driver_nl80211.c revision df5a7e4c5c64890c2425bb47d665bbce4992b676
1/* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This software may be distributed under the terms of the BSD license. 10 * See README for more details. 11 */ 12 13#include "includes.h" 14#include <sys/ioctl.h> 15#include <sys/types.h> 16#include <sys/stat.h> 17#include <fcntl.h> 18#include <net/if.h> 19#include <netlink/genl/genl.h> 20#include <netlink/genl/family.h> 21#include <netlink/genl/ctrl.h> 22#include <linux/rtnetlink.h> 23#include <netpacket/packet.h> 24#include <linux/filter.h> 25#include <linux/errqueue.h> 26#include "nl80211_copy.h" 27 28#include "common.h" 29#include "eloop.h" 30#include "utils/list.h" 31#include "common/qca-vendor.h" 32#include "common/ieee802_11_defs.h" 33#include "common/ieee802_11_common.h" 34#include "l2_packet/l2_packet.h" 35#include "netlink.h" 36#include "linux_ioctl.h" 37#include "radiotap.h" 38#include "radiotap_iter.h" 39#include "rfkill.h" 40#include "driver.h" 41 42#ifndef SO_WIFI_STATUS 43# if defined(__sparc__) 44# define SO_WIFI_STATUS 0x0025 45# elif defined(__parisc__) 46# define SO_WIFI_STATUS 0x4022 47# else 48# define SO_WIFI_STATUS 41 49# endif 50 51# define SCM_WIFI_STATUS SO_WIFI_STATUS 52#endif 53 54#ifndef SO_EE_ORIGIN_TXSTATUS 55#define SO_EE_ORIGIN_TXSTATUS 4 56#endif 57 58#ifndef PACKET_TX_TIMESTAMP 59#define PACKET_TX_TIMESTAMP 16 60#endif 61 62#ifdef ANDROID 63#include "android_drv.h" 64#endif /* ANDROID */ 65#ifdef CONFIG_LIBNL20 66/* libnl 2.0 compatibility code */ 67#define nl_handle nl_sock 68#define nl80211_handle_alloc nl_socket_alloc_cb 69#define nl80211_handle_destroy nl_socket_free 70#else 71/* 72 * libnl 1.1 has a bug, it tries to allocate socket numbers densely 73 * but when you free a socket again it will mess up its bitmap and 74 * and use the wrong number the next time it needs a socket ID. 75 * Therefore, we wrap the handle alloc/destroy and add our own pid 76 * accounting. 77 */ 78static uint32_t port_bitmap[32] = { 0 }; 79 80static struct nl_handle *nl80211_handle_alloc(void *cb) 81{ 82 struct nl_handle *handle; 83 uint32_t pid = getpid() & 0x3FFFFF; 84 int i; 85 86 handle = nl_handle_alloc_cb(cb); 87 88 for (i = 0; i < 1024; i++) { 89 if (port_bitmap[i / 32] & (1 << (i % 32))) 90 continue; 91 port_bitmap[i / 32] |= 1 << (i % 32); 92 pid += i << 22; 93 break; 94 } 95 96 nl_socket_set_local_port(handle, pid); 97 98 return handle; 99} 100 101static void nl80211_handle_destroy(struct nl_handle *handle) 102{ 103 uint32_t port = nl_socket_get_local_port(handle); 104 105 port >>= 22; 106 port_bitmap[port / 32] &= ~(1 << (port % 32)); 107 108 nl_handle_destroy(handle); 109} 110#endif /* CONFIG_LIBNL20 */ 111 112 113#ifdef ANDROID 114/* system/core/libnl_2 does not include nl_socket_set_nonblocking() */ 115static int android_nl_socket_set_nonblocking(struct nl_handle *handle) 116{ 117 return fcntl(nl_socket_get_fd(handle), F_SETFL, O_NONBLOCK); 118} 119#undef nl_socket_set_nonblocking 120#define nl_socket_set_nonblocking(h) android_nl_socket_set_nonblocking(h) 121#endif /* ANDROID */ 122 123 124static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg) 125{ 126 struct nl_handle *handle; 127 128 handle = nl80211_handle_alloc(cb); 129 if (handle == NULL) { 130 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 131 "callbacks (%s)", dbg); 132 return NULL; 133 } 134 135 if (genl_connect(handle)) { 136 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 137 "netlink (%s)", dbg); 138 nl80211_handle_destroy(handle); 139 return NULL; 140 } 141 142 return handle; 143} 144 145 146static void nl_destroy_handles(struct nl_handle **handle) 147{ 148 if (*handle == NULL) 149 return; 150 nl80211_handle_destroy(*handle); 151 *handle = NULL; 152} 153 154 155#if __WORDSIZE == 64 156#define ELOOP_SOCKET_INVALID (intptr_t) 0x8888888888888889ULL 157#else 158#define ELOOP_SOCKET_INVALID (intptr_t) 0x88888889ULL 159#endif 160 161static void nl80211_register_eloop_read(struct nl_handle **handle, 162 eloop_sock_handler handler, 163 void *eloop_data) 164{ 165 nl_socket_set_nonblocking(*handle); 166 eloop_register_read_sock(nl_socket_get_fd(*handle), handler, 167 eloop_data, *handle); 168 *handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID); 169} 170 171 172static void nl80211_destroy_eloop_handle(struct nl_handle **handle) 173{ 174 *handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID); 175 eloop_unregister_read_sock(nl_socket_get_fd(*handle)); 176 nl_destroy_handles(handle); 177} 178 179 180#ifndef IFF_LOWER_UP 181#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 182#endif 183#ifndef IFF_DORMANT 184#define IFF_DORMANT 0x20000 /* driver signals dormant */ 185#endif 186 187#ifndef IF_OPER_DORMANT 188#define IF_OPER_DORMANT 5 189#endif 190#ifndef IF_OPER_UP 191#define IF_OPER_UP 6 192#endif 193 194struct nl80211_global { 195 struct dl_list interfaces; 196 int if_add_ifindex; 197 u64 if_add_wdevid; 198 int if_add_wdevid_set; 199 struct netlink_data *netlink; 200 struct nl_cb *nl_cb; 201 struct nl_handle *nl; 202 int nl80211_id; 203 int ioctl_sock; /* socket for ioctl() use */ 204 205 struct nl_handle *nl_event; 206}; 207 208struct nl80211_wiphy_data { 209 struct dl_list list; 210 struct dl_list bsss; 211 struct dl_list drvs; 212 213 struct nl_handle *nl_beacons; 214 struct nl_cb *nl_cb; 215 216 int wiphy_idx; 217}; 218 219static void nl80211_global_deinit(void *priv); 220 221struct i802_bss { 222 struct wpa_driver_nl80211_data *drv; 223 struct i802_bss *next; 224 int ifindex; 225 u64 wdev_id; 226 char ifname[IFNAMSIZ + 1]; 227 char brname[IFNAMSIZ]; 228 unsigned int beacon_set:1; 229 unsigned int added_if_into_bridge:1; 230 unsigned int added_bridge:1; 231 unsigned int in_deinit:1; 232 unsigned int wdev_id_set:1; 233 unsigned int added_if:1; 234 235 u8 addr[ETH_ALEN]; 236 237 int freq; 238 int if_dynamic; 239 240 void *ctx; 241 struct nl_handle *nl_preq, *nl_mgmt; 242 struct nl_cb *nl_cb; 243 244 struct nl80211_wiphy_data *wiphy_data; 245 struct dl_list wiphy_list; 246}; 247 248struct wpa_driver_nl80211_data { 249 struct nl80211_global *global; 250 struct dl_list list; 251 struct dl_list wiphy_list; 252 char phyname[32]; 253 void *ctx; 254 int ifindex; 255 int if_removed; 256 int if_disabled; 257 int ignore_if_down_event; 258 struct rfkill_data *rfkill; 259 struct wpa_driver_capa capa; 260 u8 *extended_capa, *extended_capa_mask; 261 unsigned int extended_capa_len; 262 int has_capability; 263 264 int operstate; 265 266 int scan_complete_events; 267 enum scan_states { 268 NO_SCAN, SCAN_REQUESTED, SCAN_STARTED, SCAN_COMPLETED, 269 SCAN_ABORTED, SCHED_SCAN_STARTED, SCHED_SCAN_STOPPED, 270 SCHED_SCAN_RESULTS 271 } scan_state; 272 273 struct nl_cb *nl_cb; 274 275 u8 auth_bssid[ETH_ALEN]; 276 u8 auth_attempt_bssid[ETH_ALEN]; 277 u8 bssid[ETH_ALEN]; 278 u8 prev_bssid[ETH_ALEN]; 279 int associated; 280 u8 ssid[32]; 281 size_t ssid_len; 282 enum nl80211_iftype nlmode; 283 enum nl80211_iftype ap_scan_as_station; 284 unsigned int assoc_freq; 285 286 int monitor_sock; 287 int monitor_ifidx; 288 int monitor_refcount; 289 290 unsigned int disabled_11b_rates:1; 291 unsigned int pending_remain_on_chan:1; 292 unsigned int in_interface_list:1; 293 unsigned int device_ap_sme:1; 294 unsigned int poll_command_supported:1; 295 unsigned int data_tx_status:1; 296 unsigned int scan_for_auth:1; 297 unsigned int retry_auth:1; 298 unsigned int use_monitor:1; 299 unsigned int ignore_next_local_disconnect:1; 300 unsigned int allow_p2p_device:1; 301 unsigned int hostapd:1; 302 unsigned int start_mode_ap:1; 303 unsigned int start_iface_up:1; 304 unsigned int test_use_roc_tx:1; 305 unsigned int ignore_deauth_event:1; 306 unsigned int dfs_vendor_cmd_avail:1; 307 308 u64 remain_on_chan_cookie; 309 u64 send_action_cookie; 310 311 unsigned int last_mgmt_freq; 312 313 struct wpa_driver_scan_filter *filter_ssids; 314 size_t num_filter_ssids; 315 316 struct i802_bss *first_bss; 317 318 int eapol_tx_sock; 319 320 int eapol_sock; /* socket for EAPOL frames */ 321 322 int default_if_indices[16]; 323 int *if_indices; 324 int num_if_indices; 325 326 /* From failed authentication command */ 327 int auth_freq; 328 u8 auth_bssid_[ETH_ALEN]; 329 u8 auth_ssid[32]; 330 size_t auth_ssid_len; 331 int auth_alg; 332 u8 *auth_ie; 333 size_t auth_ie_len; 334 u8 auth_wep_key[4][16]; 335 size_t auth_wep_key_len[4]; 336 int auth_wep_tx_keyidx; 337 int auth_local_state_change; 338 int auth_p2p; 339}; 340 341 342static void wpa_driver_nl80211_deinit(struct i802_bss *bss); 343static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 344 void *timeout_ctx); 345static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 346 enum nl80211_iftype nlmode); 347static int 348wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv, 349 const u8 *set_addr, int first); 350static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 351 const u8 *addr, int cmd, u16 reason_code, 352 int local_state_change); 353static void nl80211_remove_monitor_interface( 354 struct wpa_driver_nl80211_data *drv); 355static int nl80211_send_frame_cmd(struct i802_bss *bss, 356 unsigned int freq, unsigned int wait, 357 const u8 *buf, size_t buf_len, u64 *cookie, 358 int no_cck, int no_ack, int offchanok); 359static int nl80211_register_frame(struct i802_bss *bss, 360 struct nl_handle *hl_handle, 361 u16 type, const u8 *match, size_t match_len); 362static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, 363 int report); 364#ifdef ANDROID 365static int android_pno_start(struct i802_bss *bss, 366 struct wpa_driver_scan_params *params); 367static int android_pno_stop(struct i802_bss *bss); 368extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf, 369 size_t buf_len); 370#endif /* ANDROID */ 371#ifdef ANDROID_P2P 372int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration); 373int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len); 374int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow); 375int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon, 376 const struct wpabuf *proberesp, 377 const struct wpabuf *assocresp); 378#endif /* ANDROID_P2P */ 379 380static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 381static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 382static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 383static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, 384 enum wpa_driver_if_type type, 385 const char *ifname); 386 387static int wpa_driver_nl80211_set_freq(struct i802_bss *bss, 388 struct hostapd_freq_params *freq); 389static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 390 int ifindex, int disabled); 391 392static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv); 393static int wpa_driver_nl80211_authenticate_retry( 394 struct wpa_driver_nl80211_data *drv); 395 396static int i802_set_iface_flags(struct i802_bss *bss, int up); 397 398 399static const char * nl80211_command_to_string(enum nl80211_commands cmd) 400{ 401#define C2S(x) case x: return #x; 402 switch (cmd) { 403 C2S(NL80211_CMD_UNSPEC) 404 C2S(NL80211_CMD_GET_WIPHY) 405 C2S(NL80211_CMD_SET_WIPHY) 406 C2S(NL80211_CMD_NEW_WIPHY) 407 C2S(NL80211_CMD_DEL_WIPHY) 408 C2S(NL80211_CMD_GET_INTERFACE) 409 C2S(NL80211_CMD_SET_INTERFACE) 410 C2S(NL80211_CMD_NEW_INTERFACE) 411 C2S(NL80211_CMD_DEL_INTERFACE) 412 C2S(NL80211_CMD_GET_KEY) 413 C2S(NL80211_CMD_SET_KEY) 414 C2S(NL80211_CMD_NEW_KEY) 415 C2S(NL80211_CMD_DEL_KEY) 416 C2S(NL80211_CMD_GET_BEACON) 417 C2S(NL80211_CMD_SET_BEACON) 418 C2S(NL80211_CMD_START_AP) 419 C2S(NL80211_CMD_STOP_AP) 420 C2S(NL80211_CMD_GET_STATION) 421 C2S(NL80211_CMD_SET_STATION) 422 C2S(NL80211_CMD_NEW_STATION) 423 C2S(NL80211_CMD_DEL_STATION) 424 C2S(NL80211_CMD_GET_MPATH) 425 C2S(NL80211_CMD_SET_MPATH) 426 C2S(NL80211_CMD_NEW_MPATH) 427 C2S(NL80211_CMD_DEL_MPATH) 428 C2S(NL80211_CMD_SET_BSS) 429 C2S(NL80211_CMD_SET_REG) 430 C2S(NL80211_CMD_REQ_SET_REG) 431 C2S(NL80211_CMD_GET_MESH_CONFIG) 432 C2S(NL80211_CMD_SET_MESH_CONFIG) 433 C2S(NL80211_CMD_SET_MGMT_EXTRA_IE) 434 C2S(NL80211_CMD_GET_REG) 435 C2S(NL80211_CMD_GET_SCAN) 436 C2S(NL80211_CMD_TRIGGER_SCAN) 437 C2S(NL80211_CMD_NEW_SCAN_RESULTS) 438 C2S(NL80211_CMD_SCAN_ABORTED) 439 C2S(NL80211_CMD_REG_CHANGE) 440 C2S(NL80211_CMD_AUTHENTICATE) 441 C2S(NL80211_CMD_ASSOCIATE) 442 C2S(NL80211_CMD_DEAUTHENTICATE) 443 C2S(NL80211_CMD_DISASSOCIATE) 444 C2S(NL80211_CMD_MICHAEL_MIC_FAILURE) 445 C2S(NL80211_CMD_REG_BEACON_HINT) 446 C2S(NL80211_CMD_JOIN_IBSS) 447 C2S(NL80211_CMD_LEAVE_IBSS) 448 C2S(NL80211_CMD_TESTMODE) 449 C2S(NL80211_CMD_CONNECT) 450 C2S(NL80211_CMD_ROAM) 451 C2S(NL80211_CMD_DISCONNECT) 452 C2S(NL80211_CMD_SET_WIPHY_NETNS) 453 C2S(NL80211_CMD_GET_SURVEY) 454 C2S(NL80211_CMD_NEW_SURVEY_RESULTS) 455 C2S(NL80211_CMD_SET_PMKSA) 456 C2S(NL80211_CMD_DEL_PMKSA) 457 C2S(NL80211_CMD_FLUSH_PMKSA) 458 C2S(NL80211_CMD_REMAIN_ON_CHANNEL) 459 C2S(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL) 460 C2S(NL80211_CMD_SET_TX_BITRATE_MASK) 461 C2S(NL80211_CMD_REGISTER_FRAME) 462 C2S(NL80211_CMD_FRAME) 463 C2S(NL80211_CMD_FRAME_TX_STATUS) 464 C2S(NL80211_CMD_SET_POWER_SAVE) 465 C2S(NL80211_CMD_GET_POWER_SAVE) 466 C2S(NL80211_CMD_SET_CQM) 467 C2S(NL80211_CMD_NOTIFY_CQM) 468 C2S(NL80211_CMD_SET_CHANNEL) 469 C2S(NL80211_CMD_SET_WDS_PEER) 470 C2S(NL80211_CMD_FRAME_WAIT_CANCEL) 471 C2S(NL80211_CMD_JOIN_MESH) 472 C2S(NL80211_CMD_LEAVE_MESH) 473 C2S(NL80211_CMD_UNPROT_DEAUTHENTICATE) 474 C2S(NL80211_CMD_UNPROT_DISASSOCIATE) 475 C2S(NL80211_CMD_NEW_PEER_CANDIDATE) 476 C2S(NL80211_CMD_GET_WOWLAN) 477 C2S(NL80211_CMD_SET_WOWLAN) 478 C2S(NL80211_CMD_START_SCHED_SCAN) 479 C2S(NL80211_CMD_STOP_SCHED_SCAN) 480 C2S(NL80211_CMD_SCHED_SCAN_RESULTS) 481 C2S(NL80211_CMD_SCHED_SCAN_STOPPED) 482 C2S(NL80211_CMD_SET_REKEY_OFFLOAD) 483 C2S(NL80211_CMD_PMKSA_CANDIDATE) 484 C2S(NL80211_CMD_TDLS_OPER) 485 C2S(NL80211_CMD_TDLS_MGMT) 486 C2S(NL80211_CMD_UNEXPECTED_FRAME) 487 C2S(NL80211_CMD_PROBE_CLIENT) 488 C2S(NL80211_CMD_REGISTER_BEACONS) 489 C2S(NL80211_CMD_UNEXPECTED_4ADDR_FRAME) 490 C2S(NL80211_CMD_SET_NOACK_MAP) 491 C2S(NL80211_CMD_CH_SWITCH_NOTIFY) 492 C2S(NL80211_CMD_START_P2P_DEVICE) 493 C2S(NL80211_CMD_STOP_P2P_DEVICE) 494 C2S(NL80211_CMD_CONN_FAILED) 495 C2S(NL80211_CMD_SET_MCAST_RATE) 496 C2S(NL80211_CMD_SET_MAC_ACL) 497 C2S(NL80211_CMD_RADAR_DETECT) 498 C2S(NL80211_CMD_GET_PROTOCOL_FEATURES) 499 C2S(NL80211_CMD_UPDATE_FT_IES) 500 C2S(NL80211_CMD_FT_EVENT) 501 C2S(NL80211_CMD_CRIT_PROTOCOL_START) 502 C2S(NL80211_CMD_CRIT_PROTOCOL_STOP) 503 C2S(NL80211_CMD_GET_COALESCE) 504 C2S(NL80211_CMD_SET_COALESCE) 505 C2S(NL80211_CMD_CHANNEL_SWITCH) 506 C2S(NL80211_CMD_VENDOR) 507 C2S(NL80211_CMD_SET_QOS_MAP) 508 default: 509 return "NL80211_CMD_UNKNOWN"; 510 } 511#undef C2S 512} 513 514 515/* Converts nl80211_chan_width to a common format */ 516static enum chan_width convert2width(int width) 517{ 518 switch (width) { 519 case NL80211_CHAN_WIDTH_20_NOHT: 520 return CHAN_WIDTH_20_NOHT; 521 case NL80211_CHAN_WIDTH_20: 522 return CHAN_WIDTH_20; 523 case NL80211_CHAN_WIDTH_40: 524 return CHAN_WIDTH_40; 525 case NL80211_CHAN_WIDTH_80: 526 return CHAN_WIDTH_80; 527 case NL80211_CHAN_WIDTH_80P80: 528 return CHAN_WIDTH_80P80; 529 case NL80211_CHAN_WIDTH_160: 530 return CHAN_WIDTH_160; 531 } 532 return CHAN_WIDTH_UNKNOWN; 533} 534 535 536static int is_ap_interface(enum nl80211_iftype nlmode) 537{ 538 return (nlmode == NL80211_IFTYPE_AP || 539 nlmode == NL80211_IFTYPE_P2P_GO); 540} 541 542 543static int is_sta_interface(enum nl80211_iftype nlmode) 544{ 545 return (nlmode == NL80211_IFTYPE_STATION || 546 nlmode == NL80211_IFTYPE_P2P_CLIENT); 547} 548 549 550static int is_p2p_net_interface(enum nl80211_iftype nlmode) 551{ 552 return (nlmode == NL80211_IFTYPE_P2P_CLIENT || 553 nlmode == NL80211_IFTYPE_P2P_GO); 554} 555 556 557static void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv) 558{ 559 if (drv->associated) 560 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 561 drv->associated = 0; 562 os_memset(drv->bssid, 0, ETH_ALEN); 563} 564 565 566struct nl80211_bss_info_arg { 567 struct wpa_driver_nl80211_data *drv; 568 struct wpa_scan_results *res; 569 unsigned int assoc_freq; 570 u8 assoc_bssid[ETH_ALEN]; 571}; 572 573static int bss_info_handler(struct nl_msg *msg, void *arg); 574 575 576/* nl80211 code */ 577static int ack_handler(struct nl_msg *msg, void *arg) 578{ 579 int *err = arg; 580 *err = 0; 581 return NL_STOP; 582} 583 584static int finish_handler(struct nl_msg *msg, void *arg) 585{ 586 int *ret = arg; 587 *ret = 0; 588 return NL_SKIP; 589} 590 591static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 592 void *arg) 593{ 594 int *ret = arg; 595 *ret = err->error; 596 return NL_SKIP; 597} 598 599 600static int no_seq_check(struct nl_msg *msg, void *arg) 601{ 602 return NL_OK; 603} 604 605 606static int send_and_recv(struct nl80211_global *global, 607 struct nl_handle *nl_handle, struct nl_msg *msg, 608 int (*valid_handler)(struct nl_msg *, void *), 609 void *valid_data) 610{ 611 struct nl_cb *cb; 612 int err = -ENOMEM; 613 614 cb = nl_cb_clone(global->nl_cb); 615 if (!cb) 616 goto out; 617 618 err = nl_send_auto_complete(nl_handle, msg); 619 if (err < 0) 620 goto out; 621 622 err = 1; 623 624 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 625 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 626 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 627 628 if (valid_handler) 629 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 630 valid_handler, valid_data); 631 632 while (err > 0) { 633 int res = nl_recvmsgs(nl_handle, cb); 634 if (res) { 635 wpa_printf(MSG_INFO, 636 "nl80211: %s->nl_recvmsgs failed: %d", 637 __func__, res); 638 } 639 } 640 out: 641 nl_cb_put(cb); 642 nlmsg_free(msg); 643 return err; 644} 645 646 647static int send_and_recv_msgs_global(struct nl80211_global *global, 648 struct nl_msg *msg, 649 int (*valid_handler)(struct nl_msg *, void *), 650 void *valid_data) 651{ 652 return send_and_recv(global, global->nl, msg, valid_handler, 653 valid_data); 654} 655 656 657static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 658 struct nl_msg *msg, 659 int (*valid_handler)(struct nl_msg *, void *), 660 void *valid_data) 661{ 662 return send_and_recv(drv->global, drv->global->nl, msg, 663 valid_handler, valid_data); 664} 665 666 667struct family_data { 668 const char *group; 669 int id; 670}; 671 672 673static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss) 674{ 675 if (bss->wdev_id_set) 676 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 677 else 678 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 679 return 0; 680 681nla_put_failure: 682 return -1; 683} 684 685 686static int family_handler(struct nl_msg *msg, void *arg) 687{ 688 struct family_data *res = arg; 689 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 690 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 691 struct nlattr *mcgrp; 692 int i; 693 694 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 695 genlmsg_attrlen(gnlh, 0), NULL); 696 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 697 return NL_SKIP; 698 699 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 700 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 701 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 702 nla_len(mcgrp), NULL); 703 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 704 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 705 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 706 res->group, 707 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 708 continue; 709 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 710 break; 711 }; 712 713 return NL_SKIP; 714} 715 716 717static int nl_get_multicast_id(struct nl80211_global *global, 718 const char *family, const char *group) 719{ 720 struct nl_msg *msg; 721 int ret = -1; 722 struct family_data res = { group, -ENOENT }; 723 724 msg = nlmsg_alloc(); 725 if (!msg) 726 return -ENOMEM; 727 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"), 728 0, 0, CTRL_CMD_GETFAMILY, 0); 729 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 730 731 ret = send_and_recv_msgs_global(global, msg, family_handler, &res); 732 msg = NULL; 733 if (ret == 0) 734 ret = res.id; 735 736nla_put_failure: 737 nlmsg_free(msg); 738 return ret; 739} 740 741 742static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv, 743 struct nl_msg *msg, int flags, uint8_t cmd) 744{ 745 return genlmsg_put(msg, 0, 0, drv->global->nl80211_id, 746 0, flags, cmd, 0); 747} 748 749 750struct wiphy_idx_data { 751 int wiphy_idx; 752 enum nl80211_iftype nlmode; 753 u8 *macaddr; 754}; 755 756 757static int netdev_info_handler(struct nl_msg *msg, void *arg) 758{ 759 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 760 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 761 struct wiphy_idx_data *info = arg; 762 763 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 764 genlmsg_attrlen(gnlh, 0), NULL); 765 766 if (tb[NL80211_ATTR_WIPHY]) 767 info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 768 769 if (tb[NL80211_ATTR_IFTYPE]) 770 info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]); 771 772 if (tb[NL80211_ATTR_MAC] && info->macaddr) 773 os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]), 774 ETH_ALEN); 775 776 return NL_SKIP; 777} 778 779 780static int nl80211_get_wiphy_index(struct i802_bss *bss) 781{ 782 struct nl_msg *msg; 783 struct wiphy_idx_data data = { 784 .wiphy_idx = -1, 785 .macaddr = NULL, 786 }; 787 788 msg = nlmsg_alloc(); 789 if (!msg) 790 return NL80211_IFTYPE_UNSPECIFIED; 791 792 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 793 794 if (nl80211_set_iface_id(msg, bss) < 0) 795 goto nla_put_failure; 796 797 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 798 return data.wiphy_idx; 799 msg = NULL; 800nla_put_failure: 801 nlmsg_free(msg); 802 return -1; 803} 804 805 806static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss) 807{ 808 struct nl_msg *msg; 809 struct wiphy_idx_data data = { 810 .nlmode = NL80211_IFTYPE_UNSPECIFIED, 811 .macaddr = NULL, 812 }; 813 814 msg = nlmsg_alloc(); 815 if (!msg) 816 return -1; 817 818 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 819 820 if (nl80211_set_iface_id(msg, bss) < 0) 821 goto nla_put_failure; 822 823 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 824 return data.nlmode; 825 msg = NULL; 826nla_put_failure: 827 nlmsg_free(msg); 828 return NL80211_IFTYPE_UNSPECIFIED; 829} 830 831 832static int nl80211_get_macaddr(struct i802_bss *bss) 833{ 834 struct nl_msg *msg; 835 struct wiphy_idx_data data = { 836 .macaddr = bss->addr, 837 }; 838 839 msg = nlmsg_alloc(); 840 if (!msg) 841 return NL80211_IFTYPE_UNSPECIFIED; 842 843 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 844 if (nl80211_set_iface_id(msg, bss) < 0) 845 goto nla_put_failure; 846 847 return send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data); 848 849nla_put_failure: 850 nlmsg_free(msg); 851 return NL80211_IFTYPE_UNSPECIFIED; 852} 853 854 855static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv, 856 struct nl80211_wiphy_data *w) 857{ 858 struct nl_msg *msg; 859 int ret = -1; 860 861 msg = nlmsg_alloc(); 862 if (!msg) 863 return -1; 864 865 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS); 866 867 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx); 868 869 ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL); 870 msg = NULL; 871 if (ret) { 872 wpa_printf(MSG_DEBUG, "nl80211: Register beacons command " 873 "failed: ret=%d (%s)", 874 ret, strerror(-ret)); 875 goto nla_put_failure; 876 } 877 ret = 0; 878nla_put_failure: 879 nlmsg_free(msg); 880 return ret; 881} 882 883 884static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle) 885{ 886 struct nl80211_wiphy_data *w = eloop_ctx; 887 int res; 888 889 wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available"); 890 891 res = nl_recvmsgs(handle, w->nl_cb); 892 if (res) { 893 wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d", 894 __func__, res); 895 } 896} 897 898 899static int process_beacon_event(struct nl_msg *msg, void *arg) 900{ 901 struct nl80211_wiphy_data *w = arg; 902 struct wpa_driver_nl80211_data *drv; 903 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 904 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 905 union wpa_event_data event; 906 907 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 908 genlmsg_attrlen(gnlh, 0), NULL); 909 910 if (gnlh->cmd != NL80211_CMD_FRAME) { 911 wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)", 912 gnlh->cmd); 913 return NL_SKIP; 914 } 915 916 if (!tb[NL80211_ATTR_FRAME]) 917 return NL_SKIP; 918 919 dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data, 920 wiphy_list) { 921 os_memset(&event, 0, sizeof(event)); 922 event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]); 923 event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]); 924 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 925 } 926 927 return NL_SKIP; 928} 929 930 931static struct nl80211_wiphy_data * 932nl80211_get_wiphy_data_ap(struct i802_bss *bss) 933{ 934 static DEFINE_DL_LIST(nl80211_wiphys); 935 struct nl80211_wiphy_data *w; 936 int wiphy_idx, found = 0; 937 struct i802_bss *tmp_bss; 938 939 if (bss->wiphy_data != NULL) 940 return bss->wiphy_data; 941 942 wiphy_idx = nl80211_get_wiphy_index(bss); 943 944 dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) { 945 if (w->wiphy_idx == wiphy_idx) 946 goto add; 947 } 948 949 /* alloc new one */ 950 w = os_zalloc(sizeof(*w)); 951 if (w == NULL) 952 return NULL; 953 w->wiphy_idx = wiphy_idx; 954 dl_list_init(&w->bsss); 955 dl_list_init(&w->drvs); 956 957 w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 958 if (!w->nl_cb) { 959 os_free(w); 960 return NULL; 961 } 962 nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 963 nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event, 964 w); 965 966 w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb, 967 "wiphy beacons"); 968 if (w->nl_beacons == NULL) { 969 os_free(w); 970 return NULL; 971 } 972 973 if (nl80211_register_beacons(bss->drv, w)) { 974 nl_destroy_handles(&w->nl_beacons); 975 os_free(w); 976 return NULL; 977 } 978 979 nl80211_register_eloop_read(&w->nl_beacons, nl80211_recv_beacons, w); 980 981 dl_list_add(&nl80211_wiphys, &w->list); 982 983add: 984 /* drv entry for this bss already there? */ 985 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 986 if (tmp_bss->drv == bss->drv) { 987 found = 1; 988 break; 989 } 990 } 991 /* if not add it */ 992 if (!found) 993 dl_list_add(&w->drvs, &bss->drv->wiphy_list); 994 995 dl_list_add(&w->bsss, &bss->wiphy_list); 996 bss->wiphy_data = w; 997 return w; 998} 999 1000 1001static void nl80211_put_wiphy_data_ap(struct i802_bss *bss) 1002{ 1003 struct nl80211_wiphy_data *w = bss->wiphy_data; 1004 struct i802_bss *tmp_bss; 1005 int found = 0; 1006 1007 if (w == NULL) 1008 return; 1009 bss->wiphy_data = NULL; 1010 dl_list_del(&bss->wiphy_list); 1011 1012 /* still any for this drv present? */ 1013 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 1014 if (tmp_bss->drv == bss->drv) { 1015 found = 1; 1016 break; 1017 } 1018 } 1019 /* if not remove it */ 1020 if (!found) 1021 dl_list_del(&bss->drv->wiphy_list); 1022 1023 if (!dl_list_empty(&w->bsss)) 1024 return; 1025 1026 nl80211_destroy_eloop_handle(&w->nl_beacons); 1027 1028 nl_cb_put(w->nl_cb); 1029 dl_list_del(&w->list); 1030 os_free(w); 1031} 1032 1033 1034static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 1035{ 1036 struct i802_bss *bss = priv; 1037 struct wpa_driver_nl80211_data *drv = bss->drv; 1038 if (!drv->associated) 1039 return -1; 1040 os_memcpy(bssid, drv->bssid, ETH_ALEN); 1041 return 0; 1042} 1043 1044 1045static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 1046{ 1047 struct i802_bss *bss = priv; 1048 struct wpa_driver_nl80211_data *drv = bss->drv; 1049 if (!drv->associated) 1050 return -1; 1051 os_memcpy(ssid, drv->ssid, drv->ssid_len); 1052 return drv->ssid_len; 1053} 1054 1055 1056static void wpa_driver_nl80211_event_newlink( 1057 struct wpa_driver_nl80211_data *drv, char *ifname) 1058{ 1059 union wpa_event_data event; 1060 1061 if (os_strcmp(drv->first_bss->ifname, ifname) == 0) { 1062 if (if_nametoindex(drv->first_bss->ifname) == 0) { 1063 wpa_printf(MSG_DEBUG, "nl80211: Interface %s does not exist - ignore RTM_NEWLINK", 1064 drv->first_bss->ifname); 1065 return; 1066 } 1067 if (!drv->if_removed) 1068 return; 1069 wpa_printf(MSG_DEBUG, "nl80211: Mark if_removed=0 for %s based on RTM_NEWLINK event", 1070 drv->first_bss->ifname); 1071 drv->if_removed = 0; 1072 } 1073 1074 os_memset(&event, 0, sizeof(event)); 1075 os_strlcpy(event.interface_status.ifname, ifname, 1076 sizeof(event.interface_status.ifname)); 1077 event.interface_status.ievent = EVENT_INTERFACE_ADDED; 1078 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 1079} 1080 1081 1082static void wpa_driver_nl80211_event_dellink( 1083 struct wpa_driver_nl80211_data *drv, char *ifname) 1084{ 1085 union wpa_event_data event; 1086 1087 if (os_strcmp(drv->first_bss->ifname, ifname) == 0) { 1088 if (drv->if_removed) { 1089 wpa_printf(MSG_DEBUG, "nl80211: if_removed already set - ignore RTM_DELLINK event for %s", 1090 ifname); 1091 return; 1092 } 1093 wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed - mark if_removed=1", 1094 ifname); 1095 drv->if_removed = 1; 1096 } else { 1097 wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed", 1098 ifname); 1099 } 1100 1101 os_memset(&event, 0, sizeof(event)); 1102 os_strlcpy(event.interface_status.ifname, ifname, 1103 sizeof(event.interface_status.ifname)); 1104 event.interface_status.ievent = EVENT_INTERFACE_REMOVED; 1105 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 1106} 1107 1108 1109static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 1110 u8 *buf, size_t len) 1111{ 1112 int attrlen, rta_len; 1113 struct rtattr *attr; 1114 1115 attrlen = len; 1116 attr = (struct rtattr *) buf; 1117 1118 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 1119 while (RTA_OK(attr, attrlen)) { 1120 if (attr->rta_type == IFLA_IFNAME) { 1121 if (os_strcmp(((char *) attr) + rta_len, 1122 drv->first_bss->ifname) == 0) 1123 return 1; 1124 else 1125 break; 1126 } 1127 attr = RTA_NEXT(attr, attrlen); 1128 } 1129 1130 return 0; 1131} 1132 1133 1134static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 1135 int ifindex, u8 *buf, size_t len) 1136{ 1137 if (drv->ifindex == ifindex) 1138 return 1; 1139 1140 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 1141 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 1142 "interface"); 1143 wpa_driver_nl80211_finish_drv_init(drv, NULL, 0); 1144 return 1; 1145 } 1146 1147 return 0; 1148} 1149 1150 1151static struct wpa_driver_nl80211_data * 1152nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len) 1153{ 1154 struct wpa_driver_nl80211_data *drv; 1155 dl_list_for_each(drv, &global->interfaces, 1156 struct wpa_driver_nl80211_data, list) { 1157 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) || 1158 have_ifidx(drv, idx)) 1159 return drv; 1160 } 1161 return NULL; 1162} 1163 1164 1165static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 1166 struct ifinfomsg *ifi, 1167 u8 *buf, size_t len) 1168{ 1169 struct nl80211_global *global = ctx; 1170 struct wpa_driver_nl80211_data *drv; 1171 int attrlen; 1172 struct rtattr *attr; 1173 u32 brid = 0; 1174 char namebuf[IFNAMSIZ]; 1175 char ifname[IFNAMSIZ + 1]; 1176 char extra[100], *pos, *end; 1177 1178 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 1179 if (!drv) { 1180 wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_NEWLINK event for foreign ifindex %d", 1181 ifi->ifi_index); 1182 return; 1183 } 1184 1185 extra[0] = '\0'; 1186 pos = extra; 1187 end = pos + sizeof(extra); 1188 ifname[0] = '\0'; 1189 1190 attrlen = len; 1191 attr = (struct rtattr *) buf; 1192 while (RTA_OK(attr, attrlen)) { 1193 switch (attr->rta_type) { 1194 case IFLA_IFNAME: 1195 if (RTA_PAYLOAD(attr) >= IFNAMSIZ) 1196 break; 1197 os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); 1198 ifname[RTA_PAYLOAD(attr)] = '\0'; 1199 break; 1200 case IFLA_MASTER: 1201 brid = nla_get_u32((struct nlattr *) attr); 1202 pos += os_snprintf(pos, end - pos, " master=%u", brid); 1203 break; 1204 case IFLA_WIRELESS: 1205 pos += os_snprintf(pos, end - pos, " wext"); 1206 break; 1207 case IFLA_OPERSTATE: 1208 pos += os_snprintf(pos, end - pos, " operstate=%u", 1209 nla_get_u32((struct nlattr *) attr)); 1210 break; 1211 case IFLA_LINKMODE: 1212 pos += os_snprintf(pos, end - pos, " linkmode=%u", 1213 nla_get_u32((struct nlattr *) attr)); 1214 break; 1215 } 1216 attr = RTA_NEXT(attr, attrlen); 1217 } 1218 extra[sizeof(extra) - 1] = '\0'; 1219 1220 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: ifi_index=%d ifname=%s%s ifi_flags=0x%x (%s%s%s%s)", 1221 ifi->ifi_index, ifname, extra, ifi->ifi_flags, 1222 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 1223 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 1224 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 1225 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 1226 1227 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 1228 if (if_indextoname(ifi->ifi_index, namebuf) && 1229 linux_iface_up(drv->global->ioctl_sock, 1230 drv->first_bss->ifname) > 0) { 1231 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 1232 "event since interface %s is up", namebuf); 1233 return; 1234 } 1235 wpa_printf(MSG_DEBUG, "nl80211: Interface down"); 1236 if (drv->ignore_if_down_event) { 1237 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 1238 "event generated by mode change"); 1239 drv->ignore_if_down_event = 0; 1240 } else { 1241 drv->if_disabled = 1; 1242 wpa_supplicant_event(drv->ctx, 1243 EVENT_INTERFACE_DISABLED, NULL); 1244 1245 /* 1246 * Try to get drv again, since it may be removed as 1247 * part of the EVENT_INTERFACE_DISABLED handling for 1248 * dynamic interfaces 1249 */ 1250 drv = nl80211_find_drv(global, ifi->ifi_index, 1251 buf, len); 1252 if (!drv) 1253 return; 1254 } 1255 } 1256 1257 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 1258 if (if_indextoname(ifi->ifi_index, namebuf) && 1259 linux_iface_up(drv->global->ioctl_sock, 1260 drv->first_bss->ifname) == 0) { 1261 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1262 "event since interface %s is down", 1263 namebuf); 1264 } else if (if_nametoindex(drv->first_bss->ifname) == 0) { 1265 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1266 "event since interface %s does not exist", 1267 drv->first_bss->ifname); 1268 } else if (drv->if_removed) { 1269 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1270 "event since interface %s is marked " 1271 "removed", drv->first_bss->ifname); 1272 } else { 1273 wpa_printf(MSG_DEBUG, "nl80211: Interface up"); 1274 drv->if_disabled = 0; 1275 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, 1276 NULL); 1277 } 1278 } 1279 1280 /* 1281 * Some drivers send the association event before the operup event--in 1282 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 1283 * fails. This will hit us when wpa_supplicant does not need to do 1284 * IEEE 802.1X authentication 1285 */ 1286 if (drv->operstate == 1 && 1287 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 1288 !(ifi->ifi_flags & IFF_RUNNING)) { 1289 wpa_printf(MSG_DEBUG, "nl80211: Set IF_OPER_UP again based on ifi_flags and expected operstate"); 1290 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 1291 -1, IF_OPER_UP); 1292 } 1293 1294 if (ifname[0]) 1295 wpa_driver_nl80211_event_newlink(drv, ifname); 1296 1297 if (ifi->ifi_family == AF_BRIDGE && brid) { 1298 /* device has been added to bridge */ 1299 if_indextoname(brid, namebuf); 1300 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 1301 brid, namebuf); 1302 add_ifidx(drv, brid); 1303 } 1304} 1305 1306 1307static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 1308 struct ifinfomsg *ifi, 1309 u8 *buf, size_t len) 1310{ 1311 struct nl80211_global *global = ctx; 1312 struct wpa_driver_nl80211_data *drv; 1313 int attrlen; 1314 struct rtattr *attr; 1315 u32 brid = 0; 1316 char ifname[IFNAMSIZ + 1]; 1317 1318 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 1319 if (!drv) { 1320 wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_DELLINK event for foreign ifindex %d", 1321 ifi->ifi_index); 1322 return; 1323 } 1324 1325 ifname[0] = '\0'; 1326 1327 attrlen = len; 1328 attr = (struct rtattr *) buf; 1329 while (RTA_OK(attr, attrlen)) { 1330 switch (attr->rta_type) { 1331 case IFLA_IFNAME: 1332 if (RTA_PAYLOAD(attr) >= IFNAMSIZ) 1333 break; 1334 os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); 1335 ifname[RTA_PAYLOAD(attr)] = '\0'; 1336 break; 1337 case IFLA_MASTER: 1338 brid = nla_get_u32((struct nlattr *) attr); 1339 break; 1340 } 1341 attr = RTA_NEXT(attr, attrlen); 1342 } 1343 1344 if (ifname[0]) 1345 wpa_driver_nl80211_event_dellink(drv, ifname); 1346 1347 if (ifi->ifi_family == AF_BRIDGE && brid) { 1348 /* device has been removed from bridge */ 1349 char namebuf[IFNAMSIZ]; 1350 if_indextoname(brid, namebuf); 1351 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 1352 "%s", brid, namebuf); 1353 del_ifidx(drv, brid); 1354 } 1355} 1356 1357 1358static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 1359 const u8 *frame, size_t len) 1360{ 1361 const struct ieee80211_mgmt *mgmt; 1362 union wpa_event_data event; 1363 1364 wpa_printf(MSG_DEBUG, "nl80211: Authenticate event"); 1365 mgmt = (const struct ieee80211_mgmt *) frame; 1366 if (len < 24 + sizeof(mgmt->u.auth)) { 1367 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1368 "frame"); 1369 return; 1370 } 1371 1372 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 1373 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 1374 os_memset(&event, 0, sizeof(event)); 1375 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 1376 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 1377 event.auth.auth_transaction = 1378 le_to_host16(mgmt->u.auth.auth_transaction); 1379 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 1380 if (len > 24 + sizeof(mgmt->u.auth)) { 1381 event.auth.ies = mgmt->u.auth.variable; 1382 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 1383 } 1384 1385 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 1386} 1387 1388 1389static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv) 1390{ 1391 struct nl_msg *msg; 1392 int ret; 1393 struct nl80211_bss_info_arg arg; 1394 1395 os_memset(&arg, 0, sizeof(arg)); 1396 msg = nlmsg_alloc(); 1397 if (!msg) 1398 goto nla_put_failure; 1399 1400 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 1401 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1402 1403 arg.drv = drv; 1404 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 1405 msg = NULL; 1406 if (ret == 0) { 1407 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the " 1408 "associated BSS from scan results: %u MHz", 1409 arg.assoc_freq); 1410 if (arg.assoc_freq) 1411 drv->assoc_freq = arg.assoc_freq; 1412 return drv->assoc_freq; 1413 } 1414 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 1415 "(%s)", ret, strerror(-ret)); 1416nla_put_failure: 1417 nlmsg_free(msg); 1418 return drv->assoc_freq; 1419} 1420 1421 1422static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 1423 const u8 *frame, size_t len) 1424{ 1425 const struct ieee80211_mgmt *mgmt; 1426 union wpa_event_data event; 1427 u16 status; 1428 1429 wpa_printf(MSG_DEBUG, "nl80211: Associate event"); 1430 mgmt = (const struct ieee80211_mgmt *) frame; 1431 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 1432 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1433 "frame"); 1434 return; 1435 } 1436 1437 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1438 if (status != WLAN_STATUS_SUCCESS) { 1439 os_memset(&event, 0, sizeof(event)); 1440 event.assoc_reject.bssid = mgmt->bssid; 1441 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1442 event.assoc_reject.resp_ies = 1443 (u8 *) mgmt->u.assoc_resp.variable; 1444 event.assoc_reject.resp_ies_len = 1445 len - 24 - sizeof(mgmt->u.assoc_resp); 1446 } 1447 event.assoc_reject.status_code = status; 1448 1449 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1450 return; 1451 } 1452 1453 drv->associated = 1; 1454 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 1455 os_memcpy(drv->prev_bssid, mgmt->sa, ETH_ALEN); 1456 1457 os_memset(&event, 0, sizeof(event)); 1458 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1459 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 1460 event.assoc_info.resp_ies_len = 1461 len - 24 - sizeof(mgmt->u.assoc_resp); 1462 } 1463 1464 event.assoc_info.freq = drv->assoc_freq; 1465 1466 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1467} 1468 1469 1470static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 1471 enum nl80211_commands cmd, struct nlattr *status, 1472 struct nlattr *addr, struct nlattr *req_ie, 1473 struct nlattr *resp_ie) 1474{ 1475 union wpa_event_data event; 1476 1477 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1478 /* 1479 * Avoid reporting two association events that would confuse 1480 * the core code. 1481 */ 1482 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 1483 "when using userspace SME", cmd); 1484 return; 1485 } 1486 1487 if (cmd == NL80211_CMD_CONNECT) 1488 wpa_printf(MSG_DEBUG, "nl80211: Connect event"); 1489 else if (cmd == NL80211_CMD_ROAM) 1490 wpa_printf(MSG_DEBUG, "nl80211: Roam event"); 1491 1492 os_memset(&event, 0, sizeof(event)); 1493 if (cmd == NL80211_CMD_CONNECT && 1494 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 1495 if (addr) 1496 event.assoc_reject.bssid = nla_data(addr); 1497 if (resp_ie) { 1498 event.assoc_reject.resp_ies = nla_data(resp_ie); 1499 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 1500 } 1501 event.assoc_reject.status_code = nla_get_u16(status); 1502 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1503 return; 1504 } 1505 1506 drv->associated = 1; 1507 if (addr) { 1508 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 1509 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 1510 } 1511 1512 if (req_ie) { 1513 event.assoc_info.req_ies = nla_data(req_ie); 1514 event.assoc_info.req_ies_len = nla_len(req_ie); 1515 } 1516 if (resp_ie) { 1517 event.assoc_info.resp_ies = nla_data(resp_ie); 1518 event.assoc_info.resp_ies_len = nla_len(resp_ie); 1519 } 1520 1521 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 1522 1523 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1524} 1525 1526 1527static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv, 1528 struct nlattr *reason, struct nlattr *addr, 1529 struct nlattr *by_ap) 1530{ 1531 union wpa_event_data data; 1532 unsigned int locally_generated = by_ap == NULL; 1533 1534 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1535 /* 1536 * Avoid reporting two disassociation events that could 1537 * confuse the core code. 1538 */ 1539 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1540 "event when using userspace SME"); 1541 return; 1542 } 1543 1544 if (drv->ignore_next_local_disconnect) { 1545 drv->ignore_next_local_disconnect = 0; 1546 if (locally_generated) { 1547 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1548 "event triggered during reassociation"); 1549 return; 1550 } 1551 wpa_printf(MSG_WARNING, "nl80211: Was expecting local " 1552 "disconnect but got another disconnect " 1553 "event first"); 1554 } 1555 1556 wpa_printf(MSG_DEBUG, "nl80211: Disconnect event"); 1557 nl80211_mark_disconnected(drv); 1558 os_memset(&data, 0, sizeof(data)); 1559 if (reason) 1560 data.deauth_info.reason_code = nla_get_u16(reason); 1561 data.deauth_info.locally_generated = by_ap == NULL; 1562 wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, &data); 1563} 1564 1565 1566static int calculate_chan_offset(int width, int freq, int cf1, int cf2) 1567{ 1568 int freq1 = 0; 1569 1570 switch (convert2width(width)) { 1571 case CHAN_WIDTH_20_NOHT: 1572 case CHAN_WIDTH_20: 1573 return 0; 1574 case CHAN_WIDTH_40: 1575 freq1 = cf1 - 10; 1576 break; 1577 case CHAN_WIDTH_80: 1578 freq1 = cf1 - 30; 1579 break; 1580 case CHAN_WIDTH_160: 1581 freq1 = cf1 - 70; 1582 break; 1583 case CHAN_WIDTH_UNKNOWN: 1584 case CHAN_WIDTH_80P80: 1585 /* FIXME: implement this */ 1586 return 0; 1587 } 1588 1589 return (abs(freq - freq1) / 20) % 2 == 0 ? 1 : -1; 1590} 1591 1592 1593static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv, 1594 struct nlattr *ifindex, struct nlattr *freq, 1595 struct nlattr *type, struct nlattr *bw, 1596 struct nlattr *cf1, struct nlattr *cf2) 1597{ 1598 struct i802_bss *bss; 1599 union wpa_event_data data; 1600 int ht_enabled = 1; 1601 int chan_offset = 0; 1602 int ifidx; 1603 1604 wpa_printf(MSG_DEBUG, "nl80211: Channel switch event"); 1605 1606 if (!freq) 1607 return; 1608 1609 ifidx = nla_get_u32(ifindex); 1610 for (bss = drv->first_bss; bss; bss = bss->next) 1611 if (bss->ifindex == ifidx) 1612 break; 1613 1614 if (bss == NULL) { 1615 wpa_printf(MSG_WARNING, "nl80211: Unknown ifindex (%d) for channel switch, ignoring", 1616 ifidx); 1617 return; 1618 } 1619 1620 if (type) { 1621 switch (nla_get_u32(type)) { 1622 case NL80211_CHAN_NO_HT: 1623 ht_enabled = 0; 1624 break; 1625 case NL80211_CHAN_HT20: 1626 break; 1627 case NL80211_CHAN_HT40PLUS: 1628 chan_offset = 1; 1629 break; 1630 case NL80211_CHAN_HT40MINUS: 1631 chan_offset = -1; 1632 break; 1633 } 1634 } else if (bw && cf1) { 1635 /* This can happen for example with VHT80 ch switch */ 1636 chan_offset = calculate_chan_offset(nla_get_u32(bw), 1637 nla_get_u32(freq), 1638 nla_get_u32(cf1), 1639 cf2 ? nla_get_u32(cf2) : 0); 1640 } else { 1641 wpa_printf(MSG_WARNING, "nl80211: Unknown secondary channel information - following channel definition calculations may fail"); 1642 } 1643 1644 os_memset(&data, 0, sizeof(data)); 1645 data.ch_switch.freq = nla_get_u32(freq); 1646 data.ch_switch.ht_enabled = ht_enabled; 1647 data.ch_switch.ch_offset = chan_offset; 1648 if (bw) 1649 data.ch_switch.ch_width = convert2width(nla_get_u32(bw)); 1650 if (cf1) 1651 data.ch_switch.cf1 = nla_get_u32(cf1); 1652 if (cf2) 1653 data.ch_switch.cf2 = nla_get_u32(cf2); 1654 1655 bss->freq = data.ch_switch.freq; 1656 1657 wpa_supplicant_event(drv->ctx, EVENT_CH_SWITCH, &data); 1658} 1659 1660 1661static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 1662 enum nl80211_commands cmd, struct nlattr *addr) 1663{ 1664 union wpa_event_data event; 1665 enum wpa_event_type ev; 1666 1667 if (nla_len(addr) != ETH_ALEN) 1668 return; 1669 1670 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 1671 cmd, MAC2STR((u8 *) nla_data(addr))); 1672 1673 if (cmd == NL80211_CMD_AUTHENTICATE) 1674 ev = EVENT_AUTH_TIMED_OUT; 1675 else if (cmd == NL80211_CMD_ASSOCIATE) 1676 ev = EVENT_ASSOC_TIMED_OUT; 1677 else 1678 return; 1679 1680 os_memset(&event, 0, sizeof(event)); 1681 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 1682 wpa_supplicant_event(drv->ctx, ev, &event); 1683} 1684 1685 1686static void mlme_event_mgmt(struct i802_bss *bss, 1687 struct nlattr *freq, struct nlattr *sig, 1688 const u8 *frame, size_t len) 1689{ 1690 struct wpa_driver_nl80211_data *drv = bss->drv; 1691 const struct ieee80211_mgmt *mgmt; 1692 union wpa_event_data event; 1693 u16 fc, stype; 1694 int ssi_signal = 0; 1695 int rx_freq = 0; 1696 1697 wpa_printf(MSG_MSGDUMP, "nl80211: Frame event"); 1698 mgmt = (const struct ieee80211_mgmt *) frame; 1699 if (len < 24) { 1700 wpa_printf(MSG_DEBUG, "nl80211: Too short management frame"); 1701 return; 1702 } 1703 1704 fc = le_to_host16(mgmt->frame_control); 1705 stype = WLAN_FC_GET_STYPE(fc); 1706 1707 if (sig) 1708 ssi_signal = (s32) nla_get_u32(sig); 1709 1710 os_memset(&event, 0, sizeof(event)); 1711 if (freq) { 1712 event.rx_mgmt.freq = nla_get_u32(freq); 1713 rx_freq = drv->last_mgmt_freq = event.rx_mgmt.freq; 1714 } 1715 wpa_printf(MSG_DEBUG, 1716 "nl80211: RX frame freq=%d ssi_signal=%d stype=%u len=%u", 1717 rx_freq, ssi_signal, stype, (unsigned int) len); 1718 event.rx_mgmt.frame = frame; 1719 event.rx_mgmt.frame_len = len; 1720 event.rx_mgmt.ssi_signal = ssi_signal; 1721 event.rx_mgmt.drv_priv = bss; 1722 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 1723} 1724 1725 1726static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv, 1727 struct nlattr *cookie, const u8 *frame, 1728 size_t len, struct nlattr *ack) 1729{ 1730 union wpa_event_data event; 1731 const struct ieee80211_hdr *hdr; 1732 u16 fc; 1733 1734 wpa_printf(MSG_DEBUG, "nl80211: Frame TX status event"); 1735 if (!is_ap_interface(drv->nlmode)) { 1736 u64 cookie_val; 1737 1738 if (!cookie) 1739 return; 1740 1741 cookie_val = nla_get_u64(cookie); 1742 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:" 1743 " cookie=0%llx%s (ack=%d)", 1744 (long long unsigned int) cookie_val, 1745 cookie_val == drv->send_action_cookie ? 1746 " (match)" : " (unknown)", ack != NULL); 1747 if (cookie_val != drv->send_action_cookie) 1748 return; 1749 } 1750 1751 hdr = (const struct ieee80211_hdr *) frame; 1752 fc = le_to_host16(hdr->frame_control); 1753 1754 os_memset(&event, 0, sizeof(event)); 1755 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 1756 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 1757 event.tx_status.dst = hdr->addr1; 1758 event.tx_status.data = frame; 1759 event.tx_status.data_len = len; 1760 event.tx_status.ack = ack != NULL; 1761 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 1762} 1763 1764 1765static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 1766 enum wpa_event_type type, 1767 const u8 *frame, size_t len) 1768{ 1769 const struct ieee80211_mgmt *mgmt; 1770 union wpa_event_data event; 1771 const u8 *bssid = NULL; 1772 u16 reason_code = 0; 1773 1774 if (type == EVENT_DEAUTH) 1775 wpa_printf(MSG_DEBUG, "nl80211: Deauthenticate event"); 1776 else 1777 wpa_printf(MSG_DEBUG, "nl80211: Disassociate event"); 1778 1779 mgmt = (const struct ieee80211_mgmt *) frame; 1780 if (len >= 24) { 1781 bssid = mgmt->bssid; 1782 1783 if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) && 1784 !drv->associated && 1785 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0 && 1786 os_memcmp(bssid, drv->auth_attempt_bssid, ETH_ALEN) != 0 && 1787 os_memcmp(bssid, drv->prev_bssid, ETH_ALEN) == 0) { 1788 /* 1789 * Avoid issues with some roaming cases where 1790 * disconnection event for the old AP may show up after 1791 * we have started connection with the new AP. 1792 */ 1793 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth/disassoc event from old AP " MACSTR " when already authenticating with " MACSTR, 1794 MAC2STR(bssid), 1795 MAC2STR(drv->auth_attempt_bssid)); 1796 return; 1797 } 1798 1799 if (drv->associated != 0 && 1800 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 1801 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 1802 /* 1803 * We have presumably received this deauth as a 1804 * response to a clear_state_mismatch() outgoing 1805 * deauth. Don't let it take us offline! 1806 */ 1807 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 1808 "from Unknown BSSID " MACSTR " -- ignoring", 1809 MAC2STR(bssid)); 1810 return; 1811 } 1812 } 1813 1814 nl80211_mark_disconnected(drv); 1815 os_memset(&event, 0, sizeof(event)); 1816 1817 /* Note: Same offset for Reason Code in both frame subtypes */ 1818 if (len >= 24 + sizeof(mgmt->u.deauth)) 1819 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1820 1821 if (type == EVENT_DISASSOC) { 1822 event.disassoc_info.locally_generated = 1823 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 1824 event.disassoc_info.addr = bssid; 1825 event.disassoc_info.reason_code = reason_code; 1826 if (frame + len > mgmt->u.disassoc.variable) { 1827 event.disassoc_info.ie = mgmt->u.disassoc.variable; 1828 event.disassoc_info.ie_len = frame + len - 1829 mgmt->u.disassoc.variable; 1830 } 1831 } else { 1832 if (drv->ignore_deauth_event) { 1833 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event due to previous forced deauth-during-auth"); 1834 drv->ignore_deauth_event = 0; 1835 return; 1836 } 1837 event.deauth_info.locally_generated = 1838 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 1839 event.deauth_info.addr = bssid; 1840 event.deauth_info.reason_code = reason_code; 1841 if (frame + len > mgmt->u.deauth.variable) { 1842 event.deauth_info.ie = mgmt->u.deauth.variable; 1843 event.deauth_info.ie_len = frame + len - 1844 mgmt->u.deauth.variable; 1845 } 1846 } 1847 1848 wpa_supplicant_event(drv->ctx, type, &event); 1849} 1850 1851 1852static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 1853 enum wpa_event_type type, 1854 const u8 *frame, size_t len) 1855{ 1856 const struct ieee80211_mgmt *mgmt; 1857 union wpa_event_data event; 1858 u16 reason_code = 0; 1859 1860 if (type == EVENT_UNPROT_DEAUTH) 1861 wpa_printf(MSG_DEBUG, "nl80211: Unprot Deauthenticate event"); 1862 else 1863 wpa_printf(MSG_DEBUG, "nl80211: Unprot Disassociate event"); 1864 1865 if (len < 24) 1866 return; 1867 1868 mgmt = (const struct ieee80211_mgmt *) frame; 1869 1870 os_memset(&event, 0, sizeof(event)); 1871 /* Note: Same offset for Reason Code in both frame subtypes */ 1872 if (len >= 24 + sizeof(mgmt->u.deauth)) 1873 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1874 1875 if (type == EVENT_UNPROT_DISASSOC) { 1876 event.unprot_disassoc.sa = mgmt->sa; 1877 event.unprot_disassoc.da = mgmt->da; 1878 event.unprot_disassoc.reason_code = reason_code; 1879 } else { 1880 event.unprot_deauth.sa = mgmt->sa; 1881 event.unprot_deauth.da = mgmt->da; 1882 event.unprot_deauth.reason_code = reason_code; 1883 } 1884 1885 wpa_supplicant_event(drv->ctx, type, &event); 1886} 1887 1888 1889static void mlme_event(struct i802_bss *bss, 1890 enum nl80211_commands cmd, struct nlattr *frame, 1891 struct nlattr *addr, struct nlattr *timed_out, 1892 struct nlattr *freq, struct nlattr *ack, 1893 struct nlattr *cookie, struct nlattr *sig) 1894{ 1895 struct wpa_driver_nl80211_data *drv = bss->drv; 1896 const u8 *data; 1897 size_t len; 1898 1899 if (timed_out && addr) { 1900 mlme_timeout_event(drv, cmd, addr); 1901 return; 1902 } 1903 1904 if (frame == NULL) { 1905 wpa_printf(MSG_DEBUG, 1906 "nl80211: MLME event %d (%s) without frame data", 1907 cmd, nl80211_command_to_string(cmd)); 1908 return; 1909 } 1910 1911 data = nla_data(frame); 1912 len = nla_len(frame); 1913 if (len < 4 + 2 * ETH_ALEN) { 1914 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" 1915 MACSTR ") - too short", 1916 cmd, nl80211_command_to_string(cmd), bss->ifname, 1917 MAC2STR(bss->addr)); 1918 return; 1919 } 1920 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" MACSTR 1921 ") A1=" MACSTR " A2=" MACSTR, cmd, 1922 nl80211_command_to_string(cmd), bss->ifname, 1923 MAC2STR(bss->addr), MAC2STR(data + 4), 1924 MAC2STR(data + 4 + ETH_ALEN)); 1925 if (cmd != NL80211_CMD_FRAME_TX_STATUS && !(data[4] & 0x01) && 1926 os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 && 1927 os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) { 1928 wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event " 1929 "for foreign address", bss->ifname); 1930 return; 1931 } 1932 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 1933 nla_data(frame), nla_len(frame)); 1934 1935 switch (cmd) { 1936 case NL80211_CMD_AUTHENTICATE: 1937 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 1938 break; 1939 case NL80211_CMD_ASSOCIATE: 1940 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 1941 break; 1942 case NL80211_CMD_DEAUTHENTICATE: 1943 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 1944 nla_data(frame), nla_len(frame)); 1945 break; 1946 case NL80211_CMD_DISASSOCIATE: 1947 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 1948 nla_data(frame), nla_len(frame)); 1949 break; 1950 case NL80211_CMD_FRAME: 1951 mlme_event_mgmt(bss, freq, sig, nla_data(frame), 1952 nla_len(frame)); 1953 break; 1954 case NL80211_CMD_FRAME_TX_STATUS: 1955 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame), 1956 nla_len(frame), ack); 1957 break; 1958 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1959 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 1960 nla_data(frame), nla_len(frame)); 1961 break; 1962 case NL80211_CMD_UNPROT_DISASSOCIATE: 1963 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 1964 nla_data(frame), nla_len(frame)); 1965 break; 1966 default: 1967 break; 1968 } 1969} 1970 1971 1972static void mlme_event_michael_mic_failure(struct i802_bss *bss, 1973 struct nlattr *tb[]) 1974{ 1975 union wpa_event_data data; 1976 1977 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 1978 os_memset(&data, 0, sizeof(data)); 1979 if (tb[NL80211_ATTR_MAC]) { 1980 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 1981 nla_data(tb[NL80211_ATTR_MAC]), 1982 nla_len(tb[NL80211_ATTR_MAC])); 1983 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 1984 } 1985 if (tb[NL80211_ATTR_KEY_SEQ]) { 1986 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 1987 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 1988 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 1989 } 1990 if (tb[NL80211_ATTR_KEY_TYPE]) { 1991 enum nl80211_key_type key_type = 1992 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 1993 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 1994 if (key_type == NL80211_KEYTYPE_PAIRWISE) 1995 data.michael_mic_failure.unicast = 1; 1996 } else 1997 data.michael_mic_failure.unicast = 1; 1998 1999 if (tb[NL80211_ATTR_KEY_IDX]) { 2000 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 2001 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 2002 } 2003 2004 wpa_supplicant_event(bss->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 2005} 2006 2007 2008static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 2009 struct nlattr *tb[]) 2010{ 2011 if (tb[NL80211_ATTR_MAC] == NULL) { 2012 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 2013 "event"); 2014 return; 2015 } 2016 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2017 2018 drv->associated = 1; 2019 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 2020 MAC2STR(drv->bssid)); 2021 2022 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 2023} 2024 2025 2026static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 2027 int cancel_event, struct nlattr *tb[]) 2028{ 2029 unsigned int freq, chan_type, duration; 2030 union wpa_event_data data; 2031 u64 cookie; 2032 2033 if (tb[NL80211_ATTR_WIPHY_FREQ]) 2034 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 2035 else 2036 freq = 0; 2037 2038 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 2039 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 2040 else 2041 chan_type = 0; 2042 2043 if (tb[NL80211_ATTR_DURATION]) 2044 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 2045 else 2046 duration = 0; 2047 2048 if (tb[NL80211_ATTR_COOKIE]) 2049 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 2050 else 2051 cookie = 0; 2052 2053 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 2054 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 2055 cancel_event, freq, chan_type, duration, 2056 (long long unsigned int) cookie, 2057 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 2058 2059 if (cookie != drv->remain_on_chan_cookie) 2060 return; /* not for us */ 2061 2062 if (cancel_event) 2063 drv->pending_remain_on_chan = 0; 2064 2065 os_memset(&data, 0, sizeof(data)); 2066 data.remain_on_channel.freq = freq; 2067 data.remain_on_channel.duration = duration; 2068 wpa_supplicant_event(drv->ctx, cancel_event ? 2069 EVENT_CANCEL_REMAIN_ON_CHANNEL : 2070 EVENT_REMAIN_ON_CHANNEL, &data); 2071} 2072 2073 2074static void mlme_event_ft_event(struct wpa_driver_nl80211_data *drv, 2075 struct nlattr *tb[]) 2076{ 2077 union wpa_event_data data; 2078 2079 os_memset(&data, 0, sizeof(data)); 2080 2081 if (tb[NL80211_ATTR_IE]) { 2082 data.ft_ies.ies = nla_data(tb[NL80211_ATTR_IE]); 2083 data.ft_ies.ies_len = nla_len(tb[NL80211_ATTR_IE]); 2084 } 2085 2086 if (tb[NL80211_ATTR_IE_RIC]) { 2087 data.ft_ies.ric_ies = nla_data(tb[NL80211_ATTR_IE_RIC]); 2088 data.ft_ies.ric_ies_len = nla_len(tb[NL80211_ATTR_IE_RIC]); 2089 } 2090 2091 if (tb[NL80211_ATTR_MAC]) 2092 os_memcpy(data.ft_ies.target_ap, 2093 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2094 2095 wpa_printf(MSG_DEBUG, "nl80211: FT event target_ap " MACSTR, 2096 MAC2STR(data.ft_ies.target_ap)); 2097 2098 wpa_supplicant_event(drv->ctx, EVENT_FT_RESPONSE, &data); 2099} 2100 2101 2102static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 2103 struct nlattr *tb[]) 2104{ 2105 union wpa_event_data event; 2106 struct nlattr *nl; 2107 int rem; 2108 struct scan_info *info; 2109#define MAX_REPORT_FREQS 50 2110 int freqs[MAX_REPORT_FREQS]; 2111 int num_freqs = 0; 2112 2113 if (drv->scan_for_auth) { 2114 drv->scan_for_auth = 0; 2115 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing " 2116 "cfg80211 BSS entry"); 2117 wpa_driver_nl80211_authenticate_retry(drv); 2118 return; 2119 } 2120 2121 os_memset(&event, 0, sizeof(event)); 2122 info = &event.scan_info; 2123 info->aborted = aborted; 2124 2125 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 2126 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 2127 struct wpa_driver_scan_ssid *s = 2128 &info->ssids[info->num_ssids]; 2129 s->ssid = nla_data(nl); 2130 s->ssid_len = nla_len(nl); 2131 wpa_printf(MSG_DEBUG, "nl80211: Scan probed for SSID '%s'", 2132 wpa_ssid_txt(s->ssid, s->ssid_len)); 2133 info->num_ssids++; 2134 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 2135 break; 2136 } 2137 } 2138 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 2139 char msg[200], *pos, *end; 2140 int res; 2141 2142 pos = msg; 2143 end = pos + sizeof(msg); 2144 *pos = '\0'; 2145 2146 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 2147 { 2148 freqs[num_freqs] = nla_get_u32(nl); 2149 res = os_snprintf(pos, end - pos, " %d", 2150 freqs[num_freqs]); 2151 if (res > 0 && end - pos > res) 2152 pos += res; 2153 num_freqs++; 2154 if (num_freqs == MAX_REPORT_FREQS - 1) 2155 break; 2156 } 2157 info->freqs = freqs; 2158 info->num_freqs = num_freqs; 2159 wpa_printf(MSG_DEBUG, "nl80211: Scan included frequencies:%s", 2160 msg); 2161 } 2162 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 2163} 2164 2165 2166static int get_link_signal(struct nl_msg *msg, void *arg) 2167{ 2168 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2169 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2170 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1]; 2171 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = { 2172 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 }, 2173 [NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 }, 2174 }; 2175 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1]; 2176 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = { 2177 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 }, 2178 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 }, 2179 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG }, 2180 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG }, 2181 }; 2182 struct wpa_signal_info *sig_change = arg; 2183 2184 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2185 genlmsg_attrlen(gnlh, 0), NULL); 2186 if (!tb[NL80211_ATTR_STA_INFO] || 2187 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX, 2188 tb[NL80211_ATTR_STA_INFO], policy)) 2189 return NL_SKIP; 2190 if (!sinfo[NL80211_STA_INFO_SIGNAL]) 2191 return NL_SKIP; 2192 2193 sig_change->current_signal = 2194 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]); 2195 2196 if (sinfo[NL80211_STA_INFO_SIGNAL_AVG]) 2197 sig_change->avg_signal = 2198 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]); 2199 else 2200 sig_change->avg_signal = 0; 2201 2202 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) { 2203 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX, 2204 sinfo[NL80211_STA_INFO_TX_BITRATE], 2205 rate_policy)) { 2206 sig_change->current_txrate = 0; 2207 } else { 2208 if (rinfo[NL80211_RATE_INFO_BITRATE]) { 2209 sig_change->current_txrate = 2210 nla_get_u16(rinfo[ 2211 NL80211_RATE_INFO_BITRATE]) * 100; 2212 } 2213 } 2214 } 2215 2216 return NL_SKIP; 2217} 2218 2219 2220static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, 2221 struct wpa_signal_info *sig) 2222{ 2223 struct nl_msg *msg; 2224 2225 sig->current_signal = -9999; 2226 sig->current_txrate = 0; 2227 2228 msg = nlmsg_alloc(); 2229 if (!msg) 2230 return -ENOMEM; 2231 2232 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 2233 2234 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2235 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 2236 2237 return send_and_recv_msgs(drv, msg, get_link_signal, sig); 2238 nla_put_failure: 2239 nlmsg_free(msg); 2240 return -ENOBUFS; 2241} 2242 2243 2244static int get_link_noise(struct nl_msg *msg, void *arg) 2245{ 2246 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2247 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2248 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 2249 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 2250 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 2251 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 2252 }; 2253 struct wpa_signal_info *sig_change = arg; 2254 2255 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2256 genlmsg_attrlen(gnlh, 0), NULL); 2257 2258 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 2259 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!"); 2260 return NL_SKIP; 2261 } 2262 2263 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 2264 tb[NL80211_ATTR_SURVEY_INFO], 2265 survey_policy)) { 2266 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested " 2267 "attributes!"); 2268 return NL_SKIP; 2269 } 2270 2271 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 2272 return NL_SKIP; 2273 2274 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 2275 sig_change->frequency) 2276 return NL_SKIP; 2277 2278 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 2279 return NL_SKIP; 2280 2281 sig_change->current_noise = 2282 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 2283 2284 return NL_SKIP; 2285} 2286 2287 2288static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, 2289 struct wpa_signal_info *sig_change) 2290{ 2291 struct nl_msg *msg; 2292 2293 sig_change->current_noise = 9999; 2294 sig_change->frequency = drv->assoc_freq; 2295 2296 msg = nlmsg_alloc(); 2297 if (!msg) 2298 return -ENOMEM; 2299 2300 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 2301 2302 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2303 2304 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change); 2305 nla_put_failure: 2306 nlmsg_free(msg); 2307 return -ENOBUFS; 2308} 2309 2310 2311static int get_noise_for_scan_results(struct nl_msg *msg, void *arg) 2312{ 2313 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2314 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2315 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 2316 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 2317 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 2318 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 2319 }; 2320 struct wpa_scan_results *scan_results = arg; 2321 struct wpa_scan_res *scan_res; 2322 size_t i; 2323 2324 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2325 genlmsg_attrlen(gnlh, 0), NULL); 2326 2327 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 2328 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing"); 2329 return NL_SKIP; 2330 } 2331 2332 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 2333 tb[NL80211_ATTR_SURVEY_INFO], 2334 survey_policy)) { 2335 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested " 2336 "attributes"); 2337 return NL_SKIP; 2338 } 2339 2340 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 2341 return NL_SKIP; 2342 2343 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 2344 return NL_SKIP; 2345 2346 for (i = 0; i < scan_results->num; ++i) { 2347 scan_res = scan_results->res[i]; 2348 if (!scan_res) 2349 continue; 2350 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 2351 scan_res->freq) 2352 continue; 2353 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID)) 2354 continue; 2355 scan_res->noise = (s8) 2356 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 2357 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID; 2358 } 2359 2360 return NL_SKIP; 2361} 2362 2363 2364static int nl80211_get_noise_for_scan_results( 2365 struct wpa_driver_nl80211_data *drv, 2366 struct wpa_scan_results *scan_res) 2367{ 2368 struct nl_msg *msg; 2369 2370 msg = nlmsg_alloc(); 2371 if (!msg) 2372 return -ENOMEM; 2373 2374 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 2375 2376 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2377 2378 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, 2379 scan_res); 2380 nla_put_failure: 2381 nlmsg_free(msg); 2382 return -ENOBUFS; 2383} 2384 2385 2386static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 2387 struct nlattr *tb[]) 2388{ 2389 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 2390 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 2391 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 2392 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 2393 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 2394 }; 2395 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 2396 enum nl80211_cqm_rssi_threshold_event event; 2397 union wpa_event_data ed; 2398 struct wpa_signal_info sig; 2399 int res; 2400 2401 if (tb[NL80211_ATTR_CQM] == NULL || 2402 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 2403 cqm_policy)) { 2404 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 2405 return; 2406 } 2407 2408 os_memset(&ed, 0, sizeof(ed)); 2409 2410 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 2411 if (!tb[NL80211_ATTR_MAC]) 2412 return; 2413 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 2414 ETH_ALEN); 2415 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 2416 return; 2417 } 2418 2419 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 2420 return; 2421 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 2422 2423 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 2424 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 2425 "event: RSSI high"); 2426 ed.signal_change.above_threshold = 1; 2427 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 2428 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 2429 "event: RSSI low"); 2430 ed.signal_change.above_threshold = 0; 2431 } else 2432 return; 2433 2434 res = nl80211_get_link_signal(drv, &sig); 2435 if (res == 0) { 2436 ed.signal_change.current_signal = sig.current_signal; 2437 ed.signal_change.current_txrate = sig.current_txrate; 2438 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 2439 sig.current_signal, sig.current_txrate); 2440 } 2441 2442 res = nl80211_get_link_noise(drv, &sig); 2443 if (res == 0) { 2444 ed.signal_change.current_noise = sig.current_noise; 2445 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 2446 sig.current_noise); 2447 } 2448 2449 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 2450} 2451 2452 2453static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 2454 struct nlattr **tb) 2455{ 2456 u8 *addr; 2457 union wpa_event_data data; 2458 2459 if (tb[NL80211_ATTR_MAC] == NULL) 2460 return; 2461 addr = nla_data(tb[NL80211_ATTR_MAC]); 2462 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 2463 2464 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 2465 u8 *ies = NULL; 2466 size_t ies_len = 0; 2467 if (tb[NL80211_ATTR_IE]) { 2468 ies = nla_data(tb[NL80211_ATTR_IE]); 2469 ies_len = nla_len(tb[NL80211_ATTR_IE]); 2470 } 2471 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 2472 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0); 2473 return; 2474 } 2475 2476 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 2477 return; 2478 2479 os_memset(&data, 0, sizeof(data)); 2480 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 2481 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data); 2482} 2483 2484 2485static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 2486 struct nlattr **tb) 2487{ 2488 u8 *addr; 2489 union wpa_event_data data; 2490 2491 if (tb[NL80211_ATTR_MAC] == NULL) 2492 return; 2493 addr = nla_data(tb[NL80211_ATTR_MAC]); 2494 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 2495 MAC2STR(addr)); 2496 2497 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 2498 drv_event_disassoc(drv->ctx, addr); 2499 return; 2500 } 2501 2502 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 2503 return; 2504 2505 os_memset(&data, 0, sizeof(data)); 2506 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 2507 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 2508} 2509 2510 2511static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv, 2512 struct nlattr **tb) 2513{ 2514 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA]; 2515 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = { 2516 [NL80211_REKEY_DATA_KEK] = { 2517 .minlen = NL80211_KEK_LEN, 2518 .maxlen = NL80211_KEK_LEN, 2519 }, 2520 [NL80211_REKEY_DATA_KCK] = { 2521 .minlen = NL80211_KCK_LEN, 2522 .maxlen = NL80211_KCK_LEN, 2523 }, 2524 [NL80211_REKEY_DATA_REPLAY_CTR] = { 2525 .minlen = NL80211_REPLAY_CTR_LEN, 2526 .maxlen = NL80211_REPLAY_CTR_LEN, 2527 }, 2528 }; 2529 union wpa_event_data data; 2530 2531 if (!tb[NL80211_ATTR_MAC]) 2532 return; 2533 if (!tb[NL80211_ATTR_REKEY_DATA]) 2534 return; 2535 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA, 2536 tb[NL80211_ATTR_REKEY_DATA], rekey_policy)) 2537 return; 2538 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]) 2539 return; 2540 2541 os_memset(&data, 0, sizeof(data)); 2542 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]); 2543 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR, 2544 MAC2STR(data.driver_gtk_rekey.bssid)); 2545 data.driver_gtk_rekey.replay_ctr = 2546 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]); 2547 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter", 2548 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN); 2549 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data); 2550} 2551 2552 2553static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv, 2554 struct nlattr **tb) 2555{ 2556 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE]; 2557 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = { 2558 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 }, 2559 [NL80211_PMKSA_CANDIDATE_BSSID] = { 2560 .minlen = ETH_ALEN, 2561 .maxlen = ETH_ALEN, 2562 }, 2563 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG }, 2564 }; 2565 union wpa_event_data data; 2566 2567 wpa_printf(MSG_DEBUG, "nl80211: PMKSA candidate event"); 2568 2569 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE]) 2570 return; 2571 if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE, 2572 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy)) 2573 return; 2574 if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] || 2575 !cand[NL80211_PMKSA_CANDIDATE_BSSID]) 2576 return; 2577 2578 os_memset(&data, 0, sizeof(data)); 2579 os_memcpy(data.pmkid_candidate.bssid, 2580 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN); 2581 data.pmkid_candidate.index = 2582 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]); 2583 data.pmkid_candidate.preauth = 2584 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL; 2585 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 2586} 2587 2588 2589static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv, 2590 struct nlattr **tb) 2591{ 2592 union wpa_event_data data; 2593 2594 wpa_printf(MSG_DEBUG, "nl80211: Probe client event"); 2595 2596 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK]) 2597 return; 2598 2599 os_memset(&data, 0, sizeof(data)); 2600 os_memcpy(data.client_poll.addr, 2601 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2602 2603 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data); 2604} 2605 2606 2607static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv, 2608 struct nlattr **tb) 2609{ 2610 union wpa_event_data data; 2611 2612 wpa_printf(MSG_DEBUG, "nl80211: TDLS operation event"); 2613 2614 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_TDLS_OPERATION]) 2615 return; 2616 2617 os_memset(&data, 0, sizeof(data)); 2618 os_memcpy(data.tdls.peer, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2619 switch (nla_get_u8(tb[NL80211_ATTR_TDLS_OPERATION])) { 2620 case NL80211_TDLS_SETUP: 2621 wpa_printf(MSG_DEBUG, "nl80211: TDLS setup request for peer " 2622 MACSTR, MAC2STR(data.tdls.peer)); 2623 data.tdls.oper = TDLS_REQUEST_SETUP; 2624 break; 2625 case NL80211_TDLS_TEARDOWN: 2626 wpa_printf(MSG_DEBUG, "nl80211: TDLS teardown request for peer " 2627 MACSTR, MAC2STR(data.tdls.peer)); 2628 data.tdls.oper = TDLS_REQUEST_TEARDOWN; 2629 break; 2630 default: 2631 wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione " 2632 "event"); 2633 return; 2634 } 2635 if (tb[NL80211_ATTR_REASON_CODE]) { 2636 data.tdls.reason_code = 2637 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 2638 } 2639 2640 wpa_supplicant_event(drv->ctx, EVENT_TDLS, &data); 2641} 2642 2643 2644static void nl80211_stop_ap(struct wpa_driver_nl80211_data *drv, 2645 struct nlattr **tb) 2646{ 2647 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_UNAVAILABLE, NULL); 2648} 2649 2650 2651static void nl80211_connect_failed_event(struct wpa_driver_nl80211_data *drv, 2652 struct nlattr **tb) 2653{ 2654 union wpa_event_data data; 2655 u32 reason; 2656 2657 wpa_printf(MSG_DEBUG, "nl80211: Connect failed event"); 2658 2659 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_CONN_FAILED_REASON]) 2660 return; 2661 2662 os_memset(&data, 0, sizeof(data)); 2663 os_memcpy(data.connect_failed_reason.addr, 2664 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2665 2666 reason = nla_get_u32(tb[NL80211_ATTR_CONN_FAILED_REASON]); 2667 switch (reason) { 2668 case NL80211_CONN_FAIL_MAX_CLIENTS: 2669 wpa_printf(MSG_DEBUG, "nl80211: Max client reached"); 2670 data.connect_failed_reason.code = MAX_CLIENT_REACHED; 2671 break; 2672 case NL80211_CONN_FAIL_BLOCKED_CLIENT: 2673 wpa_printf(MSG_DEBUG, "nl80211: Blocked client " MACSTR 2674 " tried to connect", 2675 MAC2STR(data.connect_failed_reason.addr)); 2676 data.connect_failed_reason.code = BLOCKED_CLIENT; 2677 break; 2678 default: 2679 wpa_printf(MSG_DEBUG, "nl8021l: Unknown connect failed reason " 2680 "%u", reason); 2681 return; 2682 } 2683 2684 wpa_supplicant_event(drv->ctx, EVENT_CONNECT_FAILED_REASON, &data); 2685} 2686 2687 2688static void nl80211_radar_event(struct wpa_driver_nl80211_data *drv, 2689 struct nlattr **tb) 2690{ 2691 union wpa_event_data data; 2692 enum nl80211_radar_event event_type; 2693 2694 if (!tb[NL80211_ATTR_WIPHY_FREQ] || !tb[NL80211_ATTR_RADAR_EVENT]) 2695 return; 2696 2697 os_memset(&data, 0, sizeof(data)); 2698 data.dfs_event.freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 2699 event_type = nla_get_u32(tb[NL80211_ATTR_RADAR_EVENT]); 2700 2701 /* Check HT params */ 2702 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 2703 data.dfs_event.ht_enabled = 1; 2704 data.dfs_event.chan_offset = 0; 2705 2706 switch (nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])) { 2707 case NL80211_CHAN_NO_HT: 2708 data.dfs_event.ht_enabled = 0; 2709 break; 2710 case NL80211_CHAN_HT20: 2711 break; 2712 case NL80211_CHAN_HT40PLUS: 2713 data.dfs_event.chan_offset = 1; 2714 break; 2715 case NL80211_CHAN_HT40MINUS: 2716 data.dfs_event.chan_offset = -1; 2717 break; 2718 } 2719 } 2720 2721 /* Get VHT params */ 2722 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) 2723 data.dfs_event.chan_width = 2724 convert2width(nla_get_u32( 2725 tb[NL80211_ATTR_CHANNEL_WIDTH])); 2726 if (tb[NL80211_ATTR_CENTER_FREQ1]) 2727 data.dfs_event.cf1 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 2728 if (tb[NL80211_ATTR_CENTER_FREQ2]) 2729 data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 2730 2731 wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz, ht: %d, offset: %d, width: %d, cf1: %dMHz, cf2: %dMHz", 2732 data.dfs_event.freq, data.dfs_event.ht_enabled, 2733 data.dfs_event.chan_offset, data.dfs_event.chan_width, 2734 data.dfs_event.cf1, data.dfs_event.cf2); 2735 2736 switch (event_type) { 2737 case NL80211_RADAR_DETECTED: 2738 wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data); 2739 break; 2740 case NL80211_RADAR_CAC_FINISHED: 2741 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data); 2742 break; 2743 case NL80211_RADAR_CAC_ABORTED: 2744 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data); 2745 break; 2746 case NL80211_RADAR_NOP_FINISHED: 2747 wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data); 2748 break; 2749 default: 2750 wpa_printf(MSG_DEBUG, "nl80211: Unknown radar event %d " 2751 "received", event_type); 2752 break; 2753 } 2754} 2755 2756 2757static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb, 2758 int wds) 2759{ 2760 struct wpa_driver_nl80211_data *drv = bss->drv; 2761 union wpa_event_data event; 2762 2763 if (!tb[NL80211_ATTR_MAC]) 2764 return; 2765 2766 os_memset(&event, 0, sizeof(event)); 2767 event.rx_from_unknown.bssid = bss->addr; 2768 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]); 2769 event.rx_from_unknown.wds = wds; 2770 2771 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 2772} 2773 2774 2775static void qca_nl80211_avoid_freq(struct wpa_driver_nl80211_data *drv, 2776 const u8 *data, size_t len) 2777{ 2778 u32 i, count; 2779 union wpa_event_data event; 2780 struct wpa_freq_range *range = NULL; 2781 const struct qca_avoid_freq_list *freq_range; 2782 2783 freq_range = (const struct qca_avoid_freq_list *) data; 2784 if (len < sizeof(freq_range->count)) 2785 return; 2786 2787 count = freq_range->count; 2788 if (len < sizeof(freq_range->count) + 2789 count * sizeof(struct qca_avoid_freq_range)) { 2790 wpa_printf(MSG_DEBUG, "nl80211: Ignored too short avoid frequency list (len=%u)", 2791 (unsigned int) len); 2792 return; 2793 } 2794 2795 if (count > 0) { 2796 range = os_calloc(count, sizeof(struct wpa_freq_range)); 2797 if (range == NULL) 2798 return; 2799 } 2800 2801 os_memset(&event, 0, sizeof(event)); 2802 for (i = 0; i < count; i++) { 2803 unsigned int idx = event.freq_range.num; 2804 range[idx].min = freq_range->range[i].start_freq; 2805 range[idx].max = freq_range->range[i].end_freq; 2806 wpa_printf(MSG_DEBUG, "nl80211: Avoid frequency range: %u-%u", 2807 range[idx].min, range[idx].max); 2808 if (range[idx].min > range[idx].max) { 2809 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid frequency range"); 2810 continue; 2811 } 2812 event.freq_range.num++; 2813 } 2814 event.freq_range.range = range; 2815 2816 wpa_supplicant_event(drv->ctx, EVENT_AVOID_FREQUENCIES, &event); 2817 2818 os_free(range); 2819} 2820 2821 2822static void nl80211_vendor_event_qca(struct wpa_driver_nl80211_data *drv, 2823 u32 subcmd, u8 *data, size_t len) 2824{ 2825 switch (subcmd) { 2826 case QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY: 2827 qca_nl80211_avoid_freq(drv, data, len); 2828 break; 2829 default: 2830 wpa_printf(MSG_DEBUG, 2831 "nl80211: Ignore unsupported QCA vendor event %u", 2832 subcmd); 2833 break; 2834 } 2835} 2836 2837 2838static void nl80211_vendor_event(struct wpa_driver_nl80211_data *drv, 2839 struct nlattr **tb) 2840{ 2841 u32 vendor_id, subcmd, wiphy = 0; 2842 int wiphy_idx; 2843 u8 *data = NULL; 2844 size_t len = 0; 2845 2846 if (!tb[NL80211_ATTR_VENDOR_ID] || 2847 !tb[NL80211_ATTR_VENDOR_SUBCMD]) 2848 return; 2849 2850 vendor_id = nla_get_u32(tb[NL80211_ATTR_VENDOR_ID]); 2851 subcmd = nla_get_u32(tb[NL80211_ATTR_VENDOR_SUBCMD]); 2852 2853 if (tb[NL80211_ATTR_WIPHY]) 2854 wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 2855 2856 wpa_printf(MSG_DEBUG, "nl80211: Vendor event: wiphy=%u vendor_id=0x%x subcmd=%u", 2857 wiphy, vendor_id, subcmd); 2858 2859 if (tb[NL80211_ATTR_VENDOR_DATA]) { 2860 data = nla_data(tb[NL80211_ATTR_VENDOR_DATA]); 2861 len = nla_len(tb[NL80211_ATTR_VENDOR_DATA]); 2862 wpa_hexdump(MSG_MSGDUMP, "nl80211: Vendor data", data, len); 2863 } 2864 2865 wiphy_idx = nl80211_get_wiphy_index(drv->first_bss); 2866 if (wiphy_idx >= 0 && wiphy_idx != (int) wiphy) { 2867 wpa_printf(MSG_DEBUG, "nl80211: Ignore vendor event for foreign wiphy %u (own: %d)", 2868 wiphy, wiphy_idx); 2869 return; 2870 } 2871 2872 switch (vendor_id) { 2873 case OUI_QCA: 2874 nl80211_vendor_event_qca(drv, subcmd, data, len); 2875 break; 2876 default: 2877 wpa_printf(MSG_DEBUG, "nl80211: Ignore unsupported vendor event"); 2878 break; 2879 } 2880} 2881 2882 2883static void do_process_drv_event(struct i802_bss *bss, int cmd, 2884 struct nlattr **tb) 2885{ 2886 struct wpa_driver_nl80211_data *drv = bss->drv; 2887 union wpa_event_data data; 2888 2889 wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s", 2890 cmd, nl80211_command_to_string(cmd), bss->ifname); 2891 2892 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED && 2893 (cmd == NL80211_CMD_NEW_SCAN_RESULTS || 2894 cmd == NL80211_CMD_SCAN_ABORTED)) { 2895 wpa_driver_nl80211_set_mode(drv->first_bss, 2896 drv->ap_scan_as_station); 2897 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 2898 } 2899 2900 switch (cmd) { 2901 case NL80211_CMD_TRIGGER_SCAN: 2902 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan trigger"); 2903 drv->scan_state = SCAN_STARTED; 2904 if (drv->scan_for_auth) { 2905 /* 2906 * Cannot indicate EVENT_SCAN_STARTED here since we skip 2907 * EVENT_SCAN_RESULTS in scan_for_auth case and the 2908 * upper layer implementation could get confused about 2909 * scanning state. 2910 */ 2911 wpa_printf(MSG_DEBUG, "nl80211: Do not indicate scan-start event due to internal scan_for_auth"); 2912 break; 2913 } 2914 wpa_supplicant_event(drv->ctx, EVENT_SCAN_STARTED, NULL); 2915 break; 2916 case NL80211_CMD_START_SCHED_SCAN: 2917 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan started"); 2918 drv->scan_state = SCHED_SCAN_STARTED; 2919 break; 2920 case NL80211_CMD_SCHED_SCAN_STOPPED: 2921 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan stopped"); 2922 drv->scan_state = SCHED_SCAN_STOPPED; 2923 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL); 2924 break; 2925 case NL80211_CMD_NEW_SCAN_RESULTS: 2926 wpa_dbg(drv->ctx, MSG_DEBUG, 2927 "nl80211: New scan results available"); 2928 drv->scan_state = SCAN_COMPLETED; 2929 drv->scan_complete_events = 1; 2930 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2931 drv->ctx); 2932 send_scan_event(drv, 0, tb); 2933 break; 2934 case NL80211_CMD_SCHED_SCAN_RESULTS: 2935 wpa_dbg(drv->ctx, MSG_DEBUG, 2936 "nl80211: New sched scan results available"); 2937 drv->scan_state = SCHED_SCAN_RESULTS; 2938 send_scan_event(drv, 0, tb); 2939 break; 2940 case NL80211_CMD_SCAN_ABORTED: 2941 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan aborted"); 2942 drv->scan_state = SCAN_ABORTED; 2943 /* 2944 * Need to indicate that scan results are available in order 2945 * not to make wpa_supplicant stop its scanning. 2946 */ 2947 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2948 drv->ctx); 2949 send_scan_event(drv, 1, tb); 2950 break; 2951 case NL80211_CMD_AUTHENTICATE: 2952 case NL80211_CMD_ASSOCIATE: 2953 case NL80211_CMD_DEAUTHENTICATE: 2954 case NL80211_CMD_DISASSOCIATE: 2955 case NL80211_CMD_FRAME_TX_STATUS: 2956 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 2957 case NL80211_CMD_UNPROT_DISASSOCIATE: 2958 mlme_event(bss, cmd, tb[NL80211_ATTR_FRAME], 2959 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 2960 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 2961 tb[NL80211_ATTR_COOKIE], 2962 tb[NL80211_ATTR_RX_SIGNAL_DBM]); 2963 break; 2964 case NL80211_CMD_CONNECT: 2965 case NL80211_CMD_ROAM: 2966 mlme_event_connect(drv, cmd, 2967 tb[NL80211_ATTR_STATUS_CODE], 2968 tb[NL80211_ATTR_MAC], 2969 tb[NL80211_ATTR_REQ_IE], 2970 tb[NL80211_ATTR_RESP_IE]); 2971 break; 2972 case NL80211_CMD_CH_SWITCH_NOTIFY: 2973 mlme_event_ch_switch(drv, 2974 tb[NL80211_ATTR_IFINDEX], 2975 tb[NL80211_ATTR_WIPHY_FREQ], 2976 tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE], 2977 tb[NL80211_ATTR_CHANNEL_WIDTH], 2978 tb[NL80211_ATTR_CENTER_FREQ1], 2979 tb[NL80211_ATTR_CENTER_FREQ2]); 2980 break; 2981 case NL80211_CMD_DISCONNECT: 2982 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE], 2983 tb[NL80211_ATTR_MAC], 2984 tb[NL80211_ATTR_DISCONNECTED_BY_AP]); 2985 break; 2986 case NL80211_CMD_MICHAEL_MIC_FAILURE: 2987 mlme_event_michael_mic_failure(bss, tb); 2988 break; 2989 case NL80211_CMD_JOIN_IBSS: 2990 mlme_event_join_ibss(drv, tb); 2991 break; 2992 case NL80211_CMD_REMAIN_ON_CHANNEL: 2993 mlme_event_remain_on_channel(drv, 0, tb); 2994 break; 2995 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 2996 mlme_event_remain_on_channel(drv, 1, tb); 2997 break; 2998 case NL80211_CMD_NOTIFY_CQM: 2999 nl80211_cqm_event(drv, tb); 3000 break; 3001 case NL80211_CMD_REG_CHANGE: 3002 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 3003 if (tb[NL80211_ATTR_REG_INITIATOR] == NULL) 3004 break; 3005 os_memset(&data, 0, sizeof(data)); 3006 switch (nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR])) { 3007 case NL80211_REGDOM_SET_BY_CORE: 3008 data.channel_list_changed.initiator = 3009 REGDOM_SET_BY_CORE; 3010 break; 3011 case NL80211_REGDOM_SET_BY_USER: 3012 data.channel_list_changed.initiator = 3013 REGDOM_SET_BY_USER; 3014 break; 3015 case NL80211_REGDOM_SET_BY_DRIVER: 3016 data.channel_list_changed.initiator = 3017 REGDOM_SET_BY_DRIVER; 3018 break; 3019 case NL80211_REGDOM_SET_BY_COUNTRY_IE: 3020 data.channel_list_changed.initiator = 3021 REGDOM_SET_BY_COUNTRY_IE; 3022 break; 3023 default: 3024 wpa_printf(MSG_DEBUG, "nl80211: Unknown reg change initiator %d received", 3025 nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR])); 3026 break; 3027 } 3028 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 3029 &data); 3030 break; 3031 case NL80211_CMD_REG_BEACON_HINT: 3032 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 3033 os_memset(&data, 0, sizeof(data)); 3034 data.channel_list_changed.initiator = REGDOM_BEACON_HINT; 3035 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 3036 &data); 3037 break; 3038 case NL80211_CMD_NEW_STATION: 3039 nl80211_new_station_event(drv, tb); 3040 break; 3041 case NL80211_CMD_DEL_STATION: 3042 nl80211_del_station_event(drv, tb); 3043 break; 3044 case NL80211_CMD_SET_REKEY_OFFLOAD: 3045 nl80211_rekey_offload_event(drv, tb); 3046 break; 3047 case NL80211_CMD_PMKSA_CANDIDATE: 3048 nl80211_pmksa_candidate_event(drv, tb); 3049 break; 3050 case NL80211_CMD_PROBE_CLIENT: 3051 nl80211_client_probe_event(drv, tb); 3052 break; 3053 case NL80211_CMD_TDLS_OPER: 3054 nl80211_tdls_oper_event(drv, tb); 3055 break; 3056 case NL80211_CMD_CONN_FAILED: 3057 nl80211_connect_failed_event(drv, tb); 3058 break; 3059 case NL80211_CMD_FT_EVENT: 3060 mlme_event_ft_event(drv, tb); 3061 break; 3062 case NL80211_CMD_RADAR_DETECT: 3063 nl80211_radar_event(drv, tb); 3064 break; 3065 case NL80211_CMD_STOP_AP: 3066 nl80211_stop_ap(drv, tb); 3067 break; 3068 case NL80211_CMD_VENDOR: 3069 nl80211_vendor_event(drv, tb); 3070 break; 3071 default: 3072 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event " 3073 "(cmd=%d)", cmd); 3074 break; 3075 } 3076} 3077 3078 3079static int process_drv_event(struct nl_msg *msg, void *arg) 3080{ 3081 struct wpa_driver_nl80211_data *drv = arg; 3082 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3083 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3084 struct i802_bss *bss; 3085 int ifidx = -1; 3086 3087 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3088 genlmsg_attrlen(gnlh, 0), NULL); 3089 3090 if (tb[NL80211_ATTR_IFINDEX]) { 3091 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 3092 3093 for (bss = drv->first_bss; bss; bss = bss->next) 3094 if (ifidx == -1 || ifidx == bss->ifindex) { 3095 do_process_drv_event(bss, gnlh->cmd, tb); 3096 return NL_SKIP; 3097 } 3098 wpa_printf(MSG_DEBUG, 3099 "nl80211: Ignored event (cmd=%d) for foreign interface (ifindex %d)", 3100 gnlh->cmd, ifidx); 3101 } else if (tb[NL80211_ATTR_WDEV]) { 3102 u64 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 3103 wpa_printf(MSG_DEBUG, "nl80211: Process event on P2P device"); 3104 for (bss = drv->first_bss; bss; bss = bss->next) { 3105 if (bss->wdev_id_set && wdev_id == bss->wdev_id) { 3106 do_process_drv_event(bss, gnlh->cmd, tb); 3107 return NL_SKIP; 3108 } 3109 } 3110 wpa_printf(MSG_DEBUG, 3111 "nl80211: Ignored event (cmd=%d) for foreign interface (wdev 0x%llx)", 3112 gnlh->cmd, (long long unsigned int) wdev_id); 3113 } 3114 3115 return NL_SKIP; 3116} 3117 3118 3119static int process_global_event(struct nl_msg *msg, void *arg) 3120{ 3121 struct nl80211_global *global = arg; 3122 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3123 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3124 struct wpa_driver_nl80211_data *drv, *tmp; 3125 int ifidx = -1; 3126 struct i802_bss *bss; 3127 u64 wdev_id = 0; 3128 int wdev_id_set = 0; 3129 3130 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3131 genlmsg_attrlen(gnlh, 0), NULL); 3132 3133 if (tb[NL80211_ATTR_IFINDEX]) 3134 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 3135 else if (tb[NL80211_ATTR_WDEV]) { 3136 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 3137 wdev_id_set = 1; 3138 } 3139 3140 dl_list_for_each_safe(drv, tmp, &global->interfaces, 3141 struct wpa_driver_nl80211_data, list) { 3142 for (bss = drv->first_bss; bss; bss = bss->next) { 3143 if ((ifidx == -1 && !wdev_id_set) || 3144 ifidx == bss->ifindex || 3145 (wdev_id_set && bss->wdev_id_set && 3146 wdev_id == bss->wdev_id)) { 3147 do_process_drv_event(bss, gnlh->cmd, tb); 3148 return NL_SKIP; 3149 } 3150 } 3151 } 3152 3153 return NL_SKIP; 3154} 3155 3156 3157static int process_bss_event(struct nl_msg *msg, void *arg) 3158{ 3159 struct i802_bss *bss = arg; 3160 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3161 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3162 3163 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3164 genlmsg_attrlen(gnlh, 0), NULL); 3165 3166 wpa_printf(MSG_DEBUG, "nl80211: BSS Event %d (%s) received for %s", 3167 gnlh->cmd, nl80211_command_to_string(gnlh->cmd), 3168 bss->ifname); 3169 3170 switch (gnlh->cmd) { 3171 case NL80211_CMD_FRAME: 3172 case NL80211_CMD_FRAME_TX_STATUS: 3173 mlme_event(bss, gnlh->cmd, tb[NL80211_ATTR_FRAME], 3174 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 3175 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 3176 tb[NL80211_ATTR_COOKIE], 3177 tb[NL80211_ATTR_RX_SIGNAL_DBM]); 3178 break; 3179 case NL80211_CMD_UNEXPECTED_FRAME: 3180 nl80211_spurious_frame(bss, tb, 0); 3181 break; 3182 case NL80211_CMD_UNEXPECTED_4ADDR_FRAME: 3183 nl80211_spurious_frame(bss, tb, 1); 3184 break; 3185 default: 3186 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 3187 "(cmd=%d)", gnlh->cmd); 3188 break; 3189 } 3190 3191 return NL_SKIP; 3192} 3193 3194 3195static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 3196 void *handle) 3197{ 3198 struct nl_cb *cb = eloop_ctx; 3199 int res; 3200 3201 wpa_printf(MSG_MSGDUMP, "nl80211: Event message available"); 3202 3203 res = nl_recvmsgs(handle, cb); 3204 if (res) { 3205 wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d", 3206 __func__, res); 3207 } 3208} 3209 3210 3211/** 3212 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 3213 * @priv: driver_nl80211 private data 3214 * @alpha2_arg: country to which to switch to 3215 * Returns: 0 on success, -1 on failure 3216 * 3217 * This asks nl80211 to set the regulatory domain for given 3218 * country ISO / IEC alpha2. 3219 */ 3220static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 3221{ 3222 struct i802_bss *bss = priv; 3223 struct wpa_driver_nl80211_data *drv = bss->drv; 3224 char alpha2[3]; 3225 struct nl_msg *msg; 3226 3227 msg = nlmsg_alloc(); 3228 if (!msg) 3229 return -ENOMEM; 3230 3231 alpha2[0] = alpha2_arg[0]; 3232 alpha2[1] = alpha2_arg[1]; 3233 alpha2[2] = '\0'; 3234 3235 nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG); 3236 3237 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 3238 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 3239 return -EINVAL; 3240 return 0; 3241nla_put_failure: 3242 nlmsg_free(msg); 3243 return -EINVAL; 3244} 3245 3246 3247static int nl80211_get_country(struct nl_msg *msg, void *arg) 3248{ 3249 char *alpha2 = arg; 3250 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3251 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3252 3253 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3254 genlmsg_attrlen(gnlh, 0), NULL); 3255 if (!tb_msg[NL80211_ATTR_REG_ALPHA2]) { 3256 wpa_printf(MSG_DEBUG, "nl80211: No country information available"); 3257 return NL_SKIP; 3258 } 3259 os_strlcpy(alpha2, nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 3); 3260 return NL_SKIP; 3261} 3262 3263 3264static int wpa_driver_nl80211_get_country(void *priv, char *alpha2) 3265{ 3266 struct i802_bss *bss = priv; 3267 struct wpa_driver_nl80211_data *drv = bss->drv; 3268 struct nl_msg *msg; 3269 int ret; 3270 3271 msg = nlmsg_alloc(); 3272 if (!msg) 3273 return -ENOMEM; 3274 3275 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 3276 alpha2[0] = '\0'; 3277 ret = send_and_recv_msgs(drv, msg, nl80211_get_country, alpha2); 3278 if (!alpha2[0]) 3279 ret = -1; 3280 3281 return ret; 3282} 3283 3284 3285static int protocol_feature_handler(struct nl_msg *msg, void *arg) 3286{ 3287 u32 *feat = arg; 3288 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3289 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3290 3291 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3292 genlmsg_attrlen(gnlh, 0), NULL); 3293 3294 if (tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]) 3295 *feat = nla_get_u32(tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]); 3296 3297 return NL_SKIP; 3298} 3299 3300 3301static u32 get_nl80211_protocol_features(struct wpa_driver_nl80211_data *drv) 3302{ 3303 u32 feat = 0; 3304 struct nl_msg *msg; 3305 3306 msg = nlmsg_alloc(); 3307 if (!msg) 3308 goto nla_put_failure; 3309 3310 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_PROTOCOL_FEATURES); 3311 if (send_and_recv_msgs(drv, msg, protocol_feature_handler, &feat) == 0) 3312 return feat; 3313 3314 msg = NULL; 3315nla_put_failure: 3316 nlmsg_free(msg); 3317 return 0; 3318} 3319 3320 3321struct wiphy_info_data { 3322 struct wpa_driver_nl80211_data *drv; 3323 struct wpa_driver_capa *capa; 3324 3325 unsigned int num_multichan_concurrent; 3326 3327 unsigned int error:1; 3328 unsigned int device_ap_sme:1; 3329 unsigned int poll_command_supported:1; 3330 unsigned int data_tx_status:1; 3331 unsigned int monitor_supported:1; 3332 unsigned int auth_supported:1; 3333 unsigned int connect_supported:1; 3334 unsigned int p2p_go_supported:1; 3335 unsigned int p2p_client_supported:1; 3336 unsigned int p2p_concurrent:1; 3337 unsigned int channel_switch_supported:1; 3338 unsigned int set_qos_map_supported:1; 3339}; 3340 3341 3342static unsigned int probe_resp_offload_support(int supp_protocols) 3343{ 3344 unsigned int prot = 0; 3345 3346 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS) 3347 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS; 3348 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2) 3349 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2; 3350 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P) 3351 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P; 3352 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U) 3353 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING; 3354 3355 return prot; 3356} 3357 3358 3359static void wiphy_info_supported_iftypes(struct wiphy_info_data *info, 3360 struct nlattr *tb) 3361{ 3362 struct nlattr *nl_mode; 3363 int i; 3364 3365 if (tb == NULL) 3366 return; 3367 3368 nla_for_each_nested(nl_mode, tb, i) { 3369 switch (nla_type(nl_mode)) { 3370 case NL80211_IFTYPE_AP: 3371 info->capa->flags |= WPA_DRIVER_FLAGS_AP; 3372 break; 3373 case NL80211_IFTYPE_ADHOC: 3374 info->capa->flags |= WPA_DRIVER_FLAGS_IBSS; 3375 break; 3376 case NL80211_IFTYPE_P2P_DEVICE: 3377 info->capa->flags |= 3378 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE; 3379 break; 3380 case NL80211_IFTYPE_P2P_GO: 3381 info->p2p_go_supported = 1; 3382 break; 3383 case NL80211_IFTYPE_P2P_CLIENT: 3384 info->p2p_client_supported = 1; 3385 break; 3386 case NL80211_IFTYPE_MONITOR: 3387 info->monitor_supported = 1; 3388 break; 3389 } 3390 } 3391} 3392 3393 3394static int wiphy_info_iface_comb_process(struct wiphy_info_data *info, 3395 struct nlattr *nl_combi) 3396{ 3397 struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB]; 3398 struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT]; 3399 struct nlattr *nl_limit, *nl_mode; 3400 int err, rem_limit, rem_mode; 3401 int combination_has_p2p = 0, combination_has_mgd = 0; 3402 static struct nla_policy 3403 iface_combination_policy[NUM_NL80211_IFACE_COMB] = { 3404 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED }, 3405 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 }, 3406 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG }, 3407 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 }, 3408 [NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS] = { .type = NLA_U32 }, 3409 }, 3410 iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = { 3411 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED }, 3412 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 }, 3413 }; 3414 3415 err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB, 3416 nl_combi, iface_combination_policy); 3417 if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] || 3418 !tb_comb[NL80211_IFACE_COMB_MAXNUM] || 3419 !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]) 3420 return 0; /* broken combination */ 3421 3422 if (tb_comb[NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS]) 3423 info->capa->flags |= WPA_DRIVER_FLAGS_RADAR; 3424 3425 nla_for_each_nested(nl_limit, tb_comb[NL80211_IFACE_COMB_LIMITS], 3426 rem_limit) { 3427 err = nla_parse_nested(tb_limit, MAX_NL80211_IFACE_LIMIT, 3428 nl_limit, iface_limit_policy); 3429 if (err || !tb_limit[NL80211_IFACE_LIMIT_TYPES]) 3430 return 0; /* broken combination */ 3431 3432 nla_for_each_nested(nl_mode, 3433 tb_limit[NL80211_IFACE_LIMIT_TYPES], 3434 rem_mode) { 3435 int ift = nla_type(nl_mode); 3436 if (ift == NL80211_IFTYPE_P2P_GO || 3437 ift == NL80211_IFTYPE_P2P_CLIENT) 3438 combination_has_p2p = 1; 3439 if (ift == NL80211_IFTYPE_STATION) 3440 combination_has_mgd = 1; 3441 } 3442 if (combination_has_p2p && combination_has_mgd) 3443 break; 3444 } 3445 3446 if (combination_has_p2p && combination_has_mgd) { 3447 info->p2p_concurrent = 1; 3448 info->num_multichan_concurrent = 3449 nla_get_u32(tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]); 3450 return 1; 3451 } 3452 3453 return 0; 3454} 3455 3456 3457static void wiphy_info_iface_comb(struct wiphy_info_data *info, 3458 struct nlattr *tb) 3459{ 3460 struct nlattr *nl_combi; 3461 int rem_combi; 3462 3463 if (tb == NULL) 3464 return; 3465 3466 nla_for_each_nested(nl_combi, tb, rem_combi) { 3467 if (wiphy_info_iface_comb_process(info, nl_combi) > 0) 3468 break; 3469 } 3470} 3471 3472 3473static void wiphy_info_supp_cmds(struct wiphy_info_data *info, 3474 struct nlattr *tb) 3475{ 3476 struct nlattr *nl_cmd; 3477 int i; 3478 3479 if (tb == NULL) 3480 return; 3481 3482 nla_for_each_nested(nl_cmd, tb, i) { 3483 switch (nla_get_u32(nl_cmd)) { 3484 case NL80211_CMD_AUTHENTICATE: 3485 info->auth_supported = 1; 3486 break; 3487 case NL80211_CMD_CONNECT: 3488 info->connect_supported = 1; 3489 break; 3490 case NL80211_CMD_START_SCHED_SCAN: 3491 info->capa->sched_scan_supported = 1; 3492 break; 3493 case NL80211_CMD_PROBE_CLIENT: 3494 info->poll_command_supported = 1; 3495 break; 3496 case NL80211_CMD_CHANNEL_SWITCH: 3497 info->channel_switch_supported = 1; 3498 break; 3499 case NL80211_CMD_SET_QOS_MAP: 3500 info->set_qos_map_supported = 1; 3501 break; 3502 } 3503 } 3504} 3505 3506 3507static void wiphy_info_cipher_suites(struct wiphy_info_data *info, 3508 struct nlattr *tb) 3509{ 3510 int i, num; 3511 u32 *ciphers; 3512 3513 if (tb == NULL) 3514 return; 3515 3516 num = nla_len(tb) / sizeof(u32); 3517 ciphers = nla_data(tb); 3518 for (i = 0; i < num; i++) { 3519 u32 c = ciphers[i]; 3520 3521 wpa_printf(MSG_DEBUG, "nl80211: Supported cipher %02x-%02x-%02x:%d", 3522 c >> 24, (c >> 16) & 0xff, 3523 (c >> 8) & 0xff, c & 0xff); 3524 switch (c) { 3525 case WLAN_CIPHER_SUITE_CCMP_256: 3526 info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP_256; 3527 break; 3528 case WLAN_CIPHER_SUITE_GCMP_256: 3529 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP_256; 3530 break; 3531 case WLAN_CIPHER_SUITE_CCMP: 3532 info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP; 3533 break; 3534 case WLAN_CIPHER_SUITE_GCMP: 3535 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP; 3536 break; 3537 case WLAN_CIPHER_SUITE_TKIP: 3538 info->capa->enc |= WPA_DRIVER_CAPA_ENC_TKIP; 3539 break; 3540 case WLAN_CIPHER_SUITE_WEP104: 3541 info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP104; 3542 break; 3543 case WLAN_CIPHER_SUITE_WEP40: 3544 info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP40; 3545 break; 3546 case WLAN_CIPHER_SUITE_AES_CMAC: 3547 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP; 3548 break; 3549 case WLAN_CIPHER_SUITE_BIP_GMAC_128: 3550 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_128; 3551 break; 3552 case WLAN_CIPHER_SUITE_BIP_GMAC_256: 3553 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_256; 3554 break; 3555 case WLAN_CIPHER_SUITE_BIP_CMAC_256: 3556 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_CMAC_256; 3557 break; 3558 case WLAN_CIPHER_SUITE_NO_GROUP_ADDR: 3559 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GTK_NOT_USED; 3560 break; 3561 } 3562 } 3563} 3564 3565 3566static void wiphy_info_max_roc(struct wpa_driver_capa *capa, 3567 struct nlattr *tb) 3568{ 3569 if (tb) 3570 capa->max_remain_on_chan = nla_get_u32(tb); 3571} 3572 3573 3574static void wiphy_info_tdls(struct wpa_driver_capa *capa, struct nlattr *tdls, 3575 struct nlattr *ext_setup) 3576{ 3577 if (tdls == NULL) 3578 return; 3579 3580 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported"); 3581 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT; 3582 3583 if (ext_setup) { 3584 wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup"); 3585 capa->flags |= WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP; 3586 } 3587} 3588 3589 3590static void wiphy_info_feature_flags(struct wiphy_info_data *info, 3591 struct nlattr *tb) 3592{ 3593 u32 flags; 3594 struct wpa_driver_capa *capa = info->capa; 3595 3596 if (tb == NULL) 3597 return; 3598 3599 flags = nla_get_u32(tb); 3600 3601 if (flags & NL80211_FEATURE_SK_TX_STATUS) 3602 info->data_tx_status = 1; 3603 3604 if (flags & NL80211_FEATURE_INACTIVITY_TIMER) 3605 capa->flags |= WPA_DRIVER_FLAGS_INACTIVITY_TIMER; 3606 3607 if (flags & NL80211_FEATURE_SAE) 3608 capa->flags |= WPA_DRIVER_FLAGS_SAE; 3609 3610 if (flags & NL80211_FEATURE_NEED_OBSS_SCAN) 3611 capa->flags |= WPA_DRIVER_FLAGS_OBSS_SCAN; 3612} 3613 3614 3615static void wiphy_info_probe_resp_offload(struct wpa_driver_capa *capa, 3616 struct nlattr *tb) 3617{ 3618 u32 protocols; 3619 3620 if (tb == NULL) 3621 return; 3622 3623 protocols = nla_get_u32(tb); 3624 wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response offload in AP " 3625 "mode"); 3626 capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD; 3627 capa->probe_resp_offloads = probe_resp_offload_support(protocols); 3628} 3629 3630 3631static int wiphy_info_handler(struct nl_msg *msg, void *arg) 3632{ 3633 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3634 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3635 struct wiphy_info_data *info = arg; 3636 struct wpa_driver_capa *capa = info->capa; 3637 struct wpa_driver_nl80211_data *drv = info->drv; 3638 3639 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3640 genlmsg_attrlen(gnlh, 0), NULL); 3641 3642 if (tb[NL80211_ATTR_WIPHY_NAME]) 3643 os_strlcpy(drv->phyname, 3644 nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]), 3645 sizeof(drv->phyname)); 3646 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 3647 capa->max_scan_ssids = 3648 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 3649 3650 if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]) 3651 capa->max_sched_scan_ssids = 3652 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]); 3653 3654 if (tb[NL80211_ATTR_MAX_MATCH_SETS]) 3655 capa->max_match_sets = 3656 nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]); 3657 3658 if (tb[NL80211_ATTR_MAC_ACL_MAX]) 3659 capa->max_acl_mac_addrs = 3660 nla_get_u8(tb[NL80211_ATTR_MAC_ACL_MAX]); 3661 3662 wiphy_info_supported_iftypes(info, tb[NL80211_ATTR_SUPPORTED_IFTYPES]); 3663 wiphy_info_iface_comb(info, tb[NL80211_ATTR_INTERFACE_COMBINATIONS]); 3664 wiphy_info_supp_cmds(info, tb[NL80211_ATTR_SUPPORTED_COMMANDS]); 3665 wiphy_info_cipher_suites(info, tb[NL80211_ATTR_CIPHER_SUITES]); 3666 3667 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) { 3668 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based " 3669 "off-channel TX"); 3670 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 3671 } 3672 3673 if (tb[NL80211_ATTR_ROAM_SUPPORT]) { 3674 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming"); 3675 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION; 3676 } 3677 3678 wiphy_info_max_roc(capa, 3679 tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]); 3680 3681 if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD]) 3682 capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD; 3683 3684 wiphy_info_tdls(capa, tb[NL80211_ATTR_TDLS_SUPPORT], 3685 tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]); 3686 3687 if (tb[NL80211_ATTR_DEVICE_AP_SME]) 3688 info->device_ap_sme = 1; 3689 3690 wiphy_info_feature_flags(info, tb[NL80211_ATTR_FEATURE_FLAGS]); 3691 wiphy_info_probe_resp_offload(capa, 3692 tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]); 3693 3694 if (tb[NL80211_ATTR_EXT_CAPA] && tb[NL80211_ATTR_EXT_CAPA_MASK] && 3695 drv->extended_capa == NULL) { 3696 drv->extended_capa = 3697 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3698 if (drv->extended_capa) { 3699 os_memcpy(drv->extended_capa, 3700 nla_data(tb[NL80211_ATTR_EXT_CAPA]), 3701 nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3702 drv->extended_capa_len = 3703 nla_len(tb[NL80211_ATTR_EXT_CAPA]); 3704 } 3705 drv->extended_capa_mask = 3706 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3707 if (drv->extended_capa_mask) { 3708 os_memcpy(drv->extended_capa_mask, 3709 nla_data(tb[NL80211_ATTR_EXT_CAPA]), 3710 nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3711 } else { 3712 os_free(drv->extended_capa); 3713 drv->extended_capa = NULL; 3714 drv->extended_capa_len = 0; 3715 } 3716 } 3717 3718 if (tb[NL80211_ATTR_VENDOR_DATA]) { 3719 struct nlattr *nl; 3720 int rem; 3721 3722 nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_DATA], rem) { 3723 struct nl80211_vendor_cmd_info *vinfo; 3724 if (nla_len(nl) != sizeof(*vinfo)) { 3725 wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info"); 3726 continue; 3727 } 3728 vinfo = nla_data(nl); 3729 if (vinfo->subcmd == 3730 QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY) 3731 drv->dfs_vendor_cmd_avail = 1; 3732 3733 wpa_printf(MSG_DEBUG, "nl80211: Supported vendor command: vendor_id=0x%x subcmd=%u", 3734 vinfo->vendor_id, vinfo->subcmd); 3735 } 3736 } 3737 3738 if (tb[NL80211_ATTR_VENDOR_EVENTS]) { 3739 struct nlattr *nl; 3740 int rem; 3741 3742 nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_EVENTS], rem) { 3743 struct nl80211_vendor_cmd_info *vinfo; 3744 if (nla_len(nl) != sizeof(*vinfo)) { 3745 wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info"); 3746 continue; 3747 } 3748 vinfo = nla_data(nl); 3749 wpa_printf(MSG_DEBUG, "nl80211: Supported vendor event: vendor_id=0x%x subcmd=%u", 3750 vinfo->vendor_id, vinfo->subcmd); 3751 } 3752 } 3753 3754 return NL_SKIP; 3755} 3756 3757 3758static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 3759 struct wiphy_info_data *info) 3760{ 3761 u32 feat; 3762 struct nl_msg *msg; 3763 3764 os_memset(info, 0, sizeof(*info)); 3765 info->capa = &drv->capa; 3766 info->drv = drv; 3767 3768 msg = nlmsg_alloc(); 3769 if (!msg) 3770 return -1; 3771 3772 feat = get_nl80211_protocol_features(drv); 3773 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP) 3774 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY); 3775 else 3776 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 3777 3778 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP); 3779 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 3780 goto nla_put_failure; 3781 3782 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info)) 3783 return -1; 3784 3785 if (info->auth_supported) 3786 drv->capa.flags |= WPA_DRIVER_FLAGS_SME; 3787 else if (!info->connect_supported) { 3788 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 3789 "authentication/association or connect commands"); 3790 info->error = 1; 3791 } 3792 3793 if (info->p2p_go_supported && info->p2p_client_supported) 3794 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE; 3795 if (info->p2p_concurrent) { 3796 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 3797 "interface (driver advertised support)"); 3798 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 3799 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 3800 } 3801 if (info->num_multichan_concurrent > 1) { 3802 wpa_printf(MSG_DEBUG, "nl80211: Enable multi-channel " 3803 "concurrent (driver advertised support)"); 3804 drv->capa.num_multichan_concurrent = 3805 info->num_multichan_concurrent; 3806 } 3807 3808 /* default to 5000 since early versions of mac80211 don't set it */ 3809 if (!drv->capa.max_remain_on_chan) 3810 drv->capa.max_remain_on_chan = 5000; 3811 3812 if (info->channel_switch_supported) 3813 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_CSA; 3814 3815 return 0; 3816nla_put_failure: 3817 nlmsg_free(msg); 3818 return -1; 3819} 3820 3821 3822static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 3823{ 3824 struct wiphy_info_data info; 3825 if (wpa_driver_nl80211_get_info(drv, &info)) 3826 return -1; 3827 3828 if (info.error) 3829 return -1; 3830 3831 drv->has_capability = 1; 3832 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 3833 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 3834 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 3835 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 3836 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 3837 WPA_DRIVER_AUTH_SHARED | 3838 WPA_DRIVER_AUTH_LEAP; 3839 3840 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES; 3841 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 3842 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 3843 3844 /* 3845 * As all cfg80211 drivers must support cases where the AP interface is 3846 * removed without the knowledge of wpa_supplicant/hostapd, e.g., in 3847 * case that the user space daemon has crashed, they must be able to 3848 * cleanup all stations and key entries in the AP tear down flow. Thus, 3849 * this flag can/should always be set for cfg80211 drivers. 3850 */ 3851 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_TEARDOWN_SUPPORT; 3852 3853 if (!info.device_ap_sme) { 3854 drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS; 3855 3856 /* 3857 * No AP SME is currently assumed to also indicate no AP MLME 3858 * in the driver/firmware. 3859 */ 3860 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_MLME; 3861 } 3862 3863 drv->device_ap_sme = info.device_ap_sme; 3864 drv->poll_command_supported = info.poll_command_supported; 3865 drv->data_tx_status = info.data_tx_status; 3866 if (info.set_qos_map_supported) 3867 drv->capa.flags |= WPA_DRIVER_FLAGS_QOS_MAPPING; 3868 3869 /* 3870 * If poll command and tx status are supported, mac80211 is new enough 3871 * to have everything we need to not need monitor interfaces. 3872 */ 3873 drv->use_monitor = !info.poll_command_supported || !info.data_tx_status; 3874 3875 if (drv->device_ap_sme && drv->use_monitor) { 3876 /* 3877 * Non-mac80211 drivers may not support monitor interface. 3878 * Make sure we do not get stuck with incorrect capability here 3879 * by explicitly testing this. 3880 */ 3881 if (!info.monitor_supported) { 3882 wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor " 3883 "with device_ap_sme since no monitor mode " 3884 "support detected"); 3885 drv->use_monitor = 0; 3886 } 3887 } 3888 3889 /* 3890 * If we aren't going to use monitor interfaces, but the 3891 * driver doesn't support data TX status, we won't get TX 3892 * status for EAPOL frames. 3893 */ 3894 if (!drv->use_monitor && !info.data_tx_status) 3895 drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 3896 3897 return 0; 3898} 3899 3900 3901#ifdef ANDROID 3902static int android_genl_ctrl_resolve(struct nl_handle *handle, 3903 const char *name) 3904{ 3905 /* 3906 * Android ICS has very minimal genl_ctrl_resolve() implementation, so 3907 * need to work around that. 3908 */ 3909 struct nl_cache *cache = NULL; 3910 struct genl_family *nl80211 = NULL; 3911 int id = -1; 3912 3913 if (genl_ctrl_alloc_cache(handle, &cache) < 0) { 3914 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 3915 "netlink cache"); 3916 goto fail; 3917 } 3918 3919 nl80211 = genl_ctrl_search_by_name(cache, name); 3920 if (nl80211 == NULL) 3921 goto fail; 3922 3923 id = genl_family_get_id(nl80211); 3924 3925fail: 3926 if (nl80211) 3927 genl_family_put(nl80211); 3928 if (cache) 3929 nl_cache_free(cache); 3930 3931 return id; 3932} 3933#define genl_ctrl_resolve android_genl_ctrl_resolve 3934#endif /* ANDROID */ 3935 3936 3937static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global) 3938{ 3939 int ret; 3940 3941 global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 3942 if (global->nl_cb == NULL) { 3943 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 3944 "callbacks"); 3945 return -1; 3946 } 3947 3948 global->nl = nl_create_handle(global->nl_cb, "nl"); 3949 if (global->nl == NULL) 3950 goto err; 3951 3952 global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211"); 3953 if (global->nl80211_id < 0) { 3954 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 3955 "found"); 3956 goto err; 3957 } 3958 3959 global->nl_event = nl_create_handle(global->nl_cb, "event"); 3960 if (global->nl_event == NULL) 3961 goto err; 3962 3963 ret = nl_get_multicast_id(global, "nl80211", "scan"); 3964 if (ret >= 0) 3965 ret = nl_socket_add_membership(global->nl_event, ret); 3966 if (ret < 0) { 3967 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 3968 "membership for scan events: %d (%s)", 3969 ret, strerror(-ret)); 3970 goto err; 3971 } 3972 3973 ret = nl_get_multicast_id(global, "nl80211", "mlme"); 3974 if (ret >= 0) 3975 ret = nl_socket_add_membership(global->nl_event, ret); 3976 if (ret < 0) { 3977 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 3978 "membership for mlme events: %d (%s)", 3979 ret, strerror(-ret)); 3980 goto err; 3981 } 3982 3983 ret = nl_get_multicast_id(global, "nl80211", "regulatory"); 3984 if (ret >= 0) 3985 ret = nl_socket_add_membership(global->nl_event, ret); 3986 if (ret < 0) { 3987 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 3988 "membership for regulatory events: %d (%s)", 3989 ret, strerror(-ret)); 3990 /* Continue without regulatory events */ 3991 } 3992 3993 ret = nl_get_multicast_id(global, "nl80211", "vendor"); 3994 if (ret >= 0) 3995 ret = nl_socket_add_membership(global->nl_event, ret); 3996 if (ret < 0) { 3997 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 3998 "membership for vendor events: %d (%s)", 3999 ret, strerror(-ret)); 4000 /* Continue without vendor events */ 4001 } 4002 4003 nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 4004 no_seq_check, NULL); 4005 nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 4006 process_global_event, global); 4007 4008 nl80211_register_eloop_read(&global->nl_event, 4009 wpa_driver_nl80211_event_receive, 4010 global->nl_cb); 4011 4012 return 0; 4013 4014err: 4015 nl_destroy_handles(&global->nl_event); 4016 nl_destroy_handles(&global->nl); 4017 nl_cb_put(global->nl_cb); 4018 global->nl_cb = NULL; 4019 return -1; 4020} 4021 4022 4023static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) 4024{ 4025 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 4026 if (!drv->nl_cb) { 4027 wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct"); 4028 return -1; 4029 } 4030 4031 nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 4032 no_seq_check, NULL); 4033 nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 4034 process_drv_event, drv); 4035 4036 return 0; 4037} 4038 4039 4040static void wpa_driver_nl80211_rfkill_blocked(void *ctx) 4041{ 4042 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); 4043 /* 4044 * This may be for any interface; use ifdown event to disable 4045 * interface. 4046 */ 4047} 4048 4049 4050static void wpa_driver_nl80211_rfkill_unblocked(void *ctx) 4051{ 4052 struct wpa_driver_nl80211_data *drv = ctx; 4053 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked"); 4054 if (i802_set_iface_flags(drv->first_bss, 1)) { 4055 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP " 4056 "after rfkill unblock"); 4057 return; 4058 } 4059 /* rtnetlink ifup handler will report interface as enabled */ 4060} 4061 4062 4063static void wpa_driver_nl80211_handle_eapol_tx_status(int sock, 4064 void *eloop_ctx, 4065 void *handle) 4066{ 4067 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4068 u8 data[2048]; 4069 struct msghdr msg; 4070 struct iovec entry; 4071 u8 control[512]; 4072 struct cmsghdr *cmsg; 4073 int res, found_ee = 0, found_wifi = 0, acked = 0; 4074 union wpa_event_data event; 4075 4076 memset(&msg, 0, sizeof(msg)); 4077 msg.msg_iov = &entry; 4078 msg.msg_iovlen = 1; 4079 entry.iov_base = data; 4080 entry.iov_len = sizeof(data); 4081 msg.msg_control = &control; 4082 msg.msg_controllen = sizeof(control); 4083 4084 res = recvmsg(sock, &msg, MSG_ERRQUEUE); 4085 /* if error or not fitting 802.3 header, return */ 4086 if (res < 14) 4087 return; 4088 4089 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) 4090 { 4091 if (cmsg->cmsg_level == SOL_SOCKET && 4092 cmsg->cmsg_type == SCM_WIFI_STATUS) { 4093 int *ack; 4094 4095 found_wifi = 1; 4096 ack = (void *)CMSG_DATA(cmsg); 4097 acked = *ack; 4098 } 4099 4100 if (cmsg->cmsg_level == SOL_PACKET && 4101 cmsg->cmsg_type == PACKET_TX_TIMESTAMP) { 4102 struct sock_extended_err *err = 4103 (struct sock_extended_err *)CMSG_DATA(cmsg); 4104 4105 if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS) 4106 found_ee = 1; 4107 } 4108 } 4109 4110 if (!found_ee || !found_wifi) 4111 return; 4112 4113 memset(&event, 0, sizeof(event)); 4114 event.eapol_tx_status.dst = data; 4115 event.eapol_tx_status.data = data + 14; 4116 event.eapol_tx_status.data_len = res - 14; 4117 event.eapol_tx_status.ack = acked; 4118 wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event); 4119} 4120 4121 4122static int nl80211_init_bss(struct i802_bss *bss) 4123{ 4124 bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 4125 if (!bss->nl_cb) 4126 return -1; 4127 4128 nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 4129 no_seq_check, NULL); 4130 nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 4131 process_bss_event, bss); 4132 4133 return 0; 4134} 4135 4136 4137static void nl80211_destroy_bss(struct i802_bss *bss) 4138{ 4139 nl_cb_put(bss->nl_cb); 4140 bss->nl_cb = NULL; 4141} 4142 4143 4144static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname, 4145 void *global_priv, int hostapd, 4146 const u8 *set_addr) 4147{ 4148 struct wpa_driver_nl80211_data *drv; 4149 struct rfkill_config *rcfg; 4150 struct i802_bss *bss; 4151 4152 if (global_priv == NULL) 4153 return NULL; 4154 drv = os_zalloc(sizeof(*drv)); 4155 if (drv == NULL) 4156 return NULL; 4157 drv->global = global_priv; 4158 drv->ctx = ctx; 4159 drv->hostapd = !!hostapd; 4160 drv->eapol_sock = -1; 4161 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 4162 drv->if_indices = drv->default_if_indices; 4163 4164 drv->first_bss = os_zalloc(sizeof(*drv->first_bss)); 4165 if (!drv->first_bss) { 4166 os_free(drv); 4167 return NULL; 4168 } 4169 bss = drv->first_bss; 4170 bss->drv = drv; 4171 bss->ctx = ctx; 4172 4173 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 4174 drv->monitor_ifidx = -1; 4175 drv->monitor_sock = -1; 4176 drv->eapol_tx_sock = -1; 4177 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 4178 4179 if (wpa_driver_nl80211_init_nl(drv)) { 4180 os_free(drv); 4181 return NULL; 4182 } 4183 4184 if (nl80211_init_bss(bss)) 4185 goto failed; 4186 4187 rcfg = os_zalloc(sizeof(*rcfg)); 4188 if (rcfg == NULL) 4189 goto failed; 4190 rcfg->ctx = drv; 4191 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 4192 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked; 4193 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked; 4194 drv->rfkill = rfkill_init(rcfg); 4195 if (drv->rfkill == NULL) { 4196 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available"); 4197 os_free(rcfg); 4198 } 4199 4200 if (linux_iface_up(drv->global->ioctl_sock, ifname) > 0) 4201 drv->start_iface_up = 1; 4202 4203 if (wpa_driver_nl80211_finish_drv_init(drv, set_addr, 1)) 4204 goto failed; 4205 4206 drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0); 4207 if (drv->eapol_tx_sock < 0) 4208 goto failed; 4209 4210 if (drv->data_tx_status) { 4211 int enabled = 1; 4212 4213 if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS, 4214 &enabled, sizeof(enabled)) < 0) { 4215 wpa_printf(MSG_DEBUG, 4216 "nl80211: wifi status sockopt failed\n"); 4217 drv->data_tx_status = 0; 4218 if (!drv->use_monitor) 4219 drv->capa.flags &= 4220 ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 4221 } else { 4222 eloop_register_read_sock(drv->eapol_tx_sock, 4223 wpa_driver_nl80211_handle_eapol_tx_status, 4224 drv, NULL); 4225 } 4226 } 4227 4228 if (drv->global) { 4229 dl_list_add(&drv->global->interfaces, &drv->list); 4230 drv->in_interface_list = 1; 4231 } 4232 4233 return bss; 4234 4235failed: 4236 wpa_driver_nl80211_deinit(bss); 4237 return NULL; 4238} 4239 4240 4241/** 4242 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 4243 * @ctx: context to be used when calling wpa_supplicant functions, 4244 * e.g., wpa_supplicant_event() 4245 * @ifname: interface name, e.g., wlan0 4246 * @global_priv: private driver global data from global_init() 4247 * Returns: Pointer to private data, %NULL on failure 4248 */ 4249static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, 4250 void *global_priv) 4251{ 4252 return wpa_driver_nl80211_drv_init(ctx, ifname, global_priv, 0, NULL); 4253} 4254 4255 4256static int nl80211_register_frame(struct i802_bss *bss, 4257 struct nl_handle *nl_handle, 4258 u16 type, const u8 *match, size_t match_len) 4259{ 4260 struct wpa_driver_nl80211_data *drv = bss->drv; 4261 struct nl_msg *msg; 4262 int ret = -1; 4263 char buf[30]; 4264 4265 msg = nlmsg_alloc(); 4266 if (!msg) 4267 return -1; 4268 4269 buf[0] = '\0'; 4270 wpa_snprintf_hex(buf, sizeof(buf), match, match_len); 4271 wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x nl_handle=%p match=%s", 4272 type, nl_handle, buf); 4273 4274 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION); 4275 4276 if (nl80211_set_iface_id(msg, bss) < 0) 4277 goto nla_put_failure; 4278 4279 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type); 4280 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 4281 4282 ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL); 4283 msg = NULL; 4284 if (ret) { 4285 wpa_printf(MSG_DEBUG, "nl80211: Register frame command " 4286 "failed (type=%u): ret=%d (%s)", 4287 type, ret, strerror(-ret)); 4288 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 4289 match, match_len); 4290 goto nla_put_failure; 4291 } 4292 ret = 0; 4293nla_put_failure: 4294 nlmsg_free(msg); 4295 return ret; 4296} 4297 4298 4299static int nl80211_alloc_mgmt_handle(struct i802_bss *bss) 4300{ 4301 struct wpa_driver_nl80211_data *drv = bss->drv; 4302 4303 if (bss->nl_mgmt) { 4304 wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting " 4305 "already on! (nl_mgmt=%p)", bss->nl_mgmt); 4306 return -1; 4307 } 4308 4309 bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt"); 4310 if (bss->nl_mgmt == NULL) 4311 return -1; 4312 4313 return 0; 4314} 4315 4316 4317static void nl80211_mgmt_handle_register_eloop(struct i802_bss *bss) 4318{ 4319 nl80211_register_eloop_read(&bss->nl_mgmt, 4320 wpa_driver_nl80211_event_receive, 4321 bss->nl_cb); 4322} 4323 4324 4325static int nl80211_register_action_frame(struct i802_bss *bss, 4326 const u8 *match, size_t match_len) 4327{ 4328 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4); 4329 return nl80211_register_frame(bss, bss->nl_mgmt, 4330 type, match, match_len); 4331} 4332 4333 4334static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss) 4335{ 4336 struct wpa_driver_nl80211_data *drv = bss->drv; 4337 int ret = 0; 4338 4339 if (nl80211_alloc_mgmt_handle(bss)) 4340 return -1; 4341 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP " 4342 "handle %p", bss->nl_mgmt); 4343 4344 if (drv->nlmode == NL80211_IFTYPE_ADHOC) { 4345 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4); 4346 4347 /* register for any AUTH message */ 4348 nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0); 4349 } 4350 4351#ifdef CONFIG_INTERWORKING 4352 /* QoS Map Configure */ 4353 if (nl80211_register_action_frame(bss, (u8 *) "\x01\x04", 2) < 0) 4354 ret = -1; 4355#endif /* CONFIG_INTERWORKING */ 4356#if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING) 4357 /* GAS Initial Request */ 4358 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0) 4359 ret = -1; 4360 /* GAS Initial Response */ 4361 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0) 4362 ret = -1; 4363 /* GAS Comeback Request */ 4364 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0) 4365 ret = -1; 4366 /* GAS Comeback Response */ 4367 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0) 4368 ret = -1; 4369 /* Protected GAS Initial Request */ 4370 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0a", 2) < 0) 4371 ret = -1; 4372 /* Protected GAS Initial Response */ 4373 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0b", 2) < 0) 4374 ret = -1; 4375 /* Protected GAS Comeback Request */ 4376 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0c", 2) < 0) 4377 ret = -1; 4378 /* Protected GAS Comeback Response */ 4379 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0d", 2) < 0) 4380 ret = -1; 4381#endif /* CONFIG_P2P || CONFIG_INTERWORKING */ 4382#ifdef CONFIG_P2P 4383 /* P2P Public Action */ 4384 if (nl80211_register_action_frame(bss, 4385 (u8 *) "\x04\x09\x50\x6f\x9a\x09", 4386 6) < 0) 4387 ret = -1; 4388 /* P2P Action */ 4389 if (nl80211_register_action_frame(bss, 4390 (u8 *) "\x7f\x50\x6f\x9a\x09", 4391 5) < 0) 4392 ret = -1; 4393#endif /* CONFIG_P2P */ 4394#ifdef CONFIG_IEEE80211W 4395 /* SA Query Response */ 4396 if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0) 4397 ret = -1; 4398#endif /* CONFIG_IEEE80211W */ 4399#ifdef CONFIG_TDLS 4400 if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) { 4401 /* TDLS Discovery Response */ 4402 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) < 4403 0) 4404 ret = -1; 4405 } 4406#endif /* CONFIG_TDLS */ 4407 4408 /* FT Action frames */ 4409 if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0) 4410 ret = -1; 4411 else 4412 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 4413 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 4414 4415 /* WNM - BSS Transition Management Request */ 4416 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0) 4417 ret = -1; 4418 /* WNM-Sleep Mode Response */ 4419 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0) 4420 ret = -1; 4421 4422#ifdef CONFIG_HS20 4423 /* WNM-Notification */ 4424 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x1a", 2) < 0) 4425 return -1; 4426#endif /* CONFIG_HS20 */ 4427 4428 nl80211_mgmt_handle_register_eloop(bss); 4429 4430 return ret; 4431} 4432 4433 4434static int nl80211_register_spurious_class3(struct i802_bss *bss) 4435{ 4436 struct wpa_driver_nl80211_data *drv = bss->drv; 4437 struct nl_msg *msg; 4438 int ret = -1; 4439 4440 msg = nlmsg_alloc(); 4441 if (!msg) 4442 return -1; 4443 4444 nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME); 4445 4446 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 4447 4448 ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL); 4449 msg = NULL; 4450 if (ret) { 4451 wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 " 4452 "failed: ret=%d (%s)", 4453 ret, strerror(-ret)); 4454 goto nla_put_failure; 4455 } 4456 ret = 0; 4457nla_put_failure: 4458 nlmsg_free(msg); 4459 return ret; 4460} 4461 4462 4463static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss) 4464{ 4465 static const int stypes[] = { 4466 WLAN_FC_STYPE_AUTH, 4467 WLAN_FC_STYPE_ASSOC_REQ, 4468 WLAN_FC_STYPE_REASSOC_REQ, 4469 WLAN_FC_STYPE_DISASSOC, 4470 WLAN_FC_STYPE_DEAUTH, 4471 WLAN_FC_STYPE_ACTION, 4472 WLAN_FC_STYPE_PROBE_REQ, 4473/* Beacon doesn't work as mac80211 doesn't currently allow 4474 * it, but it wouldn't really be the right thing anyway as 4475 * it isn't per interface ... maybe just dump the scan 4476 * results periodically for OLBC? 4477 */ 4478// WLAN_FC_STYPE_BEACON, 4479 }; 4480 unsigned int i; 4481 4482 if (nl80211_alloc_mgmt_handle(bss)) 4483 return -1; 4484 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 4485 "handle %p", bss->nl_mgmt); 4486 4487 for (i = 0; i < ARRAY_SIZE(stypes); i++) { 4488 if (nl80211_register_frame(bss, bss->nl_mgmt, 4489 (WLAN_FC_TYPE_MGMT << 2) | 4490 (stypes[i] << 4), 4491 NULL, 0) < 0) { 4492 goto out_err; 4493 } 4494 } 4495 4496 if (nl80211_register_spurious_class3(bss)) 4497 goto out_err; 4498 4499 if (nl80211_get_wiphy_data_ap(bss) == NULL) 4500 goto out_err; 4501 4502 nl80211_mgmt_handle_register_eloop(bss); 4503 return 0; 4504 4505out_err: 4506 nl_destroy_handles(&bss->nl_mgmt); 4507 return -1; 4508} 4509 4510 4511static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss) 4512{ 4513 if (nl80211_alloc_mgmt_handle(bss)) 4514 return -1; 4515 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 4516 "handle %p (device SME)", bss->nl_mgmt); 4517 4518 if (nl80211_register_frame(bss, bss->nl_mgmt, 4519 (WLAN_FC_TYPE_MGMT << 2) | 4520 (WLAN_FC_STYPE_ACTION << 4), 4521 NULL, 0) < 0) 4522 goto out_err; 4523 4524 nl80211_mgmt_handle_register_eloop(bss); 4525 return 0; 4526 4527out_err: 4528 nl_destroy_handles(&bss->nl_mgmt); 4529 return -1; 4530} 4531 4532 4533static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason) 4534{ 4535 if (bss->nl_mgmt == NULL) 4536 return; 4537 wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p " 4538 "(%s)", bss->nl_mgmt, reason); 4539 nl80211_destroy_eloop_handle(&bss->nl_mgmt); 4540 4541 nl80211_put_wiphy_data_ap(bss); 4542} 4543 4544 4545static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx) 4546{ 4547 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 4548} 4549 4550 4551static void nl80211_del_p2pdev(struct i802_bss *bss) 4552{ 4553 struct wpa_driver_nl80211_data *drv = bss->drv; 4554 struct nl_msg *msg; 4555 int ret; 4556 4557 msg = nlmsg_alloc(); 4558 if (!msg) 4559 return; 4560 4561 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 4562 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 4563 4564 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4565 msg = NULL; 4566 4567 wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s", 4568 bss->ifname, (long long unsigned int) bss->wdev_id, 4569 strerror(-ret)); 4570 4571nla_put_failure: 4572 nlmsg_free(msg); 4573} 4574 4575 4576static int nl80211_set_p2pdev(struct i802_bss *bss, int start) 4577{ 4578 struct wpa_driver_nl80211_data *drv = bss->drv; 4579 struct nl_msg *msg; 4580 int ret = -1; 4581 4582 msg = nlmsg_alloc(); 4583 if (!msg) 4584 return -1; 4585 4586 if (start) 4587 nl80211_cmd(drv, msg, 0, NL80211_CMD_START_P2P_DEVICE); 4588 else 4589 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_P2P_DEVICE); 4590 4591 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 4592 4593 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4594 msg = NULL; 4595 4596 wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s", 4597 start ? "Start" : "Stop", 4598 bss->ifname, (long long unsigned int) bss->wdev_id, 4599 strerror(-ret)); 4600 4601nla_put_failure: 4602 nlmsg_free(msg); 4603 return ret; 4604} 4605 4606 4607static int i802_set_iface_flags(struct i802_bss *bss, int up) 4608{ 4609 enum nl80211_iftype nlmode; 4610 4611 nlmode = nl80211_get_ifmode(bss); 4612 if (nlmode != NL80211_IFTYPE_P2P_DEVICE) { 4613 return linux_set_iface_flags(bss->drv->global->ioctl_sock, 4614 bss->ifname, up); 4615 } 4616 4617 /* P2P Device has start/stop which is equivalent */ 4618 return nl80211_set_p2pdev(bss, up); 4619} 4620 4621 4622static int 4623wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv, 4624 const u8 *set_addr, int first) 4625{ 4626 struct i802_bss *bss = drv->first_bss; 4627 int send_rfkill_event = 0; 4628 enum nl80211_iftype nlmode; 4629 4630 drv->ifindex = if_nametoindex(bss->ifname); 4631 bss->ifindex = drv->ifindex; 4632 bss->wdev_id = drv->global->if_add_wdevid; 4633 bss->wdev_id_set = drv->global->if_add_wdevid_set; 4634 4635 bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex; 4636 bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set; 4637 drv->global->if_add_wdevid_set = 0; 4638 4639 if (wpa_driver_nl80211_capa(drv)) 4640 return -1; 4641 4642 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s", 4643 bss->ifname, drv->phyname); 4644 4645 if (set_addr && 4646 (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) || 4647 linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 4648 set_addr))) 4649 return -1; 4650 4651 if (first && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP) 4652 drv->start_mode_ap = 1; 4653 4654 if (drv->hostapd) 4655 nlmode = NL80211_IFTYPE_AP; 4656 else if (bss->if_dynamic) 4657 nlmode = nl80211_get_ifmode(bss); 4658 else 4659 nlmode = NL80211_IFTYPE_STATION; 4660 4661 if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) { 4662 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver mode"); 4663 return -1; 4664 } 4665 4666 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) 4667 nl80211_get_macaddr(bss); 4668 4669 if (!rfkill_is_blocked(drv->rfkill)) { 4670 int ret = i802_set_iface_flags(bss, 1); 4671 if (ret) { 4672 wpa_printf(MSG_ERROR, "nl80211: Could not set " 4673 "interface '%s' UP", bss->ifname); 4674 return ret; 4675 } 4676 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) 4677 return ret; 4678 } else { 4679 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable " 4680 "interface '%s' due to rfkill", bss->ifname); 4681 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) 4682 return 0; 4683 drv->if_disabled = 1; 4684 send_rfkill_event = 1; 4685 } 4686 4687 if (!drv->hostapd) 4688 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 4689 1, IF_OPER_DORMANT); 4690 4691 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 4692 bss->addr)) 4693 return -1; 4694 4695 if (send_rfkill_event) { 4696 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill, 4697 drv, drv->ctx); 4698 } 4699 4700 return 0; 4701} 4702 4703 4704static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 4705{ 4706 struct nl_msg *msg; 4707 4708 msg = nlmsg_alloc(); 4709 if (!msg) 4710 return -ENOMEM; 4711 4712 wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)", 4713 drv->ifindex); 4714 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON); 4715 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4716 4717 return send_and_recv_msgs(drv, msg, NULL, NULL); 4718 nla_put_failure: 4719 nlmsg_free(msg); 4720 return -ENOBUFS; 4721} 4722 4723 4724/** 4725 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 4726 * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init() 4727 * 4728 * Shut down driver interface and processing of driver events. Free 4729 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 4730 */ 4731static void wpa_driver_nl80211_deinit(struct i802_bss *bss) 4732{ 4733 struct wpa_driver_nl80211_data *drv = bss->drv; 4734 4735 bss->in_deinit = 1; 4736 if (drv->data_tx_status) 4737 eloop_unregister_read_sock(drv->eapol_tx_sock); 4738 if (drv->eapol_tx_sock >= 0) 4739 close(drv->eapol_tx_sock); 4740 4741 if (bss->nl_preq) 4742 wpa_driver_nl80211_probe_req_report(bss, 0); 4743 if (bss->added_if_into_bridge) { 4744 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 4745 bss->ifname) < 0) 4746 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 4747 "interface %s from bridge %s: %s", 4748 bss->ifname, bss->brname, strerror(errno)); 4749 } 4750 if (bss->added_bridge) { 4751 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 4752 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 4753 "bridge %s: %s", 4754 bss->brname, strerror(errno)); 4755 } 4756 4757 nl80211_remove_monitor_interface(drv); 4758 4759 if (is_ap_interface(drv->nlmode)) 4760 wpa_driver_nl80211_del_beacon(drv); 4761 4762 if (drv->eapol_sock >= 0) { 4763 eloop_unregister_read_sock(drv->eapol_sock); 4764 close(drv->eapol_sock); 4765 } 4766 4767 if (drv->if_indices != drv->default_if_indices) 4768 os_free(drv->if_indices); 4769 4770 if (drv->disabled_11b_rates) 4771 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 4772 4773 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0, 4774 IF_OPER_UP); 4775 rfkill_deinit(drv->rfkill); 4776 4777 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 4778 4779 if (!drv->start_iface_up) 4780 (void) i802_set_iface_flags(bss, 0); 4781 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) { 4782 if (!drv->hostapd || !drv->start_mode_ap) 4783 wpa_driver_nl80211_set_mode(bss, 4784 NL80211_IFTYPE_STATION); 4785 nl80211_mgmt_unsubscribe(bss, "deinit"); 4786 } else { 4787 nl80211_mgmt_unsubscribe(bss, "deinit"); 4788 nl80211_del_p2pdev(bss); 4789 } 4790 nl_cb_put(drv->nl_cb); 4791 4792 nl80211_destroy_bss(drv->first_bss); 4793 4794 os_free(drv->filter_ssids); 4795 4796 os_free(drv->auth_ie); 4797 4798 if (drv->in_interface_list) 4799 dl_list_del(&drv->list); 4800 4801 os_free(drv->extended_capa); 4802 os_free(drv->extended_capa_mask); 4803 os_free(drv->first_bss); 4804 os_free(drv); 4805} 4806 4807 4808/** 4809 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 4810 * @eloop_ctx: Driver private data 4811 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 4812 * 4813 * This function can be used as registered timeout when starting a scan to 4814 * generate a scan completed event if the driver does not report this. 4815 */ 4816static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 4817{ 4818 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4819 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) { 4820 wpa_driver_nl80211_set_mode(drv->first_bss, 4821 drv->ap_scan_as_station); 4822 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 4823 } 4824 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 4825 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 4826} 4827 4828 4829static struct nl_msg * 4830nl80211_scan_common(struct wpa_driver_nl80211_data *drv, u8 cmd, 4831 struct wpa_driver_scan_params *params, u64 *wdev_id) 4832{ 4833 struct nl_msg *msg; 4834 size_t i; 4835 4836 msg = nlmsg_alloc(); 4837 if (!msg) 4838 return NULL; 4839 4840 nl80211_cmd(drv, msg, 0, cmd); 4841 4842 if (!wdev_id) 4843 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4844 else 4845 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, *wdev_id); 4846 4847 if (params->num_ssids) { 4848 struct nlattr *ssids; 4849 4850 ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 4851 if (ssids == NULL) 4852 goto fail; 4853 for (i = 0; i < params->num_ssids; i++) { 4854 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 4855 params->ssids[i].ssid, 4856 params->ssids[i].ssid_len); 4857 if (nla_put(msg, i + 1, params->ssids[i].ssid_len, 4858 params->ssids[i].ssid) < 0) 4859 goto fail; 4860 } 4861 nla_nest_end(msg, ssids); 4862 } 4863 4864 if (params->extra_ies) { 4865 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", 4866 params->extra_ies, params->extra_ies_len); 4867 if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len, 4868 params->extra_ies) < 0) 4869 goto fail; 4870 } 4871 4872 if (params->freqs) { 4873 struct nlattr *freqs; 4874 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 4875 if (freqs == NULL) 4876 goto fail; 4877 for (i = 0; params->freqs[i]; i++) { 4878 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 4879 "MHz", params->freqs[i]); 4880 if (nla_put_u32(msg, i + 1, params->freqs[i]) < 0) 4881 goto fail; 4882 } 4883 nla_nest_end(msg, freqs); 4884 } 4885 4886 os_free(drv->filter_ssids); 4887 drv->filter_ssids = params->filter_ssids; 4888 params->filter_ssids = NULL; 4889 drv->num_filter_ssids = params->num_filter_ssids; 4890 4891 if (params->only_new_results) { 4892 wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_FLUSH"); 4893 NLA_PUT_U32(msg, NL80211_ATTR_SCAN_FLAGS, 4894 NL80211_SCAN_FLAG_FLUSH); 4895 } 4896 4897 return msg; 4898 4899fail: 4900nla_put_failure: 4901 nlmsg_free(msg); 4902 return NULL; 4903} 4904 4905 4906/** 4907 * wpa_driver_nl80211_scan - Request the driver to initiate scan 4908 * @bss: Pointer to private driver data from wpa_driver_nl80211_init() 4909 * @params: Scan parameters 4910 * Returns: 0 on success, -1 on failure 4911 */ 4912static int wpa_driver_nl80211_scan(struct i802_bss *bss, 4913 struct wpa_driver_scan_params *params) 4914{ 4915 struct wpa_driver_nl80211_data *drv = bss->drv; 4916 int ret = -1, timeout; 4917 struct nl_msg *msg = NULL; 4918 4919 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request"); 4920 drv->scan_for_auth = 0; 4921 4922 msg = nl80211_scan_common(drv, NL80211_CMD_TRIGGER_SCAN, params, 4923 bss->wdev_id_set ? &bss->wdev_id : NULL); 4924 if (!msg) 4925 return -1; 4926 4927 if (params->p2p_probe) { 4928 struct nlattr *rates; 4929 4930 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates"); 4931 4932 rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES); 4933 if (rates == NULL) 4934 goto nla_put_failure; 4935 4936 /* 4937 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates 4938 * by masking out everything else apart from the OFDM rates 6, 4939 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz 4940 * rates are left enabled. 4941 */ 4942 NLA_PUT(msg, NL80211_BAND_2GHZ, 8, 4943 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 4944 nla_nest_end(msg, rates); 4945 4946 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 4947 } 4948 4949 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4950 msg = NULL; 4951 if (ret) { 4952 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 4953 "(%s)", ret, strerror(-ret)); 4954 if (drv->hostapd && is_ap_interface(drv->nlmode)) { 4955 enum nl80211_iftype old_mode = drv->nlmode; 4956 4957 /* 4958 * mac80211 does not allow scan requests in AP mode, so 4959 * try to do this in station mode. 4960 */ 4961 if (wpa_driver_nl80211_set_mode( 4962 bss, NL80211_IFTYPE_STATION)) 4963 goto nla_put_failure; 4964 4965 if (wpa_driver_nl80211_scan(bss, params)) { 4966 wpa_driver_nl80211_set_mode(bss, drv->nlmode); 4967 goto nla_put_failure; 4968 } 4969 4970 /* Restore AP mode when processing scan results */ 4971 drv->ap_scan_as_station = old_mode; 4972 ret = 0; 4973 } else 4974 goto nla_put_failure; 4975 } 4976 4977 drv->scan_state = SCAN_REQUESTED; 4978 /* Not all drivers generate "scan completed" wireless event, so try to 4979 * read results after a timeout. */ 4980 timeout = 10; 4981 if (drv->scan_complete_events) { 4982 /* 4983 * The driver seems to deliver events to notify when scan is 4984 * complete, so use longer timeout to avoid race conditions 4985 * with scanning and following association request. 4986 */ 4987 timeout = 30; 4988 } 4989 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 4990 "seconds", ret, timeout); 4991 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 4992 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 4993 drv, drv->ctx); 4994 4995nla_put_failure: 4996 nlmsg_free(msg); 4997 return ret; 4998} 4999 5000 5001/** 5002 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan 5003 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 5004 * @params: Scan parameters 5005 * @interval: Interval between scan cycles in milliseconds 5006 * Returns: 0 on success, -1 on failure or if not supported 5007 */ 5008static int wpa_driver_nl80211_sched_scan(void *priv, 5009 struct wpa_driver_scan_params *params, 5010 u32 interval) 5011{ 5012 struct i802_bss *bss = priv; 5013 struct wpa_driver_nl80211_data *drv = bss->drv; 5014 int ret = -1; 5015 struct nl_msg *msg; 5016 size_t i; 5017 5018 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request"); 5019 5020#ifdef ANDROID 5021 if (!drv->capa.sched_scan_supported) 5022 return android_pno_start(bss, params); 5023#endif /* ANDROID */ 5024 5025 msg = nl80211_scan_common(drv, NL80211_CMD_START_SCHED_SCAN, params, 5026 bss->wdev_id_set ? &bss->wdev_id : NULL); 5027 if (!msg) 5028 goto nla_put_failure; 5029 5030 NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval); 5031 5032 if ((drv->num_filter_ssids && 5033 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) || 5034 params->filter_rssi) { 5035 struct nlattr *match_sets; 5036 match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH); 5037 if (match_sets == NULL) 5038 goto nla_put_failure; 5039 5040 for (i = 0; i < drv->num_filter_ssids; i++) { 5041 struct nlattr *match_set_ssid; 5042 wpa_hexdump_ascii(MSG_MSGDUMP, 5043 "nl80211: Sched scan filter SSID", 5044 drv->filter_ssids[i].ssid, 5045 drv->filter_ssids[i].ssid_len); 5046 5047 match_set_ssid = nla_nest_start(msg, i + 1); 5048 if (match_set_ssid == NULL) 5049 goto nla_put_failure; 5050 NLA_PUT(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID, 5051 drv->filter_ssids[i].ssid_len, 5052 drv->filter_ssids[i].ssid); 5053 if (params->filter_rssi) 5054 NLA_PUT_U32(msg, 5055 NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 5056 params->filter_rssi); 5057 5058 nla_nest_end(msg, match_set_ssid); 5059 } 5060 5061 /* 5062 * Due to backward compatibility code, newer kernels treat this 5063 * matchset (with only an RSSI filter) as the default for all 5064 * other matchsets, unless it's the only one, in which case the 5065 * matchset will actually allow all SSIDs above the RSSI. 5066 */ 5067 if (params->filter_rssi) { 5068 struct nlattr *match_set_rssi; 5069 match_set_rssi = nla_nest_start(msg, 0); 5070 if (match_set_rssi == NULL) 5071 goto nla_put_failure; 5072 NLA_PUT_U32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 5073 params->filter_rssi); 5074 wpa_printf(MSG_MSGDUMP, 5075 "nl80211: Sched scan RSSI filter %d dBm", 5076 params->filter_rssi); 5077 nla_nest_end(msg, match_set_rssi); 5078 } 5079 5080 nla_nest_end(msg, match_sets); 5081 } 5082 5083 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5084 5085 /* TODO: if we get an error here, we should fall back to normal scan */ 5086 5087 msg = NULL; 5088 if (ret) { 5089 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: " 5090 "ret=%d (%s)", ret, strerror(-ret)); 5091 goto nla_put_failure; 5092 } 5093 5094 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - " 5095 "scan interval %d msec", ret, interval); 5096 5097nla_put_failure: 5098 nlmsg_free(msg); 5099 return ret; 5100} 5101 5102 5103/** 5104 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan 5105 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 5106 * Returns: 0 on success, -1 on failure or if not supported 5107 */ 5108static int wpa_driver_nl80211_stop_sched_scan(void *priv) 5109{ 5110 struct i802_bss *bss = priv; 5111 struct wpa_driver_nl80211_data *drv = bss->drv; 5112 int ret = 0; 5113 struct nl_msg *msg; 5114 5115#ifdef ANDROID 5116 if (!drv->capa.sched_scan_supported) 5117 return android_pno_stop(bss); 5118#endif /* ANDROID */ 5119 5120 msg = nlmsg_alloc(); 5121 if (!msg) 5122 return -1; 5123 5124 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN); 5125 5126 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5127 5128 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5129 msg = NULL; 5130 if (ret) { 5131 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: " 5132 "ret=%d (%s)", ret, strerror(-ret)); 5133 goto nla_put_failure; 5134 } 5135 5136 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret); 5137 5138nla_put_failure: 5139 nlmsg_free(msg); 5140 return ret; 5141} 5142 5143 5144static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 5145{ 5146 const u8 *end, *pos; 5147 5148 if (ies == NULL) 5149 return NULL; 5150 5151 pos = ies; 5152 end = ies + ies_len; 5153 5154 while (pos + 1 < end) { 5155 if (pos + 2 + pos[1] > end) 5156 break; 5157 if (pos[0] == ie) 5158 return pos; 5159 pos += 2 + pos[1]; 5160 } 5161 5162 return NULL; 5163} 5164 5165 5166static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 5167 const u8 *ie, size_t ie_len) 5168{ 5169 const u8 *ssid; 5170 size_t i; 5171 5172 if (drv->filter_ssids == NULL) 5173 return 0; 5174 5175 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 5176 if (ssid == NULL) 5177 return 1; 5178 5179 for (i = 0; i < drv->num_filter_ssids; i++) { 5180 if (ssid[1] == drv->filter_ssids[i].ssid_len && 5181 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 5182 0) 5183 return 0; 5184 } 5185 5186 return 1; 5187} 5188 5189 5190static int bss_info_handler(struct nl_msg *msg, void *arg) 5191{ 5192 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 5193 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5194 struct nlattr *bss[NL80211_BSS_MAX + 1]; 5195 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 5196 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 5197 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 5198 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 5199 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 5200 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 5201 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 5202 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 5203 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 5204 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 5205 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 5206 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 5207 }; 5208 struct nl80211_bss_info_arg *_arg = arg; 5209 struct wpa_scan_results *res = _arg->res; 5210 struct wpa_scan_res **tmp; 5211 struct wpa_scan_res *r; 5212 const u8 *ie, *beacon_ie; 5213 size_t ie_len, beacon_ie_len; 5214 u8 *pos; 5215 size_t i; 5216 5217 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5218 genlmsg_attrlen(gnlh, 0), NULL); 5219 if (!tb[NL80211_ATTR_BSS]) 5220 return NL_SKIP; 5221 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 5222 bss_policy)) 5223 return NL_SKIP; 5224 if (bss[NL80211_BSS_STATUS]) { 5225 enum nl80211_bss_status status; 5226 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 5227 if (status == NL80211_BSS_STATUS_ASSOCIATED && 5228 bss[NL80211_BSS_FREQUENCY]) { 5229 _arg->assoc_freq = 5230 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 5231 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz", 5232 _arg->assoc_freq); 5233 } 5234 if (status == NL80211_BSS_STATUS_ASSOCIATED && 5235 bss[NL80211_BSS_BSSID]) { 5236 os_memcpy(_arg->assoc_bssid, 5237 nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN); 5238 wpa_printf(MSG_DEBUG, "nl80211: Associated with " 5239 MACSTR, MAC2STR(_arg->assoc_bssid)); 5240 } 5241 } 5242 if (!res) 5243 return NL_SKIP; 5244 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 5245 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 5246 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 5247 } else { 5248 ie = NULL; 5249 ie_len = 0; 5250 } 5251 if (bss[NL80211_BSS_BEACON_IES]) { 5252 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 5253 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 5254 } else { 5255 beacon_ie = NULL; 5256 beacon_ie_len = 0; 5257 } 5258 5259 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 5260 ie ? ie_len : beacon_ie_len)) 5261 return NL_SKIP; 5262 5263 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 5264 if (r == NULL) 5265 return NL_SKIP; 5266 if (bss[NL80211_BSS_BSSID]) 5267 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 5268 ETH_ALEN); 5269 if (bss[NL80211_BSS_FREQUENCY]) 5270 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 5271 if (bss[NL80211_BSS_BEACON_INTERVAL]) 5272 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 5273 if (bss[NL80211_BSS_CAPABILITY]) 5274 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 5275 r->flags |= WPA_SCAN_NOISE_INVALID; 5276 if (bss[NL80211_BSS_SIGNAL_MBM]) { 5277 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 5278 r->level /= 100; /* mBm to dBm */ 5279 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 5280 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 5281 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 5282 r->flags |= WPA_SCAN_QUAL_INVALID; 5283 } else 5284 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 5285 if (bss[NL80211_BSS_TSF]) 5286 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 5287 if (bss[NL80211_BSS_SEEN_MS_AGO]) 5288 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 5289 r->ie_len = ie_len; 5290 pos = (u8 *) (r + 1); 5291 if (ie) { 5292 os_memcpy(pos, ie, ie_len); 5293 pos += ie_len; 5294 } 5295 r->beacon_ie_len = beacon_ie_len; 5296 if (beacon_ie) 5297 os_memcpy(pos, beacon_ie, beacon_ie_len); 5298 5299 if (bss[NL80211_BSS_STATUS]) { 5300 enum nl80211_bss_status status; 5301 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 5302 switch (status) { 5303 case NL80211_BSS_STATUS_AUTHENTICATED: 5304 r->flags |= WPA_SCAN_AUTHENTICATED; 5305 break; 5306 case NL80211_BSS_STATUS_ASSOCIATED: 5307 r->flags |= WPA_SCAN_ASSOCIATED; 5308 break; 5309 default: 5310 break; 5311 } 5312 } 5313 5314 /* 5315 * cfg80211 maintains separate BSS table entries for APs if the same 5316 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does 5317 * not use frequency as a separate key in the BSS table, so filter out 5318 * duplicated entries. Prefer associated BSS entry in such a case in 5319 * order to get the correct frequency into the BSS table. Similarly, 5320 * prefer newer entries over older. 5321 */ 5322 for (i = 0; i < res->num; i++) { 5323 const u8 *s1, *s2; 5324 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0) 5325 continue; 5326 5327 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1), 5328 res->res[i]->ie_len, WLAN_EID_SSID); 5329 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID); 5330 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] || 5331 os_memcmp(s1, s2, 2 + s1[1]) != 0) 5332 continue; 5333 5334 /* Same BSSID,SSID was already included in scan results */ 5335 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result " 5336 "for " MACSTR, MAC2STR(r->bssid)); 5337 5338 if (((r->flags & WPA_SCAN_ASSOCIATED) && 5339 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) || 5340 r->age < res->res[i]->age) { 5341 os_free(res->res[i]); 5342 res->res[i] = r; 5343 } else 5344 os_free(r); 5345 return NL_SKIP; 5346 } 5347 5348 tmp = os_realloc_array(res->res, res->num + 1, 5349 sizeof(struct wpa_scan_res *)); 5350 if (tmp == NULL) { 5351 os_free(r); 5352 return NL_SKIP; 5353 } 5354 tmp[res->num++] = r; 5355 res->res = tmp; 5356 5357 return NL_SKIP; 5358} 5359 5360 5361static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 5362 const u8 *addr) 5363{ 5364 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 5365 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 5366 "mismatch (" MACSTR ")", MAC2STR(addr)); 5367 wpa_driver_nl80211_mlme(drv, addr, 5368 NL80211_CMD_DEAUTHENTICATE, 5369 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 5370 } 5371} 5372 5373 5374static void wpa_driver_nl80211_check_bss_status( 5375 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 5376{ 5377 size_t i; 5378 5379 for (i = 0; i < res->num; i++) { 5380 struct wpa_scan_res *r = res->res[i]; 5381 if (r->flags & WPA_SCAN_AUTHENTICATED) { 5382 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 5383 "indicates BSS status with " MACSTR 5384 " as authenticated", 5385 MAC2STR(r->bssid)); 5386 if (is_sta_interface(drv->nlmode) && 5387 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 5388 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 5389 0) { 5390 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 5391 " in local state (auth=" MACSTR 5392 " assoc=" MACSTR ")", 5393 MAC2STR(drv->auth_bssid), 5394 MAC2STR(drv->bssid)); 5395 clear_state_mismatch(drv, r->bssid); 5396 } 5397 } 5398 5399 if (r->flags & WPA_SCAN_ASSOCIATED) { 5400 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 5401 "indicate BSS status with " MACSTR 5402 " as associated", 5403 MAC2STR(r->bssid)); 5404 if (is_sta_interface(drv->nlmode) && 5405 !drv->associated) { 5406 wpa_printf(MSG_DEBUG, "nl80211: Local state " 5407 "(not associated) does not match " 5408 "with BSS state"); 5409 clear_state_mismatch(drv, r->bssid); 5410 } else if (is_sta_interface(drv->nlmode) && 5411 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 5412 0) { 5413 wpa_printf(MSG_DEBUG, "nl80211: Local state " 5414 "(associated with " MACSTR ") does " 5415 "not match with BSS state", 5416 MAC2STR(drv->bssid)); 5417 clear_state_mismatch(drv, r->bssid); 5418 clear_state_mismatch(drv, drv->bssid); 5419 } 5420 } 5421 } 5422} 5423 5424 5425static struct wpa_scan_results * 5426nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 5427{ 5428 struct nl_msg *msg; 5429 struct wpa_scan_results *res; 5430 int ret; 5431 struct nl80211_bss_info_arg arg; 5432 5433 res = os_zalloc(sizeof(*res)); 5434 if (res == NULL) 5435 return NULL; 5436 msg = nlmsg_alloc(); 5437 if (!msg) 5438 goto nla_put_failure; 5439 5440 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 5441 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 5442 goto nla_put_failure; 5443 5444 arg.drv = drv; 5445 arg.res = res; 5446 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 5447 msg = NULL; 5448 if (ret == 0) { 5449 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu " 5450 "BSSes)", (unsigned long) res->num); 5451 nl80211_get_noise_for_scan_results(drv, res); 5452 return res; 5453 } 5454 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 5455 "(%s)", ret, strerror(-ret)); 5456nla_put_failure: 5457 nlmsg_free(msg); 5458 wpa_scan_results_free(res); 5459 return NULL; 5460} 5461 5462 5463/** 5464 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 5465 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 5466 * Returns: Scan results on success, -1 on failure 5467 */ 5468static struct wpa_scan_results * 5469wpa_driver_nl80211_get_scan_results(void *priv) 5470{ 5471 struct i802_bss *bss = priv; 5472 struct wpa_driver_nl80211_data *drv = bss->drv; 5473 struct wpa_scan_results *res; 5474 5475 res = nl80211_get_scan_results(drv); 5476 if (res) 5477 wpa_driver_nl80211_check_bss_status(drv, res); 5478 return res; 5479} 5480 5481 5482static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 5483{ 5484 struct wpa_scan_results *res; 5485 size_t i; 5486 5487 res = nl80211_get_scan_results(drv); 5488 if (res == NULL) { 5489 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 5490 return; 5491 } 5492 5493 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 5494 for (i = 0; i < res->num; i++) { 5495 struct wpa_scan_res *r = res->res[i]; 5496 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 5497 (int) i, (int) res->num, MAC2STR(r->bssid), 5498 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 5499 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 5500 } 5501 5502 wpa_scan_results_free(res); 5503} 5504 5505 5506static u32 wpa_alg_to_cipher_suite(enum wpa_alg alg, size_t key_len) 5507{ 5508 switch (alg) { 5509 case WPA_ALG_WEP: 5510 if (key_len == 5) 5511 return WLAN_CIPHER_SUITE_WEP40; 5512 return WLAN_CIPHER_SUITE_WEP104; 5513 case WPA_ALG_TKIP: 5514 return WLAN_CIPHER_SUITE_TKIP; 5515 case WPA_ALG_CCMP: 5516 return WLAN_CIPHER_SUITE_CCMP; 5517 case WPA_ALG_GCMP: 5518 return WLAN_CIPHER_SUITE_GCMP; 5519 case WPA_ALG_CCMP_256: 5520 return WLAN_CIPHER_SUITE_CCMP_256; 5521 case WPA_ALG_GCMP_256: 5522 return WLAN_CIPHER_SUITE_GCMP_256; 5523 case WPA_ALG_IGTK: 5524 return WLAN_CIPHER_SUITE_AES_CMAC; 5525 case WPA_ALG_BIP_GMAC_128: 5526 return WLAN_CIPHER_SUITE_BIP_GMAC_128; 5527 case WPA_ALG_BIP_GMAC_256: 5528 return WLAN_CIPHER_SUITE_BIP_GMAC_256; 5529 case WPA_ALG_BIP_CMAC_256: 5530 return WLAN_CIPHER_SUITE_BIP_CMAC_256; 5531 case WPA_ALG_SMS4: 5532 return WLAN_CIPHER_SUITE_SMS4; 5533 case WPA_ALG_KRK: 5534 return WLAN_CIPHER_SUITE_KRK; 5535 case WPA_ALG_NONE: 5536 case WPA_ALG_PMK: 5537 wpa_printf(MSG_ERROR, "nl80211: Unexpected encryption algorithm %d", 5538 alg); 5539 return 0; 5540 } 5541 5542 wpa_printf(MSG_ERROR, "nl80211: Unsupported encryption algorithm %d", 5543 alg); 5544 return 0; 5545} 5546 5547 5548static u32 wpa_cipher_to_cipher_suite(unsigned int cipher) 5549{ 5550 switch (cipher) { 5551 case WPA_CIPHER_CCMP_256: 5552 return WLAN_CIPHER_SUITE_CCMP_256; 5553 case WPA_CIPHER_GCMP_256: 5554 return WLAN_CIPHER_SUITE_GCMP_256; 5555 case WPA_CIPHER_CCMP: 5556 return WLAN_CIPHER_SUITE_CCMP; 5557 case WPA_CIPHER_GCMP: 5558 return WLAN_CIPHER_SUITE_GCMP; 5559 case WPA_CIPHER_TKIP: 5560 return WLAN_CIPHER_SUITE_TKIP; 5561 case WPA_CIPHER_WEP104: 5562 return WLAN_CIPHER_SUITE_WEP104; 5563 case WPA_CIPHER_WEP40: 5564 return WLAN_CIPHER_SUITE_WEP40; 5565 case WPA_CIPHER_GTK_NOT_USED: 5566 return WLAN_CIPHER_SUITE_NO_GROUP_ADDR; 5567 } 5568 5569 return 0; 5570} 5571 5572 5573static int wpa_cipher_to_cipher_suites(unsigned int ciphers, u32 suites[], 5574 int max_suites) 5575{ 5576 int num_suites = 0; 5577 5578 if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP_256) 5579 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP_256; 5580 if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP_256) 5581 suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP_256; 5582 if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP) 5583 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP; 5584 if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP) 5585 suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP; 5586 if (num_suites < max_suites && ciphers & WPA_CIPHER_TKIP) 5587 suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP; 5588 if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP104) 5589 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104; 5590 if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP40) 5591 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40; 5592 5593 return num_suites; 5594} 5595 5596 5597static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss, 5598 enum wpa_alg alg, const u8 *addr, 5599 int key_idx, int set_tx, 5600 const u8 *seq, size_t seq_len, 5601 const u8 *key, size_t key_len) 5602{ 5603 struct wpa_driver_nl80211_data *drv = bss->drv; 5604 int ifindex; 5605 struct nl_msg *msg; 5606 int ret; 5607 int tdls = 0; 5608 5609 /* Ignore for P2P Device */ 5610 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) 5611 return 0; 5612 5613 ifindex = if_nametoindex(ifname); 5614 wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d " 5615 "set_tx=%d seq_len=%lu key_len=%lu", 5616 __func__, ifindex, ifname, alg, addr, key_idx, set_tx, 5617 (unsigned long) seq_len, (unsigned long) key_len); 5618#ifdef CONFIG_TDLS 5619 if (key_idx == -1) { 5620 key_idx = 0; 5621 tdls = 1; 5622 } 5623#endif /* CONFIG_TDLS */ 5624 5625 msg = nlmsg_alloc(); 5626 if (!msg) 5627 return -ENOMEM; 5628 5629 if (alg == WPA_ALG_NONE) { 5630 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY); 5631 } else { 5632 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY); 5633 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 5634 wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len); 5635 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 5636 wpa_alg_to_cipher_suite(alg, key_len)); 5637 } 5638 5639 if (seq && seq_len) { 5640 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 5641 wpa_hexdump(MSG_DEBUG, "nl80211: KEY_SEQ", seq, seq_len); 5642 } 5643 5644 if (addr && !is_broadcast_ether_addr(addr)) { 5645 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 5646 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5647 5648 if (alg != WPA_ALG_WEP && key_idx && !set_tx) { 5649 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK"); 5650 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, 5651 NL80211_KEYTYPE_GROUP); 5652 } 5653 } else if (addr && is_broadcast_ether_addr(addr)) { 5654 struct nlattr *types; 5655 5656 wpa_printf(MSG_DEBUG, " broadcast key"); 5657 5658 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5659 if (!types) 5660 goto nla_put_failure; 5661 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 5662 nla_nest_end(msg, types); 5663 } 5664 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 5665 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5666 5667 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5668 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 5669 ret = 0; 5670 if (ret) 5671 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 5672 ret, strerror(-ret)); 5673 5674 /* 5675 * If we failed or don't need to set the default TX key (below), 5676 * we're done here. 5677 */ 5678 if (ret || !set_tx || alg == WPA_ALG_NONE || tdls) 5679 return ret; 5680 if (is_ap_interface(drv->nlmode) && addr && 5681 !is_broadcast_ether_addr(addr)) 5682 return ret; 5683 5684 msg = nlmsg_alloc(); 5685 if (!msg) 5686 return -ENOMEM; 5687 5688 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY); 5689 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 5690 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5691 if (alg == WPA_ALG_IGTK) 5692 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 5693 else 5694 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 5695 if (addr && is_broadcast_ether_addr(addr)) { 5696 struct nlattr *types; 5697 5698 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5699 if (!types) 5700 goto nla_put_failure; 5701 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 5702 nla_nest_end(msg, types); 5703 } else if (addr) { 5704 struct nlattr *types; 5705 5706 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5707 if (!types) 5708 goto nla_put_failure; 5709 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_UNICAST); 5710 nla_nest_end(msg, types); 5711 } 5712 5713 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5714 if (ret == -ENOENT) 5715 ret = 0; 5716 if (ret) 5717 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 5718 "err=%d %s)", ret, strerror(-ret)); 5719 return ret; 5720 5721nla_put_failure: 5722 nlmsg_free(msg); 5723 return -ENOBUFS; 5724} 5725 5726 5727static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 5728 int key_idx, int defkey, 5729 const u8 *seq, size_t seq_len, 5730 const u8 *key, size_t key_len) 5731{ 5732 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 5733 if (!key_attr) 5734 return -1; 5735 5736 if (defkey && alg == WPA_ALG_IGTK) 5737 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 5738 else if (defkey) 5739 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 5740 5741 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 5742 5743 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5744 wpa_alg_to_cipher_suite(alg, key_len)); 5745 5746 if (seq && seq_len) 5747 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 5748 5749 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 5750 5751 nla_nest_end(msg, key_attr); 5752 5753 return 0; 5754 nla_put_failure: 5755 return -1; 5756} 5757 5758 5759static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 5760 struct nl_msg *msg) 5761{ 5762 int i, privacy = 0; 5763 struct nlattr *nl_keys, *nl_key; 5764 5765 for (i = 0; i < 4; i++) { 5766 if (!params->wep_key[i]) 5767 continue; 5768 privacy = 1; 5769 break; 5770 } 5771 if (params->wps == WPS_MODE_PRIVACY) 5772 privacy = 1; 5773 if (params->pairwise_suite && 5774 params->pairwise_suite != WPA_CIPHER_NONE) 5775 privacy = 1; 5776 5777 if (!privacy) 5778 return 0; 5779 5780 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 5781 5782 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 5783 if (!nl_keys) 5784 goto nla_put_failure; 5785 5786 for (i = 0; i < 4; i++) { 5787 if (!params->wep_key[i]) 5788 continue; 5789 5790 nl_key = nla_nest_start(msg, i); 5791 if (!nl_key) 5792 goto nla_put_failure; 5793 5794 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 5795 params->wep_key[i]); 5796 if (params->wep_key_len[i] == 5) 5797 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5798 WLAN_CIPHER_SUITE_WEP40); 5799 else 5800 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5801 WLAN_CIPHER_SUITE_WEP104); 5802 5803 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 5804 5805 if (i == params->wep_tx_keyidx) 5806 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 5807 5808 nla_nest_end(msg, nl_key); 5809 } 5810 nla_nest_end(msg, nl_keys); 5811 5812 return 0; 5813 5814nla_put_failure: 5815 return -ENOBUFS; 5816} 5817 5818 5819static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 5820 const u8 *addr, int cmd, u16 reason_code, 5821 int local_state_change) 5822{ 5823 int ret = -1; 5824 struct nl_msg *msg; 5825 5826 msg = nlmsg_alloc(); 5827 if (!msg) 5828 return -1; 5829 5830 nl80211_cmd(drv, msg, 0, cmd); 5831 5832 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5833 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 5834 if (addr) 5835 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5836 if (local_state_change) 5837 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 5838 5839 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5840 msg = NULL; 5841 if (ret) { 5842 wpa_dbg(drv->ctx, MSG_DEBUG, 5843 "nl80211: MLME command failed: reason=%u ret=%d (%s)", 5844 reason_code, ret, strerror(-ret)); 5845 goto nla_put_failure; 5846 } 5847 ret = 0; 5848 5849nla_put_failure: 5850 nlmsg_free(msg); 5851 return ret; 5852} 5853 5854 5855static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 5856 int reason_code) 5857{ 5858 int ret; 5859 5860 wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code); 5861 nl80211_mark_disconnected(drv); 5862 /* Disconnect command doesn't need BSSID - it uses cached value */ 5863 ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT, 5864 reason_code, 0); 5865 /* 5866 * For locally generated disconnect, supplicant already generates a 5867 * DEAUTH event, so ignore the event from NL80211. 5868 */ 5869 drv->ignore_next_local_disconnect = ret == 0; 5870 5871 return ret; 5872} 5873 5874 5875static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss, 5876 const u8 *addr, int reason_code) 5877{ 5878 struct wpa_driver_nl80211_data *drv = bss->drv; 5879 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 5880 return wpa_driver_nl80211_disconnect(drv, reason_code); 5881 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 5882 __func__, MAC2STR(addr), reason_code); 5883 nl80211_mark_disconnected(drv); 5884 if (drv->nlmode == NL80211_IFTYPE_ADHOC) 5885 return nl80211_leave_ibss(drv); 5886 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 5887 reason_code, 0); 5888} 5889 5890 5891static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv, 5892 struct wpa_driver_auth_params *params) 5893{ 5894 int i; 5895 5896 drv->auth_freq = params->freq; 5897 drv->auth_alg = params->auth_alg; 5898 drv->auth_wep_tx_keyidx = params->wep_tx_keyidx; 5899 drv->auth_local_state_change = params->local_state_change; 5900 drv->auth_p2p = params->p2p; 5901 5902 if (params->bssid) 5903 os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN); 5904 else 5905 os_memset(drv->auth_bssid_, 0, ETH_ALEN); 5906 5907 if (params->ssid) { 5908 os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len); 5909 drv->auth_ssid_len = params->ssid_len; 5910 } else 5911 drv->auth_ssid_len = 0; 5912 5913 5914 os_free(drv->auth_ie); 5915 drv->auth_ie = NULL; 5916 drv->auth_ie_len = 0; 5917 if (params->ie) { 5918 drv->auth_ie = os_malloc(params->ie_len); 5919 if (drv->auth_ie) { 5920 os_memcpy(drv->auth_ie, params->ie, params->ie_len); 5921 drv->auth_ie_len = params->ie_len; 5922 } 5923 } 5924 5925 for (i = 0; i < 4; i++) { 5926 if (params->wep_key[i] && params->wep_key_len[i] && 5927 params->wep_key_len[i] <= 16) { 5928 os_memcpy(drv->auth_wep_key[i], params->wep_key[i], 5929 params->wep_key_len[i]); 5930 drv->auth_wep_key_len[i] = params->wep_key_len[i]; 5931 } else 5932 drv->auth_wep_key_len[i] = 0; 5933 } 5934} 5935 5936 5937static int wpa_driver_nl80211_authenticate( 5938 struct i802_bss *bss, struct wpa_driver_auth_params *params) 5939{ 5940 struct wpa_driver_nl80211_data *drv = bss->drv; 5941 int ret = -1, i; 5942 struct nl_msg *msg; 5943 enum nl80211_auth_type type; 5944 enum nl80211_iftype nlmode; 5945 int count = 0; 5946 int is_retry; 5947 5948 is_retry = drv->retry_auth; 5949 drv->retry_auth = 0; 5950 drv->ignore_deauth_event = 0; 5951 5952 nl80211_mark_disconnected(drv); 5953 os_memset(drv->auth_bssid, 0, ETH_ALEN); 5954 if (params->bssid) 5955 os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN); 5956 else 5957 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 5958 /* FIX: IBSS mode */ 5959 nlmode = params->p2p ? 5960 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 5961 if (drv->nlmode != nlmode && 5962 wpa_driver_nl80211_set_mode(bss, nlmode) < 0) 5963 return -1; 5964 5965retry: 5966 msg = nlmsg_alloc(); 5967 if (!msg) 5968 return -1; 5969 5970 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 5971 drv->ifindex); 5972 5973 nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE); 5974 5975 for (i = 0; i < 4; i++) { 5976 if (!params->wep_key[i]) 5977 continue; 5978 wpa_driver_nl80211_set_key(bss->ifname, bss, WPA_ALG_WEP, 5979 NULL, i, 5980 i == params->wep_tx_keyidx, NULL, 0, 5981 params->wep_key[i], 5982 params->wep_key_len[i]); 5983 if (params->wep_tx_keyidx != i) 5984 continue; 5985 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 5986 params->wep_key[i], params->wep_key_len[i])) { 5987 nlmsg_free(msg); 5988 return -1; 5989 } 5990 } 5991 5992 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5993 if (params->bssid) { 5994 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 5995 MAC2STR(params->bssid)); 5996 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 5997 } 5998 if (params->freq) { 5999 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 6000 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 6001 } 6002 if (params->ssid) { 6003 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 6004 params->ssid, params->ssid_len); 6005 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 6006 params->ssid); 6007 } 6008 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 6009 if (params->ie) 6010 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 6011 if (params->sae_data) { 6012 wpa_hexdump(MSG_DEBUG, " * SAE data", params->sae_data, 6013 params->sae_data_len); 6014 NLA_PUT(msg, NL80211_ATTR_SAE_DATA, params->sae_data_len, 6015 params->sae_data); 6016 } 6017 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 6018 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 6019 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 6020 type = NL80211_AUTHTYPE_SHARED_KEY; 6021 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 6022 type = NL80211_AUTHTYPE_NETWORK_EAP; 6023 else if (params->auth_alg & WPA_AUTH_ALG_FT) 6024 type = NL80211_AUTHTYPE_FT; 6025 else if (params->auth_alg & WPA_AUTH_ALG_SAE) 6026 type = NL80211_AUTHTYPE_SAE; 6027 else 6028 goto nla_put_failure; 6029 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 6030 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 6031 if (params->local_state_change) { 6032 wpa_printf(MSG_DEBUG, " * Local state change only"); 6033 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 6034 } 6035 6036 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6037 msg = NULL; 6038 if (ret) { 6039 wpa_dbg(drv->ctx, MSG_DEBUG, 6040 "nl80211: MLME command failed (auth): ret=%d (%s)", 6041 ret, strerror(-ret)); 6042 count++; 6043 if (ret == -EALREADY && count == 1 && params->bssid && 6044 !params->local_state_change) { 6045 /* 6046 * mac80211 does not currently accept new 6047 * authentication if we are already authenticated. As a 6048 * workaround, force deauthentication and try again. 6049 */ 6050 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 6051 "after forced deauthentication"); 6052 drv->ignore_deauth_event = 1; 6053 wpa_driver_nl80211_deauthenticate( 6054 bss, params->bssid, 6055 WLAN_REASON_PREV_AUTH_NOT_VALID); 6056 nlmsg_free(msg); 6057 goto retry; 6058 } 6059 6060 if (ret == -ENOENT && params->freq && !is_retry) { 6061 /* 6062 * cfg80211 has likely expired the BSS entry even 6063 * though it was previously available in our internal 6064 * BSS table. To recover quickly, start a single 6065 * channel scan on the specified channel. 6066 */ 6067 struct wpa_driver_scan_params scan; 6068 int freqs[2]; 6069 6070 os_memset(&scan, 0, sizeof(scan)); 6071 scan.num_ssids = 1; 6072 if (params->ssid) { 6073 scan.ssids[0].ssid = params->ssid; 6074 scan.ssids[0].ssid_len = params->ssid_len; 6075 } 6076 freqs[0] = params->freq; 6077 freqs[1] = 0; 6078 scan.freqs = freqs; 6079 wpa_printf(MSG_DEBUG, "nl80211: Trigger single " 6080 "channel scan to refresh cfg80211 BSS " 6081 "entry"); 6082 ret = wpa_driver_nl80211_scan(bss, &scan); 6083 if (ret == 0) { 6084 nl80211_copy_auth_params(drv, params); 6085 drv->scan_for_auth = 1; 6086 } 6087 } else if (is_retry) { 6088 /* 6089 * Need to indicate this with an event since the return 6090 * value from the retry is not delivered to core code. 6091 */ 6092 union wpa_event_data event; 6093 wpa_printf(MSG_DEBUG, "nl80211: Authentication retry " 6094 "failed"); 6095 os_memset(&event, 0, sizeof(event)); 6096 os_memcpy(event.timeout_event.addr, drv->auth_bssid_, 6097 ETH_ALEN); 6098 wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT, 6099 &event); 6100 } 6101 6102 goto nla_put_failure; 6103 } 6104 ret = 0; 6105 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 6106 "successfully"); 6107 6108nla_put_failure: 6109 nlmsg_free(msg); 6110 return ret; 6111} 6112 6113 6114static int wpa_driver_nl80211_authenticate_retry( 6115 struct wpa_driver_nl80211_data *drv) 6116{ 6117 struct wpa_driver_auth_params params; 6118 struct i802_bss *bss = drv->first_bss; 6119 int i; 6120 6121 wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again"); 6122 6123 os_memset(¶ms, 0, sizeof(params)); 6124 params.freq = drv->auth_freq; 6125 params.auth_alg = drv->auth_alg; 6126 params.wep_tx_keyidx = drv->auth_wep_tx_keyidx; 6127 params.local_state_change = drv->auth_local_state_change; 6128 params.p2p = drv->auth_p2p; 6129 6130 if (!is_zero_ether_addr(drv->auth_bssid_)) 6131 params.bssid = drv->auth_bssid_; 6132 6133 if (drv->auth_ssid_len) { 6134 params.ssid = drv->auth_ssid; 6135 params.ssid_len = drv->auth_ssid_len; 6136 } 6137 6138 params.ie = drv->auth_ie; 6139 params.ie_len = drv->auth_ie_len; 6140 6141 for (i = 0; i < 4; i++) { 6142 if (drv->auth_wep_key_len[i]) { 6143 params.wep_key[i] = drv->auth_wep_key[i]; 6144 params.wep_key_len[i] = drv->auth_wep_key_len[i]; 6145 } 6146 } 6147 6148 drv->retry_auth = 1; 6149 return wpa_driver_nl80211_authenticate(bss, ¶ms); 6150} 6151 6152 6153struct phy_info_arg { 6154 u16 *num_modes; 6155 struct hostapd_hw_modes *modes; 6156 int last_mode, last_chan_idx; 6157}; 6158 6159static void phy_info_ht_capa(struct hostapd_hw_modes *mode, struct nlattr *capa, 6160 struct nlattr *ampdu_factor, 6161 struct nlattr *ampdu_density, 6162 struct nlattr *mcs_set) 6163{ 6164 if (capa) 6165 mode->ht_capab = nla_get_u16(capa); 6166 6167 if (ampdu_factor) 6168 mode->a_mpdu_params |= nla_get_u8(ampdu_factor) & 0x03; 6169 6170 if (ampdu_density) 6171 mode->a_mpdu_params |= nla_get_u8(ampdu_density) << 2; 6172 6173 if (mcs_set && nla_len(mcs_set) >= 16) { 6174 u8 *mcs; 6175 mcs = nla_data(mcs_set); 6176 os_memcpy(mode->mcs_set, mcs, 16); 6177 } 6178} 6179 6180 6181static void phy_info_vht_capa(struct hostapd_hw_modes *mode, 6182 struct nlattr *capa, 6183 struct nlattr *mcs_set) 6184{ 6185 if (capa) 6186 mode->vht_capab = nla_get_u32(capa); 6187 6188 if (mcs_set && nla_len(mcs_set) >= 8) { 6189 u8 *mcs; 6190 mcs = nla_data(mcs_set); 6191 os_memcpy(mode->vht_mcs_set, mcs, 8); 6192 } 6193} 6194 6195 6196static void phy_info_freq(struct hostapd_hw_modes *mode, 6197 struct hostapd_channel_data *chan, 6198 struct nlattr *tb_freq[]) 6199{ 6200 u8 channel; 6201 chan->freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 6202 chan->flag = 0; 6203 chan->dfs_cac_ms = 0; 6204 if (ieee80211_freq_to_chan(chan->freq, &channel) != NUM_HOSTAPD_MODES) 6205 chan->chan = channel; 6206 6207 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 6208 chan->flag |= HOSTAPD_CHAN_DISABLED; 6209 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IR]) 6210 chan->flag |= HOSTAPD_CHAN_PASSIVE_SCAN | HOSTAPD_CHAN_NO_IBSS; 6211 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 6212 chan->flag |= HOSTAPD_CHAN_RADAR; 6213 6214 if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]) { 6215 enum nl80211_dfs_state state = 6216 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]); 6217 6218 switch (state) { 6219 case NL80211_DFS_USABLE: 6220 chan->flag |= HOSTAPD_CHAN_DFS_USABLE; 6221 break; 6222 case NL80211_DFS_AVAILABLE: 6223 chan->flag |= HOSTAPD_CHAN_DFS_AVAILABLE; 6224 break; 6225 case NL80211_DFS_UNAVAILABLE: 6226 chan->flag |= HOSTAPD_CHAN_DFS_UNAVAILABLE; 6227 break; 6228 } 6229 } 6230 6231 if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_CAC_TIME]) { 6232 chan->dfs_cac_ms = nla_get_u32( 6233 tb_freq[NL80211_FREQUENCY_ATTR_DFS_CAC_TIME]); 6234 } 6235} 6236 6237 6238static int phy_info_freqs(struct phy_info_arg *phy_info, 6239 struct hostapd_hw_modes *mode, struct nlattr *tb) 6240{ 6241 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 6242 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 6243 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 6244 [NL80211_FREQUENCY_ATTR_NO_IR] = { .type = NLA_FLAG }, 6245 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 6246 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 6247 [NL80211_FREQUENCY_ATTR_DFS_STATE] = { .type = NLA_U32 }, 6248 }; 6249 int new_channels = 0; 6250 struct hostapd_channel_data *channel; 6251 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 6252 struct nlattr *nl_freq; 6253 int rem_freq, idx; 6254 6255 if (tb == NULL) 6256 return NL_OK; 6257 6258 nla_for_each_nested(nl_freq, tb, rem_freq) { 6259 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 6260 nla_data(nl_freq), nla_len(nl_freq), freq_policy); 6261 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 6262 continue; 6263 new_channels++; 6264 } 6265 6266 channel = os_realloc_array(mode->channels, 6267 mode->num_channels + new_channels, 6268 sizeof(struct hostapd_channel_data)); 6269 if (!channel) 6270 return NL_SKIP; 6271 6272 mode->channels = channel; 6273 mode->num_channels += new_channels; 6274 6275 idx = phy_info->last_chan_idx; 6276 6277 nla_for_each_nested(nl_freq, tb, rem_freq) { 6278 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 6279 nla_data(nl_freq), nla_len(nl_freq), freq_policy); 6280 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 6281 continue; 6282 phy_info_freq(mode, &mode->channels[idx], tb_freq); 6283 idx++; 6284 } 6285 phy_info->last_chan_idx = idx; 6286 6287 return NL_OK; 6288} 6289 6290 6291static int phy_info_rates(struct hostapd_hw_modes *mode, struct nlattr *tb) 6292{ 6293 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 6294 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 6295 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = 6296 { .type = NLA_FLAG }, 6297 }; 6298 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 6299 struct nlattr *nl_rate; 6300 int rem_rate, idx; 6301 6302 if (tb == NULL) 6303 return NL_OK; 6304 6305 nla_for_each_nested(nl_rate, tb, rem_rate) { 6306 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 6307 nla_data(nl_rate), nla_len(nl_rate), 6308 rate_policy); 6309 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 6310 continue; 6311 mode->num_rates++; 6312 } 6313 6314 mode->rates = os_calloc(mode->num_rates, sizeof(int)); 6315 if (!mode->rates) 6316 return NL_SKIP; 6317 6318 idx = 0; 6319 6320 nla_for_each_nested(nl_rate, tb, rem_rate) { 6321 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 6322 nla_data(nl_rate), nla_len(nl_rate), 6323 rate_policy); 6324 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 6325 continue; 6326 mode->rates[idx] = nla_get_u32( 6327 tb_rate[NL80211_BITRATE_ATTR_RATE]); 6328 idx++; 6329 } 6330 6331 return NL_OK; 6332} 6333 6334 6335static int phy_info_band(struct phy_info_arg *phy_info, struct nlattr *nl_band) 6336{ 6337 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 6338 struct hostapd_hw_modes *mode; 6339 int ret; 6340 6341 if (phy_info->last_mode != nl_band->nla_type) { 6342 mode = os_realloc_array(phy_info->modes, 6343 *phy_info->num_modes + 1, 6344 sizeof(*mode)); 6345 if (!mode) 6346 return NL_SKIP; 6347 phy_info->modes = mode; 6348 6349 mode = &phy_info->modes[*(phy_info->num_modes)]; 6350 os_memset(mode, 0, sizeof(*mode)); 6351 mode->mode = NUM_HOSTAPD_MODES; 6352 mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN | 6353 HOSTAPD_MODE_FLAG_VHT_INFO_KNOWN; 6354 6355 /* 6356 * Unsupported VHT MCS stream is defined as value 3, so the VHT 6357 * MCS RX/TX map must be initialized with 0xffff to mark all 8 6358 * possible streams as unsupported. This will be overridden if 6359 * driver advertises VHT support. 6360 */ 6361 mode->vht_mcs_set[0] = 0xff; 6362 mode->vht_mcs_set[1] = 0xff; 6363 mode->vht_mcs_set[4] = 0xff; 6364 mode->vht_mcs_set[5] = 0xff; 6365 6366 *(phy_info->num_modes) += 1; 6367 phy_info->last_mode = nl_band->nla_type; 6368 phy_info->last_chan_idx = 0; 6369 } else 6370 mode = &phy_info->modes[*(phy_info->num_modes) - 1]; 6371 6372 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 6373 nla_len(nl_band), NULL); 6374 6375 phy_info_ht_capa(mode, tb_band[NL80211_BAND_ATTR_HT_CAPA], 6376 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR], 6377 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY], 6378 tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 6379 phy_info_vht_capa(mode, tb_band[NL80211_BAND_ATTR_VHT_CAPA], 6380 tb_band[NL80211_BAND_ATTR_VHT_MCS_SET]); 6381 ret = phy_info_freqs(phy_info, mode, tb_band[NL80211_BAND_ATTR_FREQS]); 6382 if (ret != NL_OK) 6383 return ret; 6384 ret = phy_info_rates(mode, tb_band[NL80211_BAND_ATTR_RATES]); 6385 if (ret != NL_OK) 6386 return ret; 6387 6388 return NL_OK; 6389} 6390 6391 6392static int phy_info_handler(struct nl_msg *msg, void *arg) 6393{ 6394 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 6395 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6396 struct phy_info_arg *phy_info = arg; 6397 struct nlattr *nl_band; 6398 int rem_band; 6399 6400 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6401 genlmsg_attrlen(gnlh, 0), NULL); 6402 6403 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 6404 return NL_SKIP; 6405 6406 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) 6407 { 6408 int res = phy_info_band(phy_info, nl_band); 6409 if (res != NL_OK) 6410 return res; 6411 } 6412 6413 return NL_SKIP; 6414} 6415 6416 6417static struct hostapd_hw_modes * 6418wpa_driver_nl80211_postprocess_modes(struct hostapd_hw_modes *modes, 6419 u16 *num_modes) 6420{ 6421 u16 m; 6422 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 6423 int i, mode11g_idx = -1; 6424 6425 /* heuristic to set up modes */ 6426 for (m = 0; m < *num_modes; m++) { 6427 if (!modes[m].num_channels) 6428 continue; 6429 if (modes[m].channels[0].freq < 4000) { 6430 modes[m].mode = HOSTAPD_MODE_IEEE80211B; 6431 for (i = 0; i < modes[m].num_rates; i++) { 6432 if (modes[m].rates[i] > 200) { 6433 modes[m].mode = HOSTAPD_MODE_IEEE80211G; 6434 break; 6435 } 6436 } 6437 } else if (modes[m].channels[0].freq > 50000) 6438 modes[m].mode = HOSTAPD_MODE_IEEE80211AD; 6439 else 6440 modes[m].mode = HOSTAPD_MODE_IEEE80211A; 6441 } 6442 6443 /* If only 802.11g mode is included, use it to construct matching 6444 * 802.11b mode data. */ 6445 6446 for (m = 0; m < *num_modes; m++) { 6447 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 6448 return modes; /* 802.11b already included */ 6449 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 6450 mode11g_idx = m; 6451 } 6452 6453 if (mode11g_idx < 0) 6454 return modes; /* 2.4 GHz band not supported at all */ 6455 6456 nmodes = os_realloc_array(modes, *num_modes + 1, sizeof(*nmodes)); 6457 if (nmodes == NULL) 6458 return modes; /* Could not add 802.11b mode */ 6459 6460 mode = &nmodes[*num_modes]; 6461 os_memset(mode, 0, sizeof(*mode)); 6462 (*num_modes)++; 6463 modes = nmodes; 6464 6465 mode->mode = HOSTAPD_MODE_IEEE80211B; 6466 6467 mode11g = &modes[mode11g_idx]; 6468 mode->num_channels = mode11g->num_channels; 6469 mode->channels = os_malloc(mode11g->num_channels * 6470 sizeof(struct hostapd_channel_data)); 6471 if (mode->channels == NULL) { 6472 (*num_modes)--; 6473 return modes; /* Could not add 802.11b mode */ 6474 } 6475 os_memcpy(mode->channels, mode11g->channels, 6476 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 6477 6478 mode->num_rates = 0; 6479 mode->rates = os_malloc(4 * sizeof(int)); 6480 if (mode->rates == NULL) { 6481 os_free(mode->channels); 6482 (*num_modes)--; 6483 return modes; /* Could not add 802.11b mode */ 6484 } 6485 6486 for (i = 0; i < mode11g->num_rates; i++) { 6487 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 6488 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 6489 continue; 6490 mode->rates[mode->num_rates] = mode11g->rates[i]; 6491 mode->num_rates++; 6492 if (mode->num_rates == 4) 6493 break; 6494 } 6495 6496 if (mode->num_rates == 0) { 6497 os_free(mode->channels); 6498 os_free(mode->rates); 6499 (*num_modes)--; 6500 return modes; /* No 802.11b rates */ 6501 } 6502 6503 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 6504 "information"); 6505 6506 return modes; 6507} 6508 6509 6510static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start, 6511 int end) 6512{ 6513 int c; 6514 6515 for (c = 0; c < mode->num_channels; c++) { 6516 struct hostapd_channel_data *chan = &mode->channels[c]; 6517 if (chan->freq - 10 >= start && chan->freq + 10 <= end) 6518 chan->flag |= HOSTAPD_CHAN_HT40; 6519 } 6520} 6521 6522 6523static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start, 6524 int end) 6525{ 6526 int c; 6527 6528 for (c = 0; c < mode->num_channels; c++) { 6529 struct hostapd_channel_data *chan = &mode->channels[c]; 6530 if (!(chan->flag & HOSTAPD_CHAN_HT40)) 6531 continue; 6532 if (chan->freq - 30 >= start && chan->freq - 10 <= end) 6533 chan->flag |= HOSTAPD_CHAN_HT40MINUS; 6534 if (chan->freq + 10 >= start && chan->freq + 30 <= end) 6535 chan->flag |= HOSTAPD_CHAN_HT40PLUS; 6536 } 6537} 6538 6539 6540static void nl80211_reg_rule_max_eirp(u32 start, u32 end, u32 max_eirp, 6541 struct phy_info_arg *results) 6542{ 6543 u16 m; 6544 6545 for (m = 0; m < *results->num_modes; m++) { 6546 int c; 6547 struct hostapd_hw_modes *mode = &results->modes[m]; 6548 6549 for (c = 0; c < mode->num_channels; c++) { 6550 struct hostapd_channel_data *chan = &mode->channels[c]; 6551 if ((u32) chan->freq - 10 >= start && 6552 (u32) chan->freq + 10 <= end) 6553 chan->max_tx_power = max_eirp; 6554 } 6555 } 6556} 6557 6558 6559static void nl80211_reg_rule_ht40(u32 start, u32 end, 6560 struct phy_info_arg *results) 6561{ 6562 u16 m; 6563 6564 for (m = 0; m < *results->num_modes; m++) { 6565 if (!(results->modes[m].ht_capab & 6566 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6567 continue; 6568 nl80211_set_ht40_mode(&results->modes[m], start, end); 6569 } 6570} 6571 6572 6573static void nl80211_reg_rule_sec(struct nlattr *tb[], 6574 struct phy_info_arg *results) 6575{ 6576 u32 start, end, max_bw; 6577 u16 m; 6578 6579 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6580 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6581 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6582 return; 6583 6584 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6585 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6586 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6587 6588 if (max_bw < 20) 6589 return; 6590 6591 for (m = 0; m < *results->num_modes; m++) { 6592 if (!(results->modes[m].ht_capab & 6593 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6594 continue; 6595 nl80211_set_ht40_mode_sec(&results->modes[m], start, end); 6596 } 6597} 6598 6599 6600static void nl80211_set_vht_mode(struct hostapd_hw_modes *mode, int start, 6601 int end) 6602{ 6603 int c; 6604 6605 for (c = 0; c < mode->num_channels; c++) { 6606 struct hostapd_channel_data *chan = &mode->channels[c]; 6607 if (chan->freq - 10 >= start && chan->freq + 70 <= end) 6608 chan->flag |= HOSTAPD_CHAN_VHT_10_70; 6609 6610 if (chan->freq - 30 >= start && chan->freq + 50 <= end) 6611 chan->flag |= HOSTAPD_CHAN_VHT_30_50; 6612 6613 if (chan->freq - 50 >= start && chan->freq + 30 <= end) 6614 chan->flag |= HOSTAPD_CHAN_VHT_50_30; 6615 6616 if (chan->freq - 70 >= start && chan->freq + 10 <= end) 6617 chan->flag |= HOSTAPD_CHAN_VHT_70_10; 6618 } 6619} 6620 6621 6622static void nl80211_reg_rule_vht(struct nlattr *tb[], 6623 struct phy_info_arg *results) 6624{ 6625 u32 start, end, max_bw; 6626 u16 m; 6627 6628 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6629 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6630 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6631 return; 6632 6633 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6634 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6635 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6636 6637 if (max_bw < 80) 6638 return; 6639 6640 for (m = 0; m < *results->num_modes; m++) { 6641 if (!(results->modes[m].ht_capab & 6642 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6643 continue; 6644 /* TODO: use a real VHT support indication */ 6645 if (!results->modes[m].vht_capab) 6646 continue; 6647 6648 nl80211_set_vht_mode(&results->modes[m], start, end); 6649 } 6650} 6651 6652 6653static const char * dfs_domain_name(enum nl80211_dfs_regions region) 6654{ 6655 switch (region) { 6656 case NL80211_DFS_UNSET: 6657 return "DFS-UNSET"; 6658 case NL80211_DFS_FCC: 6659 return "DFS-FCC"; 6660 case NL80211_DFS_ETSI: 6661 return "DFS-ETSI"; 6662 case NL80211_DFS_JP: 6663 return "DFS-JP"; 6664 default: 6665 return "DFS-invalid"; 6666 } 6667} 6668 6669 6670static int nl80211_get_reg(struct nl_msg *msg, void *arg) 6671{ 6672 struct phy_info_arg *results = arg; 6673 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 6674 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6675 struct nlattr *nl_rule; 6676 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1]; 6677 int rem_rule; 6678 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 6679 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 6680 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 6681 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 6682 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 6683 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 6684 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 6685 }; 6686 6687 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6688 genlmsg_attrlen(gnlh, 0), NULL); 6689 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] || 6690 !tb_msg[NL80211_ATTR_REG_RULES]) { 6691 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information " 6692 "available"); 6693 return NL_SKIP; 6694 } 6695 6696 if (tb_msg[NL80211_ATTR_DFS_REGION]) { 6697 enum nl80211_dfs_regions dfs_domain; 6698 dfs_domain = nla_get_u8(tb_msg[NL80211_ATTR_DFS_REGION]); 6699 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s (%s)", 6700 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 6701 dfs_domain_name(dfs_domain)); 6702 } else { 6703 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s", 6704 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2])); 6705 } 6706 6707 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6708 { 6709 u32 start, end, max_eirp = 0, max_bw = 0, flags = 0; 6710 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6711 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6712 if (tb_rule[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6713 tb_rule[NL80211_ATTR_FREQ_RANGE_END] == NULL) 6714 continue; 6715 start = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6716 end = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6717 if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 6718 max_eirp = nla_get_u32(tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) / 100; 6719 if (tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 6720 max_bw = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6721 if (tb_rule[NL80211_ATTR_REG_RULE_FLAGS]) 6722 flags = nla_get_u32(tb_rule[NL80211_ATTR_REG_RULE_FLAGS]); 6723 6724 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz %u mBm%s%s%s%s%s%s%s%s", 6725 start, end, max_bw, max_eirp, 6726 flags & NL80211_RRF_NO_OFDM ? " (no OFDM)" : "", 6727 flags & NL80211_RRF_NO_CCK ? " (no CCK)" : "", 6728 flags & NL80211_RRF_NO_INDOOR ? " (no indoor)" : "", 6729 flags & NL80211_RRF_NO_OUTDOOR ? " (no outdoor)" : 6730 "", 6731 flags & NL80211_RRF_DFS ? " (DFS)" : "", 6732 flags & NL80211_RRF_PTP_ONLY ? " (PTP only)" : "", 6733 flags & NL80211_RRF_PTMP_ONLY ? " (PTMP only)" : "", 6734 flags & NL80211_RRF_NO_IR ? " (no IR)" : ""); 6735 if (max_bw >= 40) 6736 nl80211_reg_rule_ht40(start, end, results); 6737 if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 6738 nl80211_reg_rule_max_eirp(start, end, max_eirp, 6739 results); 6740 } 6741 6742 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6743 { 6744 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6745 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6746 nl80211_reg_rule_sec(tb_rule, results); 6747 } 6748 6749 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6750 { 6751 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6752 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6753 nl80211_reg_rule_vht(tb_rule, results); 6754 } 6755 6756 return NL_SKIP; 6757} 6758 6759 6760static int nl80211_set_regulatory_flags(struct wpa_driver_nl80211_data *drv, 6761 struct phy_info_arg *results) 6762{ 6763 struct nl_msg *msg; 6764 6765 msg = nlmsg_alloc(); 6766 if (!msg) 6767 return -ENOMEM; 6768 6769 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 6770 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results); 6771} 6772 6773 6774static struct hostapd_hw_modes * 6775wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 6776{ 6777 u32 feat; 6778 struct i802_bss *bss = priv; 6779 struct wpa_driver_nl80211_data *drv = bss->drv; 6780 struct nl_msg *msg; 6781 struct phy_info_arg result = { 6782 .num_modes = num_modes, 6783 .modes = NULL, 6784 .last_mode = -1, 6785 }; 6786 6787 *num_modes = 0; 6788 *flags = 0; 6789 6790 msg = nlmsg_alloc(); 6791 if (!msg) 6792 return NULL; 6793 6794 feat = get_nl80211_protocol_features(drv); 6795 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP) 6796 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY); 6797 else 6798 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 6799 6800 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP); 6801 if (nl80211_set_iface_id(msg, bss) < 0) 6802 goto nla_put_failure; 6803 6804 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) { 6805 nl80211_set_regulatory_flags(drv, &result); 6806 return wpa_driver_nl80211_postprocess_modes(result.modes, 6807 num_modes); 6808 } 6809 msg = NULL; 6810 nla_put_failure: 6811 nlmsg_free(msg); 6812 return NULL; 6813} 6814 6815 6816static int wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data *drv, 6817 const void *data, size_t len, 6818 int encrypt, int noack) 6819{ 6820 __u8 rtap_hdr[] = { 6821 0x00, 0x00, /* radiotap version */ 6822 0x0e, 0x00, /* radiotap length */ 6823 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 6824 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 6825 0x00, /* padding */ 6826 0x00, 0x00, /* RX and TX flags to indicate that */ 6827 0x00, 0x00, /* this is the injected frame directly */ 6828 }; 6829 struct iovec iov[2] = { 6830 { 6831 .iov_base = &rtap_hdr, 6832 .iov_len = sizeof(rtap_hdr), 6833 }, 6834 { 6835 .iov_base = (void *) data, 6836 .iov_len = len, 6837 } 6838 }; 6839 struct msghdr msg = { 6840 .msg_name = NULL, 6841 .msg_namelen = 0, 6842 .msg_iov = iov, 6843 .msg_iovlen = 2, 6844 .msg_control = NULL, 6845 .msg_controllen = 0, 6846 .msg_flags = 0, 6847 }; 6848 int res; 6849 u16 txflags = 0; 6850 6851 if (encrypt) 6852 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 6853 6854 if (drv->monitor_sock < 0) { 6855 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available " 6856 "for %s", __func__); 6857 return -1; 6858 } 6859 6860 if (noack) 6861 txflags |= IEEE80211_RADIOTAP_F_TX_NOACK; 6862 WPA_PUT_LE16(&rtap_hdr[12], txflags); 6863 6864 res = sendmsg(drv->monitor_sock, &msg, 0); 6865 if (res < 0) { 6866 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno)); 6867 return -1; 6868 } 6869 return 0; 6870} 6871 6872 6873static int wpa_driver_nl80211_send_frame(struct i802_bss *bss, 6874 const void *data, size_t len, 6875 int encrypt, int noack, 6876 unsigned int freq, int no_cck, 6877 int offchanok, unsigned int wait_time) 6878{ 6879 struct wpa_driver_nl80211_data *drv = bss->drv; 6880 u64 cookie; 6881 int res; 6882 6883 if (freq == 0) { 6884 wpa_printf(MSG_DEBUG, "nl80211: send_frame - Use bss->freq=%u", 6885 bss->freq); 6886 freq = bss->freq; 6887 } 6888 6889 if (drv->use_monitor) { 6890 wpa_printf(MSG_DEBUG, "nl80211: send_frame(freq=%u bss->freq=%u) -> send_mntr", 6891 freq, bss->freq); 6892 return wpa_driver_nl80211_send_mntr(drv, data, len, 6893 encrypt, noack); 6894 } 6895 6896 wpa_printf(MSG_DEBUG, "nl80211: send_frame -> send_frame_cmd"); 6897 res = nl80211_send_frame_cmd(bss, freq, wait_time, data, len, 6898 &cookie, no_cck, noack, offchanok); 6899 if (res == 0 && !noack) { 6900 const struct ieee80211_mgmt *mgmt; 6901 u16 fc; 6902 6903 mgmt = (const struct ieee80211_mgmt *) data; 6904 fc = le_to_host16(mgmt->frame_control); 6905 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6906 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION) { 6907 wpa_printf(MSG_MSGDUMP, 6908 "nl80211: Update send_action_cookie from 0x%llx to 0x%llx", 6909 (long long unsigned int) 6910 drv->send_action_cookie, 6911 (long long unsigned int) cookie); 6912 drv->send_action_cookie = cookie; 6913 } 6914 } 6915 6916 return res; 6917} 6918 6919 6920static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data, 6921 size_t data_len, int noack, 6922 unsigned int freq, int no_cck, 6923 int offchanok, 6924 unsigned int wait_time) 6925{ 6926 struct wpa_driver_nl80211_data *drv = bss->drv; 6927 struct ieee80211_mgmt *mgmt; 6928 int encrypt = 1; 6929 u16 fc; 6930 6931 mgmt = (struct ieee80211_mgmt *) data; 6932 fc = le_to_host16(mgmt->frame_control); 6933 wpa_printf(MSG_DEBUG, "nl80211: send_mlme - noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u fc=0x%x nlmode=%d", 6934 noack, freq, no_cck, offchanok, wait_time, fc, drv->nlmode); 6935 6936 if ((is_sta_interface(drv->nlmode) || 6937 drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) && 6938 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6939 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) { 6940 /* 6941 * The use of last_mgmt_freq is a bit of a hack, 6942 * but it works due to the single-threaded nature 6943 * of wpa_supplicant. 6944 */ 6945 if (freq == 0) { 6946 wpa_printf(MSG_DEBUG, "nl80211: Use last_mgmt_freq=%d", 6947 drv->last_mgmt_freq); 6948 freq = drv->last_mgmt_freq; 6949 } 6950 return nl80211_send_frame_cmd(bss, freq, 0, 6951 data, data_len, NULL, 1, noack, 6952 1); 6953 } 6954 6955 if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) { 6956 if (freq == 0) { 6957 wpa_printf(MSG_DEBUG, "nl80211: Use bss->freq=%d", 6958 bss->freq); 6959 freq = bss->freq; 6960 } 6961 return nl80211_send_frame_cmd(bss, freq, 6962 (int) freq == bss->freq ? 0 : 6963 wait_time, 6964 data, data_len, 6965 &drv->send_action_cookie, 6966 no_cck, noack, offchanok); 6967 } 6968 6969 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6970 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 6971 /* 6972 * Only one of the authentication frame types is encrypted. 6973 * In order for static WEP encryption to work properly (i.e., 6974 * to not encrypt the frame), we need to tell mac80211 about 6975 * the frames that must not be encrypted. 6976 */ 6977 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 6978 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 6979 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 6980 encrypt = 0; 6981 } 6982 6983 wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame"); 6984 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 6985 noack, freq, no_cck, offchanok, 6986 wait_time); 6987} 6988 6989 6990static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble, 6991 int slot, int ht_opmode, int ap_isolate, 6992 int *basic_rates) 6993{ 6994 struct wpa_driver_nl80211_data *drv = bss->drv; 6995 struct nl_msg *msg; 6996 6997 msg = nlmsg_alloc(); 6998 if (!msg) 6999 return -ENOMEM; 7000 7001 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS); 7002 7003 if (cts >= 0) 7004 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 7005 if (preamble >= 0) 7006 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 7007 if (slot >= 0) 7008 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 7009 if (ht_opmode >= 0) 7010 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode); 7011 if (ap_isolate >= 0) 7012 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate); 7013 7014 if (basic_rates) { 7015 u8 rates[NL80211_MAX_SUPP_RATES]; 7016 u8 rates_len = 0; 7017 int i; 7018 7019 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; 7020 i++) 7021 rates[rates_len++] = basic_rates[i] / 5; 7022 7023 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 7024 } 7025 7026 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 7027 7028 return send_and_recv_msgs(drv, msg, NULL, NULL); 7029 nla_put_failure: 7030 nlmsg_free(msg); 7031 return -ENOBUFS; 7032} 7033 7034 7035static int wpa_driver_nl80211_set_acl(void *priv, 7036 struct hostapd_acl_params *params) 7037{ 7038 struct i802_bss *bss = priv; 7039 struct wpa_driver_nl80211_data *drv = bss->drv; 7040 struct nl_msg *msg; 7041 struct nlattr *acl; 7042 unsigned int i; 7043 int ret = 0; 7044 7045 if (!(drv->capa.max_acl_mac_addrs)) 7046 return -ENOTSUP; 7047 7048 if (params->num_mac_acl > drv->capa.max_acl_mac_addrs) 7049 return -ENOTSUP; 7050 7051 msg = nlmsg_alloc(); 7052 if (!msg) 7053 return -ENOMEM; 7054 7055 wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)", 7056 params->acl_policy ? "Accept" : "Deny", params->num_mac_acl); 7057 7058 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_MAC_ACL); 7059 7060 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7061 7062 NLA_PUT_U32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ? 7063 NL80211_ACL_POLICY_DENY_UNLESS_LISTED : 7064 NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED); 7065 7066 acl = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS); 7067 if (acl == NULL) 7068 goto nla_put_failure; 7069 7070 for (i = 0; i < params->num_mac_acl; i++) 7071 NLA_PUT(msg, i + 1, ETH_ALEN, params->mac_acl[i].addr); 7072 7073 nla_nest_end(msg, acl); 7074 7075 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7076 msg = NULL; 7077 if (ret) { 7078 wpa_printf(MSG_DEBUG, "nl80211: Failed to set MAC ACL: %d (%s)", 7079 ret, strerror(-ret)); 7080 } 7081 7082nla_put_failure: 7083 nlmsg_free(msg); 7084 7085 return ret; 7086} 7087 7088 7089static int wpa_driver_nl80211_set_ap(void *priv, 7090 struct wpa_driver_ap_params *params) 7091{ 7092 struct i802_bss *bss = priv; 7093 struct wpa_driver_nl80211_data *drv = bss->drv; 7094 struct nl_msg *msg; 7095 u8 cmd = NL80211_CMD_NEW_BEACON; 7096 int ret; 7097 int beacon_set; 7098 int ifindex = if_nametoindex(bss->ifname); 7099 int num_suites; 7100 u32 suites[10], suite; 7101 u32 ver; 7102 7103 beacon_set = bss->beacon_set; 7104 7105 msg = nlmsg_alloc(); 7106 if (!msg) 7107 return -ENOMEM; 7108 7109 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 7110 beacon_set); 7111 if (beacon_set) 7112 cmd = NL80211_CMD_SET_BEACON; 7113 7114 nl80211_cmd(drv, msg, 0, cmd); 7115 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon head", 7116 params->head, params->head_len); 7117 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head); 7118 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon tail", 7119 params->tail, params->tail_len); 7120 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail); 7121 wpa_printf(MSG_DEBUG, "nl80211: ifindex=%d", ifindex); 7122 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 7123 wpa_printf(MSG_DEBUG, "nl80211: beacon_int=%d", params->beacon_int); 7124 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int); 7125 wpa_printf(MSG_DEBUG, "nl80211: dtim_period=%d", params->dtim_period); 7126 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period); 7127 wpa_hexdump_ascii(MSG_DEBUG, "nl80211: ssid", 7128 params->ssid, params->ssid_len); 7129 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 7130 params->ssid); 7131 if (params->proberesp && params->proberesp_len) { 7132 wpa_hexdump(MSG_DEBUG, "nl80211: proberesp (offload)", 7133 params->proberesp, params->proberesp_len); 7134 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len, 7135 params->proberesp); 7136 } 7137 switch (params->hide_ssid) { 7138 case NO_SSID_HIDING: 7139 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID not in use"); 7140 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7141 NL80211_HIDDEN_SSID_NOT_IN_USE); 7142 break; 7143 case HIDDEN_SSID_ZERO_LEN: 7144 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero len"); 7145 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7146 NL80211_HIDDEN_SSID_ZERO_LEN); 7147 break; 7148 case HIDDEN_SSID_ZERO_CONTENTS: 7149 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero contents"); 7150 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7151 NL80211_HIDDEN_SSID_ZERO_CONTENTS); 7152 break; 7153 } 7154 wpa_printf(MSG_DEBUG, "nl80211: privacy=%d", params->privacy); 7155 if (params->privacy) 7156 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 7157 wpa_printf(MSG_DEBUG, "nl80211: auth_algs=0x%x", params->auth_algs); 7158 if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) == 7159 (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) { 7160 /* Leave out the attribute */ 7161 } else if (params->auth_algs & WPA_AUTH_ALG_SHARED) 7162 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 7163 NL80211_AUTHTYPE_SHARED_KEY); 7164 else 7165 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 7166 NL80211_AUTHTYPE_OPEN_SYSTEM); 7167 7168 wpa_printf(MSG_DEBUG, "nl80211: wpa_version=0x%x", params->wpa_version); 7169 ver = 0; 7170 if (params->wpa_version & WPA_PROTO_WPA) 7171 ver |= NL80211_WPA_VERSION_1; 7172 if (params->wpa_version & WPA_PROTO_RSN) 7173 ver |= NL80211_WPA_VERSION_2; 7174 if (ver) 7175 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 7176 7177 wpa_printf(MSG_DEBUG, "nl80211: key_mgmt_suites=0x%x", 7178 params->key_mgmt_suites); 7179 num_suites = 0; 7180 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X) 7181 suites[num_suites++] = WLAN_AKM_SUITE_8021X; 7182 if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK) 7183 suites[num_suites++] = WLAN_AKM_SUITE_PSK; 7184 if (num_suites) { 7185 NLA_PUT(msg, NL80211_ATTR_AKM_SUITES, 7186 num_suites * sizeof(u32), suites); 7187 } 7188 7189 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X && 7190 params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)) 7191 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT); 7192 7193 wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x", 7194 params->pairwise_ciphers); 7195 num_suites = wpa_cipher_to_cipher_suites(params->pairwise_ciphers, 7196 suites, ARRAY_SIZE(suites)); 7197 if (num_suites) { 7198 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, 7199 num_suites * sizeof(u32), suites); 7200 } 7201 7202 wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x", 7203 params->group_cipher); 7204 suite = wpa_cipher_to_cipher_suite(params->group_cipher); 7205 if (suite) 7206 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite); 7207 7208 if (params->beacon_ies) { 7209 wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies", 7210 params->beacon_ies); 7211 NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies), 7212 wpabuf_head(params->beacon_ies)); 7213 } 7214 if (params->proberesp_ies) { 7215 wpa_hexdump_buf(MSG_DEBUG, "nl80211: proberesp_ies", 7216 params->proberesp_ies); 7217 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 7218 wpabuf_len(params->proberesp_ies), 7219 wpabuf_head(params->proberesp_ies)); 7220 } 7221 if (params->assocresp_ies) { 7222 wpa_hexdump_buf(MSG_DEBUG, "nl80211: assocresp_ies", 7223 params->assocresp_ies); 7224 NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP, 7225 wpabuf_len(params->assocresp_ies), 7226 wpabuf_head(params->assocresp_ies)); 7227 } 7228 7229 if (drv->capa.flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER) { 7230 wpa_printf(MSG_DEBUG, "nl80211: ap_max_inactivity=%d", 7231 params->ap_max_inactivity); 7232 NLA_PUT_U16(msg, NL80211_ATTR_INACTIVITY_TIMEOUT, 7233 params->ap_max_inactivity); 7234 } 7235 7236 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7237 if (ret) { 7238 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 7239 ret, strerror(-ret)); 7240 } else { 7241 bss->beacon_set = 1; 7242 nl80211_set_bss(bss, params->cts_protect, params->preamble, 7243 params->short_slot_time, params->ht_opmode, 7244 params->isolate, params->basic_rates); 7245 } 7246 return ret; 7247 nla_put_failure: 7248 nlmsg_free(msg); 7249 return -ENOBUFS; 7250} 7251 7252 7253static int nl80211_put_freq_params(struct nl_msg *msg, 7254 struct hostapd_freq_params *freq) 7255{ 7256 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq); 7257 if (freq->vht_enabled) { 7258 switch (freq->bandwidth) { 7259 case 20: 7260 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7261 NL80211_CHAN_WIDTH_20); 7262 break; 7263 case 40: 7264 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7265 NL80211_CHAN_WIDTH_40); 7266 break; 7267 case 80: 7268 if (freq->center_freq2) 7269 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7270 NL80211_CHAN_WIDTH_80P80); 7271 else 7272 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7273 NL80211_CHAN_WIDTH_80); 7274 break; 7275 case 160: 7276 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7277 NL80211_CHAN_WIDTH_160); 7278 break; 7279 default: 7280 return -EINVAL; 7281 } 7282 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1); 7283 if (freq->center_freq2) 7284 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2, 7285 freq->center_freq2); 7286 } else if (freq->ht_enabled) { 7287 switch (freq->sec_channel_offset) { 7288 case -1: 7289 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7290 NL80211_CHAN_HT40MINUS); 7291 break; 7292 case 1: 7293 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7294 NL80211_CHAN_HT40PLUS); 7295 break; 7296 default: 7297 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7298 NL80211_CHAN_HT20); 7299 break; 7300 } 7301 } 7302 return 0; 7303 7304nla_put_failure: 7305 return -ENOBUFS; 7306} 7307 7308 7309static int wpa_driver_nl80211_set_freq(struct i802_bss *bss, 7310 struct hostapd_freq_params *freq) 7311{ 7312 struct wpa_driver_nl80211_data *drv = bss->drv; 7313 struct nl_msg *msg; 7314 int ret; 7315 7316 wpa_printf(MSG_DEBUG, 7317 "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)", 7318 freq->freq, freq->ht_enabled, freq->vht_enabled, 7319 freq->bandwidth, freq->center_freq1, freq->center_freq2); 7320 msg = nlmsg_alloc(); 7321 if (!msg) 7322 return -1; 7323 7324 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 7325 7326 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7327 if (nl80211_put_freq_params(msg, freq) < 0) 7328 goto nla_put_failure; 7329 7330 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7331 msg = NULL; 7332 if (ret == 0) { 7333 bss->freq = freq->freq; 7334 return 0; 7335 } 7336 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 7337 "%d (%s)", freq->freq, ret, strerror(-ret)); 7338nla_put_failure: 7339 nlmsg_free(msg); 7340 return -1; 7341} 7342 7343 7344static u32 sta_flags_nl80211(int flags) 7345{ 7346 u32 f = 0; 7347 7348 if (flags & WPA_STA_AUTHORIZED) 7349 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 7350 if (flags & WPA_STA_WMM) 7351 f |= BIT(NL80211_STA_FLAG_WME); 7352 if (flags & WPA_STA_SHORT_PREAMBLE) 7353 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 7354 if (flags & WPA_STA_MFP) 7355 f |= BIT(NL80211_STA_FLAG_MFP); 7356 if (flags & WPA_STA_TDLS_PEER) 7357 f |= BIT(NL80211_STA_FLAG_TDLS_PEER); 7358 7359 return f; 7360} 7361 7362 7363static int wpa_driver_nl80211_sta_add(void *priv, 7364 struct hostapd_sta_add_params *params) 7365{ 7366 struct i802_bss *bss = priv; 7367 struct wpa_driver_nl80211_data *drv = bss->drv; 7368 struct nl_msg *msg; 7369 struct nl80211_sta_flag_update upd; 7370 int ret = -ENOBUFS; 7371 7372 if ((params->flags & WPA_STA_TDLS_PEER) && 7373 !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 7374 return -EOPNOTSUPP; 7375 7376 msg = nlmsg_alloc(); 7377 if (!msg) 7378 return -ENOMEM; 7379 7380 wpa_printf(MSG_DEBUG, "nl80211: %s STA " MACSTR, 7381 params->set ? "Set" : "Add", MAC2STR(params->addr)); 7382 nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION : 7383 NL80211_CMD_NEW_STATION); 7384 7385 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 7386 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 7387 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 7388 params->supp_rates); 7389 wpa_hexdump(MSG_DEBUG, " * supported rates", params->supp_rates, 7390 params->supp_rates_len); 7391 if (!params->set) { 7392 if (params->aid) { 7393 wpa_printf(MSG_DEBUG, " * aid=%u", params->aid); 7394 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 7395 } else { 7396 /* 7397 * cfg80211 validates that AID is non-zero, so we have 7398 * to make this a non-zero value for the TDLS case where 7399 * a dummy STA entry is used for now. 7400 */ 7401 wpa_printf(MSG_DEBUG, " * aid=1 (TDLS workaround)"); 7402 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, 1); 7403 } 7404 wpa_printf(MSG_DEBUG, " * listen_interval=%u", 7405 params->listen_interval); 7406 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 7407 params->listen_interval); 7408 } else if (params->aid && (params->flags & WPA_STA_TDLS_PEER)) { 7409 wpa_printf(MSG_DEBUG, " * peer_aid=%u", params->aid); 7410 NLA_PUT_U16(msg, NL80211_ATTR_PEER_AID, params->aid); 7411 } 7412 if (params->ht_capabilities) { 7413 wpa_hexdump(MSG_DEBUG, " * ht_capabilities", 7414 (u8 *) params->ht_capabilities, 7415 sizeof(*params->ht_capabilities)); 7416 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 7417 sizeof(*params->ht_capabilities), 7418 params->ht_capabilities); 7419 } 7420 7421 if (params->vht_capabilities) { 7422 wpa_hexdump(MSG_DEBUG, " * vht_capabilities", 7423 (u8 *) params->vht_capabilities, 7424 sizeof(*params->vht_capabilities)); 7425 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, 7426 sizeof(*params->vht_capabilities), 7427 params->vht_capabilities); 7428 } 7429 7430 if (params->vht_opmode_enabled) { 7431 wpa_printf(MSG_DEBUG, " * opmode=%u", params->vht_opmode); 7432 NLA_PUT_U8(msg, NL80211_ATTR_OPMODE_NOTIF, 7433 params->vht_opmode); 7434 } 7435 7436 wpa_printf(MSG_DEBUG, " * capability=0x%x", params->capability); 7437 NLA_PUT_U16(msg, NL80211_ATTR_STA_CAPABILITY, params->capability); 7438 7439 if (params->ext_capab) { 7440 wpa_hexdump(MSG_DEBUG, " * ext_capab", 7441 params->ext_capab, params->ext_capab_len); 7442 NLA_PUT(msg, NL80211_ATTR_STA_EXT_CAPABILITY, 7443 params->ext_capab_len, params->ext_capab); 7444 } 7445 7446 if (params->supp_channels) { 7447 wpa_hexdump(MSG_DEBUG, " * supported channels", 7448 params->supp_channels, params->supp_channels_len); 7449 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_CHANNELS, 7450 params->supp_channels_len, params->supp_channels); 7451 } 7452 7453 if (params->supp_oper_classes) { 7454 wpa_hexdump(MSG_DEBUG, " * supported operating classes", 7455 params->supp_oper_classes, 7456 params->supp_oper_classes_len); 7457 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES, 7458 params->supp_oper_classes_len, 7459 params->supp_oper_classes); 7460 } 7461 7462 os_memset(&upd, 0, sizeof(upd)); 7463 upd.mask = sta_flags_nl80211(params->flags); 7464 upd.set = upd.mask; 7465 wpa_printf(MSG_DEBUG, " * flags set=0x%x mask=0x%x", 7466 upd.set, upd.mask); 7467 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 7468 7469 if (params->flags & WPA_STA_WMM) { 7470 struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME); 7471 7472 if (!wme) 7473 goto nla_put_failure; 7474 7475 wpa_printf(MSG_DEBUG, " * qosinfo=0x%x", params->qosinfo); 7476 NLA_PUT_U8(msg, NL80211_STA_WME_UAPSD_QUEUES, 7477 params->qosinfo & WMM_QOSINFO_STA_AC_MASK); 7478 NLA_PUT_U8(msg, NL80211_STA_WME_MAX_SP, 7479 (params->qosinfo >> WMM_QOSINFO_STA_SP_SHIFT) & 7480 WMM_QOSINFO_STA_SP_MASK); 7481 nla_nest_end(msg, wme); 7482 } 7483 7484 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7485 msg = NULL; 7486 if (ret) 7487 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION " 7488 "result: %d (%s)", params->set ? "SET" : "NEW", ret, 7489 strerror(-ret)); 7490 if (ret == -EEXIST) 7491 ret = 0; 7492 nla_put_failure: 7493 nlmsg_free(msg); 7494 return ret; 7495} 7496 7497 7498static int wpa_driver_nl80211_sta_remove(struct i802_bss *bss, const u8 *addr) 7499{ 7500 struct wpa_driver_nl80211_data *drv = bss->drv; 7501 struct nl_msg *msg; 7502 int ret; 7503 7504 msg = nlmsg_alloc(); 7505 if (!msg) 7506 return -ENOMEM; 7507 7508 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 7509 7510 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 7511 if_nametoindex(bss->ifname)); 7512 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7513 7514 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7515 wpa_printf(MSG_DEBUG, "nl80211: sta_remove -> DEL_STATION %s " MACSTR 7516 " --> %d (%s)", 7517 bss->ifname, MAC2STR(addr), ret, strerror(-ret)); 7518 if (ret == -ENOENT) 7519 return 0; 7520 return ret; 7521 nla_put_failure: 7522 nlmsg_free(msg); 7523 return -ENOBUFS; 7524} 7525 7526 7527static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 7528 int ifidx) 7529{ 7530 struct nl_msg *msg; 7531 7532 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 7533 7534 /* stop listening for EAPOL on this interface */ 7535 del_ifidx(drv, ifidx); 7536 7537 msg = nlmsg_alloc(); 7538 if (!msg) 7539 goto nla_put_failure; 7540 7541 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 7542 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 7543 7544 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 7545 return; 7546 msg = NULL; 7547 nla_put_failure: 7548 nlmsg_free(msg); 7549 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 7550} 7551 7552 7553static const char * nl80211_iftype_str(enum nl80211_iftype mode) 7554{ 7555 switch (mode) { 7556 case NL80211_IFTYPE_ADHOC: 7557 return "ADHOC"; 7558 case NL80211_IFTYPE_STATION: 7559 return "STATION"; 7560 case NL80211_IFTYPE_AP: 7561 return "AP"; 7562 case NL80211_IFTYPE_AP_VLAN: 7563 return "AP_VLAN"; 7564 case NL80211_IFTYPE_WDS: 7565 return "WDS"; 7566 case NL80211_IFTYPE_MONITOR: 7567 return "MONITOR"; 7568 case NL80211_IFTYPE_MESH_POINT: 7569 return "MESH_POINT"; 7570 case NL80211_IFTYPE_P2P_CLIENT: 7571 return "P2P_CLIENT"; 7572 case NL80211_IFTYPE_P2P_GO: 7573 return "P2P_GO"; 7574 case NL80211_IFTYPE_P2P_DEVICE: 7575 return "P2P_DEVICE"; 7576 default: 7577 return "unknown"; 7578 } 7579} 7580 7581 7582static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 7583 const char *ifname, 7584 enum nl80211_iftype iftype, 7585 const u8 *addr, int wds, 7586 int (*handler)(struct nl_msg *, void *), 7587 void *arg) 7588{ 7589 struct nl_msg *msg; 7590 int ifidx; 7591 int ret = -ENOBUFS; 7592 7593 wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)", 7594 iftype, nl80211_iftype_str(iftype)); 7595 7596 msg = nlmsg_alloc(); 7597 if (!msg) 7598 return -1; 7599 7600 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE); 7601 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 7602 goto nla_put_failure; 7603 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 7604 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 7605 7606 if (iftype == NL80211_IFTYPE_MONITOR) { 7607 struct nlattr *flags; 7608 7609 flags = nla_nest_start(msg, NL80211_ATTR_MNTR_FLAGS); 7610 if (!flags) 7611 goto nla_put_failure; 7612 7613 NLA_PUT_FLAG(msg, NL80211_MNTR_FLAG_COOK_FRAMES); 7614 7615 nla_nest_end(msg, flags); 7616 } else if (wds) { 7617 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 7618 } 7619 7620 ret = send_and_recv_msgs(drv, msg, handler, arg); 7621 msg = NULL; 7622 if (ret) { 7623 nla_put_failure: 7624 nlmsg_free(msg); 7625 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 7626 ifname, ret, strerror(-ret)); 7627 return ret; 7628 } 7629 7630 if (iftype == NL80211_IFTYPE_P2P_DEVICE) 7631 return 0; 7632 7633 ifidx = if_nametoindex(ifname); 7634 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 7635 ifname, ifidx); 7636 7637 if (ifidx <= 0) 7638 return -1; 7639 7640 /* start listening for EAPOL on this interface */ 7641 add_ifidx(drv, ifidx); 7642 7643 if (addr && iftype != NL80211_IFTYPE_MONITOR && 7644 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) { 7645 nl80211_remove_iface(drv, ifidx); 7646 return -1; 7647 } 7648 7649 return ifidx; 7650} 7651 7652 7653static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 7654 const char *ifname, enum nl80211_iftype iftype, 7655 const u8 *addr, int wds, 7656 int (*handler)(struct nl_msg *, void *), 7657 void *arg, int use_existing) 7658{ 7659 int ret; 7660 7661 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds, handler, 7662 arg); 7663 7664 /* if error occurred and interface exists already */ 7665 if (ret == -ENFILE && if_nametoindex(ifname)) { 7666 if (use_existing) { 7667 wpa_printf(MSG_DEBUG, "nl80211: Continue using existing interface %s", 7668 ifname); 7669 if (addr && iftype != NL80211_IFTYPE_MONITOR && 7670 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 7671 addr) < 0 && 7672 (linux_set_iface_flags(drv->global->ioctl_sock, 7673 ifname, 0) < 0 || 7674 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 7675 addr) < 0 || 7676 linux_set_iface_flags(drv->global->ioctl_sock, 7677 ifname, 1) < 0)) 7678 return -1; 7679 return -ENFILE; 7680 } 7681 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 7682 7683 /* Try to remove the interface that was already there. */ 7684 nl80211_remove_iface(drv, if_nametoindex(ifname)); 7685 7686 /* Try to create the interface again */ 7687 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 7688 wds, handler, arg); 7689 } 7690 7691 if (ret >= 0 && is_p2p_net_interface(iftype)) 7692 nl80211_disable_11b_rates(drv, ret, 1); 7693 7694 return ret; 7695} 7696 7697 7698static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 7699{ 7700 struct ieee80211_hdr *hdr; 7701 u16 fc; 7702 union wpa_event_data event; 7703 7704 hdr = (struct ieee80211_hdr *) buf; 7705 fc = le_to_host16(hdr->frame_control); 7706 7707 os_memset(&event, 0, sizeof(event)); 7708 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 7709 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 7710 event.tx_status.dst = hdr->addr1; 7711 event.tx_status.data = buf; 7712 event.tx_status.data_len = len; 7713 event.tx_status.ack = ok; 7714 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 7715} 7716 7717 7718static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 7719 u8 *buf, size_t len) 7720{ 7721 struct ieee80211_hdr *hdr = (void *)buf; 7722 u16 fc; 7723 union wpa_event_data event; 7724 7725 if (len < sizeof(*hdr)) 7726 return; 7727 7728 fc = le_to_host16(hdr->frame_control); 7729 7730 os_memset(&event, 0, sizeof(event)); 7731 event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len); 7732 event.rx_from_unknown.addr = hdr->addr2; 7733 event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) == 7734 (WLAN_FC_FROMDS | WLAN_FC_TODS); 7735 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 7736} 7737 7738 7739static void handle_frame(struct wpa_driver_nl80211_data *drv, 7740 u8 *buf, size_t len, int datarate, int ssi_signal) 7741{ 7742 struct ieee80211_hdr *hdr; 7743 u16 fc; 7744 union wpa_event_data event; 7745 7746 hdr = (struct ieee80211_hdr *) buf; 7747 fc = le_to_host16(hdr->frame_control); 7748 7749 switch (WLAN_FC_GET_TYPE(fc)) { 7750 case WLAN_FC_TYPE_MGMT: 7751 os_memset(&event, 0, sizeof(event)); 7752 event.rx_mgmt.frame = buf; 7753 event.rx_mgmt.frame_len = len; 7754 event.rx_mgmt.datarate = datarate; 7755 event.rx_mgmt.ssi_signal = ssi_signal; 7756 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 7757 break; 7758 case WLAN_FC_TYPE_CTRL: 7759 /* can only get here with PS-Poll frames */ 7760 wpa_printf(MSG_DEBUG, "CTRL"); 7761 from_unknown_sta(drv, buf, len); 7762 break; 7763 case WLAN_FC_TYPE_DATA: 7764 from_unknown_sta(drv, buf, len); 7765 break; 7766 } 7767} 7768 7769 7770static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 7771{ 7772 struct wpa_driver_nl80211_data *drv = eloop_ctx; 7773 int len; 7774 unsigned char buf[3000]; 7775 struct ieee80211_radiotap_iterator iter; 7776 int ret; 7777 int datarate = 0, ssi_signal = 0; 7778 int injected = 0, failed = 0, rxflags = 0; 7779 7780 len = recv(sock, buf, sizeof(buf), 0); 7781 if (len < 0) { 7782 wpa_printf(MSG_ERROR, "nl80211: Monitor socket recv failed: %s", 7783 strerror(errno)); 7784 return; 7785 } 7786 7787 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) { 7788 wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame"); 7789 return; 7790 } 7791 7792 while (1) { 7793 ret = ieee80211_radiotap_iterator_next(&iter); 7794 if (ret == -ENOENT) 7795 break; 7796 if (ret) { 7797 wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame (%d)", 7798 ret); 7799 return; 7800 } 7801 switch (iter.this_arg_index) { 7802 case IEEE80211_RADIOTAP_FLAGS: 7803 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 7804 len -= 4; 7805 break; 7806 case IEEE80211_RADIOTAP_RX_FLAGS: 7807 rxflags = 1; 7808 break; 7809 case IEEE80211_RADIOTAP_TX_FLAGS: 7810 injected = 1; 7811 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 7812 IEEE80211_RADIOTAP_F_TX_FAIL; 7813 break; 7814 case IEEE80211_RADIOTAP_DATA_RETRIES: 7815 break; 7816 case IEEE80211_RADIOTAP_CHANNEL: 7817 /* TODO: convert from freq/flags to channel number */ 7818 break; 7819 case IEEE80211_RADIOTAP_RATE: 7820 datarate = *iter.this_arg * 5; 7821 break; 7822 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: 7823 ssi_signal = (s8) *iter.this_arg; 7824 break; 7825 } 7826 } 7827 7828 if (rxflags && injected) 7829 return; 7830 7831 if (!injected) 7832 handle_frame(drv, buf + iter.max_length, 7833 len - iter.max_length, datarate, ssi_signal); 7834 else 7835 handle_tx_callback(drv->ctx, buf + iter.max_length, 7836 len - iter.max_length, !failed); 7837} 7838 7839 7840/* 7841 * we post-process the filter code later and rewrite 7842 * this to the offset to the last instruction 7843 */ 7844#define PASS 0xFF 7845#define FAIL 0xFE 7846 7847static struct sock_filter msock_filter_insns[] = { 7848 /* 7849 * do a little-endian load of the radiotap length field 7850 */ 7851 /* load lower byte into A */ 7852 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 7853 /* put it into X (== index register) */ 7854 BPF_STMT(BPF_MISC| BPF_TAX, 0), 7855 /* load upper byte into A */ 7856 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 7857 /* left-shift it by 8 */ 7858 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 7859 /* or with X */ 7860 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 7861 /* put result into X */ 7862 BPF_STMT(BPF_MISC| BPF_TAX, 0), 7863 7864 /* 7865 * Allow management frames through, this also gives us those 7866 * management frames that we sent ourselves with status 7867 */ 7868 /* load the lower byte of the IEEE 802.11 frame control field */ 7869 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7870 /* mask off frame type and version */ 7871 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 7872 /* accept frame if it's both 0, fall through otherwise */ 7873 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 7874 7875 /* 7876 * TODO: add a bit to radiotap RX flags that indicates 7877 * that the sending station is not associated, then 7878 * add a filter here that filters on our DA and that flag 7879 * to allow us to deauth frames to that bad station. 7880 * 7881 * For now allow all To DS data frames through. 7882 */ 7883 /* load the IEEE 802.11 frame control field */ 7884 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0), 7885 /* mask off frame type, version and DS status */ 7886 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03), 7887 /* accept frame if version 0, type 2 and To DS, fall through otherwise 7888 */ 7889 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0), 7890 7891#if 0 7892 /* 7893 * drop non-data frames 7894 */ 7895 /* load the lower byte of the frame control field */ 7896 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7897 /* mask off QoS bit */ 7898 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 7899 /* drop non-data frames */ 7900 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 7901#endif 7902 /* load the upper byte of the frame control field */ 7903 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 7904 /* mask off toDS/fromDS */ 7905 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 7906 /* accept WDS frames */ 7907 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 7908 7909 /* 7910 * add header length to index 7911 */ 7912 /* load the lower byte of the frame control field */ 7913 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7914 /* mask off QoS bit */ 7915 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 7916 /* right shift it by 6 to give 0 or 2 */ 7917 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 7918 /* add data frame header length */ 7919 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 7920 /* add index, was start of 802.11 header */ 7921 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 7922 /* move to index, now start of LL header */ 7923 BPF_STMT(BPF_MISC | BPF_TAX, 0), 7924 7925 /* 7926 * Accept empty data frames, we use those for 7927 * polling activity. 7928 */ 7929 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 7930 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 7931 7932 /* 7933 * Accept EAPOL frames 7934 */ 7935 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 7936 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 7937 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 7938 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 7939 7940 /* keep these last two statements or change the code below */ 7941 /* return 0 == "DROP" */ 7942 BPF_STMT(BPF_RET | BPF_K, 0), 7943 /* return ~0 == "keep all" */ 7944 BPF_STMT(BPF_RET | BPF_K, ~0), 7945}; 7946 7947static struct sock_fprog msock_filter = { 7948 .len = ARRAY_SIZE(msock_filter_insns), 7949 .filter = msock_filter_insns, 7950}; 7951 7952 7953static int add_monitor_filter(int s) 7954{ 7955 int idx; 7956 7957 /* rewrite all PASS/FAIL jump offsets */ 7958 for (idx = 0; idx < msock_filter.len; idx++) { 7959 struct sock_filter *insn = &msock_filter_insns[idx]; 7960 7961 if (BPF_CLASS(insn->code) == BPF_JMP) { 7962 if (insn->code == (BPF_JMP|BPF_JA)) { 7963 if (insn->k == PASS) 7964 insn->k = msock_filter.len - idx - 2; 7965 else if (insn->k == FAIL) 7966 insn->k = msock_filter.len - idx - 3; 7967 } 7968 7969 if (insn->jt == PASS) 7970 insn->jt = msock_filter.len - idx - 2; 7971 else if (insn->jt == FAIL) 7972 insn->jt = msock_filter.len - idx - 3; 7973 7974 if (insn->jf == PASS) 7975 insn->jf = msock_filter.len - idx - 2; 7976 else if (insn->jf == FAIL) 7977 insn->jf = msock_filter.len - idx - 3; 7978 } 7979 } 7980 7981 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 7982 &msock_filter, sizeof(msock_filter))) { 7983 wpa_printf(MSG_ERROR, "nl80211: setsockopt(SO_ATTACH_FILTER) failed: %s", 7984 strerror(errno)); 7985 return -1; 7986 } 7987 7988 return 0; 7989} 7990 7991 7992static void nl80211_remove_monitor_interface( 7993 struct wpa_driver_nl80211_data *drv) 7994{ 7995 if (drv->monitor_refcount > 0) 7996 drv->monitor_refcount--; 7997 wpa_printf(MSG_DEBUG, "nl80211: Remove monitor interface: refcount=%d", 7998 drv->monitor_refcount); 7999 if (drv->monitor_refcount > 0) 8000 return; 8001 8002 if (drv->monitor_ifidx >= 0) { 8003 nl80211_remove_iface(drv, drv->monitor_ifidx); 8004 drv->monitor_ifidx = -1; 8005 } 8006 if (drv->monitor_sock >= 0) { 8007 eloop_unregister_read_sock(drv->monitor_sock); 8008 close(drv->monitor_sock); 8009 drv->monitor_sock = -1; 8010 } 8011} 8012 8013 8014static int 8015nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 8016{ 8017 char buf[IFNAMSIZ]; 8018 struct sockaddr_ll ll; 8019 int optval; 8020 socklen_t optlen; 8021 8022 if (drv->monitor_ifidx >= 0) { 8023 drv->monitor_refcount++; 8024 wpa_printf(MSG_DEBUG, "nl80211: Re-use existing monitor interface: refcount=%d", 8025 drv->monitor_refcount); 8026 return 0; 8027 } 8028 8029 if (os_strncmp(drv->first_bss->ifname, "p2p-", 4) == 0) { 8030 /* 8031 * P2P interface name is of the format p2p-%s-%d. For monitor 8032 * interface name corresponding to P2P GO, replace "p2p-" with 8033 * "mon-" to retain the same interface name length and to 8034 * indicate that it is a monitor interface. 8035 */ 8036 snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss->ifname + 4); 8037 } else { 8038 /* Non-P2P interface with AP functionality. */ 8039 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss->ifname); 8040 } 8041 8042 buf[IFNAMSIZ - 1] = '\0'; 8043 8044 drv->monitor_ifidx = 8045 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 8046 0, NULL, NULL, 0); 8047 8048 if (drv->monitor_ifidx == -EOPNOTSUPP) { 8049 /* 8050 * This is backward compatibility for a few versions of 8051 * the kernel only that didn't advertise the right 8052 * attributes for the only driver that then supported 8053 * AP mode w/o monitor -- ath6kl. 8054 */ 8055 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support " 8056 "monitor interface type - try to run without it"); 8057 drv->device_ap_sme = 1; 8058 } 8059 8060 if (drv->monitor_ifidx < 0) 8061 return -1; 8062 8063 if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1)) 8064 goto error; 8065 8066 memset(&ll, 0, sizeof(ll)); 8067 ll.sll_family = AF_PACKET; 8068 ll.sll_ifindex = drv->monitor_ifidx; 8069 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 8070 if (drv->monitor_sock < 0) { 8071 wpa_printf(MSG_ERROR, "nl80211: socket[PF_PACKET,SOCK_RAW] failed: %s", 8072 strerror(errno)); 8073 goto error; 8074 } 8075 8076 if (add_monitor_filter(drv->monitor_sock)) { 8077 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 8078 "interface; do filtering in user space"); 8079 /* This works, but will cost in performance. */ 8080 } 8081 8082 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 8083 wpa_printf(MSG_ERROR, "nl80211: monitor socket bind failed: %s", 8084 strerror(errno)); 8085 goto error; 8086 } 8087 8088 optlen = sizeof(optval); 8089 optval = 20; 8090 if (setsockopt 8091 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 8092 wpa_printf(MSG_ERROR, "nl80211: Failed to set socket priority: %s", 8093 strerror(errno)); 8094 goto error; 8095 } 8096 8097 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 8098 drv, NULL)) { 8099 wpa_printf(MSG_INFO, "nl80211: Could not register monitor read socket"); 8100 goto error; 8101 } 8102 8103 drv->monitor_refcount++; 8104 return 0; 8105 error: 8106 nl80211_remove_monitor_interface(drv); 8107 return -1; 8108} 8109 8110 8111static int nl80211_setup_ap(struct i802_bss *bss) 8112{ 8113 struct wpa_driver_nl80211_data *drv = bss->drv; 8114 8115 wpa_printf(MSG_DEBUG, "nl80211: Setup AP(%s) - device_ap_sme=%d use_monitor=%d", 8116 bss->ifname, drv->device_ap_sme, drv->use_monitor); 8117 8118 /* 8119 * Disable Probe Request reporting unless we need it in this way for 8120 * devices that include the AP SME, in the other case (unless using 8121 * monitor iface) we'll get it through the nl_mgmt socket instead. 8122 */ 8123 if (!drv->device_ap_sme) 8124 wpa_driver_nl80211_probe_req_report(bss, 0); 8125 8126 if (!drv->device_ap_sme && !drv->use_monitor) 8127 if (nl80211_mgmt_subscribe_ap(bss)) 8128 return -1; 8129 8130 if (drv->device_ap_sme && !drv->use_monitor) 8131 if (nl80211_mgmt_subscribe_ap_dev_sme(bss)) 8132 return -1; 8133 8134 if (!drv->device_ap_sme && drv->use_monitor && 8135 nl80211_create_monitor_interface(drv) && 8136 !drv->device_ap_sme) 8137 return -1; 8138 8139 if (drv->device_ap_sme && 8140 wpa_driver_nl80211_probe_req_report(bss, 1) < 0) { 8141 wpa_printf(MSG_DEBUG, "nl80211: Failed to enable " 8142 "Probe Request frame reporting in AP mode"); 8143 /* Try to survive without this */ 8144 } 8145 8146 return 0; 8147} 8148 8149 8150static void nl80211_teardown_ap(struct i802_bss *bss) 8151{ 8152 struct wpa_driver_nl80211_data *drv = bss->drv; 8153 8154 wpa_printf(MSG_DEBUG, "nl80211: Teardown AP(%s) - device_ap_sme=%d use_monitor=%d", 8155 bss->ifname, drv->device_ap_sme, drv->use_monitor); 8156 if (drv->device_ap_sme) { 8157 wpa_driver_nl80211_probe_req_report(bss, 0); 8158 if (!drv->use_monitor) 8159 nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)"); 8160 } else if (drv->use_monitor) 8161 nl80211_remove_monitor_interface(drv); 8162 else 8163 nl80211_mgmt_unsubscribe(bss, "AP teardown"); 8164 8165 bss->beacon_set = 0; 8166} 8167 8168 8169static int nl80211_send_eapol_data(struct i802_bss *bss, 8170 const u8 *addr, const u8 *data, 8171 size_t data_len) 8172{ 8173 struct sockaddr_ll ll; 8174 int ret; 8175 8176 if (bss->drv->eapol_tx_sock < 0) { 8177 wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL"); 8178 return -1; 8179 } 8180 8181 os_memset(&ll, 0, sizeof(ll)); 8182 ll.sll_family = AF_PACKET; 8183 ll.sll_ifindex = bss->ifindex; 8184 ll.sll_protocol = htons(ETH_P_PAE); 8185 ll.sll_halen = ETH_ALEN; 8186 os_memcpy(ll.sll_addr, addr, ETH_ALEN); 8187 ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0, 8188 (struct sockaddr *) &ll, sizeof(ll)); 8189 if (ret < 0) 8190 wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s", 8191 strerror(errno)); 8192 8193 return ret; 8194} 8195 8196 8197static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 8198 8199static int wpa_driver_nl80211_hapd_send_eapol( 8200 void *priv, const u8 *addr, const u8 *data, 8201 size_t data_len, int encrypt, const u8 *own_addr, u32 flags) 8202{ 8203 struct i802_bss *bss = priv; 8204 struct wpa_driver_nl80211_data *drv = bss->drv; 8205 struct ieee80211_hdr *hdr; 8206 size_t len; 8207 u8 *pos; 8208 int res; 8209 int qos = flags & WPA_STA_WMM; 8210 8211 if (drv->device_ap_sme || !drv->use_monitor) 8212 return nl80211_send_eapol_data(bss, addr, data, data_len); 8213 8214 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 8215 data_len; 8216 hdr = os_zalloc(len); 8217 if (hdr == NULL) { 8218 wpa_printf(MSG_INFO, "nl80211: Failed to allocate EAPOL buffer(len=%lu)", 8219 (unsigned long) len); 8220 return -1; 8221 } 8222 8223 hdr->frame_control = 8224 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 8225 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 8226 if (encrypt) 8227 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 8228 if (qos) { 8229 hdr->frame_control |= 8230 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 8231 } 8232 8233 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 8234 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 8235 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 8236 pos = (u8 *) (hdr + 1); 8237 8238 if (qos) { 8239 /* Set highest priority in QoS header */ 8240 pos[0] = 7; 8241 pos[1] = 0; 8242 pos += 2; 8243 } 8244 8245 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 8246 pos += sizeof(rfc1042_header); 8247 WPA_PUT_BE16(pos, ETH_P_PAE); 8248 pos += 2; 8249 memcpy(pos, data, data_len); 8250 8251 res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0, 8252 0, 0, 0, 0); 8253 if (res < 0) { 8254 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 8255 "failed: %d (%s)", 8256 (unsigned long) len, errno, strerror(errno)); 8257 } 8258 os_free(hdr); 8259 8260 return res; 8261} 8262 8263 8264static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 8265 int total_flags, 8266 int flags_or, int flags_and) 8267{ 8268 struct i802_bss *bss = priv; 8269 struct wpa_driver_nl80211_data *drv = bss->drv; 8270 struct nl_msg *msg; 8271 struct nlattr *flags; 8272 struct nl80211_sta_flag_update upd; 8273 8274 msg = nlmsg_alloc(); 8275 if (!msg) 8276 return -ENOMEM; 8277 8278 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 8279 8280 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 8281 if_nametoindex(bss->ifname)); 8282 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8283 8284 /* 8285 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 8286 * can be removed eventually. 8287 */ 8288 flags = nla_nest_start(msg, NL80211_ATTR_STA_FLAGS); 8289 if (!flags) 8290 goto nla_put_failure; 8291 if (total_flags & WPA_STA_AUTHORIZED) 8292 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_AUTHORIZED); 8293 8294 if (total_flags & WPA_STA_WMM) 8295 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_WME); 8296 8297 if (total_flags & WPA_STA_SHORT_PREAMBLE) 8298 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_SHORT_PREAMBLE); 8299 8300 if (total_flags & WPA_STA_MFP) 8301 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_MFP); 8302 8303 if (total_flags & WPA_STA_TDLS_PEER) 8304 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_TDLS_PEER); 8305 8306 nla_nest_end(msg, flags); 8307 8308 os_memset(&upd, 0, sizeof(upd)); 8309 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 8310 upd.set = sta_flags_nl80211(flags_or); 8311 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 8312 8313 return send_and_recv_msgs(drv, msg, NULL, NULL); 8314 nla_put_failure: 8315 nlmsg_free(msg); 8316 return -ENOBUFS; 8317} 8318 8319 8320static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 8321 struct wpa_driver_associate_params *params) 8322{ 8323 enum nl80211_iftype nlmode, old_mode; 8324 struct hostapd_freq_params freq = { 8325 .freq = params->freq, 8326 }; 8327 8328 if (params->p2p) { 8329 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P " 8330 "group (GO)"); 8331 nlmode = NL80211_IFTYPE_P2P_GO; 8332 } else 8333 nlmode = NL80211_IFTYPE_AP; 8334 8335 old_mode = drv->nlmode; 8336 if (wpa_driver_nl80211_set_mode(drv->first_bss, nlmode)) { 8337 nl80211_remove_monitor_interface(drv); 8338 return -1; 8339 } 8340 8341 if (wpa_driver_nl80211_set_freq(drv->first_bss, &freq)) { 8342 if (old_mode != nlmode) 8343 wpa_driver_nl80211_set_mode(drv->first_bss, old_mode); 8344 nl80211_remove_monitor_interface(drv); 8345 return -1; 8346 } 8347 8348 return 0; 8349} 8350 8351 8352static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 8353{ 8354 struct nl_msg *msg; 8355 int ret = -1; 8356 8357 msg = nlmsg_alloc(); 8358 if (!msg) 8359 return -1; 8360 8361 nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS); 8362 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8363 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8364 msg = NULL; 8365 if (ret) { 8366 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 8367 "(%s)", ret, strerror(-ret)); 8368 goto nla_put_failure; 8369 } 8370 8371 ret = 0; 8372 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 8373 8374nla_put_failure: 8375 if (wpa_driver_nl80211_set_mode(drv->first_bss, 8376 NL80211_IFTYPE_STATION)) { 8377 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 8378 "station mode"); 8379 } 8380 8381 nlmsg_free(msg); 8382 return ret; 8383} 8384 8385 8386static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 8387 struct wpa_driver_associate_params *params) 8388{ 8389 struct nl_msg *msg; 8390 int ret = -1; 8391 int count = 0; 8392 8393 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 8394 8395 if (wpa_driver_nl80211_set_mode(drv->first_bss, 8396 NL80211_IFTYPE_ADHOC)) { 8397 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 8398 "IBSS mode"); 8399 return -1; 8400 } 8401 8402retry: 8403 msg = nlmsg_alloc(); 8404 if (!msg) 8405 return -1; 8406 8407 nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS); 8408 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8409 8410 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 8411 goto nla_put_failure; 8412 8413 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 8414 params->ssid, params->ssid_len); 8415 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 8416 params->ssid); 8417 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 8418 drv->ssid_len = params->ssid_len; 8419 8420 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 8421 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 8422 8423 if (params->beacon_int > 0) { 8424 wpa_printf(MSG_DEBUG, " * beacon_int=%d", params->beacon_int); 8425 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, 8426 params->beacon_int); 8427 } 8428 8429 ret = nl80211_set_conn_keys(params, msg); 8430 if (ret) 8431 goto nla_put_failure; 8432 8433 if (params->bssid && params->fixed_bssid) { 8434 wpa_printf(MSG_DEBUG, " * BSSID=" MACSTR, 8435 MAC2STR(params->bssid)); 8436 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 8437 } 8438 8439 if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X || 8440 params->key_mgmt_suite == WPA_KEY_MGMT_PSK || 8441 params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 || 8442 params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) { 8443 wpa_printf(MSG_DEBUG, " * control port"); 8444 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 8445 } 8446 8447 if (params->wpa_ie) { 8448 wpa_hexdump(MSG_DEBUG, 8449 " * Extra IEs for Beacon/Probe Response frames", 8450 params->wpa_ie, params->wpa_ie_len); 8451 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 8452 params->wpa_ie); 8453 } 8454 8455 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8456 msg = NULL; 8457 if (ret) { 8458 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 8459 ret, strerror(-ret)); 8460 count++; 8461 if (ret == -EALREADY && count == 1) { 8462 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 8463 "forced leave"); 8464 nl80211_leave_ibss(drv); 8465 nlmsg_free(msg); 8466 goto retry; 8467 } 8468 8469 goto nla_put_failure; 8470 } 8471 ret = 0; 8472 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 8473 8474nla_put_failure: 8475 nlmsg_free(msg); 8476 return ret; 8477} 8478 8479 8480static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, 8481 struct wpa_driver_associate_params *params, 8482 struct nl_msg *msg) 8483{ 8484 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8485 8486 if (params->bssid) { 8487 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 8488 MAC2STR(params->bssid)); 8489 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 8490 } 8491 8492 if (params->bssid_hint) { 8493 wpa_printf(MSG_DEBUG, " * bssid_hint=" MACSTR, 8494 MAC2STR(params->bssid_hint)); 8495 NLA_PUT(msg, NL80211_ATTR_MAC_HINT, ETH_ALEN, 8496 params->bssid_hint); 8497 } 8498 8499 if (params->freq) { 8500 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 8501 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 8502 drv->assoc_freq = params->freq; 8503 } else 8504 drv->assoc_freq = 0; 8505 8506 if (params->freq_hint) { 8507 wpa_printf(MSG_DEBUG, " * freq_hint=%d", params->freq_hint); 8508 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ_HINT, 8509 params->freq_hint); 8510 } 8511 8512 if (params->bg_scan_period >= 0) { 8513 wpa_printf(MSG_DEBUG, " * bg scan period=%d", 8514 params->bg_scan_period); 8515 NLA_PUT_U16(msg, NL80211_ATTR_BG_SCAN_PERIOD, 8516 params->bg_scan_period); 8517 } 8518 8519 if (params->ssid) { 8520 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 8521 params->ssid, params->ssid_len); 8522 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 8523 params->ssid); 8524 if (params->ssid_len > sizeof(drv->ssid)) 8525 goto nla_put_failure; 8526 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 8527 drv->ssid_len = params->ssid_len; 8528 } 8529 8530 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 8531 if (params->wpa_ie) 8532 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 8533 params->wpa_ie); 8534 8535 if (params->wpa_proto) { 8536 enum nl80211_wpa_versions ver = 0; 8537 8538 if (params->wpa_proto & WPA_PROTO_WPA) 8539 ver |= NL80211_WPA_VERSION_1; 8540 if (params->wpa_proto & WPA_PROTO_RSN) 8541 ver |= NL80211_WPA_VERSION_2; 8542 8543 wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver); 8544 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 8545 } 8546 8547 if (params->pairwise_suite != WPA_CIPHER_NONE) { 8548 u32 cipher = wpa_cipher_to_cipher_suite(params->pairwise_suite); 8549 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher); 8550 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 8551 } 8552 8553 if (params->group_suite == WPA_CIPHER_GTK_NOT_USED && 8554 !(drv->capa.enc & WPA_DRIVER_CAPA_ENC_GTK_NOT_USED)) { 8555 /* 8556 * This is likely to work even though many drivers do not 8557 * advertise support for operations without GTK. 8558 */ 8559 wpa_printf(MSG_DEBUG, " * skip group cipher configuration for GTK_NOT_USED due to missing driver support advertisement"); 8560 } else if (params->group_suite != WPA_CIPHER_NONE) { 8561 u32 cipher = wpa_cipher_to_cipher_suite(params->group_suite); 8562 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher); 8563 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 8564 } 8565 8566 if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X || 8567 params->key_mgmt_suite == WPA_KEY_MGMT_PSK || 8568 params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X || 8569 params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK || 8570 params->key_mgmt_suite == WPA_KEY_MGMT_CCKM || 8571 params->key_mgmt_suite == WPA_KEY_MGMT_OSEN) { 8572 int mgmt = WLAN_AKM_SUITE_PSK; 8573 8574 switch (params->key_mgmt_suite) { 8575 case WPA_KEY_MGMT_CCKM: 8576 mgmt = WLAN_AKM_SUITE_CCKM; 8577 break; 8578 case WPA_KEY_MGMT_IEEE8021X: 8579 mgmt = WLAN_AKM_SUITE_8021X; 8580 break; 8581 case WPA_KEY_MGMT_FT_IEEE8021X: 8582 mgmt = WLAN_AKM_SUITE_FT_8021X; 8583 break; 8584 case WPA_KEY_MGMT_FT_PSK: 8585 mgmt = WLAN_AKM_SUITE_FT_PSK; 8586 break; 8587 case WPA_KEY_MGMT_OSEN: 8588 mgmt = WLAN_AKM_SUITE_OSEN; 8589 break; 8590 case WPA_KEY_MGMT_PSK: 8591 default: 8592 mgmt = WLAN_AKM_SUITE_PSK; 8593 break; 8594 } 8595 wpa_printf(MSG_DEBUG, " * akm=0x%x", mgmt); 8596 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 8597 } 8598 8599 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 8600 8601 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 8602 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 8603 8604 if (params->disable_ht) 8605 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT); 8606 8607 if (params->htcaps && params->htcaps_mask) { 8608 int sz = sizeof(struct ieee80211_ht_capabilities); 8609 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps); 8610 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz, 8611 params->htcaps_mask); 8612 } 8613 8614#ifdef CONFIG_VHT_OVERRIDES 8615 if (params->disable_vht) { 8616 wpa_printf(MSG_DEBUG, " * VHT disabled"); 8617 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_VHT); 8618 } 8619 8620 if (params->vhtcaps && params->vhtcaps_mask) { 8621 int sz = sizeof(struct ieee80211_vht_capabilities); 8622 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, sz, params->vhtcaps); 8623 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz, 8624 params->vhtcaps_mask); 8625 } 8626#endif /* CONFIG_VHT_OVERRIDES */ 8627 8628 if (params->p2p) 8629 wpa_printf(MSG_DEBUG, " * P2P group"); 8630 8631 return 0; 8632nla_put_failure: 8633 return -1; 8634} 8635 8636 8637static int wpa_driver_nl80211_try_connect( 8638 struct wpa_driver_nl80211_data *drv, 8639 struct wpa_driver_associate_params *params) 8640{ 8641 struct nl_msg *msg; 8642 enum nl80211_auth_type type; 8643 int ret; 8644 int algs; 8645 8646 msg = nlmsg_alloc(); 8647 if (!msg) 8648 return -1; 8649 8650 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 8651 nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT); 8652 8653 ret = nl80211_connect_common(drv, params, msg); 8654 if (ret) 8655 goto nla_put_failure; 8656 8657 algs = 0; 8658 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 8659 algs++; 8660 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 8661 algs++; 8662 if (params->auth_alg & WPA_AUTH_ALG_LEAP) 8663 algs++; 8664 if (algs > 1) { 8665 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " 8666 "selection"); 8667 goto skip_auth_type; 8668 } 8669 8670 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 8671 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 8672 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 8673 type = NL80211_AUTHTYPE_SHARED_KEY; 8674 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 8675 type = NL80211_AUTHTYPE_NETWORK_EAP; 8676 else if (params->auth_alg & WPA_AUTH_ALG_FT) 8677 type = NL80211_AUTHTYPE_FT; 8678 else 8679 goto nla_put_failure; 8680 8681 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 8682 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 8683 8684skip_auth_type: 8685 ret = nl80211_set_conn_keys(params, msg); 8686 if (ret) 8687 goto nla_put_failure; 8688 8689 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8690 msg = NULL; 8691 if (ret) { 8692 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 8693 "(%s)", ret, strerror(-ret)); 8694 goto nla_put_failure; 8695 } 8696 ret = 0; 8697 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 8698 8699nla_put_failure: 8700 nlmsg_free(msg); 8701 return ret; 8702 8703} 8704 8705 8706static int wpa_driver_nl80211_connect( 8707 struct wpa_driver_nl80211_data *drv, 8708 struct wpa_driver_associate_params *params) 8709{ 8710 int ret = wpa_driver_nl80211_try_connect(drv, params); 8711 if (ret == -EALREADY) { 8712 /* 8713 * cfg80211 does not currently accept new connections if 8714 * we are already connected. As a workaround, force 8715 * disconnection and try again. 8716 */ 8717 wpa_printf(MSG_DEBUG, "nl80211: Explicitly " 8718 "disconnecting before reassociation " 8719 "attempt"); 8720 if (wpa_driver_nl80211_disconnect( 8721 drv, WLAN_REASON_PREV_AUTH_NOT_VALID)) 8722 return -1; 8723 ret = wpa_driver_nl80211_try_connect(drv, params); 8724 } 8725 return ret; 8726} 8727 8728 8729static int wpa_driver_nl80211_associate( 8730 void *priv, struct wpa_driver_associate_params *params) 8731{ 8732 struct i802_bss *bss = priv; 8733 struct wpa_driver_nl80211_data *drv = bss->drv; 8734 int ret; 8735 struct nl_msg *msg; 8736 8737 if (params->mode == IEEE80211_MODE_AP) 8738 return wpa_driver_nl80211_ap(drv, params); 8739 8740 if (params->mode == IEEE80211_MODE_IBSS) 8741 return wpa_driver_nl80211_ibss(drv, params); 8742 8743 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 8744 enum nl80211_iftype nlmode = params->p2p ? 8745 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 8746 8747 if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0) 8748 return -1; 8749 return wpa_driver_nl80211_connect(drv, params); 8750 } 8751 8752 nl80211_mark_disconnected(drv); 8753 8754 msg = nlmsg_alloc(); 8755 if (!msg) 8756 return -1; 8757 8758 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 8759 drv->ifindex); 8760 nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE); 8761 8762 ret = nl80211_connect_common(drv, params, msg); 8763 if (ret) 8764 goto nla_put_failure; 8765 8766 if (params->prev_bssid) { 8767 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 8768 MAC2STR(params->prev_bssid)); 8769 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 8770 params->prev_bssid); 8771 } 8772 8773 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8774 msg = NULL; 8775 if (ret) { 8776 wpa_dbg(drv->ctx, MSG_DEBUG, 8777 "nl80211: MLME command failed (assoc): ret=%d (%s)", 8778 ret, strerror(-ret)); 8779 nl80211_dump_scan(drv); 8780 goto nla_put_failure; 8781 } 8782 ret = 0; 8783 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 8784 "successfully"); 8785 8786nla_put_failure: 8787 nlmsg_free(msg); 8788 return ret; 8789} 8790 8791 8792static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 8793 int ifindex, enum nl80211_iftype mode) 8794{ 8795 struct nl_msg *msg; 8796 int ret = -ENOBUFS; 8797 8798 wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)", 8799 ifindex, mode, nl80211_iftype_str(mode)); 8800 8801 msg = nlmsg_alloc(); 8802 if (!msg) 8803 return -ENOMEM; 8804 8805 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE); 8806 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 8807 goto nla_put_failure; 8808 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 8809 8810 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8811 msg = NULL; 8812 if (!ret) 8813 return 0; 8814nla_put_failure: 8815 nlmsg_free(msg); 8816 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 8817 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 8818 return ret; 8819} 8820 8821 8822static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 8823 enum nl80211_iftype nlmode) 8824{ 8825 struct wpa_driver_nl80211_data *drv = bss->drv; 8826 int ret = -1; 8827 int i; 8828 int was_ap = is_ap_interface(drv->nlmode); 8829 int res; 8830 8831 res = nl80211_set_mode(drv, drv->ifindex, nlmode); 8832 if (res && nlmode == nl80211_get_ifmode(bss)) 8833 res = 0; 8834 8835 if (res == 0) { 8836 drv->nlmode = nlmode; 8837 ret = 0; 8838 goto done; 8839 } 8840 8841 if (res == -ENODEV) 8842 return -1; 8843 8844 if (nlmode == drv->nlmode) { 8845 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 8846 "requested mode - ignore error"); 8847 ret = 0; 8848 goto done; /* Already in the requested mode */ 8849 } 8850 8851 /* mac80211 doesn't allow mode changes while the device is up, so 8852 * take the device down, try to set the mode again, and bring the 8853 * device back up. 8854 */ 8855 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting " 8856 "interface down"); 8857 for (i = 0; i < 10; i++) { 8858 res = i802_set_iface_flags(bss, 0); 8859 if (res == -EACCES || res == -ENODEV) 8860 break; 8861 if (res == 0) { 8862 /* Try to set the mode again while the interface is 8863 * down */ 8864 ret = nl80211_set_mode(drv, drv->ifindex, nlmode); 8865 if (ret == -EACCES) 8866 break; 8867 res = i802_set_iface_flags(bss, 1); 8868 if (res && !ret) 8869 ret = -1; 8870 else if (ret != -EBUSY) 8871 break; 8872 } else 8873 wpa_printf(MSG_DEBUG, "nl80211: Failed to set " 8874 "interface down"); 8875 os_sleep(0, 100000); 8876 } 8877 8878 if (!ret) { 8879 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 8880 "interface is down"); 8881 drv->nlmode = nlmode; 8882 drv->ignore_if_down_event = 1; 8883 } 8884 8885done: 8886 if (ret) { 8887 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 8888 "from %d failed", nlmode, drv->nlmode); 8889 return ret; 8890 } 8891 8892 if (is_p2p_net_interface(nlmode)) 8893 nl80211_disable_11b_rates(drv, drv->ifindex, 1); 8894 else if (drv->disabled_11b_rates) 8895 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 8896 8897 if (is_ap_interface(nlmode)) { 8898 nl80211_mgmt_unsubscribe(bss, "start AP"); 8899 /* Setup additional AP mode functionality if needed */ 8900 if (nl80211_setup_ap(bss)) 8901 return -1; 8902 } else if (was_ap) { 8903 /* Remove additional AP mode functionality */ 8904 nl80211_teardown_ap(bss); 8905 } else { 8906 nl80211_mgmt_unsubscribe(bss, "mode change"); 8907 } 8908 8909 if (!bss->in_deinit && !is_ap_interface(nlmode) && 8910 nl80211_mgmt_subscribe_non_ap(bss) < 0) 8911 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 8912 "frame processing - ignore for now"); 8913 8914 return 0; 8915} 8916 8917 8918static int dfs_info_handler(struct nl_msg *msg, void *arg) 8919{ 8920 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 8921 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 8922 int *dfs_capability_ptr = arg; 8923 8924 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 8925 genlmsg_attrlen(gnlh, 0), NULL); 8926 8927 if (tb[NL80211_ATTR_VENDOR_DATA]) { 8928 struct nlattr *nl_vend = tb[NL80211_ATTR_VENDOR_DATA]; 8929 struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1]; 8930 8931 nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_MAX, 8932 nla_data(nl_vend), nla_len(nl_vend), NULL); 8933 8934 if (tb_vendor[QCA_WLAN_VENDOR_ATTR_DFS]) { 8935 u32 val; 8936 val = nla_get_u32(tb_vendor[QCA_WLAN_VENDOR_ATTR_DFS]); 8937 wpa_printf(MSG_DEBUG, "nl80211: DFS offload capability: %u", 8938 val); 8939 *dfs_capability_ptr = val; 8940 } 8941 } 8942 8943 return NL_SKIP; 8944} 8945 8946 8947static int wpa_driver_nl80211_get_capa(void *priv, 8948 struct wpa_driver_capa *capa) 8949{ 8950 struct i802_bss *bss = priv; 8951 struct wpa_driver_nl80211_data *drv = bss->drv; 8952 struct nl_msg *msg; 8953 int dfs_capability = 0; 8954 int ret = 0; 8955 8956 if (!drv->has_capability) 8957 return -1; 8958 os_memcpy(capa, &drv->capa, sizeof(*capa)); 8959 if (drv->extended_capa && drv->extended_capa_mask) { 8960 capa->extended_capa = drv->extended_capa; 8961 capa->extended_capa_mask = drv->extended_capa_mask; 8962 capa->extended_capa_len = drv->extended_capa_len; 8963 } 8964 8965 if ((capa->flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) && 8966 !drv->allow_p2p_device) { 8967 wpa_printf(MSG_DEBUG, "nl80211: Do not indicate P2P_DEVICE support (p2p_device=1 driver param not specified)"); 8968 capa->flags &= ~WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE; 8969 } 8970 8971 if (drv->dfs_vendor_cmd_avail == 1) { 8972 msg = nlmsg_alloc(); 8973 if (!msg) 8974 return -ENOMEM; 8975 8976 nl80211_cmd(drv, msg, 0, NL80211_CMD_VENDOR); 8977 8978 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8979 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA); 8980 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_SUBCMD, 8981 QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY); 8982 8983 ret = send_and_recv_msgs(drv, msg, dfs_info_handler, 8984 &dfs_capability); 8985 if (!ret) { 8986 if (dfs_capability) 8987 capa->flags |= WPA_DRIVER_FLAGS_DFS_OFFLOAD; 8988 } 8989 } 8990 8991 return ret; 8992 8993 nla_put_failure: 8994 nlmsg_free(msg); 8995 return -ENOBUFS; 8996} 8997 8998 8999static int wpa_driver_nl80211_set_operstate(void *priv, int state) 9000{ 9001 struct i802_bss *bss = priv; 9002 struct wpa_driver_nl80211_data *drv = bss->drv; 9003 9004 wpa_printf(MSG_DEBUG, "nl80211: Set %s operstate %d->%d (%s)", 9005 bss->ifname, drv->operstate, state, 9006 state ? "UP" : "DORMANT"); 9007 drv->operstate = state; 9008 return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1, 9009 state ? IF_OPER_UP : IF_OPER_DORMANT); 9010} 9011 9012 9013static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 9014{ 9015 struct i802_bss *bss = priv; 9016 struct wpa_driver_nl80211_data *drv = bss->drv; 9017 struct nl_msg *msg; 9018 struct nl80211_sta_flag_update upd; 9019 int ret = -ENOBUFS; 9020 9021 if (!drv->associated && is_zero_ether_addr(drv->bssid) && !authorized) { 9022 wpa_printf(MSG_DEBUG, "nl80211: Skip set_supp_port(unauthorized) while not associated"); 9023 return 0; 9024 } 9025 9026 wpa_printf(MSG_DEBUG, "nl80211: Set supplicant port %sauthorized for " 9027 MACSTR, authorized ? "" : "un", MAC2STR(drv->bssid)); 9028 9029 msg = nlmsg_alloc(); 9030 if (!msg) 9031 return -ENOMEM; 9032 9033 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 9034 9035 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9036 if_nametoindex(bss->ifname)); 9037 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 9038 9039 os_memset(&upd, 0, sizeof(upd)); 9040 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 9041 if (authorized) 9042 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 9043 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 9044 9045 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9046 msg = NULL; 9047 if (!ret) 9048 return 0; 9049 nla_put_failure: 9050 nlmsg_free(msg); 9051 wpa_printf(MSG_DEBUG, "nl80211: Failed to set STA flag: %d (%s)", 9052 ret, strerror(-ret)); 9053 return ret; 9054} 9055 9056 9057/* Set kernel driver on given frequency (MHz) */ 9058static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 9059{ 9060 struct i802_bss *bss = priv; 9061 return wpa_driver_nl80211_set_freq(bss, freq); 9062} 9063 9064 9065static inline int min_int(int a, int b) 9066{ 9067 if (a < b) 9068 return a; 9069 return b; 9070} 9071 9072 9073static int get_key_handler(struct nl_msg *msg, void *arg) 9074{ 9075 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9076 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9077 9078 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9079 genlmsg_attrlen(gnlh, 0), NULL); 9080 9081 /* 9082 * TODO: validate the key index and mac address! 9083 * Otherwise, there's a race condition as soon as 9084 * the kernel starts sending key notifications. 9085 */ 9086 9087 if (tb[NL80211_ATTR_KEY_SEQ]) 9088 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 9089 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 9090 return NL_SKIP; 9091} 9092 9093 9094static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 9095 int idx, u8 *seq) 9096{ 9097 struct i802_bss *bss = priv; 9098 struct wpa_driver_nl80211_data *drv = bss->drv; 9099 struct nl_msg *msg; 9100 9101 msg = nlmsg_alloc(); 9102 if (!msg) 9103 return -ENOMEM; 9104 9105 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY); 9106 9107 if (addr) 9108 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9109 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 9110 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 9111 9112 memset(seq, 0, 6); 9113 9114 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 9115 nla_put_failure: 9116 nlmsg_free(msg); 9117 return -ENOBUFS; 9118} 9119 9120 9121static int i802_set_rts(void *priv, int rts) 9122{ 9123 struct i802_bss *bss = priv; 9124 struct wpa_driver_nl80211_data *drv = bss->drv; 9125 struct nl_msg *msg; 9126 int ret = -ENOBUFS; 9127 u32 val; 9128 9129 msg = nlmsg_alloc(); 9130 if (!msg) 9131 return -ENOMEM; 9132 9133 if (rts >= 2347) 9134 val = (u32) -1; 9135 else 9136 val = rts; 9137 9138 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 9139 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 9140 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 9141 9142 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9143 msg = NULL; 9144 if (!ret) 9145 return 0; 9146nla_put_failure: 9147 nlmsg_free(msg); 9148 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 9149 "%d (%s)", rts, ret, strerror(-ret)); 9150 return ret; 9151} 9152 9153 9154static int i802_set_frag(void *priv, int frag) 9155{ 9156 struct i802_bss *bss = priv; 9157 struct wpa_driver_nl80211_data *drv = bss->drv; 9158 struct nl_msg *msg; 9159 int ret = -ENOBUFS; 9160 u32 val; 9161 9162 msg = nlmsg_alloc(); 9163 if (!msg) 9164 return -ENOMEM; 9165 9166 if (frag >= 2346) 9167 val = (u32) -1; 9168 else 9169 val = frag; 9170 9171 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 9172 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 9173 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 9174 9175 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9176 msg = NULL; 9177 if (!ret) 9178 return 0; 9179nla_put_failure: 9180 nlmsg_free(msg); 9181 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 9182 "%d: %d (%s)", frag, ret, strerror(-ret)); 9183 return ret; 9184} 9185 9186 9187static int i802_flush(void *priv) 9188{ 9189 struct i802_bss *bss = priv; 9190 struct wpa_driver_nl80211_data *drv = bss->drv; 9191 struct nl_msg *msg; 9192 int res; 9193 9194 msg = nlmsg_alloc(); 9195 if (!msg) 9196 return -1; 9197 9198 wpa_printf(MSG_DEBUG, "nl80211: flush -> DEL_STATION %s (all)", 9199 bss->ifname); 9200 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 9201 9202 /* 9203 * XXX: FIX! this needs to flush all VLANs too 9204 */ 9205 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9206 if_nametoindex(bss->ifname)); 9207 9208 res = send_and_recv_msgs(drv, msg, NULL, NULL); 9209 if (res) { 9210 wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d " 9211 "(%s)", res, strerror(-res)); 9212 } 9213 return res; 9214 nla_put_failure: 9215 nlmsg_free(msg); 9216 return -ENOBUFS; 9217} 9218 9219 9220static int get_sta_handler(struct nl_msg *msg, void *arg) 9221{ 9222 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9223 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9224 struct hostap_sta_driver_data *data = arg; 9225 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 9226 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 9227 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 9228 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 9229 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 9230 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 9231 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 9232 [NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32 }, 9233 }; 9234 9235 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9236 genlmsg_attrlen(gnlh, 0), NULL); 9237 9238 /* 9239 * TODO: validate the interface and mac address! 9240 * Otherwise, there's a race condition as soon as 9241 * the kernel starts sending station notifications. 9242 */ 9243 9244 if (!tb[NL80211_ATTR_STA_INFO]) { 9245 wpa_printf(MSG_DEBUG, "sta stats missing!"); 9246 return NL_SKIP; 9247 } 9248 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 9249 tb[NL80211_ATTR_STA_INFO], 9250 stats_policy)) { 9251 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 9252 return NL_SKIP; 9253 } 9254 9255 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 9256 data->inactive_msec = 9257 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 9258 if (stats[NL80211_STA_INFO_RX_BYTES]) 9259 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 9260 if (stats[NL80211_STA_INFO_TX_BYTES]) 9261 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 9262 if (stats[NL80211_STA_INFO_RX_PACKETS]) 9263 data->rx_packets = 9264 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 9265 if (stats[NL80211_STA_INFO_TX_PACKETS]) 9266 data->tx_packets = 9267 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 9268 if (stats[NL80211_STA_INFO_TX_FAILED]) 9269 data->tx_retry_failed = 9270 nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]); 9271 9272 return NL_SKIP; 9273} 9274 9275static int i802_read_sta_data(struct i802_bss *bss, 9276 struct hostap_sta_driver_data *data, 9277 const u8 *addr) 9278{ 9279 struct wpa_driver_nl80211_data *drv = bss->drv; 9280 struct nl_msg *msg; 9281 9282 os_memset(data, 0, sizeof(*data)); 9283 msg = nlmsg_alloc(); 9284 if (!msg) 9285 return -ENOMEM; 9286 9287 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 9288 9289 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9290 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 9291 9292 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 9293 nla_put_failure: 9294 nlmsg_free(msg); 9295 return -ENOBUFS; 9296} 9297 9298 9299static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 9300 int cw_min, int cw_max, int burst_time) 9301{ 9302 struct i802_bss *bss = priv; 9303 struct wpa_driver_nl80211_data *drv = bss->drv; 9304 struct nl_msg *msg; 9305 struct nlattr *txq, *params; 9306 9307 msg = nlmsg_alloc(); 9308 if (!msg) 9309 return -1; 9310 9311 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 9312 9313 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 9314 9315 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 9316 if (!txq) 9317 goto nla_put_failure; 9318 9319 /* We are only sending parameters for a single TXQ at a time */ 9320 params = nla_nest_start(msg, 1); 9321 if (!params) 9322 goto nla_put_failure; 9323 9324 switch (queue) { 9325 case 0: 9326 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO); 9327 break; 9328 case 1: 9329 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI); 9330 break; 9331 case 2: 9332 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE); 9333 break; 9334 case 3: 9335 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK); 9336 break; 9337 } 9338 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 9339 * 32 usec, so need to convert the value here. */ 9340 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 9341 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 9342 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 9343 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 9344 9345 nla_nest_end(msg, params); 9346 9347 nla_nest_end(msg, txq); 9348 9349 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 9350 return 0; 9351 msg = NULL; 9352 nla_put_failure: 9353 nlmsg_free(msg); 9354 return -1; 9355} 9356 9357 9358static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr, 9359 const char *ifname, int vlan_id) 9360{ 9361 struct wpa_driver_nl80211_data *drv = bss->drv; 9362 struct nl_msg *msg; 9363 int ret = -ENOBUFS; 9364 9365 msg = nlmsg_alloc(); 9366 if (!msg) 9367 return -ENOMEM; 9368 9369 wpa_printf(MSG_DEBUG, "nl80211: %s[%d]: set_sta_vlan(" MACSTR 9370 ", ifname=%s[%d], vlan_id=%d)", 9371 bss->ifname, if_nametoindex(bss->ifname), 9372 MAC2STR(addr), ifname, if_nametoindex(ifname), vlan_id); 9373 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 9374 9375 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9376 if_nametoindex(bss->ifname)); 9377 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9378 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 9379 if_nametoindex(ifname)); 9380 9381 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9382 msg = NULL; 9383 if (ret < 0) { 9384 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 9385 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 9386 MAC2STR(addr), ifname, vlan_id, ret, 9387 strerror(-ret)); 9388 } 9389 nla_put_failure: 9390 nlmsg_free(msg); 9391 return ret; 9392} 9393 9394 9395static int i802_get_inact_sec(void *priv, const u8 *addr) 9396{ 9397 struct hostap_sta_driver_data data; 9398 int ret; 9399 9400 data.inactive_msec = (unsigned long) -1; 9401 ret = i802_read_sta_data(priv, &data, addr); 9402 if (ret || data.inactive_msec == (unsigned long) -1) 9403 return -1; 9404 return data.inactive_msec / 1000; 9405} 9406 9407 9408static int i802_sta_clear_stats(void *priv, const u8 *addr) 9409{ 9410#if 0 9411 /* TODO */ 9412#endif 9413 return 0; 9414} 9415 9416 9417static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 9418 int reason) 9419{ 9420 struct i802_bss *bss = priv; 9421 struct wpa_driver_nl80211_data *drv = bss->drv; 9422 struct ieee80211_mgmt mgmt; 9423 9424 if (drv->device_ap_sme) 9425 return wpa_driver_nl80211_sta_remove(bss, addr); 9426 9427 memset(&mgmt, 0, sizeof(mgmt)); 9428 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 9429 WLAN_FC_STYPE_DEAUTH); 9430 memcpy(mgmt.da, addr, ETH_ALEN); 9431 memcpy(mgmt.sa, own_addr, ETH_ALEN); 9432 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 9433 mgmt.u.deauth.reason_code = host_to_le16(reason); 9434 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 9435 IEEE80211_HDRLEN + 9436 sizeof(mgmt.u.deauth), 0, 0, 0, 0, 9437 0); 9438} 9439 9440 9441static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 9442 int reason) 9443{ 9444 struct i802_bss *bss = priv; 9445 struct wpa_driver_nl80211_data *drv = bss->drv; 9446 struct ieee80211_mgmt mgmt; 9447 9448 if (drv->device_ap_sme) 9449 return wpa_driver_nl80211_sta_remove(bss, addr); 9450 9451 memset(&mgmt, 0, sizeof(mgmt)); 9452 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 9453 WLAN_FC_STYPE_DISASSOC); 9454 memcpy(mgmt.da, addr, ETH_ALEN); 9455 memcpy(mgmt.sa, own_addr, ETH_ALEN); 9456 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 9457 mgmt.u.disassoc.reason_code = host_to_le16(reason); 9458 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 9459 IEEE80211_HDRLEN + 9460 sizeof(mgmt.u.disassoc), 0, 0, 0, 0, 9461 0); 9462} 9463 9464 9465static void dump_ifidx(struct wpa_driver_nl80211_data *drv) 9466{ 9467 char buf[200], *pos, *end; 9468 int i, res; 9469 9470 pos = buf; 9471 end = pos + sizeof(buf); 9472 9473 for (i = 0; i < drv->num_if_indices; i++) { 9474 if (!drv->if_indices[i]) 9475 continue; 9476 res = os_snprintf(pos, end - pos, " %d", drv->if_indices[i]); 9477 if (res < 0 || res >= end - pos) 9478 break; 9479 pos += res; 9480 } 9481 *pos = '\0'; 9482 9483 wpa_printf(MSG_DEBUG, "nl80211: if_indices[%d]:%s", 9484 drv->num_if_indices, buf); 9485} 9486 9487 9488static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9489{ 9490 int i; 9491 int *old; 9492 9493 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 9494 ifidx); 9495 if (have_ifidx(drv, ifidx)) { 9496 wpa_printf(MSG_DEBUG, "nl80211: ifindex %d already in the list", 9497 ifidx); 9498 return; 9499 } 9500 for (i = 0; i < drv->num_if_indices; i++) { 9501 if (drv->if_indices[i] == 0) { 9502 drv->if_indices[i] = ifidx; 9503 dump_ifidx(drv); 9504 return; 9505 } 9506 } 9507 9508 if (drv->if_indices != drv->default_if_indices) 9509 old = drv->if_indices; 9510 else 9511 old = NULL; 9512 9513 drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1, 9514 sizeof(int)); 9515 if (!drv->if_indices) { 9516 if (!old) 9517 drv->if_indices = drv->default_if_indices; 9518 else 9519 drv->if_indices = old; 9520 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 9521 "interfaces"); 9522 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 9523 return; 9524 } else if (!old) 9525 os_memcpy(drv->if_indices, drv->default_if_indices, 9526 sizeof(drv->default_if_indices)); 9527 drv->if_indices[drv->num_if_indices] = ifidx; 9528 drv->num_if_indices++; 9529 dump_ifidx(drv); 9530} 9531 9532 9533static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9534{ 9535 int i; 9536 9537 for (i = 0; i < drv->num_if_indices; i++) { 9538 if (drv->if_indices[i] == ifidx) { 9539 drv->if_indices[i] = 0; 9540 break; 9541 } 9542 } 9543 dump_ifidx(drv); 9544} 9545 9546 9547static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9548{ 9549 int i; 9550 9551 for (i = 0; i < drv->num_if_indices; i++) 9552 if (drv->if_indices[i] == ifidx) 9553 return 1; 9554 9555 return 0; 9556} 9557 9558 9559static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, 9560 const char *bridge_ifname, char *ifname_wds) 9561{ 9562 struct i802_bss *bss = priv; 9563 struct wpa_driver_nl80211_data *drv = bss->drv; 9564 char name[IFNAMSIZ + 1]; 9565 9566 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 9567 if (ifname_wds) 9568 os_strlcpy(ifname_wds, name, IFNAMSIZ + 1); 9569 9570 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 9571 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 9572 if (val) { 9573 if (!if_nametoindex(name)) { 9574 if (nl80211_create_iface(drv, name, 9575 NL80211_IFTYPE_AP_VLAN, 9576 bss->addr, 1, NULL, NULL, 0) < 9577 0) 9578 return -1; 9579 if (bridge_ifname && 9580 linux_br_add_if(drv->global->ioctl_sock, 9581 bridge_ifname, name) < 0) 9582 return -1; 9583 } 9584 if (linux_set_iface_flags(drv->global->ioctl_sock, name, 1)) { 9585 wpa_printf(MSG_ERROR, "nl80211: Failed to set WDS STA " 9586 "interface %s up", name); 9587 } 9588 return i802_set_sta_vlan(priv, addr, name, 0); 9589 } else { 9590 if (bridge_ifname) 9591 linux_br_del_if(drv->global->ioctl_sock, bridge_ifname, 9592 name); 9593 9594 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 9595 nl80211_remove_iface(drv, if_nametoindex(name)); 9596 return 0; 9597 } 9598} 9599 9600 9601static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 9602{ 9603 struct wpa_driver_nl80211_data *drv = eloop_ctx; 9604 struct sockaddr_ll lladdr; 9605 unsigned char buf[3000]; 9606 int len; 9607 socklen_t fromlen = sizeof(lladdr); 9608 9609 len = recvfrom(sock, buf, sizeof(buf), 0, 9610 (struct sockaddr *)&lladdr, &fromlen); 9611 if (len < 0) { 9612 wpa_printf(MSG_ERROR, "nl80211: EAPOL recv failed: %s", 9613 strerror(errno)); 9614 return; 9615 } 9616 9617 if (have_ifidx(drv, lladdr.sll_ifindex)) 9618 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 9619} 9620 9621 9622static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 9623 struct i802_bss *bss, 9624 const char *brname, const char *ifname) 9625{ 9626 int ifindex; 9627 char in_br[IFNAMSIZ]; 9628 9629 os_strlcpy(bss->brname, brname, IFNAMSIZ); 9630 ifindex = if_nametoindex(brname); 9631 if (ifindex == 0) { 9632 /* 9633 * Bridge was configured, but the bridge device does 9634 * not exist. Try to add it now. 9635 */ 9636 if (linux_br_add(drv->global->ioctl_sock, brname) < 0) { 9637 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 9638 "bridge interface %s: %s", 9639 brname, strerror(errno)); 9640 return -1; 9641 } 9642 bss->added_bridge = 1; 9643 add_ifidx(drv, if_nametoindex(brname)); 9644 } 9645 9646 if (linux_br_get(in_br, ifname) == 0) { 9647 if (os_strcmp(in_br, brname) == 0) 9648 return 0; /* already in the bridge */ 9649 9650 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 9651 "bridge %s", ifname, in_br); 9652 if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) < 9653 0) { 9654 wpa_printf(MSG_ERROR, "nl80211: Failed to " 9655 "remove interface %s from bridge " 9656 "%s: %s", 9657 ifname, brname, strerror(errno)); 9658 return -1; 9659 } 9660 } 9661 9662 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 9663 ifname, brname); 9664 if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) { 9665 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 9666 "into bridge %s: %s", 9667 ifname, brname, strerror(errno)); 9668 return -1; 9669 } 9670 bss->added_if_into_bridge = 1; 9671 9672 return 0; 9673} 9674 9675 9676static void *i802_init(struct hostapd_data *hapd, 9677 struct wpa_init_params *params) 9678{ 9679 struct wpa_driver_nl80211_data *drv; 9680 struct i802_bss *bss; 9681 size_t i; 9682 char brname[IFNAMSIZ]; 9683 int ifindex, br_ifindex; 9684 int br_added = 0; 9685 9686 bss = wpa_driver_nl80211_drv_init(hapd, params->ifname, 9687 params->global_priv, 1, 9688 params->bssid); 9689 if (bss == NULL) 9690 return NULL; 9691 9692 drv = bss->drv; 9693 9694 if (linux_br_get(brname, params->ifname) == 0) { 9695 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 9696 params->ifname, brname); 9697 br_ifindex = if_nametoindex(brname); 9698 } else { 9699 brname[0] = '\0'; 9700 br_ifindex = 0; 9701 } 9702 9703 for (i = 0; i < params->num_bridge; i++) { 9704 if (params->bridge[i]) { 9705 ifindex = if_nametoindex(params->bridge[i]); 9706 if (ifindex) 9707 add_ifidx(drv, ifindex); 9708 if (ifindex == br_ifindex) 9709 br_added = 1; 9710 } 9711 } 9712 if (!br_added && br_ifindex && 9713 (params->num_bridge == 0 || !params->bridge[0])) 9714 add_ifidx(drv, br_ifindex); 9715 9716 /* start listening for EAPOL on the default AP interface */ 9717 add_ifidx(drv, drv->ifindex); 9718 9719 if (params->num_bridge && params->bridge[0] && 9720 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0) 9721 goto failed; 9722 9723 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 9724 if (drv->eapol_sock < 0) { 9725 wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s", 9726 strerror(errno)); 9727 goto failed; 9728 } 9729 9730 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 9731 { 9732 wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol"); 9733 goto failed; 9734 } 9735 9736 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 9737 params->own_addr)) 9738 goto failed; 9739 9740 memcpy(bss->addr, params->own_addr, ETH_ALEN); 9741 9742 return bss; 9743 9744failed: 9745 wpa_driver_nl80211_deinit(bss); 9746 return NULL; 9747} 9748 9749 9750static void i802_deinit(void *priv) 9751{ 9752 struct i802_bss *bss = priv; 9753 wpa_driver_nl80211_deinit(bss); 9754} 9755 9756 9757static enum nl80211_iftype wpa_driver_nl80211_if_type( 9758 enum wpa_driver_if_type type) 9759{ 9760 switch (type) { 9761 case WPA_IF_STATION: 9762 return NL80211_IFTYPE_STATION; 9763 case WPA_IF_P2P_CLIENT: 9764 case WPA_IF_P2P_GROUP: 9765 return NL80211_IFTYPE_P2P_CLIENT; 9766 case WPA_IF_AP_VLAN: 9767 return NL80211_IFTYPE_AP_VLAN; 9768 case WPA_IF_AP_BSS: 9769 return NL80211_IFTYPE_AP; 9770 case WPA_IF_P2P_GO: 9771 return NL80211_IFTYPE_P2P_GO; 9772 case WPA_IF_P2P_DEVICE: 9773 return NL80211_IFTYPE_P2P_DEVICE; 9774 } 9775 return -1; 9776} 9777 9778 9779#ifdef CONFIG_P2P 9780 9781static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr) 9782{ 9783 struct wpa_driver_nl80211_data *drv; 9784 dl_list_for_each(drv, &global->interfaces, 9785 struct wpa_driver_nl80211_data, list) { 9786 if (os_memcmp(addr, drv->first_bss->addr, ETH_ALEN) == 0) 9787 return 1; 9788 } 9789 return 0; 9790} 9791 9792 9793static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv, 9794 u8 *new_addr) 9795{ 9796 unsigned int idx; 9797 9798 if (!drv->global) 9799 return -1; 9800 9801 os_memcpy(new_addr, drv->first_bss->addr, ETH_ALEN); 9802 for (idx = 0; idx < 64; idx++) { 9803 new_addr[0] = drv->first_bss->addr[0] | 0x02; 9804 new_addr[0] ^= idx << 2; 9805 if (!nl80211_addr_in_use(drv->global, new_addr)) 9806 break; 9807 } 9808 if (idx == 64) 9809 return -1; 9810 9811 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address " 9812 MACSTR, MAC2STR(new_addr)); 9813 9814 return 0; 9815} 9816 9817#endif /* CONFIG_P2P */ 9818 9819 9820struct wdev_info { 9821 u64 wdev_id; 9822 int wdev_id_set; 9823 u8 macaddr[ETH_ALEN]; 9824}; 9825 9826static int nl80211_wdev_handler(struct nl_msg *msg, void *arg) 9827{ 9828 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9829 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9830 struct wdev_info *wi = arg; 9831 9832 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9833 genlmsg_attrlen(gnlh, 0), NULL); 9834 if (tb[NL80211_ATTR_WDEV]) { 9835 wi->wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 9836 wi->wdev_id_set = 1; 9837 } 9838 9839 if (tb[NL80211_ATTR_MAC]) 9840 os_memcpy(wi->macaddr, nla_data(tb[NL80211_ATTR_MAC]), 9841 ETH_ALEN); 9842 9843 return NL_SKIP; 9844} 9845 9846 9847static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 9848 const char *ifname, const u8 *addr, 9849 void *bss_ctx, void **drv_priv, 9850 char *force_ifname, u8 *if_addr, 9851 const char *bridge, int use_existing) 9852{ 9853 enum nl80211_iftype nlmode; 9854 struct i802_bss *bss = priv; 9855 struct wpa_driver_nl80211_data *drv = bss->drv; 9856 int ifidx; 9857 int added = 1; 9858 9859 if (addr) 9860 os_memcpy(if_addr, addr, ETH_ALEN); 9861 nlmode = wpa_driver_nl80211_if_type(type); 9862 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) { 9863 struct wdev_info p2pdev_info; 9864 9865 os_memset(&p2pdev_info, 0, sizeof(p2pdev_info)); 9866 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr, 9867 0, nl80211_wdev_handler, 9868 &p2pdev_info, use_existing); 9869 if (!p2pdev_info.wdev_id_set || ifidx != 0) { 9870 wpa_printf(MSG_ERROR, "nl80211: Failed to create a P2P Device interface %s", 9871 ifname); 9872 return -1; 9873 } 9874 9875 drv->global->if_add_wdevid = p2pdev_info.wdev_id; 9876 drv->global->if_add_wdevid_set = p2pdev_info.wdev_id_set; 9877 if (!is_zero_ether_addr(p2pdev_info.macaddr)) 9878 os_memcpy(if_addr, p2pdev_info.macaddr, ETH_ALEN); 9879 wpa_printf(MSG_DEBUG, "nl80211: New P2P Device interface %s (0x%llx) created", 9880 ifname, 9881 (long long unsigned int) p2pdev_info.wdev_id); 9882 } else { 9883 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr, 9884 0, NULL, NULL, use_existing); 9885 if (use_existing && ifidx == -ENFILE) { 9886 added = 0; 9887 ifidx = if_nametoindex(ifname); 9888 } else if (ifidx < 0) { 9889 return -1; 9890 } 9891 } 9892 9893 if (!addr) { 9894 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) 9895 os_memcpy(if_addr, bss->addr, ETH_ALEN); 9896 else if (linux_get_ifhwaddr(drv->global->ioctl_sock, 9897 bss->ifname, if_addr) < 0) { 9898 if (added) 9899 nl80211_remove_iface(drv, ifidx); 9900 return -1; 9901 } 9902 } 9903 9904#ifdef CONFIG_P2P 9905 if (!addr && 9906 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP || 9907 type == WPA_IF_P2P_GO)) { 9908 /* Enforce unique P2P Interface Address */ 9909 u8 new_addr[ETH_ALEN]; 9910 9911 if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname, 9912 new_addr) < 0) { 9913 nl80211_remove_iface(drv, ifidx); 9914 return -1; 9915 } 9916 if (nl80211_addr_in_use(drv->global, new_addr)) { 9917 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address " 9918 "for P2P group interface"); 9919 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) { 9920 nl80211_remove_iface(drv, ifidx); 9921 return -1; 9922 } 9923 if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 9924 new_addr) < 0) { 9925 nl80211_remove_iface(drv, ifidx); 9926 return -1; 9927 } 9928 } 9929 os_memcpy(if_addr, new_addr, ETH_ALEN); 9930 } 9931#endif /* CONFIG_P2P */ 9932 9933 if (type == WPA_IF_AP_BSS) { 9934 struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss)); 9935 if (new_bss == NULL) { 9936 if (added) 9937 nl80211_remove_iface(drv, ifidx); 9938 return -1; 9939 } 9940 9941 if (bridge && 9942 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) { 9943 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new " 9944 "interface %s to a bridge %s", 9945 ifname, bridge); 9946 if (added) 9947 nl80211_remove_iface(drv, ifidx); 9948 os_free(new_bss); 9949 return -1; 9950 } 9951 9952 if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1)) 9953 { 9954 nl80211_remove_iface(drv, ifidx); 9955 os_free(new_bss); 9956 return -1; 9957 } 9958 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 9959 os_memcpy(new_bss->addr, if_addr, ETH_ALEN); 9960 new_bss->ifindex = ifidx; 9961 new_bss->drv = drv; 9962 new_bss->next = drv->first_bss->next; 9963 new_bss->freq = drv->first_bss->freq; 9964 new_bss->ctx = bss_ctx; 9965 new_bss->added_if = added; 9966 drv->first_bss->next = new_bss; 9967 if (drv_priv) 9968 *drv_priv = new_bss; 9969 nl80211_init_bss(new_bss); 9970 9971 /* Subscribe management frames for this WPA_IF_AP_BSS */ 9972 if (nl80211_setup_ap(new_bss)) 9973 return -1; 9974 } 9975 9976 if (drv->global) 9977 drv->global->if_add_ifindex = ifidx; 9978 9979 if (ifidx > 0) 9980 add_ifidx(drv, ifidx); 9981 9982 return 0; 9983} 9984 9985 9986static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, 9987 enum wpa_driver_if_type type, 9988 const char *ifname) 9989{ 9990 struct wpa_driver_nl80211_data *drv = bss->drv; 9991 int ifindex = if_nametoindex(ifname); 9992 9993 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d added_if=%d", 9994 __func__, type, ifname, ifindex, bss->added_if); 9995 if (ifindex > 0 && (bss->added_if || bss->ifindex != ifindex)) 9996 nl80211_remove_iface(drv, ifindex); 9997 else if (ifindex > 0 && !bss->added_if) 9998 del_ifidx(drv, ifindex); 9999 10000 if (type != WPA_IF_AP_BSS) 10001 return 0; 10002 10003 if (bss->added_if_into_bridge) { 10004 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 10005 bss->ifname) < 0) 10006 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 10007 "interface %s from bridge %s: %s", 10008 bss->ifname, bss->brname, strerror(errno)); 10009 } 10010 if (bss->added_bridge) { 10011 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 10012 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 10013 "bridge %s: %s", 10014 bss->brname, strerror(errno)); 10015 } 10016 10017 if (bss != drv->first_bss) { 10018 struct i802_bss *tbss; 10019 10020 wpa_printf(MSG_DEBUG, "nl80211: Not the first BSS - remove it"); 10021 for (tbss = drv->first_bss; tbss; tbss = tbss->next) { 10022 if (tbss->next == bss) { 10023 tbss->next = bss->next; 10024 /* Unsubscribe management frames */ 10025 nl80211_teardown_ap(bss); 10026 nl80211_destroy_bss(bss); 10027 if (!bss->added_if) 10028 i802_set_iface_flags(bss, 0); 10029 os_free(bss); 10030 bss = NULL; 10031 break; 10032 } 10033 } 10034 if (bss) 10035 wpa_printf(MSG_INFO, "nl80211: %s - could not find " 10036 "BSS %p in the list", __func__, bss); 10037 } else { 10038 wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); 10039 nl80211_teardown_ap(bss); 10040 if (!bss->added_if && !drv->first_bss->next) 10041 wpa_driver_nl80211_del_beacon(drv); 10042 nl80211_destroy_bss(bss); 10043 if (!bss->added_if) 10044 i802_set_iface_flags(bss, 0); 10045 if (drv->first_bss->next) { 10046 drv->first_bss = drv->first_bss->next; 10047 drv->ctx = drv->first_bss->ctx; 10048 os_free(bss); 10049 } else { 10050 wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to"); 10051 } 10052 } 10053 10054 return 0; 10055} 10056 10057 10058static int cookie_handler(struct nl_msg *msg, void *arg) 10059{ 10060 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10061 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10062 u64 *cookie = arg; 10063 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10064 genlmsg_attrlen(gnlh, 0), NULL); 10065 if (tb[NL80211_ATTR_COOKIE]) 10066 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 10067 return NL_SKIP; 10068} 10069 10070 10071static int nl80211_send_frame_cmd(struct i802_bss *bss, 10072 unsigned int freq, unsigned int wait, 10073 const u8 *buf, size_t buf_len, 10074 u64 *cookie_out, int no_cck, int no_ack, 10075 int offchanok) 10076{ 10077 struct wpa_driver_nl80211_data *drv = bss->drv; 10078 struct nl_msg *msg; 10079 u64 cookie; 10080 int ret = -1; 10081 10082 msg = nlmsg_alloc(); 10083 if (!msg) 10084 return -1; 10085 10086 wpa_printf(MSG_MSGDUMP, "nl80211: CMD_FRAME freq=%u wait=%u no_cck=%d " 10087 "no_ack=%d offchanok=%d", 10088 freq, wait, no_cck, no_ack, offchanok); 10089 wpa_hexdump(MSG_MSGDUMP, "CMD_FRAME", buf, buf_len); 10090 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME); 10091 10092 if (nl80211_set_iface_id(msg, bss) < 0) 10093 goto nla_put_failure; 10094 if (freq) 10095 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 10096 if (wait) 10097 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait); 10098 if (offchanok && ((drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) || 10099 drv->test_use_roc_tx)) 10100 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 10101 if (no_cck) 10102 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 10103 if (no_ack) 10104 NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK); 10105 10106 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf); 10107 10108 cookie = 0; 10109 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 10110 msg = NULL; 10111 if (ret) { 10112 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d " 10113 "(%s) (freq=%u wait=%u)", ret, strerror(-ret), 10114 freq, wait); 10115 goto nla_put_failure; 10116 } 10117 wpa_printf(MSG_MSGDUMP, "nl80211: Frame TX command accepted%s; " 10118 "cookie 0x%llx", no_ack ? " (no ACK)" : "", 10119 (long long unsigned int) cookie); 10120 10121 if (cookie_out) 10122 *cookie_out = no_ack ? (u64) -1 : cookie; 10123 10124nla_put_failure: 10125 nlmsg_free(msg); 10126 return ret; 10127} 10128 10129 10130static int wpa_driver_nl80211_send_action(struct i802_bss *bss, 10131 unsigned int freq, 10132 unsigned int wait_time, 10133 const u8 *dst, const u8 *src, 10134 const u8 *bssid, 10135 const u8 *data, size_t data_len, 10136 int no_cck) 10137{ 10138 struct wpa_driver_nl80211_data *drv = bss->drv; 10139 int ret = -1; 10140 u8 *buf; 10141 struct ieee80211_hdr *hdr; 10142 10143 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, " 10144 "freq=%u MHz wait=%d ms no_cck=%d)", 10145 drv->ifindex, freq, wait_time, no_cck); 10146 10147 buf = os_zalloc(24 + data_len); 10148 if (buf == NULL) 10149 return ret; 10150 os_memcpy(buf + 24, data, data_len); 10151 hdr = (struct ieee80211_hdr *) buf; 10152 hdr->frame_control = 10153 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 10154 os_memcpy(hdr->addr1, dst, ETH_ALEN); 10155 os_memcpy(hdr->addr2, src, ETH_ALEN); 10156 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 10157 10158 if (is_ap_interface(drv->nlmode) && 10159 (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) || 10160 (int) freq == bss->freq || drv->device_ap_sme || 10161 !drv->use_monitor)) 10162 ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len, 10163 0, freq, no_cck, 1, 10164 wait_time); 10165 else 10166 ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf, 10167 24 + data_len, 10168 &drv->send_action_cookie, 10169 no_cck, 0, 1); 10170 10171 os_free(buf); 10172 return ret; 10173} 10174 10175 10176static void wpa_driver_nl80211_send_action_cancel_wait(void *priv) 10177{ 10178 struct i802_bss *bss = priv; 10179 struct wpa_driver_nl80211_data *drv = bss->drv; 10180 struct nl_msg *msg; 10181 int ret; 10182 10183 msg = nlmsg_alloc(); 10184 if (!msg) 10185 return; 10186 10187 wpa_printf(MSG_DEBUG, "nl80211: Cancel TX frame wait: cookie=0x%llx", 10188 (long long unsigned int) drv->send_action_cookie); 10189 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL); 10190 10191 if (nl80211_set_iface_id(msg, bss) < 0) 10192 goto nla_put_failure; 10193 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie); 10194 10195 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10196 msg = NULL; 10197 if (ret) 10198 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d " 10199 "(%s)", ret, strerror(-ret)); 10200 10201 nla_put_failure: 10202 nlmsg_free(msg); 10203} 10204 10205 10206static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 10207 unsigned int duration) 10208{ 10209 struct i802_bss *bss = priv; 10210 struct wpa_driver_nl80211_data *drv = bss->drv; 10211 struct nl_msg *msg; 10212 int ret; 10213 u64 cookie; 10214 10215 msg = nlmsg_alloc(); 10216 if (!msg) 10217 return -1; 10218 10219 nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL); 10220 10221 if (nl80211_set_iface_id(msg, bss) < 0) 10222 goto nla_put_failure; 10223 10224 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 10225 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 10226 10227 cookie = 0; 10228 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 10229 msg = NULL; 10230 if (ret == 0) { 10231 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 10232 "0x%llx for freq=%u MHz duration=%u", 10233 (long long unsigned int) cookie, freq, duration); 10234 drv->remain_on_chan_cookie = cookie; 10235 drv->pending_remain_on_chan = 1; 10236 return 0; 10237 } 10238 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 10239 "(freq=%d duration=%u): %d (%s)", 10240 freq, duration, ret, strerror(-ret)); 10241nla_put_failure: 10242 nlmsg_free(msg); 10243 return -1; 10244} 10245 10246 10247static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 10248{ 10249 struct i802_bss *bss = priv; 10250 struct wpa_driver_nl80211_data *drv = bss->drv; 10251 struct nl_msg *msg; 10252 int ret; 10253 10254 if (!drv->pending_remain_on_chan) { 10255 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 10256 "to cancel"); 10257 return -1; 10258 } 10259 10260 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 10261 "0x%llx", 10262 (long long unsigned int) drv->remain_on_chan_cookie); 10263 10264 msg = nlmsg_alloc(); 10265 if (!msg) 10266 return -1; 10267 10268 nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL); 10269 10270 if (nl80211_set_iface_id(msg, bss) < 0) 10271 goto nla_put_failure; 10272 10273 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 10274 10275 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10276 msg = NULL; 10277 if (ret == 0) 10278 return 0; 10279 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 10280 "%d (%s)", ret, strerror(-ret)); 10281nla_put_failure: 10282 nlmsg_free(msg); 10283 return -1; 10284} 10285 10286 10287static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, int report) 10288{ 10289 struct wpa_driver_nl80211_data *drv = bss->drv; 10290 10291 if (!report) { 10292 if (bss->nl_preq && drv->device_ap_sme && 10293 is_ap_interface(drv->nlmode)) { 10294 /* 10295 * Do not disable Probe Request reporting that was 10296 * enabled in nl80211_setup_ap(). 10297 */ 10298 wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of " 10299 "Probe Request reporting nl_preq=%p while " 10300 "in AP mode", bss->nl_preq); 10301 } else if (bss->nl_preq) { 10302 wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request " 10303 "reporting nl_preq=%p", bss->nl_preq); 10304 nl80211_destroy_eloop_handle(&bss->nl_preq); 10305 } 10306 return 0; 10307 } 10308 10309 if (bss->nl_preq) { 10310 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting " 10311 "already on! nl_preq=%p", bss->nl_preq); 10312 return 0; 10313 } 10314 10315 bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq"); 10316 if (bss->nl_preq == NULL) 10317 return -1; 10318 wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request " 10319 "reporting nl_preq=%p", bss->nl_preq); 10320 10321 if (nl80211_register_frame(bss, bss->nl_preq, 10322 (WLAN_FC_TYPE_MGMT << 2) | 10323 (WLAN_FC_STYPE_PROBE_REQ << 4), 10324 NULL, 0) < 0) 10325 goto out_err; 10326 10327 nl80211_register_eloop_read(&bss->nl_preq, 10328 wpa_driver_nl80211_event_receive, 10329 bss->nl_cb); 10330 10331 return 0; 10332 10333 out_err: 10334 nl_destroy_handles(&bss->nl_preq); 10335 return -1; 10336} 10337 10338 10339static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 10340 int ifindex, int disabled) 10341{ 10342 struct nl_msg *msg; 10343 struct nlattr *bands, *band; 10344 int ret; 10345 10346 msg = nlmsg_alloc(); 10347 if (!msg) 10348 return -1; 10349 10350 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK); 10351 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 10352 10353 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 10354 if (!bands) 10355 goto nla_put_failure; 10356 10357 /* 10358 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 10359 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 10360 * rates. All 5 GHz rates are left enabled. 10361 */ 10362 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 10363 if (!band) 10364 goto nla_put_failure; 10365 if (disabled) { 10366 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 10367 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 10368 } 10369 nla_nest_end(msg, band); 10370 10371 nla_nest_end(msg, bands); 10372 10373 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10374 msg = NULL; 10375 if (ret) { 10376 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 10377 "(%s)", ret, strerror(-ret)); 10378 } else 10379 drv->disabled_11b_rates = disabled; 10380 10381 return ret; 10382 10383nla_put_failure: 10384 nlmsg_free(msg); 10385 return -1; 10386} 10387 10388 10389static int wpa_driver_nl80211_deinit_ap(void *priv) 10390{ 10391 struct i802_bss *bss = priv; 10392 struct wpa_driver_nl80211_data *drv = bss->drv; 10393 if (!is_ap_interface(drv->nlmode)) 10394 return -1; 10395 wpa_driver_nl80211_del_beacon(drv); 10396 10397 /* 10398 * If the P2P GO interface was dynamically added, then it is 10399 * possible that the interface change to station is not possible. 10400 */ 10401 if (drv->nlmode == NL80211_IFTYPE_P2P_GO && bss->if_dynamic) 10402 return 0; 10403 10404 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 10405} 10406 10407 10408static int wpa_driver_nl80211_stop_ap(void *priv) 10409{ 10410 struct i802_bss *bss = priv; 10411 struct wpa_driver_nl80211_data *drv = bss->drv; 10412 if (!is_ap_interface(drv->nlmode)) 10413 return -1; 10414 wpa_driver_nl80211_del_beacon(drv); 10415 bss->beacon_set = 0; 10416 return 0; 10417} 10418 10419 10420static int wpa_driver_nl80211_deinit_p2p_cli(void *priv) 10421{ 10422 struct i802_bss *bss = priv; 10423 struct wpa_driver_nl80211_data *drv = bss->drv; 10424 if (drv->nlmode != NL80211_IFTYPE_P2P_CLIENT) 10425 return -1; 10426 10427 /* 10428 * If the P2P Client interface was dynamically added, then it is 10429 * possible that the interface change to station is not possible. 10430 */ 10431 if (bss->if_dynamic) 10432 return 0; 10433 10434 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 10435} 10436 10437 10438static void wpa_driver_nl80211_resume(void *priv) 10439{ 10440 struct i802_bss *bss = priv; 10441 10442 if (i802_set_iface_flags(bss, 1)) 10443 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event"); 10444} 10445 10446 10447static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 10448 const u8 *ies, size_t ies_len) 10449{ 10450 struct i802_bss *bss = priv; 10451 struct wpa_driver_nl80211_data *drv = bss->drv; 10452 int ret; 10453 u8 *data, *pos; 10454 size_t data_len; 10455 const u8 *own_addr = bss->addr; 10456 10457 if (action != 1) { 10458 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 10459 "action %d", action); 10460 return -1; 10461 } 10462 10463 /* 10464 * Action frame payload: 10465 * Category[1] = 6 (Fast BSS Transition) 10466 * Action[1] = 1 (Fast BSS Transition Request) 10467 * STA Address 10468 * Target AP Address 10469 * FT IEs 10470 */ 10471 10472 data_len = 2 + 2 * ETH_ALEN + ies_len; 10473 data = os_malloc(data_len); 10474 if (data == NULL) 10475 return -1; 10476 pos = data; 10477 *pos++ = 0x06; /* FT Action category */ 10478 *pos++ = action; 10479 os_memcpy(pos, own_addr, ETH_ALEN); 10480 pos += ETH_ALEN; 10481 os_memcpy(pos, target_ap, ETH_ALEN); 10482 pos += ETH_ALEN; 10483 os_memcpy(pos, ies, ies_len); 10484 10485 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0, 10486 drv->bssid, own_addr, drv->bssid, 10487 data, data_len, 0); 10488 os_free(data); 10489 10490 return ret; 10491} 10492 10493 10494static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 10495{ 10496 struct i802_bss *bss = priv; 10497 struct wpa_driver_nl80211_data *drv = bss->drv; 10498 struct nl_msg *msg; 10499 struct nlattr *cqm; 10500 int ret = -1; 10501 10502 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 10503 "hysteresis=%d", threshold, hysteresis); 10504 10505 msg = nlmsg_alloc(); 10506 if (!msg) 10507 return -1; 10508 10509 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM); 10510 10511 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10512 10513 cqm = nla_nest_start(msg, NL80211_ATTR_CQM); 10514 if (cqm == NULL) 10515 goto nla_put_failure; 10516 10517 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 10518 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 10519 nla_nest_end(msg, cqm); 10520 10521 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10522 msg = NULL; 10523 10524nla_put_failure: 10525 nlmsg_free(msg); 10526 return ret; 10527} 10528 10529 10530static int get_channel_width(struct nl_msg *msg, void *arg) 10531{ 10532 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10533 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10534 struct wpa_signal_info *sig_change = arg; 10535 10536 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10537 genlmsg_attrlen(gnlh, 0), NULL); 10538 10539 sig_change->center_frq1 = -1; 10540 sig_change->center_frq2 = -1; 10541 sig_change->chanwidth = CHAN_WIDTH_UNKNOWN; 10542 10543 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) { 10544 sig_change->chanwidth = convert2width( 10545 nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH])); 10546 if (tb[NL80211_ATTR_CENTER_FREQ1]) 10547 sig_change->center_frq1 = 10548 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 10549 if (tb[NL80211_ATTR_CENTER_FREQ2]) 10550 sig_change->center_frq2 = 10551 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 10552 } 10553 10554 return NL_SKIP; 10555} 10556 10557 10558static int nl80211_get_channel_width(struct wpa_driver_nl80211_data *drv, 10559 struct wpa_signal_info *sig) 10560{ 10561 struct nl_msg *msg; 10562 10563 msg = nlmsg_alloc(); 10564 if (!msg) 10565 return -ENOMEM; 10566 10567 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_INTERFACE); 10568 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10569 10570 return send_and_recv_msgs(drv, msg, get_channel_width, sig); 10571 10572nla_put_failure: 10573 nlmsg_free(msg); 10574 return -ENOBUFS; 10575} 10576 10577 10578static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si) 10579{ 10580 struct i802_bss *bss = priv; 10581 struct wpa_driver_nl80211_data *drv = bss->drv; 10582 int res; 10583 10584 os_memset(si, 0, sizeof(*si)); 10585 res = nl80211_get_link_signal(drv, si); 10586 if (res != 0) 10587 return res; 10588 10589 res = nl80211_get_channel_width(drv, si); 10590 if (res != 0) 10591 return res; 10592 10593 return nl80211_get_link_noise(drv, si); 10594} 10595 10596 10597static int wpa_driver_nl80211_shared_freq(void *priv) 10598{ 10599 struct i802_bss *bss = priv; 10600 struct wpa_driver_nl80211_data *drv = bss->drv; 10601 struct wpa_driver_nl80211_data *driver; 10602 int freq = 0; 10603 10604 /* 10605 * If the same PHY is in connected state with some other interface, 10606 * then retrieve the assoc freq. 10607 */ 10608 wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s", 10609 drv->phyname); 10610 10611 dl_list_for_each(driver, &drv->global->interfaces, 10612 struct wpa_driver_nl80211_data, list) { 10613 if (drv == driver || 10614 os_strcmp(drv->phyname, driver->phyname) != 0 || 10615 !driver->associated) 10616 continue; 10617 10618 wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s " 10619 MACSTR, 10620 driver->phyname, driver->first_bss->ifname, 10621 MAC2STR(driver->first_bss->addr)); 10622 if (is_ap_interface(driver->nlmode)) 10623 freq = driver->first_bss->freq; 10624 else 10625 freq = nl80211_get_assoc_freq(driver); 10626 wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d", 10627 drv->phyname, freq); 10628 } 10629 10630 if (!freq) 10631 wpa_printf(MSG_DEBUG, "nl80211: No shared interface for " 10632 "PHY (%s) in associated state", drv->phyname); 10633 10634 return freq; 10635} 10636 10637 10638static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 10639 int encrypt) 10640{ 10641 struct i802_bss *bss = priv; 10642 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0, 10643 0, 0, 0, 0); 10644} 10645 10646 10647static int nl80211_set_param(void *priv, const char *param) 10648{ 10649 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param); 10650 if (param == NULL) 10651 return 0; 10652 10653#ifdef CONFIG_P2P 10654 if (os_strstr(param, "use_p2p_group_interface=1")) { 10655 struct i802_bss *bss = priv; 10656 struct wpa_driver_nl80211_data *drv = bss->drv; 10657 10658 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 10659 "interface"); 10660 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 10661 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 10662 } 10663 10664 if (os_strstr(param, "p2p_device=1")) { 10665 struct i802_bss *bss = priv; 10666 struct wpa_driver_nl80211_data *drv = bss->drv; 10667 drv->allow_p2p_device = 1; 10668 } 10669#endif /* CONFIG_P2P */ 10670 10671 if (os_strstr(param, "use_monitor=1")) { 10672 struct i802_bss *bss = priv; 10673 struct wpa_driver_nl80211_data *drv = bss->drv; 10674 drv->use_monitor = 1; 10675 } 10676 10677 if (os_strstr(param, "force_connect_cmd=1")) { 10678 struct i802_bss *bss = priv; 10679 struct wpa_driver_nl80211_data *drv = bss->drv; 10680 drv->capa.flags &= ~WPA_DRIVER_FLAGS_SME; 10681 } 10682 10683 if (os_strstr(param, "no_offchannel_tx=1")) { 10684 struct i802_bss *bss = priv; 10685 struct wpa_driver_nl80211_data *drv = bss->drv; 10686 drv->capa.flags &= ~WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 10687 drv->test_use_roc_tx = 1; 10688 } 10689 10690 return 0; 10691} 10692 10693 10694static void * nl80211_global_init(void) 10695{ 10696 struct nl80211_global *global; 10697 struct netlink_config *cfg; 10698 10699 global = os_zalloc(sizeof(*global)); 10700 if (global == NULL) 10701 return NULL; 10702 global->ioctl_sock = -1; 10703 dl_list_init(&global->interfaces); 10704 global->if_add_ifindex = -1; 10705 10706 cfg = os_zalloc(sizeof(*cfg)); 10707 if (cfg == NULL) 10708 goto err; 10709 10710 cfg->ctx = global; 10711 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 10712 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 10713 global->netlink = netlink_init(cfg); 10714 if (global->netlink == NULL) { 10715 os_free(cfg); 10716 goto err; 10717 } 10718 10719 if (wpa_driver_nl80211_init_nl_global(global) < 0) 10720 goto err; 10721 10722 global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 10723 if (global->ioctl_sock < 0) { 10724 wpa_printf(MSG_ERROR, "nl80211: socket(PF_INET,SOCK_DGRAM) failed: %s", 10725 strerror(errno)); 10726 goto err; 10727 } 10728 10729 return global; 10730 10731err: 10732 nl80211_global_deinit(global); 10733 return NULL; 10734} 10735 10736 10737static void nl80211_global_deinit(void *priv) 10738{ 10739 struct nl80211_global *global = priv; 10740 if (global == NULL) 10741 return; 10742 if (!dl_list_empty(&global->interfaces)) { 10743 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at " 10744 "nl80211_global_deinit", 10745 dl_list_len(&global->interfaces)); 10746 } 10747 10748 if (global->netlink) 10749 netlink_deinit(global->netlink); 10750 10751 nl_destroy_handles(&global->nl); 10752 10753 if (global->nl_event) 10754 nl80211_destroy_eloop_handle(&global->nl_event); 10755 10756 nl_cb_put(global->nl_cb); 10757 10758 if (global->ioctl_sock >= 0) 10759 close(global->ioctl_sock); 10760 10761 os_free(global); 10762} 10763 10764 10765static const char * nl80211_get_radio_name(void *priv) 10766{ 10767 struct i802_bss *bss = priv; 10768 struct wpa_driver_nl80211_data *drv = bss->drv; 10769 return drv->phyname; 10770} 10771 10772 10773static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid, 10774 const u8 *pmkid) 10775{ 10776 struct nl_msg *msg; 10777 10778 msg = nlmsg_alloc(); 10779 if (!msg) 10780 return -ENOMEM; 10781 10782 nl80211_cmd(bss->drv, msg, 0, cmd); 10783 10784 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 10785 if (pmkid) 10786 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid); 10787 if (bssid) 10788 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 10789 10790 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 10791 nla_put_failure: 10792 nlmsg_free(msg); 10793 return -ENOBUFS; 10794} 10795 10796 10797static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 10798{ 10799 struct i802_bss *bss = priv; 10800 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid)); 10801 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid); 10802} 10803 10804 10805static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 10806{ 10807 struct i802_bss *bss = priv; 10808 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR, 10809 MAC2STR(bssid)); 10810 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid); 10811} 10812 10813 10814static int nl80211_flush_pmkid(void *priv) 10815{ 10816 struct i802_bss *bss = priv; 10817 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs"); 10818 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL); 10819} 10820 10821 10822static void clean_survey_results(struct survey_results *survey_results) 10823{ 10824 struct freq_survey *survey, *tmp; 10825 10826 if (dl_list_empty(&survey_results->survey_list)) 10827 return; 10828 10829 dl_list_for_each_safe(survey, tmp, &survey_results->survey_list, 10830 struct freq_survey, list) { 10831 dl_list_del(&survey->list); 10832 os_free(survey); 10833 } 10834} 10835 10836 10837static void add_survey(struct nlattr **sinfo, u32 ifidx, 10838 struct dl_list *survey_list) 10839{ 10840 struct freq_survey *survey; 10841 10842 survey = os_zalloc(sizeof(struct freq_survey)); 10843 if (!survey) 10844 return; 10845 10846 survey->ifidx = ifidx; 10847 survey->freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 10848 survey->filled = 0; 10849 10850 if (sinfo[NL80211_SURVEY_INFO_NOISE]) { 10851 survey->nf = (int8_t) 10852 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 10853 survey->filled |= SURVEY_HAS_NF; 10854 } 10855 10856 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]) { 10857 survey->channel_time = 10858 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]); 10859 survey->filled |= SURVEY_HAS_CHAN_TIME; 10860 } 10861 10862 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]) { 10863 survey->channel_time_busy = 10864 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]); 10865 survey->filled |= SURVEY_HAS_CHAN_TIME_BUSY; 10866 } 10867 10868 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]) { 10869 survey->channel_time_rx = 10870 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]); 10871 survey->filled |= SURVEY_HAS_CHAN_TIME_RX; 10872 } 10873 10874 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]) { 10875 survey->channel_time_tx = 10876 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]); 10877 survey->filled |= SURVEY_HAS_CHAN_TIME_TX; 10878 } 10879 10880 wpa_printf(MSG_DEBUG, "nl80211: Freq survey dump event (freq=%d MHz noise=%d channel_time=%ld busy_time=%ld tx_time=%ld rx_time=%ld filled=%04x)", 10881 survey->freq, 10882 survey->nf, 10883 (unsigned long int) survey->channel_time, 10884 (unsigned long int) survey->channel_time_busy, 10885 (unsigned long int) survey->channel_time_tx, 10886 (unsigned long int) survey->channel_time_rx, 10887 survey->filled); 10888 10889 dl_list_add_tail(survey_list, &survey->list); 10890} 10891 10892 10893static int check_survey_ok(struct nlattr **sinfo, u32 surveyed_freq, 10894 unsigned int freq_filter) 10895{ 10896 if (!freq_filter) 10897 return 1; 10898 10899 return freq_filter == surveyed_freq; 10900} 10901 10902 10903static int survey_handler(struct nl_msg *msg, void *arg) 10904{ 10905 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10906 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10907 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 10908 struct survey_results *survey_results; 10909 u32 surveyed_freq = 0; 10910 u32 ifidx; 10911 10912 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 10913 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 10914 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 10915 }; 10916 10917 survey_results = (struct survey_results *) arg; 10918 10919 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10920 genlmsg_attrlen(gnlh, 0), NULL); 10921 10922 if (!tb[NL80211_ATTR_IFINDEX]) 10923 return NL_SKIP; 10924 10925 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 10926 10927 if (!tb[NL80211_ATTR_SURVEY_INFO]) 10928 return NL_SKIP; 10929 10930 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 10931 tb[NL80211_ATTR_SURVEY_INFO], 10932 survey_policy)) 10933 return NL_SKIP; 10934 10935 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) { 10936 wpa_printf(MSG_ERROR, "nl80211: Invalid survey data"); 10937 return NL_SKIP; 10938 } 10939 10940 surveyed_freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 10941 10942 if (!check_survey_ok(sinfo, surveyed_freq, 10943 survey_results->freq_filter)) 10944 return NL_SKIP; 10945 10946 if (survey_results->freq_filter && 10947 survey_results->freq_filter != surveyed_freq) { 10948 wpa_printf(MSG_EXCESSIVE, "nl80211: Ignoring survey data for freq %d MHz", 10949 surveyed_freq); 10950 return NL_SKIP; 10951 } 10952 10953 add_survey(sinfo, ifidx, &survey_results->survey_list); 10954 10955 return NL_SKIP; 10956} 10957 10958 10959static int wpa_driver_nl80211_get_survey(void *priv, unsigned int freq) 10960{ 10961 struct i802_bss *bss = priv; 10962 struct wpa_driver_nl80211_data *drv = bss->drv; 10963 struct nl_msg *msg; 10964 int err = -ENOBUFS; 10965 union wpa_event_data data; 10966 struct survey_results *survey_results; 10967 10968 os_memset(&data, 0, sizeof(data)); 10969 survey_results = &data.survey_results; 10970 10971 dl_list_init(&survey_results->survey_list); 10972 10973 msg = nlmsg_alloc(); 10974 if (!msg) 10975 goto nla_put_failure; 10976 10977 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 10978 10979 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10980 10981 if (freq) 10982 data.survey_results.freq_filter = freq; 10983 10984 do { 10985 wpa_printf(MSG_DEBUG, "nl80211: Fetch survey data"); 10986 err = send_and_recv_msgs(drv, msg, survey_handler, 10987 survey_results); 10988 } while (err > 0); 10989 10990 if (err) { 10991 wpa_printf(MSG_ERROR, "nl80211: Failed to process survey data"); 10992 goto out_clean; 10993 } 10994 10995 wpa_supplicant_event(drv->ctx, EVENT_SURVEY, &data); 10996 10997out_clean: 10998 clean_survey_results(survey_results); 10999nla_put_failure: 11000 return err; 11001} 11002 11003 11004static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck, 11005 const u8 *replay_ctr) 11006{ 11007 struct i802_bss *bss = priv; 11008 struct wpa_driver_nl80211_data *drv = bss->drv; 11009 struct nlattr *replay_nested; 11010 struct nl_msg *msg; 11011 11012 msg = nlmsg_alloc(); 11013 if (!msg) 11014 return; 11015 11016 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 11017 11018 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 11019 11020 replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 11021 if (!replay_nested) 11022 goto nla_put_failure; 11023 11024 NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek); 11025 NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck); 11026 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN, 11027 replay_ctr); 11028 11029 nla_nest_end(msg, replay_nested); 11030 11031 send_and_recv_msgs(drv, msg, NULL, NULL); 11032 return; 11033 nla_put_failure: 11034 nlmsg_free(msg); 11035} 11036 11037 11038static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr, 11039 const u8 *addr, int qos) 11040{ 11041 /* send data frame to poll STA and check whether 11042 * this frame is ACKed */ 11043 struct { 11044 struct ieee80211_hdr hdr; 11045 u16 qos_ctl; 11046 } STRUCT_PACKED nulldata; 11047 size_t size; 11048 11049 /* Send data frame to poll STA and check whether this frame is ACKed */ 11050 11051 os_memset(&nulldata, 0, sizeof(nulldata)); 11052 11053 if (qos) { 11054 nulldata.hdr.frame_control = 11055 IEEE80211_FC(WLAN_FC_TYPE_DATA, 11056 WLAN_FC_STYPE_QOS_NULL); 11057 size = sizeof(nulldata); 11058 } else { 11059 nulldata.hdr.frame_control = 11060 IEEE80211_FC(WLAN_FC_TYPE_DATA, 11061 WLAN_FC_STYPE_NULLFUNC); 11062 size = sizeof(struct ieee80211_hdr); 11063 } 11064 11065 nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS); 11066 os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN); 11067 os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 11068 os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 11069 11070 if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0, 11071 0, 0) < 0) 11072 wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to " 11073 "send poll frame"); 11074} 11075 11076static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr, 11077 int qos) 11078{ 11079 struct i802_bss *bss = priv; 11080 struct wpa_driver_nl80211_data *drv = bss->drv; 11081 struct nl_msg *msg; 11082 11083 if (!drv->poll_command_supported) { 11084 nl80211_send_null_frame(bss, own_addr, addr, qos); 11085 return; 11086 } 11087 11088 msg = nlmsg_alloc(); 11089 if (!msg) 11090 return; 11091 11092 nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT); 11093 11094 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 11095 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 11096 11097 send_and_recv_msgs(drv, msg, NULL, NULL); 11098 return; 11099 nla_put_failure: 11100 nlmsg_free(msg); 11101} 11102 11103 11104static int nl80211_set_power_save(struct i802_bss *bss, int enabled) 11105{ 11106 struct nl_msg *msg; 11107 11108 msg = nlmsg_alloc(); 11109 if (!msg) 11110 return -ENOMEM; 11111 11112 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_SET_POWER_SAVE); 11113 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 11114 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, 11115 enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED); 11116 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 11117nla_put_failure: 11118 nlmsg_free(msg); 11119 return -ENOBUFS; 11120} 11121 11122 11123static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps, 11124 int ctwindow) 11125{ 11126 struct i802_bss *bss = priv; 11127 11128 wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d " 11129 "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow); 11130 11131 if (opp_ps != -1 || ctwindow != -1) { 11132#ifdef ANDROID_P2P 11133 wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow); 11134#else /* ANDROID_P2P */ 11135 return -1; /* Not yet supported */ 11136#endif /* ANDROID_P2P */ 11137 } 11138 11139 if (legacy_ps == -1) 11140 return 0; 11141 if (legacy_ps != 0 && legacy_ps != 1) 11142 return -1; /* Not yet supported */ 11143 11144 return nl80211_set_power_save(bss, legacy_ps); 11145} 11146 11147 11148static int nl80211_start_radar_detection(void *priv, 11149 struct hostapd_freq_params *freq) 11150{ 11151 struct i802_bss *bss = priv; 11152 struct wpa_driver_nl80211_data *drv = bss->drv; 11153 struct nl_msg *msg; 11154 int ret; 11155 11156 wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)", 11157 freq->freq, freq->ht_enabled, freq->vht_enabled, 11158 freq->bandwidth, freq->center_freq1, freq->center_freq2); 11159 11160 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) { 11161 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support radar " 11162 "detection"); 11163 return -1; 11164 } 11165 11166 msg = nlmsg_alloc(); 11167 if (!msg) 11168 return -1; 11169 11170 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_RADAR_DETECT); 11171 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11172 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq); 11173 11174 if (freq->vht_enabled) { 11175 switch (freq->bandwidth) { 11176 case 20: 11177 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11178 NL80211_CHAN_WIDTH_20); 11179 break; 11180 case 40: 11181 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11182 NL80211_CHAN_WIDTH_40); 11183 break; 11184 case 80: 11185 if (freq->center_freq2) 11186 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11187 NL80211_CHAN_WIDTH_80P80); 11188 else 11189 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11190 NL80211_CHAN_WIDTH_80); 11191 break; 11192 case 160: 11193 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11194 NL80211_CHAN_WIDTH_160); 11195 break; 11196 default: 11197 return -1; 11198 } 11199 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1); 11200 if (freq->center_freq2) 11201 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2, 11202 freq->center_freq2); 11203 } else if (freq->ht_enabled) { 11204 switch (freq->sec_channel_offset) { 11205 case -1: 11206 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11207 NL80211_CHAN_HT40MINUS); 11208 break; 11209 case 1: 11210 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11211 NL80211_CHAN_HT40PLUS); 11212 break; 11213 default: 11214 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11215 NL80211_CHAN_HT20); 11216 break; 11217 } 11218 } 11219 11220 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11221 if (ret == 0) 11222 return 0; 11223 wpa_printf(MSG_DEBUG, "nl80211: Failed to start radar detection: " 11224 "%d (%s)", ret, strerror(-ret)); 11225nla_put_failure: 11226 return -1; 11227} 11228 11229#ifdef CONFIG_TDLS 11230 11231static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code, 11232 u8 dialog_token, u16 status_code, 11233 u32 peer_capab, const u8 *buf, size_t len) 11234{ 11235 struct i802_bss *bss = priv; 11236 struct wpa_driver_nl80211_data *drv = bss->drv; 11237 struct nl_msg *msg; 11238 11239 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 11240 return -EOPNOTSUPP; 11241 11242 if (!dst) 11243 return -EINVAL; 11244 11245 msg = nlmsg_alloc(); 11246 if (!msg) 11247 return -ENOMEM; 11248 11249 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT); 11250 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11251 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 11252 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code); 11253 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token); 11254 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code); 11255 if (peer_capab) { 11256 /* 11257 * The internal enum tdls_peer_capability definition is 11258 * currently identical with the nl80211 enum 11259 * nl80211_tdls_peer_capability, so no conversion is needed 11260 * here. 11261 */ 11262 NLA_PUT_U32(msg, NL80211_ATTR_TDLS_PEER_CAPABILITY, peer_capab); 11263 } 11264 NLA_PUT(msg, NL80211_ATTR_IE, len, buf); 11265 11266 return send_and_recv_msgs(drv, msg, NULL, NULL); 11267 11268nla_put_failure: 11269 nlmsg_free(msg); 11270 return -ENOBUFS; 11271} 11272 11273 11274static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer) 11275{ 11276 struct i802_bss *bss = priv; 11277 struct wpa_driver_nl80211_data *drv = bss->drv; 11278 struct nl_msg *msg; 11279 enum nl80211_tdls_operation nl80211_oper; 11280 11281 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 11282 return -EOPNOTSUPP; 11283 11284 switch (oper) { 11285 case TDLS_DISCOVERY_REQ: 11286 nl80211_oper = NL80211_TDLS_DISCOVERY_REQ; 11287 break; 11288 case TDLS_SETUP: 11289 nl80211_oper = NL80211_TDLS_SETUP; 11290 break; 11291 case TDLS_TEARDOWN: 11292 nl80211_oper = NL80211_TDLS_TEARDOWN; 11293 break; 11294 case TDLS_ENABLE_LINK: 11295 nl80211_oper = NL80211_TDLS_ENABLE_LINK; 11296 break; 11297 case TDLS_DISABLE_LINK: 11298 nl80211_oper = NL80211_TDLS_DISABLE_LINK; 11299 break; 11300 case TDLS_ENABLE: 11301 return 0; 11302 case TDLS_DISABLE: 11303 return 0; 11304 default: 11305 return -EINVAL; 11306 } 11307 11308 msg = nlmsg_alloc(); 11309 if (!msg) 11310 return -ENOMEM; 11311 11312 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER); 11313 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper); 11314 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11315 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer); 11316 11317 return send_and_recv_msgs(drv, msg, NULL, NULL); 11318 11319nla_put_failure: 11320 nlmsg_free(msg); 11321 return -ENOBUFS; 11322} 11323 11324#endif /* CONFIG TDLS */ 11325 11326 11327#ifdef ANDROID 11328 11329typedef struct android_wifi_priv_cmd { 11330 char *buf; 11331 int used_len; 11332 int total_len; 11333} android_wifi_priv_cmd; 11334 11335static int drv_errors = 0; 11336 11337static void wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data *drv) 11338{ 11339 drv_errors++; 11340 if (drv_errors > DRV_NUMBER_SEQUENTIAL_ERRORS) { 11341 drv_errors = 0; 11342 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED"); 11343 } 11344} 11345 11346 11347static int android_priv_cmd(struct i802_bss *bss, const char *cmd) 11348{ 11349 struct wpa_driver_nl80211_data *drv = bss->drv; 11350 struct ifreq ifr; 11351 android_wifi_priv_cmd priv_cmd; 11352 char buf[MAX_DRV_CMD_SIZE]; 11353 int ret; 11354 11355 os_memset(&ifr, 0, sizeof(ifr)); 11356 os_memset(&priv_cmd, 0, sizeof(priv_cmd)); 11357 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 11358 11359 os_memset(buf, 0, sizeof(buf)); 11360 os_strlcpy(buf, cmd, sizeof(buf)); 11361 11362 priv_cmd.buf = buf; 11363 priv_cmd.used_len = sizeof(buf); 11364 priv_cmd.total_len = sizeof(buf); 11365 ifr.ifr_data = &priv_cmd; 11366 11367 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 11368 if (ret < 0) { 11369 wpa_printf(MSG_ERROR, "%s: failed to issue private commands", 11370 __func__); 11371 wpa_driver_send_hang_msg(drv); 11372 return ret; 11373 } 11374 11375 drv_errors = 0; 11376 return 0; 11377} 11378 11379 11380static int android_pno_start(struct i802_bss *bss, 11381 struct wpa_driver_scan_params *params) 11382{ 11383 struct wpa_driver_nl80211_data *drv = bss->drv; 11384 struct ifreq ifr; 11385 android_wifi_priv_cmd priv_cmd; 11386 int ret = 0, i = 0, bp; 11387 char buf[WEXT_PNO_MAX_COMMAND_SIZE]; 11388 11389 bp = WEXT_PNOSETUP_HEADER_SIZE; 11390 os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp); 11391 buf[bp++] = WEXT_PNO_TLV_PREFIX; 11392 buf[bp++] = WEXT_PNO_TLV_VERSION; 11393 buf[bp++] = WEXT_PNO_TLV_SUBVERSION; 11394 buf[bp++] = WEXT_PNO_TLV_RESERVED; 11395 11396 while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) { 11397 /* Check that there is enough space needed for 1 more SSID, the 11398 * other sections and null termination */ 11399 if ((bp + WEXT_PNO_SSID_HEADER_SIZE + MAX_SSID_LEN + 11400 WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf)) 11401 break; 11402 wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan", 11403 params->ssids[i].ssid, 11404 params->ssids[i].ssid_len); 11405 buf[bp++] = WEXT_PNO_SSID_SECTION; 11406 buf[bp++] = params->ssids[i].ssid_len; 11407 os_memcpy(&buf[bp], params->ssids[i].ssid, 11408 params->ssids[i].ssid_len); 11409 bp += params->ssids[i].ssid_len; 11410 i++; 11411 } 11412 11413 buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION; 11414 os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x", 11415 WEXT_PNO_SCAN_INTERVAL); 11416 bp += WEXT_PNO_SCAN_INTERVAL_LENGTH; 11417 11418 buf[bp++] = WEXT_PNO_REPEAT_SECTION; 11419 os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x", 11420 WEXT_PNO_REPEAT); 11421 bp += WEXT_PNO_REPEAT_LENGTH; 11422 11423 buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION; 11424 os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x", 11425 WEXT_PNO_MAX_REPEAT); 11426 bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1; 11427 11428 memset(&ifr, 0, sizeof(ifr)); 11429 memset(&priv_cmd, 0, sizeof(priv_cmd)); 11430 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 11431 11432 priv_cmd.buf = buf; 11433 priv_cmd.used_len = bp; 11434 priv_cmd.total_len = bp; 11435 ifr.ifr_data = &priv_cmd; 11436 11437 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 11438 11439 if (ret < 0) { 11440 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d", 11441 ret); 11442 wpa_driver_send_hang_msg(drv); 11443 return ret; 11444 } 11445 11446 drv_errors = 0; 11447 11448 return android_priv_cmd(bss, "PNOFORCE 1"); 11449} 11450 11451 11452static int android_pno_stop(struct i802_bss *bss) 11453{ 11454 return android_priv_cmd(bss, "PNOFORCE 0"); 11455} 11456 11457#endif /* ANDROID */ 11458 11459 11460static int driver_nl80211_set_key(const char *ifname, void *priv, 11461 enum wpa_alg alg, const u8 *addr, 11462 int key_idx, int set_tx, 11463 const u8 *seq, size_t seq_len, 11464 const u8 *key, size_t key_len) 11465{ 11466 struct i802_bss *bss = priv; 11467 return wpa_driver_nl80211_set_key(ifname, bss, alg, addr, key_idx, 11468 set_tx, seq, seq_len, key, key_len); 11469} 11470 11471 11472static int driver_nl80211_scan2(void *priv, 11473 struct wpa_driver_scan_params *params) 11474{ 11475 struct i802_bss *bss = priv; 11476 return wpa_driver_nl80211_scan(bss, params); 11477} 11478 11479 11480static int driver_nl80211_deauthenticate(void *priv, const u8 *addr, 11481 int reason_code) 11482{ 11483 struct i802_bss *bss = priv; 11484 return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code); 11485} 11486 11487 11488static int driver_nl80211_authenticate(void *priv, 11489 struct wpa_driver_auth_params *params) 11490{ 11491 struct i802_bss *bss = priv; 11492 return wpa_driver_nl80211_authenticate(bss, params); 11493} 11494 11495 11496static void driver_nl80211_deinit(void *priv) 11497{ 11498 struct i802_bss *bss = priv; 11499 wpa_driver_nl80211_deinit(bss); 11500} 11501 11502 11503static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type, 11504 const char *ifname) 11505{ 11506 struct i802_bss *bss = priv; 11507 return wpa_driver_nl80211_if_remove(bss, type, ifname); 11508} 11509 11510 11511static int driver_nl80211_send_mlme(void *priv, const u8 *data, 11512 size_t data_len, int noack) 11513{ 11514 struct i802_bss *bss = priv; 11515 return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack, 11516 0, 0, 0, 0); 11517} 11518 11519 11520static int driver_nl80211_sta_remove(void *priv, const u8 *addr) 11521{ 11522 struct i802_bss *bss = priv; 11523 return wpa_driver_nl80211_sta_remove(bss, addr); 11524} 11525 11526 11527static int driver_nl80211_set_sta_vlan(void *priv, const u8 *addr, 11528 const char *ifname, int vlan_id) 11529{ 11530 struct i802_bss *bss = priv; 11531 return i802_set_sta_vlan(bss, addr, ifname, vlan_id); 11532} 11533 11534 11535static int driver_nl80211_read_sta_data(void *priv, 11536 struct hostap_sta_driver_data *data, 11537 const u8 *addr) 11538{ 11539 struct i802_bss *bss = priv; 11540 return i802_read_sta_data(bss, data, addr); 11541} 11542 11543 11544static int driver_nl80211_send_action(void *priv, unsigned int freq, 11545 unsigned int wait_time, 11546 const u8 *dst, const u8 *src, 11547 const u8 *bssid, 11548 const u8 *data, size_t data_len, 11549 int no_cck) 11550{ 11551 struct i802_bss *bss = priv; 11552 return wpa_driver_nl80211_send_action(bss, freq, wait_time, dst, src, 11553 bssid, data, data_len, no_cck); 11554} 11555 11556 11557static int driver_nl80211_probe_req_report(void *priv, int report) 11558{ 11559 struct i802_bss *bss = priv; 11560 return wpa_driver_nl80211_probe_req_report(bss, report); 11561} 11562 11563 11564static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md, 11565 const u8 *ies, size_t ies_len) 11566{ 11567 int ret; 11568 struct nl_msg *msg; 11569 struct i802_bss *bss = priv; 11570 struct wpa_driver_nl80211_data *drv = bss->drv; 11571 u16 mdid = WPA_GET_LE16(md); 11572 11573 msg = nlmsg_alloc(); 11574 if (!msg) 11575 return -ENOMEM; 11576 11577 wpa_printf(MSG_DEBUG, "nl80211: Updating FT IEs"); 11578 nl80211_cmd(drv, msg, 0, NL80211_CMD_UPDATE_FT_IES); 11579 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11580 NLA_PUT(msg, NL80211_ATTR_IE, ies_len, ies); 11581 NLA_PUT_U16(msg, NL80211_ATTR_MDID, mdid); 11582 11583 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11584 if (ret) { 11585 wpa_printf(MSG_DEBUG, "nl80211: update_ft_ies failed " 11586 "err=%d (%s)", ret, strerror(-ret)); 11587 } 11588 11589 return ret; 11590 11591nla_put_failure: 11592 nlmsg_free(msg); 11593 return -ENOBUFS; 11594} 11595 11596 11597const u8 * wpa_driver_nl80211_get_macaddr(void *priv) 11598{ 11599 struct i802_bss *bss = priv; 11600 struct wpa_driver_nl80211_data *drv = bss->drv; 11601 11602 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) 11603 return NULL; 11604 11605 return bss->addr; 11606} 11607 11608 11609static const char * scan_state_str(enum scan_states scan_state) 11610{ 11611 switch (scan_state) { 11612 case NO_SCAN: 11613 return "NO_SCAN"; 11614 case SCAN_REQUESTED: 11615 return "SCAN_REQUESTED"; 11616 case SCAN_STARTED: 11617 return "SCAN_STARTED"; 11618 case SCAN_COMPLETED: 11619 return "SCAN_COMPLETED"; 11620 case SCAN_ABORTED: 11621 return "SCAN_ABORTED"; 11622 case SCHED_SCAN_STARTED: 11623 return "SCHED_SCAN_STARTED"; 11624 case SCHED_SCAN_STOPPED: 11625 return "SCHED_SCAN_STOPPED"; 11626 case SCHED_SCAN_RESULTS: 11627 return "SCHED_SCAN_RESULTS"; 11628 } 11629 11630 return "??"; 11631} 11632 11633 11634static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen) 11635{ 11636 struct i802_bss *bss = priv; 11637 struct wpa_driver_nl80211_data *drv = bss->drv; 11638 int res; 11639 char *pos, *end; 11640 11641 pos = buf; 11642 end = buf + buflen; 11643 11644 res = os_snprintf(pos, end - pos, 11645 "ifindex=%d\n" 11646 "ifname=%s\n" 11647 "brname=%s\n" 11648 "addr=" MACSTR "\n" 11649 "freq=%d\n" 11650 "%s%s%s%s%s", 11651 bss->ifindex, 11652 bss->ifname, 11653 bss->brname, 11654 MAC2STR(bss->addr), 11655 bss->freq, 11656 bss->beacon_set ? "beacon_set=1\n" : "", 11657 bss->added_if_into_bridge ? 11658 "added_if_into_bridge=1\n" : "", 11659 bss->added_bridge ? "added_bridge=1\n" : "", 11660 bss->in_deinit ? "in_deinit=1\n" : "", 11661 bss->if_dynamic ? "if_dynamic=1\n" : ""); 11662 if (res < 0 || res >= end - pos) 11663 return pos - buf; 11664 pos += res; 11665 11666 if (bss->wdev_id_set) { 11667 res = os_snprintf(pos, end - pos, "wdev_id=%llu\n", 11668 (unsigned long long) bss->wdev_id); 11669 if (res < 0 || res >= end - pos) 11670 return pos - buf; 11671 pos += res; 11672 } 11673 11674 res = os_snprintf(pos, end - pos, 11675 "phyname=%s\n" 11676 "drv_ifindex=%d\n" 11677 "operstate=%d\n" 11678 "scan_state=%s\n" 11679 "auth_bssid=" MACSTR "\n" 11680 "auth_attempt_bssid=" MACSTR "\n" 11681 "bssid=" MACSTR "\n" 11682 "prev_bssid=" MACSTR "\n" 11683 "associated=%d\n" 11684 "assoc_freq=%u\n" 11685 "monitor_sock=%d\n" 11686 "monitor_ifidx=%d\n" 11687 "monitor_refcount=%d\n" 11688 "last_mgmt_freq=%u\n" 11689 "eapol_tx_sock=%d\n" 11690 "%s%s%s%s%s%s%s%s%s%s%s%s%s", 11691 drv->phyname, 11692 drv->ifindex, 11693 drv->operstate, 11694 scan_state_str(drv->scan_state), 11695 MAC2STR(drv->auth_bssid), 11696 MAC2STR(drv->auth_attempt_bssid), 11697 MAC2STR(drv->bssid), 11698 MAC2STR(drv->prev_bssid), 11699 drv->associated, 11700 drv->assoc_freq, 11701 drv->monitor_sock, 11702 drv->monitor_ifidx, 11703 drv->monitor_refcount, 11704 drv->last_mgmt_freq, 11705 drv->eapol_tx_sock, 11706 drv->ignore_if_down_event ? 11707 "ignore_if_down_event=1\n" : "", 11708 drv->scan_complete_events ? 11709 "scan_complete_events=1\n" : "", 11710 drv->disabled_11b_rates ? 11711 "disabled_11b_rates=1\n" : "", 11712 drv->pending_remain_on_chan ? 11713 "pending_remain_on_chan=1\n" : "", 11714 drv->in_interface_list ? "in_interface_list=1\n" : "", 11715 drv->device_ap_sme ? "device_ap_sme=1\n" : "", 11716 drv->poll_command_supported ? 11717 "poll_command_supported=1\n" : "", 11718 drv->data_tx_status ? "data_tx_status=1\n" : "", 11719 drv->scan_for_auth ? "scan_for_auth=1\n" : "", 11720 drv->retry_auth ? "retry_auth=1\n" : "", 11721 drv->use_monitor ? "use_monitor=1\n" : "", 11722 drv->ignore_next_local_disconnect ? 11723 "ignore_next_local_disconnect=1\n" : "", 11724 drv->allow_p2p_device ? "allow_p2p_device=1\n" : ""); 11725 if (res < 0 || res >= end - pos) 11726 return pos - buf; 11727 pos += res; 11728 11729 if (drv->has_capability) { 11730 res = os_snprintf(pos, end - pos, 11731 "capa.key_mgmt=0x%x\n" 11732 "capa.enc=0x%x\n" 11733 "capa.auth=0x%x\n" 11734 "capa.flags=0x%x\n" 11735 "capa.max_scan_ssids=%d\n" 11736 "capa.max_sched_scan_ssids=%d\n" 11737 "capa.sched_scan_supported=%d\n" 11738 "capa.max_match_sets=%d\n" 11739 "capa.max_remain_on_chan=%u\n" 11740 "capa.max_stations=%u\n" 11741 "capa.probe_resp_offloads=0x%x\n" 11742 "capa.max_acl_mac_addrs=%u\n" 11743 "capa.num_multichan_concurrent=%u\n", 11744 drv->capa.key_mgmt, 11745 drv->capa.enc, 11746 drv->capa.auth, 11747 drv->capa.flags, 11748 drv->capa.max_scan_ssids, 11749 drv->capa.max_sched_scan_ssids, 11750 drv->capa.sched_scan_supported, 11751 drv->capa.max_match_sets, 11752 drv->capa.max_remain_on_chan, 11753 drv->capa.max_stations, 11754 drv->capa.probe_resp_offloads, 11755 drv->capa.max_acl_mac_addrs, 11756 drv->capa.num_multichan_concurrent); 11757 if (res < 0 || res >= end - pos) 11758 return pos - buf; 11759 pos += res; 11760 } 11761 11762 return pos - buf; 11763} 11764 11765 11766static int set_beacon_data(struct nl_msg *msg, struct beacon_data *settings) 11767{ 11768 if (settings->head) 11769 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, 11770 settings->head_len, settings->head); 11771 11772 if (settings->tail) 11773 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, 11774 settings->tail_len, settings->tail); 11775 11776 if (settings->beacon_ies) 11777 NLA_PUT(msg, NL80211_ATTR_IE, 11778 settings->beacon_ies_len, settings->beacon_ies); 11779 11780 if (settings->proberesp_ies) 11781 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 11782 settings->proberesp_ies_len, settings->proberesp_ies); 11783 11784 if (settings->assocresp_ies) 11785 NLA_PUT(msg, 11786 NL80211_ATTR_IE_ASSOC_RESP, 11787 settings->assocresp_ies_len, settings->assocresp_ies); 11788 11789 if (settings->probe_resp) 11790 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, 11791 settings->probe_resp_len, settings->probe_resp); 11792 11793 return 0; 11794 11795nla_put_failure: 11796 return -ENOBUFS; 11797} 11798 11799 11800static int nl80211_switch_channel(void *priv, struct csa_settings *settings) 11801{ 11802 struct nl_msg *msg; 11803 struct i802_bss *bss = priv; 11804 struct wpa_driver_nl80211_data *drv = bss->drv; 11805 struct nlattr *beacon_csa; 11806 int ret = -ENOBUFS; 11807 11808 wpa_printf(MSG_DEBUG, "nl80211: Channel switch request (cs_count=%u block_tx=%u freq=%d width=%d cf1=%d cf2=%d)", 11809 settings->cs_count, settings->block_tx, 11810 settings->freq_params.freq, settings->freq_params.bandwidth, 11811 settings->freq_params.center_freq1, 11812 settings->freq_params.center_freq2); 11813 11814 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_AP_CSA)) { 11815 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support channel switch command"); 11816 return -EOPNOTSUPP; 11817 } 11818 11819 if ((drv->nlmode != NL80211_IFTYPE_AP) && 11820 (drv->nlmode != NL80211_IFTYPE_P2P_GO)) 11821 return -EOPNOTSUPP; 11822 11823 /* check settings validity */ 11824 if (!settings->beacon_csa.tail || 11825 ((settings->beacon_csa.tail_len <= 11826 settings->counter_offset_beacon) || 11827 (settings->beacon_csa.tail[settings->counter_offset_beacon] != 11828 settings->cs_count))) 11829 return -EINVAL; 11830 11831 if (settings->beacon_csa.probe_resp && 11832 ((settings->beacon_csa.probe_resp_len <= 11833 settings->counter_offset_presp) || 11834 (settings->beacon_csa.probe_resp[settings->counter_offset_presp] != 11835 settings->cs_count))) 11836 return -EINVAL; 11837 11838 msg = nlmsg_alloc(); 11839 if (!msg) 11840 return -ENOMEM; 11841 11842 nl80211_cmd(drv, msg, 0, NL80211_CMD_CHANNEL_SWITCH); 11843 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11844 NLA_PUT_U32(msg, NL80211_ATTR_CH_SWITCH_COUNT, settings->cs_count); 11845 ret = nl80211_put_freq_params(msg, &settings->freq_params); 11846 if (ret) 11847 goto error; 11848 11849 if (settings->block_tx) 11850 NLA_PUT_FLAG(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX); 11851 11852 /* beacon_after params */ 11853 ret = set_beacon_data(msg, &settings->beacon_after); 11854 if (ret) 11855 goto error; 11856 11857 /* beacon_csa params */ 11858 beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES); 11859 if (!beacon_csa) 11860 goto nla_put_failure; 11861 11862 ret = set_beacon_data(msg, &settings->beacon_csa); 11863 if (ret) 11864 goto error; 11865 11866 NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_BEACON, 11867 settings->counter_offset_beacon); 11868 11869 if (settings->beacon_csa.probe_resp) 11870 NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_PRESP, 11871 settings->counter_offset_presp); 11872 11873 nla_nest_end(msg, beacon_csa); 11874 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11875 if (ret) { 11876 wpa_printf(MSG_DEBUG, "nl80211: switch_channel failed err=%d (%s)", 11877 ret, strerror(-ret)); 11878 } 11879 return ret; 11880 11881nla_put_failure: 11882 ret = -ENOBUFS; 11883error: 11884 nlmsg_free(msg); 11885 wpa_printf(MSG_DEBUG, "nl80211: Could not build channel switch request"); 11886 return ret; 11887} 11888 11889 11890#ifdef CONFIG_TESTING_OPTIONS 11891static int cmd_reply_handler(struct nl_msg *msg, void *arg) 11892{ 11893 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 11894 struct wpabuf *buf = arg; 11895 11896 if (!buf) 11897 return NL_SKIP; 11898 11899 if ((size_t) genlmsg_attrlen(gnlh, 0) > wpabuf_tailroom(buf)) { 11900 wpa_printf(MSG_INFO, "nl80211: insufficient buffer space for reply"); 11901 return NL_SKIP; 11902 } 11903 11904 wpabuf_put_data(buf, genlmsg_attrdata(gnlh, 0), 11905 genlmsg_attrlen(gnlh, 0)); 11906 11907 return NL_SKIP; 11908} 11909#endif /* CONFIG_TESTING_OPTIONS */ 11910 11911 11912static int vendor_reply_handler(struct nl_msg *msg, void *arg) 11913{ 11914 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 11915 struct nlattr *nl_vendor_reply, *nl; 11916 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 11917 struct wpabuf *buf = arg; 11918 int rem; 11919 11920 if (!buf) 11921 return NL_SKIP; 11922 11923 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 11924 genlmsg_attrlen(gnlh, 0), NULL); 11925 nl_vendor_reply = tb[NL80211_ATTR_VENDOR_DATA]; 11926 11927 if (!nl_vendor_reply) 11928 return NL_SKIP; 11929 11930 if ((size_t) nla_len(nl_vendor_reply) > wpabuf_tailroom(buf)) { 11931 wpa_printf(MSG_INFO, "nl80211: Vendor command: insufficient buffer space for reply"); 11932 return NL_SKIP; 11933 } 11934 11935 nla_for_each_nested(nl, nl_vendor_reply, rem) { 11936 wpabuf_put_data(buf, nla_data(nl), nla_len(nl)); 11937 } 11938 11939 return NL_SKIP; 11940} 11941 11942 11943static int nl80211_vendor_cmd(void *priv, unsigned int vendor_id, 11944 unsigned int subcmd, const u8 *data, 11945 size_t data_len, struct wpabuf *buf) 11946{ 11947 struct i802_bss *bss = priv; 11948 struct wpa_driver_nl80211_data *drv = bss->drv; 11949 struct nl_msg *msg; 11950 int ret; 11951 11952 msg = nlmsg_alloc(); 11953 if (!msg) 11954 return -ENOMEM; 11955 11956#ifdef CONFIG_TESTING_OPTIONS 11957 if (vendor_id == 0xffffffff) { 11958 nl80211_cmd(drv, msg, 0, subcmd); 11959 if (nlmsg_append(msg, (void *) data, data_len, NLMSG_ALIGNTO) < 11960 0) 11961 goto nla_put_failure; 11962 ret = send_and_recv_msgs(drv, msg, cmd_reply_handler, buf); 11963 if (ret) 11964 wpa_printf(MSG_DEBUG, "nl80211: command failed err=%d", 11965 ret); 11966 return ret; 11967 } 11968#endif /* CONFIG_TESTING_OPTIONS */ 11969 11970 nl80211_cmd(drv, msg, 0, NL80211_CMD_VENDOR); 11971 if (nl80211_set_iface_id(msg, bss) < 0) 11972 goto nla_put_failure; 11973 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_ID, vendor_id); 11974 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_SUBCMD, subcmd); 11975 if (data) 11976 NLA_PUT(msg, NL80211_ATTR_VENDOR_DATA, data_len, data); 11977 11978 ret = send_and_recv_msgs(drv, msg, vendor_reply_handler, buf); 11979 if (ret) 11980 wpa_printf(MSG_DEBUG, "nl80211: vendor command failed err=%d", 11981 ret); 11982 return ret; 11983 11984nla_put_failure: 11985 nlmsg_free(msg); 11986 return -ENOBUFS; 11987} 11988 11989 11990static int nl80211_set_qos_map(void *priv, const u8 *qos_map_set, 11991 u8 qos_map_set_len) 11992{ 11993 struct i802_bss *bss = priv; 11994 struct wpa_driver_nl80211_data *drv = bss->drv; 11995 struct nl_msg *msg; 11996 int ret; 11997 11998 msg = nlmsg_alloc(); 11999 if (!msg) 12000 return -ENOMEM; 12001 12002 wpa_hexdump(MSG_DEBUG, "nl80211: Setting QoS Map", 12003 qos_map_set, qos_map_set_len); 12004 12005 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_QOS_MAP); 12006 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 12007 NLA_PUT(msg, NL80211_ATTR_QOS_MAP, qos_map_set_len, qos_map_set); 12008 12009 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 12010 if (ret) 12011 wpa_printf(MSG_DEBUG, "nl80211: Setting QoS Map failed"); 12012 12013 return ret; 12014 12015nla_put_failure: 12016 nlmsg_free(msg); 12017 return -ENOBUFS; 12018} 12019 12020 12021const struct wpa_driver_ops wpa_driver_nl80211_ops = { 12022 .name = "nl80211", 12023 .desc = "Linux nl80211/cfg80211", 12024 .get_bssid = wpa_driver_nl80211_get_bssid, 12025 .get_ssid = wpa_driver_nl80211_get_ssid, 12026 .set_key = driver_nl80211_set_key, 12027 .scan2 = driver_nl80211_scan2, 12028 .sched_scan = wpa_driver_nl80211_sched_scan, 12029 .stop_sched_scan = wpa_driver_nl80211_stop_sched_scan, 12030 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 12031 .deauthenticate = driver_nl80211_deauthenticate, 12032 .authenticate = driver_nl80211_authenticate, 12033 .associate = wpa_driver_nl80211_associate, 12034 .global_init = nl80211_global_init, 12035 .global_deinit = nl80211_global_deinit, 12036 .init2 = wpa_driver_nl80211_init, 12037 .deinit = driver_nl80211_deinit, 12038 .get_capa = wpa_driver_nl80211_get_capa, 12039 .set_operstate = wpa_driver_nl80211_set_operstate, 12040 .set_supp_port = wpa_driver_nl80211_set_supp_port, 12041 .set_country = wpa_driver_nl80211_set_country, 12042 .get_country = wpa_driver_nl80211_get_country, 12043 .set_ap = wpa_driver_nl80211_set_ap, 12044 .set_acl = wpa_driver_nl80211_set_acl, 12045 .if_add = wpa_driver_nl80211_if_add, 12046 .if_remove = driver_nl80211_if_remove, 12047 .send_mlme = driver_nl80211_send_mlme, 12048 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 12049 .sta_add = wpa_driver_nl80211_sta_add, 12050 .sta_remove = driver_nl80211_sta_remove, 12051 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 12052 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 12053 .hapd_init = i802_init, 12054 .hapd_deinit = i802_deinit, 12055 .set_wds_sta = i802_set_wds_sta, 12056 .get_seqnum = i802_get_seqnum, 12057 .flush = i802_flush, 12058 .get_inact_sec = i802_get_inact_sec, 12059 .sta_clear_stats = i802_sta_clear_stats, 12060 .set_rts = i802_set_rts, 12061 .set_frag = i802_set_frag, 12062 .set_tx_queue_params = i802_set_tx_queue_params, 12063 .set_sta_vlan = driver_nl80211_set_sta_vlan, 12064 .sta_deauth = i802_sta_deauth, 12065 .sta_disassoc = i802_sta_disassoc, 12066 .read_sta_data = driver_nl80211_read_sta_data, 12067 .set_freq = i802_set_freq, 12068 .send_action = driver_nl80211_send_action, 12069 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait, 12070 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 12071 .cancel_remain_on_channel = 12072 wpa_driver_nl80211_cancel_remain_on_channel, 12073 .probe_req_report = driver_nl80211_probe_req_report, 12074 .deinit_ap = wpa_driver_nl80211_deinit_ap, 12075 .deinit_p2p_cli = wpa_driver_nl80211_deinit_p2p_cli, 12076 .resume = wpa_driver_nl80211_resume, 12077 .send_ft_action = nl80211_send_ft_action, 12078 .signal_monitor = nl80211_signal_monitor, 12079 .signal_poll = nl80211_signal_poll, 12080 .send_frame = nl80211_send_frame, 12081 .shared_freq = wpa_driver_nl80211_shared_freq, 12082 .set_param = nl80211_set_param, 12083 .get_radio_name = nl80211_get_radio_name, 12084 .add_pmkid = nl80211_add_pmkid, 12085 .remove_pmkid = nl80211_remove_pmkid, 12086 .flush_pmkid = nl80211_flush_pmkid, 12087 .set_rekey_info = nl80211_set_rekey_info, 12088 .poll_client = nl80211_poll_client, 12089 .set_p2p_powersave = nl80211_set_p2p_powersave, 12090 .start_dfs_cac = nl80211_start_radar_detection, 12091 .stop_ap = wpa_driver_nl80211_stop_ap, 12092#ifdef CONFIG_TDLS 12093 .send_tdls_mgmt = nl80211_send_tdls_mgmt, 12094 .tdls_oper = nl80211_tdls_oper, 12095#endif /* CONFIG_TDLS */ 12096 .update_ft_ies = wpa_driver_nl80211_update_ft_ies, 12097 .get_mac_addr = wpa_driver_nl80211_get_macaddr, 12098 .get_survey = wpa_driver_nl80211_get_survey, 12099 .status = wpa_driver_nl80211_status, 12100 .switch_channel = nl80211_switch_channel, 12101#ifdef ANDROID_P2P 12102 .set_noa = wpa_driver_set_p2p_noa, 12103 .get_noa = wpa_driver_get_p2p_noa, 12104 .set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie, 12105#endif /* ANDROID_P2P */ 12106#ifdef ANDROID 12107 .driver_cmd = wpa_driver_nl80211_driver_cmd, 12108#endif /* ANDROID */ 12109 .vendor_cmd = nl80211_vendor_cmd, 12110 .set_qos_map = nl80211_set_qos_map, 12111}; 12112