driver_nl80211.c revision c55524ad84d13014e8019491c2b17e5dcf13545a
1/* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 * 13 * Alternatively, this software may be distributed under the terms of BSD 14 * license. 15 * 16 * See README and COPYING for more details. 17 */ 18 19#include "includes.h" 20#include <sys/ioctl.h> 21#include <sys/types.h> 22#include <sys/stat.h> 23#include <fcntl.h> 24#include <net/if.h> 25#include <netlink/genl/genl.h> 26#include <netlink/genl/family.h> 27#include <netlink/genl/ctrl.h> 28#include <linux/rtnetlink.h> 29#include <netpacket/packet.h> 30#include <linux/filter.h> 31#include "nl80211_copy.h" 32 33#include "common.h" 34#include "eloop.h" 35#include "utils/list.h" 36#include "common/ieee802_11_defs.h" 37#include "netlink.h" 38#include "linux_ioctl.h" 39#include "radiotap.h" 40#include "radiotap_iter.h" 41#include "rfkill.h" 42#include "driver.h" 43 44#ifdef CONFIG_LIBNL20 45/* libnl 2.0 compatibility code */ 46#define nl_handle nl_sock 47#define nl80211_handle_alloc nl_socket_alloc_cb 48#define nl80211_handle_destroy nl_socket_free 49#else 50/* 51 * libnl 1.1 has a bug, it tries to allocate socket numbers densely 52 * but when you free a socket again it will mess up its bitmap and 53 * and use the wrong number the next time it needs a socket ID. 54 * Therefore, we wrap the handle alloc/destroy and add our own pid 55 * accounting. 56 */ 57static uint32_t port_bitmap[32] = { 0 }; 58 59static struct nl_handle *nl80211_handle_alloc(void *cb) 60{ 61 struct nl_handle *handle; 62 uint32_t pid = getpid() & 0x3FFFFF; 63 int i; 64 65 handle = nl_handle_alloc_cb(cb); 66 67 for (i = 0; i < 1024; i++) { 68 if (port_bitmap[i / 32] & (1 << (i % 32))) 69 continue; 70 port_bitmap[i / 32] |= 1 << (i % 32); 71 pid += i << 22; 72 break; 73 } 74 75 nl_socket_set_local_port(handle, pid); 76 77 return handle; 78} 79 80static void nl80211_handle_destroy(struct nl_handle *handle) 81{ 82 uint32_t port = nl_socket_get_local_port(handle); 83 84 port >>= 22; 85 port_bitmap[port / 32] &= ~(1 << (port % 32)); 86 87 nl_handle_destroy(handle); 88} 89#endif /* CONFIG_LIBNL20 */ 90 91 92#ifndef IFF_LOWER_UP 93#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 94#endif 95#ifndef IFF_DORMANT 96#define IFF_DORMANT 0x20000 /* driver signals dormant */ 97#endif 98 99#ifndef IF_OPER_DORMANT 100#define IF_OPER_DORMANT 5 101#endif 102#ifndef IF_OPER_UP 103#define IF_OPER_UP 6 104#endif 105 106struct nl80211_global { 107 struct dl_list interfaces; 108}; 109 110struct i802_bss { 111 struct wpa_driver_nl80211_data *drv; 112 struct i802_bss *next; 113 int ifindex; 114 char ifname[IFNAMSIZ + 1]; 115 char brname[IFNAMSIZ]; 116 unsigned int beacon_set:1; 117 unsigned int added_if_into_bridge:1; 118 unsigned int added_bridge:1; 119}; 120 121struct wpa_driver_nl80211_data { 122 struct nl80211_global *global; 123 struct dl_list list; 124 u8 addr[ETH_ALEN]; 125 char phyname[32]; 126 void *ctx; 127 struct netlink_data *netlink; 128 int ioctl_sock; /* socket for ioctl() use */ 129 int ifindex; 130 int if_removed; 131 int if_disabled; 132 struct rfkill_data *rfkill; 133 struct wpa_driver_capa capa; 134 int has_capability; 135 136 int operstate; 137 138 int scan_complete_events; 139 140 struct nl_handle *nl_handle; 141 struct nl_handle *nl_handle_event; 142 struct nl_handle *nl_handle_preq; 143 struct nl_cache *nl_cache; 144 struct nl_cache *nl_cache_event; 145 struct nl_cache *nl_cache_preq; 146 struct nl_cb *nl_cb; 147 struct genl_family *nl80211; 148 149 u8 auth_bssid[ETH_ALEN]; 150 u8 bssid[ETH_ALEN]; 151 int associated; 152 u8 ssid[32]; 153 size_t ssid_len; 154 int nlmode; 155 int ap_scan_as_station; 156 unsigned int assoc_freq; 157 158 int monitor_sock; 159 int monitor_ifidx; 160 int no_monitor_iface_capab; 161 int disable_11b_rates; 162 163 unsigned int pending_remain_on_chan:1; 164 165 u64 remain_on_chan_cookie; 166 u64 send_action_cookie; 167 168 unsigned int last_mgmt_freq; 169 170 struct wpa_driver_scan_filter *filter_ssids; 171 size_t num_filter_ssids; 172 173 struct i802_bss first_bss; 174 175#ifdef HOSTAPD 176 int eapol_sock; /* socket for EAPOL frames */ 177 178 int default_if_indices[16]; 179 int *if_indices; 180 int num_if_indices; 181 182 int last_freq; 183 int last_freq_ht; 184#endif /* HOSTAPD */ 185}; 186 187 188static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 189 void *timeout_ctx); 190static int wpa_driver_nl80211_set_mode(void *priv, int mode); 191static int 192wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv); 193static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 194 const u8 *addr, int cmd, u16 reason_code, 195 int local_state_change); 196static void nl80211_remove_monitor_interface( 197 struct wpa_driver_nl80211_data *drv); 198static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv, 199 unsigned int freq, unsigned int wait, 200 const u8 *buf, size_t buf_len, u64 *cookie); 201static int wpa_driver_nl80211_probe_req_report(void *priv, int report); 202 203#ifdef HOSTAPD 204static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 205static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 206static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 207static int wpa_driver_nl80211_if_remove(void *priv, 208 enum wpa_driver_if_type type, 209 const char *ifname); 210#else /* HOSTAPD */ 211static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 212{ 213 return 0; 214} 215#endif /* HOSTAPD */ 216 217static int i802_set_freq(void *priv, struct hostapd_freq_params *freq); 218static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 219 int ifindex, int disabled); 220 221static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv); 222 223 224struct nl80211_bss_info_arg { 225 struct wpa_driver_nl80211_data *drv; 226 struct wpa_scan_results *res; 227 unsigned int assoc_freq; 228}; 229 230static int bss_info_handler(struct nl_msg *msg, void *arg); 231 232 233/* nl80211 code */ 234static int ack_handler(struct nl_msg *msg, void *arg) 235{ 236 int *err = arg; 237 *err = 0; 238 return NL_STOP; 239} 240 241static int finish_handler(struct nl_msg *msg, void *arg) 242{ 243 int *ret = arg; 244 *ret = 0; 245 return NL_SKIP; 246} 247 248static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 249 void *arg) 250{ 251 int *ret = arg; 252 *ret = err->error; 253 return NL_SKIP; 254} 255 256 257static int no_seq_check(struct nl_msg *msg, void *arg) 258{ 259 return NL_OK; 260} 261 262 263static int send_and_recv(struct wpa_driver_nl80211_data *drv, 264 struct nl_handle *nl_handle, struct nl_msg *msg, 265 int (*valid_handler)(struct nl_msg *, void *), 266 void *valid_data) 267{ 268 struct nl_cb *cb; 269 int err = -ENOMEM; 270 271 cb = nl_cb_clone(drv->nl_cb); 272 if (!cb) 273 goto out; 274 275 err = nl_send_auto_complete(nl_handle, msg); 276 if (err < 0) 277 goto out; 278 279 err = 1; 280 281 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 282 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 283 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 284 285 if (valid_handler) 286 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 287 valid_handler, valid_data); 288 289 while (err > 0) 290 nl_recvmsgs(nl_handle, cb); 291 out: 292 nl_cb_put(cb); 293 nlmsg_free(msg); 294 return err; 295} 296 297 298static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 299 struct nl_msg *msg, 300 int (*valid_handler)(struct nl_msg *, void *), 301 void *valid_data) 302{ 303 return send_and_recv(drv, drv->nl_handle, msg, valid_handler, 304 valid_data); 305} 306 307 308struct family_data { 309 const char *group; 310 int id; 311}; 312 313 314static int family_handler(struct nl_msg *msg, void *arg) 315{ 316 struct family_data *res = arg; 317 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 318 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 319 struct nlattr *mcgrp; 320 int i; 321 322 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 323 genlmsg_attrlen(gnlh, 0), NULL); 324 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 325 return NL_SKIP; 326 327 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 328 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 329 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 330 nla_len(mcgrp), NULL); 331 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 332 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 333 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 334 res->group, 335 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 336 continue; 337 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 338 break; 339 }; 340 341 return NL_SKIP; 342} 343 344 345static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv, 346 const char *family, const char *group) 347{ 348 struct nl_msg *msg; 349 int ret = -1; 350 struct family_data res = { group, -ENOENT }; 351 352 msg = nlmsg_alloc(); 353 if (!msg) 354 return -ENOMEM; 355 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"), 356 0, 0, CTRL_CMD_GETFAMILY, 0); 357 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 358 359 ret = send_and_recv_msgs(drv, msg, family_handler, &res); 360 msg = NULL; 361 if (ret == 0) 362 ret = res.id; 363 364nla_put_failure: 365 nlmsg_free(msg); 366 return ret; 367} 368 369 370static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 371{ 372 struct i802_bss *bss = priv; 373 struct wpa_driver_nl80211_data *drv = bss->drv; 374 if (!drv->associated) 375 return -1; 376 os_memcpy(bssid, drv->bssid, ETH_ALEN); 377 return 0; 378} 379 380 381static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 382{ 383 struct i802_bss *bss = priv; 384 struct wpa_driver_nl80211_data *drv = bss->drv; 385 if (!drv->associated) 386 return -1; 387 os_memcpy(ssid, drv->ssid, drv->ssid_len); 388 return drv->ssid_len; 389} 390 391 392static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv, 393 char *buf, size_t len, int del) 394{ 395 union wpa_event_data event; 396 397 os_memset(&event, 0, sizeof(event)); 398 if (len > sizeof(event.interface_status.ifname)) 399 len = sizeof(event.interface_status.ifname) - 1; 400 os_memcpy(event.interface_status.ifname, buf, len); 401 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 402 EVENT_INTERFACE_ADDED; 403 404 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 405 del ? "DEL" : "NEW", 406 event.interface_status.ifname, 407 del ? "removed" : "added"); 408 409 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) { 410 if (del) 411 drv->if_removed = 1; 412 else 413 drv->if_removed = 0; 414 } 415 416 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 417} 418 419 420static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 421 u8 *buf, size_t len) 422{ 423 int attrlen, rta_len; 424 struct rtattr *attr; 425 426 attrlen = len; 427 attr = (struct rtattr *) buf; 428 429 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 430 while (RTA_OK(attr, attrlen)) { 431 if (attr->rta_type == IFLA_IFNAME) { 432 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname) 433 == 0) 434 return 1; 435 else 436 break; 437 } 438 attr = RTA_NEXT(attr, attrlen); 439 } 440 441 return 0; 442} 443 444 445static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 446 int ifindex, u8 *buf, size_t len) 447{ 448 if (drv->ifindex == ifindex) 449 return 1; 450 451 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 452 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname); 453 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 454 "interface"); 455 wpa_driver_nl80211_finish_drv_init(drv); 456 return 1; 457 } 458 459 return 0; 460} 461 462 463static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 464 struct ifinfomsg *ifi, 465 u8 *buf, size_t len) 466{ 467 struct wpa_driver_nl80211_data *drv = ctx; 468 int attrlen, rta_len; 469 struct rtattr *attr; 470 u32 brid = 0; 471 472 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, buf, len) && 473 !have_ifidx(drv, ifi->ifi_index)) { 474 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign " 475 "ifindex %d", ifi->ifi_index); 476 return; 477 } 478 479 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 480 "(%s%s%s%s)", 481 drv->operstate, ifi->ifi_flags, 482 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 483 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 484 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 485 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 486 487 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 488 wpa_printf(MSG_DEBUG, "nl80211: Interface down"); 489 drv->if_disabled = 1; 490 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL); 491 } 492 493 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 494 wpa_printf(MSG_DEBUG, "nl80211: Interface up"); 495 drv->if_disabled = 0; 496 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL); 497 } 498 499 /* 500 * Some drivers send the association event before the operup event--in 501 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 502 * fails. This will hit us when wpa_supplicant does not need to do 503 * IEEE 802.1X authentication 504 */ 505 if (drv->operstate == 1 && 506 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 507 !(ifi->ifi_flags & IFF_RUNNING)) 508 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 509 -1, IF_OPER_UP); 510 511 attrlen = len; 512 attr = (struct rtattr *) buf; 513 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 514 while (RTA_OK(attr, attrlen)) { 515 if (attr->rta_type == IFLA_IFNAME) { 516 wpa_driver_nl80211_event_link( 517 drv, 518 ((char *) attr) + rta_len, 519 attr->rta_len - rta_len, 0); 520 } else if (attr->rta_type == IFLA_MASTER) 521 brid = nla_get_u32((struct nlattr *) attr); 522 attr = RTA_NEXT(attr, attrlen); 523 } 524 525#ifdef HOSTAPD 526 if (ifi->ifi_family == AF_BRIDGE && brid) { 527 /* device has been added to bridge */ 528 char namebuf[IFNAMSIZ]; 529 if_indextoname(brid, namebuf); 530 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 531 brid, namebuf); 532 add_ifidx(drv, brid); 533 } 534#endif /* HOSTAPD */ 535} 536 537 538static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 539 struct ifinfomsg *ifi, 540 u8 *buf, size_t len) 541{ 542 struct wpa_driver_nl80211_data *drv = ctx; 543 int attrlen, rta_len; 544 struct rtattr *attr; 545 u32 brid = 0; 546 547 attrlen = len; 548 attr = (struct rtattr *) buf; 549 550 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 551 while (RTA_OK(attr, attrlen)) { 552 if (attr->rta_type == IFLA_IFNAME) { 553 wpa_driver_nl80211_event_link( 554 drv, 555 ((char *) attr) + rta_len, 556 attr->rta_len - rta_len, 1); 557 } else if (attr->rta_type == IFLA_MASTER) 558 brid = nla_get_u32((struct nlattr *) attr); 559 attr = RTA_NEXT(attr, attrlen); 560 } 561 562#ifdef HOSTAPD 563 if (ifi->ifi_family == AF_BRIDGE && brid) { 564 /* device has been removed from bridge */ 565 char namebuf[IFNAMSIZ]; 566 if_indextoname(brid, namebuf); 567 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 568 "%s", brid, namebuf); 569 del_ifidx(drv, brid); 570 } 571#endif /* HOSTAPD */ 572} 573 574 575static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 576 const u8 *frame, size_t len) 577{ 578 const struct ieee80211_mgmt *mgmt; 579 union wpa_event_data event; 580 581 mgmt = (const struct ieee80211_mgmt *) frame; 582 if (len < 24 + sizeof(mgmt->u.auth)) { 583 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 584 "frame"); 585 return; 586 } 587 588 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 589 os_memset(&event, 0, sizeof(event)); 590 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 591 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 592 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 593 if (len > 24 + sizeof(mgmt->u.auth)) { 594 event.auth.ies = mgmt->u.auth.variable; 595 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 596 } 597 598 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 599} 600 601 602static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv) 603{ 604 struct nl_msg *msg; 605 int ret; 606 struct nl80211_bss_info_arg arg; 607 608 os_memset(&arg, 0, sizeof(arg)); 609 msg = nlmsg_alloc(); 610 if (!msg) 611 goto nla_put_failure; 612 613 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP, 614 NL80211_CMD_GET_SCAN, 0); 615 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 616 617 arg.drv = drv; 618 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 619 msg = NULL; 620 if (ret == 0) { 621 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the " 622 "associated BSS from scan results: %u MHz", 623 arg.assoc_freq); 624 return arg.assoc_freq ? arg.assoc_freq : drv->assoc_freq; 625 } 626 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 627 "(%s)", ret, strerror(-ret)); 628nla_put_failure: 629 nlmsg_free(msg); 630 return drv->assoc_freq; 631} 632 633 634static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 635 const u8 *frame, size_t len) 636{ 637 const struct ieee80211_mgmt *mgmt; 638 union wpa_event_data event; 639 u16 status; 640 641 mgmt = (const struct ieee80211_mgmt *) frame; 642 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 643 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 644 "frame"); 645 return; 646 } 647 648 status = le_to_host16(mgmt->u.assoc_resp.status_code); 649 if (status != WLAN_STATUS_SUCCESS) { 650 os_memset(&event, 0, sizeof(event)); 651 event.assoc_reject.bssid = mgmt->bssid; 652 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 653 event.assoc_reject.resp_ies = 654 (u8 *) mgmt->u.assoc_resp.variable; 655 event.assoc_reject.resp_ies_len = 656 len - 24 - sizeof(mgmt->u.assoc_resp); 657 } 658 event.assoc_reject.status_code = status; 659 660 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 661 return; 662 } 663 664 drv->associated = 1; 665 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 666 667 os_memset(&event, 0, sizeof(event)); 668 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 669 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 670 event.assoc_info.resp_ies_len = 671 len - 24 - sizeof(mgmt->u.assoc_resp); 672 } 673 674 event.assoc_info.freq = drv->assoc_freq; 675 676 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 677} 678 679 680static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 681 enum nl80211_commands cmd, struct nlattr *status, 682 struct nlattr *addr, struct nlattr *req_ie, 683 struct nlattr *resp_ie) 684{ 685 union wpa_event_data event; 686 687 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 688 /* 689 * Avoid reporting two association events that would confuse 690 * the core code. 691 */ 692 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 693 "when using userspace SME", cmd); 694 return; 695 } 696 697 os_memset(&event, 0, sizeof(event)); 698 if (cmd == NL80211_CMD_CONNECT && 699 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 700 if (addr) 701 event.assoc_reject.bssid = nla_data(addr); 702 if (resp_ie) { 703 event.assoc_reject.resp_ies = nla_data(resp_ie); 704 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 705 } 706 event.assoc_reject.status_code = nla_get_u16(status); 707 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 708 return; 709 } 710 711 drv->associated = 1; 712 if (addr) 713 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 714 715 if (req_ie) { 716 event.assoc_info.req_ies = nla_data(req_ie); 717 event.assoc_info.req_ies_len = nla_len(req_ie); 718 } 719 if (resp_ie) { 720 event.assoc_info.resp_ies = nla_data(resp_ie); 721 event.assoc_info.resp_ies_len = nla_len(resp_ie); 722 } 723 724 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 725 726 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 727} 728 729 730static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 731 enum nl80211_commands cmd, struct nlattr *addr) 732{ 733 union wpa_event_data event; 734 enum wpa_event_type ev; 735 736 if (nla_len(addr) != ETH_ALEN) 737 return; 738 739 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 740 cmd, MAC2STR((u8 *) nla_data(addr))); 741 742 if (cmd == NL80211_CMD_AUTHENTICATE) 743 ev = EVENT_AUTH_TIMED_OUT; 744 else if (cmd == NL80211_CMD_ASSOCIATE) 745 ev = EVENT_ASSOC_TIMED_OUT; 746 else 747 return; 748 749 os_memset(&event, 0, sizeof(event)); 750 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 751 wpa_supplicant_event(drv->ctx, ev, &event); 752} 753 754 755static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv, 756 struct nlattr *freq, const u8 *frame, size_t len) 757{ 758 const struct ieee80211_mgmt *mgmt; 759 union wpa_event_data event; 760 u16 fc, stype; 761 762 mgmt = (const struct ieee80211_mgmt *) frame; 763 if (len < 24) { 764 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame"); 765 return; 766 } 767 768 fc = le_to_host16(mgmt->frame_control); 769 stype = WLAN_FC_GET_STYPE(fc); 770 771 os_memset(&event, 0, sizeof(event)); 772 if (freq) { 773 event.rx_action.freq = nla_get_u32(freq); 774 drv->last_mgmt_freq = event.rx_action.freq; 775 } 776 if (stype == WLAN_FC_STYPE_ACTION) { 777 event.rx_action.da = mgmt->da; 778 event.rx_action.sa = mgmt->sa; 779 event.rx_action.bssid = mgmt->bssid; 780 event.rx_action.category = mgmt->u.action.category; 781 event.rx_action.data = &mgmt->u.action.category + 1; 782 event.rx_action.len = frame + len - event.rx_action.data; 783 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event); 784 } else { 785 event.rx_mgmt.frame = frame; 786 event.rx_mgmt.frame_len = len; 787 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 788 } 789} 790 791 792static void mlme_event_action_tx_status(struct wpa_driver_nl80211_data *drv, 793 struct nlattr *cookie, const u8 *frame, 794 size_t len, struct nlattr *ack) 795{ 796 union wpa_event_data event; 797 const struct ieee80211_hdr *hdr; 798 u16 fc; 799 u64 cookie_val; 800 801 if (!cookie) 802 return; 803 804 cookie_val = nla_get_u64(cookie); 805 wpa_printf(MSG_DEBUG, "nl80211: Action TX status: cookie=0%llx%s " 806 "(ack=%d)", 807 (long long unsigned int) cookie_val, 808 cookie_val == drv->send_action_cookie ? 809 " (match)" : " (unknown)", ack != NULL); 810 if (cookie_val != drv->send_action_cookie) 811 return; 812 813 hdr = (const struct ieee80211_hdr *) frame; 814 fc = le_to_host16(hdr->frame_control); 815 816 os_memset(&event, 0, sizeof(event)); 817 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 818 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 819 event.tx_status.dst = hdr->addr1; 820 event.tx_status.data = frame; 821 event.tx_status.data_len = len; 822 event.tx_status.ack = ack != NULL; 823 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 824} 825 826 827static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 828 enum wpa_event_type type, 829 const u8 *frame, size_t len) 830{ 831 const struct ieee80211_mgmt *mgmt; 832 union wpa_event_data event; 833 const u8 *bssid = NULL; 834 u16 reason_code = 0; 835 836 mgmt = (const struct ieee80211_mgmt *) frame; 837 if (len >= 24) { 838 bssid = mgmt->bssid; 839 840 if (drv->associated != 0 && 841 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 842 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 843 /* 844 * We have presumably received this deauth as a 845 * response to a clear_state_mismatch() outgoing 846 * deauth. Don't let it take us offline! 847 */ 848 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 849 "from Unknown BSSID " MACSTR " -- ignoring", 850 MAC2STR(bssid)); 851 return; 852 } 853 } 854 855 drv->associated = 0; 856 os_memset(&event, 0, sizeof(event)); 857 858 /* Note: Same offset for Reason Code in both frame subtypes */ 859 if (len >= 24 + sizeof(mgmt->u.deauth)) 860 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 861 862 if (type == EVENT_DISASSOC) { 863 event.disassoc_info.addr = bssid; 864 event.disassoc_info.reason_code = reason_code; 865 if (frame + len > mgmt->u.disassoc.variable) { 866 event.disassoc_info.ie = mgmt->u.disassoc.variable; 867 event.disassoc_info.ie_len = frame + len - 868 mgmt->u.disassoc.variable; 869 } 870 } else { 871 event.deauth_info.addr = bssid; 872 event.deauth_info.reason_code = reason_code; 873 if (frame + len > mgmt->u.deauth.variable) { 874 event.deauth_info.ie = mgmt->u.deauth.variable; 875 event.deauth_info.ie_len = frame + len - 876 mgmt->u.deauth.variable; 877 } 878 } 879 880 wpa_supplicant_event(drv->ctx, type, &event); 881} 882 883 884static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 885 enum wpa_event_type type, 886 const u8 *frame, size_t len) 887{ 888 const struct ieee80211_mgmt *mgmt; 889 union wpa_event_data event; 890 u16 reason_code = 0; 891 892 if (len < 24) 893 return; 894 895 mgmt = (const struct ieee80211_mgmt *) frame; 896 897 os_memset(&event, 0, sizeof(event)); 898 /* Note: Same offset for Reason Code in both frame subtypes */ 899 if (len >= 24 + sizeof(mgmt->u.deauth)) 900 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 901 902 if (type == EVENT_UNPROT_DISASSOC) { 903 event.unprot_disassoc.sa = mgmt->sa; 904 event.unprot_disassoc.da = mgmt->da; 905 event.unprot_disassoc.reason_code = reason_code; 906 } else { 907 event.unprot_deauth.sa = mgmt->sa; 908 event.unprot_deauth.da = mgmt->da; 909 event.unprot_deauth.reason_code = reason_code; 910 } 911 912 wpa_supplicant_event(drv->ctx, type, &event); 913} 914 915 916static void mlme_event(struct wpa_driver_nl80211_data *drv, 917 enum nl80211_commands cmd, struct nlattr *frame, 918 struct nlattr *addr, struct nlattr *timed_out, 919 struct nlattr *freq, struct nlattr *ack, 920 struct nlattr *cookie) 921{ 922 if (timed_out && addr) { 923 mlme_timeout_event(drv, cmd, addr); 924 return; 925 } 926 927 if (frame == NULL) { 928 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame " 929 "data", cmd); 930 return; 931 } 932 933 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd); 934 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 935 nla_data(frame), nla_len(frame)); 936 937 switch (cmd) { 938 case NL80211_CMD_AUTHENTICATE: 939 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 940 break; 941 case NL80211_CMD_ASSOCIATE: 942 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 943 break; 944 case NL80211_CMD_DEAUTHENTICATE: 945 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 946 nla_data(frame), nla_len(frame)); 947 break; 948 case NL80211_CMD_DISASSOCIATE: 949 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 950 nla_data(frame), nla_len(frame)); 951 break; 952 case NL80211_CMD_FRAME: 953 mlme_event_mgmt(drv, freq, nla_data(frame), nla_len(frame)); 954 break; 955 case NL80211_CMD_FRAME_TX_STATUS: 956 mlme_event_action_tx_status(drv, cookie, nla_data(frame), 957 nla_len(frame), ack); 958 break; 959 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 960 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 961 nla_data(frame), nla_len(frame)); 962 break; 963 case NL80211_CMD_UNPROT_DISASSOCIATE: 964 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 965 nla_data(frame), nla_len(frame)); 966 break; 967 default: 968 break; 969 } 970} 971 972 973static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv, 974 struct nlattr *tb[]) 975{ 976 union wpa_event_data data; 977 978 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 979 os_memset(&data, 0, sizeof(data)); 980 if (tb[NL80211_ATTR_MAC]) { 981 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 982 nla_data(tb[NL80211_ATTR_MAC]), 983 nla_len(tb[NL80211_ATTR_MAC])); 984 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 985 } 986 if (tb[NL80211_ATTR_KEY_SEQ]) { 987 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 988 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 989 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 990 } 991 if (tb[NL80211_ATTR_KEY_TYPE]) { 992 enum nl80211_key_type key_type = 993 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 994 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 995 if (key_type == NL80211_KEYTYPE_PAIRWISE) 996 data.michael_mic_failure.unicast = 1; 997 } else 998 data.michael_mic_failure.unicast = 1; 999 1000 if (tb[NL80211_ATTR_KEY_IDX]) { 1001 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 1002 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 1003 } 1004 1005 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 1006} 1007 1008 1009static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 1010 struct nlattr *tb[]) 1011{ 1012 if (tb[NL80211_ATTR_MAC] == NULL) { 1013 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 1014 "event"); 1015 return; 1016 } 1017 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1018 drv->associated = 1; 1019 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 1020 MAC2STR(drv->bssid)); 1021 1022 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 1023} 1024 1025 1026static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 1027 int cancel_event, struct nlattr *tb[]) 1028{ 1029 unsigned int freq, chan_type, duration; 1030 union wpa_event_data data; 1031 u64 cookie; 1032 1033 if (tb[NL80211_ATTR_WIPHY_FREQ]) 1034 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 1035 else 1036 freq = 0; 1037 1038 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 1039 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1040 else 1041 chan_type = 0; 1042 1043 if (tb[NL80211_ATTR_DURATION]) 1044 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 1045 else 1046 duration = 0; 1047 1048 if (tb[NL80211_ATTR_COOKIE]) 1049 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 1050 else 1051 cookie = 0; 1052 1053 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 1054 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 1055 cancel_event, freq, chan_type, duration, 1056 (long long unsigned int) cookie, 1057 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 1058 1059 if (cookie != drv->remain_on_chan_cookie) 1060 return; /* not for us */ 1061 1062 drv->pending_remain_on_chan = !cancel_event; 1063 1064 os_memset(&data, 0, sizeof(data)); 1065 data.remain_on_channel.freq = freq; 1066 data.remain_on_channel.duration = duration; 1067 wpa_supplicant_event(drv->ctx, cancel_event ? 1068 EVENT_CANCEL_REMAIN_ON_CHANNEL : 1069 EVENT_REMAIN_ON_CHANNEL, &data); 1070} 1071 1072 1073static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 1074 struct nlattr *tb[]) 1075{ 1076 union wpa_event_data event; 1077 struct nlattr *nl; 1078 int rem; 1079 struct scan_info *info; 1080#define MAX_REPORT_FREQS 50 1081 int freqs[MAX_REPORT_FREQS]; 1082 int num_freqs = 0; 1083 1084 os_memset(&event, 0, sizeof(event)); 1085 info = &event.scan_info; 1086 info->aborted = aborted; 1087 1088 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 1089 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 1090 struct wpa_driver_scan_ssid *s = 1091 &info->ssids[info->num_ssids]; 1092 s->ssid = nla_data(nl); 1093 s->ssid_len = nla_len(nl); 1094 info->num_ssids++; 1095 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 1096 break; 1097 } 1098 } 1099 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 1100 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 1101 { 1102 freqs[num_freqs] = nla_get_u32(nl); 1103 num_freqs++; 1104 if (num_freqs == MAX_REPORT_FREQS - 1) 1105 break; 1106 } 1107 info->freqs = freqs; 1108 info->num_freqs = num_freqs; 1109 } 1110 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 1111} 1112 1113 1114static int get_link_signal(struct nl_msg *msg, void *arg) 1115{ 1116 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1117 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1118 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1]; 1119 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = { 1120 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 }, 1121 }; 1122 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1]; 1123 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = { 1124 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 }, 1125 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 }, 1126 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG }, 1127 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG }, 1128 }; 1129 struct wpa_signal_info *sig_change = arg; 1130 1131 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1132 genlmsg_attrlen(gnlh, 0), NULL); 1133 if (!tb[NL80211_ATTR_STA_INFO] || 1134 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX, 1135 tb[NL80211_ATTR_STA_INFO], policy)) 1136 return NL_SKIP; 1137 if (!sinfo[NL80211_STA_INFO_SIGNAL]) 1138 return NL_SKIP; 1139 1140 sig_change->current_signal = 1141 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]); 1142 1143 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) { 1144 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX, 1145 sinfo[NL80211_STA_INFO_TX_BITRATE], 1146 rate_policy)) { 1147 sig_change->current_txrate = 0; 1148 } else { 1149 if (rinfo[NL80211_RATE_INFO_BITRATE]) { 1150 sig_change->current_txrate = 1151 nla_get_u16(rinfo[ 1152 NL80211_RATE_INFO_BITRATE]) * 100; 1153 } 1154 } 1155 } 1156 1157 return NL_SKIP; 1158} 1159 1160 1161static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, 1162 struct wpa_signal_info *sig) 1163{ 1164 struct nl_msg *msg; 1165 1166 sig->current_signal = -9999; 1167 sig->current_txrate = 0; 1168 1169 msg = nlmsg_alloc(); 1170 if (!msg) 1171 return -ENOMEM; 1172 1173 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1174 0, NL80211_CMD_GET_STATION, 0); 1175 1176 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1177 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 1178 1179 return send_and_recv_msgs(drv, msg, get_link_signal, sig); 1180 nla_put_failure: 1181 return -ENOBUFS; 1182} 1183 1184 1185static int get_link_noise(struct nl_msg *msg, void *arg) 1186{ 1187 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1188 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1189 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 1190 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 1191 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 1192 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 1193 }; 1194 struct wpa_signal_info *sig_change = arg; 1195 1196 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1197 genlmsg_attrlen(gnlh, 0), NULL); 1198 1199 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 1200 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!"); 1201 return NL_SKIP; 1202 } 1203 1204 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 1205 tb[NL80211_ATTR_SURVEY_INFO], 1206 survey_policy)) { 1207 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested " 1208 "attributes!"); 1209 return NL_SKIP; 1210 } 1211 1212 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 1213 return NL_SKIP; 1214 1215 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 1216 sig_change->frequency) 1217 return NL_SKIP; 1218 1219 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 1220 return NL_SKIP; 1221 1222 sig_change->current_noise = 1223 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 1224 1225 return NL_SKIP; 1226} 1227 1228 1229static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, 1230 struct wpa_signal_info *sig_change) 1231{ 1232 struct nl_msg *msg; 1233 1234 sig_change->current_noise = 9999; 1235 sig_change->frequency = drv->assoc_freq; 1236 1237 msg = nlmsg_alloc(); 1238 if (!msg) 1239 return -ENOMEM; 1240 1241 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1242 NLM_F_DUMP, NL80211_CMD_GET_SURVEY, 0); 1243 1244 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1245 1246 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change); 1247 nla_put_failure: 1248 return -ENOBUFS; 1249} 1250 1251 1252static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 1253 struct nlattr *tb[]) 1254{ 1255 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 1256 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 1257 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 1258 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 1259 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 1260 }; 1261 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 1262 enum nl80211_cqm_rssi_threshold_event event; 1263 union wpa_event_data ed; 1264 struct wpa_signal_info sig; 1265 int res; 1266 1267 if (tb[NL80211_ATTR_CQM] == NULL || 1268 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 1269 cqm_policy)) { 1270 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 1271 return; 1272 } 1273 1274 os_memset(&ed, 0, sizeof(ed)); 1275 1276 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 1277 if (!tb[NL80211_ATTR_MAC]) 1278 return; 1279 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 1280 ETH_ALEN); 1281 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 1282 return; 1283 } 1284 1285 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 1286 return; 1287 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 1288 1289 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 1290 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1291 "event: RSSI high"); 1292 ed.signal_change.above_threshold = 1; 1293 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 1294 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1295 "event: RSSI low"); 1296 ed.signal_change.above_threshold = 0; 1297 } else 1298 return; 1299 1300 res = nl80211_get_link_signal(drv, &sig); 1301 if (res == 0) { 1302 ed.signal_change.current_signal = sig.current_signal; 1303 ed.signal_change.current_txrate = sig.current_txrate; 1304 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 1305 sig.current_signal, sig.current_txrate); 1306 } 1307 1308 res = nl80211_get_link_noise(drv, &sig); 1309 if (res == 0) { 1310 ed.signal_change.current_noise = sig.current_noise; 1311 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 1312 sig.current_noise); 1313 } 1314 1315 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 1316} 1317 1318 1319static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 1320 struct nlattr **tb) 1321{ 1322 u8 *addr; 1323 union wpa_event_data data; 1324 1325 if (tb[NL80211_ATTR_MAC] == NULL) 1326 return; 1327 addr = nla_data(tb[NL80211_ATTR_MAC]); 1328 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 1329 1330 if (drv->nlmode == NL80211_IFTYPE_AP && 1331 drv->no_monitor_iface_capab) { 1332 u8 *ies = NULL; 1333 size_t ies_len = 0; 1334 if (tb[NL80211_ATTR_IE]) { 1335 ies = nla_data(tb[NL80211_ATTR_IE]); 1336 ies_len = nla_len(tb[NL80211_ATTR_IE]); 1337 } 1338 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 1339 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0); 1340 return; 1341 } 1342 1343 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1344 return; 1345 1346 os_memset(&data, 0, sizeof(data)); 1347 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 1348 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data); 1349} 1350 1351 1352static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 1353 struct nlattr **tb) 1354{ 1355 u8 *addr; 1356 union wpa_event_data data; 1357 1358 if (tb[NL80211_ATTR_MAC] == NULL) 1359 return; 1360 addr = nla_data(tb[NL80211_ATTR_MAC]); 1361 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 1362 MAC2STR(addr)); 1363 1364 if (drv->nlmode == NL80211_IFTYPE_AP && 1365 drv->no_monitor_iface_capab) { 1366 drv_event_disassoc(drv->ctx, addr); 1367 return; 1368 } 1369 1370 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1371 return; 1372 1373 os_memset(&data, 0, sizeof(data)); 1374 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 1375 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 1376} 1377 1378 1379static int process_event(struct nl_msg *msg, void *arg) 1380{ 1381 struct wpa_driver_nl80211_data *drv = arg; 1382 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1383 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1384 union wpa_event_data data; 1385 1386 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1387 genlmsg_attrlen(gnlh, 0), NULL); 1388 1389 if (tb[NL80211_ATTR_IFINDEX]) { 1390 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 1391 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) { 1392 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)" 1393 " for foreign interface (ifindex %d)", 1394 gnlh->cmd, ifindex); 1395 return NL_SKIP; 1396 } 1397 } 1398 1399 if (drv->ap_scan_as_station && 1400 (gnlh->cmd == NL80211_CMD_NEW_SCAN_RESULTS || 1401 gnlh->cmd == NL80211_CMD_SCAN_ABORTED)) { 1402 wpa_driver_nl80211_set_mode(&drv->first_bss, 1403 IEEE80211_MODE_AP); 1404 drv->ap_scan_as_station = 0; 1405 } 1406 1407 switch (gnlh->cmd) { 1408 case NL80211_CMD_TRIGGER_SCAN: 1409 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger"); 1410 break; 1411 case NL80211_CMD_NEW_SCAN_RESULTS: 1412 wpa_printf(MSG_DEBUG, "nl80211: New scan results available"); 1413 drv->scan_complete_events = 1; 1414 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1415 drv->ctx); 1416 send_scan_event(drv, 0, tb); 1417 break; 1418 case NL80211_CMD_SCAN_ABORTED: 1419 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted"); 1420 /* 1421 * Need to indicate that scan results are available in order 1422 * not to make wpa_supplicant stop its scanning. 1423 */ 1424 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1425 drv->ctx); 1426 send_scan_event(drv, 1, tb); 1427 break; 1428 case NL80211_CMD_AUTHENTICATE: 1429 case NL80211_CMD_ASSOCIATE: 1430 case NL80211_CMD_DEAUTHENTICATE: 1431 case NL80211_CMD_DISASSOCIATE: 1432 case NL80211_CMD_FRAME: 1433 case NL80211_CMD_FRAME_TX_STATUS: 1434 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1435 case NL80211_CMD_UNPROT_DISASSOCIATE: 1436 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME], 1437 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 1438 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 1439 tb[NL80211_ATTR_COOKIE]); 1440 break; 1441 case NL80211_CMD_CONNECT: 1442 case NL80211_CMD_ROAM: 1443 mlme_event_connect(drv, gnlh->cmd, 1444 tb[NL80211_ATTR_STATUS_CODE], 1445 tb[NL80211_ATTR_MAC], 1446 tb[NL80211_ATTR_REQ_IE], 1447 tb[NL80211_ATTR_RESP_IE]); 1448 break; 1449 case NL80211_CMD_DISCONNECT: 1450 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1451 /* 1452 * Avoid reporting two disassociation events that could 1453 * confuse the core code. 1454 */ 1455 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1456 "event when using userspace SME"); 1457 break; 1458 } 1459 drv->associated = 0; 1460 os_memset(&data, 0, sizeof(data)); 1461 if (tb[NL80211_ATTR_REASON_CODE]) 1462 data.disassoc_info.reason_code = 1463 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 1464 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data); 1465 break; 1466 case NL80211_CMD_MICHAEL_MIC_FAILURE: 1467 mlme_event_michael_mic_failure(drv, tb); 1468 break; 1469 case NL80211_CMD_JOIN_IBSS: 1470 mlme_event_join_ibss(drv, tb); 1471 break; 1472 case NL80211_CMD_REMAIN_ON_CHANNEL: 1473 mlme_event_remain_on_channel(drv, 0, tb); 1474 break; 1475 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 1476 mlme_event_remain_on_channel(drv, 1, tb); 1477 break; 1478 case NL80211_CMD_NOTIFY_CQM: 1479 nl80211_cqm_event(drv, tb); 1480 break; 1481 case NL80211_CMD_REG_CHANGE: 1482 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 1483 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 1484 NULL); 1485 break; 1486 case NL80211_CMD_REG_BEACON_HINT: 1487 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 1488 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 1489 NULL); 1490 break; 1491 case NL80211_CMD_NEW_STATION: 1492 nl80211_new_station_event(drv, tb); 1493 break; 1494 case NL80211_CMD_DEL_STATION: 1495 nl80211_del_station_event(drv, tb); 1496 break; 1497 default: 1498 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 1499 "(cmd=%d)", gnlh->cmd); 1500 break; 1501 } 1502 1503 return NL_SKIP; 1504} 1505 1506 1507static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 1508 void *handle) 1509{ 1510 struct nl_cb *cb; 1511 struct wpa_driver_nl80211_data *drv = eloop_ctx; 1512 1513 wpa_printf(MSG_DEBUG, "nl80211: Event message available"); 1514 1515 cb = nl_cb_clone(drv->nl_cb); 1516 if (!cb) 1517 return; 1518 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 1519 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv); 1520 nl_recvmsgs(handle, cb); 1521 nl_cb_put(cb); 1522} 1523 1524 1525/** 1526 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 1527 * @priv: driver_nl80211 private data 1528 * @alpha2_arg: country to which to switch to 1529 * Returns: 0 on success, -1 on failure 1530 * 1531 * This asks nl80211 to set the regulatory domain for given 1532 * country ISO / IEC alpha2. 1533 */ 1534static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 1535{ 1536 struct i802_bss *bss = priv; 1537 struct wpa_driver_nl80211_data *drv = bss->drv; 1538 char alpha2[3]; 1539 struct nl_msg *msg; 1540 1541 msg = nlmsg_alloc(); 1542 if (!msg) 1543 return -ENOMEM; 1544 1545 alpha2[0] = alpha2_arg[0]; 1546 alpha2[1] = alpha2_arg[1]; 1547 alpha2[2] = '\0'; 1548 1549 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1550 0, NL80211_CMD_REQ_SET_REG, 0); 1551 1552 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 1553 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 1554 return -EINVAL; 1555 return 0; 1556nla_put_failure: 1557 return -EINVAL; 1558} 1559 1560 1561struct wiphy_info_data { 1562 int max_scan_ssids; 1563 int ap_supported; 1564 int p2p_supported; 1565 int auth_supported; 1566 int connect_supported; 1567 int offchan_tx_supported; 1568 int max_remain_on_chan; 1569}; 1570 1571 1572static int wiphy_info_handler(struct nl_msg *msg, void *arg) 1573{ 1574 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1575 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1576 struct wiphy_info_data *info = arg; 1577 int p2p_go_supported = 0, p2p_client_supported = 0; 1578 1579 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1580 genlmsg_attrlen(gnlh, 0), NULL); 1581 1582 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 1583 info->max_scan_ssids = 1584 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 1585 1586 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) { 1587 struct nlattr *nl_mode; 1588 int i; 1589 nla_for_each_nested(nl_mode, 1590 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) { 1591 switch (nla_type(nl_mode)) { 1592 case NL80211_IFTYPE_AP: 1593 info->ap_supported = 1; 1594 break; 1595 case NL80211_IFTYPE_P2P_GO: 1596 p2p_go_supported = 1; 1597 break; 1598 case NL80211_IFTYPE_P2P_CLIENT: 1599 p2p_client_supported = 1; 1600 break; 1601 } 1602 } 1603 } 1604 1605 info->p2p_supported = p2p_go_supported && p2p_client_supported; 1606 1607 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) { 1608 struct nlattr *nl_cmd; 1609 int i; 1610 1611 nla_for_each_nested(nl_cmd, 1612 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) { 1613 u32 cmd = nla_get_u32(nl_cmd); 1614 if (cmd == NL80211_CMD_AUTHENTICATE) 1615 info->auth_supported = 1; 1616 else if (cmd == NL80211_CMD_CONNECT) 1617 info->connect_supported = 1; 1618 } 1619 } 1620 1621 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) 1622 info->offchan_tx_supported = 1; 1623 1624 if (tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]) 1625 info->max_remain_on_chan = 1626 nla_get_u32(tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]); 1627 1628 return NL_SKIP; 1629} 1630 1631 1632static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 1633 struct wiphy_info_data *info) 1634{ 1635 struct nl_msg *msg; 1636 1637 os_memset(info, 0, sizeof(*info)); 1638 1639 /* default to 5000 since early versions of mac80211 don't set it */ 1640 info->max_remain_on_chan = 5000; 1641 1642 msg = nlmsg_alloc(); 1643 if (!msg) 1644 return -1; 1645 1646 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1647 0, NL80211_CMD_GET_WIPHY, 0); 1648 1649 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex); 1650 1651 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0) 1652 return 0; 1653 msg = NULL; 1654nla_put_failure: 1655 nlmsg_free(msg); 1656 return -1; 1657} 1658 1659 1660static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 1661{ 1662 struct wiphy_info_data info; 1663 if (wpa_driver_nl80211_get_info(drv, &info)) 1664 return -1; 1665 drv->has_capability = 1; 1666 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */ 1667 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 1668 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 1669 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 1670 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 1671 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 | 1672 WPA_DRIVER_CAPA_ENC_WEP104 | 1673 WPA_DRIVER_CAPA_ENC_TKIP | 1674 WPA_DRIVER_CAPA_ENC_CCMP; 1675 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 1676 WPA_DRIVER_AUTH_SHARED | 1677 WPA_DRIVER_AUTH_LEAP; 1678 1679 drv->capa.max_scan_ssids = info.max_scan_ssids; 1680 if (info.ap_supported) 1681 drv->capa.flags |= WPA_DRIVER_FLAGS_AP; 1682 1683 if (info.auth_supported) 1684 drv->capa.flags |= WPA_DRIVER_FLAGS_SME; 1685 else if (!info.connect_supported) { 1686 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 1687 "authentication/association or connect commands"); 1688 return -1; 1689 } 1690 1691 if (info.offchan_tx_supported) { 1692 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based " 1693 "off-channel TX"); 1694 drv->capa.flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 1695 } 1696 1697 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES; 1698 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 1699 if (info.p2p_supported) 1700 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE; 1701 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 1702 drv->capa.max_remain_on_chan = info.max_remain_on_chan; 1703 1704 return 0; 1705} 1706 1707 1708static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) 1709{ 1710 int ret; 1711 1712 /* Initialize generic netlink and nl80211 */ 1713 1714 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 1715 if (drv->nl_cb == NULL) { 1716 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1717 "callbacks"); 1718 goto err1; 1719 } 1720 1721 drv->nl_handle = nl80211_handle_alloc(drv->nl_cb); 1722 if (drv->nl_handle == NULL) { 1723 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1724 "callbacks"); 1725 goto err2; 1726 } 1727 1728 drv->nl_handle_event = nl80211_handle_alloc(drv->nl_cb); 1729 if (drv->nl_handle_event == NULL) { 1730 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1731 "callbacks (event)"); 1732 goto err2b; 1733 } 1734 1735 if (genl_connect(drv->nl_handle)) { 1736 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 1737 "netlink"); 1738 goto err3; 1739 } 1740 1741 if (genl_connect(drv->nl_handle_event)) { 1742 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 1743 "netlink (event)"); 1744 goto err3; 1745 } 1746 1747#ifdef CONFIG_LIBNL20 1748 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) { 1749 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1750 "netlink cache"); 1751 goto err3; 1752 } 1753 if (genl_ctrl_alloc_cache(drv->nl_handle_event, &drv->nl_cache_event) < 1754 0) { 1755 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1756 "netlink cache (event)"); 1757 goto err3b; 1758 } 1759#else /* CONFIG_LIBNL20 */ 1760 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle); 1761 if (drv->nl_cache == NULL) { 1762 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1763 "netlink cache"); 1764 goto err3; 1765 } 1766 drv->nl_cache_event = genl_ctrl_alloc_cache(drv->nl_handle_event); 1767 if (drv->nl_cache_event == NULL) { 1768 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1769 "netlink cache (event)"); 1770 goto err3b; 1771 } 1772#endif /* CONFIG_LIBNL20 */ 1773 1774 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211"); 1775 if (drv->nl80211 == NULL) { 1776 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 1777 "found"); 1778 goto err4; 1779 } 1780 1781 ret = nl_get_multicast_id(drv, "nl80211", "scan"); 1782 if (ret >= 0) 1783 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1784 if (ret < 0) { 1785 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 1786 "membership for scan events: %d (%s)", 1787 ret, strerror(-ret)); 1788 goto err4; 1789 } 1790 1791 ret = nl_get_multicast_id(drv, "nl80211", "mlme"); 1792 if (ret >= 0) 1793 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1794 if (ret < 0) { 1795 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 1796 "membership for mlme events: %d (%s)", 1797 ret, strerror(-ret)); 1798 goto err4; 1799 } 1800 1801 ret = nl_get_multicast_id(drv, "nl80211", "regulatory"); 1802 if (ret >= 0) 1803 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1804 if (ret < 0) { 1805 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 1806 "membership for regulatory events: %d (%s)", 1807 ret, strerror(-ret)); 1808 /* Continue without regulatory events */ 1809 } 1810 1811 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_event), 1812 wpa_driver_nl80211_event_receive, drv, 1813 drv->nl_handle_event); 1814 1815 return 0; 1816 1817err4: 1818 nl_cache_free(drv->nl_cache_event); 1819err3b: 1820 nl_cache_free(drv->nl_cache); 1821err3: 1822 nl80211_handle_destroy(drv->nl_handle_event); 1823err2b: 1824 nl80211_handle_destroy(drv->nl_handle); 1825err2: 1826 nl_cb_put(drv->nl_cb); 1827err1: 1828 return -1; 1829} 1830 1831 1832static void wpa_driver_nl80211_rfkill_blocked(void *ctx) 1833{ 1834 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); 1835 /* 1836 * This may be for any interface; use ifdown event to disable 1837 * interface. 1838 */ 1839} 1840 1841 1842static void wpa_driver_nl80211_rfkill_unblocked(void *ctx) 1843{ 1844 struct wpa_driver_nl80211_data *drv = ctx; 1845 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked"); 1846 if (linux_set_iface_flags(drv->ioctl_sock, drv->first_bss.ifname, 1)) { 1847 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP " 1848 "after rfkill unblock"); 1849 return; 1850 } 1851 /* rtnetlink ifup handler will report interface as enabled */ 1852} 1853 1854 1855static void nl80211_get_phy_name(struct wpa_driver_nl80211_data *drv) 1856{ 1857 /* Find phy (radio) to which this interface belongs */ 1858 char buf[90], *pos; 1859 int f, rv; 1860 1861 drv->phyname[0] = '\0'; 1862 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name", 1863 drv->first_bss.ifname); 1864 f = open(buf, O_RDONLY); 1865 if (f < 0) { 1866 wpa_printf(MSG_DEBUG, "Could not open file %s: %s", 1867 buf, strerror(errno)); 1868 return; 1869 } 1870 1871 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1); 1872 close(f); 1873 if (rv < 0) { 1874 wpa_printf(MSG_DEBUG, "Could not read file %s: %s", 1875 buf, strerror(errno)); 1876 return; 1877 } 1878 1879 drv->phyname[rv] = '\0'; 1880 pos = os_strchr(drv->phyname, '\n'); 1881 if (pos) 1882 *pos = '\0'; 1883 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s", 1884 drv->first_bss.ifname, drv->phyname); 1885} 1886 1887 1888/** 1889 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 1890 * @ctx: context to be used when calling wpa_supplicant functions, 1891 * e.g., wpa_supplicant_event() 1892 * @ifname: interface name, e.g., wlan0 1893 * @global_priv: private driver global data from global_init() 1894 * Returns: Pointer to private data, %NULL on failure 1895 */ 1896static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, 1897 void *global_priv) 1898{ 1899 struct wpa_driver_nl80211_data *drv; 1900 struct netlink_config *cfg; 1901 struct rfkill_config *rcfg; 1902 struct i802_bss *bss; 1903 1904 drv = os_zalloc(sizeof(*drv)); 1905 if (drv == NULL) 1906 return NULL; 1907 drv->global = global_priv; 1908 drv->ctx = ctx; 1909 bss = &drv->first_bss; 1910 bss->drv = drv; 1911 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 1912 drv->monitor_ifidx = -1; 1913 drv->monitor_sock = -1; 1914 drv->ioctl_sock = -1; 1915 1916 if (wpa_driver_nl80211_init_nl(drv)) { 1917 os_free(drv); 1918 return NULL; 1919 } 1920 1921 nl80211_get_phy_name(drv); 1922 1923 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 1924 if (drv->ioctl_sock < 0) { 1925 perror("socket(PF_INET,SOCK_DGRAM)"); 1926 goto failed; 1927 } 1928 1929 cfg = os_zalloc(sizeof(*cfg)); 1930 if (cfg == NULL) 1931 goto failed; 1932 cfg->ctx = drv; 1933 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 1934 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 1935 drv->netlink = netlink_init(cfg); 1936 if (drv->netlink == NULL) { 1937 os_free(cfg); 1938 goto failed; 1939 } 1940 1941 rcfg = os_zalloc(sizeof(*rcfg)); 1942 if (rcfg == NULL) 1943 goto failed; 1944 rcfg->ctx = drv; 1945 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 1946 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked; 1947 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked; 1948 drv->rfkill = rfkill_init(rcfg); 1949 if (drv->rfkill == NULL) { 1950 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available"); 1951 os_free(rcfg); 1952 } 1953 1954 if (wpa_driver_nl80211_finish_drv_init(drv)) 1955 goto failed; 1956 1957 if (drv->global) 1958 dl_list_add(&drv->global->interfaces, &drv->list); 1959 1960 return bss; 1961 1962failed: 1963 rfkill_deinit(drv->rfkill); 1964 netlink_deinit(drv->netlink); 1965 if (drv->ioctl_sock >= 0) 1966 close(drv->ioctl_sock); 1967 1968 genl_family_put(drv->nl80211); 1969 nl_cache_free(drv->nl_cache); 1970 nl80211_handle_destroy(drv->nl_handle); 1971 nl_cb_put(drv->nl_cb); 1972 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 1973 1974 os_free(drv); 1975 return NULL; 1976} 1977 1978 1979static int nl80211_register_frame(struct wpa_driver_nl80211_data *drv, 1980 struct nl_handle *nl_handle, 1981 u16 type, const u8 *match, size_t match_len) 1982{ 1983 struct nl_msg *msg; 1984 int ret = -1; 1985 1986 msg = nlmsg_alloc(); 1987 if (!msg) 1988 return -1; 1989 1990 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 1991 NL80211_CMD_REGISTER_ACTION, 0); 1992 1993 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1994 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type); 1995 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 1996 1997 ret = send_and_recv(drv, nl_handle, msg, NULL, NULL); 1998 msg = NULL; 1999 if (ret) { 2000 wpa_printf(MSG_DEBUG, "nl80211: Register frame command " 2001 "failed (type=%u): ret=%d (%s)", 2002 type, ret, strerror(-ret)); 2003 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 2004 match, match_len); 2005 goto nla_put_failure; 2006 } 2007 ret = 0; 2008nla_put_failure: 2009 nlmsg_free(msg); 2010 return ret; 2011} 2012 2013 2014static int nl80211_register_action_frame(struct wpa_driver_nl80211_data *drv, 2015 const u8 *match, size_t match_len) 2016{ 2017 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4); 2018 return nl80211_register_frame(drv, drv->nl_handle_event, 2019 type, match, match_len); 2020} 2021 2022 2023static int nl80211_register_action_frames(struct wpa_driver_nl80211_data *drv) 2024{ 2025#ifdef CONFIG_P2P 2026 /* GAS Initial Request */ 2027 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0a", 2) < 0) 2028 return -1; 2029 /* GAS Initial Response */ 2030 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0b", 2) < 0) 2031 return -1; 2032 /* GAS Comeback Request */ 2033 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0c", 2) < 0) 2034 return -1; 2035 /* GAS Comeback Response */ 2036 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0d", 2) < 0) 2037 return -1; 2038 /* P2P Public Action */ 2039 if (nl80211_register_action_frame(drv, 2040 (u8 *) "\x04\x09\x50\x6f\x9a\x09", 2041 6) < 0) 2042 return -1; 2043 /* P2P Action */ 2044 if (nl80211_register_action_frame(drv, 2045 (u8 *) "\x7f\x50\x6f\x9a\x09", 2046 5) < 0) 2047 return -1; 2048#endif /* CONFIG_P2P */ 2049#ifdef CONFIG_IEEE80211W 2050 /* SA Query Response */ 2051 if (nl80211_register_action_frame(drv, (u8 *) "\x08\x01", 2) < 0) 2052 return -1; 2053#endif /* CONFIG_IEEE80211W */ 2054 2055 /* FT Action frames */ 2056 if (nl80211_register_action_frame(drv, (u8 *) "\x06", 1) < 0) 2057 return -1; 2058 else 2059 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 2060 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 2061 2062 return 0; 2063} 2064 2065 2066static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx) 2067{ 2068 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 2069} 2070 2071 2072static int 2073wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv) 2074{ 2075 struct i802_bss *bss = &drv->first_bss; 2076 int send_rfkill_event = 0; 2077 2078 drv->ifindex = if_nametoindex(bss->ifname); 2079 drv->first_bss.ifindex = drv->ifindex; 2080 2081#ifndef HOSTAPD 2082 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA) < 0) { 2083 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to " 2084 "use managed mode"); 2085 } 2086 2087 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) { 2088 if (rfkill_is_blocked(drv->rfkill)) { 2089 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable " 2090 "interface '%s' due to rfkill", 2091 bss->ifname); 2092 drv->if_disabled = 1; 2093 send_rfkill_event = 1; 2094 } else { 2095 wpa_printf(MSG_ERROR, "nl80211: Could not set " 2096 "interface '%s' UP", bss->ifname); 2097 return -1; 2098 } 2099 } 2100 2101 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 2102 1, IF_OPER_DORMANT); 2103#endif /* HOSTAPD */ 2104 2105 if (wpa_driver_nl80211_capa(drv)) 2106 return -1; 2107 2108 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, drv->addr)) 2109 return -1; 2110 2111 if (nl80211_register_action_frames(drv) < 0) { 2112 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 2113 "frame processing - ignore for now"); 2114 /* 2115 * Older kernel versions did not support this, so ignore the 2116 * error for now. Some functionality may not be available 2117 * because of this. 2118 */ 2119 } 2120 2121 if (send_rfkill_event) { 2122 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill, 2123 drv, drv->ctx); 2124 } 2125 2126 return 0; 2127} 2128 2129 2130static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 2131{ 2132 struct nl_msg *msg; 2133 2134 msg = nlmsg_alloc(); 2135 if (!msg) 2136 return -ENOMEM; 2137 2138 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2139 0, NL80211_CMD_DEL_BEACON, 0); 2140 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2141 2142 return send_and_recv_msgs(drv, msg, NULL, NULL); 2143 nla_put_failure: 2144 return -ENOBUFS; 2145} 2146 2147 2148/** 2149 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 2150 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init() 2151 * 2152 * Shut down driver interface and processing of driver events. Free 2153 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 2154 */ 2155static void wpa_driver_nl80211_deinit(void *priv) 2156{ 2157 struct i802_bss *bss = priv; 2158 struct wpa_driver_nl80211_data *drv = bss->drv; 2159 2160 if (drv->nl_handle_preq) 2161 wpa_driver_nl80211_probe_req_report(bss, 0); 2162 if (bss->added_if_into_bridge) { 2163 if (linux_br_del_if(drv->ioctl_sock, bss->brname, bss->ifname) 2164 < 0) 2165 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 2166 "interface %s from bridge %s: %s", 2167 bss->ifname, bss->brname, strerror(errno)); 2168 } 2169 if (bss->added_bridge) { 2170 if (linux_br_del(drv->ioctl_sock, bss->brname) < 0) 2171 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 2172 "bridge %s: %s", 2173 bss->brname, strerror(errno)); 2174 } 2175 2176 nl80211_remove_monitor_interface(drv); 2177 2178 if (drv->nlmode == NL80211_IFTYPE_AP) 2179 wpa_driver_nl80211_del_beacon(drv); 2180 2181#ifdef HOSTAPD 2182 if (drv->last_freq_ht) { 2183 /* Clear HT flags from the driver */ 2184 struct hostapd_freq_params freq; 2185 os_memset(&freq, 0, sizeof(freq)); 2186 freq.freq = drv->last_freq; 2187 i802_set_freq(priv, &freq); 2188 } 2189 2190 if (drv->eapol_sock >= 0) { 2191 eloop_unregister_read_sock(drv->eapol_sock); 2192 close(drv->eapol_sock); 2193 } 2194 2195 if (drv->if_indices != drv->default_if_indices) 2196 os_free(drv->if_indices); 2197#endif /* HOSTAPD */ 2198 2199 if (drv->disable_11b_rates) 2200 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 2201 2202 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP); 2203 netlink_deinit(drv->netlink); 2204 rfkill_deinit(drv->rfkill); 2205 2206 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 2207 2208 (void) linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0); 2209 wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA); 2210 2211 if (drv->ioctl_sock >= 0) 2212 close(drv->ioctl_sock); 2213 2214 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 2215 genl_family_put(drv->nl80211); 2216 nl_cache_free(drv->nl_cache); 2217 nl_cache_free(drv->nl_cache_event); 2218 nl80211_handle_destroy(drv->nl_handle); 2219 nl80211_handle_destroy(drv->nl_handle_event); 2220 nl_cb_put(drv->nl_cb); 2221 2222 os_free(drv->filter_ssids); 2223 2224 if (drv->global) 2225 dl_list_del(&drv->list); 2226 2227 os_free(drv); 2228} 2229 2230 2231/** 2232 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 2233 * @eloop_ctx: Driver private data 2234 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 2235 * 2236 * This function can be used as registered timeout when starting a scan to 2237 * generate a scan completed event if the driver does not report this. 2238 */ 2239static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 2240{ 2241 struct wpa_driver_nl80211_data *drv = eloop_ctx; 2242 if (drv->ap_scan_as_station) { 2243 wpa_driver_nl80211_set_mode(&drv->first_bss, 2244 IEEE80211_MODE_AP); 2245 drv->ap_scan_as_station = 0; 2246 } 2247 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 2248 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 2249} 2250 2251 2252/** 2253 * wpa_driver_nl80211_scan - Request the driver to initiate scan 2254 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 2255 * @params: Scan parameters 2256 * Returns: 0 on success, -1 on failure 2257 */ 2258static int wpa_driver_nl80211_scan(void *priv, 2259 struct wpa_driver_scan_params *params) 2260{ 2261 struct i802_bss *bss = priv; 2262 struct wpa_driver_nl80211_data *drv = bss->drv; 2263 int ret = 0, timeout; 2264 struct nl_msg *msg, *ssids, *freqs; 2265 size_t i; 2266 2267 msg = nlmsg_alloc(); 2268 ssids = nlmsg_alloc(); 2269 freqs = nlmsg_alloc(); 2270 if (!msg || !ssids || !freqs) { 2271 nlmsg_free(msg); 2272 nlmsg_free(ssids); 2273 nlmsg_free(freqs); 2274 return -1; 2275 } 2276 2277 os_free(drv->filter_ssids); 2278 drv->filter_ssids = params->filter_ssids; 2279 params->filter_ssids = NULL; 2280 drv->num_filter_ssids = params->num_filter_ssids; 2281 2282 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 2283 NL80211_CMD_TRIGGER_SCAN, 0); 2284 2285 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2286 2287 for (i = 0; i < params->num_ssids; i++) { 2288 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 2289 params->ssids[i].ssid, 2290 params->ssids[i].ssid_len); 2291 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len, 2292 params->ssids[i].ssid); 2293 } 2294 if (params->num_ssids) 2295 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids); 2296 2297 if (params->extra_ies) { 2298 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan extra IEs", 2299 params->extra_ies, params->extra_ies_len); 2300 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len, 2301 params->extra_ies); 2302 } 2303 2304 if (params->freqs) { 2305 for (i = 0; params->freqs[i]; i++) { 2306 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 2307 "MHz", params->freqs[i]); 2308 NLA_PUT_U32(freqs, i + 1, params->freqs[i]); 2309 } 2310 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs); 2311 } 2312 2313 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2314 msg = NULL; 2315 if (ret) { 2316 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 2317 "(%s)", ret, strerror(-ret)); 2318#ifdef HOSTAPD 2319 if (drv->nlmode == NL80211_IFTYPE_AP) { 2320 /* 2321 * mac80211 does not allow scan requests in AP mode, so 2322 * try to do this in station mode. 2323 */ 2324 if (wpa_driver_nl80211_set_mode(bss, 2325 IEEE80211_MODE_INFRA)) 2326 goto nla_put_failure; 2327 2328 if (wpa_driver_nl80211_scan(drv, params)) { 2329 wpa_driver_nl80211_set_mode(bss, 2330 IEEE80211_MODE_AP); 2331 goto nla_put_failure; 2332 } 2333 2334 /* Restore AP mode when processing scan results */ 2335 drv->ap_scan_as_station = 1; 2336 ret = 0; 2337 } else 2338 goto nla_put_failure; 2339#else /* HOSTAPD */ 2340 goto nla_put_failure; 2341#endif /* HOSTAPD */ 2342 } 2343 2344 /* Not all drivers generate "scan completed" wireless event, so try to 2345 * read results after a timeout. */ 2346 timeout = 10; 2347 if (drv->scan_complete_events) { 2348 /* 2349 * The driver seems to deliver events to notify when scan is 2350 * complete, so use longer timeout to avoid race conditions 2351 * with scanning and following association request. 2352 */ 2353 timeout = 30; 2354 } 2355 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 2356 "seconds", ret, timeout); 2357 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 2358 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 2359 drv, drv->ctx); 2360 2361nla_put_failure: 2362 nlmsg_free(ssids); 2363 nlmsg_free(msg); 2364 nlmsg_free(freqs); 2365 return ret; 2366} 2367 2368 2369static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 2370{ 2371 const u8 *end, *pos; 2372 2373 if (ies == NULL) 2374 return NULL; 2375 2376 pos = ies; 2377 end = ies + ies_len; 2378 2379 while (pos + 1 < end) { 2380 if (pos + 2 + pos[1] > end) 2381 break; 2382 if (pos[0] == ie) 2383 return pos; 2384 pos += 2 + pos[1]; 2385 } 2386 2387 return NULL; 2388} 2389 2390 2391static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 2392 const u8 *ie, size_t ie_len) 2393{ 2394 const u8 *ssid; 2395 size_t i; 2396 2397 if (drv->filter_ssids == NULL) 2398 return 0; 2399 2400 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 2401 if (ssid == NULL) 2402 return 1; 2403 2404 for (i = 0; i < drv->num_filter_ssids; i++) { 2405 if (ssid[1] == drv->filter_ssids[i].ssid_len && 2406 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 2407 0) 2408 return 0; 2409 } 2410 2411 return 1; 2412} 2413 2414 2415static int bss_info_handler(struct nl_msg *msg, void *arg) 2416{ 2417 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2418 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2419 struct nlattr *bss[NL80211_BSS_MAX + 1]; 2420 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 2421 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 2422 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 2423 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 2424 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 2425 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 2426 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 2427 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 2428 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 2429 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 2430 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 2431 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 2432 }; 2433 struct nl80211_bss_info_arg *_arg = arg; 2434 struct wpa_scan_results *res = _arg->res; 2435 struct wpa_scan_res **tmp; 2436 struct wpa_scan_res *r; 2437 const u8 *ie, *beacon_ie; 2438 size_t ie_len, beacon_ie_len; 2439 u8 *pos; 2440 size_t i; 2441 2442 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2443 genlmsg_attrlen(gnlh, 0), NULL); 2444 if (!tb[NL80211_ATTR_BSS]) 2445 return NL_SKIP; 2446 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 2447 bss_policy)) 2448 return NL_SKIP; 2449 if (bss[NL80211_BSS_STATUS]) { 2450 enum nl80211_bss_status status; 2451 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 2452 if (status == NL80211_BSS_STATUS_ASSOCIATED && 2453 bss[NL80211_BSS_FREQUENCY]) { 2454 _arg->assoc_freq = 2455 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 2456 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz", 2457 _arg->assoc_freq); 2458 } 2459 } 2460 if (!res) 2461 return NL_SKIP; 2462 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 2463 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 2464 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 2465 } else { 2466 ie = NULL; 2467 ie_len = 0; 2468 } 2469 if (bss[NL80211_BSS_BEACON_IES]) { 2470 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 2471 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 2472 } else { 2473 beacon_ie = NULL; 2474 beacon_ie_len = 0; 2475 } 2476 2477 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 2478 ie ? ie_len : beacon_ie_len)) 2479 return NL_SKIP; 2480 2481 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 2482 if (r == NULL) 2483 return NL_SKIP; 2484 if (bss[NL80211_BSS_BSSID]) 2485 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 2486 ETH_ALEN); 2487 if (bss[NL80211_BSS_FREQUENCY]) 2488 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 2489 if (bss[NL80211_BSS_BEACON_INTERVAL]) 2490 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 2491 if (bss[NL80211_BSS_CAPABILITY]) 2492 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 2493 r->flags |= WPA_SCAN_NOISE_INVALID; 2494 if (bss[NL80211_BSS_SIGNAL_MBM]) { 2495 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 2496 r->level /= 100; /* mBm to dBm */ 2497 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 2498 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 2499 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 2500 r->flags |= WPA_SCAN_LEVEL_INVALID; 2501 } else 2502 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 2503 if (bss[NL80211_BSS_TSF]) 2504 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 2505 if (bss[NL80211_BSS_SEEN_MS_AGO]) 2506 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 2507 r->ie_len = ie_len; 2508 pos = (u8 *) (r + 1); 2509 if (ie) { 2510 os_memcpy(pos, ie, ie_len); 2511 pos += ie_len; 2512 } 2513 r->beacon_ie_len = beacon_ie_len; 2514 if (beacon_ie) 2515 os_memcpy(pos, beacon_ie, beacon_ie_len); 2516 2517 if (bss[NL80211_BSS_STATUS]) { 2518 enum nl80211_bss_status status; 2519 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 2520 switch (status) { 2521 case NL80211_BSS_STATUS_AUTHENTICATED: 2522 r->flags |= WPA_SCAN_AUTHENTICATED; 2523 break; 2524 case NL80211_BSS_STATUS_ASSOCIATED: 2525 r->flags |= WPA_SCAN_ASSOCIATED; 2526 break; 2527 default: 2528 break; 2529 } 2530 } 2531 2532 /* 2533 * cfg80211 maintains separate BSS table entries for APs if the same 2534 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does 2535 * not use frequency as a separate key in the BSS table, so filter out 2536 * duplicated entries. Prefer associated BSS entry in such a case in 2537 * order to get the correct frequency into the BSS table. 2538 */ 2539 for (i = 0; i < res->num; i++) { 2540 const u8 *s1, *s2; 2541 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0) 2542 continue; 2543 2544 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1), 2545 res->res[i]->ie_len, WLAN_EID_SSID); 2546 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID); 2547 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] || 2548 os_memcmp(s1, s2, 2 + s1[1]) != 0) 2549 continue; 2550 2551 /* Same BSSID,SSID was already included in scan results */ 2552 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result " 2553 "for " MACSTR, MAC2STR(r->bssid)); 2554 2555 if ((r->flags & WPA_SCAN_ASSOCIATED) && 2556 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) { 2557 os_free(res->res[i]); 2558 res->res[i] = r; 2559 } else 2560 os_free(r); 2561 return NL_SKIP; 2562 } 2563 2564 tmp = os_realloc(res->res, 2565 (res->num + 1) * sizeof(struct wpa_scan_res *)); 2566 if (tmp == NULL) { 2567 os_free(r); 2568 return NL_SKIP; 2569 } 2570 tmp[res->num++] = r; 2571 res->res = tmp; 2572 2573 return NL_SKIP; 2574} 2575 2576 2577static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 2578 const u8 *addr) 2579{ 2580 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 2581 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 2582 "mismatch (" MACSTR ")", MAC2STR(addr)); 2583 wpa_driver_nl80211_mlme(drv, addr, 2584 NL80211_CMD_DEAUTHENTICATE, 2585 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 2586 } 2587} 2588 2589 2590static void wpa_driver_nl80211_check_bss_status( 2591 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 2592{ 2593 size_t i; 2594 2595 for (i = 0; i < res->num; i++) { 2596 struct wpa_scan_res *r = res->res[i]; 2597 if (r->flags & WPA_SCAN_AUTHENTICATED) { 2598 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 2599 "indicates BSS status with " MACSTR 2600 " as authenticated", 2601 MAC2STR(r->bssid)); 2602 if (drv->nlmode == NL80211_IFTYPE_STATION && 2603 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 2604 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 2605 0) { 2606 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 2607 " in local state (auth=" MACSTR 2608 " assoc=" MACSTR ")", 2609 MAC2STR(drv->auth_bssid), 2610 MAC2STR(drv->bssid)); 2611 clear_state_mismatch(drv, r->bssid); 2612 } 2613 } 2614 2615 if (r->flags & WPA_SCAN_ASSOCIATED) { 2616 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 2617 "indicate BSS status with " MACSTR 2618 " as associated", 2619 MAC2STR(r->bssid)); 2620 if (drv->nlmode == NL80211_IFTYPE_STATION && 2621 !drv->associated) { 2622 wpa_printf(MSG_DEBUG, "nl80211: Local state " 2623 "(not associated) does not match " 2624 "with BSS state"); 2625 clear_state_mismatch(drv, r->bssid); 2626 } else if (drv->nlmode == NL80211_IFTYPE_STATION && 2627 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 2628 0) { 2629 wpa_printf(MSG_DEBUG, "nl80211: Local state " 2630 "(associated with " MACSTR ") does " 2631 "not match with BSS state", 2632 MAC2STR(drv->bssid)); 2633 clear_state_mismatch(drv, r->bssid); 2634 clear_state_mismatch(drv, drv->bssid); 2635 } 2636 } 2637 } 2638} 2639 2640 2641static void wpa_scan_results_free(struct wpa_scan_results *res) 2642{ 2643 size_t i; 2644 2645 if (res == NULL) 2646 return; 2647 2648 for (i = 0; i < res->num; i++) 2649 os_free(res->res[i]); 2650 os_free(res->res); 2651 os_free(res); 2652} 2653 2654 2655static struct wpa_scan_results * 2656nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 2657{ 2658 struct nl_msg *msg; 2659 struct wpa_scan_results *res; 2660 int ret; 2661 struct nl80211_bss_info_arg arg; 2662 2663 res = os_zalloc(sizeof(*res)); 2664 if (res == NULL) 2665 return NULL; 2666 msg = nlmsg_alloc(); 2667 if (!msg) 2668 goto nla_put_failure; 2669 2670 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP, 2671 NL80211_CMD_GET_SCAN, 0); 2672 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2673 2674 arg.drv = drv; 2675 arg.res = res; 2676 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 2677 msg = NULL; 2678 if (ret == 0) { 2679 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)", 2680 (unsigned long) res->num); 2681 return res; 2682 } 2683 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 2684 "(%s)", ret, strerror(-ret)); 2685nla_put_failure: 2686 nlmsg_free(msg); 2687 wpa_scan_results_free(res); 2688 return NULL; 2689} 2690 2691 2692/** 2693 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 2694 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 2695 * Returns: Scan results on success, -1 on failure 2696 */ 2697static struct wpa_scan_results * 2698wpa_driver_nl80211_get_scan_results(void *priv) 2699{ 2700 struct i802_bss *bss = priv; 2701 struct wpa_driver_nl80211_data *drv = bss->drv; 2702 struct wpa_scan_results *res; 2703 2704 res = nl80211_get_scan_results(drv); 2705 if (res) 2706 wpa_driver_nl80211_check_bss_status(drv, res); 2707 return res; 2708} 2709 2710 2711static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 2712{ 2713 struct wpa_scan_results *res; 2714 size_t i; 2715 2716 res = nl80211_get_scan_results(drv); 2717 if (res == NULL) { 2718 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 2719 return; 2720 } 2721 2722 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 2723 for (i = 0; i < res->num; i++) { 2724 struct wpa_scan_res *r = res->res[i]; 2725 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 2726 (int) i, (int) res->num, MAC2STR(r->bssid), 2727 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 2728 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 2729 } 2730 2731 wpa_scan_results_free(res); 2732} 2733 2734 2735static int wpa_driver_nl80211_set_key(const char *ifname, void *priv, 2736 enum wpa_alg alg, const u8 *addr, 2737 int key_idx, int set_tx, 2738 const u8 *seq, size_t seq_len, 2739 const u8 *key, size_t key_len) 2740{ 2741 struct i802_bss *bss = priv; 2742 struct wpa_driver_nl80211_data *drv = bss->drv; 2743 int ifindex = if_nametoindex(ifname); 2744 struct nl_msg *msg; 2745 int ret; 2746 2747 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d " 2748 "set_tx=%d seq_len=%lu key_len=%lu", 2749 __func__, ifindex, alg, addr, key_idx, set_tx, 2750 (unsigned long) seq_len, (unsigned long) key_len); 2751 2752 msg = nlmsg_alloc(); 2753 if (!msg) 2754 return -ENOMEM; 2755 2756 if (alg == WPA_ALG_NONE) { 2757 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2758 0, NL80211_CMD_DEL_KEY, 0); 2759 } else { 2760 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2761 0, NL80211_CMD_NEW_KEY, 0); 2762 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 2763 switch (alg) { 2764 case WPA_ALG_WEP: 2765 if (key_len == 5) 2766 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2767 WLAN_CIPHER_SUITE_WEP40); 2768 else 2769 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2770 WLAN_CIPHER_SUITE_WEP104); 2771 break; 2772 case WPA_ALG_TKIP: 2773 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2774 WLAN_CIPHER_SUITE_TKIP); 2775 break; 2776 case WPA_ALG_CCMP: 2777 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2778 WLAN_CIPHER_SUITE_CCMP); 2779 break; 2780 case WPA_ALG_IGTK: 2781 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2782 WLAN_CIPHER_SUITE_AES_CMAC); 2783 break; 2784 default: 2785 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 2786 "algorithm %d", __func__, alg); 2787 nlmsg_free(msg); 2788 return -1; 2789 } 2790 } 2791 2792 if (seq && seq_len) 2793 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 2794 2795 if (addr && !is_broadcast_ether_addr(addr)) { 2796 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 2797 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 2798 2799 if (alg != WPA_ALG_WEP && key_idx && !set_tx) { 2800 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK"); 2801 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, 2802 NL80211_KEYTYPE_GROUP); 2803 } 2804 } else if (addr && is_broadcast_ether_addr(addr)) { 2805 struct nl_msg *types; 2806 int err; 2807 wpa_printf(MSG_DEBUG, " broadcast key"); 2808 types = nlmsg_alloc(); 2809 if (!types) 2810 goto nla_put_failure; 2811 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 2812 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 2813 types); 2814 nlmsg_free(types); 2815 if (err) 2816 goto nla_put_failure; 2817 } 2818 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 2819 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 2820 2821 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2822 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 2823 ret = 0; 2824 if (ret) 2825 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 2826 ret, strerror(-ret)); 2827 2828 /* 2829 * If we failed or don't need to set the default TX key (below), 2830 * we're done here. 2831 */ 2832 if (ret || !set_tx || alg == WPA_ALG_NONE) 2833 return ret; 2834 if (drv->nlmode == NL80211_IFTYPE_AP && addr && 2835 !is_broadcast_ether_addr(addr)) 2836 return ret; 2837 2838 msg = nlmsg_alloc(); 2839 if (!msg) 2840 return -ENOMEM; 2841 2842 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2843 0, NL80211_CMD_SET_KEY, 0); 2844 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 2845 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 2846 if (alg == WPA_ALG_IGTK) 2847 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 2848 else 2849 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 2850 if (addr && is_broadcast_ether_addr(addr)) { 2851 struct nl_msg *types; 2852 int err; 2853 types = nlmsg_alloc(); 2854 if (!types) 2855 goto nla_put_failure; 2856 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 2857 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 2858 types); 2859 nlmsg_free(types); 2860 if (err) 2861 goto nla_put_failure; 2862 } else if (addr) { 2863 struct nl_msg *types; 2864 int err; 2865 types = nlmsg_alloc(); 2866 if (!types) 2867 goto nla_put_failure; 2868 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_UNICAST); 2869 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES, 2870 types); 2871 nlmsg_free(types); 2872 if (err) 2873 goto nla_put_failure; 2874 } 2875 2876 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2877 if (ret == -ENOENT) 2878 ret = 0; 2879 if (ret) 2880 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 2881 "err=%d %s)", ret, strerror(-ret)); 2882 return ret; 2883 2884nla_put_failure: 2885 return -ENOBUFS; 2886} 2887 2888 2889static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 2890 int key_idx, int defkey, 2891 const u8 *seq, size_t seq_len, 2892 const u8 *key, size_t key_len) 2893{ 2894 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 2895 if (!key_attr) 2896 return -1; 2897 2898 if (defkey && alg == WPA_ALG_IGTK) 2899 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 2900 else if (defkey) 2901 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 2902 2903 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 2904 2905 switch (alg) { 2906 case WPA_ALG_WEP: 2907 if (key_len == 5) 2908 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2909 WLAN_CIPHER_SUITE_WEP40); 2910 else 2911 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2912 WLAN_CIPHER_SUITE_WEP104); 2913 break; 2914 case WPA_ALG_TKIP: 2915 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP); 2916 break; 2917 case WPA_ALG_CCMP: 2918 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP); 2919 break; 2920 case WPA_ALG_IGTK: 2921 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2922 WLAN_CIPHER_SUITE_AES_CMAC); 2923 break; 2924 default: 2925 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 2926 "algorithm %d", __func__, alg); 2927 return -1; 2928 } 2929 2930 if (seq && seq_len) 2931 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 2932 2933 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 2934 2935 nla_nest_end(msg, key_attr); 2936 2937 return 0; 2938 nla_put_failure: 2939 return -1; 2940} 2941 2942 2943static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 2944 struct nl_msg *msg) 2945{ 2946 int i, privacy = 0; 2947 struct nlattr *nl_keys, *nl_key; 2948 2949 for (i = 0; i < 4; i++) { 2950 if (!params->wep_key[i]) 2951 continue; 2952 privacy = 1; 2953 break; 2954 } 2955 if (params->wps == WPS_MODE_PRIVACY) 2956 privacy = 1; 2957 if (params->pairwise_suite && 2958 params->pairwise_suite != WPA_CIPHER_NONE) 2959 privacy = 1; 2960 2961 if (!privacy) 2962 return 0; 2963 2964 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 2965 2966 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 2967 if (!nl_keys) 2968 goto nla_put_failure; 2969 2970 for (i = 0; i < 4; i++) { 2971 if (!params->wep_key[i]) 2972 continue; 2973 2974 nl_key = nla_nest_start(msg, i); 2975 if (!nl_key) 2976 goto nla_put_failure; 2977 2978 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 2979 params->wep_key[i]); 2980 if (params->wep_key_len[i] == 5) 2981 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2982 WLAN_CIPHER_SUITE_WEP40); 2983 else 2984 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2985 WLAN_CIPHER_SUITE_WEP104); 2986 2987 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 2988 2989 if (i == params->wep_tx_keyidx) 2990 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 2991 2992 nla_nest_end(msg, nl_key); 2993 } 2994 nla_nest_end(msg, nl_keys); 2995 2996 return 0; 2997 2998nla_put_failure: 2999 return -ENOBUFS; 3000} 3001 3002 3003static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 3004 const u8 *addr, int cmd, u16 reason_code, 3005 int local_state_change) 3006{ 3007 int ret = -1; 3008 struct nl_msg *msg; 3009 3010 msg = nlmsg_alloc(); 3011 if (!msg) 3012 return -1; 3013 3014 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0); 3015 3016 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3017 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 3018 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 3019 if (local_state_change) 3020 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 3021 3022 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3023 msg = NULL; 3024 if (ret) { 3025 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 3026 "(%s)", ret, strerror(-ret)); 3027 goto nla_put_failure; 3028 } 3029 ret = 0; 3030 3031nla_put_failure: 3032 nlmsg_free(msg); 3033 return ret; 3034} 3035 3036 3037static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 3038 const u8 *addr, int reason_code) 3039{ 3040 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 3041 __func__, MAC2STR(addr), reason_code); 3042 drv->associated = 0; 3043 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT, 3044 reason_code, 0); 3045} 3046 3047 3048static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr, 3049 int reason_code) 3050{ 3051 struct i802_bss *bss = priv; 3052 struct wpa_driver_nl80211_data *drv = bss->drv; 3053 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 3054 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 3055 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 3056 __func__, MAC2STR(addr), reason_code); 3057 drv->associated = 0; 3058 if (drv->nlmode == NL80211_IFTYPE_ADHOC) 3059 return nl80211_leave_ibss(drv); 3060 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 3061 reason_code, 0); 3062} 3063 3064 3065static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr, 3066 int reason_code) 3067{ 3068 struct i802_bss *bss = priv; 3069 struct wpa_driver_nl80211_data *drv = bss->drv; 3070 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 3071 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 3072 wpa_printf(MSG_DEBUG, "%s", __func__); 3073 drv->associated = 0; 3074 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE, 3075 reason_code, 0); 3076} 3077 3078 3079static int wpa_driver_nl80211_authenticate( 3080 void *priv, struct wpa_driver_auth_params *params) 3081{ 3082 struct i802_bss *bss = priv; 3083 struct wpa_driver_nl80211_data *drv = bss->drv; 3084 int ret = -1, i; 3085 struct nl_msg *msg; 3086 enum nl80211_auth_type type; 3087 int count = 0; 3088 3089 drv->associated = 0; 3090 os_memset(drv->auth_bssid, 0, ETH_ALEN); 3091 /* FIX: IBSS mode */ 3092 if (drv->nlmode != NL80211_IFTYPE_STATION && 3093 wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA) < 0) 3094 return -1; 3095 3096retry: 3097 msg = nlmsg_alloc(); 3098 if (!msg) 3099 return -1; 3100 3101 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 3102 drv->ifindex); 3103 3104 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3105 NL80211_CMD_AUTHENTICATE, 0); 3106 3107 for (i = 0; i < 4; i++) { 3108 if (!params->wep_key[i]) 3109 continue; 3110 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP, 3111 NULL, i, 3112 i == params->wep_tx_keyidx, NULL, 0, 3113 params->wep_key[i], 3114 params->wep_key_len[i]); 3115 if (params->wep_tx_keyidx != i) 3116 continue; 3117 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 3118 params->wep_key[i], params->wep_key_len[i])) { 3119 nlmsg_free(msg); 3120 return -1; 3121 } 3122 } 3123 3124 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3125 if (params->bssid) { 3126 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 3127 MAC2STR(params->bssid)); 3128 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 3129 } 3130 if (params->freq) { 3131 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 3132 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 3133 } 3134 if (params->ssid) { 3135 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 3136 params->ssid, params->ssid_len); 3137 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 3138 params->ssid); 3139 } 3140 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 3141 if (params->ie) 3142 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 3143 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 3144 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 3145 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 3146 type = NL80211_AUTHTYPE_SHARED_KEY; 3147 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 3148 type = NL80211_AUTHTYPE_NETWORK_EAP; 3149 else if (params->auth_alg & WPA_AUTH_ALG_FT) 3150 type = NL80211_AUTHTYPE_FT; 3151 else 3152 goto nla_put_failure; 3153 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 3154 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 3155 if (params->local_state_change) { 3156 wpa_printf(MSG_DEBUG, " * Local state change only"); 3157 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 3158 } 3159 3160 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3161 msg = NULL; 3162 if (ret) { 3163 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 3164 "(%s)", ret, strerror(-ret)); 3165 count++; 3166 if (ret == -EALREADY && count == 1 && params->bssid && 3167 !params->local_state_change) { 3168 /* 3169 * mac80211 does not currently accept new 3170 * authentication if we are already authenticated. As a 3171 * workaround, force deauthentication and try again. 3172 */ 3173 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 3174 "after forced deauthentication"); 3175 wpa_driver_nl80211_deauthenticate( 3176 bss, params->bssid, 3177 WLAN_REASON_PREV_AUTH_NOT_VALID); 3178 nlmsg_free(msg); 3179 goto retry; 3180 } 3181 goto nla_put_failure; 3182 } 3183 ret = 0; 3184 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 3185 "successfully"); 3186 3187nla_put_failure: 3188 nlmsg_free(msg); 3189 return ret; 3190} 3191 3192 3193struct phy_info_arg { 3194 u16 *num_modes; 3195 struct hostapd_hw_modes *modes; 3196}; 3197 3198static int phy_info_handler(struct nl_msg *msg, void *arg) 3199{ 3200 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3201 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3202 struct phy_info_arg *phy_info = arg; 3203 3204 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 3205 3206 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 3207 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 3208 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 3209 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 3210 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG }, 3211 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG }, 3212 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 3213 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 3214 }; 3215 3216 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 3217 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 3218 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 3219 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG }, 3220 }; 3221 3222 struct nlattr *nl_band; 3223 struct nlattr *nl_freq; 3224 struct nlattr *nl_rate; 3225 int rem_band, rem_freq, rem_rate; 3226 struct hostapd_hw_modes *mode; 3227 int idx, mode_is_set; 3228 3229 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3230 genlmsg_attrlen(gnlh, 0), NULL); 3231 3232 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 3233 return NL_SKIP; 3234 3235 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) { 3236 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode)); 3237 if (!mode) 3238 return NL_SKIP; 3239 phy_info->modes = mode; 3240 3241 mode_is_set = 0; 3242 3243 mode = &phy_info->modes[*(phy_info->num_modes)]; 3244 memset(mode, 0, sizeof(*mode)); 3245 *(phy_info->num_modes) += 1; 3246 3247 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 3248 nla_len(nl_band), NULL); 3249 3250 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) { 3251 mode->ht_capab = nla_get_u16( 3252 tb_band[NL80211_BAND_ATTR_HT_CAPA]); 3253 } 3254 3255 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) { 3256 mode->a_mpdu_params |= nla_get_u8( 3257 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) & 3258 0x03; 3259 } 3260 3261 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) { 3262 mode->a_mpdu_params |= nla_get_u8( 3263 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) << 3264 2; 3265 } 3266 3267 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] && 3268 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) { 3269 u8 *mcs; 3270 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 3271 os_memcpy(mode->mcs_set, mcs, 16); 3272 } 3273 3274 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 3275 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 3276 nla_len(nl_freq), freq_policy); 3277 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 3278 continue; 3279 mode->num_channels++; 3280 } 3281 3282 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data)); 3283 if (!mode->channels) 3284 return NL_SKIP; 3285 3286 idx = 0; 3287 3288 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 3289 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 3290 nla_len(nl_freq), freq_policy); 3291 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 3292 continue; 3293 3294 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 3295 mode->channels[idx].flag = 0; 3296 3297 if (!mode_is_set) { 3298 /* crude heuristic */ 3299 if (mode->channels[idx].freq < 4000) 3300 mode->mode = HOSTAPD_MODE_IEEE80211B; 3301 else 3302 mode->mode = HOSTAPD_MODE_IEEE80211A; 3303 mode_is_set = 1; 3304 } 3305 3306 /* crude heuristic */ 3307 if (mode->channels[idx].freq < 4000) 3308 if (mode->channels[idx].freq == 2484) 3309 mode->channels[idx].chan = 14; 3310 else 3311 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5; 3312 else 3313 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000; 3314 3315 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 3316 mode->channels[idx].flag |= 3317 HOSTAPD_CHAN_DISABLED; 3318 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN]) 3319 mode->channels[idx].flag |= 3320 HOSTAPD_CHAN_PASSIVE_SCAN; 3321 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS]) 3322 mode->channels[idx].flag |= 3323 HOSTAPD_CHAN_NO_IBSS; 3324 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 3325 mode->channels[idx].flag |= 3326 HOSTAPD_CHAN_RADAR; 3327 3328 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] && 3329 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 3330 mode->channels[idx].max_tx_power = 3331 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100; 3332 3333 idx++; 3334 } 3335 3336 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 3337 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 3338 nla_len(nl_rate), rate_policy); 3339 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 3340 continue; 3341 mode->num_rates++; 3342 } 3343 3344 mode->rates = os_zalloc(mode->num_rates * sizeof(int)); 3345 if (!mode->rates) 3346 return NL_SKIP; 3347 3348 idx = 0; 3349 3350 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 3351 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 3352 nla_len(nl_rate), rate_policy); 3353 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 3354 continue; 3355 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]); 3356 3357 /* crude heuristic */ 3358 if (mode->mode == HOSTAPD_MODE_IEEE80211B && 3359 mode->rates[idx] > 200) 3360 mode->mode = HOSTAPD_MODE_IEEE80211G; 3361 3362 idx++; 3363 } 3364 } 3365 3366 return NL_SKIP; 3367} 3368 3369static struct hostapd_hw_modes * 3370wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes) 3371{ 3372 u16 m; 3373 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 3374 int i, mode11g_idx = -1; 3375 3376 /* If only 802.11g mode is included, use it to construct matching 3377 * 802.11b mode data. */ 3378 3379 for (m = 0; m < *num_modes; m++) { 3380 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 3381 return modes; /* 802.11b already included */ 3382 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 3383 mode11g_idx = m; 3384 } 3385 3386 if (mode11g_idx < 0) 3387 return modes; /* 2.4 GHz band not supported at all */ 3388 3389 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes)); 3390 if (nmodes == NULL) 3391 return modes; /* Could not add 802.11b mode */ 3392 3393 mode = &nmodes[*num_modes]; 3394 os_memset(mode, 0, sizeof(*mode)); 3395 (*num_modes)++; 3396 modes = nmodes; 3397 3398 mode->mode = HOSTAPD_MODE_IEEE80211B; 3399 3400 mode11g = &modes[mode11g_idx]; 3401 mode->num_channels = mode11g->num_channels; 3402 mode->channels = os_malloc(mode11g->num_channels * 3403 sizeof(struct hostapd_channel_data)); 3404 if (mode->channels == NULL) { 3405 (*num_modes)--; 3406 return modes; /* Could not add 802.11b mode */ 3407 } 3408 os_memcpy(mode->channels, mode11g->channels, 3409 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 3410 3411 mode->num_rates = 0; 3412 mode->rates = os_malloc(4 * sizeof(int)); 3413 if (mode->rates == NULL) { 3414 os_free(mode->channels); 3415 (*num_modes)--; 3416 return modes; /* Could not add 802.11b mode */ 3417 } 3418 3419 for (i = 0; i < mode11g->num_rates; i++) { 3420 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 3421 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 3422 continue; 3423 mode->rates[mode->num_rates] = mode11g->rates[i]; 3424 mode->num_rates++; 3425 if (mode->num_rates == 4) 3426 break; 3427 } 3428 3429 if (mode->num_rates == 0) { 3430 os_free(mode->channels); 3431 os_free(mode->rates); 3432 (*num_modes)--; 3433 return modes; /* No 802.11b rates */ 3434 } 3435 3436 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 3437 "information"); 3438 3439 return modes; 3440} 3441 3442 3443static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start, 3444 int end) 3445{ 3446 int c; 3447 3448 for (c = 0; c < mode->num_channels; c++) { 3449 struct hostapd_channel_data *chan = &mode->channels[c]; 3450 if (chan->freq - 10 >= start && chan->freq + 10 <= end) 3451 chan->flag |= HOSTAPD_CHAN_HT40; 3452 } 3453} 3454 3455 3456static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start, 3457 int end) 3458{ 3459 int c; 3460 3461 for (c = 0; c < mode->num_channels; c++) { 3462 struct hostapd_channel_data *chan = &mode->channels[c]; 3463 if (!(chan->flag & HOSTAPD_CHAN_HT40)) 3464 continue; 3465 if (chan->freq - 30 >= start && chan->freq - 10 <= end) 3466 chan->flag |= HOSTAPD_CHAN_HT40MINUS; 3467 if (chan->freq + 10 >= start && chan->freq + 30 <= end) 3468 chan->flag |= HOSTAPD_CHAN_HT40PLUS; 3469 } 3470} 3471 3472 3473static void nl80211_reg_rule_ht40(struct nlattr *tb[], 3474 struct phy_info_arg *results) 3475{ 3476 u32 start, end, max_bw; 3477 u16 m; 3478 3479 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 3480 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 3481 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 3482 return; 3483 3484 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 3485 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 3486 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 3487 3488 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz", 3489 start, end, max_bw); 3490 if (max_bw < 40) 3491 return; 3492 3493 for (m = 0; m < *results->num_modes; m++) { 3494 if (!(results->modes[m].ht_capab & 3495 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 3496 continue; 3497 nl80211_set_ht40_mode(&results->modes[m], start, end); 3498 } 3499} 3500 3501 3502static void nl80211_reg_rule_sec(struct nlattr *tb[], 3503 struct phy_info_arg *results) 3504{ 3505 u32 start, end, max_bw; 3506 u16 m; 3507 3508 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 3509 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 3510 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 3511 return; 3512 3513 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 3514 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 3515 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 3516 3517 if (max_bw < 20) 3518 return; 3519 3520 for (m = 0; m < *results->num_modes; m++) { 3521 if (!(results->modes[m].ht_capab & 3522 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 3523 continue; 3524 nl80211_set_ht40_mode_sec(&results->modes[m], start, end); 3525 } 3526} 3527 3528 3529static int nl80211_get_reg(struct nl_msg *msg, void *arg) 3530{ 3531 struct phy_info_arg *results = arg; 3532 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3533 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3534 struct nlattr *nl_rule; 3535 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1]; 3536 int rem_rule; 3537 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 3538 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 3539 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 3540 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 3541 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 3542 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 3543 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 3544 }; 3545 3546 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3547 genlmsg_attrlen(gnlh, 0), NULL); 3548 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] || 3549 !tb_msg[NL80211_ATTR_REG_RULES]) { 3550 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information " 3551 "available"); 3552 return NL_SKIP; 3553 } 3554 3555 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s", 3556 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2])); 3557 3558 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 3559 { 3560 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 3561 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 3562 nl80211_reg_rule_ht40(tb_rule, results); 3563 } 3564 3565 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 3566 { 3567 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 3568 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 3569 nl80211_reg_rule_sec(tb_rule, results); 3570 } 3571 3572 return NL_SKIP; 3573} 3574 3575 3576static int nl80211_set_ht40_flags(struct wpa_driver_nl80211_data *drv, 3577 struct phy_info_arg *results) 3578{ 3579 struct nl_msg *msg; 3580 3581 msg = nlmsg_alloc(); 3582 if (!msg) 3583 return -ENOMEM; 3584 3585 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3586 0, NL80211_CMD_GET_REG, 0); 3587 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results); 3588} 3589 3590 3591static struct hostapd_hw_modes * 3592wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 3593{ 3594 struct i802_bss *bss = priv; 3595 struct wpa_driver_nl80211_data *drv = bss->drv; 3596 struct nl_msg *msg; 3597 struct phy_info_arg result = { 3598 .num_modes = num_modes, 3599 .modes = NULL, 3600 }; 3601 3602 *num_modes = 0; 3603 *flags = 0; 3604 3605 msg = nlmsg_alloc(); 3606 if (!msg) 3607 return NULL; 3608 3609 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3610 0, NL80211_CMD_GET_WIPHY, 0); 3611 3612 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3613 3614 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) { 3615 nl80211_set_ht40_flags(drv, &result); 3616 return wpa_driver_nl80211_add_11b(result.modes, num_modes); 3617 } 3618 nla_put_failure: 3619 return NULL; 3620} 3621 3622 3623static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv, 3624 const void *data, size_t len, 3625 int encrypt) 3626{ 3627 __u8 rtap_hdr[] = { 3628 0x00, 0x00, /* radiotap version */ 3629 0x0e, 0x00, /* radiotap length */ 3630 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 3631 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 3632 0x00, /* padding */ 3633 0x00, 0x00, /* RX and TX flags to indicate that */ 3634 0x00, 0x00, /* this is the injected frame directly */ 3635 }; 3636 struct iovec iov[2] = { 3637 { 3638 .iov_base = &rtap_hdr, 3639 .iov_len = sizeof(rtap_hdr), 3640 }, 3641 { 3642 .iov_base = (void *) data, 3643 .iov_len = len, 3644 } 3645 }; 3646 struct msghdr msg = { 3647 .msg_name = NULL, 3648 .msg_namelen = 0, 3649 .msg_iov = iov, 3650 .msg_iovlen = 2, 3651 .msg_control = NULL, 3652 .msg_controllen = 0, 3653 .msg_flags = 0, 3654 }; 3655 int res; 3656 3657 if (encrypt) 3658 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 3659 3660 if (drv->monitor_sock < 0) { 3661 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available " 3662 "for %s", __func__); 3663 return -1; 3664 } 3665 3666 res = sendmsg(drv->monitor_sock, &msg, 0); 3667 if (res < 0) { 3668 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno)); 3669 return -1; 3670 } 3671 return 0; 3672} 3673 3674 3675static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data, 3676 size_t data_len) 3677{ 3678 struct i802_bss *bss = priv; 3679 struct wpa_driver_nl80211_data *drv = bss->drv; 3680 struct ieee80211_mgmt *mgmt; 3681 int encrypt = 1; 3682 u16 fc; 3683 3684 mgmt = (struct ieee80211_mgmt *) data; 3685 fc = le_to_host16(mgmt->frame_control); 3686 3687 if (drv->nlmode == NL80211_IFTYPE_STATION && 3688 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 3689 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) { 3690 /* 3691 * The use of last_mgmt_freq is a bit of a hack, 3692 * but it works due to the single-threaded nature 3693 * of wpa_supplicant. 3694 */ 3695 return nl80211_send_frame_cmd(drv, drv->last_mgmt_freq, 0, 3696 data, data_len, NULL); 3697 } 3698 3699 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 3700 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 3701 /* 3702 * Only one of the authentication frame types is encrypted. 3703 * In order for static WEP encryption to work properly (i.e., 3704 * to not encrypt the frame), we need to tell mac80211 about 3705 * the frames that must not be encrypted. 3706 */ 3707 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 3708 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 3709 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 3710 encrypt = 0; 3711 } 3712 3713 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt); 3714} 3715 3716 3717static int wpa_driver_nl80211_set_beacon(void *priv, 3718 const u8 *head, size_t head_len, 3719 const u8 *tail, size_t tail_len, 3720 int dtim_period, int beacon_int) 3721{ 3722 struct i802_bss *bss = priv; 3723 struct wpa_driver_nl80211_data *drv = bss->drv; 3724 struct nl_msg *msg; 3725 u8 cmd = NL80211_CMD_NEW_BEACON; 3726 int ret; 3727 int beacon_set; 3728 int ifindex = if_nametoindex(bss->ifname); 3729 3730 beacon_set = bss->beacon_set; 3731 3732 msg = nlmsg_alloc(); 3733 if (!msg) 3734 return -ENOMEM; 3735 3736 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 3737 beacon_set); 3738 if (beacon_set) 3739 cmd = NL80211_CMD_SET_BEACON; 3740 3741 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3742 0, cmd, 0); 3743 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head); 3744 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail); 3745 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 3746 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, beacon_int); 3747 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period); 3748 3749 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3750 if (ret) { 3751 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 3752 ret, strerror(-ret)); 3753 } else { 3754 bss->beacon_set = 1; 3755 } 3756 return ret; 3757 nla_put_failure: 3758 return -ENOBUFS; 3759} 3760 3761 3762static int wpa_driver_nl80211_set_freq(struct wpa_driver_nl80211_data *drv, 3763 int freq, int ht_enabled, 3764 int sec_channel_offset) 3765{ 3766 struct nl_msg *msg; 3767 int ret; 3768 3769 msg = nlmsg_alloc(); 3770 if (!msg) 3771 return -1; 3772 3773 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3774 NL80211_CMD_SET_WIPHY, 0); 3775 3776 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3777 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 3778 if (ht_enabled) { 3779 switch (sec_channel_offset) { 3780 case -1: 3781 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3782 NL80211_CHAN_HT40MINUS); 3783 break; 3784 case 1: 3785 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3786 NL80211_CHAN_HT40PLUS); 3787 break; 3788 default: 3789 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 3790 NL80211_CHAN_HT20); 3791 break; 3792 } 3793 } 3794 3795 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3796 if (ret == 0) 3797 return 0; 3798 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 3799 "%d (%s)", freq, ret, strerror(-ret)); 3800nla_put_failure: 3801 return -1; 3802} 3803 3804 3805static int wpa_driver_nl80211_sta_add(void *priv, 3806 struct hostapd_sta_add_params *params) 3807{ 3808 struct i802_bss *bss = priv; 3809 struct wpa_driver_nl80211_data *drv = bss->drv; 3810 struct nl_msg *msg; 3811 int ret = -ENOBUFS; 3812 3813 msg = nlmsg_alloc(); 3814 if (!msg) 3815 return -ENOMEM; 3816 3817 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3818 0, NL80211_CMD_NEW_STATION, 0); 3819 3820 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 3821 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 3822 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 3823 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 3824 params->supp_rates); 3825 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 3826 params->listen_interval); 3827 if (params->ht_capabilities) { 3828 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 3829 sizeof(*params->ht_capabilities), 3830 params->ht_capabilities); 3831 } 3832 3833 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3834 if (ret) 3835 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION " 3836 "result: %d (%s)", ret, strerror(-ret)); 3837 if (ret == -EEXIST) 3838 ret = 0; 3839 nla_put_failure: 3840 return ret; 3841} 3842 3843 3844static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr) 3845{ 3846 struct i802_bss *bss = priv; 3847 struct wpa_driver_nl80211_data *drv = bss->drv; 3848 struct nl_msg *msg; 3849 int ret; 3850 3851 msg = nlmsg_alloc(); 3852 if (!msg) 3853 return -ENOMEM; 3854 3855 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3856 0, NL80211_CMD_DEL_STATION, 0); 3857 3858 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 3859 if_nametoindex(bss->ifname)); 3860 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 3861 3862 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3863 if (ret == -ENOENT) 3864 return 0; 3865 return ret; 3866 nla_put_failure: 3867 return -ENOBUFS; 3868} 3869 3870 3871static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 3872 int ifidx) 3873{ 3874 struct nl_msg *msg; 3875 3876 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 3877 3878#ifdef HOSTAPD 3879 /* stop listening for EAPOL on this interface */ 3880 del_ifidx(drv, ifidx); 3881#endif /* HOSTAPD */ 3882 3883 msg = nlmsg_alloc(); 3884 if (!msg) 3885 goto nla_put_failure; 3886 3887 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3888 0, NL80211_CMD_DEL_INTERFACE, 0); 3889 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 3890 3891 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 3892 return; 3893 nla_put_failure: 3894 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 3895} 3896 3897 3898static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 3899 const char *ifname, 3900 enum nl80211_iftype iftype, 3901 const u8 *addr, int wds) 3902{ 3903 struct nl_msg *msg, *flags = NULL; 3904 int ifidx; 3905 int ret = -ENOBUFS; 3906 3907 msg = nlmsg_alloc(); 3908 if (!msg) 3909 return -1; 3910 3911 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3912 0, NL80211_CMD_NEW_INTERFACE, 0); 3913 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3914 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 3915 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 3916 3917 if (iftype == NL80211_IFTYPE_MONITOR) { 3918 int err; 3919 3920 flags = nlmsg_alloc(); 3921 if (!flags) 3922 goto nla_put_failure; 3923 3924 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES); 3925 3926 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags); 3927 3928 nlmsg_free(flags); 3929 3930 if (err) 3931 goto nla_put_failure; 3932 } else if (wds) { 3933 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 3934 } 3935 3936 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3937 if (ret) { 3938 nla_put_failure: 3939 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 3940 ifname, ret, strerror(-ret)); 3941 return ret; 3942 } 3943 3944 ifidx = if_nametoindex(ifname); 3945 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 3946 ifname, ifidx); 3947 3948 if (ifidx <= 0) 3949 return -1; 3950 3951#ifdef HOSTAPD 3952 /* start listening for EAPOL on this interface */ 3953 add_ifidx(drv, ifidx); 3954#endif /* HOSTAPD */ 3955 3956 if (addr && iftype != NL80211_IFTYPE_MONITOR && 3957 linux_set_ifhwaddr(drv->ioctl_sock, ifname, addr)) { 3958 nl80211_remove_iface(drv, ifidx); 3959 return -1; 3960 } 3961 3962 return ifidx; 3963} 3964 3965 3966static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 3967 const char *ifname, enum nl80211_iftype iftype, 3968 const u8 *addr, int wds) 3969{ 3970 int ret; 3971 3972 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds); 3973 3974 /* if error occured and interface exists already */ 3975 if (ret == -ENFILE && if_nametoindex(ifname)) { 3976 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 3977 3978 /* Try to remove the interface that was already there. */ 3979 nl80211_remove_iface(drv, if_nametoindex(ifname)); 3980 3981 /* Try to create the interface again */ 3982 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 3983 wds); 3984 } 3985 3986 if (ret >= 0 && drv->disable_11b_rates) 3987 nl80211_disable_11b_rates(drv, ret, 1); 3988 3989 return ret; 3990} 3991 3992 3993static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 3994{ 3995 struct ieee80211_hdr *hdr; 3996 u16 fc; 3997 union wpa_event_data event; 3998 3999 hdr = (struct ieee80211_hdr *) buf; 4000 fc = le_to_host16(hdr->frame_control); 4001 4002 os_memset(&event, 0, sizeof(event)); 4003 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 4004 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 4005 event.tx_status.dst = hdr->addr1; 4006 event.tx_status.data = buf; 4007 event.tx_status.data_len = len; 4008 event.tx_status.ack = ok; 4009 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 4010} 4011 4012 4013static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 4014 u8 *buf, size_t len) 4015{ 4016 union wpa_event_data event; 4017 os_memset(&event, 0, sizeof(event)); 4018 event.rx_from_unknown.frame = buf; 4019 event.rx_from_unknown.len = len; 4020 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 4021} 4022 4023 4024static void handle_frame(struct wpa_driver_nl80211_data *drv, 4025 u8 *buf, size_t len, int datarate, int ssi_signal) 4026{ 4027 struct ieee80211_hdr *hdr; 4028 u16 fc; 4029 union wpa_event_data event; 4030 4031 hdr = (struct ieee80211_hdr *) buf; 4032 fc = le_to_host16(hdr->frame_control); 4033 4034 switch (WLAN_FC_GET_TYPE(fc)) { 4035 case WLAN_FC_TYPE_MGMT: 4036 os_memset(&event, 0, sizeof(event)); 4037 event.rx_mgmt.frame = buf; 4038 event.rx_mgmt.frame_len = len; 4039 event.rx_mgmt.datarate = datarate; 4040 event.rx_mgmt.ssi_signal = ssi_signal; 4041 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 4042 break; 4043 case WLAN_FC_TYPE_CTRL: 4044 /* can only get here with PS-Poll frames */ 4045 wpa_printf(MSG_DEBUG, "CTRL"); 4046 from_unknown_sta(drv, buf, len); 4047 break; 4048 case WLAN_FC_TYPE_DATA: 4049 from_unknown_sta(drv, buf, len); 4050 break; 4051 } 4052} 4053 4054 4055static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 4056{ 4057 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4058 int len; 4059 unsigned char buf[3000]; 4060 struct ieee80211_radiotap_iterator iter; 4061 int ret; 4062 int datarate = 0, ssi_signal = 0; 4063 int injected = 0, failed = 0, rxflags = 0; 4064 4065 len = recv(sock, buf, sizeof(buf), 0); 4066 if (len < 0) { 4067 perror("recv"); 4068 return; 4069 } 4070 4071 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) { 4072 printf("received invalid radiotap frame\n"); 4073 return; 4074 } 4075 4076 while (1) { 4077 ret = ieee80211_radiotap_iterator_next(&iter); 4078 if (ret == -ENOENT) 4079 break; 4080 if (ret) { 4081 printf("received invalid radiotap frame (%d)\n", ret); 4082 return; 4083 } 4084 switch (iter.this_arg_index) { 4085 case IEEE80211_RADIOTAP_FLAGS: 4086 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 4087 len -= 4; 4088 break; 4089 case IEEE80211_RADIOTAP_RX_FLAGS: 4090 rxflags = 1; 4091 break; 4092 case IEEE80211_RADIOTAP_TX_FLAGS: 4093 injected = 1; 4094 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 4095 IEEE80211_RADIOTAP_F_TX_FAIL; 4096 break; 4097 case IEEE80211_RADIOTAP_DATA_RETRIES: 4098 break; 4099 case IEEE80211_RADIOTAP_CHANNEL: 4100 /* TODO: convert from freq/flags to channel number */ 4101 break; 4102 case IEEE80211_RADIOTAP_RATE: 4103 datarate = *iter.this_arg * 5; 4104 break; 4105 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 4106 ssi_signal = *iter.this_arg; 4107 break; 4108 } 4109 } 4110 4111 if (rxflags && injected) 4112 return; 4113 4114 if (!injected) 4115 handle_frame(drv, buf + iter.max_length, 4116 len - iter.max_length, datarate, ssi_signal); 4117 else 4118 handle_tx_callback(drv->ctx, buf + iter.max_length, 4119 len - iter.max_length, !failed); 4120} 4121 4122 4123/* 4124 * we post-process the filter code later and rewrite 4125 * this to the offset to the last instruction 4126 */ 4127#define PASS 0xFF 4128#define FAIL 0xFE 4129 4130static struct sock_filter msock_filter_insns[] = { 4131 /* 4132 * do a little-endian load of the radiotap length field 4133 */ 4134 /* load lower byte into A */ 4135 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 4136 /* put it into X (== index register) */ 4137 BPF_STMT(BPF_MISC| BPF_TAX, 0), 4138 /* load upper byte into A */ 4139 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 4140 /* left-shift it by 8 */ 4141 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 4142 /* or with X */ 4143 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 4144 /* put result into X */ 4145 BPF_STMT(BPF_MISC| BPF_TAX, 0), 4146 4147 /* 4148 * Allow management frames through, this also gives us those 4149 * management frames that we sent ourselves with status 4150 */ 4151 /* load the lower byte of the IEEE 802.11 frame control field */ 4152 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 4153 /* mask off frame type and version */ 4154 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 4155 /* accept frame if it's both 0, fall through otherwise */ 4156 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 4157 4158 /* 4159 * TODO: add a bit to radiotap RX flags that indicates 4160 * that the sending station is not associated, then 4161 * add a filter here that filters on our DA and that flag 4162 * to allow us to deauth frames to that bad station. 4163 * 4164 * For now allow all To DS data frames through. 4165 */ 4166 /* load the IEEE 802.11 frame control field */ 4167 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0), 4168 /* mask off frame type, version and DS status */ 4169 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03), 4170 /* accept frame if version 0, type 2 and To DS, fall through otherwise 4171 */ 4172 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0), 4173 4174#if 0 4175 /* 4176 * drop non-data frames 4177 */ 4178 /* load the lower byte of the frame control field */ 4179 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 4180 /* mask off QoS bit */ 4181 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 4182 /* drop non-data frames */ 4183 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 4184#endif 4185 /* load the upper byte of the frame control field */ 4186 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 4187 /* mask off toDS/fromDS */ 4188 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 4189 /* accept WDS frames */ 4190 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 4191 4192 /* 4193 * add header length to index 4194 */ 4195 /* load the lower byte of the frame control field */ 4196 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 4197 /* mask off QoS bit */ 4198 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 4199 /* right shift it by 6 to give 0 or 2 */ 4200 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 4201 /* add data frame header length */ 4202 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 4203 /* add index, was start of 802.11 header */ 4204 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 4205 /* move to index, now start of LL header */ 4206 BPF_STMT(BPF_MISC | BPF_TAX, 0), 4207 4208 /* 4209 * Accept empty data frames, we use those for 4210 * polling activity. 4211 */ 4212 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 4213 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 4214 4215 /* 4216 * Accept EAPOL frames 4217 */ 4218 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 4219 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 4220 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 4221 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 4222 4223 /* keep these last two statements or change the code below */ 4224 /* return 0 == "DROP" */ 4225 BPF_STMT(BPF_RET | BPF_K, 0), 4226 /* return ~0 == "keep all" */ 4227 BPF_STMT(BPF_RET | BPF_K, ~0), 4228}; 4229 4230static struct sock_fprog msock_filter = { 4231 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]), 4232 .filter = msock_filter_insns, 4233}; 4234 4235 4236static int add_monitor_filter(int s) 4237{ 4238 int idx; 4239 4240 /* rewrite all PASS/FAIL jump offsets */ 4241 for (idx = 0; idx < msock_filter.len; idx++) { 4242 struct sock_filter *insn = &msock_filter_insns[idx]; 4243 4244 if (BPF_CLASS(insn->code) == BPF_JMP) { 4245 if (insn->code == (BPF_JMP|BPF_JA)) { 4246 if (insn->k == PASS) 4247 insn->k = msock_filter.len - idx - 2; 4248 else if (insn->k == FAIL) 4249 insn->k = msock_filter.len - idx - 3; 4250 } 4251 4252 if (insn->jt == PASS) 4253 insn->jt = msock_filter.len - idx - 2; 4254 else if (insn->jt == FAIL) 4255 insn->jt = msock_filter.len - idx - 3; 4256 4257 if (insn->jf == PASS) 4258 insn->jf = msock_filter.len - idx - 2; 4259 else if (insn->jf == FAIL) 4260 insn->jf = msock_filter.len - idx - 3; 4261 } 4262 } 4263 4264 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 4265 &msock_filter, sizeof(msock_filter))) { 4266 perror("SO_ATTACH_FILTER"); 4267 return -1; 4268 } 4269 4270 return 0; 4271} 4272 4273 4274static void nl80211_remove_monitor_interface( 4275 struct wpa_driver_nl80211_data *drv) 4276{ 4277 if (drv->monitor_ifidx >= 0) { 4278 nl80211_remove_iface(drv, drv->monitor_ifidx); 4279 drv->monitor_ifidx = -1; 4280 } 4281 if (drv->monitor_sock >= 0) { 4282 eloop_unregister_read_sock(drv->monitor_sock); 4283 close(drv->monitor_sock); 4284 drv->monitor_sock = -1; 4285 } 4286} 4287 4288 4289static int 4290nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 4291{ 4292 char buf[IFNAMSIZ]; 4293 struct sockaddr_ll ll; 4294 int optval; 4295 socklen_t optlen; 4296 4297 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname); 4298 buf[IFNAMSIZ - 1] = '\0'; 4299 4300 drv->monitor_ifidx = 4301 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 4302 0); 4303 4304 if (drv->monitor_ifidx == -EOPNOTSUPP) { 4305 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support " 4306 "monitor interface type - try to run without it"); 4307 drv->no_monitor_iface_capab = 1; 4308 } 4309 4310 if (drv->monitor_ifidx < 0) 4311 return -1; 4312 4313 if (linux_set_iface_flags(drv->ioctl_sock, buf, 1)) 4314 goto error; 4315 4316 memset(&ll, 0, sizeof(ll)); 4317 ll.sll_family = AF_PACKET; 4318 ll.sll_ifindex = drv->monitor_ifidx; 4319 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 4320 if (drv->monitor_sock < 0) { 4321 perror("socket[PF_PACKET,SOCK_RAW]"); 4322 goto error; 4323 } 4324 4325 if (add_monitor_filter(drv->monitor_sock)) { 4326 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 4327 "interface; do filtering in user space"); 4328 /* This works, but will cost in performance. */ 4329 } 4330 4331 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 4332 perror("monitor socket bind"); 4333 goto error; 4334 } 4335 4336 optlen = sizeof(optval); 4337 optval = 20; 4338 if (setsockopt 4339 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 4340 perror("Failed to set socket priority"); 4341 goto error; 4342 } 4343 4344 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 4345 drv, NULL)) { 4346 printf("Could not register monitor read socket\n"); 4347 goto error; 4348 } 4349 4350 return 0; 4351 error: 4352 nl80211_remove_monitor_interface(drv); 4353 return -1; 4354} 4355 4356 4357static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 4358 4359static int wpa_driver_nl80211_hapd_send_eapol( 4360 void *priv, const u8 *addr, const u8 *data, 4361 size_t data_len, int encrypt, const u8 *own_addr, u32 flags) 4362{ 4363 struct i802_bss *bss = priv; 4364 struct wpa_driver_nl80211_data *drv = bss->drv; 4365 struct ieee80211_hdr *hdr; 4366 size_t len; 4367 u8 *pos; 4368 int res; 4369 int qos = flags & WPA_STA_WMM; 4370 4371 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 4372 data_len; 4373 hdr = os_zalloc(len); 4374 if (hdr == NULL) { 4375 printf("malloc() failed for i802_send_data(len=%lu)\n", 4376 (unsigned long) len); 4377 return -1; 4378 } 4379 4380 hdr->frame_control = 4381 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 4382 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 4383 if (encrypt) 4384 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 4385 if (qos) { 4386 hdr->frame_control |= 4387 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 4388 } 4389 4390 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 4391 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 4392 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 4393 pos = (u8 *) (hdr + 1); 4394 4395 if (qos) { 4396 /* add an empty QoS header if needed */ 4397 pos[0] = 0; 4398 pos[1] = 0; 4399 pos += 2; 4400 } 4401 4402 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 4403 pos += sizeof(rfc1042_header); 4404 WPA_PUT_BE16(pos, ETH_P_PAE); 4405 pos += 2; 4406 memcpy(pos, data, data_len); 4407 4408 res = wpa_driver_nl80211_send_frame(drv, (u8 *) hdr, len, encrypt); 4409 if (res < 0) { 4410 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 4411 "failed: %d (%s)", 4412 (unsigned long) len, errno, strerror(errno)); 4413 } 4414 os_free(hdr); 4415 4416 return res; 4417} 4418 4419 4420static u32 sta_flags_nl80211(int flags) 4421{ 4422 u32 f = 0; 4423 4424 if (flags & WPA_STA_AUTHORIZED) 4425 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 4426 if (flags & WPA_STA_WMM) 4427 f |= BIT(NL80211_STA_FLAG_WME); 4428 if (flags & WPA_STA_SHORT_PREAMBLE) 4429 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 4430 if (flags & WPA_STA_MFP) 4431 f |= BIT(NL80211_STA_FLAG_MFP); 4432 4433 return f; 4434} 4435 4436 4437static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 4438 int total_flags, 4439 int flags_or, int flags_and) 4440{ 4441 struct i802_bss *bss = priv; 4442 struct wpa_driver_nl80211_data *drv = bss->drv; 4443 struct nl_msg *msg, *flags = NULL; 4444 struct nl80211_sta_flag_update upd; 4445 4446 msg = nlmsg_alloc(); 4447 if (!msg) 4448 return -ENOMEM; 4449 4450 flags = nlmsg_alloc(); 4451 if (!flags) { 4452 nlmsg_free(msg); 4453 return -ENOMEM; 4454 } 4455 4456 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4457 0, NL80211_CMD_SET_STATION, 0); 4458 4459 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 4460 if_nametoindex(bss->ifname)); 4461 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 4462 4463 /* 4464 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 4465 * can be removed eventually. 4466 */ 4467 if (total_flags & WPA_STA_AUTHORIZED) 4468 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED); 4469 4470 if (total_flags & WPA_STA_WMM) 4471 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME); 4472 4473 if (total_flags & WPA_STA_SHORT_PREAMBLE) 4474 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE); 4475 4476 if (total_flags & WPA_STA_MFP) 4477 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP); 4478 4479 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags)) 4480 goto nla_put_failure; 4481 4482 os_memset(&upd, 0, sizeof(upd)); 4483 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 4484 upd.set = sta_flags_nl80211(flags_or); 4485 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 4486 4487 nlmsg_free(flags); 4488 4489 return send_and_recv_msgs(drv, msg, NULL, NULL); 4490 nla_put_failure: 4491 nlmsg_free(flags); 4492 return -ENOBUFS; 4493} 4494 4495 4496static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 4497 struct wpa_driver_associate_params *params) 4498{ 4499 if (params->p2p) 4500 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P " 4501 "group (GO)"); 4502 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode) || 4503 wpa_driver_nl80211_set_freq(drv, params->freq, 0, 0)) { 4504 nl80211_remove_monitor_interface(drv); 4505 return -1; 4506 } 4507 4508 /* TODO: setup monitor interface (and add code somewhere to remove this 4509 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */ 4510 4511 return 0; 4512} 4513 4514 4515static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 4516{ 4517 struct nl_msg *msg; 4518 int ret = -1; 4519 4520 msg = nlmsg_alloc(); 4521 if (!msg) 4522 return -1; 4523 4524 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4525 NL80211_CMD_LEAVE_IBSS, 0); 4526 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4527 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4528 msg = NULL; 4529 if (ret) { 4530 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 4531 "(%s)", ret, strerror(-ret)); 4532 goto nla_put_failure; 4533 } 4534 4535 ret = 0; 4536 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 4537 4538nla_put_failure: 4539 nlmsg_free(msg); 4540 return ret; 4541} 4542 4543 4544static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 4545 struct wpa_driver_associate_params *params) 4546{ 4547 struct nl_msg *msg; 4548 int ret = -1; 4549 int count = 0; 4550 4551 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 4552 4553 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode)) { 4554 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 4555 "IBSS mode"); 4556 return -1; 4557 } 4558 4559retry: 4560 msg = nlmsg_alloc(); 4561 if (!msg) 4562 return -1; 4563 4564 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4565 NL80211_CMD_JOIN_IBSS, 0); 4566 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4567 4568 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 4569 goto nla_put_failure; 4570 4571 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 4572 params->ssid, params->ssid_len); 4573 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 4574 params->ssid); 4575 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 4576 drv->ssid_len = params->ssid_len; 4577 4578 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 4579 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 4580 4581 ret = nl80211_set_conn_keys(params, msg); 4582 if (ret) 4583 goto nla_put_failure; 4584 4585 if (params->wpa_ie) { 4586 wpa_hexdump(MSG_DEBUG, 4587 " * Extra IEs for Beacon/Probe Response frames", 4588 params->wpa_ie, params->wpa_ie_len); 4589 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 4590 params->wpa_ie); 4591 } 4592 4593 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4594 msg = NULL; 4595 if (ret) { 4596 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 4597 ret, strerror(-ret)); 4598 count++; 4599 if (ret == -EALREADY && count == 1) { 4600 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 4601 "forced leave"); 4602 nl80211_leave_ibss(drv); 4603 nlmsg_free(msg); 4604 goto retry; 4605 } 4606 4607 goto nla_put_failure; 4608 } 4609 ret = 0; 4610 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 4611 4612nla_put_failure: 4613 nlmsg_free(msg); 4614 return ret; 4615} 4616 4617 4618static int wpa_driver_nl80211_connect( 4619 struct wpa_driver_nl80211_data *drv, 4620 struct wpa_driver_associate_params *params) 4621{ 4622 struct nl_msg *msg; 4623 enum nl80211_auth_type type; 4624 int ret = 0; 4625 int algs; 4626 4627 msg = nlmsg_alloc(); 4628 if (!msg) 4629 return -1; 4630 4631 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 4632 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4633 NL80211_CMD_CONNECT, 0); 4634 4635 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4636 if (params->bssid) { 4637 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 4638 MAC2STR(params->bssid)); 4639 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 4640 } 4641 if (params->freq) { 4642 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 4643 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 4644 } 4645 if (params->ssid) { 4646 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 4647 params->ssid, params->ssid_len); 4648 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 4649 params->ssid); 4650 if (params->ssid_len > sizeof(drv->ssid)) 4651 goto nla_put_failure; 4652 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 4653 drv->ssid_len = params->ssid_len; 4654 } 4655 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 4656 if (params->wpa_ie) 4657 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 4658 params->wpa_ie); 4659 4660 algs = 0; 4661 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 4662 algs++; 4663 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 4664 algs++; 4665 if (params->auth_alg & WPA_AUTH_ALG_LEAP) 4666 algs++; 4667 if (algs > 1) { 4668 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " 4669 "selection"); 4670 goto skip_auth_type; 4671 } 4672 4673 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 4674 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 4675 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 4676 type = NL80211_AUTHTYPE_SHARED_KEY; 4677 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 4678 type = NL80211_AUTHTYPE_NETWORK_EAP; 4679 else if (params->auth_alg & WPA_AUTH_ALG_FT) 4680 type = NL80211_AUTHTYPE_FT; 4681 else 4682 goto nla_put_failure; 4683 4684 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 4685 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 4686 4687skip_auth_type: 4688 if (params->wpa_ie && params->wpa_ie_len) { 4689 enum nl80211_wpa_versions ver; 4690 4691 if (params->wpa_ie[0] == WLAN_EID_RSN) 4692 ver = NL80211_WPA_VERSION_2; 4693 else 4694 ver = NL80211_WPA_VERSION_1; 4695 4696 wpa_printf(MSG_DEBUG, " * WPA Version %d", ver); 4697 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 4698 } 4699 4700 if (params->pairwise_suite != CIPHER_NONE) { 4701 int cipher; 4702 4703 switch (params->pairwise_suite) { 4704 case CIPHER_WEP40: 4705 cipher = WLAN_CIPHER_SUITE_WEP40; 4706 break; 4707 case CIPHER_WEP104: 4708 cipher = WLAN_CIPHER_SUITE_WEP104; 4709 break; 4710 case CIPHER_CCMP: 4711 cipher = WLAN_CIPHER_SUITE_CCMP; 4712 break; 4713 case CIPHER_TKIP: 4714 default: 4715 cipher = WLAN_CIPHER_SUITE_TKIP; 4716 break; 4717 } 4718 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 4719 } 4720 4721 if (params->group_suite != CIPHER_NONE) { 4722 int cipher; 4723 4724 switch (params->group_suite) { 4725 case CIPHER_WEP40: 4726 cipher = WLAN_CIPHER_SUITE_WEP40; 4727 break; 4728 case CIPHER_WEP104: 4729 cipher = WLAN_CIPHER_SUITE_WEP104; 4730 break; 4731 case CIPHER_CCMP: 4732 cipher = WLAN_CIPHER_SUITE_CCMP; 4733 break; 4734 case CIPHER_TKIP: 4735 default: 4736 cipher = WLAN_CIPHER_SUITE_TKIP; 4737 break; 4738 } 4739 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 4740 } 4741 4742 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 4743 params->key_mgmt_suite == KEY_MGMT_PSK) { 4744 int mgmt = WLAN_AKM_SUITE_PSK; 4745 4746 switch (params->key_mgmt_suite) { 4747 case KEY_MGMT_802_1X: 4748 mgmt = WLAN_AKM_SUITE_8021X; 4749 break; 4750 case KEY_MGMT_PSK: 4751 default: 4752 mgmt = WLAN_AKM_SUITE_PSK; 4753 break; 4754 } 4755 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 4756 } 4757 4758 ret = nl80211_set_conn_keys(params, msg); 4759 if (ret) 4760 goto nla_put_failure; 4761 4762 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4763 msg = NULL; 4764 if (ret) { 4765 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 4766 "(%s)", ret, strerror(-ret)); 4767 goto nla_put_failure; 4768 } 4769 ret = 0; 4770 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 4771 4772nla_put_failure: 4773 nlmsg_free(msg); 4774 return ret; 4775 4776} 4777 4778 4779static int wpa_driver_nl80211_associate( 4780 void *priv, struct wpa_driver_associate_params *params) 4781{ 4782 struct i802_bss *bss = priv; 4783 struct wpa_driver_nl80211_data *drv = bss->drv; 4784 int ret = -1; 4785 struct nl_msg *msg; 4786 4787 if (params->mode == IEEE80211_MODE_AP) 4788 return wpa_driver_nl80211_ap(drv, params); 4789 4790 if (params->mode == IEEE80211_MODE_IBSS) 4791 return wpa_driver_nl80211_ibss(drv, params); 4792 4793 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 4794 if (wpa_driver_nl80211_set_mode(priv, params->mode) < 0) 4795 return -1; 4796 return wpa_driver_nl80211_connect(drv, params); 4797 } 4798 4799 drv->associated = 0; 4800 4801 msg = nlmsg_alloc(); 4802 if (!msg) 4803 return -1; 4804 4805 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 4806 drv->ifindex); 4807 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4808 NL80211_CMD_ASSOCIATE, 0); 4809 4810 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4811 if (params->bssid) { 4812 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 4813 MAC2STR(params->bssid)); 4814 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 4815 } 4816 if (params->freq) { 4817 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 4818 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 4819 drv->assoc_freq = params->freq; 4820 } else 4821 drv->assoc_freq = 0; 4822 if (params->ssid) { 4823 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 4824 params->ssid, params->ssid_len); 4825 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 4826 params->ssid); 4827 if (params->ssid_len > sizeof(drv->ssid)) 4828 goto nla_put_failure; 4829 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 4830 drv->ssid_len = params->ssid_len; 4831 } 4832 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 4833 if (params->wpa_ie) 4834 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 4835 params->wpa_ie); 4836 4837 if (params->pairwise_suite != CIPHER_NONE) { 4838 int cipher; 4839 4840 switch (params->pairwise_suite) { 4841 case CIPHER_WEP40: 4842 cipher = WLAN_CIPHER_SUITE_WEP40; 4843 break; 4844 case CIPHER_WEP104: 4845 cipher = WLAN_CIPHER_SUITE_WEP104; 4846 break; 4847 case CIPHER_CCMP: 4848 cipher = WLAN_CIPHER_SUITE_CCMP; 4849 break; 4850 case CIPHER_TKIP: 4851 default: 4852 cipher = WLAN_CIPHER_SUITE_TKIP; 4853 break; 4854 } 4855 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher); 4856 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 4857 } 4858 4859 if (params->group_suite != CIPHER_NONE) { 4860 int cipher; 4861 4862 switch (params->group_suite) { 4863 case CIPHER_WEP40: 4864 cipher = WLAN_CIPHER_SUITE_WEP40; 4865 break; 4866 case CIPHER_WEP104: 4867 cipher = WLAN_CIPHER_SUITE_WEP104; 4868 break; 4869 case CIPHER_CCMP: 4870 cipher = WLAN_CIPHER_SUITE_CCMP; 4871 break; 4872 case CIPHER_TKIP: 4873 default: 4874 cipher = WLAN_CIPHER_SUITE_TKIP; 4875 break; 4876 } 4877 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher); 4878 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 4879 } 4880 4881#ifdef CONFIG_IEEE80211W 4882 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 4883 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 4884#endif /* CONFIG_IEEE80211W */ 4885 4886 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 4887 4888 if (params->prev_bssid) { 4889 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 4890 MAC2STR(params->prev_bssid)); 4891 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 4892 params->prev_bssid); 4893 } 4894 4895 if (params->p2p) 4896 wpa_printf(MSG_DEBUG, " * P2P group"); 4897 4898 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4899 msg = NULL; 4900 if (ret) { 4901 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 4902 "(%s)", ret, strerror(-ret)); 4903 nl80211_dump_scan(drv); 4904 goto nla_put_failure; 4905 } 4906 ret = 0; 4907 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 4908 "successfully"); 4909 4910nla_put_failure: 4911 nlmsg_free(msg); 4912 return ret; 4913} 4914 4915 4916static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 4917 int ifindex, int mode) 4918{ 4919 struct nl_msg *msg; 4920 int ret = -ENOBUFS; 4921 4922 msg = nlmsg_alloc(); 4923 if (!msg) 4924 return -ENOMEM; 4925 4926 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4927 0, NL80211_CMD_SET_INTERFACE, 0); 4928 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 4929 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 4930 4931 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4932 if (!ret) 4933 return 0; 4934nla_put_failure: 4935 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 4936 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 4937 return ret; 4938} 4939 4940 4941static int wpa_driver_nl80211_set_mode(void *priv, int mode) 4942{ 4943 struct i802_bss *bss = priv; 4944 struct wpa_driver_nl80211_data *drv = bss->drv; 4945 int ret = -1; 4946 int nlmode; 4947 int i; 4948 4949 switch (mode) { 4950 case 0: 4951 nlmode = NL80211_IFTYPE_STATION; 4952 break; 4953 case 1: 4954 nlmode = NL80211_IFTYPE_ADHOC; 4955 break; 4956 case 2: 4957 nlmode = NL80211_IFTYPE_AP; 4958 break; 4959 default: 4960 return -1; 4961 } 4962 4963 if (nl80211_set_mode(drv, drv->ifindex, nlmode) == 0) { 4964 drv->nlmode = nlmode; 4965 ret = 0; 4966 goto done; 4967 } 4968 4969 if (nlmode == drv->nlmode) { 4970 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 4971 "requested mode - ignore error"); 4972 ret = 0; 4973 goto done; /* Already in the requested mode */ 4974 } 4975 4976 /* mac80211 doesn't allow mode changes while the device is up, so 4977 * take the device down, try to set the mode again, and bring the 4978 * device back up. 4979 */ 4980 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting " 4981 "interface down"); 4982 for (i = 0; i < 10; i++) { 4983 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0) == 4984 0) { 4985 /* Try to set the mode again while the interface is 4986 * down */ 4987 ret = nl80211_set_mode(drv, drv->ifindex, nlmode); 4988 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 4989 1)) 4990 ret = -1; 4991 if (!ret) 4992 break; 4993 } else 4994 wpa_printf(MSG_DEBUG, "nl80211: Failed to set " 4995 "interface down"); 4996 os_sleep(0, 100000); 4997 } 4998 4999 if (!ret) { 5000 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 5001 "interface is down"); 5002 drv->nlmode = nlmode; 5003 } 5004 5005done: 5006 if (!ret && nlmode == NL80211_IFTYPE_AP) { 5007 /* Setup additional AP mode functionality if needed */ 5008 if (!drv->no_monitor_iface_capab && drv->monitor_ifidx < 0 && 5009 nl80211_create_monitor_interface(drv) && 5010 !drv->no_monitor_iface_capab) 5011 return -1; 5012 } else if (!ret && nlmode != NL80211_IFTYPE_AP) { 5013 /* Remove additional AP mode functionality */ 5014 nl80211_remove_monitor_interface(drv); 5015 bss->beacon_set = 0; 5016 } 5017 5018 if (ret) 5019 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 5020 "from %d failed", nlmode, drv->nlmode); 5021 5022 return ret; 5023} 5024 5025 5026static int wpa_driver_nl80211_get_capa(void *priv, 5027 struct wpa_driver_capa *capa) 5028{ 5029 struct i802_bss *bss = priv; 5030 struct wpa_driver_nl80211_data *drv = bss->drv; 5031 if (!drv->has_capability) 5032 return -1; 5033 os_memcpy(capa, &drv->capa, sizeof(*capa)); 5034 return 0; 5035} 5036 5037 5038static int wpa_driver_nl80211_set_operstate(void *priv, int state) 5039{ 5040 struct i802_bss *bss = priv; 5041 struct wpa_driver_nl80211_data *drv = bss->drv; 5042 5043 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 5044 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 5045 drv->operstate = state; 5046 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1, 5047 state ? IF_OPER_UP : IF_OPER_DORMANT); 5048} 5049 5050 5051static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 5052{ 5053 struct i802_bss *bss = priv; 5054 struct wpa_driver_nl80211_data *drv = bss->drv; 5055 struct nl_msg *msg; 5056 struct nl80211_sta_flag_update upd; 5057 5058 msg = nlmsg_alloc(); 5059 if (!msg) 5060 return -ENOMEM; 5061 5062 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5063 0, NL80211_CMD_SET_STATION, 0); 5064 5065 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 5066 if_nametoindex(bss->ifname)); 5067 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 5068 5069 os_memset(&upd, 0, sizeof(upd)); 5070 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 5071 if (authorized) 5072 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 5073 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 5074 5075 return send_and_recv_msgs(drv, msg, NULL, NULL); 5076 nla_put_failure: 5077 return -ENOBUFS; 5078} 5079 5080 5081/* Set kernel driver on given frequency (MHz) */ 5082static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 5083{ 5084 struct i802_bss *bss = priv; 5085 struct wpa_driver_nl80211_data *drv = bss->drv; 5086 return wpa_driver_nl80211_set_freq(drv, freq->freq, freq->ht_enabled, 5087 freq->sec_channel_offset); 5088} 5089 5090 5091#if defined(HOSTAPD) || defined(CONFIG_AP) 5092 5093static inline int min_int(int a, int b) 5094{ 5095 if (a < b) 5096 return a; 5097 return b; 5098} 5099 5100 5101static int get_key_handler(struct nl_msg *msg, void *arg) 5102{ 5103 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 5104 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5105 5106 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5107 genlmsg_attrlen(gnlh, 0), NULL); 5108 5109 /* 5110 * TODO: validate the key index and mac address! 5111 * Otherwise, there's a race condition as soon as 5112 * the kernel starts sending key notifications. 5113 */ 5114 5115 if (tb[NL80211_ATTR_KEY_SEQ]) 5116 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 5117 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 5118 return NL_SKIP; 5119} 5120 5121 5122static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 5123 int idx, u8 *seq) 5124{ 5125 struct i802_bss *bss = priv; 5126 struct wpa_driver_nl80211_data *drv = bss->drv; 5127 struct nl_msg *msg; 5128 5129 msg = nlmsg_alloc(); 5130 if (!msg) 5131 return -ENOMEM; 5132 5133 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5134 0, NL80211_CMD_GET_KEY, 0); 5135 5136 if (addr) 5137 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5138 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 5139 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 5140 5141 memset(seq, 0, 6); 5142 5143 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 5144 nla_put_failure: 5145 return -ENOBUFS; 5146} 5147 5148 5149static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates, 5150 int mode) 5151{ 5152 struct i802_bss *bss = priv; 5153 struct wpa_driver_nl80211_data *drv = bss->drv; 5154 struct nl_msg *msg; 5155 u8 rates[NL80211_MAX_SUPP_RATES]; 5156 u8 rates_len = 0; 5157 int i; 5158 5159 msg = nlmsg_alloc(); 5160 if (!msg) 5161 return -ENOMEM; 5162 5163 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 5164 NL80211_CMD_SET_BSS, 0); 5165 5166 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++) 5167 rates[rates_len++] = basic_rates[i] / 5; 5168 5169 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 5170 5171 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5172 5173 return send_and_recv_msgs(drv, msg, NULL, NULL); 5174 nla_put_failure: 5175 return -ENOBUFS; 5176} 5177 5178 5179static int i802_set_rts(void *priv, int rts) 5180{ 5181 struct i802_bss *bss = priv; 5182 struct wpa_driver_nl80211_data *drv = bss->drv; 5183 struct nl_msg *msg; 5184 int ret = -ENOBUFS; 5185 u32 val; 5186 5187 msg = nlmsg_alloc(); 5188 if (!msg) 5189 return -ENOMEM; 5190 5191 if (rts >= 2347) 5192 val = (u32) -1; 5193 else 5194 val = rts; 5195 5196 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5197 0, NL80211_CMD_SET_WIPHY, 0); 5198 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5199 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 5200 5201 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5202 if (!ret) 5203 return 0; 5204nla_put_failure: 5205 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 5206 "%d (%s)", rts, ret, strerror(-ret)); 5207 return ret; 5208} 5209 5210 5211static int i802_set_frag(void *priv, int frag) 5212{ 5213 struct i802_bss *bss = priv; 5214 struct wpa_driver_nl80211_data *drv = bss->drv; 5215 struct nl_msg *msg; 5216 int ret = -ENOBUFS; 5217 u32 val; 5218 5219 msg = nlmsg_alloc(); 5220 if (!msg) 5221 return -ENOMEM; 5222 5223 if (frag >= 2346) 5224 val = (u32) -1; 5225 else 5226 val = frag; 5227 5228 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5229 0, NL80211_CMD_SET_WIPHY, 0); 5230 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5231 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 5232 5233 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5234 if (!ret) 5235 return 0; 5236nla_put_failure: 5237 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 5238 "%d: %d (%s)", frag, ret, strerror(-ret)); 5239 return ret; 5240} 5241 5242 5243static int i802_flush(void *priv) 5244{ 5245 struct i802_bss *bss = priv; 5246 struct wpa_driver_nl80211_data *drv = bss->drv; 5247 struct nl_msg *msg; 5248 5249 msg = nlmsg_alloc(); 5250 if (!msg) 5251 return -1; 5252 5253 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5254 0, NL80211_CMD_DEL_STATION, 0); 5255 5256 /* 5257 * XXX: FIX! this needs to flush all VLANs too 5258 */ 5259 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 5260 if_nametoindex(bss->ifname)); 5261 5262 return send_and_recv_msgs(drv, msg, NULL, NULL); 5263 nla_put_failure: 5264 return -ENOBUFS; 5265} 5266 5267 5268static int get_sta_handler(struct nl_msg *msg, void *arg) 5269{ 5270 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 5271 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5272 struct hostap_sta_driver_data *data = arg; 5273 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 5274 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 5275 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 5276 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 5277 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 5278 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 5279 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 5280 }; 5281 5282 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5283 genlmsg_attrlen(gnlh, 0), NULL); 5284 5285 /* 5286 * TODO: validate the interface and mac address! 5287 * Otherwise, there's a race condition as soon as 5288 * the kernel starts sending station notifications. 5289 */ 5290 5291 if (!tb[NL80211_ATTR_STA_INFO]) { 5292 wpa_printf(MSG_DEBUG, "sta stats missing!"); 5293 return NL_SKIP; 5294 } 5295 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 5296 tb[NL80211_ATTR_STA_INFO], 5297 stats_policy)) { 5298 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 5299 return NL_SKIP; 5300 } 5301 5302 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 5303 data->inactive_msec = 5304 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 5305 if (stats[NL80211_STA_INFO_RX_BYTES]) 5306 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 5307 if (stats[NL80211_STA_INFO_TX_BYTES]) 5308 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 5309 if (stats[NL80211_STA_INFO_RX_PACKETS]) 5310 data->rx_packets = 5311 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 5312 if (stats[NL80211_STA_INFO_TX_PACKETS]) 5313 data->tx_packets = 5314 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 5315 5316 return NL_SKIP; 5317} 5318 5319static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data, 5320 const u8 *addr) 5321{ 5322 struct i802_bss *bss = priv; 5323 struct wpa_driver_nl80211_data *drv = bss->drv; 5324 struct nl_msg *msg; 5325 5326 os_memset(data, 0, sizeof(*data)); 5327 msg = nlmsg_alloc(); 5328 if (!msg) 5329 return -ENOMEM; 5330 5331 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5332 0, NL80211_CMD_GET_STATION, 0); 5333 5334 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5335 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5336 5337 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 5338 nla_put_failure: 5339 return -ENOBUFS; 5340} 5341 5342 5343static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 5344 int cw_min, int cw_max, int burst_time) 5345{ 5346 struct i802_bss *bss = priv; 5347 struct wpa_driver_nl80211_data *drv = bss->drv; 5348 struct nl_msg *msg; 5349 struct nlattr *txq, *params; 5350 5351 msg = nlmsg_alloc(); 5352 if (!msg) 5353 return -1; 5354 5355 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5356 0, NL80211_CMD_SET_WIPHY, 0); 5357 5358 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5359 5360 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 5361 if (!txq) 5362 goto nla_put_failure; 5363 5364 /* We are only sending parameters for a single TXQ at a time */ 5365 params = nla_nest_start(msg, 1); 5366 if (!params) 5367 goto nla_put_failure; 5368 5369 switch (queue) { 5370 case 0: 5371 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO); 5372 break; 5373 case 1: 5374 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI); 5375 break; 5376 case 2: 5377 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE); 5378 break; 5379 case 3: 5380 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK); 5381 break; 5382 } 5383 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 5384 * 32 usec, so need to convert the value here. */ 5385 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 5386 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 5387 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 5388 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 5389 5390 nla_nest_end(msg, params); 5391 5392 nla_nest_end(msg, txq); 5393 5394 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 5395 return 0; 5396 nla_put_failure: 5397 return -1; 5398} 5399 5400 5401static int i802_set_bss(void *priv, int cts, int preamble, int slot, 5402 int ht_opmode) 5403{ 5404 struct i802_bss *bss = priv; 5405 struct wpa_driver_nl80211_data *drv = bss->drv; 5406 struct nl_msg *msg; 5407 5408 msg = nlmsg_alloc(); 5409 if (!msg) 5410 return -ENOMEM; 5411 5412 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 5413 NL80211_CMD_SET_BSS, 0); 5414 5415 if (cts >= 0) 5416 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 5417 if (preamble >= 0) 5418 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 5419 if (slot >= 0) 5420 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 5421 if (ht_opmode >= 0) 5422 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode); 5423 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 5424 5425 return send_and_recv_msgs(drv, msg, NULL, NULL); 5426 nla_put_failure: 5427 return -ENOBUFS; 5428} 5429 5430 5431static int i802_set_cts_protect(void *priv, int value) 5432{ 5433 return i802_set_bss(priv, value, -1, -1, -1); 5434} 5435 5436 5437static int i802_set_preamble(void *priv, int value) 5438{ 5439 return i802_set_bss(priv, -1, value, -1, -1); 5440} 5441 5442 5443static int i802_set_short_slot_time(void *priv, int value) 5444{ 5445 return i802_set_bss(priv, -1, -1, value, -1); 5446} 5447 5448 5449static int i802_set_sta_vlan(void *priv, const u8 *addr, 5450 const char *ifname, int vlan_id) 5451{ 5452 struct i802_bss *bss = priv; 5453 struct wpa_driver_nl80211_data *drv = bss->drv; 5454 struct nl_msg *msg; 5455 int ret = -ENOBUFS; 5456 5457 msg = nlmsg_alloc(); 5458 if (!msg) 5459 return -ENOMEM; 5460 5461 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5462 0, NL80211_CMD_SET_STATION, 0); 5463 5464 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 5465 if_nametoindex(bss->ifname)); 5466 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5467 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 5468 if_nametoindex(ifname)); 5469 5470 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5471 if (ret < 0) { 5472 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 5473 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 5474 MAC2STR(addr), ifname, vlan_id, ret, 5475 strerror(-ret)); 5476 } 5477 nla_put_failure: 5478 return ret; 5479} 5480 5481 5482static int i802_set_ht_params(void *priv, const u8 *ht_capab, 5483 size_t ht_capab_len, const u8 *ht_oper, 5484 size_t ht_oper_len) 5485{ 5486 if (ht_oper_len >= 6) { 5487 /* ht opmode uses 16bit in octet 5 & 6 */ 5488 u16 ht_opmode = le_to_host16(((u16 *) ht_oper)[2]); 5489 return i802_set_bss(priv, -1, -1, -1, ht_opmode); 5490 } else 5491 return -1; 5492} 5493 5494 5495static int i802_get_inact_sec(void *priv, const u8 *addr) 5496{ 5497 struct hostap_sta_driver_data data; 5498 int ret; 5499 5500 data.inactive_msec = (unsigned long) -1; 5501 ret = i802_read_sta_data(priv, &data, addr); 5502 if (ret || data.inactive_msec == (unsigned long) -1) 5503 return -1; 5504 return data.inactive_msec / 1000; 5505} 5506 5507 5508static int i802_sta_clear_stats(void *priv, const u8 *addr) 5509{ 5510#if 0 5511 /* TODO */ 5512#endif 5513 return 0; 5514} 5515 5516 5517static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 5518 int reason) 5519{ 5520 struct i802_bss *bss = priv; 5521 struct ieee80211_mgmt mgmt; 5522 5523 memset(&mgmt, 0, sizeof(mgmt)); 5524 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 5525 WLAN_FC_STYPE_DEAUTH); 5526 memcpy(mgmt.da, addr, ETH_ALEN); 5527 memcpy(mgmt.sa, own_addr, ETH_ALEN); 5528 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 5529 mgmt.u.deauth.reason_code = host_to_le16(reason); 5530 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 5531 IEEE80211_HDRLEN + 5532 sizeof(mgmt.u.deauth)); 5533} 5534 5535 5536static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 5537 int reason) 5538{ 5539 struct i802_bss *bss = priv; 5540 struct ieee80211_mgmt mgmt; 5541 5542 memset(&mgmt, 0, sizeof(mgmt)); 5543 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 5544 WLAN_FC_STYPE_DISASSOC); 5545 memcpy(mgmt.da, addr, ETH_ALEN); 5546 memcpy(mgmt.sa, own_addr, ETH_ALEN); 5547 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 5548 mgmt.u.disassoc.reason_code = host_to_le16(reason); 5549 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 5550 IEEE80211_HDRLEN + 5551 sizeof(mgmt.u.disassoc)); 5552} 5553 5554#endif /* HOSTAPD || CONFIG_AP */ 5555 5556#ifdef HOSTAPD 5557 5558static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 5559{ 5560 int i; 5561 int *old; 5562 5563 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 5564 ifidx); 5565 for (i = 0; i < drv->num_if_indices; i++) { 5566 if (drv->if_indices[i] == 0) { 5567 drv->if_indices[i] = ifidx; 5568 return; 5569 } 5570 } 5571 5572 if (drv->if_indices != drv->default_if_indices) 5573 old = drv->if_indices; 5574 else 5575 old = NULL; 5576 5577 drv->if_indices = os_realloc(old, 5578 sizeof(int) * (drv->num_if_indices + 1)); 5579 if (!drv->if_indices) { 5580 if (!old) 5581 drv->if_indices = drv->default_if_indices; 5582 else 5583 drv->if_indices = old; 5584 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 5585 "interfaces"); 5586 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 5587 return; 5588 } else if (!old) 5589 os_memcpy(drv->if_indices, drv->default_if_indices, 5590 sizeof(drv->default_if_indices)); 5591 drv->if_indices[drv->num_if_indices] = ifidx; 5592 drv->num_if_indices++; 5593} 5594 5595 5596static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 5597{ 5598 int i; 5599 5600 for (i = 0; i < drv->num_if_indices; i++) { 5601 if (drv->if_indices[i] == ifidx) { 5602 drv->if_indices[i] = 0; 5603 break; 5604 } 5605 } 5606} 5607 5608 5609static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 5610{ 5611 int i; 5612 5613 for (i = 0; i < drv->num_if_indices; i++) 5614 if (drv->if_indices[i] == ifidx) 5615 return 1; 5616 5617 return 0; 5618} 5619 5620 5621static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, 5622 const char *bridge_ifname) 5623{ 5624 struct i802_bss *bss = priv; 5625 struct wpa_driver_nl80211_data *drv = bss->drv; 5626 char name[IFNAMSIZ + 1]; 5627 5628 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 5629 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 5630 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 5631 if (val) { 5632 if (!if_nametoindex(name)) { 5633 if (nl80211_create_iface(drv, name, 5634 NL80211_IFTYPE_AP_VLAN, 5635 NULL, 1) < 0) 5636 return -1; 5637 if (bridge_ifname && 5638 linux_br_add_if(drv->ioctl_sock, bridge_ifname, 5639 name) < 0) 5640 return -1; 5641 } 5642 linux_set_iface_flags(drv->ioctl_sock, name, 1); 5643 return i802_set_sta_vlan(priv, addr, name, 0); 5644 } else { 5645 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 5646 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN, 5647 name); 5648 } 5649} 5650 5651 5652static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 5653{ 5654 struct wpa_driver_nl80211_data *drv = eloop_ctx; 5655 struct sockaddr_ll lladdr; 5656 unsigned char buf[3000]; 5657 int len; 5658 socklen_t fromlen = sizeof(lladdr); 5659 5660 len = recvfrom(sock, buf, sizeof(buf), 0, 5661 (struct sockaddr *)&lladdr, &fromlen); 5662 if (len < 0) { 5663 perror("recv"); 5664 return; 5665 } 5666 5667 if (have_ifidx(drv, lladdr.sll_ifindex)) 5668 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 5669} 5670 5671 5672static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 5673 struct i802_bss *bss, 5674 const char *brname, const char *ifname) 5675{ 5676 int ifindex; 5677 char in_br[IFNAMSIZ]; 5678 5679 os_strlcpy(bss->brname, brname, IFNAMSIZ); 5680 ifindex = if_nametoindex(brname); 5681 if (ifindex == 0) { 5682 /* 5683 * Bridge was configured, but the bridge device does 5684 * not exist. Try to add it now. 5685 */ 5686 if (linux_br_add(drv->ioctl_sock, brname) < 0) { 5687 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 5688 "bridge interface %s: %s", 5689 brname, strerror(errno)); 5690 return -1; 5691 } 5692 bss->added_bridge = 1; 5693 add_ifidx(drv, if_nametoindex(brname)); 5694 } 5695 5696 if (linux_br_get(in_br, ifname) == 0) { 5697 if (os_strcmp(in_br, brname) == 0) 5698 return 0; /* already in the bridge */ 5699 5700 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 5701 "bridge %s", ifname, in_br); 5702 if (linux_br_del_if(drv->ioctl_sock, in_br, ifname) < 0) { 5703 wpa_printf(MSG_ERROR, "nl80211: Failed to " 5704 "remove interface %s from bridge " 5705 "%s: %s", 5706 ifname, brname, strerror(errno)); 5707 return -1; 5708 } 5709 } 5710 5711 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 5712 ifname, brname); 5713 if (linux_br_add_if(drv->ioctl_sock, brname, ifname) < 0) { 5714 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 5715 "into bridge %s: %s", 5716 ifname, brname, strerror(errno)); 5717 return -1; 5718 } 5719 bss->added_if_into_bridge = 1; 5720 5721 return 0; 5722} 5723 5724 5725static void *i802_init(struct hostapd_data *hapd, 5726 struct wpa_init_params *params) 5727{ 5728 struct wpa_driver_nl80211_data *drv; 5729 struct i802_bss *bss; 5730 size_t i; 5731 char brname[IFNAMSIZ]; 5732 int ifindex, br_ifindex; 5733 int br_added = 0; 5734 5735 bss = wpa_driver_nl80211_init(hapd, params->ifname, NULL); 5736 if (bss == NULL) 5737 return NULL; 5738 5739 drv = bss->drv; 5740 drv->nlmode = NL80211_IFTYPE_AP; 5741 if (linux_br_get(brname, params->ifname) == 0) { 5742 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 5743 params->ifname, brname); 5744 br_ifindex = if_nametoindex(brname); 5745 } else { 5746 brname[0] = '\0'; 5747 br_ifindex = 0; 5748 } 5749 5750 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 5751 drv->if_indices = drv->default_if_indices; 5752 for (i = 0; i < params->num_bridge; i++) { 5753 if (params->bridge[i]) { 5754 ifindex = if_nametoindex(params->bridge[i]); 5755 if (ifindex) 5756 add_ifidx(drv, ifindex); 5757 if (ifindex == br_ifindex) 5758 br_added = 1; 5759 } 5760 } 5761 if (!br_added && br_ifindex && 5762 (params->num_bridge == 0 || !params->bridge[0])) 5763 add_ifidx(drv, br_ifindex); 5764 5765 /* start listening for EAPOL on the default AP interface */ 5766 add_ifidx(drv, drv->ifindex); 5767 5768 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0)) 5769 goto failed; 5770 5771 if (params->bssid) { 5772 if (linux_set_ifhwaddr(drv->ioctl_sock, bss->ifname, 5773 params->bssid)) 5774 goto failed; 5775 } 5776 5777 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_AP)) { 5778 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s " 5779 "into AP mode", bss->ifname); 5780 goto failed; 5781 } 5782 5783 if (params->num_bridge && params->bridge[0] && 5784 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0) 5785 goto failed; 5786 5787 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) 5788 goto failed; 5789 5790 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 5791 if (drv->eapol_sock < 0) { 5792 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)"); 5793 goto failed; 5794 } 5795 5796 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 5797 { 5798 printf("Could not register read socket for eapol\n"); 5799 goto failed; 5800 } 5801 5802 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, params->own_addr)) 5803 goto failed; 5804 5805 return bss; 5806 5807failed: 5808 nl80211_remove_monitor_interface(drv); 5809 rfkill_deinit(drv->rfkill); 5810 netlink_deinit(drv->netlink); 5811 if (drv->ioctl_sock >= 0) 5812 close(drv->ioctl_sock); 5813 5814 genl_family_put(drv->nl80211); 5815 nl_cache_free(drv->nl_cache); 5816 nl80211_handle_destroy(drv->nl_handle); 5817 nl_cb_put(drv->nl_cb); 5818 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 5819 5820 os_free(drv); 5821 return NULL; 5822} 5823 5824 5825static void i802_deinit(void *priv) 5826{ 5827 wpa_driver_nl80211_deinit(priv); 5828} 5829 5830#endif /* HOSTAPD */ 5831 5832 5833static enum nl80211_iftype wpa_driver_nl80211_if_type( 5834 enum wpa_driver_if_type type) 5835{ 5836 switch (type) { 5837 case WPA_IF_STATION: 5838 return NL80211_IFTYPE_STATION; 5839 case WPA_IF_P2P_CLIENT: 5840 case WPA_IF_P2P_GROUP: 5841 return NL80211_IFTYPE_P2P_CLIENT; 5842 case WPA_IF_AP_VLAN: 5843 return NL80211_IFTYPE_AP_VLAN; 5844 case WPA_IF_AP_BSS: 5845 return NL80211_IFTYPE_AP; 5846 case WPA_IF_P2P_GO: 5847 return NL80211_IFTYPE_P2P_GO; 5848 } 5849 return -1; 5850} 5851 5852 5853#ifdef CONFIG_P2P 5854 5855static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr) 5856{ 5857 struct wpa_driver_nl80211_data *drv; 5858 dl_list_for_each(drv, &global->interfaces, 5859 struct wpa_driver_nl80211_data, list) { 5860 if (os_memcmp(addr, drv->addr, ETH_ALEN) == 0) 5861 return 1; 5862 } 5863 return 0; 5864} 5865 5866 5867static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv, 5868 u8 *new_addr) 5869{ 5870 unsigned int idx; 5871 5872 if (!drv->global) 5873 return -1; 5874 5875 os_memcpy(new_addr, drv->addr, ETH_ALEN); 5876 for (idx = 0; idx < 64; idx++) { 5877 new_addr[0] = drv->addr[0] | 0x02; 5878 new_addr[0] ^= idx << 2; 5879 if (!nl80211_addr_in_use(drv->global, new_addr)) 5880 break; 5881 } 5882 if (idx == 64) 5883 return -1; 5884 5885 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address " 5886 MACSTR, MAC2STR(new_addr)); 5887 5888 return 0; 5889} 5890 5891#endif /* CONFIG_P2P */ 5892 5893 5894static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 5895 const char *ifname, const u8 *addr, 5896 void *bss_ctx, void **drv_priv, 5897 char *force_ifname, u8 *if_addr, 5898 const char *bridge) 5899{ 5900 struct i802_bss *bss = priv; 5901 struct wpa_driver_nl80211_data *drv = bss->drv; 5902 int ifidx; 5903#ifdef HOSTAPD 5904 struct i802_bss *new_bss = NULL; 5905 5906 if (type == WPA_IF_AP_BSS) { 5907 new_bss = os_zalloc(sizeof(*new_bss)); 5908 if (new_bss == NULL) 5909 return -1; 5910 } 5911#endif /* HOSTAPD */ 5912 5913 if (addr) 5914 os_memcpy(if_addr, addr, ETH_ALEN); 5915 ifidx = nl80211_create_iface(drv, ifname, 5916 wpa_driver_nl80211_if_type(type), addr, 5917 0); 5918 if (ifidx < 0) { 5919#ifdef HOSTAPD 5920 os_free(new_bss); 5921#endif /* HOSTAPD */ 5922 return -1; 5923 } 5924 5925 if (!addr && 5926 linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, if_addr) < 0) { 5927 nl80211_remove_iface(drv, ifidx); 5928 return -1; 5929 } 5930 5931#ifdef CONFIG_P2P 5932 if (!addr && 5933 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP || 5934 type == WPA_IF_P2P_GO)) { 5935 /* Enforce unique P2P Interface Address */ 5936 u8 new_addr[ETH_ALEN], own_addr[ETH_ALEN]; 5937 5938 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) 5939 < 0 || 5940 linux_get_ifhwaddr(drv->ioctl_sock, ifname, new_addr) < 0) 5941 { 5942 nl80211_remove_iface(drv, ifidx); 5943 return -1; 5944 } 5945 if (os_memcmp(own_addr, new_addr, ETH_ALEN) == 0) { 5946 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address " 5947 "for P2P group interface"); 5948 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) { 5949 nl80211_remove_iface(drv, ifidx); 5950 return -1; 5951 } 5952 if (linux_set_ifhwaddr(drv->ioctl_sock, ifname, 5953 new_addr) < 0) { 5954 nl80211_remove_iface(drv, ifidx); 5955 return -1; 5956 } 5957 os_memcpy(if_addr, new_addr, ETH_ALEN); 5958 } 5959 } 5960#endif /* CONFIG_P2P */ 5961 5962#ifdef HOSTAPD 5963 if (bridge && 5964 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) { 5965 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new " 5966 "interface %s to a bridge %s", ifname, bridge); 5967 nl80211_remove_iface(drv, ifidx); 5968 os_free(new_bss); 5969 return -1; 5970 } 5971 5972 if (type == WPA_IF_AP_BSS) { 5973 if (linux_set_iface_flags(drv->ioctl_sock, ifname, 1)) { 5974 nl80211_remove_iface(drv, ifidx); 5975 os_free(new_bss); 5976 return -1; 5977 } 5978 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 5979 new_bss->ifindex = ifidx; 5980 new_bss->drv = drv; 5981 new_bss->next = drv->first_bss.next; 5982 drv->first_bss.next = new_bss; 5983 if (drv_priv) 5984 *drv_priv = new_bss; 5985 } 5986#endif /* HOSTAPD */ 5987 5988 return 0; 5989} 5990 5991 5992static int wpa_driver_nl80211_if_remove(void *priv, 5993 enum wpa_driver_if_type type, 5994 const char *ifname) 5995{ 5996 struct i802_bss *bss = priv; 5997 struct wpa_driver_nl80211_data *drv = bss->drv; 5998 int ifindex = if_nametoindex(ifname); 5999 6000 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d", 6001 __func__, type, ifname, ifindex); 6002 if (ifindex <= 0) 6003 return -1; 6004 6005#ifdef HOSTAPD 6006 if (bss->added_if_into_bridge) { 6007 if (linux_br_del_if(drv->ioctl_sock, bss->brname, bss->ifname) 6008 < 0) 6009 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 6010 "interface %s from bridge %s: %s", 6011 bss->ifname, bss->brname, strerror(errno)); 6012 } 6013 if (bss->added_bridge) { 6014 if (linux_br_del(drv->ioctl_sock, bss->brname) < 0) 6015 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 6016 "bridge %s: %s", 6017 bss->brname, strerror(errno)); 6018 } 6019#endif /* HOSTAPD */ 6020 6021 nl80211_remove_iface(drv, ifindex); 6022 6023#ifdef HOSTAPD 6024 if (type != WPA_IF_AP_BSS) 6025 return 0; 6026 6027 if (bss != &drv->first_bss) { 6028 struct i802_bss *tbss; 6029 6030 for (tbss = &drv->first_bss; tbss; tbss = tbss->next) { 6031 if (tbss->next == bss) { 6032 tbss->next = bss->next; 6033 os_free(bss); 6034 bss = NULL; 6035 break; 6036 } 6037 } 6038 if (bss) 6039 wpa_printf(MSG_INFO, "nl80211: %s - could not find " 6040 "BSS %p in the list", __func__, bss); 6041 } 6042#endif /* HOSTAPD */ 6043 6044 return 0; 6045} 6046 6047 6048static int cookie_handler(struct nl_msg *msg, void *arg) 6049{ 6050 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 6051 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6052 u64 *cookie = arg; 6053 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6054 genlmsg_attrlen(gnlh, 0), NULL); 6055 if (tb[NL80211_ATTR_COOKIE]) 6056 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 6057 return NL_SKIP; 6058} 6059 6060 6061static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv, 6062 unsigned int freq, unsigned int wait, 6063 const u8 *buf, size_t buf_len, 6064 u64 *cookie_out) 6065{ 6066 struct nl_msg *msg; 6067 u64 cookie; 6068 int ret = -1; 6069 6070 msg = nlmsg_alloc(); 6071 if (!msg) 6072 return -1; 6073 6074 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6075 NL80211_CMD_FRAME, 0); 6076 6077 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6078 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 6079 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait); 6080 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 6081 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf); 6082 6083 cookie = 0; 6084 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 6085 msg = NULL; 6086 if (ret) { 6087 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d " 6088 "(%s)", ret, strerror(-ret)); 6089 goto nla_put_failure; 6090 } 6091 wpa_printf(MSG_DEBUG, "nl80211: Frame TX command accepted; " 6092 "cookie 0x%llx", (long long unsigned int) cookie); 6093 6094 if (cookie_out) 6095 *cookie_out = cookie; 6096 6097nla_put_failure: 6098 nlmsg_free(msg); 6099 return ret; 6100} 6101 6102 6103static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq, 6104 unsigned int wait_time, 6105 const u8 *dst, const u8 *src, 6106 const u8 *bssid, 6107 const u8 *data, size_t data_len) 6108{ 6109 struct i802_bss *bss = priv; 6110 struct wpa_driver_nl80211_data *drv = bss->drv; 6111 int ret = -1; 6112 u8 *buf; 6113 struct ieee80211_hdr *hdr; 6114 6115 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, " 6116 "wait=%d ms)", drv->ifindex, wait_time); 6117 6118 buf = os_zalloc(24 + data_len); 6119 if (buf == NULL) 6120 return ret; 6121 os_memcpy(buf + 24, data, data_len); 6122 hdr = (struct ieee80211_hdr *) buf; 6123 hdr->frame_control = 6124 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 6125 os_memcpy(hdr->addr1, dst, ETH_ALEN); 6126 os_memcpy(hdr->addr2, src, ETH_ALEN); 6127 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 6128 6129 if (drv->nlmode == NL80211_IFTYPE_AP) 6130 ret = wpa_driver_nl80211_send_mlme(priv, buf, 24 + data_len); 6131 else 6132 ret = nl80211_send_frame_cmd(drv, freq, wait_time, buf, 6133 24 + data_len, 6134 &drv->send_action_cookie); 6135 6136 os_free(buf); 6137 return ret; 6138} 6139 6140 6141static void wpa_driver_nl80211_send_action_cancel_wait(void *priv) 6142{ 6143 struct i802_bss *bss = priv; 6144 struct wpa_driver_nl80211_data *drv = bss->drv; 6145 struct nl_msg *msg; 6146 int ret; 6147 6148 msg = nlmsg_alloc(); 6149 if (!msg) 6150 return; 6151 6152 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6153 NL80211_CMD_FRAME_WAIT_CANCEL, 0); 6154 6155 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6156 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie); 6157 6158 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6159 msg = NULL; 6160 if (ret) 6161 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d " 6162 "(%s)", ret, strerror(-ret)); 6163 6164 nla_put_failure: 6165 nlmsg_free(msg); 6166} 6167 6168 6169static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 6170 unsigned int duration) 6171{ 6172 struct i802_bss *bss = priv; 6173 struct wpa_driver_nl80211_data *drv = bss->drv; 6174 struct nl_msg *msg; 6175 int ret; 6176 u64 cookie; 6177 6178 msg = nlmsg_alloc(); 6179 if (!msg) 6180 return -1; 6181 6182 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6183 NL80211_CMD_REMAIN_ON_CHANNEL, 0); 6184 6185 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6186 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 6187 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 6188 6189 cookie = 0; 6190 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 6191 if (ret == 0) { 6192 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 6193 "0x%llx for freq=%u MHz duration=%u", 6194 (long long unsigned int) cookie, freq, duration); 6195 drv->remain_on_chan_cookie = cookie; 6196 return 0; 6197 } 6198 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 6199 "(freq=%d duration=%u): %d (%s)", 6200 freq, duration, ret, strerror(-ret)); 6201nla_put_failure: 6202 return -1; 6203} 6204 6205 6206static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 6207{ 6208 struct i802_bss *bss = priv; 6209 struct wpa_driver_nl80211_data *drv = bss->drv; 6210 struct nl_msg *msg; 6211 int ret; 6212 6213 if (!drv->pending_remain_on_chan) { 6214 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 6215 "to cancel"); 6216 return -1; 6217 } 6218 6219 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 6220 "0x%llx", 6221 (long long unsigned int) drv->remain_on_chan_cookie); 6222 6223 msg = nlmsg_alloc(); 6224 if (!msg) 6225 return -1; 6226 6227 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6228 NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 0); 6229 6230 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6231 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 6232 6233 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6234 if (ret == 0) 6235 return 0; 6236 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 6237 "%d (%s)", ret, strerror(-ret)); 6238nla_put_failure: 6239 return -1; 6240} 6241 6242 6243static int wpa_driver_nl80211_probe_req_report(void *priv, int report) 6244{ 6245 struct i802_bss *bss = priv; 6246 struct wpa_driver_nl80211_data *drv = bss->drv; 6247 6248 if (drv->nlmode != NL80211_IFTYPE_STATION) { 6249 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only " 6250 "allowed in station mode (iftype=%d)", 6251 drv->nlmode); 6252 return -1; 6253 } 6254 6255 if (!report) { 6256 if (drv->nl_handle_preq) { 6257 eloop_unregister_read_sock( 6258 nl_socket_get_fd(drv->nl_handle_preq)); 6259 nl_cache_free(drv->nl_cache_preq); 6260 nl80211_handle_destroy(drv->nl_handle_preq); 6261 drv->nl_handle_preq = NULL; 6262 } 6263 return 0; 6264 } 6265 6266 if (drv->nl_handle_preq) { 6267 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting " 6268 "already on!"); 6269 return 0; 6270 } 6271 6272 drv->nl_handle_preq = nl80211_handle_alloc(drv->nl_cb); 6273 if (drv->nl_handle_preq == NULL) { 6274 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate " 6275 "netlink callbacks (preq)"); 6276 goto out_err1; 6277 } 6278 6279 if (genl_connect(drv->nl_handle_preq)) { 6280 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to " 6281 "generic netlink (preq)"); 6282 goto out_err2; 6283 return -1; 6284 } 6285 6286#ifdef CONFIG_LIBNL20 6287 if (genl_ctrl_alloc_cache(drv->nl_handle_preq, 6288 &drv->nl_cache_preq) < 0) { 6289 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 6290 "netlink cache (preq)"); 6291 goto out_err2; 6292 } 6293#else /* CONFIG_LIBNL20 */ 6294 drv->nl_cache_preq = genl_ctrl_alloc_cache(drv->nl_handle_preq); 6295 if (drv->nl_cache_preq == NULL) { 6296 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 6297 "netlink cache (preq)"); 6298 goto out_err2; 6299 } 6300#endif /* CONFIG_LIBNL20 */ 6301 6302 if (nl80211_register_frame(drv, drv->nl_handle_preq, 6303 (WLAN_FC_TYPE_MGMT << 2) | 6304 (WLAN_FC_STYPE_PROBE_REQ << 4), 6305 NULL, 0) < 0) { 6306 goto out_err3; 6307 } 6308 6309 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_preq), 6310 wpa_driver_nl80211_event_receive, drv, 6311 drv->nl_handle_preq); 6312 6313 return 0; 6314 6315 out_err3: 6316 nl_cache_free(drv->nl_cache_preq); 6317 out_err2: 6318 nl80211_handle_destroy(drv->nl_handle_preq); 6319 drv->nl_handle_preq = NULL; 6320 out_err1: 6321 return -1; 6322} 6323 6324 6325static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 6326 int ifindex, int disabled) 6327{ 6328 struct nl_msg *msg; 6329 struct nlattr *bands, *band; 6330 int ret; 6331 6332 msg = nlmsg_alloc(); 6333 if (!msg) 6334 return -1; 6335 6336 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6337 NL80211_CMD_SET_TX_BITRATE_MASK, 0); 6338 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 6339 6340 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 6341 if (!bands) 6342 goto nla_put_failure; 6343 6344 /* 6345 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 6346 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 6347 * rates. All 5 GHz rates are left enabled. 6348 */ 6349 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 6350 if (!band) 6351 goto nla_put_failure; 6352 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 6353 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 6354 nla_nest_end(msg, band); 6355 6356 nla_nest_end(msg, bands); 6357 6358 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6359 msg = NULL; 6360 if (ret) { 6361 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 6362 "(%s)", ret, strerror(-ret)); 6363 } 6364 6365 return ret; 6366 6367nla_put_failure: 6368 nlmsg_free(msg); 6369 return -1; 6370} 6371 6372 6373static int wpa_driver_nl80211_disable_11b_rates(void *priv, int disabled) 6374{ 6375 struct i802_bss *bss = priv; 6376 struct wpa_driver_nl80211_data *drv = bss->drv; 6377 drv->disable_11b_rates = disabled; 6378 return nl80211_disable_11b_rates(drv, drv->ifindex, disabled); 6379} 6380 6381 6382static int wpa_driver_nl80211_deinit_ap(void *priv) 6383{ 6384 struct i802_bss *bss = priv; 6385 struct wpa_driver_nl80211_data *drv = bss->drv; 6386 if (drv->nlmode != NL80211_IFTYPE_AP) 6387 return -1; 6388 wpa_driver_nl80211_del_beacon(drv); 6389 return wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA); 6390} 6391 6392 6393static void wpa_driver_nl80211_resume(void *priv) 6394{ 6395 struct i802_bss *bss = priv; 6396 struct wpa_driver_nl80211_data *drv = bss->drv; 6397 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) { 6398 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on " 6399 "resume event"); 6400 } 6401} 6402 6403 6404static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 6405 const u8 *ies, size_t ies_len) 6406{ 6407 struct i802_bss *bss = priv; 6408 struct wpa_driver_nl80211_data *drv = bss->drv; 6409 int ret; 6410 u8 *data, *pos; 6411 size_t data_len; 6412 u8 own_addr[ETH_ALEN]; 6413 6414 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) < 0) 6415 return -1; 6416 6417 if (action != 1) { 6418 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 6419 "action %d", action); 6420 return -1; 6421 } 6422 6423 /* 6424 * Action frame payload: 6425 * Category[1] = 6 (Fast BSS Transition) 6426 * Action[1] = 1 (Fast BSS Transition Request) 6427 * STA Address 6428 * Target AP Address 6429 * FT IEs 6430 */ 6431 6432 data_len = 2 + 2 * ETH_ALEN + ies_len; 6433 data = os_malloc(data_len); 6434 if (data == NULL) 6435 return -1; 6436 pos = data; 6437 *pos++ = 0x06; /* FT Action category */ 6438 *pos++ = action; 6439 os_memcpy(pos, own_addr, ETH_ALEN); 6440 pos += ETH_ALEN; 6441 os_memcpy(pos, target_ap, ETH_ALEN); 6442 pos += ETH_ALEN; 6443 os_memcpy(pos, ies, ies_len); 6444 6445 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0, 6446 drv->bssid, own_addr, drv->bssid, 6447 data, data_len); 6448 os_free(data); 6449 6450 return ret; 6451} 6452 6453 6454static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 6455{ 6456 struct i802_bss *bss = priv; 6457 struct wpa_driver_nl80211_data *drv = bss->drv; 6458 struct nl_msg *msg, *cqm = NULL; 6459 6460 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 6461 "hysteresis=%d", threshold, hysteresis); 6462 6463 msg = nlmsg_alloc(); 6464 if (!msg) 6465 return -1; 6466 6467 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 6468 0, NL80211_CMD_SET_CQM, 0); 6469 6470 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 6471 6472 cqm = nlmsg_alloc(); 6473 if (cqm == NULL) 6474 return -1; 6475 6476 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 6477 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 6478 nla_put_nested(msg, NL80211_ATTR_CQM, cqm); 6479 6480 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 6481 return 0; 6482 msg = NULL; 6483 6484nla_put_failure: 6485 if (cqm) 6486 nlmsg_free(cqm); 6487 nlmsg_free(msg); 6488 return -1; 6489} 6490 6491 6492static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si) 6493{ 6494 struct i802_bss *bss = priv; 6495 struct wpa_driver_nl80211_data *drv = bss->drv; 6496 int res; 6497 6498 os_memset(si, 0, sizeof(*si)); 6499 res = nl80211_get_link_signal(drv, si); 6500 if (res != 0) 6501 return res; 6502 6503 return nl80211_get_link_noise(drv, si); 6504} 6505 6506 6507static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 6508 int encrypt) 6509{ 6510 struct i802_bss *bss = priv; 6511 struct wpa_driver_nl80211_data *drv = bss->drv; 6512 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt); 6513} 6514 6515 6516static int nl80211_set_intra_bss(void *priv, int enabled) 6517{ 6518 struct i802_bss *bss = priv; 6519 struct wpa_driver_nl80211_data *drv = bss->drv; 6520 struct nl_msg *msg; 6521 6522 msg = nlmsg_alloc(); 6523 if (!msg) 6524 return -ENOMEM; 6525 6526 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 6527 NL80211_CMD_SET_BSS, 0); 6528 6529 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 6530 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, !enabled); 6531 6532 return send_and_recv_msgs(drv, msg, NULL, NULL); 6533 nla_put_failure: 6534 return -ENOBUFS; 6535} 6536 6537 6538static int nl80211_set_param(void *priv, const char *param) 6539{ 6540 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param); 6541 if (param == NULL) 6542 return 0; 6543 6544#ifdef CONFIG_P2P 6545 if (os_strstr(param, "use_p2p_group_interface=1")) { 6546 struct i802_bss *bss = priv; 6547 struct wpa_driver_nl80211_data *drv = bss->drv; 6548 6549 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 6550 "interface"); 6551 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 6552 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 6553 } 6554#endif /* CONFIG_P2P */ 6555 6556 return 0; 6557} 6558 6559 6560static void * nl80211_global_init(void) 6561{ 6562 struct nl80211_global *global; 6563 global = os_zalloc(sizeof(*global)); 6564 if (global == NULL) 6565 return NULL; 6566 dl_list_init(&global->interfaces); 6567 return global; 6568} 6569 6570 6571static void nl80211_global_deinit(void *priv) 6572{ 6573 struct nl80211_global *global = priv; 6574 if (global == NULL) 6575 return; 6576 if (!dl_list_empty(&global->interfaces)) { 6577 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at " 6578 "nl80211_global_deinit", 6579 dl_list_len(&global->interfaces)); 6580 } 6581 os_free(global); 6582} 6583 6584 6585static const char * nl80211_get_radio_name(void *priv) 6586{ 6587 struct i802_bss *bss = priv; 6588 struct wpa_driver_nl80211_data *drv = bss->drv; 6589 return drv->phyname; 6590} 6591 6592 6593static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid, 6594 const u8 *pmkid) 6595{ 6596 struct nl_msg *msg; 6597 6598 msg = nlmsg_alloc(); 6599 if (!msg) 6600 return -ENOMEM; 6601 6602 genlmsg_put(msg, 0, 0, genl_family_get_id(bss->drv->nl80211), 0, 0, 6603 cmd, 0); 6604 6605 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 6606 if (pmkid) 6607 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid); 6608 if (bssid) 6609 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 6610 6611 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 6612 nla_put_failure: 6613 return -ENOBUFS; 6614} 6615 6616 6617static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 6618{ 6619 struct i802_bss *bss = priv; 6620 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid)); 6621 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid); 6622} 6623 6624 6625static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 6626{ 6627 struct i802_bss *bss = priv; 6628 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR, 6629 MAC2STR(bssid)); 6630 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid); 6631} 6632 6633 6634static int nl80211_flush_pmkid(void *priv) 6635{ 6636 struct i802_bss *bss = priv; 6637 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs"); 6638 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL); 6639} 6640 6641 6642const struct wpa_driver_ops wpa_driver_nl80211_ops = { 6643 .name = "nl80211", 6644 .desc = "Linux nl80211/cfg80211", 6645 .get_bssid = wpa_driver_nl80211_get_bssid, 6646 .get_ssid = wpa_driver_nl80211_get_ssid, 6647 .set_key = wpa_driver_nl80211_set_key, 6648 .scan2 = wpa_driver_nl80211_scan, 6649 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 6650 .deauthenticate = wpa_driver_nl80211_deauthenticate, 6651 .disassociate = wpa_driver_nl80211_disassociate, 6652 .authenticate = wpa_driver_nl80211_authenticate, 6653 .associate = wpa_driver_nl80211_associate, 6654 .global_init = nl80211_global_init, 6655 .global_deinit = nl80211_global_deinit, 6656 .init2 = wpa_driver_nl80211_init, 6657 .deinit = wpa_driver_nl80211_deinit, 6658 .get_capa = wpa_driver_nl80211_get_capa, 6659 .set_operstate = wpa_driver_nl80211_set_operstate, 6660 .set_supp_port = wpa_driver_nl80211_set_supp_port, 6661 .set_country = wpa_driver_nl80211_set_country, 6662 .set_beacon = wpa_driver_nl80211_set_beacon, 6663 .if_add = wpa_driver_nl80211_if_add, 6664 .if_remove = wpa_driver_nl80211_if_remove, 6665 .send_mlme = wpa_driver_nl80211_send_mlme, 6666 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 6667 .sta_add = wpa_driver_nl80211_sta_add, 6668 .sta_remove = wpa_driver_nl80211_sta_remove, 6669 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 6670 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 6671#ifdef HOSTAPD 6672 .hapd_init = i802_init, 6673 .hapd_deinit = i802_deinit, 6674 .set_wds_sta = i802_set_wds_sta, 6675#endif /* HOSTAPD */ 6676#if defined(HOSTAPD) || defined(CONFIG_AP) 6677 .get_seqnum = i802_get_seqnum, 6678 .flush = i802_flush, 6679 .read_sta_data = i802_read_sta_data, 6680 .get_inact_sec = i802_get_inact_sec, 6681 .sta_clear_stats = i802_sta_clear_stats, 6682 .set_rts = i802_set_rts, 6683 .set_frag = i802_set_frag, 6684 .set_cts_protect = i802_set_cts_protect, 6685 .set_preamble = i802_set_preamble, 6686 .set_short_slot_time = i802_set_short_slot_time, 6687 .set_tx_queue_params = i802_set_tx_queue_params, 6688 .set_sta_vlan = i802_set_sta_vlan, 6689 .set_ht_params = i802_set_ht_params, 6690 .set_rate_sets = i802_set_rate_sets, 6691 .sta_deauth = i802_sta_deauth, 6692 .sta_disassoc = i802_sta_disassoc, 6693#endif /* HOSTAPD || CONFIG_AP */ 6694 .set_freq = i802_set_freq, 6695 .send_action = wpa_driver_nl80211_send_action, 6696 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait, 6697 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 6698 .cancel_remain_on_channel = 6699 wpa_driver_nl80211_cancel_remain_on_channel, 6700 .probe_req_report = wpa_driver_nl80211_probe_req_report, 6701 .disable_11b_rates = wpa_driver_nl80211_disable_11b_rates, 6702 .deinit_ap = wpa_driver_nl80211_deinit_ap, 6703 .resume = wpa_driver_nl80211_resume, 6704 .send_ft_action = nl80211_send_ft_action, 6705 .signal_monitor = nl80211_signal_monitor, 6706 .signal_poll = nl80211_signal_poll, 6707 .send_frame = nl80211_send_frame, 6708 .set_intra_bss = nl80211_set_intra_bss, 6709 .set_param = nl80211_set_param, 6710 .get_radio_name = nl80211_get_radio_name, 6711 .add_pmkid = nl80211_add_pmkid, 6712 .remove_pmkid = nl80211_remove_pmkid, 6713 .flush_pmkid = nl80211_flush_pmkid, 6714}; 6715