driver_nl80211.c revision b638fe75d3cb9d21c67386173f10afe65053cc4d
1/* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This software may be distributed under the terms of the BSD license. 10 * See README for more details. 11 */ 12 13#include "includes.h" 14#include <sys/ioctl.h> 15#include <sys/types.h> 16#include <sys/stat.h> 17#include <fcntl.h> 18#include <net/if.h> 19#include <netlink/genl/genl.h> 20#include <netlink/genl/family.h> 21#include <netlink/genl/ctrl.h> 22#include <linux/rtnetlink.h> 23#include <netpacket/packet.h> 24#include <linux/filter.h> 25#include <linux/errqueue.h> 26#include "nl80211_copy.h" 27 28#include "common.h" 29#include "eloop.h" 30#include "utils/list.h" 31#include "common/ieee802_11_defs.h" 32#include "common/ieee802_11_common.h" 33#include "l2_packet/l2_packet.h" 34#include "netlink.h" 35#include "linux_ioctl.h" 36#include "radiotap.h" 37#include "radiotap_iter.h" 38#include "rfkill.h" 39#include "driver.h" 40 41#ifndef SO_WIFI_STATUS 42# if defined(__sparc__) 43# define SO_WIFI_STATUS 0x0025 44# elif defined(__parisc__) 45# define SO_WIFI_STATUS 0x4022 46# else 47# define SO_WIFI_STATUS 41 48# endif 49 50# define SCM_WIFI_STATUS SO_WIFI_STATUS 51#endif 52 53#ifndef SO_EE_ORIGIN_TXSTATUS 54#define SO_EE_ORIGIN_TXSTATUS 4 55#endif 56 57#ifndef PACKET_TX_TIMESTAMP 58#define PACKET_TX_TIMESTAMP 16 59#endif 60 61#ifdef ANDROID 62#include "android_drv.h" 63#endif /* ANDROID */ 64#ifdef CONFIG_LIBNL20 65/* libnl 2.0 compatibility code */ 66#define nl_handle nl_sock 67#define nl80211_handle_alloc nl_socket_alloc_cb 68#define nl80211_handle_destroy nl_socket_free 69#else 70/* 71 * libnl 1.1 has a bug, it tries to allocate socket numbers densely 72 * but when you free a socket again it will mess up its bitmap and 73 * and use the wrong number the next time it needs a socket ID. 74 * Therefore, we wrap the handle alloc/destroy and add our own pid 75 * accounting. 76 */ 77static uint32_t port_bitmap[32] = { 0 }; 78 79static struct nl_handle *nl80211_handle_alloc(void *cb) 80{ 81 struct nl_handle *handle; 82 uint32_t pid = getpid() & 0x3FFFFF; 83 int i; 84 85 handle = nl_handle_alloc_cb(cb); 86 87 for (i = 0; i < 1024; i++) { 88 if (port_bitmap[i / 32] & (1 << (i % 32))) 89 continue; 90 port_bitmap[i / 32] |= 1 << (i % 32); 91 pid += i << 22; 92 break; 93 } 94 95 nl_socket_set_local_port(handle, pid); 96 97 return handle; 98} 99 100static void nl80211_handle_destroy(struct nl_handle *handle) 101{ 102 uint32_t port = nl_socket_get_local_port(handle); 103 104 port >>= 22; 105 port_bitmap[port / 32] &= ~(1 << (port % 32)); 106 107 nl_handle_destroy(handle); 108} 109#endif /* CONFIG_LIBNL20 */ 110 111 112static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg) 113{ 114 struct nl_handle *handle; 115 116 handle = nl80211_handle_alloc(cb); 117 if (handle == NULL) { 118 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 119 "callbacks (%s)", dbg); 120 return NULL; 121 } 122 123 if (genl_connect(handle)) { 124 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 125 "netlink (%s)", dbg); 126 nl80211_handle_destroy(handle); 127 return NULL; 128 } 129 130 return handle; 131} 132 133 134static void nl_destroy_handles(struct nl_handle **handle) 135{ 136 if (*handle == NULL) 137 return; 138 nl80211_handle_destroy(*handle); 139 *handle = NULL; 140} 141 142 143#ifndef IFF_LOWER_UP 144#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 145#endif 146#ifndef IFF_DORMANT 147#define IFF_DORMANT 0x20000 /* driver signals dormant */ 148#endif 149 150#ifndef IF_OPER_DORMANT 151#define IF_OPER_DORMANT 5 152#endif 153#ifndef IF_OPER_UP 154#define IF_OPER_UP 6 155#endif 156 157struct nl80211_global { 158 struct dl_list interfaces; 159 int if_add_ifindex; 160 struct netlink_data *netlink; 161 struct nl_cb *nl_cb; 162 struct nl_handle *nl; 163 int nl80211_id; 164 int ioctl_sock; /* socket for ioctl() use */ 165 166 struct nl_handle *nl_event; 167}; 168 169struct nl80211_wiphy_data { 170 struct dl_list list; 171 struct dl_list bsss; 172 struct dl_list drvs; 173 174 struct nl_handle *nl_beacons; 175 struct nl_cb *nl_cb; 176 177 int wiphy_idx; 178}; 179 180static void nl80211_global_deinit(void *priv); 181static void wpa_driver_nl80211_deinit(void *priv); 182 183struct i802_bss { 184 struct wpa_driver_nl80211_data *drv; 185 struct i802_bss *next; 186 int ifindex; 187 char ifname[IFNAMSIZ + 1]; 188 char brname[IFNAMSIZ]; 189 unsigned int beacon_set:1; 190 unsigned int added_if_into_bridge:1; 191 unsigned int added_bridge:1; 192 193 u8 addr[ETH_ALEN]; 194 195 int freq; 196 197 struct nl_handle *nl_preq, *nl_mgmt; 198 struct nl_cb *nl_cb; 199 200 struct nl80211_wiphy_data *wiphy_data; 201 struct dl_list wiphy_list; 202}; 203 204struct wpa_driver_nl80211_data { 205 struct nl80211_global *global; 206 struct dl_list list; 207 struct dl_list wiphy_list; 208 char phyname[32]; 209 void *ctx; 210 int ifindex; 211 int if_removed; 212 int if_disabled; 213 int ignore_if_down_event; 214 struct rfkill_data *rfkill; 215 struct wpa_driver_capa capa; 216 int has_capability; 217 218 int operstate; 219 220 int scan_complete_events; 221 222 struct nl_cb *nl_cb; 223 224 u8 auth_bssid[ETH_ALEN]; 225 u8 bssid[ETH_ALEN]; 226 int associated; 227 u8 ssid[32]; 228 size_t ssid_len; 229 enum nl80211_iftype nlmode; 230 enum nl80211_iftype ap_scan_as_station; 231 unsigned int assoc_freq; 232 233 int monitor_sock; 234 int monitor_ifidx; 235 int monitor_refcount; 236 237 unsigned int disabled_11b_rates:1; 238 unsigned int pending_remain_on_chan:1; 239 unsigned int in_interface_list:1; 240 unsigned int device_ap_sme:1; 241 unsigned int poll_command_supported:1; 242 unsigned int data_tx_status:1; 243 unsigned int scan_for_auth:1; 244 unsigned int retry_auth:1; 245 unsigned int use_monitor:1; 246 247 u64 remain_on_chan_cookie; 248 u64 send_action_cookie; 249 250 unsigned int last_mgmt_freq; 251 252 struct wpa_driver_scan_filter *filter_ssids; 253 size_t num_filter_ssids; 254 255 struct i802_bss first_bss; 256 257 int eapol_tx_sock; 258 259#ifdef HOSTAPD 260 int eapol_sock; /* socket for EAPOL frames */ 261 262 int default_if_indices[16]; 263 int *if_indices; 264 int num_if_indices; 265 266 int last_freq; 267 int last_freq_ht; 268#endif /* HOSTAPD */ 269 270 /* From failed authentication command */ 271 int auth_freq; 272 u8 auth_bssid_[ETH_ALEN]; 273 u8 auth_ssid[32]; 274 size_t auth_ssid_len; 275 int auth_alg; 276 u8 *auth_ie; 277 size_t auth_ie_len; 278 u8 auth_wep_key[4][16]; 279 size_t auth_wep_key_len[4]; 280 int auth_wep_tx_keyidx; 281 int auth_local_state_change; 282 int auth_p2p; 283}; 284 285 286static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 287 void *timeout_ctx); 288static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 289 enum nl80211_iftype nlmode); 290static int 291wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv); 292static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 293 const u8 *addr, int cmd, u16 reason_code, 294 int local_state_change); 295static void nl80211_remove_monitor_interface( 296 struct wpa_driver_nl80211_data *drv); 297static int nl80211_send_frame_cmd(struct i802_bss *bss, 298 unsigned int freq, unsigned int wait, 299 const u8 *buf, size_t buf_len, u64 *cookie, 300 int no_cck, int no_ack, int offchanok); 301static int wpa_driver_nl80211_probe_req_report(void *priv, int report); 302#ifdef ANDROID 303static int android_pno_start(struct i802_bss *bss, 304 struct wpa_driver_scan_params *params); 305static int android_pno_stop(struct i802_bss *bss); 306#endif /* ANDROID */ 307#ifdef ANDROID_P2P 308static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 309 enum wpa_event_type type, 310 const u8 *frame, size_t len); 311int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration); 312int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len); 313int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow); 314int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon, 315 const struct wpabuf *proberesp, 316 const struct wpabuf *assocresp); 317 318#endif 319#ifdef HOSTAPD 320static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 321static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 322static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 323static int wpa_driver_nl80211_if_remove(void *priv, 324 enum wpa_driver_if_type type, 325 const char *ifname); 326#else /* HOSTAPD */ 327static inline void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 328{ 329} 330 331static inline void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 332{ 333} 334 335static inline int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 336{ 337 return 0; 338} 339#endif /* HOSTAPD */ 340#ifdef ANDROID 341extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf, 342 size_t buf_len); 343#endif 344 345static int i802_set_freq(void *priv, struct hostapd_freq_params *freq); 346static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 347 int ifindex, int disabled); 348 349static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv); 350static int wpa_driver_nl80211_authenticate_retry( 351 struct wpa_driver_nl80211_data *drv); 352 353 354static int is_ap_interface(enum nl80211_iftype nlmode) 355{ 356 return (nlmode == NL80211_IFTYPE_AP || 357 nlmode == NL80211_IFTYPE_P2P_GO); 358} 359 360 361static int is_sta_interface(enum nl80211_iftype nlmode) 362{ 363 return (nlmode == NL80211_IFTYPE_STATION || 364 nlmode == NL80211_IFTYPE_P2P_CLIENT); 365} 366 367 368static int is_p2p_interface(enum nl80211_iftype nlmode) 369{ 370 return (nlmode == NL80211_IFTYPE_P2P_CLIENT || 371 nlmode == NL80211_IFTYPE_P2P_GO); 372} 373 374 375struct nl80211_bss_info_arg { 376 struct wpa_driver_nl80211_data *drv; 377 struct wpa_scan_results *res; 378 unsigned int assoc_freq; 379 u8 assoc_bssid[ETH_ALEN]; 380}; 381 382static int bss_info_handler(struct nl_msg *msg, void *arg); 383 384 385/* nl80211 code */ 386static int ack_handler(struct nl_msg *msg, void *arg) 387{ 388 int *err = arg; 389 *err = 0; 390 return NL_STOP; 391} 392 393static int finish_handler(struct nl_msg *msg, void *arg) 394{ 395 int *ret = arg; 396 *ret = 0; 397 return NL_SKIP; 398} 399 400static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 401 void *arg) 402{ 403 int *ret = arg; 404 *ret = err->error; 405 return NL_SKIP; 406} 407 408 409static int no_seq_check(struct nl_msg *msg, void *arg) 410{ 411 return NL_OK; 412} 413 414 415static int send_and_recv(struct nl80211_global *global, 416 struct nl_handle *nl_handle, struct nl_msg *msg, 417 int (*valid_handler)(struct nl_msg *, void *), 418 void *valid_data) 419{ 420 struct nl_cb *cb; 421 int err = -ENOMEM; 422 423 cb = nl_cb_clone(global->nl_cb); 424 if (!cb) 425 goto out; 426 427 err = nl_send_auto_complete(nl_handle, msg); 428 if (err < 0) 429 goto out; 430 431 err = 1; 432 433 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 434 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 435 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 436 437 if (valid_handler) 438 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 439 valid_handler, valid_data); 440 441 while (err > 0) 442 nl_recvmsgs(nl_handle, cb); 443 out: 444 nl_cb_put(cb); 445 nlmsg_free(msg); 446 return err; 447} 448 449 450static int send_and_recv_msgs_global(struct nl80211_global *global, 451 struct nl_msg *msg, 452 int (*valid_handler)(struct nl_msg *, void *), 453 void *valid_data) 454{ 455 return send_and_recv(global, global->nl, msg, valid_handler, 456 valid_data); 457} 458 459int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 460 struct nl_msg *msg, 461 int (*valid_handler)(struct nl_msg *, void *), 462 void *valid_data) 463{ 464 return send_and_recv(drv->global, drv->global->nl, msg, 465 valid_handler, valid_data); 466} 467 468 469struct family_data { 470 const char *group; 471 int id; 472}; 473 474 475static int family_handler(struct nl_msg *msg, void *arg) 476{ 477 struct family_data *res = arg; 478 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 479 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 480 struct nlattr *mcgrp; 481 int i; 482 483 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 484 genlmsg_attrlen(gnlh, 0), NULL); 485 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 486 return NL_SKIP; 487 488 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 489 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 490 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 491 nla_len(mcgrp), NULL); 492 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 493 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 494 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 495 res->group, 496 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 497 continue; 498 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 499 break; 500 }; 501 502 return NL_SKIP; 503} 504 505 506static int nl_get_multicast_id(struct nl80211_global *global, 507 const char *family, const char *group) 508{ 509 struct nl_msg *msg; 510 int ret = -1; 511 struct family_data res = { group, -ENOENT }; 512 513 msg = nlmsg_alloc(); 514 if (!msg) 515 return -ENOMEM; 516 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"), 517 0, 0, CTRL_CMD_GETFAMILY, 0); 518 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 519 520 ret = send_and_recv_msgs_global(global, msg, family_handler, &res); 521 msg = NULL; 522 if (ret == 0) 523 ret = res.id; 524 525nla_put_failure: 526 nlmsg_free(msg); 527 return ret; 528} 529 530 531static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv, 532 struct nl_msg *msg, int flags, uint8_t cmd) 533{ 534 return genlmsg_put(msg, 0, 0, drv->global->nl80211_id, 535 0, flags, cmd, 0); 536} 537 538 539struct wiphy_idx_data { 540 int wiphy_idx; 541}; 542 543 544static int netdev_info_handler(struct nl_msg *msg, void *arg) 545{ 546 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 547 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 548 struct wiphy_idx_data *info = arg; 549 550 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 551 genlmsg_attrlen(gnlh, 0), NULL); 552 553 if (tb[NL80211_ATTR_WIPHY]) 554 info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 555 556 return NL_SKIP; 557} 558 559 560static int nl80211_get_wiphy_index(struct i802_bss *bss) 561{ 562 struct nl_msg *msg; 563 struct wiphy_idx_data data = { 564 .wiphy_idx = -1, 565 }; 566 567 msg = nlmsg_alloc(); 568 if (!msg) 569 return -1; 570 571 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 572 573 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 574 575 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 576 return data.wiphy_idx; 577 msg = NULL; 578nla_put_failure: 579 nlmsg_free(msg); 580 return -1; 581} 582 583 584static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv, 585 struct nl80211_wiphy_data *w) 586{ 587 struct nl_msg *msg; 588 int ret = -1; 589 590 msg = nlmsg_alloc(); 591 if (!msg) 592 return -1; 593 594 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS); 595 596 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx); 597 598 ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL); 599 msg = NULL; 600 if (ret) { 601 wpa_printf(MSG_DEBUG, "nl80211: Register beacons command " 602 "failed: ret=%d (%s)", 603 ret, strerror(-ret)); 604 goto nla_put_failure; 605 } 606 ret = 0; 607nla_put_failure: 608 nlmsg_free(msg); 609 return ret; 610} 611 612 613static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle) 614{ 615 struct nl80211_wiphy_data *w = eloop_ctx; 616 617 wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available"); 618 619 nl_recvmsgs(handle, w->nl_cb); 620} 621 622 623static int process_beacon_event(struct nl_msg *msg, void *arg) 624{ 625 struct nl80211_wiphy_data *w = arg; 626 struct wpa_driver_nl80211_data *drv; 627 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 628 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 629 union wpa_event_data event; 630 631 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 632 genlmsg_attrlen(gnlh, 0), NULL); 633 634 if (gnlh->cmd != NL80211_CMD_FRAME) { 635 wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)", 636 gnlh->cmd); 637 return NL_SKIP; 638 } 639 640 if (!tb[NL80211_ATTR_FRAME]) 641 return NL_SKIP; 642 643 dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data, 644 wiphy_list) { 645 os_memset(&event, 0, sizeof(event)); 646 event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]); 647 event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]); 648 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 649 } 650 651 return NL_SKIP; 652} 653 654 655static struct nl80211_wiphy_data * 656nl80211_get_wiphy_data_ap(struct i802_bss *bss) 657{ 658 static DEFINE_DL_LIST(nl80211_wiphys); 659 struct nl80211_wiphy_data *w; 660 int wiphy_idx, found = 0; 661 struct i802_bss *tmp_bss; 662 663 if (bss->wiphy_data != NULL) 664 return bss->wiphy_data; 665 666 wiphy_idx = nl80211_get_wiphy_index(bss); 667 668 dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) { 669 if (w->wiphy_idx == wiphy_idx) 670 goto add; 671 } 672 673 /* alloc new one */ 674 w = os_zalloc(sizeof(*w)); 675 if (w == NULL) 676 return NULL; 677 w->wiphy_idx = wiphy_idx; 678 dl_list_init(&w->bsss); 679 dl_list_init(&w->drvs); 680 681 w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 682 if (!w->nl_cb) { 683 os_free(w); 684 return NULL; 685 } 686 nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 687 nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event, 688 w); 689 690 w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb, 691 "wiphy beacons"); 692 if (w->nl_beacons == NULL) { 693 os_free(w); 694 return NULL; 695 } 696 697 if (nl80211_register_beacons(bss->drv, w)) { 698 nl_destroy_handles(&w->nl_beacons); 699 os_free(w); 700 return NULL; 701 } 702 703 eloop_register_read_sock(nl_socket_get_fd(w->nl_beacons), 704 nl80211_recv_beacons, w, w->nl_beacons); 705 706 dl_list_add(&nl80211_wiphys, &w->list); 707 708add: 709 /* drv entry for this bss already there? */ 710 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 711 if (tmp_bss->drv == bss->drv) { 712 found = 1; 713 break; 714 } 715 } 716 /* if not add it */ 717 if (!found) 718 dl_list_add(&w->drvs, &bss->drv->wiphy_list); 719 720 dl_list_add(&w->bsss, &bss->wiphy_list); 721 bss->wiphy_data = w; 722 return w; 723} 724 725 726static void nl80211_put_wiphy_data_ap(struct i802_bss *bss) 727{ 728 struct nl80211_wiphy_data *w = bss->wiphy_data; 729 struct i802_bss *tmp_bss; 730 int found = 0; 731 732 if (w == NULL) 733 return; 734 bss->wiphy_data = NULL; 735 dl_list_del(&bss->wiphy_list); 736 737 /* still any for this drv present? */ 738 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 739 if (tmp_bss->drv == bss->drv) { 740 found = 1; 741 break; 742 } 743 } 744 /* if not remove it */ 745 if (!found) 746 dl_list_del(&bss->drv->wiphy_list); 747 748 if (!dl_list_empty(&w->bsss)) 749 return; 750 751 eloop_unregister_read_sock(nl_socket_get_fd(w->nl_beacons)); 752 753 nl_cb_put(w->nl_cb); 754 nl_destroy_handles(&w->nl_beacons); 755 dl_list_del(&w->list); 756 os_free(w); 757} 758 759 760static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 761{ 762 struct i802_bss *bss = priv; 763 struct wpa_driver_nl80211_data *drv = bss->drv; 764 if (!drv->associated) 765 return -1; 766 os_memcpy(bssid, drv->bssid, ETH_ALEN); 767 return 0; 768} 769 770 771static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 772{ 773 struct i802_bss *bss = priv; 774 struct wpa_driver_nl80211_data *drv = bss->drv; 775 if (!drv->associated) 776 return -1; 777 os_memcpy(ssid, drv->ssid, drv->ssid_len); 778 return drv->ssid_len; 779} 780 781 782static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv, 783 char *buf, size_t len, int del) 784{ 785 union wpa_event_data event; 786 787 os_memset(&event, 0, sizeof(event)); 788 if (len > sizeof(event.interface_status.ifname)) 789 len = sizeof(event.interface_status.ifname) - 1; 790 os_memcpy(event.interface_status.ifname, buf, len); 791 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 792 EVENT_INTERFACE_ADDED; 793 794 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 795 del ? "DEL" : "NEW", 796 event.interface_status.ifname, 797 del ? "removed" : "added"); 798 799 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) { 800 if (del) 801 drv->if_removed = 1; 802 else 803 drv->if_removed = 0; 804 } 805 806 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 807} 808 809 810static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 811 u8 *buf, size_t len) 812{ 813 int attrlen, rta_len; 814 struct rtattr *attr; 815 816 attrlen = len; 817 attr = (struct rtattr *) buf; 818 819 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 820 while (RTA_OK(attr, attrlen)) { 821 if (attr->rta_type == IFLA_IFNAME) { 822 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname) 823 == 0) 824 return 1; 825 else 826 break; 827 } 828 attr = RTA_NEXT(attr, attrlen); 829 } 830 831 return 0; 832} 833 834 835static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 836 int ifindex, u8 *buf, size_t len) 837{ 838 if (drv->ifindex == ifindex) 839 return 1; 840 841 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 842 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname); 843 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 844 "interface"); 845 wpa_driver_nl80211_finish_drv_init(drv); 846 return 1; 847 } 848 849 return 0; 850} 851 852 853static struct wpa_driver_nl80211_data * 854nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len) 855{ 856 struct wpa_driver_nl80211_data *drv; 857 dl_list_for_each(drv, &global->interfaces, 858 struct wpa_driver_nl80211_data, list) { 859 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) || 860 have_ifidx(drv, idx)) 861 return drv; 862 } 863 return NULL; 864} 865 866 867static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 868 struct ifinfomsg *ifi, 869 u8 *buf, size_t len) 870{ 871 struct nl80211_global *global = ctx; 872 struct wpa_driver_nl80211_data *drv; 873 int attrlen, rta_len; 874 struct rtattr *attr; 875 u32 brid = 0; 876 char namebuf[IFNAMSIZ]; 877 878 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 879 if (!drv) { 880 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign " 881 "ifindex %d", ifi->ifi_index); 882 return; 883 } 884 885 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 886 "(%s%s%s%s)", 887 drv->operstate, ifi->ifi_flags, 888 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 889 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 890 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 891 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 892 893 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 894 if (if_indextoname(ifi->ifi_index, namebuf) && 895 linux_iface_up(drv->global->ioctl_sock, 896 drv->first_bss.ifname) > 0) { 897 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 898 "event since interface %s is up", namebuf); 899 return; 900 } 901 wpa_printf(MSG_DEBUG, "nl80211: Interface down"); 902 if (drv->ignore_if_down_event) { 903 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 904 "event generated by mode change"); 905 drv->ignore_if_down_event = 0; 906 } else { 907 drv->if_disabled = 1; 908 wpa_supplicant_event(drv->ctx, 909 EVENT_INTERFACE_DISABLED, NULL); 910 } 911 } 912 913 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 914 if (if_indextoname(ifi->ifi_index, namebuf) && 915 linux_iface_up(drv->global->ioctl_sock, 916 drv->first_bss.ifname) == 0) { 917 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 918 "event since interface %s is down", 919 namebuf); 920 } else { 921 wpa_printf(MSG_DEBUG, "nl80211: Interface up"); 922 drv->if_disabled = 0; 923 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, 924 NULL); 925 } 926 } 927 928 /* 929 * Some drivers send the association event before the operup event--in 930 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 931 * fails. This will hit us when wpa_supplicant does not need to do 932 * IEEE 802.1X authentication 933 */ 934 if (drv->operstate == 1 && 935 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 936 !(ifi->ifi_flags & IFF_RUNNING)) 937 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 938 -1, IF_OPER_UP); 939 940 attrlen = len; 941 attr = (struct rtattr *) buf; 942 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 943 while (RTA_OK(attr, attrlen)) { 944 if (attr->rta_type == IFLA_IFNAME) { 945 wpa_driver_nl80211_event_link( 946 drv, 947 ((char *) attr) + rta_len, 948 attr->rta_len - rta_len, 0); 949 } else if (attr->rta_type == IFLA_MASTER) 950 brid = nla_get_u32((struct nlattr *) attr); 951 attr = RTA_NEXT(attr, attrlen); 952 } 953 954 if (ifi->ifi_family == AF_BRIDGE && brid) { 955 /* device has been added to bridge */ 956 if_indextoname(brid, namebuf); 957 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 958 brid, namebuf); 959 add_ifidx(drv, brid); 960 } 961} 962 963 964static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 965 struct ifinfomsg *ifi, 966 u8 *buf, size_t len) 967{ 968 struct nl80211_global *global = ctx; 969 struct wpa_driver_nl80211_data *drv; 970 int attrlen, rta_len; 971 struct rtattr *attr; 972 u32 brid = 0; 973 974 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 975 if (!drv) { 976 wpa_printf(MSG_DEBUG, "nl80211: Ignore dellink event for " 977 "foreign ifindex %d", ifi->ifi_index); 978 return; 979 } 980 981 attrlen = len; 982 attr = (struct rtattr *) buf; 983 984 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 985 while (RTA_OK(attr, attrlen)) { 986 if (attr->rta_type == IFLA_IFNAME) { 987 wpa_driver_nl80211_event_link( 988 drv, 989 ((char *) attr) + rta_len, 990 attr->rta_len - rta_len, 1); 991 } else if (attr->rta_type == IFLA_MASTER) 992 brid = nla_get_u32((struct nlattr *) attr); 993 attr = RTA_NEXT(attr, attrlen); 994 } 995 996 if (ifi->ifi_family == AF_BRIDGE && brid) { 997 /* device has been removed from bridge */ 998 char namebuf[IFNAMSIZ]; 999 if_indextoname(brid, namebuf); 1000 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 1001 "%s", brid, namebuf); 1002 del_ifidx(drv, brid); 1003 } 1004} 1005 1006 1007static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 1008 const u8 *frame, size_t len) 1009{ 1010 const struct ieee80211_mgmt *mgmt; 1011 union wpa_event_data event; 1012 1013 mgmt = (const struct ieee80211_mgmt *) frame; 1014 if (len < 24 + sizeof(mgmt->u.auth)) { 1015 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1016 "frame"); 1017 return; 1018 } 1019 1020 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 1021 os_memset(&event, 0, sizeof(event)); 1022 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 1023 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 1024 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 1025 if (len > 24 + sizeof(mgmt->u.auth)) { 1026 event.auth.ies = mgmt->u.auth.variable; 1027 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 1028 } 1029 1030 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 1031} 1032 1033 1034static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv) 1035{ 1036 struct nl_msg *msg; 1037 int ret; 1038 struct nl80211_bss_info_arg arg; 1039 1040 os_memset(&arg, 0, sizeof(arg)); 1041 msg = nlmsg_alloc(); 1042 if (!msg) 1043 goto nla_put_failure; 1044 1045 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 1046 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1047 1048 arg.drv = drv; 1049 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 1050 msg = NULL; 1051 if (ret == 0) { 1052 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the " 1053 "associated BSS from scan results: %u MHz", 1054 arg.assoc_freq); 1055 return arg.assoc_freq ? arg.assoc_freq : drv->assoc_freq; 1056 } 1057 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 1058 "(%s)", ret, strerror(-ret)); 1059nla_put_failure: 1060 nlmsg_free(msg); 1061 return drv->assoc_freq; 1062} 1063 1064 1065static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 1066 const u8 *frame, size_t len) 1067{ 1068 const struct ieee80211_mgmt *mgmt; 1069 union wpa_event_data event; 1070 u16 status; 1071 1072 mgmt = (const struct ieee80211_mgmt *) frame; 1073 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 1074 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1075 "frame"); 1076 return; 1077 } 1078 1079 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1080 if (status != WLAN_STATUS_SUCCESS) { 1081 os_memset(&event, 0, sizeof(event)); 1082 event.assoc_reject.bssid = mgmt->bssid; 1083 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1084 event.assoc_reject.resp_ies = 1085 (u8 *) mgmt->u.assoc_resp.variable; 1086 event.assoc_reject.resp_ies_len = 1087 len - 24 - sizeof(mgmt->u.assoc_resp); 1088 } 1089 event.assoc_reject.status_code = status; 1090 1091 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1092 return; 1093 } 1094 1095 drv->associated = 1; 1096 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 1097 1098 os_memset(&event, 0, sizeof(event)); 1099 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1100 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 1101 event.assoc_info.resp_ies_len = 1102 len - 24 - sizeof(mgmt->u.assoc_resp); 1103 } 1104 1105 event.assoc_info.freq = drv->assoc_freq; 1106 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1107} 1108 1109 1110static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 1111 enum nl80211_commands cmd, struct nlattr *status, 1112 struct nlattr *addr, struct nlattr *req_ie, 1113 struct nlattr *resp_ie) 1114{ 1115 union wpa_event_data event; 1116 1117 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1118 /* 1119 * Avoid reporting two association events that would confuse 1120 * the core code. 1121 */ 1122 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 1123 "when using userspace SME", cmd); 1124 return; 1125 } 1126 1127 os_memset(&event, 0, sizeof(event)); 1128 if (cmd == NL80211_CMD_CONNECT && 1129 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 1130 if (addr) 1131 event.assoc_reject.bssid = nla_data(addr); 1132 if (resp_ie) { 1133 event.assoc_reject.resp_ies = nla_data(resp_ie); 1134 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 1135 } 1136 event.assoc_reject.status_code = nla_get_u16(status); 1137 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1138 return; 1139 } 1140 1141 drv->associated = 1; 1142 if (addr) 1143 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 1144 1145 if (req_ie) { 1146 event.assoc_info.req_ies = nla_data(req_ie); 1147 event.assoc_info.req_ies_len = nla_len(req_ie); 1148 } 1149 if (resp_ie) { 1150 event.assoc_info.resp_ies = nla_data(resp_ie); 1151 event.assoc_info.resp_ies_len = nla_len(resp_ie); 1152 } 1153 1154 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 1155 1156 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1157} 1158 1159 1160static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv, 1161 struct nlattr *reason, struct nlattr *addr, 1162 struct nlattr *by_ap) 1163{ 1164 union wpa_event_data data; 1165 1166 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1167 /* 1168 * Avoid reporting two disassociation events that could 1169 * confuse the core code. 1170 */ 1171 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1172 "event when using userspace SME"); 1173 return; 1174 } 1175 1176 drv->associated = 0; 1177 os_memset(&data, 0, sizeof(data)); 1178 if (reason) 1179 data.disassoc_info.reason_code = nla_get_u16(reason); 1180 data.disassoc_info.locally_generated = by_ap == NULL; 1181 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data); 1182} 1183 1184 1185static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 1186 enum nl80211_commands cmd, struct nlattr *addr) 1187{ 1188 union wpa_event_data event; 1189 enum wpa_event_type ev; 1190 1191 if (nla_len(addr) != ETH_ALEN) 1192 return; 1193 1194 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 1195 cmd, MAC2STR((u8 *) nla_data(addr))); 1196 1197 if (cmd == NL80211_CMD_AUTHENTICATE) 1198 ev = EVENT_AUTH_TIMED_OUT; 1199 else if (cmd == NL80211_CMD_ASSOCIATE) 1200 ev = EVENT_ASSOC_TIMED_OUT; 1201 else 1202 return; 1203 1204 os_memset(&event, 0, sizeof(event)); 1205 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 1206 wpa_supplicant_event(drv->ctx, ev, &event); 1207} 1208 1209 1210static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv, 1211 struct nlattr *freq, const u8 *frame, size_t len) 1212{ 1213 const struct ieee80211_mgmt *mgmt; 1214 union wpa_event_data event; 1215 u16 fc, stype; 1216 1217 mgmt = (const struct ieee80211_mgmt *) frame; 1218 if (len < 24) { 1219 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame"); 1220 return; 1221 } 1222 1223 fc = le_to_host16(mgmt->frame_control); 1224 stype = WLAN_FC_GET_STYPE(fc); 1225 1226 os_memset(&event, 0, sizeof(event)); 1227 if (freq) { 1228 event.rx_action.freq = nla_get_u32(freq); 1229 drv->last_mgmt_freq = event.rx_action.freq; 1230 } 1231 if (stype == WLAN_FC_STYPE_ACTION) { 1232 event.rx_action.da = mgmt->da; 1233 event.rx_action.sa = mgmt->sa; 1234 event.rx_action.bssid = mgmt->bssid; 1235 event.rx_action.category = mgmt->u.action.category; 1236 event.rx_action.data = &mgmt->u.action.category + 1; 1237 event.rx_action.len = frame + len - event.rx_action.data; 1238 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event); 1239 } else { 1240 event.rx_mgmt.frame = frame; 1241 event.rx_mgmt.frame_len = len; 1242 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 1243 } 1244} 1245 1246 1247static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv, 1248 struct nlattr *cookie, const u8 *frame, 1249 size_t len, struct nlattr *ack) 1250{ 1251 union wpa_event_data event; 1252 const struct ieee80211_hdr *hdr; 1253 u16 fc; 1254 1255 if (!is_ap_interface(drv->nlmode)) { 1256 u64 cookie_val; 1257 1258 if (!cookie) 1259 return; 1260 1261 cookie_val = nla_get_u64(cookie); 1262 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:" 1263 " cookie=0%llx%s (ack=%d)", 1264 (long long unsigned int) cookie_val, 1265 cookie_val == drv->send_action_cookie ? 1266 " (match)" : " (unknown)", ack != NULL); 1267 if (cookie_val != drv->send_action_cookie) 1268 return; 1269 } 1270 1271 hdr = (const struct ieee80211_hdr *) frame; 1272 fc = le_to_host16(hdr->frame_control); 1273 1274 os_memset(&event, 0, sizeof(event)); 1275 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 1276 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 1277 event.tx_status.dst = hdr->addr1; 1278 event.tx_status.data = frame; 1279 event.tx_status.data_len = len; 1280 event.tx_status.ack = ack != NULL; 1281 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 1282} 1283 1284 1285static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 1286 enum wpa_event_type type, 1287 const u8 *frame, size_t len) 1288{ 1289 const struct ieee80211_mgmt *mgmt; 1290 union wpa_event_data event; 1291 const u8 *bssid = NULL; 1292 u16 reason_code = 0; 1293 1294 mgmt = (const struct ieee80211_mgmt *) frame; 1295 if (len >= 24) { 1296 bssid = mgmt->bssid; 1297 1298 if (drv->associated != 0 && 1299 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 1300 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 1301 /* 1302 * We have presumably received this deauth as a 1303 * response to a clear_state_mismatch() outgoing 1304 * deauth. Don't let it take us offline! 1305 */ 1306 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 1307 "from Unknown BSSID " MACSTR " -- ignoring", 1308 MAC2STR(bssid)); 1309 return; 1310 } 1311 } 1312 1313 drv->associated = 0; 1314 os_memset(&event, 0, sizeof(event)); 1315 1316 /* Note: Same offset for Reason Code in both frame subtypes */ 1317 if (len >= 24 + sizeof(mgmt->u.deauth)) 1318 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1319 1320 if (type == EVENT_DISASSOC) { 1321 event.disassoc_info.locally_generated = 1322 !os_memcmp(mgmt->sa, drv->first_bss.addr, ETH_ALEN); 1323 event.disassoc_info.addr = bssid; 1324 event.disassoc_info.reason_code = reason_code; 1325 if (frame + len > mgmt->u.disassoc.variable) { 1326 event.disassoc_info.ie = mgmt->u.disassoc.variable; 1327 event.disassoc_info.ie_len = frame + len - 1328 mgmt->u.disassoc.variable; 1329 } 1330 } else { 1331 event.deauth_info.locally_generated = 1332 !os_memcmp(mgmt->sa, drv->first_bss.addr, ETH_ALEN); 1333 event.deauth_info.addr = bssid; 1334 event.deauth_info.reason_code = reason_code; 1335 if (frame + len > mgmt->u.deauth.variable) { 1336 event.deauth_info.ie = mgmt->u.deauth.variable; 1337 event.deauth_info.ie_len = frame + len - 1338 mgmt->u.deauth.variable; 1339 } 1340 } 1341 1342 wpa_supplicant_event(drv->ctx, type, &event); 1343} 1344 1345 1346static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 1347 enum wpa_event_type type, 1348 const u8 *frame, size_t len) 1349{ 1350 const struct ieee80211_mgmt *mgmt; 1351 union wpa_event_data event; 1352 u16 reason_code = 0; 1353 1354 if (len < 24) 1355 return; 1356 1357 mgmt = (const struct ieee80211_mgmt *) frame; 1358 1359 os_memset(&event, 0, sizeof(event)); 1360 /* Note: Same offset for Reason Code in both frame subtypes */ 1361 if (len >= 24 + sizeof(mgmt->u.deauth)) 1362 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1363 1364 if (type == EVENT_UNPROT_DISASSOC) { 1365 event.unprot_disassoc.sa = mgmt->sa; 1366 event.unprot_disassoc.da = mgmt->da; 1367 event.unprot_disassoc.reason_code = reason_code; 1368 } else { 1369 event.unprot_deauth.sa = mgmt->sa; 1370 event.unprot_deauth.da = mgmt->da; 1371 event.unprot_deauth.reason_code = reason_code; 1372 } 1373 1374 wpa_supplicant_event(drv->ctx, type, &event); 1375} 1376 1377 1378static void mlme_event(struct wpa_driver_nl80211_data *drv, 1379 enum nl80211_commands cmd, struct nlattr *frame, 1380 struct nlattr *addr, struct nlattr *timed_out, 1381 struct nlattr *freq, struct nlattr *ack, 1382 struct nlattr *cookie) 1383{ 1384 if (timed_out && addr) { 1385 mlme_timeout_event(drv, cmd, addr); 1386 return; 1387 } 1388 1389 if (frame == NULL) { 1390 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame " 1391 "data", cmd); 1392 return; 1393 } 1394 1395 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd); 1396 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 1397 nla_data(frame), nla_len(frame)); 1398 1399 switch (cmd) { 1400 case NL80211_CMD_AUTHENTICATE: 1401 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 1402 break; 1403 case NL80211_CMD_ASSOCIATE: 1404 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 1405 break; 1406 case NL80211_CMD_DEAUTHENTICATE: 1407 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 1408 nla_data(frame), nla_len(frame)); 1409 break; 1410 case NL80211_CMD_DISASSOCIATE: 1411 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 1412 nla_data(frame), nla_len(frame)); 1413 break; 1414 case NL80211_CMD_FRAME: 1415 mlme_event_mgmt(drv, freq, nla_data(frame), nla_len(frame)); 1416 break; 1417 case NL80211_CMD_FRAME_TX_STATUS: 1418 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame), 1419 nla_len(frame), ack); 1420 break; 1421 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1422 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 1423 nla_data(frame), nla_len(frame)); 1424 break; 1425 case NL80211_CMD_UNPROT_DISASSOCIATE: 1426 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 1427 nla_data(frame), nla_len(frame)); 1428 break; 1429 default: 1430 break; 1431 } 1432} 1433 1434 1435static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv, 1436 struct nlattr *tb[]) 1437{ 1438 union wpa_event_data data; 1439 1440 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 1441 os_memset(&data, 0, sizeof(data)); 1442 if (tb[NL80211_ATTR_MAC]) { 1443 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 1444 nla_data(tb[NL80211_ATTR_MAC]), 1445 nla_len(tb[NL80211_ATTR_MAC])); 1446 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 1447 } 1448 if (tb[NL80211_ATTR_KEY_SEQ]) { 1449 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 1450 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 1451 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 1452 } 1453 if (tb[NL80211_ATTR_KEY_TYPE]) { 1454 enum nl80211_key_type key_type = 1455 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 1456 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 1457 if (key_type == NL80211_KEYTYPE_PAIRWISE) 1458 data.michael_mic_failure.unicast = 1; 1459 } else 1460 data.michael_mic_failure.unicast = 1; 1461 1462 if (tb[NL80211_ATTR_KEY_IDX]) { 1463 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 1464 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 1465 } 1466 1467 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 1468} 1469 1470 1471static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 1472 struct nlattr *tb[]) 1473{ 1474 if (tb[NL80211_ATTR_MAC] == NULL) { 1475 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 1476 "event"); 1477 return; 1478 } 1479 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1480 drv->associated = 1; 1481 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 1482 MAC2STR(drv->bssid)); 1483 1484 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 1485} 1486 1487 1488static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 1489 int cancel_event, struct nlattr *tb[]) 1490{ 1491 unsigned int freq, chan_type, duration; 1492 union wpa_event_data data; 1493 u64 cookie; 1494 1495 if (tb[NL80211_ATTR_WIPHY_FREQ]) 1496 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 1497 else 1498 freq = 0; 1499 1500 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 1501 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1502 else 1503 chan_type = 0; 1504 1505 if (tb[NL80211_ATTR_DURATION]) 1506 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 1507 else 1508 duration = 0; 1509 1510 if (tb[NL80211_ATTR_COOKIE]) 1511 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 1512 else 1513 cookie = 0; 1514 1515 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 1516 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 1517 cancel_event, freq, chan_type, duration, 1518 (long long unsigned int) cookie, 1519 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 1520 1521 if (cookie != drv->remain_on_chan_cookie) 1522 return; /* not for us */ 1523 1524 if (cancel_event) 1525 drv->pending_remain_on_chan = 0; 1526 1527 os_memset(&data, 0, sizeof(data)); 1528 data.remain_on_channel.freq = freq; 1529 data.remain_on_channel.duration = duration; 1530 wpa_supplicant_event(drv->ctx, cancel_event ? 1531 EVENT_CANCEL_REMAIN_ON_CHANNEL : 1532 EVENT_REMAIN_ON_CHANNEL, &data); 1533} 1534 1535 1536static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 1537 struct nlattr *tb[]) 1538{ 1539 union wpa_event_data event; 1540 struct nlattr *nl; 1541 int rem; 1542 struct scan_info *info; 1543#define MAX_REPORT_FREQS 50 1544 int freqs[MAX_REPORT_FREQS]; 1545 int num_freqs = 0; 1546 1547 if (drv->scan_for_auth) { 1548 drv->scan_for_auth = 0; 1549 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing " 1550 "cfg80211 BSS entry"); 1551 wpa_driver_nl80211_authenticate_retry(drv); 1552 return; 1553 } 1554 1555 os_memset(&event, 0, sizeof(event)); 1556 info = &event.scan_info; 1557 info->aborted = aborted; 1558 1559 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 1560 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 1561 struct wpa_driver_scan_ssid *s = 1562 &info->ssids[info->num_ssids]; 1563 s->ssid = nla_data(nl); 1564 s->ssid_len = nla_len(nl); 1565 info->num_ssids++; 1566 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 1567 break; 1568 } 1569 } 1570 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 1571 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 1572 { 1573 freqs[num_freqs] = nla_get_u32(nl); 1574 num_freqs++; 1575 if (num_freqs == MAX_REPORT_FREQS - 1) 1576 break; 1577 } 1578 info->freqs = freqs; 1579 info->num_freqs = num_freqs; 1580 } 1581 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 1582} 1583 1584 1585static int get_link_signal(struct nl_msg *msg, void *arg) 1586{ 1587 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1588 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1589 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1]; 1590 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = { 1591 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 }, 1592 }; 1593 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1]; 1594 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = { 1595 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 }, 1596 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 }, 1597 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG }, 1598 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG }, 1599 }; 1600 struct wpa_signal_info *sig_change = arg; 1601 1602 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1603 genlmsg_attrlen(gnlh, 0), NULL); 1604 if (!tb[NL80211_ATTR_STA_INFO] || 1605 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX, 1606 tb[NL80211_ATTR_STA_INFO], policy)) 1607 return NL_SKIP; 1608 if (!sinfo[NL80211_STA_INFO_SIGNAL]) 1609 return NL_SKIP; 1610 1611 sig_change->current_signal = 1612 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]); 1613 1614 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) { 1615 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX, 1616 sinfo[NL80211_STA_INFO_TX_BITRATE], 1617 rate_policy)) { 1618 sig_change->current_txrate = 0; 1619 } else { 1620 if (rinfo[NL80211_RATE_INFO_BITRATE]) { 1621 sig_change->current_txrate = 1622 nla_get_u16(rinfo[ 1623 NL80211_RATE_INFO_BITRATE]) * 100; 1624 } 1625 } 1626 } 1627 1628 return NL_SKIP; 1629} 1630 1631 1632static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, 1633 struct wpa_signal_info *sig) 1634{ 1635 struct nl_msg *msg; 1636 1637 sig->current_signal = -9999; 1638 sig->current_txrate = 0; 1639 1640 msg = nlmsg_alloc(); 1641 if (!msg) 1642 return -ENOMEM; 1643 1644 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 1645 1646 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1647 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 1648 1649 return send_and_recv_msgs(drv, msg, get_link_signal, sig); 1650 nla_put_failure: 1651 nlmsg_free(msg); 1652 return -ENOBUFS; 1653} 1654 1655 1656static int get_link_noise(struct nl_msg *msg, void *arg) 1657{ 1658 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1659 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1660 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 1661 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 1662 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 1663 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 1664 }; 1665 struct wpa_signal_info *sig_change = arg; 1666 1667 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1668 genlmsg_attrlen(gnlh, 0), NULL); 1669 1670 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 1671 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!"); 1672 return NL_SKIP; 1673 } 1674 1675 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 1676 tb[NL80211_ATTR_SURVEY_INFO], 1677 survey_policy)) { 1678 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested " 1679 "attributes!"); 1680 return NL_SKIP; 1681 } 1682 1683 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 1684 return NL_SKIP; 1685 1686 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 1687 sig_change->frequency) 1688 return NL_SKIP; 1689 1690 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 1691 return NL_SKIP; 1692 1693 sig_change->current_noise = 1694 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 1695 1696 return NL_SKIP; 1697} 1698 1699 1700static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, 1701 struct wpa_signal_info *sig_change) 1702{ 1703 struct nl_msg *msg; 1704 1705 sig_change->current_noise = 9999; 1706 sig_change->frequency = drv->assoc_freq; 1707 1708 msg = nlmsg_alloc(); 1709 if (!msg) 1710 return -ENOMEM; 1711 1712 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 1713 1714 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1715 1716 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change); 1717 nla_put_failure: 1718 nlmsg_free(msg); 1719 return -ENOBUFS; 1720} 1721 1722 1723static int get_noise_for_scan_results(struct nl_msg *msg, void *arg) 1724{ 1725 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1726 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1727 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 1728 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 1729 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 1730 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 1731 }; 1732 struct wpa_scan_results *scan_results = arg; 1733 struct wpa_scan_res *scan_res; 1734 size_t i; 1735 1736 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1737 genlmsg_attrlen(gnlh, 0), NULL); 1738 1739 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 1740 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing"); 1741 return NL_SKIP; 1742 } 1743 1744 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 1745 tb[NL80211_ATTR_SURVEY_INFO], 1746 survey_policy)) { 1747 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested " 1748 "attributes"); 1749 return NL_SKIP; 1750 } 1751 1752 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 1753 return NL_SKIP; 1754 1755 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 1756 return NL_SKIP; 1757 1758 for (i = 0; i < scan_results->num; ++i) { 1759 scan_res = scan_results->res[i]; 1760 if (!scan_res) 1761 continue; 1762 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 1763 scan_res->freq) 1764 continue; 1765 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID)) 1766 continue; 1767 scan_res->noise = (s8) 1768 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 1769 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID; 1770 } 1771 1772 return NL_SKIP; 1773} 1774 1775 1776static int nl80211_get_noise_for_scan_results( 1777 struct wpa_driver_nl80211_data *drv, 1778 struct wpa_scan_results *scan_res) 1779{ 1780 struct nl_msg *msg; 1781 1782 msg = nlmsg_alloc(); 1783 if (!msg) 1784 return -ENOMEM; 1785 1786 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 1787 1788 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1789 1790 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, 1791 scan_res); 1792 nla_put_failure: 1793 nlmsg_free(msg); 1794 return -ENOBUFS; 1795} 1796 1797 1798static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 1799 struct nlattr *tb[]) 1800{ 1801 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 1802 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 1803 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 1804 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 1805 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 1806 }; 1807 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 1808 enum nl80211_cqm_rssi_threshold_event event; 1809 union wpa_event_data ed; 1810 struct wpa_signal_info sig; 1811 int res; 1812 1813 if (tb[NL80211_ATTR_CQM] == NULL || 1814 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 1815 cqm_policy)) { 1816 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 1817 return; 1818 } 1819 1820 os_memset(&ed, 0, sizeof(ed)); 1821 1822 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 1823 if (!tb[NL80211_ATTR_MAC]) 1824 return; 1825 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 1826 ETH_ALEN); 1827 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 1828 return; 1829 } 1830 1831 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 1832 return; 1833 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 1834 1835 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 1836 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1837 "event: RSSI high"); 1838 ed.signal_change.above_threshold = 1; 1839 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 1840 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1841 "event: RSSI low"); 1842 ed.signal_change.above_threshold = 0; 1843 } else 1844 return; 1845 1846 res = nl80211_get_link_signal(drv, &sig); 1847 if (res == 0) { 1848 ed.signal_change.current_signal = sig.current_signal; 1849 ed.signal_change.current_txrate = sig.current_txrate; 1850 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 1851 sig.current_signal, sig.current_txrate); 1852 } 1853 1854 res = nl80211_get_link_noise(drv, &sig); 1855 if (res == 0) { 1856 ed.signal_change.current_noise = sig.current_noise; 1857 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 1858 sig.current_noise); 1859 } 1860 1861 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 1862} 1863 1864 1865static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 1866 struct nlattr **tb) 1867{ 1868 u8 *addr; 1869 union wpa_event_data data; 1870 1871 if (tb[NL80211_ATTR_MAC] == NULL) 1872 return; 1873 addr = nla_data(tb[NL80211_ATTR_MAC]); 1874 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 1875 1876 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 1877 u8 *ies = NULL; 1878 size_t ies_len = 0; 1879 if (tb[NL80211_ATTR_IE]) { 1880 ies = nla_data(tb[NL80211_ATTR_IE]); 1881 ies_len = nla_len(tb[NL80211_ATTR_IE]); 1882 } 1883 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 1884 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0); 1885 return; 1886 } 1887 1888 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1889 return; 1890 1891 os_memset(&data, 0, sizeof(data)); 1892 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 1893 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data); 1894} 1895 1896 1897static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 1898 struct nlattr **tb) 1899{ 1900 u8 *addr; 1901 union wpa_event_data data; 1902 1903 if (tb[NL80211_ATTR_MAC] == NULL) 1904 return; 1905 addr = nla_data(tb[NL80211_ATTR_MAC]); 1906 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 1907 MAC2STR(addr)); 1908 1909 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 1910 drv_event_disassoc(drv->ctx, addr); 1911 return; 1912 } 1913 1914 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1915 return; 1916 1917 os_memset(&data, 0, sizeof(data)); 1918 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 1919 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 1920} 1921 1922 1923static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv, 1924 struct nlattr **tb) 1925{ 1926 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA]; 1927 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = { 1928 [NL80211_REKEY_DATA_KEK] = { 1929 .minlen = NL80211_KEK_LEN, 1930 .maxlen = NL80211_KEK_LEN, 1931 }, 1932 [NL80211_REKEY_DATA_KCK] = { 1933 .minlen = NL80211_KCK_LEN, 1934 .maxlen = NL80211_KCK_LEN, 1935 }, 1936 [NL80211_REKEY_DATA_REPLAY_CTR] = { 1937 .minlen = NL80211_REPLAY_CTR_LEN, 1938 .maxlen = NL80211_REPLAY_CTR_LEN, 1939 }, 1940 }; 1941 union wpa_event_data data; 1942 1943 if (!tb[NL80211_ATTR_MAC]) 1944 return; 1945 if (!tb[NL80211_ATTR_REKEY_DATA]) 1946 return; 1947 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA, 1948 tb[NL80211_ATTR_REKEY_DATA], rekey_policy)) 1949 return; 1950 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]) 1951 return; 1952 1953 os_memset(&data, 0, sizeof(data)); 1954 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]); 1955 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR, 1956 MAC2STR(data.driver_gtk_rekey.bssid)); 1957 data.driver_gtk_rekey.replay_ctr = 1958 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]); 1959 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter", 1960 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN); 1961 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data); 1962} 1963 1964 1965static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv, 1966 struct nlattr **tb) 1967{ 1968 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE]; 1969 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = { 1970 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 }, 1971 [NL80211_PMKSA_CANDIDATE_BSSID] = { 1972 .minlen = ETH_ALEN, 1973 .maxlen = ETH_ALEN, 1974 }, 1975 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG }, 1976 }; 1977 union wpa_event_data data; 1978 1979 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE]) 1980 return; 1981 if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE, 1982 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy)) 1983 return; 1984 if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] || 1985 !cand[NL80211_PMKSA_CANDIDATE_BSSID]) 1986 return; 1987 1988 os_memset(&data, 0, sizeof(data)); 1989 os_memcpy(data.pmkid_candidate.bssid, 1990 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN); 1991 data.pmkid_candidate.index = 1992 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]); 1993 data.pmkid_candidate.preauth = 1994 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL; 1995 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 1996} 1997 1998 1999static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv, 2000 struct nlattr **tb) 2001{ 2002 union wpa_event_data data; 2003 2004 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK]) 2005 return; 2006 2007 os_memset(&data, 0, sizeof(data)); 2008 os_memcpy(data.client_poll.addr, 2009 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2010 2011 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data); 2012} 2013 2014 2015static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb, 2016 int wds) 2017{ 2018 struct wpa_driver_nl80211_data *drv = bss->drv; 2019 union wpa_event_data event; 2020 2021 if (!tb[NL80211_ATTR_MAC]) 2022 return; 2023 2024 os_memset(&event, 0, sizeof(event)); 2025 event.rx_from_unknown.bssid = bss->addr; 2026 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]); 2027 event.rx_from_unknown.wds = wds; 2028 2029 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 2030} 2031 2032 2033static void do_process_drv_event(struct wpa_driver_nl80211_data *drv, 2034 int cmd, struct nlattr **tb) 2035{ 2036 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED && 2037 (cmd == NL80211_CMD_NEW_SCAN_RESULTS || 2038 cmd == NL80211_CMD_SCAN_ABORTED)) { 2039 wpa_driver_nl80211_set_mode(&drv->first_bss, 2040 drv->ap_scan_as_station); 2041 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 2042 } 2043 2044 switch (cmd) { 2045 case NL80211_CMD_TRIGGER_SCAN: 2046 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger"); 2047 break; 2048 case NL80211_CMD_START_SCHED_SCAN: 2049 wpa_printf(MSG_DEBUG, "nl80211: Sched scan started"); 2050 break; 2051 case NL80211_CMD_SCHED_SCAN_STOPPED: 2052 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stopped"); 2053 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL); 2054 break; 2055 case NL80211_CMD_NEW_SCAN_RESULTS: 2056 wpa_printf(MSG_DEBUG, "nl80211: New scan results available"); 2057 drv->scan_complete_events = 1; 2058 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2059 drv->ctx); 2060 send_scan_event(drv, 0, tb); 2061 break; 2062 case NL80211_CMD_SCHED_SCAN_RESULTS: 2063 wpa_printf(MSG_DEBUG, 2064 "nl80211: New sched scan results available"); 2065 send_scan_event(drv, 0, tb); 2066 break; 2067 case NL80211_CMD_SCAN_ABORTED: 2068 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted"); 2069 /* 2070 * Need to indicate that scan results are available in order 2071 * not to make wpa_supplicant stop its scanning. 2072 */ 2073 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2074 drv->ctx); 2075 send_scan_event(drv, 1, tb); 2076 break; 2077 case NL80211_CMD_AUTHENTICATE: 2078 case NL80211_CMD_ASSOCIATE: 2079 case NL80211_CMD_DEAUTHENTICATE: 2080 case NL80211_CMD_DISASSOCIATE: 2081 case NL80211_CMD_FRAME_TX_STATUS: 2082 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 2083 case NL80211_CMD_UNPROT_DISASSOCIATE: 2084 mlme_event(drv, cmd, tb[NL80211_ATTR_FRAME], 2085 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 2086 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 2087 tb[NL80211_ATTR_COOKIE]); 2088 break; 2089 case NL80211_CMD_CONNECT: 2090 case NL80211_CMD_ROAM: 2091 mlme_event_connect(drv, cmd, 2092 tb[NL80211_ATTR_STATUS_CODE], 2093 tb[NL80211_ATTR_MAC], 2094 tb[NL80211_ATTR_REQ_IE], 2095 tb[NL80211_ATTR_RESP_IE]); 2096 break; 2097 case NL80211_CMD_DISCONNECT: 2098 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE], 2099 tb[NL80211_ATTR_MAC], 2100 tb[NL80211_ATTR_DISCONNECTED_BY_AP]); 2101 break; 2102 case NL80211_CMD_MICHAEL_MIC_FAILURE: 2103 mlme_event_michael_mic_failure(drv, tb); 2104 break; 2105 case NL80211_CMD_JOIN_IBSS: 2106 mlme_event_join_ibss(drv, tb); 2107 break; 2108 case NL80211_CMD_REMAIN_ON_CHANNEL: 2109 mlme_event_remain_on_channel(drv, 0, tb); 2110 break; 2111 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 2112 mlme_event_remain_on_channel(drv, 1, tb); 2113 break; 2114 case NL80211_CMD_NOTIFY_CQM: 2115 nl80211_cqm_event(drv, tb); 2116 break; 2117 case NL80211_CMD_REG_CHANGE: 2118 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 2119 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 2120 NULL); 2121 break; 2122 case NL80211_CMD_REG_BEACON_HINT: 2123 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 2124 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 2125 NULL); 2126 break; 2127 case NL80211_CMD_NEW_STATION: 2128 nl80211_new_station_event(drv, tb); 2129 break; 2130 case NL80211_CMD_DEL_STATION: 2131 nl80211_del_station_event(drv, tb); 2132 break; 2133 case NL80211_CMD_SET_REKEY_OFFLOAD: 2134 nl80211_rekey_offload_event(drv, tb); 2135 break; 2136 case NL80211_CMD_PMKSA_CANDIDATE: 2137 nl80211_pmksa_candidate_event(drv, tb); 2138 break; 2139 case NL80211_CMD_PROBE_CLIENT: 2140 nl80211_client_probe_event(drv, tb); 2141 break; 2142 default: 2143 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 2144 "(cmd=%d)", cmd); 2145 break; 2146 } 2147} 2148 2149 2150static int process_drv_event(struct nl_msg *msg, void *arg) 2151{ 2152 struct wpa_driver_nl80211_data *drv = arg; 2153 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2154 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2155 2156 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2157 genlmsg_attrlen(gnlh, 0), NULL); 2158 2159 if (tb[NL80211_ATTR_IFINDEX]) { 2160 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 2161 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) { 2162 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)" 2163 " for foreign interface (ifindex %d)", 2164 gnlh->cmd, ifindex); 2165 return NL_SKIP; 2166 } 2167 } 2168 2169 do_process_drv_event(drv, gnlh->cmd, tb); 2170 return NL_SKIP; 2171} 2172 2173 2174static int process_global_event(struct nl_msg *msg, void *arg) 2175{ 2176 struct nl80211_global *global = arg; 2177 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2178 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2179 struct wpa_driver_nl80211_data *drv; 2180 int ifidx = -1; 2181 2182 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2183 genlmsg_attrlen(gnlh, 0), NULL); 2184 2185 if (tb[NL80211_ATTR_IFINDEX]) 2186 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 2187 2188 dl_list_for_each(drv, &global->interfaces, 2189 struct wpa_driver_nl80211_data, list) { 2190 if (ifidx == -1 || ifidx == drv->ifindex || 2191 have_ifidx(drv, ifidx)) 2192 do_process_drv_event(drv, gnlh->cmd, tb); 2193 } 2194 2195 return NL_SKIP; 2196} 2197 2198 2199static int process_bss_event(struct nl_msg *msg, void *arg) 2200{ 2201 struct i802_bss *bss = arg; 2202 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2203 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2204 2205 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2206 genlmsg_attrlen(gnlh, 0), NULL); 2207 2208 switch (gnlh->cmd) { 2209 case NL80211_CMD_FRAME: 2210 case NL80211_CMD_FRAME_TX_STATUS: 2211 mlme_event(bss->drv, gnlh->cmd, tb[NL80211_ATTR_FRAME], 2212 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 2213 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 2214 tb[NL80211_ATTR_COOKIE]); 2215 break; 2216 case NL80211_CMD_UNEXPECTED_FRAME: 2217 nl80211_spurious_frame(bss, tb, 0); 2218 break; 2219 case NL80211_CMD_UNEXPECTED_4ADDR_FRAME: 2220 nl80211_spurious_frame(bss, tb, 1); 2221 break; 2222 default: 2223 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 2224 "(cmd=%d)", gnlh->cmd); 2225 break; 2226 } 2227 2228 return NL_SKIP; 2229} 2230 2231 2232static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 2233 void *handle) 2234{ 2235 struct nl_cb *cb = eloop_ctx; 2236 2237 wpa_printf(MSG_DEBUG, "nl80211: Event message available"); 2238 2239 nl_recvmsgs(handle, cb); 2240} 2241 2242 2243/** 2244 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 2245 * @priv: driver_nl80211 private data 2246 * @alpha2_arg: country to which to switch to 2247 * Returns: 0 on success, -1 on failure 2248 * 2249 * This asks nl80211 to set the regulatory domain for given 2250 * country ISO / IEC alpha2. 2251 */ 2252static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 2253{ 2254 struct i802_bss *bss = priv; 2255 struct wpa_driver_nl80211_data *drv = bss->drv; 2256 char alpha2[3]; 2257 struct nl_msg *msg; 2258 2259 msg = nlmsg_alloc(); 2260 if (!msg) 2261 return -ENOMEM; 2262 2263 alpha2[0] = alpha2_arg[0]; 2264 alpha2[1] = alpha2_arg[1]; 2265 alpha2[2] = '\0'; 2266 2267 nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG); 2268 2269 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 2270 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 2271 return -EINVAL; 2272 return 0; 2273nla_put_failure: 2274 nlmsg_free(msg); 2275 return -EINVAL; 2276} 2277 2278 2279struct wiphy_info_data { 2280 struct wpa_driver_capa *capa; 2281 2282 unsigned int error:1; 2283 unsigned int device_ap_sme:1; 2284 unsigned int poll_command_supported:1; 2285 unsigned int data_tx_status:1; 2286 unsigned int monitor_supported:1; 2287}; 2288 2289 2290static unsigned int probe_resp_offload_support(int supp_protocols) 2291{ 2292 unsigned int prot = 0; 2293 2294 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS) 2295 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS; 2296 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2) 2297 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2; 2298 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P) 2299 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P; 2300 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U) 2301 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING; 2302 2303 return prot; 2304} 2305 2306 2307static int wiphy_info_handler(struct nl_msg *msg, void *arg) 2308{ 2309 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2310 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2311 struct wiphy_info_data *info = arg; 2312 int p2p_go_supported = 0, p2p_client_supported = 0; 2313 int p2p_concurrent = 0; 2314 int auth_supported = 0, connect_supported = 0; 2315 struct wpa_driver_capa *capa = info->capa; 2316 static struct nla_policy 2317 iface_combination_policy[NUM_NL80211_IFACE_COMB] = { 2318 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED }, 2319 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 }, 2320 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG }, 2321 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 }, 2322 }, 2323 iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = { 2324 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED }, 2325 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 }, 2326 }; 2327 2328 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2329 genlmsg_attrlen(gnlh, 0), NULL); 2330 2331 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 2332 capa->max_scan_ssids = 2333 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 2334 2335 if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]) 2336 capa->max_sched_scan_ssids = 2337 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]); 2338 2339 if (tb[NL80211_ATTR_MAX_MATCH_SETS]) 2340 capa->max_match_sets = 2341 nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]); 2342 2343 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) { 2344 struct nlattr *nl_mode; 2345 int i; 2346 nla_for_each_nested(nl_mode, 2347 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) { 2348 switch (nla_type(nl_mode)) { 2349 case NL80211_IFTYPE_AP: 2350 capa->flags |= WPA_DRIVER_FLAGS_AP; 2351 break; 2352 case NL80211_IFTYPE_P2P_GO: 2353 p2p_go_supported = 1; 2354 break; 2355 case NL80211_IFTYPE_P2P_CLIENT: 2356 p2p_client_supported = 1; 2357 break; 2358 case NL80211_IFTYPE_MONITOR: 2359 info->monitor_supported = 1; 2360 break; 2361 } 2362 } 2363 } 2364 2365 if (tb[NL80211_ATTR_INTERFACE_COMBINATIONS]) { 2366 struct nlattr *nl_combi; 2367 int rem_combi; 2368 2369 nla_for_each_nested(nl_combi, 2370 tb[NL80211_ATTR_INTERFACE_COMBINATIONS], 2371 rem_combi) { 2372 struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB]; 2373 struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT]; 2374 struct nlattr *nl_limit, *nl_mode; 2375 int err, rem_limit, rem_mode; 2376 int combination_has_p2p = 0, combination_has_mgd = 0; 2377 2378 err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB, 2379 nl_combi, 2380 iface_combination_policy); 2381 if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] || 2382 !tb_comb[NL80211_IFACE_COMB_MAXNUM] || 2383 !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]) 2384 goto broken_combination; 2385 2386 nla_for_each_nested(nl_limit, 2387 tb_comb[NL80211_IFACE_COMB_LIMITS], 2388 rem_limit) { 2389 err = nla_parse_nested(tb_limit, 2390 MAX_NL80211_IFACE_LIMIT, 2391 nl_limit, 2392 iface_limit_policy); 2393 if (err || 2394 !tb_limit[NL80211_IFACE_LIMIT_TYPES]) 2395 goto broken_combination; 2396 2397 nla_for_each_nested( 2398 nl_mode, 2399 tb_limit[NL80211_IFACE_LIMIT_TYPES], 2400 rem_mode) { 2401 int ift = nla_type(nl_mode); 2402 if (ift == NL80211_IFTYPE_P2P_GO || 2403 ift == NL80211_IFTYPE_P2P_CLIENT) 2404 combination_has_p2p = 1; 2405 if (ift == NL80211_IFTYPE_STATION) 2406 combination_has_mgd = 1; 2407 } 2408 if (combination_has_p2p && combination_has_mgd) 2409 break; 2410 } 2411 2412 if (combination_has_p2p && combination_has_mgd) { 2413 p2p_concurrent = 1; 2414 break; 2415 } 2416 2417broken_combination: 2418 ; 2419 } 2420 } 2421 2422 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) { 2423 struct nlattr *nl_cmd; 2424 int i; 2425 2426 nla_for_each_nested(nl_cmd, 2427 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) { 2428 switch (nla_get_u32(nl_cmd)) { 2429 case NL80211_CMD_AUTHENTICATE: 2430 auth_supported = 1; 2431 break; 2432 case NL80211_CMD_CONNECT: 2433 connect_supported = 1; 2434 break; 2435 case NL80211_CMD_START_SCHED_SCAN: 2436 capa->sched_scan_supported = 1; 2437 break; 2438 case NL80211_CMD_PROBE_CLIENT: 2439 info->poll_command_supported = 1; 2440 break; 2441 } 2442 } 2443 } 2444 2445 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) { 2446 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based " 2447 "off-channel TX"); 2448 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 2449 } 2450 2451 if (tb[NL80211_ATTR_ROAM_SUPPORT]) { 2452 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming"); 2453 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION; 2454 } 2455 2456 /* default to 5000 since early versions of mac80211 don't set it */ 2457 capa->max_remain_on_chan = 5000; 2458 2459 if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD]) 2460 capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD; 2461 2462 if (tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]) 2463 capa->max_remain_on_chan = 2464 nla_get_u32(tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]); 2465 2466 if (auth_supported) 2467 capa->flags |= WPA_DRIVER_FLAGS_SME; 2468 else if (!connect_supported) { 2469 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 2470 "authentication/association or connect commands"); 2471 info->error = 1; 2472 } 2473 2474 if (p2p_go_supported && p2p_client_supported) 2475 capa->flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE; 2476 if (p2p_concurrent) { 2477 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 2478 "interface (driver advertised support)"); 2479 capa->flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 2480 capa->flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 2481 } 2482 2483 if (tb[NL80211_ATTR_TDLS_SUPPORT]) { 2484 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported"); 2485 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT; 2486 2487 if (tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]) { 2488 wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup"); 2489 capa->flags |= 2490 WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP; 2491 } 2492 } 2493#ifndef ANDROID_P2P 2494 if (tb[NL80211_ATTR_DEVICE_AP_SME]) 2495#endif 2496 info->device_ap_sme = 1; 2497 2498 if (tb[NL80211_ATTR_FEATURE_FLAGS]) { 2499 u32 flags = nla_get_u32(tb[NL80211_ATTR_FEATURE_FLAGS]); 2500 2501 if (flags & NL80211_FEATURE_SK_TX_STATUS) 2502 info->data_tx_status = 1; 2503 } 2504 2505 if (tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]) { 2506 int protocols = 2507 nla_get_u32(tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]); 2508 wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response " 2509 "offload in AP mode"); 2510 capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD; 2511 capa->probe_resp_offloads = 2512 probe_resp_offload_support(protocols); 2513 } 2514 2515 return NL_SKIP; 2516} 2517 2518 2519static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 2520 struct wiphy_info_data *info) 2521{ 2522 struct nl_msg *msg; 2523 2524 os_memset(info, 0, sizeof(*info)); 2525 info->capa = &drv->capa; 2526 2527 msg = nlmsg_alloc(); 2528 if (!msg) 2529 return -1; 2530 2531 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 2532 2533 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex); 2534 2535 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0) 2536 return 0; 2537 msg = NULL; 2538nla_put_failure: 2539 nlmsg_free(msg); 2540 return -1; 2541} 2542 2543 2544static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 2545{ 2546 struct wiphy_info_data info; 2547 if (wpa_driver_nl80211_get_info(drv, &info)) 2548 return -1; 2549 2550 if (info.error) 2551 return -1; 2552 2553 drv->has_capability = 1; 2554 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */ 2555 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 2556 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 2557 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 2558 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 2559 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 | 2560 WPA_DRIVER_CAPA_ENC_WEP104 | 2561 WPA_DRIVER_CAPA_ENC_TKIP | 2562 WPA_DRIVER_CAPA_ENC_CCMP; 2563 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 2564 WPA_DRIVER_AUTH_SHARED | 2565 WPA_DRIVER_AUTH_LEAP; 2566 2567 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES; 2568 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 2569 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 2570 drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS; 2571 2572 drv->device_ap_sme = info.device_ap_sme; 2573 drv->poll_command_supported = info.poll_command_supported; 2574 drv->data_tx_status = info.data_tx_status; 2575 2576 /* 2577 * If poll command is supported mac80211 is new enough to 2578 * have everything we need to not need monitor interfaces. 2579 */ 2580 drv->use_monitor = !info.poll_command_supported; 2581 2582 if (drv->device_ap_sme && drv->use_monitor) { 2583 /* 2584 * Non-mac80211 drivers may not support monitor interface. 2585 * Make sure we do not get stuck with incorrect capability here 2586 * by explicitly testing this. 2587 */ 2588 if (!info.monitor_supported) { 2589 wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor " 2590 "with device_ap_sme since no monitor mode " 2591 "support detected"); 2592 drv->use_monitor = 0; 2593 } 2594 } 2595 2596 /* 2597 * If we aren't going to use monitor interfaces, but the 2598 * driver doesn't support data TX status, we won't get TX 2599 * status for EAPOL frames. 2600 */ 2601 if (!drv->use_monitor && !info.data_tx_status) 2602 drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 2603 2604 return 0; 2605} 2606 2607 2608#ifdef ANDROID 2609static int android_genl_ctrl_resolve(struct nl_handle *handle, 2610 const char *name) 2611{ 2612 /* 2613 * Android ICS has very minimal genl_ctrl_resolve() implementation, so 2614 * need to work around that. 2615 */ 2616 struct nl_cache *cache = NULL; 2617 struct genl_family *nl80211 = NULL; 2618 int id = -1; 2619 2620 if (genl_ctrl_alloc_cache(handle, &cache) < 0) { 2621 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 2622 "netlink cache"); 2623 goto fail; 2624 } 2625 2626 nl80211 = genl_ctrl_search_by_name(cache, name); 2627 if (nl80211 == NULL) 2628 goto fail; 2629 2630 id = genl_family_get_id(nl80211); 2631 2632fail: 2633 if (nl80211) 2634 genl_family_put(nl80211); 2635 if (cache) 2636 nl_cache_free(cache); 2637 2638 return id; 2639} 2640#define genl_ctrl_resolve android_genl_ctrl_resolve 2641#endif /* ANDROID */ 2642 2643 2644static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global) 2645{ 2646 int ret; 2647 2648 global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 2649 if (global->nl_cb == NULL) { 2650 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 2651 "callbacks"); 2652 return -1; 2653 } 2654 2655 global->nl = nl_create_handle(global->nl_cb, "nl"); 2656 if (global->nl == NULL) 2657 goto err; 2658 2659 global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211"); 2660 if (global->nl80211_id < 0) { 2661 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 2662 "found"); 2663 goto err; 2664 } 2665 2666 global->nl_event = nl_create_handle(global->nl_cb, "event"); 2667 if (global->nl_event == NULL) 2668 goto err; 2669 2670 ret = nl_get_multicast_id(global, "nl80211", "scan"); 2671 if (ret >= 0) 2672 ret = nl_socket_add_membership(global->nl_event, ret); 2673 if (ret < 0) { 2674 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 2675 "membership for scan events: %d (%s)", 2676 ret, strerror(-ret)); 2677 goto err; 2678 } 2679 2680 ret = nl_get_multicast_id(global, "nl80211", "mlme"); 2681 if (ret >= 0) 2682 ret = nl_socket_add_membership(global->nl_event, ret); 2683 if (ret < 0) { 2684 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 2685 "membership for mlme events: %d (%s)", 2686 ret, strerror(-ret)); 2687 goto err; 2688 } 2689 2690 ret = nl_get_multicast_id(global, "nl80211", "regulatory"); 2691 if (ret >= 0) 2692 ret = nl_socket_add_membership(global->nl_event, ret); 2693 if (ret < 0) { 2694 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 2695 "membership for regulatory events: %d (%s)", 2696 ret, strerror(-ret)); 2697 /* Continue without regulatory events */ 2698 } 2699 2700 nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 2701 no_seq_check, NULL); 2702 nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 2703 process_global_event, global); 2704 2705 eloop_register_read_sock(nl_socket_get_fd(global->nl_event), 2706 wpa_driver_nl80211_event_receive, 2707 global->nl_cb, global->nl_event); 2708 2709 return 0; 2710 2711err: 2712 nl_destroy_handles(&global->nl_event); 2713 nl_destroy_handles(&global->nl); 2714 nl_cb_put(global->nl_cb); 2715 global->nl_cb = NULL; 2716 return -1; 2717} 2718 2719 2720static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) 2721{ 2722 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 2723 if (!drv->nl_cb) { 2724 wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct"); 2725 return -1; 2726 } 2727 2728 nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 2729 no_seq_check, NULL); 2730 nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 2731 process_drv_event, drv); 2732 2733 return 0; 2734} 2735 2736 2737static void wpa_driver_nl80211_rfkill_blocked(void *ctx) 2738{ 2739 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); 2740 /* 2741 * This may be for any interface; use ifdown event to disable 2742 * interface. 2743 */ 2744} 2745 2746 2747static void wpa_driver_nl80211_rfkill_unblocked(void *ctx) 2748{ 2749 struct wpa_driver_nl80211_data *drv = ctx; 2750 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked"); 2751 if (linux_set_iface_flags(drv->global->ioctl_sock, 2752 drv->first_bss.ifname, 1)) { 2753 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP " 2754 "after rfkill unblock"); 2755 return; 2756 } 2757 /* rtnetlink ifup handler will report interface as enabled */ 2758} 2759 2760 2761static void nl80211_get_phy_name(struct wpa_driver_nl80211_data *drv) 2762{ 2763 /* Find phy (radio) to which this interface belongs */ 2764 char buf[90], *pos; 2765 int f, rv; 2766 2767 drv->phyname[0] = '\0'; 2768 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name", 2769 drv->first_bss.ifname); 2770 f = open(buf, O_RDONLY); 2771 if (f < 0) { 2772 wpa_printf(MSG_DEBUG, "Could not open file %s: %s", 2773 buf, strerror(errno)); 2774 return; 2775 } 2776 2777 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1); 2778 close(f); 2779 if (rv < 0) { 2780 wpa_printf(MSG_DEBUG, "Could not read file %s: %s", 2781 buf, strerror(errno)); 2782 return; 2783 } 2784 2785 drv->phyname[rv] = '\0'; 2786 pos = os_strchr(drv->phyname, '\n'); 2787 if (pos) 2788 *pos = '\0'; 2789 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s", 2790 drv->first_bss.ifname, drv->phyname); 2791} 2792 2793 2794static void wpa_driver_nl80211_handle_eapol_tx_status(int sock, 2795 void *eloop_ctx, 2796 void *handle) 2797{ 2798 struct wpa_driver_nl80211_data *drv = eloop_ctx; 2799 u8 data[2048]; 2800 struct msghdr msg; 2801 struct iovec entry; 2802 struct { 2803 struct cmsghdr cm; 2804 char control[512]; 2805 } control; 2806 struct cmsghdr *cmsg; 2807 int res, found_ee = 0, found_wifi = 0, acked = 0; 2808 union wpa_event_data event; 2809 2810 memset(&msg, 0, sizeof(msg)); 2811 msg.msg_iov = &entry; 2812 msg.msg_iovlen = 1; 2813 entry.iov_base = data; 2814 entry.iov_len = sizeof(data); 2815 msg.msg_control = &control; 2816 msg.msg_controllen = sizeof(control); 2817 2818 res = recvmsg(sock, &msg, MSG_ERRQUEUE); 2819 /* if error or not fitting 802.3 header, return */ 2820 if (res < 14) 2821 return; 2822 2823 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) 2824 { 2825 if (cmsg->cmsg_level == SOL_SOCKET && 2826 cmsg->cmsg_type == SCM_WIFI_STATUS) { 2827 int *ack; 2828 2829 found_wifi = 1; 2830 ack = (void *)CMSG_DATA(cmsg); 2831 acked = *ack; 2832 } 2833 2834 if (cmsg->cmsg_level == SOL_PACKET && 2835 cmsg->cmsg_type == PACKET_TX_TIMESTAMP) { 2836 struct sock_extended_err *err = 2837 (struct sock_extended_err *)CMSG_DATA(cmsg); 2838 2839 if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS) 2840 found_ee = 1; 2841 } 2842 } 2843 2844 if (!found_ee || !found_wifi) 2845 return; 2846 2847 memset(&event, 0, sizeof(event)); 2848 event.eapol_tx_status.dst = data; 2849 event.eapol_tx_status.data = data + 14; 2850 event.eapol_tx_status.data_len = res - 14; 2851 event.eapol_tx_status.ack = acked; 2852 wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event); 2853} 2854 2855 2856static int nl80211_init_bss(struct i802_bss *bss) 2857{ 2858 bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 2859 if (!bss->nl_cb) 2860 return -1; 2861 2862 nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 2863 no_seq_check, NULL); 2864 nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 2865 process_bss_event, bss); 2866 2867 return 0; 2868} 2869 2870 2871static void nl80211_destroy_bss(struct i802_bss *bss) 2872{ 2873 nl_cb_put(bss->nl_cb); 2874 bss->nl_cb = NULL; 2875} 2876 2877 2878/** 2879 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 2880 * @ctx: context to be used when calling wpa_supplicant functions, 2881 * e.g., wpa_supplicant_event() 2882 * @ifname: interface name, e.g., wlan0 2883 * @global_priv: private driver global data from global_init() 2884 * Returns: Pointer to private data, %NULL on failure 2885 */ 2886static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, 2887 void *global_priv) 2888{ 2889 struct wpa_driver_nl80211_data *drv; 2890 struct rfkill_config *rcfg; 2891 struct i802_bss *bss; 2892 2893 if (global_priv == NULL) 2894 return NULL; 2895 drv = os_zalloc(sizeof(*drv)); 2896 if (drv == NULL) 2897 return NULL; 2898 drv->global = global_priv; 2899 drv->ctx = ctx; 2900 bss = &drv->first_bss; 2901 bss->drv = drv; 2902 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 2903 drv->monitor_ifidx = -1; 2904 drv->monitor_sock = -1; 2905 drv->eapol_tx_sock = -1; 2906 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 2907 2908 if (wpa_driver_nl80211_init_nl(drv)) { 2909 os_free(drv); 2910 return NULL; 2911 } 2912 2913 if (nl80211_init_bss(bss)) 2914 goto failed; 2915 2916 nl80211_get_phy_name(drv); 2917 2918 rcfg = os_zalloc(sizeof(*rcfg)); 2919 if (rcfg == NULL) 2920 goto failed; 2921 rcfg->ctx = drv; 2922 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 2923 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked; 2924 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked; 2925 drv->rfkill = rfkill_init(rcfg); 2926 if (drv->rfkill == NULL) { 2927 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available"); 2928 os_free(rcfg); 2929 } 2930 2931 if (wpa_driver_nl80211_finish_drv_init(drv)) 2932 goto failed; 2933 2934 drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0); 2935 if (drv->eapol_tx_sock < 0) 2936 goto failed; 2937 2938 if (drv->data_tx_status) { 2939 int enabled = 1; 2940 2941 if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS, 2942 &enabled, sizeof(enabled)) < 0) { 2943 wpa_printf(MSG_DEBUG, 2944 "nl80211: wifi status sockopt failed\n"); 2945 drv->data_tx_status = 0; 2946 if (!drv->use_monitor) 2947 drv->capa.flags &= 2948 ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 2949 } else { 2950 eloop_register_read_sock(drv->eapol_tx_sock, 2951 wpa_driver_nl80211_handle_eapol_tx_status, 2952 drv, NULL); 2953 } 2954 } 2955 2956 if (drv->global) { 2957 dl_list_add(&drv->global->interfaces, &drv->list); 2958 drv->in_interface_list = 1; 2959 } 2960 2961 return bss; 2962 2963failed: 2964 wpa_driver_nl80211_deinit(bss); 2965 return NULL; 2966} 2967 2968 2969static int nl80211_register_frame(struct i802_bss *bss, 2970 struct nl_handle *nl_handle, 2971 u16 type, const u8 *match, size_t match_len) 2972{ 2973 struct wpa_driver_nl80211_data *drv = bss->drv; 2974 struct nl_msg *msg; 2975 int ret = -1; 2976 2977 msg = nlmsg_alloc(); 2978 if (!msg) 2979 return -1; 2980 2981 wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x nl_handle=%p", 2982 type, nl_handle); 2983 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 2984 match, match_len); 2985 2986 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION); 2987 2988 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 2989 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type); 2990 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 2991 2992 ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL); 2993 msg = NULL; 2994 if (ret) { 2995 wpa_printf(MSG_DEBUG, "nl80211: Register frame command " 2996 "failed (type=%u): ret=%d (%s)", 2997 type, ret, strerror(-ret)); 2998 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 2999 match, match_len); 3000 goto nla_put_failure; 3001 } 3002 ret = 0; 3003nla_put_failure: 3004 nlmsg_free(msg); 3005 return ret; 3006} 3007 3008 3009static int nl80211_alloc_mgmt_handle(struct i802_bss *bss) 3010{ 3011 struct wpa_driver_nl80211_data *drv = bss->drv; 3012 3013 if (bss->nl_mgmt) { 3014 wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting " 3015 "already on! (nl_mgmt=%p)", bss->nl_mgmt); 3016 return -1; 3017 } 3018 3019 bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt"); 3020 if (bss->nl_mgmt == NULL) 3021 return -1; 3022 3023 eloop_register_read_sock(nl_socket_get_fd(bss->nl_mgmt), 3024 wpa_driver_nl80211_event_receive, bss->nl_cb, 3025 bss->nl_mgmt); 3026 3027 return 0; 3028} 3029 3030 3031static int nl80211_register_action_frame(struct i802_bss *bss, 3032 const u8 *match, size_t match_len) 3033{ 3034 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4); 3035 return nl80211_register_frame(bss, bss->nl_mgmt, 3036 type, match, match_len); 3037} 3038 3039 3040static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss) 3041{ 3042 struct wpa_driver_nl80211_data *drv = bss->drv; 3043 3044 if (nl80211_alloc_mgmt_handle(bss)) 3045 return -1; 3046 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP " 3047 "handle %p", bss->nl_mgmt); 3048 3049#if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING) 3050 /* GAS Initial Request */ 3051 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0) 3052 return -1; 3053 /* GAS Initial Response */ 3054 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0) 3055 return -1; 3056 /* GAS Comeback Request */ 3057 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0) 3058 return -1; 3059 /* GAS Comeback Response */ 3060 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0) 3061 return -1; 3062#endif /* CONFIG_P2P || CONFIG_INTERWORKING */ 3063#ifdef CONFIG_P2P 3064 /* P2P Public Action */ 3065 if (nl80211_register_action_frame(bss, 3066 (u8 *) "\x04\x09\x50\x6f\x9a\x09", 3067 6) < 0) 3068 return -1; 3069 /* P2P Action */ 3070 if (nl80211_register_action_frame(bss, 3071 (u8 *) "\x7f\x50\x6f\x9a\x09", 3072 5) < 0) 3073 return -1; 3074#endif /* CONFIG_P2P */ 3075#ifdef CONFIG_IEEE80211W 3076 /* SA Query Response */ 3077 if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0) 3078 return -1; 3079#endif /* CONFIG_IEEE80211W */ 3080#ifdef CONFIG_TDLS 3081 if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) { 3082 /* TDLS Discovery Response */ 3083 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) < 3084 0) 3085 return -1; 3086 } 3087#endif /* CONFIG_TDLS */ 3088 3089 /* FT Action frames */ 3090 if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0) 3091 return -1; 3092 else 3093 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 3094 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 3095 3096 /* WNM - BSS Transition Management Request */ 3097 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0) 3098 return -1; 3099 3100 return 0; 3101} 3102 3103 3104static int nl80211_register_spurious_class3(struct i802_bss *bss) 3105{ 3106 struct wpa_driver_nl80211_data *drv = bss->drv; 3107 struct nl_msg *msg; 3108 int ret = -1; 3109 3110 msg = nlmsg_alloc(); 3111 if (!msg) 3112 return -1; 3113 3114 nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME); 3115 3116 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 3117 3118 ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL); 3119 msg = NULL; 3120 if (ret) { 3121 wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 " 3122 "failed: ret=%d (%s)", 3123 ret, strerror(-ret)); 3124 goto nla_put_failure; 3125 } 3126 ret = 0; 3127nla_put_failure: 3128 nlmsg_free(msg); 3129 return ret; 3130} 3131 3132 3133static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss) 3134{ 3135 static const int stypes[] = { 3136 WLAN_FC_STYPE_AUTH, 3137 WLAN_FC_STYPE_ASSOC_REQ, 3138 WLAN_FC_STYPE_REASSOC_REQ, 3139 WLAN_FC_STYPE_DISASSOC, 3140 WLAN_FC_STYPE_DEAUTH, 3141 WLAN_FC_STYPE_ACTION, 3142 WLAN_FC_STYPE_PROBE_REQ, 3143/* Beacon doesn't work as mac80211 doesn't currently allow 3144 * it, but it wouldn't really be the right thing anyway as 3145 * it isn't per interface ... maybe just dump the scan 3146 * results periodically for OLBC? 3147 */ 3148// WLAN_FC_STYPE_BEACON, 3149 }; 3150 unsigned int i; 3151 3152 if (nl80211_alloc_mgmt_handle(bss)) 3153 return -1; 3154 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 3155 "handle %p", bss->nl_mgmt); 3156 3157 for (i = 0; i < sizeof(stypes) / sizeof(stypes[0]); i++) { 3158 if (nl80211_register_frame(bss, bss->nl_mgmt, 3159 (WLAN_FC_TYPE_MGMT << 2) | 3160 (stypes[i] << 4), 3161 NULL, 0) < 0) { 3162 goto out_err; 3163 } 3164 } 3165 3166 if (nl80211_register_spurious_class3(bss)) 3167 goto out_err; 3168 3169 if (nl80211_get_wiphy_data_ap(bss) == NULL) 3170 goto out_err; 3171 3172 return 0; 3173 3174out_err: 3175 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt)); 3176 nl_destroy_handles(&bss->nl_mgmt); 3177 return -1; 3178} 3179 3180 3181static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss) 3182{ 3183 if (nl80211_alloc_mgmt_handle(bss)) 3184 return -1; 3185 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 3186 "handle %p (device SME)", bss->nl_mgmt); 3187 3188 if (nl80211_register_frame(bss, bss->nl_mgmt, 3189 (WLAN_FC_TYPE_MGMT << 2) | 3190 (WLAN_FC_STYPE_ACTION << 4), 3191 NULL, 0) < 0) 3192 goto out_err; 3193 3194 return 0; 3195 3196out_err: 3197 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt)); 3198 nl_destroy_handles(&bss->nl_mgmt); 3199 return -1; 3200} 3201 3202 3203static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason) 3204{ 3205 if (bss->nl_mgmt == NULL) 3206 return; 3207 wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p " 3208 "(%s)", bss->nl_mgmt, reason); 3209 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt)); 3210 nl_destroy_handles(&bss->nl_mgmt); 3211 3212 nl80211_put_wiphy_data_ap(bss); 3213} 3214 3215 3216static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx) 3217{ 3218 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 3219} 3220 3221 3222static int 3223wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv) 3224{ 3225 struct i802_bss *bss = &drv->first_bss; 3226 int send_rfkill_event = 0; 3227 3228 drv->ifindex = if_nametoindex(bss->ifname); 3229 drv->first_bss.ifindex = drv->ifindex; 3230 3231#ifndef HOSTAPD 3232 /* 3233 * Make sure the interface starts up in station mode unless this is a 3234 * dynamically added interface (e.g., P2P) that was already configured 3235 * with proper iftype. 3236 */ 3237 if (drv->ifindex != drv->global->if_add_ifindex && 3238 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION) < 0) { 3239 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver to " 3240 "use managed mode"); 3241 return -1; 3242 } 3243 3244 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) { 3245 if (rfkill_is_blocked(drv->rfkill)) { 3246 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable " 3247 "interface '%s' due to rfkill", 3248 bss->ifname); 3249 drv->if_disabled = 1; 3250 send_rfkill_event = 1; 3251 } else { 3252 wpa_printf(MSG_ERROR, "nl80211: Could not set " 3253 "interface '%s' UP", bss->ifname); 3254 return -1; 3255 } 3256 } 3257 3258 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 3259 1, IF_OPER_DORMANT); 3260#endif /* HOSTAPD */ 3261 3262 if (wpa_driver_nl80211_capa(drv)) 3263 return -1; 3264 3265 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 3266 bss->addr)) 3267 return -1; 3268 3269 if (send_rfkill_event) { 3270 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill, 3271 drv, drv->ctx); 3272 } 3273 3274 return 0; 3275} 3276 3277 3278static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 3279{ 3280 struct nl_msg *msg; 3281 3282 msg = nlmsg_alloc(); 3283 if (!msg) 3284 return -ENOMEM; 3285 3286 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON); 3287 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3288 3289 return send_and_recv_msgs(drv, msg, NULL, NULL); 3290 nla_put_failure: 3291 nlmsg_free(msg); 3292 return -ENOBUFS; 3293} 3294 3295 3296/** 3297 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 3298 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init() 3299 * 3300 * Shut down driver interface and processing of driver events. Free 3301 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 3302 */ 3303static void wpa_driver_nl80211_deinit(void *priv) 3304{ 3305 struct i802_bss *bss = priv; 3306 struct wpa_driver_nl80211_data *drv = bss->drv; 3307 3308 if (drv->data_tx_status) 3309 eloop_unregister_read_sock(drv->eapol_tx_sock); 3310 if (drv->eapol_tx_sock >= 0) 3311 close(drv->eapol_tx_sock); 3312 3313 if (bss->nl_preq) 3314 wpa_driver_nl80211_probe_req_report(bss, 0); 3315 if (bss->added_if_into_bridge) { 3316 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 3317 bss->ifname) < 0) 3318 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 3319 "interface %s from bridge %s: %s", 3320 bss->ifname, bss->brname, strerror(errno)); 3321 } 3322 if (bss->added_bridge) { 3323 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 3324 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 3325 "bridge %s: %s", 3326 bss->brname, strerror(errno)); 3327 } 3328 3329 nl80211_remove_monitor_interface(drv); 3330 3331 if (is_ap_interface(drv->nlmode)) 3332 wpa_driver_nl80211_del_beacon(drv); 3333 3334#ifdef HOSTAPD 3335 if (drv->last_freq_ht) { 3336 /* Clear HT flags from the driver */ 3337 struct hostapd_freq_params freq; 3338 os_memset(&freq, 0, sizeof(freq)); 3339 freq.freq = drv->last_freq; 3340 i802_set_freq(priv, &freq); 3341 } 3342 3343 if (drv->eapol_sock >= 0) { 3344 eloop_unregister_read_sock(drv->eapol_sock); 3345 close(drv->eapol_sock); 3346 } 3347 3348 if (drv->if_indices != drv->default_if_indices) 3349 os_free(drv->if_indices); 3350#endif /* HOSTAPD */ 3351 3352 if (drv->disabled_11b_rates) 3353 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 3354 3355 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0, 3356 IF_OPER_UP); 3357 rfkill_deinit(drv->rfkill); 3358 3359 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 3360 3361 (void) linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0); 3362 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION); 3363 nl80211_mgmt_unsubscribe(bss, "deinit"); 3364 3365 nl_cb_put(drv->nl_cb); 3366 3367 nl80211_destroy_bss(&drv->first_bss); 3368 3369 os_free(drv->filter_ssids); 3370 3371 os_free(drv->auth_ie); 3372 3373 if (drv->in_interface_list) 3374 dl_list_del(&drv->list); 3375 3376 os_free(drv); 3377} 3378 3379 3380/** 3381 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 3382 * @eloop_ctx: Driver private data 3383 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 3384 * 3385 * This function can be used as registered timeout when starting a scan to 3386 * generate a scan completed event if the driver does not report this. 3387 */ 3388static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 3389{ 3390 struct wpa_driver_nl80211_data *drv = eloop_ctx; 3391 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) { 3392 wpa_driver_nl80211_set_mode(&drv->first_bss, 3393 drv->ap_scan_as_station); 3394 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 3395 } 3396 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 3397 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 3398} 3399 3400 3401/** 3402 * wpa_driver_nl80211_scan - Request the driver to initiate scan 3403 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 3404 * @params: Scan parameters 3405 * Returns: 0 on success, -1 on failure 3406 */ 3407static int wpa_driver_nl80211_scan(void *priv, 3408 struct wpa_driver_scan_params *params) 3409{ 3410 struct i802_bss *bss = priv; 3411 struct wpa_driver_nl80211_data *drv = bss->drv; 3412 int ret = 0, timeout; 3413 struct nl_msg *msg, *ssids, *freqs, *rates; 3414 size_t i; 3415 3416 drv->scan_for_auth = 0; 3417 3418 msg = nlmsg_alloc(); 3419 ssids = nlmsg_alloc(); 3420 freqs = nlmsg_alloc(); 3421 rates = nlmsg_alloc(); 3422 if (!msg || !ssids || !freqs || !rates) { 3423 nlmsg_free(msg); 3424 nlmsg_free(ssids); 3425 nlmsg_free(freqs); 3426 nlmsg_free(rates); 3427 return -1; 3428 } 3429 3430 os_free(drv->filter_ssids); 3431 drv->filter_ssids = params->filter_ssids; 3432 params->filter_ssids = NULL; 3433 drv->num_filter_ssids = params->num_filter_ssids; 3434 3435 nl80211_cmd(drv, msg, 0, NL80211_CMD_TRIGGER_SCAN); 3436 3437 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3438 3439 for (i = 0; i < params->num_ssids; i++) { 3440 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 3441 params->ssids[i].ssid, 3442 params->ssids[i].ssid_len); 3443 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len, 3444 params->ssids[i].ssid); 3445 } 3446 if (params->num_ssids) 3447 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids); 3448 3449 if (params->extra_ies) { 3450 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", 3451 params->extra_ies, params->extra_ies_len); 3452 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len, 3453 params->extra_ies); 3454 } 3455 3456 if (params->freqs) { 3457 for (i = 0; params->freqs[i]; i++) { 3458 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 3459 "MHz", params->freqs[i]); 3460 NLA_PUT_U32(freqs, i + 1, params->freqs[i]); 3461 } 3462 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs); 3463 } 3464 3465 if (params->p2p_probe) { 3466 /* 3467 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates 3468 * by masking out everything else apart from the OFDM rates 6, 3469 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz 3470 * rates are left enabled. 3471 */ 3472 NLA_PUT(rates, NL80211_BAND_2GHZ, 8, 3473 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 3474 nla_put_nested(msg, NL80211_ATTR_SCAN_SUPP_RATES, rates); 3475 3476 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 3477 } 3478 3479 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3480 msg = NULL; 3481 if (ret) { 3482 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 3483 "(%s)", ret, strerror(-ret)); 3484#ifdef HOSTAPD 3485 if (is_ap_interface(drv->nlmode)) { 3486 /* 3487 * mac80211 does not allow scan requests in AP mode, so 3488 * try to do this in station mode. 3489 */ 3490 if (wpa_driver_nl80211_set_mode( 3491 bss, NL80211_IFTYPE_STATION)) 3492 goto nla_put_failure; 3493 3494 if (wpa_driver_nl80211_scan(drv, params)) { 3495 wpa_driver_nl80211_set_mode(bss, drv->nlmode); 3496 goto nla_put_failure; 3497 } 3498 3499 /* Restore AP mode when processing scan results */ 3500 drv->ap_scan_as_station = drv->nlmode; 3501 ret = 0; 3502 } else 3503 goto nla_put_failure; 3504#else /* HOSTAPD */ 3505 goto nla_put_failure; 3506#endif /* HOSTAPD */ 3507 } 3508 3509 /* Not all drivers generate "scan completed" wireless event, so try to 3510 * read results after a timeout. */ 3511 timeout = 10; 3512 if (drv->scan_complete_events) { 3513 /* 3514 * The driver seems to deliver events to notify when scan is 3515 * complete, so use longer timeout to avoid race conditions 3516 * with scanning and following association request. 3517 */ 3518 timeout = 30; 3519 } 3520 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 3521 "seconds", ret, timeout); 3522 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 3523 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 3524 drv, drv->ctx); 3525 3526nla_put_failure: 3527 nlmsg_free(ssids); 3528 nlmsg_free(msg); 3529 nlmsg_free(freqs); 3530 nlmsg_free(rates); 3531 return ret; 3532} 3533 3534 3535/** 3536 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan 3537 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 3538 * @params: Scan parameters 3539 * @interval: Interval between scan cycles in milliseconds 3540 * Returns: 0 on success, -1 on failure or if not supported 3541 */ 3542static int wpa_driver_nl80211_sched_scan(void *priv, 3543 struct wpa_driver_scan_params *params, 3544 u32 interval) 3545{ 3546 struct i802_bss *bss = priv; 3547 struct wpa_driver_nl80211_data *drv = bss->drv; 3548 int ret = 0; 3549 struct nl_msg *msg, *ssids, *freqs, *match_set_ssid, *match_sets; 3550 size_t i; 3551 3552#ifdef ANDROID 3553 if (!drv->capa.sched_scan_supported) 3554 return android_pno_start(bss, params); 3555#endif /* ANDROID */ 3556 3557 msg = nlmsg_alloc(); 3558 ssids = nlmsg_alloc(); 3559 freqs = nlmsg_alloc(); 3560 if (!msg || !ssids || !freqs) { 3561 nlmsg_free(msg); 3562 nlmsg_free(ssids); 3563 nlmsg_free(freqs); 3564 return -1; 3565 } 3566 3567 os_free(drv->filter_ssids); 3568 drv->filter_ssids = params->filter_ssids; 3569 params->filter_ssids = NULL; 3570 drv->num_filter_ssids = params->num_filter_ssids; 3571 3572 nl80211_cmd(drv, msg, 0, NL80211_CMD_START_SCHED_SCAN); 3573 3574 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3575 3576 NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval); 3577 3578 if (drv->num_filter_ssids && 3579 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) { 3580 match_sets = nlmsg_alloc(); 3581 3582 for (i = 0; i < drv->num_filter_ssids; i++) { 3583 wpa_hexdump_ascii(MSG_MSGDUMP, 3584 "nl80211: Sched scan filter SSID", 3585 drv->filter_ssids[i].ssid, 3586 drv->filter_ssids[i].ssid_len); 3587 3588 match_set_ssid = nlmsg_alloc(); 3589 nla_put(match_set_ssid, 3590 NL80211_ATTR_SCHED_SCAN_MATCH_SSID, 3591 drv->filter_ssids[i].ssid_len, 3592 drv->filter_ssids[i].ssid); 3593 3594 nla_put_nested(match_sets, i + 1, match_set_ssid); 3595 3596 nlmsg_free(match_set_ssid); 3597 } 3598 3599 nla_put_nested(msg, NL80211_ATTR_SCHED_SCAN_MATCH, 3600 match_sets); 3601 nlmsg_free(match_sets); 3602 } 3603 3604 for (i = 0; i < params->num_ssids; i++) { 3605 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Sched scan SSID", 3606 params->ssids[i].ssid, 3607 params->ssids[i].ssid_len); 3608 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len, 3609 params->ssids[i].ssid); 3610 } 3611 if (params->num_ssids) 3612 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids); 3613 3614 if (params->extra_ies) { 3615 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Sched scan extra IEs", 3616 params->extra_ies, params->extra_ies_len); 3617 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len, 3618 params->extra_ies); 3619 } 3620 3621 if (params->freqs) { 3622 for (i = 0; params->freqs[i]; i++) { 3623 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 3624 "MHz", params->freqs[i]); 3625 NLA_PUT_U32(freqs, i + 1, params->freqs[i]); 3626 } 3627 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs); 3628 } 3629 3630 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3631 3632 /* TODO: if we get an error here, we should fall back to normal scan */ 3633 3634 msg = NULL; 3635 if (ret) { 3636 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: " 3637 "ret=%d (%s)", ret, strerror(-ret)); 3638 goto nla_put_failure; 3639 } 3640 3641 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - " 3642 "scan interval %d msec", ret, interval); 3643 3644nla_put_failure: 3645 nlmsg_free(ssids); 3646 nlmsg_free(msg); 3647 nlmsg_free(freqs); 3648 return ret; 3649} 3650 3651 3652/** 3653 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan 3654 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 3655 * Returns: 0 on success, -1 on failure or if not supported 3656 */ 3657static int wpa_driver_nl80211_stop_sched_scan(void *priv) 3658{ 3659 struct i802_bss *bss = priv; 3660 struct wpa_driver_nl80211_data *drv = bss->drv; 3661 int ret = 0; 3662 struct nl_msg *msg; 3663 3664#ifdef ANDROID 3665 if (!drv->capa.sched_scan_supported) 3666 return android_pno_stop(bss); 3667#endif /* ANDROID */ 3668 3669 msg = nlmsg_alloc(); 3670 if (!msg) 3671 return -1; 3672 3673 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN); 3674 3675 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3676 3677 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3678 msg = NULL; 3679 if (ret) { 3680 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: " 3681 "ret=%d (%s)", ret, strerror(-ret)); 3682 goto nla_put_failure; 3683 } 3684 3685 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret); 3686 3687nla_put_failure: 3688 nlmsg_free(msg); 3689 return ret; 3690} 3691 3692 3693static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 3694{ 3695 const u8 *end, *pos; 3696 3697 if (ies == NULL) 3698 return NULL; 3699 3700 pos = ies; 3701 end = ies + ies_len; 3702 3703 while (pos + 1 < end) { 3704 if (pos + 2 + pos[1] > end) 3705 break; 3706 if (pos[0] == ie) 3707 return pos; 3708 pos += 2 + pos[1]; 3709 } 3710 3711 return NULL; 3712} 3713 3714 3715static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 3716 const u8 *ie, size_t ie_len) 3717{ 3718 const u8 *ssid; 3719 size_t i; 3720 3721 if (drv->filter_ssids == NULL) 3722 return 0; 3723 3724 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 3725 if (ssid == NULL) 3726 return 1; 3727 3728 for (i = 0; i < drv->num_filter_ssids; i++) { 3729 if (ssid[1] == drv->filter_ssids[i].ssid_len && 3730 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 3731 0) 3732 return 0; 3733 } 3734 3735 return 1; 3736} 3737 3738 3739static int bss_info_handler(struct nl_msg *msg, void *arg) 3740{ 3741 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3742 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3743 struct nlattr *bss[NL80211_BSS_MAX + 1]; 3744 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 3745 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 3746 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 3747 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 3748 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 3749 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 3750 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 3751 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 3752 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 3753 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 3754 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 3755 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 3756 }; 3757 struct nl80211_bss_info_arg *_arg = arg; 3758 struct wpa_scan_results *res = _arg->res; 3759 struct wpa_scan_res **tmp; 3760 struct wpa_scan_res *r; 3761 const u8 *ie, *beacon_ie; 3762 size_t ie_len, beacon_ie_len; 3763 u8 *pos; 3764 size_t i; 3765 3766 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3767 genlmsg_attrlen(gnlh, 0), NULL); 3768 if (!tb[NL80211_ATTR_BSS]) 3769 return NL_SKIP; 3770 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 3771 bss_policy)) 3772 return NL_SKIP; 3773 if (bss[NL80211_BSS_STATUS]) { 3774 enum nl80211_bss_status status; 3775 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 3776 if (status == NL80211_BSS_STATUS_ASSOCIATED && 3777 bss[NL80211_BSS_FREQUENCY]) { 3778 _arg->assoc_freq = 3779 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 3780 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz", 3781 _arg->assoc_freq); 3782 } 3783 if (status == NL80211_BSS_STATUS_ASSOCIATED && 3784 bss[NL80211_BSS_BSSID]) { 3785 os_memcpy(_arg->assoc_bssid, 3786 nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN); 3787 wpa_printf(MSG_DEBUG, "nl80211: Associated with " 3788 MACSTR, MAC2STR(_arg->assoc_bssid)); 3789 } 3790 } 3791 if (!res) 3792 return NL_SKIP; 3793 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 3794 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 3795 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 3796 } else { 3797 ie = NULL; 3798 ie_len = 0; 3799 } 3800 if (bss[NL80211_BSS_BEACON_IES]) { 3801 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 3802 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 3803 } else { 3804 beacon_ie = NULL; 3805 beacon_ie_len = 0; 3806 } 3807 3808 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 3809 ie ? ie_len : beacon_ie_len)) 3810 return NL_SKIP; 3811 3812 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 3813 if (r == NULL) 3814 return NL_SKIP; 3815 if (bss[NL80211_BSS_BSSID]) 3816 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 3817 ETH_ALEN); 3818 if (bss[NL80211_BSS_FREQUENCY]) 3819 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 3820 if (bss[NL80211_BSS_BEACON_INTERVAL]) 3821 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 3822 if (bss[NL80211_BSS_CAPABILITY]) 3823 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 3824 r->flags |= WPA_SCAN_NOISE_INVALID; 3825 if (bss[NL80211_BSS_SIGNAL_MBM]) { 3826 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 3827 r->level /= 100; /* mBm to dBm */ 3828 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 3829 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 3830 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 3831 r->flags |= WPA_SCAN_QUAL_INVALID; 3832 } else 3833 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 3834 if (bss[NL80211_BSS_TSF]) 3835 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 3836 if (bss[NL80211_BSS_SEEN_MS_AGO]) 3837 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 3838 r->ie_len = ie_len; 3839 pos = (u8 *) (r + 1); 3840 if (ie) { 3841 os_memcpy(pos, ie, ie_len); 3842 pos += ie_len; 3843 } 3844 r->beacon_ie_len = beacon_ie_len; 3845 if (beacon_ie) 3846 os_memcpy(pos, beacon_ie, beacon_ie_len); 3847 3848 if (bss[NL80211_BSS_STATUS]) { 3849 enum nl80211_bss_status status; 3850 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 3851 switch (status) { 3852 case NL80211_BSS_STATUS_AUTHENTICATED: 3853 r->flags |= WPA_SCAN_AUTHENTICATED; 3854 break; 3855 case NL80211_BSS_STATUS_ASSOCIATED: 3856 r->flags |= WPA_SCAN_ASSOCIATED; 3857 break; 3858 default: 3859 break; 3860 } 3861 } 3862 3863 /* 3864 * cfg80211 maintains separate BSS table entries for APs if the same 3865 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does 3866 * not use frequency as a separate key in the BSS table, so filter out 3867 * duplicated entries. Prefer associated BSS entry in such a case in 3868 * order to get the correct frequency into the BSS table. 3869 */ 3870 for (i = 0; i < res->num; i++) { 3871 const u8 *s1, *s2; 3872 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0) 3873 continue; 3874 3875 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1), 3876 res->res[i]->ie_len, WLAN_EID_SSID); 3877 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID); 3878 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] || 3879 os_memcmp(s1, s2, 2 + s1[1]) != 0) 3880 continue; 3881 3882 /* Same BSSID,SSID was already included in scan results */ 3883 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result " 3884 "for " MACSTR, MAC2STR(r->bssid)); 3885 3886 if ((r->flags & WPA_SCAN_ASSOCIATED) && 3887 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) { 3888 os_free(res->res[i]); 3889 res->res[i] = r; 3890 } else 3891 os_free(r); 3892 return NL_SKIP; 3893 } 3894 3895 tmp = os_realloc(res->res, 3896 (res->num + 1) * sizeof(struct wpa_scan_res *)); 3897 if (tmp == NULL) { 3898 os_free(r); 3899 return NL_SKIP; 3900 } 3901 tmp[res->num++] = r; 3902 res->res = tmp; 3903 3904 return NL_SKIP; 3905} 3906 3907 3908static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 3909 const u8 *addr) 3910{ 3911 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 3912 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 3913 "mismatch (" MACSTR ")", MAC2STR(addr)); 3914 wpa_driver_nl80211_mlme(drv, addr, 3915 NL80211_CMD_DEAUTHENTICATE, 3916 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 3917 } 3918} 3919 3920 3921static void wpa_driver_nl80211_check_bss_status( 3922 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 3923{ 3924 size_t i; 3925 3926 for (i = 0; i < res->num; i++) { 3927 struct wpa_scan_res *r = res->res[i]; 3928 if (r->flags & WPA_SCAN_AUTHENTICATED) { 3929 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 3930 "indicates BSS status with " MACSTR 3931 " as authenticated", 3932 MAC2STR(r->bssid)); 3933 if (is_sta_interface(drv->nlmode) && 3934 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 3935 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 3936 0) { 3937 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 3938 " in local state (auth=" MACSTR 3939 " assoc=" MACSTR ")", 3940 MAC2STR(drv->auth_bssid), 3941 MAC2STR(drv->bssid)); 3942 clear_state_mismatch(drv, r->bssid); 3943 } 3944 } 3945 3946 if (r->flags & WPA_SCAN_ASSOCIATED) { 3947 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 3948 "indicate BSS status with " MACSTR 3949 " as associated", 3950 MAC2STR(r->bssid)); 3951 if (is_sta_interface(drv->nlmode) && 3952 !drv->associated) { 3953 wpa_printf(MSG_DEBUG, "nl80211: Local state " 3954 "(not associated) does not match " 3955 "with BSS state"); 3956 clear_state_mismatch(drv, r->bssid); 3957 } else if (is_sta_interface(drv->nlmode) && 3958 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 3959 0) { 3960 wpa_printf(MSG_DEBUG, "nl80211: Local state " 3961 "(associated with " MACSTR ") does " 3962 "not match with BSS state", 3963 MAC2STR(drv->bssid)); 3964 clear_state_mismatch(drv, r->bssid); 3965 clear_state_mismatch(drv, drv->bssid); 3966 } 3967 } 3968 } 3969} 3970 3971 3972static struct wpa_scan_results * 3973nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 3974{ 3975 struct nl_msg *msg; 3976 struct wpa_scan_results *res; 3977 int ret; 3978 struct nl80211_bss_info_arg arg; 3979 3980 res = os_zalloc(sizeof(*res)); 3981 if (res == NULL) 3982 return NULL; 3983 msg = nlmsg_alloc(); 3984 if (!msg) 3985 goto nla_put_failure; 3986 3987 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 3988 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3989 3990 arg.drv = drv; 3991 arg.res = res; 3992 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 3993 msg = NULL; 3994 if (ret == 0) { 3995 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu " 3996 "BSSes)", (unsigned long) res->num); 3997 nl80211_get_noise_for_scan_results(drv, res); 3998 return res; 3999 } 4000 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 4001 "(%s)", ret, strerror(-ret)); 4002nla_put_failure: 4003 nlmsg_free(msg); 4004 wpa_scan_results_free(res); 4005 return NULL; 4006} 4007 4008 4009/** 4010 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 4011 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 4012 * Returns: Scan results on success, -1 on failure 4013 */ 4014static struct wpa_scan_results * 4015wpa_driver_nl80211_get_scan_results(void *priv) 4016{ 4017 struct i802_bss *bss = priv; 4018 struct wpa_driver_nl80211_data *drv = bss->drv; 4019 struct wpa_scan_results *res; 4020 4021 res = nl80211_get_scan_results(drv); 4022 if (res) 4023 wpa_driver_nl80211_check_bss_status(drv, res); 4024 return res; 4025} 4026 4027 4028static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 4029{ 4030 struct wpa_scan_results *res; 4031 size_t i; 4032 4033 res = nl80211_get_scan_results(drv); 4034 if (res == NULL) { 4035 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 4036 return; 4037 } 4038 4039 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 4040 for (i = 0; i < res->num; i++) { 4041 struct wpa_scan_res *r = res->res[i]; 4042 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 4043 (int) i, (int) res->num, MAC2STR(r->bssid), 4044 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 4045 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 4046 } 4047 4048 wpa_scan_results_free(res); 4049} 4050 4051 4052static int wpa_driver_nl80211_set_key(const char *ifname, void *priv, 4053 enum wpa_alg alg, const u8 *addr, 4054 int key_idx, int set_tx, 4055 const u8 *seq, size_t seq_len, 4056 const u8 *key, size_t key_len) 4057{ 4058 struct i802_bss *bss = priv; 4059 struct wpa_driver_nl80211_data *drv = bss->drv; 4060 int ifindex = if_nametoindex(ifname); 4061 struct nl_msg *msg; 4062 int ret; 4063 4064 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d " 4065 "set_tx=%d seq_len=%lu key_len=%lu", 4066 __func__, ifindex, alg, addr, key_idx, set_tx, 4067 (unsigned long) seq_len, (unsigned long) key_len); 4068#ifdef CONFIG_TDLS 4069 if (key_idx == -1) 4070 key_idx = 0; 4071#endif /* CONFIG_TDLS */ 4072 4073 msg = nlmsg_alloc(); 4074 if (!msg) 4075 return -ENOMEM; 4076 4077 if (alg == WPA_ALG_NONE) { 4078 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY); 4079 } else { 4080 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY); 4081 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 4082 switch (alg) { 4083 case WPA_ALG_WEP: 4084 if (key_len == 5) 4085 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 4086 WLAN_CIPHER_SUITE_WEP40); 4087 else 4088 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 4089 WLAN_CIPHER_SUITE_WEP104); 4090 break; 4091 case WPA_ALG_TKIP: 4092 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 4093 WLAN_CIPHER_SUITE_TKIP); 4094 break; 4095 case WPA_ALG_CCMP: 4096 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 4097 WLAN_CIPHER_SUITE_CCMP); 4098 break; 4099 case WPA_ALG_IGTK: 4100 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 4101 WLAN_CIPHER_SUITE_AES_CMAC); 4102 break; 4103 default: 4104 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 4105 "algorithm %d", __func__, alg); 4106 nlmsg_free(msg); 4107 return -1; 4108 } 4109 } 4110 4111 if (seq && seq_len) 4112 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 4113 4114 if (addr && !is_broadcast_ether_addr(addr)) { 4115 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 4116 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 4117 4118 if (alg != WPA_ALG_WEP && key_idx && !set_tx) { 4119 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK"); 4120 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, 4121 NL80211_KEYTYPE_GROUP); 4122 } 4123 } else if (addr && is_broadcast_ether_addr(addr)) { 4124 struct nl_msg *types; 4125 int err; 4126 wpa_printf(MSG_DEBUG, " broadcast key"); 4127 types = nlmsg_alloc(); 4128 if (!types) 4129 goto nla_put_failure; 4130 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 4131 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 4132 types); 4133 nlmsg_free(types); 4134 if (err) 4135 goto nla_put_failure; 4136 } 4137 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 4138 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 4139 4140 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4141 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 4142 ret = 0; 4143 if (ret) 4144 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 4145 ret, strerror(-ret)); 4146 4147 /* 4148 * If we failed or don't need to set the default TX key (below), 4149 * we're done here. 4150 */ 4151 if (ret || !set_tx || alg == WPA_ALG_NONE) 4152 return ret; 4153 if (is_ap_interface(drv->nlmode) && addr && 4154 !is_broadcast_ether_addr(addr)) 4155 return ret; 4156 4157 msg = nlmsg_alloc(); 4158 if (!msg) 4159 return -ENOMEM; 4160 4161 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY); 4162 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 4163 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 4164 if (alg == WPA_ALG_IGTK) 4165 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 4166 else 4167 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 4168 if (addr && is_broadcast_ether_addr(addr)) { 4169 struct nl_msg *types; 4170 int err; 4171 types = nlmsg_alloc(); 4172 if (!types) 4173 goto nla_put_failure; 4174 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 4175 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 4176 types); 4177 nlmsg_free(types); 4178 if (err) 4179 goto nla_put_failure; 4180 } else if (addr) { 4181 struct nl_msg *types; 4182 int err; 4183 types = nlmsg_alloc(); 4184 if (!types) 4185 goto nla_put_failure; 4186 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_UNICAST); 4187 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 4188 types); 4189 nlmsg_free(types); 4190 if (err) 4191 goto nla_put_failure; 4192 } 4193 4194 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4195 if (ret == -ENOENT) 4196 ret = 0; 4197 if (ret) 4198 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 4199 "err=%d %s)", ret, strerror(-ret)); 4200 return ret; 4201 4202nla_put_failure: 4203 nlmsg_free(msg); 4204 return -ENOBUFS; 4205} 4206 4207 4208static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 4209 int key_idx, int defkey, 4210 const u8 *seq, size_t seq_len, 4211 const u8 *key, size_t key_len) 4212{ 4213 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 4214 if (!key_attr) 4215 return -1; 4216 4217 if (defkey && alg == WPA_ALG_IGTK) 4218 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 4219 else if (defkey) 4220 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 4221 4222 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 4223 4224 switch (alg) { 4225 case WPA_ALG_WEP: 4226 if (key_len == 5) 4227 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 4228 WLAN_CIPHER_SUITE_WEP40); 4229 else 4230 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 4231 WLAN_CIPHER_SUITE_WEP104); 4232 break; 4233 case WPA_ALG_TKIP: 4234 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP); 4235 break; 4236 case WPA_ALG_CCMP: 4237 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP); 4238 break; 4239 case WPA_ALG_IGTK: 4240 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 4241 WLAN_CIPHER_SUITE_AES_CMAC); 4242 break; 4243 default: 4244 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 4245 "algorithm %d", __func__, alg); 4246 return -1; 4247 } 4248 4249 if (seq && seq_len) 4250 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 4251 4252 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 4253 4254 nla_nest_end(msg, key_attr); 4255 4256 return 0; 4257 nla_put_failure: 4258 return -1; 4259} 4260 4261 4262static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 4263 struct nl_msg *msg) 4264{ 4265 int i, privacy = 0; 4266 struct nlattr *nl_keys, *nl_key; 4267 4268 for (i = 0; i < 4; i++) { 4269 if (!params->wep_key[i]) 4270 continue; 4271 privacy = 1; 4272 break; 4273 } 4274 if (params->wps == WPS_MODE_PRIVACY) 4275 privacy = 1; 4276 if (params->pairwise_suite && 4277 params->pairwise_suite != WPA_CIPHER_NONE) 4278 privacy = 1; 4279 4280 if (!privacy) 4281 return 0; 4282 4283 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 4284 4285 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 4286 if (!nl_keys) 4287 goto nla_put_failure; 4288 4289 for (i = 0; i < 4; i++) { 4290 if (!params->wep_key[i]) 4291 continue; 4292 4293 nl_key = nla_nest_start(msg, i); 4294 if (!nl_key) 4295 goto nla_put_failure; 4296 4297 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 4298 params->wep_key[i]); 4299 if (params->wep_key_len[i] == 5) 4300 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 4301 WLAN_CIPHER_SUITE_WEP40); 4302 else 4303 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 4304 WLAN_CIPHER_SUITE_WEP104); 4305 4306 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 4307 4308 if (i == params->wep_tx_keyidx) 4309 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 4310 4311 nla_nest_end(msg, nl_key); 4312 } 4313 nla_nest_end(msg, nl_keys); 4314 4315 return 0; 4316 4317nla_put_failure: 4318 return -ENOBUFS; 4319} 4320 4321 4322static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 4323 const u8 *addr, int cmd, u16 reason_code, 4324 int local_state_change) 4325{ 4326 int ret = -1; 4327 struct nl_msg *msg; 4328 4329 msg = nlmsg_alloc(); 4330 if (!msg) 4331 return -1; 4332 4333 nl80211_cmd(drv, msg, 0, cmd); 4334 4335 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4336 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 4337 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 4338 if (local_state_change) 4339 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 4340 4341 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4342 msg = NULL; 4343 if (ret) { 4344 wpa_dbg(drv->ctx, MSG_DEBUG, 4345 "nl80211: MLME command failed: reason=%u ret=%d (%s)", 4346 reason_code, ret, strerror(-ret)); 4347 goto nla_put_failure; 4348 } 4349 ret = 0; 4350 4351nla_put_failure: 4352 nlmsg_free(msg); 4353 return ret; 4354} 4355 4356 4357static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 4358 const u8 *addr, int reason_code) 4359{ 4360 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 4361 __func__, MAC2STR(addr), reason_code); 4362 drv->associated = 0; 4363 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT, 4364 reason_code, 0); 4365} 4366 4367 4368static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr, 4369 int reason_code) 4370{ 4371 struct i802_bss *bss = priv; 4372 struct wpa_driver_nl80211_data *drv = bss->drv; 4373 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 4374 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 4375 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 4376 __func__, MAC2STR(addr), reason_code); 4377 drv->associated = 0; 4378 if (drv->nlmode == NL80211_IFTYPE_ADHOC) 4379 return nl80211_leave_ibss(drv); 4380 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 4381 reason_code, 0); 4382} 4383 4384 4385static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr, 4386 int reason_code) 4387{ 4388 struct i802_bss *bss = priv; 4389 struct wpa_driver_nl80211_data *drv = bss->drv; 4390 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 4391 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 4392 wpa_printf(MSG_DEBUG, "%s", __func__); 4393 drv->associated = 0; 4394 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE, 4395 reason_code, 0); 4396} 4397 4398 4399static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv, 4400 struct wpa_driver_auth_params *params) 4401{ 4402 int i; 4403 4404 drv->auth_freq = params->freq; 4405 drv->auth_alg = params->auth_alg; 4406 drv->auth_wep_tx_keyidx = params->wep_tx_keyidx; 4407 drv->auth_local_state_change = params->local_state_change; 4408 drv->auth_p2p = params->p2p; 4409 4410 if (params->bssid) 4411 os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN); 4412 else 4413 os_memset(drv->auth_bssid_, 0, ETH_ALEN); 4414 4415 if (params->ssid) { 4416 os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len); 4417 drv->auth_ssid_len = params->ssid_len; 4418 } else 4419 drv->auth_ssid_len = 0; 4420 4421 4422 os_free(drv->auth_ie); 4423 drv->auth_ie = NULL; 4424 drv->auth_ie_len = 0; 4425 if (params->ie) { 4426 drv->auth_ie = os_malloc(params->ie_len); 4427 if (drv->auth_ie) { 4428 os_memcpy(drv->auth_ie, params->ie, params->ie_len); 4429 drv->auth_ie_len = params->ie_len; 4430 } 4431 } 4432 4433 for (i = 0; i < 4; i++) { 4434 if (params->wep_key[i] && params->wep_key_len[i] && 4435 params->wep_key_len[i] <= 16) { 4436 os_memcpy(drv->auth_wep_key[i], params->wep_key[i], 4437 params->wep_key_len[i]); 4438 drv->auth_wep_key_len[i] = params->wep_key_len[i]; 4439 } else 4440 drv->auth_wep_key_len[i] = 0; 4441 } 4442} 4443 4444 4445static int wpa_driver_nl80211_authenticate( 4446 void *priv, struct wpa_driver_auth_params *params) 4447{ 4448 struct i802_bss *bss = priv; 4449 struct wpa_driver_nl80211_data *drv = bss->drv; 4450 int ret = -1, i; 4451 struct nl_msg *msg; 4452 enum nl80211_auth_type type; 4453 enum nl80211_iftype nlmode; 4454 int count = 0; 4455 int is_retry; 4456 4457 is_retry = drv->retry_auth; 4458 drv->retry_auth = 0; 4459 4460 drv->associated = 0; 4461 os_memset(drv->auth_bssid, 0, ETH_ALEN); 4462 /* FIX: IBSS mode */ 4463 nlmode = params->p2p ? 4464 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 4465 if (drv->nlmode != nlmode && 4466 wpa_driver_nl80211_set_mode(priv, nlmode) < 0) 4467 return -1; 4468 4469retry: 4470 msg = nlmsg_alloc(); 4471 if (!msg) 4472 return -1; 4473 4474 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 4475 drv->ifindex); 4476 4477 nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE); 4478 4479 for (i = 0; i < 4; i++) { 4480 if (!params->wep_key[i]) 4481 continue; 4482 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP, 4483 NULL, i, 4484 i == params->wep_tx_keyidx, NULL, 0, 4485 params->wep_key[i], 4486 params->wep_key_len[i]); 4487 if (params->wep_tx_keyidx != i) 4488 continue; 4489 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 4490 params->wep_key[i], params->wep_key_len[i])) { 4491 nlmsg_free(msg); 4492 return -1; 4493 } 4494 } 4495 4496 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4497 if (params->bssid) { 4498 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 4499 MAC2STR(params->bssid)); 4500 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 4501 } 4502 if (params->freq) { 4503 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 4504 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 4505 } 4506 if (params->ssid) { 4507 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 4508 params->ssid, params->ssid_len); 4509 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 4510 params->ssid); 4511 } 4512 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 4513 if (params->ie) 4514 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 4515 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 4516 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 4517 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 4518 type = NL80211_AUTHTYPE_SHARED_KEY; 4519 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 4520 type = NL80211_AUTHTYPE_NETWORK_EAP; 4521 else if (params->auth_alg & WPA_AUTH_ALG_FT) 4522 type = NL80211_AUTHTYPE_FT; 4523 else 4524 goto nla_put_failure; 4525 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 4526 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 4527 if (params->local_state_change) { 4528 wpa_printf(MSG_DEBUG, " * Local state change only"); 4529 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 4530 } 4531 4532 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4533 msg = NULL; 4534 if (ret) { 4535 wpa_dbg(drv->ctx, MSG_DEBUG, 4536 "nl80211: MLME command failed (auth): ret=%d (%s)", 4537 ret, strerror(-ret)); 4538 count++; 4539 if (ret == -EALREADY && count == 1 && params->bssid && 4540 !params->local_state_change) { 4541 /* 4542 * mac80211 does not currently accept new 4543 * authentication if we are already authenticated. As a 4544 * workaround, force deauthentication and try again. 4545 */ 4546 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 4547 "after forced deauthentication"); 4548 wpa_driver_nl80211_deauthenticate( 4549 bss, params->bssid, 4550 WLAN_REASON_PREV_AUTH_NOT_VALID); 4551 nlmsg_free(msg); 4552 goto retry; 4553 } 4554 4555 if (ret == -ENOENT && params->freq && !is_retry) { 4556 /* 4557 * cfg80211 has likely expired the BSS entry even 4558 * though it was previously available in our internal 4559 * BSS table. To recover quickly, start a single 4560 * channel scan on the specified channel. 4561 */ 4562 struct wpa_driver_scan_params scan; 4563 int freqs[2]; 4564 4565 os_memset(&scan, 0, sizeof(scan)); 4566 scan.num_ssids = 1; 4567 if (params->ssid) { 4568 scan.ssids[0].ssid = params->ssid; 4569 scan.ssids[0].ssid_len = params->ssid_len; 4570 } 4571 freqs[0] = params->freq; 4572 freqs[1] = 0; 4573 scan.freqs = freqs; 4574 wpa_printf(MSG_DEBUG, "nl80211: Trigger single " 4575 "channel scan to refresh cfg80211 BSS " 4576 "entry"); 4577 ret = wpa_driver_nl80211_scan(bss, &scan); 4578 if (ret == 0) { 4579 nl80211_copy_auth_params(drv, params); 4580 drv->scan_for_auth = 1; 4581 } 4582 } else if (is_retry) { 4583 /* 4584 * Need to indicate this with an event since the return 4585 * value from the retry is not delivered to core code. 4586 */ 4587 union wpa_event_data event; 4588 wpa_printf(MSG_DEBUG, "nl80211: Authentication retry " 4589 "failed"); 4590 os_memset(&event, 0, sizeof(event)); 4591 os_memcpy(event.timeout_event.addr, drv->auth_bssid_, 4592 ETH_ALEN); 4593 wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT, 4594 &event); 4595 } 4596 4597 goto nla_put_failure; 4598 } 4599 ret = 0; 4600 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 4601 "successfully"); 4602 4603nla_put_failure: 4604 nlmsg_free(msg); 4605 return ret; 4606} 4607 4608 4609static int wpa_driver_nl80211_authenticate_retry( 4610 struct wpa_driver_nl80211_data *drv) 4611{ 4612 struct wpa_driver_auth_params params; 4613 struct i802_bss *bss = &drv->first_bss; 4614 int i; 4615 4616 wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again"); 4617 4618 os_memset(¶ms, 0, sizeof(params)); 4619 params.freq = drv->auth_freq; 4620 params.auth_alg = drv->auth_alg; 4621 params.wep_tx_keyidx = drv->auth_wep_tx_keyidx; 4622 params.local_state_change = drv->auth_local_state_change; 4623 params.p2p = drv->auth_p2p; 4624 4625 if (!is_zero_ether_addr(drv->auth_bssid_)) 4626 params.bssid = drv->auth_bssid_; 4627 4628 if (drv->auth_ssid_len) { 4629 params.ssid = drv->auth_ssid; 4630 params.ssid_len = drv->auth_ssid_len; 4631 } 4632 4633 params.ie = drv->auth_ie; 4634 params.ie_len = drv->auth_ie_len; 4635 4636 for (i = 0; i < 4; i++) { 4637 if (drv->auth_wep_key_len[i]) { 4638 params.wep_key[i] = drv->auth_wep_key[i]; 4639 params.wep_key_len[i] = drv->auth_wep_key_len[i]; 4640 } 4641 } 4642 4643 drv->retry_auth = 1; 4644 return wpa_driver_nl80211_authenticate(bss, ¶ms); 4645} 4646 4647 4648struct phy_info_arg { 4649 u16 *num_modes; 4650 struct hostapd_hw_modes *modes; 4651}; 4652 4653static int phy_info_handler(struct nl_msg *msg, void *arg) 4654{ 4655 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 4656 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 4657 struct phy_info_arg *phy_info = arg; 4658 4659 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 4660 4661 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 4662 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 4663 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 4664 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 4665 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG }, 4666 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG }, 4667 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 4668 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 4669 }; 4670 4671 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 4672 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 4673 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 4674 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG }, 4675 }; 4676 4677 struct nlattr *nl_band; 4678 struct nlattr *nl_freq; 4679 struct nlattr *nl_rate; 4680 int rem_band, rem_freq, rem_rate; 4681 struct hostapd_hw_modes *mode; 4682 int idx, mode_is_set; 4683 4684 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 4685 genlmsg_attrlen(gnlh, 0), NULL); 4686 4687 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 4688 return NL_SKIP; 4689 4690 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) { 4691 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode)); 4692 if (!mode) 4693 return NL_SKIP; 4694 phy_info->modes = mode; 4695 4696 mode_is_set = 0; 4697 4698 mode = &phy_info->modes[*(phy_info->num_modes)]; 4699 memset(mode, 0, sizeof(*mode)); 4700 mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN; 4701 *(phy_info->num_modes) += 1; 4702 4703 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 4704 nla_len(nl_band), NULL); 4705 4706 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) { 4707 mode->ht_capab = nla_get_u16( 4708 tb_band[NL80211_BAND_ATTR_HT_CAPA]); 4709 } 4710 4711 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) { 4712 mode->a_mpdu_params |= nla_get_u8( 4713 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) & 4714 0x03; 4715 } 4716 4717 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) { 4718 mode->a_mpdu_params |= nla_get_u8( 4719 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) << 4720 2; 4721 } 4722 4723 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] && 4724 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) { 4725 u8 *mcs; 4726 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 4727 os_memcpy(mode->mcs_set, mcs, 16); 4728 } 4729 4730 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 4731 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 4732 nla_len(nl_freq), freq_policy); 4733 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 4734 continue; 4735 mode->num_channels++; 4736 } 4737 4738 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data)); 4739 if (!mode->channels) 4740 return NL_SKIP; 4741 4742 idx = 0; 4743 4744 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 4745 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 4746 nla_len(nl_freq), freq_policy); 4747 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 4748 continue; 4749 4750 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 4751 mode->channels[idx].flag = 0; 4752 4753 if (!mode_is_set) { 4754 /* crude heuristic */ 4755 if (mode->channels[idx].freq < 4000) 4756 mode->mode = HOSTAPD_MODE_IEEE80211B; 4757 else 4758 mode->mode = HOSTAPD_MODE_IEEE80211A; 4759 mode_is_set = 1; 4760 } 4761 4762 /* crude heuristic */ 4763 if (mode->channels[idx].freq < 4000) 4764 if (mode->channels[idx].freq == 2484) 4765 mode->channels[idx].chan = 14; 4766 else 4767 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5; 4768 else 4769 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000; 4770 4771 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 4772 mode->channels[idx].flag |= 4773 HOSTAPD_CHAN_DISABLED; 4774 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN]) 4775 mode->channels[idx].flag |= 4776 HOSTAPD_CHAN_PASSIVE_SCAN; 4777 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS]) 4778 mode->channels[idx].flag |= 4779 HOSTAPD_CHAN_NO_IBSS; 4780 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 4781 mode->channels[idx].flag |= 4782 HOSTAPD_CHAN_RADAR; 4783 4784 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] && 4785 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 4786 mode->channels[idx].max_tx_power = 4787 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100; 4788 4789 idx++; 4790 } 4791 4792 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 4793 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 4794 nla_len(nl_rate), rate_policy); 4795 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 4796 continue; 4797 mode->num_rates++; 4798 } 4799 4800 mode->rates = os_zalloc(mode->num_rates * sizeof(int)); 4801 if (!mode->rates) 4802 return NL_SKIP; 4803 4804 idx = 0; 4805 4806 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 4807 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 4808 nla_len(nl_rate), rate_policy); 4809 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 4810 continue; 4811 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]); 4812 4813 /* crude heuristic */ 4814 if (mode->mode == HOSTAPD_MODE_IEEE80211B && 4815 mode->rates[idx] > 200) 4816 mode->mode = HOSTAPD_MODE_IEEE80211G; 4817 4818 idx++; 4819 } 4820 } 4821 4822 return NL_SKIP; 4823} 4824 4825static struct hostapd_hw_modes * 4826wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes) 4827{ 4828 u16 m; 4829 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 4830 int i, mode11g_idx = -1; 4831 4832 /* If only 802.11g mode is included, use it to construct matching 4833 * 802.11b mode data. */ 4834 4835 for (m = 0; m < *num_modes; m++) { 4836 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 4837 return modes; /* 802.11b already included */ 4838 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 4839 mode11g_idx = m; 4840 } 4841 4842 if (mode11g_idx < 0) 4843 return modes; /* 2.4 GHz band not supported at all */ 4844 4845 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes)); 4846 if (nmodes == NULL) 4847 return modes; /* Could not add 802.11b mode */ 4848 4849 mode = &nmodes[*num_modes]; 4850 os_memset(mode, 0, sizeof(*mode)); 4851 (*num_modes)++; 4852 modes = nmodes; 4853 4854 mode->mode = HOSTAPD_MODE_IEEE80211B; 4855 4856 mode11g = &modes[mode11g_idx]; 4857 mode->num_channels = mode11g->num_channels; 4858 mode->channels = os_malloc(mode11g->num_channels * 4859 sizeof(struct hostapd_channel_data)); 4860 if (mode->channels == NULL) { 4861 (*num_modes)--; 4862 return modes; /* Could not add 802.11b mode */ 4863 } 4864 os_memcpy(mode->channels, mode11g->channels, 4865 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 4866 4867 mode->num_rates = 0; 4868 mode->rates = os_malloc(4 * sizeof(int)); 4869 if (mode->rates == NULL) { 4870 os_free(mode->channels); 4871 (*num_modes)--; 4872 return modes; /* Could not add 802.11b mode */ 4873 } 4874 4875 for (i = 0; i < mode11g->num_rates; i++) { 4876 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 4877 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 4878 continue; 4879 mode->rates[mode->num_rates] = mode11g->rates[i]; 4880 mode->num_rates++; 4881 if (mode->num_rates == 4) 4882 break; 4883 } 4884 4885 if (mode->num_rates == 0) { 4886 os_free(mode->channels); 4887 os_free(mode->rates); 4888 (*num_modes)--; 4889 return modes; /* No 802.11b rates */ 4890 } 4891 4892 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 4893 "information"); 4894 4895 return modes; 4896} 4897 4898 4899static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start, 4900 int end) 4901{ 4902 int c; 4903 4904 for (c = 0; c < mode->num_channels; c++) { 4905 struct hostapd_channel_data *chan = &mode->channels[c]; 4906 if (chan->freq - 10 >= start && chan->freq + 10 <= end) 4907 chan->flag |= HOSTAPD_CHAN_HT40; 4908 } 4909} 4910 4911 4912static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start, 4913 int end) 4914{ 4915 int c; 4916 4917 for (c = 0; c < mode->num_channels; c++) { 4918 struct hostapd_channel_data *chan = &mode->channels[c]; 4919 if (!(chan->flag & HOSTAPD_CHAN_HT40)) 4920 continue; 4921 if (chan->freq - 30 >= start && chan->freq - 10 <= end) 4922 chan->flag |= HOSTAPD_CHAN_HT40MINUS; 4923 if (chan->freq + 10 >= start && chan->freq + 30 <= end) 4924 chan->flag |= HOSTAPD_CHAN_HT40PLUS; 4925 } 4926} 4927 4928 4929static void nl80211_reg_rule_ht40(struct nlattr *tb[], 4930 struct phy_info_arg *results) 4931{ 4932 u32 start, end, max_bw; 4933 u16 m; 4934 4935 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 4936 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 4937 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 4938 return; 4939 4940 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 4941 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 4942 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 4943 4944 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz", 4945 start, end, max_bw); 4946 if (max_bw < 40) 4947 return; 4948 4949 for (m = 0; m < *results->num_modes; m++) { 4950 if (!(results->modes[m].ht_capab & 4951 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 4952 continue; 4953 nl80211_set_ht40_mode(&results->modes[m], start, end); 4954 } 4955} 4956 4957 4958static void nl80211_reg_rule_sec(struct nlattr *tb[], 4959 struct phy_info_arg *results) 4960{ 4961 u32 start, end, max_bw; 4962 u16 m; 4963 4964 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 4965 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 4966 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 4967 return; 4968 4969 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 4970 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 4971 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 4972 4973 if (max_bw < 20) 4974 return; 4975 4976 for (m = 0; m < *results->num_modes; m++) { 4977 if (!(results->modes[m].ht_capab & 4978 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 4979 continue; 4980 nl80211_set_ht40_mode_sec(&results->modes[m], start, end); 4981 } 4982} 4983 4984 4985static int nl80211_get_reg(struct nl_msg *msg, void *arg) 4986{ 4987 struct phy_info_arg *results = arg; 4988 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 4989 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 4990 struct nlattr *nl_rule; 4991 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1]; 4992 int rem_rule; 4993 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 4994 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 4995 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 4996 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 4997 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 4998 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 4999 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 5000 }; 5001 5002 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5003 genlmsg_attrlen(gnlh, 0), NULL); 5004 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] || 5005 !tb_msg[NL80211_ATTR_REG_RULES]) { 5006 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information " 5007 "available"); 5008 return NL_SKIP; 5009 } 5010 5011 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s", 5012 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2])); 5013 5014 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 5015 { 5016 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 5017 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 5018 nl80211_reg_rule_ht40(tb_rule, results); 5019 } 5020 5021 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 5022 { 5023 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 5024 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 5025 nl80211_reg_rule_sec(tb_rule, results); 5026 } 5027 5028 return NL_SKIP; 5029} 5030 5031 5032static int nl80211_set_ht40_flags(struct wpa_driver_nl80211_data *drv, 5033 struct phy_info_arg *results) 5034{ 5035 struct nl_msg *msg; 5036 5037 msg = nlmsg_alloc(); 5038 if (!msg) 5039 return -ENOMEM; 5040 5041 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 5042 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results); 5043} 5044 5045 5046static struct hostapd_hw_modes * 5047wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 5048{ 5049 struct i802_bss *bss = priv; 5050 struct wpa_driver_nl80211_data *drv = bss->drv; 5051 struct nl_msg *msg; 5052 struct phy_info_arg result = { 5053 .num_modes = num_modes, 5054 .modes = NULL, 5055 }; 5056 5057 *num_modes = 0; 5058 *flags = 0; 5059 5060 msg = nlmsg_alloc(); 5061 if (!msg) 5062 return NULL; 5063 5064 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 5065 5066 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5067 5068 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) { 5069 nl80211_set_ht40_flags(drv, &result); 5070 return wpa_driver_nl80211_add_11b(result.modes, num_modes); 5071 } 5072 msg = NULL; 5073 nla_put_failure: 5074 nlmsg_free(msg); 5075 return NULL; 5076} 5077 5078 5079static int wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data *drv, 5080 const void *data, size_t len, 5081 int encrypt, int noack) 5082{ 5083 __u8 rtap_hdr[] = { 5084 0x00, 0x00, /* radiotap version */ 5085 0x0e, 0x00, /* radiotap length */ 5086 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 5087 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 5088 0x00, /* padding */ 5089 0x00, 0x00, /* RX and TX flags to indicate that */ 5090 0x00, 0x00, /* this is the injected frame directly */ 5091 }; 5092 struct iovec iov[2] = { 5093 { 5094 .iov_base = &rtap_hdr, 5095 .iov_len = sizeof(rtap_hdr), 5096 }, 5097 { 5098 .iov_base = (void *) data, 5099 .iov_len = len, 5100 } 5101 }; 5102 struct msghdr msg = { 5103 .msg_name = NULL, 5104 .msg_namelen = 0, 5105 .msg_iov = iov, 5106 .msg_iovlen = 2, 5107 .msg_control = NULL, 5108 .msg_controllen = 0, 5109 .msg_flags = 0, 5110 }; 5111 int res; 5112 u16 txflags = 0; 5113 5114 if (encrypt) 5115 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 5116 5117 if (drv->monitor_sock < 0) { 5118 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available " 5119 "for %s", __func__); 5120 return -1; 5121 } 5122 5123 if (noack) 5124 txflags |= IEEE80211_RADIOTAP_F_TX_NOACK; 5125 *(le16 *) &rtap_hdr[12] = host_to_le16(txflags); 5126 5127 res = sendmsg(drv->monitor_sock, &msg, 0); 5128 if (res < 0) { 5129 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno)); 5130 return -1; 5131 } 5132 return 0; 5133} 5134 5135 5136static int wpa_driver_nl80211_send_frame(struct i802_bss *bss, 5137 const void *data, size_t len, 5138 int encrypt, int noack, 5139 unsigned int freq, int no_cck, 5140 int offchanok, unsigned int wait_time) 5141{ 5142 struct wpa_driver_nl80211_data *drv = bss->drv; 5143 u64 cookie; 5144 5145 if (freq == 0) 5146 freq = bss->freq; 5147 5148 if (drv->use_monitor) 5149 return wpa_driver_nl80211_send_mntr(drv, data, len, 5150 encrypt, noack); 5151 5152 return nl80211_send_frame_cmd(bss, freq, wait_time, data, len, 5153 &cookie, no_cck, noack, offchanok); 5154} 5155 5156 5157static int wpa_driver_nl80211_send_mlme_freq(struct i802_bss *bss, 5158 const u8 *data, 5159 size_t data_len, int noack, 5160 unsigned int freq, int no_cck, 5161 int offchanok, 5162 unsigned int wait_time) 5163{ 5164 struct wpa_driver_nl80211_data *drv = bss->drv; 5165 struct ieee80211_mgmt *mgmt; 5166 int encrypt = 1; 5167 u16 fc; 5168 5169 mgmt = (struct ieee80211_mgmt *) data; 5170 fc = le_to_host16(mgmt->frame_control); 5171 5172 if (is_sta_interface(drv->nlmode) && 5173 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 5174 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) { 5175 /* 5176 * The use of last_mgmt_freq is a bit of a hack, 5177 * but it works due to the single-threaded nature 5178 * of wpa_supplicant. 5179 */ 5180 if (freq == 0) 5181 freq = drv->last_mgmt_freq; 5182 return nl80211_send_frame_cmd(bss, freq, 0, 5183 data, data_len, NULL, 1, noack, 5184 1); 5185 } 5186 5187 if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) { 5188 if (freq == 0) 5189 freq = bss->freq; 5190 return nl80211_send_frame_cmd(bss, freq, 0, 5191 data, data_len, 5192 &drv->send_action_cookie, 5193 no_cck, noack, offchanok); 5194 } 5195 5196 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 5197 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 5198 /* 5199 * Only one of the authentication frame types is encrypted. 5200 * In order for static WEP encryption to work properly (i.e., 5201 * to not encrypt the frame), we need to tell mac80211 about 5202 * the frames that must not be encrypted. 5203 */ 5204 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 5205 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 5206 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 5207 encrypt = 0; 5208 } 5209 5210 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 5211 noack, freq, no_cck, offchanok, 5212 wait_time); 5213} 5214 5215 5216static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data, 5217 size_t data_len, int noack) 5218{ 5219 struct i802_bss *bss = priv; 5220 return wpa_driver_nl80211_send_mlme_freq(bss, data, data_len, noack, 5221 0, 0, 0, 0); 5222} 5223 5224 5225static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble, 5226 int slot, int ht_opmode, int ap_isolate, 5227 int *basic_rates) 5228{ 5229 struct wpa_driver_nl80211_data *drv = bss->drv; 5230 struct nl_msg *msg; 5231 5232 msg = nlmsg_alloc(); 5233 if (!msg) 5234 return -ENOMEM; 5235 5236 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS); 5237 5238 if (cts >= 0) 5239 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 5240 if (preamble >= 0) 5241 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 5242 if (slot >= 0) 5243 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 5244 if (ht_opmode >= 0) 5245 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode); 5246 if (ap_isolate >= 0) 5247 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate); 5248 5249 if (basic_rates) { 5250 u8 rates[NL80211_MAX_SUPP_RATES]; 5251 u8 rates_len = 0; 5252 int i; 5253 5254 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; 5255 i++) 5256 rates[rates_len++] = basic_rates[i] / 5; 5257 5258 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 5259 } 5260 5261 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5262 5263 return send_and_recv_msgs(drv, msg, NULL, NULL); 5264 nla_put_failure: 5265 nlmsg_free(msg); 5266 return -ENOBUFS; 5267} 5268 5269 5270static int wpa_driver_nl80211_set_ap(void *priv, 5271 struct wpa_driver_ap_params *params) 5272{ 5273 struct i802_bss *bss = priv; 5274 struct wpa_driver_nl80211_data *drv = bss->drv; 5275 struct nl_msg *msg; 5276 u8 cmd = NL80211_CMD_NEW_BEACON; 5277 int ret; 5278 int beacon_set; 5279 int ifindex = if_nametoindex(bss->ifname); 5280 int num_suites; 5281 u32 suites[10]; 5282 u32 ver; 5283 5284 beacon_set = bss->beacon_set; 5285 5286 msg = nlmsg_alloc(); 5287 if (!msg) 5288 return -ENOMEM; 5289 5290 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 5291 beacon_set); 5292 if (beacon_set) 5293 cmd = NL80211_CMD_SET_BEACON; 5294 5295 nl80211_cmd(drv, msg, 0, cmd); 5296 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head); 5297 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail); 5298 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5299 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int); 5300 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period); 5301 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 5302 params->ssid); 5303 if (params->proberesp && params->proberesp_len) 5304 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len, 5305 params->proberesp); 5306 switch (params->hide_ssid) { 5307 case NO_SSID_HIDING: 5308 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 5309 NL80211_HIDDEN_SSID_NOT_IN_USE); 5310 break; 5311 case HIDDEN_SSID_ZERO_LEN: 5312 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 5313 NL80211_HIDDEN_SSID_ZERO_LEN); 5314 break; 5315 case HIDDEN_SSID_ZERO_CONTENTS: 5316 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 5317 NL80211_HIDDEN_SSID_ZERO_CONTENTS); 5318 break; 5319 } 5320 if (params->privacy) 5321 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 5322 if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) == 5323 (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) { 5324 /* Leave out the attribute */ 5325 } else if (params->auth_algs & WPA_AUTH_ALG_SHARED) 5326 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 5327 NL80211_AUTHTYPE_SHARED_KEY); 5328 else 5329 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 5330 NL80211_AUTHTYPE_OPEN_SYSTEM); 5331 5332 ver = 0; 5333 if (params->wpa_version & WPA_PROTO_WPA) 5334 ver |= NL80211_WPA_VERSION_1; 5335 if (params->wpa_version & WPA_PROTO_RSN) 5336 ver |= NL80211_WPA_VERSION_2; 5337 if (ver) 5338 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 5339 5340 num_suites = 0; 5341 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X) 5342 suites[num_suites++] = WLAN_AKM_SUITE_8021X; 5343 if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK) 5344 suites[num_suites++] = WLAN_AKM_SUITE_PSK; 5345 if (num_suites) { 5346 NLA_PUT(msg, NL80211_ATTR_AKM_SUITES, 5347 num_suites * sizeof(u32), suites); 5348 } 5349 5350 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X && 5351 params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)) 5352 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT); 5353 5354 num_suites = 0; 5355 if (params->pairwise_ciphers & WPA_CIPHER_CCMP) 5356 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP; 5357 if (params->pairwise_ciphers & WPA_CIPHER_TKIP) 5358 suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP; 5359 if (params->pairwise_ciphers & WPA_CIPHER_WEP104) 5360 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104; 5361 if (params->pairwise_ciphers & WPA_CIPHER_WEP40) 5362 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40; 5363 if (num_suites) { 5364 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, 5365 num_suites * sizeof(u32), suites); 5366 } 5367 5368 switch (params->group_cipher) { 5369 case WPA_CIPHER_CCMP: 5370 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, 5371 WLAN_CIPHER_SUITE_CCMP); 5372 break; 5373 case WPA_CIPHER_TKIP: 5374 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, 5375 WLAN_CIPHER_SUITE_TKIP); 5376 break; 5377 case WPA_CIPHER_WEP104: 5378 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, 5379 WLAN_CIPHER_SUITE_WEP104); 5380 break; 5381 case WPA_CIPHER_WEP40: 5382 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, 5383 WLAN_CIPHER_SUITE_WEP40); 5384 break; 5385 } 5386 5387 if (params->beacon_ies) { 5388 NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies), 5389 wpabuf_head(params->beacon_ies)); 5390 } 5391 if (params->proberesp_ies) { 5392 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 5393 wpabuf_len(params->proberesp_ies), 5394 wpabuf_head(params->proberesp_ies)); 5395 } 5396 if (params->assocresp_ies) { 5397 NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP, 5398 wpabuf_len(params->assocresp_ies), 5399 wpabuf_head(params->assocresp_ies)); 5400 } 5401 5402 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5403 if (ret) { 5404 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 5405 ret, strerror(-ret)); 5406 } else { 5407 bss->beacon_set = 1; 5408 nl80211_set_bss(bss, params->cts_protect, params->preamble, 5409 params->short_slot_time, params->ht_opmode, 5410 params->isolate, params->basic_rates); 5411 } 5412 5413 return ret; 5414 nla_put_failure: 5415 nlmsg_free(msg); 5416 return -ENOBUFS; 5417} 5418 5419 5420static int wpa_driver_nl80211_set_freq(struct i802_bss *bss, 5421 int freq, int ht_enabled, 5422 int sec_channel_offset) 5423{ 5424 struct wpa_driver_nl80211_data *drv = bss->drv; 5425 struct nl_msg *msg; 5426 int ret; 5427 5428 wpa_printf(MSG_DEBUG, "nl80211: Set freq %d (ht_enabled=%d " 5429 "sec_channel_offset=%d)", 5430 freq, ht_enabled, sec_channel_offset); 5431 msg = nlmsg_alloc(); 5432 if (!msg) 5433 return -1; 5434 5435 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 5436 5437 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5438 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 5439 if (ht_enabled) { 5440 switch (sec_channel_offset) { 5441 case -1: 5442 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 5443 NL80211_CHAN_HT40MINUS); 5444 break; 5445 case 1: 5446 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 5447 NL80211_CHAN_HT40PLUS); 5448 break; 5449 default: 5450 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 5451 NL80211_CHAN_HT20); 5452 break; 5453 } 5454 } 5455 5456 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5457 msg = NULL; 5458 if (ret == 0) { 5459 bss->freq = freq; 5460 return 0; 5461 } 5462 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 5463 "%d (%s)", freq, ret, strerror(-ret)); 5464nla_put_failure: 5465 nlmsg_free(msg); 5466 return -1; 5467} 5468 5469 5470static u32 sta_flags_nl80211(int flags) 5471{ 5472 u32 f = 0; 5473 5474 if (flags & WPA_STA_AUTHORIZED) 5475 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 5476 if (flags & WPA_STA_WMM) 5477 f |= BIT(NL80211_STA_FLAG_WME); 5478 if (flags & WPA_STA_SHORT_PREAMBLE) 5479 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 5480 if (flags & WPA_STA_MFP) 5481 f |= BIT(NL80211_STA_FLAG_MFP); 5482 if (flags & WPA_STA_TDLS_PEER) 5483 f |= BIT(NL80211_STA_FLAG_TDLS_PEER); 5484 5485 return f; 5486} 5487 5488 5489static int wpa_driver_nl80211_sta_add(void *priv, 5490 struct hostapd_sta_add_params *params) 5491{ 5492 struct i802_bss *bss = priv; 5493 struct wpa_driver_nl80211_data *drv = bss->drv; 5494 struct nl_msg *msg, *wme = NULL; 5495 struct nl80211_sta_flag_update upd; 5496 int ret = -ENOBUFS; 5497 5498 if ((params->flags & WPA_STA_TDLS_PEER) && 5499 !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 5500 return -EOPNOTSUPP; 5501 5502 msg = nlmsg_alloc(); 5503 if (!msg) 5504 return -ENOMEM; 5505 5506 nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION : 5507 NL80211_CMD_NEW_STATION); 5508 5509 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5510 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 5511 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 5512 params->supp_rates); 5513 if (!params->set) { 5514 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 5515 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 5516 params->listen_interval); 5517 } 5518 if (params->ht_capabilities) { 5519 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 5520 sizeof(*params->ht_capabilities), 5521 params->ht_capabilities); 5522 } 5523 5524 os_memset(&upd, 0, sizeof(upd)); 5525 upd.mask = sta_flags_nl80211(params->flags); 5526 upd.set = upd.mask; 5527 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 5528 5529 if (params->flags & WPA_STA_WMM) { 5530 wme = nlmsg_alloc(); 5531 if (!wme) 5532 goto nla_put_failure; 5533 5534 NLA_PUT_U8(wme, NL80211_STA_WME_UAPSD_QUEUES, 5535 params->qosinfo & WMM_QOSINFO_STA_AC_MASK); 5536 NLA_PUT_U8(wme, NL80211_STA_WME_MAX_SP, 5537 (params->qosinfo > WMM_QOSINFO_STA_SP_SHIFT) & 5538 WMM_QOSINFO_STA_SP_MASK); 5539 nla_put_nested(msg, NL80211_ATTR_STA_WME, wme); 5540 } 5541 5542 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5543 msg = NULL; 5544 if (ret) 5545 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION " 5546 "result: %d (%s)", params->set ? "SET" : "NEW", ret, 5547 strerror(-ret)); 5548 if (ret == -EEXIST) 5549 ret = 0; 5550 nla_put_failure: 5551 nlmsg_free(wme); 5552 nlmsg_free(msg); 5553 return ret; 5554} 5555 5556 5557static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr) 5558{ 5559 struct i802_bss *bss = priv; 5560 struct wpa_driver_nl80211_data *drv = bss->drv; 5561 struct nl_msg *msg; 5562 int ret; 5563 5564 msg = nlmsg_alloc(); 5565 if (!msg) 5566 return -ENOMEM; 5567 5568 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 5569 5570 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 5571 if_nametoindex(bss->ifname)); 5572 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5573 5574 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5575 if (ret == -ENOENT) 5576 return 0; 5577 return ret; 5578 nla_put_failure: 5579 nlmsg_free(msg); 5580 return -ENOBUFS; 5581} 5582 5583 5584static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 5585 int ifidx) 5586{ 5587 struct nl_msg *msg; 5588 5589 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 5590 5591 /* stop listening for EAPOL on this interface */ 5592 del_ifidx(drv, ifidx); 5593 5594 msg = nlmsg_alloc(); 5595 if (!msg) 5596 goto nla_put_failure; 5597 5598 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 5599 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 5600 5601 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 5602 return; 5603 msg = NULL; 5604 nla_put_failure: 5605 nlmsg_free(msg); 5606 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 5607} 5608 5609 5610static const char * nl80211_iftype_str(enum nl80211_iftype mode) 5611{ 5612 switch (mode) { 5613 case NL80211_IFTYPE_ADHOC: 5614 return "ADHOC"; 5615 case NL80211_IFTYPE_STATION: 5616 return "STATION"; 5617 case NL80211_IFTYPE_AP: 5618 return "AP"; 5619 case NL80211_IFTYPE_MONITOR: 5620 return "MONITOR"; 5621 case NL80211_IFTYPE_P2P_CLIENT: 5622 return "P2P_CLIENT"; 5623 case NL80211_IFTYPE_P2P_GO: 5624 return "P2P_GO"; 5625 default: 5626 return "unknown"; 5627 } 5628} 5629 5630 5631static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 5632 const char *ifname, 5633 enum nl80211_iftype iftype, 5634 const u8 *addr, int wds) 5635{ 5636 struct nl_msg *msg, *flags = NULL; 5637 int ifidx; 5638 int ret = -ENOBUFS; 5639 5640 wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)", 5641 iftype, nl80211_iftype_str(iftype)); 5642 5643 msg = nlmsg_alloc(); 5644 if (!msg) 5645 return -1; 5646 5647 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE); 5648 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5649 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 5650 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 5651 5652 if (iftype == NL80211_IFTYPE_MONITOR) { 5653 int err; 5654 5655 flags = nlmsg_alloc(); 5656 if (!flags) 5657 goto nla_put_failure; 5658 5659 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES); 5660 5661 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags); 5662 5663 nlmsg_free(flags); 5664 5665 if (err) 5666 goto nla_put_failure; 5667 } else if (wds) { 5668 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 5669 } 5670 5671 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5672 msg = NULL; 5673 if (ret) { 5674 nla_put_failure: 5675 nlmsg_free(msg); 5676 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 5677 ifname, ret, strerror(-ret)); 5678 return ret; 5679 } 5680 5681 ifidx = if_nametoindex(ifname); 5682 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 5683 ifname, ifidx); 5684 5685 if (ifidx <= 0) 5686 return -1; 5687 5688 /* start listening for EAPOL on this interface */ 5689 add_ifidx(drv, ifidx); 5690 5691 if (addr && iftype != NL80211_IFTYPE_MONITOR && 5692 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) { 5693 nl80211_remove_iface(drv, ifidx); 5694 return -1; 5695 } 5696 5697 return ifidx; 5698} 5699 5700 5701static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 5702 const char *ifname, enum nl80211_iftype iftype, 5703 const u8 *addr, int wds) 5704{ 5705 int ret; 5706 5707 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds); 5708 5709 /* if error occurred and interface exists already */ 5710 if (ret == -ENFILE && if_nametoindex(ifname)) { 5711 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 5712 5713 /* Try to remove the interface that was already there. */ 5714 nl80211_remove_iface(drv, if_nametoindex(ifname)); 5715 5716 /* Try to create the interface again */ 5717 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 5718 wds); 5719 } 5720 5721 if (ret >= 0 && is_p2p_interface(iftype)) 5722 nl80211_disable_11b_rates(drv, ret, 1); 5723 5724 return ret; 5725} 5726 5727 5728static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 5729{ 5730 struct ieee80211_hdr *hdr; 5731 u16 fc; 5732 union wpa_event_data event; 5733 5734 hdr = (struct ieee80211_hdr *) buf; 5735 fc = le_to_host16(hdr->frame_control); 5736 5737 os_memset(&event, 0, sizeof(event)); 5738 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 5739 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 5740 event.tx_status.dst = hdr->addr1; 5741 event.tx_status.data = buf; 5742 event.tx_status.data_len = len; 5743 event.tx_status.ack = ok; 5744 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 5745} 5746 5747 5748static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 5749 u8 *buf, size_t len) 5750{ 5751 struct ieee80211_hdr *hdr = (void *)buf; 5752 u16 fc; 5753 union wpa_event_data event; 5754 5755 if (len < sizeof(*hdr)) 5756 return; 5757 5758 fc = le_to_host16(hdr->frame_control); 5759 5760 os_memset(&event, 0, sizeof(event)); 5761 event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len); 5762 event.rx_from_unknown.addr = hdr->addr2; 5763 event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) == 5764 (WLAN_FC_FROMDS | WLAN_FC_TODS); 5765 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 5766} 5767 5768 5769static void handle_frame(struct wpa_driver_nl80211_data *drv, 5770 u8 *buf, size_t len, int datarate, int ssi_signal) 5771{ 5772 struct ieee80211_hdr *hdr; 5773 u16 fc; 5774 union wpa_event_data event; 5775 5776 hdr = (struct ieee80211_hdr *) buf; 5777 fc = le_to_host16(hdr->frame_control); 5778 5779 switch (WLAN_FC_GET_TYPE(fc)) { 5780 case WLAN_FC_TYPE_MGMT: 5781 os_memset(&event, 0, sizeof(event)); 5782 event.rx_mgmt.frame = buf; 5783 event.rx_mgmt.frame_len = len; 5784 event.rx_mgmt.datarate = datarate; 5785 event.rx_mgmt.ssi_signal = ssi_signal; 5786 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 5787 break; 5788 case WLAN_FC_TYPE_CTRL: 5789 /* can only get here with PS-Poll frames */ 5790 wpa_printf(MSG_DEBUG, "CTRL"); 5791 from_unknown_sta(drv, buf, len); 5792 break; 5793 case WLAN_FC_TYPE_DATA: 5794 from_unknown_sta(drv, buf, len); 5795 break; 5796 } 5797} 5798 5799 5800static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 5801{ 5802 struct wpa_driver_nl80211_data *drv = eloop_ctx; 5803 int len; 5804 unsigned char buf[3000]; 5805 struct ieee80211_radiotap_iterator iter; 5806 int ret; 5807 int datarate = 0, ssi_signal = 0; 5808 int injected = 0, failed = 0, rxflags = 0; 5809 5810 len = recv(sock, buf, sizeof(buf), 0); 5811 if (len < 0) { 5812 perror("recv"); 5813 return; 5814 } 5815 5816 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) { 5817 printf("received invalid radiotap frame\n"); 5818 return; 5819 } 5820 5821 while (1) { 5822 ret = ieee80211_radiotap_iterator_next(&iter); 5823 if (ret == -ENOENT) 5824 break; 5825 if (ret) { 5826 printf("received invalid radiotap frame (%d)\n", ret); 5827 return; 5828 } 5829 switch (iter.this_arg_index) { 5830 case IEEE80211_RADIOTAP_FLAGS: 5831 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 5832 len -= 4; 5833 break; 5834 case IEEE80211_RADIOTAP_RX_FLAGS: 5835 rxflags = 1; 5836 break; 5837 case IEEE80211_RADIOTAP_TX_FLAGS: 5838 injected = 1; 5839 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 5840 IEEE80211_RADIOTAP_F_TX_FAIL; 5841 break; 5842 case IEEE80211_RADIOTAP_DATA_RETRIES: 5843 break; 5844 case IEEE80211_RADIOTAP_CHANNEL: 5845 /* TODO: convert from freq/flags to channel number */ 5846 break; 5847 case IEEE80211_RADIOTAP_RATE: 5848 datarate = *iter.this_arg * 5; 5849 break; 5850 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 5851 ssi_signal = *iter.this_arg; 5852 break; 5853 } 5854 } 5855 5856 if (rxflags && injected) 5857 return; 5858 5859 if (!injected) 5860 handle_frame(drv, buf + iter.max_length, 5861 len - iter.max_length, datarate, ssi_signal); 5862 else 5863 handle_tx_callback(drv->ctx, buf + iter.max_length, 5864 len - iter.max_length, !failed); 5865} 5866 5867 5868/* 5869 * we post-process the filter code later and rewrite 5870 * this to the offset to the last instruction 5871 */ 5872#define PASS 0xFF 5873#define FAIL 0xFE 5874 5875static struct sock_filter msock_filter_insns[] = { 5876 /* 5877 * do a little-endian load of the radiotap length field 5878 */ 5879 /* load lower byte into A */ 5880 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 5881 /* put it into X (== index register) */ 5882 BPF_STMT(BPF_MISC| BPF_TAX, 0), 5883 /* load upper byte into A */ 5884 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 5885 /* left-shift it by 8 */ 5886 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 5887 /* or with X */ 5888 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 5889 /* put result into X */ 5890 BPF_STMT(BPF_MISC| BPF_TAX, 0), 5891 5892 /* 5893 * Allow management frames through, this also gives us those 5894 * management frames that we sent ourselves with status 5895 */ 5896 /* load the lower byte of the IEEE 802.11 frame control field */ 5897 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 5898 /* mask off frame type and version */ 5899 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 5900 /* accept frame if it's both 0, fall through otherwise */ 5901 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 5902 5903 /* 5904 * TODO: add a bit to radiotap RX flags that indicates 5905 * that the sending station is not associated, then 5906 * add a filter here that filters on our DA and that flag 5907 * to allow us to deauth frames to that bad station. 5908 * 5909 * For now allow all To DS data frames through. 5910 */ 5911 /* load the IEEE 802.11 frame control field */ 5912 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0), 5913 /* mask off frame type, version and DS status */ 5914 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03), 5915 /* accept frame if version 0, type 2 and To DS, fall through otherwise 5916 */ 5917 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0), 5918 5919#if 0 5920 /* 5921 * drop non-data frames 5922 */ 5923 /* load the lower byte of the frame control field */ 5924 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 5925 /* mask off QoS bit */ 5926 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 5927 /* drop non-data frames */ 5928 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 5929#endif 5930 /* load the upper byte of the frame control field */ 5931 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 5932 /* mask off toDS/fromDS */ 5933 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 5934 /* accept WDS frames */ 5935 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 5936 5937 /* 5938 * add header length to index 5939 */ 5940 /* load the lower byte of the frame control field */ 5941 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 5942 /* mask off QoS bit */ 5943 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 5944 /* right shift it by 6 to give 0 or 2 */ 5945 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 5946 /* add data frame header length */ 5947 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 5948 /* add index, was start of 802.11 header */ 5949 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 5950 /* move to index, now start of LL header */ 5951 BPF_STMT(BPF_MISC | BPF_TAX, 0), 5952 5953 /* 5954 * Accept empty data frames, we use those for 5955 * polling activity. 5956 */ 5957 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 5958 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 5959 5960 /* 5961 * Accept EAPOL frames 5962 */ 5963 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 5964 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 5965 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 5966 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 5967 5968 /* keep these last two statements or change the code below */ 5969 /* return 0 == "DROP" */ 5970 BPF_STMT(BPF_RET | BPF_K, 0), 5971 /* return ~0 == "keep all" */ 5972 BPF_STMT(BPF_RET | BPF_K, ~0), 5973}; 5974 5975static struct sock_fprog msock_filter = { 5976 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]), 5977 .filter = msock_filter_insns, 5978}; 5979 5980 5981static int add_monitor_filter(int s) 5982{ 5983 int idx; 5984 5985 /* rewrite all PASS/FAIL jump offsets */ 5986 for (idx = 0; idx < msock_filter.len; idx++) { 5987 struct sock_filter *insn = &msock_filter_insns[idx]; 5988 5989 if (BPF_CLASS(insn->code) == BPF_JMP) { 5990 if (insn->code == (BPF_JMP|BPF_JA)) { 5991 if (insn->k == PASS) 5992 insn->k = msock_filter.len - idx - 2; 5993 else if (insn->k == FAIL) 5994 insn->k = msock_filter.len - idx - 3; 5995 } 5996 5997 if (insn->jt == PASS) 5998 insn->jt = msock_filter.len - idx - 2; 5999 else if (insn->jt == FAIL) 6000 insn->jt = msock_filter.len - idx - 3; 6001 6002 if (insn->jf == PASS) 6003 insn->jf = msock_filter.len - idx - 2; 6004 else if (insn->jf == FAIL) 6005 insn->jf = msock_filter.len - idx - 3; 6006 } 6007 } 6008 6009 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 6010 &msock_filter, sizeof(msock_filter))) { 6011 perror("SO_ATTACH_FILTER"); 6012 return -1; 6013 } 6014 6015 return 0; 6016} 6017 6018 6019static void nl80211_remove_monitor_interface( 6020 struct wpa_driver_nl80211_data *drv) 6021{ 6022 drv->monitor_refcount--; 6023 if (drv->monitor_refcount > 0) 6024 return; 6025 6026 if (drv->monitor_ifidx >= 0) { 6027 nl80211_remove_iface(drv, drv->monitor_ifidx); 6028 drv->monitor_ifidx = -1; 6029 } 6030 if (drv->monitor_sock >= 0) { 6031 eloop_unregister_read_sock(drv->monitor_sock); 6032 close(drv->monitor_sock); 6033 drv->monitor_sock = -1; 6034 } 6035} 6036 6037 6038static int 6039nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 6040{ 6041 char buf[IFNAMSIZ]; 6042 struct sockaddr_ll ll; 6043 int optval; 6044 socklen_t optlen; 6045 6046 if (drv->monitor_ifidx >= 0) { 6047 drv->monitor_refcount++; 6048 return 0; 6049 } 6050 6051 if (os_strncmp(drv->first_bss.ifname, "p2p-", 4) == 0) { 6052 /* 6053 * P2P interface name is of the format p2p-%s-%d. For monitor 6054 * interface name corresponding to P2P GO, replace "p2p-" with 6055 * "mon-" to retain the same interface name length and to 6056 * indicate that it is a monitor interface. 6057 */ 6058 snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss.ifname + 4); 6059 } else { 6060 /* Non-P2P interface with AP functionality. */ 6061 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname); 6062 } 6063 6064 buf[IFNAMSIZ - 1] = '\0'; 6065 6066 drv->monitor_ifidx = 6067 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 6068 0); 6069 6070 if (drv->monitor_ifidx == -EOPNOTSUPP) { 6071 /* 6072 * This is backward compatibility for a few versions of 6073 * the kernel only that didn't advertise the right 6074 * attributes for the only driver that then supported 6075 * AP mode w/o monitor -- ath6kl. 6076 */ 6077 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support " 6078 "monitor interface type - try to run without it"); 6079 drv->device_ap_sme = 1; 6080 } 6081 6082 if (drv->monitor_ifidx < 0) 6083 return -1; 6084 6085 if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1)) 6086 goto error; 6087 6088 memset(&ll, 0, sizeof(ll)); 6089 ll.sll_family = AF_PACKET; 6090 ll.sll_ifindex = drv->monitor_ifidx; 6091 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 6092 if (drv->monitor_sock < 0) { 6093 perror("socket[PF_PACKET,SOCK_RAW]"); 6094 goto error; 6095 } 6096 6097 if (add_monitor_filter(drv->monitor_sock)) { 6098 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 6099 "interface; do filtering in user space"); 6100 /* This works, but will cost in performance. */ 6101 } 6102 6103 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 6104 perror("monitor socket bind"); 6105 goto error; 6106 } 6107 6108 optlen = sizeof(optval); 6109 optval = 20; 6110 if (setsockopt 6111 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 6112 perror("Failed to set socket priority"); 6113 goto error; 6114 } 6115 6116 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 6117 drv, NULL)) { 6118 printf("Could not register monitor read socket\n"); 6119 goto error; 6120 } 6121 6122 return 0; 6123 error: 6124 nl80211_remove_monitor_interface(drv); 6125 return -1; 6126} 6127 6128 6129static int nl80211_setup_ap(struct i802_bss *bss) 6130{ 6131 struct wpa_driver_nl80211_data *drv = bss->drv; 6132 6133 wpa_printf(MSG_DEBUG, "nl80211: Setup AP - device_ap_sme=%d " 6134 "use_monitor=%d", drv->device_ap_sme, drv->use_monitor); 6135 6136 /* 6137 * Disable Probe Request reporting unless we need it in this way for 6138 * devices that include the AP SME, in the other case (unless using 6139 * monitor iface) we'll get it through the nl_mgmt socket instead. 6140 */ 6141 if (!drv->device_ap_sme) 6142 wpa_driver_nl80211_probe_req_report(bss, 0); 6143 6144 if (!drv->device_ap_sme && !drv->use_monitor) 6145 if (nl80211_mgmt_subscribe_ap(bss)) 6146 return -1; 6147 6148#ifndef ANDROID_P2P 6149 if (drv->device_ap_sme && !drv->use_monitor) 6150 if (nl80211_mgmt_subscribe_ap_dev_sme(bss)) 6151 return -1; 6152 6153 if (!drv->device_ap_sme && drv->use_monitor && 6154 nl80211_create_monitor_interface(drv) && 6155 !drv->device_ap_sme) 6156#else 6157 if (drv->device_ap_sme) 6158 if (nl80211_mgmt_subscribe_ap_dev_sme(bss)) 6159 return -1; 6160 6161 if (drv->use_monitor && 6162 nl80211_create_monitor_interface(drv)) 6163#endif 6164 return -1; 6165 6166 if (drv->device_ap_sme && 6167 wpa_driver_nl80211_probe_req_report(bss, 1) < 0) { 6168 wpa_printf(MSG_DEBUG, "nl80211: Failed to enable " 6169 "Probe Request frame reporting in AP mode"); 6170 /* Try to survive without this */ 6171 } 6172 6173 return 0; 6174} 6175 6176 6177static void nl80211_teardown_ap(struct i802_bss *bss) 6178{ 6179 struct wpa_driver_nl80211_data *drv = bss->drv; 6180 6181 if (drv->device_ap_sme) { 6182 wpa_driver_nl80211_probe_req_report(bss, 0); 6183 if (!drv->use_monitor) 6184 nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)"); 6185 } else if (drv->use_monitor) 6186 nl80211_remove_monitor_interface(drv); 6187 else 6188 nl80211_mgmt_unsubscribe(bss, "AP teardown"); 6189 6190 bss->beacon_set = 0; 6191} 6192 6193 6194static int nl80211_send_eapol_data(struct i802_bss *bss, 6195 const u8 *addr, const u8 *data, 6196 size_t data_len) 6197{ 6198 struct sockaddr_ll ll; 6199 int ret; 6200 6201 if (bss->drv->eapol_tx_sock < 0) { 6202 wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL"); 6203 return -1; 6204 } 6205 6206 os_memset(&ll, 0, sizeof(ll)); 6207 ll.sll_family = AF_PACKET; 6208 ll.sll_ifindex = bss->ifindex; 6209 ll.sll_protocol = htons(ETH_P_PAE); 6210 ll.sll_halen = ETH_ALEN; 6211 os_memcpy(ll.sll_addr, addr, ETH_ALEN); 6212 ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0, 6213 (struct sockaddr *) &ll, sizeof(ll)); 6214 if (ret < 0) 6215 wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s", 6216 strerror(errno)); 6217 6218 return ret; 6219} 6220 6221 6222static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 6223 6224static int wpa_driver_nl80211_hapd_send_eapol( 6225 void *priv, const u8 *addr, const u8 *data, 6226 size_t data_len, int encrypt, const u8 *own_addr, u32 flags) 6227{ 6228 struct i802_bss *bss = priv; 6229 struct wpa_driver_nl80211_data *drv = bss->drv; 6230 struct ieee80211_hdr *hdr; 6231 size_t len; 6232 u8 *pos; 6233 int res; 6234 int qos = flags & WPA_STA_WMM; 6235#ifndef ANDROID_P2P 6236 if (drv->device_ap_sme || !drv->use_monitor) 6237#else 6238 if (drv->device_ap_sme && !drv->use_monitor) 6239#endif 6240 return nl80211_send_eapol_data(bss, addr, data, data_len); 6241 6242 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 6243 data_len; 6244 hdr = os_zalloc(len); 6245 if (hdr == NULL) { 6246 printf("malloc() failed for i802_send_data(len=%lu)\n", 6247 (unsigned long) len); 6248 return -1; 6249 } 6250 6251 hdr->frame_control = 6252 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 6253 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 6254 if (encrypt) 6255 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 6256 if (qos) { 6257 hdr->frame_control |= 6258 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 6259 } 6260 6261 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 6262 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 6263 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 6264 pos = (u8 *) (hdr + 1); 6265 6266 if (qos) { 6267 /* add an empty QoS header if needed */ 6268 pos[0] = 0; 6269 pos[1] = 0; 6270 pos += 2; 6271 } 6272 6273 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 6274 pos += sizeof(rfc1042_header); 6275 WPA_PUT_BE16(pos, ETH_P_PAE); 6276 pos += 2; 6277 memcpy(pos, data, data_len); 6278 6279 res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0, 6280 0, 0, 0, 0); 6281 if (res < 0) { 6282 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 6283 "failed: %d (%s)", 6284 (unsigned long) len, errno, strerror(errno)); 6285 } 6286 os_free(hdr); 6287 6288 return res; 6289} 6290 6291 6292static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 6293 int total_flags, 6294 int flags_or, int flags_and) 6295{ 6296 struct i802_bss *bss = priv; 6297 struct wpa_driver_nl80211_data *drv = bss->drv; 6298 struct nl_msg *msg, *flags = NULL; 6299 struct nl80211_sta_flag_update upd; 6300 6301 msg = nlmsg_alloc(); 6302 if (!msg) 6303 return -ENOMEM; 6304 6305 flags = nlmsg_alloc(); 6306 if (!flags) { 6307 nlmsg_free(msg); 6308 return -ENOMEM; 6309 } 6310 6311 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 6312 6313 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 6314 if_nametoindex(bss->ifname)); 6315 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 6316 6317 /* 6318 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 6319 * can be removed eventually. 6320 */ 6321 if (total_flags & WPA_STA_AUTHORIZED) 6322 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED); 6323 6324 if (total_flags & WPA_STA_WMM) 6325 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME); 6326 6327 if (total_flags & WPA_STA_SHORT_PREAMBLE) 6328 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE); 6329 6330 if (total_flags & WPA_STA_MFP) 6331 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP); 6332 6333 if (total_flags & WPA_STA_TDLS_PEER) 6334 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_TDLS_PEER); 6335 6336 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags)) 6337 goto nla_put_failure; 6338 6339 os_memset(&upd, 0, sizeof(upd)); 6340 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 6341 upd.set = sta_flags_nl80211(flags_or); 6342 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 6343 6344 nlmsg_free(flags); 6345 6346 return send_and_recv_msgs(drv, msg, NULL, NULL); 6347 nla_put_failure: 6348 nlmsg_free(msg); 6349 nlmsg_free(flags); 6350 return -ENOBUFS; 6351} 6352 6353 6354static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 6355 struct wpa_driver_associate_params *params) 6356{ 6357 enum nl80211_iftype nlmode; 6358 6359 if (params->p2p) { 6360 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P " 6361 "group (GO)"); 6362 nlmode = NL80211_IFTYPE_P2P_GO; 6363 } else 6364 nlmode = NL80211_IFTYPE_AP; 6365 6366 if (wpa_driver_nl80211_set_mode(&drv->first_bss, nlmode) || 6367 wpa_driver_nl80211_set_freq(&drv->first_bss, params->freq, 0, 0)) { 6368 nl80211_remove_monitor_interface(drv); 6369 return -1; 6370 } 6371 6372 return 0; 6373} 6374 6375 6376static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 6377{ 6378 struct nl_msg *msg; 6379 int ret = -1; 6380 6381 msg = nlmsg_alloc(); 6382 if (!msg) 6383 return -1; 6384 6385 nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS); 6386 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6387 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6388 msg = NULL; 6389 if (ret) { 6390 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 6391 "(%s)", ret, strerror(-ret)); 6392 goto nla_put_failure; 6393 } 6394 6395 ret = 0; 6396 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 6397 6398nla_put_failure: 6399 nlmsg_free(msg); 6400 return ret; 6401} 6402 6403 6404static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 6405 struct wpa_driver_associate_params *params) 6406{ 6407 struct nl_msg *msg; 6408 int ret = -1; 6409 int count = 0; 6410 6411 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 6412 6413 if (wpa_driver_nl80211_set_mode(&drv->first_bss, 6414 NL80211_IFTYPE_ADHOC)) { 6415 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 6416 "IBSS mode"); 6417 return -1; 6418 } 6419 6420retry: 6421 msg = nlmsg_alloc(); 6422 if (!msg) 6423 return -1; 6424 6425 nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS); 6426 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6427 6428 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 6429 goto nla_put_failure; 6430 6431 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 6432 params->ssid, params->ssid_len); 6433 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 6434 params->ssid); 6435 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 6436 drv->ssid_len = params->ssid_len; 6437 6438 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 6439 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 6440 6441 ret = nl80211_set_conn_keys(params, msg); 6442 if (ret) 6443 goto nla_put_failure; 6444 6445 if (params->bssid && params->fixed_bssid) { 6446 wpa_printf(MSG_DEBUG, " * BSSID=" MACSTR, 6447 MAC2STR(params->bssid)); 6448 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 6449 } 6450 6451 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 6452 params->key_mgmt_suite == KEY_MGMT_PSK || 6453 params->key_mgmt_suite == KEY_MGMT_802_1X_SHA256 || 6454 params->key_mgmt_suite == KEY_MGMT_PSK_SHA256) { 6455 wpa_printf(MSG_DEBUG, " * control port"); 6456 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 6457 } 6458 6459 if (params->wpa_ie) { 6460 wpa_hexdump(MSG_DEBUG, 6461 " * Extra IEs for Beacon/Probe Response frames", 6462 params->wpa_ie, params->wpa_ie_len); 6463 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 6464 params->wpa_ie); 6465 } 6466 6467 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6468 msg = NULL; 6469 if (ret) { 6470 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 6471 ret, strerror(-ret)); 6472 count++; 6473 if (ret == -EALREADY && count == 1) { 6474 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 6475 "forced leave"); 6476 nl80211_leave_ibss(drv); 6477 nlmsg_free(msg); 6478 goto retry; 6479 } 6480 6481 goto nla_put_failure; 6482 } 6483 ret = 0; 6484 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 6485 6486nla_put_failure: 6487 nlmsg_free(msg); 6488 return ret; 6489} 6490 6491 6492static unsigned int nl80211_get_assoc_bssid(struct wpa_driver_nl80211_data *drv, 6493 u8 *bssid) 6494{ 6495 struct nl_msg *msg; 6496 int ret; 6497 struct nl80211_bss_info_arg arg; 6498 6499 os_memset(&arg, 0, sizeof(arg)); 6500 msg = nlmsg_alloc(); 6501 if (!msg) 6502 goto nla_put_failure; 6503 6504 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 6505 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6506 6507 arg.drv = drv; 6508 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 6509 msg = NULL; 6510 if (ret == 0) { 6511 if (is_zero_ether_addr(arg.assoc_bssid)) 6512 return -ENOTCONN; 6513 os_memcpy(bssid, arg.assoc_bssid, ETH_ALEN); 6514 return 0; 6515 } 6516 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 6517 "(%s)", ret, strerror(-ret)); 6518nla_put_failure: 6519 nlmsg_free(msg); 6520 return drv->assoc_freq; 6521} 6522 6523 6524static int nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 6525 const u8 *bssid) 6526{ 6527 u8 addr[ETH_ALEN]; 6528 6529 if (bssid == NULL) { 6530 int res = nl80211_get_assoc_bssid(drv, addr); 6531 if (res) 6532 return res; 6533 bssid = addr; 6534 } 6535 6536 return wpa_driver_nl80211_disconnect(drv, bssid, 6537 WLAN_REASON_PREV_AUTH_NOT_VALID); 6538} 6539 6540 6541static int wpa_driver_nl80211_connect( 6542 struct wpa_driver_nl80211_data *drv, 6543 struct wpa_driver_associate_params *params) 6544{ 6545 struct nl_msg *msg; 6546 enum nl80211_auth_type type; 6547 int ret = 0; 6548 int algs; 6549 6550 msg = nlmsg_alloc(); 6551 if (!msg) 6552 return -1; 6553 6554 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 6555 nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT); 6556 6557 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6558 if (params->bssid) { 6559 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 6560 MAC2STR(params->bssid)); 6561 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 6562 } 6563 if (params->freq) { 6564 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 6565 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 6566 } 6567 if (params->ssid) { 6568 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 6569 params->ssid, params->ssid_len); 6570 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 6571 params->ssid); 6572 if (params->ssid_len > sizeof(drv->ssid)) 6573 goto nla_put_failure; 6574 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 6575 drv->ssid_len = params->ssid_len; 6576 } 6577 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 6578 if (params->wpa_ie) 6579 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 6580 params->wpa_ie); 6581 6582 algs = 0; 6583 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 6584 algs++; 6585 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 6586 algs++; 6587 if (params->auth_alg & WPA_AUTH_ALG_LEAP) 6588 algs++; 6589 if (algs > 1) { 6590 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " 6591 "selection"); 6592 goto skip_auth_type; 6593 } 6594 6595 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 6596 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 6597 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 6598 type = NL80211_AUTHTYPE_SHARED_KEY; 6599 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 6600 type = NL80211_AUTHTYPE_NETWORK_EAP; 6601 else if (params->auth_alg & WPA_AUTH_ALG_FT) 6602 type = NL80211_AUTHTYPE_FT; 6603 else 6604 goto nla_put_failure; 6605 6606 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 6607 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 6608 6609skip_auth_type: 6610 if (params->wpa_proto) { 6611 enum nl80211_wpa_versions ver = 0; 6612 6613 if (params->wpa_proto & WPA_PROTO_WPA) 6614 ver |= NL80211_WPA_VERSION_1; 6615 if (params->wpa_proto & WPA_PROTO_RSN) 6616 ver |= NL80211_WPA_VERSION_2; 6617 6618 wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver); 6619 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 6620 } 6621 6622 if (params->pairwise_suite != CIPHER_NONE) { 6623 int cipher; 6624 6625 switch (params->pairwise_suite) { 6626 case CIPHER_WEP40: 6627 cipher = WLAN_CIPHER_SUITE_WEP40; 6628 break; 6629 case CIPHER_WEP104: 6630 cipher = WLAN_CIPHER_SUITE_WEP104; 6631 break; 6632 case CIPHER_CCMP: 6633 cipher = WLAN_CIPHER_SUITE_CCMP; 6634 break; 6635 case CIPHER_TKIP: 6636 default: 6637 cipher = WLAN_CIPHER_SUITE_TKIP; 6638 break; 6639 } 6640 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 6641 } 6642 6643 if (params->group_suite != CIPHER_NONE) { 6644 int cipher; 6645 6646 switch (params->group_suite) { 6647 case CIPHER_WEP40: 6648 cipher = WLAN_CIPHER_SUITE_WEP40; 6649 break; 6650 case CIPHER_WEP104: 6651 cipher = WLAN_CIPHER_SUITE_WEP104; 6652 break; 6653 case CIPHER_CCMP: 6654 cipher = WLAN_CIPHER_SUITE_CCMP; 6655 break; 6656 case CIPHER_TKIP: 6657 default: 6658 cipher = WLAN_CIPHER_SUITE_TKIP; 6659 break; 6660 } 6661 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 6662 } 6663 6664 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 6665 params->key_mgmt_suite == KEY_MGMT_PSK) { 6666 int mgmt = WLAN_AKM_SUITE_PSK; 6667 6668 switch (params->key_mgmt_suite) { 6669 case KEY_MGMT_802_1X: 6670 mgmt = WLAN_AKM_SUITE_8021X; 6671 break; 6672 case KEY_MGMT_PSK: 6673 default: 6674 mgmt = WLAN_AKM_SUITE_PSK; 6675 break; 6676 } 6677 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 6678 } 6679 6680 if (params->disable_ht) 6681 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT); 6682 6683 if (params->htcaps && params->htcaps_mask) { 6684 int sz = sizeof(struct ieee80211_ht_capabilities); 6685 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps); 6686 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz, 6687 params->htcaps_mask); 6688 } 6689 6690 ret = nl80211_set_conn_keys(params, msg); 6691 if (ret) 6692 goto nla_put_failure; 6693 6694 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6695 msg = NULL; 6696 if (ret) { 6697 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 6698 "(%s)", ret, strerror(-ret)); 6699 /* 6700 * cfg80211 does not currently accept new connection if we are 6701 * already connected. As a workaround, force disconnection and 6702 * try again once the driver indicates it completed 6703 * disconnection. 6704 */ 6705 if (ret == -EALREADY) 6706 nl80211_disconnect(drv, params->bssid); 6707 goto nla_put_failure; 6708 } 6709 ret = 0; 6710 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 6711 6712nla_put_failure: 6713 nlmsg_free(msg); 6714 return ret; 6715 6716} 6717 6718 6719static int wpa_driver_nl80211_associate( 6720 void *priv, struct wpa_driver_associate_params *params) 6721{ 6722 struct i802_bss *bss = priv; 6723 struct wpa_driver_nl80211_data *drv = bss->drv; 6724 int ret = -1; 6725 struct nl_msg *msg; 6726 6727 if (params->mode == IEEE80211_MODE_AP) 6728 return wpa_driver_nl80211_ap(drv, params); 6729 6730 if (params->mode == IEEE80211_MODE_IBSS) 6731 return wpa_driver_nl80211_ibss(drv, params); 6732 6733 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 6734 enum nl80211_iftype nlmode = params->p2p ? 6735 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 6736 6737 if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0) 6738 return -1; 6739 return wpa_driver_nl80211_connect(drv, params); 6740 } 6741 6742 drv->associated = 0; 6743 6744 msg = nlmsg_alloc(); 6745 if (!msg) 6746 return -1; 6747 6748 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 6749 drv->ifindex); 6750 nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE); 6751 6752 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6753 if (params->bssid) { 6754 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 6755 MAC2STR(params->bssid)); 6756 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 6757 } 6758 if (params->freq) { 6759 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 6760 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 6761 drv->assoc_freq = params->freq; 6762 } else 6763 drv->assoc_freq = 0; 6764 if (params->ssid) { 6765 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 6766 params->ssid, params->ssid_len); 6767 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 6768 params->ssid); 6769 if (params->ssid_len > sizeof(drv->ssid)) 6770 goto nla_put_failure; 6771 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 6772 drv->ssid_len = params->ssid_len; 6773 } 6774 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 6775 if (params->wpa_ie) 6776 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 6777 params->wpa_ie); 6778 6779 if (params->pairwise_suite != CIPHER_NONE) { 6780 int cipher; 6781 6782 switch (params->pairwise_suite) { 6783 case CIPHER_WEP40: 6784 cipher = WLAN_CIPHER_SUITE_WEP40; 6785 break; 6786 case CIPHER_WEP104: 6787 cipher = WLAN_CIPHER_SUITE_WEP104; 6788 break; 6789 case CIPHER_CCMP: 6790 cipher = WLAN_CIPHER_SUITE_CCMP; 6791 break; 6792 case CIPHER_TKIP: 6793 default: 6794 cipher = WLAN_CIPHER_SUITE_TKIP; 6795 break; 6796 } 6797 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher); 6798 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 6799 } 6800 6801 if (params->group_suite != CIPHER_NONE) { 6802 int cipher; 6803 6804 switch (params->group_suite) { 6805 case CIPHER_WEP40: 6806 cipher = WLAN_CIPHER_SUITE_WEP40; 6807 break; 6808 case CIPHER_WEP104: 6809 cipher = WLAN_CIPHER_SUITE_WEP104; 6810 break; 6811 case CIPHER_CCMP: 6812 cipher = WLAN_CIPHER_SUITE_CCMP; 6813 break; 6814 case CIPHER_TKIP: 6815 default: 6816 cipher = WLAN_CIPHER_SUITE_TKIP; 6817 break; 6818 } 6819 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher); 6820 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 6821 } 6822 6823#ifdef CONFIG_IEEE80211W 6824 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 6825 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 6826#endif /* CONFIG_IEEE80211W */ 6827 6828 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 6829 6830 if (params->prev_bssid) { 6831 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 6832 MAC2STR(params->prev_bssid)); 6833 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 6834 params->prev_bssid); 6835 } 6836 6837 if (params->disable_ht) 6838 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT); 6839 6840 if (params->htcaps && params->htcaps_mask) { 6841 int sz = sizeof(struct ieee80211_ht_capabilities); 6842 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps); 6843 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz, 6844 params->htcaps_mask); 6845 } 6846 6847 if (params->p2p) 6848 wpa_printf(MSG_DEBUG, " * P2P group"); 6849 6850 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6851 msg = NULL; 6852 if (ret) { 6853 wpa_dbg(drv->ctx, MSG_DEBUG, 6854 "nl80211: MLME command failed (assoc): ret=%d (%s)", 6855 ret, strerror(-ret)); 6856 nl80211_dump_scan(drv); 6857 goto nla_put_failure; 6858 } 6859 ret = 0; 6860 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 6861 "successfully"); 6862 6863nla_put_failure: 6864 nlmsg_free(msg); 6865 return ret; 6866} 6867 6868 6869static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 6870 int ifindex, enum nl80211_iftype mode) 6871{ 6872 struct nl_msg *msg; 6873 int ret = -ENOBUFS; 6874 6875 wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)", 6876 ifindex, mode, nl80211_iftype_str(mode)); 6877 6878 msg = nlmsg_alloc(); 6879 if (!msg) 6880 return -ENOMEM; 6881 6882 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE); 6883 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 6884 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 6885 6886 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6887 msg = NULL; 6888 if (!ret) 6889 return 0; 6890nla_put_failure: 6891 nlmsg_free(msg); 6892 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 6893 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 6894 return ret; 6895} 6896 6897 6898static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 6899 enum nl80211_iftype nlmode) 6900{ 6901 struct wpa_driver_nl80211_data *drv = bss->drv; 6902 int ret = -1; 6903 int i; 6904 int was_ap = is_ap_interface(drv->nlmode); 6905 int res; 6906 6907 res = nl80211_set_mode(drv, drv->ifindex, nlmode); 6908 if (res == 0) { 6909 drv->nlmode = nlmode; 6910 ret = 0; 6911 goto done; 6912 } 6913 6914 if (res == -ENODEV) 6915 return -1; 6916 6917 if (nlmode == drv->nlmode) { 6918 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 6919 "requested mode - ignore error"); 6920 ret = 0; 6921 goto done; /* Already in the requested mode */ 6922 } 6923 6924 /* mac80211 doesn't allow mode changes while the device is up, so 6925 * take the device down, try to set the mode again, and bring the 6926 * device back up. 6927 */ 6928 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting " 6929 "interface down"); 6930 for (i = 0; i < 10; i++) { 6931 res = linux_set_iface_flags(drv->global->ioctl_sock, 6932 bss->ifname, 0); 6933 if (res == -EACCES || res == -ENODEV) 6934 break; 6935 if (res == 0) { 6936 /* Try to set the mode again while the interface is 6937 * down */ 6938 ret = nl80211_set_mode(drv, drv->ifindex, nlmode); 6939 if (ret == -EACCES) 6940 break; 6941 res = linux_set_iface_flags(drv->global->ioctl_sock, 6942 bss->ifname, 1); 6943 if (res && !ret) 6944 ret = -1; 6945 else if (ret != -EBUSY) 6946 break; 6947 } else 6948 wpa_printf(MSG_DEBUG, "nl80211: Failed to set " 6949 "interface down"); 6950 os_sleep(0, 100000); 6951 } 6952 6953 if (!ret) { 6954 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 6955 "interface is down"); 6956 drv->nlmode = nlmode; 6957 drv->ignore_if_down_event = 1; 6958 } 6959 6960done: 6961 if (ret) { 6962 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 6963 "from %d failed", nlmode, drv->nlmode); 6964 return ret; 6965 } 6966 6967 if (is_ap_interface(nlmode)) { 6968 nl80211_mgmt_unsubscribe(bss, "start AP"); 6969 /* Setup additional AP mode functionality if needed */ 6970 if (nl80211_setup_ap(bss)) 6971 return -1; 6972 } else if (was_ap) { 6973 /* Remove additional AP mode functionality */ 6974 nl80211_teardown_ap(bss); 6975 } else { 6976 nl80211_mgmt_unsubscribe(bss, "mode change"); 6977 } 6978 6979 if (!is_ap_interface(nlmode) && 6980 nl80211_mgmt_subscribe_non_ap(bss) < 0) 6981 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 6982 "frame processing - ignore for now"); 6983 6984 return 0; 6985} 6986 6987 6988static int wpa_driver_nl80211_get_capa(void *priv, 6989 struct wpa_driver_capa *capa) 6990{ 6991 struct i802_bss *bss = priv; 6992 struct wpa_driver_nl80211_data *drv = bss->drv; 6993 if (!drv->has_capability) 6994 return -1; 6995 os_memcpy(capa, &drv->capa, sizeof(*capa)); 6996 return 0; 6997} 6998 6999 7000static int wpa_driver_nl80211_set_operstate(void *priv, int state) 7001{ 7002 struct i802_bss *bss = priv; 7003 struct wpa_driver_nl80211_data *drv = bss->drv; 7004 7005 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 7006 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 7007 drv->operstate = state; 7008 return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1, 7009 state ? IF_OPER_UP : IF_OPER_DORMANT); 7010} 7011 7012 7013static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 7014{ 7015 struct i802_bss *bss = priv; 7016 struct wpa_driver_nl80211_data *drv = bss->drv; 7017 struct nl_msg *msg; 7018 struct nl80211_sta_flag_update upd; 7019 7020 msg = nlmsg_alloc(); 7021 if (!msg) 7022 return -ENOMEM; 7023 7024 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 7025 7026 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 7027 if_nametoindex(bss->ifname)); 7028 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 7029 7030 os_memset(&upd, 0, sizeof(upd)); 7031 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 7032 if (authorized) 7033 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 7034 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 7035 7036 return send_and_recv_msgs(drv, msg, NULL, NULL); 7037 nla_put_failure: 7038 nlmsg_free(msg); 7039 return -ENOBUFS; 7040} 7041 7042 7043/* Set kernel driver on given frequency (MHz) */ 7044static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 7045{ 7046 struct i802_bss *bss = priv; 7047 return wpa_driver_nl80211_set_freq(bss, freq->freq, freq->ht_enabled, 7048 freq->sec_channel_offset); 7049} 7050 7051 7052#if defined(HOSTAPD) || defined(CONFIG_AP) 7053 7054static inline int min_int(int a, int b) 7055{ 7056 if (a < b) 7057 return a; 7058 return b; 7059} 7060 7061 7062static int get_key_handler(struct nl_msg *msg, void *arg) 7063{ 7064 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 7065 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 7066 7067 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 7068 genlmsg_attrlen(gnlh, 0), NULL); 7069 7070 /* 7071 * TODO: validate the key index and mac address! 7072 * Otherwise, there's a race condition as soon as 7073 * the kernel starts sending key notifications. 7074 */ 7075 7076 if (tb[NL80211_ATTR_KEY_SEQ]) 7077 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 7078 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 7079 return NL_SKIP; 7080} 7081 7082 7083static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 7084 int idx, u8 *seq) 7085{ 7086 struct i802_bss *bss = priv; 7087 struct wpa_driver_nl80211_data *drv = bss->drv; 7088 struct nl_msg *msg; 7089 7090 msg = nlmsg_alloc(); 7091 if (!msg) 7092 return -ENOMEM; 7093 7094 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY); 7095 7096 if (addr) 7097 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7098 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 7099 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 7100 7101 memset(seq, 0, 6); 7102 7103 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 7104 nla_put_failure: 7105 nlmsg_free(msg); 7106 return -ENOBUFS; 7107} 7108 7109 7110static int i802_set_rts(void *priv, int rts) 7111{ 7112 struct i802_bss *bss = priv; 7113 struct wpa_driver_nl80211_data *drv = bss->drv; 7114 struct nl_msg *msg; 7115 int ret = -ENOBUFS; 7116 u32 val; 7117 7118 msg = nlmsg_alloc(); 7119 if (!msg) 7120 return -ENOMEM; 7121 7122 if (rts >= 2347) 7123 val = (u32) -1; 7124 else 7125 val = rts; 7126 7127 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 7128 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7129 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 7130 7131 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7132 msg = NULL; 7133 if (!ret) 7134 return 0; 7135nla_put_failure: 7136 nlmsg_free(msg); 7137 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 7138 "%d (%s)", rts, ret, strerror(-ret)); 7139 return ret; 7140} 7141 7142 7143static int i802_set_frag(void *priv, int frag) 7144{ 7145 struct i802_bss *bss = priv; 7146 struct wpa_driver_nl80211_data *drv = bss->drv; 7147 struct nl_msg *msg; 7148 int ret = -ENOBUFS; 7149 u32 val; 7150 7151 msg = nlmsg_alloc(); 7152 if (!msg) 7153 return -ENOMEM; 7154 7155 if (frag >= 2346) 7156 val = (u32) -1; 7157 else 7158 val = frag; 7159 7160 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 7161 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7162 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 7163 7164 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7165 msg = NULL; 7166 if (!ret) 7167 return 0; 7168nla_put_failure: 7169 nlmsg_free(msg); 7170 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 7171 "%d: %d (%s)", frag, ret, strerror(-ret)); 7172 return ret; 7173} 7174 7175 7176static int i802_flush(void *priv) 7177{ 7178 struct i802_bss *bss = priv; 7179 struct wpa_driver_nl80211_data *drv = bss->drv; 7180 struct nl_msg *msg; 7181 int res; 7182 7183 msg = nlmsg_alloc(); 7184 if (!msg) 7185 return -1; 7186 7187 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 7188 7189 /* 7190 * XXX: FIX! this needs to flush all VLANs too 7191 */ 7192 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 7193 if_nametoindex(bss->ifname)); 7194 7195 res = send_and_recv_msgs(drv, msg, NULL, NULL); 7196 if (res) { 7197 wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d " 7198 "(%s)", res, strerror(-res)); 7199 } 7200 return res; 7201 nla_put_failure: 7202 nlmsg_free(msg); 7203 return -ENOBUFS; 7204} 7205 7206 7207static int get_sta_handler(struct nl_msg *msg, void *arg) 7208{ 7209 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 7210 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 7211 struct hostap_sta_driver_data *data = arg; 7212 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 7213 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 7214 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 7215 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 7216 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 7217 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 7218 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 7219 }; 7220 7221 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 7222 genlmsg_attrlen(gnlh, 0), NULL); 7223 7224 /* 7225 * TODO: validate the interface and mac address! 7226 * Otherwise, there's a race condition as soon as 7227 * the kernel starts sending station notifications. 7228 */ 7229 7230 if (!tb[NL80211_ATTR_STA_INFO]) { 7231 wpa_printf(MSG_DEBUG, "sta stats missing!"); 7232 return NL_SKIP; 7233 } 7234 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 7235 tb[NL80211_ATTR_STA_INFO], 7236 stats_policy)) { 7237 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 7238 return NL_SKIP; 7239 } 7240 7241 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 7242 data->inactive_msec = 7243 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 7244 if (stats[NL80211_STA_INFO_RX_BYTES]) 7245 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 7246 if (stats[NL80211_STA_INFO_TX_BYTES]) 7247 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 7248 if (stats[NL80211_STA_INFO_RX_PACKETS]) 7249 data->rx_packets = 7250 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 7251 if (stats[NL80211_STA_INFO_TX_PACKETS]) 7252 data->tx_packets = 7253 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 7254 7255 return NL_SKIP; 7256} 7257 7258static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data, 7259 const u8 *addr) 7260{ 7261 struct i802_bss *bss = priv; 7262 struct wpa_driver_nl80211_data *drv = bss->drv; 7263 struct nl_msg *msg; 7264 7265 os_memset(data, 0, sizeof(*data)); 7266 msg = nlmsg_alloc(); 7267 if (!msg) 7268 return -ENOMEM; 7269 7270 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 7271 7272 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7273 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 7274 7275 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 7276 nla_put_failure: 7277 nlmsg_free(msg); 7278 return -ENOBUFS; 7279} 7280 7281 7282static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 7283 int cw_min, int cw_max, int burst_time) 7284{ 7285 struct i802_bss *bss = priv; 7286 struct wpa_driver_nl80211_data *drv = bss->drv; 7287 struct nl_msg *msg; 7288 struct nlattr *txq, *params; 7289 7290 msg = nlmsg_alloc(); 7291 if (!msg) 7292 return -1; 7293 7294 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 7295 7296 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 7297 7298 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 7299 if (!txq) 7300 goto nla_put_failure; 7301 7302 /* We are only sending parameters for a single TXQ at a time */ 7303 params = nla_nest_start(msg, 1); 7304 if (!params) 7305 goto nla_put_failure; 7306 7307 switch (queue) { 7308 case 0: 7309 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO); 7310 break; 7311 case 1: 7312 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI); 7313 break; 7314 case 2: 7315 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE); 7316 break; 7317 case 3: 7318 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK); 7319 break; 7320 } 7321 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 7322 * 32 usec, so need to convert the value here. */ 7323 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 7324 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 7325 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 7326 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 7327 7328 nla_nest_end(msg, params); 7329 7330 nla_nest_end(msg, txq); 7331 7332 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 7333 return 0; 7334 msg = NULL; 7335 nla_put_failure: 7336 nlmsg_free(msg); 7337 return -1; 7338} 7339 7340 7341static int i802_set_sta_vlan(void *priv, const u8 *addr, 7342 const char *ifname, int vlan_id) 7343{ 7344 struct i802_bss *bss = priv; 7345 struct wpa_driver_nl80211_data *drv = bss->drv; 7346 struct nl_msg *msg; 7347 int ret = -ENOBUFS; 7348 7349 msg = nlmsg_alloc(); 7350 if (!msg) 7351 return -ENOMEM; 7352 7353 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 7354 7355 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 7356 if_nametoindex(bss->ifname)); 7357 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7358 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 7359 if_nametoindex(ifname)); 7360 7361 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7362 msg = NULL; 7363 if (ret < 0) { 7364 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 7365 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 7366 MAC2STR(addr), ifname, vlan_id, ret, 7367 strerror(-ret)); 7368 } 7369 nla_put_failure: 7370 nlmsg_free(msg); 7371 return ret; 7372} 7373 7374 7375static int i802_get_inact_sec(void *priv, const u8 *addr) 7376{ 7377 struct hostap_sta_driver_data data; 7378 int ret; 7379 7380 data.inactive_msec = (unsigned long) -1; 7381 ret = i802_read_sta_data(priv, &data, addr); 7382 if (ret || data.inactive_msec == (unsigned long) -1) 7383 return -1; 7384 return data.inactive_msec / 1000; 7385} 7386 7387 7388static int i802_sta_clear_stats(void *priv, const u8 *addr) 7389{ 7390#if 0 7391 /* TODO */ 7392#endif 7393 return 0; 7394} 7395 7396 7397static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 7398 int reason) 7399{ 7400 struct i802_bss *bss = priv; 7401 struct ieee80211_mgmt mgmt; 7402 7403 memset(&mgmt, 0, sizeof(mgmt)); 7404 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 7405 WLAN_FC_STYPE_DEAUTH); 7406 memcpy(mgmt.da, addr, ETH_ALEN); 7407 memcpy(mgmt.sa, own_addr, ETH_ALEN); 7408 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 7409 mgmt.u.deauth.reason_code = host_to_le16(reason); 7410 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 7411 IEEE80211_HDRLEN + 7412 sizeof(mgmt.u.deauth), 0); 7413} 7414 7415 7416static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 7417 int reason) 7418{ 7419 struct i802_bss *bss = priv; 7420 struct ieee80211_mgmt mgmt; 7421 7422 memset(&mgmt, 0, sizeof(mgmt)); 7423 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 7424 WLAN_FC_STYPE_DISASSOC); 7425 memcpy(mgmt.da, addr, ETH_ALEN); 7426 memcpy(mgmt.sa, own_addr, ETH_ALEN); 7427 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 7428 mgmt.u.disassoc.reason_code = host_to_le16(reason); 7429 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 7430 IEEE80211_HDRLEN + 7431 sizeof(mgmt.u.disassoc), 0); 7432} 7433 7434#endif /* HOSTAPD || CONFIG_AP */ 7435 7436#ifdef HOSTAPD 7437 7438static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 7439{ 7440 int i; 7441 int *old; 7442 7443 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 7444 ifidx); 7445 for (i = 0; i < drv->num_if_indices; i++) { 7446 if (drv->if_indices[i] == 0) { 7447 drv->if_indices[i] = ifidx; 7448 return; 7449 } 7450 } 7451 7452 if (drv->if_indices != drv->default_if_indices) 7453 old = drv->if_indices; 7454 else 7455 old = NULL; 7456 7457 drv->if_indices = os_realloc(old, 7458 sizeof(int) * (drv->num_if_indices + 1)); 7459 if (!drv->if_indices) { 7460 if (!old) 7461 drv->if_indices = drv->default_if_indices; 7462 else 7463 drv->if_indices = old; 7464 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 7465 "interfaces"); 7466 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 7467 return; 7468 } else if (!old) 7469 os_memcpy(drv->if_indices, drv->default_if_indices, 7470 sizeof(drv->default_if_indices)); 7471 drv->if_indices[drv->num_if_indices] = ifidx; 7472 drv->num_if_indices++; 7473} 7474 7475 7476static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 7477{ 7478 int i; 7479 7480 for (i = 0; i < drv->num_if_indices; i++) { 7481 if (drv->if_indices[i] == ifidx) { 7482 drv->if_indices[i] = 0; 7483 break; 7484 } 7485 } 7486} 7487 7488 7489static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 7490{ 7491 int i; 7492 7493 for (i = 0; i < drv->num_if_indices; i++) 7494 if (drv->if_indices[i] == ifidx) 7495 return 1; 7496 7497 return 0; 7498} 7499 7500 7501static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, 7502 const char *bridge_ifname) 7503{ 7504 struct i802_bss *bss = priv; 7505 struct wpa_driver_nl80211_data *drv = bss->drv; 7506 char name[IFNAMSIZ + 1]; 7507 7508 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 7509 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 7510 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 7511 if (val) { 7512 if (!if_nametoindex(name)) { 7513 if (nl80211_create_iface(drv, name, 7514 NL80211_IFTYPE_AP_VLAN, 7515 NULL, 1) < 0) 7516 return -1; 7517 if (bridge_ifname && 7518 linux_br_add_if(drv->global->ioctl_sock, 7519 bridge_ifname, name) < 0) 7520 return -1; 7521 } 7522 linux_set_iface_flags(drv->global->ioctl_sock, name, 1); 7523 return i802_set_sta_vlan(priv, addr, name, 0); 7524 } else { 7525 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 7526 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN, 7527 name); 7528 } 7529} 7530 7531 7532static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 7533{ 7534 struct wpa_driver_nl80211_data *drv = eloop_ctx; 7535 struct sockaddr_ll lladdr; 7536 unsigned char buf[3000]; 7537 int len; 7538 socklen_t fromlen = sizeof(lladdr); 7539 7540 len = recvfrom(sock, buf, sizeof(buf), 0, 7541 (struct sockaddr *)&lladdr, &fromlen); 7542 if (len < 0) { 7543 perror("recv"); 7544 return; 7545 } 7546 7547 if (have_ifidx(drv, lladdr.sll_ifindex)) 7548 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 7549} 7550 7551 7552static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 7553 struct i802_bss *bss, 7554 const char *brname, const char *ifname) 7555{ 7556 int ifindex; 7557 char in_br[IFNAMSIZ]; 7558 7559 os_strlcpy(bss->brname, brname, IFNAMSIZ); 7560 ifindex = if_nametoindex(brname); 7561 if (ifindex == 0) { 7562 /* 7563 * Bridge was configured, but the bridge device does 7564 * not exist. Try to add it now. 7565 */ 7566 if (linux_br_add(drv->global->ioctl_sock, brname) < 0) { 7567 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 7568 "bridge interface %s: %s", 7569 brname, strerror(errno)); 7570 return -1; 7571 } 7572 bss->added_bridge = 1; 7573 add_ifidx(drv, if_nametoindex(brname)); 7574 } 7575 7576 if (linux_br_get(in_br, ifname) == 0) { 7577 if (os_strcmp(in_br, brname) == 0) 7578 return 0; /* already in the bridge */ 7579 7580 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 7581 "bridge %s", ifname, in_br); 7582 if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) < 7583 0) { 7584 wpa_printf(MSG_ERROR, "nl80211: Failed to " 7585 "remove interface %s from bridge " 7586 "%s: %s", 7587 ifname, brname, strerror(errno)); 7588 return -1; 7589 } 7590 } 7591 7592 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 7593 ifname, brname); 7594 if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) { 7595 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 7596 "into bridge %s: %s", 7597 ifname, brname, strerror(errno)); 7598 return -1; 7599 } 7600 bss->added_if_into_bridge = 1; 7601 7602 return 0; 7603} 7604 7605 7606static void *i802_init(struct hostapd_data *hapd, 7607 struct wpa_init_params *params) 7608{ 7609 struct wpa_driver_nl80211_data *drv; 7610 struct i802_bss *bss; 7611 size_t i; 7612 char brname[IFNAMSIZ]; 7613 int ifindex, br_ifindex; 7614 int br_added = 0; 7615 7616 bss = wpa_driver_nl80211_init(hapd, params->ifname, 7617 params->global_priv); 7618 if (bss == NULL) 7619 return NULL; 7620 7621 drv = bss->drv; 7622 drv->nlmode = NL80211_IFTYPE_AP; 7623 drv->eapol_sock = -1; 7624 7625 if (linux_br_get(brname, params->ifname) == 0) { 7626 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 7627 params->ifname, brname); 7628 br_ifindex = if_nametoindex(brname); 7629 } else { 7630 brname[0] = '\0'; 7631 br_ifindex = 0; 7632 } 7633 7634 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 7635 drv->if_indices = drv->default_if_indices; 7636 for (i = 0; i < params->num_bridge; i++) { 7637 if (params->bridge[i]) { 7638 ifindex = if_nametoindex(params->bridge[i]); 7639 if (ifindex) 7640 add_ifidx(drv, ifindex); 7641 if (ifindex == br_ifindex) 7642 br_added = 1; 7643 } 7644 } 7645 if (!br_added && br_ifindex && 7646 (params->num_bridge == 0 || !params->bridge[0])) 7647 add_ifidx(drv, br_ifindex); 7648 7649 /* start listening for EAPOL on the default AP interface */ 7650 add_ifidx(drv, drv->ifindex); 7651 7652 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0)) 7653 goto failed; 7654 7655 if (params->bssid) { 7656 if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 7657 params->bssid)) 7658 goto failed; 7659 } 7660 7661 if (wpa_driver_nl80211_set_mode(bss, drv->nlmode)) { 7662 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s " 7663 "into AP mode", bss->ifname); 7664 goto failed; 7665 } 7666 7667 if (params->num_bridge && params->bridge[0] && 7668 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0) 7669 goto failed; 7670 7671 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) 7672 goto failed; 7673 7674 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 7675 if (drv->eapol_sock < 0) { 7676 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)"); 7677 goto failed; 7678 } 7679 7680 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 7681 { 7682 printf("Could not register read socket for eapol\n"); 7683 goto failed; 7684 } 7685 7686 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 7687 params->own_addr)) 7688 goto failed; 7689 7690 memcpy(bss->addr, params->own_addr, ETH_ALEN); 7691 7692 return bss; 7693 7694failed: 7695 wpa_driver_nl80211_deinit(bss); 7696 return NULL; 7697} 7698 7699 7700static void i802_deinit(void *priv) 7701{ 7702 wpa_driver_nl80211_deinit(priv); 7703} 7704 7705#endif /* HOSTAPD */ 7706 7707 7708static enum nl80211_iftype wpa_driver_nl80211_if_type( 7709 enum wpa_driver_if_type type) 7710{ 7711 switch (type) { 7712 case WPA_IF_STATION: 7713 return NL80211_IFTYPE_STATION; 7714 case WPA_IF_P2P_CLIENT: 7715 case WPA_IF_P2P_GROUP: 7716 return NL80211_IFTYPE_P2P_CLIENT; 7717 case WPA_IF_AP_VLAN: 7718 return NL80211_IFTYPE_AP_VLAN; 7719 case WPA_IF_AP_BSS: 7720 return NL80211_IFTYPE_AP; 7721 case WPA_IF_P2P_GO: 7722 return NL80211_IFTYPE_P2P_GO; 7723 } 7724 return -1; 7725} 7726 7727 7728#ifdef CONFIG_P2P 7729 7730static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr) 7731{ 7732 struct wpa_driver_nl80211_data *drv; 7733 dl_list_for_each(drv, &global->interfaces, 7734 struct wpa_driver_nl80211_data, list) { 7735 if (os_memcmp(addr, drv->first_bss.addr, ETH_ALEN) == 0) 7736 return 1; 7737 } 7738 return 0; 7739} 7740 7741 7742static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv, 7743 u8 *new_addr) 7744{ 7745 unsigned int idx; 7746 7747 if (!drv->global) 7748 return -1; 7749 7750 os_memcpy(new_addr, drv->first_bss.addr, ETH_ALEN); 7751 for (idx = 0; idx < 64; idx++) { 7752 new_addr[0] = drv->first_bss.addr[0] | 0x02; 7753 new_addr[0] ^= idx << 2; 7754 if (!nl80211_addr_in_use(drv->global, new_addr)) 7755 break; 7756 } 7757 if (idx == 64) 7758 return -1; 7759 7760 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address " 7761 MACSTR, MAC2STR(new_addr)); 7762 7763 return 0; 7764} 7765 7766#endif /* CONFIG_P2P */ 7767 7768 7769static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 7770 const char *ifname, const u8 *addr, 7771 void *bss_ctx, void **drv_priv, 7772 char *force_ifname, u8 *if_addr, 7773 const char *bridge) 7774{ 7775 struct i802_bss *bss = priv; 7776 struct wpa_driver_nl80211_data *drv = bss->drv; 7777 int ifidx; 7778#ifdef HOSTAPD 7779 struct i802_bss *new_bss = NULL; 7780 7781 if (type == WPA_IF_AP_BSS) { 7782 new_bss = os_zalloc(sizeof(*new_bss)); 7783 if (new_bss == NULL) 7784 return -1; 7785 } 7786#endif /* HOSTAPD */ 7787 7788 if (addr) 7789 os_memcpy(if_addr, addr, ETH_ALEN); 7790 ifidx = nl80211_create_iface(drv, ifname, 7791 wpa_driver_nl80211_if_type(type), addr, 7792 0); 7793 if (ifidx < 0) { 7794#ifdef HOSTAPD 7795 os_free(new_bss); 7796#endif /* HOSTAPD */ 7797 return -1; 7798 } 7799 7800 if (!addr && 7801 linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 7802 if_addr) < 0) { 7803 nl80211_remove_iface(drv, ifidx); 7804 return -1; 7805 } 7806 7807#ifdef CONFIG_P2P 7808 if (!addr && 7809 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP || 7810 type == WPA_IF_P2P_GO)) { 7811 /* Enforce unique P2P Interface Address */ 7812 u8 new_addr[ETH_ALEN], own_addr[ETH_ALEN]; 7813 7814 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 7815 own_addr) < 0 || 7816 linux_get_ifhwaddr(drv->global->ioctl_sock, ifname, 7817 new_addr) < 0) { 7818 nl80211_remove_iface(drv, ifidx); 7819 return -1; 7820 } 7821 if (os_memcmp(own_addr, new_addr, ETH_ALEN) == 0) { 7822 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address " 7823 "for P2P group interface"); 7824 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) { 7825 nl80211_remove_iface(drv, ifidx); 7826 return -1; 7827 } 7828 if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 7829 new_addr) < 0) { 7830 nl80211_remove_iface(drv, ifidx); 7831 return -1; 7832 } 7833 } 7834 os_memcpy(if_addr, new_addr, ETH_ALEN); 7835 } 7836#endif /* CONFIG_P2P */ 7837 7838#ifdef HOSTAPD 7839 if (bridge && 7840 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) { 7841 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new " 7842 "interface %s to a bridge %s", ifname, bridge); 7843 nl80211_remove_iface(drv, ifidx); 7844 os_free(new_bss); 7845 return -1; 7846 } 7847 7848 if (type == WPA_IF_AP_BSS) { 7849 if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1)) 7850 { 7851 nl80211_remove_iface(drv, ifidx); 7852 os_free(new_bss); 7853 return -1; 7854 } 7855 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 7856 os_memcpy(new_bss->addr, if_addr, ETH_ALEN); 7857 new_bss->ifindex = ifidx; 7858 new_bss->drv = drv; 7859 new_bss->next = drv->first_bss.next; 7860 new_bss->freq = drv->first_bss.freq; 7861 drv->first_bss.next = new_bss; 7862 if (drv_priv) 7863 *drv_priv = new_bss; 7864 nl80211_init_bss(new_bss); 7865 7866 /* Subscribe management frames for this WPA_IF_AP_BSS */ 7867 if (nl80211_setup_ap(new_bss)) 7868 return -1; 7869 } 7870#endif /* HOSTAPD */ 7871 7872 if (drv->global) 7873 drv->global->if_add_ifindex = ifidx; 7874 7875 return 0; 7876} 7877 7878 7879static int wpa_driver_nl80211_if_remove(void *priv, 7880 enum wpa_driver_if_type type, 7881 const char *ifname) 7882{ 7883 struct i802_bss *bss = priv; 7884 struct wpa_driver_nl80211_data *drv = bss->drv; 7885 int ifindex = if_nametoindex(ifname); 7886 7887 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d", 7888 __func__, type, ifname, ifindex); 7889 if (ifindex <= 0) 7890 return -1; 7891 7892#ifdef HOSTAPD 7893 if (bss->added_if_into_bridge) { 7894 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 7895 bss->ifname) < 0) 7896 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 7897 "interface %s from bridge %s: %s", 7898 bss->ifname, bss->brname, strerror(errno)); 7899 } 7900 if (bss->added_bridge) { 7901 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 7902 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 7903 "bridge %s: %s", 7904 bss->brname, strerror(errno)); 7905 } 7906#endif /* HOSTAPD */ 7907 7908 nl80211_remove_iface(drv, ifindex); 7909 7910#ifdef HOSTAPD 7911 if (type != WPA_IF_AP_BSS) 7912 return 0; 7913 7914 if (bss != &drv->first_bss) { 7915 struct i802_bss *tbss; 7916 7917 for (tbss = &drv->first_bss; tbss; tbss = tbss->next) { 7918 if (tbss->next == bss) { 7919 tbss->next = bss->next; 7920 /* Unsubscribe management frames */ 7921 nl80211_teardown_ap(bss); 7922 nl80211_destroy_bss(bss); 7923 os_free(bss); 7924 bss = NULL; 7925 break; 7926 } 7927 } 7928 if (bss) 7929 wpa_printf(MSG_INFO, "nl80211: %s - could not find " 7930 "BSS %p in the list", __func__, bss); 7931 } 7932#endif /* HOSTAPD */ 7933 7934 return 0; 7935} 7936 7937 7938static int cookie_handler(struct nl_msg *msg, void *arg) 7939{ 7940 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 7941 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 7942 u64 *cookie = arg; 7943 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 7944 genlmsg_attrlen(gnlh, 0), NULL); 7945 if (tb[NL80211_ATTR_COOKIE]) 7946 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 7947 return NL_SKIP; 7948} 7949 7950 7951static int nl80211_send_frame_cmd(struct i802_bss *bss, 7952 unsigned int freq, unsigned int wait, 7953 const u8 *buf, size_t buf_len, 7954 u64 *cookie_out, int no_cck, int no_ack, 7955 int offchanok) 7956{ 7957 struct wpa_driver_nl80211_data *drv = bss->drv; 7958 struct nl_msg *msg; 7959 u64 cookie; 7960 int ret = -1; 7961 7962 msg = nlmsg_alloc(); 7963 if (!msg) 7964 return -1; 7965 7966 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME); 7967 7968 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 7969 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 7970#ifndef ANDROID_P2P 7971 if (wait) 7972 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait); 7973#endif 7974 if (offchanok && (drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX)) 7975 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 7976 if (no_cck) 7977 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 7978 if (no_ack) 7979 NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK); 7980 7981 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf); 7982 7983 cookie = 0; 7984 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 7985 msg = NULL; 7986 if (ret) { 7987 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d " 7988 "(%s) (freq=%u wait=%u)", ret, strerror(-ret), 7989 freq, wait); 7990 goto nla_put_failure; 7991 } 7992 wpa_printf(MSG_DEBUG, "nl80211: Frame TX command accepted%s; " 7993 "cookie 0x%llx", no_ack ? " (no ACK)" : "", 7994 (long long unsigned int) cookie); 7995 7996 if (cookie_out) 7997 *cookie_out = no_ack ? (u64) -1 : cookie; 7998 7999nla_put_failure: 8000 nlmsg_free(msg); 8001 return ret; 8002} 8003 8004 8005static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq, 8006 unsigned int wait_time, 8007 const u8 *dst, const u8 *src, 8008 const u8 *bssid, 8009 const u8 *data, size_t data_len, 8010 int no_cck) 8011{ 8012 struct i802_bss *bss = priv; 8013 struct wpa_driver_nl80211_data *drv = bss->drv; 8014 int ret = -1; 8015 u8 *buf; 8016 struct ieee80211_hdr *hdr; 8017 8018 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, " 8019 "freq=%u MHz wait=%d ms no_cck=%d)", 8020 drv->ifindex, freq, wait_time, no_cck); 8021 8022 buf = os_zalloc(24 + data_len); 8023 if (buf == NULL) 8024 return ret; 8025 os_memcpy(buf + 24, data, data_len); 8026 hdr = (struct ieee80211_hdr *) buf; 8027 hdr->frame_control = 8028 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 8029 os_memcpy(hdr->addr1, dst, ETH_ALEN); 8030 os_memcpy(hdr->addr2, src, ETH_ALEN); 8031 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 8032 8033 if (is_ap_interface(drv->nlmode)) 8034 ret = wpa_driver_nl80211_send_mlme_freq(priv, buf, 8035 24 + data_len, 8036 0, freq, no_cck, 1, 8037 wait_time); 8038 else 8039 ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf, 8040 24 + data_len, 8041 &drv->send_action_cookie, 8042 no_cck, 0, 1); 8043 8044 os_free(buf); 8045 return ret; 8046} 8047 8048 8049static void wpa_driver_nl80211_send_action_cancel_wait(void *priv) 8050{ 8051 struct i802_bss *bss = priv; 8052 struct wpa_driver_nl80211_data *drv = bss->drv; 8053 struct nl_msg *msg; 8054 int ret; 8055 8056 msg = nlmsg_alloc(); 8057 if (!msg) 8058 return; 8059 8060 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL); 8061 8062 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8063 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie); 8064 8065 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8066 msg = NULL; 8067 if (ret) 8068 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d " 8069 "(%s)", ret, strerror(-ret)); 8070 8071 nla_put_failure: 8072 nlmsg_free(msg); 8073} 8074 8075 8076static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 8077 unsigned int duration) 8078{ 8079 struct i802_bss *bss = priv; 8080 struct wpa_driver_nl80211_data *drv = bss->drv; 8081 struct nl_msg *msg; 8082 int ret; 8083 u64 cookie; 8084 8085 msg = nlmsg_alloc(); 8086 if (!msg) 8087 return -1; 8088 8089 nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL); 8090 8091 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8092 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 8093 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 8094 8095 cookie = 0; 8096 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 8097 msg = NULL; 8098 if (ret == 0) { 8099 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 8100 "0x%llx for freq=%u MHz duration=%u", 8101 (long long unsigned int) cookie, freq, duration); 8102 drv->remain_on_chan_cookie = cookie; 8103 drv->pending_remain_on_chan = 1; 8104 return 0; 8105 } 8106 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 8107 "(freq=%d duration=%u): %d (%s)", 8108 freq, duration, ret, strerror(-ret)); 8109nla_put_failure: 8110 nlmsg_free(msg); 8111 return -1; 8112} 8113 8114 8115static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 8116{ 8117 struct i802_bss *bss = priv; 8118 struct wpa_driver_nl80211_data *drv = bss->drv; 8119 struct nl_msg *msg; 8120 int ret; 8121 8122 if (!drv->pending_remain_on_chan) { 8123 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 8124 "to cancel"); 8125 return -1; 8126 } 8127 8128 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 8129 "0x%llx", 8130 (long long unsigned int) drv->remain_on_chan_cookie); 8131 8132 msg = nlmsg_alloc(); 8133 if (!msg) 8134 return -1; 8135 8136 nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL); 8137 8138 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8139 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 8140 8141 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8142 msg = NULL; 8143 if (ret == 0) 8144 return 0; 8145 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 8146 "%d (%s)", ret, strerror(-ret)); 8147nla_put_failure: 8148 nlmsg_free(msg); 8149 return -1; 8150} 8151 8152 8153static int wpa_driver_nl80211_probe_req_report(void *priv, int report) 8154{ 8155 struct i802_bss *bss = priv; 8156 struct wpa_driver_nl80211_data *drv = bss->drv; 8157 8158 if (!report) { 8159 if (bss->nl_preq && drv->device_ap_sme && 8160 is_ap_interface(drv->nlmode)) { 8161 /* 8162 * Do not disable Probe Request reporting that was 8163 * enabled in nl80211_setup_ap(). 8164 */ 8165 wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of " 8166 "Probe Request reporting nl_preq=%p while " 8167 "in AP mode", bss->nl_preq); 8168 } else if (bss->nl_preq) { 8169 wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request " 8170 "reporting nl_preq=%p", bss->nl_preq); 8171 eloop_unregister_read_sock( 8172 nl_socket_get_fd(bss->nl_preq)); 8173 nl_destroy_handles(&bss->nl_preq); 8174 } 8175 return 0; 8176 } 8177 8178 if (bss->nl_preq) { 8179 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting " 8180 "already on! nl_preq=%p", bss->nl_preq); 8181 return 0; 8182 } 8183 8184 bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq"); 8185 if (bss->nl_preq == NULL) 8186 return -1; 8187 wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request " 8188 "reporting nl_preq=%p", bss->nl_preq); 8189 8190 if (nl80211_register_frame(bss, bss->nl_preq, 8191 (WLAN_FC_TYPE_MGMT << 2) | 8192 (WLAN_FC_STYPE_PROBE_REQ << 4), 8193 NULL, 0) < 0) 8194 goto out_err; 8195 8196 eloop_register_read_sock(nl_socket_get_fd(bss->nl_preq), 8197 wpa_driver_nl80211_event_receive, bss->nl_cb, 8198 bss->nl_preq); 8199 8200 return 0; 8201 8202 out_err: 8203 nl_destroy_handles(&bss->nl_preq); 8204 return -1; 8205} 8206 8207 8208static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 8209 int ifindex, int disabled) 8210{ 8211 struct nl_msg *msg; 8212 struct nlattr *bands, *band; 8213 int ret; 8214 8215 msg = nlmsg_alloc(); 8216 if (!msg) 8217 return -1; 8218 8219 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK); 8220 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 8221 8222 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 8223 if (!bands) 8224 goto nla_put_failure; 8225 8226 /* 8227 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 8228 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 8229 * rates. All 5 GHz rates are left enabled. 8230 */ 8231 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 8232 if (!band) 8233 goto nla_put_failure; 8234 if (disabled) { 8235 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 8236 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 8237 } 8238 nla_nest_end(msg, band); 8239 8240 nla_nest_end(msg, bands); 8241 8242 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8243 msg = NULL; 8244 if (ret) { 8245 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 8246 "(%s)", ret, strerror(-ret)); 8247 } 8248 8249 return ret; 8250 8251nla_put_failure: 8252 nlmsg_free(msg); 8253 return -1; 8254} 8255 8256 8257static int wpa_driver_nl80211_deinit_ap(void *priv) 8258{ 8259 struct i802_bss *bss = priv; 8260 struct wpa_driver_nl80211_data *drv = bss->drv; 8261 if (!is_ap_interface(drv->nlmode)) 8262 return -1; 8263 wpa_driver_nl80211_del_beacon(drv); 8264 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 8265} 8266 8267 8268static void wpa_driver_nl80211_resume(void *priv) 8269{ 8270 struct i802_bss *bss = priv; 8271 struct wpa_driver_nl80211_data *drv = bss->drv; 8272 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) { 8273 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on " 8274 "resume event"); 8275 } 8276} 8277 8278 8279static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 8280 const u8 *ies, size_t ies_len) 8281{ 8282 struct i802_bss *bss = priv; 8283 struct wpa_driver_nl80211_data *drv = bss->drv; 8284 int ret; 8285 u8 *data, *pos; 8286 size_t data_len; 8287 const u8 *own_addr = bss->addr; 8288 8289 if (action != 1) { 8290 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 8291 "action %d", action); 8292 return -1; 8293 } 8294 8295 /* 8296 * Action frame payload: 8297 * Category[1] = 6 (Fast BSS Transition) 8298 * Action[1] = 1 (Fast BSS Transition Request) 8299 * STA Address 8300 * Target AP Address 8301 * FT IEs 8302 */ 8303 8304 data_len = 2 + 2 * ETH_ALEN + ies_len; 8305 data = os_malloc(data_len); 8306 if (data == NULL) 8307 return -1; 8308 pos = data; 8309 *pos++ = 0x06; /* FT Action category */ 8310 *pos++ = action; 8311 os_memcpy(pos, own_addr, ETH_ALEN); 8312 pos += ETH_ALEN; 8313 os_memcpy(pos, target_ap, ETH_ALEN); 8314 pos += ETH_ALEN; 8315 os_memcpy(pos, ies, ies_len); 8316 8317 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0, 8318 drv->bssid, own_addr, drv->bssid, 8319 data, data_len, 0); 8320 os_free(data); 8321 8322 return ret; 8323} 8324 8325 8326static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 8327{ 8328 struct i802_bss *bss = priv; 8329 struct wpa_driver_nl80211_data *drv = bss->drv; 8330 struct nl_msg *msg, *cqm = NULL; 8331 8332 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 8333 "hysteresis=%d", threshold, hysteresis); 8334 8335 msg = nlmsg_alloc(); 8336 if (!msg) 8337 return -1; 8338 8339 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM); 8340 8341 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 8342 8343 cqm = nlmsg_alloc(); 8344 if (cqm == NULL) 8345 return -1; 8346 8347 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 8348 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 8349 nla_put_nested(msg, NL80211_ATTR_CQM, cqm); 8350 8351 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 8352 return 0; 8353 msg = NULL; 8354 8355nla_put_failure: 8356 nlmsg_free(cqm); 8357 nlmsg_free(msg); 8358 return -1; 8359} 8360 8361 8362static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si) 8363{ 8364 struct i802_bss *bss = priv; 8365 struct wpa_driver_nl80211_data *drv = bss->drv; 8366 int res; 8367 8368 os_memset(si, 0, sizeof(*si)); 8369 res = nl80211_get_link_signal(drv, si); 8370 if (res != 0) 8371 return res; 8372 8373 return nl80211_get_link_noise(drv, si); 8374} 8375 8376 8377static int wpa_driver_nl80211_shared_freq(void *priv) 8378{ 8379 struct i802_bss *bss = priv; 8380 struct wpa_driver_nl80211_data *drv = bss->drv; 8381 struct wpa_driver_nl80211_data *driver; 8382 int freq = 0; 8383 8384 /* 8385 * If the same PHY is in connected state with some other interface, 8386 * then retrieve the assoc freq. 8387 */ 8388 wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s", 8389 drv->phyname); 8390 8391 dl_list_for_each(driver, &drv->global->interfaces, 8392 struct wpa_driver_nl80211_data, list) { 8393 if (drv == driver || 8394 os_strcmp(drv->phyname, driver->phyname) != 0 || 8395#ifdef ANDROID_P2P 8396 (!driver->associated && !is_ap_interface(driver->nlmode))) 8397#else 8398 !driver->associated) 8399#endif 8400 continue; 8401 8402 wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s " 8403 MACSTR, 8404 driver->phyname, driver->first_bss.ifname, 8405 MAC2STR(driver->first_bss.addr)); 8406#ifdef ANDROID_P2P 8407 if(is_ap_interface(driver->nlmode)) 8408 freq = driver->first_bss.freq; 8409 else 8410#endif 8411 freq = nl80211_get_assoc_freq(driver); 8412 wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d", 8413 drv->phyname, freq); 8414 } 8415 8416 if (!freq) 8417 wpa_printf(MSG_DEBUG, "nl80211: No shared interface for " 8418 "PHY (%s) in associated state", drv->phyname); 8419 8420 return freq; 8421} 8422 8423 8424static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 8425 int encrypt) 8426{ 8427 struct i802_bss *bss = priv; 8428 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0, 8429 0, 0, 0, 0); 8430} 8431 8432 8433static int nl80211_set_param(void *priv, const char *param) 8434{ 8435 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param); 8436 if (param == NULL) 8437 return 0; 8438 8439#ifdef CONFIG_P2P 8440 if (os_strstr(param, "use_p2p_group_interface=1")) { 8441 struct i802_bss *bss = priv; 8442 struct wpa_driver_nl80211_data *drv = bss->drv; 8443 8444 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 8445 "interface"); 8446 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 8447 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 8448 } 8449#ifdef ANDROID_P2P 8450 if(os_strstr(param, "use_multi_chan_concurrent=1")) { 8451 struct i802_bss *bss = priv; 8452 struct wpa_driver_nl80211_data *drv = bss->drv; 8453 wpa_printf(MSG_DEBUG, "nl80211: Use Multi channel " 8454 "concurrency"); 8455 drv->capa.flags |= WPA_DRIVER_FLAGS_MULTI_CHANNEL_CONCURRENT; 8456 } 8457#endif 8458#endif /* CONFIG_P2P */ 8459 8460 return 0; 8461} 8462 8463 8464static void * nl80211_global_init(void) 8465{ 8466 struct nl80211_global *global; 8467 struct netlink_config *cfg; 8468 8469 global = os_zalloc(sizeof(*global)); 8470 if (global == NULL) 8471 return NULL; 8472 global->ioctl_sock = -1; 8473 dl_list_init(&global->interfaces); 8474 global->if_add_ifindex = -1; 8475 8476 cfg = os_zalloc(sizeof(*cfg)); 8477 if (cfg == NULL) 8478 goto err; 8479 8480 cfg->ctx = global; 8481 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 8482 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 8483 global->netlink = netlink_init(cfg); 8484 if (global->netlink == NULL) { 8485 os_free(cfg); 8486 goto err; 8487 } 8488 8489 if (wpa_driver_nl80211_init_nl_global(global) < 0) 8490 goto err; 8491 8492 global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 8493 if (global->ioctl_sock < 0) { 8494 perror("socket(PF_INET,SOCK_DGRAM)"); 8495 goto err; 8496 } 8497 8498 return global; 8499 8500err: 8501 nl80211_global_deinit(global); 8502 return NULL; 8503} 8504 8505 8506static void nl80211_global_deinit(void *priv) 8507{ 8508 struct nl80211_global *global = priv; 8509 if (global == NULL) 8510 return; 8511 if (!dl_list_empty(&global->interfaces)) { 8512 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at " 8513 "nl80211_global_deinit", 8514 dl_list_len(&global->interfaces)); 8515 } 8516 8517 if (global->netlink) 8518 netlink_deinit(global->netlink); 8519 8520 nl_destroy_handles(&global->nl); 8521 8522 if (global->nl_event) { 8523 eloop_unregister_read_sock( 8524 nl_socket_get_fd(global->nl_event)); 8525 nl_destroy_handles(&global->nl_event); 8526 } 8527 8528 nl_cb_put(global->nl_cb); 8529 8530 if (global->ioctl_sock >= 0) 8531 close(global->ioctl_sock); 8532 8533 os_free(global); 8534} 8535 8536 8537static const char * nl80211_get_radio_name(void *priv) 8538{ 8539 struct i802_bss *bss = priv; 8540 struct wpa_driver_nl80211_data *drv = bss->drv; 8541 return drv->phyname; 8542} 8543 8544 8545static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid, 8546 const u8 *pmkid) 8547{ 8548 struct nl_msg *msg; 8549 8550 msg = nlmsg_alloc(); 8551 if (!msg) 8552 return -ENOMEM; 8553 8554 nl80211_cmd(bss->drv, msg, 0, cmd); 8555 8556 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 8557 if (pmkid) 8558 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid); 8559 if (bssid) 8560 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 8561 8562 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 8563 nla_put_failure: 8564 nlmsg_free(msg); 8565 return -ENOBUFS; 8566} 8567 8568 8569static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 8570{ 8571 struct i802_bss *bss = priv; 8572 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid)); 8573 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid); 8574} 8575 8576 8577static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 8578{ 8579 struct i802_bss *bss = priv; 8580 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR, 8581 MAC2STR(bssid)); 8582 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid); 8583} 8584 8585 8586static int nl80211_flush_pmkid(void *priv) 8587{ 8588 struct i802_bss *bss = priv; 8589 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs"); 8590 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL); 8591} 8592 8593 8594static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck, 8595 const u8 *replay_ctr) 8596{ 8597 struct i802_bss *bss = priv; 8598 struct wpa_driver_nl80211_data *drv = bss->drv; 8599 struct nlattr *replay_nested; 8600 struct nl_msg *msg; 8601 8602 msg = nlmsg_alloc(); 8603 if (!msg) 8604 return; 8605 8606 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 8607 8608 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 8609 8610 replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 8611 if (!replay_nested) 8612 goto nla_put_failure; 8613 8614 NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek); 8615 NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck); 8616 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN, 8617 replay_ctr); 8618 8619 nla_nest_end(msg, replay_nested); 8620 8621 send_and_recv_msgs(drv, msg, NULL, NULL); 8622 return; 8623 nla_put_failure: 8624 nlmsg_free(msg); 8625} 8626 8627 8628static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr, 8629 const u8 *addr, int qos) 8630{ 8631 /* send data frame to poll STA and check whether 8632 * this frame is ACKed */ 8633 struct { 8634 struct ieee80211_hdr hdr; 8635 u16 qos_ctl; 8636 } STRUCT_PACKED nulldata; 8637 size_t size; 8638 8639 /* Send data frame to poll STA and check whether this frame is ACKed */ 8640 8641 os_memset(&nulldata, 0, sizeof(nulldata)); 8642 8643 if (qos) { 8644 nulldata.hdr.frame_control = 8645 IEEE80211_FC(WLAN_FC_TYPE_DATA, 8646 WLAN_FC_STYPE_QOS_NULL); 8647 size = sizeof(nulldata); 8648 } else { 8649 nulldata.hdr.frame_control = 8650 IEEE80211_FC(WLAN_FC_TYPE_DATA, 8651 WLAN_FC_STYPE_NULLFUNC); 8652 size = sizeof(struct ieee80211_hdr); 8653 } 8654 8655 nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS); 8656 os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN); 8657 os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 8658 os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 8659 8660 if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0) < 0) 8661 wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to " 8662 "send poll frame"); 8663} 8664 8665static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr, 8666 int qos) 8667{ 8668 struct i802_bss *bss = priv; 8669 struct wpa_driver_nl80211_data *drv = bss->drv; 8670 struct nl_msg *msg; 8671 8672 if (!drv->poll_command_supported) { 8673 nl80211_send_null_frame(bss, own_addr, addr, qos); 8674 return; 8675 } 8676 8677 msg = nlmsg_alloc(); 8678 if (!msg) 8679 return; 8680 8681 nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT); 8682 8683 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 8684 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8685 8686 send_and_recv_msgs(drv, msg, NULL, NULL); 8687 return; 8688 nla_put_failure: 8689 nlmsg_free(msg); 8690} 8691 8692 8693static int nl80211_set_power_save(struct i802_bss *bss, int enabled) 8694{ 8695 struct nl_msg *msg; 8696 8697 msg = nlmsg_alloc(); 8698 if (!msg) 8699 return -ENOMEM; 8700 8701 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_SET_POWER_SAVE); 8702 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 8703 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, 8704 enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED); 8705 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 8706nla_put_failure: 8707 nlmsg_free(msg); 8708 return -ENOBUFS; 8709} 8710 8711 8712static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps, 8713 int ctwindow) 8714{ 8715 struct i802_bss *bss = priv; 8716 8717 wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d " 8718 "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow); 8719 8720 if (opp_ps != -1 || ctwindow != -1) 8721#ifdef ANDROID_P2P 8722 wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow); 8723#else 8724 return -1; /* Not yet supported */ 8725#endif 8726 8727 if (legacy_ps == -1) 8728 return 0; 8729 if (legacy_ps != 0 && legacy_ps != 1) 8730 return -1; /* Not yet supported */ 8731 8732 return nl80211_set_power_save(bss, legacy_ps); 8733} 8734 8735 8736#ifdef CONFIG_TDLS 8737 8738static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code, 8739 u8 dialog_token, u16 status_code, 8740 const u8 *buf, size_t len) 8741{ 8742 struct i802_bss *bss = priv; 8743 struct wpa_driver_nl80211_data *drv = bss->drv; 8744 struct nl_msg *msg; 8745 8746 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 8747 return -EOPNOTSUPP; 8748 8749 if (!dst) 8750 return -EINVAL; 8751 8752 msg = nlmsg_alloc(); 8753 if (!msg) 8754 return -ENOMEM; 8755 8756 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT); 8757 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8758 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 8759 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code); 8760 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token); 8761 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code); 8762 NLA_PUT(msg, NL80211_ATTR_IE, len, buf); 8763 8764 return send_and_recv_msgs(drv, msg, NULL, NULL); 8765 8766nla_put_failure: 8767 nlmsg_free(msg); 8768 return -ENOBUFS; 8769} 8770 8771 8772static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer) 8773{ 8774 struct i802_bss *bss = priv; 8775 struct wpa_driver_nl80211_data *drv = bss->drv; 8776 struct nl_msg *msg; 8777 enum nl80211_tdls_operation nl80211_oper; 8778 8779 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 8780 return -EOPNOTSUPP; 8781 8782 switch (oper) { 8783 case TDLS_DISCOVERY_REQ: 8784 nl80211_oper = NL80211_TDLS_DISCOVERY_REQ; 8785 break; 8786 case TDLS_SETUP: 8787 nl80211_oper = NL80211_TDLS_SETUP; 8788 break; 8789 case TDLS_TEARDOWN: 8790 nl80211_oper = NL80211_TDLS_TEARDOWN; 8791 break; 8792 case TDLS_ENABLE_LINK: 8793 nl80211_oper = NL80211_TDLS_ENABLE_LINK; 8794 break; 8795 case TDLS_DISABLE_LINK: 8796 nl80211_oper = NL80211_TDLS_DISABLE_LINK; 8797 break; 8798 case TDLS_ENABLE: 8799 return 0; 8800 case TDLS_DISABLE: 8801 return 0; 8802 default: 8803 return -EINVAL; 8804 } 8805 8806 msg = nlmsg_alloc(); 8807 if (!msg) 8808 return -ENOMEM; 8809 8810 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER); 8811 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper); 8812 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8813 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer); 8814 8815 return send_and_recv_msgs(drv, msg, NULL, NULL); 8816 8817nla_put_failure: 8818 nlmsg_free(msg); 8819 return -ENOBUFS; 8820} 8821 8822#endif /* CONFIG TDLS */ 8823 8824 8825#ifdef ANDROID 8826 8827typedef struct android_wifi_priv_cmd { 8828 char *buf; 8829 int used_len; 8830 int total_len; 8831} android_wifi_priv_cmd; 8832 8833static int drv_errors = 0; 8834 8835static void wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data *drv) 8836{ 8837 drv_errors++; 8838 if (drv_errors > DRV_NUMBER_SEQUENTIAL_ERRORS) { 8839 drv_errors = 0; 8840 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED"); 8841 } 8842} 8843 8844 8845static int android_priv_cmd(struct i802_bss *bss, const char *cmd) 8846{ 8847 struct wpa_driver_nl80211_data *drv = bss->drv; 8848 struct ifreq ifr; 8849 android_wifi_priv_cmd priv_cmd; 8850 char buf[MAX_DRV_CMD_SIZE]; 8851 int ret; 8852 8853 os_memset(&ifr, 0, sizeof(ifr)); 8854 os_memset(&priv_cmd, 0, sizeof(priv_cmd)); 8855 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 8856 8857 os_memset(buf, 0, sizeof(buf)); 8858 os_strlcpy(buf, cmd, sizeof(buf)); 8859 8860 priv_cmd.buf = buf; 8861 priv_cmd.used_len = sizeof(buf); 8862 priv_cmd.total_len = sizeof(buf); 8863 ifr.ifr_data = &priv_cmd; 8864 8865 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 8866 if (ret < 0) { 8867 wpa_printf(MSG_ERROR, "%s: failed to issue private commands", 8868 __func__); 8869 wpa_driver_send_hang_msg(drv); 8870 return ret; 8871 } 8872 8873 drv_errors = 0; 8874 return 0; 8875} 8876 8877 8878static int android_pno_start(struct i802_bss *bss, 8879 struct wpa_driver_scan_params *params) 8880{ 8881 struct wpa_driver_nl80211_data *drv = bss->drv; 8882 struct ifreq ifr; 8883 android_wifi_priv_cmd priv_cmd; 8884 int ret = 0, i = 0, bp; 8885 char buf[WEXT_PNO_MAX_COMMAND_SIZE]; 8886 8887 bp = WEXT_PNOSETUP_HEADER_SIZE; 8888 os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp); 8889 buf[bp++] = WEXT_PNO_TLV_PREFIX; 8890 buf[bp++] = WEXT_PNO_TLV_VERSION; 8891 buf[bp++] = WEXT_PNO_TLV_SUBVERSION; 8892 buf[bp++] = WEXT_PNO_TLV_RESERVED; 8893 8894 while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) { 8895 /* Check that there is enough space needed for 1 more SSID, the 8896 * other sections and null termination */ 8897 if ((bp + WEXT_PNO_SSID_HEADER_SIZE + MAX_SSID_LEN + 8898 WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf)) 8899 break; 8900 wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan", 8901 params->ssids[i].ssid, 8902 params->ssids[i].ssid_len); 8903 buf[bp++] = WEXT_PNO_SSID_SECTION; 8904 buf[bp++] = params->ssids[i].ssid_len; 8905 os_memcpy(&buf[bp], params->ssids[i].ssid, 8906 params->ssids[i].ssid_len); 8907 bp += params->ssids[i].ssid_len; 8908 i++; 8909 } 8910 8911 buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION; 8912 os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x", 8913 WEXT_PNO_SCAN_INTERVAL); 8914 bp += WEXT_PNO_SCAN_INTERVAL_LENGTH; 8915 8916 buf[bp++] = WEXT_PNO_REPEAT_SECTION; 8917 os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x", 8918 WEXT_PNO_REPEAT); 8919 bp += WEXT_PNO_REPEAT_LENGTH; 8920 8921 buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION; 8922 os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x", 8923 WEXT_PNO_MAX_REPEAT); 8924 bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1; 8925 8926 memset(&ifr, 0, sizeof(ifr)); 8927 memset(&priv_cmd, 0, sizeof(priv_cmd)); 8928 os_strncpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 8929 8930 priv_cmd.buf = buf; 8931 priv_cmd.used_len = bp; 8932 priv_cmd.total_len = bp; 8933 ifr.ifr_data = &priv_cmd; 8934 8935 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 8936 8937 if (ret < 0) { 8938 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d", 8939 ret); 8940 wpa_driver_send_hang_msg(drv); 8941 return ret; 8942 } 8943 8944 drv_errors = 0; 8945 8946 return android_priv_cmd(bss, "PNOFORCE 1"); 8947} 8948 8949 8950static int android_pno_stop(struct i802_bss *bss) 8951{ 8952 return android_priv_cmd(bss, "PNOFORCE 0"); 8953} 8954 8955#endif /* ANDROID */ 8956 8957 8958const struct wpa_driver_ops wpa_driver_nl80211_ops = { 8959 .name = "nl80211", 8960 .desc = "Linux nl80211/cfg80211", 8961 .get_bssid = wpa_driver_nl80211_get_bssid, 8962 .get_ssid = wpa_driver_nl80211_get_ssid, 8963 .set_key = wpa_driver_nl80211_set_key, 8964 .scan2 = wpa_driver_nl80211_scan, 8965 .sched_scan = wpa_driver_nl80211_sched_scan, 8966 .stop_sched_scan = wpa_driver_nl80211_stop_sched_scan, 8967 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 8968 .deauthenticate = wpa_driver_nl80211_deauthenticate, 8969 .disassociate = wpa_driver_nl80211_disassociate, 8970 .authenticate = wpa_driver_nl80211_authenticate, 8971 .associate = wpa_driver_nl80211_associate, 8972 .global_init = nl80211_global_init, 8973 .global_deinit = nl80211_global_deinit, 8974 .init2 = wpa_driver_nl80211_init, 8975 .deinit = wpa_driver_nl80211_deinit, 8976 .get_capa = wpa_driver_nl80211_get_capa, 8977 .set_operstate = wpa_driver_nl80211_set_operstate, 8978 .set_supp_port = wpa_driver_nl80211_set_supp_port, 8979 .set_country = wpa_driver_nl80211_set_country, 8980 .set_ap = wpa_driver_nl80211_set_ap, 8981 .if_add = wpa_driver_nl80211_if_add, 8982 .if_remove = wpa_driver_nl80211_if_remove, 8983 .send_mlme = wpa_driver_nl80211_send_mlme, 8984 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 8985 .sta_add = wpa_driver_nl80211_sta_add, 8986 .sta_remove = wpa_driver_nl80211_sta_remove, 8987 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 8988 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 8989#ifdef HOSTAPD 8990 .hapd_init = i802_init, 8991 .hapd_deinit = i802_deinit, 8992 .set_wds_sta = i802_set_wds_sta, 8993#endif /* HOSTAPD */ 8994#if defined(HOSTAPD) || defined(CONFIG_AP) 8995 .get_seqnum = i802_get_seqnum, 8996 .flush = i802_flush, 8997 .read_sta_data = i802_read_sta_data, 8998 .get_inact_sec = i802_get_inact_sec, 8999 .sta_clear_stats = i802_sta_clear_stats, 9000 .set_rts = i802_set_rts, 9001 .set_frag = i802_set_frag, 9002 .set_tx_queue_params = i802_set_tx_queue_params, 9003 .set_sta_vlan = i802_set_sta_vlan, 9004 .sta_deauth = i802_sta_deauth, 9005 .sta_disassoc = i802_sta_disassoc, 9006#endif /* HOSTAPD || CONFIG_AP */ 9007 .set_freq = i802_set_freq, 9008 .send_action = wpa_driver_nl80211_send_action, 9009 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait, 9010 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 9011 .cancel_remain_on_channel = 9012 wpa_driver_nl80211_cancel_remain_on_channel, 9013 .probe_req_report = wpa_driver_nl80211_probe_req_report, 9014 .deinit_ap = wpa_driver_nl80211_deinit_ap, 9015 .resume = wpa_driver_nl80211_resume, 9016 .send_ft_action = nl80211_send_ft_action, 9017 .signal_monitor = nl80211_signal_monitor, 9018 .signal_poll = nl80211_signal_poll, 9019 .send_frame = nl80211_send_frame, 9020 .shared_freq = wpa_driver_nl80211_shared_freq, 9021 .set_param = nl80211_set_param, 9022 .get_radio_name = nl80211_get_radio_name, 9023 .add_pmkid = nl80211_add_pmkid, 9024 .remove_pmkid = nl80211_remove_pmkid, 9025 .flush_pmkid = nl80211_flush_pmkid, 9026 .set_rekey_info = nl80211_set_rekey_info, 9027 .poll_client = nl80211_poll_client, 9028 .set_p2p_powersave = nl80211_set_p2p_powersave, 9029#ifdef CONFIG_TDLS 9030 .send_tdls_mgmt = nl80211_send_tdls_mgmt, 9031 .tdls_oper = nl80211_tdls_oper, 9032#endif /* CONFIG_TDLS */ 9033#ifdef ANDROID_P2P 9034 .set_noa = wpa_driver_set_p2p_noa, 9035 .get_noa = wpa_driver_get_p2p_noa, 9036 .set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie, 9037#endif 9038#ifdef ANDROID 9039 .driver_cmd = wpa_driver_nl80211_driver_cmd, 9040#endif 9041}; 9042