driver_nl80211.c revision 2271d3fdd5982d0e5e81cf9999a861bba933eacb
1/* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This software may be distributed under the terms of the BSD license. 10 * See README for more details. 11 */ 12 13#include "includes.h" 14#include <sys/ioctl.h> 15#include <sys/types.h> 16#include <sys/stat.h> 17#include <fcntl.h> 18#include <net/if.h> 19#include <netlink/genl/genl.h> 20#include <netlink/genl/family.h> 21#include <netlink/genl/ctrl.h> 22#include <linux/rtnetlink.h> 23#include <netpacket/packet.h> 24#include <linux/filter.h> 25#include <linux/errqueue.h> 26#include "nl80211_copy.h" 27 28#include "common.h" 29#include "eloop.h" 30#include "utils/list.h" 31#include "common/qca-vendor.h" 32#include "common/qca-vendor-attr.h" 33#include "common/ieee802_11_defs.h" 34#include "common/ieee802_11_common.h" 35#include "l2_packet/l2_packet.h" 36#include "netlink.h" 37#include "linux_ioctl.h" 38#include "radiotap.h" 39#include "radiotap_iter.h" 40#include "rfkill.h" 41#include "driver.h" 42 43#ifndef SO_WIFI_STATUS 44# if defined(__sparc__) 45# define SO_WIFI_STATUS 0x0025 46# elif defined(__parisc__) 47# define SO_WIFI_STATUS 0x4022 48# else 49# define SO_WIFI_STATUS 41 50# endif 51 52# define SCM_WIFI_STATUS SO_WIFI_STATUS 53#endif 54 55#ifndef SO_EE_ORIGIN_TXSTATUS 56#define SO_EE_ORIGIN_TXSTATUS 4 57#endif 58 59#ifndef PACKET_TX_TIMESTAMP 60#define PACKET_TX_TIMESTAMP 16 61#endif 62 63#ifdef ANDROID 64#include "android_drv.h" 65#endif /* ANDROID */ 66#ifdef CONFIG_LIBNL20 67/* libnl 2.0 compatibility code */ 68#define nl_handle nl_sock 69#define nl80211_handle_alloc nl_socket_alloc_cb 70#define nl80211_handle_destroy nl_socket_free 71#else 72/* 73 * libnl 1.1 has a bug, it tries to allocate socket numbers densely 74 * but when you free a socket again it will mess up its bitmap and 75 * and use the wrong number the next time it needs a socket ID. 76 * Therefore, we wrap the handle alloc/destroy and add our own pid 77 * accounting. 78 */ 79static uint32_t port_bitmap[32] = { 0 }; 80 81static struct nl_handle *nl80211_handle_alloc(void *cb) 82{ 83 struct nl_handle *handle; 84 uint32_t pid = getpid() & 0x3FFFFF; 85 int i; 86 87 handle = nl_handle_alloc_cb(cb); 88 89 for (i = 0; i < 1024; i++) { 90 if (port_bitmap[i / 32] & (1 << (i % 32))) 91 continue; 92 port_bitmap[i / 32] |= 1 << (i % 32); 93 pid += i << 22; 94 break; 95 } 96 97 nl_socket_set_local_port(handle, pid); 98 99 return handle; 100} 101 102static void nl80211_handle_destroy(struct nl_handle *handle) 103{ 104 uint32_t port = nl_socket_get_local_port(handle); 105 106 port >>= 22; 107 port_bitmap[port / 32] &= ~(1 << (port % 32)); 108 109 nl_handle_destroy(handle); 110} 111#endif /* CONFIG_LIBNL20 */ 112 113 114#ifdef ANDROID 115/* system/core/libnl_2 does not include nl_socket_set_nonblocking() */ 116static int android_nl_socket_set_nonblocking(struct nl_handle *handle) 117{ 118 return fcntl(nl_socket_get_fd(handle), F_SETFL, O_NONBLOCK); 119} 120#undef nl_socket_set_nonblocking 121#define nl_socket_set_nonblocking(h) android_nl_socket_set_nonblocking(h) 122#endif /* ANDROID */ 123 124 125static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg) 126{ 127 struct nl_handle *handle; 128 129 handle = nl80211_handle_alloc(cb); 130 if (handle == NULL) { 131 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 132 "callbacks (%s)", dbg); 133 return NULL; 134 } 135 136 if (genl_connect(handle)) { 137 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 138 "netlink (%s)", dbg); 139 nl80211_handle_destroy(handle); 140 return NULL; 141 } 142 143 return handle; 144} 145 146 147static void nl_destroy_handles(struct nl_handle **handle) 148{ 149 if (*handle == NULL) 150 return; 151 nl80211_handle_destroy(*handle); 152 *handle = NULL; 153} 154 155 156#if __WORDSIZE == 64 157#define ELOOP_SOCKET_INVALID (intptr_t) 0x8888888888888889ULL 158#else 159#define ELOOP_SOCKET_INVALID (intptr_t) 0x88888889ULL 160#endif 161 162static void nl80211_register_eloop_read(struct nl_handle **handle, 163 eloop_sock_handler handler, 164 void *eloop_data) 165{ 166 nl_socket_set_nonblocking(*handle); 167 eloop_register_read_sock(nl_socket_get_fd(*handle), handler, 168 eloop_data, *handle); 169 *handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID); 170} 171 172 173static void nl80211_destroy_eloop_handle(struct nl_handle **handle) 174{ 175 *handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID); 176 eloop_unregister_read_sock(nl_socket_get_fd(*handle)); 177 nl_destroy_handles(handle); 178} 179 180 181#ifndef IFF_LOWER_UP 182#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 183#endif 184#ifndef IFF_DORMANT 185#define IFF_DORMANT 0x20000 /* driver signals dormant */ 186#endif 187 188#ifndef IF_OPER_DORMANT 189#define IF_OPER_DORMANT 5 190#endif 191#ifndef IF_OPER_UP 192#define IF_OPER_UP 6 193#endif 194 195struct nl80211_global { 196 struct dl_list interfaces; 197 int if_add_ifindex; 198 u64 if_add_wdevid; 199 int if_add_wdevid_set; 200 struct netlink_data *netlink; 201 struct nl_cb *nl_cb; 202 struct nl_handle *nl; 203 int nl80211_id; 204 int ioctl_sock; /* socket for ioctl() use */ 205 206 struct nl_handle *nl_event; 207}; 208 209struct nl80211_wiphy_data { 210 struct dl_list list; 211 struct dl_list bsss; 212 struct dl_list drvs; 213 214 struct nl_handle *nl_beacons; 215 struct nl_cb *nl_cb; 216 217 int wiphy_idx; 218}; 219 220static void nl80211_global_deinit(void *priv); 221 222struct i802_bss { 223 struct wpa_driver_nl80211_data *drv; 224 struct i802_bss *next; 225 int ifindex; 226 u64 wdev_id; 227 char ifname[IFNAMSIZ + 1]; 228 char brname[IFNAMSIZ]; 229 unsigned int beacon_set:1; 230 unsigned int added_if_into_bridge:1; 231 unsigned int added_bridge:1; 232 unsigned int in_deinit:1; 233 unsigned int wdev_id_set:1; 234 unsigned int added_if:1; 235 236 u8 addr[ETH_ALEN]; 237 238 int freq; 239 int bandwidth; 240 int if_dynamic; 241 242 void *ctx; 243 struct nl_handle *nl_preq, *nl_mgmt; 244 struct nl_cb *nl_cb; 245 246 struct nl80211_wiphy_data *wiphy_data; 247 struct dl_list wiphy_list; 248}; 249 250struct wpa_driver_nl80211_data { 251 struct nl80211_global *global; 252 struct dl_list list; 253 struct dl_list wiphy_list; 254 char phyname[32]; 255 void *ctx; 256 int ifindex; 257 int if_removed; 258 int if_disabled; 259 int ignore_if_down_event; 260 struct rfkill_data *rfkill; 261 struct wpa_driver_capa capa; 262 u8 *extended_capa, *extended_capa_mask; 263 unsigned int extended_capa_len; 264 int has_capability; 265 266 int operstate; 267 268 int scan_complete_events; 269 enum scan_states { 270 NO_SCAN, SCAN_REQUESTED, SCAN_STARTED, SCAN_COMPLETED, 271 SCAN_ABORTED, SCHED_SCAN_STARTED, SCHED_SCAN_STOPPED, 272 SCHED_SCAN_RESULTS 273 } scan_state; 274 275 struct nl_cb *nl_cb; 276 277 u8 auth_bssid[ETH_ALEN]; 278 u8 auth_attempt_bssid[ETH_ALEN]; 279 u8 bssid[ETH_ALEN]; 280 u8 prev_bssid[ETH_ALEN]; 281 int associated; 282 u8 ssid[32]; 283 size_t ssid_len; 284 enum nl80211_iftype nlmode; 285 enum nl80211_iftype ap_scan_as_station; 286 unsigned int assoc_freq; 287 288 int monitor_sock; 289 int monitor_ifidx; 290 int monitor_refcount; 291 292 unsigned int disabled_11b_rates:1; 293 unsigned int pending_remain_on_chan:1; 294 unsigned int in_interface_list:1; 295 unsigned int device_ap_sme:1; 296 unsigned int poll_command_supported:1; 297 unsigned int data_tx_status:1; 298 unsigned int scan_for_auth:1; 299 unsigned int retry_auth:1; 300 unsigned int use_monitor:1; 301 unsigned int ignore_next_local_disconnect:1; 302 unsigned int ignore_next_local_deauth:1; 303 unsigned int allow_p2p_device:1; 304 unsigned int hostapd:1; 305 unsigned int start_mode_ap:1; 306 unsigned int start_iface_up:1; 307 unsigned int test_use_roc_tx:1; 308 unsigned int ignore_deauth_event:1; 309 unsigned int dfs_vendor_cmd_avail:1; 310 unsigned int have_low_prio_scan:1; 311 312 u64 remain_on_chan_cookie; 313 u64 send_action_cookie; 314 315 unsigned int last_mgmt_freq; 316 317 struct wpa_driver_scan_filter *filter_ssids; 318 size_t num_filter_ssids; 319 320 struct i802_bss *first_bss; 321 322 int eapol_tx_sock; 323 324 int eapol_sock; /* socket for EAPOL frames */ 325 326 int default_if_indices[16]; 327 int *if_indices; 328 int num_if_indices; 329 330 /* From failed authentication command */ 331 int auth_freq; 332 u8 auth_bssid_[ETH_ALEN]; 333 u8 auth_ssid[32]; 334 size_t auth_ssid_len; 335 int auth_alg; 336 u8 *auth_ie; 337 size_t auth_ie_len; 338 u8 auth_wep_key[4][16]; 339 size_t auth_wep_key_len[4]; 340 int auth_wep_tx_keyidx; 341 int auth_local_state_change; 342 int auth_p2p; 343}; 344 345 346static void wpa_driver_nl80211_deinit(struct i802_bss *bss); 347static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 348 void *timeout_ctx); 349static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 350 enum nl80211_iftype nlmode); 351static int 352wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv, 353 const u8 *set_addr, int first); 354static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 355 const u8 *addr, int cmd, u16 reason_code, 356 int local_state_change); 357static void nl80211_remove_monitor_interface( 358 struct wpa_driver_nl80211_data *drv); 359static int nl80211_send_frame_cmd(struct i802_bss *bss, 360 unsigned int freq, unsigned int wait, 361 const u8 *buf, size_t buf_len, u64 *cookie, 362 int no_cck, int no_ack, int offchanok); 363static int nl80211_register_frame(struct i802_bss *bss, 364 struct nl_handle *hl_handle, 365 u16 type, const u8 *match, size_t match_len); 366static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, 367 int report); 368#ifdef ANDROID 369static int android_pno_start(struct i802_bss *bss, 370 struct wpa_driver_scan_params *params); 371static int android_pno_stop(struct i802_bss *bss); 372extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf, 373 size_t buf_len); 374#endif /* ANDROID */ 375#ifdef ANDROID_P2P 376#ifdef ANDROID_P2P_STUB 377int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration) { 378 return 0; 379} 380int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len) { 381 return 0; 382} 383int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow) { 384 return -1; 385} 386int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon, 387 const struct wpabuf *proberesp, 388 const struct wpabuf *assocresp) { 389 return 0; 390} 391#else /* ANDROID_P2P_STUB */ 392int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration); 393int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len); 394int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow); 395int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon, 396 const struct wpabuf *proberesp, 397 const struct wpabuf *assocresp); 398#endif /* ANDROID_P2P_STUB */ 399#endif /* ANDROID_P2P */ 400 401static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 402static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 403static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 404static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, 405 enum wpa_driver_if_type type, 406 const char *ifname); 407 408static int nl80211_set_channel(struct i802_bss *bss, 409 struct hostapd_freq_params *freq, int set_chan); 410static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 411 int ifindex, int disabled); 412 413static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv); 414static int wpa_driver_nl80211_authenticate_retry( 415 struct wpa_driver_nl80211_data *drv); 416 417static int i802_set_iface_flags(struct i802_bss *bss, int up); 418 419 420static const char * nl80211_command_to_string(enum nl80211_commands cmd) 421{ 422#define C2S(x) case x: return #x; 423 switch (cmd) { 424 C2S(NL80211_CMD_UNSPEC) 425 C2S(NL80211_CMD_GET_WIPHY) 426 C2S(NL80211_CMD_SET_WIPHY) 427 C2S(NL80211_CMD_NEW_WIPHY) 428 C2S(NL80211_CMD_DEL_WIPHY) 429 C2S(NL80211_CMD_GET_INTERFACE) 430 C2S(NL80211_CMD_SET_INTERFACE) 431 C2S(NL80211_CMD_NEW_INTERFACE) 432 C2S(NL80211_CMD_DEL_INTERFACE) 433 C2S(NL80211_CMD_GET_KEY) 434 C2S(NL80211_CMD_SET_KEY) 435 C2S(NL80211_CMD_NEW_KEY) 436 C2S(NL80211_CMD_DEL_KEY) 437 C2S(NL80211_CMD_GET_BEACON) 438 C2S(NL80211_CMD_SET_BEACON) 439 C2S(NL80211_CMD_START_AP) 440 C2S(NL80211_CMD_STOP_AP) 441 C2S(NL80211_CMD_GET_STATION) 442 C2S(NL80211_CMD_SET_STATION) 443 C2S(NL80211_CMD_NEW_STATION) 444 C2S(NL80211_CMD_DEL_STATION) 445 C2S(NL80211_CMD_GET_MPATH) 446 C2S(NL80211_CMD_SET_MPATH) 447 C2S(NL80211_CMD_NEW_MPATH) 448 C2S(NL80211_CMD_DEL_MPATH) 449 C2S(NL80211_CMD_SET_BSS) 450 C2S(NL80211_CMD_SET_REG) 451 C2S(NL80211_CMD_REQ_SET_REG) 452 C2S(NL80211_CMD_GET_MESH_CONFIG) 453 C2S(NL80211_CMD_SET_MESH_CONFIG) 454 C2S(NL80211_CMD_SET_MGMT_EXTRA_IE) 455 C2S(NL80211_CMD_GET_REG) 456 C2S(NL80211_CMD_GET_SCAN) 457 C2S(NL80211_CMD_TRIGGER_SCAN) 458 C2S(NL80211_CMD_NEW_SCAN_RESULTS) 459 C2S(NL80211_CMD_SCAN_ABORTED) 460 C2S(NL80211_CMD_REG_CHANGE) 461 C2S(NL80211_CMD_AUTHENTICATE) 462 C2S(NL80211_CMD_ASSOCIATE) 463 C2S(NL80211_CMD_DEAUTHENTICATE) 464 C2S(NL80211_CMD_DISASSOCIATE) 465 C2S(NL80211_CMD_MICHAEL_MIC_FAILURE) 466 C2S(NL80211_CMD_REG_BEACON_HINT) 467 C2S(NL80211_CMD_JOIN_IBSS) 468 C2S(NL80211_CMD_LEAVE_IBSS) 469 C2S(NL80211_CMD_TESTMODE) 470 C2S(NL80211_CMD_CONNECT) 471 C2S(NL80211_CMD_ROAM) 472 C2S(NL80211_CMD_DISCONNECT) 473 C2S(NL80211_CMD_SET_WIPHY_NETNS) 474 C2S(NL80211_CMD_GET_SURVEY) 475 C2S(NL80211_CMD_NEW_SURVEY_RESULTS) 476 C2S(NL80211_CMD_SET_PMKSA) 477 C2S(NL80211_CMD_DEL_PMKSA) 478 C2S(NL80211_CMD_FLUSH_PMKSA) 479 C2S(NL80211_CMD_REMAIN_ON_CHANNEL) 480 C2S(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL) 481 C2S(NL80211_CMD_SET_TX_BITRATE_MASK) 482 C2S(NL80211_CMD_REGISTER_FRAME) 483 C2S(NL80211_CMD_FRAME) 484 C2S(NL80211_CMD_FRAME_TX_STATUS) 485 C2S(NL80211_CMD_SET_POWER_SAVE) 486 C2S(NL80211_CMD_GET_POWER_SAVE) 487 C2S(NL80211_CMD_SET_CQM) 488 C2S(NL80211_CMD_NOTIFY_CQM) 489 C2S(NL80211_CMD_SET_CHANNEL) 490 C2S(NL80211_CMD_SET_WDS_PEER) 491 C2S(NL80211_CMD_FRAME_WAIT_CANCEL) 492 C2S(NL80211_CMD_JOIN_MESH) 493 C2S(NL80211_CMD_LEAVE_MESH) 494 C2S(NL80211_CMD_UNPROT_DEAUTHENTICATE) 495 C2S(NL80211_CMD_UNPROT_DISASSOCIATE) 496 C2S(NL80211_CMD_NEW_PEER_CANDIDATE) 497 C2S(NL80211_CMD_GET_WOWLAN) 498 C2S(NL80211_CMD_SET_WOWLAN) 499 C2S(NL80211_CMD_START_SCHED_SCAN) 500 C2S(NL80211_CMD_STOP_SCHED_SCAN) 501 C2S(NL80211_CMD_SCHED_SCAN_RESULTS) 502 C2S(NL80211_CMD_SCHED_SCAN_STOPPED) 503 C2S(NL80211_CMD_SET_REKEY_OFFLOAD) 504 C2S(NL80211_CMD_PMKSA_CANDIDATE) 505 C2S(NL80211_CMD_TDLS_OPER) 506 C2S(NL80211_CMD_TDLS_MGMT) 507 C2S(NL80211_CMD_UNEXPECTED_FRAME) 508 C2S(NL80211_CMD_PROBE_CLIENT) 509 C2S(NL80211_CMD_REGISTER_BEACONS) 510 C2S(NL80211_CMD_UNEXPECTED_4ADDR_FRAME) 511 C2S(NL80211_CMD_SET_NOACK_MAP) 512 C2S(NL80211_CMD_CH_SWITCH_NOTIFY) 513 C2S(NL80211_CMD_START_P2P_DEVICE) 514 C2S(NL80211_CMD_STOP_P2P_DEVICE) 515 C2S(NL80211_CMD_CONN_FAILED) 516 C2S(NL80211_CMD_SET_MCAST_RATE) 517 C2S(NL80211_CMD_SET_MAC_ACL) 518 C2S(NL80211_CMD_RADAR_DETECT) 519 C2S(NL80211_CMD_GET_PROTOCOL_FEATURES) 520 C2S(NL80211_CMD_UPDATE_FT_IES) 521 C2S(NL80211_CMD_FT_EVENT) 522 C2S(NL80211_CMD_CRIT_PROTOCOL_START) 523 C2S(NL80211_CMD_CRIT_PROTOCOL_STOP) 524 C2S(NL80211_CMD_GET_COALESCE) 525 C2S(NL80211_CMD_SET_COALESCE) 526 C2S(NL80211_CMD_CHANNEL_SWITCH) 527 C2S(NL80211_CMD_VENDOR) 528 C2S(NL80211_CMD_SET_QOS_MAP) 529 default: 530 return "NL80211_CMD_UNKNOWN"; 531 } 532#undef C2S 533} 534 535 536/* Converts nl80211_chan_width to a common format */ 537static enum chan_width convert2width(int width) 538{ 539 switch (width) { 540 case NL80211_CHAN_WIDTH_20_NOHT: 541 return CHAN_WIDTH_20_NOHT; 542 case NL80211_CHAN_WIDTH_20: 543 return CHAN_WIDTH_20; 544 case NL80211_CHAN_WIDTH_40: 545 return CHAN_WIDTH_40; 546 case NL80211_CHAN_WIDTH_80: 547 return CHAN_WIDTH_80; 548 case NL80211_CHAN_WIDTH_80P80: 549 return CHAN_WIDTH_80P80; 550 case NL80211_CHAN_WIDTH_160: 551 return CHAN_WIDTH_160; 552 } 553 return CHAN_WIDTH_UNKNOWN; 554} 555 556 557static int is_ap_interface(enum nl80211_iftype nlmode) 558{ 559 return nlmode == NL80211_IFTYPE_AP || 560 nlmode == NL80211_IFTYPE_P2P_GO; 561} 562 563 564static int is_sta_interface(enum nl80211_iftype nlmode) 565{ 566 return nlmode == NL80211_IFTYPE_STATION || 567 nlmode == NL80211_IFTYPE_P2P_CLIENT; 568} 569 570 571static int is_p2p_net_interface(enum nl80211_iftype nlmode) 572{ 573 return nlmode == NL80211_IFTYPE_P2P_CLIENT || 574 nlmode == NL80211_IFTYPE_P2P_GO; 575} 576 577 578static void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv) 579{ 580 if (drv->associated) 581 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 582 drv->associated = 0; 583 os_memset(drv->bssid, 0, ETH_ALEN); 584} 585 586 587struct nl80211_bss_info_arg { 588 struct wpa_driver_nl80211_data *drv; 589 struct wpa_scan_results *res; 590 unsigned int assoc_freq; 591 unsigned int ibss_freq; 592 u8 assoc_bssid[ETH_ALEN]; 593}; 594 595static int bss_info_handler(struct nl_msg *msg, void *arg); 596 597 598/* nl80211 code */ 599static int ack_handler(struct nl_msg *msg, void *arg) 600{ 601 int *err = arg; 602 *err = 0; 603 return NL_STOP; 604} 605 606static int finish_handler(struct nl_msg *msg, void *arg) 607{ 608 int *ret = arg; 609 *ret = 0; 610 return NL_SKIP; 611} 612 613static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 614 void *arg) 615{ 616 int *ret = arg; 617 *ret = err->error; 618 return NL_SKIP; 619} 620 621 622static int no_seq_check(struct nl_msg *msg, void *arg) 623{ 624 return NL_OK; 625} 626 627 628static int send_and_recv(struct nl80211_global *global, 629 struct nl_handle *nl_handle, struct nl_msg *msg, 630 int (*valid_handler)(struct nl_msg *, void *), 631 void *valid_data) 632{ 633 struct nl_cb *cb; 634 int err = -ENOMEM; 635 636 cb = nl_cb_clone(global->nl_cb); 637 if (!cb) 638 goto out; 639 640 err = nl_send_auto_complete(nl_handle, msg); 641 if (err < 0) 642 goto out; 643 644 err = 1; 645 646 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 647 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 648 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 649 650 if (valid_handler) 651 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 652 valid_handler, valid_data); 653 654 while (err > 0) { 655 int res = nl_recvmsgs(nl_handle, cb); 656 if (res < 0) { 657 wpa_printf(MSG_INFO, 658 "nl80211: %s->nl_recvmsgs failed: %d", 659 __func__, res); 660 } 661 } 662 out: 663 nl_cb_put(cb); 664 nlmsg_free(msg); 665 return err; 666} 667 668 669static int send_and_recv_msgs_global(struct nl80211_global *global, 670 struct nl_msg *msg, 671 int (*valid_handler)(struct nl_msg *, void *), 672 void *valid_data) 673{ 674 return send_and_recv(global, global->nl, msg, valid_handler, 675 valid_data); 676} 677 678 679static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 680 struct nl_msg *msg, 681 int (*valid_handler)(struct nl_msg *, void *), 682 void *valid_data) 683{ 684 return send_and_recv(drv->global, drv->global->nl, msg, 685 valid_handler, valid_data); 686} 687 688 689struct family_data { 690 const char *group; 691 int id; 692}; 693 694 695static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss) 696{ 697 if (bss->wdev_id_set) 698 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 699 else 700 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 701 return 0; 702 703nla_put_failure: 704 return -1; 705} 706 707 708static int family_handler(struct nl_msg *msg, void *arg) 709{ 710 struct family_data *res = arg; 711 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 712 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 713 struct nlattr *mcgrp; 714 int i; 715 716 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 717 genlmsg_attrlen(gnlh, 0), NULL); 718 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 719 return NL_SKIP; 720 721 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 722 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 723 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 724 nla_len(mcgrp), NULL); 725 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 726 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 727 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 728 res->group, 729 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 730 continue; 731 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 732 break; 733 }; 734 735 return NL_SKIP; 736} 737 738 739static int nl_get_multicast_id(struct nl80211_global *global, 740 const char *family, const char *group) 741{ 742 struct nl_msg *msg; 743 int ret = -1; 744 struct family_data res = { group, -ENOENT }; 745 746 msg = nlmsg_alloc(); 747 if (!msg) 748 return -ENOMEM; 749 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"), 750 0, 0, CTRL_CMD_GETFAMILY, 0); 751 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 752 753 ret = send_and_recv_msgs_global(global, msg, family_handler, &res); 754 msg = NULL; 755 if (ret == 0) 756 ret = res.id; 757 758nla_put_failure: 759 nlmsg_free(msg); 760 return ret; 761} 762 763 764static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv, 765 struct nl_msg *msg, int flags, uint8_t cmd) 766{ 767 return genlmsg_put(msg, 0, 0, drv->global->nl80211_id, 768 0, flags, cmd, 0); 769} 770 771 772struct wiphy_idx_data { 773 int wiphy_idx; 774 enum nl80211_iftype nlmode; 775 u8 *macaddr; 776}; 777 778 779static int netdev_info_handler(struct nl_msg *msg, void *arg) 780{ 781 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 782 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 783 struct wiphy_idx_data *info = arg; 784 785 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 786 genlmsg_attrlen(gnlh, 0), NULL); 787 788 if (tb[NL80211_ATTR_WIPHY]) 789 info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 790 791 if (tb[NL80211_ATTR_IFTYPE]) 792 info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]); 793 794 if (tb[NL80211_ATTR_MAC] && info->macaddr) 795 os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]), 796 ETH_ALEN); 797 798 return NL_SKIP; 799} 800 801 802static int nl80211_get_wiphy_index(struct i802_bss *bss) 803{ 804 struct nl_msg *msg; 805 struct wiphy_idx_data data = { 806 .wiphy_idx = -1, 807 .macaddr = NULL, 808 }; 809 810 msg = nlmsg_alloc(); 811 if (!msg) 812 return NL80211_IFTYPE_UNSPECIFIED; 813 814 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 815 816 if (nl80211_set_iface_id(msg, bss) < 0) 817 goto nla_put_failure; 818 819 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 820 return data.wiphy_idx; 821 msg = NULL; 822nla_put_failure: 823 nlmsg_free(msg); 824 return -1; 825} 826 827 828static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss) 829{ 830 struct nl_msg *msg; 831 struct wiphy_idx_data data = { 832 .nlmode = NL80211_IFTYPE_UNSPECIFIED, 833 .macaddr = NULL, 834 }; 835 836 msg = nlmsg_alloc(); 837 if (!msg) 838 return -1; 839 840 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 841 842 if (nl80211_set_iface_id(msg, bss) < 0) 843 goto nla_put_failure; 844 845 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 846 return data.nlmode; 847 msg = NULL; 848nla_put_failure: 849 nlmsg_free(msg); 850 return NL80211_IFTYPE_UNSPECIFIED; 851} 852 853 854static int nl80211_get_macaddr(struct i802_bss *bss) 855{ 856 struct nl_msg *msg; 857 struct wiphy_idx_data data = { 858 .macaddr = bss->addr, 859 }; 860 861 msg = nlmsg_alloc(); 862 if (!msg) 863 return NL80211_IFTYPE_UNSPECIFIED; 864 865 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 866 if (nl80211_set_iface_id(msg, bss) < 0) 867 goto nla_put_failure; 868 869 return send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data); 870 871nla_put_failure: 872 nlmsg_free(msg); 873 return NL80211_IFTYPE_UNSPECIFIED; 874} 875 876 877static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv, 878 struct nl80211_wiphy_data *w) 879{ 880 struct nl_msg *msg; 881 int ret = -1; 882 883 msg = nlmsg_alloc(); 884 if (!msg) 885 return -1; 886 887 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS); 888 889 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx); 890 891 ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL); 892 msg = NULL; 893 if (ret) { 894 wpa_printf(MSG_DEBUG, "nl80211: Register beacons command " 895 "failed: ret=%d (%s)", 896 ret, strerror(-ret)); 897 goto nla_put_failure; 898 } 899 ret = 0; 900nla_put_failure: 901 nlmsg_free(msg); 902 return ret; 903} 904 905 906static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle) 907{ 908 struct nl80211_wiphy_data *w = eloop_ctx; 909 int res; 910 911 wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available"); 912 913 res = nl_recvmsgs(handle, w->nl_cb); 914 if (res < 0) { 915 wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d", 916 __func__, res); 917 } 918} 919 920 921static int process_beacon_event(struct nl_msg *msg, void *arg) 922{ 923 struct nl80211_wiphy_data *w = arg; 924 struct wpa_driver_nl80211_data *drv; 925 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 926 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 927 union wpa_event_data event; 928 929 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 930 genlmsg_attrlen(gnlh, 0), NULL); 931 932 if (gnlh->cmd != NL80211_CMD_FRAME) { 933 wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)", 934 gnlh->cmd); 935 return NL_SKIP; 936 } 937 938 if (!tb[NL80211_ATTR_FRAME]) 939 return NL_SKIP; 940 941 dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data, 942 wiphy_list) { 943 os_memset(&event, 0, sizeof(event)); 944 event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]); 945 event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]); 946 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 947 } 948 949 return NL_SKIP; 950} 951 952 953static struct nl80211_wiphy_data * 954nl80211_get_wiphy_data_ap(struct i802_bss *bss) 955{ 956 static DEFINE_DL_LIST(nl80211_wiphys); 957 struct nl80211_wiphy_data *w; 958 int wiphy_idx, found = 0; 959 struct i802_bss *tmp_bss; 960 961 if (bss->wiphy_data != NULL) 962 return bss->wiphy_data; 963 964 wiphy_idx = nl80211_get_wiphy_index(bss); 965 966 dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) { 967 if (w->wiphy_idx == wiphy_idx) 968 goto add; 969 } 970 971 /* alloc new one */ 972 w = os_zalloc(sizeof(*w)); 973 if (w == NULL) 974 return NULL; 975 w->wiphy_idx = wiphy_idx; 976 dl_list_init(&w->bsss); 977 dl_list_init(&w->drvs); 978 979 w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 980 if (!w->nl_cb) { 981 os_free(w); 982 return NULL; 983 } 984 nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 985 nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event, 986 w); 987 988 w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb, 989 "wiphy beacons"); 990 if (w->nl_beacons == NULL) { 991 os_free(w); 992 return NULL; 993 } 994 995 if (nl80211_register_beacons(bss->drv, w)) { 996 nl_destroy_handles(&w->nl_beacons); 997 os_free(w); 998 return NULL; 999 } 1000 1001 nl80211_register_eloop_read(&w->nl_beacons, nl80211_recv_beacons, w); 1002 1003 dl_list_add(&nl80211_wiphys, &w->list); 1004 1005add: 1006 /* drv entry for this bss already there? */ 1007 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 1008 if (tmp_bss->drv == bss->drv) { 1009 found = 1; 1010 break; 1011 } 1012 } 1013 /* if not add it */ 1014 if (!found) 1015 dl_list_add(&w->drvs, &bss->drv->wiphy_list); 1016 1017 dl_list_add(&w->bsss, &bss->wiphy_list); 1018 bss->wiphy_data = w; 1019 return w; 1020} 1021 1022 1023static void nl80211_put_wiphy_data_ap(struct i802_bss *bss) 1024{ 1025 struct nl80211_wiphy_data *w = bss->wiphy_data; 1026 struct i802_bss *tmp_bss; 1027 int found = 0; 1028 1029 if (w == NULL) 1030 return; 1031 bss->wiphy_data = NULL; 1032 dl_list_del(&bss->wiphy_list); 1033 1034 /* still any for this drv present? */ 1035 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 1036 if (tmp_bss->drv == bss->drv) { 1037 found = 1; 1038 break; 1039 } 1040 } 1041 /* if not remove it */ 1042 if (!found) 1043 dl_list_del(&bss->drv->wiphy_list); 1044 1045 if (!dl_list_empty(&w->bsss)) 1046 return; 1047 1048 nl80211_destroy_eloop_handle(&w->nl_beacons); 1049 1050 nl_cb_put(w->nl_cb); 1051 dl_list_del(&w->list); 1052 os_free(w); 1053} 1054 1055 1056static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 1057{ 1058 struct i802_bss *bss = priv; 1059 struct wpa_driver_nl80211_data *drv = bss->drv; 1060 if (!drv->associated) 1061 return -1; 1062 os_memcpy(bssid, drv->bssid, ETH_ALEN); 1063 return 0; 1064} 1065 1066 1067static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 1068{ 1069 struct i802_bss *bss = priv; 1070 struct wpa_driver_nl80211_data *drv = bss->drv; 1071 if (!drv->associated) 1072 return -1; 1073 os_memcpy(ssid, drv->ssid, drv->ssid_len); 1074 return drv->ssid_len; 1075} 1076 1077 1078static void wpa_driver_nl80211_event_newlink( 1079 struct wpa_driver_nl80211_data *drv, char *ifname) 1080{ 1081 union wpa_event_data event; 1082 1083 if (os_strcmp(drv->first_bss->ifname, ifname) == 0) { 1084 if (if_nametoindex(drv->first_bss->ifname) == 0) { 1085 wpa_printf(MSG_DEBUG, "nl80211: Interface %s does not exist - ignore RTM_NEWLINK", 1086 drv->first_bss->ifname); 1087 return; 1088 } 1089 if (!drv->if_removed) 1090 return; 1091 wpa_printf(MSG_DEBUG, "nl80211: Mark if_removed=0 for %s based on RTM_NEWLINK event", 1092 drv->first_bss->ifname); 1093 drv->if_removed = 0; 1094 } 1095 1096 os_memset(&event, 0, sizeof(event)); 1097 os_strlcpy(event.interface_status.ifname, ifname, 1098 sizeof(event.interface_status.ifname)); 1099 event.interface_status.ievent = EVENT_INTERFACE_ADDED; 1100 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 1101} 1102 1103 1104static void wpa_driver_nl80211_event_dellink( 1105 struct wpa_driver_nl80211_data *drv, char *ifname) 1106{ 1107 union wpa_event_data event; 1108 1109 if (os_strcmp(drv->first_bss->ifname, ifname) == 0) { 1110 if (drv->if_removed) { 1111 wpa_printf(MSG_DEBUG, "nl80211: if_removed already set - ignore RTM_DELLINK event for %s", 1112 ifname); 1113 return; 1114 } 1115 wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed - mark if_removed=1", 1116 ifname); 1117 drv->if_removed = 1; 1118 } else { 1119 wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed", 1120 ifname); 1121 } 1122 1123 os_memset(&event, 0, sizeof(event)); 1124 os_strlcpy(event.interface_status.ifname, ifname, 1125 sizeof(event.interface_status.ifname)); 1126 event.interface_status.ievent = EVENT_INTERFACE_REMOVED; 1127 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 1128} 1129 1130 1131static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 1132 u8 *buf, size_t len) 1133{ 1134 int attrlen, rta_len; 1135 struct rtattr *attr; 1136 1137 attrlen = len; 1138 attr = (struct rtattr *) buf; 1139 1140 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 1141 while (RTA_OK(attr, attrlen)) { 1142 if (attr->rta_type == IFLA_IFNAME) { 1143 if (os_strcmp(((char *) attr) + rta_len, 1144 drv->first_bss->ifname) == 0) 1145 return 1; 1146 else 1147 break; 1148 } 1149 attr = RTA_NEXT(attr, attrlen); 1150 } 1151 1152 return 0; 1153} 1154 1155 1156static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 1157 int ifindex, u8 *buf, size_t len) 1158{ 1159 if (drv->ifindex == ifindex) 1160 return 1; 1161 1162 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 1163 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 1164 "interface"); 1165 wpa_driver_nl80211_finish_drv_init(drv, NULL, 0); 1166 return 1; 1167 } 1168 1169 return 0; 1170} 1171 1172 1173static struct wpa_driver_nl80211_data * 1174nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len) 1175{ 1176 struct wpa_driver_nl80211_data *drv; 1177 dl_list_for_each(drv, &global->interfaces, 1178 struct wpa_driver_nl80211_data, list) { 1179 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) || 1180 have_ifidx(drv, idx)) 1181 return drv; 1182 } 1183 return NULL; 1184} 1185 1186 1187static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 1188 struct ifinfomsg *ifi, 1189 u8 *buf, size_t len) 1190{ 1191 struct nl80211_global *global = ctx; 1192 struct wpa_driver_nl80211_data *drv; 1193 int attrlen; 1194 struct rtattr *attr; 1195 u32 brid = 0; 1196 char namebuf[IFNAMSIZ]; 1197 char ifname[IFNAMSIZ + 1]; 1198 char extra[100], *pos, *end; 1199 1200 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 1201 if (!drv) { 1202 wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_NEWLINK event for foreign ifindex %d", 1203 ifi->ifi_index); 1204 return; 1205 } 1206 1207 extra[0] = '\0'; 1208 pos = extra; 1209 end = pos + sizeof(extra); 1210 ifname[0] = '\0'; 1211 1212 attrlen = len; 1213 attr = (struct rtattr *) buf; 1214 while (RTA_OK(attr, attrlen)) { 1215 switch (attr->rta_type) { 1216 case IFLA_IFNAME: 1217 if (RTA_PAYLOAD(attr) >= IFNAMSIZ) 1218 break; 1219 os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); 1220 ifname[RTA_PAYLOAD(attr)] = '\0'; 1221 break; 1222 case IFLA_MASTER: 1223 brid = nla_get_u32((struct nlattr *) attr); 1224 pos += os_snprintf(pos, end - pos, " master=%u", brid); 1225 break; 1226 case IFLA_WIRELESS: 1227 pos += os_snprintf(pos, end - pos, " wext"); 1228 break; 1229 case IFLA_OPERSTATE: 1230 pos += os_snprintf(pos, end - pos, " operstate=%u", 1231 nla_get_u32((struct nlattr *) attr)); 1232 break; 1233 case IFLA_LINKMODE: 1234 pos += os_snprintf(pos, end - pos, " linkmode=%u", 1235 nla_get_u32((struct nlattr *) attr)); 1236 break; 1237 } 1238 attr = RTA_NEXT(attr, attrlen); 1239 } 1240 extra[sizeof(extra) - 1] = '\0'; 1241 1242 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: ifi_index=%d ifname=%s%s ifi_flags=0x%x (%s%s%s%s)", 1243 ifi->ifi_index, ifname, extra, ifi->ifi_flags, 1244 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 1245 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 1246 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 1247 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 1248 1249 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 1250 if (if_indextoname(ifi->ifi_index, namebuf) && 1251 linux_iface_up(drv->global->ioctl_sock, 1252 drv->first_bss->ifname) > 0) { 1253 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 1254 "event since interface %s is up", namebuf); 1255 return; 1256 } 1257 wpa_printf(MSG_DEBUG, "nl80211: Interface down"); 1258 if (drv->ignore_if_down_event) { 1259 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 1260 "event generated by mode change"); 1261 drv->ignore_if_down_event = 0; 1262 } else { 1263 drv->if_disabled = 1; 1264 wpa_supplicant_event(drv->ctx, 1265 EVENT_INTERFACE_DISABLED, NULL); 1266 1267 /* 1268 * Try to get drv again, since it may be removed as 1269 * part of the EVENT_INTERFACE_DISABLED handling for 1270 * dynamic interfaces 1271 */ 1272 drv = nl80211_find_drv(global, ifi->ifi_index, 1273 buf, len); 1274 if (!drv) 1275 return; 1276 } 1277 } 1278 1279 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 1280 if (if_indextoname(ifi->ifi_index, namebuf) && 1281 linux_iface_up(drv->global->ioctl_sock, 1282 drv->first_bss->ifname) == 0) { 1283 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1284 "event since interface %s is down", 1285 namebuf); 1286 } else if (if_nametoindex(drv->first_bss->ifname) == 0) { 1287 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1288 "event since interface %s does not exist", 1289 drv->first_bss->ifname); 1290 } else if (drv->if_removed) { 1291 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1292 "event since interface %s is marked " 1293 "removed", drv->first_bss->ifname); 1294 } else { 1295 wpa_printf(MSG_DEBUG, "nl80211: Interface up"); 1296 drv->if_disabled = 0; 1297 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, 1298 NULL); 1299 } 1300 } 1301 1302 /* 1303 * Some drivers send the association event before the operup event--in 1304 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 1305 * fails. This will hit us when wpa_supplicant does not need to do 1306 * IEEE 802.1X authentication 1307 */ 1308 if (drv->operstate == 1 && 1309 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 1310 !(ifi->ifi_flags & IFF_RUNNING)) { 1311 wpa_printf(MSG_DEBUG, "nl80211: Set IF_OPER_UP again based on ifi_flags and expected operstate"); 1312 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 1313 -1, IF_OPER_UP); 1314 } 1315 1316 if (ifname[0]) 1317 wpa_driver_nl80211_event_newlink(drv, ifname); 1318 1319 if (ifi->ifi_family == AF_BRIDGE && brid) { 1320 /* device has been added to bridge */ 1321 if_indextoname(brid, namebuf); 1322 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 1323 brid, namebuf); 1324 add_ifidx(drv, brid); 1325 } 1326} 1327 1328 1329static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 1330 struct ifinfomsg *ifi, 1331 u8 *buf, size_t len) 1332{ 1333 struct nl80211_global *global = ctx; 1334 struct wpa_driver_nl80211_data *drv; 1335 int attrlen; 1336 struct rtattr *attr; 1337 u32 brid = 0; 1338 char ifname[IFNAMSIZ + 1]; 1339 1340 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 1341 if (!drv) { 1342 wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_DELLINK event for foreign ifindex %d", 1343 ifi->ifi_index); 1344 return; 1345 } 1346 1347 ifname[0] = '\0'; 1348 1349 attrlen = len; 1350 attr = (struct rtattr *) buf; 1351 while (RTA_OK(attr, attrlen)) { 1352 switch (attr->rta_type) { 1353 case IFLA_IFNAME: 1354 if (RTA_PAYLOAD(attr) >= IFNAMSIZ) 1355 break; 1356 os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); 1357 ifname[RTA_PAYLOAD(attr)] = '\0'; 1358 break; 1359 case IFLA_MASTER: 1360 brid = nla_get_u32((struct nlattr *) attr); 1361 break; 1362 } 1363 attr = RTA_NEXT(attr, attrlen); 1364 } 1365 1366 if (ifname[0]) 1367 wpa_driver_nl80211_event_dellink(drv, ifname); 1368 1369 if (ifi->ifi_family == AF_BRIDGE && brid) { 1370 /* device has been removed from bridge */ 1371 char namebuf[IFNAMSIZ]; 1372 if_indextoname(brid, namebuf); 1373 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 1374 "%s", brid, namebuf); 1375 del_ifidx(drv, brid); 1376 } 1377} 1378 1379 1380static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 1381 const u8 *frame, size_t len) 1382{ 1383 const struct ieee80211_mgmt *mgmt; 1384 union wpa_event_data event; 1385 1386 wpa_printf(MSG_DEBUG, "nl80211: Authenticate event"); 1387 mgmt = (const struct ieee80211_mgmt *) frame; 1388 if (len < 24 + sizeof(mgmt->u.auth)) { 1389 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1390 "frame"); 1391 return; 1392 } 1393 1394 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 1395 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 1396 os_memset(&event, 0, sizeof(event)); 1397 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 1398 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 1399 event.auth.auth_transaction = 1400 le_to_host16(mgmt->u.auth.auth_transaction); 1401 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 1402 if (len > 24 + sizeof(mgmt->u.auth)) { 1403 event.auth.ies = mgmt->u.auth.variable; 1404 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 1405 } 1406 1407 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 1408} 1409 1410 1411static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv) 1412{ 1413 struct nl_msg *msg; 1414 int ret; 1415 struct nl80211_bss_info_arg arg; 1416 1417 os_memset(&arg, 0, sizeof(arg)); 1418 msg = nlmsg_alloc(); 1419 if (!msg) 1420 goto nla_put_failure; 1421 1422 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 1423 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1424 1425 arg.drv = drv; 1426 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 1427 msg = NULL; 1428 if (ret == 0) { 1429 unsigned int freq = drv->nlmode == NL80211_IFTYPE_ADHOC ? 1430 arg.ibss_freq : arg.assoc_freq; 1431 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the " 1432 "associated BSS from scan results: %u MHz", freq); 1433 if (freq) 1434 drv->assoc_freq = freq; 1435 return drv->assoc_freq; 1436 } 1437 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 1438 "(%s)", ret, strerror(-ret)); 1439nla_put_failure: 1440 nlmsg_free(msg); 1441 return drv->assoc_freq; 1442} 1443 1444 1445static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 1446 const u8 *frame, size_t len) 1447{ 1448 const struct ieee80211_mgmt *mgmt; 1449 union wpa_event_data event; 1450 u16 status; 1451 1452 wpa_printf(MSG_DEBUG, "nl80211: Associate event"); 1453 mgmt = (const struct ieee80211_mgmt *) frame; 1454 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 1455 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1456 "frame"); 1457 return; 1458 } 1459 1460 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1461 if (status != WLAN_STATUS_SUCCESS) { 1462 os_memset(&event, 0, sizeof(event)); 1463 event.assoc_reject.bssid = mgmt->bssid; 1464 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1465 event.assoc_reject.resp_ies = 1466 (u8 *) mgmt->u.assoc_resp.variable; 1467 event.assoc_reject.resp_ies_len = 1468 len - 24 - sizeof(mgmt->u.assoc_resp); 1469 } 1470 event.assoc_reject.status_code = status; 1471 1472 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1473 return; 1474 } 1475 1476 drv->associated = 1; 1477 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 1478 os_memcpy(drv->prev_bssid, mgmt->sa, ETH_ALEN); 1479 1480 os_memset(&event, 0, sizeof(event)); 1481 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1482 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 1483 event.assoc_info.resp_ies_len = 1484 len - 24 - sizeof(mgmt->u.assoc_resp); 1485 } 1486 1487 event.assoc_info.freq = drv->assoc_freq; 1488 1489 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1490} 1491 1492 1493static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 1494 enum nl80211_commands cmd, struct nlattr *status, 1495 struct nlattr *addr, struct nlattr *req_ie, 1496 struct nlattr *resp_ie) 1497{ 1498 union wpa_event_data event; 1499 1500 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1501 /* 1502 * Avoid reporting two association events that would confuse 1503 * the core code. 1504 */ 1505 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 1506 "when using userspace SME", cmd); 1507 return; 1508 } 1509 1510 if (cmd == NL80211_CMD_CONNECT) 1511 wpa_printf(MSG_DEBUG, "nl80211: Connect event"); 1512 else if (cmd == NL80211_CMD_ROAM) 1513 wpa_printf(MSG_DEBUG, "nl80211: Roam event"); 1514 1515 os_memset(&event, 0, sizeof(event)); 1516 if (cmd == NL80211_CMD_CONNECT && 1517 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 1518 if (addr) 1519 event.assoc_reject.bssid = nla_data(addr); 1520 if (resp_ie) { 1521 event.assoc_reject.resp_ies = nla_data(resp_ie); 1522 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 1523 } 1524 event.assoc_reject.status_code = nla_get_u16(status); 1525 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1526 return; 1527 } 1528 1529 drv->associated = 1; 1530 if (addr) { 1531 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 1532 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 1533 } 1534 1535 if (req_ie) { 1536 event.assoc_info.req_ies = nla_data(req_ie); 1537 event.assoc_info.req_ies_len = nla_len(req_ie); 1538 } 1539 if (resp_ie) { 1540 event.assoc_info.resp_ies = nla_data(resp_ie); 1541 event.assoc_info.resp_ies_len = nla_len(resp_ie); 1542 } 1543 1544 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 1545 1546 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1547} 1548 1549 1550static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv, 1551 struct nlattr *reason, struct nlattr *addr, 1552 struct nlattr *by_ap) 1553{ 1554 union wpa_event_data data; 1555 unsigned int locally_generated = by_ap == NULL; 1556 1557 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1558 /* 1559 * Avoid reporting two disassociation events that could 1560 * confuse the core code. 1561 */ 1562 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1563 "event when using userspace SME"); 1564 return; 1565 } 1566 1567 if (drv->ignore_next_local_disconnect) { 1568 drv->ignore_next_local_disconnect = 0; 1569 if (locally_generated) { 1570 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1571 "event triggered during reassociation"); 1572 return; 1573 } 1574 wpa_printf(MSG_WARNING, "nl80211: Was expecting local " 1575 "disconnect but got another disconnect " 1576 "event first"); 1577 } 1578 1579 wpa_printf(MSG_DEBUG, "nl80211: Disconnect event"); 1580 nl80211_mark_disconnected(drv); 1581 os_memset(&data, 0, sizeof(data)); 1582 if (reason) 1583 data.deauth_info.reason_code = nla_get_u16(reason); 1584 data.deauth_info.locally_generated = by_ap == NULL; 1585 wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, &data); 1586} 1587 1588 1589static int calculate_chan_offset(int width, int freq, int cf1, int cf2) 1590{ 1591 int freq1 = 0; 1592 1593 switch (convert2width(width)) { 1594 case CHAN_WIDTH_20_NOHT: 1595 case CHAN_WIDTH_20: 1596 return 0; 1597 case CHAN_WIDTH_40: 1598 freq1 = cf1 - 10; 1599 break; 1600 case CHAN_WIDTH_80: 1601 freq1 = cf1 - 30; 1602 break; 1603 case CHAN_WIDTH_160: 1604 freq1 = cf1 - 70; 1605 break; 1606 case CHAN_WIDTH_UNKNOWN: 1607 case CHAN_WIDTH_80P80: 1608 /* FIXME: implement this */ 1609 return 0; 1610 } 1611 1612 return (abs(freq - freq1) / 20) % 2 == 0 ? 1 : -1; 1613} 1614 1615 1616static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv, 1617 struct nlattr *ifindex, struct nlattr *freq, 1618 struct nlattr *type, struct nlattr *bw, 1619 struct nlattr *cf1, struct nlattr *cf2) 1620{ 1621 struct i802_bss *bss; 1622 union wpa_event_data data; 1623 int ht_enabled = 1; 1624 int chan_offset = 0; 1625 int ifidx; 1626 1627 wpa_printf(MSG_DEBUG, "nl80211: Channel switch event"); 1628 1629 if (!freq) 1630 return; 1631 1632 ifidx = nla_get_u32(ifindex); 1633 for (bss = drv->first_bss; bss; bss = bss->next) 1634 if (bss->ifindex == ifidx) 1635 break; 1636 1637 if (bss == NULL) { 1638 wpa_printf(MSG_WARNING, "nl80211: Unknown ifindex (%d) for channel switch, ignoring", 1639 ifidx); 1640 return; 1641 } 1642 1643 if (type) { 1644 switch (nla_get_u32(type)) { 1645 case NL80211_CHAN_NO_HT: 1646 ht_enabled = 0; 1647 break; 1648 case NL80211_CHAN_HT20: 1649 break; 1650 case NL80211_CHAN_HT40PLUS: 1651 chan_offset = 1; 1652 break; 1653 case NL80211_CHAN_HT40MINUS: 1654 chan_offset = -1; 1655 break; 1656 } 1657 } else if (bw && cf1) { 1658 /* This can happen for example with VHT80 ch switch */ 1659 chan_offset = calculate_chan_offset(nla_get_u32(bw), 1660 nla_get_u32(freq), 1661 nla_get_u32(cf1), 1662 cf2 ? nla_get_u32(cf2) : 0); 1663 } else { 1664 wpa_printf(MSG_WARNING, "nl80211: Unknown secondary channel information - following channel definition calculations may fail"); 1665 } 1666 1667 os_memset(&data, 0, sizeof(data)); 1668 data.ch_switch.freq = nla_get_u32(freq); 1669 data.ch_switch.ht_enabled = ht_enabled; 1670 data.ch_switch.ch_offset = chan_offset; 1671 if (bw) 1672 data.ch_switch.ch_width = convert2width(nla_get_u32(bw)); 1673 if (cf1) 1674 data.ch_switch.cf1 = nla_get_u32(cf1); 1675 if (cf2) 1676 data.ch_switch.cf2 = nla_get_u32(cf2); 1677 1678 bss->freq = data.ch_switch.freq; 1679 1680 wpa_supplicant_event(drv->ctx, EVENT_CH_SWITCH, &data); 1681} 1682 1683 1684static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 1685 enum nl80211_commands cmd, struct nlattr *addr) 1686{ 1687 union wpa_event_data event; 1688 enum wpa_event_type ev; 1689 1690 if (nla_len(addr) != ETH_ALEN) 1691 return; 1692 1693 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 1694 cmd, MAC2STR((u8 *) nla_data(addr))); 1695 1696 if (cmd == NL80211_CMD_AUTHENTICATE) 1697 ev = EVENT_AUTH_TIMED_OUT; 1698 else if (cmd == NL80211_CMD_ASSOCIATE) 1699 ev = EVENT_ASSOC_TIMED_OUT; 1700 else 1701 return; 1702 1703 os_memset(&event, 0, sizeof(event)); 1704 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 1705 wpa_supplicant_event(drv->ctx, ev, &event); 1706} 1707 1708 1709static void mlme_event_mgmt(struct i802_bss *bss, 1710 struct nlattr *freq, struct nlattr *sig, 1711 const u8 *frame, size_t len) 1712{ 1713 struct wpa_driver_nl80211_data *drv = bss->drv; 1714 const struct ieee80211_mgmt *mgmt; 1715 union wpa_event_data event; 1716 u16 fc, stype; 1717 int ssi_signal = 0; 1718 int rx_freq = 0; 1719 1720 wpa_printf(MSG_MSGDUMP, "nl80211: Frame event"); 1721 mgmt = (const struct ieee80211_mgmt *) frame; 1722 if (len < 24) { 1723 wpa_printf(MSG_DEBUG, "nl80211: Too short management frame"); 1724 return; 1725 } 1726 1727 fc = le_to_host16(mgmt->frame_control); 1728 stype = WLAN_FC_GET_STYPE(fc); 1729 1730 if (sig) 1731 ssi_signal = (s32) nla_get_u32(sig); 1732 1733 os_memset(&event, 0, sizeof(event)); 1734 if (freq) { 1735 event.rx_mgmt.freq = nla_get_u32(freq); 1736 rx_freq = drv->last_mgmt_freq = event.rx_mgmt.freq; 1737 } 1738 wpa_printf(MSG_DEBUG, 1739 "nl80211: RX frame sa=" MACSTR 1740 " freq=%d ssi_signal=%d stype=%u (%s) len=%u", 1741 MAC2STR(mgmt->sa), rx_freq, ssi_signal, stype, fc2str(fc), 1742 (unsigned int) len); 1743 event.rx_mgmt.frame = frame; 1744 event.rx_mgmt.frame_len = len; 1745 event.rx_mgmt.ssi_signal = ssi_signal; 1746 event.rx_mgmt.drv_priv = bss; 1747 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 1748} 1749 1750 1751static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv, 1752 struct nlattr *cookie, const u8 *frame, 1753 size_t len, struct nlattr *ack) 1754{ 1755 union wpa_event_data event; 1756 const struct ieee80211_hdr *hdr; 1757 u16 fc; 1758 1759 wpa_printf(MSG_DEBUG, "nl80211: Frame TX status event"); 1760 if (!is_ap_interface(drv->nlmode)) { 1761 u64 cookie_val; 1762 1763 if (!cookie) 1764 return; 1765 1766 cookie_val = nla_get_u64(cookie); 1767 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:" 1768 " cookie=0%llx%s (ack=%d)", 1769 (long long unsigned int) cookie_val, 1770 cookie_val == drv->send_action_cookie ? 1771 " (match)" : " (unknown)", ack != NULL); 1772 if (cookie_val != drv->send_action_cookie) 1773 return; 1774 } 1775 1776 hdr = (const struct ieee80211_hdr *) frame; 1777 fc = le_to_host16(hdr->frame_control); 1778 1779 os_memset(&event, 0, sizeof(event)); 1780 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 1781 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 1782 event.tx_status.dst = hdr->addr1; 1783 event.tx_status.data = frame; 1784 event.tx_status.data_len = len; 1785 event.tx_status.ack = ack != NULL; 1786 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 1787} 1788 1789 1790static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 1791 enum wpa_event_type type, 1792 const u8 *frame, size_t len) 1793{ 1794 const struct ieee80211_mgmt *mgmt; 1795 union wpa_event_data event; 1796 const u8 *bssid = NULL; 1797 u16 reason_code = 0; 1798 1799 if (type == EVENT_DEAUTH) 1800 wpa_printf(MSG_DEBUG, "nl80211: Deauthenticate event"); 1801 else 1802 wpa_printf(MSG_DEBUG, "nl80211: Disassociate event"); 1803 1804 mgmt = (const struct ieee80211_mgmt *) frame; 1805 if (len >= 24) { 1806 bssid = mgmt->bssid; 1807 1808 if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) && 1809 !drv->associated && 1810 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0 && 1811 os_memcmp(bssid, drv->auth_attempt_bssid, ETH_ALEN) != 0 && 1812 os_memcmp(bssid, drv->prev_bssid, ETH_ALEN) == 0) { 1813 /* 1814 * Avoid issues with some roaming cases where 1815 * disconnection event for the old AP may show up after 1816 * we have started connection with the new AP. 1817 */ 1818 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth/disassoc event from old AP " MACSTR " when already authenticating with " MACSTR, 1819 MAC2STR(bssid), 1820 MAC2STR(drv->auth_attempt_bssid)); 1821 return; 1822 } 1823 1824 if (drv->associated != 0 && 1825 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 1826 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 1827 /* 1828 * We have presumably received this deauth as a 1829 * response to a clear_state_mismatch() outgoing 1830 * deauth. Don't let it take us offline! 1831 */ 1832 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 1833 "from Unknown BSSID " MACSTR " -- ignoring", 1834 MAC2STR(bssid)); 1835 return; 1836 } 1837 } 1838 1839 nl80211_mark_disconnected(drv); 1840 os_memset(&event, 0, sizeof(event)); 1841 1842 /* Note: Same offset for Reason Code in both frame subtypes */ 1843 if (len >= 24 + sizeof(mgmt->u.deauth)) 1844 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1845 1846 if (type == EVENT_DISASSOC) { 1847 event.disassoc_info.locally_generated = 1848 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 1849 event.disassoc_info.addr = bssid; 1850 event.disassoc_info.reason_code = reason_code; 1851 if (frame + len > mgmt->u.disassoc.variable) { 1852 event.disassoc_info.ie = mgmt->u.disassoc.variable; 1853 event.disassoc_info.ie_len = frame + len - 1854 mgmt->u.disassoc.variable; 1855 } 1856 } else { 1857 if (drv->ignore_deauth_event) { 1858 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event due to previous forced deauth-during-auth"); 1859 drv->ignore_deauth_event = 0; 1860 return; 1861 } 1862 event.deauth_info.locally_generated = 1863 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 1864 if (drv->ignore_next_local_deauth) { 1865 drv->ignore_next_local_deauth = 0; 1866 if (event.deauth_info.locally_generated) { 1867 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event triggered due to own deauth request"); 1868 return; 1869 } 1870 wpa_printf(MSG_WARNING, "nl80211: Was expecting local deauth but got another disconnect event first"); 1871 } 1872 event.deauth_info.addr = bssid; 1873 event.deauth_info.reason_code = reason_code; 1874 if (frame + len > mgmt->u.deauth.variable) { 1875 event.deauth_info.ie = mgmt->u.deauth.variable; 1876 event.deauth_info.ie_len = frame + len - 1877 mgmt->u.deauth.variable; 1878 } 1879 } 1880 1881 wpa_supplicant_event(drv->ctx, type, &event); 1882} 1883 1884 1885static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 1886 enum wpa_event_type type, 1887 const u8 *frame, size_t len) 1888{ 1889 const struct ieee80211_mgmt *mgmt; 1890 union wpa_event_data event; 1891 u16 reason_code = 0; 1892 1893 if (type == EVENT_UNPROT_DEAUTH) 1894 wpa_printf(MSG_DEBUG, "nl80211: Unprot Deauthenticate event"); 1895 else 1896 wpa_printf(MSG_DEBUG, "nl80211: Unprot Disassociate event"); 1897 1898 if (len < 24) 1899 return; 1900 1901 mgmt = (const struct ieee80211_mgmt *) frame; 1902 1903 os_memset(&event, 0, sizeof(event)); 1904 /* Note: Same offset for Reason Code in both frame subtypes */ 1905 if (len >= 24 + sizeof(mgmt->u.deauth)) 1906 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1907 1908 if (type == EVENT_UNPROT_DISASSOC) { 1909 event.unprot_disassoc.sa = mgmt->sa; 1910 event.unprot_disassoc.da = mgmt->da; 1911 event.unprot_disassoc.reason_code = reason_code; 1912 } else { 1913 event.unprot_deauth.sa = mgmt->sa; 1914 event.unprot_deauth.da = mgmt->da; 1915 event.unprot_deauth.reason_code = reason_code; 1916 } 1917 1918 wpa_supplicant_event(drv->ctx, type, &event); 1919} 1920 1921 1922static void mlme_event(struct i802_bss *bss, 1923 enum nl80211_commands cmd, struct nlattr *frame, 1924 struct nlattr *addr, struct nlattr *timed_out, 1925 struct nlattr *freq, struct nlattr *ack, 1926 struct nlattr *cookie, struct nlattr *sig) 1927{ 1928 struct wpa_driver_nl80211_data *drv = bss->drv; 1929 const u8 *data; 1930 size_t len; 1931 1932 if (timed_out && addr) { 1933 mlme_timeout_event(drv, cmd, addr); 1934 return; 1935 } 1936 1937 if (frame == NULL) { 1938 wpa_printf(MSG_DEBUG, 1939 "nl80211: MLME event %d (%s) without frame data", 1940 cmd, nl80211_command_to_string(cmd)); 1941 return; 1942 } 1943 1944 data = nla_data(frame); 1945 len = nla_len(frame); 1946 if (len < 4 + 2 * ETH_ALEN) { 1947 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" 1948 MACSTR ") - too short", 1949 cmd, nl80211_command_to_string(cmd), bss->ifname, 1950 MAC2STR(bss->addr)); 1951 return; 1952 } 1953 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" MACSTR 1954 ") A1=" MACSTR " A2=" MACSTR, cmd, 1955 nl80211_command_to_string(cmd), bss->ifname, 1956 MAC2STR(bss->addr), MAC2STR(data + 4), 1957 MAC2STR(data + 4 + ETH_ALEN)); 1958 if (cmd != NL80211_CMD_FRAME_TX_STATUS && !(data[4] & 0x01) && 1959 os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 && 1960 os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) { 1961 wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event " 1962 "for foreign address", bss->ifname); 1963 return; 1964 } 1965 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 1966 nla_data(frame), nla_len(frame)); 1967 1968 switch (cmd) { 1969 case NL80211_CMD_AUTHENTICATE: 1970 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 1971 break; 1972 case NL80211_CMD_ASSOCIATE: 1973 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 1974 break; 1975 case NL80211_CMD_DEAUTHENTICATE: 1976 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 1977 nla_data(frame), nla_len(frame)); 1978 break; 1979 case NL80211_CMD_DISASSOCIATE: 1980 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 1981 nla_data(frame), nla_len(frame)); 1982 break; 1983 case NL80211_CMD_FRAME: 1984 mlme_event_mgmt(bss, freq, sig, nla_data(frame), 1985 nla_len(frame)); 1986 break; 1987 case NL80211_CMD_FRAME_TX_STATUS: 1988 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame), 1989 nla_len(frame), ack); 1990 break; 1991 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1992 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 1993 nla_data(frame), nla_len(frame)); 1994 break; 1995 case NL80211_CMD_UNPROT_DISASSOCIATE: 1996 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 1997 nla_data(frame), nla_len(frame)); 1998 break; 1999 default: 2000 break; 2001 } 2002} 2003 2004 2005static void mlme_event_michael_mic_failure(struct i802_bss *bss, 2006 struct nlattr *tb[]) 2007{ 2008 union wpa_event_data data; 2009 2010 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 2011 os_memset(&data, 0, sizeof(data)); 2012 if (tb[NL80211_ATTR_MAC]) { 2013 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 2014 nla_data(tb[NL80211_ATTR_MAC]), 2015 nla_len(tb[NL80211_ATTR_MAC])); 2016 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 2017 } 2018 if (tb[NL80211_ATTR_KEY_SEQ]) { 2019 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 2020 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 2021 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 2022 } 2023 if (tb[NL80211_ATTR_KEY_TYPE]) { 2024 enum nl80211_key_type key_type = 2025 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 2026 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 2027 if (key_type == NL80211_KEYTYPE_PAIRWISE) 2028 data.michael_mic_failure.unicast = 1; 2029 } else 2030 data.michael_mic_failure.unicast = 1; 2031 2032 if (tb[NL80211_ATTR_KEY_IDX]) { 2033 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 2034 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 2035 } 2036 2037 wpa_supplicant_event(bss->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 2038} 2039 2040 2041static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 2042 struct nlattr *tb[]) 2043{ 2044 unsigned int freq; 2045 2046 if (tb[NL80211_ATTR_MAC] == NULL) { 2047 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 2048 "event"); 2049 return; 2050 } 2051 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2052 2053 drv->associated = 1; 2054 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 2055 MAC2STR(drv->bssid)); 2056 2057 freq = nl80211_get_assoc_freq(drv); 2058 if (freq) { 2059 wpa_printf(MSG_DEBUG, "nl80211: IBSS on frequency %u MHz", 2060 freq); 2061 drv->first_bss->freq = freq; 2062 } 2063 2064 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 2065} 2066 2067 2068static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 2069 int cancel_event, struct nlattr *tb[]) 2070{ 2071 unsigned int freq, chan_type, duration; 2072 union wpa_event_data data; 2073 u64 cookie; 2074 2075 if (tb[NL80211_ATTR_WIPHY_FREQ]) 2076 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 2077 else 2078 freq = 0; 2079 2080 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 2081 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 2082 else 2083 chan_type = 0; 2084 2085 if (tb[NL80211_ATTR_DURATION]) 2086 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 2087 else 2088 duration = 0; 2089 2090 if (tb[NL80211_ATTR_COOKIE]) 2091 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 2092 else 2093 cookie = 0; 2094 2095 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 2096 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 2097 cancel_event, freq, chan_type, duration, 2098 (long long unsigned int) cookie, 2099 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 2100 2101 if (cookie != drv->remain_on_chan_cookie) 2102 return; /* not for us */ 2103 2104 if (cancel_event) 2105 drv->pending_remain_on_chan = 0; 2106 2107 os_memset(&data, 0, sizeof(data)); 2108 data.remain_on_channel.freq = freq; 2109 data.remain_on_channel.duration = duration; 2110 wpa_supplicant_event(drv->ctx, cancel_event ? 2111 EVENT_CANCEL_REMAIN_ON_CHANNEL : 2112 EVENT_REMAIN_ON_CHANNEL, &data); 2113} 2114 2115 2116static void mlme_event_ft_event(struct wpa_driver_nl80211_data *drv, 2117 struct nlattr *tb[]) 2118{ 2119 union wpa_event_data data; 2120 2121 os_memset(&data, 0, sizeof(data)); 2122 2123 if (tb[NL80211_ATTR_IE]) { 2124 data.ft_ies.ies = nla_data(tb[NL80211_ATTR_IE]); 2125 data.ft_ies.ies_len = nla_len(tb[NL80211_ATTR_IE]); 2126 } 2127 2128 if (tb[NL80211_ATTR_IE_RIC]) { 2129 data.ft_ies.ric_ies = nla_data(tb[NL80211_ATTR_IE_RIC]); 2130 data.ft_ies.ric_ies_len = nla_len(tb[NL80211_ATTR_IE_RIC]); 2131 } 2132 2133 if (tb[NL80211_ATTR_MAC]) 2134 os_memcpy(data.ft_ies.target_ap, 2135 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2136 2137 wpa_printf(MSG_DEBUG, "nl80211: FT event target_ap " MACSTR, 2138 MAC2STR(data.ft_ies.target_ap)); 2139 2140 wpa_supplicant_event(drv->ctx, EVENT_FT_RESPONSE, &data); 2141} 2142 2143 2144static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 2145 struct nlattr *tb[]) 2146{ 2147 union wpa_event_data event; 2148 struct nlattr *nl; 2149 int rem; 2150 struct scan_info *info; 2151#define MAX_REPORT_FREQS 50 2152 int freqs[MAX_REPORT_FREQS]; 2153 int num_freqs = 0; 2154 2155 if (drv->scan_for_auth) { 2156 drv->scan_for_auth = 0; 2157 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing " 2158 "cfg80211 BSS entry"); 2159 wpa_driver_nl80211_authenticate_retry(drv); 2160 return; 2161 } 2162 2163 os_memset(&event, 0, sizeof(event)); 2164 info = &event.scan_info; 2165 info->aborted = aborted; 2166 2167 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 2168 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 2169 struct wpa_driver_scan_ssid *s = 2170 &info->ssids[info->num_ssids]; 2171 s->ssid = nla_data(nl); 2172 s->ssid_len = nla_len(nl); 2173 wpa_printf(MSG_DEBUG, "nl80211: Scan probed for SSID '%s'", 2174 wpa_ssid_txt(s->ssid, s->ssid_len)); 2175 info->num_ssids++; 2176 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 2177 break; 2178 } 2179 } 2180 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 2181 char msg[200], *pos, *end; 2182 int res; 2183 2184 pos = msg; 2185 end = pos + sizeof(msg); 2186 *pos = '\0'; 2187 2188 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 2189 { 2190 freqs[num_freqs] = nla_get_u32(nl); 2191 res = os_snprintf(pos, end - pos, " %d", 2192 freqs[num_freqs]); 2193 if (res > 0 && end - pos > res) 2194 pos += res; 2195 num_freqs++; 2196 if (num_freqs == MAX_REPORT_FREQS - 1) 2197 break; 2198 } 2199 info->freqs = freqs; 2200 info->num_freqs = num_freqs; 2201 wpa_printf(MSG_DEBUG, "nl80211: Scan included frequencies:%s", 2202 msg); 2203 } 2204 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 2205} 2206 2207 2208static int get_link_signal(struct nl_msg *msg, void *arg) 2209{ 2210 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2211 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2212 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1]; 2213 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = { 2214 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 }, 2215 [NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 }, 2216 }; 2217 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1]; 2218 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = { 2219 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 }, 2220 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 }, 2221 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG }, 2222 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG }, 2223 }; 2224 struct wpa_signal_info *sig_change = arg; 2225 2226 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2227 genlmsg_attrlen(gnlh, 0), NULL); 2228 if (!tb[NL80211_ATTR_STA_INFO] || 2229 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX, 2230 tb[NL80211_ATTR_STA_INFO], policy)) 2231 return NL_SKIP; 2232 if (!sinfo[NL80211_STA_INFO_SIGNAL]) 2233 return NL_SKIP; 2234 2235 sig_change->current_signal = 2236 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]); 2237 2238 if (sinfo[NL80211_STA_INFO_SIGNAL_AVG]) 2239 sig_change->avg_signal = 2240 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]); 2241 else 2242 sig_change->avg_signal = 0; 2243 2244 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) { 2245 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX, 2246 sinfo[NL80211_STA_INFO_TX_BITRATE], 2247 rate_policy)) { 2248 sig_change->current_txrate = 0; 2249 } else { 2250 if (rinfo[NL80211_RATE_INFO_BITRATE]) { 2251 sig_change->current_txrate = 2252 nla_get_u16(rinfo[ 2253 NL80211_RATE_INFO_BITRATE]) * 100; 2254 } 2255 } 2256 } 2257 2258 return NL_SKIP; 2259} 2260 2261 2262static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, 2263 struct wpa_signal_info *sig) 2264{ 2265 struct nl_msg *msg; 2266 2267 sig->current_signal = -9999; 2268 sig->current_txrate = 0; 2269 2270 msg = nlmsg_alloc(); 2271 if (!msg) 2272 return -ENOMEM; 2273 2274 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 2275 2276 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2277 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 2278 2279 return send_and_recv_msgs(drv, msg, get_link_signal, sig); 2280 nla_put_failure: 2281 nlmsg_free(msg); 2282 return -ENOBUFS; 2283} 2284 2285 2286static int get_link_noise(struct nl_msg *msg, void *arg) 2287{ 2288 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2289 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2290 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 2291 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 2292 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 2293 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 2294 }; 2295 struct wpa_signal_info *sig_change = arg; 2296 2297 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2298 genlmsg_attrlen(gnlh, 0), NULL); 2299 2300 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 2301 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!"); 2302 return NL_SKIP; 2303 } 2304 2305 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 2306 tb[NL80211_ATTR_SURVEY_INFO], 2307 survey_policy)) { 2308 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested " 2309 "attributes!"); 2310 return NL_SKIP; 2311 } 2312 2313 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 2314 return NL_SKIP; 2315 2316 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 2317 sig_change->frequency) 2318 return NL_SKIP; 2319 2320 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 2321 return NL_SKIP; 2322 2323 sig_change->current_noise = 2324 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 2325 2326 return NL_SKIP; 2327} 2328 2329 2330static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, 2331 struct wpa_signal_info *sig_change) 2332{ 2333 struct nl_msg *msg; 2334 2335 sig_change->current_noise = 9999; 2336 sig_change->frequency = drv->assoc_freq; 2337 2338 msg = nlmsg_alloc(); 2339 if (!msg) 2340 return -ENOMEM; 2341 2342 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 2343 2344 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2345 2346 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change); 2347 nla_put_failure: 2348 nlmsg_free(msg); 2349 return -ENOBUFS; 2350} 2351 2352 2353static int get_noise_for_scan_results(struct nl_msg *msg, void *arg) 2354{ 2355 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2356 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2357 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 2358 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 2359 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 2360 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 2361 }; 2362 struct wpa_scan_results *scan_results = arg; 2363 struct wpa_scan_res *scan_res; 2364 size_t i; 2365 2366 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2367 genlmsg_attrlen(gnlh, 0), NULL); 2368 2369 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 2370 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing"); 2371 return NL_SKIP; 2372 } 2373 2374 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 2375 tb[NL80211_ATTR_SURVEY_INFO], 2376 survey_policy)) { 2377 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested " 2378 "attributes"); 2379 return NL_SKIP; 2380 } 2381 2382 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 2383 return NL_SKIP; 2384 2385 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 2386 return NL_SKIP; 2387 2388 for (i = 0; i < scan_results->num; ++i) { 2389 scan_res = scan_results->res[i]; 2390 if (!scan_res) 2391 continue; 2392 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 2393 scan_res->freq) 2394 continue; 2395 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID)) 2396 continue; 2397 scan_res->noise = (s8) 2398 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 2399 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID; 2400 } 2401 2402 return NL_SKIP; 2403} 2404 2405 2406static int nl80211_get_noise_for_scan_results( 2407 struct wpa_driver_nl80211_data *drv, 2408 struct wpa_scan_results *scan_res) 2409{ 2410 struct nl_msg *msg; 2411 2412 msg = nlmsg_alloc(); 2413 if (!msg) 2414 return -ENOMEM; 2415 2416 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 2417 2418 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2419 2420 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, 2421 scan_res); 2422 nla_put_failure: 2423 nlmsg_free(msg); 2424 return -ENOBUFS; 2425} 2426 2427 2428static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 2429 struct nlattr *tb[]) 2430{ 2431 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 2432 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 2433 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 2434 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 2435 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 2436 }; 2437 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 2438 enum nl80211_cqm_rssi_threshold_event event; 2439 union wpa_event_data ed; 2440 struct wpa_signal_info sig; 2441 int res; 2442 2443 if (tb[NL80211_ATTR_CQM] == NULL || 2444 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 2445 cqm_policy)) { 2446 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 2447 return; 2448 } 2449 2450 os_memset(&ed, 0, sizeof(ed)); 2451 2452 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 2453 if (!tb[NL80211_ATTR_MAC]) 2454 return; 2455 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 2456 ETH_ALEN); 2457 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 2458 return; 2459 } 2460 2461 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 2462 return; 2463 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 2464 2465 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 2466 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 2467 "event: RSSI high"); 2468 ed.signal_change.above_threshold = 1; 2469 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 2470 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 2471 "event: RSSI low"); 2472 ed.signal_change.above_threshold = 0; 2473 } else 2474 return; 2475 2476 res = nl80211_get_link_signal(drv, &sig); 2477 if (res == 0) { 2478 ed.signal_change.current_signal = sig.current_signal; 2479 ed.signal_change.current_txrate = sig.current_txrate; 2480 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 2481 sig.current_signal, sig.current_txrate); 2482 } 2483 2484 res = nl80211_get_link_noise(drv, &sig); 2485 if (res == 0) { 2486 ed.signal_change.current_noise = sig.current_noise; 2487 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 2488 sig.current_noise); 2489 } 2490 2491 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 2492} 2493 2494 2495static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 2496 struct nlattr **tb) 2497{ 2498 u8 *addr; 2499 union wpa_event_data data; 2500 2501 if (tb[NL80211_ATTR_MAC] == NULL) 2502 return; 2503 addr = nla_data(tb[NL80211_ATTR_MAC]); 2504 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 2505 2506 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 2507 u8 *ies = NULL; 2508 size_t ies_len = 0; 2509 if (tb[NL80211_ATTR_IE]) { 2510 ies = nla_data(tb[NL80211_ATTR_IE]); 2511 ies_len = nla_len(tb[NL80211_ATTR_IE]); 2512 } 2513 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 2514 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0); 2515 return; 2516 } 2517 2518 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 2519 return; 2520 2521 os_memset(&data, 0, sizeof(data)); 2522 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 2523 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data); 2524} 2525 2526 2527static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 2528 struct nlattr **tb) 2529{ 2530 u8 *addr; 2531 union wpa_event_data data; 2532 2533 if (tb[NL80211_ATTR_MAC] == NULL) 2534 return; 2535 addr = nla_data(tb[NL80211_ATTR_MAC]); 2536 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 2537 MAC2STR(addr)); 2538 2539 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 2540 drv_event_disassoc(drv->ctx, addr); 2541 return; 2542 } 2543 2544 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 2545 return; 2546 2547 os_memset(&data, 0, sizeof(data)); 2548 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 2549 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 2550} 2551 2552 2553static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv, 2554 struct nlattr **tb) 2555{ 2556 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA]; 2557 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = { 2558 [NL80211_REKEY_DATA_KEK] = { 2559 .minlen = NL80211_KEK_LEN, 2560 .maxlen = NL80211_KEK_LEN, 2561 }, 2562 [NL80211_REKEY_DATA_KCK] = { 2563 .minlen = NL80211_KCK_LEN, 2564 .maxlen = NL80211_KCK_LEN, 2565 }, 2566 [NL80211_REKEY_DATA_REPLAY_CTR] = { 2567 .minlen = NL80211_REPLAY_CTR_LEN, 2568 .maxlen = NL80211_REPLAY_CTR_LEN, 2569 }, 2570 }; 2571 union wpa_event_data data; 2572 2573 if (!tb[NL80211_ATTR_MAC]) 2574 return; 2575 if (!tb[NL80211_ATTR_REKEY_DATA]) 2576 return; 2577 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA, 2578 tb[NL80211_ATTR_REKEY_DATA], rekey_policy)) 2579 return; 2580 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]) 2581 return; 2582 2583 os_memset(&data, 0, sizeof(data)); 2584 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]); 2585 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR, 2586 MAC2STR(data.driver_gtk_rekey.bssid)); 2587 data.driver_gtk_rekey.replay_ctr = 2588 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]); 2589 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter", 2590 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN); 2591 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data); 2592} 2593 2594 2595static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv, 2596 struct nlattr **tb) 2597{ 2598 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE]; 2599 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = { 2600 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 }, 2601 [NL80211_PMKSA_CANDIDATE_BSSID] = { 2602 .minlen = ETH_ALEN, 2603 .maxlen = ETH_ALEN, 2604 }, 2605 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG }, 2606 }; 2607 union wpa_event_data data; 2608 2609 wpa_printf(MSG_DEBUG, "nl80211: PMKSA candidate event"); 2610 2611 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE]) 2612 return; 2613 if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE, 2614 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy)) 2615 return; 2616 if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] || 2617 !cand[NL80211_PMKSA_CANDIDATE_BSSID]) 2618 return; 2619 2620 os_memset(&data, 0, sizeof(data)); 2621 os_memcpy(data.pmkid_candidate.bssid, 2622 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN); 2623 data.pmkid_candidate.index = 2624 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]); 2625 data.pmkid_candidate.preauth = 2626 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL; 2627 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 2628} 2629 2630 2631static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv, 2632 struct nlattr **tb) 2633{ 2634 union wpa_event_data data; 2635 2636 wpa_printf(MSG_DEBUG, "nl80211: Probe client event"); 2637 2638 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK]) 2639 return; 2640 2641 os_memset(&data, 0, sizeof(data)); 2642 os_memcpy(data.client_poll.addr, 2643 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2644 2645 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data); 2646} 2647 2648 2649static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv, 2650 struct nlattr **tb) 2651{ 2652 union wpa_event_data data; 2653 2654 wpa_printf(MSG_DEBUG, "nl80211: TDLS operation event"); 2655 2656 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_TDLS_OPERATION]) 2657 return; 2658 2659 os_memset(&data, 0, sizeof(data)); 2660 os_memcpy(data.tdls.peer, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2661 switch (nla_get_u8(tb[NL80211_ATTR_TDLS_OPERATION])) { 2662 case NL80211_TDLS_SETUP: 2663 wpa_printf(MSG_DEBUG, "nl80211: TDLS setup request for peer " 2664 MACSTR, MAC2STR(data.tdls.peer)); 2665 data.tdls.oper = TDLS_REQUEST_SETUP; 2666 break; 2667 case NL80211_TDLS_TEARDOWN: 2668 wpa_printf(MSG_DEBUG, "nl80211: TDLS teardown request for peer " 2669 MACSTR, MAC2STR(data.tdls.peer)); 2670 data.tdls.oper = TDLS_REQUEST_TEARDOWN; 2671 break; 2672 default: 2673 wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione " 2674 "event"); 2675 return; 2676 } 2677 if (tb[NL80211_ATTR_REASON_CODE]) { 2678 data.tdls.reason_code = 2679 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 2680 } 2681 2682 wpa_supplicant_event(drv->ctx, EVENT_TDLS, &data); 2683} 2684 2685 2686static void nl80211_stop_ap(struct wpa_driver_nl80211_data *drv, 2687 struct nlattr **tb) 2688{ 2689 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_UNAVAILABLE, NULL); 2690} 2691 2692 2693static void nl80211_connect_failed_event(struct wpa_driver_nl80211_data *drv, 2694 struct nlattr **tb) 2695{ 2696 union wpa_event_data data; 2697 u32 reason; 2698 2699 wpa_printf(MSG_DEBUG, "nl80211: Connect failed event"); 2700 2701 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_CONN_FAILED_REASON]) 2702 return; 2703 2704 os_memset(&data, 0, sizeof(data)); 2705 os_memcpy(data.connect_failed_reason.addr, 2706 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2707 2708 reason = nla_get_u32(tb[NL80211_ATTR_CONN_FAILED_REASON]); 2709 switch (reason) { 2710 case NL80211_CONN_FAIL_MAX_CLIENTS: 2711 wpa_printf(MSG_DEBUG, "nl80211: Max client reached"); 2712 data.connect_failed_reason.code = MAX_CLIENT_REACHED; 2713 break; 2714 case NL80211_CONN_FAIL_BLOCKED_CLIENT: 2715 wpa_printf(MSG_DEBUG, "nl80211: Blocked client " MACSTR 2716 " tried to connect", 2717 MAC2STR(data.connect_failed_reason.addr)); 2718 data.connect_failed_reason.code = BLOCKED_CLIENT; 2719 break; 2720 default: 2721 wpa_printf(MSG_DEBUG, "nl8021l: Unknown connect failed reason " 2722 "%u", reason); 2723 return; 2724 } 2725 2726 wpa_supplicant_event(drv->ctx, EVENT_CONNECT_FAILED_REASON, &data); 2727} 2728 2729 2730static void nl80211_radar_event(struct wpa_driver_nl80211_data *drv, 2731 struct nlattr **tb) 2732{ 2733 union wpa_event_data data; 2734 enum nl80211_radar_event event_type; 2735 2736 if (!tb[NL80211_ATTR_WIPHY_FREQ] || !tb[NL80211_ATTR_RADAR_EVENT]) 2737 return; 2738 2739 os_memset(&data, 0, sizeof(data)); 2740 data.dfs_event.freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 2741 event_type = nla_get_u32(tb[NL80211_ATTR_RADAR_EVENT]); 2742 2743 /* Check HT params */ 2744 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 2745 data.dfs_event.ht_enabled = 1; 2746 data.dfs_event.chan_offset = 0; 2747 2748 switch (nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])) { 2749 case NL80211_CHAN_NO_HT: 2750 data.dfs_event.ht_enabled = 0; 2751 break; 2752 case NL80211_CHAN_HT20: 2753 break; 2754 case NL80211_CHAN_HT40PLUS: 2755 data.dfs_event.chan_offset = 1; 2756 break; 2757 case NL80211_CHAN_HT40MINUS: 2758 data.dfs_event.chan_offset = -1; 2759 break; 2760 } 2761 } 2762 2763 /* Get VHT params */ 2764 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) 2765 data.dfs_event.chan_width = 2766 convert2width(nla_get_u32( 2767 tb[NL80211_ATTR_CHANNEL_WIDTH])); 2768 if (tb[NL80211_ATTR_CENTER_FREQ1]) 2769 data.dfs_event.cf1 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 2770 if (tb[NL80211_ATTR_CENTER_FREQ2]) 2771 data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 2772 2773 wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz, ht: %d, offset: %d, width: %d, cf1: %dMHz, cf2: %dMHz", 2774 data.dfs_event.freq, data.dfs_event.ht_enabled, 2775 data.dfs_event.chan_offset, data.dfs_event.chan_width, 2776 data.dfs_event.cf1, data.dfs_event.cf2); 2777 2778 switch (event_type) { 2779 case NL80211_RADAR_DETECTED: 2780 wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data); 2781 break; 2782 case NL80211_RADAR_CAC_FINISHED: 2783 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data); 2784 break; 2785 case NL80211_RADAR_CAC_ABORTED: 2786 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data); 2787 break; 2788 case NL80211_RADAR_NOP_FINISHED: 2789 wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data); 2790 break; 2791 default: 2792 wpa_printf(MSG_DEBUG, "nl80211: Unknown radar event %d " 2793 "received", event_type); 2794 break; 2795 } 2796} 2797 2798 2799static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb, 2800 int wds) 2801{ 2802 struct wpa_driver_nl80211_data *drv = bss->drv; 2803 union wpa_event_data event; 2804 2805 if (!tb[NL80211_ATTR_MAC]) 2806 return; 2807 2808 os_memset(&event, 0, sizeof(event)); 2809 event.rx_from_unknown.bssid = bss->addr; 2810 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]); 2811 event.rx_from_unknown.wds = wds; 2812 2813 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 2814} 2815 2816 2817static void qca_nl80211_avoid_freq(struct wpa_driver_nl80211_data *drv, 2818 const u8 *data, size_t len) 2819{ 2820 u32 i, count; 2821 union wpa_event_data event; 2822 struct wpa_freq_range *range = NULL; 2823 const struct qca_avoid_freq_list *freq_range; 2824 2825 freq_range = (const struct qca_avoid_freq_list *) data; 2826 if (len < sizeof(freq_range->count)) 2827 return; 2828 2829 count = freq_range->count; 2830 if (len < sizeof(freq_range->count) + 2831 count * sizeof(struct qca_avoid_freq_range)) { 2832 wpa_printf(MSG_DEBUG, "nl80211: Ignored too short avoid frequency list (len=%u)", 2833 (unsigned int) len); 2834 return; 2835 } 2836 2837 if (count > 0) { 2838 range = os_calloc(count, sizeof(struct wpa_freq_range)); 2839 if (range == NULL) 2840 return; 2841 } 2842 2843 os_memset(&event, 0, sizeof(event)); 2844 for (i = 0; i < count; i++) { 2845 unsigned int idx = event.freq_range.num; 2846 range[idx].min = freq_range->range[i].start_freq; 2847 range[idx].max = freq_range->range[i].end_freq; 2848 wpa_printf(MSG_DEBUG, "nl80211: Avoid frequency range: %u-%u", 2849 range[idx].min, range[idx].max); 2850 if (range[idx].min > range[idx].max) { 2851 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid frequency range"); 2852 continue; 2853 } 2854 event.freq_range.num++; 2855 } 2856 event.freq_range.range = range; 2857 2858 wpa_supplicant_event(drv->ctx, EVENT_AVOID_FREQUENCIES, &event); 2859 2860 os_free(range); 2861} 2862 2863 2864static void nl80211_vendor_event_qca(struct wpa_driver_nl80211_data *drv, 2865 u32 subcmd, u8 *data, size_t len) 2866{ 2867 switch (subcmd) { 2868 case QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY: 2869 qca_nl80211_avoid_freq(drv, data, len); 2870 break; 2871 default: 2872 wpa_printf(MSG_DEBUG, 2873 "nl80211: Ignore unsupported QCA vendor event %u", 2874 subcmd); 2875 break; 2876 } 2877} 2878 2879 2880static void nl80211_vendor_event(struct wpa_driver_nl80211_data *drv, 2881 struct nlattr **tb) 2882{ 2883 u32 vendor_id, subcmd, wiphy = 0; 2884 int wiphy_idx; 2885 u8 *data = NULL; 2886 size_t len = 0; 2887 2888 if (!tb[NL80211_ATTR_VENDOR_ID] || 2889 !tb[NL80211_ATTR_VENDOR_SUBCMD]) 2890 return; 2891 2892 vendor_id = nla_get_u32(tb[NL80211_ATTR_VENDOR_ID]); 2893 subcmd = nla_get_u32(tb[NL80211_ATTR_VENDOR_SUBCMD]); 2894 2895 if (tb[NL80211_ATTR_WIPHY]) 2896 wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 2897 2898 wpa_printf(MSG_DEBUG, "nl80211: Vendor event: wiphy=%u vendor_id=0x%x subcmd=%u", 2899 wiphy, vendor_id, subcmd); 2900 2901 if (tb[NL80211_ATTR_VENDOR_DATA]) { 2902 data = nla_data(tb[NL80211_ATTR_VENDOR_DATA]); 2903 len = nla_len(tb[NL80211_ATTR_VENDOR_DATA]); 2904 wpa_hexdump(MSG_MSGDUMP, "nl80211: Vendor data", data, len); 2905 } 2906 2907 wiphy_idx = nl80211_get_wiphy_index(drv->first_bss); 2908 if (wiphy_idx >= 0 && wiphy_idx != (int) wiphy) { 2909 wpa_printf(MSG_DEBUG, "nl80211: Ignore vendor event for foreign wiphy %u (own: %d)", 2910 wiphy, wiphy_idx); 2911 return; 2912 } 2913 2914 switch (vendor_id) { 2915 case OUI_QCA: 2916 nl80211_vendor_event_qca(drv, subcmd, data, len); 2917 break; 2918 default: 2919 wpa_printf(MSG_DEBUG, "nl80211: Ignore unsupported vendor event"); 2920 break; 2921 } 2922} 2923 2924 2925static void nl80211_reg_change_event(struct wpa_driver_nl80211_data *drv, 2926 struct nlattr *tb[]) 2927{ 2928 union wpa_event_data data; 2929 enum nl80211_reg_initiator init; 2930 2931 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 2932 2933 if (tb[NL80211_ATTR_REG_INITIATOR] == NULL) 2934 return; 2935 2936 os_memset(&data, 0, sizeof(data)); 2937 init = nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR]); 2938 wpa_printf(MSG_DEBUG, " * initiator=%d", init); 2939 switch (init) { 2940 case NL80211_REGDOM_SET_BY_CORE: 2941 data.channel_list_changed.initiator = REGDOM_SET_BY_CORE; 2942 break; 2943 case NL80211_REGDOM_SET_BY_USER: 2944 data.channel_list_changed.initiator = REGDOM_SET_BY_USER; 2945 break; 2946 case NL80211_REGDOM_SET_BY_DRIVER: 2947 data.channel_list_changed.initiator = REGDOM_SET_BY_DRIVER; 2948 break; 2949 case NL80211_REGDOM_SET_BY_COUNTRY_IE: 2950 data.channel_list_changed.initiator = REGDOM_SET_BY_COUNTRY_IE; 2951 break; 2952 } 2953 2954 if (tb[NL80211_ATTR_REG_TYPE]) { 2955 enum nl80211_reg_type type; 2956 type = nla_get_u8(tb[NL80211_ATTR_REG_TYPE]); 2957 wpa_printf(MSG_DEBUG, " * type=%d", type); 2958 switch (type) { 2959 case NL80211_REGDOM_TYPE_COUNTRY: 2960 data.channel_list_changed.type = REGDOM_TYPE_COUNTRY; 2961 break; 2962 case NL80211_REGDOM_TYPE_WORLD: 2963 data.channel_list_changed.type = REGDOM_TYPE_WORLD; 2964 break; 2965 case NL80211_REGDOM_TYPE_CUSTOM_WORLD: 2966 data.channel_list_changed.type = 2967 REGDOM_TYPE_CUSTOM_WORLD; 2968 break; 2969 case NL80211_REGDOM_TYPE_INTERSECTION: 2970 data.channel_list_changed.type = 2971 REGDOM_TYPE_INTERSECTION; 2972 break; 2973 } 2974 } 2975 2976 if (tb[NL80211_ATTR_REG_ALPHA2]) { 2977 os_strlcpy(data.channel_list_changed.alpha2, 2978 nla_get_string(tb[NL80211_ATTR_REG_ALPHA2]), 2979 sizeof(data.channel_list_changed.alpha2)); 2980 wpa_printf(MSG_DEBUG, " * alpha2=%s", 2981 data.channel_list_changed.alpha2); 2982 } 2983 2984 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, &data); 2985} 2986 2987 2988static void do_process_drv_event(struct i802_bss *bss, int cmd, 2989 struct nlattr **tb) 2990{ 2991 struct wpa_driver_nl80211_data *drv = bss->drv; 2992 union wpa_event_data data; 2993 2994 wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s", 2995 cmd, nl80211_command_to_string(cmd), bss->ifname); 2996 2997 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED && 2998 (cmd == NL80211_CMD_NEW_SCAN_RESULTS || 2999 cmd == NL80211_CMD_SCAN_ABORTED)) { 3000 wpa_driver_nl80211_set_mode(drv->first_bss, 3001 drv->ap_scan_as_station); 3002 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 3003 } 3004 3005 switch (cmd) { 3006 case NL80211_CMD_TRIGGER_SCAN: 3007 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan trigger"); 3008 drv->scan_state = SCAN_STARTED; 3009 if (drv->scan_for_auth) { 3010 /* 3011 * Cannot indicate EVENT_SCAN_STARTED here since we skip 3012 * EVENT_SCAN_RESULTS in scan_for_auth case and the 3013 * upper layer implementation could get confused about 3014 * scanning state. 3015 */ 3016 wpa_printf(MSG_DEBUG, "nl80211: Do not indicate scan-start event due to internal scan_for_auth"); 3017 break; 3018 } 3019 wpa_supplicant_event(drv->ctx, EVENT_SCAN_STARTED, NULL); 3020 break; 3021 case NL80211_CMD_START_SCHED_SCAN: 3022 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan started"); 3023 drv->scan_state = SCHED_SCAN_STARTED; 3024 break; 3025 case NL80211_CMD_SCHED_SCAN_STOPPED: 3026 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan stopped"); 3027 drv->scan_state = SCHED_SCAN_STOPPED; 3028 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL); 3029 break; 3030 case NL80211_CMD_NEW_SCAN_RESULTS: 3031 wpa_dbg(drv->ctx, MSG_DEBUG, 3032 "nl80211: New scan results available"); 3033 drv->scan_state = SCAN_COMPLETED; 3034 drv->scan_complete_events = 1; 3035 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 3036 drv->ctx); 3037 send_scan_event(drv, 0, tb); 3038 break; 3039 case NL80211_CMD_SCHED_SCAN_RESULTS: 3040 wpa_dbg(drv->ctx, MSG_DEBUG, 3041 "nl80211: New sched scan results available"); 3042 drv->scan_state = SCHED_SCAN_RESULTS; 3043 send_scan_event(drv, 0, tb); 3044 break; 3045 case NL80211_CMD_SCAN_ABORTED: 3046 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan aborted"); 3047 drv->scan_state = SCAN_ABORTED; 3048 /* 3049 * Need to indicate that scan results are available in order 3050 * not to make wpa_supplicant stop its scanning. 3051 */ 3052 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 3053 drv->ctx); 3054 send_scan_event(drv, 1, tb); 3055 break; 3056 case NL80211_CMD_AUTHENTICATE: 3057 case NL80211_CMD_ASSOCIATE: 3058 case NL80211_CMD_DEAUTHENTICATE: 3059 case NL80211_CMD_DISASSOCIATE: 3060 case NL80211_CMD_FRAME_TX_STATUS: 3061 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 3062 case NL80211_CMD_UNPROT_DISASSOCIATE: 3063 mlme_event(bss, cmd, tb[NL80211_ATTR_FRAME], 3064 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 3065 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 3066 tb[NL80211_ATTR_COOKIE], 3067 tb[NL80211_ATTR_RX_SIGNAL_DBM]); 3068 break; 3069 case NL80211_CMD_CONNECT: 3070 case NL80211_CMD_ROAM: 3071 mlme_event_connect(drv, cmd, 3072 tb[NL80211_ATTR_STATUS_CODE], 3073 tb[NL80211_ATTR_MAC], 3074 tb[NL80211_ATTR_REQ_IE], 3075 tb[NL80211_ATTR_RESP_IE]); 3076 break; 3077 case NL80211_CMD_CH_SWITCH_NOTIFY: 3078 mlme_event_ch_switch(drv, 3079 tb[NL80211_ATTR_IFINDEX], 3080 tb[NL80211_ATTR_WIPHY_FREQ], 3081 tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE], 3082 tb[NL80211_ATTR_CHANNEL_WIDTH], 3083 tb[NL80211_ATTR_CENTER_FREQ1], 3084 tb[NL80211_ATTR_CENTER_FREQ2]); 3085 break; 3086 case NL80211_CMD_DISCONNECT: 3087 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE], 3088 tb[NL80211_ATTR_MAC], 3089 tb[NL80211_ATTR_DISCONNECTED_BY_AP]); 3090 break; 3091 case NL80211_CMD_MICHAEL_MIC_FAILURE: 3092 mlme_event_michael_mic_failure(bss, tb); 3093 break; 3094 case NL80211_CMD_JOIN_IBSS: 3095 mlme_event_join_ibss(drv, tb); 3096 break; 3097 case NL80211_CMD_REMAIN_ON_CHANNEL: 3098 mlme_event_remain_on_channel(drv, 0, tb); 3099 break; 3100 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 3101 mlme_event_remain_on_channel(drv, 1, tb); 3102 break; 3103 case NL80211_CMD_NOTIFY_CQM: 3104 nl80211_cqm_event(drv, tb); 3105 break; 3106 case NL80211_CMD_REG_CHANGE: 3107 nl80211_reg_change_event(drv, tb); 3108 break; 3109 case NL80211_CMD_REG_BEACON_HINT: 3110 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 3111 os_memset(&data, 0, sizeof(data)); 3112 data.channel_list_changed.initiator = REGDOM_BEACON_HINT; 3113 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 3114 &data); 3115 break; 3116 case NL80211_CMD_NEW_STATION: 3117 nl80211_new_station_event(drv, tb); 3118 break; 3119 case NL80211_CMD_DEL_STATION: 3120 nl80211_del_station_event(drv, tb); 3121 break; 3122 case NL80211_CMD_SET_REKEY_OFFLOAD: 3123 nl80211_rekey_offload_event(drv, tb); 3124 break; 3125 case NL80211_CMD_PMKSA_CANDIDATE: 3126 nl80211_pmksa_candidate_event(drv, tb); 3127 break; 3128 case NL80211_CMD_PROBE_CLIENT: 3129 nl80211_client_probe_event(drv, tb); 3130 break; 3131 case NL80211_CMD_TDLS_OPER: 3132 nl80211_tdls_oper_event(drv, tb); 3133 break; 3134 case NL80211_CMD_CONN_FAILED: 3135 nl80211_connect_failed_event(drv, tb); 3136 break; 3137 case NL80211_CMD_FT_EVENT: 3138 mlme_event_ft_event(drv, tb); 3139 break; 3140 case NL80211_CMD_RADAR_DETECT: 3141 nl80211_radar_event(drv, tb); 3142 break; 3143 case NL80211_CMD_STOP_AP: 3144 nl80211_stop_ap(drv, tb); 3145 break; 3146 case NL80211_CMD_VENDOR: 3147 nl80211_vendor_event(drv, tb); 3148 break; 3149 default: 3150 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event " 3151 "(cmd=%d)", cmd); 3152 break; 3153 } 3154} 3155 3156 3157static int process_drv_event(struct nl_msg *msg, void *arg) 3158{ 3159 struct wpa_driver_nl80211_data *drv = arg; 3160 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3161 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3162 struct i802_bss *bss; 3163 int ifidx = -1; 3164 3165 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3166 genlmsg_attrlen(gnlh, 0), NULL); 3167 3168 if (tb[NL80211_ATTR_IFINDEX]) { 3169 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 3170 3171 for (bss = drv->first_bss; bss; bss = bss->next) 3172 if (ifidx == -1 || ifidx == bss->ifindex) { 3173 do_process_drv_event(bss, gnlh->cmd, tb); 3174 return NL_SKIP; 3175 } 3176 wpa_printf(MSG_DEBUG, 3177 "nl80211: Ignored event (cmd=%d) for foreign interface (ifindex %d)", 3178 gnlh->cmd, ifidx); 3179 } else if (tb[NL80211_ATTR_WDEV]) { 3180 u64 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 3181 wpa_printf(MSG_DEBUG, "nl80211: Process event on P2P device"); 3182 for (bss = drv->first_bss; bss; bss = bss->next) { 3183 if (bss->wdev_id_set && wdev_id == bss->wdev_id) { 3184 do_process_drv_event(bss, gnlh->cmd, tb); 3185 return NL_SKIP; 3186 } 3187 } 3188 wpa_printf(MSG_DEBUG, 3189 "nl80211: Ignored event (cmd=%d) for foreign interface (wdev 0x%llx)", 3190 gnlh->cmd, (long long unsigned int) wdev_id); 3191 } 3192 3193 return NL_SKIP; 3194} 3195 3196 3197static int process_global_event(struct nl_msg *msg, void *arg) 3198{ 3199 struct nl80211_global *global = arg; 3200 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3201 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3202 struct wpa_driver_nl80211_data *drv, *tmp; 3203 int ifidx = -1; 3204 struct i802_bss *bss; 3205 u64 wdev_id = 0; 3206 int wdev_id_set = 0; 3207 3208 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3209 genlmsg_attrlen(gnlh, 0), NULL); 3210 3211 if (tb[NL80211_ATTR_IFINDEX]) 3212 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 3213 else if (tb[NL80211_ATTR_WDEV]) { 3214 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 3215 wdev_id_set = 1; 3216 } 3217 3218 dl_list_for_each_safe(drv, tmp, &global->interfaces, 3219 struct wpa_driver_nl80211_data, list) { 3220 for (bss = drv->first_bss; bss; bss = bss->next) { 3221 if ((ifidx == -1 && !wdev_id_set) || 3222 ifidx == bss->ifindex || 3223 (wdev_id_set && bss->wdev_id_set && 3224 wdev_id == bss->wdev_id)) { 3225 do_process_drv_event(bss, gnlh->cmd, tb); 3226 return NL_SKIP; 3227 } 3228 } 3229 } 3230 3231 return NL_SKIP; 3232} 3233 3234 3235static int process_bss_event(struct nl_msg *msg, void *arg) 3236{ 3237 struct i802_bss *bss = arg; 3238 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3239 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3240 3241 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3242 genlmsg_attrlen(gnlh, 0), NULL); 3243 3244 wpa_printf(MSG_DEBUG, "nl80211: BSS Event %d (%s) received for %s", 3245 gnlh->cmd, nl80211_command_to_string(gnlh->cmd), 3246 bss->ifname); 3247 3248 switch (gnlh->cmd) { 3249 case NL80211_CMD_FRAME: 3250 case NL80211_CMD_FRAME_TX_STATUS: 3251 mlme_event(bss, gnlh->cmd, tb[NL80211_ATTR_FRAME], 3252 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 3253 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 3254 tb[NL80211_ATTR_COOKIE], 3255 tb[NL80211_ATTR_RX_SIGNAL_DBM]); 3256 break; 3257 case NL80211_CMD_UNEXPECTED_FRAME: 3258 nl80211_spurious_frame(bss, tb, 0); 3259 break; 3260 case NL80211_CMD_UNEXPECTED_4ADDR_FRAME: 3261 nl80211_spurious_frame(bss, tb, 1); 3262 break; 3263 default: 3264 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 3265 "(cmd=%d)", gnlh->cmd); 3266 break; 3267 } 3268 3269 return NL_SKIP; 3270} 3271 3272 3273static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 3274 void *handle) 3275{ 3276 struct nl_cb *cb = eloop_ctx; 3277 int res; 3278 3279 wpa_printf(MSG_MSGDUMP, "nl80211: Event message available"); 3280 3281 res = nl_recvmsgs(handle, cb); 3282 if (res < 0) { 3283 wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d", 3284 __func__, res); 3285 } 3286} 3287 3288 3289/** 3290 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 3291 * @priv: driver_nl80211 private data 3292 * @alpha2_arg: country to which to switch to 3293 * Returns: 0 on success, -1 on failure 3294 * 3295 * This asks nl80211 to set the regulatory domain for given 3296 * country ISO / IEC alpha2. 3297 */ 3298static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 3299{ 3300 struct i802_bss *bss = priv; 3301 struct wpa_driver_nl80211_data *drv = bss->drv; 3302 char alpha2[3]; 3303 struct nl_msg *msg; 3304 3305 msg = nlmsg_alloc(); 3306 if (!msg) 3307 return -ENOMEM; 3308 3309 alpha2[0] = alpha2_arg[0]; 3310 alpha2[1] = alpha2_arg[1]; 3311 alpha2[2] = '\0'; 3312 3313 nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG); 3314 3315 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 3316 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 3317 return -EINVAL; 3318 return 0; 3319nla_put_failure: 3320 nlmsg_free(msg); 3321 return -EINVAL; 3322} 3323 3324 3325static int nl80211_get_country(struct nl_msg *msg, void *arg) 3326{ 3327 char *alpha2 = arg; 3328 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3329 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3330 3331 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3332 genlmsg_attrlen(gnlh, 0), NULL); 3333 if (!tb_msg[NL80211_ATTR_REG_ALPHA2]) { 3334 wpa_printf(MSG_DEBUG, "nl80211: No country information available"); 3335 return NL_SKIP; 3336 } 3337 os_strlcpy(alpha2, nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 3); 3338 return NL_SKIP; 3339} 3340 3341 3342static int wpa_driver_nl80211_get_country(void *priv, char *alpha2) 3343{ 3344 struct i802_bss *bss = priv; 3345 struct wpa_driver_nl80211_data *drv = bss->drv; 3346 struct nl_msg *msg; 3347 int ret; 3348 3349 msg = nlmsg_alloc(); 3350 if (!msg) 3351 return -ENOMEM; 3352 3353 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 3354 alpha2[0] = '\0'; 3355 ret = send_and_recv_msgs(drv, msg, nl80211_get_country, alpha2); 3356 if (!alpha2[0]) 3357 ret = -1; 3358 3359 return ret; 3360} 3361 3362 3363static int protocol_feature_handler(struct nl_msg *msg, void *arg) 3364{ 3365 u32 *feat = arg; 3366 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3367 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3368 3369 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3370 genlmsg_attrlen(gnlh, 0), NULL); 3371 3372 if (tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]) 3373 *feat = nla_get_u32(tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]); 3374 3375 return NL_SKIP; 3376} 3377 3378 3379static u32 get_nl80211_protocol_features(struct wpa_driver_nl80211_data *drv) 3380{ 3381 u32 feat = 0; 3382 struct nl_msg *msg; 3383 3384 msg = nlmsg_alloc(); 3385 if (!msg) 3386 goto nla_put_failure; 3387 3388 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_PROTOCOL_FEATURES); 3389 if (send_and_recv_msgs(drv, msg, protocol_feature_handler, &feat) == 0) 3390 return feat; 3391 3392 msg = NULL; 3393nla_put_failure: 3394 nlmsg_free(msg); 3395 return 0; 3396} 3397 3398 3399struct wiphy_info_data { 3400 struct wpa_driver_nl80211_data *drv; 3401 struct wpa_driver_capa *capa; 3402 3403 unsigned int num_multichan_concurrent; 3404 3405 unsigned int error:1; 3406 unsigned int device_ap_sme:1; 3407 unsigned int poll_command_supported:1; 3408 unsigned int data_tx_status:1; 3409 unsigned int monitor_supported:1; 3410 unsigned int auth_supported:1; 3411 unsigned int connect_supported:1; 3412 unsigned int p2p_go_supported:1; 3413 unsigned int p2p_client_supported:1; 3414 unsigned int p2p_concurrent:1; 3415 unsigned int channel_switch_supported:1; 3416 unsigned int set_qos_map_supported:1; 3417 unsigned int have_low_prio_scan:1; 3418}; 3419 3420 3421static unsigned int probe_resp_offload_support(int supp_protocols) 3422{ 3423 unsigned int prot = 0; 3424 3425 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS) 3426 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS; 3427 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2) 3428 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2; 3429 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P) 3430 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P; 3431 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U) 3432 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING; 3433 3434 return prot; 3435} 3436 3437 3438static void wiphy_info_supported_iftypes(struct wiphy_info_data *info, 3439 struct nlattr *tb) 3440{ 3441 struct nlattr *nl_mode; 3442 int i; 3443 3444 if (tb == NULL) 3445 return; 3446 3447 nla_for_each_nested(nl_mode, tb, i) { 3448 switch (nla_type(nl_mode)) { 3449 case NL80211_IFTYPE_AP: 3450 info->capa->flags |= WPA_DRIVER_FLAGS_AP; 3451 break; 3452 case NL80211_IFTYPE_ADHOC: 3453 info->capa->flags |= WPA_DRIVER_FLAGS_IBSS; 3454 break; 3455 case NL80211_IFTYPE_P2P_DEVICE: 3456 info->capa->flags |= 3457 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE; 3458 break; 3459 case NL80211_IFTYPE_P2P_GO: 3460 info->p2p_go_supported = 1; 3461 break; 3462 case NL80211_IFTYPE_P2P_CLIENT: 3463 info->p2p_client_supported = 1; 3464 break; 3465 case NL80211_IFTYPE_MONITOR: 3466 info->monitor_supported = 1; 3467 break; 3468 } 3469 } 3470} 3471 3472 3473static int wiphy_info_iface_comb_process(struct wiphy_info_data *info, 3474 struct nlattr *nl_combi) 3475{ 3476 struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB]; 3477 struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT]; 3478 struct nlattr *nl_limit, *nl_mode; 3479 int err, rem_limit, rem_mode; 3480 int combination_has_p2p = 0, combination_has_mgd = 0; 3481 static struct nla_policy 3482 iface_combination_policy[NUM_NL80211_IFACE_COMB] = { 3483 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED }, 3484 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 }, 3485 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG }, 3486 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 }, 3487 [NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS] = { .type = NLA_U32 }, 3488 }, 3489 iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = { 3490 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED }, 3491 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 }, 3492 }; 3493 3494 err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB, 3495 nl_combi, iface_combination_policy); 3496 if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] || 3497 !tb_comb[NL80211_IFACE_COMB_MAXNUM] || 3498 !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]) 3499 return 0; /* broken combination */ 3500 3501 if (tb_comb[NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS]) 3502 info->capa->flags |= WPA_DRIVER_FLAGS_RADAR; 3503 3504 nla_for_each_nested(nl_limit, tb_comb[NL80211_IFACE_COMB_LIMITS], 3505 rem_limit) { 3506 err = nla_parse_nested(tb_limit, MAX_NL80211_IFACE_LIMIT, 3507 nl_limit, iface_limit_policy); 3508 if (err || !tb_limit[NL80211_IFACE_LIMIT_TYPES]) 3509 return 0; /* broken combination */ 3510 3511 nla_for_each_nested(nl_mode, 3512 tb_limit[NL80211_IFACE_LIMIT_TYPES], 3513 rem_mode) { 3514 int ift = nla_type(nl_mode); 3515 if (ift == NL80211_IFTYPE_P2P_GO || 3516 ift == NL80211_IFTYPE_P2P_CLIENT) 3517 combination_has_p2p = 1; 3518 if (ift == NL80211_IFTYPE_STATION) 3519 combination_has_mgd = 1; 3520 } 3521 if (combination_has_p2p && combination_has_mgd) 3522 break; 3523 } 3524 3525 if (combination_has_p2p && combination_has_mgd) { 3526 unsigned int num_channels = 3527 nla_get_u32(tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]); 3528 3529 info->p2p_concurrent = 1; 3530 if (info->num_multichan_concurrent < num_channels) 3531 info->num_multichan_concurrent = num_channels; 3532 } 3533 3534 return 0; 3535} 3536 3537 3538static void wiphy_info_iface_comb(struct wiphy_info_data *info, 3539 struct nlattr *tb) 3540{ 3541 struct nlattr *nl_combi; 3542 int rem_combi; 3543 3544 if (tb == NULL) 3545 return; 3546 3547 nla_for_each_nested(nl_combi, tb, rem_combi) { 3548 if (wiphy_info_iface_comb_process(info, nl_combi) > 0) 3549 break; 3550 } 3551} 3552 3553 3554static void wiphy_info_supp_cmds(struct wiphy_info_data *info, 3555 struct nlattr *tb) 3556{ 3557 struct nlattr *nl_cmd; 3558 int i; 3559 3560 if (tb == NULL) 3561 return; 3562 3563 nla_for_each_nested(nl_cmd, tb, i) { 3564 switch (nla_get_u32(nl_cmd)) { 3565 case NL80211_CMD_AUTHENTICATE: 3566 info->auth_supported = 1; 3567 break; 3568 case NL80211_CMD_CONNECT: 3569 info->connect_supported = 1; 3570 break; 3571 case NL80211_CMD_START_SCHED_SCAN: 3572 info->capa->sched_scan_supported = 1; 3573 break; 3574 case NL80211_CMD_PROBE_CLIENT: 3575 info->poll_command_supported = 1; 3576 break; 3577 case NL80211_CMD_CHANNEL_SWITCH: 3578 info->channel_switch_supported = 1; 3579 break; 3580 case NL80211_CMD_SET_QOS_MAP: 3581 info->set_qos_map_supported = 1; 3582 break; 3583 } 3584 } 3585} 3586 3587 3588static void wiphy_info_cipher_suites(struct wiphy_info_data *info, 3589 struct nlattr *tb) 3590{ 3591 int i, num; 3592 u32 *ciphers; 3593 3594 if (tb == NULL) 3595 return; 3596 3597 num = nla_len(tb) / sizeof(u32); 3598 ciphers = nla_data(tb); 3599 for (i = 0; i < num; i++) { 3600 u32 c = ciphers[i]; 3601 3602 wpa_printf(MSG_DEBUG, "nl80211: Supported cipher %02x-%02x-%02x:%d", 3603 c >> 24, (c >> 16) & 0xff, 3604 (c >> 8) & 0xff, c & 0xff); 3605 switch (c) { 3606 case WLAN_CIPHER_SUITE_CCMP_256: 3607 info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP_256; 3608 break; 3609 case WLAN_CIPHER_SUITE_GCMP_256: 3610 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP_256; 3611 break; 3612 case WLAN_CIPHER_SUITE_CCMP: 3613 info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP; 3614 break; 3615 case WLAN_CIPHER_SUITE_GCMP: 3616 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP; 3617 break; 3618 case WLAN_CIPHER_SUITE_TKIP: 3619 info->capa->enc |= WPA_DRIVER_CAPA_ENC_TKIP; 3620 break; 3621 case WLAN_CIPHER_SUITE_WEP104: 3622 info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP104; 3623 break; 3624 case WLAN_CIPHER_SUITE_WEP40: 3625 info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP40; 3626 break; 3627 case WLAN_CIPHER_SUITE_AES_CMAC: 3628 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP; 3629 break; 3630 case WLAN_CIPHER_SUITE_BIP_GMAC_128: 3631 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_128; 3632 break; 3633 case WLAN_CIPHER_SUITE_BIP_GMAC_256: 3634 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_256; 3635 break; 3636 case WLAN_CIPHER_SUITE_BIP_CMAC_256: 3637 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_CMAC_256; 3638 break; 3639 case WLAN_CIPHER_SUITE_NO_GROUP_ADDR: 3640 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GTK_NOT_USED; 3641 break; 3642 } 3643 } 3644} 3645 3646 3647static void wiphy_info_max_roc(struct wpa_driver_capa *capa, 3648 struct nlattr *tb) 3649{ 3650 if (tb) 3651 capa->max_remain_on_chan = nla_get_u32(tb); 3652} 3653 3654 3655static void wiphy_info_tdls(struct wpa_driver_capa *capa, struct nlattr *tdls, 3656 struct nlattr *ext_setup) 3657{ 3658 if (tdls == NULL) 3659 return; 3660 3661 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported"); 3662 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT; 3663 3664 if (ext_setup) { 3665 wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup"); 3666 capa->flags |= WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP; 3667 } 3668} 3669 3670 3671static void wiphy_info_feature_flags(struct wiphy_info_data *info, 3672 struct nlattr *tb) 3673{ 3674 u32 flags; 3675 struct wpa_driver_capa *capa = info->capa; 3676 3677 if (tb == NULL) 3678 return; 3679 3680 flags = nla_get_u32(tb); 3681 3682 if (flags & NL80211_FEATURE_SK_TX_STATUS) 3683 info->data_tx_status = 1; 3684 3685 if (flags & NL80211_FEATURE_INACTIVITY_TIMER) 3686 capa->flags |= WPA_DRIVER_FLAGS_INACTIVITY_TIMER; 3687 3688 if (flags & NL80211_FEATURE_SAE) 3689 capa->flags |= WPA_DRIVER_FLAGS_SAE; 3690 3691 if (flags & NL80211_FEATURE_NEED_OBSS_SCAN) 3692 capa->flags |= WPA_DRIVER_FLAGS_OBSS_SCAN; 3693 3694 if (flags & NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE) 3695 capa->flags |= WPA_DRIVER_FLAGS_HT_2040_COEX; 3696 3697 if (flags & NL80211_FEATURE_LOW_PRIORITY_SCAN) 3698 info->have_low_prio_scan = 1; 3699} 3700 3701 3702static void wiphy_info_probe_resp_offload(struct wpa_driver_capa *capa, 3703 struct nlattr *tb) 3704{ 3705 u32 protocols; 3706 3707 if (tb == NULL) 3708 return; 3709 3710 protocols = nla_get_u32(tb); 3711 wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response offload in AP " 3712 "mode"); 3713 capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD; 3714 capa->probe_resp_offloads = probe_resp_offload_support(protocols); 3715} 3716 3717 3718static void wiphy_info_wowlan_triggers(struct wpa_driver_capa *capa, 3719 struct nlattr *tb) 3720{ 3721 struct nlattr *triggers[MAX_NL80211_WOWLAN_TRIG + 1]; 3722 3723 if (tb == NULL) 3724 return; 3725 3726 if (nla_parse_nested(triggers, MAX_NL80211_WOWLAN_TRIG, 3727 tb, NULL)) 3728 return; 3729 3730 if (triggers[NL80211_WOWLAN_TRIG_ANY]) 3731 capa->wowlan_triggers.any = 1; 3732 if (triggers[NL80211_WOWLAN_TRIG_DISCONNECT]) 3733 capa->wowlan_triggers.disconnect = 1; 3734 if (triggers[NL80211_WOWLAN_TRIG_MAGIC_PKT]) 3735 capa->wowlan_triggers.magic_pkt = 1; 3736 if (triggers[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) 3737 capa->wowlan_triggers.gtk_rekey_failure = 1; 3738 if (triggers[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) 3739 capa->wowlan_triggers.eap_identity_req = 1; 3740 if (triggers[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) 3741 capa->wowlan_triggers.four_way_handshake = 1; 3742 if (triggers[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) 3743 capa->wowlan_triggers.rfkill_release = 1; 3744} 3745 3746 3747static int wiphy_info_handler(struct nl_msg *msg, void *arg) 3748{ 3749 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3750 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3751 struct wiphy_info_data *info = arg; 3752 struct wpa_driver_capa *capa = info->capa; 3753 struct wpa_driver_nl80211_data *drv = info->drv; 3754 3755 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3756 genlmsg_attrlen(gnlh, 0), NULL); 3757 3758 if (tb[NL80211_ATTR_WIPHY_NAME]) 3759 os_strlcpy(drv->phyname, 3760 nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]), 3761 sizeof(drv->phyname)); 3762 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 3763 capa->max_scan_ssids = 3764 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 3765 3766 if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]) 3767 capa->max_sched_scan_ssids = 3768 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]); 3769 3770 if (tb[NL80211_ATTR_MAX_MATCH_SETS]) 3771 capa->max_match_sets = 3772 nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]); 3773 3774 if (tb[NL80211_ATTR_MAC_ACL_MAX]) 3775 capa->max_acl_mac_addrs = 3776 nla_get_u8(tb[NL80211_ATTR_MAC_ACL_MAX]); 3777 3778 wiphy_info_supported_iftypes(info, tb[NL80211_ATTR_SUPPORTED_IFTYPES]); 3779 wiphy_info_iface_comb(info, tb[NL80211_ATTR_INTERFACE_COMBINATIONS]); 3780 wiphy_info_supp_cmds(info, tb[NL80211_ATTR_SUPPORTED_COMMANDS]); 3781 wiphy_info_cipher_suites(info, tb[NL80211_ATTR_CIPHER_SUITES]); 3782 3783 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) { 3784 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based " 3785 "off-channel TX"); 3786 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 3787 } 3788 3789 if (tb[NL80211_ATTR_ROAM_SUPPORT]) { 3790 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming"); 3791 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION; 3792 } 3793 3794 wiphy_info_max_roc(capa, 3795 tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]); 3796 3797 if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD]) 3798 capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD; 3799 3800 wiphy_info_tdls(capa, tb[NL80211_ATTR_TDLS_SUPPORT], 3801 tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]); 3802 3803 if (tb[NL80211_ATTR_DEVICE_AP_SME]) 3804 info->device_ap_sme = 1; 3805 3806 wiphy_info_feature_flags(info, tb[NL80211_ATTR_FEATURE_FLAGS]); 3807 wiphy_info_probe_resp_offload(capa, 3808 tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]); 3809 3810 if (tb[NL80211_ATTR_EXT_CAPA] && tb[NL80211_ATTR_EXT_CAPA_MASK] && 3811 drv->extended_capa == NULL) { 3812 drv->extended_capa = 3813 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3814 if (drv->extended_capa) { 3815 os_memcpy(drv->extended_capa, 3816 nla_data(tb[NL80211_ATTR_EXT_CAPA]), 3817 nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3818 drv->extended_capa_len = 3819 nla_len(tb[NL80211_ATTR_EXT_CAPA]); 3820 } 3821 drv->extended_capa_mask = 3822 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3823 if (drv->extended_capa_mask) { 3824 os_memcpy(drv->extended_capa_mask, 3825 nla_data(tb[NL80211_ATTR_EXT_CAPA]), 3826 nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3827 } else { 3828 os_free(drv->extended_capa); 3829 drv->extended_capa = NULL; 3830 drv->extended_capa_len = 0; 3831 } 3832 } 3833 3834 if (tb[NL80211_ATTR_VENDOR_DATA]) { 3835 struct nlattr *nl; 3836 int rem; 3837 3838 nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_DATA], rem) { 3839 struct nl80211_vendor_cmd_info *vinfo; 3840 if (nla_len(nl) != sizeof(*vinfo)) { 3841 wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info"); 3842 continue; 3843 } 3844 vinfo = nla_data(nl); 3845 if (vinfo->subcmd == 3846 QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY) 3847 drv->dfs_vendor_cmd_avail = 1; 3848 3849 wpa_printf(MSG_DEBUG, "nl80211: Supported vendor command: vendor_id=0x%x subcmd=%u", 3850 vinfo->vendor_id, vinfo->subcmd); 3851 } 3852 } 3853 3854 if (tb[NL80211_ATTR_VENDOR_EVENTS]) { 3855 struct nlattr *nl; 3856 int rem; 3857 3858 nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_EVENTS], rem) { 3859 struct nl80211_vendor_cmd_info *vinfo; 3860 if (nla_len(nl) != sizeof(*vinfo)) { 3861 wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info"); 3862 continue; 3863 } 3864 vinfo = nla_data(nl); 3865 wpa_printf(MSG_DEBUG, "nl80211: Supported vendor event: vendor_id=0x%x subcmd=%u", 3866 vinfo->vendor_id, vinfo->subcmd); 3867 } 3868 } 3869 3870 wiphy_info_wowlan_triggers(capa, 3871 tb[NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED]); 3872 3873 if (tb[NL80211_ATTR_MAX_AP_ASSOC_STA]) 3874 capa->max_stations = 3875 nla_get_u32(tb[NL80211_ATTR_MAX_AP_ASSOC_STA]); 3876 3877 return NL_SKIP; 3878} 3879 3880 3881static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 3882 struct wiphy_info_data *info) 3883{ 3884 u32 feat; 3885 struct nl_msg *msg; 3886 3887 os_memset(info, 0, sizeof(*info)); 3888 info->capa = &drv->capa; 3889 info->drv = drv; 3890 3891 msg = nlmsg_alloc(); 3892 if (!msg) 3893 return -1; 3894 3895 feat = get_nl80211_protocol_features(drv); 3896 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP) 3897 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY); 3898 else 3899 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 3900 3901 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP); 3902 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 3903 goto nla_put_failure; 3904 3905 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info)) 3906 return -1; 3907 3908 if (info->auth_supported) 3909 drv->capa.flags |= WPA_DRIVER_FLAGS_SME; 3910 else if (!info->connect_supported) { 3911 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 3912 "authentication/association or connect commands"); 3913 info->error = 1; 3914 } 3915 3916 if (info->p2p_go_supported && info->p2p_client_supported) 3917 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE; 3918 if (info->p2p_concurrent) { 3919 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 3920 "interface (driver advertised support)"); 3921 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 3922 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 3923 } 3924 if (info->num_multichan_concurrent > 1) { 3925 wpa_printf(MSG_DEBUG, "nl80211: Enable multi-channel " 3926 "concurrent (driver advertised support)"); 3927 drv->capa.num_multichan_concurrent = 3928 info->num_multichan_concurrent; 3929 } 3930 3931 /* default to 5000 since early versions of mac80211 don't set it */ 3932 if (!drv->capa.max_remain_on_chan) 3933 drv->capa.max_remain_on_chan = 5000; 3934 3935 if (info->channel_switch_supported) 3936 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_CSA; 3937 3938 return 0; 3939nla_put_failure: 3940 nlmsg_free(msg); 3941 return -1; 3942} 3943 3944 3945static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 3946{ 3947 struct wiphy_info_data info; 3948 if (wpa_driver_nl80211_get_info(drv, &info)) 3949 return -1; 3950 3951 if (info.error) 3952 return -1; 3953 3954 drv->has_capability = 1; 3955 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 3956 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 3957 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 3958 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 3959 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 3960 WPA_DRIVER_AUTH_SHARED | 3961 WPA_DRIVER_AUTH_LEAP; 3962 3963 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES; 3964 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 3965 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 3966 3967 /* 3968 * As all cfg80211 drivers must support cases where the AP interface is 3969 * removed without the knowledge of wpa_supplicant/hostapd, e.g., in 3970 * case that the user space daemon has crashed, they must be able to 3971 * cleanup all stations and key entries in the AP tear down flow. Thus, 3972 * this flag can/should always be set for cfg80211 drivers. 3973 */ 3974 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_TEARDOWN_SUPPORT; 3975 3976 if (!info.device_ap_sme) { 3977 drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS; 3978 3979 /* 3980 * No AP SME is currently assumed to also indicate no AP MLME 3981 * in the driver/firmware. 3982 */ 3983 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_MLME; 3984 } 3985 3986 drv->device_ap_sme = info.device_ap_sme; 3987 drv->poll_command_supported = info.poll_command_supported; 3988 drv->data_tx_status = info.data_tx_status; 3989 if (info.set_qos_map_supported) 3990 drv->capa.flags |= WPA_DRIVER_FLAGS_QOS_MAPPING; 3991 drv->have_low_prio_scan = info.have_low_prio_scan; 3992 3993 /* 3994 * If poll command and tx status are supported, mac80211 is new enough 3995 * to have everything we need to not need monitor interfaces. 3996 */ 3997 drv->use_monitor = !info.poll_command_supported || !info.data_tx_status; 3998 3999 if (drv->device_ap_sme && drv->use_monitor) { 4000 /* 4001 * Non-mac80211 drivers may not support monitor interface. 4002 * Make sure we do not get stuck with incorrect capability here 4003 * by explicitly testing this. 4004 */ 4005 if (!info.monitor_supported) { 4006 wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor " 4007 "with device_ap_sme since no monitor mode " 4008 "support detected"); 4009 drv->use_monitor = 0; 4010 } 4011 } 4012 4013 /* 4014 * If we aren't going to use monitor interfaces, but the 4015 * driver doesn't support data TX status, we won't get TX 4016 * status for EAPOL frames. 4017 */ 4018 if (!drv->use_monitor && !info.data_tx_status) 4019 drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 4020 4021 return 0; 4022} 4023 4024 4025#ifdef ANDROID 4026static int android_genl_ctrl_resolve(struct nl_handle *handle, 4027 const char *name) 4028{ 4029 /* 4030 * Android ICS has very minimal genl_ctrl_resolve() implementation, so 4031 * need to work around that. 4032 */ 4033 struct nl_cache *cache = NULL; 4034 struct genl_family *nl80211 = NULL; 4035 int id = -1; 4036 4037 if (genl_ctrl_alloc_cache(handle, &cache) < 0) { 4038 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 4039 "netlink cache"); 4040 goto fail; 4041 } 4042 4043 nl80211 = genl_ctrl_search_by_name(cache, name); 4044 if (nl80211 == NULL) 4045 goto fail; 4046 4047 id = genl_family_get_id(nl80211); 4048 4049fail: 4050 if (nl80211) 4051 genl_family_put(nl80211); 4052 if (cache) 4053 nl_cache_free(cache); 4054 4055 return id; 4056} 4057#define genl_ctrl_resolve android_genl_ctrl_resolve 4058#endif /* ANDROID */ 4059 4060 4061static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global) 4062{ 4063 int ret; 4064 4065 global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 4066 if (global->nl_cb == NULL) { 4067 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 4068 "callbacks"); 4069 return -1; 4070 } 4071 4072 global->nl = nl_create_handle(global->nl_cb, "nl"); 4073 if (global->nl == NULL) 4074 goto err; 4075 4076 global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211"); 4077 if (global->nl80211_id < 0) { 4078 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 4079 "found"); 4080 goto err; 4081 } 4082 4083 global->nl_event = nl_create_handle(global->nl_cb, "event"); 4084 if (global->nl_event == NULL) 4085 goto err; 4086 4087 ret = nl_get_multicast_id(global, "nl80211", "scan"); 4088 if (ret >= 0) 4089 ret = nl_socket_add_membership(global->nl_event, ret); 4090 if (ret < 0) { 4091 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 4092 "membership for scan events: %d (%s)", 4093 ret, strerror(-ret)); 4094 goto err; 4095 } 4096 4097 ret = nl_get_multicast_id(global, "nl80211", "mlme"); 4098 if (ret >= 0) 4099 ret = nl_socket_add_membership(global->nl_event, ret); 4100 if (ret < 0) { 4101 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 4102 "membership for mlme events: %d (%s)", 4103 ret, strerror(-ret)); 4104 goto err; 4105 } 4106 4107 ret = nl_get_multicast_id(global, "nl80211", "regulatory"); 4108 if (ret >= 0) 4109 ret = nl_socket_add_membership(global->nl_event, ret); 4110 if (ret < 0) { 4111 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 4112 "membership for regulatory events: %d (%s)", 4113 ret, strerror(-ret)); 4114 /* Continue without regulatory events */ 4115 } 4116 4117 ret = nl_get_multicast_id(global, "nl80211", "vendor"); 4118 if (ret >= 0) 4119 ret = nl_socket_add_membership(global->nl_event, ret); 4120 if (ret < 0) { 4121 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 4122 "membership for vendor events: %d (%s)", 4123 ret, strerror(-ret)); 4124 /* Continue without vendor events */ 4125 } 4126 4127 nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 4128 no_seq_check, NULL); 4129 nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 4130 process_global_event, global); 4131 4132 nl80211_register_eloop_read(&global->nl_event, 4133 wpa_driver_nl80211_event_receive, 4134 global->nl_cb); 4135 4136 return 0; 4137 4138err: 4139 nl_destroy_handles(&global->nl_event); 4140 nl_destroy_handles(&global->nl); 4141 nl_cb_put(global->nl_cb); 4142 global->nl_cb = NULL; 4143 return -1; 4144} 4145 4146 4147static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) 4148{ 4149 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 4150 if (!drv->nl_cb) { 4151 wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct"); 4152 return -1; 4153 } 4154 4155 nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 4156 no_seq_check, NULL); 4157 nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 4158 process_drv_event, drv); 4159 4160 return 0; 4161} 4162 4163 4164static void wpa_driver_nl80211_rfkill_blocked(void *ctx) 4165{ 4166 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); 4167 /* 4168 * This may be for any interface; use ifdown event to disable 4169 * interface. 4170 */ 4171} 4172 4173 4174static void wpa_driver_nl80211_rfkill_unblocked(void *ctx) 4175{ 4176 struct wpa_driver_nl80211_data *drv = ctx; 4177 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked"); 4178 if (i802_set_iface_flags(drv->first_bss, 1)) { 4179 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP " 4180 "after rfkill unblock"); 4181 return; 4182 } 4183 /* rtnetlink ifup handler will report interface as enabled */ 4184} 4185 4186 4187static void wpa_driver_nl80211_handle_eapol_tx_status(int sock, 4188 void *eloop_ctx, 4189 void *handle) 4190{ 4191 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4192 u8 data[2048]; 4193 struct msghdr msg; 4194 struct iovec entry; 4195 u8 control[512]; 4196 struct cmsghdr *cmsg; 4197 int res, found_ee = 0, found_wifi = 0, acked = 0; 4198 union wpa_event_data event; 4199 4200 memset(&msg, 0, sizeof(msg)); 4201 msg.msg_iov = &entry; 4202 msg.msg_iovlen = 1; 4203 entry.iov_base = data; 4204 entry.iov_len = sizeof(data); 4205 msg.msg_control = &control; 4206 msg.msg_controllen = sizeof(control); 4207 4208 res = recvmsg(sock, &msg, MSG_ERRQUEUE); 4209 /* if error or not fitting 802.3 header, return */ 4210 if (res < 14) 4211 return; 4212 4213 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) 4214 { 4215 if (cmsg->cmsg_level == SOL_SOCKET && 4216 cmsg->cmsg_type == SCM_WIFI_STATUS) { 4217 int *ack; 4218 4219 found_wifi = 1; 4220 ack = (void *)CMSG_DATA(cmsg); 4221 acked = *ack; 4222 } 4223 4224 if (cmsg->cmsg_level == SOL_PACKET && 4225 cmsg->cmsg_type == PACKET_TX_TIMESTAMP) { 4226 struct sock_extended_err *err = 4227 (struct sock_extended_err *)CMSG_DATA(cmsg); 4228 4229 if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS) 4230 found_ee = 1; 4231 } 4232 } 4233 4234 if (!found_ee || !found_wifi) 4235 return; 4236 4237 memset(&event, 0, sizeof(event)); 4238 event.eapol_tx_status.dst = data; 4239 event.eapol_tx_status.data = data + 14; 4240 event.eapol_tx_status.data_len = res - 14; 4241 event.eapol_tx_status.ack = acked; 4242 wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event); 4243} 4244 4245 4246static int nl80211_init_bss(struct i802_bss *bss) 4247{ 4248 bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 4249 if (!bss->nl_cb) 4250 return -1; 4251 4252 nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 4253 no_seq_check, NULL); 4254 nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 4255 process_bss_event, bss); 4256 4257 return 0; 4258} 4259 4260 4261static void nl80211_destroy_bss(struct i802_bss *bss) 4262{ 4263 nl_cb_put(bss->nl_cb); 4264 bss->nl_cb = NULL; 4265} 4266 4267 4268static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname, 4269 void *global_priv, int hostapd, 4270 const u8 *set_addr) 4271{ 4272 struct wpa_driver_nl80211_data *drv; 4273 struct rfkill_config *rcfg; 4274 struct i802_bss *bss; 4275 4276 if (global_priv == NULL) 4277 return NULL; 4278 drv = os_zalloc(sizeof(*drv)); 4279 if (drv == NULL) 4280 return NULL; 4281 drv->global = global_priv; 4282 drv->ctx = ctx; 4283 drv->hostapd = !!hostapd; 4284 drv->eapol_sock = -1; 4285 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 4286 drv->if_indices = drv->default_if_indices; 4287 4288 drv->first_bss = os_zalloc(sizeof(*drv->first_bss)); 4289 if (!drv->first_bss) { 4290 os_free(drv); 4291 return NULL; 4292 } 4293 bss = drv->first_bss; 4294 bss->drv = drv; 4295 bss->ctx = ctx; 4296 4297 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 4298 drv->monitor_ifidx = -1; 4299 drv->monitor_sock = -1; 4300 drv->eapol_tx_sock = -1; 4301 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 4302 4303 if (wpa_driver_nl80211_init_nl(drv)) { 4304 os_free(drv); 4305 return NULL; 4306 } 4307 4308 if (nl80211_init_bss(bss)) 4309 goto failed; 4310 4311 rcfg = os_zalloc(sizeof(*rcfg)); 4312 if (rcfg == NULL) 4313 goto failed; 4314 rcfg->ctx = drv; 4315 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 4316 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked; 4317 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked; 4318 drv->rfkill = rfkill_init(rcfg); 4319 if (drv->rfkill == NULL) { 4320 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available"); 4321 os_free(rcfg); 4322 } 4323 4324 if (linux_iface_up(drv->global->ioctl_sock, ifname) > 0) 4325 drv->start_iface_up = 1; 4326 4327 if (wpa_driver_nl80211_finish_drv_init(drv, set_addr, 1)) 4328 goto failed; 4329 4330 drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0); 4331 if (drv->eapol_tx_sock < 0) 4332 goto failed; 4333 4334 if (drv->data_tx_status) { 4335 int enabled = 1; 4336 4337 if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS, 4338 &enabled, sizeof(enabled)) < 0) { 4339 wpa_printf(MSG_DEBUG, 4340 "nl80211: wifi status sockopt failed\n"); 4341 drv->data_tx_status = 0; 4342 if (!drv->use_monitor) 4343 drv->capa.flags &= 4344 ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 4345 } else { 4346 eloop_register_read_sock(drv->eapol_tx_sock, 4347 wpa_driver_nl80211_handle_eapol_tx_status, 4348 drv, NULL); 4349 } 4350 } 4351 4352 if (drv->global) { 4353 dl_list_add(&drv->global->interfaces, &drv->list); 4354 drv->in_interface_list = 1; 4355 } 4356 4357 return bss; 4358 4359failed: 4360 wpa_driver_nl80211_deinit(bss); 4361 return NULL; 4362} 4363 4364 4365/** 4366 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 4367 * @ctx: context to be used when calling wpa_supplicant functions, 4368 * e.g., wpa_supplicant_event() 4369 * @ifname: interface name, e.g., wlan0 4370 * @global_priv: private driver global data from global_init() 4371 * Returns: Pointer to private data, %NULL on failure 4372 */ 4373static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, 4374 void *global_priv) 4375{ 4376 return wpa_driver_nl80211_drv_init(ctx, ifname, global_priv, 0, NULL); 4377} 4378 4379 4380static int nl80211_register_frame(struct i802_bss *bss, 4381 struct nl_handle *nl_handle, 4382 u16 type, const u8 *match, size_t match_len) 4383{ 4384 struct wpa_driver_nl80211_data *drv = bss->drv; 4385 struct nl_msg *msg; 4386 int ret = -1; 4387 char buf[30]; 4388 4389 msg = nlmsg_alloc(); 4390 if (!msg) 4391 return -1; 4392 4393 buf[0] = '\0'; 4394 wpa_snprintf_hex(buf, sizeof(buf), match, match_len); 4395 wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x (%s) nl_handle=%p match=%s", 4396 type, fc2str(type), nl_handle, buf); 4397 4398 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION); 4399 4400 if (nl80211_set_iface_id(msg, bss) < 0) 4401 goto nla_put_failure; 4402 4403 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type); 4404 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 4405 4406 ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL); 4407 msg = NULL; 4408 if (ret) { 4409 wpa_printf(MSG_DEBUG, "nl80211: Register frame command " 4410 "failed (type=%u): ret=%d (%s)", 4411 type, ret, strerror(-ret)); 4412 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 4413 match, match_len); 4414 goto nla_put_failure; 4415 } 4416 ret = 0; 4417nla_put_failure: 4418 nlmsg_free(msg); 4419 return ret; 4420} 4421 4422 4423static int nl80211_alloc_mgmt_handle(struct i802_bss *bss) 4424{ 4425 struct wpa_driver_nl80211_data *drv = bss->drv; 4426 4427 if (bss->nl_mgmt) { 4428 wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting " 4429 "already on! (nl_mgmt=%p)", bss->nl_mgmt); 4430 return -1; 4431 } 4432 4433 bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt"); 4434 if (bss->nl_mgmt == NULL) 4435 return -1; 4436 4437 return 0; 4438} 4439 4440 4441static void nl80211_mgmt_handle_register_eloop(struct i802_bss *bss) 4442{ 4443 nl80211_register_eloop_read(&bss->nl_mgmt, 4444 wpa_driver_nl80211_event_receive, 4445 bss->nl_cb); 4446} 4447 4448 4449static int nl80211_register_action_frame(struct i802_bss *bss, 4450 const u8 *match, size_t match_len) 4451{ 4452 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4); 4453 return nl80211_register_frame(bss, bss->nl_mgmt, 4454 type, match, match_len); 4455} 4456 4457 4458static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss) 4459{ 4460 struct wpa_driver_nl80211_data *drv = bss->drv; 4461 int ret = 0; 4462 4463 if (nl80211_alloc_mgmt_handle(bss)) 4464 return -1; 4465 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP " 4466 "handle %p", bss->nl_mgmt); 4467 4468 if (drv->nlmode == NL80211_IFTYPE_ADHOC) { 4469 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4); 4470 4471 /* register for any AUTH message */ 4472 nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0); 4473 } 4474 4475#ifdef CONFIG_INTERWORKING 4476 /* QoS Map Configure */ 4477 if (nl80211_register_action_frame(bss, (u8 *) "\x01\x04", 2) < 0) 4478 ret = -1; 4479#endif /* CONFIG_INTERWORKING */ 4480#if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING) 4481 /* GAS Initial Request */ 4482 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0) 4483 ret = -1; 4484 /* GAS Initial Response */ 4485 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0) 4486 ret = -1; 4487 /* GAS Comeback Request */ 4488 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0) 4489 ret = -1; 4490 /* GAS Comeback Response */ 4491 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0) 4492 ret = -1; 4493 /* Protected GAS Initial Request */ 4494 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0a", 2) < 0) 4495 ret = -1; 4496 /* Protected GAS Initial Response */ 4497 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0b", 2) < 0) 4498 ret = -1; 4499 /* Protected GAS Comeback Request */ 4500 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0c", 2) < 0) 4501 ret = -1; 4502 /* Protected GAS Comeback Response */ 4503 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0d", 2) < 0) 4504 ret = -1; 4505#endif /* CONFIG_P2P || CONFIG_INTERWORKING */ 4506#ifdef CONFIG_P2P 4507 /* P2P Public Action */ 4508 if (nl80211_register_action_frame(bss, 4509 (u8 *) "\x04\x09\x50\x6f\x9a\x09", 4510 6) < 0) 4511 ret = -1; 4512 /* P2P Action */ 4513 if (nl80211_register_action_frame(bss, 4514 (u8 *) "\x7f\x50\x6f\x9a\x09", 4515 5) < 0) 4516 ret = -1; 4517#endif /* CONFIG_P2P */ 4518#ifdef CONFIG_IEEE80211W 4519 /* SA Query Response */ 4520 if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0) 4521 ret = -1; 4522#endif /* CONFIG_IEEE80211W */ 4523#ifdef CONFIG_TDLS 4524 if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) { 4525 /* TDLS Discovery Response */ 4526 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) < 4527 0) 4528 ret = -1; 4529 } 4530#endif /* CONFIG_TDLS */ 4531 4532 /* FT Action frames */ 4533 if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0) 4534 ret = -1; 4535 else 4536 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 4537 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 4538 4539 /* WNM - BSS Transition Management Request */ 4540 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0) 4541 ret = -1; 4542 /* WNM-Sleep Mode Response */ 4543 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0) 4544 ret = -1; 4545 4546#ifdef CONFIG_HS20 4547 /* WNM-Notification */ 4548 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x1a", 2) < 0) 4549 return -1; 4550#endif /* CONFIG_HS20 */ 4551 4552 nl80211_mgmt_handle_register_eloop(bss); 4553 4554 return ret; 4555} 4556 4557 4558static int nl80211_register_spurious_class3(struct i802_bss *bss) 4559{ 4560 struct wpa_driver_nl80211_data *drv = bss->drv; 4561 struct nl_msg *msg; 4562 int ret = -1; 4563 4564 msg = nlmsg_alloc(); 4565 if (!msg) 4566 return -1; 4567 4568 nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME); 4569 4570 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 4571 4572 ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL); 4573 msg = NULL; 4574 if (ret) { 4575 wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 " 4576 "failed: ret=%d (%s)", 4577 ret, strerror(-ret)); 4578 goto nla_put_failure; 4579 } 4580 ret = 0; 4581nla_put_failure: 4582 nlmsg_free(msg); 4583 return ret; 4584} 4585 4586 4587static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss) 4588{ 4589 static const int stypes[] = { 4590 WLAN_FC_STYPE_AUTH, 4591 WLAN_FC_STYPE_ASSOC_REQ, 4592 WLAN_FC_STYPE_REASSOC_REQ, 4593 WLAN_FC_STYPE_DISASSOC, 4594 WLAN_FC_STYPE_DEAUTH, 4595 WLAN_FC_STYPE_ACTION, 4596 WLAN_FC_STYPE_PROBE_REQ, 4597/* Beacon doesn't work as mac80211 doesn't currently allow 4598 * it, but it wouldn't really be the right thing anyway as 4599 * it isn't per interface ... maybe just dump the scan 4600 * results periodically for OLBC? 4601 */ 4602 /* WLAN_FC_STYPE_BEACON, */ 4603 }; 4604 unsigned int i; 4605 4606 if (nl80211_alloc_mgmt_handle(bss)) 4607 return -1; 4608 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 4609 "handle %p", bss->nl_mgmt); 4610 4611 for (i = 0; i < ARRAY_SIZE(stypes); i++) { 4612 if (nl80211_register_frame(bss, bss->nl_mgmt, 4613 (WLAN_FC_TYPE_MGMT << 2) | 4614 (stypes[i] << 4), 4615 NULL, 0) < 0) { 4616 goto out_err; 4617 } 4618 } 4619 4620 if (nl80211_register_spurious_class3(bss)) 4621 goto out_err; 4622 4623 if (nl80211_get_wiphy_data_ap(bss) == NULL) 4624 goto out_err; 4625 4626 nl80211_mgmt_handle_register_eloop(bss); 4627 return 0; 4628 4629out_err: 4630 nl_destroy_handles(&bss->nl_mgmt); 4631 return -1; 4632} 4633 4634 4635static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss) 4636{ 4637 if (nl80211_alloc_mgmt_handle(bss)) 4638 return -1; 4639 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 4640 "handle %p (device SME)", bss->nl_mgmt); 4641 4642 if (nl80211_register_frame(bss, bss->nl_mgmt, 4643 (WLAN_FC_TYPE_MGMT << 2) | 4644 (WLAN_FC_STYPE_ACTION << 4), 4645 NULL, 0) < 0) 4646 goto out_err; 4647 4648 nl80211_mgmt_handle_register_eloop(bss); 4649 return 0; 4650 4651out_err: 4652 nl_destroy_handles(&bss->nl_mgmt); 4653 return -1; 4654} 4655 4656 4657static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason) 4658{ 4659 if (bss->nl_mgmt == NULL) 4660 return; 4661 wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p " 4662 "(%s)", bss->nl_mgmt, reason); 4663 nl80211_destroy_eloop_handle(&bss->nl_mgmt); 4664 4665 nl80211_put_wiphy_data_ap(bss); 4666} 4667 4668 4669static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx) 4670{ 4671 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 4672} 4673 4674 4675static void nl80211_del_p2pdev(struct i802_bss *bss) 4676{ 4677 struct wpa_driver_nl80211_data *drv = bss->drv; 4678 struct nl_msg *msg; 4679 int ret; 4680 4681 msg = nlmsg_alloc(); 4682 if (!msg) 4683 return; 4684 4685 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 4686 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 4687 4688 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4689 msg = NULL; 4690 4691 wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s", 4692 bss->ifname, (long long unsigned int) bss->wdev_id, 4693 strerror(-ret)); 4694 4695nla_put_failure: 4696 nlmsg_free(msg); 4697} 4698 4699 4700static int nl80211_set_p2pdev(struct i802_bss *bss, int start) 4701{ 4702 struct wpa_driver_nl80211_data *drv = bss->drv; 4703 struct nl_msg *msg; 4704 int ret = -1; 4705 4706 msg = nlmsg_alloc(); 4707 if (!msg) 4708 return -1; 4709 4710 if (start) 4711 nl80211_cmd(drv, msg, 0, NL80211_CMD_START_P2P_DEVICE); 4712 else 4713 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_P2P_DEVICE); 4714 4715 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 4716 4717 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4718 msg = NULL; 4719 4720 wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s", 4721 start ? "Start" : "Stop", 4722 bss->ifname, (long long unsigned int) bss->wdev_id, 4723 strerror(-ret)); 4724 4725nla_put_failure: 4726 nlmsg_free(msg); 4727 return ret; 4728} 4729 4730 4731static int i802_set_iface_flags(struct i802_bss *bss, int up) 4732{ 4733 enum nl80211_iftype nlmode; 4734 4735 nlmode = nl80211_get_ifmode(bss); 4736 if (nlmode != NL80211_IFTYPE_P2P_DEVICE) { 4737 return linux_set_iface_flags(bss->drv->global->ioctl_sock, 4738 bss->ifname, up); 4739 } 4740 4741 /* P2P Device has start/stop which is equivalent */ 4742 return nl80211_set_p2pdev(bss, up); 4743} 4744 4745 4746static int 4747wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv, 4748 const u8 *set_addr, int first) 4749{ 4750 struct i802_bss *bss = drv->first_bss; 4751 int send_rfkill_event = 0; 4752 enum nl80211_iftype nlmode; 4753 4754 drv->ifindex = if_nametoindex(bss->ifname); 4755 bss->ifindex = drv->ifindex; 4756 bss->wdev_id = drv->global->if_add_wdevid; 4757 bss->wdev_id_set = drv->global->if_add_wdevid_set; 4758 4759 bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex; 4760 bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set; 4761 drv->global->if_add_wdevid_set = 0; 4762 4763 if (wpa_driver_nl80211_capa(drv)) 4764 return -1; 4765 4766 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s", 4767 bss->ifname, drv->phyname); 4768 4769 if (set_addr && 4770 (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) || 4771 linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 4772 set_addr))) 4773 return -1; 4774 4775 if (first && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP) 4776 drv->start_mode_ap = 1; 4777 4778 if (drv->hostapd) 4779 nlmode = NL80211_IFTYPE_AP; 4780 else if (bss->if_dynamic) 4781 nlmode = nl80211_get_ifmode(bss); 4782 else 4783 nlmode = NL80211_IFTYPE_STATION; 4784 4785 if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) { 4786 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver mode"); 4787 return -1; 4788 } 4789 4790 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) 4791 nl80211_get_macaddr(bss); 4792 4793 if (!rfkill_is_blocked(drv->rfkill)) { 4794 int ret = i802_set_iface_flags(bss, 1); 4795 if (ret) { 4796 wpa_printf(MSG_ERROR, "nl80211: Could not set " 4797 "interface '%s' UP", bss->ifname); 4798 return ret; 4799 } 4800 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) 4801 return ret; 4802 } else { 4803 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable " 4804 "interface '%s' due to rfkill", bss->ifname); 4805 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) 4806 return 0; 4807 drv->if_disabled = 1; 4808 send_rfkill_event = 1; 4809 } 4810 4811 if (!drv->hostapd) 4812 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 4813 1, IF_OPER_DORMANT); 4814 4815 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 4816 bss->addr)) 4817 return -1; 4818 4819 if (send_rfkill_event) { 4820 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill, 4821 drv, drv->ctx); 4822 } 4823 4824 return 0; 4825} 4826 4827 4828static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 4829{ 4830 struct nl_msg *msg; 4831 4832 msg = nlmsg_alloc(); 4833 if (!msg) 4834 return -ENOMEM; 4835 4836 wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)", 4837 drv->ifindex); 4838 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON); 4839 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4840 4841 return send_and_recv_msgs(drv, msg, NULL, NULL); 4842 nla_put_failure: 4843 nlmsg_free(msg); 4844 return -ENOBUFS; 4845} 4846 4847 4848/** 4849 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 4850 * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init() 4851 * 4852 * Shut down driver interface and processing of driver events. Free 4853 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 4854 */ 4855static void wpa_driver_nl80211_deinit(struct i802_bss *bss) 4856{ 4857 struct wpa_driver_nl80211_data *drv = bss->drv; 4858 4859 bss->in_deinit = 1; 4860 if (drv->data_tx_status) 4861 eloop_unregister_read_sock(drv->eapol_tx_sock); 4862 if (drv->eapol_tx_sock >= 0) 4863 close(drv->eapol_tx_sock); 4864 4865 if (bss->nl_preq) 4866 wpa_driver_nl80211_probe_req_report(bss, 0); 4867 if (bss->added_if_into_bridge) { 4868 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 4869 bss->ifname) < 0) 4870 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 4871 "interface %s from bridge %s: %s", 4872 bss->ifname, bss->brname, strerror(errno)); 4873 } 4874 if (bss->added_bridge) { 4875 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 4876 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 4877 "bridge %s: %s", 4878 bss->brname, strerror(errno)); 4879 } 4880 4881 nl80211_remove_monitor_interface(drv); 4882 4883 if (is_ap_interface(drv->nlmode)) 4884 wpa_driver_nl80211_del_beacon(drv); 4885 4886 if (drv->eapol_sock >= 0) { 4887 eloop_unregister_read_sock(drv->eapol_sock); 4888 close(drv->eapol_sock); 4889 } 4890 4891 if (drv->if_indices != drv->default_if_indices) 4892 os_free(drv->if_indices); 4893 4894 if (drv->disabled_11b_rates) 4895 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 4896 4897 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0, 4898 IF_OPER_UP); 4899 eloop_cancel_timeout(wpa_driver_nl80211_send_rfkill, drv, drv->ctx); 4900 rfkill_deinit(drv->rfkill); 4901 4902 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 4903 4904 if (!drv->start_iface_up) 4905 (void) i802_set_iface_flags(bss, 0); 4906 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) { 4907 if (!drv->hostapd || !drv->start_mode_ap) 4908 wpa_driver_nl80211_set_mode(bss, 4909 NL80211_IFTYPE_STATION); 4910 nl80211_mgmt_unsubscribe(bss, "deinit"); 4911 } else { 4912 nl80211_mgmt_unsubscribe(bss, "deinit"); 4913 nl80211_del_p2pdev(bss); 4914 } 4915 nl_cb_put(drv->nl_cb); 4916 4917 nl80211_destroy_bss(drv->first_bss); 4918 4919 os_free(drv->filter_ssids); 4920 4921 os_free(drv->auth_ie); 4922 4923 if (drv->in_interface_list) 4924 dl_list_del(&drv->list); 4925 4926 os_free(drv->extended_capa); 4927 os_free(drv->extended_capa_mask); 4928 os_free(drv->first_bss); 4929 os_free(drv); 4930} 4931 4932 4933/** 4934 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 4935 * @eloop_ctx: Driver private data 4936 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 4937 * 4938 * This function can be used as registered timeout when starting a scan to 4939 * generate a scan completed event if the driver does not report this. 4940 */ 4941static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 4942{ 4943 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4944 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) { 4945 wpa_driver_nl80211_set_mode(drv->first_bss, 4946 drv->ap_scan_as_station); 4947 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 4948 } 4949 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 4950 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 4951} 4952 4953 4954static struct nl_msg * 4955nl80211_scan_common(struct wpa_driver_nl80211_data *drv, u8 cmd, 4956 struct wpa_driver_scan_params *params, u64 *wdev_id) 4957{ 4958 struct nl_msg *msg; 4959 size_t i; 4960 u32 scan_flags = 0; 4961 4962 msg = nlmsg_alloc(); 4963 if (!msg) 4964 return NULL; 4965 4966 nl80211_cmd(drv, msg, 0, cmd); 4967 4968 if (!wdev_id) 4969 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4970 else 4971 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, *wdev_id); 4972 4973 if (params->num_ssids) { 4974 struct nlattr *ssids; 4975 4976 ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 4977 if (ssids == NULL) 4978 goto fail; 4979 for (i = 0; i < params->num_ssids; i++) { 4980 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 4981 params->ssids[i].ssid, 4982 params->ssids[i].ssid_len); 4983 if (nla_put(msg, i + 1, params->ssids[i].ssid_len, 4984 params->ssids[i].ssid) < 0) 4985 goto fail; 4986 } 4987 nla_nest_end(msg, ssids); 4988 } 4989 4990 if (params->extra_ies) { 4991 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", 4992 params->extra_ies, params->extra_ies_len); 4993 if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len, 4994 params->extra_ies) < 0) 4995 goto fail; 4996 } 4997 4998 if (params->freqs) { 4999 struct nlattr *freqs; 5000 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 5001 if (freqs == NULL) 5002 goto fail; 5003 for (i = 0; params->freqs[i]; i++) { 5004 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 5005 "MHz", params->freqs[i]); 5006 if (nla_put_u32(msg, i + 1, params->freqs[i]) < 0) 5007 goto fail; 5008 } 5009 nla_nest_end(msg, freqs); 5010 } 5011 5012 os_free(drv->filter_ssids); 5013 drv->filter_ssids = params->filter_ssids; 5014 params->filter_ssids = NULL; 5015 drv->num_filter_ssids = params->num_filter_ssids; 5016 5017 if (params->only_new_results) { 5018 wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_FLUSH"); 5019 scan_flags |= NL80211_SCAN_FLAG_FLUSH; 5020 } 5021 5022 if (params->low_priority && drv->have_low_prio_scan) { 5023 wpa_printf(MSG_DEBUG, 5024 "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY"); 5025 scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY; 5026 } 5027 5028 if (scan_flags) 5029 NLA_PUT_U32(msg, NL80211_ATTR_SCAN_FLAGS, scan_flags); 5030 5031 return msg; 5032 5033fail: 5034nla_put_failure: 5035 nlmsg_free(msg); 5036 return NULL; 5037} 5038 5039 5040/** 5041 * wpa_driver_nl80211_scan - Request the driver to initiate scan 5042 * @bss: Pointer to private driver data from wpa_driver_nl80211_init() 5043 * @params: Scan parameters 5044 * Returns: 0 on success, -1 on failure 5045 */ 5046static int wpa_driver_nl80211_scan(struct i802_bss *bss, 5047 struct wpa_driver_scan_params *params) 5048{ 5049 struct wpa_driver_nl80211_data *drv = bss->drv; 5050 int ret = -1, timeout; 5051 struct nl_msg *msg = NULL; 5052 5053 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request"); 5054 drv->scan_for_auth = 0; 5055 5056 msg = nl80211_scan_common(drv, NL80211_CMD_TRIGGER_SCAN, params, 5057 bss->wdev_id_set ? &bss->wdev_id : NULL); 5058 if (!msg) 5059 return -1; 5060 5061 if (params->p2p_probe) { 5062 struct nlattr *rates; 5063 5064 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates"); 5065 5066 rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES); 5067 if (rates == NULL) 5068 goto nla_put_failure; 5069 5070 /* 5071 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates 5072 * by masking out everything else apart from the OFDM rates 6, 5073 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz 5074 * rates are left enabled. 5075 */ 5076 NLA_PUT(msg, NL80211_BAND_2GHZ, 8, 5077 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 5078 nla_nest_end(msg, rates); 5079 5080 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 5081 } 5082 5083 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5084 msg = NULL; 5085 if (ret) { 5086 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 5087 "(%s)", ret, strerror(-ret)); 5088 if (drv->hostapd && is_ap_interface(drv->nlmode)) { 5089 enum nl80211_iftype old_mode = drv->nlmode; 5090 5091 /* 5092 * mac80211 does not allow scan requests in AP mode, so 5093 * try to do this in station mode. 5094 */ 5095 if (wpa_driver_nl80211_set_mode( 5096 bss, NL80211_IFTYPE_STATION)) 5097 goto nla_put_failure; 5098 5099 if (wpa_driver_nl80211_scan(bss, params)) { 5100 wpa_driver_nl80211_set_mode(bss, drv->nlmode); 5101 goto nla_put_failure; 5102 } 5103 5104 /* Restore AP mode when processing scan results */ 5105 drv->ap_scan_as_station = old_mode; 5106 ret = 0; 5107 } else 5108 goto nla_put_failure; 5109 } 5110 5111 drv->scan_state = SCAN_REQUESTED; 5112 /* Not all drivers generate "scan completed" wireless event, so try to 5113 * read results after a timeout. */ 5114 timeout = 10; 5115 if (drv->scan_complete_events) { 5116 /* 5117 * The driver seems to deliver events to notify when scan is 5118 * complete, so use longer timeout to avoid race conditions 5119 * with scanning and following association request. 5120 */ 5121 timeout = 30; 5122 } 5123 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 5124 "seconds", ret, timeout); 5125 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 5126 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 5127 drv, drv->ctx); 5128 5129nla_put_failure: 5130 nlmsg_free(msg); 5131 return ret; 5132} 5133 5134 5135/** 5136 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan 5137 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 5138 * @params: Scan parameters 5139 * @interval: Interval between scan cycles in milliseconds 5140 * Returns: 0 on success, -1 on failure or if not supported 5141 */ 5142static int wpa_driver_nl80211_sched_scan(void *priv, 5143 struct wpa_driver_scan_params *params, 5144 u32 interval) 5145{ 5146 struct i802_bss *bss = priv; 5147 struct wpa_driver_nl80211_data *drv = bss->drv; 5148 int ret = -1; 5149 struct nl_msg *msg; 5150 size_t i; 5151 5152 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request"); 5153 5154#ifdef ANDROID 5155 if (!drv->capa.sched_scan_supported) 5156 return android_pno_start(bss, params); 5157#endif /* ANDROID */ 5158 5159 msg = nl80211_scan_common(drv, NL80211_CMD_START_SCHED_SCAN, params, 5160 bss->wdev_id_set ? &bss->wdev_id : NULL); 5161 if (!msg) 5162 goto nla_put_failure; 5163 5164 NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval); 5165 5166 if ((drv->num_filter_ssids && 5167 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) || 5168 params->filter_rssi) { 5169 struct nlattr *match_sets; 5170 match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH); 5171 if (match_sets == NULL) 5172 goto nla_put_failure; 5173 5174 for (i = 0; i < drv->num_filter_ssids; i++) { 5175 struct nlattr *match_set_ssid; 5176 wpa_hexdump_ascii(MSG_MSGDUMP, 5177 "nl80211: Sched scan filter SSID", 5178 drv->filter_ssids[i].ssid, 5179 drv->filter_ssids[i].ssid_len); 5180 5181 match_set_ssid = nla_nest_start(msg, i + 1); 5182 if (match_set_ssid == NULL) 5183 goto nla_put_failure; 5184 NLA_PUT(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID, 5185 drv->filter_ssids[i].ssid_len, 5186 drv->filter_ssids[i].ssid); 5187 if (params->filter_rssi) 5188 NLA_PUT_U32(msg, 5189 NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 5190 params->filter_rssi); 5191 5192 nla_nest_end(msg, match_set_ssid); 5193 } 5194 5195 /* 5196 * Due to backward compatibility code, newer kernels treat this 5197 * matchset (with only an RSSI filter) as the default for all 5198 * other matchsets, unless it's the only one, in which case the 5199 * matchset will actually allow all SSIDs above the RSSI. 5200 */ 5201 if (params->filter_rssi) { 5202 struct nlattr *match_set_rssi; 5203 match_set_rssi = nla_nest_start(msg, 0); 5204 if (match_set_rssi == NULL) 5205 goto nla_put_failure; 5206 NLA_PUT_U32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 5207 params->filter_rssi); 5208 wpa_printf(MSG_MSGDUMP, 5209 "nl80211: Sched scan RSSI filter %d dBm", 5210 params->filter_rssi); 5211 nla_nest_end(msg, match_set_rssi); 5212 } 5213 5214 nla_nest_end(msg, match_sets); 5215 } 5216 5217 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5218 5219 /* TODO: if we get an error here, we should fall back to normal scan */ 5220 5221 msg = NULL; 5222 if (ret) { 5223 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: " 5224 "ret=%d (%s)", ret, strerror(-ret)); 5225 goto nla_put_failure; 5226 } 5227 5228 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - " 5229 "scan interval %d msec", ret, interval); 5230 5231nla_put_failure: 5232 nlmsg_free(msg); 5233 return ret; 5234} 5235 5236 5237/** 5238 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan 5239 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 5240 * Returns: 0 on success, -1 on failure or if not supported 5241 */ 5242static int wpa_driver_nl80211_stop_sched_scan(void *priv) 5243{ 5244 struct i802_bss *bss = priv; 5245 struct wpa_driver_nl80211_data *drv = bss->drv; 5246 int ret = 0; 5247 struct nl_msg *msg; 5248 5249#ifdef ANDROID 5250 if (!drv->capa.sched_scan_supported) 5251 return android_pno_stop(bss); 5252#endif /* ANDROID */ 5253 5254 msg = nlmsg_alloc(); 5255 if (!msg) 5256 return -1; 5257 5258 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN); 5259 5260 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5261 5262 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5263 msg = NULL; 5264 if (ret) { 5265 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: " 5266 "ret=%d (%s)", ret, strerror(-ret)); 5267 goto nla_put_failure; 5268 } 5269 5270 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret); 5271 5272nla_put_failure: 5273 nlmsg_free(msg); 5274 return ret; 5275} 5276 5277 5278static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 5279{ 5280 const u8 *end, *pos; 5281 5282 if (ies == NULL) 5283 return NULL; 5284 5285 pos = ies; 5286 end = ies + ies_len; 5287 5288 while (pos + 1 < end) { 5289 if (pos + 2 + pos[1] > end) 5290 break; 5291 if (pos[0] == ie) 5292 return pos; 5293 pos += 2 + pos[1]; 5294 } 5295 5296 return NULL; 5297} 5298 5299 5300static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 5301 const u8 *ie, size_t ie_len) 5302{ 5303 const u8 *ssid; 5304 size_t i; 5305 5306 if (drv->filter_ssids == NULL) 5307 return 0; 5308 5309 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 5310 if (ssid == NULL) 5311 return 1; 5312 5313 for (i = 0; i < drv->num_filter_ssids; i++) { 5314 if (ssid[1] == drv->filter_ssids[i].ssid_len && 5315 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 5316 0) 5317 return 0; 5318 } 5319 5320 return 1; 5321} 5322 5323 5324static int bss_info_handler(struct nl_msg *msg, void *arg) 5325{ 5326 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 5327 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5328 struct nlattr *bss[NL80211_BSS_MAX + 1]; 5329 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 5330 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 5331 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 5332 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 5333 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 5334 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 5335 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 5336 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 5337 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 5338 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 5339 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 5340 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 5341 }; 5342 struct nl80211_bss_info_arg *_arg = arg; 5343 struct wpa_scan_results *res = _arg->res; 5344 struct wpa_scan_res **tmp; 5345 struct wpa_scan_res *r; 5346 const u8 *ie, *beacon_ie; 5347 size_t ie_len, beacon_ie_len; 5348 u8 *pos; 5349 size_t i; 5350 5351 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5352 genlmsg_attrlen(gnlh, 0), NULL); 5353 if (!tb[NL80211_ATTR_BSS]) 5354 return NL_SKIP; 5355 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 5356 bss_policy)) 5357 return NL_SKIP; 5358 if (bss[NL80211_BSS_STATUS]) { 5359 enum nl80211_bss_status status; 5360 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 5361 if (status == NL80211_BSS_STATUS_ASSOCIATED && 5362 bss[NL80211_BSS_FREQUENCY]) { 5363 _arg->assoc_freq = 5364 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 5365 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz", 5366 _arg->assoc_freq); 5367 } 5368 if (status == NL80211_BSS_STATUS_IBSS_JOINED && 5369 bss[NL80211_BSS_FREQUENCY]) { 5370 _arg->ibss_freq = 5371 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 5372 wpa_printf(MSG_DEBUG, "nl80211: IBSS-joined on %u MHz", 5373 _arg->ibss_freq); 5374 } 5375 if (status == NL80211_BSS_STATUS_ASSOCIATED && 5376 bss[NL80211_BSS_BSSID]) { 5377 os_memcpy(_arg->assoc_bssid, 5378 nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN); 5379 wpa_printf(MSG_DEBUG, "nl80211: Associated with " 5380 MACSTR, MAC2STR(_arg->assoc_bssid)); 5381 } 5382 } 5383 if (!res) 5384 return NL_SKIP; 5385 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 5386 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 5387 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 5388 } else { 5389 ie = NULL; 5390 ie_len = 0; 5391 } 5392 if (bss[NL80211_BSS_BEACON_IES]) { 5393 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 5394 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 5395 } else { 5396 beacon_ie = NULL; 5397 beacon_ie_len = 0; 5398 } 5399 5400 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 5401 ie ? ie_len : beacon_ie_len)) 5402 return NL_SKIP; 5403 5404 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 5405 if (r == NULL) 5406 return NL_SKIP; 5407 if (bss[NL80211_BSS_BSSID]) 5408 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 5409 ETH_ALEN); 5410 if (bss[NL80211_BSS_FREQUENCY]) 5411 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 5412 if (bss[NL80211_BSS_BEACON_INTERVAL]) 5413 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 5414 if (bss[NL80211_BSS_CAPABILITY]) 5415 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 5416 r->flags |= WPA_SCAN_NOISE_INVALID; 5417 if (bss[NL80211_BSS_SIGNAL_MBM]) { 5418 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 5419 r->level /= 100; /* mBm to dBm */ 5420 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 5421 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 5422 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 5423 r->flags |= WPA_SCAN_QUAL_INVALID; 5424 } else 5425 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 5426 if (bss[NL80211_BSS_TSF]) 5427 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 5428 if (bss[NL80211_BSS_SEEN_MS_AGO]) 5429 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 5430 r->ie_len = ie_len; 5431 pos = (u8 *) (r + 1); 5432 if (ie) { 5433 os_memcpy(pos, ie, ie_len); 5434 pos += ie_len; 5435 } 5436 r->beacon_ie_len = beacon_ie_len; 5437 if (beacon_ie) 5438 os_memcpy(pos, beacon_ie, beacon_ie_len); 5439 5440 if (bss[NL80211_BSS_STATUS]) { 5441 enum nl80211_bss_status status; 5442 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 5443 switch (status) { 5444 case NL80211_BSS_STATUS_AUTHENTICATED: 5445 r->flags |= WPA_SCAN_AUTHENTICATED; 5446 break; 5447 case NL80211_BSS_STATUS_ASSOCIATED: 5448 r->flags |= WPA_SCAN_ASSOCIATED; 5449 break; 5450 default: 5451 break; 5452 } 5453 } 5454 5455 /* 5456 * cfg80211 maintains separate BSS table entries for APs if the same 5457 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does 5458 * not use frequency as a separate key in the BSS table, so filter out 5459 * duplicated entries. Prefer associated BSS entry in such a case in 5460 * order to get the correct frequency into the BSS table. Similarly, 5461 * prefer newer entries over older. 5462 */ 5463 for (i = 0; i < res->num; i++) { 5464 const u8 *s1, *s2; 5465 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0) 5466 continue; 5467 5468 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1), 5469 res->res[i]->ie_len, WLAN_EID_SSID); 5470 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID); 5471 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] || 5472 os_memcmp(s1, s2, 2 + s1[1]) != 0) 5473 continue; 5474 5475 /* Same BSSID,SSID was already included in scan results */ 5476 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result " 5477 "for " MACSTR, MAC2STR(r->bssid)); 5478 5479 if (((r->flags & WPA_SCAN_ASSOCIATED) && 5480 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) || 5481 r->age < res->res[i]->age) { 5482 os_free(res->res[i]); 5483 res->res[i] = r; 5484 } else 5485 os_free(r); 5486 return NL_SKIP; 5487 } 5488 5489 tmp = os_realloc_array(res->res, res->num + 1, 5490 sizeof(struct wpa_scan_res *)); 5491 if (tmp == NULL) { 5492 os_free(r); 5493 return NL_SKIP; 5494 } 5495 tmp[res->num++] = r; 5496 res->res = tmp; 5497 5498 return NL_SKIP; 5499} 5500 5501 5502static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 5503 const u8 *addr) 5504{ 5505 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 5506 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 5507 "mismatch (" MACSTR ")", MAC2STR(addr)); 5508 wpa_driver_nl80211_mlme(drv, addr, 5509 NL80211_CMD_DEAUTHENTICATE, 5510 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 5511 } 5512} 5513 5514 5515static void wpa_driver_nl80211_check_bss_status( 5516 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 5517{ 5518 size_t i; 5519 5520 for (i = 0; i < res->num; i++) { 5521 struct wpa_scan_res *r = res->res[i]; 5522 if (r->flags & WPA_SCAN_AUTHENTICATED) { 5523 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 5524 "indicates BSS status with " MACSTR 5525 " as authenticated", 5526 MAC2STR(r->bssid)); 5527 if (is_sta_interface(drv->nlmode) && 5528 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 5529 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 5530 0) { 5531 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 5532 " in local state (auth=" MACSTR 5533 " assoc=" MACSTR ")", 5534 MAC2STR(drv->auth_bssid), 5535 MAC2STR(drv->bssid)); 5536 clear_state_mismatch(drv, r->bssid); 5537 } 5538 } 5539 5540 if (r->flags & WPA_SCAN_ASSOCIATED) { 5541 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 5542 "indicate BSS status with " MACSTR 5543 " as associated", 5544 MAC2STR(r->bssid)); 5545 if (is_sta_interface(drv->nlmode) && 5546 !drv->associated) { 5547 wpa_printf(MSG_DEBUG, "nl80211: Local state " 5548 "(not associated) does not match " 5549 "with BSS state"); 5550 clear_state_mismatch(drv, r->bssid); 5551 } else if (is_sta_interface(drv->nlmode) && 5552 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 5553 0) { 5554 wpa_printf(MSG_DEBUG, "nl80211: Local state " 5555 "(associated with " MACSTR ") does " 5556 "not match with BSS state", 5557 MAC2STR(drv->bssid)); 5558 clear_state_mismatch(drv, r->bssid); 5559 clear_state_mismatch(drv, drv->bssid); 5560 } 5561 } 5562 } 5563} 5564 5565 5566static struct wpa_scan_results * 5567nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 5568{ 5569 struct nl_msg *msg; 5570 struct wpa_scan_results *res; 5571 int ret; 5572 struct nl80211_bss_info_arg arg; 5573 5574 res = os_zalloc(sizeof(*res)); 5575 if (res == NULL) 5576 return NULL; 5577 msg = nlmsg_alloc(); 5578 if (!msg) 5579 goto nla_put_failure; 5580 5581 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 5582 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 5583 goto nla_put_failure; 5584 5585 arg.drv = drv; 5586 arg.res = res; 5587 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 5588 msg = NULL; 5589 if (ret == 0) { 5590 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu " 5591 "BSSes)", (unsigned long) res->num); 5592 nl80211_get_noise_for_scan_results(drv, res); 5593 return res; 5594 } 5595 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 5596 "(%s)", ret, strerror(-ret)); 5597nla_put_failure: 5598 nlmsg_free(msg); 5599 wpa_scan_results_free(res); 5600 return NULL; 5601} 5602 5603 5604/** 5605 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 5606 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 5607 * Returns: Scan results on success, -1 on failure 5608 */ 5609static struct wpa_scan_results * 5610wpa_driver_nl80211_get_scan_results(void *priv) 5611{ 5612 struct i802_bss *bss = priv; 5613 struct wpa_driver_nl80211_data *drv = bss->drv; 5614 struct wpa_scan_results *res; 5615 5616 res = nl80211_get_scan_results(drv); 5617 if (res) 5618 wpa_driver_nl80211_check_bss_status(drv, res); 5619 return res; 5620} 5621 5622 5623static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 5624{ 5625 struct wpa_scan_results *res; 5626 size_t i; 5627 5628 res = nl80211_get_scan_results(drv); 5629 if (res == NULL) { 5630 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 5631 return; 5632 } 5633 5634 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 5635 for (i = 0; i < res->num; i++) { 5636 struct wpa_scan_res *r = res->res[i]; 5637 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 5638 (int) i, (int) res->num, MAC2STR(r->bssid), 5639 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 5640 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 5641 } 5642 5643 wpa_scan_results_free(res); 5644} 5645 5646 5647static u32 wpa_alg_to_cipher_suite(enum wpa_alg alg, size_t key_len) 5648{ 5649 switch (alg) { 5650 case WPA_ALG_WEP: 5651 if (key_len == 5) 5652 return WLAN_CIPHER_SUITE_WEP40; 5653 return WLAN_CIPHER_SUITE_WEP104; 5654 case WPA_ALG_TKIP: 5655 return WLAN_CIPHER_SUITE_TKIP; 5656 case WPA_ALG_CCMP: 5657 return WLAN_CIPHER_SUITE_CCMP; 5658 case WPA_ALG_GCMP: 5659 return WLAN_CIPHER_SUITE_GCMP; 5660 case WPA_ALG_CCMP_256: 5661 return WLAN_CIPHER_SUITE_CCMP_256; 5662 case WPA_ALG_GCMP_256: 5663 return WLAN_CIPHER_SUITE_GCMP_256; 5664 case WPA_ALG_IGTK: 5665 return WLAN_CIPHER_SUITE_AES_CMAC; 5666 case WPA_ALG_BIP_GMAC_128: 5667 return WLAN_CIPHER_SUITE_BIP_GMAC_128; 5668 case WPA_ALG_BIP_GMAC_256: 5669 return WLAN_CIPHER_SUITE_BIP_GMAC_256; 5670 case WPA_ALG_BIP_CMAC_256: 5671 return WLAN_CIPHER_SUITE_BIP_CMAC_256; 5672 case WPA_ALG_SMS4: 5673 return WLAN_CIPHER_SUITE_SMS4; 5674 case WPA_ALG_KRK: 5675 return WLAN_CIPHER_SUITE_KRK; 5676 case WPA_ALG_NONE: 5677 case WPA_ALG_PMK: 5678 wpa_printf(MSG_ERROR, "nl80211: Unexpected encryption algorithm %d", 5679 alg); 5680 return 0; 5681 } 5682 5683 wpa_printf(MSG_ERROR, "nl80211: Unsupported encryption algorithm %d", 5684 alg); 5685 return 0; 5686} 5687 5688 5689static u32 wpa_cipher_to_cipher_suite(unsigned int cipher) 5690{ 5691 switch (cipher) { 5692 case WPA_CIPHER_CCMP_256: 5693 return WLAN_CIPHER_SUITE_CCMP_256; 5694 case WPA_CIPHER_GCMP_256: 5695 return WLAN_CIPHER_SUITE_GCMP_256; 5696 case WPA_CIPHER_CCMP: 5697 return WLAN_CIPHER_SUITE_CCMP; 5698 case WPA_CIPHER_GCMP: 5699 return WLAN_CIPHER_SUITE_GCMP; 5700 case WPA_CIPHER_TKIP: 5701 return WLAN_CIPHER_SUITE_TKIP; 5702 case WPA_CIPHER_WEP104: 5703 return WLAN_CIPHER_SUITE_WEP104; 5704 case WPA_CIPHER_WEP40: 5705 return WLAN_CIPHER_SUITE_WEP40; 5706 case WPA_CIPHER_GTK_NOT_USED: 5707 return WLAN_CIPHER_SUITE_NO_GROUP_ADDR; 5708 } 5709 5710 return 0; 5711} 5712 5713 5714static int wpa_cipher_to_cipher_suites(unsigned int ciphers, u32 suites[], 5715 int max_suites) 5716{ 5717 int num_suites = 0; 5718 5719 if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP_256) 5720 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP_256; 5721 if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP_256) 5722 suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP_256; 5723 if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP) 5724 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP; 5725 if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP) 5726 suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP; 5727 if (num_suites < max_suites && ciphers & WPA_CIPHER_TKIP) 5728 suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP; 5729 if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP104) 5730 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104; 5731 if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP40) 5732 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40; 5733 5734 return num_suites; 5735} 5736 5737 5738static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss, 5739 enum wpa_alg alg, const u8 *addr, 5740 int key_idx, int set_tx, 5741 const u8 *seq, size_t seq_len, 5742 const u8 *key, size_t key_len) 5743{ 5744 struct wpa_driver_nl80211_data *drv = bss->drv; 5745 int ifindex; 5746 struct nl_msg *msg; 5747 int ret; 5748 int tdls = 0; 5749 5750 /* Ignore for P2P Device */ 5751 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) 5752 return 0; 5753 5754 ifindex = if_nametoindex(ifname); 5755 wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d " 5756 "set_tx=%d seq_len=%lu key_len=%lu", 5757 __func__, ifindex, ifname, alg, addr, key_idx, set_tx, 5758 (unsigned long) seq_len, (unsigned long) key_len); 5759#ifdef CONFIG_TDLS 5760 if (key_idx == -1) { 5761 key_idx = 0; 5762 tdls = 1; 5763 } 5764#endif /* CONFIG_TDLS */ 5765 5766 msg = nlmsg_alloc(); 5767 if (!msg) 5768 return -ENOMEM; 5769 5770 if (alg == WPA_ALG_NONE) { 5771 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY); 5772 } else { 5773 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY); 5774 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 5775 wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len); 5776 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 5777 wpa_alg_to_cipher_suite(alg, key_len)); 5778 } 5779 5780 if (seq && seq_len) { 5781 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 5782 wpa_hexdump(MSG_DEBUG, "nl80211: KEY_SEQ", seq, seq_len); 5783 } 5784 5785 if (addr && !is_broadcast_ether_addr(addr)) { 5786 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 5787 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5788 5789 if (alg != WPA_ALG_WEP && key_idx && !set_tx) { 5790 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK"); 5791 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, 5792 NL80211_KEYTYPE_GROUP); 5793 } 5794 } else if (addr && is_broadcast_ether_addr(addr)) { 5795 struct nlattr *types; 5796 5797 wpa_printf(MSG_DEBUG, " broadcast key"); 5798 5799 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5800 if (!types) 5801 goto nla_put_failure; 5802 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 5803 nla_nest_end(msg, types); 5804 } 5805 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 5806 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5807 5808 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5809 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 5810 ret = 0; 5811 if (ret) 5812 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 5813 ret, strerror(-ret)); 5814 5815 /* 5816 * If we failed or don't need to set the default TX key (below), 5817 * we're done here. 5818 */ 5819 if (ret || !set_tx || alg == WPA_ALG_NONE || tdls) 5820 return ret; 5821 if (is_ap_interface(drv->nlmode) && addr && 5822 !is_broadcast_ether_addr(addr)) 5823 return ret; 5824 5825 msg = nlmsg_alloc(); 5826 if (!msg) 5827 return -ENOMEM; 5828 5829 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY); 5830 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 5831 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5832 if (alg == WPA_ALG_IGTK) 5833 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 5834 else 5835 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 5836 if (addr && is_broadcast_ether_addr(addr)) { 5837 struct nlattr *types; 5838 5839 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5840 if (!types) 5841 goto nla_put_failure; 5842 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 5843 nla_nest_end(msg, types); 5844 } else if (addr) { 5845 struct nlattr *types; 5846 5847 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5848 if (!types) 5849 goto nla_put_failure; 5850 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_UNICAST); 5851 nla_nest_end(msg, types); 5852 } 5853 5854 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5855 if (ret == -ENOENT) 5856 ret = 0; 5857 if (ret) 5858 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 5859 "err=%d %s)", ret, strerror(-ret)); 5860 return ret; 5861 5862nla_put_failure: 5863 nlmsg_free(msg); 5864 return -ENOBUFS; 5865} 5866 5867 5868static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 5869 int key_idx, int defkey, 5870 const u8 *seq, size_t seq_len, 5871 const u8 *key, size_t key_len) 5872{ 5873 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 5874 if (!key_attr) 5875 return -1; 5876 5877 if (defkey && alg == WPA_ALG_IGTK) 5878 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 5879 else if (defkey) 5880 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 5881 5882 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 5883 5884 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5885 wpa_alg_to_cipher_suite(alg, key_len)); 5886 5887 if (seq && seq_len) 5888 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 5889 5890 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 5891 5892 nla_nest_end(msg, key_attr); 5893 5894 return 0; 5895 nla_put_failure: 5896 return -1; 5897} 5898 5899 5900static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 5901 struct nl_msg *msg) 5902{ 5903 int i, privacy = 0; 5904 struct nlattr *nl_keys, *nl_key; 5905 5906 for (i = 0; i < 4; i++) { 5907 if (!params->wep_key[i]) 5908 continue; 5909 privacy = 1; 5910 break; 5911 } 5912 if (params->wps == WPS_MODE_PRIVACY) 5913 privacy = 1; 5914 if (params->pairwise_suite && 5915 params->pairwise_suite != WPA_CIPHER_NONE) 5916 privacy = 1; 5917 5918 if (!privacy) 5919 return 0; 5920 5921 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 5922 5923 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 5924 if (!nl_keys) 5925 goto nla_put_failure; 5926 5927 for (i = 0; i < 4; i++) { 5928 if (!params->wep_key[i]) 5929 continue; 5930 5931 nl_key = nla_nest_start(msg, i); 5932 if (!nl_key) 5933 goto nla_put_failure; 5934 5935 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 5936 params->wep_key[i]); 5937 if (params->wep_key_len[i] == 5) 5938 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5939 WLAN_CIPHER_SUITE_WEP40); 5940 else 5941 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5942 WLAN_CIPHER_SUITE_WEP104); 5943 5944 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 5945 5946 if (i == params->wep_tx_keyidx) 5947 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 5948 5949 nla_nest_end(msg, nl_key); 5950 } 5951 nla_nest_end(msg, nl_keys); 5952 5953 return 0; 5954 5955nla_put_failure: 5956 return -ENOBUFS; 5957} 5958 5959 5960static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 5961 const u8 *addr, int cmd, u16 reason_code, 5962 int local_state_change) 5963{ 5964 int ret = -1; 5965 struct nl_msg *msg; 5966 5967 msg = nlmsg_alloc(); 5968 if (!msg) 5969 return -1; 5970 5971 nl80211_cmd(drv, msg, 0, cmd); 5972 5973 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5974 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 5975 if (addr) 5976 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5977 if (local_state_change) 5978 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 5979 5980 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5981 msg = NULL; 5982 if (ret) { 5983 wpa_dbg(drv->ctx, MSG_DEBUG, 5984 "nl80211: MLME command failed: reason=%u ret=%d (%s)", 5985 reason_code, ret, strerror(-ret)); 5986 goto nla_put_failure; 5987 } 5988 ret = 0; 5989 5990nla_put_failure: 5991 nlmsg_free(msg); 5992 return ret; 5993} 5994 5995 5996static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 5997 int reason_code) 5998{ 5999 int ret; 6000 6001 wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code); 6002 nl80211_mark_disconnected(drv); 6003 /* Disconnect command doesn't need BSSID - it uses cached value */ 6004 ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT, 6005 reason_code, 0); 6006 /* 6007 * For locally generated disconnect, supplicant already generates a 6008 * DEAUTH event, so ignore the event from NL80211. 6009 */ 6010 drv->ignore_next_local_disconnect = ret == 0; 6011 6012 return ret; 6013} 6014 6015 6016static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss, 6017 const u8 *addr, int reason_code) 6018{ 6019 struct wpa_driver_nl80211_data *drv = bss->drv; 6020 int ret; 6021 6022 if (drv->nlmode == NL80211_IFTYPE_ADHOC) { 6023 nl80211_mark_disconnected(drv); 6024 return nl80211_leave_ibss(drv); 6025 } 6026 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 6027 return wpa_driver_nl80211_disconnect(drv, reason_code); 6028 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 6029 __func__, MAC2STR(addr), reason_code); 6030 nl80211_mark_disconnected(drv); 6031 ret = wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 6032 reason_code, 0); 6033 /* 6034 * For locally generated deauthenticate, supplicant already generates a 6035 * DEAUTH event, so ignore the event from NL80211. 6036 */ 6037 drv->ignore_next_local_deauth = ret == 0; 6038 return ret; 6039} 6040 6041 6042static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv, 6043 struct wpa_driver_auth_params *params) 6044{ 6045 int i; 6046 6047 drv->auth_freq = params->freq; 6048 drv->auth_alg = params->auth_alg; 6049 drv->auth_wep_tx_keyidx = params->wep_tx_keyidx; 6050 drv->auth_local_state_change = params->local_state_change; 6051 drv->auth_p2p = params->p2p; 6052 6053 if (params->bssid) 6054 os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN); 6055 else 6056 os_memset(drv->auth_bssid_, 0, ETH_ALEN); 6057 6058 if (params->ssid) { 6059 os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len); 6060 drv->auth_ssid_len = params->ssid_len; 6061 } else 6062 drv->auth_ssid_len = 0; 6063 6064 6065 os_free(drv->auth_ie); 6066 drv->auth_ie = NULL; 6067 drv->auth_ie_len = 0; 6068 if (params->ie) { 6069 drv->auth_ie = os_malloc(params->ie_len); 6070 if (drv->auth_ie) { 6071 os_memcpy(drv->auth_ie, params->ie, params->ie_len); 6072 drv->auth_ie_len = params->ie_len; 6073 } 6074 } 6075 6076 for (i = 0; i < 4; i++) { 6077 if (params->wep_key[i] && params->wep_key_len[i] && 6078 params->wep_key_len[i] <= 16) { 6079 os_memcpy(drv->auth_wep_key[i], params->wep_key[i], 6080 params->wep_key_len[i]); 6081 drv->auth_wep_key_len[i] = params->wep_key_len[i]; 6082 } else 6083 drv->auth_wep_key_len[i] = 0; 6084 } 6085} 6086 6087 6088static int wpa_driver_nl80211_authenticate( 6089 struct i802_bss *bss, struct wpa_driver_auth_params *params) 6090{ 6091 struct wpa_driver_nl80211_data *drv = bss->drv; 6092 int ret = -1, i; 6093 struct nl_msg *msg; 6094 enum nl80211_auth_type type; 6095 enum nl80211_iftype nlmode; 6096 int count = 0; 6097 int is_retry; 6098 6099 is_retry = drv->retry_auth; 6100 drv->retry_auth = 0; 6101 drv->ignore_deauth_event = 0; 6102 6103 nl80211_mark_disconnected(drv); 6104 os_memset(drv->auth_bssid, 0, ETH_ALEN); 6105 if (params->bssid) 6106 os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN); 6107 else 6108 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 6109 /* FIX: IBSS mode */ 6110 nlmode = params->p2p ? 6111 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 6112 if (drv->nlmode != nlmode && 6113 wpa_driver_nl80211_set_mode(bss, nlmode) < 0) 6114 return -1; 6115 6116retry: 6117 msg = nlmsg_alloc(); 6118 if (!msg) 6119 return -1; 6120 6121 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 6122 drv->ifindex); 6123 6124 nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE); 6125 6126 for (i = 0; i < 4; i++) { 6127 if (!params->wep_key[i]) 6128 continue; 6129 wpa_driver_nl80211_set_key(bss->ifname, bss, WPA_ALG_WEP, 6130 NULL, i, 6131 i == params->wep_tx_keyidx, NULL, 0, 6132 params->wep_key[i], 6133 params->wep_key_len[i]); 6134 if (params->wep_tx_keyidx != i) 6135 continue; 6136 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 6137 params->wep_key[i], params->wep_key_len[i])) { 6138 nlmsg_free(msg); 6139 return -1; 6140 } 6141 } 6142 6143 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6144 if (params->bssid) { 6145 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 6146 MAC2STR(params->bssid)); 6147 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 6148 } 6149 if (params->freq) { 6150 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 6151 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 6152 } 6153 if (params->ssid) { 6154 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 6155 params->ssid, params->ssid_len); 6156 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 6157 params->ssid); 6158 } 6159 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 6160 if (params->ie) 6161 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 6162 if (params->sae_data) { 6163 wpa_hexdump(MSG_DEBUG, " * SAE data", params->sae_data, 6164 params->sae_data_len); 6165 NLA_PUT(msg, NL80211_ATTR_SAE_DATA, params->sae_data_len, 6166 params->sae_data); 6167 } 6168 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 6169 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 6170 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 6171 type = NL80211_AUTHTYPE_SHARED_KEY; 6172 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 6173 type = NL80211_AUTHTYPE_NETWORK_EAP; 6174 else if (params->auth_alg & WPA_AUTH_ALG_FT) 6175 type = NL80211_AUTHTYPE_FT; 6176 else if (params->auth_alg & WPA_AUTH_ALG_SAE) 6177 type = NL80211_AUTHTYPE_SAE; 6178 else 6179 goto nla_put_failure; 6180 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 6181 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 6182 if (params->local_state_change) { 6183 wpa_printf(MSG_DEBUG, " * Local state change only"); 6184 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 6185 } 6186 6187 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6188 msg = NULL; 6189 if (ret) { 6190 wpa_dbg(drv->ctx, MSG_DEBUG, 6191 "nl80211: MLME command failed (auth): ret=%d (%s)", 6192 ret, strerror(-ret)); 6193 count++; 6194 if (ret == -EALREADY && count == 1 && params->bssid && 6195 !params->local_state_change) { 6196 /* 6197 * mac80211 does not currently accept new 6198 * authentication if we are already authenticated. As a 6199 * workaround, force deauthentication and try again. 6200 */ 6201 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 6202 "after forced deauthentication"); 6203 drv->ignore_deauth_event = 1; 6204 wpa_driver_nl80211_deauthenticate( 6205 bss, params->bssid, 6206 WLAN_REASON_PREV_AUTH_NOT_VALID); 6207 nlmsg_free(msg); 6208 goto retry; 6209 } 6210 6211 if (ret == -ENOENT && params->freq && !is_retry) { 6212 /* 6213 * cfg80211 has likely expired the BSS entry even 6214 * though it was previously available in our internal 6215 * BSS table. To recover quickly, start a single 6216 * channel scan on the specified channel. 6217 */ 6218 struct wpa_driver_scan_params scan; 6219 int freqs[2]; 6220 6221 os_memset(&scan, 0, sizeof(scan)); 6222 scan.num_ssids = 1; 6223 if (params->ssid) { 6224 scan.ssids[0].ssid = params->ssid; 6225 scan.ssids[0].ssid_len = params->ssid_len; 6226 } 6227 freqs[0] = params->freq; 6228 freqs[1] = 0; 6229 scan.freqs = freqs; 6230 wpa_printf(MSG_DEBUG, "nl80211: Trigger single " 6231 "channel scan to refresh cfg80211 BSS " 6232 "entry"); 6233 ret = wpa_driver_nl80211_scan(bss, &scan); 6234 if (ret == 0) { 6235 nl80211_copy_auth_params(drv, params); 6236 drv->scan_for_auth = 1; 6237 } 6238 } else if (is_retry) { 6239 /* 6240 * Need to indicate this with an event since the return 6241 * value from the retry is not delivered to core code. 6242 */ 6243 union wpa_event_data event; 6244 wpa_printf(MSG_DEBUG, "nl80211: Authentication retry " 6245 "failed"); 6246 os_memset(&event, 0, sizeof(event)); 6247 os_memcpy(event.timeout_event.addr, drv->auth_bssid_, 6248 ETH_ALEN); 6249 wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT, 6250 &event); 6251 } 6252 6253 goto nla_put_failure; 6254 } 6255 ret = 0; 6256 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 6257 "successfully"); 6258 6259nla_put_failure: 6260 nlmsg_free(msg); 6261 return ret; 6262} 6263 6264 6265static int wpa_driver_nl80211_authenticate_retry( 6266 struct wpa_driver_nl80211_data *drv) 6267{ 6268 struct wpa_driver_auth_params params; 6269 struct i802_bss *bss = drv->first_bss; 6270 int i; 6271 6272 wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again"); 6273 6274 os_memset(¶ms, 0, sizeof(params)); 6275 params.freq = drv->auth_freq; 6276 params.auth_alg = drv->auth_alg; 6277 params.wep_tx_keyidx = drv->auth_wep_tx_keyidx; 6278 params.local_state_change = drv->auth_local_state_change; 6279 params.p2p = drv->auth_p2p; 6280 6281 if (!is_zero_ether_addr(drv->auth_bssid_)) 6282 params.bssid = drv->auth_bssid_; 6283 6284 if (drv->auth_ssid_len) { 6285 params.ssid = drv->auth_ssid; 6286 params.ssid_len = drv->auth_ssid_len; 6287 } 6288 6289 params.ie = drv->auth_ie; 6290 params.ie_len = drv->auth_ie_len; 6291 6292 for (i = 0; i < 4; i++) { 6293 if (drv->auth_wep_key_len[i]) { 6294 params.wep_key[i] = drv->auth_wep_key[i]; 6295 params.wep_key_len[i] = drv->auth_wep_key_len[i]; 6296 } 6297 } 6298 6299 drv->retry_auth = 1; 6300 return wpa_driver_nl80211_authenticate(bss, ¶ms); 6301} 6302 6303 6304struct phy_info_arg { 6305 u16 *num_modes; 6306 struct hostapd_hw_modes *modes; 6307 int last_mode, last_chan_idx; 6308}; 6309 6310static void phy_info_ht_capa(struct hostapd_hw_modes *mode, struct nlattr *capa, 6311 struct nlattr *ampdu_factor, 6312 struct nlattr *ampdu_density, 6313 struct nlattr *mcs_set) 6314{ 6315 if (capa) 6316 mode->ht_capab = nla_get_u16(capa); 6317 6318 if (ampdu_factor) 6319 mode->a_mpdu_params |= nla_get_u8(ampdu_factor) & 0x03; 6320 6321 if (ampdu_density) 6322 mode->a_mpdu_params |= nla_get_u8(ampdu_density) << 2; 6323 6324 if (mcs_set && nla_len(mcs_set) >= 16) { 6325 u8 *mcs; 6326 mcs = nla_data(mcs_set); 6327 os_memcpy(mode->mcs_set, mcs, 16); 6328 } 6329} 6330 6331 6332static void phy_info_vht_capa(struct hostapd_hw_modes *mode, 6333 struct nlattr *capa, 6334 struct nlattr *mcs_set) 6335{ 6336 if (capa) 6337 mode->vht_capab = nla_get_u32(capa); 6338 6339 if (mcs_set && nla_len(mcs_set) >= 8) { 6340 u8 *mcs; 6341 mcs = nla_data(mcs_set); 6342 os_memcpy(mode->vht_mcs_set, mcs, 8); 6343 } 6344} 6345 6346 6347static void phy_info_freq(struct hostapd_hw_modes *mode, 6348 struct hostapd_channel_data *chan, 6349 struct nlattr *tb_freq[]) 6350{ 6351 u8 channel; 6352 chan->freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 6353 chan->flag = 0; 6354 chan->dfs_cac_ms = 0; 6355 if (ieee80211_freq_to_chan(chan->freq, &channel) != NUM_HOSTAPD_MODES) 6356 chan->chan = channel; 6357 6358 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 6359 chan->flag |= HOSTAPD_CHAN_DISABLED; 6360 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IR]) 6361 chan->flag |= HOSTAPD_CHAN_PASSIVE_SCAN | HOSTAPD_CHAN_NO_IBSS; 6362 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 6363 chan->flag |= HOSTAPD_CHAN_RADAR; 6364 6365 if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]) { 6366 enum nl80211_dfs_state state = 6367 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]); 6368 6369 switch (state) { 6370 case NL80211_DFS_USABLE: 6371 chan->flag |= HOSTAPD_CHAN_DFS_USABLE; 6372 break; 6373 case NL80211_DFS_AVAILABLE: 6374 chan->flag |= HOSTAPD_CHAN_DFS_AVAILABLE; 6375 break; 6376 case NL80211_DFS_UNAVAILABLE: 6377 chan->flag |= HOSTAPD_CHAN_DFS_UNAVAILABLE; 6378 break; 6379 } 6380 } 6381 6382 if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_CAC_TIME]) { 6383 chan->dfs_cac_ms = nla_get_u32( 6384 tb_freq[NL80211_FREQUENCY_ATTR_DFS_CAC_TIME]); 6385 } 6386} 6387 6388 6389static int phy_info_freqs(struct phy_info_arg *phy_info, 6390 struct hostapd_hw_modes *mode, struct nlattr *tb) 6391{ 6392 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 6393 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 6394 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 6395 [NL80211_FREQUENCY_ATTR_NO_IR] = { .type = NLA_FLAG }, 6396 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 6397 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 6398 [NL80211_FREQUENCY_ATTR_DFS_STATE] = { .type = NLA_U32 }, 6399 }; 6400 int new_channels = 0; 6401 struct hostapd_channel_data *channel; 6402 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 6403 struct nlattr *nl_freq; 6404 int rem_freq, idx; 6405 6406 if (tb == NULL) 6407 return NL_OK; 6408 6409 nla_for_each_nested(nl_freq, tb, rem_freq) { 6410 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 6411 nla_data(nl_freq), nla_len(nl_freq), freq_policy); 6412 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 6413 continue; 6414 new_channels++; 6415 } 6416 6417 channel = os_realloc_array(mode->channels, 6418 mode->num_channels + new_channels, 6419 sizeof(struct hostapd_channel_data)); 6420 if (!channel) 6421 return NL_SKIP; 6422 6423 mode->channels = channel; 6424 mode->num_channels += new_channels; 6425 6426 idx = phy_info->last_chan_idx; 6427 6428 nla_for_each_nested(nl_freq, tb, rem_freq) { 6429 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 6430 nla_data(nl_freq), nla_len(nl_freq), freq_policy); 6431 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 6432 continue; 6433 phy_info_freq(mode, &mode->channels[idx], tb_freq); 6434 idx++; 6435 } 6436 phy_info->last_chan_idx = idx; 6437 6438 return NL_OK; 6439} 6440 6441 6442static int phy_info_rates(struct hostapd_hw_modes *mode, struct nlattr *tb) 6443{ 6444 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 6445 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 6446 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = 6447 { .type = NLA_FLAG }, 6448 }; 6449 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 6450 struct nlattr *nl_rate; 6451 int rem_rate, idx; 6452 6453 if (tb == NULL) 6454 return NL_OK; 6455 6456 nla_for_each_nested(nl_rate, tb, rem_rate) { 6457 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 6458 nla_data(nl_rate), nla_len(nl_rate), 6459 rate_policy); 6460 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 6461 continue; 6462 mode->num_rates++; 6463 } 6464 6465 mode->rates = os_calloc(mode->num_rates, sizeof(int)); 6466 if (!mode->rates) 6467 return NL_SKIP; 6468 6469 idx = 0; 6470 6471 nla_for_each_nested(nl_rate, tb, rem_rate) { 6472 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 6473 nla_data(nl_rate), nla_len(nl_rate), 6474 rate_policy); 6475 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 6476 continue; 6477 mode->rates[idx] = nla_get_u32( 6478 tb_rate[NL80211_BITRATE_ATTR_RATE]); 6479 idx++; 6480 } 6481 6482 return NL_OK; 6483} 6484 6485 6486static int phy_info_band(struct phy_info_arg *phy_info, struct nlattr *nl_band) 6487{ 6488 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 6489 struct hostapd_hw_modes *mode; 6490 int ret; 6491 6492 if (phy_info->last_mode != nl_band->nla_type) { 6493 mode = os_realloc_array(phy_info->modes, 6494 *phy_info->num_modes + 1, 6495 sizeof(*mode)); 6496 if (!mode) 6497 return NL_SKIP; 6498 phy_info->modes = mode; 6499 6500 mode = &phy_info->modes[*(phy_info->num_modes)]; 6501 os_memset(mode, 0, sizeof(*mode)); 6502 mode->mode = NUM_HOSTAPD_MODES; 6503 mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN | 6504 HOSTAPD_MODE_FLAG_VHT_INFO_KNOWN; 6505 6506 /* 6507 * Unsupported VHT MCS stream is defined as value 3, so the VHT 6508 * MCS RX/TX map must be initialized with 0xffff to mark all 8 6509 * possible streams as unsupported. This will be overridden if 6510 * driver advertises VHT support. 6511 */ 6512 mode->vht_mcs_set[0] = 0xff; 6513 mode->vht_mcs_set[1] = 0xff; 6514 mode->vht_mcs_set[4] = 0xff; 6515 mode->vht_mcs_set[5] = 0xff; 6516 6517 *(phy_info->num_modes) += 1; 6518 phy_info->last_mode = nl_band->nla_type; 6519 phy_info->last_chan_idx = 0; 6520 } else 6521 mode = &phy_info->modes[*(phy_info->num_modes) - 1]; 6522 6523 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 6524 nla_len(nl_band), NULL); 6525 6526 phy_info_ht_capa(mode, tb_band[NL80211_BAND_ATTR_HT_CAPA], 6527 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR], 6528 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY], 6529 tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 6530 phy_info_vht_capa(mode, tb_band[NL80211_BAND_ATTR_VHT_CAPA], 6531 tb_band[NL80211_BAND_ATTR_VHT_MCS_SET]); 6532 ret = phy_info_freqs(phy_info, mode, tb_band[NL80211_BAND_ATTR_FREQS]); 6533 if (ret != NL_OK) 6534 return ret; 6535 ret = phy_info_rates(mode, tb_band[NL80211_BAND_ATTR_RATES]); 6536 if (ret != NL_OK) 6537 return ret; 6538 6539 return NL_OK; 6540} 6541 6542 6543static int phy_info_handler(struct nl_msg *msg, void *arg) 6544{ 6545 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 6546 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6547 struct phy_info_arg *phy_info = arg; 6548 struct nlattr *nl_band; 6549 int rem_band; 6550 6551 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6552 genlmsg_attrlen(gnlh, 0), NULL); 6553 6554 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 6555 return NL_SKIP; 6556 6557 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) 6558 { 6559 int res = phy_info_band(phy_info, nl_band); 6560 if (res != NL_OK) 6561 return res; 6562 } 6563 6564 return NL_SKIP; 6565} 6566 6567 6568static struct hostapd_hw_modes * 6569wpa_driver_nl80211_postprocess_modes(struct hostapd_hw_modes *modes, 6570 u16 *num_modes) 6571{ 6572 u16 m; 6573 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 6574 int i, mode11g_idx = -1; 6575 6576 /* heuristic to set up modes */ 6577 for (m = 0; m < *num_modes; m++) { 6578 if (!modes[m].num_channels) 6579 continue; 6580 if (modes[m].channels[0].freq < 4000) { 6581 modes[m].mode = HOSTAPD_MODE_IEEE80211B; 6582 for (i = 0; i < modes[m].num_rates; i++) { 6583 if (modes[m].rates[i] > 200) { 6584 modes[m].mode = HOSTAPD_MODE_IEEE80211G; 6585 break; 6586 } 6587 } 6588 } else if (modes[m].channels[0].freq > 50000) 6589 modes[m].mode = HOSTAPD_MODE_IEEE80211AD; 6590 else 6591 modes[m].mode = HOSTAPD_MODE_IEEE80211A; 6592 } 6593 6594 /* If only 802.11g mode is included, use it to construct matching 6595 * 802.11b mode data. */ 6596 6597 for (m = 0; m < *num_modes; m++) { 6598 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 6599 return modes; /* 802.11b already included */ 6600 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 6601 mode11g_idx = m; 6602 } 6603 6604 if (mode11g_idx < 0) 6605 return modes; /* 2.4 GHz band not supported at all */ 6606 6607 nmodes = os_realloc_array(modes, *num_modes + 1, sizeof(*nmodes)); 6608 if (nmodes == NULL) 6609 return modes; /* Could not add 802.11b mode */ 6610 6611 mode = &nmodes[*num_modes]; 6612 os_memset(mode, 0, sizeof(*mode)); 6613 (*num_modes)++; 6614 modes = nmodes; 6615 6616 mode->mode = HOSTAPD_MODE_IEEE80211B; 6617 6618 mode11g = &modes[mode11g_idx]; 6619 mode->num_channels = mode11g->num_channels; 6620 mode->channels = os_malloc(mode11g->num_channels * 6621 sizeof(struct hostapd_channel_data)); 6622 if (mode->channels == NULL) { 6623 (*num_modes)--; 6624 return modes; /* Could not add 802.11b mode */ 6625 } 6626 os_memcpy(mode->channels, mode11g->channels, 6627 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 6628 6629 mode->num_rates = 0; 6630 mode->rates = os_malloc(4 * sizeof(int)); 6631 if (mode->rates == NULL) { 6632 os_free(mode->channels); 6633 (*num_modes)--; 6634 return modes; /* Could not add 802.11b mode */ 6635 } 6636 6637 for (i = 0; i < mode11g->num_rates; i++) { 6638 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 6639 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 6640 continue; 6641 mode->rates[mode->num_rates] = mode11g->rates[i]; 6642 mode->num_rates++; 6643 if (mode->num_rates == 4) 6644 break; 6645 } 6646 6647 if (mode->num_rates == 0) { 6648 os_free(mode->channels); 6649 os_free(mode->rates); 6650 (*num_modes)--; 6651 return modes; /* No 802.11b rates */ 6652 } 6653 6654 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 6655 "information"); 6656 6657 return modes; 6658} 6659 6660 6661static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start, 6662 int end) 6663{ 6664 int c; 6665 6666 for (c = 0; c < mode->num_channels; c++) { 6667 struct hostapd_channel_data *chan = &mode->channels[c]; 6668 if (chan->freq - 10 >= start && chan->freq + 10 <= end) 6669 chan->flag |= HOSTAPD_CHAN_HT40; 6670 } 6671} 6672 6673 6674static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start, 6675 int end) 6676{ 6677 int c; 6678 6679 for (c = 0; c < mode->num_channels; c++) { 6680 struct hostapd_channel_data *chan = &mode->channels[c]; 6681 if (!(chan->flag & HOSTAPD_CHAN_HT40)) 6682 continue; 6683 if (chan->freq - 30 >= start && chan->freq - 10 <= end) 6684 chan->flag |= HOSTAPD_CHAN_HT40MINUS; 6685 if (chan->freq + 10 >= start && chan->freq + 30 <= end) 6686 chan->flag |= HOSTAPD_CHAN_HT40PLUS; 6687 } 6688} 6689 6690 6691static void nl80211_reg_rule_max_eirp(u32 start, u32 end, u32 max_eirp, 6692 struct phy_info_arg *results) 6693{ 6694 u16 m; 6695 6696 for (m = 0; m < *results->num_modes; m++) { 6697 int c; 6698 struct hostapd_hw_modes *mode = &results->modes[m]; 6699 6700 for (c = 0; c < mode->num_channels; c++) { 6701 struct hostapd_channel_data *chan = &mode->channels[c]; 6702 if ((u32) chan->freq - 10 >= start && 6703 (u32) chan->freq + 10 <= end) 6704 chan->max_tx_power = max_eirp; 6705 } 6706 } 6707} 6708 6709 6710static void nl80211_reg_rule_ht40(u32 start, u32 end, 6711 struct phy_info_arg *results) 6712{ 6713 u16 m; 6714 6715 for (m = 0; m < *results->num_modes; m++) { 6716 if (!(results->modes[m].ht_capab & 6717 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6718 continue; 6719 nl80211_set_ht40_mode(&results->modes[m], start, end); 6720 } 6721} 6722 6723 6724static void nl80211_reg_rule_sec(struct nlattr *tb[], 6725 struct phy_info_arg *results) 6726{ 6727 u32 start, end, max_bw; 6728 u16 m; 6729 6730 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6731 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6732 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6733 return; 6734 6735 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6736 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6737 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6738 6739 if (max_bw < 20) 6740 return; 6741 6742 for (m = 0; m < *results->num_modes; m++) { 6743 if (!(results->modes[m].ht_capab & 6744 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6745 continue; 6746 nl80211_set_ht40_mode_sec(&results->modes[m], start, end); 6747 } 6748} 6749 6750 6751static void nl80211_set_vht_mode(struct hostapd_hw_modes *mode, int start, 6752 int end) 6753{ 6754 int c; 6755 6756 for (c = 0; c < mode->num_channels; c++) { 6757 struct hostapd_channel_data *chan = &mode->channels[c]; 6758 if (chan->freq - 10 >= start && chan->freq + 70 <= end) 6759 chan->flag |= HOSTAPD_CHAN_VHT_10_70; 6760 6761 if (chan->freq - 30 >= start && chan->freq + 50 <= end) 6762 chan->flag |= HOSTAPD_CHAN_VHT_30_50; 6763 6764 if (chan->freq - 50 >= start && chan->freq + 30 <= end) 6765 chan->flag |= HOSTAPD_CHAN_VHT_50_30; 6766 6767 if (chan->freq - 70 >= start && chan->freq + 10 <= end) 6768 chan->flag |= HOSTAPD_CHAN_VHT_70_10; 6769 } 6770} 6771 6772 6773static void nl80211_reg_rule_vht(struct nlattr *tb[], 6774 struct phy_info_arg *results) 6775{ 6776 u32 start, end, max_bw; 6777 u16 m; 6778 6779 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6780 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6781 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6782 return; 6783 6784 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6785 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6786 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6787 6788 if (max_bw < 80) 6789 return; 6790 6791 for (m = 0; m < *results->num_modes; m++) { 6792 if (!(results->modes[m].ht_capab & 6793 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6794 continue; 6795 /* TODO: use a real VHT support indication */ 6796 if (!results->modes[m].vht_capab) 6797 continue; 6798 6799 nl80211_set_vht_mode(&results->modes[m], start, end); 6800 } 6801} 6802 6803 6804static const char * dfs_domain_name(enum nl80211_dfs_regions region) 6805{ 6806 switch (region) { 6807 case NL80211_DFS_UNSET: 6808 return "DFS-UNSET"; 6809 case NL80211_DFS_FCC: 6810 return "DFS-FCC"; 6811 case NL80211_DFS_ETSI: 6812 return "DFS-ETSI"; 6813 case NL80211_DFS_JP: 6814 return "DFS-JP"; 6815 default: 6816 return "DFS-invalid"; 6817 } 6818} 6819 6820 6821static int nl80211_get_reg(struct nl_msg *msg, void *arg) 6822{ 6823 struct phy_info_arg *results = arg; 6824 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 6825 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6826 struct nlattr *nl_rule; 6827 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1]; 6828 int rem_rule; 6829 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 6830 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 6831 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 6832 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 6833 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 6834 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 6835 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 6836 }; 6837 6838 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6839 genlmsg_attrlen(gnlh, 0), NULL); 6840 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] || 6841 !tb_msg[NL80211_ATTR_REG_RULES]) { 6842 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information " 6843 "available"); 6844 return NL_SKIP; 6845 } 6846 6847 if (tb_msg[NL80211_ATTR_DFS_REGION]) { 6848 enum nl80211_dfs_regions dfs_domain; 6849 dfs_domain = nla_get_u8(tb_msg[NL80211_ATTR_DFS_REGION]); 6850 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s (%s)", 6851 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 6852 dfs_domain_name(dfs_domain)); 6853 } else { 6854 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s", 6855 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2])); 6856 } 6857 6858 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6859 { 6860 u32 start, end, max_eirp = 0, max_bw = 0, flags = 0; 6861 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6862 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6863 if (tb_rule[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6864 tb_rule[NL80211_ATTR_FREQ_RANGE_END] == NULL) 6865 continue; 6866 start = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6867 end = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6868 if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 6869 max_eirp = nla_get_u32(tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) / 100; 6870 if (tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 6871 max_bw = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6872 if (tb_rule[NL80211_ATTR_REG_RULE_FLAGS]) 6873 flags = nla_get_u32(tb_rule[NL80211_ATTR_REG_RULE_FLAGS]); 6874 6875 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz %u mBm%s%s%s%s%s%s%s%s", 6876 start, end, max_bw, max_eirp, 6877 flags & NL80211_RRF_NO_OFDM ? " (no OFDM)" : "", 6878 flags & NL80211_RRF_NO_CCK ? " (no CCK)" : "", 6879 flags & NL80211_RRF_NO_INDOOR ? " (no indoor)" : "", 6880 flags & NL80211_RRF_NO_OUTDOOR ? " (no outdoor)" : 6881 "", 6882 flags & NL80211_RRF_DFS ? " (DFS)" : "", 6883 flags & NL80211_RRF_PTP_ONLY ? " (PTP only)" : "", 6884 flags & NL80211_RRF_PTMP_ONLY ? " (PTMP only)" : "", 6885 flags & NL80211_RRF_NO_IR ? " (no IR)" : ""); 6886 if (max_bw >= 40) 6887 nl80211_reg_rule_ht40(start, end, results); 6888 if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 6889 nl80211_reg_rule_max_eirp(start, end, max_eirp, 6890 results); 6891 } 6892 6893 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6894 { 6895 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6896 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6897 nl80211_reg_rule_sec(tb_rule, results); 6898 } 6899 6900 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6901 { 6902 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6903 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6904 nl80211_reg_rule_vht(tb_rule, results); 6905 } 6906 6907 return NL_SKIP; 6908} 6909 6910 6911static int nl80211_set_regulatory_flags(struct wpa_driver_nl80211_data *drv, 6912 struct phy_info_arg *results) 6913{ 6914 struct nl_msg *msg; 6915 6916 msg = nlmsg_alloc(); 6917 if (!msg) 6918 return -ENOMEM; 6919 6920 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 6921 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results); 6922} 6923 6924 6925static struct hostapd_hw_modes * 6926wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 6927{ 6928 u32 feat; 6929 struct i802_bss *bss = priv; 6930 struct wpa_driver_nl80211_data *drv = bss->drv; 6931 struct nl_msg *msg; 6932 struct phy_info_arg result = { 6933 .num_modes = num_modes, 6934 .modes = NULL, 6935 .last_mode = -1, 6936 }; 6937 6938 *num_modes = 0; 6939 *flags = 0; 6940 6941 msg = nlmsg_alloc(); 6942 if (!msg) 6943 return NULL; 6944 6945 feat = get_nl80211_protocol_features(drv); 6946 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP) 6947 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY); 6948 else 6949 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 6950 6951 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP); 6952 if (nl80211_set_iface_id(msg, bss) < 0) 6953 goto nla_put_failure; 6954 6955 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) { 6956 nl80211_set_regulatory_flags(drv, &result); 6957 return wpa_driver_nl80211_postprocess_modes(result.modes, 6958 num_modes); 6959 } 6960 msg = NULL; 6961 nla_put_failure: 6962 nlmsg_free(msg); 6963 return NULL; 6964} 6965 6966 6967static int wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data *drv, 6968 const void *data, size_t len, 6969 int encrypt, int noack) 6970{ 6971 __u8 rtap_hdr[] = { 6972 0x00, 0x00, /* radiotap version */ 6973 0x0e, 0x00, /* radiotap length */ 6974 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 6975 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 6976 0x00, /* padding */ 6977 0x00, 0x00, /* RX and TX flags to indicate that */ 6978 0x00, 0x00, /* this is the injected frame directly */ 6979 }; 6980 struct iovec iov[2] = { 6981 { 6982 .iov_base = &rtap_hdr, 6983 .iov_len = sizeof(rtap_hdr), 6984 }, 6985 { 6986 .iov_base = (void *) data, 6987 .iov_len = len, 6988 } 6989 }; 6990 struct msghdr msg = { 6991 .msg_name = NULL, 6992 .msg_namelen = 0, 6993 .msg_iov = iov, 6994 .msg_iovlen = 2, 6995 .msg_control = NULL, 6996 .msg_controllen = 0, 6997 .msg_flags = 0, 6998 }; 6999 int res; 7000 u16 txflags = 0; 7001 7002 if (encrypt) 7003 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 7004 7005 if (drv->monitor_sock < 0) { 7006 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available " 7007 "for %s", __func__); 7008 return -1; 7009 } 7010 7011 if (noack) 7012 txflags |= IEEE80211_RADIOTAP_F_TX_NOACK; 7013 WPA_PUT_LE16(&rtap_hdr[12], txflags); 7014 7015 res = sendmsg(drv->monitor_sock, &msg, 0); 7016 if (res < 0) { 7017 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno)); 7018 return -1; 7019 } 7020 return 0; 7021} 7022 7023 7024static int wpa_driver_nl80211_send_frame(struct i802_bss *bss, 7025 const void *data, size_t len, 7026 int encrypt, int noack, 7027 unsigned int freq, int no_cck, 7028 int offchanok, unsigned int wait_time) 7029{ 7030 struct wpa_driver_nl80211_data *drv = bss->drv; 7031 u64 cookie; 7032 int res; 7033 7034 if (freq == 0 && drv->nlmode == NL80211_IFTYPE_ADHOC) { 7035 freq = nl80211_get_assoc_freq(drv); 7036 wpa_printf(MSG_DEBUG, 7037 "nl80211: send_frame - Use assoc_freq=%u for IBSS", 7038 freq); 7039 } 7040 if (freq == 0) { 7041 wpa_printf(MSG_DEBUG, "nl80211: send_frame - Use bss->freq=%u", 7042 bss->freq); 7043 freq = bss->freq; 7044 } 7045 7046 if (drv->use_monitor) { 7047 wpa_printf(MSG_DEBUG, "nl80211: send_frame(freq=%u bss->freq=%u) -> send_mntr", 7048 freq, bss->freq); 7049 return wpa_driver_nl80211_send_mntr(drv, data, len, 7050 encrypt, noack); 7051 } 7052 7053 wpa_printf(MSG_DEBUG, "nl80211: send_frame -> send_frame_cmd"); 7054 res = nl80211_send_frame_cmd(bss, freq, wait_time, data, len, 7055 &cookie, no_cck, noack, offchanok); 7056 if (res == 0 && !noack) { 7057 const struct ieee80211_mgmt *mgmt; 7058 u16 fc; 7059 7060 mgmt = (const struct ieee80211_mgmt *) data; 7061 fc = le_to_host16(mgmt->frame_control); 7062 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 7063 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION) { 7064 wpa_printf(MSG_MSGDUMP, 7065 "nl80211: Update send_action_cookie from 0x%llx to 0x%llx", 7066 (long long unsigned int) 7067 drv->send_action_cookie, 7068 (long long unsigned int) cookie); 7069 drv->send_action_cookie = cookie; 7070 } 7071 } 7072 7073 return res; 7074} 7075 7076 7077static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data, 7078 size_t data_len, int noack, 7079 unsigned int freq, int no_cck, 7080 int offchanok, 7081 unsigned int wait_time) 7082{ 7083 struct wpa_driver_nl80211_data *drv = bss->drv; 7084 struct ieee80211_mgmt *mgmt; 7085 int encrypt = 1; 7086 u16 fc; 7087 7088 mgmt = (struct ieee80211_mgmt *) data; 7089 fc = le_to_host16(mgmt->frame_control); 7090 wpa_printf(MSG_DEBUG, "nl80211: send_mlme - da= " MACSTR 7091 " noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u fc=0x%x (%s) nlmode=%d", 7092 MAC2STR(mgmt->da), noack, freq, no_cck, offchanok, wait_time, 7093 fc, fc2str(fc), drv->nlmode); 7094 7095 if ((is_sta_interface(drv->nlmode) || 7096 drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) && 7097 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 7098 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) { 7099 /* 7100 * The use of last_mgmt_freq is a bit of a hack, 7101 * but it works due to the single-threaded nature 7102 * of wpa_supplicant. 7103 */ 7104 if (freq == 0) { 7105 wpa_printf(MSG_DEBUG, "nl80211: Use last_mgmt_freq=%d", 7106 drv->last_mgmt_freq); 7107 freq = drv->last_mgmt_freq; 7108 } 7109 return nl80211_send_frame_cmd(bss, freq, 0, 7110 data, data_len, NULL, 1, noack, 7111 1); 7112 } 7113 7114 if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) { 7115 if (freq == 0) { 7116 wpa_printf(MSG_DEBUG, "nl80211: Use bss->freq=%d", 7117 bss->freq); 7118 freq = bss->freq; 7119 } 7120 return nl80211_send_frame_cmd(bss, freq, 7121 (int) freq == bss->freq ? 0 : 7122 wait_time, 7123 data, data_len, 7124 &drv->send_action_cookie, 7125 no_cck, noack, offchanok); 7126 } 7127 7128 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 7129 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 7130 /* 7131 * Only one of the authentication frame types is encrypted. 7132 * In order for static WEP encryption to work properly (i.e., 7133 * to not encrypt the frame), we need to tell mac80211 about 7134 * the frames that must not be encrypted. 7135 */ 7136 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 7137 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 7138 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 7139 encrypt = 0; 7140 } 7141 7142 wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame"); 7143 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 7144 noack, freq, no_cck, offchanok, 7145 wait_time); 7146} 7147 7148 7149static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble, 7150 int slot, int ht_opmode, int ap_isolate, 7151 int *basic_rates) 7152{ 7153 struct wpa_driver_nl80211_data *drv = bss->drv; 7154 struct nl_msg *msg; 7155 7156 msg = nlmsg_alloc(); 7157 if (!msg) 7158 return -ENOMEM; 7159 7160 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS); 7161 7162 if (cts >= 0) 7163 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 7164 if (preamble >= 0) 7165 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 7166 if (slot >= 0) 7167 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 7168 if (ht_opmode >= 0) 7169 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode); 7170 if (ap_isolate >= 0) 7171 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate); 7172 7173 if (basic_rates) { 7174 u8 rates[NL80211_MAX_SUPP_RATES]; 7175 u8 rates_len = 0; 7176 int i; 7177 7178 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; 7179 i++) 7180 rates[rates_len++] = basic_rates[i] / 5; 7181 7182 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 7183 } 7184 7185 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 7186 7187 return send_and_recv_msgs(drv, msg, NULL, NULL); 7188 nla_put_failure: 7189 nlmsg_free(msg); 7190 return -ENOBUFS; 7191} 7192 7193 7194static int wpa_driver_nl80211_set_acl(void *priv, 7195 struct hostapd_acl_params *params) 7196{ 7197 struct i802_bss *bss = priv; 7198 struct wpa_driver_nl80211_data *drv = bss->drv; 7199 struct nl_msg *msg; 7200 struct nlattr *acl; 7201 unsigned int i; 7202 int ret = 0; 7203 7204 if (!(drv->capa.max_acl_mac_addrs)) 7205 return -ENOTSUP; 7206 7207 if (params->num_mac_acl > drv->capa.max_acl_mac_addrs) 7208 return -ENOTSUP; 7209 7210 msg = nlmsg_alloc(); 7211 if (!msg) 7212 return -ENOMEM; 7213 7214 wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)", 7215 params->acl_policy ? "Accept" : "Deny", params->num_mac_acl); 7216 7217 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_MAC_ACL); 7218 7219 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7220 7221 NLA_PUT_U32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ? 7222 NL80211_ACL_POLICY_DENY_UNLESS_LISTED : 7223 NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED); 7224 7225 acl = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS); 7226 if (acl == NULL) 7227 goto nla_put_failure; 7228 7229 for (i = 0; i < params->num_mac_acl; i++) 7230 NLA_PUT(msg, i + 1, ETH_ALEN, params->mac_acl[i].addr); 7231 7232 nla_nest_end(msg, acl); 7233 7234 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7235 msg = NULL; 7236 if (ret) { 7237 wpa_printf(MSG_DEBUG, "nl80211: Failed to set MAC ACL: %d (%s)", 7238 ret, strerror(-ret)); 7239 } 7240 7241nla_put_failure: 7242 nlmsg_free(msg); 7243 7244 return ret; 7245} 7246 7247 7248static int wpa_driver_nl80211_set_ap(void *priv, 7249 struct wpa_driver_ap_params *params) 7250{ 7251 struct i802_bss *bss = priv; 7252 struct wpa_driver_nl80211_data *drv = bss->drv; 7253 struct nl_msg *msg; 7254 u8 cmd = NL80211_CMD_NEW_BEACON; 7255 int ret; 7256 int beacon_set; 7257 int ifindex = if_nametoindex(bss->ifname); 7258 int num_suites; 7259 u32 suites[10], suite; 7260 u32 ver; 7261 7262 beacon_set = bss->beacon_set; 7263 7264 msg = nlmsg_alloc(); 7265 if (!msg) 7266 return -ENOMEM; 7267 7268 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 7269 beacon_set); 7270 if (beacon_set) 7271 cmd = NL80211_CMD_SET_BEACON; 7272 7273 nl80211_cmd(drv, msg, 0, cmd); 7274 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon head", 7275 params->head, params->head_len); 7276 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head); 7277 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon tail", 7278 params->tail, params->tail_len); 7279 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail); 7280 wpa_printf(MSG_DEBUG, "nl80211: ifindex=%d", ifindex); 7281 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 7282 wpa_printf(MSG_DEBUG, "nl80211: beacon_int=%d", params->beacon_int); 7283 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int); 7284 wpa_printf(MSG_DEBUG, "nl80211: dtim_period=%d", params->dtim_period); 7285 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period); 7286 wpa_hexdump_ascii(MSG_DEBUG, "nl80211: ssid", 7287 params->ssid, params->ssid_len); 7288 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 7289 params->ssid); 7290 if (params->proberesp && params->proberesp_len) { 7291 wpa_hexdump(MSG_DEBUG, "nl80211: proberesp (offload)", 7292 params->proberesp, params->proberesp_len); 7293 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len, 7294 params->proberesp); 7295 } 7296 switch (params->hide_ssid) { 7297 case NO_SSID_HIDING: 7298 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID not in use"); 7299 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7300 NL80211_HIDDEN_SSID_NOT_IN_USE); 7301 break; 7302 case HIDDEN_SSID_ZERO_LEN: 7303 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero len"); 7304 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7305 NL80211_HIDDEN_SSID_ZERO_LEN); 7306 break; 7307 case HIDDEN_SSID_ZERO_CONTENTS: 7308 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero contents"); 7309 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7310 NL80211_HIDDEN_SSID_ZERO_CONTENTS); 7311 break; 7312 } 7313 wpa_printf(MSG_DEBUG, "nl80211: privacy=%d", params->privacy); 7314 if (params->privacy) 7315 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 7316 wpa_printf(MSG_DEBUG, "nl80211: auth_algs=0x%x", params->auth_algs); 7317 if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) == 7318 (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) { 7319 /* Leave out the attribute */ 7320 } else if (params->auth_algs & WPA_AUTH_ALG_SHARED) 7321 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 7322 NL80211_AUTHTYPE_SHARED_KEY); 7323 else 7324 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 7325 NL80211_AUTHTYPE_OPEN_SYSTEM); 7326 7327 wpa_printf(MSG_DEBUG, "nl80211: wpa_version=0x%x", params->wpa_version); 7328 ver = 0; 7329 if (params->wpa_version & WPA_PROTO_WPA) 7330 ver |= NL80211_WPA_VERSION_1; 7331 if (params->wpa_version & WPA_PROTO_RSN) 7332 ver |= NL80211_WPA_VERSION_2; 7333 if (ver) 7334 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 7335 7336 wpa_printf(MSG_DEBUG, "nl80211: key_mgmt_suites=0x%x", 7337 params->key_mgmt_suites); 7338 num_suites = 0; 7339 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X) 7340 suites[num_suites++] = WLAN_AKM_SUITE_8021X; 7341 if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK) 7342 suites[num_suites++] = WLAN_AKM_SUITE_PSK; 7343 if (num_suites) { 7344 NLA_PUT(msg, NL80211_ATTR_AKM_SUITES, 7345 num_suites * sizeof(u32), suites); 7346 } 7347 7348 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X && 7349 params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)) 7350 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT); 7351 7352 wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x", 7353 params->pairwise_ciphers); 7354 num_suites = wpa_cipher_to_cipher_suites(params->pairwise_ciphers, 7355 suites, ARRAY_SIZE(suites)); 7356 if (num_suites) { 7357 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, 7358 num_suites * sizeof(u32), suites); 7359 } 7360 7361 wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x", 7362 params->group_cipher); 7363 suite = wpa_cipher_to_cipher_suite(params->group_cipher); 7364 if (suite) 7365 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite); 7366 7367 if (params->beacon_ies) { 7368 wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies", 7369 params->beacon_ies); 7370 NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies), 7371 wpabuf_head(params->beacon_ies)); 7372 } 7373 if (params->proberesp_ies) { 7374 wpa_hexdump_buf(MSG_DEBUG, "nl80211: proberesp_ies", 7375 params->proberesp_ies); 7376 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 7377 wpabuf_len(params->proberesp_ies), 7378 wpabuf_head(params->proberesp_ies)); 7379 } 7380 if (params->assocresp_ies) { 7381 wpa_hexdump_buf(MSG_DEBUG, "nl80211: assocresp_ies", 7382 params->assocresp_ies); 7383 NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP, 7384 wpabuf_len(params->assocresp_ies), 7385 wpabuf_head(params->assocresp_ies)); 7386 } 7387 7388 if (drv->capa.flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER) { 7389 wpa_printf(MSG_DEBUG, "nl80211: ap_max_inactivity=%d", 7390 params->ap_max_inactivity); 7391 NLA_PUT_U16(msg, NL80211_ATTR_INACTIVITY_TIMEOUT, 7392 params->ap_max_inactivity); 7393 } 7394 7395 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7396 if (ret) { 7397 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 7398 ret, strerror(-ret)); 7399 } else { 7400 bss->beacon_set = 1; 7401 nl80211_set_bss(bss, params->cts_protect, params->preamble, 7402 params->short_slot_time, params->ht_opmode, 7403 params->isolate, params->basic_rates); 7404 if (beacon_set && params->freq && 7405 params->freq->bandwidth != bss->bandwidth) { 7406 wpa_printf(MSG_DEBUG, 7407 "nl80211: Update BSS %s bandwidth: %d -> %d", 7408 bss->ifname, bss->bandwidth, 7409 params->freq->bandwidth); 7410 ret = nl80211_set_channel(bss, params->freq, 1); 7411 if (ret) { 7412 wpa_printf(MSG_DEBUG, 7413 "nl80211: Frequency set failed: %d (%s)", 7414 ret, strerror(-ret)); 7415 } else { 7416 wpa_printf(MSG_DEBUG, 7417 "nl80211: Frequency set succeeded for ht2040 coex"); 7418 bss->bandwidth = params->freq->bandwidth; 7419 } 7420 } else if (!beacon_set) { 7421 /* 7422 * cfg80211 updates the driver on frequence change in AP 7423 * mode only at the point when beaconing is started, so 7424 * set the initial value here. 7425 */ 7426 bss->bandwidth = params->freq->bandwidth; 7427 } 7428 } 7429 return ret; 7430 nla_put_failure: 7431 nlmsg_free(msg); 7432 return -ENOBUFS; 7433} 7434 7435 7436static int nl80211_put_freq_params(struct nl_msg *msg, 7437 struct hostapd_freq_params *freq) 7438{ 7439 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq); 7440 if (freq->vht_enabled) { 7441 switch (freq->bandwidth) { 7442 case 20: 7443 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7444 NL80211_CHAN_WIDTH_20); 7445 break; 7446 case 40: 7447 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7448 NL80211_CHAN_WIDTH_40); 7449 break; 7450 case 80: 7451 if (freq->center_freq2) 7452 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7453 NL80211_CHAN_WIDTH_80P80); 7454 else 7455 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7456 NL80211_CHAN_WIDTH_80); 7457 break; 7458 case 160: 7459 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7460 NL80211_CHAN_WIDTH_160); 7461 break; 7462 default: 7463 return -EINVAL; 7464 } 7465 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1); 7466 if (freq->center_freq2) 7467 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2, 7468 freq->center_freq2); 7469 } else if (freq->ht_enabled) { 7470 switch (freq->sec_channel_offset) { 7471 case -1: 7472 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7473 NL80211_CHAN_HT40MINUS); 7474 break; 7475 case 1: 7476 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7477 NL80211_CHAN_HT40PLUS); 7478 break; 7479 default: 7480 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7481 NL80211_CHAN_HT20); 7482 break; 7483 } 7484 } 7485 return 0; 7486 7487nla_put_failure: 7488 return -ENOBUFS; 7489} 7490 7491 7492static int nl80211_set_channel(struct i802_bss *bss, 7493 struct hostapd_freq_params *freq, int set_chan) 7494{ 7495 struct wpa_driver_nl80211_data *drv = bss->drv; 7496 struct nl_msg *msg; 7497 int ret; 7498 7499 wpa_printf(MSG_DEBUG, 7500 "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)", 7501 freq->freq, freq->ht_enabled, freq->vht_enabled, 7502 freq->bandwidth, freq->center_freq1, freq->center_freq2); 7503 msg = nlmsg_alloc(); 7504 if (!msg) 7505 return -1; 7506 7507 nl80211_cmd(drv, msg, 0, set_chan ? NL80211_CMD_SET_CHANNEL : 7508 NL80211_CMD_SET_WIPHY); 7509 7510 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7511 if (nl80211_put_freq_params(msg, freq) < 0) 7512 goto nla_put_failure; 7513 7514 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7515 msg = NULL; 7516 if (ret == 0) { 7517 bss->freq = freq->freq; 7518 return 0; 7519 } 7520 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 7521 "%d (%s)", freq->freq, ret, strerror(-ret)); 7522nla_put_failure: 7523 nlmsg_free(msg); 7524 return -1; 7525} 7526 7527 7528static u32 sta_flags_nl80211(int flags) 7529{ 7530 u32 f = 0; 7531 7532 if (flags & WPA_STA_AUTHORIZED) 7533 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 7534 if (flags & WPA_STA_WMM) 7535 f |= BIT(NL80211_STA_FLAG_WME); 7536 if (flags & WPA_STA_SHORT_PREAMBLE) 7537 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 7538 if (flags & WPA_STA_MFP) 7539 f |= BIT(NL80211_STA_FLAG_MFP); 7540 if (flags & WPA_STA_TDLS_PEER) 7541 f |= BIT(NL80211_STA_FLAG_TDLS_PEER); 7542 7543 return f; 7544} 7545 7546 7547static int wpa_driver_nl80211_sta_add(void *priv, 7548 struct hostapd_sta_add_params *params) 7549{ 7550 struct i802_bss *bss = priv; 7551 struct wpa_driver_nl80211_data *drv = bss->drv; 7552 struct nl_msg *msg; 7553 struct nl80211_sta_flag_update upd; 7554 int ret = -ENOBUFS; 7555 7556 if ((params->flags & WPA_STA_TDLS_PEER) && 7557 !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 7558 return -EOPNOTSUPP; 7559 7560 msg = nlmsg_alloc(); 7561 if (!msg) 7562 return -ENOMEM; 7563 7564 wpa_printf(MSG_DEBUG, "nl80211: %s STA " MACSTR, 7565 params->set ? "Set" : "Add", MAC2STR(params->addr)); 7566 nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION : 7567 NL80211_CMD_NEW_STATION); 7568 7569 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 7570 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 7571 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 7572 params->supp_rates); 7573 wpa_hexdump(MSG_DEBUG, " * supported rates", params->supp_rates, 7574 params->supp_rates_len); 7575 if (!params->set) { 7576 if (params->aid) { 7577 wpa_printf(MSG_DEBUG, " * aid=%u", params->aid); 7578 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 7579 } else { 7580 /* 7581 * cfg80211 validates that AID is non-zero, so we have 7582 * to make this a non-zero value for the TDLS case where 7583 * a dummy STA entry is used for now. 7584 */ 7585 wpa_printf(MSG_DEBUG, " * aid=1 (TDLS workaround)"); 7586 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, 1); 7587 } 7588 wpa_printf(MSG_DEBUG, " * listen_interval=%u", 7589 params->listen_interval); 7590 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 7591 params->listen_interval); 7592 } else if (params->aid && (params->flags & WPA_STA_TDLS_PEER)) { 7593 wpa_printf(MSG_DEBUG, " * peer_aid=%u", params->aid); 7594 NLA_PUT_U16(msg, NL80211_ATTR_PEER_AID, params->aid); 7595 } 7596 if (params->ht_capabilities) { 7597 wpa_hexdump(MSG_DEBUG, " * ht_capabilities", 7598 (u8 *) params->ht_capabilities, 7599 sizeof(*params->ht_capabilities)); 7600 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 7601 sizeof(*params->ht_capabilities), 7602 params->ht_capabilities); 7603 } 7604 7605 if (params->vht_capabilities) { 7606 wpa_hexdump(MSG_DEBUG, " * vht_capabilities", 7607 (u8 *) params->vht_capabilities, 7608 sizeof(*params->vht_capabilities)); 7609 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, 7610 sizeof(*params->vht_capabilities), 7611 params->vht_capabilities); 7612 } 7613 7614 if (params->vht_opmode_enabled) { 7615 wpa_printf(MSG_DEBUG, " * opmode=%u", params->vht_opmode); 7616 NLA_PUT_U8(msg, NL80211_ATTR_OPMODE_NOTIF, 7617 params->vht_opmode); 7618 } 7619 7620 wpa_printf(MSG_DEBUG, " * capability=0x%x", params->capability); 7621 NLA_PUT_U16(msg, NL80211_ATTR_STA_CAPABILITY, params->capability); 7622 7623 if (params->ext_capab) { 7624 wpa_hexdump(MSG_DEBUG, " * ext_capab", 7625 params->ext_capab, params->ext_capab_len); 7626 NLA_PUT(msg, NL80211_ATTR_STA_EXT_CAPABILITY, 7627 params->ext_capab_len, params->ext_capab); 7628 } 7629 7630 if (params->supp_channels) { 7631 wpa_hexdump(MSG_DEBUG, " * supported channels", 7632 params->supp_channels, params->supp_channels_len); 7633 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_CHANNELS, 7634 params->supp_channels_len, params->supp_channels); 7635 } 7636 7637 if (params->supp_oper_classes) { 7638 wpa_hexdump(MSG_DEBUG, " * supported operating classes", 7639 params->supp_oper_classes, 7640 params->supp_oper_classes_len); 7641 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES, 7642 params->supp_oper_classes_len, 7643 params->supp_oper_classes); 7644 } 7645 7646 os_memset(&upd, 0, sizeof(upd)); 7647 upd.mask = sta_flags_nl80211(params->flags); 7648 upd.set = upd.mask; 7649 wpa_printf(MSG_DEBUG, " * flags set=0x%x mask=0x%x", 7650 upd.set, upd.mask); 7651 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 7652 7653 if (params->flags & WPA_STA_WMM) { 7654 struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME); 7655 7656 if (!wme) 7657 goto nla_put_failure; 7658 7659 wpa_printf(MSG_DEBUG, " * qosinfo=0x%x", params->qosinfo); 7660 NLA_PUT_U8(msg, NL80211_STA_WME_UAPSD_QUEUES, 7661 params->qosinfo & WMM_QOSINFO_STA_AC_MASK); 7662 NLA_PUT_U8(msg, NL80211_STA_WME_MAX_SP, 7663 (params->qosinfo >> WMM_QOSINFO_STA_SP_SHIFT) & 7664 WMM_QOSINFO_STA_SP_MASK); 7665 nla_nest_end(msg, wme); 7666 } 7667 7668 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7669 msg = NULL; 7670 if (ret) 7671 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION " 7672 "result: %d (%s)", params->set ? "SET" : "NEW", ret, 7673 strerror(-ret)); 7674 if (ret == -EEXIST) 7675 ret = 0; 7676 nla_put_failure: 7677 nlmsg_free(msg); 7678 return ret; 7679} 7680 7681 7682static int wpa_driver_nl80211_sta_remove(struct i802_bss *bss, const u8 *addr) 7683{ 7684 struct wpa_driver_nl80211_data *drv = bss->drv; 7685 struct nl_msg *msg; 7686 int ret; 7687 7688 msg = nlmsg_alloc(); 7689 if (!msg) 7690 return -ENOMEM; 7691 7692 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 7693 7694 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 7695 if_nametoindex(bss->ifname)); 7696 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7697 7698 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7699 wpa_printf(MSG_DEBUG, "nl80211: sta_remove -> DEL_STATION %s " MACSTR 7700 " --> %d (%s)", 7701 bss->ifname, MAC2STR(addr), ret, strerror(-ret)); 7702 if (ret == -ENOENT) 7703 return 0; 7704 return ret; 7705 nla_put_failure: 7706 nlmsg_free(msg); 7707 return -ENOBUFS; 7708} 7709 7710 7711static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 7712 int ifidx) 7713{ 7714 struct nl_msg *msg; 7715 struct wpa_driver_nl80211_data *drv2; 7716 7717 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 7718 7719 /* stop listening for EAPOL on this interface */ 7720 dl_list_for_each(drv2, &drv->global->interfaces, 7721 struct wpa_driver_nl80211_data, list) 7722 del_ifidx(drv2, ifidx); 7723 7724 msg = nlmsg_alloc(); 7725 if (!msg) 7726 goto nla_put_failure; 7727 7728 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 7729 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 7730 7731 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 7732 return; 7733 msg = NULL; 7734 nla_put_failure: 7735 nlmsg_free(msg); 7736 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 7737} 7738 7739 7740static const char * nl80211_iftype_str(enum nl80211_iftype mode) 7741{ 7742 switch (mode) { 7743 case NL80211_IFTYPE_ADHOC: 7744 return "ADHOC"; 7745 case NL80211_IFTYPE_STATION: 7746 return "STATION"; 7747 case NL80211_IFTYPE_AP: 7748 return "AP"; 7749 case NL80211_IFTYPE_AP_VLAN: 7750 return "AP_VLAN"; 7751 case NL80211_IFTYPE_WDS: 7752 return "WDS"; 7753 case NL80211_IFTYPE_MONITOR: 7754 return "MONITOR"; 7755 case NL80211_IFTYPE_MESH_POINT: 7756 return "MESH_POINT"; 7757 case NL80211_IFTYPE_P2P_CLIENT: 7758 return "P2P_CLIENT"; 7759 case NL80211_IFTYPE_P2P_GO: 7760 return "P2P_GO"; 7761 case NL80211_IFTYPE_P2P_DEVICE: 7762 return "P2P_DEVICE"; 7763 default: 7764 return "unknown"; 7765 } 7766} 7767 7768 7769static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 7770 const char *ifname, 7771 enum nl80211_iftype iftype, 7772 const u8 *addr, int wds, 7773 int (*handler)(struct nl_msg *, void *), 7774 void *arg) 7775{ 7776 struct nl_msg *msg; 7777 int ifidx; 7778 int ret = -ENOBUFS; 7779 7780 wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)", 7781 iftype, nl80211_iftype_str(iftype)); 7782 7783 msg = nlmsg_alloc(); 7784 if (!msg) 7785 return -1; 7786 7787 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE); 7788 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 7789 goto nla_put_failure; 7790 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 7791 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 7792 7793 if (iftype == NL80211_IFTYPE_MONITOR) { 7794 struct nlattr *flags; 7795 7796 flags = nla_nest_start(msg, NL80211_ATTR_MNTR_FLAGS); 7797 if (!flags) 7798 goto nla_put_failure; 7799 7800 NLA_PUT_FLAG(msg, NL80211_MNTR_FLAG_COOK_FRAMES); 7801 7802 nla_nest_end(msg, flags); 7803 } else if (wds) { 7804 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 7805 } 7806 7807 /* 7808 * Tell cfg80211 that the interface belongs to the socket that created 7809 * it, and the interface should be deleted when the socket is closed. 7810 */ 7811 NLA_PUT_FLAG(msg, NL80211_ATTR_IFACE_SOCKET_OWNER); 7812 7813 ret = send_and_recv_msgs(drv, msg, handler, arg); 7814 msg = NULL; 7815 if (ret) { 7816 nla_put_failure: 7817 nlmsg_free(msg); 7818 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 7819 ifname, ret, strerror(-ret)); 7820 return ret; 7821 } 7822 7823 if (iftype == NL80211_IFTYPE_P2P_DEVICE) 7824 return 0; 7825 7826 ifidx = if_nametoindex(ifname); 7827 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 7828 ifname, ifidx); 7829 7830 if (ifidx <= 0) 7831 return -1; 7832 7833 /* 7834 * Some virtual interfaces need to process EAPOL packets and events on 7835 * the parent interface. This is used mainly with hostapd. 7836 */ 7837 if (drv->hostapd || 7838 iftype == NL80211_IFTYPE_AP_VLAN || 7839 iftype == NL80211_IFTYPE_WDS || 7840 iftype == NL80211_IFTYPE_MONITOR) { 7841 /* start listening for EAPOL on this interface */ 7842 add_ifidx(drv, ifidx); 7843 } 7844 7845 if (addr && iftype != NL80211_IFTYPE_MONITOR && 7846 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) { 7847 nl80211_remove_iface(drv, ifidx); 7848 return -1; 7849 } 7850 7851 return ifidx; 7852} 7853 7854 7855static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 7856 const char *ifname, enum nl80211_iftype iftype, 7857 const u8 *addr, int wds, 7858 int (*handler)(struct nl_msg *, void *), 7859 void *arg, int use_existing) 7860{ 7861 int ret; 7862 7863 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds, handler, 7864 arg); 7865 7866 /* if error occurred and interface exists already */ 7867 if (ret == -ENFILE && if_nametoindex(ifname)) { 7868 if (use_existing) { 7869 wpa_printf(MSG_DEBUG, "nl80211: Continue using existing interface %s", 7870 ifname); 7871 if (addr && iftype != NL80211_IFTYPE_MONITOR && 7872 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 7873 addr) < 0 && 7874 (linux_set_iface_flags(drv->global->ioctl_sock, 7875 ifname, 0) < 0 || 7876 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 7877 addr) < 0 || 7878 linux_set_iface_flags(drv->global->ioctl_sock, 7879 ifname, 1) < 0)) 7880 return -1; 7881 return -ENFILE; 7882 } 7883 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 7884 7885 /* Try to remove the interface that was already there. */ 7886 nl80211_remove_iface(drv, if_nametoindex(ifname)); 7887 7888 /* Try to create the interface again */ 7889 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 7890 wds, handler, arg); 7891 } 7892 7893 if (ret >= 0 && is_p2p_net_interface(iftype)) 7894 nl80211_disable_11b_rates(drv, ret, 1); 7895 7896 return ret; 7897} 7898 7899 7900static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 7901{ 7902 struct ieee80211_hdr *hdr; 7903 u16 fc; 7904 union wpa_event_data event; 7905 7906 hdr = (struct ieee80211_hdr *) buf; 7907 fc = le_to_host16(hdr->frame_control); 7908 7909 os_memset(&event, 0, sizeof(event)); 7910 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 7911 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 7912 event.tx_status.dst = hdr->addr1; 7913 event.tx_status.data = buf; 7914 event.tx_status.data_len = len; 7915 event.tx_status.ack = ok; 7916 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 7917} 7918 7919 7920static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 7921 u8 *buf, size_t len) 7922{ 7923 struct ieee80211_hdr *hdr = (void *)buf; 7924 u16 fc; 7925 union wpa_event_data event; 7926 7927 if (len < sizeof(*hdr)) 7928 return; 7929 7930 fc = le_to_host16(hdr->frame_control); 7931 7932 os_memset(&event, 0, sizeof(event)); 7933 event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len); 7934 event.rx_from_unknown.addr = hdr->addr2; 7935 event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) == 7936 (WLAN_FC_FROMDS | WLAN_FC_TODS); 7937 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 7938} 7939 7940 7941static void handle_frame(struct wpa_driver_nl80211_data *drv, 7942 u8 *buf, size_t len, int datarate, int ssi_signal) 7943{ 7944 struct ieee80211_hdr *hdr; 7945 u16 fc; 7946 union wpa_event_data event; 7947 7948 hdr = (struct ieee80211_hdr *) buf; 7949 fc = le_to_host16(hdr->frame_control); 7950 7951 switch (WLAN_FC_GET_TYPE(fc)) { 7952 case WLAN_FC_TYPE_MGMT: 7953 os_memset(&event, 0, sizeof(event)); 7954 event.rx_mgmt.frame = buf; 7955 event.rx_mgmt.frame_len = len; 7956 event.rx_mgmt.datarate = datarate; 7957 event.rx_mgmt.ssi_signal = ssi_signal; 7958 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 7959 break; 7960 case WLAN_FC_TYPE_CTRL: 7961 /* can only get here with PS-Poll frames */ 7962 wpa_printf(MSG_DEBUG, "CTRL"); 7963 from_unknown_sta(drv, buf, len); 7964 break; 7965 case WLAN_FC_TYPE_DATA: 7966 from_unknown_sta(drv, buf, len); 7967 break; 7968 } 7969} 7970 7971 7972static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 7973{ 7974 struct wpa_driver_nl80211_data *drv = eloop_ctx; 7975 int len; 7976 unsigned char buf[3000]; 7977 struct ieee80211_radiotap_iterator iter; 7978 int ret; 7979 int datarate = 0, ssi_signal = 0; 7980 int injected = 0, failed = 0, rxflags = 0; 7981 7982 len = recv(sock, buf, sizeof(buf), 0); 7983 if (len < 0) { 7984 wpa_printf(MSG_ERROR, "nl80211: Monitor socket recv failed: %s", 7985 strerror(errno)); 7986 return; 7987 } 7988 7989 if (ieee80211_radiotap_iterator_init(&iter, (void *) buf, len, NULL)) { 7990 wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame"); 7991 return; 7992 } 7993 7994 while (1) { 7995 ret = ieee80211_radiotap_iterator_next(&iter); 7996 if (ret == -ENOENT) 7997 break; 7998 if (ret) { 7999 wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame (%d)", 8000 ret); 8001 return; 8002 } 8003 switch (iter.this_arg_index) { 8004 case IEEE80211_RADIOTAP_FLAGS: 8005 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 8006 len -= 4; 8007 break; 8008 case IEEE80211_RADIOTAP_RX_FLAGS: 8009 rxflags = 1; 8010 break; 8011 case IEEE80211_RADIOTAP_TX_FLAGS: 8012 injected = 1; 8013 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 8014 IEEE80211_RADIOTAP_F_TX_FAIL; 8015 break; 8016 case IEEE80211_RADIOTAP_DATA_RETRIES: 8017 break; 8018 case IEEE80211_RADIOTAP_CHANNEL: 8019 /* TODO: convert from freq/flags to channel number */ 8020 break; 8021 case IEEE80211_RADIOTAP_RATE: 8022 datarate = *iter.this_arg * 5; 8023 break; 8024 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: 8025 ssi_signal = (s8) *iter.this_arg; 8026 break; 8027 } 8028 } 8029 8030 if (rxflags && injected) 8031 return; 8032 8033 if (!injected) 8034 handle_frame(drv, buf + iter._max_length, 8035 len - iter._max_length, datarate, ssi_signal); 8036 else 8037 handle_tx_callback(drv->ctx, buf + iter._max_length, 8038 len - iter._max_length, !failed); 8039} 8040 8041 8042/* 8043 * we post-process the filter code later and rewrite 8044 * this to the offset to the last instruction 8045 */ 8046#define PASS 0xFF 8047#define FAIL 0xFE 8048 8049static struct sock_filter msock_filter_insns[] = { 8050 /* 8051 * do a little-endian load of the radiotap length field 8052 */ 8053 /* load lower byte into A */ 8054 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 8055 /* put it into X (== index register) */ 8056 BPF_STMT(BPF_MISC| BPF_TAX, 0), 8057 /* load upper byte into A */ 8058 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 8059 /* left-shift it by 8 */ 8060 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 8061 /* or with X */ 8062 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 8063 /* put result into X */ 8064 BPF_STMT(BPF_MISC| BPF_TAX, 0), 8065 8066 /* 8067 * Allow management frames through, this also gives us those 8068 * management frames that we sent ourselves with status 8069 */ 8070 /* load the lower byte of the IEEE 802.11 frame control field */ 8071 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 8072 /* mask off frame type and version */ 8073 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 8074 /* accept frame if it's both 0, fall through otherwise */ 8075 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 8076 8077 /* 8078 * TODO: add a bit to radiotap RX flags that indicates 8079 * that the sending station is not associated, then 8080 * add a filter here that filters on our DA and that flag 8081 * to allow us to deauth frames to that bad station. 8082 * 8083 * For now allow all To DS data frames through. 8084 */ 8085 /* load the IEEE 802.11 frame control field */ 8086 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0), 8087 /* mask off frame type, version and DS status */ 8088 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03), 8089 /* accept frame if version 0, type 2 and To DS, fall through otherwise 8090 */ 8091 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0), 8092 8093#if 0 8094 /* 8095 * drop non-data frames 8096 */ 8097 /* load the lower byte of the frame control field */ 8098 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 8099 /* mask off QoS bit */ 8100 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 8101 /* drop non-data frames */ 8102 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 8103#endif 8104 /* load the upper byte of the frame control field */ 8105 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 8106 /* mask off toDS/fromDS */ 8107 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 8108 /* accept WDS frames */ 8109 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 8110 8111 /* 8112 * add header length to index 8113 */ 8114 /* load the lower byte of the frame control field */ 8115 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 8116 /* mask off QoS bit */ 8117 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 8118 /* right shift it by 6 to give 0 or 2 */ 8119 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 8120 /* add data frame header length */ 8121 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 8122 /* add index, was start of 802.11 header */ 8123 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 8124 /* move to index, now start of LL header */ 8125 BPF_STMT(BPF_MISC | BPF_TAX, 0), 8126 8127 /* 8128 * Accept empty data frames, we use those for 8129 * polling activity. 8130 */ 8131 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 8132 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 8133 8134 /* 8135 * Accept EAPOL frames 8136 */ 8137 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 8138 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 8139 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 8140 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 8141 8142 /* keep these last two statements or change the code below */ 8143 /* return 0 == "DROP" */ 8144 BPF_STMT(BPF_RET | BPF_K, 0), 8145 /* return ~0 == "keep all" */ 8146 BPF_STMT(BPF_RET | BPF_K, ~0), 8147}; 8148 8149static struct sock_fprog msock_filter = { 8150 .len = ARRAY_SIZE(msock_filter_insns), 8151 .filter = msock_filter_insns, 8152}; 8153 8154 8155static int add_monitor_filter(int s) 8156{ 8157 int idx; 8158 8159 /* rewrite all PASS/FAIL jump offsets */ 8160 for (idx = 0; idx < msock_filter.len; idx++) { 8161 struct sock_filter *insn = &msock_filter_insns[idx]; 8162 8163 if (BPF_CLASS(insn->code) == BPF_JMP) { 8164 if (insn->code == (BPF_JMP|BPF_JA)) { 8165 if (insn->k == PASS) 8166 insn->k = msock_filter.len - idx - 2; 8167 else if (insn->k == FAIL) 8168 insn->k = msock_filter.len - idx - 3; 8169 } 8170 8171 if (insn->jt == PASS) 8172 insn->jt = msock_filter.len - idx - 2; 8173 else if (insn->jt == FAIL) 8174 insn->jt = msock_filter.len - idx - 3; 8175 8176 if (insn->jf == PASS) 8177 insn->jf = msock_filter.len - idx - 2; 8178 else if (insn->jf == FAIL) 8179 insn->jf = msock_filter.len - idx - 3; 8180 } 8181 } 8182 8183 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 8184 &msock_filter, sizeof(msock_filter))) { 8185 wpa_printf(MSG_ERROR, "nl80211: setsockopt(SO_ATTACH_FILTER) failed: %s", 8186 strerror(errno)); 8187 return -1; 8188 } 8189 8190 return 0; 8191} 8192 8193 8194static void nl80211_remove_monitor_interface( 8195 struct wpa_driver_nl80211_data *drv) 8196{ 8197 if (drv->monitor_refcount > 0) 8198 drv->monitor_refcount--; 8199 wpa_printf(MSG_DEBUG, "nl80211: Remove monitor interface: refcount=%d", 8200 drv->monitor_refcount); 8201 if (drv->monitor_refcount > 0) 8202 return; 8203 8204 if (drv->monitor_ifidx >= 0) { 8205 nl80211_remove_iface(drv, drv->monitor_ifidx); 8206 drv->monitor_ifidx = -1; 8207 } 8208 if (drv->monitor_sock >= 0) { 8209 eloop_unregister_read_sock(drv->monitor_sock); 8210 close(drv->monitor_sock); 8211 drv->monitor_sock = -1; 8212 } 8213} 8214 8215 8216static int 8217nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 8218{ 8219 char buf[IFNAMSIZ]; 8220 struct sockaddr_ll ll; 8221 int optval; 8222 socklen_t optlen; 8223 8224 if (drv->monitor_ifidx >= 0) { 8225 drv->monitor_refcount++; 8226 wpa_printf(MSG_DEBUG, "nl80211: Re-use existing monitor interface: refcount=%d", 8227 drv->monitor_refcount); 8228 return 0; 8229 } 8230 8231 if (os_strncmp(drv->first_bss->ifname, "p2p-", 4) == 0) { 8232 /* 8233 * P2P interface name is of the format p2p-%s-%d. For monitor 8234 * interface name corresponding to P2P GO, replace "p2p-" with 8235 * "mon-" to retain the same interface name length and to 8236 * indicate that it is a monitor interface. 8237 */ 8238 snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss->ifname + 4); 8239 } else { 8240 /* Non-P2P interface with AP functionality. */ 8241 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss->ifname); 8242 } 8243 8244 buf[IFNAMSIZ - 1] = '\0'; 8245 8246 drv->monitor_ifidx = 8247 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 8248 0, NULL, NULL, 0); 8249 8250 if (drv->monitor_ifidx == -EOPNOTSUPP) { 8251 /* 8252 * This is backward compatibility for a few versions of 8253 * the kernel only that didn't advertise the right 8254 * attributes for the only driver that then supported 8255 * AP mode w/o monitor -- ath6kl. 8256 */ 8257 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support " 8258 "monitor interface type - try to run without it"); 8259 drv->device_ap_sme = 1; 8260 } 8261 8262 if (drv->monitor_ifidx < 0) 8263 return -1; 8264 8265 if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1)) 8266 goto error; 8267 8268 memset(&ll, 0, sizeof(ll)); 8269 ll.sll_family = AF_PACKET; 8270 ll.sll_ifindex = drv->monitor_ifidx; 8271 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 8272 if (drv->monitor_sock < 0) { 8273 wpa_printf(MSG_ERROR, "nl80211: socket[PF_PACKET,SOCK_RAW] failed: %s", 8274 strerror(errno)); 8275 goto error; 8276 } 8277 8278 if (add_monitor_filter(drv->monitor_sock)) { 8279 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 8280 "interface; do filtering in user space"); 8281 /* This works, but will cost in performance. */ 8282 } 8283 8284 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 8285 wpa_printf(MSG_ERROR, "nl80211: monitor socket bind failed: %s", 8286 strerror(errno)); 8287 goto error; 8288 } 8289 8290 optlen = sizeof(optval); 8291 optval = 20; 8292 if (setsockopt 8293 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 8294 wpa_printf(MSG_ERROR, "nl80211: Failed to set socket priority: %s", 8295 strerror(errno)); 8296 goto error; 8297 } 8298 8299 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 8300 drv, NULL)) { 8301 wpa_printf(MSG_INFO, "nl80211: Could not register monitor read socket"); 8302 goto error; 8303 } 8304 8305 drv->monitor_refcount++; 8306 return 0; 8307 error: 8308 nl80211_remove_monitor_interface(drv); 8309 return -1; 8310} 8311 8312 8313static int nl80211_setup_ap(struct i802_bss *bss) 8314{ 8315 struct wpa_driver_nl80211_data *drv = bss->drv; 8316 8317 wpa_printf(MSG_DEBUG, "nl80211: Setup AP(%s) - device_ap_sme=%d use_monitor=%d", 8318 bss->ifname, drv->device_ap_sme, drv->use_monitor); 8319 8320 /* 8321 * Disable Probe Request reporting unless we need it in this way for 8322 * devices that include the AP SME, in the other case (unless using 8323 * monitor iface) we'll get it through the nl_mgmt socket instead. 8324 */ 8325 if (!drv->device_ap_sme) 8326 wpa_driver_nl80211_probe_req_report(bss, 0); 8327 8328 if (!drv->device_ap_sme && !drv->use_monitor) 8329 if (nl80211_mgmt_subscribe_ap(bss)) 8330 return -1; 8331 8332 if (drv->device_ap_sme && !drv->use_monitor) 8333 if (nl80211_mgmt_subscribe_ap_dev_sme(bss)) 8334 return -1; 8335 8336 if (!drv->device_ap_sme && drv->use_monitor && 8337 nl80211_create_monitor_interface(drv) && 8338 !drv->device_ap_sme) 8339 return -1; 8340 8341 if (drv->device_ap_sme && 8342 wpa_driver_nl80211_probe_req_report(bss, 1) < 0) { 8343 wpa_printf(MSG_DEBUG, "nl80211: Failed to enable " 8344 "Probe Request frame reporting in AP mode"); 8345 /* Try to survive without this */ 8346 } 8347 8348 return 0; 8349} 8350 8351 8352static void nl80211_teardown_ap(struct i802_bss *bss) 8353{ 8354 struct wpa_driver_nl80211_data *drv = bss->drv; 8355 8356 wpa_printf(MSG_DEBUG, "nl80211: Teardown AP(%s) - device_ap_sme=%d use_monitor=%d", 8357 bss->ifname, drv->device_ap_sme, drv->use_monitor); 8358 if (drv->device_ap_sme) { 8359 wpa_driver_nl80211_probe_req_report(bss, 0); 8360 if (!drv->use_monitor) 8361 nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)"); 8362 } else if (drv->use_monitor) 8363 nl80211_remove_monitor_interface(drv); 8364 else 8365 nl80211_mgmt_unsubscribe(bss, "AP teardown"); 8366 8367 bss->beacon_set = 0; 8368} 8369 8370 8371static int nl80211_send_eapol_data(struct i802_bss *bss, 8372 const u8 *addr, const u8 *data, 8373 size_t data_len) 8374{ 8375 struct sockaddr_ll ll; 8376 int ret; 8377 8378 if (bss->drv->eapol_tx_sock < 0) { 8379 wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL"); 8380 return -1; 8381 } 8382 8383 os_memset(&ll, 0, sizeof(ll)); 8384 ll.sll_family = AF_PACKET; 8385 ll.sll_ifindex = bss->ifindex; 8386 ll.sll_protocol = htons(ETH_P_PAE); 8387 ll.sll_halen = ETH_ALEN; 8388 os_memcpy(ll.sll_addr, addr, ETH_ALEN); 8389 ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0, 8390 (struct sockaddr *) &ll, sizeof(ll)); 8391 if (ret < 0) 8392 wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s", 8393 strerror(errno)); 8394 8395 return ret; 8396} 8397 8398 8399static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 8400 8401static int wpa_driver_nl80211_hapd_send_eapol( 8402 void *priv, const u8 *addr, const u8 *data, 8403 size_t data_len, int encrypt, const u8 *own_addr, u32 flags) 8404{ 8405 struct i802_bss *bss = priv; 8406 struct wpa_driver_nl80211_data *drv = bss->drv; 8407 struct ieee80211_hdr *hdr; 8408 size_t len; 8409 u8 *pos; 8410 int res; 8411 int qos = flags & WPA_STA_WMM; 8412 8413 if (drv->device_ap_sme || !drv->use_monitor) 8414 return nl80211_send_eapol_data(bss, addr, data, data_len); 8415 8416 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 8417 data_len; 8418 hdr = os_zalloc(len); 8419 if (hdr == NULL) { 8420 wpa_printf(MSG_INFO, "nl80211: Failed to allocate EAPOL buffer(len=%lu)", 8421 (unsigned long) len); 8422 return -1; 8423 } 8424 8425 hdr->frame_control = 8426 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 8427 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 8428 if (encrypt) 8429 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 8430 if (qos) { 8431 hdr->frame_control |= 8432 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 8433 } 8434 8435 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 8436 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 8437 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 8438 pos = (u8 *) (hdr + 1); 8439 8440 if (qos) { 8441 /* Set highest priority in QoS header */ 8442 pos[0] = 7; 8443 pos[1] = 0; 8444 pos += 2; 8445 } 8446 8447 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 8448 pos += sizeof(rfc1042_header); 8449 WPA_PUT_BE16(pos, ETH_P_PAE); 8450 pos += 2; 8451 memcpy(pos, data, data_len); 8452 8453 res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0, 8454 0, 0, 0, 0); 8455 if (res < 0) { 8456 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 8457 "failed: %d (%s)", 8458 (unsigned long) len, errno, strerror(errno)); 8459 } 8460 os_free(hdr); 8461 8462 return res; 8463} 8464 8465 8466static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 8467 int total_flags, 8468 int flags_or, int flags_and) 8469{ 8470 struct i802_bss *bss = priv; 8471 struct wpa_driver_nl80211_data *drv = bss->drv; 8472 struct nl_msg *msg; 8473 struct nlattr *flags; 8474 struct nl80211_sta_flag_update upd; 8475 8476 msg = nlmsg_alloc(); 8477 if (!msg) 8478 return -ENOMEM; 8479 8480 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 8481 8482 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 8483 if_nametoindex(bss->ifname)); 8484 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8485 8486 /* 8487 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 8488 * can be removed eventually. 8489 */ 8490 flags = nla_nest_start(msg, NL80211_ATTR_STA_FLAGS); 8491 if (!flags) 8492 goto nla_put_failure; 8493 if (total_flags & WPA_STA_AUTHORIZED) 8494 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_AUTHORIZED); 8495 8496 if (total_flags & WPA_STA_WMM) 8497 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_WME); 8498 8499 if (total_flags & WPA_STA_SHORT_PREAMBLE) 8500 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_SHORT_PREAMBLE); 8501 8502 if (total_flags & WPA_STA_MFP) 8503 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_MFP); 8504 8505 if (total_flags & WPA_STA_TDLS_PEER) 8506 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_TDLS_PEER); 8507 8508 nla_nest_end(msg, flags); 8509 8510 os_memset(&upd, 0, sizeof(upd)); 8511 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 8512 upd.set = sta_flags_nl80211(flags_or); 8513 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 8514 8515 return send_and_recv_msgs(drv, msg, NULL, NULL); 8516 nla_put_failure: 8517 nlmsg_free(msg); 8518 return -ENOBUFS; 8519} 8520 8521 8522static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 8523 struct wpa_driver_associate_params *params) 8524{ 8525 enum nl80211_iftype nlmode, old_mode; 8526 struct hostapd_freq_params freq = { 8527 .freq = params->freq, 8528 }; 8529 8530 if (params->p2p) { 8531 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P " 8532 "group (GO)"); 8533 nlmode = NL80211_IFTYPE_P2P_GO; 8534 } else 8535 nlmode = NL80211_IFTYPE_AP; 8536 8537 old_mode = drv->nlmode; 8538 if (wpa_driver_nl80211_set_mode(drv->first_bss, nlmode)) { 8539 nl80211_remove_monitor_interface(drv); 8540 return -1; 8541 } 8542 8543 if (nl80211_set_channel(drv->first_bss, &freq, 0)) { 8544 if (old_mode != nlmode) 8545 wpa_driver_nl80211_set_mode(drv->first_bss, old_mode); 8546 nl80211_remove_monitor_interface(drv); 8547 return -1; 8548 } 8549 8550 return 0; 8551} 8552 8553 8554static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 8555{ 8556 struct nl_msg *msg; 8557 int ret = -1; 8558 8559 msg = nlmsg_alloc(); 8560 if (!msg) 8561 return -1; 8562 8563 nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS); 8564 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8565 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8566 msg = NULL; 8567 if (ret) { 8568 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 8569 "(%s)", ret, strerror(-ret)); 8570 goto nla_put_failure; 8571 } 8572 8573 ret = 0; 8574 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 8575 8576nla_put_failure: 8577 if (wpa_driver_nl80211_set_mode(drv->first_bss, 8578 NL80211_IFTYPE_STATION)) { 8579 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 8580 "station mode"); 8581 } 8582 8583 nlmsg_free(msg); 8584 return ret; 8585} 8586 8587 8588static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 8589 struct wpa_driver_associate_params *params) 8590{ 8591 struct nl_msg *msg; 8592 int ret = -1; 8593 int count = 0; 8594 8595 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 8596 8597 if (wpa_driver_nl80211_set_mode(drv->first_bss, 8598 NL80211_IFTYPE_ADHOC)) { 8599 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 8600 "IBSS mode"); 8601 return -1; 8602 } 8603 8604retry: 8605 msg = nlmsg_alloc(); 8606 if (!msg) 8607 return -1; 8608 8609 nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS); 8610 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8611 8612 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 8613 goto nla_put_failure; 8614 8615 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 8616 params->ssid, params->ssid_len); 8617 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 8618 params->ssid); 8619 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 8620 drv->ssid_len = params->ssid_len; 8621 8622 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 8623 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 8624 8625 if (params->beacon_int > 0) { 8626 wpa_printf(MSG_DEBUG, " * beacon_int=%d", params->beacon_int); 8627 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, 8628 params->beacon_int); 8629 } 8630 8631 ret = nl80211_set_conn_keys(params, msg); 8632 if (ret) 8633 goto nla_put_failure; 8634 8635 if (params->bssid && params->fixed_bssid) { 8636 wpa_printf(MSG_DEBUG, " * BSSID=" MACSTR, 8637 MAC2STR(params->bssid)); 8638 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 8639 } 8640 8641 if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X || 8642 params->key_mgmt_suite == WPA_KEY_MGMT_PSK || 8643 params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 || 8644 params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) { 8645 wpa_printf(MSG_DEBUG, " * control port"); 8646 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 8647 } 8648 8649 if (params->wpa_ie) { 8650 wpa_hexdump(MSG_DEBUG, 8651 " * Extra IEs for Beacon/Probe Response frames", 8652 params->wpa_ie, params->wpa_ie_len); 8653 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 8654 params->wpa_ie); 8655 } 8656 8657 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8658 msg = NULL; 8659 if (ret) { 8660 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 8661 ret, strerror(-ret)); 8662 count++; 8663 if (ret == -EALREADY && count == 1) { 8664 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 8665 "forced leave"); 8666 nl80211_leave_ibss(drv); 8667 nlmsg_free(msg); 8668 goto retry; 8669 } 8670 8671 goto nla_put_failure; 8672 } 8673 ret = 0; 8674 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 8675 8676nla_put_failure: 8677 nlmsg_free(msg); 8678 return ret; 8679} 8680 8681 8682static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, 8683 struct wpa_driver_associate_params *params, 8684 struct nl_msg *msg) 8685{ 8686 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8687 8688 if (params->bssid) { 8689 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 8690 MAC2STR(params->bssid)); 8691 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 8692 } 8693 8694 if (params->bssid_hint) { 8695 wpa_printf(MSG_DEBUG, " * bssid_hint=" MACSTR, 8696 MAC2STR(params->bssid_hint)); 8697 NLA_PUT(msg, NL80211_ATTR_MAC_HINT, ETH_ALEN, 8698 params->bssid_hint); 8699 } 8700 8701 if (params->freq) { 8702 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 8703 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 8704 drv->assoc_freq = params->freq; 8705 } else 8706 drv->assoc_freq = 0; 8707 8708 if (params->freq_hint) { 8709 wpa_printf(MSG_DEBUG, " * freq_hint=%d", params->freq_hint); 8710 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ_HINT, 8711 params->freq_hint); 8712 } 8713 8714 if (params->bg_scan_period >= 0) { 8715 wpa_printf(MSG_DEBUG, " * bg scan period=%d", 8716 params->bg_scan_period); 8717 NLA_PUT_U16(msg, NL80211_ATTR_BG_SCAN_PERIOD, 8718 params->bg_scan_period); 8719 } 8720 8721 if (params->ssid) { 8722 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 8723 params->ssid, params->ssid_len); 8724 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 8725 params->ssid); 8726 if (params->ssid_len > sizeof(drv->ssid)) 8727 goto nla_put_failure; 8728 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 8729 drv->ssid_len = params->ssid_len; 8730 } 8731 8732 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 8733 if (params->wpa_ie) 8734 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 8735 params->wpa_ie); 8736 8737 if (params->wpa_proto) { 8738 enum nl80211_wpa_versions ver = 0; 8739 8740 if (params->wpa_proto & WPA_PROTO_WPA) 8741 ver |= NL80211_WPA_VERSION_1; 8742 if (params->wpa_proto & WPA_PROTO_RSN) 8743 ver |= NL80211_WPA_VERSION_2; 8744 8745 wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver); 8746 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 8747 } 8748 8749 if (params->pairwise_suite != WPA_CIPHER_NONE) { 8750 u32 cipher = wpa_cipher_to_cipher_suite(params->pairwise_suite); 8751 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher); 8752 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 8753 } 8754 8755 if (params->group_suite == WPA_CIPHER_GTK_NOT_USED && 8756 !(drv->capa.enc & WPA_DRIVER_CAPA_ENC_GTK_NOT_USED)) { 8757 /* 8758 * This is likely to work even though many drivers do not 8759 * advertise support for operations without GTK. 8760 */ 8761 wpa_printf(MSG_DEBUG, " * skip group cipher configuration for GTK_NOT_USED due to missing driver support advertisement"); 8762 } else if (params->group_suite != WPA_CIPHER_NONE) { 8763 u32 cipher = wpa_cipher_to_cipher_suite(params->group_suite); 8764 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher); 8765 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 8766 } 8767 8768 if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X || 8769 params->key_mgmt_suite == WPA_KEY_MGMT_PSK || 8770 params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X || 8771 params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK || 8772 params->key_mgmt_suite == WPA_KEY_MGMT_CCKM || 8773 params->key_mgmt_suite == WPA_KEY_MGMT_OSEN || 8774 params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 || 8775 params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) { 8776 int mgmt = WLAN_AKM_SUITE_PSK; 8777 8778 switch (params->key_mgmt_suite) { 8779 case WPA_KEY_MGMT_CCKM: 8780 mgmt = WLAN_AKM_SUITE_CCKM; 8781 break; 8782 case WPA_KEY_MGMT_IEEE8021X: 8783 mgmt = WLAN_AKM_SUITE_8021X; 8784 break; 8785 case WPA_KEY_MGMT_FT_IEEE8021X: 8786 mgmt = WLAN_AKM_SUITE_FT_8021X; 8787 break; 8788 case WPA_KEY_MGMT_FT_PSK: 8789 mgmt = WLAN_AKM_SUITE_FT_PSK; 8790 break; 8791 case WPA_KEY_MGMT_IEEE8021X_SHA256: 8792 mgmt = WLAN_AKM_SUITE_8021X_SHA256; 8793 break; 8794 case WPA_KEY_MGMT_PSK_SHA256: 8795 mgmt = WLAN_AKM_SUITE_PSK_SHA256; 8796 break; 8797 case WPA_KEY_MGMT_OSEN: 8798 mgmt = WLAN_AKM_SUITE_OSEN; 8799 break; 8800 case WPA_KEY_MGMT_PSK: 8801 default: 8802 mgmt = WLAN_AKM_SUITE_PSK; 8803 break; 8804 } 8805 wpa_printf(MSG_DEBUG, " * akm=0x%x", mgmt); 8806 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 8807 } 8808 8809 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 8810 8811 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 8812 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 8813 8814 if (params->disable_ht) 8815 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT); 8816 8817 if (params->htcaps && params->htcaps_mask) { 8818 int sz = sizeof(struct ieee80211_ht_capabilities); 8819 wpa_hexdump(MSG_DEBUG, " * htcaps", params->htcaps, sz); 8820 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps); 8821 wpa_hexdump(MSG_DEBUG, " * htcaps_mask", 8822 params->htcaps_mask, sz); 8823 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz, 8824 params->htcaps_mask); 8825 } 8826 8827#ifdef CONFIG_VHT_OVERRIDES 8828 if (params->disable_vht) { 8829 wpa_printf(MSG_DEBUG, " * VHT disabled"); 8830 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_VHT); 8831 } 8832 8833 if (params->vhtcaps && params->vhtcaps_mask) { 8834 int sz = sizeof(struct ieee80211_vht_capabilities); 8835 wpa_hexdump(MSG_DEBUG, " * vhtcaps", params->vhtcaps, sz); 8836 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, sz, params->vhtcaps); 8837 wpa_hexdump(MSG_DEBUG, " * vhtcaps_mask", 8838 params->vhtcaps_mask, sz); 8839 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz, 8840 params->vhtcaps_mask); 8841 } 8842#endif /* CONFIG_VHT_OVERRIDES */ 8843 8844 if (params->p2p) 8845 wpa_printf(MSG_DEBUG, " * P2P group"); 8846 8847 return 0; 8848nla_put_failure: 8849 return -1; 8850} 8851 8852 8853static int wpa_driver_nl80211_try_connect( 8854 struct wpa_driver_nl80211_data *drv, 8855 struct wpa_driver_associate_params *params) 8856{ 8857 struct nl_msg *msg; 8858 enum nl80211_auth_type type; 8859 int ret; 8860 int algs; 8861 8862 msg = nlmsg_alloc(); 8863 if (!msg) 8864 return -1; 8865 8866 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 8867 nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT); 8868 8869 ret = nl80211_connect_common(drv, params, msg); 8870 if (ret) 8871 goto nla_put_failure; 8872 8873 algs = 0; 8874 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 8875 algs++; 8876 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 8877 algs++; 8878 if (params->auth_alg & WPA_AUTH_ALG_LEAP) 8879 algs++; 8880 if (algs > 1) { 8881 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " 8882 "selection"); 8883 goto skip_auth_type; 8884 } 8885 8886 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 8887 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 8888 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 8889 type = NL80211_AUTHTYPE_SHARED_KEY; 8890 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 8891 type = NL80211_AUTHTYPE_NETWORK_EAP; 8892 else if (params->auth_alg & WPA_AUTH_ALG_FT) 8893 type = NL80211_AUTHTYPE_FT; 8894 else 8895 goto nla_put_failure; 8896 8897 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 8898 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 8899 8900skip_auth_type: 8901 ret = nl80211_set_conn_keys(params, msg); 8902 if (ret) 8903 goto nla_put_failure; 8904 8905 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8906 msg = NULL; 8907 if (ret) { 8908 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 8909 "(%s)", ret, strerror(-ret)); 8910 goto nla_put_failure; 8911 } 8912 ret = 0; 8913 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 8914 8915nla_put_failure: 8916 nlmsg_free(msg); 8917 return ret; 8918 8919} 8920 8921 8922static int wpa_driver_nl80211_connect( 8923 struct wpa_driver_nl80211_data *drv, 8924 struct wpa_driver_associate_params *params) 8925{ 8926 int ret = wpa_driver_nl80211_try_connect(drv, params); 8927 if (ret == -EALREADY) { 8928 /* 8929 * cfg80211 does not currently accept new connections if 8930 * we are already connected. As a workaround, force 8931 * disconnection and try again. 8932 */ 8933 wpa_printf(MSG_DEBUG, "nl80211: Explicitly " 8934 "disconnecting before reassociation " 8935 "attempt"); 8936 if (wpa_driver_nl80211_disconnect( 8937 drv, WLAN_REASON_PREV_AUTH_NOT_VALID)) 8938 return -1; 8939 ret = wpa_driver_nl80211_try_connect(drv, params); 8940 } 8941 return ret; 8942} 8943 8944 8945static int wpa_driver_nl80211_associate( 8946 void *priv, struct wpa_driver_associate_params *params) 8947{ 8948 struct i802_bss *bss = priv; 8949 struct wpa_driver_nl80211_data *drv = bss->drv; 8950 int ret; 8951 struct nl_msg *msg; 8952 8953 if (params->mode == IEEE80211_MODE_AP) 8954 return wpa_driver_nl80211_ap(drv, params); 8955 8956 if (params->mode == IEEE80211_MODE_IBSS) 8957 return wpa_driver_nl80211_ibss(drv, params); 8958 8959 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 8960 enum nl80211_iftype nlmode = params->p2p ? 8961 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 8962 8963 if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0) 8964 return -1; 8965 return wpa_driver_nl80211_connect(drv, params); 8966 } 8967 8968 nl80211_mark_disconnected(drv); 8969 8970 msg = nlmsg_alloc(); 8971 if (!msg) 8972 return -1; 8973 8974 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 8975 drv->ifindex); 8976 nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE); 8977 8978 ret = nl80211_connect_common(drv, params, msg); 8979 if (ret) 8980 goto nla_put_failure; 8981 8982 if (params->prev_bssid) { 8983 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 8984 MAC2STR(params->prev_bssid)); 8985 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 8986 params->prev_bssid); 8987 } 8988 8989 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8990 msg = NULL; 8991 if (ret) { 8992 wpa_dbg(drv->ctx, MSG_DEBUG, 8993 "nl80211: MLME command failed (assoc): ret=%d (%s)", 8994 ret, strerror(-ret)); 8995 nl80211_dump_scan(drv); 8996 goto nla_put_failure; 8997 } 8998 ret = 0; 8999 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 9000 "successfully"); 9001 9002nla_put_failure: 9003 nlmsg_free(msg); 9004 return ret; 9005} 9006 9007 9008static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 9009 int ifindex, enum nl80211_iftype mode) 9010{ 9011 struct nl_msg *msg; 9012 int ret = -ENOBUFS; 9013 9014 wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)", 9015 ifindex, mode, nl80211_iftype_str(mode)); 9016 9017 msg = nlmsg_alloc(); 9018 if (!msg) 9019 return -ENOMEM; 9020 9021 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE); 9022 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 9023 goto nla_put_failure; 9024 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 9025 9026 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9027 msg = NULL; 9028 if (!ret) 9029 return 0; 9030nla_put_failure: 9031 nlmsg_free(msg); 9032 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 9033 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 9034 return ret; 9035} 9036 9037 9038static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 9039 enum nl80211_iftype nlmode) 9040{ 9041 struct wpa_driver_nl80211_data *drv = bss->drv; 9042 int ret = -1; 9043 int i; 9044 int was_ap = is_ap_interface(drv->nlmode); 9045 int res; 9046 9047 res = nl80211_set_mode(drv, drv->ifindex, nlmode); 9048 if (res && nlmode == nl80211_get_ifmode(bss)) 9049 res = 0; 9050 9051 if (res == 0) { 9052 drv->nlmode = nlmode; 9053 ret = 0; 9054 goto done; 9055 } 9056 9057 if (res == -ENODEV) 9058 return -1; 9059 9060 if (nlmode == drv->nlmode) { 9061 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 9062 "requested mode - ignore error"); 9063 ret = 0; 9064 goto done; /* Already in the requested mode */ 9065 } 9066 9067 /* mac80211 doesn't allow mode changes while the device is up, so 9068 * take the device down, try to set the mode again, and bring the 9069 * device back up. 9070 */ 9071 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting " 9072 "interface down"); 9073 for (i = 0; i < 10; i++) { 9074 res = i802_set_iface_flags(bss, 0); 9075 if (res == -EACCES || res == -ENODEV) 9076 break; 9077 if (res == 0) { 9078 /* Try to set the mode again while the interface is 9079 * down */ 9080 ret = nl80211_set_mode(drv, drv->ifindex, nlmode); 9081 if (ret == -EACCES) 9082 break; 9083 res = i802_set_iface_flags(bss, 1); 9084 if (res && !ret) 9085 ret = -1; 9086 else if (ret != -EBUSY) 9087 break; 9088 } else 9089 wpa_printf(MSG_DEBUG, "nl80211: Failed to set " 9090 "interface down"); 9091 os_sleep(0, 100000); 9092 } 9093 9094 if (!ret) { 9095 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 9096 "interface is down"); 9097 drv->nlmode = nlmode; 9098 drv->ignore_if_down_event = 1; 9099 } 9100 9101done: 9102 if (ret) { 9103 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 9104 "from %d failed", nlmode, drv->nlmode); 9105 return ret; 9106 } 9107 9108 if (is_p2p_net_interface(nlmode)) 9109 nl80211_disable_11b_rates(drv, drv->ifindex, 1); 9110 else if (drv->disabled_11b_rates) 9111 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 9112 9113 if (is_ap_interface(nlmode)) { 9114 nl80211_mgmt_unsubscribe(bss, "start AP"); 9115 /* Setup additional AP mode functionality if needed */ 9116 if (nl80211_setup_ap(bss)) 9117 return -1; 9118 } else if (was_ap) { 9119 /* Remove additional AP mode functionality */ 9120 nl80211_teardown_ap(bss); 9121 } else { 9122 nl80211_mgmt_unsubscribe(bss, "mode change"); 9123 } 9124 9125 if (!bss->in_deinit && !is_ap_interface(nlmode) && 9126 nl80211_mgmt_subscribe_non_ap(bss) < 0) 9127 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 9128 "frame processing - ignore for now"); 9129 9130 return 0; 9131} 9132 9133 9134static int dfs_info_handler(struct nl_msg *msg, void *arg) 9135{ 9136 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9137 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9138 int *dfs_capability_ptr = arg; 9139 9140 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9141 genlmsg_attrlen(gnlh, 0), NULL); 9142 9143 if (tb[NL80211_ATTR_VENDOR_DATA]) { 9144 struct nlattr *nl_vend = tb[NL80211_ATTR_VENDOR_DATA]; 9145 struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1]; 9146 9147 nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_MAX, 9148 nla_data(nl_vend), nla_len(nl_vend), NULL); 9149 9150 if (tb_vendor[QCA_WLAN_VENDOR_ATTR_DFS]) { 9151 u32 val; 9152 val = nla_get_u32(tb_vendor[QCA_WLAN_VENDOR_ATTR_DFS]); 9153 wpa_printf(MSG_DEBUG, "nl80211: DFS offload capability: %u", 9154 val); 9155 *dfs_capability_ptr = val; 9156 } 9157 } 9158 9159 return NL_SKIP; 9160} 9161 9162 9163static int wpa_driver_nl80211_get_capa(void *priv, 9164 struct wpa_driver_capa *capa) 9165{ 9166 struct i802_bss *bss = priv; 9167 struct wpa_driver_nl80211_data *drv = bss->drv; 9168 struct nl_msg *msg; 9169 int dfs_capability = 0; 9170 int ret = 0; 9171 9172 if (!drv->has_capability) 9173 return -1; 9174 os_memcpy(capa, &drv->capa, sizeof(*capa)); 9175 if (drv->extended_capa && drv->extended_capa_mask) { 9176 capa->extended_capa = drv->extended_capa; 9177 capa->extended_capa_mask = drv->extended_capa_mask; 9178 capa->extended_capa_len = drv->extended_capa_len; 9179 } 9180 9181 if ((capa->flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) && 9182 !drv->allow_p2p_device) { 9183 wpa_printf(MSG_DEBUG, "nl80211: Do not indicate P2P_DEVICE support (p2p_device=1 driver param not specified)"); 9184 capa->flags &= ~WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE; 9185 } 9186 9187 if (drv->dfs_vendor_cmd_avail == 1) { 9188 msg = nlmsg_alloc(); 9189 if (!msg) 9190 return -ENOMEM; 9191 9192 nl80211_cmd(drv, msg, 0, NL80211_CMD_VENDOR); 9193 9194 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 9195 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA); 9196 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_SUBCMD, 9197 QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY); 9198 9199 ret = send_and_recv_msgs(drv, msg, dfs_info_handler, 9200 &dfs_capability); 9201 if (!ret) { 9202 if (dfs_capability) 9203 capa->flags |= WPA_DRIVER_FLAGS_DFS_OFFLOAD; 9204 } 9205 } 9206 9207 return ret; 9208 9209 nla_put_failure: 9210 nlmsg_free(msg); 9211 return -ENOBUFS; 9212} 9213 9214 9215static int wpa_driver_nl80211_set_operstate(void *priv, int state) 9216{ 9217 struct i802_bss *bss = priv; 9218 struct wpa_driver_nl80211_data *drv = bss->drv; 9219 9220 wpa_printf(MSG_DEBUG, "nl80211: Set %s operstate %d->%d (%s)", 9221 bss->ifname, drv->operstate, state, 9222 state ? "UP" : "DORMANT"); 9223 drv->operstate = state; 9224 return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1, 9225 state ? IF_OPER_UP : IF_OPER_DORMANT); 9226} 9227 9228 9229static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 9230{ 9231 struct i802_bss *bss = priv; 9232 struct wpa_driver_nl80211_data *drv = bss->drv; 9233 struct nl_msg *msg; 9234 struct nl80211_sta_flag_update upd; 9235 int ret = -ENOBUFS; 9236 9237 if (!drv->associated && is_zero_ether_addr(drv->bssid) && !authorized) { 9238 wpa_printf(MSG_DEBUG, "nl80211: Skip set_supp_port(unauthorized) while not associated"); 9239 return 0; 9240 } 9241 9242 wpa_printf(MSG_DEBUG, "nl80211: Set supplicant port %sauthorized for " 9243 MACSTR, authorized ? "" : "un", MAC2STR(drv->bssid)); 9244 9245 msg = nlmsg_alloc(); 9246 if (!msg) 9247 return -ENOMEM; 9248 9249 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 9250 9251 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9252 if_nametoindex(bss->ifname)); 9253 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 9254 9255 os_memset(&upd, 0, sizeof(upd)); 9256 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 9257 if (authorized) 9258 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 9259 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 9260 9261 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9262 msg = NULL; 9263 if (!ret) 9264 return 0; 9265 nla_put_failure: 9266 nlmsg_free(msg); 9267 wpa_printf(MSG_DEBUG, "nl80211: Failed to set STA flag: %d (%s)", 9268 ret, strerror(-ret)); 9269 return ret; 9270} 9271 9272 9273/* Set kernel driver on given frequency (MHz) */ 9274static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 9275{ 9276 struct i802_bss *bss = priv; 9277 return nl80211_set_channel(bss, freq, 0); 9278} 9279 9280 9281static inline int min_int(int a, int b) 9282{ 9283 if (a < b) 9284 return a; 9285 return b; 9286} 9287 9288 9289static int get_key_handler(struct nl_msg *msg, void *arg) 9290{ 9291 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9292 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9293 9294 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9295 genlmsg_attrlen(gnlh, 0), NULL); 9296 9297 /* 9298 * TODO: validate the key index and mac address! 9299 * Otherwise, there's a race condition as soon as 9300 * the kernel starts sending key notifications. 9301 */ 9302 9303 if (tb[NL80211_ATTR_KEY_SEQ]) 9304 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 9305 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 9306 return NL_SKIP; 9307} 9308 9309 9310static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 9311 int idx, u8 *seq) 9312{ 9313 struct i802_bss *bss = priv; 9314 struct wpa_driver_nl80211_data *drv = bss->drv; 9315 struct nl_msg *msg; 9316 9317 msg = nlmsg_alloc(); 9318 if (!msg) 9319 return -ENOMEM; 9320 9321 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY); 9322 9323 if (addr) 9324 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9325 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 9326 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 9327 9328 memset(seq, 0, 6); 9329 9330 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 9331 nla_put_failure: 9332 nlmsg_free(msg); 9333 return -ENOBUFS; 9334} 9335 9336 9337static int i802_set_rts(void *priv, int rts) 9338{ 9339 struct i802_bss *bss = priv; 9340 struct wpa_driver_nl80211_data *drv = bss->drv; 9341 struct nl_msg *msg; 9342 int ret = -ENOBUFS; 9343 u32 val; 9344 9345 msg = nlmsg_alloc(); 9346 if (!msg) 9347 return -ENOMEM; 9348 9349 if (rts >= 2347) 9350 val = (u32) -1; 9351 else 9352 val = rts; 9353 9354 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 9355 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 9356 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 9357 9358 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9359 msg = NULL; 9360 if (!ret) 9361 return 0; 9362nla_put_failure: 9363 nlmsg_free(msg); 9364 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 9365 "%d (%s)", rts, ret, strerror(-ret)); 9366 return ret; 9367} 9368 9369 9370static int i802_set_frag(void *priv, int frag) 9371{ 9372 struct i802_bss *bss = priv; 9373 struct wpa_driver_nl80211_data *drv = bss->drv; 9374 struct nl_msg *msg; 9375 int ret = -ENOBUFS; 9376 u32 val; 9377 9378 msg = nlmsg_alloc(); 9379 if (!msg) 9380 return -ENOMEM; 9381 9382 if (frag >= 2346) 9383 val = (u32) -1; 9384 else 9385 val = frag; 9386 9387 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 9388 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 9389 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 9390 9391 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9392 msg = NULL; 9393 if (!ret) 9394 return 0; 9395nla_put_failure: 9396 nlmsg_free(msg); 9397 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 9398 "%d: %d (%s)", frag, ret, strerror(-ret)); 9399 return ret; 9400} 9401 9402 9403static int i802_flush(void *priv) 9404{ 9405 struct i802_bss *bss = priv; 9406 struct wpa_driver_nl80211_data *drv = bss->drv; 9407 struct nl_msg *msg; 9408 int res; 9409 9410 msg = nlmsg_alloc(); 9411 if (!msg) 9412 return -1; 9413 9414 wpa_printf(MSG_DEBUG, "nl80211: flush -> DEL_STATION %s (all)", 9415 bss->ifname); 9416 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 9417 9418 /* 9419 * XXX: FIX! this needs to flush all VLANs too 9420 */ 9421 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9422 if_nametoindex(bss->ifname)); 9423 9424 res = send_and_recv_msgs(drv, msg, NULL, NULL); 9425 if (res) { 9426 wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d " 9427 "(%s)", res, strerror(-res)); 9428 } 9429 return res; 9430 nla_put_failure: 9431 nlmsg_free(msg); 9432 return -ENOBUFS; 9433} 9434 9435 9436static int get_sta_handler(struct nl_msg *msg, void *arg) 9437{ 9438 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9439 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9440 struct hostap_sta_driver_data *data = arg; 9441 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 9442 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 9443 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 9444 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 9445 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 9446 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 9447 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 9448 [NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32 }, 9449 }; 9450 9451 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9452 genlmsg_attrlen(gnlh, 0), NULL); 9453 9454 /* 9455 * TODO: validate the interface and mac address! 9456 * Otherwise, there's a race condition as soon as 9457 * the kernel starts sending station notifications. 9458 */ 9459 9460 if (!tb[NL80211_ATTR_STA_INFO]) { 9461 wpa_printf(MSG_DEBUG, "sta stats missing!"); 9462 return NL_SKIP; 9463 } 9464 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 9465 tb[NL80211_ATTR_STA_INFO], 9466 stats_policy)) { 9467 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 9468 return NL_SKIP; 9469 } 9470 9471 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 9472 data->inactive_msec = 9473 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 9474 if (stats[NL80211_STA_INFO_RX_BYTES]) 9475 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 9476 if (stats[NL80211_STA_INFO_TX_BYTES]) 9477 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 9478 if (stats[NL80211_STA_INFO_RX_PACKETS]) 9479 data->rx_packets = 9480 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 9481 if (stats[NL80211_STA_INFO_TX_PACKETS]) 9482 data->tx_packets = 9483 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 9484 if (stats[NL80211_STA_INFO_TX_FAILED]) 9485 data->tx_retry_failed = 9486 nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]); 9487 9488 return NL_SKIP; 9489} 9490 9491static int i802_read_sta_data(struct i802_bss *bss, 9492 struct hostap_sta_driver_data *data, 9493 const u8 *addr) 9494{ 9495 struct wpa_driver_nl80211_data *drv = bss->drv; 9496 struct nl_msg *msg; 9497 9498 os_memset(data, 0, sizeof(*data)); 9499 msg = nlmsg_alloc(); 9500 if (!msg) 9501 return -ENOMEM; 9502 9503 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 9504 9505 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9506 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 9507 9508 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 9509 nla_put_failure: 9510 nlmsg_free(msg); 9511 return -ENOBUFS; 9512} 9513 9514 9515static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 9516 int cw_min, int cw_max, int burst_time) 9517{ 9518 struct i802_bss *bss = priv; 9519 struct wpa_driver_nl80211_data *drv = bss->drv; 9520 struct nl_msg *msg; 9521 struct nlattr *txq, *params; 9522 9523 msg = nlmsg_alloc(); 9524 if (!msg) 9525 return -1; 9526 9527 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 9528 9529 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 9530 9531 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 9532 if (!txq) 9533 goto nla_put_failure; 9534 9535 /* We are only sending parameters for a single TXQ at a time */ 9536 params = nla_nest_start(msg, 1); 9537 if (!params) 9538 goto nla_put_failure; 9539 9540 switch (queue) { 9541 case 0: 9542 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO); 9543 break; 9544 case 1: 9545 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI); 9546 break; 9547 case 2: 9548 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE); 9549 break; 9550 case 3: 9551 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK); 9552 break; 9553 } 9554 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 9555 * 32 usec, so need to convert the value here. */ 9556 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 9557 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 9558 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 9559 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 9560 9561 nla_nest_end(msg, params); 9562 9563 nla_nest_end(msg, txq); 9564 9565 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 9566 return 0; 9567 msg = NULL; 9568 nla_put_failure: 9569 nlmsg_free(msg); 9570 return -1; 9571} 9572 9573 9574static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr, 9575 const char *ifname, int vlan_id) 9576{ 9577 struct wpa_driver_nl80211_data *drv = bss->drv; 9578 struct nl_msg *msg; 9579 int ret = -ENOBUFS; 9580 9581 msg = nlmsg_alloc(); 9582 if (!msg) 9583 return -ENOMEM; 9584 9585 wpa_printf(MSG_DEBUG, "nl80211: %s[%d]: set_sta_vlan(" MACSTR 9586 ", ifname=%s[%d], vlan_id=%d)", 9587 bss->ifname, if_nametoindex(bss->ifname), 9588 MAC2STR(addr), ifname, if_nametoindex(ifname), vlan_id); 9589 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 9590 9591 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9592 if_nametoindex(bss->ifname)); 9593 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9594 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 9595 if_nametoindex(ifname)); 9596 9597 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9598 msg = NULL; 9599 if (ret < 0) { 9600 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 9601 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 9602 MAC2STR(addr), ifname, vlan_id, ret, 9603 strerror(-ret)); 9604 } 9605 nla_put_failure: 9606 nlmsg_free(msg); 9607 return ret; 9608} 9609 9610 9611static int i802_get_inact_sec(void *priv, const u8 *addr) 9612{ 9613 struct hostap_sta_driver_data data; 9614 int ret; 9615 9616 data.inactive_msec = (unsigned long) -1; 9617 ret = i802_read_sta_data(priv, &data, addr); 9618 if (ret || data.inactive_msec == (unsigned long) -1) 9619 return -1; 9620 return data.inactive_msec / 1000; 9621} 9622 9623 9624static int i802_sta_clear_stats(void *priv, const u8 *addr) 9625{ 9626#if 0 9627 /* TODO */ 9628#endif 9629 return 0; 9630} 9631 9632 9633static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 9634 int reason) 9635{ 9636 struct i802_bss *bss = priv; 9637 struct wpa_driver_nl80211_data *drv = bss->drv; 9638 struct ieee80211_mgmt mgmt; 9639 9640 if (drv->device_ap_sme) 9641 return wpa_driver_nl80211_sta_remove(bss, addr); 9642 9643 memset(&mgmt, 0, sizeof(mgmt)); 9644 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 9645 WLAN_FC_STYPE_DEAUTH); 9646 memcpy(mgmt.da, addr, ETH_ALEN); 9647 memcpy(mgmt.sa, own_addr, ETH_ALEN); 9648 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 9649 mgmt.u.deauth.reason_code = host_to_le16(reason); 9650 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 9651 IEEE80211_HDRLEN + 9652 sizeof(mgmt.u.deauth), 0, 0, 0, 0, 9653 0); 9654} 9655 9656 9657static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 9658 int reason) 9659{ 9660 struct i802_bss *bss = priv; 9661 struct wpa_driver_nl80211_data *drv = bss->drv; 9662 struct ieee80211_mgmt mgmt; 9663 9664 if (drv->device_ap_sme) 9665 return wpa_driver_nl80211_sta_remove(bss, addr); 9666 9667 memset(&mgmt, 0, sizeof(mgmt)); 9668 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 9669 WLAN_FC_STYPE_DISASSOC); 9670 memcpy(mgmt.da, addr, ETH_ALEN); 9671 memcpy(mgmt.sa, own_addr, ETH_ALEN); 9672 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 9673 mgmt.u.disassoc.reason_code = host_to_le16(reason); 9674 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 9675 IEEE80211_HDRLEN + 9676 sizeof(mgmt.u.disassoc), 0, 0, 0, 0, 9677 0); 9678} 9679 9680 9681static void dump_ifidx(struct wpa_driver_nl80211_data *drv) 9682{ 9683 char buf[200], *pos, *end; 9684 int i, res; 9685 9686 pos = buf; 9687 end = pos + sizeof(buf); 9688 9689 for (i = 0; i < drv->num_if_indices; i++) { 9690 if (!drv->if_indices[i]) 9691 continue; 9692 res = os_snprintf(pos, end - pos, " %d", drv->if_indices[i]); 9693 if (res < 0 || res >= end - pos) 9694 break; 9695 pos += res; 9696 } 9697 *pos = '\0'; 9698 9699 wpa_printf(MSG_DEBUG, "nl80211: if_indices[%d]:%s", 9700 drv->num_if_indices, buf); 9701} 9702 9703 9704static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9705{ 9706 int i; 9707 int *old; 9708 9709 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 9710 ifidx); 9711 if (have_ifidx(drv, ifidx)) { 9712 wpa_printf(MSG_DEBUG, "nl80211: ifindex %d already in the list", 9713 ifidx); 9714 return; 9715 } 9716 for (i = 0; i < drv->num_if_indices; i++) { 9717 if (drv->if_indices[i] == 0) { 9718 drv->if_indices[i] = ifidx; 9719 dump_ifidx(drv); 9720 return; 9721 } 9722 } 9723 9724 if (drv->if_indices != drv->default_if_indices) 9725 old = drv->if_indices; 9726 else 9727 old = NULL; 9728 9729 drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1, 9730 sizeof(int)); 9731 if (!drv->if_indices) { 9732 if (!old) 9733 drv->if_indices = drv->default_if_indices; 9734 else 9735 drv->if_indices = old; 9736 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 9737 "interfaces"); 9738 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 9739 return; 9740 } else if (!old) 9741 os_memcpy(drv->if_indices, drv->default_if_indices, 9742 sizeof(drv->default_if_indices)); 9743 drv->if_indices[drv->num_if_indices] = ifidx; 9744 drv->num_if_indices++; 9745 dump_ifidx(drv); 9746} 9747 9748 9749static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9750{ 9751 int i; 9752 9753 for (i = 0; i < drv->num_if_indices; i++) { 9754 if (drv->if_indices[i] == ifidx) { 9755 drv->if_indices[i] = 0; 9756 break; 9757 } 9758 } 9759 dump_ifidx(drv); 9760} 9761 9762 9763static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9764{ 9765 int i; 9766 9767 for (i = 0; i < drv->num_if_indices; i++) 9768 if (drv->if_indices[i] == ifidx) 9769 return 1; 9770 9771 return 0; 9772} 9773 9774 9775static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, 9776 const char *bridge_ifname, char *ifname_wds) 9777{ 9778 struct i802_bss *bss = priv; 9779 struct wpa_driver_nl80211_data *drv = bss->drv; 9780 char name[IFNAMSIZ + 1]; 9781 9782 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 9783 if (ifname_wds) 9784 os_strlcpy(ifname_wds, name, IFNAMSIZ + 1); 9785 9786 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 9787 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 9788 if (val) { 9789 if (!if_nametoindex(name)) { 9790 if (nl80211_create_iface(drv, name, 9791 NL80211_IFTYPE_AP_VLAN, 9792 bss->addr, 1, NULL, NULL, 0) < 9793 0) 9794 return -1; 9795 if (bridge_ifname && 9796 linux_br_add_if(drv->global->ioctl_sock, 9797 bridge_ifname, name) < 0) 9798 return -1; 9799 } 9800 if (linux_set_iface_flags(drv->global->ioctl_sock, name, 1)) { 9801 wpa_printf(MSG_ERROR, "nl80211: Failed to set WDS STA " 9802 "interface %s up", name); 9803 } 9804 return i802_set_sta_vlan(priv, addr, name, 0); 9805 } else { 9806 if (bridge_ifname) 9807 linux_br_del_if(drv->global->ioctl_sock, bridge_ifname, 9808 name); 9809 9810 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 9811 nl80211_remove_iface(drv, if_nametoindex(name)); 9812 return 0; 9813 } 9814} 9815 9816 9817static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 9818{ 9819 struct wpa_driver_nl80211_data *drv = eloop_ctx; 9820 struct sockaddr_ll lladdr; 9821 unsigned char buf[3000]; 9822 int len; 9823 socklen_t fromlen = sizeof(lladdr); 9824 9825 len = recvfrom(sock, buf, sizeof(buf), 0, 9826 (struct sockaddr *)&lladdr, &fromlen); 9827 if (len < 0) { 9828 wpa_printf(MSG_ERROR, "nl80211: EAPOL recv failed: %s", 9829 strerror(errno)); 9830 return; 9831 } 9832 9833 if (have_ifidx(drv, lladdr.sll_ifindex)) 9834 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 9835} 9836 9837 9838static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 9839 struct i802_bss *bss, 9840 const char *brname, const char *ifname) 9841{ 9842 int ifindex; 9843 char in_br[IFNAMSIZ]; 9844 9845 os_strlcpy(bss->brname, brname, IFNAMSIZ); 9846 ifindex = if_nametoindex(brname); 9847 if (ifindex == 0) { 9848 /* 9849 * Bridge was configured, but the bridge device does 9850 * not exist. Try to add it now. 9851 */ 9852 if (linux_br_add(drv->global->ioctl_sock, brname) < 0) { 9853 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 9854 "bridge interface %s: %s", 9855 brname, strerror(errno)); 9856 return -1; 9857 } 9858 bss->added_bridge = 1; 9859 add_ifidx(drv, if_nametoindex(brname)); 9860 } 9861 9862 if (linux_br_get(in_br, ifname) == 0) { 9863 if (os_strcmp(in_br, brname) == 0) 9864 return 0; /* already in the bridge */ 9865 9866 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 9867 "bridge %s", ifname, in_br); 9868 if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) < 9869 0) { 9870 wpa_printf(MSG_ERROR, "nl80211: Failed to " 9871 "remove interface %s from bridge " 9872 "%s: %s", 9873 ifname, brname, strerror(errno)); 9874 return -1; 9875 } 9876 } 9877 9878 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 9879 ifname, brname); 9880 if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) { 9881 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 9882 "into bridge %s: %s", 9883 ifname, brname, strerror(errno)); 9884 return -1; 9885 } 9886 bss->added_if_into_bridge = 1; 9887 9888 return 0; 9889} 9890 9891 9892static void *i802_init(struct hostapd_data *hapd, 9893 struct wpa_init_params *params) 9894{ 9895 struct wpa_driver_nl80211_data *drv; 9896 struct i802_bss *bss; 9897 size_t i; 9898 char brname[IFNAMSIZ]; 9899 int ifindex, br_ifindex; 9900 int br_added = 0; 9901 9902 bss = wpa_driver_nl80211_drv_init(hapd, params->ifname, 9903 params->global_priv, 1, 9904 params->bssid); 9905 if (bss == NULL) 9906 return NULL; 9907 9908 drv = bss->drv; 9909 9910 if (linux_br_get(brname, params->ifname) == 0) { 9911 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 9912 params->ifname, brname); 9913 br_ifindex = if_nametoindex(brname); 9914 } else { 9915 brname[0] = '\0'; 9916 br_ifindex = 0; 9917 } 9918 9919 for (i = 0; i < params->num_bridge; i++) { 9920 if (params->bridge[i]) { 9921 ifindex = if_nametoindex(params->bridge[i]); 9922 if (ifindex) 9923 add_ifidx(drv, ifindex); 9924 if (ifindex == br_ifindex) 9925 br_added = 1; 9926 } 9927 } 9928 if (!br_added && br_ifindex && 9929 (params->num_bridge == 0 || !params->bridge[0])) 9930 add_ifidx(drv, br_ifindex); 9931 9932 /* start listening for EAPOL on the default AP interface */ 9933 add_ifidx(drv, drv->ifindex); 9934 9935 if (params->num_bridge && params->bridge[0] && 9936 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0) 9937 goto failed; 9938 9939 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 9940 if (drv->eapol_sock < 0) { 9941 wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s", 9942 strerror(errno)); 9943 goto failed; 9944 } 9945 9946 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 9947 { 9948 wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol"); 9949 goto failed; 9950 } 9951 9952 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 9953 params->own_addr)) 9954 goto failed; 9955 9956 memcpy(bss->addr, params->own_addr, ETH_ALEN); 9957 9958 return bss; 9959 9960failed: 9961 wpa_driver_nl80211_deinit(bss); 9962 return NULL; 9963} 9964 9965 9966static void i802_deinit(void *priv) 9967{ 9968 struct i802_bss *bss = priv; 9969 wpa_driver_nl80211_deinit(bss); 9970} 9971 9972 9973static enum nl80211_iftype wpa_driver_nl80211_if_type( 9974 enum wpa_driver_if_type type) 9975{ 9976 switch (type) { 9977 case WPA_IF_STATION: 9978 return NL80211_IFTYPE_STATION; 9979 case WPA_IF_P2P_CLIENT: 9980 case WPA_IF_P2P_GROUP: 9981 return NL80211_IFTYPE_P2P_CLIENT; 9982 case WPA_IF_AP_VLAN: 9983 return NL80211_IFTYPE_AP_VLAN; 9984 case WPA_IF_AP_BSS: 9985 return NL80211_IFTYPE_AP; 9986 case WPA_IF_P2P_GO: 9987 return NL80211_IFTYPE_P2P_GO; 9988 case WPA_IF_P2P_DEVICE: 9989 return NL80211_IFTYPE_P2P_DEVICE; 9990 } 9991 return -1; 9992} 9993 9994 9995#ifdef CONFIG_P2P 9996 9997static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr) 9998{ 9999 struct wpa_driver_nl80211_data *drv; 10000 dl_list_for_each(drv, &global->interfaces, 10001 struct wpa_driver_nl80211_data, list) { 10002 if (os_memcmp(addr, drv->first_bss->addr, ETH_ALEN) == 0) 10003 return 1; 10004 } 10005 return 0; 10006} 10007 10008 10009static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv, 10010 u8 *new_addr) 10011{ 10012 unsigned int idx; 10013 10014 if (!drv->global) 10015 return -1; 10016 10017 os_memcpy(new_addr, drv->first_bss->addr, ETH_ALEN); 10018 for (idx = 0; idx < 64; idx++) { 10019 new_addr[0] = drv->first_bss->addr[0] | 0x02; 10020 new_addr[0] ^= idx << 2; 10021 if (!nl80211_addr_in_use(drv->global, new_addr)) 10022 break; 10023 } 10024 if (idx == 64) 10025 return -1; 10026 10027 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address " 10028 MACSTR, MAC2STR(new_addr)); 10029 10030 return 0; 10031} 10032 10033#endif /* CONFIG_P2P */ 10034 10035 10036struct wdev_info { 10037 u64 wdev_id; 10038 int wdev_id_set; 10039 u8 macaddr[ETH_ALEN]; 10040}; 10041 10042static int nl80211_wdev_handler(struct nl_msg *msg, void *arg) 10043{ 10044 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10045 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10046 struct wdev_info *wi = arg; 10047 10048 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10049 genlmsg_attrlen(gnlh, 0), NULL); 10050 if (tb[NL80211_ATTR_WDEV]) { 10051 wi->wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 10052 wi->wdev_id_set = 1; 10053 } 10054 10055 if (tb[NL80211_ATTR_MAC]) 10056 os_memcpy(wi->macaddr, nla_data(tb[NL80211_ATTR_MAC]), 10057 ETH_ALEN); 10058 10059 return NL_SKIP; 10060} 10061 10062 10063static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 10064 const char *ifname, const u8 *addr, 10065 void *bss_ctx, void **drv_priv, 10066 char *force_ifname, u8 *if_addr, 10067 const char *bridge, int use_existing) 10068{ 10069 enum nl80211_iftype nlmode; 10070 struct i802_bss *bss = priv; 10071 struct wpa_driver_nl80211_data *drv = bss->drv; 10072 int ifidx; 10073 int added = 1; 10074 10075 if (addr) 10076 os_memcpy(if_addr, addr, ETH_ALEN); 10077 nlmode = wpa_driver_nl80211_if_type(type); 10078 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) { 10079 struct wdev_info p2pdev_info; 10080 10081 os_memset(&p2pdev_info, 0, sizeof(p2pdev_info)); 10082 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr, 10083 0, nl80211_wdev_handler, 10084 &p2pdev_info, use_existing); 10085 if (!p2pdev_info.wdev_id_set || ifidx != 0) { 10086 wpa_printf(MSG_ERROR, "nl80211: Failed to create a P2P Device interface %s", 10087 ifname); 10088 return -1; 10089 } 10090 10091 drv->global->if_add_wdevid = p2pdev_info.wdev_id; 10092 drv->global->if_add_wdevid_set = p2pdev_info.wdev_id_set; 10093 if (!is_zero_ether_addr(p2pdev_info.macaddr)) 10094 os_memcpy(if_addr, p2pdev_info.macaddr, ETH_ALEN); 10095 wpa_printf(MSG_DEBUG, "nl80211: New P2P Device interface %s (0x%llx) created", 10096 ifname, 10097 (long long unsigned int) p2pdev_info.wdev_id); 10098 } else { 10099 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr, 10100 0, NULL, NULL, use_existing); 10101 if (use_existing && ifidx == -ENFILE) { 10102 added = 0; 10103 ifidx = if_nametoindex(ifname); 10104 } else if (ifidx < 0) { 10105 return -1; 10106 } 10107 } 10108 10109 if (!addr) { 10110 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) 10111 os_memcpy(if_addr, bss->addr, ETH_ALEN); 10112 else if (linux_get_ifhwaddr(drv->global->ioctl_sock, 10113 bss->ifname, if_addr) < 0) { 10114 if (added) 10115 nl80211_remove_iface(drv, ifidx); 10116 return -1; 10117 } 10118 } 10119 10120#ifdef CONFIG_P2P 10121 if (!addr && 10122 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP || 10123 type == WPA_IF_P2P_GO)) { 10124 /* Enforce unique P2P Interface Address */ 10125 u8 new_addr[ETH_ALEN]; 10126 10127 if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname, 10128 new_addr) < 0) { 10129 if (added) 10130 nl80211_remove_iface(drv, ifidx); 10131 return -1; 10132 } 10133 if (nl80211_addr_in_use(drv->global, new_addr)) { 10134 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address " 10135 "for P2P group interface"); 10136 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) { 10137 if (added) 10138 nl80211_remove_iface(drv, ifidx); 10139 return -1; 10140 } 10141 if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 10142 new_addr) < 0) { 10143 if (added) 10144 nl80211_remove_iface(drv, ifidx); 10145 return -1; 10146 } 10147 } 10148 os_memcpy(if_addr, new_addr, ETH_ALEN); 10149 } 10150#endif /* CONFIG_P2P */ 10151 10152 if (type == WPA_IF_AP_BSS) { 10153 struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss)); 10154 if (new_bss == NULL) { 10155 if (added) 10156 nl80211_remove_iface(drv, ifidx); 10157 return -1; 10158 } 10159 10160 if (bridge && 10161 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) { 10162 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new " 10163 "interface %s to a bridge %s", 10164 ifname, bridge); 10165 if (added) 10166 nl80211_remove_iface(drv, ifidx); 10167 os_free(new_bss); 10168 return -1; 10169 } 10170 10171 if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1)) 10172 { 10173 if (added) 10174 nl80211_remove_iface(drv, ifidx); 10175 os_free(new_bss); 10176 return -1; 10177 } 10178 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 10179 os_memcpy(new_bss->addr, if_addr, ETH_ALEN); 10180 new_bss->ifindex = ifidx; 10181 new_bss->drv = drv; 10182 new_bss->next = drv->first_bss->next; 10183 new_bss->freq = drv->first_bss->freq; 10184 new_bss->ctx = bss_ctx; 10185 new_bss->added_if = added; 10186 drv->first_bss->next = new_bss; 10187 if (drv_priv) 10188 *drv_priv = new_bss; 10189 nl80211_init_bss(new_bss); 10190 10191 /* Subscribe management frames for this WPA_IF_AP_BSS */ 10192 if (nl80211_setup_ap(new_bss)) 10193 return -1; 10194 } 10195 10196 if (drv->global) 10197 drv->global->if_add_ifindex = ifidx; 10198 10199 /* 10200 * Some virtual interfaces need to process EAPOL packets and events on 10201 * the parent interface. This is used mainly with hostapd. 10202 */ 10203 if (ifidx > 0 && 10204 (drv->hostapd || 10205 nlmode == NL80211_IFTYPE_AP_VLAN || 10206 nlmode == NL80211_IFTYPE_WDS || 10207 nlmode == NL80211_IFTYPE_MONITOR)) 10208 add_ifidx(drv, ifidx); 10209 10210 return 0; 10211} 10212 10213 10214static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, 10215 enum wpa_driver_if_type type, 10216 const char *ifname) 10217{ 10218 struct wpa_driver_nl80211_data *drv = bss->drv; 10219 int ifindex = if_nametoindex(ifname); 10220 10221 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d added_if=%d", 10222 __func__, type, ifname, ifindex, bss->added_if); 10223 if (ifindex > 0 && (bss->added_if || bss->ifindex != ifindex)) 10224 nl80211_remove_iface(drv, ifindex); 10225 else if (ifindex > 0 && !bss->added_if) { 10226 struct wpa_driver_nl80211_data *drv2; 10227 dl_list_for_each(drv2, &drv->global->interfaces, 10228 struct wpa_driver_nl80211_data, list) 10229 del_ifidx(drv2, ifindex); 10230 } 10231 10232 if (type != WPA_IF_AP_BSS) 10233 return 0; 10234 10235 if (bss->added_if_into_bridge) { 10236 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 10237 bss->ifname) < 0) 10238 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 10239 "interface %s from bridge %s: %s", 10240 bss->ifname, bss->brname, strerror(errno)); 10241 } 10242 if (bss->added_bridge) { 10243 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 10244 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 10245 "bridge %s: %s", 10246 bss->brname, strerror(errno)); 10247 } 10248 10249 if (bss != drv->first_bss) { 10250 struct i802_bss *tbss; 10251 10252 wpa_printf(MSG_DEBUG, "nl80211: Not the first BSS - remove it"); 10253 for (tbss = drv->first_bss; tbss; tbss = tbss->next) { 10254 if (tbss->next == bss) { 10255 tbss->next = bss->next; 10256 /* Unsubscribe management frames */ 10257 nl80211_teardown_ap(bss); 10258 nl80211_destroy_bss(bss); 10259 if (!bss->added_if) 10260 i802_set_iface_flags(bss, 0); 10261 os_free(bss); 10262 bss = NULL; 10263 break; 10264 } 10265 } 10266 if (bss) 10267 wpa_printf(MSG_INFO, "nl80211: %s - could not find " 10268 "BSS %p in the list", __func__, bss); 10269 } else { 10270 wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); 10271 nl80211_teardown_ap(bss); 10272 if (!bss->added_if && !drv->first_bss->next) 10273 wpa_driver_nl80211_del_beacon(drv); 10274 nl80211_destroy_bss(bss); 10275 if (!bss->added_if) 10276 i802_set_iface_flags(bss, 0); 10277 if (drv->first_bss->next) { 10278 drv->first_bss = drv->first_bss->next; 10279 drv->ctx = drv->first_bss->ctx; 10280 os_free(bss); 10281 } else { 10282 wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to"); 10283 } 10284 } 10285 10286 return 0; 10287} 10288 10289 10290static int cookie_handler(struct nl_msg *msg, void *arg) 10291{ 10292 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10293 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10294 u64 *cookie = arg; 10295 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10296 genlmsg_attrlen(gnlh, 0), NULL); 10297 if (tb[NL80211_ATTR_COOKIE]) 10298 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 10299 return NL_SKIP; 10300} 10301 10302 10303static int nl80211_send_frame_cmd(struct i802_bss *bss, 10304 unsigned int freq, unsigned int wait, 10305 const u8 *buf, size_t buf_len, 10306 u64 *cookie_out, int no_cck, int no_ack, 10307 int offchanok) 10308{ 10309 struct wpa_driver_nl80211_data *drv = bss->drv; 10310 struct nl_msg *msg; 10311 u64 cookie; 10312 int ret = -1; 10313 10314 msg = nlmsg_alloc(); 10315 if (!msg) 10316 return -1; 10317 10318 wpa_printf(MSG_MSGDUMP, "nl80211: CMD_FRAME freq=%u wait=%u no_cck=%d " 10319 "no_ack=%d offchanok=%d", 10320 freq, wait, no_cck, no_ack, offchanok); 10321 wpa_hexdump(MSG_MSGDUMP, "CMD_FRAME", buf, buf_len); 10322 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME); 10323 10324 if (nl80211_set_iface_id(msg, bss) < 0) 10325 goto nla_put_failure; 10326 if (freq) 10327 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 10328 if (wait) 10329 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait); 10330 if (offchanok && ((drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) || 10331 drv->test_use_roc_tx)) 10332 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 10333 if (no_cck) 10334 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 10335 if (no_ack) 10336 NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK); 10337 10338 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf); 10339 10340 cookie = 0; 10341 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 10342 msg = NULL; 10343 if (ret) { 10344 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d " 10345 "(%s) (freq=%u wait=%u)", ret, strerror(-ret), 10346 freq, wait); 10347 goto nla_put_failure; 10348 } 10349 wpa_printf(MSG_MSGDUMP, "nl80211: Frame TX command accepted%s; " 10350 "cookie 0x%llx", no_ack ? " (no ACK)" : "", 10351 (long long unsigned int) cookie); 10352 10353 if (cookie_out) 10354 *cookie_out = no_ack ? (u64) -1 : cookie; 10355 10356nla_put_failure: 10357 nlmsg_free(msg); 10358 return ret; 10359} 10360 10361 10362static int wpa_driver_nl80211_send_action(struct i802_bss *bss, 10363 unsigned int freq, 10364 unsigned int wait_time, 10365 const u8 *dst, const u8 *src, 10366 const u8 *bssid, 10367 const u8 *data, size_t data_len, 10368 int no_cck) 10369{ 10370 struct wpa_driver_nl80211_data *drv = bss->drv; 10371 int ret = -1; 10372 u8 *buf; 10373 struct ieee80211_hdr *hdr; 10374 10375 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, " 10376 "freq=%u MHz wait=%d ms no_cck=%d)", 10377 drv->ifindex, freq, wait_time, no_cck); 10378 10379 buf = os_zalloc(24 + data_len); 10380 if (buf == NULL) 10381 return ret; 10382 os_memcpy(buf + 24, data, data_len); 10383 hdr = (struct ieee80211_hdr *) buf; 10384 hdr->frame_control = 10385 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 10386 os_memcpy(hdr->addr1, dst, ETH_ALEN); 10387 os_memcpy(hdr->addr2, src, ETH_ALEN); 10388 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 10389 10390 if (is_ap_interface(drv->nlmode) && 10391 (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) || 10392 (int) freq == bss->freq || drv->device_ap_sme || 10393 !drv->use_monitor)) 10394 ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len, 10395 0, freq, no_cck, 1, 10396 wait_time); 10397 else 10398 ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf, 10399 24 + data_len, 10400 &drv->send_action_cookie, 10401 no_cck, 0, 1); 10402 10403 os_free(buf); 10404 return ret; 10405} 10406 10407 10408static void wpa_driver_nl80211_send_action_cancel_wait(void *priv) 10409{ 10410 struct i802_bss *bss = priv; 10411 struct wpa_driver_nl80211_data *drv = bss->drv; 10412 struct nl_msg *msg; 10413 int ret; 10414 10415 msg = nlmsg_alloc(); 10416 if (!msg) 10417 return; 10418 10419 wpa_printf(MSG_DEBUG, "nl80211: Cancel TX frame wait: cookie=0x%llx", 10420 (long long unsigned int) drv->send_action_cookie); 10421 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL); 10422 10423 if (nl80211_set_iface_id(msg, bss) < 0) 10424 goto nla_put_failure; 10425 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie); 10426 10427 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10428 msg = NULL; 10429 if (ret) 10430 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d " 10431 "(%s)", ret, strerror(-ret)); 10432 10433 nla_put_failure: 10434 nlmsg_free(msg); 10435} 10436 10437 10438static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 10439 unsigned int duration) 10440{ 10441 struct i802_bss *bss = priv; 10442 struct wpa_driver_nl80211_data *drv = bss->drv; 10443 struct nl_msg *msg; 10444 int ret; 10445 u64 cookie; 10446 10447 msg = nlmsg_alloc(); 10448 if (!msg) 10449 return -1; 10450 10451 nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL); 10452 10453 if (nl80211_set_iface_id(msg, bss) < 0) 10454 goto nla_put_failure; 10455 10456 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 10457 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 10458 10459 cookie = 0; 10460 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 10461 msg = NULL; 10462 if (ret == 0) { 10463 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 10464 "0x%llx for freq=%u MHz duration=%u", 10465 (long long unsigned int) cookie, freq, duration); 10466 drv->remain_on_chan_cookie = cookie; 10467 drv->pending_remain_on_chan = 1; 10468 return 0; 10469 } 10470 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 10471 "(freq=%d duration=%u): %d (%s)", 10472 freq, duration, ret, strerror(-ret)); 10473nla_put_failure: 10474 nlmsg_free(msg); 10475 return -1; 10476} 10477 10478 10479static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 10480{ 10481 struct i802_bss *bss = priv; 10482 struct wpa_driver_nl80211_data *drv = bss->drv; 10483 struct nl_msg *msg; 10484 int ret; 10485 10486 if (!drv->pending_remain_on_chan) { 10487 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 10488 "to cancel"); 10489 return -1; 10490 } 10491 10492 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 10493 "0x%llx", 10494 (long long unsigned int) drv->remain_on_chan_cookie); 10495 10496 msg = nlmsg_alloc(); 10497 if (!msg) 10498 return -1; 10499 10500 nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL); 10501 10502 if (nl80211_set_iface_id(msg, bss) < 0) 10503 goto nla_put_failure; 10504 10505 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 10506 10507 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10508 msg = NULL; 10509 if (ret == 0) 10510 return 0; 10511 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 10512 "%d (%s)", ret, strerror(-ret)); 10513nla_put_failure: 10514 nlmsg_free(msg); 10515 return -1; 10516} 10517 10518 10519static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, int report) 10520{ 10521 struct wpa_driver_nl80211_data *drv = bss->drv; 10522 10523 if (!report) { 10524 if (bss->nl_preq && drv->device_ap_sme && 10525 is_ap_interface(drv->nlmode)) { 10526 /* 10527 * Do not disable Probe Request reporting that was 10528 * enabled in nl80211_setup_ap(). 10529 */ 10530 wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of " 10531 "Probe Request reporting nl_preq=%p while " 10532 "in AP mode", bss->nl_preq); 10533 } else if (bss->nl_preq) { 10534 wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request " 10535 "reporting nl_preq=%p", bss->nl_preq); 10536 nl80211_destroy_eloop_handle(&bss->nl_preq); 10537 } 10538 return 0; 10539 } 10540 10541 if (bss->nl_preq) { 10542 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting " 10543 "already on! nl_preq=%p", bss->nl_preq); 10544 return 0; 10545 } 10546 10547 bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq"); 10548 if (bss->nl_preq == NULL) 10549 return -1; 10550 wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request " 10551 "reporting nl_preq=%p", bss->nl_preq); 10552 10553 if (nl80211_register_frame(bss, bss->nl_preq, 10554 (WLAN_FC_TYPE_MGMT << 2) | 10555 (WLAN_FC_STYPE_PROBE_REQ << 4), 10556 NULL, 0) < 0) 10557 goto out_err; 10558 10559 nl80211_register_eloop_read(&bss->nl_preq, 10560 wpa_driver_nl80211_event_receive, 10561 bss->nl_cb); 10562 10563 return 0; 10564 10565 out_err: 10566 nl_destroy_handles(&bss->nl_preq); 10567 return -1; 10568} 10569 10570 10571static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 10572 int ifindex, int disabled) 10573{ 10574 struct nl_msg *msg; 10575 struct nlattr *bands, *band; 10576 int ret; 10577 10578 msg = nlmsg_alloc(); 10579 if (!msg) 10580 return -1; 10581 10582 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK); 10583 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 10584 10585 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 10586 if (!bands) 10587 goto nla_put_failure; 10588 10589 /* 10590 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 10591 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 10592 * rates. All 5 GHz rates are left enabled. 10593 */ 10594 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 10595 if (!band) 10596 goto nla_put_failure; 10597 if (disabled) { 10598 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 10599 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 10600 } 10601 nla_nest_end(msg, band); 10602 10603 nla_nest_end(msg, bands); 10604 10605 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10606 msg = NULL; 10607 if (ret) { 10608 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 10609 "(%s)", ret, strerror(-ret)); 10610 } else 10611 drv->disabled_11b_rates = disabled; 10612 10613 return ret; 10614 10615nla_put_failure: 10616 nlmsg_free(msg); 10617 return -1; 10618} 10619 10620 10621static int wpa_driver_nl80211_deinit_ap(void *priv) 10622{ 10623 struct i802_bss *bss = priv; 10624 struct wpa_driver_nl80211_data *drv = bss->drv; 10625 if (!is_ap_interface(drv->nlmode)) 10626 return -1; 10627 wpa_driver_nl80211_del_beacon(drv); 10628 10629 /* 10630 * If the P2P GO interface was dynamically added, then it is 10631 * possible that the interface change to station is not possible. 10632 */ 10633 if (drv->nlmode == NL80211_IFTYPE_P2P_GO && bss->if_dynamic) 10634 return 0; 10635 10636 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 10637} 10638 10639 10640static int wpa_driver_nl80211_stop_ap(void *priv) 10641{ 10642 struct i802_bss *bss = priv; 10643 struct wpa_driver_nl80211_data *drv = bss->drv; 10644 if (!is_ap_interface(drv->nlmode)) 10645 return -1; 10646 wpa_driver_nl80211_del_beacon(drv); 10647 bss->beacon_set = 0; 10648 return 0; 10649} 10650 10651 10652static int wpa_driver_nl80211_deinit_p2p_cli(void *priv) 10653{ 10654 struct i802_bss *bss = priv; 10655 struct wpa_driver_nl80211_data *drv = bss->drv; 10656 if (drv->nlmode != NL80211_IFTYPE_P2P_CLIENT) 10657 return -1; 10658 10659 /* 10660 * If the P2P Client interface was dynamically added, then it is 10661 * possible that the interface change to station is not possible. 10662 */ 10663 if (bss->if_dynamic) 10664 return 0; 10665 10666 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 10667} 10668 10669 10670static void wpa_driver_nl80211_resume(void *priv) 10671{ 10672 struct i802_bss *bss = priv; 10673 10674 if (i802_set_iface_flags(bss, 1)) 10675 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event"); 10676} 10677 10678 10679static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 10680 const u8 *ies, size_t ies_len) 10681{ 10682 struct i802_bss *bss = priv; 10683 struct wpa_driver_nl80211_data *drv = bss->drv; 10684 int ret; 10685 u8 *data, *pos; 10686 size_t data_len; 10687 const u8 *own_addr = bss->addr; 10688 10689 if (action != 1) { 10690 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 10691 "action %d", action); 10692 return -1; 10693 } 10694 10695 /* 10696 * Action frame payload: 10697 * Category[1] = 6 (Fast BSS Transition) 10698 * Action[1] = 1 (Fast BSS Transition Request) 10699 * STA Address 10700 * Target AP Address 10701 * FT IEs 10702 */ 10703 10704 data_len = 2 + 2 * ETH_ALEN + ies_len; 10705 data = os_malloc(data_len); 10706 if (data == NULL) 10707 return -1; 10708 pos = data; 10709 *pos++ = 0x06; /* FT Action category */ 10710 *pos++ = action; 10711 os_memcpy(pos, own_addr, ETH_ALEN); 10712 pos += ETH_ALEN; 10713 os_memcpy(pos, target_ap, ETH_ALEN); 10714 pos += ETH_ALEN; 10715 os_memcpy(pos, ies, ies_len); 10716 10717 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0, 10718 drv->bssid, own_addr, drv->bssid, 10719 data, data_len, 0); 10720 os_free(data); 10721 10722 return ret; 10723} 10724 10725 10726static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 10727{ 10728 struct i802_bss *bss = priv; 10729 struct wpa_driver_nl80211_data *drv = bss->drv; 10730 struct nl_msg *msg; 10731 struct nlattr *cqm; 10732 int ret = -1; 10733 10734 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 10735 "hysteresis=%d", threshold, hysteresis); 10736 10737 msg = nlmsg_alloc(); 10738 if (!msg) 10739 return -1; 10740 10741 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM); 10742 10743 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10744 10745 cqm = nla_nest_start(msg, NL80211_ATTR_CQM); 10746 if (cqm == NULL) 10747 goto nla_put_failure; 10748 10749 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 10750 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 10751 nla_nest_end(msg, cqm); 10752 10753 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10754 msg = NULL; 10755 10756nla_put_failure: 10757 nlmsg_free(msg); 10758 return ret; 10759} 10760 10761 10762static int get_channel_width(struct nl_msg *msg, void *arg) 10763{ 10764 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10765 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10766 struct wpa_signal_info *sig_change = arg; 10767 10768 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10769 genlmsg_attrlen(gnlh, 0), NULL); 10770 10771 sig_change->center_frq1 = -1; 10772 sig_change->center_frq2 = -1; 10773 sig_change->chanwidth = CHAN_WIDTH_UNKNOWN; 10774 10775 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) { 10776 sig_change->chanwidth = convert2width( 10777 nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH])); 10778 if (tb[NL80211_ATTR_CENTER_FREQ1]) 10779 sig_change->center_frq1 = 10780 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 10781 if (tb[NL80211_ATTR_CENTER_FREQ2]) 10782 sig_change->center_frq2 = 10783 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 10784 } 10785 10786 return NL_SKIP; 10787} 10788 10789 10790static int nl80211_get_channel_width(struct wpa_driver_nl80211_data *drv, 10791 struct wpa_signal_info *sig) 10792{ 10793 struct nl_msg *msg; 10794 10795 msg = nlmsg_alloc(); 10796 if (!msg) 10797 return -ENOMEM; 10798 10799 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_INTERFACE); 10800 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10801 10802 return send_and_recv_msgs(drv, msg, get_channel_width, sig); 10803 10804nla_put_failure: 10805 nlmsg_free(msg); 10806 return -ENOBUFS; 10807} 10808 10809 10810static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si) 10811{ 10812 struct i802_bss *bss = priv; 10813 struct wpa_driver_nl80211_data *drv = bss->drv; 10814 int res; 10815 10816 os_memset(si, 0, sizeof(*si)); 10817 res = nl80211_get_link_signal(drv, si); 10818 if (res != 0) 10819 return res; 10820 10821 res = nl80211_get_channel_width(drv, si); 10822 if (res != 0) 10823 return res; 10824 10825 return nl80211_get_link_noise(drv, si); 10826} 10827 10828 10829static int wpa_driver_nl80211_shared_freq(void *priv) 10830{ 10831 struct i802_bss *bss = priv; 10832 struct wpa_driver_nl80211_data *drv = bss->drv; 10833 struct wpa_driver_nl80211_data *driver; 10834 int freq = 0; 10835 10836 /* 10837 * If the same PHY is in connected state with some other interface, 10838 * then retrieve the assoc freq. 10839 */ 10840 wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s", 10841 drv->phyname); 10842 10843 dl_list_for_each(driver, &drv->global->interfaces, 10844 struct wpa_driver_nl80211_data, list) { 10845 if (drv == driver || 10846 os_strcmp(drv->phyname, driver->phyname) != 0 || 10847 !driver->associated) 10848 continue; 10849 10850 wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s " 10851 MACSTR, 10852 driver->phyname, driver->first_bss->ifname, 10853 MAC2STR(driver->first_bss->addr)); 10854 if (is_ap_interface(driver->nlmode)) 10855 freq = driver->first_bss->freq; 10856 else 10857 freq = nl80211_get_assoc_freq(driver); 10858 wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d", 10859 drv->phyname, freq); 10860 } 10861 10862 if (!freq) 10863 wpa_printf(MSG_DEBUG, "nl80211: No shared interface for " 10864 "PHY (%s) in associated state", drv->phyname); 10865 10866 return freq; 10867} 10868 10869 10870static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 10871 int encrypt) 10872{ 10873 struct i802_bss *bss = priv; 10874 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0, 10875 0, 0, 0, 0); 10876} 10877 10878 10879static int nl80211_set_param(void *priv, const char *param) 10880{ 10881 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param); 10882 if (param == NULL) 10883 return 0; 10884 10885#ifdef CONFIG_P2P 10886 if (os_strstr(param, "use_p2p_group_interface=1")) { 10887 struct i802_bss *bss = priv; 10888 struct wpa_driver_nl80211_data *drv = bss->drv; 10889 10890 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 10891 "interface"); 10892 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 10893 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 10894 } 10895 10896 if (os_strstr(param, "p2p_device=1")) { 10897 struct i802_bss *bss = priv; 10898 struct wpa_driver_nl80211_data *drv = bss->drv; 10899 drv->allow_p2p_device = 1; 10900 } 10901#endif /* CONFIG_P2P */ 10902 10903 if (os_strstr(param, "use_monitor=1")) { 10904 struct i802_bss *bss = priv; 10905 struct wpa_driver_nl80211_data *drv = bss->drv; 10906 drv->use_monitor = 1; 10907 } 10908 10909 if (os_strstr(param, "force_connect_cmd=1")) { 10910 struct i802_bss *bss = priv; 10911 struct wpa_driver_nl80211_data *drv = bss->drv; 10912 drv->capa.flags &= ~WPA_DRIVER_FLAGS_SME; 10913 } 10914 10915 if (os_strstr(param, "no_offchannel_tx=1")) { 10916 struct i802_bss *bss = priv; 10917 struct wpa_driver_nl80211_data *drv = bss->drv; 10918 drv->capa.flags &= ~WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 10919 drv->test_use_roc_tx = 1; 10920 } 10921 10922 return 0; 10923} 10924 10925 10926static void * nl80211_global_init(void) 10927{ 10928 struct nl80211_global *global; 10929 struct netlink_config *cfg; 10930 10931 global = os_zalloc(sizeof(*global)); 10932 if (global == NULL) 10933 return NULL; 10934 global->ioctl_sock = -1; 10935 dl_list_init(&global->interfaces); 10936 global->if_add_ifindex = -1; 10937 10938 cfg = os_zalloc(sizeof(*cfg)); 10939 if (cfg == NULL) 10940 goto err; 10941 10942 cfg->ctx = global; 10943 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 10944 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 10945 global->netlink = netlink_init(cfg); 10946 if (global->netlink == NULL) { 10947 os_free(cfg); 10948 goto err; 10949 } 10950 10951 if (wpa_driver_nl80211_init_nl_global(global) < 0) 10952 goto err; 10953 10954 global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 10955 if (global->ioctl_sock < 0) { 10956 wpa_printf(MSG_ERROR, "nl80211: socket(PF_INET,SOCK_DGRAM) failed: %s", 10957 strerror(errno)); 10958 goto err; 10959 } 10960 10961 return global; 10962 10963err: 10964 nl80211_global_deinit(global); 10965 return NULL; 10966} 10967 10968 10969static void nl80211_global_deinit(void *priv) 10970{ 10971 struct nl80211_global *global = priv; 10972 if (global == NULL) 10973 return; 10974 if (!dl_list_empty(&global->interfaces)) { 10975 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at " 10976 "nl80211_global_deinit", 10977 dl_list_len(&global->interfaces)); 10978 } 10979 10980 if (global->netlink) 10981 netlink_deinit(global->netlink); 10982 10983 nl_destroy_handles(&global->nl); 10984 10985 if (global->nl_event) 10986 nl80211_destroy_eloop_handle(&global->nl_event); 10987 10988 nl_cb_put(global->nl_cb); 10989 10990 if (global->ioctl_sock >= 0) 10991 close(global->ioctl_sock); 10992 10993 os_free(global); 10994} 10995 10996 10997static const char * nl80211_get_radio_name(void *priv) 10998{ 10999 struct i802_bss *bss = priv; 11000 struct wpa_driver_nl80211_data *drv = bss->drv; 11001 return drv->phyname; 11002} 11003 11004 11005static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid, 11006 const u8 *pmkid) 11007{ 11008 struct nl_msg *msg; 11009 11010 msg = nlmsg_alloc(); 11011 if (!msg) 11012 return -ENOMEM; 11013 11014 nl80211_cmd(bss->drv, msg, 0, cmd); 11015 11016 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 11017 if (pmkid) 11018 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid); 11019 if (bssid) 11020 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 11021 11022 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 11023 nla_put_failure: 11024 nlmsg_free(msg); 11025 return -ENOBUFS; 11026} 11027 11028 11029static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 11030{ 11031 struct i802_bss *bss = priv; 11032 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid)); 11033 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid); 11034} 11035 11036 11037static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 11038{ 11039 struct i802_bss *bss = priv; 11040 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR, 11041 MAC2STR(bssid)); 11042 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid); 11043} 11044 11045 11046static int nl80211_flush_pmkid(void *priv) 11047{ 11048 struct i802_bss *bss = priv; 11049 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs"); 11050 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL); 11051} 11052 11053 11054static void clean_survey_results(struct survey_results *survey_results) 11055{ 11056 struct freq_survey *survey, *tmp; 11057 11058 if (dl_list_empty(&survey_results->survey_list)) 11059 return; 11060 11061 dl_list_for_each_safe(survey, tmp, &survey_results->survey_list, 11062 struct freq_survey, list) { 11063 dl_list_del(&survey->list); 11064 os_free(survey); 11065 } 11066} 11067 11068 11069static void add_survey(struct nlattr **sinfo, u32 ifidx, 11070 struct dl_list *survey_list) 11071{ 11072 struct freq_survey *survey; 11073 11074 survey = os_zalloc(sizeof(struct freq_survey)); 11075 if (!survey) 11076 return; 11077 11078 survey->ifidx = ifidx; 11079 survey->freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 11080 survey->filled = 0; 11081 11082 if (sinfo[NL80211_SURVEY_INFO_NOISE]) { 11083 survey->nf = (int8_t) 11084 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 11085 survey->filled |= SURVEY_HAS_NF; 11086 } 11087 11088 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]) { 11089 survey->channel_time = 11090 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]); 11091 survey->filled |= SURVEY_HAS_CHAN_TIME; 11092 } 11093 11094 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]) { 11095 survey->channel_time_busy = 11096 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]); 11097 survey->filled |= SURVEY_HAS_CHAN_TIME_BUSY; 11098 } 11099 11100 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]) { 11101 survey->channel_time_rx = 11102 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]); 11103 survey->filled |= SURVEY_HAS_CHAN_TIME_RX; 11104 } 11105 11106 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]) { 11107 survey->channel_time_tx = 11108 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]); 11109 survey->filled |= SURVEY_HAS_CHAN_TIME_TX; 11110 } 11111 11112 wpa_printf(MSG_DEBUG, "nl80211: Freq survey dump event (freq=%d MHz noise=%d channel_time=%ld busy_time=%ld tx_time=%ld rx_time=%ld filled=%04x)", 11113 survey->freq, 11114 survey->nf, 11115 (unsigned long int) survey->channel_time, 11116 (unsigned long int) survey->channel_time_busy, 11117 (unsigned long int) survey->channel_time_tx, 11118 (unsigned long int) survey->channel_time_rx, 11119 survey->filled); 11120 11121 dl_list_add_tail(survey_list, &survey->list); 11122} 11123 11124 11125static int check_survey_ok(struct nlattr **sinfo, u32 surveyed_freq, 11126 unsigned int freq_filter) 11127{ 11128 if (!freq_filter) 11129 return 1; 11130 11131 return freq_filter == surveyed_freq; 11132} 11133 11134 11135static int survey_handler(struct nl_msg *msg, void *arg) 11136{ 11137 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 11138 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 11139 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 11140 struct survey_results *survey_results; 11141 u32 surveyed_freq = 0; 11142 u32 ifidx; 11143 11144 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 11145 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 11146 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 11147 }; 11148 11149 survey_results = (struct survey_results *) arg; 11150 11151 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 11152 genlmsg_attrlen(gnlh, 0), NULL); 11153 11154 if (!tb[NL80211_ATTR_IFINDEX]) 11155 return NL_SKIP; 11156 11157 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 11158 11159 if (!tb[NL80211_ATTR_SURVEY_INFO]) 11160 return NL_SKIP; 11161 11162 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 11163 tb[NL80211_ATTR_SURVEY_INFO], 11164 survey_policy)) 11165 return NL_SKIP; 11166 11167 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) { 11168 wpa_printf(MSG_ERROR, "nl80211: Invalid survey data"); 11169 return NL_SKIP; 11170 } 11171 11172 surveyed_freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 11173 11174 if (!check_survey_ok(sinfo, surveyed_freq, 11175 survey_results->freq_filter)) 11176 return NL_SKIP; 11177 11178 if (survey_results->freq_filter && 11179 survey_results->freq_filter != surveyed_freq) { 11180 wpa_printf(MSG_EXCESSIVE, "nl80211: Ignoring survey data for freq %d MHz", 11181 surveyed_freq); 11182 return NL_SKIP; 11183 } 11184 11185 add_survey(sinfo, ifidx, &survey_results->survey_list); 11186 11187 return NL_SKIP; 11188} 11189 11190 11191static int wpa_driver_nl80211_get_survey(void *priv, unsigned int freq) 11192{ 11193 struct i802_bss *bss = priv; 11194 struct wpa_driver_nl80211_data *drv = bss->drv; 11195 struct nl_msg *msg; 11196 int err = -ENOBUFS; 11197 union wpa_event_data data; 11198 struct survey_results *survey_results; 11199 11200 os_memset(&data, 0, sizeof(data)); 11201 survey_results = &data.survey_results; 11202 11203 dl_list_init(&survey_results->survey_list); 11204 11205 msg = nlmsg_alloc(); 11206 if (!msg) 11207 goto nla_put_failure; 11208 11209 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 11210 11211 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11212 11213 if (freq) 11214 data.survey_results.freq_filter = freq; 11215 11216 do { 11217 wpa_printf(MSG_DEBUG, "nl80211: Fetch survey data"); 11218 err = send_and_recv_msgs(drv, msg, survey_handler, 11219 survey_results); 11220 } while (err > 0); 11221 11222 if (err) { 11223 wpa_printf(MSG_ERROR, "nl80211: Failed to process survey data"); 11224 goto out_clean; 11225 } 11226 11227 wpa_supplicant_event(drv->ctx, EVENT_SURVEY, &data); 11228 11229out_clean: 11230 clean_survey_results(survey_results); 11231nla_put_failure: 11232 return err; 11233} 11234 11235 11236static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck, 11237 const u8 *replay_ctr) 11238{ 11239 struct i802_bss *bss = priv; 11240 struct wpa_driver_nl80211_data *drv = bss->drv; 11241 struct nlattr *replay_nested; 11242 struct nl_msg *msg; 11243 11244 msg = nlmsg_alloc(); 11245 if (!msg) 11246 return; 11247 11248 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 11249 11250 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 11251 11252 replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 11253 if (!replay_nested) 11254 goto nla_put_failure; 11255 11256 NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek); 11257 NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck); 11258 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN, 11259 replay_ctr); 11260 11261 nla_nest_end(msg, replay_nested); 11262 11263 send_and_recv_msgs(drv, msg, NULL, NULL); 11264 return; 11265 nla_put_failure: 11266 nlmsg_free(msg); 11267} 11268 11269 11270static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr, 11271 const u8 *addr, int qos) 11272{ 11273 /* send data frame to poll STA and check whether 11274 * this frame is ACKed */ 11275 struct { 11276 struct ieee80211_hdr hdr; 11277 u16 qos_ctl; 11278 } STRUCT_PACKED nulldata; 11279 size_t size; 11280 11281 /* Send data frame to poll STA and check whether this frame is ACKed */ 11282 11283 os_memset(&nulldata, 0, sizeof(nulldata)); 11284 11285 if (qos) { 11286 nulldata.hdr.frame_control = 11287 IEEE80211_FC(WLAN_FC_TYPE_DATA, 11288 WLAN_FC_STYPE_QOS_NULL); 11289 size = sizeof(nulldata); 11290 } else { 11291 nulldata.hdr.frame_control = 11292 IEEE80211_FC(WLAN_FC_TYPE_DATA, 11293 WLAN_FC_STYPE_NULLFUNC); 11294 size = sizeof(struct ieee80211_hdr); 11295 } 11296 11297 nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS); 11298 os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN); 11299 os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 11300 os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 11301 11302 if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0, 11303 0, 0) < 0) 11304 wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to " 11305 "send poll frame"); 11306} 11307 11308static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr, 11309 int qos) 11310{ 11311 struct i802_bss *bss = priv; 11312 struct wpa_driver_nl80211_data *drv = bss->drv; 11313 struct nl_msg *msg; 11314 11315 if (!drv->poll_command_supported) { 11316 nl80211_send_null_frame(bss, own_addr, addr, qos); 11317 return; 11318 } 11319 11320 msg = nlmsg_alloc(); 11321 if (!msg) 11322 return; 11323 11324 nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT); 11325 11326 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 11327 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 11328 11329 send_and_recv_msgs(drv, msg, NULL, NULL); 11330 return; 11331 nla_put_failure: 11332 nlmsg_free(msg); 11333} 11334 11335 11336static int nl80211_set_power_save(struct i802_bss *bss, int enabled) 11337{ 11338 struct nl_msg *msg; 11339 11340 msg = nlmsg_alloc(); 11341 if (!msg) 11342 return -ENOMEM; 11343 11344 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_SET_POWER_SAVE); 11345 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 11346 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, 11347 enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED); 11348 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 11349nla_put_failure: 11350 nlmsg_free(msg); 11351 return -ENOBUFS; 11352} 11353 11354 11355static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps, 11356 int ctwindow) 11357{ 11358 struct i802_bss *bss = priv; 11359 11360 wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d " 11361 "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow); 11362 11363 if (opp_ps != -1 || ctwindow != -1) { 11364#ifdef ANDROID_P2P 11365 wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow); 11366#else /* ANDROID_P2P */ 11367 return -1; /* Not yet supported */ 11368#endif /* ANDROID_P2P */ 11369 } 11370 11371 if (legacy_ps == -1) 11372 return 0; 11373 if (legacy_ps != 0 && legacy_ps != 1) 11374 return -1; /* Not yet supported */ 11375 11376 return nl80211_set_power_save(bss, legacy_ps); 11377} 11378 11379 11380static int nl80211_start_radar_detection(void *priv, 11381 struct hostapd_freq_params *freq) 11382{ 11383 struct i802_bss *bss = priv; 11384 struct wpa_driver_nl80211_data *drv = bss->drv; 11385 struct nl_msg *msg; 11386 int ret; 11387 11388 wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)", 11389 freq->freq, freq->ht_enabled, freq->vht_enabled, 11390 freq->bandwidth, freq->center_freq1, freq->center_freq2); 11391 11392 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) { 11393 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support radar " 11394 "detection"); 11395 return -1; 11396 } 11397 11398 msg = nlmsg_alloc(); 11399 if (!msg) 11400 return -1; 11401 11402 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_RADAR_DETECT); 11403 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11404 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq); 11405 11406 if (freq->vht_enabled) { 11407 switch (freq->bandwidth) { 11408 case 20: 11409 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11410 NL80211_CHAN_WIDTH_20); 11411 break; 11412 case 40: 11413 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11414 NL80211_CHAN_WIDTH_40); 11415 break; 11416 case 80: 11417 if (freq->center_freq2) 11418 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11419 NL80211_CHAN_WIDTH_80P80); 11420 else 11421 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11422 NL80211_CHAN_WIDTH_80); 11423 break; 11424 case 160: 11425 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11426 NL80211_CHAN_WIDTH_160); 11427 break; 11428 default: 11429 return -1; 11430 } 11431 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1); 11432 if (freq->center_freq2) 11433 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2, 11434 freq->center_freq2); 11435 } else if (freq->ht_enabled) { 11436 switch (freq->sec_channel_offset) { 11437 case -1: 11438 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11439 NL80211_CHAN_HT40MINUS); 11440 break; 11441 case 1: 11442 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11443 NL80211_CHAN_HT40PLUS); 11444 break; 11445 default: 11446 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11447 NL80211_CHAN_HT20); 11448 break; 11449 } 11450 } 11451 11452 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11453 if (ret == 0) 11454 return 0; 11455 wpa_printf(MSG_DEBUG, "nl80211: Failed to start radar detection: " 11456 "%d (%s)", ret, strerror(-ret)); 11457nla_put_failure: 11458 return -1; 11459} 11460 11461#ifdef CONFIG_TDLS 11462 11463static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code, 11464 u8 dialog_token, u16 status_code, 11465 u32 peer_capab, const u8 *buf, size_t len) 11466{ 11467 struct i802_bss *bss = priv; 11468 struct wpa_driver_nl80211_data *drv = bss->drv; 11469 struct nl_msg *msg; 11470 11471 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 11472 return -EOPNOTSUPP; 11473 11474 if (!dst) 11475 return -EINVAL; 11476 11477 msg = nlmsg_alloc(); 11478 if (!msg) 11479 return -ENOMEM; 11480 11481 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT); 11482 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11483 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 11484 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code); 11485 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token); 11486 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code); 11487 if (peer_capab) { 11488 /* 11489 * The internal enum tdls_peer_capability definition is 11490 * currently identical with the nl80211 enum 11491 * nl80211_tdls_peer_capability, so no conversion is needed 11492 * here. 11493 */ 11494 NLA_PUT_U32(msg, NL80211_ATTR_TDLS_PEER_CAPABILITY, peer_capab); 11495 } 11496 NLA_PUT(msg, NL80211_ATTR_IE, len, buf); 11497 11498 return send_and_recv_msgs(drv, msg, NULL, NULL); 11499 11500nla_put_failure: 11501 nlmsg_free(msg); 11502 return -ENOBUFS; 11503} 11504 11505 11506static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer) 11507{ 11508 struct i802_bss *bss = priv; 11509 struct wpa_driver_nl80211_data *drv = bss->drv; 11510 struct nl_msg *msg; 11511 enum nl80211_tdls_operation nl80211_oper; 11512 11513 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 11514 return -EOPNOTSUPP; 11515 11516 switch (oper) { 11517 case TDLS_DISCOVERY_REQ: 11518 nl80211_oper = NL80211_TDLS_DISCOVERY_REQ; 11519 break; 11520 case TDLS_SETUP: 11521 nl80211_oper = NL80211_TDLS_SETUP; 11522 break; 11523 case TDLS_TEARDOWN: 11524 nl80211_oper = NL80211_TDLS_TEARDOWN; 11525 break; 11526 case TDLS_ENABLE_LINK: 11527 nl80211_oper = NL80211_TDLS_ENABLE_LINK; 11528 break; 11529 case TDLS_DISABLE_LINK: 11530 nl80211_oper = NL80211_TDLS_DISABLE_LINK; 11531 break; 11532 case TDLS_ENABLE: 11533 return 0; 11534 case TDLS_DISABLE: 11535 return 0; 11536 default: 11537 return -EINVAL; 11538 } 11539 11540 msg = nlmsg_alloc(); 11541 if (!msg) 11542 return -ENOMEM; 11543 11544 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER); 11545 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper); 11546 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11547 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer); 11548 11549 return send_and_recv_msgs(drv, msg, NULL, NULL); 11550 11551nla_put_failure: 11552 nlmsg_free(msg); 11553 return -ENOBUFS; 11554} 11555 11556#endif /* CONFIG TDLS */ 11557 11558 11559#ifdef ANDROID 11560 11561typedef struct android_wifi_priv_cmd { 11562 char *buf; 11563 int used_len; 11564 int total_len; 11565} android_wifi_priv_cmd; 11566 11567static int drv_errors = 0; 11568 11569static void wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data *drv) 11570{ 11571 drv_errors++; 11572 if (drv_errors > DRV_NUMBER_SEQUENTIAL_ERRORS) { 11573 drv_errors = 0; 11574 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED"); 11575 } 11576} 11577 11578 11579static int android_priv_cmd(struct i802_bss *bss, const char *cmd) 11580{ 11581 struct wpa_driver_nl80211_data *drv = bss->drv; 11582 struct ifreq ifr; 11583 android_wifi_priv_cmd priv_cmd; 11584 char buf[MAX_DRV_CMD_SIZE]; 11585 int ret; 11586 11587 os_memset(&ifr, 0, sizeof(ifr)); 11588 os_memset(&priv_cmd, 0, sizeof(priv_cmd)); 11589 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 11590 11591 os_memset(buf, 0, sizeof(buf)); 11592 os_strlcpy(buf, cmd, sizeof(buf)); 11593 11594 priv_cmd.buf = buf; 11595 priv_cmd.used_len = sizeof(buf); 11596 priv_cmd.total_len = sizeof(buf); 11597 ifr.ifr_data = &priv_cmd; 11598 11599 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 11600 if (ret < 0) { 11601 wpa_printf(MSG_ERROR, "%s: failed to issue private commands", 11602 __func__); 11603 wpa_driver_send_hang_msg(drv); 11604 return ret; 11605 } 11606 11607 drv_errors = 0; 11608 return 0; 11609} 11610 11611 11612static int android_pno_start(struct i802_bss *bss, 11613 struct wpa_driver_scan_params *params) 11614{ 11615 struct wpa_driver_nl80211_data *drv = bss->drv; 11616 struct ifreq ifr; 11617 android_wifi_priv_cmd priv_cmd; 11618 int ret = 0, i = 0, bp; 11619 char buf[WEXT_PNO_MAX_COMMAND_SIZE]; 11620 11621 bp = WEXT_PNOSETUP_HEADER_SIZE; 11622 os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp); 11623 buf[bp++] = WEXT_PNO_TLV_PREFIX; 11624 buf[bp++] = WEXT_PNO_TLV_VERSION; 11625 buf[bp++] = WEXT_PNO_TLV_SUBVERSION; 11626 buf[bp++] = WEXT_PNO_TLV_RESERVED; 11627 11628 while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) { 11629 /* Check that there is enough space needed for 1 more SSID, the 11630 * other sections and null termination */ 11631 if ((bp + WEXT_PNO_SSID_HEADER_SIZE + MAX_SSID_LEN + 11632 WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf)) 11633 break; 11634 wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan", 11635 params->ssids[i].ssid, 11636 params->ssids[i].ssid_len); 11637 buf[bp++] = WEXT_PNO_SSID_SECTION; 11638 buf[bp++] = params->ssids[i].ssid_len; 11639 os_memcpy(&buf[bp], params->ssids[i].ssid, 11640 params->ssids[i].ssid_len); 11641 bp += params->ssids[i].ssid_len; 11642 i++; 11643 } 11644 11645 buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION; 11646 os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x", 11647 WEXT_PNO_SCAN_INTERVAL); 11648 bp += WEXT_PNO_SCAN_INTERVAL_LENGTH; 11649 11650 buf[bp++] = WEXT_PNO_REPEAT_SECTION; 11651 os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x", 11652 WEXT_PNO_REPEAT); 11653 bp += WEXT_PNO_REPEAT_LENGTH; 11654 11655 buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION; 11656 os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x", 11657 WEXT_PNO_MAX_REPEAT); 11658 bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1; 11659 11660 memset(&ifr, 0, sizeof(ifr)); 11661 memset(&priv_cmd, 0, sizeof(priv_cmd)); 11662 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 11663 11664 priv_cmd.buf = buf; 11665 priv_cmd.used_len = bp; 11666 priv_cmd.total_len = bp; 11667 ifr.ifr_data = &priv_cmd; 11668 11669 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 11670 11671 if (ret < 0) { 11672 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d", 11673 ret); 11674 wpa_driver_send_hang_msg(drv); 11675 return ret; 11676 } 11677 11678 drv_errors = 0; 11679 11680 return android_priv_cmd(bss, "PNOFORCE 1"); 11681} 11682 11683 11684static int android_pno_stop(struct i802_bss *bss) 11685{ 11686 return android_priv_cmd(bss, "PNOFORCE 0"); 11687} 11688 11689#endif /* ANDROID */ 11690 11691 11692static int driver_nl80211_set_key(const char *ifname, void *priv, 11693 enum wpa_alg alg, const u8 *addr, 11694 int key_idx, int set_tx, 11695 const u8 *seq, size_t seq_len, 11696 const u8 *key, size_t key_len) 11697{ 11698 struct i802_bss *bss = priv; 11699 return wpa_driver_nl80211_set_key(ifname, bss, alg, addr, key_idx, 11700 set_tx, seq, seq_len, key, key_len); 11701} 11702 11703 11704static int driver_nl80211_scan2(void *priv, 11705 struct wpa_driver_scan_params *params) 11706{ 11707 struct i802_bss *bss = priv; 11708 return wpa_driver_nl80211_scan(bss, params); 11709} 11710 11711 11712static int driver_nl80211_deauthenticate(void *priv, const u8 *addr, 11713 int reason_code) 11714{ 11715 struct i802_bss *bss = priv; 11716 return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code); 11717} 11718 11719 11720static int driver_nl80211_authenticate(void *priv, 11721 struct wpa_driver_auth_params *params) 11722{ 11723 struct i802_bss *bss = priv; 11724 return wpa_driver_nl80211_authenticate(bss, params); 11725} 11726 11727 11728static void driver_nl80211_deinit(void *priv) 11729{ 11730 struct i802_bss *bss = priv; 11731 wpa_driver_nl80211_deinit(bss); 11732} 11733 11734 11735static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type, 11736 const char *ifname) 11737{ 11738 struct i802_bss *bss = priv; 11739 return wpa_driver_nl80211_if_remove(bss, type, ifname); 11740} 11741 11742 11743static int driver_nl80211_send_mlme(void *priv, const u8 *data, 11744 size_t data_len, int noack) 11745{ 11746 struct i802_bss *bss = priv; 11747 return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack, 11748 0, 0, 0, 0); 11749} 11750 11751 11752static int driver_nl80211_sta_remove(void *priv, const u8 *addr) 11753{ 11754 struct i802_bss *bss = priv; 11755 return wpa_driver_nl80211_sta_remove(bss, addr); 11756} 11757 11758 11759static int driver_nl80211_set_sta_vlan(void *priv, const u8 *addr, 11760 const char *ifname, int vlan_id) 11761{ 11762 struct i802_bss *bss = priv; 11763 return i802_set_sta_vlan(bss, addr, ifname, vlan_id); 11764} 11765 11766 11767static int driver_nl80211_read_sta_data(void *priv, 11768 struct hostap_sta_driver_data *data, 11769 const u8 *addr) 11770{ 11771 struct i802_bss *bss = priv; 11772 return i802_read_sta_data(bss, data, addr); 11773} 11774 11775 11776static int driver_nl80211_send_action(void *priv, unsigned int freq, 11777 unsigned int wait_time, 11778 const u8 *dst, const u8 *src, 11779 const u8 *bssid, 11780 const u8 *data, size_t data_len, 11781 int no_cck) 11782{ 11783 struct i802_bss *bss = priv; 11784 return wpa_driver_nl80211_send_action(bss, freq, wait_time, dst, src, 11785 bssid, data, data_len, no_cck); 11786} 11787 11788 11789static int driver_nl80211_probe_req_report(void *priv, int report) 11790{ 11791 struct i802_bss *bss = priv; 11792 return wpa_driver_nl80211_probe_req_report(bss, report); 11793} 11794 11795 11796static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md, 11797 const u8 *ies, size_t ies_len) 11798{ 11799 int ret; 11800 struct nl_msg *msg; 11801 struct i802_bss *bss = priv; 11802 struct wpa_driver_nl80211_data *drv = bss->drv; 11803 u16 mdid = WPA_GET_LE16(md); 11804 11805 msg = nlmsg_alloc(); 11806 if (!msg) 11807 return -ENOMEM; 11808 11809 wpa_printf(MSG_DEBUG, "nl80211: Updating FT IEs"); 11810 nl80211_cmd(drv, msg, 0, NL80211_CMD_UPDATE_FT_IES); 11811 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11812 NLA_PUT(msg, NL80211_ATTR_IE, ies_len, ies); 11813 NLA_PUT_U16(msg, NL80211_ATTR_MDID, mdid); 11814 11815 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11816 if (ret) { 11817 wpa_printf(MSG_DEBUG, "nl80211: update_ft_ies failed " 11818 "err=%d (%s)", ret, strerror(-ret)); 11819 } 11820 11821 return ret; 11822 11823nla_put_failure: 11824 nlmsg_free(msg); 11825 return -ENOBUFS; 11826} 11827 11828 11829const u8 * wpa_driver_nl80211_get_macaddr(void *priv) 11830{ 11831 struct i802_bss *bss = priv; 11832 struct wpa_driver_nl80211_data *drv = bss->drv; 11833 11834 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) 11835 return NULL; 11836 11837 return bss->addr; 11838} 11839 11840 11841static const char * scan_state_str(enum scan_states scan_state) 11842{ 11843 switch (scan_state) { 11844 case NO_SCAN: 11845 return "NO_SCAN"; 11846 case SCAN_REQUESTED: 11847 return "SCAN_REQUESTED"; 11848 case SCAN_STARTED: 11849 return "SCAN_STARTED"; 11850 case SCAN_COMPLETED: 11851 return "SCAN_COMPLETED"; 11852 case SCAN_ABORTED: 11853 return "SCAN_ABORTED"; 11854 case SCHED_SCAN_STARTED: 11855 return "SCHED_SCAN_STARTED"; 11856 case SCHED_SCAN_STOPPED: 11857 return "SCHED_SCAN_STOPPED"; 11858 case SCHED_SCAN_RESULTS: 11859 return "SCHED_SCAN_RESULTS"; 11860 } 11861 11862 return "??"; 11863} 11864 11865 11866static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen) 11867{ 11868 struct i802_bss *bss = priv; 11869 struct wpa_driver_nl80211_data *drv = bss->drv; 11870 int res; 11871 char *pos, *end; 11872 11873 pos = buf; 11874 end = buf + buflen; 11875 11876 res = os_snprintf(pos, end - pos, 11877 "ifindex=%d\n" 11878 "ifname=%s\n" 11879 "brname=%s\n" 11880 "addr=" MACSTR "\n" 11881 "freq=%d\n" 11882 "%s%s%s%s%s", 11883 bss->ifindex, 11884 bss->ifname, 11885 bss->brname, 11886 MAC2STR(bss->addr), 11887 bss->freq, 11888 bss->beacon_set ? "beacon_set=1\n" : "", 11889 bss->added_if_into_bridge ? 11890 "added_if_into_bridge=1\n" : "", 11891 bss->added_bridge ? "added_bridge=1\n" : "", 11892 bss->in_deinit ? "in_deinit=1\n" : "", 11893 bss->if_dynamic ? "if_dynamic=1\n" : ""); 11894 if (res < 0 || res >= end - pos) 11895 return pos - buf; 11896 pos += res; 11897 11898 if (bss->wdev_id_set) { 11899 res = os_snprintf(pos, end - pos, "wdev_id=%llu\n", 11900 (unsigned long long) bss->wdev_id); 11901 if (res < 0 || res >= end - pos) 11902 return pos - buf; 11903 pos += res; 11904 } 11905 11906 res = os_snprintf(pos, end - pos, 11907 "phyname=%s\n" 11908 "drv_ifindex=%d\n" 11909 "operstate=%d\n" 11910 "scan_state=%s\n" 11911 "auth_bssid=" MACSTR "\n" 11912 "auth_attempt_bssid=" MACSTR "\n" 11913 "bssid=" MACSTR "\n" 11914 "prev_bssid=" MACSTR "\n" 11915 "associated=%d\n" 11916 "assoc_freq=%u\n" 11917 "monitor_sock=%d\n" 11918 "monitor_ifidx=%d\n" 11919 "monitor_refcount=%d\n" 11920 "last_mgmt_freq=%u\n" 11921 "eapol_tx_sock=%d\n" 11922 "%s%s%s%s%s%s%s%s%s%s%s%s%s%s", 11923 drv->phyname, 11924 drv->ifindex, 11925 drv->operstate, 11926 scan_state_str(drv->scan_state), 11927 MAC2STR(drv->auth_bssid), 11928 MAC2STR(drv->auth_attempt_bssid), 11929 MAC2STR(drv->bssid), 11930 MAC2STR(drv->prev_bssid), 11931 drv->associated, 11932 drv->assoc_freq, 11933 drv->monitor_sock, 11934 drv->monitor_ifidx, 11935 drv->monitor_refcount, 11936 drv->last_mgmt_freq, 11937 drv->eapol_tx_sock, 11938 drv->ignore_if_down_event ? 11939 "ignore_if_down_event=1\n" : "", 11940 drv->scan_complete_events ? 11941 "scan_complete_events=1\n" : "", 11942 drv->disabled_11b_rates ? 11943 "disabled_11b_rates=1\n" : "", 11944 drv->pending_remain_on_chan ? 11945 "pending_remain_on_chan=1\n" : "", 11946 drv->in_interface_list ? "in_interface_list=1\n" : "", 11947 drv->device_ap_sme ? "device_ap_sme=1\n" : "", 11948 drv->poll_command_supported ? 11949 "poll_command_supported=1\n" : "", 11950 drv->data_tx_status ? "data_tx_status=1\n" : "", 11951 drv->scan_for_auth ? "scan_for_auth=1\n" : "", 11952 drv->retry_auth ? "retry_auth=1\n" : "", 11953 drv->use_monitor ? "use_monitor=1\n" : "", 11954 drv->ignore_next_local_disconnect ? 11955 "ignore_next_local_disconnect=1\n" : "", 11956 drv->ignore_next_local_deauth ? 11957 "ignore_next_local_deauth=1\n" : "", 11958 drv->allow_p2p_device ? "allow_p2p_device=1\n" : ""); 11959 if (res < 0 || res >= end - pos) 11960 return pos - buf; 11961 pos += res; 11962 11963 if (drv->has_capability) { 11964 res = os_snprintf(pos, end - pos, 11965 "capa.key_mgmt=0x%x\n" 11966 "capa.enc=0x%x\n" 11967 "capa.auth=0x%x\n" 11968 "capa.flags=0x%x\n" 11969 "capa.max_scan_ssids=%d\n" 11970 "capa.max_sched_scan_ssids=%d\n" 11971 "capa.sched_scan_supported=%d\n" 11972 "capa.max_match_sets=%d\n" 11973 "capa.max_remain_on_chan=%u\n" 11974 "capa.max_stations=%u\n" 11975 "capa.probe_resp_offloads=0x%x\n" 11976 "capa.max_acl_mac_addrs=%u\n" 11977 "capa.num_multichan_concurrent=%u\n", 11978 drv->capa.key_mgmt, 11979 drv->capa.enc, 11980 drv->capa.auth, 11981 drv->capa.flags, 11982 drv->capa.max_scan_ssids, 11983 drv->capa.max_sched_scan_ssids, 11984 drv->capa.sched_scan_supported, 11985 drv->capa.max_match_sets, 11986 drv->capa.max_remain_on_chan, 11987 drv->capa.max_stations, 11988 drv->capa.probe_resp_offloads, 11989 drv->capa.max_acl_mac_addrs, 11990 drv->capa.num_multichan_concurrent); 11991 if (res < 0 || res >= end - pos) 11992 return pos - buf; 11993 pos += res; 11994 } 11995 11996 return pos - buf; 11997} 11998 11999 12000static int set_beacon_data(struct nl_msg *msg, struct beacon_data *settings) 12001{ 12002 if (settings->head) 12003 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, 12004 settings->head_len, settings->head); 12005 12006 if (settings->tail) 12007 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, 12008 settings->tail_len, settings->tail); 12009 12010 if (settings->beacon_ies) 12011 NLA_PUT(msg, NL80211_ATTR_IE, 12012 settings->beacon_ies_len, settings->beacon_ies); 12013 12014 if (settings->proberesp_ies) 12015 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 12016 settings->proberesp_ies_len, settings->proberesp_ies); 12017 12018 if (settings->assocresp_ies) 12019 NLA_PUT(msg, 12020 NL80211_ATTR_IE_ASSOC_RESP, 12021 settings->assocresp_ies_len, settings->assocresp_ies); 12022 12023 if (settings->probe_resp) 12024 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, 12025 settings->probe_resp_len, settings->probe_resp); 12026 12027 return 0; 12028 12029nla_put_failure: 12030 return -ENOBUFS; 12031} 12032 12033 12034static int nl80211_switch_channel(void *priv, struct csa_settings *settings) 12035{ 12036 struct nl_msg *msg; 12037 struct i802_bss *bss = priv; 12038 struct wpa_driver_nl80211_data *drv = bss->drv; 12039 struct nlattr *beacon_csa; 12040 int ret = -ENOBUFS; 12041 12042 wpa_printf(MSG_DEBUG, "nl80211: Channel switch request (cs_count=%u block_tx=%u freq=%d width=%d cf1=%d cf2=%d)", 12043 settings->cs_count, settings->block_tx, 12044 settings->freq_params.freq, settings->freq_params.bandwidth, 12045 settings->freq_params.center_freq1, 12046 settings->freq_params.center_freq2); 12047 12048 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_AP_CSA)) { 12049 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support channel switch command"); 12050 return -EOPNOTSUPP; 12051 } 12052 12053 if ((drv->nlmode != NL80211_IFTYPE_AP) && 12054 (drv->nlmode != NL80211_IFTYPE_P2P_GO)) 12055 return -EOPNOTSUPP; 12056 12057 /* check settings validity */ 12058 if (!settings->beacon_csa.tail || 12059 ((settings->beacon_csa.tail_len <= 12060 settings->counter_offset_beacon) || 12061 (settings->beacon_csa.tail[settings->counter_offset_beacon] != 12062 settings->cs_count))) 12063 return -EINVAL; 12064 12065 if (settings->beacon_csa.probe_resp && 12066 ((settings->beacon_csa.probe_resp_len <= 12067 settings->counter_offset_presp) || 12068 (settings->beacon_csa.probe_resp[settings->counter_offset_presp] != 12069 settings->cs_count))) 12070 return -EINVAL; 12071 12072 msg = nlmsg_alloc(); 12073 if (!msg) 12074 return -ENOMEM; 12075 12076 nl80211_cmd(drv, msg, 0, NL80211_CMD_CHANNEL_SWITCH); 12077 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 12078 NLA_PUT_U32(msg, NL80211_ATTR_CH_SWITCH_COUNT, settings->cs_count); 12079 ret = nl80211_put_freq_params(msg, &settings->freq_params); 12080 if (ret) 12081 goto error; 12082 12083 if (settings->block_tx) 12084 NLA_PUT_FLAG(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX); 12085 12086 /* beacon_after params */ 12087 ret = set_beacon_data(msg, &settings->beacon_after); 12088 if (ret) 12089 goto error; 12090 12091 /* beacon_csa params */ 12092 beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES); 12093 if (!beacon_csa) 12094 goto nla_put_failure; 12095 12096 ret = set_beacon_data(msg, &settings->beacon_csa); 12097 if (ret) 12098 goto error; 12099 12100 NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_BEACON, 12101 settings->counter_offset_beacon); 12102 12103 if (settings->beacon_csa.probe_resp) 12104 NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_PRESP, 12105 settings->counter_offset_presp); 12106 12107 nla_nest_end(msg, beacon_csa); 12108 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 12109 if (ret) { 12110 wpa_printf(MSG_DEBUG, "nl80211: switch_channel failed err=%d (%s)", 12111 ret, strerror(-ret)); 12112 } 12113 return ret; 12114 12115nla_put_failure: 12116 ret = -ENOBUFS; 12117error: 12118 nlmsg_free(msg); 12119 wpa_printf(MSG_DEBUG, "nl80211: Could not build channel switch request"); 12120 return ret; 12121} 12122 12123 12124#ifdef CONFIG_TESTING_OPTIONS 12125static int cmd_reply_handler(struct nl_msg *msg, void *arg) 12126{ 12127 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 12128 struct wpabuf *buf = arg; 12129 12130 if (!buf) 12131 return NL_SKIP; 12132 12133 if ((size_t) genlmsg_attrlen(gnlh, 0) > wpabuf_tailroom(buf)) { 12134 wpa_printf(MSG_INFO, "nl80211: insufficient buffer space for reply"); 12135 return NL_SKIP; 12136 } 12137 12138 wpabuf_put_data(buf, genlmsg_attrdata(gnlh, 0), 12139 genlmsg_attrlen(gnlh, 0)); 12140 12141 return NL_SKIP; 12142} 12143#endif /* CONFIG_TESTING_OPTIONS */ 12144 12145 12146static int vendor_reply_handler(struct nl_msg *msg, void *arg) 12147{ 12148 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 12149 struct nlattr *nl_vendor_reply, *nl; 12150 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 12151 struct wpabuf *buf = arg; 12152 int rem; 12153 12154 if (!buf) 12155 return NL_SKIP; 12156 12157 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 12158 genlmsg_attrlen(gnlh, 0), NULL); 12159 nl_vendor_reply = tb[NL80211_ATTR_VENDOR_DATA]; 12160 12161 if (!nl_vendor_reply) 12162 return NL_SKIP; 12163 12164 if ((size_t) nla_len(nl_vendor_reply) > wpabuf_tailroom(buf)) { 12165 wpa_printf(MSG_INFO, "nl80211: Vendor command: insufficient buffer space for reply"); 12166 return NL_SKIP; 12167 } 12168 12169 nla_for_each_nested(nl, nl_vendor_reply, rem) { 12170 wpabuf_put_data(buf, nla_data(nl), nla_len(nl)); 12171 } 12172 12173 return NL_SKIP; 12174} 12175 12176 12177static int nl80211_vendor_cmd(void *priv, unsigned int vendor_id, 12178 unsigned int subcmd, const u8 *data, 12179 size_t data_len, struct wpabuf *buf) 12180{ 12181 struct i802_bss *bss = priv; 12182 struct wpa_driver_nl80211_data *drv = bss->drv; 12183 struct nl_msg *msg; 12184 int ret; 12185 12186 msg = nlmsg_alloc(); 12187 if (!msg) 12188 return -ENOMEM; 12189 12190#ifdef CONFIG_TESTING_OPTIONS 12191 if (vendor_id == 0xffffffff) { 12192 nl80211_cmd(drv, msg, 0, subcmd); 12193 if (nlmsg_append(msg, (void *) data, data_len, NLMSG_ALIGNTO) < 12194 0) 12195 goto nla_put_failure; 12196 ret = send_and_recv_msgs(drv, msg, cmd_reply_handler, buf); 12197 if (ret) 12198 wpa_printf(MSG_DEBUG, "nl80211: command failed err=%d", 12199 ret); 12200 return ret; 12201 } 12202#endif /* CONFIG_TESTING_OPTIONS */ 12203 12204 nl80211_cmd(drv, msg, 0, NL80211_CMD_VENDOR); 12205 if (nl80211_set_iface_id(msg, bss) < 0) 12206 goto nla_put_failure; 12207 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_ID, vendor_id); 12208 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_SUBCMD, subcmd); 12209 if (data) 12210 NLA_PUT(msg, NL80211_ATTR_VENDOR_DATA, data_len, data); 12211 12212 ret = send_and_recv_msgs(drv, msg, vendor_reply_handler, buf); 12213 if (ret) 12214 wpa_printf(MSG_DEBUG, "nl80211: vendor command failed err=%d", 12215 ret); 12216 return ret; 12217 12218nla_put_failure: 12219 nlmsg_free(msg); 12220 return -ENOBUFS; 12221} 12222 12223 12224static int nl80211_set_qos_map(void *priv, const u8 *qos_map_set, 12225 u8 qos_map_set_len) 12226{ 12227 struct i802_bss *bss = priv; 12228 struct wpa_driver_nl80211_data *drv = bss->drv; 12229 struct nl_msg *msg; 12230 int ret; 12231 12232 msg = nlmsg_alloc(); 12233 if (!msg) 12234 return -ENOMEM; 12235 12236 wpa_hexdump(MSG_DEBUG, "nl80211: Setting QoS Map", 12237 qos_map_set, qos_map_set_len); 12238 12239 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_QOS_MAP); 12240 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 12241 NLA_PUT(msg, NL80211_ATTR_QOS_MAP, qos_map_set_len, qos_map_set); 12242 12243 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 12244 if (ret) 12245 wpa_printf(MSG_DEBUG, "nl80211: Setting QoS Map failed"); 12246 12247 return ret; 12248 12249nla_put_failure: 12250 nlmsg_free(msg); 12251 return -ENOBUFS; 12252} 12253 12254 12255static int nl80211_set_wowlan(void *priv, 12256 const struct wowlan_triggers *triggers) 12257{ 12258 struct i802_bss *bss = priv; 12259 struct wpa_driver_nl80211_data *drv = bss->drv; 12260 struct nl_msg *msg; 12261 struct nlattr *wowlan_triggers; 12262 int ret; 12263 12264 msg = nlmsg_alloc(); 12265 if (!msg) 12266 return -ENOMEM; 12267 12268 wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan"); 12269 12270 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WOWLAN); 12271 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 12272 12273 wowlan_triggers = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 12274 if (!wowlan_triggers) 12275 goto nla_put_failure; 12276 12277 if (triggers->any) 12278 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY); 12279 if (triggers->disconnect) 12280 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT); 12281 if (triggers->magic_pkt) 12282 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT); 12283 if (triggers->gtk_rekey_failure) 12284 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE); 12285 if (triggers->eap_identity_req) 12286 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST); 12287 if (triggers->four_way_handshake) 12288 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE); 12289 if (triggers->rfkill_release) 12290 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE); 12291 12292 nla_nest_end(msg, wowlan_triggers); 12293 12294 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 12295 if (ret) 12296 wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan failed"); 12297 12298 return ret; 12299 12300nla_put_failure: 12301 nlmsg_free(msg); 12302 return -ENOBUFS; 12303} 12304 12305 12306const struct wpa_driver_ops wpa_driver_nl80211_ops = { 12307 .name = "nl80211", 12308 .desc = "Linux nl80211/cfg80211", 12309 .get_bssid = wpa_driver_nl80211_get_bssid, 12310 .get_ssid = wpa_driver_nl80211_get_ssid, 12311 .set_key = driver_nl80211_set_key, 12312 .scan2 = driver_nl80211_scan2, 12313 .sched_scan = wpa_driver_nl80211_sched_scan, 12314 .stop_sched_scan = wpa_driver_nl80211_stop_sched_scan, 12315 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 12316 .deauthenticate = driver_nl80211_deauthenticate, 12317 .authenticate = driver_nl80211_authenticate, 12318 .associate = wpa_driver_nl80211_associate, 12319 .global_init = nl80211_global_init, 12320 .global_deinit = nl80211_global_deinit, 12321 .init2 = wpa_driver_nl80211_init, 12322 .deinit = driver_nl80211_deinit, 12323 .get_capa = wpa_driver_nl80211_get_capa, 12324 .set_operstate = wpa_driver_nl80211_set_operstate, 12325 .set_supp_port = wpa_driver_nl80211_set_supp_port, 12326 .set_country = wpa_driver_nl80211_set_country, 12327 .get_country = wpa_driver_nl80211_get_country, 12328 .set_ap = wpa_driver_nl80211_set_ap, 12329 .set_acl = wpa_driver_nl80211_set_acl, 12330 .if_add = wpa_driver_nl80211_if_add, 12331 .if_remove = driver_nl80211_if_remove, 12332 .send_mlme = driver_nl80211_send_mlme, 12333 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 12334 .sta_add = wpa_driver_nl80211_sta_add, 12335 .sta_remove = driver_nl80211_sta_remove, 12336 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 12337 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 12338 .hapd_init = i802_init, 12339 .hapd_deinit = i802_deinit, 12340 .set_wds_sta = i802_set_wds_sta, 12341 .get_seqnum = i802_get_seqnum, 12342 .flush = i802_flush, 12343 .get_inact_sec = i802_get_inact_sec, 12344 .sta_clear_stats = i802_sta_clear_stats, 12345 .set_rts = i802_set_rts, 12346 .set_frag = i802_set_frag, 12347 .set_tx_queue_params = i802_set_tx_queue_params, 12348 .set_sta_vlan = driver_nl80211_set_sta_vlan, 12349 .sta_deauth = i802_sta_deauth, 12350 .sta_disassoc = i802_sta_disassoc, 12351 .read_sta_data = driver_nl80211_read_sta_data, 12352 .set_freq = i802_set_freq, 12353 .send_action = driver_nl80211_send_action, 12354 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait, 12355 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 12356 .cancel_remain_on_channel = 12357 wpa_driver_nl80211_cancel_remain_on_channel, 12358 .probe_req_report = driver_nl80211_probe_req_report, 12359 .deinit_ap = wpa_driver_nl80211_deinit_ap, 12360 .deinit_p2p_cli = wpa_driver_nl80211_deinit_p2p_cli, 12361 .resume = wpa_driver_nl80211_resume, 12362 .send_ft_action = nl80211_send_ft_action, 12363 .signal_monitor = nl80211_signal_monitor, 12364 .signal_poll = nl80211_signal_poll, 12365 .send_frame = nl80211_send_frame, 12366 .shared_freq = wpa_driver_nl80211_shared_freq, 12367 .set_param = nl80211_set_param, 12368 .get_radio_name = nl80211_get_radio_name, 12369 .add_pmkid = nl80211_add_pmkid, 12370 .remove_pmkid = nl80211_remove_pmkid, 12371 .flush_pmkid = nl80211_flush_pmkid, 12372 .set_rekey_info = nl80211_set_rekey_info, 12373 .poll_client = nl80211_poll_client, 12374 .set_p2p_powersave = nl80211_set_p2p_powersave, 12375 .start_dfs_cac = nl80211_start_radar_detection, 12376 .stop_ap = wpa_driver_nl80211_stop_ap, 12377#ifdef CONFIG_TDLS 12378 .send_tdls_mgmt = nl80211_send_tdls_mgmt, 12379 .tdls_oper = nl80211_tdls_oper, 12380#endif /* CONFIG_TDLS */ 12381 .update_ft_ies = wpa_driver_nl80211_update_ft_ies, 12382 .get_mac_addr = wpa_driver_nl80211_get_macaddr, 12383 .get_survey = wpa_driver_nl80211_get_survey, 12384 .status = wpa_driver_nl80211_status, 12385 .switch_channel = nl80211_switch_channel, 12386#ifdef ANDROID_P2P 12387 .set_noa = wpa_driver_set_p2p_noa, 12388 .get_noa = wpa_driver_get_p2p_noa, 12389 .set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie, 12390#endif /* ANDROID_P2P */ 12391#ifdef ANDROID 12392 .driver_cmd = wpa_driver_nl80211_driver_cmd, 12393#endif /* ANDROID */ 12394 .vendor_cmd = nl80211_vendor_cmd, 12395 .set_qos_map = nl80211_set_qos_map, 12396 .set_wowlan = nl80211_set_wowlan, 12397}; 12398