driver_nl80211.c revision 2e67f06149ff649fb6f8782bad041d3d9124685e
1/* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This software may be distributed under the terms of the BSD license. 10 * See README for more details. 11 */ 12 13#include "includes.h" 14#include <sys/ioctl.h> 15#include <sys/types.h> 16#include <sys/stat.h> 17#include <fcntl.h> 18#include <net/if.h> 19#include <netlink/genl/genl.h> 20#include <netlink/genl/family.h> 21#include <netlink/genl/ctrl.h> 22#include <linux/rtnetlink.h> 23#include <netpacket/packet.h> 24#include <linux/filter.h> 25#include <linux/errqueue.h> 26#include "nl80211_copy.h" 27 28#include "common.h" 29#include "eloop.h" 30#include "utils/list.h" 31#include "common/qca-vendor.h" 32#include "common/qca-vendor-attr.h" 33#include "common/ieee802_11_defs.h" 34#include "common/ieee802_11_common.h" 35#include "l2_packet/l2_packet.h" 36#include "netlink.h" 37#include "linux_ioctl.h" 38#include "radiotap.h" 39#include "radiotap_iter.h" 40#include "rfkill.h" 41#include "driver.h" 42 43#ifndef SO_WIFI_STATUS 44# if defined(__sparc__) 45# define SO_WIFI_STATUS 0x0025 46# elif defined(__parisc__) 47# define SO_WIFI_STATUS 0x4022 48# else 49# define SO_WIFI_STATUS 41 50# endif 51 52# define SCM_WIFI_STATUS SO_WIFI_STATUS 53#endif 54 55#ifndef SO_EE_ORIGIN_TXSTATUS 56#define SO_EE_ORIGIN_TXSTATUS 4 57#endif 58 59#ifndef PACKET_TX_TIMESTAMP 60#define PACKET_TX_TIMESTAMP 16 61#endif 62 63#ifdef ANDROID 64#include "android_drv.h" 65#endif /* ANDROID */ 66#ifdef CONFIG_LIBNL20 67/* libnl 2.0 compatibility code */ 68#define nl_handle nl_sock 69#define nl80211_handle_alloc nl_socket_alloc_cb 70#define nl80211_handle_destroy nl_socket_free 71#else 72/* 73 * libnl 1.1 has a bug, it tries to allocate socket numbers densely 74 * but when you free a socket again it will mess up its bitmap and 75 * and use the wrong number the next time it needs a socket ID. 76 * Therefore, we wrap the handle alloc/destroy and add our own pid 77 * accounting. 78 */ 79static uint32_t port_bitmap[32] = { 0 }; 80 81static struct nl_handle *nl80211_handle_alloc(void *cb) 82{ 83 struct nl_handle *handle; 84 uint32_t pid = getpid() & 0x3FFFFF; 85 int i; 86 87 handle = nl_handle_alloc_cb(cb); 88 89 for (i = 0; i < 1024; i++) { 90 if (port_bitmap[i / 32] & (1 << (i % 32))) 91 continue; 92 port_bitmap[i / 32] |= 1 << (i % 32); 93 pid += i << 22; 94 break; 95 } 96 97 nl_socket_set_local_port(handle, pid); 98 99 return handle; 100} 101 102static void nl80211_handle_destroy(struct nl_handle *handle) 103{ 104 uint32_t port = nl_socket_get_local_port(handle); 105 106 port >>= 22; 107 port_bitmap[port / 32] &= ~(1 << (port % 32)); 108 109 nl_handle_destroy(handle); 110} 111#endif /* CONFIG_LIBNL20 */ 112 113 114#ifdef ANDROID 115/* system/core/libnl_2 does not include nl_socket_set_nonblocking() */ 116static int android_nl_socket_set_nonblocking(struct nl_handle *handle) 117{ 118 return fcntl(nl_socket_get_fd(handle), F_SETFL, O_NONBLOCK); 119} 120#undef nl_socket_set_nonblocking 121#define nl_socket_set_nonblocking(h) android_nl_socket_set_nonblocking(h) 122#endif /* ANDROID */ 123 124 125static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg) 126{ 127 struct nl_handle *handle; 128 129 handle = nl80211_handle_alloc(cb); 130 if (handle == NULL) { 131 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 132 "callbacks (%s)", dbg); 133 return NULL; 134 } 135 136 if (genl_connect(handle)) { 137 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 138 "netlink (%s)", dbg); 139 nl80211_handle_destroy(handle); 140 return NULL; 141 } 142 143 return handle; 144} 145 146 147static void nl_destroy_handles(struct nl_handle **handle) 148{ 149 if (*handle == NULL) 150 return; 151 nl80211_handle_destroy(*handle); 152 *handle = NULL; 153} 154 155 156#if __WORDSIZE == 64 157#define ELOOP_SOCKET_INVALID (intptr_t) 0x8888888888888889ULL 158#else 159#define ELOOP_SOCKET_INVALID (intptr_t) 0x88888889ULL 160#endif 161 162static void nl80211_register_eloop_read(struct nl_handle **handle, 163 eloop_sock_handler handler, 164 void *eloop_data) 165{ 166 nl_socket_set_nonblocking(*handle); 167 eloop_register_read_sock(nl_socket_get_fd(*handle), handler, 168 eloop_data, *handle); 169 *handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID); 170} 171 172 173static void nl80211_destroy_eloop_handle(struct nl_handle **handle) 174{ 175 *handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID); 176 eloop_unregister_read_sock(nl_socket_get_fd(*handle)); 177 nl_destroy_handles(handle); 178} 179 180 181#ifndef IFF_LOWER_UP 182#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 183#endif 184#ifndef IFF_DORMANT 185#define IFF_DORMANT 0x20000 /* driver signals dormant */ 186#endif 187 188#ifndef IF_OPER_DORMANT 189#define IF_OPER_DORMANT 5 190#endif 191#ifndef IF_OPER_UP 192#define IF_OPER_UP 6 193#endif 194 195struct nl80211_global { 196 struct dl_list interfaces; 197 int if_add_ifindex; 198 u64 if_add_wdevid; 199 int if_add_wdevid_set; 200 struct netlink_data *netlink; 201 struct nl_cb *nl_cb; 202 struct nl_handle *nl; 203 int nl80211_id; 204 int ioctl_sock; /* socket for ioctl() use */ 205 206 struct nl_handle *nl_event; 207}; 208 209struct nl80211_wiphy_data { 210 struct dl_list list; 211 struct dl_list bsss; 212 struct dl_list drvs; 213 214 struct nl_handle *nl_beacons; 215 struct nl_cb *nl_cb; 216 217 int wiphy_idx; 218}; 219 220static void nl80211_global_deinit(void *priv); 221 222struct i802_bss { 223 struct wpa_driver_nl80211_data *drv; 224 struct i802_bss *next; 225 int ifindex; 226 u64 wdev_id; 227 char ifname[IFNAMSIZ + 1]; 228 char brname[IFNAMSIZ]; 229 unsigned int beacon_set:1; 230 unsigned int added_if_into_bridge:1; 231 unsigned int added_bridge:1; 232 unsigned int in_deinit:1; 233 unsigned int wdev_id_set:1; 234 unsigned int added_if:1; 235 236 u8 addr[ETH_ALEN]; 237 238 int freq; 239 int bandwidth; 240 int if_dynamic; 241 242 void *ctx; 243 struct nl_handle *nl_preq, *nl_mgmt; 244 struct nl_cb *nl_cb; 245 246 struct nl80211_wiphy_data *wiphy_data; 247 struct dl_list wiphy_list; 248}; 249 250struct wpa_driver_nl80211_data { 251 struct nl80211_global *global; 252 struct dl_list list; 253 struct dl_list wiphy_list; 254 char phyname[32]; 255 void *ctx; 256 int ifindex; 257 int if_removed; 258 int if_disabled; 259 int ignore_if_down_event; 260 struct rfkill_data *rfkill; 261 struct wpa_driver_capa capa; 262 u8 *extended_capa, *extended_capa_mask; 263 unsigned int extended_capa_len; 264 int has_capability; 265 266 int operstate; 267 268 int scan_complete_events; 269 enum scan_states { 270 NO_SCAN, SCAN_REQUESTED, SCAN_STARTED, SCAN_COMPLETED, 271 SCAN_ABORTED, SCHED_SCAN_STARTED, SCHED_SCAN_STOPPED, 272 SCHED_SCAN_RESULTS 273 } scan_state; 274 275 struct nl_cb *nl_cb; 276 277 u8 auth_bssid[ETH_ALEN]; 278 u8 auth_attempt_bssid[ETH_ALEN]; 279 u8 bssid[ETH_ALEN]; 280 u8 prev_bssid[ETH_ALEN]; 281 int associated; 282 u8 ssid[32]; 283 size_t ssid_len; 284 enum nl80211_iftype nlmode; 285 enum nl80211_iftype ap_scan_as_station; 286 unsigned int assoc_freq; 287 288 int monitor_sock; 289 int monitor_ifidx; 290 int monitor_refcount; 291 292 unsigned int disabled_11b_rates:1; 293 unsigned int pending_remain_on_chan:1; 294 unsigned int in_interface_list:1; 295 unsigned int device_ap_sme:1; 296 unsigned int poll_command_supported:1; 297 unsigned int data_tx_status:1; 298 unsigned int scan_for_auth:1; 299 unsigned int retry_auth:1; 300 unsigned int use_monitor:1; 301 unsigned int ignore_next_local_disconnect:1; 302 unsigned int ignore_next_local_deauth:1; 303 unsigned int allow_p2p_device:1; 304 unsigned int hostapd:1; 305 unsigned int start_mode_ap:1; 306 unsigned int start_iface_up:1; 307 unsigned int test_use_roc_tx:1; 308 unsigned int ignore_deauth_event:1; 309 unsigned int dfs_vendor_cmd_avail:1; 310 unsigned int have_low_prio_scan:1; 311 312 u64 remain_on_chan_cookie; 313 u64 send_action_cookie; 314 315 unsigned int last_mgmt_freq; 316 317 struct wpa_driver_scan_filter *filter_ssids; 318 size_t num_filter_ssids; 319 320 struct i802_bss *first_bss; 321 322 int eapol_tx_sock; 323 324 int eapol_sock; /* socket for EAPOL frames */ 325 326 int default_if_indices[16]; 327 int *if_indices; 328 int num_if_indices; 329 330 /* From failed authentication command */ 331 int auth_freq; 332 u8 auth_bssid_[ETH_ALEN]; 333 u8 auth_ssid[32]; 334 size_t auth_ssid_len; 335 int auth_alg; 336 u8 *auth_ie; 337 size_t auth_ie_len; 338 u8 auth_wep_key[4][16]; 339 size_t auth_wep_key_len[4]; 340 int auth_wep_tx_keyidx; 341 int auth_local_state_change; 342 int auth_p2p; 343}; 344 345 346static void wpa_driver_nl80211_deinit(struct i802_bss *bss); 347static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 348 void *timeout_ctx); 349static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 350 enum nl80211_iftype nlmode); 351static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss, int freq); 352 353static int 354wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv, 355 const u8 *set_addr, int first); 356static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 357 const u8 *addr, int cmd, u16 reason_code, 358 int local_state_change); 359static void nl80211_remove_monitor_interface( 360 struct wpa_driver_nl80211_data *drv); 361static int nl80211_send_frame_cmd(struct i802_bss *bss, 362 unsigned int freq, unsigned int wait, 363 const u8 *buf, size_t buf_len, u64 *cookie, 364 int no_cck, int no_ack, int offchanok); 365static int nl80211_register_frame(struct i802_bss *bss, 366 struct nl_handle *hl_handle, 367 u16 type, const u8 *match, size_t match_len); 368static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, 369 int report); 370#ifdef ANDROID 371static int android_pno_start(struct i802_bss *bss, 372 struct wpa_driver_scan_params *params); 373static int android_pno_stop(struct i802_bss *bss); 374extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf, 375 size_t buf_len); 376#endif /* ANDROID */ 377#ifdef ANDROID_P2P 378#ifdef ANDROID_P2P_STUB 379int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration) { 380 return 0; 381} 382int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len) { 383 return 0; 384} 385int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow) { 386 return -1; 387} 388int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon, 389 const struct wpabuf *proberesp, 390 const struct wpabuf *assocresp) { 391 return 0; 392} 393#else /* ANDROID_P2P_STUB */ 394int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration); 395int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len); 396int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow); 397int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon, 398 const struct wpabuf *proberesp, 399 const struct wpabuf *assocresp); 400#endif /* ANDROID_P2P_STUB */ 401#endif /* ANDROID_P2P */ 402 403static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 404static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 405static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 406static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, 407 enum wpa_driver_if_type type, 408 const char *ifname); 409 410static int nl80211_set_channel(struct i802_bss *bss, 411 struct hostapd_freq_params *freq, int set_chan); 412static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 413 int ifindex, int disabled); 414 415static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv); 416static int wpa_driver_nl80211_authenticate_retry( 417 struct wpa_driver_nl80211_data *drv); 418 419static int i802_set_freq(void *priv, struct hostapd_freq_params *freq); 420static int i802_set_iface_flags(struct i802_bss *bss, int up); 421 422 423static const char * nl80211_command_to_string(enum nl80211_commands cmd) 424{ 425#define C2S(x) case x: return #x; 426 switch (cmd) { 427 C2S(NL80211_CMD_UNSPEC) 428 C2S(NL80211_CMD_GET_WIPHY) 429 C2S(NL80211_CMD_SET_WIPHY) 430 C2S(NL80211_CMD_NEW_WIPHY) 431 C2S(NL80211_CMD_DEL_WIPHY) 432 C2S(NL80211_CMD_GET_INTERFACE) 433 C2S(NL80211_CMD_SET_INTERFACE) 434 C2S(NL80211_CMD_NEW_INTERFACE) 435 C2S(NL80211_CMD_DEL_INTERFACE) 436 C2S(NL80211_CMD_GET_KEY) 437 C2S(NL80211_CMD_SET_KEY) 438 C2S(NL80211_CMD_NEW_KEY) 439 C2S(NL80211_CMD_DEL_KEY) 440 C2S(NL80211_CMD_GET_BEACON) 441 C2S(NL80211_CMD_SET_BEACON) 442 C2S(NL80211_CMD_START_AP) 443 C2S(NL80211_CMD_STOP_AP) 444 C2S(NL80211_CMD_GET_STATION) 445 C2S(NL80211_CMD_SET_STATION) 446 C2S(NL80211_CMD_NEW_STATION) 447 C2S(NL80211_CMD_DEL_STATION) 448 C2S(NL80211_CMD_GET_MPATH) 449 C2S(NL80211_CMD_SET_MPATH) 450 C2S(NL80211_CMD_NEW_MPATH) 451 C2S(NL80211_CMD_DEL_MPATH) 452 C2S(NL80211_CMD_SET_BSS) 453 C2S(NL80211_CMD_SET_REG) 454 C2S(NL80211_CMD_REQ_SET_REG) 455 C2S(NL80211_CMD_GET_MESH_CONFIG) 456 C2S(NL80211_CMD_SET_MESH_CONFIG) 457 C2S(NL80211_CMD_SET_MGMT_EXTRA_IE) 458 C2S(NL80211_CMD_GET_REG) 459 C2S(NL80211_CMD_GET_SCAN) 460 C2S(NL80211_CMD_TRIGGER_SCAN) 461 C2S(NL80211_CMD_NEW_SCAN_RESULTS) 462 C2S(NL80211_CMD_SCAN_ABORTED) 463 C2S(NL80211_CMD_REG_CHANGE) 464 C2S(NL80211_CMD_AUTHENTICATE) 465 C2S(NL80211_CMD_ASSOCIATE) 466 C2S(NL80211_CMD_DEAUTHENTICATE) 467 C2S(NL80211_CMD_DISASSOCIATE) 468 C2S(NL80211_CMD_MICHAEL_MIC_FAILURE) 469 C2S(NL80211_CMD_REG_BEACON_HINT) 470 C2S(NL80211_CMD_JOIN_IBSS) 471 C2S(NL80211_CMD_LEAVE_IBSS) 472 C2S(NL80211_CMD_TESTMODE) 473 C2S(NL80211_CMD_CONNECT) 474 C2S(NL80211_CMD_ROAM) 475 C2S(NL80211_CMD_DISCONNECT) 476 C2S(NL80211_CMD_SET_WIPHY_NETNS) 477 C2S(NL80211_CMD_GET_SURVEY) 478 C2S(NL80211_CMD_NEW_SURVEY_RESULTS) 479 C2S(NL80211_CMD_SET_PMKSA) 480 C2S(NL80211_CMD_DEL_PMKSA) 481 C2S(NL80211_CMD_FLUSH_PMKSA) 482 C2S(NL80211_CMD_REMAIN_ON_CHANNEL) 483 C2S(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL) 484 C2S(NL80211_CMD_SET_TX_BITRATE_MASK) 485 C2S(NL80211_CMD_REGISTER_FRAME) 486 C2S(NL80211_CMD_FRAME) 487 C2S(NL80211_CMD_FRAME_TX_STATUS) 488 C2S(NL80211_CMD_SET_POWER_SAVE) 489 C2S(NL80211_CMD_GET_POWER_SAVE) 490 C2S(NL80211_CMD_SET_CQM) 491 C2S(NL80211_CMD_NOTIFY_CQM) 492 C2S(NL80211_CMD_SET_CHANNEL) 493 C2S(NL80211_CMD_SET_WDS_PEER) 494 C2S(NL80211_CMD_FRAME_WAIT_CANCEL) 495 C2S(NL80211_CMD_JOIN_MESH) 496 C2S(NL80211_CMD_LEAVE_MESH) 497 C2S(NL80211_CMD_UNPROT_DEAUTHENTICATE) 498 C2S(NL80211_CMD_UNPROT_DISASSOCIATE) 499 C2S(NL80211_CMD_NEW_PEER_CANDIDATE) 500 C2S(NL80211_CMD_GET_WOWLAN) 501 C2S(NL80211_CMD_SET_WOWLAN) 502 C2S(NL80211_CMD_START_SCHED_SCAN) 503 C2S(NL80211_CMD_STOP_SCHED_SCAN) 504 C2S(NL80211_CMD_SCHED_SCAN_RESULTS) 505 C2S(NL80211_CMD_SCHED_SCAN_STOPPED) 506 C2S(NL80211_CMD_SET_REKEY_OFFLOAD) 507 C2S(NL80211_CMD_PMKSA_CANDIDATE) 508 C2S(NL80211_CMD_TDLS_OPER) 509 C2S(NL80211_CMD_TDLS_MGMT) 510 C2S(NL80211_CMD_UNEXPECTED_FRAME) 511 C2S(NL80211_CMD_PROBE_CLIENT) 512 C2S(NL80211_CMD_REGISTER_BEACONS) 513 C2S(NL80211_CMD_UNEXPECTED_4ADDR_FRAME) 514 C2S(NL80211_CMD_SET_NOACK_MAP) 515 C2S(NL80211_CMD_CH_SWITCH_NOTIFY) 516 C2S(NL80211_CMD_START_P2P_DEVICE) 517 C2S(NL80211_CMD_STOP_P2P_DEVICE) 518 C2S(NL80211_CMD_CONN_FAILED) 519 C2S(NL80211_CMD_SET_MCAST_RATE) 520 C2S(NL80211_CMD_SET_MAC_ACL) 521 C2S(NL80211_CMD_RADAR_DETECT) 522 C2S(NL80211_CMD_GET_PROTOCOL_FEATURES) 523 C2S(NL80211_CMD_UPDATE_FT_IES) 524 C2S(NL80211_CMD_FT_EVENT) 525 C2S(NL80211_CMD_CRIT_PROTOCOL_START) 526 C2S(NL80211_CMD_CRIT_PROTOCOL_STOP) 527 C2S(NL80211_CMD_GET_COALESCE) 528 C2S(NL80211_CMD_SET_COALESCE) 529 C2S(NL80211_CMD_CHANNEL_SWITCH) 530 C2S(NL80211_CMD_VENDOR) 531 C2S(NL80211_CMD_SET_QOS_MAP) 532 default: 533 return "NL80211_CMD_UNKNOWN"; 534 } 535#undef C2S 536} 537 538 539/* Converts nl80211_chan_width to a common format */ 540static enum chan_width convert2width(int width) 541{ 542 switch (width) { 543 case NL80211_CHAN_WIDTH_20_NOHT: 544 return CHAN_WIDTH_20_NOHT; 545 case NL80211_CHAN_WIDTH_20: 546 return CHAN_WIDTH_20; 547 case NL80211_CHAN_WIDTH_40: 548 return CHAN_WIDTH_40; 549 case NL80211_CHAN_WIDTH_80: 550 return CHAN_WIDTH_80; 551 case NL80211_CHAN_WIDTH_80P80: 552 return CHAN_WIDTH_80P80; 553 case NL80211_CHAN_WIDTH_160: 554 return CHAN_WIDTH_160; 555 } 556 return CHAN_WIDTH_UNKNOWN; 557} 558 559 560static int is_ap_interface(enum nl80211_iftype nlmode) 561{ 562 return nlmode == NL80211_IFTYPE_AP || 563 nlmode == NL80211_IFTYPE_P2P_GO; 564} 565 566 567static int is_sta_interface(enum nl80211_iftype nlmode) 568{ 569 return nlmode == NL80211_IFTYPE_STATION || 570 nlmode == NL80211_IFTYPE_P2P_CLIENT; 571} 572 573 574static int is_p2p_net_interface(enum nl80211_iftype nlmode) 575{ 576 return nlmode == NL80211_IFTYPE_P2P_CLIENT || 577 nlmode == NL80211_IFTYPE_P2P_GO; 578} 579 580 581static void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv) 582{ 583 if (drv->associated) 584 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 585 drv->associated = 0; 586 os_memset(drv->bssid, 0, ETH_ALEN); 587} 588 589 590struct nl80211_bss_info_arg { 591 struct wpa_driver_nl80211_data *drv; 592 struct wpa_scan_results *res; 593 unsigned int assoc_freq; 594 unsigned int ibss_freq; 595 u8 assoc_bssid[ETH_ALEN]; 596}; 597 598static int bss_info_handler(struct nl_msg *msg, void *arg); 599 600 601/* nl80211 code */ 602static int ack_handler(struct nl_msg *msg, void *arg) 603{ 604 int *err = arg; 605 *err = 0; 606 return NL_STOP; 607} 608 609static int finish_handler(struct nl_msg *msg, void *arg) 610{ 611 int *ret = arg; 612 *ret = 0; 613 return NL_SKIP; 614} 615 616static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 617 void *arg) 618{ 619 int *ret = arg; 620 *ret = err->error; 621 return NL_SKIP; 622} 623 624 625static int no_seq_check(struct nl_msg *msg, void *arg) 626{ 627 return NL_OK; 628} 629 630 631static int send_and_recv(struct nl80211_global *global, 632 struct nl_handle *nl_handle, struct nl_msg *msg, 633 int (*valid_handler)(struct nl_msg *, void *), 634 void *valid_data) 635{ 636 struct nl_cb *cb; 637 int err = -ENOMEM; 638 639 cb = nl_cb_clone(global->nl_cb); 640 if (!cb) 641 goto out; 642 643 err = nl_send_auto_complete(nl_handle, msg); 644 if (err < 0) 645 goto out; 646 647 err = 1; 648 649 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 650 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 651 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 652 653 if (valid_handler) 654 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 655 valid_handler, valid_data); 656 657 while (err > 0) { 658 int res = nl_recvmsgs(nl_handle, cb); 659 if (res < 0) { 660 wpa_printf(MSG_INFO, 661 "nl80211: %s->nl_recvmsgs failed: %d", 662 __func__, res); 663 } 664 } 665 out: 666 nl_cb_put(cb); 667 nlmsg_free(msg); 668 return err; 669} 670 671 672static int send_and_recv_msgs_global(struct nl80211_global *global, 673 struct nl_msg *msg, 674 int (*valid_handler)(struct nl_msg *, void *), 675 void *valid_data) 676{ 677 return send_and_recv(global, global->nl, msg, valid_handler, 678 valid_data); 679} 680 681 682static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 683 struct nl_msg *msg, 684 int (*valid_handler)(struct nl_msg *, void *), 685 void *valid_data) 686{ 687 return send_and_recv(drv->global, drv->global->nl, msg, 688 valid_handler, valid_data); 689} 690 691 692struct family_data { 693 const char *group; 694 int id; 695}; 696 697 698static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss) 699{ 700 if (bss->wdev_id_set) 701 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 702 else 703 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 704 return 0; 705 706nla_put_failure: 707 return -1; 708} 709 710 711static int family_handler(struct nl_msg *msg, void *arg) 712{ 713 struct family_data *res = arg; 714 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 715 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 716 struct nlattr *mcgrp; 717 int i; 718 719 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 720 genlmsg_attrlen(gnlh, 0), NULL); 721 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 722 return NL_SKIP; 723 724 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 725 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 726 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 727 nla_len(mcgrp), NULL); 728 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 729 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 730 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 731 res->group, 732 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 733 continue; 734 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 735 break; 736 }; 737 738 return NL_SKIP; 739} 740 741 742static int nl_get_multicast_id(struct nl80211_global *global, 743 const char *family, const char *group) 744{ 745 struct nl_msg *msg; 746 int ret = -1; 747 struct family_data res = { group, -ENOENT }; 748 749 msg = nlmsg_alloc(); 750 if (!msg) 751 return -ENOMEM; 752 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"), 753 0, 0, CTRL_CMD_GETFAMILY, 0); 754 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 755 756 ret = send_and_recv_msgs_global(global, msg, family_handler, &res); 757 msg = NULL; 758 if (ret == 0) 759 ret = res.id; 760 761nla_put_failure: 762 nlmsg_free(msg); 763 return ret; 764} 765 766 767static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv, 768 struct nl_msg *msg, int flags, uint8_t cmd) 769{ 770 return genlmsg_put(msg, 0, 0, drv->global->nl80211_id, 771 0, flags, cmd, 0); 772} 773 774 775struct wiphy_idx_data { 776 int wiphy_idx; 777 enum nl80211_iftype nlmode; 778 u8 *macaddr; 779}; 780 781 782static int netdev_info_handler(struct nl_msg *msg, void *arg) 783{ 784 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 785 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 786 struct wiphy_idx_data *info = arg; 787 788 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 789 genlmsg_attrlen(gnlh, 0), NULL); 790 791 if (tb[NL80211_ATTR_WIPHY]) 792 info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 793 794 if (tb[NL80211_ATTR_IFTYPE]) 795 info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]); 796 797 if (tb[NL80211_ATTR_MAC] && info->macaddr) 798 os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]), 799 ETH_ALEN); 800 801 return NL_SKIP; 802} 803 804 805static int nl80211_get_wiphy_index(struct i802_bss *bss) 806{ 807 struct nl_msg *msg; 808 struct wiphy_idx_data data = { 809 .wiphy_idx = -1, 810 .macaddr = NULL, 811 }; 812 813 msg = nlmsg_alloc(); 814 if (!msg) 815 return NL80211_IFTYPE_UNSPECIFIED; 816 817 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 818 819 if (nl80211_set_iface_id(msg, bss) < 0) 820 goto nla_put_failure; 821 822 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 823 return data.wiphy_idx; 824 msg = NULL; 825nla_put_failure: 826 nlmsg_free(msg); 827 return -1; 828} 829 830 831static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss) 832{ 833 struct nl_msg *msg; 834 struct wiphy_idx_data data = { 835 .nlmode = NL80211_IFTYPE_UNSPECIFIED, 836 .macaddr = NULL, 837 }; 838 839 msg = nlmsg_alloc(); 840 if (!msg) 841 return -1; 842 843 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 844 845 if (nl80211_set_iface_id(msg, bss) < 0) 846 goto nla_put_failure; 847 848 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 849 return data.nlmode; 850 msg = NULL; 851nla_put_failure: 852 nlmsg_free(msg); 853 return NL80211_IFTYPE_UNSPECIFIED; 854} 855 856 857static int nl80211_get_macaddr(struct i802_bss *bss) 858{ 859 struct nl_msg *msg; 860 struct wiphy_idx_data data = { 861 .macaddr = bss->addr, 862 }; 863 864 msg = nlmsg_alloc(); 865 if (!msg) 866 return NL80211_IFTYPE_UNSPECIFIED; 867 868 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 869 if (nl80211_set_iface_id(msg, bss) < 0) 870 goto nla_put_failure; 871 872 return send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data); 873 874nla_put_failure: 875 nlmsg_free(msg); 876 return NL80211_IFTYPE_UNSPECIFIED; 877} 878 879 880static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv, 881 struct nl80211_wiphy_data *w) 882{ 883 struct nl_msg *msg; 884 int ret = -1; 885 886 msg = nlmsg_alloc(); 887 if (!msg) 888 return -1; 889 890 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS); 891 892 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx); 893 894 ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL); 895 msg = NULL; 896 if (ret) { 897 wpa_printf(MSG_DEBUG, "nl80211: Register beacons command " 898 "failed: ret=%d (%s)", 899 ret, strerror(-ret)); 900 goto nla_put_failure; 901 } 902 ret = 0; 903nla_put_failure: 904 nlmsg_free(msg); 905 return ret; 906} 907 908 909static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle) 910{ 911 struct nl80211_wiphy_data *w = eloop_ctx; 912 int res; 913 914 wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available"); 915 916 res = nl_recvmsgs(handle, w->nl_cb); 917 if (res < 0) { 918 wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d", 919 __func__, res); 920 } 921} 922 923 924static int process_beacon_event(struct nl_msg *msg, void *arg) 925{ 926 struct nl80211_wiphy_data *w = arg; 927 struct wpa_driver_nl80211_data *drv; 928 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 929 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 930 union wpa_event_data event; 931 932 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 933 genlmsg_attrlen(gnlh, 0), NULL); 934 935 if (gnlh->cmd != NL80211_CMD_FRAME) { 936 wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)", 937 gnlh->cmd); 938 return NL_SKIP; 939 } 940 941 if (!tb[NL80211_ATTR_FRAME]) 942 return NL_SKIP; 943 944 dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data, 945 wiphy_list) { 946 os_memset(&event, 0, sizeof(event)); 947 event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]); 948 event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]); 949 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 950 } 951 952 return NL_SKIP; 953} 954 955 956static struct nl80211_wiphy_data * 957nl80211_get_wiphy_data_ap(struct i802_bss *bss) 958{ 959 static DEFINE_DL_LIST(nl80211_wiphys); 960 struct nl80211_wiphy_data *w; 961 int wiphy_idx, found = 0; 962 struct i802_bss *tmp_bss; 963 964 if (bss->wiphy_data != NULL) 965 return bss->wiphy_data; 966 967 wiphy_idx = nl80211_get_wiphy_index(bss); 968 969 dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) { 970 if (w->wiphy_idx == wiphy_idx) 971 goto add; 972 } 973 974 /* alloc new one */ 975 w = os_zalloc(sizeof(*w)); 976 if (w == NULL) 977 return NULL; 978 w->wiphy_idx = wiphy_idx; 979 dl_list_init(&w->bsss); 980 dl_list_init(&w->drvs); 981 982 w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 983 if (!w->nl_cb) { 984 os_free(w); 985 return NULL; 986 } 987 nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 988 nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event, 989 w); 990 991 w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb, 992 "wiphy beacons"); 993 if (w->nl_beacons == NULL) { 994 os_free(w); 995 return NULL; 996 } 997 998 if (nl80211_register_beacons(bss->drv, w)) { 999 nl_destroy_handles(&w->nl_beacons); 1000 os_free(w); 1001 return NULL; 1002 } 1003 1004 nl80211_register_eloop_read(&w->nl_beacons, nl80211_recv_beacons, w); 1005 1006 dl_list_add(&nl80211_wiphys, &w->list); 1007 1008add: 1009 /* drv entry for this bss already there? */ 1010 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 1011 if (tmp_bss->drv == bss->drv) { 1012 found = 1; 1013 break; 1014 } 1015 } 1016 /* if not add it */ 1017 if (!found) 1018 dl_list_add(&w->drvs, &bss->drv->wiphy_list); 1019 1020 dl_list_add(&w->bsss, &bss->wiphy_list); 1021 bss->wiphy_data = w; 1022 return w; 1023} 1024 1025 1026static void nl80211_put_wiphy_data_ap(struct i802_bss *bss) 1027{ 1028 struct nl80211_wiphy_data *w = bss->wiphy_data; 1029 struct i802_bss *tmp_bss; 1030 int found = 0; 1031 1032 if (w == NULL) 1033 return; 1034 bss->wiphy_data = NULL; 1035 dl_list_del(&bss->wiphy_list); 1036 1037 /* still any for this drv present? */ 1038 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 1039 if (tmp_bss->drv == bss->drv) { 1040 found = 1; 1041 break; 1042 } 1043 } 1044 /* if not remove it */ 1045 if (!found) 1046 dl_list_del(&bss->drv->wiphy_list); 1047 1048 if (!dl_list_empty(&w->bsss)) 1049 return; 1050 1051 nl80211_destroy_eloop_handle(&w->nl_beacons); 1052 1053 nl_cb_put(w->nl_cb); 1054 dl_list_del(&w->list); 1055 os_free(w); 1056} 1057 1058 1059static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 1060{ 1061 struct i802_bss *bss = priv; 1062 struct wpa_driver_nl80211_data *drv = bss->drv; 1063 if (!drv->associated) 1064 return -1; 1065 os_memcpy(bssid, drv->bssid, ETH_ALEN); 1066 return 0; 1067} 1068 1069 1070static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 1071{ 1072 struct i802_bss *bss = priv; 1073 struct wpa_driver_nl80211_data *drv = bss->drv; 1074 if (!drv->associated) 1075 return -1; 1076 os_memcpy(ssid, drv->ssid, drv->ssid_len); 1077 return drv->ssid_len; 1078} 1079 1080 1081static void wpa_driver_nl80211_event_newlink( 1082 struct wpa_driver_nl80211_data *drv, char *ifname) 1083{ 1084 union wpa_event_data event; 1085 1086 if (os_strcmp(drv->first_bss->ifname, ifname) == 0) { 1087 if (if_nametoindex(drv->first_bss->ifname) == 0) { 1088 wpa_printf(MSG_DEBUG, "nl80211: Interface %s does not exist - ignore RTM_NEWLINK", 1089 drv->first_bss->ifname); 1090 return; 1091 } 1092 if (!drv->if_removed) 1093 return; 1094 wpa_printf(MSG_DEBUG, "nl80211: Mark if_removed=0 for %s based on RTM_NEWLINK event", 1095 drv->first_bss->ifname); 1096 drv->if_removed = 0; 1097 } 1098 1099 os_memset(&event, 0, sizeof(event)); 1100 os_strlcpy(event.interface_status.ifname, ifname, 1101 sizeof(event.interface_status.ifname)); 1102 event.interface_status.ievent = EVENT_INTERFACE_ADDED; 1103 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 1104} 1105 1106 1107static void wpa_driver_nl80211_event_dellink( 1108 struct wpa_driver_nl80211_data *drv, char *ifname) 1109{ 1110 union wpa_event_data event; 1111 1112 if (os_strcmp(drv->first_bss->ifname, ifname) == 0) { 1113 if (drv->if_removed) { 1114 wpa_printf(MSG_DEBUG, "nl80211: if_removed already set - ignore RTM_DELLINK event for %s", 1115 ifname); 1116 return; 1117 } 1118 wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed - mark if_removed=1", 1119 ifname); 1120 drv->if_removed = 1; 1121 } else { 1122 wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed", 1123 ifname); 1124 } 1125 1126 os_memset(&event, 0, sizeof(event)); 1127 os_strlcpy(event.interface_status.ifname, ifname, 1128 sizeof(event.interface_status.ifname)); 1129 event.interface_status.ievent = EVENT_INTERFACE_REMOVED; 1130 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 1131} 1132 1133 1134static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 1135 u8 *buf, size_t len) 1136{ 1137 int attrlen, rta_len; 1138 struct rtattr *attr; 1139 1140 attrlen = len; 1141 attr = (struct rtattr *) buf; 1142 1143 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 1144 while (RTA_OK(attr, attrlen)) { 1145 if (attr->rta_type == IFLA_IFNAME) { 1146 if (os_strcmp(((char *) attr) + rta_len, 1147 drv->first_bss->ifname) == 0) 1148 return 1; 1149 else 1150 break; 1151 } 1152 attr = RTA_NEXT(attr, attrlen); 1153 } 1154 1155 return 0; 1156} 1157 1158 1159static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 1160 int ifindex, u8 *buf, size_t len) 1161{ 1162 if (drv->ifindex == ifindex) 1163 return 1; 1164 1165 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 1166 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 1167 "interface"); 1168 wpa_driver_nl80211_finish_drv_init(drv, NULL, 0); 1169 return 1; 1170 } 1171 1172 return 0; 1173} 1174 1175 1176static struct wpa_driver_nl80211_data * 1177nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len) 1178{ 1179 struct wpa_driver_nl80211_data *drv; 1180 dl_list_for_each(drv, &global->interfaces, 1181 struct wpa_driver_nl80211_data, list) { 1182 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) || 1183 have_ifidx(drv, idx)) 1184 return drv; 1185 } 1186 return NULL; 1187} 1188 1189 1190static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 1191 struct ifinfomsg *ifi, 1192 u8 *buf, size_t len) 1193{ 1194 struct nl80211_global *global = ctx; 1195 struct wpa_driver_nl80211_data *drv; 1196 int attrlen; 1197 struct rtattr *attr; 1198 u32 brid = 0; 1199 char namebuf[IFNAMSIZ]; 1200 char ifname[IFNAMSIZ + 1]; 1201 char extra[100], *pos, *end; 1202 1203 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 1204 if (!drv) { 1205 wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_NEWLINK event for foreign ifindex %d", 1206 ifi->ifi_index); 1207 return; 1208 } 1209 1210 extra[0] = '\0'; 1211 pos = extra; 1212 end = pos + sizeof(extra); 1213 ifname[0] = '\0'; 1214 1215 attrlen = len; 1216 attr = (struct rtattr *) buf; 1217 while (RTA_OK(attr, attrlen)) { 1218 switch (attr->rta_type) { 1219 case IFLA_IFNAME: 1220 if (RTA_PAYLOAD(attr) >= IFNAMSIZ) 1221 break; 1222 os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); 1223 ifname[RTA_PAYLOAD(attr)] = '\0'; 1224 break; 1225 case IFLA_MASTER: 1226 brid = nla_get_u32((struct nlattr *) attr); 1227 pos += os_snprintf(pos, end - pos, " master=%u", brid); 1228 break; 1229 case IFLA_WIRELESS: 1230 pos += os_snprintf(pos, end - pos, " wext"); 1231 break; 1232 case IFLA_OPERSTATE: 1233 pos += os_snprintf(pos, end - pos, " operstate=%u", 1234 nla_get_u32((struct nlattr *) attr)); 1235 break; 1236 case IFLA_LINKMODE: 1237 pos += os_snprintf(pos, end - pos, " linkmode=%u", 1238 nla_get_u32((struct nlattr *) attr)); 1239 break; 1240 } 1241 attr = RTA_NEXT(attr, attrlen); 1242 } 1243 extra[sizeof(extra) - 1] = '\0'; 1244 1245 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: ifi_index=%d ifname=%s%s ifi_flags=0x%x (%s%s%s%s)", 1246 ifi->ifi_index, ifname, extra, ifi->ifi_flags, 1247 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 1248 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 1249 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 1250 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 1251 1252 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 1253 if (if_indextoname(ifi->ifi_index, namebuf) && 1254 linux_iface_up(drv->global->ioctl_sock, 1255 drv->first_bss->ifname) > 0) { 1256 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 1257 "event since interface %s is up", namebuf); 1258 return; 1259 } 1260 wpa_printf(MSG_DEBUG, "nl80211: Interface down"); 1261 if (drv->ignore_if_down_event) { 1262 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 1263 "event generated by mode change"); 1264 drv->ignore_if_down_event = 0; 1265 } else { 1266 drv->if_disabled = 1; 1267 wpa_supplicant_event(drv->ctx, 1268 EVENT_INTERFACE_DISABLED, NULL); 1269 1270 /* 1271 * Try to get drv again, since it may be removed as 1272 * part of the EVENT_INTERFACE_DISABLED handling for 1273 * dynamic interfaces 1274 */ 1275 drv = nl80211_find_drv(global, ifi->ifi_index, 1276 buf, len); 1277 if (!drv) 1278 return; 1279 } 1280 } 1281 1282 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 1283 if (if_indextoname(ifi->ifi_index, namebuf) && 1284 linux_iface_up(drv->global->ioctl_sock, 1285 drv->first_bss->ifname) == 0) { 1286 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1287 "event since interface %s is down", 1288 namebuf); 1289 } else if (if_nametoindex(drv->first_bss->ifname) == 0) { 1290 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1291 "event since interface %s does not exist", 1292 drv->first_bss->ifname); 1293 } else if (drv->if_removed) { 1294 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1295 "event since interface %s is marked " 1296 "removed", drv->first_bss->ifname); 1297 } else { 1298 wpa_printf(MSG_DEBUG, "nl80211: Interface up"); 1299 drv->if_disabled = 0; 1300 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, 1301 NULL); 1302 } 1303 } 1304 1305 /* 1306 * Some drivers send the association event before the operup event--in 1307 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 1308 * fails. This will hit us when wpa_supplicant does not need to do 1309 * IEEE 802.1X authentication 1310 */ 1311 if (drv->operstate == 1 && 1312 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 1313 !(ifi->ifi_flags & IFF_RUNNING)) { 1314 wpa_printf(MSG_DEBUG, "nl80211: Set IF_OPER_UP again based on ifi_flags and expected operstate"); 1315 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 1316 -1, IF_OPER_UP); 1317 } 1318 1319 if (ifname[0]) 1320 wpa_driver_nl80211_event_newlink(drv, ifname); 1321 1322 if (ifi->ifi_family == AF_BRIDGE && brid) { 1323 /* device has been added to bridge */ 1324 if_indextoname(brid, namebuf); 1325 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 1326 brid, namebuf); 1327 add_ifidx(drv, brid); 1328 } 1329} 1330 1331 1332static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 1333 struct ifinfomsg *ifi, 1334 u8 *buf, size_t len) 1335{ 1336 struct nl80211_global *global = ctx; 1337 struct wpa_driver_nl80211_data *drv; 1338 int attrlen; 1339 struct rtattr *attr; 1340 u32 brid = 0; 1341 char ifname[IFNAMSIZ + 1]; 1342 1343 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 1344 if (!drv) { 1345 wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_DELLINK event for foreign ifindex %d", 1346 ifi->ifi_index); 1347 return; 1348 } 1349 1350 ifname[0] = '\0'; 1351 1352 attrlen = len; 1353 attr = (struct rtattr *) buf; 1354 while (RTA_OK(attr, attrlen)) { 1355 switch (attr->rta_type) { 1356 case IFLA_IFNAME: 1357 if (RTA_PAYLOAD(attr) >= IFNAMSIZ) 1358 break; 1359 os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); 1360 ifname[RTA_PAYLOAD(attr)] = '\0'; 1361 break; 1362 case IFLA_MASTER: 1363 brid = nla_get_u32((struct nlattr *) attr); 1364 break; 1365 } 1366 attr = RTA_NEXT(attr, attrlen); 1367 } 1368 1369 if (ifname[0]) 1370 wpa_driver_nl80211_event_dellink(drv, ifname); 1371 1372 if (ifi->ifi_family == AF_BRIDGE && brid) { 1373 /* device has been removed from bridge */ 1374 char namebuf[IFNAMSIZ]; 1375 if_indextoname(brid, namebuf); 1376 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 1377 "%s", brid, namebuf); 1378 del_ifidx(drv, brid); 1379 } 1380} 1381 1382 1383static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 1384 const u8 *frame, size_t len) 1385{ 1386 const struct ieee80211_mgmt *mgmt; 1387 union wpa_event_data event; 1388 1389 wpa_printf(MSG_DEBUG, "nl80211: Authenticate event"); 1390 mgmt = (const struct ieee80211_mgmt *) frame; 1391 if (len < 24 + sizeof(mgmt->u.auth)) { 1392 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1393 "frame"); 1394 return; 1395 } 1396 1397 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 1398 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 1399 os_memset(&event, 0, sizeof(event)); 1400 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 1401 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 1402 event.auth.auth_transaction = 1403 le_to_host16(mgmt->u.auth.auth_transaction); 1404 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 1405 if (len > 24 + sizeof(mgmt->u.auth)) { 1406 event.auth.ies = mgmt->u.auth.variable; 1407 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 1408 } 1409 1410 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 1411} 1412 1413 1414static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv) 1415{ 1416 struct nl_msg *msg; 1417 int ret; 1418 struct nl80211_bss_info_arg arg; 1419 1420 os_memset(&arg, 0, sizeof(arg)); 1421 msg = nlmsg_alloc(); 1422 if (!msg) 1423 goto nla_put_failure; 1424 1425 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 1426 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1427 1428 arg.drv = drv; 1429 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 1430 msg = NULL; 1431 if (ret == 0) { 1432 unsigned int freq = drv->nlmode == NL80211_IFTYPE_ADHOC ? 1433 arg.ibss_freq : arg.assoc_freq; 1434 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the " 1435 "associated BSS from scan results: %u MHz", freq); 1436 if (freq) 1437 drv->assoc_freq = freq; 1438 return drv->assoc_freq; 1439 } 1440 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 1441 "(%s)", ret, strerror(-ret)); 1442nla_put_failure: 1443 nlmsg_free(msg); 1444 return drv->assoc_freq; 1445} 1446 1447 1448static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 1449 const u8 *frame, size_t len) 1450{ 1451 const struct ieee80211_mgmt *mgmt; 1452 union wpa_event_data event; 1453 u16 status; 1454 1455 wpa_printf(MSG_DEBUG, "nl80211: Associate event"); 1456 mgmt = (const struct ieee80211_mgmt *) frame; 1457 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 1458 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1459 "frame"); 1460 return; 1461 } 1462 1463 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1464 if (status != WLAN_STATUS_SUCCESS) { 1465 os_memset(&event, 0, sizeof(event)); 1466 event.assoc_reject.bssid = mgmt->bssid; 1467 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1468 event.assoc_reject.resp_ies = 1469 (u8 *) mgmt->u.assoc_resp.variable; 1470 event.assoc_reject.resp_ies_len = 1471 len - 24 - sizeof(mgmt->u.assoc_resp); 1472 } 1473 event.assoc_reject.status_code = status; 1474 1475 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1476 return; 1477 } 1478 1479 drv->associated = 1; 1480 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 1481 os_memcpy(drv->prev_bssid, mgmt->sa, ETH_ALEN); 1482 1483 os_memset(&event, 0, sizeof(event)); 1484 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1485 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 1486 event.assoc_info.resp_ies_len = 1487 len - 24 - sizeof(mgmt->u.assoc_resp); 1488 } 1489 1490 event.assoc_info.freq = drv->assoc_freq; 1491 1492 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1493} 1494 1495 1496static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 1497 enum nl80211_commands cmd, struct nlattr *status, 1498 struct nlattr *addr, struct nlattr *req_ie, 1499 struct nlattr *resp_ie) 1500{ 1501 union wpa_event_data event; 1502 1503 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1504 /* 1505 * Avoid reporting two association events that would confuse 1506 * the core code. 1507 */ 1508 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 1509 "when using userspace SME", cmd); 1510 return; 1511 } 1512 1513 if (cmd == NL80211_CMD_CONNECT) 1514 wpa_printf(MSG_DEBUG, "nl80211: Connect event"); 1515 else if (cmd == NL80211_CMD_ROAM) 1516 wpa_printf(MSG_DEBUG, "nl80211: Roam event"); 1517 1518 os_memset(&event, 0, sizeof(event)); 1519 if (cmd == NL80211_CMD_CONNECT && 1520 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 1521 if (addr) 1522 event.assoc_reject.bssid = nla_data(addr); 1523 if (resp_ie) { 1524 event.assoc_reject.resp_ies = nla_data(resp_ie); 1525 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 1526 } 1527 event.assoc_reject.status_code = nla_get_u16(status); 1528 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1529 return; 1530 } 1531 1532 drv->associated = 1; 1533 if (addr) { 1534 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 1535 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 1536 } 1537 1538 if (req_ie) { 1539 event.assoc_info.req_ies = nla_data(req_ie); 1540 event.assoc_info.req_ies_len = nla_len(req_ie); 1541 } 1542 if (resp_ie) { 1543 event.assoc_info.resp_ies = nla_data(resp_ie); 1544 event.assoc_info.resp_ies_len = nla_len(resp_ie); 1545 } 1546 1547 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 1548 1549 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1550} 1551 1552 1553static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv, 1554 struct nlattr *reason, struct nlattr *addr, 1555 struct nlattr *by_ap) 1556{ 1557 union wpa_event_data data; 1558 unsigned int locally_generated = by_ap == NULL; 1559 1560 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1561 /* 1562 * Avoid reporting two disassociation events that could 1563 * confuse the core code. 1564 */ 1565 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1566 "event when using userspace SME"); 1567 return; 1568 } 1569 1570 if (drv->ignore_next_local_disconnect) { 1571 drv->ignore_next_local_disconnect = 0; 1572 if (locally_generated) { 1573 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1574 "event triggered during reassociation"); 1575 return; 1576 } 1577 wpa_printf(MSG_WARNING, "nl80211: Was expecting local " 1578 "disconnect but got another disconnect " 1579 "event first"); 1580 } 1581 1582 wpa_printf(MSG_DEBUG, "nl80211: Disconnect event"); 1583 nl80211_mark_disconnected(drv); 1584 os_memset(&data, 0, sizeof(data)); 1585 if (reason) 1586 data.deauth_info.reason_code = nla_get_u16(reason); 1587 data.deauth_info.locally_generated = by_ap == NULL; 1588 wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, &data); 1589} 1590 1591 1592static int calculate_chan_offset(int width, int freq, int cf1, int cf2) 1593{ 1594 int freq1 = 0; 1595 1596 switch (convert2width(width)) { 1597 case CHAN_WIDTH_20_NOHT: 1598 case CHAN_WIDTH_20: 1599 return 0; 1600 case CHAN_WIDTH_40: 1601 freq1 = cf1 - 10; 1602 break; 1603 case CHAN_WIDTH_80: 1604 freq1 = cf1 - 30; 1605 break; 1606 case CHAN_WIDTH_160: 1607 freq1 = cf1 - 70; 1608 break; 1609 case CHAN_WIDTH_UNKNOWN: 1610 case CHAN_WIDTH_80P80: 1611 /* FIXME: implement this */ 1612 return 0; 1613 } 1614 1615 return (abs(freq - freq1) / 20) % 2 == 0 ? 1 : -1; 1616} 1617 1618 1619static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv, 1620 struct nlattr *ifindex, struct nlattr *freq, 1621 struct nlattr *type, struct nlattr *bw, 1622 struct nlattr *cf1, struct nlattr *cf2) 1623{ 1624 struct i802_bss *bss; 1625 union wpa_event_data data; 1626 int ht_enabled = 1; 1627 int chan_offset = 0; 1628 int ifidx; 1629 1630 wpa_printf(MSG_DEBUG, "nl80211: Channel switch event"); 1631 1632 if (!freq) 1633 return; 1634 1635 ifidx = nla_get_u32(ifindex); 1636 for (bss = drv->first_bss; bss; bss = bss->next) 1637 if (bss->ifindex == ifidx) 1638 break; 1639 1640 if (bss == NULL) { 1641 wpa_printf(MSG_WARNING, "nl80211: Unknown ifindex (%d) for channel switch, ignoring", 1642 ifidx); 1643 return; 1644 } 1645 1646 if (type) { 1647 switch (nla_get_u32(type)) { 1648 case NL80211_CHAN_NO_HT: 1649 ht_enabled = 0; 1650 break; 1651 case NL80211_CHAN_HT20: 1652 break; 1653 case NL80211_CHAN_HT40PLUS: 1654 chan_offset = 1; 1655 break; 1656 case NL80211_CHAN_HT40MINUS: 1657 chan_offset = -1; 1658 break; 1659 } 1660 } else if (bw && cf1) { 1661 /* This can happen for example with VHT80 ch switch */ 1662 chan_offset = calculate_chan_offset(nla_get_u32(bw), 1663 nla_get_u32(freq), 1664 nla_get_u32(cf1), 1665 cf2 ? nla_get_u32(cf2) : 0); 1666 } else { 1667 wpa_printf(MSG_WARNING, "nl80211: Unknown secondary channel information - following channel definition calculations may fail"); 1668 } 1669 1670 os_memset(&data, 0, sizeof(data)); 1671 data.ch_switch.freq = nla_get_u32(freq); 1672 data.ch_switch.ht_enabled = ht_enabled; 1673 data.ch_switch.ch_offset = chan_offset; 1674 if (bw) 1675 data.ch_switch.ch_width = convert2width(nla_get_u32(bw)); 1676 if (cf1) 1677 data.ch_switch.cf1 = nla_get_u32(cf1); 1678 if (cf2) 1679 data.ch_switch.cf2 = nla_get_u32(cf2); 1680 1681 bss->freq = data.ch_switch.freq; 1682 1683 wpa_supplicant_event(bss->ctx, EVENT_CH_SWITCH, &data); 1684} 1685 1686 1687static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 1688 enum nl80211_commands cmd, struct nlattr *addr) 1689{ 1690 union wpa_event_data event; 1691 enum wpa_event_type ev; 1692 1693 if (nla_len(addr) != ETH_ALEN) 1694 return; 1695 1696 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 1697 cmd, MAC2STR((u8 *) nla_data(addr))); 1698 1699 if (cmd == NL80211_CMD_AUTHENTICATE) 1700 ev = EVENT_AUTH_TIMED_OUT; 1701 else if (cmd == NL80211_CMD_ASSOCIATE) 1702 ev = EVENT_ASSOC_TIMED_OUT; 1703 else 1704 return; 1705 1706 os_memset(&event, 0, sizeof(event)); 1707 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 1708 wpa_supplicant_event(drv->ctx, ev, &event); 1709} 1710 1711 1712static void mlme_event_mgmt(struct i802_bss *bss, 1713 struct nlattr *freq, struct nlattr *sig, 1714 const u8 *frame, size_t len) 1715{ 1716 struct wpa_driver_nl80211_data *drv = bss->drv; 1717 const struct ieee80211_mgmt *mgmt; 1718 union wpa_event_data event; 1719 u16 fc, stype; 1720 int ssi_signal = 0; 1721 int rx_freq = 0; 1722 1723 wpa_printf(MSG_MSGDUMP, "nl80211: Frame event"); 1724 mgmt = (const struct ieee80211_mgmt *) frame; 1725 if (len < 24) { 1726 wpa_printf(MSG_DEBUG, "nl80211: Too short management frame"); 1727 return; 1728 } 1729 1730 fc = le_to_host16(mgmt->frame_control); 1731 stype = WLAN_FC_GET_STYPE(fc); 1732 1733 if (sig) 1734 ssi_signal = (s32) nla_get_u32(sig); 1735 1736 os_memset(&event, 0, sizeof(event)); 1737 if (freq) { 1738 event.rx_mgmt.freq = nla_get_u32(freq); 1739 rx_freq = drv->last_mgmt_freq = event.rx_mgmt.freq; 1740 } 1741 wpa_printf(MSG_DEBUG, 1742 "nl80211: RX frame sa=" MACSTR 1743 " freq=%d ssi_signal=%d stype=%u (%s) len=%u", 1744 MAC2STR(mgmt->sa), rx_freq, ssi_signal, stype, fc2str(fc), 1745 (unsigned int) len); 1746 event.rx_mgmt.frame = frame; 1747 event.rx_mgmt.frame_len = len; 1748 event.rx_mgmt.ssi_signal = ssi_signal; 1749 event.rx_mgmt.drv_priv = bss; 1750 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 1751} 1752 1753 1754static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv, 1755 struct nlattr *cookie, const u8 *frame, 1756 size_t len, struct nlattr *ack) 1757{ 1758 union wpa_event_data event; 1759 const struct ieee80211_hdr *hdr; 1760 u16 fc; 1761 1762 wpa_printf(MSG_DEBUG, "nl80211: Frame TX status event"); 1763 if (!is_ap_interface(drv->nlmode)) { 1764 u64 cookie_val; 1765 1766 if (!cookie) 1767 return; 1768 1769 cookie_val = nla_get_u64(cookie); 1770 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:" 1771 " cookie=0%llx%s (ack=%d)", 1772 (long long unsigned int) cookie_val, 1773 cookie_val == drv->send_action_cookie ? 1774 " (match)" : " (unknown)", ack != NULL); 1775 if (cookie_val != drv->send_action_cookie) 1776 return; 1777 } 1778 1779 hdr = (const struct ieee80211_hdr *) frame; 1780 fc = le_to_host16(hdr->frame_control); 1781 1782 os_memset(&event, 0, sizeof(event)); 1783 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 1784 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 1785 event.tx_status.dst = hdr->addr1; 1786 event.tx_status.data = frame; 1787 event.tx_status.data_len = len; 1788 event.tx_status.ack = ack != NULL; 1789 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 1790} 1791 1792 1793static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 1794 enum wpa_event_type type, 1795 const u8 *frame, size_t len) 1796{ 1797 const struct ieee80211_mgmt *mgmt; 1798 union wpa_event_data event; 1799 const u8 *bssid = NULL; 1800 u16 reason_code = 0; 1801 1802 if (type == EVENT_DEAUTH) 1803 wpa_printf(MSG_DEBUG, "nl80211: Deauthenticate event"); 1804 else 1805 wpa_printf(MSG_DEBUG, "nl80211: Disassociate event"); 1806 1807 mgmt = (const struct ieee80211_mgmt *) frame; 1808 if (len >= 24) { 1809 bssid = mgmt->bssid; 1810 1811 if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) && 1812 !drv->associated && 1813 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0 && 1814 os_memcmp(bssid, drv->auth_attempt_bssid, ETH_ALEN) != 0 && 1815 os_memcmp(bssid, drv->prev_bssid, ETH_ALEN) == 0) { 1816 /* 1817 * Avoid issues with some roaming cases where 1818 * disconnection event for the old AP may show up after 1819 * we have started connection with the new AP. 1820 */ 1821 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth/disassoc event from old AP " MACSTR " when already authenticating with " MACSTR, 1822 MAC2STR(bssid), 1823 MAC2STR(drv->auth_attempt_bssid)); 1824 return; 1825 } 1826 1827 if (drv->associated != 0 && 1828 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 1829 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 1830 /* 1831 * We have presumably received this deauth as a 1832 * response to a clear_state_mismatch() outgoing 1833 * deauth. Don't let it take us offline! 1834 */ 1835 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 1836 "from Unknown BSSID " MACSTR " -- ignoring", 1837 MAC2STR(bssid)); 1838 return; 1839 } 1840 } 1841 1842 nl80211_mark_disconnected(drv); 1843 os_memset(&event, 0, sizeof(event)); 1844 1845 /* Note: Same offset for Reason Code in both frame subtypes */ 1846 if (len >= 24 + sizeof(mgmt->u.deauth)) 1847 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1848 1849 if (type == EVENT_DISASSOC) { 1850 event.disassoc_info.locally_generated = 1851 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 1852 event.disassoc_info.addr = bssid; 1853 event.disassoc_info.reason_code = reason_code; 1854 if (frame + len > mgmt->u.disassoc.variable) { 1855 event.disassoc_info.ie = mgmt->u.disassoc.variable; 1856 event.disassoc_info.ie_len = frame + len - 1857 mgmt->u.disassoc.variable; 1858 } 1859 } else { 1860 if (drv->ignore_deauth_event) { 1861 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event due to previous forced deauth-during-auth"); 1862 drv->ignore_deauth_event = 0; 1863 return; 1864 } 1865 event.deauth_info.locally_generated = 1866 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 1867 if (drv->ignore_next_local_deauth) { 1868 drv->ignore_next_local_deauth = 0; 1869 if (event.deauth_info.locally_generated) { 1870 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event triggered due to own deauth request"); 1871 return; 1872 } 1873 wpa_printf(MSG_WARNING, "nl80211: Was expecting local deauth but got another disconnect event first"); 1874 } 1875 event.deauth_info.addr = bssid; 1876 event.deauth_info.reason_code = reason_code; 1877 if (frame + len > mgmt->u.deauth.variable) { 1878 event.deauth_info.ie = mgmt->u.deauth.variable; 1879 event.deauth_info.ie_len = frame + len - 1880 mgmt->u.deauth.variable; 1881 } 1882 } 1883 1884 wpa_supplicant_event(drv->ctx, type, &event); 1885} 1886 1887 1888static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 1889 enum wpa_event_type type, 1890 const u8 *frame, size_t len) 1891{ 1892 const struct ieee80211_mgmt *mgmt; 1893 union wpa_event_data event; 1894 u16 reason_code = 0; 1895 1896 if (type == EVENT_UNPROT_DEAUTH) 1897 wpa_printf(MSG_DEBUG, "nl80211: Unprot Deauthenticate event"); 1898 else 1899 wpa_printf(MSG_DEBUG, "nl80211: Unprot Disassociate event"); 1900 1901 if (len < 24) 1902 return; 1903 1904 mgmt = (const struct ieee80211_mgmt *) frame; 1905 1906 os_memset(&event, 0, sizeof(event)); 1907 /* Note: Same offset for Reason Code in both frame subtypes */ 1908 if (len >= 24 + sizeof(mgmt->u.deauth)) 1909 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1910 1911 if (type == EVENT_UNPROT_DISASSOC) { 1912 event.unprot_disassoc.sa = mgmt->sa; 1913 event.unprot_disassoc.da = mgmt->da; 1914 event.unprot_disassoc.reason_code = reason_code; 1915 } else { 1916 event.unprot_deauth.sa = mgmt->sa; 1917 event.unprot_deauth.da = mgmt->da; 1918 event.unprot_deauth.reason_code = reason_code; 1919 } 1920 1921 wpa_supplicant_event(drv->ctx, type, &event); 1922} 1923 1924 1925static void mlme_event(struct i802_bss *bss, 1926 enum nl80211_commands cmd, struct nlattr *frame, 1927 struct nlattr *addr, struct nlattr *timed_out, 1928 struct nlattr *freq, struct nlattr *ack, 1929 struct nlattr *cookie, struct nlattr *sig) 1930{ 1931 struct wpa_driver_nl80211_data *drv = bss->drv; 1932 const u8 *data; 1933 size_t len; 1934 1935 if (timed_out && addr) { 1936 mlme_timeout_event(drv, cmd, addr); 1937 return; 1938 } 1939 1940 if (frame == NULL) { 1941 wpa_printf(MSG_DEBUG, 1942 "nl80211: MLME event %d (%s) without frame data", 1943 cmd, nl80211_command_to_string(cmd)); 1944 return; 1945 } 1946 1947 data = nla_data(frame); 1948 len = nla_len(frame); 1949 if (len < 4 + 2 * ETH_ALEN) { 1950 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" 1951 MACSTR ") - too short", 1952 cmd, nl80211_command_to_string(cmd), bss->ifname, 1953 MAC2STR(bss->addr)); 1954 return; 1955 } 1956 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" MACSTR 1957 ") A1=" MACSTR " A2=" MACSTR, cmd, 1958 nl80211_command_to_string(cmd), bss->ifname, 1959 MAC2STR(bss->addr), MAC2STR(data + 4), 1960 MAC2STR(data + 4 + ETH_ALEN)); 1961 if (cmd != NL80211_CMD_FRAME_TX_STATUS && !(data[4] & 0x01) && 1962 os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 && 1963 os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) { 1964 wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event " 1965 "for foreign address", bss->ifname); 1966 return; 1967 } 1968 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 1969 nla_data(frame), nla_len(frame)); 1970 1971 switch (cmd) { 1972 case NL80211_CMD_AUTHENTICATE: 1973 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 1974 break; 1975 case NL80211_CMD_ASSOCIATE: 1976 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 1977 break; 1978 case NL80211_CMD_DEAUTHENTICATE: 1979 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 1980 nla_data(frame), nla_len(frame)); 1981 break; 1982 case NL80211_CMD_DISASSOCIATE: 1983 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 1984 nla_data(frame), nla_len(frame)); 1985 break; 1986 case NL80211_CMD_FRAME: 1987 mlme_event_mgmt(bss, freq, sig, nla_data(frame), 1988 nla_len(frame)); 1989 break; 1990 case NL80211_CMD_FRAME_TX_STATUS: 1991 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame), 1992 nla_len(frame), ack); 1993 break; 1994 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1995 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 1996 nla_data(frame), nla_len(frame)); 1997 break; 1998 case NL80211_CMD_UNPROT_DISASSOCIATE: 1999 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 2000 nla_data(frame), nla_len(frame)); 2001 break; 2002 default: 2003 break; 2004 } 2005} 2006 2007 2008static void mlme_event_michael_mic_failure(struct i802_bss *bss, 2009 struct nlattr *tb[]) 2010{ 2011 union wpa_event_data data; 2012 2013 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 2014 os_memset(&data, 0, sizeof(data)); 2015 if (tb[NL80211_ATTR_MAC]) { 2016 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 2017 nla_data(tb[NL80211_ATTR_MAC]), 2018 nla_len(tb[NL80211_ATTR_MAC])); 2019 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 2020 } 2021 if (tb[NL80211_ATTR_KEY_SEQ]) { 2022 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 2023 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 2024 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 2025 } 2026 if (tb[NL80211_ATTR_KEY_TYPE]) { 2027 enum nl80211_key_type key_type = 2028 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 2029 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 2030 if (key_type == NL80211_KEYTYPE_PAIRWISE) 2031 data.michael_mic_failure.unicast = 1; 2032 } else 2033 data.michael_mic_failure.unicast = 1; 2034 2035 if (tb[NL80211_ATTR_KEY_IDX]) { 2036 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 2037 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 2038 } 2039 2040 wpa_supplicant_event(bss->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 2041} 2042 2043 2044static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 2045 struct nlattr *tb[]) 2046{ 2047 unsigned int freq; 2048 2049 if (tb[NL80211_ATTR_MAC] == NULL) { 2050 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 2051 "event"); 2052 return; 2053 } 2054 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2055 2056 drv->associated = 1; 2057 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 2058 MAC2STR(drv->bssid)); 2059 2060 freq = nl80211_get_assoc_freq(drv); 2061 if (freq) { 2062 wpa_printf(MSG_DEBUG, "nl80211: IBSS on frequency %u MHz", 2063 freq); 2064 drv->first_bss->freq = freq; 2065 } 2066 2067 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 2068} 2069 2070 2071static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 2072 int cancel_event, struct nlattr *tb[]) 2073{ 2074 unsigned int freq, chan_type, duration; 2075 union wpa_event_data data; 2076 u64 cookie; 2077 2078 if (tb[NL80211_ATTR_WIPHY_FREQ]) 2079 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 2080 else 2081 freq = 0; 2082 2083 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 2084 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 2085 else 2086 chan_type = 0; 2087 2088 if (tb[NL80211_ATTR_DURATION]) 2089 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 2090 else 2091 duration = 0; 2092 2093 if (tb[NL80211_ATTR_COOKIE]) 2094 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 2095 else 2096 cookie = 0; 2097 2098 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 2099 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 2100 cancel_event, freq, chan_type, duration, 2101 (long long unsigned int) cookie, 2102 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 2103 2104 if (cookie != drv->remain_on_chan_cookie) 2105 return; /* not for us */ 2106 2107 if (cancel_event) 2108 drv->pending_remain_on_chan = 0; 2109 2110 os_memset(&data, 0, sizeof(data)); 2111 data.remain_on_channel.freq = freq; 2112 data.remain_on_channel.duration = duration; 2113 wpa_supplicant_event(drv->ctx, cancel_event ? 2114 EVENT_CANCEL_REMAIN_ON_CHANNEL : 2115 EVENT_REMAIN_ON_CHANNEL, &data); 2116} 2117 2118 2119static void mlme_event_ft_event(struct wpa_driver_nl80211_data *drv, 2120 struct nlattr *tb[]) 2121{ 2122 union wpa_event_data data; 2123 2124 os_memset(&data, 0, sizeof(data)); 2125 2126 if (tb[NL80211_ATTR_IE]) { 2127 data.ft_ies.ies = nla_data(tb[NL80211_ATTR_IE]); 2128 data.ft_ies.ies_len = nla_len(tb[NL80211_ATTR_IE]); 2129 } 2130 2131 if (tb[NL80211_ATTR_IE_RIC]) { 2132 data.ft_ies.ric_ies = nla_data(tb[NL80211_ATTR_IE_RIC]); 2133 data.ft_ies.ric_ies_len = nla_len(tb[NL80211_ATTR_IE_RIC]); 2134 } 2135 2136 if (tb[NL80211_ATTR_MAC]) 2137 os_memcpy(data.ft_ies.target_ap, 2138 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2139 2140 wpa_printf(MSG_DEBUG, "nl80211: FT event target_ap " MACSTR, 2141 MAC2STR(data.ft_ies.target_ap)); 2142 2143 wpa_supplicant_event(drv->ctx, EVENT_FT_RESPONSE, &data); 2144} 2145 2146 2147static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 2148 struct nlattr *tb[]) 2149{ 2150 union wpa_event_data event; 2151 struct nlattr *nl; 2152 int rem; 2153 struct scan_info *info; 2154#define MAX_REPORT_FREQS 50 2155 int freqs[MAX_REPORT_FREQS]; 2156 int num_freqs = 0; 2157 2158 if (drv->scan_for_auth) { 2159 drv->scan_for_auth = 0; 2160 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing " 2161 "cfg80211 BSS entry"); 2162 wpa_driver_nl80211_authenticate_retry(drv); 2163 return; 2164 } 2165 2166 os_memset(&event, 0, sizeof(event)); 2167 info = &event.scan_info; 2168 info->aborted = aborted; 2169 2170 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 2171 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 2172 struct wpa_driver_scan_ssid *s = 2173 &info->ssids[info->num_ssids]; 2174 s->ssid = nla_data(nl); 2175 s->ssid_len = nla_len(nl); 2176 wpa_printf(MSG_DEBUG, "nl80211: Scan probed for SSID '%s'", 2177 wpa_ssid_txt(s->ssid, s->ssid_len)); 2178 info->num_ssids++; 2179 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 2180 break; 2181 } 2182 } 2183 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 2184 char msg[200], *pos, *end; 2185 int res; 2186 2187 pos = msg; 2188 end = pos + sizeof(msg); 2189 *pos = '\0'; 2190 2191 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 2192 { 2193 freqs[num_freqs] = nla_get_u32(nl); 2194 res = os_snprintf(pos, end - pos, " %d", 2195 freqs[num_freqs]); 2196 if (res > 0 && end - pos > res) 2197 pos += res; 2198 num_freqs++; 2199 if (num_freqs == MAX_REPORT_FREQS - 1) 2200 break; 2201 } 2202 info->freqs = freqs; 2203 info->num_freqs = num_freqs; 2204 wpa_printf(MSG_DEBUG, "nl80211: Scan included frequencies:%s", 2205 msg); 2206 } 2207 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 2208} 2209 2210 2211static int get_link_signal(struct nl_msg *msg, void *arg) 2212{ 2213 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2214 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2215 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1]; 2216 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = { 2217 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 }, 2218 [NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 }, 2219 }; 2220 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1]; 2221 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = { 2222 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 }, 2223 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 }, 2224 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG }, 2225 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG }, 2226 }; 2227 struct wpa_signal_info *sig_change = arg; 2228 2229 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2230 genlmsg_attrlen(gnlh, 0), NULL); 2231 if (!tb[NL80211_ATTR_STA_INFO] || 2232 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX, 2233 tb[NL80211_ATTR_STA_INFO], policy)) 2234 return NL_SKIP; 2235 if (!sinfo[NL80211_STA_INFO_SIGNAL]) 2236 return NL_SKIP; 2237 2238 sig_change->current_signal = 2239 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]); 2240 2241 if (sinfo[NL80211_STA_INFO_SIGNAL_AVG]) 2242 sig_change->avg_signal = 2243 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]); 2244 else 2245 sig_change->avg_signal = 0; 2246 2247 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) { 2248 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX, 2249 sinfo[NL80211_STA_INFO_TX_BITRATE], 2250 rate_policy)) { 2251 sig_change->current_txrate = 0; 2252 } else { 2253 if (rinfo[NL80211_RATE_INFO_BITRATE]) { 2254 sig_change->current_txrate = 2255 nla_get_u16(rinfo[ 2256 NL80211_RATE_INFO_BITRATE]) * 100; 2257 } 2258 } 2259 } 2260 2261 return NL_SKIP; 2262} 2263 2264 2265static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, 2266 struct wpa_signal_info *sig) 2267{ 2268 struct nl_msg *msg; 2269 2270 sig->current_signal = -9999; 2271 sig->current_txrate = 0; 2272 2273 msg = nlmsg_alloc(); 2274 if (!msg) 2275 return -ENOMEM; 2276 2277 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 2278 2279 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2280 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 2281 2282 return send_and_recv_msgs(drv, msg, get_link_signal, sig); 2283 nla_put_failure: 2284 nlmsg_free(msg); 2285 return -ENOBUFS; 2286} 2287 2288 2289static int get_link_noise(struct nl_msg *msg, void *arg) 2290{ 2291 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2292 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2293 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 2294 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 2295 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 2296 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 2297 }; 2298 struct wpa_signal_info *sig_change = arg; 2299 2300 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2301 genlmsg_attrlen(gnlh, 0), NULL); 2302 2303 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 2304 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!"); 2305 return NL_SKIP; 2306 } 2307 2308 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 2309 tb[NL80211_ATTR_SURVEY_INFO], 2310 survey_policy)) { 2311 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested " 2312 "attributes!"); 2313 return NL_SKIP; 2314 } 2315 2316 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 2317 return NL_SKIP; 2318 2319 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 2320 sig_change->frequency) 2321 return NL_SKIP; 2322 2323 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 2324 return NL_SKIP; 2325 2326 sig_change->current_noise = 2327 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 2328 2329 return NL_SKIP; 2330} 2331 2332 2333static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, 2334 struct wpa_signal_info *sig_change) 2335{ 2336 struct nl_msg *msg; 2337 2338 sig_change->current_noise = 9999; 2339 sig_change->frequency = drv->assoc_freq; 2340 2341 msg = nlmsg_alloc(); 2342 if (!msg) 2343 return -ENOMEM; 2344 2345 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 2346 2347 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2348 2349 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change); 2350 nla_put_failure: 2351 nlmsg_free(msg); 2352 return -ENOBUFS; 2353} 2354 2355 2356static int get_noise_for_scan_results(struct nl_msg *msg, void *arg) 2357{ 2358 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2359 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2360 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 2361 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 2362 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 2363 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 2364 }; 2365 struct wpa_scan_results *scan_results = arg; 2366 struct wpa_scan_res *scan_res; 2367 size_t i; 2368 2369 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2370 genlmsg_attrlen(gnlh, 0), NULL); 2371 2372 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 2373 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing"); 2374 return NL_SKIP; 2375 } 2376 2377 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 2378 tb[NL80211_ATTR_SURVEY_INFO], 2379 survey_policy)) { 2380 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested " 2381 "attributes"); 2382 return NL_SKIP; 2383 } 2384 2385 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 2386 return NL_SKIP; 2387 2388 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 2389 return NL_SKIP; 2390 2391 for (i = 0; i < scan_results->num; ++i) { 2392 scan_res = scan_results->res[i]; 2393 if (!scan_res) 2394 continue; 2395 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 2396 scan_res->freq) 2397 continue; 2398 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID)) 2399 continue; 2400 scan_res->noise = (s8) 2401 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 2402 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID; 2403 } 2404 2405 return NL_SKIP; 2406} 2407 2408 2409static int nl80211_get_noise_for_scan_results( 2410 struct wpa_driver_nl80211_data *drv, 2411 struct wpa_scan_results *scan_res) 2412{ 2413 struct nl_msg *msg; 2414 2415 msg = nlmsg_alloc(); 2416 if (!msg) 2417 return -ENOMEM; 2418 2419 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 2420 2421 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2422 2423 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, 2424 scan_res); 2425 nla_put_failure: 2426 nlmsg_free(msg); 2427 return -ENOBUFS; 2428} 2429 2430 2431static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 2432 struct nlattr *tb[]) 2433{ 2434 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 2435 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 2436 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 2437 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 2438 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 2439 }; 2440 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 2441 enum nl80211_cqm_rssi_threshold_event event; 2442 union wpa_event_data ed; 2443 struct wpa_signal_info sig; 2444 int res; 2445 2446 if (tb[NL80211_ATTR_CQM] == NULL || 2447 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 2448 cqm_policy)) { 2449 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 2450 return; 2451 } 2452 2453 os_memset(&ed, 0, sizeof(ed)); 2454 2455 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 2456 if (!tb[NL80211_ATTR_MAC]) 2457 return; 2458 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 2459 ETH_ALEN); 2460 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 2461 return; 2462 } 2463 2464 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 2465 return; 2466 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 2467 2468 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 2469 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 2470 "event: RSSI high"); 2471 ed.signal_change.above_threshold = 1; 2472 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 2473 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 2474 "event: RSSI low"); 2475 ed.signal_change.above_threshold = 0; 2476 } else 2477 return; 2478 2479 res = nl80211_get_link_signal(drv, &sig); 2480 if (res == 0) { 2481 ed.signal_change.current_signal = sig.current_signal; 2482 ed.signal_change.current_txrate = sig.current_txrate; 2483 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 2484 sig.current_signal, sig.current_txrate); 2485 } 2486 2487 res = nl80211_get_link_noise(drv, &sig); 2488 if (res == 0) { 2489 ed.signal_change.current_noise = sig.current_noise; 2490 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 2491 sig.current_noise); 2492 } 2493 2494 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 2495} 2496 2497 2498static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 2499 struct nlattr **tb) 2500{ 2501 u8 *addr; 2502 union wpa_event_data data; 2503 2504 if (tb[NL80211_ATTR_MAC] == NULL) 2505 return; 2506 addr = nla_data(tb[NL80211_ATTR_MAC]); 2507 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 2508 2509 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 2510 u8 *ies = NULL; 2511 size_t ies_len = 0; 2512 if (tb[NL80211_ATTR_IE]) { 2513 ies = nla_data(tb[NL80211_ATTR_IE]); 2514 ies_len = nla_len(tb[NL80211_ATTR_IE]); 2515 } 2516 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 2517 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0); 2518 return; 2519 } 2520 2521 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 2522 return; 2523 2524 os_memset(&data, 0, sizeof(data)); 2525 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 2526 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data); 2527} 2528 2529 2530static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 2531 struct nlattr **tb) 2532{ 2533 u8 *addr; 2534 union wpa_event_data data; 2535 2536 if (tb[NL80211_ATTR_MAC] == NULL) 2537 return; 2538 addr = nla_data(tb[NL80211_ATTR_MAC]); 2539 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 2540 MAC2STR(addr)); 2541 2542 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 2543 drv_event_disassoc(drv->ctx, addr); 2544 return; 2545 } 2546 2547 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 2548 return; 2549 2550 os_memset(&data, 0, sizeof(data)); 2551 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 2552 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 2553} 2554 2555 2556static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv, 2557 struct nlattr **tb) 2558{ 2559 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA]; 2560 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = { 2561 [NL80211_REKEY_DATA_KEK] = { 2562 .minlen = NL80211_KEK_LEN, 2563 .maxlen = NL80211_KEK_LEN, 2564 }, 2565 [NL80211_REKEY_DATA_KCK] = { 2566 .minlen = NL80211_KCK_LEN, 2567 .maxlen = NL80211_KCK_LEN, 2568 }, 2569 [NL80211_REKEY_DATA_REPLAY_CTR] = { 2570 .minlen = NL80211_REPLAY_CTR_LEN, 2571 .maxlen = NL80211_REPLAY_CTR_LEN, 2572 }, 2573 }; 2574 union wpa_event_data data; 2575 2576 if (!tb[NL80211_ATTR_MAC]) 2577 return; 2578 if (!tb[NL80211_ATTR_REKEY_DATA]) 2579 return; 2580 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA, 2581 tb[NL80211_ATTR_REKEY_DATA], rekey_policy)) 2582 return; 2583 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]) 2584 return; 2585 2586 os_memset(&data, 0, sizeof(data)); 2587 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]); 2588 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR, 2589 MAC2STR(data.driver_gtk_rekey.bssid)); 2590 data.driver_gtk_rekey.replay_ctr = 2591 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]); 2592 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter", 2593 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN); 2594 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data); 2595} 2596 2597 2598static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv, 2599 struct nlattr **tb) 2600{ 2601 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE]; 2602 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = { 2603 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 }, 2604 [NL80211_PMKSA_CANDIDATE_BSSID] = { 2605 .minlen = ETH_ALEN, 2606 .maxlen = ETH_ALEN, 2607 }, 2608 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG }, 2609 }; 2610 union wpa_event_data data; 2611 2612 wpa_printf(MSG_DEBUG, "nl80211: PMKSA candidate event"); 2613 2614 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE]) 2615 return; 2616 if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE, 2617 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy)) 2618 return; 2619 if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] || 2620 !cand[NL80211_PMKSA_CANDIDATE_BSSID]) 2621 return; 2622 2623 os_memset(&data, 0, sizeof(data)); 2624 os_memcpy(data.pmkid_candidate.bssid, 2625 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN); 2626 data.pmkid_candidate.index = 2627 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]); 2628 data.pmkid_candidate.preauth = 2629 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL; 2630 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 2631} 2632 2633 2634static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv, 2635 struct nlattr **tb) 2636{ 2637 union wpa_event_data data; 2638 2639 wpa_printf(MSG_DEBUG, "nl80211: Probe client event"); 2640 2641 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK]) 2642 return; 2643 2644 os_memset(&data, 0, sizeof(data)); 2645 os_memcpy(data.client_poll.addr, 2646 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2647 2648 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data); 2649} 2650 2651 2652static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv, 2653 struct nlattr **tb) 2654{ 2655 union wpa_event_data data; 2656 2657 wpa_printf(MSG_DEBUG, "nl80211: TDLS operation event"); 2658 2659 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_TDLS_OPERATION]) 2660 return; 2661 2662 os_memset(&data, 0, sizeof(data)); 2663 os_memcpy(data.tdls.peer, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2664 switch (nla_get_u8(tb[NL80211_ATTR_TDLS_OPERATION])) { 2665 case NL80211_TDLS_SETUP: 2666 wpa_printf(MSG_DEBUG, "nl80211: TDLS setup request for peer " 2667 MACSTR, MAC2STR(data.tdls.peer)); 2668 data.tdls.oper = TDLS_REQUEST_SETUP; 2669 break; 2670 case NL80211_TDLS_TEARDOWN: 2671 wpa_printf(MSG_DEBUG, "nl80211: TDLS teardown request for peer " 2672 MACSTR, MAC2STR(data.tdls.peer)); 2673 data.tdls.oper = TDLS_REQUEST_TEARDOWN; 2674 break; 2675 default: 2676 wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione " 2677 "event"); 2678 return; 2679 } 2680 if (tb[NL80211_ATTR_REASON_CODE]) { 2681 data.tdls.reason_code = 2682 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 2683 } 2684 2685 wpa_supplicant_event(drv->ctx, EVENT_TDLS, &data); 2686} 2687 2688 2689static void nl80211_stop_ap(struct wpa_driver_nl80211_data *drv, 2690 struct nlattr **tb) 2691{ 2692 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_UNAVAILABLE, NULL); 2693} 2694 2695 2696static void nl80211_connect_failed_event(struct wpa_driver_nl80211_data *drv, 2697 struct nlattr **tb) 2698{ 2699 union wpa_event_data data; 2700 u32 reason; 2701 2702 wpa_printf(MSG_DEBUG, "nl80211: Connect failed event"); 2703 2704 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_CONN_FAILED_REASON]) 2705 return; 2706 2707 os_memset(&data, 0, sizeof(data)); 2708 os_memcpy(data.connect_failed_reason.addr, 2709 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2710 2711 reason = nla_get_u32(tb[NL80211_ATTR_CONN_FAILED_REASON]); 2712 switch (reason) { 2713 case NL80211_CONN_FAIL_MAX_CLIENTS: 2714 wpa_printf(MSG_DEBUG, "nl80211: Max client reached"); 2715 data.connect_failed_reason.code = MAX_CLIENT_REACHED; 2716 break; 2717 case NL80211_CONN_FAIL_BLOCKED_CLIENT: 2718 wpa_printf(MSG_DEBUG, "nl80211: Blocked client " MACSTR 2719 " tried to connect", 2720 MAC2STR(data.connect_failed_reason.addr)); 2721 data.connect_failed_reason.code = BLOCKED_CLIENT; 2722 break; 2723 default: 2724 wpa_printf(MSG_DEBUG, "nl8021l: Unknown connect failed reason " 2725 "%u", reason); 2726 return; 2727 } 2728 2729 wpa_supplicant_event(drv->ctx, EVENT_CONNECT_FAILED_REASON, &data); 2730} 2731 2732 2733static void nl80211_radar_event(struct wpa_driver_nl80211_data *drv, 2734 struct nlattr **tb) 2735{ 2736 union wpa_event_data data; 2737 enum nl80211_radar_event event_type; 2738 2739 if (!tb[NL80211_ATTR_WIPHY_FREQ] || !tb[NL80211_ATTR_RADAR_EVENT]) 2740 return; 2741 2742 os_memset(&data, 0, sizeof(data)); 2743 data.dfs_event.freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 2744 event_type = nla_get_u32(tb[NL80211_ATTR_RADAR_EVENT]); 2745 2746 /* Check HT params */ 2747 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 2748 data.dfs_event.ht_enabled = 1; 2749 data.dfs_event.chan_offset = 0; 2750 2751 switch (nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])) { 2752 case NL80211_CHAN_NO_HT: 2753 data.dfs_event.ht_enabled = 0; 2754 break; 2755 case NL80211_CHAN_HT20: 2756 break; 2757 case NL80211_CHAN_HT40PLUS: 2758 data.dfs_event.chan_offset = 1; 2759 break; 2760 case NL80211_CHAN_HT40MINUS: 2761 data.dfs_event.chan_offset = -1; 2762 break; 2763 } 2764 } 2765 2766 /* Get VHT params */ 2767 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) 2768 data.dfs_event.chan_width = 2769 convert2width(nla_get_u32( 2770 tb[NL80211_ATTR_CHANNEL_WIDTH])); 2771 if (tb[NL80211_ATTR_CENTER_FREQ1]) 2772 data.dfs_event.cf1 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 2773 if (tb[NL80211_ATTR_CENTER_FREQ2]) 2774 data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 2775 2776 wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz, ht: %d, offset: %d, width: %d, cf1: %dMHz, cf2: %dMHz", 2777 data.dfs_event.freq, data.dfs_event.ht_enabled, 2778 data.dfs_event.chan_offset, data.dfs_event.chan_width, 2779 data.dfs_event.cf1, data.dfs_event.cf2); 2780 2781 switch (event_type) { 2782 case NL80211_RADAR_DETECTED: 2783 wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data); 2784 break; 2785 case NL80211_RADAR_CAC_FINISHED: 2786 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data); 2787 break; 2788 case NL80211_RADAR_CAC_ABORTED: 2789 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data); 2790 break; 2791 case NL80211_RADAR_NOP_FINISHED: 2792 wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data); 2793 break; 2794 default: 2795 wpa_printf(MSG_DEBUG, "nl80211: Unknown radar event %d " 2796 "received", event_type); 2797 break; 2798 } 2799} 2800 2801 2802static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb, 2803 int wds) 2804{ 2805 struct wpa_driver_nl80211_data *drv = bss->drv; 2806 union wpa_event_data event; 2807 2808 if (!tb[NL80211_ATTR_MAC]) 2809 return; 2810 2811 os_memset(&event, 0, sizeof(event)); 2812 event.rx_from_unknown.bssid = bss->addr; 2813 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]); 2814 event.rx_from_unknown.wds = wds; 2815 2816 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 2817} 2818 2819 2820static void qca_nl80211_avoid_freq(struct wpa_driver_nl80211_data *drv, 2821 const u8 *data, size_t len) 2822{ 2823 u32 i, count; 2824 union wpa_event_data event; 2825 struct wpa_freq_range *range = NULL; 2826 const struct qca_avoid_freq_list *freq_range; 2827 2828 freq_range = (const struct qca_avoid_freq_list *) data; 2829 if (len < sizeof(freq_range->count)) 2830 return; 2831 2832 count = freq_range->count; 2833 if (len < sizeof(freq_range->count) + 2834 count * sizeof(struct qca_avoid_freq_range)) { 2835 wpa_printf(MSG_DEBUG, "nl80211: Ignored too short avoid frequency list (len=%u)", 2836 (unsigned int) len); 2837 return; 2838 } 2839 2840 if (count > 0) { 2841 range = os_calloc(count, sizeof(struct wpa_freq_range)); 2842 if (range == NULL) 2843 return; 2844 } 2845 2846 os_memset(&event, 0, sizeof(event)); 2847 for (i = 0; i < count; i++) { 2848 unsigned int idx = event.freq_range.num; 2849 range[idx].min = freq_range->range[i].start_freq; 2850 range[idx].max = freq_range->range[i].end_freq; 2851 wpa_printf(MSG_DEBUG, "nl80211: Avoid frequency range: %u-%u", 2852 range[idx].min, range[idx].max); 2853 if (range[idx].min > range[idx].max) { 2854 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid frequency range"); 2855 continue; 2856 } 2857 event.freq_range.num++; 2858 } 2859 event.freq_range.range = range; 2860 2861 wpa_supplicant_event(drv->ctx, EVENT_AVOID_FREQUENCIES, &event); 2862 2863 os_free(range); 2864} 2865 2866 2867static void nl80211_vendor_event_qca(struct wpa_driver_nl80211_data *drv, 2868 u32 subcmd, u8 *data, size_t len) 2869{ 2870 switch (subcmd) { 2871 case QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY: 2872 qca_nl80211_avoid_freq(drv, data, len); 2873 break; 2874 default: 2875 wpa_printf(MSG_DEBUG, 2876 "nl80211: Ignore unsupported QCA vendor event %u", 2877 subcmd); 2878 break; 2879 } 2880} 2881 2882 2883static void nl80211_vendor_event(struct wpa_driver_nl80211_data *drv, 2884 struct nlattr **tb) 2885{ 2886 u32 vendor_id, subcmd, wiphy = 0; 2887 int wiphy_idx; 2888 u8 *data = NULL; 2889 size_t len = 0; 2890 2891 if (!tb[NL80211_ATTR_VENDOR_ID] || 2892 !tb[NL80211_ATTR_VENDOR_SUBCMD]) 2893 return; 2894 2895 vendor_id = nla_get_u32(tb[NL80211_ATTR_VENDOR_ID]); 2896 subcmd = nla_get_u32(tb[NL80211_ATTR_VENDOR_SUBCMD]); 2897 2898 if (tb[NL80211_ATTR_WIPHY]) 2899 wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 2900 2901 wpa_printf(MSG_DEBUG, "nl80211: Vendor event: wiphy=%u vendor_id=0x%x subcmd=%u", 2902 wiphy, vendor_id, subcmd); 2903 2904 if (tb[NL80211_ATTR_VENDOR_DATA]) { 2905 data = nla_data(tb[NL80211_ATTR_VENDOR_DATA]); 2906 len = nla_len(tb[NL80211_ATTR_VENDOR_DATA]); 2907 wpa_hexdump(MSG_MSGDUMP, "nl80211: Vendor data", data, len); 2908 } 2909 2910 wiphy_idx = nl80211_get_wiphy_index(drv->first_bss); 2911 if (wiphy_idx >= 0 && wiphy_idx != (int) wiphy) { 2912 wpa_printf(MSG_DEBUG, "nl80211: Ignore vendor event for foreign wiphy %u (own: %d)", 2913 wiphy, wiphy_idx); 2914 return; 2915 } 2916 2917 switch (vendor_id) { 2918 case OUI_QCA: 2919 nl80211_vendor_event_qca(drv, subcmd, data, len); 2920 break; 2921 default: 2922 wpa_printf(MSG_DEBUG, "nl80211: Ignore unsupported vendor event"); 2923 break; 2924 } 2925} 2926 2927 2928static void nl80211_reg_change_event(struct wpa_driver_nl80211_data *drv, 2929 struct nlattr *tb[]) 2930{ 2931 union wpa_event_data data; 2932 enum nl80211_reg_initiator init; 2933 2934 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 2935 2936 if (tb[NL80211_ATTR_REG_INITIATOR] == NULL) 2937 return; 2938 2939 os_memset(&data, 0, sizeof(data)); 2940 init = nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR]); 2941 wpa_printf(MSG_DEBUG, " * initiator=%d", init); 2942 switch (init) { 2943 case NL80211_REGDOM_SET_BY_CORE: 2944 data.channel_list_changed.initiator = REGDOM_SET_BY_CORE; 2945 break; 2946 case NL80211_REGDOM_SET_BY_USER: 2947 data.channel_list_changed.initiator = REGDOM_SET_BY_USER; 2948 break; 2949 case NL80211_REGDOM_SET_BY_DRIVER: 2950 data.channel_list_changed.initiator = REGDOM_SET_BY_DRIVER; 2951 break; 2952 case NL80211_REGDOM_SET_BY_COUNTRY_IE: 2953 data.channel_list_changed.initiator = REGDOM_SET_BY_COUNTRY_IE; 2954 break; 2955 } 2956 2957 if (tb[NL80211_ATTR_REG_TYPE]) { 2958 enum nl80211_reg_type type; 2959 type = nla_get_u8(tb[NL80211_ATTR_REG_TYPE]); 2960 wpa_printf(MSG_DEBUG, " * type=%d", type); 2961 switch (type) { 2962 case NL80211_REGDOM_TYPE_COUNTRY: 2963 data.channel_list_changed.type = REGDOM_TYPE_COUNTRY; 2964 break; 2965 case NL80211_REGDOM_TYPE_WORLD: 2966 data.channel_list_changed.type = REGDOM_TYPE_WORLD; 2967 break; 2968 case NL80211_REGDOM_TYPE_CUSTOM_WORLD: 2969 data.channel_list_changed.type = 2970 REGDOM_TYPE_CUSTOM_WORLD; 2971 break; 2972 case NL80211_REGDOM_TYPE_INTERSECTION: 2973 data.channel_list_changed.type = 2974 REGDOM_TYPE_INTERSECTION; 2975 break; 2976 } 2977 } 2978 2979 if (tb[NL80211_ATTR_REG_ALPHA2]) { 2980 os_strlcpy(data.channel_list_changed.alpha2, 2981 nla_get_string(tb[NL80211_ATTR_REG_ALPHA2]), 2982 sizeof(data.channel_list_changed.alpha2)); 2983 wpa_printf(MSG_DEBUG, " * alpha2=%s", 2984 data.channel_list_changed.alpha2); 2985 } 2986 2987 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, &data); 2988} 2989 2990 2991static void do_process_drv_event(struct i802_bss *bss, int cmd, 2992 struct nlattr **tb) 2993{ 2994 struct wpa_driver_nl80211_data *drv = bss->drv; 2995 union wpa_event_data data; 2996 2997 wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s", 2998 cmd, nl80211_command_to_string(cmd), bss->ifname); 2999 3000 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED && 3001 (cmd == NL80211_CMD_NEW_SCAN_RESULTS || 3002 cmd == NL80211_CMD_SCAN_ABORTED)) { 3003 wpa_driver_nl80211_set_mode(drv->first_bss, 3004 drv->ap_scan_as_station); 3005 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 3006 } 3007 3008 switch (cmd) { 3009 case NL80211_CMD_TRIGGER_SCAN: 3010 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan trigger"); 3011 drv->scan_state = SCAN_STARTED; 3012 if (drv->scan_for_auth) { 3013 /* 3014 * Cannot indicate EVENT_SCAN_STARTED here since we skip 3015 * EVENT_SCAN_RESULTS in scan_for_auth case and the 3016 * upper layer implementation could get confused about 3017 * scanning state. 3018 */ 3019 wpa_printf(MSG_DEBUG, "nl80211: Do not indicate scan-start event due to internal scan_for_auth"); 3020 break; 3021 } 3022 wpa_supplicant_event(drv->ctx, EVENT_SCAN_STARTED, NULL); 3023 break; 3024 case NL80211_CMD_START_SCHED_SCAN: 3025 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan started"); 3026 drv->scan_state = SCHED_SCAN_STARTED; 3027 break; 3028 case NL80211_CMD_SCHED_SCAN_STOPPED: 3029 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan stopped"); 3030 drv->scan_state = SCHED_SCAN_STOPPED; 3031 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL); 3032 break; 3033 case NL80211_CMD_NEW_SCAN_RESULTS: 3034 wpa_dbg(drv->ctx, MSG_DEBUG, 3035 "nl80211: New scan results available"); 3036 drv->scan_state = SCAN_COMPLETED; 3037 drv->scan_complete_events = 1; 3038 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 3039 drv->ctx); 3040 send_scan_event(drv, 0, tb); 3041 break; 3042 case NL80211_CMD_SCHED_SCAN_RESULTS: 3043 wpa_dbg(drv->ctx, MSG_DEBUG, 3044 "nl80211: New sched scan results available"); 3045 drv->scan_state = SCHED_SCAN_RESULTS; 3046 send_scan_event(drv, 0, tb); 3047 break; 3048 case NL80211_CMD_SCAN_ABORTED: 3049 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan aborted"); 3050 drv->scan_state = SCAN_ABORTED; 3051 /* 3052 * Need to indicate that scan results are available in order 3053 * not to make wpa_supplicant stop its scanning. 3054 */ 3055 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 3056 drv->ctx); 3057 send_scan_event(drv, 1, tb); 3058 break; 3059 case NL80211_CMD_AUTHENTICATE: 3060 case NL80211_CMD_ASSOCIATE: 3061 case NL80211_CMD_DEAUTHENTICATE: 3062 case NL80211_CMD_DISASSOCIATE: 3063 case NL80211_CMD_FRAME_TX_STATUS: 3064 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 3065 case NL80211_CMD_UNPROT_DISASSOCIATE: 3066 mlme_event(bss, cmd, tb[NL80211_ATTR_FRAME], 3067 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 3068 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 3069 tb[NL80211_ATTR_COOKIE], 3070 tb[NL80211_ATTR_RX_SIGNAL_DBM]); 3071 break; 3072 case NL80211_CMD_CONNECT: 3073 case NL80211_CMD_ROAM: 3074 mlme_event_connect(drv, cmd, 3075 tb[NL80211_ATTR_STATUS_CODE], 3076 tb[NL80211_ATTR_MAC], 3077 tb[NL80211_ATTR_REQ_IE], 3078 tb[NL80211_ATTR_RESP_IE]); 3079 break; 3080 case NL80211_CMD_CH_SWITCH_NOTIFY: 3081 mlme_event_ch_switch(drv, 3082 tb[NL80211_ATTR_IFINDEX], 3083 tb[NL80211_ATTR_WIPHY_FREQ], 3084 tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE], 3085 tb[NL80211_ATTR_CHANNEL_WIDTH], 3086 tb[NL80211_ATTR_CENTER_FREQ1], 3087 tb[NL80211_ATTR_CENTER_FREQ2]); 3088 break; 3089 case NL80211_CMD_DISCONNECT: 3090 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE], 3091 tb[NL80211_ATTR_MAC], 3092 tb[NL80211_ATTR_DISCONNECTED_BY_AP]); 3093 break; 3094 case NL80211_CMD_MICHAEL_MIC_FAILURE: 3095 mlme_event_michael_mic_failure(bss, tb); 3096 break; 3097 case NL80211_CMD_JOIN_IBSS: 3098 mlme_event_join_ibss(drv, tb); 3099 break; 3100 case NL80211_CMD_REMAIN_ON_CHANNEL: 3101 mlme_event_remain_on_channel(drv, 0, tb); 3102 break; 3103 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 3104 mlme_event_remain_on_channel(drv, 1, tb); 3105 break; 3106 case NL80211_CMD_NOTIFY_CQM: 3107 nl80211_cqm_event(drv, tb); 3108 break; 3109 case NL80211_CMD_REG_CHANGE: 3110 nl80211_reg_change_event(drv, tb); 3111 break; 3112 case NL80211_CMD_REG_BEACON_HINT: 3113 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 3114 os_memset(&data, 0, sizeof(data)); 3115 data.channel_list_changed.initiator = REGDOM_BEACON_HINT; 3116 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 3117 &data); 3118 break; 3119 case NL80211_CMD_NEW_STATION: 3120 nl80211_new_station_event(drv, tb); 3121 break; 3122 case NL80211_CMD_DEL_STATION: 3123 nl80211_del_station_event(drv, tb); 3124 break; 3125 case NL80211_CMD_SET_REKEY_OFFLOAD: 3126 nl80211_rekey_offload_event(drv, tb); 3127 break; 3128 case NL80211_CMD_PMKSA_CANDIDATE: 3129 nl80211_pmksa_candidate_event(drv, tb); 3130 break; 3131 case NL80211_CMD_PROBE_CLIENT: 3132 nl80211_client_probe_event(drv, tb); 3133 break; 3134 case NL80211_CMD_TDLS_OPER: 3135 nl80211_tdls_oper_event(drv, tb); 3136 break; 3137 case NL80211_CMD_CONN_FAILED: 3138 nl80211_connect_failed_event(drv, tb); 3139 break; 3140 case NL80211_CMD_FT_EVENT: 3141 mlme_event_ft_event(drv, tb); 3142 break; 3143 case NL80211_CMD_RADAR_DETECT: 3144 nl80211_radar_event(drv, tb); 3145 break; 3146 case NL80211_CMD_STOP_AP: 3147 nl80211_stop_ap(drv, tb); 3148 break; 3149 case NL80211_CMD_VENDOR: 3150 nl80211_vendor_event(drv, tb); 3151 break; 3152 default: 3153 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event " 3154 "(cmd=%d)", cmd); 3155 break; 3156 } 3157} 3158 3159 3160static int process_drv_event(struct nl_msg *msg, void *arg) 3161{ 3162 struct wpa_driver_nl80211_data *drv = arg; 3163 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3164 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3165 struct i802_bss *bss; 3166 int ifidx = -1; 3167 3168 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3169 genlmsg_attrlen(gnlh, 0), NULL); 3170 3171 if (tb[NL80211_ATTR_IFINDEX]) { 3172 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 3173 3174 for (bss = drv->first_bss; bss; bss = bss->next) 3175 if (ifidx == -1 || ifidx == bss->ifindex) { 3176 do_process_drv_event(bss, gnlh->cmd, tb); 3177 return NL_SKIP; 3178 } 3179 wpa_printf(MSG_DEBUG, 3180 "nl80211: Ignored event (cmd=%d) for foreign interface (ifindex %d)", 3181 gnlh->cmd, ifidx); 3182 } else if (tb[NL80211_ATTR_WDEV]) { 3183 u64 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 3184 wpa_printf(MSG_DEBUG, "nl80211: Process event on P2P device"); 3185 for (bss = drv->first_bss; bss; bss = bss->next) { 3186 if (bss->wdev_id_set && wdev_id == bss->wdev_id) { 3187 do_process_drv_event(bss, gnlh->cmd, tb); 3188 return NL_SKIP; 3189 } 3190 } 3191 wpa_printf(MSG_DEBUG, 3192 "nl80211: Ignored event (cmd=%d) for foreign interface (wdev 0x%llx)", 3193 gnlh->cmd, (long long unsigned int) wdev_id); 3194 } 3195 3196 return NL_SKIP; 3197} 3198 3199 3200static int process_global_event(struct nl_msg *msg, void *arg) 3201{ 3202 struct nl80211_global *global = arg; 3203 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3204 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3205 struct wpa_driver_nl80211_data *drv, *tmp; 3206 int ifidx = -1; 3207 struct i802_bss *bss; 3208 u64 wdev_id = 0; 3209 int wdev_id_set = 0; 3210 3211 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3212 genlmsg_attrlen(gnlh, 0), NULL); 3213 3214 if (tb[NL80211_ATTR_IFINDEX]) 3215 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 3216 else if (tb[NL80211_ATTR_WDEV]) { 3217 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 3218 wdev_id_set = 1; 3219 } 3220 3221 dl_list_for_each_safe(drv, tmp, &global->interfaces, 3222 struct wpa_driver_nl80211_data, list) { 3223 for (bss = drv->first_bss; bss; bss = bss->next) { 3224 if ((ifidx == -1 && !wdev_id_set) || 3225 ifidx == bss->ifindex || 3226 (wdev_id_set && bss->wdev_id_set && 3227 wdev_id == bss->wdev_id)) { 3228 do_process_drv_event(bss, gnlh->cmd, tb); 3229 return NL_SKIP; 3230 } 3231 } 3232 } 3233 3234 return NL_SKIP; 3235} 3236 3237 3238static int process_bss_event(struct nl_msg *msg, void *arg) 3239{ 3240 struct i802_bss *bss = arg; 3241 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3242 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3243 3244 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3245 genlmsg_attrlen(gnlh, 0), NULL); 3246 3247 wpa_printf(MSG_DEBUG, "nl80211: BSS Event %d (%s) received for %s", 3248 gnlh->cmd, nl80211_command_to_string(gnlh->cmd), 3249 bss->ifname); 3250 3251 switch (gnlh->cmd) { 3252 case NL80211_CMD_FRAME: 3253 case NL80211_CMD_FRAME_TX_STATUS: 3254 mlme_event(bss, gnlh->cmd, tb[NL80211_ATTR_FRAME], 3255 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 3256 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 3257 tb[NL80211_ATTR_COOKIE], 3258 tb[NL80211_ATTR_RX_SIGNAL_DBM]); 3259 break; 3260 case NL80211_CMD_UNEXPECTED_FRAME: 3261 nl80211_spurious_frame(bss, tb, 0); 3262 break; 3263 case NL80211_CMD_UNEXPECTED_4ADDR_FRAME: 3264 nl80211_spurious_frame(bss, tb, 1); 3265 break; 3266 default: 3267 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 3268 "(cmd=%d)", gnlh->cmd); 3269 break; 3270 } 3271 3272 return NL_SKIP; 3273} 3274 3275 3276static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 3277 void *handle) 3278{ 3279 struct nl_cb *cb = eloop_ctx; 3280 int res; 3281 3282 wpa_printf(MSG_MSGDUMP, "nl80211: Event message available"); 3283 3284 res = nl_recvmsgs(handle, cb); 3285 if (res < 0) { 3286 wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d", 3287 __func__, res); 3288 } 3289} 3290 3291 3292/** 3293 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 3294 * @priv: driver_nl80211 private data 3295 * @alpha2_arg: country to which to switch to 3296 * Returns: 0 on success, -1 on failure 3297 * 3298 * This asks nl80211 to set the regulatory domain for given 3299 * country ISO / IEC alpha2. 3300 */ 3301static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 3302{ 3303 struct i802_bss *bss = priv; 3304 struct wpa_driver_nl80211_data *drv = bss->drv; 3305 char alpha2[3]; 3306 struct nl_msg *msg; 3307 3308 msg = nlmsg_alloc(); 3309 if (!msg) 3310 return -ENOMEM; 3311 3312 alpha2[0] = alpha2_arg[0]; 3313 alpha2[1] = alpha2_arg[1]; 3314 alpha2[2] = '\0'; 3315 3316 nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG); 3317 3318 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 3319 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 3320 return -EINVAL; 3321 return 0; 3322nla_put_failure: 3323 nlmsg_free(msg); 3324 return -EINVAL; 3325} 3326 3327 3328static int nl80211_get_country(struct nl_msg *msg, void *arg) 3329{ 3330 char *alpha2 = arg; 3331 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3332 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3333 3334 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3335 genlmsg_attrlen(gnlh, 0), NULL); 3336 if (!tb_msg[NL80211_ATTR_REG_ALPHA2]) { 3337 wpa_printf(MSG_DEBUG, "nl80211: No country information available"); 3338 return NL_SKIP; 3339 } 3340 os_strlcpy(alpha2, nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 3); 3341 return NL_SKIP; 3342} 3343 3344 3345static int wpa_driver_nl80211_get_country(void *priv, char *alpha2) 3346{ 3347 struct i802_bss *bss = priv; 3348 struct wpa_driver_nl80211_data *drv = bss->drv; 3349 struct nl_msg *msg; 3350 int ret; 3351 3352 msg = nlmsg_alloc(); 3353 if (!msg) 3354 return -ENOMEM; 3355 3356 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 3357 alpha2[0] = '\0'; 3358 ret = send_and_recv_msgs(drv, msg, nl80211_get_country, alpha2); 3359 if (!alpha2[0]) 3360 ret = -1; 3361 3362 return ret; 3363} 3364 3365 3366static int protocol_feature_handler(struct nl_msg *msg, void *arg) 3367{ 3368 u32 *feat = arg; 3369 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3370 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3371 3372 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3373 genlmsg_attrlen(gnlh, 0), NULL); 3374 3375 if (tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]) 3376 *feat = nla_get_u32(tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]); 3377 3378 return NL_SKIP; 3379} 3380 3381 3382static u32 get_nl80211_protocol_features(struct wpa_driver_nl80211_data *drv) 3383{ 3384 u32 feat = 0; 3385 struct nl_msg *msg; 3386 3387 msg = nlmsg_alloc(); 3388 if (!msg) 3389 goto nla_put_failure; 3390 3391 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_PROTOCOL_FEATURES); 3392 if (send_and_recv_msgs(drv, msg, protocol_feature_handler, &feat) == 0) 3393 return feat; 3394 3395 msg = NULL; 3396nla_put_failure: 3397 nlmsg_free(msg); 3398 return 0; 3399} 3400 3401 3402struct wiphy_info_data { 3403 struct wpa_driver_nl80211_data *drv; 3404 struct wpa_driver_capa *capa; 3405 3406 unsigned int num_multichan_concurrent; 3407 3408 unsigned int error:1; 3409 unsigned int device_ap_sme:1; 3410 unsigned int poll_command_supported:1; 3411 unsigned int data_tx_status:1; 3412 unsigned int monitor_supported:1; 3413 unsigned int auth_supported:1; 3414 unsigned int connect_supported:1; 3415 unsigned int p2p_go_supported:1; 3416 unsigned int p2p_client_supported:1; 3417 unsigned int p2p_concurrent:1; 3418 unsigned int channel_switch_supported:1; 3419 unsigned int set_qos_map_supported:1; 3420 unsigned int have_low_prio_scan:1; 3421}; 3422 3423 3424static unsigned int probe_resp_offload_support(int supp_protocols) 3425{ 3426 unsigned int prot = 0; 3427 3428 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS) 3429 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS; 3430 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2) 3431 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2; 3432 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P) 3433 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P; 3434 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U) 3435 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING; 3436 3437 return prot; 3438} 3439 3440 3441static void wiphy_info_supported_iftypes(struct wiphy_info_data *info, 3442 struct nlattr *tb) 3443{ 3444 struct nlattr *nl_mode; 3445 int i; 3446 3447 if (tb == NULL) 3448 return; 3449 3450 nla_for_each_nested(nl_mode, tb, i) { 3451 switch (nla_type(nl_mode)) { 3452 case NL80211_IFTYPE_AP: 3453 info->capa->flags |= WPA_DRIVER_FLAGS_AP; 3454 break; 3455 case NL80211_IFTYPE_ADHOC: 3456 info->capa->flags |= WPA_DRIVER_FLAGS_IBSS; 3457 break; 3458 case NL80211_IFTYPE_P2P_DEVICE: 3459 info->capa->flags |= 3460 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE; 3461 break; 3462 case NL80211_IFTYPE_P2P_GO: 3463 info->p2p_go_supported = 1; 3464 break; 3465 case NL80211_IFTYPE_P2P_CLIENT: 3466 info->p2p_client_supported = 1; 3467 break; 3468 case NL80211_IFTYPE_MONITOR: 3469 info->monitor_supported = 1; 3470 break; 3471 } 3472 } 3473} 3474 3475 3476static int wiphy_info_iface_comb_process(struct wiphy_info_data *info, 3477 struct nlattr *nl_combi) 3478{ 3479 struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB]; 3480 struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT]; 3481 struct nlattr *nl_limit, *nl_mode; 3482 int err, rem_limit, rem_mode; 3483 int combination_has_p2p = 0, combination_has_mgd = 0; 3484 static struct nla_policy 3485 iface_combination_policy[NUM_NL80211_IFACE_COMB] = { 3486 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED }, 3487 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 }, 3488 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG }, 3489 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 }, 3490 [NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS] = { .type = NLA_U32 }, 3491 }, 3492 iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = { 3493 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED }, 3494 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 }, 3495 }; 3496 3497 err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB, 3498 nl_combi, iface_combination_policy); 3499 if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] || 3500 !tb_comb[NL80211_IFACE_COMB_MAXNUM] || 3501 !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]) 3502 return 0; /* broken combination */ 3503 3504 if (tb_comb[NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS]) 3505 info->capa->flags |= WPA_DRIVER_FLAGS_RADAR; 3506 3507 nla_for_each_nested(nl_limit, tb_comb[NL80211_IFACE_COMB_LIMITS], 3508 rem_limit) { 3509 err = nla_parse_nested(tb_limit, MAX_NL80211_IFACE_LIMIT, 3510 nl_limit, iface_limit_policy); 3511 if (err || !tb_limit[NL80211_IFACE_LIMIT_TYPES]) 3512 return 0; /* broken combination */ 3513 3514 nla_for_each_nested(nl_mode, 3515 tb_limit[NL80211_IFACE_LIMIT_TYPES], 3516 rem_mode) { 3517 int ift = nla_type(nl_mode); 3518 if (ift == NL80211_IFTYPE_P2P_GO || 3519 ift == NL80211_IFTYPE_P2P_CLIENT) 3520 combination_has_p2p = 1; 3521 if (ift == NL80211_IFTYPE_STATION) 3522 combination_has_mgd = 1; 3523 } 3524 if (combination_has_p2p && combination_has_mgd) 3525 break; 3526 } 3527 3528 if (combination_has_p2p && combination_has_mgd) { 3529 unsigned int num_channels = 3530 nla_get_u32(tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]); 3531 3532 info->p2p_concurrent = 1; 3533 if (info->num_multichan_concurrent < num_channels) 3534 info->num_multichan_concurrent = num_channels; 3535 } 3536 3537 return 0; 3538} 3539 3540 3541static void wiphy_info_iface_comb(struct wiphy_info_data *info, 3542 struct nlattr *tb) 3543{ 3544 struct nlattr *nl_combi; 3545 int rem_combi; 3546 3547 if (tb == NULL) 3548 return; 3549 3550 nla_for_each_nested(nl_combi, tb, rem_combi) { 3551 if (wiphy_info_iface_comb_process(info, nl_combi) > 0) 3552 break; 3553 } 3554} 3555 3556 3557static void wiphy_info_supp_cmds(struct wiphy_info_data *info, 3558 struct nlattr *tb) 3559{ 3560 struct nlattr *nl_cmd; 3561 int i; 3562 3563 if (tb == NULL) 3564 return; 3565 3566 nla_for_each_nested(nl_cmd, tb, i) { 3567 switch (nla_get_u32(nl_cmd)) { 3568 case NL80211_CMD_AUTHENTICATE: 3569 info->auth_supported = 1; 3570 break; 3571 case NL80211_CMD_CONNECT: 3572 info->connect_supported = 1; 3573 break; 3574 case NL80211_CMD_START_SCHED_SCAN: 3575 info->capa->sched_scan_supported = 1; 3576 break; 3577 case NL80211_CMD_PROBE_CLIENT: 3578 info->poll_command_supported = 1; 3579 break; 3580 case NL80211_CMD_CHANNEL_SWITCH: 3581 info->channel_switch_supported = 1; 3582 break; 3583 case NL80211_CMD_SET_QOS_MAP: 3584 info->set_qos_map_supported = 1; 3585 break; 3586 } 3587 } 3588} 3589 3590 3591static void wiphy_info_cipher_suites(struct wiphy_info_data *info, 3592 struct nlattr *tb) 3593{ 3594 int i, num; 3595 u32 *ciphers; 3596 3597 if (tb == NULL) 3598 return; 3599 3600 num = nla_len(tb) / sizeof(u32); 3601 ciphers = nla_data(tb); 3602 for (i = 0; i < num; i++) { 3603 u32 c = ciphers[i]; 3604 3605 wpa_printf(MSG_DEBUG, "nl80211: Supported cipher %02x-%02x-%02x:%d", 3606 c >> 24, (c >> 16) & 0xff, 3607 (c >> 8) & 0xff, c & 0xff); 3608 switch (c) { 3609 case WLAN_CIPHER_SUITE_CCMP_256: 3610 info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP_256; 3611 break; 3612 case WLAN_CIPHER_SUITE_GCMP_256: 3613 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP_256; 3614 break; 3615 case WLAN_CIPHER_SUITE_CCMP: 3616 info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP; 3617 break; 3618 case WLAN_CIPHER_SUITE_GCMP: 3619 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP; 3620 break; 3621 case WLAN_CIPHER_SUITE_TKIP: 3622 info->capa->enc |= WPA_DRIVER_CAPA_ENC_TKIP; 3623 break; 3624 case WLAN_CIPHER_SUITE_WEP104: 3625 info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP104; 3626 break; 3627 case WLAN_CIPHER_SUITE_WEP40: 3628 info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP40; 3629 break; 3630 case WLAN_CIPHER_SUITE_AES_CMAC: 3631 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP; 3632 break; 3633 case WLAN_CIPHER_SUITE_BIP_GMAC_128: 3634 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_128; 3635 break; 3636 case WLAN_CIPHER_SUITE_BIP_GMAC_256: 3637 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_256; 3638 break; 3639 case WLAN_CIPHER_SUITE_BIP_CMAC_256: 3640 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_CMAC_256; 3641 break; 3642 case WLAN_CIPHER_SUITE_NO_GROUP_ADDR: 3643 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GTK_NOT_USED; 3644 break; 3645 } 3646 } 3647} 3648 3649 3650static void wiphy_info_max_roc(struct wpa_driver_capa *capa, 3651 struct nlattr *tb) 3652{ 3653 if (tb) 3654 capa->max_remain_on_chan = nla_get_u32(tb); 3655} 3656 3657 3658static void wiphy_info_tdls(struct wpa_driver_capa *capa, struct nlattr *tdls, 3659 struct nlattr *ext_setup) 3660{ 3661 if (tdls == NULL) 3662 return; 3663 3664 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported"); 3665 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT; 3666 3667 if (ext_setup) { 3668 wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup"); 3669 capa->flags |= WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP; 3670 } 3671} 3672 3673 3674static void wiphy_info_feature_flags(struct wiphy_info_data *info, 3675 struct nlattr *tb) 3676{ 3677 u32 flags; 3678 struct wpa_driver_capa *capa = info->capa; 3679 3680 if (tb == NULL) 3681 return; 3682 3683 flags = nla_get_u32(tb); 3684 3685 if (flags & NL80211_FEATURE_SK_TX_STATUS) 3686 info->data_tx_status = 1; 3687 3688 if (flags & NL80211_FEATURE_INACTIVITY_TIMER) 3689 capa->flags |= WPA_DRIVER_FLAGS_INACTIVITY_TIMER; 3690 3691 if (flags & NL80211_FEATURE_SAE) 3692 capa->flags |= WPA_DRIVER_FLAGS_SAE; 3693 3694 if (flags & NL80211_FEATURE_NEED_OBSS_SCAN) 3695 capa->flags |= WPA_DRIVER_FLAGS_OBSS_SCAN; 3696 3697 if (flags & NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE) 3698 capa->flags |= WPA_DRIVER_FLAGS_HT_2040_COEX; 3699 3700 if (flags & NL80211_FEATURE_LOW_PRIORITY_SCAN) 3701 info->have_low_prio_scan = 1; 3702} 3703 3704 3705static void wiphy_info_probe_resp_offload(struct wpa_driver_capa *capa, 3706 struct nlattr *tb) 3707{ 3708 u32 protocols; 3709 3710 if (tb == NULL) 3711 return; 3712 3713 protocols = nla_get_u32(tb); 3714 wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response offload in AP " 3715 "mode"); 3716 capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD; 3717 capa->probe_resp_offloads = probe_resp_offload_support(protocols); 3718} 3719 3720 3721static void wiphy_info_wowlan_triggers(struct wpa_driver_capa *capa, 3722 struct nlattr *tb) 3723{ 3724 struct nlattr *triggers[MAX_NL80211_WOWLAN_TRIG + 1]; 3725 3726 if (tb == NULL) 3727 return; 3728 3729 if (nla_parse_nested(triggers, MAX_NL80211_WOWLAN_TRIG, 3730 tb, NULL)) 3731 return; 3732 3733 if (triggers[NL80211_WOWLAN_TRIG_ANY]) 3734 capa->wowlan_triggers.any = 1; 3735 if (triggers[NL80211_WOWLAN_TRIG_DISCONNECT]) 3736 capa->wowlan_triggers.disconnect = 1; 3737 if (triggers[NL80211_WOWLAN_TRIG_MAGIC_PKT]) 3738 capa->wowlan_triggers.magic_pkt = 1; 3739 if (triggers[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) 3740 capa->wowlan_triggers.gtk_rekey_failure = 1; 3741 if (triggers[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) 3742 capa->wowlan_triggers.eap_identity_req = 1; 3743 if (triggers[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) 3744 capa->wowlan_triggers.four_way_handshake = 1; 3745 if (triggers[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) 3746 capa->wowlan_triggers.rfkill_release = 1; 3747} 3748 3749 3750static int wiphy_info_handler(struct nl_msg *msg, void *arg) 3751{ 3752 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3753 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3754 struct wiphy_info_data *info = arg; 3755 struct wpa_driver_capa *capa = info->capa; 3756 struct wpa_driver_nl80211_data *drv = info->drv; 3757 3758 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3759 genlmsg_attrlen(gnlh, 0), NULL); 3760 3761 if (tb[NL80211_ATTR_WIPHY_NAME]) 3762 os_strlcpy(drv->phyname, 3763 nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]), 3764 sizeof(drv->phyname)); 3765 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 3766 capa->max_scan_ssids = 3767 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 3768 3769 if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]) 3770 capa->max_sched_scan_ssids = 3771 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]); 3772 3773 if (tb[NL80211_ATTR_MAX_MATCH_SETS]) 3774 capa->max_match_sets = 3775 nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]); 3776 3777 if (tb[NL80211_ATTR_MAC_ACL_MAX]) 3778 capa->max_acl_mac_addrs = 3779 nla_get_u8(tb[NL80211_ATTR_MAC_ACL_MAX]); 3780 3781 wiphy_info_supported_iftypes(info, tb[NL80211_ATTR_SUPPORTED_IFTYPES]); 3782 wiphy_info_iface_comb(info, tb[NL80211_ATTR_INTERFACE_COMBINATIONS]); 3783 wiphy_info_supp_cmds(info, tb[NL80211_ATTR_SUPPORTED_COMMANDS]); 3784 wiphy_info_cipher_suites(info, tb[NL80211_ATTR_CIPHER_SUITES]); 3785 3786 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) { 3787 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based " 3788 "off-channel TX"); 3789 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 3790 } 3791 3792 if (tb[NL80211_ATTR_ROAM_SUPPORT]) { 3793 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming"); 3794 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION; 3795 } 3796 3797 wiphy_info_max_roc(capa, 3798 tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]); 3799 3800 if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD]) 3801 capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD; 3802 3803 wiphy_info_tdls(capa, tb[NL80211_ATTR_TDLS_SUPPORT], 3804 tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]); 3805 3806 if (tb[NL80211_ATTR_DEVICE_AP_SME]) 3807 info->device_ap_sme = 1; 3808 3809 wiphy_info_feature_flags(info, tb[NL80211_ATTR_FEATURE_FLAGS]); 3810 wiphy_info_probe_resp_offload(capa, 3811 tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]); 3812 3813 if (tb[NL80211_ATTR_EXT_CAPA] && tb[NL80211_ATTR_EXT_CAPA_MASK] && 3814 drv->extended_capa == NULL) { 3815 drv->extended_capa = 3816 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3817 if (drv->extended_capa) { 3818 os_memcpy(drv->extended_capa, 3819 nla_data(tb[NL80211_ATTR_EXT_CAPA]), 3820 nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3821 drv->extended_capa_len = 3822 nla_len(tb[NL80211_ATTR_EXT_CAPA]); 3823 } 3824 drv->extended_capa_mask = 3825 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3826 if (drv->extended_capa_mask) { 3827 os_memcpy(drv->extended_capa_mask, 3828 nla_data(tb[NL80211_ATTR_EXT_CAPA]), 3829 nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3830 } else { 3831 os_free(drv->extended_capa); 3832 drv->extended_capa = NULL; 3833 drv->extended_capa_len = 0; 3834 } 3835 } 3836 3837 if (tb[NL80211_ATTR_VENDOR_DATA]) { 3838 struct nlattr *nl; 3839 int rem; 3840 3841 nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_DATA], rem) { 3842 struct nl80211_vendor_cmd_info *vinfo; 3843 if (nla_len(nl) != sizeof(*vinfo)) { 3844 wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info"); 3845 continue; 3846 } 3847 vinfo = nla_data(nl); 3848 if (vinfo->subcmd == 3849 QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY) 3850 drv->dfs_vendor_cmd_avail = 1; 3851 3852 wpa_printf(MSG_DEBUG, "nl80211: Supported vendor command: vendor_id=0x%x subcmd=%u", 3853 vinfo->vendor_id, vinfo->subcmd); 3854 } 3855 } 3856 3857 if (tb[NL80211_ATTR_VENDOR_EVENTS]) { 3858 struct nlattr *nl; 3859 int rem; 3860 3861 nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_EVENTS], rem) { 3862 struct nl80211_vendor_cmd_info *vinfo; 3863 if (nla_len(nl) != sizeof(*vinfo)) { 3864 wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info"); 3865 continue; 3866 } 3867 vinfo = nla_data(nl); 3868 wpa_printf(MSG_DEBUG, "nl80211: Supported vendor event: vendor_id=0x%x subcmd=%u", 3869 vinfo->vendor_id, vinfo->subcmd); 3870 } 3871 } 3872 3873 wiphy_info_wowlan_triggers(capa, 3874 tb[NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED]); 3875 3876 if (tb[NL80211_ATTR_MAX_AP_ASSOC_STA]) 3877 capa->max_stations = 3878 nla_get_u32(tb[NL80211_ATTR_MAX_AP_ASSOC_STA]); 3879 3880 return NL_SKIP; 3881} 3882 3883 3884static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 3885 struct wiphy_info_data *info) 3886{ 3887 u32 feat; 3888 struct nl_msg *msg; 3889 3890 os_memset(info, 0, sizeof(*info)); 3891 info->capa = &drv->capa; 3892 info->drv = drv; 3893 3894 msg = nlmsg_alloc(); 3895 if (!msg) 3896 return -1; 3897 3898 feat = get_nl80211_protocol_features(drv); 3899 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP) 3900 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY); 3901 else 3902 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 3903 3904 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP); 3905 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 3906 goto nla_put_failure; 3907 3908 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info)) 3909 return -1; 3910 3911 if (info->auth_supported) 3912 drv->capa.flags |= WPA_DRIVER_FLAGS_SME; 3913 else if (!info->connect_supported) { 3914 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 3915 "authentication/association or connect commands"); 3916 info->error = 1; 3917 } 3918 3919 if (info->p2p_go_supported && info->p2p_client_supported) 3920 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE; 3921 if (info->p2p_concurrent) { 3922 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 3923 "interface (driver advertised support)"); 3924 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 3925 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 3926 } 3927 if (info->num_multichan_concurrent > 1) { 3928 wpa_printf(MSG_DEBUG, "nl80211: Enable multi-channel " 3929 "concurrent (driver advertised support)"); 3930 drv->capa.num_multichan_concurrent = 3931 info->num_multichan_concurrent; 3932 } 3933 3934 /* default to 5000 since early versions of mac80211 don't set it */ 3935 if (!drv->capa.max_remain_on_chan) 3936 drv->capa.max_remain_on_chan = 5000; 3937 3938 if (info->channel_switch_supported) 3939 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_CSA; 3940 3941 return 0; 3942nla_put_failure: 3943 nlmsg_free(msg); 3944 return -1; 3945} 3946 3947 3948static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 3949{ 3950 struct wiphy_info_data info; 3951 if (wpa_driver_nl80211_get_info(drv, &info)) 3952 return -1; 3953 3954 if (info.error) 3955 return -1; 3956 3957 drv->has_capability = 1; 3958 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 3959 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 3960 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 3961 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 3962 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 3963 WPA_DRIVER_AUTH_SHARED | 3964 WPA_DRIVER_AUTH_LEAP; 3965 3966 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES; 3967 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 3968 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 3969 3970 /* 3971 * As all cfg80211 drivers must support cases where the AP interface is 3972 * removed without the knowledge of wpa_supplicant/hostapd, e.g., in 3973 * case that the user space daemon has crashed, they must be able to 3974 * cleanup all stations and key entries in the AP tear down flow. Thus, 3975 * this flag can/should always be set for cfg80211 drivers. 3976 */ 3977 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_TEARDOWN_SUPPORT; 3978 3979 if (!info.device_ap_sme) { 3980 drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS; 3981 3982 /* 3983 * No AP SME is currently assumed to also indicate no AP MLME 3984 * in the driver/firmware. 3985 */ 3986 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_MLME; 3987 } 3988 3989 drv->device_ap_sme = info.device_ap_sme; 3990 drv->poll_command_supported = info.poll_command_supported; 3991 drv->data_tx_status = info.data_tx_status; 3992 if (info.set_qos_map_supported) 3993 drv->capa.flags |= WPA_DRIVER_FLAGS_QOS_MAPPING; 3994 drv->have_low_prio_scan = info.have_low_prio_scan; 3995 3996 /* 3997 * If poll command and tx status are supported, mac80211 is new enough 3998 * to have everything we need to not need monitor interfaces. 3999 */ 4000 drv->use_monitor = !info.poll_command_supported || !info.data_tx_status; 4001 4002 if (drv->device_ap_sme && drv->use_monitor) { 4003 /* 4004 * Non-mac80211 drivers may not support monitor interface. 4005 * Make sure we do not get stuck with incorrect capability here 4006 * by explicitly testing this. 4007 */ 4008 if (!info.monitor_supported) { 4009 wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor " 4010 "with device_ap_sme since no monitor mode " 4011 "support detected"); 4012 drv->use_monitor = 0; 4013 } 4014 } 4015 4016 /* 4017 * If we aren't going to use monitor interfaces, but the 4018 * driver doesn't support data TX status, we won't get TX 4019 * status for EAPOL frames. 4020 */ 4021 if (!drv->use_monitor && !info.data_tx_status) 4022 drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 4023 4024 return 0; 4025} 4026 4027 4028#ifdef ANDROID 4029static int android_genl_ctrl_resolve(struct nl_handle *handle, 4030 const char *name) 4031{ 4032 /* 4033 * Android ICS has very minimal genl_ctrl_resolve() implementation, so 4034 * need to work around that. 4035 */ 4036 struct nl_cache *cache = NULL; 4037 struct genl_family *nl80211 = NULL; 4038 int id = -1; 4039 4040 if (genl_ctrl_alloc_cache(handle, &cache) < 0) { 4041 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 4042 "netlink cache"); 4043 goto fail; 4044 } 4045 4046 nl80211 = genl_ctrl_search_by_name(cache, name); 4047 if (nl80211 == NULL) 4048 goto fail; 4049 4050 id = genl_family_get_id(nl80211); 4051 4052fail: 4053 if (nl80211) 4054 genl_family_put(nl80211); 4055 if (cache) 4056 nl_cache_free(cache); 4057 4058 return id; 4059} 4060#define genl_ctrl_resolve android_genl_ctrl_resolve 4061#endif /* ANDROID */ 4062 4063 4064static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global) 4065{ 4066 int ret; 4067 4068 global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 4069 if (global->nl_cb == NULL) { 4070 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 4071 "callbacks"); 4072 return -1; 4073 } 4074 4075 global->nl = nl_create_handle(global->nl_cb, "nl"); 4076 if (global->nl == NULL) 4077 goto err; 4078 4079 global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211"); 4080 if (global->nl80211_id < 0) { 4081 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 4082 "found"); 4083 goto err; 4084 } 4085 4086 global->nl_event = nl_create_handle(global->nl_cb, "event"); 4087 if (global->nl_event == NULL) 4088 goto err; 4089 4090 ret = nl_get_multicast_id(global, "nl80211", "scan"); 4091 if (ret >= 0) 4092 ret = nl_socket_add_membership(global->nl_event, ret); 4093 if (ret < 0) { 4094 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 4095 "membership for scan events: %d (%s)", 4096 ret, strerror(-ret)); 4097 goto err; 4098 } 4099 4100 ret = nl_get_multicast_id(global, "nl80211", "mlme"); 4101 if (ret >= 0) 4102 ret = nl_socket_add_membership(global->nl_event, ret); 4103 if (ret < 0) { 4104 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 4105 "membership for mlme events: %d (%s)", 4106 ret, strerror(-ret)); 4107 goto err; 4108 } 4109 4110 ret = nl_get_multicast_id(global, "nl80211", "regulatory"); 4111 if (ret >= 0) 4112 ret = nl_socket_add_membership(global->nl_event, ret); 4113 if (ret < 0) { 4114 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 4115 "membership for regulatory events: %d (%s)", 4116 ret, strerror(-ret)); 4117 /* Continue without regulatory events */ 4118 } 4119 4120 ret = nl_get_multicast_id(global, "nl80211", "vendor"); 4121 if (ret >= 0) 4122 ret = nl_socket_add_membership(global->nl_event, ret); 4123 if (ret < 0) { 4124 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 4125 "membership for vendor events: %d (%s)", 4126 ret, strerror(-ret)); 4127 /* Continue without vendor events */ 4128 } 4129 4130 nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 4131 no_seq_check, NULL); 4132 nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 4133 process_global_event, global); 4134 4135 nl80211_register_eloop_read(&global->nl_event, 4136 wpa_driver_nl80211_event_receive, 4137 global->nl_cb); 4138 4139 return 0; 4140 4141err: 4142 nl_destroy_handles(&global->nl_event); 4143 nl_destroy_handles(&global->nl); 4144 nl_cb_put(global->nl_cb); 4145 global->nl_cb = NULL; 4146 return -1; 4147} 4148 4149 4150static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) 4151{ 4152 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 4153 if (!drv->nl_cb) { 4154 wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct"); 4155 return -1; 4156 } 4157 4158 nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 4159 no_seq_check, NULL); 4160 nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 4161 process_drv_event, drv); 4162 4163 return 0; 4164} 4165 4166 4167static void wpa_driver_nl80211_rfkill_blocked(void *ctx) 4168{ 4169 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); 4170 /* 4171 * This may be for any interface; use ifdown event to disable 4172 * interface. 4173 */ 4174} 4175 4176 4177static void wpa_driver_nl80211_rfkill_unblocked(void *ctx) 4178{ 4179 struct wpa_driver_nl80211_data *drv = ctx; 4180 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked"); 4181 if (i802_set_iface_flags(drv->first_bss, 1)) { 4182 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP " 4183 "after rfkill unblock"); 4184 return; 4185 } 4186 /* rtnetlink ifup handler will report interface as enabled */ 4187} 4188 4189 4190static void wpa_driver_nl80211_handle_eapol_tx_status(int sock, 4191 void *eloop_ctx, 4192 void *handle) 4193{ 4194 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4195 u8 data[2048]; 4196 struct msghdr msg; 4197 struct iovec entry; 4198 u8 control[512]; 4199 struct cmsghdr *cmsg; 4200 int res, found_ee = 0, found_wifi = 0, acked = 0; 4201 union wpa_event_data event; 4202 4203 memset(&msg, 0, sizeof(msg)); 4204 msg.msg_iov = &entry; 4205 msg.msg_iovlen = 1; 4206 entry.iov_base = data; 4207 entry.iov_len = sizeof(data); 4208 msg.msg_control = &control; 4209 msg.msg_controllen = sizeof(control); 4210 4211 res = recvmsg(sock, &msg, MSG_ERRQUEUE); 4212 /* if error or not fitting 802.3 header, return */ 4213 if (res < 14) 4214 return; 4215 4216 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) 4217 { 4218 if (cmsg->cmsg_level == SOL_SOCKET && 4219 cmsg->cmsg_type == SCM_WIFI_STATUS) { 4220 int *ack; 4221 4222 found_wifi = 1; 4223 ack = (void *)CMSG_DATA(cmsg); 4224 acked = *ack; 4225 } 4226 4227 if (cmsg->cmsg_level == SOL_PACKET && 4228 cmsg->cmsg_type == PACKET_TX_TIMESTAMP) { 4229 struct sock_extended_err *err = 4230 (struct sock_extended_err *)CMSG_DATA(cmsg); 4231 4232 if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS) 4233 found_ee = 1; 4234 } 4235 } 4236 4237 if (!found_ee || !found_wifi) 4238 return; 4239 4240 memset(&event, 0, sizeof(event)); 4241 event.eapol_tx_status.dst = data; 4242 event.eapol_tx_status.data = data + 14; 4243 event.eapol_tx_status.data_len = res - 14; 4244 event.eapol_tx_status.ack = acked; 4245 wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event); 4246} 4247 4248 4249static int nl80211_init_bss(struct i802_bss *bss) 4250{ 4251 bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 4252 if (!bss->nl_cb) 4253 return -1; 4254 4255 nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 4256 no_seq_check, NULL); 4257 nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 4258 process_bss_event, bss); 4259 4260 return 0; 4261} 4262 4263 4264static void nl80211_destroy_bss(struct i802_bss *bss) 4265{ 4266 nl_cb_put(bss->nl_cb); 4267 bss->nl_cb = NULL; 4268} 4269 4270 4271static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname, 4272 void *global_priv, int hostapd, 4273 const u8 *set_addr) 4274{ 4275 struct wpa_driver_nl80211_data *drv; 4276 struct rfkill_config *rcfg; 4277 struct i802_bss *bss; 4278 4279 if (global_priv == NULL) 4280 return NULL; 4281 drv = os_zalloc(sizeof(*drv)); 4282 if (drv == NULL) 4283 return NULL; 4284 drv->global = global_priv; 4285 drv->ctx = ctx; 4286 drv->hostapd = !!hostapd; 4287 drv->eapol_sock = -1; 4288 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 4289 drv->if_indices = drv->default_if_indices; 4290 4291 drv->first_bss = os_zalloc(sizeof(*drv->first_bss)); 4292 if (!drv->first_bss) { 4293 os_free(drv); 4294 return NULL; 4295 } 4296 bss = drv->first_bss; 4297 bss->drv = drv; 4298 bss->ctx = ctx; 4299 4300 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 4301 drv->monitor_ifidx = -1; 4302 drv->monitor_sock = -1; 4303 drv->eapol_tx_sock = -1; 4304 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 4305 4306 if (wpa_driver_nl80211_init_nl(drv)) { 4307 os_free(drv); 4308 return NULL; 4309 } 4310 4311 if (nl80211_init_bss(bss)) 4312 goto failed; 4313 4314 rcfg = os_zalloc(sizeof(*rcfg)); 4315 if (rcfg == NULL) 4316 goto failed; 4317 rcfg->ctx = drv; 4318 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 4319 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked; 4320 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked; 4321 drv->rfkill = rfkill_init(rcfg); 4322 if (drv->rfkill == NULL) { 4323 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available"); 4324 os_free(rcfg); 4325 } 4326 4327 if (linux_iface_up(drv->global->ioctl_sock, ifname) > 0) 4328 drv->start_iface_up = 1; 4329 4330 if (wpa_driver_nl80211_finish_drv_init(drv, set_addr, 1)) 4331 goto failed; 4332 4333 drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0); 4334 if (drv->eapol_tx_sock < 0) 4335 goto failed; 4336 4337 if (drv->data_tx_status) { 4338 int enabled = 1; 4339 4340 if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS, 4341 &enabled, sizeof(enabled)) < 0) { 4342 wpa_printf(MSG_DEBUG, 4343 "nl80211: wifi status sockopt failed\n"); 4344 drv->data_tx_status = 0; 4345 if (!drv->use_monitor) 4346 drv->capa.flags &= 4347 ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 4348 } else { 4349 eloop_register_read_sock(drv->eapol_tx_sock, 4350 wpa_driver_nl80211_handle_eapol_tx_status, 4351 drv, NULL); 4352 } 4353 } 4354 4355 if (drv->global) { 4356 dl_list_add(&drv->global->interfaces, &drv->list); 4357 drv->in_interface_list = 1; 4358 } 4359 4360 return bss; 4361 4362failed: 4363 wpa_driver_nl80211_deinit(bss); 4364 return NULL; 4365} 4366 4367 4368/** 4369 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 4370 * @ctx: context to be used when calling wpa_supplicant functions, 4371 * e.g., wpa_supplicant_event() 4372 * @ifname: interface name, e.g., wlan0 4373 * @global_priv: private driver global data from global_init() 4374 * Returns: Pointer to private data, %NULL on failure 4375 */ 4376static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, 4377 void *global_priv) 4378{ 4379 return wpa_driver_nl80211_drv_init(ctx, ifname, global_priv, 0, NULL); 4380} 4381 4382 4383static int nl80211_register_frame(struct i802_bss *bss, 4384 struct nl_handle *nl_handle, 4385 u16 type, const u8 *match, size_t match_len) 4386{ 4387 struct wpa_driver_nl80211_data *drv = bss->drv; 4388 struct nl_msg *msg; 4389 int ret = -1; 4390 char buf[30]; 4391 4392 msg = nlmsg_alloc(); 4393 if (!msg) 4394 return -1; 4395 4396 buf[0] = '\0'; 4397 wpa_snprintf_hex(buf, sizeof(buf), match, match_len); 4398 wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x (%s) nl_handle=%p match=%s", 4399 type, fc2str(type), nl_handle, buf); 4400 4401 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION); 4402 4403 if (nl80211_set_iface_id(msg, bss) < 0) 4404 goto nla_put_failure; 4405 4406 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type); 4407 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 4408 4409 ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL); 4410 msg = NULL; 4411 if (ret) { 4412 wpa_printf(MSG_DEBUG, "nl80211: Register frame command " 4413 "failed (type=%u): ret=%d (%s)", 4414 type, ret, strerror(-ret)); 4415 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 4416 match, match_len); 4417 goto nla_put_failure; 4418 } 4419 ret = 0; 4420nla_put_failure: 4421 nlmsg_free(msg); 4422 return ret; 4423} 4424 4425 4426static int nl80211_alloc_mgmt_handle(struct i802_bss *bss) 4427{ 4428 struct wpa_driver_nl80211_data *drv = bss->drv; 4429 4430 if (bss->nl_mgmt) { 4431 wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting " 4432 "already on! (nl_mgmt=%p)", bss->nl_mgmt); 4433 return -1; 4434 } 4435 4436 bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt"); 4437 if (bss->nl_mgmt == NULL) 4438 return -1; 4439 4440 return 0; 4441} 4442 4443 4444static void nl80211_mgmt_handle_register_eloop(struct i802_bss *bss) 4445{ 4446 nl80211_register_eloop_read(&bss->nl_mgmt, 4447 wpa_driver_nl80211_event_receive, 4448 bss->nl_cb); 4449} 4450 4451 4452static int nl80211_register_action_frame(struct i802_bss *bss, 4453 const u8 *match, size_t match_len) 4454{ 4455 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4); 4456 return nl80211_register_frame(bss, bss->nl_mgmt, 4457 type, match, match_len); 4458} 4459 4460 4461static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss) 4462{ 4463 struct wpa_driver_nl80211_data *drv = bss->drv; 4464 int ret = 0; 4465 4466 if (nl80211_alloc_mgmt_handle(bss)) 4467 return -1; 4468 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP " 4469 "handle %p", bss->nl_mgmt); 4470 4471 if (drv->nlmode == NL80211_IFTYPE_ADHOC) { 4472 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4); 4473 4474 /* register for any AUTH message */ 4475 nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0); 4476 } 4477 4478#ifdef CONFIG_INTERWORKING 4479 /* QoS Map Configure */ 4480 if (nl80211_register_action_frame(bss, (u8 *) "\x01\x04", 2) < 0) 4481 ret = -1; 4482#endif /* CONFIG_INTERWORKING */ 4483#if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING) 4484 /* GAS Initial Request */ 4485 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0) 4486 ret = -1; 4487 /* GAS Initial Response */ 4488 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0) 4489 ret = -1; 4490 /* GAS Comeback Request */ 4491 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0) 4492 ret = -1; 4493 /* GAS Comeback Response */ 4494 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0) 4495 ret = -1; 4496 /* Protected GAS Initial Request */ 4497 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0a", 2) < 0) 4498 ret = -1; 4499 /* Protected GAS Initial Response */ 4500 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0b", 2) < 0) 4501 ret = -1; 4502 /* Protected GAS Comeback Request */ 4503 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0c", 2) < 0) 4504 ret = -1; 4505 /* Protected GAS Comeback Response */ 4506 if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0d", 2) < 0) 4507 ret = -1; 4508#endif /* CONFIG_P2P || CONFIG_INTERWORKING */ 4509#ifdef CONFIG_P2P 4510 /* P2P Public Action */ 4511 if (nl80211_register_action_frame(bss, 4512 (u8 *) "\x04\x09\x50\x6f\x9a\x09", 4513 6) < 0) 4514 ret = -1; 4515 /* P2P Action */ 4516 if (nl80211_register_action_frame(bss, 4517 (u8 *) "\x7f\x50\x6f\x9a\x09", 4518 5) < 0) 4519 ret = -1; 4520#endif /* CONFIG_P2P */ 4521#ifdef CONFIG_IEEE80211W 4522 /* SA Query Response */ 4523 if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0) 4524 ret = -1; 4525#endif /* CONFIG_IEEE80211W */ 4526#ifdef CONFIG_TDLS 4527 if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) { 4528 /* TDLS Discovery Response */ 4529 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) < 4530 0) 4531 ret = -1; 4532 } 4533#endif /* CONFIG_TDLS */ 4534 4535 /* FT Action frames */ 4536 if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0) 4537 ret = -1; 4538 else 4539 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 4540 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 4541 4542 /* WNM - BSS Transition Management Request */ 4543 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0) 4544 ret = -1; 4545 /* WNM-Sleep Mode Response */ 4546 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0) 4547 ret = -1; 4548 4549#ifdef CONFIG_HS20 4550 /* WNM-Notification */ 4551 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x1a", 2) < 0) 4552 return -1; 4553#endif /* CONFIG_HS20 */ 4554 4555 nl80211_mgmt_handle_register_eloop(bss); 4556 4557 return ret; 4558} 4559 4560 4561static int nl80211_register_spurious_class3(struct i802_bss *bss) 4562{ 4563 struct wpa_driver_nl80211_data *drv = bss->drv; 4564 struct nl_msg *msg; 4565 int ret = -1; 4566 4567 msg = nlmsg_alloc(); 4568 if (!msg) 4569 return -1; 4570 4571 nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME); 4572 4573 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 4574 4575 ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL); 4576 msg = NULL; 4577 if (ret) { 4578 wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 " 4579 "failed: ret=%d (%s)", 4580 ret, strerror(-ret)); 4581 goto nla_put_failure; 4582 } 4583 ret = 0; 4584nla_put_failure: 4585 nlmsg_free(msg); 4586 return ret; 4587} 4588 4589 4590static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss) 4591{ 4592 static const int stypes[] = { 4593 WLAN_FC_STYPE_AUTH, 4594 WLAN_FC_STYPE_ASSOC_REQ, 4595 WLAN_FC_STYPE_REASSOC_REQ, 4596 WLAN_FC_STYPE_DISASSOC, 4597 WLAN_FC_STYPE_DEAUTH, 4598 WLAN_FC_STYPE_ACTION, 4599 WLAN_FC_STYPE_PROBE_REQ, 4600/* Beacon doesn't work as mac80211 doesn't currently allow 4601 * it, but it wouldn't really be the right thing anyway as 4602 * it isn't per interface ... maybe just dump the scan 4603 * results periodically for OLBC? 4604 */ 4605 /* WLAN_FC_STYPE_BEACON, */ 4606 }; 4607 unsigned int i; 4608 4609 if (nl80211_alloc_mgmt_handle(bss)) 4610 return -1; 4611 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 4612 "handle %p", bss->nl_mgmt); 4613 4614 for (i = 0; i < ARRAY_SIZE(stypes); i++) { 4615 if (nl80211_register_frame(bss, bss->nl_mgmt, 4616 (WLAN_FC_TYPE_MGMT << 2) | 4617 (stypes[i] << 4), 4618 NULL, 0) < 0) { 4619 goto out_err; 4620 } 4621 } 4622 4623 if (nl80211_register_spurious_class3(bss)) 4624 goto out_err; 4625 4626 if (nl80211_get_wiphy_data_ap(bss) == NULL) 4627 goto out_err; 4628 4629 nl80211_mgmt_handle_register_eloop(bss); 4630 return 0; 4631 4632out_err: 4633 nl_destroy_handles(&bss->nl_mgmt); 4634 return -1; 4635} 4636 4637 4638static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss) 4639{ 4640 if (nl80211_alloc_mgmt_handle(bss)) 4641 return -1; 4642 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 4643 "handle %p (device SME)", bss->nl_mgmt); 4644 4645 if (nl80211_register_frame(bss, bss->nl_mgmt, 4646 (WLAN_FC_TYPE_MGMT << 2) | 4647 (WLAN_FC_STYPE_ACTION << 4), 4648 NULL, 0) < 0) 4649 goto out_err; 4650 4651 nl80211_mgmt_handle_register_eloop(bss); 4652 return 0; 4653 4654out_err: 4655 nl_destroy_handles(&bss->nl_mgmt); 4656 return -1; 4657} 4658 4659 4660static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason) 4661{ 4662 if (bss->nl_mgmt == NULL) 4663 return; 4664 wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p " 4665 "(%s)", bss->nl_mgmt, reason); 4666 nl80211_destroy_eloop_handle(&bss->nl_mgmt); 4667 4668 nl80211_put_wiphy_data_ap(bss); 4669} 4670 4671 4672static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx) 4673{ 4674 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 4675} 4676 4677 4678static void nl80211_del_p2pdev(struct i802_bss *bss) 4679{ 4680 struct wpa_driver_nl80211_data *drv = bss->drv; 4681 struct nl_msg *msg; 4682 int ret; 4683 4684 msg = nlmsg_alloc(); 4685 if (!msg) 4686 return; 4687 4688 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 4689 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 4690 4691 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4692 msg = NULL; 4693 4694 wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s", 4695 bss->ifname, (long long unsigned int) bss->wdev_id, 4696 strerror(-ret)); 4697 4698nla_put_failure: 4699 nlmsg_free(msg); 4700} 4701 4702 4703static int nl80211_set_p2pdev(struct i802_bss *bss, int start) 4704{ 4705 struct wpa_driver_nl80211_data *drv = bss->drv; 4706 struct nl_msg *msg; 4707 int ret = -1; 4708 4709 msg = nlmsg_alloc(); 4710 if (!msg) 4711 return -1; 4712 4713 if (start) 4714 nl80211_cmd(drv, msg, 0, NL80211_CMD_START_P2P_DEVICE); 4715 else 4716 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_P2P_DEVICE); 4717 4718 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 4719 4720 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4721 msg = NULL; 4722 4723 wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s", 4724 start ? "Start" : "Stop", 4725 bss->ifname, (long long unsigned int) bss->wdev_id, 4726 strerror(-ret)); 4727 4728nla_put_failure: 4729 nlmsg_free(msg); 4730 return ret; 4731} 4732 4733 4734static int i802_set_iface_flags(struct i802_bss *bss, int up) 4735{ 4736 enum nl80211_iftype nlmode; 4737 4738 nlmode = nl80211_get_ifmode(bss); 4739 if (nlmode != NL80211_IFTYPE_P2P_DEVICE) { 4740 return linux_set_iface_flags(bss->drv->global->ioctl_sock, 4741 bss->ifname, up); 4742 } 4743 4744 /* P2P Device has start/stop which is equivalent */ 4745 return nl80211_set_p2pdev(bss, up); 4746} 4747 4748 4749static int 4750wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv, 4751 const u8 *set_addr, int first) 4752{ 4753 struct i802_bss *bss = drv->first_bss; 4754 int send_rfkill_event = 0; 4755 enum nl80211_iftype nlmode; 4756 4757 drv->ifindex = if_nametoindex(bss->ifname); 4758 bss->ifindex = drv->ifindex; 4759 bss->wdev_id = drv->global->if_add_wdevid; 4760 bss->wdev_id_set = drv->global->if_add_wdevid_set; 4761 4762 bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex; 4763 bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set; 4764 drv->global->if_add_wdevid_set = 0; 4765 4766 if (wpa_driver_nl80211_capa(drv)) 4767 return -1; 4768 4769 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s", 4770 bss->ifname, drv->phyname); 4771 4772 if (set_addr && 4773 (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) || 4774 linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 4775 set_addr))) 4776 return -1; 4777 4778 if (first && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP) 4779 drv->start_mode_ap = 1; 4780 4781 if (drv->hostapd) 4782 nlmode = NL80211_IFTYPE_AP; 4783 else if (bss->if_dynamic) 4784 nlmode = nl80211_get_ifmode(bss); 4785 else 4786 nlmode = NL80211_IFTYPE_STATION; 4787 4788 if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) { 4789 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver mode"); 4790 return -1; 4791 } 4792 4793 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) 4794 nl80211_get_macaddr(bss); 4795 4796 if (!rfkill_is_blocked(drv->rfkill)) { 4797 int ret = i802_set_iface_flags(bss, 1); 4798 if (ret) { 4799 wpa_printf(MSG_ERROR, "nl80211: Could not set " 4800 "interface '%s' UP", bss->ifname); 4801 return ret; 4802 } 4803 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) 4804 return ret; 4805 } else { 4806 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable " 4807 "interface '%s' due to rfkill", bss->ifname); 4808 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) 4809 return 0; 4810 drv->if_disabled = 1; 4811 send_rfkill_event = 1; 4812 } 4813 4814 if (!drv->hostapd) 4815 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 4816 1, IF_OPER_DORMANT); 4817 4818 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 4819 bss->addr)) 4820 return -1; 4821 4822 if (send_rfkill_event) { 4823 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill, 4824 drv, drv->ctx); 4825 } 4826 4827 return 0; 4828} 4829 4830 4831static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 4832{ 4833 struct nl_msg *msg; 4834 4835 msg = nlmsg_alloc(); 4836 if (!msg) 4837 return -ENOMEM; 4838 4839 wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)", 4840 drv->ifindex); 4841 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON); 4842 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4843 4844 return send_and_recv_msgs(drv, msg, NULL, NULL); 4845 nla_put_failure: 4846 nlmsg_free(msg); 4847 return -ENOBUFS; 4848} 4849 4850 4851/** 4852 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 4853 * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init() 4854 * 4855 * Shut down driver interface and processing of driver events. Free 4856 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 4857 */ 4858static void wpa_driver_nl80211_deinit(struct i802_bss *bss) 4859{ 4860 struct wpa_driver_nl80211_data *drv = bss->drv; 4861 4862 bss->in_deinit = 1; 4863 if (drv->data_tx_status) 4864 eloop_unregister_read_sock(drv->eapol_tx_sock); 4865 if (drv->eapol_tx_sock >= 0) 4866 close(drv->eapol_tx_sock); 4867 4868 if (bss->nl_preq) 4869 wpa_driver_nl80211_probe_req_report(bss, 0); 4870 if (bss->added_if_into_bridge) { 4871 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 4872 bss->ifname) < 0) 4873 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 4874 "interface %s from bridge %s: %s", 4875 bss->ifname, bss->brname, strerror(errno)); 4876 } 4877 if (bss->added_bridge) { 4878 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 4879 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 4880 "bridge %s: %s", 4881 bss->brname, strerror(errno)); 4882 } 4883 4884 nl80211_remove_monitor_interface(drv); 4885 4886 if (is_ap_interface(drv->nlmode)) 4887 wpa_driver_nl80211_del_beacon(drv); 4888 4889 if (drv->eapol_sock >= 0) { 4890 eloop_unregister_read_sock(drv->eapol_sock); 4891 close(drv->eapol_sock); 4892 } 4893 4894 if (drv->if_indices != drv->default_if_indices) 4895 os_free(drv->if_indices); 4896 4897 if (drv->disabled_11b_rates) 4898 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 4899 4900 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0, 4901 IF_OPER_UP); 4902 eloop_cancel_timeout(wpa_driver_nl80211_send_rfkill, drv, drv->ctx); 4903 rfkill_deinit(drv->rfkill); 4904 4905 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 4906 4907 if (!drv->start_iface_up) 4908 (void) i802_set_iface_flags(bss, 0); 4909 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) { 4910 if (!drv->hostapd || !drv->start_mode_ap) 4911 wpa_driver_nl80211_set_mode(bss, 4912 NL80211_IFTYPE_STATION); 4913 nl80211_mgmt_unsubscribe(bss, "deinit"); 4914 } else { 4915 nl80211_mgmt_unsubscribe(bss, "deinit"); 4916 nl80211_del_p2pdev(bss); 4917 } 4918 nl_cb_put(drv->nl_cb); 4919 4920 nl80211_destroy_bss(drv->first_bss); 4921 4922 os_free(drv->filter_ssids); 4923 4924 os_free(drv->auth_ie); 4925 4926 if (drv->in_interface_list) 4927 dl_list_del(&drv->list); 4928 4929 os_free(drv->extended_capa); 4930 os_free(drv->extended_capa_mask); 4931 os_free(drv->first_bss); 4932 os_free(drv); 4933} 4934 4935 4936/** 4937 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 4938 * @eloop_ctx: Driver private data 4939 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 4940 * 4941 * This function can be used as registered timeout when starting a scan to 4942 * generate a scan completed event if the driver does not report this. 4943 */ 4944static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 4945{ 4946 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4947 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) { 4948 wpa_driver_nl80211_set_mode(drv->first_bss, 4949 drv->ap_scan_as_station); 4950 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 4951 } 4952 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 4953 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 4954} 4955 4956 4957static struct nl_msg * 4958nl80211_scan_common(struct wpa_driver_nl80211_data *drv, u8 cmd, 4959 struct wpa_driver_scan_params *params, u64 *wdev_id) 4960{ 4961 struct nl_msg *msg; 4962 size_t i; 4963 u32 scan_flags = 0; 4964 4965 msg = nlmsg_alloc(); 4966 if (!msg) 4967 return NULL; 4968 4969 nl80211_cmd(drv, msg, 0, cmd); 4970 4971 if (!wdev_id) 4972 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4973 else 4974 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, *wdev_id); 4975 4976 if (params->num_ssids) { 4977 struct nlattr *ssids; 4978 4979 ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 4980 if (ssids == NULL) 4981 goto fail; 4982 for (i = 0; i < params->num_ssids; i++) { 4983 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 4984 params->ssids[i].ssid, 4985 params->ssids[i].ssid_len); 4986 if (nla_put(msg, i + 1, params->ssids[i].ssid_len, 4987 params->ssids[i].ssid) < 0) 4988 goto fail; 4989 } 4990 nla_nest_end(msg, ssids); 4991 } 4992 4993 if (params->extra_ies) { 4994 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", 4995 params->extra_ies, params->extra_ies_len); 4996 if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len, 4997 params->extra_ies) < 0) 4998 goto fail; 4999 } 5000 5001 if (params->freqs) { 5002 struct nlattr *freqs; 5003 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 5004 if (freqs == NULL) 5005 goto fail; 5006 for (i = 0; params->freqs[i]; i++) { 5007 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 5008 "MHz", params->freqs[i]); 5009 if (nla_put_u32(msg, i + 1, params->freqs[i]) < 0) 5010 goto fail; 5011 } 5012 nla_nest_end(msg, freqs); 5013 } 5014 5015 os_free(drv->filter_ssids); 5016 drv->filter_ssids = params->filter_ssids; 5017 params->filter_ssids = NULL; 5018 drv->num_filter_ssids = params->num_filter_ssids; 5019 5020 if (params->only_new_results) { 5021 wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_FLUSH"); 5022 scan_flags |= NL80211_SCAN_FLAG_FLUSH; 5023 } 5024 5025 if (params->low_priority && drv->have_low_prio_scan) { 5026 wpa_printf(MSG_DEBUG, 5027 "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY"); 5028 scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY; 5029 } 5030 5031 if (scan_flags) 5032 NLA_PUT_U32(msg, NL80211_ATTR_SCAN_FLAGS, scan_flags); 5033 5034 return msg; 5035 5036fail: 5037nla_put_failure: 5038 nlmsg_free(msg); 5039 return NULL; 5040} 5041 5042 5043/** 5044 * wpa_driver_nl80211_scan - Request the driver to initiate scan 5045 * @bss: Pointer to private driver data from wpa_driver_nl80211_init() 5046 * @params: Scan parameters 5047 * Returns: 0 on success, -1 on failure 5048 */ 5049static int wpa_driver_nl80211_scan(struct i802_bss *bss, 5050 struct wpa_driver_scan_params *params) 5051{ 5052 struct wpa_driver_nl80211_data *drv = bss->drv; 5053 int ret = -1, timeout; 5054 struct nl_msg *msg = NULL; 5055 5056 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request"); 5057 drv->scan_for_auth = 0; 5058 5059 msg = nl80211_scan_common(drv, NL80211_CMD_TRIGGER_SCAN, params, 5060 bss->wdev_id_set ? &bss->wdev_id : NULL); 5061 if (!msg) 5062 return -1; 5063 5064 if (params->p2p_probe) { 5065 struct nlattr *rates; 5066 5067 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates"); 5068 5069 rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES); 5070 if (rates == NULL) 5071 goto nla_put_failure; 5072 5073 /* 5074 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates 5075 * by masking out everything else apart from the OFDM rates 6, 5076 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz 5077 * rates are left enabled. 5078 */ 5079 NLA_PUT(msg, NL80211_BAND_2GHZ, 8, 5080 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 5081 nla_nest_end(msg, rates); 5082 5083 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 5084 } 5085 5086 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5087 msg = NULL; 5088 if (ret) { 5089 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 5090 "(%s)", ret, strerror(-ret)); 5091 if (drv->hostapd && is_ap_interface(drv->nlmode)) { 5092 enum nl80211_iftype old_mode = drv->nlmode; 5093 5094 /* 5095 * mac80211 does not allow scan requests in AP mode, so 5096 * try to do this in station mode. 5097 */ 5098 if (wpa_driver_nl80211_set_mode( 5099 bss, NL80211_IFTYPE_STATION)) 5100 goto nla_put_failure; 5101 5102 if (wpa_driver_nl80211_scan(bss, params)) { 5103 wpa_driver_nl80211_set_mode(bss, drv->nlmode); 5104 goto nla_put_failure; 5105 } 5106 5107 /* Restore AP mode when processing scan results */ 5108 drv->ap_scan_as_station = old_mode; 5109 ret = 0; 5110 } else 5111 goto nla_put_failure; 5112 } 5113 5114 drv->scan_state = SCAN_REQUESTED; 5115 /* Not all drivers generate "scan completed" wireless event, so try to 5116 * read results after a timeout. */ 5117 timeout = 10; 5118 if (drv->scan_complete_events) { 5119 /* 5120 * The driver seems to deliver events to notify when scan is 5121 * complete, so use longer timeout to avoid race conditions 5122 * with scanning and following association request. 5123 */ 5124 timeout = 30; 5125 } 5126 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 5127 "seconds", ret, timeout); 5128 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 5129 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 5130 drv, drv->ctx); 5131 5132nla_put_failure: 5133 nlmsg_free(msg); 5134 return ret; 5135} 5136 5137 5138/** 5139 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan 5140 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 5141 * @params: Scan parameters 5142 * @interval: Interval between scan cycles in milliseconds 5143 * Returns: 0 on success, -1 on failure or if not supported 5144 */ 5145static int wpa_driver_nl80211_sched_scan(void *priv, 5146 struct wpa_driver_scan_params *params, 5147 u32 interval) 5148{ 5149 struct i802_bss *bss = priv; 5150 struct wpa_driver_nl80211_data *drv = bss->drv; 5151 int ret = -1; 5152 struct nl_msg *msg; 5153 size_t i; 5154 5155 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request"); 5156 5157#ifdef ANDROID 5158 if (!drv->capa.sched_scan_supported) 5159 return android_pno_start(bss, params); 5160#endif /* ANDROID */ 5161 5162 msg = nl80211_scan_common(drv, NL80211_CMD_START_SCHED_SCAN, params, 5163 bss->wdev_id_set ? &bss->wdev_id : NULL); 5164 if (!msg) 5165 goto nla_put_failure; 5166 5167 NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval); 5168 5169 if ((drv->num_filter_ssids && 5170 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) || 5171 params->filter_rssi) { 5172 struct nlattr *match_sets; 5173 match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH); 5174 if (match_sets == NULL) 5175 goto nla_put_failure; 5176 5177 for (i = 0; i < drv->num_filter_ssids; i++) { 5178 struct nlattr *match_set_ssid; 5179 wpa_hexdump_ascii(MSG_MSGDUMP, 5180 "nl80211: Sched scan filter SSID", 5181 drv->filter_ssids[i].ssid, 5182 drv->filter_ssids[i].ssid_len); 5183 5184 match_set_ssid = nla_nest_start(msg, i + 1); 5185 if (match_set_ssid == NULL) 5186 goto nla_put_failure; 5187 NLA_PUT(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID, 5188 drv->filter_ssids[i].ssid_len, 5189 drv->filter_ssids[i].ssid); 5190 if (params->filter_rssi) 5191 NLA_PUT_U32(msg, 5192 NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 5193 params->filter_rssi); 5194 5195 nla_nest_end(msg, match_set_ssid); 5196 } 5197 5198 /* 5199 * Due to backward compatibility code, newer kernels treat this 5200 * matchset (with only an RSSI filter) as the default for all 5201 * other matchsets, unless it's the only one, in which case the 5202 * matchset will actually allow all SSIDs above the RSSI. 5203 */ 5204 if (params->filter_rssi) { 5205 struct nlattr *match_set_rssi; 5206 match_set_rssi = nla_nest_start(msg, 0); 5207 if (match_set_rssi == NULL) 5208 goto nla_put_failure; 5209 NLA_PUT_U32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 5210 params->filter_rssi); 5211 wpa_printf(MSG_MSGDUMP, 5212 "nl80211: Sched scan RSSI filter %d dBm", 5213 params->filter_rssi); 5214 nla_nest_end(msg, match_set_rssi); 5215 } 5216 5217 nla_nest_end(msg, match_sets); 5218 } 5219 5220 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5221 5222 /* TODO: if we get an error here, we should fall back to normal scan */ 5223 5224 msg = NULL; 5225 if (ret) { 5226 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: " 5227 "ret=%d (%s)", ret, strerror(-ret)); 5228 goto nla_put_failure; 5229 } 5230 5231 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - " 5232 "scan interval %d msec", ret, interval); 5233 5234nla_put_failure: 5235 nlmsg_free(msg); 5236 return ret; 5237} 5238 5239 5240/** 5241 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan 5242 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 5243 * Returns: 0 on success, -1 on failure or if not supported 5244 */ 5245static int wpa_driver_nl80211_stop_sched_scan(void *priv) 5246{ 5247 struct i802_bss *bss = priv; 5248 struct wpa_driver_nl80211_data *drv = bss->drv; 5249 int ret = 0; 5250 struct nl_msg *msg; 5251 5252#ifdef ANDROID 5253 if (!drv->capa.sched_scan_supported) 5254 return android_pno_stop(bss); 5255#endif /* ANDROID */ 5256 5257 msg = nlmsg_alloc(); 5258 if (!msg) 5259 return -1; 5260 5261 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN); 5262 5263 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5264 5265 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5266 msg = NULL; 5267 if (ret) { 5268 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: " 5269 "ret=%d (%s)", ret, strerror(-ret)); 5270 goto nla_put_failure; 5271 } 5272 5273 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret); 5274 5275nla_put_failure: 5276 nlmsg_free(msg); 5277 return ret; 5278} 5279 5280 5281static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 5282{ 5283 const u8 *end, *pos; 5284 5285 if (ies == NULL) 5286 return NULL; 5287 5288 pos = ies; 5289 end = ies + ies_len; 5290 5291 while (pos + 1 < end) { 5292 if (pos + 2 + pos[1] > end) 5293 break; 5294 if (pos[0] == ie) 5295 return pos; 5296 pos += 2 + pos[1]; 5297 } 5298 5299 return NULL; 5300} 5301 5302 5303static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 5304 const u8 *ie, size_t ie_len) 5305{ 5306 const u8 *ssid; 5307 size_t i; 5308 5309 if (drv->filter_ssids == NULL) 5310 return 0; 5311 5312 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 5313 if (ssid == NULL) 5314 return 1; 5315 5316 for (i = 0; i < drv->num_filter_ssids; i++) { 5317 if (ssid[1] == drv->filter_ssids[i].ssid_len && 5318 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 5319 0) 5320 return 0; 5321 } 5322 5323 return 1; 5324} 5325 5326 5327static int bss_info_handler(struct nl_msg *msg, void *arg) 5328{ 5329 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 5330 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5331 struct nlattr *bss[NL80211_BSS_MAX + 1]; 5332 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 5333 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 5334 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 5335 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 5336 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 5337 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 5338 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 5339 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 5340 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 5341 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 5342 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 5343 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 5344 }; 5345 struct nl80211_bss_info_arg *_arg = arg; 5346 struct wpa_scan_results *res = _arg->res; 5347 struct wpa_scan_res **tmp; 5348 struct wpa_scan_res *r; 5349 const u8 *ie, *beacon_ie; 5350 size_t ie_len, beacon_ie_len; 5351 u8 *pos; 5352 size_t i; 5353 5354 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5355 genlmsg_attrlen(gnlh, 0), NULL); 5356 if (!tb[NL80211_ATTR_BSS]) 5357 return NL_SKIP; 5358 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 5359 bss_policy)) 5360 return NL_SKIP; 5361 if (bss[NL80211_BSS_STATUS]) { 5362 enum nl80211_bss_status status; 5363 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 5364 if (status == NL80211_BSS_STATUS_ASSOCIATED && 5365 bss[NL80211_BSS_FREQUENCY]) { 5366 _arg->assoc_freq = 5367 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 5368 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz", 5369 _arg->assoc_freq); 5370 } 5371 if (status == NL80211_BSS_STATUS_IBSS_JOINED && 5372 bss[NL80211_BSS_FREQUENCY]) { 5373 _arg->ibss_freq = 5374 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 5375 wpa_printf(MSG_DEBUG, "nl80211: IBSS-joined on %u MHz", 5376 _arg->ibss_freq); 5377 } 5378 if (status == NL80211_BSS_STATUS_ASSOCIATED && 5379 bss[NL80211_BSS_BSSID]) { 5380 os_memcpy(_arg->assoc_bssid, 5381 nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN); 5382 wpa_printf(MSG_DEBUG, "nl80211: Associated with " 5383 MACSTR, MAC2STR(_arg->assoc_bssid)); 5384 } 5385 } 5386 if (!res) 5387 return NL_SKIP; 5388 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 5389 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 5390 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 5391 } else { 5392 ie = NULL; 5393 ie_len = 0; 5394 } 5395 if (bss[NL80211_BSS_BEACON_IES]) { 5396 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 5397 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 5398 } else { 5399 beacon_ie = NULL; 5400 beacon_ie_len = 0; 5401 } 5402 5403 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 5404 ie ? ie_len : beacon_ie_len)) 5405 return NL_SKIP; 5406 5407 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 5408 if (r == NULL) 5409 return NL_SKIP; 5410 if (bss[NL80211_BSS_BSSID]) 5411 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 5412 ETH_ALEN); 5413 if (bss[NL80211_BSS_FREQUENCY]) 5414 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 5415 if (bss[NL80211_BSS_BEACON_INTERVAL]) 5416 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 5417 if (bss[NL80211_BSS_CAPABILITY]) 5418 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 5419 r->flags |= WPA_SCAN_NOISE_INVALID; 5420 if (bss[NL80211_BSS_SIGNAL_MBM]) { 5421 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 5422 r->level /= 100; /* mBm to dBm */ 5423 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 5424 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 5425 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 5426 r->flags |= WPA_SCAN_QUAL_INVALID; 5427 } else 5428 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 5429 if (bss[NL80211_BSS_TSF]) 5430 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 5431 if (bss[NL80211_BSS_SEEN_MS_AGO]) 5432 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 5433 r->ie_len = ie_len; 5434 pos = (u8 *) (r + 1); 5435 if (ie) { 5436 os_memcpy(pos, ie, ie_len); 5437 pos += ie_len; 5438 } 5439 r->beacon_ie_len = beacon_ie_len; 5440 if (beacon_ie) 5441 os_memcpy(pos, beacon_ie, beacon_ie_len); 5442 5443 if (bss[NL80211_BSS_STATUS]) { 5444 enum nl80211_bss_status status; 5445 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 5446 switch (status) { 5447 case NL80211_BSS_STATUS_AUTHENTICATED: 5448 r->flags |= WPA_SCAN_AUTHENTICATED; 5449 break; 5450 case NL80211_BSS_STATUS_ASSOCIATED: 5451 r->flags |= WPA_SCAN_ASSOCIATED; 5452 break; 5453 default: 5454 break; 5455 } 5456 } 5457 5458 /* 5459 * cfg80211 maintains separate BSS table entries for APs if the same 5460 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does 5461 * not use frequency as a separate key in the BSS table, so filter out 5462 * duplicated entries. Prefer associated BSS entry in such a case in 5463 * order to get the correct frequency into the BSS table. Similarly, 5464 * prefer newer entries over older. 5465 */ 5466 for (i = 0; i < res->num; i++) { 5467 const u8 *s1, *s2; 5468 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0) 5469 continue; 5470 5471 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1), 5472 res->res[i]->ie_len, WLAN_EID_SSID); 5473 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID); 5474 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] || 5475 os_memcmp(s1, s2, 2 + s1[1]) != 0) 5476 continue; 5477 5478 /* Same BSSID,SSID was already included in scan results */ 5479 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result " 5480 "for " MACSTR, MAC2STR(r->bssid)); 5481 5482 if (((r->flags & WPA_SCAN_ASSOCIATED) && 5483 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) || 5484 r->age < res->res[i]->age) { 5485 os_free(res->res[i]); 5486 res->res[i] = r; 5487 } else 5488 os_free(r); 5489 return NL_SKIP; 5490 } 5491 5492 tmp = os_realloc_array(res->res, res->num + 1, 5493 sizeof(struct wpa_scan_res *)); 5494 if (tmp == NULL) { 5495 os_free(r); 5496 return NL_SKIP; 5497 } 5498 tmp[res->num++] = r; 5499 res->res = tmp; 5500 5501 return NL_SKIP; 5502} 5503 5504 5505static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 5506 const u8 *addr) 5507{ 5508 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 5509 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 5510 "mismatch (" MACSTR ")", MAC2STR(addr)); 5511 wpa_driver_nl80211_mlme(drv, addr, 5512 NL80211_CMD_DEAUTHENTICATE, 5513 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 5514 } 5515} 5516 5517 5518static void wpa_driver_nl80211_check_bss_status( 5519 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 5520{ 5521 size_t i; 5522 5523 for (i = 0; i < res->num; i++) { 5524 struct wpa_scan_res *r = res->res[i]; 5525 if (r->flags & WPA_SCAN_AUTHENTICATED) { 5526 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 5527 "indicates BSS status with " MACSTR 5528 " as authenticated", 5529 MAC2STR(r->bssid)); 5530 if (is_sta_interface(drv->nlmode) && 5531 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 5532 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 5533 0) { 5534 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 5535 " in local state (auth=" MACSTR 5536 " assoc=" MACSTR ")", 5537 MAC2STR(drv->auth_bssid), 5538 MAC2STR(drv->bssid)); 5539 clear_state_mismatch(drv, r->bssid); 5540 } 5541 } 5542 5543 if (r->flags & WPA_SCAN_ASSOCIATED) { 5544 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 5545 "indicate BSS status with " MACSTR 5546 " as associated", 5547 MAC2STR(r->bssid)); 5548 if (is_sta_interface(drv->nlmode) && 5549 !drv->associated) { 5550 wpa_printf(MSG_DEBUG, "nl80211: Local state " 5551 "(not associated) does not match " 5552 "with BSS state"); 5553 clear_state_mismatch(drv, r->bssid); 5554 } else if (is_sta_interface(drv->nlmode) && 5555 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 5556 0) { 5557 wpa_printf(MSG_DEBUG, "nl80211: Local state " 5558 "(associated with " MACSTR ") does " 5559 "not match with BSS state", 5560 MAC2STR(drv->bssid)); 5561 clear_state_mismatch(drv, r->bssid); 5562 clear_state_mismatch(drv, drv->bssid); 5563 } 5564 } 5565 } 5566} 5567 5568 5569static struct wpa_scan_results * 5570nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 5571{ 5572 struct nl_msg *msg; 5573 struct wpa_scan_results *res; 5574 int ret; 5575 struct nl80211_bss_info_arg arg; 5576 5577 res = os_zalloc(sizeof(*res)); 5578 if (res == NULL) 5579 return NULL; 5580 msg = nlmsg_alloc(); 5581 if (!msg) 5582 goto nla_put_failure; 5583 5584 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 5585 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 5586 goto nla_put_failure; 5587 5588 arg.drv = drv; 5589 arg.res = res; 5590 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 5591 msg = NULL; 5592 if (ret == 0) { 5593 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu " 5594 "BSSes)", (unsigned long) res->num); 5595 nl80211_get_noise_for_scan_results(drv, res); 5596 return res; 5597 } 5598 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 5599 "(%s)", ret, strerror(-ret)); 5600nla_put_failure: 5601 nlmsg_free(msg); 5602 wpa_scan_results_free(res); 5603 return NULL; 5604} 5605 5606 5607/** 5608 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 5609 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 5610 * Returns: Scan results on success, -1 on failure 5611 */ 5612static struct wpa_scan_results * 5613wpa_driver_nl80211_get_scan_results(void *priv) 5614{ 5615 struct i802_bss *bss = priv; 5616 struct wpa_driver_nl80211_data *drv = bss->drv; 5617 struct wpa_scan_results *res; 5618 5619 res = nl80211_get_scan_results(drv); 5620 if (res) 5621 wpa_driver_nl80211_check_bss_status(drv, res); 5622 return res; 5623} 5624 5625 5626static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 5627{ 5628 struct wpa_scan_results *res; 5629 size_t i; 5630 5631 res = nl80211_get_scan_results(drv); 5632 if (res == NULL) { 5633 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 5634 return; 5635 } 5636 5637 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 5638 for (i = 0; i < res->num; i++) { 5639 struct wpa_scan_res *r = res->res[i]; 5640 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 5641 (int) i, (int) res->num, MAC2STR(r->bssid), 5642 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 5643 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 5644 } 5645 5646 wpa_scan_results_free(res); 5647} 5648 5649 5650static u32 wpa_alg_to_cipher_suite(enum wpa_alg alg, size_t key_len) 5651{ 5652 switch (alg) { 5653 case WPA_ALG_WEP: 5654 if (key_len == 5) 5655 return WLAN_CIPHER_SUITE_WEP40; 5656 return WLAN_CIPHER_SUITE_WEP104; 5657 case WPA_ALG_TKIP: 5658 return WLAN_CIPHER_SUITE_TKIP; 5659 case WPA_ALG_CCMP: 5660 return WLAN_CIPHER_SUITE_CCMP; 5661 case WPA_ALG_GCMP: 5662 return WLAN_CIPHER_SUITE_GCMP; 5663 case WPA_ALG_CCMP_256: 5664 return WLAN_CIPHER_SUITE_CCMP_256; 5665 case WPA_ALG_GCMP_256: 5666 return WLAN_CIPHER_SUITE_GCMP_256; 5667 case WPA_ALG_IGTK: 5668 return WLAN_CIPHER_SUITE_AES_CMAC; 5669 case WPA_ALG_BIP_GMAC_128: 5670 return WLAN_CIPHER_SUITE_BIP_GMAC_128; 5671 case WPA_ALG_BIP_GMAC_256: 5672 return WLAN_CIPHER_SUITE_BIP_GMAC_256; 5673 case WPA_ALG_BIP_CMAC_256: 5674 return WLAN_CIPHER_SUITE_BIP_CMAC_256; 5675 case WPA_ALG_SMS4: 5676 return WLAN_CIPHER_SUITE_SMS4; 5677 case WPA_ALG_KRK: 5678 return WLAN_CIPHER_SUITE_KRK; 5679 case WPA_ALG_NONE: 5680 case WPA_ALG_PMK: 5681 wpa_printf(MSG_ERROR, "nl80211: Unexpected encryption algorithm %d", 5682 alg); 5683 return 0; 5684 } 5685 5686 wpa_printf(MSG_ERROR, "nl80211: Unsupported encryption algorithm %d", 5687 alg); 5688 return 0; 5689} 5690 5691 5692static u32 wpa_cipher_to_cipher_suite(unsigned int cipher) 5693{ 5694 switch (cipher) { 5695 case WPA_CIPHER_CCMP_256: 5696 return WLAN_CIPHER_SUITE_CCMP_256; 5697 case WPA_CIPHER_GCMP_256: 5698 return WLAN_CIPHER_SUITE_GCMP_256; 5699 case WPA_CIPHER_CCMP: 5700 return WLAN_CIPHER_SUITE_CCMP; 5701 case WPA_CIPHER_GCMP: 5702 return WLAN_CIPHER_SUITE_GCMP; 5703 case WPA_CIPHER_TKIP: 5704 return WLAN_CIPHER_SUITE_TKIP; 5705 case WPA_CIPHER_WEP104: 5706 return WLAN_CIPHER_SUITE_WEP104; 5707 case WPA_CIPHER_WEP40: 5708 return WLAN_CIPHER_SUITE_WEP40; 5709 case WPA_CIPHER_GTK_NOT_USED: 5710 return WLAN_CIPHER_SUITE_NO_GROUP_ADDR; 5711 } 5712 5713 return 0; 5714} 5715 5716 5717static int wpa_cipher_to_cipher_suites(unsigned int ciphers, u32 suites[], 5718 int max_suites) 5719{ 5720 int num_suites = 0; 5721 5722 if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP_256) 5723 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP_256; 5724 if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP_256) 5725 suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP_256; 5726 if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP) 5727 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP; 5728 if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP) 5729 suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP; 5730 if (num_suites < max_suites && ciphers & WPA_CIPHER_TKIP) 5731 suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP; 5732 if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP104) 5733 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104; 5734 if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP40) 5735 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40; 5736 5737 return num_suites; 5738} 5739 5740 5741static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss, 5742 enum wpa_alg alg, const u8 *addr, 5743 int key_idx, int set_tx, 5744 const u8 *seq, size_t seq_len, 5745 const u8 *key, size_t key_len) 5746{ 5747 struct wpa_driver_nl80211_data *drv = bss->drv; 5748 int ifindex; 5749 struct nl_msg *msg; 5750 int ret; 5751 int tdls = 0; 5752 5753 /* Ignore for P2P Device */ 5754 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) 5755 return 0; 5756 5757 ifindex = if_nametoindex(ifname); 5758 wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d " 5759 "set_tx=%d seq_len=%lu key_len=%lu", 5760 __func__, ifindex, ifname, alg, addr, key_idx, set_tx, 5761 (unsigned long) seq_len, (unsigned long) key_len); 5762#ifdef CONFIG_TDLS 5763 if (key_idx == -1) { 5764 key_idx = 0; 5765 tdls = 1; 5766 } 5767#endif /* CONFIG_TDLS */ 5768 5769 msg = nlmsg_alloc(); 5770 if (!msg) 5771 return -ENOMEM; 5772 5773 if (alg == WPA_ALG_NONE) { 5774 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY); 5775 } else { 5776 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY); 5777 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 5778 wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len); 5779 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 5780 wpa_alg_to_cipher_suite(alg, key_len)); 5781 } 5782 5783 if (seq && seq_len) { 5784 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 5785 wpa_hexdump(MSG_DEBUG, "nl80211: KEY_SEQ", seq, seq_len); 5786 } 5787 5788 if (addr && !is_broadcast_ether_addr(addr)) { 5789 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 5790 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5791 5792 if (alg != WPA_ALG_WEP && key_idx && !set_tx) { 5793 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK"); 5794 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, 5795 NL80211_KEYTYPE_GROUP); 5796 } 5797 } else if (addr && is_broadcast_ether_addr(addr)) { 5798 struct nlattr *types; 5799 5800 wpa_printf(MSG_DEBUG, " broadcast key"); 5801 5802 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5803 if (!types) 5804 goto nla_put_failure; 5805 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 5806 nla_nest_end(msg, types); 5807 } 5808 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 5809 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5810 5811 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5812 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 5813 ret = 0; 5814 if (ret) 5815 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 5816 ret, strerror(-ret)); 5817 5818 /* 5819 * If we failed or don't need to set the default TX key (below), 5820 * we're done here. 5821 */ 5822 if (ret || !set_tx || alg == WPA_ALG_NONE || tdls) 5823 return ret; 5824 if (is_ap_interface(drv->nlmode) && addr && 5825 !is_broadcast_ether_addr(addr)) 5826 return ret; 5827 5828 msg = nlmsg_alloc(); 5829 if (!msg) 5830 return -ENOMEM; 5831 5832 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY); 5833 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 5834 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5835 if (alg == WPA_ALG_IGTK) 5836 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 5837 else 5838 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 5839 if (addr && is_broadcast_ether_addr(addr)) { 5840 struct nlattr *types; 5841 5842 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5843 if (!types) 5844 goto nla_put_failure; 5845 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 5846 nla_nest_end(msg, types); 5847 } else if (addr) { 5848 struct nlattr *types; 5849 5850 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5851 if (!types) 5852 goto nla_put_failure; 5853 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_UNICAST); 5854 nla_nest_end(msg, types); 5855 } 5856 5857 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5858 if (ret == -ENOENT) 5859 ret = 0; 5860 if (ret) 5861 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 5862 "err=%d %s)", ret, strerror(-ret)); 5863 return ret; 5864 5865nla_put_failure: 5866 nlmsg_free(msg); 5867 return -ENOBUFS; 5868} 5869 5870 5871static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 5872 int key_idx, int defkey, 5873 const u8 *seq, size_t seq_len, 5874 const u8 *key, size_t key_len) 5875{ 5876 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 5877 if (!key_attr) 5878 return -1; 5879 5880 if (defkey && alg == WPA_ALG_IGTK) 5881 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 5882 else if (defkey) 5883 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 5884 5885 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 5886 5887 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5888 wpa_alg_to_cipher_suite(alg, key_len)); 5889 5890 if (seq && seq_len) 5891 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 5892 5893 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 5894 5895 nla_nest_end(msg, key_attr); 5896 5897 return 0; 5898 nla_put_failure: 5899 return -1; 5900} 5901 5902 5903static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 5904 struct nl_msg *msg) 5905{ 5906 int i, privacy = 0; 5907 struct nlattr *nl_keys, *nl_key; 5908 5909 for (i = 0; i < 4; i++) { 5910 if (!params->wep_key[i]) 5911 continue; 5912 privacy = 1; 5913 break; 5914 } 5915 if (params->wps == WPS_MODE_PRIVACY) 5916 privacy = 1; 5917 if (params->pairwise_suite && 5918 params->pairwise_suite != WPA_CIPHER_NONE) 5919 privacy = 1; 5920 5921 if (!privacy) 5922 return 0; 5923 5924 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 5925 5926 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 5927 if (!nl_keys) 5928 goto nla_put_failure; 5929 5930 for (i = 0; i < 4; i++) { 5931 if (!params->wep_key[i]) 5932 continue; 5933 5934 nl_key = nla_nest_start(msg, i); 5935 if (!nl_key) 5936 goto nla_put_failure; 5937 5938 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 5939 params->wep_key[i]); 5940 if (params->wep_key_len[i] == 5) 5941 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5942 WLAN_CIPHER_SUITE_WEP40); 5943 else 5944 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5945 WLAN_CIPHER_SUITE_WEP104); 5946 5947 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 5948 5949 if (i == params->wep_tx_keyidx) 5950 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 5951 5952 nla_nest_end(msg, nl_key); 5953 } 5954 nla_nest_end(msg, nl_keys); 5955 5956 return 0; 5957 5958nla_put_failure: 5959 return -ENOBUFS; 5960} 5961 5962 5963static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 5964 const u8 *addr, int cmd, u16 reason_code, 5965 int local_state_change) 5966{ 5967 int ret = -1; 5968 struct nl_msg *msg; 5969 5970 msg = nlmsg_alloc(); 5971 if (!msg) 5972 return -1; 5973 5974 nl80211_cmd(drv, msg, 0, cmd); 5975 5976 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5977 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 5978 if (addr) 5979 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5980 if (local_state_change) 5981 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 5982 5983 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5984 msg = NULL; 5985 if (ret) { 5986 wpa_dbg(drv->ctx, MSG_DEBUG, 5987 "nl80211: MLME command failed: reason=%u ret=%d (%s)", 5988 reason_code, ret, strerror(-ret)); 5989 goto nla_put_failure; 5990 } 5991 ret = 0; 5992 5993nla_put_failure: 5994 nlmsg_free(msg); 5995 return ret; 5996} 5997 5998 5999static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 6000 int reason_code) 6001{ 6002 int ret; 6003 6004 wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code); 6005 nl80211_mark_disconnected(drv); 6006 /* Disconnect command doesn't need BSSID - it uses cached value */ 6007 ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT, 6008 reason_code, 0); 6009 /* 6010 * For locally generated disconnect, supplicant already generates a 6011 * DEAUTH event, so ignore the event from NL80211. 6012 */ 6013 drv->ignore_next_local_disconnect = ret == 0; 6014 6015 return ret; 6016} 6017 6018 6019static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss, 6020 const u8 *addr, int reason_code) 6021{ 6022 struct wpa_driver_nl80211_data *drv = bss->drv; 6023 int ret; 6024 6025 if (drv->nlmode == NL80211_IFTYPE_ADHOC) { 6026 nl80211_mark_disconnected(drv); 6027 return nl80211_leave_ibss(drv); 6028 } 6029 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 6030 return wpa_driver_nl80211_disconnect(drv, reason_code); 6031 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 6032 __func__, MAC2STR(addr), reason_code); 6033 nl80211_mark_disconnected(drv); 6034 ret = wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 6035 reason_code, 0); 6036 /* 6037 * For locally generated deauthenticate, supplicant already generates a 6038 * DEAUTH event, so ignore the event from NL80211. 6039 */ 6040 drv->ignore_next_local_deauth = ret == 0; 6041 return ret; 6042} 6043 6044 6045static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv, 6046 struct wpa_driver_auth_params *params) 6047{ 6048 int i; 6049 6050 drv->auth_freq = params->freq; 6051 drv->auth_alg = params->auth_alg; 6052 drv->auth_wep_tx_keyidx = params->wep_tx_keyidx; 6053 drv->auth_local_state_change = params->local_state_change; 6054 drv->auth_p2p = params->p2p; 6055 6056 if (params->bssid) 6057 os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN); 6058 else 6059 os_memset(drv->auth_bssid_, 0, ETH_ALEN); 6060 6061 if (params->ssid) { 6062 os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len); 6063 drv->auth_ssid_len = params->ssid_len; 6064 } else 6065 drv->auth_ssid_len = 0; 6066 6067 6068 os_free(drv->auth_ie); 6069 drv->auth_ie = NULL; 6070 drv->auth_ie_len = 0; 6071 if (params->ie) { 6072 drv->auth_ie = os_malloc(params->ie_len); 6073 if (drv->auth_ie) { 6074 os_memcpy(drv->auth_ie, params->ie, params->ie_len); 6075 drv->auth_ie_len = params->ie_len; 6076 } 6077 } 6078 6079 for (i = 0; i < 4; i++) { 6080 if (params->wep_key[i] && params->wep_key_len[i] && 6081 params->wep_key_len[i] <= 16) { 6082 os_memcpy(drv->auth_wep_key[i], params->wep_key[i], 6083 params->wep_key_len[i]); 6084 drv->auth_wep_key_len[i] = params->wep_key_len[i]; 6085 } else 6086 drv->auth_wep_key_len[i] = 0; 6087 } 6088} 6089 6090 6091static int wpa_driver_nl80211_authenticate( 6092 struct i802_bss *bss, struct wpa_driver_auth_params *params) 6093{ 6094 struct wpa_driver_nl80211_data *drv = bss->drv; 6095 int ret = -1, i; 6096 struct nl_msg *msg; 6097 enum nl80211_auth_type type; 6098 enum nl80211_iftype nlmode; 6099 int count = 0; 6100 int is_retry; 6101 6102 is_retry = drv->retry_auth; 6103 drv->retry_auth = 0; 6104 drv->ignore_deauth_event = 0; 6105 6106 nl80211_mark_disconnected(drv); 6107 os_memset(drv->auth_bssid, 0, ETH_ALEN); 6108 if (params->bssid) 6109 os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN); 6110 else 6111 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 6112 /* FIX: IBSS mode */ 6113 nlmode = params->p2p ? 6114 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 6115 if (drv->nlmode != nlmode && 6116 wpa_driver_nl80211_set_mode(bss, nlmode) < 0) 6117 return -1; 6118 6119retry: 6120 msg = nlmsg_alloc(); 6121 if (!msg) 6122 return -1; 6123 6124 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 6125 drv->ifindex); 6126 6127 nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE); 6128 6129 for (i = 0; i < 4; i++) { 6130 if (!params->wep_key[i]) 6131 continue; 6132 wpa_driver_nl80211_set_key(bss->ifname, bss, WPA_ALG_WEP, 6133 NULL, i, 6134 i == params->wep_tx_keyidx, NULL, 0, 6135 params->wep_key[i], 6136 params->wep_key_len[i]); 6137 if (params->wep_tx_keyidx != i) 6138 continue; 6139 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 6140 params->wep_key[i], params->wep_key_len[i])) { 6141 nlmsg_free(msg); 6142 return -1; 6143 } 6144 } 6145 6146 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6147 if (params->bssid) { 6148 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 6149 MAC2STR(params->bssid)); 6150 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 6151 } 6152 if (params->freq) { 6153 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 6154 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 6155 } 6156 if (params->ssid) { 6157 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 6158 params->ssid, params->ssid_len); 6159 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 6160 params->ssid); 6161 } 6162 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 6163 if (params->ie) 6164 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 6165 if (params->sae_data) { 6166 wpa_hexdump(MSG_DEBUG, " * SAE data", params->sae_data, 6167 params->sae_data_len); 6168 NLA_PUT(msg, NL80211_ATTR_SAE_DATA, params->sae_data_len, 6169 params->sae_data); 6170 } 6171 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 6172 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 6173 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 6174 type = NL80211_AUTHTYPE_SHARED_KEY; 6175 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 6176 type = NL80211_AUTHTYPE_NETWORK_EAP; 6177 else if (params->auth_alg & WPA_AUTH_ALG_FT) 6178 type = NL80211_AUTHTYPE_FT; 6179 else if (params->auth_alg & WPA_AUTH_ALG_SAE) 6180 type = NL80211_AUTHTYPE_SAE; 6181 else 6182 goto nla_put_failure; 6183 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 6184 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 6185 if (params->local_state_change) { 6186 wpa_printf(MSG_DEBUG, " * Local state change only"); 6187 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 6188 } 6189 6190 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6191 msg = NULL; 6192 if (ret) { 6193 wpa_dbg(drv->ctx, MSG_DEBUG, 6194 "nl80211: MLME command failed (auth): ret=%d (%s)", 6195 ret, strerror(-ret)); 6196 count++; 6197 if (ret == -EALREADY && count == 1 && params->bssid && 6198 !params->local_state_change) { 6199 /* 6200 * mac80211 does not currently accept new 6201 * authentication if we are already authenticated. As a 6202 * workaround, force deauthentication and try again. 6203 */ 6204 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 6205 "after forced deauthentication"); 6206 drv->ignore_deauth_event = 1; 6207 wpa_driver_nl80211_deauthenticate( 6208 bss, params->bssid, 6209 WLAN_REASON_PREV_AUTH_NOT_VALID); 6210 nlmsg_free(msg); 6211 goto retry; 6212 } 6213 6214 if (ret == -ENOENT && params->freq && !is_retry) { 6215 /* 6216 * cfg80211 has likely expired the BSS entry even 6217 * though it was previously available in our internal 6218 * BSS table. To recover quickly, start a single 6219 * channel scan on the specified channel. 6220 */ 6221 struct wpa_driver_scan_params scan; 6222 int freqs[2]; 6223 6224 os_memset(&scan, 0, sizeof(scan)); 6225 scan.num_ssids = 1; 6226 if (params->ssid) { 6227 scan.ssids[0].ssid = params->ssid; 6228 scan.ssids[0].ssid_len = params->ssid_len; 6229 } 6230 freqs[0] = params->freq; 6231 freqs[1] = 0; 6232 scan.freqs = freqs; 6233 wpa_printf(MSG_DEBUG, "nl80211: Trigger single " 6234 "channel scan to refresh cfg80211 BSS " 6235 "entry"); 6236 ret = wpa_driver_nl80211_scan(bss, &scan); 6237 if (ret == 0) { 6238 nl80211_copy_auth_params(drv, params); 6239 drv->scan_for_auth = 1; 6240 } 6241 } else if (is_retry) { 6242 /* 6243 * Need to indicate this with an event since the return 6244 * value from the retry is not delivered to core code. 6245 */ 6246 union wpa_event_data event; 6247 wpa_printf(MSG_DEBUG, "nl80211: Authentication retry " 6248 "failed"); 6249 os_memset(&event, 0, sizeof(event)); 6250 os_memcpy(event.timeout_event.addr, drv->auth_bssid_, 6251 ETH_ALEN); 6252 wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT, 6253 &event); 6254 } 6255 6256 goto nla_put_failure; 6257 } 6258 ret = 0; 6259 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 6260 "successfully"); 6261 6262nla_put_failure: 6263 nlmsg_free(msg); 6264 return ret; 6265} 6266 6267 6268static int wpa_driver_nl80211_authenticate_retry( 6269 struct wpa_driver_nl80211_data *drv) 6270{ 6271 struct wpa_driver_auth_params params; 6272 struct i802_bss *bss = drv->first_bss; 6273 int i; 6274 6275 wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again"); 6276 6277 os_memset(¶ms, 0, sizeof(params)); 6278 params.freq = drv->auth_freq; 6279 params.auth_alg = drv->auth_alg; 6280 params.wep_tx_keyidx = drv->auth_wep_tx_keyidx; 6281 params.local_state_change = drv->auth_local_state_change; 6282 params.p2p = drv->auth_p2p; 6283 6284 if (!is_zero_ether_addr(drv->auth_bssid_)) 6285 params.bssid = drv->auth_bssid_; 6286 6287 if (drv->auth_ssid_len) { 6288 params.ssid = drv->auth_ssid; 6289 params.ssid_len = drv->auth_ssid_len; 6290 } 6291 6292 params.ie = drv->auth_ie; 6293 params.ie_len = drv->auth_ie_len; 6294 6295 for (i = 0; i < 4; i++) { 6296 if (drv->auth_wep_key_len[i]) { 6297 params.wep_key[i] = drv->auth_wep_key[i]; 6298 params.wep_key_len[i] = drv->auth_wep_key_len[i]; 6299 } 6300 } 6301 6302 drv->retry_auth = 1; 6303 return wpa_driver_nl80211_authenticate(bss, ¶ms); 6304} 6305 6306 6307struct phy_info_arg { 6308 u16 *num_modes; 6309 struct hostapd_hw_modes *modes; 6310 int last_mode, last_chan_idx; 6311}; 6312 6313static void phy_info_ht_capa(struct hostapd_hw_modes *mode, struct nlattr *capa, 6314 struct nlattr *ampdu_factor, 6315 struct nlattr *ampdu_density, 6316 struct nlattr *mcs_set) 6317{ 6318 if (capa) 6319 mode->ht_capab = nla_get_u16(capa); 6320 6321 if (ampdu_factor) 6322 mode->a_mpdu_params |= nla_get_u8(ampdu_factor) & 0x03; 6323 6324 if (ampdu_density) 6325 mode->a_mpdu_params |= nla_get_u8(ampdu_density) << 2; 6326 6327 if (mcs_set && nla_len(mcs_set) >= 16) { 6328 u8 *mcs; 6329 mcs = nla_data(mcs_set); 6330 os_memcpy(mode->mcs_set, mcs, 16); 6331 } 6332} 6333 6334 6335static void phy_info_vht_capa(struct hostapd_hw_modes *mode, 6336 struct nlattr *capa, 6337 struct nlattr *mcs_set) 6338{ 6339 if (capa) 6340 mode->vht_capab = nla_get_u32(capa); 6341 6342 if (mcs_set && nla_len(mcs_set) >= 8) { 6343 u8 *mcs; 6344 mcs = nla_data(mcs_set); 6345 os_memcpy(mode->vht_mcs_set, mcs, 8); 6346 } 6347} 6348 6349 6350static void phy_info_freq(struct hostapd_hw_modes *mode, 6351 struct hostapd_channel_data *chan, 6352 struct nlattr *tb_freq[]) 6353{ 6354 u8 channel; 6355 chan->freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 6356 chan->flag = 0; 6357 chan->dfs_cac_ms = 0; 6358 if (ieee80211_freq_to_chan(chan->freq, &channel) != NUM_HOSTAPD_MODES) 6359 chan->chan = channel; 6360 6361 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 6362 chan->flag |= HOSTAPD_CHAN_DISABLED; 6363 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IR]) 6364 chan->flag |= HOSTAPD_CHAN_PASSIVE_SCAN | HOSTAPD_CHAN_NO_IBSS; 6365 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 6366 chan->flag |= HOSTAPD_CHAN_RADAR; 6367 6368 if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]) { 6369 enum nl80211_dfs_state state = 6370 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]); 6371 6372 switch (state) { 6373 case NL80211_DFS_USABLE: 6374 chan->flag |= HOSTAPD_CHAN_DFS_USABLE; 6375 break; 6376 case NL80211_DFS_AVAILABLE: 6377 chan->flag |= HOSTAPD_CHAN_DFS_AVAILABLE; 6378 break; 6379 case NL80211_DFS_UNAVAILABLE: 6380 chan->flag |= HOSTAPD_CHAN_DFS_UNAVAILABLE; 6381 break; 6382 } 6383 } 6384 6385 if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_CAC_TIME]) { 6386 chan->dfs_cac_ms = nla_get_u32( 6387 tb_freq[NL80211_FREQUENCY_ATTR_DFS_CAC_TIME]); 6388 } 6389} 6390 6391 6392static int phy_info_freqs(struct phy_info_arg *phy_info, 6393 struct hostapd_hw_modes *mode, struct nlattr *tb) 6394{ 6395 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 6396 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 6397 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 6398 [NL80211_FREQUENCY_ATTR_NO_IR] = { .type = NLA_FLAG }, 6399 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 6400 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 6401 [NL80211_FREQUENCY_ATTR_DFS_STATE] = { .type = NLA_U32 }, 6402 }; 6403 int new_channels = 0; 6404 struct hostapd_channel_data *channel; 6405 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 6406 struct nlattr *nl_freq; 6407 int rem_freq, idx; 6408 6409 if (tb == NULL) 6410 return NL_OK; 6411 6412 nla_for_each_nested(nl_freq, tb, rem_freq) { 6413 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 6414 nla_data(nl_freq), nla_len(nl_freq), freq_policy); 6415 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 6416 continue; 6417 new_channels++; 6418 } 6419 6420 channel = os_realloc_array(mode->channels, 6421 mode->num_channels + new_channels, 6422 sizeof(struct hostapd_channel_data)); 6423 if (!channel) 6424 return NL_SKIP; 6425 6426 mode->channels = channel; 6427 mode->num_channels += new_channels; 6428 6429 idx = phy_info->last_chan_idx; 6430 6431 nla_for_each_nested(nl_freq, tb, rem_freq) { 6432 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 6433 nla_data(nl_freq), nla_len(nl_freq), freq_policy); 6434 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 6435 continue; 6436 phy_info_freq(mode, &mode->channels[idx], tb_freq); 6437 idx++; 6438 } 6439 phy_info->last_chan_idx = idx; 6440 6441 return NL_OK; 6442} 6443 6444 6445static int phy_info_rates(struct hostapd_hw_modes *mode, struct nlattr *tb) 6446{ 6447 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 6448 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 6449 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = 6450 { .type = NLA_FLAG }, 6451 }; 6452 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 6453 struct nlattr *nl_rate; 6454 int rem_rate, idx; 6455 6456 if (tb == NULL) 6457 return NL_OK; 6458 6459 nla_for_each_nested(nl_rate, tb, rem_rate) { 6460 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 6461 nla_data(nl_rate), nla_len(nl_rate), 6462 rate_policy); 6463 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 6464 continue; 6465 mode->num_rates++; 6466 } 6467 6468 mode->rates = os_calloc(mode->num_rates, sizeof(int)); 6469 if (!mode->rates) 6470 return NL_SKIP; 6471 6472 idx = 0; 6473 6474 nla_for_each_nested(nl_rate, tb, rem_rate) { 6475 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 6476 nla_data(nl_rate), nla_len(nl_rate), 6477 rate_policy); 6478 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 6479 continue; 6480 mode->rates[idx] = nla_get_u32( 6481 tb_rate[NL80211_BITRATE_ATTR_RATE]); 6482 idx++; 6483 } 6484 6485 return NL_OK; 6486} 6487 6488 6489static int phy_info_band(struct phy_info_arg *phy_info, struct nlattr *nl_band) 6490{ 6491 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 6492 struct hostapd_hw_modes *mode; 6493 int ret; 6494 6495 if (phy_info->last_mode != nl_band->nla_type) { 6496 mode = os_realloc_array(phy_info->modes, 6497 *phy_info->num_modes + 1, 6498 sizeof(*mode)); 6499 if (!mode) 6500 return NL_SKIP; 6501 phy_info->modes = mode; 6502 6503 mode = &phy_info->modes[*(phy_info->num_modes)]; 6504 os_memset(mode, 0, sizeof(*mode)); 6505 mode->mode = NUM_HOSTAPD_MODES; 6506 mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN | 6507 HOSTAPD_MODE_FLAG_VHT_INFO_KNOWN; 6508 6509 /* 6510 * Unsupported VHT MCS stream is defined as value 3, so the VHT 6511 * MCS RX/TX map must be initialized with 0xffff to mark all 8 6512 * possible streams as unsupported. This will be overridden if 6513 * driver advertises VHT support. 6514 */ 6515 mode->vht_mcs_set[0] = 0xff; 6516 mode->vht_mcs_set[1] = 0xff; 6517 mode->vht_mcs_set[4] = 0xff; 6518 mode->vht_mcs_set[5] = 0xff; 6519 6520 *(phy_info->num_modes) += 1; 6521 phy_info->last_mode = nl_band->nla_type; 6522 phy_info->last_chan_idx = 0; 6523 } else 6524 mode = &phy_info->modes[*(phy_info->num_modes) - 1]; 6525 6526 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 6527 nla_len(nl_band), NULL); 6528 6529 phy_info_ht_capa(mode, tb_band[NL80211_BAND_ATTR_HT_CAPA], 6530 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR], 6531 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY], 6532 tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 6533 phy_info_vht_capa(mode, tb_band[NL80211_BAND_ATTR_VHT_CAPA], 6534 tb_band[NL80211_BAND_ATTR_VHT_MCS_SET]); 6535 ret = phy_info_freqs(phy_info, mode, tb_band[NL80211_BAND_ATTR_FREQS]); 6536 if (ret != NL_OK) 6537 return ret; 6538 ret = phy_info_rates(mode, tb_band[NL80211_BAND_ATTR_RATES]); 6539 if (ret != NL_OK) 6540 return ret; 6541 6542 return NL_OK; 6543} 6544 6545 6546static int phy_info_handler(struct nl_msg *msg, void *arg) 6547{ 6548 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 6549 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6550 struct phy_info_arg *phy_info = arg; 6551 struct nlattr *nl_band; 6552 int rem_band; 6553 6554 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6555 genlmsg_attrlen(gnlh, 0), NULL); 6556 6557 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 6558 return NL_SKIP; 6559 6560 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) 6561 { 6562 int res = phy_info_band(phy_info, nl_band); 6563 if (res != NL_OK) 6564 return res; 6565 } 6566 6567 return NL_SKIP; 6568} 6569 6570 6571static struct hostapd_hw_modes * 6572wpa_driver_nl80211_postprocess_modes(struct hostapd_hw_modes *modes, 6573 u16 *num_modes) 6574{ 6575 u16 m; 6576 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 6577 int i, mode11g_idx = -1; 6578 6579 /* heuristic to set up modes */ 6580 for (m = 0; m < *num_modes; m++) { 6581 if (!modes[m].num_channels) 6582 continue; 6583 if (modes[m].channels[0].freq < 4000) { 6584 modes[m].mode = HOSTAPD_MODE_IEEE80211B; 6585 for (i = 0; i < modes[m].num_rates; i++) { 6586 if (modes[m].rates[i] > 200) { 6587 modes[m].mode = HOSTAPD_MODE_IEEE80211G; 6588 break; 6589 } 6590 } 6591 } else if (modes[m].channels[0].freq > 50000) 6592 modes[m].mode = HOSTAPD_MODE_IEEE80211AD; 6593 else 6594 modes[m].mode = HOSTAPD_MODE_IEEE80211A; 6595 } 6596 6597 /* If only 802.11g mode is included, use it to construct matching 6598 * 802.11b mode data. */ 6599 6600 for (m = 0; m < *num_modes; m++) { 6601 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 6602 return modes; /* 802.11b already included */ 6603 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 6604 mode11g_idx = m; 6605 } 6606 6607 if (mode11g_idx < 0) 6608 return modes; /* 2.4 GHz band not supported at all */ 6609 6610 nmodes = os_realloc_array(modes, *num_modes + 1, sizeof(*nmodes)); 6611 if (nmodes == NULL) 6612 return modes; /* Could not add 802.11b mode */ 6613 6614 mode = &nmodes[*num_modes]; 6615 os_memset(mode, 0, sizeof(*mode)); 6616 (*num_modes)++; 6617 modes = nmodes; 6618 6619 mode->mode = HOSTAPD_MODE_IEEE80211B; 6620 6621 mode11g = &modes[mode11g_idx]; 6622 mode->num_channels = mode11g->num_channels; 6623 mode->channels = os_malloc(mode11g->num_channels * 6624 sizeof(struct hostapd_channel_data)); 6625 if (mode->channels == NULL) { 6626 (*num_modes)--; 6627 return modes; /* Could not add 802.11b mode */ 6628 } 6629 os_memcpy(mode->channels, mode11g->channels, 6630 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 6631 6632 mode->num_rates = 0; 6633 mode->rates = os_malloc(4 * sizeof(int)); 6634 if (mode->rates == NULL) { 6635 os_free(mode->channels); 6636 (*num_modes)--; 6637 return modes; /* Could not add 802.11b mode */ 6638 } 6639 6640 for (i = 0; i < mode11g->num_rates; i++) { 6641 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 6642 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 6643 continue; 6644 mode->rates[mode->num_rates] = mode11g->rates[i]; 6645 mode->num_rates++; 6646 if (mode->num_rates == 4) 6647 break; 6648 } 6649 6650 if (mode->num_rates == 0) { 6651 os_free(mode->channels); 6652 os_free(mode->rates); 6653 (*num_modes)--; 6654 return modes; /* No 802.11b rates */ 6655 } 6656 6657 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 6658 "information"); 6659 6660 return modes; 6661} 6662 6663 6664static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start, 6665 int end) 6666{ 6667 int c; 6668 6669 for (c = 0; c < mode->num_channels; c++) { 6670 struct hostapd_channel_data *chan = &mode->channels[c]; 6671 if (chan->freq - 10 >= start && chan->freq + 10 <= end) 6672 chan->flag |= HOSTAPD_CHAN_HT40; 6673 } 6674} 6675 6676 6677static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start, 6678 int end) 6679{ 6680 int c; 6681 6682 for (c = 0; c < mode->num_channels; c++) { 6683 struct hostapd_channel_data *chan = &mode->channels[c]; 6684 if (!(chan->flag & HOSTAPD_CHAN_HT40)) 6685 continue; 6686 if (chan->freq - 30 >= start && chan->freq - 10 <= end) 6687 chan->flag |= HOSTAPD_CHAN_HT40MINUS; 6688 if (chan->freq + 10 >= start && chan->freq + 30 <= end) 6689 chan->flag |= HOSTAPD_CHAN_HT40PLUS; 6690 } 6691} 6692 6693 6694static void nl80211_reg_rule_max_eirp(u32 start, u32 end, u32 max_eirp, 6695 struct phy_info_arg *results) 6696{ 6697 u16 m; 6698 6699 for (m = 0; m < *results->num_modes; m++) { 6700 int c; 6701 struct hostapd_hw_modes *mode = &results->modes[m]; 6702 6703 for (c = 0; c < mode->num_channels; c++) { 6704 struct hostapd_channel_data *chan = &mode->channels[c]; 6705 if ((u32) chan->freq - 10 >= start && 6706 (u32) chan->freq + 10 <= end) 6707 chan->max_tx_power = max_eirp; 6708 } 6709 } 6710} 6711 6712 6713static void nl80211_reg_rule_ht40(u32 start, u32 end, 6714 struct phy_info_arg *results) 6715{ 6716 u16 m; 6717 6718 for (m = 0; m < *results->num_modes; m++) { 6719 if (!(results->modes[m].ht_capab & 6720 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6721 continue; 6722 nl80211_set_ht40_mode(&results->modes[m], start, end); 6723 } 6724} 6725 6726 6727static void nl80211_reg_rule_sec(struct nlattr *tb[], 6728 struct phy_info_arg *results) 6729{ 6730 u32 start, end, max_bw; 6731 u16 m; 6732 6733 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6734 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6735 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6736 return; 6737 6738 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6739 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6740 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6741 6742 if (max_bw < 20) 6743 return; 6744 6745 for (m = 0; m < *results->num_modes; m++) { 6746 if (!(results->modes[m].ht_capab & 6747 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6748 continue; 6749 nl80211_set_ht40_mode_sec(&results->modes[m], start, end); 6750 } 6751} 6752 6753 6754static void nl80211_set_vht_mode(struct hostapd_hw_modes *mode, int start, 6755 int end) 6756{ 6757 int c; 6758 6759 for (c = 0; c < mode->num_channels; c++) { 6760 struct hostapd_channel_data *chan = &mode->channels[c]; 6761 if (chan->freq - 10 >= start && chan->freq + 70 <= end) 6762 chan->flag |= HOSTAPD_CHAN_VHT_10_70; 6763 6764 if (chan->freq - 30 >= start && chan->freq + 50 <= end) 6765 chan->flag |= HOSTAPD_CHAN_VHT_30_50; 6766 6767 if (chan->freq - 50 >= start && chan->freq + 30 <= end) 6768 chan->flag |= HOSTAPD_CHAN_VHT_50_30; 6769 6770 if (chan->freq - 70 >= start && chan->freq + 10 <= end) 6771 chan->flag |= HOSTAPD_CHAN_VHT_70_10; 6772 } 6773} 6774 6775 6776static void nl80211_reg_rule_vht(struct nlattr *tb[], 6777 struct phy_info_arg *results) 6778{ 6779 u32 start, end, max_bw; 6780 u16 m; 6781 6782 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6783 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6784 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6785 return; 6786 6787 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6788 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6789 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6790 6791 if (max_bw < 80) 6792 return; 6793 6794 for (m = 0; m < *results->num_modes; m++) { 6795 if (!(results->modes[m].ht_capab & 6796 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6797 continue; 6798 /* TODO: use a real VHT support indication */ 6799 if (!results->modes[m].vht_capab) 6800 continue; 6801 6802 nl80211_set_vht_mode(&results->modes[m], start, end); 6803 } 6804} 6805 6806 6807static const char * dfs_domain_name(enum nl80211_dfs_regions region) 6808{ 6809 switch (region) { 6810 case NL80211_DFS_UNSET: 6811 return "DFS-UNSET"; 6812 case NL80211_DFS_FCC: 6813 return "DFS-FCC"; 6814 case NL80211_DFS_ETSI: 6815 return "DFS-ETSI"; 6816 case NL80211_DFS_JP: 6817 return "DFS-JP"; 6818 default: 6819 return "DFS-invalid"; 6820 } 6821} 6822 6823 6824static int nl80211_get_reg(struct nl_msg *msg, void *arg) 6825{ 6826 struct phy_info_arg *results = arg; 6827 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 6828 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6829 struct nlattr *nl_rule; 6830 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1]; 6831 int rem_rule; 6832 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 6833 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 6834 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 6835 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 6836 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 6837 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 6838 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 6839 }; 6840 6841 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6842 genlmsg_attrlen(gnlh, 0), NULL); 6843 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] || 6844 !tb_msg[NL80211_ATTR_REG_RULES]) { 6845 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information " 6846 "available"); 6847 return NL_SKIP; 6848 } 6849 6850 if (tb_msg[NL80211_ATTR_DFS_REGION]) { 6851 enum nl80211_dfs_regions dfs_domain; 6852 dfs_domain = nla_get_u8(tb_msg[NL80211_ATTR_DFS_REGION]); 6853 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s (%s)", 6854 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 6855 dfs_domain_name(dfs_domain)); 6856 } else { 6857 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s", 6858 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2])); 6859 } 6860 6861 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6862 { 6863 u32 start, end, max_eirp = 0, max_bw = 0, flags = 0; 6864 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6865 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6866 if (tb_rule[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6867 tb_rule[NL80211_ATTR_FREQ_RANGE_END] == NULL) 6868 continue; 6869 start = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6870 end = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6871 if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 6872 max_eirp = nla_get_u32(tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) / 100; 6873 if (tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 6874 max_bw = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6875 if (tb_rule[NL80211_ATTR_REG_RULE_FLAGS]) 6876 flags = nla_get_u32(tb_rule[NL80211_ATTR_REG_RULE_FLAGS]); 6877 6878 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz %u mBm%s%s%s%s%s%s%s%s", 6879 start, end, max_bw, max_eirp, 6880 flags & NL80211_RRF_NO_OFDM ? " (no OFDM)" : "", 6881 flags & NL80211_RRF_NO_CCK ? " (no CCK)" : "", 6882 flags & NL80211_RRF_NO_INDOOR ? " (no indoor)" : "", 6883 flags & NL80211_RRF_NO_OUTDOOR ? " (no outdoor)" : 6884 "", 6885 flags & NL80211_RRF_DFS ? " (DFS)" : "", 6886 flags & NL80211_RRF_PTP_ONLY ? " (PTP only)" : "", 6887 flags & NL80211_RRF_PTMP_ONLY ? " (PTMP only)" : "", 6888 flags & NL80211_RRF_NO_IR ? " (no IR)" : ""); 6889 if (max_bw >= 40) 6890 nl80211_reg_rule_ht40(start, end, results); 6891 if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 6892 nl80211_reg_rule_max_eirp(start, end, max_eirp, 6893 results); 6894 } 6895 6896 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6897 { 6898 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6899 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6900 nl80211_reg_rule_sec(tb_rule, results); 6901 } 6902 6903 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6904 { 6905 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6906 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6907 nl80211_reg_rule_vht(tb_rule, results); 6908 } 6909 6910 return NL_SKIP; 6911} 6912 6913 6914static int nl80211_set_regulatory_flags(struct wpa_driver_nl80211_data *drv, 6915 struct phy_info_arg *results) 6916{ 6917 struct nl_msg *msg; 6918 6919 msg = nlmsg_alloc(); 6920 if (!msg) 6921 return -ENOMEM; 6922 6923 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 6924 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results); 6925} 6926 6927 6928static struct hostapd_hw_modes * 6929wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 6930{ 6931 u32 feat; 6932 struct i802_bss *bss = priv; 6933 struct wpa_driver_nl80211_data *drv = bss->drv; 6934 struct nl_msg *msg; 6935 struct phy_info_arg result = { 6936 .num_modes = num_modes, 6937 .modes = NULL, 6938 .last_mode = -1, 6939 }; 6940 6941 *num_modes = 0; 6942 *flags = 0; 6943 6944 msg = nlmsg_alloc(); 6945 if (!msg) 6946 return NULL; 6947 6948 feat = get_nl80211_protocol_features(drv); 6949 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP) 6950 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY); 6951 else 6952 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 6953 6954 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP); 6955 if (nl80211_set_iface_id(msg, bss) < 0) 6956 goto nla_put_failure; 6957 6958 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) { 6959 nl80211_set_regulatory_flags(drv, &result); 6960 return wpa_driver_nl80211_postprocess_modes(result.modes, 6961 num_modes); 6962 } 6963 msg = NULL; 6964 nla_put_failure: 6965 nlmsg_free(msg); 6966 return NULL; 6967} 6968 6969 6970static int wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data *drv, 6971 const void *data, size_t len, 6972 int encrypt, int noack) 6973{ 6974 __u8 rtap_hdr[] = { 6975 0x00, 0x00, /* radiotap version */ 6976 0x0e, 0x00, /* radiotap length */ 6977 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 6978 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 6979 0x00, /* padding */ 6980 0x00, 0x00, /* RX and TX flags to indicate that */ 6981 0x00, 0x00, /* this is the injected frame directly */ 6982 }; 6983 struct iovec iov[2] = { 6984 { 6985 .iov_base = &rtap_hdr, 6986 .iov_len = sizeof(rtap_hdr), 6987 }, 6988 { 6989 .iov_base = (void *) data, 6990 .iov_len = len, 6991 } 6992 }; 6993 struct msghdr msg = { 6994 .msg_name = NULL, 6995 .msg_namelen = 0, 6996 .msg_iov = iov, 6997 .msg_iovlen = 2, 6998 .msg_control = NULL, 6999 .msg_controllen = 0, 7000 .msg_flags = 0, 7001 }; 7002 int res; 7003 u16 txflags = 0; 7004 7005 if (encrypt) 7006 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 7007 7008 if (drv->monitor_sock < 0) { 7009 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available " 7010 "for %s", __func__); 7011 return -1; 7012 } 7013 7014 if (noack) 7015 txflags |= IEEE80211_RADIOTAP_F_TX_NOACK; 7016 WPA_PUT_LE16(&rtap_hdr[12], txflags); 7017 7018 res = sendmsg(drv->monitor_sock, &msg, 0); 7019 if (res < 0) { 7020 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno)); 7021 return -1; 7022 } 7023 return 0; 7024} 7025 7026 7027static int wpa_driver_nl80211_send_frame(struct i802_bss *bss, 7028 const void *data, size_t len, 7029 int encrypt, int noack, 7030 unsigned int freq, int no_cck, 7031 int offchanok, unsigned int wait_time) 7032{ 7033 struct wpa_driver_nl80211_data *drv = bss->drv; 7034 u64 cookie; 7035 int res; 7036 7037 if (freq == 0 && drv->nlmode == NL80211_IFTYPE_ADHOC) { 7038 freq = nl80211_get_assoc_freq(drv); 7039 wpa_printf(MSG_DEBUG, 7040 "nl80211: send_frame - Use assoc_freq=%u for IBSS", 7041 freq); 7042 } 7043 if (freq == 0) { 7044 wpa_printf(MSG_DEBUG, "nl80211: send_frame - Use bss->freq=%u", 7045 bss->freq); 7046 freq = bss->freq; 7047 } 7048 7049 if (drv->use_monitor) { 7050 wpa_printf(MSG_DEBUG, "nl80211: send_frame(freq=%u bss->freq=%u) -> send_mntr", 7051 freq, bss->freq); 7052 return wpa_driver_nl80211_send_mntr(drv, data, len, 7053 encrypt, noack); 7054 } 7055 7056 wpa_printf(MSG_DEBUG, "nl80211: send_frame -> send_frame_cmd"); 7057 res = nl80211_send_frame_cmd(bss, freq, wait_time, data, len, 7058 &cookie, no_cck, noack, offchanok); 7059 if (res == 0 && !noack) { 7060 const struct ieee80211_mgmt *mgmt; 7061 u16 fc; 7062 7063 mgmt = (const struct ieee80211_mgmt *) data; 7064 fc = le_to_host16(mgmt->frame_control); 7065 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 7066 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION) { 7067 wpa_printf(MSG_MSGDUMP, 7068 "nl80211: Update send_action_cookie from 0x%llx to 0x%llx", 7069 (long long unsigned int) 7070 drv->send_action_cookie, 7071 (long long unsigned int) cookie); 7072 drv->send_action_cookie = cookie; 7073 } 7074 } 7075 7076 return res; 7077} 7078 7079 7080static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data, 7081 size_t data_len, int noack, 7082 unsigned int freq, int no_cck, 7083 int offchanok, 7084 unsigned int wait_time) 7085{ 7086 struct wpa_driver_nl80211_data *drv = bss->drv; 7087 struct ieee80211_mgmt *mgmt; 7088 int encrypt = 1; 7089 u16 fc; 7090 7091 mgmt = (struct ieee80211_mgmt *) data; 7092 fc = le_to_host16(mgmt->frame_control); 7093 wpa_printf(MSG_DEBUG, "nl80211: send_mlme - da= " MACSTR 7094 " noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u fc=0x%x (%s) nlmode=%d", 7095 MAC2STR(mgmt->da), noack, freq, no_cck, offchanok, wait_time, 7096 fc, fc2str(fc), drv->nlmode); 7097 7098 if ((is_sta_interface(drv->nlmode) || 7099 drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) && 7100 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 7101 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) { 7102 /* 7103 * The use of last_mgmt_freq is a bit of a hack, 7104 * but it works due to the single-threaded nature 7105 * of wpa_supplicant. 7106 */ 7107 if (freq == 0) { 7108 wpa_printf(MSG_DEBUG, "nl80211: Use last_mgmt_freq=%d", 7109 drv->last_mgmt_freq); 7110 freq = drv->last_mgmt_freq; 7111 } 7112 return nl80211_send_frame_cmd(bss, freq, 0, 7113 data, data_len, NULL, 1, noack, 7114 1); 7115 } 7116 7117 if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) { 7118 if (freq == 0) { 7119 wpa_printf(MSG_DEBUG, "nl80211: Use bss->freq=%d", 7120 bss->freq); 7121 freq = bss->freq; 7122 } 7123 return nl80211_send_frame_cmd(bss, freq, 7124 (int) freq == bss->freq ? 0 : 7125 wait_time, 7126 data, data_len, 7127 &drv->send_action_cookie, 7128 no_cck, noack, offchanok); 7129 } 7130 7131 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 7132 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 7133 /* 7134 * Only one of the authentication frame types is encrypted. 7135 * In order for static WEP encryption to work properly (i.e., 7136 * to not encrypt the frame), we need to tell mac80211 about 7137 * the frames that must not be encrypted. 7138 */ 7139 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 7140 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 7141 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 7142 encrypt = 0; 7143 } 7144 7145 wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame"); 7146 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 7147 noack, freq, no_cck, offchanok, 7148 wait_time); 7149} 7150 7151 7152static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble, 7153 int slot, int ht_opmode, int ap_isolate, 7154 int *basic_rates) 7155{ 7156 struct wpa_driver_nl80211_data *drv = bss->drv; 7157 struct nl_msg *msg; 7158 7159 msg = nlmsg_alloc(); 7160 if (!msg) 7161 return -ENOMEM; 7162 7163 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS); 7164 7165 if (cts >= 0) 7166 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 7167 if (preamble >= 0) 7168 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 7169 if (slot >= 0) 7170 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 7171 if (ht_opmode >= 0) 7172 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode); 7173 if (ap_isolate >= 0) 7174 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate); 7175 7176 if (basic_rates) { 7177 u8 rates[NL80211_MAX_SUPP_RATES]; 7178 u8 rates_len = 0; 7179 int i; 7180 7181 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; 7182 i++) 7183 rates[rates_len++] = basic_rates[i] / 5; 7184 7185 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 7186 } 7187 7188 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 7189 7190 return send_and_recv_msgs(drv, msg, NULL, NULL); 7191 nla_put_failure: 7192 nlmsg_free(msg); 7193 return -ENOBUFS; 7194} 7195 7196 7197static int wpa_driver_nl80211_set_acl(void *priv, 7198 struct hostapd_acl_params *params) 7199{ 7200 struct i802_bss *bss = priv; 7201 struct wpa_driver_nl80211_data *drv = bss->drv; 7202 struct nl_msg *msg; 7203 struct nlattr *acl; 7204 unsigned int i; 7205 int ret = 0; 7206 7207 if (!(drv->capa.max_acl_mac_addrs)) 7208 return -ENOTSUP; 7209 7210 if (params->num_mac_acl > drv->capa.max_acl_mac_addrs) 7211 return -ENOTSUP; 7212 7213 msg = nlmsg_alloc(); 7214 if (!msg) 7215 return -ENOMEM; 7216 7217 wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)", 7218 params->acl_policy ? "Accept" : "Deny", params->num_mac_acl); 7219 7220 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_MAC_ACL); 7221 7222 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7223 7224 NLA_PUT_U32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ? 7225 NL80211_ACL_POLICY_DENY_UNLESS_LISTED : 7226 NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED); 7227 7228 acl = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS); 7229 if (acl == NULL) 7230 goto nla_put_failure; 7231 7232 for (i = 0; i < params->num_mac_acl; i++) 7233 NLA_PUT(msg, i + 1, ETH_ALEN, params->mac_acl[i].addr); 7234 7235 nla_nest_end(msg, acl); 7236 7237 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7238 msg = NULL; 7239 if (ret) { 7240 wpa_printf(MSG_DEBUG, "nl80211: Failed to set MAC ACL: %d (%s)", 7241 ret, strerror(-ret)); 7242 } 7243 7244nla_put_failure: 7245 nlmsg_free(msg); 7246 7247 return ret; 7248} 7249 7250 7251static int wpa_driver_nl80211_set_ap(void *priv, 7252 struct wpa_driver_ap_params *params) 7253{ 7254 struct i802_bss *bss = priv; 7255 struct wpa_driver_nl80211_data *drv = bss->drv; 7256 struct nl_msg *msg; 7257 u8 cmd = NL80211_CMD_NEW_BEACON; 7258 int ret; 7259 int beacon_set; 7260 int ifindex = if_nametoindex(bss->ifname); 7261 int num_suites; 7262 u32 suites[10], suite; 7263 u32 ver; 7264 7265 beacon_set = bss->beacon_set; 7266 7267 msg = nlmsg_alloc(); 7268 if (!msg) 7269 return -ENOMEM; 7270 7271 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 7272 beacon_set); 7273 if (beacon_set) 7274 cmd = NL80211_CMD_SET_BEACON; 7275 7276 nl80211_cmd(drv, msg, 0, cmd); 7277 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon head", 7278 params->head, params->head_len); 7279 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head); 7280 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon tail", 7281 params->tail, params->tail_len); 7282 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail); 7283 wpa_printf(MSG_DEBUG, "nl80211: ifindex=%d", ifindex); 7284 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 7285 wpa_printf(MSG_DEBUG, "nl80211: beacon_int=%d", params->beacon_int); 7286 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int); 7287 wpa_printf(MSG_DEBUG, "nl80211: dtim_period=%d", params->dtim_period); 7288 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period); 7289 wpa_hexdump_ascii(MSG_DEBUG, "nl80211: ssid", 7290 params->ssid, params->ssid_len); 7291 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 7292 params->ssid); 7293 if (params->proberesp && params->proberesp_len) { 7294 wpa_hexdump(MSG_DEBUG, "nl80211: proberesp (offload)", 7295 params->proberesp, params->proberesp_len); 7296 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len, 7297 params->proberesp); 7298 } 7299 switch (params->hide_ssid) { 7300 case NO_SSID_HIDING: 7301 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID not in use"); 7302 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7303 NL80211_HIDDEN_SSID_NOT_IN_USE); 7304 break; 7305 case HIDDEN_SSID_ZERO_LEN: 7306 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero len"); 7307 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7308 NL80211_HIDDEN_SSID_ZERO_LEN); 7309 break; 7310 case HIDDEN_SSID_ZERO_CONTENTS: 7311 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero contents"); 7312 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 7313 NL80211_HIDDEN_SSID_ZERO_CONTENTS); 7314 break; 7315 } 7316 wpa_printf(MSG_DEBUG, "nl80211: privacy=%d", params->privacy); 7317 if (params->privacy) 7318 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 7319 wpa_printf(MSG_DEBUG, "nl80211: auth_algs=0x%x", params->auth_algs); 7320 if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) == 7321 (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) { 7322 /* Leave out the attribute */ 7323 } else if (params->auth_algs & WPA_AUTH_ALG_SHARED) 7324 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 7325 NL80211_AUTHTYPE_SHARED_KEY); 7326 else 7327 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 7328 NL80211_AUTHTYPE_OPEN_SYSTEM); 7329 7330 wpa_printf(MSG_DEBUG, "nl80211: wpa_version=0x%x", params->wpa_version); 7331 ver = 0; 7332 if (params->wpa_version & WPA_PROTO_WPA) 7333 ver |= NL80211_WPA_VERSION_1; 7334 if (params->wpa_version & WPA_PROTO_RSN) 7335 ver |= NL80211_WPA_VERSION_2; 7336 if (ver) 7337 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 7338 7339 wpa_printf(MSG_DEBUG, "nl80211: key_mgmt_suites=0x%x", 7340 params->key_mgmt_suites); 7341 num_suites = 0; 7342 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X) 7343 suites[num_suites++] = WLAN_AKM_SUITE_8021X; 7344 if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK) 7345 suites[num_suites++] = WLAN_AKM_SUITE_PSK; 7346 if (num_suites) { 7347 NLA_PUT(msg, NL80211_ATTR_AKM_SUITES, 7348 num_suites * sizeof(u32), suites); 7349 } 7350 7351 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X && 7352 params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)) 7353 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT); 7354 7355 wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x", 7356 params->pairwise_ciphers); 7357 num_suites = wpa_cipher_to_cipher_suites(params->pairwise_ciphers, 7358 suites, ARRAY_SIZE(suites)); 7359 if (num_suites) { 7360 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, 7361 num_suites * sizeof(u32), suites); 7362 } 7363 7364 wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x", 7365 params->group_cipher); 7366 suite = wpa_cipher_to_cipher_suite(params->group_cipher); 7367 if (suite) 7368 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite); 7369 7370 if (params->beacon_ies) { 7371 wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies", 7372 params->beacon_ies); 7373 NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies), 7374 wpabuf_head(params->beacon_ies)); 7375 } 7376 if (params->proberesp_ies) { 7377 wpa_hexdump_buf(MSG_DEBUG, "nl80211: proberesp_ies", 7378 params->proberesp_ies); 7379 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 7380 wpabuf_len(params->proberesp_ies), 7381 wpabuf_head(params->proberesp_ies)); 7382 } 7383 if (params->assocresp_ies) { 7384 wpa_hexdump_buf(MSG_DEBUG, "nl80211: assocresp_ies", 7385 params->assocresp_ies); 7386 NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP, 7387 wpabuf_len(params->assocresp_ies), 7388 wpabuf_head(params->assocresp_ies)); 7389 } 7390 7391 if (drv->capa.flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER) { 7392 wpa_printf(MSG_DEBUG, "nl80211: ap_max_inactivity=%d", 7393 params->ap_max_inactivity); 7394 NLA_PUT_U16(msg, NL80211_ATTR_INACTIVITY_TIMEOUT, 7395 params->ap_max_inactivity); 7396 } 7397 7398 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7399 if (ret) { 7400 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 7401 ret, strerror(-ret)); 7402 } else { 7403 bss->beacon_set = 1; 7404 nl80211_set_bss(bss, params->cts_protect, params->preamble, 7405 params->short_slot_time, params->ht_opmode, 7406 params->isolate, params->basic_rates); 7407 if (beacon_set && params->freq && 7408 params->freq->bandwidth != bss->bandwidth) { 7409 wpa_printf(MSG_DEBUG, 7410 "nl80211: Update BSS %s bandwidth: %d -> %d", 7411 bss->ifname, bss->bandwidth, 7412 params->freq->bandwidth); 7413 ret = nl80211_set_channel(bss, params->freq, 1); 7414 if (ret) { 7415 wpa_printf(MSG_DEBUG, 7416 "nl80211: Frequency set failed: %d (%s)", 7417 ret, strerror(-ret)); 7418 } else { 7419 wpa_printf(MSG_DEBUG, 7420 "nl80211: Frequency set succeeded for ht2040 coex"); 7421 bss->bandwidth = params->freq->bandwidth; 7422 } 7423 } else if (!beacon_set) { 7424 /* 7425 * cfg80211 updates the driver on frequence change in AP 7426 * mode only at the point when beaconing is started, so 7427 * set the initial value here. 7428 */ 7429 bss->bandwidth = params->freq->bandwidth; 7430 } 7431 } 7432 return ret; 7433 nla_put_failure: 7434 nlmsg_free(msg); 7435 return -ENOBUFS; 7436} 7437 7438 7439static int nl80211_put_freq_params(struct nl_msg *msg, 7440 struct hostapd_freq_params *freq) 7441{ 7442 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq); 7443 if (freq->vht_enabled) { 7444 switch (freq->bandwidth) { 7445 case 20: 7446 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7447 NL80211_CHAN_WIDTH_20); 7448 break; 7449 case 40: 7450 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7451 NL80211_CHAN_WIDTH_40); 7452 break; 7453 case 80: 7454 if (freq->center_freq2) 7455 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7456 NL80211_CHAN_WIDTH_80P80); 7457 else 7458 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7459 NL80211_CHAN_WIDTH_80); 7460 break; 7461 case 160: 7462 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7463 NL80211_CHAN_WIDTH_160); 7464 break; 7465 default: 7466 return -EINVAL; 7467 } 7468 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1); 7469 if (freq->center_freq2) 7470 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2, 7471 freq->center_freq2); 7472 } else if (freq->ht_enabled) { 7473 switch (freq->sec_channel_offset) { 7474 case -1: 7475 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7476 NL80211_CHAN_HT40MINUS); 7477 break; 7478 case 1: 7479 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7480 NL80211_CHAN_HT40PLUS); 7481 break; 7482 default: 7483 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7484 NL80211_CHAN_HT20); 7485 break; 7486 } 7487 } 7488 return 0; 7489 7490nla_put_failure: 7491 return -ENOBUFS; 7492} 7493 7494 7495static int nl80211_set_channel(struct i802_bss *bss, 7496 struct hostapd_freq_params *freq, int set_chan) 7497{ 7498 struct wpa_driver_nl80211_data *drv = bss->drv; 7499 struct nl_msg *msg; 7500 int ret; 7501 7502 wpa_printf(MSG_DEBUG, 7503 "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)", 7504 freq->freq, freq->ht_enabled, freq->vht_enabled, 7505 freq->bandwidth, freq->center_freq1, freq->center_freq2); 7506 msg = nlmsg_alloc(); 7507 if (!msg) 7508 return -1; 7509 7510 nl80211_cmd(drv, msg, 0, set_chan ? NL80211_CMD_SET_CHANNEL : 7511 NL80211_CMD_SET_WIPHY); 7512 7513 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7514 if (nl80211_put_freq_params(msg, freq) < 0) 7515 goto nla_put_failure; 7516 7517 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7518 msg = NULL; 7519 if (ret == 0) { 7520 bss->freq = freq->freq; 7521 return 0; 7522 } 7523 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 7524 "%d (%s)", freq->freq, ret, strerror(-ret)); 7525nla_put_failure: 7526 nlmsg_free(msg); 7527 return -1; 7528} 7529 7530 7531static u32 sta_flags_nl80211(int flags) 7532{ 7533 u32 f = 0; 7534 7535 if (flags & WPA_STA_AUTHORIZED) 7536 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 7537 if (flags & WPA_STA_WMM) 7538 f |= BIT(NL80211_STA_FLAG_WME); 7539 if (flags & WPA_STA_SHORT_PREAMBLE) 7540 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 7541 if (flags & WPA_STA_MFP) 7542 f |= BIT(NL80211_STA_FLAG_MFP); 7543 if (flags & WPA_STA_TDLS_PEER) 7544 f |= BIT(NL80211_STA_FLAG_TDLS_PEER); 7545 7546 return f; 7547} 7548 7549 7550static int wpa_driver_nl80211_sta_add(void *priv, 7551 struct hostapd_sta_add_params *params) 7552{ 7553 struct i802_bss *bss = priv; 7554 struct wpa_driver_nl80211_data *drv = bss->drv; 7555 struct nl_msg *msg; 7556 struct nl80211_sta_flag_update upd; 7557 int ret = -ENOBUFS; 7558 7559 if ((params->flags & WPA_STA_TDLS_PEER) && 7560 !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 7561 return -EOPNOTSUPP; 7562 7563 msg = nlmsg_alloc(); 7564 if (!msg) 7565 return -ENOMEM; 7566 7567 wpa_printf(MSG_DEBUG, "nl80211: %s STA " MACSTR, 7568 params->set ? "Set" : "Add", MAC2STR(params->addr)); 7569 nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION : 7570 NL80211_CMD_NEW_STATION); 7571 7572 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 7573 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 7574 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 7575 params->supp_rates); 7576 wpa_hexdump(MSG_DEBUG, " * supported rates", params->supp_rates, 7577 params->supp_rates_len); 7578 if (!params->set) { 7579 if (params->aid) { 7580 wpa_printf(MSG_DEBUG, " * aid=%u", params->aid); 7581 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 7582 } else { 7583 /* 7584 * cfg80211 validates that AID is non-zero, so we have 7585 * to make this a non-zero value for the TDLS case where 7586 * a dummy STA entry is used for now. 7587 */ 7588 wpa_printf(MSG_DEBUG, " * aid=1 (TDLS workaround)"); 7589 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, 1); 7590 } 7591 wpa_printf(MSG_DEBUG, " * listen_interval=%u", 7592 params->listen_interval); 7593 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 7594 params->listen_interval); 7595 } else if (params->aid && (params->flags & WPA_STA_TDLS_PEER)) { 7596 wpa_printf(MSG_DEBUG, " * peer_aid=%u", params->aid); 7597 NLA_PUT_U16(msg, NL80211_ATTR_PEER_AID, params->aid); 7598 } 7599 if (params->ht_capabilities) { 7600 wpa_hexdump(MSG_DEBUG, " * ht_capabilities", 7601 (u8 *) params->ht_capabilities, 7602 sizeof(*params->ht_capabilities)); 7603 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 7604 sizeof(*params->ht_capabilities), 7605 params->ht_capabilities); 7606 } 7607 7608 if (params->vht_capabilities) { 7609 wpa_hexdump(MSG_DEBUG, " * vht_capabilities", 7610 (u8 *) params->vht_capabilities, 7611 sizeof(*params->vht_capabilities)); 7612 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, 7613 sizeof(*params->vht_capabilities), 7614 params->vht_capabilities); 7615 } 7616 7617 if (params->vht_opmode_enabled) { 7618 wpa_printf(MSG_DEBUG, " * opmode=%u", params->vht_opmode); 7619 NLA_PUT_U8(msg, NL80211_ATTR_OPMODE_NOTIF, 7620 params->vht_opmode); 7621 } 7622 7623 wpa_printf(MSG_DEBUG, " * capability=0x%x", params->capability); 7624 NLA_PUT_U16(msg, NL80211_ATTR_STA_CAPABILITY, params->capability); 7625 7626 if (params->ext_capab) { 7627 wpa_hexdump(MSG_DEBUG, " * ext_capab", 7628 params->ext_capab, params->ext_capab_len); 7629 NLA_PUT(msg, NL80211_ATTR_STA_EXT_CAPABILITY, 7630 params->ext_capab_len, params->ext_capab); 7631 } 7632 7633 if (params->supp_channels) { 7634 wpa_hexdump(MSG_DEBUG, " * supported channels", 7635 params->supp_channels, params->supp_channels_len); 7636 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_CHANNELS, 7637 params->supp_channels_len, params->supp_channels); 7638 } 7639 7640 if (params->supp_oper_classes) { 7641 wpa_hexdump(MSG_DEBUG, " * supported operating classes", 7642 params->supp_oper_classes, 7643 params->supp_oper_classes_len); 7644 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES, 7645 params->supp_oper_classes_len, 7646 params->supp_oper_classes); 7647 } 7648 7649 os_memset(&upd, 0, sizeof(upd)); 7650 upd.mask = sta_flags_nl80211(params->flags); 7651 upd.set = upd.mask; 7652 wpa_printf(MSG_DEBUG, " * flags set=0x%x mask=0x%x", 7653 upd.set, upd.mask); 7654 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 7655 7656 if (params->flags & WPA_STA_WMM) { 7657 struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME); 7658 7659 if (!wme) 7660 goto nla_put_failure; 7661 7662 wpa_printf(MSG_DEBUG, " * qosinfo=0x%x", params->qosinfo); 7663 NLA_PUT_U8(msg, NL80211_STA_WME_UAPSD_QUEUES, 7664 params->qosinfo & WMM_QOSINFO_STA_AC_MASK); 7665 NLA_PUT_U8(msg, NL80211_STA_WME_MAX_SP, 7666 (params->qosinfo >> WMM_QOSINFO_STA_SP_SHIFT) & 7667 WMM_QOSINFO_STA_SP_MASK); 7668 nla_nest_end(msg, wme); 7669 } 7670 7671 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7672 msg = NULL; 7673 if (ret) 7674 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION " 7675 "result: %d (%s)", params->set ? "SET" : "NEW", ret, 7676 strerror(-ret)); 7677 if (ret == -EEXIST) 7678 ret = 0; 7679 nla_put_failure: 7680 nlmsg_free(msg); 7681 return ret; 7682} 7683 7684 7685static int wpa_driver_nl80211_sta_remove(struct i802_bss *bss, const u8 *addr) 7686{ 7687 struct wpa_driver_nl80211_data *drv = bss->drv; 7688 struct nl_msg *msg; 7689 int ret; 7690 7691 msg = nlmsg_alloc(); 7692 if (!msg) 7693 return -ENOMEM; 7694 7695 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 7696 7697 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 7698 if_nametoindex(bss->ifname)); 7699 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7700 7701 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7702 wpa_printf(MSG_DEBUG, "nl80211: sta_remove -> DEL_STATION %s " MACSTR 7703 " --> %d (%s)", 7704 bss->ifname, MAC2STR(addr), ret, strerror(-ret)); 7705 if (ret == -ENOENT) 7706 return 0; 7707 return ret; 7708 nla_put_failure: 7709 nlmsg_free(msg); 7710 return -ENOBUFS; 7711} 7712 7713 7714static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 7715 int ifidx) 7716{ 7717 struct nl_msg *msg; 7718 struct wpa_driver_nl80211_data *drv2; 7719 7720 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 7721 7722 /* stop listening for EAPOL on this interface */ 7723 dl_list_for_each(drv2, &drv->global->interfaces, 7724 struct wpa_driver_nl80211_data, list) 7725 del_ifidx(drv2, ifidx); 7726 7727 msg = nlmsg_alloc(); 7728 if (!msg) 7729 goto nla_put_failure; 7730 7731 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 7732 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 7733 7734 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 7735 return; 7736 msg = NULL; 7737 nla_put_failure: 7738 nlmsg_free(msg); 7739 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 7740} 7741 7742 7743static const char * nl80211_iftype_str(enum nl80211_iftype mode) 7744{ 7745 switch (mode) { 7746 case NL80211_IFTYPE_ADHOC: 7747 return "ADHOC"; 7748 case NL80211_IFTYPE_STATION: 7749 return "STATION"; 7750 case NL80211_IFTYPE_AP: 7751 return "AP"; 7752 case NL80211_IFTYPE_AP_VLAN: 7753 return "AP_VLAN"; 7754 case NL80211_IFTYPE_WDS: 7755 return "WDS"; 7756 case NL80211_IFTYPE_MONITOR: 7757 return "MONITOR"; 7758 case NL80211_IFTYPE_MESH_POINT: 7759 return "MESH_POINT"; 7760 case NL80211_IFTYPE_P2P_CLIENT: 7761 return "P2P_CLIENT"; 7762 case NL80211_IFTYPE_P2P_GO: 7763 return "P2P_GO"; 7764 case NL80211_IFTYPE_P2P_DEVICE: 7765 return "P2P_DEVICE"; 7766 default: 7767 return "unknown"; 7768 } 7769} 7770 7771 7772static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 7773 const char *ifname, 7774 enum nl80211_iftype iftype, 7775 const u8 *addr, int wds, 7776 int (*handler)(struct nl_msg *, void *), 7777 void *arg) 7778{ 7779 struct nl_msg *msg; 7780 int ifidx; 7781 int ret = -ENOBUFS; 7782 7783 wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)", 7784 iftype, nl80211_iftype_str(iftype)); 7785 7786 msg = nlmsg_alloc(); 7787 if (!msg) 7788 return -1; 7789 7790 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE); 7791 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 7792 goto nla_put_failure; 7793 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 7794 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 7795 7796 if (iftype == NL80211_IFTYPE_MONITOR) { 7797 struct nlattr *flags; 7798 7799 flags = nla_nest_start(msg, NL80211_ATTR_MNTR_FLAGS); 7800 if (!flags) 7801 goto nla_put_failure; 7802 7803 NLA_PUT_FLAG(msg, NL80211_MNTR_FLAG_COOK_FRAMES); 7804 7805 nla_nest_end(msg, flags); 7806 } else if (wds) { 7807 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 7808 } 7809 7810 /* 7811 * Tell cfg80211 that the interface belongs to the socket that created 7812 * it, and the interface should be deleted when the socket is closed. 7813 */ 7814 NLA_PUT_FLAG(msg, NL80211_ATTR_IFACE_SOCKET_OWNER); 7815 7816 ret = send_and_recv_msgs(drv, msg, handler, arg); 7817 msg = NULL; 7818 if (ret) { 7819 nla_put_failure: 7820 nlmsg_free(msg); 7821 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 7822 ifname, ret, strerror(-ret)); 7823 return ret; 7824 } 7825 7826 if (iftype == NL80211_IFTYPE_P2P_DEVICE) 7827 return 0; 7828 7829 ifidx = if_nametoindex(ifname); 7830 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 7831 ifname, ifidx); 7832 7833 if (ifidx <= 0) 7834 return -1; 7835 7836 /* 7837 * Some virtual interfaces need to process EAPOL packets and events on 7838 * the parent interface. This is used mainly with hostapd. 7839 */ 7840 if (drv->hostapd || 7841 iftype == NL80211_IFTYPE_AP_VLAN || 7842 iftype == NL80211_IFTYPE_WDS || 7843 iftype == NL80211_IFTYPE_MONITOR) { 7844 /* start listening for EAPOL on this interface */ 7845 add_ifidx(drv, ifidx); 7846 } 7847 7848 if (addr && iftype != NL80211_IFTYPE_MONITOR && 7849 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) { 7850 nl80211_remove_iface(drv, ifidx); 7851 return -1; 7852 } 7853 7854 return ifidx; 7855} 7856 7857 7858static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 7859 const char *ifname, enum nl80211_iftype iftype, 7860 const u8 *addr, int wds, 7861 int (*handler)(struct nl_msg *, void *), 7862 void *arg, int use_existing) 7863{ 7864 int ret; 7865 7866 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds, handler, 7867 arg); 7868 7869 /* if error occurred and interface exists already */ 7870 if (ret == -ENFILE && if_nametoindex(ifname)) { 7871 if (use_existing) { 7872 wpa_printf(MSG_DEBUG, "nl80211: Continue using existing interface %s", 7873 ifname); 7874 if (addr && iftype != NL80211_IFTYPE_MONITOR && 7875 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 7876 addr) < 0 && 7877 (linux_set_iface_flags(drv->global->ioctl_sock, 7878 ifname, 0) < 0 || 7879 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 7880 addr) < 0 || 7881 linux_set_iface_flags(drv->global->ioctl_sock, 7882 ifname, 1) < 0)) 7883 return -1; 7884 return -ENFILE; 7885 } 7886 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 7887 7888 /* Try to remove the interface that was already there. */ 7889 nl80211_remove_iface(drv, if_nametoindex(ifname)); 7890 7891 /* Try to create the interface again */ 7892 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 7893 wds, handler, arg); 7894 } 7895 7896 if (ret >= 0 && is_p2p_net_interface(iftype)) 7897 nl80211_disable_11b_rates(drv, ret, 1); 7898 7899 return ret; 7900} 7901 7902 7903static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 7904{ 7905 struct ieee80211_hdr *hdr; 7906 u16 fc; 7907 union wpa_event_data event; 7908 7909 hdr = (struct ieee80211_hdr *) buf; 7910 fc = le_to_host16(hdr->frame_control); 7911 7912 os_memset(&event, 0, sizeof(event)); 7913 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 7914 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 7915 event.tx_status.dst = hdr->addr1; 7916 event.tx_status.data = buf; 7917 event.tx_status.data_len = len; 7918 event.tx_status.ack = ok; 7919 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 7920} 7921 7922 7923static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 7924 u8 *buf, size_t len) 7925{ 7926 struct ieee80211_hdr *hdr = (void *)buf; 7927 u16 fc; 7928 union wpa_event_data event; 7929 7930 if (len < sizeof(*hdr)) 7931 return; 7932 7933 fc = le_to_host16(hdr->frame_control); 7934 7935 os_memset(&event, 0, sizeof(event)); 7936 event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len); 7937 event.rx_from_unknown.addr = hdr->addr2; 7938 event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) == 7939 (WLAN_FC_FROMDS | WLAN_FC_TODS); 7940 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 7941} 7942 7943 7944static void handle_frame(struct wpa_driver_nl80211_data *drv, 7945 u8 *buf, size_t len, int datarate, int ssi_signal) 7946{ 7947 struct ieee80211_hdr *hdr; 7948 u16 fc; 7949 union wpa_event_data event; 7950 7951 hdr = (struct ieee80211_hdr *) buf; 7952 fc = le_to_host16(hdr->frame_control); 7953 7954 switch (WLAN_FC_GET_TYPE(fc)) { 7955 case WLAN_FC_TYPE_MGMT: 7956 os_memset(&event, 0, sizeof(event)); 7957 event.rx_mgmt.frame = buf; 7958 event.rx_mgmt.frame_len = len; 7959 event.rx_mgmt.datarate = datarate; 7960 event.rx_mgmt.ssi_signal = ssi_signal; 7961 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 7962 break; 7963 case WLAN_FC_TYPE_CTRL: 7964 /* can only get here with PS-Poll frames */ 7965 wpa_printf(MSG_DEBUG, "CTRL"); 7966 from_unknown_sta(drv, buf, len); 7967 break; 7968 case WLAN_FC_TYPE_DATA: 7969 from_unknown_sta(drv, buf, len); 7970 break; 7971 } 7972} 7973 7974 7975static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 7976{ 7977 struct wpa_driver_nl80211_data *drv = eloop_ctx; 7978 int len; 7979 unsigned char buf[3000]; 7980 struct ieee80211_radiotap_iterator iter; 7981 int ret; 7982 int datarate = 0, ssi_signal = 0; 7983 int injected = 0, failed = 0, rxflags = 0; 7984 7985 len = recv(sock, buf, sizeof(buf), 0); 7986 if (len < 0) { 7987 wpa_printf(MSG_ERROR, "nl80211: Monitor socket recv failed: %s", 7988 strerror(errno)); 7989 return; 7990 } 7991 7992 if (ieee80211_radiotap_iterator_init(&iter, (void *) buf, len, NULL)) { 7993 wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame"); 7994 return; 7995 } 7996 7997 while (1) { 7998 ret = ieee80211_radiotap_iterator_next(&iter); 7999 if (ret == -ENOENT) 8000 break; 8001 if (ret) { 8002 wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame (%d)", 8003 ret); 8004 return; 8005 } 8006 switch (iter.this_arg_index) { 8007 case IEEE80211_RADIOTAP_FLAGS: 8008 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 8009 len -= 4; 8010 break; 8011 case IEEE80211_RADIOTAP_RX_FLAGS: 8012 rxflags = 1; 8013 break; 8014 case IEEE80211_RADIOTAP_TX_FLAGS: 8015 injected = 1; 8016 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 8017 IEEE80211_RADIOTAP_F_TX_FAIL; 8018 break; 8019 case IEEE80211_RADIOTAP_DATA_RETRIES: 8020 break; 8021 case IEEE80211_RADIOTAP_CHANNEL: 8022 /* TODO: convert from freq/flags to channel number */ 8023 break; 8024 case IEEE80211_RADIOTAP_RATE: 8025 datarate = *iter.this_arg * 5; 8026 break; 8027 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: 8028 ssi_signal = (s8) *iter.this_arg; 8029 break; 8030 } 8031 } 8032 8033 if (rxflags && injected) 8034 return; 8035 8036 if (!injected) 8037 handle_frame(drv, buf + iter._max_length, 8038 len - iter._max_length, datarate, ssi_signal); 8039 else 8040 handle_tx_callback(drv->ctx, buf + iter._max_length, 8041 len - iter._max_length, !failed); 8042} 8043 8044 8045/* 8046 * we post-process the filter code later and rewrite 8047 * this to the offset to the last instruction 8048 */ 8049#define PASS 0xFF 8050#define FAIL 0xFE 8051 8052static struct sock_filter msock_filter_insns[] = { 8053 /* 8054 * do a little-endian load of the radiotap length field 8055 */ 8056 /* load lower byte into A */ 8057 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 8058 /* put it into X (== index register) */ 8059 BPF_STMT(BPF_MISC| BPF_TAX, 0), 8060 /* load upper byte into A */ 8061 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 8062 /* left-shift it by 8 */ 8063 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 8064 /* or with X */ 8065 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 8066 /* put result into X */ 8067 BPF_STMT(BPF_MISC| BPF_TAX, 0), 8068 8069 /* 8070 * Allow management frames through, this also gives us those 8071 * management frames that we sent ourselves with status 8072 */ 8073 /* load the lower byte of the IEEE 802.11 frame control field */ 8074 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 8075 /* mask off frame type and version */ 8076 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 8077 /* accept frame if it's both 0, fall through otherwise */ 8078 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 8079 8080 /* 8081 * TODO: add a bit to radiotap RX flags that indicates 8082 * that the sending station is not associated, then 8083 * add a filter here that filters on our DA and that flag 8084 * to allow us to deauth frames to that bad station. 8085 * 8086 * For now allow all To DS data frames through. 8087 */ 8088 /* load the IEEE 802.11 frame control field */ 8089 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0), 8090 /* mask off frame type, version and DS status */ 8091 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03), 8092 /* accept frame if version 0, type 2 and To DS, fall through otherwise 8093 */ 8094 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0), 8095 8096#if 0 8097 /* 8098 * drop non-data frames 8099 */ 8100 /* load the lower byte of the frame control field */ 8101 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 8102 /* mask off QoS bit */ 8103 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 8104 /* drop non-data frames */ 8105 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 8106#endif 8107 /* load the upper byte of the frame control field */ 8108 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 8109 /* mask off toDS/fromDS */ 8110 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 8111 /* accept WDS frames */ 8112 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 8113 8114 /* 8115 * add header length to index 8116 */ 8117 /* load the lower byte of the frame control field */ 8118 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 8119 /* mask off QoS bit */ 8120 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 8121 /* right shift it by 6 to give 0 or 2 */ 8122 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 8123 /* add data frame header length */ 8124 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 8125 /* add index, was start of 802.11 header */ 8126 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 8127 /* move to index, now start of LL header */ 8128 BPF_STMT(BPF_MISC | BPF_TAX, 0), 8129 8130 /* 8131 * Accept empty data frames, we use those for 8132 * polling activity. 8133 */ 8134 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 8135 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 8136 8137 /* 8138 * Accept EAPOL frames 8139 */ 8140 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 8141 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 8142 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 8143 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 8144 8145 /* keep these last two statements or change the code below */ 8146 /* return 0 == "DROP" */ 8147 BPF_STMT(BPF_RET | BPF_K, 0), 8148 /* return ~0 == "keep all" */ 8149 BPF_STMT(BPF_RET | BPF_K, ~0), 8150}; 8151 8152static struct sock_fprog msock_filter = { 8153 .len = ARRAY_SIZE(msock_filter_insns), 8154 .filter = msock_filter_insns, 8155}; 8156 8157 8158static int add_monitor_filter(int s) 8159{ 8160 int idx; 8161 8162 /* rewrite all PASS/FAIL jump offsets */ 8163 for (idx = 0; idx < msock_filter.len; idx++) { 8164 struct sock_filter *insn = &msock_filter_insns[idx]; 8165 8166 if (BPF_CLASS(insn->code) == BPF_JMP) { 8167 if (insn->code == (BPF_JMP|BPF_JA)) { 8168 if (insn->k == PASS) 8169 insn->k = msock_filter.len - idx - 2; 8170 else if (insn->k == FAIL) 8171 insn->k = msock_filter.len - idx - 3; 8172 } 8173 8174 if (insn->jt == PASS) 8175 insn->jt = msock_filter.len - idx - 2; 8176 else if (insn->jt == FAIL) 8177 insn->jt = msock_filter.len - idx - 3; 8178 8179 if (insn->jf == PASS) 8180 insn->jf = msock_filter.len - idx - 2; 8181 else if (insn->jf == FAIL) 8182 insn->jf = msock_filter.len - idx - 3; 8183 } 8184 } 8185 8186 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 8187 &msock_filter, sizeof(msock_filter))) { 8188 wpa_printf(MSG_ERROR, "nl80211: setsockopt(SO_ATTACH_FILTER) failed: %s", 8189 strerror(errno)); 8190 return -1; 8191 } 8192 8193 return 0; 8194} 8195 8196 8197static void nl80211_remove_monitor_interface( 8198 struct wpa_driver_nl80211_data *drv) 8199{ 8200 if (drv->monitor_refcount > 0) 8201 drv->monitor_refcount--; 8202 wpa_printf(MSG_DEBUG, "nl80211: Remove monitor interface: refcount=%d", 8203 drv->monitor_refcount); 8204 if (drv->monitor_refcount > 0) 8205 return; 8206 8207 if (drv->monitor_ifidx >= 0) { 8208 nl80211_remove_iface(drv, drv->monitor_ifidx); 8209 drv->monitor_ifidx = -1; 8210 } 8211 if (drv->monitor_sock >= 0) { 8212 eloop_unregister_read_sock(drv->monitor_sock); 8213 close(drv->monitor_sock); 8214 drv->monitor_sock = -1; 8215 } 8216} 8217 8218 8219static int 8220nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 8221{ 8222 char buf[IFNAMSIZ]; 8223 struct sockaddr_ll ll; 8224 int optval; 8225 socklen_t optlen; 8226 8227 if (drv->monitor_ifidx >= 0) { 8228 drv->monitor_refcount++; 8229 wpa_printf(MSG_DEBUG, "nl80211: Re-use existing monitor interface: refcount=%d", 8230 drv->monitor_refcount); 8231 return 0; 8232 } 8233 8234 if (os_strncmp(drv->first_bss->ifname, "p2p-", 4) == 0) { 8235 /* 8236 * P2P interface name is of the format p2p-%s-%d. For monitor 8237 * interface name corresponding to P2P GO, replace "p2p-" with 8238 * "mon-" to retain the same interface name length and to 8239 * indicate that it is a monitor interface. 8240 */ 8241 snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss->ifname + 4); 8242 } else { 8243 /* Non-P2P interface with AP functionality. */ 8244 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss->ifname); 8245 } 8246 8247 buf[IFNAMSIZ - 1] = '\0'; 8248 8249 drv->monitor_ifidx = 8250 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 8251 0, NULL, NULL, 0); 8252 8253 if (drv->monitor_ifidx == -EOPNOTSUPP) { 8254 /* 8255 * This is backward compatibility for a few versions of 8256 * the kernel only that didn't advertise the right 8257 * attributes for the only driver that then supported 8258 * AP mode w/o monitor -- ath6kl. 8259 */ 8260 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support " 8261 "monitor interface type - try to run without it"); 8262 drv->device_ap_sme = 1; 8263 } 8264 8265 if (drv->monitor_ifidx < 0) 8266 return -1; 8267 8268 if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1)) 8269 goto error; 8270 8271 memset(&ll, 0, sizeof(ll)); 8272 ll.sll_family = AF_PACKET; 8273 ll.sll_ifindex = drv->monitor_ifidx; 8274 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 8275 if (drv->monitor_sock < 0) { 8276 wpa_printf(MSG_ERROR, "nl80211: socket[PF_PACKET,SOCK_RAW] failed: %s", 8277 strerror(errno)); 8278 goto error; 8279 } 8280 8281 if (add_monitor_filter(drv->monitor_sock)) { 8282 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 8283 "interface; do filtering in user space"); 8284 /* This works, but will cost in performance. */ 8285 } 8286 8287 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 8288 wpa_printf(MSG_ERROR, "nl80211: monitor socket bind failed: %s", 8289 strerror(errno)); 8290 goto error; 8291 } 8292 8293 optlen = sizeof(optval); 8294 optval = 20; 8295 if (setsockopt 8296 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 8297 wpa_printf(MSG_ERROR, "nl80211: Failed to set socket priority: %s", 8298 strerror(errno)); 8299 goto error; 8300 } 8301 8302 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 8303 drv, NULL)) { 8304 wpa_printf(MSG_INFO, "nl80211: Could not register monitor read socket"); 8305 goto error; 8306 } 8307 8308 drv->monitor_refcount++; 8309 return 0; 8310 error: 8311 nl80211_remove_monitor_interface(drv); 8312 return -1; 8313} 8314 8315 8316static int nl80211_setup_ap(struct i802_bss *bss) 8317{ 8318 struct wpa_driver_nl80211_data *drv = bss->drv; 8319 8320 wpa_printf(MSG_DEBUG, "nl80211: Setup AP(%s) - device_ap_sme=%d use_monitor=%d", 8321 bss->ifname, drv->device_ap_sme, drv->use_monitor); 8322 8323 /* 8324 * Disable Probe Request reporting unless we need it in this way for 8325 * devices that include the AP SME, in the other case (unless using 8326 * monitor iface) we'll get it through the nl_mgmt socket instead. 8327 */ 8328 if (!drv->device_ap_sme) 8329 wpa_driver_nl80211_probe_req_report(bss, 0); 8330 8331 if (!drv->device_ap_sme && !drv->use_monitor) 8332 if (nl80211_mgmt_subscribe_ap(bss)) 8333 return -1; 8334 8335 if (drv->device_ap_sme && !drv->use_monitor) 8336 if (nl80211_mgmt_subscribe_ap_dev_sme(bss)) 8337 return -1; 8338 8339 if (!drv->device_ap_sme && drv->use_monitor && 8340 nl80211_create_monitor_interface(drv) && 8341 !drv->device_ap_sme) 8342 return -1; 8343 8344 if (drv->device_ap_sme && 8345 wpa_driver_nl80211_probe_req_report(bss, 1) < 0) { 8346 wpa_printf(MSG_DEBUG, "nl80211: Failed to enable " 8347 "Probe Request frame reporting in AP mode"); 8348 /* Try to survive without this */ 8349 } 8350 8351 return 0; 8352} 8353 8354 8355static void nl80211_teardown_ap(struct i802_bss *bss) 8356{ 8357 struct wpa_driver_nl80211_data *drv = bss->drv; 8358 8359 wpa_printf(MSG_DEBUG, "nl80211: Teardown AP(%s) - device_ap_sme=%d use_monitor=%d", 8360 bss->ifname, drv->device_ap_sme, drv->use_monitor); 8361 if (drv->device_ap_sme) { 8362 wpa_driver_nl80211_probe_req_report(bss, 0); 8363 if (!drv->use_monitor) 8364 nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)"); 8365 } else if (drv->use_monitor) 8366 nl80211_remove_monitor_interface(drv); 8367 else 8368 nl80211_mgmt_unsubscribe(bss, "AP teardown"); 8369 8370 bss->beacon_set = 0; 8371} 8372 8373 8374static int nl80211_send_eapol_data(struct i802_bss *bss, 8375 const u8 *addr, const u8 *data, 8376 size_t data_len) 8377{ 8378 struct sockaddr_ll ll; 8379 int ret; 8380 8381 if (bss->drv->eapol_tx_sock < 0) { 8382 wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL"); 8383 return -1; 8384 } 8385 8386 os_memset(&ll, 0, sizeof(ll)); 8387 ll.sll_family = AF_PACKET; 8388 ll.sll_ifindex = bss->ifindex; 8389 ll.sll_protocol = htons(ETH_P_PAE); 8390 ll.sll_halen = ETH_ALEN; 8391 os_memcpy(ll.sll_addr, addr, ETH_ALEN); 8392 ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0, 8393 (struct sockaddr *) &ll, sizeof(ll)); 8394 if (ret < 0) 8395 wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s", 8396 strerror(errno)); 8397 8398 return ret; 8399} 8400 8401 8402static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 8403 8404static int wpa_driver_nl80211_hapd_send_eapol( 8405 void *priv, const u8 *addr, const u8 *data, 8406 size_t data_len, int encrypt, const u8 *own_addr, u32 flags) 8407{ 8408 struct i802_bss *bss = priv; 8409 struct wpa_driver_nl80211_data *drv = bss->drv; 8410 struct ieee80211_hdr *hdr; 8411 size_t len; 8412 u8 *pos; 8413 int res; 8414 int qos = flags & WPA_STA_WMM; 8415 8416 if (drv->device_ap_sme || !drv->use_monitor) 8417 return nl80211_send_eapol_data(bss, addr, data, data_len); 8418 8419 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 8420 data_len; 8421 hdr = os_zalloc(len); 8422 if (hdr == NULL) { 8423 wpa_printf(MSG_INFO, "nl80211: Failed to allocate EAPOL buffer(len=%lu)", 8424 (unsigned long) len); 8425 return -1; 8426 } 8427 8428 hdr->frame_control = 8429 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 8430 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 8431 if (encrypt) 8432 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 8433 if (qos) { 8434 hdr->frame_control |= 8435 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 8436 } 8437 8438 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 8439 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 8440 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 8441 pos = (u8 *) (hdr + 1); 8442 8443 if (qos) { 8444 /* Set highest priority in QoS header */ 8445 pos[0] = 7; 8446 pos[1] = 0; 8447 pos += 2; 8448 } 8449 8450 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 8451 pos += sizeof(rfc1042_header); 8452 WPA_PUT_BE16(pos, ETH_P_PAE); 8453 pos += 2; 8454 memcpy(pos, data, data_len); 8455 8456 res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0, 8457 0, 0, 0, 0); 8458 if (res < 0) { 8459 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 8460 "failed: %d (%s)", 8461 (unsigned long) len, errno, strerror(errno)); 8462 } 8463 os_free(hdr); 8464 8465 return res; 8466} 8467 8468 8469static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 8470 int total_flags, 8471 int flags_or, int flags_and) 8472{ 8473 struct i802_bss *bss = priv; 8474 struct wpa_driver_nl80211_data *drv = bss->drv; 8475 struct nl_msg *msg; 8476 struct nlattr *flags; 8477 struct nl80211_sta_flag_update upd; 8478 8479 msg = nlmsg_alloc(); 8480 if (!msg) 8481 return -ENOMEM; 8482 8483 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 8484 8485 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 8486 if_nametoindex(bss->ifname)); 8487 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8488 8489 /* 8490 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 8491 * can be removed eventually. 8492 */ 8493 flags = nla_nest_start(msg, NL80211_ATTR_STA_FLAGS); 8494 if (!flags) 8495 goto nla_put_failure; 8496 if (total_flags & WPA_STA_AUTHORIZED) 8497 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_AUTHORIZED); 8498 8499 if (total_flags & WPA_STA_WMM) 8500 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_WME); 8501 8502 if (total_flags & WPA_STA_SHORT_PREAMBLE) 8503 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_SHORT_PREAMBLE); 8504 8505 if (total_flags & WPA_STA_MFP) 8506 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_MFP); 8507 8508 if (total_flags & WPA_STA_TDLS_PEER) 8509 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_TDLS_PEER); 8510 8511 nla_nest_end(msg, flags); 8512 8513 os_memset(&upd, 0, sizeof(upd)); 8514 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 8515 upd.set = sta_flags_nl80211(flags_or); 8516 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 8517 8518 return send_and_recv_msgs(drv, msg, NULL, NULL); 8519 nla_put_failure: 8520 nlmsg_free(msg); 8521 return -ENOBUFS; 8522} 8523 8524 8525static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 8526 struct wpa_driver_associate_params *params) 8527{ 8528 enum nl80211_iftype nlmode, old_mode; 8529 struct hostapd_freq_params freq = { 8530 .freq = params->freq, 8531 }; 8532 8533 if (params->p2p) { 8534 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P " 8535 "group (GO)"); 8536 nlmode = NL80211_IFTYPE_P2P_GO; 8537 } else 8538 nlmode = NL80211_IFTYPE_AP; 8539 8540 old_mode = drv->nlmode; 8541 if (wpa_driver_nl80211_set_mode(drv->first_bss, nlmode)) { 8542 nl80211_remove_monitor_interface(drv); 8543 return -1; 8544 } 8545 8546 if (nl80211_set_channel(drv->first_bss, &freq, 0)) { 8547 if (old_mode != nlmode) 8548 wpa_driver_nl80211_set_mode(drv->first_bss, old_mode); 8549 nl80211_remove_monitor_interface(drv); 8550 return -1; 8551 } 8552 8553 return 0; 8554} 8555 8556 8557static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 8558{ 8559 struct nl_msg *msg; 8560 int ret = -1; 8561 8562 msg = nlmsg_alloc(); 8563 if (!msg) 8564 return -1; 8565 8566 nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS); 8567 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8568 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8569 msg = NULL; 8570 if (ret) { 8571 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 8572 "(%s)", ret, strerror(-ret)); 8573 goto nla_put_failure; 8574 } 8575 8576 ret = 0; 8577 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 8578 8579nla_put_failure: 8580 if (wpa_driver_nl80211_set_mode(drv->first_bss, 8581 NL80211_IFTYPE_STATION)) { 8582 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 8583 "station mode"); 8584 } 8585 8586 nlmsg_free(msg); 8587 return ret; 8588} 8589 8590 8591static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 8592 struct wpa_driver_associate_params *params) 8593{ 8594 struct nl_msg *msg; 8595 int ret = -1; 8596 int count = 0; 8597 8598 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 8599 8600 if (wpa_driver_nl80211_set_mode_ibss(drv->first_bss, params->freq)) { 8601 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 8602 "IBSS mode"); 8603 return -1; 8604 } 8605 8606retry: 8607 msg = nlmsg_alloc(); 8608 if (!msg) 8609 return -1; 8610 8611 nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS); 8612 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8613 8614 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 8615 goto nla_put_failure; 8616 8617 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 8618 params->ssid, params->ssid_len); 8619 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 8620 params->ssid); 8621 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 8622 drv->ssid_len = params->ssid_len; 8623 8624 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 8625 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 8626 8627 if (params->beacon_int > 0) { 8628 wpa_printf(MSG_DEBUG, " * beacon_int=%d", params->beacon_int); 8629 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, 8630 params->beacon_int); 8631 } 8632 8633 ret = nl80211_set_conn_keys(params, msg); 8634 if (ret) 8635 goto nla_put_failure; 8636 8637 if (params->bssid && params->fixed_bssid) { 8638 wpa_printf(MSG_DEBUG, " * BSSID=" MACSTR, 8639 MAC2STR(params->bssid)); 8640 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 8641 } 8642 8643 if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X || 8644 params->key_mgmt_suite == WPA_KEY_MGMT_PSK || 8645 params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 || 8646 params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) { 8647 wpa_printf(MSG_DEBUG, " * control port"); 8648 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 8649 } 8650 8651 if (params->wpa_ie) { 8652 wpa_hexdump(MSG_DEBUG, 8653 " * Extra IEs for Beacon/Probe Response frames", 8654 params->wpa_ie, params->wpa_ie_len); 8655 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 8656 params->wpa_ie); 8657 } 8658 8659 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8660 msg = NULL; 8661 if (ret) { 8662 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 8663 ret, strerror(-ret)); 8664 count++; 8665 if (ret == -EALREADY && count == 1) { 8666 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 8667 "forced leave"); 8668 nl80211_leave_ibss(drv); 8669 nlmsg_free(msg); 8670 goto retry; 8671 } 8672 8673 goto nla_put_failure; 8674 } 8675 ret = 0; 8676 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 8677 8678nla_put_failure: 8679 nlmsg_free(msg); 8680 return ret; 8681} 8682 8683 8684static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, 8685 struct wpa_driver_associate_params *params, 8686 struct nl_msg *msg) 8687{ 8688 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8689 8690 if (params->bssid) { 8691 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 8692 MAC2STR(params->bssid)); 8693 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 8694 } 8695 8696 if (params->bssid_hint) { 8697 wpa_printf(MSG_DEBUG, " * bssid_hint=" MACSTR, 8698 MAC2STR(params->bssid_hint)); 8699 NLA_PUT(msg, NL80211_ATTR_MAC_HINT, ETH_ALEN, 8700 params->bssid_hint); 8701 } 8702 8703 if (params->freq) { 8704 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 8705 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 8706 drv->assoc_freq = params->freq; 8707 } else 8708 drv->assoc_freq = 0; 8709 8710 if (params->freq_hint) { 8711 wpa_printf(MSG_DEBUG, " * freq_hint=%d", params->freq_hint); 8712 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ_HINT, 8713 params->freq_hint); 8714 } 8715 8716 if (params->bg_scan_period >= 0) { 8717 wpa_printf(MSG_DEBUG, " * bg scan period=%d", 8718 params->bg_scan_period); 8719 NLA_PUT_U16(msg, NL80211_ATTR_BG_SCAN_PERIOD, 8720 params->bg_scan_period); 8721 } 8722 8723 if (params->ssid) { 8724 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 8725 params->ssid, params->ssid_len); 8726 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 8727 params->ssid); 8728 if (params->ssid_len > sizeof(drv->ssid)) 8729 goto nla_put_failure; 8730 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 8731 drv->ssid_len = params->ssid_len; 8732 } 8733 8734 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 8735 if (params->wpa_ie) 8736 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 8737 params->wpa_ie); 8738 8739 if (params->wpa_proto) { 8740 enum nl80211_wpa_versions ver = 0; 8741 8742 if (params->wpa_proto & WPA_PROTO_WPA) 8743 ver |= NL80211_WPA_VERSION_1; 8744 if (params->wpa_proto & WPA_PROTO_RSN) 8745 ver |= NL80211_WPA_VERSION_2; 8746 8747 wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver); 8748 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 8749 } 8750 8751 if (params->pairwise_suite != WPA_CIPHER_NONE) { 8752 u32 cipher = wpa_cipher_to_cipher_suite(params->pairwise_suite); 8753 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher); 8754 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 8755 } 8756 8757 if (params->group_suite == WPA_CIPHER_GTK_NOT_USED && 8758 !(drv->capa.enc & WPA_DRIVER_CAPA_ENC_GTK_NOT_USED)) { 8759 /* 8760 * This is likely to work even though many drivers do not 8761 * advertise support for operations without GTK. 8762 */ 8763 wpa_printf(MSG_DEBUG, " * skip group cipher configuration for GTK_NOT_USED due to missing driver support advertisement"); 8764 } else if (params->group_suite != WPA_CIPHER_NONE) { 8765 u32 cipher = wpa_cipher_to_cipher_suite(params->group_suite); 8766 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher); 8767 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 8768 } 8769 8770 if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X || 8771 params->key_mgmt_suite == WPA_KEY_MGMT_PSK || 8772 params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X || 8773 params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK || 8774 params->key_mgmt_suite == WPA_KEY_MGMT_CCKM || 8775 params->key_mgmt_suite == WPA_KEY_MGMT_OSEN || 8776 params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 || 8777 params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) { 8778 int mgmt = WLAN_AKM_SUITE_PSK; 8779 8780 switch (params->key_mgmt_suite) { 8781 case WPA_KEY_MGMT_CCKM: 8782 mgmt = WLAN_AKM_SUITE_CCKM; 8783 break; 8784 case WPA_KEY_MGMT_IEEE8021X: 8785 mgmt = WLAN_AKM_SUITE_8021X; 8786 break; 8787 case WPA_KEY_MGMT_FT_IEEE8021X: 8788 mgmt = WLAN_AKM_SUITE_FT_8021X; 8789 break; 8790 case WPA_KEY_MGMT_FT_PSK: 8791 mgmt = WLAN_AKM_SUITE_FT_PSK; 8792 break; 8793 case WPA_KEY_MGMT_IEEE8021X_SHA256: 8794 mgmt = WLAN_AKM_SUITE_8021X_SHA256; 8795 break; 8796 case WPA_KEY_MGMT_PSK_SHA256: 8797 mgmt = WLAN_AKM_SUITE_PSK_SHA256; 8798 break; 8799 case WPA_KEY_MGMT_OSEN: 8800 mgmt = WLAN_AKM_SUITE_OSEN; 8801 break; 8802 case WPA_KEY_MGMT_PSK: 8803 default: 8804 mgmt = WLAN_AKM_SUITE_PSK; 8805 break; 8806 } 8807 wpa_printf(MSG_DEBUG, " * akm=0x%x", mgmt); 8808 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 8809 } 8810 8811 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 8812 8813 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 8814 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 8815 8816 if (params->disable_ht) 8817 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT); 8818 8819 if (params->htcaps && params->htcaps_mask) { 8820 int sz = sizeof(struct ieee80211_ht_capabilities); 8821 wpa_hexdump(MSG_DEBUG, " * htcaps", params->htcaps, sz); 8822 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps); 8823 wpa_hexdump(MSG_DEBUG, " * htcaps_mask", 8824 params->htcaps_mask, sz); 8825 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz, 8826 params->htcaps_mask); 8827 } 8828 8829#ifdef CONFIG_VHT_OVERRIDES 8830 if (params->disable_vht) { 8831 wpa_printf(MSG_DEBUG, " * VHT disabled"); 8832 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_VHT); 8833 } 8834 8835 if (params->vhtcaps && params->vhtcaps_mask) { 8836 int sz = sizeof(struct ieee80211_vht_capabilities); 8837 wpa_hexdump(MSG_DEBUG, " * vhtcaps", params->vhtcaps, sz); 8838 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, sz, params->vhtcaps); 8839 wpa_hexdump(MSG_DEBUG, " * vhtcaps_mask", 8840 params->vhtcaps_mask, sz); 8841 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz, 8842 params->vhtcaps_mask); 8843 } 8844#endif /* CONFIG_VHT_OVERRIDES */ 8845 8846 if (params->p2p) 8847 wpa_printf(MSG_DEBUG, " * P2P group"); 8848 8849 return 0; 8850nla_put_failure: 8851 return -1; 8852} 8853 8854 8855static int wpa_driver_nl80211_try_connect( 8856 struct wpa_driver_nl80211_data *drv, 8857 struct wpa_driver_associate_params *params) 8858{ 8859 struct nl_msg *msg; 8860 enum nl80211_auth_type type; 8861 int ret; 8862 int algs; 8863 8864 msg = nlmsg_alloc(); 8865 if (!msg) 8866 return -1; 8867 8868 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 8869 nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT); 8870 8871 ret = nl80211_connect_common(drv, params, msg); 8872 if (ret) 8873 goto nla_put_failure; 8874 8875 algs = 0; 8876 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 8877 algs++; 8878 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 8879 algs++; 8880 if (params->auth_alg & WPA_AUTH_ALG_LEAP) 8881 algs++; 8882 if (algs > 1) { 8883 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " 8884 "selection"); 8885 goto skip_auth_type; 8886 } 8887 8888 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 8889 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 8890 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 8891 type = NL80211_AUTHTYPE_SHARED_KEY; 8892 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 8893 type = NL80211_AUTHTYPE_NETWORK_EAP; 8894 else if (params->auth_alg & WPA_AUTH_ALG_FT) 8895 type = NL80211_AUTHTYPE_FT; 8896 else 8897 goto nla_put_failure; 8898 8899 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 8900 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 8901 8902skip_auth_type: 8903 ret = nl80211_set_conn_keys(params, msg); 8904 if (ret) 8905 goto nla_put_failure; 8906 8907 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8908 msg = NULL; 8909 if (ret) { 8910 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 8911 "(%s)", ret, strerror(-ret)); 8912 goto nla_put_failure; 8913 } 8914 ret = 0; 8915 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 8916 8917nla_put_failure: 8918 nlmsg_free(msg); 8919 return ret; 8920 8921} 8922 8923 8924static int wpa_driver_nl80211_connect( 8925 struct wpa_driver_nl80211_data *drv, 8926 struct wpa_driver_associate_params *params) 8927{ 8928 int ret = wpa_driver_nl80211_try_connect(drv, params); 8929 if (ret == -EALREADY) { 8930 /* 8931 * cfg80211 does not currently accept new connections if 8932 * we are already connected. As a workaround, force 8933 * disconnection and try again. 8934 */ 8935 wpa_printf(MSG_DEBUG, "nl80211: Explicitly " 8936 "disconnecting before reassociation " 8937 "attempt"); 8938 if (wpa_driver_nl80211_disconnect( 8939 drv, WLAN_REASON_PREV_AUTH_NOT_VALID)) 8940 return -1; 8941 ret = wpa_driver_nl80211_try_connect(drv, params); 8942 } 8943 return ret; 8944} 8945 8946 8947static int wpa_driver_nl80211_associate( 8948 void *priv, struct wpa_driver_associate_params *params) 8949{ 8950 struct i802_bss *bss = priv; 8951 struct wpa_driver_nl80211_data *drv = bss->drv; 8952 int ret; 8953 struct nl_msg *msg; 8954 8955 if (params->mode == IEEE80211_MODE_AP) 8956 return wpa_driver_nl80211_ap(drv, params); 8957 8958 if (params->mode == IEEE80211_MODE_IBSS) 8959 return wpa_driver_nl80211_ibss(drv, params); 8960 8961 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 8962 enum nl80211_iftype nlmode = params->p2p ? 8963 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 8964 8965 if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0) 8966 return -1; 8967 return wpa_driver_nl80211_connect(drv, params); 8968 } 8969 8970 nl80211_mark_disconnected(drv); 8971 8972 msg = nlmsg_alloc(); 8973 if (!msg) 8974 return -1; 8975 8976 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 8977 drv->ifindex); 8978 nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE); 8979 8980 ret = nl80211_connect_common(drv, params, msg); 8981 if (ret) 8982 goto nla_put_failure; 8983 8984 if (params->prev_bssid) { 8985 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 8986 MAC2STR(params->prev_bssid)); 8987 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 8988 params->prev_bssid); 8989 } 8990 8991 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8992 msg = NULL; 8993 if (ret) { 8994 wpa_dbg(drv->ctx, MSG_DEBUG, 8995 "nl80211: MLME command failed (assoc): ret=%d (%s)", 8996 ret, strerror(-ret)); 8997 nl80211_dump_scan(drv); 8998 goto nla_put_failure; 8999 } 9000 ret = 0; 9001 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 9002 "successfully"); 9003 9004nla_put_failure: 9005 nlmsg_free(msg); 9006 return ret; 9007} 9008 9009 9010static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 9011 int ifindex, enum nl80211_iftype mode) 9012{ 9013 struct nl_msg *msg; 9014 int ret = -ENOBUFS; 9015 9016 wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)", 9017 ifindex, mode, nl80211_iftype_str(mode)); 9018 9019 msg = nlmsg_alloc(); 9020 if (!msg) 9021 return -ENOMEM; 9022 9023 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE); 9024 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 9025 goto nla_put_failure; 9026 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 9027 9028 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9029 msg = NULL; 9030 if (!ret) 9031 return 0; 9032nla_put_failure: 9033 nlmsg_free(msg); 9034 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 9035 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 9036 return ret; 9037} 9038 9039 9040static int wpa_driver_nl80211_set_mode_impl( 9041 struct i802_bss *bss, 9042 enum nl80211_iftype nlmode, 9043 struct hostapd_freq_params *desired_freq_params) 9044{ 9045 struct wpa_driver_nl80211_data *drv = bss->drv; 9046 int ret = -1; 9047 int i; 9048 int was_ap = is_ap_interface(drv->nlmode); 9049 int res; 9050 int mode_switch_res; 9051 9052 mode_switch_res = nl80211_set_mode(drv, drv->ifindex, nlmode); 9053 if (mode_switch_res && nlmode == nl80211_get_ifmode(bss)) 9054 mode_switch_res = 0; 9055 9056 if (mode_switch_res == 0) { 9057 drv->nlmode = nlmode; 9058 ret = 0; 9059 goto done; 9060 } 9061 9062 if (mode_switch_res == -ENODEV) 9063 return -1; 9064 9065 if (nlmode == drv->nlmode) { 9066 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 9067 "requested mode - ignore error"); 9068 ret = 0; 9069 goto done; /* Already in the requested mode */ 9070 } 9071 9072 /* mac80211 doesn't allow mode changes while the device is up, so 9073 * take the device down, try to set the mode again, and bring the 9074 * device back up. 9075 */ 9076 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting " 9077 "interface down"); 9078 for (i = 0; i < 10; i++) { 9079 res = i802_set_iface_flags(bss, 0); 9080 if (res == -EACCES || res == -ENODEV) 9081 break; 9082 if (res != 0) { 9083 wpa_printf(MSG_DEBUG, "nl80211: Failed to set " 9084 "interface down"); 9085 os_sleep(0, 100000); 9086 continue; 9087 } 9088 9089 /* 9090 * Setting the mode will fail for some drivers if the phy is 9091 * on a frequency that the mode is disallowed in. 9092 */ 9093 if (desired_freq_params) { 9094 res = i802_set_freq(bss, desired_freq_params); 9095 if (res) { 9096 wpa_printf(MSG_DEBUG, 9097 "nl80211: Failed to set frequency on interface"); 9098 } 9099 } 9100 9101 /* Try to set the mode again while the interface is down */ 9102 mode_switch_res = nl80211_set_mode(drv, drv->ifindex, nlmode); 9103 if (mode_switch_res == -EBUSY) { 9104 wpa_printf(MSG_DEBUG, 9105 "nl80211: Delaying mode set while interface going down"); 9106 os_sleep(0, 100000); 9107 continue; 9108 } 9109 ret = mode_switch_res; 9110 break; 9111 } 9112 9113 if (!ret) { 9114 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 9115 "interface is down"); 9116 drv->nlmode = nlmode; 9117 drv->ignore_if_down_event = 1; 9118 } 9119 9120 /* Bring the interface back up */ 9121 res = linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1); 9122 if (res != 0) { 9123 wpa_printf(MSG_DEBUG, 9124 "nl80211: Failed to set interface up after switching mode"); 9125 ret = -1; 9126 } 9127 9128done: 9129 if (ret) { 9130 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 9131 "from %d failed", nlmode, drv->nlmode); 9132 return ret; 9133 } 9134 9135 if (is_p2p_net_interface(nlmode)) 9136 nl80211_disable_11b_rates(drv, drv->ifindex, 1); 9137 else if (drv->disabled_11b_rates) 9138 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 9139 9140 if (is_ap_interface(nlmode)) { 9141 nl80211_mgmt_unsubscribe(bss, "start AP"); 9142 /* Setup additional AP mode functionality if needed */ 9143 if (nl80211_setup_ap(bss)) 9144 return -1; 9145 } else if (was_ap) { 9146 /* Remove additional AP mode functionality */ 9147 nl80211_teardown_ap(bss); 9148 } else { 9149 nl80211_mgmt_unsubscribe(bss, "mode change"); 9150 } 9151 9152 if (!bss->in_deinit && !is_ap_interface(nlmode) && 9153 nl80211_mgmt_subscribe_non_ap(bss) < 0) 9154 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 9155 "frame processing - ignore for now"); 9156 9157 return 0; 9158} 9159 9160 9161static int dfs_info_handler(struct nl_msg *msg, void *arg) 9162{ 9163 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9164 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9165 int *dfs_capability_ptr = arg; 9166 9167 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9168 genlmsg_attrlen(gnlh, 0), NULL); 9169 9170 if (tb[NL80211_ATTR_VENDOR_DATA]) { 9171 struct nlattr *nl_vend = tb[NL80211_ATTR_VENDOR_DATA]; 9172 struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1]; 9173 9174 nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_MAX, 9175 nla_data(nl_vend), nla_len(nl_vend), NULL); 9176 9177 if (tb_vendor[QCA_WLAN_VENDOR_ATTR_DFS]) { 9178 u32 val; 9179 val = nla_get_u32(tb_vendor[QCA_WLAN_VENDOR_ATTR_DFS]); 9180 wpa_printf(MSG_DEBUG, "nl80211: DFS offload capability: %u", 9181 val); 9182 *dfs_capability_ptr = val; 9183 } 9184 } 9185 9186 return NL_SKIP; 9187} 9188 9189 9190static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 9191 enum nl80211_iftype nlmode) 9192{ 9193 return wpa_driver_nl80211_set_mode_impl(bss, nlmode, NULL); 9194} 9195 9196 9197static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss, int freq) 9198{ 9199 struct hostapd_freq_params freq_params; 9200 os_memset(&freq_params, 0, sizeof(freq_params)); 9201 freq_params.freq = freq; 9202 return wpa_driver_nl80211_set_mode_impl(bss, NL80211_IFTYPE_ADHOC, 9203 &freq_params); 9204} 9205 9206 9207static int wpa_driver_nl80211_get_capa(void *priv, 9208 struct wpa_driver_capa *capa) 9209{ 9210 struct i802_bss *bss = priv; 9211 struct wpa_driver_nl80211_data *drv = bss->drv; 9212 struct nl_msg *msg; 9213 int dfs_capability = 0; 9214 int ret = 0; 9215 9216 if (!drv->has_capability) 9217 return -1; 9218 os_memcpy(capa, &drv->capa, sizeof(*capa)); 9219 if (drv->extended_capa && drv->extended_capa_mask) { 9220 capa->extended_capa = drv->extended_capa; 9221 capa->extended_capa_mask = drv->extended_capa_mask; 9222 capa->extended_capa_len = drv->extended_capa_len; 9223 } 9224 9225 if ((capa->flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) && 9226 !drv->allow_p2p_device) { 9227 wpa_printf(MSG_DEBUG, "nl80211: Do not indicate P2P_DEVICE support (p2p_device=1 driver param not specified)"); 9228 capa->flags &= ~WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE; 9229 } 9230 9231 if (drv->dfs_vendor_cmd_avail == 1) { 9232 msg = nlmsg_alloc(); 9233 if (!msg) 9234 return -ENOMEM; 9235 9236 nl80211_cmd(drv, msg, 0, NL80211_CMD_VENDOR); 9237 9238 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 9239 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA); 9240 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_SUBCMD, 9241 QCA_NL80211_VENDOR_SUBCMD_DFS_CAPABILITY); 9242 9243 ret = send_and_recv_msgs(drv, msg, dfs_info_handler, 9244 &dfs_capability); 9245 if (!ret) { 9246 if (dfs_capability) 9247 capa->flags |= WPA_DRIVER_FLAGS_DFS_OFFLOAD; 9248 } 9249 } 9250 9251 return ret; 9252 9253 nla_put_failure: 9254 nlmsg_free(msg); 9255 return -ENOBUFS; 9256} 9257 9258 9259static int wpa_driver_nl80211_set_operstate(void *priv, int state) 9260{ 9261 struct i802_bss *bss = priv; 9262 struct wpa_driver_nl80211_data *drv = bss->drv; 9263 9264 wpa_printf(MSG_DEBUG, "nl80211: Set %s operstate %d->%d (%s)", 9265 bss->ifname, drv->operstate, state, 9266 state ? "UP" : "DORMANT"); 9267 drv->operstate = state; 9268 return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1, 9269 state ? IF_OPER_UP : IF_OPER_DORMANT); 9270} 9271 9272 9273static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 9274{ 9275 struct i802_bss *bss = priv; 9276 struct wpa_driver_nl80211_data *drv = bss->drv; 9277 struct nl_msg *msg; 9278 struct nl80211_sta_flag_update upd; 9279 int ret = -ENOBUFS; 9280 9281 if (!drv->associated && is_zero_ether_addr(drv->bssid) && !authorized) { 9282 wpa_printf(MSG_DEBUG, "nl80211: Skip set_supp_port(unauthorized) while not associated"); 9283 return 0; 9284 } 9285 9286 wpa_printf(MSG_DEBUG, "nl80211: Set supplicant port %sauthorized for " 9287 MACSTR, authorized ? "" : "un", MAC2STR(drv->bssid)); 9288 9289 msg = nlmsg_alloc(); 9290 if (!msg) 9291 return -ENOMEM; 9292 9293 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 9294 9295 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9296 if_nametoindex(bss->ifname)); 9297 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 9298 9299 os_memset(&upd, 0, sizeof(upd)); 9300 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 9301 if (authorized) 9302 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 9303 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 9304 9305 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9306 msg = NULL; 9307 if (!ret) 9308 return 0; 9309 nla_put_failure: 9310 nlmsg_free(msg); 9311 wpa_printf(MSG_DEBUG, "nl80211: Failed to set STA flag: %d (%s)", 9312 ret, strerror(-ret)); 9313 return ret; 9314} 9315 9316 9317/* Set kernel driver on given frequency (MHz) */ 9318static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 9319{ 9320 struct i802_bss *bss = priv; 9321 return nl80211_set_channel(bss, freq, 0); 9322} 9323 9324 9325static inline int min_int(int a, int b) 9326{ 9327 if (a < b) 9328 return a; 9329 return b; 9330} 9331 9332 9333static int get_key_handler(struct nl_msg *msg, void *arg) 9334{ 9335 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9336 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9337 9338 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9339 genlmsg_attrlen(gnlh, 0), NULL); 9340 9341 /* 9342 * TODO: validate the key index and mac address! 9343 * Otherwise, there's a race condition as soon as 9344 * the kernel starts sending key notifications. 9345 */ 9346 9347 if (tb[NL80211_ATTR_KEY_SEQ]) 9348 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 9349 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 9350 return NL_SKIP; 9351} 9352 9353 9354static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 9355 int idx, u8 *seq) 9356{ 9357 struct i802_bss *bss = priv; 9358 struct wpa_driver_nl80211_data *drv = bss->drv; 9359 struct nl_msg *msg; 9360 9361 msg = nlmsg_alloc(); 9362 if (!msg) 9363 return -ENOMEM; 9364 9365 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY); 9366 9367 if (addr) 9368 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9369 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 9370 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 9371 9372 memset(seq, 0, 6); 9373 9374 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 9375 nla_put_failure: 9376 nlmsg_free(msg); 9377 return -ENOBUFS; 9378} 9379 9380 9381static int i802_set_rts(void *priv, int rts) 9382{ 9383 struct i802_bss *bss = priv; 9384 struct wpa_driver_nl80211_data *drv = bss->drv; 9385 struct nl_msg *msg; 9386 int ret = -ENOBUFS; 9387 u32 val; 9388 9389 msg = nlmsg_alloc(); 9390 if (!msg) 9391 return -ENOMEM; 9392 9393 if (rts >= 2347) 9394 val = (u32) -1; 9395 else 9396 val = rts; 9397 9398 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 9399 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 9400 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 9401 9402 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9403 msg = NULL; 9404 if (!ret) 9405 return 0; 9406nla_put_failure: 9407 nlmsg_free(msg); 9408 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 9409 "%d (%s)", rts, ret, strerror(-ret)); 9410 return ret; 9411} 9412 9413 9414static int i802_set_frag(void *priv, int frag) 9415{ 9416 struct i802_bss *bss = priv; 9417 struct wpa_driver_nl80211_data *drv = bss->drv; 9418 struct nl_msg *msg; 9419 int ret = -ENOBUFS; 9420 u32 val; 9421 9422 msg = nlmsg_alloc(); 9423 if (!msg) 9424 return -ENOMEM; 9425 9426 if (frag >= 2346) 9427 val = (u32) -1; 9428 else 9429 val = frag; 9430 9431 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 9432 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 9433 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 9434 9435 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9436 msg = NULL; 9437 if (!ret) 9438 return 0; 9439nla_put_failure: 9440 nlmsg_free(msg); 9441 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 9442 "%d: %d (%s)", frag, ret, strerror(-ret)); 9443 return ret; 9444} 9445 9446 9447static int i802_flush(void *priv) 9448{ 9449 struct i802_bss *bss = priv; 9450 struct wpa_driver_nl80211_data *drv = bss->drv; 9451 struct nl_msg *msg; 9452 int res; 9453 9454 msg = nlmsg_alloc(); 9455 if (!msg) 9456 return -1; 9457 9458 wpa_printf(MSG_DEBUG, "nl80211: flush -> DEL_STATION %s (all)", 9459 bss->ifname); 9460 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 9461 9462 /* 9463 * XXX: FIX! this needs to flush all VLANs too 9464 */ 9465 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9466 if_nametoindex(bss->ifname)); 9467 9468 res = send_and_recv_msgs(drv, msg, NULL, NULL); 9469 if (res) { 9470 wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d " 9471 "(%s)", res, strerror(-res)); 9472 } 9473 return res; 9474 nla_put_failure: 9475 nlmsg_free(msg); 9476 return -ENOBUFS; 9477} 9478 9479 9480static int get_sta_handler(struct nl_msg *msg, void *arg) 9481{ 9482 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9483 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9484 struct hostap_sta_driver_data *data = arg; 9485 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 9486 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 9487 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 9488 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 9489 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 9490 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 9491 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 9492 [NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32 }, 9493 }; 9494 9495 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9496 genlmsg_attrlen(gnlh, 0), NULL); 9497 9498 /* 9499 * TODO: validate the interface and mac address! 9500 * Otherwise, there's a race condition as soon as 9501 * the kernel starts sending station notifications. 9502 */ 9503 9504 if (!tb[NL80211_ATTR_STA_INFO]) { 9505 wpa_printf(MSG_DEBUG, "sta stats missing!"); 9506 return NL_SKIP; 9507 } 9508 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 9509 tb[NL80211_ATTR_STA_INFO], 9510 stats_policy)) { 9511 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 9512 return NL_SKIP; 9513 } 9514 9515 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 9516 data->inactive_msec = 9517 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 9518 if (stats[NL80211_STA_INFO_RX_BYTES]) 9519 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 9520 if (stats[NL80211_STA_INFO_TX_BYTES]) 9521 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 9522 if (stats[NL80211_STA_INFO_RX_PACKETS]) 9523 data->rx_packets = 9524 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 9525 if (stats[NL80211_STA_INFO_TX_PACKETS]) 9526 data->tx_packets = 9527 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 9528 if (stats[NL80211_STA_INFO_TX_FAILED]) 9529 data->tx_retry_failed = 9530 nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]); 9531 9532 return NL_SKIP; 9533} 9534 9535static int i802_read_sta_data(struct i802_bss *bss, 9536 struct hostap_sta_driver_data *data, 9537 const u8 *addr) 9538{ 9539 struct wpa_driver_nl80211_data *drv = bss->drv; 9540 struct nl_msg *msg; 9541 9542 os_memset(data, 0, sizeof(*data)); 9543 msg = nlmsg_alloc(); 9544 if (!msg) 9545 return -ENOMEM; 9546 9547 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 9548 9549 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9550 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 9551 9552 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 9553 nla_put_failure: 9554 nlmsg_free(msg); 9555 return -ENOBUFS; 9556} 9557 9558 9559static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 9560 int cw_min, int cw_max, int burst_time) 9561{ 9562 struct i802_bss *bss = priv; 9563 struct wpa_driver_nl80211_data *drv = bss->drv; 9564 struct nl_msg *msg; 9565 struct nlattr *txq, *params; 9566 9567 msg = nlmsg_alloc(); 9568 if (!msg) 9569 return -1; 9570 9571 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 9572 9573 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 9574 9575 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 9576 if (!txq) 9577 goto nla_put_failure; 9578 9579 /* We are only sending parameters for a single TXQ at a time */ 9580 params = nla_nest_start(msg, 1); 9581 if (!params) 9582 goto nla_put_failure; 9583 9584 switch (queue) { 9585 case 0: 9586 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO); 9587 break; 9588 case 1: 9589 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI); 9590 break; 9591 case 2: 9592 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE); 9593 break; 9594 case 3: 9595 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK); 9596 break; 9597 } 9598 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 9599 * 32 usec, so need to convert the value here. */ 9600 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 9601 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 9602 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 9603 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 9604 9605 nla_nest_end(msg, params); 9606 9607 nla_nest_end(msg, txq); 9608 9609 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 9610 return 0; 9611 msg = NULL; 9612 nla_put_failure: 9613 nlmsg_free(msg); 9614 return -1; 9615} 9616 9617 9618static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr, 9619 const char *ifname, int vlan_id) 9620{ 9621 struct wpa_driver_nl80211_data *drv = bss->drv; 9622 struct nl_msg *msg; 9623 int ret = -ENOBUFS; 9624 9625 msg = nlmsg_alloc(); 9626 if (!msg) 9627 return -ENOMEM; 9628 9629 wpa_printf(MSG_DEBUG, "nl80211: %s[%d]: set_sta_vlan(" MACSTR 9630 ", ifname=%s[%d], vlan_id=%d)", 9631 bss->ifname, if_nametoindex(bss->ifname), 9632 MAC2STR(addr), ifname, if_nametoindex(ifname), vlan_id); 9633 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 9634 9635 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9636 if_nametoindex(bss->ifname)); 9637 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9638 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 9639 if_nametoindex(ifname)); 9640 9641 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9642 msg = NULL; 9643 if (ret < 0) { 9644 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 9645 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 9646 MAC2STR(addr), ifname, vlan_id, ret, 9647 strerror(-ret)); 9648 } 9649 nla_put_failure: 9650 nlmsg_free(msg); 9651 return ret; 9652} 9653 9654 9655static int i802_get_inact_sec(void *priv, const u8 *addr) 9656{ 9657 struct hostap_sta_driver_data data; 9658 int ret; 9659 9660 data.inactive_msec = (unsigned long) -1; 9661 ret = i802_read_sta_data(priv, &data, addr); 9662 if (ret || data.inactive_msec == (unsigned long) -1) 9663 return -1; 9664 return data.inactive_msec / 1000; 9665} 9666 9667 9668static int i802_sta_clear_stats(void *priv, const u8 *addr) 9669{ 9670#if 0 9671 /* TODO */ 9672#endif 9673 return 0; 9674} 9675 9676 9677static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 9678 int reason) 9679{ 9680 struct i802_bss *bss = priv; 9681 struct wpa_driver_nl80211_data *drv = bss->drv; 9682 struct ieee80211_mgmt mgmt; 9683 9684 if (drv->device_ap_sme) 9685 return wpa_driver_nl80211_sta_remove(bss, addr); 9686 9687 memset(&mgmt, 0, sizeof(mgmt)); 9688 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 9689 WLAN_FC_STYPE_DEAUTH); 9690 memcpy(mgmt.da, addr, ETH_ALEN); 9691 memcpy(mgmt.sa, own_addr, ETH_ALEN); 9692 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 9693 mgmt.u.deauth.reason_code = host_to_le16(reason); 9694 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 9695 IEEE80211_HDRLEN + 9696 sizeof(mgmt.u.deauth), 0, 0, 0, 0, 9697 0); 9698} 9699 9700 9701static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 9702 int reason) 9703{ 9704 struct i802_bss *bss = priv; 9705 struct wpa_driver_nl80211_data *drv = bss->drv; 9706 struct ieee80211_mgmt mgmt; 9707 9708 if (drv->device_ap_sme) 9709 return wpa_driver_nl80211_sta_remove(bss, addr); 9710 9711 memset(&mgmt, 0, sizeof(mgmt)); 9712 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 9713 WLAN_FC_STYPE_DISASSOC); 9714 memcpy(mgmt.da, addr, ETH_ALEN); 9715 memcpy(mgmt.sa, own_addr, ETH_ALEN); 9716 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 9717 mgmt.u.disassoc.reason_code = host_to_le16(reason); 9718 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 9719 IEEE80211_HDRLEN + 9720 sizeof(mgmt.u.disassoc), 0, 0, 0, 0, 9721 0); 9722} 9723 9724 9725static void dump_ifidx(struct wpa_driver_nl80211_data *drv) 9726{ 9727 char buf[200], *pos, *end; 9728 int i, res; 9729 9730 pos = buf; 9731 end = pos + sizeof(buf); 9732 9733 for (i = 0; i < drv->num_if_indices; i++) { 9734 if (!drv->if_indices[i]) 9735 continue; 9736 res = os_snprintf(pos, end - pos, " %d", drv->if_indices[i]); 9737 if (res < 0 || res >= end - pos) 9738 break; 9739 pos += res; 9740 } 9741 *pos = '\0'; 9742 9743 wpa_printf(MSG_DEBUG, "nl80211: if_indices[%d]:%s", 9744 drv->num_if_indices, buf); 9745} 9746 9747 9748static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9749{ 9750 int i; 9751 int *old; 9752 9753 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 9754 ifidx); 9755 if (have_ifidx(drv, ifidx)) { 9756 wpa_printf(MSG_DEBUG, "nl80211: ifindex %d already in the list", 9757 ifidx); 9758 return; 9759 } 9760 for (i = 0; i < drv->num_if_indices; i++) { 9761 if (drv->if_indices[i] == 0) { 9762 drv->if_indices[i] = ifidx; 9763 dump_ifidx(drv); 9764 return; 9765 } 9766 } 9767 9768 if (drv->if_indices != drv->default_if_indices) 9769 old = drv->if_indices; 9770 else 9771 old = NULL; 9772 9773 drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1, 9774 sizeof(int)); 9775 if (!drv->if_indices) { 9776 if (!old) 9777 drv->if_indices = drv->default_if_indices; 9778 else 9779 drv->if_indices = old; 9780 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 9781 "interfaces"); 9782 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 9783 return; 9784 } else if (!old) 9785 os_memcpy(drv->if_indices, drv->default_if_indices, 9786 sizeof(drv->default_if_indices)); 9787 drv->if_indices[drv->num_if_indices] = ifidx; 9788 drv->num_if_indices++; 9789 dump_ifidx(drv); 9790} 9791 9792 9793static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9794{ 9795 int i; 9796 9797 for (i = 0; i < drv->num_if_indices; i++) { 9798 if (drv->if_indices[i] == ifidx) { 9799 drv->if_indices[i] = 0; 9800 break; 9801 } 9802 } 9803 dump_ifidx(drv); 9804} 9805 9806 9807static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9808{ 9809 int i; 9810 9811 for (i = 0; i < drv->num_if_indices; i++) 9812 if (drv->if_indices[i] == ifidx) 9813 return 1; 9814 9815 return 0; 9816} 9817 9818 9819static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, 9820 const char *bridge_ifname, char *ifname_wds) 9821{ 9822 struct i802_bss *bss = priv; 9823 struct wpa_driver_nl80211_data *drv = bss->drv; 9824 char name[IFNAMSIZ + 1]; 9825 9826 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 9827 if (ifname_wds) 9828 os_strlcpy(ifname_wds, name, IFNAMSIZ + 1); 9829 9830 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 9831 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 9832 if (val) { 9833 if (!if_nametoindex(name)) { 9834 if (nl80211_create_iface(drv, name, 9835 NL80211_IFTYPE_AP_VLAN, 9836 bss->addr, 1, NULL, NULL, 0) < 9837 0) 9838 return -1; 9839 if (bridge_ifname && 9840 linux_br_add_if(drv->global->ioctl_sock, 9841 bridge_ifname, name) < 0) 9842 return -1; 9843 } 9844 if (linux_set_iface_flags(drv->global->ioctl_sock, name, 1)) { 9845 wpa_printf(MSG_ERROR, "nl80211: Failed to set WDS STA " 9846 "interface %s up", name); 9847 } 9848 return i802_set_sta_vlan(priv, addr, name, 0); 9849 } else { 9850 if (bridge_ifname) 9851 linux_br_del_if(drv->global->ioctl_sock, bridge_ifname, 9852 name); 9853 9854 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 9855 nl80211_remove_iface(drv, if_nametoindex(name)); 9856 return 0; 9857 } 9858} 9859 9860 9861static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 9862{ 9863 struct wpa_driver_nl80211_data *drv = eloop_ctx; 9864 struct sockaddr_ll lladdr; 9865 unsigned char buf[3000]; 9866 int len; 9867 socklen_t fromlen = sizeof(lladdr); 9868 9869 len = recvfrom(sock, buf, sizeof(buf), 0, 9870 (struct sockaddr *)&lladdr, &fromlen); 9871 if (len < 0) { 9872 wpa_printf(MSG_ERROR, "nl80211: EAPOL recv failed: %s", 9873 strerror(errno)); 9874 return; 9875 } 9876 9877 if (have_ifidx(drv, lladdr.sll_ifindex)) 9878 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 9879} 9880 9881 9882static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 9883 struct i802_bss *bss, 9884 const char *brname, const char *ifname) 9885{ 9886 int ifindex; 9887 char in_br[IFNAMSIZ]; 9888 9889 os_strlcpy(bss->brname, brname, IFNAMSIZ); 9890 ifindex = if_nametoindex(brname); 9891 if (ifindex == 0) { 9892 /* 9893 * Bridge was configured, but the bridge device does 9894 * not exist. Try to add it now. 9895 */ 9896 if (linux_br_add(drv->global->ioctl_sock, brname) < 0) { 9897 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 9898 "bridge interface %s: %s", 9899 brname, strerror(errno)); 9900 return -1; 9901 } 9902 bss->added_bridge = 1; 9903 add_ifidx(drv, if_nametoindex(brname)); 9904 } 9905 9906 if (linux_br_get(in_br, ifname) == 0) { 9907 if (os_strcmp(in_br, brname) == 0) 9908 return 0; /* already in the bridge */ 9909 9910 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 9911 "bridge %s", ifname, in_br); 9912 if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) < 9913 0) { 9914 wpa_printf(MSG_ERROR, "nl80211: Failed to " 9915 "remove interface %s from bridge " 9916 "%s: %s", 9917 ifname, brname, strerror(errno)); 9918 return -1; 9919 } 9920 } 9921 9922 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 9923 ifname, brname); 9924 if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) { 9925 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 9926 "into bridge %s: %s", 9927 ifname, brname, strerror(errno)); 9928 return -1; 9929 } 9930 bss->added_if_into_bridge = 1; 9931 9932 return 0; 9933} 9934 9935 9936static void *i802_init(struct hostapd_data *hapd, 9937 struct wpa_init_params *params) 9938{ 9939 struct wpa_driver_nl80211_data *drv; 9940 struct i802_bss *bss; 9941 size_t i; 9942 char brname[IFNAMSIZ]; 9943 int ifindex, br_ifindex; 9944 int br_added = 0; 9945 9946 bss = wpa_driver_nl80211_drv_init(hapd, params->ifname, 9947 params->global_priv, 1, 9948 params->bssid); 9949 if (bss == NULL) 9950 return NULL; 9951 9952 drv = bss->drv; 9953 9954 if (linux_br_get(brname, params->ifname) == 0) { 9955 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 9956 params->ifname, brname); 9957 br_ifindex = if_nametoindex(brname); 9958 } else { 9959 brname[0] = '\0'; 9960 br_ifindex = 0; 9961 } 9962 9963 for (i = 0; i < params->num_bridge; i++) { 9964 if (params->bridge[i]) { 9965 ifindex = if_nametoindex(params->bridge[i]); 9966 if (ifindex) 9967 add_ifidx(drv, ifindex); 9968 if (ifindex == br_ifindex) 9969 br_added = 1; 9970 } 9971 } 9972 if (!br_added && br_ifindex && 9973 (params->num_bridge == 0 || !params->bridge[0])) 9974 add_ifidx(drv, br_ifindex); 9975 9976 /* start listening for EAPOL on the default AP interface */ 9977 add_ifidx(drv, drv->ifindex); 9978 9979 if (params->num_bridge && params->bridge[0] && 9980 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0) 9981 goto failed; 9982 9983 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 9984 if (drv->eapol_sock < 0) { 9985 wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s", 9986 strerror(errno)); 9987 goto failed; 9988 } 9989 9990 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 9991 { 9992 wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol"); 9993 goto failed; 9994 } 9995 9996 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 9997 params->own_addr)) 9998 goto failed; 9999 10000 memcpy(bss->addr, params->own_addr, ETH_ALEN); 10001 10002 return bss; 10003 10004failed: 10005 wpa_driver_nl80211_deinit(bss); 10006 return NULL; 10007} 10008 10009 10010static void i802_deinit(void *priv) 10011{ 10012 struct i802_bss *bss = priv; 10013 wpa_driver_nl80211_deinit(bss); 10014} 10015 10016 10017static enum nl80211_iftype wpa_driver_nl80211_if_type( 10018 enum wpa_driver_if_type type) 10019{ 10020 switch (type) { 10021 case WPA_IF_STATION: 10022 return NL80211_IFTYPE_STATION; 10023 case WPA_IF_P2P_CLIENT: 10024 case WPA_IF_P2P_GROUP: 10025 return NL80211_IFTYPE_P2P_CLIENT; 10026 case WPA_IF_AP_VLAN: 10027 return NL80211_IFTYPE_AP_VLAN; 10028 case WPA_IF_AP_BSS: 10029 return NL80211_IFTYPE_AP; 10030 case WPA_IF_P2P_GO: 10031 return NL80211_IFTYPE_P2P_GO; 10032 case WPA_IF_P2P_DEVICE: 10033 return NL80211_IFTYPE_P2P_DEVICE; 10034 } 10035 return -1; 10036} 10037 10038 10039#ifdef CONFIG_P2P 10040 10041static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr) 10042{ 10043 struct wpa_driver_nl80211_data *drv; 10044 dl_list_for_each(drv, &global->interfaces, 10045 struct wpa_driver_nl80211_data, list) { 10046 if (os_memcmp(addr, drv->first_bss->addr, ETH_ALEN) == 0) 10047 return 1; 10048 } 10049 return 0; 10050} 10051 10052 10053static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv, 10054 u8 *new_addr) 10055{ 10056 unsigned int idx; 10057 10058 if (!drv->global) 10059 return -1; 10060 10061 os_memcpy(new_addr, drv->first_bss->addr, ETH_ALEN); 10062 for (idx = 0; idx < 64; idx++) { 10063 new_addr[0] = drv->first_bss->addr[0] | 0x02; 10064 new_addr[0] ^= idx << 2; 10065 if (!nl80211_addr_in_use(drv->global, new_addr)) 10066 break; 10067 } 10068 if (idx == 64) 10069 return -1; 10070 10071 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address " 10072 MACSTR, MAC2STR(new_addr)); 10073 10074 return 0; 10075} 10076 10077#endif /* CONFIG_P2P */ 10078 10079 10080struct wdev_info { 10081 u64 wdev_id; 10082 int wdev_id_set; 10083 u8 macaddr[ETH_ALEN]; 10084}; 10085 10086static int nl80211_wdev_handler(struct nl_msg *msg, void *arg) 10087{ 10088 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10089 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10090 struct wdev_info *wi = arg; 10091 10092 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10093 genlmsg_attrlen(gnlh, 0), NULL); 10094 if (tb[NL80211_ATTR_WDEV]) { 10095 wi->wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 10096 wi->wdev_id_set = 1; 10097 } 10098 10099 if (tb[NL80211_ATTR_MAC]) 10100 os_memcpy(wi->macaddr, nla_data(tb[NL80211_ATTR_MAC]), 10101 ETH_ALEN); 10102 10103 return NL_SKIP; 10104} 10105 10106 10107static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 10108 const char *ifname, const u8 *addr, 10109 void *bss_ctx, void **drv_priv, 10110 char *force_ifname, u8 *if_addr, 10111 const char *bridge, int use_existing) 10112{ 10113 enum nl80211_iftype nlmode; 10114 struct i802_bss *bss = priv; 10115 struct wpa_driver_nl80211_data *drv = bss->drv; 10116 int ifidx; 10117 int added = 1; 10118 10119 if (addr) 10120 os_memcpy(if_addr, addr, ETH_ALEN); 10121 nlmode = wpa_driver_nl80211_if_type(type); 10122 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) { 10123 struct wdev_info p2pdev_info; 10124 10125 os_memset(&p2pdev_info, 0, sizeof(p2pdev_info)); 10126 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr, 10127 0, nl80211_wdev_handler, 10128 &p2pdev_info, use_existing); 10129 if (!p2pdev_info.wdev_id_set || ifidx != 0) { 10130 wpa_printf(MSG_ERROR, "nl80211: Failed to create a P2P Device interface %s", 10131 ifname); 10132 return -1; 10133 } 10134 10135 drv->global->if_add_wdevid = p2pdev_info.wdev_id; 10136 drv->global->if_add_wdevid_set = p2pdev_info.wdev_id_set; 10137 if (!is_zero_ether_addr(p2pdev_info.macaddr)) 10138 os_memcpy(if_addr, p2pdev_info.macaddr, ETH_ALEN); 10139 wpa_printf(MSG_DEBUG, "nl80211: New P2P Device interface %s (0x%llx) created", 10140 ifname, 10141 (long long unsigned int) p2pdev_info.wdev_id); 10142 } else { 10143 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr, 10144 0, NULL, NULL, use_existing); 10145 if (use_existing && ifidx == -ENFILE) { 10146 added = 0; 10147 ifidx = if_nametoindex(ifname); 10148 } else if (ifidx < 0) { 10149 return -1; 10150 } 10151 } 10152 10153 if (!addr) { 10154 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) 10155 os_memcpy(if_addr, bss->addr, ETH_ALEN); 10156 else if (linux_get_ifhwaddr(drv->global->ioctl_sock, 10157 bss->ifname, if_addr) < 0) { 10158 if (added) 10159 nl80211_remove_iface(drv, ifidx); 10160 return -1; 10161 } 10162 } 10163 10164#ifdef CONFIG_P2P 10165 if (!addr && 10166 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP || 10167 type == WPA_IF_P2P_GO)) { 10168 /* Enforce unique P2P Interface Address */ 10169 u8 new_addr[ETH_ALEN]; 10170 10171 if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname, 10172 new_addr) < 0) { 10173 if (added) 10174 nl80211_remove_iface(drv, ifidx); 10175 return -1; 10176 } 10177 if (nl80211_addr_in_use(drv->global, new_addr)) { 10178 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address " 10179 "for P2P group interface"); 10180 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) { 10181 if (added) 10182 nl80211_remove_iface(drv, ifidx); 10183 return -1; 10184 } 10185 if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 10186 new_addr) < 0) { 10187 if (added) 10188 nl80211_remove_iface(drv, ifidx); 10189 return -1; 10190 } 10191 } 10192 os_memcpy(if_addr, new_addr, ETH_ALEN); 10193 } 10194#endif /* CONFIG_P2P */ 10195 10196 if (type == WPA_IF_AP_BSS) { 10197 struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss)); 10198 if (new_bss == NULL) { 10199 if (added) 10200 nl80211_remove_iface(drv, ifidx); 10201 return -1; 10202 } 10203 10204 if (bridge && 10205 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) { 10206 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new " 10207 "interface %s to a bridge %s", 10208 ifname, bridge); 10209 if (added) 10210 nl80211_remove_iface(drv, ifidx); 10211 os_free(new_bss); 10212 return -1; 10213 } 10214 10215 if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1)) 10216 { 10217 if (added) 10218 nl80211_remove_iface(drv, ifidx); 10219 os_free(new_bss); 10220 return -1; 10221 } 10222 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 10223 os_memcpy(new_bss->addr, if_addr, ETH_ALEN); 10224 new_bss->ifindex = ifidx; 10225 new_bss->drv = drv; 10226 new_bss->next = drv->first_bss->next; 10227 new_bss->freq = drv->first_bss->freq; 10228 new_bss->ctx = bss_ctx; 10229 new_bss->added_if = added; 10230 drv->first_bss->next = new_bss; 10231 if (drv_priv) 10232 *drv_priv = new_bss; 10233 nl80211_init_bss(new_bss); 10234 10235 /* Subscribe management frames for this WPA_IF_AP_BSS */ 10236 if (nl80211_setup_ap(new_bss)) 10237 return -1; 10238 } 10239 10240 if (drv->global) 10241 drv->global->if_add_ifindex = ifidx; 10242 10243 /* 10244 * Some virtual interfaces need to process EAPOL packets and events on 10245 * the parent interface. This is used mainly with hostapd. 10246 */ 10247 if (ifidx > 0 && 10248 (drv->hostapd || 10249 nlmode == NL80211_IFTYPE_AP_VLAN || 10250 nlmode == NL80211_IFTYPE_WDS || 10251 nlmode == NL80211_IFTYPE_MONITOR)) 10252 add_ifidx(drv, ifidx); 10253 10254 return 0; 10255} 10256 10257 10258static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, 10259 enum wpa_driver_if_type type, 10260 const char *ifname) 10261{ 10262 struct wpa_driver_nl80211_data *drv = bss->drv; 10263 int ifindex = if_nametoindex(ifname); 10264 10265 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d added_if=%d", 10266 __func__, type, ifname, ifindex, bss->added_if); 10267 if (ifindex > 0 && (bss->added_if || bss->ifindex != ifindex)) 10268 nl80211_remove_iface(drv, ifindex); 10269 else if (ifindex > 0 && !bss->added_if) { 10270 struct wpa_driver_nl80211_data *drv2; 10271 dl_list_for_each(drv2, &drv->global->interfaces, 10272 struct wpa_driver_nl80211_data, list) 10273 del_ifidx(drv2, ifindex); 10274 } 10275 10276 if (type != WPA_IF_AP_BSS) 10277 return 0; 10278 10279 if (bss->added_if_into_bridge) { 10280 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 10281 bss->ifname) < 0) 10282 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 10283 "interface %s from bridge %s: %s", 10284 bss->ifname, bss->brname, strerror(errno)); 10285 } 10286 if (bss->added_bridge) { 10287 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 10288 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 10289 "bridge %s: %s", 10290 bss->brname, strerror(errno)); 10291 } 10292 10293 if (bss != drv->first_bss) { 10294 struct i802_bss *tbss; 10295 10296 wpa_printf(MSG_DEBUG, "nl80211: Not the first BSS - remove it"); 10297 for (tbss = drv->first_bss; tbss; tbss = tbss->next) { 10298 if (tbss->next == bss) { 10299 tbss->next = bss->next; 10300 /* Unsubscribe management frames */ 10301 nl80211_teardown_ap(bss); 10302 nl80211_destroy_bss(bss); 10303 if (!bss->added_if) 10304 i802_set_iface_flags(bss, 0); 10305 os_free(bss); 10306 bss = NULL; 10307 break; 10308 } 10309 } 10310 if (bss) 10311 wpa_printf(MSG_INFO, "nl80211: %s - could not find " 10312 "BSS %p in the list", __func__, bss); 10313 } else { 10314 wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); 10315 nl80211_teardown_ap(bss); 10316 if (!bss->added_if && !drv->first_bss->next) 10317 wpa_driver_nl80211_del_beacon(drv); 10318 nl80211_destroy_bss(bss); 10319 if (!bss->added_if) 10320 i802_set_iface_flags(bss, 0); 10321 if (drv->first_bss->next) { 10322 drv->first_bss = drv->first_bss->next; 10323 drv->ctx = drv->first_bss->ctx; 10324 os_free(bss); 10325 } else { 10326 wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to"); 10327 } 10328 } 10329 10330 return 0; 10331} 10332 10333 10334static int cookie_handler(struct nl_msg *msg, void *arg) 10335{ 10336 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10337 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10338 u64 *cookie = arg; 10339 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10340 genlmsg_attrlen(gnlh, 0), NULL); 10341 if (tb[NL80211_ATTR_COOKIE]) 10342 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 10343 return NL_SKIP; 10344} 10345 10346 10347static int nl80211_send_frame_cmd(struct i802_bss *bss, 10348 unsigned int freq, unsigned int wait, 10349 const u8 *buf, size_t buf_len, 10350 u64 *cookie_out, int no_cck, int no_ack, 10351 int offchanok) 10352{ 10353 struct wpa_driver_nl80211_data *drv = bss->drv; 10354 struct nl_msg *msg; 10355 u64 cookie; 10356 int ret = -1; 10357 10358 msg = nlmsg_alloc(); 10359 if (!msg) 10360 return -1; 10361 10362 wpa_printf(MSG_MSGDUMP, "nl80211: CMD_FRAME freq=%u wait=%u no_cck=%d " 10363 "no_ack=%d offchanok=%d", 10364 freq, wait, no_cck, no_ack, offchanok); 10365 wpa_hexdump(MSG_MSGDUMP, "CMD_FRAME", buf, buf_len); 10366 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME); 10367 10368 if (nl80211_set_iface_id(msg, bss) < 0) 10369 goto nla_put_failure; 10370 if (freq) 10371 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 10372 if (wait) 10373 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait); 10374 if (offchanok && ((drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) || 10375 drv->test_use_roc_tx)) 10376 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 10377 if (no_cck) 10378 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 10379 if (no_ack) 10380 NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK); 10381 10382 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf); 10383 10384 cookie = 0; 10385 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 10386 msg = NULL; 10387 if (ret) { 10388 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d " 10389 "(%s) (freq=%u wait=%u)", ret, strerror(-ret), 10390 freq, wait); 10391 goto nla_put_failure; 10392 } 10393 wpa_printf(MSG_MSGDUMP, "nl80211: Frame TX command accepted%s; " 10394 "cookie 0x%llx", no_ack ? " (no ACK)" : "", 10395 (long long unsigned int) cookie); 10396 10397 if (cookie_out) 10398 *cookie_out = no_ack ? (u64) -1 : cookie; 10399 10400nla_put_failure: 10401 nlmsg_free(msg); 10402 return ret; 10403} 10404 10405 10406static int wpa_driver_nl80211_send_action(struct i802_bss *bss, 10407 unsigned int freq, 10408 unsigned int wait_time, 10409 const u8 *dst, const u8 *src, 10410 const u8 *bssid, 10411 const u8 *data, size_t data_len, 10412 int no_cck) 10413{ 10414 struct wpa_driver_nl80211_data *drv = bss->drv; 10415 int ret = -1; 10416 u8 *buf; 10417 struct ieee80211_hdr *hdr; 10418 10419 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, " 10420 "freq=%u MHz wait=%d ms no_cck=%d)", 10421 drv->ifindex, freq, wait_time, no_cck); 10422 10423 buf = os_zalloc(24 + data_len); 10424 if (buf == NULL) 10425 return ret; 10426 os_memcpy(buf + 24, data, data_len); 10427 hdr = (struct ieee80211_hdr *) buf; 10428 hdr->frame_control = 10429 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 10430 os_memcpy(hdr->addr1, dst, ETH_ALEN); 10431 os_memcpy(hdr->addr2, src, ETH_ALEN); 10432 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 10433 10434 if (is_ap_interface(drv->nlmode) && 10435 (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) || 10436 (int) freq == bss->freq || drv->device_ap_sme || 10437 !drv->use_monitor)) 10438 ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len, 10439 0, freq, no_cck, 1, 10440 wait_time); 10441 else 10442 ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf, 10443 24 + data_len, 10444 &drv->send_action_cookie, 10445 no_cck, 0, 1); 10446 10447 os_free(buf); 10448 return ret; 10449} 10450 10451 10452static void wpa_driver_nl80211_send_action_cancel_wait(void *priv) 10453{ 10454 struct i802_bss *bss = priv; 10455 struct wpa_driver_nl80211_data *drv = bss->drv; 10456 struct nl_msg *msg; 10457 int ret; 10458 10459 msg = nlmsg_alloc(); 10460 if (!msg) 10461 return; 10462 10463 wpa_printf(MSG_DEBUG, "nl80211: Cancel TX frame wait: cookie=0x%llx", 10464 (long long unsigned int) drv->send_action_cookie); 10465 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL); 10466 10467 if (nl80211_set_iface_id(msg, bss) < 0) 10468 goto nla_put_failure; 10469 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie); 10470 10471 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10472 msg = NULL; 10473 if (ret) 10474 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d " 10475 "(%s)", ret, strerror(-ret)); 10476 10477 nla_put_failure: 10478 nlmsg_free(msg); 10479} 10480 10481 10482static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 10483 unsigned int duration) 10484{ 10485 struct i802_bss *bss = priv; 10486 struct wpa_driver_nl80211_data *drv = bss->drv; 10487 struct nl_msg *msg; 10488 int ret; 10489 u64 cookie; 10490 10491 msg = nlmsg_alloc(); 10492 if (!msg) 10493 return -1; 10494 10495 nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL); 10496 10497 if (nl80211_set_iface_id(msg, bss) < 0) 10498 goto nla_put_failure; 10499 10500 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 10501 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 10502 10503 cookie = 0; 10504 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 10505 msg = NULL; 10506 if (ret == 0) { 10507 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 10508 "0x%llx for freq=%u MHz duration=%u", 10509 (long long unsigned int) cookie, freq, duration); 10510 drv->remain_on_chan_cookie = cookie; 10511 drv->pending_remain_on_chan = 1; 10512 return 0; 10513 } 10514 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 10515 "(freq=%d duration=%u): %d (%s)", 10516 freq, duration, ret, strerror(-ret)); 10517nla_put_failure: 10518 nlmsg_free(msg); 10519 return -1; 10520} 10521 10522 10523static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 10524{ 10525 struct i802_bss *bss = priv; 10526 struct wpa_driver_nl80211_data *drv = bss->drv; 10527 struct nl_msg *msg; 10528 int ret; 10529 10530 if (!drv->pending_remain_on_chan) { 10531 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 10532 "to cancel"); 10533 return -1; 10534 } 10535 10536 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 10537 "0x%llx", 10538 (long long unsigned int) drv->remain_on_chan_cookie); 10539 10540 msg = nlmsg_alloc(); 10541 if (!msg) 10542 return -1; 10543 10544 nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL); 10545 10546 if (nl80211_set_iface_id(msg, bss) < 0) 10547 goto nla_put_failure; 10548 10549 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 10550 10551 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10552 msg = NULL; 10553 if (ret == 0) 10554 return 0; 10555 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 10556 "%d (%s)", ret, strerror(-ret)); 10557nla_put_failure: 10558 nlmsg_free(msg); 10559 return -1; 10560} 10561 10562 10563static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, int report) 10564{ 10565 struct wpa_driver_nl80211_data *drv = bss->drv; 10566 10567 if (!report) { 10568 if (bss->nl_preq && drv->device_ap_sme && 10569 is_ap_interface(drv->nlmode) && !bss->in_deinit) { 10570 /* 10571 * Do not disable Probe Request reporting that was 10572 * enabled in nl80211_setup_ap(). 10573 */ 10574 wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of " 10575 "Probe Request reporting nl_preq=%p while " 10576 "in AP mode", bss->nl_preq); 10577 } else if (bss->nl_preq) { 10578 wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request " 10579 "reporting nl_preq=%p", bss->nl_preq); 10580 nl80211_destroy_eloop_handle(&bss->nl_preq); 10581 } 10582 return 0; 10583 } 10584 10585 if (bss->nl_preq) { 10586 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting " 10587 "already on! nl_preq=%p", bss->nl_preq); 10588 return 0; 10589 } 10590 10591 bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq"); 10592 if (bss->nl_preq == NULL) 10593 return -1; 10594 wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request " 10595 "reporting nl_preq=%p", bss->nl_preq); 10596 10597 if (nl80211_register_frame(bss, bss->nl_preq, 10598 (WLAN_FC_TYPE_MGMT << 2) | 10599 (WLAN_FC_STYPE_PROBE_REQ << 4), 10600 NULL, 0) < 0) 10601 goto out_err; 10602 10603 nl80211_register_eloop_read(&bss->nl_preq, 10604 wpa_driver_nl80211_event_receive, 10605 bss->nl_cb); 10606 10607 return 0; 10608 10609 out_err: 10610 nl_destroy_handles(&bss->nl_preq); 10611 return -1; 10612} 10613 10614 10615static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 10616 int ifindex, int disabled) 10617{ 10618 struct nl_msg *msg; 10619 struct nlattr *bands, *band; 10620 int ret; 10621 10622 msg = nlmsg_alloc(); 10623 if (!msg) 10624 return -1; 10625 10626 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK); 10627 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 10628 10629 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 10630 if (!bands) 10631 goto nla_put_failure; 10632 10633 /* 10634 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 10635 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 10636 * rates. All 5 GHz rates are left enabled. 10637 */ 10638 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 10639 if (!band) 10640 goto nla_put_failure; 10641 if (disabled) { 10642 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 10643 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 10644 } 10645 nla_nest_end(msg, band); 10646 10647 nla_nest_end(msg, bands); 10648 10649 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10650 msg = NULL; 10651 if (ret) { 10652 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 10653 "(%s)", ret, strerror(-ret)); 10654 } else 10655 drv->disabled_11b_rates = disabled; 10656 10657 return ret; 10658 10659nla_put_failure: 10660 nlmsg_free(msg); 10661 return -1; 10662} 10663 10664 10665static int wpa_driver_nl80211_deinit_ap(void *priv) 10666{ 10667 struct i802_bss *bss = priv; 10668 struct wpa_driver_nl80211_data *drv = bss->drv; 10669 if (!is_ap_interface(drv->nlmode)) 10670 return -1; 10671 wpa_driver_nl80211_del_beacon(drv); 10672 10673 /* 10674 * If the P2P GO interface was dynamically added, then it is 10675 * possible that the interface change to station is not possible. 10676 */ 10677 if (drv->nlmode == NL80211_IFTYPE_P2P_GO && bss->if_dynamic) 10678 return 0; 10679 10680 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 10681} 10682 10683 10684static int wpa_driver_nl80211_stop_ap(void *priv) 10685{ 10686 struct i802_bss *bss = priv; 10687 struct wpa_driver_nl80211_data *drv = bss->drv; 10688 if (!is_ap_interface(drv->nlmode)) 10689 return -1; 10690 wpa_driver_nl80211_del_beacon(drv); 10691 bss->beacon_set = 0; 10692 return 0; 10693} 10694 10695 10696static int wpa_driver_nl80211_deinit_p2p_cli(void *priv) 10697{ 10698 struct i802_bss *bss = priv; 10699 struct wpa_driver_nl80211_data *drv = bss->drv; 10700 if (drv->nlmode != NL80211_IFTYPE_P2P_CLIENT) 10701 return -1; 10702 10703 /* 10704 * If the P2P Client interface was dynamically added, then it is 10705 * possible that the interface change to station is not possible. 10706 */ 10707 if (bss->if_dynamic) 10708 return 0; 10709 10710 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 10711} 10712 10713 10714static void wpa_driver_nl80211_resume(void *priv) 10715{ 10716 struct i802_bss *bss = priv; 10717 10718 if (i802_set_iface_flags(bss, 1)) 10719 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event"); 10720} 10721 10722 10723static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 10724 const u8 *ies, size_t ies_len) 10725{ 10726 struct i802_bss *bss = priv; 10727 struct wpa_driver_nl80211_data *drv = bss->drv; 10728 int ret; 10729 u8 *data, *pos; 10730 size_t data_len; 10731 const u8 *own_addr = bss->addr; 10732 10733 if (action != 1) { 10734 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 10735 "action %d", action); 10736 return -1; 10737 } 10738 10739 /* 10740 * Action frame payload: 10741 * Category[1] = 6 (Fast BSS Transition) 10742 * Action[1] = 1 (Fast BSS Transition Request) 10743 * STA Address 10744 * Target AP Address 10745 * FT IEs 10746 */ 10747 10748 data_len = 2 + 2 * ETH_ALEN + ies_len; 10749 data = os_malloc(data_len); 10750 if (data == NULL) 10751 return -1; 10752 pos = data; 10753 *pos++ = 0x06; /* FT Action category */ 10754 *pos++ = action; 10755 os_memcpy(pos, own_addr, ETH_ALEN); 10756 pos += ETH_ALEN; 10757 os_memcpy(pos, target_ap, ETH_ALEN); 10758 pos += ETH_ALEN; 10759 os_memcpy(pos, ies, ies_len); 10760 10761 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0, 10762 drv->bssid, own_addr, drv->bssid, 10763 data, data_len, 0); 10764 os_free(data); 10765 10766 return ret; 10767} 10768 10769 10770static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 10771{ 10772 struct i802_bss *bss = priv; 10773 struct wpa_driver_nl80211_data *drv = bss->drv; 10774 struct nl_msg *msg; 10775 struct nlattr *cqm; 10776 int ret = -1; 10777 10778 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 10779 "hysteresis=%d", threshold, hysteresis); 10780 10781 msg = nlmsg_alloc(); 10782 if (!msg) 10783 return -1; 10784 10785 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM); 10786 10787 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10788 10789 cqm = nla_nest_start(msg, NL80211_ATTR_CQM); 10790 if (cqm == NULL) 10791 goto nla_put_failure; 10792 10793 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 10794 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 10795 nla_nest_end(msg, cqm); 10796 10797 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10798 msg = NULL; 10799 10800nla_put_failure: 10801 nlmsg_free(msg); 10802 return ret; 10803} 10804 10805 10806static int get_channel_width(struct nl_msg *msg, void *arg) 10807{ 10808 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10809 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10810 struct wpa_signal_info *sig_change = arg; 10811 10812 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10813 genlmsg_attrlen(gnlh, 0), NULL); 10814 10815 sig_change->center_frq1 = -1; 10816 sig_change->center_frq2 = -1; 10817 sig_change->chanwidth = CHAN_WIDTH_UNKNOWN; 10818 10819 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) { 10820 sig_change->chanwidth = convert2width( 10821 nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH])); 10822 if (tb[NL80211_ATTR_CENTER_FREQ1]) 10823 sig_change->center_frq1 = 10824 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 10825 if (tb[NL80211_ATTR_CENTER_FREQ2]) 10826 sig_change->center_frq2 = 10827 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 10828 } 10829 10830 return NL_SKIP; 10831} 10832 10833 10834static int nl80211_get_channel_width(struct wpa_driver_nl80211_data *drv, 10835 struct wpa_signal_info *sig) 10836{ 10837 struct nl_msg *msg; 10838 10839 msg = nlmsg_alloc(); 10840 if (!msg) 10841 return -ENOMEM; 10842 10843 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_INTERFACE); 10844 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10845 10846 return send_and_recv_msgs(drv, msg, get_channel_width, sig); 10847 10848nla_put_failure: 10849 nlmsg_free(msg); 10850 return -ENOBUFS; 10851} 10852 10853 10854static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si) 10855{ 10856 struct i802_bss *bss = priv; 10857 struct wpa_driver_nl80211_data *drv = bss->drv; 10858 int res; 10859 10860 os_memset(si, 0, sizeof(*si)); 10861 res = nl80211_get_link_signal(drv, si); 10862 if (res != 0) 10863 return res; 10864 10865 res = nl80211_get_channel_width(drv, si); 10866 if (res != 0) 10867 return res; 10868 10869 return nl80211_get_link_noise(drv, si); 10870} 10871 10872 10873static int wpa_driver_nl80211_shared_freq(void *priv) 10874{ 10875 struct i802_bss *bss = priv; 10876 struct wpa_driver_nl80211_data *drv = bss->drv; 10877 struct wpa_driver_nl80211_data *driver; 10878 int freq = 0; 10879 10880 /* 10881 * If the same PHY is in connected state with some other interface, 10882 * then retrieve the assoc freq. 10883 */ 10884 wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s", 10885 drv->phyname); 10886 10887 dl_list_for_each(driver, &drv->global->interfaces, 10888 struct wpa_driver_nl80211_data, list) { 10889 if (drv == driver || 10890 os_strcmp(drv->phyname, driver->phyname) != 0 || 10891 !driver->associated) 10892 continue; 10893 10894 wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s " 10895 MACSTR, 10896 driver->phyname, driver->first_bss->ifname, 10897 MAC2STR(driver->first_bss->addr)); 10898 if (is_ap_interface(driver->nlmode)) 10899 freq = driver->first_bss->freq; 10900 else 10901 freq = nl80211_get_assoc_freq(driver); 10902 wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d", 10903 drv->phyname, freq); 10904 } 10905 10906 if (!freq) 10907 wpa_printf(MSG_DEBUG, "nl80211: No shared interface for " 10908 "PHY (%s) in associated state", drv->phyname); 10909 10910 return freq; 10911} 10912 10913 10914static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 10915 int encrypt) 10916{ 10917 struct i802_bss *bss = priv; 10918 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0, 10919 0, 0, 0, 0); 10920} 10921 10922 10923static int nl80211_set_param(void *priv, const char *param) 10924{ 10925 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param); 10926 if (param == NULL) 10927 return 0; 10928 10929#ifdef CONFIG_P2P 10930 if (os_strstr(param, "use_p2p_group_interface=1")) { 10931 struct i802_bss *bss = priv; 10932 struct wpa_driver_nl80211_data *drv = bss->drv; 10933 10934 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 10935 "interface"); 10936 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 10937 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 10938 } 10939 10940 if (os_strstr(param, "p2p_device=1")) { 10941 struct i802_bss *bss = priv; 10942 struct wpa_driver_nl80211_data *drv = bss->drv; 10943 drv->allow_p2p_device = 1; 10944 } 10945#endif /* CONFIG_P2P */ 10946 10947 if (os_strstr(param, "use_monitor=1")) { 10948 struct i802_bss *bss = priv; 10949 struct wpa_driver_nl80211_data *drv = bss->drv; 10950 drv->use_monitor = 1; 10951 } 10952 10953 if (os_strstr(param, "force_connect_cmd=1")) { 10954 struct i802_bss *bss = priv; 10955 struct wpa_driver_nl80211_data *drv = bss->drv; 10956 drv->capa.flags &= ~WPA_DRIVER_FLAGS_SME; 10957 } 10958 10959 if (os_strstr(param, "no_offchannel_tx=1")) { 10960 struct i802_bss *bss = priv; 10961 struct wpa_driver_nl80211_data *drv = bss->drv; 10962 drv->capa.flags &= ~WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 10963 drv->test_use_roc_tx = 1; 10964 } 10965 10966 return 0; 10967} 10968 10969 10970static void * nl80211_global_init(void) 10971{ 10972 struct nl80211_global *global; 10973 struct netlink_config *cfg; 10974 10975 global = os_zalloc(sizeof(*global)); 10976 if (global == NULL) 10977 return NULL; 10978 global->ioctl_sock = -1; 10979 dl_list_init(&global->interfaces); 10980 global->if_add_ifindex = -1; 10981 10982 cfg = os_zalloc(sizeof(*cfg)); 10983 if (cfg == NULL) 10984 goto err; 10985 10986 cfg->ctx = global; 10987 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 10988 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 10989 global->netlink = netlink_init(cfg); 10990 if (global->netlink == NULL) { 10991 os_free(cfg); 10992 goto err; 10993 } 10994 10995 if (wpa_driver_nl80211_init_nl_global(global) < 0) 10996 goto err; 10997 10998 global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 10999 if (global->ioctl_sock < 0) { 11000 wpa_printf(MSG_ERROR, "nl80211: socket(PF_INET,SOCK_DGRAM) failed: %s", 11001 strerror(errno)); 11002 goto err; 11003 } 11004 11005 return global; 11006 11007err: 11008 nl80211_global_deinit(global); 11009 return NULL; 11010} 11011 11012 11013static void nl80211_global_deinit(void *priv) 11014{ 11015 struct nl80211_global *global = priv; 11016 if (global == NULL) 11017 return; 11018 if (!dl_list_empty(&global->interfaces)) { 11019 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at " 11020 "nl80211_global_deinit", 11021 dl_list_len(&global->interfaces)); 11022 } 11023 11024 if (global->netlink) 11025 netlink_deinit(global->netlink); 11026 11027 nl_destroy_handles(&global->nl); 11028 11029 if (global->nl_event) 11030 nl80211_destroy_eloop_handle(&global->nl_event); 11031 11032 nl_cb_put(global->nl_cb); 11033 11034 if (global->ioctl_sock >= 0) 11035 close(global->ioctl_sock); 11036 11037 os_free(global); 11038} 11039 11040 11041static const char * nl80211_get_radio_name(void *priv) 11042{ 11043 struct i802_bss *bss = priv; 11044 struct wpa_driver_nl80211_data *drv = bss->drv; 11045 return drv->phyname; 11046} 11047 11048 11049static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid, 11050 const u8 *pmkid) 11051{ 11052 struct nl_msg *msg; 11053 11054 msg = nlmsg_alloc(); 11055 if (!msg) 11056 return -ENOMEM; 11057 11058 nl80211_cmd(bss->drv, msg, 0, cmd); 11059 11060 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 11061 if (pmkid) 11062 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid); 11063 if (bssid) 11064 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 11065 11066 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 11067 nla_put_failure: 11068 nlmsg_free(msg); 11069 return -ENOBUFS; 11070} 11071 11072 11073static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 11074{ 11075 struct i802_bss *bss = priv; 11076 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid)); 11077 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid); 11078} 11079 11080 11081static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 11082{ 11083 struct i802_bss *bss = priv; 11084 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR, 11085 MAC2STR(bssid)); 11086 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid); 11087} 11088 11089 11090static int nl80211_flush_pmkid(void *priv) 11091{ 11092 struct i802_bss *bss = priv; 11093 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs"); 11094 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL); 11095} 11096 11097 11098static void clean_survey_results(struct survey_results *survey_results) 11099{ 11100 struct freq_survey *survey, *tmp; 11101 11102 if (dl_list_empty(&survey_results->survey_list)) 11103 return; 11104 11105 dl_list_for_each_safe(survey, tmp, &survey_results->survey_list, 11106 struct freq_survey, list) { 11107 dl_list_del(&survey->list); 11108 os_free(survey); 11109 } 11110} 11111 11112 11113static void add_survey(struct nlattr **sinfo, u32 ifidx, 11114 struct dl_list *survey_list) 11115{ 11116 struct freq_survey *survey; 11117 11118 survey = os_zalloc(sizeof(struct freq_survey)); 11119 if (!survey) 11120 return; 11121 11122 survey->ifidx = ifidx; 11123 survey->freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 11124 survey->filled = 0; 11125 11126 if (sinfo[NL80211_SURVEY_INFO_NOISE]) { 11127 survey->nf = (int8_t) 11128 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 11129 survey->filled |= SURVEY_HAS_NF; 11130 } 11131 11132 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]) { 11133 survey->channel_time = 11134 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]); 11135 survey->filled |= SURVEY_HAS_CHAN_TIME; 11136 } 11137 11138 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]) { 11139 survey->channel_time_busy = 11140 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]); 11141 survey->filled |= SURVEY_HAS_CHAN_TIME_BUSY; 11142 } 11143 11144 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]) { 11145 survey->channel_time_rx = 11146 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]); 11147 survey->filled |= SURVEY_HAS_CHAN_TIME_RX; 11148 } 11149 11150 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]) { 11151 survey->channel_time_tx = 11152 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]); 11153 survey->filled |= SURVEY_HAS_CHAN_TIME_TX; 11154 } 11155 11156 wpa_printf(MSG_DEBUG, "nl80211: Freq survey dump event (freq=%d MHz noise=%d channel_time=%ld busy_time=%ld tx_time=%ld rx_time=%ld filled=%04x)", 11157 survey->freq, 11158 survey->nf, 11159 (unsigned long int) survey->channel_time, 11160 (unsigned long int) survey->channel_time_busy, 11161 (unsigned long int) survey->channel_time_tx, 11162 (unsigned long int) survey->channel_time_rx, 11163 survey->filled); 11164 11165 dl_list_add_tail(survey_list, &survey->list); 11166} 11167 11168 11169static int check_survey_ok(struct nlattr **sinfo, u32 surveyed_freq, 11170 unsigned int freq_filter) 11171{ 11172 if (!freq_filter) 11173 return 1; 11174 11175 return freq_filter == surveyed_freq; 11176} 11177 11178 11179static int survey_handler(struct nl_msg *msg, void *arg) 11180{ 11181 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 11182 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 11183 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 11184 struct survey_results *survey_results; 11185 u32 surveyed_freq = 0; 11186 u32 ifidx; 11187 11188 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 11189 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 11190 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 11191 }; 11192 11193 survey_results = (struct survey_results *) arg; 11194 11195 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 11196 genlmsg_attrlen(gnlh, 0), NULL); 11197 11198 if (!tb[NL80211_ATTR_IFINDEX]) 11199 return NL_SKIP; 11200 11201 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 11202 11203 if (!tb[NL80211_ATTR_SURVEY_INFO]) 11204 return NL_SKIP; 11205 11206 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 11207 tb[NL80211_ATTR_SURVEY_INFO], 11208 survey_policy)) 11209 return NL_SKIP; 11210 11211 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) { 11212 wpa_printf(MSG_ERROR, "nl80211: Invalid survey data"); 11213 return NL_SKIP; 11214 } 11215 11216 surveyed_freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 11217 11218 if (!check_survey_ok(sinfo, surveyed_freq, 11219 survey_results->freq_filter)) 11220 return NL_SKIP; 11221 11222 if (survey_results->freq_filter && 11223 survey_results->freq_filter != surveyed_freq) { 11224 wpa_printf(MSG_EXCESSIVE, "nl80211: Ignoring survey data for freq %d MHz", 11225 surveyed_freq); 11226 return NL_SKIP; 11227 } 11228 11229 add_survey(sinfo, ifidx, &survey_results->survey_list); 11230 11231 return NL_SKIP; 11232} 11233 11234 11235static int wpa_driver_nl80211_get_survey(void *priv, unsigned int freq) 11236{ 11237 struct i802_bss *bss = priv; 11238 struct wpa_driver_nl80211_data *drv = bss->drv; 11239 struct nl_msg *msg; 11240 int err = -ENOBUFS; 11241 union wpa_event_data data; 11242 struct survey_results *survey_results; 11243 11244 os_memset(&data, 0, sizeof(data)); 11245 survey_results = &data.survey_results; 11246 11247 dl_list_init(&survey_results->survey_list); 11248 11249 msg = nlmsg_alloc(); 11250 if (!msg) 11251 goto nla_put_failure; 11252 11253 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 11254 11255 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11256 11257 if (freq) 11258 data.survey_results.freq_filter = freq; 11259 11260 do { 11261 wpa_printf(MSG_DEBUG, "nl80211: Fetch survey data"); 11262 err = send_and_recv_msgs(drv, msg, survey_handler, 11263 survey_results); 11264 } while (err > 0); 11265 11266 if (err) { 11267 wpa_printf(MSG_ERROR, "nl80211: Failed to process survey data"); 11268 goto out_clean; 11269 } 11270 11271 wpa_supplicant_event(drv->ctx, EVENT_SURVEY, &data); 11272 11273out_clean: 11274 clean_survey_results(survey_results); 11275nla_put_failure: 11276 return err; 11277} 11278 11279 11280static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck, 11281 const u8 *replay_ctr) 11282{ 11283 struct i802_bss *bss = priv; 11284 struct wpa_driver_nl80211_data *drv = bss->drv; 11285 struct nlattr *replay_nested; 11286 struct nl_msg *msg; 11287 11288 msg = nlmsg_alloc(); 11289 if (!msg) 11290 return; 11291 11292 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 11293 11294 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 11295 11296 replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 11297 if (!replay_nested) 11298 goto nla_put_failure; 11299 11300 NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek); 11301 NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck); 11302 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN, 11303 replay_ctr); 11304 11305 nla_nest_end(msg, replay_nested); 11306 11307 send_and_recv_msgs(drv, msg, NULL, NULL); 11308 return; 11309 nla_put_failure: 11310 nlmsg_free(msg); 11311} 11312 11313 11314static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr, 11315 const u8 *addr, int qos) 11316{ 11317 /* send data frame to poll STA and check whether 11318 * this frame is ACKed */ 11319 struct { 11320 struct ieee80211_hdr hdr; 11321 u16 qos_ctl; 11322 } STRUCT_PACKED nulldata; 11323 size_t size; 11324 11325 /* Send data frame to poll STA and check whether this frame is ACKed */ 11326 11327 os_memset(&nulldata, 0, sizeof(nulldata)); 11328 11329 if (qos) { 11330 nulldata.hdr.frame_control = 11331 IEEE80211_FC(WLAN_FC_TYPE_DATA, 11332 WLAN_FC_STYPE_QOS_NULL); 11333 size = sizeof(nulldata); 11334 } else { 11335 nulldata.hdr.frame_control = 11336 IEEE80211_FC(WLAN_FC_TYPE_DATA, 11337 WLAN_FC_STYPE_NULLFUNC); 11338 size = sizeof(struct ieee80211_hdr); 11339 } 11340 11341 nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS); 11342 os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN); 11343 os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 11344 os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 11345 11346 if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0, 11347 0, 0) < 0) 11348 wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to " 11349 "send poll frame"); 11350} 11351 11352static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr, 11353 int qos) 11354{ 11355 struct i802_bss *bss = priv; 11356 struct wpa_driver_nl80211_data *drv = bss->drv; 11357 struct nl_msg *msg; 11358 11359 if (!drv->poll_command_supported) { 11360 nl80211_send_null_frame(bss, own_addr, addr, qos); 11361 return; 11362 } 11363 11364 msg = nlmsg_alloc(); 11365 if (!msg) 11366 return; 11367 11368 nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT); 11369 11370 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 11371 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 11372 11373 send_and_recv_msgs(drv, msg, NULL, NULL); 11374 return; 11375 nla_put_failure: 11376 nlmsg_free(msg); 11377} 11378 11379 11380static int nl80211_set_power_save(struct i802_bss *bss, int enabled) 11381{ 11382 struct nl_msg *msg; 11383 11384 msg = nlmsg_alloc(); 11385 if (!msg) 11386 return -ENOMEM; 11387 11388 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_SET_POWER_SAVE); 11389 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 11390 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, 11391 enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED); 11392 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 11393nla_put_failure: 11394 nlmsg_free(msg); 11395 return -ENOBUFS; 11396} 11397 11398 11399static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps, 11400 int ctwindow) 11401{ 11402 struct i802_bss *bss = priv; 11403 11404 wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d " 11405 "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow); 11406 11407 if (opp_ps != -1 || ctwindow != -1) { 11408#ifdef ANDROID_P2P 11409 wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow); 11410#else /* ANDROID_P2P */ 11411 return -1; /* Not yet supported */ 11412#endif /* ANDROID_P2P */ 11413 } 11414 11415 if (legacy_ps == -1) 11416 return 0; 11417 if (legacy_ps != 0 && legacy_ps != 1) 11418 return -1; /* Not yet supported */ 11419 11420 return nl80211_set_power_save(bss, legacy_ps); 11421} 11422 11423 11424static int nl80211_start_radar_detection(void *priv, 11425 struct hostapd_freq_params *freq) 11426{ 11427 struct i802_bss *bss = priv; 11428 struct wpa_driver_nl80211_data *drv = bss->drv; 11429 struct nl_msg *msg; 11430 int ret; 11431 11432 wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)", 11433 freq->freq, freq->ht_enabled, freq->vht_enabled, 11434 freq->bandwidth, freq->center_freq1, freq->center_freq2); 11435 11436 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) { 11437 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support radar " 11438 "detection"); 11439 return -1; 11440 } 11441 11442 msg = nlmsg_alloc(); 11443 if (!msg) 11444 return -1; 11445 11446 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_RADAR_DETECT); 11447 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11448 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq); 11449 11450 if (freq->vht_enabled) { 11451 switch (freq->bandwidth) { 11452 case 20: 11453 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11454 NL80211_CHAN_WIDTH_20); 11455 break; 11456 case 40: 11457 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11458 NL80211_CHAN_WIDTH_40); 11459 break; 11460 case 80: 11461 if (freq->center_freq2) 11462 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11463 NL80211_CHAN_WIDTH_80P80); 11464 else 11465 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11466 NL80211_CHAN_WIDTH_80); 11467 break; 11468 case 160: 11469 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 11470 NL80211_CHAN_WIDTH_160); 11471 break; 11472 default: 11473 return -1; 11474 } 11475 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1); 11476 if (freq->center_freq2) 11477 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2, 11478 freq->center_freq2); 11479 } else if (freq->ht_enabled) { 11480 switch (freq->sec_channel_offset) { 11481 case -1: 11482 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11483 NL80211_CHAN_HT40MINUS); 11484 break; 11485 case 1: 11486 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11487 NL80211_CHAN_HT40PLUS); 11488 break; 11489 default: 11490 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 11491 NL80211_CHAN_HT20); 11492 break; 11493 } 11494 } 11495 11496 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11497 if (ret == 0) 11498 return 0; 11499 wpa_printf(MSG_DEBUG, "nl80211: Failed to start radar detection: " 11500 "%d (%s)", ret, strerror(-ret)); 11501nla_put_failure: 11502 return -1; 11503} 11504 11505#ifdef CONFIG_TDLS 11506 11507static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code, 11508 u8 dialog_token, u16 status_code, 11509 u32 peer_capab, const u8 *buf, size_t len) 11510{ 11511 struct i802_bss *bss = priv; 11512 struct wpa_driver_nl80211_data *drv = bss->drv; 11513 struct nl_msg *msg; 11514 11515 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 11516 return -EOPNOTSUPP; 11517 11518 if (!dst) 11519 return -EINVAL; 11520 11521 msg = nlmsg_alloc(); 11522 if (!msg) 11523 return -ENOMEM; 11524 11525 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT); 11526 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11527 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 11528 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code); 11529 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token); 11530 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code); 11531 if (peer_capab) { 11532 /* 11533 * The internal enum tdls_peer_capability definition is 11534 * currently identical with the nl80211 enum 11535 * nl80211_tdls_peer_capability, so no conversion is needed 11536 * here. 11537 */ 11538 NLA_PUT_U32(msg, NL80211_ATTR_TDLS_PEER_CAPABILITY, peer_capab); 11539 } 11540 NLA_PUT(msg, NL80211_ATTR_IE, len, buf); 11541 11542 return send_and_recv_msgs(drv, msg, NULL, NULL); 11543 11544nla_put_failure: 11545 nlmsg_free(msg); 11546 return -ENOBUFS; 11547} 11548 11549 11550static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer) 11551{ 11552 struct i802_bss *bss = priv; 11553 struct wpa_driver_nl80211_data *drv = bss->drv; 11554 struct nl_msg *msg; 11555 enum nl80211_tdls_operation nl80211_oper; 11556 11557 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 11558 return -EOPNOTSUPP; 11559 11560 switch (oper) { 11561 case TDLS_DISCOVERY_REQ: 11562 nl80211_oper = NL80211_TDLS_DISCOVERY_REQ; 11563 break; 11564 case TDLS_SETUP: 11565 nl80211_oper = NL80211_TDLS_SETUP; 11566 break; 11567 case TDLS_TEARDOWN: 11568 nl80211_oper = NL80211_TDLS_TEARDOWN; 11569 break; 11570 case TDLS_ENABLE_LINK: 11571 nl80211_oper = NL80211_TDLS_ENABLE_LINK; 11572 break; 11573 case TDLS_DISABLE_LINK: 11574 nl80211_oper = NL80211_TDLS_DISABLE_LINK; 11575 break; 11576 case TDLS_ENABLE: 11577 return 0; 11578 case TDLS_DISABLE: 11579 return 0; 11580 default: 11581 return -EINVAL; 11582 } 11583 11584 msg = nlmsg_alloc(); 11585 if (!msg) 11586 return -ENOMEM; 11587 11588 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER); 11589 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper); 11590 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11591 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer); 11592 11593 return send_and_recv_msgs(drv, msg, NULL, NULL); 11594 11595nla_put_failure: 11596 nlmsg_free(msg); 11597 return -ENOBUFS; 11598} 11599 11600#endif /* CONFIG TDLS */ 11601 11602 11603#ifdef ANDROID 11604 11605typedef struct android_wifi_priv_cmd { 11606 char *buf; 11607 int used_len; 11608 int total_len; 11609} android_wifi_priv_cmd; 11610 11611static int drv_errors = 0; 11612 11613static void wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data *drv) 11614{ 11615 drv_errors++; 11616 if (drv_errors > DRV_NUMBER_SEQUENTIAL_ERRORS) { 11617 drv_errors = 0; 11618 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED"); 11619 } 11620} 11621 11622 11623static int android_priv_cmd(struct i802_bss *bss, const char *cmd) 11624{ 11625 struct wpa_driver_nl80211_data *drv = bss->drv; 11626 struct ifreq ifr; 11627 android_wifi_priv_cmd priv_cmd; 11628 char buf[MAX_DRV_CMD_SIZE]; 11629 int ret; 11630 11631 os_memset(&ifr, 0, sizeof(ifr)); 11632 os_memset(&priv_cmd, 0, sizeof(priv_cmd)); 11633 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 11634 11635 os_memset(buf, 0, sizeof(buf)); 11636 os_strlcpy(buf, cmd, sizeof(buf)); 11637 11638 priv_cmd.buf = buf; 11639 priv_cmd.used_len = sizeof(buf); 11640 priv_cmd.total_len = sizeof(buf); 11641 ifr.ifr_data = &priv_cmd; 11642 11643 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 11644 if (ret < 0) { 11645 wpa_printf(MSG_ERROR, "%s: failed to issue private commands", 11646 __func__); 11647 wpa_driver_send_hang_msg(drv); 11648 return ret; 11649 } 11650 11651 drv_errors = 0; 11652 return 0; 11653} 11654 11655 11656static int android_pno_start(struct i802_bss *bss, 11657 struct wpa_driver_scan_params *params) 11658{ 11659 struct wpa_driver_nl80211_data *drv = bss->drv; 11660 struct ifreq ifr; 11661 android_wifi_priv_cmd priv_cmd; 11662 int ret = 0, i = 0, bp; 11663 char buf[WEXT_PNO_MAX_COMMAND_SIZE]; 11664 11665 bp = WEXT_PNOSETUP_HEADER_SIZE; 11666 os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp); 11667 buf[bp++] = WEXT_PNO_TLV_PREFIX; 11668 buf[bp++] = WEXT_PNO_TLV_VERSION; 11669 buf[bp++] = WEXT_PNO_TLV_SUBVERSION; 11670 buf[bp++] = WEXT_PNO_TLV_RESERVED; 11671 11672 while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) { 11673 /* Check that there is enough space needed for 1 more SSID, the 11674 * other sections and null termination */ 11675 if ((bp + WEXT_PNO_SSID_HEADER_SIZE + MAX_SSID_LEN + 11676 WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf)) 11677 break; 11678 wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan", 11679 params->ssids[i].ssid, 11680 params->ssids[i].ssid_len); 11681 buf[bp++] = WEXT_PNO_SSID_SECTION; 11682 buf[bp++] = params->ssids[i].ssid_len; 11683 os_memcpy(&buf[bp], params->ssids[i].ssid, 11684 params->ssids[i].ssid_len); 11685 bp += params->ssids[i].ssid_len; 11686 i++; 11687 } 11688 11689 buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION; 11690 os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x", 11691 WEXT_PNO_SCAN_INTERVAL); 11692 bp += WEXT_PNO_SCAN_INTERVAL_LENGTH; 11693 11694 buf[bp++] = WEXT_PNO_REPEAT_SECTION; 11695 os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x", 11696 WEXT_PNO_REPEAT); 11697 bp += WEXT_PNO_REPEAT_LENGTH; 11698 11699 buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION; 11700 os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x", 11701 WEXT_PNO_MAX_REPEAT); 11702 bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1; 11703 11704 memset(&ifr, 0, sizeof(ifr)); 11705 memset(&priv_cmd, 0, sizeof(priv_cmd)); 11706 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 11707 11708 priv_cmd.buf = buf; 11709 priv_cmd.used_len = bp; 11710 priv_cmd.total_len = bp; 11711 ifr.ifr_data = &priv_cmd; 11712 11713 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 11714 11715 if (ret < 0) { 11716 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d", 11717 ret); 11718 wpa_driver_send_hang_msg(drv); 11719 return ret; 11720 } 11721 11722 drv_errors = 0; 11723 11724 return android_priv_cmd(bss, "PNOFORCE 1"); 11725} 11726 11727 11728static int android_pno_stop(struct i802_bss *bss) 11729{ 11730 return android_priv_cmd(bss, "PNOFORCE 0"); 11731} 11732 11733#endif /* ANDROID */ 11734 11735 11736static int driver_nl80211_set_key(const char *ifname, void *priv, 11737 enum wpa_alg alg, const u8 *addr, 11738 int key_idx, int set_tx, 11739 const u8 *seq, size_t seq_len, 11740 const u8 *key, size_t key_len) 11741{ 11742 struct i802_bss *bss = priv; 11743 return wpa_driver_nl80211_set_key(ifname, bss, alg, addr, key_idx, 11744 set_tx, seq, seq_len, key, key_len); 11745} 11746 11747 11748static int driver_nl80211_scan2(void *priv, 11749 struct wpa_driver_scan_params *params) 11750{ 11751 struct i802_bss *bss = priv; 11752 return wpa_driver_nl80211_scan(bss, params); 11753} 11754 11755 11756static int driver_nl80211_deauthenticate(void *priv, const u8 *addr, 11757 int reason_code) 11758{ 11759 struct i802_bss *bss = priv; 11760 return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code); 11761} 11762 11763 11764static int driver_nl80211_authenticate(void *priv, 11765 struct wpa_driver_auth_params *params) 11766{ 11767 struct i802_bss *bss = priv; 11768 return wpa_driver_nl80211_authenticate(bss, params); 11769} 11770 11771 11772static void driver_nl80211_deinit(void *priv) 11773{ 11774 struct i802_bss *bss = priv; 11775 wpa_driver_nl80211_deinit(bss); 11776} 11777 11778 11779static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type, 11780 const char *ifname) 11781{ 11782 struct i802_bss *bss = priv; 11783 return wpa_driver_nl80211_if_remove(bss, type, ifname); 11784} 11785 11786 11787static int driver_nl80211_send_mlme(void *priv, const u8 *data, 11788 size_t data_len, int noack) 11789{ 11790 struct i802_bss *bss = priv; 11791 return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack, 11792 0, 0, 0, 0); 11793} 11794 11795 11796static int driver_nl80211_sta_remove(void *priv, const u8 *addr) 11797{ 11798 struct i802_bss *bss = priv; 11799 return wpa_driver_nl80211_sta_remove(bss, addr); 11800} 11801 11802 11803static int driver_nl80211_set_sta_vlan(void *priv, const u8 *addr, 11804 const char *ifname, int vlan_id) 11805{ 11806 struct i802_bss *bss = priv; 11807 return i802_set_sta_vlan(bss, addr, ifname, vlan_id); 11808} 11809 11810 11811static int driver_nl80211_read_sta_data(void *priv, 11812 struct hostap_sta_driver_data *data, 11813 const u8 *addr) 11814{ 11815 struct i802_bss *bss = priv; 11816 return i802_read_sta_data(bss, data, addr); 11817} 11818 11819 11820static int driver_nl80211_send_action(void *priv, unsigned int freq, 11821 unsigned int wait_time, 11822 const u8 *dst, const u8 *src, 11823 const u8 *bssid, 11824 const u8 *data, size_t data_len, 11825 int no_cck) 11826{ 11827 struct i802_bss *bss = priv; 11828 return wpa_driver_nl80211_send_action(bss, freq, wait_time, dst, src, 11829 bssid, data, data_len, no_cck); 11830} 11831 11832 11833static int driver_nl80211_probe_req_report(void *priv, int report) 11834{ 11835 struct i802_bss *bss = priv; 11836 return wpa_driver_nl80211_probe_req_report(bss, report); 11837} 11838 11839 11840static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md, 11841 const u8 *ies, size_t ies_len) 11842{ 11843 int ret; 11844 struct nl_msg *msg; 11845 struct i802_bss *bss = priv; 11846 struct wpa_driver_nl80211_data *drv = bss->drv; 11847 u16 mdid = WPA_GET_LE16(md); 11848 11849 msg = nlmsg_alloc(); 11850 if (!msg) 11851 return -ENOMEM; 11852 11853 wpa_printf(MSG_DEBUG, "nl80211: Updating FT IEs"); 11854 nl80211_cmd(drv, msg, 0, NL80211_CMD_UPDATE_FT_IES); 11855 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11856 NLA_PUT(msg, NL80211_ATTR_IE, ies_len, ies); 11857 NLA_PUT_U16(msg, NL80211_ATTR_MDID, mdid); 11858 11859 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11860 if (ret) { 11861 wpa_printf(MSG_DEBUG, "nl80211: update_ft_ies failed " 11862 "err=%d (%s)", ret, strerror(-ret)); 11863 } 11864 11865 return ret; 11866 11867nla_put_failure: 11868 nlmsg_free(msg); 11869 return -ENOBUFS; 11870} 11871 11872 11873const u8 * wpa_driver_nl80211_get_macaddr(void *priv) 11874{ 11875 struct i802_bss *bss = priv; 11876 struct wpa_driver_nl80211_data *drv = bss->drv; 11877 11878 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) 11879 return NULL; 11880 11881 return bss->addr; 11882} 11883 11884 11885static const char * scan_state_str(enum scan_states scan_state) 11886{ 11887 switch (scan_state) { 11888 case NO_SCAN: 11889 return "NO_SCAN"; 11890 case SCAN_REQUESTED: 11891 return "SCAN_REQUESTED"; 11892 case SCAN_STARTED: 11893 return "SCAN_STARTED"; 11894 case SCAN_COMPLETED: 11895 return "SCAN_COMPLETED"; 11896 case SCAN_ABORTED: 11897 return "SCAN_ABORTED"; 11898 case SCHED_SCAN_STARTED: 11899 return "SCHED_SCAN_STARTED"; 11900 case SCHED_SCAN_STOPPED: 11901 return "SCHED_SCAN_STOPPED"; 11902 case SCHED_SCAN_RESULTS: 11903 return "SCHED_SCAN_RESULTS"; 11904 } 11905 11906 return "??"; 11907} 11908 11909 11910static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen) 11911{ 11912 struct i802_bss *bss = priv; 11913 struct wpa_driver_nl80211_data *drv = bss->drv; 11914 int res; 11915 char *pos, *end; 11916 11917 pos = buf; 11918 end = buf + buflen; 11919 11920 res = os_snprintf(pos, end - pos, 11921 "ifindex=%d\n" 11922 "ifname=%s\n" 11923 "brname=%s\n" 11924 "addr=" MACSTR "\n" 11925 "freq=%d\n" 11926 "%s%s%s%s%s", 11927 bss->ifindex, 11928 bss->ifname, 11929 bss->brname, 11930 MAC2STR(bss->addr), 11931 bss->freq, 11932 bss->beacon_set ? "beacon_set=1\n" : "", 11933 bss->added_if_into_bridge ? 11934 "added_if_into_bridge=1\n" : "", 11935 bss->added_bridge ? "added_bridge=1\n" : "", 11936 bss->in_deinit ? "in_deinit=1\n" : "", 11937 bss->if_dynamic ? "if_dynamic=1\n" : ""); 11938 if (res < 0 || res >= end - pos) 11939 return pos - buf; 11940 pos += res; 11941 11942 if (bss->wdev_id_set) { 11943 res = os_snprintf(pos, end - pos, "wdev_id=%llu\n", 11944 (unsigned long long) bss->wdev_id); 11945 if (res < 0 || res >= end - pos) 11946 return pos - buf; 11947 pos += res; 11948 } 11949 11950 res = os_snprintf(pos, end - pos, 11951 "phyname=%s\n" 11952 "drv_ifindex=%d\n" 11953 "operstate=%d\n" 11954 "scan_state=%s\n" 11955 "auth_bssid=" MACSTR "\n" 11956 "auth_attempt_bssid=" MACSTR "\n" 11957 "bssid=" MACSTR "\n" 11958 "prev_bssid=" MACSTR "\n" 11959 "associated=%d\n" 11960 "assoc_freq=%u\n" 11961 "monitor_sock=%d\n" 11962 "monitor_ifidx=%d\n" 11963 "monitor_refcount=%d\n" 11964 "last_mgmt_freq=%u\n" 11965 "eapol_tx_sock=%d\n" 11966 "%s%s%s%s%s%s%s%s%s%s%s%s%s%s", 11967 drv->phyname, 11968 drv->ifindex, 11969 drv->operstate, 11970 scan_state_str(drv->scan_state), 11971 MAC2STR(drv->auth_bssid), 11972 MAC2STR(drv->auth_attempt_bssid), 11973 MAC2STR(drv->bssid), 11974 MAC2STR(drv->prev_bssid), 11975 drv->associated, 11976 drv->assoc_freq, 11977 drv->monitor_sock, 11978 drv->monitor_ifidx, 11979 drv->monitor_refcount, 11980 drv->last_mgmt_freq, 11981 drv->eapol_tx_sock, 11982 drv->ignore_if_down_event ? 11983 "ignore_if_down_event=1\n" : "", 11984 drv->scan_complete_events ? 11985 "scan_complete_events=1\n" : "", 11986 drv->disabled_11b_rates ? 11987 "disabled_11b_rates=1\n" : "", 11988 drv->pending_remain_on_chan ? 11989 "pending_remain_on_chan=1\n" : "", 11990 drv->in_interface_list ? "in_interface_list=1\n" : "", 11991 drv->device_ap_sme ? "device_ap_sme=1\n" : "", 11992 drv->poll_command_supported ? 11993 "poll_command_supported=1\n" : "", 11994 drv->data_tx_status ? "data_tx_status=1\n" : "", 11995 drv->scan_for_auth ? "scan_for_auth=1\n" : "", 11996 drv->retry_auth ? "retry_auth=1\n" : "", 11997 drv->use_monitor ? "use_monitor=1\n" : "", 11998 drv->ignore_next_local_disconnect ? 11999 "ignore_next_local_disconnect=1\n" : "", 12000 drv->ignore_next_local_deauth ? 12001 "ignore_next_local_deauth=1\n" : "", 12002 drv->allow_p2p_device ? "allow_p2p_device=1\n" : ""); 12003 if (res < 0 || res >= end - pos) 12004 return pos - buf; 12005 pos += res; 12006 12007 if (drv->has_capability) { 12008 res = os_snprintf(pos, end - pos, 12009 "capa.key_mgmt=0x%x\n" 12010 "capa.enc=0x%x\n" 12011 "capa.auth=0x%x\n" 12012 "capa.flags=0x%x\n" 12013 "capa.max_scan_ssids=%d\n" 12014 "capa.max_sched_scan_ssids=%d\n" 12015 "capa.sched_scan_supported=%d\n" 12016 "capa.max_match_sets=%d\n" 12017 "capa.max_remain_on_chan=%u\n" 12018 "capa.max_stations=%u\n" 12019 "capa.probe_resp_offloads=0x%x\n" 12020 "capa.max_acl_mac_addrs=%u\n" 12021 "capa.num_multichan_concurrent=%u\n", 12022 drv->capa.key_mgmt, 12023 drv->capa.enc, 12024 drv->capa.auth, 12025 drv->capa.flags, 12026 drv->capa.max_scan_ssids, 12027 drv->capa.max_sched_scan_ssids, 12028 drv->capa.sched_scan_supported, 12029 drv->capa.max_match_sets, 12030 drv->capa.max_remain_on_chan, 12031 drv->capa.max_stations, 12032 drv->capa.probe_resp_offloads, 12033 drv->capa.max_acl_mac_addrs, 12034 drv->capa.num_multichan_concurrent); 12035 if (res < 0 || res >= end - pos) 12036 return pos - buf; 12037 pos += res; 12038 } 12039 12040 return pos - buf; 12041} 12042 12043 12044static int set_beacon_data(struct nl_msg *msg, struct beacon_data *settings) 12045{ 12046 if (settings->head) 12047 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, 12048 settings->head_len, settings->head); 12049 12050 if (settings->tail) 12051 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, 12052 settings->tail_len, settings->tail); 12053 12054 if (settings->beacon_ies) 12055 NLA_PUT(msg, NL80211_ATTR_IE, 12056 settings->beacon_ies_len, settings->beacon_ies); 12057 12058 if (settings->proberesp_ies) 12059 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 12060 settings->proberesp_ies_len, settings->proberesp_ies); 12061 12062 if (settings->assocresp_ies) 12063 NLA_PUT(msg, 12064 NL80211_ATTR_IE_ASSOC_RESP, 12065 settings->assocresp_ies_len, settings->assocresp_ies); 12066 12067 if (settings->probe_resp) 12068 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, 12069 settings->probe_resp_len, settings->probe_resp); 12070 12071 return 0; 12072 12073nla_put_failure: 12074 return -ENOBUFS; 12075} 12076 12077 12078static int nl80211_switch_channel(void *priv, struct csa_settings *settings) 12079{ 12080 struct nl_msg *msg; 12081 struct i802_bss *bss = priv; 12082 struct wpa_driver_nl80211_data *drv = bss->drv; 12083 struct nlattr *beacon_csa; 12084 int ret = -ENOBUFS; 12085 12086 wpa_printf(MSG_DEBUG, "nl80211: Channel switch request (cs_count=%u block_tx=%u freq=%d width=%d cf1=%d cf2=%d)", 12087 settings->cs_count, settings->block_tx, 12088 settings->freq_params.freq, settings->freq_params.bandwidth, 12089 settings->freq_params.center_freq1, 12090 settings->freq_params.center_freq2); 12091 12092 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_AP_CSA)) { 12093 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support channel switch command"); 12094 return -EOPNOTSUPP; 12095 } 12096 12097 if ((drv->nlmode != NL80211_IFTYPE_AP) && 12098 (drv->nlmode != NL80211_IFTYPE_P2P_GO)) 12099 return -EOPNOTSUPP; 12100 12101 /* check settings validity */ 12102 if (!settings->beacon_csa.tail || 12103 ((settings->beacon_csa.tail_len <= 12104 settings->counter_offset_beacon) || 12105 (settings->beacon_csa.tail[settings->counter_offset_beacon] != 12106 settings->cs_count))) 12107 return -EINVAL; 12108 12109 if (settings->beacon_csa.probe_resp && 12110 ((settings->beacon_csa.probe_resp_len <= 12111 settings->counter_offset_presp) || 12112 (settings->beacon_csa.probe_resp[settings->counter_offset_presp] != 12113 settings->cs_count))) 12114 return -EINVAL; 12115 12116 msg = nlmsg_alloc(); 12117 if (!msg) 12118 return -ENOMEM; 12119 12120 nl80211_cmd(drv, msg, 0, NL80211_CMD_CHANNEL_SWITCH); 12121 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 12122 NLA_PUT_U32(msg, NL80211_ATTR_CH_SWITCH_COUNT, settings->cs_count); 12123 ret = nl80211_put_freq_params(msg, &settings->freq_params); 12124 if (ret) 12125 goto error; 12126 12127 if (settings->block_tx) 12128 NLA_PUT_FLAG(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX); 12129 12130 /* beacon_after params */ 12131 ret = set_beacon_data(msg, &settings->beacon_after); 12132 if (ret) 12133 goto error; 12134 12135 /* beacon_csa params */ 12136 beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES); 12137 if (!beacon_csa) 12138 goto nla_put_failure; 12139 12140 ret = set_beacon_data(msg, &settings->beacon_csa); 12141 if (ret) 12142 goto error; 12143 12144 NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_BEACON, 12145 settings->counter_offset_beacon); 12146 12147 if (settings->beacon_csa.probe_resp) 12148 NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_PRESP, 12149 settings->counter_offset_presp); 12150 12151 nla_nest_end(msg, beacon_csa); 12152 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 12153 if (ret) { 12154 wpa_printf(MSG_DEBUG, "nl80211: switch_channel failed err=%d (%s)", 12155 ret, strerror(-ret)); 12156 } 12157 return ret; 12158 12159nla_put_failure: 12160 ret = -ENOBUFS; 12161error: 12162 nlmsg_free(msg); 12163 wpa_printf(MSG_DEBUG, "nl80211: Could not build channel switch request"); 12164 return ret; 12165} 12166 12167 12168#ifdef CONFIG_TESTING_OPTIONS 12169static int cmd_reply_handler(struct nl_msg *msg, void *arg) 12170{ 12171 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 12172 struct wpabuf *buf = arg; 12173 12174 if (!buf) 12175 return NL_SKIP; 12176 12177 if ((size_t) genlmsg_attrlen(gnlh, 0) > wpabuf_tailroom(buf)) { 12178 wpa_printf(MSG_INFO, "nl80211: insufficient buffer space for reply"); 12179 return NL_SKIP; 12180 } 12181 12182 wpabuf_put_data(buf, genlmsg_attrdata(gnlh, 0), 12183 genlmsg_attrlen(gnlh, 0)); 12184 12185 return NL_SKIP; 12186} 12187#endif /* CONFIG_TESTING_OPTIONS */ 12188 12189 12190static int vendor_reply_handler(struct nl_msg *msg, void *arg) 12191{ 12192 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 12193 struct nlattr *nl_vendor_reply, *nl; 12194 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 12195 struct wpabuf *buf = arg; 12196 int rem; 12197 12198 if (!buf) 12199 return NL_SKIP; 12200 12201 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 12202 genlmsg_attrlen(gnlh, 0), NULL); 12203 nl_vendor_reply = tb[NL80211_ATTR_VENDOR_DATA]; 12204 12205 if (!nl_vendor_reply) 12206 return NL_SKIP; 12207 12208 if ((size_t) nla_len(nl_vendor_reply) > wpabuf_tailroom(buf)) { 12209 wpa_printf(MSG_INFO, "nl80211: Vendor command: insufficient buffer space for reply"); 12210 return NL_SKIP; 12211 } 12212 12213 nla_for_each_nested(nl, nl_vendor_reply, rem) { 12214 wpabuf_put_data(buf, nla_data(nl), nla_len(nl)); 12215 } 12216 12217 return NL_SKIP; 12218} 12219 12220 12221static int nl80211_vendor_cmd(void *priv, unsigned int vendor_id, 12222 unsigned int subcmd, const u8 *data, 12223 size_t data_len, struct wpabuf *buf) 12224{ 12225 struct i802_bss *bss = priv; 12226 struct wpa_driver_nl80211_data *drv = bss->drv; 12227 struct nl_msg *msg; 12228 int ret; 12229 12230 msg = nlmsg_alloc(); 12231 if (!msg) 12232 return -ENOMEM; 12233 12234#ifdef CONFIG_TESTING_OPTIONS 12235 if (vendor_id == 0xffffffff) { 12236 nl80211_cmd(drv, msg, 0, subcmd); 12237 if (nlmsg_append(msg, (void *) data, data_len, NLMSG_ALIGNTO) < 12238 0) 12239 goto nla_put_failure; 12240 ret = send_and_recv_msgs(drv, msg, cmd_reply_handler, buf); 12241 if (ret) 12242 wpa_printf(MSG_DEBUG, "nl80211: command failed err=%d", 12243 ret); 12244 return ret; 12245 } 12246#endif /* CONFIG_TESTING_OPTIONS */ 12247 12248 nl80211_cmd(drv, msg, 0, NL80211_CMD_VENDOR); 12249 if (nl80211_set_iface_id(msg, bss) < 0) 12250 goto nla_put_failure; 12251 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_ID, vendor_id); 12252 NLA_PUT_U32(msg, NL80211_ATTR_VENDOR_SUBCMD, subcmd); 12253 if (data) 12254 NLA_PUT(msg, NL80211_ATTR_VENDOR_DATA, data_len, data); 12255 12256 ret = send_and_recv_msgs(drv, msg, vendor_reply_handler, buf); 12257 if (ret) 12258 wpa_printf(MSG_DEBUG, "nl80211: vendor command failed err=%d", 12259 ret); 12260 return ret; 12261 12262nla_put_failure: 12263 nlmsg_free(msg); 12264 return -ENOBUFS; 12265} 12266 12267 12268static int nl80211_set_qos_map(void *priv, const u8 *qos_map_set, 12269 u8 qos_map_set_len) 12270{ 12271 struct i802_bss *bss = priv; 12272 struct wpa_driver_nl80211_data *drv = bss->drv; 12273 struct nl_msg *msg; 12274 int ret; 12275 12276 msg = nlmsg_alloc(); 12277 if (!msg) 12278 return -ENOMEM; 12279 12280 wpa_hexdump(MSG_DEBUG, "nl80211: Setting QoS Map", 12281 qos_map_set, qos_map_set_len); 12282 12283 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_QOS_MAP); 12284 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 12285 NLA_PUT(msg, NL80211_ATTR_QOS_MAP, qos_map_set_len, qos_map_set); 12286 12287 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 12288 if (ret) 12289 wpa_printf(MSG_DEBUG, "nl80211: Setting QoS Map failed"); 12290 12291 return ret; 12292 12293nla_put_failure: 12294 nlmsg_free(msg); 12295 return -ENOBUFS; 12296} 12297 12298 12299static int nl80211_set_wowlan(void *priv, 12300 const struct wowlan_triggers *triggers) 12301{ 12302 struct i802_bss *bss = priv; 12303 struct wpa_driver_nl80211_data *drv = bss->drv; 12304 struct nl_msg *msg; 12305 struct nlattr *wowlan_triggers; 12306 int ret; 12307 12308 msg = nlmsg_alloc(); 12309 if (!msg) 12310 return -ENOMEM; 12311 12312 wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan"); 12313 12314 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WOWLAN); 12315 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 12316 12317 wowlan_triggers = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS); 12318 if (!wowlan_triggers) 12319 goto nla_put_failure; 12320 12321 if (triggers->any) 12322 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY); 12323 if (triggers->disconnect) 12324 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT); 12325 if (triggers->magic_pkt) 12326 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT); 12327 if (triggers->gtk_rekey_failure) 12328 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE); 12329 if (triggers->eap_identity_req) 12330 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST); 12331 if (triggers->four_way_handshake) 12332 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE); 12333 if (triggers->rfkill_release) 12334 NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE); 12335 12336 nla_nest_end(msg, wowlan_triggers); 12337 12338 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 12339 if (ret) 12340 wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan failed"); 12341 12342 return ret; 12343 12344nla_put_failure: 12345 nlmsg_free(msg); 12346 return -ENOBUFS; 12347} 12348 12349 12350const struct wpa_driver_ops wpa_driver_nl80211_ops = { 12351 .name = "nl80211", 12352 .desc = "Linux nl80211/cfg80211", 12353 .get_bssid = wpa_driver_nl80211_get_bssid, 12354 .get_ssid = wpa_driver_nl80211_get_ssid, 12355 .set_key = driver_nl80211_set_key, 12356 .scan2 = driver_nl80211_scan2, 12357 .sched_scan = wpa_driver_nl80211_sched_scan, 12358 .stop_sched_scan = wpa_driver_nl80211_stop_sched_scan, 12359 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 12360 .deauthenticate = driver_nl80211_deauthenticate, 12361 .authenticate = driver_nl80211_authenticate, 12362 .associate = wpa_driver_nl80211_associate, 12363 .global_init = nl80211_global_init, 12364 .global_deinit = nl80211_global_deinit, 12365 .init2 = wpa_driver_nl80211_init, 12366 .deinit = driver_nl80211_deinit, 12367 .get_capa = wpa_driver_nl80211_get_capa, 12368 .set_operstate = wpa_driver_nl80211_set_operstate, 12369 .set_supp_port = wpa_driver_nl80211_set_supp_port, 12370 .set_country = wpa_driver_nl80211_set_country, 12371 .get_country = wpa_driver_nl80211_get_country, 12372 .set_ap = wpa_driver_nl80211_set_ap, 12373 .set_acl = wpa_driver_nl80211_set_acl, 12374 .if_add = wpa_driver_nl80211_if_add, 12375 .if_remove = driver_nl80211_if_remove, 12376 .send_mlme = driver_nl80211_send_mlme, 12377 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 12378 .sta_add = wpa_driver_nl80211_sta_add, 12379 .sta_remove = driver_nl80211_sta_remove, 12380 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 12381 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 12382 .hapd_init = i802_init, 12383 .hapd_deinit = i802_deinit, 12384 .set_wds_sta = i802_set_wds_sta, 12385 .get_seqnum = i802_get_seqnum, 12386 .flush = i802_flush, 12387 .get_inact_sec = i802_get_inact_sec, 12388 .sta_clear_stats = i802_sta_clear_stats, 12389 .set_rts = i802_set_rts, 12390 .set_frag = i802_set_frag, 12391 .set_tx_queue_params = i802_set_tx_queue_params, 12392 .set_sta_vlan = driver_nl80211_set_sta_vlan, 12393 .sta_deauth = i802_sta_deauth, 12394 .sta_disassoc = i802_sta_disassoc, 12395 .read_sta_data = driver_nl80211_read_sta_data, 12396 .set_freq = i802_set_freq, 12397 .send_action = driver_nl80211_send_action, 12398 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait, 12399 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 12400 .cancel_remain_on_channel = 12401 wpa_driver_nl80211_cancel_remain_on_channel, 12402 .probe_req_report = driver_nl80211_probe_req_report, 12403 .deinit_ap = wpa_driver_nl80211_deinit_ap, 12404 .deinit_p2p_cli = wpa_driver_nl80211_deinit_p2p_cli, 12405 .resume = wpa_driver_nl80211_resume, 12406 .send_ft_action = nl80211_send_ft_action, 12407 .signal_monitor = nl80211_signal_monitor, 12408 .signal_poll = nl80211_signal_poll, 12409 .send_frame = nl80211_send_frame, 12410 .shared_freq = wpa_driver_nl80211_shared_freq, 12411 .set_param = nl80211_set_param, 12412 .get_radio_name = nl80211_get_radio_name, 12413 .add_pmkid = nl80211_add_pmkid, 12414 .remove_pmkid = nl80211_remove_pmkid, 12415 .flush_pmkid = nl80211_flush_pmkid, 12416 .set_rekey_info = nl80211_set_rekey_info, 12417 .poll_client = nl80211_poll_client, 12418 .set_p2p_powersave = nl80211_set_p2p_powersave, 12419 .start_dfs_cac = nl80211_start_radar_detection, 12420 .stop_ap = wpa_driver_nl80211_stop_ap, 12421#ifdef CONFIG_TDLS 12422 .send_tdls_mgmt = nl80211_send_tdls_mgmt, 12423 .tdls_oper = nl80211_tdls_oper, 12424#endif /* CONFIG_TDLS */ 12425 .update_ft_ies = wpa_driver_nl80211_update_ft_ies, 12426 .get_mac_addr = wpa_driver_nl80211_get_macaddr, 12427 .get_survey = wpa_driver_nl80211_get_survey, 12428 .status = wpa_driver_nl80211_status, 12429 .switch_channel = nl80211_switch_channel, 12430#ifdef ANDROID_P2P 12431 .set_noa = wpa_driver_set_p2p_noa, 12432 .get_noa = wpa_driver_get_p2p_noa, 12433 .set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie, 12434#endif /* ANDROID_P2P */ 12435#ifdef ANDROID 12436 .driver_cmd = wpa_driver_nl80211_driver_cmd, 12437#endif /* ANDROID */ 12438 .vendor_cmd = nl80211_vendor_cmd, 12439 .set_qos_map = nl80211_set_qos_map, 12440 .set_wowlan = nl80211_set_wowlan, 12441}; 12442