driver_nl80211.c revision 344abd362cfe2d03ed956666527352826b67bde5
1/* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This software may be distributed under the terms of the BSD license. 10 * See README for more details. 11 */ 12 13#include "includes.h" 14#include <sys/ioctl.h> 15#include <sys/types.h> 16#include <sys/stat.h> 17#include <fcntl.h> 18#include <net/if.h> 19#include <netlink/genl/genl.h> 20#include <netlink/genl/family.h> 21#include <netlink/genl/ctrl.h> 22#include <linux/rtnetlink.h> 23#include <netpacket/packet.h> 24#include <linux/filter.h> 25#include <linux/errqueue.h> 26#include "nl80211_copy.h" 27 28#include "common.h" 29#include "eloop.h" 30#include "utils/list.h" 31#include "common/ieee802_11_defs.h" 32#include "common/ieee802_11_common.h" 33#include "l2_packet/l2_packet.h" 34#include "netlink.h" 35#include "linux_ioctl.h" 36#include "radiotap.h" 37#include "radiotap_iter.h" 38#include "rfkill.h" 39#include "driver.h" 40 41#ifndef SO_WIFI_STATUS 42# if defined(__sparc__) 43# define SO_WIFI_STATUS 0x0025 44# elif defined(__parisc__) 45# define SO_WIFI_STATUS 0x4022 46# else 47# define SO_WIFI_STATUS 41 48# endif 49 50# define SCM_WIFI_STATUS SO_WIFI_STATUS 51#endif 52 53#ifndef SO_EE_ORIGIN_TXSTATUS 54#define SO_EE_ORIGIN_TXSTATUS 4 55#endif 56 57#ifndef PACKET_TX_TIMESTAMP 58#define PACKET_TX_TIMESTAMP 16 59#endif 60 61#ifdef ANDROID 62#include "android_drv.h" 63#endif /* ANDROID */ 64#ifdef CONFIG_LIBNL20 65/* libnl 2.0 compatibility code */ 66#define nl_handle nl_sock 67#define nl80211_handle_alloc nl_socket_alloc_cb 68#define nl80211_handle_destroy nl_socket_free 69#else 70/* 71 * libnl 1.1 has a bug, it tries to allocate socket numbers densely 72 * but when you free a socket again it will mess up its bitmap and 73 * and use the wrong number the next time it needs a socket ID. 74 * Therefore, we wrap the handle alloc/destroy and add our own pid 75 * accounting. 76 */ 77static uint32_t port_bitmap[32] = { 0 }; 78 79static struct nl_handle *nl80211_handle_alloc(void *cb) 80{ 81 struct nl_handle *handle; 82 uint32_t pid = getpid() & 0x3FFFFF; 83 int i; 84 85 handle = nl_handle_alloc_cb(cb); 86 87 for (i = 0; i < 1024; i++) { 88 if (port_bitmap[i / 32] & (1 << (i % 32))) 89 continue; 90 port_bitmap[i / 32] |= 1 << (i % 32); 91 pid += i << 22; 92 break; 93 } 94 95 nl_socket_set_local_port(handle, pid); 96 97 return handle; 98} 99 100static void nl80211_handle_destroy(struct nl_handle *handle) 101{ 102 uint32_t port = nl_socket_get_local_port(handle); 103 104 port >>= 22; 105 port_bitmap[port / 32] &= ~(1 << (port % 32)); 106 107 nl_handle_destroy(handle); 108} 109#endif /* CONFIG_LIBNL20 */ 110 111 112#ifdef ANDROID 113/* system/core/libnl_2 does not include nl_socket_set_nonblocking() */ 114static int android_nl_socket_set_nonblocking(struct nl_handle *handle) 115{ 116 return fcntl(nl_socket_get_fd(handle), F_SETFL, O_NONBLOCK); 117} 118#undef nl_socket_set_nonblocking 119#define nl_socket_set_nonblocking(h) android_nl_socket_set_nonblocking(h) 120#endif /* ANDROID */ 121 122 123static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg) 124{ 125 struct nl_handle *handle; 126 127 handle = nl80211_handle_alloc(cb); 128 if (handle == NULL) { 129 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 130 "callbacks (%s)", dbg); 131 return NULL; 132 } 133 134 if (genl_connect(handle)) { 135 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 136 "netlink (%s)", dbg); 137 nl80211_handle_destroy(handle); 138 return NULL; 139 } 140 141 return handle; 142} 143 144 145static void nl_destroy_handles(struct nl_handle **handle) 146{ 147 if (*handle == NULL) 148 return; 149 nl80211_handle_destroy(*handle); 150 *handle = NULL; 151} 152 153 154#if __WORDSIZE == 64 155#define ELOOP_SOCKET_INVALID (intptr_t) 0x8888888888888889ULL 156#else 157#define ELOOP_SOCKET_INVALID (intptr_t) 0x88888889ULL 158#endif 159 160static void nl80211_register_eloop_read(struct nl_handle **handle, 161 eloop_sock_handler handler, 162 void *eloop_data) 163{ 164 nl_socket_set_nonblocking(*handle); 165 eloop_register_read_sock(nl_socket_get_fd(*handle), handler, 166 eloop_data, *handle); 167 *handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID); 168} 169 170 171static void nl80211_destroy_eloop_handle(struct nl_handle **handle) 172{ 173 *handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID); 174 eloop_unregister_read_sock(nl_socket_get_fd(*handle)); 175 nl_destroy_handles(handle); 176} 177 178 179#ifndef IFF_LOWER_UP 180#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 181#endif 182#ifndef IFF_DORMANT 183#define IFF_DORMANT 0x20000 /* driver signals dormant */ 184#endif 185 186#ifndef IF_OPER_DORMANT 187#define IF_OPER_DORMANT 5 188#endif 189#ifndef IF_OPER_UP 190#define IF_OPER_UP 6 191#endif 192 193struct nl80211_global { 194 struct dl_list interfaces; 195 int if_add_ifindex; 196 u64 if_add_wdevid; 197 int if_add_wdevid_set; 198 struct netlink_data *netlink; 199 struct nl_cb *nl_cb; 200 struct nl_handle *nl; 201 int nl80211_id; 202 int ioctl_sock; /* socket for ioctl() use */ 203 204 struct nl_handle *nl_event; 205}; 206 207struct nl80211_wiphy_data { 208 struct dl_list list; 209 struct dl_list bsss; 210 struct dl_list drvs; 211 212 struct nl_handle *nl_beacons; 213 struct nl_cb *nl_cb; 214 215 int wiphy_idx; 216}; 217 218static void nl80211_global_deinit(void *priv); 219 220struct i802_bss { 221 struct wpa_driver_nl80211_data *drv; 222 struct i802_bss *next; 223 int ifindex; 224 u64 wdev_id; 225 char ifname[IFNAMSIZ + 1]; 226 char brname[IFNAMSIZ]; 227 unsigned int beacon_set:1; 228 unsigned int added_if_into_bridge:1; 229 unsigned int added_bridge:1; 230 unsigned int in_deinit:1; 231 unsigned int wdev_id_set:1; 232 unsigned int added_if:1; 233 234 u8 addr[ETH_ALEN]; 235 236 int freq; 237 int if_dynamic; 238 239 void *ctx; 240 struct nl_handle *nl_preq, *nl_mgmt; 241 struct nl_cb *nl_cb; 242 243 struct nl80211_wiphy_data *wiphy_data; 244 struct dl_list wiphy_list; 245}; 246 247struct wpa_driver_nl80211_data { 248 struct nl80211_global *global; 249 struct dl_list list; 250 struct dl_list wiphy_list; 251 char phyname[32]; 252 void *ctx; 253 int ifindex; 254 int if_removed; 255 int if_disabled; 256 int ignore_if_down_event; 257 struct rfkill_data *rfkill; 258 struct wpa_driver_capa capa; 259 u8 *extended_capa, *extended_capa_mask; 260 unsigned int extended_capa_len; 261 int has_capability; 262 263 int operstate; 264 265 int scan_complete_events; 266 enum scan_states { 267 NO_SCAN, SCAN_REQUESTED, SCAN_STARTED, SCAN_COMPLETED, 268 SCAN_ABORTED, SCHED_SCAN_STARTED, SCHED_SCAN_STOPPED, 269 SCHED_SCAN_RESULTS 270 } scan_state; 271 272 struct nl_cb *nl_cb; 273 274 u8 auth_bssid[ETH_ALEN]; 275 u8 auth_attempt_bssid[ETH_ALEN]; 276 u8 bssid[ETH_ALEN]; 277 u8 prev_bssid[ETH_ALEN]; 278 int associated; 279 u8 ssid[32]; 280 size_t ssid_len; 281 enum nl80211_iftype nlmode; 282 enum nl80211_iftype ap_scan_as_station; 283 unsigned int assoc_freq; 284 285 int monitor_sock; 286 int monitor_ifidx; 287 int monitor_refcount; 288 289 unsigned int disabled_11b_rates:1; 290 unsigned int pending_remain_on_chan:1; 291 unsigned int in_interface_list:1; 292 unsigned int device_ap_sme:1; 293 unsigned int poll_command_supported:1; 294 unsigned int data_tx_status:1; 295 unsigned int scan_for_auth:1; 296 unsigned int retry_auth:1; 297 unsigned int use_monitor:1; 298 unsigned int ignore_next_local_disconnect:1; 299 unsigned int allow_p2p_device:1; 300 unsigned int hostapd:1; 301 unsigned int start_mode_ap:1; 302 unsigned int start_iface_up:1; 303 304 u64 remain_on_chan_cookie; 305 u64 send_action_cookie; 306 307 unsigned int last_mgmt_freq; 308 309 struct wpa_driver_scan_filter *filter_ssids; 310 size_t num_filter_ssids; 311 312 struct i802_bss *first_bss; 313 314 int eapol_tx_sock; 315 316 int eapol_sock; /* socket for EAPOL frames */ 317 318 int default_if_indices[16]; 319 int *if_indices; 320 int num_if_indices; 321 322 /* From failed authentication command */ 323 int auth_freq; 324 u8 auth_bssid_[ETH_ALEN]; 325 u8 auth_ssid[32]; 326 size_t auth_ssid_len; 327 int auth_alg; 328 u8 *auth_ie; 329 size_t auth_ie_len; 330 u8 auth_wep_key[4][16]; 331 size_t auth_wep_key_len[4]; 332 int auth_wep_tx_keyidx; 333 int auth_local_state_change; 334 int auth_p2p; 335}; 336 337 338static void wpa_driver_nl80211_deinit(struct i802_bss *bss); 339static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 340 void *timeout_ctx); 341static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 342 enum nl80211_iftype nlmode); 343static int 344wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv, 345 const u8 *set_addr, int first); 346static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 347 const u8 *addr, int cmd, u16 reason_code, 348 int local_state_change); 349static void nl80211_remove_monitor_interface( 350 struct wpa_driver_nl80211_data *drv); 351static int nl80211_send_frame_cmd(struct i802_bss *bss, 352 unsigned int freq, unsigned int wait, 353 const u8 *buf, size_t buf_len, u64 *cookie, 354 int no_cck, int no_ack, int offchanok); 355static int nl80211_register_frame(struct i802_bss *bss, 356 struct nl_handle *hl_handle, 357 u16 type, const u8 *match, size_t match_len); 358static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, 359 int report); 360#ifdef ANDROID 361static int android_pno_start(struct i802_bss *bss, 362 struct wpa_driver_scan_params *params); 363static int android_pno_stop(struct i802_bss *bss); 364extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf, 365 size_t buf_len); 366#endif /* ANDROID */ 367#ifdef ANDROID_P2P 368int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration); 369int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len); 370int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow); 371int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon, 372 const struct wpabuf *proberesp, 373 const struct wpabuf *assocresp); 374#endif /* ANDROID_P2P */ 375 376static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 377static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 378static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 379static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, 380 enum wpa_driver_if_type type, 381 const char *ifname); 382 383static int wpa_driver_nl80211_set_freq(struct i802_bss *bss, 384 struct hostapd_freq_params *freq); 385static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 386 int ifindex, int disabled); 387 388static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv); 389static int wpa_driver_nl80211_authenticate_retry( 390 struct wpa_driver_nl80211_data *drv); 391 392static int i802_set_iface_flags(struct i802_bss *bss, int up); 393 394 395static const char * nl80211_command_to_string(enum nl80211_commands cmd) 396{ 397#define C2S(x) case x: return #x; 398 switch (cmd) { 399 C2S(NL80211_CMD_UNSPEC) 400 C2S(NL80211_CMD_GET_WIPHY) 401 C2S(NL80211_CMD_SET_WIPHY) 402 C2S(NL80211_CMD_NEW_WIPHY) 403 C2S(NL80211_CMD_DEL_WIPHY) 404 C2S(NL80211_CMD_GET_INTERFACE) 405 C2S(NL80211_CMD_SET_INTERFACE) 406 C2S(NL80211_CMD_NEW_INTERFACE) 407 C2S(NL80211_CMD_DEL_INTERFACE) 408 C2S(NL80211_CMD_GET_KEY) 409 C2S(NL80211_CMD_SET_KEY) 410 C2S(NL80211_CMD_NEW_KEY) 411 C2S(NL80211_CMD_DEL_KEY) 412 C2S(NL80211_CMD_GET_BEACON) 413 C2S(NL80211_CMD_SET_BEACON) 414 C2S(NL80211_CMD_START_AP) 415 C2S(NL80211_CMD_STOP_AP) 416 C2S(NL80211_CMD_GET_STATION) 417 C2S(NL80211_CMD_SET_STATION) 418 C2S(NL80211_CMD_NEW_STATION) 419 C2S(NL80211_CMD_DEL_STATION) 420 C2S(NL80211_CMD_GET_MPATH) 421 C2S(NL80211_CMD_SET_MPATH) 422 C2S(NL80211_CMD_NEW_MPATH) 423 C2S(NL80211_CMD_DEL_MPATH) 424 C2S(NL80211_CMD_SET_BSS) 425 C2S(NL80211_CMD_SET_REG) 426 C2S(NL80211_CMD_REQ_SET_REG) 427 C2S(NL80211_CMD_GET_MESH_CONFIG) 428 C2S(NL80211_CMD_SET_MESH_CONFIG) 429 C2S(NL80211_CMD_SET_MGMT_EXTRA_IE) 430 C2S(NL80211_CMD_GET_REG) 431 C2S(NL80211_CMD_GET_SCAN) 432 C2S(NL80211_CMD_TRIGGER_SCAN) 433 C2S(NL80211_CMD_NEW_SCAN_RESULTS) 434 C2S(NL80211_CMD_SCAN_ABORTED) 435 C2S(NL80211_CMD_REG_CHANGE) 436 C2S(NL80211_CMD_AUTHENTICATE) 437 C2S(NL80211_CMD_ASSOCIATE) 438 C2S(NL80211_CMD_DEAUTHENTICATE) 439 C2S(NL80211_CMD_DISASSOCIATE) 440 C2S(NL80211_CMD_MICHAEL_MIC_FAILURE) 441 C2S(NL80211_CMD_REG_BEACON_HINT) 442 C2S(NL80211_CMD_JOIN_IBSS) 443 C2S(NL80211_CMD_LEAVE_IBSS) 444 C2S(NL80211_CMD_TESTMODE) 445 C2S(NL80211_CMD_CONNECT) 446 C2S(NL80211_CMD_ROAM) 447 C2S(NL80211_CMD_DISCONNECT) 448 C2S(NL80211_CMD_SET_WIPHY_NETNS) 449 C2S(NL80211_CMD_GET_SURVEY) 450 C2S(NL80211_CMD_NEW_SURVEY_RESULTS) 451 C2S(NL80211_CMD_SET_PMKSA) 452 C2S(NL80211_CMD_DEL_PMKSA) 453 C2S(NL80211_CMD_FLUSH_PMKSA) 454 C2S(NL80211_CMD_REMAIN_ON_CHANNEL) 455 C2S(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL) 456 C2S(NL80211_CMD_SET_TX_BITRATE_MASK) 457 C2S(NL80211_CMD_REGISTER_FRAME) 458 C2S(NL80211_CMD_FRAME) 459 C2S(NL80211_CMD_FRAME_TX_STATUS) 460 C2S(NL80211_CMD_SET_POWER_SAVE) 461 C2S(NL80211_CMD_GET_POWER_SAVE) 462 C2S(NL80211_CMD_SET_CQM) 463 C2S(NL80211_CMD_NOTIFY_CQM) 464 C2S(NL80211_CMD_SET_CHANNEL) 465 C2S(NL80211_CMD_SET_WDS_PEER) 466 C2S(NL80211_CMD_FRAME_WAIT_CANCEL) 467 C2S(NL80211_CMD_JOIN_MESH) 468 C2S(NL80211_CMD_LEAVE_MESH) 469 C2S(NL80211_CMD_UNPROT_DEAUTHENTICATE) 470 C2S(NL80211_CMD_UNPROT_DISASSOCIATE) 471 C2S(NL80211_CMD_NEW_PEER_CANDIDATE) 472 C2S(NL80211_CMD_GET_WOWLAN) 473 C2S(NL80211_CMD_SET_WOWLAN) 474 C2S(NL80211_CMD_START_SCHED_SCAN) 475 C2S(NL80211_CMD_STOP_SCHED_SCAN) 476 C2S(NL80211_CMD_SCHED_SCAN_RESULTS) 477 C2S(NL80211_CMD_SCHED_SCAN_STOPPED) 478 C2S(NL80211_CMD_SET_REKEY_OFFLOAD) 479 C2S(NL80211_CMD_PMKSA_CANDIDATE) 480 C2S(NL80211_CMD_TDLS_OPER) 481 C2S(NL80211_CMD_TDLS_MGMT) 482 C2S(NL80211_CMD_UNEXPECTED_FRAME) 483 C2S(NL80211_CMD_PROBE_CLIENT) 484 C2S(NL80211_CMD_REGISTER_BEACONS) 485 C2S(NL80211_CMD_UNEXPECTED_4ADDR_FRAME) 486 C2S(NL80211_CMD_SET_NOACK_MAP) 487 C2S(NL80211_CMD_CH_SWITCH_NOTIFY) 488 C2S(NL80211_CMD_START_P2P_DEVICE) 489 C2S(NL80211_CMD_STOP_P2P_DEVICE) 490 C2S(NL80211_CMD_CONN_FAILED) 491 C2S(NL80211_CMD_SET_MCAST_RATE) 492 C2S(NL80211_CMD_SET_MAC_ACL) 493 C2S(NL80211_CMD_RADAR_DETECT) 494 C2S(NL80211_CMD_GET_PROTOCOL_FEATURES) 495 C2S(NL80211_CMD_UPDATE_FT_IES) 496 C2S(NL80211_CMD_FT_EVENT) 497 C2S(NL80211_CMD_CRIT_PROTOCOL_START) 498 C2S(NL80211_CMD_CRIT_PROTOCOL_STOP) 499 C2S(NL80211_CMD_GET_COALESCE) 500 C2S(NL80211_CMD_SET_COALESCE) 501 C2S(NL80211_CMD_CHANNEL_SWITCH) 502 C2S(NL80211_CMD_VENDOR) 503 C2S(NL80211_CMD_SET_QOS_MAP) 504 default: 505 return "NL80211_CMD_UNKNOWN"; 506 } 507#undef C2S 508} 509 510 511/* Converts nl80211_chan_width to a common format */ 512static enum chan_width convert2width(int width) 513{ 514 switch (width) { 515 case NL80211_CHAN_WIDTH_20_NOHT: 516 return CHAN_WIDTH_20_NOHT; 517 case NL80211_CHAN_WIDTH_20: 518 return CHAN_WIDTH_20; 519 case NL80211_CHAN_WIDTH_40: 520 return CHAN_WIDTH_40; 521 case NL80211_CHAN_WIDTH_80: 522 return CHAN_WIDTH_80; 523 case NL80211_CHAN_WIDTH_80P80: 524 return CHAN_WIDTH_80P80; 525 case NL80211_CHAN_WIDTH_160: 526 return CHAN_WIDTH_160; 527 } 528 return CHAN_WIDTH_UNKNOWN; 529} 530 531 532static int is_ap_interface(enum nl80211_iftype nlmode) 533{ 534 return (nlmode == NL80211_IFTYPE_AP || 535 nlmode == NL80211_IFTYPE_P2P_GO); 536} 537 538 539static int is_sta_interface(enum nl80211_iftype nlmode) 540{ 541 return (nlmode == NL80211_IFTYPE_STATION || 542 nlmode == NL80211_IFTYPE_P2P_CLIENT); 543} 544 545 546static int is_p2p_net_interface(enum nl80211_iftype nlmode) 547{ 548 return (nlmode == NL80211_IFTYPE_P2P_CLIENT || 549 nlmode == NL80211_IFTYPE_P2P_GO); 550} 551 552 553static void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv) 554{ 555 if (drv->associated) 556 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 557 drv->associated = 0; 558 os_memset(drv->bssid, 0, ETH_ALEN); 559} 560 561 562struct nl80211_bss_info_arg { 563 struct wpa_driver_nl80211_data *drv; 564 struct wpa_scan_results *res; 565 unsigned int assoc_freq; 566 u8 assoc_bssid[ETH_ALEN]; 567}; 568 569static int bss_info_handler(struct nl_msg *msg, void *arg); 570 571 572/* nl80211 code */ 573static int ack_handler(struct nl_msg *msg, void *arg) 574{ 575 int *err = arg; 576 *err = 0; 577 return NL_STOP; 578} 579 580static int finish_handler(struct nl_msg *msg, void *arg) 581{ 582 int *ret = arg; 583 *ret = 0; 584 return NL_SKIP; 585} 586 587static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 588 void *arg) 589{ 590 int *ret = arg; 591 *ret = err->error; 592 return NL_SKIP; 593} 594 595 596static int no_seq_check(struct nl_msg *msg, void *arg) 597{ 598 return NL_OK; 599} 600 601 602static int send_and_recv(struct nl80211_global *global, 603 struct nl_handle *nl_handle, struct nl_msg *msg, 604 int (*valid_handler)(struct nl_msg *, void *), 605 void *valid_data) 606{ 607 struct nl_cb *cb; 608 int err = -ENOMEM; 609 610 cb = nl_cb_clone(global->nl_cb); 611 if (!cb) 612 goto out; 613 614 err = nl_send_auto_complete(nl_handle, msg); 615 if (err < 0) 616 goto out; 617 618 err = 1; 619 620 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 621 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 622 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 623 624 if (valid_handler) 625 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 626 valid_handler, valid_data); 627 628 while (err > 0) { 629 int res = nl_recvmsgs(nl_handle, cb); 630 if (res) { 631 wpa_printf(MSG_INFO, 632 "nl80211: %s->nl_recvmsgs failed: %d", 633 __func__, res); 634 } 635 } 636 out: 637 nl_cb_put(cb); 638 nlmsg_free(msg); 639 return err; 640} 641 642 643static int send_and_recv_msgs_global(struct nl80211_global *global, 644 struct nl_msg *msg, 645 int (*valid_handler)(struct nl_msg *, void *), 646 void *valid_data) 647{ 648 return send_and_recv(global, global->nl, msg, valid_handler, 649 valid_data); 650} 651 652 653static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 654 struct nl_msg *msg, 655 int (*valid_handler)(struct nl_msg *, void *), 656 void *valid_data) 657{ 658 return send_and_recv(drv->global, drv->global->nl, msg, 659 valid_handler, valid_data); 660} 661 662 663struct family_data { 664 const char *group; 665 int id; 666}; 667 668 669static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss) 670{ 671 if (bss->wdev_id_set) 672 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 673 else 674 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 675 return 0; 676 677nla_put_failure: 678 return -1; 679} 680 681 682static int family_handler(struct nl_msg *msg, void *arg) 683{ 684 struct family_data *res = arg; 685 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 686 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 687 struct nlattr *mcgrp; 688 int i; 689 690 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 691 genlmsg_attrlen(gnlh, 0), NULL); 692 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 693 return NL_SKIP; 694 695 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 696 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 697 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 698 nla_len(mcgrp), NULL); 699 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 700 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 701 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 702 res->group, 703 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 704 continue; 705 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 706 break; 707 }; 708 709 return NL_SKIP; 710} 711 712 713static int nl_get_multicast_id(struct nl80211_global *global, 714 const char *family, const char *group) 715{ 716 struct nl_msg *msg; 717 int ret = -1; 718 struct family_data res = { group, -ENOENT }; 719 720 msg = nlmsg_alloc(); 721 if (!msg) 722 return -ENOMEM; 723 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"), 724 0, 0, CTRL_CMD_GETFAMILY, 0); 725 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 726 727 ret = send_and_recv_msgs_global(global, msg, family_handler, &res); 728 msg = NULL; 729 if (ret == 0) 730 ret = res.id; 731 732nla_put_failure: 733 nlmsg_free(msg); 734 return ret; 735} 736 737 738static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv, 739 struct nl_msg *msg, int flags, uint8_t cmd) 740{ 741 return genlmsg_put(msg, 0, 0, drv->global->nl80211_id, 742 0, flags, cmd, 0); 743} 744 745 746struct wiphy_idx_data { 747 int wiphy_idx; 748 enum nl80211_iftype nlmode; 749 u8 *macaddr; 750}; 751 752 753static int netdev_info_handler(struct nl_msg *msg, void *arg) 754{ 755 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 756 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 757 struct wiphy_idx_data *info = arg; 758 759 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 760 genlmsg_attrlen(gnlh, 0), NULL); 761 762 if (tb[NL80211_ATTR_WIPHY]) 763 info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 764 765 if (tb[NL80211_ATTR_IFTYPE]) 766 info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]); 767 768 if (tb[NL80211_ATTR_MAC] && info->macaddr) 769 os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]), 770 ETH_ALEN); 771 772 return NL_SKIP; 773} 774 775 776static int nl80211_get_wiphy_index(struct i802_bss *bss) 777{ 778 struct nl_msg *msg; 779 struct wiphy_idx_data data = { 780 .wiphy_idx = -1, 781 .macaddr = NULL, 782 }; 783 784 msg = nlmsg_alloc(); 785 if (!msg) 786 return NL80211_IFTYPE_UNSPECIFIED; 787 788 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 789 790 if (nl80211_set_iface_id(msg, bss) < 0) 791 goto nla_put_failure; 792 793 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 794 return data.wiphy_idx; 795 msg = NULL; 796nla_put_failure: 797 nlmsg_free(msg); 798 return -1; 799} 800 801 802static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss) 803{ 804 struct nl_msg *msg; 805 struct wiphy_idx_data data = { 806 .nlmode = NL80211_IFTYPE_UNSPECIFIED, 807 .macaddr = NULL, 808 }; 809 810 msg = nlmsg_alloc(); 811 if (!msg) 812 return -1; 813 814 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 815 816 if (nl80211_set_iface_id(msg, bss) < 0) 817 goto nla_put_failure; 818 819 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 820 return data.nlmode; 821 msg = NULL; 822nla_put_failure: 823 nlmsg_free(msg); 824 return NL80211_IFTYPE_UNSPECIFIED; 825} 826 827 828static int nl80211_get_macaddr(struct i802_bss *bss) 829{ 830 struct nl_msg *msg; 831 struct wiphy_idx_data data = { 832 .macaddr = bss->addr, 833 }; 834 835 msg = nlmsg_alloc(); 836 if (!msg) 837 return NL80211_IFTYPE_UNSPECIFIED; 838 839 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 840 if (nl80211_set_iface_id(msg, bss) < 0) 841 goto nla_put_failure; 842 843 return send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data); 844 845nla_put_failure: 846 nlmsg_free(msg); 847 return NL80211_IFTYPE_UNSPECIFIED; 848} 849 850 851static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv, 852 struct nl80211_wiphy_data *w) 853{ 854 struct nl_msg *msg; 855 int ret = -1; 856 857 msg = nlmsg_alloc(); 858 if (!msg) 859 return -1; 860 861 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS); 862 863 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx); 864 865 ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL); 866 msg = NULL; 867 if (ret) { 868 wpa_printf(MSG_DEBUG, "nl80211: Register beacons command " 869 "failed: ret=%d (%s)", 870 ret, strerror(-ret)); 871 goto nla_put_failure; 872 } 873 ret = 0; 874nla_put_failure: 875 nlmsg_free(msg); 876 return ret; 877} 878 879 880static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle) 881{ 882 struct nl80211_wiphy_data *w = eloop_ctx; 883 int res; 884 885 wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available"); 886 887 res = nl_recvmsgs(handle, w->nl_cb); 888 if (res) { 889 wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d", 890 __func__, res); 891 } 892} 893 894 895static int process_beacon_event(struct nl_msg *msg, void *arg) 896{ 897 struct nl80211_wiphy_data *w = arg; 898 struct wpa_driver_nl80211_data *drv; 899 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 900 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 901 union wpa_event_data event; 902 903 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 904 genlmsg_attrlen(gnlh, 0), NULL); 905 906 if (gnlh->cmd != NL80211_CMD_FRAME) { 907 wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)", 908 gnlh->cmd); 909 return NL_SKIP; 910 } 911 912 if (!tb[NL80211_ATTR_FRAME]) 913 return NL_SKIP; 914 915 dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data, 916 wiphy_list) { 917 os_memset(&event, 0, sizeof(event)); 918 event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]); 919 event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]); 920 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 921 } 922 923 return NL_SKIP; 924} 925 926 927static struct nl80211_wiphy_data * 928nl80211_get_wiphy_data_ap(struct i802_bss *bss) 929{ 930 static DEFINE_DL_LIST(nl80211_wiphys); 931 struct nl80211_wiphy_data *w; 932 int wiphy_idx, found = 0; 933 struct i802_bss *tmp_bss; 934 935 if (bss->wiphy_data != NULL) 936 return bss->wiphy_data; 937 938 wiphy_idx = nl80211_get_wiphy_index(bss); 939 940 dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) { 941 if (w->wiphy_idx == wiphy_idx) 942 goto add; 943 } 944 945 /* alloc new one */ 946 w = os_zalloc(sizeof(*w)); 947 if (w == NULL) 948 return NULL; 949 w->wiphy_idx = wiphy_idx; 950 dl_list_init(&w->bsss); 951 dl_list_init(&w->drvs); 952 953 w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 954 if (!w->nl_cb) { 955 os_free(w); 956 return NULL; 957 } 958 nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 959 nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event, 960 w); 961 962 w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb, 963 "wiphy beacons"); 964 if (w->nl_beacons == NULL) { 965 os_free(w); 966 return NULL; 967 } 968 969 if (nl80211_register_beacons(bss->drv, w)) { 970 nl_destroy_handles(&w->nl_beacons); 971 os_free(w); 972 return NULL; 973 } 974 975 nl80211_register_eloop_read(&w->nl_beacons, nl80211_recv_beacons, w); 976 977 dl_list_add(&nl80211_wiphys, &w->list); 978 979add: 980 /* drv entry for this bss already there? */ 981 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 982 if (tmp_bss->drv == bss->drv) { 983 found = 1; 984 break; 985 } 986 } 987 /* if not add it */ 988 if (!found) 989 dl_list_add(&w->drvs, &bss->drv->wiphy_list); 990 991 dl_list_add(&w->bsss, &bss->wiphy_list); 992 bss->wiphy_data = w; 993 return w; 994} 995 996 997static void nl80211_put_wiphy_data_ap(struct i802_bss *bss) 998{ 999 struct nl80211_wiphy_data *w = bss->wiphy_data; 1000 struct i802_bss *tmp_bss; 1001 int found = 0; 1002 1003 if (w == NULL) 1004 return; 1005 bss->wiphy_data = NULL; 1006 dl_list_del(&bss->wiphy_list); 1007 1008 /* still any for this drv present? */ 1009 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 1010 if (tmp_bss->drv == bss->drv) { 1011 found = 1; 1012 break; 1013 } 1014 } 1015 /* if not remove it */ 1016 if (!found) 1017 dl_list_del(&bss->drv->wiphy_list); 1018 1019 if (!dl_list_empty(&w->bsss)) 1020 return; 1021 1022 nl80211_destroy_eloop_handle(&w->nl_beacons); 1023 1024 nl_cb_put(w->nl_cb); 1025 dl_list_del(&w->list); 1026 os_free(w); 1027} 1028 1029 1030static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 1031{ 1032 struct i802_bss *bss = priv; 1033 struct wpa_driver_nl80211_data *drv = bss->drv; 1034 if (!drv->associated) 1035 return -1; 1036 os_memcpy(bssid, drv->bssid, ETH_ALEN); 1037 return 0; 1038} 1039 1040 1041static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 1042{ 1043 struct i802_bss *bss = priv; 1044 struct wpa_driver_nl80211_data *drv = bss->drv; 1045 if (!drv->associated) 1046 return -1; 1047 os_memcpy(ssid, drv->ssid, drv->ssid_len); 1048 return drv->ssid_len; 1049} 1050 1051 1052static void wpa_driver_nl80211_event_newlink( 1053 struct wpa_driver_nl80211_data *drv, char *ifname) 1054{ 1055 union wpa_event_data event; 1056 1057 if (os_strcmp(drv->first_bss->ifname, ifname) == 0) { 1058 if (if_nametoindex(drv->first_bss->ifname) == 0) { 1059 wpa_printf(MSG_DEBUG, "nl80211: Interface %s does not exist - ignore RTM_NEWLINK", 1060 drv->first_bss->ifname); 1061 return; 1062 } 1063 if (!drv->if_removed) 1064 return; 1065 wpa_printf(MSG_DEBUG, "nl80211: Mark if_removed=0 for %s based on RTM_NEWLINK event", 1066 drv->first_bss->ifname); 1067 drv->if_removed = 0; 1068 } 1069 1070 os_memset(&event, 0, sizeof(event)); 1071 os_strlcpy(event.interface_status.ifname, ifname, 1072 sizeof(event.interface_status.ifname)); 1073 event.interface_status.ievent = EVENT_INTERFACE_ADDED; 1074 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 1075} 1076 1077 1078static void wpa_driver_nl80211_event_dellink( 1079 struct wpa_driver_nl80211_data *drv, char *ifname) 1080{ 1081 union wpa_event_data event; 1082 1083 if (os_strcmp(drv->first_bss->ifname, ifname) == 0) { 1084 if (drv->if_removed) { 1085 wpa_printf(MSG_DEBUG, "nl80211: if_removed already set - ignore RTM_DELLINK event for %s", 1086 ifname); 1087 return; 1088 } 1089 wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed - mark if_removed=1", 1090 ifname); 1091 drv->if_removed = 1; 1092 } else { 1093 wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed", 1094 ifname); 1095 } 1096 1097 os_memset(&event, 0, sizeof(event)); 1098 os_strlcpy(event.interface_status.ifname, ifname, 1099 sizeof(event.interface_status.ifname)); 1100 event.interface_status.ievent = EVENT_INTERFACE_REMOVED; 1101 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 1102} 1103 1104 1105static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 1106 u8 *buf, size_t len) 1107{ 1108 int attrlen, rta_len; 1109 struct rtattr *attr; 1110 1111 attrlen = len; 1112 attr = (struct rtattr *) buf; 1113 1114 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 1115 while (RTA_OK(attr, attrlen)) { 1116 if (attr->rta_type == IFLA_IFNAME) { 1117 if (os_strcmp(((char *) attr) + rta_len, 1118 drv->first_bss->ifname) == 0) 1119 return 1; 1120 else 1121 break; 1122 } 1123 attr = RTA_NEXT(attr, attrlen); 1124 } 1125 1126 return 0; 1127} 1128 1129 1130static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 1131 int ifindex, u8 *buf, size_t len) 1132{ 1133 if (drv->ifindex == ifindex) 1134 return 1; 1135 1136 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 1137 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 1138 "interface"); 1139 wpa_driver_nl80211_finish_drv_init(drv, NULL, 0); 1140 return 1; 1141 } 1142 1143 return 0; 1144} 1145 1146 1147static struct wpa_driver_nl80211_data * 1148nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len) 1149{ 1150 struct wpa_driver_nl80211_data *drv; 1151 dl_list_for_each(drv, &global->interfaces, 1152 struct wpa_driver_nl80211_data, list) { 1153 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) || 1154 have_ifidx(drv, idx)) 1155 return drv; 1156 } 1157 return NULL; 1158} 1159 1160 1161static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 1162 struct ifinfomsg *ifi, 1163 u8 *buf, size_t len) 1164{ 1165 struct nl80211_global *global = ctx; 1166 struct wpa_driver_nl80211_data *drv; 1167 int attrlen; 1168 struct rtattr *attr; 1169 u32 brid = 0; 1170 char namebuf[IFNAMSIZ]; 1171 char ifname[IFNAMSIZ + 1]; 1172 char extra[100], *pos, *end; 1173 1174 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 1175 if (!drv) { 1176 wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_NEWLINK event for foreign ifindex %d", 1177 ifi->ifi_index); 1178 return; 1179 } 1180 1181 extra[0] = '\0'; 1182 pos = extra; 1183 end = pos + sizeof(extra); 1184 ifname[0] = '\0'; 1185 1186 attrlen = len; 1187 attr = (struct rtattr *) buf; 1188 while (RTA_OK(attr, attrlen)) { 1189 switch (attr->rta_type) { 1190 case IFLA_IFNAME: 1191 if (RTA_PAYLOAD(attr) >= IFNAMSIZ) 1192 break; 1193 os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); 1194 ifname[RTA_PAYLOAD(attr)] = '\0'; 1195 break; 1196 case IFLA_MASTER: 1197 brid = nla_get_u32((struct nlattr *) attr); 1198 pos += os_snprintf(pos, end - pos, " master=%u", brid); 1199 break; 1200 case IFLA_WIRELESS: 1201 pos += os_snprintf(pos, end - pos, " wext"); 1202 break; 1203 case IFLA_OPERSTATE: 1204 pos += os_snprintf(pos, end - pos, " operstate=%u", 1205 nla_get_u32((struct nlattr *) attr)); 1206 break; 1207 case IFLA_LINKMODE: 1208 pos += os_snprintf(pos, end - pos, " linkmode=%u", 1209 nla_get_u32((struct nlattr *) attr)); 1210 break; 1211 } 1212 attr = RTA_NEXT(attr, attrlen); 1213 } 1214 extra[sizeof(extra) - 1] = '\0'; 1215 1216 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: ifi_index=%d ifname=%s%s ifi_flags=0x%x (%s%s%s%s)", 1217 ifi->ifi_index, ifname, extra, ifi->ifi_flags, 1218 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 1219 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 1220 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 1221 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 1222 1223 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 1224 if (if_indextoname(ifi->ifi_index, namebuf) && 1225 linux_iface_up(drv->global->ioctl_sock, 1226 drv->first_bss->ifname) > 0) { 1227 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 1228 "event since interface %s is up", namebuf); 1229 return; 1230 } 1231 wpa_printf(MSG_DEBUG, "nl80211: Interface down"); 1232 if (drv->ignore_if_down_event) { 1233 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 1234 "event generated by mode change"); 1235 drv->ignore_if_down_event = 0; 1236 } else { 1237 drv->if_disabled = 1; 1238 wpa_supplicant_event(drv->ctx, 1239 EVENT_INTERFACE_DISABLED, NULL); 1240 } 1241 } 1242 1243 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 1244 if (if_indextoname(ifi->ifi_index, namebuf) && 1245 linux_iface_up(drv->global->ioctl_sock, 1246 drv->first_bss->ifname) == 0) { 1247 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1248 "event since interface %s is down", 1249 namebuf); 1250 } else if (if_nametoindex(drv->first_bss->ifname) == 0) { 1251 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1252 "event since interface %s does not exist", 1253 drv->first_bss->ifname); 1254 } else if (drv->if_removed) { 1255 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1256 "event since interface %s is marked " 1257 "removed", drv->first_bss->ifname); 1258 } else { 1259 wpa_printf(MSG_DEBUG, "nl80211: Interface up"); 1260 drv->if_disabled = 0; 1261 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, 1262 NULL); 1263 } 1264 } 1265 1266 /* 1267 * Some drivers send the association event before the operup event--in 1268 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 1269 * fails. This will hit us when wpa_supplicant does not need to do 1270 * IEEE 802.1X authentication 1271 */ 1272 if (drv->operstate == 1 && 1273 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 1274 !(ifi->ifi_flags & IFF_RUNNING)) { 1275 wpa_printf(MSG_DEBUG, "nl80211: Set IF_OPER_UP again based on ifi_flags and expected operstate"); 1276 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 1277 -1, IF_OPER_UP); 1278 } 1279 1280 if (ifname[0]) 1281 wpa_driver_nl80211_event_newlink(drv, ifname); 1282 1283 if (ifi->ifi_family == AF_BRIDGE && brid) { 1284 /* device has been added to bridge */ 1285 if_indextoname(brid, namebuf); 1286 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 1287 brid, namebuf); 1288 add_ifidx(drv, brid); 1289 } 1290} 1291 1292 1293static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 1294 struct ifinfomsg *ifi, 1295 u8 *buf, size_t len) 1296{ 1297 struct nl80211_global *global = ctx; 1298 struct wpa_driver_nl80211_data *drv; 1299 int attrlen; 1300 struct rtattr *attr; 1301 u32 brid = 0; 1302 char ifname[IFNAMSIZ + 1]; 1303 1304 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 1305 if (!drv) { 1306 wpa_printf(MSG_DEBUG, "nl80211: Ignore RTM_DELLINK event for foreign ifindex %d", 1307 ifi->ifi_index); 1308 return; 1309 } 1310 1311 ifname[0] = '\0'; 1312 1313 attrlen = len; 1314 attr = (struct rtattr *) buf; 1315 while (RTA_OK(attr, attrlen)) { 1316 switch (attr->rta_type) { 1317 case IFLA_IFNAME: 1318 if (RTA_PAYLOAD(attr) >= IFNAMSIZ) 1319 break; 1320 os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); 1321 ifname[RTA_PAYLOAD(attr)] = '\0'; 1322 break; 1323 case IFLA_MASTER: 1324 brid = nla_get_u32((struct nlattr *) attr); 1325 break; 1326 } 1327 attr = RTA_NEXT(attr, attrlen); 1328 } 1329 1330 if (ifname[0]) 1331 wpa_driver_nl80211_event_dellink(drv, ifname); 1332 1333 if (ifi->ifi_family == AF_BRIDGE && brid) { 1334 /* device has been removed from bridge */ 1335 char namebuf[IFNAMSIZ]; 1336 if_indextoname(brid, namebuf); 1337 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 1338 "%s", brid, namebuf); 1339 del_ifidx(drv, brid); 1340 } 1341} 1342 1343 1344static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 1345 const u8 *frame, size_t len) 1346{ 1347 const struct ieee80211_mgmt *mgmt; 1348 union wpa_event_data event; 1349 1350 wpa_printf(MSG_DEBUG, "nl80211: Authenticate event"); 1351 mgmt = (const struct ieee80211_mgmt *) frame; 1352 if (len < 24 + sizeof(mgmt->u.auth)) { 1353 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1354 "frame"); 1355 return; 1356 } 1357 1358 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 1359 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 1360 os_memset(&event, 0, sizeof(event)); 1361 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 1362 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 1363 event.auth.auth_transaction = 1364 le_to_host16(mgmt->u.auth.auth_transaction); 1365 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 1366 if (len > 24 + sizeof(mgmt->u.auth)) { 1367 event.auth.ies = mgmt->u.auth.variable; 1368 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 1369 } 1370 1371 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 1372} 1373 1374 1375static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv) 1376{ 1377 struct nl_msg *msg; 1378 int ret; 1379 struct nl80211_bss_info_arg arg; 1380 1381 os_memset(&arg, 0, sizeof(arg)); 1382 msg = nlmsg_alloc(); 1383 if (!msg) 1384 goto nla_put_failure; 1385 1386 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 1387 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1388 1389 arg.drv = drv; 1390 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 1391 msg = NULL; 1392 if (ret == 0) { 1393 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the " 1394 "associated BSS from scan results: %u MHz", 1395 arg.assoc_freq); 1396 if (arg.assoc_freq) 1397 drv->assoc_freq = arg.assoc_freq; 1398 return drv->assoc_freq; 1399 } 1400 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 1401 "(%s)", ret, strerror(-ret)); 1402nla_put_failure: 1403 nlmsg_free(msg); 1404 return drv->assoc_freq; 1405} 1406 1407 1408static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 1409 const u8 *frame, size_t len) 1410{ 1411 const struct ieee80211_mgmt *mgmt; 1412 union wpa_event_data event; 1413 u16 status; 1414 1415 wpa_printf(MSG_DEBUG, "nl80211: Associate event"); 1416 mgmt = (const struct ieee80211_mgmt *) frame; 1417 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 1418 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1419 "frame"); 1420 return; 1421 } 1422 1423 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1424 if (status != WLAN_STATUS_SUCCESS) { 1425 os_memset(&event, 0, sizeof(event)); 1426 event.assoc_reject.bssid = mgmt->bssid; 1427 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1428 event.assoc_reject.resp_ies = 1429 (u8 *) mgmt->u.assoc_resp.variable; 1430 event.assoc_reject.resp_ies_len = 1431 len - 24 - sizeof(mgmt->u.assoc_resp); 1432 } 1433 event.assoc_reject.status_code = status; 1434 1435 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1436 return; 1437 } 1438 1439 drv->associated = 1; 1440 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 1441 os_memcpy(drv->prev_bssid, mgmt->sa, ETH_ALEN); 1442 1443 os_memset(&event, 0, sizeof(event)); 1444 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1445 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 1446 event.assoc_info.resp_ies_len = 1447 len - 24 - sizeof(mgmt->u.assoc_resp); 1448 } 1449 1450 event.assoc_info.freq = drv->assoc_freq; 1451 1452 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1453} 1454 1455 1456static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 1457 enum nl80211_commands cmd, struct nlattr *status, 1458 struct nlattr *addr, struct nlattr *req_ie, 1459 struct nlattr *resp_ie) 1460{ 1461 union wpa_event_data event; 1462 1463 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1464 /* 1465 * Avoid reporting two association events that would confuse 1466 * the core code. 1467 */ 1468 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 1469 "when using userspace SME", cmd); 1470 return; 1471 } 1472 1473 if (cmd == NL80211_CMD_CONNECT) 1474 wpa_printf(MSG_DEBUG, "nl80211: Connect event"); 1475 else if (cmd == NL80211_CMD_ROAM) 1476 wpa_printf(MSG_DEBUG, "nl80211: Roam event"); 1477 1478 os_memset(&event, 0, sizeof(event)); 1479 if (cmd == NL80211_CMD_CONNECT && 1480 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 1481 if (addr) 1482 event.assoc_reject.bssid = nla_data(addr); 1483 if (resp_ie) { 1484 event.assoc_reject.resp_ies = nla_data(resp_ie); 1485 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 1486 } 1487 event.assoc_reject.status_code = nla_get_u16(status); 1488 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1489 return; 1490 } 1491 1492 drv->associated = 1; 1493 if (addr) { 1494 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 1495 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 1496 } 1497 1498 if (req_ie) { 1499 event.assoc_info.req_ies = nla_data(req_ie); 1500 event.assoc_info.req_ies_len = nla_len(req_ie); 1501 } 1502 if (resp_ie) { 1503 event.assoc_info.resp_ies = nla_data(resp_ie); 1504 event.assoc_info.resp_ies_len = nla_len(resp_ie); 1505 } 1506 1507 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 1508 1509 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1510} 1511 1512 1513static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv, 1514 struct nlattr *reason, struct nlattr *addr, 1515 struct nlattr *by_ap) 1516{ 1517 union wpa_event_data data; 1518 unsigned int locally_generated = by_ap == NULL; 1519 1520 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1521 /* 1522 * Avoid reporting two disassociation events that could 1523 * confuse the core code. 1524 */ 1525 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1526 "event when using userspace SME"); 1527 return; 1528 } 1529 1530 if (drv->ignore_next_local_disconnect) { 1531 drv->ignore_next_local_disconnect = 0; 1532 if (locally_generated) { 1533 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1534 "event triggered during reassociation"); 1535 return; 1536 } 1537 wpa_printf(MSG_WARNING, "nl80211: Was expecting local " 1538 "disconnect but got another disconnect " 1539 "event first"); 1540 } 1541 1542 wpa_printf(MSG_DEBUG, "nl80211: Disconnect event"); 1543 nl80211_mark_disconnected(drv); 1544 os_memset(&data, 0, sizeof(data)); 1545 if (reason) 1546 data.deauth_info.reason_code = nla_get_u16(reason); 1547 data.deauth_info.locally_generated = by_ap == NULL; 1548 wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, &data); 1549} 1550 1551 1552static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv, 1553 struct nlattr *ifindex, struct nlattr *freq, 1554 struct nlattr *type, struct nlattr *bw, 1555 struct nlattr *cf1, struct nlattr *cf2) 1556{ 1557 struct i802_bss *bss; 1558 union wpa_event_data data; 1559 int ht_enabled = 1; 1560 int chan_offset = 0; 1561 int ifidx; 1562 1563 wpa_printf(MSG_DEBUG, "nl80211: Channel switch event"); 1564 1565 if (!freq) 1566 return; 1567 1568 ifidx = nla_get_u32(ifindex); 1569 for (bss = drv->first_bss; bss; bss = bss->next) 1570 if (bss->ifindex == ifidx) 1571 break; 1572 1573 if (bss == NULL) { 1574 wpa_printf(MSG_WARNING, "nl80211: Unknown ifindex (%d) for channel switch, ignoring", 1575 ifidx); 1576 return; 1577 } 1578 1579 if (type) { 1580 switch (nla_get_u32(type)) { 1581 case NL80211_CHAN_NO_HT: 1582 ht_enabled = 0; 1583 break; 1584 case NL80211_CHAN_HT20: 1585 break; 1586 case NL80211_CHAN_HT40PLUS: 1587 chan_offset = 1; 1588 break; 1589 case NL80211_CHAN_HT40MINUS: 1590 chan_offset = -1; 1591 break; 1592 } 1593 } 1594 1595 os_memset(&data, 0, sizeof(data)); 1596 data.ch_switch.freq = nla_get_u32(freq); 1597 data.ch_switch.ht_enabled = ht_enabled; 1598 data.ch_switch.ch_offset = chan_offset; 1599 if (bw) 1600 data.ch_switch.ch_width = convert2width(nla_get_u32(bw)); 1601 if (cf1) 1602 data.ch_switch.cf1 = nla_get_u32(cf1); 1603 if (cf2) 1604 data.ch_switch.cf2 = nla_get_u32(cf2); 1605 1606 bss->freq = data.ch_switch.freq; 1607 1608 wpa_supplicant_event(drv->ctx, EVENT_CH_SWITCH, &data); 1609} 1610 1611 1612static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 1613 enum nl80211_commands cmd, struct nlattr *addr) 1614{ 1615 union wpa_event_data event; 1616 enum wpa_event_type ev; 1617 1618 if (nla_len(addr) != ETH_ALEN) 1619 return; 1620 1621 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 1622 cmd, MAC2STR((u8 *) nla_data(addr))); 1623 1624 if (cmd == NL80211_CMD_AUTHENTICATE) 1625 ev = EVENT_AUTH_TIMED_OUT; 1626 else if (cmd == NL80211_CMD_ASSOCIATE) 1627 ev = EVENT_ASSOC_TIMED_OUT; 1628 else 1629 return; 1630 1631 os_memset(&event, 0, sizeof(event)); 1632 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 1633 wpa_supplicant_event(drv->ctx, ev, &event); 1634} 1635 1636 1637static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv, 1638 struct nlattr *freq, struct nlattr *sig, 1639 const u8 *frame, size_t len) 1640{ 1641 const struct ieee80211_mgmt *mgmt; 1642 union wpa_event_data event; 1643 u16 fc, stype; 1644 int ssi_signal = 0; 1645 int rx_freq = 0; 1646 1647 wpa_printf(MSG_MSGDUMP, "nl80211: Frame event"); 1648 mgmt = (const struct ieee80211_mgmt *) frame; 1649 if (len < 24) { 1650 wpa_printf(MSG_DEBUG, "nl80211: Too short management frame"); 1651 return; 1652 } 1653 1654 fc = le_to_host16(mgmt->frame_control); 1655 stype = WLAN_FC_GET_STYPE(fc); 1656 1657 if (sig) 1658 ssi_signal = (s32) nla_get_u32(sig); 1659 1660 os_memset(&event, 0, sizeof(event)); 1661 if (freq) { 1662 event.rx_mgmt.freq = nla_get_u32(freq); 1663 rx_freq = drv->last_mgmt_freq = event.rx_mgmt.freq; 1664 } 1665 wpa_printf(MSG_DEBUG, 1666 "nl80211: RX frame freq=%d ssi_signal=%d stype=%u len=%u", 1667 rx_freq, ssi_signal, stype, (unsigned int) len); 1668 event.rx_mgmt.frame = frame; 1669 event.rx_mgmt.frame_len = len; 1670 event.rx_mgmt.ssi_signal = ssi_signal; 1671 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 1672} 1673 1674 1675static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv, 1676 struct nlattr *cookie, const u8 *frame, 1677 size_t len, struct nlattr *ack) 1678{ 1679 union wpa_event_data event; 1680 const struct ieee80211_hdr *hdr; 1681 u16 fc; 1682 1683 wpa_printf(MSG_DEBUG, "nl80211: Frame TX status event"); 1684 if (!is_ap_interface(drv->nlmode)) { 1685 u64 cookie_val; 1686 1687 if (!cookie) 1688 return; 1689 1690 cookie_val = nla_get_u64(cookie); 1691 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:" 1692 " cookie=0%llx%s (ack=%d)", 1693 (long long unsigned int) cookie_val, 1694 cookie_val == drv->send_action_cookie ? 1695 " (match)" : " (unknown)", ack != NULL); 1696 if (cookie_val != drv->send_action_cookie) 1697 return; 1698 } 1699 1700 hdr = (const struct ieee80211_hdr *) frame; 1701 fc = le_to_host16(hdr->frame_control); 1702 1703 os_memset(&event, 0, sizeof(event)); 1704 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 1705 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 1706 event.tx_status.dst = hdr->addr1; 1707 event.tx_status.data = frame; 1708 event.tx_status.data_len = len; 1709 event.tx_status.ack = ack != NULL; 1710 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 1711} 1712 1713 1714static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 1715 enum wpa_event_type type, 1716 const u8 *frame, size_t len) 1717{ 1718 const struct ieee80211_mgmt *mgmt; 1719 union wpa_event_data event; 1720 const u8 *bssid = NULL; 1721 u16 reason_code = 0; 1722 1723 if (type == EVENT_DEAUTH) 1724 wpa_printf(MSG_DEBUG, "nl80211: Deauthenticate event"); 1725 else 1726 wpa_printf(MSG_DEBUG, "nl80211: Disassociate event"); 1727 1728 mgmt = (const struct ieee80211_mgmt *) frame; 1729 if (len >= 24) { 1730 bssid = mgmt->bssid; 1731 1732 if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) && 1733 !drv->associated && 1734 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0 && 1735 os_memcmp(bssid, drv->auth_attempt_bssid, ETH_ALEN) != 0 && 1736 os_memcmp(bssid, drv->prev_bssid, ETH_ALEN) == 0) { 1737 /* 1738 * Avoid issues with some roaming cases where 1739 * disconnection event for the old AP may show up after 1740 * we have started connection with the new AP. 1741 */ 1742 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth/disassoc event from old AP " MACSTR " when already authenticating with " MACSTR, 1743 MAC2STR(bssid), 1744 MAC2STR(drv->auth_attempt_bssid)); 1745 return; 1746 } 1747 1748 if (drv->associated != 0 && 1749 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 1750 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 1751 /* 1752 * We have presumably received this deauth as a 1753 * response to a clear_state_mismatch() outgoing 1754 * deauth. Don't let it take us offline! 1755 */ 1756 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 1757 "from Unknown BSSID " MACSTR " -- ignoring", 1758 MAC2STR(bssid)); 1759 return; 1760 } 1761 } 1762 1763 nl80211_mark_disconnected(drv); 1764 os_memset(&event, 0, sizeof(event)); 1765 1766 /* Note: Same offset for Reason Code in both frame subtypes */ 1767 if (len >= 24 + sizeof(mgmt->u.deauth)) 1768 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1769 1770 if (type == EVENT_DISASSOC) { 1771 event.disassoc_info.locally_generated = 1772 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 1773 event.disassoc_info.addr = bssid; 1774 event.disassoc_info.reason_code = reason_code; 1775 if (frame + len > mgmt->u.disassoc.variable) { 1776 event.disassoc_info.ie = mgmt->u.disassoc.variable; 1777 event.disassoc_info.ie_len = frame + len - 1778 mgmt->u.disassoc.variable; 1779 } 1780 } else { 1781 event.deauth_info.locally_generated = 1782 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 1783 event.deauth_info.addr = bssid; 1784 event.deauth_info.reason_code = reason_code; 1785 if (frame + len > mgmt->u.deauth.variable) { 1786 event.deauth_info.ie = mgmt->u.deauth.variable; 1787 event.deauth_info.ie_len = frame + len - 1788 mgmt->u.deauth.variable; 1789 } 1790 } 1791 1792 wpa_supplicant_event(drv->ctx, type, &event); 1793} 1794 1795 1796static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 1797 enum wpa_event_type type, 1798 const u8 *frame, size_t len) 1799{ 1800 const struct ieee80211_mgmt *mgmt; 1801 union wpa_event_data event; 1802 u16 reason_code = 0; 1803 1804 if (type == EVENT_UNPROT_DEAUTH) 1805 wpa_printf(MSG_DEBUG, "nl80211: Unprot Deauthenticate event"); 1806 else 1807 wpa_printf(MSG_DEBUG, "nl80211: Unprot Disassociate event"); 1808 1809 if (len < 24) 1810 return; 1811 1812 mgmt = (const struct ieee80211_mgmt *) frame; 1813 1814 os_memset(&event, 0, sizeof(event)); 1815 /* Note: Same offset for Reason Code in both frame subtypes */ 1816 if (len >= 24 + sizeof(mgmt->u.deauth)) 1817 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1818 1819 if (type == EVENT_UNPROT_DISASSOC) { 1820 event.unprot_disassoc.sa = mgmt->sa; 1821 event.unprot_disassoc.da = mgmt->da; 1822 event.unprot_disassoc.reason_code = reason_code; 1823 } else { 1824 event.unprot_deauth.sa = mgmt->sa; 1825 event.unprot_deauth.da = mgmt->da; 1826 event.unprot_deauth.reason_code = reason_code; 1827 } 1828 1829 wpa_supplicant_event(drv->ctx, type, &event); 1830} 1831 1832 1833static void mlme_event(struct i802_bss *bss, 1834 enum nl80211_commands cmd, struct nlattr *frame, 1835 struct nlattr *addr, struct nlattr *timed_out, 1836 struct nlattr *freq, struct nlattr *ack, 1837 struct nlattr *cookie, struct nlattr *sig) 1838{ 1839 struct wpa_driver_nl80211_data *drv = bss->drv; 1840 const u8 *data; 1841 size_t len; 1842 1843 if (timed_out && addr) { 1844 mlme_timeout_event(drv, cmd, addr); 1845 return; 1846 } 1847 1848 if (frame == NULL) { 1849 wpa_printf(MSG_DEBUG, 1850 "nl80211: MLME event %d (%s) without frame data", 1851 cmd, nl80211_command_to_string(cmd)); 1852 return; 1853 } 1854 1855 data = nla_data(frame); 1856 len = nla_len(frame); 1857 if (len < 4 + 2 * ETH_ALEN) { 1858 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" 1859 MACSTR ") - too short", 1860 cmd, nl80211_command_to_string(cmd), bss->ifname, 1861 MAC2STR(bss->addr)); 1862 return; 1863 } 1864 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" MACSTR 1865 ") A1=" MACSTR " A2=" MACSTR, cmd, 1866 nl80211_command_to_string(cmd), bss->ifname, 1867 MAC2STR(bss->addr), MAC2STR(data + 4), 1868 MAC2STR(data + 4 + ETH_ALEN)); 1869 if (cmd != NL80211_CMD_FRAME_TX_STATUS && !(data[4] & 0x01) && 1870 os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 && 1871 os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) { 1872 wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event " 1873 "for foreign address", bss->ifname); 1874 return; 1875 } 1876 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 1877 nla_data(frame), nla_len(frame)); 1878 1879 switch (cmd) { 1880 case NL80211_CMD_AUTHENTICATE: 1881 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 1882 break; 1883 case NL80211_CMD_ASSOCIATE: 1884 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 1885 break; 1886 case NL80211_CMD_DEAUTHENTICATE: 1887 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 1888 nla_data(frame), nla_len(frame)); 1889 break; 1890 case NL80211_CMD_DISASSOCIATE: 1891 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 1892 nla_data(frame), nla_len(frame)); 1893 break; 1894 case NL80211_CMD_FRAME: 1895 mlme_event_mgmt(drv, freq, sig, nla_data(frame), 1896 nla_len(frame)); 1897 break; 1898 case NL80211_CMD_FRAME_TX_STATUS: 1899 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame), 1900 nla_len(frame), ack); 1901 break; 1902 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1903 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 1904 nla_data(frame), nla_len(frame)); 1905 break; 1906 case NL80211_CMD_UNPROT_DISASSOCIATE: 1907 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 1908 nla_data(frame), nla_len(frame)); 1909 break; 1910 default: 1911 break; 1912 } 1913} 1914 1915 1916static void mlme_event_michael_mic_failure(struct i802_bss *bss, 1917 struct nlattr *tb[]) 1918{ 1919 union wpa_event_data data; 1920 1921 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 1922 os_memset(&data, 0, sizeof(data)); 1923 if (tb[NL80211_ATTR_MAC]) { 1924 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 1925 nla_data(tb[NL80211_ATTR_MAC]), 1926 nla_len(tb[NL80211_ATTR_MAC])); 1927 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 1928 } 1929 if (tb[NL80211_ATTR_KEY_SEQ]) { 1930 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 1931 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 1932 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 1933 } 1934 if (tb[NL80211_ATTR_KEY_TYPE]) { 1935 enum nl80211_key_type key_type = 1936 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 1937 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 1938 if (key_type == NL80211_KEYTYPE_PAIRWISE) 1939 data.michael_mic_failure.unicast = 1; 1940 } else 1941 data.michael_mic_failure.unicast = 1; 1942 1943 if (tb[NL80211_ATTR_KEY_IDX]) { 1944 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 1945 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 1946 } 1947 1948 wpa_supplicant_event(bss->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 1949} 1950 1951 1952static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 1953 struct nlattr *tb[]) 1954{ 1955 if (tb[NL80211_ATTR_MAC] == NULL) { 1956 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 1957 "event"); 1958 return; 1959 } 1960 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1961 1962 drv->associated = 1; 1963 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 1964 MAC2STR(drv->bssid)); 1965 1966 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 1967} 1968 1969 1970static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 1971 int cancel_event, struct nlattr *tb[]) 1972{ 1973 unsigned int freq, chan_type, duration; 1974 union wpa_event_data data; 1975 u64 cookie; 1976 1977 if (tb[NL80211_ATTR_WIPHY_FREQ]) 1978 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 1979 else 1980 freq = 0; 1981 1982 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 1983 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1984 else 1985 chan_type = 0; 1986 1987 if (tb[NL80211_ATTR_DURATION]) 1988 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 1989 else 1990 duration = 0; 1991 1992 if (tb[NL80211_ATTR_COOKIE]) 1993 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 1994 else 1995 cookie = 0; 1996 1997 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 1998 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 1999 cancel_event, freq, chan_type, duration, 2000 (long long unsigned int) cookie, 2001 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 2002 2003 if (cookie != drv->remain_on_chan_cookie) 2004 return; /* not for us */ 2005 2006 if (cancel_event) 2007 drv->pending_remain_on_chan = 0; 2008 2009 os_memset(&data, 0, sizeof(data)); 2010 data.remain_on_channel.freq = freq; 2011 data.remain_on_channel.duration = duration; 2012 wpa_supplicant_event(drv->ctx, cancel_event ? 2013 EVENT_CANCEL_REMAIN_ON_CHANNEL : 2014 EVENT_REMAIN_ON_CHANNEL, &data); 2015} 2016 2017 2018static void mlme_event_ft_event(struct wpa_driver_nl80211_data *drv, 2019 struct nlattr *tb[]) 2020{ 2021 union wpa_event_data data; 2022 2023 os_memset(&data, 0, sizeof(data)); 2024 2025 if (tb[NL80211_ATTR_IE]) { 2026 data.ft_ies.ies = nla_data(tb[NL80211_ATTR_IE]); 2027 data.ft_ies.ies_len = nla_len(tb[NL80211_ATTR_IE]); 2028 } 2029 2030 if (tb[NL80211_ATTR_IE_RIC]) { 2031 data.ft_ies.ric_ies = nla_data(tb[NL80211_ATTR_IE_RIC]); 2032 data.ft_ies.ric_ies_len = nla_len(tb[NL80211_ATTR_IE_RIC]); 2033 } 2034 2035 if (tb[NL80211_ATTR_MAC]) 2036 os_memcpy(data.ft_ies.target_ap, 2037 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2038 2039 wpa_printf(MSG_DEBUG, "nl80211: FT event target_ap " MACSTR, 2040 MAC2STR(data.ft_ies.target_ap)); 2041 2042 wpa_supplicant_event(drv->ctx, EVENT_FT_RESPONSE, &data); 2043} 2044 2045 2046static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 2047 struct nlattr *tb[]) 2048{ 2049 union wpa_event_data event; 2050 struct nlattr *nl; 2051 int rem; 2052 struct scan_info *info; 2053#define MAX_REPORT_FREQS 50 2054 int freqs[MAX_REPORT_FREQS]; 2055 int num_freqs = 0; 2056 2057 if (drv->scan_for_auth) { 2058 drv->scan_for_auth = 0; 2059 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing " 2060 "cfg80211 BSS entry"); 2061 wpa_driver_nl80211_authenticate_retry(drv); 2062 return; 2063 } 2064 2065 os_memset(&event, 0, sizeof(event)); 2066 info = &event.scan_info; 2067 info->aborted = aborted; 2068 2069 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 2070 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 2071 struct wpa_driver_scan_ssid *s = 2072 &info->ssids[info->num_ssids]; 2073 s->ssid = nla_data(nl); 2074 s->ssid_len = nla_len(nl); 2075 wpa_printf(MSG_DEBUG, "nl80211: Scan probed for SSID '%s'", 2076 wpa_ssid_txt(s->ssid, s->ssid_len)); 2077 info->num_ssids++; 2078 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 2079 break; 2080 } 2081 } 2082 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 2083 char msg[200], *pos, *end; 2084 int res; 2085 2086 pos = msg; 2087 end = pos + sizeof(msg); 2088 *pos = '\0'; 2089 2090 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 2091 { 2092 freqs[num_freqs] = nla_get_u32(nl); 2093 res = os_snprintf(pos, end - pos, " %d", 2094 freqs[num_freqs]); 2095 if (res > 0 && end - pos > res) 2096 pos += res; 2097 num_freqs++; 2098 if (num_freqs == MAX_REPORT_FREQS - 1) 2099 break; 2100 } 2101 info->freqs = freqs; 2102 info->num_freqs = num_freqs; 2103 wpa_printf(MSG_DEBUG, "nl80211: Scan included frequencies:%s", 2104 msg); 2105 } 2106 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 2107} 2108 2109 2110static int get_link_signal(struct nl_msg *msg, void *arg) 2111{ 2112 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2113 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2114 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1]; 2115 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = { 2116 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 }, 2117 [NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 }, 2118 }; 2119 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1]; 2120 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = { 2121 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 }, 2122 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 }, 2123 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG }, 2124 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG }, 2125 }; 2126 struct wpa_signal_info *sig_change = arg; 2127 2128 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2129 genlmsg_attrlen(gnlh, 0), NULL); 2130 if (!tb[NL80211_ATTR_STA_INFO] || 2131 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX, 2132 tb[NL80211_ATTR_STA_INFO], policy)) 2133 return NL_SKIP; 2134 if (!sinfo[NL80211_STA_INFO_SIGNAL]) 2135 return NL_SKIP; 2136 2137 sig_change->current_signal = 2138 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]); 2139 2140 if (sinfo[NL80211_STA_INFO_SIGNAL_AVG]) 2141 sig_change->avg_signal = 2142 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]); 2143 else 2144 sig_change->avg_signal = 0; 2145 2146 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) { 2147 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX, 2148 sinfo[NL80211_STA_INFO_TX_BITRATE], 2149 rate_policy)) { 2150 sig_change->current_txrate = 0; 2151 } else { 2152 if (rinfo[NL80211_RATE_INFO_BITRATE]) { 2153 sig_change->current_txrate = 2154 nla_get_u16(rinfo[ 2155 NL80211_RATE_INFO_BITRATE]) * 100; 2156 } 2157 } 2158 } 2159 2160 return NL_SKIP; 2161} 2162 2163 2164static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, 2165 struct wpa_signal_info *sig) 2166{ 2167 struct nl_msg *msg; 2168 2169 sig->current_signal = -9999; 2170 sig->current_txrate = 0; 2171 2172 msg = nlmsg_alloc(); 2173 if (!msg) 2174 return -ENOMEM; 2175 2176 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 2177 2178 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2179 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 2180 2181 return send_and_recv_msgs(drv, msg, get_link_signal, sig); 2182 nla_put_failure: 2183 nlmsg_free(msg); 2184 return -ENOBUFS; 2185} 2186 2187 2188static int get_link_noise(struct nl_msg *msg, void *arg) 2189{ 2190 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2191 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2192 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 2193 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 2194 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 2195 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 2196 }; 2197 struct wpa_signal_info *sig_change = arg; 2198 2199 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2200 genlmsg_attrlen(gnlh, 0), NULL); 2201 2202 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 2203 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!"); 2204 return NL_SKIP; 2205 } 2206 2207 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 2208 tb[NL80211_ATTR_SURVEY_INFO], 2209 survey_policy)) { 2210 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested " 2211 "attributes!"); 2212 return NL_SKIP; 2213 } 2214 2215 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 2216 return NL_SKIP; 2217 2218 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 2219 sig_change->frequency) 2220 return NL_SKIP; 2221 2222 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 2223 return NL_SKIP; 2224 2225 sig_change->current_noise = 2226 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 2227 2228 return NL_SKIP; 2229} 2230 2231 2232static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, 2233 struct wpa_signal_info *sig_change) 2234{ 2235 struct nl_msg *msg; 2236 2237 sig_change->current_noise = 9999; 2238 sig_change->frequency = drv->assoc_freq; 2239 2240 msg = nlmsg_alloc(); 2241 if (!msg) 2242 return -ENOMEM; 2243 2244 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 2245 2246 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2247 2248 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change); 2249 nla_put_failure: 2250 nlmsg_free(msg); 2251 return -ENOBUFS; 2252} 2253 2254 2255static int get_noise_for_scan_results(struct nl_msg *msg, void *arg) 2256{ 2257 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2258 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2259 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 2260 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 2261 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 2262 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 2263 }; 2264 struct wpa_scan_results *scan_results = arg; 2265 struct wpa_scan_res *scan_res; 2266 size_t i; 2267 2268 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2269 genlmsg_attrlen(gnlh, 0), NULL); 2270 2271 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 2272 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing"); 2273 return NL_SKIP; 2274 } 2275 2276 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 2277 tb[NL80211_ATTR_SURVEY_INFO], 2278 survey_policy)) { 2279 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested " 2280 "attributes"); 2281 return NL_SKIP; 2282 } 2283 2284 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 2285 return NL_SKIP; 2286 2287 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 2288 return NL_SKIP; 2289 2290 for (i = 0; i < scan_results->num; ++i) { 2291 scan_res = scan_results->res[i]; 2292 if (!scan_res) 2293 continue; 2294 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 2295 scan_res->freq) 2296 continue; 2297 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID)) 2298 continue; 2299 scan_res->noise = (s8) 2300 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 2301 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID; 2302 } 2303 2304 return NL_SKIP; 2305} 2306 2307 2308static int nl80211_get_noise_for_scan_results( 2309 struct wpa_driver_nl80211_data *drv, 2310 struct wpa_scan_results *scan_res) 2311{ 2312 struct nl_msg *msg; 2313 2314 msg = nlmsg_alloc(); 2315 if (!msg) 2316 return -ENOMEM; 2317 2318 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 2319 2320 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2321 2322 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, 2323 scan_res); 2324 nla_put_failure: 2325 nlmsg_free(msg); 2326 return -ENOBUFS; 2327} 2328 2329 2330static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 2331 struct nlattr *tb[]) 2332{ 2333 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 2334 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 2335 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 2336 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 2337 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 2338 }; 2339 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 2340 enum nl80211_cqm_rssi_threshold_event event; 2341 union wpa_event_data ed; 2342 struct wpa_signal_info sig; 2343 int res; 2344 2345 if (tb[NL80211_ATTR_CQM] == NULL || 2346 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 2347 cqm_policy)) { 2348 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 2349 return; 2350 } 2351 2352 os_memset(&ed, 0, sizeof(ed)); 2353 2354 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 2355 if (!tb[NL80211_ATTR_MAC]) 2356 return; 2357 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 2358 ETH_ALEN); 2359 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 2360 return; 2361 } 2362 2363 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 2364 return; 2365 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 2366 2367 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 2368 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 2369 "event: RSSI high"); 2370 ed.signal_change.above_threshold = 1; 2371 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 2372 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 2373 "event: RSSI low"); 2374 ed.signal_change.above_threshold = 0; 2375 } else 2376 return; 2377 2378 res = nl80211_get_link_signal(drv, &sig); 2379 if (res == 0) { 2380 ed.signal_change.current_signal = sig.current_signal; 2381 ed.signal_change.current_txrate = sig.current_txrate; 2382 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 2383 sig.current_signal, sig.current_txrate); 2384 } 2385 2386 res = nl80211_get_link_noise(drv, &sig); 2387 if (res == 0) { 2388 ed.signal_change.current_noise = sig.current_noise; 2389 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 2390 sig.current_noise); 2391 } 2392 2393 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 2394} 2395 2396 2397static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 2398 struct nlattr **tb) 2399{ 2400 u8 *addr; 2401 union wpa_event_data data; 2402 2403 if (tb[NL80211_ATTR_MAC] == NULL) 2404 return; 2405 addr = nla_data(tb[NL80211_ATTR_MAC]); 2406 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 2407 2408 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 2409 u8 *ies = NULL; 2410 size_t ies_len = 0; 2411 if (tb[NL80211_ATTR_IE]) { 2412 ies = nla_data(tb[NL80211_ATTR_IE]); 2413 ies_len = nla_len(tb[NL80211_ATTR_IE]); 2414 } 2415 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 2416 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0); 2417 return; 2418 } 2419 2420 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 2421 return; 2422 2423 os_memset(&data, 0, sizeof(data)); 2424 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 2425 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data); 2426} 2427 2428 2429static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 2430 struct nlattr **tb) 2431{ 2432 u8 *addr; 2433 union wpa_event_data data; 2434 2435 if (tb[NL80211_ATTR_MAC] == NULL) 2436 return; 2437 addr = nla_data(tb[NL80211_ATTR_MAC]); 2438 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 2439 MAC2STR(addr)); 2440 2441 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 2442 drv_event_disassoc(drv->ctx, addr); 2443 return; 2444 } 2445 2446 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 2447 return; 2448 2449 os_memset(&data, 0, sizeof(data)); 2450 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 2451 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 2452} 2453 2454 2455static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv, 2456 struct nlattr **tb) 2457{ 2458 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA]; 2459 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = { 2460 [NL80211_REKEY_DATA_KEK] = { 2461 .minlen = NL80211_KEK_LEN, 2462 .maxlen = NL80211_KEK_LEN, 2463 }, 2464 [NL80211_REKEY_DATA_KCK] = { 2465 .minlen = NL80211_KCK_LEN, 2466 .maxlen = NL80211_KCK_LEN, 2467 }, 2468 [NL80211_REKEY_DATA_REPLAY_CTR] = { 2469 .minlen = NL80211_REPLAY_CTR_LEN, 2470 .maxlen = NL80211_REPLAY_CTR_LEN, 2471 }, 2472 }; 2473 union wpa_event_data data; 2474 2475 if (!tb[NL80211_ATTR_MAC]) 2476 return; 2477 if (!tb[NL80211_ATTR_REKEY_DATA]) 2478 return; 2479 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA, 2480 tb[NL80211_ATTR_REKEY_DATA], rekey_policy)) 2481 return; 2482 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]) 2483 return; 2484 2485 os_memset(&data, 0, sizeof(data)); 2486 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]); 2487 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR, 2488 MAC2STR(data.driver_gtk_rekey.bssid)); 2489 data.driver_gtk_rekey.replay_ctr = 2490 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]); 2491 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter", 2492 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN); 2493 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data); 2494} 2495 2496 2497static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv, 2498 struct nlattr **tb) 2499{ 2500 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE]; 2501 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = { 2502 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 }, 2503 [NL80211_PMKSA_CANDIDATE_BSSID] = { 2504 .minlen = ETH_ALEN, 2505 .maxlen = ETH_ALEN, 2506 }, 2507 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG }, 2508 }; 2509 union wpa_event_data data; 2510 2511 wpa_printf(MSG_DEBUG, "nl80211: PMKSA candidate event"); 2512 2513 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE]) 2514 return; 2515 if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE, 2516 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy)) 2517 return; 2518 if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] || 2519 !cand[NL80211_PMKSA_CANDIDATE_BSSID]) 2520 return; 2521 2522 os_memset(&data, 0, sizeof(data)); 2523 os_memcpy(data.pmkid_candidate.bssid, 2524 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN); 2525 data.pmkid_candidate.index = 2526 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]); 2527 data.pmkid_candidate.preauth = 2528 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL; 2529 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 2530} 2531 2532 2533static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv, 2534 struct nlattr **tb) 2535{ 2536 union wpa_event_data data; 2537 2538 wpa_printf(MSG_DEBUG, "nl80211: Probe client event"); 2539 2540 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK]) 2541 return; 2542 2543 os_memset(&data, 0, sizeof(data)); 2544 os_memcpy(data.client_poll.addr, 2545 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2546 2547 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data); 2548} 2549 2550 2551static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv, 2552 struct nlattr **tb) 2553{ 2554 union wpa_event_data data; 2555 2556 wpa_printf(MSG_DEBUG, "nl80211: TDLS operation event"); 2557 2558 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_TDLS_OPERATION]) 2559 return; 2560 2561 os_memset(&data, 0, sizeof(data)); 2562 os_memcpy(data.tdls.peer, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2563 switch (nla_get_u8(tb[NL80211_ATTR_TDLS_OPERATION])) { 2564 case NL80211_TDLS_SETUP: 2565 wpa_printf(MSG_DEBUG, "nl80211: TDLS setup request for peer " 2566 MACSTR, MAC2STR(data.tdls.peer)); 2567 data.tdls.oper = TDLS_REQUEST_SETUP; 2568 break; 2569 case NL80211_TDLS_TEARDOWN: 2570 wpa_printf(MSG_DEBUG, "nl80211: TDLS teardown request for peer " 2571 MACSTR, MAC2STR(data.tdls.peer)); 2572 data.tdls.oper = TDLS_REQUEST_TEARDOWN; 2573 break; 2574 default: 2575 wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione " 2576 "event"); 2577 return; 2578 } 2579 if (tb[NL80211_ATTR_REASON_CODE]) { 2580 data.tdls.reason_code = 2581 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 2582 } 2583 2584 wpa_supplicant_event(drv->ctx, EVENT_TDLS, &data); 2585} 2586 2587 2588static void nl80211_stop_ap(struct wpa_driver_nl80211_data *drv, 2589 struct nlattr **tb) 2590{ 2591 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_UNAVAILABLE, NULL); 2592} 2593 2594 2595static void nl80211_connect_failed_event(struct wpa_driver_nl80211_data *drv, 2596 struct nlattr **tb) 2597{ 2598 union wpa_event_data data; 2599 u32 reason; 2600 2601 wpa_printf(MSG_DEBUG, "nl80211: Connect failed event"); 2602 2603 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_CONN_FAILED_REASON]) 2604 return; 2605 2606 os_memset(&data, 0, sizeof(data)); 2607 os_memcpy(data.connect_failed_reason.addr, 2608 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2609 2610 reason = nla_get_u32(tb[NL80211_ATTR_CONN_FAILED_REASON]); 2611 switch (reason) { 2612 case NL80211_CONN_FAIL_MAX_CLIENTS: 2613 wpa_printf(MSG_DEBUG, "nl80211: Max client reached"); 2614 data.connect_failed_reason.code = MAX_CLIENT_REACHED; 2615 break; 2616 case NL80211_CONN_FAIL_BLOCKED_CLIENT: 2617 wpa_printf(MSG_DEBUG, "nl80211: Blocked client " MACSTR 2618 " tried to connect", 2619 MAC2STR(data.connect_failed_reason.addr)); 2620 data.connect_failed_reason.code = BLOCKED_CLIENT; 2621 break; 2622 default: 2623 wpa_printf(MSG_DEBUG, "nl8021l: Unknown connect failed reason " 2624 "%u", reason); 2625 return; 2626 } 2627 2628 wpa_supplicant_event(drv->ctx, EVENT_CONNECT_FAILED_REASON, &data); 2629} 2630 2631 2632static void nl80211_radar_event(struct wpa_driver_nl80211_data *drv, 2633 struct nlattr **tb) 2634{ 2635 union wpa_event_data data; 2636 enum nl80211_radar_event event_type; 2637 2638 if (!tb[NL80211_ATTR_WIPHY_FREQ] || !tb[NL80211_ATTR_RADAR_EVENT]) 2639 return; 2640 2641 os_memset(&data, 0, sizeof(data)); 2642 data.dfs_event.freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 2643 event_type = nla_get_u32(tb[NL80211_ATTR_RADAR_EVENT]); 2644 2645 /* Check HT params */ 2646 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 2647 data.dfs_event.ht_enabled = 1; 2648 data.dfs_event.chan_offset = 0; 2649 2650 switch (nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])) { 2651 case NL80211_CHAN_NO_HT: 2652 data.dfs_event.ht_enabled = 0; 2653 break; 2654 case NL80211_CHAN_HT20: 2655 break; 2656 case NL80211_CHAN_HT40PLUS: 2657 data.dfs_event.chan_offset = 1; 2658 break; 2659 case NL80211_CHAN_HT40MINUS: 2660 data.dfs_event.chan_offset = -1; 2661 break; 2662 } 2663 } 2664 2665 /* Get VHT params */ 2666 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) 2667 data.dfs_event.chan_width = 2668 convert2width(nla_get_u32( 2669 tb[NL80211_ATTR_CHANNEL_WIDTH])); 2670 if (tb[NL80211_ATTR_CENTER_FREQ1]) 2671 data.dfs_event.cf1 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 2672 if (tb[NL80211_ATTR_CENTER_FREQ2]) 2673 data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 2674 2675 wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz, ht: %d, offset: %d, width: %d, cf1: %dMHz, cf2: %dMHz", 2676 data.dfs_event.freq, data.dfs_event.ht_enabled, 2677 data.dfs_event.chan_offset, data.dfs_event.chan_width, 2678 data.dfs_event.cf1, data.dfs_event.cf2); 2679 2680 switch (event_type) { 2681 case NL80211_RADAR_DETECTED: 2682 wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data); 2683 break; 2684 case NL80211_RADAR_CAC_FINISHED: 2685 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data); 2686 break; 2687 case NL80211_RADAR_CAC_ABORTED: 2688 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data); 2689 break; 2690 case NL80211_RADAR_NOP_FINISHED: 2691 wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data); 2692 break; 2693 default: 2694 wpa_printf(MSG_DEBUG, "nl80211: Unknown radar event %d " 2695 "received", event_type); 2696 break; 2697 } 2698} 2699 2700 2701static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb, 2702 int wds) 2703{ 2704 struct wpa_driver_nl80211_data *drv = bss->drv; 2705 union wpa_event_data event; 2706 2707 if (!tb[NL80211_ATTR_MAC]) 2708 return; 2709 2710 os_memset(&event, 0, sizeof(event)); 2711 event.rx_from_unknown.bssid = bss->addr; 2712 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]); 2713 event.rx_from_unknown.wds = wds; 2714 2715 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 2716} 2717 2718 2719static void nl80211_vendor_event(struct wpa_driver_nl80211_data *drv, 2720 struct nlattr **tb) 2721{ 2722 u32 vendor_id, subcmd, wiphy = 0; 2723 int wiphy_idx; 2724 u8 *data = NULL; 2725 size_t len = 0; 2726 2727 if (!tb[NL80211_ATTR_VENDOR_ID] || 2728 !tb[NL80211_ATTR_VENDOR_SUBCMD]) 2729 return; 2730 2731 vendor_id = nla_get_u32(tb[NL80211_ATTR_VENDOR_ID]); 2732 subcmd = nla_get_u32(tb[NL80211_ATTR_VENDOR_SUBCMD]); 2733 2734 if (tb[NL80211_ATTR_WIPHY]) 2735 wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 2736 2737 wpa_printf(MSG_DEBUG, "nl80211: Vendor event: wiphy=%u vendor_id=0x%x subcmd=%u", 2738 wiphy, vendor_id, subcmd); 2739 2740 if (tb[NL80211_ATTR_VENDOR_DATA]) { 2741 data = nla_data(tb[NL80211_ATTR_VENDOR_DATA]); 2742 len = nla_len(tb[NL80211_ATTR_VENDOR_DATA]); 2743 wpa_hexdump(MSG_MSGDUMP, "nl80211: Vendor data", data, len); 2744 } 2745 2746 wiphy_idx = nl80211_get_wiphy_index(drv->first_bss); 2747 if (wiphy_idx >= 0 && wiphy_idx != (int) wiphy) { 2748 wpa_printf(MSG_DEBUG, "nl80211: Ignore vendor event for foreign wiphy %u (own: %d)", 2749 wiphy, wiphy_idx); 2750 return; 2751 } 2752 2753 switch (vendor_id) { 2754 default: 2755 wpa_printf(MSG_DEBUG, "nl80211: Ignore unsupported vendor event"); 2756 break; 2757 } 2758} 2759 2760 2761static void do_process_drv_event(struct i802_bss *bss, int cmd, 2762 struct nlattr **tb) 2763{ 2764 struct wpa_driver_nl80211_data *drv = bss->drv; 2765 union wpa_event_data data; 2766 2767 wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s", 2768 cmd, nl80211_command_to_string(cmd), bss->ifname); 2769 2770 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED && 2771 (cmd == NL80211_CMD_NEW_SCAN_RESULTS || 2772 cmd == NL80211_CMD_SCAN_ABORTED)) { 2773 wpa_driver_nl80211_set_mode(drv->first_bss, 2774 drv->ap_scan_as_station); 2775 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 2776 } 2777 2778 switch (cmd) { 2779 case NL80211_CMD_TRIGGER_SCAN: 2780 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan trigger"); 2781 drv->scan_state = SCAN_STARTED; 2782 wpa_supplicant_event(drv->ctx, EVENT_SCAN_STARTED, NULL); 2783 break; 2784 case NL80211_CMD_START_SCHED_SCAN: 2785 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan started"); 2786 drv->scan_state = SCHED_SCAN_STARTED; 2787 break; 2788 case NL80211_CMD_SCHED_SCAN_STOPPED: 2789 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan stopped"); 2790 drv->scan_state = SCHED_SCAN_STOPPED; 2791 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL); 2792 break; 2793 case NL80211_CMD_NEW_SCAN_RESULTS: 2794 wpa_dbg(drv->ctx, MSG_DEBUG, 2795 "nl80211: New scan results available"); 2796 drv->scan_state = SCAN_COMPLETED; 2797 drv->scan_complete_events = 1; 2798 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2799 drv->ctx); 2800 send_scan_event(drv, 0, tb); 2801 break; 2802 case NL80211_CMD_SCHED_SCAN_RESULTS: 2803 wpa_dbg(drv->ctx, MSG_DEBUG, 2804 "nl80211: New sched scan results available"); 2805 drv->scan_state = SCHED_SCAN_RESULTS; 2806 send_scan_event(drv, 0, tb); 2807 break; 2808 case NL80211_CMD_SCAN_ABORTED: 2809 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan aborted"); 2810 drv->scan_state = SCAN_ABORTED; 2811 /* 2812 * Need to indicate that scan results are available in order 2813 * not to make wpa_supplicant stop its scanning. 2814 */ 2815 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2816 drv->ctx); 2817 send_scan_event(drv, 1, tb); 2818 break; 2819 case NL80211_CMD_AUTHENTICATE: 2820 case NL80211_CMD_ASSOCIATE: 2821 case NL80211_CMD_DEAUTHENTICATE: 2822 case NL80211_CMD_DISASSOCIATE: 2823 case NL80211_CMD_FRAME_TX_STATUS: 2824 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 2825 case NL80211_CMD_UNPROT_DISASSOCIATE: 2826 mlme_event(bss, cmd, tb[NL80211_ATTR_FRAME], 2827 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 2828 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 2829 tb[NL80211_ATTR_COOKIE], 2830 tb[NL80211_ATTR_RX_SIGNAL_DBM]); 2831 break; 2832 case NL80211_CMD_CONNECT: 2833 case NL80211_CMD_ROAM: 2834 mlme_event_connect(drv, cmd, 2835 tb[NL80211_ATTR_STATUS_CODE], 2836 tb[NL80211_ATTR_MAC], 2837 tb[NL80211_ATTR_REQ_IE], 2838 tb[NL80211_ATTR_RESP_IE]); 2839 break; 2840 case NL80211_CMD_CH_SWITCH_NOTIFY: 2841 mlme_event_ch_switch(drv, 2842 tb[NL80211_ATTR_IFINDEX], 2843 tb[NL80211_ATTR_WIPHY_FREQ], 2844 tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE], 2845 tb[NL80211_ATTR_CHANNEL_WIDTH], 2846 tb[NL80211_ATTR_CENTER_FREQ1], 2847 tb[NL80211_ATTR_CENTER_FREQ2]); 2848 break; 2849 case NL80211_CMD_DISCONNECT: 2850 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE], 2851 tb[NL80211_ATTR_MAC], 2852 tb[NL80211_ATTR_DISCONNECTED_BY_AP]); 2853 break; 2854 case NL80211_CMD_MICHAEL_MIC_FAILURE: 2855 mlme_event_michael_mic_failure(bss, tb); 2856 break; 2857 case NL80211_CMD_JOIN_IBSS: 2858 mlme_event_join_ibss(drv, tb); 2859 break; 2860 case NL80211_CMD_REMAIN_ON_CHANNEL: 2861 mlme_event_remain_on_channel(drv, 0, tb); 2862 break; 2863 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 2864 mlme_event_remain_on_channel(drv, 1, tb); 2865 break; 2866 case NL80211_CMD_NOTIFY_CQM: 2867 nl80211_cqm_event(drv, tb); 2868 break; 2869 case NL80211_CMD_REG_CHANGE: 2870 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 2871 if (tb[NL80211_ATTR_REG_INITIATOR] == NULL) 2872 break; 2873 os_memset(&data, 0, sizeof(data)); 2874 switch (nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR])) { 2875 case NL80211_REGDOM_SET_BY_CORE: 2876 data.channel_list_changed.initiator = 2877 REGDOM_SET_BY_CORE; 2878 break; 2879 case NL80211_REGDOM_SET_BY_USER: 2880 data.channel_list_changed.initiator = 2881 REGDOM_SET_BY_USER; 2882 break; 2883 case NL80211_REGDOM_SET_BY_DRIVER: 2884 data.channel_list_changed.initiator = 2885 REGDOM_SET_BY_DRIVER; 2886 break; 2887 case NL80211_REGDOM_SET_BY_COUNTRY_IE: 2888 data.channel_list_changed.initiator = 2889 REGDOM_SET_BY_COUNTRY_IE; 2890 break; 2891 default: 2892 wpa_printf(MSG_DEBUG, "nl80211: Unknown reg change initiator %d received", 2893 nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR])); 2894 break; 2895 } 2896 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 2897 &data); 2898 break; 2899 case NL80211_CMD_REG_BEACON_HINT: 2900 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 2901 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 2902 NULL); 2903 break; 2904 case NL80211_CMD_NEW_STATION: 2905 nl80211_new_station_event(drv, tb); 2906 break; 2907 case NL80211_CMD_DEL_STATION: 2908 nl80211_del_station_event(drv, tb); 2909 break; 2910 case NL80211_CMD_SET_REKEY_OFFLOAD: 2911 nl80211_rekey_offload_event(drv, tb); 2912 break; 2913 case NL80211_CMD_PMKSA_CANDIDATE: 2914 nl80211_pmksa_candidate_event(drv, tb); 2915 break; 2916 case NL80211_CMD_PROBE_CLIENT: 2917 nl80211_client_probe_event(drv, tb); 2918 break; 2919 case NL80211_CMD_TDLS_OPER: 2920 nl80211_tdls_oper_event(drv, tb); 2921 break; 2922 case NL80211_CMD_CONN_FAILED: 2923 nl80211_connect_failed_event(drv, tb); 2924 break; 2925 case NL80211_CMD_FT_EVENT: 2926 mlme_event_ft_event(drv, tb); 2927 break; 2928 case NL80211_CMD_RADAR_DETECT: 2929 nl80211_radar_event(drv, tb); 2930 break; 2931 case NL80211_CMD_STOP_AP: 2932 nl80211_stop_ap(drv, tb); 2933 break; 2934 case NL80211_CMD_VENDOR: 2935 nl80211_vendor_event(drv, tb); 2936 break; 2937 default: 2938 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event " 2939 "(cmd=%d)", cmd); 2940 break; 2941 } 2942} 2943 2944 2945static int process_drv_event(struct nl_msg *msg, void *arg) 2946{ 2947 struct wpa_driver_nl80211_data *drv = arg; 2948 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2949 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2950 struct i802_bss *bss; 2951 int ifidx = -1; 2952 2953 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2954 genlmsg_attrlen(gnlh, 0), NULL); 2955 2956 if (tb[NL80211_ATTR_IFINDEX]) { 2957 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 2958 2959 for (bss = drv->first_bss; bss; bss = bss->next) 2960 if (ifidx == -1 || ifidx == bss->ifindex) { 2961 do_process_drv_event(bss, gnlh->cmd, tb); 2962 return NL_SKIP; 2963 } 2964 wpa_printf(MSG_DEBUG, 2965 "nl80211: Ignored event (cmd=%d) for foreign interface (ifindex %d)", 2966 gnlh->cmd, ifidx); 2967 } else if (tb[NL80211_ATTR_WDEV]) { 2968 u64 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 2969 wpa_printf(MSG_DEBUG, "nl80211: Process event on P2P device"); 2970 for (bss = drv->first_bss; bss; bss = bss->next) { 2971 if (bss->wdev_id_set && wdev_id == bss->wdev_id) { 2972 do_process_drv_event(bss, gnlh->cmd, tb); 2973 return NL_SKIP; 2974 } 2975 } 2976 wpa_printf(MSG_DEBUG, 2977 "nl80211: Ignored event (cmd=%d) for foreign interface (wdev 0x%llx)", 2978 gnlh->cmd, (long long unsigned int) wdev_id); 2979 } 2980 2981 return NL_SKIP; 2982} 2983 2984 2985static int process_global_event(struct nl_msg *msg, void *arg) 2986{ 2987 struct nl80211_global *global = arg; 2988 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2989 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2990 struct wpa_driver_nl80211_data *drv, *tmp; 2991 int ifidx = -1; 2992 struct i802_bss *bss; 2993 u64 wdev_id = 0; 2994 int wdev_id_set = 0; 2995 2996 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2997 genlmsg_attrlen(gnlh, 0), NULL); 2998 2999 if (tb[NL80211_ATTR_IFINDEX]) 3000 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 3001 else if (tb[NL80211_ATTR_WDEV]) { 3002 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 3003 wdev_id_set = 1; 3004 } 3005 3006 dl_list_for_each_safe(drv, tmp, &global->interfaces, 3007 struct wpa_driver_nl80211_data, list) { 3008 for (bss = drv->first_bss; bss; bss = bss->next) { 3009 if ((ifidx == -1 && !wdev_id_set) || 3010 ifidx == bss->ifindex || 3011 (wdev_id_set && bss->wdev_id_set && 3012 wdev_id == bss->wdev_id)) { 3013 do_process_drv_event(bss, gnlh->cmd, tb); 3014 return NL_SKIP; 3015 } 3016 } 3017 } 3018 3019 return NL_SKIP; 3020} 3021 3022 3023static int process_bss_event(struct nl_msg *msg, void *arg) 3024{ 3025 struct i802_bss *bss = arg; 3026 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3027 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3028 3029 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3030 genlmsg_attrlen(gnlh, 0), NULL); 3031 3032 wpa_printf(MSG_DEBUG, "nl80211: BSS Event %d (%s) received for %s", 3033 gnlh->cmd, nl80211_command_to_string(gnlh->cmd), 3034 bss->ifname); 3035 3036 switch (gnlh->cmd) { 3037 case NL80211_CMD_FRAME: 3038 case NL80211_CMD_FRAME_TX_STATUS: 3039 mlme_event(bss, gnlh->cmd, tb[NL80211_ATTR_FRAME], 3040 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 3041 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 3042 tb[NL80211_ATTR_COOKIE], 3043 tb[NL80211_ATTR_RX_SIGNAL_DBM]); 3044 break; 3045 case NL80211_CMD_UNEXPECTED_FRAME: 3046 nl80211_spurious_frame(bss, tb, 0); 3047 break; 3048 case NL80211_CMD_UNEXPECTED_4ADDR_FRAME: 3049 nl80211_spurious_frame(bss, tb, 1); 3050 break; 3051 default: 3052 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 3053 "(cmd=%d)", gnlh->cmd); 3054 break; 3055 } 3056 3057 return NL_SKIP; 3058} 3059 3060 3061static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 3062 void *handle) 3063{ 3064 struct nl_cb *cb = eloop_ctx; 3065 int res; 3066 3067 wpa_printf(MSG_MSGDUMP, "nl80211: Event message available"); 3068 3069 res = nl_recvmsgs(handle, cb); 3070 if (res) { 3071 wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d", 3072 __func__, res); 3073 } 3074} 3075 3076 3077/** 3078 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 3079 * @priv: driver_nl80211 private data 3080 * @alpha2_arg: country to which to switch to 3081 * Returns: 0 on success, -1 on failure 3082 * 3083 * This asks nl80211 to set the regulatory domain for given 3084 * country ISO / IEC alpha2. 3085 */ 3086static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 3087{ 3088 struct i802_bss *bss = priv; 3089 struct wpa_driver_nl80211_data *drv = bss->drv; 3090 char alpha2[3]; 3091 struct nl_msg *msg; 3092 3093 msg = nlmsg_alloc(); 3094 if (!msg) 3095 return -ENOMEM; 3096 3097 alpha2[0] = alpha2_arg[0]; 3098 alpha2[1] = alpha2_arg[1]; 3099 alpha2[2] = '\0'; 3100 3101 nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG); 3102 3103 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 3104 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 3105 return -EINVAL; 3106 return 0; 3107nla_put_failure: 3108 nlmsg_free(msg); 3109 return -EINVAL; 3110} 3111 3112 3113static int nl80211_get_country(struct nl_msg *msg, void *arg) 3114{ 3115 char *alpha2 = arg; 3116 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3117 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3118 3119 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3120 genlmsg_attrlen(gnlh, 0), NULL); 3121 if (!tb_msg[NL80211_ATTR_REG_ALPHA2]) { 3122 wpa_printf(MSG_DEBUG, "nl80211: No country information available"); 3123 return NL_SKIP; 3124 } 3125 os_strlcpy(alpha2, nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 3); 3126 return NL_SKIP; 3127} 3128 3129 3130static int wpa_driver_nl80211_get_country(void *priv, char *alpha2) 3131{ 3132 struct i802_bss *bss = priv; 3133 struct wpa_driver_nl80211_data *drv = bss->drv; 3134 struct nl_msg *msg; 3135 int ret; 3136 3137 msg = nlmsg_alloc(); 3138 if (!msg) 3139 return -ENOMEM; 3140 3141 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 3142 alpha2[0] = '\0'; 3143 ret = send_and_recv_msgs(drv, msg, nl80211_get_country, alpha2); 3144 if (!alpha2[0]) 3145 ret = -1; 3146 3147 return ret; 3148} 3149 3150 3151static int protocol_feature_handler(struct nl_msg *msg, void *arg) 3152{ 3153 u32 *feat = arg; 3154 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 3155 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3156 3157 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3158 genlmsg_attrlen(gnlh, 0), NULL); 3159 3160 if (tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]) 3161 *feat = nla_get_u32(tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]); 3162 3163 return NL_SKIP; 3164} 3165 3166 3167static u32 get_nl80211_protocol_features(struct wpa_driver_nl80211_data *drv) 3168{ 3169 u32 feat = 0; 3170 struct nl_msg *msg; 3171 3172 msg = nlmsg_alloc(); 3173 if (!msg) 3174 goto nla_put_failure; 3175 3176 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_PROTOCOL_FEATURES); 3177 if (send_and_recv_msgs(drv, msg, protocol_feature_handler, &feat) == 0) 3178 return feat; 3179 3180 msg = NULL; 3181nla_put_failure: 3182 nlmsg_free(msg); 3183 return 0; 3184} 3185 3186 3187struct wiphy_info_data { 3188 struct wpa_driver_nl80211_data *drv; 3189 struct wpa_driver_capa *capa; 3190 3191 unsigned int num_multichan_concurrent; 3192 3193 unsigned int error:1; 3194 unsigned int device_ap_sme:1; 3195 unsigned int poll_command_supported:1; 3196 unsigned int data_tx_status:1; 3197 unsigned int monitor_supported:1; 3198 unsigned int auth_supported:1; 3199 unsigned int connect_supported:1; 3200 unsigned int p2p_go_supported:1; 3201 unsigned int p2p_client_supported:1; 3202 unsigned int p2p_concurrent:1; 3203 unsigned int channel_switch_supported:1; 3204 unsigned int set_qos_map_supported:1; 3205}; 3206 3207 3208static unsigned int probe_resp_offload_support(int supp_protocols) 3209{ 3210 unsigned int prot = 0; 3211 3212 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS) 3213 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS; 3214 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2) 3215 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2; 3216 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P) 3217 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P; 3218 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U) 3219 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING; 3220 3221 return prot; 3222} 3223 3224 3225static void wiphy_info_supported_iftypes(struct wiphy_info_data *info, 3226 struct nlattr *tb) 3227{ 3228 struct nlattr *nl_mode; 3229 int i; 3230 3231 if (tb == NULL) 3232 return; 3233 3234 nla_for_each_nested(nl_mode, tb, i) { 3235 switch (nla_type(nl_mode)) { 3236 case NL80211_IFTYPE_AP: 3237 info->capa->flags |= WPA_DRIVER_FLAGS_AP; 3238 break; 3239 case NL80211_IFTYPE_ADHOC: 3240 info->capa->flags |= WPA_DRIVER_FLAGS_IBSS; 3241 break; 3242 case NL80211_IFTYPE_P2P_DEVICE: 3243 info->capa->flags |= 3244 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE; 3245 break; 3246 case NL80211_IFTYPE_P2P_GO: 3247 info->p2p_go_supported = 1; 3248 break; 3249 case NL80211_IFTYPE_P2P_CLIENT: 3250 info->p2p_client_supported = 1; 3251 break; 3252 case NL80211_IFTYPE_MONITOR: 3253 info->monitor_supported = 1; 3254 break; 3255 } 3256 } 3257} 3258 3259 3260static int wiphy_info_iface_comb_process(struct wiphy_info_data *info, 3261 struct nlattr *nl_combi) 3262{ 3263 struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB]; 3264 struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT]; 3265 struct nlattr *nl_limit, *nl_mode; 3266 int err, rem_limit, rem_mode; 3267 int combination_has_p2p = 0, combination_has_mgd = 0; 3268 static struct nla_policy 3269 iface_combination_policy[NUM_NL80211_IFACE_COMB] = { 3270 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED }, 3271 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 }, 3272 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG }, 3273 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 }, 3274 [NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS] = { .type = NLA_U32 }, 3275 }, 3276 iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = { 3277 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED }, 3278 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 }, 3279 }; 3280 3281 err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB, 3282 nl_combi, iface_combination_policy); 3283 if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] || 3284 !tb_comb[NL80211_IFACE_COMB_MAXNUM] || 3285 !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]) 3286 return 0; /* broken combination */ 3287 3288 if (tb_comb[NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS]) 3289 info->capa->flags |= WPA_DRIVER_FLAGS_RADAR; 3290 3291 nla_for_each_nested(nl_limit, tb_comb[NL80211_IFACE_COMB_LIMITS], 3292 rem_limit) { 3293 err = nla_parse_nested(tb_limit, MAX_NL80211_IFACE_LIMIT, 3294 nl_limit, iface_limit_policy); 3295 if (err || !tb_limit[NL80211_IFACE_LIMIT_TYPES]) 3296 return 0; /* broken combination */ 3297 3298 nla_for_each_nested(nl_mode, 3299 tb_limit[NL80211_IFACE_LIMIT_TYPES], 3300 rem_mode) { 3301 int ift = nla_type(nl_mode); 3302 if (ift == NL80211_IFTYPE_P2P_GO || 3303 ift == NL80211_IFTYPE_P2P_CLIENT) 3304 combination_has_p2p = 1; 3305 if (ift == NL80211_IFTYPE_STATION) 3306 combination_has_mgd = 1; 3307 } 3308 if (combination_has_p2p && combination_has_mgd) 3309 break; 3310 } 3311 3312 if (combination_has_p2p && combination_has_mgd) { 3313 info->p2p_concurrent = 1; 3314 info->num_multichan_concurrent = 3315 nla_get_u32(tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]); 3316 return 1; 3317 } 3318 3319 return 0; 3320} 3321 3322 3323static void wiphy_info_iface_comb(struct wiphy_info_data *info, 3324 struct nlattr *tb) 3325{ 3326 struct nlattr *nl_combi; 3327 int rem_combi; 3328 3329 if (tb == NULL) 3330 return; 3331 3332 nla_for_each_nested(nl_combi, tb, rem_combi) { 3333 if (wiphy_info_iface_comb_process(info, nl_combi) > 0) 3334 break; 3335 } 3336} 3337 3338 3339static void wiphy_info_supp_cmds(struct wiphy_info_data *info, 3340 struct nlattr *tb) 3341{ 3342 struct nlattr *nl_cmd; 3343 int i; 3344 3345 if (tb == NULL) 3346 return; 3347 3348 nla_for_each_nested(nl_cmd, tb, i) { 3349 switch (nla_get_u32(nl_cmd)) { 3350 case NL80211_CMD_AUTHENTICATE: 3351 info->auth_supported = 1; 3352 break; 3353 case NL80211_CMD_CONNECT: 3354 info->connect_supported = 1; 3355 break; 3356 case NL80211_CMD_START_SCHED_SCAN: 3357 info->capa->sched_scan_supported = 1; 3358 break; 3359 case NL80211_CMD_PROBE_CLIENT: 3360 info->poll_command_supported = 1; 3361 break; 3362 case NL80211_CMD_CHANNEL_SWITCH: 3363 info->channel_switch_supported = 1; 3364 break; 3365 case NL80211_CMD_SET_QOS_MAP: 3366 info->set_qos_map_supported = 1; 3367 break; 3368 } 3369 } 3370} 3371 3372 3373static void wiphy_info_cipher_suites(struct wiphy_info_data *info, 3374 struct nlattr *tb) 3375{ 3376 int i, num; 3377 u32 *ciphers; 3378 3379 if (tb == NULL) 3380 return; 3381 3382 num = nla_len(tb) / sizeof(u32); 3383 ciphers = nla_data(tb); 3384 for (i = 0; i < num; i++) { 3385 u32 c = ciphers[i]; 3386 3387 wpa_printf(MSG_DEBUG, "nl80211: Supported cipher %02x-%02x-%02x:%d", 3388 c >> 24, (c >> 16) & 0xff, 3389 (c >> 8) & 0xff, c & 0xff); 3390 switch (c) { 3391 case WLAN_CIPHER_SUITE_CCMP_256: 3392 info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP_256; 3393 break; 3394 case WLAN_CIPHER_SUITE_GCMP_256: 3395 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP_256; 3396 break; 3397 case WLAN_CIPHER_SUITE_CCMP: 3398 info->capa->enc |= WPA_DRIVER_CAPA_ENC_CCMP; 3399 break; 3400 case WLAN_CIPHER_SUITE_GCMP: 3401 info->capa->enc |= WPA_DRIVER_CAPA_ENC_GCMP; 3402 break; 3403 case WLAN_CIPHER_SUITE_TKIP: 3404 info->capa->enc |= WPA_DRIVER_CAPA_ENC_TKIP; 3405 break; 3406 case WLAN_CIPHER_SUITE_WEP104: 3407 info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP104; 3408 break; 3409 case WLAN_CIPHER_SUITE_WEP40: 3410 info->capa->enc |= WPA_DRIVER_CAPA_ENC_WEP40; 3411 break; 3412 case WLAN_CIPHER_SUITE_AES_CMAC: 3413 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP; 3414 break; 3415 case WLAN_CIPHER_SUITE_BIP_GMAC_128: 3416 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_128; 3417 break; 3418 case WLAN_CIPHER_SUITE_BIP_GMAC_256: 3419 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_GMAC_256; 3420 break; 3421 case WLAN_CIPHER_SUITE_BIP_CMAC_256: 3422 info->capa->enc |= WPA_DRIVER_CAPA_ENC_BIP_CMAC_256; 3423 break; 3424 } 3425 } 3426} 3427 3428 3429static void wiphy_info_max_roc(struct wpa_driver_capa *capa, 3430 struct nlattr *tb) 3431{ 3432 if (tb) 3433 capa->max_remain_on_chan = nla_get_u32(tb); 3434} 3435 3436 3437static void wiphy_info_tdls(struct wpa_driver_capa *capa, struct nlattr *tdls, 3438 struct nlattr *ext_setup) 3439{ 3440 if (tdls == NULL) 3441 return; 3442 3443 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported"); 3444 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT; 3445 3446 if (ext_setup) { 3447 wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup"); 3448 capa->flags |= WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP; 3449 } 3450} 3451 3452 3453static void wiphy_info_feature_flags(struct wiphy_info_data *info, 3454 struct nlattr *tb) 3455{ 3456 u32 flags; 3457 struct wpa_driver_capa *capa = info->capa; 3458 3459 if (tb == NULL) 3460 return; 3461 3462 flags = nla_get_u32(tb); 3463 3464 if (flags & NL80211_FEATURE_SK_TX_STATUS) 3465 info->data_tx_status = 1; 3466 3467 if (flags & NL80211_FEATURE_INACTIVITY_TIMER) 3468 capa->flags |= WPA_DRIVER_FLAGS_INACTIVITY_TIMER; 3469 3470 if (flags & NL80211_FEATURE_SAE) 3471 capa->flags |= WPA_DRIVER_FLAGS_SAE; 3472 3473 if (flags & NL80211_FEATURE_NEED_OBSS_SCAN) 3474 capa->flags |= WPA_DRIVER_FLAGS_OBSS_SCAN; 3475} 3476 3477 3478static void wiphy_info_probe_resp_offload(struct wpa_driver_capa *capa, 3479 struct nlattr *tb) 3480{ 3481 u32 protocols; 3482 3483 if (tb == NULL) 3484 return; 3485 3486 protocols = nla_get_u32(tb); 3487 wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response offload in AP " 3488 "mode"); 3489 capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD; 3490 capa->probe_resp_offloads = probe_resp_offload_support(protocols); 3491} 3492 3493 3494static int wiphy_info_handler(struct nl_msg *msg, void *arg) 3495{ 3496 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3497 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3498 struct wiphy_info_data *info = arg; 3499 struct wpa_driver_capa *capa = info->capa; 3500 struct wpa_driver_nl80211_data *drv = info->drv; 3501 3502 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3503 genlmsg_attrlen(gnlh, 0), NULL); 3504 3505 if (tb[NL80211_ATTR_WIPHY_NAME]) 3506 os_strlcpy(drv->phyname, 3507 nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]), 3508 sizeof(drv->phyname)); 3509 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 3510 capa->max_scan_ssids = 3511 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 3512 3513 if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]) 3514 capa->max_sched_scan_ssids = 3515 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]); 3516 3517 if (tb[NL80211_ATTR_MAX_MATCH_SETS]) 3518 capa->max_match_sets = 3519 nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]); 3520 3521 if (tb[NL80211_ATTR_MAC_ACL_MAX]) 3522 capa->max_acl_mac_addrs = 3523 nla_get_u8(tb[NL80211_ATTR_MAC_ACL_MAX]); 3524 3525 wiphy_info_supported_iftypes(info, tb[NL80211_ATTR_SUPPORTED_IFTYPES]); 3526 wiphy_info_iface_comb(info, tb[NL80211_ATTR_INTERFACE_COMBINATIONS]); 3527 wiphy_info_supp_cmds(info, tb[NL80211_ATTR_SUPPORTED_COMMANDS]); 3528 wiphy_info_cipher_suites(info, tb[NL80211_ATTR_CIPHER_SUITES]); 3529 3530 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) { 3531 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based " 3532 "off-channel TX"); 3533 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 3534 } 3535 3536 if (tb[NL80211_ATTR_ROAM_SUPPORT]) { 3537 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming"); 3538 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION; 3539 } 3540 3541 wiphy_info_max_roc(capa, 3542 tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]); 3543 3544 if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD]) 3545 capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD; 3546 3547 wiphy_info_tdls(capa, tb[NL80211_ATTR_TDLS_SUPPORT], 3548 tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]); 3549 3550 if (tb[NL80211_ATTR_DEVICE_AP_SME]) 3551 info->device_ap_sme = 1; 3552 3553 wiphy_info_feature_flags(info, tb[NL80211_ATTR_FEATURE_FLAGS]); 3554 wiphy_info_probe_resp_offload(capa, 3555 tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]); 3556 3557 if (tb[NL80211_ATTR_EXT_CAPA] && tb[NL80211_ATTR_EXT_CAPA_MASK] && 3558 drv->extended_capa == NULL) { 3559 drv->extended_capa = 3560 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3561 if (drv->extended_capa) { 3562 os_memcpy(drv->extended_capa, 3563 nla_data(tb[NL80211_ATTR_EXT_CAPA]), 3564 nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3565 drv->extended_capa_len = 3566 nla_len(tb[NL80211_ATTR_EXT_CAPA]); 3567 } 3568 drv->extended_capa_mask = 3569 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3570 if (drv->extended_capa_mask) { 3571 os_memcpy(drv->extended_capa_mask, 3572 nla_data(tb[NL80211_ATTR_EXT_CAPA]), 3573 nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3574 } else { 3575 os_free(drv->extended_capa); 3576 drv->extended_capa = NULL; 3577 drv->extended_capa_len = 0; 3578 } 3579 } 3580 3581 if (tb[NL80211_ATTR_VENDOR_DATA]) { 3582 struct nlattr *nl; 3583 int rem; 3584 3585 nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_DATA], rem) { 3586 struct nl80211_vendor_cmd_info *vinfo; 3587 if (nla_len(nl) != sizeof(vinfo)) { 3588 wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info"); 3589 continue; 3590 } 3591 vinfo = nla_data(nl); 3592 wpa_printf(MSG_DEBUG, "nl80211: Supported vendor command: vendor_id=0x%x subcmd=%u", 3593 vinfo->vendor_id, vinfo->subcmd); 3594 } 3595 } 3596 3597 if (tb[NL80211_ATTR_VENDOR_EVENTS]) { 3598 struct nlattr *nl; 3599 int rem; 3600 3601 nla_for_each_nested(nl, tb[NL80211_ATTR_VENDOR_EVENTS], rem) { 3602 struct nl80211_vendor_cmd_info *vinfo; 3603 if (nla_len(nl) != sizeof(vinfo)) { 3604 wpa_printf(MSG_DEBUG, "nl80211: Unexpected vendor data info"); 3605 continue; 3606 } 3607 vinfo = nla_data(nl); 3608 wpa_printf(MSG_DEBUG, "nl80211: Supported vendor event: vendor_id=0x%x subcmd=%u", 3609 vinfo->vendor_id, vinfo->subcmd); 3610 } 3611 } 3612 3613 return NL_SKIP; 3614} 3615 3616 3617static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 3618 struct wiphy_info_data *info) 3619{ 3620 u32 feat; 3621 struct nl_msg *msg; 3622 3623 os_memset(info, 0, sizeof(*info)); 3624 info->capa = &drv->capa; 3625 info->drv = drv; 3626 3627 msg = nlmsg_alloc(); 3628 if (!msg) 3629 return -1; 3630 3631 feat = get_nl80211_protocol_features(drv); 3632 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP) 3633 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY); 3634 else 3635 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 3636 3637 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP); 3638 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 3639 goto nla_put_failure; 3640 3641 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info)) 3642 return -1; 3643 3644 if (info->auth_supported) 3645 drv->capa.flags |= WPA_DRIVER_FLAGS_SME; 3646 else if (!info->connect_supported) { 3647 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 3648 "authentication/association or connect commands"); 3649 info->error = 1; 3650 } 3651 3652 if (info->p2p_go_supported && info->p2p_client_supported) 3653 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE; 3654 if (info->p2p_concurrent) { 3655 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 3656 "interface (driver advertised support)"); 3657 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 3658 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 3659 } 3660 if (info->num_multichan_concurrent > 1) { 3661 wpa_printf(MSG_DEBUG, "nl80211: Enable multi-channel " 3662 "concurrent (driver advertised support)"); 3663 drv->capa.num_multichan_concurrent = 3664 info->num_multichan_concurrent; 3665 } 3666 3667 /* default to 5000 since early versions of mac80211 don't set it */ 3668 if (!drv->capa.max_remain_on_chan) 3669 drv->capa.max_remain_on_chan = 5000; 3670 3671 if (info->channel_switch_supported) 3672 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_CSA; 3673 3674 return 0; 3675nla_put_failure: 3676 nlmsg_free(msg); 3677 return -1; 3678} 3679 3680 3681static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 3682{ 3683 struct wiphy_info_data info; 3684 if (wpa_driver_nl80211_get_info(drv, &info)) 3685 return -1; 3686 3687 if (info.error) 3688 return -1; 3689 3690 drv->has_capability = 1; 3691 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 3692 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 3693 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 3694 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 3695 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 3696 WPA_DRIVER_AUTH_SHARED | 3697 WPA_DRIVER_AUTH_LEAP; 3698 3699 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES; 3700 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 3701 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 3702 3703 if (!info.device_ap_sme) { 3704 drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS; 3705 3706 /* 3707 * No AP SME is currently assumed to also indicate no AP MLME 3708 * in the driver/firmware. 3709 */ 3710 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_MLME; 3711 } 3712 3713 drv->device_ap_sme = info.device_ap_sme; 3714 drv->poll_command_supported = info.poll_command_supported; 3715 drv->data_tx_status = info.data_tx_status; 3716 if (info.set_qos_map_supported) 3717 drv->capa.flags |= WPA_DRIVER_FLAGS_QOS_MAPPING; 3718 3719 /* 3720 * If poll command and tx status are supported, mac80211 is new enough 3721 * to have everything we need to not need monitor interfaces. 3722 */ 3723 drv->use_monitor = !info.poll_command_supported || !info.data_tx_status; 3724 3725 if (drv->device_ap_sme && drv->use_monitor) { 3726 /* 3727 * Non-mac80211 drivers may not support monitor interface. 3728 * Make sure we do not get stuck with incorrect capability here 3729 * by explicitly testing this. 3730 */ 3731 if (!info.monitor_supported) { 3732 wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor " 3733 "with device_ap_sme since no monitor mode " 3734 "support detected"); 3735 drv->use_monitor = 0; 3736 } 3737 } 3738 3739 /* 3740 * If we aren't going to use monitor interfaces, but the 3741 * driver doesn't support data TX status, we won't get TX 3742 * status for EAPOL frames. 3743 */ 3744 if (!drv->use_monitor && !info.data_tx_status) 3745 drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 3746 3747 return 0; 3748} 3749 3750 3751#ifdef ANDROID 3752static int android_genl_ctrl_resolve(struct nl_handle *handle, 3753 const char *name) 3754{ 3755 /* 3756 * Android ICS has very minimal genl_ctrl_resolve() implementation, so 3757 * need to work around that. 3758 */ 3759 struct nl_cache *cache = NULL; 3760 struct genl_family *nl80211 = NULL; 3761 int id = -1; 3762 3763 if (genl_ctrl_alloc_cache(handle, &cache) < 0) { 3764 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 3765 "netlink cache"); 3766 goto fail; 3767 } 3768 3769 nl80211 = genl_ctrl_search_by_name(cache, name); 3770 if (nl80211 == NULL) 3771 goto fail; 3772 3773 id = genl_family_get_id(nl80211); 3774 3775fail: 3776 if (nl80211) 3777 genl_family_put(nl80211); 3778 if (cache) 3779 nl_cache_free(cache); 3780 3781 return id; 3782} 3783#define genl_ctrl_resolve android_genl_ctrl_resolve 3784#endif /* ANDROID */ 3785 3786 3787static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global) 3788{ 3789 int ret; 3790 3791 global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 3792 if (global->nl_cb == NULL) { 3793 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 3794 "callbacks"); 3795 return -1; 3796 } 3797 3798 global->nl = nl_create_handle(global->nl_cb, "nl"); 3799 if (global->nl == NULL) 3800 goto err; 3801 3802 global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211"); 3803 if (global->nl80211_id < 0) { 3804 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 3805 "found"); 3806 goto err; 3807 } 3808 3809 global->nl_event = nl_create_handle(global->nl_cb, "event"); 3810 if (global->nl_event == NULL) 3811 goto err; 3812 3813 ret = nl_get_multicast_id(global, "nl80211", "scan"); 3814 if (ret >= 0) 3815 ret = nl_socket_add_membership(global->nl_event, ret); 3816 if (ret < 0) { 3817 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 3818 "membership for scan events: %d (%s)", 3819 ret, strerror(-ret)); 3820 goto err; 3821 } 3822 3823 ret = nl_get_multicast_id(global, "nl80211", "mlme"); 3824 if (ret >= 0) 3825 ret = nl_socket_add_membership(global->nl_event, ret); 3826 if (ret < 0) { 3827 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 3828 "membership for mlme events: %d (%s)", 3829 ret, strerror(-ret)); 3830 goto err; 3831 } 3832 3833 ret = nl_get_multicast_id(global, "nl80211", "regulatory"); 3834 if (ret >= 0) 3835 ret = nl_socket_add_membership(global->nl_event, ret); 3836 if (ret < 0) { 3837 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 3838 "membership for regulatory events: %d (%s)", 3839 ret, strerror(-ret)); 3840 /* Continue without regulatory events */ 3841 } 3842 3843 ret = nl_get_multicast_id(global, "nl80211", "vendor"); 3844 if (ret >= 0) 3845 ret = nl_socket_add_membership(global->nl_event, ret); 3846 if (ret < 0) { 3847 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 3848 "membership for vendor events: %d (%s)", 3849 ret, strerror(-ret)); 3850 /* Continue without vendor events */ 3851 } 3852 3853 nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 3854 no_seq_check, NULL); 3855 nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 3856 process_global_event, global); 3857 3858 nl80211_register_eloop_read(&global->nl_event, 3859 wpa_driver_nl80211_event_receive, 3860 global->nl_cb); 3861 3862 return 0; 3863 3864err: 3865 nl_destroy_handles(&global->nl_event); 3866 nl_destroy_handles(&global->nl); 3867 nl_cb_put(global->nl_cb); 3868 global->nl_cb = NULL; 3869 return -1; 3870} 3871 3872 3873static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) 3874{ 3875 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 3876 if (!drv->nl_cb) { 3877 wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct"); 3878 return -1; 3879 } 3880 3881 nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 3882 no_seq_check, NULL); 3883 nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 3884 process_drv_event, drv); 3885 3886 return 0; 3887} 3888 3889 3890static void wpa_driver_nl80211_rfkill_blocked(void *ctx) 3891{ 3892 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); 3893 /* 3894 * This may be for any interface; use ifdown event to disable 3895 * interface. 3896 */ 3897} 3898 3899 3900static void wpa_driver_nl80211_rfkill_unblocked(void *ctx) 3901{ 3902 struct wpa_driver_nl80211_data *drv = ctx; 3903 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked"); 3904 if (i802_set_iface_flags(drv->first_bss, 1)) { 3905 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP " 3906 "after rfkill unblock"); 3907 return; 3908 } 3909 /* rtnetlink ifup handler will report interface as enabled */ 3910} 3911 3912 3913static void wpa_driver_nl80211_handle_eapol_tx_status(int sock, 3914 void *eloop_ctx, 3915 void *handle) 3916{ 3917 struct wpa_driver_nl80211_data *drv = eloop_ctx; 3918 u8 data[2048]; 3919 struct msghdr msg; 3920 struct iovec entry; 3921 u8 control[512]; 3922 struct cmsghdr *cmsg; 3923 int res, found_ee = 0, found_wifi = 0, acked = 0; 3924 union wpa_event_data event; 3925 3926 memset(&msg, 0, sizeof(msg)); 3927 msg.msg_iov = &entry; 3928 msg.msg_iovlen = 1; 3929 entry.iov_base = data; 3930 entry.iov_len = sizeof(data); 3931 msg.msg_control = &control; 3932 msg.msg_controllen = sizeof(control); 3933 3934 res = recvmsg(sock, &msg, MSG_ERRQUEUE); 3935 /* if error or not fitting 802.3 header, return */ 3936 if (res < 14) 3937 return; 3938 3939 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) 3940 { 3941 if (cmsg->cmsg_level == SOL_SOCKET && 3942 cmsg->cmsg_type == SCM_WIFI_STATUS) { 3943 int *ack; 3944 3945 found_wifi = 1; 3946 ack = (void *)CMSG_DATA(cmsg); 3947 acked = *ack; 3948 } 3949 3950 if (cmsg->cmsg_level == SOL_PACKET && 3951 cmsg->cmsg_type == PACKET_TX_TIMESTAMP) { 3952 struct sock_extended_err *err = 3953 (struct sock_extended_err *)CMSG_DATA(cmsg); 3954 3955 if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS) 3956 found_ee = 1; 3957 } 3958 } 3959 3960 if (!found_ee || !found_wifi) 3961 return; 3962 3963 memset(&event, 0, sizeof(event)); 3964 event.eapol_tx_status.dst = data; 3965 event.eapol_tx_status.data = data + 14; 3966 event.eapol_tx_status.data_len = res - 14; 3967 event.eapol_tx_status.ack = acked; 3968 wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event); 3969} 3970 3971 3972static int nl80211_init_bss(struct i802_bss *bss) 3973{ 3974 bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 3975 if (!bss->nl_cb) 3976 return -1; 3977 3978 nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 3979 no_seq_check, NULL); 3980 nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 3981 process_bss_event, bss); 3982 3983 return 0; 3984} 3985 3986 3987static void nl80211_destroy_bss(struct i802_bss *bss) 3988{ 3989 nl_cb_put(bss->nl_cb); 3990 bss->nl_cb = NULL; 3991} 3992 3993 3994static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname, 3995 void *global_priv, int hostapd, 3996 const u8 *set_addr) 3997{ 3998 struct wpa_driver_nl80211_data *drv; 3999 struct rfkill_config *rcfg; 4000 struct i802_bss *bss; 4001 4002 if (global_priv == NULL) 4003 return NULL; 4004 drv = os_zalloc(sizeof(*drv)); 4005 if (drv == NULL) 4006 return NULL; 4007 drv->global = global_priv; 4008 drv->ctx = ctx; 4009 drv->hostapd = !!hostapd; 4010 drv->eapol_sock = -1; 4011 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 4012 drv->if_indices = drv->default_if_indices; 4013 4014 drv->first_bss = os_zalloc(sizeof(*drv->first_bss)); 4015 if (!drv->first_bss) { 4016 os_free(drv); 4017 return NULL; 4018 } 4019 bss = drv->first_bss; 4020 bss->drv = drv; 4021 bss->ctx = ctx; 4022 4023 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 4024 drv->monitor_ifidx = -1; 4025 drv->monitor_sock = -1; 4026 drv->eapol_tx_sock = -1; 4027 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 4028 4029 if (wpa_driver_nl80211_init_nl(drv)) { 4030 os_free(drv); 4031 return NULL; 4032 } 4033 4034 if (nl80211_init_bss(bss)) 4035 goto failed; 4036 4037 rcfg = os_zalloc(sizeof(*rcfg)); 4038 if (rcfg == NULL) 4039 goto failed; 4040 rcfg->ctx = drv; 4041 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 4042 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked; 4043 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked; 4044 drv->rfkill = rfkill_init(rcfg); 4045 if (drv->rfkill == NULL) { 4046 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available"); 4047 os_free(rcfg); 4048 } 4049 4050 if (linux_iface_up(drv->global->ioctl_sock, ifname) > 0) 4051 drv->start_iface_up = 1; 4052 4053 if (wpa_driver_nl80211_finish_drv_init(drv, set_addr, 1)) 4054 goto failed; 4055 4056 drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0); 4057 if (drv->eapol_tx_sock < 0) 4058 goto failed; 4059 4060 if (drv->data_tx_status) { 4061 int enabled = 1; 4062 4063 if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS, 4064 &enabled, sizeof(enabled)) < 0) { 4065 wpa_printf(MSG_DEBUG, 4066 "nl80211: wifi status sockopt failed\n"); 4067 drv->data_tx_status = 0; 4068 if (!drv->use_monitor) 4069 drv->capa.flags &= 4070 ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 4071 } else { 4072 eloop_register_read_sock(drv->eapol_tx_sock, 4073 wpa_driver_nl80211_handle_eapol_tx_status, 4074 drv, NULL); 4075 } 4076 } 4077 4078 if (drv->global) { 4079 dl_list_add(&drv->global->interfaces, &drv->list); 4080 drv->in_interface_list = 1; 4081 } 4082 4083 return bss; 4084 4085failed: 4086 wpa_driver_nl80211_deinit(bss); 4087 return NULL; 4088} 4089 4090 4091/** 4092 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 4093 * @ctx: context to be used when calling wpa_supplicant functions, 4094 * e.g., wpa_supplicant_event() 4095 * @ifname: interface name, e.g., wlan0 4096 * @global_priv: private driver global data from global_init() 4097 * Returns: Pointer to private data, %NULL on failure 4098 */ 4099static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, 4100 void *global_priv) 4101{ 4102 return wpa_driver_nl80211_drv_init(ctx, ifname, global_priv, 0, NULL); 4103} 4104 4105 4106static int nl80211_register_frame(struct i802_bss *bss, 4107 struct nl_handle *nl_handle, 4108 u16 type, const u8 *match, size_t match_len) 4109{ 4110 struct wpa_driver_nl80211_data *drv = bss->drv; 4111 struct nl_msg *msg; 4112 int ret = -1; 4113 char buf[30]; 4114 4115 msg = nlmsg_alloc(); 4116 if (!msg) 4117 return -1; 4118 4119 buf[0] = '\0'; 4120 wpa_snprintf_hex(buf, sizeof(buf), match, match_len); 4121 wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x nl_handle=%p match=%s", 4122 type, nl_handle, buf); 4123 4124 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION); 4125 4126 if (nl80211_set_iface_id(msg, bss) < 0) 4127 goto nla_put_failure; 4128 4129 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type); 4130 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 4131 4132 ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL); 4133 msg = NULL; 4134 if (ret) { 4135 wpa_printf(MSG_DEBUG, "nl80211: Register frame command " 4136 "failed (type=%u): ret=%d (%s)", 4137 type, ret, strerror(-ret)); 4138 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 4139 match, match_len); 4140 goto nla_put_failure; 4141 } 4142 ret = 0; 4143nla_put_failure: 4144 nlmsg_free(msg); 4145 return ret; 4146} 4147 4148 4149static int nl80211_alloc_mgmt_handle(struct i802_bss *bss) 4150{ 4151 struct wpa_driver_nl80211_data *drv = bss->drv; 4152 4153 if (bss->nl_mgmt) { 4154 wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting " 4155 "already on! (nl_mgmt=%p)", bss->nl_mgmt); 4156 return -1; 4157 } 4158 4159 bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt"); 4160 if (bss->nl_mgmt == NULL) 4161 return -1; 4162 4163 return 0; 4164} 4165 4166 4167static void nl80211_mgmt_handle_register_eloop(struct i802_bss *bss) 4168{ 4169 nl80211_register_eloop_read(&bss->nl_mgmt, 4170 wpa_driver_nl80211_event_receive, 4171 bss->nl_cb); 4172} 4173 4174 4175static int nl80211_register_action_frame(struct i802_bss *bss, 4176 const u8 *match, size_t match_len) 4177{ 4178 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4); 4179 return nl80211_register_frame(bss, bss->nl_mgmt, 4180 type, match, match_len); 4181} 4182 4183 4184static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss) 4185{ 4186 struct wpa_driver_nl80211_data *drv = bss->drv; 4187 int ret = 0; 4188 4189 if (nl80211_alloc_mgmt_handle(bss)) 4190 return -1; 4191 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP " 4192 "handle %p", bss->nl_mgmt); 4193 4194 if (drv->nlmode == NL80211_IFTYPE_ADHOC) { 4195 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4); 4196 4197 /* register for any AUTH message */ 4198 nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0); 4199 } 4200 4201#ifdef CONFIG_INTERWORKING 4202 /* QoS Map Configure */ 4203 if (nl80211_register_action_frame(bss, (u8 *) "\x01\x04", 2) < 0) 4204 ret = -1; 4205#endif /* CONFIG_INTERWORKING */ 4206#if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING) 4207 /* GAS Initial Request */ 4208 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0) 4209 ret = -1; 4210 /* GAS Initial Response */ 4211 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0) 4212 ret = -1; 4213 /* GAS Comeback Request */ 4214 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0) 4215 ret = -1; 4216 /* GAS Comeback Response */ 4217 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0) 4218 ret = -1; 4219#endif /* CONFIG_P2P || CONFIG_INTERWORKING */ 4220#ifdef CONFIG_P2P 4221 /* P2P Public Action */ 4222 if (nl80211_register_action_frame(bss, 4223 (u8 *) "\x04\x09\x50\x6f\x9a\x09", 4224 6) < 0) 4225 ret = -1; 4226 /* P2P Action */ 4227 if (nl80211_register_action_frame(bss, 4228 (u8 *) "\x7f\x50\x6f\x9a\x09", 4229 5) < 0) 4230 ret = -1; 4231#endif /* CONFIG_P2P */ 4232#ifdef CONFIG_IEEE80211W 4233 /* SA Query Response */ 4234 if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0) 4235 ret = -1; 4236#endif /* CONFIG_IEEE80211W */ 4237#ifdef CONFIG_TDLS 4238 if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) { 4239 /* TDLS Discovery Response */ 4240 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) < 4241 0) 4242 ret = -1; 4243 } 4244#endif /* CONFIG_TDLS */ 4245 4246 /* FT Action frames */ 4247 if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0) 4248 ret = -1; 4249 else 4250 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 4251 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 4252 4253 /* WNM - BSS Transition Management Request */ 4254 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0) 4255 ret = -1; 4256 /* WNM-Sleep Mode Response */ 4257 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0) 4258 ret = -1; 4259 4260 nl80211_mgmt_handle_register_eloop(bss); 4261 4262 return ret; 4263} 4264 4265 4266static int nl80211_register_spurious_class3(struct i802_bss *bss) 4267{ 4268 struct wpa_driver_nl80211_data *drv = bss->drv; 4269 struct nl_msg *msg; 4270 int ret = -1; 4271 4272 msg = nlmsg_alloc(); 4273 if (!msg) 4274 return -1; 4275 4276 nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME); 4277 4278 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 4279 4280 ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL); 4281 msg = NULL; 4282 if (ret) { 4283 wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 " 4284 "failed: ret=%d (%s)", 4285 ret, strerror(-ret)); 4286 goto nla_put_failure; 4287 } 4288 ret = 0; 4289nla_put_failure: 4290 nlmsg_free(msg); 4291 return ret; 4292} 4293 4294 4295static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss) 4296{ 4297 static const int stypes[] = { 4298 WLAN_FC_STYPE_AUTH, 4299 WLAN_FC_STYPE_ASSOC_REQ, 4300 WLAN_FC_STYPE_REASSOC_REQ, 4301 WLAN_FC_STYPE_DISASSOC, 4302 WLAN_FC_STYPE_DEAUTH, 4303 WLAN_FC_STYPE_ACTION, 4304 WLAN_FC_STYPE_PROBE_REQ, 4305/* Beacon doesn't work as mac80211 doesn't currently allow 4306 * it, but it wouldn't really be the right thing anyway as 4307 * it isn't per interface ... maybe just dump the scan 4308 * results periodically for OLBC? 4309 */ 4310// WLAN_FC_STYPE_BEACON, 4311 }; 4312 unsigned int i; 4313 4314 if (nl80211_alloc_mgmt_handle(bss)) 4315 return -1; 4316 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 4317 "handle %p", bss->nl_mgmt); 4318 4319 for (i = 0; i < ARRAY_SIZE(stypes); i++) { 4320 if (nl80211_register_frame(bss, bss->nl_mgmt, 4321 (WLAN_FC_TYPE_MGMT << 2) | 4322 (stypes[i] << 4), 4323 NULL, 0) < 0) { 4324 goto out_err; 4325 } 4326 } 4327 4328 if (nl80211_register_spurious_class3(bss)) 4329 goto out_err; 4330 4331 if (nl80211_get_wiphy_data_ap(bss) == NULL) 4332 goto out_err; 4333 4334 nl80211_mgmt_handle_register_eloop(bss); 4335 return 0; 4336 4337out_err: 4338 nl_destroy_handles(&bss->nl_mgmt); 4339 return -1; 4340} 4341 4342 4343static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss) 4344{ 4345 if (nl80211_alloc_mgmt_handle(bss)) 4346 return -1; 4347 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 4348 "handle %p (device SME)", bss->nl_mgmt); 4349 4350 if (nl80211_register_frame(bss, bss->nl_mgmt, 4351 (WLAN_FC_TYPE_MGMT << 2) | 4352 (WLAN_FC_STYPE_ACTION << 4), 4353 NULL, 0) < 0) 4354 goto out_err; 4355 4356 nl80211_mgmt_handle_register_eloop(bss); 4357 return 0; 4358 4359out_err: 4360 nl_destroy_handles(&bss->nl_mgmt); 4361 return -1; 4362} 4363 4364 4365static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason) 4366{ 4367 if (bss->nl_mgmt == NULL) 4368 return; 4369 wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p " 4370 "(%s)", bss->nl_mgmt, reason); 4371 nl80211_destroy_eloop_handle(&bss->nl_mgmt); 4372 4373 nl80211_put_wiphy_data_ap(bss); 4374} 4375 4376 4377static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx) 4378{ 4379 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 4380} 4381 4382 4383static void nl80211_del_p2pdev(struct i802_bss *bss) 4384{ 4385 struct wpa_driver_nl80211_data *drv = bss->drv; 4386 struct nl_msg *msg; 4387 int ret; 4388 4389 msg = nlmsg_alloc(); 4390 if (!msg) 4391 return; 4392 4393 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 4394 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 4395 4396 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4397 msg = NULL; 4398 4399 wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s", 4400 bss->ifname, (long long unsigned int) bss->wdev_id, 4401 strerror(-ret)); 4402 4403nla_put_failure: 4404 nlmsg_free(msg); 4405} 4406 4407 4408static int nl80211_set_p2pdev(struct i802_bss *bss, int start) 4409{ 4410 struct wpa_driver_nl80211_data *drv = bss->drv; 4411 struct nl_msg *msg; 4412 int ret = -1; 4413 4414 msg = nlmsg_alloc(); 4415 if (!msg) 4416 return -1; 4417 4418 if (start) 4419 nl80211_cmd(drv, msg, 0, NL80211_CMD_START_P2P_DEVICE); 4420 else 4421 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_P2P_DEVICE); 4422 4423 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 4424 4425 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4426 msg = NULL; 4427 4428 wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s", 4429 start ? "Start" : "Stop", 4430 bss->ifname, (long long unsigned int) bss->wdev_id, 4431 strerror(-ret)); 4432 4433nla_put_failure: 4434 nlmsg_free(msg); 4435 return ret; 4436} 4437 4438 4439static int i802_set_iface_flags(struct i802_bss *bss, int up) 4440{ 4441 enum nl80211_iftype nlmode; 4442 4443 nlmode = nl80211_get_ifmode(bss); 4444 if (nlmode != NL80211_IFTYPE_P2P_DEVICE) { 4445 return linux_set_iface_flags(bss->drv->global->ioctl_sock, 4446 bss->ifname, up); 4447 } 4448 4449 /* P2P Device has start/stop which is equivalent */ 4450 return nl80211_set_p2pdev(bss, up); 4451} 4452 4453 4454static int 4455wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv, 4456 const u8 *set_addr, int first) 4457{ 4458 struct i802_bss *bss = drv->first_bss; 4459 int send_rfkill_event = 0; 4460 enum nl80211_iftype nlmode; 4461 4462 drv->ifindex = if_nametoindex(bss->ifname); 4463 bss->ifindex = drv->ifindex; 4464 bss->wdev_id = drv->global->if_add_wdevid; 4465 bss->wdev_id_set = drv->global->if_add_wdevid_set; 4466 4467 bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex; 4468 bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set; 4469 drv->global->if_add_wdevid_set = 0; 4470 4471 if (wpa_driver_nl80211_capa(drv)) 4472 return -1; 4473 4474 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s", 4475 bss->ifname, drv->phyname); 4476 4477 if (set_addr && 4478 (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) || 4479 linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 4480 set_addr))) 4481 return -1; 4482 4483 if (first && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP) 4484 drv->start_mode_ap = 1; 4485 4486 if (drv->hostapd) 4487 nlmode = NL80211_IFTYPE_AP; 4488 else if (bss->if_dynamic) 4489 nlmode = nl80211_get_ifmode(bss); 4490 else 4491 nlmode = NL80211_IFTYPE_STATION; 4492 4493 if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) { 4494 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver mode"); 4495 return -1; 4496 } 4497 4498 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) { 4499 int ret = nl80211_set_p2pdev(bss, 1); 4500 if (ret < 0) 4501 wpa_printf(MSG_ERROR, "nl80211: Could not start P2P device"); 4502 nl80211_get_macaddr(bss); 4503 return ret; 4504 } 4505 4506 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) { 4507 if (rfkill_is_blocked(drv->rfkill)) { 4508 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable " 4509 "interface '%s' due to rfkill", 4510 bss->ifname); 4511 drv->if_disabled = 1; 4512 send_rfkill_event = 1; 4513 } else { 4514 wpa_printf(MSG_ERROR, "nl80211: Could not set " 4515 "interface '%s' UP", bss->ifname); 4516 return -1; 4517 } 4518 } 4519 4520 if (!drv->hostapd) 4521 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 4522 1, IF_OPER_DORMANT); 4523 4524 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 4525 bss->addr)) 4526 return -1; 4527 4528 if (send_rfkill_event) { 4529 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill, 4530 drv, drv->ctx); 4531 } 4532 4533 return 0; 4534} 4535 4536 4537static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 4538{ 4539 struct nl_msg *msg; 4540 4541 msg = nlmsg_alloc(); 4542 if (!msg) 4543 return -ENOMEM; 4544 4545 wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)", 4546 drv->ifindex); 4547 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON); 4548 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4549 4550 return send_and_recv_msgs(drv, msg, NULL, NULL); 4551 nla_put_failure: 4552 nlmsg_free(msg); 4553 return -ENOBUFS; 4554} 4555 4556 4557/** 4558 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 4559 * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init() 4560 * 4561 * Shut down driver interface and processing of driver events. Free 4562 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 4563 */ 4564static void wpa_driver_nl80211_deinit(struct i802_bss *bss) 4565{ 4566 struct wpa_driver_nl80211_data *drv = bss->drv; 4567 4568 bss->in_deinit = 1; 4569 if (drv->data_tx_status) 4570 eloop_unregister_read_sock(drv->eapol_tx_sock); 4571 if (drv->eapol_tx_sock >= 0) 4572 close(drv->eapol_tx_sock); 4573 4574 if (bss->nl_preq) 4575 wpa_driver_nl80211_probe_req_report(bss, 0); 4576 if (bss->added_if_into_bridge) { 4577 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 4578 bss->ifname) < 0) 4579 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 4580 "interface %s from bridge %s: %s", 4581 bss->ifname, bss->brname, strerror(errno)); 4582 } 4583 if (bss->added_bridge) { 4584 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 4585 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 4586 "bridge %s: %s", 4587 bss->brname, strerror(errno)); 4588 } 4589 4590 nl80211_remove_monitor_interface(drv); 4591 4592 if (is_ap_interface(drv->nlmode)) 4593 wpa_driver_nl80211_del_beacon(drv); 4594 4595 if (drv->eapol_sock >= 0) { 4596 eloop_unregister_read_sock(drv->eapol_sock); 4597 close(drv->eapol_sock); 4598 } 4599 4600 if (drv->if_indices != drv->default_if_indices) 4601 os_free(drv->if_indices); 4602 4603 if (drv->disabled_11b_rates) 4604 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 4605 4606 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0, 4607 IF_OPER_UP); 4608 rfkill_deinit(drv->rfkill); 4609 4610 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 4611 4612 if (!drv->start_iface_up) 4613 (void) i802_set_iface_flags(bss, 0); 4614 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) { 4615 if (!drv->hostapd || !drv->start_mode_ap) 4616 wpa_driver_nl80211_set_mode(bss, 4617 NL80211_IFTYPE_STATION); 4618 nl80211_mgmt_unsubscribe(bss, "deinit"); 4619 } else { 4620 nl80211_mgmt_unsubscribe(bss, "deinit"); 4621 nl80211_del_p2pdev(bss); 4622 } 4623 nl_cb_put(drv->nl_cb); 4624 4625 nl80211_destroy_bss(drv->first_bss); 4626 4627 os_free(drv->filter_ssids); 4628 4629 os_free(drv->auth_ie); 4630 4631 if (drv->in_interface_list) 4632 dl_list_del(&drv->list); 4633 4634 os_free(drv->extended_capa); 4635 os_free(drv->extended_capa_mask); 4636 os_free(drv->first_bss); 4637 os_free(drv); 4638} 4639 4640 4641/** 4642 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 4643 * @eloop_ctx: Driver private data 4644 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 4645 * 4646 * This function can be used as registered timeout when starting a scan to 4647 * generate a scan completed event if the driver does not report this. 4648 */ 4649static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 4650{ 4651 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4652 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) { 4653 wpa_driver_nl80211_set_mode(drv->first_bss, 4654 drv->ap_scan_as_station); 4655 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 4656 } 4657 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 4658 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 4659} 4660 4661 4662static struct nl_msg * 4663nl80211_scan_common(struct wpa_driver_nl80211_data *drv, u8 cmd, 4664 struct wpa_driver_scan_params *params, u64 *wdev_id) 4665{ 4666 struct nl_msg *msg; 4667 size_t i; 4668 4669 msg = nlmsg_alloc(); 4670 if (!msg) 4671 return NULL; 4672 4673 nl80211_cmd(drv, msg, 0, cmd); 4674 4675 if (!wdev_id) 4676 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4677 else 4678 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, *wdev_id); 4679 4680 if (params->num_ssids) { 4681 struct nlattr *ssids; 4682 4683 ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 4684 if (ssids == NULL) 4685 goto fail; 4686 for (i = 0; i < params->num_ssids; i++) { 4687 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 4688 params->ssids[i].ssid, 4689 params->ssids[i].ssid_len); 4690 if (nla_put(msg, i + 1, params->ssids[i].ssid_len, 4691 params->ssids[i].ssid) < 0) 4692 goto fail; 4693 } 4694 nla_nest_end(msg, ssids); 4695 } 4696 4697 if (params->extra_ies) { 4698 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", 4699 params->extra_ies, params->extra_ies_len); 4700 if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len, 4701 params->extra_ies) < 0) 4702 goto fail; 4703 } 4704 4705 if (params->freqs) { 4706 struct nlattr *freqs; 4707 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 4708 if (freqs == NULL) 4709 goto fail; 4710 for (i = 0; params->freqs[i]; i++) { 4711 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 4712 "MHz", params->freqs[i]); 4713 if (nla_put_u32(msg, i + 1, params->freqs[i]) < 0) 4714 goto fail; 4715 } 4716 nla_nest_end(msg, freqs); 4717 } 4718 4719 os_free(drv->filter_ssids); 4720 drv->filter_ssids = params->filter_ssids; 4721 params->filter_ssids = NULL; 4722 drv->num_filter_ssids = params->num_filter_ssids; 4723 4724 if (params->only_new_results) { 4725 wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_FLUSH"); 4726 NLA_PUT_U32(msg, NL80211_ATTR_SCAN_FLAGS, 4727 NL80211_SCAN_FLAG_FLUSH); 4728 } 4729 4730 return msg; 4731 4732fail: 4733nla_put_failure: 4734 nlmsg_free(msg); 4735 return NULL; 4736} 4737 4738 4739/** 4740 * wpa_driver_nl80211_scan - Request the driver to initiate scan 4741 * @bss: Pointer to private driver data from wpa_driver_nl80211_init() 4742 * @params: Scan parameters 4743 * Returns: 0 on success, -1 on failure 4744 */ 4745static int wpa_driver_nl80211_scan(struct i802_bss *bss, 4746 struct wpa_driver_scan_params *params) 4747{ 4748 struct wpa_driver_nl80211_data *drv = bss->drv; 4749 int ret = -1, timeout; 4750 struct nl_msg *msg = NULL; 4751 4752 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request"); 4753 drv->scan_for_auth = 0; 4754 4755 msg = nl80211_scan_common(drv, NL80211_CMD_TRIGGER_SCAN, params, 4756 bss->wdev_id_set ? &bss->wdev_id : NULL); 4757 if (!msg) 4758 return -1; 4759 4760 if (params->p2p_probe) { 4761 struct nlattr *rates; 4762 4763 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates"); 4764 4765 rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES); 4766 if (rates == NULL) 4767 goto nla_put_failure; 4768 4769 /* 4770 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates 4771 * by masking out everything else apart from the OFDM rates 6, 4772 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz 4773 * rates are left enabled. 4774 */ 4775 NLA_PUT(msg, NL80211_BAND_2GHZ, 8, 4776 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 4777 nla_nest_end(msg, rates); 4778 4779 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 4780 } 4781 4782 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4783 msg = NULL; 4784 if (ret) { 4785 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 4786 "(%s)", ret, strerror(-ret)); 4787 if (drv->hostapd && is_ap_interface(drv->nlmode)) { 4788 /* 4789 * mac80211 does not allow scan requests in AP mode, so 4790 * try to do this in station mode. 4791 */ 4792 if (wpa_driver_nl80211_set_mode( 4793 bss, NL80211_IFTYPE_STATION)) 4794 goto nla_put_failure; 4795 4796 if (wpa_driver_nl80211_scan(bss, params)) { 4797 wpa_driver_nl80211_set_mode(bss, drv->nlmode); 4798 goto nla_put_failure; 4799 } 4800 4801 /* Restore AP mode when processing scan results */ 4802 drv->ap_scan_as_station = drv->nlmode; 4803 ret = 0; 4804 } else 4805 goto nla_put_failure; 4806 } 4807 4808 drv->scan_state = SCAN_REQUESTED; 4809 /* Not all drivers generate "scan completed" wireless event, so try to 4810 * read results after a timeout. */ 4811 timeout = 10; 4812 if (drv->scan_complete_events) { 4813 /* 4814 * The driver seems to deliver events to notify when scan is 4815 * complete, so use longer timeout to avoid race conditions 4816 * with scanning and following association request. 4817 */ 4818 timeout = 30; 4819 } 4820 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 4821 "seconds", ret, timeout); 4822 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 4823 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 4824 drv, drv->ctx); 4825 4826nla_put_failure: 4827 nlmsg_free(msg); 4828 return ret; 4829} 4830 4831 4832/** 4833 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan 4834 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 4835 * @params: Scan parameters 4836 * @interval: Interval between scan cycles in milliseconds 4837 * Returns: 0 on success, -1 on failure or if not supported 4838 */ 4839static int wpa_driver_nl80211_sched_scan(void *priv, 4840 struct wpa_driver_scan_params *params, 4841 u32 interval) 4842{ 4843 struct i802_bss *bss = priv; 4844 struct wpa_driver_nl80211_data *drv = bss->drv; 4845 int ret = -1; 4846 struct nl_msg *msg; 4847 size_t i; 4848 4849 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request"); 4850 4851#ifdef ANDROID 4852 if (!drv->capa.sched_scan_supported) 4853 return android_pno_start(bss, params); 4854#endif /* ANDROID */ 4855 4856 msg = nl80211_scan_common(drv, NL80211_CMD_START_SCHED_SCAN, params, 4857 bss->wdev_id_set ? &bss->wdev_id : NULL); 4858 if (!msg) 4859 goto nla_put_failure; 4860 4861 NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval); 4862 4863 if ((drv->num_filter_ssids && 4864 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) || 4865 params->filter_rssi) { 4866 struct nlattr *match_sets; 4867 match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH); 4868 if (match_sets == NULL) 4869 goto nla_put_failure; 4870 4871 for (i = 0; i < drv->num_filter_ssids; i++) { 4872 struct nlattr *match_set_ssid; 4873 wpa_hexdump_ascii(MSG_MSGDUMP, 4874 "nl80211: Sched scan filter SSID", 4875 drv->filter_ssids[i].ssid, 4876 drv->filter_ssids[i].ssid_len); 4877 4878 match_set_ssid = nla_nest_start(msg, i + 1); 4879 if (match_set_ssid == NULL) 4880 goto nla_put_failure; 4881 NLA_PUT(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID, 4882 drv->filter_ssids[i].ssid_len, 4883 drv->filter_ssids[i].ssid); 4884 4885 nla_nest_end(msg, match_set_ssid); 4886 } 4887 4888 if (params->filter_rssi) { 4889 struct nlattr *match_set_rssi; 4890 match_set_rssi = nla_nest_start(msg, 0); 4891 if (match_set_rssi == NULL) 4892 goto nla_put_failure; 4893 NLA_PUT_U32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 4894 params->filter_rssi); 4895 wpa_printf(MSG_MSGDUMP, 4896 "nl80211: Sched scan RSSI filter %d dBm", 4897 params->filter_rssi); 4898 nla_nest_end(msg, match_set_rssi); 4899 } 4900 4901 nla_nest_end(msg, match_sets); 4902 } 4903 4904 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4905 4906 /* TODO: if we get an error here, we should fall back to normal scan */ 4907 4908 msg = NULL; 4909 if (ret) { 4910 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: " 4911 "ret=%d (%s)", ret, strerror(-ret)); 4912 goto nla_put_failure; 4913 } 4914 4915 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - " 4916 "scan interval %d msec", ret, interval); 4917 4918nla_put_failure: 4919 nlmsg_free(msg); 4920 return ret; 4921} 4922 4923 4924/** 4925 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan 4926 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 4927 * Returns: 0 on success, -1 on failure or if not supported 4928 */ 4929static int wpa_driver_nl80211_stop_sched_scan(void *priv) 4930{ 4931 struct i802_bss *bss = priv; 4932 struct wpa_driver_nl80211_data *drv = bss->drv; 4933 int ret = 0; 4934 struct nl_msg *msg; 4935 4936#ifdef ANDROID 4937 if (!drv->capa.sched_scan_supported) 4938 return android_pno_stop(bss); 4939#endif /* ANDROID */ 4940 4941 msg = nlmsg_alloc(); 4942 if (!msg) 4943 return -1; 4944 4945 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN); 4946 4947 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4948 4949 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4950 msg = NULL; 4951 if (ret) { 4952 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: " 4953 "ret=%d (%s)", ret, strerror(-ret)); 4954 goto nla_put_failure; 4955 } 4956 4957 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret); 4958 4959nla_put_failure: 4960 nlmsg_free(msg); 4961 return ret; 4962} 4963 4964 4965static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 4966{ 4967 const u8 *end, *pos; 4968 4969 if (ies == NULL) 4970 return NULL; 4971 4972 pos = ies; 4973 end = ies + ies_len; 4974 4975 while (pos + 1 < end) { 4976 if (pos + 2 + pos[1] > end) 4977 break; 4978 if (pos[0] == ie) 4979 return pos; 4980 pos += 2 + pos[1]; 4981 } 4982 4983 return NULL; 4984} 4985 4986 4987static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 4988 const u8 *ie, size_t ie_len) 4989{ 4990 const u8 *ssid; 4991 size_t i; 4992 4993 if (drv->filter_ssids == NULL) 4994 return 0; 4995 4996 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 4997 if (ssid == NULL) 4998 return 1; 4999 5000 for (i = 0; i < drv->num_filter_ssids; i++) { 5001 if (ssid[1] == drv->filter_ssids[i].ssid_len && 5002 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 5003 0) 5004 return 0; 5005 } 5006 5007 return 1; 5008} 5009 5010 5011static int bss_info_handler(struct nl_msg *msg, void *arg) 5012{ 5013 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 5014 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5015 struct nlattr *bss[NL80211_BSS_MAX + 1]; 5016 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 5017 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 5018 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 5019 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 5020 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 5021 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 5022 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 5023 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 5024 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 5025 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 5026 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 5027 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 5028 }; 5029 struct nl80211_bss_info_arg *_arg = arg; 5030 struct wpa_scan_results *res = _arg->res; 5031 struct wpa_scan_res **tmp; 5032 struct wpa_scan_res *r; 5033 const u8 *ie, *beacon_ie; 5034 size_t ie_len, beacon_ie_len; 5035 u8 *pos; 5036 size_t i; 5037 5038 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5039 genlmsg_attrlen(gnlh, 0), NULL); 5040 if (!tb[NL80211_ATTR_BSS]) 5041 return NL_SKIP; 5042 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 5043 bss_policy)) 5044 return NL_SKIP; 5045 if (bss[NL80211_BSS_STATUS]) { 5046 enum nl80211_bss_status status; 5047 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 5048 if (status == NL80211_BSS_STATUS_ASSOCIATED && 5049 bss[NL80211_BSS_FREQUENCY]) { 5050 _arg->assoc_freq = 5051 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 5052 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz", 5053 _arg->assoc_freq); 5054 } 5055 if (status == NL80211_BSS_STATUS_ASSOCIATED && 5056 bss[NL80211_BSS_BSSID]) { 5057 os_memcpy(_arg->assoc_bssid, 5058 nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN); 5059 wpa_printf(MSG_DEBUG, "nl80211: Associated with " 5060 MACSTR, MAC2STR(_arg->assoc_bssid)); 5061 } 5062 } 5063 if (!res) 5064 return NL_SKIP; 5065 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 5066 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 5067 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 5068 } else { 5069 ie = NULL; 5070 ie_len = 0; 5071 } 5072 if (bss[NL80211_BSS_BEACON_IES]) { 5073 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 5074 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 5075 } else { 5076 beacon_ie = NULL; 5077 beacon_ie_len = 0; 5078 } 5079 5080 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 5081 ie ? ie_len : beacon_ie_len)) 5082 return NL_SKIP; 5083 5084 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 5085 if (r == NULL) 5086 return NL_SKIP; 5087 if (bss[NL80211_BSS_BSSID]) 5088 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 5089 ETH_ALEN); 5090 if (bss[NL80211_BSS_FREQUENCY]) 5091 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 5092 if (bss[NL80211_BSS_BEACON_INTERVAL]) 5093 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 5094 if (bss[NL80211_BSS_CAPABILITY]) 5095 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 5096 r->flags |= WPA_SCAN_NOISE_INVALID; 5097 if (bss[NL80211_BSS_SIGNAL_MBM]) { 5098 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 5099 r->level /= 100; /* mBm to dBm */ 5100 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 5101 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 5102 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 5103 r->flags |= WPA_SCAN_QUAL_INVALID; 5104 } else 5105 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 5106 if (bss[NL80211_BSS_TSF]) 5107 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 5108 if (bss[NL80211_BSS_SEEN_MS_AGO]) 5109 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 5110 r->ie_len = ie_len; 5111 pos = (u8 *) (r + 1); 5112 if (ie) { 5113 os_memcpy(pos, ie, ie_len); 5114 pos += ie_len; 5115 } 5116 r->beacon_ie_len = beacon_ie_len; 5117 if (beacon_ie) 5118 os_memcpy(pos, beacon_ie, beacon_ie_len); 5119 5120 if (bss[NL80211_BSS_STATUS]) { 5121 enum nl80211_bss_status status; 5122 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 5123 switch (status) { 5124 case NL80211_BSS_STATUS_AUTHENTICATED: 5125 r->flags |= WPA_SCAN_AUTHENTICATED; 5126 break; 5127 case NL80211_BSS_STATUS_ASSOCIATED: 5128 r->flags |= WPA_SCAN_ASSOCIATED; 5129 break; 5130 default: 5131 break; 5132 } 5133 } 5134 5135 /* 5136 * cfg80211 maintains separate BSS table entries for APs if the same 5137 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does 5138 * not use frequency as a separate key in the BSS table, so filter out 5139 * duplicated entries. Prefer associated BSS entry in such a case in 5140 * order to get the correct frequency into the BSS table. Similarly, 5141 * prefer newer entries over older. 5142 */ 5143 for (i = 0; i < res->num; i++) { 5144 const u8 *s1, *s2; 5145 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0) 5146 continue; 5147 5148 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1), 5149 res->res[i]->ie_len, WLAN_EID_SSID); 5150 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID); 5151 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] || 5152 os_memcmp(s1, s2, 2 + s1[1]) != 0) 5153 continue; 5154 5155 /* Same BSSID,SSID was already included in scan results */ 5156 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result " 5157 "for " MACSTR, MAC2STR(r->bssid)); 5158 5159 if (((r->flags & WPA_SCAN_ASSOCIATED) && 5160 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) || 5161 r->age < res->res[i]->age) { 5162 os_free(res->res[i]); 5163 res->res[i] = r; 5164 } else 5165 os_free(r); 5166 return NL_SKIP; 5167 } 5168 5169 tmp = os_realloc_array(res->res, res->num + 1, 5170 sizeof(struct wpa_scan_res *)); 5171 if (tmp == NULL) { 5172 os_free(r); 5173 return NL_SKIP; 5174 } 5175 tmp[res->num++] = r; 5176 res->res = tmp; 5177 5178 return NL_SKIP; 5179} 5180 5181 5182static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 5183 const u8 *addr) 5184{ 5185 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 5186 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 5187 "mismatch (" MACSTR ")", MAC2STR(addr)); 5188 wpa_driver_nl80211_mlme(drv, addr, 5189 NL80211_CMD_DEAUTHENTICATE, 5190 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 5191 } 5192} 5193 5194 5195static void wpa_driver_nl80211_check_bss_status( 5196 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 5197{ 5198 size_t i; 5199 5200 for (i = 0; i < res->num; i++) { 5201 struct wpa_scan_res *r = res->res[i]; 5202 if (r->flags & WPA_SCAN_AUTHENTICATED) { 5203 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 5204 "indicates BSS status with " MACSTR 5205 " as authenticated", 5206 MAC2STR(r->bssid)); 5207 if (is_sta_interface(drv->nlmode) && 5208 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 5209 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 5210 0) { 5211 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 5212 " in local state (auth=" MACSTR 5213 " assoc=" MACSTR ")", 5214 MAC2STR(drv->auth_bssid), 5215 MAC2STR(drv->bssid)); 5216 clear_state_mismatch(drv, r->bssid); 5217 } 5218 } 5219 5220 if (r->flags & WPA_SCAN_ASSOCIATED) { 5221 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 5222 "indicate BSS status with " MACSTR 5223 " as associated", 5224 MAC2STR(r->bssid)); 5225 if (is_sta_interface(drv->nlmode) && 5226 !drv->associated) { 5227 wpa_printf(MSG_DEBUG, "nl80211: Local state " 5228 "(not associated) does not match " 5229 "with BSS state"); 5230 clear_state_mismatch(drv, r->bssid); 5231 } else if (is_sta_interface(drv->nlmode) && 5232 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 5233 0) { 5234 wpa_printf(MSG_DEBUG, "nl80211: Local state " 5235 "(associated with " MACSTR ") does " 5236 "not match with BSS state", 5237 MAC2STR(drv->bssid)); 5238 clear_state_mismatch(drv, r->bssid); 5239 clear_state_mismatch(drv, drv->bssid); 5240 } 5241 } 5242 } 5243} 5244 5245 5246static struct wpa_scan_results * 5247nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 5248{ 5249 struct nl_msg *msg; 5250 struct wpa_scan_results *res; 5251 int ret; 5252 struct nl80211_bss_info_arg arg; 5253 5254 res = os_zalloc(sizeof(*res)); 5255 if (res == NULL) 5256 return NULL; 5257 msg = nlmsg_alloc(); 5258 if (!msg) 5259 goto nla_put_failure; 5260 5261 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 5262 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 5263 goto nla_put_failure; 5264 5265 arg.drv = drv; 5266 arg.res = res; 5267 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 5268 msg = NULL; 5269 if (ret == 0) { 5270 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu " 5271 "BSSes)", (unsigned long) res->num); 5272 nl80211_get_noise_for_scan_results(drv, res); 5273 return res; 5274 } 5275 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 5276 "(%s)", ret, strerror(-ret)); 5277nla_put_failure: 5278 nlmsg_free(msg); 5279 wpa_scan_results_free(res); 5280 return NULL; 5281} 5282 5283 5284/** 5285 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 5286 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 5287 * Returns: Scan results on success, -1 on failure 5288 */ 5289static struct wpa_scan_results * 5290wpa_driver_nl80211_get_scan_results(void *priv) 5291{ 5292 struct i802_bss *bss = priv; 5293 struct wpa_driver_nl80211_data *drv = bss->drv; 5294 struct wpa_scan_results *res; 5295 5296 res = nl80211_get_scan_results(drv); 5297 if (res) 5298 wpa_driver_nl80211_check_bss_status(drv, res); 5299 return res; 5300} 5301 5302 5303static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 5304{ 5305 struct wpa_scan_results *res; 5306 size_t i; 5307 5308 res = nl80211_get_scan_results(drv); 5309 if (res == NULL) { 5310 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 5311 return; 5312 } 5313 5314 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 5315 for (i = 0; i < res->num; i++) { 5316 struct wpa_scan_res *r = res->res[i]; 5317 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 5318 (int) i, (int) res->num, MAC2STR(r->bssid), 5319 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 5320 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 5321 } 5322 5323 wpa_scan_results_free(res); 5324} 5325 5326 5327static u32 wpa_alg_to_cipher_suite(enum wpa_alg alg, size_t key_len) 5328{ 5329 switch (alg) { 5330 case WPA_ALG_WEP: 5331 if (key_len == 5) 5332 return WLAN_CIPHER_SUITE_WEP40; 5333 return WLAN_CIPHER_SUITE_WEP104; 5334 case WPA_ALG_TKIP: 5335 return WLAN_CIPHER_SUITE_TKIP; 5336 case WPA_ALG_CCMP: 5337 return WLAN_CIPHER_SUITE_CCMP; 5338 case WPA_ALG_GCMP: 5339 return WLAN_CIPHER_SUITE_GCMP; 5340 case WPA_ALG_CCMP_256: 5341 return WLAN_CIPHER_SUITE_CCMP_256; 5342 case WPA_ALG_GCMP_256: 5343 return WLAN_CIPHER_SUITE_GCMP_256; 5344 case WPA_ALG_IGTK: 5345 return WLAN_CIPHER_SUITE_AES_CMAC; 5346 case WPA_ALG_BIP_GMAC_128: 5347 return WLAN_CIPHER_SUITE_BIP_GMAC_128; 5348 case WPA_ALG_BIP_GMAC_256: 5349 return WLAN_CIPHER_SUITE_BIP_GMAC_256; 5350 case WPA_ALG_BIP_CMAC_256: 5351 return WLAN_CIPHER_SUITE_BIP_CMAC_256; 5352 case WPA_ALG_SMS4: 5353 return WLAN_CIPHER_SUITE_SMS4; 5354 case WPA_ALG_KRK: 5355 return WLAN_CIPHER_SUITE_KRK; 5356 case WPA_ALG_NONE: 5357 case WPA_ALG_PMK: 5358 wpa_printf(MSG_ERROR, "nl80211: Unexpected encryption algorithm %d", 5359 alg); 5360 return 0; 5361 } 5362 5363 wpa_printf(MSG_ERROR, "nl80211: Unsupported encryption algorithm %d", 5364 alg); 5365 return 0; 5366} 5367 5368 5369static u32 wpa_cipher_to_cipher_suite(unsigned int cipher) 5370{ 5371 switch (cipher) { 5372 case WPA_CIPHER_CCMP_256: 5373 return WLAN_CIPHER_SUITE_CCMP_256; 5374 case WPA_CIPHER_GCMP_256: 5375 return WLAN_CIPHER_SUITE_GCMP_256; 5376 case WPA_CIPHER_CCMP: 5377 return WLAN_CIPHER_SUITE_CCMP; 5378 case WPA_CIPHER_GCMP: 5379 return WLAN_CIPHER_SUITE_GCMP; 5380 case WPA_CIPHER_TKIP: 5381 return WLAN_CIPHER_SUITE_TKIP; 5382 case WPA_CIPHER_WEP104: 5383 return WLAN_CIPHER_SUITE_WEP104; 5384 case WPA_CIPHER_WEP40: 5385 return WLAN_CIPHER_SUITE_WEP40; 5386 } 5387 5388 return 0; 5389} 5390 5391 5392static int wpa_cipher_to_cipher_suites(unsigned int ciphers, u32 suites[], 5393 int max_suites) 5394{ 5395 int num_suites = 0; 5396 5397 if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP_256) 5398 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP_256; 5399 if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP_256) 5400 suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP_256; 5401 if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP) 5402 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP; 5403 if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP) 5404 suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP; 5405 if (num_suites < max_suites && ciphers & WPA_CIPHER_TKIP) 5406 suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP; 5407 if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP104) 5408 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104; 5409 if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP40) 5410 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40; 5411 5412 return num_suites; 5413} 5414 5415 5416static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss, 5417 enum wpa_alg alg, const u8 *addr, 5418 int key_idx, int set_tx, 5419 const u8 *seq, size_t seq_len, 5420 const u8 *key, size_t key_len) 5421{ 5422 struct wpa_driver_nl80211_data *drv = bss->drv; 5423 int ifindex; 5424 struct nl_msg *msg; 5425 int ret; 5426 int tdls = 0; 5427 5428 /* Ignore for P2P Device */ 5429 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) 5430 return 0; 5431 5432 ifindex = if_nametoindex(ifname); 5433 wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d " 5434 "set_tx=%d seq_len=%lu key_len=%lu", 5435 __func__, ifindex, ifname, alg, addr, key_idx, set_tx, 5436 (unsigned long) seq_len, (unsigned long) key_len); 5437#ifdef CONFIG_TDLS 5438 if (key_idx == -1) { 5439 key_idx = 0; 5440 tdls = 1; 5441 } 5442#endif /* CONFIG_TDLS */ 5443 5444 msg = nlmsg_alloc(); 5445 if (!msg) 5446 return -ENOMEM; 5447 5448 if (alg == WPA_ALG_NONE) { 5449 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY); 5450 } else { 5451 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY); 5452 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 5453 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 5454 wpa_alg_to_cipher_suite(alg, key_len)); 5455 } 5456 5457 if (seq && seq_len) 5458 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 5459 5460 if (addr && !is_broadcast_ether_addr(addr)) { 5461 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 5462 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5463 5464 if (alg != WPA_ALG_WEP && key_idx && !set_tx) { 5465 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK"); 5466 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, 5467 NL80211_KEYTYPE_GROUP); 5468 } 5469 } else if (addr && is_broadcast_ether_addr(addr)) { 5470 struct nlattr *types; 5471 5472 wpa_printf(MSG_DEBUG, " broadcast key"); 5473 5474 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5475 if (!types) 5476 goto nla_put_failure; 5477 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 5478 nla_nest_end(msg, types); 5479 } 5480 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 5481 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5482 5483 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5484 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 5485 ret = 0; 5486 if (ret) 5487 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 5488 ret, strerror(-ret)); 5489 5490 /* 5491 * If we failed or don't need to set the default TX key (below), 5492 * we're done here. 5493 */ 5494 if (ret || !set_tx || alg == WPA_ALG_NONE || tdls) 5495 return ret; 5496 if (is_ap_interface(drv->nlmode) && addr && 5497 !is_broadcast_ether_addr(addr)) 5498 return ret; 5499 5500 msg = nlmsg_alloc(); 5501 if (!msg) 5502 return -ENOMEM; 5503 5504 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY); 5505 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 5506 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5507 if (alg == WPA_ALG_IGTK) 5508 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 5509 else 5510 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 5511 if (addr && is_broadcast_ether_addr(addr)) { 5512 struct nlattr *types; 5513 5514 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5515 if (!types) 5516 goto nla_put_failure; 5517 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 5518 nla_nest_end(msg, types); 5519 } else if (addr) { 5520 struct nlattr *types; 5521 5522 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5523 if (!types) 5524 goto nla_put_failure; 5525 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_UNICAST); 5526 nla_nest_end(msg, types); 5527 } 5528 5529 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5530 if (ret == -ENOENT) 5531 ret = 0; 5532 if (ret) 5533 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 5534 "err=%d %s)", ret, strerror(-ret)); 5535 return ret; 5536 5537nla_put_failure: 5538 nlmsg_free(msg); 5539 return -ENOBUFS; 5540} 5541 5542 5543static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 5544 int key_idx, int defkey, 5545 const u8 *seq, size_t seq_len, 5546 const u8 *key, size_t key_len) 5547{ 5548 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 5549 if (!key_attr) 5550 return -1; 5551 5552 if (defkey && alg == WPA_ALG_IGTK) 5553 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 5554 else if (defkey) 5555 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 5556 5557 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 5558 5559 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5560 wpa_alg_to_cipher_suite(alg, key_len)); 5561 5562 if (seq && seq_len) 5563 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 5564 5565 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 5566 5567 nla_nest_end(msg, key_attr); 5568 5569 return 0; 5570 nla_put_failure: 5571 return -1; 5572} 5573 5574 5575static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 5576 struct nl_msg *msg) 5577{ 5578 int i, privacy = 0; 5579 struct nlattr *nl_keys, *nl_key; 5580 5581 for (i = 0; i < 4; i++) { 5582 if (!params->wep_key[i]) 5583 continue; 5584 privacy = 1; 5585 break; 5586 } 5587 if (params->wps == WPS_MODE_PRIVACY) 5588 privacy = 1; 5589 if (params->pairwise_suite && 5590 params->pairwise_suite != WPA_CIPHER_NONE) 5591 privacy = 1; 5592 5593 if (!privacy) 5594 return 0; 5595 5596 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 5597 5598 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 5599 if (!nl_keys) 5600 goto nla_put_failure; 5601 5602 for (i = 0; i < 4; i++) { 5603 if (!params->wep_key[i]) 5604 continue; 5605 5606 nl_key = nla_nest_start(msg, i); 5607 if (!nl_key) 5608 goto nla_put_failure; 5609 5610 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 5611 params->wep_key[i]); 5612 if (params->wep_key_len[i] == 5) 5613 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5614 WLAN_CIPHER_SUITE_WEP40); 5615 else 5616 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5617 WLAN_CIPHER_SUITE_WEP104); 5618 5619 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 5620 5621 if (i == params->wep_tx_keyidx) 5622 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 5623 5624 nla_nest_end(msg, nl_key); 5625 } 5626 nla_nest_end(msg, nl_keys); 5627 5628 return 0; 5629 5630nla_put_failure: 5631 return -ENOBUFS; 5632} 5633 5634 5635static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 5636 const u8 *addr, int cmd, u16 reason_code, 5637 int local_state_change) 5638{ 5639 int ret = -1; 5640 struct nl_msg *msg; 5641 5642 msg = nlmsg_alloc(); 5643 if (!msg) 5644 return -1; 5645 5646 nl80211_cmd(drv, msg, 0, cmd); 5647 5648 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5649 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 5650 if (addr) 5651 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5652 if (local_state_change) 5653 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 5654 5655 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5656 msg = NULL; 5657 if (ret) { 5658 wpa_dbg(drv->ctx, MSG_DEBUG, 5659 "nl80211: MLME command failed: reason=%u ret=%d (%s)", 5660 reason_code, ret, strerror(-ret)); 5661 goto nla_put_failure; 5662 } 5663 ret = 0; 5664 5665nla_put_failure: 5666 nlmsg_free(msg); 5667 return ret; 5668} 5669 5670 5671static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 5672 int reason_code) 5673{ 5674 int ret; 5675 5676 wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code); 5677 nl80211_mark_disconnected(drv); 5678 /* Disconnect command doesn't need BSSID - it uses cached value */ 5679 ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT, 5680 reason_code, 0); 5681 /* 5682 * For locally generated disconnect, supplicant already generates a 5683 * DEAUTH event, so ignore the event from NL80211. 5684 */ 5685 drv->ignore_next_local_disconnect = ret == 0; 5686 5687 return ret; 5688} 5689 5690 5691static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss, 5692 const u8 *addr, int reason_code) 5693{ 5694 struct wpa_driver_nl80211_data *drv = bss->drv; 5695 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 5696 return wpa_driver_nl80211_disconnect(drv, reason_code); 5697 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 5698 __func__, MAC2STR(addr), reason_code); 5699 nl80211_mark_disconnected(drv); 5700 if (drv->nlmode == NL80211_IFTYPE_ADHOC) 5701 return nl80211_leave_ibss(drv); 5702 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 5703 reason_code, 0); 5704} 5705 5706 5707static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv, 5708 struct wpa_driver_auth_params *params) 5709{ 5710 int i; 5711 5712 drv->auth_freq = params->freq; 5713 drv->auth_alg = params->auth_alg; 5714 drv->auth_wep_tx_keyidx = params->wep_tx_keyidx; 5715 drv->auth_local_state_change = params->local_state_change; 5716 drv->auth_p2p = params->p2p; 5717 5718 if (params->bssid) 5719 os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN); 5720 else 5721 os_memset(drv->auth_bssid_, 0, ETH_ALEN); 5722 5723 if (params->ssid) { 5724 os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len); 5725 drv->auth_ssid_len = params->ssid_len; 5726 } else 5727 drv->auth_ssid_len = 0; 5728 5729 5730 os_free(drv->auth_ie); 5731 drv->auth_ie = NULL; 5732 drv->auth_ie_len = 0; 5733 if (params->ie) { 5734 drv->auth_ie = os_malloc(params->ie_len); 5735 if (drv->auth_ie) { 5736 os_memcpy(drv->auth_ie, params->ie, params->ie_len); 5737 drv->auth_ie_len = params->ie_len; 5738 } 5739 } 5740 5741 for (i = 0; i < 4; i++) { 5742 if (params->wep_key[i] && params->wep_key_len[i] && 5743 params->wep_key_len[i] <= 16) { 5744 os_memcpy(drv->auth_wep_key[i], params->wep_key[i], 5745 params->wep_key_len[i]); 5746 drv->auth_wep_key_len[i] = params->wep_key_len[i]; 5747 } else 5748 drv->auth_wep_key_len[i] = 0; 5749 } 5750} 5751 5752 5753static int wpa_driver_nl80211_authenticate( 5754 struct i802_bss *bss, struct wpa_driver_auth_params *params) 5755{ 5756 struct wpa_driver_nl80211_data *drv = bss->drv; 5757 int ret = -1, i; 5758 struct nl_msg *msg; 5759 enum nl80211_auth_type type; 5760 enum nl80211_iftype nlmode; 5761 int count = 0; 5762 int is_retry; 5763 5764 is_retry = drv->retry_auth; 5765 drv->retry_auth = 0; 5766 5767 nl80211_mark_disconnected(drv); 5768 os_memset(drv->auth_bssid, 0, ETH_ALEN); 5769 if (params->bssid) 5770 os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN); 5771 else 5772 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 5773 /* FIX: IBSS mode */ 5774 nlmode = params->p2p ? 5775 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 5776 if (drv->nlmode != nlmode && 5777 wpa_driver_nl80211_set_mode(bss, nlmode) < 0) 5778 return -1; 5779 5780retry: 5781 msg = nlmsg_alloc(); 5782 if (!msg) 5783 return -1; 5784 5785 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 5786 drv->ifindex); 5787 5788 nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE); 5789 5790 for (i = 0; i < 4; i++) { 5791 if (!params->wep_key[i]) 5792 continue; 5793 wpa_driver_nl80211_set_key(bss->ifname, bss, WPA_ALG_WEP, 5794 NULL, i, 5795 i == params->wep_tx_keyidx, NULL, 0, 5796 params->wep_key[i], 5797 params->wep_key_len[i]); 5798 if (params->wep_tx_keyidx != i) 5799 continue; 5800 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 5801 params->wep_key[i], params->wep_key_len[i])) { 5802 nlmsg_free(msg); 5803 return -1; 5804 } 5805 } 5806 5807 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5808 if (params->bssid) { 5809 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 5810 MAC2STR(params->bssid)); 5811 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 5812 } 5813 if (params->freq) { 5814 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 5815 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 5816 } 5817 if (params->ssid) { 5818 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 5819 params->ssid, params->ssid_len); 5820 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 5821 params->ssid); 5822 } 5823 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 5824 if (params->ie) 5825 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 5826 if (params->sae_data) { 5827 wpa_hexdump(MSG_DEBUG, " * SAE data", params->sae_data, 5828 params->sae_data_len); 5829 NLA_PUT(msg, NL80211_ATTR_SAE_DATA, params->sae_data_len, 5830 params->sae_data); 5831 } 5832 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 5833 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 5834 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 5835 type = NL80211_AUTHTYPE_SHARED_KEY; 5836 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 5837 type = NL80211_AUTHTYPE_NETWORK_EAP; 5838 else if (params->auth_alg & WPA_AUTH_ALG_FT) 5839 type = NL80211_AUTHTYPE_FT; 5840 else if (params->auth_alg & WPA_AUTH_ALG_SAE) 5841 type = NL80211_AUTHTYPE_SAE; 5842 else 5843 goto nla_put_failure; 5844 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 5845 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 5846 if (params->local_state_change) { 5847 wpa_printf(MSG_DEBUG, " * Local state change only"); 5848 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 5849 } 5850 5851 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5852 msg = NULL; 5853 if (ret) { 5854 wpa_dbg(drv->ctx, MSG_DEBUG, 5855 "nl80211: MLME command failed (auth): ret=%d (%s)", 5856 ret, strerror(-ret)); 5857 count++; 5858 if (ret == -EALREADY && count == 1 && params->bssid && 5859 !params->local_state_change) { 5860 /* 5861 * mac80211 does not currently accept new 5862 * authentication if we are already authenticated. As a 5863 * workaround, force deauthentication and try again. 5864 */ 5865 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 5866 "after forced deauthentication"); 5867 wpa_driver_nl80211_deauthenticate( 5868 bss, params->bssid, 5869 WLAN_REASON_PREV_AUTH_NOT_VALID); 5870 nlmsg_free(msg); 5871 goto retry; 5872 } 5873 5874 if (ret == -ENOENT && params->freq && !is_retry) { 5875 /* 5876 * cfg80211 has likely expired the BSS entry even 5877 * though it was previously available in our internal 5878 * BSS table. To recover quickly, start a single 5879 * channel scan on the specified channel. 5880 */ 5881 struct wpa_driver_scan_params scan; 5882 int freqs[2]; 5883 5884 os_memset(&scan, 0, sizeof(scan)); 5885 scan.num_ssids = 1; 5886 if (params->ssid) { 5887 scan.ssids[0].ssid = params->ssid; 5888 scan.ssids[0].ssid_len = params->ssid_len; 5889 } 5890 freqs[0] = params->freq; 5891 freqs[1] = 0; 5892 scan.freqs = freqs; 5893 wpa_printf(MSG_DEBUG, "nl80211: Trigger single " 5894 "channel scan to refresh cfg80211 BSS " 5895 "entry"); 5896 ret = wpa_driver_nl80211_scan(bss, &scan); 5897 if (ret == 0) { 5898 nl80211_copy_auth_params(drv, params); 5899 drv->scan_for_auth = 1; 5900 } 5901 } else if (is_retry) { 5902 /* 5903 * Need to indicate this with an event since the return 5904 * value from the retry is not delivered to core code. 5905 */ 5906 union wpa_event_data event; 5907 wpa_printf(MSG_DEBUG, "nl80211: Authentication retry " 5908 "failed"); 5909 os_memset(&event, 0, sizeof(event)); 5910 os_memcpy(event.timeout_event.addr, drv->auth_bssid_, 5911 ETH_ALEN); 5912 wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT, 5913 &event); 5914 } 5915 5916 goto nla_put_failure; 5917 } 5918 ret = 0; 5919 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 5920 "successfully"); 5921 5922nla_put_failure: 5923 nlmsg_free(msg); 5924 return ret; 5925} 5926 5927 5928static int wpa_driver_nl80211_authenticate_retry( 5929 struct wpa_driver_nl80211_data *drv) 5930{ 5931 struct wpa_driver_auth_params params; 5932 struct i802_bss *bss = drv->first_bss; 5933 int i; 5934 5935 wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again"); 5936 5937 os_memset(¶ms, 0, sizeof(params)); 5938 params.freq = drv->auth_freq; 5939 params.auth_alg = drv->auth_alg; 5940 params.wep_tx_keyidx = drv->auth_wep_tx_keyidx; 5941 params.local_state_change = drv->auth_local_state_change; 5942 params.p2p = drv->auth_p2p; 5943 5944 if (!is_zero_ether_addr(drv->auth_bssid_)) 5945 params.bssid = drv->auth_bssid_; 5946 5947 if (drv->auth_ssid_len) { 5948 params.ssid = drv->auth_ssid; 5949 params.ssid_len = drv->auth_ssid_len; 5950 } 5951 5952 params.ie = drv->auth_ie; 5953 params.ie_len = drv->auth_ie_len; 5954 5955 for (i = 0; i < 4; i++) { 5956 if (drv->auth_wep_key_len[i]) { 5957 params.wep_key[i] = drv->auth_wep_key[i]; 5958 params.wep_key_len[i] = drv->auth_wep_key_len[i]; 5959 } 5960 } 5961 5962 drv->retry_auth = 1; 5963 return wpa_driver_nl80211_authenticate(bss, ¶ms); 5964} 5965 5966 5967struct phy_info_arg { 5968 u16 *num_modes; 5969 struct hostapd_hw_modes *modes; 5970 int last_mode, last_chan_idx; 5971}; 5972 5973static void phy_info_ht_capa(struct hostapd_hw_modes *mode, struct nlattr *capa, 5974 struct nlattr *ampdu_factor, 5975 struct nlattr *ampdu_density, 5976 struct nlattr *mcs_set) 5977{ 5978 if (capa) 5979 mode->ht_capab = nla_get_u16(capa); 5980 5981 if (ampdu_factor) 5982 mode->a_mpdu_params |= nla_get_u8(ampdu_factor) & 0x03; 5983 5984 if (ampdu_density) 5985 mode->a_mpdu_params |= nla_get_u8(ampdu_density) << 2; 5986 5987 if (mcs_set && nla_len(mcs_set) >= 16) { 5988 u8 *mcs; 5989 mcs = nla_data(mcs_set); 5990 os_memcpy(mode->mcs_set, mcs, 16); 5991 } 5992} 5993 5994 5995static void phy_info_vht_capa(struct hostapd_hw_modes *mode, 5996 struct nlattr *capa, 5997 struct nlattr *mcs_set) 5998{ 5999 if (capa) 6000 mode->vht_capab = nla_get_u32(capa); 6001 6002 if (mcs_set && nla_len(mcs_set) >= 8) { 6003 u8 *mcs; 6004 mcs = nla_data(mcs_set); 6005 os_memcpy(mode->vht_mcs_set, mcs, 8); 6006 } 6007} 6008 6009 6010static void phy_info_freq(struct hostapd_hw_modes *mode, 6011 struct hostapd_channel_data *chan, 6012 struct nlattr *tb_freq[]) 6013{ 6014 u8 channel; 6015 chan->freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 6016 chan->flag = 0; 6017 if (ieee80211_freq_to_chan(chan->freq, &channel) != NUM_HOSTAPD_MODES) 6018 chan->chan = channel; 6019 6020 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 6021 chan->flag |= HOSTAPD_CHAN_DISABLED; 6022 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IR]) 6023 chan->flag |= HOSTAPD_CHAN_PASSIVE_SCAN | HOSTAPD_CHAN_NO_IBSS; 6024 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 6025 chan->flag |= HOSTAPD_CHAN_RADAR; 6026 6027 if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]) { 6028 enum nl80211_dfs_state state = 6029 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]); 6030 6031 switch (state) { 6032 case NL80211_DFS_USABLE: 6033 chan->flag |= HOSTAPD_CHAN_DFS_USABLE; 6034 break; 6035 case NL80211_DFS_AVAILABLE: 6036 chan->flag |= HOSTAPD_CHAN_DFS_AVAILABLE; 6037 break; 6038 case NL80211_DFS_UNAVAILABLE: 6039 chan->flag |= HOSTAPD_CHAN_DFS_UNAVAILABLE; 6040 break; 6041 } 6042 } 6043} 6044 6045 6046static int phy_info_freqs(struct phy_info_arg *phy_info, 6047 struct hostapd_hw_modes *mode, struct nlattr *tb) 6048{ 6049 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 6050 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 6051 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 6052 [NL80211_FREQUENCY_ATTR_NO_IR] = { .type = NLA_FLAG }, 6053 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 6054 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 6055 [NL80211_FREQUENCY_ATTR_DFS_STATE] = { .type = NLA_U32 }, 6056 }; 6057 int new_channels = 0; 6058 struct hostapd_channel_data *channel; 6059 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 6060 struct nlattr *nl_freq; 6061 int rem_freq, idx; 6062 6063 if (tb == NULL) 6064 return NL_OK; 6065 6066 nla_for_each_nested(nl_freq, tb, rem_freq) { 6067 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 6068 nla_data(nl_freq), nla_len(nl_freq), freq_policy); 6069 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 6070 continue; 6071 new_channels++; 6072 } 6073 6074 channel = os_realloc_array(mode->channels, 6075 mode->num_channels + new_channels, 6076 sizeof(struct hostapd_channel_data)); 6077 if (!channel) 6078 return NL_SKIP; 6079 6080 mode->channels = channel; 6081 mode->num_channels += new_channels; 6082 6083 idx = phy_info->last_chan_idx; 6084 6085 nla_for_each_nested(nl_freq, tb, rem_freq) { 6086 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 6087 nla_data(nl_freq), nla_len(nl_freq), freq_policy); 6088 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 6089 continue; 6090 phy_info_freq(mode, &mode->channels[idx], tb_freq); 6091 idx++; 6092 } 6093 phy_info->last_chan_idx = idx; 6094 6095 return NL_OK; 6096} 6097 6098 6099static int phy_info_rates(struct hostapd_hw_modes *mode, struct nlattr *tb) 6100{ 6101 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 6102 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 6103 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = 6104 { .type = NLA_FLAG }, 6105 }; 6106 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 6107 struct nlattr *nl_rate; 6108 int rem_rate, idx; 6109 6110 if (tb == NULL) 6111 return NL_OK; 6112 6113 nla_for_each_nested(nl_rate, tb, rem_rate) { 6114 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 6115 nla_data(nl_rate), nla_len(nl_rate), 6116 rate_policy); 6117 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 6118 continue; 6119 mode->num_rates++; 6120 } 6121 6122 mode->rates = os_calloc(mode->num_rates, sizeof(int)); 6123 if (!mode->rates) 6124 return NL_SKIP; 6125 6126 idx = 0; 6127 6128 nla_for_each_nested(nl_rate, tb, rem_rate) { 6129 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 6130 nla_data(nl_rate), nla_len(nl_rate), 6131 rate_policy); 6132 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 6133 continue; 6134 mode->rates[idx] = nla_get_u32( 6135 tb_rate[NL80211_BITRATE_ATTR_RATE]); 6136 idx++; 6137 } 6138 6139 return NL_OK; 6140} 6141 6142 6143static int phy_info_band(struct phy_info_arg *phy_info, struct nlattr *nl_band) 6144{ 6145 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 6146 struct hostapd_hw_modes *mode; 6147 int ret; 6148 6149 if (phy_info->last_mode != nl_band->nla_type) { 6150 mode = os_realloc_array(phy_info->modes, 6151 *phy_info->num_modes + 1, 6152 sizeof(*mode)); 6153 if (!mode) 6154 return NL_SKIP; 6155 phy_info->modes = mode; 6156 6157 mode = &phy_info->modes[*(phy_info->num_modes)]; 6158 os_memset(mode, 0, sizeof(*mode)); 6159 mode->mode = NUM_HOSTAPD_MODES; 6160 mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN | 6161 HOSTAPD_MODE_FLAG_VHT_INFO_KNOWN; 6162 6163 /* 6164 * Unsupported VHT MCS stream is defined as value 3, so the VHT 6165 * MCS RX/TX map must be initialized with 0xffff to mark all 8 6166 * possible streams as unsupported. This will be overridden if 6167 * driver advertises VHT support. 6168 */ 6169 mode->vht_mcs_set[0] = 0xff; 6170 mode->vht_mcs_set[1] = 0xff; 6171 mode->vht_mcs_set[4] = 0xff; 6172 mode->vht_mcs_set[5] = 0xff; 6173 6174 *(phy_info->num_modes) += 1; 6175 phy_info->last_mode = nl_band->nla_type; 6176 phy_info->last_chan_idx = 0; 6177 } else 6178 mode = &phy_info->modes[*(phy_info->num_modes) - 1]; 6179 6180 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 6181 nla_len(nl_band), NULL); 6182 6183 phy_info_ht_capa(mode, tb_band[NL80211_BAND_ATTR_HT_CAPA], 6184 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR], 6185 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY], 6186 tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 6187 phy_info_vht_capa(mode, tb_band[NL80211_BAND_ATTR_VHT_CAPA], 6188 tb_band[NL80211_BAND_ATTR_VHT_MCS_SET]); 6189 ret = phy_info_freqs(phy_info, mode, tb_band[NL80211_BAND_ATTR_FREQS]); 6190 if (ret != NL_OK) 6191 return ret; 6192 ret = phy_info_rates(mode, tb_band[NL80211_BAND_ATTR_RATES]); 6193 if (ret != NL_OK) 6194 return ret; 6195 6196 return NL_OK; 6197} 6198 6199 6200static int phy_info_handler(struct nl_msg *msg, void *arg) 6201{ 6202 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 6203 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6204 struct phy_info_arg *phy_info = arg; 6205 struct nlattr *nl_band; 6206 int rem_band; 6207 6208 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6209 genlmsg_attrlen(gnlh, 0), NULL); 6210 6211 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 6212 return NL_SKIP; 6213 6214 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) 6215 { 6216 int res = phy_info_band(phy_info, nl_band); 6217 if (res != NL_OK) 6218 return res; 6219 } 6220 6221 return NL_SKIP; 6222} 6223 6224 6225static struct hostapd_hw_modes * 6226wpa_driver_nl80211_postprocess_modes(struct hostapd_hw_modes *modes, 6227 u16 *num_modes) 6228{ 6229 u16 m; 6230 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 6231 int i, mode11g_idx = -1; 6232 6233 /* heuristic to set up modes */ 6234 for (m = 0; m < *num_modes; m++) { 6235 if (!modes[m].num_channels) 6236 continue; 6237 if (modes[m].channels[0].freq < 4000) { 6238 modes[m].mode = HOSTAPD_MODE_IEEE80211B; 6239 for (i = 0; i < modes[m].num_rates; i++) { 6240 if (modes[m].rates[i] > 200) { 6241 modes[m].mode = HOSTAPD_MODE_IEEE80211G; 6242 break; 6243 } 6244 } 6245 } else if (modes[m].channels[0].freq > 50000) 6246 modes[m].mode = HOSTAPD_MODE_IEEE80211AD; 6247 else 6248 modes[m].mode = HOSTAPD_MODE_IEEE80211A; 6249 } 6250 6251 /* If only 802.11g mode is included, use it to construct matching 6252 * 802.11b mode data. */ 6253 6254 for (m = 0; m < *num_modes; m++) { 6255 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 6256 return modes; /* 802.11b already included */ 6257 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 6258 mode11g_idx = m; 6259 } 6260 6261 if (mode11g_idx < 0) 6262 return modes; /* 2.4 GHz band not supported at all */ 6263 6264 nmodes = os_realloc_array(modes, *num_modes + 1, sizeof(*nmodes)); 6265 if (nmodes == NULL) 6266 return modes; /* Could not add 802.11b mode */ 6267 6268 mode = &nmodes[*num_modes]; 6269 os_memset(mode, 0, sizeof(*mode)); 6270 (*num_modes)++; 6271 modes = nmodes; 6272 6273 mode->mode = HOSTAPD_MODE_IEEE80211B; 6274 6275 mode11g = &modes[mode11g_idx]; 6276 mode->num_channels = mode11g->num_channels; 6277 mode->channels = os_malloc(mode11g->num_channels * 6278 sizeof(struct hostapd_channel_data)); 6279 if (mode->channels == NULL) { 6280 (*num_modes)--; 6281 return modes; /* Could not add 802.11b mode */ 6282 } 6283 os_memcpy(mode->channels, mode11g->channels, 6284 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 6285 6286 mode->num_rates = 0; 6287 mode->rates = os_malloc(4 * sizeof(int)); 6288 if (mode->rates == NULL) { 6289 os_free(mode->channels); 6290 (*num_modes)--; 6291 return modes; /* Could not add 802.11b mode */ 6292 } 6293 6294 for (i = 0; i < mode11g->num_rates; i++) { 6295 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 6296 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 6297 continue; 6298 mode->rates[mode->num_rates] = mode11g->rates[i]; 6299 mode->num_rates++; 6300 if (mode->num_rates == 4) 6301 break; 6302 } 6303 6304 if (mode->num_rates == 0) { 6305 os_free(mode->channels); 6306 os_free(mode->rates); 6307 (*num_modes)--; 6308 return modes; /* No 802.11b rates */ 6309 } 6310 6311 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 6312 "information"); 6313 6314 return modes; 6315} 6316 6317 6318static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start, 6319 int end) 6320{ 6321 int c; 6322 6323 for (c = 0; c < mode->num_channels; c++) { 6324 struct hostapd_channel_data *chan = &mode->channels[c]; 6325 if (chan->freq - 10 >= start && chan->freq + 10 <= end) 6326 chan->flag |= HOSTAPD_CHAN_HT40; 6327 } 6328} 6329 6330 6331static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start, 6332 int end) 6333{ 6334 int c; 6335 6336 for (c = 0; c < mode->num_channels; c++) { 6337 struct hostapd_channel_data *chan = &mode->channels[c]; 6338 if (!(chan->flag & HOSTAPD_CHAN_HT40)) 6339 continue; 6340 if (chan->freq - 30 >= start && chan->freq - 10 <= end) 6341 chan->flag |= HOSTAPD_CHAN_HT40MINUS; 6342 if (chan->freq + 10 >= start && chan->freq + 30 <= end) 6343 chan->flag |= HOSTAPD_CHAN_HT40PLUS; 6344 } 6345} 6346 6347 6348static void nl80211_reg_rule_max_eirp(u32 start, u32 end, u32 max_eirp, 6349 struct phy_info_arg *results) 6350{ 6351 u16 m; 6352 6353 for (m = 0; m < *results->num_modes; m++) { 6354 int c; 6355 struct hostapd_hw_modes *mode = &results->modes[m]; 6356 6357 for (c = 0; c < mode->num_channels; c++) { 6358 struct hostapd_channel_data *chan = &mode->channels[c]; 6359 if ((u32) chan->freq - 10 >= start && 6360 (u32) chan->freq + 10 <= end) 6361 chan->max_tx_power = max_eirp; 6362 } 6363 } 6364} 6365 6366 6367static void nl80211_reg_rule_ht40(u32 start, u32 end, 6368 struct phy_info_arg *results) 6369{ 6370 u16 m; 6371 6372 for (m = 0; m < *results->num_modes; m++) { 6373 if (!(results->modes[m].ht_capab & 6374 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6375 continue; 6376 nl80211_set_ht40_mode(&results->modes[m], start, end); 6377 } 6378} 6379 6380 6381static void nl80211_reg_rule_sec(struct nlattr *tb[], 6382 struct phy_info_arg *results) 6383{ 6384 u32 start, end, max_bw; 6385 u16 m; 6386 6387 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6388 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6389 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6390 return; 6391 6392 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6393 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6394 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6395 6396 if (max_bw < 20) 6397 return; 6398 6399 for (m = 0; m < *results->num_modes; m++) { 6400 if (!(results->modes[m].ht_capab & 6401 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6402 continue; 6403 nl80211_set_ht40_mode_sec(&results->modes[m], start, end); 6404 } 6405} 6406 6407 6408static void nl80211_set_vht_mode(struct hostapd_hw_modes *mode, int start, 6409 int end) 6410{ 6411 int c; 6412 6413 for (c = 0; c < mode->num_channels; c++) { 6414 struct hostapd_channel_data *chan = &mode->channels[c]; 6415 if (chan->freq - 10 >= start && chan->freq + 70 <= end) 6416 chan->flag |= HOSTAPD_CHAN_VHT_10_70; 6417 6418 if (chan->freq - 30 >= start && chan->freq + 50 <= end) 6419 chan->flag |= HOSTAPD_CHAN_VHT_30_50; 6420 6421 if (chan->freq - 50 >= start && chan->freq + 30 <= end) 6422 chan->flag |= HOSTAPD_CHAN_VHT_50_30; 6423 6424 if (chan->freq - 70 >= start && chan->freq + 10 <= end) 6425 chan->flag |= HOSTAPD_CHAN_VHT_70_10; 6426 } 6427} 6428 6429 6430static void nl80211_reg_rule_vht(struct nlattr *tb[], 6431 struct phy_info_arg *results) 6432{ 6433 u32 start, end, max_bw; 6434 u16 m; 6435 6436 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6437 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6438 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6439 return; 6440 6441 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6442 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6443 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6444 6445 if (max_bw < 80) 6446 return; 6447 6448 for (m = 0; m < *results->num_modes; m++) { 6449 if (!(results->modes[m].ht_capab & 6450 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6451 continue; 6452 /* TODO: use a real VHT support indication */ 6453 if (!results->modes[m].vht_capab) 6454 continue; 6455 6456 nl80211_set_vht_mode(&results->modes[m], start, end); 6457 } 6458} 6459 6460 6461static int nl80211_get_reg(struct nl_msg *msg, void *arg) 6462{ 6463 struct phy_info_arg *results = arg; 6464 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 6465 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6466 struct nlattr *nl_rule; 6467 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1]; 6468 int rem_rule; 6469 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 6470 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 6471 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 6472 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 6473 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 6474 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 6475 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 6476 }; 6477 6478 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6479 genlmsg_attrlen(gnlh, 0), NULL); 6480 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] || 6481 !tb_msg[NL80211_ATTR_REG_RULES]) { 6482 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information " 6483 "available"); 6484 return NL_SKIP; 6485 } 6486 6487 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s", 6488 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2])); 6489 6490 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6491 { 6492 u32 start, end, max_eirp = 0, max_bw = 0; 6493 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6494 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6495 if (tb_rule[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6496 tb_rule[NL80211_ATTR_FREQ_RANGE_END] == NULL) 6497 continue; 6498 start = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6499 end = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6500 if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 6501 max_eirp = nla_get_u32(tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) / 100; 6502 if (tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 6503 max_bw = nla_get_u32(tb_rule[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6504 6505 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz %u mBm", 6506 start, end, max_bw, max_eirp); 6507 if (max_bw >= 40) 6508 nl80211_reg_rule_ht40(start, end, results); 6509 if (tb_rule[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 6510 nl80211_reg_rule_max_eirp(start, end, max_eirp, 6511 results); 6512 } 6513 6514 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6515 { 6516 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6517 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6518 nl80211_reg_rule_sec(tb_rule, results); 6519 } 6520 6521 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6522 { 6523 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6524 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6525 nl80211_reg_rule_vht(tb_rule, results); 6526 } 6527 6528 return NL_SKIP; 6529} 6530 6531 6532static int nl80211_set_regulatory_flags(struct wpa_driver_nl80211_data *drv, 6533 struct phy_info_arg *results) 6534{ 6535 struct nl_msg *msg; 6536 6537 msg = nlmsg_alloc(); 6538 if (!msg) 6539 return -ENOMEM; 6540 6541 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 6542 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results); 6543} 6544 6545 6546static struct hostapd_hw_modes * 6547wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 6548{ 6549 u32 feat; 6550 struct i802_bss *bss = priv; 6551 struct wpa_driver_nl80211_data *drv = bss->drv; 6552 struct nl_msg *msg; 6553 struct phy_info_arg result = { 6554 .num_modes = num_modes, 6555 .modes = NULL, 6556 .last_mode = -1, 6557 }; 6558 6559 *num_modes = 0; 6560 *flags = 0; 6561 6562 msg = nlmsg_alloc(); 6563 if (!msg) 6564 return NULL; 6565 6566 feat = get_nl80211_protocol_features(drv); 6567 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP) 6568 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY); 6569 else 6570 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 6571 6572 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP); 6573 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6574 6575 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) { 6576 nl80211_set_regulatory_flags(drv, &result); 6577 return wpa_driver_nl80211_postprocess_modes(result.modes, 6578 num_modes); 6579 } 6580 msg = NULL; 6581 nla_put_failure: 6582 nlmsg_free(msg); 6583 return NULL; 6584} 6585 6586 6587static int wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data *drv, 6588 const void *data, size_t len, 6589 int encrypt, int noack) 6590{ 6591 __u8 rtap_hdr[] = { 6592 0x00, 0x00, /* radiotap version */ 6593 0x0e, 0x00, /* radiotap length */ 6594 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 6595 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 6596 0x00, /* padding */ 6597 0x00, 0x00, /* RX and TX flags to indicate that */ 6598 0x00, 0x00, /* this is the injected frame directly */ 6599 }; 6600 struct iovec iov[2] = { 6601 { 6602 .iov_base = &rtap_hdr, 6603 .iov_len = sizeof(rtap_hdr), 6604 }, 6605 { 6606 .iov_base = (void *) data, 6607 .iov_len = len, 6608 } 6609 }; 6610 struct msghdr msg = { 6611 .msg_name = NULL, 6612 .msg_namelen = 0, 6613 .msg_iov = iov, 6614 .msg_iovlen = 2, 6615 .msg_control = NULL, 6616 .msg_controllen = 0, 6617 .msg_flags = 0, 6618 }; 6619 int res; 6620 u16 txflags = 0; 6621 6622 if (encrypt) 6623 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 6624 6625 if (drv->monitor_sock < 0) { 6626 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available " 6627 "for %s", __func__); 6628 return -1; 6629 } 6630 6631 if (noack) 6632 txflags |= IEEE80211_RADIOTAP_F_TX_NOACK; 6633 WPA_PUT_LE16(&rtap_hdr[12], txflags); 6634 6635 res = sendmsg(drv->monitor_sock, &msg, 0); 6636 if (res < 0) { 6637 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno)); 6638 return -1; 6639 } 6640 return 0; 6641} 6642 6643 6644static int wpa_driver_nl80211_send_frame(struct i802_bss *bss, 6645 const void *data, size_t len, 6646 int encrypt, int noack, 6647 unsigned int freq, int no_cck, 6648 int offchanok, unsigned int wait_time) 6649{ 6650 struct wpa_driver_nl80211_data *drv = bss->drv; 6651 u64 cookie; 6652 int res; 6653 6654 if (freq == 0) { 6655 wpa_printf(MSG_DEBUG, "nl80211: send_frame - Use bss->freq=%u", 6656 bss->freq); 6657 freq = bss->freq; 6658 } 6659 6660 if (drv->use_monitor) { 6661 wpa_printf(MSG_DEBUG, "nl80211: send_frame(freq=%u bss->freq=%u) -> send_mntr", 6662 freq, bss->freq); 6663 return wpa_driver_nl80211_send_mntr(drv, data, len, 6664 encrypt, noack); 6665 } 6666 6667 wpa_printf(MSG_DEBUG, "nl80211: send_frame -> send_frame_cmd"); 6668 res = nl80211_send_frame_cmd(bss, freq, wait_time, data, len, 6669 &cookie, no_cck, noack, offchanok); 6670 if (res == 0 && !noack) { 6671 const struct ieee80211_mgmt *mgmt; 6672 u16 fc; 6673 6674 mgmt = (const struct ieee80211_mgmt *) data; 6675 fc = le_to_host16(mgmt->frame_control); 6676 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6677 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION) { 6678 wpa_printf(MSG_MSGDUMP, 6679 "nl80211: Update send_action_cookie from 0x%llx to 0x%llx", 6680 (long long unsigned int) 6681 drv->send_action_cookie, 6682 (long long unsigned int) cookie); 6683 drv->send_action_cookie = cookie; 6684 } 6685 } 6686 6687 return res; 6688} 6689 6690 6691static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data, 6692 size_t data_len, int noack, 6693 unsigned int freq, int no_cck, 6694 int offchanok, 6695 unsigned int wait_time) 6696{ 6697 struct wpa_driver_nl80211_data *drv = bss->drv; 6698 struct ieee80211_mgmt *mgmt; 6699 int encrypt = 1; 6700 u16 fc; 6701 6702 mgmt = (struct ieee80211_mgmt *) data; 6703 fc = le_to_host16(mgmt->frame_control); 6704 wpa_printf(MSG_DEBUG, "nl80211: send_mlme - noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u fc=0x%x nlmode=%d", 6705 noack, freq, no_cck, offchanok, wait_time, fc, drv->nlmode); 6706 6707 if ((is_sta_interface(drv->nlmode) || 6708 drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) && 6709 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6710 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) { 6711 /* 6712 * The use of last_mgmt_freq is a bit of a hack, 6713 * but it works due to the single-threaded nature 6714 * of wpa_supplicant. 6715 */ 6716 if (freq == 0) { 6717 wpa_printf(MSG_DEBUG, "nl80211: Use last_mgmt_freq=%d", 6718 drv->last_mgmt_freq); 6719 freq = drv->last_mgmt_freq; 6720 } 6721 return nl80211_send_frame_cmd(bss, freq, 0, 6722 data, data_len, NULL, 1, noack, 6723 1); 6724 } 6725 6726 if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) { 6727 if (freq == 0) { 6728 wpa_printf(MSG_DEBUG, "nl80211: Use bss->freq=%d", 6729 bss->freq); 6730 freq = bss->freq; 6731 } 6732 return nl80211_send_frame_cmd(bss, freq, 6733 (int) freq == bss->freq ? 0 : 6734 wait_time, 6735 data, data_len, 6736 &drv->send_action_cookie, 6737 no_cck, noack, offchanok); 6738 } 6739 6740 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6741 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 6742 /* 6743 * Only one of the authentication frame types is encrypted. 6744 * In order for static WEP encryption to work properly (i.e., 6745 * to not encrypt the frame), we need to tell mac80211 about 6746 * the frames that must not be encrypted. 6747 */ 6748 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 6749 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 6750 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 6751 encrypt = 0; 6752 } 6753 6754 wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame"); 6755 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 6756 noack, freq, no_cck, offchanok, 6757 wait_time); 6758} 6759 6760 6761static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble, 6762 int slot, int ht_opmode, int ap_isolate, 6763 int *basic_rates) 6764{ 6765 struct wpa_driver_nl80211_data *drv = bss->drv; 6766 struct nl_msg *msg; 6767 6768 msg = nlmsg_alloc(); 6769 if (!msg) 6770 return -ENOMEM; 6771 6772 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS); 6773 6774 if (cts >= 0) 6775 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 6776 if (preamble >= 0) 6777 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 6778 if (slot >= 0) 6779 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 6780 if (ht_opmode >= 0) 6781 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode); 6782 if (ap_isolate >= 0) 6783 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate); 6784 6785 if (basic_rates) { 6786 u8 rates[NL80211_MAX_SUPP_RATES]; 6787 u8 rates_len = 0; 6788 int i; 6789 6790 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; 6791 i++) 6792 rates[rates_len++] = basic_rates[i] / 5; 6793 6794 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 6795 } 6796 6797 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 6798 6799 return send_and_recv_msgs(drv, msg, NULL, NULL); 6800 nla_put_failure: 6801 nlmsg_free(msg); 6802 return -ENOBUFS; 6803} 6804 6805 6806static int wpa_driver_nl80211_set_acl(void *priv, 6807 struct hostapd_acl_params *params) 6808{ 6809 struct i802_bss *bss = priv; 6810 struct wpa_driver_nl80211_data *drv = bss->drv; 6811 struct nl_msg *msg; 6812 struct nlattr *acl; 6813 unsigned int i; 6814 int ret = 0; 6815 6816 if (!(drv->capa.max_acl_mac_addrs)) 6817 return -ENOTSUP; 6818 6819 if (params->num_mac_acl > drv->capa.max_acl_mac_addrs) 6820 return -ENOTSUP; 6821 6822 msg = nlmsg_alloc(); 6823 if (!msg) 6824 return -ENOMEM; 6825 6826 wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)", 6827 params->acl_policy ? "Accept" : "Deny", params->num_mac_acl); 6828 6829 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_MAC_ACL); 6830 6831 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6832 6833 NLA_PUT_U32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ? 6834 NL80211_ACL_POLICY_DENY_UNLESS_LISTED : 6835 NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED); 6836 6837 acl = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS); 6838 if (acl == NULL) 6839 goto nla_put_failure; 6840 6841 for (i = 0; i < params->num_mac_acl; i++) 6842 NLA_PUT(msg, i + 1, ETH_ALEN, params->mac_acl[i].addr); 6843 6844 nla_nest_end(msg, acl); 6845 6846 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6847 msg = NULL; 6848 if (ret) { 6849 wpa_printf(MSG_DEBUG, "nl80211: Failed to set MAC ACL: %d (%s)", 6850 ret, strerror(-ret)); 6851 } 6852 6853nla_put_failure: 6854 nlmsg_free(msg); 6855 6856 return ret; 6857} 6858 6859 6860static int wpa_driver_nl80211_set_ap(void *priv, 6861 struct wpa_driver_ap_params *params) 6862{ 6863 struct i802_bss *bss = priv; 6864 struct wpa_driver_nl80211_data *drv = bss->drv; 6865 struct nl_msg *msg; 6866 u8 cmd = NL80211_CMD_NEW_BEACON; 6867 int ret; 6868 int beacon_set; 6869 int ifindex = if_nametoindex(bss->ifname); 6870 int num_suites; 6871 u32 suites[10], suite; 6872 u32 ver; 6873 6874 beacon_set = bss->beacon_set; 6875 6876 msg = nlmsg_alloc(); 6877 if (!msg) 6878 return -ENOMEM; 6879 6880 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 6881 beacon_set); 6882 if (beacon_set) 6883 cmd = NL80211_CMD_SET_BEACON; 6884 6885 nl80211_cmd(drv, msg, 0, cmd); 6886 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon head", 6887 params->head, params->head_len); 6888 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head); 6889 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon tail", 6890 params->tail, params->tail_len); 6891 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail); 6892 wpa_printf(MSG_DEBUG, "nl80211: ifindex=%d", ifindex); 6893 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 6894 wpa_printf(MSG_DEBUG, "nl80211: beacon_int=%d", params->beacon_int); 6895 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int); 6896 wpa_printf(MSG_DEBUG, "nl80211: dtim_period=%d", params->dtim_period); 6897 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period); 6898 wpa_hexdump_ascii(MSG_DEBUG, "nl80211: ssid", 6899 params->ssid, params->ssid_len); 6900 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 6901 params->ssid); 6902 if (params->proberesp && params->proberesp_len) { 6903 wpa_hexdump(MSG_DEBUG, "nl80211: proberesp (offload)", 6904 params->proberesp, params->proberesp_len); 6905 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len, 6906 params->proberesp); 6907 } 6908 switch (params->hide_ssid) { 6909 case NO_SSID_HIDING: 6910 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID not in use"); 6911 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 6912 NL80211_HIDDEN_SSID_NOT_IN_USE); 6913 break; 6914 case HIDDEN_SSID_ZERO_LEN: 6915 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero len"); 6916 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 6917 NL80211_HIDDEN_SSID_ZERO_LEN); 6918 break; 6919 case HIDDEN_SSID_ZERO_CONTENTS: 6920 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero contents"); 6921 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 6922 NL80211_HIDDEN_SSID_ZERO_CONTENTS); 6923 break; 6924 } 6925 wpa_printf(MSG_DEBUG, "nl80211: privacy=%d", params->privacy); 6926 if (params->privacy) 6927 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 6928 wpa_printf(MSG_DEBUG, "nl80211: auth_algs=0x%x", params->auth_algs); 6929 if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) == 6930 (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) { 6931 /* Leave out the attribute */ 6932 } else if (params->auth_algs & WPA_AUTH_ALG_SHARED) 6933 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 6934 NL80211_AUTHTYPE_SHARED_KEY); 6935 else 6936 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 6937 NL80211_AUTHTYPE_OPEN_SYSTEM); 6938 6939 wpa_printf(MSG_DEBUG, "nl80211: wpa_version=0x%x", params->wpa_version); 6940 ver = 0; 6941 if (params->wpa_version & WPA_PROTO_WPA) 6942 ver |= NL80211_WPA_VERSION_1; 6943 if (params->wpa_version & WPA_PROTO_RSN) 6944 ver |= NL80211_WPA_VERSION_2; 6945 if (ver) 6946 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 6947 6948 wpa_printf(MSG_DEBUG, "nl80211: key_mgmt_suites=0x%x", 6949 params->key_mgmt_suites); 6950 num_suites = 0; 6951 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X) 6952 suites[num_suites++] = WLAN_AKM_SUITE_8021X; 6953 if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK) 6954 suites[num_suites++] = WLAN_AKM_SUITE_PSK; 6955 if (num_suites) { 6956 NLA_PUT(msg, NL80211_ATTR_AKM_SUITES, 6957 num_suites * sizeof(u32), suites); 6958 } 6959 6960 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X && 6961 params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)) 6962 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT); 6963 6964 wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x", 6965 params->pairwise_ciphers); 6966 num_suites = wpa_cipher_to_cipher_suites(params->pairwise_ciphers, 6967 suites, ARRAY_SIZE(suites)); 6968 if (num_suites) { 6969 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, 6970 num_suites * sizeof(u32), suites); 6971 } 6972 6973 wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x", 6974 params->group_cipher); 6975 suite = wpa_cipher_to_cipher_suite(params->group_cipher); 6976 if (suite) 6977 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite); 6978 6979 if (params->beacon_ies) { 6980 wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies", 6981 params->beacon_ies); 6982 NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies), 6983 wpabuf_head(params->beacon_ies)); 6984 } 6985 if (params->proberesp_ies) { 6986 wpa_hexdump_buf(MSG_DEBUG, "nl80211: proberesp_ies", 6987 params->proberesp_ies); 6988 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 6989 wpabuf_len(params->proberesp_ies), 6990 wpabuf_head(params->proberesp_ies)); 6991 } 6992 if (params->assocresp_ies) { 6993 wpa_hexdump_buf(MSG_DEBUG, "nl80211: assocresp_ies", 6994 params->assocresp_ies); 6995 NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP, 6996 wpabuf_len(params->assocresp_ies), 6997 wpabuf_head(params->assocresp_ies)); 6998 } 6999 7000 if (drv->capa.flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER) { 7001 wpa_printf(MSG_DEBUG, "nl80211: ap_max_inactivity=%d", 7002 params->ap_max_inactivity); 7003 NLA_PUT_U16(msg, NL80211_ATTR_INACTIVITY_TIMEOUT, 7004 params->ap_max_inactivity); 7005 } 7006 7007 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7008 if (ret) { 7009 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 7010 ret, strerror(-ret)); 7011 } else { 7012 bss->beacon_set = 1; 7013 nl80211_set_bss(bss, params->cts_protect, params->preamble, 7014 params->short_slot_time, params->ht_opmode, 7015 params->isolate, params->basic_rates); 7016 } 7017 return ret; 7018 nla_put_failure: 7019 nlmsg_free(msg); 7020 return -ENOBUFS; 7021} 7022 7023 7024static int nl80211_put_freq_params(struct nl_msg *msg, 7025 struct hostapd_freq_params *freq) 7026{ 7027 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq); 7028 if (freq->vht_enabled) { 7029 switch (freq->bandwidth) { 7030 case 20: 7031 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7032 NL80211_CHAN_WIDTH_20); 7033 break; 7034 case 40: 7035 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7036 NL80211_CHAN_WIDTH_40); 7037 break; 7038 case 80: 7039 if (freq->center_freq2) 7040 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7041 NL80211_CHAN_WIDTH_80P80); 7042 else 7043 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7044 NL80211_CHAN_WIDTH_80); 7045 break; 7046 case 160: 7047 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 7048 NL80211_CHAN_WIDTH_160); 7049 break; 7050 default: 7051 return -EINVAL; 7052 } 7053 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1); 7054 if (freq->center_freq2) 7055 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2, 7056 freq->center_freq2); 7057 } else if (freq->ht_enabled) { 7058 switch (freq->sec_channel_offset) { 7059 case -1: 7060 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7061 NL80211_CHAN_HT40MINUS); 7062 break; 7063 case 1: 7064 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7065 NL80211_CHAN_HT40PLUS); 7066 break; 7067 default: 7068 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 7069 NL80211_CHAN_HT20); 7070 break; 7071 } 7072 } 7073 return 0; 7074 7075nla_put_failure: 7076 return -ENOBUFS; 7077} 7078 7079 7080static int wpa_driver_nl80211_set_freq(struct i802_bss *bss, 7081 struct hostapd_freq_params *freq) 7082{ 7083 struct wpa_driver_nl80211_data *drv = bss->drv; 7084 struct nl_msg *msg; 7085 int ret; 7086 7087 wpa_printf(MSG_DEBUG, 7088 "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)", 7089 freq->freq, freq->ht_enabled, freq->vht_enabled, 7090 freq->bandwidth, freq->center_freq1, freq->center_freq2); 7091 msg = nlmsg_alloc(); 7092 if (!msg) 7093 return -1; 7094 7095 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 7096 7097 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7098 if (nl80211_put_freq_params(msg, freq) < 0) 7099 goto nla_put_failure; 7100 7101 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7102 msg = NULL; 7103 if (ret == 0) { 7104 bss->freq = freq->freq; 7105 return 0; 7106 } 7107 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 7108 "%d (%s)", freq->freq, ret, strerror(-ret)); 7109nla_put_failure: 7110 nlmsg_free(msg); 7111 return -1; 7112} 7113 7114 7115static u32 sta_flags_nl80211(int flags) 7116{ 7117 u32 f = 0; 7118 7119 if (flags & WPA_STA_AUTHORIZED) 7120 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 7121 if (flags & WPA_STA_WMM) 7122 f |= BIT(NL80211_STA_FLAG_WME); 7123 if (flags & WPA_STA_SHORT_PREAMBLE) 7124 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 7125 if (flags & WPA_STA_MFP) 7126 f |= BIT(NL80211_STA_FLAG_MFP); 7127 if (flags & WPA_STA_TDLS_PEER) 7128 f |= BIT(NL80211_STA_FLAG_TDLS_PEER); 7129 7130 return f; 7131} 7132 7133 7134static int wpa_driver_nl80211_sta_add(void *priv, 7135 struct hostapd_sta_add_params *params) 7136{ 7137 struct i802_bss *bss = priv; 7138 struct wpa_driver_nl80211_data *drv = bss->drv; 7139 struct nl_msg *msg; 7140 struct nl80211_sta_flag_update upd; 7141 int ret = -ENOBUFS; 7142 7143 if ((params->flags & WPA_STA_TDLS_PEER) && 7144 !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 7145 return -EOPNOTSUPP; 7146 7147 msg = nlmsg_alloc(); 7148 if (!msg) 7149 return -ENOMEM; 7150 7151 wpa_printf(MSG_DEBUG, "nl80211: %s STA " MACSTR, 7152 params->set ? "Set" : "Add", MAC2STR(params->addr)); 7153 nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION : 7154 NL80211_CMD_NEW_STATION); 7155 7156 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 7157 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 7158 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 7159 params->supp_rates); 7160 wpa_hexdump(MSG_DEBUG, " * supported rates", params->supp_rates, 7161 params->supp_rates_len); 7162 if (!params->set) { 7163 if (params->aid) { 7164 wpa_printf(MSG_DEBUG, " * aid=%u", params->aid); 7165 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 7166 } else { 7167 /* 7168 * cfg80211 validates that AID is non-zero, so we have 7169 * to make this a non-zero value for the TDLS case where 7170 * a dummy STA entry is used for now. 7171 */ 7172 wpa_printf(MSG_DEBUG, " * aid=1 (TDLS workaround)"); 7173 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, 1); 7174 } 7175 wpa_printf(MSG_DEBUG, " * listen_interval=%u", 7176 params->listen_interval); 7177 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 7178 params->listen_interval); 7179 } else if (params->aid && (params->flags & WPA_STA_TDLS_PEER)) { 7180 wpa_printf(MSG_DEBUG, " * peer_aid=%u", params->aid); 7181 NLA_PUT_U16(msg, NL80211_ATTR_PEER_AID, params->aid); 7182 } 7183 if (params->ht_capabilities) { 7184 wpa_hexdump(MSG_DEBUG, " * ht_capabilities", 7185 (u8 *) params->ht_capabilities, 7186 sizeof(*params->ht_capabilities)); 7187 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 7188 sizeof(*params->ht_capabilities), 7189 params->ht_capabilities); 7190 } 7191 7192 if (params->vht_capabilities) { 7193 wpa_hexdump(MSG_DEBUG, " * vht_capabilities", 7194 (u8 *) params->vht_capabilities, 7195 sizeof(*params->vht_capabilities)); 7196 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, 7197 sizeof(*params->vht_capabilities), 7198 params->vht_capabilities); 7199 } 7200 7201 wpa_printf(MSG_DEBUG, " * capability=0x%x", params->capability); 7202 NLA_PUT_U16(msg, NL80211_ATTR_STA_CAPABILITY, params->capability); 7203 7204 if (params->ext_capab) { 7205 wpa_hexdump(MSG_DEBUG, " * ext_capab", 7206 params->ext_capab, params->ext_capab_len); 7207 NLA_PUT(msg, NL80211_ATTR_STA_EXT_CAPABILITY, 7208 params->ext_capab_len, params->ext_capab); 7209 } 7210 7211 if (params->supp_channels) { 7212 wpa_hexdump(MSG_DEBUG, " * supported channels", 7213 params->supp_channels, params->supp_channels_len); 7214 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_CHANNELS, 7215 params->supp_channels_len, params->supp_channels); 7216 } 7217 7218 if (params->supp_oper_classes) { 7219 wpa_hexdump(MSG_DEBUG, " * supported operating classes", 7220 params->supp_oper_classes, 7221 params->supp_oper_classes_len); 7222 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES, 7223 params->supp_oper_classes_len, 7224 params->supp_oper_classes); 7225 } 7226 7227 os_memset(&upd, 0, sizeof(upd)); 7228 upd.mask = sta_flags_nl80211(params->flags); 7229 upd.set = upd.mask; 7230 wpa_printf(MSG_DEBUG, " * flags set=0x%x mask=0x%x", 7231 upd.set, upd.mask); 7232 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 7233 7234 if (params->flags & WPA_STA_WMM) { 7235 struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME); 7236 7237 if (!wme) 7238 goto nla_put_failure; 7239 7240 wpa_printf(MSG_DEBUG, " * qosinfo=0x%x", params->qosinfo); 7241 NLA_PUT_U8(msg, NL80211_STA_WME_UAPSD_QUEUES, 7242 params->qosinfo & WMM_QOSINFO_STA_AC_MASK); 7243 NLA_PUT_U8(msg, NL80211_STA_WME_MAX_SP, 7244 (params->qosinfo >> WMM_QOSINFO_STA_SP_SHIFT) & 7245 WMM_QOSINFO_STA_SP_MASK); 7246 nla_nest_end(msg, wme); 7247 } 7248 7249 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7250 msg = NULL; 7251 if (ret) 7252 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION " 7253 "result: %d (%s)", params->set ? "SET" : "NEW", ret, 7254 strerror(-ret)); 7255 if (ret == -EEXIST) 7256 ret = 0; 7257 nla_put_failure: 7258 nlmsg_free(msg); 7259 return ret; 7260} 7261 7262 7263static int wpa_driver_nl80211_sta_remove(struct i802_bss *bss, const u8 *addr) 7264{ 7265 struct wpa_driver_nl80211_data *drv = bss->drv; 7266 struct nl_msg *msg; 7267 int ret; 7268 7269 msg = nlmsg_alloc(); 7270 if (!msg) 7271 return -ENOMEM; 7272 7273 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 7274 7275 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 7276 if_nametoindex(bss->ifname)); 7277 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7278 7279 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7280 wpa_printf(MSG_DEBUG, "nl80211: sta_remove -> DEL_STATION %s " MACSTR 7281 " --> %d (%s)", 7282 bss->ifname, MAC2STR(addr), ret, strerror(-ret)); 7283 if (ret == -ENOENT) 7284 return 0; 7285 return ret; 7286 nla_put_failure: 7287 nlmsg_free(msg); 7288 return -ENOBUFS; 7289} 7290 7291 7292static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 7293 int ifidx) 7294{ 7295 struct nl_msg *msg; 7296 7297 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 7298 7299 /* stop listening for EAPOL on this interface */ 7300 del_ifidx(drv, ifidx); 7301 7302 msg = nlmsg_alloc(); 7303 if (!msg) 7304 goto nla_put_failure; 7305 7306 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 7307 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 7308 7309 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 7310 return; 7311 msg = NULL; 7312 nla_put_failure: 7313 nlmsg_free(msg); 7314 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 7315} 7316 7317 7318static const char * nl80211_iftype_str(enum nl80211_iftype mode) 7319{ 7320 switch (mode) { 7321 case NL80211_IFTYPE_ADHOC: 7322 return "ADHOC"; 7323 case NL80211_IFTYPE_STATION: 7324 return "STATION"; 7325 case NL80211_IFTYPE_AP: 7326 return "AP"; 7327 case NL80211_IFTYPE_AP_VLAN: 7328 return "AP_VLAN"; 7329 case NL80211_IFTYPE_WDS: 7330 return "WDS"; 7331 case NL80211_IFTYPE_MONITOR: 7332 return "MONITOR"; 7333 case NL80211_IFTYPE_MESH_POINT: 7334 return "MESH_POINT"; 7335 case NL80211_IFTYPE_P2P_CLIENT: 7336 return "P2P_CLIENT"; 7337 case NL80211_IFTYPE_P2P_GO: 7338 return "P2P_GO"; 7339 case NL80211_IFTYPE_P2P_DEVICE: 7340 return "P2P_DEVICE"; 7341 default: 7342 return "unknown"; 7343 } 7344} 7345 7346 7347static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 7348 const char *ifname, 7349 enum nl80211_iftype iftype, 7350 const u8 *addr, int wds, 7351 int (*handler)(struct nl_msg *, void *), 7352 void *arg) 7353{ 7354 struct nl_msg *msg; 7355 int ifidx; 7356 int ret = -ENOBUFS; 7357 7358 wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)", 7359 iftype, nl80211_iftype_str(iftype)); 7360 7361 msg = nlmsg_alloc(); 7362 if (!msg) 7363 return -1; 7364 7365 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE); 7366 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 7367 goto nla_put_failure; 7368 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 7369 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 7370 7371 if (iftype == NL80211_IFTYPE_MONITOR) { 7372 struct nlattr *flags; 7373 7374 flags = nla_nest_start(msg, NL80211_ATTR_MNTR_FLAGS); 7375 if (!flags) 7376 goto nla_put_failure; 7377 7378 NLA_PUT_FLAG(msg, NL80211_MNTR_FLAG_COOK_FRAMES); 7379 7380 nla_nest_end(msg, flags); 7381 } else if (wds) { 7382 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 7383 } 7384 7385 ret = send_and_recv_msgs(drv, msg, handler, arg); 7386 msg = NULL; 7387 if (ret) { 7388 nla_put_failure: 7389 nlmsg_free(msg); 7390 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 7391 ifname, ret, strerror(-ret)); 7392 return ret; 7393 } 7394 7395 if (iftype == NL80211_IFTYPE_P2P_DEVICE) 7396 return 0; 7397 7398 ifidx = if_nametoindex(ifname); 7399 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 7400 ifname, ifidx); 7401 7402 if (ifidx <= 0) 7403 return -1; 7404 7405 /* start listening for EAPOL on this interface */ 7406 add_ifidx(drv, ifidx); 7407 7408 if (addr && iftype != NL80211_IFTYPE_MONITOR && 7409 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) { 7410 nl80211_remove_iface(drv, ifidx); 7411 return -1; 7412 } 7413 7414 return ifidx; 7415} 7416 7417 7418static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 7419 const char *ifname, enum nl80211_iftype iftype, 7420 const u8 *addr, int wds, 7421 int (*handler)(struct nl_msg *, void *), 7422 void *arg, int use_existing) 7423{ 7424 int ret; 7425 7426 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds, handler, 7427 arg); 7428 7429 /* if error occurred and interface exists already */ 7430 if (ret == -ENFILE && if_nametoindex(ifname)) { 7431 if (use_existing) { 7432 wpa_printf(MSG_DEBUG, "nl80211: Continue using existing interface %s", 7433 ifname); 7434 return -ENFILE; 7435 } 7436 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 7437 7438 /* Try to remove the interface that was already there. */ 7439 nl80211_remove_iface(drv, if_nametoindex(ifname)); 7440 7441 /* Try to create the interface again */ 7442 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 7443 wds, handler, arg); 7444 } 7445 7446 if (ret >= 0 && is_p2p_net_interface(iftype)) 7447 nl80211_disable_11b_rates(drv, ret, 1); 7448 7449 return ret; 7450} 7451 7452 7453static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 7454{ 7455 struct ieee80211_hdr *hdr; 7456 u16 fc; 7457 union wpa_event_data event; 7458 7459 hdr = (struct ieee80211_hdr *) buf; 7460 fc = le_to_host16(hdr->frame_control); 7461 7462 os_memset(&event, 0, sizeof(event)); 7463 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 7464 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 7465 event.tx_status.dst = hdr->addr1; 7466 event.tx_status.data = buf; 7467 event.tx_status.data_len = len; 7468 event.tx_status.ack = ok; 7469 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 7470} 7471 7472 7473static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 7474 u8 *buf, size_t len) 7475{ 7476 struct ieee80211_hdr *hdr = (void *)buf; 7477 u16 fc; 7478 union wpa_event_data event; 7479 7480 if (len < sizeof(*hdr)) 7481 return; 7482 7483 fc = le_to_host16(hdr->frame_control); 7484 7485 os_memset(&event, 0, sizeof(event)); 7486 event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len); 7487 event.rx_from_unknown.addr = hdr->addr2; 7488 event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) == 7489 (WLAN_FC_FROMDS | WLAN_FC_TODS); 7490 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 7491} 7492 7493 7494static void handle_frame(struct wpa_driver_nl80211_data *drv, 7495 u8 *buf, size_t len, int datarate, int ssi_signal) 7496{ 7497 struct ieee80211_hdr *hdr; 7498 u16 fc; 7499 union wpa_event_data event; 7500 7501 hdr = (struct ieee80211_hdr *) buf; 7502 fc = le_to_host16(hdr->frame_control); 7503 7504 switch (WLAN_FC_GET_TYPE(fc)) { 7505 case WLAN_FC_TYPE_MGMT: 7506 os_memset(&event, 0, sizeof(event)); 7507 event.rx_mgmt.frame = buf; 7508 event.rx_mgmt.frame_len = len; 7509 event.rx_mgmt.datarate = datarate; 7510 event.rx_mgmt.ssi_signal = ssi_signal; 7511 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 7512 break; 7513 case WLAN_FC_TYPE_CTRL: 7514 /* can only get here with PS-Poll frames */ 7515 wpa_printf(MSG_DEBUG, "CTRL"); 7516 from_unknown_sta(drv, buf, len); 7517 break; 7518 case WLAN_FC_TYPE_DATA: 7519 from_unknown_sta(drv, buf, len); 7520 break; 7521 } 7522} 7523 7524 7525static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 7526{ 7527 struct wpa_driver_nl80211_data *drv = eloop_ctx; 7528 int len; 7529 unsigned char buf[3000]; 7530 struct ieee80211_radiotap_iterator iter; 7531 int ret; 7532 int datarate = 0, ssi_signal = 0; 7533 int injected = 0, failed = 0, rxflags = 0; 7534 7535 len = recv(sock, buf, sizeof(buf), 0); 7536 if (len < 0) { 7537 wpa_printf(MSG_ERROR, "nl80211: Monitor socket recv failed: %s", 7538 strerror(errno)); 7539 return; 7540 } 7541 7542 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) { 7543 wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame"); 7544 return; 7545 } 7546 7547 while (1) { 7548 ret = ieee80211_radiotap_iterator_next(&iter); 7549 if (ret == -ENOENT) 7550 break; 7551 if (ret) { 7552 wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame (%d)", 7553 ret); 7554 return; 7555 } 7556 switch (iter.this_arg_index) { 7557 case IEEE80211_RADIOTAP_FLAGS: 7558 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 7559 len -= 4; 7560 break; 7561 case IEEE80211_RADIOTAP_RX_FLAGS: 7562 rxflags = 1; 7563 break; 7564 case IEEE80211_RADIOTAP_TX_FLAGS: 7565 injected = 1; 7566 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 7567 IEEE80211_RADIOTAP_F_TX_FAIL; 7568 break; 7569 case IEEE80211_RADIOTAP_DATA_RETRIES: 7570 break; 7571 case IEEE80211_RADIOTAP_CHANNEL: 7572 /* TODO: convert from freq/flags to channel number */ 7573 break; 7574 case IEEE80211_RADIOTAP_RATE: 7575 datarate = *iter.this_arg * 5; 7576 break; 7577 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: 7578 ssi_signal = (s8) *iter.this_arg; 7579 break; 7580 } 7581 } 7582 7583 if (rxflags && injected) 7584 return; 7585 7586 if (!injected) 7587 handle_frame(drv, buf + iter.max_length, 7588 len - iter.max_length, datarate, ssi_signal); 7589 else 7590 handle_tx_callback(drv->ctx, buf + iter.max_length, 7591 len - iter.max_length, !failed); 7592} 7593 7594 7595/* 7596 * we post-process the filter code later and rewrite 7597 * this to the offset to the last instruction 7598 */ 7599#define PASS 0xFF 7600#define FAIL 0xFE 7601 7602static struct sock_filter msock_filter_insns[] = { 7603 /* 7604 * do a little-endian load of the radiotap length field 7605 */ 7606 /* load lower byte into A */ 7607 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 7608 /* put it into X (== index register) */ 7609 BPF_STMT(BPF_MISC| BPF_TAX, 0), 7610 /* load upper byte into A */ 7611 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 7612 /* left-shift it by 8 */ 7613 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 7614 /* or with X */ 7615 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 7616 /* put result into X */ 7617 BPF_STMT(BPF_MISC| BPF_TAX, 0), 7618 7619 /* 7620 * Allow management frames through, this also gives us those 7621 * management frames that we sent ourselves with status 7622 */ 7623 /* load the lower byte of the IEEE 802.11 frame control field */ 7624 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7625 /* mask off frame type and version */ 7626 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 7627 /* accept frame if it's both 0, fall through otherwise */ 7628 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 7629 7630 /* 7631 * TODO: add a bit to radiotap RX flags that indicates 7632 * that the sending station is not associated, then 7633 * add a filter here that filters on our DA and that flag 7634 * to allow us to deauth frames to that bad station. 7635 * 7636 * For now allow all To DS data frames through. 7637 */ 7638 /* load the IEEE 802.11 frame control field */ 7639 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0), 7640 /* mask off frame type, version and DS status */ 7641 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03), 7642 /* accept frame if version 0, type 2 and To DS, fall through otherwise 7643 */ 7644 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0), 7645 7646#if 0 7647 /* 7648 * drop non-data frames 7649 */ 7650 /* load the lower byte of the frame control field */ 7651 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7652 /* mask off QoS bit */ 7653 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 7654 /* drop non-data frames */ 7655 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 7656#endif 7657 /* load the upper byte of the frame control field */ 7658 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 7659 /* mask off toDS/fromDS */ 7660 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 7661 /* accept WDS frames */ 7662 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 7663 7664 /* 7665 * add header length to index 7666 */ 7667 /* load the lower byte of the frame control field */ 7668 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7669 /* mask off QoS bit */ 7670 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 7671 /* right shift it by 6 to give 0 or 2 */ 7672 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 7673 /* add data frame header length */ 7674 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 7675 /* add index, was start of 802.11 header */ 7676 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 7677 /* move to index, now start of LL header */ 7678 BPF_STMT(BPF_MISC | BPF_TAX, 0), 7679 7680 /* 7681 * Accept empty data frames, we use those for 7682 * polling activity. 7683 */ 7684 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 7685 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 7686 7687 /* 7688 * Accept EAPOL frames 7689 */ 7690 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 7691 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 7692 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 7693 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 7694 7695 /* keep these last two statements or change the code below */ 7696 /* return 0 == "DROP" */ 7697 BPF_STMT(BPF_RET | BPF_K, 0), 7698 /* return ~0 == "keep all" */ 7699 BPF_STMT(BPF_RET | BPF_K, ~0), 7700}; 7701 7702static struct sock_fprog msock_filter = { 7703 .len = ARRAY_SIZE(msock_filter_insns), 7704 .filter = msock_filter_insns, 7705}; 7706 7707 7708static int add_monitor_filter(int s) 7709{ 7710 int idx; 7711 7712 /* rewrite all PASS/FAIL jump offsets */ 7713 for (idx = 0; idx < msock_filter.len; idx++) { 7714 struct sock_filter *insn = &msock_filter_insns[idx]; 7715 7716 if (BPF_CLASS(insn->code) == BPF_JMP) { 7717 if (insn->code == (BPF_JMP|BPF_JA)) { 7718 if (insn->k == PASS) 7719 insn->k = msock_filter.len - idx - 2; 7720 else if (insn->k == FAIL) 7721 insn->k = msock_filter.len - idx - 3; 7722 } 7723 7724 if (insn->jt == PASS) 7725 insn->jt = msock_filter.len - idx - 2; 7726 else if (insn->jt == FAIL) 7727 insn->jt = msock_filter.len - idx - 3; 7728 7729 if (insn->jf == PASS) 7730 insn->jf = msock_filter.len - idx - 2; 7731 else if (insn->jf == FAIL) 7732 insn->jf = msock_filter.len - idx - 3; 7733 } 7734 } 7735 7736 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 7737 &msock_filter, sizeof(msock_filter))) { 7738 wpa_printf(MSG_ERROR, "nl80211: setsockopt(SO_ATTACH_FILTER) failed: %s", 7739 strerror(errno)); 7740 return -1; 7741 } 7742 7743 return 0; 7744} 7745 7746 7747static void nl80211_remove_monitor_interface( 7748 struct wpa_driver_nl80211_data *drv) 7749{ 7750 if (drv->monitor_refcount > 0) 7751 drv->monitor_refcount--; 7752 wpa_printf(MSG_DEBUG, "nl80211: Remove monitor interface: refcount=%d", 7753 drv->monitor_refcount); 7754 if (drv->monitor_refcount > 0) 7755 return; 7756 7757 if (drv->monitor_ifidx >= 0) { 7758 nl80211_remove_iface(drv, drv->monitor_ifidx); 7759 drv->monitor_ifidx = -1; 7760 } 7761 if (drv->monitor_sock >= 0) { 7762 eloop_unregister_read_sock(drv->monitor_sock); 7763 close(drv->monitor_sock); 7764 drv->monitor_sock = -1; 7765 } 7766} 7767 7768 7769static int 7770nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 7771{ 7772 char buf[IFNAMSIZ]; 7773 struct sockaddr_ll ll; 7774 int optval; 7775 socklen_t optlen; 7776 7777 if (drv->monitor_ifidx >= 0) { 7778 drv->monitor_refcount++; 7779 wpa_printf(MSG_DEBUG, "nl80211: Re-use existing monitor interface: refcount=%d", 7780 drv->monitor_refcount); 7781 return 0; 7782 } 7783 7784 if (os_strncmp(drv->first_bss->ifname, "p2p-", 4) == 0) { 7785 /* 7786 * P2P interface name is of the format p2p-%s-%d. For monitor 7787 * interface name corresponding to P2P GO, replace "p2p-" with 7788 * "mon-" to retain the same interface name length and to 7789 * indicate that it is a monitor interface. 7790 */ 7791 snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss->ifname + 4); 7792 } else { 7793 /* Non-P2P interface with AP functionality. */ 7794 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss->ifname); 7795 } 7796 7797 buf[IFNAMSIZ - 1] = '\0'; 7798 7799 drv->monitor_ifidx = 7800 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 7801 0, NULL, NULL, 0); 7802 7803 if (drv->monitor_ifidx == -EOPNOTSUPP) { 7804 /* 7805 * This is backward compatibility for a few versions of 7806 * the kernel only that didn't advertise the right 7807 * attributes for the only driver that then supported 7808 * AP mode w/o monitor -- ath6kl. 7809 */ 7810 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support " 7811 "monitor interface type - try to run without it"); 7812 drv->device_ap_sme = 1; 7813 } 7814 7815 if (drv->monitor_ifidx < 0) 7816 return -1; 7817 7818 if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1)) 7819 goto error; 7820 7821 memset(&ll, 0, sizeof(ll)); 7822 ll.sll_family = AF_PACKET; 7823 ll.sll_ifindex = drv->monitor_ifidx; 7824 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 7825 if (drv->monitor_sock < 0) { 7826 wpa_printf(MSG_ERROR, "nl80211: socket[PF_PACKET,SOCK_RAW] failed: %s", 7827 strerror(errno)); 7828 goto error; 7829 } 7830 7831 if (add_monitor_filter(drv->monitor_sock)) { 7832 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 7833 "interface; do filtering in user space"); 7834 /* This works, but will cost in performance. */ 7835 } 7836 7837 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 7838 wpa_printf(MSG_ERROR, "nl80211: monitor socket bind failed: %s", 7839 strerror(errno)); 7840 goto error; 7841 } 7842 7843 optlen = sizeof(optval); 7844 optval = 20; 7845 if (setsockopt 7846 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 7847 wpa_printf(MSG_ERROR, "nl80211: Failed to set socket priority: %s", 7848 strerror(errno)); 7849 goto error; 7850 } 7851 7852 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 7853 drv, NULL)) { 7854 wpa_printf(MSG_INFO, "nl80211: Could not register monitor read socket"); 7855 goto error; 7856 } 7857 7858 drv->monitor_refcount++; 7859 return 0; 7860 error: 7861 nl80211_remove_monitor_interface(drv); 7862 return -1; 7863} 7864 7865 7866static int nl80211_setup_ap(struct i802_bss *bss) 7867{ 7868 struct wpa_driver_nl80211_data *drv = bss->drv; 7869 7870 wpa_printf(MSG_DEBUG, "nl80211: Setup AP(%s) - device_ap_sme=%d use_monitor=%d", 7871 bss->ifname, drv->device_ap_sme, drv->use_monitor); 7872 7873 /* 7874 * Disable Probe Request reporting unless we need it in this way for 7875 * devices that include the AP SME, in the other case (unless using 7876 * monitor iface) we'll get it through the nl_mgmt socket instead. 7877 */ 7878 if (!drv->device_ap_sme) 7879 wpa_driver_nl80211_probe_req_report(bss, 0); 7880 7881 if (!drv->device_ap_sme && !drv->use_monitor) 7882 if (nl80211_mgmt_subscribe_ap(bss)) 7883 return -1; 7884 7885 if (drv->device_ap_sme && !drv->use_monitor) 7886 if (nl80211_mgmt_subscribe_ap_dev_sme(bss)) 7887 return -1; 7888 7889 if (!drv->device_ap_sme && drv->use_monitor && 7890 nl80211_create_monitor_interface(drv) && 7891 !drv->device_ap_sme) 7892 return -1; 7893 7894 if (drv->device_ap_sme && 7895 wpa_driver_nl80211_probe_req_report(bss, 1) < 0) { 7896 wpa_printf(MSG_DEBUG, "nl80211: Failed to enable " 7897 "Probe Request frame reporting in AP mode"); 7898 /* Try to survive without this */ 7899 } 7900 7901 return 0; 7902} 7903 7904 7905static void nl80211_teardown_ap(struct i802_bss *bss) 7906{ 7907 struct wpa_driver_nl80211_data *drv = bss->drv; 7908 7909 wpa_printf(MSG_DEBUG, "nl80211: Teardown AP(%s) - device_ap_sme=%d use_monitor=%d", 7910 bss->ifname, drv->device_ap_sme, drv->use_monitor); 7911 if (drv->device_ap_sme) { 7912 wpa_driver_nl80211_probe_req_report(bss, 0); 7913 if (!drv->use_monitor) 7914 nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)"); 7915 } else if (drv->use_monitor) 7916 nl80211_remove_monitor_interface(drv); 7917 else 7918 nl80211_mgmt_unsubscribe(bss, "AP teardown"); 7919 7920 bss->beacon_set = 0; 7921} 7922 7923 7924static int nl80211_send_eapol_data(struct i802_bss *bss, 7925 const u8 *addr, const u8 *data, 7926 size_t data_len) 7927{ 7928 struct sockaddr_ll ll; 7929 int ret; 7930 7931 if (bss->drv->eapol_tx_sock < 0) { 7932 wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL"); 7933 return -1; 7934 } 7935 7936 os_memset(&ll, 0, sizeof(ll)); 7937 ll.sll_family = AF_PACKET; 7938 ll.sll_ifindex = bss->ifindex; 7939 ll.sll_protocol = htons(ETH_P_PAE); 7940 ll.sll_halen = ETH_ALEN; 7941 os_memcpy(ll.sll_addr, addr, ETH_ALEN); 7942 ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0, 7943 (struct sockaddr *) &ll, sizeof(ll)); 7944 if (ret < 0) 7945 wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s", 7946 strerror(errno)); 7947 7948 return ret; 7949} 7950 7951 7952static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 7953 7954static int wpa_driver_nl80211_hapd_send_eapol( 7955 void *priv, const u8 *addr, const u8 *data, 7956 size_t data_len, int encrypt, const u8 *own_addr, u32 flags) 7957{ 7958 struct i802_bss *bss = priv; 7959 struct wpa_driver_nl80211_data *drv = bss->drv; 7960 struct ieee80211_hdr *hdr; 7961 size_t len; 7962 u8 *pos; 7963 int res; 7964 int qos = flags & WPA_STA_WMM; 7965 7966 if (drv->device_ap_sme || !drv->use_monitor) 7967 return nl80211_send_eapol_data(bss, addr, data, data_len); 7968 7969 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 7970 data_len; 7971 hdr = os_zalloc(len); 7972 if (hdr == NULL) { 7973 wpa_printf(MSG_INFO, "nl80211: Failed to allocate EAPOL buffer(len=%lu)", 7974 (unsigned long) len); 7975 return -1; 7976 } 7977 7978 hdr->frame_control = 7979 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 7980 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 7981 if (encrypt) 7982 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 7983 if (qos) { 7984 hdr->frame_control |= 7985 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 7986 } 7987 7988 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 7989 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 7990 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 7991 pos = (u8 *) (hdr + 1); 7992 7993 if (qos) { 7994 /* Set highest priority in QoS header */ 7995 pos[0] = 7; 7996 pos[1] = 0; 7997 pos += 2; 7998 } 7999 8000 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 8001 pos += sizeof(rfc1042_header); 8002 WPA_PUT_BE16(pos, ETH_P_PAE); 8003 pos += 2; 8004 memcpy(pos, data, data_len); 8005 8006 res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0, 8007 0, 0, 0, 0); 8008 if (res < 0) { 8009 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 8010 "failed: %d (%s)", 8011 (unsigned long) len, errno, strerror(errno)); 8012 } 8013 os_free(hdr); 8014 8015 return res; 8016} 8017 8018 8019static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 8020 int total_flags, 8021 int flags_or, int flags_and) 8022{ 8023 struct i802_bss *bss = priv; 8024 struct wpa_driver_nl80211_data *drv = bss->drv; 8025 struct nl_msg *msg; 8026 struct nlattr *flags; 8027 struct nl80211_sta_flag_update upd; 8028 8029 msg = nlmsg_alloc(); 8030 if (!msg) 8031 return -ENOMEM; 8032 8033 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 8034 8035 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 8036 if_nametoindex(bss->ifname)); 8037 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8038 8039 /* 8040 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 8041 * can be removed eventually. 8042 */ 8043 flags = nla_nest_start(msg, NL80211_ATTR_STA_FLAGS); 8044 if (!flags) 8045 goto nla_put_failure; 8046 if (total_flags & WPA_STA_AUTHORIZED) 8047 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_AUTHORIZED); 8048 8049 if (total_flags & WPA_STA_WMM) 8050 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_WME); 8051 8052 if (total_flags & WPA_STA_SHORT_PREAMBLE) 8053 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_SHORT_PREAMBLE); 8054 8055 if (total_flags & WPA_STA_MFP) 8056 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_MFP); 8057 8058 if (total_flags & WPA_STA_TDLS_PEER) 8059 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_TDLS_PEER); 8060 8061 nla_nest_end(msg, flags); 8062 8063 os_memset(&upd, 0, sizeof(upd)); 8064 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 8065 upd.set = sta_flags_nl80211(flags_or); 8066 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 8067 8068 return send_and_recv_msgs(drv, msg, NULL, NULL); 8069 nla_put_failure: 8070 nlmsg_free(msg); 8071 return -ENOBUFS; 8072} 8073 8074 8075static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 8076 struct wpa_driver_associate_params *params) 8077{ 8078 enum nl80211_iftype nlmode, old_mode; 8079 struct hostapd_freq_params freq = { 8080 .freq = params->freq, 8081 }; 8082 8083 if (params->p2p) { 8084 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P " 8085 "group (GO)"); 8086 nlmode = NL80211_IFTYPE_P2P_GO; 8087 } else 8088 nlmode = NL80211_IFTYPE_AP; 8089 8090 old_mode = drv->nlmode; 8091 if (wpa_driver_nl80211_set_mode(drv->first_bss, nlmode)) { 8092 nl80211_remove_monitor_interface(drv); 8093 return -1; 8094 } 8095 8096 if (wpa_driver_nl80211_set_freq(drv->first_bss, &freq)) { 8097 if (old_mode != nlmode) 8098 wpa_driver_nl80211_set_mode(drv->first_bss, old_mode); 8099 nl80211_remove_monitor_interface(drv); 8100 return -1; 8101 } 8102 8103 return 0; 8104} 8105 8106 8107static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 8108{ 8109 struct nl_msg *msg; 8110 int ret = -1; 8111 8112 msg = nlmsg_alloc(); 8113 if (!msg) 8114 return -1; 8115 8116 nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS); 8117 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8118 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8119 msg = NULL; 8120 if (ret) { 8121 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 8122 "(%s)", ret, strerror(-ret)); 8123 goto nla_put_failure; 8124 } 8125 8126 ret = 0; 8127 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 8128 8129nla_put_failure: 8130 if (wpa_driver_nl80211_set_mode(drv->first_bss, 8131 NL80211_IFTYPE_STATION)) { 8132 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 8133 "station mode"); 8134 } 8135 8136 nlmsg_free(msg); 8137 return ret; 8138} 8139 8140 8141static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 8142 struct wpa_driver_associate_params *params) 8143{ 8144 struct nl_msg *msg; 8145 int ret = -1; 8146 int count = 0; 8147 8148 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 8149 8150 if (wpa_driver_nl80211_set_mode(drv->first_bss, 8151 NL80211_IFTYPE_ADHOC)) { 8152 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 8153 "IBSS mode"); 8154 return -1; 8155 } 8156 8157retry: 8158 msg = nlmsg_alloc(); 8159 if (!msg) 8160 return -1; 8161 8162 nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS); 8163 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8164 8165 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 8166 goto nla_put_failure; 8167 8168 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 8169 params->ssid, params->ssid_len); 8170 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 8171 params->ssid); 8172 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 8173 drv->ssid_len = params->ssid_len; 8174 8175 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 8176 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 8177 8178 ret = nl80211_set_conn_keys(params, msg); 8179 if (ret) 8180 goto nla_put_failure; 8181 8182 if (params->bssid && params->fixed_bssid) { 8183 wpa_printf(MSG_DEBUG, " * BSSID=" MACSTR, 8184 MAC2STR(params->bssid)); 8185 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 8186 } 8187 8188 if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X || 8189 params->key_mgmt_suite == WPA_KEY_MGMT_PSK || 8190 params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 || 8191 params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) { 8192 wpa_printf(MSG_DEBUG, " * control port"); 8193 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 8194 } 8195 8196 if (params->wpa_ie) { 8197 wpa_hexdump(MSG_DEBUG, 8198 " * Extra IEs for Beacon/Probe Response frames", 8199 params->wpa_ie, params->wpa_ie_len); 8200 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 8201 params->wpa_ie); 8202 } 8203 8204 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8205 msg = NULL; 8206 if (ret) { 8207 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 8208 ret, strerror(-ret)); 8209 count++; 8210 if (ret == -EALREADY && count == 1) { 8211 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 8212 "forced leave"); 8213 nl80211_leave_ibss(drv); 8214 nlmsg_free(msg); 8215 goto retry; 8216 } 8217 8218 goto nla_put_failure; 8219 } 8220 ret = 0; 8221 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 8222 8223nla_put_failure: 8224 nlmsg_free(msg); 8225 return ret; 8226} 8227 8228 8229static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, 8230 struct wpa_driver_associate_params *params, 8231 struct nl_msg *msg) 8232{ 8233 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8234 8235 if (params->bssid) { 8236 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 8237 MAC2STR(params->bssid)); 8238 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 8239 } 8240 8241 if (params->freq) { 8242 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 8243 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 8244 drv->assoc_freq = params->freq; 8245 } else 8246 drv->assoc_freq = 0; 8247 8248 if (params->bg_scan_period >= 0) { 8249 wpa_printf(MSG_DEBUG, " * bg scan period=%d", 8250 params->bg_scan_period); 8251 NLA_PUT_U16(msg, NL80211_ATTR_BG_SCAN_PERIOD, 8252 params->bg_scan_period); 8253 } 8254 8255 if (params->ssid) { 8256 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 8257 params->ssid, params->ssid_len); 8258 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 8259 params->ssid); 8260 if (params->ssid_len > sizeof(drv->ssid)) 8261 goto nla_put_failure; 8262 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 8263 drv->ssid_len = params->ssid_len; 8264 } 8265 8266 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 8267 if (params->wpa_ie) 8268 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 8269 params->wpa_ie); 8270 8271 if (params->wpa_proto) { 8272 enum nl80211_wpa_versions ver = 0; 8273 8274 if (params->wpa_proto & WPA_PROTO_WPA) 8275 ver |= NL80211_WPA_VERSION_1; 8276 if (params->wpa_proto & WPA_PROTO_RSN) 8277 ver |= NL80211_WPA_VERSION_2; 8278 8279 wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver); 8280 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 8281 } 8282 8283 if (params->pairwise_suite != WPA_CIPHER_NONE) { 8284 u32 cipher = wpa_cipher_to_cipher_suite(params->pairwise_suite); 8285 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher); 8286 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 8287 } 8288 8289 if (params->group_suite != WPA_CIPHER_NONE) { 8290 u32 cipher = wpa_cipher_to_cipher_suite(params->group_suite); 8291 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher); 8292 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 8293 } 8294 8295 if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X || 8296 params->key_mgmt_suite == WPA_KEY_MGMT_PSK || 8297 params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X || 8298 params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK || 8299 params->key_mgmt_suite == WPA_KEY_MGMT_CCKM) { 8300 int mgmt = WLAN_AKM_SUITE_PSK; 8301 8302 switch (params->key_mgmt_suite) { 8303 case WPA_KEY_MGMT_CCKM: 8304 mgmt = WLAN_AKM_SUITE_CCKM; 8305 break; 8306 case WPA_KEY_MGMT_IEEE8021X: 8307 mgmt = WLAN_AKM_SUITE_8021X; 8308 break; 8309 case WPA_KEY_MGMT_FT_IEEE8021X: 8310 mgmt = WLAN_AKM_SUITE_FT_8021X; 8311 break; 8312 case WPA_KEY_MGMT_FT_PSK: 8313 mgmt = WLAN_AKM_SUITE_FT_PSK; 8314 break; 8315 case WPA_KEY_MGMT_PSK: 8316 default: 8317 mgmt = WLAN_AKM_SUITE_PSK; 8318 break; 8319 } 8320 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 8321 } 8322 8323 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 8324 8325 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 8326 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 8327 8328 if (params->disable_ht) 8329 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT); 8330 8331 if (params->htcaps && params->htcaps_mask) { 8332 int sz = sizeof(struct ieee80211_ht_capabilities); 8333 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps); 8334 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz, 8335 params->htcaps_mask); 8336 } 8337 8338#ifdef CONFIG_VHT_OVERRIDES 8339 if (params->disable_vht) { 8340 wpa_printf(MSG_DEBUG, " * VHT disabled"); 8341 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_VHT); 8342 } 8343 8344 if (params->vhtcaps && params->vhtcaps_mask) { 8345 int sz = sizeof(struct ieee80211_vht_capabilities); 8346 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, sz, params->vhtcaps); 8347 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz, 8348 params->vhtcaps_mask); 8349 } 8350#endif /* CONFIG_VHT_OVERRIDES */ 8351 8352 if (params->p2p) 8353 wpa_printf(MSG_DEBUG, " * P2P group"); 8354 8355 return 0; 8356nla_put_failure: 8357 return -1; 8358} 8359 8360 8361static int wpa_driver_nl80211_try_connect( 8362 struct wpa_driver_nl80211_data *drv, 8363 struct wpa_driver_associate_params *params) 8364{ 8365 struct nl_msg *msg; 8366 enum nl80211_auth_type type; 8367 int ret; 8368 int algs; 8369 8370 msg = nlmsg_alloc(); 8371 if (!msg) 8372 return -1; 8373 8374 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 8375 nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT); 8376 8377 ret = nl80211_connect_common(drv, params, msg); 8378 if (ret) 8379 goto nla_put_failure; 8380 8381 algs = 0; 8382 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 8383 algs++; 8384 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 8385 algs++; 8386 if (params->auth_alg & WPA_AUTH_ALG_LEAP) 8387 algs++; 8388 if (algs > 1) { 8389 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " 8390 "selection"); 8391 goto skip_auth_type; 8392 } 8393 8394 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 8395 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 8396 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 8397 type = NL80211_AUTHTYPE_SHARED_KEY; 8398 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 8399 type = NL80211_AUTHTYPE_NETWORK_EAP; 8400 else if (params->auth_alg & WPA_AUTH_ALG_FT) 8401 type = NL80211_AUTHTYPE_FT; 8402 else 8403 goto nla_put_failure; 8404 8405 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 8406 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 8407 8408skip_auth_type: 8409 ret = nl80211_set_conn_keys(params, msg); 8410 if (ret) 8411 goto nla_put_failure; 8412 8413 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8414 msg = NULL; 8415 if (ret) { 8416 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 8417 "(%s)", ret, strerror(-ret)); 8418 goto nla_put_failure; 8419 } 8420 ret = 0; 8421 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 8422 8423nla_put_failure: 8424 nlmsg_free(msg); 8425 return ret; 8426 8427} 8428 8429 8430static int wpa_driver_nl80211_connect( 8431 struct wpa_driver_nl80211_data *drv, 8432 struct wpa_driver_associate_params *params) 8433{ 8434 int ret = wpa_driver_nl80211_try_connect(drv, params); 8435 if (ret == -EALREADY) { 8436 /* 8437 * cfg80211 does not currently accept new connections if 8438 * we are already connected. As a workaround, force 8439 * disconnection and try again. 8440 */ 8441 wpa_printf(MSG_DEBUG, "nl80211: Explicitly " 8442 "disconnecting before reassociation " 8443 "attempt"); 8444 if (wpa_driver_nl80211_disconnect( 8445 drv, WLAN_REASON_PREV_AUTH_NOT_VALID)) 8446 return -1; 8447 ret = wpa_driver_nl80211_try_connect(drv, params); 8448 } 8449 return ret; 8450} 8451 8452 8453static int wpa_driver_nl80211_associate( 8454 void *priv, struct wpa_driver_associate_params *params) 8455{ 8456 struct i802_bss *bss = priv; 8457 struct wpa_driver_nl80211_data *drv = bss->drv; 8458 int ret; 8459 struct nl_msg *msg; 8460 8461 if (params->mode == IEEE80211_MODE_AP) 8462 return wpa_driver_nl80211_ap(drv, params); 8463 8464 if (params->mode == IEEE80211_MODE_IBSS) 8465 return wpa_driver_nl80211_ibss(drv, params); 8466 8467 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 8468 enum nl80211_iftype nlmode = params->p2p ? 8469 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 8470 8471 if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0) 8472 return -1; 8473 return wpa_driver_nl80211_connect(drv, params); 8474 } 8475 8476 nl80211_mark_disconnected(drv); 8477 8478 msg = nlmsg_alloc(); 8479 if (!msg) 8480 return -1; 8481 8482 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 8483 drv->ifindex); 8484 nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE); 8485 8486 ret = nl80211_connect_common(drv, params, msg); 8487 if (ret) 8488 goto nla_put_failure; 8489 8490 if (params->prev_bssid) { 8491 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 8492 MAC2STR(params->prev_bssid)); 8493 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 8494 params->prev_bssid); 8495 } 8496 8497 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8498 msg = NULL; 8499 if (ret) { 8500 wpa_dbg(drv->ctx, MSG_DEBUG, 8501 "nl80211: MLME command failed (assoc): ret=%d (%s)", 8502 ret, strerror(-ret)); 8503 nl80211_dump_scan(drv); 8504 goto nla_put_failure; 8505 } 8506 ret = 0; 8507 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 8508 "successfully"); 8509 8510nla_put_failure: 8511 nlmsg_free(msg); 8512 return ret; 8513} 8514 8515 8516static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 8517 int ifindex, enum nl80211_iftype mode) 8518{ 8519 struct nl_msg *msg; 8520 int ret = -ENOBUFS; 8521 8522 wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)", 8523 ifindex, mode, nl80211_iftype_str(mode)); 8524 8525 msg = nlmsg_alloc(); 8526 if (!msg) 8527 return -ENOMEM; 8528 8529 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE); 8530 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 8531 goto nla_put_failure; 8532 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 8533 8534 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8535 msg = NULL; 8536 if (!ret) 8537 return 0; 8538nla_put_failure: 8539 nlmsg_free(msg); 8540 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 8541 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 8542 return ret; 8543} 8544 8545 8546static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 8547 enum nl80211_iftype nlmode) 8548{ 8549 struct wpa_driver_nl80211_data *drv = bss->drv; 8550 int ret = -1; 8551 int i; 8552 int was_ap = is_ap_interface(drv->nlmode); 8553 int res; 8554 8555 res = nl80211_set_mode(drv, drv->ifindex, nlmode); 8556 if (res && nlmode == nl80211_get_ifmode(bss)) 8557 res = 0; 8558 8559 if (res == 0) { 8560 drv->nlmode = nlmode; 8561 ret = 0; 8562 goto done; 8563 } 8564 8565 if (res == -ENODEV) 8566 return -1; 8567 8568 if (nlmode == drv->nlmode) { 8569 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 8570 "requested mode - ignore error"); 8571 ret = 0; 8572 goto done; /* Already in the requested mode */ 8573 } 8574 8575 /* mac80211 doesn't allow mode changes while the device is up, so 8576 * take the device down, try to set the mode again, and bring the 8577 * device back up. 8578 */ 8579 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting " 8580 "interface down"); 8581 for (i = 0; i < 10; i++) { 8582 res = i802_set_iface_flags(bss, 0); 8583 if (res == -EACCES || res == -ENODEV) 8584 break; 8585 if (res == 0) { 8586 /* Try to set the mode again while the interface is 8587 * down */ 8588 ret = nl80211_set_mode(drv, drv->ifindex, nlmode); 8589 if (ret == -EACCES) 8590 break; 8591 res = i802_set_iface_flags(bss, 1); 8592 if (res && !ret) 8593 ret = -1; 8594 else if (ret != -EBUSY) 8595 break; 8596 } else 8597 wpa_printf(MSG_DEBUG, "nl80211: Failed to set " 8598 "interface down"); 8599 os_sleep(0, 100000); 8600 } 8601 8602 if (!ret) { 8603 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 8604 "interface is down"); 8605 drv->nlmode = nlmode; 8606 drv->ignore_if_down_event = 1; 8607 } 8608 8609done: 8610 if (ret) { 8611 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 8612 "from %d failed", nlmode, drv->nlmode); 8613 return ret; 8614 } 8615 8616 if (is_p2p_net_interface(nlmode)) 8617 nl80211_disable_11b_rates(drv, drv->ifindex, 1); 8618 else if (drv->disabled_11b_rates) 8619 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 8620 8621 if (is_ap_interface(nlmode)) { 8622 nl80211_mgmt_unsubscribe(bss, "start AP"); 8623 /* Setup additional AP mode functionality if needed */ 8624 if (nl80211_setup_ap(bss)) 8625 return -1; 8626 } else if (was_ap) { 8627 /* Remove additional AP mode functionality */ 8628 nl80211_teardown_ap(bss); 8629 } else { 8630 nl80211_mgmt_unsubscribe(bss, "mode change"); 8631 } 8632 8633 if (!bss->in_deinit && !is_ap_interface(nlmode) && 8634 nl80211_mgmt_subscribe_non_ap(bss) < 0) 8635 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 8636 "frame processing - ignore for now"); 8637 8638 return 0; 8639} 8640 8641 8642static int wpa_driver_nl80211_get_capa(void *priv, 8643 struct wpa_driver_capa *capa) 8644{ 8645 struct i802_bss *bss = priv; 8646 struct wpa_driver_nl80211_data *drv = bss->drv; 8647 if (!drv->has_capability) 8648 return -1; 8649 os_memcpy(capa, &drv->capa, sizeof(*capa)); 8650 if (drv->extended_capa && drv->extended_capa_mask) { 8651 capa->extended_capa = drv->extended_capa; 8652 capa->extended_capa_mask = drv->extended_capa_mask; 8653 capa->extended_capa_len = drv->extended_capa_len; 8654 } 8655 8656 if ((capa->flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) && 8657 !drv->allow_p2p_device) { 8658 wpa_printf(MSG_DEBUG, "nl80211: Do not indicate P2P_DEVICE support (p2p_device=1 driver param not specified)"); 8659 capa->flags &= ~WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE; 8660 } 8661 8662 return 0; 8663} 8664 8665 8666static int wpa_driver_nl80211_set_operstate(void *priv, int state) 8667{ 8668 struct i802_bss *bss = priv; 8669 struct wpa_driver_nl80211_data *drv = bss->drv; 8670 8671 wpa_printf(MSG_DEBUG, "nl80211: Set %s operstate %d->%d (%s)", 8672 bss->ifname, drv->operstate, state, 8673 state ? "UP" : "DORMANT"); 8674 drv->operstate = state; 8675 return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1, 8676 state ? IF_OPER_UP : IF_OPER_DORMANT); 8677} 8678 8679 8680static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 8681{ 8682 struct i802_bss *bss = priv; 8683 struct wpa_driver_nl80211_data *drv = bss->drv; 8684 struct nl_msg *msg; 8685 struct nl80211_sta_flag_update upd; 8686 int ret = -ENOBUFS; 8687 8688 if (!drv->associated && is_zero_ether_addr(drv->bssid) && !authorized) { 8689 wpa_printf(MSG_DEBUG, "nl80211: Skip set_supp_port(unauthorized) while not associated"); 8690 return 0; 8691 } 8692 8693 wpa_printf(MSG_DEBUG, "nl80211: Set supplicant port %sauthorized for " 8694 MACSTR, authorized ? "" : "un", MAC2STR(drv->bssid)); 8695 8696 msg = nlmsg_alloc(); 8697 if (!msg) 8698 return -ENOMEM; 8699 8700 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 8701 8702 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 8703 if_nametoindex(bss->ifname)); 8704 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 8705 8706 os_memset(&upd, 0, sizeof(upd)); 8707 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 8708 if (authorized) 8709 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 8710 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 8711 8712 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8713 msg = NULL; 8714 if (!ret) 8715 return 0; 8716 nla_put_failure: 8717 nlmsg_free(msg); 8718 wpa_printf(MSG_DEBUG, "nl80211: Failed to set STA flag: %d (%s)", 8719 ret, strerror(-ret)); 8720 return ret; 8721} 8722 8723 8724/* Set kernel driver on given frequency (MHz) */ 8725static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 8726{ 8727 struct i802_bss *bss = priv; 8728 return wpa_driver_nl80211_set_freq(bss, freq); 8729} 8730 8731 8732static inline int min_int(int a, int b) 8733{ 8734 if (a < b) 8735 return a; 8736 return b; 8737} 8738 8739 8740static int get_key_handler(struct nl_msg *msg, void *arg) 8741{ 8742 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 8743 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 8744 8745 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 8746 genlmsg_attrlen(gnlh, 0), NULL); 8747 8748 /* 8749 * TODO: validate the key index and mac address! 8750 * Otherwise, there's a race condition as soon as 8751 * the kernel starts sending key notifications. 8752 */ 8753 8754 if (tb[NL80211_ATTR_KEY_SEQ]) 8755 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 8756 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 8757 return NL_SKIP; 8758} 8759 8760 8761static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 8762 int idx, u8 *seq) 8763{ 8764 struct i802_bss *bss = priv; 8765 struct wpa_driver_nl80211_data *drv = bss->drv; 8766 struct nl_msg *msg; 8767 8768 msg = nlmsg_alloc(); 8769 if (!msg) 8770 return -ENOMEM; 8771 8772 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY); 8773 8774 if (addr) 8775 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8776 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 8777 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 8778 8779 memset(seq, 0, 6); 8780 8781 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 8782 nla_put_failure: 8783 nlmsg_free(msg); 8784 return -ENOBUFS; 8785} 8786 8787 8788static int i802_set_rts(void *priv, int rts) 8789{ 8790 struct i802_bss *bss = priv; 8791 struct wpa_driver_nl80211_data *drv = bss->drv; 8792 struct nl_msg *msg; 8793 int ret = -ENOBUFS; 8794 u32 val; 8795 8796 msg = nlmsg_alloc(); 8797 if (!msg) 8798 return -ENOMEM; 8799 8800 if (rts >= 2347) 8801 val = (u32) -1; 8802 else 8803 val = rts; 8804 8805 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 8806 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8807 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 8808 8809 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8810 msg = NULL; 8811 if (!ret) 8812 return 0; 8813nla_put_failure: 8814 nlmsg_free(msg); 8815 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 8816 "%d (%s)", rts, ret, strerror(-ret)); 8817 return ret; 8818} 8819 8820 8821static int i802_set_frag(void *priv, int frag) 8822{ 8823 struct i802_bss *bss = priv; 8824 struct wpa_driver_nl80211_data *drv = bss->drv; 8825 struct nl_msg *msg; 8826 int ret = -ENOBUFS; 8827 u32 val; 8828 8829 msg = nlmsg_alloc(); 8830 if (!msg) 8831 return -ENOMEM; 8832 8833 if (frag >= 2346) 8834 val = (u32) -1; 8835 else 8836 val = frag; 8837 8838 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 8839 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8840 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 8841 8842 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8843 msg = NULL; 8844 if (!ret) 8845 return 0; 8846nla_put_failure: 8847 nlmsg_free(msg); 8848 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 8849 "%d: %d (%s)", frag, ret, strerror(-ret)); 8850 return ret; 8851} 8852 8853 8854static int i802_flush(void *priv) 8855{ 8856 struct i802_bss *bss = priv; 8857 struct wpa_driver_nl80211_data *drv = bss->drv; 8858 struct nl_msg *msg; 8859 int res; 8860 8861 msg = nlmsg_alloc(); 8862 if (!msg) 8863 return -1; 8864 8865 wpa_printf(MSG_DEBUG, "nl80211: flush -> DEL_STATION %s (all)", 8866 bss->ifname); 8867 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 8868 8869 /* 8870 * XXX: FIX! this needs to flush all VLANs too 8871 */ 8872 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 8873 if_nametoindex(bss->ifname)); 8874 8875 res = send_and_recv_msgs(drv, msg, NULL, NULL); 8876 if (res) { 8877 wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d " 8878 "(%s)", res, strerror(-res)); 8879 } 8880 return res; 8881 nla_put_failure: 8882 nlmsg_free(msg); 8883 return -ENOBUFS; 8884} 8885 8886 8887static int get_sta_handler(struct nl_msg *msg, void *arg) 8888{ 8889 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 8890 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 8891 struct hostap_sta_driver_data *data = arg; 8892 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 8893 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 8894 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 8895 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 8896 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 8897 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 8898 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 8899 [NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32 }, 8900 }; 8901 8902 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 8903 genlmsg_attrlen(gnlh, 0), NULL); 8904 8905 /* 8906 * TODO: validate the interface and mac address! 8907 * Otherwise, there's a race condition as soon as 8908 * the kernel starts sending station notifications. 8909 */ 8910 8911 if (!tb[NL80211_ATTR_STA_INFO]) { 8912 wpa_printf(MSG_DEBUG, "sta stats missing!"); 8913 return NL_SKIP; 8914 } 8915 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 8916 tb[NL80211_ATTR_STA_INFO], 8917 stats_policy)) { 8918 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 8919 return NL_SKIP; 8920 } 8921 8922 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 8923 data->inactive_msec = 8924 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 8925 if (stats[NL80211_STA_INFO_RX_BYTES]) 8926 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 8927 if (stats[NL80211_STA_INFO_TX_BYTES]) 8928 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 8929 if (stats[NL80211_STA_INFO_RX_PACKETS]) 8930 data->rx_packets = 8931 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 8932 if (stats[NL80211_STA_INFO_TX_PACKETS]) 8933 data->tx_packets = 8934 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 8935 if (stats[NL80211_STA_INFO_TX_FAILED]) 8936 data->tx_retry_failed = 8937 nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]); 8938 8939 return NL_SKIP; 8940} 8941 8942static int i802_read_sta_data(struct i802_bss *bss, 8943 struct hostap_sta_driver_data *data, 8944 const u8 *addr) 8945{ 8946 struct wpa_driver_nl80211_data *drv = bss->drv; 8947 struct nl_msg *msg; 8948 8949 os_memset(data, 0, sizeof(*data)); 8950 msg = nlmsg_alloc(); 8951 if (!msg) 8952 return -ENOMEM; 8953 8954 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 8955 8956 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8957 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 8958 8959 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 8960 nla_put_failure: 8961 nlmsg_free(msg); 8962 return -ENOBUFS; 8963} 8964 8965 8966static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 8967 int cw_min, int cw_max, int burst_time) 8968{ 8969 struct i802_bss *bss = priv; 8970 struct wpa_driver_nl80211_data *drv = bss->drv; 8971 struct nl_msg *msg; 8972 struct nlattr *txq, *params; 8973 8974 msg = nlmsg_alloc(); 8975 if (!msg) 8976 return -1; 8977 8978 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 8979 8980 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 8981 8982 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 8983 if (!txq) 8984 goto nla_put_failure; 8985 8986 /* We are only sending parameters for a single TXQ at a time */ 8987 params = nla_nest_start(msg, 1); 8988 if (!params) 8989 goto nla_put_failure; 8990 8991 switch (queue) { 8992 case 0: 8993 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO); 8994 break; 8995 case 1: 8996 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI); 8997 break; 8998 case 2: 8999 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE); 9000 break; 9001 case 3: 9002 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK); 9003 break; 9004 } 9005 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 9006 * 32 usec, so need to convert the value here. */ 9007 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 9008 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 9009 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 9010 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 9011 9012 nla_nest_end(msg, params); 9013 9014 nla_nest_end(msg, txq); 9015 9016 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 9017 return 0; 9018 msg = NULL; 9019 nla_put_failure: 9020 nlmsg_free(msg); 9021 return -1; 9022} 9023 9024 9025static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr, 9026 const char *ifname, int vlan_id) 9027{ 9028 struct wpa_driver_nl80211_data *drv = bss->drv; 9029 struct nl_msg *msg; 9030 int ret = -ENOBUFS; 9031 9032 msg = nlmsg_alloc(); 9033 if (!msg) 9034 return -ENOMEM; 9035 9036 wpa_printf(MSG_DEBUG, "nl80211: %s[%d]: set_sta_vlan(" MACSTR 9037 ", ifname=%s[%d], vlan_id=%d)", 9038 bss->ifname, if_nametoindex(bss->ifname), 9039 MAC2STR(addr), ifname, if_nametoindex(ifname), vlan_id); 9040 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 9041 9042 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 9043 if_nametoindex(bss->ifname)); 9044 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 9045 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 9046 if_nametoindex(ifname)); 9047 9048 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9049 msg = NULL; 9050 if (ret < 0) { 9051 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 9052 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 9053 MAC2STR(addr), ifname, vlan_id, ret, 9054 strerror(-ret)); 9055 } 9056 nla_put_failure: 9057 nlmsg_free(msg); 9058 return ret; 9059} 9060 9061 9062static int i802_get_inact_sec(void *priv, const u8 *addr) 9063{ 9064 struct hostap_sta_driver_data data; 9065 int ret; 9066 9067 data.inactive_msec = (unsigned long) -1; 9068 ret = i802_read_sta_data(priv, &data, addr); 9069 if (ret || data.inactive_msec == (unsigned long) -1) 9070 return -1; 9071 return data.inactive_msec / 1000; 9072} 9073 9074 9075static int i802_sta_clear_stats(void *priv, const u8 *addr) 9076{ 9077#if 0 9078 /* TODO */ 9079#endif 9080 return 0; 9081} 9082 9083 9084static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 9085 int reason) 9086{ 9087 struct i802_bss *bss = priv; 9088 struct wpa_driver_nl80211_data *drv = bss->drv; 9089 struct ieee80211_mgmt mgmt; 9090 9091 if (drv->device_ap_sme) 9092 return wpa_driver_nl80211_sta_remove(bss, addr); 9093 9094 memset(&mgmt, 0, sizeof(mgmt)); 9095 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 9096 WLAN_FC_STYPE_DEAUTH); 9097 memcpy(mgmt.da, addr, ETH_ALEN); 9098 memcpy(mgmt.sa, own_addr, ETH_ALEN); 9099 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 9100 mgmt.u.deauth.reason_code = host_to_le16(reason); 9101 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 9102 IEEE80211_HDRLEN + 9103 sizeof(mgmt.u.deauth), 0, 0, 0, 0, 9104 0); 9105} 9106 9107 9108static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 9109 int reason) 9110{ 9111 struct i802_bss *bss = priv; 9112 struct wpa_driver_nl80211_data *drv = bss->drv; 9113 struct ieee80211_mgmt mgmt; 9114 9115 if (drv->device_ap_sme) 9116 return wpa_driver_nl80211_sta_remove(bss, addr); 9117 9118 memset(&mgmt, 0, sizeof(mgmt)); 9119 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 9120 WLAN_FC_STYPE_DISASSOC); 9121 memcpy(mgmt.da, addr, ETH_ALEN); 9122 memcpy(mgmt.sa, own_addr, ETH_ALEN); 9123 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 9124 mgmt.u.disassoc.reason_code = host_to_le16(reason); 9125 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 9126 IEEE80211_HDRLEN + 9127 sizeof(mgmt.u.disassoc), 0, 0, 0, 0, 9128 0); 9129} 9130 9131 9132static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9133{ 9134 int i; 9135 int *old; 9136 9137 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 9138 ifidx); 9139 for (i = 0; i < drv->num_if_indices; i++) { 9140 if (drv->if_indices[i] == 0) { 9141 drv->if_indices[i] = ifidx; 9142 return; 9143 } 9144 } 9145 9146 if (drv->if_indices != drv->default_if_indices) 9147 old = drv->if_indices; 9148 else 9149 old = NULL; 9150 9151 drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1, 9152 sizeof(int)); 9153 if (!drv->if_indices) { 9154 if (!old) 9155 drv->if_indices = drv->default_if_indices; 9156 else 9157 drv->if_indices = old; 9158 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 9159 "interfaces"); 9160 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 9161 return; 9162 } else if (!old) 9163 os_memcpy(drv->if_indices, drv->default_if_indices, 9164 sizeof(drv->default_if_indices)); 9165 drv->if_indices[drv->num_if_indices] = ifidx; 9166 drv->num_if_indices++; 9167} 9168 9169 9170static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9171{ 9172 int i; 9173 9174 for (i = 0; i < drv->num_if_indices; i++) { 9175 if (drv->if_indices[i] == ifidx) { 9176 drv->if_indices[i] = 0; 9177 break; 9178 } 9179 } 9180} 9181 9182 9183static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9184{ 9185 int i; 9186 9187 for (i = 0; i < drv->num_if_indices; i++) 9188 if (drv->if_indices[i] == ifidx) 9189 return 1; 9190 9191 return 0; 9192} 9193 9194 9195static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, 9196 const char *bridge_ifname, char *ifname_wds) 9197{ 9198 struct i802_bss *bss = priv; 9199 struct wpa_driver_nl80211_data *drv = bss->drv; 9200 char name[IFNAMSIZ + 1]; 9201 9202 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 9203 if (ifname_wds) 9204 os_strlcpy(ifname_wds, name, IFNAMSIZ + 1); 9205 9206 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 9207 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 9208 if (val) { 9209 if (!if_nametoindex(name)) { 9210 if (nl80211_create_iface(drv, name, 9211 NL80211_IFTYPE_AP_VLAN, 9212 bss->addr, 1, NULL, NULL, 0) < 9213 0) 9214 return -1; 9215 if (bridge_ifname && 9216 linux_br_add_if(drv->global->ioctl_sock, 9217 bridge_ifname, name) < 0) 9218 return -1; 9219 } 9220 if (linux_set_iface_flags(drv->global->ioctl_sock, name, 1)) { 9221 wpa_printf(MSG_ERROR, "nl80211: Failed to set WDS STA " 9222 "interface %s up", name); 9223 } 9224 return i802_set_sta_vlan(priv, addr, name, 0); 9225 } else { 9226 if (bridge_ifname) 9227 linux_br_del_if(drv->global->ioctl_sock, bridge_ifname, 9228 name); 9229 9230 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 9231 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN, 9232 name); 9233 } 9234} 9235 9236 9237static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 9238{ 9239 struct wpa_driver_nl80211_data *drv = eloop_ctx; 9240 struct sockaddr_ll lladdr; 9241 unsigned char buf[3000]; 9242 int len; 9243 socklen_t fromlen = sizeof(lladdr); 9244 9245 len = recvfrom(sock, buf, sizeof(buf), 0, 9246 (struct sockaddr *)&lladdr, &fromlen); 9247 if (len < 0) { 9248 wpa_printf(MSG_ERROR, "nl80211: EAPOL recv failed: %s", 9249 strerror(errno)); 9250 return; 9251 } 9252 9253 if (have_ifidx(drv, lladdr.sll_ifindex)) 9254 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 9255} 9256 9257 9258static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 9259 struct i802_bss *bss, 9260 const char *brname, const char *ifname) 9261{ 9262 int ifindex; 9263 char in_br[IFNAMSIZ]; 9264 9265 os_strlcpy(bss->brname, brname, IFNAMSIZ); 9266 ifindex = if_nametoindex(brname); 9267 if (ifindex == 0) { 9268 /* 9269 * Bridge was configured, but the bridge device does 9270 * not exist. Try to add it now. 9271 */ 9272 if (linux_br_add(drv->global->ioctl_sock, brname) < 0) { 9273 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 9274 "bridge interface %s: %s", 9275 brname, strerror(errno)); 9276 return -1; 9277 } 9278 bss->added_bridge = 1; 9279 add_ifidx(drv, if_nametoindex(brname)); 9280 } 9281 9282 if (linux_br_get(in_br, ifname) == 0) { 9283 if (os_strcmp(in_br, brname) == 0) 9284 return 0; /* already in the bridge */ 9285 9286 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 9287 "bridge %s", ifname, in_br); 9288 if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) < 9289 0) { 9290 wpa_printf(MSG_ERROR, "nl80211: Failed to " 9291 "remove interface %s from bridge " 9292 "%s: %s", 9293 ifname, brname, strerror(errno)); 9294 return -1; 9295 } 9296 } 9297 9298 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 9299 ifname, brname); 9300 if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) { 9301 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 9302 "into bridge %s: %s", 9303 ifname, brname, strerror(errno)); 9304 return -1; 9305 } 9306 bss->added_if_into_bridge = 1; 9307 9308 return 0; 9309} 9310 9311 9312static void *i802_init(struct hostapd_data *hapd, 9313 struct wpa_init_params *params) 9314{ 9315 struct wpa_driver_nl80211_data *drv; 9316 struct i802_bss *bss; 9317 size_t i; 9318 char brname[IFNAMSIZ]; 9319 int ifindex, br_ifindex; 9320 int br_added = 0; 9321 9322 bss = wpa_driver_nl80211_drv_init(hapd, params->ifname, 9323 params->global_priv, 1, 9324 params->bssid); 9325 if (bss == NULL) 9326 return NULL; 9327 9328 drv = bss->drv; 9329 9330 if (linux_br_get(brname, params->ifname) == 0) { 9331 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 9332 params->ifname, brname); 9333 br_ifindex = if_nametoindex(brname); 9334 } else { 9335 brname[0] = '\0'; 9336 br_ifindex = 0; 9337 } 9338 9339 for (i = 0; i < params->num_bridge; i++) { 9340 if (params->bridge[i]) { 9341 ifindex = if_nametoindex(params->bridge[i]); 9342 if (ifindex) 9343 add_ifidx(drv, ifindex); 9344 if (ifindex == br_ifindex) 9345 br_added = 1; 9346 } 9347 } 9348 if (!br_added && br_ifindex && 9349 (params->num_bridge == 0 || !params->bridge[0])) 9350 add_ifidx(drv, br_ifindex); 9351 9352 /* start listening for EAPOL on the default AP interface */ 9353 add_ifidx(drv, drv->ifindex); 9354 9355 if (params->num_bridge && params->bridge[0] && 9356 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0) 9357 goto failed; 9358 9359 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 9360 if (drv->eapol_sock < 0) { 9361 wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s", 9362 strerror(errno)); 9363 goto failed; 9364 } 9365 9366 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 9367 { 9368 wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol"); 9369 goto failed; 9370 } 9371 9372 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 9373 params->own_addr)) 9374 goto failed; 9375 9376 memcpy(bss->addr, params->own_addr, ETH_ALEN); 9377 9378 return bss; 9379 9380failed: 9381 wpa_driver_nl80211_deinit(bss); 9382 return NULL; 9383} 9384 9385 9386static void i802_deinit(void *priv) 9387{ 9388 struct i802_bss *bss = priv; 9389 wpa_driver_nl80211_deinit(bss); 9390} 9391 9392 9393static enum nl80211_iftype wpa_driver_nl80211_if_type( 9394 enum wpa_driver_if_type type) 9395{ 9396 switch (type) { 9397 case WPA_IF_STATION: 9398 return NL80211_IFTYPE_STATION; 9399 case WPA_IF_P2P_CLIENT: 9400 case WPA_IF_P2P_GROUP: 9401 return NL80211_IFTYPE_P2P_CLIENT; 9402 case WPA_IF_AP_VLAN: 9403 return NL80211_IFTYPE_AP_VLAN; 9404 case WPA_IF_AP_BSS: 9405 return NL80211_IFTYPE_AP; 9406 case WPA_IF_P2P_GO: 9407 return NL80211_IFTYPE_P2P_GO; 9408 case WPA_IF_P2P_DEVICE: 9409 return NL80211_IFTYPE_P2P_DEVICE; 9410 } 9411 return -1; 9412} 9413 9414 9415#ifdef CONFIG_P2P 9416 9417static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr) 9418{ 9419 struct wpa_driver_nl80211_data *drv; 9420 dl_list_for_each(drv, &global->interfaces, 9421 struct wpa_driver_nl80211_data, list) { 9422 if (os_memcmp(addr, drv->first_bss->addr, ETH_ALEN) == 0) 9423 return 1; 9424 } 9425 return 0; 9426} 9427 9428 9429static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv, 9430 u8 *new_addr) 9431{ 9432 unsigned int idx; 9433 9434 if (!drv->global) 9435 return -1; 9436 9437 os_memcpy(new_addr, drv->first_bss->addr, ETH_ALEN); 9438 for (idx = 0; idx < 64; idx++) { 9439 new_addr[0] = drv->first_bss->addr[0] | 0x02; 9440 new_addr[0] ^= idx << 2; 9441 if (!nl80211_addr_in_use(drv->global, new_addr)) 9442 break; 9443 } 9444 if (idx == 64) 9445 return -1; 9446 9447 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address " 9448 MACSTR, MAC2STR(new_addr)); 9449 9450 return 0; 9451} 9452 9453#endif /* CONFIG_P2P */ 9454 9455 9456struct wdev_info { 9457 u64 wdev_id; 9458 int wdev_id_set; 9459 u8 macaddr[ETH_ALEN]; 9460}; 9461 9462static int nl80211_wdev_handler(struct nl_msg *msg, void *arg) 9463{ 9464 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9465 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9466 struct wdev_info *wi = arg; 9467 9468 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9469 genlmsg_attrlen(gnlh, 0), NULL); 9470 if (tb[NL80211_ATTR_WDEV]) { 9471 wi->wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 9472 wi->wdev_id_set = 1; 9473 } 9474 9475 if (tb[NL80211_ATTR_MAC]) 9476 os_memcpy(wi->macaddr, nla_data(tb[NL80211_ATTR_MAC]), 9477 ETH_ALEN); 9478 9479 return NL_SKIP; 9480} 9481 9482 9483static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 9484 const char *ifname, const u8 *addr, 9485 void *bss_ctx, void **drv_priv, 9486 char *force_ifname, u8 *if_addr, 9487 const char *bridge, int use_existing) 9488{ 9489 enum nl80211_iftype nlmode; 9490 struct i802_bss *bss = priv; 9491 struct wpa_driver_nl80211_data *drv = bss->drv; 9492 int ifidx; 9493 int added = 1; 9494 9495 if (addr) 9496 os_memcpy(if_addr, addr, ETH_ALEN); 9497 nlmode = wpa_driver_nl80211_if_type(type); 9498 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) { 9499 struct wdev_info p2pdev_info; 9500 9501 os_memset(&p2pdev_info, 0, sizeof(p2pdev_info)); 9502 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr, 9503 0, nl80211_wdev_handler, 9504 &p2pdev_info, use_existing); 9505 if (!p2pdev_info.wdev_id_set || ifidx != 0) { 9506 wpa_printf(MSG_ERROR, "nl80211: Failed to create a P2P Device interface %s", 9507 ifname); 9508 return -1; 9509 } 9510 9511 drv->global->if_add_wdevid = p2pdev_info.wdev_id; 9512 drv->global->if_add_wdevid_set = p2pdev_info.wdev_id_set; 9513 if (!is_zero_ether_addr(p2pdev_info.macaddr)) 9514 os_memcpy(if_addr, p2pdev_info.macaddr, ETH_ALEN); 9515 wpa_printf(MSG_DEBUG, "nl80211: New P2P Device interface %s (0x%llx) created", 9516 ifname, 9517 (long long unsigned int) p2pdev_info.wdev_id); 9518 } else { 9519 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr, 9520 0, NULL, NULL, use_existing); 9521 if (use_existing && ifidx == -ENFILE) { 9522 added = 0; 9523 ifidx = if_nametoindex(ifname); 9524 } else if (ifidx < 0) { 9525 return -1; 9526 } 9527 } 9528 9529 if (!addr) { 9530 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) 9531 os_memcpy(if_addr, bss->addr, ETH_ALEN); 9532 else if (linux_get_ifhwaddr(drv->global->ioctl_sock, 9533 bss->ifname, if_addr) < 0) { 9534 if (added) 9535 nl80211_remove_iface(drv, ifidx); 9536 return -1; 9537 } 9538 } 9539 9540#ifdef CONFIG_P2P 9541 if (!addr && 9542 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP || 9543 type == WPA_IF_P2P_GO)) { 9544 /* Enforce unique P2P Interface Address */ 9545 u8 new_addr[ETH_ALEN]; 9546 9547 if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname, 9548 new_addr) < 0) { 9549 nl80211_remove_iface(drv, ifidx); 9550 return -1; 9551 } 9552 if (nl80211_addr_in_use(drv->global, new_addr)) { 9553 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address " 9554 "for P2P group interface"); 9555 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) { 9556 nl80211_remove_iface(drv, ifidx); 9557 return -1; 9558 } 9559 if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 9560 new_addr) < 0) { 9561 nl80211_remove_iface(drv, ifidx); 9562 return -1; 9563 } 9564 } 9565 os_memcpy(if_addr, new_addr, ETH_ALEN); 9566 } 9567#endif /* CONFIG_P2P */ 9568 9569 if (type == WPA_IF_AP_BSS) { 9570 struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss)); 9571 if (new_bss == NULL) { 9572 if (added) 9573 nl80211_remove_iface(drv, ifidx); 9574 return -1; 9575 } 9576 9577 if (bridge && 9578 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) { 9579 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new " 9580 "interface %s to a bridge %s", 9581 ifname, bridge); 9582 if (added) 9583 nl80211_remove_iface(drv, ifidx); 9584 os_free(new_bss); 9585 return -1; 9586 } 9587 9588 if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1)) 9589 { 9590 nl80211_remove_iface(drv, ifidx); 9591 os_free(new_bss); 9592 return -1; 9593 } 9594 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 9595 os_memcpy(new_bss->addr, if_addr, ETH_ALEN); 9596 new_bss->ifindex = ifidx; 9597 new_bss->drv = drv; 9598 new_bss->next = drv->first_bss->next; 9599 new_bss->freq = drv->first_bss->freq; 9600 new_bss->ctx = bss_ctx; 9601 new_bss->added_if = added; 9602 drv->first_bss->next = new_bss; 9603 if (drv_priv) 9604 *drv_priv = new_bss; 9605 nl80211_init_bss(new_bss); 9606 9607 /* Subscribe management frames for this WPA_IF_AP_BSS */ 9608 if (nl80211_setup_ap(new_bss)) 9609 return -1; 9610 } 9611 9612 if (drv->global) 9613 drv->global->if_add_ifindex = ifidx; 9614 9615 return 0; 9616} 9617 9618 9619static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, 9620 enum wpa_driver_if_type type, 9621 const char *ifname) 9622{ 9623 struct wpa_driver_nl80211_data *drv = bss->drv; 9624 int ifindex = if_nametoindex(ifname); 9625 9626 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d added_if=%d", 9627 __func__, type, ifname, ifindex, bss->added_if); 9628 if (ifindex > 0 && (bss->added_if || bss->ifindex != ifindex)) 9629 nl80211_remove_iface(drv, ifindex); 9630 9631 if (type != WPA_IF_AP_BSS) 9632 return 0; 9633 9634 if (bss->added_if_into_bridge) { 9635 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 9636 bss->ifname) < 0) 9637 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 9638 "interface %s from bridge %s: %s", 9639 bss->ifname, bss->brname, strerror(errno)); 9640 } 9641 if (bss->added_bridge) { 9642 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 9643 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 9644 "bridge %s: %s", 9645 bss->brname, strerror(errno)); 9646 } 9647 9648 if (bss != drv->first_bss) { 9649 struct i802_bss *tbss; 9650 9651 wpa_printf(MSG_DEBUG, "nl80211: Not the first BSS - remove it"); 9652 for (tbss = drv->first_bss; tbss; tbss = tbss->next) { 9653 if (tbss->next == bss) { 9654 tbss->next = bss->next; 9655 /* Unsubscribe management frames */ 9656 nl80211_teardown_ap(bss); 9657 nl80211_destroy_bss(bss); 9658 os_free(bss); 9659 bss = NULL; 9660 break; 9661 } 9662 } 9663 if (bss) 9664 wpa_printf(MSG_INFO, "nl80211: %s - could not find " 9665 "BSS %p in the list", __func__, bss); 9666 } else { 9667 wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); 9668 nl80211_teardown_ap(bss); 9669 if (!bss->added_if && !drv->first_bss->next) 9670 wpa_driver_nl80211_del_beacon(drv); 9671 nl80211_destroy_bss(bss); 9672 if (!bss->added_if) 9673 i802_set_iface_flags(bss, 0); 9674 if (drv->first_bss->next) { 9675 drv->first_bss = drv->first_bss->next; 9676 drv->ctx = drv->first_bss->ctx; 9677 os_free(bss); 9678 } else { 9679 wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to"); 9680 } 9681 } 9682 9683 return 0; 9684} 9685 9686 9687static int cookie_handler(struct nl_msg *msg, void *arg) 9688{ 9689 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9690 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9691 u64 *cookie = arg; 9692 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9693 genlmsg_attrlen(gnlh, 0), NULL); 9694 if (tb[NL80211_ATTR_COOKIE]) 9695 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 9696 return NL_SKIP; 9697} 9698 9699 9700static int nl80211_send_frame_cmd(struct i802_bss *bss, 9701 unsigned int freq, unsigned int wait, 9702 const u8 *buf, size_t buf_len, 9703 u64 *cookie_out, int no_cck, int no_ack, 9704 int offchanok) 9705{ 9706 struct wpa_driver_nl80211_data *drv = bss->drv; 9707 struct nl_msg *msg; 9708 u64 cookie; 9709 int ret = -1; 9710 9711 msg = nlmsg_alloc(); 9712 if (!msg) 9713 return -1; 9714 9715 wpa_printf(MSG_MSGDUMP, "nl80211: CMD_FRAME freq=%u wait=%u no_cck=%d " 9716 "no_ack=%d offchanok=%d", 9717 freq, wait, no_cck, no_ack, offchanok); 9718 wpa_hexdump(MSG_MSGDUMP, "CMD_FRAME", buf, buf_len); 9719 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME); 9720 9721 if (nl80211_set_iface_id(msg, bss) < 0) 9722 goto nla_put_failure; 9723 if (freq) 9724 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 9725 if (wait) 9726 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait); 9727 if (offchanok && (drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX)) 9728 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 9729 if (no_cck) 9730 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 9731 if (no_ack) 9732 NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK); 9733 9734 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf); 9735 9736 cookie = 0; 9737 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 9738 msg = NULL; 9739 if (ret) { 9740 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d " 9741 "(%s) (freq=%u wait=%u)", ret, strerror(-ret), 9742 freq, wait); 9743 goto nla_put_failure; 9744 } 9745 wpa_printf(MSG_MSGDUMP, "nl80211: Frame TX command accepted%s; " 9746 "cookie 0x%llx", no_ack ? " (no ACK)" : "", 9747 (long long unsigned int) cookie); 9748 9749 if (cookie_out) 9750 *cookie_out = no_ack ? (u64) -1 : cookie; 9751 9752nla_put_failure: 9753 nlmsg_free(msg); 9754 return ret; 9755} 9756 9757 9758static int wpa_driver_nl80211_send_action(struct i802_bss *bss, 9759 unsigned int freq, 9760 unsigned int wait_time, 9761 const u8 *dst, const u8 *src, 9762 const u8 *bssid, 9763 const u8 *data, size_t data_len, 9764 int no_cck) 9765{ 9766 struct wpa_driver_nl80211_data *drv = bss->drv; 9767 int ret = -1; 9768 u8 *buf; 9769 struct ieee80211_hdr *hdr; 9770 9771 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, " 9772 "freq=%u MHz wait=%d ms no_cck=%d)", 9773 drv->ifindex, freq, wait_time, no_cck); 9774 9775 buf = os_zalloc(24 + data_len); 9776 if (buf == NULL) 9777 return ret; 9778 os_memcpy(buf + 24, data, data_len); 9779 hdr = (struct ieee80211_hdr *) buf; 9780 hdr->frame_control = 9781 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 9782 os_memcpy(hdr->addr1, dst, ETH_ALEN); 9783 os_memcpy(hdr->addr2, src, ETH_ALEN); 9784 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 9785 9786 if (is_ap_interface(drv->nlmode) && 9787 (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) || 9788 (int) freq == bss->freq || drv->device_ap_sme || 9789 !drv->use_monitor)) 9790 ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len, 9791 0, freq, no_cck, 1, 9792 wait_time); 9793 else 9794 ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf, 9795 24 + data_len, 9796 &drv->send_action_cookie, 9797 no_cck, 0, 1); 9798 9799 os_free(buf); 9800 return ret; 9801} 9802 9803 9804static void wpa_driver_nl80211_send_action_cancel_wait(void *priv) 9805{ 9806 struct i802_bss *bss = priv; 9807 struct wpa_driver_nl80211_data *drv = bss->drv; 9808 struct nl_msg *msg; 9809 int ret; 9810 9811 msg = nlmsg_alloc(); 9812 if (!msg) 9813 return; 9814 9815 wpa_printf(MSG_DEBUG, "nl80211: Cancel TX frame wait: cookie=0x%llx", 9816 (long long unsigned int) drv->send_action_cookie); 9817 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL); 9818 9819 if (nl80211_set_iface_id(msg, bss) < 0) 9820 goto nla_put_failure; 9821 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie); 9822 9823 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9824 msg = NULL; 9825 if (ret) 9826 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d " 9827 "(%s)", ret, strerror(-ret)); 9828 9829 nla_put_failure: 9830 nlmsg_free(msg); 9831} 9832 9833 9834static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 9835 unsigned int duration) 9836{ 9837 struct i802_bss *bss = priv; 9838 struct wpa_driver_nl80211_data *drv = bss->drv; 9839 struct nl_msg *msg; 9840 int ret; 9841 u64 cookie; 9842 9843 msg = nlmsg_alloc(); 9844 if (!msg) 9845 return -1; 9846 9847 nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL); 9848 9849 if (nl80211_set_iface_id(msg, bss) < 0) 9850 goto nla_put_failure; 9851 9852 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 9853 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 9854 9855 cookie = 0; 9856 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 9857 msg = NULL; 9858 if (ret == 0) { 9859 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 9860 "0x%llx for freq=%u MHz duration=%u", 9861 (long long unsigned int) cookie, freq, duration); 9862 drv->remain_on_chan_cookie = cookie; 9863 drv->pending_remain_on_chan = 1; 9864 return 0; 9865 } 9866 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 9867 "(freq=%d duration=%u): %d (%s)", 9868 freq, duration, ret, strerror(-ret)); 9869nla_put_failure: 9870 nlmsg_free(msg); 9871 return -1; 9872} 9873 9874 9875static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 9876{ 9877 struct i802_bss *bss = priv; 9878 struct wpa_driver_nl80211_data *drv = bss->drv; 9879 struct nl_msg *msg; 9880 int ret; 9881 9882 if (!drv->pending_remain_on_chan) { 9883 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 9884 "to cancel"); 9885 return -1; 9886 } 9887 9888 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 9889 "0x%llx", 9890 (long long unsigned int) drv->remain_on_chan_cookie); 9891 9892 msg = nlmsg_alloc(); 9893 if (!msg) 9894 return -1; 9895 9896 nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL); 9897 9898 if (nl80211_set_iface_id(msg, bss) < 0) 9899 goto nla_put_failure; 9900 9901 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 9902 9903 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9904 msg = NULL; 9905 if (ret == 0) 9906 return 0; 9907 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 9908 "%d (%s)", ret, strerror(-ret)); 9909nla_put_failure: 9910 nlmsg_free(msg); 9911 return -1; 9912} 9913 9914 9915static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, int report) 9916{ 9917 struct wpa_driver_nl80211_data *drv = bss->drv; 9918 9919 if (!report) { 9920 if (bss->nl_preq && drv->device_ap_sme && 9921 is_ap_interface(drv->nlmode)) { 9922 /* 9923 * Do not disable Probe Request reporting that was 9924 * enabled in nl80211_setup_ap(). 9925 */ 9926 wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of " 9927 "Probe Request reporting nl_preq=%p while " 9928 "in AP mode", bss->nl_preq); 9929 } else if (bss->nl_preq) { 9930 wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request " 9931 "reporting nl_preq=%p", bss->nl_preq); 9932 nl80211_destroy_eloop_handle(&bss->nl_preq); 9933 } 9934 return 0; 9935 } 9936 9937 if (bss->nl_preq) { 9938 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting " 9939 "already on! nl_preq=%p", bss->nl_preq); 9940 return 0; 9941 } 9942 9943 bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq"); 9944 if (bss->nl_preq == NULL) 9945 return -1; 9946 wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request " 9947 "reporting nl_preq=%p", bss->nl_preq); 9948 9949 if (nl80211_register_frame(bss, bss->nl_preq, 9950 (WLAN_FC_TYPE_MGMT << 2) | 9951 (WLAN_FC_STYPE_PROBE_REQ << 4), 9952 NULL, 0) < 0) 9953 goto out_err; 9954 9955 nl80211_register_eloop_read(&bss->nl_preq, 9956 wpa_driver_nl80211_event_receive, 9957 bss->nl_cb); 9958 9959 return 0; 9960 9961 out_err: 9962 nl_destroy_handles(&bss->nl_preq); 9963 return -1; 9964} 9965 9966 9967static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 9968 int ifindex, int disabled) 9969{ 9970 struct nl_msg *msg; 9971 struct nlattr *bands, *band; 9972 int ret; 9973 9974 msg = nlmsg_alloc(); 9975 if (!msg) 9976 return -1; 9977 9978 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK); 9979 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 9980 9981 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 9982 if (!bands) 9983 goto nla_put_failure; 9984 9985 /* 9986 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 9987 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 9988 * rates. All 5 GHz rates are left enabled. 9989 */ 9990 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 9991 if (!band) 9992 goto nla_put_failure; 9993 if (disabled) { 9994 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 9995 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 9996 } 9997 nla_nest_end(msg, band); 9998 9999 nla_nest_end(msg, bands); 10000 10001 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10002 msg = NULL; 10003 if (ret) { 10004 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 10005 "(%s)", ret, strerror(-ret)); 10006 } else 10007 drv->disabled_11b_rates = disabled; 10008 10009 return ret; 10010 10011nla_put_failure: 10012 nlmsg_free(msg); 10013 return -1; 10014} 10015 10016 10017static int wpa_driver_nl80211_deinit_ap(void *priv) 10018{ 10019 struct i802_bss *bss = priv; 10020 struct wpa_driver_nl80211_data *drv = bss->drv; 10021 if (!is_ap_interface(drv->nlmode)) 10022 return -1; 10023 wpa_driver_nl80211_del_beacon(drv); 10024 10025 /* 10026 * If the P2P GO interface was dynamically added, then it is 10027 * possible that the interface change to station is not possible. 10028 */ 10029 if (drv->nlmode == NL80211_IFTYPE_P2P_GO && bss->if_dynamic) 10030 return 0; 10031 10032 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 10033} 10034 10035 10036static int wpa_driver_nl80211_stop_ap(void *priv) 10037{ 10038 struct i802_bss *bss = priv; 10039 struct wpa_driver_nl80211_data *drv = bss->drv; 10040 if (!is_ap_interface(drv->nlmode)) 10041 return -1; 10042 wpa_driver_nl80211_del_beacon(drv); 10043 bss->beacon_set = 0; 10044 return 0; 10045} 10046 10047 10048static int wpa_driver_nl80211_deinit_p2p_cli(void *priv) 10049{ 10050 struct i802_bss *bss = priv; 10051 struct wpa_driver_nl80211_data *drv = bss->drv; 10052 if (drv->nlmode != NL80211_IFTYPE_P2P_CLIENT) 10053 return -1; 10054 10055 /* 10056 * If the P2P Client interface was dynamically added, then it is 10057 * possible that the interface change to station is not possible. 10058 */ 10059 if (bss->if_dynamic) 10060 return 0; 10061 10062 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 10063} 10064 10065 10066static void wpa_driver_nl80211_resume(void *priv) 10067{ 10068 struct i802_bss *bss = priv; 10069 10070 if (i802_set_iface_flags(bss, 1)) 10071 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event"); 10072} 10073 10074 10075static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 10076 const u8 *ies, size_t ies_len) 10077{ 10078 struct i802_bss *bss = priv; 10079 struct wpa_driver_nl80211_data *drv = bss->drv; 10080 int ret; 10081 u8 *data, *pos; 10082 size_t data_len; 10083 const u8 *own_addr = bss->addr; 10084 10085 if (action != 1) { 10086 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 10087 "action %d", action); 10088 return -1; 10089 } 10090 10091 /* 10092 * Action frame payload: 10093 * Category[1] = 6 (Fast BSS Transition) 10094 * Action[1] = 1 (Fast BSS Transition Request) 10095 * STA Address 10096 * Target AP Address 10097 * FT IEs 10098 */ 10099 10100 data_len = 2 + 2 * ETH_ALEN + ies_len; 10101 data = os_malloc(data_len); 10102 if (data == NULL) 10103 return -1; 10104 pos = data; 10105 *pos++ = 0x06; /* FT Action category */ 10106 *pos++ = action; 10107 os_memcpy(pos, own_addr, ETH_ALEN); 10108 pos += ETH_ALEN; 10109 os_memcpy(pos, target_ap, ETH_ALEN); 10110 pos += ETH_ALEN; 10111 os_memcpy(pos, ies, ies_len); 10112 10113 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0, 10114 drv->bssid, own_addr, drv->bssid, 10115 data, data_len, 0); 10116 os_free(data); 10117 10118 return ret; 10119} 10120 10121 10122static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 10123{ 10124 struct i802_bss *bss = priv; 10125 struct wpa_driver_nl80211_data *drv = bss->drv; 10126 struct nl_msg *msg; 10127 struct nlattr *cqm; 10128 int ret = -1; 10129 10130 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 10131 "hysteresis=%d", threshold, hysteresis); 10132 10133 msg = nlmsg_alloc(); 10134 if (!msg) 10135 return -1; 10136 10137 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM); 10138 10139 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10140 10141 cqm = nla_nest_start(msg, NL80211_ATTR_CQM); 10142 if (cqm == NULL) 10143 goto nla_put_failure; 10144 10145 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 10146 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 10147 nla_nest_end(msg, cqm); 10148 10149 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10150 msg = NULL; 10151 10152nla_put_failure: 10153 nlmsg_free(msg); 10154 return ret; 10155} 10156 10157 10158static int get_channel_width(struct nl_msg *msg, void *arg) 10159{ 10160 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10161 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10162 struct wpa_signal_info *sig_change = arg; 10163 10164 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10165 genlmsg_attrlen(gnlh, 0), NULL); 10166 10167 sig_change->center_frq1 = -1; 10168 sig_change->center_frq2 = -1; 10169 sig_change->chanwidth = CHAN_WIDTH_UNKNOWN; 10170 10171 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) { 10172 sig_change->chanwidth = convert2width( 10173 nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH])); 10174 if (tb[NL80211_ATTR_CENTER_FREQ1]) 10175 sig_change->center_frq1 = 10176 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 10177 if (tb[NL80211_ATTR_CENTER_FREQ2]) 10178 sig_change->center_frq2 = 10179 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 10180 } 10181 10182 return NL_SKIP; 10183} 10184 10185 10186static int nl80211_get_channel_width(struct wpa_driver_nl80211_data *drv, 10187 struct wpa_signal_info *sig) 10188{ 10189 struct nl_msg *msg; 10190 10191 msg = nlmsg_alloc(); 10192 if (!msg) 10193 return -ENOMEM; 10194 10195 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_INTERFACE); 10196 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10197 10198 return send_and_recv_msgs(drv, msg, get_channel_width, sig); 10199 10200nla_put_failure: 10201 nlmsg_free(msg); 10202 return -ENOBUFS; 10203} 10204 10205 10206static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si) 10207{ 10208 struct i802_bss *bss = priv; 10209 struct wpa_driver_nl80211_data *drv = bss->drv; 10210 int res; 10211 10212 os_memset(si, 0, sizeof(*si)); 10213 res = nl80211_get_link_signal(drv, si); 10214 if (res != 0) 10215 return res; 10216 10217 res = nl80211_get_channel_width(drv, si); 10218 if (res != 0) 10219 return res; 10220 10221 return nl80211_get_link_noise(drv, si); 10222} 10223 10224 10225static int wpa_driver_nl80211_shared_freq(void *priv) 10226{ 10227 struct i802_bss *bss = priv; 10228 struct wpa_driver_nl80211_data *drv = bss->drv; 10229 struct wpa_driver_nl80211_data *driver; 10230 int freq = 0; 10231 10232 /* 10233 * If the same PHY is in connected state with some other interface, 10234 * then retrieve the assoc freq. 10235 */ 10236 wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s", 10237 drv->phyname); 10238 10239 dl_list_for_each(driver, &drv->global->interfaces, 10240 struct wpa_driver_nl80211_data, list) { 10241 if (drv == driver || 10242 os_strcmp(drv->phyname, driver->phyname) != 0 || 10243 !driver->associated) 10244 continue; 10245 10246 wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s " 10247 MACSTR, 10248 driver->phyname, driver->first_bss->ifname, 10249 MAC2STR(driver->first_bss->addr)); 10250 if (is_ap_interface(driver->nlmode)) 10251 freq = driver->first_bss->freq; 10252 else 10253 freq = nl80211_get_assoc_freq(driver); 10254 wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d", 10255 drv->phyname, freq); 10256 } 10257 10258 if (!freq) 10259 wpa_printf(MSG_DEBUG, "nl80211: No shared interface for " 10260 "PHY (%s) in associated state", drv->phyname); 10261 10262 return freq; 10263} 10264 10265 10266static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 10267 int encrypt) 10268{ 10269 struct i802_bss *bss = priv; 10270 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0, 10271 0, 0, 0, 0); 10272} 10273 10274 10275static int nl80211_set_param(void *priv, const char *param) 10276{ 10277 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param); 10278 if (param == NULL) 10279 return 0; 10280 10281#ifdef CONFIG_P2P 10282 if (os_strstr(param, "use_p2p_group_interface=1")) { 10283 struct i802_bss *bss = priv; 10284 struct wpa_driver_nl80211_data *drv = bss->drv; 10285 10286 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 10287 "interface"); 10288 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 10289 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 10290 } 10291 10292 if (os_strstr(param, "p2p_device=1")) { 10293 struct i802_bss *bss = priv; 10294 struct wpa_driver_nl80211_data *drv = bss->drv; 10295 drv->allow_p2p_device = 1; 10296 } 10297#endif /* CONFIG_P2P */ 10298 10299 if (os_strstr(param, "use_monitor=1")) { 10300 struct i802_bss *bss = priv; 10301 struct wpa_driver_nl80211_data *drv = bss->drv; 10302 drv->use_monitor = 1; 10303 } 10304 10305 if (os_strstr(param, "force_connect_cmd=1")) { 10306 struct i802_bss *bss = priv; 10307 struct wpa_driver_nl80211_data *drv = bss->drv; 10308 drv->capa.flags &= ~WPA_DRIVER_FLAGS_SME; 10309 } 10310 10311 return 0; 10312} 10313 10314 10315static void * nl80211_global_init(void) 10316{ 10317 struct nl80211_global *global; 10318 struct netlink_config *cfg; 10319 10320 global = os_zalloc(sizeof(*global)); 10321 if (global == NULL) 10322 return NULL; 10323 global->ioctl_sock = -1; 10324 dl_list_init(&global->interfaces); 10325 global->if_add_ifindex = -1; 10326 10327 cfg = os_zalloc(sizeof(*cfg)); 10328 if (cfg == NULL) 10329 goto err; 10330 10331 cfg->ctx = global; 10332 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 10333 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 10334 global->netlink = netlink_init(cfg); 10335 if (global->netlink == NULL) { 10336 os_free(cfg); 10337 goto err; 10338 } 10339 10340 if (wpa_driver_nl80211_init_nl_global(global) < 0) 10341 goto err; 10342 10343 global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 10344 if (global->ioctl_sock < 0) { 10345 wpa_printf(MSG_ERROR, "nl80211: socket(PF_INET,SOCK_DGRAM) failed: %s", 10346 strerror(errno)); 10347 goto err; 10348 } 10349 10350 return global; 10351 10352err: 10353 nl80211_global_deinit(global); 10354 return NULL; 10355} 10356 10357 10358static void nl80211_global_deinit(void *priv) 10359{ 10360 struct nl80211_global *global = priv; 10361 if (global == NULL) 10362 return; 10363 if (!dl_list_empty(&global->interfaces)) { 10364 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at " 10365 "nl80211_global_deinit", 10366 dl_list_len(&global->interfaces)); 10367 } 10368 10369 if (global->netlink) 10370 netlink_deinit(global->netlink); 10371 10372 nl_destroy_handles(&global->nl); 10373 10374 if (global->nl_event) 10375 nl80211_destroy_eloop_handle(&global->nl_event); 10376 10377 nl_cb_put(global->nl_cb); 10378 10379 if (global->ioctl_sock >= 0) 10380 close(global->ioctl_sock); 10381 10382 os_free(global); 10383} 10384 10385 10386static const char * nl80211_get_radio_name(void *priv) 10387{ 10388 struct i802_bss *bss = priv; 10389 struct wpa_driver_nl80211_data *drv = bss->drv; 10390 return drv->phyname; 10391} 10392 10393 10394static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid, 10395 const u8 *pmkid) 10396{ 10397 struct nl_msg *msg; 10398 10399 msg = nlmsg_alloc(); 10400 if (!msg) 10401 return -ENOMEM; 10402 10403 nl80211_cmd(bss->drv, msg, 0, cmd); 10404 10405 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 10406 if (pmkid) 10407 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid); 10408 if (bssid) 10409 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 10410 10411 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 10412 nla_put_failure: 10413 nlmsg_free(msg); 10414 return -ENOBUFS; 10415} 10416 10417 10418static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 10419{ 10420 struct i802_bss *bss = priv; 10421 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid)); 10422 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid); 10423} 10424 10425 10426static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 10427{ 10428 struct i802_bss *bss = priv; 10429 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR, 10430 MAC2STR(bssid)); 10431 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid); 10432} 10433 10434 10435static int nl80211_flush_pmkid(void *priv) 10436{ 10437 struct i802_bss *bss = priv; 10438 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs"); 10439 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL); 10440} 10441 10442 10443static void clean_survey_results(struct survey_results *survey_results) 10444{ 10445 struct freq_survey *survey, *tmp; 10446 10447 if (dl_list_empty(&survey_results->survey_list)) 10448 return; 10449 10450 dl_list_for_each_safe(survey, tmp, &survey_results->survey_list, 10451 struct freq_survey, list) { 10452 dl_list_del(&survey->list); 10453 os_free(survey); 10454 } 10455} 10456 10457 10458static void add_survey(struct nlattr **sinfo, u32 ifidx, 10459 struct dl_list *survey_list) 10460{ 10461 struct freq_survey *survey; 10462 10463 survey = os_zalloc(sizeof(struct freq_survey)); 10464 if (!survey) 10465 return; 10466 10467 survey->ifidx = ifidx; 10468 survey->freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 10469 survey->filled = 0; 10470 10471 if (sinfo[NL80211_SURVEY_INFO_NOISE]) { 10472 survey->nf = (int8_t) 10473 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 10474 survey->filled |= SURVEY_HAS_NF; 10475 } 10476 10477 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]) { 10478 survey->channel_time = 10479 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]); 10480 survey->filled |= SURVEY_HAS_CHAN_TIME; 10481 } 10482 10483 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]) { 10484 survey->channel_time_busy = 10485 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]); 10486 survey->filled |= SURVEY_HAS_CHAN_TIME_BUSY; 10487 } 10488 10489 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]) { 10490 survey->channel_time_rx = 10491 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]); 10492 survey->filled |= SURVEY_HAS_CHAN_TIME_RX; 10493 } 10494 10495 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]) { 10496 survey->channel_time_tx = 10497 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]); 10498 survey->filled |= SURVEY_HAS_CHAN_TIME_TX; 10499 } 10500 10501 wpa_printf(MSG_DEBUG, "nl80211: Freq survey dump event (freq=%d MHz noise=%d channel_time=%ld busy_time=%ld tx_time=%ld rx_time=%ld filled=%04x)", 10502 survey->freq, 10503 survey->nf, 10504 (unsigned long int) survey->channel_time, 10505 (unsigned long int) survey->channel_time_busy, 10506 (unsigned long int) survey->channel_time_tx, 10507 (unsigned long int) survey->channel_time_rx, 10508 survey->filled); 10509 10510 dl_list_add_tail(survey_list, &survey->list); 10511} 10512 10513 10514static int check_survey_ok(struct nlattr **sinfo, u32 surveyed_freq, 10515 unsigned int freq_filter) 10516{ 10517 if (!freq_filter) 10518 return 1; 10519 10520 return freq_filter == surveyed_freq; 10521} 10522 10523 10524static int survey_handler(struct nl_msg *msg, void *arg) 10525{ 10526 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10527 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10528 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 10529 struct survey_results *survey_results; 10530 u32 surveyed_freq = 0; 10531 u32 ifidx; 10532 10533 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 10534 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 10535 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 10536 }; 10537 10538 survey_results = (struct survey_results *) arg; 10539 10540 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10541 genlmsg_attrlen(gnlh, 0), NULL); 10542 10543 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 10544 10545 if (!tb[NL80211_ATTR_SURVEY_INFO]) 10546 return NL_SKIP; 10547 10548 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 10549 tb[NL80211_ATTR_SURVEY_INFO], 10550 survey_policy)) 10551 return NL_SKIP; 10552 10553 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) { 10554 wpa_printf(MSG_ERROR, "nl80211: Invalid survey data"); 10555 return NL_SKIP; 10556 } 10557 10558 surveyed_freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 10559 10560 if (!check_survey_ok(sinfo, surveyed_freq, 10561 survey_results->freq_filter)) 10562 return NL_SKIP; 10563 10564 if (survey_results->freq_filter && 10565 survey_results->freq_filter != surveyed_freq) { 10566 wpa_printf(MSG_EXCESSIVE, "nl80211: Ignoring survey data for freq %d MHz", 10567 surveyed_freq); 10568 return NL_SKIP; 10569 } 10570 10571 add_survey(sinfo, ifidx, &survey_results->survey_list); 10572 10573 return NL_SKIP; 10574} 10575 10576 10577static int wpa_driver_nl80211_get_survey(void *priv, unsigned int freq) 10578{ 10579 struct i802_bss *bss = priv; 10580 struct wpa_driver_nl80211_data *drv = bss->drv; 10581 struct nl_msg *msg; 10582 int err = -ENOBUFS; 10583 union wpa_event_data data; 10584 struct survey_results *survey_results; 10585 10586 os_memset(&data, 0, sizeof(data)); 10587 survey_results = &data.survey_results; 10588 10589 dl_list_init(&survey_results->survey_list); 10590 10591 msg = nlmsg_alloc(); 10592 if (!msg) 10593 goto nla_put_failure; 10594 10595 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 10596 10597 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10598 10599 if (freq) 10600 data.survey_results.freq_filter = freq; 10601 10602 do { 10603 wpa_printf(MSG_DEBUG, "nl80211: Fetch survey data"); 10604 err = send_and_recv_msgs(drv, msg, survey_handler, 10605 survey_results); 10606 } while (err > 0); 10607 10608 if (err) { 10609 wpa_printf(MSG_ERROR, "nl80211: Failed to process survey data"); 10610 goto out_clean; 10611 } 10612 10613 wpa_supplicant_event(drv->ctx, EVENT_SURVEY, &data); 10614 10615out_clean: 10616 clean_survey_results(survey_results); 10617nla_put_failure: 10618 return err; 10619} 10620 10621 10622static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck, 10623 const u8 *replay_ctr) 10624{ 10625 struct i802_bss *bss = priv; 10626 struct wpa_driver_nl80211_data *drv = bss->drv; 10627 struct nlattr *replay_nested; 10628 struct nl_msg *msg; 10629 10630 msg = nlmsg_alloc(); 10631 if (!msg) 10632 return; 10633 10634 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 10635 10636 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10637 10638 replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 10639 if (!replay_nested) 10640 goto nla_put_failure; 10641 10642 NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek); 10643 NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck); 10644 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN, 10645 replay_ctr); 10646 10647 nla_nest_end(msg, replay_nested); 10648 10649 send_and_recv_msgs(drv, msg, NULL, NULL); 10650 return; 10651 nla_put_failure: 10652 nlmsg_free(msg); 10653} 10654 10655 10656static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr, 10657 const u8 *addr, int qos) 10658{ 10659 /* send data frame to poll STA and check whether 10660 * this frame is ACKed */ 10661 struct { 10662 struct ieee80211_hdr hdr; 10663 u16 qos_ctl; 10664 } STRUCT_PACKED nulldata; 10665 size_t size; 10666 10667 /* Send data frame to poll STA and check whether this frame is ACKed */ 10668 10669 os_memset(&nulldata, 0, sizeof(nulldata)); 10670 10671 if (qos) { 10672 nulldata.hdr.frame_control = 10673 IEEE80211_FC(WLAN_FC_TYPE_DATA, 10674 WLAN_FC_STYPE_QOS_NULL); 10675 size = sizeof(nulldata); 10676 } else { 10677 nulldata.hdr.frame_control = 10678 IEEE80211_FC(WLAN_FC_TYPE_DATA, 10679 WLAN_FC_STYPE_NULLFUNC); 10680 size = sizeof(struct ieee80211_hdr); 10681 } 10682 10683 nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS); 10684 os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN); 10685 os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 10686 os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 10687 10688 if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0, 10689 0, 0) < 0) 10690 wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to " 10691 "send poll frame"); 10692} 10693 10694static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr, 10695 int qos) 10696{ 10697 struct i802_bss *bss = priv; 10698 struct wpa_driver_nl80211_data *drv = bss->drv; 10699 struct nl_msg *msg; 10700 10701 if (!drv->poll_command_supported) { 10702 nl80211_send_null_frame(bss, own_addr, addr, qos); 10703 return; 10704 } 10705 10706 msg = nlmsg_alloc(); 10707 if (!msg) 10708 return; 10709 10710 nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT); 10711 10712 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10713 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 10714 10715 send_and_recv_msgs(drv, msg, NULL, NULL); 10716 return; 10717 nla_put_failure: 10718 nlmsg_free(msg); 10719} 10720 10721 10722static int nl80211_set_power_save(struct i802_bss *bss, int enabled) 10723{ 10724 struct nl_msg *msg; 10725 10726 msg = nlmsg_alloc(); 10727 if (!msg) 10728 return -ENOMEM; 10729 10730 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_SET_POWER_SAVE); 10731 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10732 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, 10733 enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED); 10734 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 10735nla_put_failure: 10736 nlmsg_free(msg); 10737 return -ENOBUFS; 10738} 10739 10740 10741static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps, 10742 int ctwindow) 10743{ 10744 struct i802_bss *bss = priv; 10745 10746 wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d " 10747 "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow); 10748 10749 if (opp_ps != -1 || ctwindow != -1) { 10750#ifdef ANDROID_P2P 10751 wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow); 10752#else /* ANDROID_P2P */ 10753 return -1; /* Not yet supported */ 10754#endif /* ANDROID_P2P */ 10755 } 10756 10757 if (legacy_ps == -1) 10758 return 0; 10759 if (legacy_ps != 0 && legacy_ps != 1) 10760 return -1; /* Not yet supported */ 10761 10762 return nl80211_set_power_save(bss, legacy_ps); 10763} 10764 10765 10766static int nl80211_start_radar_detection(void *priv, 10767 struct hostapd_freq_params *freq) 10768{ 10769 struct i802_bss *bss = priv; 10770 struct wpa_driver_nl80211_data *drv = bss->drv; 10771 struct nl_msg *msg; 10772 int ret; 10773 10774 wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)", 10775 freq->freq, freq->ht_enabled, freq->vht_enabled, 10776 freq->bandwidth, freq->center_freq1, freq->center_freq2); 10777 10778 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) { 10779 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support radar " 10780 "detection"); 10781 return -1; 10782 } 10783 10784 msg = nlmsg_alloc(); 10785 if (!msg) 10786 return -1; 10787 10788 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_RADAR_DETECT); 10789 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10790 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq); 10791 10792 if (freq->vht_enabled) { 10793 switch (freq->bandwidth) { 10794 case 20: 10795 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10796 NL80211_CHAN_WIDTH_20); 10797 break; 10798 case 40: 10799 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10800 NL80211_CHAN_WIDTH_40); 10801 break; 10802 case 80: 10803 if (freq->center_freq2) 10804 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10805 NL80211_CHAN_WIDTH_80P80); 10806 else 10807 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10808 NL80211_CHAN_WIDTH_80); 10809 break; 10810 case 160: 10811 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10812 NL80211_CHAN_WIDTH_160); 10813 break; 10814 default: 10815 return -1; 10816 } 10817 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1); 10818 if (freq->center_freq2) 10819 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2, 10820 freq->center_freq2); 10821 } else if (freq->ht_enabled) { 10822 switch (freq->sec_channel_offset) { 10823 case -1: 10824 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 10825 NL80211_CHAN_HT40MINUS); 10826 break; 10827 case 1: 10828 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 10829 NL80211_CHAN_HT40PLUS); 10830 break; 10831 default: 10832 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 10833 NL80211_CHAN_HT20); 10834 break; 10835 } 10836 } 10837 10838 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10839 if (ret == 0) 10840 return 0; 10841 wpa_printf(MSG_DEBUG, "nl80211: Failed to start radar detection: " 10842 "%d (%s)", ret, strerror(-ret)); 10843nla_put_failure: 10844 return -1; 10845} 10846 10847#ifdef CONFIG_TDLS 10848 10849static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code, 10850 u8 dialog_token, u16 status_code, 10851 const u8 *buf, size_t len) 10852{ 10853 struct i802_bss *bss = priv; 10854 struct wpa_driver_nl80211_data *drv = bss->drv; 10855 struct nl_msg *msg; 10856 10857 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 10858 return -EOPNOTSUPP; 10859 10860 if (!dst) 10861 return -EINVAL; 10862 10863 msg = nlmsg_alloc(); 10864 if (!msg) 10865 return -ENOMEM; 10866 10867 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT); 10868 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10869 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 10870 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code); 10871 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token); 10872 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code); 10873 NLA_PUT(msg, NL80211_ATTR_IE, len, buf); 10874 10875 return send_and_recv_msgs(drv, msg, NULL, NULL); 10876 10877nla_put_failure: 10878 nlmsg_free(msg); 10879 return -ENOBUFS; 10880} 10881 10882 10883static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer) 10884{ 10885 struct i802_bss *bss = priv; 10886 struct wpa_driver_nl80211_data *drv = bss->drv; 10887 struct nl_msg *msg; 10888 enum nl80211_tdls_operation nl80211_oper; 10889 10890 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 10891 return -EOPNOTSUPP; 10892 10893 switch (oper) { 10894 case TDLS_DISCOVERY_REQ: 10895 nl80211_oper = NL80211_TDLS_DISCOVERY_REQ; 10896 break; 10897 case TDLS_SETUP: 10898 nl80211_oper = NL80211_TDLS_SETUP; 10899 break; 10900 case TDLS_TEARDOWN: 10901 nl80211_oper = NL80211_TDLS_TEARDOWN; 10902 break; 10903 case TDLS_ENABLE_LINK: 10904 nl80211_oper = NL80211_TDLS_ENABLE_LINK; 10905 break; 10906 case TDLS_DISABLE_LINK: 10907 nl80211_oper = NL80211_TDLS_DISABLE_LINK; 10908 break; 10909 case TDLS_ENABLE: 10910 return 0; 10911 case TDLS_DISABLE: 10912 return 0; 10913 default: 10914 return -EINVAL; 10915 } 10916 10917 msg = nlmsg_alloc(); 10918 if (!msg) 10919 return -ENOMEM; 10920 10921 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER); 10922 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper); 10923 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10924 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer); 10925 10926 return send_and_recv_msgs(drv, msg, NULL, NULL); 10927 10928nla_put_failure: 10929 nlmsg_free(msg); 10930 return -ENOBUFS; 10931} 10932 10933#endif /* CONFIG TDLS */ 10934 10935 10936#ifdef ANDROID 10937 10938typedef struct android_wifi_priv_cmd { 10939 char *buf; 10940 int used_len; 10941 int total_len; 10942} android_wifi_priv_cmd; 10943 10944static int drv_errors = 0; 10945 10946static void wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data *drv) 10947{ 10948 drv_errors++; 10949 if (drv_errors > DRV_NUMBER_SEQUENTIAL_ERRORS) { 10950 drv_errors = 0; 10951 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED"); 10952 } 10953} 10954 10955 10956static int android_priv_cmd(struct i802_bss *bss, const char *cmd) 10957{ 10958 struct wpa_driver_nl80211_data *drv = bss->drv; 10959 struct ifreq ifr; 10960 android_wifi_priv_cmd priv_cmd; 10961 char buf[MAX_DRV_CMD_SIZE]; 10962 int ret; 10963 10964 os_memset(&ifr, 0, sizeof(ifr)); 10965 os_memset(&priv_cmd, 0, sizeof(priv_cmd)); 10966 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 10967 10968 os_memset(buf, 0, sizeof(buf)); 10969 os_strlcpy(buf, cmd, sizeof(buf)); 10970 10971 priv_cmd.buf = buf; 10972 priv_cmd.used_len = sizeof(buf); 10973 priv_cmd.total_len = sizeof(buf); 10974 ifr.ifr_data = &priv_cmd; 10975 10976 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 10977 if (ret < 0) { 10978 wpa_printf(MSG_ERROR, "%s: failed to issue private commands", 10979 __func__); 10980 wpa_driver_send_hang_msg(drv); 10981 return ret; 10982 } 10983 10984 drv_errors = 0; 10985 return 0; 10986} 10987 10988 10989static int android_pno_start(struct i802_bss *bss, 10990 struct wpa_driver_scan_params *params) 10991{ 10992 struct wpa_driver_nl80211_data *drv = bss->drv; 10993 struct ifreq ifr; 10994 android_wifi_priv_cmd priv_cmd; 10995 int ret = 0, i = 0, bp; 10996 char buf[WEXT_PNO_MAX_COMMAND_SIZE]; 10997 10998 bp = WEXT_PNOSETUP_HEADER_SIZE; 10999 os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp); 11000 buf[bp++] = WEXT_PNO_TLV_PREFIX; 11001 buf[bp++] = WEXT_PNO_TLV_VERSION; 11002 buf[bp++] = WEXT_PNO_TLV_SUBVERSION; 11003 buf[bp++] = WEXT_PNO_TLV_RESERVED; 11004 11005 while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) { 11006 /* Check that there is enough space needed for 1 more SSID, the 11007 * other sections and null termination */ 11008 if ((bp + WEXT_PNO_SSID_HEADER_SIZE + MAX_SSID_LEN + 11009 WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf)) 11010 break; 11011 wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan", 11012 params->ssids[i].ssid, 11013 params->ssids[i].ssid_len); 11014 buf[bp++] = WEXT_PNO_SSID_SECTION; 11015 buf[bp++] = params->ssids[i].ssid_len; 11016 os_memcpy(&buf[bp], params->ssids[i].ssid, 11017 params->ssids[i].ssid_len); 11018 bp += params->ssids[i].ssid_len; 11019 i++; 11020 } 11021 11022 buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION; 11023 os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x", 11024 WEXT_PNO_SCAN_INTERVAL); 11025 bp += WEXT_PNO_SCAN_INTERVAL_LENGTH; 11026 11027 buf[bp++] = WEXT_PNO_REPEAT_SECTION; 11028 os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x", 11029 WEXT_PNO_REPEAT); 11030 bp += WEXT_PNO_REPEAT_LENGTH; 11031 11032 buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION; 11033 os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x", 11034 WEXT_PNO_MAX_REPEAT); 11035 bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1; 11036 11037 memset(&ifr, 0, sizeof(ifr)); 11038 memset(&priv_cmd, 0, sizeof(priv_cmd)); 11039 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 11040 11041 priv_cmd.buf = buf; 11042 priv_cmd.used_len = bp; 11043 priv_cmd.total_len = bp; 11044 ifr.ifr_data = &priv_cmd; 11045 11046 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 11047 11048 if (ret < 0) { 11049 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d", 11050 ret); 11051 wpa_driver_send_hang_msg(drv); 11052 return ret; 11053 } 11054 11055 drv_errors = 0; 11056 11057 return android_priv_cmd(bss, "PNOFORCE 1"); 11058} 11059 11060 11061static int android_pno_stop(struct i802_bss *bss) 11062{ 11063 return android_priv_cmd(bss, "PNOFORCE 0"); 11064} 11065 11066#endif /* ANDROID */ 11067 11068 11069static int driver_nl80211_set_key(const char *ifname, void *priv, 11070 enum wpa_alg alg, const u8 *addr, 11071 int key_idx, int set_tx, 11072 const u8 *seq, size_t seq_len, 11073 const u8 *key, size_t key_len) 11074{ 11075 struct i802_bss *bss = priv; 11076 return wpa_driver_nl80211_set_key(ifname, bss, alg, addr, key_idx, 11077 set_tx, seq, seq_len, key, key_len); 11078} 11079 11080 11081static int driver_nl80211_scan2(void *priv, 11082 struct wpa_driver_scan_params *params) 11083{ 11084 struct i802_bss *bss = priv; 11085 return wpa_driver_nl80211_scan(bss, params); 11086} 11087 11088 11089static int driver_nl80211_deauthenticate(void *priv, const u8 *addr, 11090 int reason_code) 11091{ 11092 struct i802_bss *bss = priv; 11093 return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code); 11094} 11095 11096 11097static int driver_nl80211_authenticate(void *priv, 11098 struct wpa_driver_auth_params *params) 11099{ 11100 struct i802_bss *bss = priv; 11101 return wpa_driver_nl80211_authenticate(bss, params); 11102} 11103 11104 11105static void driver_nl80211_deinit(void *priv) 11106{ 11107 struct i802_bss *bss = priv; 11108 wpa_driver_nl80211_deinit(bss); 11109} 11110 11111 11112static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type, 11113 const char *ifname) 11114{ 11115 struct i802_bss *bss = priv; 11116 return wpa_driver_nl80211_if_remove(bss, type, ifname); 11117} 11118 11119 11120static int driver_nl80211_send_mlme(void *priv, const u8 *data, 11121 size_t data_len, int noack) 11122{ 11123 struct i802_bss *bss = priv; 11124 return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack, 11125 0, 0, 0, 0); 11126} 11127 11128 11129static int driver_nl80211_sta_remove(void *priv, const u8 *addr) 11130{ 11131 struct i802_bss *bss = priv; 11132 return wpa_driver_nl80211_sta_remove(bss, addr); 11133} 11134 11135 11136static int driver_nl80211_set_sta_vlan(void *priv, const u8 *addr, 11137 const char *ifname, int vlan_id) 11138{ 11139 struct i802_bss *bss = priv; 11140 return i802_set_sta_vlan(bss, addr, ifname, vlan_id); 11141} 11142 11143 11144static int driver_nl80211_read_sta_data(void *priv, 11145 struct hostap_sta_driver_data *data, 11146 const u8 *addr) 11147{ 11148 struct i802_bss *bss = priv; 11149 return i802_read_sta_data(bss, data, addr); 11150} 11151 11152 11153static int driver_nl80211_send_action(void *priv, unsigned int freq, 11154 unsigned int wait_time, 11155 const u8 *dst, const u8 *src, 11156 const u8 *bssid, 11157 const u8 *data, size_t data_len, 11158 int no_cck) 11159{ 11160 struct i802_bss *bss = priv; 11161 return wpa_driver_nl80211_send_action(bss, freq, wait_time, dst, src, 11162 bssid, data, data_len, no_cck); 11163} 11164 11165 11166static int driver_nl80211_probe_req_report(void *priv, int report) 11167{ 11168 struct i802_bss *bss = priv; 11169 return wpa_driver_nl80211_probe_req_report(bss, report); 11170} 11171 11172 11173static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md, 11174 const u8 *ies, size_t ies_len) 11175{ 11176 int ret; 11177 struct nl_msg *msg; 11178 struct i802_bss *bss = priv; 11179 struct wpa_driver_nl80211_data *drv = bss->drv; 11180 u16 mdid = WPA_GET_LE16(md); 11181 11182 msg = nlmsg_alloc(); 11183 if (!msg) 11184 return -ENOMEM; 11185 11186 wpa_printf(MSG_DEBUG, "nl80211: Updating FT IEs"); 11187 nl80211_cmd(drv, msg, 0, NL80211_CMD_UPDATE_FT_IES); 11188 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11189 NLA_PUT(msg, NL80211_ATTR_IE, ies_len, ies); 11190 NLA_PUT_U16(msg, NL80211_ATTR_MDID, mdid); 11191 11192 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11193 if (ret) { 11194 wpa_printf(MSG_DEBUG, "nl80211: update_ft_ies failed " 11195 "err=%d (%s)", ret, strerror(-ret)); 11196 } 11197 11198 return ret; 11199 11200nla_put_failure: 11201 nlmsg_free(msg); 11202 return -ENOBUFS; 11203} 11204 11205 11206const u8 * wpa_driver_nl80211_get_macaddr(void *priv) 11207{ 11208 struct i802_bss *bss = priv; 11209 struct wpa_driver_nl80211_data *drv = bss->drv; 11210 11211 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) 11212 return NULL; 11213 11214 return bss->addr; 11215} 11216 11217 11218static const char * scan_state_str(enum scan_states scan_state) 11219{ 11220 switch (scan_state) { 11221 case NO_SCAN: 11222 return "NO_SCAN"; 11223 case SCAN_REQUESTED: 11224 return "SCAN_REQUESTED"; 11225 case SCAN_STARTED: 11226 return "SCAN_STARTED"; 11227 case SCAN_COMPLETED: 11228 return "SCAN_COMPLETED"; 11229 case SCAN_ABORTED: 11230 return "SCAN_ABORTED"; 11231 case SCHED_SCAN_STARTED: 11232 return "SCHED_SCAN_STARTED"; 11233 case SCHED_SCAN_STOPPED: 11234 return "SCHED_SCAN_STOPPED"; 11235 case SCHED_SCAN_RESULTS: 11236 return "SCHED_SCAN_RESULTS"; 11237 } 11238 11239 return "??"; 11240} 11241 11242 11243static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen) 11244{ 11245 struct i802_bss *bss = priv; 11246 struct wpa_driver_nl80211_data *drv = bss->drv; 11247 int res; 11248 char *pos, *end; 11249 11250 pos = buf; 11251 end = buf + buflen; 11252 11253 res = os_snprintf(pos, end - pos, 11254 "ifindex=%d\n" 11255 "ifname=%s\n" 11256 "brname=%s\n" 11257 "addr=" MACSTR "\n" 11258 "freq=%d\n" 11259 "%s%s%s%s%s", 11260 bss->ifindex, 11261 bss->ifname, 11262 bss->brname, 11263 MAC2STR(bss->addr), 11264 bss->freq, 11265 bss->beacon_set ? "beacon_set=1\n" : "", 11266 bss->added_if_into_bridge ? 11267 "added_if_into_bridge=1\n" : "", 11268 bss->added_bridge ? "added_bridge=1\n" : "", 11269 bss->in_deinit ? "in_deinit=1\n" : "", 11270 bss->if_dynamic ? "if_dynamic=1\n" : ""); 11271 if (res < 0 || res >= end - pos) 11272 return pos - buf; 11273 pos += res; 11274 11275 if (bss->wdev_id_set) { 11276 res = os_snprintf(pos, end - pos, "wdev_id=%llu\n", 11277 (unsigned long long) bss->wdev_id); 11278 if (res < 0 || res >= end - pos) 11279 return pos - buf; 11280 pos += res; 11281 } 11282 11283 res = os_snprintf(pos, end - pos, 11284 "phyname=%s\n" 11285 "drv_ifindex=%d\n" 11286 "operstate=%d\n" 11287 "scan_state=%s\n" 11288 "auth_bssid=" MACSTR "\n" 11289 "auth_attempt_bssid=" MACSTR "\n" 11290 "bssid=" MACSTR "\n" 11291 "prev_bssid=" MACSTR "\n" 11292 "associated=%d\n" 11293 "assoc_freq=%u\n" 11294 "monitor_sock=%d\n" 11295 "monitor_ifidx=%d\n" 11296 "monitor_refcount=%d\n" 11297 "last_mgmt_freq=%u\n" 11298 "eapol_tx_sock=%d\n" 11299 "%s%s%s%s%s%s%s%s%s%s%s%s%s", 11300 drv->phyname, 11301 drv->ifindex, 11302 drv->operstate, 11303 scan_state_str(drv->scan_state), 11304 MAC2STR(drv->auth_bssid), 11305 MAC2STR(drv->auth_attempt_bssid), 11306 MAC2STR(drv->bssid), 11307 MAC2STR(drv->prev_bssid), 11308 drv->associated, 11309 drv->assoc_freq, 11310 drv->monitor_sock, 11311 drv->monitor_ifidx, 11312 drv->monitor_refcount, 11313 drv->last_mgmt_freq, 11314 drv->eapol_tx_sock, 11315 drv->ignore_if_down_event ? 11316 "ignore_if_down_event=1\n" : "", 11317 drv->scan_complete_events ? 11318 "scan_complete_events=1\n" : "", 11319 drv->disabled_11b_rates ? 11320 "disabled_11b_rates=1\n" : "", 11321 drv->pending_remain_on_chan ? 11322 "pending_remain_on_chan=1\n" : "", 11323 drv->in_interface_list ? "in_interface_list=1\n" : "", 11324 drv->device_ap_sme ? "device_ap_sme=1\n" : "", 11325 drv->poll_command_supported ? 11326 "poll_command_supported=1\n" : "", 11327 drv->data_tx_status ? "data_tx_status=1\n" : "", 11328 drv->scan_for_auth ? "scan_for_auth=1\n" : "", 11329 drv->retry_auth ? "retry_auth=1\n" : "", 11330 drv->use_monitor ? "use_monitor=1\n" : "", 11331 drv->ignore_next_local_disconnect ? 11332 "ignore_next_local_disconnect=1\n" : "", 11333 drv->allow_p2p_device ? "allow_p2p_device=1\n" : ""); 11334 if (res < 0 || res >= end - pos) 11335 return pos - buf; 11336 pos += res; 11337 11338 if (drv->has_capability) { 11339 res = os_snprintf(pos, end - pos, 11340 "capa.key_mgmt=0x%x\n" 11341 "capa.enc=0x%x\n" 11342 "capa.auth=0x%x\n" 11343 "capa.flags=0x%x\n" 11344 "capa.max_scan_ssids=%d\n" 11345 "capa.max_sched_scan_ssids=%d\n" 11346 "capa.sched_scan_supported=%d\n" 11347 "capa.max_match_sets=%d\n" 11348 "capa.max_remain_on_chan=%u\n" 11349 "capa.max_stations=%u\n" 11350 "capa.probe_resp_offloads=0x%x\n" 11351 "capa.max_acl_mac_addrs=%u\n" 11352 "capa.num_multichan_concurrent=%u\n", 11353 drv->capa.key_mgmt, 11354 drv->capa.enc, 11355 drv->capa.auth, 11356 drv->capa.flags, 11357 drv->capa.max_scan_ssids, 11358 drv->capa.max_sched_scan_ssids, 11359 drv->capa.sched_scan_supported, 11360 drv->capa.max_match_sets, 11361 drv->capa.max_remain_on_chan, 11362 drv->capa.max_stations, 11363 drv->capa.probe_resp_offloads, 11364 drv->capa.max_acl_mac_addrs, 11365 drv->capa.num_multichan_concurrent); 11366 if (res < 0 || res >= end - pos) 11367 return pos - buf; 11368 pos += res; 11369 } 11370 11371 return pos - buf; 11372} 11373 11374 11375static int set_beacon_data(struct nl_msg *msg, struct beacon_data *settings) 11376{ 11377 if (settings->head) 11378 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, 11379 settings->head_len, settings->head); 11380 11381 if (settings->tail) 11382 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, 11383 settings->tail_len, settings->tail); 11384 11385 if (settings->beacon_ies) 11386 NLA_PUT(msg, NL80211_ATTR_IE, 11387 settings->beacon_ies_len, settings->beacon_ies); 11388 11389 if (settings->proberesp_ies) 11390 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 11391 settings->proberesp_ies_len, settings->proberesp_ies); 11392 11393 if (settings->assocresp_ies) 11394 NLA_PUT(msg, 11395 NL80211_ATTR_IE_ASSOC_RESP, 11396 settings->assocresp_ies_len, settings->assocresp_ies); 11397 11398 if (settings->probe_resp) 11399 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, 11400 settings->probe_resp_len, settings->probe_resp); 11401 11402 return 0; 11403 11404nla_put_failure: 11405 return -ENOBUFS; 11406} 11407 11408 11409static int nl80211_switch_channel(void *priv, struct csa_settings *settings) 11410{ 11411 struct nl_msg *msg; 11412 struct i802_bss *bss = priv; 11413 struct wpa_driver_nl80211_data *drv = bss->drv; 11414 struct nlattr *beacon_csa; 11415 int ret = -ENOBUFS; 11416 11417 wpa_printf(MSG_DEBUG, "nl80211: Channel switch request (cs_count=%u block_tx=%u freq=%d width=%d cf1=%d cf2=%d)", 11418 settings->cs_count, settings->block_tx, 11419 settings->freq_params.freq, settings->freq_params.bandwidth, 11420 settings->freq_params.center_freq1, 11421 settings->freq_params.center_freq2); 11422 11423 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_AP_CSA)) { 11424 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support channel switch command"); 11425 return -EOPNOTSUPP; 11426 } 11427 11428 if ((drv->nlmode != NL80211_IFTYPE_AP) && 11429 (drv->nlmode != NL80211_IFTYPE_P2P_GO)) 11430 return -EOPNOTSUPP; 11431 11432 /* check settings validity */ 11433 if (!settings->beacon_csa.tail || 11434 ((settings->beacon_csa.tail_len <= 11435 settings->counter_offset_beacon) || 11436 (settings->beacon_csa.tail[settings->counter_offset_beacon] != 11437 settings->cs_count))) 11438 return -EINVAL; 11439 11440 if (settings->beacon_csa.probe_resp && 11441 ((settings->beacon_csa.probe_resp_len <= 11442 settings->counter_offset_presp) || 11443 (settings->beacon_csa.probe_resp[settings->counter_offset_presp] != 11444 settings->cs_count))) 11445 return -EINVAL; 11446 11447 msg = nlmsg_alloc(); 11448 if (!msg) 11449 return -ENOMEM; 11450 11451 nl80211_cmd(drv, msg, 0, NL80211_CMD_CHANNEL_SWITCH); 11452 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11453 NLA_PUT_U32(msg, NL80211_ATTR_CH_SWITCH_COUNT, settings->cs_count); 11454 ret = nl80211_put_freq_params(msg, &settings->freq_params); 11455 if (ret) 11456 goto error; 11457 11458 if (settings->block_tx) 11459 NLA_PUT_FLAG(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX); 11460 11461 /* beacon_after params */ 11462 ret = set_beacon_data(msg, &settings->beacon_after); 11463 if (ret) 11464 goto error; 11465 11466 /* beacon_csa params */ 11467 beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES); 11468 if (!beacon_csa) 11469 goto nla_put_failure; 11470 11471 ret = set_beacon_data(msg, &settings->beacon_csa); 11472 if (ret) 11473 goto error; 11474 11475 NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_BEACON, 11476 settings->counter_offset_beacon); 11477 11478 if (settings->beacon_csa.probe_resp) 11479 NLA_PUT_U16(msg, NL80211_ATTR_CSA_C_OFF_PRESP, 11480 settings->counter_offset_presp); 11481 11482 nla_nest_end(msg, beacon_csa); 11483 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11484 if (ret) { 11485 wpa_printf(MSG_DEBUG, "nl80211: switch_channel failed err=%d (%s)", 11486 ret, strerror(-ret)); 11487 } 11488 return ret; 11489 11490nla_put_failure: 11491 ret = -ENOBUFS; 11492error: 11493 nlmsg_free(msg); 11494 wpa_printf(MSG_DEBUG, "nl80211: Could not build channel switch request"); 11495 return ret; 11496} 11497 11498 11499static int nl80211_set_qos_map(void *priv, const u8 *qos_map_set, 11500 u8 qos_map_set_len) 11501{ 11502 struct i802_bss *bss = priv; 11503 struct wpa_driver_nl80211_data *drv = bss->drv; 11504 struct nl_msg *msg; 11505 int ret; 11506 11507 msg = nlmsg_alloc(); 11508 if (!msg) 11509 return -ENOMEM; 11510 11511 wpa_hexdump(MSG_DEBUG, "nl80211: Setting QoS Map", 11512 qos_map_set, qos_map_set_len); 11513 11514 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_QOS_MAP); 11515 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11516 NLA_PUT(msg, NL80211_ATTR_QOS_MAP, qos_map_set_len, qos_map_set); 11517 11518 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11519 if (ret) 11520 wpa_printf(MSG_DEBUG, "nl80211: Setting QoS Map failed"); 11521 11522 return ret; 11523 11524nla_put_failure: 11525 nlmsg_free(msg); 11526 return -ENOBUFS; 11527} 11528 11529 11530const struct wpa_driver_ops wpa_driver_nl80211_ops = { 11531 .name = "nl80211", 11532 .desc = "Linux nl80211/cfg80211", 11533 .get_bssid = wpa_driver_nl80211_get_bssid, 11534 .get_ssid = wpa_driver_nl80211_get_ssid, 11535 .set_key = driver_nl80211_set_key, 11536 .scan2 = driver_nl80211_scan2, 11537 .sched_scan = wpa_driver_nl80211_sched_scan, 11538 .stop_sched_scan = wpa_driver_nl80211_stop_sched_scan, 11539 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 11540 .deauthenticate = driver_nl80211_deauthenticate, 11541 .authenticate = driver_nl80211_authenticate, 11542 .associate = wpa_driver_nl80211_associate, 11543 .global_init = nl80211_global_init, 11544 .global_deinit = nl80211_global_deinit, 11545 .init2 = wpa_driver_nl80211_init, 11546 .deinit = driver_nl80211_deinit, 11547 .get_capa = wpa_driver_nl80211_get_capa, 11548 .set_operstate = wpa_driver_nl80211_set_operstate, 11549 .set_supp_port = wpa_driver_nl80211_set_supp_port, 11550 .set_country = wpa_driver_nl80211_set_country, 11551 .get_country = wpa_driver_nl80211_get_country, 11552 .set_ap = wpa_driver_nl80211_set_ap, 11553 .set_acl = wpa_driver_nl80211_set_acl, 11554 .if_add = wpa_driver_nl80211_if_add, 11555 .if_remove = driver_nl80211_if_remove, 11556 .send_mlme = driver_nl80211_send_mlme, 11557 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 11558 .sta_add = wpa_driver_nl80211_sta_add, 11559 .sta_remove = driver_nl80211_sta_remove, 11560 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 11561 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 11562 .hapd_init = i802_init, 11563 .hapd_deinit = i802_deinit, 11564 .set_wds_sta = i802_set_wds_sta, 11565 .get_seqnum = i802_get_seqnum, 11566 .flush = i802_flush, 11567 .get_inact_sec = i802_get_inact_sec, 11568 .sta_clear_stats = i802_sta_clear_stats, 11569 .set_rts = i802_set_rts, 11570 .set_frag = i802_set_frag, 11571 .set_tx_queue_params = i802_set_tx_queue_params, 11572 .set_sta_vlan = driver_nl80211_set_sta_vlan, 11573 .sta_deauth = i802_sta_deauth, 11574 .sta_disassoc = i802_sta_disassoc, 11575 .read_sta_data = driver_nl80211_read_sta_data, 11576 .set_freq = i802_set_freq, 11577 .send_action = driver_nl80211_send_action, 11578 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait, 11579 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 11580 .cancel_remain_on_channel = 11581 wpa_driver_nl80211_cancel_remain_on_channel, 11582 .probe_req_report = driver_nl80211_probe_req_report, 11583 .deinit_ap = wpa_driver_nl80211_deinit_ap, 11584 .deinit_p2p_cli = wpa_driver_nl80211_deinit_p2p_cli, 11585 .resume = wpa_driver_nl80211_resume, 11586 .send_ft_action = nl80211_send_ft_action, 11587 .signal_monitor = nl80211_signal_monitor, 11588 .signal_poll = nl80211_signal_poll, 11589 .send_frame = nl80211_send_frame, 11590 .shared_freq = wpa_driver_nl80211_shared_freq, 11591 .set_param = nl80211_set_param, 11592 .get_radio_name = nl80211_get_radio_name, 11593 .add_pmkid = nl80211_add_pmkid, 11594 .remove_pmkid = nl80211_remove_pmkid, 11595 .flush_pmkid = nl80211_flush_pmkid, 11596 .set_rekey_info = nl80211_set_rekey_info, 11597 .poll_client = nl80211_poll_client, 11598 .set_p2p_powersave = nl80211_set_p2p_powersave, 11599 .start_dfs_cac = nl80211_start_radar_detection, 11600 .stop_ap = wpa_driver_nl80211_stop_ap, 11601#ifdef CONFIG_TDLS 11602 .send_tdls_mgmt = nl80211_send_tdls_mgmt, 11603 .tdls_oper = nl80211_tdls_oper, 11604#endif /* CONFIG_TDLS */ 11605 .update_ft_ies = wpa_driver_nl80211_update_ft_ies, 11606 .get_mac_addr = wpa_driver_nl80211_get_macaddr, 11607 .get_survey = wpa_driver_nl80211_get_survey, 11608 .status = wpa_driver_nl80211_status, 11609 .switch_channel = nl80211_switch_channel, 11610#ifdef ANDROID_P2P 11611 .set_noa = wpa_driver_set_p2p_noa, 11612 .get_noa = wpa_driver_get_p2p_noa, 11613 .set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie, 11614#endif /* ANDROID_P2P */ 11615#ifdef ANDROID 11616 .driver_cmd = wpa_driver_nl80211_driver_cmd, 11617#endif /* ANDROID */ 11618 .set_qos_map = nl80211_set_qos_map, 11619}; 11620