driver_nl80211.c revision 44da0253a740e0329b18f60c196e1f2dcacfccea
1/* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 * 13 * Alternatively, this software may be distributed under the terms of BSD 14 * license. 15 * 16 * See README and COPYING for more details. 17 */ 18 19#include "includes.h" 20#include <sys/ioctl.h> 21#include <sys/types.h> 22#include <sys/stat.h> 23#include <fcntl.h> 24#include <net/if.h> 25#include <netlink/genl/genl.h> 26#include <netlink/genl/family.h> 27#include <netlink/genl/ctrl.h> 28#include <linux/rtnetlink.h> 29#include <netpacket/packet.h> 30#include <linux/filter.h> 31#include "nl80211_copy.h" 32 33#include "common.h" 34#include "eloop.h" 35#include "utils/list.h" 36#include "common/ieee802_11_defs.h" 37#include "netlink.h" 38#include "linux_ioctl.h" 39#include "radiotap.h" 40#include "radiotap_iter.h" 41#include "rfkill.h" 42#include "driver.h" 43#if defined(ANDROID_BRCM_P2P_PATCH) && !defined(HOSTAPD) 44#include "wpa_supplicant_i.h" 45#endif 46#ifdef CONFIG_LIBNL20 47/* libnl 2.0 compatibility code */ 48#define nl_handle nl_sock 49#define nl80211_handle_alloc nl_socket_alloc_cb 50#define nl80211_handle_destroy nl_socket_free 51#else 52/* 53 * libnl 1.1 has a bug, it tries to allocate socket numbers densely 54 * but when you free a socket again it will mess up its bitmap and 55 * and use the wrong number the next time it needs a socket ID. 56 * Therefore, we wrap the handle alloc/destroy and add our own pid 57 * accounting. 58 */ 59static uint32_t port_bitmap[32] = { 0 }; 60 61static struct nl_handle *nl80211_handle_alloc(void *cb) 62{ 63 struct nl_handle *handle; 64 uint32_t pid = getpid() & 0x3FFFFF; 65 int i; 66 67 handle = nl_handle_alloc_cb(cb); 68 69 for (i = 0; i < 1024; i++) { 70 if (port_bitmap[i / 32] & (1 << (i % 32))) 71 continue; 72 port_bitmap[i / 32] |= 1 << (i % 32); 73 pid += i << 22; 74 break; 75 } 76 77 nl_socket_set_local_port(handle, pid); 78 79 return handle; 80} 81 82static void nl80211_handle_destroy(struct nl_handle *handle) 83{ 84 uint32_t port = nl_socket_get_local_port(handle); 85 86 port >>= 22; 87 port_bitmap[port / 32] &= ~(1 << (port % 32)); 88 89 nl_handle_destroy(handle); 90} 91#endif /* CONFIG_LIBNL20 */ 92 93 94#ifndef IFF_LOWER_UP 95#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 96#endif 97#ifndef IFF_DORMANT 98#define IFF_DORMANT 0x20000 /* driver signals dormant */ 99#endif 100 101#ifndef IF_OPER_DORMANT 102#define IF_OPER_DORMANT 5 103#endif 104#ifndef IF_OPER_UP 105#define IF_OPER_UP 6 106#endif 107 108struct nl80211_global { 109 struct dl_list interfaces; 110}; 111 112struct i802_bss { 113 struct wpa_driver_nl80211_data *drv; 114 struct i802_bss *next; 115 int ifindex; 116 char ifname[IFNAMSIZ + 1]; 117 char brname[IFNAMSIZ]; 118 unsigned int beacon_set:1; 119 unsigned int added_if_into_bridge:1; 120 unsigned int added_bridge:1; 121}; 122 123struct wpa_driver_nl80211_data { 124 struct nl80211_global *global; 125 struct dl_list list; 126 u8 addr[ETH_ALEN]; 127 char phyname[32]; 128 void *ctx; 129 struct netlink_data *netlink; 130 int ioctl_sock; /* socket for ioctl() use */ 131 int ifindex; 132 int if_removed; 133 int if_disabled; 134 struct rfkill_data *rfkill; 135 struct wpa_driver_capa capa; 136 int has_capability; 137 138 int operstate; 139 140 int scan_complete_events; 141 142 struct nl_handle *nl_handle; 143 struct nl_handle *nl_handle_event; 144 struct nl_handle *nl_handle_preq; 145 struct nl_cache *nl_cache; 146 struct nl_cache *nl_cache_event; 147 struct nl_cache *nl_cache_preq; 148 struct nl_cb *nl_cb; 149 struct genl_family *nl80211; 150 151 u8 auth_bssid[ETH_ALEN]; 152 u8 bssid[ETH_ALEN]; 153 int associated; 154 u8 ssid[32]; 155 size_t ssid_len; 156 int nlmode; 157 int ap_scan_as_station; 158 unsigned int assoc_freq; 159 160 int monitor_sock; 161 int monitor_ifidx; 162 int no_monitor_iface_capab; 163 int disable_11b_rates; 164 165 unsigned int pending_remain_on_chan:1; 166 167 u64 remain_on_chan_cookie; 168 u64 send_action_cookie; 169 170 unsigned int last_mgmt_freq; 171 172 struct wpa_driver_scan_filter *filter_ssids; 173 size_t num_filter_ssids; 174 175 struct i802_bss first_bss; 176 177#ifdef HOSTAPD 178 int eapol_sock; /* socket for EAPOL frames */ 179 180 int default_if_indices[16]; 181 int *if_indices; 182 int num_if_indices; 183 184 int last_freq; 185 int last_freq_ht; 186#endif /* HOSTAPD */ 187}; 188 189 190static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 191 void *timeout_ctx); 192static int wpa_driver_nl80211_set_mode(void *priv, int mode); 193static int 194wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv); 195static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 196 const u8 *addr, int cmd, u16 reason_code, 197 int local_state_change); 198static void nl80211_remove_monitor_interface( 199 struct wpa_driver_nl80211_data *drv); 200static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv, 201 unsigned int freq, unsigned int wait, 202 const u8 *buf, size_t buf_len, u64 *cookie); 203static int wpa_driver_nl80211_probe_req_report(void *priv, int report); 204 205#ifdef HOSTAPD 206static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 207static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 208static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 209static int wpa_driver_nl80211_if_remove(void *priv, 210 enum wpa_driver_if_type type, 211 const char *ifname); 212#else /* HOSTAPD */ 213static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 214{ 215 return 0; 216} 217#endif /* HOSTAPD */ 218 219#ifdef ANDROID 220extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf, 221 size_t buf_len); 222#endif 223 224static int i802_set_freq(void *priv, struct hostapd_freq_params *freq); 225static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 226 int ifindex, int disabled); 227 228static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv); 229 230 231struct nl80211_bss_info_arg { 232 struct wpa_driver_nl80211_data *drv; 233 struct wpa_scan_results *res; 234 unsigned int assoc_freq; 235}; 236 237static int bss_info_handler(struct nl_msg *msg, void *arg); 238 239 240/* nl80211 code */ 241static int ack_handler(struct nl_msg *msg, void *arg) 242{ 243 int *err = arg; 244 *err = 0; 245 return NL_STOP; 246} 247 248static int finish_handler(struct nl_msg *msg, void *arg) 249{ 250 int *ret = arg; 251 *ret = 0; 252 return NL_SKIP; 253} 254 255static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 256 void *arg) 257{ 258 int *ret = arg; 259 *ret = err->error; 260 return NL_SKIP; 261} 262 263 264static int no_seq_check(struct nl_msg *msg, void *arg) 265{ 266 return NL_OK; 267} 268 269 270static int send_and_recv(struct wpa_driver_nl80211_data *drv, 271 struct nl_handle *nl_handle, struct nl_msg *msg, 272 int (*valid_handler)(struct nl_msg *, void *), 273 void *valid_data) 274{ 275 struct nl_cb *cb; 276 int err = -ENOMEM; 277 278 cb = nl_cb_clone(drv->nl_cb); 279 if (!cb) 280 goto out; 281 282 err = nl_send_auto_complete(nl_handle, msg); 283 if (err < 0) 284 goto out; 285 286 err = 1; 287 288 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 289 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 290 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 291 292 if (valid_handler) 293 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 294 valid_handler, valid_data); 295 296 while (err > 0) 297 nl_recvmsgs(nl_handle, cb); 298 out: 299 nl_cb_put(cb); 300 nlmsg_free(msg); 301 return err; 302} 303 304 305int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 306 struct nl_msg *msg, 307 int (*valid_handler)(struct nl_msg *, void *), 308 void *valid_data) 309{ 310 return send_and_recv(drv, drv->nl_handle, msg, valid_handler, 311 valid_data); 312} 313 314 315struct family_data { 316 const char *group; 317 int id; 318}; 319 320 321static int family_handler(struct nl_msg *msg, void *arg) 322{ 323 struct family_data *res = arg; 324 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 325 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 326 struct nlattr *mcgrp; 327 int i; 328 329 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 330 genlmsg_attrlen(gnlh, 0), NULL); 331 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 332 return NL_SKIP; 333 334 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 335 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 336 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 337 nla_len(mcgrp), NULL); 338 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 339 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 340 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 341 res->group, 342 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 343 continue; 344 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 345 break; 346 }; 347 348 return NL_SKIP; 349} 350 351 352static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv, 353 const char *family, const char *group) 354{ 355 struct nl_msg *msg; 356 int ret = -1; 357 struct family_data res = { group, -ENOENT }; 358 359 msg = nlmsg_alloc(); 360 if (!msg) 361 return -ENOMEM; 362 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"), 363 0, 0, CTRL_CMD_GETFAMILY, 0); 364 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 365 366 ret = send_and_recv_msgs(drv, msg, family_handler, &res); 367 msg = NULL; 368 if (ret == 0) 369 ret = res.id; 370 371nla_put_failure: 372 nlmsg_free(msg); 373 return ret; 374} 375 376 377static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 378{ 379 struct i802_bss *bss = priv; 380 struct wpa_driver_nl80211_data *drv = bss->drv; 381 if (!drv->associated) 382 return -1; 383 os_memcpy(bssid, drv->bssid, ETH_ALEN); 384 return 0; 385} 386 387 388static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 389{ 390 struct i802_bss *bss = priv; 391 struct wpa_driver_nl80211_data *drv = bss->drv; 392 if (!drv->associated) 393 return -1; 394 os_memcpy(ssid, drv->ssid, drv->ssid_len); 395 return drv->ssid_len; 396} 397 398 399static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv, 400 char *buf, size_t len, int del) 401{ 402 union wpa_event_data event; 403 404 os_memset(&event, 0, sizeof(event)); 405 if (len > sizeof(event.interface_status.ifname)) 406 len = sizeof(event.interface_status.ifname) - 1; 407 os_memcpy(event.interface_status.ifname, buf, len); 408 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 409 EVENT_INTERFACE_ADDED; 410 411 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 412 del ? "DEL" : "NEW", 413 event.interface_status.ifname, 414 del ? "removed" : "added"); 415 416 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) { 417 if (del) 418 drv->if_removed = 1; 419 else 420 drv->if_removed = 0; 421 } 422 423 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 424} 425 426 427static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 428 u8 *buf, size_t len) 429{ 430 int attrlen, rta_len; 431 struct rtattr *attr; 432 433 attrlen = len; 434 attr = (struct rtattr *) buf; 435 436 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 437 while (RTA_OK(attr, attrlen)) { 438 if (attr->rta_type == IFLA_IFNAME) { 439 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname) 440 == 0) 441 return 1; 442 else 443 break; 444 } 445 attr = RTA_NEXT(attr, attrlen); 446 } 447 448 return 0; 449} 450 451 452static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 453 int ifindex, u8 *buf, size_t len) 454{ 455 if (drv->ifindex == ifindex) 456 return 1; 457 458 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 459 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname); 460 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 461 "interface"); 462 wpa_driver_nl80211_finish_drv_init(drv); 463 return 1; 464 } 465 466 return 0; 467} 468 469 470static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 471 struct ifinfomsg *ifi, 472 u8 *buf, size_t len) 473{ 474 struct wpa_driver_nl80211_data *drv = ctx; 475 int attrlen, rta_len; 476 struct rtattr *attr; 477 u32 brid = 0; 478 479 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, buf, len) && 480 !have_ifidx(drv, ifi->ifi_index)) { 481 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign " 482 "ifindex %d", ifi->ifi_index); 483 return; 484 } 485 486 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 487 "(%s%s%s%s)", 488 drv->operstate, ifi->ifi_flags, 489 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 490 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 491 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 492 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 493 494 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 495 wpa_printf(MSG_DEBUG, "nl80211: Interface down"); 496 drv->if_disabled = 1; 497 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL); 498 } 499 500 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 501 wpa_printf(MSG_DEBUG, "nl80211: Interface up"); 502 drv->if_disabled = 0; 503 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL); 504 } 505 506 /* 507 * Some drivers send the association event before the operup event--in 508 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 509 * fails. This will hit us when wpa_supplicant does not need to do 510 * IEEE 802.1X authentication 511 */ 512 if (drv->operstate == 1 && 513 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 514 !(ifi->ifi_flags & IFF_RUNNING)) 515 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 516 -1, IF_OPER_UP); 517 518 attrlen = len; 519 attr = (struct rtattr *) buf; 520 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 521 while (RTA_OK(attr, attrlen)) { 522 if (attr->rta_type == IFLA_IFNAME) { 523 wpa_driver_nl80211_event_link( 524 drv, 525 ((char *) attr) + rta_len, 526 attr->rta_len - rta_len, 0); 527 } else if (attr->rta_type == IFLA_MASTER) 528 brid = nla_get_u32((struct nlattr *) attr); 529 attr = RTA_NEXT(attr, attrlen); 530 } 531 532#ifdef HOSTAPD 533 if (ifi->ifi_family == AF_BRIDGE && brid) { 534 /* device has been added to bridge */ 535 char namebuf[IFNAMSIZ]; 536 if_indextoname(brid, namebuf); 537 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 538 brid, namebuf); 539 add_ifidx(drv, brid); 540 } 541#endif /* HOSTAPD */ 542} 543 544 545static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 546 struct ifinfomsg *ifi, 547 u8 *buf, size_t len) 548{ 549 struct wpa_driver_nl80211_data *drv = ctx; 550 int attrlen, rta_len; 551 struct rtattr *attr; 552 u32 brid = 0; 553 554 attrlen = len; 555 attr = (struct rtattr *) buf; 556 557 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 558 while (RTA_OK(attr, attrlen)) { 559 if (attr->rta_type == IFLA_IFNAME) { 560 wpa_driver_nl80211_event_link( 561 drv, 562 ((char *) attr) + rta_len, 563 attr->rta_len - rta_len, 1); 564 } else if (attr->rta_type == IFLA_MASTER) 565 brid = nla_get_u32((struct nlattr *) attr); 566 attr = RTA_NEXT(attr, attrlen); 567 } 568 569#ifdef HOSTAPD 570 if (ifi->ifi_family == AF_BRIDGE && brid) { 571 /* device has been removed from bridge */ 572 char namebuf[IFNAMSIZ]; 573 if_indextoname(brid, namebuf); 574 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 575 "%s", brid, namebuf); 576 del_ifidx(drv, brid); 577 } 578#endif /* HOSTAPD */ 579} 580 581 582static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 583 const u8 *frame, size_t len) 584{ 585 const struct ieee80211_mgmt *mgmt; 586 union wpa_event_data event; 587 588 mgmt = (const struct ieee80211_mgmt *) frame; 589 if (len < 24 + sizeof(mgmt->u.auth)) { 590 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 591 "frame"); 592 return; 593 } 594 595 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 596 os_memset(&event, 0, sizeof(event)); 597 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 598 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 599 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 600 if (len > 24 + sizeof(mgmt->u.auth)) { 601 event.auth.ies = mgmt->u.auth.variable; 602 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 603 } 604 605 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 606} 607 608 609static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv) 610{ 611 struct nl_msg *msg; 612 int ret; 613 struct nl80211_bss_info_arg arg; 614 615 os_memset(&arg, 0, sizeof(arg)); 616 msg = nlmsg_alloc(); 617 if (!msg) 618 goto nla_put_failure; 619 620 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP, 621 NL80211_CMD_GET_SCAN, 0); 622 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 623 624 arg.drv = drv; 625 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 626 msg = NULL; 627 if (ret == 0) { 628 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the " 629 "associated BSS from scan results: %u MHz", 630 arg.assoc_freq); 631 return arg.assoc_freq ? arg.assoc_freq : drv->assoc_freq; 632 } 633 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 634 "(%s)", ret, strerror(-ret)); 635nla_put_failure: 636 nlmsg_free(msg); 637 return drv->assoc_freq; 638} 639 640 641static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 642 const u8 *frame, size_t len) 643{ 644 const struct ieee80211_mgmt *mgmt; 645 union wpa_event_data event; 646 u16 status; 647#ifdef ANDROID_BRCM_P2P_PATCH 648 struct wpa_supplicant *wpa_s = drv->ctx; 649#endif 650 651 mgmt = (const struct ieee80211_mgmt *) frame; 652#if (defined (CONFIG_AP) || defined (HOSTAPD) ) && defined (ANDROID_BRCM_P2P_PATCH) 653 if (drv->nlmode == NL80211_IFTYPE_AP || drv->nlmode == NL80211_IFTYPE_P2P_GO) { 654 if (len < 24 + sizeof(mgmt->u.assoc_req)) { 655 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 656 "frame"); 657 return; 658 } 659 os_memset(&event, 0, sizeof(event)); 660 event.assoc_info.freq = drv->assoc_freq; 661 event.assoc_info.req_ies = (u8 *) mgmt->u.assoc_req.variable; 662 event.assoc_info.req_ies_len = len - 24 - sizeof(mgmt->u.assoc_req); 663 event.assoc_info.addr = mgmt->sa; 664 } else { 665#endif 666 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 667 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 668 "frame"); 669 return; 670 } 671 672 status = le_to_host16(mgmt->u.assoc_resp.status_code); 673 if (status != WLAN_STATUS_SUCCESS) { 674 os_memset(&event, 0, sizeof(event)); 675 event.assoc_reject.bssid = mgmt->bssid; 676 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 677 event.assoc_reject.resp_ies = 678 (u8 *) mgmt->u.assoc_resp.variable; 679 event.assoc_reject.resp_ies_len = 680 len - 24 - sizeof(mgmt->u.assoc_resp); 681 } 682 event.assoc_reject.status_code = status; 683 684 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 685 return; 686 } 687 688 drv->associated = 1; 689 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 690 691 os_memset(&event, 0, sizeof(event)); 692 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 693 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 694 event.assoc_info.resp_ies_len = 695 len - 24 - sizeof(mgmt->u.assoc_resp); 696 } 697 698 event.assoc_info.freq = drv->assoc_freq; 699#if (defined (CONFIG_AP) || defined(HOSTAPD)) && defined (ANDROID_BRCM_P2P_PATCH) 700 } 701#endif 702 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 703} 704 705 706static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 707 enum nl80211_commands cmd, struct nlattr *status, 708 struct nlattr *addr, struct nlattr *req_ie, 709 struct nlattr *resp_ie) 710{ 711 union wpa_event_data event; 712 713 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 714 /* 715 * Avoid reporting two association events that would confuse 716 * the core code. 717 */ 718 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 719 "when using userspace SME", cmd); 720 return; 721 } 722 723 os_memset(&event, 0, sizeof(event)); 724 if (cmd == NL80211_CMD_CONNECT && 725 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 726 if (addr) 727 event.assoc_reject.bssid = nla_data(addr); 728 if (resp_ie) { 729 event.assoc_reject.resp_ies = nla_data(resp_ie); 730 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 731 } 732 event.assoc_reject.status_code = nla_get_u16(status); 733 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 734 return; 735 } 736 737 drv->associated = 1; 738 if (addr) 739 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 740 741 if (req_ie) { 742 event.assoc_info.req_ies = nla_data(req_ie); 743 event.assoc_info.req_ies_len = nla_len(req_ie); 744 } 745 if (resp_ie) { 746 event.assoc_info.resp_ies = nla_data(resp_ie); 747 event.assoc_info.resp_ies_len = nla_len(resp_ie); 748 } 749 750 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 751 752 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 753} 754 755 756static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 757 enum nl80211_commands cmd, struct nlattr *addr) 758{ 759 union wpa_event_data event; 760 enum wpa_event_type ev; 761 762 if (nla_len(addr) != ETH_ALEN) 763 return; 764 765 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 766 cmd, MAC2STR((u8 *) nla_data(addr))); 767 768 if (cmd == NL80211_CMD_AUTHENTICATE) 769 ev = EVENT_AUTH_TIMED_OUT; 770 else if (cmd == NL80211_CMD_ASSOCIATE) 771 ev = EVENT_ASSOC_TIMED_OUT; 772 else 773 return; 774 775 os_memset(&event, 0, sizeof(event)); 776 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 777 wpa_supplicant_event(drv->ctx, ev, &event); 778} 779 780 781static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv, 782 struct nlattr *freq, const u8 *frame, size_t len) 783{ 784 const struct ieee80211_mgmt *mgmt; 785 union wpa_event_data event; 786 u16 fc, stype; 787 788 mgmt = (const struct ieee80211_mgmt *) frame; 789 if (len < 24) { 790 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame"); 791 return; 792 } 793 794 fc = le_to_host16(mgmt->frame_control); 795 stype = WLAN_FC_GET_STYPE(fc); 796 797 os_memset(&event, 0, sizeof(event)); 798 if (freq) { 799 event.rx_action.freq = nla_get_u32(freq); 800 drv->last_mgmt_freq = event.rx_action.freq; 801 } 802 if (stype == WLAN_FC_STYPE_ACTION) { 803 event.rx_action.da = mgmt->da; 804 event.rx_action.sa = mgmt->sa; 805 event.rx_action.bssid = mgmt->bssid; 806 event.rx_action.category = mgmt->u.action.category; 807 event.rx_action.data = &mgmt->u.action.category + 1; 808 event.rx_action.len = frame + len - event.rx_action.data; 809 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event); 810 } else { 811 event.rx_mgmt.frame = frame; 812 event.rx_mgmt.frame_len = len; 813 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 814 } 815} 816 817 818static void mlme_event_action_tx_status(struct wpa_driver_nl80211_data *drv, 819 struct nlattr *cookie, const u8 *frame, 820 size_t len, struct nlattr *ack) 821{ 822 union wpa_event_data event; 823 const struct ieee80211_hdr *hdr; 824 u16 fc; 825 u64 cookie_val; 826 827 if (!cookie) 828 return; 829 830 cookie_val = nla_get_u64(cookie); 831 wpa_printf(MSG_DEBUG, "nl80211: Action TX status: cookie=0%llx%s " 832 "(ack=%d)", 833 (long long unsigned int) cookie_val, 834 cookie_val == drv->send_action_cookie ? 835 " (match)" : " (unknown)", ack != NULL); 836 if (cookie_val != drv->send_action_cookie) 837 return; 838 839 hdr = (const struct ieee80211_hdr *) frame; 840 fc = le_to_host16(hdr->frame_control); 841 842 os_memset(&event, 0, sizeof(event)); 843 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 844 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 845 event.tx_status.dst = hdr->addr1; 846 event.tx_status.data = frame; 847 event.tx_status.data_len = len; 848 event.tx_status.ack = ack != NULL; 849 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 850} 851 852 853static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 854 enum wpa_event_type type, 855 const u8 *frame, size_t len) 856{ 857 const struct ieee80211_mgmt *mgmt; 858 union wpa_event_data event; 859 const u8 *bssid = NULL; 860 u16 reason_code = 0; 861 862 mgmt = (const struct ieee80211_mgmt *) frame; 863 if (len >= 24) { 864 bssid = mgmt->bssid; 865 866 if (drv->associated != 0 && 867 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 868 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 869 /* 870 * We have presumably received this deauth as a 871 * response to a clear_state_mismatch() outgoing 872 * deauth. Don't let it take us offline! 873 */ 874 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 875 "from Unknown BSSID " MACSTR " -- ignoring", 876 MAC2STR(bssid)); 877 return; 878 } 879 } 880 881 drv->associated = 0; 882 os_memset(&event, 0, sizeof(event)); 883 884 /* Note: Same offset for Reason Code in both frame subtypes */ 885 if (len >= 24 + sizeof(mgmt->u.deauth)) 886 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 887 888 if (type == EVENT_DISASSOC) { 889#ifdef ANDROID_BRCM_P2P_PATCH 890 if (drv->nlmode == NL80211_IFTYPE_AP || 891 drv->nlmode == NL80211_IFTYPE_P2P_GO) { 892 event.disassoc_info.addr = mgmt->sa; 893 } else 894#endif 895 event.disassoc_info.addr = bssid; 896 event.disassoc_info.reason_code = reason_code; 897 if (frame + len > mgmt->u.disassoc.variable) { 898 event.disassoc_info.ie = mgmt->u.disassoc.variable; 899 event.disassoc_info.ie_len = frame + len - 900 mgmt->u.disassoc.variable; 901 } 902 } else { 903#ifdef ANDROID_BRCM_P2P_PATCH 904 if (drv->nlmode == NL80211_IFTYPE_AP || 905 drv->nlmode == NL80211_IFTYPE_P2P_GO) { 906 event.deauth_info.addr = mgmt->sa; 907 } else 908#endif 909 event.deauth_info.addr = bssid; 910 event.deauth_info.reason_code = reason_code; 911 if (frame + len > mgmt->u.deauth.variable) { 912 event.deauth_info.ie = mgmt->u.deauth.variable; 913 event.deauth_info.ie_len = frame + len - 914 mgmt->u.deauth.variable; 915 } 916 } 917 918 wpa_supplicant_event(drv->ctx, type, &event); 919} 920 921 922static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 923 enum wpa_event_type type, 924 const u8 *frame, size_t len) 925{ 926 const struct ieee80211_mgmt *mgmt; 927 union wpa_event_data event; 928 u16 reason_code = 0; 929 930 if (len < 24) 931 return; 932 933 mgmt = (const struct ieee80211_mgmt *) frame; 934 935 os_memset(&event, 0, sizeof(event)); 936 /* Note: Same offset for Reason Code in both frame subtypes */ 937 if (len >= 24 + sizeof(mgmt->u.deauth)) 938 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 939 940 if (type == EVENT_UNPROT_DISASSOC) { 941 event.unprot_disassoc.sa = mgmt->sa; 942 event.unprot_disassoc.da = mgmt->da; 943 event.unprot_disassoc.reason_code = reason_code; 944 } else { 945 event.unprot_deauth.sa = mgmt->sa; 946 event.unprot_deauth.da = mgmt->da; 947 event.unprot_deauth.reason_code = reason_code; 948 } 949 950 wpa_supplicant_event(drv->ctx, type, &event); 951} 952 953 954static void mlme_event(struct wpa_driver_nl80211_data *drv, 955 enum nl80211_commands cmd, struct nlattr *frame, 956 struct nlattr *addr, struct nlattr *timed_out, 957 struct nlattr *freq, struct nlattr *ack, 958 struct nlattr *cookie) 959{ 960 if (timed_out && addr) { 961 mlme_timeout_event(drv, cmd, addr); 962 return; 963 } 964 965 if (frame == NULL) { 966 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame " 967 "data", cmd); 968 return; 969 } 970 971 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd); 972 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 973 nla_data(frame), nla_len(frame)); 974 975 switch (cmd) { 976 case NL80211_CMD_AUTHENTICATE: 977 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 978 break; 979 case NL80211_CMD_ASSOCIATE: 980 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 981 break; 982 case NL80211_CMD_DEAUTHENTICATE: 983 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 984 nla_data(frame), nla_len(frame)); 985 break; 986 case NL80211_CMD_DISASSOCIATE: 987 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 988 nla_data(frame), nla_len(frame)); 989 break; 990 case NL80211_CMD_FRAME: 991 mlme_event_mgmt(drv, freq, nla_data(frame), nla_len(frame)); 992 break; 993 case NL80211_CMD_FRAME_TX_STATUS: 994 mlme_event_action_tx_status(drv, cookie, nla_data(frame), 995 nla_len(frame), ack); 996 break; 997 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 998 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 999 nla_data(frame), nla_len(frame)); 1000 break; 1001 case NL80211_CMD_UNPROT_DISASSOCIATE: 1002 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 1003 nla_data(frame), nla_len(frame)); 1004 break; 1005 default: 1006 break; 1007 } 1008} 1009 1010 1011static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv, 1012 struct nlattr *tb[]) 1013{ 1014 union wpa_event_data data; 1015 1016 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 1017 os_memset(&data, 0, sizeof(data)); 1018 if (tb[NL80211_ATTR_MAC]) { 1019 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 1020 nla_data(tb[NL80211_ATTR_MAC]), 1021 nla_len(tb[NL80211_ATTR_MAC])); 1022 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 1023 } 1024 if (tb[NL80211_ATTR_KEY_SEQ]) { 1025 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 1026 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 1027 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 1028 } 1029 if (tb[NL80211_ATTR_KEY_TYPE]) { 1030 enum nl80211_key_type key_type = 1031 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 1032 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 1033 if (key_type == NL80211_KEYTYPE_PAIRWISE) 1034 data.michael_mic_failure.unicast = 1; 1035 } else 1036 data.michael_mic_failure.unicast = 1; 1037 1038 if (tb[NL80211_ATTR_KEY_IDX]) { 1039 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 1040 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 1041 } 1042 1043 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 1044} 1045 1046 1047static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 1048 struct nlattr *tb[]) 1049{ 1050 if (tb[NL80211_ATTR_MAC] == NULL) { 1051 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 1052 "event"); 1053 return; 1054 } 1055 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1056 drv->associated = 1; 1057 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 1058 MAC2STR(drv->bssid)); 1059 1060 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 1061} 1062 1063 1064static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 1065 int cancel_event, struct nlattr *tb[]) 1066{ 1067 unsigned int freq, chan_type, duration; 1068 union wpa_event_data data; 1069 u64 cookie; 1070 1071 if (tb[NL80211_ATTR_WIPHY_FREQ]) 1072 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 1073 else 1074 freq = 0; 1075 1076 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 1077 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1078 else 1079 chan_type = 0; 1080 1081 if (tb[NL80211_ATTR_DURATION]) 1082 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 1083 else 1084 duration = 0; 1085 1086 if (tb[NL80211_ATTR_COOKIE]) 1087 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 1088 else 1089 cookie = 0; 1090 1091 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 1092 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 1093 cancel_event, freq, chan_type, duration, 1094 (long long unsigned int) cookie, 1095 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 1096 1097 if (cookie != drv->remain_on_chan_cookie) 1098 return; /* not for us */ 1099 1100 drv->pending_remain_on_chan = !cancel_event; 1101 1102 os_memset(&data, 0, sizeof(data)); 1103 data.remain_on_channel.freq = freq; 1104 data.remain_on_channel.duration = duration; 1105 wpa_supplicant_event(drv->ctx, cancel_event ? 1106 EVENT_CANCEL_REMAIN_ON_CHANNEL : 1107 EVENT_REMAIN_ON_CHANNEL, &data); 1108} 1109 1110 1111static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 1112 struct nlattr *tb[]) 1113{ 1114 union wpa_event_data event; 1115 struct nlattr *nl; 1116 int rem; 1117 struct scan_info *info; 1118#define MAX_REPORT_FREQS 50 1119 int freqs[MAX_REPORT_FREQS]; 1120 int num_freqs = 0; 1121 1122 os_memset(&event, 0, sizeof(event)); 1123 info = &event.scan_info; 1124 info->aborted = aborted; 1125 1126 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 1127 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 1128 struct wpa_driver_scan_ssid *s = 1129 &info->ssids[info->num_ssids]; 1130 s->ssid = nla_data(nl); 1131 s->ssid_len = nla_len(nl); 1132 info->num_ssids++; 1133 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 1134 break; 1135 } 1136 } 1137 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 1138 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 1139 { 1140 freqs[num_freqs] = nla_get_u32(nl); 1141 num_freqs++; 1142 if (num_freqs == MAX_REPORT_FREQS - 1) 1143 break; 1144 } 1145 info->freqs = freqs; 1146 info->num_freqs = num_freqs; 1147 } 1148 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 1149} 1150 1151 1152static int get_link_signal(struct nl_msg *msg, void *arg) 1153{ 1154 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1155 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1156 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1]; 1157 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = { 1158 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 }, 1159 }; 1160 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1]; 1161 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = { 1162 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 }, 1163 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 }, 1164 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG }, 1165 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG }, 1166 }; 1167 struct wpa_signal_info *sig_change = arg; 1168 1169 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1170 genlmsg_attrlen(gnlh, 0), NULL); 1171 if (!tb[NL80211_ATTR_STA_INFO] || 1172 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX, 1173 tb[NL80211_ATTR_STA_INFO], policy)) 1174 return NL_SKIP; 1175 if (!sinfo[NL80211_STA_INFO_SIGNAL]) 1176 return NL_SKIP; 1177 1178 sig_change->current_signal = 1179 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]); 1180 1181 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) { 1182 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX, 1183 sinfo[NL80211_STA_INFO_TX_BITRATE], 1184 rate_policy)) { 1185 sig_change->current_txrate = 0; 1186 } else { 1187 if (rinfo[NL80211_RATE_INFO_BITRATE]) { 1188 sig_change->current_txrate = 1189 nla_get_u16(rinfo[ 1190 NL80211_RATE_INFO_BITRATE]) * 100; 1191 } 1192 } 1193 } 1194 1195 return NL_SKIP; 1196} 1197 1198 1199static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, 1200 struct wpa_signal_info *sig) 1201{ 1202 struct nl_msg *msg; 1203 1204 sig->current_signal = -9999; 1205 sig->current_txrate = 0; 1206 1207 msg = nlmsg_alloc(); 1208 if (!msg) 1209 return -ENOMEM; 1210 1211 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1212 0, NL80211_CMD_GET_STATION, 0); 1213 1214 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1215 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 1216 1217 return send_and_recv_msgs(drv, msg, get_link_signal, sig); 1218 nla_put_failure: 1219 return -ENOBUFS; 1220} 1221 1222 1223static int get_link_noise(struct nl_msg *msg, void *arg) 1224{ 1225 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1226 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1227 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 1228 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 1229 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 1230 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 1231 }; 1232 struct wpa_signal_info *sig_change = arg; 1233 1234 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1235 genlmsg_attrlen(gnlh, 0), NULL); 1236 1237 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 1238 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!"); 1239 return NL_SKIP; 1240 } 1241 1242 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 1243 tb[NL80211_ATTR_SURVEY_INFO], 1244 survey_policy)) { 1245 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested " 1246 "attributes!"); 1247 return NL_SKIP; 1248 } 1249 1250 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 1251 return NL_SKIP; 1252 1253 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 1254 sig_change->frequency) 1255 return NL_SKIP; 1256 1257 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 1258 return NL_SKIP; 1259 1260 sig_change->current_noise = 1261 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 1262 1263 return NL_SKIP; 1264} 1265 1266 1267static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, 1268 struct wpa_signal_info *sig_change) 1269{ 1270 struct nl_msg *msg; 1271 1272 sig_change->current_noise = 9999; 1273 sig_change->frequency = drv->assoc_freq; 1274 1275 msg = nlmsg_alloc(); 1276 if (!msg) 1277 return -ENOMEM; 1278 1279 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1280 NLM_F_DUMP, NL80211_CMD_GET_SURVEY, 0); 1281 1282 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1283 1284 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change); 1285 nla_put_failure: 1286 return -ENOBUFS; 1287} 1288 1289 1290static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 1291 struct nlattr *tb[]) 1292{ 1293 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 1294 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 1295 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 1296 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 1297 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 1298 }; 1299 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 1300 enum nl80211_cqm_rssi_threshold_event event; 1301 union wpa_event_data ed; 1302 struct wpa_signal_info sig; 1303 int res; 1304 1305 if (tb[NL80211_ATTR_CQM] == NULL || 1306 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 1307 cqm_policy)) { 1308 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 1309 return; 1310 } 1311 1312 os_memset(&ed, 0, sizeof(ed)); 1313 1314 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 1315 if (!tb[NL80211_ATTR_MAC]) 1316 return; 1317 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 1318 ETH_ALEN); 1319 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 1320 return; 1321 } 1322 1323 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 1324 return; 1325 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 1326 1327 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 1328 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1329 "event: RSSI high"); 1330 ed.signal_change.above_threshold = 1; 1331 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 1332 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1333 "event: RSSI low"); 1334 ed.signal_change.above_threshold = 0; 1335 } else 1336 return; 1337 1338 res = nl80211_get_link_signal(drv, &sig); 1339 if (res == 0) { 1340 ed.signal_change.current_signal = sig.current_signal; 1341 ed.signal_change.current_txrate = sig.current_txrate; 1342 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 1343 sig.current_signal, sig.current_txrate); 1344 } 1345 1346 res = nl80211_get_link_noise(drv, &sig); 1347 if (res == 0) { 1348 ed.signal_change.current_noise = sig.current_noise; 1349 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 1350 sig.current_noise); 1351 } 1352 1353 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 1354} 1355 1356 1357static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 1358 struct nlattr **tb) 1359{ 1360 u8 *addr; 1361 union wpa_event_data data; 1362 1363 if (tb[NL80211_ATTR_MAC] == NULL) 1364 return; 1365 addr = nla_data(tb[NL80211_ATTR_MAC]); 1366 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 1367 1368 if (drv->nlmode == NL80211_IFTYPE_AP && 1369 drv->no_monitor_iface_capab) { 1370 u8 *ies = NULL; 1371 size_t ies_len = 0; 1372 if (tb[NL80211_ATTR_IE]) { 1373 ies = nla_data(tb[NL80211_ATTR_IE]); 1374 ies_len = nla_len(tb[NL80211_ATTR_IE]); 1375 } 1376 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 1377 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0); 1378 return; 1379 } 1380 1381 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1382 return; 1383 1384 os_memset(&data, 0, sizeof(data)); 1385 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 1386 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data); 1387} 1388 1389 1390static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 1391 struct nlattr **tb) 1392{ 1393 u8 *addr; 1394 union wpa_event_data data; 1395 1396 if (tb[NL80211_ATTR_MAC] == NULL) 1397 return; 1398 addr = nla_data(tb[NL80211_ATTR_MAC]); 1399 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 1400 MAC2STR(addr)); 1401 1402 if (drv->nlmode == NL80211_IFTYPE_AP && 1403 drv->no_monitor_iface_capab) { 1404 drv_event_disassoc(drv->ctx, addr); 1405 return; 1406 } 1407 1408 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1409 return; 1410 1411 os_memset(&data, 0, sizeof(data)); 1412 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 1413 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 1414} 1415 1416 1417static int process_event(struct nl_msg *msg, void *arg) 1418{ 1419 struct wpa_driver_nl80211_data *drv = arg; 1420 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1421 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1422 union wpa_event_data data; 1423 1424 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1425 genlmsg_attrlen(gnlh, 0), NULL); 1426 1427 if (tb[NL80211_ATTR_IFINDEX]) { 1428 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 1429 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) { 1430 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)" 1431 " for foreign interface (ifindex %d)", 1432 gnlh->cmd, ifindex); 1433 return NL_SKIP; 1434 } 1435 } 1436 1437 if (drv->ap_scan_as_station && 1438 (gnlh->cmd == NL80211_CMD_NEW_SCAN_RESULTS || 1439 gnlh->cmd == NL80211_CMD_SCAN_ABORTED)) { 1440 wpa_driver_nl80211_set_mode(&drv->first_bss, 1441 IEEE80211_MODE_AP); 1442 drv->ap_scan_as_station = 0; 1443 } 1444 1445 switch (gnlh->cmd) { 1446 case NL80211_CMD_TRIGGER_SCAN: 1447 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger"); 1448 break; 1449 case NL80211_CMD_NEW_SCAN_RESULTS: 1450 wpa_printf(MSG_DEBUG, "nl80211: New scan results available"); 1451 drv->scan_complete_events = 1; 1452 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1453 drv->ctx); 1454 send_scan_event(drv, 0, tb); 1455 break; 1456 case NL80211_CMD_SCAN_ABORTED: 1457 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted"); 1458 /* 1459 * Need to indicate that scan results are available in order 1460 * not to make wpa_supplicant stop its scanning. 1461 */ 1462 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1463 drv->ctx); 1464 send_scan_event(drv, 1, tb); 1465 break; 1466 case NL80211_CMD_AUTHENTICATE: 1467 case NL80211_CMD_ASSOCIATE: 1468 case NL80211_CMD_DEAUTHENTICATE: 1469 case NL80211_CMD_DISASSOCIATE: 1470 case NL80211_CMD_FRAME: 1471 case NL80211_CMD_FRAME_TX_STATUS: 1472 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1473 case NL80211_CMD_UNPROT_DISASSOCIATE: 1474 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME], 1475 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 1476 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 1477 tb[NL80211_ATTR_COOKIE]); 1478 break; 1479 case NL80211_CMD_CONNECT: 1480 case NL80211_CMD_ROAM: 1481 mlme_event_connect(drv, gnlh->cmd, 1482 tb[NL80211_ATTR_STATUS_CODE], 1483 tb[NL80211_ATTR_MAC], 1484 tb[NL80211_ATTR_REQ_IE], 1485 tb[NL80211_ATTR_RESP_IE]); 1486 break; 1487 case NL80211_CMD_DISCONNECT: 1488 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1489 /* 1490 * Avoid reporting two disassociation events that could 1491 * confuse the core code. 1492 */ 1493 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1494 "event when using userspace SME"); 1495 break; 1496 } 1497 drv->associated = 0; 1498 os_memset(&data, 0, sizeof(data)); 1499 if (tb[NL80211_ATTR_REASON_CODE]) 1500 data.disassoc_info.reason_code = 1501 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 1502 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data); 1503 break; 1504 case NL80211_CMD_MICHAEL_MIC_FAILURE: 1505 mlme_event_michael_mic_failure(drv, tb); 1506 break; 1507 case NL80211_CMD_JOIN_IBSS: 1508 mlme_event_join_ibss(drv, tb); 1509 break; 1510 case NL80211_CMD_REMAIN_ON_CHANNEL: 1511 mlme_event_remain_on_channel(drv, 0, tb); 1512 break; 1513 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 1514 mlme_event_remain_on_channel(drv, 1, tb); 1515 break; 1516 case NL80211_CMD_NOTIFY_CQM: 1517 nl80211_cqm_event(drv, tb); 1518 break; 1519 case NL80211_CMD_REG_CHANGE: 1520 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 1521 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 1522 NULL); 1523 break; 1524 case NL80211_CMD_REG_BEACON_HINT: 1525 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 1526 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 1527 NULL); 1528 break; 1529 case NL80211_CMD_NEW_STATION: 1530 nl80211_new_station_event(drv, tb); 1531 break; 1532 case NL80211_CMD_DEL_STATION: 1533 nl80211_del_station_event(drv, tb); 1534 break; 1535 default: 1536 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 1537 "(cmd=%d)", gnlh->cmd); 1538 break; 1539 } 1540 1541 return NL_SKIP; 1542} 1543 1544 1545static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 1546 void *handle) 1547{ 1548 struct nl_cb *cb; 1549 struct wpa_driver_nl80211_data *drv = eloop_ctx; 1550 1551 wpa_printf(MSG_DEBUG, "nl80211: Event message available"); 1552 1553 cb = nl_cb_clone(drv->nl_cb); 1554 if (!cb) 1555 return; 1556 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 1557 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv); 1558 nl_recvmsgs(handle, cb); 1559 nl_cb_put(cb); 1560} 1561 1562 1563/** 1564 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 1565 * @priv: driver_nl80211 private data 1566 * @alpha2_arg: country to which to switch to 1567 * Returns: 0 on success, -1 on failure 1568 * 1569 * This asks nl80211 to set the regulatory domain for given 1570 * country ISO / IEC alpha2. 1571 */ 1572static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 1573{ 1574 struct i802_bss *bss = priv; 1575 struct wpa_driver_nl80211_data *drv = bss->drv; 1576 char alpha2[3]; 1577 struct nl_msg *msg; 1578 1579 msg = nlmsg_alloc(); 1580 if (!msg) 1581 return -ENOMEM; 1582 1583 alpha2[0] = alpha2_arg[0]; 1584 alpha2[1] = alpha2_arg[1]; 1585 alpha2[2] = '\0'; 1586 1587 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1588 0, NL80211_CMD_REQ_SET_REG, 0); 1589 1590 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 1591 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 1592 return -EINVAL; 1593 return 0; 1594nla_put_failure: 1595 return -EINVAL; 1596} 1597 1598 1599struct wiphy_info_data { 1600 int max_scan_ssids; 1601 int ap_supported; 1602 int p2p_supported; 1603 int auth_supported; 1604 int connect_supported; 1605 int offchan_tx_supported; 1606 int max_remain_on_chan; 1607}; 1608 1609 1610static int wiphy_info_handler(struct nl_msg *msg, void *arg) 1611{ 1612 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1613 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1614 struct wiphy_info_data *info = arg; 1615 int p2p_go_supported = 0, p2p_client_supported = 0; 1616 1617 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1618 genlmsg_attrlen(gnlh, 0), NULL); 1619 1620 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 1621 info->max_scan_ssids = 1622 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 1623 1624 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) { 1625 struct nlattr *nl_mode; 1626 int i; 1627 nla_for_each_nested(nl_mode, 1628 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) { 1629 switch (nla_type(nl_mode)) { 1630 case NL80211_IFTYPE_AP: 1631 info->ap_supported = 1; 1632 break; 1633 case NL80211_IFTYPE_P2P_GO: 1634 p2p_go_supported = 1; 1635 break; 1636 case NL80211_IFTYPE_P2P_CLIENT: 1637 p2p_client_supported = 1; 1638 break; 1639 } 1640 } 1641 } 1642 1643 info->p2p_supported = p2p_go_supported && p2p_client_supported; 1644 1645 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) { 1646 struct nlattr *nl_cmd; 1647 int i; 1648 1649 nla_for_each_nested(nl_cmd, 1650 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) { 1651 u32 cmd = nla_get_u32(nl_cmd); 1652 if (cmd == NL80211_CMD_AUTHENTICATE) 1653 info->auth_supported = 1; 1654 else if (cmd == NL80211_CMD_CONNECT) 1655 info->connect_supported = 1; 1656 } 1657 } 1658 1659 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) 1660 info->offchan_tx_supported = 1; 1661 1662 if (tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]) 1663 info->max_remain_on_chan = 1664 nla_get_u32(tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]); 1665 1666 return NL_SKIP; 1667} 1668 1669 1670static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 1671 struct wiphy_info_data *info) 1672{ 1673 struct nl_msg *msg; 1674 1675 os_memset(info, 0, sizeof(*info)); 1676 1677 /* default to 5000 since early versions of mac80211 don't set it */ 1678 info->max_remain_on_chan = 5000; 1679 1680 msg = nlmsg_alloc(); 1681 if (!msg) 1682 return -1; 1683 1684 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1685 0, NL80211_CMD_GET_WIPHY, 0); 1686 1687 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex); 1688 1689 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0) 1690 return 0; 1691 msg = NULL; 1692nla_put_failure: 1693 nlmsg_free(msg); 1694 return -1; 1695} 1696 1697 1698static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 1699{ 1700 struct wiphy_info_data info; 1701 if (wpa_driver_nl80211_get_info(drv, &info)) 1702 return -1; 1703 drv->has_capability = 1; 1704 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */ 1705 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 1706 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 1707 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 1708 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 1709 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 | 1710 WPA_DRIVER_CAPA_ENC_WEP104 | 1711 WPA_DRIVER_CAPA_ENC_TKIP | 1712 WPA_DRIVER_CAPA_ENC_CCMP; 1713 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 1714 WPA_DRIVER_AUTH_SHARED | 1715 WPA_DRIVER_AUTH_LEAP; 1716 1717 drv->capa.max_scan_ssids = info.max_scan_ssids; 1718 if (info.ap_supported) 1719 drv->capa.flags |= WPA_DRIVER_FLAGS_AP; 1720 1721 if (info.auth_supported) 1722 drv->capa.flags |= WPA_DRIVER_FLAGS_SME; 1723 else if (!info.connect_supported) { 1724 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 1725 "authentication/association or connect commands"); 1726 return -1; 1727 } 1728 1729 if (info.offchan_tx_supported) { 1730 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based " 1731 "off-channel TX"); 1732 drv->capa.flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 1733 } 1734 1735 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES; 1736 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 1737 if (info.p2p_supported) 1738 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE; 1739 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 1740 drv->capa.max_remain_on_chan = info.max_remain_on_chan; 1741 1742 return 0; 1743} 1744 1745 1746static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) 1747{ 1748 int ret; 1749 1750 /* Initialize generic netlink and nl80211 */ 1751 1752 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 1753 if (drv->nl_cb == NULL) { 1754 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1755 "callbacks"); 1756 goto err1; 1757 } 1758 1759 drv->nl_handle = nl80211_handle_alloc(drv->nl_cb); 1760 if (drv->nl_handle == NULL) { 1761 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1762 "callbacks"); 1763 goto err2; 1764 } 1765 1766 drv->nl_handle_event = nl80211_handle_alloc(drv->nl_cb); 1767 if (drv->nl_handle_event == NULL) { 1768 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1769 "callbacks (event)"); 1770 goto err2b; 1771 } 1772 1773 if (genl_connect(drv->nl_handle)) { 1774 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 1775 "netlink"); 1776 goto err3; 1777 } 1778 1779 if (genl_connect(drv->nl_handle_event)) { 1780 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 1781 "netlink (event)"); 1782 goto err3; 1783 } 1784 1785#ifdef CONFIG_LIBNL20 1786 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) { 1787 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1788 "netlink cache"); 1789 goto err3; 1790 } 1791 if (genl_ctrl_alloc_cache(drv->nl_handle_event, &drv->nl_cache_event) < 1792 0) { 1793 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1794 "netlink cache (event)"); 1795 goto err3b; 1796 } 1797#else /* CONFIG_LIBNL20 */ 1798 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle); 1799 if (drv->nl_cache == NULL) { 1800 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1801 "netlink cache"); 1802 goto err3; 1803 } 1804 drv->nl_cache_event = genl_ctrl_alloc_cache(drv->nl_handle_event); 1805 if (drv->nl_cache_event == NULL) { 1806 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1807 "netlink cache (event)"); 1808 goto err3b; 1809 } 1810#endif /* CONFIG_LIBNL20 */ 1811 1812 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211"); 1813 if (drv->nl80211 == NULL) { 1814 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 1815 "found"); 1816 goto err4; 1817 } 1818 1819 ret = nl_get_multicast_id(drv, "nl80211", "scan"); 1820 if (ret >= 0) 1821 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1822 if (ret < 0) { 1823 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 1824 "membership for scan events: %d (%s)", 1825 ret, strerror(-ret)); 1826 goto err4; 1827 } 1828 1829 ret = nl_get_multicast_id(drv, "nl80211", "mlme"); 1830 if (ret >= 0) 1831 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1832 if (ret < 0) { 1833 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 1834 "membership for mlme events: %d (%s)", 1835 ret, strerror(-ret)); 1836 goto err4; 1837 } 1838 1839 ret = nl_get_multicast_id(drv, "nl80211", "regulatory"); 1840 if (ret >= 0) 1841 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1842 if (ret < 0) { 1843 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 1844 "membership for regulatory events: %d (%s)", 1845 ret, strerror(-ret)); 1846 /* Continue without regulatory events */ 1847 } 1848 1849 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_event), 1850 wpa_driver_nl80211_event_receive, drv, 1851 drv->nl_handle_event); 1852 1853 return 0; 1854 1855err4: 1856 nl_cache_free(drv->nl_cache_event); 1857err3b: 1858 nl_cache_free(drv->nl_cache); 1859err3: 1860 nl80211_handle_destroy(drv->nl_handle_event); 1861err2b: 1862 nl80211_handle_destroy(drv->nl_handle); 1863err2: 1864 nl_cb_put(drv->nl_cb); 1865err1: 1866 return -1; 1867} 1868 1869 1870static void wpa_driver_nl80211_rfkill_blocked(void *ctx) 1871{ 1872 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); 1873 /* 1874 * This may be for any interface; use ifdown event to disable 1875 * interface. 1876 */ 1877} 1878 1879 1880static void wpa_driver_nl80211_rfkill_unblocked(void *ctx) 1881{ 1882 struct wpa_driver_nl80211_data *drv = ctx; 1883 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked"); 1884 if (linux_set_iface_flags(drv->ioctl_sock, drv->first_bss.ifname, 1)) { 1885 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP " 1886 "after rfkill unblock"); 1887 return; 1888 } 1889 /* rtnetlink ifup handler will report interface as enabled */ 1890} 1891 1892 1893static void nl80211_get_phy_name(struct wpa_driver_nl80211_data *drv) 1894{ 1895 /* Find phy (radio) to which this interface belongs */ 1896 char buf[90], *pos; 1897 int f, rv; 1898 1899 drv->phyname[0] = '\0'; 1900 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name", 1901 drv->first_bss.ifname); 1902 f = open(buf, O_RDONLY); 1903 if (f < 0) { 1904 wpa_printf(MSG_DEBUG, "Could not open file %s: %s", 1905 buf, strerror(errno)); 1906 return; 1907 } 1908 1909 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1); 1910 close(f); 1911 if (rv < 0) { 1912 wpa_printf(MSG_DEBUG, "Could not read file %s: %s", 1913 buf, strerror(errno)); 1914 return; 1915 } 1916 1917 drv->phyname[rv] = '\0'; 1918 pos = os_strchr(drv->phyname, '\n'); 1919 if (pos) 1920 *pos = '\0'; 1921 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s", 1922 drv->first_bss.ifname, drv->phyname); 1923} 1924 1925 1926/** 1927 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 1928 * @ctx: context to be used when calling wpa_supplicant functions, 1929 * e.g., wpa_supplicant_event() 1930 * @ifname: interface name, e.g., wlan0 1931 * @global_priv: private driver global data from global_init() 1932 * Returns: Pointer to private data, %NULL on failure 1933 */ 1934static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, 1935 void *global_priv) 1936{ 1937 struct wpa_driver_nl80211_data *drv; 1938 struct netlink_config *cfg; 1939 struct rfkill_config *rcfg; 1940 struct i802_bss *bss; 1941 1942 drv = os_zalloc(sizeof(*drv)); 1943 if (drv == NULL) 1944 return NULL; 1945 drv->global = global_priv; 1946 drv->ctx = ctx; 1947 bss = &drv->first_bss; 1948 bss->drv = drv; 1949 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 1950 drv->monitor_ifidx = -1; 1951 drv->monitor_sock = -1; 1952 drv->ioctl_sock = -1; 1953 1954 if (wpa_driver_nl80211_init_nl(drv)) { 1955 os_free(drv); 1956 return NULL; 1957 } 1958 1959 nl80211_get_phy_name(drv); 1960 1961 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 1962 if (drv->ioctl_sock < 0) { 1963 perror("socket(PF_INET,SOCK_DGRAM)"); 1964 goto failed; 1965 } 1966 1967 cfg = os_zalloc(sizeof(*cfg)); 1968 if (cfg == NULL) 1969 goto failed; 1970 cfg->ctx = drv; 1971 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 1972 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 1973 drv->netlink = netlink_init(cfg); 1974 if (drv->netlink == NULL) { 1975 os_free(cfg); 1976 goto failed; 1977 } 1978 1979 rcfg = os_zalloc(sizeof(*rcfg)); 1980 if (rcfg == NULL) 1981 goto failed; 1982 rcfg->ctx = drv; 1983 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 1984 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked; 1985 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked; 1986 drv->rfkill = rfkill_init(rcfg); 1987 if (drv->rfkill == NULL) { 1988 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available"); 1989 os_free(rcfg); 1990 } 1991 1992 if (wpa_driver_nl80211_finish_drv_init(drv)) 1993 goto failed; 1994 1995 if (drv->global) 1996 dl_list_add(&drv->global->interfaces, &drv->list); 1997 1998 return bss; 1999 2000failed: 2001 rfkill_deinit(drv->rfkill); 2002 netlink_deinit(drv->netlink); 2003 if (drv->ioctl_sock >= 0) 2004 close(drv->ioctl_sock); 2005 2006 genl_family_put(drv->nl80211); 2007 nl_cache_free(drv->nl_cache); 2008 nl80211_handle_destroy(drv->nl_handle); 2009 nl_cb_put(drv->nl_cb); 2010 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 2011 2012 os_free(drv); 2013 return NULL; 2014} 2015 2016 2017static int nl80211_register_frame(struct wpa_driver_nl80211_data *drv, 2018 struct nl_handle *nl_handle, 2019 u16 type, const u8 *match, size_t match_len) 2020{ 2021 struct nl_msg *msg; 2022 int ret = -1; 2023 2024 msg = nlmsg_alloc(); 2025 if (!msg) 2026 return -1; 2027 2028 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 2029 NL80211_CMD_REGISTER_ACTION, 0); 2030 2031 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2032 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type); 2033 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 2034 2035 ret = send_and_recv(drv, nl_handle, msg, NULL, NULL); 2036 msg = NULL; 2037 if (ret) { 2038 wpa_printf(MSG_DEBUG, "nl80211: Register frame command " 2039 "failed (type=%u): ret=%d (%s)", 2040 type, ret, strerror(-ret)); 2041 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 2042 match, match_len); 2043 goto nla_put_failure; 2044 } 2045 ret = 0; 2046nla_put_failure: 2047 nlmsg_free(msg); 2048 return ret; 2049} 2050 2051 2052static int nl80211_register_action_frame(struct wpa_driver_nl80211_data *drv, 2053 const u8 *match, size_t match_len) 2054{ 2055 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4); 2056 return nl80211_register_frame(drv, drv->nl_handle_event, 2057 type, match, match_len); 2058} 2059 2060 2061static int nl80211_register_action_frames(struct wpa_driver_nl80211_data *drv) 2062{ 2063#ifdef CONFIG_P2P 2064 /* GAS Initial Request */ 2065 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0a", 2) < 0) 2066 return -1; 2067 /* GAS Initial Response */ 2068 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0b", 2) < 0) 2069 return -1; 2070 /* GAS Comeback Request */ 2071 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0c", 2) < 0) 2072 return -1; 2073 /* GAS Comeback Response */ 2074 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0d", 2) < 0) 2075 return -1; 2076 /* P2P Public Action */ 2077 if (nl80211_register_action_frame(drv, 2078 (u8 *) "\x04\x09\x50\x6f\x9a\x09", 2079 6) < 0) 2080 return -1; 2081 /* P2P Action */ 2082 if (nl80211_register_action_frame(drv, 2083 (u8 *) "\x7f\x50\x6f\x9a\x09", 2084 5) < 0) 2085 return -1; 2086#endif /* CONFIG_P2P */ 2087#ifdef CONFIG_IEEE80211W 2088 /* SA Query Response */ 2089 if (nl80211_register_action_frame(drv, (u8 *) "\x08\x01", 2) < 0) 2090 return -1; 2091#endif /* CONFIG_IEEE80211W */ 2092 2093 /* FT Action frames */ 2094 if (nl80211_register_action_frame(drv, (u8 *) "\x06", 1) < 0) 2095 return -1; 2096 else 2097 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 2098 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 2099 2100 return 0; 2101} 2102 2103 2104static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx) 2105{ 2106 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 2107} 2108 2109 2110static int 2111wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv) 2112{ 2113 struct i802_bss *bss = &drv->first_bss; 2114 int send_rfkill_event = 0; 2115 2116 drv->ifindex = if_nametoindex(bss->ifname); 2117 drv->first_bss.ifindex = drv->ifindex; 2118 2119#ifndef HOSTAPD 2120 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA) < 0) { 2121 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to " 2122 "use managed mode"); 2123 } 2124 2125 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) { 2126 if (rfkill_is_blocked(drv->rfkill)) { 2127 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable " 2128 "interface '%s' due to rfkill", 2129 bss->ifname); 2130 drv->if_disabled = 1; 2131 send_rfkill_event = 1; 2132 } else { 2133 wpa_printf(MSG_ERROR, "nl80211: Could not set " 2134 "interface '%s' UP", bss->ifname); 2135 return -1; 2136 } 2137 } 2138 2139 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 2140 1, IF_OPER_DORMANT); 2141#endif /* HOSTAPD */ 2142 2143 if (wpa_driver_nl80211_capa(drv)) 2144 return -1; 2145 2146 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, drv->addr)) 2147 return -1; 2148 2149 if (nl80211_register_action_frames(drv) < 0) { 2150 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 2151 "frame processing - ignore for now"); 2152 /* 2153 * Older kernel versions did not support this, so ignore the 2154 * error for now. Some functionality may not be available 2155 * because of this. 2156 */ 2157 } 2158 2159 if (send_rfkill_event) { 2160 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill, 2161 drv, drv->ctx); 2162 } 2163 2164 return 0; 2165} 2166 2167 2168static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 2169{ 2170 struct nl_msg *msg; 2171 2172 msg = nlmsg_alloc(); 2173 if (!msg) 2174 return -ENOMEM; 2175 2176 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2177 0, NL80211_CMD_DEL_BEACON, 0); 2178 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2179 2180 return send_and_recv_msgs(drv, msg, NULL, NULL); 2181 nla_put_failure: 2182 return -ENOBUFS; 2183} 2184 2185 2186/** 2187 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 2188 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init() 2189 * 2190 * Shut down driver interface and processing of driver events. Free 2191 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 2192 */ 2193static void wpa_driver_nl80211_deinit(void *priv) 2194{ 2195 struct i802_bss *bss = priv; 2196 struct wpa_driver_nl80211_data *drv = bss->drv; 2197 2198 if (drv->nl_handle_preq) 2199 wpa_driver_nl80211_probe_req_report(bss, 0); 2200 if (bss->added_if_into_bridge) { 2201 if (linux_br_del_if(drv->ioctl_sock, bss->brname, bss->ifname) 2202 < 0) 2203 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 2204 "interface %s from bridge %s: %s", 2205 bss->ifname, bss->brname, strerror(errno)); 2206 } 2207 if (bss->added_bridge) { 2208 if (linux_br_del(drv->ioctl_sock, bss->brname) < 0) 2209 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 2210 "bridge %s: %s", 2211 bss->brname, strerror(errno)); 2212 } 2213 2214 nl80211_remove_monitor_interface(drv); 2215 2216 if (drv->nlmode == NL80211_IFTYPE_AP) 2217 wpa_driver_nl80211_del_beacon(drv); 2218 2219#ifdef HOSTAPD 2220 if (drv->last_freq_ht) { 2221 /* Clear HT flags from the driver */ 2222 struct hostapd_freq_params freq; 2223 os_memset(&freq, 0, sizeof(freq)); 2224 freq.freq = drv->last_freq; 2225 i802_set_freq(priv, &freq); 2226 } 2227 2228 if (drv->eapol_sock >= 0) { 2229 eloop_unregister_read_sock(drv->eapol_sock); 2230 close(drv->eapol_sock); 2231 } 2232 2233 if (drv->if_indices != drv->default_if_indices) 2234 os_free(drv->if_indices); 2235#endif /* HOSTAPD */ 2236 2237 if (drv->disable_11b_rates) 2238 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 2239 2240 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP); 2241 netlink_deinit(drv->netlink); 2242 rfkill_deinit(drv->rfkill); 2243 2244 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 2245 2246 (void) linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0); 2247 wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA); 2248 2249 if (drv->ioctl_sock >= 0) 2250 close(drv->ioctl_sock); 2251 2252 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 2253 genl_family_put(drv->nl80211); 2254 nl_cache_free(drv->nl_cache); 2255 nl_cache_free(drv->nl_cache_event); 2256 nl80211_handle_destroy(drv->nl_handle); 2257 nl80211_handle_destroy(drv->nl_handle_event); 2258 nl_cb_put(drv->nl_cb); 2259 2260 os_free(drv->filter_ssids); 2261 2262 if (drv->global) 2263 dl_list_del(&drv->list); 2264 2265 os_free(drv); 2266} 2267 2268 2269/** 2270 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 2271 * @eloop_ctx: Driver private data 2272 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 2273 * 2274 * This function can be used as registered timeout when starting a scan to 2275 * generate a scan completed event if the driver does not report this. 2276 */ 2277static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 2278{ 2279 struct wpa_driver_nl80211_data *drv = eloop_ctx; 2280 if (drv->ap_scan_as_station) { 2281 wpa_driver_nl80211_set_mode(&drv->first_bss, 2282 IEEE80211_MODE_AP); 2283 drv->ap_scan_as_station = 0; 2284 } 2285 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 2286 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 2287} 2288 2289 2290/** 2291 * wpa_driver_nl80211_scan - Request the driver to initiate scan 2292 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 2293 * @params: Scan parameters 2294 * Returns: 0 on success, -1 on failure 2295 */ 2296static int wpa_driver_nl80211_scan(void *priv, 2297 struct wpa_driver_scan_params *params) 2298{ 2299 struct i802_bss *bss = priv; 2300 struct wpa_driver_nl80211_data *drv = bss->drv; 2301 int ret = 0, timeout; 2302 struct nl_msg *msg, *ssids, *freqs; 2303 size_t i; 2304 2305 msg = nlmsg_alloc(); 2306 ssids = nlmsg_alloc(); 2307 freqs = nlmsg_alloc(); 2308 if (!msg || !ssids || !freqs) { 2309 nlmsg_free(msg); 2310 nlmsg_free(ssids); 2311 nlmsg_free(freqs); 2312 return -1; 2313 } 2314 2315 os_free(drv->filter_ssids); 2316 drv->filter_ssids = params->filter_ssids; 2317 params->filter_ssids = NULL; 2318 drv->num_filter_ssids = params->num_filter_ssids; 2319 2320 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 2321 NL80211_CMD_TRIGGER_SCAN, 0); 2322 2323 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2324 2325 for (i = 0; i < params->num_ssids; i++) { 2326 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 2327 params->ssids[i].ssid, 2328 params->ssids[i].ssid_len); 2329 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len, 2330 params->ssids[i].ssid); 2331 } 2332 if (params->num_ssids) 2333 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids); 2334 2335 if (params->extra_ies) { 2336 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan extra IEs", 2337 params->extra_ies, params->extra_ies_len); 2338 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len, 2339 params->extra_ies); 2340 } 2341 2342 if (params->freqs) { 2343 for (i = 0; params->freqs[i]; i++) { 2344 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 2345 "MHz", params->freqs[i]); 2346 NLA_PUT_U32(freqs, i + 1, params->freqs[i]); 2347 } 2348 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs); 2349 } 2350 2351 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2352 msg = NULL; 2353 if (ret) { 2354 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 2355 "(%s)", ret, strerror(-ret)); 2356#ifdef HOSTAPD 2357 if (drv->nlmode == NL80211_IFTYPE_AP) { 2358 /* 2359 * mac80211 does not allow scan requests in AP mode, so 2360 * try to do this in station mode. 2361 */ 2362 if (wpa_driver_nl80211_set_mode(bss, 2363 IEEE80211_MODE_INFRA)) 2364 goto nla_put_failure; 2365 2366 if (wpa_driver_nl80211_scan(drv, params)) { 2367 wpa_driver_nl80211_set_mode(bss, 2368 IEEE80211_MODE_AP); 2369 goto nla_put_failure; 2370 } 2371 2372 /* Restore AP mode when processing scan results */ 2373 drv->ap_scan_as_station = 1; 2374 ret = 0; 2375 } else 2376 goto nla_put_failure; 2377#else /* HOSTAPD */ 2378 goto nla_put_failure; 2379#endif /* HOSTAPD */ 2380 } 2381 2382 /* Not all drivers generate "scan completed" wireless event, so try to 2383 * read results after a timeout. */ 2384 timeout = 10; 2385 if (drv->scan_complete_events) { 2386 /* 2387 * The driver seems to deliver events to notify when scan is 2388 * complete, so use longer timeout to avoid race conditions 2389 * with scanning and following association request. 2390 */ 2391 timeout = 30; 2392 } 2393 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 2394 "seconds", ret, timeout); 2395 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 2396 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 2397 drv, drv->ctx); 2398 2399nla_put_failure: 2400 nlmsg_free(ssids); 2401 nlmsg_free(msg); 2402 nlmsg_free(freqs); 2403 return ret; 2404} 2405 2406 2407static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 2408{ 2409 const u8 *end, *pos; 2410 2411 if (ies == NULL) 2412 return NULL; 2413 2414 pos = ies; 2415 end = ies + ies_len; 2416 2417 while (pos + 1 < end) { 2418 if (pos + 2 + pos[1] > end) 2419 break; 2420 if (pos[0] == ie) 2421 return pos; 2422 pos += 2 + pos[1]; 2423 } 2424 2425 return NULL; 2426} 2427 2428 2429static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 2430 const u8 *ie, size_t ie_len) 2431{ 2432 const u8 *ssid; 2433 size_t i; 2434 2435 if (drv->filter_ssids == NULL) 2436 return 0; 2437 2438 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 2439 if (ssid == NULL) 2440 return 1; 2441 2442 for (i = 0; i < drv->num_filter_ssids; i++) { 2443 if (ssid[1] == drv->filter_ssids[i].ssid_len && 2444 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 2445 0) 2446 return 0; 2447 } 2448 2449 return 1; 2450} 2451 2452 2453static int bss_info_handler(struct nl_msg *msg, void *arg) 2454{ 2455 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2456 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2457 struct nlattr *bss[NL80211_BSS_MAX + 1]; 2458 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 2459 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 2460 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 2461 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 2462 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 2463 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 2464 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 2465 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 2466 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 2467 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 2468 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 2469 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 2470 }; 2471 struct nl80211_bss_info_arg *_arg = arg; 2472 struct wpa_scan_results *res = _arg->res; 2473 struct wpa_scan_res **tmp; 2474 struct wpa_scan_res *r; 2475 const u8 *ie, *beacon_ie; 2476 size_t ie_len, beacon_ie_len; 2477 u8 *pos; 2478 size_t i; 2479 2480 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2481 genlmsg_attrlen(gnlh, 0), NULL); 2482 if (!tb[NL80211_ATTR_BSS]) 2483 return NL_SKIP; 2484 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 2485 bss_policy)) 2486 return NL_SKIP; 2487 if (bss[NL80211_BSS_STATUS]) { 2488 enum nl80211_bss_status status; 2489 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 2490 if (status == NL80211_BSS_STATUS_ASSOCIATED && 2491 bss[NL80211_BSS_FREQUENCY]) { 2492 _arg->assoc_freq = 2493 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 2494 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz", 2495 _arg->assoc_freq); 2496 } 2497 } 2498 if (!res) 2499 return NL_SKIP; 2500 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 2501 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 2502 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 2503 } else { 2504 ie = NULL; 2505 ie_len = 0; 2506 } 2507 if (bss[NL80211_BSS_BEACON_IES]) { 2508 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 2509 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 2510 } else { 2511 beacon_ie = NULL; 2512 beacon_ie_len = 0; 2513 } 2514 2515 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 2516 ie ? ie_len : beacon_ie_len)) 2517 return NL_SKIP; 2518 2519 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 2520 if (r == NULL) 2521 return NL_SKIP; 2522 if (bss[NL80211_BSS_BSSID]) 2523 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 2524 ETH_ALEN); 2525 if (bss[NL80211_BSS_FREQUENCY]) 2526 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 2527 if (bss[NL80211_BSS_BEACON_INTERVAL]) 2528 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 2529 if (bss[NL80211_BSS_CAPABILITY]) 2530 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 2531 r->flags |= WPA_SCAN_NOISE_INVALID; 2532 if (bss[NL80211_BSS_SIGNAL_MBM]) { 2533 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 2534 r->level /= 100; /* mBm to dBm */ 2535 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 2536 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 2537 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 2538 r->flags |= WPA_SCAN_LEVEL_INVALID; 2539 } else 2540 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 2541 if (bss[NL80211_BSS_TSF]) 2542 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 2543 if (bss[NL80211_BSS_SEEN_MS_AGO]) 2544 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 2545 r->ie_len = ie_len; 2546 pos = (u8 *) (r + 1); 2547 if (ie) { 2548 os_memcpy(pos, ie, ie_len); 2549 pos += ie_len; 2550 } 2551 r->beacon_ie_len = beacon_ie_len; 2552 if (beacon_ie) 2553 os_memcpy(pos, beacon_ie, beacon_ie_len); 2554 2555 if (bss[NL80211_BSS_STATUS]) { 2556 enum nl80211_bss_status status; 2557 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 2558 switch (status) { 2559 case NL80211_BSS_STATUS_AUTHENTICATED: 2560 r->flags |= WPA_SCAN_AUTHENTICATED; 2561 break; 2562 case NL80211_BSS_STATUS_ASSOCIATED: 2563 r->flags |= WPA_SCAN_ASSOCIATED; 2564 break; 2565 default: 2566 break; 2567 } 2568 } 2569 2570 /* 2571 * cfg80211 maintains separate BSS table entries for APs if the same 2572 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does 2573 * not use frequency as a separate key in the BSS table, so filter out 2574 * duplicated entries. Prefer associated BSS entry in such a case in 2575 * order to get the correct frequency into the BSS table. 2576 */ 2577 for (i = 0; i < res->num; i++) { 2578 const u8 *s1, *s2; 2579 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0) 2580 continue; 2581 2582 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1), 2583 res->res[i]->ie_len, WLAN_EID_SSID); 2584 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID); 2585 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] || 2586 os_memcmp(s1, s2, 2 + s1[1]) != 0) 2587 continue; 2588 2589 /* Same BSSID,SSID was already included in scan results */ 2590 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result " 2591 "for " MACSTR, MAC2STR(r->bssid)); 2592 2593 if ((r->flags & WPA_SCAN_ASSOCIATED) && 2594 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) { 2595 os_free(res->res[i]); 2596 res->res[i] = r; 2597 } else 2598 os_free(r); 2599 return NL_SKIP; 2600 } 2601 2602 tmp = os_realloc(res->res, 2603 (res->num + 1) * sizeof(struct wpa_scan_res *)); 2604 if (tmp == NULL) { 2605 os_free(r); 2606 return NL_SKIP; 2607 } 2608 tmp[res->num++] = r; 2609 res->res = tmp; 2610 2611 return NL_SKIP; 2612} 2613 2614 2615static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 2616 const u8 *addr) 2617{ 2618 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 2619 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 2620 "mismatch (" MACSTR ")", MAC2STR(addr)); 2621 wpa_driver_nl80211_mlme(drv, addr, 2622 NL80211_CMD_DEAUTHENTICATE, 2623 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 2624 } 2625} 2626 2627 2628static void wpa_driver_nl80211_check_bss_status( 2629 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 2630{ 2631 size_t i; 2632 2633 for (i = 0; i < res->num; i++) { 2634 struct wpa_scan_res *r = res->res[i]; 2635 if (r->flags & WPA_SCAN_AUTHENTICATED) { 2636 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 2637 "indicates BSS status with " MACSTR 2638 " as authenticated", 2639 MAC2STR(r->bssid)); 2640 if (drv->nlmode == NL80211_IFTYPE_STATION && 2641 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 2642 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 2643 0) { 2644 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 2645 " in local state (auth=" MACSTR 2646 " assoc=" MACSTR ")", 2647 MAC2STR(drv->auth_bssid), 2648 MAC2STR(drv->bssid)); 2649 clear_state_mismatch(drv, r->bssid); 2650 } 2651 } 2652 2653 if (r->flags & WPA_SCAN_ASSOCIATED) { 2654 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 2655 "indicate BSS status with " MACSTR 2656 " as associated", 2657 MAC2STR(r->bssid)); 2658 if (drv->nlmode == NL80211_IFTYPE_STATION && 2659 !drv->associated) { 2660 wpa_printf(MSG_DEBUG, "nl80211: Local state " 2661 "(not associated) does not match " 2662 "with BSS state"); 2663 clear_state_mismatch(drv, r->bssid); 2664 } else if (drv->nlmode == NL80211_IFTYPE_STATION && 2665 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 2666 0) { 2667 wpa_printf(MSG_DEBUG, "nl80211: Local state " 2668 "(associated with " MACSTR ") does " 2669 "not match with BSS state", 2670 MAC2STR(drv->bssid)); 2671 clear_state_mismatch(drv, r->bssid); 2672 clear_state_mismatch(drv, drv->bssid); 2673 } 2674 } 2675 } 2676} 2677 2678 2679static void wpa_scan_results_free(struct wpa_scan_results *res) 2680{ 2681 size_t i; 2682 2683 if (res == NULL) 2684 return; 2685 2686 for (i = 0; i < res->num; i++) 2687 os_free(res->res[i]); 2688 os_free(res->res); 2689 os_free(res); 2690} 2691 2692 2693static struct wpa_scan_results * 2694nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 2695{ 2696 struct nl_msg *msg; 2697 struct wpa_scan_results *res; 2698 int ret; 2699 struct nl80211_bss_info_arg arg; 2700 2701 res = os_zalloc(sizeof(*res)); 2702 if (res == NULL) 2703 return NULL; 2704 msg = nlmsg_alloc(); 2705 if (!msg) 2706 goto nla_put_failure; 2707 2708 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP, 2709 NL80211_CMD_GET_SCAN, 0); 2710 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2711 2712 arg.drv = drv; 2713 arg.res = res; 2714 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 2715 msg = NULL; 2716 if (ret == 0) { 2717 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)", 2718 (unsigned long) res->num); 2719 return res; 2720 } 2721 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 2722 "(%s)", ret, strerror(-ret)); 2723nla_put_failure: 2724 nlmsg_free(msg); 2725 wpa_scan_results_free(res); 2726 return NULL; 2727} 2728 2729 2730/** 2731 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 2732 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 2733 * Returns: Scan results on success, -1 on failure 2734 */ 2735static struct wpa_scan_results * 2736wpa_driver_nl80211_get_scan_results(void *priv) 2737{ 2738 struct i802_bss *bss = priv; 2739 struct wpa_driver_nl80211_data *drv = bss->drv; 2740 struct wpa_scan_results *res; 2741 2742 res = nl80211_get_scan_results(drv); 2743 if (res) 2744 wpa_driver_nl80211_check_bss_status(drv, res); 2745 return res; 2746} 2747 2748 2749static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 2750{ 2751 struct wpa_scan_results *res; 2752 size_t i; 2753 2754 res = nl80211_get_scan_results(drv); 2755 if (res == NULL) { 2756 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 2757 return; 2758 } 2759 2760 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 2761 for (i = 0; i < res->num; i++) { 2762 struct wpa_scan_res *r = res->res[i]; 2763 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 2764 (int) i, (int) res->num, MAC2STR(r->bssid), 2765 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 2766 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 2767 } 2768 2769 wpa_scan_results_free(res); 2770} 2771 2772 2773static int wpa_driver_nl80211_set_key(const char *ifname, void *priv, 2774 enum wpa_alg alg, const u8 *addr, 2775 int key_idx, int set_tx, 2776 const u8 *seq, size_t seq_len, 2777 const u8 *key, size_t key_len) 2778{ 2779 struct i802_bss *bss = priv; 2780 struct wpa_driver_nl80211_data *drv = bss->drv; 2781 int ifindex = if_nametoindex(ifname); 2782 struct nl_msg *msg; 2783 int ret; 2784 2785 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d " 2786 "set_tx=%d seq_len=%lu key_len=%lu", 2787 __func__, ifindex, alg, addr, key_idx, set_tx, 2788 (unsigned long) seq_len, (unsigned long) key_len); 2789 2790 msg = nlmsg_alloc(); 2791 if (!msg) 2792 return -ENOMEM; 2793 2794 if (alg == WPA_ALG_NONE) { 2795 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2796 0, NL80211_CMD_DEL_KEY, 0); 2797 } else { 2798 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2799 0, NL80211_CMD_NEW_KEY, 0); 2800 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 2801 switch (alg) { 2802 case WPA_ALG_WEP: 2803 if (key_len == 5) 2804 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2805 WLAN_CIPHER_SUITE_WEP40); 2806 else 2807 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2808 WLAN_CIPHER_SUITE_WEP104); 2809 break; 2810 case WPA_ALG_TKIP: 2811 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2812 WLAN_CIPHER_SUITE_TKIP); 2813 break; 2814 case WPA_ALG_CCMP: 2815 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2816 WLAN_CIPHER_SUITE_CCMP); 2817 break; 2818 case WPA_ALG_IGTK: 2819 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2820 WLAN_CIPHER_SUITE_AES_CMAC); 2821 break; 2822 default: 2823 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 2824 "algorithm %d", __func__, alg); 2825 nlmsg_free(msg); 2826 return -1; 2827 } 2828 } 2829 2830 if (seq && seq_len) 2831 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 2832 2833 if (addr && !is_broadcast_ether_addr(addr)) { 2834 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 2835 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 2836 2837 if (alg != WPA_ALG_WEP && key_idx && !set_tx) { 2838 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK"); 2839 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, 2840 NL80211_KEYTYPE_GROUP); 2841 } 2842 } else if (addr && is_broadcast_ether_addr(addr)) { 2843 struct nl_msg *types; 2844 int err; 2845 wpa_printf(MSG_DEBUG, " broadcast key"); 2846 types = nlmsg_alloc(); 2847 if (!types) 2848 goto nla_put_failure; 2849 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 2850 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 2851 types); 2852 nlmsg_free(types); 2853 if (err) 2854 goto nla_put_failure; 2855 } 2856 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 2857 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 2858 2859 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2860 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 2861 ret = 0; 2862 if (ret) 2863 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 2864 ret, strerror(-ret)); 2865 2866 /* 2867 * If we failed or don't need to set the default TX key (below), 2868 * we're done here. 2869 */ 2870 if (ret || !set_tx || alg == WPA_ALG_NONE) 2871 return ret; 2872 if (drv->nlmode == NL80211_IFTYPE_AP && addr && 2873 !is_broadcast_ether_addr(addr)) 2874 return ret; 2875 2876 msg = nlmsg_alloc(); 2877 if (!msg) 2878 return -ENOMEM; 2879 2880 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2881 0, NL80211_CMD_SET_KEY, 0); 2882 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 2883 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 2884 if (alg == WPA_ALG_IGTK) 2885 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 2886 else 2887 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 2888 if (addr && is_broadcast_ether_addr(addr)) { 2889 struct nl_msg *types; 2890 int err; 2891 types = nlmsg_alloc(); 2892 if (!types) 2893 goto nla_put_failure; 2894 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 2895 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 2896 types); 2897 nlmsg_free(types); 2898 if (err) 2899 goto nla_put_failure; 2900 } else if (addr) { 2901 struct nl_msg *types; 2902 int err; 2903 types = nlmsg_alloc(); 2904 if (!types) 2905 goto nla_put_failure; 2906 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_UNICAST); 2907 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 2908 types); 2909 nlmsg_free(types); 2910 if (err) 2911 goto nla_put_failure; 2912 } 2913 2914 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2915 if (ret == -ENOENT) 2916 ret = 0; 2917 if (ret) 2918 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 2919 "err=%d %s)", ret, strerror(-ret)); 2920 return ret; 2921 2922nla_put_failure: 2923 return -ENOBUFS; 2924} 2925 2926 2927static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 2928 int key_idx, int defkey, 2929 const u8 *seq, size_t seq_len, 2930 const u8 *key, size_t key_len) 2931{ 2932 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 2933 if (!key_attr) 2934 return -1; 2935 2936 if (defkey && alg == WPA_ALG_IGTK) 2937 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 2938 else if (defkey) 2939 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 2940 2941 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 2942 2943 switch (alg) { 2944 case WPA_ALG_WEP: 2945 if (key_len == 5) 2946 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2947 WLAN_CIPHER_SUITE_WEP40); 2948 else 2949 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2950 WLAN_CIPHER_SUITE_WEP104); 2951 break; 2952 case WPA_ALG_TKIP: 2953 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP); 2954 break; 2955 case WPA_ALG_CCMP: 2956 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP); 2957 break; 2958 case WPA_ALG_IGTK: 2959 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2960 WLAN_CIPHER_SUITE_AES_CMAC); 2961 break; 2962 default: 2963 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 2964 "algorithm %d", __func__, alg); 2965 return -1; 2966 } 2967 2968 if (seq && seq_len) 2969 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 2970 2971 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 2972 2973 nla_nest_end(msg, key_attr); 2974 2975 return 0; 2976 nla_put_failure: 2977 return -1; 2978} 2979 2980 2981static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 2982 struct nl_msg *msg) 2983{ 2984 int i, privacy = 0; 2985 struct nlattr *nl_keys, *nl_key; 2986 2987 for (i = 0; i < 4; i++) { 2988 if (!params->wep_key[i]) 2989 continue; 2990 privacy = 1; 2991 break; 2992 } 2993 if (params->wps == WPS_MODE_PRIVACY) 2994 privacy = 1; 2995 if (params->pairwise_suite && 2996 params->pairwise_suite != WPA_CIPHER_NONE) 2997 privacy = 1; 2998 2999 if (!privacy) 3000 return 0; 3001 3002 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 3003 3004 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 3005 if (!nl_keys) 3006 goto nla_put_failure; 3007 3008 for (i = 0; i < 4; i++) { 3009 if (!params->wep_key[i]) 3010 continue; 3011 3012 nl_key = nla_nest_start(msg, i); 3013 if (!nl_key) 3014 goto nla_put_failure; 3015 3016 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 3017 params->wep_key[i]); 3018 if (params->wep_key_len[i] == 5) 3019 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 3020 WLAN_CIPHER_SUITE_WEP40); 3021 else 3022 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 3023 WLAN_CIPHER_SUITE_WEP104); 3024 3025 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 3026 3027 if (i == params->wep_tx_keyidx) 3028 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 3029 3030 nla_nest_end(msg, nl_key); 3031 } 3032 nla_nest_end(msg, nl_keys); 3033 3034 return 0; 3035 3036nla_put_failure: 3037 return -ENOBUFS; 3038} 3039 3040 3041static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 3042 const u8 *addr, int cmd, u16 reason_code, 3043 int local_state_change) 3044{ 3045 int ret = -1; 3046 struct nl_msg *msg; 3047 3048 msg = nlmsg_alloc(); 3049 if (!msg) 3050 return -1; 3051 3052 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0); 3053 3054 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3055 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 3056 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 3057 if (local_state_change) 3058 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 3059 3060 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3061 msg = NULL; 3062 if (ret) { 3063 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 3064 "(%s)", ret, strerror(-ret)); 3065 goto nla_put_failure; 3066 } 3067 ret = 0; 3068 3069nla_put_failure: 3070 nlmsg_free(msg); 3071 return ret; 3072} 3073 3074 3075static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 3076 const u8 *addr, int reason_code) 3077{ 3078 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 3079 __func__, MAC2STR(addr), reason_code); 3080 drv->associated = 0; 3081 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT, 3082 reason_code, 0); 3083} 3084 3085 3086static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr, 3087 int reason_code) 3088{ 3089 struct i802_bss *bss = priv; 3090 struct wpa_driver_nl80211_data *drv = bss->drv; 3091 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 3092 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 3093 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 3094 __func__, MAC2STR(addr), reason_code); 3095 drv->associated = 0; 3096 if (drv->nlmode == NL80211_IFTYPE_ADHOC) 3097 return nl80211_leave_ibss(drv); 3098 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 3099 reason_code, 0); 3100} 3101 3102 3103static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr, 3104 int reason_code) 3105{ 3106 struct i802_bss *bss = priv; 3107 struct wpa_driver_nl80211_data *drv = bss->drv; 3108 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 3109 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 3110 wpa_printf(MSG_DEBUG, "%s", __func__); 3111 drv->associated = 0; 3112 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE, 3113 reason_code, 0); 3114} 3115 3116 3117static int wpa_driver_nl80211_authenticate( 3118 void *priv, struct wpa_driver_auth_params *params) 3119{ 3120 struct i802_bss *bss = priv; 3121 struct wpa_driver_nl80211_data *drv = bss->drv; 3122 int ret = -1, i; 3123 struct nl_msg *msg; 3124 enum nl80211_auth_type type; 3125 int count = 0; 3126 3127 drv->associated = 0; 3128 os_memset(drv->auth_bssid, 0, ETH_ALEN); 3129 /* FIX: IBSS mode */ 3130 if (drv->nlmode != NL80211_IFTYPE_STATION && 3131 wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA) < 0) 3132 return -1; 3133 3134retry: 3135 msg = nlmsg_alloc(); 3136 if (!msg) 3137 return -1; 3138 3139 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 3140 drv->ifindex); 3141 3142 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3143 NL80211_CMD_AUTHENTICATE, 0); 3144 3145 for (i = 0; i < 4; i++) { 3146 if (!params->wep_key[i]) 3147 continue; 3148 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP, 3149 NULL, i, 3150 i == params->wep_tx_keyidx, NULL, 0, 3151 params->wep_key[i], 3152 params->wep_key_len[i]); 3153 if (params->wep_tx_keyidx != i) 3154 continue; 3155 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 3156 params->wep_key[i], params->wep_key_len[i])) { 3157 nlmsg_free(msg); 3158 return -1; 3159 } 3160 } 3161 3162 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3163 if (params->bssid) { 3164 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 3165 MAC2STR(params->bssid)); 3166 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 3167 } 3168 if (params->freq) { 3169 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 3170 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 3171 } 3172 if (params->ssid) { 3173 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 3174 params->ssid, params->ssid_len); 3175 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 3176 params->ssid); 3177 } 3178 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 3179 if (params->ie) 3180 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 3181 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 3182 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 3183 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 3184 type = NL80211_AUTHTYPE_SHARED_KEY; 3185 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 3186 type = NL80211_AUTHTYPE_NETWORK_EAP; 3187 else if (params->auth_alg & WPA_AUTH_ALG_FT) 3188 type = NL80211_AUTHTYPE_FT; 3189 else 3190 goto nla_put_failure; 3191 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 3192 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 3193 if (params->local_state_change) { 3194 wpa_printf(MSG_DEBUG, " * Local state change only"); 3195 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 3196 } 3197 3198 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3199 msg = NULL; 3200 if (ret) { 3201 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 3202 "(%s)", ret, strerror(-ret)); 3203 count++; 3204 if (ret == -EALREADY && count == 1 && params->bssid && 3205 !params->local_state_change) { 3206 /* 3207 * mac80211 does not currently accept new 3208 * authentication if we are already authenticated. As a 3209 * workaround, force deauthentication and try again. 3210 */ 3211 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 3212 "after forced deauthentication"); 3213 wpa_driver_nl80211_deauthenticate( 3214 bss, params->bssid, 3215 WLAN_REASON_PREV_AUTH_NOT_VALID); 3216 nlmsg_free(msg); 3217 goto retry; 3218 } 3219 goto nla_put_failure; 3220 } 3221 ret = 0; 3222 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 3223 "successfully"); 3224 3225nla_put_failure: 3226 nlmsg_free(msg); 3227 return ret; 3228} 3229 3230 3231struct phy_info_arg { 3232 u16 *num_modes; 3233 struct hostapd_hw_modes *modes; 3234}; 3235 3236static int phy_info_handler(struct nl_msg *msg, void *arg) 3237{ 3238 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3239 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3240 struct phy_info_arg *phy_info = arg; 3241 3242 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 3243 3244 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 3245 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 3246 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 3247 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 3248 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG }, 3249 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG }, 3250 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 3251 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 3252 }; 3253 3254 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 3255 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 3256 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 3257 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG }, 3258 }; 3259 3260 struct nlattr *nl_band; 3261 struct nlattr *nl_freq; 3262 struct nlattr *nl_rate; 3263 int rem_band, rem_freq, rem_rate; 3264 struct hostapd_hw_modes *mode; 3265 int idx, mode_is_set; 3266 3267 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3268 genlmsg_attrlen(gnlh, 0), NULL); 3269 3270 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 3271 return NL_SKIP; 3272 3273 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) { 3274 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode)); 3275 if (!mode) 3276 return NL_SKIP; 3277 phy_info->modes = mode; 3278 3279 mode_is_set = 0; 3280 3281 mode = &phy_info->modes[*(phy_info->num_modes)]; 3282 memset(mode, 0, sizeof(*mode)); 3283 *(phy_info->num_modes) += 1; 3284 3285 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 3286 nla_len(nl_band), NULL); 3287 3288 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) { 3289 mode->ht_capab = nla_get_u16( 3290 tb_band[NL80211_BAND_ATTR_HT_CAPA]); 3291 } 3292 3293 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) { 3294 mode->a_mpdu_params |= nla_get_u8( 3295 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) & 3296 0x03; 3297 } 3298 3299 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) { 3300 mode->a_mpdu_params |= nla_get_u8( 3301 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) << 3302 2; 3303 } 3304 3305 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] && 3306 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) { 3307 u8 *mcs; 3308 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 3309 os_memcpy(mode->mcs_set, mcs, 16); 3310 } 3311 3312 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 3313 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 3314 nla_len(nl_freq), freq_policy); 3315 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 3316 continue; 3317 mode->num_channels++; 3318 } 3319 3320 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data)); 3321 if (!mode->channels) 3322 return NL_SKIP; 3323 3324 idx = 0; 3325 3326 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 3327 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 3328 nla_len(nl_freq), freq_policy); 3329 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 3330 continue; 3331 3332 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 3333 mode->channels[idx].flag = 0; 3334 3335 if (!mode_is_set) { 3336 /* crude heuristic */ 3337 if (mode->channels[idx].freq < 4000) 3338 mode->mode = HOSTAPD_MODE_IEEE80211B; 3339 else 3340 mode->mode = HOSTAPD_MODE_IEEE80211A; 3341 mode_is_set = 1; 3342 } 3343 3344 /* crude heuristic */ 3345 if (mode->channels[idx].freq < 4000) 3346 if (mode->channels[idx].freq == 2484) 3347 mode->channels[idx].chan = 14; 3348 else 3349 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5; 3350 else 3351 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000; 3352 3353 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 3354 mode->channels[idx].flag |= 3355 HOSTAPD_CHAN_DISABLED; 3356 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN]) 3357 mode->channels[idx].flag |= 3358 HOSTAPD_CHAN_PASSIVE_SCAN; 3359 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS]) 3360 mode->channels[idx].flag |= 3361 HOSTAPD_CHAN_NO_IBSS; 3362 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 3363 mode->channels[idx].flag |= 3364 HOSTAPD_CHAN_RADAR; 3365 3366 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] && 3367 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 3368 mode->channels[idx].max_tx_power = 3369 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100; 3370 3371 idx++; 3372 } 3373 3374 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 3375 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 3376 nla_len(nl_rate), rate_policy); 3377 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 3378 continue; 3379 mode->num_rates++; 3380 } 3381 3382 mode->rates = os_zalloc(mode->num_rates * sizeof(int)); 3383 if (!mode->rates) 3384 return NL_SKIP; 3385 3386 idx = 0; 3387 3388 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 3389 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 3390 nla_len(nl_rate), rate_policy); 3391 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 3392 continue; 3393 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]); 3394 3395 /* crude heuristic */ 3396 if (mode->mode == HOSTAPD_MODE_IEEE80211B && 3397 mode->rates[idx] > 200) 3398 mode->mode = HOSTAPD_MODE_IEEE80211G; 3399 3400 idx++; 3401 } 3402 } 3403 3404 return NL_SKIP; 3405} 3406 3407static struct hostapd_hw_modes * 3408wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes) 3409{ 3410 u16 m; 3411 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 3412 int i, mode11g_idx = -1; 3413 3414 /* If only 802.11g mode is included, use it to construct matching 3415 * 802.11b mode data. */ 3416 3417 for (m = 0; m < *num_modes; m++) { 3418 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 3419 return modes; /* 802.11b already included */ 3420 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 3421 mode11g_idx = m; 3422 } 3423 3424 if (mode11g_idx < 0) 3425 return modes; /* 2.4 GHz band not supported at all */ 3426 3427 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes)); 3428 if (nmodes == NULL) 3429 return modes; /* Could not add 802.11b mode */ 3430 3431 mode = &nmodes[*num_modes]; 3432 os_memset(mode, 0, sizeof(*mode)); 3433 (*num_modes)++; 3434 modes = nmodes; 3435 3436 mode->mode = HOSTAPD_MODE_IEEE80211B; 3437 3438 mode11g = &modes[mode11g_idx]; 3439 mode->num_channels = mode11g->num_channels; 3440 mode->channels = os_malloc(mode11g->num_channels * 3441 sizeof(struct hostapd_channel_data)); 3442 if (mode->channels == NULL) { 3443 (*num_modes)--; 3444 return modes; /* Could not add 802.11b mode */ 3445 } 3446 os_memcpy(mode->channels, mode11g->channels, 3447 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 3448 3449 mode->num_rates = 0; 3450 mode->rates = os_malloc(4 * sizeof(int)); 3451 if (mode->rates == NULL) { 3452 os_free(mode->channels); 3453 (*num_modes)--; 3454 return modes; /* Could not add 802.11b mode */ 3455 } 3456 3457 for (i = 0; i < mode11g->num_rates; i++) { 3458 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 3459 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 3460 continue; 3461 mode->rates[mode->num_rates] = mode11g->rates[i]; 3462 mode->num_rates++; 3463 if (mode->num_rates == 4) 3464 break; 3465 } 3466 3467 if (mode->num_rates == 0) { 3468 os_free(mode->channels); 3469 os_free(mode->rates); 3470 (*num_modes)--; 3471 return modes; /* No 802.11b rates */ 3472 } 3473 3474 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 3475 "information"); 3476 3477 return modes; 3478} 3479 3480 3481static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start, 3482 int end) 3483{ 3484 int c; 3485 3486 for (c = 0; c < mode->num_channels; c++) { 3487 struct hostapd_channel_data *chan = &mode->channels[c]; 3488 if (chan->freq - 10 >= start && chan->freq + 10 <= end) 3489 chan->flag |= HOSTAPD_CHAN_HT40; 3490 } 3491} 3492 3493 3494static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start, 3495 int end) 3496{ 3497 int c; 3498 3499 for (c = 0; c < mode->num_channels; c++) { 3500 struct hostapd_channel_data *chan = &mode->channels[c]; 3501 if (!(chan->flag & HOSTAPD_CHAN_HT40)) 3502 continue; 3503 if (chan->freq - 30 >= start && chan->freq - 10 <= end) 3504 chan->flag |= HOSTAPD_CHAN_HT40MINUS; 3505 if (chan->freq + 10 >= start && chan->freq + 30 <= end) 3506 chan->flag |= HOSTAPD_CHAN_HT40PLUS; 3507 } 3508} 3509 3510 3511static void nl80211_reg_rule_ht40(struct nlattr *tb[], 3512 struct phy_info_arg *results) 3513{ 3514 u32 start, end, max_bw; 3515 u16 m; 3516 3517 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 3518 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 3519 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 3520 return; 3521 3522 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 3523 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 3524 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 3525 3526 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz", 3527 start, end, max_bw); 3528 if (max_bw < 40) 3529 return; 3530 3531 for (m = 0; m < *results->num_modes; m++) { 3532 if (!(results->modes[m].ht_capab & 3533 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 3534 continue; 3535 nl80211_set_ht40_mode(&results->modes[m], start, end); 3536 } 3537} 3538 3539 3540static void nl80211_reg_rule_sec(struct nlattr *tb[], 3541 struct phy_info_arg *results) 3542{ 3543 u32 start, end, max_bw; 3544 u16 m; 3545 3546 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 3547 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 3548 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 3549 return; 3550 3551 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 3552 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 3553 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 3554 3555 if (max_bw < 20) 3556 return; 3557 3558 for (m = 0; m < *results->num_modes; m++) { 3559 if (!(results->modes[m].ht_capab & 3560 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 3561 continue; 3562 nl80211_set_ht40_mode_sec(&results->modes[m], start, end); 3563 } 3564} 3565 3566 3567static int nl80211_get_reg(struct nl_msg *msg, void *arg) 3568{ 3569 struct phy_info_arg *results = arg; 3570 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3571 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3572 struct nlattr *nl_rule; 3573 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1]; 3574 int rem_rule; 3575 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 3576 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 3577 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 3578 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 3579 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 3580 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 3581 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 3582 }; 3583 3584 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3585 genlmsg_attrlen(gnlh, 0), NULL); 3586 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] || 3587 !tb_msg[NL80211_ATTR_REG_RULES]) { 3588 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information " 3589 "available"); 3590 return NL_SKIP; 3591 } 3592 3593 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s", 3594 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2])); 3595 3596 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 3597 { 3598 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 3599 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 3600 nl80211_reg_rule_ht40(tb_rule, results); 3601 } 3602 3603 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 3604 { 3605 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 3606 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 3607 nl80211_reg_rule_sec(tb_rule, results); 3608 } 3609 3610 return NL_SKIP; 3611} 3612 3613 3614static int nl80211_set_ht40_flags(struct wpa_driver_nl80211_data *drv, 3615 struct phy_info_arg *results) 3616{ 3617 struct nl_msg *msg; 3618 3619 msg = nlmsg_alloc(); 3620 if (!msg) 3621 return -ENOMEM; 3622 3623 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3624 0, NL80211_CMD_GET_REG, 0); 3625 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results); 3626} 3627 3628 3629static struct hostapd_hw_modes * 3630wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 3631{ 3632 struct i802_bss *bss = priv; 3633 struct wpa_driver_nl80211_data *drv = bss->drv; 3634 struct nl_msg *msg; 3635 struct phy_info_arg result = { 3636 .num_modes = num_modes, 3637 .modes = NULL, 3638 }; 3639 3640 *num_modes = 0; 3641 *flags = 0; 3642 3643 msg = nlmsg_alloc(); 3644 if (!msg) 3645 return NULL; 3646 3647 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3648 0, NL80211_CMD_GET_WIPHY, 0); 3649 3650 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3651 3652 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) { 3653 nl80211_set_ht40_flags(drv, &result); 3654 return wpa_driver_nl80211_add_11b(result.modes, num_modes); 3655 } 3656 nla_put_failure: 3657 return NULL; 3658} 3659 3660 3661static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv, 3662 const void *data, size_t len, 3663 int encrypt) 3664{ 3665 __u8 rtap_hdr[] = { 3666 0x00, 0x00, /* radiotap version */ 3667 0x0e, 0x00, /* radiotap length */ 3668 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 3669 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 3670 0x00, /* padding */ 3671 0x00, 0x00, /* RX and TX flags to indicate that */ 3672 0x00, 0x00, /* this is the injected frame directly */ 3673 }; 3674 struct iovec iov[2] = { 3675 { 3676 .iov_base = &rtap_hdr, 3677 .iov_len = sizeof(rtap_hdr), 3678 }, 3679 { 3680 .iov_base = (void *) data, 3681 .iov_len = len, 3682 } 3683 }; 3684 struct msghdr msg = { 3685 .msg_name = NULL, 3686 .msg_namelen = 0, 3687 .msg_iov = iov, 3688 .msg_iovlen = 2, 3689 .msg_control = NULL, 3690 .msg_controllen = 0, 3691 .msg_flags = 0, 3692 }; 3693 int res; 3694 3695 if (encrypt) 3696 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 3697 3698 if (drv->monitor_sock < 0) { 3699 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available " 3700 "for %s", __func__); 3701 return -1; 3702 } 3703 3704 res = sendmsg(drv->monitor_sock, &msg, 0); 3705 if (res < 0) { 3706 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno)); 3707 return -1; 3708 } 3709 return 0; 3710} 3711 3712 3713static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data, 3714 size_t data_len) 3715{ 3716 struct i802_bss *bss = priv; 3717 struct wpa_driver_nl80211_data *drv = bss->drv; 3718 struct ieee80211_mgmt *mgmt; 3719 int encrypt = 1; 3720 u16 fc; 3721 3722 mgmt = (struct ieee80211_mgmt *) data; 3723 fc = le_to_host16(mgmt->frame_control); 3724#ifndef ANDROID_BRCM_P2P_PATCH 3725 if (drv->nlmode == NL80211_IFTYPE_STATION && 3726#else 3727 if ( 3728#endif 3729 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 3730 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) { 3731 /* 3732 * The use of last_mgmt_freq is a bit of a hack, 3733 * but it works due to the single-threaded nature 3734 * of wpa_supplicant. 3735 */ 3736 return nl80211_send_frame_cmd(drv, drv->last_mgmt_freq, 0, 3737 data, data_len, NULL); 3738 } 3739 3740 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 3741 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 3742 /* 3743 * Only one of the authentication frame types is encrypted. 3744 * In order for static WEP encryption to work properly (i.e., 3745 * to not encrypt the frame), we need to tell mac80211 about 3746 * the frames that must not be encrypted. 3747 */ 3748 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 3749 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 3750 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 3751 encrypt = 0; 3752 } 3753 3754 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt); 3755} 3756 3757 3758static int wpa_driver_nl80211_set_beacon(void *priv, 3759 const u8 *head, size_t head_len, 3760 const u8 *tail, size_t tail_len, 3761 int dtim_period, int beacon_int) 3762{ 3763 struct i802_bss *bss = priv; 3764 struct wpa_driver_nl80211_data *drv = bss->drv; 3765 struct nl_msg *msg; 3766 u8 cmd = NL80211_CMD_NEW_BEACON; 3767 int ret; 3768 int beacon_set; 3769 int ifindex = if_nametoindex(bss->ifname); 3770#ifdef ANDROID_BRCM_P2P_PATCH 3771 beacon_set = 1; 3772#else 3773 beacon_set = bss->beacon_set; 3774#endif 3775 3776 msg = nlmsg_alloc(); 3777 if (!msg) 3778 return -ENOMEM; 3779 3780 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 3781 beacon_set); 3782 if (beacon_set) 3783 cmd = NL80211_CMD_SET_BEACON; 3784 3785 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3786 0, cmd, 0); 3787 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head); 3788 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail); 3789 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 3790 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, beacon_int); 3791 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period); 3792 3793 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3794 if (ret) { 3795 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 3796 ret, strerror(-ret)); 3797 } else { 3798 bss->beacon_set = 1; 3799 } 3800#if defined(ANDROID_BRCM_P2P_PATCH) && defined(HOSTAPD) 3801 wpa_driver_nl80211_probe_req_report(priv, 1); 3802#endif 3803 return ret; 3804 nla_put_failure: 3805 return -ENOBUFS; 3806} 3807 3808 3809static int wpa_driver_nl80211_set_freq(struct wpa_driver_nl80211_data *drv, 3810 int freq, int ht_enabled, 3811 int sec_channel_offset) 3812{ 3813 struct nl_msg *msg; 3814 int ret; 3815 3816 msg = nlmsg_alloc(); 3817 if (!msg) 3818 return -1; 3819 3820 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3821 NL80211_CMD_SET_WIPHY, 0); 3822 3823 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3824 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 3825 if (ht_enabled) { 3826 switch (sec_channel_offset) { 3827 case -1: 3828 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3829 NL80211_CHAN_HT40MINUS); 3830 break; 3831 case 1: 3832 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3833 NL80211_CHAN_HT40PLUS); 3834 break; 3835 default: 3836#ifndef ANDROID_BRCM_P2P_PATCH 3837/* Should be change to HT20 as a default value because P2P firmware does not support 11n for BCM4329 */ 3838 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3839 NL80211_CHAN_HT20); 3840#else 3841 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3842 NL80211_CHAN_NO_HT); 3843#endif 3844 break; 3845 } 3846 } 3847 3848 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3849 if (ret == 0) 3850 return 0; 3851 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 3852 "%d (%s)", freq, ret, strerror(-ret)); 3853nla_put_failure: 3854 return -1; 3855} 3856 3857 3858static int wpa_driver_nl80211_sta_add(void *priv, 3859 struct hostapd_sta_add_params *params) 3860{ 3861 struct i802_bss *bss = priv; 3862 struct wpa_driver_nl80211_data *drv = bss->drv; 3863 struct nl_msg *msg; 3864 int ret = -ENOBUFS; 3865 3866 msg = nlmsg_alloc(); 3867 if (!msg) 3868 return -ENOMEM; 3869 3870 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3871 0, NL80211_CMD_NEW_STATION, 0); 3872 3873 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 3874 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 3875 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 3876 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 3877 params->supp_rates); 3878 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 3879 params->listen_interval); 3880 if (params->ht_capabilities) { 3881 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 3882 sizeof(*params->ht_capabilities), 3883 params->ht_capabilities); 3884 } 3885 3886 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3887 if (ret) 3888 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION " 3889 "result: %d (%s)", ret, strerror(-ret)); 3890 if (ret == -EEXIST) 3891 ret = 0; 3892 nla_put_failure: 3893 return ret; 3894} 3895 3896 3897static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr) 3898{ 3899 struct i802_bss *bss = priv; 3900 struct wpa_driver_nl80211_data *drv = bss->drv; 3901 struct nl_msg *msg; 3902 int ret; 3903 3904 msg = nlmsg_alloc(); 3905 if (!msg) 3906 return -ENOMEM; 3907 3908 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3909 0, NL80211_CMD_DEL_STATION, 0); 3910 3911 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 3912 if_nametoindex(bss->ifname)); 3913 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 3914 3915 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3916 if (ret == -ENOENT) 3917 return 0; 3918 return ret; 3919 nla_put_failure: 3920 return -ENOBUFS; 3921} 3922 3923 3924static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 3925 int ifidx) 3926{ 3927 struct nl_msg *msg; 3928 3929 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 3930 3931#ifdef HOSTAPD 3932 /* stop listening for EAPOL on this interface */ 3933 del_ifidx(drv, ifidx); 3934#endif /* HOSTAPD */ 3935 3936 msg = nlmsg_alloc(); 3937 if (!msg) 3938 goto nla_put_failure; 3939 3940 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3941 0, NL80211_CMD_DEL_INTERFACE, 0); 3942 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 3943 3944 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 3945 return; 3946 nla_put_failure: 3947 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 3948} 3949 3950 3951static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 3952 const char *ifname, 3953 enum nl80211_iftype iftype, 3954 const u8 *addr, int wds) 3955{ 3956 struct nl_msg *msg, *flags = NULL; 3957 int ifidx; 3958 int ret = -ENOBUFS; 3959 3960 msg = nlmsg_alloc(); 3961 if (!msg) 3962 return -1; 3963 3964 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3965 0, NL80211_CMD_NEW_INTERFACE, 0); 3966 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3967 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 3968 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 3969 3970 if (iftype == NL80211_IFTYPE_MONITOR) { 3971 int err; 3972 3973 flags = nlmsg_alloc(); 3974 if (!flags) 3975 goto nla_put_failure; 3976 3977 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES); 3978 3979 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags); 3980 3981 nlmsg_free(flags); 3982 3983 if (err) 3984 goto nla_put_failure; 3985 } else if (wds) { 3986 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 3987 } 3988 3989 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3990 if (ret) { 3991 nla_put_failure: 3992 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 3993 ifname, ret, strerror(-ret)); 3994 return ret; 3995 } 3996 3997 ifidx = if_nametoindex(ifname); 3998 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 3999 ifname, ifidx); 4000 4001 if (ifidx <= 0) 4002 return -1; 4003 4004#ifdef HOSTAPD 4005 /* start listening for EAPOL on this interface */ 4006 add_ifidx(drv, ifidx); 4007#endif /* HOSTAPD */ 4008 4009 if (addr && iftype != NL80211_IFTYPE_MONITOR && 4010 linux_set_ifhwaddr(drv->ioctl_sock, ifname, addr)) { 4011 nl80211_remove_iface(drv, ifidx); 4012 return -1; 4013 } 4014 4015 return ifidx; 4016} 4017 4018 4019static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 4020 const char *ifname, enum nl80211_iftype iftype, 4021 const u8 *addr, int wds) 4022{ 4023 int ret; 4024 4025 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds); 4026 4027 /* if error occured and interface exists already */ 4028 if (ret == -ENFILE && if_nametoindex(ifname)) { 4029 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 4030 4031 /* Try to remove the interface that was already there. */ 4032 nl80211_remove_iface(drv, if_nametoindex(ifname)); 4033 4034 /* Try to create the interface again */ 4035 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 4036 wds); 4037 } 4038 4039 if (ret >= 0 && drv->disable_11b_rates) 4040 nl80211_disable_11b_rates(drv, ret, 1); 4041 4042 return ret; 4043} 4044 4045 4046static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 4047{ 4048 struct ieee80211_hdr *hdr; 4049 u16 fc; 4050 union wpa_event_data event; 4051 4052 hdr = (struct ieee80211_hdr *) buf; 4053 fc = le_to_host16(hdr->frame_control); 4054 4055 os_memset(&event, 0, sizeof(event)); 4056 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 4057 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 4058 event.tx_status.dst = hdr->addr1; 4059 event.tx_status.data = buf; 4060 event.tx_status.data_len = len; 4061 event.tx_status.ack = ok; 4062 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 4063} 4064 4065 4066static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 4067 u8 *buf, size_t len) 4068{ 4069 union wpa_event_data event; 4070 os_memset(&event, 0, sizeof(event)); 4071 event.rx_from_unknown.frame = buf; 4072 event.rx_from_unknown.len = len; 4073 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 4074} 4075 4076 4077static void handle_frame(struct wpa_driver_nl80211_data *drv, 4078 u8 *buf, size_t len, int datarate, int ssi_signal) 4079{ 4080 struct ieee80211_hdr *hdr; 4081 u16 fc; 4082 union wpa_event_data event; 4083 4084 hdr = (struct ieee80211_hdr *) buf; 4085 fc = le_to_host16(hdr->frame_control); 4086 4087 switch (WLAN_FC_GET_TYPE(fc)) { 4088 case WLAN_FC_TYPE_MGMT: 4089 os_memset(&event, 0, sizeof(event)); 4090 event.rx_mgmt.frame = buf; 4091 event.rx_mgmt.frame_len = len; 4092 event.rx_mgmt.datarate = datarate; 4093 event.rx_mgmt.ssi_signal = ssi_signal; 4094 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 4095 break; 4096 case WLAN_FC_TYPE_CTRL: 4097 /* can only get here with PS-Poll frames */ 4098 wpa_printf(MSG_DEBUG, "CTRL"); 4099 from_unknown_sta(drv, buf, len); 4100 break; 4101 case WLAN_FC_TYPE_DATA: 4102 from_unknown_sta(drv, buf, len); 4103 break; 4104 } 4105} 4106 4107 4108static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 4109{ 4110 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4111 int len; 4112 unsigned char buf[3000]; 4113 struct ieee80211_radiotap_iterator iter; 4114 int ret; 4115 int datarate = 0, ssi_signal = 0; 4116 int injected = 0, failed = 0, rxflags = 0; 4117 4118 len = recv(sock, buf, sizeof(buf), 0); 4119 if (len < 0) { 4120 perror("recv"); 4121 return; 4122 } 4123 4124 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) { 4125 printf("received invalid radiotap frame\n"); 4126 return; 4127 } 4128 4129 while (1) { 4130 ret = ieee80211_radiotap_iterator_next(&iter); 4131 if (ret == -ENOENT) 4132 break; 4133 if (ret) { 4134 printf("received invalid radiotap frame (%d)\n", ret); 4135 return; 4136 } 4137 switch (iter.this_arg_index) { 4138 case IEEE80211_RADIOTAP_FLAGS: 4139 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 4140 len -= 4; 4141 break; 4142 case IEEE80211_RADIOTAP_RX_FLAGS: 4143 rxflags = 1; 4144 break; 4145 case IEEE80211_RADIOTAP_TX_FLAGS: 4146 injected = 1; 4147 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 4148 IEEE80211_RADIOTAP_F_TX_FAIL; 4149 break; 4150 case IEEE80211_RADIOTAP_DATA_RETRIES: 4151 break; 4152 case IEEE80211_RADIOTAP_CHANNEL: 4153 /* TODO: convert from freq/flags to channel number */ 4154 break; 4155 case IEEE80211_RADIOTAP_RATE: 4156 datarate = *iter.this_arg * 5; 4157 break; 4158 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 4159 ssi_signal = *iter.this_arg; 4160 break; 4161 } 4162 } 4163 4164 if (rxflags && injected) 4165 return; 4166 4167 if (!injected) 4168 handle_frame(drv, buf + iter.max_length, 4169 len - iter.max_length, datarate, ssi_signal); 4170 else 4171 handle_tx_callback(drv->ctx, buf + iter.max_length, 4172 len - iter.max_length, !failed); 4173} 4174 4175 4176/* 4177 * we post-process the filter code later and rewrite 4178 * this to the offset to the last instruction 4179 */ 4180#define PASS 0xFF 4181#define FAIL 0xFE 4182 4183static struct sock_filter msock_filter_insns[] = { 4184 /* 4185 * do a little-endian load of the radiotap length field 4186 */ 4187 /* load lower byte into A */ 4188 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 4189 /* put it into X (== index register) */ 4190 BPF_STMT(BPF_MISC| BPF_TAX, 0), 4191 /* load upper byte into A */ 4192 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 4193 /* left-shift it by 8 */ 4194 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 4195 /* or with X */ 4196 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 4197 /* put result into X */ 4198 BPF_STMT(BPF_MISC| BPF_TAX, 0), 4199 4200 /* 4201 * Allow management frames through, this also gives us those 4202 * management frames that we sent ourselves with status 4203 */ 4204 /* load the lower byte of the IEEE 802.11 frame control field */ 4205 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 4206 /* mask off frame type and version */ 4207 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 4208 /* accept frame if it's both 0, fall through otherwise */ 4209 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 4210 4211 /* 4212 * TODO: add a bit to radiotap RX flags that indicates 4213 * that the sending station is not associated, then 4214 * add a filter here that filters on our DA and that flag 4215 * to allow us to deauth frames to that bad station. 4216 * 4217 * For now allow all To DS data frames through. 4218 */ 4219 /* load the IEEE 802.11 frame control field */ 4220 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0), 4221 /* mask off frame type, version and DS status */ 4222 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03), 4223 /* accept frame if version 0, type 2 and To DS, fall through otherwise 4224 */ 4225 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0), 4226 4227#if 0 4228 /* 4229 * drop non-data frames 4230 */ 4231 /* load the lower byte of the frame control field */ 4232 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 4233 /* mask off QoS bit */ 4234 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 4235 /* drop non-data frames */ 4236 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 4237#endif 4238 /* load the upper byte of the frame control field */ 4239 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 4240 /* mask off toDS/fromDS */ 4241 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 4242 /* accept WDS frames */ 4243 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 4244 4245 /* 4246 * add header length to index 4247 */ 4248 /* load the lower byte of the frame control field */ 4249 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 4250 /* mask off QoS bit */ 4251 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 4252 /* right shift it by 6 to give 0 or 2 */ 4253 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 4254 /* add data frame header length */ 4255 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 4256 /* add index, was start of 802.11 header */ 4257 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 4258 /* move to index, now start of LL header */ 4259 BPF_STMT(BPF_MISC | BPF_TAX, 0), 4260 4261 /* 4262 * Accept empty data frames, we use those for 4263 * polling activity. 4264 */ 4265 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 4266 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 4267 4268 /* 4269 * Accept EAPOL frames 4270 */ 4271 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 4272 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 4273 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 4274 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 4275 4276 /* keep these last two statements or change the code below */ 4277 /* return 0 == "DROP" */ 4278 BPF_STMT(BPF_RET | BPF_K, 0), 4279 /* return ~0 == "keep all" */ 4280 BPF_STMT(BPF_RET | BPF_K, ~0), 4281}; 4282 4283static struct sock_fprog msock_filter = { 4284 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]), 4285 .filter = msock_filter_insns, 4286}; 4287 4288 4289static int add_monitor_filter(int s) 4290{ 4291 int idx; 4292 4293 /* rewrite all PASS/FAIL jump offsets */ 4294 for (idx = 0; idx < msock_filter.len; idx++) { 4295 struct sock_filter *insn = &msock_filter_insns[idx]; 4296 4297 if (BPF_CLASS(insn->code) == BPF_JMP) { 4298 if (insn->code == (BPF_JMP|BPF_JA)) { 4299 if (insn->k == PASS) 4300 insn->k = msock_filter.len - idx - 2; 4301 else if (insn->k == FAIL) 4302 insn->k = msock_filter.len - idx - 3; 4303 } 4304 4305 if (insn->jt == PASS) 4306 insn->jt = msock_filter.len - idx - 2; 4307 else if (insn->jt == FAIL) 4308 insn->jt = msock_filter.len - idx - 3; 4309 4310 if (insn->jf == PASS) 4311 insn->jf = msock_filter.len - idx - 2; 4312 else if (insn->jf == FAIL) 4313 insn->jf = msock_filter.len - idx - 3; 4314 } 4315 } 4316 4317 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 4318 &msock_filter, sizeof(msock_filter))) { 4319 perror("SO_ATTACH_FILTER"); 4320 return -1; 4321 } 4322 4323 return 0; 4324} 4325 4326 4327static void nl80211_remove_monitor_interface( 4328 struct wpa_driver_nl80211_data *drv) 4329{ 4330 if (drv->monitor_ifidx >= 0) { 4331 nl80211_remove_iface(drv, drv->monitor_ifidx); 4332 drv->monitor_ifidx = -1; 4333 } 4334 if (drv->monitor_sock >= 0) { 4335 eloop_unregister_read_sock(drv->monitor_sock); 4336 close(drv->monitor_sock); 4337 drv->monitor_sock = -1; 4338 } 4339} 4340 4341 4342static int 4343nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 4344{ 4345 char buf[IFNAMSIZ]; 4346 struct sockaddr_ll ll; 4347 int optval; 4348 socklen_t optlen; 4349#ifdef ANDROID_BRCM_P2P_PATCH 4350 snprintf(buf, IFNAMSIZ, "%s%s", WPA_MONITOR_IFNAME_PREFIX, drv->first_bss.ifname); 4351#else 4352 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname); 4353#endif 4354 buf[IFNAMSIZ - 1] = '\0'; 4355 4356 drv->monitor_ifidx = 4357 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 4358 0); 4359 4360 if (drv->monitor_ifidx == -EOPNOTSUPP) { 4361 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support " 4362 "monitor interface type - try to run without it"); 4363 drv->no_monitor_iface_capab = 1; 4364 } 4365 4366 if (drv->monitor_ifidx < 0) 4367 return -1; 4368 4369 if (linux_set_iface_flags(drv->ioctl_sock, buf, 1)) 4370 goto error; 4371 4372 memset(&ll, 0, sizeof(ll)); 4373 ll.sll_family = AF_PACKET; 4374 ll.sll_ifindex = drv->monitor_ifidx; 4375 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 4376 if (drv->monitor_sock < 0) { 4377 perror("socket[PF_PACKET,SOCK_RAW]"); 4378 goto error; 4379 } 4380 4381 if (add_monitor_filter(drv->monitor_sock)) { 4382 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 4383 "interface; do filtering in user space"); 4384 /* This works, but will cost in performance. */ 4385 } 4386 4387 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 4388 perror("monitor socket bind"); 4389 goto error; 4390 } 4391 4392 optlen = sizeof(optval); 4393 optval = 20; 4394 if (setsockopt 4395 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 4396 perror("Failed to set socket priority"); 4397 goto error; 4398 } 4399 4400 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 4401 drv, NULL)) { 4402 printf("Could not register monitor read socket\n"); 4403 goto error; 4404 } 4405 4406 return 0; 4407 error: 4408 nl80211_remove_monitor_interface(drv); 4409 return -1; 4410} 4411 4412 4413static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 4414 4415static int wpa_driver_nl80211_hapd_send_eapol( 4416 void *priv, const u8 *addr, const u8 *data, 4417 size_t data_len, int encrypt, const u8 *own_addr, u32 flags) 4418{ 4419 struct i802_bss *bss = priv; 4420 struct wpa_driver_nl80211_data *drv = bss->drv; 4421 struct ieee80211_hdr *hdr; 4422 size_t len; 4423 u8 *pos; 4424 int res; 4425 int qos = flags & WPA_STA_WMM; 4426 4427 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 4428 data_len; 4429 hdr = os_zalloc(len); 4430 if (hdr == NULL) { 4431 printf("malloc() failed for i802_send_data(len=%lu)\n", 4432 (unsigned long) len); 4433 return -1; 4434 } 4435 4436 hdr->frame_control = 4437 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 4438 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 4439 if (encrypt) 4440 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 4441 if (qos) { 4442 hdr->frame_control |= 4443 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 4444 } 4445 4446 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 4447 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 4448 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 4449 pos = (u8 *) (hdr + 1); 4450 4451 if (qos) { 4452 /* add an empty QoS header if needed */ 4453 pos[0] = 0; 4454 pos[1] = 0; 4455 pos += 2; 4456 } 4457 4458 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 4459 pos += sizeof(rfc1042_header); 4460 WPA_PUT_BE16(pos, ETH_P_PAE); 4461 pos += 2; 4462 memcpy(pos, data, data_len); 4463 4464 res = wpa_driver_nl80211_send_frame(drv, (u8 *) hdr, len, encrypt); 4465 if (res < 0) { 4466 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 4467 "failed: %d (%s)", 4468 (unsigned long) len, errno, strerror(errno)); 4469 } 4470 os_free(hdr); 4471 4472 return res; 4473} 4474 4475 4476static u32 sta_flags_nl80211(int flags) 4477{ 4478 u32 f = 0; 4479 4480 if (flags & WPA_STA_AUTHORIZED) 4481 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 4482 if (flags & WPA_STA_WMM) 4483 f |= BIT(NL80211_STA_FLAG_WME); 4484 if (flags & WPA_STA_SHORT_PREAMBLE) 4485 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 4486 if (flags & WPA_STA_MFP) 4487 f |= BIT(NL80211_STA_FLAG_MFP); 4488 4489 return f; 4490} 4491 4492 4493static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 4494 int total_flags, 4495 int flags_or, int flags_and) 4496{ 4497 struct i802_bss *bss = priv; 4498 struct wpa_driver_nl80211_data *drv = bss->drv; 4499 struct nl_msg *msg, *flags = NULL; 4500 struct nl80211_sta_flag_update upd; 4501 4502 msg = nlmsg_alloc(); 4503 if (!msg) 4504 return -ENOMEM; 4505 4506 flags = nlmsg_alloc(); 4507 if (!flags) { 4508 nlmsg_free(msg); 4509 return -ENOMEM; 4510 } 4511 4512 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4513 0, NL80211_CMD_SET_STATION, 0); 4514 4515 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 4516 if_nametoindex(bss->ifname)); 4517 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 4518 4519 /* 4520 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 4521 * can be removed eventually. 4522 */ 4523 if (total_flags & WPA_STA_AUTHORIZED) 4524 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED); 4525 4526 if (total_flags & WPA_STA_WMM) 4527 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME); 4528 4529 if (total_flags & WPA_STA_SHORT_PREAMBLE) 4530 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE); 4531 4532 if (total_flags & WPA_STA_MFP) 4533 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP); 4534 4535 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags)) 4536 goto nla_put_failure; 4537 4538 os_memset(&upd, 0, sizeof(upd)); 4539 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 4540 upd.set = sta_flags_nl80211(flags_or); 4541 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 4542 4543 nlmsg_free(flags); 4544 4545 return send_and_recv_msgs(drv, msg, NULL, NULL); 4546 nla_put_failure: 4547 nlmsg_free(flags); 4548 return -ENOBUFS; 4549} 4550 4551 4552static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 4553 struct wpa_driver_associate_params *params) 4554{ 4555 if (params->p2p) 4556 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P " 4557 "group (GO)"); 4558 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode) || 4559 wpa_driver_nl80211_set_freq(drv, params->freq, 0, 0)) { 4560 nl80211_remove_monitor_interface(drv); 4561 return -1; 4562 } 4563 4564 /* TODO: setup monitor interface (and add code somewhere to remove this 4565 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */ 4566 4567 return 0; 4568} 4569 4570 4571static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 4572{ 4573 struct nl_msg *msg; 4574 int ret = -1; 4575 4576 msg = nlmsg_alloc(); 4577 if (!msg) 4578 return -1; 4579 4580 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4581 NL80211_CMD_LEAVE_IBSS, 0); 4582 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4583 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4584 msg = NULL; 4585 if (ret) { 4586 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 4587 "(%s)", ret, strerror(-ret)); 4588 goto nla_put_failure; 4589 } 4590 4591 ret = 0; 4592 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 4593 4594nla_put_failure: 4595 nlmsg_free(msg); 4596 return ret; 4597} 4598 4599 4600static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 4601 struct wpa_driver_associate_params *params) 4602{ 4603 struct nl_msg *msg; 4604 int ret = -1; 4605 int count = 0; 4606 4607 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 4608 4609 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode)) { 4610 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 4611 "IBSS mode"); 4612 return -1; 4613 } 4614 4615retry: 4616 msg = nlmsg_alloc(); 4617 if (!msg) 4618 return -1; 4619 4620 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4621 NL80211_CMD_JOIN_IBSS, 0); 4622 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4623 4624 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 4625 goto nla_put_failure; 4626 4627 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 4628 params->ssid, params->ssid_len); 4629 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 4630 params->ssid); 4631 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 4632 drv->ssid_len = params->ssid_len; 4633 4634 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 4635 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 4636 4637 ret = nl80211_set_conn_keys(params, msg); 4638 if (ret) 4639 goto nla_put_failure; 4640 4641 if (params->wpa_ie) { 4642 wpa_hexdump(MSG_DEBUG, 4643 " * Extra IEs for Beacon/Probe Response frames", 4644 params->wpa_ie, params->wpa_ie_len); 4645 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 4646 params->wpa_ie); 4647 } 4648 4649 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4650 msg = NULL; 4651 if (ret) { 4652 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 4653 ret, strerror(-ret)); 4654 count++; 4655 if (ret == -EALREADY && count == 1) { 4656 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 4657 "forced leave"); 4658 nl80211_leave_ibss(drv); 4659 nlmsg_free(msg); 4660 goto retry; 4661 } 4662 4663 goto nla_put_failure; 4664 } 4665 ret = 0; 4666 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 4667 4668nla_put_failure: 4669 nlmsg_free(msg); 4670 return ret; 4671} 4672 4673 4674static int wpa_driver_nl80211_connect( 4675 struct wpa_driver_nl80211_data *drv, 4676 struct wpa_driver_associate_params *params) 4677{ 4678 struct nl_msg *msg; 4679 enum nl80211_auth_type type; 4680 int ret = 0; 4681 int algs; 4682 4683 msg = nlmsg_alloc(); 4684 if (!msg) 4685 return -1; 4686 4687 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 4688 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4689 NL80211_CMD_CONNECT, 0); 4690 4691 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4692 if (params->bssid) { 4693 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 4694 MAC2STR(params->bssid)); 4695 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 4696 } 4697 if (params->freq) { 4698 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 4699 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 4700 } 4701 if (params->ssid) { 4702 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 4703 params->ssid, params->ssid_len); 4704 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 4705 params->ssid); 4706 if (params->ssid_len > sizeof(drv->ssid)) 4707 goto nla_put_failure; 4708 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 4709 drv->ssid_len = params->ssid_len; 4710 } 4711 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 4712 if (params->wpa_ie) 4713 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 4714 params->wpa_ie); 4715 4716 algs = 0; 4717 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 4718 algs++; 4719 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 4720 algs++; 4721 if (params->auth_alg & WPA_AUTH_ALG_LEAP) 4722 algs++; 4723 if (algs > 1) { 4724 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " 4725 "selection"); 4726 goto skip_auth_type; 4727 } 4728 4729 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 4730 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 4731 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 4732 type = NL80211_AUTHTYPE_SHARED_KEY; 4733 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 4734 type = NL80211_AUTHTYPE_NETWORK_EAP; 4735 else if (params->auth_alg & WPA_AUTH_ALG_FT) 4736 type = NL80211_AUTHTYPE_FT; 4737 else 4738 goto nla_put_failure; 4739 4740 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 4741 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 4742 4743skip_auth_type: 4744 if (params->wpa_ie && params->wpa_ie_len) { 4745 enum nl80211_wpa_versions ver; 4746 4747 if (params->wpa_ie[0] == WLAN_EID_RSN) 4748 ver = NL80211_WPA_VERSION_2; 4749 else 4750 ver = NL80211_WPA_VERSION_1; 4751 4752 wpa_printf(MSG_DEBUG, " * WPA Version %d", ver); 4753 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 4754 } 4755 4756 if (params->pairwise_suite != CIPHER_NONE) { 4757 int cipher; 4758 4759 switch (params->pairwise_suite) { 4760 case CIPHER_WEP40: 4761 cipher = WLAN_CIPHER_SUITE_WEP40; 4762 break; 4763 case CIPHER_WEP104: 4764 cipher = WLAN_CIPHER_SUITE_WEP104; 4765 break; 4766 case CIPHER_CCMP: 4767 cipher = WLAN_CIPHER_SUITE_CCMP; 4768 break; 4769 case CIPHER_TKIP: 4770 default: 4771 cipher = WLAN_CIPHER_SUITE_TKIP; 4772 break; 4773 } 4774 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 4775 } 4776 4777 if (params->group_suite != CIPHER_NONE) { 4778 int cipher; 4779 4780 switch (params->group_suite) { 4781 case CIPHER_WEP40: 4782 cipher = WLAN_CIPHER_SUITE_WEP40; 4783 break; 4784 case CIPHER_WEP104: 4785 cipher = WLAN_CIPHER_SUITE_WEP104; 4786 break; 4787 case CIPHER_CCMP: 4788 cipher = WLAN_CIPHER_SUITE_CCMP; 4789 break; 4790 case CIPHER_TKIP: 4791 default: 4792 cipher = WLAN_CIPHER_SUITE_TKIP; 4793 break; 4794 } 4795 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 4796 } 4797 4798 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 4799 params->key_mgmt_suite == KEY_MGMT_PSK) { 4800 int mgmt = WLAN_AKM_SUITE_PSK; 4801 4802 switch (params->key_mgmt_suite) { 4803 case KEY_MGMT_802_1X: 4804 mgmt = WLAN_AKM_SUITE_8021X; 4805 break; 4806 case KEY_MGMT_PSK: 4807 default: 4808 mgmt = WLAN_AKM_SUITE_PSK; 4809 break; 4810 } 4811 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 4812 } 4813 4814 ret = nl80211_set_conn_keys(params, msg); 4815 if (ret) 4816 goto nla_put_failure; 4817 4818 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4819 msg = NULL; 4820 if (ret) { 4821 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 4822 "(%s)", ret, strerror(-ret)); 4823 goto nla_put_failure; 4824 } 4825 ret = 0; 4826 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 4827 4828nla_put_failure: 4829 nlmsg_free(msg); 4830 return ret; 4831 4832} 4833 4834 4835static int wpa_driver_nl80211_associate( 4836 void *priv, struct wpa_driver_associate_params *params) 4837{ 4838 struct i802_bss *bss = priv; 4839 struct wpa_driver_nl80211_data *drv = bss->drv; 4840 int ret = -1; 4841 struct nl_msg *msg; 4842 4843 if (params->mode == IEEE80211_MODE_AP) 4844 return wpa_driver_nl80211_ap(drv, params); 4845 4846 if (params->mode == IEEE80211_MODE_IBSS) 4847 return wpa_driver_nl80211_ibss(drv, params); 4848 4849 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 4850 if (wpa_driver_nl80211_set_mode(priv, params->mode) < 0) 4851 return -1; 4852 return wpa_driver_nl80211_connect(drv, params); 4853 } 4854 4855 drv->associated = 0; 4856 4857 msg = nlmsg_alloc(); 4858 if (!msg) 4859 return -1; 4860 4861 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 4862 drv->ifindex); 4863 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4864 NL80211_CMD_ASSOCIATE, 0); 4865 4866 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4867 if (params->bssid) { 4868 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 4869 MAC2STR(params->bssid)); 4870 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 4871 } 4872 if (params->freq) { 4873 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 4874 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 4875 drv->assoc_freq = params->freq; 4876 } else 4877 drv->assoc_freq = 0; 4878 if (params->ssid) { 4879 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 4880 params->ssid, params->ssid_len); 4881 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 4882 params->ssid); 4883 if (params->ssid_len > sizeof(drv->ssid)) 4884 goto nla_put_failure; 4885 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 4886 drv->ssid_len = params->ssid_len; 4887 } 4888 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 4889 if (params->wpa_ie) 4890 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 4891 params->wpa_ie); 4892 4893 if (params->pairwise_suite != CIPHER_NONE) { 4894 int cipher; 4895 4896 switch (params->pairwise_suite) { 4897 case CIPHER_WEP40: 4898 cipher = WLAN_CIPHER_SUITE_WEP40; 4899 break; 4900 case CIPHER_WEP104: 4901 cipher = WLAN_CIPHER_SUITE_WEP104; 4902 break; 4903 case CIPHER_CCMP: 4904 cipher = WLAN_CIPHER_SUITE_CCMP; 4905 break; 4906 case CIPHER_TKIP: 4907 default: 4908 cipher = WLAN_CIPHER_SUITE_TKIP; 4909 break; 4910 } 4911 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher); 4912 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 4913 } 4914 4915 if (params->group_suite != CIPHER_NONE) { 4916 int cipher; 4917 4918 switch (params->group_suite) { 4919 case CIPHER_WEP40: 4920 cipher = WLAN_CIPHER_SUITE_WEP40; 4921 break; 4922 case CIPHER_WEP104: 4923 cipher = WLAN_CIPHER_SUITE_WEP104; 4924 break; 4925 case CIPHER_CCMP: 4926 cipher = WLAN_CIPHER_SUITE_CCMP; 4927 break; 4928 case CIPHER_TKIP: 4929 default: 4930 cipher = WLAN_CIPHER_SUITE_TKIP; 4931 break; 4932 } 4933 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher); 4934 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 4935 } 4936 4937#ifdef CONFIG_IEEE80211W 4938 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 4939 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 4940#endif /* CONFIG_IEEE80211W */ 4941 4942 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 4943 4944 if (params->prev_bssid) { 4945 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 4946 MAC2STR(params->prev_bssid)); 4947 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 4948 params->prev_bssid); 4949 } 4950 4951 if (params->p2p) 4952 wpa_printf(MSG_DEBUG, " * P2P group"); 4953 4954 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4955 msg = NULL; 4956 if (ret) { 4957 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 4958 "(%s)", ret, strerror(-ret)); 4959 nl80211_dump_scan(drv); 4960 goto nla_put_failure; 4961 } 4962 ret = 0; 4963 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 4964 "successfully"); 4965 4966nla_put_failure: 4967 nlmsg_free(msg); 4968 return ret; 4969} 4970 4971 4972static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 4973 int ifindex, int mode) 4974{ 4975 struct nl_msg *msg; 4976 int ret = -ENOBUFS; 4977 4978 msg = nlmsg_alloc(); 4979 if (!msg) 4980 return -ENOMEM; 4981 4982 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4983 0, NL80211_CMD_SET_INTERFACE, 0); 4984 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 4985 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 4986 4987 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4988 if (!ret) 4989 return 0; 4990nla_put_failure: 4991 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 4992 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 4993 return ret; 4994} 4995 4996 4997static int wpa_driver_nl80211_set_mode(void *priv, int mode) 4998{ 4999 struct i802_bss *bss = priv; 5000 struct wpa_driver_nl80211_data *drv = bss->drv; 5001 int ret = -1; 5002 int nlmode; 5003 int i; 5004 5005 switch (mode) { 5006 case 0: 5007 nlmode = NL80211_IFTYPE_STATION; 5008 break; 5009 case 1: 5010 nlmode = NL80211_IFTYPE_ADHOC; 5011 break; 5012 case 2: 5013 nlmode = NL80211_IFTYPE_AP; 5014 break; 5015 default: 5016 return -1; 5017 } 5018 5019 if (nl80211_set_mode(drv, drv->ifindex, nlmode) == 0) { 5020 drv->nlmode = nlmode; 5021 ret = 0; 5022 goto done; 5023 } 5024 5025 if (nlmode == drv->nlmode) { 5026 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 5027 "requested mode - ignore error"); 5028 ret = 0; 5029 goto done; /* Already in the requested mode */ 5030 } 5031 5032 /* mac80211 doesn't allow mode changes while the device is up, so 5033 * take the device down, try to set the mode again, and bring the 5034 * device back up. 5035 */ 5036 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting " 5037 "interface down"); 5038 for (i = 0; i < 10; i++) { 5039 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0) == 5040 0) { 5041 /* Try to set the mode again while the interface is 5042 * down */ 5043 ret = nl80211_set_mode(drv, drv->ifindex, nlmode); 5044 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 5045 1)) 5046 ret = -1; 5047 if (!ret) 5048 break; 5049 } else 5050 wpa_printf(MSG_DEBUG, "nl80211: Failed to set " 5051 "interface down"); 5052 os_sleep(0, 100000); 5053 } 5054 5055 if (!ret) { 5056 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 5057 "interface is down"); 5058 drv->nlmode = nlmode; 5059 } 5060 5061done: 5062 if (!ret && nlmode == NL80211_IFTYPE_AP) { 5063 /* Setup additional AP mode functionality if needed */ 5064 if (!drv->no_monitor_iface_capab && drv->monitor_ifidx < 0 && 5065 nl80211_create_monitor_interface(drv) && 5066 !drv->no_monitor_iface_capab) 5067 return -1; 5068 } else if (!ret && nlmode != NL80211_IFTYPE_AP) { 5069 /* Remove additional AP mode functionality */ 5070 nl80211_remove_monitor_interface(drv); 5071 bss->beacon_set = 0; 5072 } 5073 5074 if (ret) 5075 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 5076 "from %d failed", nlmode, drv->nlmode); 5077 5078 return ret; 5079} 5080 5081 5082static int wpa_driver_nl80211_get_capa(void *priv, 5083 struct wpa_driver_capa *capa) 5084{ 5085 struct i802_bss *bss = priv; 5086 struct wpa_driver_nl80211_data *drv = bss->drv; 5087 if (!drv->has_capability) 5088 return -1; 5089 os_memcpy(capa, &drv->capa, sizeof(*capa)); 5090 return 0; 5091} 5092 5093 5094static int wpa_driver_nl80211_set_operstate(void *priv, int state) 5095{ 5096 struct i802_bss *bss = priv; 5097 struct wpa_driver_nl80211_data *drv = bss->drv; 5098 5099 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 5100 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 5101 drv->operstate = state; 5102 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1, 5103 state ? IF_OPER_UP : IF_OPER_DORMANT); 5104} 5105 5106 5107static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 5108{ 5109 struct i802_bss *bss = priv; 5110 struct wpa_driver_nl80211_data *drv = bss->drv; 5111 struct nl_msg *msg; 5112 struct nl80211_sta_flag_update upd; 5113 5114 msg = nlmsg_alloc(); 5115 if (!msg) 5116 return -ENOMEM; 5117 5118 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5119 0, NL80211_CMD_SET_STATION, 0); 5120 5121 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 5122 if_nametoindex(bss->ifname)); 5123 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 5124 5125 os_memset(&upd, 0, sizeof(upd)); 5126 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 5127 if (authorized) 5128 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 5129 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 5130 5131 return send_and_recv_msgs(drv, msg, NULL, NULL); 5132 nla_put_failure: 5133 return -ENOBUFS; 5134} 5135 5136 5137/* Set kernel driver on given frequency (MHz) */ 5138static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 5139{ 5140 struct i802_bss *bss = priv; 5141 struct wpa_driver_nl80211_data *drv = bss->drv; 5142 return wpa_driver_nl80211_set_freq(drv, freq->freq, freq->ht_enabled, 5143 freq->sec_channel_offset); 5144} 5145 5146 5147#if defined(HOSTAPD) || defined(CONFIG_AP) 5148 5149static inline int min_int(int a, int b) 5150{ 5151 if (a < b) 5152 return a; 5153 return b; 5154} 5155 5156 5157static int get_key_handler(struct nl_msg *msg, void *arg) 5158{ 5159 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 5160 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5161 5162 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5163 genlmsg_attrlen(gnlh, 0), NULL); 5164 5165 /* 5166 * TODO: validate the key index and mac address! 5167 * Otherwise, there's a race condition as soon as 5168 * the kernel starts sending key notifications. 5169 */ 5170 5171 if (tb[NL80211_ATTR_KEY_SEQ]) 5172 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 5173 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 5174 return NL_SKIP; 5175} 5176 5177 5178static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 5179 int idx, u8 *seq) 5180{ 5181 struct i802_bss *bss = priv; 5182 struct wpa_driver_nl80211_data *drv = bss->drv; 5183 struct nl_msg *msg; 5184 5185 msg = nlmsg_alloc(); 5186 if (!msg) 5187 return -ENOMEM; 5188 5189 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5190 0, NL80211_CMD_GET_KEY, 0); 5191 5192 if (addr) 5193 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5194 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 5195 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 5196 5197 memset(seq, 0, 6); 5198 5199 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 5200 nla_put_failure: 5201 return -ENOBUFS; 5202} 5203 5204 5205static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates, 5206 int mode) 5207{ 5208 struct i802_bss *bss = priv; 5209 struct wpa_driver_nl80211_data *drv = bss->drv; 5210 struct nl_msg *msg; 5211 u8 rates[NL80211_MAX_SUPP_RATES]; 5212 u8 rates_len = 0; 5213 int i; 5214 5215 msg = nlmsg_alloc(); 5216 if (!msg) 5217 return -ENOMEM; 5218 5219 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 5220 NL80211_CMD_SET_BSS, 0); 5221 5222 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++) 5223 rates[rates_len++] = basic_rates[i] / 5; 5224 5225 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 5226 5227 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5228 5229 return send_and_recv_msgs(drv, msg, NULL, NULL); 5230 nla_put_failure: 5231 return -ENOBUFS; 5232} 5233 5234 5235static int i802_set_rts(void *priv, int rts) 5236{ 5237 struct i802_bss *bss = priv; 5238 struct wpa_driver_nl80211_data *drv = bss->drv; 5239 struct nl_msg *msg; 5240 int ret = -ENOBUFS; 5241 u32 val; 5242 5243 msg = nlmsg_alloc(); 5244 if (!msg) 5245 return -ENOMEM; 5246 5247 if (rts >= 2347) 5248 val = (u32) -1; 5249 else 5250 val = rts; 5251 5252 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5253 0, NL80211_CMD_SET_WIPHY, 0); 5254 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5255 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 5256 5257 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5258 if (!ret) 5259 return 0; 5260nla_put_failure: 5261 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 5262 "%d (%s)", rts, ret, strerror(-ret)); 5263 return ret; 5264} 5265 5266 5267static int i802_set_frag(void *priv, int frag) 5268{ 5269 struct i802_bss *bss = priv; 5270 struct wpa_driver_nl80211_data *drv = bss->drv; 5271 struct nl_msg *msg; 5272 int ret = -ENOBUFS; 5273 u32 val; 5274 5275 msg = nlmsg_alloc(); 5276 if (!msg) 5277 return -ENOMEM; 5278 5279 if (frag >= 2346) 5280 val = (u32) -1; 5281 else 5282 val = frag; 5283 5284 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5285 0, NL80211_CMD_SET_WIPHY, 0); 5286 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5287 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 5288 5289 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5290 if (!ret) 5291 return 0; 5292nla_put_failure: 5293 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 5294 "%d: %d (%s)", frag, ret, strerror(-ret)); 5295 return ret; 5296} 5297 5298 5299static int i802_flush(void *priv) 5300{ 5301 struct i802_bss *bss = priv; 5302 struct wpa_driver_nl80211_data *drv = bss->drv; 5303 struct nl_msg *msg; 5304 5305 msg = nlmsg_alloc(); 5306 if (!msg) 5307 return -1; 5308 5309 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5310 0, NL80211_CMD_DEL_STATION, 0); 5311 5312 /* 5313 * XXX: FIX! this needs to flush all VLANs too 5314 */ 5315 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 5316 if_nametoindex(bss->ifname)); 5317 5318 return send_and_recv_msgs(drv, msg, NULL, NULL); 5319 nla_put_failure: 5320 return -ENOBUFS; 5321} 5322 5323 5324static int get_sta_handler(struct nl_msg *msg, void *arg) 5325{ 5326 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 5327 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5328 struct hostap_sta_driver_data *data = arg; 5329 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 5330 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 5331 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 5332 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 5333 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 5334 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 5335 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 5336 }; 5337 5338 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5339 genlmsg_attrlen(gnlh, 0), NULL); 5340 5341 /* 5342 * TODO: validate the interface and mac address! 5343 * Otherwise, there's a race condition as soon as 5344 * the kernel starts sending station notifications. 5345 */ 5346 5347 if (!tb[NL80211_ATTR_STA_INFO]) { 5348 wpa_printf(MSG_DEBUG, "sta stats missing!"); 5349 return NL_SKIP; 5350 } 5351 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 5352 tb[NL80211_ATTR_STA_INFO], 5353 stats_policy)) { 5354 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 5355 return NL_SKIP; 5356 } 5357 5358 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 5359 data->inactive_msec = 5360 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 5361 if (stats[NL80211_STA_INFO_RX_BYTES]) 5362 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 5363 if (stats[NL80211_STA_INFO_TX_BYTES]) 5364 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 5365 if (stats[NL80211_STA_INFO_RX_PACKETS]) 5366 data->rx_packets = 5367 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 5368 if (stats[NL80211_STA_INFO_TX_PACKETS]) 5369 data->tx_packets = 5370 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 5371 5372 return NL_SKIP; 5373} 5374 5375static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data, 5376 const u8 *addr) 5377{ 5378 struct i802_bss *bss = priv; 5379 struct wpa_driver_nl80211_data *drv = bss->drv; 5380 struct nl_msg *msg; 5381 5382 os_memset(data, 0, sizeof(*data)); 5383 msg = nlmsg_alloc(); 5384 if (!msg) 5385 return -ENOMEM; 5386 5387 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5388 0, NL80211_CMD_GET_STATION, 0); 5389 5390 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5391 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5392 5393 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 5394 nla_put_failure: 5395 return -ENOBUFS; 5396} 5397 5398 5399static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 5400 int cw_min, int cw_max, int burst_time) 5401{ 5402 struct i802_bss *bss = priv; 5403 struct wpa_driver_nl80211_data *drv = bss->drv; 5404 struct nl_msg *msg; 5405 struct nlattr *txq, *params; 5406 5407 msg = nlmsg_alloc(); 5408 if (!msg) 5409 return -1; 5410 5411 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5412 0, NL80211_CMD_SET_WIPHY, 0); 5413 5414 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5415 5416 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 5417 if (!txq) 5418 goto nla_put_failure; 5419 5420 /* We are only sending parameters for a single TXQ at a time */ 5421 params = nla_nest_start(msg, 1); 5422 if (!params) 5423 goto nla_put_failure; 5424 5425 switch (queue) { 5426 case 0: 5427 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO); 5428 break; 5429 case 1: 5430 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI); 5431 break; 5432 case 2: 5433 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE); 5434 break; 5435 case 3: 5436 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK); 5437 break; 5438 } 5439 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 5440 * 32 usec, so need to convert the value here. */ 5441 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 5442 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 5443 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 5444 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 5445 5446 nla_nest_end(msg, params); 5447 5448 nla_nest_end(msg, txq); 5449 5450 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 5451 return 0; 5452 nla_put_failure: 5453 return -1; 5454} 5455 5456 5457static int i802_set_bss(void *priv, int cts, int preamble, int slot, 5458 int ht_opmode) 5459{ 5460 struct i802_bss *bss = priv; 5461 struct wpa_driver_nl80211_data *drv = bss->drv; 5462 struct nl_msg *msg; 5463 5464 msg = nlmsg_alloc(); 5465 if (!msg) 5466 return -ENOMEM; 5467 5468 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 5469 NL80211_CMD_SET_BSS, 0); 5470 5471 if (cts >= 0) 5472 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 5473 if (preamble >= 0) 5474 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 5475 if (slot >= 0) 5476 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 5477 if (ht_opmode >= 0) 5478 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode); 5479 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5480 5481 return send_and_recv_msgs(drv, msg, NULL, NULL); 5482 nla_put_failure: 5483 return -ENOBUFS; 5484} 5485 5486 5487static int i802_set_cts_protect(void *priv, int value) 5488{ 5489 return i802_set_bss(priv, value, -1, -1, -1); 5490} 5491 5492 5493static int i802_set_preamble(void *priv, int value) 5494{ 5495 return i802_set_bss(priv, -1, value, -1, -1); 5496} 5497 5498 5499static int i802_set_short_slot_time(void *priv, int value) 5500{ 5501 return i802_set_bss(priv, -1, -1, value, -1); 5502} 5503 5504 5505static int i802_set_sta_vlan(void *priv, const u8 *addr, 5506 const char *ifname, int vlan_id) 5507{ 5508 struct i802_bss *bss = priv; 5509 struct wpa_driver_nl80211_data *drv = bss->drv; 5510 struct nl_msg *msg; 5511 int ret = -ENOBUFS; 5512 5513 msg = nlmsg_alloc(); 5514 if (!msg) 5515 return -ENOMEM; 5516 5517 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5518 0, NL80211_CMD_SET_STATION, 0); 5519 5520 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 5521 if_nametoindex(bss->ifname)); 5522 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5523 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 5524 if_nametoindex(ifname)); 5525 5526 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5527 if (ret < 0) { 5528 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 5529 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 5530 MAC2STR(addr), ifname, vlan_id, ret, 5531 strerror(-ret)); 5532 } 5533 nla_put_failure: 5534 return ret; 5535} 5536 5537 5538static int i802_set_ht_params(void *priv, const u8 *ht_capab, 5539 size_t ht_capab_len, const u8 *ht_oper, 5540 size_t ht_oper_len) 5541{ 5542 if (ht_oper_len >= 6) { 5543 /* ht opmode uses 16bit in octet 5 & 6 */ 5544 u16 ht_opmode = le_to_host16(((u16 *) ht_oper)[2]); 5545 return i802_set_bss(priv, -1, -1, -1, ht_opmode); 5546 } else 5547 return -1; 5548} 5549 5550 5551static int i802_get_inact_sec(void *priv, const u8 *addr) 5552{ 5553 struct hostap_sta_driver_data data; 5554 int ret; 5555 5556 data.inactive_msec = (unsigned long) -1; 5557 ret = i802_read_sta_data(priv, &data, addr); 5558 if (ret || data.inactive_msec == (unsigned long) -1) 5559 return -1; 5560 return data.inactive_msec / 1000; 5561} 5562 5563 5564static int i802_sta_clear_stats(void *priv, const u8 *addr) 5565{ 5566#if 0 5567 /* TODO */ 5568#endif 5569 return 0; 5570} 5571 5572 5573static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 5574 int reason) 5575{ 5576 struct i802_bss *bss = priv; 5577 struct ieee80211_mgmt mgmt; 5578 5579 memset(&mgmt, 0, sizeof(mgmt)); 5580 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 5581 WLAN_FC_STYPE_DEAUTH); 5582 memcpy(mgmt.da, addr, ETH_ALEN); 5583 memcpy(mgmt.sa, own_addr, ETH_ALEN); 5584 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 5585 mgmt.u.deauth.reason_code = host_to_le16(reason); 5586 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 5587 IEEE80211_HDRLEN + 5588 sizeof(mgmt.u.deauth)); 5589} 5590 5591 5592static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 5593 int reason) 5594{ 5595 struct i802_bss *bss = priv; 5596 struct ieee80211_mgmt mgmt; 5597 5598 memset(&mgmt, 0, sizeof(mgmt)); 5599 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 5600 WLAN_FC_STYPE_DISASSOC); 5601 memcpy(mgmt.da, addr, ETH_ALEN); 5602 memcpy(mgmt.sa, own_addr, ETH_ALEN); 5603 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 5604 mgmt.u.disassoc.reason_code = host_to_le16(reason); 5605 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 5606 IEEE80211_HDRLEN + 5607 sizeof(mgmt.u.disassoc)); 5608} 5609 5610#endif /* HOSTAPD || CONFIG_AP */ 5611 5612#ifdef HOSTAPD 5613 5614static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 5615{ 5616 int i; 5617 int *old; 5618 5619 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 5620 ifidx); 5621 for (i = 0; i < drv->num_if_indices; i++) { 5622 if (drv->if_indices[i] == 0) { 5623 drv->if_indices[i] = ifidx; 5624 return; 5625 } 5626 } 5627 5628 if (drv->if_indices != drv->default_if_indices) 5629 old = drv->if_indices; 5630 else 5631 old = NULL; 5632 5633 drv->if_indices = os_realloc(old, 5634 sizeof(int) * (drv->num_if_indices + 1)); 5635 if (!drv->if_indices) { 5636 if (!old) 5637 drv->if_indices = drv->default_if_indices; 5638 else 5639 drv->if_indices = old; 5640 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 5641 "interfaces"); 5642 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 5643 return; 5644 } else if (!old) 5645 os_memcpy(drv->if_indices, drv->default_if_indices, 5646 sizeof(drv->default_if_indices)); 5647 drv->if_indices[drv->num_if_indices] = ifidx; 5648 drv->num_if_indices++; 5649} 5650 5651 5652static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 5653{ 5654 int i; 5655 5656 for (i = 0; i < drv->num_if_indices; i++) { 5657 if (drv->if_indices[i] == ifidx) { 5658 drv->if_indices[i] = 0; 5659 break; 5660 } 5661 } 5662} 5663 5664 5665static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 5666{ 5667 int i; 5668 5669 for (i = 0; i < drv->num_if_indices; i++) 5670 if (drv->if_indices[i] == ifidx) 5671 return 1; 5672 5673 return 0; 5674} 5675 5676 5677static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, 5678 const char *bridge_ifname) 5679{ 5680 struct i802_bss *bss = priv; 5681 struct wpa_driver_nl80211_data *drv = bss->drv; 5682 char name[IFNAMSIZ + 1]; 5683 5684 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 5685 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 5686 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 5687 if (val) { 5688 if (!if_nametoindex(name)) { 5689 if (nl80211_create_iface(drv, name, 5690 NL80211_IFTYPE_AP_VLAN, 5691 NULL, 1) < 0) 5692 return -1; 5693 if (bridge_ifname && 5694 linux_br_add_if(drv->ioctl_sock, bridge_ifname, 5695 name) < 0) 5696 return -1; 5697 } 5698 linux_set_iface_flags(drv->ioctl_sock, name, 1); 5699 return i802_set_sta_vlan(priv, addr, name, 0); 5700 } else { 5701 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 5702 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN, 5703 name); 5704 } 5705} 5706 5707 5708static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 5709{ 5710 struct wpa_driver_nl80211_data *drv = eloop_ctx; 5711 struct sockaddr_ll lladdr; 5712 unsigned char buf[3000]; 5713 int len; 5714 socklen_t fromlen = sizeof(lladdr); 5715 5716 len = recvfrom(sock, buf, sizeof(buf), 0, 5717 (struct sockaddr *)&lladdr, &fromlen); 5718 if (len < 0) { 5719 perror("recv"); 5720 return; 5721 } 5722 5723 if (have_ifidx(drv, lladdr.sll_ifindex)) 5724 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 5725} 5726 5727 5728static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 5729 struct i802_bss *bss, 5730 const char *brname, const char *ifname) 5731{ 5732 int ifindex; 5733 char in_br[IFNAMSIZ]; 5734 5735 os_strlcpy(bss->brname, brname, IFNAMSIZ); 5736 ifindex = if_nametoindex(brname); 5737 if (ifindex == 0) { 5738 /* 5739 * Bridge was configured, but the bridge device does 5740 * not exist. Try to add it now. 5741 */ 5742 if (linux_br_add(drv->ioctl_sock, brname) < 0) { 5743 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 5744 "bridge interface %s: %s", 5745 brname, strerror(errno)); 5746 return -1; 5747 } 5748 bss->added_bridge = 1; 5749 add_ifidx(drv, if_nametoindex(brname)); 5750 } 5751 5752 if (linux_br_get(in_br, ifname) == 0) { 5753 if (os_strcmp(in_br, brname) == 0) 5754 return 0; /* already in the bridge */ 5755 5756 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 5757 "bridge %s", ifname, in_br); 5758 if (linux_br_del_if(drv->ioctl_sock, in_br, ifname) < 0) { 5759 wpa_printf(MSG_ERROR, "nl80211: Failed to " 5760 "remove interface %s from bridge " 5761 "%s: %s", 5762 ifname, brname, strerror(errno)); 5763 return -1; 5764 } 5765 } 5766 5767 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 5768 ifname, brname); 5769 if (linux_br_add_if(drv->ioctl_sock, brname, ifname) < 0) { 5770 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 5771 "into bridge %s: %s", 5772 ifname, brname, strerror(errno)); 5773 return -1; 5774 } 5775 bss->added_if_into_bridge = 1; 5776 5777 return 0; 5778} 5779 5780 5781static void *i802_init(struct hostapd_data *hapd, 5782 struct wpa_init_params *params) 5783{ 5784 struct wpa_driver_nl80211_data *drv; 5785 struct i802_bss *bss; 5786 size_t i; 5787 char brname[IFNAMSIZ]; 5788 int ifindex, br_ifindex; 5789 int br_added = 0; 5790 5791 bss = wpa_driver_nl80211_init(hapd, params->ifname, NULL); 5792 if (bss == NULL) 5793 return NULL; 5794 5795 drv = bss->drv; 5796 drv->nlmode = NL80211_IFTYPE_AP; 5797 if (linux_br_get(brname, params->ifname) == 0) { 5798 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 5799 params->ifname, brname); 5800 br_ifindex = if_nametoindex(brname); 5801 } else { 5802 brname[0] = '\0'; 5803 br_ifindex = 0; 5804 } 5805 5806 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 5807 drv->if_indices = drv->default_if_indices; 5808 for (i = 0; i < params->num_bridge; i++) { 5809 if (params->bridge[i]) { 5810 ifindex = if_nametoindex(params->bridge[i]); 5811 if (ifindex) 5812 add_ifidx(drv, ifindex); 5813 if (ifindex == br_ifindex) 5814 br_added = 1; 5815 } 5816 } 5817 if (!br_added && br_ifindex && 5818 (params->num_bridge == 0 || !params->bridge[0])) 5819 add_ifidx(drv, br_ifindex); 5820 5821 /* start listening for EAPOL on the default AP interface */ 5822 add_ifidx(drv, drv->ifindex); 5823 5824 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0)) 5825 goto failed; 5826 5827 if (params->bssid) { 5828 if (linux_set_ifhwaddr(drv->ioctl_sock, bss->ifname, 5829 params->bssid)) 5830 goto failed; 5831 } 5832 5833 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_AP)) { 5834 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s " 5835 "into AP mode", bss->ifname); 5836 goto failed; 5837 } 5838 5839 if (params->num_bridge && params->bridge[0] && 5840 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0) 5841 goto failed; 5842 5843 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) 5844 goto failed; 5845 5846 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 5847 if (drv->eapol_sock < 0) { 5848 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)"); 5849 goto failed; 5850 } 5851 5852 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 5853 { 5854 printf("Could not register read socket for eapol\n"); 5855 goto failed; 5856 } 5857 5858 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, params->own_addr)) 5859 goto failed; 5860 5861 return bss; 5862 5863failed: 5864 nl80211_remove_monitor_interface(drv); 5865 rfkill_deinit(drv->rfkill); 5866 netlink_deinit(drv->netlink); 5867 if (drv->ioctl_sock >= 0) 5868 close(drv->ioctl_sock); 5869 5870 genl_family_put(drv->nl80211); 5871 nl_cache_free(drv->nl_cache); 5872 nl80211_handle_destroy(drv->nl_handle); 5873 nl_cb_put(drv->nl_cb); 5874 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 5875 5876 os_free(drv); 5877 return NULL; 5878} 5879 5880 5881static void i802_deinit(void *priv) 5882{ 5883 wpa_driver_nl80211_deinit(priv); 5884} 5885 5886#endif /* HOSTAPD */ 5887 5888 5889static enum nl80211_iftype wpa_driver_nl80211_if_type( 5890 enum wpa_driver_if_type type) 5891{ 5892 switch (type) { 5893 case WPA_IF_STATION: 5894 return NL80211_IFTYPE_STATION; 5895 case WPA_IF_P2P_CLIENT: 5896 case WPA_IF_P2P_GROUP: 5897 return NL80211_IFTYPE_P2P_CLIENT; 5898 case WPA_IF_AP_VLAN: 5899 return NL80211_IFTYPE_AP_VLAN; 5900 case WPA_IF_AP_BSS: 5901 return NL80211_IFTYPE_AP; 5902 case WPA_IF_P2P_GO: 5903 return NL80211_IFTYPE_P2P_GO; 5904 } 5905 return -1; 5906} 5907 5908 5909#ifdef CONFIG_P2P 5910 5911static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr) 5912{ 5913 struct wpa_driver_nl80211_data *drv; 5914 dl_list_for_each(drv, &global->interfaces, 5915 struct wpa_driver_nl80211_data, list) { 5916 if (os_memcmp(addr, drv->addr, ETH_ALEN) == 0) 5917 return 1; 5918 } 5919 return 0; 5920} 5921 5922 5923static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv, 5924 u8 *new_addr) 5925{ 5926 unsigned int idx; 5927 5928 if (!drv->global) 5929 return -1; 5930 5931 os_memcpy(new_addr, drv->addr, ETH_ALEN); 5932 for (idx = 0; idx < 64; idx++) { 5933 new_addr[0] = drv->addr[0] | 0x02; 5934 new_addr[0] ^= idx << 2; 5935 if (!nl80211_addr_in_use(drv->global, new_addr)) 5936 break; 5937 } 5938 if (idx == 64) 5939 return -1; 5940 5941 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address " 5942 MACSTR, MAC2STR(new_addr)); 5943 5944 return 0; 5945} 5946 5947#endif /* CONFIG_P2P */ 5948 5949 5950static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 5951 const char *ifname, const u8 *addr, 5952 void *bss_ctx, void **drv_priv, 5953 char *force_ifname, u8 *if_addr, 5954 const char *bridge) 5955{ 5956 struct i802_bss *bss = priv; 5957 struct wpa_driver_nl80211_data *drv = bss->drv; 5958 int ifidx; 5959#ifdef HOSTAPD 5960 struct i802_bss *new_bss = NULL; 5961 5962 if (type == WPA_IF_AP_BSS) { 5963 new_bss = os_zalloc(sizeof(*new_bss)); 5964 if (new_bss == NULL) 5965 return -1; 5966 } 5967#endif /* HOSTAPD */ 5968 5969 if (addr) 5970 os_memcpy(if_addr, addr, ETH_ALEN); 5971 ifidx = nl80211_create_iface(drv, ifname, 5972 wpa_driver_nl80211_if_type(type), addr, 5973 0); 5974 if (ifidx < 0) { 5975#ifdef HOSTAPD 5976 os_free(new_bss); 5977#endif /* HOSTAPD */ 5978 return -1; 5979 } 5980 5981 if (!addr && 5982 linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, if_addr) < 0) { 5983 nl80211_remove_iface(drv, ifidx); 5984 return -1; 5985 } 5986 5987#ifdef CONFIG_P2P 5988 if (!addr && 5989 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP || 5990 type == WPA_IF_P2P_GO)) { 5991 /* Enforce unique P2P Interface Address */ 5992 u8 new_addr[ETH_ALEN], own_addr[ETH_ALEN]; 5993 5994 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) 5995 < 0 || 5996 linux_get_ifhwaddr(drv->ioctl_sock, ifname, new_addr) < 0) 5997 { 5998 nl80211_remove_iface(drv, ifidx); 5999 return -1; 6000 } 6001 if (os_memcmp(own_addr, new_addr, ETH_ALEN) == 0) { 6002 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address " 6003 "for P2P group interface"); 6004 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) { 6005 nl80211_remove_iface(drv, ifidx); 6006 return -1; 6007 } 6008 if (linux_set_ifhwaddr(drv->ioctl_sock, ifname, 6009 new_addr) < 0) { 6010 nl80211_remove_iface(drv, ifidx); 6011 return -1; 6012 } 6013 os_memcpy(if_addr, new_addr, ETH_ALEN); 6014 } 6015#ifdef ANDROID_BRCM_P2P_PATCH 6016 else { 6017 /* P2P_ADDR: Driver uses a different mac address than the primary mac */ 6018 wpa_printf(MSG_DEBUG, "nl80211: Driver uses a " 6019 "different mac address for the Virtual I/F. Get that and store it locally"); 6020 os_memcpy(if_addr, new_addr, ETH_ALEN); 6021 6022 } 6023#endif 6024 } 6025#endif /* CONFIG_P2P */ 6026 6027#ifdef HOSTAPD 6028 if (bridge && 6029 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) { 6030 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new " 6031 "interface %s to a bridge %s", ifname, bridge); 6032 nl80211_remove_iface(drv, ifidx); 6033 os_free(new_bss); 6034 return -1; 6035 } 6036 6037 if (type == WPA_IF_AP_BSS) { 6038 if (linux_set_iface_flags(drv->ioctl_sock, ifname, 1)) { 6039 nl80211_remove_iface(drv, ifidx); 6040 os_free(new_bss); 6041 return -1; 6042 } 6043 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 6044 new_bss->ifindex = ifidx; 6045 new_bss->drv = drv; 6046 new_bss->next = drv->first_bss.next; 6047 drv->first_bss.next = new_bss; 6048 if (drv_priv) 6049 *drv_priv = new_bss; 6050 } 6051#endif /* HOSTAPD */ 6052 6053 return 0; 6054} 6055 6056 6057static int wpa_driver_nl80211_if_remove(void *priv, 6058 enum wpa_driver_if_type type, 6059 const char *ifname) 6060{ 6061 struct i802_bss *bss = priv; 6062 struct wpa_driver_nl80211_data *drv = bss->drv; 6063 int ifindex = if_nametoindex(ifname); 6064 6065 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d", 6066 __func__, type, ifname, ifindex); 6067 if (ifindex <= 0) 6068 return -1; 6069 6070#ifdef HOSTAPD 6071 if (bss->added_if_into_bridge) { 6072 if (linux_br_del_if(drv->ioctl_sock, bss->brname, bss->ifname) 6073 < 0) 6074 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 6075 "interface %s from bridge %s: %s", 6076 bss->ifname, bss->brname, strerror(errno)); 6077 } 6078 if (bss->added_bridge) { 6079 if (linux_br_del(drv->ioctl_sock, bss->brname) < 0) 6080 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 6081 "bridge %s: %s", 6082 bss->brname, strerror(errno)); 6083 } 6084#endif /* HOSTAPD */ 6085 6086 nl80211_remove_iface(drv, ifindex); 6087 6088#ifdef HOSTAPD 6089 if (type != WPA_IF_AP_BSS) 6090 return 0; 6091 6092 if (bss != &drv->first_bss) { 6093 struct i802_bss *tbss; 6094 6095 for (tbss = &drv->first_bss; tbss; tbss = tbss->next) { 6096 if (tbss->next == bss) { 6097 tbss->next = bss->next; 6098 os_free(bss); 6099 bss = NULL; 6100 break; 6101 } 6102 } 6103 if (bss) 6104 wpa_printf(MSG_INFO, "nl80211: %s - could not find " 6105 "BSS %p in the list", __func__, bss); 6106 } 6107#endif /* HOSTAPD */ 6108 6109 return 0; 6110} 6111 6112 6113static int cookie_handler(struct nl_msg *msg, void *arg) 6114{ 6115 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 6116 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6117 u64 *cookie = arg; 6118 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6119 genlmsg_attrlen(gnlh, 0), NULL); 6120 if (tb[NL80211_ATTR_COOKIE]) 6121 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 6122 return NL_SKIP; 6123} 6124 6125 6126static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv, 6127 unsigned int freq, unsigned int wait, 6128 const u8 *buf, size_t buf_len, 6129 u64 *cookie_out) 6130{ 6131 struct nl_msg *msg; 6132 u64 cookie; 6133 int ret = -1; 6134 6135 msg = nlmsg_alloc(); 6136 if (!msg) 6137 return -1; 6138 6139 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6140 NL80211_CMD_FRAME, 0); 6141 6142 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6143 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 6144#ifndef ANDROID_BRCM_P2P_PATCH 6145 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait); 6146#endif 6147 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 6148 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf); 6149 6150 cookie = 0; 6151 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 6152 msg = NULL; 6153 if (ret) { 6154 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d " 6155 "(%s)", ret, strerror(-ret)); 6156 goto nla_put_failure; 6157 } 6158 wpa_printf(MSG_DEBUG, "nl80211: Frame TX command accepted; " 6159 "cookie 0x%llx", (long long unsigned int) cookie); 6160 6161 if (cookie_out) 6162 *cookie_out = cookie; 6163 6164nla_put_failure: 6165 nlmsg_free(msg); 6166 return ret; 6167} 6168 6169 6170static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq, 6171 unsigned int wait_time, 6172 const u8 *dst, const u8 *src, 6173 const u8 *bssid, 6174 const u8 *data, size_t data_len) 6175{ 6176 struct i802_bss *bss = priv; 6177 struct wpa_driver_nl80211_data *drv = bss->drv; 6178 int ret = -1; 6179 u8 *buf; 6180 struct ieee80211_hdr *hdr; 6181 6182 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, " 6183 "wait=%d ms)", drv->ifindex, wait_time); 6184 6185 buf = os_zalloc(24 + data_len); 6186 if (buf == NULL) 6187 return ret; 6188 os_memcpy(buf + 24, data, data_len); 6189 hdr = (struct ieee80211_hdr *) buf; 6190 hdr->frame_control = 6191 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 6192 os_memcpy(hdr->addr1, dst, ETH_ALEN); 6193 os_memcpy(hdr->addr2, src, ETH_ALEN); 6194 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 6195 6196 if (drv->nlmode == NL80211_IFTYPE_AP) 6197 ret = wpa_driver_nl80211_send_mlme(priv, buf, 24 + data_len); 6198 else 6199 ret = nl80211_send_frame_cmd(drv, freq, wait_time, buf, 6200 24 + data_len, 6201 &drv->send_action_cookie); 6202 6203 os_free(buf); 6204 return ret; 6205} 6206 6207 6208static void wpa_driver_nl80211_send_action_cancel_wait(void *priv) 6209{ 6210 struct i802_bss *bss = priv; 6211 struct wpa_driver_nl80211_data *drv = bss->drv; 6212 struct nl_msg *msg; 6213 int ret; 6214 6215 msg = nlmsg_alloc(); 6216 if (!msg) 6217 return; 6218 6219 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6220 NL80211_CMD_FRAME_WAIT_CANCEL, 0); 6221 6222 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6223 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie); 6224 6225 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6226 msg = NULL; 6227 if (ret) 6228 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d " 6229 "(%s)", ret, strerror(-ret)); 6230 6231 nla_put_failure: 6232 nlmsg_free(msg); 6233} 6234 6235 6236static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 6237 unsigned int duration) 6238{ 6239 struct i802_bss *bss = priv; 6240 struct wpa_driver_nl80211_data *drv = bss->drv; 6241 struct nl_msg *msg; 6242 int ret; 6243 u64 cookie; 6244 6245 msg = nlmsg_alloc(); 6246 if (!msg) 6247 return -1; 6248 6249 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6250 NL80211_CMD_REMAIN_ON_CHANNEL, 0); 6251 6252 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6253 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 6254 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 6255 6256 cookie = 0; 6257 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 6258 if (ret == 0) { 6259 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 6260 "0x%llx for freq=%u MHz duration=%u", 6261 (long long unsigned int) cookie, freq, duration); 6262 drv->remain_on_chan_cookie = cookie; 6263 return 0; 6264 } 6265 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 6266 "(freq=%d duration=%u): %d (%s)", 6267 freq, duration, ret, strerror(-ret)); 6268nla_put_failure: 6269 return -1; 6270} 6271 6272 6273static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 6274{ 6275 struct i802_bss *bss = priv; 6276 struct wpa_driver_nl80211_data *drv = bss->drv; 6277 struct nl_msg *msg; 6278 int ret; 6279 6280 if (!drv->pending_remain_on_chan) { 6281 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 6282 "to cancel"); 6283 return -1; 6284 } 6285 6286 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 6287 "0x%llx", 6288 (long long unsigned int) drv->remain_on_chan_cookie); 6289 6290 msg = nlmsg_alloc(); 6291 if (!msg) 6292 return -1; 6293 6294 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6295 NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 0); 6296 6297 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6298 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 6299 6300 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6301 if (ret == 0) 6302 return 0; 6303 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 6304 "%d (%s)", ret, strerror(-ret)); 6305nla_put_failure: 6306 return -1; 6307} 6308 6309 6310static int wpa_driver_nl80211_probe_req_report(void *priv, int report) 6311{ 6312 struct i802_bss *bss = priv; 6313 struct wpa_driver_nl80211_data *drv = bss->drv; 6314#ifndef ANDROID_BRCM_P2P_PATCH 6315 if (drv->nlmode != NL80211_IFTYPE_STATION) { 6316 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only " 6317 "allowed in station mode (iftype=%d)", 6318 drv->nlmode); 6319 return -1; 6320 } 6321#endif 6322 if (!report) { 6323 if (drv->nl_handle_preq) { 6324 eloop_unregister_read_sock( 6325 nl_socket_get_fd(drv->nl_handle_preq)); 6326 nl_cache_free(drv->nl_cache_preq); 6327 nl80211_handle_destroy(drv->nl_handle_preq); 6328 drv->nl_handle_preq = NULL; 6329 } 6330 return 0; 6331 } 6332 6333 if (drv->nl_handle_preq) { 6334 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting " 6335 "already on!"); 6336 return 0; 6337 } 6338 6339 drv->nl_handle_preq = nl80211_handle_alloc(drv->nl_cb); 6340 if (drv->nl_handle_preq == NULL) { 6341 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate " 6342 "netlink callbacks (preq)"); 6343 goto out_err1; 6344 } 6345 6346 if (genl_connect(drv->nl_handle_preq)) { 6347 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to " 6348 "generic netlink (preq)"); 6349 goto out_err2; 6350 return -1; 6351 } 6352 6353#ifdef CONFIG_LIBNL20 6354 if (genl_ctrl_alloc_cache(drv->nl_handle_preq, 6355 &drv->nl_cache_preq) < 0) { 6356 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 6357 "netlink cache (preq)"); 6358 goto out_err2; 6359 } 6360#else /* CONFIG_LIBNL20 */ 6361 drv->nl_cache_preq = genl_ctrl_alloc_cache(drv->nl_handle_preq); 6362 if (drv->nl_cache_preq == NULL) { 6363 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 6364 "netlink cache (preq)"); 6365 goto out_err2; 6366 } 6367#endif /* CONFIG_LIBNL20 */ 6368 6369 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6370 (WLAN_FC_TYPE_MGMT << 2) | 6371 (WLAN_FC_STYPE_PROBE_REQ << 4), 6372 NULL, 0) < 0) { 6373 goto out_err3; 6374 } 6375 6376#ifdef ANDROID_BRCM_P2P_PATCH 6377 if (drv->nlmode != NL80211_IFTYPE_AP && 6378 drv->nlmode != NL80211_IFTYPE_P2P_GO) { 6379 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only " 6380 "allowed in AP or P2P GO mode (iftype=%d)", 6381 drv->nlmode); 6382 goto done; 6383 } 6384 6385 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6386 (WLAN_FC_TYPE_MGMT << 2) | 6387 (WLAN_FC_STYPE_ASSOC_REQ << 4), 6388 NULL, 0) < 0) { 6389 goto out_err3; 6390 } 6391 6392 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6393 (WLAN_FC_TYPE_MGMT << 2) | 6394 (WLAN_FC_STYPE_REASSOC_REQ << 4), 6395 NULL, 0) < 0) { 6396 goto out_err3; 6397 } 6398 6399 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6400 (WLAN_FC_TYPE_MGMT << 2) | 6401 (WLAN_FC_STYPE_DISASSOC << 4), 6402 NULL, 0) < 0) { 6403 goto out_err3; 6404 } 6405 6406 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6407 (WLAN_FC_TYPE_MGMT << 2) | 6408 (WLAN_FC_STYPE_DEAUTH << 4), 6409 NULL, 0) < 0) { 6410 goto out_err3; 6411 } 6412 6413done: 6414#endif 6415 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_preq), 6416 wpa_driver_nl80211_event_receive, drv, 6417 drv->nl_handle_preq); 6418 6419 return 0; 6420 6421 out_err3: 6422 nl_cache_free(drv->nl_cache_preq); 6423 out_err2: 6424 nl80211_handle_destroy(drv->nl_handle_preq); 6425 drv->nl_handle_preq = NULL; 6426 out_err1: 6427 return -1; 6428} 6429 6430 6431static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 6432 int ifindex, int disabled) 6433{ 6434 struct nl_msg *msg; 6435 struct nlattr *bands, *band; 6436 int ret; 6437 6438 msg = nlmsg_alloc(); 6439 if (!msg) 6440 return -1; 6441 6442 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6443 NL80211_CMD_SET_TX_BITRATE_MASK, 0); 6444 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 6445 6446 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 6447 if (!bands) 6448 goto nla_put_failure; 6449 6450 /* 6451 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 6452 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 6453 * rates. All 5 GHz rates are left enabled. 6454 */ 6455 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 6456 if (!band) 6457 goto nla_put_failure; 6458 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 6459 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 6460 nla_nest_end(msg, band); 6461 6462 nla_nest_end(msg, bands); 6463 6464 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6465 msg = NULL; 6466 if (ret) { 6467 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 6468 "(%s)", ret, strerror(-ret)); 6469 } 6470 6471 return ret; 6472 6473nla_put_failure: 6474 nlmsg_free(msg); 6475 return -1; 6476} 6477 6478 6479static int wpa_driver_nl80211_disable_11b_rates(void *priv, int disabled) 6480{ 6481 struct i802_bss *bss = priv; 6482 struct wpa_driver_nl80211_data *drv = bss->drv; 6483 drv->disable_11b_rates = disabled; 6484 return nl80211_disable_11b_rates(drv, drv->ifindex, disabled); 6485} 6486 6487 6488static int wpa_driver_nl80211_deinit_ap(void *priv) 6489{ 6490 struct i802_bss *bss = priv; 6491 struct wpa_driver_nl80211_data *drv = bss->drv; 6492 if (drv->nlmode != NL80211_IFTYPE_AP) 6493 return -1; 6494 wpa_driver_nl80211_del_beacon(drv); 6495 return wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA); 6496} 6497 6498 6499static void wpa_driver_nl80211_resume(void *priv) 6500{ 6501 struct i802_bss *bss = priv; 6502 struct wpa_driver_nl80211_data *drv = bss->drv; 6503 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) { 6504 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on " 6505 "resume event"); 6506 } 6507} 6508 6509 6510static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 6511 const u8 *ies, size_t ies_len) 6512{ 6513 struct i802_bss *bss = priv; 6514 struct wpa_driver_nl80211_data *drv = bss->drv; 6515 int ret; 6516 u8 *data, *pos; 6517 size_t data_len; 6518 u8 own_addr[ETH_ALEN]; 6519 6520 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) < 0) 6521 return -1; 6522 6523 if (action != 1) { 6524 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 6525 "action %d", action); 6526 return -1; 6527 } 6528 6529 /* 6530 * Action frame payload: 6531 * Category[1] = 6 (Fast BSS Transition) 6532 * Action[1] = 1 (Fast BSS Transition Request) 6533 * STA Address 6534 * Target AP Address 6535 * FT IEs 6536 */ 6537 6538 data_len = 2 + 2 * ETH_ALEN + ies_len; 6539 data = os_malloc(data_len); 6540 if (data == NULL) 6541 return -1; 6542 pos = data; 6543 *pos++ = 0x06; /* FT Action category */ 6544 *pos++ = action; 6545 os_memcpy(pos, own_addr, ETH_ALEN); 6546 pos += ETH_ALEN; 6547 os_memcpy(pos, target_ap, ETH_ALEN); 6548 pos += ETH_ALEN; 6549 os_memcpy(pos, ies, ies_len); 6550 6551 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0, 6552 drv->bssid, own_addr, drv->bssid, 6553 data, data_len); 6554 os_free(data); 6555 6556 return ret; 6557} 6558 6559 6560static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 6561{ 6562 struct i802_bss *bss = priv; 6563 struct wpa_driver_nl80211_data *drv = bss->drv; 6564 struct nl_msg *msg, *cqm = NULL; 6565 6566 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 6567 "hysteresis=%d", threshold, hysteresis); 6568 6569 msg = nlmsg_alloc(); 6570 if (!msg) 6571 return -1; 6572 6573 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 6574 0, NL80211_CMD_SET_CQM, 0); 6575 6576 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 6577 6578 cqm = nlmsg_alloc(); 6579 if (cqm == NULL) 6580 return -1; 6581 6582 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 6583 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 6584 nla_put_nested(msg, NL80211_ATTR_CQM, cqm); 6585 6586 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 6587 return 0; 6588 msg = NULL; 6589 6590nla_put_failure: 6591 if (cqm) 6592 nlmsg_free(cqm); 6593 nlmsg_free(msg); 6594 return -1; 6595} 6596 6597 6598static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si) 6599{ 6600 struct i802_bss *bss = priv; 6601 struct wpa_driver_nl80211_data *drv = bss->drv; 6602 int res; 6603 6604 os_memset(si, 0, sizeof(*si)); 6605 res = nl80211_get_link_signal(drv, si); 6606 if (res != 0) 6607 return res; 6608 6609 return nl80211_get_link_noise(drv, si); 6610} 6611 6612 6613static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 6614 int encrypt) 6615{ 6616 struct i802_bss *bss = priv; 6617 struct wpa_driver_nl80211_data *drv = bss->drv; 6618 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt); 6619} 6620 6621 6622static int nl80211_set_intra_bss(void *priv, int enabled) 6623{ 6624 struct i802_bss *bss = priv; 6625 struct wpa_driver_nl80211_data *drv = bss->drv; 6626 struct nl_msg *msg; 6627 6628 msg = nlmsg_alloc(); 6629 if (!msg) 6630 return -ENOMEM; 6631 6632 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6633 NL80211_CMD_SET_BSS, 0); 6634 6635 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 6636 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, !enabled); 6637 6638 return send_and_recv_msgs(drv, msg, NULL, NULL); 6639 nla_put_failure: 6640 return -ENOBUFS; 6641} 6642 6643 6644static int nl80211_set_param(void *priv, const char *param) 6645{ 6646 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param); 6647 if (param == NULL) 6648 return 0; 6649 6650#ifdef CONFIG_P2P 6651 if (os_strstr(param, "use_p2p_group_interface=1")) { 6652 struct i802_bss *bss = priv; 6653 struct wpa_driver_nl80211_data *drv = bss->drv; 6654 6655 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 6656 "interface"); 6657 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 6658 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 6659 } 6660#endif /* CONFIG_P2P */ 6661 6662 return 0; 6663} 6664 6665 6666static void * nl80211_global_init(void) 6667{ 6668 struct nl80211_global *global; 6669 global = os_zalloc(sizeof(*global)); 6670 if (global == NULL) 6671 return NULL; 6672 dl_list_init(&global->interfaces); 6673 return global; 6674} 6675 6676 6677static void nl80211_global_deinit(void *priv) 6678{ 6679 struct nl80211_global *global = priv; 6680 if (global == NULL) 6681 return; 6682 if (!dl_list_empty(&global->interfaces)) { 6683 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at " 6684 "nl80211_global_deinit", 6685 dl_list_len(&global->interfaces)); 6686 } 6687 os_free(global); 6688} 6689 6690 6691static const char * nl80211_get_radio_name(void *priv) 6692{ 6693 struct i802_bss *bss = priv; 6694 struct wpa_driver_nl80211_data *drv = bss->drv; 6695 return drv->phyname; 6696} 6697 6698 6699static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid, 6700 const u8 *pmkid) 6701{ 6702 struct nl_msg *msg; 6703 6704 msg = nlmsg_alloc(); 6705 if (!msg) 6706 return -ENOMEM; 6707 6708 genlmsg_put(msg, 0, 0, genl_family_get_id(bss->drv->nl80211), 0, 0, 6709 cmd, 0); 6710 6711 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 6712 if (pmkid) 6713 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid); 6714 if (bssid) 6715 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 6716 6717 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 6718 nla_put_failure: 6719 return -ENOBUFS; 6720} 6721 6722 6723static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 6724{ 6725 struct i802_bss *bss = priv; 6726 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid)); 6727 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid); 6728} 6729 6730 6731static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 6732{ 6733 struct i802_bss *bss = priv; 6734 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR, 6735 MAC2STR(bssid)); 6736 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid); 6737} 6738 6739 6740static int nl80211_flush_pmkid(void *priv) 6741{ 6742 struct i802_bss *bss = priv; 6743 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs"); 6744 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL); 6745} 6746 6747 6748const struct wpa_driver_ops wpa_driver_nl80211_ops = { 6749 .name = "nl80211", 6750 .desc = "Linux nl80211/cfg80211", 6751 .get_bssid = wpa_driver_nl80211_get_bssid, 6752 .get_ssid = wpa_driver_nl80211_get_ssid, 6753 .set_key = wpa_driver_nl80211_set_key, 6754 .scan2 = wpa_driver_nl80211_scan, 6755 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 6756 .deauthenticate = wpa_driver_nl80211_deauthenticate, 6757 .disassociate = wpa_driver_nl80211_disassociate, 6758 .authenticate = wpa_driver_nl80211_authenticate, 6759 .associate = wpa_driver_nl80211_associate, 6760 .global_init = nl80211_global_init, 6761 .global_deinit = nl80211_global_deinit, 6762 .init2 = wpa_driver_nl80211_init, 6763 .deinit = wpa_driver_nl80211_deinit, 6764 .get_capa = wpa_driver_nl80211_get_capa, 6765 .set_operstate = wpa_driver_nl80211_set_operstate, 6766 .set_supp_port = wpa_driver_nl80211_set_supp_port, 6767 .set_country = wpa_driver_nl80211_set_country, 6768 .set_beacon = wpa_driver_nl80211_set_beacon, 6769 .if_add = wpa_driver_nl80211_if_add, 6770 .if_remove = wpa_driver_nl80211_if_remove, 6771 .send_mlme = wpa_driver_nl80211_send_mlme, 6772 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 6773 .sta_add = wpa_driver_nl80211_sta_add, 6774 .sta_remove = wpa_driver_nl80211_sta_remove, 6775 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 6776 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 6777#ifdef HOSTAPD 6778 .hapd_init = i802_init, 6779 .hapd_deinit = i802_deinit, 6780 .set_wds_sta = i802_set_wds_sta, 6781#endif /* HOSTAPD */ 6782#if defined(HOSTAPD) || defined(CONFIG_AP) 6783 .get_seqnum = i802_get_seqnum, 6784 .flush = i802_flush, 6785 .read_sta_data = i802_read_sta_data, 6786 .get_inact_sec = i802_get_inact_sec, 6787 .sta_clear_stats = i802_sta_clear_stats, 6788 .set_rts = i802_set_rts, 6789 .set_frag = i802_set_frag, 6790 .set_cts_protect = i802_set_cts_protect, 6791 .set_preamble = i802_set_preamble, 6792 .set_short_slot_time = i802_set_short_slot_time, 6793 .set_tx_queue_params = i802_set_tx_queue_params, 6794 .set_sta_vlan = i802_set_sta_vlan, 6795 .set_ht_params = i802_set_ht_params, 6796 .set_rate_sets = i802_set_rate_sets, 6797 .sta_deauth = i802_sta_deauth, 6798 .sta_disassoc = i802_sta_disassoc, 6799#endif /* HOSTAPD || CONFIG_AP */ 6800 .set_freq = i802_set_freq, 6801 .send_action = wpa_driver_nl80211_send_action, 6802 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait, 6803 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 6804 .cancel_remain_on_channel = 6805 wpa_driver_nl80211_cancel_remain_on_channel, 6806 .probe_req_report = wpa_driver_nl80211_probe_req_report, 6807 .disable_11b_rates = wpa_driver_nl80211_disable_11b_rates, 6808 .deinit_ap = wpa_driver_nl80211_deinit_ap, 6809 .resume = wpa_driver_nl80211_resume, 6810 .send_ft_action = nl80211_send_ft_action, 6811 .signal_monitor = nl80211_signal_monitor, 6812 .signal_poll = nl80211_signal_poll, 6813 .send_frame = nl80211_send_frame, 6814 .set_intra_bss = nl80211_set_intra_bss, 6815 .set_param = nl80211_set_param, 6816 .get_radio_name = nl80211_get_radio_name, 6817 .add_pmkid = nl80211_add_pmkid, 6818 .remove_pmkid = nl80211_remove_pmkid, 6819 .flush_pmkid = nl80211_flush_pmkid, 6820#ifdef ANDROID 6821 .driver_cmd = wpa_driver_nl80211_driver_cmd, 6822#endif 6823}; 6824