driver_nl80211.c revision bd14a57187b024f49f5b9ace55ef457d8d04650a
1/* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This software may be distributed under the terms of the BSD license. 10 * See README for more details. 11 */ 12 13#include "includes.h" 14#include <sys/ioctl.h> 15#include <sys/types.h> 16#include <sys/stat.h> 17#include <fcntl.h> 18#include <net/if.h> 19#include <netlink/genl/genl.h> 20#include <netlink/genl/family.h> 21#include <netlink/genl/ctrl.h> 22#include <linux/rtnetlink.h> 23#include <netpacket/packet.h> 24#include <linux/filter.h> 25#include <linux/errqueue.h> 26#include "nl80211_copy.h" 27 28#include "common.h" 29#include "eloop.h" 30#include "utils/list.h" 31#include "common/qca-vendor.h" 32#include "common/ieee802_11_defs.h" 33#include "common/ieee802_11_common.h" 34#include "l2_packet/l2_packet.h" 35#include "netlink.h" 36#include "linux_ioctl.h" 37#include "radiotap.h" 38#include "radiotap_iter.h" 39#include "rfkill.h" 40#include "driver.h" 41 42#ifndef SO_WIFI_STATUS 43# if defined(__sparc__) 44# define SO_WIFI_STATUS 0x0025 45# elif defined(__parisc__) 46# define SO_WIFI_STATUS 0x4022 47# else 48# define SO_WIFI_STATUS 41 49# endif 50 51# define SCM_WIFI_STATUS SO_WIFI_STATUS 52#endif 53 54#ifndef SO_EE_ORIGIN_TXSTATUS 55#define SO_EE_ORIGIN_TXSTATUS 4 56#endif 57 58#ifndef PACKET_TX_TIMESTAMP 59#define PACKET_TX_TIMESTAMP 16 60#endif 61 62#ifdef ANDROID 63#include "android_drv.h" 64#endif /* ANDROID */ 65#ifdef CONFIG_LIBNL20 66/* libnl 2.0 compatibility code */ 67#define nl_handle nl_sock 68#define nl80211_handle_alloc nl_socket_alloc_cb 69#define nl80211_handle_destroy nl_socket_free 70#else 71/* 72 * libnl 1.1 has a bug, it tries to allocate socket numbers densely 73 * but when you free a socket again it will mess up its bitmap and 74 * and use the wrong number the next time it needs a socket ID. 75 * Therefore, we wrap the handle alloc/destroy and add our own pid 76 * accounting. 77 */ 78static uint32_t port_bitmap[32] = { 0 }; 79 80static struct nl_handle *nl80211_handle_alloc(void *cb) 81{ 82 struct nl_handle *handle; 83 uint32_t pid = getpid() & 0x3FFFFF; 84 int i; 85 86 handle = nl_handle_alloc_cb(cb); 87 88 for (i = 0; i < 1024; i++) { 89 if (port_bitmap[i / 32] & (1 << (i % 32))) 90 continue; 91 port_bitmap[i / 32] |= 1 << (i % 32); 92 pid += i << 22; 93 break; 94 } 95 96 nl_socket_set_local_port(handle, pid); 97 98 return handle; 99} 100 101static void nl80211_handle_destroy(struct nl_handle *handle) 102{ 103 uint32_t port = nl_socket_get_local_port(handle); 104 105 port >>= 22; 106 port_bitmap[port / 32] &= ~(1 << (port % 32)); 107 108 nl_handle_destroy(handle); 109} 110#endif /* CONFIG_LIBNL20 */ 111 112 113#ifdef ANDROID 114/* system/core/libnl_2 does not include nl_socket_set_nonblocking() */ 115static int android_nl_socket_set_nonblocking(struct nl_handle *handle) 116{ 117 return fcntl(nl_socket_get_fd(handle), F_SETFL, O_NONBLOCK); 118} 119#undef nl_socket_set_nonblocking 120#define nl_socket_set_nonblocking(h) android_nl_socket_set_nonblocking(h) 121#endif /* ANDROID */ 122 123 124static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg) 125{ 126 struct nl_handle *handle; 127 128 handle = nl80211_handle_alloc(cb); 129 if (handle == NULL) { 130 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 131 "callbacks (%s)", dbg); 132 return NULL; 133 } 134 135 if (genl_connect(handle)) { 136 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 137 "netlink (%s)", dbg); 138 nl80211_handle_destroy(handle); 139 return NULL; 140 } 141 142 return handle; 143} 144 145 146static void nl_destroy_handles(struct nl_handle **handle) 147{ 148 if (*handle == NULL) 149 return; 150 nl80211_handle_destroy(*handle); 151 *handle = NULL; 152} 153 154 155#if __WORDSIZE == 64 156#define ELOOP_SOCKET_INVALID (intptr_t) 0x8888888888888889ULL 157#else 158#define ELOOP_SOCKET_INVALID (intptr_t) 0x88888889ULL 159#endif 160 161static void nl80211_register_eloop_read(struct nl_handle **handle, 162 eloop_sock_handler handler, 163 void *eloop_data) 164{ 165 nl_socket_set_nonblocking(*handle); 166 eloop_register_read_sock(nl_socket_get_fd(*handle), handler, 167 eloop_data, *handle); 168 *handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID); 169} 170 171 172static void nl80211_destroy_eloop_handle(struct nl_handle **handle) 173{ 174 *handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID); 175 eloop_unregister_read_sock(nl_socket_get_fd(*handle)); 176 nl_destroy_handles(handle); 177} 178 179 180#ifndef IFF_LOWER_UP 181#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 182#endif 183#ifndef IFF_DORMANT 184#define IFF_DORMANT 0x20000 /* driver signals dormant */ 185#endif 186 187#ifndef IF_OPER_DORMANT 188#define IF_OPER_DORMANT 5 189#endif 190#ifndef IF_OPER_UP 191#define IF_OPER_UP 6 192#endif 193 194struct nl80211_global { 195 struct dl_list interfaces; 196 int if_add_ifindex; 197 u64 if_add_wdevid; 198 int if_add_wdevid_set; 199 struct netlink_data *netlink; 200 struct nl_cb *nl_cb; 201 struct nl_handle *nl; 202 int nl80211_id; 203 int ioctl_sock; /* socket for ioctl() use */ 204 205 struct nl_handle *nl_event; 206}; 207 208struct nl80211_wiphy_data { 209 struct dl_list list; 210 struct dl_list bsss; 211 struct dl_list drvs; 212 213 struct nl_handle *nl_beacons; 214 struct nl_cb *nl_cb; 215 216 int wiphy_idx; 217}; 218 219static void nl80211_global_deinit(void *priv); 220 221struct i802_bss { 222 struct wpa_driver_nl80211_data *drv; 223 struct i802_bss *next; 224 int ifindex; 225 u64 wdev_id; 226 char ifname[IFNAMSIZ + 1]; 227 char brname[IFNAMSIZ]; 228 unsigned int beacon_set:1; 229 unsigned int added_if_into_bridge:1; 230 unsigned int added_bridge:1; 231 unsigned int in_deinit:1; 232 unsigned int wdev_id_set:1; 233 unsigned int added_if:1; 234 235 u8 addr[ETH_ALEN]; 236 237 int freq; 238 int if_dynamic; 239 240 void *ctx; 241 struct nl_handle *nl_preq, *nl_mgmt; 242 struct nl_cb *nl_cb; 243 244 struct nl80211_wiphy_data *wiphy_data; 245 struct dl_list wiphy_list; 246}; 247 248struct wpa_driver_nl80211_data { 249 struct nl80211_global *global; 250 struct dl_list list; 251 struct dl_list wiphy_list; 252 char phyname[32]; 253 void *ctx; 254 int ifindex; 255 int if_removed; 256 int if_disabled; 257 int ignore_if_down_event; 258 struct rfkill_data *rfkill; 259 struct wpa_driver_capa capa; 260 u8 *extended_capa, *extended_capa_mask; 261 unsigned int extended_capa_len; 262 int has_capability; 263 264 int operstate; 265 266 int scan_complete_events; 267 enum scan_states { 268 NO_SCAN, SCAN_REQUESTED, SCAN_STARTED, SCAN_COMPLETED, 269 SCAN_ABORTED, SCHED_SCAN_STARTED, SCHED_SCAN_STOPPED, 270 SCHED_SCAN_RESULTS 271 } scan_state; 272 273 struct nl_cb *nl_cb; 274 275 u8 auth_bssid[ETH_ALEN]; 276 u8 auth_attempt_bssid[ETH_ALEN]; 277 u8 bssid[ETH_ALEN]; 278 u8 prev_bssid[ETH_ALEN]; 279 int associated; 280 u8 ssid[32]; 281 size_t ssid_len; 282 enum nl80211_iftype nlmode; 283 enum nl80211_iftype ap_scan_as_station; 284 unsigned int assoc_freq; 285 286 int monitor_sock; 287 int monitor_ifidx; 288 int monitor_refcount; 289 290 unsigned int disabled_11b_rates:1; 291 unsigned int pending_remain_on_chan:1; 292 unsigned int in_interface_list:1; 293 unsigned int device_ap_sme:1; 294 unsigned int poll_command_supported:1; 295 unsigned int data_tx_status:1; 296 unsigned int scan_for_auth:1; 297 unsigned int retry_auth:1; 298 unsigned int use_monitor:1; 299 unsigned int ignore_next_local_disconnect:1; 300 unsigned int allow_p2p_device:1; 301 unsigned int hostapd:1; 302 unsigned int start_mode_ap:1; 303 unsigned int start_iface_up:1; 304 305 u64 remain_on_chan_cookie; 306 u64 send_action_cookie; 307 308 unsigned int last_mgmt_freq; 309 310 struct wpa_driver_scan_filter *filter_ssids; 311 size_t num_filter_ssids; 312 313 struct i802_bss *first_bss; 314 315 int eapol_tx_sock; 316 317 int eapol_sock; /* socket for EAPOL frames */ 318 319 int default_if_indices[16]; 320 int *if_indices; 321 int num_if_indices; 322 323 /* From failed authentication command */ 324 int auth_freq; 325 u8 auth_bssid_[ETH_ALEN]; 326 u8 auth_ssid[32]; 327 size_t auth_ssid_len; 328 int auth_alg; 329 u8 *auth_ie; 330 size_t auth_ie_len; 331 u8 auth_wep_key[4][16]; 332 size_t auth_wep_key_len[4]; 333 int auth_wep_tx_keyidx; 334 int auth_local_state_change; 335 int auth_p2p; 336}; 337 338 339static void wpa_driver_nl80211_deinit(struct i802_bss *bss); 340static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 341 void *timeout_ctx); 342static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 343 enum nl80211_iftype nlmode); 344static int 345wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv, 346 const u8 *set_addr, int first); 347static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 348 const u8 *addr, int cmd, u16 reason_code, 349 int local_state_change); 350static void nl80211_remove_monitor_interface( 351 struct wpa_driver_nl80211_data *drv); 352static int nl80211_send_frame_cmd(struct i802_bss *bss, 353 unsigned int freq, unsigned int wait, 354 const u8 *buf, size_t buf_len, u64 *cookie, 355 int no_cck, int no_ack, int offchanok); 356static int nl80211_register_frame(struct i802_bss *bss, 357 struct nl_handle *hl_handle, 358 u16 type, const u8 *match, size_t match_len); 359static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, 360 int report); 361#ifdef ANDROID 362static int android_pno_start(struct i802_bss *bss, 363 struct wpa_driver_scan_params *params); 364static int android_pno_stop(struct i802_bss *bss); 365extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf, 366 size_t buf_len); 367#endif /* ANDROID */ 368#ifdef ANDROID_P2P 369int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration); 370int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len); 371int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow); 372int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon, 373 const struct wpabuf *proberesp, 374 const struct wpabuf *assocresp); 375#endif /* ANDROID_P2P */ 376 377static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 378static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 379static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 380static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, 381 enum wpa_driver_if_type type, 382 const char *ifname); 383 384static int wpa_driver_nl80211_set_freq(struct i802_bss *bss, 385 struct hostapd_freq_params *freq); 386static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 387 int ifindex, int disabled); 388 389static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv); 390static int wpa_driver_nl80211_authenticate_retry( 391 struct wpa_driver_nl80211_data *drv); 392 393static int i802_set_iface_flags(struct i802_bss *bss, int up); 394 395 396static const char * nl80211_command_to_string(enum nl80211_commands cmd) 397{ 398#define C2S(x) case x: return #x; 399 switch (cmd) { 400 C2S(NL80211_CMD_UNSPEC) 401 C2S(NL80211_CMD_GET_WIPHY) 402 C2S(NL80211_CMD_SET_WIPHY) 403 C2S(NL80211_CMD_NEW_WIPHY) 404 C2S(NL80211_CMD_DEL_WIPHY) 405 C2S(NL80211_CMD_GET_INTERFACE) 406 C2S(NL80211_CMD_SET_INTERFACE) 407 C2S(NL80211_CMD_NEW_INTERFACE) 408 C2S(NL80211_CMD_DEL_INTERFACE) 409 C2S(NL80211_CMD_GET_KEY) 410 C2S(NL80211_CMD_SET_KEY) 411 C2S(NL80211_CMD_NEW_KEY) 412 C2S(NL80211_CMD_DEL_KEY) 413 C2S(NL80211_CMD_GET_BEACON) 414 C2S(NL80211_CMD_SET_BEACON) 415 C2S(NL80211_CMD_START_AP) 416 C2S(NL80211_CMD_STOP_AP) 417 C2S(NL80211_CMD_GET_STATION) 418 C2S(NL80211_CMD_SET_STATION) 419 C2S(NL80211_CMD_NEW_STATION) 420 C2S(NL80211_CMD_DEL_STATION) 421 C2S(NL80211_CMD_GET_MPATH) 422 C2S(NL80211_CMD_SET_MPATH) 423 C2S(NL80211_CMD_NEW_MPATH) 424 C2S(NL80211_CMD_DEL_MPATH) 425 C2S(NL80211_CMD_SET_BSS) 426 C2S(NL80211_CMD_SET_REG) 427 C2S(NL80211_CMD_REQ_SET_REG) 428 C2S(NL80211_CMD_GET_MESH_CONFIG) 429 C2S(NL80211_CMD_SET_MESH_CONFIG) 430 C2S(NL80211_CMD_SET_MGMT_EXTRA_IE) 431 C2S(NL80211_CMD_GET_REG) 432 C2S(NL80211_CMD_GET_SCAN) 433 C2S(NL80211_CMD_TRIGGER_SCAN) 434 C2S(NL80211_CMD_NEW_SCAN_RESULTS) 435 C2S(NL80211_CMD_SCAN_ABORTED) 436 C2S(NL80211_CMD_REG_CHANGE) 437 C2S(NL80211_CMD_AUTHENTICATE) 438 C2S(NL80211_CMD_ASSOCIATE) 439 C2S(NL80211_CMD_DEAUTHENTICATE) 440 C2S(NL80211_CMD_DISASSOCIATE) 441 C2S(NL80211_CMD_MICHAEL_MIC_FAILURE) 442 C2S(NL80211_CMD_REG_BEACON_HINT) 443 C2S(NL80211_CMD_JOIN_IBSS) 444 C2S(NL80211_CMD_LEAVE_IBSS) 445 C2S(NL80211_CMD_TESTMODE) 446 C2S(NL80211_CMD_CONNECT) 447 C2S(NL80211_CMD_ROAM) 448 C2S(NL80211_CMD_DISCONNECT) 449 C2S(NL80211_CMD_SET_WIPHY_NETNS) 450 C2S(NL80211_CMD_GET_SURVEY) 451 C2S(NL80211_CMD_NEW_SURVEY_RESULTS) 452 C2S(NL80211_CMD_SET_PMKSA) 453 C2S(NL80211_CMD_DEL_PMKSA) 454 C2S(NL80211_CMD_FLUSH_PMKSA) 455 C2S(NL80211_CMD_REMAIN_ON_CHANNEL) 456 C2S(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL) 457 C2S(NL80211_CMD_SET_TX_BITRATE_MASK) 458 C2S(NL80211_CMD_REGISTER_FRAME) 459 C2S(NL80211_CMD_FRAME) 460 C2S(NL80211_CMD_FRAME_TX_STATUS) 461 C2S(NL80211_CMD_SET_POWER_SAVE) 462 C2S(NL80211_CMD_GET_POWER_SAVE) 463 C2S(NL80211_CMD_SET_CQM) 464 C2S(NL80211_CMD_NOTIFY_CQM) 465 C2S(NL80211_CMD_SET_CHANNEL) 466 C2S(NL80211_CMD_SET_WDS_PEER) 467 C2S(NL80211_CMD_FRAME_WAIT_CANCEL) 468 C2S(NL80211_CMD_JOIN_MESH) 469 C2S(NL80211_CMD_LEAVE_MESH) 470 C2S(NL80211_CMD_UNPROT_DEAUTHENTICATE) 471 C2S(NL80211_CMD_UNPROT_DISASSOCIATE) 472 C2S(NL80211_CMD_NEW_PEER_CANDIDATE) 473 C2S(NL80211_CMD_GET_WOWLAN) 474 C2S(NL80211_CMD_SET_WOWLAN) 475 C2S(NL80211_CMD_START_SCHED_SCAN) 476 C2S(NL80211_CMD_STOP_SCHED_SCAN) 477 C2S(NL80211_CMD_SCHED_SCAN_RESULTS) 478 C2S(NL80211_CMD_SCHED_SCAN_STOPPED) 479 C2S(NL80211_CMD_SET_REKEY_OFFLOAD) 480 C2S(NL80211_CMD_PMKSA_CANDIDATE) 481 C2S(NL80211_CMD_TDLS_OPER) 482 C2S(NL80211_CMD_TDLS_MGMT) 483 C2S(NL80211_CMD_UNEXPECTED_FRAME) 484 C2S(NL80211_CMD_PROBE_CLIENT) 485 C2S(NL80211_CMD_REGISTER_BEACONS) 486 C2S(NL80211_CMD_UNEXPECTED_4ADDR_FRAME) 487 C2S(NL80211_CMD_SET_NOACK_MAP) 488 C2S(NL80211_CMD_CH_SWITCH_NOTIFY) 489 C2S(NL80211_CMD_START_P2P_DEVICE) 490 C2S(NL80211_CMD_STOP_P2P_DEVICE) 491 C2S(NL80211_CMD_CONN_FAILED) 492 C2S(NL80211_CMD_SET_MCAST_RATE) 493 C2S(NL80211_CMD_SET_MAC_ACL) 494 C2S(NL80211_CMD_RADAR_DETECT) 495 C2S(NL80211_CMD_GET_PROTOCOL_FEATURES) 496 C2S(NL80211_CMD_UPDATE_FT_IES) 497 C2S(NL80211_CMD_FT_EVENT) 498 C2S(NL80211_CMD_CRIT_PROTOCOL_START) 499 C2S(NL80211_CMD_CRIT_PROTOCOL_STOP) 500 C2S(NL80211_CMD_GET_COALESCE) 501 C2S(NL80211_CMD_SET_COALESCE) 502 C2S(NL80211_CMD_CHANNEL_SWITCH) 503 C2S(NL80211_CMD_VENDOR) 504 C2S(NL80211_CMD_SET_QOS_MAP) 505 default: 506 return "NL80211_CMD_UNKNOWN"; 507 } 508#undef C2S 509} 510 511 512/* Converts nl80211_chan_width to a common format */ 513static enum chan_width convert2width(int width) 514{ 515 switch (width) { 516 case NL80211_CHAN_WIDTH_20_NOHT: 517 return CHAN_WIDTH_20_NOHT; 518 case NL80211_CHAN_WIDTH_20: 519 return CHAN_WIDTH_20; 520 case NL80211_CHAN_WIDTH_40: 521 return CHAN_WIDTH_40; 522 case NL80211_CHAN_WIDTH_80: 523 return CHAN_WIDTH_80; 524 case NL80211_CHAN_WIDTH_80P80: 525 return CHAN_WIDTH_80P80; 526 case NL80211_CHAN_WIDTH_160: 527 return CHAN_WIDTH_160; 528 } 529 return CHAN_WIDTH_UNKNOWN; 530} 531 532 533static int is_ap_interface(enum nl80211_iftype nlmode) 534{ 535 return (nlmode == NL80211_IFTYPE_AP || 536 nlmode == NL80211_IFTYPE_P2P_GO); 537} 538 539 540static int is_sta_interface(enum nl80211_iftype nlmode) 541{ 542 return (nlmode == NL80211_IFTYPE_STATION || 543 nlmode == NL80211_IFTYPE_P2P_CLIENT); 544} 545 546 547static int is_p2p_net_interface(enum nl80211_iftype nlmode) 548{ 549 return (nlmode == NL80211_IFTYPE_P2P_CLIENT || 550 nlmode == NL80211_IFTYPE_P2P_GO); 551} 552 553 554static void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv) 555{ 556 if (drv->associated) 557 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 558 drv->associated = 0; 559 os_memset(drv->bssid, 0, ETH_ALEN); 560} 561 562 563struct nl80211_bss_info_arg { 564 struct wpa_driver_nl80211_data *drv; 565 struct wpa_scan_results *res; 566 unsigned int assoc_freq; 567 u8 assoc_bssid[ETH_ALEN]; 568}; 569 570static int bss_info_handler(struct nl_msg *msg, void *arg); 571 572 573/* nl80211 code */ 574static int ack_handler(struct nl_msg *msg, void *arg) 575{ 576 int *err = arg; 577 *err = 0; 578 return NL_STOP; 579} 580 581static int finish_handler(struct nl_msg *msg, void *arg) 582{ 583 int *ret = arg; 584 *ret = 0; 585 return NL_SKIP; 586} 587 588static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 589 void *arg) 590{ 591 int *ret = arg; 592 *ret = err->error; 593 return NL_SKIP; 594} 595 596 597static int no_seq_check(struct nl_msg *msg, void *arg) 598{ 599 return NL_OK; 600} 601 602 603static int send_and_recv(struct nl80211_global *global, 604 struct nl_handle *nl_handle, struct nl_msg *msg, 605 int (*valid_handler)(struct nl_msg *, void *), 606 void *valid_data) 607{ 608 struct nl_cb *cb; 609 int err = -ENOMEM; 610 611 cb = nl_cb_clone(global->nl_cb); 612 if (!cb) 613 goto out; 614 615 err = nl_send_auto_complete(nl_handle, msg); 616 if (err < 0) 617 goto out; 618 619 err = 1; 620 621 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 622 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 623 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 624 625 if (valid_handler) 626 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 627 valid_handler, valid_data); 628 629 while (err > 0) { 630 int res = nl_recvmsgs(nl_handle, cb); 631 if (res) { 632 wpa_printf(MSG_INFO, 633 "nl80211: %s->nl_recvmsgs failed: %d", 634 __func__, res); 635 } 636 } 637 out: 638 nl_cb_put(cb); 639 nlmsg_free(msg); 640 return err; 641} 642 643 644static int send_and_recv_msgs_global(struct nl80211_global *global, 645 struct nl_msg *msg, 646 int (*valid_handler)(struct nl_msg *, void *), 647 void *valid_data) 648{ 649 return send_and_recv(global, global->nl, msg, valid_handler, 650 valid_data); 651} 652 653 654static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 655 struct nl_msg *msg, 656 int (*valid_handler)(struct nl_msg *, void *), 657 void *valid_data) 658{ 659 return send_and_recv(drv->global, drv->global->nl, msg, 660 valid_handler, valid_data); 661} 662 663 664struct family_data { 665 const char *group; 666 int id; 667}; 668 669 670static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss) 671{ 672 if (bss->wdev_id_set) 673 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 674 else 675 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 676 return 0; 677 678nla_put_failure: 679 return -1; 680} 681 682 683static int family_handler(struct nl_msg *msg, void *arg) 684{ 685 struct family_data *res = arg; 686 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 687 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 688 struct nlattr *mcgrp; 689 int i; 690 691 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 692 genlmsg_attrlen(gnlh, 0), NULL); 693 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 694 return NL_SKIP; 695 696 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 697 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 698 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 699 nla_len(mcgrp), NULL); 700 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 701 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 702 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 703 res->group, 704 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 705 continue; 706 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 707 break; 708 }; 709 710 return NL_SKIP; 711} 712 713 714static int nl_get_multicast_id(struct nl80211_global *global, 715 const char *family, const char *group) 716{ 717 struct nl_msg *msg; 718 int ret = -1; 719 struct family_data res = { group, -ENOENT }; 720 721 msg = nlmsg_alloc(); 722 if (!msg) 723 return -ENOMEM; 724 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"), 725 0, 0, CTRL_CMD_GETFAMILY, 0); 726 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 727 728 ret = send_and_recv_msgs_global(global, msg, family_handler, &res); 729 msg = NULL; 730 if (ret == 0) 731 ret = res.id; 732 733nla_put_failure: 734 nlmsg_free(msg); 735 return ret; 736} 737 738 739static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv, 740 struct nl_msg *msg, int flags, uint8_t cmd) 741{ 742 return genlmsg_put(msg, 0, 0, drv->global->nl80211_id, 743 0, flags, cmd, 0); 744} 745 746 747struct wiphy_idx_data { 748 int wiphy_idx; 749 enum nl80211_iftype nlmode; 750 u8 *macaddr; 751}; 752 753 754static int netdev_info_handler(struct nl_msg *msg, void *arg) 755{ 756 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 757 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 758 struct wiphy_idx_data *info = arg; 759 760 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 761 genlmsg_attrlen(gnlh, 0), NULL); 762 763 if (tb[NL80211_ATTR_WIPHY]) 764 info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 765 766 if (tb[NL80211_ATTR_IFTYPE]) 767 info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]); 768 769 if (tb[NL80211_ATTR_MAC] && info->macaddr) 770 os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]), 771 ETH_ALEN); 772 773 return NL_SKIP; 774} 775 776 777static int nl80211_get_wiphy_index(struct i802_bss *bss) 778{ 779 struct nl_msg *msg; 780 struct wiphy_idx_data data = { 781 .wiphy_idx = -1, 782 .macaddr = NULL, 783 }; 784 785 msg = nlmsg_alloc(); 786 if (!msg) 787 return NL80211_IFTYPE_UNSPECIFIED; 788 789 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 790 791 if (nl80211_set_iface_id(msg, bss) < 0) 792 goto nla_put_failure; 793 794 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 795 return data.wiphy_idx; 796 msg = NULL; 797nla_put_failure: 798 nlmsg_free(msg); 799 return -1; 800} 801 802 803static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss) 804{ 805 struct nl_msg *msg; 806 struct wiphy_idx_data data = { 807 .nlmode = NL80211_IFTYPE_UNSPECIFIED, 808 .macaddr = NULL, 809 }; 810 811 msg = nlmsg_alloc(); 812 if (!msg) 813 return -1; 814 815 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 816 817 if (nl80211_set_iface_id(msg, bss) < 0) 818 goto nla_put_failure; 819 820 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 821 return data.nlmode; 822 msg = NULL; 823nla_put_failure: 824 nlmsg_free(msg); 825 return NL80211_IFTYPE_UNSPECIFIED; 826} 827 828 829static int nl80211_get_macaddr(struct i802_bss *bss) 830{ 831 struct nl_msg *msg; 832 struct wiphy_idx_data data = { 833 .macaddr = bss->addr, 834 }; 835 836 msg = nlmsg_alloc(); 837 if (!msg) 838 return NL80211_IFTYPE_UNSPECIFIED; 839 840 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 841 if (nl80211_set_iface_id(msg, bss) < 0) 842 goto nla_put_failure; 843 844 return send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data); 845 846nla_put_failure: 847 nlmsg_free(msg); 848 return NL80211_IFTYPE_UNSPECIFIED; 849} 850 851 852static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv, 853 struct nl80211_wiphy_data *w) 854{ 855 struct nl_msg *msg; 856 int ret = -1; 857 858 msg = nlmsg_alloc(); 859 if (!msg) 860 return -1; 861 862 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS); 863 864 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx); 865 866 ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL); 867 msg = NULL; 868 if (ret) { 869 wpa_printf(MSG_DEBUG, "nl80211: Register beacons command " 870 "failed: ret=%d (%s)", 871 ret, strerror(-ret)); 872 goto nla_put_failure; 873 } 874 ret = 0; 875nla_put_failure: 876 nlmsg_free(msg); 877 return ret; 878} 879 880 881static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle) 882{ 883 struct nl80211_wiphy_data *w = eloop_ctx; 884 int res; 885 886 wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available"); 887 888 res = nl_recvmsgs(handle, w->nl_cb); 889 if (res) { 890 wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d", 891 __func__, res); 892 } 893} 894 895 896static int process_beacon_event(struct nl_msg *msg, void *arg) 897{ 898 struct nl80211_wiphy_data *w = arg; 899 struct wpa_driver_nl80211_data *drv; 900 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 901 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 902 union wpa_event_data event; 903 904 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 905 genlmsg_attrlen(gnlh, 0), NULL); 906 907 if (gnlh->cmd != NL80211_CMD_FRAME) { 908 wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)", 909 gnlh->cmd); 910 return NL_SKIP; 911 } 912 913 if (!tb[NL80211_ATTR_FRAME]) 914 return NL_SKIP; 915 916 dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data, 917 wiphy_list) { 918 os_memset(&event, 0, sizeof(event)); 919 event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]); 920 event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]); 921 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 922 } 923 924 return NL_SKIP; 925} 926 927 928static struct nl80211_wiphy_data * 929nl80211_get_wiphy_data_ap(struct i802_bss *bss) 930{ 931 static DEFINE_DL_LIST(nl80211_wiphys); 932 struct nl80211_wiphy_data *w; 933 int wiphy_idx, found = 0; 934 struct i802_bss *tmp_bss; 935 936 if (bss->wiphy_data != NULL) 937 return bss->wiphy_data; 938 939 wiphy_idx = nl80211_get_wiphy_index(bss); 940 941 dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) { 942 if (w->wiphy_idx == wiphy_idx) 943 goto add; 944 } 945 946 /* alloc new one */ 947 w = os_zalloc(sizeof(*w)); 948 if (w == NULL) 949 return NULL; 950 w->wiphy_idx = wiphy_idx; 951 dl_list_init(&w->bsss); 952 dl_list_init(&w->drvs); 953 954 w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 955 if (!w->nl_cb) { 956 os_free(w); 957 return NULL; 958 } 959 nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 960 nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event, 961 w); 962 963 w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb, 964 "wiphy beacons"); 965 if (w->nl_beacons == NULL) { 966 os_free(w); 967 return NULL; 968 } 969 970 if (nl80211_register_beacons(bss->drv, w)) { 971 nl_destroy_handles(&w->nl_beacons); 972 os_free(w); 973 return NULL; 974 } 975 976 nl80211_register_eloop_read(&w->nl_beacons, nl80211_recv_beacons, w); 977 978 dl_list_add(&nl80211_wiphys, &w->list); 979 980add: 981 /* drv entry for this bss already there? */ 982 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 983 if (tmp_bss->drv == bss->drv) { 984 found = 1; 985 break; 986 } 987 } 988 /* if not add it */ 989 if (!found) 990 dl_list_add(&w->drvs, &bss->drv->wiphy_list); 991 992 dl_list_add(&w->bsss, &bss->wiphy_list); 993 bss->wiphy_data = w; 994 return w; 995} 996 997 998static void nl80211_put_wiphy_data_ap(struct i802_bss *bss) 999{ 1000 struct nl80211_wiphy_data *w = bss->wiphy_data; 1001 struct i802_bss *tmp_bss; 1002 int found = 0; 1003 1004 if (w == NULL) 1005 return; 1006 bss->wiphy_data = NULL; 1007 dl_list_del(&bss->wiphy_list); 1008 1009 /* still any for this drv present? */ 1010 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 1011 if (tmp_bss->drv == bss->drv) { 1012 found = 1; 1013 break; 1014 } 1015 } 1016 /* if not remove it */ 1017 if (!found) 1018 dl_list_del(&bss->drv->wiphy_list); 1019 1020 if (!dl_list_empty(&w->bsss)) 1021 return; 1022 1023 nl80211_destroy_eloop_handle(&w->nl_beacons); 1024 1025 nl_cb_put(w->nl_cb); 1026 dl_list_del(&w->list); 1027 os_free(w); 1028} 1029 1030 1031static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 1032{ 1033 struct i802_bss *bss = priv; 1034 struct wpa_driver_nl80211_data *drv = bss->drv; 1035 if (!drv->associated) 1036 return -1; 1037 os_memcpy(bssid, drv->bssid, ETH_ALEN); 1038 return 0; 1039} 1040 1041 1042static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 1043{ 1044 struct i802_bss *bss = priv; 1045 struct wpa_driver_nl80211_data *drv = bss->drv; 1046 if (!drv->associated) 1047 return -1; 1048 os_memcpy(ssid, drv->ssid, drv->ssid_len); 1049 return drv->ssid_len; 1050} 1051 1052 1053static void wpa_driver_nl80211_event_newlink( 1054 struct wpa_driver_nl80211_data *drv, char *ifname) 1055{ 1056 union wpa_event_data event; 1057 1058 if (os_strcmp(drv->first_bss->ifname, ifname) == 0) { 1059 if (if_nametoindex(drv->first_bss->ifname) == 0) { 1060 wpa_printf(MSG_DEBUG, "nl80211: Interface %s does not exist - ignore RTM_NEWLINK", 1061 drv->first_bss->ifname); 1062 return; 1063 } 1064 if (!drv->if_removed) 1065 return; 1066 wpa_printf(MSG_DEBUG, "nl80211: Mark if_removed=0 for %s based on RTM_NEWLINK event", 1067 drv->first_bss->ifname); 1068 drv->if_removed = 0; 1069 } 1070 1071 os_memset(&event, 0, sizeof(event)); 1072 os_strlcpy(event.interface_status.ifname, ifname, 1073 sizeof(event.interface_status.ifname)); 1074 event.interface_status.ievent = EVENT_INTERFACE_ADDED; 1075 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 1076} 1077 1078 1079static void wpa_driver_nl80211_event_dellink( 1080 struct wpa_driver_nl80211_data *drv, char *ifname) 1081{ 1082 union wpa_event_data event; 1083 1084 if (os_strcmp(drv->first_bss->ifname, ifname) == 0) { 1085 if (drv->if_removed) { 1086 wpa_printf(MSG_DEBUG, "nl80211: if_removed already set - ignore RTM_DELLINK event for %s", 1087 ifname); 1088 return; 1089 } 1090 wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed - mark if_removed=1", 1091 ifname); 1092 drv->if_removed = 1; 1093 } else { 1094 wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed", 1095 ifname); 1096 } 1097 1098 os_memset(&event, 0, sizeof(event)); 1099 os_strlcpy(event.interface_status.ifname, ifname, 1100 sizeof(event.interface_status.ifname)); 1101 event.interface_status.ievent = EVENT_INTERFACE_REMOVED; 1102 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 1103} 1104 1105 1106static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 1107 u8 *buf, size_t len) 1108{ 1109 int attrlen, rta_len; 1110 struct rtattr *attr; 1111 1112 attrlen = len; 1113 attr = (struct rtattr *) buf; 1114 1115 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 1116 while (RTA_OK(attr, attrlen)) { 1117 if (attr->rta_type == IFLA_IFNAME) { 1118 if (os_strcmp(((char *) attr) + rta_len, 1119 drv->first_bss->ifname) == 0) 1120 return 1; 1121 else 1122 break; 1123 } 1124 attr = RTA_NEXT(attr, attrlen); 1125 } 1126 1127 return 0; 1128} 1129 1130 1131static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 1132 int ifindex, u8 *buf, size_t len) 1133{ 1134 if (drv->ifindex == ifindex) 1135 return 1; 1136 1137 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 1138 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 1139 "interface"); 1140 wpa_driver_nl80211_finish_drv_init(drv, NULL, 0); 1141 return 1; 1142 } 1143 1144 return 0; 1145} 1146 1147 1148static struct wpa_driver_nl80211_data * 1149nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len) 1150{ 1151 struct wpa_driver_nl80211_data *drv; 1152 dl_list_for_each(drv, &global->interfaces, 1153 struct wpa_driver_nl80211_data, list) { 1154 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) || 1155 have_ifidx(drv, idx)) 1156 return drv; 1157 } 1158 return NULL; 1159} 1160 1161 1162static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 1163 struct ifinfomsg *ifi, 1164 u8 *buf, size_t len) 1165{ 1166 struct nl80211_global *global = ctx; 1167 struct wpa_driver_nl80211_data *drv; 1168 int attrlen; 1169 struct rtattr *attr; 1170 u32 brid = 0; 1171 char namebuf[IFNAMSIZ]; 1172 char ifname[IFNAMSIZ + 1]; 1173 char extra[100], *pos, *end; 1174 1175 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 1176 if (!drv) { 1177 wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_NEWLINK event for foreign ifindex %d", 1178 ifi->ifi_index); 1179 return; 1180 } 1181 1182 extra[0] = '\0'; 1183 pos = extra; 1184 end = pos + sizeof(extra); 1185 ifname[0] = '\0'; 1186 1187 attrlen = len; 1188 attr = (struct rtattr *) buf; 1189 while (RTA_OK(attr, attrlen)) { 1190 switch (attr->rta_type) { 1191 case IFLA_IFNAME: 1192 if (RTA_PAYLOAD(attr) >= IFNAMSIZ) 1193 break; 1194 os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); 1195 ifname[RTA_PAYLOAD(attr)] = '\0'; 1196 break; 1197 case IFLA_MASTER: 1198 brid = nla_get_u32((struct nlattr *) attr); 1199 pos += os_snprintf(pos, end - pos, " master=%u", brid); 1200 break; 1201 case IFLA_WIRELESS: 1202 pos += os_snprintf(pos, end - pos, " wext"); 1203 break; 1204 case IFLA_OPERSTATE: 1205 pos += os_snprintf(pos, end - pos, " operstate=%u", 1206 nla_get_u32((struct nlattr *) attr)); 1207 break; 1208 case IFLA_LINKMODE: 1209 pos += os_snprintf(pos, end - pos, " linkmode=%u", 1210 nla_get_u32((struct nlattr *) attr)); 1211 break; 1212 } 1213 attr = RTA_NEXT(attr, attrlen); 1214 } 1215 extra[sizeof(extra) - 1] = '\0'; 1216 1217 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: ifi_index=%d ifname=%s%s ifi_flags=0x%x (%s%s%s%s)", 1218 ifi->ifi_index, ifname, extra, ifi->ifi_flags, 1219 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 1220 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 1221 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 1222 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 1223 1224 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 1225 if (if_indextoname(ifi->ifi_index, namebuf) && 1226 linux_iface_up(drv->global->ioctl_sock, 1227 drv->first_bss->ifname) > 0) { 1228 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 1229 "event since interface %s is up", namebuf); 1230 return; 1231 } 1232 wpa_printf(MSG_DEBUG, "nl80211: Interface down"); 1233 if (drv->ignore_if_down_event) { 1234 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 1235 "event generated by mode change"); 1236 drv->ignore_if_down_event = 0; 1237 } else { 1238 drv->if_disabled = 1; 1239 wpa_supplicant_event(drv->ctx, 1240 EVENT_INTERFACE_DISABLED, NULL); 1241 } 1242 } 1243 1244 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 1245 if (if_indextoname(ifi->ifi_index, namebuf) && 1246 linux_iface_up(drv->global->ioctl_sock, 1247 drv->first_bss->ifname) == 0) { 1248 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1249 "event since interface %s is down", 1250 namebuf); 1251 } else if (if_nametoindex(drv->first_bss->ifname) == 0) { 1252 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1253 "event since interface %s does not exist", 1254 drv->first_bss->ifname); 1255 } else if (drv->if_removed) { 1256 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1257 "event since interface %s is marked " 1258 "removed", drv->first_bss->ifname); 1259 } else { 1260 wpa_printf(MSG_DEBUG, "nl80211: Interface up"); 1261 drv->if_disabled = 0; 1262 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, 1263 NULL); 1264 } 1265 } 1266 1267 /* 1268 * Some drivers send the association event before the operup event--in 1269 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 1270 * fails. This will hit us when wpa_supplicant does not need to do 1271 * IEEE 802.1X authentication 1272 */ 1273 if (drv->operstate == 1 && 1274 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 1275 !(ifi->ifi_flags & IFF_RUNNING)) { 1276 wpa_printf(MSG_DEBUG, "nl80211: Set IF_OPER_UP again based on ifi_flags and expected operstate"); 1277 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 1278 -1, IF_OPER_UP); 1279 } 1280 1281 if (ifname[0]) 1282 wpa_driver_nl80211_event_newlink(drv, ifname); 1283 1284 if (ifi->ifi_family == AF_BRIDGE && brid) { 1285 /* device has been added to bridge */ 1286 if_indextoname(brid, namebuf); 1287 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 1288 brid, namebuf); 1289 add_ifidx(drv, brid); 1290 } 1291} 1292 1293 1294static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 1295 struct ifinfomsg *ifi, 1296 u8 *buf, size_t len) 1297{ 1298 struct nl80211_global *global = ctx; 1299 struct wpa_driver_nl80211_data *drv; 1300 int attrlen; 1301 struct rtattr *attr; 1302 u32 brid = 0; 1303 char ifname[IFNAMSIZ + 1]; 1304 1305 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 1306 if (!drv) { 1307 wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_DELLINK event for foreign ifindex %d", 1308 ifi->ifi_index); 1309 return; 1310 } 1311 1312 ifname[0] = '\0'; 1313 1314 attrlen = len; 1315 attr = (struct rtattr *) buf; 1316 while (RTA_OK(attr, attrlen)) { 1317 switch (attr->rta_type) { 1318 case IFLA_IFNAME: 1319 if (RTA_PAYLOAD(attr) >= IFNAMSIZ) 1320 break; 1321 os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); 1322 ifname[RTA_PAYLOAD(attr)] = '\0'; 1323 break; 1324 case IFLA_MASTER: 1325 brid = nla_get_u32((struct nlattr *) attr); 1326 break; 1327 } 1328 attr = RTA_NEXT(attr, attrlen); 1329 } 1330 1331 if (ifname[0]) 1332 wpa_driver_nl80211_event_dellink(drv, ifname); 1333 1334 if (ifi->ifi_family == AF_BRIDGE && brid) { 1335 /* device has been removed from bridge */ 1336 char namebuf[IFNAMSIZ]; 1337 if_indextoname(brid, namebuf); 1338 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 1339 "%s", brid, namebuf); 1340 del_ifidx(drv, brid); 1341 } 1342} 1343 1344 1345static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 1346 const u8 *frame, size_t len) 1347{ 1348 const struct ieee80211_mgmt *mgmt; 1349 union wpa_event_data event; 1350 1351 wpa_printf(MSG_DEBUG, "nl80211: Authenticate event"); 1352 mgmt = (const struct ieee80211_mgmt *) frame; 1353 if (len < 24 + sizeof(mgmt->u.auth)) { 1354 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1355 "frame"); 1356 return; 1357 } 1358 1359 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 1360 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 1361 os_memset(&event, 0, sizeof(event)); 1362 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 1363 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 1364 event.auth.auth_transaction = 1365 le_to_host16(mgmt->u.auth.auth_transaction); 1366 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 1367 if (len > 24 + sizeof(mgmt->u.auth)) { 1368 event.auth.ies = mgmt->u.auth.variable; 1369 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 1370 } 1371 1372 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 1373} 1374 1375 1376static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv) 1377{ 1378 struct nl_msg *msg; 1379 int ret; 1380 struct nl80211_bss_info_arg arg; 1381 1382 os_memset(&arg, 0, sizeof(arg)); 1383 msg = nlmsg_alloc(); 1384 if (!msg) 1385 goto nla_put_failure; 1386 1387 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 1388 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1389 1390 arg.drv = drv; 1391 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 1392 msg = NULL; 1393 if (ret == 0) { 1394 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the " 1395 "associated BSS from scan results: %u MHz", 1396 arg.assoc_freq); 1397 if (arg.assoc_freq) 1398 drv->assoc_freq = arg.assoc_freq; 1399 return drv->assoc_freq; 1400 } 1401 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 1402 "(%s)", ret, strerror(-ret)); 1403nla_put_failure: 1404 nlmsg_free(msg); 1405 return drv->assoc_freq; 1406} 1407 1408 1409static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 1410 const u8 *frame, size_t len) 1411{ 1412 const struct ieee80211_mgmt *mgmt; 1413 union wpa_event_data event; 1414 u16 status; 1415 1416 wpa_printf(MSG_DEBUG, "nl80211: Associate event"); 1417 mgmt = (const struct ieee80211_mgmt *) frame; 1418 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 1419 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1420 "frame"); 1421 return; 1422 } 1423 1424 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1425 if (status != WLAN_STATUS_SUCCESS) { 1426 os_memset(&event, 0, sizeof(event)); 1427 event.assoc_reject.bssid = mgmt->bssid; 1428 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1429 event.assoc_reject.resp_ies = 1430 (u8 *) mgmt->u.assoc_resp.variable; 1431 event.assoc_reject.resp_ies_len = 1432 len - 24 - sizeof(mgmt->u.assoc_resp); 1433 } 1434 event.assoc_reject.status_code = status; 1435 1436 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1437 return; 1438 } 1439 1440 drv->associated = 1; 1441 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 1442 os_memcpy(drv->prev_bssid, mgmt->sa, ETH_ALEN); 1443 1444 os_memset(&event, 0, sizeof(event)); 1445 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1446 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 1447 event.assoc_info.resp_ies_len = 1448 len - 24 - sizeof(mgmt->u.assoc_resp); 1449 } 1450 1451 event.assoc_info.freq = drv->assoc_freq; 1452 1453 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1454} 1455 1456 1457static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 1458 enum nl80211_commands cmd, struct nlattr *status, 1459 struct nlattr *addr, struct nlattr *req_ie, 1460 struct nlattr *resp_ie) 1461{ 1462 union wpa_event_data event; 1463 1464 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1465 /* 1466 * Avoid reporting two association events that would confuse 1467 * the core code. 1468 */ 1469 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 1470 "when using userspace SME", cmd); 1471 return; 1472 } 1473 1474 if (cmd == NL80211_CMD_CONNECT) 1475 wpa_printf(MSG_DEBUG, "nl80211: Connect event"); 1476 else if (cmd == NL80211_CMD_ROAM) 1477 wpa_printf(MSG_DEBUG, "nl80211: Roam event"); 1478 1479 os_memset(&event, 0, sizeof(event)); 1480 if (cmd == NL80211_CMD_CONNECT && 1481 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 1482 if (addr) 1483 event.assoc_reject.bssid = nla_data(addr); 1484 if (resp_ie) { 1485 event.assoc_reject.resp_ies = nla_data(resp_ie); 1486 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 1487 } 1488 event.assoc_reject.status_code = nla_get_u16(status); 1489 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1490 return; 1491 } 1492 1493 drv->associated = 1; 1494 if (addr) { 1495 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 1496 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 1497 } 1498 1499 if (req_ie) { 1500 event.assoc_info.req_ies = nla_data(req_ie); 1501 event.assoc_info.req_ies_len = nla_len(req_ie); 1502 } 1503 if (resp_ie) { 1504 event.assoc_info.resp_ies = nla_data(resp_ie); 1505 event.assoc_info.resp_ies_len = nla_len(resp_ie); 1506 } 1507 1508 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 1509 1510 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1511} 1512 1513 1514static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv, 1515 struct nlattr *reason, struct nlattr *addr, 1516 struct nlattr *by_ap) 1517{ 1518 union wpa_event_data data; 1519 unsigned int locally_generated = by_ap == NULL; 1520 1521 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1522 /* 1523 * Avoid reporting two disassociation events that could 1524 * confuse the core code. 1525 */ 1526 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1527 "event when using userspace SME"); 1528 return; 1529 } 1530 1531 if (drv->ignore_next_local_disconnect) { 1532 drv->ignore_next_local_disconnect = 0; 1533 if (locally_generated) { 1534 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1535 "event triggered during reassociation"); 1536 return; 1537 } 1538 wpa_printf(MSG_WARNING, "nl80211: Was expecting local " 1539 "disconnect but got another disconnect " 1540 "event first"); 1541 } 1542 1543 wpa_printf(MSG_DEBUG, "nl80211: Disconnect event"); 1544 nl80211_mark_disconnected(drv); 1545 os_memset(&data, 0, sizeof(data)); 1546 if (reason) 1547 data.deauth_info.reason_code = nla_get_u16(reason); 1548 data.deauth_info.locally_generated = by_ap == NULL; 1549 wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, &data); 1550} 1551 1552 1553static int calculate_chan_offset(int width, int freq, int cf1, int cf2) 1554{ 1555 int freq1 = 0; 1556 1557 switch (convert2width(width)) { 1558 case CHAN_WIDTH_20_NOHT: 1559 case CHAN_WIDTH_20: 1560 return 0; 1561 case CHAN_WIDTH_40: 1562 freq1 = cf1 - 10; 1563 break; 1564 case CHAN_WIDTH_80: 1565 freq1 = cf1 - 30; 1566 break; 1567 case CHAN_WIDTH_160: 1568 freq1 = cf1 - 70; 1569 break; 1570 case CHAN_WIDTH_UNKNOWN: 1571 case CHAN_WIDTH_80P80: 1572 /* FIXME: implement this */ 1573 return 0; 1574 } 1575 1576 return (abs(freq - freq1) / 20) % 2 == 0 ? 1 : -1; 1577} 1578 1579 1580static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv, 1581 struct nlattr *ifindex, struct nlattr *freq, 1582 struct nlattr *type, struct nlattr *bw, 1583 struct nlattr *cf1, struct nlattr *cf2) 1584{ 1585 struct i802_bss *bss; 1586 union wpa_event_data data; 1587 int ht_enabled = 1; 1588 int chan_offset = 0; 1589 int ifidx; 1590 1591 wpa_printf(MSG_DEBUG, "nl80211: Channel switch event"); 1592 1593 if (!freq) 1594 return; 1595 1596 ifidx = nla_get_u32(ifindex); 1597 for (bss = drv->first_bss; bss; bss = bss->next) 1598 if (bss->ifindex == ifidx) 1599 break; 1600 1601 if (bss == NULL) { 1602 wpa_printf(MSG_WARNING, "nl80211: Unknown ifindex (%d) for channel switch, ignoring", 1603 ifidx); 1604 return; 1605 } 1606 1607 if (type) { 1608 switch (nla_get_u32(type)) { 1609 case NL80211_CHAN_NO_HT: 1610 ht_enabled = 0; 1611 break; 1612 case NL80211_CHAN_HT20: 1613 break; 1614 case NL80211_CHAN_HT40PLUS: 1615 chan_offset = 1; 1616 break; 1617 case NL80211_CHAN_HT40MINUS: 1618 chan_offset = -1; 1619 break; 1620 } 1621 } else if (bw && cf1) { 1622 /* This can happen for example with VHT80 ch switch */ 1623 chan_offset = calculate_chan_offset(nla_get_u32(bw), 1624 nla_get_u32(freq), 1625 nla_get_u32(cf1), 1626 cf2 ? nla_get_u32(cf2) : 0); 1627 } else { 1628 wpa_printf(MSG_WARNING, "nl80211: Unknown secondary channel information - following channel definition calculations may fail"); 1629 } 1630 1631 os_memset(&data, 0, sizeof(data)); 1632 data.ch_switch.freq = nla_get_u32(freq); 1633 data.ch_switch.ht_enabled = ht_enabled; 1634 data.ch_switch.ch_offset = chan_offset; 1635 if (bw) 1636 data.ch_switch.ch_width = convert2width(nla_get_u32(bw)); 1637 if (cf1) 1638 data.ch_switch.cf1 = nla_get_u32(cf1); 1639 if (cf2) 1640 data.ch_switch.cf2 = nla_get_u32(cf2); 1641 1642 bss->freq = data.ch_switch.freq; 1643 1644 wpa_supplicant_event(drv->ctx, EVENT_CH_SWITCH, &data); 1645} 1646 1647 1648static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 1649 enum nl80211_commands cmd, struct nlattr *addr) 1650{ 1651 union wpa_event_data event; 1652 enum wpa_event_type ev; 1653 1654 if (nla_len(addr) != ETH_ALEN) 1655 return; 1656 1657 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 1658 cmd, MAC2STR((u8 *) nla_data(addr))); 1659 1660 if (cmd == NL80211_CMD_AUTHENTICATE) 1661 ev = EVENT_AUTH_TIMED_OUT; 1662 else if (cmd == NL80211_CMD_ASSOCIATE) 1663 ev = EVENT_ASSOC_TIMED_OUT; 1664 else 1665 return; 1666 1667 os_memset(&event, 0, sizeof(event)); 1668 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 1669 wpa_supplicant_event(drv->ctx, ev, &event); 1670} 1671 1672 1673static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv, 1674 struct nlattr *freq, struct nlattr *sig, 1675 const u8 *frame, size_t len) 1676{ 1677 const struct ieee80211_mgmt *mgmt; 1678 union wpa_event_data event; 1679 u16 fc, stype; 1680 int ssi_signal = 0; 1681 int rx_freq = 0; 1682 1683 wpa_printf(MSG_MSGDUMP, "nl80211: Frame event"); 1684 mgmt = (const struct ieee80211_mgmt *) frame; 1685 if (len < 24) { 1686 wpa_printf(MSG_DEBUG, "nl80211: Too short management frame"); 1687 return; 1688 } 1689 1690 fc = le_to_host16(mgmt->frame_control); 1691 stype = WLAN_FC_GET_STYPE(fc); 1692 1693 if (sig) 1694 ssi_signal = (s32) nla_get_u32(sig); 1695 1696 os_memset(&event, 0, sizeof(event)); 1697 if (freq) { 1698 event.rx_mgmt.freq = nla_get_u32(freq); 1699 rx_freq = drv->last_mgmt_freq = event.rx_mgmt.freq; 1700 } 1701 wpa_printf(MSG_DEBUG, 1702 "nl80211: RX frame freq=%d ssi_signal=%d stype=%u len=%u", 1703 rx_freq, ssi_signal, stype, (unsigned int) len); 1704 event.rx_mgmt.frame = frame; 1705 event.rx_mgmt.frame_len = len; 1706 event.rx_mgmt.ssi_signal = ssi_signal; 1707 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 1708} 1709 1710 1711static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv, 1712 struct nlattr *cookie, const u8 *frame, 1713 size_t len, struct nlattr *ack) 1714{ 1715 union wpa_event_data event; 1716 const struct ieee80211_hdr *hdr; 1717 u16 fc; 1718 1719 wpa_printf(MSG_DEBUG, "nl80211: Frame TX status event"); 1720 if (!is_ap_interface(drv->nlmode)) { 1721 u64 cookie_val; 1722 1723 if (!cookie) 1724 return; 1725 1726 cookie_val = nla_get_u64(cookie); 1727 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:" 1728 " cookie=0%llx%s (ack=%d)", 1729 (long long unsigned int) cookie_val, 1730 cookie_val == drv->send_action_cookie ? 1731 " (match)" : " (unknown)", ack != NULL); 1732 if (cookie_val != drv->send_action_cookie) 1733 return; 1734 } 1735 1736 hdr = (const struct ieee80211_hdr *) frame; 1737 fc = le_to_host16(hdr->frame_control); 1738 1739 os_memset(&event, 0, sizeof(event)); 1740 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 1741 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 1742 event.tx_status.dst = hdr->addr1; 1743 event.tx_status.data = frame; 1744 event.tx_status.data_len = len; 1745 event.tx_status.ack = ack != NULL; 1746 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 1747} 1748 1749 1750static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 1751 enum wpa_event_type type, 1752 const u8 *frame, size_t len) 1753{ 1754 const struct ieee80211_mgmt *mgmt; 1755 union wpa_event_data event; 1756 const u8 *bssid = NULL; 1757 u16 reason_code = 0; 1758 1759 if (type == EVENT_DEAUTH) 1760 wpa_printf(MSG_DEBUG, "nl80211: Deauthenticate event"); 1761 else 1762 wpa_printf(MSG_DEBUG, "nl80211: Disassociate event"); 1763 1764 mgmt = (const struct ieee80211_mgmt *) frame; 1765 if (len >= 24) { 1766 bssid = mgmt->bssid; 1767 1768 if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) && 1769 !drv->associated && 1770 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0 && 1771 os_memcmp(bssid, drv->auth_attempt_bssid, ETH_ALEN) != 0 && 1772 os_memcmp(bssid, drv->prev_bssid, ETH_ALEN) == 0) { 1773 /* 1774 * Avoid issues with some roaming cases where 1775 * disconnection event for the old AP may show up after 1776 * we have started connection with the new AP. 1777 */ 1778 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth/disassoc event from old AP " MACSTR " when already authenticating with " MACSTR, 1779 MAC2STR(bssid), 1780 MAC2STR(drv->auth_attempt_bssid)); 1781 return; 1782 } 1783 1784 if (drv->associated != 0 && 1785 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 1786 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 1787 /* 1788 * We have presumably received this deauth as a 1789 * response to a clear_state_mismatch() outgoing 1790 * deauth. Don't let it take us offline! 1791 */ 1792 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 1793 "from Unknown BSSID " MACSTR " -- ignoring", 1794 MAC2STR(bssid)); 1795 return; 1796 } 1797 } 1798 1799 nl80211_mark_disconnected(drv); 1800 os_memset(&event, 0, sizeof(event)); 1801 1802 /* Note: Same offset for Reason Code in both frame subtypes */ 1803 if (len >= 24 + sizeof(mgmt->u.deauth)) 1804 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1805 1806 if (type == EVENT_DISASSOC) { 1807 event.disassoc_info.locally_generated = 1808 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 1809 event.disassoc_info.addr = bssid; 1810 event.disassoc_info.reason_code = reason_code; 1811 if (frame + len > mgmt->u.disassoc.variable) { 1812 event.disassoc_info.ie = mgmt->u.disassoc.variable; 1813 event.disassoc_info.ie_len = frame + len - 1814 mgmt->u.disassoc.variable; 1815 } 1816 } else { 1817 event.deauth_info.locally_generated = 1818 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 1819 event.deauth_info.addr = bssid; 1820 event.deauth_info.reason_code = reason_code; 1821 if (frame + len > mgmt->u.deauth.variable) { 1822 event.deauth_info.ie = mgmt->u.deauth.variable; 1823 event.deauth_info.ie_len = frame + len - 1824 mgmt->u.deauth.variable; 1825 } 1826 } 1827 1828 wpa_supplicant_event(drv->ctx, type, &event); 1829} 1830 1831 1832static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 1833 enum wpa_event_type type, 1834 const u8 *frame, size_t len) 1835{ 1836 const struct ieee80211_mgmt *mgmt; 1837 union wpa_event_data event; 1838 u16 reason_code = 0; 1839 1840 if (type == EVENT_UNPROT_DEAUTH) 1841 wpa_printf(MSG_DEBUG, "nl80211: Unprot Deauthenticate event"); 1842 else 1843 wpa_printf(MSG_DEBUG, "nl80211: Unprot Disassociate event"); 1844 1845 if (len < 24) 1846 return; 1847 1848 mgmt = (const struct ieee80211_mgmt *) frame; 1849 1850 os_memset(&event, 0, sizeof(event)); 1851 /* Note: Same offset for Reason Code in both frame subtypes */ 1852 if (len >= 24 + sizeof(mgmt->u.deauth)) 1853 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1854 1855 if (type == EVENT_UNPROT_DISASSOC) { 1856 event.unprot_disassoc.sa = mgmt->sa; 1857 event.unprot_disassoc.da = mgmt->da; 1858 event.unprot_disassoc.reason_code = reason_code; 1859 } else { 1860 event.unprot_deauth.sa = mgmt->sa; 1861 event.unprot_deauth.da = mgmt->da; 1862 event.unprot_deauth.reason_code = reason_code; 1863 } 1864 1865 wpa_supplicant_event(drv->ctx, type, &event); 1866} 1867 1868 1869static void mlme_event(struct i802_bss *bss, 1870 enum nl80211_commands cmd, struct nlattr *frame, 1871 struct nlattr *addr, struct nlattr *timed_out, 1872 struct nlattr *freq, struct nlattr *ack, 1873 struct nlattr *cookie, struct nlattr *sig) 1874{ 1875 struct wpa_driver_nl80211_data *drv = bss->drv; 1876 const u8 *data; 1877 size_t len; 1878 1879 if (timed_out && addr) { 1880 mlme_timeout_event(drv, cmd, addr); 1881 return; 1882 } 1883 1884 if (frame == NULL) { 1885 wpa_printf(MSG_DEBUG, 1886 "nl80211: MLME event %d (%s) without frame data", 1887 cmd, nl80211_command_to_string(cmd)); 1888 return; 1889 } 1890 1891 data = nla_data(frame); 1892 len = nla_len(frame); 1893 if (len < 4 + 2 * ETH_ALEN) { 1894 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" 1895 MACSTR ") - too short", 1896 cmd, nl80211_command_to_string(cmd), bss->ifname, 1897 MAC2STR(bss->addr)); 1898 return; 1899 } 1900 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" MACSTR 1901 ") A1=" MACSTR " A2=" MACSTR, cmd, 1902 nl80211_command_to_string(cmd), bss->ifname, 1903 MAC2STR(bss->addr), MAC2STR(data + 4), 1904 MAC2STR(data + 4 + ETH_ALEN)); 1905 if (cmd != NL80211_CMD_FRAME_TX_STATUS && !(data[4] & 0x01) && 1906 os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 && 1907 os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) { 1908 wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event " 1909 "for foreign address", bss->ifname); 1910 return; 1911 } 1912 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 1913 nla_data(frame), nla_len(frame)); 1914 1915 switch (cmd) { 1916 case NL80211_CMD_AUTHENTICATE: 1917 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 1918 break; 1919 case NL80211_CMD_ASSOCIATE: 1920 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 1921 break; 1922 case NL80211_CMD_DEAUTHENTICATE: 1923 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 1924 nla_data(frame), nla_len(frame)); 1925 break; 1926 case NL80211_CMD_DISASSOCIATE: 1927 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 1928 nla_data(frame), nla_len(frame)); 1929 break; 1930 case NL80211_CMD_FRAME: 1931 mlme_event_mgmt(drv, freq, sig, nla_data(frame), 1932 nla_len(frame)); 1933 break; 1934 case NL80211_CMD_FRAME_TX_STATUS: 1935 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame), 1936 nla_len(frame), ack); 1937 break; 1938 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1939 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 1940 nla_data(frame), nla_len(frame)); 1941 break; 1942 case NL80211_CMD_UNPROT_DISASSOCIATE: 1943 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 1944 nla_data(frame), nla_len(frame)); 1945 break; 1946 default: 1947 break; 1948 } 1949} 1950 1951 1952static void mlme_event_michael_mic_failure(struct i802_bss *bss, 1953 struct nlattr *tb[]) 1954{ 1955 union wpa_event_data data; 1956 1957 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 1958 os_memset(&data, 0, sizeof(data)); 1959 if (tb[NL80211_ATTR_MAC]) { 1960 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 1961 nla_data(tb[NL80211_ATTR_MAC]), 1962 nla_len(tb[NL80211_ATTR_MAC])); 1963 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 1964 } 1965 if (tb[NL80211_ATTR_KEY_SEQ]) { 1966 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 1967 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 1968 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 1969 } 1970 if (tb[NL80211_ATTR_KEY_TYPE]) { 1971 enum nl80211_key_type key_type = 1972 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 1973 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 1974 if (key_type == NL80211_KEYTYPE_PAIRWISE) 1975 data.michael_mic_failure.unicast = 1; 1976 } else 1977 data.michael_mic_failure.unicast = 1; 1978 1979 if (tb[NL80211_ATTR_KEY_IDX]) { 1980 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 1981 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 1982 } 1983 1984 wpa_supplicant_event(bss->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 1985} 1986 1987 1988static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 1989 struct nlattr *tb[]) 1990{ 1991 if (tb[NL80211_ATTR_MAC] == NULL) { 1992 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 1993 "event"); 1994 return; 1995 } 1996 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1997 1998 drv->associated = 1; 1999 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 2000 MAC2STR(drv->bssid)); 2001 2002 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 2003} 2004 2005 2006static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 2007 int cancel_event, struct nlattr *tb[]) 2008{ 2009 unsigned int freq, chan_type, duration; 2010 union wpa_event_data data; 2011 u64 cookie; 2012 2013 if (tb[NL80211_ATTR_WIPHY_FREQ]) 2014 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 2015 else 2016 freq = 0; 2017 2018 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 2019 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 2020 else 2021 chan_type = 0; 2022 2023 if (tb[NL80211_ATTR_DURATION]) 2024 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 2025 else 2026 duration = 0; 2027 2028 if (tb[NL80211_ATTR_COOKIE]) 2029 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 2030 else 2031 cookie = 0; 2032 2033 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 2034 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 2035 cancel_event, freq, chan_type, duration, 2036 (long long unsigned int) cookie, 2037 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 2038 2039 if (cookie != drv->remain_on_chan_cookie) 2040 return; /* not for us */ 2041 2042 if (cancel_event) 2043 drv->pending_remain_on_chan = 0; 2044 2045 os_memset(&data, 0, sizeof(data)); 2046 data.remain_on_channel.freq = freq; 2047 data.remain_on_channel.duration = duration; 2048 wpa_supplicant_event(drv->ctx, cancel_event ? 2049 EVENT_CANCEL_REMAIN_ON_CHANNEL : 2050 EVENT_REMAIN_ON_CHANNEL, &data); 2051} 2052 2053 2054static void mlme_event_ft_event(struct wpa_driver_nl80211_data *drv, 2055 struct nlattr *tb[]) 2056{ 2057 union wpa_event_data data; 2058 2059 os_memset(&data, 0, sizeof(data)); 2060 2061 if (tb[NL80211_ATTR_IE]) { 2062 data.ft_ies.ies = nla_data(tb[NL80211_ATTR_IE]); 2063 data.ft_ies.ies_len = nla_len(tb[NL80211_ATTR_IE]); 2064 } 2065 2066 if (tb[NL80211_ATTR_IE_RIC]) { 2067 data.ft_ies.ric_ies = nla_data(tb[NL80211_ATTR_IE_RIC]); 2068 data.ft_ies.ric_ies_len = nla_len(tb[NL80211_ATTR_IE_RIC]); 2069 } 2070 2071 if (tb[NL80211_ATTR_MAC]) 2072 os_memcpy(data.ft_ies.target_ap, 2073 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2074 2075 wpa_printf(MSG_DEBUG, "nl80211: FT event target_ap " MACSTR, 2076 MAC2STR(data.ft_ies.target_ap)); 2077 2078 wpa_supplicant_event(drv->ctx, EVENT_FT_RESPONSE, &data); 2079} 2080 2081 2082static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 2083 struct nlattr *tb[]) 2084{ 2085 union wpa_event_data event; 2086 struct nlattr *nl; 2087 int rem; 2088 struct scan_info *info; 2089#define MAX_REPORT_FREQS 50 2090 int freqs[MAX_REPORT_FREQS]; 2091 int num_freqs = 0; 2092 2093 if (drv->scan_for_auth) { 2094 drv->scan_for_auth = 0; 2095 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing " 2096 "cfg80211 BSS entry"); 2097 wpa_driver_nl80211_authenticate_retry(drv); 2098 return; 2099 } 2100 2101 os_memset(&event, 0, sizeof(event)); 2102 info = &event.scan_info; 2103 info->aborted = aborted; 2104 2105 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 2106 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 2107 struct wpa_driver_scan_ssid *s = 2108 &info->ssids[info->num_ssids]; 2109 s->ssid = nla_data(nl); 2110 s->ssid_len = nla_len(nl); 2111 wpa_printf(MSG_DEBUG, "nl80211: Scan probed for SSID '%s'", 2112 wpa_ssid_txt(s->ssid, s->ssid_len)); 2113 info->num_ssids++; 2114 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 2115 break; 2116 } 2117 } 2118 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 2119 char msg[200], *pos, *end; 2120 int res; 2121 2122 pos = msg; 2123 end = pos + sizeof(msg); 2124 *pos = '\0'; 2125 2126 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 2127 { 2128 freqs[num_freqs] = nla_get_u32(nl); 2129 res = os_snprintf(pos, end - pos, " %d", 2130 freqs[num_freqs]); 2131 if (res > 0 && end - pos > res) 2132 pos += res; 2133 num_freqs++; 2134 if (num_freqs == MAX_REPORT_FREQS - 1) 2135 break; 2136 } 2137 info->freqs = freqs; 2138 info->num_freqs = num_freqs; 2139 wpa_printf(MSG_DEBUG, "nl80211: Scan included frequencies:%s", 2140 msg); 2141 } 2142 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 2143} 2144 2145 2146static int get_link_signal(struct nl_msg *msg, void *arg) 2147{ 2148 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2149 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2150 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1]; 2151 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = { 2152 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 }, 2153 [NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 }, 2154 }; 2155 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1]; 2156 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = { 2157 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 }, 2158 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 }, 2159 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG }, 2160 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG }, 2161 }; 2162 struct wpa_signal_info *sig_change = arg; 2163 2164 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2165 genlmsg_attrlen(gnlh, 0), NULL); 2166 if (!tb[NL80211_ATTR_STA_INFO] || 2167 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX, 2168 tb[NL80211_ATTR_STA_INFO], policy)) 2169 return NL_SKIP; 2170 if (!sinfo[NL80211_STA_INFO_SIGNAL]) 2171 return NL_SKIP; 2172 2173 sig_change->current_signal = 2174 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]); 2175 2176 if (sinfo[NL80211_STA_INFO_SIGNAL_AVG]) 2177 sig_change->avg_signal = 2178 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]); 2179 else 2180 sig_change->avg_signal = 0; 2181 2182 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) { 2183 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX, 2184 sinfo[NL80211_STA_INFO_TX_BITRATE], 2185 rate_policy)) { 2186 sig_change->current_txrate = 0; 2187 } else { 2188 if (rinfo[NL80211_RATE_INFO_BITRATE]) { 2189 sig_change->current_txrate = 2190 nla_get_u16(rinfo[ 2191 NL80211_RATE_INFO_BITRATE]) * 100; 2192 } 2193 } 2194 } 2195 2196 return NL_SKIP; 2197} 2198 2199 2200static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, 2201 struct wpa_signal_info *sig) 2202{ 2203 struct nl_msg *msg; 2204 2205 sig->current_signal = -9999; 2206 sig->current_txrate = 0; 2207 2208 msg = nlmsg_alloc(); 2209 if (!msg) 2210 return -ENOMEM; 2211 2212 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 2213 2214 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2215 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 2216 2217 return send_and_recv_msgs(drv, msg, get_link_signal, sig); 2218 nla_put_failure: 2219 nlmsg_free(msg); 2220 return -ENOBUFS; 2221} 2222 2223 2224static int get_link_noise(struct nl_msg *msg, void *arg) 2225{ 2226 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2227 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2228 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 2229 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 2230 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 2231 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 2232 }; 2233 struct wpa_signal_info *sig_change = arg; 2234 2235 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2236 genlmsg_attrlen(gnlh, 0), NULL); 2237 2238 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 2239 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!"); 2240 return NL_SKIP; 2241 } 2242 2243 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 2244 tb[NL80211_ATTR_SURVEY_INFO], 2245 survey_policy)) { 2246 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested " 2247 "attributes!"); 2248 return NL_SKIP; 2249 } 2250 2251 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 2252 return NL_SKIP; 2253 2254 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 2255 sig_change->frequency) 2256 return NL_SKIP; 2257 2258 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 2259 return NL_SKIP; 2260 2261 sig_change->current_noise = 2262 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 2263 2264 return NL_SKIP; 2265} 2266 2267 2268static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, 2269 struct wpa_signal_info *sig_change) 2270{ 2271 struct nl_msg *msg; 2272 2273 sig_change->current_noise = 9999; 2274 sig_change->frequency = drv->assoc_freq; 2275 2276 msg = nlmsg_alloc(); 2277 if (!msg) 2278 return -ENOMEM; 2279 2280 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 2281 2282 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2283 2284 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change); 2285 nla_put_failure: 2286 nlmsg_free(msg); 2287 return -ENOBUFS; 2288} 2289 2290 2291static int get_noise_for_scan_results(struct nl_msg *msg, void *arg) 2292{ 2293 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2294 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2295 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 2296 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 2297 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 2298 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 2299 }; 2300 struct wpa_scan_results *scan_results = arg; 2301 struct wpa_scan_res *scan_res; 2302 size_t i; 2303 2304 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2305 genlmsg_attrlen(gnlh, 0), NULL); 2306 2307 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 2308 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing"); 2309 return NL_SKIP; 2310 } 2311 2312 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 2313 tb[NL80211_ATTR_SURVEY_INFO], 2314 survey_policy)) { 2315 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested " 2316 "attributes"); 2317 return NL_SKIP; 2318 } 2319 2320 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 2321 return NL_SKIP; 2322 2323 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 2324 return NL_SKIP; 2325 2326 for (i = 0; i < scan_results->num; ++i) { 2327 scan_res = scan_results->res[i]; 2328 if (!scan_res) 2329 continue; 2330 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 2331 scan_res->freq) 2332 continue; 2333 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID)) 2334 continue; 2335 scan_res->noise = (s8) 2336 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 2337 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID; 2338 } 2339 2340 return NL_SKIP; 2341} 2342 2343 2344static int nl80211_get_noise_for_scan_results( 2345 struct wpa_driver_nl80211_data *drv, 2346 struct wpa_scan_results *scan_res) 2347{ 2348 struct nl_msg *msg; 2349 2350 msg = nlmsg_alloc(); 2351 if (!msg) 2352 return -ENOMEM; 2353 2354 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 2355 2356 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2357 2358 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, 2359 scan_res); 2360 nla_put_failure: 2361 nlmsg_free(msg); 2362 return -ENOBUFS; 2363} 2364 2365 2366static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 2367 struct nlattr *tb[]) 2368{ 2369 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 2370 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 2371 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 2372 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 2373 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 2374 }; 2375 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 2376 enum nl80211_cqm_rssi_threshold_event event; 2377 union wpa_event_data ed; 2378 struct wpa_signal_info sig; 2379 int res; 2380 2381 if (tb[NL80211_ATTR_CQM] == NULL || 2382 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 2383 cqm_policy)) { 2384 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 2385 return; 2386 } 2387 2388 os_memset(&ed, 0, sizeof(ed)); 2389 2390 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 2391 if (!tb[NL80211_ATTR_MAC]) 2392 return; 2393 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 2394 ETH_ALEN); 2395 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 2396 return; 2397 } 2398 2399 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 2400 return; 2401 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 2402 2403 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 2404 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 2405 "event: RSSI high"); 2406 ed.signal_change.above_threshold = 1; 2407 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 2408 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 2409 "event: RSSI low"); 2410 ed.signal_change.above_threshold = 0; 2411 } else 2412 return; 2413 2414 res = nl80211_get_link_signal(drv, &sig); 2415 if (res == 0) { 2416 ed.signal_change.current_signal = sig.current_signal; 2417 ed.signal_change.current_txrate = sig.current_txrate; 2418 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 2419 sig.current_signal, sig.current_txrate); 2420 } 2421 2422 res = nl80211_get_link_noise(drv, &sig); 2423 if (res == 0) { 2424 ed.signal_change.current_noise = sig.current_noise; 2425 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 2426 sig.current_noise); 2427 } 2428 2429 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 2430} 2431 2432 2433static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 2434 struct nlattr **tb) 2435{ 2436 u8 *addr; 2437 union wpa_event_data data; 2438 2439 if (tb[NL80211_ATTR_MAC] == NULL) 2440 return; 2441 addr = nla_data(tb[NL80211_ATTR_MAC]); 2442 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 2443 2444 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 2445 u8 *ies = NULL; 2446 size_t ies_len = 0; 2447 if (tb[NL80211_ATTR_IE]) { 2448 ies = nla_data(tb[NL80211_ATTR_IE]); 2449 ies_len = nla_len(tb[NL80211_ATTR_IE]); 2450 } 2451 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 2452 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0); 2453 return; 2454 } 2455 2456 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 2457 return; 2458 2459 os_memset(&data, 0, sizeof(data)); 2460 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 2461 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data); 2462} 2463 2464 2465static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 2466 struct nlattr **tb) 2467{ 2468 u8 *addr; 2469 union wpa_event_data data; 2470 2471 if (tb[NL80211_ATTR_MAC] == NULL) 2472 return; 2473 addr = nla_data(tb[NL80211_ATTR_MAC]); 2474 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 2475 MAC2STR(addr)); 2476 2477 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 2478 drv_event_disassoc(drv->ctx, addr); 2479 return; 2480 } 2481 2482 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 2483 return; 2484 2485 os_memset(&data, 0, sizeof(data)); 2486 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 2487 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 2488} 2489 2490 2491static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv, 2492 struct nlattr **tb) 2493{ 2494 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA]; 2495 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = { 2496 [NL80211_REKEY_DATA_KEK] = { 2497 .minlen = NL80211_KEK_LEN, 2498 .maxlen = NL80211_KEK_LEN, 2499 }, 2500 [NL80211_REKEY_DATA_KCK] = { 2501 .minlen = NL80211_KCK_LEN, 2502 .maxlen = NL80211_KCK_LEN, 2503 }, 2504 [NL80211_REKEY_DATA_REPLAY_CTR] = { 2505 .minlen = NL80211_REPLAY_CTR_LEN, 2506 .maxlen = NL80211_REPLAY_CTR_LEN, 2507 }, 2508 }; 2509 union wpa_event_data data; 2510 2511 if (!tb[NL80211_ATTR_MAC]) 2512 return; 2513 if (!tb[NL80211_ATTR_REKEY_DATA]) 2514 return; 2515 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA, 2516 tb[NL80211_ATTR_REKEY_DATA], rekey_policy)) 2517 return; 2518 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]) 2519 return; 2520 2521 os_memset(&data, 0, sizeof(data)); 2522 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]); 2523 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR, 2524 MAC2STR(data.driver_gtk_rekey.bssid)); 2525 data.driver_gtk_rekey.replay_ctr = 2526 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]); 2527 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter", 2528 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN); 2529 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data); 2530} 2531 2532 2533static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv, 2534 struct nlattr **tb) 2535{ 2536 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE]; 2537 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = { 2538 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 }, 2539 [NL80211_PMKSA_CANDIDATE_BSSID] = { 2540 .minlen = ETH_ALEN, 2541 .maxlen = ETH_ALEN, 2542 }, 2543 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG }, 2544 }; 2545 union wpa_event_data data; 2546 2547 wpa_printf(MSG_DEBUG, "nl80211: PMKSA candidate event"); 2548 2549 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE]) 2550 return; 2551 if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE, 2552 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy)) 2553 return; 2554 if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] || 2555 !cand[NL80211_PMKSA_CANDIDATE_BSSID]) 2556 return; 2557 2558 os_memset(&data, 0, sizeof(data)); 2559 os_memcpy(data.pmkid_candidate.bssid, 2560 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN); 2561 data.pmkid_candidate.index = 2562 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]); 2563 data.pmkid_candidate.preauth = 2564 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL; 2565 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 2566} 2567 2568 2569static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv, 2570 struct nlattr **tb) 2571{ 2572 union wpa_event_data data; 2573 2574 wpa_printf(MSG_DEBUG, "nl80211: Probe client event"); 2575 2576 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK]) 2577 return; 2578 2579 os_memset(&data, 0, sizeof(data)); 2580 os_memcpy(data.client_poll.addr, 2581 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2582 2583 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data); 2584} 2585 2586 2587static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv, 2588 struct nlattr **tb) 2589{ 2590 union wpa_event_data data; 2591 2592 wpa_printf(MSG_DEBUG, "nl80211: TDLS operation event"); 2593 2594 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_TDLS_OPERATION]) 2595 return; 2596 2597 os_memset(&data, 0, sizeof(data)); 2598 os_memcpy(data.tdls.peer, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2599 switch (nla_get_u8(tb[NL80211_ATTR_TDLS_OPERATION])) { 2600 case NL80211_TDLS_SETUP: 2601 wpa_printf(MSG_DEBUG, "nl80211: TDLS setup request for peer " 2602 MACSTR, MAC2STR(data.tdls.peer)); 2603 data.tdls.oper = TDLS_REQUEST_SETUP; 2604 break; 2605 case NL80211_TDLS_TEARDOWN: 2606 wpa_printf(MSG_DEBUG, "nl80211: TDLS teardown request for peer " 2607 MACSTR, MAC2STR(data.tdls.peer)); 2608 data.tdls.oper = TDLS_REQUEST_TEARDOWN; 2609 break; 2610 default: 2611 wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione " 2612 "event"); 2613 return; 2614 } 2615 if (tb[NL80211_ATTR_REASON_CODE]) { 2616 data.tdls.reason_code = 2617 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 2618 } 2619 2620 wpa_supplicant_event(drv->ctx, EVENT_TDLS, &data); 2621} 2622 2623 2624static void nl80211_stop_ap(struct wpa_driver_nl80211_data *drv, 2625 struct nlattr **tb) 2626{ 2627 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_UNAVAILABLE, NULL); 2628} 2629 2630 2631static void nl80211_connect_failed_event(struct wpa_driver_nl80211_data *drv, 2632 struct nlattr **tb) 2633{ 2634 union wpa_event_data data; 2635 u32 reason; 2636 2637 wpa_printf(MSG_DEBUG, "nl80211: Connect failed event"); 2638 2639 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_CONN_FAILED_REASON]) 2640 return; 2641 2642 os_memset(&data, 0, sizeof(data)); 2643 os_memcpy(data.connect_failed_reason.addr, 2644 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2645 2646 reason = nla_get_u32(tb[NL80211_ATTR_CONN_FAILED_REASON]); 2647 switch (reason) { 2648 case NL80211_CONN_FAIL_MAX_CLIENTS: 2649 wpa_printf(MSG_DEBUG, "nl80211: Max client reached"); 2650 data.connect_failed_reason.code = MAX_CLIENT_REACHED; 2651 break; 2652 case NL80211_CONN_FAIL_BLOCKED_CLIENT: 2653 wpa_printf(MSG_DEBUG, "nl80211: Blocked client " MACSTR 2654 " tried to connect", 2655 MAC2STR(data.connect_failed_reason.addr)); 2656 data.connect_failed_reason.code = BLOCKED_CLIENT; 2657 break; 2658 default: 2659 wpa_printf(MSG_DEBUG, "nl8021l: Unknown connect failed reason " 2660 "%u", reason); 2661 return; 2662 } 2663 2664 wpa_supplicant_event(drv->ctx, EVENT_CONNECT_FAILED_REASON, &data); 2665} 2666 2667 2668static void nl80211_radar_event(struct wpa_driver_nl80211_data *drv, 2669 struct nlattr **tb) 2670{ 2671 union wpa_event_data data; 2672 enum nl80211_radar_event event_type; 2673 2674 if (!tb[NL80211_ATTR_WIPHY_FREQ] || !tb[NL80211_ATTR_RADAR_EVENT]) 2675 return; 2676 2677 os_memset(&data, 0, sizeof(data)); 2678 data.dfs_event.freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 2679 event_type = nla_get_u32(tb[NL80211_ATTR_RADAR_EVENT]); 2680 2681 /* Check HT params */ 2682 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 2683 data.dfs_event.ht_enabled = 1; 2684 data.dfs_event.chan_offset = 0; 2685 2686 switch (nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])) { 2687 case NL80211_CHAN_NO_HT: 2688 data.dfs_event.ht_enabled = 0; 2689 break; 2690 case NL80211_CHAN_HT20: 2691 break; 2692 case NL80211_CHAN_HT40PLUS: 2693 data.dfs_event.chan_offset = 1; 2694 break; 2695 case NL80211_CHAN_HT40MINUS: 2696 data.dfs_event.chan_offset = -1; 2697 break; 2698 } 2699 } 2700 2701 /* Get VHT params */ 2702 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) 2703 data.dfs_event.chan_width = 2704 convert2width(nla_get_u32( 2705 tb[NL80211_ATTR_CHANNEL_WIDTH])); 2706 if (tb[NL80211_ATTR_CENTER_FREQ1]) 2707 data.dfs_event.cf1 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 2708 if (tb[NL80211_ATTR_CENTER_FREQ2]) 2709 data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 2710 2711 wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz, ht: %d, offset: %d, width: %d, cf1: %dMHz, cf2: %dMHz", 2712 data.dfs_event.freq, data.dfs_event.ht_enabled, 2713 data.dfs_event.chan_offset, data.dfs_event.chan_width, 2714 data.dfs_event.cf1, data.dfs_event.cf2); 2715 2716 switch (event_type) { 2717 case NL80211_RADAR_DETECTED: 2718 wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data); 2719 break; 2720 case NL80211_RADAR_CAC_FINISHED: 2721 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data); 2722 break; 2723 case NL80211_RADAR_CAC_ABORTED: 2724 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data); 2725 break; 2726 case NL80211_RADAR_NOP_FINISHED: 2727 wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data); 2728 break; 2729 default: 2730 wpa_printf(MSG_DEBUG, "nl80211: Unknown radar event %d " 2731 "received", event_type); 2732 break; 2733 } 2734} 2735 2736 2737static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb, 2738 int wds) 2739{ 2740 struct wpa_driver_nl80211_data *drv = bss->drv; 2741 union wpa_event_data event; 2742 2743 if (!tb[NL80211_ATTR_MAC]) 2744 return; 2745 2746 os_memset(&event, 0, sizeof(event)); 2747 event.rx_from_unknown.bssid = bss->addr; 2748 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]); 2749 event.rx_from_unknown.wds = wds; 2750 2751 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 2752} 2753 2754 2755static void qca_nl80211_avoid_freq(struct wpa_driver_nl80211_data *drv, 2756 const u8 *data, size_t len) 2757{ 2758 u32 i, count; 2759 union wpa_event_data event; 2760 struct wpa_freq_range *range = NULL; 2761 const struct qca_avoid_freq_list *freq_range; 2762 2763 freq_range = (const struct qca_avoid_freq_list *) data; 2764 if (len < sizeof(freq_range->count)) 2765 return; 2766 2767 count = freq_range->count; 2768 if (len < sizeof(freq_range->count) + 2769 count * sizeof(struct qca_avoid_freq_range)) { 2770 wpa_printf(MSG_DEBUG, "nl80211: Ignored too short avoid frequency list (len=%u)", 2771 (unsigned int) len); 2772 return; 2773 } 2774 2775 if (count > 0) { 2776 range = os_calloc(count, sizeof(struct wpa_freq_range)); 2777 if (range == NULL) 2778 return; 2779 } 2780 2781 os_memset(&event, 0, sizeof(event)); 2782 for (i = 0; i < count; i++) { 2783 unsigned int idx = event.freq_range.num; 2784 range[idx].min = freq_range->range[i].start_freq; 2785 range[idx].max = freq_range->range[i].end_freq; 2786 wpa_printf(MSG_DEBUG, "nl80211: Avoid frequency range: %u-%u", 2787 range[idx].min, range[idx].max); 2788 if (range[idx].min > range[idx].max) { 2789 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid frequency range"); 2790 continue; 2791 } 2792 event.freq_range.num++; 2793 } 2794 event.freq_range.range = range; 2795 2796 wpa_supplicant_event(drv->ctx, EVENT_AVOID_FREQUENCIES, &event); 2797 2798 os_free(range); 2799} 2800 2801 2802static void nl80211_vendor_event_qca(struct wpa_driver_nl80211_data *drv, 2803 u32 subcmd, u8 *data, size_t len) 2804{ 2805 switch (subcmd) { 2806 case QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY: 2807 qca_nl80211_avoid_freq(drv, data, len); 2808 break; 2809 default: 2810 wpa_printf(MSG_DEBUG, 2811 "nl80211: Ignore unsupported QCA vendor event %u", 2812 subcmd); 2813 break; 2814 } 2815} 2816 2817 2818static void nl80211_vendor_event(struct wpa_driver_nl80211_data *drv, 2819 struct nlattr **tb) 2820{ 2821 u32 vendor_id, subcmd, wiphy = 0; 2822 int wiphy_idx; 2823 u8 *data = NULL; 2824 size_t len = 0; 2825 2826 if (!tb[NL80211_ATTR_VENDOR_ID] || 2827 !tb[NL80211_ATTR_VENDOR_SUBCMD]) 2828 return; 2829 2830 vendor_id = nla_get_u32(tb[NL80211_ATTR_VENDOR_ID]); 2831 subcmd = nla_get_u32(tb[NL80211_ATTR_VENDOR_SUBCMD]); 2832 2833 if (tb[NL80211_ATTR_WIPHY]) 2834 wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 2835 2836 wpa_printf(MSG_DEBUG, "nl80211: Vendor event: wiphy=%u vendor_id=0x%x subcmd=%u", 2837 wiphy, vendor_id, subcmd); 2838 2839 if (tb[NL80211_ATTR_VENDOR_DATA]) { 2840 data = nla_data(tb[NL80211_ATTR_VENDOR_DATA]); 2841 len = nla_len(tb[NL80211_ATTR_VENDOR_DATA]); 2842 wpa_hexdump(MSG_MSGDUMP, "nl80211: Vendor data", data, len); 2843 } 2844 2845 wiphy_idx = nl80211_get_wiphy_index(drv->first_bss); 2846 if (wiphy_idx >= 0 && wiphy_idx != (int) wiphy) { 2847 wpa_printf(MSG_DEBUG, "nl80211: Ignore vendor event for foreign wiphy %u (own: %d)", 2848 wiphy, wiphy_idx); 2849 return; 2850 } 2851 2852 switch (vendor_id) { 2853 case OUI_QCA: 2854 nl80211_vendor_event_qca(drv, subcmd, data, len); 2855 break; 2856 default: 2857 wpa_printf(MSG_DEBUG, "nl80211: Ignore unsupported vendor event"); 2858 break; 2859 } 2860} 2861 2862 2863static void do_process_drv_event(struct i802_bss *bss, int cmd, 2864 struct nlattr **tb) 2865{ 2866 struct wpa_driver_nl80211_data *drv = bss->drv; 2867 union wpa_event_data data; 2868 2869 wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s", 2870 cmd, nl80211_command_to_string(cmd), bss->ifname); 2871 2872 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED && 2873 (cmd == NL80211_CMD_NEW_SCAN_RESULTS || 2874 cmd == NL80211_CMD_SCAN_ABORTED)) { 2875 wpa_driver_nl80211_set_mode(drv->first_bss, 2876 drv->ap_scan_as_station); 2877 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 2878 } 2879 2880 switch (cmd) { 2881 case NL80211_CMD_TRIGGER_SCAN: 2882 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan trigger"); 2883 drv->scan_state = SCAN_STARTED; 2884 wpa_supplicant_event(drv->ctx, EVENT_SCAN_STARTED, NULL); 2885 break; 2886 case NL80211_CMD_START_SCHED_SCAN: 2887 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan started"); 2888 drv->scan_state = SCHED_SCAN_STARTED; 2889 break; 2890 case NL80211_CMD_SCHED_SCAN_STOPPED: 2891 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan stopped"); 2892 drv->scan_state = SCHED_SCAN_STOPPED; 2893 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL); 2894 break; 2895 case NL80211_CMD_NEW_SCAN_RESULTS: 2896 wpa_dbg(drv->ctx, MSG_DEBUG, 2897 "nl80211: New scan results available"); 2898 drv->scan_state = SCAN_COMPLETED; 2899 drv->scan_complete_events = 1; 2900 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2901 drv->ctx); 2902 send_scan_event(drv, 0, tb); 2903 break; 2904 case NL80211_CMD_SCHED_SCAN_RESULTS: 2905 wpa_dbg(drv->ctx, MSG_DEBUG, 2906 "nl80211: New sched scan results available"); 2907 drv->scan_state = SCHED_SCAN_RESULTS; 2908 send_scan_event(drv, 0, tb); 2909 break; 2910 case NL80211_CMD_SCAN_ABORTED: 2911 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan aborted"); 2912 drv->scan_state = SCAN_ABORTED; 2913 /* 2914 * Need to indicate that scan results are available in order 2915 * not to make wpa_supplicant stop its scanning. 2916 */ 2917 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2918 drv->ctx); 2919 send_scan_event(drv, 1, tb); 2920 break; 2921 case NL80211_CMD_AUTHENTICATE: 2922 case NL80211_CMD_ASSOCIATE: 2923 case NL80211_CMD_DEAUTHENTICATE: 2924 case NL80211_CMD_DISASSOCIATE: 2925 case NL80211_CMD_FRAME_TX_STATUS: 2926 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 2927 case NL80211_CMD_UNPROT_DISASSOCIATE: 2928 mlme_event(bss, cmd, tb[NL80211_ATTR_FRAME], 2929 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 2930 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 2931 tb[NL80211_ATTR_COOKIE], 2932 tb[NL80211_ATTR_RX_SIGNAL_DBM]); 2933 break; 2934 case NL80211_CMD_CONNECT: 2935 case NL80211_CMD_ROAM: 2936 mlme_event_connect(drv, cmd, 2937 tb[NL80211_ATTR_STATUS_CODE], 2938 tb[NL80211_ATTR_MAC], 2939 tb[NL80211_ATTR_REQ_IE], 2940 tb[NL80211_ATTR_RESP_IE]); 2941 break; 2942 case NL80211_CMD_CH_SWITCH_NOTIFY: 2943 mlme_event_ch_switch(drv, 2944 tb[NL80211_ATTR_IFINDEX], 2945 tb[NL80211_ATTR_WIPHY_FREQ], 2946 tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE], 2947 tb[NL80211_ATTR_CHANNEL_WIDTH], 2948 tb[NL80211_ATTR_CENTER_FREQ1], 2949 tb[NL80211_ATTR_CENTER_FREQ2]); 2950 break; 2951 case NL80211_CMD_DISCONNECT: 2952 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE], 2953 tb[NL80211_ATTR_MAC], 2954 tb[NL80211_ATTR_DISCONNECTED_BY_AP]); 2955 break; 2956 case NL80211_CMD_MICHAEL_MIC_FAILURE: 2957 mlme_event_michael_mic_failure(bss, tb); 2958 break; 2959 case NL80211_CMD_JOIN_IBSS: 2960 mlme_event_join_ibss(drv, tb); 2961 break; 2962 case NL80211_CMD_REMAIN_ON_CHANNEL: 2963 mlme_event_remain_on_channel(drv, 0, tb); 2964 break; 2965 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 2966 mlme_event_remain_on_channel(drv, 1, tb); 2967 break; 2968 case NL80211_CMD_NOTIFY_CQM: 2969 nl80211_cqm_event(drv, tb); 2970 break; 2971 case NL80211_CMD_REG_CHANGE: 2972 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 2973 if (tb[NL80211_ATTR_REG_INITIATOR] == NULL) 2974 break; 2975 os_memset(&data, 0, sizeof(data)); 2976 switch (nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR])) { 2977 case NL80211_REGDOM_SET_BY_CORE: 2978 data.channel_list_changed.initiator = 2979 REGDOM_SET_BY_CORE; 2980 break; 2981 case NL80211_REGDOM_SET_BY_USER: 2982 data.channel_list_changed.initiator = 2983 REGDOM_SET_BY_USER; 2984 break; 2985 case NL80211_REGDOM_SET_BY_DRIVER: 2986 data.channel_list_changed.initiator = 2987 REGDOM_SET_BY_DRIVER; 2988 break; 2989 case NL80211_REGDOM_SET_BY_COUNTRY_IE: 2990 data.channel_list_changed.initiator = 2991 REGDOM_SET_BY_COUNTRY_IE; 2992 break; 2993 default: 2994 wpa_printf(MSG_DEBUG, "nl80211: Unknown reg change initiator %d received", 2995 nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR])); 2996 break; 2997 } 2998 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 2999 &data); 3000 break; 3001 case NL80211_CMD_REG_BEACON_HINT: 3002 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 3003 os_memset(&data, 0, sizeof(data)); 3004 data.channel_list_changed.initiator = REGDOM_BEACON_HINT; 3005 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 3006 &data); 3007 break; 3008 case NL80211_CMD_NEW_STATION: 3009 nl80211_new_station_event(drv, tb); 3010 break; 3011 case NL80211_CMD_DEL_STATION: 3012 nl80211_del_station_event(drv, tb); 3013 break; 3014 case NL80211_CMD_SET_REKEY_OFFLOAD: 3015 nl80211_rekey_offload_event(drv, tb); 3016 break; 3017 case NL80211_CMD_PMKSA_CANDIDATE: 3018 nl80211_pmksa_candidate_event(drv, tb); 3019 break; 3020 case NL80211_CMD_PROBE_CLIENT: 3021 nl80211_client_probe_event(drv, tb); 3022 break; 3023 case NL80211_CMD_TDLS_OPER: 3024 nl80211_tdls_oper_event(drv, tb); 3025 break; 3026 case NL80211_CMD_CONN_FAILED: 3027 nl80211_connect_failed_event(drv, tb); 3028 break; 3029 case NL80211_CMD_FT_EVENT: 3030 mlme_event_ft_event(drv, tb); 3031 break; 3032 case NL80211_CMD_RADAR_DETECT: 3033 nl80211_radar_event(drv, tb); 3034 break; 3035 case NL80211_CMD_STOP_AP: 3036 nl80211_stop_ap(drv, tb); 3037 break; 3038 case NL80211_CMD_VENDOR: 3039 nl80211_vendor_event(drv, tb); 3040 break; 3041 default: 3042 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event " 3043 "(cmd=%d)", cmd); 3044 break; 3045 } 3046} 3047 3048 3049static int process_drv_event(struct nl_msg *msg, void *arg) 3050{ 3051 struct wpa_driver_nl80211_data *drv = arg; 3052 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3053 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3054 struct i802_bss *bss; 3055 int ifidx = -1; 3056 3057 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3058 genlmsg_attrlen(gnlh, 0), NULL); 3059 3060 if (tb[NL80211_ATTR_IFINDEX]) { 3061 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 3062 3063 for (bss = drv->first_bss; bss; bss = bss->next) 3064 if (ifidx == -1 || ifidx == bss->ifindex) { 3065 do_process_drv_event(bss, gnlh->cmd, tb); 3066 return NL_SKIP; 3067 } 3068 wpa_printf(MSG_DEBUG, 3069 "nl80211: Ignored event (cmd=%d) for foreign interface (ifindex %d)", 3070 gnlh->cmd, ifidx); 3071 } else if (tb[NL80211_ATTR_WDEV]) { 3072 u64 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 3073 wpa_printf(MSG_DEBUG, "nl80211: Process event on P2P device"); 3074 for (bss = drv->first_bss; bss; bss = bss->next) { 3075 if (bss->wdev_id_set && wdev_id == bss->wdev_id) { 3076 do_process_drv_event(bss, gnlh->cmd, tb); 3077 return NL_SKIP; 3078 } 3079 } 3080 wpa_printf(MSG_DEBUG, 3081 "nl80211: Ignored event (cmd=%d) for foreign interface (wdev 0x%llx)", 3082 gnlh->cmd, (long long unsigned int) wdev_id); 3083 } 3084 3085 return NL_SKIP; 3086} 3087 3088 3089static int process_global_event(struct nl_msg *msg, void *arg) 3090{ 3091 struct nl80211_global *global = arg; 3092 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3093 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3094 struct wpa_driver_nl80211_data *drv, *tmp; 3095 int ifidx = -1; 3096 struct i802_bss *bss; 3097 u64 wdev_id = 0; 3098 int wdev_id_set = 0; 3099 3100 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3101 genlmsg_attrlen(gnlh, 0), NULL); 3102 3103 if (tb[NL80211_ATTR_IFINDEX]) 3104 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 3105 else if (tb[NL80211_ATTR_WDEV]) { 3106 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 3107 wdev_id_set = 1; 3108 } 3109 3110 dl_list_for_each_safe(drv, tmp, &global->interfaces, 3111 struct wpa_driver_nl80211_data, list) { 3112 for (bss = drv->first_bss; bss; bss = bss->next) { 3113 if ((ifidx == -1 && !wdev_id_set) || 3114 ifidx == bss->ifindex || 3115 (wdev_id_set && bss->wdev_id_set && 3116 wdev_id == bss->wdev_id)) { 3117 do_process_drv_event(bss, gnlh->cmd, tb); 3118 return NL_SKIP; 3119 } 3120 } 3121 } 3122 3123 return NL_SKIP; 3124} 3125 3126 3127static int process_bss_event(struct nl_msg *msg, void *arg) 3128{ 3129 struct i802_bss *bss = arg; 3130 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3131 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3132 3133 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3134 genlmsg_attrlen(gnlh, 0), NULL); 3135 3136 wpa_printf(MSG_DEBUG, "nl80211: BSS Event %d (%s) received for %s", 3137 gnlh->cmd, nl80211_command_to_string(gnlh->cmd), 3138 bss->ifname); 3139 3140 switch (gnlh->cmd) { 3141 case NL80211_CMD_FRAME: 3142 case NL80211_CMD_FRAME_TX_STATUS: 3143 mlme_event(bss, gnlh->cmd, tb[NL80211_ATTR_FRAME], 3144 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 3145 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 3146 tb[NL80211_ATTR_COOKIE], 3147 tb[NL80211_ATTR_RX_SIGNAL_DBM]); 3148 break; 3149 case NL80211_CMD_UNEXPECTED_FRAME: 3150 nl80211_spurious_frame(bss, tb, 0); 3151 break; 3152 case NL80211_CMD_UNEXPECTED_4ADDR_FRAME: 3153 nl80211_spurious_frame(bss, tb, 1); 3154 break; 3155 default: 3156 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 3157 "(cmd=%d)", gnlh->cmd); 3158 break; 3159 } 3160 3161 return NL_SKIP; 3162} 3163 3164 3165static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 3166 void *handle) 3167{ 3168 struct nl_cb *cb = eloop_ctx; 3169 int res; 3170 3171 wpa_printf(MSG_MSGDUMP, "nl80211: Event message available"); 3172 3173 res = nl_recvmsgs(handle, cb); 3174 if (res) { 3175 wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d", 3176 __func__, res); 3177 } 3178} 3179 3180 3181/** 3182 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 3183 * @priv: driver_nl80211 private data 3184 * @alpha2_arg: country to which to switch to 3185 * Returns: 0 on success, -1 on failure 3186 * 3187 * This asks nl80211 to set the regulatory domain for given 3188 * country ISO / IEC alpha2. 3189 */ 3190static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 3191{ 3192 struct i802_bss *bss = priv; 3193 struct wpa_driver_nl80211_data *drv = bss->drv; 3194 char alpha2[3]; 3195 struct nl_msg *msg; 3196 3197 msg = nlmsg_alloc(); 3198 if (!msg) 3199 return -ENOMEM; 3200 3201 alpha2[0] = alpha2_arg[0]; 3202 alpha2[1] = alpha2_arg[1]; 3203 alpha2[2] = '\0'; 3204 3205 nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG); 3206 3207 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 3208 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 3209 return -EINVAL; 3210 return 0; 3211nla_put_failure: 3212 nlmsg_free(msg); 3213 return -EINVAL; 3214} 3215 3216 3217static int nl80211_get_country(struct nl_msg *msg, void *arg) 3218{ 3219 char *alpha2 = arg; 3220 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3221 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3222 3223 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3224 genlmsg_attrlen(gnlh, 0), NULL); 3225 if (!tb_msg[NL80211_ATTR_REG_ALPHA2]) { 3226 wpa_printf(MSG_DEBUG, "nl80211: No country information available"); 3227 return NL_SKIP; 3228 } 3229 os_strlcpy(alpha2, nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 3); 3230 return NL_SKIP; 3231} 3232 3233 3234static int wpa_driver_nl80211_get_country(void *priv, char *alpha2) 3235{ 3236 struct i802_bss *bss = priv; 3237 struct wpa_driver_nl80211_data *drv = bss->drv; 3238 struct nl_msg *msg; 3239 int ret; 3240 3241 msg = nlmsg_alloc(); 3242 if (!msg) 3243 return -ENOMEM; 3244 3245 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 3246 alpha2[0] = '\0'; 3247 ret = send_and_recv_msgs(drv, msg, nl80211_get_country, alpha2); 3248 if (!alpha2[0]) 3249 ret = -1; 3250 3251 return ret; 3252} 3253 3254 3255static int protocol_feature_handler(struct nl_msg *msg, void *arg) 3256{ 3257 u32 *feat = arg; 3258 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3259 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3260 3261 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3262 genlmsg_attrlen(gnlh, 0), NULL); 3263 3264 if (tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]) 3265 *feat = nla_get_u32(tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]); 3266 3267 return NL_SKIP; 3268} 3269 3270 3271static u32 get_nl80211_protocol_features(struct wpa_driver_nl80211_data *drv) 3272{ 3273 u32 feat = 0; 3274 struct nl_msg *msg; 3275 3276 msg = nlmsg_alloc(); 3277 if (!msg) 3278 goto nla_put_failure; 3279 3280 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_PROTOCOL_FEATURES); 3281 if (send_and_recv_msgs(drv, msg, protocol_feature_handler, &feat) == 0) 3282 return feat; 3283 3284 msg = NULL; 3285nla_put_failure: 3286 nlmsg_free(msg); 3287 return 0; 3288} 3289 3290 3291struct wiphy_info_data { 3292 struct wpa_driver_nl80211_data *drv; 3293 struct wpa_driver_capa *capa; 3294 3295 unsigned int num_multichan_concurrent; 3296 3297 unsigned int error:1; 3298 unsigned int device_ap_sme:1; 3299 unsigned int poll_command_supported:1; 3300 unsigned int data_tx_status:1; 3301 unsigned int monitor_supported:1; 3302 unsigned int auth_supported:1; 3303 unsigned int connect_supported:1; 3304 unsigned int p2p_go_supported:1; 3305 unsigned int p2p_client_supported:1; 3306 unsigned int p2p_concurrent:1; 3307 unsigned int channel_switch_supported:1; 3308 unsigned int set_qos_map_supported:1; 3309}; 3310 3311 3312static unsigned int probe_resp_offload_support(int supp_protocols) 3313{ 3314 unsigned int prot = 0; 3315 3316 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS) 3317 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS; 3318 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2) 3319 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2; 3320 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P) 3321 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P; 3322 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U) 3323 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING; 3324 3325 return prot; 3326} 3327 3328 3329static void wiphy_info_supported_iftypes(struct wiphy_info_data *info, 3330 struct nlattr *tb) 3331{ 3332 struct nlattr *nl_mode; 3333 int i; 3334 3335 if (tb == NULL) 3336 return; 3337 3338 nla_for_each_nested(nl_mode, tb, i) { 3339 switch (nla_type(nl_mode)) { 3340 case NL80211_IFTYPE_AP: 3341 info->capa->flags |= WPA_DRIVER_FLAGS_AP; 3342 break; 3343 case NL80211_IFTYPE_ADHOC: 3344 info->capa->flags |= WPA_DRIVER_FLAGS_IBSS; 3345 break; 3346 case NL80211_IFTYPE_P2P_DEVICE: 3347 info->capa->flags |= 3348 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE; 3349 break; 3350 case NL80211_IFTYPE_P2P_GO: 3351 info->p2p_go_supported = 1; 3352 break; 3353 case NL80211_IFTYPE_P2P_CLIENT: 3354 info->p2p_client_supported = 1; 3355 break; 3356 case NL80211_IFTYPE_MONITOR: 3357 info->monitor_supported = 1; 3358 break; 3359 } 3360 } 3361} 3362 3363 3364static int wiphy_info_iface_comb_process(struct wiphy_info_data *info, 3365 struct nlattr *nl_combi) 3366{ 3367 struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB]; 3368 struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT]; 3369 struct nlattr *nl_limit, *nl_mode; 3370 int err, rem_limit, rem_mode; 3371 int combination_has_p2p = 0, combination_has_mgd = 0; 3372 static struct nla_policy 3373 iface_combination_policy[NUM_NL80211_IFACE_COMB] = { 3374 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED }, 3375 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 }, 3376 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG }, 3377 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 }, 3378 [NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS] = { .type = NLA_U32 }, 3379 }, 3380 iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = { 3381 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED }, 3382 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 }, 3383 }; 3384 3385 err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB, 3386 nl_combi, iface_combination_policy); 3387 if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] || 3388 !tb_comb[NL80211_IFACE_COMB_MAXNUM] || 3389 !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]) 3390 return 0; /* broken combination */ 3391 3392 if (tb_comb[NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS]) 3393 info->capa->flags |= WPA_DRIVER_FLAGS_RADAR; 3394 3395 nla_for_each_nested(nl_limit, tb_comb[NL80211_IFACE_COMB_LIMITS], 3396 rem_limit) { 3397 err = nla_parse_nested(tb_limit, MAX_NL80211_IFACE_LIMIT, 3398 nl_limit, iface_limit_policy); 3399 if (err || !tb_limit[NL80211_IFACE_LIMIT_TYPES]) 3400 return 0; /* broken combination */ 3401 3402 nla_for_each_nested(nl_mode, 3403 tb_limit[NL80211_IFACE_LIMIT_TYPES], 3404 rem_mode) { 3405 int ift = nla_type(nl_mode); 3406 if (ift == NL80211_IFTYPE_P2P_GO || 3407 ift == NL80211_IFTYPE_P2P_CLIENT) 3408 combination_has_p2p = 1; 3409 if (ift == NL80211_IFTYPE_STATION) 3410 combination_has_mgd = 1; 3411 } 3412 if (combination_has_p2p && combination_has_mgd) 3413 break; 3414 } 3415 3416 if (combination_has_p2p && combination_has_mgd) { 3417 info->p2p_concurrent = 1; 3418 info->num_multichan_concurrent = 3419 nla_get_u32(tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]); 3420 return 1; 3421 } 3422 3423 return 0; 3424} 3425 3426 3427static void wiphy_info_iface_comb(struct wiphy_info_data *info, 3428 struct nlattr *tb) 3429{ 3430 struct nlattr *nl_combi; 3431 int rem_combi; 3432 3433 if (tb == NULL) 3434 return; 3435 3436 nla_for_each_nested(nl_combi, tb, rem_combi) { 3437 if (wiphy_info_iface_comb_process(info, nl_combi) > 0) 3438 break; 3439 } 3440} 3441 3442 3443static void wiphy_info_supp_cmds(struct wiphy_info_data *info, 3444 struct nlattr *tb) 3445{ 3446 struct nlattr *nl_cmd; 3447 int i; 3448 3449 if (tb == NULL) 3450 return; 3451 3452 nla_for_each_nested(nl_cmd, tb, i) { 3453 switch (nla_get_u32(nl_cmd)) { 3454 case NL80211_CMD_AUTHENTICATE: 3455 info->auth_supported = 1; 3456 break; 3457 case NL80211_CMD_CONNECT: 3458 info->connect_supported = 1; 3459 break; 3460 case NL80211_CMD_START_SCHED_SCAN: 3461 info->capa->sched_scan_supported = 1; 3462 break; 3463 case NL80211_CMD_PROBE_CLIENT: 3464 info->poll_command_supported = 1; 3465 break; 3466 case NL80211_CMD_CHANNEL_SWITCH: 3467 info->channel_switch_supported = 1; 3468 break; 3469 case NL80211_CMD_SET_QOS_MAP: 3470 info->set_qos_map_supported = 1; 3471 break; 3472 } 3473 } 3474} 3475 3476 3477static void wiphy_info_cipher_suites(struct wiphy_info_data *info, 3478 struct nlattr *tb) 3479{ 3480 int i, num; 3481 u32 *ciphers; 3482 3483 if (tb == NULL) 3484 return; 3485 3486 num = nla_len(tb) / sizeof(u32); 3487 ciphers = nla_data(tb); 3488 for (i = 0; i < num; i++) { 3489 u32 c = ciphers[i]; 3490 3491 wpa_printf(MSG_DEBUG, "nl80211: Supported cipher %02x-%02x-%02x:%d", 3492 c >> 24, (c >> 16) & 0xff, 3493 (c >> 8) & 0xff, c & 0xff); 3494 switch (c) { 3495 case WLAN_CIPHER_SUITE_CCMP_256: 3496 info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP_256; 3497 break; 3498 case WLAN_CIPHER_SUITE_GCMP_256: 3499 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP_256; 3500 break; 3501 case WLAN_CIPHER_SUITE_CCMP: 3502 info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP; 3503 break; 3504 case WLAN_CIPHER_SUITE_GCMP: 3505 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP; 3506 break; 3507 case WLAN_CIPHER_SUITE_TKIP: 3508 info->capa->enc |= WPA_DRIVER_CAPA_ENC_TKIP; 3509 break; 3510 case WLAN_CIPHER_SUITE_WEP104: 3511 info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP104; 3512 break; 3513 case WLAN_CIPHER_SUITE_WEP40: 3514 info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP40; 3515 break; 3516 case WLAN_CIPHER_SUITE_AES_CMAC: 3517 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP; 3518 break; 3519 case WLAN_CIPHER_SUITE_BIP_GMAC_128: 3520 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_128; 3521 break; 3522 case WLAN_CIPHER_SUITE_BIP_GMAC_256: 3523 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_256; 3524 break; 3525 case WLAN_CIPHER_SUITE_BIP_CMAC_256: 3526 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_CMAC_256; 3527 break; 3528 } 3529 } 3530} 3531 3532 3533static void wiphy_info_max_roc(struct wpa_driver_capa *capa, 3534 struct nlattr *tb) 3535{ 3536 if (tb) 3537 capa->max_remain_on_chan = nla_get_u32(tb); 3538} 3539 3540 3541static void wiphy_info_tdls(struct wpa_driver_capa *capa, struct nlattr *tdls, 3542 struct nlattr *ext_setup) 3543{ 3544 if (tdls == NULL) 3545 return; 3546 3547 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported"); 3548 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT; 3549 3550 if (ext_setup) { 3551 wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup"); 3552 capa->flags |= WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP; 3553 } 3554} 3555 3556 3557static void wiphy_info_feature_flags(struct wiphy_info_data *info, 3558 struct nlattr *tb) 3559{ 3560 u32 flags; 3561 struct wpa_driver_capa *capa = info->capa; 3562 3563 if (tb == NULL) 3564 return; 3565 3566 flags = nla_get_u32(tb); 3567 3568 if (flags & NL80211_FEATURE_SK_TX_STATUS) 3569 info->data_tx_status = 1; 3570 3571 if (flags & NL80211_FEATURE_INACTIVITY_TIMER) 3572 capa->flags |= WPA_DRIVER_FLAGS_INACTIVITY_TIMER; 3573 3574 if (flags & NL80211_FEATURE_SAE) 3575 capa->flags |= WPA_DRIVER_FLAGS_SAE; 3576 3577 if (flags & NL80211_FEATURE_NEED_OBSS_SCAN) 3578 capa->flags |= WPA_DRIVER_FLAGS_OBSS_SCAN; 3579} 3580 3581 3582static void wiphy_info_probe_resp_offload(struct wpa_driver_capa *capa, 3583 struct nlattr *tb) 3584{ 3585 u32 protocols; 3586 3587 if (tb == NULL) 3588 return; 3589 3590 protocols = nla_get_u32(tb); 3591 wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response offload in AP " 3592 "mode"); 3593 capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD; 3594 capa->probe_resp_offloads = probe_resp_offload_support(protocols); 3595} 3596 3597 3598static int wiphy_info_handler(struct nl_msg *msg, void *arg) 3599{ 3600 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3601 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3602 struct wiphy_info_data *info = arg; 3603 struct wpa_driver_capa *capa = info->capa; 3604 struct wpa_driver_nl80211_data *drv = info->drv; 3605 3606 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3607 genlmsg_attrlen(gnlh, 0), NULL); 3608 3609 if (tb[NL80211_ATTR_WIPHY_NAME]) 3610 os_strlcpy(drv->phyname, 3611 nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]), 3612 sizeof(drv->phyname)); 3613 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 3614 capa->max_scan_ssids = 3615 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 3616 3617 if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]) 3618 capa->max_sched_scan_ssids = 3619 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]); 3620 3621 if (tb[NL80211_ATTR_MAX_MATCH_SETS]) 3622 capa->max_match_sets = 3623 nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]); 3624 3625 if (tb[NL80211_ATTR_MAC_ACL_MAX]) 3626 capa->max_acl_mac_addrs = 3627 nla_get_u8(tb[NL80211_ATTR_MAC_ACL_MAX]); 3628 3629 wiphy_info_supported_iftypes(info, tb[NL80211_ATTR_SUPPORTED_IFTYPES]); 3630 wiphy_info_iface_comb(info, tb[NL80211_ATTR_INTERFACE_COMBINATIONS]); 3631 wiphy_info_supp_cmds(info, tb[NL80211_ATTR_SUPPORTED_COMMANDS]); 3632 wiphy_info_cipher_suites(info, tb[NL80211_ATTR_CIPHER_SUITES]); 3633 3634 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) { 3635 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based " 3636 "off-channel TX"); 3637 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 3638 } 3639 3640 if (tb[NL80211_ATTR_ROAM_SUPPORT]) { 3641 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming"); 3642 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION; 3643 } 3644 3645 wiphy_info_max_roc(capa, 3646 tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]); 3647 3648 if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD]) 3649 capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD; 3650 3651 wiphy_info_tdls(capa, tb[NL80211_ATTR_TDLS_SUPPORT], 3652 tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]); 3653 3654 if (tb[NL80211_ATTR_DEVICE_AP_SME]) 3655 info->device_ap_sme = 1; 3656 3657 wiphy_info_feature_flags(info, tb[NL80211_ATTR_FEATURE_FLAGS]); 3658 wiphy_info_probe_resp_offload(capa, 3659 tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]); 3660 3661 if (tb[NL80211_ATTR_EXT_CAPA] && tb[NL80211_ATTR_EXT_CAPA_MASK] && 3662 drv->extended_capa == NULL) { 3663 drv->extended_capa = 3664 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3665 if (drv->extended_capa) { 3666 os_memcpy(drv->extended_capa, 3667 nla_data(tb[NL80211_ATTR_EXT_CAPA]), 3668 nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3669 drv->extended_capa_len = 3670 nla_len(tb[NL80211_ATTR_EXT_CAPA]); 3671 } 3672 drv->extended_capa_mask = 3673 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3674 if (drv->extended_capa_mask) { 3675 os_memcpy(drv->extended_capa_mask, 3676 nla_data(tb[NL80211_ATTR_EXT_CAPA]), 3677 nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3678 } else { 3679 os_free(drv->extended_capa); 3680 drv->extended_capa = NULL; 3681 drv->extended_capa_len = 0; 3682 } 3683 } 3684 3685 if (tb[NL80211_ATTR_VENDOR_DATA]) { 3686 struct nlattr *nl; 3687 int rem; 3688 3689 nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_DATA], rem) { 3690 struct nl80211_vendor_cmd_info *vinfo; 3691 if (nla_len(nl) != sizeof(*vinfo)) { 3692 wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info"); 3693 continue; 3694 } 3695 vinfo = nla_data(nl); 3696 wpa_printf(MSG_DEBUG, "nl80211: Supported vendor command: vendor_id=0x%x subcmd=%u", 3697 vinfo->vendor_id, vinfo->subcmd); 3698 } 3699 } 3700 3701 if (tb[NL80211_ATTR_VENDOR_EVENTS]) { 3702 struct nlattr *nl; 3703 int rem; 3704 3705 nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_EVENTS], rem) { 3706 struct nl80211_vendor_cmd_info *vinfo; 3707 if (nla_len(nl) != sizeof(*vinfo)) { 3708 wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info"); 3709 continue; 3710 } 3711 vinfo = nla_data(nl); 3712 wpa_printf(MSG_DEBUG, "nl80211: Supported vendor event: vendor_id=0x%x subcmd=%u", 3713 vinfo->vendor_id, vinfo->subcmd); 3714 } 3715 } 3716 3717 return NL_SKIP; 3718} 3719 3720 3721static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 3722 struct wiphy_info_data *info) 3723{ 3724 u32 feat; 3725 struct nl_msg *msg; 3726 3727 os_memset(info, 0, sizeof(*info)); 3728 info->capa = &drv->capa; 3729 info->drv = drv; 3730 3731 msg = nlmsg_alloc(); 3732 if (!msg) 3733 return -1; 3734 3735 feat = get_nl80211_protocol_features(drv); 3736 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP) 3737 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY); 3738 else 3739 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 3740 3741 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP); 3742 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 3743 goto nla_put_failure; 3744 3745 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info)) 3746 return -1; 3747 3748 if (info->auth_supported) 3749 drv->capa.flags |= WPA_DRIVER_FLAGS_SME; 3750 else if (!info->connect_supported) { 3751 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 3752 "authentication/association or connect commands"); 3753 info->error = 1; 3754 } 3755 3756 if (info->p2p_go_supported && info->p2p_client_supported) 3757 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE; 3758 if (info->p2p_concurrent) { 3759 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 3760 "interface (driver advertised support)"); 3761 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 3762 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 3763 } 3764 if (info->num_multichan_concurrent > 1) { 3765 wpa_printf(MSG_DEBUG, "nl80211: Enable multi-channel " 3766 "concurrent (driver advertised support)"); 3767 drv->capa.num_multichan_concurrent = 3768 info->num_multichan_concurrent; 3769 } 3770 3771 /* default to 5000 since early versions of mac80211 don't set it */ 3772 if (!drv->capa.max_remain_on_chan) 3773 drv->capa.max_remain_on_chan = 5000; 3774 3775 if (info->channel_switch_supported) 3776 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_CSA; 3777 3778 return 0; 3779nla_put_failure: 3780 nlmsg_free(msg); 3781 return -1; 3782} 3783 3784 3785static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 3786{ 3787 struct wiphy_info_data info; 3788 if (wpa_driver_nl80211_get_info(drv, &info)) 3789 return -1; 3790 3791 if (info.error) 3792 return -1; 3793 3794 drv->has_capability = 1; 3795 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 3796 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 3797 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 3798 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 3799 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 3800 WPA_DRIVER_AUTH_SHARED | 3801 WPA_DRIVER_AUTH_LEAP; 3802 3803 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES; 3804 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 3805 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 3806 3807 if (!info.device_ap_sme) { 3808 drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS; 3809 3810 /* 3811 * No AP SME is currently assumed to also indicate no AP MLME 3812 * in the driver/firmware. 3813 */ 3814 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_MLME; 3815 } 3816 3817 drv->device_ap_sme = info.device_ap_sme; 3818 drv->poll_command_supported = info.poll_command_supported; 3819 drv->data_tx_status = info.data_tx_status; 3820 if (info.set_qos_map_supported) 3821 drv->capa.flags |= WPA_DRIVER_FLAGS_QOS_MAPPING; 3822 3823 /* 3824 * If poll command and tx status are supported, mac80211 is new enough 3825 * to have everything we need to not need monitor interfaces. 3826 */ 3827 drv->use_monitor = !info.poll_command_supported || !info.data_tx_status; 3828 3829 if (drv->device_ap_sme && drv->use_monitor) { 3830 /* 3831 * Non-mac80211 drivers may not support monitor interface. 3832 * Make sure we do not get stuck with incorrect capability here 3833 * by explicitly testing this. 3834 */ 3835 if (!info.monitor_supported) { 3836 wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor " 3837 "with device_ap_sme since no monitor mode " 3838 "support detected"); 3839 drv->use_monitor = 0; 3840 } 3841 } 3842 3843 /* 3844 * If we aren't going to use monitor interfaces, but the 3845 * driver doesn't support data TX status, we won't get TX 3846 * status for EAPOL frames. 3847 */ 3848 if (!drv->use_monitor && !info.data_tx_status) 3849 drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 3850 3851 return 0; 3852} 3853 3854 3855#ifdef ANDROID 3856static int android_genl_ctrl_resolve(struct nl_handle *handle, 3857 const char *name) 3858{ 3859 /* 3860 * Android ICS has very minimal genl_ctrl_resolve() implementation, so 3861 * need to work around that. 3862 */ 3863 struct nl_cache *cache = NULL; 3864 struct genl_family *nl80211 = NULL; 3865 int id = -1; 3866 3867 if (genl_ctrl_alloc_cache(handle, &cache) < 0) { 3868 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 3869 "netlink cache"); 3870 goto fail; 3871 } 3872 3873 nl80211 = genl_ctrl_search_by_name(cache, name); 3874 if (nl80211 == NULL) 3875 goto fail; 3876 3877 id = genl_family_get_id(nl80211); 3878 3879fail: 3880 if (nl80211) 3881 genl_family_put(nl80211); 3882 if (cache) 3883 nl_cache_free(cache); 3884 3885 return id; 3886} 3887#define genl_ctrl_resolve android_genl_ctrl_resolve 3888#endif /* ANDROID */ 3889 3890 3891static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global) 3892{ 3893 int ret; 3894 3895 global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 3896 if (global->nl_cb == NULL) { 3897 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 3898 "callbacks"); 3899 return -1; 3900 } 3901 3902 global->nl = nl_create_handle(global->nl_cb, "nl"); 3903 if (global->nl == NULL) 3904 goto err; 3905 3906 global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211"); 3907 if (global->nl80211_id < 0) { 3908 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 3909 "found"); 3910 goto err; 3911 } 3912 3913 global->nl_event = nl_create_handle(global->nl_cb, "event"); 3914 if (global->nl_event == NULL) 3915 goto err; 3916 3917 ret = nl_get_multicast_id(global, "nl80211", "scan"); 3918 if (ret >= 0) 3919 ret = nl_socket_add_membership(global->nl_event, ret); 3920 if (ret < 0) { 3921 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 3922 "membership for scan events: %d (%s)", 3923 ret, strerror(-ret)); 3924 goto err; 3925 } 3926 3927 ret = nl_get_multicast_id(global, "nl80211", "mlme"); 3928 if (ret >= 0) 3929 ret = nl_socket_add_membership(global->nl_event, ret); 3930 if (ret < 0) { 3931 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 3932 "membership for mlme events: %d (%s)", 3933 ret, strerror(-ret)); 3934 goto err; 3935 } 3936 3937 ret = nl_get_multicast_id(global, "nl80211", "regulatory"); 3938 if (ret >= 0) 3939 ret = nl_socket_add_membership(global->nl_event, ret); 3940 if (ret < 0) { 3941 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 3942 "membership for regulatory events: %d (%s)", 3943 ret, strerror(-ret)); 3944 /* Continue without regulatory events */ 3945 } 3946 3947 ret = nl_get_multicast_id(global, "nl80211", "vendor"); 3948 if (ret >= 0) 3949 ret = nl_socket_add_membership(global->nl_event, ret); 3950 if (ret < 0) { 3951 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 3952 "membership for vendor events: %d (%s)", 3953 ret, strerror(-ret)); 3954 /* Continue without vendor events */ 3955 } 3956 3957 nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 3958 no_seq_check, NULL); 3959 nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 3960 process_global_event, global); 3961 3962 nl80211_register_eloop_read(&global->nl_event, 3963 wpa_driver_nl80211_event_receive, 3964 global->nl_cb); 3965 3966 return 0; 3967 3968err: 3969 nl_destroy_handles(&global->nl_event); 3970 nl_destroy_handles(&global->nl); 3971 nl_cb_put(global->nl_cb); 3972 global->nl_cb = NULL; 3973 return -1; 3974} 3975 3976 3977static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) 3978{ 3979 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 3980 if (!drv->nl_cb) { 3981 wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct"); 3982 return -1; 3983 } 3984 3985 nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 3986 no_seq_check, NULL); 3987 nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 3988 process_drv_event, drv); 3989 3990 return 0; 3991} 3992 3993 3994static void wpa_driver_nl80211_rfkill_blocked(void *ctx) 3995{ 3996 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); 3997 /* 3998 * This may be for any interface; use ifdown event to disable 3999 * interface. 4000 */ 4001} 4002 4003 4004static void wpa_driver_nl80211_rfkill_unblocked(void *ctx) 4005{ 4006 struct wpa_driver_nl80211_data *drv = ctx; 4007 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked"); 4008 if (i802_set_iface_flags(drv->first_bss, 1)) { 4009 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP " 4010 "after rfkill unblock"); 4011 return; 4012 } 4013 /* rtnetlink ifup handler will report interface as enabled */ 4014} 4015 4016 4017static void wpa_driver_nl80211_handle_eapol_tx_status(int sock, 4018 void *eloop_ctx, 4019 void *handle) 4020{ 4021 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4022 u8 data[2048]; 4023 struct msghdr msg; 4024 struct iovec entry; 4025 u8 control[512]; 4026 struct cmsghdr *cmsg; 4027 int res, found_ee = 0, found_wifi = 0, acked = 0; 4028 union wpa_event_data event; 4029 4030 memset(&msg, 0, sizeof(msg)); 4031 msg.msg_iov = &entry; 4032 msg.msg_iovlen = 1; 4033 entry.iov_base = data; 4034 entry.iov_len = sizeof(data); 4035 msg.msg_control = &control; 4036 msg.msg_controllen = sizeof(control); 4037 4038 res = recvmsg(sock, &msg, MSG_ERRQUEUE); 4039 /* if error or not fitting 802.3 header, return */ 4040 if (res < 14) 4041 return; 4042 4043 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) 4044 { 4045 if (cmsg->cmsg_level == SOL_SOCKET && 4046 cmsg->cmsg_type == SCM_WIFI_STATUS) { 4047 int *ack; 4048 4049 found_wifi = 1; 4050 ack = (void *)CMSG_DATA(cmsg); 4051 acked = *ack; 4052 } 4053 4054 if (cmsg->cmsg_level == SOL_PACKET && 4055 cmsg->cmsg_type == PACKET_TX_TIMESTAMP) { 4056 struct sock_extended_err *err = 4057 (struct sock_extended_err *)CMSG_DATA(cmsg); 4058 4059 if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS) 4060 found_ee = 1; 4061 } 4062 } 4063 4064 if (!found_ee || !found_wifi) 4065 return; 4066 4067 memset(&event, 0, sizeof(event)); 4068 event.eapol_tx_status.dst = data; 4069 event.eapol_tx_status.data = data + 14; 4070 event.eapol_tx_status.data_len = res - 14; 4071 event.eapol_tx_status.ack = acked; 4072 wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event); 4073} 4074 4075 4076static int nl80211_init_bss(struct i802_bss *bss) 4077{ 4078 bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 4079 if (!bss->nl_cb) 4080 return -1; 4081 4082 nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 4083 no_seq_check, NULL); 4084 nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 4085 process_bss_event, bss); 4086 4087 return 0; 4088} 4089 4090 4091static void nl80211_destroy_bss(struct i802_bss *bss) 4092{ 4093 nl_cb_put(bss->nl_cb); 4094 bss->nl_cb = NULL; 4095} 4096 4097 4098static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname, 4099 void *global_priv, int hostapd, 4100 const u8 *set_addr) 4101{ 4102 struct wpa_driver_nl80211_data *drv; 4103 struct rfkill_config *rcfg; 4104 struct i802_bss *bss; 4105 4106 if (global_priv == NULL) 4107 return NULL; 4108 drv = os_zalloc(sizeof(*drv)); 4109 if (drv == NULL) 4110 return NULL; 4111 drv->global = global_priv; 4112 drv->ctx = ctx; 4113 drv->hostapd = !!hostapd; 4114 drv->eapol_sock = -1; 4115 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 4116 drv->if_indices = drv->default_if_indices; 4117 4118 drv->first_bss = os_zalloc(sizeof(*drv->first_bss)); 4119 if (!drv->first_bss) { 4120 os_free(drv); 4121 return NULL; 4122 } 4123 bss = drv->first_bss; 4124 bss->drv = drv; 4125 bss->ctx = ctx; 4126 4127 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 4128 drv->monitor_ifidx = -1; 4129 drv->monitor_sock = -1; 4130 drv->eapol_tx_sock = -1; 4131 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 4132 4133 if (wpa_driver_nl80211_init_nl(drv)) { 4134 os_free(drv); 4135 return NULL; 4136 } 4137 4138 if (nl80211_init_bss(bss)) 4139 goto failed; 4140 4141 rcfg = os_zalloc(sizeof(*rcfg)); 4142 if (rcfg == NULL) 4143 goto failed; 4144 rcfg->ctx = drv; 4145 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 4146 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked; 4147 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked; 4148 drv->rfkill = rfkill_init(rcfg); 4149 if (drv->rfkill == NULL) { 4150 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available"); 4151 os_free(rcfg); 4152 } 4153 4154 if (linux_iface_up(drv->global->ioctl_sock, ifname) > 0) 4155 drv->start_iface_up = 1; 4156 4157 if (wpa_driver_nl80211_finish_drv_init(drv, set_addr, 1)) 4158 goto failed; 4159 4160 drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0); 4161 if (drv->eapol_tx_sock < 0) 4162 goto failed; 4163 4164 if (drv->data_tx_status) { 4165 int enabled = 1; 4166 4167 if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS, 4168 &enabled, sizeof(enabled)) < 0) { 4169 wpa_printf(MSG_DEBUG, 4170 "nl80211: wifi status sockopt failed\n"); 4171 drv->data_tx_status = 0; 4172 if (!drv->use_monitor) 4173 drv->capa.flags &= 4174 ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 4175 } else { 4176 eloop_register_read_sock(drv->eapol_tx_sock, 4177 wpa_driver_nl80211_handle_eapol_tx_status, 4178 drv, NULL); 4179 } 4180 } 4181 4182 if (drv->global) { 4183 dl_list_add(&drv->global->interfaces, &drv->list); 4184 drv->in_interface_list = 1; 4185 } 4186 4187 return bss; 4188 4189failed: 4190 wpa_driver_nl80211_deinit(bss); 4191 return NULL; 4192} 4193 4194 4195/** 4196 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 4197 * @ctx: context to be used when calling wpa_supplicant functions, 4198 * e.g., wpa_supplicant_event() 4199 * @ifname: interface name, e.g., wlan0 4200 * @global_priv: private driver global data from global_init() 4201 * Returns: Pointer to private data, %NULL on failure 4202 */ 4203static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, 4204 void *global_priv) 4205{ 4206 return wpa_driver_nl80211_drv_init(ctx, ifname, global_priv, 0, NULL); 4207} 4208 4209 4210static int nl80211_register_frame(struct i802_bss *bss, 4211 struct nl_handle *nl_handle, 4212 u16 type, const u8 *match, size_t match_len) 4213{ 4214 struct wpa_driver_nl80211_data *drv = bss->drv; 4215 struct nl_msg *msg; 4216 int ret = -1; 4217 char buf[30]; 4218 4219 msg = nlmsg_alloc(); 4220 if (!msg) 4221 return -1; 4222 4223 buf[0] = '\0'; 4224 wpa_snprintf_hex(buf, sizeof(buf), match, match_len); 4225 wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x nl_handle=%p match=%s", 4226 type, nl_handle, buf); 4227 4228 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION); 4229 4230 if (nl80211_set_iface_id(msg, bss) < 0) 4231 goto nla_put_failure; 4232 4233 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type); 4234 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 4235 4236 ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL); 4237 msg = NULL; 4238 if (ret) { 4239 wpa_printf(MSG_DEBUG, "nl80211: Register frame command " 4240 "failed (type=%u): ret=%d (%s)", 4241 type, ret, strerror(-ret)); 4242 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 4243 match, match_len); 4244 goto nla_put_failure; 4245 } 4246 ret = 0; 4247nla_put_failure: 4248 nlmsg_free(msg); 4249 return ret; 4250} 4251 4252 4253static int nl80211_alloc_mgmt_handle(struct i802_bss *bss) 4254{ 4255 struct wpa_driver_nl80211_data *drv = bss->drv; 4256 4257 if (bss->nl_mgmt) { 4258 wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting " 4259 "already on! (nl_mgmt=%p)", bss->nl_mgmt); 4260 return -1; 4261 } 4262 4263 bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt"); 4264 if (bss->nl_mgmt == NULL) 4265 return -1; 4266 4267 return 0; 4268} 4269 4270 4271static void nl80211_mgmt_handle_register_eloop(struct i802_bss *bss) 4272{ 4273 nl80211_register_eloop_read(&bss->nl_mgmt, 4274 wpa_driver_nl80211_event_receive, 4275 bss->nl_cb); 4276} 4277 4278 4279static int nl80211_register_action_frame(struct i802_bss *bss, 4280 const u8 *match, size_t match_len) 4281{ 4282 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4); 4283 return nl80211_register_frame(bss, bss->nl_mgmt, 4284 type, match, match_len); 4285} 4286 4287 4288static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss) 4289{ 4290 struct wpa_driver_nl80211_data *drv = bss->drv; 4291 int ret = 0; 4292 4293 if (nl80211_alloc_mgmt_handle(bss)) 4294 return -1; 4295 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP " 4296 "handle %p", bss->nl_mgmt); 4297 4298 if (drv->nlmode == NL80211_IFTYPE_ADHOC) { 4299 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4); 4300 4301 /* register for any AUTH message */ 4302 nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0); 4303 } 4304 4305#ifdef CONFIG_INTERWORKING 4306 /* QoS Map Configure */ 4307 if (nl80211_register_action_frame(bss, (u8 *) "\x01\x04", 2) < 0) 4308 ret = -1; 4309#endif /* CONFIG_INTERWORKING */ 4310#if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING) 4311 /* GAS Initial Request */ 4312 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0) 4313 ret = -1; 4314 /* GAS Initial Response */ 4315 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0) 4316 ret = -1; 4317 /* GAS Comeback Request */ 4318 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0) 4319 ret = -1; 4320 /* GAS Comeback Response */ 4321 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0) 4322 ret = -1; 4323 /* Protected GAS Initial Request */ 4324 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0a", 2) < 0) 4325 ret = -1; 4326 /* Protected GAS Initial Response */ 4327 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0b", 2) < 0) 4328 ret = -1; 4329 /* Protected GAS Comeback Request */ 4330 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0c", 2) < 0) 4331 ret = -1; 4332 /* Protected GAS Comeback Response */ 4333 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0d", 2) < 0) 4334 ret = -1; 4335#endif /* CONFIG_P2P || CONFIG_INTERWORKING */ 4336#ifdef CONFIG_P2P 4337 /* P2P Public Action */ 4338 if (nl80211_register_action_frame(bss, 4339 (u8 *) "\x04\x09\x50\x6f\x9a\x09", 4340 6) < 0) 4341 ret = -1; 4342 /* P2P Action */ 4343 if (nl80211_register_action_frame(bss, 4344 (u8 *) "\x7f\x50\x6f\x9a\x09", 4345 5) < 0) 4346 ret = -1; 4347#endif /* CONFIG_P2P */ 4348#ifdef CONFIG_IEEE80211W 4349 /* SA Query Response */ 4350 if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0) 4351 ret = -1; 4352#endif /* CONFIG_IEEE80211W */ 4353#ifdef CONFIG_TDLS 4354 if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) { 4355 /* TDLS Discovery Response */ 4356 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) < 4357 0) 4358 ret = -1; 4359 } 4360#endif /* CONFIG_TDLS */ 4361 4362 /* FT Action frames */ 4363 if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0) 4364 ret = -1; 4365 else 4366 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 4367 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 4368 4369 /* WNM - BSS Transition Management Request */ 4370 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0) 4371 ret = -1; 4372 /* WNM-Sleep Mode Response */ 4373 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0) 4374 ret = -1; 4375 4376 nl80211_mgmt_handle_register_eloop(bss); 4377 4378 return ret; 4379} 4380 4381 4382static int nl80211_register_spurious_class3(struct i802_bss *bss) 4383{ 4384 struct wpa_driver_nl80211_data *drv = bss->drv; 4385 struct nl_msg *msg; 4386 int ret = -1; 4387 4388 msg = nlmsg_alloc(); 4389 if (!msg) 4390 return -1; 4391 4392 nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME); 4393 4394 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 4395 4396 ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL); 4397 msg = NULL; 4398 if (ret) { 4399 wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 " 4400 "failed: ret=%d (%s)", 4401 ret, strerror(-ret)); 4402 goto nla_put_failure; 4403 } 4404 ret = 0; 4405nla_put_failure: 4406 nlmsg_free(msg); 4407 return ret; 4408} 4409 4410 4411static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss) 4412{ 4413 static const int stypes[] = { 4414 WLAN_FC_STYPE_AUTH, 4415 WLAN_FC_STYPE_ASSOC_REQ, 4416 WLAN_FC_STYPE_REASSOC_REQ, 4417 WLAN_FC_STYPE_DISASSOC, 4418 WLAN_FC_STYPE_DEAUTH, 4419 WLAN_FC_STYPE_ACTION, 4420 WLAN_FC_STYPE_PROBE_REQ, 4421/* Beacon doesn't work as mac80211 doesn't currently allow 4422 * it, but it wouldn't really be the right thing anyway as 4423 * it isn't per interface ... maybe just dump the scan 4424 * results periodically for OLBC? 4425 */ 4426// WLAN_FC_STYPE_BEACON, 4427 }; 4428 unsigned int i; 4429 4430 if (nl80211_alloc_mgmt_handle(bss)) 4431 return -1; 4432 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 4433 "handle %p", bss->nl_mgmt); 4434 4435 for (i = 0; i < ARRAY_SIZE(stypes); i++) { 4436 if (nl80211_register_frame(bss, bss->nl_mgmt, 4437 (WLAN_FC_TYPE_MGMT << 2) | 4438 (stypes[i] << 4), 4439 NULL, 0) < 0) { 4440 goto out_err; 4441 } 4442 } 4443 4444 if (nl80211_register_spurious_class3(bss)) 4445 goto out_err; 4446 4447 if (nl80211_get_wiphy_data_ap(bss) == NULL) 4448 goto out_err; 4449 4450 nl80211_mgmt_handle_register_eloop(bss); 4451 return 0; 4452 4453out_err: 4454 nl_destroy_handles(&bss->nl_mgmt); 4455 return -1; 4456} 4457 4458 4459static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss) 4460{ 4461 if (nl80211_alloc_mgmt_handle(bss)) 4462 return -1; 4463 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 4464 "handle %p (device SME)", bss->nl_mgmt); 4465 4466 if (nl80211_register_frame(bss, bss->nl_mgmt, 4467 (WLAN_FC_TYPE_MGMT << 2) | 4468 (WLAN_FC_STYPE_ACTION << 4), 4469 NULL, 0) < 0) 4470 goto out_err; 4471 4472 nl80211_mgmt_handle_register_eloop(bss); 4473 return 0; 4474 4475out_err: 4476 nl_destroy_handles(&bss->nl_mgmt); 4477 return -1; 4478} 4479 4480 4481static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason) 4482{ 4483 if (bss->nl_mgmt == NULL) 4484 return; 4485 wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p " 4486 "(%s)", bss->nl_mgmt, reason); 4487 nl80211_destroy_eloop_handle(&bss->nl_mgmt); 4488 4489 nl80211_put_wiphy_data_ap(bss); 4490} 4491 4492 4493static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx) 4494{ 4495 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 4496} 4497 4498 4499static void nl80211_del_p2pdev(struct i802_bss *bss) 4500{ 4501 struct wpa_driver_nl80211_data *drv = bss->drv; 4502 struct nl_msg *msg; 4503 int ret; 4504 4505 msg = nlmsg_alloc(); 4506 if (!msg) 4507 return; 4508 4509 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 4510 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 4511 4512 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4513 msg = NULL; 4514 4515 wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s", 4516 bss->ifname, (long long unsigned int) bss->wdev_id, 4517 strerror(-ret)); 4518 4519nla_put_failure: 4520 nlmsg_free(msg); 4521} 4522 4523 4524static int nl80211_set_p2pdev(struct i802_bss *bss, int start) 4525{ 4526 struct wpa_driver_nl80211_data *drv = bss->drv; 4527 struct nl_msg *msg; 4528 int ret = -1; 4529 4530 msg = nlmsg_alloc(); 4531 if (!msg) 4532 return -1; 4533 4534 if (start) 4535 nl80211_cmd(drv, msg, 0, NL80211_CMD_START_P2P_DEVICE); 4536 else 4537 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_P2P_DEVICE); 4538 4539 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 4540 4541 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4542 msg = NULL; 4543 4544 wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s", 4545 start ? "Start" : "Stop", 4546 bss->ifname, (long long unsigned int) bss->wdev_id, 4547 strerror(-ret)); 4548 4549nla_put_failure: 4550 nlmsg_free(msg); 4551 return ret; 4552} 4553 4554 4555static int i802_set_iface_flags(struct i802_bss *bss, int up) 4556{ 4557 enum nl80211_iftype nlmode; 4558 4559 nlmode = nl80211_get_ifmode(bss); 4560 if (nlmode != NL80211_IFTYPE_P2P_DEVICE) { 4561 return linux_set_iface_flags(bss->drv->global->ioctl_sock, 4562 bss->ifname, up); 4563 } 4564 4565 /* P2P Device has start/stop which is equivalent */ 4566 return nl80211_set_p2pdev(bss, up); 4567} 4568 4569 4570static int 4571wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv, 4572 const u8 *set_addr, int first) 4573{ 4574 struct i802_bss *bss = drv->first_bss; 4575 int send_rfkill_event = 0; 4576 enum nl80211_iftype nlmode; 4577 4578 drv->ifindex = if_nametoindex(bss->ifname); 4579 bss->ifindex = drv->ifindex; 4580 bss->wdev_id = drv->global->if_add_wdevid; 4581 bss->wdev_id_set = drv->global->if_add_wdevid_set; 4582 4583 bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex; 4584 bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set; 4585 drv->global->if_add_wdevid_set = 0; 4586 4587 if (wpa_driver_nl80211_capa(drv)) 4588 return -1; 4589 4590 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s", 4591 bss->ifname, drv->phyname); 4592 4593 if (set_addr && 4594 (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) || 4595 linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 4596 set_addr))) 4597 return -1; 4598 4599 if (first && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP) 4600 drv->start_mode_ap = 1; 4601 4602 if (drv->hostapd) 4603 nlmode = NL80211_IFTYPE_AP; 4604 else if (bss->if_dynamic) 4605 nlmode = nl80211_get_ifmode(bss); 4606 else 4607 nlmode = NL80211_IFTYPE_STATION; 4608 4609 if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) { 4610 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver mode"); 4611 return -1; 4612 } 4613 4614 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) { 4615 int ret = nl80211_set_p2pdev(bss, 1); 4616 if (ret < 0) 4617 wpa_printf(MSG_ERROR, "nl80211: Could not start P2P device"); 4618 nl80211_get_macaddr(bss); 4619 return ret; 4620 } 4621 4622 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) { 4623 if (rfkill_is_blocked(drv->rfkill)) { 4624 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable " 4625 "interface '%s' due to rfkill", 4626 bss->ifname); 4627 drv->if_disabled = 1; 4628 send_rfkill_event = 1; 4629 } else { 4630 wpa_printf(MSG_ERROR, "nl80211: Could not set " 4631 "interface '%s' UP", bss->ifname); 4632 return -1; 4633 } 4634 } 4635 4636 if (!drv->hostapd) 4637 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 4638 1, IF_OPER_DORMANT); 4639 4640 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 4641 bss->addr)) 4642 return -1; 4643 4644 if (send_rfkill_event) { 4645 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill, 4646 drv, drv->ctx); 4647 } 4648 4649 return 0; 4650} 4651 4652 4653static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 4654{ 4655 struct nl_msg *msg; 4656 4657 msg = nlmsg_alloc(); 4658 if (!msg) 4659 return -ENOMEM; 4660 4661 wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)", 4662 drv->ifindex); 4663 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON); 4664 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4665 4666 return send_and_recv_msgs(drv, msg, NULL, NULL); 4667 nla_put_failure: 4668 nlmsg_free(msg); 4669 return -ENOBUFS; 4670} 4671 4672 4673/** 4674 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 4675 * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init() 4676 * 4677 * Shut down driver interface and processing of driver events. Free 4678 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 4679 */ 4680static void wpa_driver_nl80211_deinit(struct i802_bss *bss) 4681{ 4682 struct wpa_driver_nl80211_data *drv = bss->drv; 4683 4684 bss->in_deinit = 1; 4685 if (drv->data_tx_status) 4686 eloop_unregister_read_sock(drv->eapol_tx_sock); 4687 if (drv->eapol_tx_sock >= 0) 4688 close(drv->eapol_tx_sock); 4689 4690 if (bss->nl_preq) 4691 wpa_driver_nl80211_probe_req_report(bss, 0); 4692 if (bss->added_if_into_bridge) { 4693 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 4694 bss->ifname) < 0) 4695 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 4696 "interface %s from bridge %s: %s", 4697 bss->ifname, bss->brname, strerror(errno)); 4698 } 4699 if (bss->added_bridge) { 4700 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 4701 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 4702 "bridge %s: %s", 4703 bss->brname, strerror(errno)); 4704 } 4705 4706 nl80211_remove_monitor_interface(drv); 4707 4708 if (is_ap_interface(drv->nlmode)) 4709 wpa_driver_nl80211_del_beacon(drv); 4710 4711 if (drv->eapol_sock >= 0) { 4712 eloop_unregister_read_sock(drv->eapol_sock); 4713 close(drv->eapol_sock); 4714 } 4715 4716 if (drv->if_indices != drv->default_if_indices) 4717 os_free(drv->if_indices); 4718 4719 if (drv->disabled_11b_rates) 4720 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 4721 4722 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0, 4723 IF_OPER_UP); 4724 rfkill_deinit(drv->rfkill); 4725 4726 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 4727 4728 if (!drv->start_iface_up) 4729 (void) i802_set_iface_flags(bss, 0); 4730 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) { 4731 if (!drv->hostapd || !drv->start_mode_ap) 4732 wpa_driver_nl80211_set_mode(bss, 4733 NL80211_IFTYPE_STATION); 4734 nl80211_mgmt_unsubscribe(bss, "deinit"); 4735 } else { 4736 nl80211_mgmt_unsubscribe(bss, "deinit"); 4737 nl80211_del_p2pdev(bss); 4738 } 4739 nl_cb_put(drv->nl_cb); 4740 4741 nl80211_destroy_bss(drv->first_bss); 4742 4743 os_free(drv->filter_ssids); 4744 4745 os_free(drv->auth_ie); 4746 4747 if (drv->in_interface_list) 4748 dl_list_del(&drv->list); 4749 4750 os_free(drv->extended_capa); 4751 os_free(drv->extended_capa_mask); 4752 os_free(drv->first_bss); 4753 os_free(drv); 4754} 4755 4756 4757/** 4758 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 4759 * @eloop_ctx: Driver private data 4760 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 4761 * 4762 * This function can be used as registered timeout when starting a scan to 4763 * generate a scan completed event if the driver does not report this. 4764 */ 4765static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 4766{ 4767 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4768 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) { 4769 wpa_driver_nl80211_set_mode(drv->first_bss, 4770 drv->ap_scan_as_station); 4771 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 4772 } 4773 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 4774 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 4775} 4776 4777 4778static struct nl_msg * 4779nl80211_scan_common(struct wpa_driver_nl80211_data *drv, u8 cmd, 4780 struct wpa_driver_scan_params *params, u64 *wdev_id) 4781{ 4782 struct nl_msg *msg; 4783 size_t i; 4784 4785 msg = nlmsg_alloc(); 4786 if (!msg) 4787 return NULL; 4788 4789 nl80211_cmd(drv, msg, 0, cmd); 4790 4791 if (!wdev_id) 4792 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4793 else 4794 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, *wdev_id); 4795 4796 if (params->num_ssids) { 4797 struct nlattr *ssids; 4798 4799 ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 4800 if (ssids == NULL) 4801 goto fail; 4802 for (i = 0; i < params->num_ssids; i++) { 4803 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 4804 params->ssids[i].ssid, 4805 params->ssids[i].ssid_len); 4806 if (nla_put(msg, i + 1, params->ssids[i].ssid_len, 4807 params->ssids[i].ssid) < 0) 4808 goto fail; 4809 } 4810 nla_nest_end(msg, ssids); 4811 } 4812 4813 if (params->extra_ies) { 4814 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", 4815 params->extra_ies, params->extra_ies_len); 4816 if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len, 4817 params->extra_ies) < 0) 4818 goto fail; 4819 } 4820 4821 if (params->freqs) { 4822 struct nlattr *freqs; 4823 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 4824 if (freqs == NULL) 4825 goto fail; 4826 for (i = 0; params->freqs[i]; i++) { 4827 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 4828 "MHz", params->freqs[i]); 4829 if (nla_put_u32(msg, i + 1, params->freqs[i]) < 0) 4830 goto fail; 4831 } 4832 nla_nest_end(msg, freqs); 4833 } 4834 4835 os_free(drv->filter_ssids); 4836 drv->filter_ssids = params->filter_ssids; 4837 params->filter_ssids = NULL; 4838 drv->num_filter_ssids = params->num_filter_ssids; 4839 4840 if (params->only_new_results) { 4841 wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_FLUSH"); 4842 NLA_PUT_U32(msg, NL80211_ATTR_SCAN_FLAGS, 4843 NL80211_SCAN_FLAG_FLUSH); 4844 } 4845 4846 return msg; 4847 4848fail: 4849nla_put_failure: 4850 nlmsg_free(msg); 4851 return NULL; 4852} 4853 4854 4855/** 4856 * wpa_driver_nl80211_scan - Request the driver to initiate scan 4857 * @bss: Pointer to private driver data from wpa_driver_nl80211_init() 4858 * @params: Scan parameters 4859 * Returns: 0 on success, -1 on failure 4860 */ 4861static int wpa_driver_nl80211_scan(struct i802_bss *bss, 4862 struct wpa_driver_scan_params *params) 4863{ 4864 struct wpa_driver_nl80211_data *drv = bss->drv; 4865 int ret = -1, timeout; 4866 struct nl_msg *msg = NULL; 4867 4868 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request"); 4869 drv->scan_for_auth = 0; 4870 4871 msg = nl80211_scan_common(drv, NL80211_CMD_TRIGGER_SCAN, params, 4872 bss->wdev_id_set ? &bss->wdev_id : NULL); 4873 if (!msg) 4874 return -1; 4875 4876 if (params->p2p_probe) { 4877 struct nlattr *rates; 4878 4879 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates"); 4880 4881 rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES); 4882 if (rates == NULL) 4883 goto nla_put_failure; 4884 4885 /* 4886 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates 4887 * by masking out everything else apart from the OFDM rates 6, 4888 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz 4889 * rates are left enabled. 4890 */ 4891 NLA_PUT(msg, NL80211_BAND_2GHZ, 8, 4892 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 4893 nla_nest_end(msg, rates); 4894 4895 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 4896 } 4897 4898 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4899 msg = NULL; 4900 if (ret) { 4901 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 4902 "(%s)", ret, strerror(-ret)); 4903 if (drv->hostapd && is_ap_interface(drv->nlmode)) { 4904 enum nl80211_iftype old_mode = drv->nlmode; 4905 4906 /* 4907 * mac80211 does not allow scan requests in AP mode, so 4908 * try to do this in station mode. 4909 */ 4910 if (wpa_driver_nl80211_set_mode( 4911 bss, NL80211_IFTYPE_STATION)) 4912 goto nla_put_failure; 4913 4914 if (wpa_driver_nl80211_scan(bss, params)) { 4915 wpa_driver_nl80211_set_mode(bss, drv->nlmode); 4916 goto nla_put_failure; 4917 } 4918 4919 /* Restore AP mode when processing scan results */ 4920 drv->ap_scan_as_station = old_mode; 4921 ret = 0; 4922 } else 4923 goto nla_put_failure; 4924 } 4925 4926 drv->scan_state = SCAN_REQUESTED; 4927 /* Not all drivers generate "scan completed" wireless event, so try to 4928 * read results after a timeout. */ 4929 timeout = 10; 4930 if (drv->scan_complete_events) { 4931 /* 4932 * The driver seems to deliver events to notify when scan is 4933 * complete, so use longer timeout to avoid race conditions 4934 * with scanning and following association request. 4935 */ 4936 timeout = 30; 4937 } 4938 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 4939 "seconds", ret, timeout); 4940 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 4941 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 4942 drv, drv->ctx); 4943 4944nla_put_failure: 4945 nlmsg_free(msg); 4946 return ret; 4947} 4948 4949 4950/** 4951 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan 4952 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 4953 * @params: Scan parameters 4954 * @interval: Interval between scan cycles in milliseconds 4955 * Returns: 0 on success, -1 on failure or if not supported 4956 */ 4957static int wpa_driver_nl80211_sched_scan(void *priv, 4958 struct wpa_driver_scan_params *params, 4959 u32 interval) 4960{ 4961 struct i802_bss *bss = priv; 4962 struct wpa_driver_nl80211_data *drv = bss->drv; 4963 int ret = -1; 4964 struct nl_msg *msg; 4965 size_t i; 4966 4967 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request"); 4968 4969#ifdef ANDROID 4970 if (!drv->capa.sched_scan_supported) 4971 return android_pno_start(bss, params); 4972#endif /* ANDROID */ 4973 4974 msg = nl80211_scan_common(drv, NL80211_CMD_START_SCHED_SCAN, params, 4975 bss->wdev_id_set ? &bss->wdev_id : NULL); 4976 if (!msg) 4977 goto nla_put_failure; 4978 4979 NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval); 4980 4981 if ((drv->num_filter_ssids && 4982 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) || 4983 params->filter_rssi) { 4984 struct nlattr *match_sets; 4985 match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH); 4986 if (match_sets == NULL) 4987 goto nla_put_failure; 4988 4989 for (i = 0; i < drv->num_filter_ssids; i++) { 4990 struct nlattr *match_set_ssid; 4991 wpa_hexdump_ascii(MSG_MSGDUMP, 4992 "nl80211: Sched scan filter SSID", 4993 drv->filter_ssids[i].ssid, 4994 drv->filter_ssids[i].ssid_len); 4995 4996 match_set_ssid = nla_nest_start(msg, i + 1); 4997 if (match_set_ssid == NULL) 4998 goto nla_put_failure; 4999 NLA_PUT(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID, 5000 drv->filter_ssids[i].ssid_len, 5001 drv->filter_ssids[i].ssid); 5002 if (params->filter_rssi) 5003 NLA_PUT_U32(msg, 5004 NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 5005 params->filter_rssi); 5006 5007 nla_nest_end(msg, match_set_ssid); 5008 } 5009 5010 /* 5011 * Due to backward compatibility code, newer kernels treat this 5012 * matchset (with only an RSSI filter) as the default for all 5013 * other matchsets, unless it's the only one, in which case the 5014 * matchset will actually allow all SSIDs above the RSSI. 5015 */ 5016 if (params->filter_rssi) { 5017 struct nlattr *match_set_rssi; 5018 match_set_rssi = nla_nest_start(msg, 0); 5019 if (match_set_rssi == NULL) 5020 goto nla_put_failure; 5021 NLA_PUT_U32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 5022 params->filter_rssi); 5023 wpa_printf(MSG_MSGDUMP, 5024 "nl80211: Sched scan RSSI filter %d dBm", 5025 params->filter_rssi); 5026 nla_nest_end(msg, match_set_rssi); 5027 } 5028 5029 nla_nest_end(msg, match_sets); 5030 } 5031 5032 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5033 5034 /* TODO: if we get an error here, we should fall back to normal scan */ 5035 5036 msg = NULL; 5037 if (ret) { 5038 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: " 5039 "ret=%d (%s)", ret, strerror(-ret)); 5040 goto nla_put_failure; 5041 } 5042 5043 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - " 5044 "scan interval %d msec", ret, interval); 5045 5046nla_put_failure: 5047 nlmsg_free(msg); 5048 return ret; 5049} 5050 5051 5052/** 5053 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan 5054 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 5055 * Returns: 0 on success, -1 on failure or if not supported 5056 */ 5057static int wpa_driver_nl80211_stop_sched_scan(void *priv) 5058{ 5059 struct i802_bss *bss = priv; 5060 struct wpa_driver_nl80211_data *drv = bss->drv; 5061 int ret = 0; 5062 struct nl_msg *msg; 5063 5064#ifdef ANDROID 5065 if (!drv->capa.sched_scan_supported) 5066 return android_pno_stop(bss); 5067#endif /* ANDROID */ 5068 5069 msg = nlmsg_alloc(); 5070 if (!msg) 5071 return -1; 5072 5073 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN); 5074 5075 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5076 5077 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5078 msg = NULL; 5079 if (ret) { 5080 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: " 5081 "ret=%d (%s)", ret, strerror(-ret)); 5082 goto nla_put_failure; 5083 } 5084 5085 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret); 5086 5087nla_put_failure: 5088 nlmsg_free(msg); 5089 return ret; 5090} 5091 5092 5093static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 5094{ 5095 const u8 *end, *pos; 5096 5097 if (ies == NULL) 5098 return NULL; 5099 5100 pos = ies; 5101 end = ies + ies_len; 5102 5103 while (pos + 1 < end) { 5104 if (pos + 2 + pos[1] > end) 5105 break; 5106 if (pos[0] == ie) 5107 return pos; 5108 pos += 2 + pos[1]; 5109 } 5110 5111 return NULL; 5112} 5113 5114 5115static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 5116 const u8 *ie, size_t ie_len) 5117{ 5118 const u8 *ssid; 5119 size_t i; 5120 5121 if (drv->filter_ssids == NULL) 5122 return 0; 5123 5124 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 5125 if (ssid == NULL) 5126 return 1; 5127 5128 for (i = 0; i < drv->num_filter_ssids; i++) { 5129 if (ssid[1] == drv->filter_ssids[i].ssid_len && 5130 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 5131 0) 5132 return 0; 5133 } 5134 5135 return 1; 5136} 5137 5138 5139static int bss_info_handler(struct nl_msg *msg, void *arg) 5140{ 5141 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 5142 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5143 struct nlattr *bss[NL80211_BSS_MAX + 1]; 5144 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 5145 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 5146 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 5147 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 5148 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 5149 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 5150 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 5151 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 5152 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 5153 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 5154 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 5155 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 5156 }; 5157 struct nl80211_bss_info_arg *_arg = arg; 5158 struct wpa_scan_results *res = _arg->res; 5159 struct wpa_scan_res **tmp; 5160 struct wpa_scan_res *r; 5161 const u8 *ie, *beacon_ie; 5162 size_t ie_len, beacon_ie_len; 5163 u8 *pos; 5164 size_t i; 5165 5166 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5167 genlmsg_attrlen(gnlh, 0), NULL); 5168 if (!tb[NL80211_ATTR_BSS]) 5169 return NL_SKIP; 5170 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 5171 bss_policy)) 5172 return NL_SKIP; 5173 if (bss[NL80211_BSS_STATUS]) { 5174 enum nl80211_bss_status status; 5175 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 5176 if (status == NL80211_BSS_STATUS_ASSOCIATED && 5177 bss[NL80211_BSS_FREQUENCY]) { 5178 _arg->assoc_freq = 5179 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 5180 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz", 5181 _arg->assoc_freq); 5182 } 5183 if (status == NL80211_BSS_STATUS_ASSOCIATED && 5184 bss[NL80211_BSS_BSSID]) { 5185 os_memcpy(_arg->assoc_bssid, 5186 nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN); 5187 wpa_printf(MSG_DEBUG, "nl80211: Associated with " 5188 MACSTR, MAC2STR(_arg->assoc_bssid)); 5189 } 5190 } 5191 if (!res) 5192 return NL_SKIP; 5193 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 5194 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 5195 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 5196 } else { 5197 ie = NULL; 5198 ie_len = 0; 5199 } 5200 if (bss[NL80211_BSS_BEACON_IES]) { 5201 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 5202 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 5203 } else { 5204 beacon_ie = NULL; 5205 beacon_ie_len = 0; 5206 } 5207 5208 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 5209 ie ? ie_len : beacon_ie_len)) 5210 return NL_SKIP; 5211 5212 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 5213 if (r == NULL) 5214 return NL_SKIP; 5215 if (bss[NL80211_BSS_BSSID]) 5216 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 5217 ETH_ALEN); 5218 if (bss[NL80211_BSS_FREQUENCY]) 5219 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 5220 if (bss[NL80211_BSS_BEACON_INTERVAL]) 5221 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 5222 if (bss[NL80211_BSS_CAPABILITY]) 5223 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 5224 r->flags |= WPA_SCAN_NOISE_INVALID; 5225 if (bss[NL80211_BSS_SIGNAL_MBM]) { 5226 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 5227 r->level /= 100; /* mBm to dBm */ 5228 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 5229 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 5230 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 5231 r->flags |= WPA_SCAN_QUAL_INVALID; 5232 } else 5233 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 5234 if (bss[NL80211_BSS_TSF]) 5235 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 5236 if (bss[NL80211_BSS_SEEN_MS_AGO]) 5237 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 5238 r->ie_len = ie_len; 5239 pos = (u8 *) (r + 1); 5240 if (ie) { 5241 os_memcpy(pos, ie, ie_len); 5242 pos += ie_len; 5243 } 5244 r->beacon_ie_len = beacon_ie_len; 5245 if (beacon_ie) 5246 os_memcpy(pos, beacon_ie, beacon_ie_len); 5247 5248 if (bss[NL80211_BSS_STATUS]) { 5249 enum nl80211_bss_status status; 5250 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 5251 switch (status) { 5252 case NL80211_BSS_STATUS_AUTHENTICATED: 5253 r->flags |= WPA_SCAN_AUTHENTICATED; 5254 break; 5255 case NL80211_BSS_STATUS_ASSOCIATED: 5256 r->flags |= WPA_SCAN_ASSOCIATED; 5257 break; 5258 default: 5259 break; 5260 } 5261 } 5262 5263 /* 5264 * cfg80211 maintains separate BSS table entries for APs if the same 5265 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does 5266 * not use frequency as a separate key in the BSS table, so filter out 5267 * duplicated entries. Prefer associated BSS entry in such a case in 5268 * order to get the correct frequency into the BSS table. Similarly, 5269 * prefer newer entries over older. 5270 */ 5271 for (i = 0; i < res->num; i++) { 5272 const u8 *s1, *s2; 5273 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0) 5274 continue; 5275 5276 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1), 5277 res->res[i]->ie_len, WLAN_EID_SSID); 5278 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID); 5279 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] || 5280 os_memcmp(s1, s2, 2 + s1[1]) != 0) 5281 continue; 5282 5283 /* Same BSSID,SSID was already included in scan results */ 5284 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result " 5285 "for " MACSTR, MAC2STR(r->bssid)); 5286 5287 if (((r->flags & WPA_SCAN_ASSOCIATED) && 5288 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) || 5289 r->age < res->res[i]->age) { 5290 os_free(res->res[i]); 5291 res->res[i] = r; 5292 } else 5293 os_free(r); 5294 return NL_SKIP; 5295 } 5296 5297 tmp = os_realloc_array(res->res, res->num + 1, 5298 sizeof(struct wpa_scan_res *)); 5299 if (tmp == NULL) { 5300 os_free(r); 5301 return NL_SKIP; 5302 } 5303 tmp[res->num++] = r; 5304 res->res = tmp; 5305 5306 return NL_SKIP; 5307} 5308 5309 5310static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 5311 const u8 *addr) 5312{ 5313 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 5314 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 5315 "mismatch (" MACSTR ")", MAC2STR(addr)); 5316 wpa_driver_nl80211_mlme(drv, addr, 5317 NL80211_CMD_DEAUTHENTICATE, 5318 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 5319 } 5320} 5321 5322 5323static void wpa_driver_nl80211_check_bss_status( 5324 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 5325{ 5326 size_t i; 5327 5328 for (i = 0; i < res->num; i++) { 5329 struct wpa_scan_res *r = res->res[i]; 5330 if (r->flags & WPA_SCAN_AUTHENTICATED) { 5331 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 5332 "indicates BSS status with " MACSTR 5333 " as authenticated", 5334 MAC2STR(r->bssid)); 5335 if (is_sta_interface(drv->nlmode) && 5336 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 5337 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 5338 0) { 5339 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 5340 " in local state (auth=" MACSTR 5341 " assoc=" MACSTR ")", 5342 MAC2STR(drv->auth_bssid), 5343 MAC2STR(drv->bssid)); 5344 clear_state_mismatch(drv, r->bssid); 5345 } 5346 } 5347 5348 if (r->flags & WPA_SCAN_ASSOCIATED) { 5349 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 5350 "indicate BSS status with " MACSTR 5351 " as associated", 5352 MAC2STR(r->bssid)); 5353 if (is_sta_interface(drv->nlmode) && 5354 !drv->associated) { 5355 wpa_printf(MSG_DEBUG, "nl80211: Local state " 5356 "(not associated) does not match " 5357 "with BSS state"); 5358 clear_state_mismatch(drv, r->bssid); 5359 } else if (is_sta_interface(drv->nlmode) && 5360 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 5361 0) { 5362 wpa_printf(MSG_DEBUG, "nl80211: Local state " 5363 "(associated with " MACSTR ") does " 5364 "not match with BSS state", 5365 MAC2STR(drv->bssid)); 5366 clear_state_mismatch(drv, r->bssid); 5367 clear_state_mismatch(drv, drv->bssid); 5368 } 5369 } 5370 } 5371} 5372 5373 5374static struct wpa_scan_results * 5375nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 5376{ 5377 struct nl_msg *msg; 5378 struct wpa_scan_results *res; 5379 int ret; 5380 struct nl80211_bss_info_arg arg; 5381 5382 res = os_zalloc(sizeof(*res)); 5383 if (res == NULL) 5384 return NULL; 5385 msg = nlmsg_alloc(); 5386 if (!msg) 5387 goto nla_put_failure; 5388 5389 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 5390 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 5391 goto nla_put_failure; 5392 5393 arg.drv = drv; 5394 arg.res = res; 5395 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 5396 msg = NULL; 5397 if (ret == 0) { 5398 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu " 5399 "BSSes)", (unsigned long) res->num); 5400 nl80211_get_noise_for_scan_results(drv, res); 5401 return res; 5402 } 5403 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 5404 "(%s)", ret, strerror(-ret)); 5405nla_put_failure: 5406 nlmsg_free(msg); 5407 wpa_scan_results_free(res); 5408 return NULL; 5409} 5410 5411 5412/** 5413 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 5414 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 5415 * Returns: Scan results on success, -1 on failure 5416 */ 5417static struct wpa_scan_results * 5418wpa_driver_nl80211_get_scan_results(void *priv) 5419{ 5420 struct i802_bss *bss = priv; 5421 struct wpa_driver_nl80211_data *drv = bss->drv; 5422 struct wpa_scan_results *res; 5423 5424 res = nl80211_get_scan_results(drv); 5425 if (res) 5426 wpa_driver_nl80211_check_bss_status(drv, res); 5427 return res; 5428} 5429 5430 5431static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 5432{ 5433 struct wpa_scan_results *res; 5434 size_t i; 5435 5436 res = nl80211_get_scan_results(drv); 5437 if (res == NULL) { 5438 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 5439 return; 5440 } 5441 5442 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 5443 for (i = 0; i < res->num; i++) { 5444 struct wpa_scan_res *r = res->res[i]; 5445 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 5446 (int) i, (int) res->num, MAC2STR(r->bssid), 5447 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 5448 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 5449 } 5450 5451 wpa_scan_results_free(res); 5452} 5453 5454 5455static u32 wpa_alg_to_cipher_suite(enum wpa_alg alg, size_t key_len) 5456{ 5457 switch (alg) { 5458 case WPA_ALG_WEP: 5459 if (key_len == 5) 5460 return WLAN_CIPHER_SUITE_WEP40; 5461 return WLAN_CIPHER_SUITE_WEP104; 5462 case WPA_ALG_TKIP: 5463 return WLAN_CIPHER_SUITE_TKIP; 5464 case WPA_ALG_CCMP: 5465 return WLAN_CIPHER_SUITE_CCMP; 5466 case WPA_ALG_GCMP: 5467 return WLAN_CIPHER_SUITE_GCMP; 5468 case WPA_ALG_CCMP_256: 5469 return WLAN_CIPHER_SUITE_CCMP_256; 5470 case WPA_ALG_GCMP_256: 5471 return WLAN_CIPHER_SUITE_GCMP_256; 5472 case WPA_ALG_IGTK: 5473 return WLAN_CIPHER_SUITE_AES_CMAC; 5474 case WPA_ALG_BIP_GMAC_128: 5475 return WLAN_CIPHER_SUITE_BIP_GMAC_128; 5476 case WPA_ALG_BIP_GMAC_256: 5477 return WLAN_CIPHER_SUITE_BIP_GMAC_256; 5478 case WPA_ALG_BIP_CMAC_256: 5479 return WLAN_CIPHER_SUITE_BIP_CMAC_256; 5480 case WPA_ALG_SMS4: 5481 return WLAN_CIPHER_SUITE_SMS4; 5482 case WPA_ALG_KRK: 5483 return WLAN_CIPHER_SUITE_KRK; 5484 case WPA_ALG_NONE: 5485 case WPA_ALG_PMK: 5486 wpa_printf(MSG_ERROR, "nl80211: Unexpected encryption algorithm %d", 5487 alg); 5488 return 0; 5489 } 5490 5491 wpa_printf(MSG_ERROR, "nl80211: Unsupported encryption algorithm %d", 5492 alg); 5493 return 0; 5494} 5495 5496 5497static u32 wpa_cipher_to_cipher_suite(unsigned int cipher) 5498{ 5499 switch (cipher) { 5500 case WPA_CIPHER_CCMP_256: 5501 return WLAN_CIPHER_SUITE_CCMP_256; 5502 case WPA_CIPHER_GCMP_256: 5503 return WLAN_CIPHER_SUITE_GCMP_256; 5504 case WPA_CIPHER_CCMP: 5505 return WLAN_CIPHER_SUITE_CCMP; 5506 case WPA_CIPHER_GCMP: 5507 return WLAN_CIPHER_SUITE_GCMP; 5508 case WPA_CIPHER_TKIP: 5509 return WLAN_CIPHER_SUITE_TKIP; 5510 case WPA_CIPHER_WEP104: 5511 return WLAN_CIPHER_SUITE_WEP104; 5512 case WPA_CIPHER_WEP40: 5513 return WLAN_CIPHER_SUITE_WEP40; 5514 } 5515 5516 return 0; 5517} 5518 5519 5520static int wpa_cipher_to_cipher_suites(unsigned int ciphers, u32 suites[], 5521 int max_suites) 5522{ 5523 int num_suites = 0; 5524 5525 if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP_256) 5526 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP_256; 5527 if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP_256) 5528 suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP_256; 5529 if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP) 5530 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP; 5531 if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP) 5532 suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP; 5533 if (num_suites < max_suites && ciphers & WPA_CIPHER_TKIP) 5534 suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP; 5535 if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP104) 5536 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104; 5537 if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP40) 5538 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40; 5539 5540 return num_suites; 5541} 5542 5543 5544static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss, 5545 enum wpa_alg alg, const u8 *addr, 5546 int key_idx, int set_tx, 5547 const u8 *seq, size_t seq_len, 5548 const u8 *key, size_t key_len) 5549{ 5550 struct wpa_driver_nl80211_data *drv = bss->drv; 5551 int ifindex; 5552 struct nl_msg *msg; 5553 int ret; 5554 int tdls = 0; 5555 5556 /* Ignore for P2P Device */ 5557 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) 5558 return 0; 5559 5560 ifindex = if_nametoindex(ifname); 5561 wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d " 5562 "set_tx=%d seq_len=%lu key_len=%lu", 5563 __func__, ifindex, ifname, alg, addr, key_idx, set_tx, 5564 (unsigned long) seq_len, (unsigned long) key_len); 5565#ifdef CONFIG_TDLS 5566 if (key_idx == -1) { 5567 key_idx = 0; 5568 tdls = 1; 5569 } 5570#endif /* CONFIG_TDLS */ 5571 5572 msg = nlmsg_alloc(); 5573 if (!msg) 5574 return -ENOMEM; 5575 5576 if (alg == WPA_ALG_NONE) { 5577 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY); 5578 } else { 5579 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY); 5580 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 5581 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 5582 wpa_alg_to_cipher_suite(alg, key_len)); 5583 } 5584 5585 if (seq && seq_len) 5586 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 5587 5588 if (addr && !is_broadcast_ether_addr(addr)) { 5589 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 5590 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5591 5592 if (alg != WPA_ALG_WEP && key_idx && !set_tx) { 5593 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK"); 5594 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, 5595 NL80211_KEYTYPE_GROUP); 5596 } 5597 } else if (addr && is_broadcast_ether_addr(addr)) { 5598 struct nlattr *types; 5599 5600 wpa_printf(MSG_DEBUG, " broadcast key"); 5601 5602 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5603 if (!types) 5604 goto nla_put_failure; 5605 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 5606 nla_nest_end(msg, types); 5607 } 5608 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 5609 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5610 5611 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5612 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 5613 ret = 0; 5614 if (ret) 5615 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 5616 ret, strerror(-ret)); 5617 5618 /* 5619 * If we failed or don't need to set the default TX key (below), 5620 * we're done here. 5621 */ 5622 if (ret || !set_tx || alg == WPA_ALG_NONE || tdls) 5623 return ret; 5624 if (is_ap_interface(drv->nlmode) && addr && 5625 !is_broadcast_ether_addr(addr)) 5626 return ret; 5627 5628 msg = nlmsg_alloc(); 5629 if (!msg) 5630 return -ENOMEM; 5631 5632 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY); 5633 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 5634 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5635 if (alg == WPA_ALG_IGTK) 5636 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 5637 else 5638 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 5639 if (addr && is_broadcast_ether_addr(addr)) { 5640 struct nlattr *types; 5641 5642 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5643 if (!types) 5644 goto nla_put_failure; 5645 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 5646 nla_nest_end(msg, types); 5647 } else if (addr) { 5648 struct nlattr *types; 5649 5650 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5651 if (!types) 5652 goto nla_put_failure; 5653 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_UNICAST); 5654 nla_nest_end(msg, types); 5655 } 5656 5657 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5658 if (ret == -ENOENT) 5659 ret = 0; 5660 if (ret) 5661 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 5662 "err=%d %s)", ret, strerror(-ret)); 5663 return ret; 5664 5665nla_put_failure: 5666 nlmsg_free(msg); 5667 return -ENOBUFS; 5668} 5669 5670 5671static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 5672 int key_idx, int defkey, 5673 const u8 *seq, size_t seq_len, 5674 const u8 *key, size_t key_len) 5675{ 5676 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 5677 if (!key_attr) 5678 return -1; 5679 5680 if (defkey && alg == WPA_ALG_IGTK) 5681 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 5682 else if (defkey) 5683 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 5684 5685 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 5686 5687 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5688 wpa_alg_to_cipher_suite(alg, key_len)); 5689 5690 if (seq && seq_len) 5691 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 5692 5693 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 5694 5695 nla_nest_end(msg, key_attr); 5696 5697 return 0; 5698 nla_put_failure: 5699 return -1; 5700} 5701 5702 5703static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 5704 struct nl_msg *msg) 5705{ 5706 int i, privacy = 0; 5707 struct nlattr *nl_keys, *nl_key; 5708 5709 for (i = 0; i < 4; i++) { 5710 if (!params->wep_key[i]) 5711 continue; 5712 privacy = 1; 5713 break; 5714 } 5715 if (params->wps == WPS_MODE_PRIVACY) 5716 privacy = 1; 5717 if (params->pairwise_suite && 5718 params->pairwise_suite != WPA_CIPHER_NONE) 5719 privacy = 1; 5720 5721 if (!privacy) 5722 return 0; 5723 5724 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 5725 5726 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 5727 if (!nl_keys) 5728 goto nla_put_failure; 5729 5730 for (i = 0; i < 4; i++) { 5731 if (!params->wep_key[i]) 5732 continue; 5733 5734 nl_key = nla_nest_start(msg, i); 5735 if (!nl_key) 5736 goto nla_put_failure; 5737 5738 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 5739 params->wep_key[i]); 5740 if (params->wep_key_len[i] == 5) 5741 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5742 WLAN_CIPHER_SUITE_WEP40); 5743 else 5744 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5745 WLAN_CIPHER_SUITE_WEP104); 5746 5747 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 5748 5749 if (i == params->wep_tx_keyidx) 5750 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 5751 5752 nla_nest_end(msg, nl_key); 5753 } 5754 nla_nest_end(msg, nl_keys); 5755 5756 return 0; 5757 5758nla_put_failure: 5759 return -ENOBUFS; 5760} 5761 5762 5763static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 5764 const u8 *addr, int cmd, u16 reason_code, 5765 int local_state_change) 5766{ 5767 int ret = -1; 5768 struct nl_msg *msg; 5769 5770 msg = nlmsg_alloc(); 5771 if (!msg) 5772 return -1; 5773 5774 nl80211_cmd(drv, msg, 0, cmd); 5775 5776 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5777 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 5778 if (addr) 5779 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5780 if (local_state_change) 5781 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 5782 5783 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5784 msg = NULL; 5785 if (ret) { 5786 wpa_dbg(drv->ctx, MSG_DEBUG, 5787 "nl80211: MLME command failed: reason=%u ret=%d (%s)", 5788 reason_code, ret, strerror(-ret)); 5789 goto nla_put_failure; 5790 } 5791 ret = 0; 5792 5793nla_put_failure: 5794 nlmsg_free(msg); 5795 return ret; 5796} 5797 5798 5799static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 5800 int reason_code) 5801{ 5802 int ret; 5803 5804 wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code); 5805 nl80211_mark_disconnected(drv); 5806 /* Disconnect command doesn't need BSSID - it uses cached value */ 5807 ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT, 5808 reason_code, 0); 5809 /* 5810 * For locally generated disconnect, supplicant already generates a 5811 * DEAUTH event, so ignore the event from NL80211. 5812 */ 5813 drv->ignore_next_local_disconnect = ret == 0; 5814 5815 return ret; 5816} 5817 5818 5819static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss, 5820 const u8 *addr, int reason_code) 5821{ 5822 struct wpa_driver_nl80211_data *drv = bss->drv; 5823 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 5824 return wpa_driver_nl80211_disconnect(drv, reason_code); 5825 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 5826 __func__, MAC2STR(addr), reason_code); 5827 nl80211_mark_disconnected(drv); 5828 if (drv->nlmode == NL80211_IFTYPE_ADHOC) 5829 return nl80211_leave_ibss(drv); 5830 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 5831 reason_code, 0); 5832} 5833 5834 5835static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv, 5836 struct wpa_driver_auth_params *params) 5837{ 5838 int i; 5839 5840 drv->auth_freq = params->freq; 5841 drv->auth_alg = params->auth_alg; 5842 drv->auth_wep_tx_keyidx = params->wep_tx_keyidx; 5843 drv->auth_local_state_change = params->local_state_change; 5844 drv->auth_p2p = params->p2p; 5845 5846 if (params->bssid) 5847 os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN); 5848 else 5849 os_memset(drv->auth_bssid_, 0, ETH_ALEN); 5850 5851 if (params->ssid) { 5852 os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len); 5853 drv->auth_ssid_len = params->ssid_len; 5854 } else 5855 drv->auth_ssid_len = 0; 5856 5857 5858 os_free(drv->auth_ie); 5859 drv->auth_ie = NULL; 5860 drv->auth_ie_len = 0; 5861 if (params->ie) { 5862 drv->auth_ie = os_malloc(params->ie_len); 5863 if (drv->auth_ie) { 5864 os_memcpy(drv->auth_ie, params->ie, params->ie_len); 5865 drv->auth_ie_len = params->ie_len; 5866 } 5867 } 5868 5869 for (i = 0; i < 4; i++) { 5870 if (params->wep_key[i] && params->wep_key_len[i] && 5871 params->wep_key_len[i] <= 16) { 5872 os_memcpy(drv->auth_wep_key[i], params->wep_key[i], 5873 params->wep_key_len[i]); 5874 drv->auth_wep_key_len[i] = params->wep_key_len[i]; 5875 } else 5876 drv->auth_wep_key_len[i] = 0; 5877 } 5878} 5879 5880 5881static int wpa_driver_nl80211_authenticate( 5882 struct i802_bss *bss, struct wpa_driver_auth_params *params) 5883{ 5884 struct wpa_driver_nl80211_data *drv = bss->drv; 5885 int ret = -1, i; 5886 struct nl_msg *msg; 5887 enum nl80211_auth_type type; 5888 enum nl80211_iftype nlmode; 5889 int count = 0; 5890 int is_retry; 5891 5892 is_retry = drv->retry_auth; 5893 drv->retry_auth = 0; 5894 5895 nl80211_mark_disconnected(drv); 5896 os_memset(drv->auth_bssid, 0, ETH_ALEN); 5897 if (params->bssid) 5898 os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN); 5899 else 5900 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 5901 /* FIX: IBSS mode */ 5902 nlmode = params->p2p ? 5903 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 5904 if (drv->nlmode != nlmode && 5905 wpa_driver_nl80211_set_mode(bss, nlmode) < 0) 5906 return -1; 5907 5908retry: 5909 msg = nlmsg_alloc(); 5910 if (!msg) 5911 return -1; 5912 5913 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 5914 drv->ifindex); 5915 5916 nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE); 5917 5918 for (i = 0; i < 4; i++) { 5919 if (!params->wep_key[i]) 5920 continue; 5921 wpa_driver_nl80211_set_key(bss->ifname, bss, WPA_ALG_WEP, 5922 NULL, i, 5923 i == params->wep_tx_keyidx, NULL, 0, 5924 params->wep_key[i], 5925 params->wep_key_len[i]); 5926 if (params->wep_tx_keyidx != i) 5927 continue; 5928 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 5929 params->wep_key[i], params->wep_key_len[i])) { 5930 nlmsg_free(msg); 5931 return -1; 5932 } 5933 } 5934 5935 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5936 if (params->bssid) { 5937 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 5938 MAC2STR(params->bssid)); 5939 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 5940 } 5941 if (params->freq) { 5942 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 5943 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 5944 } 5945 if (params->ssid) { 5946 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 5947 params->ssid, params->ssid_len); 5948 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 5949 params->ssid); 5950 } 5951 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 5952 if (params->ie) 5953 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 5954 if (params->sae_data) { 5955 wpa_hexdump(MSG_DEBUG, " * SAE data", params->sae_data, 5956 params->sae_data_len); 5957 NLA_PUT(msg, NL80211_ATTR_SAE_DATA, params->sae_data_len, 5958 params->sae_data); 5959 } 5960 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 5961 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 5962 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 5963 type = NL80211_AUTHTYPE_SHARED_KEY; 5964 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 5965 type = NL80211_AUTHTYPE_NETWORK_EAP; 5966 else if (params->auth_alg & WPA_AUTH_ALG_FT) 5967 type = NL80211_AUTHTYPE_FT; 5968 else if (params->auth_alg & WPA_AUTH_ALG_SAE) 5969 type = NL80211_AUTHTYPE_SAE; 5970 else 5971 goto nla_put_failure; 5972 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 5973 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 5974 if (params->local_state_change) { 5975 wpa_printf(MSG_DEBUG, " * Local state change only"); 5976 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 5977 } 5978 5979 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5980 msg = NULL; 5981 if (ret) { 5982 wpa_dbg(drv->ctx, MSG_DEBUG, 5983 "nl80211: MLME command failed (auth): ret=%d (%s)", 5984 ret, strerror(-ret)); 5985 count++; 5986 if (ret == -EALREADY && count == 1 && params->bssid && 5987 !params->local_state_change) { 5988 /* 5989 * mac80211 does not currently accept new 5990 * authentication if we are already authenticated. As a 5991 * workaround, force deauthentication and try again. 5992 */ 5993 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 5994 "after forced deauthentication"); 5995 wpa_driver_nl80211_deauthenticate( 5996 bss, params->bssid, 5997 WLAN_REASON_PREV_AUTH_NOT_VALID); 5998 nlmsg_free(msg); 5999 goto retry; 6000 } 6001 6002 if (ret == -ENOENT && params->freq && !is_retry) { 6003 /* 6004 * cfg80211 has likely expired the BSS entry even 6005 * though it was previously available in our internal 6006 * BSS table. To recover quickly, start a single 6007 * channel scan on the specified channel. 6008 */ 6009 struct wpa_driver_scan_params scan; 6010 int freqs[2]; 6011 6012 os_memset(&scan, 0, sizeof(scan)); 6013 scan.num_ssids = 1; 6014 if (params->ssid) { 6015 scan.ssids[0].ssid = params->ssid; 6016 scan.ssids[0].ssid_len = params->ssid_len; 6017 } 6018 freqs[0] = params->freq; 6019 freqs[1] = 0; 6020 scan.freqs = freqs; 6021 wpa_printf(MSG_DEBUG, "nl80211: Trigger single " 6022 "channel scan to refresh cfg80211 BSS " 6023 "entry"); 6024 ret = wpa_driver_nl80211_scan(bss, &scan); 6025 if (ret == 0) { 6026 nl80211_copy_auth_params(drv, params); 6027 drv->scan_for_auth = 1; 6028 } 6029 } else if (is_retry) { 6030 /* 6031 * Need to indicate this with an event since the return 6032 * value from the retry is not delivered to core code. 6033 */ 6034 union wpa_event_data event; 6035 wpa_printf(MSG_DEBUG, "nl80211: Authentication retry " 6036 "failed"); 6037 os_memset(&event, 0, sizeof(event)); 6038 os_memcpy(event.timeout_event.addr, drv->auth_bssid_, 6039 ETH_ALEN); 6040 wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT, 6041 &event); 6042 } 6043 6044 goto nla_put_failure; 6045 } 6046 ret = 0; 6047 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 6048 "successfully"); 6049 6050nla_put_failure: 6051 nlmsg_free(msg); 6052 return ret; 6053} 6054 6055 6056static int wpa_driver_nl80211_authenticate_retry( 6057 struct wpa_driver_nl80211_data *drv) 6058{ 6059 struct wpa_driver_auth_params params; 6060 struct i802_bss *bss = drv->first_bss; 6061 int i; 6062 6063 wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again"); 6064 6065 os_memset(¶ms, 0, sizeof(params)); 6066 params.freq = drv->auth_freq; 6067 params.auth_alg = drv->auth_alg; 6068 params.wep_tx_keyidx = drv->auth_wep_tx_keyidx; 6069 params.local_state_change = drv->auth_local_state_change; 6070 params.p2p = drv->auth_p2p; 6071 6072 if (!is_zero_ether_addr(drv->auth_bssid_)) 6073 params.bssid = drv->auth_bssid_; 6074 6075 if (drv->auth_ssid_len) { 6076 params.ssid = drv->auth_ssid; 6077 params.ssid_len = drv->auth_ssid_len; 6078 } 6079 6080 params.ie = drv->auth_ie; 6081 params.ie_len = drv->auth_ie_len; 6082 6083 for (i = 0; i < 4; i++) { 6084 if (drv->auth_wep_key_len[i]) { 6085 params.wep_key[i] = drv->auth_wep_key[i]; 6086 params.wep_key_len[i] = drv->auth_wep_key_len[i]; 6087 } 6088 } 6089 6090 drv->retry_auth = 1; 6091 return wpa_driver_nl80211_authenticate(bss, ¶ms); 6092} 6093 6094 6095struct phy_info_arg { 6096 u16 *num_modes; 6097 struct hostapd_hw_modes *modes; 6098 int last_mode, last_chan_idx; 6099}; 6100 6101static void phy_info_ht_capa(struct hostapd_hw_modes *mode, struct nlattr *capa, 6102 struct nlattr *ampdu_factor, 6103 struct nlattr *ampdu_density, 6104 struct nlattr *mcs_set) 6105{ 6106 if (capa) 6107 mode->ht_capab = nla_get_u16(capa); 6108 6109 if (ampdu_factor) 6110 mode->a_mpdu_params |= nla_get_u8(ampdu_factor) & 0x03; 6111 6112 if (ampdu_density) 6113 mode->a_mpdu_params |= nla_get_u8(ampdu_density) << 2; 6114 6115 if (mcs_set && nla_len(mcs_set) >= 16) { 6116 u8 *mcs; 6117 mcs = nla_data(mcs_set); 6118 os_memcpy(mode->mcs_set, mcs, 16); 6119 } 6120} 6121 6122 6123static void phy_info_vht_capa(struct hostapd_hw_modes *mode, 6124 struct nlattr *capa, 6125 struct nlattr *mcs_set) 6126{ 6127 if (capa) 6128 mode->vht_capab = nla_get_u32(capa); 6129 6130 if (mcs_set && nla_len(mcs_set) >= 8) { 6131 u8 *mcs; 6132 mcs = nla_data(mcs_set); 6133 os_memcpy(mode->vht_mcs_set, mcs, 8); 6134 } 6135} 6136 6137 6138static void phy_info_freq(struct hostapd_hw_modes *mode, 6139 struct hostapd_channel_data *chan, 6140 struct nlattr *tb_freq[]) 6141{ 6142 u8 channel; 6143 chan->freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 6144 chan->flag = 0; 6145 if (ieee80211_freq_to_chan(chan->freq, &channel) != NUM_HOSTAPD_MODES) 6146 chan->chan = channel; 6147 6148 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 6149 chan->flag |= HOSTAPD_CHAN_DISABLED; 6150 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IR]) 6151 chan->flag |= HOSTAPD_CHAN_PASSIVE_SCAN | HOSTAPD_CHAN_NO_IBSS; 6152 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 6153 chan->flag |= HOSTAPD_CHAN_RADAR; 6154 6155 if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]) { 6156 enum nl80211_dfs_state state = 6157 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]); 6158 6159 switch (state) { 6160 case NL80211_DFS_USABLE: 6161 chan->flag |= HOSTAPD_CHAN_DFS_USABLE; 6162 break; 6163 case NL80211_DFS_AVAILABLE: 6164 chan->flag |= HOSTAPD_CHAN_DFS_AVAILABLE; 6165 break; 6166 case NL80211_DFS_UNAVAILABLE: 6167 chan->flag |= HOSTAPD_CHAN_DFS_UNAVAILABLE; 6168 break; 6169 } 6170 } 6171} 6172 6173 6174static int phy_info_freqs(struct phy_info_arg *phy_info, 6175 struct hostapd_hw_modes *mode, struct nlattr *tb) 6176{ 6177 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 6178 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 6179 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 6180 [NL80211_FREQUENCY_ATTR_NO_IR] = { .type = NLA_FLAG }, 6181 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 6182 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 6183 [NL80211_FREQUENCY_ATTR_DFS_STATE] = { .type = NLA_U32 }, 6184 }; 6185 int new_channels = 0; 6186 struct hostapd_channel_data *channel; 6187 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 6188 struct nlattr *nl_freq; 6189 int rem_freq, idx; 6190 6191 if (tb == NULL) 6192 return NL_OK; 6193 6194 nla_for_each_nested(nl_freq, tb, rem_freq) { 6195 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 6196 nla_data(nl_freq), nla_len(nl_freq), freq_policy); 6197 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 6198 continue; 6199 new_channels++; 6200 } 6201 6202 channel = os_realloc_array(mode->channels, 6203 mode->num_channels + new_channels, 6204 sizeof(struct hostapd_channel_data)); 6205 if (!channel) 6206 return NL_SKIP; 6207 6208 mode->channels = channel; 6209 mode->num_channels += new_channels; 6210 6211 idx = phy_info->last_chan_idx; 6212 6213 nla_for_each_nested(nl_freq, tb, rem_freq) { 6214 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 6215 nla_data(nl_freq), nla_len(nl_freq), freq_policy); 6216 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 6217 continue; 6218 phy_info_freq(mode, &mode->channels[idx], tb_freq); 6219 idx++; 6220 } 6221 phy_info->last_chan_idx = idx; 6222 6223 return NL_OK; 6224} 6225 6226 6227static int phy_info_rates(struct hostapd_hw_modes *mode, struct nlattr *tb) 6228{ 6229 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 6230 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 6231 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = 6232 { .type = NLA_FLAG }, 6233 }; 6234 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 6235 struct nlattr *nl_rate; 6236 int rem_rate, idx; 6237 6238 if (tb == NULL) 6239 return NL_OK; 6240 6241 nla_for_each_nested(nl_rate, tb, rem_rate) { 6242 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 6243 nla_data(nl_rate), nla_len(nl_rate), 6244 rate_policy); 6245 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 6246 continue; 6247 mode->num_rates++; 6248 } 6249 6250 mode->rates = os_calloc(mode->num_rates, sizeof(int)); 6251 if (!mode->rates) 6252 return NL_SKIP; 6253 6254 idx = 0; 6255 6256 nla_for_each_nested(nl_rate, tb, rem_rate) { 6257 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 6258 nla_data(nl_rate), nla_len(nl_rate), 6259 rate_policy); 6260 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 6261 continue; 6262 mode->rates[idx] = nla_get_u32( 6263 tb_rate[NL80211_BITRATE_ATTR_RATE]); 6264 idx++; 6265 } 6266 6267 return NL_OK; 6268} 6269 6270 6271static int phy_info_band(struct phy_info_arg *phy_info, struct nlattr *nl_band) 6272{ 6273 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 6274 struct hostapd_hw_modes *mode; 6275 int ret; 6276 6277 if (phy_info->last_mode != nl_band->nla_type) { 6278 mode = os_realloc_array(phy_info->modes, 6279 *phy_info->num_modes + 1, 6280 sizeof(*mode)); 6281 if (!mode) 6282 return NL_SKIP; 6283 phy_info->modes = mode; 6284 6285 mode = &phy_info->modes[*(phy_info->num_modes)]; 6286 os_memset(mode, 0, sizeof(*mode)); 6287 mode->mode = NUM_HOSTAPD_MODES; 6288 mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN | 6289 HOSTAPD_MODE_FLAG_VHT_INFO_KNOWN; 6290 6291 /* 6292 * Unsupported VHT MCS stream is defined as value 3, so the VHT 6293 * MCS RX/TX map must be initialized with 0xffff to mark all 8 6294 * possible streams as unsupported. This will be overridden if 6295 * driver advertises VHT support. 6296 */ 6297 mode->vht_mcs_set[0] = 0xff; 6298 mode->vht_mcs_set[1] = 0xff; 6299 mode->vht_mcs_set[4] = 0xff; 6300 mode->vht_mcs_set[5] = 0xff; 6301 6302 *(phy_info->num_modes) += 1; 6303 phy_info->last_mode = nl_band->nla_type; 6304 phy_info->last_chan_idx = 0; 6305 } else 6306 mode = &phy_info->modes[*(phy_info->num_modes) - 1]; 6307 6308 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 6309 nla_len(nl_band), NULL); 6310 6311 phy_info_ht_capa(mode, tb_band[NL80211_BAND_ATTR_HT_CAPA], 6312 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR], 6313 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY], 6314 tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 6315 phy_info_vht_capa(mode, tb_band[NL80211_BAND_ATTR_VHT_CAPA], 6316 tb_band[NL80211_BAND_ATTR_VHT_MCS_SET]); 6317 ret = phy_info_freqs(phy_info, mode, tb_band[NL80211_BAND_ATTR_FREQS]); 6318 if (ret != NL_OK) 6319 return ret; 6320 ret = phy_info_rates(mode, tb_band[NL80211_BAND_ATTR_RATES]); 6321 if (ret != NL_OK) 6322 return ret; 6323 6324 return NL_OK; 6325} 6326 6327 6328static int phy_info_handler(struct nl_msg *msg, void *arg) 6329{ 6330 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 6331 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6332 struct phy_info_arg *phy_info = arg; 6333 struct nlattr *nl_band; 6334 int rem_band; 6335 6336 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6337 genlmsg_attrlen(gnlh, 0), NULL); 6338 6339 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 6340 return NL_SKIP; 6341 6342 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) 6343 { 6344 int res = phy_info_band(phy_info, nl_band); 6345 if (res != NL_OK) 6346 return res; 6347 } 6348 6349 return NL_SKIP; 6350} 6351 6352 6353static struct hostapd_hw_modes * 6354wpa_driver_nl80211_postprocess_modes(struct hostapd_hw_modes *modes, 6355 u16 *num_modes) 6356{ 6357 u16 m; 6358 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 6359 int i, mode11g_idx = -1; 6360 6361 /* heuristic to set up modes */ 6362 for (m = 0; m < *num_modes; m++) { 6363 if (!modes[m].num_channels) 6364 continue; 6365 if (modes[m].channels[0].freq < 4000) { 6366 modes[m].mode = HOSTAPD_MODE_IEEE80211B; 6367 for (i = 0; i < modes[m].num_rates; i++) { 6368 if (modes[m].rates[i] > 200) { 6369 modes[m].mode = HOSTAPD_MODE_IEEE80211G; 6370 break; 6371 } 6372 } 6373 } else if (modes[m].channels[0].freq > 50000) 6374 modes[m].mode = HOSTAPD_MODE_IEEE80211AD; 6375 else 6376 modes[m].mode = HOSTAPD_MODE_IEEE80211A; 6377 } 6378 6379 /* If only 802.11g mode is included, use it to construct matching 6380 * 802.11b mode data. */ 6381 6382 for (m = 0; m < *num_modes; m++) { 6383 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 6384 return modes; /* 802.11b already included */ 6385 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 6386 mode11g_idx = m; 6387 } 6388 6389 if (mode11g_idx < 0) 6390 return modes; /* 2.4 GHz band not supported at all */ 6391 6392 nmodes = os_realloc_array(modes, *num_modes + 1, sizeof(*nmodes)); 6393 if (nmodes == NULL) 6394 return modes; /* Could not add 802.11b mode */ 6395 6396 mode = &nmodes[*num_modes]; 6397 os_memset(mode, 0, sizeof(*mode)); 6398 (*num_modes)++; 6399 modes = nmodes; 6400 6401 mode->mode = HOSTAPD_MODE_IEEE80211B; 6402 6403 mode11g = &modes[mode11g_idx]; 6404 mode->num_channels = mode11g->num_channels; 6405 mode->channels = os_malloc(mode11g->num_channels * 6406 sizeof(struct hostapd_channel_data)); 6407 if (mode->channels == NULL) { 6408 (*num_modes)--; 6409 return modes; /* Could not add 802.11b mode */ 6410 } 6411 os_memcpy(mode->channels, mode11g->channels, 6412 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 6413 6414 mode->num_rates = 0; 6415 mode->rates = os_malloc(4 * sizeof(int)); 6416 if (mode->rates == NULL) { 6417 os_free(mode->channels); 6418 (*num_modes)--; 6419 return modes; /* Could not add 802.11b mode */ 6420 } 6421 6422 for (i = 0; i < mode11g->num_rates; i++) { 6423 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 6424 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 6425 continue; 6426 mode->rates[mode->num_rates] = mode11g->rates[i]; 6427 mode->num_rates++; 6428 if (mode->num_rates == 4) 6429 break; 6430 } 6431 6432 if (mode->num_rates == 0) { 6433 os_free(mode->channels); 6434 os_free(mode->rates); 6435 (*num_modes)--; 6436 return modes; /* No 802.11b rates */ 6437 } 6438 6439 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 6440 "information"); 6441 6442 return modes; 6443} 6444 6445 6446static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start, 6447 int end) 6448{ 6449 int c; 6450 6451 for (c = 0; c < mode->num_channels; c++) { 6452 struct hostapd_channel_data *chan = &mode->channels[c]; 6453 if (chan->freq - 10 >= start && chan->freq + 10 <= end) 6454 chan->flag |= HOSTAPD_CHAN_HT40; 6455 } 6456} 6457 6458 6459static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start, 6460 int end) 6461{ 6462 int c; 6463 6464 for (c = 0; c < mode->num_channels; c++) { 6465 struct hostapd_channel_data *chan = &mode->channels[c]; 6466 if (!(chan->flag & HOSTAPD_CHAN_HT40)) 6467 continue; 6468 if (chan->freq - 30 >= start && chan->freq - 10 <= end) 6469 chan->flag |= HOSTAPD_CHAN_HT40MINUS; 6470 if (chan->freq + 10 >= start && chan->freq + 30 <= end) 6471 chan->flag |= HOSTAPD_CHAN_HT40PLUS; 6472 } 6473} 6474 6475 6476static void nl80211_reg_rule_max_eirp(u32 start, u32 end, u32 max_eirp, 6477 struct phy_info_arg *results) 6478{ 6479 u16 m; 6480 6481 for (m = 0; m < *results->num_modes; m++) { 6482 int c; 6483 struct hostapd_hw_modes *mode = &results->modes[m]; 6484 6485 for (c = 0; c < mode->num_channels; c++) { 6486 struct hostapd_channel_data *chan = &mode->channels[c]; 6487 if ((u32) chan->freq - 10 >= start && 6488 (u32) chan->freq + 10 <= end) 6489 chan->max_tx_power = max_eirp; 6490 } 6491 } 6492} 6493 6494 6495static void nl80211_reg_rule_ht40(u32 start, u32 end, 6496 struct phy_info_arg *results) 6497{ 6498 u16 m; 6499 6500 for (m = 0; m < *results->num_modes; m++) { 6501 if (!(results->modes[m].ht_capab & 6502 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6503 continue; 6504 nl80211_set_ht40_mode(&results->modes[m], start, end); 6505 } 6506} 6507 6508 6509static void nl80211_reg_rule_sec(struct nlattr *tb[], 6510 struct phy_info_arg *results) 6511{ 6512 u32 start, end, max_bw; 6513 u16 m; 6514 6515 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6516 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6517 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6518 return; 6519 6520 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6521 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6522 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6523 6524 if (max_bw < 20) 6525 return; 6526 6527 for (m = 0; m < *results->num_modes; m++) { 6528 if (!(results->modes[m].ht_capab & 6529 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6530 continue; 6531 nl80211_set_ht40_mode_sec(&results->modes[m], start, end); 6532 } 6533} 6534 6535 6536static void nl80211_set_vht_mode(struct hostapd_hw_modes *mode, int start, 6537 int end) 6538{ 6539 int c; 6540 6541 for (c = 0; c < mode->num_channels; c++) { 6542 struct hostapd_channel_data *chan = &mode->channels[c]; 6543 if (chan->freq - 10 >= start && chan->freq + 70 <= end) 6544 chan->flag |= HOSTAPD_CHAN_VHT_10_70; 6545 6546 if (chan->freq - 30 >= start && chan->freq + 50 <= end) 6547 chan->flag |= HOSTAPD_CHAN_VHT_30_50; 6548 6549 if (chan->freq - 50 >= start && chan->freq + 30 <= end) 6550 chan->flag |= HOSTAPD_CHAN_VHT_50_30; 6551 6552 if (chan->freq - 70 >= start && chan->freq + 10 <= end) 6553 chan->flag |= HOSTAPD_CHAN_VHT_70_10; 6554 } 6555} 6556 6557 6558static void nl80211_reg_rule_vht(struct nlattr *tb[], 6559 struct phy_info_arg *results) 6560{ 6561 u32 start, end, max_bw; 6562 u16 m; 6563 6564 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6565 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6566 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6567 return; 6568 6569 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6570 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6571 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6572 6573 if (max_bw < 80) 6574 return; 6575 6576 for (m = 0; m < *results->num_modes; m++) { 6577 if (!(results->modes[m].ht_capab & 6578 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6579 continue; 6580 /* TODO: use a real VHT support indication */ 6581 if (!results->modes[m].vht_capab) 6582 continue; 6583 6584 nl80211_set_vht_mode(&results->modes[m], start, end); 6585 } 6586} 6587 6588 6589static const char * dfs_domain_name(enum nl80211_dfs_regions region) 6590{ 6591 switch (region) { 6592 case NL80211_DFS_UNSET: 6593 return "DFS-UNSET"; 6594 case NL80211_DFS_FCC: 6595 return "DFS-FCC"; 6596 case NL80211_DFS_ETSI: 6597 return "DFS-ETSI"; 6598 case NL80211_DFS_JP: 6599 return "DFS-JP"; 6600 default: 6601 return "DFS-invalid"; 6602 } 6603} 6604 6605 6606static int nl80211_get_reg(struct nl_msg *msg, void *arg) 6607{ 6608 struct phy_info_arg *results = arg; 6609 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 6610 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6611 struct nlattr *nl_rule; 6612 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1]; 6613 int rem_rule; 6614 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 6615 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 6616 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 6617 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 6618 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 6619 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 6620 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 6621 }; 6622 6623 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6624 genlmsg_attrlen(gnlh, 0), NULL); 6625 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] || 6626 !tb_msg[NL80211_ATTR_REG_RULES]) { 6627 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information " 6628 "available"); 6629 return NL_SKIP; 6630 } 6631 6632 if (tb_msg[NL80211_ATTR_DFS_REGION]) { 6633 enum nl80211_dfs_regions dfs_domain; 6634 dfs_domain = nla_get_u8(tb_msg[NL80211_ATTR_DFS_REGION]); 6635 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s (%s)", 6636 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 6637 dfs_domain_name(dfs_domain)); 6638 } else { 6639 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s", 6640 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2])); 6641 } 6642 6643 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6644 { 6645 u32 start, end, max_eirp = 0, max_bw = 0; 6646 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6647 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6648 if (tb_rule[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6649 tb_rule[NL80211_ATTR_FREQ_RANGE_END] == NULL) 6650 continue; 6651 start = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6652 end = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6653 if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 6654 max_eirp = nla_get_u32(tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) / 100; 6655 if (tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 6656 max_bw = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6657 6658 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz %u mBm", 6659 start, end, max_bw, max_eirp); 6660 if (max_bw >= 40) 6661 nl80211_reg_rule_ht40(start, end, results); 6662 if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 6663 nl80211_reg_rule_max_eirp(start, end, max_eirp, 6664 results); 6665 } 6666 6667 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6668 { 6669 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6670 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6671 nl80211_reg_rule_sec(tb_rule, results); 6672 } 6673 6674 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6675 { 6676 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6677 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6678 nl80211_reg_rule_vht(tb_rule, results); 6679 } 6680 6681 return NL_SKIP; 6682} 6683 6684 6685static int nl80211_set_regulatory_flags(struct wpa_driver_nl80211_data *drv, 6686 struct phy_info_arg *results) 6687{ 6688 struct nl_msg *msg; 6689 6690 msg = nlmsg_alloc(); 6691 if (!msg) 6692 return -ENOMEM; 6693 6694 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 6695 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results); 6696} 6697 6698 6699static struct hostapd_hw_modes * 6700wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 6701{ 6702 u32 feat; 6703 struct i802_bss *bss = priv; 6704 struct wpa_driver_nl80211_data *drv = bss->drv; 6705 struct nl_msg *msg; 6706 struct phy_info_arg result = { 6707 .num_modes = num_modes, 6708 .modes = NULL, 6709 .last_mode = -1, 6710 }; 6711 6712 *num_modes = 0; 6713 *flags = 0; 6714 6715 msg = nlmsg_alloc(); 6716 if (!msg) 6717 return NULL; 6718 6719 feat = get_nl80211_protocol_features(drv); 6720 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP) 6721 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY); 6722 else 6723 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 6724 6725 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP); 6726 if (nl80211_set_iface_id(msg, bss) < 0) 6727 goto nla_put_failure; 6728 6729 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) { 6730 nl80211_set_regulatory_flags(drv, &result); 6731 return wpa_driver_nl80211_postprocess_modes(result.modes, 6732 num_modes); 6733 } 6734 msg = NULL; 6735 nla_put_failure: 6736 nlmsg_free(msg); 6737 return NULL; 6738} 6739 6740 6741static int wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data *drv, 6742 const void *data, size_t len, 6743 int encrypt, int noack) 6744{ 6745 __u8 rtap_hdr[] = { 6746 0x00, 0x00, /* radiotap version */ 6747 0x0e, 0x00, /* radiotap length */ 6748 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 6749 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 6750 0x00, /* padding */ 6751 0x00, 0x00, /* RX and TX flags to indicate that */ 6752 0x00, 0x00, /* this is the injected frame directly */ 6753 }; 6754 struct iovec iov[2] = { 6755 { 6756 .iov_base = &rtap_hdr, 6757 .iov_len = sizeof(rtap_hdr), 6758 }, 6759 { 6760 .iov_base = (void *) data, 6761 .iov_len = len, 6762 } 6763 }; 6764 struct msghdr msg = { 6765 .msg_name = NULL, 6766 .msg_namelen = 0, 6767 .msg_iov = iov, 6768 .msg_iovlen = 2, 6769 .msg_control = NULL, 6770 .msg_controllen = 0, 6771 .msg_flags = 0, 6772 }; 6773 int res; 6774 u16 txflags = 0; 6775 6776 if (encrypt) 6777 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 6778 6779 if (drv->monitor_sock < 0) { 6780 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available " 6781 "for %s", __func__); 6782 return -1; 6783 } 6784 6785 if (noack) 6786 txflags |= IEEE80211_RADIOTAP_F_TX_NOACK; 6787 WPA_PUT_LE16(&rtap_hdr[12], txflags); 6788 6789 res = sendmsg(drv->monitor_sock, &msg, 0); 6790 if (res < 0) { 6791 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno)); 6792 return -1; 6793 } 6794 return 0; 6795} 6796 6797 6798static int wpa_driver_nl80211_send_frame(struct i802_bss *bss, 6799 const void *data, size_t len, 6800 int encrypt, int noack, 6801 unsigned int freq, int no_cck, 6802 int offchanok, unsigned int wait_time) 6803{ 6804 struct wpa_driver_nl80211_data *drv = bss->drv; 6805 u64 cookie; 6806 int res; 6807 6808 if (freq == 0) { 6809 wpa_printf(MSG_DEBUG, "nl80211: send_frame - Use bss->freq=%u", 6810 bss->freq); 6811 freq = bss->freq; 6812 } 6813 6814 if (drv->use_monitor) { 6815 wpa_printf(MSG_DEBUG, "nl80211: send_frame(freq=%u bss->freq=%u) -> send_mntr", 6816 freq, bss->freq); 6817 return wpa_driver_nl80211_send_mntr(drv, data, len, 6818 encrypt, noack); 6819 } 6820 6821 wpa_printf(MSG_DEBUG, "nl80211: send_frame -> send_frame_cmd"); 6822 res = nl80211_send_frame_cmd(bss, freq, wait_time, data, len, 6823 &cookie, no_cck, noack, offchanok); 6824 if (res == 0 && !noack) { 6825 const struct ieee80211_mgmt *mgmt; 6826 u16 fc; 6827 6828 mgmt = (const struct ieee80211_mgmt *) data; 6829 fc = le_to_host16(mgmt->frame_control); 6830 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6831 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION) { 6832 wpa_printf(MSG_MSGDUMP, 6833 "nl80211: Update send_action_cookie from 0x%llx to 0x%llx", 6834 (long long unsigned int) 6835 drv->send_action_cookie, 6836 (long long unsigned int) cookie); 6837 drv->send_action_cookie = cookie; 6838 } 6839 } 6840 6841 return res; 6842} 6843 6844 6845static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data, 6846 size_t data_len, int noack, 6847 unsigned int freq, int no_cck, 6848 int offchanok, 6849 unsigned int wait_time) 6850{ 6851 struct wpa_driver_nl80211_data *drv = bss->drv; 6852 struct ieee80211_mgmt *mgmt; 6853 int encrypt = 1; 6854 u16 fc; 6855 6856 mgmt = (struct ieee80211_mgmt *) data; 6857 fc = le_to_host16(mgmt->frame_control); 6858 wpa_printf(MSG_DEBUG, "nl80211: send_mlme - noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u fc=0x%x nlmode=%d", 6859 noack, freq, no_cck, offchanok, wait_time, fc, drv->nlmode); 6860 6861 if ((is_sta_interface(drv->nlmode) || 6862 drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) && 6863 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6864 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) { 6865 /* 6866 * The use of last_mgmt_freq is a bit of a hack, 6867 * but it works due to the single-threaded nature 6868 * of wpa_supplicant. 6869 */ 6870 if (freq == 0) { 6871 wpa_printf(MSG_DEBUG, "nl80211: Use last_mgmt_freq=%d", 6872 drv->last_mgmt_freq); 6873 freq = drv->last_mgmt_freq; 6874 } 6875 return nl80211_send_frame_cmd(bss, freq, 0, 6876 data, data_len, NULL, 1, noack, 6877 1); 6878 } 6879 6880 if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) { 6881 if (freq == 0) { 6882 wpa_printf(MSG_DEBUG, "nl80211: Use bss->freq=%d", 6883 bss->freq); 6884 freq = bss->freq; 6885 } 6886 return nl80211_send_frame_cmd(bss, freq, 6887 (int) freq == bss->freq ? 0 : 6888 wait_time, 6889 data, data_len, 6890 &drv->send_action_cookie, 6891 no_cck, noack, offchanok); 6892 } 6893 6894 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6895 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 6896 /* 6897 * Only one of the authentication frame types is encrypted. 6898 * In order for static WEP encryption to work properly (i.e., 6899 * to not encrypt the frame), we need to tell mac80211 about 6900 * the frames that must not be encrypted. 6901 */ 6902 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 6903 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 6904 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 6905 encrypt = 0; 6906 } 6907 6908 wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame"); 6909 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 6910 noack, freq, no_cck, offchanok, 6911 wait_time); 6912} 6913 6914 6915static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble, 6916 int slot, int ht_opmode, int ap_isolate, 6917 int *basic_rates) 6918{ 6919 struct wpa_driver_nl80211_data *drv = bss->drv; 6920 struct nl_msg *msg; 6921 6922 msg = nlmsg_alloc(); 6923 if (!msg) 6924 return -ENOMEM; 6925 6926 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS); 6927 6928 if (cts >= 0) 6929 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 6930 if (preamble >= 0) 6931 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 6932 if (slot >= 0) 6933 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 6934 if (ht_opmode >= 0) 6935 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode); 6936 if (ap_isolate >= 0) 6937 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate); 6938 6939 if (basic_rates) { 6940 u8 rates[NL80211_MAX_SUPP_RATES]; 6941 u8 rates_len = 0; 6942 int i; 6943 6944 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; 6945 i++) 6946 rates[rates_len++] = basic_rates[i] / 5; 6947 6948 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 6949 } 6950 6951 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 6952 6953 return send_and_recv_msgs(drv, msg, NULL, NULL); 6954 nla_put_failure: 6955 nlmsg_free(msg); 6956 return -ENOBUFS; 6957} 6958 6959 6960static int wpa_driver_nl80211_set_acl(void *priv, 6961 struct hostapd_acl_params *params) 6962{ 6963 struct i802_bss *bss = priv; 6964 struct wpa_driver_nl80211_data *drv = bss->drv; 6965 struct nl_msg *msg; 6966 struct nlattr *acl; 6967 unsigned int i; 6968 int ret = 0; 6969 6970 if (!(drv->capa.max_acl_mac_addrs)) 6971 return -ENOTSUP; 6972 6973 if (params->num_mac_acl > drv->capa.max_acl_mac_addrs) 6974 return -ENOTSUP; 6975 6976 msg = nlmsg_alloc(); 6977 if (!msg) 6978 return -ENOMEM; 6979 6980 wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)", 6981 params->acl_policy ? "Accept" : "Deny", params->num_mac_acl); 6982 6983 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_MAC_ACL); 6984 6985 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6986 6987 NLA_PUT_U32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ? 6988 NL80211_ACL_POLICY_DENY_UNLESS_LISTED : 6989 NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED); 6990 6991 acl = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS); 6992 if (acl == NULL) 6993 goto nla_put_failure; 6994 6995 for (i = 0; i < params->num_mac_acl; i++) 6996 NLA_PUT(msg, i + 1, ETH_ALEN, params->mac_acl[i].addr); 6997 6998 nla_nest_end(msg, acl); 6999 7000 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7001 msg = NULL; 7002 if (ret) { 7003 wpa_printf(MSG_DEBUG, "nl80211: Failed to set MAC ACL: %d (%s)", 7004 ret, strerror(-ret)); 7005 } 7006 7007nla_put_failure: 7008 nlmsg_free(msg); 7009 7010 return ret; 7011} 7012 7013 7014static int wpa_driver_nl80211_set_ap(void *priv, 7015 struct wpa_driver_ap_params *params) 7016{ 7017 struct i802_bss *bss = priv; 7018 struct wpa_driver_nl80211_data *drv = bss->drv; 7019 struct nl_msg *msg; 7020 u8 cmd = NL80211_CMD_NEW_BEACON; 7021 int ret; 7022 int beacon_set; 7023 int ifindex = if_nametoindex(bss->ifname); 7024 int num_suites; 7025 u32 suites[10], suite; 7026 u32 ver; 7027 7028 beacon_set = bss->beacon_set; 7029 7030 msg = nlmsg_alloc(); 7031 if (!msg) 7032 return -ENOMEM; 7033 7034 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 7035 beacon_set); 7036 if (beacon_set) 7037 cmd = NL80211_CMD_SET_BEACON; 7038 7039 nl80211_cmd(drv, msg, 0, cmd); 7040 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon head", 7041 params->head, params->head_len); 7042 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head); 7043 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon tail", 7044 params->tail, params->tail_len); 7045 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail); 7046 wpa_printf(MSG_DEBUG, "nl80211: ifindex=%d", ifindex); 7047 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 7048 wpa_printf(MSG_DEBUG, "nl80211: beacon_int=%d", params->beacon_int); 7049 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int); 7050 wpa_printf(MSG_DEBUG, "nl80211: dtim_period=%d", params->dtim_period); 7051 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period); 7052 wpa_hexdump_ascii(MSG_DEBUG, "nl80211: ssid", 7053 params->ssid, params->ssid_len); 7054 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 7055 params->ssid); 7056 if (params->proberesp && params->proberesp_len) { 7057 wpa_hexdump(MSG_DEBUG, "nl80211: proberesp (offload)", 7058 params->proberesp, params->proberesp_len); 7059 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len, 7060 params->proberesp); 7061 } 7062 switch (params->hide_ssid) { 7063 case NO_SSID_HIDING: 7064 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID not in use"); 7065 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7066 NL80211_HIDDEN_SSID_NOT_IN_USE); 7067 break; 7068 case HIDDEN_SSID_ZERO_LEN: 7069 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero len"); 7070 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7071 NL80211_HIDDEN_SSID_ZERO_LEN); 7072 break; 7073 case HIDDEN_SSID_ZERO_CONTENTS: 7074 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero contents"); 7075 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7076 NL80211_HIDDEN_SSID_ZERO_CONTENTS); 7077 break; 7078 } 7079 wpa_printf(MSG_DEBUG, "nl80211: privacy=%d", params->privacy); 7080 if (params->privacy) 7081 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 7082 wpa_printf(MSG_DEBUG, "nl80211: auth_algs=0x%x", params->auth_algs); 7083 if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) == 7084 (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) { 7085 /* Leave out the attribute */ 7086 } else if (params->auth_algs & WPA_AUTH_ALG_SHARED) 7087 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 7088 NL80211_AUTHTYPE_SHARED_KEY); 7089 else 7090 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 7091 NL80211_AUTHTYPE_OPEN_SYSTEM); 7092 7093 wpa_printf(MSG_DEBUG, "nl80211: wpa_version=0x%x", params->wpa_version); 7094 ver = 0; 7095 if (params->wpa_version & WPA_PROTO_WPA) 7096 ver |= NL80211_WPA_VERSION_1; 7097 if (params->wpa_version & WPA_PROTO_RSN) 7098 ver |= NL80211_WPA_VERSION_2; 7099 if (ver) 7100 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 7101 7102 wpa_printf(MSG_DEBUG, "nl80211: key_mgmt_suites=0x%x", 7103 params->key_mgmt_suites); 7104 num_suites = 0; 7105 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X) 7106 suites[num_suites++] = WLAN_AKM_SUITE_8021X; 7107 if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK) 7108 suites[num_suites++] = WLAN_AKM_SUITE_PSK; 7109 if (num_suites) { 7110 NLA_PUT(msg, NL80211_ATTR_AKM_SUITES, 7111 num_suites * sizeof(u32), suites); 7112 } 7113 7114 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X && 7115 params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)) 7116 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT); 7117 7118 wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x", 7119 params->pairwise_ciphers); 7120 num_suites = wpa_cipher_to_cipher_suites(params->pairwise_ciphers, 7121 suites, ARRAY_SIZE(suites)); 7122 if (num_suites) { 7123 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, 7124 num_suites * sizeof(u32), suites); 7125 } 7126 7127 wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x", 7128 params->group_cipher); 7129 suite = wpa_cipher_to_cipher_suite(params->group_cipher); 7130 if (suite) 7131 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite); 7132 7133 if (params->beacon_ies) { 7134 wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies", 7135 params->beacon_ies); 7136 NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies), 7137 wpabuf_head(params->beacon_ies)); 7138 } 7139 if (params->proberesp_ies) { 7140 wpa_hexdump_buf(MSG_DEBUG, "nl80211: proberesp_ies", 7141 params->proberesp_ies); 7142 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 7143 wpabuf_len(params->proberesp_ies), 7144 wpabuf_head(params->proberesp_ies)); 7145 } 7146 if (params->assocresp_ies) { 7147 wpa_hexdump_buf(MSG_DEBUG, "nl80211: assocresp_ies", 7148 params->assocresp_ies); 7149 NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP, 7150 wpabuf_len(params->assocresp_ies), 7151 wpabuf_head(params->assocresp_ies)); 7152 } 7153 7154 if (drv->capa.flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER) { 7155 wpa_printf(MSG_DEBUG, "nl80211: ap_max_inactivity=%d", 7156 params->ap_max_inactivity); 7157 NLA_PUT_U16(msg, NL80211_ATTR_INACTIVITY_TIMEOUT, 7158 params->ap_max_inactivity); 7159 } 7160 7161 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7162 if (ret) { 7163 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 7164 ret, strerror(-ret)); 7165 } else { 7166 bss->beacon_set = 1; 7167 nl80211_set_bss(bss, params->cts_protect, params->preamble, 7168 params->short_slot_time, params->ht_opmode, 7169 params->isolate, params->basic_rates); 7170 } 7171 return ret; 7172 nla_put_failure: 7173 nlmsg_free(msg); 7174 return -ENOBUFS; 7175} 7176 7177 7178static int nl80211_put_freq_params(struct nl_msg *msg, 7179 struct hostapd_freq_params *freq) 7180{ 7181 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq); 7182 if (freq->vht_enabled) { 7183 switch (freq->bandwidth) { 7184 case 20: 7185 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7186 NL80211_CHAN_WIDTH_20); 7187 break; 7188 case 40: 7189 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7190 NL80211_CHAN_WIDTH_40); 7191 break; 7192 case 80: 7193 if (freq->center_freq2) 7194 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7195 NL80211_CHAN_WIDTH_80P80); 7196 else 7197 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7198 NL80211_CHAN_WIDTH_80); 7199 break; 7200 case 160: 7201 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7202 NL80211_CHAN_WIDTH_160); 7203 break; 7204 default: 7205 return -EINVAL; 7206 } 7207 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1); 7208 if (freq->center_freq2) 7209 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2, 7210 freq->center_freq2); 7211 } else if (freq->ht_enabled) { 7212 switch (freq->sec_channel_offset) { 7213 case -1: 7214 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7215 NL80211_CHAN_HT40MINUS); 7216 break; 7217 case 1: 7218 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7219 NL80211_CHAN_HT40PLUS); 7220 break; 7221 default: 7222 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7223 NL80211_CHAN_HT20); 7224 break; 7225 } 7226 } 7227 return 0; 7228 7229nla_put_failure: 7230 return -ENOBUFS; 7231} 7232 7233 7234static int wpa_driver_nl80211_set_freq(struct i802_bss *bss, 7235 struct hostapd_freq_params *freq) 7236{ 7237 struct wpa_driver_nl80211_data *drv = bss->drv; 7238 struct nl_msg *msg; 7239 int ret; 7240 7241 wpa_printf(MSG_DEBUG, 7242 "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)", 7243 freq->freq, freq->ht_enabled, freq->vht_enabled, 7244 freq->bandwidth, freq->center_freq1, freq->center_freq2); 7245 msg = nlmsg_alloc(); 7246 if (!msg) 7247 return -1; 7248 7249 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 7250 7251 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7252 if (nl80211_put_freq_params(msg, freq) < 0) 7253 goto nla_put_failure; 7254 7255 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7256 msg = NULL; 7257 if (ret == 0) { 7258 bss->freq = freq->freq; 7259 return 0; 7260 } 7261 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 7262 "%d (%s)", freq->freq, ret, strerror(-ret)); 7263nla_put_failure: 7264 nlmsg_free(msg); 7265 return -1; 7266} 7267 7268 7269static u32 sta_flags_nl80211(int flags) 7270{ 7271 u32 f = 0; 7272 7273 if (flags & WPA_STA_AUTHORIZED) 7274 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 7275 if (flags & WPA_STA_WMM) 7276 f |= BIT(NL80211_STA_FLAG_WME); 7277 if (flags & WPA_STA_SHORT_PREAMBLE) 7278 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 7279 if (flags & WPA_STA_MFP) 7280 f |= BIT(NL80211_STA_FLAG_MFP); 7281 if (flags & WPA_STA_TDLS_PEER) 7282 f |= BIT(NL80211_STA_FLAG_TDLS_PEER); 7283 7284 return f; 7285} 7286 7287 7288static int wpa_driver_nl80211_sta_add(void *priv, 7289 struct hostapd_sta_add_params *params) 7290{ 7291 struct i802_bss *bss = priv; 7292 struct wpa_driver_nl80211_data *drv = bss->drv; 7293 struct nl_msg *msg; 7294 struct nl80211_sta_flag_update upd; 7295 int ret = -ENOBUFS; 7296 7297 if ((params->flags & WPA_STA_TDLS_PEER) && 7298 !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 7299 return -EOPNOTSUPP; 7300 7301 msg = nlmsg_alloc(); 7302 if (!msg) 7303 return -ENOMEM; 7304 7305 wpa_printf(MSG_DEBUG, "nl80211: %s STA " MACSTR, 7306 params->set ? "Set" : "Add", MAC2STR(params->addr)); 7307 nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION : 7308 NL80211_CMD_NEW_STATION); 7309 7310 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 7311 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 7312 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 7313 params->supp_rates); 7314 wpa_hexdump(MSG_DEBUG, " * supported rates", params->supp_rates, 7315 params->supp_rates_len); 7316 if (!params->set) { 7317 if (params->aid) { 7318 wpa_printf(MSG_DEBUG, " * aid=%u", params->aid); 7319 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 7320 } else { 7321 /* 7322 * cfg80211 validates that AID is non-zero, so we have 7323 * to make this a non-zero value for the TDLS case where 7324 * a dummy STA entry is used for now. 7325 */ 7326 wpa_printf(MSG_DEBUG, " * aid=1 (TDLS workaround)"); 7327 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, 1); 7328 } 7329 wpa_printf(MSG_DEBUG, " * listen_interval=%u", 7330 params->listen_interval); 7331 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 7332 params->listen_interval); 7333 } else if (params->aid && (params->flags & WPA_STA_TDLS_PEER)) { 7334 wpa_printf(MSG_DEBUG, " * peer_aid=%u", params->aid); 7335 NLA_PUT_U16(msg, NL80211_ATTR_PEER_AID, params->aid); 7336 } 7337 if (params->ht_capabilities) { 7338 wpa_hexdump(MSG_DEBUG, " * ht_capabilities", 7339 (u8 *) params->ht_capabilities, 7340 sizeof(*params->ht_capabilities)); 7341 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 7342 sizeof(*params->ht_capabilities), 7343 params->ht_capabilities); 7344 } 7345 7346 if (params->vht_capabilities) { 7347 wpa_hexdump(MSG_DEBUG, " * vht_capabilities", 7348 (u8 *) params->vht_capabilities, 7349 sizeof(*params->vht_capabilities)); 7350 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, 7351 sizeof(*params->vht_capabilities), 7352 params->vht_capabilities); 7353 } 7354 7355 if (params->vht_opmode_enabled) { 7356 wpa_printf(MSG_DEBUG, " * opmode=%u", params->vht_opmode); 7357 NLA_PUT_U8(msg, NL80211_ATTR_OPMODE_NOTIF, 7358 params->vht_opmode); 7359 } 7360 7361 wpa_printf(MSG_DEBUG, " * capability=0x%x", params->capability); 7362 NLA_PUT_U16(msg, NL80211_ATTR_STA_CAPABILITY, params->capability); 7363 7364 if (params->ext_capab) { 7365 wpa_hexdump(MSG_DEBUG, " * ext_capab", 7366 params->ext_capab, params->ext_capab_len); 7367 NLA_PUT(msg, NL80211_ATTR_STA_EXT_CAPABILITY, 7368 params->ext_capab_len, params->ext_capab); 7369 } 7370 7371 if (params->supp_channels) { 7372 wpa_hexdump(MSG_DEBUG, " * supported channels", 7373 params->supp_channels, params->supp_channels_len); 7374 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_CHANNELS, 7375 params->supp_channels_len, params->supp_channels); 7376 } 7377 7378 if (params->supp_oper_classes) { 7379 wpa_hexdump(MSG_DEBUG, " * supported operating classes", 7380 params->supp_oper_classes, 7381 params->supp_oper_classes_len); 7382 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES, 7383 params->supp_oper_classes_len, 7384 params->supp_oper_classes); 7385 } 7386 7387 os_memset(&upd, 0, sizeof(upd)); 7388 upd.mask = sta_flags_nl80211(params->flags); 7389 upd.set = upd.mask; 7390 wpa_printf(MSG_DEBUG, " * flags set=0x%x mask=0x%x", 7391 upd.set, upd.mask); 7392 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 7393 7394 if (params->flags & WPA_STA_WMM) { 7395 struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME); 7396 7397 if (!wme) 7398 goto nla_put_failure; 7399 7400 wpa_printf(MSG_DEBUG, " * qosinfo=0x%x", params->qosinfo); 7401 NLA_PUT_U8(msg, NL80211_STA_WME_UAPSD_QUEUES, 7402 params->qosinfo & WMM_QOSINFO_STA_AC_MASK); 7403 NLA_PUT_U8(msg, NL80211_STA_WME_MAX_SP, 7404 (params->qosinfo >> WMM_QOSINFO_STA_SP_SHIFT) & 7405 WMM_QOSINFO_STA_SP_MASK); 7406 nla_nest_end(msg, wme); 7407 } 7408 7409 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7410 msg = NULL; 7411 if (ret) 7412 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION " 7413 "result: %d (%s)", params->set ? "SET" : "NEW", ret, 7414 strerror(-ret)); 7415 if (ret == -EEXIST) 7416 ret = 0; 7417 nla_put_failure: 7418 nlmsg_free(msg); 7419 return ret; 7420} 7421 7422 7423static int wpa_driver_nl80211_sta_remove(struct i802_bss *bss, const u8 *addr) 7424{ 7425 struct wpa_driver_nl80211_data *drv = bss->drv; 7426 struct nl_msg *msg; 7427 int ret; 7428 7429 msg = nlmsg_alloc(); 7430 if (!msg) 7431 return -ENOMEM; 7432 7433 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 7434 7435 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 7436 if_nametoindex(bss->ifname)); 7437 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7438 7439 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7440 wpa_printf(MSG_DEBUG, "nl80211: sta_remove -> DEL_STATION %s " MACSTR 7441 " --> %d (%s)", 7442 bss->ifname, MAC2STR(addr), ret, strerror(-ret)); 7443 if (ret == -ENOENT) 7444 return 0; 7445 return ret; 7446 nla_put_failure: 7447 nlmsg_free(msg); 7448 return -ENOBUFS; 7449} 7450 7451 7452static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 7453 int ifidx) 7454{ 7455 struct nl_msg *msg; 7456 7457 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 7458 7459 /* stop listening for EAPOL on this interface */ 7460 del_ifidx(drv, ifidx); 7461 7462 msg = nlmsg_alloc(); 7463 if (!msg) 7464 goto nla_put_failure; 7465 7466 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 7467 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 7468 7469 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 7470 return; 7471 msg = NULL; 7472 nla_put_failure: 7473 nlmsg_free(msg); 7474 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 7475} 7476 7477 7478static const char * nl80211_iftype_str(enum nl80211_iftype mode) 7479{ 7480 switch (mode) { 7481 case NL80211_IFTYPE_ADHOC: 7482 return "ADHOC"; 7483 case NL80211_IFTYPE_STATION: 7484 return "STATION"; 7485 case NL80211_IFTYPE_AP: 7486 return "AP"; 7487 case NL80211_IFTYPE_AP_VLAN: 7488 return "AP_VLAN"; 7489 case NL80211_IFTYPE_WDS: 7490 return "WDS"; 7491 case NL80211_IFTYPE_MONITOR: 7492 return "MONITOR"; 7493 case NL80211_IFTYPE_MESH_POINT: 7494 return "MESH_POINT"; 7495 case NL80211_IFTYPE_P2P_CLIENT: 7496 return "P2P_CLIENT"; 7497 case NL80211_IFTYPE_P2P_GO: 7498 return "P2P_GO"; 7499 case NL80211_IFTYPE_P2P_DEVICE: 7500 return "P2P_DEVICE"; 7501 default: 7502 return "unknown"; 7503 } 7504} 7505 7506 7507static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 7508 const char *ifname, 7509 enum nl80211_iftype iftype, 7510 const u8 *addr, int wds, 7511 int (*handler)(struct nl_msg *, void *), 7512 void *arg) 7513{ 7514 struct nl_msg *msg; 7515 int ifidx; 7516 int ret = -ENOBUFS; 7517 7518 wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)", 7519 iftype, nl80211_iftype_str(iftype)); 7520 7521 msg = nlmsg_alloc(); 7522 if (!msg) 7523 return -1; 7524 7525 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE); 7526 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 7527 goto nla_put_failure; 7528 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 7529 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 7530 7531 if (iftype == NL80211_IFTYPE_MONITOR) { 7532 struct nlattr *flags; 7533 7534 flags = nla_nest_start(msg, NL80211_ATTR_MNTR_FLAGS); 7535 if (!flags) 7536 goto nla_put_failure; 7537 7538 NLA_PUT_FLAG(msg, NL80211_MNTR_FLAG_COOK_FRAMES); 7539 7540 nla_nest_end(msg, flags); 7541 } else if (wds) { 7542 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 7543 } 7544 7545 ret = send_and_recv_msgs(drv, msg, handler, arg); 7546 msg = NULL; 7547 if (ret) { 7548 nla_put_failure: 7549 nlmsg_free(msg); 7550 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 7551 ifname, ret, strerror(-ret)); 7552 return ret; 7553 } 7554 7555 if (iftype == NL80211_IFTYPE_P2P_DEVICE) 7556 return 0; 7557 7558 ifidx = if_nametoindex(ifname); 7559 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 7560 ifname, ifidx); 7561 7562 if (ifidx <= 0) 7563 return -1; 7564 7565 /* start listening for EAPOL on this interface */ 7566 add_ifidx(drv, ifidx); 7567 7568 if (addr && iftype != NL80211_IFTYPE_MONITOR && 7569 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) { 7570 nl80211_remove_iface(drv, ifidx); 7571 return -1; 7572 } 7573 7574 return ifidx; 7575} 7576 7577 7578static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 7579 const char *ifname, enum nl80211_iftype iftype, 7580 const u8 *addr, int wds, 7581 int (*handler)(struct nl_msg *, void *), 7582 void *arg, int use_existing) 7583{ 7584 int ret; 7585 7586 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds, handler, 7587 arg); 7588 7589 /* if error occurred and interface exists already */ 7590 if (ret == -ENFILE && if_nametoindex(ifname)) { 7591 if (use_existing) { 7592 wpa_printf(MSG_DEBUG, "nl80211: Continue using existing interface %s", 7593 ifname); 7594 return -ENFILE; 7595 } 7596 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 7597 7598 /* Try to remove the interface that was already there. */ 7599 nl80211_remove_iface(drv, if_nametoindex(ifname)); 7600 7601 /* Try to create the interface again */ 7602 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 7603 wds, handler, arg); 7604 } 7605 7606 if (ret >= 0 && is_p2p_net_interface(iftype)) 7607 nl80211_disable_11b_rates(drv, ret, 1); 7608 7609 return ret; 7610} 7611 7612 7613static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 7614{ 7615 struct ieee80211_hdr *hdr; 7616 u16 fc; 7617 union wpa_event_data event; 7618 7619 hdr = (struct ieee80211_hdr *) buf; 7620 fc = le_to_host16(hdr->frame_control); 7621 7622 os_memset(&event, 0, sizeof(event)); 7623 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 7624 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 7625 event.tx_status.dst = hdr->addr1; 7626 event.tx_status.data = buf; 7627 event.tx_status.data_len = len; 7628 event.tx_status.ack = ok; 7629 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 7630} 7631 7632 7633static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 7634 u8 *buf, size_t len) 7635{ 7636 struct ieee80211_hdr *hdr = (void *)buf; 7637 u16 fc; 7638 union wpa_event_data event; 7639 7640 if (len < sizeof(*hdr)) 7641 return; 7642 7643 fc = le_to_host16(hdr->frame_control); 7644 7645 os_memset(&event, 0, sizeof(event)); 7646 event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len); 7647 event.rx_from_unknown.addr = hdr->addr2; 7648 event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) == 7649 (WLAN_FC_FROMDS | WLAN_FC_TODS); 7650 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 7651} 7652 7653 7654static void handle_frame(struct wpa_driver_nl80211_data *drv, 7655 u8 *buf, size_t len, int datarate, int ssi_signal) 7656{ 7657 struct ieee80211_hdr *hdr; 7658 u16 fc; 7659 union wpa_event_data event; 7660 7661 hdr = (struct ieee80211_hdr *) buf; 7662 fc = le_to_host16(hdr->frame_control); 7663 7664 switch (WLAN_FC_GET_TYPE(fc)) { 7665 case WLAN_FC_TYPE_MGMT: 7666 os_memset(&event, 0, sizeof(event)); 7667 event.rx_mgmt.frame = buf; 7668 event.rx_mgmt.frame_len = len; 7669 event.rx_mgmt.datarate = datarate; 7670 event.rx_mgmt.ssi_signal = ssi_signal; 7671 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 7672 break; 7673 case WLAN_FC_TYPE_CTRL: 7674 /* can only get here with PS-Poll frames */ 7675 wpa_printf(MSG_DEBUG, "CTRL"); 7676 from_unknown_sta(drv, buf, len); 7677 break; 7678 case WLAN_FC_TYPE_DATA: 7679 from_unknown_sta(drv, buf, len); 7680 break; 7681 } 7682} 7683 7684 7685static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 7686{ 7687 struct wpa_driver_nl80211_data *drv = eloop_ctx; 7688 int len; 7689 unsigned char buf[3000]; 7690 struct ieee80211_radiotap_iterator iter; 7691 int ret; 7692 int datarate = 0, ssi_signal = 0; 7693 int injected = 0, failed = 0, rxflags = 0; 7694 7695 len = recv(sock, buf, sizeof(buf), 0); 7696 if (len < 0) { 7697 wpa_printf(MSG_ERROR, "nl80211: Monitor socket recv failed: %s", 7698 strerror(errno)); 7699 return; 7700 } 7701 7702 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) { 7703 wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame"); 7704 return; 7705 } 7706 7707 while (1) { 7708 ret = ieee80211_radiotap_iterator_next(&iter); 7709 if (ret == -ENOENT) 7710 break; 7711 if (ret) { 7712 wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame (%d)", 7713 ret); 7714 return; 7715 } 7716 switch (iter.this_arg_index) { 7717 case IEEE80211_RADIOTAP_FLAGS: 7718 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 7719 len -= 4; 7720 break; 7721 case IEEE80211_RADIOTAP_RX_FLAGS: 7722 rxflags = 1; 7723 break; 7724 case IEEE80211_RADIOTAP_TX_FLAGS: 7725 injected = 1; 7726 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 7727 IEEE80211_RADIOTAP_F_TX_FAIL; 7728 break; 7729 case IEEE80211_RADIOTAP_DATA_RETRIES: 7730 break; 7731 case IEEE80211_RADIOTAP_CHANNEL: 7732 /* TODO: convert from freq/flags to channel number */ 7733 break; 7734 case IEEE80211_RADIOTAP_RATE: 7735 datarate = *iter.this_arg * 5; 7736 break; 7737 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: 7738 ssi_signal = (s8) *iter.this_arg; 7739 break; 7740 } 7741 } 7742 7743 if (rxflags && injected) 7744 return; 7745 7746 if (!injected) 7747 handle_frame(drv, buf + iter.max_length, 7748 len - iter.max_length, datarate, ssi_signal); 7749 else 7750 handle_tx_callback(drv->ctx, buf + iter.max_length, 7751 len - iter.max_length, !failed); 7752} 7753 7754 7755/* 7756 * we post-process the filter code later and rewrite 7757 * this to the offset to the last instruction 7758 */ 7759#define PASS 0xFF 7760#define FAIL 0xFE 7761 7762static struct sock_filter msock_filter_insns[] = { 7763 /* 7764 * do a little-endian load of the radiotap length field 7765 */ 7766 /* load lower byte into A */ 7767 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 7768 /* put it into X (== index register) */ 7769 BPF_STMT(BPF_MISC| BPF_TAX, 0), 7770 /* load upper byte into A */ 7771 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 7772 /* left-shift it by 8 */ 7773 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 7774 /* or with X */ 7775 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 7776 /* put result into X */ 7777 BPF_STMT(BPF_MISC| BPF_TAX, 0), 7778 7779 /* 7780 * Allow management frames through, this also gives us those 7781 * management frames that we sent ourselves with status 7782 */ 7783 /* load the lower byte of the IEEE 802.11 frame control field */ 7784 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7785 /* mask off frame type and version */ 7786 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 7787 /* accept frame if it's both 0, fall through otherwise */ 7788 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 7789 7790 /* 7791 * TODO: add a bit to radiotap RX flags that indicates 7792 * that the sending station is not associated, then 7793 * add a filter here that filters on our DA and that flag 7794 * to allow us to deauth frames to that bad station. 7795 * 7796 * For now allow all To DS data frames through. 7797 */ 7798 /* load the IEEE 802.11 frame control field */ 7799 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0), 7800 /* mask off frame type, version and DS status */ 7801 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03), 7802 /* accept frame if version 0, type 2 and To DS, fall through otherwise 7803 */ 7804 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0), 7805 7806#if 0 7807 /* 7808 * drop non-data frames 7809 */ 7810 /* load the lower byte of the frame control field */ 7811 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7812 /* mask off QoS bit */ 7813 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 7814 /* drop non-data frames */ 7815 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 7816#endif 7817 /* load the upper byte of the frame control field */ 7818 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 7819 /* mask off toDS/fromDS */ 7820 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 7821 /* accept WDS frames */ 7822 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 7823 7824 /* 7825 * add header length to index 7826 */ 7827 /* load the lower byte of the frame control field */ 7828 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7829 /* mask off QoS bit */ 7830 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 7831 /* right shift it by 6 to give 0 or 2 */ 7832 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 7833 /* add data frame header length */ 7834 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 7835 /* add index, was start of 802.11 header */ 7836 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 7837 /* move to index, now start of LL header */ 7838 BPF_STMT(BPF_MISC | BPF_TAX, 0), 7839 7840 /* 7841 * Accept empty data frames, we use those for 7842 * polling activity. 7843 */ 7844 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 7845 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 7846 7847 /* 7848 * Accept EAPOL frames 7849 */ 7850 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 7851 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 7852 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 7853 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 7854 7855 /* keep these last two statements or change the code below */ 7856 /* return 0 == "DROP" */ 7857 BPF_STMT(BPF_RET | BPF_K, 0), 7858 /* return ~0 == "keep all" */ 7859 BPF_STMT(BPF_RET | BPF_K, ~0), 7860}; 7861 7862static struct sock_fprog msock_filter = { 7863 .len = ARRAY_SIZE(msock_filter_insns), 7864 .filter = msock_filter_insns, 7865}; 7866 7867 7868static int add_monitor_filter(int s) 7869{ 7870 int idx; 7871 7872 /* rewrite all PASS/FAIL jump offsets */ 7873 for (idx = 0; idx < msock_filter.len; idx++) { 7874 struct sock_filter *insn = &msock_filter_insns[idx]; 7875 7876 if (BPF_CLASS(insn->code) == BPF_JMP) { 7877 if (insn->code == (BPF_JMP|BPF_JA)) { 7878 if (insn->k == PASS) 7879 insn->k = msock_filter.len - idx - 2; 7880 else if (insn->k == FAIL) 7881 insn->k = msock_filter.len - idx - 3; 7882 } 7883 7884 if (insn->jt == PASS) 7885 insn->jt = msock_filter.len - idx - 2; 7886 else if (insn->jt == FAIL) 7887 insn->jt = msock_filter.len - idx - 3; 7888 7889 if (insn->jf == PASS) 7890 insn->jf = msock_filter.len - idx - 2; 7891 else if (insn->jf == FAIL) 7892 insn->jf = msock_filter.len - idx - 3; 7893 } 7894 } 7895 7896 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 7897 &msock_filter, sizeof(msock_filter))) { 7898 wpa_printf(MSG_ERROR, "nl80211: setsockopt(SO_ATTACH_FILTER) failed: %s", 7899 strerror(errno)); 7900 return -1; 7901 } 7902 7903 return 0; 7904} 7905 7906 7907static void nl80211_remove_monitor_interface( 7908 struct wpa_driver_nl80211_data *drv) 7909{ 7910 if (drv->monitor_refcount > 0) 7911 drv->monitor_refcount--; 7912 wpa_printf(MSG_DEBUG, "nl80211: Remove monitor interface: refcount=%d", 7913 drv->monitor_refcount); 7914 if (drv->monitor_refcount > 0) 7915 return; 7916 7917 if (drv->monitor_ifidx >= 0) { 7918 nl80211_remove_iface(drv, drv->monitor_ifidx); 7919 drv->monitor_ifidx = -1; 7920 } 7921 if (drv->monitor_sock >= 0) { 7922 eloop_unregister_read_sock(drv->monitor_sock); 7923 close(drv->monitor_sock); 7924 drv->monitor_sock = -1; 7925 } 7926} 7927 7928 7929static int 7930nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 7931{ 7932 char buf[IFNAMSIZ]; 7933 struct sockaddr_ll ll; 7934 int optval; 7935 socklen_t optlen; 7936 7937 if (drv->monitor_ifidx >= 0) { 7938 drv->monitor_refcount++; 7939 wpa_printf(MSG_DEBUG, "nl80211: Re-use existing monitor interface: refcount=%d", 7940 drv->monitor_refcount); 7941 return 0; 7942 } 7943 7944 if (os_strncmp(drv->first_bss->ifname, "p2p-", 4) == 0) { 7945 /* 7946 * P2P interface name is of the format p2p-%s-%d. For monitor 7947 * interface name corresponding to P2P GO, replace "p2p-" with 7948 * "mon-" to retain the same interface name length and to 7949 * indicate that it is a monitor interface. 7950 */ 7951 snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss->ifname + 4); 7952 } else { 7953 /* Non-P2P interface with AP functionality. */ 7954 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss->ifname); 7955 } 7956 7957 buf[IFNAMSIZ - 1] = '\0'; 7958 7959 drv->monitor_ifidx = 7960 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 7961 0, NULL, NULL, 0); 7962 7963 if (drv->monitor_ifidx == -EOPNOTSUPP) { 7964 /* 7965 * This is backward compatibility for a few versions of 7966 * the kernel only that didn't advertise the right 7967 * attributes for the only driver that then supported 7968 * AP mode w/o monitor -- ath6kl. 7969 */ 7970 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support " 7971 "monitor interface type - try to run without it"); 7972 drv->device_ap_sme = 1; 7973 } 7974 7975 if (drv->monitor_ifidx < 0) 7976 return -1; 7977 7978 if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1)) 7979 goto error; 7980 7981 memset(&ll, 0, sizeof(ll)); 7982 ll.sll_family = AF_PACKET; 7983 ll.sll_ifindex = drv->monitor_ifidx; 7984 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 7985 if (drv->monitor_sock < 0) { 7986 wpa_printf(MSG_ERROR, "nl80211: socket[PF_PACKET,SOCK_RAW] failed: %s", 7987 strerror(errno)); 7988 goto error; 7989 } 7990 7991 if (add_monitor_filter(drv->monitor_sock)) { 7992 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 7993 "interface; do filtering in user space"); 7994 /* This works, but will cost in performance. */ 7995 } 7996 7997 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 7998 wpa_printf(MSG_ERROR, "nl80211: monitor socket bind failed: %s", 7999 strerror(errno)); 8000 goto error; 8001 } 8002 8003 optlen = sizeof(optval); 8004 optval = 20; 8005 if (setsockopt 8006 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 8007 wpa_printf(MSG_ERROR, "nl80211: Failed to set socket priority: %s", 8008 strerror(errno)); 8009 goto error; 8010 } 8011 8012 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 8013 drv, NULL)) { 8014 wpa_printf(MSG_INFO, "nl80211: Could not register monitor read socket"); 8015 goto error; 8016 } 8017 8018 drv->monitor_refcount++; 8019 return 0; 8020 error: 8021 nl80211_remove_monitor_interface(drv); 8022 return -1; 8023} 8024 8025 8026static int nl80211_setup_ap(struct i802_bss *bss) 8027{ 8028 struct wpa_driver_nl80211_data *drv = bss->drv; 8029 8030 wpa_printf(MSG_DEBUG, "nl80211: Setup AP(%s) - device_ap_sme=%d use_monitor=%d", 8031 bss->ifname, drv->device_ap_sme, drv->use_monitor); 8032 8033 /* 8034 * Disable Probe Request reporting unless we need it in this way for 8035 * devices that include the AP SME, in the other case (unless using 8036 * monitor iface) we'll get it through the nl_mgmt socket instead. 8037 */ 8038 if (!drv->device_ap_sme) 8039 wpa_driver_nl80211_probe_req_report(bss, 0); 8040 8041 if (!drv->device_ap_sme && !drv->use_monitor) 8042 if (nl80211_mgmt_subscribe_ap(bss)) 8043 return -1; 8044 8045 if (drv->device_ap_sme && !drv->use_monitor) 8046 if (nl80211_mgmt_subscribe_ap_dev_sme(bss)) 8047 return -1; 8048 8049 if (!drv->device_ap_sme && drv->use_monitor && 8050 nl80211_create_monitor_interface(drv) && 8051 !drv->device_ap_sme) 8052 return -1; 8053 8054 if (drv->device_ap_sme && 8055 wpa_driver_nl80211_probe_req_report(bss, 1) < 0) { 8056 wpa_printf(MSG_DEBUG, "nl80211: Failed to enable " 8057 "Probe Request frame reporting in AP mode"); 8058 /* Try to survive without this */ 8059 } 8060 8061 return 0; 8062} 8063 8064 8065static void nl80211_teardown_ap(struct i802_bss *bss) 8066{ 8067 struct wpa_driver_nl80211_data *drv = bss->drv; 8068 8069 wpa_printf(MSG_DEBUG, "nl80211: Teardown AP(%s) - device_ap_sme=%d use_monitor=%d", 8070 bss->ifname, drv->device_ap_sme, drv->use_monitor); 8071 if (drv->device_ap_sme) { 8072 wpa_driver_nl80211_probe_req_report(bss, 0); 8073 if (!drv->use_monitor) 8074 nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)"); 8075 } else if (drv->use_monitor) 8076 nl80211_remove_monitor_interface(drv); 8077 else 8078 nl80211_mgmt_unsubscribe(bss, "AP teardown"); 8079 8080 bss->beacon_set = 0; 8081} 8082 8083 8084static int nl80211_send_eapol_data(struct i802_bss *bss, 8085 const u8 *addr, const u8 *data, 8086 size_t data_len) 8087{ 8088 struct sockaddr_ll ll; 8089 int ret; 8090 8091 if (bss->drv->eapol_tx_sock < 0) { 8092 wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL"); 8093 return -1; 8094 } 8095 8096 os_memset(&ll, 0, sizeof(ll)); 8097 ll.sll_family = AF_PACKET; 8098 ll.sll_ifindex = bss->ifindex; 8099 ll.sll_protocol = htons(ETH_P_PAE); 8100 ll.sll_halen = ETH_ALEN; 8101 os_memcpy(ll.sll_addr, addr, ETH_ALEN); 8102 ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0, 8103 (struct sockaddr *) &ll, sizeof(ll)); 8104 if (ret < 0) 8105 wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s", 8106 strerror(errno)); 8107 8108 return ret; 8109} 8110 8111 8112static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 8113 8114static int wpa_driver_nl80211_hapd_send_eapol( 8115 void *priv, const u8 *addr, const u8 *data, 8116 size_t data_len, int encrypt, const u8 *own_addr, u32 flags) 8117{ 8118 struct i802_bss *bss = priv; 8119 struct wpa_driver_nl80211_data *drv = bss->drv; 8120 struct ieee80211_hdr *hdr; 8121 size_t len; 8122 u8 *pos; 8123 int res; 8124 int qos = flags & WPA_STA_WMM; 8125 8126 if (drv->device_ap_sme || !drv->use_monitor) 8127 return nl80211_send_eapol_data(bss, addr, data, data_len); 8128 8129 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 8130 data_len; 8131 hdr = os_zalloc(len); 8132 if (hdr == NULL) { 8133 wpa_printf(MSG_INFO, "nl80211: Failed to allocate EAPOL buffer(len=%lu)", 8134 (unsigned long) len); 8135 return -1; 8136 } 8137 8138 hdr->frame_control = 8139 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 8140 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 8141 if (encrypt) 8142 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 8143 if (qos) { 8144 hdr->frame_control |= 8145 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 8146 } 8147 8148 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 8149 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 8150 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 8151 pos = (u8 *) (hdr + 1); 8152 8153 if (qos) { 8154 /* Set highest priority in QoS header */ 8155 pos[0] = 7; 8156 pos[1] = 0; 8157 pos += 2; 8158 } 8159 8160 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 8161 pos += sizeof(rfc1042_header); 8162 WPA_PUT_BE16(pos, ETH_P_PAE); 8163 pos += 2; 8164 memcpy(pos, data, data_len); 8165 8166 res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0, 8167 0, 0, 0, 0); 8168 if (res < 0) { 8169 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 8170 "failed: %d (%s)", 8171 (unsigned long) len, errno, strerror(errno)); 8172 } 8173 os_free(hdr); 8174 8175 return res; 8176} 8177 8178 8179static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 8180 int total_flags, 8181 int flags_or, int flags_and) 8182{ 8183 struct i802_bss *bss = priv; 8184 struct wpa_driver_nl80211_data *drv = bss->drv; 8185 struct nl_msg *msg; 8186 struct nlattr *flags; 8187 struct nl80211_sta_flag_update upd; 8188 8189 msg = nlmsg_alloc(); 8190 if (!msg) 8191 return -ENOMEM; 8192 8193 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 8194 8195 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 8196 if_nametoindex(bss->ifname)); 8197 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8198 8199 /* 8200 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 8201 * can be removed eventually. 8202 */ 8203 flags = nla_nest_start(msg, NL80211_ATTR_STA_FLAGS); 8204 if (!flags) 8205 goto nla_put_failure; 8206 if (total_flags & WPA_STA_AUTHORIZED) 8207 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_AUTHORIZED); 8208 8209 if (total_flags & WPA_STA_WMM) 8210 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_WME); 8211 8212 if (total_flags & WPA_STA_SHORT_PREAMBLE) 8213 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_SHORT_PREAMBLE); 8214 8215 if (total_flags & WPA_STA_MFP) 8216 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_MFP); 8217 8218 if (total_flags & WPA_STA_TDLS_PEER) 8219 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_TDLS_PEER); 8220 8221 nla_nest_end(msg, flags); 8222 8223 os_memset(&upd, 0, sizeof(upd)); 8224 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 8225 upd.set = sta_flags_nl80211(flags_or); 8226 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 8227 8228 return send_and_recv_msgs(drv, msg, NULL, NULL); 8229 nla_put_failure: 8230 nlmsg_free(msg); 8231 return -ENOBUFS; 8232} 8233 8234 8235static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 8236 struct wpa_driver_associate_params *params) 8237{ 8238 enum nl80211_iftype nlmode, old_mode; 8239 struct hostapd_freq_params freq = { 8240 .freq = params->freq, 8241 }; 8242 8243 if (params->p2p) { 8244 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P " 8245 "group (GO)"); 8246 nlmode = NL80211_IFTYPE_P2P_GO; 8247 } else 8248 nlmode = NL80211_IFTYPE_AP; 8249 8250 old_mode = drv->nlmode; 8251 if (wpa_driver_nl80211_set_mode(drv->first_bss, nlmode)) { 8252 nl80211_remove_monitor_interface(drv); 8253 return -1; 8254 } 8255 8256 if (wpa_driver_nl80211_set_freq(drv->first_bss, &freq)) { 8257 if (old_mode != nlmode) 8258 wpa_driver_nl80211_set_mode(drv->first_bss, old_mode); 8259 nl80211_remove_monitor_interface(drv); 8260 return -1; 8261 } 8262 8263 return 0; 8264} 8265 8266 8267static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 8268{ 8269 struct nl_msg *msg; 8270 int ret = -1; 8271 8272 msg = nlmsg_alloc(); 8273 if (!msg) 8274 return -1; 8275 8276 nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS); 8277 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8278 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8279 msg = NULL; 8280 if (ret) { 8281 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 8282 "(%s)", ret, strerror(-ret)); 8283 goto nla_put_failure; 8284 } 8285 8286 ret = 0; 8287 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 8288 8289nla_put_failure: 8290 if (wpa_driver_nl80211_set_mode(drv->first_bss, 8291 NL80211_IFTYPE_STATION)) { 8292 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 8293 "station mode"); 8294 } 8295 8296 nlmsg_free(msg); 8297 return ret; 8298} 8299 8300 8301static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 8302 struct wpa_driver_associate_params *params) 8303{ 8304 struct nl_msg *msg; 8305 int ret = -1; 8306 int count = 0; 8307 8308 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 8309 8310 if (wpa_driver_nl80211_set_mode(drv->first_bss, 8311 NL80211_IFTYPE_ADHOC)) { 8312 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 8313 "IBSS mode"); 8314 return -1; 8315 } 8316 8317retry: 8318 msg = nlmsg_alloc(); 8319 if (!msg) 8320 return -1; 8321 8322 nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS); 8323 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8324 8325 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 8326 goto nla_put_failure; 8327 8328 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 8329 params->ssid, params->ssid_len); 8330 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 8331 params->ssid); 8332 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 8333 drv->ssid_len = params->ssid_len; 8334 8335 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 8336 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 8337 8338 ret = nl80211_set_conn_keys(params, msg); 8339 if (ret) 8340 goto nla_put_failure; 8341 8342 if (params->bssid && params->fixed_bssid) { 8343 wpa_printf(MSG_DEBUG, " * BSSID=" MACSTR, 8344 MAC2STR(params->bssid)); 8345 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 8346 } 8347 8348 if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X || 8349 params->key_mgmt_suite == WPA_KEY_MGMT_PSK || 8350 params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 || 8351 params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) { 8352 wpa_printf(MSG_DEBUG, " * control port"); 8353 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 8354 } 8355 8356 if (params->wpa_ie) { 8357 wpa_hexdump(MSG_DEBUG, 8358 " * Extra IEs for Beacon/Probe Response frames", 8359 params->wpa_ie, params->wpa_ie_len); 8360 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 8361 params->wpa_ie); 8362 } 8363 8364 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8365 msg = NULL; 8366 if (ret) { 8367 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 8368 ret, strerror(-ret)); 8369 count++; 8370 if (ret == -EALREADY && count == 1) { 8371 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 8372 "forced leave"); 8373 nl80211_leave_ibss(drv); 8374 nlmsg_free(msg); 8375 goto retry; 8376 } 8377 8378 goto nla_put_failure; 8379 } 8380 ret = 0; 8381 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 8382 8383nla_put_failure: 8384 nlmsg_free(msg); 8385 return ret; 8386} 8387 8388 8389static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, 8390 struct wpa_driver_associate_params *params, 8391 struct nl_msg *msg) 8392{ 8393 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8394 8395 if (params->bssid) { 8396 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 8397 MAC2STR(params->bssid)); 8398 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 8399 } 8400 8401 if (params->bssid_hint) { 8402 wpa_printf(MSG_DEBUG, " * bssid_hint=" MACSTR, 8403 MAC2STR(params->bssid_hint)); 8404 NLA_PUT(msg, NL80211_ATTR_MAC_HINT, ETH_ALEN, 8405 params->bssid_hint); 8406 } 8407 8408 if (params->freq) { 8409 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 8410 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 8411 drv->assoc_freq = params->freq; 8412 } else 8413 drv->assoc_freq = 0; 8414 8415 if (params->freq_hint) { 8416 wpa_printf(MSG_DEBUG, " * freq_hint=%d", params->freq_hint); 8417 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ_HINT, 8418 params->freq_hint); 8419 } 8420 8421 if (params->bg_scan_period >= 0) { 8422 wpa_printf(MSG_DEBUG, " * bg scan period=%d", 8423 params->bg_scan_period); 8424 NLA_PUT_U16(msg, NL80211_ATTR_BG_SCAN_PERIOD, 8425 params->bg_scan_period); 8426 } 8427 8428 if (params->ssid) { 8429 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 8430 params->ssid, params->ssid_len); 8431 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 8432 params->ssid); 8433 if (params->ssid_len > sizeof(drv->ssid)) 8434 goto nla_put_failure; 8435 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 8436 drv->ssid_len = params->ssid_len; 8437 } 8438 8439 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 8440 if (params->wpa_ie) 8441 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 8442 params->wpa_ie); 8443 8444 if (params->wpa_proto) { 8445 enum nl80211_wpa_versions ver = 0; 8446 8447 if (params->wpa_proto & WPA_PROTO_WPA) 8448 ver |= NL80211_WPA_VERSION_1; 8449 if (params->wpa_proto & WPA_PROTO_RSN) 8450 ver |= NL80211_WPA_VERSION_2; 8451 8452 wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver); 8453 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 8454 } 8455 8456 if (params->pairwise_suite != WPA_CIPHER_NONE) { 8457 u32 cipher = wpa_cipher_to_cipher_suite(params->pairwise_suite); 8458 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher); 8459 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 8460 } 8461 8462 if (params->group_suite != WPA_CIPHER_NONE) { 8463 u32 cipher = wpa_cipher_to_cipher_suite(params->group_suite); 8464 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher); 8465 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 8466 } 8467 8468 if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X || 8469 params->key_mgmt_suite == WPA_KEY_MGMT_PSK || 8470 params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X || 8471 params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK || 8472 params->key_mgmt_suite == WPA_KEY_MGMT_CCKM) { 8473 int mgmt = WLAN_AKM_SUITE_PSK; 8474 8475 switch (params->key_mgmt_suite) { 8476 case WPA_KEY_MGMT_CCKM: 8477 mgmt = WLAN_AKM_SUITE_CCKM; 8478 break; 8479 case WPA_KEY_MGMT_IEEE8021X: 8480 mgmt = WLAN_AKM_SUITE_8021X; 8481 break; 8482 case WPA_KEY_MGMT_FT_IEEE8021X: 8483 mgmt = WLAN_AKM_SUITE_FT_8021X; 8484 break; 8485 case WPA_KEY_MGMT_FT_PSK: 8486 mgmt = WLAN_AKM_SUITE_FT_PSK; 8487 break; 8488 case WPA_KEY_MGMT_PSK: 8489 default: 8490 mgmt = WLAN_AKM_SUITE_PSK; 8491 break; 8492 } 8493 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 8494 } 8495 8496 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 8497 8498 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 8499 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 8500 8501 if (params->disable_ht) 8502 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT); 8503 8504 if (params->htcaps && params->htcaps_mask) { 8505 int sz = sizeof(struct ieee80211_ht_capabilities); 8506 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps); 8507 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz, 8508 params->htcaps_mask); 8509 } 8510 8511#ifdef CONFIG_VHT_OVERRIDES 8512 if (params->disable_vht) { 8513 wpa_printf(MSG_DEBUG, " * VHT disabled"); 8514 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_VHT); 8515 } 8516 8517 if (params->vhtcaps && params->vhtcaps_mask) { 8518 int sz = sizeof(struct ieee80211_vht_capabilities); 8519 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, sz, params->vhtcaps); 8520 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz, 8521 params->vhtcaps_mask); 8522 } 8523#endif /* CONFIG_VHT_OVERRIDES */ 8524 8525 if (params->p2p) 8526 wpa_printf(MSG_DEBUG, " * P2P group"); 8527 8528 return 0; 8529nla_put_failure: 8530 return -1; 8531} 8532 8533 8534static int wpa_driver_nl80211_try_connect( 8535 struct wpa_driver_nl80211_data *drv, 8536 struct wpa_driver_associate_params *params) 8537{ 8538 struct nl_msg *msg; 8539 enum nl80211_auth_type type; 8540 int ret; 8541 int algs; 8542 8543 msg = nlmsg_alloc(); 8544 if (!msg) 8545 return -1; 8546 8547 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 8548 nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT); 8549 8550 ret = nl80211_connect_common(drv, params, msg); 8551 if (ret) 8552 goto nla_put_failure; 8553 8554 algs = 0; 8555 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 8556 algs++; 8557 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 8558 algs++; 8559 if (params->auth_alg & WPA_AUTH_ALG_LEAP) 8560 algs++; 8561 if (algs > 1) { 8562 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " 8563 "selection"); 8564 goto skip_auth_type; 8565 } 8566 8567 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 8568 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 8569 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 8570 type = NL80211_AUTHTYPE_SHARED_KEY; 8571 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 8572 type = NL80211_AUTHTYPE_NETWORK_EAP; 8573 else if (params->auth_alg & WPA_AUTH_ALG_FT) 8574 type = NL80211_AUTHTYPE_FT; 8575 else 8576 goto nla_put_failure; 8577 8578 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 8579 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 8580 8581skip_auth_type: 8582 ret = nl80211_set_conn_keys(params, msg); 8583 if (ret) 8584 goto nla_put_failure; 8585 8586 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8587 msg = NULL; 8588 if (ret) { 8589 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 8590 "(%s)", ret, strerror(-ret)); 8591 goto nla_put_failure; 8592 } 8593 ret = 0; 8594 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 8595 8596nla_put_failure: 8597 nlmsg_free(msg); 8598 return ret; 8599 8600} 8601 8602 8603static int wpa_driver_nl80211_connect( 8604 struct wpa_driver_nl80211_data *drv, 8605 struct wpa_driver_associate_params *params) 8606{ 8607 int ret = wpa_driver_nl80211_try_connect(drv, params); 8608 if (ret == -EALREADY) { 8609 /* 8610 * cfg80211 does not currently accept new connections if 8611 * we are already connected. As a workaround, force 8612 * disconnection and try again. 8613 */ 8614 wpa_printf(MSG_DEBUG, "nl80211: Explicitly " 8615 "disconnecting before reassociation " 8616 "attempt"); 8617 if (wpa_driver_nl80211_disconnect( 8618 drv, WLAN_REASON_PREV_AUTH_NOT_VALID)) 8619 return -1; 8620 ret = wpa_driver_nl80211_try_connect(drv, params); 8621 } 8622 return ret; 8623} 8624 8625 8626static int wpa_driver_nl80211_associate( 8627 void *priv, struct wpa_driver_associate_params *params) 8628{ 8629 struct i802_bss *bss = priv; 8630 struct wpa_driver_nl80211_data *drv = bss->drv; 8631 int ret; 8632 struct nl_msg *msg; 8633 8634 if (params->mode == IEEE80211_MODE_AP) 8635 return wpa_driver_nl80211_ap(drv, params); 8636 8637 if (params->mode == IEEE80211_MODE_IBSS) 8638 return wpa_driver_nl80211_ibss(drv, params); 8639 8640 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 8641 enum nl80211_iftype nlmode = params->p2p ? 8642 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 8643 8644 if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0) 8645 return -1; 8646 return wpa_driver_nl80211_connect(drv, params); 8647 } 8648 8649 nl80211_mark_disconnected(drv); 8650 8651 msg = nlmsg_alloc(); 8652 if (!msg) 8653 return -1; 8654 8655 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 8656 drv->ifindex); 8657 nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE); 8658 8659 ret = nl80211_connect_common(drv, params, msg); 8660 if (ret) 8661 goto nla_put_failure; 8662 8663 if (params->prev_bssid) { 8664 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 8665 MAC2STR(params->prev_bssid)); 8666 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 8667 params->prev_bssid); 8668 } 8669 8670 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8671 msg = NULL; 8672 if (ret) { 8673 wpa_dbg(drv->ctx, MSG_DEBUG, 8674 "nl80211: MLME command failed (assoc): ret=%d (%s)", 8675 ret, strerror(-ret)); 8676 nl80211_dump_scan(drv); 8677 goto nla_put_failure; 8678 } 8679 ret = 0; 8680 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 8681 "successfully"); 8682 8683nla_put_failure: 8684 nlmsg_free(msg); 8685 return ret; 8686} 8687 8688 8689static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 8690 int ifindex, enum nl80211_iftype mode) 8691{ 8692 struct nl_msg *msg; 8693 int ret = -ENOBUFS; 8694 8695 wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)", 8696 ifindex, mode, nl80211_iftype_str(mode)); 8697 8698 msg = nlmsg_alloc(); 8699 if (!msg) 8700 return -ENOMEM; 8701 8702 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE); 8703 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 8704 goto nla_put_failure; 8705 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 8706 8707 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8708 msg = NULL; 8709 if (!ret) 8710 return 0; 8711nla_put_failure: 8712 nlmsg_free(msg); 8713 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 8714 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 8715 return ret; 8716} 8717 8718 8719static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 8720 enum nl80211_iftype nlmode) 8721{ 8722 struct wpa_driver_nl80211_data *drv = bss->drv; 8723 int ret = -1; 8724 int i; 8725 int was_ap = is_ap_interface(drv->nlmode); 8726 int res; 8727 8728 res = nl80211_set_mode(drv, drv->ifindex, nlmode); 8729 if (res && nlmode == nl80211_get_ifmode(bss)) 8730 res = 0; 8731 8732 if (res == 0) { 8733 drv->nlmode = nlmode; 8734 ret = 0; 8735 goto done; 8736 } 8737 8738 if (res == -ENODEV) 8739 return -1; 8740 8741 if (nlmode == drv->nlmode) { 8742 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 8743 "requested mode - ignore error"); 8744 ret = 0; 8745 goto done; /* Already in the requested mode */ 8746 } 8747 8748 /* mac80211 doesn't allow mode changes while the device is up, so 8749 * take the device down, try to set the mode again, and bring the 8750 * device back up. 8751 */ 8752 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting " 8753 "interface down"); 8754 for (i = 0; i < 10; i++) { 8755 res = i802_set_iface_flags(bss, 0); 8756 if (res == -EACCES || res == -ENODEV) 8757 break; 8758 if (res == 0) { 8759 /* Try to set the mode again while the interface is 8760 * down */ 8761 ret = nl80211_set_mode(drv, drv->ifindex, nlmode); 8762 if (ret == -EACCES) 8763 break; 8764 res = i802_set_iface_flags(bss, 1); 8765 if (res && !ret) 8766 ret = -1; 8767 else if (ret != -EBUSY) 8768 break; 8769 } else 8770 wpa_printf(MSG_DEBUG, "nl80211: Failed to set " 8771 "interface down"); 8772 os_sleep(0, 100000); 8773 } 8774 8775 if (!ret) { 8776 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 8777 "interface is down"); 8778 drv->nlmode = nlmode; 8779 drv->ignore_if_down_event = 1; 8780 } 8781 8782done: 8783 if (ret) { 8784 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 8785 "from %d failed", nlmode, drv->nlmode); 8786 return ret; 8787 } 8788 8789 if (is_p2p_net_interface(nlmode)) 8790 nl80211_disable_11b_rates(drv, drv->ifindex, 1); 8791 else if (drv->disabled_11b_rates) 8792 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 8793 8794 if (is_ap_interface(nlmode)) { 8795 nl80211_mgmt_unsubscribe(bss, "start AP"); 8796 /* Setup additional AP mode functionality if needed */ 8797 if (nl80211_setup_ap(bss)) 8798 return -1; 8799 } else if (was_ap) { 8800 /* Remove additional AP mode functionality */ 8801 nl80211_teardown_ap(bss); 8802 } else { 8803 nl80211_mgmt_unsubscribe(bss, "mode change"); 8804 } 8805 8806 if (!bss->in_deinit && !is_ap_interface(nlmode) && 8807 nl80211_mgmt_subscribe_non_ap(bss) < 0) 8808 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 8809 "frame processing - ignore for now"); 8810 8811 return 0; 8812} 8813 8814 8815static int wpa_driver_nl80211_get_capa(void *priv, 8816 struct wpa_driver_capa *capa) 8817{ 8818 struct i802_bss *bss = priv; 8819 struct wpa_driver_nl80211_data *drv = bss->drv; 8820 if (!drv->has_capability) 8821 return -1; 8822 os_memcpy(capa, &drv->capa, sizeof(*capa)); 8823 if (drv->extended_capa && drv->extended_capa_mask) { 8824 capa->extended_capa = drv->extended_capa; 8825 capa->extended_capa_mask = drv->extended_capa_mask; 8826 capa->extended_capa_len = drv->extended_capa_len; 8827 } 8828 8829 if ((capa->flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) && 8830 !drv->allow_p2p_device) { 8831 wpa_printf(MSG_DEBUG, "nl80211: Do not indicate P2P_DEVICE support (p2p_device=1 driver param not specified)"); 8832 capa->flags &= ~WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE; 8833 } 8834 8835 return 0; 8836} 8837 8838 8839static int wpa_driver_nl80211_set_operstate(void *priv, int state) 8840{ 8841 struct i802_bss *bss = priv; 8842 struct wpa_driver_nl80211_data *drv = bss->drv; 8843 8844 wpa_printf(MSG_DEBUG, "nl80211: Set %s operstate %d->%d (%s)", 8845 bss->ifname, drv->operstate, state, 8846 state ? "UP" : "DORMANT"); 8847 drv->operstate = state; 8848 return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1, 8849 state ? IF_OPER_UP : IF_OPER_DORMANT); 8850} 8851 8852 8853static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 8854{ 8855 struct i802_bss *bss = priv; 8856 struct wpa_driver_nl80211_data *drv = bss->drv; 8857 struct nl_msg *msg; 8858 struct nl80211_sta_flag_update upd; 8859 int ret = -ENOBUFS; 8860 8861 if (!drv->associated && is_zero_ether_addr(drv->bssid) && !authorized) { 8862 wpa_printf(MSG_DEBUG, "nl80211: Skip set_supp_port(unauthorized) while not associated"); 8863 return 0; 8864 } 8865 8866 wpa_printf(MSG_DEBUG, "nl80211: Set supplicant port %sauthorized for " 8867 MACSTR, authorized ? "" : "un", MAC2STR(drv->bssid)); 8868 8869 msg = nlmsg_alloc(); 8870 if (!msg) 8871 return -ENOMEM; 8872 8873 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 8874 8875 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 8876 if_nametoindex(bss->ifname)); 8877 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 8878 8879 os_memset(&upd, 0, sizeof(upd)); 8880 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 8881 if (authorized) 8882 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 8883 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 8884 8885 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8886 msg = NULL; 8887 if (!ret) 8888 return 0; 8889 nla_put_failure: 8890 nlmsg_free(msg); 8891 wpa_printf(MSG_DEBUG, "nl80211: Failed to set STA flag: %d (%s)", 8892 ret, strerror(-ret)); 8893 return ret; 8894} 8895 8896 8897/* Set kernel driver on given frequency (MHz) */ 8898static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 8899{ 8900 struct i802_bss *bss = priv; 8901 return wpa_driver_nl80211_set_freq(bss, freq); 8902} 8903 8904 8905static inline int min_int(int a, int b) 8906{ 8907 if (a < b) 8908 return a; 8909 return b; 8910} 8911 8912 8913static int get_key_handler(struct nl_msg *msg, void *arg) 8914{ 8915 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 8916 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 8917 8918 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 8919 genlmsg_attrlen(gnlh, 0), NULL); 8920 8921 /* 8922 * TODO: validate the key index and mac address! 8923 * Otherwise, there's a race condition as soon as 8924 * the kernel starts sending key notifications. 8925 */ 8926 8927 if (tb[NL80211_ATTR_KEY_SEQ]) 8928 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 8929 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 8930 return NL_SKIP; 8931} 8932 8933 8934static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 8935 int idx, u8 *seq) 8936{ 8937 struct i802_bss *bss = priv; 8938 struct wpa_driver_nl80211_data *drv = bss->drv; 8939 struct nl_msg *msg; 8940 8941 msg = nlmsg_alloc(); 8942 if (!msg) 8943 return -ENOMEM; 8944 8945 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY); 8946 8947 if (addr) 8948 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8949 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 8950 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 8951 8952 memset(seq, 0, 6); 8953 8954 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 8955 nla_put_failure: 8956 nlmsg_free(msg); 8957 return -ENOBUFS; 8958} 8959 8960 8961static int i802_set_rts(void *priv, int rts) 8962{ 8963 struct i802_bss *bss = priv; 8964 struct wpa_driver_nl80211_data *drv = bss->drv; 8965 struct nl_msg *msg; 8966 int ret = -ENOBUFS; 8967 u32 val; 8968 8969 msg = nlmsg_alloc(); 8970 if (!msg) 8971 return -ENOMEM; 8972 8973 if (rts >= 2347) 8974 val = (u32) -1; 8975 else 8976 val = rts; 8977 8978 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 8979 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8980 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 8981 8982 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8983 msg = NULL; 8984 if (!ret) 8985 return 0; 8986nla_put_failure: 8987 nlmsg_free(msg); 8988 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 8989 "%d (%s)", rts, ret, strerror(-ret)); 8990 return ret; 8991} 8992 8993 8994static int i802_set_frag(void *priv, int frag) 8995{ 8996 struct i802_bss *bss = priv; 8997 struct wpa_driver_nl80211_data *drv = bss->drv; 8998 struct nl_msg *msg; 8999 int ret = -ENOBUFS; 9000 u32 val; 9001 9002 msg = nlmsg_alloc(); 9003 if (!msg) 9004 return -ENOMEM; 9005 9006 if (frag >= 2346) 9007 val = (u32) -1; 9008 else 9009 val = frag; 9010 9011 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 9012 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 9013 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 9014 9015 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9016 msg = NULL; 9017 if (!ret) 9018 return 0; 9019nla_put_failure: 9020 nlmsg_free(msg); 9021 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 9022 "%d: %d (%s)", frag, ret, strerror(-ret)); 9023 return ret; 9024} 9025 9026 9027static int i802_flush(void *priv) 9028{ 9029 struct i802_bss *bss = priv; 9030 struct wpa_driver_nl80211_data *drv = bss->drv; 9031 struct nl_msg *msg; 9032 int res; 9033 9034 msg = nlmsg_alloc(); 9035 if (!msg) 9036 return -1; 9037 9038 wpa_printf(MSG_DEBUG, "nl80211: flush -> DEL_STATION %s (all)", 9039 bss->ifname); 9040 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 9041 9042 /* 9043 * XXX: FIX! this needs to flush all VLANs too 9044 */ 9045 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9046 if_nametoindex(bss->ifname)); 9047 9048 res = send_and_recv_msgs(drv, msg, NULL, NULL); 9049 if (res) { 9050 wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d " 9051 "(%s)", res, strerror(-res)); 9052 } 9053 return res; 9054 nla_put_failure: 9055 nlmsg_free(msg); 9056 return -ENOBUFS; 9057} 9058 9059 9060static int get_sta_handler(struct nl_msg *msg, void *arg) 9061{ 9062 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9063 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9064 struct hostap_sta_driver_data *data = arg; 9065 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 9066 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 9067 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 9068 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 9069 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 9070 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 9071 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 9072 [NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32 }, 9073 }; 9074 9075 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9076 genlmsg_attrlen(gnlh, 0), NULL); 9077 9078 /* 9079 * TODO: validate the interface and mac address! 9080 * Otherwise, there's a race condition as soon as 9081 * the kernel starts sending station notifications. 9082 */ 9083 9084 if (!tb[NL80211_ATTR_STA_INFO]) { 9085 wpa_printf(MSG_DEBUG, "sta stats missing!"); 9086 return NL_SKIP; 9087 } 9088 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 9089 tb[NL80211_ATTR_STA_INFO], 9090 stats_policy)) { 9091 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 9092 return NL_SKIP; 9093 } 9094 9095 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 9096 data->inactive_msec = 9097 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 9098 if (stats[NL80211_STA_INFO_RX_BYTES]) 9099 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 9100 if (stats[NL80211_STA_INFO_TX_BYTES]) 9101 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 9102 if (stats[NL80211_STA_INFO_RX_PACKETS]) 9103 data->rx_packets = 9104 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 9105 if (stats[NL80211_STA_INFO_TX_PACKETS]) 9106 data->tx_packets = 9107 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 9108 if (stats[NL80211_STA_INFO_TX_FAILED]) 9109 data->tx_retry_failed = 9110 nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]); 9111 9112 return NL_SKIP; 9113} 9114 9115static int i802_read_sta_data(struct i802_bss *bss, 9116 struct hostap_sta_driver_data *data, 9117 const u8 *addr) 9118{ 9119 struct wpa_driver_nl80211_data *drv = bss->drv; 9120 struct nl_msg *msg; 9121 9122 os_memset(data, 0, sizeof(*data)); 9123 msg = nlmsg_alloc(); 9124 if (!msg) 9125 return -ENOMEM; 9126 9127 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 9128 9129 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9130 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 9131 9132 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 9133 nla_put_failure: 9134 nlmsg_free(msg); 9135 return -ENOBUFS; 9136} 9137 9138 9139static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 9140 int cw_min, int cw_max, int burst_time) 9141{ 9142 struct i802_bss *bss = priv; 9143 struct wpa_driver_nl80211_data *drv = bss->drv; 9144 struct nl_msg *msg; 9145 struct nlattr *txq, *params; 9146 9147 msg = nlmsg_alloc(); 9148 if (!msg) 9149 return -1; 9150 9151 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 9152 9153 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 9154 9155 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 9156 if (!txq) 9157 goto nla_put_failure; 9158 9159 /* We are only sending parameters for a single TXQ at a time */ 9160 params = nla_nest_start(msg, 1); 9161 if (!params) 9162 goto nla_put_failure; 9163 9164 switch (queue) { 9165 case 0: 9166 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO); 9167 break; 9168 case 1: 9169 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI); 9170 break; 9171 case 2: 9172 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE); 9173 break; 9174 case 3: 9175 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK); 9176 break; 9177 } 9178 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 9179 * 32 usec, so need to convert the value here. */ 9180 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 9181 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 9182 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 9183 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 9184 9185 nla_nest_end(msg, params); 9186 9187 nla_nest_end(msg, txq); 9188 9189 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 9190 return 0; 9191 msg = NULL; 9192 nla_put_failure: 9193 nlmsg_free(msg); 9194 return -1; 9195} 9196 9197 9198static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr, 9199 const char *ifname, int vlan_id) 9200{ 9201 struct wpa_driver_nl80211_data *drv = bss->drv; 9202 struct nl_msg *msg; 9203 int ret = -ENOBUFS; 9204 9205 msg = nlmsg_alloc(); 9206 if (!msg) 9207 return -ENOMEM; 9208 9209 wpa_printf(MSG_DEBUG, "nl80211: %s[%d]: set_sta_vlan(" MACSTR 9210 ", ifname=%s[%d], vlan_id=%d)", 9211 bss->ifname, if_nametoindex(bss->ifname), 9212 MAC2STR(addr), ifname, if_nametoindex(ifname), vlan_id); 9213 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 9214 9215 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9216 if_nametoindex(bss->ifname)); 9217 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9218 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 9219 if_nametoindex(ifname)); 9220 9221 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9222 msg = NULL; 9223 if (ret < 0) { 9224 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 9225 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 9226 MAC2STR(addr), ifname, vlan_id, ret, 9227 strerror(-ret)); 9228 } 9229 nla_put_failure: 9230 nlmsg_free(msg); 9231 return ret; 9232} 9233 9234 9235static int i802_get_inact_sec(void *priv, const u8 *addr) 9236{ 9237 struct hostap_sta_driver_data data; 9238 int ret; 9239 9240 data.inactive_msec = (unsigned long) -1; 9241 ret = i802_read_sta_data(priv, &data, addr); 9242 if (ret || data.inactive_msec == (unsigned long) -1) 9243 return -1; 9244 return data.inactive_msec / 1000; 9245} 9246 9247 9248static int i802_sta_clear_stats(void *priv, const u8 *addr) 9249{ 9250#if 0 9251 /* TODO */ 9252#endif 9253 return 0; 9254} 9255 9256 9257static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 9258 int reason) 9259{ 9260 struct i802_bss *bss = priv; 9261 struct wpa_driver_nl80211_data *drv = bss->drv; 9262 struct ieee80211_mgmt mgmt; 9263 9264 if (drv->device_ap_sme) 9265 return wpa_driver_nl80211_sta_remove(bss, addr); 9266 9267 memset(&mgmt, 0, sizeof(mgmt)); 9268 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 9269 WLAN_FC_STYPE_DEAUTH); 9270 memcpy(mgmt.da, addr, ETH_ALEN); 9271 memcpy(mgmt.sa, own_addr, ETH_ALEN); 9272 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 9273 mgmt.u.deauth.reason_code = host_to_le16(reason); 9274 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 9275 IEEE80211_HDRLEN + 9276 sizeof(mgmt.u.deauth), 0, 0, 0, 0, 9277 0); 9278} 9279 9280 9281static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 9282 int reason) 9283{ 9284 struct i802_bss *bss = priv; 9285 struct wpa_driver_nl80211_data *drv = bss->drv; 9286 struct ieee80211_mgmt mgmt; 9287 9288 if (drv->device_ap_sme) 9289 return wpa_driver_nl80211_sta_remove(bss, addr); 9290 9291 memset(&mgmt, 0, sizeof(mgmt)); 9292 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 9293 WLAN_FC_STYPE_DISASSOC); 9294 memcpy(mgmt.da, addr, ETH_ALEN); 9295 memcpy(mgmt.sa, own_addr, ETH_ALEN); 9296 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 9297 mgmt.u.disassoc.reason_code = host_to_le16(reason); 9298 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 9299 IEEE80211_HDRLEN + 9300 sizeof(mgmt.u.disassoc), 0, 0, 0, 0, 9301 0); 9302} 9303 9304 9305static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9306{ 9307 int i; 9308 int *old; 9309 9310 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 9311 ifidx); 9312 for (i = 0; i < drv->num_if_indices; i++) { 9313 if (drv->if_indices[i] == 0) { 9314 drv->if_indices[i] = ifidx; 9315 return; 9316 } 9317 } 9318 9319 if (drv->if_indices != drv->default_if_indices) 9320 old = drv->if_indices; 9321 else 9322 old = NULL; 9323 9324 drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1, 9325 sizeof(int)); 9326 if (!drv->if_indices) { 9327 if (!old) 9328 drv->if_indices = drv->default_if_indices; 9329 else 9330 drv->if_indices = old; 9331 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 9332 "interfaces"); 9333 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 9334 return; 9335 } else if (!old) 9336 os_memcpy(drv->if_indices, drv->default_if_indices, 9337 sizeof(drv->default_if_indices)); 9338 drv->if_indices[drv->num_if_indices] = ifidx; 9339 drv->num_if_indices++; 9340} 9341 9342 9343static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9344{ 9345 int i; 9346 9347 for (i = 0; i < drv->num_if_indices; i++) { 9348 if (drv->if_indices[i] == ifidx) { 9349 drv->if_indices[i] = 0; 9350 break; 9351 } 9352 } 9353} 9354 9355 9356static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9357{ 9358 int i; 9359 9360 for (i = 0; i < drv->num_if_indices; i++) 9361 if (drv->if_indices[i] == ifidx) 9362 return 1; 9363 9364 return 0; 9365} 9366 9367 9368static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, 9369 const char *bridge_ifname, char *ifname_wds) 9370{ 9371 struct i802_bss *bss = priv; 9372 struct wpa_driver_nl80211_data *drv = bss->drv; 9373 char name[IFNAMSIZ + 1]; 9374 9375 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 9376 if (ifname_wds) 9377 os_strlcpy(ifname_wds, name, IFNAMSIZ + 1); 9378 9379 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 9380 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 9381 if (val) { 9382 if (!if_nametoindex(name)) { 9383 if (nl80211_create_iface(drv, name, 9384 NL80211_IFTYPE_AP_VLAN, 9385 bss->addr, 1, NULL, NULL, 0) < 9386 0) 9387 return -1; 9388 if (bridge_ifname && 9389 linux_br_add_if(drv->global->ioctl_sock, 9390 bridge_ifname, name) < 0) 9391 return -1; 9392 } 9393 if (linux_set_iface_flags(drv->global->ioctl_sock, name, 1)) { 9394 wpa_printf(MSG_ERROR, "nl80211: Failed to set WDS STA " 9395 "interface %s up", name); 9396 } 9397 return i802_set_sta_vlan(priv, addr, name, 0); 9398 } else { 9399 if (bridge_ifname) 9400 linux_br_del_if(drv->global->ioctl_sock, bridge_ifname, 9401 name); 9402 9403 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 9404 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN, 9405 name); 9406 } 9407} 9408 9409 9410static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 9411{ 9412 struct wpa_driver_nl80211_data *drv = eloop_ctx; 9413 struct sockaddr_ll lladdr; 9414 unsigned char buf[3000]; 9415 int len; 9416 socklen_t fromlen = sizeof(lladdr); 9417 9418 len = recvfrom(sock, buf, sizeof(buf), 0, 9419 (struct sockaddr *)&lladdr, &fromlen); 9420 if (len < 0) { 9421 wpa_printf(MSG_ERROR, "nl80211: EAPOL recv failed: %s", 9422 strerror(errno)); 9423 return; 9424 } 9425 9426 if (have_ifidx(drv, lladdr.sll_ifindex)) 9427 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 9428} 9429 9430 9431static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 9432 struct i802_bss *bss, 9433 const char *brname, const char *ifname) 9434{ 9435 int ifindex; 9436 char in_br[IFNAMSIZ]; 9437 9438 os_strlcpy(bss->brname, brname, IFNAMSIZ); 9439 ifindex = if_nametoindex(brname); 9440 if (ifindex == 0) { 9441 /* 9442 * Bridge was configured, but the bridge device does 9443 * not exist. Try to add it now. 9444 */ 9445 if (linux_br_add(drv->global->ioctl_sock, brname) < 0) { 9446 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 9447 "bridge interface %s: %s", 9448 brname, strerror(errno)); 9449 return -1; 9450 } 9451 bss->added_bridge = 1; 9452 add_ifidx(drv, if_nametoindex(brname)); 9453 } 9454 9455 if (linux_br_get(in_br, ifname) == 0) { 9456 if (os_strcmp(in_br, brname) == 0) 9457 return 0; /* already in the bridge */ 9458 9459 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 9460 "bridge %s", ifname, in_br); 9461 if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) < 9462 0) { 9463 wpa_printf(MSG_ERROR, "nl80211: Failed to " 9464 "remove interface %s from bridge " 9465 "%s: %s", 9466 ifname, brname, strerror(errno)); 9467 return -1; 9468 } 9469 } 9470 9471 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 9472 ifname, brname); 9473 if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) { 9474 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 9475 "into bridge %s: %s", 9476 ifname, brname, strerror(errno)); 9477 return -1; 9478 } 9479 bss->added_if_into_bridge = 1; 9480 9481 return 0; 9482} 9483 9484 9485static void *i802_init(struct hostapd_data *hapd, 9486 struct wpa_init_params *params) 9487{ 9488 struct wpa_driver_nl80211_data *drv; 9489 struct i802_bss *bss; 9490 size_t i; 9491 char brname[IFNAMSIZ]; 9492 int ifindex, br_ifindex; 9493 int br_added = 0; 9494 9495 bss = wpa_driver_nl80211_drv_init(hapd, params->ifname, 9496 params->global_priv, 1, 9497 params->bssid); 9498 if (bss == NULL) 9499 return NULL; 9500 9501 drv = bss->drv; 9502 9503 if (linux_br_get(brname, params->ifname) == 0) { 9504 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 9505 params->ifname, brname); 9506 br_ifindex = if_nametoindex(brname); 9507 } else { 9508 brname[0] = '\0'; 9509 br_ifindex = 0; 9510 } 9511 9512 for (i = 0; i < params->num_bridge; i++) { 9513 if (params->bridge[i]) { 9514 ifindex = if_nametoindex(params->bridge[i]); 9515 if (ifindex) 9516 add_ifidx(drv, ifindex); 9517 if (ifindex == br_ifindex) 9518 br_added = 1; 9519 } 9520 } 9521 if (!br_added && br_ifindex && 9522 (params->num_bridge == 0 || !params->bridge[0])) 9523 add_ifidx(drv, br_ifindex); 9524 9525 /* start listening for EAPOL on the default AP interface */ 9526 add_ifidx(drv, drv->ifindex); 9527 9528 if (params->num_bridge && params->bridge[0] && 9529 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0) 9530 goto failed; 9531 9532 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 9533 if (drv->eapol_sock < 0) { 9534 wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s", 9535 strerror(errno)); 9536 goto failed; 9537 } 9538 9539 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 9540 { 9541 wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol"); 9542 goto failed; 9543 } 9544 9545 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 9546 params->own_addr)) 9547 goto failed; 9548 9549 memcpy(bss->addr, params->own_addr, ETH_ALEN); 9550 9551 return bss; 9552 9553failed: 9554 wpa_driver_nl80211_deinit(bss); 9555 return NULL; 9556} 9557 9558 9559static void i802_deinit(void *priv) 9560{ 9561 struct i802_bss *bss = priv; 9562 wpa_driver_nl80211_deinit(bss); 9563} 9564 9565 9566static enum nl80211_iftype wpa_driver_nl80211_if_type( 9567 enum wpa_driver_if_type type) 9568{ 9569 switch (type) { 9570 case WPA_IF_STATION: 9571 return NL80211_IFTYPE_STATION; 9572 case WPA_IF_P2P_CLIENT: 9573 case WPA_IF_P2P_GROUP: 9574 return NL80211_IFTYPE_P2P_CLIENT; 9575 case WPA_IF_AP_VLAN: 9576 return NL80211_IFTYPE_AP_VLAN; 9577 case WPA_IF_AP_BSS: 9578 return NL80211_IFTYPE_AP; 9579 case WPA_IF_P2P_GO: 9580 return NL80211_IFTYPE_P2P_GO; 9581 case WPA_IF_P2P_DEVICE: 9582 return NL80211_IFTYPE_P2P_DEVICE; 9583 } 9584 return -1; 9585} 9586 9587 9588#ifdef CONFIG_P2P 9589 9590static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr) 9591{ 9592 struct wpa_driver_nl80211_data *drv; 9593 dl_list_for_each(drv, &global->interfaces, 9594 struct wpa_driver_nl80211_data, list) { 9595 if (os_memcmp(addr, drv->first_bss->addr, ETH_ALEN) == 0) 9596 return 1; 9597 } 9598 return 0; 9599} 9600 9601 9602static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv, 9603 u8 *new_addr) 9604{ 9605 unsigned int idx; 9606 9607 if (!drv->global) 9608 return -1; 9609 9610 os_memcpy(new_addr, drv->first_bss->addr, ETH_ALEN); 9611 for (idx = 0; idx < 64; idx++) { 9612 new_addr[0] = drv->first_bss->addr[0] | 0x02; 9613 new_addr[0] ^= idx << 2; 9614 if (!nl80211_addr_in_use(drv->global, new_addr)) 9615 break; 9616 } 9617 if (idx == 64) 9618 return -1; 9619 9620 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address " 9621 MACSTR, MAC2STR(new_addr)); 9622 9623 return 0; 9624} 9625 9626#endif /* CONFIG_P2P */ 9627 9628 9629struct wdev_info { 9630 u64 wdev_id; 9631 int wdev_id_set; 9632 u8 macaddr[ETH_ALEN]; 9633}; 9634 9635static int nl80211_wdev_handler(struct nl_msg *msg, void *arg) 9636{ 9637 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9638 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9639 struct wdev_info *wi = arg; 9640 9641 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9642 genlmsg_attrlen(gnlh, 0), NULL); 9643 if (tb[NL80211_ATTR_WDEV]) { 9644 wi->wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 9645 wi->wdev_id_set = 1; 9646 } 9647 9648 if (tb[NL80211_ATTR_MAC]) 9649 os_memcpy(wi->macaddr, nla_data(tb[NL80211_ATTR_MAC]), 9650 ETH_ALEN); 9651 9652 return NL_SKIP; 9653} 9654 9655 9656static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 9657 const char *ifname, const u8 *addr, 9658 void *bss_ctx, void **drv_priv, 9659 char *force_ifname, u8 *if_addr, 9660 const char *bridge, int use_existing) 9661{ 9662 enum nl80211_iftype nlmode; 9663 struct i802_bss *bss = priv; 9664 struct wpa_driver_nl80211_data *drv = bss->drv; 9665 int ifidx; 9666 int added = 1; 9667 9668 if (addr) 9669 os_memcpy(if_addr, addr, ETH_ALEN); 9670 nlmode = wpa_driver_nl80211_if_type(type); 9671 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) { 9672 struct wdev_info p2pdev_info; 9673 9674 os_memset(&p2pdev_info, 0, sizeof(p2pdev_info)); 9675 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr, 9676 0, nl80211_wdev_handler, 9677 &p2pdev_info, use_existing); 9678 if (!p2pdev_info.wdev_id_set || ifidx != 0) { 9679 wpa_printf(MSG_ERROR, "nl80211: Failed to create a P2P Device interface %s", 9680 ifname); 9681 return -1; 9682 } 9683 9684 drv->global->if_add_wdevid = p2pdev_info.wdev_id; 9685 drv->global->if_add_wdevid_set = p2pdev_info.wdev_id_set; 9686 if (!is_zero_ether_addr(p2pdev_info.macaddr)) 9687 os_memcpy(if_addr, p2pdev_info.macaddr, ETH_ALEN); 9688 wpa_printf(MSG_DEBUG, "nl80211: New P2P Device interface %s (0x%llx) created", 9689 ifname, 9690 (long long unsigned int) p2pdev_info.wdev_id); 9691 } else { 9692 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr, 9693 0, NULL, NULL, use_existing); 9694 if (use_existing && ifidx == -ENFILE) { 9695 added = 0; 9696 ifidx = if_nametoindex(ifname); 9697 } else if (ifidx < 0) { 9698 return -1; 9699 } 9700 } 9701 9702 if (!addr) { 9703 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) 9704 os_memcpy(if_addr, bss->addr, ETH_ALEN); 9705 else if (linux_get_ifhwaddr(drv->global->ioctl_sock, 9706 bss->ifname, if_addr) < 0) { 9707 if (added) 9708 nl80211_remove_iface(drv, ifidx); 9709 return -1; 9710 } 9711 } 9712 9713#ifdef CONFIG_P2P 9714 if (!addr && 9715 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP || 9716 type == WPA_IF_P2P_GO)) { 9717 /* Enforce unique P2P Interface Address */ 9718 u8 new_addr[ETH_ALEN]; 9719 9720 if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname, 9721 new_addr) < 0) { 9722 nl80211_remove_iface(drv, ifidx); 9723 return -1; 9724 } 9725 if (nl80211_addr_in_use(drv->global, new_addr)) { 9726 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address " 9727 "for P2P group interface"); 9728 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) { 9729 nl80211_remove_iface(drv, ifidx); 9730 return -1; 9731 } 9732 if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 9733 new_addr) < 0) { 9734 nl80211_remove_iface(drv, ifidx); 9735 return -1; 9736 } 9737 } 9738 os_memcpy(if_addr, new_addr, ETH_ALEN); 9739 } 9740#endif /* CONFIG_P2P */ 9741 9742 if (type == WPA_IF_AP_BSS) { 9743 struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss)); 9744 if (new_bss == NULL) { 9745 if (added) 9746 nl80211_remove_iface(drv, ifidx); 9747 return -1; 9748 } 9749 9750 if (bridge && 9751 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) { 9752 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new " 9753 "interface %s to a bridge %s", 9754 ifname, bridge); 9755 if (added) 9756 nl80211_remove_iface(drv, ifidx); 9757 os_free(new_bss); 9758 return -1; 9759 } 9760 9761 if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1)) 9762 { 9763 nl80211_remove_iface(drv, ifidx); 9764 os_free(new_bss); 9765 return -1; 9766 } 9767 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 9768 os_memcpy(new_bss->addr, if_addr, ETH_ALEN); 9769 new_bss->ifindex = ifidx; 9770 new_bss->drv = drv; 9771 new_bss->next = drv->first_bss->next; 9772 new_bss->freq = drv->first_bss->freq; 9773 new_bss->ctx = bss_ctx; 9774 new_bss->added_if = added; 9775 drv->first_bss->next = new_bss; 9776 if (drv_priv) 9777 *drv_priv = new_bss; 9778 nl80211_init_bss(new_bss); 9779 9780 /* Subscribe management frames for this WPA_IF_AP_BSS */ 9781 if (nl80211_setup_ap(new_bss)) 9782 return -1; 9783 } 9784 9785 if (drv->global) 9786 drv->global->if_add_ifindex = ifidx; 9787 9788 return 0; 9789} 9790 9791 9792static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, 9793 enum wpa_driver_if_type type, 9794 const char *ifname) 9795{ 9796 struct wpa_driver_nl80211_data *drv = bss->drv; 9797 int ifindex = if_nametoindex(ifname); 9798 9799 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d added_if=%d", 9800 __func__, type, ifname, ifindex, bss->added_if); 9801 if (ifindex > 0 && (bss->added_if || bss->ifindex != ifindex)) 9802 nl80211_remove_iface(drv, ifindex); 9803 9804 if (type != WPA_IF_AP_BSS) 9805 return 0; 9806 9807 if (bss->added_if_into_bridge) { 9808 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 9809 bss->ifname) < 0) 9810 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 9811 "interface %s from bridge %s: %s", 9812 bss->ifname, bss->brname, strerror(errno)); 9813 } 9814 if (bss->added_bridge) { 9815 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 9816 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 9817 "bridge %s: %s", 9818 bss->brname, strerror(errno)); 9819 } 9820 9821 if (bss != drv->first_bss) { 9822 struct i802_bss *tbss; 9823 9824 wpa_printf(MSG_DEBUG, "nl80211: Not the first BSS - remove it"); 9825 for (tbss = drv->first_bss; tbss; tbss = tbss->next) { 9826 if (tbss->next == bss) { 9827 tbss->next = bss->next; 9828 /* Unsubscribe management frames */ 9829 nl80211_teardown_ap(bss); 9830 nl80211_destroy_bss(bss); 9831 os_free(bss); 9832 bss = NULL; 9833 break; 9834 } 9835 } 9836 if (bss) 9837 wpa_printf(MSG_INFO, "nl80211: %s - could not find " 9838 "BSS %p in the list", __func__, bss); 9839 } else { 9840 wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); 9841 nl80211_teardown_ap(bss); 9842 if (!bss->added_if && !drv->first_bss->next) 9843 wpa_driver_nl80211_del_beacon(drv); 9844 nl80211_destroy_bss(bss); 9845 if (!bss->added_if) 9846 i802_set_iface_flags(bss, 0); 9847 if (drv->first_bss->next) { 9848 drv->first_bss = drv->first_bss->next; 9849 drv->ctx = drv->first_bss->ctx; 9850 os_free(bss); 9851 } else { 9852 wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to"); 9853 } 9854 } 9855 9856 return 0; 9857} 9858 9859 9860static int cookie_handler(struct nl_msg *msg, void *arg) 9861{ 9862 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9863 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9864 u64 *cookie = arg; 9865 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9866 genlmsg_attrlen(gnlh, 0), NULL); 9867 if (tb[NL80211_ATTR_COOKIE]) 9868 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 9869 return NL_SKIP; 9870} 9871 9872 9873static int nl80211_send_frame_cmd(struct i802_bss *bss, 9874 unsigned int freq, unsigned int wait, 9875 const u8 *buf, size_t buf_len, 9876 u64 *cookie_out, int no_cck, int no_ack, 9877 int offchanok) 9878{ 9879 struct wpa_driver_nl80211_data *drv = bss->drv; 9880 struct nl_msg *msg; 9881 u64 cookie; 9882 int ret = -1; 9883 9884 msg = nlmsg_alloc(); 9885 if (!msg) 9886 return -1; 9887 9888 wpa_printf(MSG_MSGDUMP, "nl80211: CMD_FRAME freq=%u wait=%u no_cck=%d " 9889 "no_ack=%d offchanok=%d", 9890 freq, wait, no_cck, no_ack, offchanok); 9891 wpa_hexdump(MSG_MSGDUMP, "CMD_FRAME", buf, buf_len); 9892 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME); 9893 9894 if (nl80211_set_iface_id(msg, bss) < 0) 9895 goto nla_put_failure; 9896 if (freq) 9897 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 9898 if (wait) 9899 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait); 9900 if (offchanok && (drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX)) 9901 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 9902 if (no_cck) 9903 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 9904 if (no_ack) 9905 NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK); 9906 9907 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf); 9908 9909 cookie = 0; 9910 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 9911 msg = NULL; 9912 if (ret) { 9913 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d " 9914 "(%s) (freq=%u wait=%u)", ret, strerror(-ret), 9915 freq, wait); 9916 goto nla_put_failure; 9917 } 9918 wpa_printf(MSG_MSGDUMP, "nl80211: Frame TX command accepted%s; " 9919 "cookie 0x%llx", no_ack ? " (no ACK)" : "", 9920 (long long unsigned int) cookie); 9921 9922 if (cookie_out) 9923 *cookie_out = no_ack ? (u64) -1 : cookie; 9924 9925nla_put_failure: 9926 nlmsg_free(msg); 9927 return ret; 9928} 9929 9930 9931static int wpa_driver_nl80211_send_action(struct i802_bss *bss, 9932 unsigned int freq, 9933 unsigned int wait_time, 9934 const u8 *dst, const u8 *src, 9935 const u8 *bssid, 9936 const u8 *data, size_t data_len, 9937 int no_cck) 9938{ 9939 struct wpa_driver_nl80211_data *drv = bss->drv; 9940 int ret = -1; 9941 u8 *buf; 9942 struct ieee80211_hdr *hdr; 9943 9944 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, " 9945 "freq=%u MHz wait=%d ms no_cck=%d)", 9946 drv->ifindex, freq, wait_time, no_cck); 9947 9948 buf = os_zalloc(24 + data_len); 9949 if (buf == NULL) 9950 return ret; 9951 os_memcpy(buf + 24, data, data_len); 9952 hdr = (struct ieee80211_hdr *) buf; 9953 hdr->frame_control = 9954 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 9955 os_memcpy(hdr->addr1, dst, ETH_ALEN); 9956 os_memcpy(hdr->addr2, src, ETH_ALEN); 9957 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 9958 9959 if (is_ap_interface(drv->nlmode) && 9960 (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) || 9961 (int) freq == bss->freq || drv->device_ap_sme || 9962 !drv->use_monitor)) 9963 ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len, 9964 0, freq, no_cck, 1, 9965 wait_time); 9966 else 9967 ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf, 9968 24 + data_len, 9969 &drv->send_action_cookie, 9970 no_cck, 0, 1); 9971 9972 os_free(buf); 9973 return ret; 9974} 9975 9976 9977static void wpa_driver_nl80211_send_action_cancel_wait(void *priv) 9978{ 9979 struct i802_bss *bss = priv; 9980 struct wpa_driver_nl80211_data *drv = bss->drv; 9981 struct nl_msg *msg; 9982 int ret; 9983 9984 msg = nlmsg_alloc(); 9985 if (!msg) 9986 return; 9987 9988 wpa_printf(MSG_DEBUG, "nl80211: Cancel TX frame wait: cookie=0x%llx", 9989 (long long unsigned int) drv->send_action_cookie); 9990 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL); 9991 9992 if (nl80211_set_iface_id(msg, bss) < 0) 9993 goto nla_put_failure; 9994 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie); 9995 9996 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9997 msg = NULL; 9998 if (ret) 9999 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d " 10000 "(%s)", ret, strerror(-ret)); 10001 10002 nla_put_failure: 10003 nlmsg_free(msg); 10004} 10005 10006 10007static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 10008 unsigned int duration) 10009{ 10010 struct i802_bss *bss = priv; 10011 struct wpa_driver_nl80211_data *drv = bss->drv; 10012 struct nl_msg *msg; 10013 int ret; 10014 u64 cookie; 10015 10016 msg = nlmsg_alloc(); 10017 if (!msg) 10018 return -1; 10019 10020 nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL); 10021 10022 if (nl80211_set_iface_id(msg, bss) < 0) 10023 goto nla_put_failure; 10024 10025 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 10026 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 10027 10028 cookie = 0; 10029 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 10030 msg = NULL; 10031 if (ret == 0) { 10032 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 10033 "0x%llx for freq=%u MHz duration=%u", 10034 (long long unsigned int) cookie, freq, duration); 10035 drv->remain_on_chan_cookie = cookie; 10036 drv->pending_remain_on_chan = 1; 10037 return 0; 10038 } 10039 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 10040 "(freq=%d duration=%u): %d (%s)", 10041 freq, duration, ret, strerror(-ret)); 10042nla_put_failure: 10043 nlmsg_free(msg); 10044 return -1; 10045} 10046 10047 10048static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 10049{ 10050 struct i802_bss *bss = priv; 10051 struct wpa_driver_nl80211_data *drv = bss->drv; 10052 struct nl_msg *msg; 10053 int ret; 10054 10055 if (!drv->pending_remain_on_chan) { 10056 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 10057 "to cancel"); 10058 return -1; 10059 } 10060 10061 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 10062 "0x%llx", 10063 (long long unsigned int) drv->remain_on_chan_cookie); 10064 10065 msg = nlmsg_alloc(); 10066 if (!msg) 10067 return -1; 10068 10069 nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL); 10070 10071 if (nl80211_set_iface_id(msg, bss) < 0) 10072 goto nla_put_failure; 10073 10074 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 10075 10076 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10077 msg = NULL; 10078 if (ret == 0) 10079 return 0; 10080 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 10081 "%d (%s)", ret, strerror(-ret)); 10082nla_put_failure: 10083 nlmsg_free(msg); 10084 return -1; 10085} 10086 10087 10088static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, int report) 10089{ 10090 struct wpa_driver_nl80211_data *drv = bss->drv; 10091 10092 if (!report) { 10093 if (bss->nl_preq && drv->device_ap_sme && 10094 is_ap_interface(drv->nlmode)) { 10095 /* 10096 * Do not disable Probe Request reporting that was 10097 * enabled in nl80211_setup_ap(). 10098 */ 10099 wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of " 10100 "Probe Request reporting nl_preq=%p while " 10101 "in AP mode", bss->nl_preq); 10102 } else if (bss->nl_preq) { 10103 wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request " 10104 "reporting nl_preq=%p", bss->nl_preq); 10105 nl80211_destroy_eloop_handle(&bss->nl_preq); 10106 } 10107 return 0; 10108 } 10109 10110 if (bss->nl_preq) { 10111 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting " 10112 "already on! nl_preq=%p", bss->nl_preq); 10113 return 0; 10114 } 10115 10116 bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq"); 10117 if (bss->nl_preq == NULL) 10118 return -1; 10119 wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request " 10120 "reporting nl_preq=%p", bss->nl_preq); 10121 10122 if (nl80211_register_frame(bss, bss->nl_preq, 10123 (WLAN_FC_TYPE_MGMT << 2) | 10124 (WLAN_FC_STYPE_PROBE_REQ << 4), 10125 NULL, 0) < 0) 10126 goto out_err; 10127 10128 nl80211_register_eloop_read(&bss->nl_preq, 10129 wpa_driver_nl80211_event_receive, 10130 bss->nl_cb); 10131 10132 return 0; 10133 10134 out_err: 10135 nl_destroy_handles(&bss->nl_preq); 10136 return -1; 10137} 10138 10139 10140static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 10141 int ifindex, int disabled) 10142{ 10143 struct nl_msg *msg; 10144 struct nlattr *bands, *band; 10145 int ret; 10146 10147 msg = nlmsg_alloc(); 10148 if (!msg) 10149 return -1; 10150 10151 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK); 10152 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 10153 10154 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 10155 if (!bands) 10156 goto nla_put_failure; 10157 10158 /* 10159 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 10160 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 10161 * rates. All 5 GHz rates are left enabled. 10162 */ 10163 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 10164 if (!band) 10165 goto nla_put_failure; 10166 if (disabled) { 10167 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 10168 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 10169 } 10170 nla_nest_end(msg, band); 10171 10172 nla_nest_end(msg, bands); 10173 10174 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10175 msg = NULL; 10176 if (ret) { 10177 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 10178 "(%s)", ret, strerror(-ret)); 10179 } else 10180 drv->disabled_11b_rates = disabled; 10181 10182 return ret; 10183 10184nla_put_failure: 10185 nlmsg_free(msg); 10186 return -1; 10187} 10188 10189 10190static int wpa_driver_nl80211_deinit_ap(void *priv) 10191{ 10192 struct i802_bss *bss = priv; 10193 struct wpa_driver_nl80211_data *drv = bss->drv; 10194 if (!is_ap_interface(drv->nlmode)) 10195 return -1; 10196 wpa_driver_nl80211_del_beacon(drv); 10197 10198 /* 10199 * If the P2P GO interface was dynamically added, then it is 10200 * possible that the interface change to station is not possible. 10201 */ 10202 if (drv->nlmode == NL80211_IFTYPE_P2P_GO && bss->if_dynamic) 10203 return 0; 10204 10205 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 10206} 10207 10208 10209static int wpa_driver_nl80211_stop_ap(void *priv) 10210{ 10211 struct i802_bss *bss = priv; 10212 struct wpa_driver_nl80211_data *drv = bss->drv; 10213 if (!is_ap_interface(drv->nlmode)) 10214 return -1; 10215 wpa_driver_nl80211_del_beacon(drv); 10216 bss->beacon_set = 0; 10217 return 0; 10218} 10219 10220 10221static int wpa_driver_nl80211_deinit_p2p_cli(void *priv) 10222{ 10223 struct i802_bss *bss = priv; 10224 struct wpa_driver_nl80211_data *drv = bss->drv; 10225 if (drv->nlmode != NL80211_IFTYPE_P2P_CLIENT) 10226 return -1; 10227 10228 /* 10229 * If the P2P Client interface was dynamically added, then it is 10230 * possible that the interface change to station is not possible. 10231 */ 10232 if (bss->if_dynamic) 10233 return 0; 10234 10235 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 10236} 10237 10238 10239static void wpa_driver_nl80211_resume(void *priv) 10240{ 10241 struct i802_bss *bss = priv; 10242 10243 if (i802_set_iface_flags(bss, 1)) 10244 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event"); 10245} 10246 10247 10248static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 10249 const u8 *ies, size_t ies_len) 10250{ 10251 struct i802_bss *bss = priv; 10252 struct wpa_driver_nl80211_data *drv = bss->drv; 10253 int ret; 10254 u8 *data, *pos; 10255 size_t data_len; 10256 const u8 *own_addr = bss->addr; 10257 10258 if (action != 1) { 10259 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 10260 "action %d", action); 10261 return -1; 10262 } 10263 10264 /* 10265 * Action frame payload: 10266 * Category[1] = 6 (Fast BSS Transition) 10267 * Action[1] = 1 (Fast BSS Transition Request) 10268 * STA Address 10269 * Target AP Address 10270 * FT IEs 10271 */ 10272 10273 data_len = 2 + 2 * ETH_ALEN + ies_len; 10274 data = os_malloc(data_len); 10275 if (data == NULL) 10276 return -1; 10277 pos = data; 10278 *pos++ = 0x06; /* FT Action category */ 10279 *pos++ = action; 10280 os_memcpy(pos, own_addr, ETH_ALEN); 10281 pos += ETH_ALEN; 10282 os_memcpy(pos, target_ap, ETH_ALEN); 10283 pos += ETH_ALEN; 10284 os_memcpy(pos, ies, ies_len); 10285 10286 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0, 10287 drv->bssid, own_addr, drv->bssid, 10288 data, data_len, 0); 10289 os_free(data); 10290 10291 return ret; 10292} 10293 10294 10295static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 10296{ 10297 struct i802_bss *bss = priv; 10298 struct wpa_driver_nl80211_data *drv = bss->drv; 10299 struct nl_msg *msg; 10300 struct nlattr *cqm; 10301 int ret = -1; 10302 10303 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 10304 "hysteresis=%d", threshold, hysteresis); 10305 10306 msg = nlmsg_alloc(); 10307 if (!msg) 10308 return -1; 10309 10310 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM); 10311 10312 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10313 10314 cqm = nla_nest_start(msg, NL80211_ATTR_CQM); 10315 if (cqm == NULL) 10316 goto nla_put_failure; 10317 10318 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 10319 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 10320 nla_nest_end(msg, cqm); 10321 10322 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10323 msg = NULL; 10324 10325nla_put_failure: 10326 nlmsg_free(msg); 10327 return ret; 10328} 10329 10330 10331static int get_channel_width(struct nl_msg *msg, void *arg) 10332{ 10333 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10334 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10335 struct wpa_signal_info *sig_change = arg; 10336 10337 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10338 genlmsg_attrlen(gnlh, 0), NULL); 10339 10340 sig_change->center_frq1 = -1; 10341 sig_change->center_frq2 = -1; 10342 sig_change->chanwidth = CHAN_WIDTH_UNKNOWN; 10343 10344 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) { 10345 sig_change->chanwidth = convert2width( 10346 nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH])); 10347 if (tb[NL80211_ATTR_CENTER_FREQ1]) 10348 sig_change->center_frq1 = 10349 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 10350 if (tb[NL80211_ATTR_CENTER_FREQ2]) 10351 sig_change->center_frq2 = 10352 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 10353 } 10354 10355 return NL_SKIP; 10356} 10357 10358 10359static int nl80211_get_channel_width(struct wpa_driver_nl80211_data *drv, 10360 struct wpa_signal_info *sig) 10361{ 10362 struct nl_msg *msg; 10363 10364 msg = nlmsg_alloc(); 10365 if (!msg) 10366 return -ENOMEM; 10367 10368 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_INTERFACE); 10369 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10370 10371 return send_and_recv_msgs(drv, msg, get_channel_width, sig); 10372 10373nla_put_failure: 10374 nlmsg_free(msg); 10375 return -ENOBUFS; 10376} 10377 10378 10379static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si) 10380{ 10381 struct i802_bss *bss = priv; 10382 struct wpa_driver_nl80211_data *drv = bss->drv; 10383 int res; 10384 10385 os_memset(si, 0, sizeof(*si)); 10386 res = nl80211_get_link_signal(drv, si); 10387 if (res != 0) 10388 return res; 10389 10390 res = nl80211_get_channel_width(drv, si); 10391 if (res != 0) 10392 return res; 10393 10394 return nl80211_get_link_noise(drv, si); 10395} 10396 10397 10398static int wpa_driver_nl80211_shared_freq(void *priv) 10399{ 10400 struct i802_bss *bss = priv; 10401 struct wpa_driver_nl80211_data *drv = bss->drv; 10402 struct wpa_driver_nl80211_data *driver; 10403 int freq = 0; 10404 10405 /* 10406 * If the same PHY is in connected state with some other interface, 10407 * then retrieve the assoc freq. 10408 */ 10409 wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s", 10410 drv->phyname); 10411 10412 dl_list_for_each(driver, &drv->global->interfaces, 10413 struct wpa_driver_nl80211_data, list) { 10414 if (drv == driver || 10415 os_strcmp(drv->phyname, driver->phyname) != 0 || 10416 !driver->associated) 10417 continue; 10418 10419 wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s " 10420 MACSTR, 10421 driver->phyname, driver->first_bss->ifname, 10422 MAC2STR(driver->first_bss->addr)); 10423 if (is_ap_interface(driver->nlmode)) 10424 freq = driver->first_bss->freq; 10425 else 10426 freq = nl80211_get_assoc_freq(driver); 10427 wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d", 10428 drv->phyname, freq); 10429 } 10430 10431 if (!freq) 10432 wpa_printf(MSG_DEBUG, "nl80211: No shared interface for " 10433 "PHY (%s) in associated state", drv->phyname); 10434 10435 return freq; 10436} 10437 10438 10439static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 10440 int encrypt) 10441{ 10442 struct i802_bss *bss = priv; 10443 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0, 10444 0, 0, 0, 0); 10445} 10446 10447 10448static int nl80211_set_param(void *priv, const char *param) 10449{ 10450 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param); 10451 if (param == NULL) 10452 return 0; 10453 10454#ifdef CONFIG_P2P 10455 if (os_strstr(param, "use_p2p_group_interface=1")) { 10456 struct i802_bss *bss = priv; 10457 struct wpa_driver_nl80211_data *drv = bss->drv; 10458 10459 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 10460 "interface"); 10461 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 10462 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 10463 } 10464 10465 if (os_strstr(param, "p2p_device=1")) { 10466 struct i802_bss *bss = priv; 10467 struct wpa_driver_nl80211_data *drv = bss->drv; 10468 drv->allow_p2p_device = 1; 10469 } 10470#endif /* CONFIG_P2P */ 10471 10472 if (os_strstr(param, "use_monitor=1")) { 10473 struct i802_bss *bss = priv; 10474 struct wpa_driver_nl80211_data *drv = bss->drv; 10475 drv->use_monitor = 1; 10476 } 10477 10478 if (os_strstr(param, "force_connect_cmd=1")) { 10479 struct i802_bss *bss = priv; 10480 struct wpa_driver_nl80211_data *drv = bss->drv; 10481 drv->capa.flags &= ~WPA_DRIVER_FLAGS_SME; 10482 } 10483 10484 return 0; 10485} 10486 10487 10488static void * nl80211_global_init(void) 10489{ 10490 struct nl80211_global *global; 10491 struct netlink_config *cfg; 10492 10493 global = os_zalloc(sizeof(*global)); 10494 if (global == NULL) 10495 return NULL; 10496 global->ioctl_sock = -1; 10497 dl_list_init(&global->interfaces); 10498 global->if_add_ifindex = -1; 10499 10500 cfg = os_zalloc(sizeof(*cfg)); 10501 if (cfg == NULL) 10502 goto err; 10503 10504 cfg->ctx = global; 10505 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 10506 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 10507 global->netlink = netlink_init(cfg); 10508 if (global->netlink == NULL) { 10509 os_free(cfg); 10510 goto err; 10511 } 10512 10513 if (wpa_driver_nl80211_init_nl_global(global) < 0) 10514 goto err; 10515 10516 global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 10517 if (global->ioctl_sock < 0) { 10518 wpa_printf(MSG_ERROR, "nl80211: socket(PF_INET,SOCK_DGRAM) failed: %s", 10519 strerror(errno)); 10520 goto err; 10521 } 10522 10523 return global; 10524 10525err: 10526 nl80211_global_deinit(global); 10527 return NULL; 10528} 10529 10530 10531static void nl80211_global_deinit(void *priv) 10532{ 10533 struct nl80211_global *global = priv; 10534 if (global == NULL) 10535 return; 10536 if (!dl_list_empty(&global->interfaces)) { 10537 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at " 10538 "nl80211_global_deinit", 10539 dl_list_len(&global->interfaces)); 10540 } 10541 10542 if (global->netlink) 10543 netlink_deinit(global->netlink); 10544 10545 nl_destroy_handles(&global->nl); 10546 10547 if (global->nl_event) 10548 nl80211_destroy_eloop_handle(&global->nl_event); 10549 10550 nl_cb_put(global->nl_cb); 10551 10552 if (global->ioctl_sock >= 0) 10553 close(global->ioctl_sock); 10554 10555 os_free(global); 10556} 10557 10558 10559static const char * nl80211_get_radio_name(void *priv) 10560{ 10561 struct i802_bss *bss = priv; 10562 struct wpa_driver_nl80211_data *drv = bss->drv; 10563 return drv->phyname; 10564} 10565 10566 10567static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid, 10568 const u8 *pmkid) 10569{ 10570 struct nl_msg *msg; 10571 10572 msg = nlmsg_alloc(); 10573 if (!msg) 10574 return -ENOMEM; 10575 10576 nl80211_cmd(bss->drv, msg, 0, cmd); 10577 10578 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 10579 if (pmkid) 10580 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid); 10581 if (bssid) 10582 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 10583 10584 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 10585 nla_put_failure: 10586 nlmsg_free(msg); 10587 return -ENOBUFS; 10588} 10589 10590 10591static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 10592{ 10593 struct i802_bss *bss = priv; 10594 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid)); 10595 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid); 10596} 10597 10598 10599static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 10600{ 10601 struct i802_bss *bss = priv; 10602 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR, 10603 MAC2STR(bssid)); 10604 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid); 10605} 10606 10607 10608static int nl80211_flush_pmkid(void *priv) 10609{ 10610 struct i802_bss *bss = priv; 10611 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs"); 10612 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL); 10613} 10614 10615 10616static void clean_survey_results(struct survey_results *survey_results) 10617{ 10618 struct freq_survey *survey, *tmp; 10619 10620 if (dl_list_empty(&survey_results->survey_list)) 10621 return; 10622 10623 dl_list_for_each_safe(survey, tmp, &survey_results->survey_list, 10624 struct freq_survey, list) { 10625 dl_list_del(&survey->list); 10626 os_free(survey); 10627 } 10628} 10629 10630 10631static void add_survey(struct nlattr **sinfo, u32 ifidx, 10632 struct dl_list *survey_list) 10633{ 10634 struct freq_survey *survey; 10635 10636 survey = os_zalloc(sizeof(struct freq_survey)); 10637 if (!survey) 10638 return; 10639 10640 survey->ifidx = ifidx; 10641 survey->freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 10642 survey->filled = 0; 10643 10644 if (sinfo[NL80211_SURVEY_INFO_NOISE]) { 10645 survey->nf = (int8_t) 10646 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 10647 survey->filled |= SURVEY_HAS_NF; 10648 } 10649 10650 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]) { 10651 survey->channel_time = 10652 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]); 10653 survey->filled |= SURVEY_HAS_CHAN_TIME; 10654 } 10655 10656 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]) { 10657 survey->channel_time_busy = 10658 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]); 10659 survey->filled |= SURVEY_HAS_CHAN_TIME_BUSY; 10660 } 10661 10662 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]) { 10663 survey->channel_time_rx = 10664 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]); 10665 survey->filled |= SURVEY_HAS_CHAN_TIME_RX; 10666 } 10667 10668 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]) { 10669 survey->channel_time_tx = 10670 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]); 10671 survey->filled |= SURVEY_HAS_CHAN_TIME_TX; 10672 } 10673 10674 wpa_printf(MSG_DEBUG, "nl80211: Freq survey dump event (freq=%d MHz noise=%d channel_time=%ld busy_time=%ld tx_time=%ld rx_time=%ld filled=%04x)", 10675 survey->freq, 10676 survey->nf, 10677 (unsigned long int) survey->channel_time, 10678 (unsigned long int) survey->channel_time_busy, 10679 (unsigned long int) survey->channel_time_tx, 10680 (unsigned long int) survey->channel_time_rx, 10681 survey->filled); 10682 10683 dl_list_add_tail(survey_list, &survey->list); 10684} 10685 10686 10687static int check_survey_ok(struct nlattr **sinfo, u32 surveyed_freq, 10688 unsigned int freq_filter) 10689{ 10690 if (!freq_filter) 10691 return 1; 10692 10693 return freq_filter == surveyed_freq; 10694} 10695 10696 10697static int survey_handler(struct nl_msg *msg, void *arg) 10698{ 10699 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10700 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10701 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 10702 struct survey_results *survey_results; 10703 u32 surveyed_freq = 0; 10704 u32 ifidx; 10705 10706 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 10707 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 10708 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 10709 }; 10710 10711 survey_results = (struct survey_results *) arg; 10712 10713 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10714 genlmsg_attrlen(gnlh, 0), NULL); 10715 10716 if (!tb[NL80211_ATTR_IFINDEX]) 10717 return NL_SKIP; 10718 10719 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 10720 10721 if (!tb[NL80211_ATTR_SURVEY_INFO]) 10722 return NL_SKIP; 10723 10724 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 10725 tb[NL80211_ATTR_SURVEY_INFO], 10726 survey_policy)) 10727 return NL_SKIP; 10728 10729 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) { 10730 wpa_printf(MSG_ERROR, "nl80211: Invalid survey data"); 10731 return NL_SKIP; 10732 } 10733 10734 surveyed_freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 10735 10736 if (!check_survey_ok(sinfo, surveyed_freq, 10737 survey_results->freq_filter)) 10738 return NL_SKIP; 10739 10740 if (survey_results->freq_filter && 10741 survey_results->freq_filter != surveyed_freq) { 10742 wpa_printf(MSG_EXCESSIVE, "nl80211: Ignoring survey data for freq %d MHz", 10743 surveyed_freq); 10744 return NL_SKIP; 10745 } 10746 10747 add_survey(sinfo, ifidx, &survey_results->survey_list); 10748 10749 return NL_SKIP; 10750} 10751 10752 10753static int wpa_driver_nl80211_get_survey(void *priv, unsigned int freq) 10754{ 10755 struct i802_bss *bss = priv; 10756 struct wpa_driver_nl80211_data *drv = bss->drv; 10757 struct nl_msg *msg; 10758 int err = -ENOBUFS; 10759 union wpa_event_data data; 10760 struct survey_results *survey_results; 10761 10762 os_memset(&data, 0, sizeof(data)); 10763 survey_results = &data.survey_results; 10764 10765 dl_list_init(&survey_results->survey_list); 10766 10767 msg = nlmsg_alloc(); 10768 if (!msg) 10769 goto nla_put_failure; 10770 10771 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 10772 10773 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10774 10775 if (freq) 10776 data.survey_results.freq_filter = freq; 10777 10778 do { 10779 wpa_printf(MSG_DEBUG, "nl80211: Fetch survey data"); 10780 err = send_and_recv_msgs(drv, msg, survey_handler, 10781 survey_results); 10782 } while (err > 0); 10783 10784 if (err) { 10785 wpa_printf(MSG_ERROR, "nl80211: Failed to process survey data"); 10786 goto out_clean; 10787 } 10788 10789 wpa_supplicant_event(drv->ctx, EVENT_SURVEY, &data); 10790 10791out_clean: 10792 clean_survey_results(survey_results); 10793nla_put_failure: 10794 return err; 10795} 10796 10797 10798static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck, 10799 const u8 *replay_ctr) 10800{ 10801 struct i802_bss *bss = priv; 10802 struct wpa_driver_nl80211_data *drv = bss->drv; 10803 struct nlattr *replay_nested; 10804 struct nl_msg *msg; 10805 10806 msg = nlmsg_alloc(); 10807 if (!msg) 10808 return; 10809 10810 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 10811 10812 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10813 10814 replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 10815 if (!replay_nested) 10816 goto nla_put_failure; 10817 10818 NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek); 10819 NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck); 10820 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN, 10821 replay_ctr); 10822 10823 nla_nest_end(msg, replay_nested); 10824 10825 send_and_recv_msgs(drv, msg, NULL, NULL); 10826 return; 10827 nla_put_failure: 10828 nlmsg_free(msg); 10829} 10830 10831 10832static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr, 10833 const u8 *addr, int qos) 10834{ 10835 /* send data frame to poll STA and check whether 10836 * this frame is ACKed */ 10837 struct { 10838 struct ieee80211_hdr hdr; 10839 u16 qos_ctl; 10840 } STRUCT_PACKED nulldata; 10841 size_t size; 10842 10843 /* Send data frame to poll STA and check whether this frame is ACKed */ 10844 10845 os_memset(&nulldata, 0, sizeof(nulldata)); 10846 10847 if (qos) { 10848 nulldata.hdr.frame_control = 10849 IEEE80211_FC(WLAN_FC_TYPE_DATA, 10850 WLAN_FC_STYPE_QOS_NULL); 10851 size = sizeof(nulldata); 10852 } else { 10853 nulldata.hdr.frame_control = 10854 IEEE80211_FC(WLAN_FC_TYPE_DATA, 10855 WLAN_FC_STYPE_NULLFUNC); 10856 size = sizeof(struct ieee80211_hdr); 10857 } 10858 10859 nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS); 10860 os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN); 10861 os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 10862 os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 10863 10864 if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0, 10865 0, 0) < 0) 10866 wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to " 10867 "send poll frame"); 10868} 10869 10870static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr, 10871 int qos) 10872{ 10873 struct i802_bss *bss = priv; 10874 struct wpa_driver_nl80211_data *drv = bss->drv; 10875 struct nl_msg *msg; 10876 10877 if (!drv->poll_command_supported) { 10878 nl80211_send_null_frame(bss, own_addr, addr, qos); 10879 return; 10880 } 10881 10882 msg = nlmsg_alloc(); 10883 if (!msg) 10884 return; 10885 10886 nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT); 10887 10888 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10889 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 10890 10891 send_and_recv_msgs(drv, msg, NULL, NULL); 10892 return; 10893 nla_put_failure: 10894 nlmsg_free(msg); 10895} 10896 10897 10898static int nl80211_set_power_save(struct i802_bss *bss, int enabled) 10899{ 10900 struct nl_msg *msg; 10901 10902 msg = nlmsg_alloc(); 10903 if (!msg) 10904 return -ENOMEM; 10905 10906 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_SET_POWER_SAVE); 10907 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10908 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, 10909 enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED); 10910 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 10911nla_put_failure: 10912 nlmsg_free(msg); 10913 return -ENOBUFS; 10914} 10915 10916 10917static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps, 10918 int ctwindow) 10919{ 10920 struct i802_bss *bss = priv; 10921 10922 wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d " 10923 "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow); 10924 10925 if (opp_ps != -1 || ctwindow != -1) { 10926#ifdef ANDROID_P2P 10927 wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow); 10928#else /* ANDROID_P2P */ 10929 return -1; /* Not yet supported */ 10930#endif /* ANDROID_P2P */ 10931 } 10932 10933 if (legacy_ps == -1) 10934 return 0; 10935 if (legacy_ps != 0 && legacy_ps != 1) 10936 return -1; /* Not yet supported */ 10937 10938 return nl80211_set_power_save(bss, legacy_ps); 10939} 10940 10941 10942static int nl80211_start_radar_detection(void *priv, 10943 struct hostapd_freq_params *freq) 10944{ 10945 struct i802_bss *bss = priv; 10946 struct wpa_driver_nl80211_data *drv = bss->drv; 10947 struct nl_msg *msg; 10948 int ret; 10949 10950 wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)", 10951 freq->freq, freq->ht_enabled, freq->vht_enabled, 10952 freq->bandwidth, freq->center_freq1, freq->center_freq2); 10953 10954 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) { 10955 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support radar " 10956 "detection"); 10957 return -1; 10958 } 10959 10960 msg = nlmsg_alloc(); 10961 if (!msg) 10962 return -1; 10963 10964 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_RADAR_DETECT); 10965 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10966 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq); 10967 10968 if (freq->vht_enabled) { 10969 switch (freq->bandwidth) { 10970 case 20: 10971 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10972 NL80211_CHAN_WIDTH_20); 10973 break; 10974 case 40: 10975 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10976 NL80211_CHAN_WIDTH_40); 10977 break; 10978 case 80: 10979 if (freq->center_freq2) 10980 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10981 NL80211_CHAN_WIDTH_80P80); 10982 else 10983 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10984 NL80211_CHAN_WIDTH_80); 10985 break; 10986 case 160: 10987 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10988 NL80211_CHAN_WIDTH_160); 10989 break; 10990 default: 10991 return -1; 10992 } 10993 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1); 10994 if (freq->center_freq2) 10995 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2, 10996 freq->center_freq2); 10997 } else if (freq->ht_enabled) { 10998 switch (freq->sec_channel_offset) { 10999 case -1: 11000 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11001 NL80211_CHAN_HT40MINUS); 11002 break; 11003 case 1: 11004 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11005 NL80211_CHAN_HT40PLUS); 11006 break; 11007 default: 11008 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11009 NL80211_CHAN_HT20); 11010 break; 11011 } 11012 } 11013 11014 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11015 if (ret == 0) 11016 return 0; 11017 wpa_printf(MSG_DEBUG, "nl80211: Failed to start radar detection: " 11018 "%d (%s)", ret, strerror(-ret)); 11019nla_put_failure: 11020 return -1; 11021} 11022 11023#ifdef CONFIG_TDLS 11024 11025static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code, 11026 u8 dialog_token, u16 status_code, 11027 const u8 *buf, size_t len) 11028{ 11029 struct i802_bss *bss = priv; 11030 struct wpa_driver_nl80211_data *drv = bss->drv; 11031 struct nl_msg *msg; 11032 11033 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 11034 return -EOPNOTSUPP; 11035 11036 if (!dst) 11037 return -EINVAL; 11038 11039 msg = nlmsg_alloc(); 11040 if (!msg) 11041 return -ENOMEM; 11042 11043 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT); 11044 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11045 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 11046 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code); 11047 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token); 11048 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code); 11049 NLA_PUT(msg, NL80211_ATTR_IE, len, buf); 11050 11051 return send_and_recv_msgs(drv, msg, NULL, NULL); 11052 11053nla_put_failure: 11054 nlmsg_free(msg); 11055 return -ENOBUFS; 11056} 11057 11058 11059static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer) 11060{ 11061 struct i802_bss *bss = priv; 11062 struct wpa_driver_nl80211_data *drv = bss->drv; 11063 struct nl_msg *msg; 11064 enum nl80211_tdls_operation nl80211_oper; 11065 11066 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 11067 return -EOPNOTSUPP; 11068 11069 switch (oper) { 11070 case TDLS_DISCOVERY_REQ: 11071 nl80211_oper = NL80211_TDLS_DISCOVERY_REQ; 11072 break; 11073 case TDLS_SETUP: 11074 nl80211_oper = NL80211_TDLS_SETUP; 11075 break; 11076 case TDLS_TEARDOWN: 11077 nl80211_oper = NL80211_TDLS_TEARDOWN; 11078 break; 11079 case TDLS_ENABLE_LINK: 11080 nl80211_oper = NL80211_TDLS_ENABLE_LINK; 11081 break; 11082 case TDLS_DISABLE_LINK: 11083 nl80211_oper = NL80211_TDLS_DISABLE_LINK; 11084 break; 11085 case TDLS_ENABLE: 11086 return 0; 11087 case TDLS_DISABLE: 11088 return 0; 11089 default: 11090 return -EINVAL; 11091 } 11092 11093 msg = nlmsg_alloc(); 11094 if (!msg) 11095 return -ENOMEM; 11096 11097 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER); 11098 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper); 11099 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11100 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer); 11101 11102 return send_and_recv_msgs(drv, msg, NULL, NULL); 11103 11104nla_put_failure: 11105 nlmsg_free(msg); 11106 return -ENOBUFS; 11107} 11108 11109#endif /* CONFIG TDLS */ 11110 11111 11112#ifdef ANDROID 11113 11114typedef struct android_wifi_priv_cmd { 11115 char *buf; 11116 int used_len; 11117 int total_len; 11118} android_wifi_priv_cmd; 11119 11120static int drv_errors = 0; 11121 11122static void wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data *drv) 11123{ 11124 drv_errors++; 11125 if (drv_errors > DRV_NUMBER_SEQUENTIAL_ERRORS) { 11126 drv_errors = 0; 11127 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED"); 11128 } 11129} 11130 11131 11132static int android_priv_cmd(struct i802_bss *bss, const char *cmd) 11133{ 11134 struct wpa_driver_nl80211_data *drv = bss->drv; 11135 struct ifreq ifr; 11136 android_wifi_priv_cmd priv_cmd; 11137 char buf[MAX_DRV_CMD_SIZE]; 11138 int ret; 11139 11140 os_memset(&ifr, 0, sizeof(ifr)); 11141 os_memset(&priv_cmd, 0, sizeof(priv_cmd)); 11142 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 11143 11144 os_memset(buf, 0, sizeof(buf)); 11145 os_strlcpy(buf, cmd, sizeof(buf)); 11146 11147 priv_cmd.buf = buf; 11148 priv_cmd.used_len = sizeof(buf); 11149 priv_cmd.total_len = sizeof(buf); 11150 ifr.ifr_data = &priv_cmd; 11151 11152 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 11153 if (ret < 0) { 11154 wpa_printf(MSG_ERROR, "%s: failed to issue private commands", 11155 __func__); 11156 wpa_driver_send_hang_msg(drv); 11157 return ret; 11158 } 11159 11160 drv_errors = 0; 11161 return 0; 11162} 11163 11164 11165static int android_pno_start(struct i802_bss *bss, 11166 struct wpa_driver_scan_params *params) 11167{ 11168 struct wpa_driver_nl80211_data *drv = bss->drv; 11169 struct ifreq ifr; 11170 android_wifi_priv_cmd priv_cmd; 11171 int ret = 0, i = 0, bp; 11172 char buf[WEXT_PNO_MAX_COMMAND_SIZE]; 11173 11174 bp = WEXT_PNOSETUP_HEADER_SIZE; 11175 os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp); 11176 buf[bp++] = WEXT_PNO_TLV_PREFIX; 11177 buf[bp++] = WEXT_PNO_TLV_VERSION; 11178 buf[bp++] = WEXT_PNO_TLV_SUBVERSION; 11179 buf[bp++] = WEXT_PNO_TLV_RESERVED; 11180 11181 while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) { 11182 /* Check that there is enough space needed for 1 more SSID, the 11183 * other sections and null termination */ 11184 if ((bp + WEXT_PNO_SSID_HEADER_SIZE + MAX_SSID_LEN + 11185 WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf)) 11186 break; 11187 wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan", 11188 params->ssids[i].ssid, 11189 params->ssids[i].ssid_len); 11190 buf[bp++] = WEXT_PNO_SSID_SECTION; 11191 buf[bp++] = params->ssids[i].ssid_len; 11192 os_memcpy(&buf[bp], params->ssids[i].ssid, 11193 params->ssids[i].ssid_len); 11194 bp += params->ssids[i].ssid_len; 11195 i++; 11196 } 11197 11198 buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION; 11199 os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x", 11200 WEXT_PNO_SCAN_INTERVAL); 11201 bp += WEXT_PNO_SCAN_INTERVAL_LENGTH; 11202 11203 buf[bp++] = WEXT_PNO_REPEAT_SECTION; 11204 os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x", 11205 WEXT_PNO_REPEAT); 11206 bp += WEXT_PNO_REPEAT_LENGTH; 11207 11208 buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION; 11209 os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x", 11210 WEXT_PNO_MAX_REPEAT); 11211 bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1; 11212 11213 memset(&ifr, 0, sizeof(ifr)); 11214 memset(&priv_cmd, 0, sizeof(priv_cmd)); 11215 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 11216 11217 priv_cmd.buf = buf; 11218 priv_cmd.used_len = bp; 11219 priv_cmd.total_len = bp; 11220 ifr.ifr_data = &priv_cmd; 11221 11222 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 11223 11224 if (ret < 0) { 11225 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d", 11226 ret); 11227 wpa_driver_send_hang_msg(drv); 11228 return ret; 11229 } 11230 11231 drv_errors = 0; 11232 11233 return android_priv_cmd(bss, "PNOFORCE 1"); 11234} 11235 11236 11237static int android_pno_stop(struct i802_bss *bss) 11238{ 11239 return android_priv_cmd(bss, "PNOFORCE 0"); 11240} 11241 11242#endif /* ANDROID */ 11243 11244 11245static int driver_nl80211_set_key(const char *ifname, void *priv, 11246 enum wpa_alg alg, const u8 *addr, 11247 int key_idx, int set_tx, 11248 const u8 *seq, size_t seq_len, 11249 const u8 *key, size_t key_len) 11250{ 11251 struct i802_bss *bss = priv; 11252 return wpa_driver_nl80211_set_key(ifname, bss, alg, addr, key_idx, 11253 set_tx, seq, seq_len, key, key_len); 11254} 11255 11256 11257static int driver_nl80211_scan2(void *priv, 11258 struct wpa_driver_scan_params *params) 11259{ 11260 struct i802_bss *bss = priv; 11261 return wpa_driver_nl80211_scan(bss, params); 11262} 11263 11264 11265static int driver_nl80211_deauthenticate(void *priv, const u8 *addr, 11266 int reason_code) 11267{ 11268 struct i802_bss *bss = priv; 11269 return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code); 11270} 11271 11272 11273static int driver_nl80211_authenticate(void *priv, 11274 struct wpa_driver_auth_params *params) 11275{ 11276 struct i802_bss *bss = priv; 11277 return wpa_driver_nl80211_authenticate(bss, params); 11278} 11279 11280 11281static void driver_nl80211_deinit(void *priv) 11282{ 11283 struct i802_bss *bss = priv; 11284 wpa_driver_nl80211_deinit(bss); 11285} 11286 11287 11288static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type, 11289 const char *ifname) 11290{ 11291 struct i802_bss *bss = priv; 11292 return wpa_driver_nl80211_if_remove(bss, type, ifname); 11293} 11294 11295 11296static int driver_nl80211_send_mlme(void *priv, const u8 *data, 11297 size_t data_len, int noack) 11298{ 11299 struct i802_bss *bss = priv; 11300 return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack, 11301 0, 0, 0, 0); 11302} 11303 11304 11305static int driver_nl80211_sta_remove(void *priv, const u8 *addr) 11306{ 11307 struct i802_bss *bss = priv; 11308 return wpa_driver_nl80211_sta_remove(bss, addr); 11309} 11310 11311 11312static int driver_nl80211_set_sta_vlan(void *priv, const u8 *addr, 11313 const char *ifname, int vlan_id) 11314{ 11315 struct i802_bss *bss = priv; 11316 return i802_set_sta_vlan(bss, addr, ifname, vlan_id); 11317} 11318 11319 11320static int driver_nl80211_read_sta_data(void *priv, 11321 struct hostap_sta_driver_data *data, 11322 const u8 *addr) 11323{ 11324 struct i802_bss *bss = priv; 11325 return i802_read_sta_data(bss, data, addr); 11326} 11327 11328 11329static int driver_nl80211_send_action(void *priv, unsigned int freq, 11330 unsigned int wait_time, 11331 const u8 *dst, const u8 *src, 11332 const u8 *bssid, 11333 const u8 *data, size_t data_len, 11334 int no_cck) 11335{ 11336 struct i802_bss *bss = priv; 11337 return wpa_driver_nl80211_send_action(bss, freq, wait_time, dst, src, 11338 bssid, data, data_len, no_cck); 11339} 11340 11341 11342static int driver_nl80211_probe_req_report(void *priv, int report) 11343{ 11344 struct i802_bss *bss = priv; 11345 return wpa_driver_nl80211_probe_req_report(bss, report); 11346} 11347 11348 11349static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md, 11350 const u8 *ies, size_t ies_len) 11351{ 11352 int ret; 11353 struct nl_msg *msg; 11354 struct i802_bss *bss = priv; 11355 struct wpa_driver_nl80211_data *drv = bss->drv; 11356 u16 mdid = WPA_GET_LE16(md); 11357 11358 msg = nlmsg_alloc(); 11359 if (!msg) 11360 return -ENOMEM; 11361 11362 wpa_printf(MSG_DEBUG, "nl80211: Updating FT IEs"); 11363 nl80211_cmd(drv, msg, 0, NL80211_CMD_UPDATE_FT_IES); 11364 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11365 NLA_PUT(msg, NL80211_ATTR_IE, ies_len, ies); 11366 NLA_PUT_U16(msg, NL80211_ATTR_MDID, mdid); 11367 11368 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11369 if (ret) { 11370 wpa_printf(MSG_DEBUG, "nl80211: update_ft_ies failed " 11371 "err=%d (%s)", ret, strerror(-ret)); 11372 } 11373 11374 return ret; 11375 11376nla_put_failure: 11377 nlmsg_free(msg); 11378 return -ENOBUFS; 11379} 11380 11381 11382const u8 * wpa_driver_nl80211_get_macaddr(void *priv) 11383{ 11384 struct i802_bss *bss = priv; 11385 struct wpa_driver_nl80211_data *drv = bss->drv; 11386 11387 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) 11388 return NULL; 11389 11390 return bss->addr; 11391} 11392 11393 11394static const char * scan_state_str(enum scan_states scan_state) 11395{ 11396 switch (scan_state) { 11397 case NO_SCAN: 11398 return "NO_SCAN"; 11399 case SCAN_REQUESTED: 11400 return "SCAN_REQUESTED"; 11401 case SCAN_STARTED: 11402 return "SCAN_STARTED"; 11403 case SCAN_COMPLETED: 11404 return "SCAN_COMPLETED"; 11405 case SCAN_ABORTED: 11406 return "SCAN_ABORTED"; 11407 case SCHED_SCAN_STARTED: 11408 return "SCHED_SCAN_STARTED"; 11409 case SCHED_SCAN_STOPPED: 11410 return "SCHED_SCAN_STOPPED"; 11411 case SCHED_SCAN_RESULTS: 11412 return "SCHED_SCAN_RESULTS"; 11413 } 11414 11415 return "??"; 11416} 11417 11418 11419static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen) 11420{ 11421 struct i802_bss *bss = priv; 11422 struct wpa_driver_nl80211_data *drv = bss->drv; 11423 int res; 11424 char *pos, *end; 11425 11426 pos = buf; 11427 end = buf + buflen; 11428 11429 res = os_snprintf(pos, end - pos, 11430 "ifindex=%d\n" 11431 "ifname=%s\n" 11432 "brname=%s\n" 11433 "addr=" MACSTR "\n" 11434 "freq=%d\n" 11435 "%s%s%s%s%s", 11436 bss->ifindex, 11437 bss->ifname, 11438 bss->brname, 11439 MAC2STR(bss->addr), 11440 bss->freq, 11441 bss->beacon_set ? "beacon_set=1\n" : "", 11442 bss->added_if_into_bridge ? 11443 "added_if_into_bridge=1\n" : "", 11444 bss->added_bridge ? "added_bridge=1\n" : "", 11445 bss->in_deinit ? "in_deinit=1\n" : "", 11446 bss->if_dynamic ? "if_dynamic=1\n" : ""); 11447 if (res < 0 || res >= end - pos) 11448 return pos - buf; 11449 pos += res; 11450 11451 if (bss->wdev_id_set) { 11452 res = os_snprintf(pos, end - pos, "wdev_id=%llu\n", 11453 (unsigned long long) bss->wdev_id); 11454 if (res < 0 || res >= end - pos) 11455 return pos - buf; 11456 pos += res; 11457 } 11458 11459 res = os_snprintf(pos, end - pos, 11460 "phyname=%s\n" 11461 "drv_ifindex=%d\n" 11462 "operstate=%d\n" 11463 "scan_state=%s\n" 11464 "auth_bssid=" MACSTR "\n" 11465 "auth_attempt_bssid=" MACSTR "\n" 11466 "bssid=" MACSTR "\n" 11467 "prev_bssid=" MACSTR "\n" 11468 "associated=%d\n" 11469 "assoc_freq=%u\n" 11470 "monitor_sock=%d\n" 11471 "monitor_ifidx=%d\n" 11472 "monitor_refcount=%d\n" 11473 "last_mgmt_freq=%u\n" 11474 "eapol_tx_sock=%d\n" 11475 "%s%s%s%s%s%s%s%s%s%s%s%s%s", 11476 drv->phyname, 11477 drv->ifindex, 11478 drv->operstate, 11479 scan_state_str(drv->scan_state), 11480 MAC2STR(drv->auth_bssid), 11481 MAC2STR(drv->auth_attempt_bssid), 11482 MAC2STR(drv->bssid), 11483 MAC2STR(drv->prev_bssid), 11484 drv->associated, 11485 drv->assoc_freq, 11486 drv->monitor_sock, 11487 drv->monitor_ifidx, 11488 drv->monitor_refcount, 11489 drv->last_mgmt_freq, 11490 drv->eapol_tx_sock, 11491 drv->ignore_if_down_event ? 11492 "ignore_if_down_event=1\n" : "", 11493 drv->scan_complete_events ? 11494 "scan_complete_events=1\n" : "", 11495 drv->disabled_11b_rates ? 11496 "disabled_11b_rates=1\n" : "", 11497 drv->pending_remain_on_chan ? 11498 "pending_remain_on_chan=1\n" : "", 11499 drv->in_interface_list ? "in_interface_list=1\n" : "", 11500 drv->device_ap_sme ? "device_ap_sme=1\n" : "", 11501 drv->poll_command_supported ? 11502 "poll_command_supported=1\n" : "", 11503 drv->data_tx_status ? "data_tx_status=1\n" : "", 11504 drv->scan_for_auth ? "scan_for_auth=1\n" : "", 11505 drv->retry_auth ? "retry_auth=1\n" : "", 11506 drv->use_monitor ? "use_monitor=1\n" : "", 11507 drv->ignore_next_local_disconnect ? 11508 "ignore_next_local_disconnect=1\n" : "", 11509 drv->allow_p2p_device ? "allow_p2p_device=1\n" : ""); 11510 if (res < 0 || res >= end - pos) 11511 return pos - buf; 11512 pos += res; 11513 11514 if (drv->has_capability) { 11515 res = os_snprintf(pos, end - pos, 11516 "capa.key_mgmt=0x%x\n" 11517 "capa.enc=0x%x\n" 11518 "capa.auth=0x%x\n" 11519 "capa.flags=0x%x\n" 11520 "capa.max_scan_ssids=%d\n" 11521 "capa.max_sched_scan_ssids=%d\n" 11522 "capa.sched_scan_supported=%d\n" 11523 "capa.max_match_sets=%d\n" 11524 "capa.max_remain_on_chan=%u\n" 11525 "capa.max_stations=%u\n" 11526 "capa.probe_resp_offloads=0x%x\n" 11527 "capa.max_acl_mac_addrs=%u\n" 11528 "capa.num_multichan_concurrent=%u\n", 11529 drv->capa.key_mgmt, 11530 drv->capa.enc, 11531 drv->capa.auth, 11532 drv->capa.flags, 11533 drv->capa.max_scan_ssids, 11534 drv->capa.max_sched_scan_ssids, 11535 drv->capa.sched_scan_supported, 11536 drv->capa.max_match_sets, 11537 drv->capa.max_remain_on_chan, 11538 drv->capa.max_stations, 11539 drv->capa.probe_resp_offloads, 11540 drv->capa.max_acl_mac_addrs, 11541 drv->capa.num_multichan_concurrent); 11542 if (res < 0 || res >= end - pos) 11543 return pos - buf; 11544 pos += res; 11545 } 11546 11547 return pos - buf; 11548} 11549 11550 11551static int set_beacon_data(struct nl_msg *msg, struct beacon_data *settings) 11552{ 11553 if (settings->head) 11554 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, 11555 settings->head_len, settings->head); 11556 11557 if (settings->tail) 11558 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, 11559 settings->tail_len, settings->tail); 11560 11561 if (settings->beacon_ies) 11562 NLA_PUT(msg, NL80211_ATTR_IE, 11563 settings->beacon_ies_len, settings->beacon_ies); 11564 11565 if (settings->proberesp_ies) 11566 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 11567 settings->proberesp_ies_len, settings->proberesp_ies); 11568 11569 if (settings->assocresp_ies) 11570 NLA_PUT(msg, 11571 NL80211_ATTR_IE_ASSOC_RESP, 11572 settings->assocresp_ies_len, settings->assocresp_ies); 11573 11574 if (settings->probe_resp) 11575 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, 11576 settings->probe_resp_len, settings->probe_resp); 11577 11578 return 0; 11579 11580nla_put_failure: 11581 return -ENOBUFS; 11582} 11583 11584 11585static int nl80211_switch_channel(void *priv, struct csa_settings *settings) 11586{ 11587 struct nl_msg *msg; 11588 struct i802_bss *bss = priv; 11589 struct wpa_driver_nl80211_data *drv = bss->drv; 11590 struct nlattr *beacon_csa; 11591 int ret = -ENOBUFS; 11592 11593 wpa_printf(MSG_DEBUG, "nl80211: Channel switch request (cs_count=%u block_tx=%u freq=%d width=%d cf1=%d cf2=%d)", 11594 settings->cs_count, settings->block_tx, 11595 settings->freq_params.freq, settings->freq_params.bandwidth, 11596 settings->freq_params.center_freq1, 11597 settings->freq_params.center_freq2); 11598 11599 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_AP_CSA)) { 11600 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support channel switch command"); 11601 return -EOPNOTSUPP; 11602 } 11603 11604 if ((drv->nlmode != NL80211_IFTYPE_AP) && 11605 (drv->nlmode != NL80211_IFTYPE_P2P_GO)) 11606 return -EOPNOTSUPP; 11607 11608 /* check settings validity */ 11609 if (!settings->beacon_csa.tail || 11610 ((settings->beacon_csa.tail_len <= 11611 settings->counter_offset_beacon) || 11612 (settings->beacon_csa.tail[settings->counter_offset_beacon] != 11613 settings->cs_count))) 11614 return -EINVAL; 11615 11616 if (settings->beacon_csa.probe_resp && 11617 ((settings->beacon_csa.probe_resp_len <= 11618 settings->counter_offset_presp) || 11619 (settings->beacon_csa.probe_resp[settings->counter_offset_presp] != 11620 settings->cs_count))) 11621 return -EINVAL; 11622 11623 msg = nlmsg_alloc(); 11624 if (!msg) 11625 return -ENOMEM; 11626 11627 nl80211_cmd(drv, msg, 0, NL80211_CMD_CHANNEL_SWITCH); 11628 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11629 NLA_PUT_U32(msg, NL80211_ATTR_CH_SWITCH_COUNT, settings->cs_count); 11630 ret = nl80211_put_freq_params(msg, &settings->freq_params); 11631 if (ret) 11632 goto error; 11633 11634 if (settings->block_tx) 11635 NLA_PUT_FLAG(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX); 11636 11637 /* beacon_after params */ 11638 ret = set_beacon_data(msg, &settings->beacon_after); 11639 if (ret) 11640 goto error; 11641 11642 /* beacon_csa params */ 11643 beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES); 11644 if (!beacon_csa) 11645 goto nla_put_failure; 11646 11647 ret = set_beacon_data(msg, &settings->beacon_csa); 11648 if (ret) 11649 goto error; 11650 11651 NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_BEACON, 11652 settings->counter_offset_beacon); 11653 11654 if (settings->beacon_csa.probe_resp) 11655 NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_PRESP, 11656 settings->counter_offset_presp); 11657 11658 nla_nest_end(msg, beacon_csa); 11659 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11660 if (ret) { 11661 wpa_printf(MSG_DEBUG, "nl80211: switch_channel failed err=%d (%s)", 11662 ret, strerror(-ret)); 11663 } 11664 return ret; 11665 11666nla_put_failure: 11667 ret = -ENOBUFS; 11668error: 11669 nlmsg_free(msg); 11670 wpa_printf(MSG_DEBUG, "nl80211: Could not build channel switch request"); 11671 return ret; 11672} 11673 11674 11675static int nl80211_set_qos_map(void *priv, const u8 *qos_map_set, 11676 u8 qos_map_set_len) 11677{ 11678 struct i802_bss *bss = priv; 11679 struct wpa_driver_nl80211_data *drv = bss->drv; 11680 struct nl_msg *msg; 11681 int ret; 11682 11683 msg = nlmsg_alloc(); 11684 if (!msg) 11685 return -ENOMEM; 11686 11687 wpa_hexdump(MSG_DEBUG, "nl80211: Setting QoS Map", 11688 qos_map_set, qos_map_set_len); 11689 11690 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_QOS_MAP); 11691 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11692 NLA_PUT(msg, NL80211_ATTR_QOS_MAP, qos_map_set_len, qos_map_set); 11693 11694 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11695 if (ret) 11696 wpa_printf(MSG_DEBUG, "nl80211: Setting QoS Map failed"); 11697 11698 return ret; 11699 11700nla_put_failure: 11701 nlmsg_free(msg); 11702 return -ENOBUFS; 11703} 11704 11705 11706const struct wpa_driver_ops wpa_driver_nl80211_ops = { 11707 .name = "nl80211", 11708 .desc = "Linux nl80211/cfg80211", 11709 .get_bssid = wpa_driver_nl80211_get_bssid, 11710 .get_ssid = wpa_driver_nl80211_get_ssid, 11711 .set_key = driver_nl80211_set_key, 11712 .scan2 = driver_nl80211_scan2, 11713 .sched_scan = wpa_driver_nl80211_sched_scan, 11714 .stop_sched_scan = wpa_driver_nl80211_stop_sched_scan, 11715 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 11716 .deauthenticate = driver_nl80211_deauthenticate, 11717 .authenticate = driver_nl80211_authenticate, 11718 .associate = wpa_driver_nl80211_associate, 11719 .global_init = nl80211_global_init, 11720 .global_deinit = nl80211_global_deinit, 11721 .init2 = wpa_driver_nl80211_init, 11722 .deinit = driver_nl80211_deinit, 11723 .get_capa = wpa_driver_nl80211_get_capa, 11724 .set_operstate = wpa_driver_nl80211_set_operstate, 11725 .set_supp_port = wpa_driver_nl80211_set_supp_port, 11726 .set_country = wpa_driver_nl80211_set_country, 11727 .get_country = wpa_driver_nl80211_get_country, 11728 .set_ap = wpa_driver_nl80211_set_ap, 11729 .set_acl = wpa_driver_nl80211_set_acl, 11730 .if_add = wpa_driver_nl80211_if_add, 11731 .if_remove = driver_nl80211_if_remove, 11732 .send_mlme = driver_nl80211_send_mlme, 11733 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 11734 .sta_add = wpa_driver_nl80211_sta_add, 11735 .sta_remove = driver_nl80211_sta_remove, 11736 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 11737 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 11738 .hapd_init = i802_init, 11739 .hapd_deinit = i802_deinit, 11740 .set_wds_sta = i802_set_wds_sta, 11741 .get_seqnum = i802_get_seqnum, 11742 .flush = i802_flush, 11743 .get_inact_sec = i802_get_inact_sec, 11744 .sta_clear_stats = i802_sta_clear_stats, 11745 .set_rts = i802_set_rts, 11746 .set_frag = i802_set_frag, 11747 .set_tx_queue_params = i802_set_tx_queue_params, 11748 .set_sta_vlan = driver_nl80211_set_sta_vlan, 11749 .sta_deauth = i802_sta_deauth, 11750 .sta_disassoc = i802_sta_disassoc, 11751 .read_sta_data = driver_nl80211_read_sta_data, 11752 .set_freq = i802_set_freq, 11753 .send_action = driver_nl80211_send_action, 11754 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait, 11755 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 11756 .cancel_remain_on_channel = 11757 wpa_driver_nl80211_cancel_remain_on_channel, 11758 .probe_req_report = driver_nl80211_probe_req_report, 11759 .deinit_ap = wpa_driver_nl80211_deinit_ap, 11760 .deinit_p2p_cli = wpa_driver_nl80211_deinit_p2p_cli, 11761 .resume = wpa_driver_nl80211_resume, 11762 .send_ft_action = nl80211_send_ft_action, 11763 .signal_monitor = nl80211_signal_monitor, 11764 .signal_poll = nl80211_signal_poll, 11765 .send_frame = nl80211_send_frame, 11766 .shared_freq = wpa_driver_nl80211_shared_freq, 11767 .set_param = nl80211_set_param, 11768 .get_radio_name = nl80211_get_radio_name, 11769 .add_pmkid = nl80211_add_pmkid, 11770 .remove_pmkid = nl80211_remove_pmkid, 11771 .flush_pmkid = nl80211_flush_pmkid, 11772 .set_rekey_info = nl80211_set_rekey_info, 11773 .poll_client = nl80211_poll_client, 11774 .set_p2p_powersave = nl80211_set_p2p_powersave, 11775 .start_dfs_cac = nl80211_start_radar_detection, 11776 .stop_ap = wpa_driver_nl80211_stop_ap, 11777#ifdef CONFIG_TDLS 11778 .send_tdls_mgmt = nl80211_send_tdls_mgmt, 11779 .tdls_oper = nl80211_tdls_oper, 11780#endif /* CONFIG_TDLS */ 11781 .update_ft_ies = wpa_driver_nl80211_update_ft_ies, 11782 .get_mac_addr = wpa_driver_nl80211_get_macaddr, 11783 .get_survey = wpa_driver_nl80211_get_survey, 11784 .status = wpa_driver_nl80211_status, 11785 .switch_channel = nl80211_switch_channel, 11786#ifdef ANDROID_P2P 11787 .set_noa = wpa_driver_set_p2p_noa, 11788 .get_noa = wpa_driver_get_p2p_noa, 11789 .set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie, 11790#endif /* ANDROID_P2P */ 11791#ifdef ANDROID 11792 .driver_cmd = wpa_driver_nl80211_driver_cmd, 11793#endif /* ANDROID */ 11794 .set_qos_map = nl80211_set_qos_map, 11795}; 11796