driver_nl80211.c revision 497c1d5e50162d6b3c1cce5dbd9c5fd9da69aaef
1/* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 * 13 * Alternatively, this software may be distributed under the terms of BSD 14 * license. 15 * 16 * See README and COPYING for more details. 17 */ 18 19#include "includes.h" 20#include <sys/ioctl.h> 21#include <sys/types.h> 22#include <sys/stat.h> 23#include <fcntl.h> 24#include <net/if.h> 25#include <netlink/genl/genl.h> 26#include <netlink/genl/family.h> 27#include <netlink/genl/ctrl.h> 28#include <linux/rtnetlink.h> 29#include <netpacket/packet.h> 30#include <linux/filter.h> 31#include "nl80211_copy.h" 32 33#include "common.h" 34#include "eloop.h" 35#include "utils/list.h" 36#include "common/ieee802_11_defs.h" 37#include "netlink.h" 38#include "linux_ioctl.h" 39#include "radiotap.h" 40#include "radiotap_iter.h" 41#include "rfkill.h" 42#include "driver.h" 43#if defined(ANDROID_BRCM_P2P_PATCH) && !defined(HOSTAPD) 44#include "wpa_supplicant_i.h" 45#endif 46#ifdef CONFIG_LIBNL20 47/* libnl 2.0 compatibility code */ 48#define nl_handle nl_sock 49#define nl80211_handle_alloc nl_socket_alloc_cb 50#define nl80211_handle_destroy nl_socket_free 51#else 52/* 53 * libnl 1.1 has a bug, it tries to allocate socket numbers densely 54 * but when you free a socket again it will mess up its bitmap and 55 * and use the wrong number the next time it needs a socket ID. 56 * Therefore, we wrap the handle alloc/destroy and add our own pid 57 * accounting. 58 */ 59static uint32_t port_bitmap[32] = { 0 }; 60 61static struct nl_handle *nl80211_handle_alloc(void *cb) 62{ 63 struct nl_handle *handle; 64 uint32_t pid = getpid() & 0x3FFFFF; 65 int i; 66 67 handle = nl_handle_alloc_cb(cb); 68 69 for (i = 0; i < 1024; i++) { 70 if (port_bitmap[i / 32] & (1 << (i % 32))) 71 continue; 72 port_bitmap[i / 32] |= 1 << (i % 32); 73 pid += i << 22; 74 break; 75 } 76 77 nl_socket_set_local_port(handle, pid); 78 79 return handle; 80} 81 82static void nl80211_handle_destroy(struct nl_handle *handle) 83{ 84 uint32_t port = nl_socket_get_local_port(handle); 85 86 port >>= 22; 87 port_bitmap[port / 32] &= ~(1 << (port % 32)); 88 89 nl_handle_destroy(handle); 90} 91#endif /* CONFIG_LIBNL20 */ 92 93 94#ifndef IFF_LOWER_UP 95#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 96#endif 97#ifndef IFF_DORMANT 98#define IFF_DORMANT 0x20000 /* driver signals dormant */ 99#endif 100 101#ifndef IF_OPER_DORMANT 102#define IF_OPER_DORMANT 5 103#endif 104#ifndef IF_OPER_UP 105#define IF_OPER_UP 6 106#endif 107 108struct nl80211_global { 109 struct dl_list interfaces; 110}; 111 112struct i802_bss { 113 struct wpa_driver_nl80211_data *drv; 114 struct i802_bss *next; 115 int ifindex; 116 char ifname[IFNAMSIZ + 1]; 117 char brname[IFNAMSIZ]; 118 unsigned int beacon_set:1; 119 unsigned int added_if_into_bridge:1; 120 unsigned int added_bridge:1; 121}; 122 123struct wpa_driver_nl80211_data { 124 struct nl80211_global *global; 125 struct dl_list list; 126 u8 addr[ETH_ALEN]; 127 char phyname[32]; 128 void *ctx; 129 struct netlink_data *netlink; 130 int ioctl_sock; /* socket for ioctl() use */ 131 int ifindex; 132 int if_removed; 133 int if_disabled; 134 struct rfkill_data *rfkill; 135 struct wpa_driver_capa capa; 136 int has_capability; 137 138 int operstate; 139 140 int scan_complete_events; 141 142 struct nl_handle *nl_handle; 143 struct nl_handle *nl_handle_event; 144 struct nl_handle *nl_handle_preq; 145 struct nl_cache *nl_cache; 146 struct nl_cache *nl_cache_event; 147 struct nl_cache *nl_cache_preq; 148 struct nl_cb *nl_cb; 149 struct genl_family *nl80211; 150 151 u8 auth_bssid[ETH_ALEN]; 152 u8 bssid[ETH_ALEN]; 153 int associated; 154 u8 ssid[32]; 155 size_t ssid_len; 156 int nlmode; 157 int ap_scan_as_station; 158 unsigned int assoc_freq; 159 160 int monitor_sock; 161 int monitor_ifidx; 162 int no_monitor_iface_capab; 163 int disable_11b_rates; 164 165 unsigned int pending_remain_on_chan:1; 166 167 u64 remain_on_chan_cookie; 168 u64 send_action_cookie; 169 170 unsigned int last_mgmt_freq; 171 172 struct wpa_driver_scan_filter *filter_ssids; 173 size_t num_filter_ssids; 174 175 struct i802_bss first_bss; 176 177#ifdef HOSTAPD 178 int eapol_sock; /* socket for EAPOL frames */ 179 180 int default_if_indices[16]; 181 int *if_indices; 182 int num_if_indices; 183 184 int last_freq; 185 int last_freq_ht; 186#endif /* HOSTAPD */ 187}; 188 189 190static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 191 void *timeout_ctx); 192static int wpa_driver_nl80211_set_mode(void *priv, int mode); 193static int 194wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv); 195static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 196 const u8 *addr, int cmd, u16 reason_code, 197 int local_state_change); 198static void nl80211_remove_monitor_interface( 199 struct wpa_driver_nl80211_data *drv); 200static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv, 201 unsigned int freq, unsigned int wait, 202 const u8 *buf, size_t buf_len, u64 *cookie); 203static int wpa_driver_nl80211_probe_req_report(void *priv, int report); 204 205#ifdef HOSTAPD 206static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 207static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 208static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 209static int wpa_driver_nl80211_if_remove(void *priv, 210 enum wpa_driver_if_type type, 211 const char *ifname); 212#else /* HOSTAPD */ 213static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 214{ 215 return 0; 216} 217#endif /* HOSTAPD */ 218 219#ifdef ANDROID 220extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf, 221 size_t buf_len); 222#endif 223 224static int i802_set_freq(void *priv, struct hostapd_freq_params *freq); 225static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 226 int ifindex, int disabled); 227 228static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv); 229 230 231struct nl80211_bss_info_arg { 232 struct wpa_driver_nl80211_data *drv; 233 struct wpa_scan_results *res; 234 unsigned int assoc_freq; 235}; 236 237static int bss_info_handler(struct nl_msg *msg, void *arg); 238 239 240/* nl80211 code */ 241static int ack_handler(struct nl_msg *msg, void *arg) 242{ 243 int *err = arg; 244 *err = 0; 245 return NL_STOP; 246} 247 248static int finish_handler(struct nl_msg *msg, void *arg) 249{ 250 int *ret = arg; 251 *ret = 0; 252 return NL_SKIP; 253} 254 255static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 256 void *arg) 257{ 258 int *ret = arg; 259 *ret = err->error; 260 return NL_SKIP; 261} 262 263 264static int no_seq_check(struct nl_msg *msg, void *arg) 265{ 266 return NL_OK; 267} 268 269 270static int send_and_recv(struct wpa_driver_nl80211_data *drv, 271 struct nl_handle *nl_handle, struct nl_msg *msg, 272 int (*valid_handler)(struct nl_msg *, void *), 273 void *valid_data) 274{ 275 struct nl_cb *cb; 276 int err = -ENOMEM; 277 278 cb = nl_cb_clone(drv->nl_cb); 279 if (!cb) 280 goto out; 281 282 err = nl_send_auto_complete(nl_handle, msg); 283 if (err < 0) 284 goto out; 285 286 err = 1; 287 288 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 289 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 290 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 291 292 if (valid_handler) 293 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 294 valid_handler, valid_data); 295 296 while (err > 0) 297 nl_recvmsgs(nl_handle, cb); 298 out: 299 nl_cb_put(cb); 300 nlmsg_free(msg); 301 return err; 302} 303 304 305int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 306 struct nl_msg *msg, 307 int (*valid_handler)(struct nl_msg *, void *), 308 void *valid_data) 309{ 310 return send_and_recv(drv, drv->nl_handle, msg, valid_handler, 311 valid_data); 312} 313 314 315struct family_data { 316 const char *group; 317 int id; 318}; 319 320 321static int family_handler(struct nl_msg *msg, void *arg) 322{ 323 struct family_data *res = arg; 324 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 325 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 326 struct nlattr *mcgrp; 327 int i; 328 329 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 330 genlmsg_attrlen(gnlh, 0), NULL); 331 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 332 return NL_SKIP; 333 334 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 335 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 336 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 337 nla_len(mcgrp), NULL); 338 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 339 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 340 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 341 res->group, 342 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 343 continue; 344 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 345 break; 346 }; 347 348 return NL_SKIP; 349} 350 351 352static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv, 353 const char *family, const char *group) 354{ 355 struct nl_msg *msg; 356 int ret = -1; 357 struct family_data res = { group, -ENOENT }; 358 359 msg = nlmsg_alloc(); 360 if (!msg) 361 return -ENOMEM; 362 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"), 363 0, 0, CTRL_CMD_GETFAMILY, 0); 364 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 365 366 ret = send_and_recv_msgs(drv, msg, family_handler, &res); 367 msg = NULL; 368 if (ret == 0) 369 ret = res.id; 370 371nla_put_failure: 372 nlmsg_free(msg); 373 return ret; 374} 375 376 377static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 378{ 379 struct i802_bss *bss = priv; 380 struct wpa_driver_nl80211_data *drv = bss->drv; 381 if (!drv->associated) 382 return -1; 383 os_memcpy(bssid, drv->bssid, ETH_ALEN); 384 return 0; 385} 386 387 388static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 389{ 390 struct i802_bss *bss = priv; 391 struct wpa_driver_nl80211_data *drv = bss->drv; 392 if (!drv->associated) 393 return -1; 394 os_memcpy(ssid, drv->ssid, drv->ssid_len); 395 return drv->ssid_len; 396} 397 398 399static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv, 400 char *buf, size_t len, int del) 401{ 402 union wpa_event_data event; 403 404 os_memset(&event, 0, sizeof(event)); 405 if (len > sizeof(event.interface_status.ifname)) 406 len = sizeof(event.interface_status.ifname) - 1; 407 os_memcpy(event.interface_status.ifname, buf, len); 408 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 409 EVENT_INTERFACE_ADDED; 410 411 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 412 del ? "DEL" : "NEW", 413 event.interface_status.ifname, 414 del ? "removed" : "added"); 415 416 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) { 417 if (del) 418 drv->if_removed = 1; 419 else 420 drv->if_removed = 0; 421 } 422 423 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 424} 425 426 427static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 428 u8 *buf, size_t len) 429{ 430 int attrlen, rta_len; 431 struct rtattr *attr; 432 433 attrlen = len; 434 attr = (struct rtattr *) buf; 435 436 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 437 while (RTA_OK(attr, attrlen)) { 438 if (attr->rta_type == IFLA_IFNAME) { 439 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname) 440 == 0) 441 return 1; 442 else 443 break; 444 } 445 attr = RTA_NEXT(attr, attrlen); 446 } 447 448 return 0; 449} 450 451 452static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 453 int ifindex, u8 *buf, size_t len) 454{ 455 if (drv->ifindex == ifindex) 456 return 1; 457 458 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 459 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname); 460 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 461 "interface"); 462 wpa_driver_nl80211_finish_drv_init(drv); 463 return 1; 464 } 465 466 return 0; 467} 468 469 470static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 471 struct ifinfomsg *ifi, 472 u8 *buf, size_t len) 473{ 474 struct wpa_driver_nl80211_data *drv = ctx; 475 int attrlen, rta_len; 476 struct rtattr *attr; 477 u32 brid = 0; 478 479 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, buf, len) && 480 !have_ifidx(drv, ifi->ifi_index)) { 481 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign " 482 "ifindex %d", ifi->ifi_index); 483 return; 484 } 485 486 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 487 "(%s%s%s%s)", 488 drv->operstate, ifi->ifi_flags, 489 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 490 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 491 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 492 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 493 494 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 495 wpa_printf(MSG_DEBUG, "nl80211: Interface down"); 496 drv->if_disabled = 1; 497 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL); 498 } 499 500 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 501 wpa_printf(MSG_DEBUG, "nl80211: Interface up"); 502 drv->if_disabled = 0; 503 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL); 504 } 505 506 /* 507 * Some drivers send the association event before the operup event--in 508 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 509 * fails. This will hit us when wpa_supplicant does not need to do 510 * IEEE 802.1X authentication 511 */ 512 if (drv->operstate == 1 && 513 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 514 !(ifi->ifi_flags & IFF_RUNNING)) 515 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 516 -1, IF_OPER_UP); 517 518 attrlen = len; 519 attr = (struct rtattr *) buf; 520 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 521 while (RTA_OK(attr, attrlen)) { 522 if (attr->rta_type == IFLA_IFNAME) { 523 wpa_driver_nl80211_event_link( 524 drv, 525 ((char *) attr) + rta_len, 526 attr->rta_len - rta_len, 0); 527 } else if (attr->rta_type == IFLA_MASTER) 528 brid = nla_get_u32((struct nlattr *) attr); 529 attr = RTA_NEXT(attr, attrlen); 530 } 531 532#ifdef HOSTAPD 533 if (ifi->ifi_family == AF_BRIDGE && brid) { 534 /* device has been added to bridge */ 535 char namebuf[IFNAMSIZ]; 536 if_indextoname(brid, namebuf); 537 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 538 brid, namebuf); 539 add_ifidx(drv, brid); 540 } 541#endif /* HOSTAPD */ 542} 543 544 545static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 546 struct ifinfomsg *ifi, 547 u8 *buf, size_t len) 548{ 549 struct wpa_driver_nl80211_data *drv = ctx; 550 int attrlen, rta_len; 551 struct rtattr *attr; 552 u32 brid = 0; 553 554 attrlen = len; 555 attr = (struct rtattr *) buf; 556 557 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 558 while (RTA_OK(attr, attrlen)) { 559 if (attr->rta_type == IFLA_IFNAME) { 560 wpa_driver_nl80211_event_link( 561 drv, 562 ((char *) attr) + rta_len, 563 attr->rta_len - rta_len, 1); 564 } else if (attr->rta_type == IFLA_MASTER) 565 brid = nla_get_u32((struct nlattr *) attr); 566 attr = RTA_NEXT(attr, attrlen); 567 } 568 569#ifdef HOSTAPD 570 if (ifi->ifi_family == AF_BRIDGE && brid) { 571 /* device has been removed from bridge */ 572 char namebuf[IFNAMSIZ]; 573 if_indextoname(brid, namebuf); 574 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 575 "%s", brid, namebuf); 576 del_ifidx(drv, brid); 577 } 578#endif /* HOSTAPD */ 579} 580 581 582static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 583 const u8 *frame, size_t len) 584{ 585 const struct ieee80211_mgmt *mgmt; 586 union wpa_event_data event; 587 588 mgmt = (const struct ieee80211_mgmt *) frame; 589 if (len < 24 + sizeof(mgmt->u.auth)) { 590 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 591 "frame"); 592 return; 593 } 594 595 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 596 os_memset(&event, 0, sizeof(event)); 597 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 598 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 599 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 600 if (len > 24 + sizeof(mgmt->u.auth)) { 601 event.auth.ies = mgmt->u.auth.variable; 602 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 603 } 604 605 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 606} 607 608 609static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv) 610{ 611 struct nl_msg *msg; 612 int ret; 613 struct nl80211_bss_info_arg arg; 614 615 os_memset(&arg, 0, sizeof(arg)); 616 msg = nlmsg_alloc(); 617 if (!msg) 618 goto nla_put_failure; 619 620 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP, 621 NL80211_CMD_GET_SCAN, 0); 622 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 623 624 arg.drv = drv; 625 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 626 msg = NULL; 627 if (ret == 0) { 628 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the " 629 "associated BSS from scan results: %u MHz", 630 arg.assoc_freq); 631 return arg.assoc_freq ? arg.assoc_freq : drv->assoc_freq; 632 } 633 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 634 "(%s)", ret, strerror(-ret)); 635nla_put_failure: 636 nlmsg_free(msg); 637 return drv->assoc_freq; 638} 639 640 641static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 642 const u8 *frame, size_t len) 643{ 644 const struct ieee80211_mgmt *mgmt; 645 union wpa_event_data event; 646 u16 status; 647#ifdef ANDROID_BRCM_P2P_PATCH 648 struct wpa_supplicant *wpa_s = drv->ctx; 649#endif 650 651 mgmt = (const struct ieee80211_mgmt *) frame; 652#if (defined (CONFIG_AP) || defined (HOSTAPD) ) && defined (ANDROID_BRCM_P2P_PATCH) 653 if (drv->nlmode == NL80211_IFTYPE_AP || drv->nlmode == NL80211_IFTYPE_P2P_GO) { 654 if (len < 24 + sizeof(mgmt->u.assoc_req)) { 655 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 656 "frame"); 657 return; 658 } 659 os_memset(&event, 0, sizeof(event)); 660 event.assoc_info.freq = drv->assoc_freq; 661 event.assoc_info.req_ies = (u8 *) mgmt->u.assoc_req.variable; 662 event.assoc_info.req_ies_len = len - 24 - sizeof(mgmt->u.assoc_req); 663 event.assoc_info.addr = mgmt->sa; 664 } else { 665#endif 666 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 667 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 668 "frame"); 669 return; 670 } 671 672 status = le_to_host16(mgmt->u.assoc_resp.status_code); 673 if (status != WLAN_STATUS_SUCCESS) { 674 os_memset(&event, 0, sizeof(event)); 675 event.assoc_reject.bssid = mgmt->bssid; 676 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 677 event.assoc_reject.resp_ies = 678 (u8 *) mgmt->u.assoc_resp.variable; 679 event.assoc_reject.resp_ies_len = 680 len - 24 - sizeof(mgmt->u.assoc_resp); 681 } 682 event.assoc_reject.status_code = status; 683 684 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 685 return; 686 } 687 688 drv->associated = 1; 689 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 690 691 os_memset(&event, 0, sizeof(event)); 692 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 693 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 694 event.assoc_info.resp_ies_len = 695 len - 24 - sizeof(mgmt->u.assoc_resp); 696 } 697 698 event.assoc_info.freq = drv->assoc_freq; 699#if (defined (CONFIG_AP) || defined(HOSTAPD)) && defined (ANDROID_BRCM_P2P_PATCH) 700 } 701#endif 702 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 703} 704 705 706static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 707 enum nl80211_commands cmd, struct nlattr *status, 708 struct nlattr *addr, struct nlattr *req_ie, 709 struct nlattr *resp_ie) 710{ 711 union wpa_event_data event; 712 713 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 714 /* 715 * Avoid reporting two association events that would confuse 716 * the core code. 717 */ 718 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 719 "when using userspace SME", cmd); 720 return; 721 } 722 723 os_memset(&event, 0, sizeof(event)); 724 if (cmd == NL80211_CMD_CONNECT && 725 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 726 if (addr) 727 event.assoc_reject.bssid = nla_data(addr); 728 if (resp_ie) { 729 event.assoc_reject.resp_ies = nla_data(resp_ie); 730 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 731 } 732 event.assoc_reject.status_code = nla_get_u16(status); 733 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 734 return; 735 } 736 737 drv->associated = 1; 738 if (addr) 739 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 740 741 if (req_ie) { 742 event.assoc_info.req_ies = nla_data(req_ie); 743 event.assoc_info.req_ies_len = nla_len(req_ie); 744 } 745 if (resp_ie) { 746 event.assoc_info.resp_ies = nla_data(resp_ie); 747 event.assoc_info.resp_ies_len = nla_len(resp_ie); 748 } 749 750 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 751 752 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 753} 754 755 756static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 757 enum nl80211_commands cmd, struct nlattr *addr) 758{ 759 union wpa_event_data event; 760 enum wpa_event_type ev; 761 762 if (nla_len(addr) != ETH_ALEN) 763 return; 764 765 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 766 cmd, MAC2STR((u8 *) nla_data(addr))); 767 768 if (cmd == NL80211_CMD_AUTHENTICATE) 769 ev = EVENT_AUTH_TIMED_OUT; 770 else if (cmd == NL80211_CMD_ASSOCIATE) 771 ev = EVENT_ASSOC_TIMED_OUT; 772 else 773 return; 774 775 os_memset(&event, 0, sizeof(event)); 776 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 777 wpa_supplicant_event(drv->ctx, ev, &event); 778} 779 780 781static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv, 782 struct nlattr *freq, const u8 *frame, size_t len) 783{ 784 const struct ieee80211_mgmt *mgmt; 785 union wpa_event_data event; 786 u16 fc, stype; 787 788 mgmt = (const struct ieee80211_mgmt *) frame; 789 if (len < 24) { 790 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame"); 791 return; 792 } 793 794 fc = le_to_host16(mgmt->frame_control); 795 stype = WLAN_FC_GET_STYPE(fc); 796 797 os_memset(&event, 0, sizeof(event)); 798 if (freq) { 799 event.rx_action.freq = nla_get_u32(freq); 800 drv->last_mgmt_freq = event.rx_action.freq; 801 } 802 if (stype == WLAN_FC_STYPE_ACTION) { 803 event.rx_action.da = mgmt->da; 804 event.rx_action.sa = mgmt->sa; 805 event.rx_action.bssid = mgmt->bssid; 806 event.rx_action.category = mgmt->u.action.category; 807 event.rx_action.data = &mgmt->u.action.category + 1; 808 event.rx_action.len = frame + len - event.rx_action.data; 809 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event); 810 } else { 811 event.rx_mgmt.frame = frame; 812 event.rx_mgmt.frame_len = len; 813 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 814 } 815} 816 817 818static void mlme_event_action_tx_status(struct wpa_driver_nl80211_data *drv, 819 struct nlattr *cookie, const u8 *frame, 820 size_t len, struct nlattr *ack) 821{ 822 union wpa_event_data event; 823 const struct ieee80211_hdr *hdr; 824 u16 fc; 825 u64 cookie_val; 826 827 if (!cookie) 828 return; 829 830 cookie_val = nla_get_u64(cookie); 831 wpa_printf(MSG_DEBUG, "nl80211: Action TX status: cookie=0%llx%s " 832 "(ack=%d)", 833 (long long unsigned int) cookie_val, 834 cookie_val == drv->send_action_cookie ? 835 " (match)" : " (unknown)", ack != NULL); 836 if (cookie_val != drv->send_action_cookie) 837 return; 838 839 hdr = (const struct ieee80211_hdr *) frame; 840 fc = le_to_host16(hdr->frame_control); 841 842 os_memset(&event, 0, sizeof(event)); 843 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 844 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 845 event.tx_status.dst = hdr->addr1; 846 event.tx_status.data = frame; 847 event.tx_status.data_len = len; 848 event.tx_status.ack = ack != NULL; 849 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 850} 851 852 853static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 854 enum wpa_event_type type, 855 const u8 *frame, size_t len) 856{ 857 const struct ieee80211_mgmt *mgmt; 858 union wpa_event_data event; 859 const u8 *bssid = NULL; 860 u16 reason_code = 0; 861 862 mgmt = (const struct ieee80211_mgmt *) frame; 863 if (len >= 24) { 864 bssid = mgmt->bssid; 865 866 if (drv->associated != 0 && 867 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 868 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 869 /* 870 * We have presumably received this deauth as a 871 * response to a clear_state_mismatch() outgoing 872 * deauth. Don't let it take us offline! 873 */ 874 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 875 "from Unknown BSSID " MACSTR " -- ignoring", 876 MAC2STR(bssid)); 877 return; 878 } 879 } 880 881 drv->associated = 0; 882 os_memset(&event, 0, sizeof(event)); 883 884 /* Note: Same offset for Reason Code in both frame subtypes */ 885 if (len >= 24 + sizeof(mgmt->u.deauth)) 886 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 887 888 if (type == EVENT_DISASSOC) { 889#ifdef ANDROID_BRCM_P2P_PATCH 890 if (drv->nlmode == NL80211_IFTYPE_AP || 891 drv->nlmode == NL80211_IFTYPE_P2P_GO) { 892 event.disassoc_info.addr = mgmt->sa; 893 } else 894#endif 895 event.disassoc_info.addr = bssid; 896 event.disassoc_info.reason_code = reason_code; 897 if (frame + len > mgmt->u.disassoc.variable) { 898 event.disassoc_info.ie = mgmt->u.disassoc.variable; 899 event.disassoc_info.ie_len = frame + len - 900 mgmt->u.disassoc.variable; 901 } 902 } else { 903#ifdef ANDROID_BRCM_P2P_PATCH 904 if (drv->nlmode == NL80211_IFTYPE_AP || 905 drv->nlmode == NL80211_IFTYPE_P2P_GO) { 906 event.deauth_info.addr = mgmt->sa; 907 } else 908#endif 909 event.deauth_info.addr = bssid; 910 event.deauth_info.reason_code = reason_code; 911 if (frame + len > mgmt->u.deauth.variable) { 912 event.deauth_info.ie = mgmt->u.deauth.variable; 913 event.deauth_info.ie_len = frame + len - 914 mgmt->u.deauth.variable; 915 } 916 } 917 918 wpa_supplicant_event(drv->ctx, type, &event); 919} 920 921 922static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 923 enum wpa_event_type type, 924 const u8 *frame, size_t len) 925{ 926 const struct ieee80211_mgmt *mgmt; 927 union wpa_event_data event; 928 u16 reason_code = 0; 929 930 if (len < 24) 931 return; 932 933 mgmt = (const struct ieee80211_mgmt *) frame; 934 935 os_memset(&event, 0, sizeof(event)); 936 /* Note: Same offset for Reason Code in both frame subtypes */ 937 if (len >= 24 + sizeof(mgmt->u.deauth)) 938 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 939 940 if (type == EVENT_UNPROT_DISASSOC) { 941 event.unprot_disassoc.sa = mgmt->sa; 942 event.unprot_disassoc.da = mgmt->da; 943 event.unprot_disassoc.reason_code = reason_code; 944 } else { 945 event.unprot_deauth.sa = mgmt->sa; 946 event.unprot_deauth.da = mgmt->da; 947 event.unprot_deauth.reason_code = reason_code; 948 } 949 950 wpa_supplicant_event(drv->ctx, type, &event); 951} 952 953 954static void mlme_event(struct wpa_driver_nl80211_data *drv, 955 enum nl80211_commands cmd, struct nlattr *frame, 956 struct nlattr *addr, struct nlattr *timed_out, 957 struct nlattr *freq, struct nlattr *ack, 958 struct nlattr *cookie) 959{ 960 if (timed_out && addr) { 961 mlme_timeout_event(drv, cmd, addr); 962 return; 963 } 964 965 if (frame == NULL) { 966 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame " 967 "data", cmd); 968 return; 969 } 970 971 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd); 972 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 973 nla_data(frame), nla_len(frame)); 974 975 switch (cmd) { 976 case NL80211_CMD_AUTHENTICATE: 977 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 978 break; 979 case NL80211_CMD_ASSOCIATE: 980 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 981 break; 982 case NL80211_CMD_DEAUTHENTICATE: 983 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 984 nla_data(frame), nla_len(frame)); 985 break; 986 case NL80211_CMD_DISASSOCIATE: 987 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 988 nla_data(frame), nla_len(frame)); 989 break; 990 case NL80211_CMD_FRAME: 991 mlme_event_mgmt(drv, freq, nla_data(frame), nla_len(frame)); 992 break; 993 case NL80211_CMD_FRAME_TX_STATUS: 994 mlme_event_action_tx_status(drv, cookie, nla_data(frame), 995 nla_len(frame), ack); 996 break; 997 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 998 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 999 nla_data(frame), nla_len(frame)); 1000 break; 1001 case NL80211_CMD_UNPROT_DISASSOCIATE: 1002 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 1003 nla_data(frame), nla_len(frame)); 1004 break; 1005 default: 1006 break; 1007 } 1008} 1009 1010 1011static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv, 1012 struct nlattr *tb[]) 1013{ 1014 union wpa_event_data data; 1015 1016 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 1017 os_memset(&data, 0, sizeof(data)); 1018 if (tb[NL80211_ATTR_MAC]) { 1019 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 1020 nla_data(tb[NL80211_ATTR_MAC]), 1021 nla_len(tb[NL80211_ATTR_MAC])); 1022 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 1023 } 1024 if (tb[NL80211_ATTR_KEY_SEQ]) { 1025 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 1026 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 1027 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 1028 } 1029 if (tb[NL80211_ATTR_KEY_TYPE]) { 1030 enum nl80211_key_type key_type = 1031 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 1032 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 1033 if (key_type == NL80211_KEYTYPE_PAIRWISE) 1034 data.michael_mic_failure.unicast = 1; 1035 } else 1036 data.michael_mic_failure.unicast = 1; 1037 1038 if (tb[NL80211_ATTR_KEY_IDX]) { 1039 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 1040 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 1041 } 1042 1043 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 1044} 1045 1046 1047static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 1048 struct nlattr *tb[]) 1049{ 1050 if (tb[NL80211_ATTR_MAC] == NULL) { 1051 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 1052 "event"); 1053 return; 1054 } 1055 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1056 drv->associated = 1; 1057 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 1058 MAC2STR(drv->bssid)); 1059 1060 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 1061} 1062 1063 1064static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 1065 int cancel_event, struct nlattr *tb[]) 1066{ 1067 unsigned int freq, chan_type, duration; 1068 union wpa_event_data data; 1069 u64 cookie; 1070 1071 if (tb[NL80211_ATTR_WIPHY_FREQ]) 1072 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 1073 else 1074 freq = 0; 1075 1076 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 1077 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1078 else 1079 chan_type = 0; 1080 1081 if (tb[NL80211_ATTR_DURATION]) 1082 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 1083 else 1084 duration = 0; 1085 1086 if (tb[NL80211_ATTR_COOKIE]) 1087 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 1088 else 1089 cookie = 0; 1090 1091 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 1092 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 1093 cancel_event, freq, chan_type, duration, 1094 (long long unsigned int) cookie, 1095 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 1096 1097 if (cookie != drv->remain_on_chan_cookie) 1098 return; /* not for us */ 1099 1100 drv->pending_remain_on_chan = !cancel_event; 1101 1102 os_memset(&data, 0, sizeof(data)); 1103 data.remain_on_channel.freq = freq; 1104 data.remain_on_channel.duration = duration; 1105 wpa_supplicant_event(drv->ctx, cancel_event ? 1106 EVENT_CANCEL_REMAIN_ON_CHANNEL : 1107 EVENT_REMAIN_ON_CHANNEL, &data); 1108} 1109 1110 1111static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 1112 struct nlattr *tb[]) 1113{ 1114 union wpa_event_data event; 1115 struct nlattr *nl; 1116 int rem; 1117 struct scan_info *info; 1118#define MAX_REPORT_FREQS 50 1119 int freqs[MAX_REPORT_FREQS]; 1120 int num_freqs = 0; 1121 1122 os_memset(&event, 0, sizeof(event)); 1123 info = &event.scan_info; 1124 info->aborted = aborted; 1125 1126 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 1127 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 1128 struct wpa_driver_scan_ssid *s = 1129 &info->ssids[info->num_ssids]; 1130 s->ssid = nla_data(nl); 1131 s->ssid_len = nla_len(nl); 1132 info->num_ssids++; 1133 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 1134 break; 1135 } 1136 } 1137 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 1138 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 1139 { 1140 freqs[num_freqs] = nla_get_u32(nl); 1141 num_freqs++; 1142 if (num_freqs == MAX_REPORT_FREQS - 1) 1143 break; 1144 } 1145 info->freqs = freqs; 1146 info->num_freqs = num_freqs; 1147 } 1148 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 1149} 1150 1151 1152static int get_link_signal(struct nl_msg *msg, void *arg) 1153{ 1154 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1155 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1156 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1]; 1157 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = { 1158 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 }, 1159 }; 1160 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1]; 1161 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = { 1162 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 }, 1163 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 }, 1164 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG }, 1165 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG }, 1166 }; 1167 struct wpa_signal_info *sig_change = arg; 1168 1169 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1170 genlmsg_attrlen(gnlh, 0), NULL); 1171 if (!tb[NL80211_ATTR_STA_INFO] || 1172 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX, 1173 tb[NL80211_ATTR_STA_INFO], policy)) 1174 return NL_SKIP; 1175 if (!sinfo[NL80211_STA_INFO_SIGNAL]) 1176 return NL_SKIP; 1177 1178 sig_change->current_signal = 1179 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]); 1180 1181 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) { 1182 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX, 1183 sinfo[NL80211_STA_INFO_TX_BITRATE], 1184 rate_policy)) { 1185 sig_change->current_txrate = 0; 1186 } else { 1187 if (rinfo[NL80211_RATE_INFO_BITRATE]) { 1188 sig_change->current_txrate = 1189 nla_get_u16(rinfo[ 1190 NL80211_RATE_INFO_BITRATE]) * 100; 1191 } 1192 } 1193 } 1194 1195 return NL_SKIP; 1196} 1197 1198 1199static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, 1200 struct wpa_signal_info *sig) 1201{ 1202 struct nl_msg *msg; 1203 1204 sig->current_signal = -9999; 1205 sig->current_txrate = 0; 1206 1207 msg = nlmsg_alloc(); 1208 if (!msg) 1209 return -ENOMEM; 1210 1211 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1212 0, NL80211_CMD_GET_STATION, 0); 1213 1214 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1215 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 1216 1217 return send_and_recv_msgs(drv, msg, get_link_signal, sig); 1218 nla_put_failure: 1219 return -ENOBUFS; 1220} 1221 1222 1223static int get_link_noise(struct nl_msg *msg, void *arg) 1224{ 1225 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1226 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1227 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 1228 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 1229 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 1230 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 1231 }; 1232 struct wpa_signal_info *sig_change = arg; 1233 1234 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1235 genlmsg_attrlen(gnlh, 0), NULL); 1236 1237 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 1238 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!"); 1239 return NL_SKIP; 1240 } 1241 1242 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 1243 tb[NL80211_ATTR_SURVEY_INFO], 1244 survey_policy)) { 1245 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested " 1246 "attributes!"); 1247 return NL_SKIP; 1248 } 1249 1250 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 1251 return NL_SKIP; 1252 1253 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 1254 sig_change->frequency) 1255 return NL_SKIP; 1256 1257 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 1258 return NL_SKIP; 1259 1260 sig_change->current_noise = 1261 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 1262 1263 return NL_SKIP; 1264} 1265 1266 1267static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, 1268 struct wpa_signal_info *sig_change) 1269{ 1270 struct nl_msg *msg; 1271 1272 sig_change->current_noise = 9999; 1273 sig_change->frequency = drv->assoc_freq; 1274 1275 msg = nlmsg_alloc(); 1276 if (!msg) 1277 return -ENOMEM; 1278 1279 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1280 NLM_F_DUMP, NL80211_CMD_GET_SURVEY, 0); 1281 1282 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1283 1284 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change); 1285 nla_put_failure: 1286 return -ENOBUFS; 1287} 1288 1289 1290static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 1291 struct nlattr *tb[]) 1292{ 1293 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 1294 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 1295 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 1296 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 1297 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 1298 }; 1299 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 1300 enum nl80211_cqm_rssi_threshold_event event; 1301 union wpa_event_data ed; 1302 struct wpa_signal_info sig; 1303 int res; 1304 1305 if (tb[NL80211_ATTR_CQM] == NULL || 1306 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 1307 cqm_policy)) { 1308 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 1309 return; 1310 } 1311 1312 os_memset(&ed, 0, sizeof(ed)); 1313 1314 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 1315 if (!tb[NL80211_ATTR_MAC]) 1316 return; 1317 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 1318 ETH_ALEN); 1319 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 1320 return; 1321 } 1322 1323 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 1324 return; 1325 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 1326 1327 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 1328 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1329 "event: RSSI high"); 1330 ed.signal_change.above_threshold = 1; 1331 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 1332 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1333 "event: RSSI low"); 1334 ed.signal_change.above_threshold = 0; 1335 } else 1336 return; 1337 1338 res = nl80211_get_link_signal(drv, &sig); 1339 if (res == 0) { 1340 ed.signal_change.current_signal = sig.current_signal; 1341 ed.signal_change.current_txrate = sig.current_txrate; 1342 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 1343 sig.current_signal, sig.current_txrate); 1344 } 1345 1346 res = nl80211_get_link_noise(drv, &sig); 1347 if (res == 0) { 1348 ed.signal_change.current_noise = sig.current_noise; 1349 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 1350 sig.current_noise); 1351 } 1352 1353 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 1354} 1355 1356 1357static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 1358 struct nlattr **tb) 1359{ 1360 u8 *addr; 1361 union wpa_event_data data; 1362 1363 if (tb[NL80211_ATTR_MAC] == NULL) 1364 return; 1365 addr = nla_data(tb[NL80211_ATTR_MAC]); 1366 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 1367 1368 if (drv->nlmode == NL80211_IFTYPE_AP && 1369 drv->no_monitor_iface_capab) { 1370 u8 *ies = NULL; 1371 size_t ies_len = 0; 1372 if (tb[NL80211_ATTR_IE]) { 1373 ies = nla_data(tb[NL80211_ATTR_IE]); 1374 ies_len = nla_len(tb[NL80211_ATTR_IE]); 1375 } 1376 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 1377 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0); 1378 return; 1379 } 1380 1381 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1382 return; 1383 1384 os_memset(&data, 0, sizeof(data)); 1385 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 1386 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data); 1387} 1388 1389 1390static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 1391 struct nlattr **tb) 1392{ 1393 u8 *addr; 1394 union wpa_event_data data; 1395 1396 if (tb[NL80211_ATTR_MAC] == NULL) 1397 return; 1398 addr = nla_data(tb[NL80211_ATTR_MAC]); 1399 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 1400 MAC2STR(addr)); 1401 1402 if (drv->nlmode == NL80211_IFTYPE_AP && 1403 drv->no_monitor_iface_capab) { 1404 drv_event_disassoc(drv->ctx, addr); 1405 return; 1406 } 1407 1408 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1409 return; 1410 1411 os_memset(&data, 0, sizeof(data)); 1412 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 1413 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 1414} 1415 1416 1417static int process_event(struct nl_msg *msg, void *arg) 1418{ 1419 struct wpa_driver_nl80211_data *drv = arg; 1420 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1421 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1422 union wpa_event_data data; 1423 1424 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1425 genlmsg_attrlen(gnlh, 0), NULL); 1426 1427 if (tb[NL80211_ATTR_IFINDEX]) { 1428 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 1429 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) { 1430 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)" 1431 " for foreign interface (ifindex %d)", 1432 gnlh->cmd, ifindex); 1433 return NL_SKIP; 1434 } 1435 } 1436 1437 if (drv->ap_scan_as_station && 1438 (gnlh->cmd == NL80211_CMD_NEW_SCAN_RESULTS || 1439 gnlh->cmd == NL80211_CMD_SCAN_ABORTED)) { 1440 wpa_driver_nl80211_set_mode(&drv->first_bss, 1441 IEEE80211_MODE_AP); 1442 drv->ap_scan_as_station = 0; 1443 } 1444 1445 switch (gnlh->cmd) { 1446 case NL80211_CMD_TRIGGER_SCAN: 1447 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger"); 1448 break; 1449 case NL80211_CMD_NEW_SCAN_RESULTS: 1450 wpa_printf(MSG_DEBUG, "nl80211: New scan results available"); 1451 drv->scan_complete_events = 1; 1452 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1453 drv->ctx); 1454 send_scan_event(drv, 0, tb); 1455 break; 1456 case NL80211_CMD_SCAN_ABORTED: 1457 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted"); 1458 /* 1459 * Need to indicate that scan results are available in order 1460 * not to make wpa_supplicant stop its scanning. 1461 */ 1462 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1463 drv->ctx); 1464 send_scan_event(drv, 1, tb); 1465 break; 1466 case NL80211_CMD_AUTHENTICATE: 1467 case NL80211_CMD_ASSOCIATE: 1468 case NL80211_CMD_DEAUTHENTICATE: 1469 case NL80211_CMD_DISASSOCIATE: 1470 case NL80211_CMD_FRAME: 1471 case NL80211_CMD_FRAME_TX_STATUS: 1472 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1473 case NL80211_CMD_UNPROT_DISASSOCIATE: 1474 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME], 1475 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 1476 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 1477 tb[NL80211_ATTR_COOKIE]); 1478 break; 1479 case NL80211_CMD_CONNECT: 1480 case NL80211_CMD_ROAM: 1481 mlme_event_connect(drv, gnlh->cmd, 1482 tb[NL80211_ATTR_STATUS_CODE], 1483 tb[NL80211_ATTR_MAC], 1484 tb[NL80211_ATTR_REQ_IE], 1485 tb[NL80211_ATTR_RESP_IE]); 1486 break; 1487 case NL80211_CMD_DISCONNECT: 1488 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1489 /* 1490 * Avoid reporting two disassociation events that could 1491 * confuse the core code. 1492 */ 1493 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1494 "event when using userspace SME"); 1495 break; 1496 } 1497 drv->associated = 0; 1498 os_memset(&data, 0, sizeof(data)); 1499 if (tb[NL80211_ATTR_REASON_CODE]) 1500 data.disassoc_info.reason_code = 1501 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 1502 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data); 1503 break; 1504 case NL80211_CMD_MICHAEL_MIC_FAILURE: 1505 mlme_event_michael_mic_failure(drv, tb); 1506 break; 1507 case NL80211_CMD_JOIN_IBSS: 1508 mlme_event_join_ibss(drv, tb); 1509 break; 1510 case NL80211_CMD_REMAIN_ON_CHANNEL: 1511 mlme_event_remain_on_channel(drv, 0, tb); 1512 break; 1513 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 1514 mlme_event_remain_on_channel(drv, 1, tb); 1515 break; 1516 case NL80211_CMD_NOTIFY_CQM: 1517 nl80211_cqm_event(drv, tb); 1518 break; 1519 case NL80211_CMD_REG_CHANGE: 1520 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 1521 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 1522 NULL); 1523 break; 1524 case NL80211_CMD_REG_BEACON_HINT: 1525 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 1526 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 1527 NULL); 1528 break; 1529 case NL80211_CMD_NEW_STATION: 1530 nl80211_new_station_event(drv, tb); 1531 break; 1532 case NL80211_CMD_DEL_STATION: 1533 nl80211_del_station_event(drv, tb); 1534 break; 1535 default: 1536 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 1537 "(cmd=%d)", gnlh->cmd); 1538 break; 1539 } 1540 1541 return NL_SKIP; 1542} 1543 1544 1545static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 1546 void *handle) 1547{ 1548 struct nl_cb *cb; 1549 struct wpa_driver_nl80211_data *drv = eloop_ctx; 1550 1551 wpa_printf(MSG_DEBUG, "nl80211: Event message available"); 1552 1553 cb = nl_cb_clone(drv->nl_cb); 1554 if (!cb) 1555 return; 1556 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 1557 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv); 1558 nl_recvmsgs(handle, cb); 1559 nl_cb_put(cb); 1560} 1561 1562 1563/** 1564 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 1565 * @priv: driver_nl80211 private data 1566 * @alpha2_arg: country to which to switch to 1567 * Returns: 0 on success, -1 on failure 1568 * 1569 * This asks nl80211 to set the regulatory domain for given 1570 * country ISO / IEC alpha2. 1571 */ 1572static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 1573{ 1574 struct i802_bss *bss = priv; 1575 struct wpa_driver_nl80211_data *drv = bss->drv; 1576 char alpha2[3]; 1577 struct nl_msg *msg; 1578 1579 msg = nlmsg_alloc(); 1580 if (!msg) 1581 return -ENOMEM; 1582 1583 alpha2[0] = alpha2_arg[0]; 1584 alpha2[1] = alpha2_arg[1]; 1585 alpha2[2] = '\0'; 1586 1587 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1588 0, NL80211_CMD_REQ_SET_REG, 0); 1589 1590 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 1591 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 1592 return -EINVAL; 1593 return 0; 1594nla_put_failure: 1595 return -EINVAL; 1596} 1597 1598 1599struct wiphy_info_data { 1600 int max_scan_ssids; 1601 int ap_supported; 1602 int p2p_supported; 1603 int auth_supported; 1604 int connect_supported; 1605 int offchan_tx_supported; 1606 int max_remain_on_chan; 1607}; 1608 1609 1610static int wiphy_info_handler(struct nl_msg *msg, void *arg) 1611{ 1612 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1613 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1614 struct wiphy_info_data *info = arg; 1615 int p2p_go_supported = 0, p2p_client_supported = 0; 1616 1617 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1618 genlmsg_attrlen(gnlh, 0), NULL); 1619 1620 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 1621 info->max_scan_ssids = 1622 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 1623 1624 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) { 1625 struct nlattr *nl_mode; 1626 int i; 1627 nla_for_each_nested(nl_mode, 1628 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) { 1629 switch (nla_type(nl_mode)) { 1630 case NL80211_IFTYPE_AP: 1631 info->ap_supported = 1; 1632 break; 1633 case NL80211_IFTYPE_P2P_GO: 1634 p2p_go_supported = 1; 1635 break; 1636 case NL80211_IFTYPE_P2P_CLIENT: 1637 p2p_client_supported = 1; 1638 break; 1639 } 1640 } 1641 } 1642 1643 info->p2p_supported = p2p_go_supported && p2p_client_supported; 1644 1645 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) { 1646 struct nlattr *nl_cmd; 1647 int i; 1648 1649 nla_for_each_nested(nl_cmd, 1650 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) { 1651 u32 cmd = nla_get_u32(nl_cmd); 1652 if (cmd == NL80211_CMD_AUTHENTICATE) 1653 info->auth_supported = 1; 1654 else if (cmd == NL80211_CMD_CONNECT) 1655 info->connect_supported = 1; 1656 } 1657 } 1658 1659 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) 1660 info->offchan_tx_supported = 1; 1661 1662 if (tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]) 1663 info->max_remain_on_chan = 1664 nla_get_u32(tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]); 1665 1666 return NL_SKIP; 1667} 1668 1669 1670static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 1671 struct wiphy_info_data *info) 1672{ 1673 struct nl_msg *msg; 1674 1675 os_memset(info, 0, sizeof(*info)); 1676 1677 /* default to 5000 since early versions of mac80211 don't set it */ 1678 info->max_remain_on_chan = 5000; 1679 1680 msg = nlmsg_alloc(); 1681 if (!msg) 1682 return -1; 1683 1684 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1685 0, NL80211_CMD_GET_WIPHY, 0); 1686 1687 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex); 1688 1689 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0) 1690 return 0; 1691 msg = NULL; 1692nla_put_failure: 1693 nlmsg_free(msg); 1694 return -1; 1695} 1696 1697 1698static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 1699{ 1700 struct wiphy_info_data info; 1701 if (wpa_driver_nl80211_get_info(drv, &info)) 1702 return -1; 1703 drv->has_capability = 1; 1704 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */ 1705 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 1706 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 1707 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 1708 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 1709 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 | 1710 WPA_DRIVER_CAPA_ENC_WEP104 | 1711 WPA_DRIVER_CAPA_ENC_TKIP | 1712 WPA_DRIVER_CAPA_ENC_CCMP; 1713 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 1714 WPA_DRIVER_AUTH_SHARED | 1715 WPA_DRIVER_AUTH_LEAP; 1716 1717 drv->capa.max_scan_ssids = info.max_scan_ssids; 1718 if (info.ap_supported) 1719 drv->capa.flags |= WPA_DRIVER_FLAGS_AP; 1720 1721 if (info.auth_supported) 1722 drv->capa.flags |= WPA_DRIVER_FLAGS_SME; 1723 else if (!info.connect_supported) { 1724 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 1725 "authentication/association or connect commands"); 1726 return -1; 1727 } 1728 1729 if (info.offchan_tx_supported) { 1730 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based " 1731 "off-channel TX"); 1732 drv->capa.flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 1733 } 1734 1735 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES; 1736 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 1737 if (info.p2p_supported) 1738 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE; 1739 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 1740 drv->capa.max_remain_on_chan = info.max_remain_on_chan; 1741 1742 return 0; 1743} 1744 1745 1746static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) 1747{ 1748 int ret; 1749 1750 /* Initialize generic netlink and nl80211 */ 1751 1752 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 1753 if (drv->nl_cb == NULL) { 1754 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1755 "callbacks"); 1756 goto err1; 1757 } 1758 1759 drv->nl_handle = nl80211_handle_alloc(drv->nl_cb); 1760 if (drv->nl_handle == NULL) { 1761 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1762 "callbacks"); 1763 goto err2; 1764 } 1765 1766 drv->nl_handle_event = nl80211_handle_alloc(drv->nl_cb); 1767 if (drv->nl_handle_event == NULL) { 1768 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1769 "callbacks (event)"); 1770 goto err2b; 1771 } 1772 1773 if (genl_connect(drv->nl_handle)) { 1774 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 1775 "netlink"); 1776 goto err3; 1777 } 1778 1779 if (genl_connect(drv->nl_handle_event)) { 1780 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 1781 "netlink (event)"); 1782 goto err3; 1783 } 1784 1785#ifdef CONFIG_LIBNL20 1786 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) { 1787 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1788 "netlink cache"); 1789 goto err3; 1790 } 1791 if (genl_ctrl_alloc_cache(drv->nl_handle_event, &drv->nl_cache_event) < 1792 0) { 1793 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1794 "netlink cache (event)"); 1795 goto err3b; 1796 } 1797#else /* CONFIG_LIBNL20 */ 1798 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle); 1799 if (drv->nl_cache == NULL) { 1800 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1801 "netlink cache"); 1802 goto err3; 1803 } 1804 drv->nl_cache_event = genl_ctrl_alloc_cache(drv->nl_handle_event); 1805 if (drv->nl_cache_event == NULL) { 1806 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1807 "netlink cache (event)"); 1808 goto err3b; 1809 } 1810#endif /* CONFIG_LIBNL20 */ 1811 1812 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211"); 1813 if (drv->nl80211 == NULL) { 1814 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 1815 "found"); 1816 goto err4; 1817 } 1818 1819 ret = nl_get_multicast_id(drv, "nl80211", "scan"); 1820 if (ret >= 0) 1821 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1822 if (ret < 0) { 1823 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 1824 "membership for scan events: %d (%s)", 1825 ret, strerror(-ret)); 1826 goto err4; 1827 } 1828 1829 ret = nl_get_multicast_id(drv, "nl80211", "mlme"); 1830 if (ret >= 0) 1831 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1832 if (ret < 0) { 1833 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 1834 "membership for mlme events: %d (%s)", 1835 ret, strerror(-ret)); 1836 goto err4; 1837 } 1838 1839 ret = nl_get_multicast_id(drv, "nl80211", "regulatory"); 1840 if (ret >= 0) 1841 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1842 if (ret < 0) { 1843 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 1844 "membership for regulatory events: %d (%s)", 1845 ret, strerror(-ret)); 1846 /* Continue without regulatory events */ 1847 } 1848 1849 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_event), 1850 wpa_driver_nl80211_event_receive, drv, 1851 drv->nl_handle_event); 1852 1853 return 0; 1854 1855err4: 1856 nl_cache_free(drv->nl_cache_event); 1857err3b: 1858 nl_cache_free(drv->nl_cache); 1859err3: 1860 nl80211_handle_destroy(drv->nl_handle_event); 1861err2b: 1862 nl80211_handle_destroy(drv->nl_handle); 1863err2: 1864 nl_cb_put(drv->nl_cb); 1865err1: 1866 return -1; 1867} 1868 1869 1870static void wpa_driver_nl80211_rfkill_blocked(void *ctx) 1871{ 1872 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); 1873 /* 1874 * This may be for any interface; use ifdown event to disable 1875 * interface. 1876 */ 1877} 1878 1879 1880static void wpa_driver_nl80211_rfkill_unblocked(void *ctx) 1881{ 1882 struct wpa_driver_nl80211_data *drv = ctx; 1883 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked"); 1884 if (linux_set_iface_flags(drv->ioctl_sock, drv->first_bss.ifname, 1)) { 1885 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP " 1886 "after rfkill unblock"); 1887 return; 1888 } 1889 /* rtnetlink ifup handler will report interface as enabled */ 1890} 1891 1892 1893static void nl80211_get_phy_name(struct wpa_driver_nl80211_data *drv) 1894{ 1895 /* Find phy (radio) to which this interface belongs */ 1896 char buf[90], *pos; 1897 int f, rv; 1898 1899 drv->phyname[0] = '\0'; 1900 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name", 1901 drv->first_bss.ifname); 1902 f = open(buf, O_RDONLY); 1903 if (f < 0) { 1904 wpa_printf(MSG_DEBUG, "Could not open file %s: %s", 1905 buf, strerror(errno)); 1906 return; 1907 } 1908 1909 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1); 1910 close(f); 1911 if (rv < 0) { 1912 wpa_printf(MSG_DEBUG, "Could not read file %s: %s", 1913 buf, strerror(errno)); 1914 return; 1915 } 1916 1917 drv->phyname[rv] = '\0'; 1918 pos = os_strchr(drv->phyname, '\n'); 1919 if (pos) 1920 *pos = '\0'; 1921 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s", 1922 drv->first_bss.ifname, drv->phyname); 1923} 1924 1925 1926/** 1927 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 1928 * @ctx: context to be used when calling wpa_supplicant functions, 1929 * e.g., wpa_supplicant_event() 1930 * @ifname: interface name, e.g., wlan0 1931 * @global_priv: private driver global data from global_init() 1932 * Returns: Pointer to private data, %NULL on failure 1933 */ 1934static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, 1935 void *global_priv) 1936{ 1937 struct wpa_driver_nl80211_data *drv; 1938 struct netlink_config *cfg; 1939 struct rfkill_config *rcfg; 1940 struct i802_bss *bss; 1941 1942 drv = os_zalloc(sizeof(*drv)); 1943 if (drv == NULL) 1944 return NULL; 1945 drv->global = global_priv; 1946 drv->ctx = ctx; 1947 bss = &drv->first_bss; 1948 bss->drv = drv; 1949 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 1950 drv->monitor_ifidx = -1; 1951 drv->monitor_sock = -1; 1952 drv->ioctl_sock = -1; 1953 1954 if (wpa_driver_nl80211_init_nl(drv)) { 1955 os_free(drv); 1956 return NULL; 1957 } 1958 1959 nl80211_get_phy_name(drv); 1960 1961 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 1962 if (drv->ioctl_sock < 0) { 1963 perror("socket(PF_INET,SOCK_DGRAM)"); 1964 goto failed; 1965 } 1966 1967 cfg = os_zalloc(sizeof(*cfg)); 1968 if (cfg == NULL) 1969 goto failed; 1970 cfg->ctx = drv; 1971 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 1972 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 1973 drv->netlink = netlink_init(cfg); 1974 if (drv->netlink == NULL) { 1975 os_free(cfg); 1976 goto failed; 1977 } 1978 1979 rcfg = os_zalloc(sizeof(*rcfg)); 1980 if (rcfg == NULL) 1981 goto failed; 1982 rcfg->ctx = drv; 1983 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 1984 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked; 1985 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked; 1986 drv->rfkill = rfkill_init(rcfg); 1987 if (drv->rfkill == NULL) { 1988 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available"); 1989 os_free(rcfg); 1990 } 1991 1992 if (wpa_driver_nl80211_finish_drv_init(drv)) 1993 goto failed; 1994 1995 if (drv->global) 1996 dl_list_add(&drv->global->interfaces, &drv->list); 1997 1998 return bss; 1999 2000failed: 2001 rfkill_deinit(drv->rfkill); 2002 netlink_deinit(drv->netlink); 2003 if (drv->ioctl_sock >= 0) 2004 close(drv->ioctl_sock); 2005 2006 genl_family_put(drv->nl80211); 2007 nl_cache_free(drv->nl_cache); 2008 nl80211_handle_destroy(drv->nl_handle); 2009 nl_cb_put(drv->nl_cb); 2010 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 2011 2012 os_free(drv); 2013 return NULL; 2014} 2015 2016 2017static int nl80211_register_frame(struct wpa_driver_nl80211_data *drv, 2018 struct nl_handle *nl_handle, 2019 u16 type, const u8 *match, size_t match_len) 2020{ 2021 struct nl_msg *msg; 2022 int ret = -1; 2023 2024 msg = nlmsg_alloc(); 2025 if (!msg) 2026 return -1; 2027 2028 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 2029 NL80211_CMD_REGISTER_ACTION, 0); 2030 2031 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2032 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type); 2033 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 2034 2035 ret = send_and_recv(drv, nl_handle, msg, NULL, NULL); 2036 msg = NULL; 2037 if (ret) { 2038 wpa_printf(MSG_DEBUG, "nl80211: Register frame command " 2039 "failed (type=%u): ret=%d (%s)", 2040 type, ret, strerror(-ret)); 2041 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 2042 match, match_len); 2043 goto nla_put_failure; 2044 } 2045 ret = 0; 2046nla_put_failure: 2047 nlmsg_free(msg); 2048 return ret; 2049} 2050 2051 2052static int nl80211_register_action_frame(struct wpa_driver_nl80211_data *drv, 2053 const u8 *match, size_t match_len) 2054{ 2055 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4); 2056 return nl80211_register_frame(drv, drv->nl_handle_event, 2057 type, match, match_len); 2058} 2059 2060 2061static int nl80211_register_action_frames(struct wpa_driver_nl80211_data *drv) 2062{ 2063#ifdef CONFIG_P2P 2064 /* GAS Initial Request */ 2065 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0a", 2) < 0) 2066 return -1; 2067 /* GAS Initial Response */ 2068 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0b", 2) < 0) 2069 return -1; 2070 /* GAS Comeback Request */ 2071 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0c", 2) < 0) 2072 return -1; 2073 /* GAS Comeback Response */ 2074 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0d", 2) < 0) 2075 return -1; 2076 /* P2P Public Action */ 2077 if (nl80211_register_action_frame(drv, 2078 (u8 *) "\x04\x09\x50\x6f\x9a\x09", 2079 6) < 0) 2080 return -1; 2081 /* P2P Action */ 2082 if (nl80211_register_action_frame(drv, 2083 (u8 *) "\x7f\x50\x6f\x9a\x09", 2084 5) < 0) 2085 return -1; 2086#endif /* CONFIG_P2P */ 2087#ifdef CONFIG_IEEE80211W 2088 /* SA Query Response */ 2089 if (nl80211_register_action_frame(drv, (u8 *) "\x08\x01", 2) < 0) 2090 return -1; 2091#endif /* CONFIG_IEEE80211W */ 2092 2093 /* FT Action frames */ 2094 if (nl80211_register_action_frame(drv, (u8 *) "\x06", 1) < 0) 2095 return -1; 2096 else 2097 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 2098 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 2099 2100 return 0; 2101} 2102 2103 2104static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx) 2105{ 2106 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 2107} 2108 2109 2110static int 2111wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv) 2112{ 2113 struct i802_bss *bss = &drv->first_bss; 2114 int send_rfkill_event = 0; 2115 2116 drv->ifindex = if_nametoindex(bss->ifname); 2117 drv->first_bss.ifindex = drv->ifindex; 2118 2119#ifndef HOSTAPD 2120 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA) < 0) { 2121 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to " 2122 "use managed mode"); 2123 } 2124 2125 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) { 2126 if (rfkill_is_blocked(drv->rfkill)) { 2127 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable " 2128 "interface '%s' due to rfkill", 2129 bss->ifname); 2130 drv->if_disabled = 1; 2131 send_rfkill_event = 1; 2132 } else { 2133 wpa_printf(MSG_ERROR, "nl80211: Could not set " 2134 "interface '%s' UP", bss->ifname); 2135 return -1; 2136 } 2137 } 2138 2139 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 2140 1, IF_OPER_DORMANT); 2141#endif /* HOSTAPD */ 2142 2143 if (wpa_driver_nl80211_capa(drv)) 2144 return -1; 2145 2146 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, drv->addr)) 2147 return -1; 2148 2149 if (nl80211_register_action_frames(drv) < 0) { 2150 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 2151 "frame processing - ignore for now"); 2152 /* 2153 * Older kernel versions did not support this, so ignore the 2154 * error for now. Some functionality may not be available 2155 * because of this. 2156 */ 2157 } 2158 2159 if (send_rfkill_event) { 2160 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill, 2161 drv, drv->ctx); 2162 } 2163 2164 return 0; 2165} 2166 2167 2168static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 2169{ 2170 struct nl_msg *msg; 2171 2172 msg = nlmsg_alloc(); 2173 if (!msg) 2174 return -ENOMEM; 2175 2176 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2177 0, NL80211_CMD_DEL_BEACON, 0); 2178 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2179 2180 return send_and_recv_msgs(drv, msg, NULL, NULL); 2181 nla_put_failure: 2182 return -ENOBUFS; 2183} 2184 2185 2186/** 2187 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 2188 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init() 2189 * 2190 * Shut down driver interface and processing of driver events. Free 2191 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 2192 */ 2193static void wpa_driver_nl80211_deinit(void *priv) 2194{ 2195 struct i802_bss *bss = priv; 2196 struct wpa_driver_nl80211_data *drv = bss->drv; 2197 2198 if (drv->nl_handle_preq) 2199 wpa_driver_nl80211_probe_req_report(bss, 0); 2200 if (bss->added_if_into_bridge) { 2201 if (linux_br_del_if(drv->ioctl_sock, bss->brname, bss->ifname) 2202 < 0) 2203 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 2204 "interface %s from bridge %s: %s", 2205 bss->ifname, bss->brname, strerror(errno)); 2206 } 2207 if (bss->added_bridge) { 2208 if (linux_br_del(drv->ioctl_sock, bss->brname) < 0) 2209 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 2210 "bridge %s: %s", 2211 bss->brname, strerror(errno)); 2212 } 2213 2214 nl80211_remove_monitor_interface(drv); 2215 2216 if (drv->nlmode == NL80211_IFTYPE_AP) 2217 wpa_driver_nl80211_del_beacon(drv); 2218 2219#ifdef HOSTAPD 2220 if (drv->last_freq_ht) { 2221 /* Clear HT flags from the driver */ 2222 struct hostapd_freq_params freq; 2223 os_memset(&freq, 0, sizeof(freq)); 2224 freq.freq = drv->last_freq; 2225 i802_set_freq(priv, &freq); 2226 } 2227 2228 if (drv->eapol_sock >= 0) { 2229 eloop_unregister_read_sock(drv->eapol_sock); 2230 close(drv->eapol_sock); 2231 } 2232 2233 if (drv->if_indices != drv->default_if_indices) 2234 os_free(drv->if_indices); 2235#endif /* HOSTAPD */ 2236 2237 if (drv->disable_11b_rates) 2238 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 2239 2240 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP); 2241 netlink_deinit(drv->netlink); 2242 rfkill_deinit(drv->rfkill); 2243 2244 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 2245 2246 (void) linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0); 2247 wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA); 2248 2249 if (drv->ioctl_sock >= 0) 2250 close(drv->ioctl_sock); 2251 2252 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 2253 genl_family_put(drv->nl80211); 2254 nl_cache_free(drv->nl_cache); 2255 nl_cache_free(drv->nl_cache_event); 2256 nl80211_handle_destroy(drv->nl_handle); 2257 nl80211_handle_destroy(drv->nl_handle_event); 2258 nl_cb_put(drv->nl_cb); 2259 2260 os_free(drv->filter_ssids); 2261 2262 if (drv->global) 2263 dl_list_del(&drv->list); 2264 2265 os_free(drv); 2266} 2267 2268 2269/** 2270 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 2271 * @eloop_ctx: Driver private data 2272 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 2273 * 2274 * This function can be used as registered timeout when starting a scan to 2275 * generate a scan completed event if the driver does not report this. 2276 */ 2277static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 2278{ 2279 struct wpa_driver_nl80211_data *drv = eloop_ctx; 2280 if (drv->ap_scan_as_station) { 2281 wpa_driver_nl80211_set_mode(&drv->first_bss, 2282 IEEE80211_MODE_AP); 2283 drv->ap_scan_as_station = 0; 2284 } 2285 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 2286 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 2287} 2288 2289 2290/** 2291 * wpa_driver_nl80211_scan - Request the driver to initiate scan 2292 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 2293 * @params: Scan parameters 2294 * Returns: 0 on success, -1 on failure 2295 */ 2296static int wpa_driver_nl80211_scan(void *priv, 2297 struct wpa_driver_scan_params *params) 2298{ 2299 struct i802_bss *bss = priv; 2300 struct wpa_driver_nl80211_data *drv = bss->drv; 2301 int ret = 0, timeout; 2302 struct nl_msg *msg, *ssids, *freqs; 2303 size_t i; 2304 2305 msg = nlmsg_alloc(); 2306 ssids = nlmsg_alloc(); 2307 freqs = nlmsg_alloc(); 2308 if (!msg || !ssids || !freqs) { 2309 nlmsg_free(msg); 2310 nlmsg_free(ssids); 2311 nlmsg_free(freqs); 2312 return -1; 2313 } 2314 2315 os_free(drv->filter_ssids); 2316 drv->filter_ssids = params->filter_ssids; 2317 params->filter_ssids = NULL; 2318 drv->num_filter_ssids = params->num_filter_ssids; 2319 2320 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 2321 NL80211_CMD_TRIGGER_SCAN, 0); 2322 2323 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2324 2325 for (i = 0; i < params->num_ssids; i++) { 2326 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 2327 params->ssids[i].ssid, 2328 params->ssids[i].ssid_len); 2329 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len, 2330 params->ssids[i].ssid); 2331 } 2332 if (params->num_ssids) 2333 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids); 2334 2335 if (params->extra_ies) { 2336 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan extra IEs", 2337 params->extra_ies, params->extra_ies_len); 2338 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len, 2339 params->extra_ies); 2340 } 2341 2342 if (params->freqs) { 2343 for (i = 0; params->freqs[i]; i++) { 2344 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 2345 "MHz", params->freqs[i]); 2346 NLA_PUT_U32(freqs, i + 1, params->freqs[i]); 2347 } 2348 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs); 2349 } 2350 2351 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2352 msg = NULL; 2353 if (ret) { 2354 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 2355 "(%s)", ret, strerror(-ret)); 2356#ifdef HOSTAPD 2357 if (drv->nlmode == NL80211_IFTYPE_AP) { 2358 /* 2359 * mac80211 does not allow scan requests in AP mode, so 2360 * try to do this in station mode. 2361 */ 2362 if (wpa_driver_nl80211_set_mode(bss, 2363 IEEE80211_MODE_INFRA)) 2364 goto nla_put_failure; 2365 2366 if (wpa_driver_nl80211_scan(drv, params)) { 2367 wpa_driver_nl80211_set_mode(bss, 2368 IEEE80211_MODE_AP); 2369 goto nla_put_failure; 2370 } 2371 2372 /* Restore AP mode when processing scan results */ 2373 drv->ap_scan_as_station = 1; 2374 ret = 0; 2375 } else 2376 goto nla_put_failure; 2377#else /* HOSTAPD */ 2378 goto nla_put_failure; 2379#endif /* HOSTAPD */ 2380 } 2381 2382 /* Not all drivers generate "scan completed" wireless event, so try to 2383 * read results after a timeout. */ 2384 timeout = 10; 2385 if (drv->scan_complete_events) { 2386 /* 2387 * The driver seems to deliver events to notify when scan is 2388 * complete, so use longer timeout to avoid race conditions 2389 * with scanning and following association request. 2390 */ 2391 timeout = 30; 2392 } 2393 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 2394 "seconds", ret, timeout); 2395 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 2396 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 2397 drv, drv->ctx); 2398 2399nla_put_failure: 2400 nlmsg_free(ssids); 2401 nlmsg_free(msg); 2402 nlmsg_free(freqs); 2403 return ret; 2404} 2405 2406 2407static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 2408{ 2409 const u8 *end, *pos; 2410 2411 if (ies == NULL) 2412 return NULL; 2413 2414 pos = ies; 2415 end = ies + ies_len; 2416 2417 while (pos + 1 < end) { 2418 if (pos + 2 + pos[1] > end) 2419 break; 2420 if (pos[0] == ie) 2421 return pos; 2422 pos += 2 + pos[1]; 2423 } 2424 2425 return NULL; 2426} 2427 2428 2429static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 2430 const u8 *ie, size_t ie_len) 2431{ 2432 const u8 *ssid; 2433 size_t i; 2434 2435 if (drv->filter_ssids == NULL) 2436 return 0; 2437 2438 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 2439 if (ssid == NULL) 2440 return 1; 2441 2442 for (i = 0; i < drv->num_filter_ssids; i++) { 2443 if (ssid[1] == drv->filter_ssids[i].ssid_len && 2444 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 2445 0) 2446 return 0; 2447 } 2448 2449 return 1; 2450} 2451 2452 2453static int bss_info_handler(struct nl_msg *msg, void *arg) 2454{ 2455 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2456 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2457 struct nlattr *bss[NL80211_BSS_MAX + 1]; 2458 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 2459 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 2460 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 2461 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 2462 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 2463 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 2464 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 2465 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 2466 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 2467 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 2468 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 2469 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 2470 }; 2471 struct nl80211_bss_info_arg *_arg = arg; 2472 struct wpa_scan_results *res = _arg->res; 2473 struct wpa_scan_res **tmp; 2474 struct wpa_scan_res *r; 2475 const u8 *ie, *beacon_ie; 2476 size_t ie_len, beacon_ie_len; 2477 u8 *pos; 2478 size_t i; 2479 2480 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2481 genlmsg_attrlen(gnlh, 0), NULL); 2482 if (!tb[NL80211_ATTR_BSS]) 2483 return NL_SKIP; 2484 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 2485 bss_policy)) 2486 return NL_SKIP; 2487 if (bss[NL80211_BSS_STATUS]) { 2488 enum nl80211_bss_status status; 2489 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 2490 if (status == NL80211_BSS_STATUS_ASSOCIATED && 2491 bss[NL80211_BSS_FREQUENCY]) { 2492 _arg->assoc_freq = 2493 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 2494 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz", 2495 _arg->assoc_freq); 2496 } 2497 } 2498 if (!res) 2499 return NL_SKIP; 2500 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 2501 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 2502 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 2503 } else { 2504 ie = NULL; 2505 ie_len = 0; 2506 } 2507 if (bss[NL80211_BSS_BEACON_IES]) { 2508 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 2509 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 2510 } else { 2511 beacon_ie = NULL; 2512 beacon_ie_len = 0; 2513 } 2514 2515 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 2516 ie ? ie_len : beacon_ie_len)) 2517 return NL_SKIP; 2518 2519 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 2520 if (r == NULL) 2521 return NL_SKIP; 2522 if (bss[NL80211_BSS_BSSID]) 2523 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 2524 ETH_ALEN); 2525 if (bss[NL80211_BSS_FREQUENCY]) 2526 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 2527 if (bss[NL80211_BSS_BEACON_INTERVAL]) 2528 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 2529 if (bss[NL80211_BSS_CAPABILITY]) 2530 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 2531 r->flags |= WPA_SCAN_NOISE_INVALID; 2532 if (bss[NL80211_BSS_SIGNAL_MBM]) { 2533 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 2534 r->level /= 100; /* mBm to dBm */ 2535 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 2536 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 2537 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 2538 r->flags |= WPA_SCAN_LEVEL_INVALID; 2539 } else 2540 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 2541 if (bss[NL80211_BSS_TSF]) 2542 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 2543 if (bss[NL80211_BSS_SEEN_MS_AGO]) 2544 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 2545 r->ie_len = ie_len; 2546 pos = (u8 *) (r + 1); 2547 if (ie) { 2548 os_memcpy(pos, ie, ie_len); 2549 pos += ie_len; 2550 } 2551 r->beacon_ie_len = beacon_ie_len; 2552 if (beacon_ie) 2553 os_memcpy(pos, beacon_ie, beacon_ie_len); 2554 2555 if (bss[NL80211_BSS_STATUS]) { 2556 enum nl80211_bss_status status; 2557 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 2558 switch (status) { 2559 case NL80211_BSS_STATUS_AUTHENTICATED: 2560 r->flags |= WPA_SCAN_AUTHENTICATED; 2561 break; 2562 case NL80211_BSS_STATUS_ASSOCIATED: 2563 r->flags |= WPA_SCAN_ASSOCIATED; 2564 break; 2565 default: 2566 break; 2567 } 2568 } 2569 2570 /* 2571 * cfg80211 maintains separate BSS table entries for APs if the same 2572 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does 2573 * not use frequency as a separate key in the BSS table, so filter out 2574 * duplicated entries. Prefer associated BSS entry in such a case in 2575 * order to get the correct frequency into the BSS table. 2576 */ 2577 for (i = 0; i < res->num; i++) { 2578 const u8 *s1, *s2; 2579 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0) 2580 continue; 2581 2582 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1), 2583 res->res[i]->ie_len, WLAN_EID_SSID); 2584 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID); 2585 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] || 2586 os_memcmp(s1, s2, 2 + s1[1]) != 0) 2587 continue; 2588 2589 /* Same BSSID,SSID was already included in scan results */ 2590 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result " 2591 "for " MACSTR, MAC2STR(r->bssid)); 2592 2593 if ((r->flags & WPA_SCAN_ASSOCIATED) && 2594 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) { 2595 os_free(res->res[i]); 2596 res->res[i] = r; 2597 } else 2598 os_free(r); 2599 return NL_SKIP; 2600 } 2601 2602 tmp = os_realloc(res->res, 2603 (res->num + 1) * sizeof(struct wpa_scan_res *)); 2604 if (tmp == NULL) { 2605 os_free(r); 2606 return NL_SKIP; 2607 } 2608 tmp[res->num++] = r; 2609 res->res = tmp; 2610 2611 return NL_SKIP; 2612} 2613 2614 2615static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 2616 const u8 *addr) 2617{ 2618 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 2619 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 2620 "mismatch (" MACSTR ")", MAC2STR(addr)); 2621 wpa_driver_nl80211_mlme(drv, addr, 2622 NL80211_CMD_DEAUTHENTICATE, 2623 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 2624 } 2625} 2626 2627 2628static void wpa_driver_nl80211_check_bss_status( 2629 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 2630{ 2631 size_t i; 2632 2633 for (i = 0; i < res->num; i++) { 2634 struct wpa_scan_res *r = res->res[i]; 2635 if (r->flags & WPA_SCAN_AUTHENTICATED) { 2636 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 2637 "indicates BSS status with " MACSTR 2638 " as authenticated", 2639 MAC2STR(r->bssid)); 2640 if (drv->nlmode == NL80211_IFTYPE_STATION && 2641 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 2642 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 2643 0) { 2644 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 2645 " in local state (auth=" MACSTR 2646 " assoc=" MACSTR ")", 2647 MAC2STR(drv->auth_bssid), 2648 MAC2STR(drv->bssid)); 2649 clear_state_mismatch(drv, r->bssid); 2650 } 2651 } 2652 2653 if (r->flags & WPA_SCAN_ASSOCIATED) { 2654 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 2655 "indicate BSS status with " MACSTR 2656 " as associated", 2657 MAC2STR(r->bssid)); 2658 if (drv->nlmode == NL80211_IFTYPE_STATION && 2659 !drv->associated) { 2660 wpa_printf(MSG_DEBUG, "nl80211: Local state " 2661 "(not associated) does not match " 2662 "with BSS state"); 2663 clear_state_mismatch(drv, r->bssid); 2664 } else if (drv->nlmode == NL80211_IFTYPE_STATION && 2665 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 2666 0) { 2667 wpa_printf(MSG_DEBUG, "nl80211: Local state " 2668 "(associated with " MACSTR ") does " 2669 "not match with BSS state", 2670 MAC2STR(drv->bssid)); 2671 clear_state_mismatch(drv, r->bssid); 2672 clear_state_mismatch(drv, drv->bssid); 2673 } 2674 } 2675 } 2676} 2677 2678 2679static void wpa_scan_results_free(struct wpa_scan_results *res) 2680{ 2681 size_t i; 2682 2683 if (res == NULL) 2684 return; 2685 2686 for (i = 0; i < res->num; i++) 2687 os_free(res->res[i]); 2688 os_free(res->res); 2689 os_free(res); 2690} 2691 2692 2693static struct wpa_scan_results * 2694nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 2695{ 2696 struct nl_msg *msg; 2697 struct wpa_scan_results *res; 2698 int ret; 2699 struct nl80211_bss_info_arg arg; 2700 2701 res = os_zalloc(sizeof(*res)); 2702 if (res == NULL) 2703 return NULL; 2704 msg = nlmsg_alloc(); 2705 if (!msg) 2706 goto nla_put_failure; 2707 2708 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP, 2709 NL80211_CMD_GET_SCAN, 0); 2710 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2711 2712 arg.drv = drv; 2713 arg.res = res; 2714 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 2715 msg = NULL; 2716 if (ret == 0) { 2717 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)", 2718 (unsigned long) res->num); 2719 return res; 2720 } 2721 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 2722 "(%s)", ret, strerror(-ret)); 2723nla_put_failure: 2724 nlmsg_free(msg); 2725 wpa_scan_results_free(res); 2726 return NULL; 2727} 2728 2729 2730/** 2731 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 2732 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 2733 * Returns: Scan results on success, -1 on failure 2734 */ 2735static struct wpa_scan_results * 2736wpa_driver_nl80211_get_scan_results(void *priv) 2737{ 2738 struct i802_bss *bss = priv; 2739 struct wpa_driver_nl80211_data *drv = bss->drv; 2740 struct wpa_scan_results *res; 2741 2742 res = nl80211_get_scan_results(drv); 2743 if (res) 2744 wpa_driver_nl80211_check_bss_status(drv, res); 2745 return res; 2746} 2747 2748 2749static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 2750{ 2751 struct wpa_scan_results *res; 2752 size_t i; 2753 2754 res = nl80211_get_scan_results(drv); 2755 if (res == NULL) { 2756 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 2757 return; 2758 } 2759 2760 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 2761 for (i = 0; i < res->num; i++) { 2762 struct wpa_scan_res *r = res->res[i]; 2763 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 2764 (int) i, (int) res->num, MAC2STR(r->bssid), 2765 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 2766 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 2767 } 2768 2769 wpa_scan_results_free(res); 2770} 2771 2772 2773static int wpa_driver_nl80211_set_key(const char *ifname, void *priv, 2774 enum wpa_alg alg, const u8 *addr, 2775 int key_idx, int set_tx, 2776 const u8 *seq, size_t seq_len, 2777 const u8 *key, size_t key_len) 2778{ 2779 struct i802_bss *bss = priv; 2780 struct wpa_driver_nl80211_data *drv = bss->drv; 2781 int ifindex = if_nametoindex(ifname); 2782 struct nl_msg *msg; 2783 int ret; 2784 2785 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d " 2786 "set_tx=%d seq_len=%lu key_len=%lu", 2787 __func__, ifindex, alg, addr, key_idx, set_tx, 2788 (unsigned long) seq_len, (unsigned long) key_len); 2789 2790 msg = nlmsg_alloc(); 2791 if (!msg) 2792 return -ENOMEM; 2793 2794 if (alg == WPA_ALG_NONE) { 2795 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2796 0, NL80211_CMD_DEL_KEY, 0); 2797 } else { 2798 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2799 0, NL80211_CMD_NEW_KEY, 0); 2800 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 2801 switch (alg) { 2802 case WPA_ALG_WEP: 2803 if (key_len == 5) 2804 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2805 WLAN_CIPHER_SUITE_WEP40); 2806 else 2807 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2808 WLAN_CIPHER_SUITE_WEP104); 2809 break; 2810 case WPA_ALG_TKIP: 2811 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2812 WLAN_CIPHER_SUITE_TKIP); 2813 break; 2814 case WPA_ALG_CCMP: 2815 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2816 WLAN_CIPHER_SUITE_CCMP); 2817 break; 2818 case WPA_ALG_IGTK: 2819 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2820 WLAN_CIPHER_SUITE_AES_CMAC); 2821 break; 2822 default: 2823 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 2824 "algorithm %d", __func__, alg); 2825 nlmsg_free(msg); 2826 return -1; 2827 } 2828 } 2829 2830 if (seq && seq_len) 2831 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 2832 2833 if (addr && !is_broadcast_ether_addr(addr)) { 2834 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 2835 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 2836 2837 if (alg != WPA_ALG_WEP && key_idx && !set_tx) { 2838 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK"); 2839 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, 2840 NL80211_KEYTYPE_GROUP); 2841 } 2842 } else if (addr && is_broadcast_ether_addr(addr)) { 2843 struct nl_msg *types; 2844 int err; 2845 wpa_printf(MSG_DEBUG, " broadcast key"); 2846 types = nlmsg_alloc(); 2847 if (!types) 2848 goto nla_put_failure; 2849 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 2850 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 2851 types); 2852 nlmsg_free(types); 2853 if (err) 2854 goto nla_put_failure; 2855 } 2856 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 2857 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 2858 2859 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2860 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 2861 ret = 0; 2862 if (ret) 2863 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 2864 ret, strerror(-ret)); 2865 2866 /* 2867 * If we failed or don't need to set the default TX key (below), 2868 * we're done here. 2869 */ 2870 if (ret || !set_tx || alg == WPA_ALG_NONE) 2871 return ret; 2872 if (drv->nlmode == NL80211_IFTYPE_AP && addr && 2873 !is_broadcast_ether_addr(addr)) 2874 return ret; 2875 2876 msg = nlmsg_alloc(); 2877 if (!msg) 2878 return -ENOMEM; 2879 2880 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2881 0, NL80211_CMD_SET_KEY, 0); 2882 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 2883 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 2884 if (alg == WPA_ALG_IGTK) 2885 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 2886 else 2887 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 2888 if (addr && is_broadcast_ether_addr(addr)) { 2889 struct nl_msg *types; 2890 int err; 2891 types = nlmsg_alloc(); 2892 if (!types) 2893 goto nla_put_failure; 2894 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 2895 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 2896 types); 2897 nlmsg_free(types); 2898 if (err) 2899 goto nla_put_failure; 2900 } else if (addr) { 2901 struct nl_msg *types; 2902 int err; 2903 types = nlmsg_alloc(); 2904 if (!types) 2905 goto nla_put_failure; 2906 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_UNICAST); 2907 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 2908 types); 2909 nlmsg_free(types); 2910 if (err) 2911 goto nla_put_failure; 2912 } 2913 2914 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2915 if (ret == -ENOENT) 2916 ret = 0; 2917 if (ret) 2918 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 2919 "err=%d %s)", ret, strerror(-ret)); 2920 return ret; 2921 2922nla_put_failure: 2923 return -ENOBUFS; 2924} 2925 2926 2927static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 2928 int key_idx, int defkey, 2929 const u8 *seq, size_t seq_len, 2930 const u8 *key, size_t key_len) 2931{ 2932 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 2933 if (!key_attr) 2934 return -1; 2935 2936 if (defkey && alg == WPA_ALG_IGTK) 2937 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 2938 else if (defkey) 2939 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 2940 2941 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 2942 2943 switch (alg) { 2944 case WPA_ALG_WEP: 2945 if (key_len == 5) 2946 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2947 WLAN_CIPHER_SUITE_WEP40); 2948 else 2949 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2950 WLAN_CIPHER_SUITE_WEP104); 2951 break; 2952 case WPA_ALG_TKIP: 2953 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP); 2954 break; 2955 case WPA_ALG_CCMP: 2956 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP); 2957 break; 2958 case WPA_ALG_IGTK: 2959 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2960 WLAN_CIPHER_SUITE_AES_CMAC); 2961 break; 2962 default: 2963 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 2964 "algorithm %d", __func__, alg); 2965 return -1; 2966 } 2967 2968 if (seq && seq_len) 2969 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 2970 2971 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 2972 2973 nla_nest_end(msg, key_attr); 2974 2975 return 0; 2976 nla_put_failure: 2977 return -1; 2978} 2979 2980 2981static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 2982 struct nl_msg *msg) 2983{ 2984 int i, privacy = 0; 2985 struct nlattr *nl_keys, *nl_key; 2986 2987 for (i = 0; i < 4; i++) { 2988 if (!params->wep_key[i]) 2989 continue; 2990 privacy = 1; 2991 break; 2992 } 2993 if (params->wps == WPS_MODE_PRIVACY) 2994 privacy = 1; 2995 if (params->pairwise_suite && 2996 params->pairwise_suite != WPA_CIPHER_NONE) 2997 privacy = 1; 2998 2999 if (!privacy) 3000 return 0; 3001 3002 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 3003 3004 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 3005 if (!nl_keys) 3006 goto nla_put_failure; 3007 3008 for (i = 0; i < 4; i++) { 3009 if (!params->wep_key[i]) 3010 continue; 3011 3012 nl_key = nla_nest_start(msg, i); 3013 if (!nl_key) 3014 goto nla_put_failure; 3015 3016 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 3017 params->wep_key[i]); 3018 if (params->wep_key_len[i] == 5) 3019 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 3020 WLAN_CIPHER_SUITE_WEP40); 3021 else 3022 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 3023 WLAN_CIPHER_SUITE_WEP104); 3024 3025 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 3026 3027 if (i == params->wep_tx_keyidx) 3028 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 3029 3030 nla_nest_end(msg, nl_key); 3031 } 3032 nla_nest_end(msg, nl_keys); 3033 3034 return 0; 3035 3036nla_put_failure: 3037 return -ENOBUFS; 3038} 3039 3040 3041static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 3042 const u8 *addr, int cmd, u16 reason_code, 3043 int local_state_change) 3044{ 3045 int ret = -1; 3046 struct nl_msg *msg; 3047 3048 msg = nlmsg_alloc(); 3049 if (!msg) 3050 return -1; 3051 3052 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0); 3053 3054 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3055 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 3056 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 3057 if (local_state_change) 3058 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 3059 3060 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3061 msg = NULL; 3062 if (ret) { 3063 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 3064 "(%s)", ret, strerror(-ret)); 3065 goto nla_put_failure; 3066 } 3067 ret = 0; 3068 3069nla_put_failure: 3070 nlmsg_free(msg); 3071 return ret; 3072} 3073 3074 3075static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 3076 const u8 *addr, int reason_code) 3077{ 3078 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 3079 __func__, MAC2STR(addr), reason_code); 3080 drv->associated = 0; 3081 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT, 3082 reason_code, 0); 3083} 3084 3085 3086static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr, 3087 int reason_code) 3088{ 3089 struct i802_bss *bss = priv; 3090 struct wpa_driver_nl80211_data *drv = bss->drv; 3091 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 3092 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 3093 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 3094 __func__, MAC2STR(addr), reason_code); 3095 drv->associated = 0; 3096 if (drv->nlmode == NL80211_IFTYPE_ADHOC) 3097 return nl80211_leave_ibss(drv); 3098 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 3099 reason_code, 0); 3100} 3101 3102 3103static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr, 3104 int reason_code) 3105{ 3106 struct i802_bss *bss = priv; 3107 struct wpa_driver_nl80211_data *drv = bss->drv; 3108 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 3109 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 3110 wpa_printf(MSG_DEBUG, "%s", __func__); 3111 drv->associated = 0; 3112 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE, 3113 reason_code, 0); 3114} 3115 3116 3117static int wpa_driver_nl80211_authenticate( 3118 void *priv, struct wpa_driver_auth_params *params) 3119{ 3120 struct i802_bss *bss = priv; 3121 struct wpa_driver_nl80211_data *drv = bss->drv; 3122 int ret = -1, i; 3123 struct nl_msg *msg; 3124 enum nl80211_auth_type type; 3125 int count = 0; 3126 3127 drv->associated = 0; 3128 os_memset(drv->auth_bssid, 0, ETH_ALEN); 3129 /* FIX: IBSS mode */ 3130 if (drv->nlmode != NL80211_IFTYPE_STATION && 3131 wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA) < 0) 3132 return -1; 3133 3134retry: 3135 msg = nlmsg_alloc(); 3136 if (!msg) 3137 return -1; 3138 3139 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 3140 drv->ifindex); 3141 3142 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3143 NL80211_CMD_AUTHENTICATE, 0); 3144 3145 for (i = 0; i < 4; i++) { 3146 if (!params->wep_key[i]) 3147 continue; 3148 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP, 3149 NULL, i, 3150 i == params->wep_tx_keyidx, NULL, 0, 3151 params->wep_key[i], 3152 params->wep_key_len[i]); 3153 if (params->wep_tx_keyidx != i) 3154 continue; 3155 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 3156 params->wep_key[i], params->wep_key_len[i])) { 3157 nlmsg_free(msg); 3158 return -1; 3159 } 3160 } 3161 3162 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3163 if (params->bssid) { 3164 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 3165 MAC2STR(params->bssid)); 3166 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 3167 } 3168 if (params->freq) { 3169 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 3170 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 3171 } 3172 if (params->ssid) { 3173 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 3174 params->ssid, params->ssid_len); 3175 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 3176 params->ssid); 3177 } 3178 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 3179 if (params->ie) 3180 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 3181 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 3182 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 3183 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 3184 type = NL80211_AUTHTYPE_SHARED_KEY; 3185 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 3186 type = NL80211_AUTHTYPE_NETWORK_EAP; 3187 else if (params->auth_alg & WPA_AUTH_ALG_FT) 3188 type = NL80211_AUTHTYPE_FT; 3189 else 3190 goto nla_put_failure; 3191 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 3192 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 3193 if (params->local_state_change) { 3194 wpa_printf(MSG_DEBUG, " * Local state change only"); 3195 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 3196 } 3197 3198 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3199 msg = NULL; 3200 if (ret) { 3201 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 3202 "(%s)", ret, strerror(-ret)); 3203 count++; 3204 if (ret == -EALREADY && count == 1 && params->bssid && 3205 !params->local_state_change) { 3206 /* 3207 * mac80211 does not currently accept new 3208 * authentication if we are already authenticated. As a 3209 * workaround, force deauthentication and try again. 3210 */ 3211 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 3212 "after forced deauthentication"); 3213 wpa_driver_nl80211_deauthenticate( 3214 bss, params->bssid, 3215 WLAN_REASON_PREV_AUTH_NOT_VALID); 3216 nlmsg_free(msg); 3217 goto retry; 3218 } 3219 goto nla_put_failure; 3220 } 3221 ret = 0; 3222 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 3223 "successfully"); 3224 3225nla_put_failure: 3226 nlmsg_free(msg); 3227 return ret; 3228} 3229 3230 3231struct phy_info_arg { 3232 u16 *num_modes; 3233 struct hostapd_hw_modes *modes; 3234}; 3235 3236static int phy_info_handler(struct nl_msg *msg, void *arg) 3237{ 3238 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3239 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3240 struct phy_info_arg *phy_info = arg; 3241 3242 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 3243 3244 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 3245 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 3246 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 3247 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 3248 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG }, 3249 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG }, 3250 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 3251 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 3252 }; 3253 3254 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 3255 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 3256 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 3257 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG }, 3258 }; 3259 3260 struct nlattr *nl_band; 3261 struct nlattr *nl_freq; 3262 struct nlattr *nl_rate; 3263 int rem_band, rem_freq, rem_rate; 3264 struct hostapd_hw_modes *mode; 3265 int idx, mode_is_set; 3266 3267 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3268 genlmsg_attrlen(gnlh, 0), NULL); 3269 3270 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 3271 return NL_SKIP; 3272 3273 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) { 3274 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode)); 3275 if (!mode) 3276 return NL_SKIP; 3277 phy_info->modes = mode; 3278 3279 mode_is_set = 0; 3280 3281 mode = &phy_info->modes[*(phy_info->num_modes)]; 3282 memset(mode, 0, sizeof(*mode)); 3283 *(phy_info->num_modes) += 1; 3284 3285 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 3286 nla_len(nl_band), NULL); 3287 3288 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) { 3289 mode->ht_capab = nla_get_u16( 3290 tb_band[NL80211_BAND_ATTR_HT_CAPA]); 3291 } 3292 3293 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) { 3294 mode->a_mpdu_params |= nla_get_u8( 3295 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) & 3296 0x03; 3297 } 3298 3299 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) { 3300 mode->a_mpdu_params |= nla_get_u8( 3301 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) << 3302 2; 3303 } 3304 3305 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] && 3306 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) { 3307 u8 *mcs; 3308 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 3309 os_memcpy(mode->mcs_set, mcs, 16); 3310 } 3311 3312 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 3313 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 3314 nla_len(nl_freq), freq_policy); 3315 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 3316 continue; 3317 mode->num_channels++; 3318 } 3319 3320 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data)); 3321 if (!mode->channels) 3322 return NL_SKIP; 3323 3324 idx = 0; 3325 3326 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 3327 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 3328 nla_len(nl_freq), freq_policy); 3329 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 3330 continue; 3331 3332 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 3333 mode->channels[idx].flag = 0; 3334 3335 if (!mode_is_set) { 3336 /* crude heuristic */ 3337 if (mode->channels[idx].freq < 4000) 3338 mode->mode = HOSTAPD_MODE_IEEE80211B; 3339 else 3340 mode->mode = HOSTAPD_MODE_IEEE80211A; 3341 mode_is_set = 1; 3342 } 3343 3344 /* crude heuristic */ 3345 if (mode->channels[idx].freq < 4000) 3346 if (mode->channels[idx].freq == 2484) 3347 mode->channels[idx].chan = 14; 3348 else 3349 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5; 3350 else 3351 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000; 3352 3353 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 3354 mode->channels[idx].flag |= 3355 HOSTAPD_CHAN_DISABLED; 3356 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN]) 3357 mode->channels[idx].flag |= 3358 HOSTAPD_CHAN_PASSIVE_SCAN; 3359 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS]) 3360 mode->channels[idx].flag |= 3361 HOSTAPD_CHAN_NO_IBSS; 3362 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 3363 mode->channels[idx].flag |= 3364 HOSTAPD_CHAN_RADAR; 3365 3366 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] && 3367 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 3368 mode->channels[idx].max_tx_power = 3369 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100; 3370 3371 idx++; 3372 } 3373 3374 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 3375 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 3376 nla_len(nl_rate), rate_policy); 3377 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 3378 continue; 3379 mode->num_rates++; 3380 } 3381 3382 mode->rates = os_zalloc(mode->num_rates * sizeof(int)); 3383 if (!mode->rates) 3384 return NL_SKIP; 3385 3386 idx = 0; 3387 3388 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 3389 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 3390 nla_len(nl_rate), rate_policy); 3391 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 3392 continue; 3393 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]); 3394 3395 /* crude heuristic */ 3396 if (mode->mode == HOSTAPD_MODE_IEEE80211B && 3397 mode->rates[idx] > 200) 3398 mode->mode = HOSTAPD_MODE_IEEE80211G; 3399 3400 idx++; 3401 } 3402 } 3403 3404 return NL_SKIP; 3405} 3406 3407static struct hostapd_hw_modes * 3408wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes) 3409{ 3410 u16 m; 3411 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 3412 int i, mode11g_idx = -1; 3413 3414 /* If only 802.11g mode is included, use it to construct matching 3415 * 802.11b mode data. */ 3416 3417 for (m = 0; m < *num_modes; m++) { 3418 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 3419 return modes; /* 802.11b already included */ 3420 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 3421 mode11g_idx = m; 3422 } 3423 3424 if (mode11g_idx < 0) 3425 return modes; /* 2.4 GHz band not supported at all */ 3426 3427 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes)); 3428 if (nmodes == NULL) 3429 return modes; /* Could not add 802.11b mode */ 3430 3431 mode = &nmodes[*num_modes]; 3432 os_memset(mode, 0, sizeof(*mode)); 3433 (*num_modes)++; 3434 modes = nmodes; 3435 3436 mode->mode = HOSTAPD_MODE_IEEE80211B; 3437 3438 mode11g = &modes[mode11g_idx]; 3439 mode->num_channels = mode11g->num_channels; 3440 mode->channels = os_malloc(mode11g->num_channels * 3441 sizeof(struct hostapd_channel_data)); 3442 if (mode->channels == NULL) { 3443 (*num_modes)--; 3444 return modes; /* Could not add 802.11b mode */ 3445 } 3446 os_memcpy(mode->channels, mode11g->channels, 3447 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 3448 3449 mode->num_rates = 0; 3450 mode->rates = os_malloc(4 * sizeof(int)); 3451 if (mode->rates == NULL) { 3452 os_free(mode->channels); 3453 (*num_modes)--; 3454 return modes; /* Could not add 802.11b mode */ 3455 } 3456 3457 for (i = 0; i < mode11g->num_rates; i++) { 3458 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 3459 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 3460 continue; 3461 mode->rates[mode->num_rates] = mode11g->rates[i]; 3462 mode->num_rates++; 3463 if (mode->num_rates == 4) 3464 break; 3465 } 3466 3467 if (mode->num_rates == 0) { 3468 os_free(mode->channels); 3469 os_free(mode->rates); 3470 (*num_modes)--; 3471 return modes; /* No 802.11b rates */ 3472 } 3473 3474 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 3475 "information"); 3476 3477 return modes; 3478} 3479 3480 3481static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start, 3482 int end) 3483{ 3484 int c; 3485 3486 for (c = 0; c < mode->num_channels; c++) { 3487 struct hostapd_channel_data *chan = &mode->channels[c]; 3488 if (chan->freq - 10 >= start && chan->freq + 10 <= end) 3489 chan->flag |= HOSTAPD_CHAN_HT40; 3490 } 3491} 3492 3493 3494static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start, 3495 int end) 3496{ 3497 int c; 3498 3499 for (c = 0; c < mode->num_channels; c++) { 3500 struct hostapd_channel_data *chan = &mode->channels[c]; 3501 if (!(chan->flag & HOSTAPD_CHAN_HT40)) 3502 continue; 3503 if (chan->freq - 30 >= start && chan->freq - 10 <= end) 3504 chan->flag |= HOSTAPD_CHAN_HT40MINUS; 3505 if (chan->freq + 10 >= start && chan->freq + 30 <= end) 3506 chan->flag |= HOSTAPD_CHAN_HT40PLUS; 3507 } 3508} 3509 3510 3511static void nl80211_reg_rule_ht40(struct nlattr *tb[], 3512 struct phy_info_arg *results) 3513{ 3514 u32 start, end, max_bw; 3515 u16 m; 3516 3517 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 3518 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 3519 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 3520 return; 3521 3522 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 3523 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 3524 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 3525 3526 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz", 3527 start, end, max_bw); 3528 if (max_bw < 40) 3529 return; 3530 3531 for (m = 0; m < *results->num_modes; m++) { 3532 if (!(results->modes[m].ht_capab & 3533 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 3534 continue; 3535 nl80211_set_ht40_mode(&results->modes[m], start, end); 3536 } 3537} 3538 3539 3540static void nl80211_reg_rule_sec(struct nlattr *tb[], 3541 struct phy_info_arg *results) 3542{ 3543 u32 start, end, max_bw; 3544 u16 m; 3545 3546 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 3547 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 3548 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 3549 return; 3550 3551 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 3552 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 3553 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 3554 3555 if (max_bw < 20) 3556 return; 3557 3558 for (m = 0; m < *results->num_modes; m++) { 3559 if (!(results->modes[m].ht_capab & 3560 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 3561 continue; 3562 nl80211_set_ht40_mode_sec(&results->modes[m], start, end); 3563 } 3564} 3565 3566 3567static int nl80211_get_reg(struct nl_msg *msg, void *arg) 3568{ 3569 struct phy_info_arg *results = arg; 3570 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3571 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3572 struct nlattr *nl_rule; 3573 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1]; 3574 int rem_rule; 3575 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 3576 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 3577 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 3578 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 3579 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 3580 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 3581 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 3582 }; 3583 3584 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3585 genlmsg_attrlen(gnlh, 0), NULL); 3586 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] || 3587 !tb_msg[NL80211_ATTR_REG_RULES]) { 3588 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information " 3589 "available"); 3590 return NL_SKIP; 3591 } 3592 3593 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s", 3594 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2])); 3595 3596 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 3597 { 3598 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 3599 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 3600 nl80211_reg_rule_ht40(tb_rule, results); 3601 } 3602 3603 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 3604 { 3605 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 3606 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 3607 nl80211_reg_rule_sec(tb_rule, results); 3608 } 3609 3610 return NL_SKIP; 3611} 3612 3613 3614static int nl80211_set_ht40_flags(struct wpa_driver_nl80211_data *drv, 3615 struct phy_info_arg *results) 3616{ 3617 struct nl_msg *msg; 3618 3619 msg = nlmsg_alloc(); 3620 if (!msg) 3621 return -ENOMEM; 3622 3623 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3624 0, NL80211_CMD_GET_REG, 0); 3625 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results); 3626} 3627 3628 3629static struct hostapd_hw_modes * 3630wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 3631{ 3632 struct i802_bss *bss = priv; 3633 struct wpa_driver_nl80211_data *drv = bss->drv; 3634 struct nl_msg *msg; 3635 struct phy_info_arg result = { 3636 .num_modes = num_modes, 3637 .modes = NULL, 3638 }; 3639 3640 *num_modes = 0; 3641 *flags = 0; 3642 3643 msg = nlmsg_alloc(); 3644 if (!msg) 3645 return NULL; 3646 3647 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3648 0, NL80211_CMD_GET_WIPHY, 0); 3649 3650 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3651 3652 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) { 3653 nl80211_set_ht40_flags(drv, &result); 3654 return wpa_driver_nl80211_add_11b(result.modes, num_modes); 3655 } 3656 nla_put_failure: 3657 return NULL; 3658} 3659 3660 3661static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv, 3662 const void *data, size_t len, 3663 int encrypt) 3664{ 3665 __u8 rtap_hdr[] = { 3666 0x00, 0x00, /* radiotap version */ 3667 0x0e, 0x00, /* radiotap length */ 3668 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 3669 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 3670 0x00, /* padding */ 3671 0x00, 0x00, /* RX and TX flags to indicate that */ 3672 0x00, 0x00, /* this is the injected frame directly */ 3673 }; 3674 struct iovec iov[2] = { 3675 { 3676 .iov_base = &rtap_hdr, 3677 .iov_len = sizeof(rtap_hdr), 3678 }, 3679 { 3680 .iov_base = (void *) data, 3681 .iov_len = len, 3682 } 3683 }; 3684 struct msghdr msg = { 3685 .msg_name = NULL, 3686 .msg_namelen = 0, 3687 .msg_iov = iov, 3688 .msg_iovlen = 2, 3689 .msg_control = NULL, 3690 .msg_controllen = 0, 3691 .msg_flags = 0, 3692 }; 3693 int res; 3694 3695 if (encrypt) 3696 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 3697 3698 if (drv->monitor_sock < 0) { 3699 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available " 3700 "for %s", __func__); 3701 return -1; 3702 } 3703 3704 res = sendmsg(drv->monitor_sock, &msg, 0); 3705 if (res < 0) { 3706 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno)); 3707 return -1; 3708 } 3709 return 0; 3710} 3711 3712 3713static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data, 3714 size_t data_len) 3715{ 3716 struct i802_bss *bss = priv; 3717 struct wpa_driver_nl80211_data *drv = bss->drv; 3718 struct ieee80211_mgmt *mgmt; 3719 int encrypt = 1; 3720 u16 fc; 3721 3722 mgmt = (struct ieee80211_mgmt *) data; 3723 fc = le_to_host16(mgmt->frame_control); 3724#ifndef ANDROID_BRCM_P2P_PATCH 3725 if (drv->nlmode == NL80211_IFTYPE_STATION && 3726#else 3727 if ( 3728#endif 3729 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 3730 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) { 3731 /* 3732 * The use of last_mgmt_freq is a bit of a hack, 3733 * but it works due to the single-threaded nature 3734 * of wpa_supplicant. 3735 */ 3736 return nl80211_send_frame_cmd(drv, drv->last_mgmt_freq, 0, 3737 data, data_len, NULL); 3738 } 3739 3740 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 3741 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 3742 /* 3743 * Only one of the authentication frame types is encrypted. 3744 * In order for static WEP encryption to work properly (i.e., 3745 * to not encrypt the frame), we need to tell mac80211 about 3746 * the frames that must not be encrypted. 3747 */ 3748 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 3749 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 3750 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 3751 encrypt = 0; 3752 } 3753 3754 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt); 3755} 3756 3757 3758static int wpa_driver_nl80211_set_beacon(void *priv, 3759 const u8 *head, size_t head_len, 3760 const u8 *tail, size_t tail_len, 3761 int dtim_period, int beacon_int) 3762{ 3763 struct i802_bss *bss = priv; 3764 struct wpa_driver_nl80211_data *drv = bss->drv; 3765 struct nl_msg *msg; 3766 u8 cmd = NL80211_CMD_NEW_BEACON; 3767 int ret; 3768 int beacon_set; 3769 int ifindex = if_nametoindex(bss->ifname); 3770#ifdef ANDROID_BRCM_P2P_PATCH 3771 beacon_set = 1; 3772#else 3773 beacon_set = bss->beacon_set; 3774#endif 3775 3776 msg = nlmsg_alloc(); 3777 if (!msg) 3778 return -ENOMEM; 3779 3780 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 3781 beacon_set); 3782 if (beacon_set) 3783 cmd = NL80211_CMD_SET_BEACON; 3784 3785 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3786 0, cmd, 0); 3787 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head); 3788 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail); 3789 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 3790 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, beacon_int); 3791 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period); 3792 3793 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3794 if (ret) { 3795 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 3796 ret, strerror(-ret)); 3797 } else { 3798 bss->beacon_set = 1; 3799 } 3800#if defined(ANDROID_BRCM_P2P_PATCH) && defined(HOSTAPD) 3801 wpa_driver_nl80211_probe_req_report(priv, 1); 3802#endif 3803 return ret; 3804 nla_put_failure: 3805 return -ENOBUFS; 3806} 3807 3808 3809static int wpa_driver_nl80211_set_freq(struct wpa_driver_nl80211_data *drv, 3810 int freq, int ht_enabled, 3811 int sec_channel_offset) 3812{ 3813 struct nl_msg *msg; 3814 int ret; 3815 3816 msg = nlmsg_alloc(); 3817 if (!msg) 3818 return -1; 3819 3820 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3821 NL80211_CMD_SET_WIPHY, 0); 3822 3823 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3824 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 3825 if (ht_enabled) { 3826 switch (sec_channel_offset) { 3827 case -1: 3828 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3829 NL80211_CHAN_HT40MINUS); 3830 break; 3831 case 1: 3832 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3833 NL80211_CHAN_HT40PLUS); 3834 break; 3835 default: 3836#ifndef ANDROID_BRCM_P2P_PATCH 3837/* Should be change to HT20 as a default value because P2P firmware does not support 11n for BCM4329 */ 3838 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3839 NL80211_CHAN_HT20); 3840#else 3841 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3842 NL80211_CHAN_NO_HT); 3843#endif 3844 break; 3845 } 3846 } 3847 3848 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3849 if (ret == 0) 3850 return 0; 3851 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 3852 "%d (%s)", freq, ret, strerror(-ret)); 3853nla_put_failure: 3854 return -1; 3855} 3856 3857 3858static int wpa_driver_nl80211_sta_add(void *priv, 3859 struct hostapd_sta_add_params *params) 3860{ 3861 struct i802_bss *bss = priv; 3862 struct wpa_driver_nl80211_data *drv = bss->drv; 3863 struct nl_msg *msg; 3864 int ret = -ENOBUFS; 3865 3866 msg = nlmsg_alloc(); 3867 if (!msg) 3868 return -ENOMEM; 3869 3870 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3871 0, NL80211_CMD_NEW_STATION, 0); 3872 3873 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 3874 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 3875 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 3876 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 3877 params->supp_rates); 3878 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 3879 params->listen_interval); 3880 if (params->ht_capabilities) { 3881 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 3882 sizeof(*params->ht_capabilities), 3883 params->ht_capabilities); 3884 } 3885 3886 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3887 if (ret) 3888 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION " 3889 "result: %d (%s)", ret, strerror(-ret)); 3890 if (ret == -EEXIST) 3891 ret = 0; 3892 nla_put_failure: 3893 return ret; 3894} 3895 3896 3897static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr) 3898{ 3899 struct i802_bss *bss = priv; 3900 struct wpa_driver_nl80211_data *drv = bss->drv; 3901 struct nl_msg *msg; 3902 int ret; 3903 3904 msg = nlmsg_alloc(); 3905 if (!msg) 3906 return -ENOMEM; 3907 3908 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3909 0, NL80211_CMD_DEL_STATION, 0); 3910 3911 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 3912 if_nametoindex(bss->ifname)); 3913 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 3914 3915 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3916 if (ret == -ENOENT) 3917 return 0; 3918 return ret; 3919 nla_put_failure: 3920 return -ENOBUFS; 3921} 3922 3923 3924static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 3925 int ifidx) 3926{ 3927 struct nl_msg *msg; 3928 3929 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 3930 3931#ifdef HOSTAPD 3932 /* stop listening for EAPOL on this interface */ 3933 del_ifidx(drv, ifidx); 3934#endif /* HOSTAPD */ 3935 3936 msg = nlmsg_alloc(); 3937 if (!msg) 3938 goto nla_put_failure; 3939 3940 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3941 0, NL80211_CMD_DEL_INTERFACE, 0); 3942 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 3943 3944 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 3945 return; 3946 nla_put_failure: 3947 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 3948} 3949 3950 3951static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 3952 const char *ifname, 3953 enum nl80211_iftype iftype, 3954 const u8 *addr, int wds) 3955{ 3956 struct nl_msg *msg, *flags = NULL; 3957 int ifidx; 3958 int ret = -ENOBUFS; 3959 3960 msg = nlmsg_alloc(); 3961 if (!msg) 3962 return -1; 3963 3964 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3965 0, NL80211_CMD_NEW_INTERFACE, 0); 3966 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3967 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 3968 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 3969 3970 if (iftype == NL80211_IFTYPE_MONITOR) { 3971 int err; 3972 3973 flags = nlmsg_alloc(); 3974 if (!flags) 3975 goto nla_put_failure; 3976 3977 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES); 3978 3979 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags); 3980 3981 nlmsg_free(flags); 3982 3983 if (err) 3984 goto nla_put_failure; 3985 } else if (wds) { 3986 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 3987 } 3988 3989 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3990 if (ret) { 3991 nla_put_failure: 3992 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 3993 ifname, ret, strerror(-ret)); 3994 return ret; 3995 } 3996 3997 ifidx = if_nametoindex(ifname); 3998 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 3999 ifname, ifidx); 4000 4001 if (ifidx <= 0) 4002 return -1; 4003 4004#ifdef HOSTAPD 4005 /* start listening for EAPOL on this interface */ 4006 add_ifidx(drv, ifidx); 4007#endif /* HOSTAPD */ 4008 4009 if (addr && iftype != NL80211_IFTYPE_MONITOR && 4010 linux_set_ifhwaddr(drv->ioctl_sock, ifname, addr)) { 4011 nl80211_remove_iface(drv, ifidx); 4012 return -1; 4013 } 4014 4015 return ifidx; 4016} 4017 4018 4019static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 4020 const char *ifname, enum nl80211_iftype iftype, 4021 const u8 *addr, int wds) 4022{ 4023 int ret; 4024 4025 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds); 4026 4027 /* if error occured and interface exists already */ 4028 if (ret == -ENFILE && if_nametoindex(ifname)) { 4029 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 4030 4031 /* Try to remove the interface that was already there. */ 4032 nl80211_remove_iface(drv, if_nametoindex(ifname)); 4033 4034 /* Try to create the interface again */ 4035 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 4036 wds); 4037 } 4038 4039 if (ret >= 0 && drv->disable_11b_rates) 4040 nl80211_disable_11b_rates(drv, ret, 1); 4041 4042 return ret; 4043} 4044 4045 4046static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 4047{ 4048 struct ieee80211_hdr *hdr; 4049 u16 fc; 4050 union wpa_event_data event; 4051 4052 hdr = (struct ieee80211_hdr *) buf; 4053 fc = le_to_host16(hdr->frame_control); 4054 4055 os_memset(&event, 0, sizeof(event)); 4056 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 4057 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 4058 event.tx_status.dst = hdr->addr1; 4059 event.tx_status.data = buf; 4060 event.tx_status.data_len = len; 4061 event.tx_status.ack = ok; 4062 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 4063} 4064 4065 4066static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 4067 u8 *buf, size_t len) 4068{ 4069 union wpa_event_data event; 4070 os_memset(&event, 0, sizeof(event)); 4071 event.rx_from_unknown.frame = buf; 4072 event.rx_from_unknown.len = len; 4073 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 4074} 4075 4076 4077static void handle_frame(struct wpa_driver_nl80211_data *drv, 4078 u8 *buf, size_t len, int datarate, int ssi_signal) 4079{ 4080 struct ieee80211_hdr *hdr; 4081 u16 fc; 4082 union wpa_event_data event; 4083 4084 hdr = (struct ieee80211_hdr *) buf; 4085 fc = le_to_host16(hdr->frame_control); 4086 4087 switch (WLAN_FC_GET_TYPE(fc)) { 4088 case WLAN_FC_TYPE_MGMT: 4089 os_memset(&event, 0, sizeof(event)); 4090 event.rx_mgmt.frame = buf; 4091 event.rx_mgmt.frame_len = len; 4092 event.rx_mgmt.datarate = datarate; 4093 event.rx_mgmt.ssi_signal = ssi_signal; 4094 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 4095 break; 4096 case WLAN_FC_TYPE_CTRL: 4097 /* can only get here with PS-Poll frames */ 4098 wpa_printf(MSG_DEBUG, "CTRL"); 4099 from_unknown_sta(drv, buf, len); 4100 break; 4101 case WLAN_FC_TYPE_DATA: 4102 from_unknown_sta(drv, buf, len); 4103 break; 4104 } 4105} 4106 4107 4108static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 4109{ 4110 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4111 int len; 4112 unsigned char buf[3000]; 4113 struct ieee80211_radiotap_iterator iter; 4114 int ret; 4115 int datarate = 0, ssi_signal = 0; 4116 int injected = 0, failed = 0, rxflags = 0; 4117 4118 len = recv(sock, buf, sizeof(buf), 0); 4119 if (len < 0) { 4120 perror("recv"); 4121 return; 4122 } 4123 4124 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) { 4125 printf("received invalid radiotap frame\n"); 4126 return; 4127 } 4128 4129 while (1) { 4130 ret = ieee80211_radiotap_iterator_next(&iter); 4131 if (ret == -ENOENT) 4132 break; 4133 if (ret) { 4134 printf("received invalid radiotap frame (%d)\n", ret); 4135 return; 4136 } 4137 switch (iter.this_arg_index) { 4138 case IEEE80211_RADIOTAP_FLAGS: 4139 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 4140 len -= 4; 4141 break; 4142 case IEEE80211_RADIOTAP_RX_FLAGS: 4143 rxflags = 1; 4144 break; 4145 case IEEE80211_RADIOTAP_TX_FLAGS: 4146 injected = 1; 4147 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 4148 IEEE80211_RADIOTAP_F_TX_FAIL; 4149 break; 4150 case IEEE80211_RADIOTAP_DATA_RETRIES: 4151 break; 4152 case IEEE80211_RADIOTAP_CHANNEL: 4153 /* TODO: convert from freq/flags to channel number */ 4154 break; 4155 case IEEE80211_RADIOTAP_RATE: 4156 datarate = *iter.this_arg * 5; 4157 break; 4158 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 4159 ssi_signal = *iter.this_arg; 4160 break; 4161 } 4162 } 4163 4164 if (rxflags && injected) 4165 return; 4166 4167 if (!injected) 4168 handle_frame(drv, buf + iter.max_length, 4169 len - iter.max_length, datarate, ssi_signal); 4170 else 4171 handle_tx_callback(drv->ctx, buf + iter.max_length, 4172 len - iter.max_length, !failed); 4173} 4174 4175 4176/* 4177 * we post-process the filter code later and rewrite 4178 * this to the offset to the last instruction 4179 */ 4180#define PASS 0xFF 4181#define FAIL 0xFE 4182 4183static struct sock_filter msock_filter_insns[] = { 4184 /* 4185 * do a little-endian load of the radiotap length field 4186 */ 4187 /* load lower byte into A */ 4188 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 4189 /* put it into X (== index register) */ 4190 BPF_STMT(BPF_MISC| BPF_TAX, 0), 4191 /* load upper byte into A */ 4192 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 4193 /* left-shift it by 8 */ 4194 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 4195 /* or with X */ 4196 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 4197 /* put result into X */ 4198 BPF_STMT(BPF_MISC| BPF_TAX, 0), 4199 4200 /* 4201 * Allow management frames through, this also gives us those 4202 * management frames that we sent ourselves with status 4203 */ 4204 /* load the lower byte of the IEEE 802.11 frame control field */ 4205 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 4206 /* mask off frame type and version */ 4207 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 4208 /* accept frame if it's both 0, fall through otherwise */ 4209 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 4210 4211 /* 4212 * TODO: add a bit to radiotap RX flags that indicates 4213 * that the sending station is not associated, then 4214 * add a filter here that filters on our DA and that flag 4215 * to allow us to deauth frames to that bad station. 4216 * 4217 * For now allow all To DS data frames through. 4218 */ 4219 /* load the IEEE 802.11 frame control field */ 4220 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0), 4221 /* mask off frame type, version and DS status */ 4222 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03), 4223 /* accept frame if version 0, type 2 and To DS, fall through otherwise 4224 */ 4225 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0), 4226 4227#if 0 4228 /* 4229 * drop non-data frames 4230 */ 4231 /* load the lower byte of the frame control field */ 4232 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 4233 /* mask off QoS bit */ 4234 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 4235 /* drop non-data frames */ 4236 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 4237#endif 4238 /* load the upper byte of the frame control field */ 4239 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 4240 /* mask off toDS/fromDS */ 4241 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 4242 /* accept WDS frames */ 4243 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 4244 4245 /* 4246 * add header length to index 4247 */ 4248 /* load the lower byte of the frame control field */ 4249 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 4250 /* mask off QoS bit */ 4251 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 4252 /* right shift it by 6 to give 0 or 2 */ 4253 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 4254 /* add data frame header length */ 4255 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 4256 /* add index, was start of 802.11 header */ 4257 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 4258 /* move to index, now start of LL header */ 4259 BPF_STMT(BPF_MISC | BPF_TAX, 0), 4260 4261 /* 4262 * Accept empty data frames, we use those for 4263 * polling activity. 4264 */ 4265 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 4266 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 4267 4268 /* 4269 * Accept EAPOL frames 4270 */ 4271 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 4272 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 4273 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 4274 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 4275 4276 /* keep these last two statements or change the code below */ 4277 /* return 0 == "DROP" */ 4278 BPF_STMT(BPF_RET | BPF_K, 0), 4279 /* return ~0 == "keep all" */ 4280 BPF_STMT(BPF_RET | BPF_K, ~0), 4281}; 4282 4283static struct sock_fprog msock_filter = { 4284 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]), 4285 .filter = msock_filter_insns, 4286}; 4287 4288 4289static int add_monitor_filter(int s) 4290{ 4291 int idx; 4292 4293 /* rewrite all PASS/FAIL jump offsets */ 4294 for (idx = 0; idx < msock_filter.len; idx++) { 4295 struct sock_filter *insn = &msock_filter_insns[idx]; 4296 4297 if (BPF_CLASS(insn->code) == BPF_JMP) { 4298 if (insn->code == (BPF_JMP|BPF_JA)) { 4299 if (insn->k == PASS) 4300 insn->k = msock_filter.len - idx - 2; 4301 else if (insn->k == FAIL) 4302 insn->k = msock_filter.len - idx - 3; 4303 } 4304 4305 if (insn->jt == PASS) 4306 insn->jt = msock_filter.len - idx - 2; 4307 else if (insn->jt == FAIL) 4308 insn->jt = msock_filter.len - idx - 3; 4309 4310 if (insn->jf == PASS) 4311 insn->jf = msock_filter.len - idx - 2; 4312 else if (insn->jf == FAIL) 4313 insn->jf = msock_filter.len - idx - 3; 4314 } 4315 } 4316 4317 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 4318 &msock_filter, sizeof(msock_filter))) { 4319 perror("SO_ATTACH_FILTER"); 4320 return -1; 4321 } 4322 4323 return 0; 4324} 4325 4326 4327static void nl80211_remove_monitor_interface( 4328 struct wpa_driver_nl80211_data *drv) 4329{ 4330 if (drv->monitor_ifidx >= 0) { 4331 nl80211_remove_iface(drv, drv->monitor_ifidx); 4332 drv->monitor_ifidx = -1; 4333 } 4334 if (drv->monitor_sock >= 0) { 4335 eloop_unregister_read_sock(drv->monitor_sock); 4336 close(drv->monitor_sock); 4337 drv->monitor_sock = -1; 4338 } 4339} 4340 4341 4342static int 4343nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 4344{ 4345 char buf[IFNAMSIZ]; 4346 struct sockaddr_ll ll; 4347 int optval; 4348 socklen_t optlen; 4349 4350 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname); 4351 buf[IFNAMSIZ - 1] = '\0'; 4352 4353 drv->monitor_ifidx = 4354 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 4355 0); 4356 4357 if (drv->monitor_ifidx == -EOPNOTSUPP) { 4358 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support " 4359 "monitor interface type - try to run without it"); 4360 drv->no_monitor_iface_capab = 1; 4361 } 4362 4363 if (drv->monitor_ifidx < 0) 4364 return -1; 4365 4366 if (linux_set_iface_flags(drv->ioctl_sock, buf, 1)) 4367 goto error; 4368 4369 memset(&ll, 0, sizeof(ll)); 4370 ll.sll_family = AF_PACKET; 4371 ll.sll_ifindex = drv->monitor_ifidx; 4372 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 4373 if (drv->monitor_sock < 0) { 4374 perror("socket[PF_PACKET,SOCK_RAW]"); 4375 goto error; 4376 } 4377 4378 if (add_monitor_filter(drv->monitor_sock)) { 4379 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 4380 "interface; do filtering in user space"); 4381 /* This works, but will cost in performance. */ 4382 } 4383 4384 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 4385 perror("monitor socket bind"); 4386 goto error; 4387 } 4388 4389 optlen = sizeof(optval); 4390 optval = 20; 4391 if (setsockopt 4392 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 4393 perror("Failed to set socket priority"); 4394 goto error; 4395 } 4396 4397 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 4398 drv, NULL)) { 4399 printf("Could not register monitor read socket\n"); 4400 goto error; 4401 } 4402 4403 return 0; 4404 error: 4405 nl80211_remove_monitor_interface(drv); 4406 return -1; 4407} 4408 4409 4410static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 4411 4412static int wpa_driver_nl80211_hapd_send_eapol( 4413 void *priv, const u8 *addr, const u8 *data, 4414 size_t data_len, int encrypt, const u8 *own_addr, u32 flags) 4415{ 4416 struct i802_bss *bss = priv; 4417 struct wpa_driver_nl80211_data *drv = bss->drv; 4418 struct ieee80211_hdr *hdr; 4419 size_t len; 4420 u8 *pos; 4421 int res; 4422 int qos = flags & WPA_STA_WMM; 4423 4424 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 4425 data_len; 4426 hdr = os_zalloc(len); 4427 if (hdr == NULL) { 4428 printf("malloc() failed for i802_send_data(len=%lu)\n", 4429 (unsigned long) len); 4430 return -1; 4431 } 4432 4433 hdr->frame_control = 4434 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 4435 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 4436 if (encrypt) 4437 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 4438 if (qos) { 4439 hdr->frame_control |= 4440 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 4441 } 4442 4443 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 4444 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 4445 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 4446 pos = (u8 *) (hdr + 1); 4447 4448 if (qos) { 4449 /* add an empty QoS header if needed */ 4450 pos[0] = 0; 4451 pos[1] = 0; 4452 pos += 2; 4453 } 4454 4455 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 4456 pos += sizeof(rfc1042_header); 4457 WPA_PUT_BE16(pos, ETH_P_PAE); 4458 pos += 2; 4459 memcpy(pos, data, data_len); 4460 4461 res = wpa_driver_nl80211_send_frame(drv, (u8 *) hdr, len, encrypt); 4462 if (res < 0) { 4463 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 4464 "failed: %d (%s)", 4465 (unsigned long) len, errno, strerror(errno)); 4466 } 4467 os_free(hdr); 4468 4469 return res; 4470} 4471 4472 4473static u32 sta_flags_nl80211(int flags) 4474{ 4475 u32 f = 0; 4476 4477 if (flags & WPA_STA_AUTHORIZED) 4478 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 4479 if (flags & WPA_STA_WMM) 4480 f |= BIT(NL80211_STA_FLAG_WME); 4481 if (flags & WPA_STA_SHORT_PREAMBLE) 4482 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 4483 if (flags & WPA_STA_MFP) 4484 f |= BIT(NL80211_STA_FLAG_MFP); 4485 4486 return f; 4487} 4488 4489 4490static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 4491 int total_flags, 4492 int flags_or, int flags_and) 4493{ 4494 struct i802_bss *bss = priv; 4495 struct wpa_driver_nl80211_data *drv = bss->drv; 4496 struct nl_msg *msg, *flags = NULL; 4497 struct nl80211_sta_flag_update upd; 4498 4499 msg = nlmsg_alloc(); 4500 if (!msg) 4501 return -ENOMEM; 4502 4503 flags = nlmsg_alloc(); 4504 if (!flags) { 4505 nlmsg_free(msg); 4506 return -ENOMEM; 4507 } 4508 4509 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4510 0, NL80211_CMD_SET_STATION, 0); 4511 4512 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 4513 if_nametoindex(bss->ifname)); 4514 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 4515 4516 /* 4517 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 4518 * can be removed eventually. 4519 */ 4520 if (total_flags & WPA_STA_AUTHORIZED) 4521 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED); 4522 4523 if (total_flags & WPA_STA_WMM) 4524 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME); 4525 4526 if (total_flags & WPA_STA_SHORT_PREAMBLE) 4527 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE); 4528 4529 if (total_flags & WPA_STA_MFP) 4530 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP); 4531 4532 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags)) 4533 goto nla_put_failure; 4534 4535 os_memset(&upd, 0, sizeof(upd)); 4536 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 4537 upd.set = sta_flags_nl80211(flags_or); 4538 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 4539 4540 nlmsg_free(flags); 4541 4542 return send_and_recv_msgs(drv, msg, NULL, NULL); 4543 nla_put_failure: 4544 nlmsg_free(flags); 4545 return -ENOBUFS; 4546} 4547 4548 4549static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 4550 struct wpa_driver_associate_params *params) 4551{ 4552 if (params->p2p) 4553 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P " 4554 "group (GO)"); 4555 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode) || 4556 wpa_driver_nl80211_set_freq(drv, params->freq, 0, 0)) { 4557 nl80211_remove_monitor_interface(drv); 4558 return -1; 4559 } 4560 4561 /* TODO: setup monitor interface (and add code somewhere to remove this 4562 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */ 4563 4564 return 0; 4565} 4566 4567 4568static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 4569{ 4570 struct nl_msg *msg; 4571 int ret = -1; 4572 4573 msg = nlmsg_alloc(); 4574 if (!msg) 4575 return -1; 4576 4577 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4578 NL80211_CMD_LEAVE_IBSS, 0); 4579 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4580 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4581 msg = NULL; 4582 if (ret) { 4583 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 4584 "(%s)", ret, strerror(-ret)); 4585 goto nla_put_failure; 4586 } 4587 4588 ret = 0; 4589 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 4590 4591nla_put_failure: 4592 nlmsg_free(msg); 4593 return ret; 4594} 4595 4596 4597static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 4598 struct wpa_driver_associate_params *params) 4599{ 4600 struct nl_msg *msg; 4601 int ret = -1; 4602 int count = 0; 4603 4604 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 4605 4606 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode)) { 4607 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 4608 "IBSS mode"); 4609 return -1; 4610 } 4611 4612retry: 4613 msg = nlmsg_alloc(); 4614 if (!msg) 4615 return -1; 4616 4617 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4618 NL80211_CMD_JOIN_IBSS, 0); 4619 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4620 4621 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 4622 goto nla_put_failure; 4623 4624 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 4625 params->ssid, params->ssid_len); 4626 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 4627 params->ssid); 4628 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 4629 drv->ssid_len = params->ssid_len; 4630 4631 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 4632 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 4633 4634 ret = nl80211_set_conn_keys(params, msg); 4635 if (ret) 4636 goto nla_put_failure; 4637 4638 if (params->wpa_ie) { 4639 wpa_hexdump(MSG_DEBUG, 4640 " * Extra IEs for Beacon/Probe Response frames", 4641 params->wpa_ie, params->wpa_ie_len); 4642 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 4643 params->wpa_ie); 4644 } 4645 4646 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4647 msg = NULL; 4648 if (ret) { 4649 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 4650 ret, strerror(-ret)); 4651 count++; 4652 if (ret == -EALREADY && count == 1) { 4653 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 4654 "forced leave"); 4655 nl80211_leave_ibss(drv); 4656 nlmsg_free(msg); 4657 goto retry; 4658 } 4659 4660 goto nla_put_failure; 4661 } 4662 ret = 0; 4663 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 4664 4665nla_put_failure: 4666 nlmsg_free(msg); 4667 return ret; 4668} 4669 4670 4671static int wpa_driver_nl80211_connect( 4672 struct wpa_driver_nl80211_data *drv, 4673 struct wpa_driver_associate_params *params) 4674{ 4675 struct nl_msg *msg; 4676 enum nl80211_auth_type type; 4677 int ret = 0; 4678 int algs; 4679 4680 msg = nlmsg_alloc(); 4681 if (!msg) 4682 return -1; 4683 4684 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 4685 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4686 NL80211_CMD_CONNECT, 0); 4687 4688 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4689 if (params->bssid) { 4690 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 4691 MAC2STR(params->bssid)); 4692 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 4693 } 4694 if (params->freq) { 4695 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 4696 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 4697 } 4698 if (params->ssid) { 4699 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 4700 params->ssid, params->ssid_len); 4701 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 4702 params->ssid); 4703 if (params->ssid_len > sizeof(drv->ssid)) 4704 goto nla_put_failure; 4705 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 4706 drv->ssid_len = params->ssid_len; 4707 } 4708 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 4709 if (params->wpa_ie) 4710 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 4711 params->wpa_ie); 4712 4713 algs = 0; 4714 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 4715 algs++; 4716 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 4717 algs++; 4718 if (params->auth_alg & WPA_AUTH_ALG_LEAP) 4719 algs++; 4720 if (algs > 1) { 4721 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " 4722 "selection"); 4723 goto skip_auth_type; 4724 } 4725 4726 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 4727 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 4728 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 4729 type = NL80211_AUTHTYPE_SHARED_KEY; 4730 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 4731 type = NL80211_AUTHTYPE_NETWORK_EAP; 4732 else if (params->auth_alg & WPA_AUTH_ALG_FT) 4733 type = NL80211_AUTHTYPE_FT; 4734 else 4735 goto nla_put_failure; 4736 4737 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 4738 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 4739 4740skip_auth_type: 4741 if (params->wpa_ie && params->wpa_ie_len) { 4742 enum nl80211_wpa_versions ver; 4743 4744 if (params->wpa_ie[0] == WLAN_EID_RSN) 4745 ver = NL80211_WPA_VERSION_2; 4746 else 4747 ver = NL80211_WPA_VERSION_1; 4748 4749 wpa_printf(MSG_DEBUG, " * WPA Version %d", ver); 4750 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 4751 } 4752 4753 if (params->pairwise_suite != CIPHER_NONE) { 4754 int cipher; 4755 4756 switch (params->pairwise_suite) { 4757 case CIPHER_WEP40: 4758 cipher = WLAN_CIPHER_SUITE_WEP40; 4759 break; 4760 case CIPHER_WEP104: 4761 cipher = WLAN_CIPHER_SUITE_WEP104; 4762 break; 4763 case CIPHER_CCMP: 4764 cipher = WLAN_CIPHER_SUITE_CCMP; 4765 break; 4766 case CIPHER_TKIP: 4767 default: 4768 cipher = WLAN_CIPHER_SUITE_TKIP; 4769 break; 4770 } 4771 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 4772 } 4773 4774 if (params->group_suite != CIPHER_NONE) { 4775 int cipher; 4776 4777 switch (params->group_suite) { 4778 case CIPHER_WEP40: 4779 cipher = WLAN_CIPHER_SUITE_WEP40; 4780 break; 4781 case CIPHER_WEP104: 4782 cipher = WLAN_CIPHER_SUITE_WEP104; 4783 break; 4784 case CIPHER_CCMP: 4785 cipher = WLAN_CIPHER_SUITE_CCMP; 4786 break; 4787 case CIPHER_TKIP: 4788 default: 4789 cipher = WLAN_CIPHER_SUITE_TKIP; 4790 break; 4791 } 4792 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 4793 } 4794 4795 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 4796 params->key_mgmt_suite == KEY_MGMT_PSK) { 4797 int mgmt = WLAN_AKM_SUITE_PSK; 4798 4799 switch (params->key_mgmt_suite) { 4800 case KEY_MGMT_802_1X: 4801 mgmt = WLAN_AKM_SUITE_8021X; 4802 break; 4803 case KEY_MGMT_PSK: 4804 default: 4805 mgmt = WLAN_AKM_SUITE_PSK; 4806 break; 4807 } 4808 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 4809 } 4810 4811 ret = nl80211_set_conn_keys(params, msg); 4812 if (ret) 4813 goto nla_put_failure; 4814 4815 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4816 msg = NULL; 4817 if (ret) { 4818 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 4819 "(%s)", ret, strerror(-ret)); 4820 goto nla_put_failure; 4821 } 4822 ret = 0; 4823 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 4824 4825nla_put_failure: 4826 nlmsg_free(msg); 4827 return ret; 4828 4829} 4830 4831 4832static int wpa_driver_nl80211_associate( 4833 void *priv, struct wpa_driver_associate_params *params) 4834{ 4835 struct i802_bss *bss = priv; 4836 struct wpa_driver_nl80211_data *drv = bss->drv; 4837 int ret = -1; 4838 struct nl_msg *msg; 4839 4840 if (params->mode == IEEE80211_MODE_AP) 4841 return wpa_driver_nl80211_ap(drv, params); 4842 4843 if (params->mode == IEEE80211_MODE_IBSS) 4844 return wpa_driver_nl80211_ibss(drv, params); 4845 4846 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 4847 if (wpa_driver_nl80211_set_mode(priv, params->mode) < 0) 4848 return -1; 4849 return wpa_driver_nl80211_connect(drv, params); 4850 } 4851 4852 drv->associated = 0; 4853 4854 msg = nlmsg_alloc(); 4855 if (!msg) 4856 return -1; 4857 4858 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 4859 drv->ifindex); 4860 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4861 NL80211_CMD_ASSOCIATE, 0); 4862 4863 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4864 if (params->bssid) { 4865 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 4866 MAC2STR(params->bssid)); 4867 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 4868 } 4869 if (params->freq) { 4870 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 4871 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 4872 drv->assoc_freq = params->freq; 4873 } else 4874 drv->assoc_freq = 0; 4875 if (params->ssid) { 4876 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 4877 params->ssid, params->ssid_len); 4878 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 4879 params->ssid); 4880 if (params->ssid_len > sizeof(drv->ssid)) 4881 goto nla_put_failure; 4882 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 4883 drv->ssid_len = params->ssid_len; 4884 } 4885 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 4886 if (params->wpa_ie) 4887 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 4888 params->wpa_ie); 4889 4890 if (params->pairwise_suite != CIPHER_NONE) { 4891 int cipher; 4892 4893 switch (params->pairwise_suite) { 4894 case CIPHER_WEP40: 4895 cipher = WLAN_CIPHER_SUITE_WEP40; 4896 break; 4897 case CIPHER_WEP104: 4898 cipher = WLAN_CIPHER_SUITE_WEP104; 4899 break; 4900 case CIPHER_CCMP: 4901 cipher = WLAN_CIPHER_SUITE_CCMP; 4902 break; 4903 case CIPHER_TKIP: 4904 default: 4905 cipher = WLAN_CIPHER_SUITE_TKIP; 4906 break; 4907 } 4908 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher); 4909 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 4910 } 4911 4912 if (params->group_suite != CIPHER_NONE) { 4913 int cipher; 4914 4915 switch (params->group_suite) { 4916 case CIPHER_WEP40: 4917 cipher = WLAN_CIPHER_SUITE_WEP40; 4918 break; 4919 case CIPHER_WEP104: 4920 cipher = WLAN_CIPHER_SUITE_WEP104; 4921 break; 4922 case CIPHER_CCMP: 4923 cipher = WLAN_CIPHER_SUITE_CCMP; 4924 break; 4925 case CIPHER_TKIP: 4926 default: 4927 cipher = WLAN_CIPHER_SUITE_TKIP; 4928 break; 4929 } 4930 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher); 4931 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 4932 } 4933 4934#ifdef CONFIG_IEEE80211W 4935 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 4936 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 4937#endif /* CONFIG_IEEE80211W */ 4938 4939 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 4940 4941 if (params->prev_bssid) { 4942 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 4943 MAC2STR(params->prev_bssid)); 4944 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 4945 params->prev_bssid); 4946 } 4947 4948 if (params->p2p) 4949 wpa_printf(MSG_DEBUG, " * P2P group"); 4950 4951 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4952 msg = NULL; 4953 if (ret) { 4954 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 4955 "(%s)", ret, strerror(-ret)); 4956 nl80211_dump_scan(drv); 4957 goto nla_put_failure; 4958 } 4959 ret = 0; 4960 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 4961 "successfully"); 4962 4963nla_put_failure: 4964 nlmsg_free(msg); 4965 return ret; 4966} 4967 4968 4969static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 4970 int ifindex, int mode) 4971{ 4972 struct nl_msg *msg; 4973 int ret = -ENOBUFS; 4974 4975 msg = nlmsg_alloc(); 4976 if (!msg) 4977 return -ENOMEM; 4978 4979 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4980 0, NL80211_CMD_SET_INTERFACE, 0); 4981 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 4982 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 4983 4984 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4985 if (!ret) 4986 return 0; 4987nla_put_failure: 4988 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 4989 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 4990 return ret; 4991} 4992 4993 4994static int wpa_driver_nl80211_set_mode(void *priv, int mode) 4995{ 4996 struct i802_bss *bss = priv; 4997 struct wpa_driver_nl80211_data *drv = bss->drv; 4998 int ret = -1; 4999 int nlmode; 5000 int i; 5001 5002 switch (mode) { 5003 case 0: 5004 nlmode = NL80211_IFTYPE_STATION; 5005 break; 5006 case 1: 5007 nlmode = NL80211_IFTYPE_ADHOC; 5008 break; 5009 case 2: 5010 nlmode = NL80211_IFTYPE_AP; 5011 break; 5012 default: 5013 return -1; 5014 } 5015 5016 if (nl80211_set_mode(drv, drv->ifindex, nlmode) == 0) { 5017 drv->nlmode = nlmode; 5018 ret = 0; 5019 goto done; 5020 } 5021 5022 if (nlmode == drv->nlmode) { 5023 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 5024 "requested mode - ignore error"); 5025 ret = 0; 5026 goto done; /* Already in the requested mode */ 5027 } 5028 5029 /* mac80211 doesn't allow mode changes while the device is up, so 5030 * take the device down, try to set the mode again, and bring the 5031 * device back up. 5032 */ 5033 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting " 5034 "interface down"); 5035 for (i = 0; i < 10; i++) { 5036 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0) == 5037 0) { 5038 /* Try to set the mode again while the interface is 5039 * down */ 5040 ret = nl80211_set_mode(drv, drv->ifindex, nlmode); 5041 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 5042 1)) 5043 ret = -1; 5044 if (!ret) 5045 break; 5046 } else 5047 wpa_printf(MSG_DEBUG, "nl80211: Failed to set " 5048 "interface down"); 5049 os_sleep(0, 100000); 5050 } 5051 5052 if (!ret) { 5053 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 5054 "interface is down"); 5055 drv->nlmode = nlmode; 5056 } 5057 5058done: 5059 if (!ret && nlmode == NL80211_IFTYPE_AP) { 5060 /* Setup additional AP mode functionality if needed */ 5061 if (!drv->no_monitor_iface_capab && drv->monitor_ifidx < 0 && 5062 nl80211_create_monitor_interface(drv) && 5063 !drv->no_monitor_iface_capab) 5064 return -1; 5065 } else if (!ret && nlmode != NL80211_IFTYPE_AP) { 5066 /* Remove additional AP mode functionality */ 5067 nl80211_remove_monitor_interface(drv); 5068 bss->beacon_set = 0; 5069 } 5070 5071 if (ret) 5072 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 5073 "from %d failed", nlmode, drv->nlmode); 5074 5075 return ret; 5076} 5077 5078 5079static int wpa_driver_nl80211_get_capa(void *priv, 5080 struct wpa_driver_capa *capa) 5081{ 5082 struct i802_bss *bss = priv; 5083 struct wpa_driver_nl80211_data *drv = bss->drv; 5084 if (!drv->has_capability) 5085 return -1; 5086 os_memcpy(capa, &drv->capa, sizeof(*capa)); 5087 return 0; 5088} 5089 5090 5091static int wpa_driver_nl80211_set_operstate(void *priv, int state) 5092{ 5093 struct i802_bss *bss = priv; 5094 struct wpa_driver_nl80211_data *drv = bss->drv; 5095 5096 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 5097 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 5098 drv->operstate = state; 5099 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1, 5100 state ? IF_OPER_UP : IF_OPER_DORMANT); 5101} 5102 5103 5104static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 5105{ 5106 struct i802_bss *bss = priv; 5107 struct wpa_driver_nl80211_data *drv = bss->drv; 5108 struct nl_msg *msg; 5109 struct nl80211_sta_flag_update upd; 5110 5111 msg = nlmsg_alloc(); 5112 if (!msg) 5113 return -ENOMEM; 5114 5115 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5116 0, NL80211_CMD_SET_STATION, 0); 5117 5118 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 5119 if_nametoindex(bss->ifname)); 5120 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 5121 5122 os_memset(&upd, 0, sizeof(upd)); 5123 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 5124 if (authorized) 5125 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 5126 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 5127 5128 return send_and_recv_msgs(drv, msg, NULL, NULL); 5129 nla_put_failure: 5130 return -ENOBUFS; 5131} 5132 5133 5134/* Set kernel driver on given frequency (MHz) */ 5135static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 5136{ 5137 struct i802_bss *bss = priv; 5138 struct wpa_driver_nl80211_data *drv = bss->drv; 5139 return wpa_driver_nl80211_set_freq(drv, freq->freq, freq->ht_enabled, 5140 freq->sec_channel_offset); 5141} 5142 5143 5144#if defined(HOSTAPD) || defined(CONFIG_AP) 5145 5146static inline int min_int(int a, int b) 5147{ 5148 if (a < b) 5149 return a; 5150 return b; 5151} 5152 5153 5154static int get_key_handler(struct nl_msg *msg, void *arg) 5155{ 5156 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 5157 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5158 5159 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5160 genlmsg_attrlen(gnlh, 0), NULL); 5161 5162 /* 5163 * TODO: validate the key index and mac address! 5164 * Otherwise, there's a race condition as soon as 5165 * the kernel starts sending key notifications. 5166 */ 5167 5168 if (tb[NL80211_ATTR_KEY_SEQ]) 5169 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 5170 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 5171 return NL_SKIP; 5172} 5173 5174 5175static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 5176 int idx, u8 *seq) 5177{ 5178 struct i802_bss *bss = priv; 5179 struct wpa_driver_nl80211_data *drv = bss->drv; 5180 struct nl_msg *msg; 5181 5182 msg = nlmsg_alloc(); 5183 if (!msg) 5184 return -ENOMEM; 5185 5186 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5187 0, NL80211_CMD_GET_KEY, 0); 5188 5189 if (addr) 5190 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5191 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 5192 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 5193 5194 memset(seq, 0, 6); 5195 5196 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 5197 nla_put_failure: 5198 return -ENOBUFS; 5199} 5200 5201 5202static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates, 5203 int mode) 5204{ 5205 struct i802_bss *bss = priv; 5206 struct wpa_driver_nl80211_data *drv = bss->drv; 5207 struct nl_msg *msg; 5208 u8 rates[NL80211_MAX_SUPP_RATES]; 5209 u8 rates_len = 0; 5210 int i; 5211 5212 msg = nlmsg_alloc(); 5213 if (!msg) 5214 return -ENOMEM; 5215 5216 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 5217 NL80211_CMD_SET_BSS, 0); 5218 5219 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++) 5220 rates[rates_len++] = basic_rates[i] / 5; 5221 5222 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 5223 5224 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5225 5226 return send_and_recv_msgs(drv, msg, NULL, NULL); 5227 nla_put_failure: 5228 return -ENOBUFS; 5229} 5230 5231 5232static int i802_set_rts(void *priv, int rts) 5233{ 5234 struct i802_bss *bss = priv; 5235 struct wpa_driver_nl80211_data *drv = bss->drv; 5236 struct nl_msg *msg; 5237 int ret = -ENOBUFS; 5238 u32 val; 5239 5240 msg = nlmsg_alloc(); 5241 if (!msg) 5242 return -ENOMEM; 5243 5244 if (rts >= 2347) 5245 val = (u32) -1; 5246 else 5247 val = rts; 5248 5249 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5250 0, NL80211_CMD_SET_WIPHY, 0); 5251 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5252 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 5253 5254 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5255 if (!ret) 5256 return 0; 5257nla_put_failure: 5258 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 5259 "%d (%s)", rts, ret, strerror(-ret)); 5260 return ret; 5261} 5262 5263 5264static int i802_set_frag(void *priv, int frag) 5265{ 5266 struct i802_bss *bss = priv; 5267 struct wpa_driver_nl80211_data *drv = bss->drv; 5268 struct nl_msg *msg; 5269 int ret = -ENOBUFS; 5270 u32 val; 5271 5272 msg = nlmsg_alloc(); 5273 if (!msg) 5274 return -ENOMEM; 5275 5276 if (frag >= 2346) 5277 val = (u32) -1; 5278 else 5279 val = frag; 5280 5281 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5282 0, NL80211_CMD_SET_WIPHY, 0); 5283 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5284 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 5285 5286 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5287 if (!ret) 5288 return 0; 5289nla_put_failure: 5290 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 5291 "%d: %d (%s)", frag, ret, strerror(-ret)); 5292 return ret; 5293} 5294 5295 5296static int i802_flush(void *priv) 5297{ 5298 struct i802_bss *bss = priv; 5299 struct wpa_driver_nl80211_data *drv = bss->drv; 5300 struct nl_msg *msg; 5301 5302 msg = nlmsg_alloc(); 5303 if (!msg) 5304 return -1; 5305 5306 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5307 0, NL80211_CMD_DEL_STATION, 0); 5308 5309 /* 5310 * XXX: FIX! this needs to flush all VLANs too 5311 */ 5312 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 5313 if_nametoindex(bss->ifname)); 5314 5315 return send_and_recv_msgs(drv, msg, NULL, NULL); 5316 nla_put_failure: 5317 return -ENOBUFS; 5318} 5319 5320 5321static int get_sta_handler(struct nl_msg *msg, void *arg) 5322{ 5323 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 5324 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5325 struct hostap_sta_driver_data *data = arg; 5326 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 5327 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 5328 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 5329 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 5330 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 5331 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 5332 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 5333 }; 5334 5335 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5336 genlmsg_attrlen(gnlh, 0), NULL); 5337 5338 /* 5339 * TODO: validate the interface and mac address! 5340 * Otherwise, there's a race condition as soon as 5341 * the kernel starts sending station notifications. 5342 */ 5343 5344 if (!tb[NL80211_ATTR_STA_INFO]) { 5345 wpa_printf(MSG_DEBUG, "sta stats missing!"); 5346 return NL_SKIP; 5347 } 5348 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 5349 tb[NL80211_ATTR_STA_INFO], 5350 stats_policy)) { 5351 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 5352 return NL_SKIP; 5353 } 5354 5355 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 5356 data->inactive_msec = 5357 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 5358 if (stats[NL80211_STA_INFO_RX_BYTES]) 5359 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 5360 if (stats[NL80211_STA_INFO_TX_BYTES]) 5361 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 5362 if (stats[NL80211_STA_INFO_RX_PACKETS]) 5363 data->rx_packets = 5364 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 5365 if (stats[NL80211_STA_INFO_TX_PACKETS]) 5366 data->tx_packets = 5367 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 5368 5369 return NL_SKIP; 5370} 5371 5372static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data, 5373 const u8 *addr) 5374{ 5375 struct i802_bss *bss = priv; 5376 struct wpa_driver_nl80211_data *drv = bss->drv; 5377 struct nl_msg *msg; 5378 5379 os_memset(data, 0, sizeof(*data)); 5380 msg = nlmsg_alloc(); 5381 if (!msg) 5382 return -ENOMEM; 5383 5384 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5385 0, NL80211_CMD_GET_STATION, 0); 5386 5387 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5388 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5389 5390 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 5391 nla_put_failure: 5392 return -ENOBUFS; 5393} 5394 5395 5396static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 5397 int cw_min, int cw_max, int burst_time) 5398{ 5399 struct i802_bss *bss = priv; 5400 struct wpa_driver_nl80211_data *drv = bss->drv; 5401 struct nl_msg *msg; 5402 struct nlattr *txq, *params; 5403 5404 msg = nlmsg_alloc(); 5405 if (!msg) 5406 return -1; 5407 5408 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5409 0, NL80211_CMD_SET_WIPHY, 0); 5410 5411 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5412 5413 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 5414 if (!txq) 5415 goto nla_put_failure; 5416 5417 /* We are only sending parameters for a single TXQ at a time */ 5418 params = nla_nest_start(msg, 1); 5419 if (!params) 5420 goto nla_put_failure; 5421 5422 switch (queue) { 5423 case 0: 5424 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO); 5425 break; 5426 case 1: 5427 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI); 5428 break; 5429 case 2: 5430 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE); 5431 break; 5432 case 3: 5433 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK); 5434 break; 5435 } 5436 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 5437 * 32 usec, so need to convert the value here. */ 5438 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 5439 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 5440 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 5441 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 5442 5443 nla_nest_end(msg, params); 5444 5445 nla_nest_end(msg, txq); 5446 5447 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 5448 return 0; 5449 nla_put_failure: 5450 return -1; 5451} 5452 5453 5454static int i802_set_bss(void *priv, int cts, int preamble, int slot, 5455 int ht_opmode) 5456{ 5457 struct i802_bss *bss = priv; 5458 struct wpa_driver_nl80211_data *drv = bss->drv; 5459 struct nl_msg *msg; 5460 5461 msg = nlmsg_alloc(); 5462 if (!msg) 5463 return -ENOMEM; 5464 5465 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 5466 NL80211_CMD_SET_BSS, 0); 5467 5468 if (cts >= 0) 5469 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 5470 if (preamble >= 0) 5471 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 5472 if (slot >= 0) 5473 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 5474 if (ht_opmode >= 0) 5475 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode); 5476 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5477 5478 return send_and_recv_msgs(drv, msg, NULL, NULL); 5479 nla_put_failure: 5480 return -ENOBUFS; 5481} 5482 5483 5484static int i802_set_cts_protect(void *priv, int value) 5485{ 5486 return i802_set_bss(priv, value, -1, -1, -1); 5487} 5488 5489 5490static int i802_set_preamble(void *priv, int value) 5491{ 5492 return i802_set_bss(priv, -1, value, -1, -1); 5493} 5494 5495 5496static int i802_set_short_slot_time(void *priv, int value) 5497{ 5498 return i802_set_bss(priv, -1, -1, value, -1); 5499} 5500 5501 5502static int i802_set_sta_vlan(void *priv, const u8 *addr, 5503 const char *ifname, int vlan_id) 5504{ 5505 struct i802_bss *bss = priv; 5506 struct wpa_driver_nl80211_data *drv = bss->drv; 5507 struct nl_msg *msg; 5508 int ret = -ENOBUFS; 5509 5510 msg = nlmsg_alloc(); 5511 if (!msg) 5512 return -ENOMEM; 5513 5514 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5515 0, NL80211_CMD_SET_STATION, 0); 5516 5517 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 5518 if_nametoindex(bss->ifname)); 5519 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5520 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 5521 if_nametoindex(ifname)); 5522 5523 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5524 if (ret < 0) { 5525 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 5526 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 5527 MAC2STR(addr), ifname, vlan_id, ret, 5528 strerror(-ret)); 5529 } 5530 nla_put_failure: 5531 return ret; 5532} 5533 5534 5535static int i802_set_ht_params(void *priv, const u8 *ht_capab, 5536 size_t ht_capab_len, const u8 *ht_oper, 5537 size_t ht_oper_len) 5538{ 5539 if (ht_oper_len >= 6) { 5540 /* ht opmode uses 16bit in octet 5 & 6 */ 5541 u16 ht_opmode = le_to_host16(((u16 *) ht_oper)[2]); 5542 return i802_set_bss(priv, -1, -1, -1, ht_opmode); 5543 } else 5544 return -1; 5545} 5546 5547 5548static int i802_get_inact_sec(void *priv, const u8 *addr) 5549{ 5550 struct hostap_sta_driver_data data; 5551 int ret; 5552 5553 data.inactive_msec = (unsigned long) -1; 5554 ret = i802_read_sta_data(priv, &data, addr); 5555 if (ret || data.inactive_msec == (unsigned long) -1) 5556 return -1; 5557 return data.inactive_msec / 1000; 5558} 5559 5560 5561static int i802_sta_clear_stats(void *priv, const u8 *addr) 5562{ 5563#if 0 5564 /* TODO */ 5565#endif 5566 return 0; 5567} 5568 5569 5570static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 5571 int reason) 5572{ 5573 struct i802_bss *bss = priv; 5574 struct ieee80211_mgmt mgmt; 5575 5576 memset(&mgmt, 0, sizeof(mgmt)); 5577 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 5578 WLAN_FC_STYPE_DEAUTH); 5579 memcpy(mgmt.da, addr, ETH_ALEN); 5580 memcpy(mgmt.sa, own_addr, ETH_ALEN); 5581 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 5582 mgmt.u.deauth.reason_code = host_to_le16(reason); 5583 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 5584 IEEE80211_HDRLEN + 5585 sizeof(mgmt.u.deauth)); 5586} 5587 5588 5589static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 5590 int reason) 5591{ 5592 struct i802_bss *bss = priv; 5593 struct ieee80211_mgmt mgmt; 5594 5595 memset(&mgmt, 0, sizeof(mgmt)); 5596 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 5597 WLAN_FC_STYPE_DISASSOC); 5598 memcpy(mgmt.da, addr, ETH_ALEN); 5599 memcpy(mgmt.sa, own_addr, ETH_ALEN); 5600 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 5601 mgmt.u.disassoc.reason_code = host_to_le16(reason); 5602 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 5603 IEEE80211_HDRLEN + 5604 sizeof(mgmt.u.disassoc)); 5605} 5606 5607#endif /* HOSTAPD || CONFIG_AP */ 5608 5609#ifdef HOSTAPD 5610 5611static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 5612{ 5613 int i; 5614 int *old; 5615 5616 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 5617 ifidx); 5618 for (i = 0; i < drv->num_if_indices; i++) { 5619 if (drv->if_indices[i] == 0) { 5620 drv->if_indices[i] = ifidx; 5621 return; 5622 } 5623 } 5624 5625 if (drv->if_indices != drv->default_if_indices) 5626 old = drv->if_indices; 5627 else 5628 old = NULL; 5629 5630 drv->if_indices = os_realloc(old, 5631 sizeof(int) * (drv->num_if_indices + 1)); 5632 if (!drv->if_indices) { 5633 if (!old) 5634 drv->if_indices = drv->default_if_indices; 5635 else 5636 drv->if_indices = old; 5637 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 5638 "interfaces"); 5639 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 5640 return; 5641 } else if (!old) 5642 os_memcpy(drv->if_indices, drv->default_if_indices, 5643 sizeof(drv->default_if_indices)); 5644 drv->if_indices[drv->num_if_indices] = ifidx; 5645 drv->num_if_indices++; 5646} 5647 5648 5649static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 5650{ 5651 int i; 5652 5653 for (i = 0; i < drv->num_if_indices; i++) { 5654 if (drv->if_indices[i] == ifidx) { 5655 drv->if_indices[i] = 0; 5656 break; 5657 } 5658 } 5659} 5660 5661 5662static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 5663{ 5664 int i; 5665 5666 for (i = 0; i < drv->num_if_indices; i++) 5667 if (drv->if_indices[i] == ifidx) 5668 return 1; 5669 5670 return 0; 5671} 5672 5673 5674static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, 5675 const char *bridge_ifname) 5676{ 5677 struct i802_bss *bss = priv; 5678 struct wpa_driver_nl80211_data *drv = bss->drv; 5679 char name[IFNAMSIZ + 1]; 5680 5681 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 5682 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 5683 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 5684 if (val) { 5685 if (!if_nametoindex(name)) { 5686 if (nl80211_create_iface(drv, name, 5687 NL80211_IFTYPE_AP_VLAN, 5688 NULL, 1) < 0) 5689 return -1; 5690 if (bridge_ifname && 5691 linux_br_add_if(drv->ioctl_sock, bridge_ifname, 5692 name) < 0) 5693 return -1; 5694 } 5695 linux_set_iface_flags(drv->ioctl_sock, name, 1); 5696 return i802_set_sta_vlan(priv, addr, name, 0); 5697 } else { 5698 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 5699 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN, 5700 name); 5701 } 5702} 5703 5704 5705static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 5706{ 5707 struct wpa_driver_nl80211_data *drv = eloop_ctx; 5708 struct sockaddr_ll lladdr; 5709 unsigned char buf[3000]; 5710 int len; 5711 socklen_t fromlen = sizeof(lladdr); 5712 5713 len = recvfrom(sock, buf, sizeof(buf), 0, 5714 (struct sockaddr *)&lladdr, &fromlen); 5715 if (len < 0) { 5716 perror("recv"); 5717 return; 5718 } 5719 5720 if (have_ifidx(drv, lladdr.sll_ifindex)) 5721 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 5722} 5723 5724 5725static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 5726 struct i802_bss *bss, 5727 const char *brname, const char *ifname) 5728{ 5729 int ifindex; 5730 char in_br[IFNAMSIZ]; 5731 5732 os_strlcpy(bss->brname, brname, IFNAMSIZ); 5733 ifindex = if_nametoindex(brname); 5734 if (ifindex == 0) { 5735 /* 5736 * Bridge was configured, but the bridge device does 5737 * not exist. Try to add it now. 5738 */ 5739 if (linux_br_add(drv->ioctl_sock, brname) < 0) { 5740 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 5741 "bridge interface %s: %s", 5742 brname, strerror(errno)); 5743 return -1; 5744 } 5745 bss->added_bridge = 1; 5746 add_ifidx(drv, if_nametoindex(brname)); 5747 } 5748 5749 if (linux_br_get(in_br, ifname) == 0) { 5750 if (os_strcmp(in_br, brname) == 0) 5751 return 0; /* already in the bridge */ 5752 5753 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 5754 "bridge %s", ifname, in_br); 5755 if (linux_br_del_if(drv->ioctl_sock, in_br, ifname) < 0) { 5756 wpa_printf(MSG_ERROR, "nl80211: Failed to " 5757 "remove interface %s from bridge " 5758 "%s: %s", 5759 ifname, brname, strerror(errno)); 5760 return -1; 5761 } 5762 } 5763 5764 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 5765 ifname, brname); 5766 if (linux_br_add_if(drv->ioctl_sock, brname, ifname) < 0) { 5767 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 5768 "into bridge %s: %s", 5769 ifname, brname, strerror(errno)); 5770 return -1; 5771 } 5772 bss->added_if_into_bridge = 1; 5773 5774 return 0; 5775} 5776 5777 5778static void *i802_init(struct hostapd_data *hapd, 5779 struct wpa_init_params *params) 5780{ 5781 struct wpa_driver_nl80211_data *drv; 5782 struct i802_bss *bss; 5783 size_t i; 5784 char brname[IFNAMSIZ]; 5785 int ifindex, br_ifindex; 5786 int br_added = 0; 5787 5788 bss = wpa_driver_nl80211_init(hapd, params->ifname, NULL); 5789 if (bss == NULL) 5790 return NULL; 5791 5792 drv = bss->drv; 5793 drv->nlmode = NL80211_IFTYPE_AP; 5794 if (linux_br_get(brname, params->ifname) == 0) { 5795 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 5796 params->ifname, brname); 5797 br_ifindex = if_nametoindex(brname); 5798 } else { 5799 brname[0] = '\0'; 5800 br_ifindex = 0; 5801 } 5802 5803 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 5804 drv->if_indices = drv->default_if_indices; 5805 for (i = 0; i < params->num_bridge; i++) { 5806 if (params->bridge[i]) { 5807 ifindex = if_nametoindex(params->bridge[i]); 5808 if (ifindex) 5809 add_ifidx(drv, ifindex); 5810 if (ifindex == br_ifindex) 5811 br_added = 1; 5812 } 5813 } 5814 if (!br_added && br_ifindex && 5815 (params->num_bridge == 0 || !params->bridge[0])) 5816 add_ifidx(drv, br_ifindex); 5817 5818 /* start listening for EAPOL on the default AP interface */ 5819 add_ifidx(drv, drv->ifindex); 5820 5821 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0)) 5822 goto failed; 5823 5824 if (params->bssid) { 5825 if (linux_set_ifhwaddr(drv->ioctl_sock, bss->ifname, 5826 params->bssid)) 5827 goto failed; 5828 } 5829 5830 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_AP)) { 5831 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s " 5832 "into AP mode", bss->ifname); 5833 goto failed; 5834 } 5835 5836 if (params->num_bridge && params->bridge[0] && 5837 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0) 5838 goto failed; 5839 5840 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) 5841 goto failed; 5842 5843 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 5844 if (drv->eapol_sock < 0) { 5845 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)"); 5846 goto failed; 5847 } 5848 5849 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 5850 { 5851 printf("Could not register read socket for eapol\n"); 5852 goto failed; 5853 } 5854 5855 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, params->own_addr)) 5856 goto failed; 5857 5858 return bss; 5859 5860failed: 5861 nl80211_remove_monitor_interface(drv); 5862 rfkill_deinit(drv->rfkill); 5863 netlink_deinit(drv->netlink); 5864 if (drv->ioctl_sock >= 0) 5865 close(drv->ioctl_sock); 5866 5867 genl_family_put(drv->nl80211); 5868 nl_cache_free(drv->nl_cache); 5869 nl80211_handle_destroy(drv->nl_handle); 5870 nl_cb_put(drv->nl_cb); 5871 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 5872 5873 os_free(drv); 5874 return NULL; 5875} 5876 5877 5878static void i802_deinit(void *priv) 5879{ 5880 wpa_driver_nl80211_deinit(priv); 5881} 5882 5883#endif /* HOSTAPD */ 5884 5885 5886static enum nl80211_iftype wpa_driver_nl80211_if_type( 5887 enum wpa_driver_if_type type) 5888{ 5889 switch (type) { 5890 case WPA_IF_STATION: 5891 return NL80211_IFTYPE_STATION; 5892 case WPA_IF_P2P_CLIENT: 5893 case WPA_IF_P2P_GROUP: 5894 return NL80211_IFTYPE_P2P_CLIENT; 5895 case WPA_IF_AP_VLAN: 5896 return NL80211_IFTYPE_AP_VLAN; 5897 case WPA_IF_AP_BSS: 5898 return NL80211_IFTYPE_AP; 5899 case WPA_IF_P2P_GO: 5900 return NL80211_IFTYPE_P2P_GO; 5901 } 5902 return -1; 5903} 5904 5905 5906#ifdef CONFIG_P2P 5907 5908static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr) 5909{ 5910 struct wpa_driver_nl80211_data *drv; 5911 dl_list_for_each(drv, &global->interfaces, 5912 struct wpa_driver_nl80211_data, list) { 5913 if (os_memcmp(addr, drv->addr, ETH_ALEN) == 0) 5914 return 1; 5915 } 5916 return 0; 5917} 5918 5919 5920static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv, 5921 u8 *new_addr) 5922{ 5923 unsigned int idx; 5924 5925 if (!drv->global) 5926 return -1; 5927 5928 os_memcpy(new_addr, drv->addr, ETH_ALEN); 5929 for (idx = 0; idx < 64; idx++) { 5930 new_addr[0] = drv->addr[0] | 0x02; 5931 new_addr[0] ^= idx << 2; 5932 if (!nl80211_addr_in_use(drv->global, new_addr)) 5933 break; 5934 } 5935 if (idx == 64) 5936 return -1; 5937 5938 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address " 5939 MACSTR, MAC2STR(new_addr)); 5940 5941 return 0; 5942} 5943 5944#endif /* CONFIG_P2P */ 5945 5946 5947static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 5948 const char *ifname, const u8 *addr, 5949 void *bss_ctx, void **drv_priv, 5950 char *force_ifname, u8 *if_addr, 5951 const char *bridge) 5952{ 5953 struct i802_bss *bss = priv; 5954 struct wpa_driver_nl80211_data *drv = bss->drv; 5955 int ifidx; 5956#ifdef HOSTAPD 5957 struct i802_bss *new_bss = NULL; 5958 5959 if (type == WPA_IF_AP_BSS) { 5960 new_bss = os_zalloc(sizeof(*new_bss)); 5961 if (new_bss == NULL) 5962 return -1; 5963 } 5964#endif /* HOSTAPD */ 5965 5966 if (addr) 5967 os_memcpy(if_addr, addr, ETH_ALEN); 5968 ifidx = nl80211_create_iface(drv, ifname, 5969 wpa_driver_nl80211_if_type(type), addr, 5970 0); 5971 if (ifidx < 0) { 5972#ifdef HOSTAPD 5973 os_free(new_bss); 5974#endif /* HOSTAPD */ 5975 return -1; 5976 } 5977 5978 if (!addr && 5979 linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, if_addr) < 0) { 5980 nl80211_remove_iface(drv, ifidx); 5981 return -1; 5982 } 5983 5984#ifdef CONFIG_P2P 5985 if (!addr && 5986 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP || 5987 type == WPA_IF_P2P_GO)) { 5988 /* Enforce unique P2P Interface Address */ 5989 u8 new_addr[ETH_ALEN], own_addr[ETH_ALEN]; 5990 5991 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) 5992 < 0 || 5993 linux_get_ifhwaddr(drv->ioctl_sock, ifname, new_addr) < 0) 5994 { 5995 nl80211_remove_iface(drv, ifidx); 5996 return -1; 5997 } 5998 if (os_memcmp(own_addr, new_addr, ETH_ALEN) == 0) { 5999 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address " 6000 "for P2P group interface"); 6001 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) { 6002 nl80211_remove_iface(drv, ifidx); 6003 return -1; 6004 } 6005 if (linux_set_ifhwaddr(drv->ioctl_sock, ifname, 6006 new_addr) < 0) { 6007 nl80211_remove_iface(drv, ifidx); 6008 return -1; 6009 } 6010 os_memcpy(if_addr, new_addr, ETH_ALEN); 6011 } 6012#ifdef ANDROID_BRCM_P2P_PATCH 6013 else { 6014 /* P2P_ADDR: Driver uses a different mac address than the primary mac */ 6015 wpa_printf(MSG_DEBUG, "nl80211: Driver uses a " 6016 "different mac address for the Virtual I/F. Get that and store it locally"); 6017 os_memcpy(if_addr, new_addr, ETH_ALEN); 6018 6019 } 6020#endif 6021 } 6022#endif /* CONFIG_P2P */ 6023 6024#ifdef HOSTAPD 6025 if (bridge && 6026 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) { 6027 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new " 6028 "interface %s to a bridge %s", ifname, bridge); 6029 nl80211_remove_iface(drv, ifidx); 6030 os_free(new_bss); 6031 return -1; 6032 } 6033 6034 if (type == WPA_IF_AP_BSS) { 6035 if (linux_set_iface_flags(drv->ioctl_sock, ifname, 1)) { 6036 nl80211_remove_iface(drv, ifidx); 6037 os_free(new_bss); 6038 return -1; 6039 } 6040 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 6041 new_bss->ifindex = ifidx; 6042 new_bss->drv = drv; 6043 new_bss->next = drv->first_bss.next; 6044 drv->first_bss.next = new_bss; 6045 if (drv_priv) 6046 *drv_priv = new_bss; 6047 } 6048#endif /* HOSTAPD */ 6049 6050 return 0; 6051} 6052 6053 6054static int wpa_driver_nl80211_if_remove(void *priv, 6055 enum wpa_driver_if_type type, 6056 const char *ifname) 6057{ 6058 struct i802_bss *bss = priv; 6059 struct wpa_driver_nl80211_data *drv = bss->drv; 6060 int ifindex = if_nametoindex(ifname); 6061 6062 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d", 6063 __func__, type, ifname, ifindex); 6064 if (ifindex <= 0) 6065 return -1; 6066 6067#ifdef HOSTAPD 6068 if (bss->added_if_into_bridge) { 6069 if (linux_br_del_if(drv->ioctl_sock, bss->brname, bss->ifname) 6070 < 0) 6071 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 6072 "interface %s from bridge %s: %s", 6073 bss->ifname, bss->brname, strerror(errno)); 6074 } 6075 if (bss->added_bridge) { 6076 if (linux_br_del(drv->ioctl_sock, bss->brname) < 0) 6077 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 6078 "bridge %s: %s", 6079 bss->brname, strerror(errno)); 6080 } 6081#endif /* HOSTAPD */ 6082 6083 nl80211_remove_iface(drv, ifindex); 6084 6085#ifdef HOSTAPD 6086 if (type != WPA_IF_AP_BSS) 6087 return 0; 6088 6089 if (bss != &drv->first_bss) { 6090 struct i802_bss *tbss; 6091 6092 for (tbss = &drv->first_bss; tbss; tbss = tbss->next) { 6093 if (tbss->next == bss) { 6094 tbss->next = bss->next; 6095 os_free(bss); 6096 bss = NULL; 6097 break; 6098 } 6099 } 6100 if (bss) 6101 wpa_printf(MSG_INFO, "nl80211: %s - could not find " 6102 "BSS %p in the list", __func__, bss); 6103 } 6104#endif /* HOSTAPD */ 6105 6106 return 0; 6107} 6108 6109 6110static int cookie_handler(struct nl_msg *msg, void *arg) 6111{ 6112 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 6113 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6114 u64 *cookie = arg; 6115 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6116 genlmsg_attrlen(gnlh, 0), NULL); 6117 if (tb[NL80211_ATTR_COOKIE]) 6118 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 6119 return NL_SKIP; 6120} 6121 6122 6123static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv, 6124 unsigned int freq, unsigned int wait, 6125 const u8 *buf, size_t buf_len, 6126 u64 *cookie_out) 6127{ 6128 struct nl_msg *msg; 6129 u64 cookie; 6130 int ret = -1; 6131 6132 msg = nlmsg_alloc(); 6133 if (!msg) 6134 return -1; 6135 6136 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6137 NL80211_CMD_FRAME, 0); 6138 6139 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6140 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 6141#ifndef ANDROID_BRCM_P2P_PATCH 6142 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait); 6143#endif 6144 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 6145 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf); 6146 6147 cookie = 0; 6148 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 6149 msg = NULL; 6150 if (ret) { 6151 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d " 6152 "(%s)", ret, strerror(-ret)); 6153 goto nla_put_failure; 6154 } 6155 wpa_printf(MSG_DEBUG, "nl80211: Frame TX command accepted; " 6156 "cookie 0x%llx", (long long unsigned int) cookie); 6157 6158 if (cookie_out) 6159 *cookie_out = cookie; 6160 6161nla_put_failure: 6162 nlmsg_free(msg); 6163 return ret; 6164} 6165 6166 6167static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq, 6168 unsigned int wait_time, 6169 const u8 *dst, const u8 *src, 6170 const u8 *bssid, 6171 const u8 *data, size_t data_len) 6172{ 6173 struct i802_bss *bss = priv; 6174 struct wpa_driver_nl80211_data *drv = bss->drv; 6175 int ret = -1; 6176 u8 *buf; 6177 struct ieee80211_hdr *hdr; 6178 6179 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, " 6180 "wait=%d ms)", drv->ifindex, wait_time); 6181 6182 buf = os_zalloc(24 + data_len); 6183 if (buf == NULL) 6184 return ret; 6185 os_memcpy(buf + 24, data, data_len); 6186 hdr = (struct ieee80211_hdr *) buf; 6187 hdr->frame_control = 6188 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 6189 os_memcpy(hdr->addr1, dst, ETH_ALEN); 6190 os_memcpy(hdr->addr2, src, ETH_ALEN); 6191 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 6192 6193 if (drv->nlmode == NL80211_IFTYPE_AP) 6194 ret = wpa_driver_nl80211_send_mlme(priv, buf, 24 + data_len); 6195 else 6196 ret = nl80211_send_frame_cmd(drv, freq, wait_time, buf, 6197 24 + data_len, 6198 &drv->send_action_cookie); 6199 6200 os_free(buf); 6201 return ret; 6202} 6203 6204 6205static void wpa_driver_nl80211_send_action_cancel_wait(void *priv) 6206{ 6207 struct i802_bss *bss = priv; 6208 struct wpa_driver_nl80211_data *drv = bss->drv; 6209 struct nl_msg *msg; 6210 int ret; 6211 6212 msg = nlmsg_alloc(); 6213 if (!msg) 6214 return; 6215 6216 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6217 NL80211_CMD_FRAME_WAIT_CANCEL, 0); 6218 6219 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6220 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie); 6221 6222 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6223 msg = NULL; 6224 if (ret) 6225 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d " 6226 "(%s)", ret, strerror(-ret)); 6227 6228 nla_put_failure: 6229 nlmsg_free(msg); 6230} 6231 6232 6233static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 6234 unsigned int duration) 6235{ 6236 struct i802_bss *bss = priv; 6237 struct wpa_driver_nl80211_data *drv = bss->drv; 6238 struct nl_msg *msg; 6239 int ret; 6240 u64 cookie; 6241 6242 msg = nlmsg_alloc(); 6243 if (!msg) 6244 return -1; 6245 6246 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6247 NL80211_CMD_REMAIN_ON_CHANNEL, 0); 6248 6249 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6250 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 6251 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 6252 6253 cookie = 0; 6254 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 6255 if (ret == 0) { 6256 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 6257 "0x%llx for freq=%u MHz duration=%u", 6258 (long long unsigned int) cookie, freq, duration); 6259 drv->remain_on_chan_cookie = cookie; 6260 return 0; 6261 } 6262 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 6263 "(freq=%d duration=%u): %d (%s)", 6264 freq, duration, ret, strerror(-ret)); 6265nla_put_failure: 6266 return -1; 6267} 6268 6269 6270static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 6271{ 6272 struct i802_bss *bss = priv; 6273 struct wpa_driver_nl80211_data *drv = bss->drv; 6274 struct nl_msg *msg; 6275 int ret; 6276 6277 if (!drv->pending_remain_on_chan) { 6278 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 6279 "to cancel"); 6280 return -1; 6281 } 6282 6283 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 6284 "0x%llx", 6285 (long long unsigned int) drv->remain_on_chan_cookie); 6286 6287 msg = nlmsg_alloc(); 6288 if (!msg) 6289 return -1; 6290 6291 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6292 NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 0); 6293 6294 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6295 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 6296 6297 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6298 if (ret == 0) 6299 return 0; 6300 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 6301 "%d (%s)", ret, strerror(-ret)); 6302nla_put_failure: 6303 return -1; 6304} 6305 6306 6307static int wpa_driver_nl80211_probe_req_report(void *priv, int report) 6308{ 6309 struct i802_bss *bss = priv; 6310 struct wpa_driver_nl80211_data *drv = bss->drv; 6311#ifndef ANDROID_BRCM_P2P_PATCH 6312 if (drv->nlmode != NL80211_IFTYPE_STATION) { 6313 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only " 6314 "allowed in station mode (iftype=%d)", 6315 drv->nlmode); 6316 return -1; 6317 } 6318#endif 6319 if (!report) { 6320 if (drv->nl_handle_preq) { 6321 eloop_unregister_read_sock( 6322 nl_socket_get_fd(drv->nl_handle_preq)); 6323 nl_cache_free(drv->nl_cache_preq); 6324 nl80211_handle_destroy(drv->nl_handle_preq); 6325 drv->nl_handle_preq = NULL; 6326 } 6327 return 0; 6328 } 6329 6330 if (drv->nl_handle_preq) { 6331 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting " 6332 "already on!"); 6333 return 0; 6334 } 6335 6336 drv->nl_handle_preq = nl80211_handle_alloc(drv->nl_cb); 6337 if (drv->nl_handle_preq == NULL) { 6338 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate " 6339 "netlink callbacks (preq)"); 6340 goto out_err1; 6341 } 6342 6343 if (genl_connect(drv->nl_handle_preq)) { 6344 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to " 6345 "generic netlink (preq)"); 6346 goto out_err2; 6347 return -1; 6348 } 6349 6350#ifdef CONFIG_LIBNL20 6351 if (genl_ctrl_alloc_cache(drv->nl_handle_preq, 6352 &drv->nl_cache_preq) < 0) { 6353 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 6354 "netlink cache (preq)"); 6355 goto out_err2; 6356 } 6357#else /* CONFIG_LIBNL20 */ 6358 drv->nl_cache_preq = genl_ctrl_alloc_cache(drv->nl_handle_preq); 6359 if (drv->nl_cache_preq == NULL) { 6360 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 6361 "netlink cache (preq)"); 6362 goto out_err2; 6363 } 6364#endif /* CONFIG_LIBNL20 */ 6365 6366 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6367 (WLAN_FC_TYPE_MGMT << 2) | 6368 (WLAN_FC_STYPE_PROBE_REQ << 4), 6369 NULL, 0) < 0) { 6370 goto out_err3; 6371 } 6372 6373#ifdef ANDROID_BRCM_P2P_PATCH 6374 if (drv->nlmode != NL80211_IFTYPE_AP && 6375 drv->nlmode != NL80211_IFTYPE_P2P_GO) { 6376 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only " 6377 "allowed in AP or P2P GO mode (iftype=%d)", 6378 drv->nlmode); 6379 goto done; 6380 } 6381 6382 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6383 (WLAN_FC_TYPE_MGMT << 2) | 6384 (WLAN_FC_STYPE_ASSOC_REQ << 4), 6385 NULL, 0) < 0) { 6386 goto out_err3; 6387 } 6388 6389 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6390 (WLAN_FC_TYPE_MGMT << 2) | 6391 (WLAN_FC_STYPE_REASSOC_REQ << 4), 6392 NULL, 0) < 0) { 6393 goto out_err3; 6394 } 6395 6396 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6397 (WLAN_FC_TYPE_MGMT << 2) | 6398 (WLAN_FC_STYPE_DISASSOC << 4), 6399 NULL, 0) < 0) { 6400 goto out_err3; 6401 } 6402 6403 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6404 (WLAN_FC_TYPE_MGMT << 2) | 6405 (WLAN_FC_STYPE_DEAUTH << 4), 6406 NULL, 0) < 0) { 6407 goto out_err3; 6408 } 6409 6410done: 6411#endif 6412 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_preq), 6413 wpa_driver_nl80211_event_receive, drv, 6414 drv->nl_handle_preq); 6415 6416 return 0; 6417 6418 out_err3: 6419 nl_cache_free(drv->nl_cache_preq); 6420 out_err2: 6421 nl80211_handle_destroy(drv->nl_handle_preq); 6422 drv->nl_handle_preq = NULL; 6423 out_err1: 6424 return -1; 6425} 6426 6427 6428static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 6429 int ifindex, int disabled) 6430{ 6431 struct nl_msg *msg; 6432 struct nlattr *bands, *band; 6433 int ret; 6434 6435 msg = nlmsg_alloc(); 6436 if (!msg) 6437 return -1; 6438 6439 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6440 NL80211_CMD_SET_TX_BITRATE_MASK, 0); 6441 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 6442 6443 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 6444 if (!bands) 6445 goto nla_put_failure; 6446 6447 /* 6448 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 6449 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 6450 * rates. All 5 GHz rates are left enabled. 6451 */ 6452 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 6453 if (!band) 6454 goto nla_put_failure; 6455 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 6456 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 6457 nla_nest_end(msg, band); 6458 6459 nla_nest_end(msg, bands); 6460 6461 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6462 msg = NULL; 6463 if (ret) { 6464 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 6465 "(%s)", ret, strerror(-ret)); 6466 } 6467 6468 return ret; 6469 6470nla_put_failure: 6471 nlmsg_free(msg); 6472 return -1; 6473} 6474 6475 6476static int wpa_driver_nl80211_disable_11b_rates(void *priv, int disabled) 6477{ 6478 struct i802_bss *bss = priv; 6479 struct wpa_driver_nl80211_data *drv = bss->drv; 6480 drv->disable_11b_rates = disabled; 6481 return nl80211_disable_11b_rates(drv, drv->ifindex, disabled); 6482} 6483 6484 6485static int wpa_driver_nl80211_deinit_ap(void *priv) 6486{ 6487 struct i802_bss *bss = priv; 6488 struct wpa_driver_nl80211_data *drv = bss->drv; 6489 if (drv->nlmode != NL80211_IFTYPE_AP) 6490 return -1; 6491 wpa_driver_nl80211_del_beacon(drv); 6492 return wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA); 6493} 6494 6495 6496static void wpa_driver_nl80211_resume(void *priv) 6497{ 6498 struct i802_bss *bss = priv; 6499 struct wpa_driver_nl80211_data *drv = bss->drv; 6500 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) { 6501 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on " 6502 "resume event"); 6503 } 6504} 6505 6506 6507static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 6508 const u8 *ies, size_t ies_len) 6509{ 6510 struct i802_bss *bss = priv; 6511 struct wpa_driver_nl80211_data *drv = bss->drv; 6512 int ret; 6513 u8 *data, *pos; 6514 size_t data_len; 6515 u8 own_addr[ETH_ALEN]; 6516 6517 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) < 0) 6518 return -1; 6519 6520 if (action != 1) { 6521 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 6522 "action %d", action); 6523 return -1; 6524 } 6525 6526 /* 6527 * Action frame payload: 6528 * Category[1] = 6 (Fast BSS Transition) 6529 * Action[1] = 1 (Fast BSS Transition Request) 6530 * STA Address 6531 * Target AP Address 6532 * FT IEs 6533 */ 6534 6535 data_len = 2 + 2 * ETH_ALEN + ies_len; 6536 data = os_malloc(data_len); 6537 if (data == NULL) 6538 return -1; 6539 pos = data; 6540 *pos++ = 0x06; /* FT Action category */ 6541 *pos++ = action; 6542 os_memcpy(pos, own_addr, ETH_ALEN); 6543 pos += ETH_ALEN; 6544 os_memcpy(pos, target_ap, ETH_ALEN); 6545 pos += ETH_ALEN; 6546 os_memcpy(pos, ies, ies_len); 6547 6548 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0, 6549 drv->bssid, own_addr, drv->bssid, 6550 data, data_len); 6551 os_free(data); 6552 6553 return ret; 6554} 6555 6556 6557static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 6558{ 6559 struct i802_bss *bss = priv; 6560 struct wpa_driver_nl80211_data *drv = bss->drv; 6561 struct nl_msg *msg, *cqm = NULL; 6562 6563 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 6564 "hysteresis=%d", threshold, hysteresis); 6565 6566 msg = nlmsg_alloc(); 6567 if (!msg) 6568 return -1; 6569 6570 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 6571 0, NL80211_CMD_SET_CQM, 0); 6572 6573 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 6574 6575 cqm = nlmsg_alloc(); 6576 if (cqm == NULL) 6577 return -1; 6578 6579 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 6580 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 6581 nla_put_nested(msg, NL80211_ATTR_CQM, cqm); 6582 6583 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 6584 return 0; 6585 msg = NULL; 6586 6587nla_put_failure: 6588 if (cqm) 6589 nlmsg_free(cqm); 6590 nlmsg_free(msg); 6591 return -1; 6592} 6593 6594 6595static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si) 6596{ 6597 struct i802_bss *bss = priv; 6598 struct wpa_driver_nl80211_data *drv = bss->drv; 6599 int res; 6600 6601 os_memset(si, 0, sizeof(*si)); 6602 res = nl80211_get_link_signal(drv, si); 6603 if (res != 0) 6604 return res; 6605 6606 return nl80211_get_link_noise(drv, si); 6607} 6608 6609 6610static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 6611 int encrypt) 6612{ 6613 struct i802_bss *bss = priv; 6614 struct wpa_driver_nl80211_data *drv = bss->drv; 6615 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt); 6616} 6617 6618 6619static int nl80211_set_intra_bss(void *priv, int enabled) 6620{ 6621 struct i802_bss *bss = priv; 6622 struct wpa_driver_nl80211_data *drv = bss->drv; 6623 struct nl_msg *msg; 6624 6625 msg = nlmsg_alloc(); 6626 if (!msg) 6627 return -ENOMEM; 6628 6629 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6630 NL80211_CMD_SET_BSS, 0); 6631 6632 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 6633 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, !enabled); 6634 6635 return send_and_recv_msgs(drv, msg, NULL, NULL); 6636 nla_put_failure: 6637 return -ENOBUFS; 6638} 6639 6640 6641static int nl80211_set_param(void *priv, const char *param) 6642{ 6643 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param); 6644 if (param == NULL) 6645 return 0; 6646 6647#ifdef CONFIG_P2P 6648 if (os_strstr(param, "use_p2p_group_interface=1")) { 6649 struct i802_bss *bss = priv; 6650 struct wpa_driver_nl80211_data *drv = bss->drv; 6651 6652 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 6653 "interface"); 6654 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 6655 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 6656 } 6657#endif /* CONFIG_P2P */ 6658 6659 return 0; 6660} 6661 6662 6663static void * nl80211_global_init(void) 6664{ 6665 struct nl80211_global *global; 6666 global = os_zalloc(sizeof(*global)); 6667 if (global == NULL) 6668 return NULL; 6669 dl_list_init(&global->interfaces); 6670 return global; 6671} 6672 6673 6674static void nl80211_global_deinit(void *priv) 6675{ 6676 struct nl80211_global *global = priv; 6677 if (global == NULL) 6678 return; 6679 if (!dl_list_empty(&global->interfaces)) { 6680 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at " 6681 "nl80211_global_deinit", 6682 dl_list_len(&global->interfaces)); 6683 } 6684 os_free(global); 6685} 6686 6687 6688static const char * nl80211_get_radio_name(void *priv) 6689{ 6690 struct i802_bss *bss = priv; 6691 struct wpa_driver_nl80211_data *drv = bss->drv; 6692 return drv->phyname; 6693} 6694 6695 6696static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid, 6697 const u8 *pmkid) 6698{ 6699 struct nl_msg *msg; 6700 6701 msg = nlmsg_alloc(); 6702 if (!msg) 6703 return -ENOMEM; 6704 6705 genlmsg_put(msg, 0, 0, genl_family_get_id(bss->drv->nl80211), 0, 0, 6706 cmd, 0); 6707 6708 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 6709 if (pmkid) 6710 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid); 6711 if (bssid) 6712 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 6713 6714 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 6715 nla_put_failure: 6716 return -ENOBUFS; 6717} 6718 6719 6720static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 6721{ 6722 struct i802_bss *bss = priv; 6723 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid)); 6724 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid); 6725} 6726 6727 6728static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 6729{ 6730 struct i802_bss *bss = priv; 6731 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR, 6732 MAC2STR(bssid)); 6733 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid); 6734} 6735 6736 6737static int nl80211_flush_pmkid(void *priv) 6738{ 6739 struct i802_bss *bss = priv; 6740 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs"); 6741 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL); 6742} 6743 6744 6745const struct wpa_driver_ops wpa_driver_nl80211_ops = { 6746 .name = "nl80211", 6747 .desc = "Linux nl80211/cfg80211", 6748 .get_bssid = wpa_driver_nl80211_get_bssid, 6749 .get_ssid = wpa_driver_nl80211_get_ssid, 6750 .set_key = wpa_driver_nl80211_set_key, 6751 .scan2 = wpa_driver_nl80211_scan, 6752 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 6753 .deauthenticate = wpa_driver_nl80211_deauthenticate, 6754 .disassociate = wpa_driver_nl80211_disassociate, 6755 .authenticate = wpa_driver_nl80211_authenticate, 6756 .associate = wpa_driver_nl80211_associate, 6757 .global_init = nl80211_global_init, 6758 .global_deinit = nl80211_global_deinit, 6759 .init2 = wpa_driver_nl80211_init, 6760 .deinit = wpa_driver_nl80211_deinit, 6761 .get_capa = wpa_driver_nl80211_get_capa, 6762 .set_operstate = wpa_driver_nl80211_set_operstate, 6763 .set_supp_port = wpa_driver_nl80211_set_supp_port, 6764 .set_country = wpa_driver_nl80211_set_country, 6765 .set_beacon = wpa_driver_nl80211_set_beacon, 6766 .if_add = wpa_driver_nl80211_if_add, 6767 .if_remove = wpa_driver_nl80211_if_remove, 6768 .send_mlme = wpa_driver_nl80211_send_mlme, 6769 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 6770 .sta_add = wpa_driver_nl80211_sta_add, 6771 .sta_remove = wpa_driver_nl80211_sta_remove, 6772 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 6773 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 6774#ifdef HOSTAPD 6775 .hapd_init = i802_init, 6776 .hapd_deinit = i802_deinit, 6777 .set_wds_sta = i802_set_wds_sta, 6778#endif /* HOSTAPD */ 6779#if defined(HOSTAPD) || defined(CONFIG_AP) 6780 .get_seqnum = i802_get_seqnum, 6781 .flush = i802_flush, 6782 .read_sta_data = i802_read_sta_data, 6783 .get_inact_sec = i802_get_inact_sec, 6784 .sta_clear_stats = i802_sta_clear_stats, 6785 .set_rts = i802_set_rts, 6786 .set_frag = i802_set_frag, 6787 .set_cts_protect = i802_set_cts_protect, 6788 .set_preamble = i802_set_preamble, 6789 .set_short_slot_time = i802_set_short_slot_time, 6790 .set_tx_queue_params = i802_set_tx_queue_params, 6791 .set_sta_vlan = i802_set_sta_vlan, 6792 .set_ht_params = i802_set_ht_params, 6793 .set_rate_sets = i802_set_rate_sets, 6794 .sta_deauth = i802_sta_deauth, 6795 .sta_disassoc = i802_sta_disassoc, 6796#endif /* HOSTAPD || CONFIG_AP */ 6797 .set_freq = i802_set_freq, 6798 .send_action = wpa_driver_nl80211_send_action, 6799 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait, 6800 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 6801 .cancel_remain_on_channel = 6802 wpa_driver_nl80211_cancel_remain_on_channel, 6803 .probe_req_report = wpa_driver_nl80211_probe_req_report, 6804 .disable_11b_rates = wpa_driver_nl80211_disable_11b_rates, 6805 .deinit_ap = wpa_driver_nl80211_deinit_ap, 6806 .resume = wpa_driver_nl80211_resume, 6807 .send_ft_action = nl80211_send_ft_action, 6808 .signal_monitor = nl80211_signal_monitor, 6809 .signal_poll = nl80211_signal_poll, 6810 .send_frame = nl80211_send_frame, 6811 .set_intra_bss = nl80211_set_intra_bss, 6812 .set_param = nl80211_set_param, 6813 .get_radio_name = nl80211_get_radio_name, 6814 .add_pmkid = nl80211_add_pmkid, 6815 .remove_pmkid = nl80211_remove_pmkid, 6816 .flush_pmkid = nl80211_flush_pmkid, 6817#ifdef ANDROID 6818 .driver_cmd = wpa_driver_nl80211_driver_cmd, 6819#endif 6820}; 6821