862 if (!tb[NL80211_ATTR_MAC]) 1863 return; 1864 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 1865 ETH_ALEN); 1866 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 1867 return; 1868 } 1869 1870 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 1871 return; 1872 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 1873 1874 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 1875 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1876 "event: RSSI high"); 1877 ed.signal_change.above_threshold = 1; 1878 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 1879 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1880 "event: RSSI low"); 1881 ed.signal_change.above_threshold = 0; 1882 } else 1883 return; 1884 1885 res = nl80211_get_link_signal(drv, &sig); 1886 if (res == 0) { 1887 ed.signal_change.current_signal = sig.current_signal; 1888 ed.signal_change.current_txrate = sig.current_txrate; 1889 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 1890 sig.current_signal, sig.current_txrate); 1891 } 1892 1893 res = nl80211_get_link_noise(drv, &sig); 1894 if (res == 0) { 1895 ed.signal_change.current_noise = sig.current_noise; 1896 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 1897 sig.current_noise); 1898 } 1899 1900 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 1901} 1902 1903 1904static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 1905 struct nlattr **tb) 1906{ 1907 u8 *addr; 1908 union wpa_event_data data; 1909 1910 if (tb[NL80211_ATTR_MAC] == NULL) 1911 return; 1912 addr = nla_data(tb[NL80211_ATTR_MAC]); 1913 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 1914 1915 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 1916 u8 *ies = NULL; 1917 size_t ies_len = 0; 1918 if (tb[NL80211_ATTR_IE]) { 1919 ies = nla_data(tb[NL80211_ATTR_IE]); 1920 ies_len = nla_len(tb[NL80211_ATTR_IE]); 1921 } 1922 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 1923 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0); 1924 return; 1925 } 1926 1927 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1928 return; 1929 1930 os_memset(&data, 0, sizeof(data)); 1931 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 1932 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data); 1933} 1934 1935 1936static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 1937 struct nlattr **tb) 1938{ 1939 u8 *addr; 1940 union wpa_event_data data; 1941 1942 if (tb[NL80211_ATTR_MAC] == NULL) 1943 return; 1944 addr = nla_data(tb[NL80211_ATTR_MAC]); 1945 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 1946 MAC2STR(addr)); 1947 1948 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 1949 drv_event_disassoc(drv->ctx, addr); 1950 return; 1951 } 1952 1953 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1954 return; 1955 1956 os_memset(&data, 0, sizeof(data)); 1957 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 1958 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 1959} 1960 1961 1962static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv, 1963 struct nlattr **tb) 1964{ 1965 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA]; 1966 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = { 1967 [NL80211_REKEY_DATA_KEK] = { 1968 .minlen = NL80211_KEK_LEN, 1969 .maxlen = NL80211_KEK_LEN, 1970 }, 1971 [NL80211_REKEY_DATA_KCK] = { 1972 .minlen = NL80211_KCK_LEN, 1973 .maxlen = NL80211_KCK_LEN, 1974 }, 1975 [NL80211_REKEY_DATA_REPLAY_CTR] = { 1976 .minlen = NL80211_REPLAY_CTR_LEN, 1977 .maxlen = NL80211_REPLAY_CTR_LEN, 1978 }, 1979 }; 1980 union wpa_event_data data; 1981 1982 if (!tb[NL80211_ATTR_MAC]) 1983 return; 1984 if (!tb[NL80211_ATTR_REKEY_DATA]) 1985 return; 1986 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA, 1987 tb[NL80211_ATTR_REKEY_DATA], rekey_policy)) 1988 return; 1989 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]) 1990 return; 1991 1992 os_memset(&data, 0, sizeof(data)); 1993 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]); 1994 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR, 1995 MAC2STR(data.driver_gtk_rekey.bssid)); 1996 data.driver_gtk_rekey.replay_ctr = 1997 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]); 1998 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter", 1999 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN); 2000 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data); 2001} 2002 2003 2004static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv, 2005 struct nlattr **tb) 2006{ 2007 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE]; 2008 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = { 2009 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 }, 2010 [NL80211_PMKSA_CANDIDATE_BSSID] = { 2011 .minlen = ETH_ALEN, 2012 .maxlen = ETH_ALEN, 2013 }, 2014 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG }, 2015 }; 2016 union wpa_event_data data; 2017 2018 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE]) 2019 return; 2020 if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE, 2021 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy)) 2022 return; 2023 if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] || 2024 !cand[NL80211_PMKSA_CANDIDATE_BSSID]) 2025 return; 2026 2027 os_memset(&data, 0, sizeof(data)); 2028 os_memcpy(data.pmkid_candidate.bssid, 2029 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN); 2030 data.pmkid_candidate.index = 2031 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]); 2032 data.pmkid_candidate.preauth = 2033 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL; 2034 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 2035} 2036 2037 2038static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv, 2039 struct nlattr **tb) 2040{ 2041 union wpa_event_data data; 2042 2043 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK]) 2044 return; 2045 2046 os_memset(&data, 0, sizeof(data)); 2047 os_memcpy(data.client_poll.addr, 2048 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2049 2050 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data); 2051} 2052 2053 2054static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb, 2055 int wds) 2056{ 2057 struct wpa_driver_nl80211_data *drv = bss->drv; 2058 union wpa_event_data event; 2059 2060 if (!tb[NL80211_ATTR_MAC]) 2061 return; 2062 2063 os_memset(&event, 0, sizeof(event)); 2064 event.rx_from_unknown.bssid = bss->addr; 2065 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]); 2066 event.rx_from_unknown.wds = wds; 2067 2068 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 2069} 2070 2071 2072static void do_process_drv_event(struct wpa_driver_nl80211_data *drv, 2073 int cmd, struct nlattr **tb) 2074{ 2075 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED && 2076 (cmd == NL80211_CMD_NEW_SCAN_RESULTS || 2077 cmd == NL80211_CMD_SCAN_ABORTED)) { 2078 wpa_driver_nl80211_set_mode(&drv->first_bss, 2079 drv->ap_scan_as_station); 2080 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 2081 } 2082 2083 switch (cmd) { 2084 case NL80211_CMD_TRIGGER_SCAN: 2085 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger"); 2086 break; 2087 case NL80211_CMD_START_SCHED_SCAN: 2088 wpa_printf(MSG_DEBUG, "nl80211: Sched scan started"); 2089 break; 2090 case NL80211_CMD_SCHED_SCAN_STOPPED: 2091 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stopped"); 2092 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL); 2093 break; 2094 case NL80211_CMD_NEW_SCAN_RESULTS: 2095 wpa_printf(MSG_DEBUG, "nl80211: New scan results available"); 2096 drv->scan_complete_events = 1; 2097 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2098 drv->ctx); 2099 send_scan_event(drv, 0, tb); 2100 break; 2101 case NL80211_CMD_SCHED_SCAN_RESULTS: 2102 wpa_printf(MSG_DEBUG, 2103 "nl80211: New sched scan results available"); 2104 send_scan_event(drv, 0, tb); 2105 break; 2106 case NL80211_CMD_SCAN_ABORTED: 2107 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted"); 2108 /* 2109 * Need to indicate that scan results are available in order 2110 * not to make wpa_supplicant stop its scanning. 2111 */ 2112 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2113 drv->ctx); 2114 send_scan_event(drv, 1, tb); 2115 break; 2116 case NL80211_CMD_AUTHENTICATE: 2117 case NL80211_CMD_ASSOCIATE: 2118 case NL80211_CMD_DEAUTHENTICATE: 2119 case NL80211_CMD_DISASSOCIATE: 2120 case NL80211_CMD_FRAME_TX_STATUS: 2121 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 2122 case NL80211_CMD_UNPROT_DISASSOCIATE: 2123 mlme_event(drv, cmd, tb[NL80211_ATTR_FRAME], 2124 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 2125 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 2126 tb[NL80211_ATTR_COOKIE]); 2127 break; 2128 case NL80211_CMD_CONNECT: 2129 case NL80211_CMD_ROAM: 2130 mlme_event_connect(drv, cmd, 2131 tb[NL80211_ATTR_STATUS_CODE], 2132 tb[NL80211_ATTR_MAC], 2133 tb[NL80211_ATTR_REQ_IE], 2134 tb[NL80211_ATTR_RESP_IE]); 2135 break; 2136 case NL80211_CMD_DISCONNECT: 2137 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE], 2138 tb[NL80211_ATTR_MAC], 2139 tb[NL80211_ATTR_DISCONNECTED_BY_AP]); 2140 break; 2141 case NL80211_CMD_MICHAEL_MIC_FAILURE: 2142 mlme_event_michael_mic_failure(drv, tb); 2143 break; 2144 case NL80211_CMD_JOIN_IBSS: 2145 mlme_event_join_ibss(drv, tb); 2146 break; 2147 case NL80211_CMD_REMAIN_ON_CHANNEL: 2148 mlme_event_remain_on_channel(drv, 0, tb); 2149 break; 2150 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 2151 mlme_event_remain_on_channel(drv, 1, tb); 2152 break; 2153 case NL80211_CMD_NOTIFY_CQM: 2154 nl80211_cqm_event(drv, tb); 2155 break; 2156 case NL80211_CMD_REG_CHANGE: 2157 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 2158 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 2159 NULL); 2160 break; 2161 case NL80211_CMD_REG_BEACON_HINT: 2162 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 2163 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 2164 NULL); 2165 break; 2166 case NL80211_CMD_NEW_STATION: 2167 nl80211_new_station_event(drv, tb); 2168 break; 2169 case NL80211_CMD_DEL_STATION: 2170 nl80211_del_station_event(drv, tb); 2171 break; 2172 case NL80211_CMD_SET_REKEY_OFFLOAD: 2173 nl80211_rekey_offload_event(drv, tb); 2174 break; 2175 case NL80211_CMD_PMKSA_CANDIDATE: 2176 nl80211_pmksa_candidate_event(drv, tb); 2177 break; 2178 case NL80211_CMD_PROBE_CLIENT: 2179 nl80211_client_probe_event(drv, tb); 2180 break; 2181 default: 2182 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 2183 "(cmd=%d)", cmd); 2184 break; 2185 } 2186} 2187 2188 2189static int process_drv_event(struct nl_msg *msg, void *arg) 2190{ 2191 struct wpa_driver_nl80211_data *drv = arg; 2192 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2193 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2194 2195 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2196 genlmsg_attrlen(gnlh, 0), NULL); 2197 2198 if (tb[NL80211_ATTR_IFINDEX]) { 2199 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 2200 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) { 2201 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)" 2202 " for foreign interface (ifindex %d)", 2203 gnlh->cmd, ifindex); 2204 return NL_SKIP; 2205 } 2206 } 2207 2208 do_process_drv_event(drv, gnlh->cmd, tb); 2209 return NL_SKIP; 2210} 2211 2212 2213static int process_global_event(struct nl_msg *msg, void *arg) 2214{ 2215 struct nl80211_global *global = arg; 2216 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2217 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2218 struct wpa_driver_nl80211_data *drv; 2219 int ifidx = -1; 2220 2221 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2222 genlmsg_attrlen(gnlh, 0), NULL); 2223 2224 if (tb[NL80211_ATTR_IFINDEX]) 2225 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 2226 2227 dl_list_for_each(drv, &global->interfaces, 2228 struct wpa_driver_nl80211_data, list) { 2229 if (ifidx == -1 || ifidx == drv->ifindex || 2230 have_ifidx(drv, ifidx)) 2231 do_process_drv_event(drv, gnlh->cmd, tb); 2232 } 2233 2234 return NL_SKIP; 2235} 2236 2237 2238static int process_bss_event(struct nl_msg *msg, void *arg) 2239{ 2240 struct i802_bss *bss = arg; 2241 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2242 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2243 2244 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2245 genlmsg_attrlen(gnlh, 0), NULL); 2246 2247 switch (gnlh->cmd) { 2248 case NL80211_CMD_FRAME: 2249 case NL80211_CMD_FRAME_TX_STATUS: 2250 mlme_event(bss->drv, gnlh->cmd, tb[NL80211_ATTR_FRAME], 2251 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 2252 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 2253 tb[NL80211_ATTR_COOKIE]); 2254 break; 2255 case NL80211_CMD_UNEXPECTED_FRAME: 2256 nl80211_spurious_frame(bss, tb, 0); 2257 break; 2258 case NL80211_CMD_UNEXPECTED_4ADDR_FRAME: 2259 nl80211_spurious_frame(bss, tb, 1); 2260 break; 2261 default: 2262 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 2263 "(cmd=%d)", gnlh->cmd); 2264 break; 2265 } 2266 2267 return NL_SKIP; 2268} 2269 2270 2271static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 2272 void *handle) 2273{ 2274 struct nl_cb *cb = eloop_ctx; 2275 2276 wpa_printf(MSG_DEBUG, "nl80211: Event message available"); 2277 2278 nl_recvmsgs(handle, cb); 2279} 2280 2281 2282/** 2283 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 2284 * @priv: driver_nl80211 private data 2285 * @alpha2_arg: country to which to switch to 2286 * Returns: 0 on success, -1 on failure 2287 * 2288 * This asks nl80211 to set the regulatory domain for given 2289 * country ISO / IEC alpha2. 2290 */ 2291static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 2292{ 2293 struct i802_bss *bss = priv; 2294 struct wpa_driver_nl80211_data *drv = bss->drv; 2295 char alpha2[3]; 2296 struct nl_msg *msg; 2297 2298 msg = nlmsg_alloc(); 2299 if (!msg) 2300 return -ENOMEM; 2301 2302 alpha2[0] = alpha2_arg[0]; 2303 alpha2[1] = alpha2_arg[1]; 2304 alpha2[2] = '\0'; 2305 2306 nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG); 2307 2308 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 2309 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 2310 return -EINVAL; 2311 return 0; 2312nla_put_failure: 2313 nlmsg_free(msg); 2314 return -EINVAL; 2315} 2316 2317 2318struct wiphy_info_data { 2319 struct wpa_driver_capa *capa; 2320 2321 unsigned int error:1; 2322 unsigned int device_ap_sme:1; 2323 unsigned int poll_command_supported:1; 2324 unsigned int data_tx_status:1; 2325 unsigned int monitor_supported:1; 2326}; 2327 2328 2329static unsigned int probe_resp_offload_support(int supp_protocols) 2330{ 2331 unsigned int prot = 0; 2332 2333 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS) 2334 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS; 2335 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2) 2336 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2; 2337 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P) 2338 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P; 2339 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U) 2340 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING; 2341 2342 return prot; 2343} 2344 2345 2346static int wiphy_info_handler(struct nl_msg *msg, void *arg) 2347{ 2348 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2349 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2350 struct wiphy_info_data *info = arg; 2351 int p2p_go_supported = 0, p2p_client_supported = 0; 2352 int p2p_concurrent = 0; 2353 int auth_supported = 0, connect_supported = 0; 2354 struct wpa_driver_capa *capa = info->capa; 2355 static struct nla_policy 2356 iface_combination_policy[NUM_NL80211_IFACE_COMB] = { 2357 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED }, 2358 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 }, 2359 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG }, 2360 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 }, 2361 }, 2362 iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = { 2363 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED }, 2364 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 }, 2365 }; 2366 2367 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2368 genlmsg_attrlen(gnlh, 0), NULL); 2369 2370 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 2371 capa->max_scan_ssids = 2372 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 2373 2374 if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]) 2375 capa->max_sched_scan_ssids = 2376 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]); 2377 2378 if (tb[NL80211_ATTR_MAX_MATCH_SETS]) 2379 capa->max_match_sets = 2380 nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]); 2381 2382 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) { 2383 struct nlattr *nl_mode; 2384 int i; 2385 nla_for_each_nested(nl_mode, 2386 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) { 2387 switch (nla_type(nl_mode)) { 2388 case NL80211_IFTYPE_AP: 2389 capa->flags |= WPA_DRIVER_FLAGS_AP; 2390 break; 2391 case NL80211_IFTYPE_P2P_GO: 2392 p2p_go_supported = 1; 2393 break; 2394 case NL80211_IFTYPE_P2P_CLIENT: 2395 p2p_client_supported = 1; 2396 break; 2397 case NL80211_IFTYPE_MONITOR: 2398 info->monitor_supported = 1; 2399 break; 2400 } 2401 } 2402 } 2403 2404 if (tb[NL80211_ATTR_INTERFACE_COMBINATIONS]) { 2405 struct nlattr *nl_combi; 2406 int rem_combi; 2407 2408 nla_for_each_nested(nl_combi, 2409 tb[NL80211_ATTR_INTERFACE_COMBINATIONS], 2410 rem_combi) { 2411 struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB]; 2412 struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT]; 2413 struct nlattr *nl_limit, *nl_mode; 2414 int err, rem_limit, rem_mode; 2415 int combination_has_p2p = 0, combination_has_mgd = 0; 2416 2417 err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB, 2418 nl_combi, 2419 iface_combination_policy); 2420 if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] || 2421 !tb_comb[NL80211_IFACE_COMB_MAXNUM] || 2422 !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]) 2423 goto broken_combination; 2424 2425 nla_for_each_nested(nl_limit, 2426 tb_comb[NL80211_IFACE_COMB_LIMITS], 2427 rem_limit) { 2428 err = nla_parse_nested(tb_limit, 2429 MAX_NL80211_IFACE_LIMIT, 2430 nl_limit, 2431 iface_limit_policy); 2432 if (err || 2433 !tb_limit[NL80211_IFACE_LIMIT_TYPES]) 2434 goto broken_combination; 2435 2436 nla_for_each_nested( 2437 nl_mode, 2438 tb_limit[NL80211_IFACE_LIMIT_TYPES], 2439 rem_mode) { 2440 int ift = nla_type(nl_mode); 2441 if (ift == NL80211_IFTYPE_P2P_GO || 2442 ift == NL80211_IFTYPE_P2P_CLIENT) 2443 combination_has_p2p = 1; 2444 if (ift == NL80211_IFTYPE_STATION) 2445 combination_has_mgd = 1; 2446 } 2447 if (combination_has_p2p && combination_has_mgd) 2448 break; 2449 } 2450 2451 if (combination_has_p2p && combination_has_mgd) { 2452 p2p_concurrent = 1; 2453 break; 2454 } 2455 2456broken_combination: 2457 ; 2458 } 2459 } 2460 2461 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) { 2462 struct nlattr *nl_cmd; 2463 int i; 2464 2465 nla_for_each_nested(nl_cmd, 2466 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) { 2467 switch (nla_get_u32(nl_cmd)) { 2468 case NL80211_CMD_AUTHENTICATE: 2469 auth_supported = 1; 2470 break; 2471 case NL80211_CMD_CONNECT: 2472 connect_supported = 1; 2473 break; 2474 case NL80211_CMD_START_SCHED_SCAN: 2475 capa->sched_scan_supported = 1; 2476 break; 2477 case NL80211_CMD_PROBE_CLIENT: 2478 info->poll_command_supported = 1; 2479 break; 2480 } 2481 } 2482 } 2483 2484 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) { 2485 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based " 2486 "off-channel TX"); 2487 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 2488 } 2489 2490 if (tb[NL80211_ATTR_ROAM_SUPPORT]) { 2491 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming"); 2492 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION; 2493 } 2494 2495 /* default to 5000 since early versions of mac80211 don't set it */ 2496 capa->max_remain_on_chan = 5000; 2497 2498 if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD]) 2499 capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD; 2500 2501 if (tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]) 2502 capa->max_remain_on_chan = 2503 nla_get_u32(tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]); 2504 2505 if (auth_supported) 2506 capa->flags |= WPA_DRIVER_FLAGS_SME; 2507 else if (!connect_supported) { 2508 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 2509 "authentication/association or connect commands"); 2510 info->error = 1; 2511 } 2512 2513 if (p2p_go_supported && p2p_client_supported) 2514 capa->flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE; 2515 if (p2p_concurrent) { 2516 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 2517 "interface (driver advertised support)"); 2518 capa->flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 2519 capa->flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 2520 } 2521 2522 if (tb[NL80211_ATTR_TDLS_SUPPORT]) { 2523 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported"); 2524 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT; 2525 2526 if (tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]) { 2527 wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup"); 2528 capa->flags |= 2529 WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP; 2530 } 2531 } 2532 2533 if (tb[NL80211_ATTR_DEVICE_AP_SME]) 2534 info->device_ap_sme = 1; 2535 2536 if (tb[NL80211_ATTR_FEATURE_FLAGS]) { 2537 u32 flags = nla_get_u32(tb[NL80211_ATTR_FEATURE_FLAGS]); 2538 2539 if (flags & NL80211_FEATURE_SK_TX_STATUS) 2540 info->data_tx_status = 1; 2541 } 2542 2543 if (tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]) { 2544 int protocols = 2545 nla_get_u32(tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]); 2546 wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response " 2547 "offload in AP mode"); 2548 capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD; 2549 capa->probe_resp_offloads = 2550 probe_resp_offload_support(protocols); 2551 } 2552 2553 return NL_SKIP; 2554} 2555 2556 2557static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 2558 struct wiphy_info_data *info) 2559{ 2560 struct nl_msg *msg; 2561 2562 os_memset(info, 0, sizeof(*info)); 2563 info->capa = &drv->capa; 2564 2565 msg = nlmsg_alloc(); 2566 if (!msg) 2567 return -1; 2568 2569 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 2570 2571 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex); 2572 2573 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0) 2574 return 0; 2575 msg = NULL; 2576nla_put_failure: 2577 nlmsg_free(msg); 2578 return -1; 2579} 2580 2581 2582static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 2583{ 2584 struct wiphy_info_data info; 2585 if (wpa_driver_nl80211_get_info(drv, &info)) 2586 return -1; 2587 2588 if (info.error) 2589 return -1; 2590 2591 drv->has_capability = 1; 2592 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */ 2593 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 2594 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 2595 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 2596 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 2597 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 | 2598 WPA_DRIVER_CAPA_ENC_WEP104 | 2599 WPA_DRIVER_CAPA_ENC_TKIP | 2600 WPA_DRIVER_CAPA_ENC_CCMP; 2601 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 2602 WPA_DRIVER_AUTH_SHARED | 2603 WPA_DRIVER_AUTH_LEAP; 2604 2605 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES; 2606 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 2607 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 2608 drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS; 2609 2610 drv->device_ap_sme = info.device_ap_sme; 2611 drv->poll_command_supported = info.poll_command_supported; 2612 drv->data_tx_status = info.data_tx_status; 2613 2614 /* 2615 * If poll command is supported mac80211 is new enough to 2616 * have everything we need to not need monitor interfaces. 2617 */ 2618 drv->use_monitor = !info.poll_command_supported; 2619 2620 if (drv->device_ap_sme && drv->use_monitor) { 2621 /* 2622 * Non-mac80211 drivers may not support monitor interface. 2623 * Make sure we do not get stuck with incorrect capability here 2624 * by explicitly testing this. 2625 */ 2626 if (!info.monitor_supported) { 2627 wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor " 2628 "with device_ap_sme since no monitor mode " 2629 "support detected"); 2630 drv->use_monitor = 0; 2631 } 2632 } 2633 2634 /* 2635 * If we aren't going to use monitor interfaces, but the 2636 * driver doesn't support data TX status, we won't get TX 2637 * status for EAPOL frames. 2638 */ 2639 if (!drv->use_monitor && !info.data_tx_status) 2640 drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 2641 2642 return 0; 2643} 2644 2645 2646#ifdef ANDROID 2647static int android_genl_ctrl_resolve(struct nl_handle *handle, 2648 const char *name) 2649{ 2650 /* 2651 * Android ICS has very minimal genl_ctrl_resolve() implementation, so 2652 * need to work around that. 2653 */ 2654 struct nl_cache *cache = NULL; 2655 struct genl_family *nl80211 = NULL; 2656 int id = -1; 2657 2658 if (genl_ctrl_alloc_cache(handle, &cache) < 0) { 2659 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 2660 "netlink cache"); 2661 goto fail; 2662 } 2663 2664 nl80211 = genl_ctrl_search_by_name(cache, name); 2665 if (nl80211 == NULL) 2666 goto fail; 2667 2668 id = genl_family_get_id(nl80211); 2669 2670fail: 2671 if (nl80211) 2672 genl_family_put(nl80211); 2673 if (cache) 2674 nl_cache_free(cache); 2675 2676 return id; 2677} 2678#define genl_ctrl_resolve android_genl_ctrl_resolve 2679#endif /* ANDROID */ 2680 2681 2682static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global) 2683{ 2684 int ret; 2685 2686 global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 2687 if (global->nl_cb == NULL) { 2688 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 2689 "callbacks"); 2690 return -1; 2691 } 2692 2693 global->nl = nl_create_handle(global->nl_cb, "nl"); 2694 if (global->nl == NULL) 2695 goto err; 2696 2697 global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211"); 2698 if (global->nl80211_id < 0) { 2699 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 2700 "found"); 2701 goto err; 2702 } 2703 2704 global->nl_event = nl_create_handle(global->nl_cb, "event"); 2705 if (global->nl_event == NULL) 2706 goto err; 2707 2708 ret = nl_get_multicast_id(global, "nl80211", "scan"); 2709 if (ret >= 0) 2710 ret = nl_socket_add_membership(global->nl_event, ret); 2711 if (ret < 0) { 2712 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 2713 "membership for scan events: %d (%s)", 2714 ret, strerror(-ret)); 2715 goto err; 2716 } 2717 2718 ret = nl_get_multicast_id(global, "nl80211", "mlme"); 2719 if (ret >= 0) 2720 ret = nl_socket_add_membership(global->nl_event, ret); 2721 if (ret < 0) { 2722 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 2723 "membership for mlme events: %d (%s)", 2724 ret, strerror(-ret)); 2725 goto err; 2726 } 2727 2728 ret = nl_get_multicast_id(global, "nl80211", "regulatory"); 2729 if (ret >= 0) 2730 ret = nl_socket_add_membership(global->nl_event, ret); 2731 if (ret < 0) { 2732 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 2733 "membership for regulatory events: %d (%s)", 2734 ret, strerror(-ret)); 2735 /* Continue without regulatory events */ 2736 } 2737 2738 nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 2739 no_seq_check, NULL); 2740 nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 2741 process_global_event, global); 2742 2743 eloop_register_read_sock(nl_socket_get_fd(global->nl_event), 2744 wpa_driver_nl80211_event_receive, 2745 global->nl_cb, global->nl_event); 2746 2747 return 0; 2748 2749err: 2750 nl_destroy_handles(&global->nl_event); 2751 nl_destroy_handles(&global->nl); 2752 nl_cb_put(global->nl_cb); 2753 global->nl_cb = NULL; 2754 return -1; 2755} 2756 2757 2758static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) 2759{ 2760 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 2761 if (!drv->nl_cb) { 2762 wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct"); 2763 return -1; 2764 } 2765 2766 nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 2767 no_seq_check, NULL); 2768 nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 2769 process_drv_event, drv); 2770 2771 return 0; 2772} 2773 2774 2775static void wpa_driver_nl80211_rfkill_blocked(void *ctx) 2776{ 2777 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); 2778 /* 2779 * This may be for any interface; use ifdown event to disable 2780 * interface. 2781 */ 2782} 2783 2784 2785static void wpa_driver_nl80211_rfkill_unblocked(void *ctx) 2786{ 2787 struct wpa_driver_nl80211_data *drv = ctx; 2788 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked"); 2789 if (linux_set_iface_flags(drv->global->ioctl_sock, 2790 drv->first_bss.ifname, 1)) { 2791 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP " 2792 "after rfkill unblock"); 2793 return; 2794 } 2795 /* rtnetlink ifup handler will report interface as enabled */ 2796} 2797 2798 2799static void nl80211_get_phy_name(struct wpa_driver_nl80211_data *drv) 2800{ 2801 /* Find phy (radio) to which this interface belongs */ 2802 char buf[90], *pos; 2803 int f, rv; 2804 2805 drv->phyname[0] = '\0'; 2806 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name", 2807 drv->first_bss.ifname); 2808 f = open(buf, O_RDONLY); 2809 if (f < 0) { 2810 wpa_printf(MSG_DEBUG, "Could not open file %s: %s", 2811 buf, strerror(errno)); 2812 return; 2813 } 2814 2815 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1); 2816 close(f); 2817 if (rv < 0) { 2818 wpa_printf(MSG_DEBUG, "Could not read file %s: %s", 2819 buf, strerror(errno)); 2820 return; 2821 } 2822 2823 drv->phyname[rv] = '\0'; 2824 pos = os_strchr(drv->phyname, '\n'); 2825 if (pos) 2826 *pos = '\0'; 2827 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s", 2828 drv->first_bss.ifname, drv->phyname); 2829} 2830 2831 2832static void wpa_driver_nl80211_handle_eapol_tx_status(int sock, 2833 void *eloop_ctx, 2834 void *handle) 2835{ 2836 struct wpa_driver_nl80211_data *drv = eloop_ctx; 2837 u8 data[2048]; 2838 struct msghdr msg; 2839 struct iovec entry; 2840 struct { 2841 struct cmsghdr cm; 2842 char control[512]; 2843 } control; 2844 struct cmsghdr *cmsg; 2845 int res, found_ee = 0, found_wifi = 0, acked = 0; 2846 union wpa_event_data event; 2847 2848 memset(&msg, 0, sizeof(msg)); 2849 msg.msg_iov = &entry; 2850 msg.msg_iovlen = 1; 2851 entry.iov_base = data; 2852 entry.iov_len = sizeof(data); 2853 msg.msg_control = &control; 2854 msg.msg_controllen = sizeof(control); 2855 2856 res = recvmsg(sock, &msg, MSG_ERRQUEUE); 2857 /* if error or not fitting 802.3 header, return */ 2858 if (res < 14) 2859 return; 2860 2861 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) 2862 { 2863 if (cmsg->cmsg_level == SOL_SOCKET && 2864 cmsg->cmsg_type == SCM_WIFI_STATUS) { 2865 int *ack; 2866 2867 found_wifi = 1; 2868 ack = (void *)CMSG_DATA(cmsg); 2869 acked = *ack; 2870 } 2871 2872 if (cmsg->cmsg_level == SOL_PACKET && 2873 cmsg->cmsg_type == PACKET_TX_TIMESTAMP) { 2874 struct sock_extended_err *err = 2875 (struct sock_extended_err *)CMSG_DATA(cmsg); 2876 2877 if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS) 2878 found_ee = 1; 2879 } 2880 } 2881 2882 if (!found_ee || !found_wifi) 2883 return; 2884 2885 memset(&event, 0, sizeof(event)); 2886 event.eapol_tx_status.dst = data; 2887 event.eapol_tx_status.data = data + 14; 2888 event.eapol_tx_status.data_len = res - 14; 2889 event.eapol_tx_status.ack = acked; 2890 wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event); 2891} 2892 2893 2894static int nl80211_init_bss(struct i802_bss *bss) 2895{ 2896 bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 2897 if (!bss->nl_cb) 2898 return -1; 2899 2900 nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 2901 no_seq_check, NULL); 2902 nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 2903 process_bss_event, bss); 2904 2905 return 0; 2906} 2907 2908 2909static void nl80211_destroy_bss(struct i802_bss *bss) 2910{ 2911 nl_cb_put(bss->nl_cb); 2912 bss->nl_cb = NULL; 2913} 2914 2915 2916/** 2917 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 2918 * @ctx: context to be used when calling wpa_supplicant functions, 2919 * e.g., wpa_supplicant_event() 2920 * @ifname: interface name, e.g., wlan0 2921 * @global_priv: private driver global data from global_init() 2922 * Returns: Pointer to private data, %NULL on failure 2923 */ 2924static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, 2925 void *global_priv) 2926{ 2927 struct wpa_driver_nl80211_data *drv; 2928 struct rfkill_config *rcfg; 2929 struct i802_bss *bss; 2930 2931 if (global_priv == NULL) 2932 return NULL; 2933 drv = os_zalloc(sizeof(*drv)); 2934 if (drv == NULL) 2935 return NULL; 2936 drv->global = global_priv; 2937 drv->ctx = ctx; 2938 bss = &drv->first_bss; 2939 bss->drv = drv; 2940 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 2941 drv->monitor_ifidx = -1; 2942 drv->monitor_sock = -1; 2943 drv->eapol_tx_sock = -1; 2944 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 2945 2946 if (wpa_driver_nl80211_init_nl(drv)) { 2947 os_free(drv); 2948 return NULL; 2949 } 2950 2951 if (nl80211_init_bss(bss)) 2952 goto failed; 2953 2954 nl80211_get_phy_name(drv); 2955 2956 rcfg = os_zalloc(sizeof(*rcfg)); 2957 if (rcfg == NULL) 2958 goto failed; 2959 rcfg->ctx = drv; 2960 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 2961 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked; 2962 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked; 2963 drv->rfkill = rfkill_init(rcfg); 2964 if (drv->rfkill == NULL) { 2965 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available"); 2966 os_free(rcfg); 2967 } 2968 2969 if (wpa_driver_nl80211_finish_drv_init(drv)) 2970 goto failed; 2971 2972 drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0); 2973 if (drv->eapol_tx_sock < 0) 2974 goto failed; 2975 2976 if (drv->data_tx_status) { 2977 int enabled = 1; 2978 2979 if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS, 2980 &enabled, sizeof(enabled)) < 0) { 2981 wpa_printf(MSG_DEBUG, 2982 "nl80211: wifi status sockopt failed\n"); 2983 drv->data_tx_status = 0; 2984 if (!drv->use_monitor) 2985 drv->capa.flags &= 2986 ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 2987 } else { 2988 eloop_register_read_sock(drv->eapol_tx_sock, 2989 wpa_driver_nl80211_handle_eapol_tx_status, 2990 drv, NULL); 2991 } 2992 } 2993 2994 if (drv->global) { 2995 dl_list_add(&drv->global->interfaces, &drv->list); 2996 drv->in_interface_list = 1; 2997 } 2998 2999 return bss; 3000 3001failed: 3002 wpa_driver_nl80211_deinit(bss); 3003 return NULL; 3004} 3005 3006 3007static int nl80211_register_frame(struct i802_bss *bss, 3008 struct nl_handle *nl_handle, 3009 u16 type, const u8 *match, size_t match_len) 3010{ 3011 struct wpa_driver_nl80211_data *drv = bss->drv; 3012 struct nl_msg *msg; 3013 int ret = -1; 3014 3015 msg = nlmsg_alloc(); 3016 if (!msg) 3017 return -1; 3018 3019 wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x nl_handle=%p", 3020 type, nl_handle); 3021 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 3022 match, match_len); 3023 3024 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION); 3025 3026 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 3027 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type); 3028 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 3029 3030 ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL); 3031 msg = NULL; 3032 if (ret) { 3033 wpa_printf(MSG_DEBUG, "nl80211: Register frame command " 3034 "failed (type=%u): ret=%d (%s)", 3035 type, ret, strerror(-ret)); 3036 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 3037 match, match_len); 3038 goto nla_put_failure; 3039 } 3040 ret = 0; 3041nla_put_failure: 3042 nlmsg_free(msg); 3043 return ret; 3044} 3045 3046 3047static int nl80211_alloc_mgmt_handle(struct i802_bss *bss) 3048{ 3049 struct wpa_driver_nl80211_data *drv = bss->drv; 3050 3051 if (bss->nl_mgmt) { 3052 wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting " 3053 "already on! (nl_mgmt=%p)", bss->nl_mgmt); 3054 return -1; 3055 } 3056 3057 bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt"); 3058 if (bss->nl_mgmt == NULL) 3059 return -1; 3060 3061 eloop_register_read_sock(nl_socket_get_fd(bss->nl_mgmt), 3062 wpa_driver_nl80211_event_receive, bss->nl_cb, 3063 bss->nl_mgmt); 3064 3065 return 0; 3066} 3067 3068 3069static int nl80211_register_action_frame(struct i802_bss *bss, 3070 const u8 *match, size_t match_len) 3071{ 3072 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4); 3073 return nl80211_register_frame(bss, bss->nl_mgmt, 3074 type, match, match_len); 3075} 3076 3077 3078static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss) 3079{ 3080 struct wpa_driver_nl80211_data *drv = bss->drv; 3081 3082 if (nl80211_alloc_mgmt_handle(bss)) 3083 return -1; 3084 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP " 3085 "handle %p", bss->nl_mgmt); 3086 3087#if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING) 3088 /* GAS Initial Request */ 3089 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0) 3090 return -1; 3091 /* GAS Initial Response */ 3092 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0) 3093 return -1; 3094 /* GAS Comeback Request */ 3095 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0) 3096 return -1; 3097 /* GAS Comeback Response */ 3098 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0) 3099 return -1; 3100#endif /* CONFIG_P2P || CONFIG_INTERWORKING */ 3101#ifdef CONFIG_P2P 3102 /* P2P Public Action */ 3103 if (nl80211_register_action_frame(bss, 3104 (u8 *) "\x04\x09\x50\x6f\x9a\x09", 3105 6) < 0) 3106 return -1; 3107 /* P2P Action */ 3108 if (nl80211_register_action_frame(bss, 3109 (u8 *) "\x7f\x50\x6f\x9a\x09", 3110 5) < 0) 3111 return -1; 3112#endif /* CONFIG_P2P */ 3113#ifdef CONFIG_IEEE80211W 3114 /* SA Query Response */ 3115 if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0) 3116 return -1; 3117#endif /* CONFIG_IEEE80211W */ 3118#ifdef CONFIG_TDLS 3119 if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) { 3120 /* TDLS Discovery Response */ 3121 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) < 3122 0) 3123 return -1; 3124 } 3125#endif /* CONFIG_TDLS */ 3126 3127 /* FT Action frames */ 3128 if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0) 3129 return -1; 3130 else 3131 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 3132 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 3133 3134 /* WNM - BSS Transition Management Request */ 3135 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0) 3136 return -1; 3137 3138 return 0; 3139} 3140 3141 3142static int nl80211_register_spurious_class3(struct i802_bss *bss) 3143{ 3144 struct wpa_driver_nl80211_data *drv = bss->drv; 3145 struct nl_msg *msg; 3146 int ret = -1; 3147 3148 msg = nlmsg_alloc(); 3149 if (!msg) 3150 return -1; 3151 3152 nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME); 3153 3154 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 3155 3156 ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL); 3157 msg = NULL; 3158 if (ret) { 3159 wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 " 3160 "failed: ret=%d (%s)", 3161 ret, strerror(-ret)); 3162 goto nla_put_failure; 3163 } 3164 ret = 0; 3165nla_put_failure: 3166 nlmsg_free(msg); 3167 return ret; 3168} 3169 3170 3171static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss) 3172{ 3173 static const int stypes[] = { 3174 WLAN_FC_STYPE_AUTH, 3175 WLAN_FC_STYPE_ASSOC_REQ, 3176 WLAN_FC_STYPE_REASSOC_REQ, 3177 WLAN_FC_STYPE_DISASSOC, 3178 WLAN_FC_STYPE_DEAUTH, 3179 WLAN_FC_STYPE_ACTION, 3180 WLAN_FC_STYPE_PROBE_REQ, 3181/* Beacon doesn't work as mac80211 doesn't currently allow 3182 * it, but it wouldn't really be the right thing anyway as 3183 * it isn't per interface ... maybe just dump the scan 3184 * results periodically for OLBC? 3185 */ 3186// WLAN_FC_STYPE_BEACON, 3187 }; 3188 unsigned int i; 3189 3190 if (nl80211_alloc_mgmt_handle(bss)) 3191 return -1; 3192 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 3193 "handle %p", bss->nl_mgmt); 3194 3195 for (i = 0; i < sizeof(stypes) / sizeof(stypes[0]); i++) { 3196 if (nl80211_register_frame(bss, bss->nl_mgmt, 3197 (WLAN_FC_TYPE_MGMT << 2) | 3198 (stypes[i] << 4), 3199 NULL, 0) < 0) { 3200 goto out_err; 3201 } 3202 } 3203 3204 if (nl80211_register_spurious_class3(bss)) 3205 goto out_err; 3206 3207 if (nl80211_get_wiphy_data_ap(bss) == NULL) 3208 goto out_err; 3209 3210 return 0; 3211 3212out_err: 3213 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt)); 3214 nl_destroy_handles(&bss->nl_mgmt); 3215 return -1; 3216} 3217 3218 3219static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss) 3220{ 3221 if (nl80211_alloc_mgmt_handle(bss)) 3222 return -1; 3223 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 3224 "handle %p (device SME)", bss->nl_mgmt); 3225 3226 if (nl80211_register_frame(bss, bss->nl_mgmt, 3227 (WLAN_FC_TYPE_MGMT << 2) | 3228 (WLAN_FC_STYPE_ACTION << 4), 3229 NULL, 0) < 0) 3230 goto out_err; 3231 3232 return 0; 3233 3234out_err: 3235 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt)); 3236 nl_destroy_handles(&bss->nl_mgmt); 3237 return -1; 3238} 3239 3240 3241static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason) 3242{ 3243 if (bss->nl_mgmt == NULL) 3244 return; 3245 wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p " 3246 "(%s)", bss->nl_mgmt, reason); 3247 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt)); 3248 nl_destroy_handles(&bss->nl_mgmt); 3249 3250 nl80211_put_wiphy_data_ap(bss); 3251} 3252 3253 3254static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx) 3255{ 3256 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 3257} 3258 3259 3260static int 3261wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv) 3262{ 3263 struct i802_bss *bss = &drv->first_bss; 3264 int send_rfkill_event = 0; 3265 3266 drv->ifindex = if_nametoindex(bss->ifname); 3267 drv->first_bss.ifindex = drv->ifindex; 3268 3269#ifndef HOSTAPD 3270 /* 3271 * Make sure the interface starts up in station mode unless this is a 3272 * dynamically added interface (e.g., P2P) that was already configured 3273 * with proper iftype. 3274 */ 3275 if (drv->ifindex != drv->global->if_add_ifindex && 3276 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION) < 0) { 3277 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver to " 3278 "use managed mode"); 3279 return -1; 3280 } 3281 3282 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) { 3283 if (rfkill_is_blocked(drv->rfkill)) { 3284 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable " 3285 "interface '%s' due to rfkill", 3286 bss->ifname); 3287 drv->if_disabled = 1; 3288 send_rfkill_event = 1; 3289 } else { 3290 wpa_printf(MSG_ERROR, "nl80211: Could not set " 3291 "interface '%s' UP", bss->ifname); 3292 return -1; 3293 } 3294 } 3295 3296 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 3297 1, IF_OPER_DORMANT); 3298#endif /* HOSTAPD */ 3299 3300 if (wpa_driver_nl80211_capa(drv)) 3301 return -1; 3302 3303 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 3304 bss->addr)) 3305 return -1; 3306 3307 if (send_rfkill_event) { 3308 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill, 3309 drv, drv->ctx); 3310 } 3311 3312 return 0; 3313} 3314 3315 3316static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 3317{ 3318 struct nl_msg *msg; 3319 3320 msg = nlmsg_alloc(); 3321 if (!msg) 3322 return -ENOMEM; 3323 3324 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON); 3325 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3326 3327 return send_and_recv_msgs(drv, msg, NULL, NULL); 3328 nla_put_failure: 3329 nlmsg_free(msg); 3330 return -ENOBUFS; 3331} 3332 3333 3334/** 3335 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 3336 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init() 3337 * 3338 * Shut down driver interface and processing of driver events. Free 3339 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 3340 */ 3341static void wpa_driver_nl80211_deinit(void *priv) 3342{ 3343 struct i802_bss *bss = priv; 3344 struct wpa_driver_nl80211_data *drv = bss->drv; 3345 3346 if (drv->data_tx_status) 3347 eloop_unregister_read_sock(drv->eapol_tx_sock); 3348 if (drv->eapol_tx_sock >= 0) 3349 close(drv->eapol_tx_sock); 3350 3351 if (bss->nl_preq) 3352 wpa_driver_nl80211_probe_req_report(bss, 0); 3353 if (bss->added_if_into_bridge) { 3354 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 3355 bss->ifname) < 0) 3356 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 3357 "interface %s from bridge %s: %s", 3358 bss->ifname, bss->brname, strerror(errno)); 3359 } 3360 if (bss->added_bridge) { 3361 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 3362 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 3363 "bridge %s: %s", 3364 bss->brname, strerror(errno)); 3365 } 3366 3367 nl80211_remove_monitor_interface(drv); 3368 3369 if (is_ap_interface(drv->nlmode)) 3370 wpa_driver_nl80211_del_beacon(drv); 3371 3372#ifdef HOSTAPD 3373 if (drv->last_freq_ht) { 3374 /* Clear HT flags from the driver */ 3375 struct hostapd_freq_params freq; 3376 os_memset(&freq, 0, sizeof(freq)); 3377 freq.freq = drv->last_freq; 3378 i802_set_freq(priv, &freq); 3379 } 3380 3381 if (drv->eapol_sock >= 0) { 3382 eloop_unregister_read_sock(drv->eapol_sock); 3383 close(drv->eapol_sock); 3384 } 3385 3386 if (drv->if_indices != drv->default_if_indices) 3387 os_free(drv->if_indices); 3388#endif /* HOSTAPD */ 3389 3390 if (drv->disabled_11b_rates) 3391 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 3392 3393 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0, 3394 IF_OPER_UP); 3395 rfkill_deinit(drv->rfkill); 3396 3397 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 3398 3399 (void) linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0); 3400 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION); 3401 nl80211_mgmt_unsubscribe(bss, "deinit"); 3402 3403 nl_cb_put(drv->nl_cb); 3404 3405 nl80211_destroy_bss(&drv->first_bss); 3406 3407 os_free(drv->filter_ssids); 3408 3409 os_free(drv->auth_ie); 3410 3411 if (drv->in_interface_list) 3412 dl_list_del(&drv->list); 3413 3414 os_free(drv); 3415} 3416 3417 3418/** 3419 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 3420 * @eloop_ctx: Driver private data 3421 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 3422 * 3423 * This function can be used as registered timeout when starting a scan to 3424 * generate a scan completed event if the driver does not report this. 3425 */ 3426static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 3427{ 3428 struct wpa_driver_nl80211_data *drv = eloop_ctx; 3429 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) { 3430 wpa_driver_nl80211_set_mode(&drv->first_bss, 3431 drv->ap_scan_as_station); 3432 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 3433 } 3434 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 3435 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 3436} 3437 3438 3439/** 3440 * wpa_driver_nl80211_scan - Request the driver to initiate scan 3441 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 3442 * @params: Scan parameters 3443 * Returns: 0 on success, -1 on failure 3444 */ 3445static int wpa_driver_nl80211_scan(void *priv, 3446 struct wpa_driver_scan_params *params) 3447{ 3448 struct i802_bss *bss = priv; 3449 struct wpa_driver_nl80211_data *drv = bss->drv; 3450 int ret = 0, timeout; 3451 struct nl_msg *msg, *ssids, *freqs, *rates; 3452 size_t i; 3453 3454 drv->scan_for_auth = 0; 3455 3456 msg = nlmsg_alloc(); 3457 ssids = nlmsg_alloc(); 3458 freqs = nlmsg_alloc(); 3459 rates = nlmsg_alloc(); 3460 if (!msg || !ssids || !freqs || !rates) { 3461 nlmsg_free(msg); 3462 nlmsg_free(ssids); 3463 nlmsg_free(freqs); 3464 nlmsg_free(rates); 3465 return -1; 3466 } 3467 3468 os_free(drv->filter_ssids); 3469 drv->filter_ssids = params->filter_ssids; 3470 params->filter_ssids = NULL; 3471 drv->num_filter_ssids = params->num_filter_ssids; 3472 3473 nl80211_cmd(drv, msg, 0, NL80211_CMD_TRIGGER_SCAN); 3474 3475 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3476 3477 for (i = 0; i < params->num_ssids; i++) { 3478 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 3479 params->ssids[i].ssid, 3480 params->ssids[i].ssid_len); 3481 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len, 3482 params->ssids[i].ssid); 3483 } 3484 if (params->num_ssids) 3485 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids); 3486 3487 if (params->extra_ies) { 3488 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", 3489 params->extra_ies, params->extra_ies_len); 3490 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len, 3491 params->extra_ies); 3492 } 3493 3494 if (params->freqs) { 3495 for (i = 0; params->freqs[i]; i++) { 3496 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 3497 "MHz", params->freqs[i]); 3498 NLA_PUT_U32(freqs, i + 1, params->freqs[i]); 3499 } 3500 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs); 3501 } 3502 3503 if (params->p2p_probe) { 3504 /* 3505 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates 3506 * by masking out everything else apart from the OFDM rates 6, 3507 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz 3508 * rates are left enabled. 3509 */ 3510 NLA_PUT(rates, NL80211_BAND_2GHZ, 8, 3511 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 3512 nla_put_nested(msg, NL80211_ATTR_SCAN_SUPP_RATES, rates); 3513 3514 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 3515 } 3516 3517 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3518 msg = NULL; 3519 if (ret) { 3520 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 3521 "(%s)", ret, strerror(-ret)); 3522#ifdef HOSTAPD 3523 if (is_ap_interface(drv->nlmode)) { 3524 /* 3525 * mac80211 does not allow scan requests in AP mode, so 3526 * try to do this in station mode. 3527 */ 3528 if (wpa_driver_nl80211_set_mode( 3529 bss, NL80211_IFTYPE_STATION)) 3530 goto nla_put_failure; 3531 3532 if (wpa_driver_nl80211_scan(drv, params)) { 3533 wpa_driver_nl80211_set_mode(bss, drv->nlmode); 3534 goto nla_put_failure; 3535 } 3536 3537 /* Restore AP mode when processing scan results */ 3538 drv->ap_scan_as_station = drv->nlmode; 3539 ret = 0; 3540 } else 3541 goto nla_put_failure; 3542#else /* HOSTAPD */ 3543 goto nla_put_failure; 3544#endif /* HOSTAPD */ 3545 } 3546 3547 /* Not all drivers generate "scan completed" wireless event, so try to 3548 * read results after a timeout. */ 3549 timeout = 10; 3550 if (drv->scan_complete_events) { 3551 /* 3552 * The driver seems to deliver events to notify when scan is 3553 * complete, so use longer timeout to avoid race conditions 3554 * with scanning and following association request. 3555 */ 3556 timeout = 30; 3557 } 3558 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 3559 "seconds", ret, timeout); 3560 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 3561 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 3562 drv, drv->ctx); 3563 3564nla_put_failure: 3565 nlmsg_free(ssids); 3566 nlmsg_free(msg); 3567 nlmsg_free(freqs); 3568 nlmsg_free(rates); 3569 return ret; 3570} 3571 3572 3573/** 3574 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan 3575 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 3576 * @params: Scan parameters 3577 * @interval: Interval between scan cycles in milliseconds 3578 * Returns: 0 on success, -1 on failure or if not supported 3579 */ 3580static int wpa_driver_nl80211_sched_scan(void *priv, 3581 struct wpa_driver_scan_params *params, 3582 u32 interval) 3583{ 3584 struct i802_bss *bss = priv; 3585 struct wpa_driver_nl80211_data *drv = bss->drv; 3586 int ret = 0; 3587 struct nl_msg *msg, *ssids, *freqs, *match_set_ssid, *match_sets; 3588 size_t i; 3589 3590#ifdef ANDROID 3591 if (!drv->capa.sched_scan_supported) 3592 return android_pno_start(bss, params); 3593#endif /* ANDROID */ 3594 3595 msg = nlmsg_alloc(); 3596 ssids = nlmsg_alloc(); 3597 freqs = nlmsg_alloc(); 3598 if (!msg || !ssids || !freqs) { 3599 nlmsg_free(msg); 3600 nlmsg_free(ssids); 3601 nlmsg_free(freqs); 3602 return -1; 3603 } 3604 3605 os_free(drv->filter_ssids); 3606 drv->filter_ssids = params->filter_ssids; 3607 params->filter_ssids = NULL; 3608 drv->num_filter_ssids = params->num_filter_ssids; 3609 3610 nl80211_cmd(drv, msg, 0, NL80211_CMD_START_SCHED_SCAN); 3611 3612 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3613 3614 NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval); 3615 3616 if (drv->num_filter_ssids && 3617 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) { 3618 match_sets = nlmsg_alloc(); 3619 3620 for (i = 0; i < drv->num_filter_ssids; i++) { 3621 wpa_hexdump_ascii(MSG_MSGDUMP, 3622 "nl80211: Sched scan filter SSID", 3623 drv->filter_ssids[i].ssid, 3624 drv->filter_ssids[i].ssid_len); 3625 3626 match_set_ssid = nlmsg_alloc(); 3627 nla_put(match_set_ssid, 3628 NL80211_ATTR_SCHED_SCAN_MATCH_SSID, 3629 drv->filter_ssids[i].ssid_len, 3630 drv->filter_ssids[i].ssid); 3631 3632 nla_put_nested(match_sets, i + 1, match_set_ssid); 3633 3634 nlmsg_free(match_set_ssid); 3635 } 3636 3637 nla_put_nested(msg, NL80211_ATTR_SCHED_SCAN_MATCH, 3638 match_sets); 3639 nlmsg_free(match_sets); 3640 } 3641 3642 for (i = 0; i < params->num_ssids; i++) { 3643 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Sched scan SSID", 3644 params->ssids[i].ssid, 3645 params->ssids[i].ssid_len); 3646 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len, 3647 params->ssids[i].ssid); 3648 } 3649 if (params->num_ssids) 3650 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids); 3651 3652 if (params->extra_ies) { 3653 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Sched scan extra IEs", 3654 params->extra_ies, params->extra_ies_len); 3655 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len, 3656 params->extra_ies); 3657 } 3658 3659 if (params->freqs) { 3660 for (i = 0; params->freqs[i]; i++) { 3661 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 3662 "MHz", params->freqs[i]); 3663 NLA_PUT_U32(freqs, i + 1, params->freqs[i]); 3664 } 3665 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs); 3666 } 3667 3668 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3669 3670 /* TODO: if we get an error here, we should fall back to normal scan */ 3671 3672 msg = NULL; 3673 if (ret) { 3674 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: " 3675 "ret=%d (%s)", ret, strerror(-ret)); 3676 goto nla_put_failure; 3677 } 3678 3679 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - " 3680 "scan interval %d msec", ret, interval); 3681 3682nla_put_failure: 3683 nlmsg_free(ssids); 3684 nlmsg_free(msg); 3685 nlmsg_free(freqs); 3686 return ret; 3687} 3688 3689 3690/** 3691 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan 3692 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 3693 * Returns: 0 on success, -1 on failure or if not supported 3694 */ 3695static int wpa_driver_nl80211_stop_sched_scan(void *priv) 3696{ 3697 struct i802_bss *bss = priv; 3698 struct wpa_driver_nl80211_data *drv = bss->drv; 3699 int ret = 0; 3700 struct nl_msg *msg; 3701 3702#ifdef ANDROID 3703 if (!drv->capa.sched_scan_supported) 3704 return android_pno_stop(bss); 3705#endif /* ANDROID */ 3706 3707 msg = nlmsg_alloc(); 3708 if (!msg) 3709 return -1; 3710 3711 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN); 3712 3713 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3714 3715 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3716 msg = NULL; 3717 if (ret) { 3718 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: " 3719 "ret=%d (%s)", ret, strerror(-ret)); 3720 goto nla_put_failure; 3721 } 3722 3723 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret); 3724 3725nla_put_failure: 3726 nlmsg_free(msg); 3727 return ret; 3728} 3729 3730 3731static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 3732{ 3733 const u8 *end, *pos; 3734 3735 if (ies == NULL) 3736 return NULL; 3737 3738 pos = ies; 3739 end = ies + ies_len; 3740 3741 while (pos + 1 < end) { 3742 if (pos + 2 + pos[1] > end) 3743 break; 3744 if (pos[0] == ie) 3745 return pos; 3746 pos += 2 + pos[1]; 3747 } 3748 3749 return NULL; 3750} 3751 3752 3753static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 3754 const u8 *ie, size_t ie_len) 3755{ 3756 const u8 *ssid; 3757 size_t i; 3758 3759 if (drv->filter_ssids == NULL) 3760 return 0; 3761 3762 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 3763 if (ssid == NULL) 3764 return 1; 3765 3766 for (i = 0; i < drv->num_filter_ssids; i++) { 3767 if (ssid[1] == drv->filter_ssids[i].ssid_len && 3768 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 3769 0) 3770 return 0; 3771 } 3772 3773 return 1; 3774} 3775 3776 3777static int bss_info_handler(struct nl_msg *msg, void *arg) 3778{ 3779 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3780 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3781 struct nlattr *bss[NL80211_BSS_MAX + 1]; 3782 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 3783 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 3784 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 3785 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 3786 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 3787 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 3788 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 3789 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 3790 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 3791 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 3792 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 3793 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 3794 }; 3795 struct nl80211_bss_info_arg *_arg = arg; 3796 struct wpa_scan_results *res = _arg->res; 3797 struct wpa_scan_res **tmp; 3798 struct wpa_scan_res *r; 3799 const u8 *ie, *beacon_ie; 3800 size_t ie_len, beacon_ie_len; 3801 u8 *pos; 3802 size_t i; 3803 3804 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3805 genlmsg_attrlen(gnlh, 0), NULL); 3806 if (!tb[NL80211_ATTR_BSS]) 3807 return NL_SKIP; 3808 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 3809 bss_policy)) 3810 return NL_SKIP; 3811 if (bss[NL80211_BSS_STATUS]) { 3812 enum nl80211_bss_status status; 3813 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 3814 if (status == NL80211_BSS_STATUS_ASSOCIATED && 3815 bss[NL80211_BSS_FREQUENCY]) { 3816 _arg->assoc_freq = 3817 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 3818 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz", 3819 _arg->assoc_freq); 3820 } 3821 if (status == NL80211_BSS_STATUS_ASSOCIATED && 3822 bss[NL80211_BSS_BSSID]) { 3823 os_memcpy(_arg->assoc_bssid, 3824 nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN); 3825 wpa_printf(MSG_DEBUG, "nl80211: Associated with " 3826 MACSTR, MAC2STR(_arg->assoc_bssid)); 3827 } 3828 } 3829 if (!res) 3830 return NL_SKIP; 3831 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 3832 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 3833 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 3834 } else { 3835 ie = NULL; 3836 ie_len = 0; 3837 } 3838 if (bss[NL80211_BSS_BEACON_IES]) { 3839 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 3840 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 3841 } else { 3842 beacon_ie = NULL; 3843 beacon_ie_len = 0; 3844 } 3845 3846 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 3847 ie ? ie_len : beacon_ie_len)) 3848 return NL_SKIP; 3849 3850 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 3851 if (r == NULL) 3852 return NL_SKIP; 3853 if (bss[NL80211_BSS_BSSID]) 3854 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 3855 ETH_ALEN); 3856 if (bss[NL80211_BSS_FREQUENCY]) 3857 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 3858 if (bss[NL80211_BSS_BEACON_INTERVAL]) 3859 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 3860 if (bss[NL80211_BSS_CAPABILITY]) 3861 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 3862 r->flags |= WPA_SCAN_NOISE_INVALID; 3863 if (bss[NL80211_BSS_SIGNAL_MBM]) { 3864 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 3865 r->level /= 100; /* mBm to dBm */ 3866 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 3867 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 3868 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 3869 r->flags |= WPA_SCAN_QUAL_INVALID; 3870 } else 3871 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 3872 if (bss[NL80211_BSS_TSF]) 3873 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 3874 if (bss[NL80211_BSS_SEEN_MS_AGO]) 3875 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 3876 r->ie_len = ie_len; 3877 pos = (u8 *) (r + 1); 3878 if (ie) { 3879 os_memcpy(pos, ie, ie_len); 3880 pos += ie_len; 3881 } 3882 r->beacon_ie_len = beacon_ie_len; 3883 if (beacon_ie) 3884 os_memcpy(pos, beacon_ie, beacon_ie_len); 3885 3886 if (bss[NL80211_BSS_STATUS]) { 3887 enum nl80211_bss_status status; 3888 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 3889 switch (status) { 3890 case NL80211_BSS_STATUS_AUTHENTICATED: 3891 r->flags |= WPA_SCAN_AUTHENTICATED; 3892 break; 3893 case NL80211_BSS_STATUS_ASSOCIATED: 3894 r->flags |= WPA_SCAN_ASSOCIATED; 3895 break; 3896 default: 3897 break; 3898 } 3899 } 3900 3901 /* 3902 * cfg80211 maintains separate BSS table entries for APs if the same 3903 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does 3904 * not use frequency as a separate key in the BSS table, so filter out 3905 * duplicated entries. Prefer associated BSS entry in such a case in 3906 * order to get the correct frequency into the BSS table. 3907 */ 3908 for (i = 0; i < res->num; i++) { 3909 const u8 *s1, *s2; 3910 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0) 3911 continue; 3912 3913 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1), 3914 res->res[i]->ie_len, WLAN_EID_SSID); 3915 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID); 3916 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] || 3917 os_memcmp(s1, s2, 2 + s1[1]) != 0) 3918 continue; 3919 3920 /* Same BSSID,SSID was already included in scan results */ 3921 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result " 3922 "for " MACSTR, MAC2STR(r->bssid)); 3923 3924 if ((r->flags & WPA_SCAN_ASSOCIATED) && 3925 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) { 3926 os_free(res->res[i]); 3927 res->res[i] = r; 3928 } else 3929 os_free(r); 3930 return NL_SKIP; 3931 } 3932 3933 tmp = os_realloc(res->res, 3934 (res->num + 1) * sizeof(struct wpa_scan_res *)); 3935 if (tmp == NULL) { 3936 os_free(r); 3937 return NL_SKIP; 3938 } 3939 tmp[res->num++] = r; 3940 res->res = tmp; 3941 3942 return NL_SKIP; 3943} 3944 3945 3946static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 3947 const u8 *addr) 3948{ 3949 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 3950 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 3951 "mismatch (" MACSTR ")", MAC2STR(addr)); 3952 wpa_driver_nl80211_mlme(drv, addr, 3953 NL80211_CMD_DEAUTHENTICATE, 3954 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 3955 } 3956} 3957 3958 3959static void wpa_driver_nl80211_check_bss_status( 3960 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 3961{ 3962 size_t i; 3963 3964 for (i = 0; i < res->num; i++) { 3965 struct wpa_scan_res *r = res->res[i]; 3966 if (r->flags & WPA_SCAN_AUTHENTICATED) { 3967 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 3968 "indicates BSS status with " MACSTR 3969 " as authenticated", 3970 MAC2STR(r->bssid)); 3971 if (is_sta_interface(drv->nlmode) && 3972 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 3973 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 3974 0) { 3975 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 3976 " in local state (auth=" MACSTR 3977 " assoc=" MACSTR ")", 3978 MAC2STR(drv->auth_bssid), 3979 MAC2STR(drv->bssid)); 3980 clear_state_mismatch(drv, r->bssid); 3981 } 3982 } 3983 3984 if (r->flags & WPA_SCAN_ASSOCIATED) { 3985 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 3986 "indicate BSS status with " MACSTR 3987 " as associated", 3988 MAC2STR(r->bssid)); 3989 if (is_sta_interface(drv->nlmode) && 3990 !drv->associated) { 3991 wpa_printf(MSG_DEBUG, "nl80211: Local state " 3992 "(not associated) does not match " 3993 "with BSS state"); 3994 clear_state_mismatch(drv, r->bssid); 3995 } else if (is_sta_interface(drv->nlmode) && 3996 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 3997 0) { 3998 wpa_printf(MSG_DEBUG, "nl80211: Local state " 3999 "(associated with " MACSTR ") does " 4000 "not match with BSS state", 4001 MAC2STR(drv->bssid)); 4002 clear_state_mismatch(drv, r->bssid); 4003 clear_state_mismatch(drv, drv->bssid); 4004 } 4005 } 4006 } 4007} 4008 4009 4010static struct wpa_scan_results * 4011nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 4012{ 4013 struct nl_msg *msg; 4014 struct wpa_scan_results *res; 4015 int ret; 4016 struct nl80211_bss_info_arg arg; 4017 4018 res = os_zalloc(sizeof(*res)); 4019 if (res == NULL) 4020 return NULL; 4021 msg = nlmsg_alloc(); 4022 if (!msg) 4023 goto nla_put_failure; 4024 4025 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 4026 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4027 4028 arg.drv = drv; 4029 arg.res = res; 4030 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 4031 msg = NULL; 4032 if (ret == 0) { 4033 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu " 4034 "BSSes)", (unsigned long) res->num); 4035 nl80211_get_noise_for_scan_results(drv, res); 4036 return res; 4037 } 4038 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 4039 "(%s)", ret, strerror(-ret)); 4040nla_put_failure: 4041 nlmsg_free(msg); 4042 wpa_scan_results_free(res); 4043 return NULL; 4044} 4045 4046 4047/** 4048 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 4049 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 4050 * Returns: Scan results on success, -1 on failure 4051 */ 4052static struct wpa_scan_results * 4053wpa_driver_nl80211_get_scan_results(void *priv) 4054{ 4055 struct i802_bss *bss = priv; 4056 struct wpa_driver_nl80211_data *drv = bss->drv; 4057 struct wpa_scan_results *res; 4058 4059 res = nl80211_get_scan_results(drv); 4060 if (res) 4061 wpa_driver_nl80211_check_bss_status(drv, res); 4062 return res; 4063} 4064 4065 4066static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 4067{ 4068 struct wpa_scan_results *res; 4069 size_t i; 4070 4071 res = nl80211_get_scan_results(drv); 4072 if (res == NULL) { 4073 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 4074 return; 4075 } 4076 4077 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 4078 for (i = 0; i < res->num; i++) { 4079 struct wpa_scan_res *r = res->res[i]; 4080 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 4081 (int) i, (int) res->num, MAC2STR(r->bssid), 4082 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 4083 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 4084 } 4085 4086 wpa_scan_results_free(res); 4087} 4088 4089 4090static int wpa_driver_nl80211_set_key(const char *ifname, void *priv, 4091 enum wpa_alg alg, const u8 *addr, 4092 int key_idx, int set_tx, 4093 const u8 *seq, size_t seq_len, 4094 const u8 *key, size_t key_len) 4095{ 4096 struct i802_bss *bss = priv; 4097 struct wpa_driver_nl80211_data *drv = bss->drv; 4098 int ifindex = if_nametoindex(ifname); 4099 struct nl_msg *msg; 4100 int ret; 4101 4102 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d " 4103 "set_tx=%d seq_len=%lu key_len=%lu", 4104 __func__, ifindex, alg, addr, key_idx, set_tx, 4105 (unsigned long) seq_len, (unsigned long) key_len); 4106#ifdef CONFIG_TDLS 4107 if (key_idx == -1) 4108 key_idx = 0; 4109#endif /* CONFIG_TDLS */ 4110 4111 msg = nlmsg_alloc(); 4112 if (!msg) 4113 return -ENOMEM; 4114 4115 if (alg == WPA_ALG_NONE) { 4116 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY); 4117 } else { 4118 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY); 4119 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 4120 switch (alg) { 4121 case WPA_ALG_WEP: 4122 if (key_len == 5) 4123 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 4124 WLAN_CIPHER_SUITE_WEP40); 4125 else 4126 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 4127 WLAN_CIPHER_SUITE_WEP104); 4128 break; 4129 case WPA_ALG_TKIP: 4130 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 4131 WLAN_CIPHER_SUITE_TKIP); 4132 break; 4133 case WPA_ALG_CCMP: 4134 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 4135 WLAN_CIPHER_SUITE_CCMP); 4136 break; 4137 case WPA_ALG_IGTK: 4138 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 4139 WLAN_CIPHER_SUITE_AES_CMAC); 4140 break; 4141 default: 4142 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 4143 "algorithm %d", __func__, alg); 4144 nlmsg_free(msg); 4145 return -1; 4146 } 4147 } 4148 4149 if (seq && seq_len) 4150 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 4151 4152 if (addr && !is_broadcast_ether_addr(addr)) { 4153 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 4154 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 4155 4156 if (alg != WPA_ALG_WEP && key_idx && !set_tx) { 4157 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK"); 4158 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, 4159 NL80211_KEYTYPE_GROUP); 4160 } 4161 } else if (addr && is_broadcast_ether_addr(addr)) { 4162 struct nl_msg *types; 4163 int err; 4164 wpa_printf(MSG_DEBUG, " broadcast key"); 4165 types = nlmsg_alloc(); 4166 if (!types) 4167 goto nla_put_failure; 4168 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 4169 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 4170 types); 4171 nlmsg_free(types); 4172 if (err) 4173 goto nla_put_failure; 4174 } 4175 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 4176 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 4177 4178 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4179 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 4180 ret = 0; 4181 if (ret) 4182 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 4183 ret, strerror(-ret)); 4184 4185 /* 4186 * If we failed or don't need to set the default TX key (below), 4187 * we're done here. 4188 */ 4189 if (ret || !set_tx || alg == WPA_ALG_NONE) 4190 return ret; 4191 if (is_ap_interface(drv->nlmode) && addr && 4192 !is_broadcast_ether_addr(addr)) 4193 return ret; 4194 4195 msg = nlmsg_alloc(); 4196 if (!msg) 4197 return -ENOMEM; 4198 4199 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY); 4200 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 4201 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 4202 if (alg == WPA_ALG_IGTK) 4203 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 4204 else 4205 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 4206 if (addr && is_broadcast_ether_addr(addr)) { 4207 struct nl_msg *types; 4208 int err; 4209 types = nlmsg_alloc(); 4210 if (!types) 4211 goto nla_put_failure; 4212 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 4213 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 4214 types); 4215 nlmsg_free(types); 4216 if (err) 4217 goto nla_put_failure; 4218 } else if (addr) { 4219 struct nl_msg *types; 4220 int err; 4221 types = nlmsg_alloc(); 4222 if (!types) 4223 goto nla_put_failure; 4224 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_UNICAST); 4225 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 4226 types); 4227 nlmsg_free(types); 4228 if (err) 4229 goto nla_put_failure; 4230 } 4231 4232 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4233 if (ret == -ENOENT) 4234 ret = 0; 4235 if (ret) 4236 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 4237 "err=%d %s)", ret, strerror(-ret)); 4238 return ret; 4239 4240nla_put_failure: 4241 nlmsg_free(msg); 4242 return -ENOBUFS; 4243} 4244 4245 4246static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 4247 int key_idx, int defkey, 4248 const u8 *seq, size_t seq_len, 4249 const u8 *key, size_t key_len) 4250{ 4251 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 4252 if (!key_attr) 4253 return -1; 4254 4255 if (defkey && alg == WPA_ALG_IGTK) 4256 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 4257 else if (defkey) 4258 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 4259 4260 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 4261 4262 switch (alg) { 4263 case WPA_ALG_WEP: 4264 if (key_len == 5) 4265 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 4266 WLAN_CIPHER_SUITE_WEP40); 4267 else 4268 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 4269 WLAN_CIPHER_SUITE_WEP104); 4270 break; 4271 case WPA_ALG_TKIP: 4272 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP); 4273 break; 4274 case WPA_ALG_CCMP: 4275 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP); 4276 break; 4277 case WPA_ALG_IGTK: 4278 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 4279 WLAN_CIPHER_SUITE_AES_CMAC); 4280 break; 4281 default: 4282 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 4283 "algorithm %d", __func__, alg); 4284 return -1; 4285 } 4286 4287 if (seq && seq_len) 4288 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 4289 4290 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 4291 4292 nla_nest_end(msg, key_attr); 4293 4294 return 0; 4295 nla_put_failure: 4296 return -1; 4297} 4298 4299 4300static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 4301 struct nl_msg *msg) 4302{ 4303 int i, privacy = 0; 4304 struct nlattr *nl_keys, *nl_key; 4305 4306 for (i = 0; i < 4; i++) { 4307 if (!params->wep_key[i]) 4308 continue; 4309 privacy = 1; 4310 break; 4311 } 4312 if (params->wps == WPS_MODE_PRIVACY) 4313 privacy = 1; 4314 if (params->pairwise_suite && 4315 params->pairwise_suite != WPA_CIPHER_NONE) 4316 privacy = 1; 4317 4318 if (!privacy) 4319 return 0; 4320 4321 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 4322 4323 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 4324 if (!nl_keys) 4325 goto nla_put_failure; 4326 4327 for (i = 0; i < 4; i++) { 4328 if (!params->wep_key[i]) 4329 continue; 4330 4331 nl_key = nla_nest_start(msg, i); 4332 if (!nl_key) 4333 goto nla_put_failure; 4334 4335 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 4336 params->wep_key[i]); 4337 if (params->wep_key_len[i] == 5) 4338 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 4339 WLAN_CIPHER_SUITE_WEP40); 4340 else 4341 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 4342 WLAN_CIPHER_SUITE_WEP104); 4343 4344 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 4345 4346 if (i == params->wep_tx_keyidx) 4347 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 4348 4349 nla_nest_end(msg, nl_key); 4350 } 4351 nla_nest_end(msg, nl_keys); 4352 4353 return 0; 4354 4355nla_put_failure: 4356 return -ENOBUFS; 4357} 4358 4359 4360static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 4361 const u8 *addr, int cmd, u16 reason_code, 4362 int local_state_change) 4363{ 4364 int ret = -1; 4365 struct nl_msg *msg; 4366 4367 msg = nlmsg_alloc(); 4368 if (!msg) 4369 return -1; 4370 4371 nl80211_cmd(drv, msg, 0, cmd); 4372 4373 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4374 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 4375 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 4376 if (local_state_change) 4377 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 4378 4379 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4380 msg = NULL; 4381 if (ret) { 4382 wpa_dbg(drv->ctx, MSG_DEBUG, 4383 "nl80211: MLME command failed: reason=%u ret=%d (%s)", 4384 reason_code, ret, strerror(-ret)); 4385 goto nla_put_failure; 4386 } 4387 ret = 0; 4388 4389nla_put_failure: 4390 nlmsg_free(msg); 4391 return ret; 4392} 4393 4394 4395static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 4396 const u8 *addr, int reason_code) 4397{ 4398 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 4399 __func__, MAC2STR(addr), reason_code); 4400 drv->associated = 0; 4401 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT, 4402 reason_code, 0); 4403} 4404 4405 4406static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr, 4407 int reason_code) 4408{ 4409 struct i802_bss *bss = priv; 4410 struct wpa_driver_nl80211_data *drv = bss->drv; 4411 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 4412 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 4413 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 4414 __func__, MAC2STR(addr), reason_code); 4415 drv->associated = 0; 4416 if (drv->nlmode == NL80211_IFTYPE_ADHOC) 4417 return nl80211_leave_ibss(drv); 4418 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 4419 reason_code, 0); 4420} 4421 4422 4423static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr, 4424 int reason_code) 4425{ 4426 struct i802_bss *bss = priv; 4427 struct wpa_driver_nl80211_data *drv = bss->drv; 4428 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 4429 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 4430 wpa_printf(MSG_DEBUG, "%s", __func__); 4431 drv->associated = 0; 4432 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE, 4433 reason_code, 0); 4434} 4435 4436 4437static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv, 4438 struct wpa_driver_auth_params *params) 4439{ 4440 int i; 4441 4442 drv->auth_freq = params->freq; 4443 drv->auth_alg = params->auth_alg; 4444 drv->auth_wep_tx_keyidx = params->wep_tx_keyidx; 4445 drv->auth_local_state_change = params->local_state_change; 4446 drv->auth_p2p = params->p2p; 4447 4448 if (params->bssid) 4449 os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN); 4450 else 4451 os_memset(drv->auth_bssid_, 0, ETH_ALEN); 4452 4453 if (params->ssid) { 4454 os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len); 4455 drv->auth_ssid_len = params->ssid_len; 4456 } else 4457 drv->auth_ssid_len = 0; 4458 4459 4460 os_free(drv->auth_ie); 4461 drv->auth_ie = NULL; 4462 drv->auth_ie_len = 0; 4463 if (params->ie) { 4464 drv->auth_ie = os_malloc(params->ie_len); 4465 if (drv->auth_ie) { 4466 os_memcpy(drv->auth_ie, params->ie, params->ie_len); 4467 drv->auth_ie_len = params->ie_len; 4468 } 4469 } 4470 4471 for (i = 0; i < 4; i++) { 4472 if (params->wep_key[i] && params->wep_key_len[i] && 4473 params->wep_key_len[i] <= 16) { 4474 os_memcpy(drv->auth_wep_key[i], params->wep_key[i], 4475 params->wep_key_len[i]); 4476 drv->auth_wep_key_len[i] = params->wep_key_len[i]; 4477 } else 4478 drv->auth_wep_key_len[i] = 0; 4479 } 4480} 4481 4482 4483static int wpa_driver_nl80211_authenticate( 4484 void *priv, struct wpa_driver_auth_params *params) 4485{ 4486 struct i802_bss *bss = priv; 4487 struct wpa_driver_nl80211_data *drv = bss->drv; 4488 int ret = -1, i; 4489 struct nl_msg *msg; 4490 enum nl80211_auth_type type; 4491 enum nl80211_iftype nlmode; 4492 int count = 0; 4493 int is_retry; 4494 4495 is_retry = drv->retry_auth; 4496 drv->retry_auth = 0; 4497 4498 drv->associated = 0; 4499 os_memset(drv->auth_bssid, 0, ETH_ALEN); 4500 /* FIX: IBSS mode */ 4501 nlmode = params->p2p ? 4502 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 4503 if (drv->nlmode != nlmode && 4504 wpa_driver_nl80211_set_mode(priv, nlmode) < 0) 4505 return -1; 4506 4507retry: 4508 msg = nlmsg_alloc(); 4509 if (!msg) 4510 return -1; 4511 4512 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 4513 drv->ifindex); 4514 4515 nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE); 4516 4517 for (i = 0; i < 4; i++) { 4518 if (!params->wep_key[i]) 4519 continue; 4520 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP, 4521 NULL, i, 4522 i == params->wep_tx_keyidx, NULL, 0, 4523 params->wep_key[i], 4524 params->wep_key_len[i]); 4525 if (params->wep_tx_keyidx != i) 4526 continue; 4527 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 4528 params->wep_key[i], params->wep_key_len[i])) { 4529 nlmsg_free(msg); 4530 return -1; 4531 } 4532 } 4533 4534 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4535 if (params->bssid) { 4536 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 4537 MAC2STR(params->bssid)); 4538 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 4539 } 4540 if (params->freq) { 4541 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 4542 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 4543 } 4544 if (params->ssid) { 4545 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 4546 params->ssid, params->ssid_len); 4547 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 4548 params->ssid); 4549 } 4550 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 4551 if (params->ie) 4552 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 4553 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 4554 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 4555 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 4556 type = NL80211_AUTHTYPE_SHARED_KEY; 4557 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 4558 type = NL80211_AUTHTYPE_NETWORK_EAP; 4559 else if (params->auth_alg & WPA_AUTH_ALG_FT) 4560 type = NL80211_AUTHTYPE_FT; 4561 else 4562 goto nla_put_failure; 4563 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 4564 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 4565 if (params->local_state_change) { 4566 wpa_printf(MSG_DEBUG, " * Local state change only"); 4567 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 4568 } 4569 4570 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4571 msg = NULL; 4572 if (ret) { 4573 wpa_dbg(drv->ctx, MSG_DEBUG, 4574 "nl80211: MLME command failed (auth): ret=%d (%s)", 4575 ret, strerror(-ret)); 4576 count++; 4577 if (ret == -EALREADY && count == 1 && params->bssid && 4578 !params->local_state_change) { 4579 /* 4580 * mac80211 does not currently accept new 4581 * authentication if we are already authenticated. As a 4582 * workaround, force deauthentication and try again. 4583 */ 4584 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 4585 "after forced deauthentication"); 4586 wpa_driver_nl80211_deauthenticate( 4587 bss, params->bssid, 4588 WLAN_REASON_PREV_AUTH_NOT_VALID); 4589 nlmsg_free(msg); 4590 goto retry; 4591 } 4592 4593 if (ret == -ENOENT && params->freq && !is_retry) { 4594 /* 4595 * cfg80211 has likely expired the BSS entry even 4596 * though it was previously available in our internal 4597 * BSS table. To recover quickly, start a single 4598 * channel scan on the specified channel. 4599 */ 4600 struct wpa_driver_scan_params scan; 4601 int freqs[2]; 4602 4603 os_memset(&scan, 0, sizeof(scan)); 4604 scan.num_ssids = 1; 4605 if (params->ssid) { 4606 scan.ssids[0].ssid = params->ssid; 4607 scan.ssids[0].ssid_len = params->ssid_len; 4608 } 4609 freqs[0] = params->freq; 4610 freqs[1] = 0; 4611 scan.freqs = freqs; 4612 wpa_printf(MSG_DEBUG, "nl80211: Trigger single " 4613 "channel scan to refresh cfg80211 BSS " 4614 "entry"); 4615 ret = wpa_driver_nl80211_scan(bss, &scan); 4616 if (ret == 0) { 4617 nl80211_copy_auth_params(drv, params); 4618 drv->scan_for_auth = 1; 4619 } 4620 } else if (is_retry) { 4621 /* 4622 * Need to indicate this with an event since the return 4623 * value from the retry is not delivered to core code. 4624 */ 4625 union wpa_event_data event; 4626 wpa_printf(MSG_DEBUG, "nl80211: Authentication retry " 4627 "failed"); 4628 os_memset(&event, 0, sizeof(event)); 4629 os_memcpy(event.timeout_event.addr, drv->auth_bssid_, 4630 ETH_ALEN); 4631 wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT, 4632 &event); 4633 } 4634 4635 goto nla_put_failure; 4636 } 4637 ret = 0; 4638 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 4639 "successfully"); 4640 4641nla_put_failure: 4642 nlmsg_free(msg); 4643 return ret; 4644} 4645 4646 4647static int wpa_driver_nl80211_authenticate_retry( 4648 struct wpa_driver_nl80211_data *drv) 4649{ 4650 struct wpa_driver_auth_params params; 4651 struct i802_bss *bss = &drv->first_bss; 4652 int i; 4653 4654 wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again"); 4655 4656 os_memset(¶ms, 0, sizeof(params)); 4657 params.freq = drv->auth_freq; 4658 params.auth_alg = drv->auth_alg; 4659 params.wep_tx_keyidx = drv->auth_wep_tx_keyidx; 4660 params.local_state_change = drv->auth_local_state_change; 4661 params.p2p = drv->auth_p2p; 4662 4663 if (!is_zero_ether_addr(drv->auth_bssid_)) 4664 params.bssid = drv->auth_bssid_; 4665 4666 if (drv->auth_ssid_len) { 4667 params.ssid = drv->auth_ssid; 4668 params.ssid_len = drv->auth_ssid_len; 4669 } 4670 4671 params.ie = drv->auth_ie; 4672 params.ie_len = drv->auth_ie_len; 4673 4674 for (i = 0; i < 4; i++) { 4675 if (drv->auth_wep_key_len[i]) { 4676 params.wep_key[i] = drv->auth_wep_key[i]; 4677 params.wep_key_len[i] = drv->auth_wep_key_len[i]; 4678 } 4679 } 4680 4681 drv->retry_auth = 1; 4682 return wpa_driver_nl80211_authenticate(bss, ¶ms); 4683} 4684 4685 4686struct phy_info_arg { 4687 u16 *num_modes; 4688 struct hostapd_hw_modes *modes; 4689}; 4690 4691static int phy_info_handler(struct nl_msg *msg, void *arg) 4692{ 4693 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 4694 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 4695 struct phy_info_arg *phy_info = arg; 4696 4697 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 4698 4699 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 4700 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 4701 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 4702 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 4703 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG }, 4704 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG }, 4705 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 4706 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 4707 }; 4708 4709 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 4710 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 4711 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 4712 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG }, 4713 }; 4714 4715 struct nlattr *nl_band; 4716 struct nlattr *nl_freq; 4717 struct nlattr *nl_rate; 4718 int rem_band, rem_freq, rem_rate; 4719 struct hostapd_hw_modes *mode; 4720 int idx, mode_is_set; 4721 4722 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 4723 genlmsg_attrlen(gnlh, 0), NULL); 4724 4725 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 4726 return NL_SKIP; 4727 4728 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) { 4729 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode)); 4730 if (!mode) 4731 return NL_SKIP; 4732 phy_info->modes = mode; 4733 4734 mode_is_set = 0; 4735 4736 mode = &phy_info->modes[*(phy_info->num_modes)]; 4737 memset(mode, 0, sizeof(*mode)); 4738 mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN; 4739 *(phy_info->num_modes) += 1; 4740 4741 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 4742 nla_len(nl_band), NULL); 4743 4744 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) { 4745 mode->ht_capab = nla_get_u16( 4746 tb_band[NL80211_BAND_ATTR_HT_CAPA]); 4747 } 4748 4749 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) { 4750 mode->a_mpdu_params |= nla_get_u8( 4751 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) & 4752 0x03; 4753 } 4754 4755 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) { 4756 mode->a_mpdu_params |= nla_get_u8( 4757 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) << 4758 2; 4759 } 4760 4761 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] && 4762 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) { 4763 u8 *mcs; 4764 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 4765 os_memcpy(mode->mcs_set, mcs, 16); 4766 } 4767 4768 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 4769 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 4770 nla_len(nl_freq), freq_policy); 4771 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 4772 continue; 4773 mode->num_channels++; 4774 } 4775 4776 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data)); 4777 if (!mode->channels) 4778 return NL_SKIP; 4779 4780 idx = 0; 4781 4782 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 4783 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 4784 nla_len(nl_freq), freq_policy); 4785 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 4786 continue; 4787 4788 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 4789 mode->channels[idx].flag = 0; 4790 4791 if (!mode_is_set) { 4792 /* crude heuristic */ 4793 if (mode->channels[idx].freq < 4000) 4794 mode->mode = HOSTAPD_MODE_IEEE80211B; 4795 else 4796 mode->mode = HOSTAPD_MODE_IEEE80211A; 4797 mode_is_set = 1; 4798 } 4799 4800 /* crude heuristic */ 4801 if (mode->channels[idx].freq < 4000) 4802 if (mode->channels[idx].freq == 2484) 4803 mode->channels[idx].chan = 14; 4804 else 4805 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5; 4806 else 4807 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000; 4808 4809 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 4810 mode->channels[idx].flag |= 4811 HOSTAPD_CHAN_DISABLED; 4812 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN]) 4813 mode->channels[idx].flag |= 4814 HOSTAPD_CHAN_PASSIVE_SCAN; 4815 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS]) 4816 mode->channels[idx].flag |= 4817 HOSTAPD_CHAN_NO_IBSS; 4818 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 4819 mode->channels[idx].flag |= 4820 HOSTAPD_CHAN_RADAR; 4821 4822 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] && 4823 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 4824 mode->channels[idx].max_tx_power = 4825 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100; 4826 4827 idx++; 4828 } 4829 4830 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 4831 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 4832 nla_len(nl_rate), rate_policy); 4833 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 4834 continue; 4835 mode->num_rates++; 4836 } 4837 4838 mode->rates = os_zalloc(mode->num_rates * sizeof(int)); 4839 if (!mode->rates) 4840 return NL_SKIP; 4841 4842 idx = 0; 4843 4844 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 4845 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 4846 nla_len(nl_rate), rate_policy); 4847 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 4848 continue; 4849 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]); 4850 4851 /* crude heuristic */ 4852 if (mode->mode == HOSTAPD_MODE_IEEE80211B && 4853 mode->rates[idx] > 200) 4854 mode->mode = HOSTAPD_MODE_IEEE80211G; 4855 4856 idx++; 4857 } 4858 } 4859 4860 return NL_SKIP; 4861} 4862 4863static struct hostapd_hw_modes * 4864wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes) 4865{ 4866 u16 m; 4867 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 4868 int i, mode11g_idx = -1; 4869 4870 /* If only 802.11g mode is included, use it to construct matching 4871 * 802.11b mode data. */ 4872 4873 for (m = 0; m < *num_modes; m++) { 4874 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 4875 return modes; /* 802.11b already included */ 4876 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 4877 mode11g_idx = m; 4878 } 4879 4880 if (mode11g_idx < 0) 4881 return modes; /* 2.4 GHz band not supported at all */ 4882 4883 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes)); 4884 if (nmodes == NULL) 4885 return modes; /* Could not add 802.11b mode */ 4886 4887 mode = &nmodes[*num_modes]; 4888 os_memset(mode, 0, sizeof(*mode)); 4889 (*num_modes)++; 4890 modes = nmodes; 4891 4892 mode->mode = HOSTAPD_MODE_IEEE80211B; 4893 4894 mode11g = &modes[mode11g_idx]; 4895 mode->num_channels = mode11g->num_channels; 4896 mode->channels = os_malloc(mode11g->num_channels * 4897 sizeof(struct hostapd_channel_data)); 4898 if (mode->channels == NULL) { 4899 (*num_modes)--; 4900 return modes; /* Could not add 802.11b mode */ 4901 } 4902 os_memcpy(mode->channels, mode11g->channels, 4903 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 4904 4905 mode->num_rates = 0; 4906 mode->rates = os_malloc(4 * sizeof(int)); 4907 if (mode->rates == NULL) { 4908 os_free(mode->channels); 4909 (*num_modes)--; 4910 return modes; /* Could not add 802.11b mode */ 4911 } 4912 4913 for (i = 0; i < mode11g->num_rates; i++) { 4914 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 4915 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 4916 continue; 4917 mode->rates[mode->num_rates] = mode11g->rates[i]; 4918 mode->num_rates++; 4919 if (mode->num_rates == 4) 4920 break; 4921 } 4922 4923 if (mode->num_rates == 0) { 4924 os_free(mode->channels); 4925 os_free(mode->rates); 4926 (*num_modes)--; 4927 return modes; /* No 802.11b rates */ 4928 } 4929 4930 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 4931 "information"); 4932 4933 return modes; 4934} 4935 4936 4937static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start, 4938 int end) 4939{ 4940 int c; 4941 4942 for (c = 0; c < mode->num_channels; c++) { 4943 struct hostapd_channel_data *chan = &mode->channels[c]; 4944 if (chan->freq - 10 >= start && chan->freq + 10 <= end) 4945 chan->flag |= HOSTAPD_CHAN_HT40; 4946 } 4947} 4948 4949 4950static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start, 4951 int end) 4952{ 4953 int c; 4954 4955 for (c = 0; c < mode->num_channels; c++) { 4956 struct hostapd_channel_data *chan = &mode->channels[c]; 4957 if (!(chan->flag & HOSTAPD_CHAN_HT40)) 4958 continue; 4959 if (chan->freq - 30 >= start && chan->freq - 10 <= end) 4960 chan->flag |= HOSTAPD_CHAN_HT40MINUS; 4961 if (chan->freq + 10 >= start && chan->freq + 30 <= end) 4962 chan->flag |= HOSTAPD_CHAN_HT40PLUS; 4963 } 4964} 4965 4966 4967static void nl80211_reg_rule_ht40(struct nlattr *tb[], 4968 struct phy_info_arg *results) 4969{ 4970 u32 start, end, max_bw; 4971 u16 m; 4972 4973 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 4974 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 4975 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 4976 return; 4977 4978 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 4979 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 4980 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 4981 4982 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz", 4983 start, end, max_bw); 4984 if (max_bw < 40) 4985 return; 4986 4987 for (m = 0; m < *results->num_modes; m++) { 4988 if (!(results->modes[m].ht_capab & 4989 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 4990 continue; 4991 nl80211_set_ht40_mode(&results->modes[m], start, end); 4992 } 4993} 4994 4995 4996static void nl80211_reg_rule_sec(struct nlattr *tb[], 4997 struct phy_info_arg *results) 4998{ 4999 u32 start, end, max_bw; 5000 u16 m; 5001 5002 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 5003 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 5004 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 5005 return; 5006 5007 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 5008 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 5009 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 5010 5011 if (max_bw < 20) 5012 return; 5013 5014 for (m = 0; m < *results->num_modes; m++) { 5015 if (!(results->modes[m].ht_capab & 5016 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 5017 continue; 5018 nl80211_set_ht40_mode_sec(&results->modes[m], start, end); 5019 } 5020} 5021 5022 5023static int nl80211_get_reg(struct nl_msg *msg, void *arg) 5024{ 5025 struct phy_info_arg *results = arg; 5026 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 5027 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5028 struct nlattr *nl_rule; 5029 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1]; 5030 int rem_rule; 5031 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 5032 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 5033 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 5034 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 5035 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 5036 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 5037 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 5038 }; 5039 5040 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5041 genlmsg_attrlen(gnlh, 0), NULL); 5042 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] || 5043 !tb_msg[NL80211_ATTR_REG_RULES]) { 5044 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information " 5045 "available"); 5046 return NL_SKIP; 5047 } 5048 5049 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s", 5050 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2])); 5051 5052 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 5053 { 5054 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 5055 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 5056 nl80211_reg_rule_ht40(tb_rule, results); 5057 } 5058 5059 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 5060 { 5061 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 5062 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 5063 nl80211_reg_rule_sec(tb_rule, results); 5064 } 5065 5066 return NL_SKIP; 5067} 5068 5069 5070static int nl80211_set_ht40_flags(struct wpa_driver_nl80211_data *drv, 5071 struct phy_info_arg *results) 5072{ 5073 struct nl_msg *msg; 5074 5075 msg = nlmsg_alloc(); 5076 if (!msg) 5077 return -ENOMEM; 5078 5079 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 5080 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results); 5081} 5082 5083 5084static struct hostapd_hw_modes * 5085wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 5086{ 5087 struct i802_bss *bss = priv; 5088 struct wpa_driver_nl80211_data *drv = bss->drv; 5089 struct nl_msg *msg; 5090 struct phy_info_arg result = { 5091 .num_modes = num_modes, 5092 .modes = NULL, 5093 }; 5094 5095 *num_modes = 0; 5096 *flags = 0; 5097 5098 msg = nlmsg_alloc(); 5099 if (!msg) 5100 return NULL; 5101 5102 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 5103 5104 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5105 5106 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) { 5107 nl80211_set_ht40_flags(drv, &result); 5108 return wpa_driver_nl80211_add_11b(result.modes, num_modes); 5109 } 5110 msg = NULL; 5111 nla_put_failure: 5112 nlmsg_free(msg); 5113 return NULL; 5114} 5115 5116 5117static int wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data *drv, 5118 const void *data, size_t len, 5119 int encrypt, int noack) 5120{ 5121 __u8 rtap_hdr[] = { 5122 0x00, 0x00, /* radiotap version */ 5123 0x0e, 0x00, /* radiotap length */ 5124 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 5125 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 5126 0x00, /* padding */ 5127 0x00, 0x00, /* RX and TX flags to indicate that */ 5128 0x00, 0x00, /* this is the injected frame directly */ 5129 }; 5130 struct iovec iov[2] = { 5131 { 5132 .iov_base = &rtap_hdr, 5133 .iov_len = sizeof(rtap_hdr), 5134 }, 5135 { 5136 .iov_base = (void *) data, 5137 .iov_len = len, 5138 } 5139 }; 5140 struct msghdr msg = { 5141 .msg_name = NULL, 5142 .msg_namelen = 0, 5143 .msg_iov = iov, 5144 .msg_iovlen = 2, 5145 .msg_control = NULL, 5146 .msg_controllen = 0, 5147 .msg_flags = 0, 5148 }; 5149 int res; 5150 u16 txflags = 0; 5151 5152 if (encrypt) 5153 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 5154 5155 if (drv->monitor_sock < 0) { 5156 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available " 5157 "for %s", __func__); 5158 return -1; 5159 } 5160 5161 if (noack) 5162 txflags |= IEEE80211_RADIOTAP_F_TX_NOACK; 5163 *(le16 *) &rtap_hdr[12] = host_to_le16(txflags); 5164 5165 res = sendmsg(drv->monitor_sock, &msg, 0); 5166 if (res < 0) { 5167 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno)); 5168 return -1; 5169 } 5170 return 0; 5171} 5172 5173 5174static int wpa_driver_nl80211_send_frame(struct i802_bss *bss, 5175 const void *data, size_t len, 5176 int encrypt, int noack, 5177 unsigned int freq, int no_cck, 5178 int offchanok, unsigned int wait_time) 5179{ 5180 struct wpa_driver_nl80211_data *drv = bss->drv; 5181 u64 cookie; 5182 5183 if (freq == 0) 5184 freq = bss->freq; 5185 5186 if (drv->use_monitor) 5187 return wpa_driver_nl80211_send_mntr(drv, data, len, 5188 encrypt, noack); 5189 5190 return nl80211_send_frame_cmd(bss, freq, wait_time, data, len, 5191 &cookie, no_cck, noack, offchanok); 5192} 5193 5194 5195static int wpa_driver_nl80211_send_mlme_freq(struct i802_bss *bss, 5196 const u8 *data, 5197 size_t data_len, int noack, 5198 unsigned int freq, int no_cck, 5199 int offchanok, 5200 unsigned int wait_time) 5201{ 5202 struct wpa_driver_nl80211_data *drv = bss->drv; 5203 struct ieee80211_mgmt *mgmt; 5204 int encrypt = 1; 5205 u16 fc; 5206 5207 mgmt = (struct ieee80211_mgmt *) data; 5208 fc = le_to_host16(mgmt->frame_control); 5209 5210 if (is_sta_interface(drv->nlmode) && 5211 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 5212 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) { 5213 /* 5214 * The use of last_mgmt_freq is a bit of a hack, 5215 * but it works due to the single-threaded nature 5216 * of wpa_supplicant. 5217 */ 5218 if (freq == 0) 5219 freq = drv->last_mgmt_freq; 5220 return nl80211_send_frame_cmd(bss, freq, 0, 5221 data, data_len, NULL, 1, noack, 5222 1); 5223 } 5224#ifdef ANDROID_P2P 5225 if (freq == 0) 5226 freq = bss->freq; 5227 if ( is_ap_interface(drv->nlmode)) { 5228 return nl80211_send_frame_cmd(bss, freq, 0, 5229 data, data_len, &drv->send_action_cookie, 0, noack, 1); 5230 } 5231#else 5232 5233 if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) { 5234 if (freq == 0) 5235 freq = bss->freq; 5236 return nl80211_send_frame_cmd(bss, freq, 0, 5237 data, data_len, 5238 &drv->send_action_cookie, 5239 no_cck, noack, offchanok); 5240 } 5241#endif 5242 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 5243 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 5244 /* 5245 * Only one of the authentication frame types is encrypted. 5246 * In order for static WEP encryption to work properly (i.e., 5247 * to not encrypt the frame), we need to tell mac80211 about 5248 * the frames that must not be encrypted. 5249 */ 5250 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 5251 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 5252 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 5253 encrypt = 0; 5254 } 5255 5256 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 5257 noack, freq, no_cck, offchanok, 5258 wait_time); 5259} 5260 5261 5262static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data, 5263 size_t data_len, int noack) 5264{ 5265 struct i802_bss *bss = priv; 5266 return wpa_driver_nl80211_send_mlme_freq(bss, data, data_len, noack, 5267 0, 0, 0, 0); 5268} 5269 5270 5271static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble, 5272 int slot, int ht_opmode, int ap_isolate, 5273 int *basic_rates) 5274{ 5275 struct wpa_driver_nl80211_data *drv = bss->drv; 5276 struct nl_msg *msg; 5277 5278 msg = nlmsg_alloc(); 5279 if (!msg) 5280 return -ENOMEM; 5281 5282 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS); 5283 5284 if (cts >= 0) 5285 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 5286 if (preamble >= 0) 5287 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 5288 if (slot >= 0) 5289 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 5290 if (ht_opmode >= 0) 5291 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode); 5292 if (ap_isolate >= 0) 5293 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate); 5294 5295 if (basic_rates) { 5296 u8 rates[NL80211_MAX_SUPP_RATES]; 5297 u8 rates_len = 0; 5298 int i; 5299 5300 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; 5301 i++) 5302 rates[rates_len++] = basic_rates[i] / 5; 5303 5304 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 5305 } 5306 5307 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5308 5309 return send_and_recv_msgs(drv, msg, NULL, NULL); 5310 nla_put_failure: 5311 nlmsg_free(msg); 5312 return -ENOBUFS; 5313} 5314 5315 5316static int wpa_driver_nl80211_set_ap(void *priv, 5317 struct wpa_driver_ap_params *params) 5318{ 5319 struct i802_bss *bss = priv; 5320 struct wpa_driver_nl80211_data *drv = bss->drv; 5321 struct nl_msg *msg; 5322 u8 cmd = NL80211_CMD_NEW_BEACON; 5323 int ret; 5324 int beacon_set; 5325 int ifindex = if_nametoindex(bss->ifname); 5326 int num_suites; 5327 u32 suites[10]; 5328 u32 ver; 5329 5330 beacon_set = bss->beacon_set; 5331 5332 msg = nlmsg_alloc(); 5333 if (!msg) 5334 return -ENOMEM; 5335 5336 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 5337 beacon_set); 5338 if (beacon_set) 5339 cmd = NL80211_CMD_SET_BEACON; 5340 5341 nl80211_cmd(drv, msg, 0, cmd); 5342 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head); 5343 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail); 5344 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5345 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int); 5346 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period); 5347 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 5348 params->ssid); 5349 if (params->proberesp && params->proberesp_len) 5350 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len, 5351 params->proberesp); 5352 switch (params->hide_ssid) { 5353 case NO_SSID_HIDING: 5354 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 5355 NL80211_HIDDEN_SSID_NOT_IN_USE); 5356 break; 5357 case HIDDEN_SSID_ZERO_LEN: 5358 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 5359 NL80211_HIDDEN_SSID_ZERO_LEN); 5360 break; 5361 case HIDDEN_SSID_ZERO_CONTENTS: 5362 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 5363 NL80211_HIDDEN_SSID_ZERO_CONTENTS); 5364 break; 5365 } 5366 if (params->privacy) 5367 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 5368 if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) == 5369 (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) { 5370 /* Leave out the attribute */ 5371 } else if (params->auth_algs & WPA_AUTH_ALG_SHARED) 5372 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 5373 NL80211_AUTHTYPE_SHARED_KEY); 5374 else 5375 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 5376 NL80211_AUTHTYPE_OPEN_SYSTEM); 5377 5378 ver = 0; 5379 if (params->wpa_version & WPA_PROTO_WPA) 5380 ver |= NL80211_WPA_VERSION_1; 5381 if (params->wpa_version & WPA_PROTO_RSN) 5382 ver |= NL80211_WPA_VERSION_2; 5383 if (ver) 5384 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 5385 5386 num_suites = 0; 5387 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X) 5388 suites[num_suites++] = WLAN_AKM_SUITE_8021X; 5389 if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK) 5390 suites[num_suites++] = WLAN_AKM_SUITE_PSK; 5391 if (num_suites) { 5392 NLA_PUT(msg, NL80211_ATTR_AKM_SUITES, 5393 num_suites * sizeof(u32), suites); 5394 } 5395 5396 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X && 5397 params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)) 5398 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT); 5399 5400 num_suites = 0; 5401 if (params->pairwise_ciphers & WPA_CIPHER_CCMP) 5402 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP; 5403 if (params->pairwise_ciphers & WPA_CIPHER_TKIP) 5404 suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP; 5405 if (params->pairwise_ciphers & WPA_CIPHER_WEP104) 5406 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104; 5407 if (params->pairwise_ciphers & WPA_CIPHER_WEP40) 5408 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40; 5409 if (num_suites) { 5410 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, 5411 num_suites * sizeof(u32), suites); 5412 } 5413 5414 switch (params->group_cipher) { 5415 case WPA_CIPHER_CCMP: 5416 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, 5417 WLAN_CIPHER_SUITE_CCMP); 5418 break; 5419 case WPA_CIPHER_TKIP: 5420 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, 5421 WLAN_CIPHER_SUITE_TKIP); 5422 break; 5423 case WPA_CIPHER_WEP104: 5424 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, 5425 WLAN_CIPHER_SUITE_WEP104); 5426 break; 5427 case WPA_CIPHER_WEP40: 5428 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, 5429 WLAN_CIPHER_SUITE_WEP40); 5430 break; 5431 } 5432 5433 if (params->beacon_ies) { 5434 NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies), 5435 wpabuf_head(params->beacon_ies)); 5436 } 5437 if (params->proberesp_ies) { 5438 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 5439 wpabuf_len(params->proberesp_ies), 5440 wpabuf_head(params->proberesp_ies)); 5441 } 5442 if (params->assocresp_ies) { 5443 NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP, 5444 wpabuf_len(params->assocresp_ies), 5445 wpabuf_head(params->assocresp_ies)); 5446 } 5447 5448 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5449 if (ret) { 5450 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 5451 ret, strerror(-ret)); 5452 } else { 5453 bss->beacon_set = 1; 5454 nl80211_set_bss(bss, params->cts_protect, params->preamble, 5455 params->short_slot_time, params->ht_opmode, 5456 params->isolate, params->basic_rates); 5457 } 5458#if defined(ANDROID_P2P) && defined(HOSTAPD) 5459 wpa_driver_nl80211_probe_req_report(priv, 1); 5460#endif 5461 return ret; 5462 nla_put_failure: 5463 nlmsg_free(msg); 5464 return -ENOBUFS; 5465} 5466 5467 5468static int wpa_driver_nl80211_set_freq(struct i802_bss *bss, 5469 int freq, int ht_enabled, 5470 int sec_channel_offset) 5471{ 5472 struct wpa_driver_nl80211_data *drv = bss->drv; 5473 struct nl_msg *msg; 5474 int ret; 5475 5476 wpa_printf(MSG_DEBUG, "nl80211: Set freq %d (ht_enabled=%d " 5477 "sec_channel_offset=%d)", 5478 freq, ht_enabled, sec_channel_offset); 5479 msg = nlmsg_alloc(); 5480 if (!msg) 5481 return -1; 5482 5483 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 5484 5485 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5486 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 5487 if (ht_enabled) { 5488 switch (sec_channel_offset) { 5489 case -1: 5490 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 5491 NL80211_CHAN_HT40MINUS); 5492 break; 5493 case 1: 5494 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 5495 NL80211_CHAN_HT40PLUS); 5496 break; 5497 default: 5498#ifndef ANDROID_P2P 5499/* Should be change to HT20 as a default value because P2P firmware does not support 11n for BCM4329 */ 5500 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 5501 NL80211_CHAN_HT20); 5502#else 5503 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 5504 NL80211_CHAN_NO_HT); 5505#endif 5506 break; 5507 } 5508 } 5509 5510 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5511 msg = NULL; 5512 if (ret == 0) { 5513 bss->freq = freq; 5514 return 0; 5515 } 5516 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 5517 "%d (%s)", freq, ret, strerror(-ret)); 5518nla_put_failure: 5519 nlmsg_free(msg); 5520 return -1; 5521} 5522 5523 5524static u32 sta_flags_nl80211(int flags) 5525{ 5526 u32 f = 0; 5527 5528 if (flags & WPA_STA_AUTHORIZED) 5529 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 5530 if (flags & WPA_STA_WMM) 5531 f |= BIT(NL80211_STA_FLAG_WME); 5532 if (flags & WPA_STA_SHORT_PREAMBLE) 5533 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 5534 if (flags & WPA_STA_MFP) 5535 f |= BIT(NL80211_STA_FLAG_MFP); 5536 if (flags & WPA_STA_TDLS_PEER) 5537 f |= BIT(NL80211_STA_FLAG_TDLS_PEER); 5538 5539 return f; 5540} 5541 5542 5543static int wpa_driver_nl80211_sta_add(void *priv, 5544 struct hostapd_sta_add_params *params) 5545{ 5546 struct i802_bss *bss = priv; 5547 struct wpa_driver_nl80211_data *drv = bss->drv; 5548 struct nl_msg *msg, *wme = NULL; 5549 struct nl80211_sta_flag_update upd; 5550 int ret = -ENOBUFS; 5551 5552 if ((params->flags & WPA_STA_TDLS_PEER) && 5553 !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 5554 return -EOPNOTSUPP; 5555 5556 msg = nlmsg_alloc(); 5557 if (!msg) 5558 return -ENOMEM; 5559 5560 nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION : 5561 NL80211_CMD_NEW_STATION); 5562 5563 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5564 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 5565 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 5566 params->supp_rates); 5567 if (!params->set) { 5568 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 5569 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 5570 params->listen_interval); 5571 } 5572 if (params->ht_capabilities) { 5573 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 5574 sizeof(*params->ht_capabilities), 5575 params->ht_capabilities); 5576 } 5577 5578 os_memset(&upd, 0, sizeof(upd)); 5579 upd.mask = sta_flags_nl80211(params->flags); 5580 upd.set = upd.mask; 5581 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 5582 5583 if (params->flags & WPA_STA_WMM) { 5584 wme = nlmsg_alloc(); 5585 if (!wme) 5586 goto nla_put_failure; 5587 5588 NLA_PUT_U8(wme, NL80211_STA_WME_UAPSD_QUEUES, 5589 params->qosinfo & WMM_QOSINFO_STA_AC_MASK); 5590 NLA_PUT_U8(wme, NL80211_STA_WME_MAX_SP, 5591 (params->qosinfo > WMM_QOSINFO_STA_SP_SHIFT) & 5592 WMM_QOSINFO_STA_SP_MASK); 5593 nla_put_nested(msg, NL80211_ATTR_STA_WME, wme); 5594 } 5595 5596 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5597 msg = NULL; 5598 if (ret) 5599 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION " 5600 "result: %d (%s)", params->set ? "SET" : "NEW", ret, 5601 strerror(-ret)); 5602 if (ret == -EEXIST) 5603 ret = 0; 5604 nla_put_failure: 5605 nlmsg_free(wme); 5606 nlmsg_free(msg); 5607 return ret; 5608} 5609 5610 5611static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr) 5612{ 5613 struct i802_bss *bss = priv; 5614 struct wpa_driver_nl80211_data *drv = bss->drv; 5615 struct nl_msg *msg; 5616 int ret; 5617 5618 msg = nlmsg_alloc(); 5619 if (!msg) 5620 return -ENOMEM; 5621 5622 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 5623 5624 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 5625 if_nametoindex(bss->ifname)); 5626 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5627 5628 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5629 if (ret == -ENOENT) 5630 return 0; 5631 return ret; 5632 nla_put_failure: 5633 nlmsg_free(msg); 5634 return -ENOBUFS; 5635} 5636 5637 5638static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 5639 int ifidx) 5640{ 5641 struct nl_msg *msg; 5642 5643 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 5644 5645 /* stop listening for EAPOL on this interface */ 5646 del_ifidx(drv, ifidx); 5647 5648 msg = nlmsg_alloc(); 5649 if (!msg) 5650 goto nla_put_failure; 5651 5652 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 5653 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 5654 5655 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 5656 return; 5657 msg = NULL; 5658 nla_put_failure: 5659 nlmsg_free(msg); 5660 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 5661} 5662 5663 5664static const char * nl80211_iftype_str(enum nl80211_iftype mode) 5665{ 5666 switch (mode) { 5667 case NL80211_IFTYPE_ADHOC: 5668 return "ADHOC"; 5669 case NL80211_IFTYPE_STATION: 5670 return "STATION"; 5671 case NL80211_IFTYPE_AP: 5672 return "AP"; 5673 case NL80211_IFTYPE_MONITOR: 5674 return "MONITOR"; 5675 case NL80211_IFTYPE_P2P_CLIENT: 5676 return "P2P_CLIENT"; 5677 case NL80211_IFTYPE_P2P_GO: 5678 return "P2P_GO"; 5679 default: 5680 return "unknown"; 5681 } 5682} 5683 5684 5685static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 5686 const char *ifname, 5687 enum nl80211_iftype iftype, 5688 const u8 *addr, int wds) 5689{ 5690 struct nl_msg *msg, *flags = NULL; 5691 int ifidx; 5692 int ret = -ENOBUFS; 5693 5694 wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)", 5695 iftype, nl80211_iftype_str(iftype)); 5696 5697 msg = nlmsg_alloc(); 5698 if (!msg) 5699 return -1; 5700 5701 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE); 5702 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5703 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 5704 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 5705 5706 if (iftype == NL80211_IFTYPE_MONITOR) { 5707 int err; 5708 5709 flags = nlmsg_alloc(); 5710 if (!flags) 5711 goto nla_put_failure; 5712 5713 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES); 5714 5715 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags); 5716 5717 nlmsg_free(flags); 5718 5719 if (err) 5720 goto nla_put_failure; 5721 } else if (wds) { 5722 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 5723 } 5724 5725 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5726 msg = NULL; 5727 if (ret) { 5728 nla_put_failure: 5729 nlmsg_free(msg); 5730 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 5731 ifname, ret, strerror(-ret)); 5732 return ret; 5733 } 5734 5735 ifidx = if_nametoindex(ifname); 5736 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 5737 ifname, ifidx); 5738 5739 if (ifidx <= 0) 5740 return -1; 5741 5742 /* start listening for EAPOL on this interface */ 5743 add_ifidx(drv, ifidx); 5744 5745 if (addr && iftype != NL80211_IFTYPE_MONITOR && 5746 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) { 5747 nl80211_remove_iface(drv, ifidx); 5748 return -1; 5749 } 5750 5751 return ifidx; 5752} 5753 5754 5755static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 5756 const char *ifname, enum nl80211_iftype iftype, 5757 const u8 *addr, int wds) 5758{ 5759 int ret; 5760 5761 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds); 5762 5763 /* if error occurred and interface exists already */ 5764 if (ret == -ENFILE && if_nametoindex(ifname)) { 5765 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 5766 5767 /* Try to remove the interface that was already there. */ 5768 nl80211_remove_iface(drv, if_nametoindex(ifname)); 5769 5770 /* Try to create the interface again */ 5771 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 5772 wds); 5773 } 5774 5775 if (ret >= 0 && is_p2p_interface(iftype)) 5776 nl80211_disable_11b_rates(drv, ret, 1); 5777 5778 return ret; 5779} 5780 5781 5782static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 5783{ 5784 struct ieee80211_hdr *hdr; 5785 u16 fc; 5786 union wpa_event_data event; 5787 5788 hdr = (struct ieee80211_hdr *) buf; 5789 fc = le_to_host16(hdr->frame_control); 5790 5791 os_memset(&event, 0, sizeof(event)); 5792 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 5793 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 5794 event.tx_status.dst = hdr->addr1; 5795 event.tx_status.data = buf; 5796 event.tx_status.data_len = len; 5797 event.tx_status.ack = ok; 5798 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 5799} 5800 5801 5802static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 5803 u8 *buf, size_t len) 5804{ 5805 struct ieee80211_hdr *hdr = (void *)buf; 5806 u16 fc; 5807 union wpa_event_data event; 5808 5809 if (len < sizeof(*hdr)) 5810 return; 5811 5812 fc = le_to_host16(hdr->frame_control); 5813 5814 os_memset(&event, 0, sizeof(event)); 5815 event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len); 5816 event.rx_from_unknown.addr = hdr->addr2; 5817 event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) == 5818 (WLAN_FC_FROMDS | WLAN_FC_TODS); 5819 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 5820} 5821 5822 5823static void handle_frame(struct wpa_driver_nl80211_data *drv, 5824 u8 *buf, size_t len, int datarate, int ssi_signal) 5825{ 5826 struct ieee80211_hdr *hdr; 5827 u16 fc; 5828 union wpa_event_data event; 5829 5830 hdr = (struct ieee80211_hdr *) buf; 5831 fc = le_to_host16(hdr->frame_control); 5832 5833 switch (WLAN_FC_GET_TYPE(fc)) { 5834 case WLAN_FC_TYPE_MGMT: 5835 os_memset(&event, 0, sizeof(event)); 5836 event.rx_mgmt.frame = buf; 5837 event.rx_mgmt.frame_len = len; 5838 event.rx_mgmt.datarate = datarate; 5839 event.rx_mgmt.ssi_signal = ssi_signal; 5840 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 5841 break; 5842 case WLAN_FC_TYPE_CTRL: 5843 /* can only get here with PS-Poll frames */ 5844 wpa_printf(MSG_DEBUG, "CTRL"); 5845 from_unknown_sta(drv, buf, len); 5846 break; 5847 case WLAN_FC_TYPE_DATA: 5848 from_unknown_sta(drv, buf, len); 5849 break; 5850 } 5851} 5852 5853 5854static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 5855{ 5856 struct wpa_driver_nl80211_data *drv = eloop_ctx; 5857 int len; 5858 unsigned char buf[3000]; 5859 struct ieee80211_radiotap_iterator iter; 5860 int ret; 5861 int datarate = 0, ssi_signal = 0; 5862 int injected = 0, failed = 0, rxflags = 0; 5863 5864 len = recv(sock, buf, sizeof(buf), 0); 5865 if (len < 0) { 5866 perror("recv"); 5867 return; 5868 } 5869 5870 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) { 5871 printf("received invalid radiotap frame\n"); 5872 return; 5873 } 5874 5875 while (1) { 5876 ret = ieee80211_radiotap_iterator_next(&iter); 5877 if (ret == -ENOENT) 5878 break; 5879 if (ret) { 5880 printf("received invalid radiotap frame (%d)\n", ret); 5881 return; 5882 } 5883 switch (iter.this_arg_index) { 5884 case IEEE80211_RADIOTAP_FLAGS: 5885 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 5886 len -= 4; 5887 break; 5888 case IEEE80211_RADIOTAP_RX_FLAGS: 5889 rxflags = 1; 5890 break; 5891 case IEEE80211_RADIOTAP_TX_FLAGS: 5892 injected = 1; 5893 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 5894 IEEE80211_RADIOTAP_F_TX_FAIL; 5895 break; 5896 case IEEE80211_RADIOTAP_DATA_RETRIES: 5897 break; 5898 case IEEE80211_RADIOTAP_CHANNEL: 5899 /* TODO: convert from freq/flags to channel number */ 5900 break; 5901 case IEEE80211_RADIOTAP_RATE: 5902 datarate = *iter.this_arg * 5; 5903 break; 5904 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 5905 ssi_signal = *iter.this_arg; 5906 break; 5907 } 5908 } 5909 5910 if (rxflags && injected) 5911 return; 5912 5913 if (!injected) 5914 handle_frame(drv, buf + iter.max_length, 5915 len - iter.max_length, datarate, ssi_signal); 5916 else 5917 handle_tx_callback(drv->ctx, buf + iter.max_length, 5918 len - iter.max_length, !failed); 5919} 5920 5921 5922/* 5923 * we post-process the filter code later and rewrite 5924 * this to the offset to the last instruction 5925 */ 5926#define PASS 0xFF 5927#define FAIL 0xFE 5928 5929static struct sock_filter msock_filter_insns[] = { 5930 /* 5931 * do a little-endian load of the radiotap length field 5932 */ 5933 /* load lower byte into A */ 5934 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 5935 /* put it into X (== index register) */ 5936 BPF_STMT(BPF_MISC| BPF_TAX, 0), 5937 /* load upper byte into A */ 5938 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 5939 /* left-shift it by 8 */ 5940 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 5941 /* or with X */ 5942 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 5943 /* put result into X */ 5944 BPF_STMT(BPF_MISC| BPF_TAX, 0), 5945 5946 /* 5947 * Allow management frames through, this also gives us those 5948 * management frames that we sent ourselves with status 5949 */ 5950 /* load the lower byte of the IEEE 802.11 frame control field */ 5951 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 5952 /* mask off frame type and version */ 5953 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 5954 /* accept frame if it's both 0, fall through otherwise */ 5955 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 5956 5957 /* 5958 * TODO: add a bit to radiotap RX flags that indicates 5959 * that the sending station is not associated, then 5960 * add a filter here that filters on our DA and that flag 5961 * to allow us to deauth frames to that bad station. 5962 * 5963 * For now allow all To DS data frames through. 5964 */ 5965 /* load the IEEE 802.11 frame control field */ 5966 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0), 5967 /* mask off frame type, version and DS status */ 5968 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03), 5969 /* accept frame if version 0, type 2 and To DS, fall through otherwise 5970 */ 5971 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0), 5972 5973#if 0 5974 /* 5975 * drop non-data frames 5976 */ 5977 /* load the lower byte of the frame control field */ 5978 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 5979 /* mask off QoS bit */ 5980 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 5981 /* drop non-data frames */ 5982 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 5983#endif 5984 /* load the upper byte of the frame control field */ 5985 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 5986 /* mask off toDS/fromDS */ 5987 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 5988 /* accept WDS frames */ 5989 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 5990 5991 /* 5992 * add header length to index 5993 */ 5994 /* load the lower byte of the frame control field */ 5995 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 5996 /* mask off QoS bit */ 5997 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 5998 /* right shift it by 6 to give 0 or 2 */ 5999 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 6000 /* add data frame header length */ 6001 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 6002 /* add index, was start of 802.11 header */ 6003 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 6004 /* move to index, now start of LL header */ 6005 BPF_STMT(BPF_MISC | BPF_TAX, 0), 6006 6007 /* 6008 * Accept empty data frames, we use those for 6009 * polling activity. 6010 */ 6011 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 6012 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 6013 6014 /* 6015 * Accept EAPOL frames 6016 */ 6017 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 6018 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 6019 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 6020 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 6021 6022 /* keep these last two statements or change the code below */ 6023 /* return 0 == "DROP" */ 6024 BPF_STMT(BPF_RET | BPF_K, 0), 6025 /* return ~0 == "keep all" */ 6026 BPF_STMT(BPF_RET | BPF_K, ~0), 6027}; 6028 6029static struct sock_fprog msock_filter = { 6030 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]), 6031 .filter = msock_filter_insns, 6032}; 6033 6034 6035static int add_monitor_filter(int s) 6036{ 6037 int idx; 6038 6039 /* rewrite all PASS/FAIL jump offsets */ 6040 for (idx = 0; idx < msock_filter.len; idx++) { 6041 struct sock_filter *insn = &msock_filter_insns[idx]; 6042 6043 if (BPF_CLASS(insn->code) == BPF_JMP) { 6044 if (insn->code == (BPF_JMP|BPF_JA)) { 6045 if (insn->k == PASS) 6046 insn->k = msock_filter.len - idx - 2; 6047 else if (insn->k == FAIL) 6048 insn->k = msock_filter.len - idx - 3; 6049 } 6050 6051 if (insn->jt == PASS) 6052 insn->jt = msock_filter.len - idx - 2; 6053 else if (insn->jt == FAIL) 6054 insn->jt = msock_filter.len - idx - 3; 6055 6056 if (insn->jf == PASS) 6057 insn->jf = msock_filter.len - idx - 2; 6058 else if (insn->jf == FAIL) 6059 insn->jf = msock_filter.len - idx - 3; 6060 } 6061 } 6062 6063 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 6064 &msock_filter, sizeof(msock_filter))) { 6065 perror("SO_ATTACH_FILTER"); 6066 return -1; 6067 } 6068 6069 return 0; 6070} 6071 6072 6073static void nl80211_remove_monitor_interface( 6074 struct wpa_driver_nl80211_data *drv) 6075{ 6076 drv->monitor_refcount--; 6077 if (drv->monitor_refcount > 0) 6078 return; 6079 6080 if (drv->monitor_ifidx >= 0) { 6081 nl80211_remove_iface(drv, drv->monitor_ifidx); 6082 drv->monitor_ifidx = -1; 6083 } 6084 if (drv->monitor_sock >= 0) { 6085 eloop_unregister_read_sock(drv->monitor_sock); 6086 close(drv->monitor_sock); 6087 drv->monitor_sock = -1; 6088 } 6089} 6090 6091 6092static int 6093nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 6094{ 6095 char buf[IFNAMSIZ]; 6096 struct sockaddr_ll ll; 6097 int optval; 6098 socklen_t optlen; 6099 6100 if (drv->monitor_ifidx >= 0) { 6101 drv->monitor_refcount++; 6102 return 0; 6103 } 6104 6105 if (os_strncmp(drv->first_bss.ifname, "p2p-", 4) == 0) { 6106 /* 6107 * P2P interface name is of the format p2p-%s-%d. For monitor 6108 * interface name corresponding to P2P GO, replace "p2p-" with 6109 * "mon-" to retain the same interface name length and to 6110 * indicate that it is a monitor interface. 6111 */ 6112 snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss.ifname + 4); 6113 } else { 6114 /* Non-P2P interface with AP functionality. */ 6115 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname); 6116 } 6117 6118 buf[IFNAMSIZ - 1] = '\0'; 6119 6120 drv->monitor_ifidx = 6121 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 6122 0); 6123 6124 if (drv->monitor_ifidx == -EOPNOTSUPP) { 6125 /* 6126 * This is backward compatibility for a few versions of 6127 * the kernel only that didn't advertise the right 6128 * attributes for the only driver that then supported 6129 * AP mode w/o monitor -- ath6kl. 6130 */ 6131 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support " 6132 "monitor interface type - try to run without it"); 6133 drv->device_ap_sme = 1; 6134 } 6135 6136 if (drv->monitor_ifidx < 0) 6137 return -1; 6138 6139 if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1)) 6140 goto error; 6141 6142 memset(&ll, 0, sizeof(ll)); 6143 ll.sll_family = AF_PACKET; 6144 ll.sll_ifindex = drv->monitor_ifidx; 6145 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 6146 if (drv->monitor_sock < 0) { 6147 perror("socket[PF_PACKET,SOCK_RAW]"); 6148 goto error; 6149 } 6150 6151 if (add_monitor_filter(drv->monitor_sock)) { 6152 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 6153 "interface; do filtering in user space"); 6154 /* This works, but will cost in performance. */ 6155 } 6156 6157 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 6158 perror("monitor socket bind"); 6159 goto error; 6160 } 6161 6162 optlen = sizeof(optval); 6163 optval = 20; 6164 if (setsockopt 6165 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 6166 perror("Failed to set socket priority"); 6167 goto error; 6168 } 6169 6170 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 6171 drv, NULL)) { 6172 printf("Could not register monitor read socket\n"); 6173 goto error; 6174 } 6175 6176 return 0; 6177 error: 6178 nl80211_remove_monitor_interface(drv); 6179 return -1; 6180} 6181 6182 6183static int nl80211_setup_ap(struct i802_bss *bss) 6184{ 6185 struct wpa_driver_nl80211_data *drv = bss->drv; 6186 6187 wpa_printf(MSG_DEBUG, "nl80211: Setup AP - device_ap_sme=%d " 6188 "use_monitor=%d", drv->device_ap_sme, drv->use_monitor); 6189 6190 /* 6191 * Disable Probe Request reporting unless we need it in this way for 6192 * devices that include the AP SME, in the other case (unless using 6193 * monitor iface) we'll get it through the nl_mgmt socket instead. 6194 */ 6195 if (!drv->device_ap_sme) 6196 wpa_driver_nl80211_probe_req_report(bss, 0); 6197 6198 if (!drv->device_ap_sme && !drv->use_monitor) 6199 if (nl80211_mgmt_subscribe_ap(bss)) 6200 return -1; 6201 6202 if (drv->device_ap_sme && !drv->use_monitor) 6203 if (nl80211_mgmt_subscribe_ap_dev_sme(bss)) 6204 return -1; 6205 6206 if (!drv->device_ap_sme && drv->use_monitor && 6207 nl80211_create_monitor_interface(drv) && 6208 !drv->device_ap_sme) 6209 return -1; 6210 6211 if (drv->device_ap_sme && 6212 wpa_driver_nl80211_probe_req_report(bss, 1) < 0) { 6213 wpa_printf(MSG_DEBUG, "nl80211: Failed to enable " 6214 "Probe Request frame reporting in AP mode"); 6215 /* Try to survive without this */ 6216 } 6217 6218#ifdef ANDROID_P2P 6219 /* For AP mode, enable probe req report even if device_ap_sme 6220 * is not enabled 6221 */ 6222 wpa_printf(MSG_DEBUG, "nl80211: Enabling probe req report"); 6223 wpa_driver_nl80211_probe_req_report(bss, 1); 6224#endif 6225 6226 return 0; 6227} 6228 6229 6230static void nl80211_teardown_ap(struct i802_bss *bss) 6231{ 6232 struct wpa_driver_nl80211_data *drv = bss->drv; 6233 6234 if (drv->device_ap_sme) { 6235 wpa_driver_nl80211_probe_req_report(bss, 0); 6236 if (!drv->use_monitor) 6237 nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)"); 6238 } else if (drv->use_monitor) 6239 nl80211_remove_monitor_interface(drv); 6240 else 6241 nl80211_mgmt_unsubscribe(bss, "AP teardown"); 6242 6243 bss->beacon_set = 0; 6244} 6245 6246 6247static int nl80211_send_eapol_data(struct i802_bss *bss, 6248 const u8 *addr, const u8 *data, 6249 size_t data_len) 6250{ 6251 struct sockaddr_ll ll; 6252 int ret; 6253 6254 if (bss->drv->eapol_tx_sock < 0) { 6255 wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL"); 6256 return -1; 6257 } 6258 6259 os_memset(&ll, 0, sizeof(ll)); 6260 ll.sll_family = AF_PACKET; 6261 ll.sll_ifindex = bss->ifindex; 6262 ll.sll_protocol = htons(ETH_P_PAE); 6263 ll.sll_halen = ETH_ALEN; 6264 os_memcpy(ll.sll_addr, addr, ETH_ALEN); 6265 ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0, 6266 (struct sockaddr *) &ll, sizeof(ll)); 6267 if (ret < 0) 6268 wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s", 6269 strerror(errno)); 6270 6271 return ret; 6272} 6273 6274 6275static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 6276 6277static int wpa_driver_nl80211_hapd_send_eapol( 6278 void *priv, const u8 *addr, const u8 *data, 6279 size_t data_len, int encrypt, const u8 *own_addr, u32 flags) 6280{ 6281 struct i802_bss *bss = priv; 6282 struct wpa_driver_nl80211_data *drv = bss->drv; 6283 struct ieee80211_hdr *hdr; 6284 size_t len; 6285 u8 *pos; 6286 int res; 6287 int qos = flags & WPA_STA_WMM; 6288 6289 if (drv->device_ap_sme || !drv->use_monitor) 6290 return nl80211_send_eapol_data(bss, addr, data, data_len); 6291 6292 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 6293 data_len; 6294 hdr = os_zalloc(len); 6295 if (hdr == NULL) { 6296 printf("malloc() failed for i802_send_data(len=%lu)\n", 6297 (unsigned long) len); 6298 return -1; 6299 } 6300 6301 hdr->frame_control = 6302 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 6303 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 6304 if (encrypt) 6305 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 6306 if (qos) { 6307 hdr->frame_control |= 6308 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 6309 } 6310 6311 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 6312 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 6313 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 6314 pos = (u8 *) (hdr + 1); 6315 6316 if (qos) { 6317 /* add an empty QoS header if needed */ 6318 pos[0] = 0; 6319 pos[1] = 0; 6320 pos += 2; 6321 } 6322 6323 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 6324 pos += sizeof(rfc1042_header); 6325 WPA_PUT_BE16(pos, ETH_P_PAE); 6326 pos += 2; 6327 memcpy(pos, data, data_len); 6328 6329 res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0, 6330 0, 0, 0, 0); 6331 if (res < 0) { 6332 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 6333 "failed: %d (%s)", 6334 (unsigned long) len, errno, strerror(errno)); 6335 } 6336 os_free(hdr); 6337 6338 return res; 6339} 6340 6341 6342static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 6343 int total_flags, 6344 int flags_or, int flags_and) 6345{ 6346 struct i802_bss *bss = priv; 6347 struct wpa_driver_nl80211_data *drv = bss->drv; 6348 struct nl_msg *msg, *flags = NULL; 6349 struct nl80211_sta_flag_update upd; 6350 6351 msg = nlmsg_alloc(); 6352 if (!msg) 6353 return -ENOMEM; 6354 6355 flags = nlmsg_alloc(); 6356 if (!flags) { 6357 nlmsg_free(msg); 6358 return -ENOMEM; 6359 } 6360 6361 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 6362 6363 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 6364 if_nametoindex(bss->ifname)); 6365 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 6366 6367 /* 6368 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 6369 * can be removed eventually. 6370 */ 6371 if (total_flags & WPA_STA_AUTHORIZED) 6372 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED); 6373 6374 if (total_flags & WPA_STA_WMM) 6375 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME); 6376 6377 if (total_flags & WPA_STA_SHORT_PREAMBLE) 6378 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE); 6379 6380 if (total_flags & WPA_STA_MFP) 6381 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP); 6382 6383 if (total_flags & WPA_STA_TDLS_PEER) 6384 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_TDLS_PEER); 6385 6386 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags)) 6387 goto nla_put_failure; 6388 6389 os_memset(&upd, 0, sizeof(upd)); 6390 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 6391 upd.set = sta_flags_nl80211(flags_or); 6392 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 6393 6394 nlmsg_free(flags); 6395 6396 return send_and_recv_msgs(drv, msg, NULL, NULL); 6397 nla_put_failure: 6398 nlmsg_free(msg); 6399 nlmsg_free(flags); 6400 return -ENOBUFS; 6401} 6402 6403 6404static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 6405 struct wpa_driver_associate_params *params) 6406{ 6407 enum nl80211_iftype nlmode; 6408 6409 if (params->p2p) { 6410 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P " 6411 "group (GO)"); 6412 nlmode = NL80211_IFTYPE_P2P_GO; 6413 } else 6414 nlmode = NL80211_IFTYPE_AP; 6415 6416 if (wpa_driver_nl80211_set_mode(&drv->first_bss, nlmode) || 6417 wpa_driver_nl80211_set_freq(&drv->first_bss, params->freq, 0, 0)) { 6418 nl80211_remove_monitor_interface(drv); 6419 return -1; 6420 } 6421 6422 return 0; 6423} 6424 6425 6426static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 6427{ 6428 struct nl_msg *msg; 6429 int ret = -1; 6430 6431 msg = nlmsg_alloc(); 6432 if (!msg) 6433 return -1; 6434 6435 nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS); 6436 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6437 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6438 msg = NULL; 6439 if (ret) { 6440 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 6441 "(%s)", ret, strerror(-ret)); 6442 goto nla_put_failure; 6443 } 6444 6445 ret = 0; 6446 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 6447 6448nla_put_failure: 6449 nlmsg_free(msg); 6450 return ret; 6451} 6452 6453 6454static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 6455 struct wpa_driver_associate_params *params) 6456{ 6457 struct nl_msg *msg; 6458 int ret = -1; 6459 int count = 0; 6460 6461 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 6462 6463 if (wpa_driver_nl80211_set_mode(&drv->first_bss, 6464 NL80211_IFTYPE_ADHOC)) { 6465 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 6466 "IBSS mode"); 6467 return -1; 6468 } 6469 6470retry: 6471 msg = nlmsg_alloc(); 6472 if (!msg) 6473 return -1; 6474 6475 nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS); 6476 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6477 6478 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 6479 goto nla_put_failure; 6480 6481 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 6482 params->ssid, params->ssid_len); 6483 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 6484 params->ssid); 6485 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 6486 drv->ssid_len = params->ssid_len; 6487 6488 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 6489 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 6490 6491 ret = nl80211_set_conn_keys(params, msg); 6492 if (ret) 6493 goto nla_put_failure; 6494 6495 if (params->bssid && params->fixed_bssid) { 6496 wpa_printf(MSG_DEBUG, " * BSSID=" MACSTR, 6497 MAC2STR(params->bssid)); 6498 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 6499 } 6500 6501 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 6502 params->key_mgmt_suite == KEY_MGMT_PSK || 6503 params->key_mgmt_suite == KEY_MGMT_802_1X_SHA256 || 6504 params->key_mgmt_suite == KEY_MGMT_PSK_SHA256) { 6505 wpa_printf(MSG_DEBUG, " * control port"); 6506 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 6507 } 6508 6509 if (params->wpa_ie) { 6510 wpa_hexdump(MSG_DEBUG, 6511 " * Extra IEs for Beacon/Probe Response frames", 6512 params->wpa_ie, params->wpa_ie_len); 6513 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 6514 params->wpa_ie); 6515 } 6516 6517 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6518 msg = NULL; 6519 if (ret) { 6520 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 6521 ret, strerror(-ret)); 6522 count++; 6523 if (ret == -EALREADY && count == 1) { 6524 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 6525 "forced leave"); 6526 nl80211_leave_ibss(drv); 6527 nlmsg_free(msg); 6528 goto retry; 6529 } 6530 6531 goto nla_put_failure; 6532 } 6533 ret = 0; 6534 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 6535 6536nla_put_failure: 6537 nlmsg_free(msg); 6538 return ret; 6539} 6540 6541 6542static unsigned int nl80211_get_assoc_bssid(struct wpa_driver_nl80211_data *drv, 6543 u8 *bssid) 6544{ 6545 struct nl_msg *msg; 6546 int ret; 6547 struct nl80211_bss_info_arg arg; 6548 6549 os_memset(&arg, 0, sizeof(arg)); 6550 msg = nlmsg_alloc(); 6551 if (!msg) 6552 goto nla_put_failure; 6553 6554 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 6555 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6556 6557 arg.drv = drv; 6558 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 6559 msg = NULL; 6560 if (ret == 0) { 6561 if (is_zero_ether_addr(arg.assoc_bssid)) 6562 return -ENOTCONN; 6563 os_memcpy(bssid, arg.assoc_bssid, ETH_ALEN); 6564 return 0; 6565 } 6566 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 6567 "(%s)", ret, strerror(-ret)); 6568nla_put_failure: 6569 nlmsg_free(msg); 6570 return drv->assoc_freq; 6571} 6572 6573 6574static int nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 6575 const u8 *bssid) 6576{ 6577 u8 addr[ETH_ALEN]; 6578 6579 if (bssid == NULL) { 6580 int res = nl80211_get_assoc_bssid(drv, addr); 6581 if (res) 6582 return res; 6583 bssid = addr; 6584 } 6585 6586 return wpa_driver_nl80211_disconnect(drv, bssid, 6587 WLAN_REASON_PREV_AUTH_NOT_VALID); 6588} 6589 6590 6591static int wpa_driver_nl80211_connect( 6592 struct wpa_driver_nl80211_data *drv, 6593 struct wpa_driver_associate_params *params) 6594{ 6595 struct nl_msg *msg; 6596 enum nl80211_auth_type type; 6597 int ret = 0; 6598 int algs; 6599 6600 msg = nlmsg_alloc(); 6601 if (!msg) 6602 return -1; 6603 6604 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 6605 nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT); 6606 6607 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6608 if (params->bssid) { 6609 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 6610 MAC2STR(params->bssid)); 6611 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 6612 } 6613 if (params->freq) { 6614 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 6615 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 6616 } 6617 if (params->ssid) { 6618 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 6619 params->ssid, params->ssid_len); 6620 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 6621 params->ssid); 6622 if (params->ssid_len > sizeof(drv->ssid)) 6623 goto nla_put_failure; 6624 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 6625 drv->ssid_len = params->ssid_len; 6626 } 6627 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 6628 if (params->wpa_ie) 6629 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 6630 params->wpa_ie); 6631 6632 algs = 0; 6633 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 6634 algs++; 6635 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 6636 algs++; 6637 if (params->auth_alg & WPA_AUTH_ALG_LEAP) 6638 algs++; 6639 if (algs > 1) { 6640 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " 6641 "selection"); 6642 goto skip_auth_type; 6643 } 6644 6645 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 6646 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 6647 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 6648 type = NL80211_AUTHTYPE_SHARED_KEY; 6649 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 6650 type = NL80211_AUTHTYPE_NETWORK_EAP; 6651 else if (params->auth_alg & WPA_AUTH_ALG_FT) 6652 type = NL80211_AUTHTYPE_FT; 6653 else 6654 goto nla_put_failure; 6655 6656 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 6657 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 6658 6659skip_auth_type: 6660 if (params->wpa_proto) { 6661 enum nl80211_wpa_versions ver = 0; 6662 6663 if (params->wpa_proto & WPA_PROTO_WPA) 6664 ver |= NL80211_WPA_VERSION_1; 6665 if (params->wpa_proto & WPA_PROTO_RSN) 6666 ver |= NL80211_WPA_VERSION_2; 6667 6668 wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver); 6669 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 6670 } 6671 6672 if (params->pairwise_suite != CIPHER_NONE) { 6673 int cipher; 6674 6675 switch (params->pairwise_suite) { 6676 case CIPHER_WEP40: 6677 cipher = WLAN_CIPHER_SUITE_WEP40; 6678 break; 6679 case CIPHER_WEP104: 6680 cipher = WLAN_CIPHER_SUITE_WEP104; 6681 break; 6682 case CIPHER_CCMP: 6683 cipher = WLAN_CIPHER_SUITE_CCMP; 6684 break; 6685 case CIPHER_TKIP: 6686 default: 6687 cipher = WLAN_CIPHER_SUITE_TKIP; 6688 break; 6689 } 6690 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 6691 } 6692 6693 if (params->group_suite != CIPHER_NONE) { 6694 int cipher; 6695 6696 switch (params->group_suite) { 6697 case CIPHER_WEP40: 6698 cipher = WLAN_CIPHER_SUITE_WEP40; 6699 break; 6700 case CIPHER_WEP104: 6701 cipher = WLAN_CIPHER_SUITE_WEP104; 6702 break; 6703 case CIPHER_CCMP: 6704 cipher = WLAN_CIPHER_SUITE_CCMP; 6705 break; 6706 case CIPHER_TKIP: 6707 default: 6708 cipher = WLAN_CIPHER_SUITE_TKIP; 6709 break; 6710 } 6711 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 6712 } 6713 6714 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 6715 params->key_mgmt_suite == KEY_MGMT_PSK) { 6716 int mgmt = WLAN_AKM_SUITE_PSK; 6717 6718 switch (params->key_mgmt_suite) { 6719 case KEY_MGMT_802_1X: 6720 mgmt = WLAN_AKM_SUITE_8021X; 6721 break; 6722 case KEY_MGMT_PSK: 6723 default: 6724 mgmt = WLAN_AKM_SUITE_PSK; 6725 break; 6726 } 6727 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 6728 } 6729 6730 if (params->disable_ht) 6731 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT); 6732 6733 if (params->htcaps && params->htcaps_mask) { 6734 int sz = sizeof(struct ieee80211_ht_capabilities); 6735 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps); 6736 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz, 6737 params->htcaps_mask); 6738 } 6739 6740 ret = nl80211_set_conn_keys(params, msg); 6741 if (ret) 6742 goto nla_put_failure; 6743 6744 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6745 msg = NULL; 6746 if (ret) { 6747 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 6748 "(%s)", ret, strerror(-ret)); 6749 /* 6750 * cfg80211 does not currently accept new connection if we are 6751 * already connected. As a workaround, force disconnection and 6752 * try again once the driver indicates it completed 6753 * disconnection. 6754 */ 6755 if (ret == -EALREADY) 6756 nl80211_disconnect(drv, params->bssid); 6757 goto nla_put_failure; 6758 } 6759 ret = 0; 6760 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 6761 6762nla_put_failure: 6763 nlmsg_free(msg); 6764 return ret; 6765 6766} 6767 6768 6769static int wpa_driver_nl80211_associate( 6770 void *priv, struct wpa_driver_associate_params *params) 6771{ 6772 struct i802_bss *bss = priv; 6773 struct wpa_driver_nl80211_data *drv = bss->drv; 6774 int ret = -1; 6775 struct nl_msg *msg; 6776 6777 if (params->mode == IEEE80211_MODE_AP) 6778 return wpa_driver_nl80211_ap(drv, params); 6779 6780 if (params->mode == IEEE80211_MODE_IBSS) 6781 return wpa_driver_nl80211_ibss(drv, params); 6782 6783 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 6784 enum nl80211_iftype nlmode = params->p2p ? 6785 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 6786 6787 if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0) 6788 return -1; 6789 return wpa_driver_nl80211_connect(drv, params); 6790 } 6791 6792 drv->associated = 0; 6793 6794 msg = nlmsg_alloc(); 6795 if (!msg) 6796 return -1; 6797 6798 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 6799 drv->ifindex); 6800 nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE); 6801 6802 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6803 if (params->bssid) { 6804 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 6805 MAC2STR(params->bssid)); 6806 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 6807 } 6808 if (params->freq) { 6809 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 6810 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 6811 drv->assoc_freq = params->freq; 6812 } else 6813 drv->assoc_freq = 0; 6814 if (params->ssid) { 6815 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 6816 params->ssid, params->ssid_len); 6817 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 6818 params->ssid); 6819 if (params->ssid_len > sizeof(drv->ssid)) 6820 goto nla_put_failure; 6821 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 6822 drv->ssid_len = params->ssid_len; 6823 } 6824 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 6825 if (params->wpa_ie) 6826 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 6827 params->wpa_ie); 6828 6829 if (params->pairwise_suite != CIPHER_NONE) { 6830 int cipher; 6831 6832 switch (params->pairwise_suite) { 6833 case CIPHER_WEP40: 6834 cipher = WLAN_CIPHER_SUITE_WEP40; 6835 break; 6836 case CIPHER_WEP104: 6837 cipher = WLAN_CIPHER_SUITE_WEP104; 6838 break; 6839 case CIPHER_CCMP: 6840 cipher = WLAN_CIPHER_SUITE_CCMP; 6841 break; 6842 case CIPHER_TKIP: 6843 default: 6844 cipher = WLAN_CIPHER_SUITE_TKIP; 6845 break; 6846 } 6847 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher); 6848 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 6849 } 6850 6851 if (params->group_suite != CIPHER_NONE) { 6852 int cipher; 6853 6854 switch (params->group_suite) { 6855 case CIPHER_WEP40: 6856 cipher = WLAN_CIPHER_SUITE_WEP40; 6857 break; 6858 case CIPHER_WEP104: 6859 cipher = WLAN_CIPHER_SUITE_WEP104; 6860 break; 6861 case CIPHER_CCMP: 6862 cipher = WLAN_CIPHER_SUITE_CCMP; 6863 break; 6864 case CIPHER_TKIP: 6865 default: 6866 cipher = WLAN_CIPHER_SUITE_TKIP; 6867 break; 6868 } 6869 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher); 6870 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 6871 } 6872 6873#ifdef CONFIG_IEEE80211W 6874 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 6875 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 6876#endif /* CONFIG_IEEE80211W */ 6877 6878 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 6879 6880 if (params->prev_bssid) { 6881 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 6882 MAC2STR(params->prev_bssid)); 6883 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 6884 params->prev_bssid); 6885 } 6886 6887 if (params->disable_ht) 6888 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT); 6889 6890 if (params->htcaps && params->htcaps_mask) { 6891 int sz = sizeof(struct ieee80211_ht_capabilities); 6892 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps); 6893 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz, 6894 params->htcaps_mask); 6895 } 6896 6897 if (params->p2p) 6898 wpa_printf(MSG_DEBUG, " * P2P group"); 6899 6900 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6901 msg = NULL; 6902 if (ret) { 6903 wpa_dbg(drv->ctx, MSG_DEBUG, 6904 "nl80211: MLME command failed (assoc): ret=%d (%s)", 6905 ret, strerror(-ret)); 6906 nl80211_dump_scan(drv); 6907 goto nla_put_failure; 6908 } 6909 ret = 0; 6910 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 6911 "successfully"); 6912 6913nla_put_failure: 6914 nlmsg_free(msg); 6915 return ret; 6916} 6917 6918 6919static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 6920 int ifindex, enum nl80211_iftype mode) 6921{ 6922 struct nl_msg *msg; 6923 int ret = -ENOBUFS; 6924 6925 wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)", 6926 ifindex, mode, nl80211_iftype_str(mode)); 6927 6928 msg = nlmsg_alloc(); 6929 if (!msg) 6930 return -ENOMEM; 6931 6932 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE); 6933 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 6934 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 6935 6936 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6937 msg = NULL; 6938 if (!ret) 6939 return 0; 6940nla_put_failure: 6941 nlmsg_free(msg); 6942 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 6943 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 6944 return ret; 6945} 6946 6947 6948static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 6949 enum nl80211_iftype nlmode) 6950{ 6951 struct wpa_driver_nl80211_data *drv = bss->drv; 6952 int ret = -1; 6953 int i; 6954 int was_ap = is_ap_interface(drv->nlmode); 6955 int res; 6956 6957 res = nl80211_set_mode(drv, drv->ifindex, nlmode); 6958 if (res == 0) { 6959 drv->nlmode = nlmode; 6960 ret = 0; 6961 goto done; 6962 } 6963 6964 if (res == -ENODEV) 6965 return -1; 6966 6967 if (nlmode == drv->nlmode) { 6968 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 6969 "requested mode - ignore error"); 6970 ret = 0; 6971 goto done; /* Already in the requested mode */ 6972 } 6973 6974 /* mac80211 doesn't allow mode changes while the device is up, so 6975 * take the device down, try to set the mode again, and bring the 6976 * device back up. 6977 */ 6978 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting " 6979 "interface down"); 6980 for (i = 0; i < 10; i++) { 6981 res = linux_set_iface_flags(drv->global->ioctl_sock, 6982 bss->ifname, 0); 6983 if (res == -EACCES || res == -ENODEV) 6984 break; 6985 if (res == 0) { 6986 /* Try to set the mode again while the interface is 6987 * down */ 6988 ret = nl80211_set_mode(drv, drv->ifindex, nlmode); 6989 if (ret == -EACCES) 6990 break; 6991 res = linux_set_iface_flags(drv->global->ioctl_sock, 6992 bss->ifname, 1); 6993 if (res && !ret) 6994 ret = -1; 6995 else if (ret != -EBUSY) 6996 break; 6997 } else 6998 wpa_printf(MSG_DEBUG, "nl80211: Failed to set " 6999 "interface down"); 7000 os_sleep(0, 100000); 7001 } 7002 7003 if (!ret) { 7004 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 7005 "interface is down"); 7006 drv->nlmode = nlmode; 7007 drv->ignore_if_down_event = 1; 7008 } 7009 7010done: 7011 if (ret) { 7012 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 7013 "from %d failed", nlmode, drv->nlmode); 7014 return ret; 7015 } 7016 7017 if (is_ap_interface(nlmode)) { 7018 nl80211_mgmt_unsubscribe(bss, "start AP"); 7019 /* Setup additional AP mode functionality if needed */ 7020 if (nl80211_setup_ap(bss)) 7021 return -1; 7022 } else if (was_ap) { 7023 /* Remove additional AP mode functionality */ 7024 nl80211_teardown_ap(bss); 7025 } else { 7026 nl80211_mgmt_unsubscribe(bss, "mode change"); 7027 } 7028 7029 if (!is_ap_interface(nlmode) && 7030 nl80211_mgmt_subscribe_non_ap(bss) < 0) 7031 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 7032 "frame processing - ignore for now"); 7033 7034 return 0; 7035} 7036 7037 7038static int wpa_driver_nl80211_get_capa(void *priv, 7039 struct wpa_driver_capa *capa) 7040{ 7041 struct i802_bss *bss = priv; 7042 struct wpa_driver_nl80211_data *drv = bss->drv; 7043 if (!drv->has_capability) 7044 return -1; 7045 os_memcpy(capa, &drv->capa, sizeof(*capa)); 7046 return 0; 7047} 7048 7049 7050static int wpa_driver_nl80211_set_operstate(void *priv, int state) 7051{ 7052 struct i802_bss *bss = priv; 7053 struct wpa_driver_nl80211_data *drv = bss->drv; 7054 7055 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 7056 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 7057 drv->operstate = state; 7058 return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1, 7059 state ? IF_OPER_UP : IF_OPER_DORMANT); 7060} 7061 7062 7063static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 7064{ 7065 struct i802_bss *bss = priv; 7066 struct wpa_driver_nl80211_data *drv = bss->drv; 7067 struct nl_msg *msg; 7068 struct nl80211_sta_flag_update upd; 7069 7070 msg = nlmsg_alloc(); 7071 if (!msg) 7072 return -ENOMEM; 7073 7074 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 7075 7076 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 7077 if_nametoindex(bss->ifname)); 7078 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 7079 7080 os_memset(&upd, 0, sizeof(upd)); 7081 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 7082 if (authorized) 7083 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 7084 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 7085 7086 return send_and_recv_msgs(drv, msg, NULL, NULL); 7087 nla_put_failure: 7088 nlmsg_free(msg); 7089 return -ENOBUFS; 7090} 7091 7092 7093/* Set kernel driver on given frequency (MHz) */ 7094static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 7095{ 7096 struct i802_bss *bss = priv; 7097 return wpa_driver_nl80211_set_freq(bss, freq->freq, freq->ht_enabled, 7098 freq->sec_channel_offset); 7099} 7100 7101 7102#if defined(HOSTAPD) || defined(CONFIG_AP) 7103 7104static inline int min_int(int a, int b) 7105{ 7106 if (a < b) 7107 return a; 7108 return b; 7109} 7110 7111 7112static int get_key_handler(struct nl_msg *msg, void *arg) 7113{ 7114 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 7115 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 7116 7117 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 7118 genlmsg_attrlen(gnlh, 0), NULL); 7119 7120 /* 7121 * TODO: validate the key index and mac address! 7122 * Otherwise, there's a race condition as soon as 7123 * the kernel starts sending key notifications. 7124 */ 7125 7126 if (tb[NL80211_ATTR_KEY_SEQ]) 7127 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 7128 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 7129 return NL_SKIP; 7130} 7131 7132 7133static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 7134 int idx, u8 *seq) 7135{ 7136 struct i802_bss *bss = priv; 7137 struct wpa_driver_nl80211_data *drv = bss->drv; 7138 struct nl_msg *msg; 7139 7140 msg = nlmsg_alloc(); 7141 if (!msg) 7142 return -ENOMEM; 7143 7144 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY); 7145 7146 if (addr) 7147 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7148 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 7149 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 7150 7151 memset(seq, 0, 6); 7152 7153 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 7154 nla_put_failure: 7155 nlmsg_free(msg); 7156 return -ENOBUFS; 7157} 7158 7159 7160static int i802_set_rts(void *priv, int rts) 7161{ 7162 struct i802_bss *bss = priv; 7163 struct wpa_driver_nl80211_data *drv = bss->drv; 7164 struct nl_msg *msg; 7165 int ret = -ENOBUFS; 7166 u32 val; 7167 7168 msg = nlmsg_alloc(); 7169 if (!msg) 7170 return -ENOMEM; 7171 7172 if (rts >= 2347) 7173 val = (u32) -1; 7174 else 7175 val = rts; 7176 7177 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 7178 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7179 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 7180 7181 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7182 msg = NULL; 7183 if (!ret) 7184 return 0; 7185nla_put_failure: 7186 nlmsg_free(msg); 7187 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 7188 "%d (%s)", rts, ret, strerror(-ret)); 7189 return ret; 7190} 7191 7192 7193static int i802_set_frag(void *priv, int frag) 7194{ 7195 struct i802_bss *bss = priv; 7196 struct wpa_driver_nl80211_data *drv = bss->drv; 7197 struct nl_msg *msg; 7198 int ret = -ENOBUFS; 7199 u32 val; 7200 7201 msg = nlmsg_alloc(); 7202 if (!msg) 7203 return -ENOMEM; 7204 7205 if (frag >= 2346) 7206 val = (u32) -1; 7207 else 7208 val = frag; 7209 7210 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 7211 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7212 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 7213 7214 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7215 msg = NULL; 7216 if (!ret) 7217 return 0; 7218nla_put_failure: 7219 nlmsg_free(msg); 7220 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 7221 "%d: %d (%s)", frag, ret, strerror(-ret)); 7222 return ret; 7223} 7224 7225 7226static int i802_flush(void *priv) 7227{ 7228 struct i802_bss *bss = priv; 7229 struct wpa_driver_nl80211_data *drv = bss->drv; 7230 struct nl_msg *msg; 7231 int res; 7232 7233 msg = nlmsg_alloc(); 7234 if (!msg) 7235 return -1; 7236 7237 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 7238 7239 /* 7240 * XXX: FIX! this needs to flush all VLANs too 7241 */ 7242 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 7243 if_nametoindex(bss->ifname)); 7244 7245 res = send_and_recv_msgs(drv, msg, NULL, NULL); 7246 if (res) { 7247 wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d " 7248 "(%s)", res, strerror(-res)); 7249 } 7250 return res; 7251 nla_put_failure: 7252 nlmsg_free(msg); 7253 return -ENOBUFS; 7254} 7255 7256 7257static int get_sta_handler(struct nl_msg *msg, void *arg) 7258{ 7259 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 7260 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 7261 struct hostap_sta_driver_data *data = arg; 7262 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 7263 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 7264 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 7265 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 7266 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 7267 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 7268 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 7269 }; 7270 7271 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 7272 genlmsg_attrlen(gnlh, 0), NULL); 7273 7274 /* 7275 * TODO: validate the interface and mac address! 7276 * Otherwise, there's a race condition as soon as 7277 * the kernel starts sending station notifications. 7278 */ 7279 7280 if (!tb[NL80211_ATTR_STA_INFO]) { 7281 wpa_printf(MSG_DEBUG, "sta stats missing!"); 7282 return NL_SKIP; 7283 } 7284 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 7285 tb[NL80211_ATTR_STA_INFO], 7286 stats_policy)) { 7287 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 7288 return NL_SKIP; 7289 } 7290 7291 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 7292 data->inactive_msec = 7293 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 7294 if (stats[NL80211_STA_INFO_RX_BYTES]) 7295 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 7296 if (stats[NL80211_STA_INFO_TX_BYTES]) 7297 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 7298 if (stats[NL80211_STA_INFO_RX_PACKETS]) 7299 data->rx_packets = 7300 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 7301 if (stats[NL80211_STA_INFO_TX_PACKETS]) 7302 data->tx_packets = 7303 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 7304 7305 return NL_SKIP; 7306} 7307 7308static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data, 7309 const u8 *addr) 7310{ 7311 struct i802_bss *bss = priv; 7312 struct wpa_driver_nl80211_data *drv = bss->drv; 7313 struct nl_msg *msg; 7314 7315 os_memset(data, 0, sizeof(*data)); 7316 msg = nlmsg_alloc(); 7317 if (!msg) 7318 return -ENOMEM; 7319 7320 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 7321 7322 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7323 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 7324 7325 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 7326 nla_put_failure: 7327 nlmsg_free(msg); 7328 return -ENOBUFS; 7329} 7330 7331 7332static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 7333 int cw_min, int cw_max, int burst_time) 7334{ 7335 struct i802_bss *bss = priv; 7336 struct wpa_driver_nl80211_data *drv = bss->drv; 7337 struct nl_msg *msg; 7338 struct nlattr *txq, *params; 7339 7340 msg = nlmsg_alloc(); 7341 if (!msg) 7342 return -1; 7343 7344 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 7345 7346 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 7347 7348 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 7349 if (!txq) 7350 goto nla_put_failure; 7351 7352 /* We are only sending parameters for a single TXQ at a time */ 7353 params = nla_nest_start(msg, 1); 7354 if (!params) 7355 goto nla_put_failure; 7356 7357 switch (queue) { 7358 case 0: 7359 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO); 7360 break; 7361 case 1: 7362 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI); 7363 break; 7364 case 2: 7365 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE); 7366 break; 7367 case 3: 7368 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK); 7369 break; 7370 } 7371 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 7372 * 32 usec, so need to convert the value here. */ 7373 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 7374 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 7375 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 7376 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 7377 7378 nla_nest_end(msg, params); 7379 7380 nla_nest_end(msg, txq); 7381 7382 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 7383 return 0; 7384 msg = NULL; 7385 nla_put_failure: 7386 nlmsg_free(msg); 7387 return -1; 7388} 7389 7390 7391static int i802_set_sta_vlan(void *priv, const u8 *addr, 7392 const char *ifname, int vlan_id) 7393{ 7394 struct i802_bss *bss = priv; 7395 struct wpa_driver_nl80211_data *drv = bss->drv; 7396 struct nl_msg *msg; 7397 int ret = -ENOBUFS; 7398 7399 msg = nlmsg_alloc(); 7400 if (!msg) 7401 return -ENOMEM; 7402 7403 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 7404 7405 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 7406 if_nametoindex(bss->ifname)); 7407 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7408 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 7409 if_nametoindex(ifname)); 7410 7411 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7412 msg = NULL; 7413 if (ret < 0) { 7414 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 7415 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 7416 MAC2STR(addr), ifname, vlan_id, ret, 7417 strerror(-ret)); 7418 } 7419 nla_put_failure: 7420 nlmsg_free(msg); 7421 return ret; 7422} 7423 7424 7425static int i802_get_inact_sec(void *priv, const u8 *addr) 7426{ 7427 struct hostap_sta_driver_data data; 7428 int ret; 7429 7430 data.inactive_msec = (unsigned long) -1; 7431 ret = i802_read_sta_data(priv, &data, addr); 7432 if (ret || data.inactive_msec == (unsigned long) -1) 7433 return -1; 7434 return data.inactive_msec / 1000; 7435} 7436 7437 7438static int i802_sta_clear_stats(void *priv, const u8 *addr) 7439{ 7440#if 0 7441 /* TODO */ 7442#endif 7443 return 0; 7444} 7445 7446 7447static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 7448 int reason) 7449{ 7450 struct i802_bss *bss = priv; 7451 struct ieee80211_mgmt mgmt; 7452 7453 memset(&mgmt, 0, sizeof(mgmt)); 7454 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 7455 WLAN_FC_STYPE_DEAUTH); 7456 memcpy(mgmt.da, addr, ETH_ALEN); 7457 memcpy(mgmt.sa, own_addr, ETH_ALEN); 7458 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 7459 mgmt.u.deauth.reason_code = host_to_le16(reason); 7460 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 7461 IEEE80211_HDRLEN + 7462 sizeof(mgmt.u.deauth), 0); 7463} 7464 7465 7466static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 7467 int reason) 7468{ 7469 struct i802_bss *bss = priv; 7470 struct ieee80211_mgmt mgmt; 7471 7472 memset(&mgmt, 0, sizeof(mgmt)); 7473 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 7474 WLAN_FC_STYPE_DISASSOC); 7475 memcpy(mgmt.da, addr, ETH_ALEN); 7476 memcpy(mgmt.sa, own_addr, ETH_ALEN); 7477 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 7478 mgmt.u.disassoc.reason_code = host_to_le16(reason); 7479 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 7480 IEEE80211_HDRLEN + 7481 sizeof(mgmt.u.disassoc), 0); 7482} 7483 7484#endif /* HOSTAPD || CONFIG_AP */ 7485 7486#ifdef HOSTAPD 7487 7488static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 7489{ 7490 int i; 7491 int *old; 7492 7493 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 7494 ifidx); 7495 for (i = 0; i < drv->num_if_indices; i++) { 7496 if (drv->if_indices[i] == 0) { 7497 drv->if_indices[i] = ifidx; 7498 return; 7499 } 7500 } 7501 7502 if (drv->if_indices != drv->default_if_indices) 7503 old = drv->if_indices; 7504 else 7505 old = NULL; 7506 7507 drv->if_indices = os_realloc(old, 7508 sizeof(int) * (drv->num_if_indices + 1)); 7509 if (!drv->if_indices) { 7510 if (!old) 7511 drv->if_indices = drv->default_if_indices; 7512 else 7513 drv->if_indices = old; 7514 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 7515 "interfaces"); 7516 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 7517 return; 7518 } else if (!old) 7519 os_memcpy(drv->if_indices, drv->default_if_indices, 7520 sizeof(drv->default_if_indices)); 7521 drv->if_indices[drv->num_if_indices] = ifidx; 7522 drv->num_if_indices++; 7523} 7524 7525 7526static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 7527{ 7528 int i; 7529 7530 for (i = 0; i < drv->num_if_indices; i++) { 7531 if (drv->if_indices[i] == ifidx) { 7532 drv->if_indices[i] = 0; 7533 break; 7534 } 7535 } 7536} 7537 7538 7539static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 7540{ 7541 int i; 7542 7543 for (i = 0; i < drv->num_if_indices; i++) 7544 if (drv->if_indices[i] == ifidx) 7545 return 1; 7546 7547 return 0; 7548} 7549 7550 7551static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, 7552 const char *bridge_ifname) 7553{ 7554 struct i802_bss *bss = priv; 7555 struct wpa_driver_nl80211_data *drv = bss->drv; 7556 char name[IFNAMSIZ + 1]; 7557 7558 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 7559 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 7560 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 7561 if (val) { 7562 if (!if_nametoindex(name)) { 7563 if (nl80211_create_iface(drv, name, 7564 NL80211_IFTYPE_AP_VLAN, 7565 NULL, 1) < 0) 7566 return -1; 7567 if (bridge_ifname && 7568 linux_br_add_if(drv->global->ioctl_sock, 7569 bridge_ifname, name) < 0) 7570 return -1; 7571 } 7572 linux_set_iface_flags(drv->global->ioctl_sock, name, 1); 7573 return i802_set_sta_vlan(priv, addr, name, 0); 7574 } else { 7575 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 7576 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN, 7577 name); 7578 } 7579} 7580 7581 7582static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 7583{ 7584 struct wpa_driver_nl80211_data *drv = eloop_ctx; 7585 struct sockaddr_ll lladdr; 7586 unsigned char buf[3000]; 7587 int len; 7588 socklen_t fromlen = sizeof(lladdr); 7589 7590 len = recvfrom(sock, buf, sizeof(buf), 0, 7591 (struct sockaddr *)&lladdr, &fromlen); 7592 if (len < 0) { 7593 perror("recv"); 7594 return; 7595 } 7596 7597 if (have_ifidx(drv, lladdr.sll_ifindex)) 7598 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 7599} 7600 7601 7602static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 7603 struct i802_bss *bss, 7604 const char *brname, const char *ifname) 7605{ 7606 int ifindex; 7607 char in_br[IFNAMSIZ]; 7608 7609 os_strlcpy(bss->brname, brname, IFNAMSIZ); 7610 ifindex = if_nametoindex(brname); 7611 if (ifindex == 0) { 7612 /* 7613 * Bridge was configured, but the bridge device does 7614 * not exist. Try to add it now. 7615 */ 7616 if (linux_br_add(drv->global->ioctl_sock, brname) < 0) { 7617 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 7618 "bridge interface %s: %s", 7619 brname, strerror(errno)); 7620 return -1; 7621 } 7622 bss->added_bridge = 1; 7623 add_ifidx(drv, if_nametoindex(brname)); 7624 } 7625 7626 if (linux_br_get(in_br, ifname) == 0) { 7627 if (os_strcmp(in_br, brname) == 0) 7628 return 0; /* already in the bridge */ 7629 7630 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 7631 "bridge %s", ifname, in_br); 7632 if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) < 7633 0) { 7634 wpa_printf(MSG_ERROR, "nl80211: Failed to " 7635 "remove interface %s from bridge " 7636 "%s: %s", 7637 ifname, brname, strerror(errno)); 7638 return -1; 7639 } 7640 } 7641 7642 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 7643 ifname, brname); 7644 if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) { 7645 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 7646 "into bridge %s: %s", 7647 ifname, brname, strerror(errno)); 7648 return -1; 7649 } 7650 bss->added_if_into_bridge = 1; 7651 7652 return 0; 7653} 7654 7655 7656static void *i802_init(struct hostapd_data *hapd, 7657 struct wpa_init_params *params) 7658{ 7659 struct wpa_driver_nl80211_data *drv; 7660 struct i802_bss *bss; 7661 size_t i; 7662 char brname[IFNAMSIZ]; 7663 int ifindex, br_ifindex; 7664 int br_added = 0; 7665 7666 bss = wpa_driver_nl80211_init(hapd, params->ifname, 7667 params->global_priv); 7668 if (bss == NULL) 7669 return NULL; 7670 7671 drv = bss->drv; 7672 drv->nlmode = NL80211_IFTYPE_AP; 7673 drv->eapol_sock = -1; 7674 7675 if (linux_br_get(brname, params->ifname) == 0) { 7676 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 7677 params->ifname, brname); 7678 br_ifindex = if_nametoindex(brname); 7679 } else { 7680 brname[0] = '\0'; 7681 br_ifindex = 0; 7682 } 7683 7684 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 7685 drv->if_indices = drv->default_if_indices; 7686 for (i = 0; i < params->num_bridge; i++) { 7687 if (params->bridge[i]) { 7688 ifindex = if_nametoindex(params->bridge[i]); 7689 if (ifindex) 7690 add_ifidx(drv, ifindex); 7691 if (ifindex == br_ifindex) 7692 br_added = 1; 7693 } 7694 } 7695 if (!br_added && br_ifindex && 7696 (params->num_bridge == 0 || !params->bridge[0])) 7697 add_ifidx(drv, br_ifindex); 7698 7699 /* start listening for EAPOL on the default AP interface */ 7700 add_ifidx(drv, drv->ifindex); 7701 7702 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0)) 7703 goto failed; 7704 7705 if (params->bssid) { 7706 if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 7707 params->bssid)) 7708 goto failed; 7709 } 7710 7711 if (wpa_driver_nl80211_set_mode(bss, drv->nlmode)) { 7712 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s " 7713 "into AP mode", bss->ifname); 7714 goto failed; 7715 } 7716 7717 if (params->num_bridge && params->bridge[0] && 7718 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0) 7719 goto failed; 7720 7721 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) 7722 goto failed; 7723 7724 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 7725 if (drv->eapol_sock < 0) { 7726 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)"); 7727 goto failed; 7728 } 7729 7730 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 7731 { 7732 printf("Could not register read socket for eapol\n"); 7733 goto failed; 7734 } 7735 7736 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 7737 params->own_addr)) 7738 goto failed; 7739 7740 memcpy(bss->addr, params->own_addr, ETH_ALEN); 7741 7742 return bss; 7743 7744failed: 7745 wpa_driver_nl80211_deinit(bss); 7746 return NULL; 7747} 7748 7749 7750static void i802_deinit(void *priv) 7751{ 7752 wpa_driver_nl80211_deinit(priv); 7753} 7754 7755#endif /* HOSTAPD */ 7756 7757 7758static enum nl80211_iftype wpa_driver_nl80211_if_type( 7759 enum wpa_driver_if_type type) 7760{ 7761 switch (type) { 7762 case WPA_IF_STATION: 7763 return NL80211_IFTYPE_STATION; 7764 case WPA_IF_P2P_CLIENT: 7765 case WPA_IF_P2P_GROUP: 7766 return NL80211_IFTYPE_P2P_CLIENT; 7767 case WPA_IF_AP_VLAN: 7768 return NL80211_IFTYPE_AP_VLAN; 7769 case WPA_IF_AP_BSS: 7770 return NL80211_IFTYPE_AP; 7771 case WPA_IF_P2P_GO: 7772 return NL80211_IFTYPE_P2P_GO; 7773 } 7774 return -1; 7775} 7776 7777 7778#ifdef CONFIG_P2P 7779 7780static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr) 7781{ 7782 struct wpa_driver_nl80211_data *drv; 7783 dl_list_for_each(drv, &global->interfaces, 7784 struct wpa_driver_nl80211_data, list) { 7785 if (os_memcmp(addr, drv->first_bss.addr, ETH_ALEN) == 0) 7786 return 1; 7787 } 7788 return 0; 7789} 7790 7791 7792static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv, 7793 u8 *new_addr) 7794{ 7795 unsigned int idx; 7796 7797 if (!drv->global) 7798 return -1; 7799 7800 os_memcpy(new_addr, drv->first_bss.addr, ETH_ALEN); 7801 for (idx = 0; idx < 64; idx++) { 7802 new_addr[0] = drv->first_bss.addr[0] | 0x02; 7803 new_addr[0] ^= idx << 2; 7804 if (!nl80211_addr_in_use(drv->global, new_addr)) 7805 break; 7806 } 7807 if (idx == 64) 7808 return -1; 7809 7810 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address " 7811 MACSTR, MAC2STR(new_addr)); 7812 7813 return 0; 7814} 7815 7816#endif /* CONFIG_P2P */ 7817 7818 7819static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 7820 const char *ifname, const u8 *addr, 7821 void *bss_ctx, void **drv_priv, 7822 char *force_ifname, u8 *if_addr, 7823 const char *bridge) 7824{ 7825 struct i802_bss *bss = priv; 7826 struct wpa_driver_nl80211_data *drv = bss->drv; 7827 int ifidx; 7828#ifdef HOSTAPD 7829 struct i802_bss *new_bss = NULL; 7830 7831 if (type == WPA_IF_AP_BSS) { 7832 new_bss = os_zalloc(sizeof(*new_bss)); 7833 if (new_bss == NULL) 7834 return -1; 7835 } 7836#endif /* HOSTAPD */ 7837 7838 if (addr) 7839 os_memcpy(if_addr, addr, ETH_ALEN); 7840 ifidx = nl80211_create_iface(drv, ifname, 7841 wpa_driver_nl80211_if_type(type), addr, 7842 0); 7843 if (ifidx < 0) { 7844#ifdef HOSTAPD 7845 os_free(new_bss); 7846#endif /* HOSTAPD */ 7847 return -1; 7848 } 7849 7850 if (!addr && 7851 linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 7852 if_addr) < 0) { 7853 nl80211_remove_iface(drv, ifidx); 7854 return -1; 7855 } 7856 7857#ifdef CONFIG_P2P 7858 if (!addr && 7859 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP || 7860 type == WPA_IF_P2P_GO)) { 7861 /* Enforce unique P2P Interface Address */ 7862 u8 new_addr[ETH_ALEN], own_addr[ETH_ALEN]; 7863 7864 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 7865 own_addr) < 0 || 7866 linux_get_ifhwaddr(drv->global->ioctl_sock, ifname, 7867 new_addr) < 0) { 7868 nl80211_remove_iface(drv, ifidx); 7869 return -1; 7870 } 7871 if (os_memcmp(own_addr, new_addr, ETH_ALEN) == 0) { 7872 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address " 7873 "for P2P group interface"); 7874 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) { 7875 nl80211_remove_iface(drv, ifidx); 7876 return -1; 7877 } 7878 if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 7879 new_addr) < 0) { 7880 nl80211_remove_iface(drv, ifidx); 7881 return -1; 7882 } 7883 } 7884 os_memcpy(if_addr, new_addr, ETH_ALEN); 7885 } 7886#endif /* CONFIG_P2P */ 7887 7888#ifdef HOSTAPD 7889 if (bridge && 7890 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) { 7891 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new " 7892 "interface %s to a bridge %s", ifname, bridge); 7893 nl80211_remove_iface(drv, ifidx); 7894 os_free(new_bss); 7895 return -1; 7896 } 7897 7898 if (type == WPA_IF_AP_BSS) { 7899 if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1)) 7900 { 7901 nl80211_remove_iface(drv, ifidx); 7902 os_free(new_bss); 7903 return -1; 7904 } 7905 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 7906 os_memcpy(new_bss->addr, if_addr, ETH_ALEN); 7907 new_bss->ifindex = ifidx; 7908 new_bss->drv = drv; 7909 new_bss->next = drv->first_bss.next; 7910 new_bss->freq = drv->first_bss.freq; 7911 drv->first_bss.next = new_bss; 7912 if (drv_priv) 7913 *drv_priv = new_bss; 7914 nl80211_init_bss(new_bss); 7915 7916 /* Subscribe management frames for this WPA_IF_AP_BSS */ 7917 if (nl80211_setup_ap(new_bss)) 7918 return -1; 7919 } 7920#endif /* HOSTAPD */ 7921 7922 if (drv->global) 7923 drv->global->if_add_ifindex = ifidx; 7924 7925 return 0; 7926} 7927 7928 7929static int wpa_driver_nl80211_if_remove(void *priv, 7930 enum wpa_driver_if_type type, 7931 const char *ifname) 7932{ 7933 struct i802_bss *bss = priv; 7934 struct wpa_driver_nl80211_data *drv = bss->drv; 7935 int ifindex = if_nametoindex(ifname); 7936 7937 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d", 7938 __func__, type, ifname, ifindex); 7939 if (ifindex <= 0) 7940 return -1; 7941 7942#ifdef HOSTAPD 7943 if (bss->added_if_into_bridge) { 7944 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 7945 bss->ifname) < 0) 7946 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 7947 "interface %s from bridge %s: %s", 7948 bss->ifname, bss->brname, strerror(errno)); 7949 } 7950 if (bss->added_bridge) { 7951 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 7952 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 7953 "bridge %s: %s", 7954 bss->brname, strerror(errno)); 7955 } 7956#endif /* HOSTAPD */ 7957 7958 nl80211_remove_iface(drv, ifindex); 7959 7960#ifdef HOSTAPD 7961 if (type != WPA_IF_AP_BSS) 7962 return 0; 7963 7964 if (bss != &drv->first_bss) { 7965 struct i802_bss *tbss; 7966 7967 for (tbss = &drv->first_bss; tbss; tbss = tbss->next) { 7968 if (tbss->next == bss) { 7969 tbss->next = bss->next; 7970 /* Unsubscribe management frames */ 7971 nl80211_teardown_ap(bss); 7972 nl80211_destroy_bss(bss); 7973 os_free(bss); 7974 bss = NULL; 7975 break; 7976 } 7977 } 7978 if (bss) 7979 wpa_printf(MSG_INFO, "nl80211: %s - could not find " 7980 "BSS %p in the list", __func__, bss); 7981 } 7982#endif /* HOSTAPD */ 7983 7984 return 0; 7985} 7986 7987 7988static int cookie_handler(struct nl_msg *msg, void *arg) 7989{ 7990 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 7991 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 7992 u64 *cookie = arg; 7993 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 7994 genlmsg_attrlen(gnlh, 0), NULL); 7995 if (tb[NL80211_ATTR_COOKIE]) 7996 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 7997 return NL_SKIP; 7998} 7999 8000 8001static int nl80211_send_frame_cmd(struct i802_bss *bss, 8002 unsigned int freq, unsigned int wait, 8003 const u8 *buf, size_t buf_len, 8004 u64 *cookie_out, int no_cck, int no_ack, 8005 int offchanok) 8006{ 8007 struct wpa_driver_nl80211_data *drv = bss->drv; 8008 struct nl_msg *msg; 8009 u64 cookie; 8010 int ret = -1; 8011 8012 msg = nlmsg_alloc(); 8013 if (!msg) 8014 return -1; 8015 8016 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME); 8017 8018 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 8019 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 8020#ifndef ANDROID_P2P 8021 if (wait) 8022 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait); 8023#endif 8024 if (offchanok && (drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX)) 8025 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 8026 if (no_cck) 8027 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 8028 if (no_ack) 8029 NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK); 8030 8031 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf); 8032 8033 cookie = 0; 8034 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 8035 msg = NULL; 8036 if (ret) { 8037 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d " 8038 "(%s) (freq=%u wait=%u)", ret, strerror(-ret), 8039 freq, wait); 8040 goto nla_put_failure; 8041 } 8042 wpa_printf(MSG_DEBUG, "nl80211: Frame TX command accepted%s; " 8043 "cookie 0x%llx", no_ack ? " (no ACK)" : "", 8044 (long long unsigned int) cookie); 8045 8046 if (cookie_out) 8047 *cookie_out = no_ack ? (u64) -1 : cookie; 8048 8049nla_put_failure: 8050 nlmsg_free(msg); 8051 return ret; 8052} 8053 8054 8055static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq, 8056 unsigned int wait_time, 8057 const u8 *dst, const u8 *src, 8058 const u8 *bssid, 8059 const u8 *data, size_t data_len, 8060 int no_cck) 8061{ 8062 struct i802_bss *bss = priv; 8063 struct wpa_driver_nl80211_data *drv = bss->drv; 8064 int ret = -1; 8065 u8 *buf; 8066 struct ieee80211_hdr *hdr; 8067 8068 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, " 8069 "freq=%u MHz wait=%d ms no_cck=%d)", 8070 drv->ifindex, freq, wait_time, no_cck); 8071 8072 buf = os_zalloc(24 + data_len); 8073 if (buf == NULL) 8074 return ret; 8075 os_memcpy(buf + 24, data, data_len); 8076 hdr = (struct ieee80211_hdr *) buf; 8077 hdr->frame_control = 8078 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 8079 os_memcpy(hdr->addr1, dst, ETH_ALEN); 8080 os_memcpy(hdr->addr2, src, ETH_ALEN); 8081 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 8082 8083 if (is_ap_interface(drv->nlmode)) 8084 ret = wpa_driver_nl80211_send_mlme_freq(priv, buf, 8085 24 + data_len, 8086 0, freq, no_cck, 1, 8087 wait_time); 8088 else 8089 ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf, 8090 24 + data_len, 8091 &drv->send_action_cookie, 8092 no_cck, 0, 1); 8093 8094 os_free(buf); 8095 return ret; 8096} 8097 8098 8099static void wpa_driver_nl80211_send_action_cancel_wait(void *priv) 8100{ 8101 struct i802_bss *bss = priv; 8102 struct wpa_driver_nl80211_data *drv = bss->drv; 8103 struct nl_msg *msg; 8104 int ret; 8105 8106 msg = nlmsg_alloc(); 8107 if (!msg) 8108 return; 8109 8110 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL); 8111 8112 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8113 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie); 8114 8115 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8116 msg = NULL; 8117 if (ret) 8118 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d " 8119 "(%s)", ret, strerror(-ret)); 8120 8121 nla_put_failure: 8122 nlmsg_free(msg); 8123} 8124 8125 8126static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 8127 unsigned int duration) 8128{ 8129 struct i802_bss *bss = priv; 8130 struct wpa_driver_nl80211_data *drv = bss->drv; 8131 struct nl_msg *msg; 8132 int ret; 8133 u64 cookie; 8134 8135 msg = nlmsg_alloc(); 8136 if (!msg) 8137 return -1; 8138 8139 nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL); 8140 8141 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8142 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 8143 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 8144 8145 cookie = 0; 8146 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 8147 msg = NULL; 8148 if (ret == 0) { 8149 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 8150 "0x%llx for freq=%u MHz duration=%u", 8151 (long long unsigned int) cookie, freq, duration); 8152 drv->remain_on_chan_cookie = cookie; 8153 drv->pending_remain_on_chan = 1; 8154 return 0; 8155 } 8156 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 8157 "(freq=%d duration=%u): %d (%s)", 8158 freq, duration, ret, strerror(-ret)); 8159nla_put_failure: 8160 nlmsg_free(msg); 8161 return -1; 8162} 8163 8164 8165static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 8166{ 8167 struct i802_bss *bss = priv; 8168 struct wpa_driver_nl80211_data *drv = bss->drv; 8169 struct nl_msg *msg; 8170 int ret; 8171 8172 if (!drv->pending_remain_on_chan) { 8173 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 8174 "to cancel"); 8175 return -1; 8176 } 8177 8178 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 8179 "0x%llx", 8180 (long long unsigned int) drv->remain_on_chan_cookie); 8181 8182 msg = nlmsg_alloc(); 8183 if (!msg) 8184 return -1; 8185 8186 nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL); 8187 8188 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8189 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 8190 8191 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8192 msg = NULL; 8193 if (ret == 0) 8194 return 0; 8195 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 8196 "%d (%s)", ret, strerror(-ret)); 8197nla_put_failure: 8198 nlmsg_free(msg); 8199 return -1; 8200} 8201 8202 8203static int wpa_driver_nl80211_probe_req_report(void *priv, int report) 8204{ 8205 struct i802_bss *bss = priv; 8206 struct wpa_driver_nl80211_data *drv = bss->drv; 8207 8208 if (!report) { 8209 if (bss->nl_preq && drv->device_ap_sme && 8210 is_ap_interface(drv->nlmode)) { 8211 /* 8212 * Do not disable Probe Request reporting that was 8213 * enabled in nl80211_setup_ap(). 8214 */ 8215 wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of " 8216 "Probe Request reporting nl_preq=%p while " 8217 "in AP mode", bss->nl_preq); 8218 } else if (bss->nl_preq) { 8219 wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request " 8220 "reporting nl_preq=%p", bss->nl_preq); 8221 eloop_unregister_read_sock( 8222 nl_socket_get_fd(bss->nl_preq)); 8223 nl_destroy_handles(&bss->nl_preq); 8224 } 8225 return 0; 8226 } 8227 8228 if (bss->nl_preq) { 8229 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting " 8230 "already on! nl_preq=%p", bss->nl_preq); 8231 return 0; 8232 } 8233 8234 bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq"); 8235 if (bss->nl_preq == NULL) 8236 return -1; 8237 wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request " 8238 "reporting nl_preq=%p", bss->nl_preq); 8239 8240 if (nl80211_register_frame(bss, bss->nl_preq, 8241 (WLAN_FC_TYPE_MGMT << 2) | 8242 (WLAN_FC_STYPE_PROBE_REQ << 4), 8243 NULL, 0) < 0) 8244 goto out_err; 8245#ifdef ANDROID_P2P 8246 if (drv->nlmode != NL80211_IFTYPE_AP && 8247 drv->nlmode != NL80211_IFTYPE_P2P_GO) { 8248 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only " 8249 "allowed in AP or P2P GO mode (iftype=%d)", 8250 drv->nlmode); 8251 goto done; 8252 } 8253 if (nl80211_register_frame(bss, bss->nl_preq, 8254 (WLAN_FC_TYPE_MGMT << 2) | 8255 (WLAN_FC_STYPE_ASSOC_REQ << 4), 8256 NULL, 0) < 0) { 8257 goto out_err; 8258 } 8259 8260 if (nl80211_register_frame(bss, bss->nl_preq, 8261 (WLAN_FC_TYPE_MGMT << 2) | 8262 (WLAN_FC_STYPE_REASSOC_REQ << 4), 8263 NULL, 0) < 0) { 8264 goto out_err; 8265 } 8266 8267 if (nl80211_register_frame(bss, bss->nl_preq, 8268 (WLAN_FC_TYPE_MGMT << 2) | 8269 (WLAN_FC_STYPE_DISASSOC << 4), 8270 NULL, 0) < 0) { 8271 goto out_err; 8272 } 8273 8274 if (nl80211_register_frame(bss, bss->nl_preq, 8275 (WLAN_FC_TYPE_MGMT << 2) | 8276 (WLAN_FC_STYPE_DEAUTH << 4), 8277 NULL, 0) < 0) { 8278 goto out_err; 8279 } 8280 8281 if (nl80211_register_frame(bss, bss->nl_preq, 8282 (WLAN_FC_TYPE_MGMT << 2) | 8283 (WLAN_FC_STYPE_ACTION << 4), 8284 NULL, 0) < 0) { 8285 goto out_err; 8286 } 8287 8288done: 8289#endif /* ANDROID_P2P */ 8290 eloop_register_read_sock(nl_socket_get_fd(bss->nl_preq), 8291 wpa_driver_nl80211_event_receive, bss->nl_cb, 8292 bss->nl_preq); 8293 8294 return 0; 8295 8296 out_err: 8297 nl_destroy_handles(&bss->nl_preq); 8298 return -1; 8299} 8300 8301 8302static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 8303 int ifindex, int disabled) 8304{ 8305 struct nl_msg *msg; 8306 struct nlattr *bands, *band; 8307 int ret; 8308 8309 msg = nlmsg_alloc(); 8310 if (!msg) 8311 return -1; 8312 8313 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK); 8314 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 8315 8316 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 8317 if (!bands) 8318 goto nla_put_failure; 8319 8320 /* 8321 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 8322 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 8323 * rates. All 5 GHz rates are left enabled. 8324 */ 8325 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 8326 if (!band) 8327 goto nla_put_failure; 8328 if (disabled) { 8329 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 8330 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 8331 } 8332 nla_nest_end(msg, band); 8333 8334 nla_nest_end(msg, bands); 8335 8336 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8337 msg = NULL; 8338 if (ret) { 8339 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 8340 "(%s)", ret, strerror(-ret)); 8341 } 8342 8343 return ret; 8344 8345nla_put_failure: 8346 nlmsg_free(msg); 8347 return -1; 8348} 8349 8350 8351static int wpa_driver_nl80211_deinit_ap(void *priv) 8352{ 8353 struct i802_bss *bss = priv; 8354 struct wpa_driver_nl80211_data *drv = bss->drv; 8355 if (!is_ap_interface(drv->nlmode)) 8356 return -1; 8357 wpa_driver_nl80211_del_beacon(drv); 8358 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 8359} 8360 8361 8362static void wpa_driver_nl80211_resume(void *priv) 8363{ 8364 struct i802_bss *bss = priv; 8365 struct wpa_driver_nl80211_data *drv = bss->drv; 8366 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) { 8367 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on " 8368 "resume event"); 8369 } 8370} 8371 8372 8373static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 8374 const u8 *ies, size_t ies_len) 8375{ 8376 struct i802_bss *bss = priv; 8377 struct wpa_driver_nl80211_data *drv = bss->drv; 8378 int ret; 8379 u8 *data, *pos; 8380 size_t data_len; 8381 const u8 *own_addr = bss->addr; 8382 8383 if (action != 1) { 8384 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 8385 "action %d", action); 8386 return -1; 8387 } 8388 8389 /* 8390 * Action frame payload: 8391 * Category[1] = 6 (Fast BSS Transition) 8392 * Action[1] = 1 (Fast BSS Transition Request) 8393 * STA Address 8394 * Target AP Address 8395 * FT IEs 8396 */ 8397 8398 data_len = 2 + 2 * ETH_ALEN + ies_len; 8399 data = os_malloc(data_len); 8400 if (data == NULL) 8401 return -1; 8402 pos = data; 8403 *pos++ = 0x06; /* FT Action category */ 8404 *pos++ = action; 8405 os_memcpy(pos, own_addr, ETH_ALEN); 8406 pos += ETH_ALEN; 8407 os_memcpy(pos, target_ap, ETH_ALEN); 8408 pos += ETH_ALEN; 8409 os_memcpy(pos, ies, ies_len); 8410 8411 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0, 8412 drv->bssid, own_addr, drv->bssid, 8413 data, data_len, 0); 8414 os_free(data); 8415 8416 return ret; 8417} 8418 8419 8420static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 8421{ 8422 struct i802_bss *bss = priv; 8423 struct wpa_driver_nl80211_data *drv = bss->drv; 8424 struct nl_msg *msg, *cqm = NULL; 8425 8426 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 8427 "hysteresis=%d", threshold, hysteresis); 8428 8429 msg = nlmsg_alloc(); 8430 if (!msg) 8431 return -1; 8432 8433 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM); 8434 8435 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 8436 8437 cqm = nlmsg_alloc(); 8438 if (cqm == NULL) 8439 return -1; 8440 8441 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 8442 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 8443 nla_put_nested(msg, NL80211_ATTR_CQM, cqm); 8444 8445 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 8446 return 0; 8447 msg = NULL; 8448 8449nla_put_failure: 8450 nlmsg_free(cqm); 8451 nlmsg_free(msg); 8452 return -1; 8453} 8454 8455 8456static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si) 8457{ 8458 struct i802_bss *bss = priv; 8459 struct wpa_driver_nl80211_data *drv = bss->drv; 8460 int res; 8461 8462 os_memset(si, 0, sizeof(*si)); 8463 res = nl80211_get_link_signal(drv, si); 8464 if (res != 0) 8465 return res; 8466 8467 return nl80211_get_link_noise(drv, si); 8468} 8469 8470 8471static int wpa_driver_nl80211_shared_freq(void *priv) 8472{ 8473 struct i802_bss *bss = priv; 8474 struct wpa_driver_nl80211_data *drv = bss->drv; 8475 struct wpa_driver_nl80211_data *driver; 8476 int freq = 0; 8477 8478 /* 8479 * If the same PHY is in connected state with some other interface, 8480 * then retrieve the assoc freq. 8481 */ 8482 wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s", 8483 drv->phyname); 8484 8485 dl_list_for_each(driver, &drv->global->interfaces, 8486 struct wpa_driver_nl80211_data, list) { 8487 if (drv == driver || 8488 os_strcmp(drv->phyname, driver->phyname) != 0 || 8489#ifdef ANDROID_P2P 8490 (!driver->associated && !is_ap_interface(driver->nlmode))) 8491#else 8492 !driver->associated) 8493#endif 8494 continue; 8495 8496 wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s " 8497 MACSTR, 8498 driver->phyname, driver->first_bss.ifname, 8499 MAC2STR(driver->first_bss.addr)); 8500#ifdef ANDROID_P2P 8501 if(is_ap_interface(driver->nlmode)) 8502 freq = driver->first_bss.freq; 8503 else 8504#endif 8505 freq = nl80211_get_assoc_freq(driver); 8506 wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d", 8507 drv->phyname, freq); 8508 } 8509 8510 if (!freq) 8511 wpa_printf(MSG_DEBUG, "nl80211: No shared interface for " 8512 "PHY (%s) in associated state", drv->phyname); 8513 8514 return freq; 8515} 8516 8517 8518static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 8519 int encrypt) 8520{ 8521 struct i802_bss *bss = priv; 8522 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0, 8523 0, 0, 0, 0); 8524} 8525 8526 8527static int nl80211_set_param(void *priv, const char *param) 8528{ 8529 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param); 8530 if (param == NULL) 8531 return 0; 8532 8533#ifdef CONFIG_P2P 8534 if (os_strstr(param, "use_p2p_group_interface=1")) { 8535 struct i802_bss *bss = priv; 8536 struct wpa_driver_nl80211_data *drv = bss->drv; 8537 8538 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 8539 "interface"); 8540 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 8541 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 8542 } 8543#ifdef ANDROID_P2P 8544 if(os_strstr(param, "use_multi_chan_concurrent=1")) { 8545 struct i802_bss *bss = priv; 8546 struct wpa_driver_nl80211_data *drv = bss->drv; 8547 wpa_printf(MSG_DEBUG, "nl80211: Use Multi channel " 8548 "concurrency"); 8549 drv->capa.flags |= WPA_DRIVER_FLAGS_MULTI_CHANNEL_CONCURRENT; 8550 } 8551#endif 8552#endif /* CONFIG_P2P */ 8553 8554 return 0; 8555} 8556 8557 8558static void * nl80211_global_init(void) 8559{ 8560 struct nl80211_global *global; 8561 struct netlink_config *cfg; 8562 8563 global = os_zalloc(sizeof(*global)); 8564 if (global == NULL) 8565 return NULL; 8566 global->ioctl_sock = -1; 8567 dl_list_init(&global->interfaces); 8568 global->if_add_ifindex = -1; 8569 8570 cfg = os_zalloc(sizeof(*cfg)); 8571 if (cfg == NULL) 8572 goto err; 8573 8574 cfg->ctx = global; 8575 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 8576 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 8577 global->netlink = netlink_init(cfg); 8578 if (global->netlink == NULL) { 8579 os_free(cfg); 8580 goto err; 8581 } 8582 8583 if (wpa_driver_nl80211_init_nl_global(global) < 0) 8584 goto err; 8585 8586 global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 8587 if (global->ioctl_sock < 0) { 8588 perror("socket(PF_INET,SOCK_DGRAM)"); 8589 goto err; 8590 } 8591 8592 return global; 8593 8594err: 8595 nl80211_global_deinit(global); 8596 return NULL; 8597} 8598 8599 8600static void nl80211_global_deinit(void *priv) 8601{ 8602 struct nl80211_global *global = priv; 8603 if (global == NULL) 8604 return; 8605 if (!dl_list_empty(&global->interfaces)) { 8606 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at " 8607 "nl80211_global_deinit", 8608 dl_list_len(&global->interfaces)); 8609 } 8610 8611 if (global->netlink) 8612 netlink_deinit(global->netlink); 8613 8614 nl_destroy_handles(&global->nl); 8615 8616 if (global->nl_event) { 8617 eloop_unregister_read_sock( 8618 nl_socket_get_fd(global->nl_event)); 8619 nl_destroy_handles(&global->nl_event); 8620 } 8621 8622 nl_cb_put(global->nl_cb); 8623 8624 if (global->ioctl_sock >= 0) 8625 close(global->ioctl_sock); 8626 8627 os_free(global); 8628} 8629 8630 8631static const char * nl80211_get_radio_name(void *priv) 8632{ 8633 struct i802_bss *bss = priv; 8634 struct wpa_driver_nl80211_data *drv = bss->drv; 8635 return drv->phyname; 8636} 8637 8638 8639static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid, 8640 const u8 *pmkid) 8641{ 8642 struct nl_msg *msg; 8643 8644 msg = nlmsg_alloc(); 8645 if (!msg) 8646 return -ENOMEM; 8647 8648 nl80211_cmd(bss->drv, msg, 0, cmd); 8649 8650 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 8651 if (pmkid) 8652 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid); 8653 if (bssid) 8654 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 8655 8656 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 8657 nla_put_failure: 8658 nlmsg_free(msg); 8659 return -ENOBUFS; 8660} 8661 8662 8663static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 8664{ 8665 struct i802_bss *bss = priv; 8666 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid)); 8667 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid); 8668} 8669 8670 8671static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 8672{ 8673 struct i802_bss *bss = priv; 8674 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR, 8675 MAC2STR(bssid)); 8676 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid); 8677} 8678 8679 8680static int nl80211_flush_pmkid(void *priv) 8681{ 8682 struct i802_bss *bss = priv; 8683 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs"); 8684 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL); 8685} 8686 8687 8688static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck, 8689 const u8 *replay_ctr) 8690{ 8691 struct i802_bss *bss = priv; 8692 struct wpa_driver_nl80211_data *drv = bss->drv; 8693 struct nlattr *replay_nested; 8694 struct nl_msg *msg; 8695 8696 msg = nlmsg_alloc(); 8697 if (!msg) 8698 return; 8699 8700 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 8701 8702 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 8703 8704 replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 8705 if (!replay_nested) 8706 goto nla_put_failure; 8707 8708 NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek); 8709 NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck); 8710 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN, 8711 replay_ctr); 8712 8713 nla_nest_end(msg, replay_nested); 8714 8715 send_and_recv_msgs(drv, msg, NULL, NULL); 8716 return; 8717 nla_put_failure: 8718 nlmsg_free(msg); 8719} 8720 8721 8722static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr, 8723 const u8 *addr, int qos) 8724{ 8725 /* send data frame to poll STA and check whether 8726 * this frame is ACKed */ 8727 struct { 8728 struct ieee80211_hdr hdr; 8729 u16 qos_ctl; 8730 } STRUCT_PACKED nulldata; 8731 size_t size; 8732 8733 /* Send data frame to poll STA and check whether this frame is ACKed */ 8734 8735 os_memset(&nulldata, 0, sizeof(nulldata)); 8736 8737 if (qos) { 8738 nulldata.hdr.frame_control = 8739 IEEE80211_FC(WLAN_FC_TYPE_DATA, 8740 WLAN_FC_STYPE_QOS_NULL); 8741 size = sizeof(nulldata); 8742 } else { 8743 nulldata.hdr.frame_control = 8744 IEEE80211_FC(WLAN_FC_TYPE_DATA, 8745 WLAN_FC_STYPE_NULLFUNC); 8746 size = sizeof(struct ieee80211_hdr); 8747 } 8748 8749 nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS); 8750 os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN); 8751 os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 8752 os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 8753 8754 if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0) < 0) 8755 wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to " 8756 "send poll frame"); 8757} 8758 8759static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr, 8760 int qos) 8761{ 8762 struct i802_bss *bss = priv; 8763 struct wpa_driver_nl80211_data *drv = bss->drv; 8764 struct nl_msg *msg; 8765 8766 if (!drv->poll_command_supported) { 8767 nl80211_send_null_frame(bss, own_addr, addr, qos); 8768 return; 8769 } 8770 8771 msg = nlmsg_alloc(); 8772 if (!msg) 8773 return; 8774 8775 nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT); 8776 8777 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 8778 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8779 8780 send_and_recv_msgs(drv, msg, NULL, NULL); 8781 return; 8782 nla_put_failure: 8783 nlmsg_free(msg); 8784} 8785 8786 8787static int nl80211_set_power_save(struct i802_bss *bss, int enabled) 8788{ 8789 struct nl_msg *msg; 8790 8791 msg = nlmsg_alloc(); 8792 if (!msg) 8793 return -ENOMEM; 8794 8795 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_SET_POWER_SAVE); 8796 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 8797 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, 8798 enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED); 8799 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 8800nla_put_failure: 8801 nlmsg_free(msg); 8802 return -ENOBUFS; 8803} 8804 8805 8806static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps, 8807 int ctwindow) 8808{ 8809 struct i802_bss *bss = priv; 8810 8811 wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d " 8812 "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow); 8813 8814 if (opp_ps != -1 || ctwindow != -1) 8815#ifdef ANDROID_P2P 8816 wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow); 8817#else 8818 return -1; /* Not yet supported */ 8819#endif 8820 8821 if (legacy_ps == -1) 8822 return 0; 8823 if (legacy_ps != 0 && legacy_ps != 1) 8824 return -1; /* Not yet supported */ 8825 8826 return nl80211_set_power_save(bss, legacy_ps); 8827} 8828 8829 8830#ifdef CONFIG_TDLS 8831 8832static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code, 8833 u8 dialog_token, u16 status_code, 8834 const u8 *buf, size_t len) 8835{ 8836 struct i802_bss *bss = priv; 8837 struct wpa_driver_nl80211_data *drv = bss->drv; 8838 struct nl_msg *msg; 8839 8840 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 8841 return -EOPNOTSUPP; 8842 8843 if (!dst) 8844 return -EINVAL; 8845 8846 msg = nlmsg_alloc(); 8847 if (!msg) 8848 return -ENOMEM; 8849 8850 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT); 8851 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8852 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 8853 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code); 8854 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token); 8855 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code); 8856 NLA_PUT(msg, NL80211_ATTR_IE, len, buf); 8857 8858 return send_and_recv_msgs(drv, msg, NULL, NULL); 8859 8860nla_put_failure: 8861 nlmsg_free(msg); 8862 return -ENOBUFS; 8863} 8864 8865 8866static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer) 8867{ 8868 struct i802_bss *bss = priv; 8869 struct wpa_driver_nl80211_data *drv = bss->drv; 8870 struct nl_msg *msg; 8871 enum nl80211_tdls_operation nl80211_oper; 8872 8873 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 8874 return -EOPNOTSUPP; 8875 8876 switch (oper) { 8877 case TDLS_DISCOVERY_REQ: 8878 nl80211_oper = NL80211_TDLS_DISCOVERY_REQ; 8879 break; 8880 case TDLS_SETUP: 8881 nl80211_oper = NL80211_TDLS_SETUP; 8882 break; 8883 case TDLS_TEARDOWN: 8884 nl80211_oper = NL80211_TDLS_TEARDOWN; 8885 break; 8886 case TDLS_ENABLE_LINK: 8887 nl80211_oper = NL80211_TDLS_ENABLE_LINK; 8888 break; 8889 case TDLS_DISABLE_LINK: 8890 nl80211_oper = NL80211_TDLS_DISABLE_LINK; 8891 break; 8892 case TDLS_ENABLE: 8893 return 0; 8894 case TDLS_DISABLE: 8895 return 0; 8896 default: 8897 return -EINVAL; 8898 } 8899 8900 msg = nlmsg_alloc(); 8901 if (!msg) 8902 return -ENOMEM; 8903 8904 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER); 8905 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper); 8906 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8907 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer); 8908 8909 return send_and_recv_msgs(drv, msg, NULL, NULL); 8910 8911nla_put_failure: 8912 nlmsg_free(msg); 8913 return -ENOBUFS; 8914} 8915 8916#endif /* CONFIG TDLS */ 8917 8918 8919#ifdef ANDROID 8920 8921typedef struct android_wifi_priv_cmd { 8922 char *buf; 8923 int used_len; 8924 int total_len; 8925} android_wifi_priv_cmd; 8926 8927static int drv_errors = 0; 8928 8929static void wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data *drv) 8930{ 8931 drv_errors++; 8932 if (drv_errors > DRV_NUMBER_SEQUENTIAL_ERRORS) { 8933 drv_errors = 0; 8934 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED"); 8935 } 8936} 8937 8938 8939static int android_priv_cmd(struct i802_bss *bss, const char *cmd) 8940{ 8941 struct wpa_driver_nl80211_data *drv = bss->drv; 8942 struct ifreq ifr; 8943 android_wifi_priv_cmd priv_cmd; 8944 char buf[MAX_DRV_CMD_SIZE]; 8945 int ret; 8946 8947 os_memset(&ifr, 0, sizeof(ifr)); 8948 os_memset(&priv_cmd, 0, sizeof(priv_cmd)); 8949 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 8950 8951 os_memset(buf, 0, sizeof(buf)); 8952 os_strlcpy(buf, cmd, sizeof(buf)); 8953 8954 priv_cmd.buf = buf; 8955 priv_cmd.used_len = sizeof(buf); 8956 priv_cmd.total_len = sizeof(buf); 8957 ifr.ifr_data = &priv_cmd; 8958 8959 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 8960 if (ret < 0) { 8961 wpa_printf(MSG_ERROR, "%s: failed to issue private commands", 8962 __func__); 8963 wpa_driver_send_hang_msg(drv); 8964 return ret; 8965 } 8966 8967 drv_errors = 0; 8968 return 0; 8969} 8970 8971 8972static int android_pno_start(struct i802_bss *bss, 8973 struct wpa_driver_scan_params *params) 8974{ 8975 struct wpa_driver_nl80211_data *drv = bss->drv; 8976 struct ifreq ifr; 8977 android_wifi_priv_cmd priv_cmd; 8978 int ret = 0, i = 0, bp; 8979 char buf[WEXT_PNO_MAX_COMMAND_SIZE]; 8980 8981 bp = WEXT_PNOSETUP_HEADER_SIZE; 8982 os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp); 8983 buf[bp++] = WEXT_PNO_TLV_PREFIX; 8984 buf[bp++] = WEXT_PNO_TLV_VERSION; 8985 buf[bp++] = WEXT_PNO_TLV_SUBVERSION; 8986 buf[bp++] = WEXT_PNO_TLV_RESERVED; 8987 8988 while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) { 8989 /* Check that there is enough space needed for 1 more SSID, the 8990 * other sections and null termination */ 8991 if ((bp + WEXT_PNO_SSID_HEADER_SIZE + MAX_SSID_LEN + 8992 WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf)) 8993 break; 8994 wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan", 8995 params->ssids[i].ssid, 8996 params->ssids[i].ssid_len); 8997 buf[bp++] = WEXT_PNO_SSID_SECTION; 8998 buf[bp++] = params->ssids[i].ssid_len; 8999 os_memcpy(&buf[bp], params->ssids[i].ssid, 9000 params->ssids[i].ssid_len); 9001 bp += params->ssids[i].ssid_len; 9002 i++; 9003 } 9004 9005 buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION; 9006 os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x", 9007 WEXT_PNO_SCAN_INTERVAL); 9008 bp += WEXT_PNO_SCAN_INTERVAL_LENGTH; 9009 9010 buf[bp++] = WEXT_PNO_REPEAT_SECTION; 9011 os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x", 9012 WEXT_PNO_REPEAT); 9013 bp += WEXT_PNO_REPEAT_LENGTH; 9014 9015 buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION; 9016 os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x", 9017 WEXT_PNO_MAX_REPEAT); 9018 bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1; 9019 9020 memset(&ifr, 0, sizeof(ifr)); 9021 memset(&priv_cmd, 0, sizeof(priv_cmd)); 9022 os_strncpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 9023 9024 priv_cmd.buf = buf; 9025 priv_cmd.used_len = bp; 9026 priv_cmd.total_len = bp; 9027 ifr.ifr_data = &priv_cmd; 9028 9029 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 9030 9031 if (ret < 0) { 9032 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d", 9033 ret); 9034 wpa_driver_send_hang_msg(drv); 9035 return ret; 9036 } 9037 9038 drv_errors = 0; 9039 9040 return android_priv_cmd(bss, "PNOFORCE 1"); 9041} 9042 9043 9044static int android_pno_stop(struct i802_bss *bss) 9045{ 9046 return android_priv_cmd(bss, "PNOFORCE 0"); 9047} 9048 9049#endif /* ANDROID */ 9050 9051 9052const struct wpa_driver_ops wpa_driver_nl80211_ops = { 9053 .name = "nl80211", 9054 .desc = "Linux nl80211/cfg80211", 9055 .get_bssid = wpa_driver_nl80211_get_bssid, 9056 .get_ssid = wpa_driver_nl80211_get_ssid, 9057 .set_key = wpa_driver_nl80211_set_key, 9058 .scan2 = wpa_driver_nl80211_scan, 9059 .sched_scan = wpa_driver_nl80211_sched_scan, 9060 .stop_sched_scan = wpa_driver_nl80211_stop_sched_scan, 9061 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 9062 .deauthenticate = wpa_driver_nl80211_deauthenticate, 9063 .disassociate = wpa_driver_nl80211_disassociate, 9064 .authenticate = wpa_driver_nl80211_authenticate, 9065 .associate = wpa_driver_nl80211_associate, 9066 .global_init = nl80211_global_init, 9067 .global_deinit = nl80211_global_deinit, 9068 .init2 = wpa_driver_nl80211_init, 9069 .deinit = wpa_driver_nl80211_deinit, 9070 .get_capa = wpa_driver_nl80211_get_capa, 9071 .set_operstate = wpa_driver_nl80211_set_operstate, 9072 .set_supp_port = wpa_driver_nl80211_set_supp_port, 9073 .set_country = wpa_driver_nl80211_set_country, 9074 .set_ap = wpa_driver_nl80211_set_ap, 9075 .if_add = wpa_driver_nl80211_if_add, 9076 .if_remove = wpa_driver_nl80211_if_remove, 9077 .send_mlme = wpa_driver_nl80211_send_mlme, 9078 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 9079 .sta_add = wpa_driver_nl80211_sta_add, 9080 .sta_remove = wpa_driver_nl80211_sta_remove, 9081 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 9082 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 9083#ifdef HOSTAPD 9084 .hapd_init = i802_init, 9085 .hapd_deinit = i802_deinit, 9086 .set_wds_sta = i802_set_wds_sta, 9087#endif /* HOSTAPD */ 9088#if defined(HOSTAPD) || defined(CONFIG_AP) 9089 .get_seqnum = i802_get_seqnum, 9090 .flush = i802_flush, 9091 .read_sta_data = i802_read_sta_data, 9092 .get_inact_sec = i802_get_inact_sec, 9093 .sta_clear_stats = i802_sta_clear_stats, 9094 .set_rts = i802_set_rts, 9095 .set_frag = i802_set_frag, 9096 .set_tx_queue_params = i802_set_tx_queue_params, 9097 .set_sta_vlan = i802_set_sta_vlan, 9098 .sta_deauth = i802_sta_deauth, 9099 .sta_disassoc = i802_sta_disassoc, 9100#endif /* HOSTAPD || CONFIG_AP */ 9101 .set_freq = i802_set_freq, 9102 .send_action = wpa_driver_nl80211_send_action, 9103 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait, 9104 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 9105 .cancel_remain_on_channel = 9106 wpa_driver_nl80211_cancel_remain_on_channel, 9107 .probe_req_report = wpa_driver_nl80211_probe_req_report, 9108 .deinit_ap = wpa_driver_nl80211_deinit_ap, 9109 .resume = wpa_driver_nl80211_resume, 9110 .send_ft_action = nl80211_send_ft_action, 9111 .signal_monitor = nl80211_signal_monitor, 9112 .signal_poll = nl80211_signal_poll, 9113 .send_frame = nl80211_send_frame, 9114 .shared_freq = wpa_driver_nl80211_shared_freq, 9115 .set_param = nl80211_set_param, 9116 .get_radio_name = nl80211_get_radio_name, 9117 .add_pmkid = nl80211_add_pmkid, 9118 .remove_pmkid = nl80211_remove_pmkid, 9119 .flush_pmkid = nl80211_flush_pmkid, 9120 .set_rekey_info = nl80211_set_rekey_info, 9121 .poll_client = nl80211_poll_client, 9122 .set_p2p_powersave = nl80211_set_p2p_powersave, 9123#ifdef CONFIG_TDLS 9124 .send_tdls_mgmt = nl80211_send_tdls_mgmt, 9125 .tdls_oper = nl80211_tdls_oper, 9126#endif /* CONFIG_TDLS */ 9127#ifdef ANDROID_P2P 9128 .set_noa = wpa_driver_set_p2p_noa, 9129 .get_noa = wpa_driver_get_p2p_noa, 9130 .set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie, 9131#endif 9132#ifdef ANDROID 9133 .driver_cmd = wpa_driver_nl80211_driver_cmd, 9134#endif 9135}; 9136