driver_nl80211.c revision c8c09cfad1d06bc4e5829d9c4014321cfa92284e
1/* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This software may be distributed under the terms of the BSD license. 10 * See README for more details. 11 */ 12 13#include "includes.h" 14#include <sys/ioctl.h> 15#include <sys/types.h> 16#include <sys/stat.h> 17#include <fcntl.h> 18#include <net/if.h> 19#include <netlink/genl/genl.h> 20#include <netlink/genl/family.h> 21#include <netlink/genl/ctrl.h> 22#include <linux/rtnetlink.h> 23#include <netpacket/packet.h> 24#include <linux/filter.h> 25#include <linux/errqueue.h> 26#include "nl80211_copy.h" 27 28#include "common.h" 29#include "eloop.h" 30#include "utils/list.h" 31#include "common/ieee802_11_defs.h" 32#include "common/ieee802_11_common.h" 33#include "l2_packet/l2_packet.h" 34#include "netlink.h" 35#include "linux_ioctl.h" 36#include "radiotap.h" 37#include "radiotap_iter.h" 38#include "rfkill.h" 39#include "driver.h" 40 41#ifndef SO_WIFI_STATUS 42# if defined(__sparc__) 43# define SO_WIFI_STATUS 0x0025 44# elif defined(__parisc__) 45# define SO_WIFI_STATUS 0x4022 46# else 47# define SO_WIFI_STATUS 41 48# endif 49 50# define SCM_WIFI_STATUS SO_WIFI_STATUS 51#endif 52 53#ifndef SO_EE_ORIGIN_TXSTATUS 54#define SO_EE_ORIGIN_TXSTATUS 4 55#endif 56 57#ifndef PACKET_TX_TIMESTAMP 58#define PACKET_TX_TIMESTAMP 16 59#endif 60 61#ifdef ANDROID 62#include "android_drv.h" 63#endif /* ANDROID */ 64#ifdef CONFIG_LIBNL20 65/* libnl 2.0 compatibility code */ 66#define nl_handle nl_sock 67#define nl80211_handle_alloc nl_socket_alloc_cb 68#define nl80211_handle_destroy nl_socket_free 69#else 70/* 71 * libnl 1.1 has a bug, it tries to allocate socket numbers densely 72 * but when you free a socket again it will mess up its bitmap and 73 * and use the wrong number the next time it needs a socket ID. 74 * Therefore, we wrap the handle alloc/destroy and add our own pid 75 * accounting. 76 */ 77static uint32_t port_bitmap[32] = { 0 }; 78 79static struct nl_handle *nl80211_handle_alloc(void *cb) 80{ 81 struct nl_handle *handle; 82 uint32_t pid = getpid() & 0x3FFFFF; 83 int i; 84 85 handle = nl_handle_alloc_cb(cb); 86 87 for (i = 0; i < 1024; i++) { 88 if (port_bitmap[i / 32] & (1 << (i % 32))) 89 continue; 90 port_bitmap[i / 32] |= 1 << (i % 32); 91 pid += i << 22; 92 break; 93 } 94 95 nl_socket_set_local_port(handle, pid); 96 97 return handle; 98} 99 100static void nl80211_handle_destroy(struct nl_handle *handle) 101{ 102 uint32_t port = nl_socket_get_local_port(handle); 103 104 port >>= 22; 105 port_bitmap[port / 32] &= ~(1 << (port % 32)); 106 107 nl_handle_destroy(handle); 108} 109#endif /* CONFIG_LIBNL20 */ 110 111 112static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg) 113{ 114 struct nl_handle *handle; 115 116 handle = nl80211_handle_alloc(cb); 117 if (handle == NULL) { 118 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 119 "callbacks (%s)", dbg); 120 return NULL; 121 } 122 123 if (genl_connect(handle)) { 124 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 125 "netlink (%s)", dbg); 126 nl80211_handle_destroy(handle); 127 return NULL; 128 } 129 130 return handle; 131} 132 133 134static void nl_destroy_handles(struct nl_handle **handle) 135{ 136 if (*handle == NULL) 137 return; 138 nl80211_handle_destroy(*handle); 139 *handle = NULL; 140} 141 142 143#if __WORDSIZE == 64 144#define ELOOP_SOCKET_INVALID (intptr_t) 0x8888888888888889ULL 145#else 146#define ELOOP_SOCKET_INVALID (intptr_t) 0x88888889ULL 147#endif 148 149static void nl80211_register_eloop_read(struct nl_handle **handle, 150 eloop_sock_handler handler, 151 void *eloop_data) 152{ 153 nl_socket_set_nonblocking(*handle); 154 eloop_register_read_sock(nl_socket_get_fd(*handle), handler, 155 eloop_data, *handle); 156 *handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID); 157} 158 159 160static void nl80211_destroy_eloop_handle(struct nl_handle **handle) 161{ 162 *handle = (void *) (((intptr_t) *handle) ^ ELOOP_SOCKET_INVALID); 163 eloop_unregister_read_sock(nl_socket_get_fd(*handle)); 164 nl_destroy_handles(handle); 165} 166 167 168#ifndef IFF_LOWER_UP 169#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 170#endif 171#ifndef IFF_DORMANT 172#define IFF_DORMANT 0x20000 /* driver signals dormant */ 173#endif 174 175#ifndef IF_OPER_DORMANT 176#define IF_OPER_DORMANT 5 177#endif 178#ifndef IF_OPER_UP 179#define IF_OPER_UP 6 180#endif 181 182struct nl80211_global { 183 struct dl_list interfaces; 184 int if_add_ifindex; 185 u64 if_add_wdevid; 186 int if_add_wdevid_set; 187 struct netlink_data *netlink; 188 struct nl_cb *nl_cb; 189 struct nl_handle *nl; 190 int nl80211_id; 191 int ioctl_sock; /* socket for ioctl() use */ 192 193 struct nl_handle *nl_event; 194}; 195 196struct nl80211_wiphy_data { 197 struct dl_list list; 198 struct dl_list bsss; 199 struct dl_list drvs; 200 201 struct nl_handle *nl_beacons; 202 struct nl_cb *nl_cb; 203 204 int wiphy_idx; 205}; 206 207static void nl80211_global_deinit(void *priv); 208 209struct i802_bss { 210 struct wpa_driver_nl80211_data *drv; 211 struct i802_bss *next; 212 int ifindex; 213 u64 wdev_id; 214 char ifname[IFNAMSIZ + 1]; 215 char brname[IFNAMSIZ]; 216 unsigned int beacon_set:1; 217 unsigned int added_if_into_bridge:1; 218 unsigned int added_bridge:1; 219 unsigned int in_deinit:1; 220 unsigned int wdev_id_set:1; 221 unsigned int added_if:1; 222 223 u8 addr[ETH_ALEN]; 224 225 int freq; 226 int if_dynamic; 227 228 void *ctx; 229 struct nl_handle *nl_preq, *nl_mgmt; 230 struct nl_cb *nl_cb; 231 232 struct nl80211_wiphy_data *wiphy_data; 233 struct dl_list wiphy_list; 234}; 235 236struct wpa_driver_nl80211_data { 237 struct nl80211_global *global; 238 struct dl_list list; 239 struct dl_list wiphy_list; 240 char phyname[32]; 241 void *ctx; 242 int ifindex; 243 int if_removed; 244 int if_disabled; 245 int ignore_if_down_event; 246 struct rfkill_data *rfkill; 247 struct wpa_driver_capa capa; 248 u8 *extended_capa, *extended_capa_mask; 249 unsigned int extended_capa_len; 250 int has_capability; 251 252 int operstate; 253 254 int scan_complete_events; 255 enum scan_states { 256 NO_SCAN, SCAN_REQUESTED, SCAN_STARTED, SCAN_COMPLETED, 257 SCAN_ABORTED, SCHED_SCAN_STARTED, SCHED_SCAN_STOPPED, 258 SCHED_SCAN_RESULTS 259 } scan_state; 260 261 struct nl_cb *nl_cb; 262 263 u8 auth_bssid[ETH_ALEN]; 264 u8 auth_attempt_bssid[ETH_ALEN]; 265 u8 bssid[ETH_ALEN]; 266 u8 prev_bssid[ETH_ALEN]; 267 int associated; 268 u8 ssid[32]; 269 size_t ssid_len; 270 enum nl80211_iftype nlmode; 271 enum nl80211_iftype ap_scan_as_station; 272 unsigned int assoc_freq; 273 274 int monitor_sock; 275 int monitor_ifidx; 276 int monitor_refcount; 277 278 unsigned int disabled_11b_rates:1; 279 unsigned int pending_remain_on_chan:1; 280 unsigned int in_interface_list:1; 281 unsigned int device_ap_sme:1; 282 unsigned int poll_command_supported:1; 283 unsigned int data_tx_status:1; 284 unsigned int scan_for_auth:1; 285 unsigned int retry_auth:1; 286 unsigned int use_monitor:1; 287 unsigned int ignore_next_local_disconnect:1; 288 unsigned int allow_p2p_device:1; 289 290 u64 remain_on_chan_cookie; 291 u64 send_action_cookie; 292 293 unsigned int last_mgmt_freq; 294 295 struct wpa_driver_scan_filter *filter_ssids; 296 size_t num_filter_ssids; 297 298 struct i802_bss *first_bss; 299 300 int eapol_tx_sock; 301 302#ifdef HOSTAPD 303 int eapol_sock; /* socket for EAPOL frames */ 304 305 int default_if_indices[16]; 306 int *if_indices; 307 int num_if_indices; 308 309 int last_freq; 310 int last_freq_ht; 311#endif /* HOSTAPD */ 312 313 /* From failed authentication command */ 314 int auth_freq; 315 u8 auth_bssid_[ETH_ALEN]; 316 u8 auth_ssid[32]; 317 size_t auth_ssid_len; 318 int auth_alg; 319 u8 *auth_ie; 320 size_t auth_ie_len; 321 u8 auth_wep_key[4][16]; 322 size_t auth_wep_key_len[4]; 323 int auth_wep_tx_keyidx; 324 int auth_local_state_change; 325 int auth_p2p; 326}; 327 328 329static void wpa_driver_nl80211_deinit(struct i802_bss *bss); 330static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 331 void *timeout_ctx); 332static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 333 enum nl80211_iftype nlmode); 334static int 335wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv); 336static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 337 const u8 *addr, int cmd, u16 reason_code, 338 int local_state_change); 339static void nl80211_remove_monitor_interface( 340 struct wpa_driver_nl80211_data *drv); 341static int nl80211_send_frame_cmd(struct i802_bss *bss, 342 unsigned int freq, unsigned int wait, 343 const u8 *buf, size_t buf_len, u64 *cookie, 344 int no_cck, int no_ack, int offchanok); 345static int nl80211_register_frame(struct i802_bss *bss, 346 struct nl_handle *hl_handle, 347 u16 type, const u8 *match, size_t match_len); 348static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, 349 int report); 350#ifdef ANDROID 351static int android_pno_start(struct i802_bss *bss, 352 struct wpa_driver_scan_params *params); 353static int android_pno_stop(struct i802_bss *bss); 354#endif /* ANDROID */ 355#ifdef ANDROID_P2P 356int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration); 357int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len); 358int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow); 359int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon, 360 const struct wpabuf *proberesp, 361 const struct wpabuf *assocresp); 362 363#endif 364#ifdef HOSTAPD 365static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 366static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 367static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 368static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, 369 enum wpa_driver_if_type type, 370 const char *ifname); 371#else /* HOSTAPD */ 372static inline void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 373{ 374} 375 376static inline void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 377{ 378} 379 380static inline int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 381{ 382 return 0; 383} 384#endif /* HOSTAPD */ 385#ifdef ANDROID 386extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf, 387 size_t buf_len); 388#endif 389 390static int wpa_driver_nl80211_set_freq(struct i802_bss *bss, 391 struct hostapd_freq_params *freq); 392static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 393 int ifindex, int disabled); 394 395static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv); 396static int wpa_driver_nl80211_authenticate_retry( 397 struct wpa_driver_nl80211_data *drv); 398 399static int i802_set_iface_flags(struct i802_bss *bss, int up); 400 401 402static const char * nl80211_command_to_string(enum nl80211_commands cmd) 403{ 404#define C2S(x) case x: return #x; 405 switch (cmd) { 406 C2S(NL80211_CMD_UNSPEC) 407 C2S(NL80211_CMD_GET_WIPHY) 408 C2S(NL80211_CMD_SET_WIPHY) 409 C2S(NL80211_CMD_NEW_WIPHY) 410 C2S(NL80211_CMD_DEL_WIPHY) 411 C2S(NL80211_CMD_GET_INTERFACE) 412 C2S(NL80211_CMD_SET_INTERFACE) 413 C2S(NL80211_CMD_NEW_INTERFACE) 414 C2S(NL80211_CMD_DEL_INTERFACE) 415 C2S(NL80211_CMD_GET_KEY) 416 C2S(NL80211_CMD_SET_KEY) 417 C2S(NL80211_CMD_NEW_KEY) 418 C2S(NL80211_CMD_DEL_KEY) 419 C2S(NL80211_CMD_GET_BEACON) 420 C2S(NL80211_CMD_SET_BEACON) 421 C2S(NL80211_CMD_START_AP) 422 C2S(NL80211_CMD_STOP_AP) 423 C2S(NL80211_CMD_GET_STATION) 424 C2S(NL80211_CMD_SET_STATION) 425 C2S(NL80211_CMD_NEW_STATION) 426 C2S(NL80211_CMD_DEL_STATION) 427 C2S(NL80211_CMD_GET_MPATH) 428 C2S(NL80211_CMD_SET_MPATH) 429 C2S(NL80211_CMD_NEW_MPATH) 430 C2S(NL80211_CMD_DEL_MPATH) 431 C2S(NL80211_CMD_SET_BSS) 432 C2S(NL80211_CMD_SET_REG) 433 C2S(NL80211_CMD_REQ_SET_REG) 434 C2S(NL80211_CMD_GET_MESH_CONFIG) 435 C2S(NL80211_CMD_SET_MESH_CONFIG) 436 C2S(NL80211_CMD_SET_MGMT_EXTRA_IE) 437 C2S(NL80211_CMD_GET_REG) 438 C2S(NL80211_CMD_GET_SCAN) 439 C2S(NL80211_CMD_TRIGGER_SCAN) 440 C2S(NL80211_CMD_NEW_SCAN_RESULTS) 441 C2S(NL80211_CMD_SCAN_ABORTED) 442 C2S(NL80211_CMD_REG_CHANGE) 443 C2S(NL80211_CMD_AUTHENTICATE) 444 C2S(NL80211_CMD_ASSOCIATE) 445 C2S(NL80211_CMD_DEAUTHENTICATE) 446 C2S(NL80211_CMD_DISASSOCIATE) 447 C2S(NL80211_CMD_MICHAEL_MIC_FAILURE) 448 C2S(NL80211_CMD_REG_BEACON_HINT) 449 C2S(NL80211_CMD_JOIN_IBSS) 450 C2S(NL80211_CMD_LEAVE_IBSS) 451 C2S(NL80211_CMD_TESTMODE) 452 C2S(NL80211_CMD_CONNECT) 453 C2S(NL80211_CMD_ROAM) 454 C2S(NL80211_CMD_DISCONNECT) 455 C2S(NL80211_CMD_SET_WIPHY_NETNS) 456 C2S(NL80211_CMD_GET_SURVEY) 457 C2S(NL80211_CMD_NEW_SURVEY_RESULTS) 458 C2S(NL80211_CMD_SET_PMKSA) 459 C2S(NL80211_CMD_DEL_PMKSA) 460 C2S(NL80211_CMD_FLUSH_PMKSA) 461 C2S(NL80211_CMD_REMAIN_ON_CHANNEL) 462 C2S(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL) 463 C2S(NL80211_CMD_SET_TX_BITRATE_MASK) 464 C2S(NL80211_CMD_REGISTER_FRAME) 465 C2S(NL80211_CMD_FRAME) 466 C2S(NL80211_CMD_FRAME_TX_STATUS) 467 C2S(NL80211_CMD_SET_POWER_SAVE) 468 C2S(NL80211_CMD_GET_POWER_SAVE) 469 C2S(NL80211_CMD_SET_CQM) 470 C2S(NL80211_CMD_NOTIFY_CQM) 471 C2S(NL80211_CMD_SET_CHANNEL) 472 C2S(NL80211_CMD_SET_WDS_PEER) 473 C2S(NL80211_CMD_FRAME_WAIT_CANCEL) 474 C2S(NL80211_CMD_JOIN_MESH) 475 C2S(NL80211_CMD_LEAVE_MESH) 476 C2S(NL80211_CMD_UNPROT_DEAUTHENTICATE) 477 C2S(NL80211_CMD_UNPROT_DISASSOCIATE) 478 C2S(NL80211_CMD_NEW_PEER_CANDIDATE) 479 C2S(NL80211_CMD_GET_WOWLAN) 480 C2S(NL80211_CMD_SET_WOWLAN) 481 C2S(NL80211_CMD_START_SCHED_SCAN) 482 C2S(NL80211_CMD_STOP_SCHED_SCAN) 483 C2S(NL80211_CMD_SCHED_SCAN_RESULTS) 484 C2S(NL80211_CMD_SCHED_SCAN_STOPPED) 485 C2S(NL80211_CMD_SET_REKEY_OFFLOAD) 486 C2S(NL80211_CMD_PMKSA_CANDIDATE) 487 C2S(NL80211_CMD_TDLS_OPER) 488 C2S(NL80211_CMD_TDLS_MGMT) 489 C2S(NL80211_CMD_UNEXPECTED_FRAME) 490 C2S(NL80211_CMD_PROBE_CLIENT) 491 C2S(NL80211_CMD_REGISTER_BEACONS) 492 C2S(NL80211_CMD_UNEXPECTED_4ADDR_FRAME) 493 C2S(NL80211_CMD_SET_NOACK_MAP) 494 C2S(NL80211_CMD_CH_SWITCH_NOTIFY) 495 C2S(NL80211_CMD_START_P2P_DEVICE) 496 C2S(NL80211_CMD_STOP_P2P_DEVICE) 497 C2S(NL80211_CMD_CONN_FAILED) 498 C2S(NL80211_CMD_SET_MCAST_RATE) 499 C2S(NL80211_CMD_SET_MAC_ACL) 500 C2S(NL80211_CMD_RADAR_DETECT) 501 C2S(NL80211_CMD_GET_PROTOCOL_FEATURES) 502 C2S(NL80211_CMD_UPDATE_FT_IES) 503 C2S(NL80211_CMD_FT_EVENT) 504 C2S(NL80211_CMD_CRIT_PROTOCOL_START) 505 C2S(NL80211_CMD_CRIT_PROTOCOL_STOP) 506 default: 507 return "NL80211_CMD_UNKNOWN"; 508 } 509#undef C2S 510} 511 512 513static int is_ap_interface(enum nl80211_iftype nlmode) 514{ 515 return (nlmode == NL80211_IFTYPE_AP || 516 nlmode == NL80211_IFTYPE_P2P_GO); 517} 518 519 520static int is_sta_interface(enum nl80211_iftype nlmode) 521{ 522 return (nlmode == NL80211_IFTYPE_STATION || 523 nlmode == NL80211_IFTYPE_P2P_CLIENT); 524} 525 526 527static int is_p2p_net_interface(enum nl80211_iftype nlmode) 528{ 529 return (nlmode == NL80211_IFTYPE_P2P_CLIENT || 530 nlmode == NL80211_IFTYPE_P2P_GO); 531} 532 533 534static void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv) 535{ 536 if (drv->associated) 537 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 538 drv->associated = 0; 539 os_memset(drv->bssid, 0, ETH_ALEN); 540} 541 542 543struct nl80211_bss_info_arg { 544 struct wpa_driver_nl80211_data *drv; 545 struct wpa_scan_results *res; 546 unsigned int assoc_freq; 547 u8 assoc_bssid[ETH_ALEN]; 548}; 549 550static int bss_info_handler(struct nl_msg *msg, void *arg); 551 552 553/* nl80211 code */ 554static int ack_handler(struct nl_msg *msg, void *arg) 555{ 556 int *err = arg; 557 *err = 0; 558 return NL_STOP; 559} 560 561static int finish_handler(struct nl_msg *msg, void *arg) 562{ 563 int *ret = arg; 564 *ret = 0; 565 return NL_SKIP; 566} 567 568static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 569 void *arg) 570{ 571 int *ret = arg; 572 *ret = err->error; 573 return NL_SKIP; 574} 575 576 577static int no_seq_check(struct nl_msg *msg, void *arg) 578{ 579 return NL_OK; 580} 581 582 583static int send_and_recv(struct nl80211_global *global, 584 struct nl_handle *nl_handle, struct nl_msg *msg, 585 int (*valid_handler)(struct nl_msg *, void *), 586 void *valid_data) 587{ 588 struct nl_cb *cb; 589 int err = -ENOMEM; 590 591 cb = nl_cb_clone(global->nl_cb); 592 if (!cb) 593 goto out; 594 595 err = nl_send_auto_complete(nl_handle, msg); 596 if (err < 0) 597 goto out; 598 599 err = 1; 600 601 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 602 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 603 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 604 605 if (valid_handler) 606 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 607 valid_handler, valid_data); 608 609 while (err > 0) { 610 int res = nl_recvmsgs(nl_handle, cb); 611 if (res) { 612 wpa_printf(MSG_INFO, 613 "nl80211: %s->nl_recvmsgs failed: %d", 614 __func__, res); 615 } 616 } 617 out: 618 nl_cb_put(cb); 619 nlmsg_free(msg); 620 return err; 621} 622 623 624static int send_and_recv_msgs_global(struct nl80211_global *global, 625 struct nl_msg *msg, 626 int (*valid_handler)(struct nl_msg *, void *), 627 void *valid_data) 628{ 629 return send_and_recv(global, global->nl, msg, valid_handler, 630 valid_data); 631} 632 633 634#ifndef ANDROID 635static 636#endif 637int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 638 struct nl_msg *msg, 639 int (*valid_handler)(struct nl_msg *, void *), 640 void *valid_data) 641{ 642 return send_and_recv(drv->global, drv->global->nl, msg, 643 valid_handler, valid_data); 644} 645 646 647struct family_data { 648 const char *group; 649 int id; 650}; 651 652 653static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss) 654{ 655 if (bss->wdev_id_set) 656 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 657 else 658 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 659 return 0; 660 661nla_put_failure: 662 return -1; 663} 664 665 666static int family_handler(struct nl_msg *msg, void *arg) 667{ 668 struct family_data *res = arg; 669 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 670 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 671 struct nlattr *mcgrp; 672 int i; 673 674 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 675 genlmsg_attrlen(gnlh, 0), NULL); 676 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 677 return NL_SKIP; 678 679 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 680 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 681 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 682 nla_len(mcgrp), NULL); 683 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 684 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 685 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 686 res->group, 687 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 688 continue; 689 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 690 break; 691 }; 692 693 return NL_SKIP; 694} 695 696 697static int nl_get_multicast_id(struct nl80211_global *global, 698 const char *family, const char *group) 699{ 700 struct nl_msg *msg; 701 int ret = -1; 702 struct family_data res = { group, -ENOENT }; 703 704 msg = nlmsg_alloc(); 705 if (!msg) 706 return -ENOMEM; 707 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"), 708 0, 0, CTRL_CMD_GETFAMILY, 0); 709 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 710 711 ret = send_and_recv_msgs_global(global, msg, family_handler, &res); 712 msg = NULL; 713 if (ret == 0) 714 ret = res.id; 715 716nla_put_failure: 717 nlmsg_free(msg); 718 return ret; 719} 720 721 722static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv, 723 struct nl_msg *msg, int flags, uint8_t cmd) 724{ 725 return genlmsg_put(msg, 0, 0, drv->global->nl80211_id, 726 0, flags, cmd, 0); 727} 728 729 730struct wiphy_idx_data { 731 int wiphy_idx; 732 enum nl80211_iftype nlmode; 733 u8 *macaddr; 734}; 735 736 737static int netdev_info_handler(struct nl_msg *msg, void *arg) 738{ 739 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 740 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 741 struct wiphy_idx_data *info = arg; 742 743 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 744 genlmsg_attrlen(gnlh, 0), NULL); 745 746 if (tb[NL80211_ATTR_WIPHY]) 747 info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 748 749 if (tb[NL80211_ATTR_IFTYPE]) 750 info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]); 751 752 if (tb[NL80211_ATTR_MAC] && info->macaddr) 753 os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]), 754 ETH_ALEN); 755 756 return NL_SKIP; 757} 758 759 760static int nl80211_get_wiphy_index(struct i802_bss *bss) 761{ 762 struct nl_msg *msg; 763 struct wiphy_idx_data data = { 764 .wiphy_idx = -1, 765 .macaddr = NULL, 766 }; 767 768 msg = nlmsg_alloc(); 769 if (!msg) 770 return NL80211_IFTYPE_UNSPECIFIED; 771 772 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 773 774 if (nl80211_set_iface_id(msg, bss) < 0) 775 goto nla_put_failure; 776 777 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 778 return data.wiphy_idx; 779 msg = NULL; 780nla_put_failure: 781 nlmsg_free(msg); 782 return -1; 783} 784 785 786static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss) 787{ 788 struct nl_msg *msg; 789 struct wiphy_idx_data data = { 790 .nlmode = NL80211_IFTYPE_UNSPECIFIED, 791 .macaddr = NULL, 792 }; 793 794 msg = nlmsg_alloc(); 795 if (!msg) 796 return -1; 797 798 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 799 800 if (nl80211_set_iface_id(msg, bss) < 0) 801 goto nla_put_failure; 802 803 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 804 return data.nlmode; 805 msg = NULL; 806nla_put_failure: 807 nlmsg_free(msg); 808 return NL80211_IFTYPE_UNSPECIFIED; 809} 810 811 812#ifndef HOSTAPD 813static int nl80211_get_macaddr(struct i802_bss *bss) 814{ 815 struct nl_msg *msg; 816 struct wiphy_idx_data data = { 817 .macaddr = bss->addr, 818 }; 819 820 msg = nlmsg_alloc(); 821 if (!msg) 822 return NL80211_IFTYPE_UNSPECIFIED; 823 824 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 825 if (nl80211_set_iface_id(msg, bss) < 0) 826 goto nla_put_failure; 827 828 return send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data); 829 830nla_put_failure: 831 nlmsg_free(msg); 832 return NL80211_IFTYPE_UNSPECIFIED; 833} 834#endif /* HOSTAPD */ 835 836 837static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv, 838 struct nl80211_wiphy_data *w) 839{ 840 struct nl_msg *msg; 841 int ret = -1; 842 843 msg = nlmsg_alloc(); 844 if (!msg) 845 return -1; 846 847 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS); 848 849 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx); 850 851 ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL); 852 msg = NULL; 853 if (ret) { 854 wpa_printf(MSG_DEBUG, "nl80211: Register beacons command " 855 "failed: ret=%d (%s)", 856 ret, strerror(-ret)); 857 goto nla_put_failure; 858 } 859 ret = 0; 860nla_put_failure: 861 nlmsg_free(msg); 862 return ret; 863} 864 865 866static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle) 867{ 868 struct nl80211_wiphy_data *w = eloop_ctx; 869 int res; 870 871 wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available"); 872 873 res = nl_recvmsgs(handle, w->nl_cb); 874 if (res) { 875 wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d", 876 __func__, res); 877 } 878} 879 880 881static int process_beacon_event(struct nl_msg *msg, void *arg) 882{ 883 struct nl80211_wiphy_data *w = arg; 884 struct wpa_driver_nl80211_data *drv; 885 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 886 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 887 union wpa_event_data event; 888 889 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 890 genlmsg_attrlen(gnlh, 0), NULL); 891 892 if (gnlh->cmd != NL80211_CMD_FRAME) { 893 wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)", 894 gnlh->cmd); 895 return NL_SKIP; 896 } 897 898 if (!tb[NL80211_ATTR_FRAME]) 899 return NL_SKIP; 900 901 dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data, 902 wiphy_list) { 903 os_memset(&event, 0, sizeof(event)); 904 event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]); 905 event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]); 906 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 907 } 908 909 return NL_SKIP; 910} 911 912 913static struct nl80211_wiphy_data * 914nl80211_get_wiphy_data_ap(struct i802_bss *bss) 915{ 916 static DEFINE_DL_LIST(nl80211_wiphys); 917 struct nl80211_wiphy_data *w; 918 int wiphy_idx, found = 0; 919 struct i802_bss *tmp_bss; 920 921 if (bss->wiphy_data != NULL) 922 return bss->wiphy_data; 923 924 wiphy_idx = nl80211_get_wiphy_index(bss); 925 926 dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) { 927 if (w->wiphy_idx == wiphy_idx) 928 goto add; 929 } 930 931 /* alloc new one */ 932 w = os_zalloc(sizeof(*w)); 933 if (w == NULL) 934 return NULL; 935 w->wiphy_idx = wiphy_idx; 936 dl_list_init(&w->bsss); 937 dl_list_init(&w->drvs); 938 939 w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 940 if (!w->nl_cb) { 941 os_free(w); 942 return NULL; 943 } 944 nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 945 nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event, 946 w); 947 948 w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb, 949 "wiphy beacons"); 950 if (w->nl_beacons == NULL) { 951 os_free(w); 952 return NULL; 953 } 954 955 if (nl80211_register_beacons(bss->drv, w)) { 956 nl_destroy_handles(&w->nl_beacons); 957 os_free(w); 958 return NULL; 959 } 960 961 nl80211_register_eloop_read(&w->nl_beacons, nl80211_recv_beacons, w); 962 963 dl_list_add(&nl80211_wiphys, &w->list); 964 965add: 966 /* drv entry for this bss already there? */ 967 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 968 if (tmp_bss->drv == bss->drv) { 969 found = 1; 970 break; 971 } 972 } 973 /* if not add it */ 974 if (!found) 975 dl_list_add(&w->drvs, &bss->drv->wiphy_list); 976 977 dl_list_add(&w->bsss, &bss->wiphy_list); 978 bss->wiphy_data = w; 979 return w; 980} 981 982 983static void nl80211_put_wiphy_data_ap(struct i802_bss *bss) 984{ 985 struct nl80211_wiphy_data *w = bss->wiphy_data; 986 struct i802_bss *tmp_bss; 987 int found = 0; 988 989 if (w == NULL) 990 return; 991 bss->wiphy_data = NULL; 992 dl_list_del(&bss->wiphy_list); 993 994 /* still any for this drv present? */ 995 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 996 if (tmp_bss->drv == bss->drv) { 997 found = 1; 998 break; 999 } 1000 } 1001 /* if not remove it */ 1002 if (!found) 1003 dl_list_del(&bss->drv->wiphy_list); 1004 1005 if (!dl_list_empty(&w->bsss)) 1006 return; 1007 1008 nl80211_destroy_eloop_handle(&w->nl_beacons); 1009 1010 nl_cb_put(w->nl_cb); 1011 dl_list_del(&w->list); 1012 os_free(w); 1013} 1014 1015 1016static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 1017{ 1018 struct i802_bss *bss = priv; 1019 struct wpa_driver_nl80211_data *drv = bss->drv; 1020 if (!drv->associated) 1021 return -1; 1022 os_memcpy(bssid, drv->bssid, ETH_ALEN); 1023 return 0; 1024} 1025 1026 1027static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 1028{ 1029 struct i802_bss *bss = priv; 1030 struct wpa_driver_nl80211_data *drv = bss->drv; 1031 if (!drv->associated) 1032 return -1; 1033 os_memcpy(ssid, drv->ssid, drv->ssid_len); 1034 return drv->ssid_len; 1035} 1036 1037 1038static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv, 1039 char *buf, size_t len, int del) 1040{ 1041 union wpa_event_data event; 1042 1043 os_memset(&event, 0, sizeof(event)); 1044 if (len > sizeof(event.interface_status.ifname)) 1045 len = sizeof(event.interface_status.ifname) - 1; 1046 os_memcpy(event.interface_status.ifname, buf, len); 1047 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 1048 EVENT_INTERFACE_ADDED; 1049 1050 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 1051 del ? "DEL" : "NEW", 1052 event.interface_status.ifname, 1053 del ? "removed" : "added"); 1054 1055 if (os_strcmp(drv->first_bss->ifname, event.interface_status.ifname) == 1056 0) { 1057 if (del) { 1058 if (drv->if_removed) { 1059 wpa_printf(MSG_DEBUG, "nl80211: if_removed " 1060 "already set - ignore event"); 1061 return; 1062 } 1063 drv->if_removed = 1; 1064 } else { 1065 if (if_nametoindex(drv->first_bss->ifname) == 0) { 1066 wpa_printf(MSG_DEBUG, "nl80211: Interface %s " 1067 "does not exist - ignore " 1068 "RTM_NEWLINK", 1069 drv->first_bss->ifname); 1070 return; 1071 } 1072 if (!drv->if_removed) { 1073 wpa_printf(MSG_DEBUG, "nl80211: if_removed " 1074 "already cleared - ignore event"); 1075 return; 1076 } 1077 drv->if_removed = 0; 1078 } 1079 } 1080 1081 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 1082} 1083 1084 1085static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 1086 u8 *buf, size_t len) 1087{ 1088 int attrlen, rta_len; 1089 struct rtattr *attr; 1090 1091 attrlen = len; 1092 attr = (struct rtattr *) buf; 1093 1094 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 1095 while (RTA_OK(attr, attrlen)) { 1096 if (attr->rta_type == IFLA_IFNAME) { 1097 if (os_strcmp(((char *) attr) + rta_len, 1098 drv->first_bss->ifname) == 0) 1099 return 1; 1100 else 1101 break; 1102 } 1103 attr = RTA_NEXT(attr, attrlen); 1104 } 1105 1106 return 0; 1107} 1108 1109 1110static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 1111 int ifindex, u8 *buf, size_t len) 1112{ 1113 if (drv->ifindex == ifindex) 1114 return 1; 1115 1116 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 1117 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 1118 "interface"); 1119 wpa_driver_nl80211_finish_drv_init(drv); 1120 return 1; 1121 } 1122 1123 return 0; 1124} 1125 1126 1127static struct wpa_driver_nl80211_data * 1128nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len) 1129{ 1130 struct wpa_driver_nl80211_data *drv; 1131 dl_list_for_each(drv, &global->interfaces, 1132 struct wpa_driver_nl80211_data, list) { 1133 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) || 1134 have_ifidx(drv, idx)) 1135 return drv; 1136 } 1137 return NULL; 1138} 1139 1140 1141static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 1142 struct ifinfomsg *ifi, 1143 u8 *buf, size_t len) 1144{ 1145 struct nl80211_global *global = ctx; 1146 struct wpa_driver_nl80211_data *drv; 1147 int attrlen, rta_len; 1148 struct rtattr *attr; 1149 u32 brid = 0; 1150 char namebuf[IFNAMSIZ]; 1151 1152 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 1153 if (!drv) { 1154 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign " 1155 "ifindex %d", ifi->ifi_index); 1156 return; 1157 } 1158 1159 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 1160 "(%s%s%s%s)", 1161 drv->operstate, ifi->ifi_flags, 1162 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 1163 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 1164 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 1165 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 1166 1167 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 1168 if (if_indextoname(ifi->ifi_index, namebuf) && 1169 linux_iface_up(drv->global->ioctl_sock, 1170 drv->first_bss->ifname) > 0) { 1171 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 1172 "event since interface %s is up", namebuf); 1173 return; 1174 } 1175 wpa_printf(MSG_DEBUG, "nl80211: Interface down"); 1176 if (drv->ignore_if_down_event) { 1177 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 1178 "event generated by mode change"); 1179 drv->ignore_if_down_event = 0; 1180 } else { 1181 drv->if_disabled = 1; 1182 wpa_supplicant_event(drv->ctx, 1183 EVENT_INTERFACE_DISABLED, NULL); 1184 } 1185 } 1186 1187 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 1188 if (if_indextoname(ifi->ifi_index, namebuf) && 1189 linux_iface_up(drv->global->ioctl_sock, 1190 drv->first_bss->ifname) == 0) { 1191 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1192 "event since interface %s is down", 1193 namebuf); 1194 } else if (if_nametoindex(drv->first_bss->ifname) == 0) { 1195 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1196 "event since interface %s does not exist", 1197 drv->first_bss->ifname); 1198 } else if (drv->if_removed) { 1199 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 1200 "event since interface %s is marked " 1201 "removed", drv->first_bss->ifname); 1202 } else { 1203 wpa_printf(MSG_DEBUG, "nl80211: Interface up"); 1204 drv->if_disabled = 0; 1205 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, 1206 NULL); 1207 } 1208 } 1209 1210 /* 1211 * Some drivers send the association event before the operup event--in 1212 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 1213 * fails. This will hit us when wpa_supplicant does not need to do 1214 * IEEE 802.1X authentication 1215 */ 1216 if (drv->operstate == 1 && 1217 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 1218 !(ifi->ifi_flags & IFF_RUNNING)) 1219 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 1220 -1, IF_OPER_UP); 1221 1222 attrlen = len; 1223 attr = (struct rtattr *) buf; 1224 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 1225 while (RTA_OK(attr, attrlen)) { 1226 if (attr->rta_type == IFLA_IFNAME) { 1227 wpa_driver_nl80211_event_link( 1228 drv, 1229 ((char *) attr) + rta_len, 1230 attr->rta_len - rta_len, 0); 1231 } else if (attr->rta_type == IFLA_MASTER) 1232 brid = nla_get_u32((struct nlattr *) attr); 1233 attr = RTA_NEXT(attr, attrlen); 1234 } 1235 1236 if (ifi->ifi_family == AF_BRIDGE && brid) { 1237 /* device has been added to bridge */ 1238 if_indextoname(brid, namebuf); 1239 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 1240 brid, namebuf); 1241 add_ifidx(drv, brid); 1242 } 1243} 1244 1245 1246static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 1247 struct ifinfomsg *ifi, 1248 u8 *buf, size_t len) 1249{ 1250 struct nl80211_global *global = ctx; 1251 struct wpa_driver_nl80211_data *drv; 1252 int attrlen, rta_len; 1253 struct rtattr *attr; 1254 u32 brid = 0; 1255 1256 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 1257 if (!drv) { 1258 wpa_printf(MSG_DEBUG, "nl80211: Ignore dellink event for " 1259 "foreign ifindex %d", ifi->ifi_index); 1260 return; 1261 } 1262 1263 attrlen = len; 1264 attr = (struct rtattr *) buf; 1265 1266 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 1267 while (RTA_OK(attr, attrlen)) { 1268 if (attr->rta_type == IFLA_IFNAME) { 1269 wpa_driver_nl80211_event_link( 1270 drv, 1271 ((char *) attr) + rta_len, 1272 attr->rta_len - rta_len, 1); 1273 } else if (attr->rta_type == IFLA_MASTER) 1274 brid = nla_get_u32((struct nlattr *) attr); 1275 attr = RTA_NEXT(attr, attrlen); 1276 } 1277 1278 if (ifi->ifi_family == AF_BRIDGE && brid) { 1279 /* device has been removed from bridge */ 1280 char namebuf[IFNAMSIZ]; 1281 if_indextoname(brid, namebuf); 1282 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 1283 "%s", brid, namebuf); 1284 del_ifidx(drv, brid); 1285 } 1286} 1287 1288 1289static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 1290 const u8 *frame, size_t len) 1291{ 1292 const struct ieee80211_mgmt *mgmt; 1293 union wpa_event_data event; 1294 1295 wpa_printf(MSG_DEBUG, "nl80211: Authenticate event"); 1296 mgmt = (const struct ieee80211_mgmt *) frame; 1297 if (len < 24 + sizeof(mgmt->u.auth)) { 1298 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1299 "frame"); 1300 return; 1301 } 1302 1303 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 1304 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 1305 os_memset(&event, 0, sizeof(event)); 1306 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 1307 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 1308 event.auth.auth_transaction = 1309 le_to_host16(mgmt->u.auth.auth_transaction); 1310 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 1311 if (len > 24 + sizeof(mgmt->u.auth)) { 1312 event.auth.ies = mgmt->u.auth.variable; 1313 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 1314 } 1315 1316 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 1317} 1318 1319 1320static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv) 1321{ 1322 struct nl_msg *msg; 1323 int ret; 1324 struct nl80211_bss_info_arg arg; 1325 1326 os_memset(&arg, 0, sizeof(arg)); 1327 msg = nlmsg_alloc(); 1328 if (!msg) 1329 goto nla_put_failure; 1330 1331 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 1332 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1333 1334 arg.drv = drv; 1335 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 1336 msg = NULL; 1337 if (ret == 0) { 1338 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the " 1339 "associated BSS from scan results: %u MHz", 1340 arg.assoc_freq); 1341 if (arg.assoc_freq) 1342 drv->assoc_freq = arg.assoc_freq; 1343 return drv->assoc_freq; 1344 } 1345 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 1346 "(%s)", ret, strerror(-ret)); 1347nla_put_failure: 1348 nlmsg_free(msg); 1349 return drv->assoc_freq; 1350} 1351 1352 1353static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 1354 const u8 *frame, size_t len) 1355{ 1356 const struct ieee80211_mgmt *mgmt; 1357 union wpa_event_data event; 1358 u16 status; 1359 1360 wpa_printf(MSG_DEBUG, "nl80211: Associate event"); 1361 mgmt = (const struct ieee80211_mgmt *) frame; 1362 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 1363 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1364 "frame"); 1365 return; 1366 } 1367 1368 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1369 if (status != WLAN_STATUS_SUCCESS) { 1370 os_memset(&event, 0, sizeof(event)); 1371 event.assoc_reject.bssid = mgmt->bssid; 1372 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1373 event.assoc_reject.resp_ies = 1374 (u8 *) mgmt->u.assoc_resp.variable; 1375 event.assoc_reject.resp_ies_len = 1376 len - 24 - sizeof(mgmt->u.assoc_resp); 1377 } 1378 event.assoc_reject.status_code = status; 1379 1380 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1381 return; 1382 } 1383 1384 drv->associated = 1; 1385 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 1386 os_memcpy(drv->prev_bssid, mgmt->sa, ETH_ALEN); 1387 1388 os_memset(&event, 0, sizeof(event)); 1389 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1390 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 1391 event.assoc_info.resp_ies_len = 1392 len - 24 - sizeof(mgmt->u.assoc_resp); 1393 } 1394 1395 event.assoc_info.freq = drv->assoc_freq; 1396 1397 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1398} 1399 1400 1401static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 1402 enum nl80211_commands cmd, struct nlattr *status, 1403 struct nlattr *addr, struct nlattr *req_ie, 1404 struct nlattr *resp_ie) 1405{ 1406 union wpa_event_data event; 1407 1408 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1409 /* 1410 * Avoid reporting two association events that would confuse 1411 * the core code. 1412 */ 1413 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 1414 "when using userspace SME", cmd); 1415 return; 1416 } 1417 1418 if (cmd == NL80211_CMD_CONNECT) 1419 wpa_printf(MSG_DEBUG, "nl80211: Connect event"); 1420 else if (cmd == NL80211_CMD_ROAM) 1421 wpa_printf(MSG_DEBUG, "nl80211: Roam event"); 1422 1423 os_memset(&event, 0, sizeof(event)); 1424 if (cmd == NL80211_CMD_CONNECT && 1425 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 1426 if (addr) 1427 event.assoc_reject.bssid = nla_data(addr); 1428 if (resp_ie) { 1429 event.assoc_reject.resp_ies = nla_data(resp_ie); 1430 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 1431 } 1432 event.assoc_reject.status_code = nla_get_u16(status); 1433 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1434 return; 1435 } 1436 1437 drv->associated = 1; 1438 if (addr) { 1439 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 1440 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 1441 } 1442 1443 if (req_ie) { 1444 event.assoc_info.req_ies = nla_data(req_ie); 1445 event.assoc_info.req_ies_len = nla_len(req_ie); 1446 } 1447 if (resp_ie) { 1448 event.assoc_info.resp_ies = nla_data(resp_ie); 1449 event.assoc_info.resp_ies_len = nla_len(resp_ie); 1450 } 1451 1452 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 1453 1454 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1455} 1456 1457 1458static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv, 1459 struct nlattr *reason, struct nlattr *addr, 1460 struct nlattr *by_ap) 1461{ 1462 union wpa_event_data data; 1463 unsigned int locally_generated = by_ap == NULL; 1464 1465 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1466 /* 1467 * Avoid reporting two disassociation events that could 1468 * confuse the core code. 1469 */ 1470 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1471 "event when using userspace SME"); 1472 return; 1473 } 1474 1475 if (drv->ignore_next_local_disconnect) { 1476 drv->ignore_next_local_disconnect = 0; 1477 if (locally_generated) { 1478 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1479 "event triggered during reassociation"); 1480 return; 1481 } 1482 wpa_printf(MSG_WARNING, "nl80211: Was expecting local " 1483 "disconnect but got another disconnect " 1484 "event first"); 1485 } 1486 1487 wpa_printf(MSG_DEBUG, "nl80211: Disconnect event"); 1488 nl80211_mark_disconnected(drv); 1489 os_memset(&data, 0, sizeof(data)); 1490 if (reason) 1491 data.deauth_info.reason_code = nla_get_u16(reason); 1492 data.deauth_info.locally_generated = by_ap == NULL; 1493 wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, &data); 1494} 1495 1496 1497static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv, 1498 struct nlattr *freq, struct nlattr *type) 1499{ 1500 union wpa_event_data data; 1501 int ht_enabled = 1; 1502 int chan_offset = 0; 1503 1504 wpa_printf(MSG_DEBUG, "nl80211: Channel switch event"); 1505 1506 if (!freq || !type) 1507 return; 1508 1509 switch (nla_get_u32(type)) { 1510 case NL80211_CHAN_NO_HT: 1511 ht_enabled = 0; 1512 break; 1513 case NL80211_CHAN_HT20: 1514 break; 1515 case NL80211_CHAN_HT40PLUS: 1516 chan_offset = 1; 1517 break; 1518 case NL80211_CHAN_HT40MINUS: 1519 chan_offset = -1; 1520 break; 1521 } 1522 1523 data.ch_switch.freq = nla_get_u32(freq); 1524 data.ch_switch.ht_enabled = ht_enabled; 1525 data.ch_switch.ch_offset = chan_offset; 1526 1527 wpa_supplicant_event(drv->ctx, EVENT_CH_SWITCH, &data); 1528} 1529 1530 1531static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 1532 enum nl80211_commands cmd, struct nlattr *addr) 1533{ 1534 union wpa_event_data event; 1535 enum wpa_event_type ev; 1536 1537 if (nla_len(addr) != ETH_ALEN) 1538 return; 1539 1540 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 1541 cmd, MAC2STR((u8 *) nla_data(addr))); 1542 1543 if (cmd == NL80211_CMD_AUTHENTICATE) 1544 ev = EVENT_AUTH_TIMED_OUT; 1545 else if (cmd == NL80211_CMD_ASSOCIATE) 1546 ev = EVENT_ASSOC_TIMED_OUT; 1547 else 1548 return; 1549 1550 os_memset(&event, 0, sizeof(event)); 1551 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 1552 wpa_supplicant_event(drv->ctx, ev, &event); 1553} 1554 1555 1556static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv, 1557 struct nlattr *freq, struct nlattr *sig, 1558 const u8 *frame, size_t len) 1559{ 1560 const struct ieee80211_mgmt *mgmt; 1561 union wpa_event_data event; 1562 u16 fc, stype; 1563 int ssi_signal = 0; 1564 int rx_freq = 0; 1565 1566 wpa_printf(MSG_MSGDUMP, "nl80211: Frame event"); 1567 mgmt = (const struct ieee80211_mgmt *) frame; 1568 if (len < 24) { 1569 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame"); 1570 return; 1571 } 1572 1573 fc = le_to_host16(mgmt->frame_control); 1574 stype = WLAN_FC_GET_STYPE(fc); 1575 1576 if (sig) 1577 ssi_signal = (s32) nla_get_u32(sig); 1578 1579 os_memset(&event, 0, sizeof(event)); 1580 if (freq) { 1581 event.rx_action.freq = nla_get_u32(freq); 1582 rx_freq = drv->last_mgmt_freq = event.rx_action.freq; 1583 } 1584 wpa_printf(MSG_DEBUG, 1585 "nl80211: RX frame freq=%d ssi_signal=%d stype=%u len=%u", 1586 rx_freq, ssi_signal, stype, (unsigned int) len); 1587 if (stype == WLAN_FC_STYPE_ACTION) { 1588 event.rx_action.da = mgmt->da; 1589 event.rx_action.sa = mgmt->sa; 1590 event.rx_action.bssid = mgmt->bssid; 1591 event.rx_action.category = mgmt->u.action.category; 1592 event.rx_action.data = &mgmt->u.action.category + 1; 1593 event.rx_action.len = frame + len - event.rx_action.data; 1594 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event); 1595 } else { 1596 event.rx_mgmt.frame = frame; 1597 event.rx_mgmt.frame_len = len; 1598 event.rx_mgmt.ssi_signal = ssi_signal; 1599 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 1600 } 1601} 1602 1603 1604static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv, 1605 struct nlattr *cookie, const u8 *frame, 1606 size_t len, struct nlattr *ack) 1607{ 1608 union wpa_event_data event; 1609 const struct ieee80211_hdr *hdr; 1610 u16 fc; 1611 1612 wpa_printf(MSG_DEBUG, "nl80211: Frame TX status event"); 1613 if (!is_ap_interface(drv->nlmode)) { 1614 u64 cookie_val; 1615 1616 if (!cookie) 1617 return; 1618 1619 cookie_val = nla_get_u64(cookie); 1620 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:" 1621 " cookie=0%llx%s (ack=%d)", 1622 (long long unsigned int) cookie_val, 1623 cookie_val == drv->send_action_cookie ? 1624 " (match)" : " (unknown)", ack != NULL); 1625 if (cookie_val != drv->send_action_cookie) 1626 return; 1627 } 1628 1629 hdr = (const struct ieee80211_hdr *) frame; 1630 fc = le_to_host16(hdr->frame_control); 1631 1632 os_memset(&event, 0, sizeof(event)); 1633 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 1634 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 1635 event.tx_status.dst = hdr->addr1; 1636 event.tx_status.data = frame; 1637 event.tx_status.data_len = len; 1638 event.tx_status.ack = ack != NULL; 1639 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 1640} 1641 1642 1643static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 1644 enum wpa_event_type type, 1645 const u8 *frame, size_t len) 1646{ 1647 const struct ieee80211_mgmt *mgmt; 1648 union wpa_event_data event; 1649 const u8 *bssid = NULL; 1650 u16 reason_code = 0; 1651 1652 if (type == EVENT_DEAUTH) 1653 wpa_printf(MSG_DEBUG, "nl80211: Deauthenticate event"); 1654 else 1655 wpa_printf(MSG_DEBUG, "nl80211: Disassociate event"); 1656 1657 mgmt = (const struct ieee80211_mgmt *) frame; 1658 if (len >= 24) { 1659 bssid = mgmt->bssid; 1660 1661 if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) && 1662 !drv->associated && 1663 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0 && 1664 os_memcmp(bssid, drv->auth_attempt_bssid, ETH_ALEN) != 0 && 1665 os_memcmp(bssid, drv->prev_bssid, ETH_ALEN) == 0) { 1666 /* 1667 * Avoid issues with some roaming cases where 1668 * disconnection event for the old AP may show up after 1669 * we have started connection with the new AP. 1670 */ 1671 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth/disassoc event from old AP " MACSTR " when already authenticating with " MACSTR, 1672 MAC2STR(bssid), 1673 MAC2STR(drv->auth_attempt_bssid)); 1674 return; 1675 } 1676 1677 if (drv->associated != 0 && 1678 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 1679 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 1680 /* 1681 * We have presumably received this deauth as a 1682 * response to a clear_state_mismatch() outgoing 1683 * deauth. Don't let it take us offline! 1684 */ 1685 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 1686 "from Unknown BSSID " MACSTR " -- ignoring", 1687 MAC2STR(bssid)); 1688 return; 1689 } 1690 } 1691 1692 nl80211_mark_disconnected(drv); 1693 os_memset(&event, 0, sizeof(event)); 1694 1695 /* Note: Same offset for Reason Code in both frame subtypes */ 1696 if (len >= 24 + sizeof(mgmt->u.deauth)) 1697 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1698 1699 if (type == EVENT_DISASSOC) { 1700 event.disassoc_info.locally_generated = 1701 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 1702 event.disassoc_info.addr = bssid; 1703 event.disassoc_info.reason_code = reason_code; 1704 if (frame + len > mgmt->u.disassoc.variable) { 1705 event.disassoc_info.ie = mgmt->u.disassoc.variable; 1706 event.disassoc_info.ie_len = frame + len - 1707 mgmt->u.disassoc.variable; 1708 } 1709 } else { 1710 event.deauth_info.locally_generated = 1711 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 1712 event.deauth_info.addr = bssid; 1713 event.deauth_info.reason_code = reason_code; 1714 if (frame + len > mgmt->u.deauth.variable) { 1715 event.deauth_info.ie = mgmt->u.deauth.variable; 1716 event.deauth_info.ie_len = frame + len - 1717 mgmt->u.deauth.variable; 1718 } 1719 } 1720 1721 wpa_supplicant_event(drv->ctx, type, &event); 1722} 1723 1724 1725static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 1726 enum wpa_event_type type, 1727 const u8 *frame, size_t len) 1728{ 1729 const struct ieee80211_mgmt *mgmt; 1730 union wpa_event_data event; 1731 u16 reason_code = 0; 1732 1733 if (type == EVENT_UNPROT_DEAUTH) 1734 wpa_printf(MSG_DEBUG, "nl80211: Unprot Deauthenticate event"); 1735 else 1736 wpa_printf(MSG_DEBUG, "nl80211: Unprot Disassociate event"); 1737 1738 if (len < 24) 1739 return; 1740 1741 mgmt = (const struct ieee80211_mgmt *) frame; 1742 1743 os_memset(&event, 0, sizeof(event)); 1744 /* Note: Same offset for Reason Code in both frame subtypes */ 1745 if (len >= 24 + sizeof(mgmt->u.deauth)) 1746 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1747 1748 if (type == EVENT_UNPROT_DISASSOC) { 1749 event.unprot_disassoc.sa = mgmt->sa; 1750 event.unprot_disassoc.da = mgmt->da; 1751 event.unprot_disassoc.reason_code = reason_code; 1752 } else { 1753 event.unprot_deauth.sa = mgmt->sa; 1754 event.unprot_deauth.da = mgmt->da; 1755 event.unprot_deauth.reason_code = reason_code; 1756 } 1757 1758 wpa_supplicant_event(drv->ctx, type, &event); 1759} 1760 1761 1762static void mlme_event(struct i802_bss *bss, 1763 enum nl80211_commands cmd, struct nlattr *frame, 1764 struct nlattr *addr, struct nlattr *timed_out, 1765 struct nlattr *freq, struct nlattr *ack, 1766 struct nlattr *cookie, struct nlattr *sig) 1767{ 1768 struct wpa_driver_nl80211_data *drv = bss->drv; 1769 const u8 *data; 1770 size_t len; 1771 1772 if (timed_out && addr) { 1773 mlme_timeout_event(drv, cmd, addr); 1774 return; 1775 } 1776 1777 if (frame == NULL) { 1778 wpa_printf(MSG_DEBUG, 1779 "nl80211: MLME event %d (%s) without frame data", 1780 cmd, nl80211_command_to_string(cmd)); 1781 return; 1782 } 1783 1784 data = nla_data(frame); 1785 len = nla_len(frame); 1786 if (len < 4 + 2 * ETH_ALEN) { 1787 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" 1788 MACSTR ") - too short", 1789 cmd, nl80211_command_to_string(cmd), bss->ifname, 1790 MAC2STR(bss->addr)); 1791 return; 1792 } 1793 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" MACSTR 1794 ") A1=" MACSTR " A2=" MACSTR, cmd, 1795 nl80211_command_to_string(cmd), bss->ifname, 1796 MAC2STR(bss->addr), MAC2STR(data + 4), 1797 MAC2STR(data + 4 + ETH_ALEN)); 1798 if (cmd != NL80211_CMD_FRAME_TX_STATUS && !(data[4] & 0x01) && 1799 os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 && 1800 os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) { 1801 wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event " 1802 "for foreign address", bss->ifname); 1803 return; 1804 } 1805 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 1806 nla_data(frame), nla_len(frame)); 1807 1808 switch (cmd) { 1809 case NL80211_CMD_AUTHENTICATE: 1810 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 1811 break; 1812 case NL80211_CMD_ASSOCIATE: 1813 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 1814 break; 1815 case NL80211_CMD_DEAUTHENTICATE: 1816 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 1817 nla_data(frame), nla_len(frame)); 1818 break; 1819 case NL80211_CMD_DISASSOCIATE: 1820 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 1821 nla_data(frame), nla_len(frame)); 1822 break; 1823 case NL80211_CMD_FRAME: 1824 mlme_event_mgmt(drv, freq, sig, nla_data(frame), 1825 nla_len(frame)); 1826 break; 1827 case NL80211_CMD_FRAME_TX_STATUS: 1828 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame), 1829 nla_len(frame), ack); 1830 break; 1831 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1832 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 1833 nla_data(frame), nla_len(frame)); 1834 break; 1835 case NL80211_CMD_UNPROT_DISASSOCIATE: 1836 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 1837 nla_data(frame), nla_len(frame)); 1838 break; 1839 default: 1840 break; 1841 } 1842} 1843 1844 1845static void mlme_event_michael_mic_failure(struct i802_bss *bss, 1846 struct nlattr *tb[]) 1847{ 1848 union wpa_event_data data; 1849 1850 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 1851 os_memset(&data, 0, sizeof(data)); 1852 if (tb[NL80211_ATTR_MAC]) { 1853 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 1854 nla_data(tb[NL80211_ATTR_MAC]), 1855 nla_len(tb[NL80211_ATTR_MAC])); 1856 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 1857 } 1858 if (tb[NL80211_ATTR_KEY_SEQ]) { 1859 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 1860 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 1861 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 1862 } 1863 if (tb[NL80211_ATTR_KEY_TYPE]) { 1864 enum nl80211_key_type key_type = 1865 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 1866 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 1867 if (key_type == NL80211_KEYTYPE_PAIRWISE) 1868 data.michael_mic_failure.unicast = 1; 1869 } else 1870 data.michael_mic_failure.unicast = 1; 1871 1872 if (tb[NL80211_ATTR_KEY_IDX]) { 1873 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 1874 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 1875 } 1876 1877 wpa_supplicant_event(bss->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 1878} 1879 1880 1881static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 1882 struct nlattr *tb[]) 1883{ 1884 if (tb[NL80211_ATTR_MAC] == NULL) { 1885 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 1886 "event"); 1887 return; 1888 } 1889 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1890 1891 drv->associated = 1; 1892 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 1893 MAC2STR(drv->bssid)); 1894 1895 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 1896} 1897 1898 1899static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 1900 int cancel_event, struct nlattr *tb[]) 1901{ 1902 unsigned int freq, chan_type, duration; 1903 union wpa_event_data data; 1904 u64 cookie; 1905 1906 if (tb[NL80211_ATTR_WIPHY_FREQ]) 1907 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 1908 else 1909 freq = 0; 1910 1911 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 1912 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1913 else 1914 chan_type = 0; 1915 1916 if (tb[NL80211_ATTR_DURATION]) 1917 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 1918 else 1919 duration = 0; 1920 1921 if (tb[NL80211_ATTR_COOKIE]) 1922 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 1923 else 1924 cookie = 0; 1925 1926 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 1927 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 1928 cancel_event, freq, chan_type, duration, 1929 (long long unsigned int) cookie, 1930 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 1931 1932 if (cookie != drv->remain_on_chan_cookie) 1933 return; /* not for us */ 1934 1935 if (cancel_event) 1936 drv->pending_remain_on_chan = 0; 1937 1938 os_memset(&data, 0, sizeof(data)); 1939 data.remain_on_channel.freq = freq; 1940 data.remain_on_channel.duration = duration; 1941 wpa_supplicant_event(drv->ctx, cancel_event ? 1942 EVENT_CANCEL_REMAIN_ON_CHANNEL : 1943 EVENT_REMAIN_ON_CHANNEL, &data); 1944} 1945 1946 1947static void mlme_event_ft_event(struct wpa_driver_nl80211_data *drv, 1948 struct nlattr *tb[]) 1949{ 1950 union wpa_event_data data; 1951 1952 os_memset(&data, 0, sizeof(data)); 1953 1954 if (tb[NL80211_ATTR_IE]) { 1955 data.ft_ies.ies = nla_data(tb[NL80211_ATTR_IE]); 1956 data.ft_ies.ies_len = nla_len(tb[NL80211_ATTR_IE]); 1957 } 1958 1959 if (tb[NL80211_ATTR_IE_RIC]) { 1960 data.ft_ies.ric_ies = nla_data(tb[NL80211_ATTR_IE_RIC]); 1961 data.ft_ies.ric_ies_len = nla_len(tb[NL80211_ATTR_IE_RIC]); 1962 } 1963 1964 if (tb[NL80211_ATTR_MAC]) 1965 os_memcpy(data.ft_ies.target_ap, 1966 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1967 1968 wpa_printf(MSG_DEBUG, "nl80211: FT event target_ap " MACSTR, 1969 MAC2STR(data.ft_ies.target_ap)); 1970 1971 wpa_supplicant_event(drv->ctx, EVENT_FT_RESPONSE, &data); 1972} 1973 1974 1975static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 1976 struct nlattr *tb[]) 1977{ 1978 union wpa_event_data event; 1979 struct nlattr *nl; 1980 int rem; 1981 struct scan_info *info; 1982#define MAX_REPORT_FREQS 50 1983 int freqs[MAX_REPORT_FREQS]; 1984 int num_freqs = 0; 1985 1986 if (drv->scan_for_auth) { 1987 drv->scan_for_auth = 0; 1988 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing " 1989 "cfg80211 BSS entry"); 1990 wpa_driver_nl80211_authenticate_retry(drv); 1991 return; 1992 } 1993 1994 os_memset(&event, 0, sizeof(event)); 1995 info = &event.scan_info; 1996 info->aborted = aborted; 1997 1998 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 1999 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 2000 struct wpa_driver_scan_ssid *s = 2001 &info->ssids[info->num_ssids]; 2002 s->ssid = nla_data(nl); 2003 s->ssid_len = nla_len(nl); 2004 info->num_ssids++; 2005 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 2006 break; 2007 } 2008 } 2009 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 2010 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 2011 { 2012 freqs[num_freqs] = nla_get_u32(nl); 2013 num_freqs++; 2014 if (num_freqs == MAX_REPORT_FREQS - 1) 2015 break; 2016 } 2017 info->freqs = freqs; 2018 info->num_freqs = num_freqs; 2019 } 2020 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 2021} 2022 2023 2024static int get_link_signal(struct nl_msg *msg, void *arg) 2025{ 2026 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2027 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2028 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1]; 2029 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = { 2030 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 }, 2031 [NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 }, 2032 }; 2033 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1]; 2034 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = { 2035 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 }, 2036 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 }, 2037 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG }, 2038 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG }, 2039 }; 2040 struct wpa_signal_info *sig_change = arg; 2041 2042 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2043 genlmsg_attrlen(gnlh, 0), NULL); 2044 if (!tb[NL80211_ATTR_STA_INFO] || 2045 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX, 2046 tb[NL80211_ATTR_STA_INFO], policy)) 2047 return NL_SKIP; 2048 if (!sinfo[NL80211_STA_INFO_SIGNAL]) 2049 return NL_SKIP; 2050 2051 sig_change->current_signal = 2052 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]); 2053 2054 if (sinfo[NL80211_STA_INFO_SIGNAL_AVG]) 2055 sig_change->avg_signal = 2056 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]); 2057 else 2058 sig_change->avg_signal = 0; 2059 2060 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) { 2061 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX, 2062 sinfo[NL80211_STA_INFO_TX_BITRATE], 2063 rate_policy)) { 2064 sig_change->current_txrate = 0; 2065 } else { 2066 if (rinfo[NL80211_RATE_INFO_BITRATE]) { 2067 sig_change->current_txrate = 2068 nla_get_u16(rinfo[ 2069 NL80211_RATE_INFO_BITRATE]) * 100; 2070 } 2071 } 2072 } 2073 2074 return NL_SKIP; 2075} 2076 2077 2078static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, 2079 struct wpa_signal_info *sig) 2080{ 2081 struct nl_msg *msg; 2082 2083 sig->current_signal = -9999; 2084 sig->current_txrate = 0; 2085 2086 msg = nlmsg_alloc(); 2087 if (!msg) 2088 return -ENOMEM; 2089 2090 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 2091 2092 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2093 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 2094 2095 return send_and_recv_msgs(drv, msg, get_link_signal, sig); 2096 nla_put_failure: 2097 nlmsg_free(msg); 2098 return -ENOBUFS; 2099} 2100 2101 2102static int get_link_noise(struct nl_msg *msg, void *arg) 2103{ 2104 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2105 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2106 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 2107 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 2108 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 2109 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 2110 }; 2111 struct wpa_signal_info *sig_change = arg; 2112 2113 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2114 genlmsg_attrlen(gnlh, 0), NULL); 2115 2116 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 2117 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!"); 2118 return NL_SKIP; 2119 } 2120 2121 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 2122 tb[NL80211_ATTR_SURVEY_INFO], 2123 survey_policy)) { 2124 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested " 2125 "attributes!"); 2126 return NL_SKIP; 2127 } 2128 2129 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 2130 return NL_SKIP; 2131 2132 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 2133 sig_change->frequency) 2134 return NL_SKIP; 2135 2136 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 2137 return NL_SKIP; 2138 2139 sig_change->current_noise = 2140 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 2141 2142 return NL_SKIP; 2143} 2144 2145 2146static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, 2147 struct wpa_signal_info *sig_change) 2148{ 2149 struct nl_msg *msg; 2150 2151 sig_change->current_noise = 9999; 2152 sig_change->frequency = drv->assoc_freq; 2153 2154 msg = nlmsg_alloc(); 2155 if (!msg) 2156 return -ENOMEM; 2157 2158 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 2159 2160 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2161 2162 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change); 2163 nla_put_failure: 2164 nlmsg_free(msg); 2165 return -ENOBUFS; 2166} 2167 2168 2169static int get_noise_for_scan_results(struct nl_msg *msg, void *arg) 2170{ 2171 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2172 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2173 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 2174 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 2175 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 2176 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 2177 }; 2178 struct wpa_scan_results *scan_results = arg; 2179 struct wpa_scan_res *scan_res; 2180 size_t i; 2181 2182 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2183 genlmsg_attrlen(gnlh, 0), NULL); 2184 2185 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 2186 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing"); 2187 return NL_SKIP; 2188 } 2189 2190 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 2191 tb[NL80211_ATTR_SURVEY_INFO], 2192 survey_policy)) { 2193 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested " 2194 "attributes"); 2195 return NL_SKIP; 2196 } 2197 2198 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 2199 return NL_SKIP; 2200 2201 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 2202 return NL_SKIP; 2203 2204 for (i = 0; i < scan_results->num; ++i) { 2205 scan_res = scan_results->res[i]; 2206 if (!scan_res) 2207 continue; 2208 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 2209 scan_res->freq) 2210 continue; 2211 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID)) 2212 continue; 2213 scan_res->noise = (s8) 2214 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 2215 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID; 2216 } 2217 2218 return NL_SKIP; 2219} 2220 2221 2222static int nl80211_get_noise_for_scan_results( 2223 struct wpa_driver_nl80211_data *drv, 2224 struct wpa_scan_results *scan_res) 2225{ 2226 struct nl_msg *msg; 2227 2228 msg = nlmsg_alloc(); 2229 if (!msg) 2230 return -ENOMEM; 2231 2232 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 2233 2234 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2235 2236 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, 2237 scan_res); 2238 nla_put_failure: 2239 nlmsg_free(msg); 2240 return -ENOBUFS; 2241} 2242 2243 2244static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 2245 struct nlattr *tb[]) 2246{ 2247 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 2248 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 2249 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 2250 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 2251 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 2252 }; 2253 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 2254 enum nl80211_cqm_rssi_threshold_event event; 2255 union wpa_event_data ed; 2256 struct wpa_signal_info sig; 2257 int res; 2258 2259 if (tb[NL80211_ATTR_CQM] == NULL || 2260 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 2261 cqm_policy)) { 2262 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 2263 return; 2264 } 2265 2266 os_memset(&ed, 0, sizeof(ed)); 2267 2268 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 2269 if (!tb[NL80211_ATTR_MAC]) 2270 return; 2271 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 2272 ETH_ALEN); 2273 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 2274 return; 2275 } 2276 2277 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 2278 return; 2279 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 2280 2281 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 2282 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 2283 "event: RSSI high"); 2284 ed.signal_change.above_threshold = 1; 2285 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 2286 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 2287 "event: RSSI low"); 2288 ed.signal_change.above_threshold = 0; 2289 } else 2290 return; 2291 2292 res = nl80211_get_link_signal(drv, &sig); 2293 if (res == 0) { 2294 ed.signal_change.current_signal = sig.current_signal; 2295 ed.signal_change.current_txrate = sig.current_txrate; 2296 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 2297 sig.current_signal, sig.current_txrate); 2298 } 2299 2300 res = nl80211_get_link_noise(drv, &sig); 2301 if (res == 0) { 2302 ed.signal_change.current_noise = sig.current_noise; 2303 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 2304 sig.current_noise); 2305 } 2306 2307 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 2308} 2309 2310 2311static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 2312 struct nlattr **tb) 2313{ 2314 u8 *addr; 2315 union wpa_event_data data; 2316 2317 if (tb[NL80211_ATTR_MAC] == NULL) 2318 return; 2319 addr = nla_data(tb[NL80211_ATTR_MAC]); 2320 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 2321 2322 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 2323 u8 *ies = NULL; 2324 size_t ies_len = 0; 2325 if (tb[NL80211_ATTR_IE]) { 2326 ies = nla_data(tb[NL80211_ATTR_IE]); 2327 ies_len = nla_len(tb[NL80211_ATTR_IE]); 2328 } 2329 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 2330 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0); 2331 return; 2332 } 2333 2334 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 2335 return; 2336 2337 os_memset(&data, 0, sizeof(data)); 2338 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 2339 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data); 2340} 2341 2342 2343static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 2344 struct nlattr **tb) 2345{ 2346 u8 *addr; 2347 union wpa_event_data data; 2348 2349 if (tb[NL80211_ATTR_MAC] == NULL) 2350 return; 2351 addr = nla_data(tb[NL80211_ATTR_MAC]); 2352 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 2353 MAC2STR(addr)); 2354 2355 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 2356 drv_event_disassoc(drv->ctx, addr); 2357 return; 2358 } 2359 2360 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 2361 return; 2362 2363 os_memset(&data, 0, sizeof(data)); 2364 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 2365 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 2366} 2367 2368 2369static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv, 2370 struct nlattr **tb) 2371{ 2372 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA]; 2373 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = { 2374 [NL80211_REKEY_DATA_KEK] = { 2375 .minlen = NL80211_KEK_LEN, 2376 .maxlen = NL80211_KEK_LEN, 2377 }, 2378 [NL80211_REKEY_DATA_KCK] = { 2379 .minlen = NL80211_KCK_LEN, 2380 .maxlen = NL80211_KCK_LEN, 2381 }, 2382 [NL80211_REKEY_DATA_REPLAY_CTR] = { 2383 .minlen = NL80211_REPLAY_CTR_LEN, 2384 .maxlen = NL80211_REPLAY_CTR_LEN, 2385 }, 2386 }; 2387 union wpa_event_data data; 2388 2389 if (!tb[NL80211_ATTR_MAC]) 2390 return; 2391 if (!tb[NL80211_ATTR_REKEY_DATA]) 2392 return; 2393 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA, 2394 tb[NL80211_ATTR_REKEY_DATA], rekey_policy)) 2395 return; 2396 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]) 2397 return; 2398 2399 os_memset(&data, 0, sizeof(data)); 2400 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]); 2401 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR, 2402 MAC2STR(data.driver_gtk_rekey.bssid)); 2403 data.driver_gtk_rekey.replay_ctr = 2404 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]); 2405 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter", 2406 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN); 2407 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data); 2408} 2409 2410 2411static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv, 2412 struct nlattr **tb) 2413{ 2414 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE]; 2415 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = { 2416 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 }, 2417 [NL80211_PMKSA_CANDIDATE_BSSID] = { 2418 .minlen = ETH_ALEN, 2419 .maxlen = ETH_ALEN, 2420 }, 2421 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG }, 2422 }; 2423 union wpa_event_data data; 2424 2425 wpa_printf(MSG_DEBUG, "nl80211: PMKSA candidate event"); 2426 2427 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE]) 2428 return; 2429 if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE, 2430 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy)) 2431 return; 2432 if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] || 2433 !cand[NL80211_PMKSA_CANDIDATE_BSSID]) 2434 return; 2435 2436 os_memset(&data, 0, sizeof(data)); 2437 os_memcpy(data.pmkid_candidate.bssid, 2438 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN); 2439 data.pmkid_candidate.index = 2440 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]); 2441 data.pmkid_candidate.preauth = 2442 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL; 2443 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 2444} 2445 2446 2447static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv, 2448 struct nlattr **tb) 2449{ 2450 union wpa_event_data data; 2451 2452 wpa_printf(MSG_DEBUG, "nl80211: Probe client event"); 2453 2454 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK]) 2455 return; 2456 2457 os_memset(&data, 0, sizeof(data)); 2458 os_memcpy(data.client_poll.addr, 2459 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2460 2461 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data); 2462} 2463 2464 2465static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv, 2466 struct nlattr **tb) 2467{ 2468 union wpa_event_data data; 2469 2470 wpa_printf(MSG_DEBUG, "nl80211: TDLS operation event"); 2471 2472 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_TDLS_OPERATION]) 2473 return; 2474 2475 os_memset(&data, 0, sizeof(data)); 2476 os_memcpy(data.tdls.peer, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2477 switch (nla_get_u8(tb[NL80211_ATTR_TDLS_OPERATION])) { 2478 case NL80211_TDLS_SETUP: 2479 wpa_printf(MSG_DEBUG, "nl80211: TDLS setup request for peer " 2480 MACSTR, MAC2STR(data.tdls.peer)); 2481 data.tdls.oper = TDLS_REQUEST_SETUP; 2482 break; 2483 case NL80211_TDLS_TEARDOWN: 2484 wpa_printf(MSG_DEBUG, "nl80211: TDLS teardown request for peer " 2485 MACSTR, MAC2STR(data.tdls.peer)); 2486 data.tdls.oper = TDLS_REQUEST_TEARDOWN; 2487 break; 2488 default: 2489 wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione " 2490 "event"); 2491 return; 2492 } 2493 if (tb[NL80211_ATTR_REASON_CODE]) { 2494 data.tdls.reason_code = 2495 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 2496 } 2497 2498 wpa_supplicant_event(drv->ctx, EVENT_TDLS, &data); 2499} 2500 2501 2502static void nl80211_stop_ap(struct wpa_driver_nl80211_data *drv, 2503 struct nlattr **tb) 2504{ 2505 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_UNAVAILABLE, NULL); 2506} 2507 2508 2509static void nl80211_connect_failed_event(struct wpa_driver_nl80211_data *drv, 2510 struct nlattr **tb) 2511{ 2512 union wpa_event_data data; 2513 u32 reason; 2514 2515 wpa_printf(MSG_DEBUG, "nl80211: Connect failed event"); 2516 2517 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_CONN_FAILED_REASON]) 2518 return; 2519 2520 os_memset(&data, 0, sizeof(data)); 2521 os_memcpy(data.connect_failed_reason.addr, 2522 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2523 2524 reason = nla_get_u32(tb[NL80211_ATTR_CONN_FAILED_REASON]); 2525 switch (reason) { 2526 case NL80211_CONN_FAIL_MAX_CLIENTS: 2527 wpa_printf(MSG_DEBUG, "nl80211: Max client reached"); 2528 data.connect_failed_reason.code = MAX_CLIENT_REACHED; 2529 break; 2530 case NL80211_CONN_FAIL_BLOCKED_CLIENT: 2531 wpa_printf(MSG_DEBUG, "nl80211: Blocked client " MACSTR 2532 " tried to connect", 2533 MAC2STR(data.connect_failed_reason.addr)); 2534 data.connect_failed_reason.code = BLOCKED_CLIENT; 2535 break; 2536 default: 2537 wpa_printf(MSG_DEBUG, "nl8021l: Unknown connect failed reason " 2538 "%u", reason); 2539 return; 2540 } 2541 2542 wpa_supplicant_event(drv->ctx, EVENT_CONNECT_FAILED_REASON, &data); 2543} 2544 2545 2546static enum chan_width convert2width(int width); 2547 2548static void nl80211_radar_event(struct wpa_driver_nl80211_data *drv, 2549 struct nlattr **tb) 2550{ 2551 union wpa_event_data data; 2552 enum nl80211_radar_event event_type; 2553 2554 if (!tb[NL80211_ATTR_WIPHY_FREQ] || !tb[NL80211_ATTR_RADAR_EVENT]) 2555 return; 2556 2557 os_memset(&data, 0, sizeof(data)); 2558 data.dfs_event.freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 2559 event_type = nla_get_u32(tb[NL80211_ATTR_RADAR_EVENT]); 2560 2561 /* Check HT params */ 2562 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 2563 data.dfs_event.ht_enabled = 1; 2564 data.dfs_event.chan_offset = 0; 2565 2566 switch (nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])) { 2567 case NL80211_CHAN_NO_HT: 2568 data.dfs_event.ht_enabled = 0; 2569 break; 2570 case NL80211_CHAN_HT20: 2571 break; 2572 case NL80211_CHAN_HT40PLUS: 2573 data.dfs_event.chan_offset = 1; 2574 break; 2575 case NL80211_CHAN_HT40MINUS: 2576 data.dfs_event.chan_offset = -1; 2577 break; 2578 } 2579 } 2580 2581 /* Get VHT params */ 2582 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) 2583 data.dfs_event.chan_width = 2584 convert2width(nla_get_u32( 2585 tb[NL80211_ATTR_CHANNEL_WIDTH])); 2586 if (tb[NL80211_ATTR_CENTER_FREQ1]) 2587 data.dfs_event.cf1 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 2588 if (tb[NL80211_ATTR_CENTER_FREQ2]) 2589 data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 2590 2591 wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz, ht: %d, offset: %d, width: %d, cf1: %dMHz, cf2: %dMHz", 2592 data.dfs_event.freq, data.dfs_event.ht_enabled, 2593 data.dfs_event.chan_offset, data.dfs_event.chan_width, 2594 data.dfs_event.cf1, data.dfs_event.cf2); 2595 2596 switch (event_type) { 2597 case NL80211_RADAR_DETECTED: 2598 wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data); 2599 break; 2600 case NL80211_RADAR_CAC_FINISHED: 2601 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data); 2602 break; 2603 case NL80211_RADAR_CAC_ABORTED: 2604 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data); 2605 break; 2606 case NL80211_RADAR_NOP_FINISHED: 2607 wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data); 2608 break; 2609 default: 2610 wpa_printf(MSG_DEBUG, "nl80211: Unknown radar event %d " 2611 "received", event_type); 2612 break; 2613 } 2614} 2615 2616 2617static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb, 2618 int wds) 2619{ 2620 struct wpa_driver_nl80211_data *drv = bss->drv; 2621 union wpa_event_data event; 2622 2623 if (!tb[NL80211_ATTR_MAC]) 2624 return; 2625 2626 os_memset(&event, 0, sizeof(event)); 2627 event.rx_from_unknown.bssid = bss->addr; 2628 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]); 2629 event.rx_from_unknown.wds = wds; 2630 2631 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 2632} 2633 2634 2635static void do_process_drv_event(struct i802_bss *bss, int cmd, 2636 struct nlattr **tb) 2637{ 2638 struct wpa_driver_nl80211_data *drv = bss->drv; 2639 2640 wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s", 2641 cmd, nl80211_command_to_string(cmd), bss->ifname); 2642 2643 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED && 2644 (cmd == NL80211_CMD_NEW_SCAN_RESULTS || 2645 cmd == NL80211_CMD_SCAN_ABORTED)) { 2646 wpa_driver_nl80211_set_mode(drv->first_bss, 2647 drv->ap_scan_as_station); 2648 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 2649 } 2650 2651 switch (cmd) { 2652 case NL80211_CMD_TRIGGER_SCAN: 2653 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan trigger"); 2654 drv->scan_state = SCAN_STARTED; 2655 break; 2656 case NL80211_CMD_START_SCHED_SCAN: 2657 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan started"); 2658 drv->scan_state = SCHED_SCAN_STARTED; 2659 break; 2660 case NL80211_CMD_SCHED_SCAN_STOPPED: 2661 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan stopped"); 2662 drv->scan_state = SCHED_SCAN_STOPPED; 2663 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL); 2664 break; 2665 case NL80211_CMD_NEW_SCAN_RESULTS: 2666 wpa_dbg(drv->ctx, MSG_DEBUG, 2667 "nl80211: New scan results available"); 2668 drv->scan_state = SCAN_COMPLETED; 2669 drv->scan_complete_events = 1; 2670 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2671 drv->ctx); 2672 send_scan_event(drv, 0, tb); 2673 break; 2674 case NL80211_CMD_SCHED_SCAN_RESULTS: 2675 wpa_dbg(drv->ctx, MSG_DEBUG, 2676 "nl80211: New sched scan results available"); 2677 drv->scan_state = SCHED_SCAN_RESULTS; 2678 send_scan_event(drv, 0, tb); 2679 break; 2680 case NL80211_CMD_SCAN_ABORTED: 2681 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan aborted"); 2682 drv->scan_state = SCAN_ABORTED; 2683 /* 2684 * Need to indicate that scan results are available in order 2685 * not to make wpa_supplicant stop its scanning. 2686 */ 2687 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2688 drv->ctx); 2689 send_scan_event(drv, 1, tb); 2690 break; 2691 case NL80211_CMD_AUTHENTICATE: 2692 case NL80211_CMD_ASSOCIATE: 2693 case NL80211_CMD_DEAUTHENTICATE: 2694 case NL80211_CMD_DISASSOCIATE: 2695 case NL80211_CMD_FRAME_TX_STATUS: 2696 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 2697 case NL80211_CMD_UNPROT_DISASSOCIATE: 2698 mlme_event(bss, cmd, tb[NL80211_ATTR_FRAME], 2699 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 2700 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 2701 tb[NL80211_ATTR_COOKIE], 2702 tb[NL80211_ATTR_RX_SIGNAL_DBM]); 2703 break; 2704 case NL80211_CMD_CONNECT: 2705 case NL80211_CMD_ROAM: 2706 mlme_event_connect(drv, cmd, 2707 tb[NL80211_ATTR_STATUS_CODE], 2708 tb[NL80211_ATTR_MAC], 2709 tb[NL80211_ATTR_REQ_IE], 2710 tb[NL80211_ATTR_RESP_IE]); 2711 break; 2712 case NL80211_CMD_CH_SWITCH_NOTIFY: 2713 mlme_event_ch_switch(drv, tb[NL80211_ATTR_WIPHY_FREQ], 2714 tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 2715 break; 2716 case NL80211_CMD_DISCONNECT: 2717 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE], 2718 tb[NL80211_ATTR_MAC], 2719 tb[NL80211_ATTR_DISCONNECTED_BY_AP]); 2720 break; 2721 case NL80211_CMD_MICHAEL_MIC_FAILURE: 2722 mlme_event_michael_mic_failure(bss, tb); 2723 break; 2724 case NL80211_CMD_JOIN_IBSS: 2725 mlme_event_join_ibss(drv, tb); 2726 break; 2727 case NL80211_CMD_REMAIN_ON_CHANNEL: 2728 mlme_event_remain_on_channel(drv, 0, tb); 2729 break; 2730 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 2731 mlme_event_remain_on_channel(drv, 1, tb); 2732 break; 2733 case NL80211_CMD_NOTIFY_CQM: 2734 nl80211_cqm_event(drv, tb); 2735 break; 2736 case NL80211_CMD_REG_CHANGE: 2737 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 2738 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 2739 NULL); 2740 break; 2741 case NL80211_CMD_REG_BEACON_HINT: 2742 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 2743 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 2744 NULL); 2745 break; 2746 case NL80211_CMD_NEW_STATION: 2747 nl80211_new_station_event(drv, tb); 2748 break; 2749 case NL80211_CMD_DEL_STATION: 2750 nl80211_del_station_event(drv, tb); 2751 break; 2752 case NL80211_CMD_SET_REKEY_OFFLOAD: 2753 nl80211_rekey_offload_event(drv, tb); 2754 break; 2755 case NL80211_CMD_PMKSA_CANDIDATE: 2756 nl80211_pmksa_candidate_event(drv, tb); 2757 break; 2758 case NL80211_CMD_PROBE_CLIENT: 2759 nl80211_client_probe_event(drv, tb); 2760 break; 2761 case NL80211_CMD_TDLS_OPER: 2762 nl80211_tdls_oper_event(drv, tb); 2763 break; 2764 case NL80211_CMD_CONN_FAILED: 2765 nl80211_connect_failed_event(drv, tb); 2766 break; 2767 case NL80211_CMD_FT_EVENT: 2768 mlme_event_ft_event(drv, tb); 2769 break; 2770 case NL80211_CMD_RADAR_DETECT: 2771 nl80211_radar_event(drv, tb); 2772 break; 2773 case NL80211_CMD_STOP_AP: 2774 nl80211_stop_ap(drv, tb); 2775 break; 2776 default: 2777 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event " 2778 "(cmd=%d)", cmd); 2779 break; 2780 } 2781} 2782 2783 2784static int process_drv_event(struct nl_msg *msg, void *arg) 2785{ 2786 struct wpa_driver_nl80211_data *drv = arg; 2787 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2788 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2789 struct i802_bss *bss; 2790 int ifidx = -1; 2791 2792 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2793 genlmsg_attrlen(gnlh, 0), NULL); 2794 2795 if (tb[NL80211_ATTR_IFINDEX]) { 2796 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 2797 2798 for (bss = drv->first_bss; bss; bss = bss->next) 2799 if (ifidx == -1 || ifidx == bss->ifindex) { 2800 do_process_drv_event(bss, gnlh->cmd, tb); 2801 return NL_SKIP; 2802 } 2803 wpa_printf(MSG_DEBUG, 2804 "nl80211: Ignored event (cmd=%d) for foreign interface (ifindex %d)", 2805 gnlh->cmd, ifidx); 2806 } else if (tb[NL80211_ATTR_WDEV]) { 2807 u64 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 2808 wpa_printf(MSG_DEBUG, "nl80211: Process event on P2P device"); 2809 for (bss = drv->first_bss; bss; bss = bss->next) { 2810 if (bss->wdev_id_set && wdev_id == bss->wdev_id) { 2811 do_process_drv_event(bss, gnlh->cmd, tb); 2812 return NL_SKIP; 2813 } 2814 } 2815 wpa_printf(MSG_DEBUG, 2816 "nl80211: Ignored event (cmd=%d) for foreign interface (wdev 0x%llx)", 2817 gnlh->cmd, (long long unsigned int) wdev_id); 2818 } 2819 2820 return NL_SKIP; 2821} 2822 2823 2824static int process_global_event(struct nl_msg *msg, void *arg) 2825{ 2826 struct nl80211_global *global = arg; 2827 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2828 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2829 struct wpa_driver_nl80211_data *drv, *tmp; 2830 int ifidx = -1; 2831 struct i802_bss *bss; 2832 u64 wdev_id = 0; 2833 int wdev_id_set = 0; 2834 2835 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2836 genlmsg_attrlen(gnlh, 0), NULL); 2837 2838 if (tb[NL80211_ATTR_IFINDEX]) 2839 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 2840 else if (tb[NL80211_ATTR_WDEV]) { 2841 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 2842 wdev_id_set = 1; 2843 } 2844 2845 dl_list_for_each_safe(drv, tmp, &global->interfaces, 2846 struct wpa_driver_nl80211_data, list) { 2847 for (bss = drv->first_bss; bss; bss = bss->next) { 2848 if ((ifidx == -1 && !wdev_id_set) || 2849 ifidx == bss->ifindex || 2850 (wdev_id_set && bss->wdev_id_set && 2851 wdev_id == bss->wdev_id)) { 2852 do_process_drv_event(bss, gnlh->cmd, tb); 2853 return NL_SKIP; 2854 } 2855 } 2856 } 2857 2858 return NL_SKIP; 2859} 2860 2861 2862static int process_bss_event(struct nl_msg *msg, void *arg) 2863{ 2864 struct i802_bss *bss = arg; 2865 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2866 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2867 2868 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2869 genlmsg_attrlen(gnlh, 0), NULL); 2870 2871 wpa_printf(MSG_DEBUG, "nl80211: BSS Event %d (%s) received for %s", 2872 gnlh->cmd, nl80211_command_to_string(gnlh->cmd), 2873 bss->ifname); 2874 2875 switch (gnlh->cmd) { 2876 case NL80211_CMD_FRAME: 2877 case NL80211_CMD_FRAME_TX_STATUS: 2878 mlme_event(bss, gnlh->cmd, tb[NL80211_ATTR_FRAME], 2879 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 2880 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 2881 tb[NL80211_ATTR_COOKIE], 2882 tb[NL80211_ATTR_RX_SIGNAL_DBM]); 2883 break; 2884 case NL80211_CMD_UNEXPECTED_FRAME: 2885 nl80211_spurious_frame(bss, tb, 0); 2886 break; 2887 case NL80211_CMD_UNEXPECTED_4ADDR_FRAME: 2888 nl80211_spurious_frame(bss, tb, 1); 2889 break; 2890 default: 2891 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 2892 "(cmd=%d)", gnlh->cmd); 2893 break; 2894 } 2895 2896 return NL_SKIP; 2897} 2898 2899 2900static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 2901 void *handle) 2902{ 2903 struct nl_cb *cb = eloop_ctx; 2904 int res; 2905 2906 wpa_printf(MSG_MSGDUMP, "nl80211: Event message available"); 2907 2908 res = nl_recvmsgs(handle, cb); 2909 if (res) { 2910 wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d", 2911 __func__, res); 2912 } 2913} 2914 2915 2916/** 2917 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 2918 * @priv: driver_nl80211 private data 2919 * @alpha2_arg: country to which to switch to 2920 * Returns: 0 on success, -1 on failure 2921 * 2922 * This asks nl80211 to set the regulatory domain for given 2923 * country ISO / IEC alpha2. 2924 */ 2925static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 2926{ 2927 struct i802_bss *bss = priv; 2928 struct wpa_driver_nl80211_data *drv = bss->drv; 2929 char alpha2[3]; 2930 struct nl_msg *msg; 2931 2932 msg = nlmsg_alloc(); 2933 if (!msg) 2934 return -ENOMEM; 2935 2936 alpha2[0] = alpha2_arg[0]; 2937 alpha2[1] = alpha2_arg[1]; 2938 alpha2[2] = '\0'; 2939 2940 nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG); 2941 2942 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 2943 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 2944 return -EINVAL; 2945 return 0; 2946nla_put_failure: 2947 nlmsg_free(msg); 2948 return -EINVAL; 2949} 2950 2951 2952static int nl80211_get_country(struct nl_msg *msg, void *arg) 2953{ 2954 char *alpha2 = arg; 2955 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 2956 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2957 2958 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2959 genlmsg_attrlen(gnlh, 0), NULL); 2960 if (!tb_msg[NL80211_ATTR_REG_ALPHA2]) { 2961 wpa_printf(MSG_DEBUG, "nl80211: No country information available"); 2962 return NL_SKIP; 2963 } 2964 os_strlcpy(alpha2, nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 3); 2965 return NL_SKIP; 2966} 2967 2968 2969static int wpa_driver_nl80211_get_country(void *priv, char *alpha2) 2970{ 2971 struct i802_bss *bss = priv; 2972 struct wpa_driver_nl80211_data *drv = bss->drv; 2973 struct nl_msg *msg; 2974 int ret; 2975 2976 msg = nlmsg_alloc(); 2977 if (!msg) 2978 return -ENOMEM; 2979 2980 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 2981 alpha2[0] = '\0'; 2982 ret = send_and_recv_msgs(drv, msg, nl80211_get_country, alpha2); 2983 if (!alpha2[0]) 2984 ret = -1; 2985 2986 return ret; 2987} 2988 2989 2990static int protocol_feature_handler(struct nl_msg *msg, void *arg) 2991{ 2992 u32 *feat = arg; 2993 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 2994 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2995 2996 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2997 genlmsg_attrlen(gnlh, 0), NULL); 2998 2999 if (tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]) 3000 *feat = nla_get_u32(tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]); 3001 3002 return NL_SKIP; 3003} 3004 3005 3006static u32 get_nl80211_protocol_features(struct wpa_driver_nl80211_data *drv) 3007{ 3008 u32 feat = 0; 3009 struct nl_msg *msg; 3010 3011 msg = nlmsg_alloc(); 3012 if (!msg) 3013 goto nla_put_failure; 3014 3015 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_PROTOCOL_FEATURES); 3016 if (send_and_recv_msgs(drv, msg, protocol_feature_handler, &feat) == 0) 3017 return feat; 3018 3019 msg = NULL; 3020nla_put_failure: 3021 nlmsg_free(msg); 3022 return 0; 3023} 3024 3025 3026struct wiphy_info_data { 3027 struct wpa_driver_nl80211_data *drv; 3028 struct wpa_driver_capa *capa; 3029 3030 unsigned int num_multichan_concurrent; 3031 3032 unsigned int error:1; 3033 unsigned int device_ap_sme:1; 3034 unsigned int poll_command_supported:1; 3035 unsigned int data_tx_status:1; 3036 unsigned int monitor_supported:1; 3037 unsigned int auth_supported:1; 3038 unsigned int connect_supported:1; 3039 unsigned int p2p_go_supported:1; 3040 unsigned int p2p_client_supported:1; 3041 unsigned int p2p_concurrent:1; 3042}; 3043 3044 3045static unsigned int probe_resp_offload_support(int supp_protocols) 3046{ 3047 unsigned int prot = 0; 3048 3049 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS) 3050 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS; 3051 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2) 3052 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2; 3053 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P) 3054 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P; 3055 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U) 3056 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING; 3057 3058 return prot; 3059} 3060 3061 3062static void wiphy_info_supported_iftypes(struct wiphy_info_data *info, 3063 struct nlattr *tb) 3064{ 3065 struct nlattr *nl_mode; 3066 int i; 3067 3068 if (tb == NULL) 3069 return; 3070 3071 nla_for_each_nested(nl_mode, tb, i) { 3072 switch (nla_type(nl_mode)) { 3073 case NL80211_IFTYPE_AP: 3074 info->capa->flags |= WPA_DRIVER_FLAGS_AP; 3075 break; 3076 case NL80211_IFTYPE_ADHOC: 3077 info->capa->flags |= WPA_DRIVER_FLAGS_IBSS; 3078 break; 3079 case NL80211_IFTYPE_P2P_DEVICE: 3080 info->capa->flags |= 3081 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE; 3082 break; 3083 case NL80211_IFTYPE_P2P_GO: 3084 info->p2p_go_supported = 1; 3085 break; 3086 case NL80211_IFTYPE_P2P_CLIENT: 3087 info->p2p_client_supported = 1; 3088 break; 3089 case NL80211_IFTYPE_MONITOR: 3090 info->monitor_supported = 1; 3091 break; 3092 } 3093 } 3094} 3095 3096 3097static int wiphy_info_iface_comb_process(struct wiphy_info_data *info, 3098 struct nlattr *nl_combi) 3099{ 3100 struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB]; 3101 struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT]; 3102 struct nlattr *nl_limit, *nl_mode; 3103 int err, rem_limit, rem_mode; 3104 int combination_has_p2p = 0, combination_has_mgd = 0; 3105 static struct nla_policy 3106 iface_combination_policy[NUM_NL80211_IFACE_COMB] = { 3107 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED }, 3108 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 }, 3109 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG }, 3110 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 }, 3111 [NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS] = { .type = NLA_U32 }, 3112 }, 3113 iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = { 3114 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED }, 3115 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 }, 3116 }; 3117 3118 err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB, 3119 nl_combi, iface_combination_policy); 3120 if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] || 3121 !tb_comb[NL80211_IFACE_COMB_MAXNUM] || 3122 !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]) 3123 return 0; /* broken combination */ 3124 3125 if (tb_comb[NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS]) 3126 info->capa->flags |= WPA_DRIVER_FLAGS_RADAR; 3127 3128 nla_for_each_nested(nl_limit, tb_comb[NL80211_IFACE_COMB_LIMITS], 3129 rem_limit) { 3130 err = nla_parse_nested(tb_limit, MAX_NL80211_IFACE_LIMIT, 3131 nl_limit, iface_limit_policy); 3132 if (err || !tb_limit[NL80211_IFACE_LIMIT_TYPES]) 3133 return 0; /* broken combination */ 3134 3135 nla_for_each_nested(nl_mode, 3136 tb_limit[NL80211_IFACE_LIMIT_TYPES], 3137 rem_mode) { 3138 int ift = nla_type(nl_mode); 3139 if (ift == NL80211_IFTYPE_P2P_GO || 3140 ift == NL80211_IFTYPE_P2P_CLIENT) 3141 combination_has_p2p = 1; 3142 if (ift == NL80211_IFTYPE_STATION) 3143 combination_has_mgd = 1; 3144 } 3145 if (combination_has_p2p && combination_has_mgd) 3146 break; 3147 } 3148 3149 if (combination_has_p2p && combination_has_mgd) { 3150 info->p2p_concurrent = 1; 3151 info->num_multichan_concurrent = 3152 nla_get_u32(tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]); 3153 return 1; 3154 } 3155 3156 return 0; 3157} 3158 3159 3160static void wiphy_info_iface_comb(struct wiphy_info_data *info, 3161 struct nlattr *tb) 3162{ 3163 struct nlattr *nl_combi; 3164 int rem_combi; 3165 3166 if (tb == NULL) 3167 return; 3168 3169 nla_for_each_nested(nl_combi, tb, rem_combi) { 3170 if (wiphy_info_iface_comb_process(info, nl_combi) > 0) 3171 break; 3172 } 3173} 3174 3175 3176static void wiphy_info_supp_cmds(struct wiphy_info_data *info, 3177 struct nlattr *tb) 3178{ 3179 struct nlattr *nl_cmd; 3180 int i; 3181 3182 if (tb == NULL) 3183 return; 3184 3185 nla_for_each_nested(nl_cmd, tb, i) { 3186 switch (nla_get_u32(nl_cmd)) { 3187 case NL80211_CMD_AUTHENTICATE: 3188 info->auth_supported = 1; 3189 break; 3190 case NL80211_CMD_CONNECT: 3191 info->connect_supported = 1; 3192 break; 3193 case NL80211_CMD_START_SCHED_SCAN: 3194 info->capa->sched_scan_supported = 1; 3195 break; 3196 case NL80211_CMD_PROBE_CLIENT: 3197 info->poll_command_supported = 1; 3198 break; 3199 } 3200 } 3201} 3202 3203 3204static void wiphy_info_max_roc(struct wpa_driver_capa *capa, 3205 struct nlattr *tb) 3206{ 3207 if (tb) 3208 capa->max_remain_on_chan = nla_get_u32(tb); 3209} 3210 3211 3212static void wiphy_info_tdls(struct wpa_driver_capa *capa, struct nlattr *tdls, 3213 struct nlattr *ext_setup) 3214{ 3215 if (tdls == NULL) 3216 return; 3217 3218 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported"); 3219 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT; 3220 3221 if (ext_setup) { 3222 wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup"); 3223 capa->flags |= WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP; 3224 } 3225} 3226 3227 3228static void wiphy_info_feature_flags(struct wiphy_info_data *info, 3229 struct nlattr *tb) 3230{ 3231 u32 flags; 3232 struct wpa_driver_capa *capa = info->capa; 3233 3234 if (tb == NULL) 3235 return; 3236 3237 flags = nla_get_u32(tb); 3238 3239 if (flags & NL80211_FEATURE_SK_TX_STATUS) 3240 info->data_tx_status = 1; 3241 3242 if (flags & NL80211_FEATURE_INACTIVITY_TIMER) 3243 capa->flags |= WPA_DRIVER_FLAGS_INACTIVITY_TIMER; 3244 3245 if (flags & NL80211_FEATURE_SAE) 3246 capa->flags |= WPA_DRIVER_FLAGS_SAE; 3247 3248 if (flags & NL80211_FEATURE_NEED_OBSS_SCAN) 3249 capa->flags |= WPA_DRIVER_FLAGS_OBSS_SCAN; 3250} 3251 3252 3253static void wiphy_info_probe_resp_offload(struct wpa_driver_capa *capa, 3254 struct nlattr *tb) 3255{ 3256 u32 protocols; 3257 3258 if (tb == NULL) 3259 return; 3260 3261 protocols = nla_get_u32(tb); 3262 wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response offload in AP " 3263 "mode"); 3264 capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD; 3265 capa->probe_resp_offloads = probe_resp_offload_support(protocols); 3266} 3267 3268 3269static int wiphy_info_handler(struct nl_msg *msg, void *arg) 3270{ 3271 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 3272 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 3273 struct wiphy_info_data *info = arg; 3274 struct wpa_driver_capa *capa = info->capa; 3275 struct wpa_driver_nl80211_data *drv = info->drv; 3276 3277 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 3278 genlmsg_attrlen(gnlh, 0), NULL); 3279 3280 if (tb[NL80211_ATTR_WIPHY_NAME]) 3281 os_strlcpy(drv->phyname, 3282 nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]), 3283 sizeof(drv->phyname)); 3284 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 3285 capa->max_scan_ssids = 3286 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 3287 3288 if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]) 3289 capa->max_sched_scan_ssids = 3290 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]); 3291 3292 if (tb[NL80211_ATTR_MAX_MATCH_SETS]) 3293 capa->max_match_sets = 3294 nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]); 3295 3296 if (tb[NL80211_ATTR_MAC_ACL_MAX]) 3297 capa->max_acl_mac_addrs = 3298 nla_get_u8(tb[NL80211_ATTR_MAC_ACL_MAX]); 3299 3300 wiphy_info_supported_iftypes(info, tb[NL80211_ATTR_SUPPORTED_IFTYPES]); 3301 wiphy_info_iface_comb(info, tb[NL80211_ATTR_INTERFACE_COMBINATIONS]); 3302 wiphy_info_supp_cmds(info, tb[NL80211_ATTR_SUPPORTED_COMMANDS]); 3303 3304 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) { 3305 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based " 3306 "off-channel TX"); 3307 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 3308 } 3309 3310 if (tb[NL80211_ATTR_ROAM_SUPPORT]) { 3311 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming"); 3312 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION; 3313 } 3314 3315 wiphy_info_max_roc(capa, 3316 tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]); 3317 3318 if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD]) 3319 capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD; 3320 3321 wiphy_info_tdls(capa, tb[NL80211_ATTR_TDLS_SUPPORT], 3322 tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]); 3323 3324 if (tb[NL80211_ATTR_DEVICE_AP_SME]) 3325 info->device_ap_sme = 1; 3326 3327 wiphy_info_feature_flags(info, tb[NL80211_ATTR_FEATURE_FLAGS]); 3328 wiphy_info_probe_resp_offload(capa, 3329 tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]); 3330 3331 if (tb[NL80211_ATTR_EXT_CAPA] && tb[NL80211_ATTR_EXT_CAPA_MASK] && 3332 drv->extended_capa == NULL) { 3333 drv->extended_capa = 3334 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3335 if (drv->extended_capa) { 3336 os_memcpy(drv->extended_capa, 3337 nla_data(tb[NL80211_ATTR_EXT_CAPA]), 3338 nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3339 drv->extended_capa_len = 3340 nla_len(tb[NL80211_ATTR_EXT_CAPA]); 3341 } 3342 drv->extended_capa_mask = 3343 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3344 if (drv->extended_capa_mask) { 3345 os_memcpy(drv->extended_capa_mask, 3346 nla_data(tb[NL80211_ATTR_EXT_CAPA]), 3347 nla_len(tb[NL80211_ATTR_EXT_CAPA])); 3348 } else { 3349 os_free(drv->extended_capa); 3350 drv->extended_capa = NULL; 3351 drv->extended_capa_len = 0; 3352 } 3353 } 3354 3355 return NL_SKIP; 3356} 3357 3358 3359static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 3360 struct wiphy_info_data *info) 3361{ 3362 u32 feat; 3363 struct nl_msg *msg; 3364 3365 os_memset(info, 0, sizeof(*info)); 3366 info->capa = &drv->capa; 3367 info->drv = drv; 3368 3369 msg = nlmsg_alloc(); 3370 if (!msg) 3371 return -1; 3372 3373 feat = get_nl80211_protocol_features(drv); 3374 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP) 3375 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY); 3376 else 3377 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 3378 3379 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP); 3380 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 3381 goto nla_put_failure; 3382 3383 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info)) 3384 return -1; 3385 3386 if (info->auth_supported) 3387 drv->capa.flags |= WPA_DRIVER_FLAGS_SME; 3388 else if (!info->connect_supported) { 3389 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 3390 "authentication/association or connect commands"); 3391 info->error = 1; 3392 } 3393 3394 if (info->p2p_go_supported && info->p2p_client_supported) 3395 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE; 3396 if (info->p2p_concurrent) { 3397 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 3398 "interface (driver advertised support)"); 3399 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 3400 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 3401 } 3402 if (info->num_multichan_concurrent > 1) { 3403 wpa_printf(MSG_DEBUG, "nl80211: Enable multi-channel " 3404 "concurrent (driver advertised support)"); 3405 drv->capa.num_multichan_concurrent = 3406 info->num_multichan_concurrent; 3407 } 3408 3409 /* default to 5000 since early versions of mac80211 don't set it */ 3410 if (!drv->capa.max_remain_on_chan) 3411 drv->capa.max_remain_on_chan = 5000; 3412 3413 return 0; 3414nla_put_failure: 3415 nlmsg_free(msg); 3416 return -1; 3417} 3418 3419 3420static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 3421{ 3422 struct wiphy_info_data info; 3423 if (wpa_driver_nl80211_get_info(drv, &info)) 3424 return -1; 3425 3426 if (info.error) 3427 return -1; 3428 3429 drv->has_capability = 1; 3430 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */ 3431 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 3432 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 3433 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 3434 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 3435 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 | 3436 WPA_DRIVER_CAPA_ENC_WEP104 | 3437 WPA_DRIVER_CAPA_ENC_TKIP | 3438 WPA_DRIVER_CAPA_ENC_CCMP; 3439 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 3440 WPA_DRIVER_AUTH_SHARED | 3441 WPA_DRIVER_AUTH_LEAP; 3442 3443 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES; 3444 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 3445 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 3446 3447 if (!info.device_ap_sme) { 3448 drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS; 3449 3450 /* 3451 * No AP SME is currently assumed to also indicate no AP MLME 3452 * in the driver/firmware. 3453 */ 3454 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_MLME; 3455 } 3456 3457 drv->device_ap_sme = info.device_ap_sme; 3458 drv->poll_command_supported = info.poll_command_supported; 3459 drv->data_tx_status = info.data_tx_status; 3460 3461#ifdef ANDROID_P2P 3462 if(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) { 3463 /* Driver is new enough to support monitorless mode*/ 3464 wpa_printf(MSG_DEBUG, "nl80211: Driver is new " 3465 "enough to support monitor-less mode"); 3466 drv->use_monitor = 0; 3467 } 3468#else 3469 /* 3470 * If poll command and tx status are supported, mac80211 is new enough 3471 * to have everything we need to not need monitor interfaces. 3472 */ 3473 drv->use_monitor = !info.poll_command_supported || !info.data_tx_status; 3474#endif 3475 3476 if (drv->device_ap_sme && drv->use_monitor) { 3477 /* 3478 * Non-mac80211 drivers may not support monitor interface. 3479 * Make sure we do not get stuck with incorrect capability here 3480 * by explicitly testing this. 3481 */ 3482 if (!info.monitor_supported) { 3483 wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor " 3484 "with device_ap_sme since no monitor mode " 3485 "support detected"); 3486 drv->use_monitor = 0; 3487 } 3488 } 3489 3490 /* 3491 * If we aren't going to use monitor interfaces, but the 3492 * driver doesn't support data TX status, we won't get TX 3493 * status for EAPOL frames. 3494 */ 3495 if (!drv->use_monitor && !info.data_tx_status) 3496 drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 3497 3498 return 0; 3499} 3500 3501 3502#ifdef ANDROID 3503static int android_genl_ctrl_resolve(struct nl_handle *handle, 3504 const char *name) 3505{ 3506 /* 3507 * Android ICS has very minimal genl_ctrl_resolve() implementation, so 3508 * need to work around that. 3509 */ 3510 struct nl_cache *cache = NULL; 3511 struct genl_family *nl80211 = NULL; 3512 int id = -1; 3513 3514 if (genl_ctrl_alloc_cache(handle, &cache) < 0) { 3515 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 3516 "netlink cache"); 3517 goto fail; 3518 } 3519 3520 nl80211 = genl_ctrl_search_by_name(cache, name); 3521 if (nl80211 == NULL) 3522 goto fail; 3523 3524 id = genl_family_get_id(nl80211); 3525 3526fail: 3527 if (nl80211) 3528 genl_family_put(nl80211); 3529 if (cache) 3530 nl_cache_free(cache); 3531 3532 return id; 3533} 3534#define genl_ctrl_resolve android_genl_ctrl_resolve 3535#endif /* ANDROID */ 3536 3537 3538static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global) 3539{ 3540 int ret; 3541 3542 global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 3543 if (global->nl_cb == NULL) { 3544 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 3545 "callbacks"); 3546 return -1; 3547 } 3548 3549 global->nl = nl_create_handle(global->nl_cb, "nl"); 3550 if (global->nl == NULL) 3551 goto err; 3552 3553 global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211"); 3554 if (global->nl80211_id < 0) { 3555 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 3556 "found"); 3557 goto err; 3558 } 3559 3560 global->nl_event = nl_create_handle(global->nl_cb, "event"); 3561 if (global->nl_event == NULL) 3562 goto err; 3563 3564 ret = nl_get_multicast_id(global, "nl80211", "scan"); 3565 if (ret >= 0) 3566 ret = nl_socket_add_membership(global->nl_event, ret); 3567 if (ret < 0) { 3568 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 3569 "membership for scan events: %d (%s)", 3570 ret, strerror(-ret)); 3571 goto err; 3572 } 3573 3574 ret = nl_get_multicast_id(global, "nl80211", "mlme"); 3575 if (ret >= 0) 3576 ret = nl_socket_add_membership(global->nl_event, ret); 3577 if (ret < 0) { 3578 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 3579 "membership for mlme events: %d (%s)", 3580 ret, strerror(-ret)); 3581 goto err; 3582 } 3583 3584 ret = nl_get_multicast_id(global, "nl80211", "regulatory"); 3585 if (ret >= 0) 3586 ret = nl_socket_add_membership(global->nl_event, ret); 3587 if (ret < 0) { 3588 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 3589 "membership for regulatory events: %d (%s)", 3590 ret, strerror(-ret)); 3591 /* Continue without regulatory events */ 3592 } 3593 3594 nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 3595 no_seq_check, NULL); 3596 nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 3597 process_global_event, global); 3598 3599 nl80211_register_eloop_read(&global->nl_event, 3600 wpa_driver_nl80211_event_receive, 3601 global->nl_cb); 3602 3603 return 0; 3604 3605err: 3606 nl_destroy_handles(&global->nl_event); 3607 nl_destroy_handles(&global->nl); 3608 nl_cb_put(global->nl_cb); 3609 global->nl_cb = NULL; 3610 return -1; 3611} 3612 3613 3614static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) 3615{ 3616 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 3617 if (!drv->nl_cb) { 3618 wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct"); 3619 return -1; 3620 } 3621 3622 nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 3623 no_seq_check, NULL); 3624 nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 3625 process_drv_event, drv); 3626 3627 return 0; 3628} 3629 3630 3631static void wpa_driver_nl80211_rfkill_blocked(void *ctx) 3632{ 3633 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); 3634 /* 3635 * This may be for any interface; use ifdown event to disable 3636 * interface. 3637 */ 3638} 3639 3640 3641static void wpa_driver_nl80211_rfkill_unblocked(void *ctx) 3642{ 3643 struct wpa_driver_nl80211_data *drv = ctx; 3644 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked"); 3645 if (i802_set_iface_flags(drv->first_bss, 1)) { 3646 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP " 3647 "after rfkill unblock"); 3648 return; 3649 } 3650 /* rtnetlink ifup handler will report interface as enabled */ 3651} 3652 3653 3654static void wpa_driver_nl80211_handle_eapol_tx_status(int sock, 3655 void *eloop_ctx, 3656 void *handle) 3657{ 3658 struct wpa_driver_nl80211_data *drv = eloop_ctx; 3659 u8 data[2048]; 3660 struct msghdr msg; 3661 struct iovec entry; 3662 u8 control[512]; 3663 struct cmsghdr *cmsg; 3664 int res, found_ee = 0, found_wifi = 0, acked = 0; 3665 union wpa_event_data event; 3666 3667 memset(&msg, 0, sizeof(msg)); 3668 msg.msg_iov = &entry; 3669 msg.msg_iovlen = 1; 3670 entry.iov_base = data; 3671 entry.iov_len = sizeof(data); 3672 msg.msg_control = &control; 3673 msg.msg_controllen = sizeof(control); 3674 3675 res = recvmsg(sock, &msg, MSG_ERRQUEUE); 3676 /* if error or not fitting 802.3 header, return */ 3677 if (res < 14) 3678 return; 3679 3680 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) 3681 { 3682 if (cmsg->cmsg_level == SOL_SOCKET && 3683 cmsg->cmsg_type == SCM_WIFI_STATUS) { 3684 int *ack; 3685 3686 found_wifi = 1; 3687 ack = (void *)CMSG_DATA(cmsg); 3688 acked = *ack; 3689 } 3690 3691 if (cmsg->cmsg_level == SOL_PACKET && 3692 cmsg->cmsg_type == PACKET_TX_TIMESTAMP) { 3693 struct sock_extended_err *err = 3694 (struct sock_extended_err *)CMSG_DATA(cmsg); 3695 3696 if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS) 3697 found_ee = 1; 3698 } 3699 } 3700 3701 if (!found_ee || !found_wifi) 3702 return; 3703 3704 memset(&event, 0, sizeof(event)); 3705 event.eapol_tx_status.dst = data; 3706 event.eapol_tx_status.data = data + 14; 3707 event.eapol_tx_status.data_len = res - 14; 3708 event.eapol_tx_status.ack = acked; 3709 wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event); 3710} 3711 3712 3713static int nl80211_init_bss(struct i802_bss *bss) 3714{ 3715 bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 3716 if (!bss->nl_cb) 3717 return -1; 3718 3719 nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 3720 no_seq_check, NULL); 3721 nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 3722 process_bss_event, bss); 3723 3724 return 0; 3725} 3726 3727 3728static void nl80211_destroy_bss(struct i802_bss *bss) 3729{ 3730 nl_cb_put(bss->nl_cb); 3731 bss->nl_cb = NULL; 3732} 3733 3734 3735/** 3736 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 3737 * @ctx: context to be used when calling wpa_supplicant functions, 3738 * e.g., wpa_supplicant_event() 3739 * @ifname: interface name, e.g., wlan0 3740 * @global_priv: private driver global data from global_init() 3741 * Returns: Pointer to private data, %NULL on failure 3742 */ 3743static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, 3744 void *global_priv) 3745{ 3746 struct wpa_driver_nl80211_data *drv; 3747 struct rfkill_config *rcfg; 3748 struct i802_bss *bss; 3749 3750 if (global_priv == NULL) 3751 return NULL; 3752 drv = os_zalloc(sizeof(*drv)); 3753 if (drv == NULL) 3754 return NULL; 3755 drv->global = global_priv; 3756 drv->ctx = ctx; 3757 3758 drv->first_bss = os_zalloc(sizeof(*drv->first_bss)); 3759 if (!drv->first_bss) { 3760 os_free(drv); 3761 return NULL; 3762 } 3763 bss = drv->first_bss; 3764 bss->drv = drv; 3765 bss->ctx = ctx; 3766 3767 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 3768 drv->monitor_ifidx = -1; 3769 drv->monitor_sock = -1; 3770 drv->eapol_tx_sock = -1; 3771 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 3772 3773 if (wpa_driver_nl80211_init_nl(drv)) { 3774 os_free(drv); 3775 return NULL; 3776 } 3777 3778 if (nl80211_init_bss(bss)) 3779 goto failed; 3780 3781 rcfg = os_zalloc(sizeof(*rcfg)); 3782 if (rcfg == NULL) 3783 goto failed; 3784 rcfg->ctx = drv; 3785 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 3786 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked; 3787 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked; 3788 drv->rfkill = rfkill_init(rcfg); 3789 if (drv->rfkill == NULL) { 3790 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available"); 3791 os_free(rcfg); 3792 } 3793 3794 if (wpa_driver_nl80211_finish_drv_init(drv)) 3795 goto failed; 3796 3797 drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0); 3798 if (drv->eapol_tx_sock < 0) 3799 goto failed; 3800 3801 if (drv->data_tx_status) { 3802 int enabled = 1; 3803 3804 if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS, 3805 &enabled, sizeof(enabled)) < 0) { 3806 wpa_printf(MSG_DEBUG, 3807 "nl80211: wifi status sockopt failed\n"); 3808 drv->data_tx_status = 0; 3809 if (!drv->use_monitor) 3810 drv->capa.flags &= 3811 ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 3812 } else { 3813 eloop_register_read_sock(drv->eapol_tx_sock, 3814 wpa_driver_nl80211_handle_eapol_tx_status, 3815 drv, NULL); 3816 } 3817 } 3818 3819 if (drv->global) { 3820 dl_list_add(&drv->global->interfaces, &drv->list); 3821 drv->in_interface_list = 1; 3822 } 3823 3824 return bss; 3825 3826failed: 3827 wpa_driver_nl80211_deinit(bss); 3828 return NULL; 3829} 3830 3831 3832static int nl80211_register_frame(struct i802_bss *bss, 3833 struct nl_handle *nl_handle, 3834 u16 type, const u8 *match, size_t match_len) 3835{ 3836 struct wpa_driver_nl80211_data *drv = bss->drv; 3837 struct nl_msg *msg; 3838 int ret = -1; 3839 3840 msg = nlmsg_alloc(); 3841 if (!msg) 3842 return -1; 3843 3844 wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x nl_handle=%p", 3845 type, nl_handle); 3846 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 3847 match, match_len); 3848 3849 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION); 3850 3851 if (nl80211_set_iface_id(msg, bss) < 0) 3852 goto nla_put_failure; 3853 3854 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type); 3855 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 3856 3857 ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL); 3858 msg = NULL; 3859 if (ret) { 3860 wpa_printf(MSG_DEBUG, "nl80211: Register frame command " 3861 "failed (type=%u): ret=%d (%s)", 3862 type, ret, strerror(-ret)); 3863 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 3864 match, match_len); 3865 goto nla_put_failure; 3866 } 3867 ret = 0; 3868nla_put_failure: 3869 nlmsg_free(msg); 3870 return ret; 3871} 3872 3873 3874static int nl80211_alloc_mgmt_handle(struct i802_bss *bss) 3875{ 3876 struct wpa_driver_nl80211_data *drv = bss->drv; 3877 3878 if (bss->nl_mgmt) { 3879 wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting " 3880 "already on! (nl_mgmt=%p)", bss->nl_mgmt); 3881 return -1; 3882 } 3883 3884 bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt"); 3885 if (bss->nl_mgmt == NULL) 3886 return -1; 3887 3888 return 0; 3889} 3890 3891 3892static void nl80211_mgmt_handle_register_eloop(struct i802_bss *bss) 3893{ 3894 nl80211_register_eloop_read(&bss->nl_mgmt, 3895 wpa_driver_nl80211_event_receive, 3896 bss->nl_cb); 3897} 3898 3899 3900static int nl80211_register_action_frame(struct i802_bss *bss, 3901 const u8 *match, size_t match_len) 3902{ 3903 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4); 3904 return nl80211_register_frame(bss, bss->nl_mgmt, 3905 type, match, match_len); 3906} 3907 3908 3909static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss) 3910{ 3911 struct wpa_driver_nl80211_data *drv = bss->drv; 3912 3913 if (nl80211_alloc_mgmt_handle(bss)) 3914 return -1; 3915 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP " 3916 "handle %p", bss->nl_mgmt); 3917 3918 if (drv->nlmode == NL80211_IFTYPE_ADHOC) { 3919 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4); 3920 3921 /* register for any AUTH message */ 3922 nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0); 3923 } 3924 3925#ifdef CONFIG_INTERWORKING 3926 /* QoS Map Configure */ 3927 if (nl80211_register_action_frame(bss, (u8 *) "\x01\x04", 2) < 0) 3928 return -1; 3929#endif /* CONFIG_INTERWORKING */ 3930#if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING) 3931 /* GAS Initial Request */ 3932 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0) 3933 return -1; 3934 /* GAS Initial Response */ 3935 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0) 3936 return -1; 3937 /* GAS Comeback Request */ 3938 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0) 3939 return -1; 3940 /* GAS Comeback Response */ 3941 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0) 3942 return -1; 3943#endif /* CONFIG_P2P || CONFIG_INTERWORKING */ 3944#ifdef CONFIG_P2P 3945 /* P2P Public Action */ 3946 if (nl80211_register_action_frame(bss, 3947 (u8 *) "\x04\x09\x50\x6f\x9a\x09", 3948 6) < 0) 3949 return -1; 3950 /* P2P Action */ 3951 if (nl80211_register_action_frame(bss, 3952 (u8 *) "\x7f\x50\x6f\x9a\x09", 3953 5) < 0) 3954 return -1; 3955#endif /* CONFIG_P2P */ 3956#ifdef CONFIG_IEEE80211W 3957 /* SA Query Response */ 3958 if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0) 3959 return -1; 3960#endif /* CONFIG_IEEE80211W */ 3961#ifdef CONFIG_TDLS 3962 if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) { 3963 /* TDLS Discovery Response */ 3964 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) < 3965 0) 3966 return -1; 3967 } 3968#endif /* CONFIG_TDLS */ 3969 3970 /* FT Action frames */ 3971 if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0) 3972 return -1; 3973 else 3974 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 3975 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 3976 3977 /* WNM - BSS Transition Management Request */ 3978 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0) 3979 return -1; 3980 /* WNM-Sleep Mode Response */ 3981 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0) 3982 return -1; 3983 3984 nl80211_mgmt_handle_register_eloop(bss); 3985 3986 return 0; 3987} 3988 3989 3990static int nl80211_register_spurious_class3(struct i802_bss *bss) 3991{ 3992 struct wpa_driver_nl80211_data *drv = bss->drv; 3993 struct nl_msg *msg; 3994 int ret = -1; 3995 3996 msg = nlmsg_alloc(); 3997 if (!msg) 3998 return -1; 3999 4000 nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME); 4001 4002 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 4003 4004 ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL); 4005 msg = NULL; 4006 if (ret) { 4007 wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 " 4008 "failed: ret=%d (%s)", 4009 ret, strerror(-ret)); 4010 goto nla_put_failure; 4011 } 4012 ret = 0; 4013nla_put_failure: 4014 nlmsg_free(msg); 4015 return ret; 4016} 4017 4018 4019static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss) 4020{ 4021 static const int stypes[] = { 4022 WLAN_FC_STYPE_AUTH, 4023 WLAN_FC_STYPE_ASSOC_REQ, 4024 WLAN_FC_STYPE_REASSOC_REQ, 4025 WLAN_FC_STYPE_DISASSOC, 4026 WLAN_FC_STYPE_DEAUTH, 4027 WLAN_FC_STYPE_ACTION, 4028 WLAN_FC_STYPE_PROBE_REQ, 4029/* Beacon doesn't work as mac80211 doesn't currently allow 4030 * it, but it wouldn't really be the right thing anyway as 4031 * it isn't per interface ... maybe just dump the scan 4032 * results periodically for OLBC? 4033 */ 4034// WLAN_FC_STYPE_BEACON, 4035 }; 4036 unsigned int i; 4037 4038 if (nl80211_alloc_mgmt_handle(bss)) 4039 return -1; 4040 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 4041 "handle %p", bss->nl_mgmt); 4042 4043 for (i = 0; i < ARRAY_SIZE(stypes); i++) { 4044 if (nl80211_register_frame(bss, bss->nl_mgmt, 4045 (WLAN_FC_TYPE_MGMT << 2) | 4046 (stypes[i] << 4), 4047 NULL, 0) < 0) { 4048 goto out_err; 4049 } 4050 } 4051 4052 if (nl80211_register_spurious_class3(bss)) 4053 goto out_err; 4054 4055 if (nl80211_get_wiphy_data_ap(bss) == NULL) 4056 goto out_err; 4057 4058 nl80211_mgmt_handle_register_eloop(bss); 4059 return 0; 4060 4061out_err: 4062 nl_destroy_handles(&bss->nl_mgmt); 4063 return -1; 4064} 4065 4066 4067static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss) 4068{ 4069 if (nl80211_alloc_mgmt_handle(bss)) 4070 return -1; 4071 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 4072 "handle %p (device SME)", bss->nl_mgmt); 4073 4074 if (nl80211_register_frame(bss, bss->nl_mgmt, 4075 (WLAN_FC_TYPE_MGMT << 2) | 4076 (WLAN_FC_STYPE_ACTION << 4), 4077 NULL, 0) < 0) 4078 goto out_err; 4079 4080 nl80211_mgmt_handle_register_eloop(bss); 4081 return 0; 4082 4083out_err: 4084 nl_destroy_handles(&bss->nl_mgmt); 4085 return -1; 4086} 4087 4088 4089static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason) 4090{ 4091 if (bss->nl_mgmt == NULL) 4092 return; 4093 wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p " 4094 "(%s)", bss->nl_mgmt, reason); 4095 nl80211_destroy_eloop_handle(&bss->nl_mgmt); 4096 4097 nl80211_put_wiphy_data_ap(bss); 4098} 4099 4100 4101static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx) 4102{ 4103 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 4104} 4105 4106 4107static void nl80211_del_p2pdev(struct i802_bss *bss) 4108{ 4109 struct wpa_driver_nl80211_data *drv = bss->drv; 4110 struct nl_msg *msg; 4111 int ret; 4112 4113 msg = nlmsg_alloc(); 4114 if (!msg) 4115 return; 4116 4117 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 4118 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 4119 4120 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4121 msg = NULL; 4122 4123 wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s", 4124 bss->ifname, (long long unsigned int) bss->wdev_id, 4125 strerror(-ret)); 4126 4127nla_put_failure: 4128 nlmsg_free(msg); 4129} 4130 4131 4132static int nl80211_set_p2pdev(struct i802_bss *bss, int start) 4133{ 4134 struct wpa_driver_nl80211_data *drv = bss->drv; 4135 struct nl_msg *msg; 4136 int ret = -1; 4137 4138 msg = nlmsg_alloc(); 4139 if (!msg) 4140 return -1; 4141 4142 if (start) 4143 nl80211_cmd(drv, msg, 0, NL80211_CMD_START_P2P_DEVICE); 4144 else 4145 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_P2P_DEVICE); 4146 4147 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id); 4148 4149 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4150 msg = NULL; 4151 4152 wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s", 4153 start ? "Start" : "Stop", 4154 bss->ifname, (long long unsigned int) bss->wdev_id, 4155 strerror(-ret)); 4156 4157nla_put_failure: 4158 nlmsg_free(msg); 4159 return ret; 4160} 4161 4162 4163static int i802_set_iface_flags(struct i802_bss *bss, int up) 4164{ 4165 enum nl80211_iftype nlmode; 4166 4167 nlmode = nl80211_get_ifmode(bss); 4168 if (nlmode != NL80211_IFTYPE_P2P_DEVICE) { 4169 return linux_set_iface_flags(bss->drv->global->ioctl_sock, 4170 bss->ifname, up); 4171 } 4172 4173 /* P2P Device has start/stop which is equivalent */ 4174 return nl80211_set_p2pdev(bss, up); 4175} 4176 4177 4178static int 4179wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv) 4180{ 4181#ifndef HOSTAPD 4182 enum nl80211_iftype nlmode = NL80211_IFTYPE_STATION; 4183#endif /* HOSTAPD */ 4184 struct i802_bss *bss = drv->first_bss; 4185 int send_rfkill_event = 0; 4186 4187 drv->ifindex = if_nametoindex(bss->ifname); 4188 bss->ifindex = drv->ifindex; 4189 bss->wdev_id = drv->global->if_add_wdevid; 4190 bss->wdev_id_set = drv->global->if_add_wdevid_set; 4191 4192 bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex; 4193 bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set; 4194 drv->global->if_add_wdevid_set = 0; 4195 4196 if (wpa_driver_nl80211_capa(drv)) 4197 return -1; 4198 4199 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s", 4200 bss->ifname, drv->phyname); 4201 4202#ifndef HOSTAPD 4203 if (bss->if_dynamic) 4204 nlmode = nl80211_get_ifmode(bss); 4205 4206 /* 4207 * Make sure the interface starts up in station mode unless this is a 4208 * dynamically added interface (e.g., P2P) that was already configured 4209 * with proper iftype. 4210 */ 4211 if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) { 4212 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver to use managed mode"); 4213 return -1; 4214 } 4215 drv->nlmode = nlmode; 4216 4217 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) { 4218 int ret = nl80211_set_p2pdev(bss, 1); 4219 if (ret < 0) 4220 wpa_printf(MSG_ERROR, "nl80211: Could not start P2P device"); 4221 nl80211_get_macaddr(bss); 4222 return ret; 4223 } 4224 4225 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) { 4226 if (rfkill_is_blocked(drv->rfkill)) { 4227 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable " 4228 "interface '%s' due to rfkill", 4229 bss->ifname); 4230 drv->if_disabled = 1; 4231 send_rfkill_event = 1; 4232 } else { 4233 wpa_printf(MSG_ERROR, "nl80211: Could not set " 4234 "interface '%s' UP", bss->ifname); 4235 return -1; 4236 } 4237 } 4238 4239 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 4240 1, IF_OPER_DORMANT); 4241#endif /* HOSTAPD */ 4242 4243 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 4244 bss->addr)) 4245 return -1; 4246 4247 if (send_rfkill_event) { 4248 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill, 4249 drv, drv->ctx); 4250 } 4251 4252 return 0; 4253} 4254 4255 4256static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 4257{ 4258 struct nl_msg *msg; 4259 4260 msg = nlmsg_alloc(); 4261 if (!msg) 4262 return -ENOMEM; 4263 4264 wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)", 4265 drv->ifindex); 4266 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON); 4267 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4268 4269 return send_and_recv_msgs(drv, msg, NULL, NULL); 4270 nla_put_failure: 4271 nlmsg_free(msg); 4272 return -ENOBUFS; 4273} 4274 4275 4276/** 4277 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 4278 * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init() 4279 * 4280 * Shut down driver interface and processing of driver events. Free 4281 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 4282 */ 4283static void wpa_driver_nl80211_deinit(struct i802_bss *bss) 4284{ 4285 struct wpa_driver_nl80211_data *drv = bss->drv; 4286 4287 bss->in_deinit = 1; 4288 if (drv->data_tx_status) 4289 eloop_unregister_read_sock(drv->eapol_tx_sock); 4290 if (drv->eapol_tx_sock >= 0) 4291 close(drv->eapol_tx_sock); 4292 4293 if (bss->nl_preq) 4294 wpa_driver_nl80211_probe_req_report(bss, 0); 4295 if (bss->added_if_into_bridge) { 4296 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 4297 bss->ifname) < 0) 4298 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 4299 "interface %s from bridge %s: %s", 4300 bss->ifname, bss->brname, strerror(errno)); 4301 } 4302 if (bss->added_bridge) { 4303 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 4304 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 4305 "bridge %s: %s", 4306 bss->brname, strerror(errno)); 4307 } 4308 4309 nl80211_remove_monitor_interface(drv); 4310 4311 if (is_ap_interface(drv->nlmode)) 4312 wpa_driver_nl80211_del_beacon(drv); 4313 4314#ifdef HOSTAPD 4315 if (drv->last_freq_ht) { 4316 /* Clear HT flags from the driver */ 4317 struct hostapd_freq_params freq; 4318 os_memset(&freq, 0, sizeof(freq)); 4319 freq.freq = drv->last_freq; 4320 wpa_driver_nl80211_set_freq(bss, &freq); 4321 } 4322 4323 if (drv->eapol_sock >= 0) { 4324 eloop_unregister_read_sock(drv->eapol_sock); 4325 close(drv->eapol_sock); 4326 } 4327 4328 if (drv->if_indices != drv->default_if_indices) 4329 os_free(drv->if_indices); 4330#endif /* HOSTAPD */ 4331 4332 if (drv->disabled_11b_rates) 4333 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 4334 4335 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0, 4336 IF_OPER_UP); 4337 rfkill_deinit(drv->rfkill); 4338 4339 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 4340 4341 (void) i802_set_iface_flags(bss, 0); 4342 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) { 4343 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION); 4344 nl80211_mgmt_unsubscribe(bss, "deinit"); 4345 } else { 4346 nl80211_mgmt_unsubscribe(bss, "deinit"); 4347 nl80211_del_p2pdev(bss); 4348 } 4349 nl_cb_put(drv->nl_cb); 4350 4351 nl80211_destroy_bss(drv->first_bss); 4352 4353 os_free(drv->filter_ssids); 4354 4355 os_free(drv->auth_ie); 4356 4357 if (drv->in_interface_list) 4358 dl_list_del(&drv->list); 4359 4360 os_free(drv->extended_capa); 4361 os_free(drv->extended_capa_mask); 4362 os_free(drv->first_bss); 4363 os_free(drv); 4364} 4365 4366 4367/** 4368 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 4369 * @eloop_ctx: Driver private data 4370 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 4371 * 4372 * This function can be used as registered timeout when starting a scan to 4373 * generate a scan completed event if the driver does not report this. 4374 */ 4375static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 4376{ 4377 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4378 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) { 4379 wpa_driver_nl80211_set_mode(drv->first_bss, 4380 drv->ap_scan_as_station); 4381 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 4382 } 4383 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 4384 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 4385} 4386 4387 4388static struct nl_msg * 4389nl80211_scan_common(struct wpa_driver_nl80211_data *drv, u8 cmd, 4390 struct wpa_driver_scan_params *params, u64 *wdev_id) 4391{ 4392 struct nl_msg *msg; 4393 size_t i; 4394 4395 msg = nlmsg_alloc(); 4396 if (!msg) 4397 return NULL; 4398 4399 nl80211_cmd(drv, msg, 0, cmd); 4400 4401 if (!wdev_id) 4402 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4403 else 4404 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, *wdev_id); 4405 4406 if (params->num_ssids) { 4407 struct nlattr *ssids; 4408 4409 ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 4410 if (ssids == NULL) 4411 goto fail; 4412 for (i = 0; i < params->num_ssids; i++) { 4413 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 4414 params->ssids[i].ssid, 4415 params->ssids[i].ssid_len); 4416 if (nla_put(msg, i + 1, params->ssids[i].ssid_len, 4417 params->ssids[i].ssid) < 0) 4418 goto fail; 4419 } 4420 nla_nest_end(msg, ssids); 4421 } 4422 4423 if (params->extra_ies) { 4424 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", 4425 params->extra_ies, params->extra_ies_len); 4426 if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len, 4427 params->extra_ies) < 0) 4428 goto fail; 4429 } 4430 4431 if (params->freqs) { 4432 struct nlattr *freqs; 4433 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 4434 if (freqs == NULL) 4435 goto fail; 4436 for (i = 0; params->freqs[i]; i++) { 4437 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 4438 "MHz", params->freqs[i]); 4439 if (nla_put_u32(msg, i + 1, params->freqs[i]) < 0) 4440 goto fail; 4441 } 4442 nla_nest_end(msg, freqs); 4443 } 4444 4445 os_free(drv->filter_ssids); 4446 drv->filter_ssids = params->filter_ssids; 4447 params->filter_ssids = NULL; 4448 drv->num_filter_ssids = params->num_filter_ssids; 4449 4450 return msg; 4451 4452fail: 4453nla_put_failure: 4454 nlmsg_free(msg); 4455 return NULL; 4456} 4457 4458 4459/** 4460 * wpa_driver_nl80211_scan - Request the driver to initiate scan 4461 * @bss: Pointer to private driver data from wpa_driver_nl80211_init() 4462 * @params: Scan parameters 4463 * Returns: 0 on success, -1 on failure 4464 */ 4465static int wpa_driver_nl80211_scan(struct i802_bss *bss, 4466 struct wpa_driver_scan_params *params) 4467{ 4468 struct wpa_driver_nl80211_data *drv = bss->drv; 4469 int ret = -1, timeout; 4470 struct nl_msg *msg = NULL; 4471 4472 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request"); 4473 drv->scan_for_auth = 0; 4474 4475 msg = nl80211_scan_common(drv, NL80211_CMD_TRIGGER_SCAN, params, 4476 bss->wdev_id_set ? &bss->wdev_id : NULL); 4477 if (!msg) 4478 return -1; 4479 4480 if (params->p2p_probe) { 4481 struct nlattr *rates; 4482 4483 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates"); 4484 4485 rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES); 4486 if (rates == NULL) 4487 goto nla_put_failure; 4488 4489 /* 4490 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates 4491 * by masking out everything else apart from the OFDM rates 6, 4492 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz 4493 * rates are left enabled. 4494 */ 4495 NLA_PUT(msg, NL80211_BAND_2GHZ, 8, 4496 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 4497 nla_nest_end(msg, rates); 4498 4499 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 4500 } 4501 4502 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4503 msg = NULL; 4504 if (ret) { 4505 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 4506 "(%s)", ret, strerror(-ret)); 4507#ifdef HOSTAPD 4508 if (is_ap_interface(drv->nlmode)) { 4509 /* 4510 * mac80211 does not allow scan requests in AP mode, so 4511 * try to do this in station mode. 4512 */ 4513 if (wpa_driver_nl80211_set_mode( 4514 bss, NL80211_IFTYPE_STATION)) 4515 goto nla_put_failure; 4516 4517 if (wpa_driver_nl80211_scan(bss, params)) { 4518 wpa_driver_nl80211_set_mode(bss, drv->nlmode); 4519 goto nla_put_failure; 4520 } 4521 4522 /* Restore AP mode when processing scan results */ 4523 drv->ap_scan_as_station = drv->nlmode; 4524 ret = 0; 4525 } else 4526 goto nla_put_failure; 4527#else /* HOSTAPD */ 4528 goto nla_put_failure; 4529#endif /* HOSTAPD */ 4530 } 4531 4532 drv->scan_state = SCAN_REQUESTED; 4533 /* Not all drivers generate "scan completed" wireless event, so try to 4534 * read results after a timeout. */ 4535 timeout = 10; 4536 if (drv->scan_complete_events) { 4537 /* 4538 * The driver seems to deliver events to notify when scan is 4539 * complete, so use longer timeout to avoid race conditions 4540 * with scanning and following association request. 4541 */ 4542 timeout = 30; 4543 } 4544 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 4545 "seconds", ret, timeout); 4546 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 4547 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 4548 drv, drv->ctx); 4549 4550nla_put_failure: 4551 nlmsg_free(msg); 4552 return ret; 4553} 4554 4555 4556/** 4557 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan 4558 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 4559 * @params: Scan parameters 4560 * @interval: Interval between scan cycles in milliseconds 4561 * Returns: 0 on success, -1 on failure or if not supported 4562 */ 4563static int wpa_driver_nl80211_sched_scan(void *priv, 4564 struct wpa_driver_scan_params *params, 4565 u32 interval) 4566{ 4567 struct i802_bss *bss = priv; 4568 struct wpa_driver_nl80211_data *drv = bss->drv; 4569 int ret = -1; 4570 struct nl_msg *msg; 4571 size_t i; 4572 4573 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request"); 4574 4575#ifdef ANDROID 4576 if (!drv->capa.sched_scan_supported) 4577 return android_pno_start(bss, params); 4578#endif /* ANDROID */ 4579 4580 msg = nl80211_scan_common(drv, NL80211_CMD_START_SCHED_SCAN, params, 4581 bss->wdev_id_set ? &bss->wdev_id : NULL); 4582 if (!msg) 4583 goto nla_put_failure; 4584 4585 NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval); 4586 4587 if ((drv->num_filter_ssids && 4588 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) || 4589 params->filter_rssi) { 4590 struct nlattr *match_sets; 4591 match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH); 4592 if (match_sets == NULL) 4593 goto nla_put_failure; 4594 4595 for (i = 0; i < drv->num_filter_ssids; i++) { 4596 struct nlattr *match_set_ssid; 4597 wpa_hexdump_ascii(MSG_MSGDUMP, 4598 "nl80211: Sched scan filter SSID", 4599 drv->filter_ssids[i].ssid, 4600 drv->filter_ssids[i].ssid_len); 4601 4602 match_set_ssid = nla_nest_start(msg, i + 1); 4603 if (match_set_ssid == NULL) 4604 goto nla_put_failure; 4605 NLA_PUT(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID, 4606 drv->filter_ssids[i].ssid_len, 4607 drv->filter_ssids[i].ssid); 4608 4609 nla_nest_end(msg, match_set_ssid); 4610 } 4611 4612 if (params->filter_rssi) { 4613 struct nlattr *match_set_rssi; 4614 match_set_rssi = nla_nest_start(msg, 0); 4615 if (match_set_rssi == NULL) 4616 goto nla_put_failure; 4617 NLA_PUT_U32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 4618 params->filter_rssi); 4619 wpa_printf(MSG_MSGDUMP, 4620 "nl80211: Sched scan RSSI filter %d dBm", 4621 params->filter_rssi); 4622 nla_nest_end(msg, match_set_rssi); 4623 } 4624 4625 nla_nest_end(msg, match_sets); 4626 } 4627 4628 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4629 4630 /* TODO: if we get an error here, we should fall back to normal scan */ 4631 4632 msg = NULL; 4633 if (ret) { 4634 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: " 4635 "ret=%d (%s)", ret, strerror(-ret)); 4636 goto nla_put_failure; 4637 } 4638 4639 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - " 4640 "scan interval %d msec", ret, interval); 4641 4642nla_put_failure: 4643 nlmsg_free(msg); 4644 return ret; 4645} 4646 4647 4648/** 4649 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan 4650 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 4651 * Returns: 0 on success, -1 on failure or if not supported 4652 */ 4653static int wpa_driver_nl80211_stop_sched_scan(void *priv) 4654{ 4655 struct i802_bss *bss = priv; 4656 struct wpa_driver_nl80211_data *drv = bss->drv; 4657 int ret = 0; 4658 struct nl_msg *msg; 4659 4660#ifdef ANDROID 4661 if (!drv->capa.sched_scan_supported) 4662 return android_pno_stop(bss); 4663#endif /* ANDROID */ 4664 4665 msg = nlmsg_alloc(); 4666 if (!msg) 4667 return -1; 4668 4669 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN); 4670 4671 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4672 4673 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4674 msg = NULL; 4675 if (ret) { 4676 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: " 4677 "ret=%d (%s)", ret, strerror(-ret)); 4678 goto nla_put_failure; 4679 } 4680 4681 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret); 4682 4683nla_put_failure: 4684 nlmsg_free(msg); 4685 return ret; 4686} 4687 4688 4689static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 4690{ 4691 const u8 *end, *pos; 4692 4693 if (ies == NULL) 4694 return NULL; 4695 4696 pos = ies; 4697 end = ies + ies_len; 4698 4699 while (pos + 1 < end) { 4700 if (pos + 2 + pos[1] > end) 4701 break; 4702 if (pos[0] == ie) 4703 return pos; 4704 pos += 2 + pos[1]; 4705 } 4706 4707 return NULL; 4708} 4709 4710 4711static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 4712 const u8 *ie, size_t ie_len) 4713{ 4714 const u8 *ssid; 4715 size_t i; 4716 4717 if (drv->filter_ssids == NULL) 4718 return 0; 4719 4720 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 4721 if (ssid == NULL) 4722 return 1; 4723 4724 for (i = 0; i < drv->num_filter_ssids; i++) { 4725 if (ssid[1] == drv->filter_ssids[i].ssid_len && 4726 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 4727 0) 4728 return 0; 4729 } 4730 4731 return 1; 4732} 4733 4734 4735static int bss_info_handler(struct nl_msg *msg, void *arg) 4736{ 4737 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 4738 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 4739 struct nlattr *bss[NL80211_BSS_MAX + 1]; 4740 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 4741 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 4742 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 4743 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 4744 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 4745 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 4746 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 4747 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 4748 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 4749 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 4750 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 4751 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 4752 }; 4753 struct nl80211_bss_info_arg *_arg = arg; 4754 struct wpa_scan_results *res = _arg->res; 4755 struct wpa_scan_res **tmp; 4756 struct wpa_scan_res *r; 4757 const u8 *ie, *beacon_ie; 4758 size_t ie_len, beacon_ie_len; 4759 u8 *pos; 4760 size_t i; 4761 4762 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 4763 genlmsg_attrlen(gnlh, 0), NULL); 4764 if (!tb[NL80211_ATTR_BSS]) 4765 return NL_SKIP; 4766 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 4767 bss_policy)) 4768 return NL_SKIP; 4769 if (bss[NL80211_BSS_STATUS]) { 4770 enum nl80211_bss_status status; 4771 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 4772 if (status == NL80211_BSS_STATUS_ASSOCIATED && 4773 bss[NL80211_BSS_FREQUENCY]) { 4774 _arg->assoc_freq = 4775 nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 4776 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz", 4777 _arg->assoc_freq); 4778 } 4779 if (status == NL80211_BSS_STATUS_ASSOCIATED && 4780 bss[NL80211_BSS_BSSID]) { 4781 os_memcpy(_arg->assoc_bssid, 4782 nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN); 4783 wpa_printf(MSG_DEBUG, "nl80211: Associated with " 4784 MACSTR, MAC2STR(_arg->assoc_bssid)); 4785 } 4786 } 4787 if (!res) 4788 return NL_SKIP; 4789 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 4790 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 4791 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 4792 } else { 4793 ie = NULL; 4794 ie_len = 0; 4795 } 4796 if (bss[NL80211_BSS_BEACON_IES]) { 4797 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 4798 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 4799 } else { 4800 beacon_ie = NULL; 4801 beacon_ie_len = 0; 4802 } 4803 4804 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 4805 ie ? ie_len : beacon_ie_len)) 4806 return NL_SKIP; 4807 4808 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 4809 if (r == NULL) 4810 return NL_SKIP; 4811 if (bss[NL80211_BSS_BSSID]) 4812 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 4813 ETH_ALEN); 4814 if (bss[NL80211_BSS_FREQUENCY]) 4815 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 4816 if (bss[NL80211_BSS_BEACON_INTERVAL]) 4817 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 4818 if (bss[NL80211_BSS_CAPABILITY]) 4819 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 4820 r->flags |= WPA_SCAN_NOISE_INVALID; 4821 if (bss[NL80211_BSS_SIGNAL_MBM]) { 4822 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 4823 r->level /= 100; /* mBm to dBm */ 4824 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 4825 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 4826 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 4827 r->flags |= WPA_SCAN_QUAL_INVALID; 4828 } else 4829 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 4830 if (bss[NL80211_BSS_TSF]) 4831 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 4832 if (bss[NL80211_BSS_SEEN_MS_AGO]) 4833 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 4834 r->ie_len = ie_len; 4835 pos = (u8 *) (r + 1); 4836 if (ie) { 4837 os_memcpy(pos, ie, ie_len); 4838 pos += ie_len; 4839 } 4840 r->beacon_ie_len = beacon_ie_len; 4841 if (beacon_ie) 4842 os_memcpy(pos, beacon_ie, beacon_ie_len); 4843 4844 if (bss[NL80211_BSS_STATUS]) { 4845 enum nl80211_bss_status status; 4846 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 4847 switch (status) { 4848 case NL80211_BSS_STATUS_AUTHENTICATED: 4849 r->flags |= WPA_SCAN_AUTHENTICATED; 4850 break; 4851 case NL80211_BSS_STATUS_ASSOCIATED: 4852 r->flags |= WPA_SCAN_ASSOCIATED; 4853 break; 4854 default: 4855 break; 4856 } 4857 } 4858 4859 /* 4860 * cfg80211 maintains separate BSS table entries for APs if the same 4861 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does 4862 * not use frequency as a separate key in the BSS table, so filter out 4863 * duplicated entries. Prefer associated BSS entry in such a case in 4864 * order to get the correct frequency into the BSS table. 4865 */ 4866 for (i = 0; i < res->num; i++) { 4867 const u8 *s1, *s2; 4868 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0) 4869 continue; 4870 4871 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1), 4872 res->res[i]->ie_len, WLAN_EID_SSID); 4873 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID); 4874 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] || 4875 os_memcmp(s1, s2, 2 + s1[1]) != 0) 4876 continue; 4877 4878 /* Same BSSID,SSID was already included in scan results */ 4879 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result " 4880 "for " MACSTR, MAC2STR(r->bssid)); 4881 4882 if ((r->flags & WPA_SCAN_ASSOCIATED) && 4883 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) { 4884 os_free(res->res[i]); 4885 res->res[i] = r; 4886 } else 4887 os_free(r); 4888 return NL_SKIP; 4889 } 4890 4891 tmp = os_realloc_array(res->res, res->num + 1, 4892 sizeof(struct wpa_scan_res *)); 4893 if (tmp == NULL) { 4894 os_free(r); 4895 return NL_SKIP; 4896 } 4897 tmp[res->num++] = r; 4898 res->res = tmp; 4899 4900 return NL_SKIP; 4901} 4902 4903 4904static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 4905 const u8 *addr) 4906{ 4907 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 4908 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 4909 "mismatch (" MACSTR ")", MAC2STR(addr)); 4910 wpa_driver_nl80211_mlme(drv, addr, 4911 NL80211_CMD_DEAUTHENTICATE, 4912 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 4913 } 4914} 4915 4916 4917static void wpa_driver_nl80211_check_bss_status( 4918 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 4919{ 4920 size_t i; 4921 4922 for (i = 0; i < res->num; i++) { 4923 struct wpa_scan_res *r = res->res[i]; 4924 if (r->flags & WPA_SCAN_AUTHENTICATED) { 4925 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 4926 "indicates BSS status with " MACSTR 4927 " as authenticated", 4928 MAC2STR(r->bssid)); 4929 if (is_sta_interface(drv->nlmode) && 4930 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 4931 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 4932 0) { 4933 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 4934 " in local state (auth=" MACSTR 4935 " assoc=" MACSTR ")", 4936 MAC2STR(drv->auth_bssid), 4937 MAC2STR(drv->bssid)); 4938 clear_state_mismatch(drv, r->bssid); 4939 } 4940 } 4941 4942 if (r->flags & WPA_SCAN_ASSOCIATED) { 4943 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 4944 "indicate BSS status with " MACSTR 4945 " as associated", 4946 MAC2STR(r->bssid)); 4947 if (is_sta_interface(drv->nlmode) && 4948 !drv->associated) { 4949 wpa_printf(MSG_DEBUG, "nl80211: Local state " 4950 "(not associated) does not match " 4951 "with BSS state"); 4952 clear_state_mismatch(drv, r->bssid); 4953 } else if (is_sta_interface(drv->nlmode) && 4954 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 4955 0) { 4956 wpa_printf(MSG_DEBUG, "nl80211: Local state " 4957 "(associated with " MACSTR ") does " 4958 "not match with BSS state", 4959 MAC2STR(drv->bssid)); 4960 clear_state_mismatch(drv, r->bssid); 4961 clear_state_mismatch(drv, drv->bssid); 4962 } 4963 } 4964 } 4965} 4966 4967 4968static struct wpa_scan_results * 4969nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 4970{ 4971 struct nl_msg *msg; 4972 struct wpa_scan_results *res; 4973 int ret; 4974 struct nl80211_bss_info_arg arg; 4975 4976 res = os_zalloc(sizeof(*res)); 4977 if (res == NULL) 4978 return NULL; 4979 msg = nlmsg_alloc(); 4980 if (!msg) 4981 goto nla_put_failure; 4982 4983 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 4984 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 4985 goto nla_put_failure; 4986 4987 arg.drv = drv; 4988 arg.res = res; 4989 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 4990 msg = NULL; 4991 if (ret == 0) { 4992 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu " 4993 "BSSes)", (unsigned long) res->num); 4994 nl80211_get_noise_for_scan_results(drv, res); 4995 return res; 4996 } 4997 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 4998 "(%s)", ret, strerror(-ret)); 4999nla_put_failure: 5000 nlmsg_free(msg); 5001 wpa_scan_results_free(res); 5002 return NULL; 5003} 5004 5005 5006/** 5007 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 5008 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 5009 * Returns: Scan results on success, -1 on failure 5010 */ 5011static struct wpa_scan_results * 5012wpa_driver_nl80211_get_scan_results(void *priv) 5013{ 5014 struct i802_bss *bss = priv; 5015 struct wpa_driver_nl80211_data *drv = bss->drv; 5016 struct wpa_scan_results *res; 5017 5018 res = nl80211_get_scan_results(drv); 5019 if (res) 5020 wpa_driver_nl80211_check_bss_status(drv, res); 5021 return res; 5022} 5023 5024 5025static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 5026{ 5027 struct wpa_scan_results *res; 5028 size_t i; 5029 5030 res = nl80211_get_scan_results(drv); 5031 if (res == NULL) { 5032 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 5033 return; 5034 } 5035 5036 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 5037 for (i = 0; i < res->num; i++) { 5038 struct wpa_scan_res *r = res->res[i]; 5039 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 5040 (int) i, (int) res->num, MAC2STR(r->bssid), 5041 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 5042 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 5043 } 5044 5045 wpa_scan_results_free(res); 5046} 5047 5048 5049static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss, 5050 enum wpa_alg alg, const u8 *addr, 5051 int key_idx, int set_tx, 5052 const u8 *seq, size_t seq_len, 5053 const u8 *key, size_t key_len) 5054{ 5055 struct wpa_driver_nl80211_data *drv = bss->drv; 5056 int ifindex; 5057 struct nl_msg *msg; 5058 int ret; 5059 int tdls = 0; 5060 5061 /* Ignore for P2P Device */ 5062 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) 5063 return 0; 5064 5065 ifindex = if_nametoindex(ifname); 5066 wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d " 5067 "set_tx=%d seq_len=%lu key_len=%lu", 5068 __func__, ifindex, ifname, alg, addr, key_idx, set_tx, 5069 (unsigned long) seq_len, (unsigned long) key_len); 5070#ifdef CONFIG_TDLS 5071 if (key_idx == -1) { 5072 key_idx = 0; 5073 tdls = 1; 5074 } 5075#endif /* CONFIG_TDLS */ 5076 5077 msg = nlmsg_alloc(); 5078 if (!msg) 5079 return -ENOMEM; 5080 5081 if (alg == WPA_ALG_NONE) { 5082 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY); 5083 } else { 5084 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY); 5085 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 5086 switch (alg) { 5087 case WPA_ALG_WEP: 5088 if (key_len == 5) 5089 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 5090 WLAN_CIPHER_SUITE_WEP40); 5091 else 5092 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 5093 WLAN_CIPHER_SUITE_WEP104); 5094 break; 5095 case WPA_ALG_TKIP: 5096 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 5097 WLAN_CIPHER_SUITE_TKIP); 5098 break; 5099 case WPA_ALG_CCMP: 5100 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 5101 WLAN_CIPHER_SUITE_CCMP); 5102 break; 5103 case WPA_ALG_GCMP: 5104 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 5105 WLAN_CIPHER_SUITE_GCMP); 5106 break; 5107 case WPA_ALG_IGTK: 5108 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 5109 WLAN_CIPHER_SUITE_AES_CMAC); 5110 break; 5111 case WPA_ALG_SMS4: 5112 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 5113 WLAN_CIPHER_SUITE_SMS4); 5114 break; 5115 case WPA_ALG_KRK: 5116 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 5117 WLAN_CIPHER_SUITE_KRK); 5118 break; 5119 default: 5120 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 5121 "algorithm %d", __func__, alg); 5122 nlmsg_free(msg); 5123 return -1; 5124 } 5125 } 5126 5127 if (seq && seq_len) 5128 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 5129 5130 if (addr && !is_broadcast_ether_addr(addr)) { 5131 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 5132 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5133 5134 if (alg != WPA_ALG_WEP && key_idx && !set_tx) { 5135 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK"); 5136 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, 5137 NL80211_KEYTYPE_GROUP); 5138 } 5139 } else if (addr && is_broadcast_ether_addr(addr)) { 5140 struct nlattr *types; 5141 5142 wpa_printf(MSG_DEBUG, " broadcast key"); 5143 5144 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5145 if (!types) 5146 goto nla_put_failure; 5147 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 5148 nla_nest_end(msg, types); 5149 } 5150 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 5151 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5152 5153 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5154 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 5155 ret = 0; 5156 if (ret) 5157 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 5158 ret, strerror(-ret)); 5159 5160 /* 5161 * If we failed or don't need to set the default TX key (below), 5162 * we're done here. 5163 */ 5164 if (ret || !set_tx || alg == WPA_ALG_NONE || tdls) 5165 return ret; 5166 if (is_ap_interface(drv->nlmode) && addr && 5167 !is_broadcast_ether_addr(addr)) 5168 return ret; 5169 5170 msg = nlmsg_alloc(); 5171 if (!msg) 5172 return -ENOMEM; 5173 5174 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY); 5175 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 5176 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5177 if (alg == WPA_ALG_IGTK) 5178 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 5179 else 5180 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 5181 if (addr && is_broadcast_ether_addr(addr)) { 5182 struct nlattr *types; 5183 5184 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5185 if (!types) 5186 goto nla_put_failure; 5187 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST); 5188 nla_nest_end(msg, types); 5189 } else if (addr) { 5190 struct nlattr *types; 5191 5192 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES); 5193 if (!types) 5194 goto nla_put_failure; 5195 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_UNICAST); 5196 nla_nest_end(msg, types); 5197 } 5198 5199 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5200 if (ret == -ENOENT) 5201 ret = 0; 5202 if (ret) 5203 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 5204 "err=%d %s)", ret, strerror(-ret)); 5205 return ret; 5206 5207nla_put_failure: 5208 nlmsg_free(msg); 5209 return -ENOBUFS; 5210} 5211 5212 5213static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 5214 int key_idx, int defkey, 5215 const u8 *seq, size_t seq_len, 5216 const u8 *key, size_t key_len) 5217{ 5218 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 5219 if (!key_attr) 5220 return -1; 5221 5222 if (defkey && alg == WPA_ALG_IGTK) 5223 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 5224 else if (defkey) 5225 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 5226 5227 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 5228 5229 switch (alg) { 5230 case WPA_ALG_WEP: 5231 if (key_len == 5) 5232 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5233 WLAN_CIPHER_SUITE_WEP40); 5234 else 5235 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5236 WLAN_CIPHER_SUITE_WEP104); 5237 break; 5238 case WPA_ALG_TKIP: 5239 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP); 5240 break; 5241 case WPA_ALG_CCMP: 5242 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP); 5243 break; 5244 case WPA_ALG_GCMP: 5245 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_GCMP); 5246 break; 5247 case WPA_ALG_IGTK: 5248 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5249 WLAN_CIPHER_SUITE_AES_CMAC); 5250 break; 5251 default: 5252 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 5253 "algorithm %d", __func__, alg); 5254 return -1; 5255 } 5256 5257 if (seq && seq_len) 5258 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 5259 5260 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 5261 5262 nla_nest_end(msg, key_attr); 5263 5264 return 0; 5265 nla_put_failure: 5266 return -1; 5267} 5268 5269 5270static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 5271 struct nl_msg *msg) 5272{ 5273 int i, privacy = 0; 5274 struct nlattr *nl_keys, *nl_key; 5275 5276 for (i = 0; i < 4; i++) { 5277 if (!params->wep_key[i]) 5278 continue; 5279 privacy = 1; 5280 break; 5281 } 5282 if (params->wps == WPS_MODE_PRIVACY) 5283 privacy = 1; 5284 if (params->pairwise_suite && 5285 params->pairwise_suite != WPA_CIPHER_NONE) 5286 privacy = 1; 5287 5288 if (!privacy) 5289 return 0; 5290 5291 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 5292 5293 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 5294 if (!nl_keys) 5295 goto nla_put_failure; 5296 5297 for (i = 0; i < 4; i++) { 5298 if (!params->wep_key[i]) 5299 continue; 5300 5301 nl_key = nla_nest_start(msg, i); 5302 if (!nl_key) 5303 goto nla_put_failure; 5304 5305 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 5306 params->wep_key[i]); 5307 if (params->wep_key_len[i] == 5) 5308 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5309 WLAN_CIPHER_SUITE_WEP40); 5310 else 5311 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 5312 WLAN_CIPHER_SUITE_WEP104); 5313 5314 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 5315 5316 if (i == params->wep_tx_keyidx) 5317 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 5318 5319 nla_nest_end(msg, nl_key); 5320 } 5321 nla_nest_end(msg, nl_keys); 5322 5323 return 0; 5324 5325nla_put_failure: 5326 return -ENOBUFS; 5327} 5328 5329 5330static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 5331 const u8 *addr, int cmd, u16 reason_code, 5332 int local_state_change) 5333{ 5334 int ret = -1; 5335 struct nl_msg *msg; 5336 5337 msg = nlmsg_alloc(); 5338 if (!msg) 5339 return -1; 5340 5341 nl80211_cmd(drv, msg, 0, cmd); 5342 5343 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5344 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 5345 if (addr) 5346 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5347 if (local_state_change) 5348 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 5349 5350 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5351 msg = NULL; 5352 if (ret) { 5353 wpa_dbg(drv->ctx, MSG_DEBUG, 5354 "nl80211: MLME command failed: reason=%u ret=%d (%s)", 5355 reason_code, ret, strerror(-ret)); 5356 goto nla_put_failure; 5357 } 5358 ret = 0; 5359 5360nla_put_failure: 5361 nlmsg_free(msg); 5362 return ret; 5363} 5364 5365 5366static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 5367 int reason_code) 5368{ 5369 int ret; 5370 5371 wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code); 5372 nl80211_mark_disconnected(drv); 5373 /* Disconnect command doesn't need BSSID - it uses cached value */ 5374 ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT, 5375 reason_code, 0); 5376 /* 5377 * For locally generated disconnect, supplicant already generates a 5378 * DEAUTH event, so ignore the event from NL80211. 5379 */ 5380 drv->ignore_next_local_disconnect = ret == 0; 5381 5382 return ret; 5383} 5384 5385 5386static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss, 5387 const u8 *addr, int reason_code) 5388{ 5389 struct wpa_driver_nl80211_data *drv = bss->drv; 5390 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 5391 return wpa_driver_nl80211_disconnect(drv, reason_code); 5392 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", 5393 __func__, MAC2STR(addr), reason_code); 5394 nl80211_mark_disconnected(drv); 5395 if (drv->nlmode == NL80211_IFTYPE_ADHOC) 5396 return nl80211_leave_ibss(drv); 5397 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 5398 reason_code, 0); 5399} 5400 5401 5402static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv, 5403 struct wpa_driver_auth_params *params) 5404{ 5405 int i; 5406 5407 drv->auth_freq = params->freq; 5408 drv->auth_alg = params->auth_alg; 5409 drv->auth_wep_tx_keyidx = params->wep_tx_keyidx; 5410 drv->auth_local_state_change = params->local_state_change; 5411 drv->auth_p2p = params->p2p; 5412 5413 if (params->bssid) 5414 os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN); 5415 else 5416 os_memset(drv->auth_bssid_, 0, ETH_ALEN); 5417 5418 if (params->ssid) { 5419 os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len); 5420 drv->auth_ssid_len = params->ssid_len; 5421 } else 5422 drv->auth_ssid_len = 0; 5423 5424 5425 os_free(drv->auth_ie); 5426 drv->auth_ie = NULL; 5427 drv->auth_ie_len = 0; 5428 if (params->ie) { 5429 drv->auth_ie = os_malloc(params->ie_len); 5430 if (drv->auth_ie) { 5431 os_memcpy(drv->auth_ie, params->ie, params->ie_len); 5432 drv->auth_ie_len = params->ie_len; 5433 } 5434 } 5435 5436 for (i = 0; i < 4; i++) { 5437 if (params->wep_key[i] && params->wep_key_len[i] && 5438 params->wep_key_len[i] <= 16) { 5439 os_memcpy(drv->auth_wep_key[i], params->wep_key[i], 5440 params->wep_key_len[i]); 5441 drv->auth_wep_key_len[i] = params->wep_key_len[i]; 5442 } else 5443 drv->auth_wep_key_len[i] = 0; 5444 } 5445} 5446 5447 5448static int wpa_driver_nl80211_authenticate( 5449 struct i802_bss *bss, struct wpa_driver_auth_params *params) 5450{ 5451 struct wpa_driver_nl80211_data *drv = bss->drv; 5452 int ret = -1, i; 5453 struct nl_msg *msg; 5454 enum nl80211_auth_type type; 5455 enum nl80211_iftype nlmode; 5456 int count = 0; 5457 int is_retry; 5458 5459 is_retry = drv->retry_auth; 5460 drv->retry_auth = 0; 5461 5462 nl80211_mark_disconnected(drv); 5463 os_memset(drv->auth_bssid, 0, ETH_ALEN); 5464 if (params->bssid) 5465 os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN); 5466 else 5467 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 5468 /* FIX: IBSS mode */ 5469 nlmode = params->p2p ? 5470 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 5471 if (drv->nlmode != nlmode && 5472 wpa_driver_nl80211_set_mode(bss, nlmode) < 0) 5473 return -1; 5474 5475retry: 5476 msg = nlmsg_alloc(); 5477 if (!msg) 5478 return -1; 5479 5480 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 5481 drv->ifindex); 5482 5483 nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE); 5484 5485 for (i = 0; i < 4; i++) { 5486 if (!params->wep_key[i]) 5487 continue; 5488 wpa_driver_nl80211_set_key(bss->ifname, bss, WPA_ALG_WEP, 5489 NULL, i, 5490 i == params->wep_tx_keyidx, NULL, 0, 5491 params->wep_key[i], 5492 params->wep_key_len[i]); 5493 if (params->wep_tx_keyidx != i) 5494 continue; 5495 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 5496 params->wep_key[i], params->wep_key_len[i])) { 5497 nlmsg_free(msg); 5498 return -1; 5499 } 5500 } 5501 5502 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5503 if (params->bssid) { 5504 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 5505 MAC2STR(params->bssid)); 5506 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 5507 } 5508 if (params->freq) { 5509 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 5510 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 5511 } 5512 if (params->ssid) { 5513 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 5514 params->ssid, params->ssid_len); 5515 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 5516 params->ssid); 5517 } 5518 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 5519 if (params->ie) 5520 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 5521 if (params->sae_data) { 5522 wpa_hexdump(MSG_DEBUG, " * SAE data", params->sae_data, 5523 params->sae_data_len); 5524 NLA_PUT(msg, NL80211_ATTR_SAE_DATA, params->sae_data_len, 5525 params->sae_data); 5526 } 5527 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 5528 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 5529 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 5530 type = NL80211_AUTHTYPE_SHARED_KEY; 5531 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 5532 type = NL80211_AUTHTYPE_NETWORK_EAP; 5533 else if (params->auth_alg & WPA_AUTH_ALG_FT) 5534 type = NL80211_AUTHTYPE_FT; 5535 else if (params->auth_alg & WPA_AUTH_ALG_SAE) 5536 type = NL80211_AUTHTYPE_SAE; 5537 else 5538 goto nla_put_failure; 5539 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 5540 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 5541 if (params->local_state_change) { 5542 wpa_printf(MSG_DEBUG, " * Local state change only"); 5543 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 5544 } 5545 5546 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5547 msg = NULL; 5548 if (ret) { 5549 wpa_dbg(drv->ctx, MSG_DEBUG, 5550 "nl80211: MLME command failed (auth): ret=%d (%s)", 5551 ret, strerror(-ret)); 5552 count++; 5553 if (ret == -EALREADY && count == 1 && params->bssid && 5554 !params->local_state_change) { 5555 /* 5556 * mac80211 does not currently accept new 5557 * authentication if we are already authenticated. As a 5558 * workaround, force deauthentication and try again. 5559 */ 5560 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 5561 "after forced deauthentication"); 5562 wpa_driver_nl80211_deauthenticate( 5563 bss, params->bssid, 5564 WLAN_REASON_PREV_AUTH_NOT_VALID); 5565 nlmsg_free(msg); 5566 goto retry; 5567 } 5568 5569 if (ret == -ENOENT && params->freq && !is_retry) { 5570 /* 5571 * cfg80211 has likely expired the BSS entry even 5572 * though it was previously available in our internal 5573 * BSS table. To recover quickly, start a single 5574 * channel scan on the specified channel. 5575 */ 5576 struct wpa_driver_scan_params scan; 5577 int freqs[2]; 5578 5579 os_memset(&scan, 0, sizeof(scan)); 5580 scan.num_ssids = 1; 5581 if (params->ssid) { 5582 scan.ssids[0].ssid = params->ssid; 5583 scan.ssids[0].ssid_len = params->ssid_len; 5584 } 5585 freqs[0] = params->freq; 5586 freqs[1] = 0; 5587 scan.freqs = freqs; 5588 wpa_printf(MSG_DEBUG, "nl80211: Trigger single " 5589 "channel scan to refresh cfg80211 BSS " 5590 "entry"); 5591 ret = wpa_driver_nl80211_scan(bss, &scan); 5592 if (ret == 0) { 5593 nl80211_copy_auth_params(drv, params); 5594 drv->scan_for_auth = 1; 5595 } 5596 } else if (is_retry) { 5597 /* 5598 * Need to indicate this with an event since the return 5599 * value from the retry is not delivered to core code. 5600 */ 5601 union wpa_event_data event; 5602 wpa_printf(MSG_DEBUG, "nl80211: Authentication retry " 5603 "failed"); 5604 os_memset(&event, 0, sizeof(event)); 5605 os_memcpy(event.timeout_event.addr, drv->auth_bssid_, 5606 ETH_ALEN); 5607 wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT, 5608 &event); 5609 } 5610 5611 goto nla_put_failure; 5612 } 5613 ret = 0; 5614 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 5615 "successfully"); 5616 5617nla_put_failure: 5618 nlmsg_free(msg); 5619 return ret; 5620} 5621 5622 5623static int wpa_driver_nl80211_authenticate_retry( 5624 struct wpa_driver_nl80211_data *drv) 5625{ 5626 struct wpa_driver_auth_params params; 5627 struct i802_bss *bss = drv->first_bss; 5628 int i; 5629 5630 wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again"); 5631 5632 os_memset(¶ms, 0, sizeof(params)); 5633 params.freq = drv->auth_freq; 5634 params.auth_alg = drv->auth_alg; 5635 params.wep_tx_keyidx = drv->auth_wep_tx_keyidx; 5636 params.local_state_change = drv->auth_local_state_change; 5637 params.p2p = drv->auth_p2p; 5638 5639 if (!is_zero_ether_addr(drv->auth_bssid_)) 5640 params.bssid = drv->auth_bssid_; 5641 5642 if (drv->auth_ssid_len) { 5643 params.ssid = drv->auth_ssid; 5644 params.ssid_len = drv->auth_ssid_len; 5645 } 5646 5647 params.ie = drv->auth_ie; 5648 params.ie_len = drv->auth_ie_len; 5649 5650 for (i = 0; i < 4; i++) { 5651 if (drv->auth_wep_key_len[i]) { 5652 params.wep_key[i] = drv->auth_wep_key[i]; 5653 params.wep_key_len[i] = drv->auth_wep_key_len[i]; 5654 } 5655 } 5656 5657 drv->retry_auth = 1; 5658 return wpa_driver_nl80211_authenticate(bss, ¶ms); 5659} 5660 5661 5662struct phy_info_arg { 5663 u16 *num_modes; 5664 struct hostapd_hw_modes *modes; 5665 int last_mode, last_chan_idx; 5666}; 5667 5668static void phy_info_ht_capa(struct hostapd_hw_modes *mode, struct nlattr *capa, 5669 struct nlattr *ampdu_factor, 5670 struct nlattr *ampdu_density, 5671 struct nlattr *mcs_set) 5672{ 5673 if (capa) 5674 mode->ht_capab = nla_get_u16(capa); 5675 5676 if (ampdu_factor) 5677 mode->a_mpdu_params |= nla_get_u8(ampdu_factor) & 0x03; 5678 5679 if (ampdu_density) 5680 mode->a_mpdu_params |= nla_get_u8(ampdu_density) << 2; 5681 5682 if (mcs_set && nla_len(mcs_set) >= 16) { 5683 u8 *mcs; 5684 mcs = nla_data(mcs_set); 5685 os_memcpy(mode->mcs_set, mcs, 16); 5686 } 5687} 5688 5689 5690static void phy_info_vht_capa(struct hostapd_hw_modes *mode, 5691 struct nlattr *capa, 5692 struct nlattr *mcs_set) 5693{ 5694 if (capa) 5695 mode->vht_capab = nla_get_u32(capa); 5696 5697 if (mcs_set && nla_len(mcs_set) >= 8) { 5698 u8 *mcs; 5699 mcs = nla_data(mcs_set); 5700 os_memcpy(mode->vht_mcs_set, mcs, 8); 5701 } 5702} 5703 5704 5705static void phy_info_freq(struct hostapd_hw_modes *mode, 5706 struct hostapd_channel_data *chan, 5707 struct nlattr *tb_freq[]) 5708{ 5709 u8 channel; 5710 chan->freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 5711 chan->flag = 0; 5712 if (ieee80211_freq_to_chan(chan->freq, &channel) != NUM_HOSTAPD_MODES) 5713 chan->chan = channel; 5714 5715 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 5716 chan->flag |= HOSTAPD_CHAN_DISABLED; 5717 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN]) 5718 chan->flag |= HOSTAPD_CHAN_PASSIVE_SCAN; 5719 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS]) 5720 chan->flag |= HOSTAPD_CHAN_NO_IBSS; 5721 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 5722 chan->flag |= HOSTAPD_CHAN_RADAR; 5723 5724 if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]) { 5725 enum nl80211_dfs_state state = 5726 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]); 5727 5728 switch (state) { 5729 case NL80211_DFS_USABLE: 5730 chan->flag |= HOSTAPD_CHAN_DFS_USABLE; 5731 break; 5732 case NL80211_DFS_AVAILABLE: 5733 chan->flag |= HOSTAPD_CHAN_DFS_AVAILABLE; 5734 break; 5735 case NL80211_DFS_UNAVAILABLE: 5736 chan->flag |= HOSTAPD_CHAN_DFS_UNAVAILABLE; 5737 break; 5738 } 5739 } 5740} 5741 5742 5743static int phy_info_freqs(struct phy_info_arg *phy_info, 5744 struct hostapd_hw_modes *mode, struct nlattr *tb) 5745{ 5746 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 5747 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 5748 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 5749 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG }, 5750 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG }, 5751 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 5752 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 5753 [NL80211_FREQUENCY_ATTR_DFS_STATE] = { .type = NLA_U32 }, 5754 }; 5755 int new_channels = 0; 5756 struct hostapd_channel_data *channel; 5757 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 5758 struct nlattr *nl_freq; 5759 int rem_freq, idx; 5760 5761 if (tb == NULL) 5762 return NL_OK; 5763 5764 nla_for_each_nested(nl_freq, tb, rem_freq) { 5765 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 5766 nla_data(nl_freq), nla_len(nl_freq), freq_policy); 5767 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 5768 continue; 5769 new_channels++; 5770 } 5771 5772 channel = os_realloc_array(mode->channels, 5773 mode->num_channels + new_channels, 5774 sizeof(struct hostapd_channel_data)); 5775 if (!channel) 5776 return NL_SKIP; 5777 5778 mode->channels = channel; 5779 mode->num_channels += new_channels; 5780 5781 idx = phy_info->last_chan_idx; 5782 5783 nla_for_each_nested(nl_freq, tb, rem_freq) { 5784 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, 5785 nla_data(nl_freq), nla_len(nl_freq), freq_policy); 5786 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 5787 continue; 5788 phy_info_freq(mode, &mode->channels[idx], tb_freq); 5789 idx++; 5790 } 5791 phy_info->last_chan_idx = idx; 5792 5793 return NL_OK; 5794} 5795 5796 5797static int phy_info_rates(struct hostapd_hw_modes *mode, struct nlattr *tb) 5798{ 5799 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 5800 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 5801 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = 5802 { .type = NLA_FLAG }, 5803 }; 5804 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 5805 struct nlattr *nl_rate; 5806 int rem_rate, idx; 5807 5808 if (tb == NULL) 5809 return NL_OK; 5810 5811 nla_for_each_nested(nl_rate, tb, rem_rate) { 5812 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 5813 nla_data(nl_rate), nla_len(nl_rate), 5814 rate_policy); 5815 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 5816 continue; 5817 mode->num_rates++; 5818 } 5819 5820 mode->rates = os_calloc(mode->num_rates, sizeof(int)); 5821 if (!mode->rates) 5822 return NL_SKIP; 5823 5824 idx = 0; 5825 5826 nla_for_each_nested(nl_rate, tb, rem_rate) { 5827 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, 5828 nla_data(nl_rate), nla_len(nl_rate), 5829 rate_policy); 5830 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 5831 continue; 5832 mode->rates[idx] = nla_get_u32( 5833 tb_rate[NL80211_BITRATE_ATTR_RATE]); 5834 idx++; 5835 } 5836 5837 return NL_OK; 5838} 5839 5840 5841static int phy_info_band(struct phy_info_arg *phy_info, struct nlattr *nl_band) 5842{ 5843 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 5844 struct hostapd_hw_modes *mode; 5845 int ret; 5846 5847 if (phy_info->last_mode != nl_band->nla_type) { 5848 mode = os_realloc_array(phy_info->modes, 5849 *phy_info->num_modes + 1, 5850 sizeof(*mode)); 5851 if (!mode) 5852 return NL_SKIP; 5853 phy_info->modes = mode; 5854 5855 mode = &phy_info->modes[*(phy_info->num_modes)]; 5856 os_memset(mode, 0, sizeof(*mode)); 5857 mode->mode = NUM_HOSTAPD_MODES; 5858 mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN | 5859 HOSTAPD_MODE_FLAG_VHT_INFO_KNOWN; 5860 5861 /* 5862 * Unsupported VHT MCS stream is defined as value 3, so the VHT 5863 * MCS RX/TX map must be initialized with 0xffff to mark all 8 5864 * possible streams as unsupported. This will be overridden if 5865 * driver advertises VHT support. 5866 */ 5867 mode->vht_mcs_set[0] = 0xff; 5868 mode->vht_mcs_set[1] = 0xff; 5869 mode->vht_mcs_set[4] = 0xff; 5870 mode->vht_mcs_set[5] = 0xff; 5871 5872 *(phy_info->num_modes) += 1; 5873 phy_info->last_mode = nl_band->nla_type; 5874 phy_info->last_chan_idx = 0; 5875 } else 5876 mode = &phy_info->modes[*(phy_info->num_modes) - 1]; 5877 5878 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 5879 nla_len(nl_band), NULL); 5880 5881 phy_info_ht_capa(mode, tb_band[NL80211_BAND_ATTR_HT_CAPA], 5882 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR], 5883 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY], 5884 tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 5885 phy_info_vht_capa(mode, tb_band[NL80211_BAND_ATTR_VHT_CAPA], 5886 tb_band[NL80211_BAND_ATTR_VHT_MCS_SET]); 5887 ret = phy_info_freqs(phy_info, mode, tb_band[NL80211_BAND_ATTR_FREQS]); 5888 if (ret != NL_OK) 5889 return ret; 5890 ret = phy_info_rates(mode, tb_band[NL80211_BAND_ATTR_RATES]); 5891 if (ret != NL_OK) 5892 return ret; 5893 5894 return NL_OK; 5895} 5896 5897 5898static int phy_info_handler(struct nl_msg *msg, void *arg) 5899{ 5900 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 5901 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 5902 struct phy_info_arg *phy_info = arg; 5903 struct nlattr *nl_band; 5904 int rem_band; 5905 5906 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 5907 genlmsg_attrlen(gnlh, 0), NULL); 5908 5909 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 5910 return NL_SKIP; 5911 5912 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) 5913 { 5914 int res = phy_info_band(phy_info, nl_band); 5915 if (res != NL_OK) 5916 return res; 5917 } 5918 5919 return NL_SKIP; 5920} 5921 5922 5923static struct hostapd_hw_modes * 5924wpa_driver_nl80211_postprocess_modes(struct hostapd_hw_modes *modes, 5925 u16 *num_modes) 5926{ 5927 u16 m; 5928 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 5929 int i, mode11g_idx = -1; 5930 5931 /* heuristic to set up modes */ 5932 for (m = 0; m < *num_modes; m++) { 5933 if (!modes[m].num_channels) 5934 continue; 5935 if (modes[m].channels[0].freq < 4000) { 5936 modes[m].mode = HOSTAPD_MODE_IEEE80211B; 5937 for (i = 0; i < modes[m].num_rates; i++) { 5938 if (modes[m].rates[i] > 200) { 5939 modes[m].mode = HOSTAPD_MODE_IEEE80211G; 5940 break; 5941 } 5942 } 5943 } else if (modes[m].channels[0].freq > 50000) 5944 modes[m].mode = HOSTAPD_MODE_IEEE80211AD; 5945 else 5946 modes[m].mode = HOSTAPD_MODE_IEEE80211A; 5947 } 5948 5949 /* If only 802.11g mode is included, use it to construct matching 5950 * 802.11b mode data. */ 5951 5952 for (m = 0; m < *num_modes; m++) { 5953 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 5954 return modes; /* 802.11b already included */ 5955 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 5956 mode11g_idx = m; 5957 } 5958 5959 if (mode11g_idx < 0) 5960 return modes; /* 2.4 GHz band not supported at all */ 5961 5962 nmodes = os_realloc_array(modes, *num_modes + 1, sizeof(*nmodes)); 5963 if (nmodes == NULL) 5964 return modes; /* Could not add 802.11b mode */ 5965 5966 mode = &nmodes[*num_modes]; 5967 os_memset(mode, 0, sizeof(*mode)); 5968 (*num_modes)++; 5969 modes = nmodes; 5970 5971 mode->mode = HOSTAPD_MODE_IEEE80211B; 5972 5973 mode11g = &modes[mode11g_idx]; 5974 mode->num_channels = mode11g->num_channels; 5975 mode->channels = os_malloc(mode11g->num_channels * 5976 sizeof(struct hostapd_channel_data)); 5977 if (mode->channels == NULL) { 5978 (*num_modes)--; 5979 return modes; /* Could not add 802.11b mode */ 5980 } 5981 os_memcpy(mode->channels, mode11g->channels, 5982 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 5983 5984 mode->num_rates = 0; 5985 mode->rates = os_malloc(4 * sizeof(int)); 5986 if (mode->rates == NULL) { 5987 os_free(mode->channels); 5988 (*num_modes)--; 5989 return modes; /* Could not add 802.11b mode */ 5990 } 5991 5992 for (i = 0; i < mode11g->num_rates; i++) { 5993 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 5994 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 5995 continue; 5996 mode->rates[mode->num_rates] = mode11g->rates[i]; 5997 mode->num_rates++; 5998 if (mode->num_rates == 4) 5999 break; 6000 } 6001 6002 if (mode->num_rates == 0) { 6003 os_free(mode->channels); 6004 os_free(mode->rates); 6005 (*num_modes)--; 6006 return modes; /* No 802.11b rates */ 6007 } 6008 6009 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 6010 "information"); 6011 6012 return modes; 6013} 6014 6015 6016static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start, 6017 int end) 6018{ 6019 int c; 6020 6021 for (c = 0; c < mode->num_channels; c++) { 6022 struct hostapd_channel_data *chan = &mode->channels[c]; 6023 if (chan->freq - 10 >= start && chan->freq + 10 <= end) 6024 chan->flag |= HOSTAPD_CHAN_HT40; 6025 } 6026} 6027 6028 6029static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start, 6030 int end) 6031{ 6032 int c; 6033 6034 for (c = 0; c < mode->num_channels; c++) { 6035 struct hostapd_channel_data *chan = &mode->channels[c]; 6036 if (!(chan->flag & HOSTAPD_CHAN_HT40)) 6037 continue; 6038 if (chan->freq - 30 >= start && chan->freq - 10 <= end) 6039 chan->flag |= HOSTAPD_CHAN_HT40MINUS; 6040 if (chan->freq + 10 >= start && chan->freq + 30 <= end) 6041 chan->flag |= HOSTAPD_CHAN_HT40PLUS; 6042 } 6043} 6044 6045 6046static void nl80211_reg_rule_max_eirp(struct nlattr *tb[], 6047 struct phy_info_arg *results) 6048{ 6049 u32 start, end, max_eirp; 6050 u16 m; 6051 6052 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6053 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6054 tb[NL80211_ATTR_POWER_RULE_MAX_EIRP] == NULL) 6055 return; 6056 6057 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6058 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6059 max_eirp = nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) / 100; 6060 6061 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u mBm", 6062 start, end, max_eirp); 6063 6064 for (m = 0; m < *results->num_modes; m++) { 6065 int c; 6066 struct hostapd_hw_modes *mode = &results->modes[m]; 6067 6068 for (c = 0; c < mode->num_channels; c++) { 6069 struct hostapd_channel_data *chan = &mode->channels[c]; 6070 if ((u32) chan->freq - 10 >= start && 6071 (u32) chan->freq + 10 <= end) 6072 chan->max_tx_power = max_eirp; 6073 } 6074 } 6075} 6076 6077 6078static void nl80211_reg_rule_ht40(struct nlattr *tb[], 6079 struct phy_info_arg *results) 6080{ 6081 u32 start, end, max_bw; 6082 u16 m; 6083 6084 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6085 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6086 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6087 return; 6088 6089 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6090 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6091 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6092 6093 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz", 6094 start, end, max_bw); 6095 if (max_bw < 40) 6096 return; 6097 6098 for (m = 0; m < *results->num_modes; m++) { 6099 if (!(results->modes[m].ht_capab & 6100 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6101 continue; 6102 nl80211_set_ht40_mode(&results->modes[m], start, end); 6103 } 6104} 6105 6106 6107static void nl80211_reg_rule_sec(struct nlattr *tb[], 6108 struct phy_info_arg *results) 6109{ 6110 u32 start, end, max_bw; 6111 u16 m; 6112 6113 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6114 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6115 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6116 return; 6117 6118 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6119 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6120 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6121 6122 if (max_bw < 20) 6123 return; 6124 6125 for (m = 0; m < *results->num_modes; m++) { 6126 if (!(results->modes[m].ht_capab & 6127 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6128 continue; 6129 nl80211_set_ht40_mode_sec(&results->modes[m], start, end); 6130 } 6131} 6132 6133 6134static void nl80211_set_vht_mode(struct hostapd_hw_modes *mode, int start, 6135 int end) 6136{ 6137 int c; 6138 6139 for (c = 0; c < mode->num_channels; c++) { 6140 struct hostapd_channel_data *chan = &mode->channels[c]; 6141 if (chan->freq - 10 >= start && chan->freq + 70 <= end) 6142 chan->flag |= HOSTAPD_CHAN_VHT_10_70; 6143 6144 if (chan->freq - 30 >= start && chan->freq + 50 <= end) 6145 chan->flag |= HOSTAPD_CHAN_VHT_30_50; 6146 6147 if (chan->freq - 50 >= start && chan->freq + 30 <= end) 6148 chan->flag |= HOSTAPD_CHAN_VHT_50_30; 6149 6150 if (chan->freq - 70 >= start && chan->freq + 10 <= end) 6151 chan->flag |= HOSTAPD_CHAN_VHT_70_10; 6152 } 6153} 6154 6155 6156static void nl80211_reg_rule_vht(struct nlattr *tb[], 6157 struct phy_info_arg *results) 6158{ 6159 u32 start, end, max_bw; 6160 u16 m; 6161 6162 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL || 6163 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL || 6164 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL) 6165 return; 6166 6167 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000; 6168 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000; 6169 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000; 6170 6171 if (max_bw < 80) 6172 return; 6173 6174 for (m = 0; m < *results->num_modes; m++) { 6175 if (!(results->modes[m].ht_capab & 6176 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 6177 continue; 6178 /* TODO: use a real VHT support indication */ 6179 if (!results->modes[m].vht_capab) 6180 continue; 6181 6182 nl80211_set_vht_mode(&results->modes[m], start, end); 6183 } 6184} 6185 6186 6187static int nl80211_get_reg(struct nl_msg *msg, void *arg) 6188{ 6189 struct phy_info_arg *results = arg; 6190 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 6191 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 6192 struct nlattr *nl_rule; 6193 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1]; 6194 int rem_rule; 6195 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 6196 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 6197 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 6198 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 6199 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 6200 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 6201 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 6202 }; 6203 6204 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 6205 genlmsg_attrlen(gnlh, 0), NULL); 6206 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] || 6207 !tb_msg[NL80211_ATTR_REG_RULES]) { 6208 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information " 6209 "available"); 6210 return NL_SKIP; 6211 } 6212 6213 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s", 6214 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2])); 6215 6216 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6217 { 6218 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6219 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6220 nl80211_reg_rule_ht40(tb_rule, results); 6221 nl80211_reg_rule_max_eirp(tb_rule, results); 6222 } 6223 6224 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6225 { 6226 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6227 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6228 nl80211_reg_rule_sec(tb_rule, results); 6229 } 6230 6231 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule) 6232 { 6233 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX, 6234 nla_data(nl_rule), nla_len(nl_rule), reg_policy); 6235 nl80211_reg_rule_vht(tb_rule, results); 6236 } 6237 6238 return NL_SKIP; 6239} 6240 6241 6242static int nl80211_set_regulatory_flags(struct wpa_driver_nl80211_data *drv, 6243 struct phy_info_arg *results) 6244{ 6245 struct nl_msg *msg; 6246 6247 msg = nlmsg_alloc(); 6248 if (!msg) 6249 return -ENOMEM; 6250 6251 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG); 6252 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results); 6253} 6254 6255 6256static struct hostapd_hw_modes * 6257wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 6258{ 6259 u32 feat; 6260 struct i802_bss *bss = priv; 6261 struct wpa_driver_nl80211_data *drv = bss->drv; 6262 struct nl_msg *msg; 6263 struct phy_info_arg result = { 6264 .num_modes = num_modes, 6265 .modes = NULL, 6266 .last_mode = -1, 6267 }; 6268 6269 *num_modes = 0; 6270 *flags = 0; 6271 6272 msg = nlmsg_alloc(); 6273 if (!msg) 6274 return NULL; 6275 6276 feat = get_nl80211_protocol_features(drv); 6277 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP) 6278 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY); 6279 else 6280 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 6281 6282 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP); 6283 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6284 6285 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) { 6286 nl80211_set_regulatory_flags(drv, &result); 6287 return wpa_driver_nl80211_postprocess_modes(result.modes, 6288 num_modes); 6289 } 6290 msg = NULL; 6291 nla_put_failure: 6292 nlmsg_free(msg); 6293 return NULL; 6294} 6295 6296 6297static int wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data *drv, 6298 const void *data, size_t len, 6299 int encrypt, int noack) 6300{ 6301 __u8 rtap_hdr[] = { 6302 0x00, 0x00, /* radiotap version */ 6303 0x0e, 0x00, /* radiotap length */ 6304 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 6305 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 6306 0x00, /* padding */ 6307 0x00, 0x00, /* RX and TX flags to indicate that */ 6308 0x00, 0x00, /* this is the injected frame directly */ 6309 }; 6310 struct iovec iov[2] = { 6311 { 6312 .iov_base = &rtap_hdr, 6313 .iov_len = sizeof(rtap_hdr), 6314 }, 6315 { 6316 .iov_base = (void *) data, 6317 .iov_len = len, 6318 } 6319 }; 6320 struct msghdr msg = { 6321 .msg_name = NULL, 6322 .msg_namelen = 0, 6323 .msg_iov = iov, 6324 .msg_iovlen = 2, 6325 .msg_control = NULL, 6326 .msg_controllen = 0, 6327 .msg_flags = 0, 6328 }; 6329 int res; 6330 u16 txflags = 0; 6331 6332 if (encrypt) 6333 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 6334 6335 if (drv->monitor_sock < 0) { 6336 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available " 6337 "for %s", __func__); 6338 return -1; 6339 } 6340 6341 if (noack) 6342 txflags |= IEEE80211_RADIOTAP_F_TX_NOACK; 6343 WPA_PUT_LE16(&rtap_hdr[12], txflags); 6344 6345 res = sendmsg(drv->monitor_sock, &msg, 0); 6346 if (res < 0) { 6347 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno)); 6348 return -1; 6349 } 6350 return 0; 6351} 6352 6353 6354static int wpa_driver_nl80211_send_frame(struct i802_bss *bss, 6355 const void *data, size_t len, 6356 int encrypt, int noack, 6357 unsigned int freq, int no_cck, 6358 int offchanok, unsigned int wait_time) 6359{ 6360 struct wpa_driver_nl80211_data *drv = bss->drv; 6361 u64 cookie; 6362 int res; 6363 6364 if (freq == 0) { 6365 wpa_printf(MSG_DEBUG, "nl80211: send_frame - Use bss->freq=%u", 6366 bss->freq); 6367 freq = bss->freq; 6368 } 6369 6370 if (drv->use_monitor) { 6371 wpa_printf(MSG_DEBUG, "nl80211: send_frame(freq=%u bss->freq=%u) -> send_mntr", 6372 freq, bss->freq); 6373 return wpa_driver_nl80211_send_mntr(drv, data, len, 6374 encrypt, noack); 6375 } 6376 6377 wpa_printf(MSG_DEBUG, "nl80211: send_frame -> send_frame_cmd"); 6378 res = nl80211_send_frame_cmd(bss, freq, wait_time, data, len, 6379 &cookie, no_cck, noack, offchanok); 6380 if (res == 0 && !noack) { 6381 const struct ieee80211_mgmt *mgmt; 6382 u16 fc; 6383 6384 mgmt = (const struct ieee80211_mgmt *) data; 6385 fc = le_to_host16(mgmt->frame_control); 6386 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6387 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION) { 6388 wpa_printf(MSG_MSGDUMP, 6389 "nl80211: Update send_action_cookie from 0x%llx to 0x%llx", 6390 (long long unsigned int) 6391 drv->send_action_cookie, 6392 (long long unsigned int) cookie); 6393 drv->send_action_cookie = cookie; 6394 } 6395 } 6396 6397 return res; 6398} 6399 6400 6401static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data, 6402 size_t data_len, int noack, 6403 unsigned int freq, int no_cck, 6404 int offchanok, 6405 unsigned int wait_time) 6406{ 6407 struct wpa_driver_nl80211_data *drv = bss->drv; 6408 struct ieee80211_mgmt *mgmt; 6409 int encrypt = 1; 6410 u16 fc; 6411 6412 mgmt = (struct ieee80211_mgmt *) data; 6413 fc = le_to_host16(mgmt->frame_control); 6414 wpa_printf(MSG_DEBUG, "nl80211: send_mlme - noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u fc=0x%x nlmode=%d", 6415 noack, freq, no_cck, offchanok, wait_time, fc, drv->nlmode); 6416 6417 if ((is_sta_interface(drv->nlmode) || 6418 drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) && 6419 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6420 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) { 6421 /* 6422 * The use of last_mgmt_freq is a bit of a hack, 6423 * but it works due to the single-threaded nature 6424 * of wpa_supplicant. 6425 */ 6426 if (freq == 0) { 6427 wpa_printf(MSG_DEBUG, "nl80211: Use last_mgmt_freq=%d", 6428 drv->last_mgmt_freq); 6429 freq = drv->last_mgmt_freq; 6430 } 6431 return nl80211_send_frame_cmd(bss, freq, 0, 6432 data, data_len, NULL, 1, noack, 6433 1); 6434 } 6435 6436 if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) { 6437 if (freq == 0) { 6438 wpa_printf(MSG_DEBUG, "nl80211: Use bss->freq=%d", 6439 bss->freq); 6440 freq = bss->freq; 6441 } 6442 return nl80211_send_frame_cmd(bss, freq, 6443 (int) freq == bss->freq ? 0 : 6444 wait_time, 6445 data, data_len, 6446 &drv->send_action_cookie, 6447 no_cck, noack, offchanok); 6448 } 6449 6450 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6451 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 6452 /* 6453 * Only one of the authentication frame types is encrypted. 6454 * In order for static WEP encryption to work properly (i.e., 6455 * to not encrypt the frame), we need to tell mac80211 about 6456 * the frames that must not be encrypted. 6457 */ 6458 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 6459 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 6460 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 6461 encrypt = 0; 6462 } 6463 6464 wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame"); 6465 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 6466 noack, freq, no_cck, offchanok, 6467 wait_time); 6468} 6469 6470 6471static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble, 6472 int slot, int ht_opmode, int ap_isolate, 6473 int *basic_rates) 6474{ 6475 struct wpa_driver_nl80211_data *drv = bss->drv; 6476 struct nl_msg *msg; 6477 6478 msg = nlmsg_alloc(); 6479 if (!msg) 6480 return -ENOMEM; 6481 6482 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS); 6483 6484 if (cts >= 0) 6485 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 6486 if (preamble >= 0) 6487 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 6488 if (slot >= 0) 6489 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 6490 if (ht_opmode >= 0) 6491 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode); 6492 if (ap_isolate >= 0) 6493 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate); 6494 6495 if (basic_rates) { 6496 u8 rates[NL80211_MAX_SUPP_RATES]; 6497 u8 rates_len = 0; 6498 int i; 6499 6500 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; 6501 i++) 6502 rates[rates_len++] = basic_rates[i] / 5; 6503 6504 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 6505 } 6506 6507 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 6508 6509 return send_and_recv_msgs(drv, msg, NULL, NULL); 6510 nla_put_failure: 6511 nlmsg_free(msg); 6512 return -ENOBUFS; 6513} 6514 6515 6516static int wpa_driver_nl80211_set_acl(void *priv, 6517 struct hostapd_acl_params *params) 6518{ 6519 struct i802_bss *bss = priv; 6520 struct wpa_driver_nl80211_data *drv = bss->drv; 6521 struct nl_msg *msg; 6522 struct nlattr *acl; 6523 unsigned int i; 6524 int ret = 0; 6525 6526 if (!(drv->capa.max_acl_mac_addrs)) 6527 return -ENOTSUP; 6528 6529 if (params->num_mac_acl > drv->capa.max_acl_mac_addrs) 6530 return -ENOTSUP; 6531 6532 msg = nlmsg_alloc(); 6533 if (!msg) 6534 return -ENOMEM; 6535 6536 wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)", 6537 params->acl_policy ? "Accept" : "Deny", params->num_mac_acl); 6538 6539 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_MAC_ACL); 6540 6541 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6542 6543 NLA_PUT_U32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ? 6544 NL80211_ACL_POLICY_DENY_UNLESS_LISTED : 6545 NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED); 6546 6547 acl = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS); 6548 if (acl == NULL) 6549 goto nla_put_failure; 6550 6551 for (i = 0; i < params->num_mac_acl; i++) 6552 NLA_PUT(msg, i + 1, ETH_ALEN, params->mac_acl[i].addr); 6553 6554 nla_nest_end(msg, acl); 6555 6556 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6557 msg = NULL; 6558 if (ret) { 6559 wpa_printf(MSG_DEBUG, "nl80211: Failed to set MAC ACL: %d (%s)", 6560 ret, strerror(-ret)); 6561 } 6562 6563nla_put_failure: 6564 nlmsg_free(msg); 6565 6566 return ret; 6567} 6568 6569 6570static int wpa_driver_nl80211_set_ap(void *priv, 6571 struct wpa_driver_ap_params *params) 6572{ 6573 struct i802_bss *bss = priv; 6574 struct wpa_driver_nl80211_data *drv = bss->drv; 6575 struct nl_msg *msg; 6576 u8 cmd = NL80211_CMD_NEW_BEACON; 6577 int ret; 6578 int beacon_set; 6579 int ifindex = if_nametoindex(bss->ifname); 6580 int num_suites; 6581 u32 suites[10]; 6582 u32 ver; 6583 6584 beacon_set = bss->beacon_set; 6585 6586 msg = nlmsg_alloc(); 6587 if (!msg) 6588 return -ENOMEM; 6589 6590 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 6591 beacon_set); 6592 if (beacon_set) 6593 cmd = NL80211_CMD_SET_BEACON; 6594 6595 nl80211_cmd(drv, msg, 0, cmd); 6596 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon head", 6597 params->head, params->head_len); 6598 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head); 6599 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon tail", 6600 params->tail, params->tail_len); 6601 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail); 6602 wpa_printf(MSG_DEBUG, "nl80211: ifindex=%d", ifindex); 6603 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 6604 wpa_printf(MSG_DEBUG, "nl80211: beacon_int=%d", params->beacon_int); 6605 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int); 6606 wpa_printf(MSG_DEBUG, "nl80211: dtim_period=%d", params->dtim_period); 6607 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period); 6608 wpa_hexdump_ascii(MSG_DEBUG, "nl80211: ssid", 6609 params->ssid, params->ssid_len); 6610 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 6611 params->ssid); 6612 if (params->proberesp && params->proberesp_len) { 6613 wpa_hexdump(MSG_DEBUG, "nl80211: proberesp (offload)", 6614 params->proberesp, params->proberesp_len); 6615 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len, 6616 params->proberesp); 6617 } 6618 switch (params->hide_ssid) { 6619 case NO_SSID_HIDING: 6620 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID not in use"); 6621 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 6622 NL80211_HIDDEN_SSID_NOT_IN_USE); 6623 break; 6624 case HIDDEN_SSID_ZERO_LEN: 6625 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero len"); 6626 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 6627 NL80211_HIDDEN_SSID_ZERO_LEN); 6628 break; 6629 case HIDDEN_SSID_ZERO_CONTENTS: 6630 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero contents"); 6631 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID, 6632 NL80211_HIDDEN_SSID_ZERO_CONTENTS); 6633 break; 6634 } 6635 wpa_printf(MSG_DEBUG, "nl80211: privacy=%d", params->privacy); 6636 if (params->privacy) 6637 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 6638 wpa_printf(MSG_DEBUG, "nl80211: auth_algs=0x%x", params->auth_algs); 6639 if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) == 6640 (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) { 6641 /* Leave out the attribute */ 6642 } else if (params->auth_algs & WPA_AUTH_ALG_SHARED) 6643 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 6644 NL80211_AUTHTYPE_SHARED_KEY); 6645 else 6646 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, 6647 NL80211_AUTHTYPE_OPEN_SYSTEM); 6648 6649 wpa_printf(MSG_DEBUG, "nl80211: wpa_version=0x%x", params->wpa_version); 6650 ver = 0; 6651 if (params->wpa_version & WPA_PROTO_WPA) 6652 ver |= NL80211_WPA_VERSION_1; 6653 if (params->wpa_version & WPA_PROTO_RSN) 6654 ver |= NL80211_WPA_VERSION_2; 6655 if (ver) 6656 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 6657 6658 wpa_printf(MSG_DEBUG, "nl80211: key_mgmt_suites=0x%x", 6659 params->key_mgmt_suites); 6660 num_suites = 0; 6661 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X) 6662 suites[num_suites++] = WLAN_AKM_SUITE_8021X; 6663 if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK) 6664 suites[num_suites++] = WLAN_AKM_SUITE_PSK; 6665 if (num_suites) { 6666 NLA_PUT(msg, NL80211_ATTR_AKM_SUITES, 6667 num_suites * sizeof(u32), suites); 6668 } 6669 6670 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X && 6671 params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)) 6672 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT); 6673 6674 wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x", 6675 params->pairwise_ciphers); 6676 num_suites = 0; 6677 if (params->pairwise_ciphers & WPA_CIPHER_CCMP) 6678 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP; 6679 if (params->pairwise_ciphers & WPA_CIPHER_GCMP) 6680 suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP; 6681 if (params->pairwise_ciphers & WPA_CIPHER_TKIP) 6682 suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP; 6683 if (params->pairwise_ciphers & WPA_CIPHER_WEP104) 6684 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104; 6685 if (params->pairwise_ciphers & WPA_CIPHER_WEP40) 6686 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40; 6687 if (num_suites) { 6688 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, 6689 num_suites * sizeof(u32), suites); 6690 } 6691 6692 wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x", 6693 params->group_cipher); 6694 switch (params->group_cipher) { 6695 case WPA_CIPHER_CCMP: 6696 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, 6697 WLAN_CIPHER_SUITE_CCMP); 6698 break; 6699 case WPA_CIPHER_GCMP: 6700 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, 6701 WLAN_CIPHER_SUITE_GCMP); 6702 break; 6703 case WPA_CIPHER_TKIP: 6704 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, 6705 WLAN_CIPHER_SUITE_TKIP); 6706 break; 6707 case WPA_CIPHER_WEP104: 6708 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, 6709 WLAN_CIPHER_SUITE_WEP104); 6710 break; 6711 case WPA_CIPHER_WEP40: 6712 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, 6713 WLAN_CIPHER_SUITE_WEP40); 6714 break; 6715 } 6716 6717 if (params->beacon_ies) { 6718 wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies", 6719 params->beacon_ies); 6720 NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies), 6721 wpabuf_head(params->beacon_ies)); 6722 } 6723 if (params->proberesp_ies) { 6724 wpa_hexdump_buf(MSG_DEBUG, "nl80211: proberesp_ies", 6725 params->proberesp_ies); 6726 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP, 6727 wpabuf_len(params->proberesp_ies), 6728 wpabuf_head(params->proberesp_ies)); 6729 } 6730 if (params->assocresp_ies) { 6731 wpa_hexdump_buf(MSG_DEBUG, "nl80211: assocresp_ies", 6732 params->assocresp_ies); 6733 NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP, 6734 wpabuf_len(params->assocresp_ies), 6735 wpabuf_head(params->assocresp_ies)); 6736 } 6737 6738 if (drv->capa.flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER) { 6739 wpa_printf(MSG_DEBUG, "nl80211: ap_max_inactivity=%d", 6740 params->ap_max_inactivity); 6741 NLA_PUT_U16(msg, NL80211_ATTR_INACTIVITY_TIMEOUT, 6742 params->ap_max_inactivity); 6743 } 6744 6745 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6746 if (ret) { 6747 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 6748 ret, strerror(-ret)); 6749 } else { 6750 bss->beacon_set = 1; 6751 nl80211_set_bss(bss, params->cts_protect, params->preamble, 6752 params->short_slot_time, params->ht_opmode, 6753 params->isolate, params->basic_rates); 6754 } 6755 return ret; 6756 nla_put_failure: 6757 nlmsg_free(msg); 6758 return -ENOBUFS; 6759} 6760 6761 6762static int wpa_driver_nl80211_set_freq(struct i802_bss *bss, 6763 struct hostapd_freq_params *freq) 6764{ 6765 struct wpa_driver_nl80211_data *drv = bss->drv; 6766 struct nl_msg *msg; 6767 int ret; 6768 6769 wpa_printf(MSG_DEBUG, "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d," 6770 " bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)", 6771 freq->freq, freq->ht_enabled, freq->vht_enabled, 6772 freq->bandwidth, freq->center_freq1, freq->center_freq2); 6773 msg = nlmsg_alloc(); 6774 if (!msg) 6775 return -1; 6776 6777 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 6778 6779 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 6780 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq); 6781 if (freq->vht_enabled) { 6782 switch (freq->bandwidth) { 6783 case 20: 6784 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 6785 NL80211_CHAN_WIDTH_20); 6786 break; 6787 case 40: 6788 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 6789 NL80211_CHAN_WIDTH_40); 6790 break; 6791 case 80: 6792 if (freq->center_freq2) 6793 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 6794 NL80211_CHAN_WIDTH_80P80); 6795 else 6796 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 6797 NL80211_CHAN_WIDTH_80); 6798 break; 6799 case 160: 6800 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 6801 NL80211_CHAN_WIDTH_160); 6802 break; 6803 default: 6804 return -1; 6805 } 6806 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1); 6807 if (freq->center_freq2) 6808 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2, 6809 freq->center_freq2); 6810 } else if (freq->ht_enabled) { 6811 switch (freq->sec_channel_offset) { 6812 case -1: 6813 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 6814 NL80211_CHAN_HT40MINUS); 6815 break; 6816 case 1: 6817 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 6818 NL80211_CHAN_HT40PLUS); 6819 break; 6820 default: 6821 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 6822 NL80211_CHAN_HT20); 6823 break; 6824 } 6825 } 6826 6827 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6828 msg = NULL; 6829 if (ret == 0) { 6830 bss->freq = freq->freq; 6831 return 0; 6832 } 6833 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 6834 "%d (%s)", freq->freq, ret, strerror(-ret)); 6835nla_put_failure: 6836 nlmsg_free(msg); 6837 return -1; 6838} 6839 6840 6841static u32 sta_flags_nl80211(int flags) 6842{ 6843 u32 f = 0; 6844 6845 if (flags & WPA_STA_AUTHORIZED) 6846 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 6847 if (flags & WPA_STA_WMM) 6848 f |= BIT(NL80211_STA_FLAG_WME); 6849 if (flags & WPA_STA_SHORT_PREAMBLE) 6850 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 6851 if (flags & WPA_STA_MFP) 6852 f |= BIT(NL80211_STA_FLAG_MFP); 6853 if (flags & WPA_STA_TDLS_PEER) 6854 f |= BIT(NL80211_STA_FLAG_TDLS_PEER); 6855 6856 return f; 6857} 6858 6859 6860static int wpa_driver_nl80211_sta_add(void *priv, 6861 struct hostapd_sta_add_params *params) 6862{ 6863 struct i802_bss *bss = priv; 6864 struct wpa_driver_nl80211_data *drv = bss->drv; 6865 struct nl_msg *msg; 6866 struct nl80211_sta_flag_update upd; 6867 int ret = -ENOBUFS; 6868 6869 if ((params->flags & WPA_STA_TDLS_PEER) && 6870 !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 6871 return -EOPNOTSUPP; 6872 6873 msg = nlmsg_alloc(); 6874 if (!msg) 6875 return -ENOMEM; 6876 6877 wpa_printf(MSG_DEBUG, "nl80211: %s STA " MACSTR, 6878 params->set ? "Set" : "Add", MAC2STR(params->addr)); 6879 nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION : 6880 NL80211_CMD_NEW_STATION); 6881 6882 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 6883 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 6884 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 6885 params->supp_rates); 6886 wpa_hexdump(MSG_DEBUG, " * supported rates", params->supp_rates, 6887 params->supp_rates_len); 6888 if (!params->set) { 6889 if (params->aid) { 6890 wpa_printf(MSG_DEBUG, " * aid=%u", params->aid); 6891 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 6892 } else { 6893 /* 6894 * cfg80211 validates that AID is non-zero, so we have 6895 * to make this a non-zero value for the TDLS case where 6896 * a dummy STA entry is used for now. 6897 */ 6898 wpa_printf(MSG_DEBUG, " * aid=1 (TDLS workaround)"); 6899 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, 1); 6900 } 6901 wpa_printf(MSG_DEBUG, " * listen_interval=%u", 6902 params->listen_interval); 6903 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 6904 params->listen_interval); 6905 } else if (params->aid && (params->flags & WPA_STA_TDLS_PEER)) { 6906 wpa_printf(MSG_DEBUG, " * peer_aid=%u", params->aid); 6907 NLA_PUT_U16(msg, NL80211_ATTR_PEER_AID, params->aid); 6908 } 6909 if (params->ht_capabilities) { 6910 wpa_hexdump(MSG_DEBUG, " * ht_capabilities", 6911 (u8 *) params->ht_capabilities, 6912 sizeof(*params->ht_capabilities)); 6913 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 6914 sizeof(*params->ht_capabilities), 6915 params->ht_capabilities); 6916 } 6917 6918 if (params->vht_capabilities) { 6919 wpa_hexdump(MSG_DEBUG, " * vht_capabilities", 6920 (u8 *) params->vht_capabilities, 6921 sizeof(*params->vht_capabilities)); 6922 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, 6923 sizeof(*params->vht_capabilities), 6924 params->vht_capabilities); 6925 } 6926 6927 wpa_printf(MSG_DEBUG, " * capability=0x%x", params->capability); 6928 NLA_PUT_U16(msg, NL80211_ATTR_STA_CAPABILITY, params->capability); 6929 6930 if (params->ext_capab) { 6931 wpa_hexdump(MSG_DEBUG, " * ext_capab", 6932 params->ext_capab, params->ext_capab_len); 6933 NLA_PUT(msg, NL80211_ATTR_STA_EXT_CAPABILITY, 6934 params->ext_capab_len, params->ext_capab); 6935 } 6936 6937 os_memset(&upd, 0, sizeof(upd)); 6938 upd.mask = sta_flags_nl80211(params->flags); 6939 upd.set = upd.mask; 6940 wpa_printf(MSG_DEBUG, " * flags set=0x%x mask=0x%x", 6941 upd.set, upd.mask); 6942 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 6943 6944 if (params->flags & WPA_STA_WMM) { 6945 struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME); 6946 6947 if (!wme) 6948 goto nla_put_failure; 6949 6950 wpa_printf(MSG_DEBUG, " * qosinfo=0x%x", params->qosinfo); 6951 NLA_PUT_U8(msg, NL80211_STA_WME_UAPSD_QUEUES, 6952 params->qosinfo & WMM_QOSINFO_STA_AC_MASK); 6953 NLA_PUT_U8(msg, NL80211_STA_WME_MAX_SP, 6954 (params->qosinfo >> WMM_QOSINFO_STA_SP_SHIFT) & 6955 WMM_QOSINFO_STA_SP_MASK); 6956 nla_nest_end(msg, wme); 6957 } 6958 6959 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6960 msg = NULL; 6961 if (ret) 6962 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION " 6963 "result: %d (%s)", params->set ? "SET" : "NEW", ret, 6964 strerror(-ret)); 6965 if (ret == -EEXIST) 6966 ret = 0; 6967 nla_put_failure: 6968 nlmsg_free(msg); 6969 return ret; 6970} 6971 6972 6973static int wpa_driver_nl80211_sta_remove(struct i802_bss *bss, const u8 *addr) 6974{ 6975 struct wpa_driver_nl80211_data *drv = bss->drv; 6976 struct nl_msg *msg; 6977 int ret; 6978 6979 msg = nlmsg_alloc(); 6980 if (!msg) 6981 return -ENOMEM; 6982 6983 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 6984 6985 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 6986 if_nametoindex(bss->ifname)); 6987 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 6988 6989 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 6990 wpa_printf(MSG_DEBUG, "nl80211: sta_remove -> DEL_STATION %s " MACSTR 6991 " --> %d (%s)", 6992 bss->ifname, MAC2STR(addr), ret, strerror(-ret)); 6993 if (ret == -ENOENT) 6994 return 0; 6995 return ret; 6996 nla_put_failure: 6997 nlmsg_free(msg); 6998 return -ENOBUFS; 6999} 7000 7001 7002static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 7003 int ifidx) 7004{ 7005 struct nl_msg *msg; 7006 7007 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 7008 7009 /* stop listening for EAPOL on this interface */ 7010 del_ifidx(drv, ifidx); 7011 7012 msg = nlmsg_alloc(); 7013 if (!msg) 7014 goto nla_put_failure; 7015 7016 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE); 7017 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 7018 7019 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 7020 return; 7021 msg = NULL; 7022 nla_put_failure: 7023 nlmsg_free(msg); 7024 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 7025} 7026 7027 7028static const char * nl80211_iftype_str(enum nl80211_iftype mode) 7029{ 7030 switch (mode) { 7031 case NL80211_IFTYPE_ADHOC: 7032 return "ADHOC"; 7033 case NL80211_IFTYPE_STATION: 7034 return "STATION"; 7035 case NL80211_IFTYPE_AP: 7036 return "AP"; 7037 case NL80211_IFTYPE_AP_VLAN: 7038 return "AP_VLAN"; 7039 case NL80211_IFTYPE_WDS: 7040 return "WDS"; 7041 case NL80211_IFTYPE_MONITOR: 7042 return "MONITOR"; 7043 case NL80211_IFTYPE_MESH_POINT: 7044 return "MESH_POINT"; 7045 case NL80211_IFTYPE_P2P_CLIENT: 7046 return "P2P_CLIENT"; 7047 case NL80211_IFTYPE_P2P_GO: 7048 return "P2P_GO"; 7049 case NL80211_IFTYPE_P2P_DEVICE: 7050 return "P2P_DEVICE"; 7051 default: 7052 return "unknown"; 7053 } 7054} 7055 7056 7057static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 7058 const char *ifname, 7059 enum nl80211_iftype iftype, 7060 const u8 *addr, int wds, 7061 int (*handler)(struct nl_msg *, void *), 7062 void *arg) 7063{ 7064 struct nl_msg *msg; 7065 int ifidx; 7066 int ret = -ENOBUFS; 7067 7068 wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)", 7069 iftype, nl80211_iftype_str(iftype)); 7070 7071 msg = nlmsg_alloc(); 7072 if (!msg) 7073 return -1; 7074 7075 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE); 7076 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 7077 goto nla_put_failure; 7078 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 7079 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 7080 7081 if (iftype == NL80211_IFTYPE_MONITOR) { 7082 struct nlattr *flags; 7083 7084 flags = nla_nest_start(msg, NL80211_ATTR_MNTR_FLAGS); 7085 if (!flags) 7086 goto nla_put_failure; 7087 7088 NLA_PUT_FLAG(msg, NL80211_MNTR_FLAG_COOK_FRAMES); 7089 7090 nla_nest_end(msg, flags); 7091 } else if (wds) { 7092 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 7093 } 7094 7095 ret = send_and_recv_msgs(drv, msg, handler, arg); 7096 msg = NULL; 7097 if (ret) { 7098 nla_put_failure: 7099 nlmsg_free(msg); 7100 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 7101 ifname, ret, strerror(-ret)); 7102 return ret; 7103 } 7104 7105 if (iftype == NL80211_IFTYPE_P2P_DEVICE) 7106 return 0; 7107 7108 ifidx = if_nametoindex(ifname); 7109 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 7110 ifname, ifidx); 7111 7112 if (ifidx <= 0) 7113 return -1; 7114 7115 /* start listening for EAPOL on this interface */ 7116 add_ifidx(drv, ifidx); 7117 7118 if (addr && iftype != NL80211_IFTYPE_MONITOR && 7119 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) { 7120 nl80211_remove_iface(drv, ifidx); 7121 return -1; 7122 } 7123 7124 return ifidx; 7125} 7126 7127 7128static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 7129 const char *ifname, enum nl80211_iftype iftype, 7130 const u8 *addr, int wds, 7131 int (*handler)(struct nl_msg *, void *), 7132 void *arg, int use_existing) 7133{ 7134 int ret; 7135 7136 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds, handler, 7137 arg); 7138 7139 /* if error occurred and interface exists already */ 7140 if (ret == -ENFILE && if_nametoindex(ifname)) { 7141 if (use_existing) { 7142 wpa_printf(MSG_DEBUG, "nl80211: Continue using existing interface %s", 7143 ifname); 7144 return -ENFILE; 7145 } 7146 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 7147 7148 /* Try to remove the interface that was already there. */ 7149 nl80211_remove_iface(drv, if_nametoindex(ifname)); 7150 7151 /* Try to create the interface again */ 7152 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 7153 wds, handler, arg); 7154 } 7155 7156 if (ret >= 0 && is_p2p_net_interface(iftype)) 7157 nl80211_disable_11b_rates(drv, ret, 1); 7158 7159 return ret; 7160} 7161 7162 7163static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 7164{ 7165 struct ieee80211_hdr *hdr; 7166 u16 fc; 7167 union wpa_event_data event; 7168 7169 hdr = (struct ieee80211_hdr *) buf; 7170 fc = le_to_host16(hdr->frame_control); 7171 7172 os_memset(&event, 0, sizeof(event)); 7173 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 7174 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 7175 event.tx_status.dst = hdr->addr1; 7176 event.tx_status.data = buf; 7177 event.tx_status.data_len = len; 7178 event.tx_status.ack = ok; 7179 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 7180} 7181 7182 7183static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 7184 u8 *buf, size_t len) 7185{ 7186 struct ieee80211_hdr *hdr = (void *)buf; 7187 u16 fc; 7188 union wpa_event_data event; 7189 7190 if (len < sizeof(*hdr)) 7191 return; 7192 7193 fc = le_to_host16(hdr->frame_control); 7194 7195 os_memset(&event, 0, sizeof(event)); 7196 event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len); 7197 event.rx_from_unknown.addr = hdr->addr2; 7198 event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) == 7199 (WLAN_FC_FROMDS | WLAN_FC_TODS); 7200 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 7201} 7202 7203 7204static void handle_frame(struct wpa_driver_nl80211_data *drv, 7205 u8 *buf, size_t len, int datarate, int ssi_signal) 7206{ 7207 struct ieee80211_hdr *hdr; 7208 u16 fc; 7209 union wpa_event_data event; 7210 7211 hdr = (struct ieee80211_hdr *) buf; 7212 fc = le_to_host16(hdr->frame_control); 7213 7214 switch (WLAN_FC_GET_TYPE(fc)) { 7215 case WLAN_FC_TYPE_MGMT: 7216 os_memset(&event, 0, sizeof(event)); 7217 event.rx_mgmt.frame = buf; 7218 event.rx_mgmt.frame_len = len; 7219 event.rx_mgmt.datarate = datarate; 7220 event.rx_mgmt.ssi_signal = ssi_signal; 7221 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 7222 break; 7223 case WLAN_FC_TYPE_CTRL: 7224 /* can only get here with PS-Poll frames */ 7225 wpa_printf(MSG_DEBUG, "CTRL"); 7226 from_unknown_sta(drv, buf, len); 7227 break; 7228 case WLAN_FC_TYPE_DATA: 7229 from_unknown_sta(drv, buf, len); 7230 break; 7231 } 7232} 7233 7234 7235static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 7236{ 7237 struct wpa_driver_nl80211_data *drv = eloop_ctx; 7238 int len; 7239 unsigned char buf[3000]; 7240 struct ieee80211_radiotap_iterator iter; 7241 int ret; 7242 int datarate = 0, ssi_signal = 0; 7243 int injected = 0, failed = 0, rxflags = 0; 7244 7245 len = recv(sock, buf, sizeof(buf), 0); 7246 if (len < 0) { 7247 wpa_printf(MSG_ERROR, "nl80211: Monitor socket recv failed: %s", 7248 strerror(errno)); 7249 return; 7250 } 7251 7252 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) { 7253 wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame"); 7254 return; 7255 } 7256 7257 while (1) { 7258 ret = ieee80211_radiotap_iterator_next(&iter); 7259 if (ret == -ENOENT) 7260 break; 7261 if (ret) { 7262 wpa_printf(MSG_INFO, "nl80211: received invalid radiotap frame (%d)", 7263 ret); 7264 return; 7265 } 7266 switch (iter.this_arg_index) { 7267 case IEEE80211_RADIOTAP_FLAGS: 7268 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 7269 len -= 4; 7270 break; 7271 case IEEE80211_RADIOTAP_RX_FLAGS: 7272 rxflags = 1; 7273 break; 7274 case IEEE80211_RADIOTAP_TX_FLAGS: 7275 injected = 1; 7276 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 7277 IEEE80211_RADIOTAP_F_TX_FAIL; 7278 break; 7279 case IEEE80211_RADIOTAP_DATA_RETRIES: 7280 break; 7281 case IEEE80211_RADIOTAP_CHANNEL: 7282 /* TODO: convert from freq/flags to channel number */ 7283 break; 7284 case IEEE80211_RADIOTAP_RATE: 7285 datarate = *iter.this_arg * 5; 7286 break; 7287 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: 7288 ssi_signal = (s8) *iter.this_arg; 7289 break; 7290 } 7291 } 7292 7293 if (rxflags && injected) 7294 return; 7295 7296 if (!injected) 7297 handle_frame(drv, buf + iter.max_length, 7298 len - iter.max_length, datarate, ssi_signal); 7299 else 7300 handle_tx_callback(drv->ctx, buf + iter.max_length, 7301 len - iter.max_length, !failed); 7302} 7303 7304 7305/* 7306 * we post-process the filter code later and rewrite 7307 * this to the offset to the last instruction 7308 */ 7309#define PASS 0xFF 7310#define FAIL 0xFE 7311 7312static struct sock_filter msock_filter_insns[] = { 7313 /* 7314 * do a little-endian load of the radiotap length field 7315 */ 7316 /* load lower byte into A */ 7317 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 7318 /* put it into X (== index register) */ 7319 BPF_STMT(BPF_MISC| BPF_TAX, 0), 7320 /* load upper byte into A */ 7321 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 7322 /* left-shift it by 8 */ 7323 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 7324 /* or with X */ 7325 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 7326 /* put result into X */ 7327 BPF_STMT(BPF_MISC| BPF_TAX, 0), 7328 7329 /* 7330 * Allow management frames through, this also gives us those 7331 * management frames that we sent ourselves with status 7332 */ 7333 /* load the lower byte of the IEEE 802.11 frame control field */ 7334 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7335 /* mask off frame type and version */ 7336 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 7337 /* accept frame if it's both 0, fall through otherwise */ 7338 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 7339 7340 /* 7341 * TODO: add a bit to radiotap RX flags that indicates 7342 * that the sending station is not associated, then 7343 * add a filter here that filters on our DA and that flag 7344 * to allow us to deauth frames to that bad station. 7345 * 7346 * For now allow all To DS data frames through. 7347 */ 7348 /* load the IEEE 802.11 frame control field */ 7349 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0), 7350 /* mask off frame type, version and DS status */ 7351 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03), 7352 /* accept frame if version 0, type 2 and To DS, fall through otherwise 7353 */ 7354 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0), 7355 7356#if 0 7357 /* 7358 * drop non-data frames 7359 */ 7360 /* load the lower byte of the frame control field */ 7361 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7362 /* mask off QoS bit */ 7363 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 7364 /* drop non-data frames */ 7365 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 7366#endif 7367 /* load the upper byte of the frame control field */ 7368 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 7369 /* mask off toDS/fromDS */ 7370 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 7371 /* accept WDS frames */ 7372 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 7373 7374 /* 7375 * add header length to index 7376 */ 7377 /* load the lower byte of the frame control field */ 7378 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 7379 /* mask off QoS bit */ 7380 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 7381 /* right shift it by 6 to give 0 or 2 */ 7382 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 7383 /* add data frame header length */ 7384 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 7385 /* add index, was start of 802.11 header */ 7386 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 7387 /* move to index, now start of LL header */ 7388 BPF_STMT(BPF_MISC | BPF_TAX, 0), 7389 7390 /* 7391 * Accept empty data frames, we use those for 7392 * polling activity. 7393 */ 7394 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 7395 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 7396 7397 /* 7398 * Accept EAPOL frames 7399 */ 7400 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 7401 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 7402 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 7403 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 7404 7405 /* keep these last two statements or change the code below */ 7406 /* return 0 == "DROP" */ 7407 BPF_STMT(BPF_RET | BPF_K, 0), 7408 /* return ~0 == "keep all" */ 7409 BPF_STMT(BPF_RET | BPF_K, ~0), 7410}; 7411 7412static struct sock_fprog msock_filter = { 7413 .len = ARRAY_SIZE(msock_filter_insns), 7414 .filter = msock_filter_insns, 7415}; 7416 7417 7418static int add_monitor_filter(int s) 7419{ 7420 int idx; 7421 7422 /* rewrite all PASS/FAIL jump offsets */ 7423 for (idx = 0; idx < msock_filter.len; idx++) { 7424 struct sock_filter *insn = &msock_filter_insns[idx]; 7425 7426 if (BPF_CLASS(insn->code) == BPF_JMP) { 7427 if (insn->code == (BPF_JMP|BPF_JA)) { 7428 if (insn->k == PASS) 7429 insn->k = msock_filter.len - idx - 2; 7430 else if (insn->k == FAIL) 7431 insn->k = msock_filter.len - idx - 3; 7432 } 7433 7434 if (insn->jt == PASS) 7435 insn->jt = msock_filter.len - idx - 2; 7436 else if (insn->jt == FAIL) 7437 insn->jt = msock_filter.len - idx - 3; 7438 7439 if (insn->jf == PASS) 7440 insn->jf = msock_filter.len - idx - 2; 7441 else if (insn->jf == FAIL) 7442 insn->jf = msock_filter.len - idx - 3; 7443 } 7444 } 7445 7446 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 7447 &msock_filter, sizeof(msock_filter))) { 7448 wpa_printf(MSG_ERROR, "nl80211: setsockopt(SO_ATTACH_FILTER) failed: %s", 7449 strerror(errno)); 7450 return -1; 7451 } 7452 7453 return 0; 7454} 7455 7456 7457static void nl80211_remove_monitor_interface( 7458 struct wpa_driver_nl80211_data *drv) 7459{ 7460 if (drv->monitor_refcount > 0) 7461 drv->monitor_refcount--; 7462 wpa_printf(MSG_DEBUG, "nl80211: Remove monitor interface: refcount=%d", 7463 drv->monitor_refcount); 7464 if (drv->monitor_refcount > 0) 7465 return; 7466 7467 if (drv->monitor_ifidx >= 0) { 7468 nl80211_remove_iface(drv, drv->monitor_ifidx); 7469 drv->monitor_ifidx = -1; 7470 } 7471 if (drv->monitor_sock >= 0) { 7472 eloop_unregister_read_sock(drv->monitor_sock); 7473 close(drv->monitor_sock); 7474 drv->monitor_sock = -1; 7475 } 7476} 7477 7478 7479static int 7480nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 7481{ 7482 char buf[IFNAMSIZ]; 7483 struct sockaddr_ll ll; 7484 int optval; 7485 socklen_t optlen; 7486 7487 if (drv->monitor_ifidx >= 0) { 7488 drv->monitor_refcount++; 7489 wpa_printf(MSG_DEBUG, "nl80211: Re-use existing monitor interface: refcount=%d", 7490 drv->monitor_refcount); 7491 return 0; 7492 } 7493 7494 if (os_strncmp(drv->first_bss->ifname, "p2p-", 4) == 0) { 7495 /* 7496 * P2P interface name is of the format p2p-%s-%d. For monitor 7497 * interface name corresponding to P2P GO, replace "p2p-" with 7498 * "mon-" to retain the same interface name length and to 7499 * indicate that it is a monitor interface. 7500 */ 7501 snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss->ifname + 4); 7502 } else { 7503 /* Non-P2P interface with AP functionality. */ 7504 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss->ifname); 7505 } 7506 7507 buf[IFNAMSIZ - 1] = '\0'; 7508 7509 drv->monitor_ifidx = 7510 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 7511 0, NULL, NULL, 0); 7512 7513 if (drv->monitor_ifidx == -EOPNOTSUPP) { 7514 /* 7515 * This is backward compatibility for a few versions of 7516 * the kernel only that didn't advertise the right 7517 * attributes for the only driver that then supported 7518 * AP mode w/o monitor -- ath6kl. 7519 */ 7520 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support " 7521 "monitor interface type - try to run without it"); 7522 drv->device_ap_sme = 1; 7523 } 7524 7525 if (drv->monitor_ifidx < 0) 7526 return -1; 7527 7528 if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1)) 7529 goto error; 7530 7531 memset(&ll, 0, sizeof(ll)); 7532 ll.sll_family = AF_PACKET; 7533 ll.sll_ifindex = drv->monitor_ifidx; 7534 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 7535 if (drv->monitor_sock < 0) { 7536 wpa_printf(MSG_ERROR, "nl80211: socket[PF_PACKET,SOCK_RAW] failed: %s", 7537 strerror(errno)); 7538 goto error; 7539 } 7540 7541 if (add_monitor_filter(drv->monitor_sock)) { 7542 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 7543 "interface; do filtering in user space"); 7544 /* This works, but will cost in performance. */ 7545 } 7546 7547 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 7548 wpa_printf(MSG_ERROR, "nl80211: monitor socket bind failed: %s", 7549 strerror(errno)); 7550 goto error; 7551 } 7552 7553 optlen = sizeof(optval); 7554 optval = 20; 7555 if (setsockopt 7556 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 7557 wpa_printf(MSG_ERROR, "nl80211: Failed to set socket priority: %s", 7558 strerror(errno)); 7559 goto error; 7560 } 7561 7562 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 7563 drv, NULL)) { 7564 wpa_printf(MSG_INFO, "nl80211: Could not register monitor read socket"); 7565 goto error; 7566 } 7567 7568 drv->monitor_refcount++; 7569 return 0; 7570 error: 7571 nl80211_remove_monitor_interface(drv); 7572 return -1; 7573} 7574 7575 7576static int nl80211_setup_ap(struct i802_bss *bss) 7577{ 7578 struct wpa_driver_nl80211_data *drv = bss->drv; 7579 7580 wpa_printf(MSG_DEBUG, "nl80211: Setup AP(%s) - device_ap_sme=%d use_monitor=%d", 7581 bss->ifname, drv->device_ap_sme, drv->use_monitor); 7582 7583 /* 7584 * Disable Probe Request reporting unless we need it in this way for 7585 * devices that include the AP SME, in the other case (unless using 7586 * monitor iface) we'll get it through the nl_mgmt socket instead. 7587 */ 7588 if (!drv->device_ap_sme) 7589 wpa_driver_nl80211_probe_req_report(bss, 0); 7590 7591 if (!drv->device_ap_sme && !drv->use_monitor) 7592 if (nl80211_mgmt_subscribe_ap(bss)) 7593 return -1; 7594 7595 if (drv->device_ap_sme && !drv->use_monitor) 7596 if (nl80211_mgmt_subscribe_ap_dev_sme(bss)) 7597 return -1; 7598 7599 if (!drv->device_ap_sme && drv->use_monitor && 7600 nl80211_create_monitor_interface(drv) && 7601 !drv->device_ap_sme) 7602 return -1; 7603 7604#ifdef ANDROID_P2P 7605 if (drv->device_ap_sme && drv->use_monitor) 7606 if (nl80211_mgmt_subscribe_ap_dev_sme(bss)) 7607 return -1; 7608 7609 if (drv->use_monitor && 7610 nl80211_create_monitor_interface(drv)) 7611 return -1; 7612#endif 7613 7614 if (drv->device_ap_sme && 7615 wpa_driver_nl80211_probe_req_report(bss, 1) < 0) { 7616 wpa_printf(MSG_DEBUG, "nl80211: Failed to enable " 7617 "Probe Request frame reporting in AP mode"); 7618 /* Try to survive without this */ 7619 } 7620 7621 return 0; 7622} 7623 7624 7625static void nl80211_teardown_ap(struct i802_bss *bss) 7626{ 7627 struct wpa_driver_nl80211_data *drv = bss->drv; 7628 7629 wpa_printf(MSG_DEBUG, "nl80211: Teardown AP(%s) - device_ap_sme=%d use_monitor=%d", 7630 bss->ifname, drv->device_ap_sme, drv->use_monitor); 7631 if (drv->device_ap_sme) { 7632 wpa_driver_nl80211_probe_req_report(bss, 0); 7633 if (!drv->use_monitor) 7634 nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)"); 7635 } else if (drv->use_monitor) 7636 nl80211_remove_monitor_interface(drv); 7637 else 7638 nl80211_mgmt_unsubscribe(bss, "AP teardown"); 7639 7640 bss->beacon_set = 0; 7641} 7642 7643 7644static int nl80211_send_eapol_data(struct i802_bss *bss, 7645 const u8 *addr, const u8 *data, 7646 size_t data_len) 7647{ 7648 struct sockaddr_ll ll; 7649 int ret; 7650 7651 if (bss->drv->eapol_tx_sock < 0) { 7652 wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL"); 7653 return -1; 7654 } 7655 7656 os_memset(&ll, 0, sizeof(ll)); 7657 ll.sll_family = AF_PACKET; 7658 ll.sll_ifindex = bss->ifindex; 7659 ll.sll_protocol = htons(ETH_P_PAE); 7660 ll.sll_halen = ETH_ALEN; 7661 os_memcpy(ll.sll_addr, addr, ETH_ALEN); 7662 ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0, 7663 (struct sockaddr *) &ll, sizeof(ll)); 7664 if (ret < 0) 7665 wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s", 7666 strerror(errno)); 7667 7668 return ret; 7669} 7670 7671 7672static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 7673 7674static int wpa_driver_nl80211_hapd_send_eapol( 7675 void *priv, const u8 *addr, const u8 *data, 7676 size_t data_len, int encrypt, const u8 *own_addr, u32 flags) 7677{ 7678 struct i802_bss *bss = priv; 7679 struct wpa_driver_nl80211_data *drv = bss->drv; 7680 struct ieee80211_hdr *hdr; 7681 size_t len; 7682 u8 *pos; 7683 int res; 7684 int qos = flags & WPA_STA_WMM; 7685#ifndef ANDROID_P2P 7686 if (drv->device_ap_sme || !drv->use_monitor) 7687#else 7688 if (drv->device_ap_sme && !drv->use_monitor) 7689#endif 7690 return nl80211_send_eapol_data(bss, addr, data, data_len); 7691 7692 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 7693 data_len; 7694 hdr = os_zalloc(len); 7695 if (hdr == NULL) { 7696 wpa_printf(MSG_INFO, "nl80211: Failed to allocate EAPOL buffer(len=%lu)", 7697 (unsigned long) len); 7698 return -1; 7699 } 7700 7701 hdr->frame_control = 7702 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 7703 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 7704 if (encrypt) 7705 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 7706 if (qos) { 7707 hdr->frame_control |= 7708 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 7709 } 7710 7711 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 7712 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 7713 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 7714 pos = (u8 *) (hdr + 1); 7715 7716 if (qos) { 7717 /* Set highest priority in QoS header */ 7718 pos[0] = 7; 7719 pos[1] = 0; 7720 pos += 2; 7721 } 7722 7723 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 7724 pos += sizeof(rfc1042_header); 7725 WPA_PUT_BE16(pos, ETH_P_PAE); 7726 pos += 2; 7727 memcpy(pos, data, data_len); 7728 7729 res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0, 7730 0, 0, 0, 0); 7731 if (res < 0) { 7732 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 7733 "failed: %d (%s)", 7734 (unsigned long) len, errno, strerror(errno)); 7735 } 7736 os_free(hdr); 7737 7738 return res; 7739} 7740 7741 7742static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 7743 int total_flags, 7744 int flags_or, int flags_and) 7745{ 7746 struct i802_bss *bss = priv; 7747 struct wpa_driver_nl80211_data *drv = bss->drv; 7748 struct nl_msg *msg; 7749 struct nlattr *flags; 7750 struct nl80211_sta_flag_update upd; 7751 7752 msg = nlmsg_alloc(); 7753 if (!msg) 7754 return -ENOMEM; 7755 7756 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 7757 7758 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 7759 if_nametoindex(bss->ifname)); 7760 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 7761 7762 /* 7763 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 7764 * can be removed eventually. 7765 */ 7766 flags = nla_nest_start(msg, NL80211_ATTR_STA_FLAGS); 7767 if (!flags) 7768 goto nla_put_failure; 7769 if (total_flags & WPA_STA_AUTHORIZED) 7770 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_AUTHORIZED); 7771 7772 if (total_flags & WPA_STA_WMM) 7773 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_WME); 7774 7775 if (total_flags & WPA_STA_SHORT_PREAMBLE) 7776 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_SHORT_PREAMBLE); 7777 7778 if (total_flags & WPA_STA_MFP) 7779 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_MFP); 7780 7781 if (total_flags & WPA_STA_TDLS_PEER) 7782 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_TDLS_PEER); 7783 7784 nla_nest_end(msg, flags); 7785 7786 os_memset(&upd, 0, sizeof(upd)); 7787 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 7788 upd.set = sta_flags_nl80211(flags_or); 7789 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 7790 7791 return send_and_recv_msgs(drv, msg, NULL, NULL); 7792 nla_put_failure: 7793 nlmsg_free(msg); 7794 return -ENOBUFS; 7795} 7796 7797 7798static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 7799 struct wpa_driver_associate_params *params) 7800{ 7801 enum nl80211_iftype nlmode, old_mode; 7802 struct hostapd_freq_params freq = { 7803 .freq = params->freq, 7804 }; 7805 7806 if (params->p2p) { 7807 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P " 7808 "group (GO)"); 7809 nlmode = NL80211_IFTYPE_P2P_GO; 7810 } else 7811 nlmode = NL80211_IFTYPE_AP; 7812 7813 old_mode = drv->nlmode; 7814 if (wpa_driver_nl80211_set_mode(drv->first_bss, nlmode)) { 7815 nl80211_remove_monitor_interface(drv); 7816 return -1; 7817 } 7818 7819 if (wpa_driver_nl80211_set_freq(drv->first_bss, &freq)) { 7820 if (old_mode != nlmode) 7821 wpa_driver_nl80211_set_mode(drv->first_bss, old_mode); 7822 nl80211_remove_monitor_interface(drv); 7823 return -1; 7824 } 7825 7826 return 0; 7827} 7828 7829 7830static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 7831{ 7832 struct nl_msg *msg; 7833 int ret = -1; 7834 7835 msg = nlmsg_alloc(); 7836 if (!msg) 7837 return -1; 7838 7839 nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS); 7840 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7841 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7842 msg = NULL; 7843 if (ret) { 7844 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 7845 "(%s)", ret, strerror(-ret)); 7846 goto nla_put_failure; 7847 } 7848 7849 ret = 0; 7850 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 7851 7852nla_put_failure: 7853 if (wpa_driver_nl80211_set_mode(drv->first_bss, 7854 NL80211_IFTYPE_STATION)) { 7855 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 7856 "station mode"); 7857 } 7858 7859 nlmsg_free(msg); 7860 return ret; 7861} 7862 7863 7864static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 7865 struct wpa_driver_associate_params *params) 7866{ 7867 struct nl_msg *msg; 7868 int ret = -1; 7869 int count = 0; 7870 7871 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 7872 7873 if (wpa_driver_nl80211_set_mode(drv->first_bss, 7874 NL80211_IFTYPE_ADHOC)) { 7875 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 7876 "IBSS mode"); 7877 return -1; 7878 } 7879 7880retry: 7881 msg = nlmsg_alloc(); 7882 if (!msg) 7883 return -1; 7884 7885 nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS); 7886 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7887 7888 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 7889 goto nla_put_failure; 7890 7891 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 7892 params->ssid, params->ssid_len); 7893 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 7894 params->ssid); 7895 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 7896 drv->ssid_len = params->ssid_len; 7897 7898 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 7899 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 7900 7901 ret = nl80211_set_conn_keys(params, msg); 7902 if (ret) 7903 goto nla_put_failure; 7904 7905 if (params->bssid && params->fixed_bssid) { 7906 wpa_printf(MSG_DEBUG, " * BSSID=" MACSTR, 7907 MAC2STR(params->bssid)); 7908 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 7909 } 7910 7911 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 7912 params->key_mgmt_suite == KEY_MGMT_PSK || 7913 params->key_mgmt_suite == KEY_MGMT_802_1X_SHA256 || 7914 params->key_mgmt_suite == KEY_MGMT_PSK_SHA256) { 7915 wpa_printf(MSG_DEBUG, " * control port"); 7916 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 7917 } 7918 7919 if (params->wpa_ie) { 7920 wpa_hexdump(MSG_DEBUG, 7921 " * Extra IEs for Beacon/Probe Response frames", 7922 params->wpa_ie, params->wpa_ie_len); 7923 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 7924 params->wpa_ie); 7925 } 7926 7927 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 7928 msg = NULL; 7929 if (ret) { 7930 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 7931 ret, strerror(-ret)); 7932 count++; 7933 if (ret == -EALREADY && count == 1) { 7934 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 7935 "forced leave"); 7936 nl80211_leave_ibss(drv); 7937 nlmsg_free(msg); 7938 goto retry; 7939 } 7940 7941 goto nla_put_failure; 7942 } 7943 ret = 0; 7944 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 7945 7946nla_put_failure: 7947 nlmsg_free(msg); 7948 return ret; 7949} 7950 7951 7952static int wpa_driver_nl80211_try_connect( 7953 struct wpa_driver_nl80211_data *drv, 7954 struct wpa_driver_associate_params *params) 7955{ 7956 struct nl_msg *msg; 7957 enum nl80211_auth_type type; 7958 int ret = 0; 7959 int algs; 7960 7961 msg = nlmsg_alloc(); 7962 if (!msg) 7963 return -1; 7964 7965 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 7966 nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT); 7967 7968 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 7969 if (params->bssid) { 7970 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 7971 MAC2STR(params->bssid)); 7972 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 7973 } 7974 if (params->freq) { 7975 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 7976 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 7977 drv->assoc_freq = params->freq; 7978 } else 7979 drv->assoc_freq = 0; 7980 if (params->bg_scan_period >= 0) { 7981 wpa_printf(MSG_DEBUG, " * bg scan period=%d", 7982 params->bg_scan_period); 7983 NLA_PUT_U16(msg, NL80211_ATTR_BG_SCAN_PERIOD, 7984 params->bg_scan_period); 7985 } 7986 if (params->ssid) { 7987 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 7988 params->ssid, params->ssid_len); 7989 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 7990 params->ssid); 7991 if (params->ssid_len > sizeof(drv->ssid)) 7992 goto nla_put_failure; 7993 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 7994 drv->ssid_len = params->ssid_len; 7995 } 7996 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 7997 if (params->wpa_ie) 7998 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 7999 params->wpa_ie); 8000 8001 algs = 0; 8002 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 8003 algs++; 8004 if (params->auth_alg & WPA_AUTH_ALG_SHARED) 8005 algs++; 8006 if (params->auth_alg & WPA_AUTH_ALG_LEAP) 8007 algs++; 8008 if (algs > 1) { 8009 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " 8010 "selection"); 8011 goto skip_auth_type; 8012 } 8013 8014 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 8015 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 8016 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 8017 type = NL80211_AUTHTYPE_SHARED_KEY; 8018 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 8019 type = NL80211_AUTHTYPE_NETWORK_EAP; 8020 else if (params->auth_alg & WPA_AUTH_ALG_FT) 8021 type = NL80211_AUTHTYPE_FT; 8022 else 8023 goto nla_put_failure; 8024 8025 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 8026 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 8027 8028skip_auth_type: 8029 if (params->wpa_proto) { 8030 enum nl80211_wpa_versions ver = 0; 8031 8032 if (params->wpa_proto & WPA_PROTO_WPA) 8033 ver |= NL80211_WPA_VERSION_1; 8034 if (params->wpa_proto & WPA_PROTO_RSN) 8035 ver |= NL80211_WPA_VERSION_2; 8036 8037 wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver); 8038 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 8039 } 8040 8041 if (params->pairwise_suite != CIPHER_NONE) { 8042 int cipher; 8043 8044 switch (params->pairwise_suite) { 8045 case CIPHER_SMS4: 8046 cipher = WLAN_CIPHER_SUITE_SMS4; 8047 break; 8048 case CIPHER_WEP40: 8049 cipher = WLAN_CIPHER_SUITE_WEP40; 8050 break; 8051 case CIPHER_WEP104: 8052 cipher = WLAN_CIPHER_SUITE_WEP104; 8053 break; 8054 case CIPHER_CCMP: 8055 cipher = WLAN_CIPHER_SUITE_CCMP; 8056 break; 8057 case CIPHER_GCMP: 8058 cipher = WLAN_CIPHER_SUITE_GCMP; 8059 break; 8060 case CIPHER_TKIP: 8061 default: 8062 cipher = WLAN_CIPHER_SUITE_TKIP; 8063 break; 8064 } 8065 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 8066 } 8067 8068 if (params->group_suite != CIPHER_NONE) { 8069 int cipher; 8070 8071 switch (params->group_suite) { 8072 case CIPHER_SMS4: 8073 cipher = WLAN_CIPHER_SUITE_SMS4; 8074 break; 8075 case CIPHER_WEP40: 8076 cipher = WLAN_CIPHER_SUITE_WEP40; 8077 break; 8078 case CIPHER_WEP104: 8079 cipher = WLAN_CIPHER_SUITE_WEP104; 8080 break; 8081 case CIPHER_CCMP: 8082 cipher = WLAN_CIPHER_SUITE_CCMP; 8083 break; 8084 case CIPHER_GCMP: 8085 cipher = WLAN_CIPHER_SUITE_GCMP; 8086 break; 8087 case CIPHER_TKIP: 8088 default: 8089 cipher = WLAN_CIPHER_SUITE_TKIP; 8090 break; 8091 } 8092 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 8093 } 8094 8095 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 8096 params->key_mgmt_suite == KEY_MGMT_PSK || 8097 params->key_mgmt_suite == KEY_MGMT_FT_802_1X || 8098 params->key_mgmt_suite == KEY_MGMT_FT_PSK || 8099 params->key_mgmt_suite == KEY_MGMT_CCKM) { 8100 int mgmt = WLAN_AKM_SUITE_PSK; 8101 8102 switch (params->key_mgmt_suite) { 8103 case KEY_MGMT_CCKM: 8104 mgmt = WLAN_AKM_SUITE_CCKM; 8105 break; 8106 case KEY_MGMT_802_1X: 8107 mgmt = WLAN_AKM_SUITE_8021X; 8108 break; 8109 case KEY_MGMT_FT_802_1X: 8110 mgmt = WLAN_AKM_SUITE_FT_8021X; 8111 break; 8112 case KEY_MGMT_FT_PSK: 8113 mgmt = WLAN_AKM_SUITE_FT_PSK; 8114 break; 8115 case KEY_MGMT_PSK: 8116 default: 8117 mgmt = WLAN_AKM_SUITE_PSK; 8118 break; 8119 } 8120 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 8121 } 8122 8123#ifdef CONFIG_IEEE80211W 8124 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 8125 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 8126#endif /* CONFIG_IEEE80211W */ 8127 8128 if (params->disable_ht) 8129 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT); 8130 8131 if (params->htcaps && params->htcaps_mask) { 8132 int sz = sizeof(struct ieee80211_ht_capabilities); 8133 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps); 8134 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz, 8135 params->htcaps_mask); 8136 } 8137 8138#ifdef CONFIG_VHT_OVERRIDES 8139 if (params->disable_vht) { 8140 wpa_printf(MSG_DEBUG, " * VHT disabled"); 8141 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_VHT); 8142 } 8143 8144 if (params->vhtcaps && params->vhtcaps_mask) { 8145 int sz = sizeof(struct ieee80211_vht_capabilities); 8146 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, sz, params->vhtcaps); 8147 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz, 8148 params->vhtcaps_mask); 8149 } 8150#endif /* CONFIG_VHT_OVERRIDES */ 8151 8152 ret = nl80211_set_conn_keys(params, msg); 8153 if (ret) 8154 goto nla_put_failure; 8155 8156 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8157 msg = NULL; 8158 if (ret) { 8159 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 8160 "(%s)", ret, strerror(-ret)); 8161 goto nla_put_failure; 8162 } 8163 ret = 0; 8164 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 8165 8166nla_put_failure: 8167 nlmsg_free(msg); 8168 return ret; 8169 8170} 8171 8172 8173static int wpa_driver_nl80211_connect( 8174 struct wpa_driver_nl80211_data *drv, 8175 struct wpa_driver_associate_params *params) 8176{ 8177 int ret = wpa_driver_nl80211_try_connect(drv, params); 8178 if (ret == -EALREADY) { 8179 /* 8180 * cfg80211 does not currently accept new connections if 8181 * we are already connected. As a workaround, force 8182 * disconnection and try again. 8183 */ 8184 wpa_printf(MSG_DEBUG, "nl80211: Explicitly " 8185 "disconnecting before reassociation " 8186 "attempt"); 8187 if (wpa_driver_nl80211_disconnect( 8188 drv, WLAN_REASON_PREV_AUTH_NOT_VALID)) 8189 return -1; 8190 ret = wpa_driver_nl80211_try_connect(drv, params); 8191 } 8192 return ret; 8193} 8194 8195 8196static int wpa_driver_nl80211_associate( 8197 void *priv, struct wpa_driver_associate_params *params) 8198{ 8199 struct i802_bss *bss = priv; 8200 struct wpa_driver_nl80211_data *drv = bss->drv; 8201 int ret = -1; 8202 struct nl_msg *msg; 8203 8204 if (params->mode == IEEE80211_MODE_AP) 8205 return wpa_driver_nl80211_ap(drv, params); 8206 8207 if (params->mode == IEEE80211_MODE_IBSS) 8208 return wpa_driver_nl80211_ibss(drv, params); 8209 8210 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 8211 enum nl80211_iftype nlmode = params->p2p ? 8212 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; 8213 8214 if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0) 8215 return -1; 8216 return wpa_driver_nl80211_connect(drv, params); 8217 } 8218 8219 nl80211_mark_disconnected(drv); 8220 8221 msg = nlmsg_alloc(); 8222 if (!msg) 8223 return -1; 8224 8225 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 8226 drv->ifindex); 8227 nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE); 8228 8229 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8230 if (params->bssid) { 8231 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 8232 MAC2STR(params->bssid)); 8233 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 8234 } 8235 if (params->freq) { 8236 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 8237 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 8238 drv->assoc_freq = params->freq; 8239 } else 8240 drv->assoc_freq = 0; 8241 if (params->bg_scan_period >= 0) { 8242 wpa_printf(MSG_DEBUG, " * bg scan period=%d", 8243 params->bg_scan_period); 8244 NLA_PUT_U16(msg, NL80211_ATTR_BG_SCAN_PERIOD, 8245 params->bg_scan_period); 8246 } 8247 if (params->ssid) { 8248 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 8249 params->ssid, params->ssid_len); 8250 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 8251 params->ssid); 8252 if (params->ssid_len > sizeof(drv->ssid)) 8253 goto nla_put_failure; 8254 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 8255 drv->ssid_len = params->ssid_len; 8256 } 8257 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 8258 if (params->wpa_ie) 8259 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 8260 params->wpa_ie); 8261 8262 if (params->pairwise_suite != CIPHER_NONE) { 8263 int cipher; 8264 8265 switch (params->pairwise_suite) { 8266 case CIPHER_WEP40: 8267 cipher = WLAN_CIPHER_SUITE_WEP40; 8268 break; 8269 case CIPHER_WEP104: 8270 cipher = WLAN_CIPHER_SUITE_WEP104; 8271 break; 8272 case CIPHER_CCMP: 8273 cipher = WLAN_CIPHER_SUITE_CCMP; 8274 break; 8275 case CIPHER_GCMP: 8276 cipher = WLAN_CIPHER_SUITE_GCMP; 8277 break; 8278 case CIPHER_TKIP: 8279 default: 8280 cipher = WLAN_CIPHER_SUITE_TKIP; 8281 break; 8282 } 8283 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher); 8284 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 8285 } 8286 8287 if (params->group_suite != CIPHER_NONE) { 8288 int cipher; 8289 8290 switch (params->group_suite) { 8291 case CIPHER_WEP40: 8292 cipher = WLAN_CIPHER_SUITE_WEP40; 8293 break; 8294 case CIPHER_WEP104: 8295 cipher = WLAN_CIPHER_SUITE_WEP104; 8296 break; 8297 case CIPHER_CCMP: 8298 cipher = WLAN_CIPHER_SUITE_CCMP; 8299 break; 8300 case CIPHER_GCMP: 8301 cipher = WLAN_CIPHER_SUITE_GCMP; 8302 break; 8303 case CIPHER_TKIP: 8304 default: 8305 cipher = WLAN_CIPHER_SUITE_TKIP; 8306 break; 8307 } 8308 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher); 8309 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 8310 } 8311 8312#ifdef CONFIG_IEEE80211W 8313 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 8314 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 8315#endif /* CONFIG_IEEE80211W */ 8316 8317 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 8318 8319 if (params->prev_bssid) { 8320 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 8321 MAC2STR(params->prev_bssid)); 8322 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 8323 params->prev_bssid); 8324 } 8325 8326 if (params->disable_ht) 8327 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT); 8328 8329 if (params->htcaps && params->htcaps_mask) { 8330 int sz = sizeof(struct ieee80211_ht_capabilities); 8331 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps); 8332 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz, 8333 params->htcaps_mask); 8334 } 8335 8336#ifdef CONFIG_VHT_OVERRIDES 8337 if (params->disable_vht) { 8338 wpa_printf(MSG_DEBUG, " * VHT disabled"); 8339 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_VHT); 8340 } 8341 8342 if (params->vhtcaps && params->vhtcaps_mask) { 8343 int sz = sizeof(struct ieee80211_vht_capabilities); 8344 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, sz, params->vhtcaps); 8345 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz, 8346 params->vhtcaps_mask); 8347 } 8348#endif /* CONFIG_VHT_OVERRIDES */ 8349 8350 if (params->p2p) 8351 wpa_printf(MSG_DEBUG, " * P2P group"); 8352 8353 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8354 msg = NULL; 8355 if (ret) { 8356 wpa_dbg(drv->ctx, MSG_DEBUG, 8357 "nl80211: MLME command failed (assoc): ret=%d (%s)", 8358 ret, strerror(-ret)); 8359 nl80211_dump_scan(drv); 8360 goto nla_put_failure; 8361 } 8362 ret = 0; 8363 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 8364 "successfully"); 8365 8366nla_put_failure: 8367 nlmsg_free(msg); 8368 return ret; 8369} 8370 8371 8372static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 8373 int ifindex, enum nl80211_iftype mode) 8374{ 8375 struct nl_msg *msg; 8376 int ret = -ENOBUFS; 8377 8378 wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)", 8379 ifindex, mode, nl80211_iftype_str(mode)); 8380 8381 msg = nlmsg_alloc(); 8382 if (!msg) 8383 return -ENOMEM; 8384 8385 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE); 8386 if (nl80211_set_iface_id(msg, drv->first_bss) < 0) 8387 goto nla_put_failure; 8388 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 8389 8390 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8391 msg = NULL; 8392 if (!ret) 8393 return 0; 8394nla_put_failure: 8395 nlmsg_free(msg); 8396 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 8397 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 8398 return ret; 8399} 8400 8401 8402static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 8403 enum nl80211_iftype nlmode) 8404{ 8405 struct wpa_driver_nl80211_data *drv = bss->drv; 8406 int ret = -1; 8407 int i; 8408 int was_ap = is_ap_interface(drv->nlmode); 8409 int res; 8410 8411 res = nl80211_set_mode(drv, drv->ifindex, nlmode); 8412 if (res && nlmode == nl80211_get_ifmode(bss)) 8413 res = 0; 8414 8415 if (res == 0) { 8416 drv->nlmode = nlmode; 8417 ret = 0; 8418 goto done; 8419 } 8420 8421 if (res == -ENODEV) 8422 return -1; 8423 8424 if (nlmode == drv->nlmode) { 8425 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 8426 "requested mode - ignore error"); 8427 ret = 0; 8428 goto done; /* Already in the requested mode */ 8429 } 8430 8431 /* mac80211 doesn't allow mode changes while the device is up, so 8432 * take the device down, try to set the mode again, and bring the 8433 * device back up. 8434 */ 8435 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting " 8436 "interface down"); 8437 for (i = 0; i < 10; i++) { 8438 res = i802_set_iface_flags(bss, 0); 8439 if (res == -EACCES || res == -ENODEV) 8440 break; 8441 if (res == 0) { 8442 /* Try to set the mode again while the interface is 8443 * down */ 8444 ret = nl80211_set_mode(drv, drv->ifindex, nlmode); 8445 if (ret == -EACCES) 8446 break; 8447 res = i802_set_iface_flags(bss, 1); 8448 if (res && !ret) 8449 ret = -1; 8450 else if (ret != -EBUSY) 8451 break; 8452 } else 8453 wpa_printf(MSG_DEBUG, "nl80211: Failed to set " 8454 "interface down"); 8455 os_sleep(0, 100000); 8456 } 8457 8458 if (!ret) { 8459 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 8460 "interface is down"); 8461 drv->nlmode = nlmode; 8462 drv->ignore_if_down_event = 1; 8463 } 8464 8465done: 8466 if (ret) { 8467 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 8468 "from %d failed", nlmode, drv->nlmode); 8469 return ret; 8470 } 8471 8472 if (is_p2p_net_interface(nlmode)) 8473 nl80211_disable_11b_rates(drv, drv->ifindex, 1); 8474 else if (drv->disabled_11b_rates) 8475 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 8476 8477 if (is_ap_interface(nlmode)) { 8478 nl80211_mgmt_unsubscribe(bss, "start AP"); 8479 /* Setup additional AP mode functionality if needed */ 8480 if (nl80211_setup_ap(bss)) 8481 return -1; 8482 } else if (was_ap) { 8483 /* Remove additional AP mode functionality */ 8484 nl80211_teardown_ap(bss); 8485 } else { 8486 nl80211_mgmt_unsubscribe(bss, "mode change"); 8487 } 8488 8489 if (!bss->in_deinit && !is_ap_interface(nlmode) && 8490 nl80211_mgmt_subscribe_non_ap(bss) < 0) 8491 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 8492 "frame processing - ignore for now"); 8493 8494 return 0; 8495} 8496 8497 8498static int wpa_driver_nl80211_get_capa(void *priv, 8499 struct wpa_driver_capa *capa) 8500{ 8501 struct i802_bss *bss = priv; 8502 struct wpa_driver_nl80211_data *drv = bss->drv; 8503 if (!drv->has_capability) 8504 return -1; 8505 os_memcpy(capa, &drv->capa, sizeof(*capa)); 8506 if (drv->extended_capa && drv->extended_capa_mask) { 8507 capa->extended_capa = drv->extended_capa; 8508 capa->extended_capa_mask = drv->extended_capa_mask; 8509 capa->extended_capa_len = drv->extended_capa_len; 8510 } 8511 8512 if ((capa->flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) && 8513 !drv->allow_p2p_device) { 8514 wpa_printf(MSG_DEBUG, "nl80211: Do not indicate P2P_DEVICE support (p2p_device=1 driver param not specified)"); 8515 capa->flags &= ~WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE; 8516 } 8517 8518 return 0; 8519} 8520 8521 8522static int wpa_driver_nl80211_set_operstate(void *priv, int state) 8523{ 8524 struct i802_bss *bss = priv; 8525 struct wpa_driver_nl80211_data *drv = bss->drv; 8526 8527 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 8528 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 8529 drv->operstate = state; 8530 return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1, 8531 state ? IF_OPER_UP : IF_OPER_DORMANT); 8532} 8533 8534 8535static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 8536{ 8537 struct i802_bss *bss = priv; 8538 struct wpa_driver_nl80211_data *drv = bss->drv; 8539 struct nl_msg *msg; 8540 struct nl80211_sta_flag_update upd; 8541 8542 wpa_printf(MSG_DEBUG, "nl80211: Set supplicant port %sauthorized for " 8543 MACSTR, authorized ? "" : "un", MAC2STR(drv->bssid)); 8544 8545 msg = nlmsg_alloc(); 8546 if (!msg) 8547 return -ENOMEM; 8548 8549 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 8550 8551 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 8552 if_nametoindex(bss->ifname)); 8553 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 8554 8555 os_memset(&upd, 0, sizeof(upd)); 8556 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 8557 if (authorized) 8558 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 8559 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 8560 8561 return send_and_recv_msgs(drv, msg, NULL, NULL); 8562 nla_put_failure: 8563 nlmsg_free(msg); 8564 return -ENOBUFS; 8565} 8566 8567 8568/* Set kernel driver on given frequency (MHz) */ 8569static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 8570{ 8571 struct i802_bss *bss = priv; 8572 return wpa_driver_nl80211_set_freq(bss, freq); 8573} 8574 8575 8576#if defined(HOSTAPD) || defined(CONFIG_AP) 8577 8578static inline int min_int(int a, int b) 8579{ 8580 if (a < b) 8581 return a; 8582 return b; 8583} 8584 8585 8586static int get_key_handler(struct nl_msg *msg, void *arg) 8587{ 8588 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 8589 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 8590 8591 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 8592 genlmsg_attrlen(gnlh, 0), NULL); 8593 8594 /* 8595 * TODO: validate the key index and mac address! 8596 * Otherwise, there's a race condition as soon as 8597 * the kernel starts sending key notifications. 8598 */ 8599 8600 if (tb[NL80211_ATTR_KEY_SEQ]) 8601 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 8602 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 8603 return NL_SKIP; 8604} 8605 8606 8607static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 8608 int idx, u8 *seq) 8609{ 8610 struct i802_bss *bss = priv; 8611 struct wpa_driver_nl80211_data *drv = bss->drv; 8612 struct nl_msg *msg; 8613 8614 msg = nlmsg_alloc(); 8615 if (!msg) 8616 return -ENOMEM; 8617 8618 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY); 8619 8620 if (addr) 8621 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8622 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 8623 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 8624 8625 memset(seq, 0, 6); 8626 8627 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 8628 nla_put_failure: 8629 nlmsg_free(msg); 8630 return -ENOBUFS; 8631} 8632 8633 8634static int i802_set_rts(void *priv, int rts) 8635{ 8636 struct i802_bss *bss = priv; 8637 struct wpa_driver_nl80211_data *drv = bss->drv; 8638 struct nl_msg *msg; 8639 int ret = -ENOBUFS; 8640 u32 val; 8641 8642 msg = nlmsg_alloc(); 8643 if (!msg) 8644 return -ENOMEM; 8645 8646 if (rts >= 2347) 8647 val = (u32) -1; 8648 else 8649 val = rts; 8650 8651 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 8652 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8653 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 8654 8655 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8656 msg = NULL; 8657 if (!ret) 8658 return 0; 8659nla_put_failure: 8660 nlmsg_free(msg); 8661 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 8662 "%d (%s)", rts, ret, strerror(-ret)); 8663 return ret; 8664} 8665 8666 8667static int i802_set_frag(void *priv, int frag) 8668{ 8669 struct i802_bss *bss = priv; 8670 struct wpa_driver_nl80211_data *drv = bss->drv; 8671 struct nl_msg *msg; 8672 int ret = -ENOBUFS; 8673 u32 val; 8674 8675 msg = nlmsg_alloc(); 8676 if (!msg) 8677 return -ENOMEM; 8678 8679 if (frag >= 2346) 8680 val = (u32) -1; 8681 else 8682 val = frag; 8683 8684 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 8685 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 8686 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 8687 8688 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8689 msg = NULL; 8690 if (!ret) 8691 return 0; 8692nla_put_failure: 8693 nlmsg_free(msg); 8694 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 8695 "%d: %d (%s)", frag, ret, strerror(-ret)); 8696 return ret; 8697} 8698 8699 8700static int i802_flush(void *priv) 8701{ 8702 struct i802_bss *bss = priv; 8703 struct wpa_driver_nl80211_data *drv = bss->drv; 8704 struct nl_msg *msg; 8705 int res; 8706 8707 msg = nlmsg_alloc(); 8708 if (!msg) 8709 return -1; 8710 8711 wpa_printf(MSG_DEBUG, "nl80211: flush -> DEL_STATION %s (all)", 8712 bss->ifname); 8713 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION); 8714 8715 /* 8716 * XXX: FIX! this needs to flush all VLANs too 8717 */ 8718 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 8719 if_nametoindex(bss->ifname)); 8720 8721 res = send_and_recv_msgs(drv, msg, NULL, NULL); 8722 if (res) { 8723 wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d " 8724 "(%s)", res, strerror(-res)); 8725 } 8726 return res; 8727 nla_put_failure: 8728 nlmsg_free(msg); 8729 return -ENOBUFS; 8730} 8731 8732#endif /* HOSTAPD || CONFIG_AP */ 8733 8734 8735static int get_sta_handler(struct nl_msg *msg, void *arg) 8736{ 8737 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 8738 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 8739 struct hostap_sta_driver_data *data = arg; 8740 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 8741 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 8742 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 8743 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 8744 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 8745 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 8746 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 8747 [NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32 }, 8748 }; 8749 8750 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 8751 genlmsg_attrlen(gnlh, 0), NULL); 8752 8753 /* 8754 * TODO: validate the interface and mac address! 8755 * Otherwise, there's a race condition as soon as 8756 * the kernel starts sending station notifications. 8757 */ 8758 8759 if (!tb[NL80211_ATTR_STA_INFO]) { 8760 wpa_printf(MSG_DEBUG, "sta stats missing!"); 8761 return NL_SKIP; 8762 } 8763 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 8764 tb[NL80211_ATTR_STA_INFO], 8765 stats_policy)) { 8766 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 8767 return NL_SKIP; 8768 } 8769 8770 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 8771 data->inactive_msec = 8772 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 8773 if (stats[NL80211_STA_INFO_RX_BYTES]) 8774 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 8775 if (stats[NL80211_STA_INFO_TX_BYTES]) 8776 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 8777 if (stats[NL80211_STA_INFO_RX_PACKETS]) 8778 data->rx_packets = 8779 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 8780 if (stats[NL80211_STA_INFO_TX_PACKETS]) 8781 data->tx_packets = 8782 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 8783 if (stats[NL80211_STA_INFO_TX_FAILED]) 8784 data->tx_retry_failed = 8785 nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]); 8786 8787 return NL_SKIP; 8788} 8789 8790static int i802_read_sta_data(struct i802_bss *bss, 8791 struct hostap_sta_driver_data *data, 8792 const u8 *addr) 8793{ 8794 struct wpa_driver_nl80211_data *drv = bss->drv; 8795 struct nl_msg *msg; 8796 8797 os_memset(data, 0, sizeof(*data)); 8798 msg = nlmsg_alloc(); 8799 if (!msg) 8800 return -ENOMEM; 8801 8802 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 8803 8804 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8805 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 8806 8807 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 8808 nla_put_failure: 8809 nlmsg_free(msg); 8810 return -ENOBUFS; 8811} 8812 8813 8814#if defined(HOSTAPD) || defined(CONFIG_AP) 8815 8816static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 8817 int cw_min, int cw_max, int burst_time) 8818{ 8819 struct i802_bss *bss = priv; 8820 struct wpa_driver_nl80211_data *drv = bss->drv; 8821 struct nl_msg *msg; 8822 struct nlattr *txq, *params; 8823 8824 msg = nlmsg_alloc(); 8825 if (!msg) 8826 return -1; 8827 8828 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY); 8829 8830 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 8831 8832 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 8833 if (!txq) 8834 goto nla_put_failure; 8835 8836 /* We are only sending parameters for a single TXQ at a time */ 8837 params = nla_nest_start(msg, 1); 8838 if (!params) 8839 goto nla_put_failure; 8840 8841 switch (queue) { 8842 case 0: 8843 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO); 8844 break; 8845 case 1: 8846 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI); 8847 break; 8848 case 2: 8849 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE); 8850 break; 8851 case 3: 8852 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK); 8853 break; 8854 } 8855 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 8856 * 32 usec, so need to convert the value here. */ 8857 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 8858 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 8859 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 8860 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 8861 8862 nla_nest_end(msg, params); 8863 8864 nla_nest_end(msg, txq); 8865 8866 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 8867 return 0; 8868 msg = NULL; 8869 nla_put_failure: 8870 nlmsg_free(msg); 8871 return -1; 8872} 8873 8874 8875static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr, 8876 const char *ifname, int vlan_id) 8877{ 8878 struct wpa_driver_nl80211_data *drv = bss->drv; 8879 struct nl_msg *msg; 8880 int ret = -ENOBUFS; 8881 8882 msg = nlmsg_alloc(); 8883 if (!msg) 8884 return -ENOMEM; 8885 8886 wpa_printf(MSG_DEBUG, "nl80211: %s[%d]: set_sta_vlan(" MACSTR 8887 ", ifname=%s[%d], vlan_id=%d)", 8888 bss->ifname, if_nametoindex(bss->ifname), 8889 MAC2STR(addr), ifname, if_nametoindex(ifname), vlan_id); 8890 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION); 8891 8892 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 8893 if_nametoindex(bss->ifname)); 8894 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 8895 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 8896 if_nametoindex(ifname)); 8897 8898 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 8899 msg = NULL; 8900 if (ret < 0) { 8901 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 8902 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 8903 MAC2STR(addr), ifname, vlan_id, ret, 8904 strerror(-ret)); 8905 } 8906 nla_put_failure: 8907 nlmsg_free(msg); 8908 return ret; 8909} 8910 8911 8912static int i802_get_inact_sec(void *priv, const u8 *addr) 8913{ 8914 struct hostap_sta_driver_data data; 8915 int ret; 8916 8917 data.inactive_msec = (unsigned long) -1; 8918 ret = i802_read_sta_data(priv, &data, addr); 8919 if (ret || data.inactive_msec == (unsigned long) -1) 8920 return -1; 8921 return data.inactive_msec / 1000; 8922} 8923 8924 8925static int i802_sta_clear_stats(void *priv, const u8 *addr) 8926{ 8927#if 0 8928 /* TODO */ 8929#endif 8930 return 0; 8931} 8932 8933 8934static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 8935 int reason) 8936{ 8937 struct i802_bss *bss = priv; 8938 struct wpa_driver_nl80211_data *drv = bss->drv; 8939 struct ieee80211_mgmt mgmt; 8940 8941 if (drv->device_ap_sme) 8942 return wpa_driver_nl80211_sta_remove(bss, addr); 8943 8944 memset(&mgmt, 0, sizeof(mgmt)); 8945 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 8946 WLAN_FC_STYPE_DEAUTH); 8947 memcpy(mgmt.da, addr, ETH_ALEN); 8948 memcpy(mgmt.sa, own_addr, ETH_ALEN); 8949 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 8950 mgmt.u.deauth.reason_code = host_to_le16(reason); 8951 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 8952 IEEE80211_HDRLEN + 8953 sizeof(mgmt.u.deauth), 0, 0, 0, 0, 8954 0); 8955} 8956 8957 8958static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 8959 int reason) 8960{ 8961 struct i802_bss *bss = priv; 8962 struct wpa_driver_nl80211_data *drv = bss->drv; 8963 struct ieee80211_mgmt mgmt; 8964 8965 if (drv->device_ap_sme) 8966 return wpa_driver_nl80211_sta_remove(bss, addr); 8967 8968 memset(&mgmt, 0, sizeof(mgmt)); 8969 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 8970 WLAN_FC_STYPE_DISASSOC); 8971 memcpy(mgmt.da, addr, ETH_ALEN); 8972 memcpy(mgmt.sa, own_addr, ETH_ALEN); 8973 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 8974 mgmt.u.disassoc.reason_code = host_to_le16(reason); 8975 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 8976 IEEE80211_HDRLEN + 8977 sizeof(mgmt.u.disassoc), 0, 0, 0, 0, 8978 0); 8979} 8980 8981#endif /* HOSTAPD || CONFIG_AP */ 8982 8983#ifdef HOSTAPD 8984 8985static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 8986{ 8987 int i; 8988 int *old; 8989 8990 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 8991 ifidx); 8992 for (i = 0; i < drv->num_if_indices; i++) { 8993 if (drv->if_indices[i] == 0) { 8994 drv->if_indices[i] = ifidx; 8995 return; 8996 } 8997 } 8998 8999 if (drv->if_indices != drv->default_if_indices) 9000 old = drv->if_indices; 9001 else 9002 old = NULL; 9003 9004 drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1, 9005 sizeof(int)); 9006 if (!drv->if_indices) { 9007 if (!old) 9008 drv->if_indices = drv->default_if_indices; 9009 else 9010 drv->if_indices = old; 9011 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 9012 "interfaces"); 9013 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 9014 return; 9015 } else if (!old) 9016 os_memcpy(drv->if_indices, drv->default_if_indices, 9017 sizeof(drv->default_if_indices)); 9018 drv->if_indices[drv->num_if_indices] = ifidx; 9019 drv->num_if_indices++; 9020} 9021 9022 9023static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9024{ 9025 int i; 9026 9027 for (i = 0; i < drv->num_if_indices; i++) { 9028 if (drv->if_indices[i] == ifidx) { 9029 drv->if_indices[i] = 0; 9030 break; 9031 } 9032 } 9033} 9034 9035 9036static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 9037{ 9038 int i; 9039 9040 for (i = 0; i < drv->num_if_indices; i++) 9041 if (drv->if_indices[i] == ifidx) 9042 return 1; 9043 9044 return 0; 9045} 9046 9047 9048static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val, 9049 const char *bridge_ifname, char *ifname_wds) 9050{ 9051 struct i802_bss *bss = priv; 9052 struct wpa_driver_nl80211_data *drv = bss->drv; 9053 char name[IFNAMSIZ + 1]; 9054 9055 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 9056 if (ifname_wds) 9057 os_strlcpy(ifname_wds, name, IFNAMSIZ + 1); 9058 9059 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 9060 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 9061 if (val) { 9062 if (!if_nametoindex(name)) { 9063 if (nl80211_create_iface(drv, name, 9064 NL80211_IFTYPE_AP_VLAN, 9065 bss->addr, 1, NULL, NULL, 0) < 9066 0) 9067 return -1; 9068 if (bridge_ifname && 9069 linux_br_add_if(drv->global->ioctl_sock, 9070 bridge_ifname, name) < 0) 9071 return -1; 9072 } 9073 if (linux_set_iface_flags(drv->global->ioctl_sock, name, 1)) { 9074 wpa_printf(MSG_ERROR, "nl80211: Failed to set WDS STA " 9075 "interface %s up", name); 9076 } 9077 return i802_set_sta_vlan(priv, addr, name, 0); 9078 } else { 9079 if (bridge_ifname) 9080 linux_br_del_if(drv->global->ioctl_sock, bridge_ifname, 9081 name); 9082 9083 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 9084 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN, 9085 name); 9086 } 9087} 9088 9089 9090static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 9091{ 9092 struct wpa_driver_nl80211_data *drv = eloop_ctx; 9093 struct sockaddr_ll lladdr; 9094 unsigned char buf[3000]; 9095 int len; 9096 socklen_t fromlen = sizeof(lladdr); 9097 9098 len = recvfrom(sock, buf, sizeof(buf), 0, 9099 (struct sockaddr *)&lladdr, &fromlen); 9100 if (len < 0) { 9101 wpa_printf(MSG_ERROR, "nl80211: EAPOL recv failed: %s", 9102 strerror(errno)); 9103 return; 9104 } 9105 9106 if (have_ifidx(drv, lladdr.sll_ifindex)) 9107 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 9108} 9109 9110 9111static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 9112 struct i802_bss *bss, 9113 const char *brname, const char *ifname) 9114{ 9115 int ifindex; 9116 char in_br[IFNAMSIZ]; 9117 9118 os_strlcpy(bss->brname, brname, IFNAMSIZ); 9119 ifindex = if_nametoindex(brname); 9120 if (ifindex == 0) { 9121 /* 9122 * Bridge was configured, but the bridge device does 9123 * not exist. Try to add it now. 9124 */ 9125 if (linux_br_add(drv->global->ioctl_sock, brname) < 0) { 9126 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 9127 "bridge interface %s: %s", 9128 brname, strerror(errno)); 9129 return -1; 9130 } 9131 bss->added_bridge = 1; 9132 add_ifidx(drv, if_nametoindex(brname)); 9133 } 9134 9135 if (linux_br_get(in_br, ifname) == 0) { 9136 if (os_strcmp(in_br, brname) == 0) 9137 return 0; /* already in the bridge */ 9138 9139 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 9140 "bridge %s", ifname, in_br); 9141 if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) < 9142 0) { 9143 wpa_printf(MSG_ERROR, "nl80211: Failed to " 9144 "remove interface %s from bridge " 9145 "%s: %s", 9146 ifname, brname, strerror(errno)); 9147 return -1; 9148 } 9149 } 9150 9151 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 9152 ifname, brname); 9153 if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) { 9154 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 9155 "into bridge %s: %s", 9156 ifname, brname, strerror(errno)); 9157 return -1; 9158 } 9159 bss->added_if_into_bridge = 1; 9160 9161 return 0; 9162} 9163 9164 9165static void *i802_init(struct hostapd_data *hapd, 9166 struct wpa_init_params *params) 9167{ 9168 struct wpa_driver_nl80211_data *drv; 9169 struct i802_bss *bss; 9170 size_t i; 9171 char brname[IFNAMSIZ]; 9172 int ifindex, br_ifindex; 9173 int br_added = 0; 9174 9175 bss = wpa_driver_nl80211_init(hapd, params->ifname, 9176 params->global_priv); 9177 if (bss == NULL) 9178 return NULL; 9179 9180 drv = bss->drv; 9181 drv->nlmode = NL80211_IFTYPE_AP; 9182 drv->eapol_sock = -1; 9183 9184 if (linux_br_get(brname, params->ifname) == 0) { 9185 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 9186 params->ifname, brname); 9187 br_ifindex = if_nametoindex(brname); 9188 } else { 9189 brname[0] = '\0'; 9190 br_ifindex = 0; 9191 } 9192 9193 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 9194 drv->if_indices = drv->default_if_indices; 9195 for (i = 0; i < params->num_bridge; i++) { 9196 if (params->bridge[i]) { 9197 ifindex = if_nametoindex(params->bridge[i]); 9198 if (ifindex) 9199 add_ifidx(drv, ifindex); 9200 if (ifindex == br_ifindex) 9201 br_added = 1; 9202 } 9203 } 9204 if (!br_added && br_ifindex && 9205 (params->num_bridge == 0 || !params->bridge[0])) 9206 add_ifidx(drv, br_ifindex); 9207 9208 /* start listening for EAPOL on the default AP interface */ 9209 add_ifidx(drv, drv->ifindex); 9210 9211 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0)) 9212 goto failed; 9213 9214 if (params->bssid) { 9215 if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 9216 params->bssid)) 9217 goto failed; 9218 } 9219 9220 if (wpa_driver_nl80211_set_mode(bss, drv->nlmode)) { 9221 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s " 9222 "into AP mode", bss->ifname); 9223 goto failed; 9224 } 9225 9226 if (params->num_bridge && params->bridge[0] && 9227 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0) 9228 goto failed; 9229 9230 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) 9231 goto failed; 9232 9233 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 9234 if (drv->eapol_sock < 0) { 9235 wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s", 9236 strerror(errno)); 9237 goto failed; 9238 } 9239 9240 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 9241 { 9242 wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol"); 9243 goto failed; 9244 } 9245 9246 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 9247 params->own_addr)) 9248 goto failed; 9249 9250 memcpy(bss->addr, params->own_addr, ETH_ALEN); 9251 9252 return bss; 9253 9254failed: 9255 wpa_driver_nl80211_deinit(bss); 9256 return NULL; 9257} 9258 9259 9260static void i802_deinit(void *priv) 9261{ 9262 struct i802_bss *bss = priv; 9263 wpa_driver_nl80211_deinit(bss); 9264} 9265 9266#endif /* HOSTAPD */ 9267 9268 9269static enum nl80211_iftype wpa_driver_nl80211_if_type( 9270 enum wpa_driver_if_type type) 9271{ 9272 switch (type) { 9273 case WPA_IF_STATION: 9274 return NL80211_IFTYPE_STATION; 9275 case WPA_IF_P2P_CLIENT: 9276 case WPA_IF_P2P_GROUP: 9277 return NL80211_IFTYPE_P2P_CLIENT; 9278 case WPA_IF_AP_VLAN: 9279 return NL80211_IFTYPE_AP_VLAN; 9280 case WPA_IF_AP_BSS: 9281 return NL80211_IFTYPE_AP; 9282 case WPA_IF_P2P_GO: 9283 return NL80211_IFTYPE_P2P_GO; 9284 case WPA_IF_P2P_DEVICE: 9285 return NL80211_IFTYPE_P2P_DEVICE; 9286 } 9287 return -1; 9288} 9289 9290 9291#ifdef CONFIG_P2P 9292 9293static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr) 9294{ 9295 struct wpa_driver_nl80211_data *drv; 9296 dl_list_for_each(drv, &global->interfaces, 9297 struct wpa_driver_nl80211_data, list) { 9298 if (os_memcmp(addr, drv->first_bss->addr, ETH_ALEN) == 0) 9299 return 1; 9300 } 9301 return 0; 9302} 9303 9304 9305static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv, 9306 u8 *new_addr) 9307{ 9308 unsigned int idx; 9309 9310 if (!drv->global) 9311 return -1; 9312 9313 os_memcpy(new_addr, drv->first_bss->addr, ETH_ALEN); 9314 for (idx = 0; idx < 64; idx++) { 9315 new_addr[0] = drv->first_bss->addr[0] | 0x02; 9316 new_addr[0] ^= idx << 2; 9317 if (!nl80211_addr_in_use(drv->global, new_addr)) 9318 break; 9319 } 9320 if (idx == 64) 9321 return -1; 9322 9323 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address " 9324 MACSTR, MAC2STR(new_addr)); 9325 9326 return 0; 9327} 9328 9329#endif /* CONFIG_P2P */ 9330 9331 9332struct wdev_info { 9333 u64 wdev_id; 9334 int wdev_id_set; 9335 u8 macaddr[ETH_ALEN]; 9336}; 9337 9338static int nl80211_wdev_handler(struct nl_msg *msg, void *arg) 9339{ 9340 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9341 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9342 struct wdev_info *wi = arg; 9343 9344 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9345 genlmsg_attrlen(gnlh, 0), NULL); 9346 if (tb[NL80211_ATTR_WDEV]) { 9347 wi->wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 9348 wi->wdev_id_set = 1; 9349 } 9350 9351 if (tb[NL80211_ATTR_MAC]) 9352 os_memcpy(wi->macaddr, nla_data(tb[NL80211_ATTR_MAC]), 9353 ETH_ALEN); 9354 9355 return NL_SKIP; 9356} 9357 9358 9359static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 9360 const char *ifname, const u8 *addr, 9361 void *bss_ctx, void **drv_priv, 9362 char *force_ifname, u8 *if_addr, 9363 const char *bridge, int use_existing) 9364{ 9365 enum nl80211_iftype nlmode; 9366 struct i802_bss *bss = priv; 9367 struct wpa_driver_nl80211_data *drv = bss->drv; 9368 int ifidx; 9369 int added = 1; 9370 9371 if (addr) 9372 os_memcpy(if_addr, addr, ETH_ALEN); 9373 nlmode = wpa_driver_nl80211_if_type(type); 9374 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) { 9375 struct wdev_info p2pdev_info; 9376 9377 os_memset(&p2pdev_info, 0, sizeof(p2pdev_info)); 9378 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr, 9379 0, nl80211_wdev_handler, 9380 &p2pdev_info, use_existing); 9381 if (!p2pdev_info.wdev_id_set || ifidx != 0) { 9382 wpa_printf(MSG_ERROR, "nl80211: Failed to create a P2P Device interface %s", 9383 ifname); 9384 return -1; 9385 } 9386 9387 drv->global->if_add_wdevid = p2pdev_info.wdev_id; 9388 drv->global->if_add_wdevid_set = p2pdev_info.wdev_id_set; 9389 if (!is_zero_ether_addr(p2pdev_info.macaddr)) 9390 os_memcpy(if_addr, p2pdev_info.macaddr, ETH_ALEN); 9391 wpa_printf(MSG_DEBUG, "nl80211: New P2P Device interface %s (0x%llx) created", 9392 ifname, 9393 (long long unsigned int) p2pdev_info.wdev_id); 9394 } else { 9395 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr, 9396 0, NULL, NULL, use_existing); 9397 if (use_existing && ifidx == -ENFILE) { 9398 added = 0; 9399 ifidx = if_nametoindex(ifname); 9400 } else if (ifidx < 0) { 9401 return -1; 9402 } 9403 } 9404 9405 if (!addr) { 9406 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) 9407 os_memcpy(if_addr, bss->addr, ETH_ALEN); 9408 else if (linux_get_ifhwaddr(drv->global->ioctl_sock, 9409 bss->ifname, if_addr) < 0) { 9410 if (added) 9411 nl80211_remove_iface(drv, ifidx); 9412 return -1; 9413 } 9414 } 9415 9416#ifdef CONFIG_P2P 9417 if (!addr && 9418 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP || 9419 type == WPA_IF_P2P_GO)) { 9420 /* Enforce unique P2P Interface Address */ 9421 u8 new_addr[ETH_ALEN]; 9422 9423 if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname, 9424 new_addr) < 0) { 9425 nl80211_remove_iface(drv, ifidx); 9426 return -1; 9427 } 9428 if (nl80211_addr_in_use(drv->global, new_addr)) { 9429 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address " 9430 "for P2P group interface"); 9431 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) { 9432 nl80211_remove_iface(drv, ifidx); 9433 return -1; 9434 } 9435 if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, 9436 new_addr) < 0) { 9437 nl80211_remove_iface(drv, ifidx); 9438 return -1; 9439 } 9440 } 9441 os_memcpy(if_addr, new_addr, ETH_ALEN); 9442 } 9443#endif /* CONFIG_P2P */ 9444 9445#ifdef HOSTAPD 9446 if (type == WPA_IF_AP_BSS) { 9447 struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss)); 9448 if (new_bss == NULL) { 9449 if (added) 9450 nl80211_remove_iface(drv, ifidx); 9451 return -1; 9452 } 9453 9454 if (bridge && 9455 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) { 9456 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new " 9457 "interface %s to a bridge %s", 9458 ifname, bridge); 9459 if (added) 9460 nl80211_remove_iface(drv, ifidx); 9461 os_free(new_bss); 9462 return -1; 9463 } 9464 9465 if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1)) 9466 { 9467 nl80211_remove_iface(drv, ifidx); 9468 os_free(new_bss); 9469 return -1; 9470 } 9471 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 9472 os_memcpy(new_bss->addr, if_addr, ETH_ALEN); 9473 new_bss->ifindex = ifidx; 9474 new_bss->drv = drv; 9475 new_bss->next = drv->first_bss->next; 9476 new_bss->freq = drv->first_bss->freq; 9477 new_bss->ctx = bss_ctx; 9478 new_bss->added_if = added; 9479 drv->first_bss->next = new_bss; 9480 if (drv_priv) 9481 *drv_priv = new_bss; 9482 nl80211_init_bss(new_bss); 9483 9484 /* Subscribe management frames for this WPA_IF_AP_BSS */ 9485 if (nl80211_setup_ap(new_bss)) 9486 return -1; 9487 } 9488#endif /* HOSTAPD */ 9489 9490 if (drv->global) 9491 drv->global->if_add_ifindex = ifidx; 9492 9493 return 0; 9494} 9495 9496 9497static int wpa_driver_nl80211_if_remove(struct i802_bss *bss, 9498 enum wpa_driver_if_type type, 9499 const char *ifname) 9500{ 9501 struct wpa_driver_nl80211_data *drv = bss->drv; 9502 int ifindex = if_nametoindex(ifname); 9503 9504 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d added_if=%d", 9505 __func__, type, ifname, ifindex, bss->added_if); 9506 if (ifindex > 0 && bss->added_if) 9507 nl80211_remove_iface(drv, ifindex); 9508 9509#ifdef HOSTAPD 9510 if (type != WPA_IF_AP_BSS) 9511 return 0; 9512 9513 if (bss->added_if_into_bridge) { 9514 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 9515 bss->ifname) < 0) 9516 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 9517 "interface %s from bridge %s: %s", 9518 bss->ifname, bss->brname, strerror(errno)); 9519 } 9520 if (bss->added_bridge) { 9521 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 9522 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 9523 "bridge %s: %s", 9524 bss->brname, strerror(errno)); 9525 } 9526 9527 if (bss != drv->first_bss) { 9528 struct i802_bss *tbss; 9529 9530 wpa_printf(MSG_DEBUG, "nl80211: Not the first BSS - remove it"); 9531 for (tbss = drv->first_bss; tbss; tbss = tbss->next) { 9532 if (tbss->next == bss) { 9533 tbss->next = bss->next; 9534 /* Unsubscribe management frames */ 9535 nl80211_teardown_ap(bss); 9536 nl80211_destroy_bss(bss); 9537 os_free(bss); 9538 bss = NULL; 9539 break; 9540 } 9541 } 9542 if (bss) 9543 wpa_printf(MSG_INFO, "nl80211: %s - could not find " 9544 "BSS %p in the list", __func__, bss); 9545 } else { 9546 wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); 9547 nl80211_teardown_ap(bss); 9548 if (!bss->added_if && !drv->first_bss->next) 9549 wpa_driver_nl80211_del_beacon(drv); 9550 nl80211_destroy_bss(bss); 9551 if (!bss->added_if) 9552 i802_set_iface_flags(bss, 0); 9553 if (drv->first_bss->next) { 9554 drv->first_bss = drv->first_bss->next; 9555 drv->ctx = drv->first_bss->ctx; 9556 os_free(bss); 9557 } else { 9558 wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to"); 9559 } 9560 } 9561#endif /* HOSTAPD */ 9562 9563 return 0; 9564} 9565 9566 9567static int cookie_handler(struct nl_msg *msg, void *arg) 9568{ 9569 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 9570 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 9571 u64 *cookie = arg; 9572 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 9573 genlmsg_attrlen(gnlh, 0), NULL); 9574 if (tb[NL80211_ATTR_COOKIE]) 9575 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 9576 return NL_SKIP; 9577} 9578 9579 9580static int nl80211_send_frame_cmd(struct i802_bss *bss, 9581 unsigned int freq, unsigned int wait, 9582 const u8 *buf, size_t buf_len, 9583 u64 *cookie_out, int no_cck, int no_ack, 9584 int offchanok) 9585{ 9586 struct wpa_driver_nl80211_data *drv = bss->drv; 9587 struct nl_msg *msg; 9588 u64 cookie; 9589 int ret = -1; 9590 9591 msg = nlmsg_alloc(); 9592 if (!msg) 9593 return -1; 9594 9595 wpa_printf(MSG_MSGDUMP, "nl80211: CMD_FRAME freq=%u wait=%u no_cck=%d " 9596 "no_ack=%d offchanok=%d", 9597 freq, wait, no_cck, no_ack, offchanok); 9598 wpa_hexdump(MSG_MSGDUMP, "CMD_FRAME", buf, buf_len); 9599 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME); 9600 9601 if (nl80211_set_iface_id(msg, bss) < 0) 9602 goto nla_put_failure; 9603 if (freq) 9604 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 9605 if (wait) 9606 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait); 9607 if (offchanok && (drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX)) 9608 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK); 9609 if (no_cck) 9610 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE); 9611 if (no_ack) 9612 NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK); 9613 9614 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf); 9615 9616 cookie = 0; 9617 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 9618 msg = NULL; 9619 if (ret) { 9620 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d " 9621 "(%s) (freq=%u wait=%u)", ret, strerror(-ret), 9622 freq, wait); 9623 goto nla_put_failure; 9624 } 9625 wpa_printf(MSG_MSGDUMP, "nl80211: Frame TX command accepted%s; " 9626 "cookie 0x%llx", no_ack ? " (no ACK)" : "", 9627 (long long unsigned int) cookie); 9628 9629 if (cookie_out) 9630 *cookie_out = no_ack ? (u64) -1 : cookie; 9631 9632nla_put_failure: 9633 nlmsg_free(msg); 9634 return ret; 9635} 9636 9637 9638static int wpa_driver_nl80211_send_action(struct i802_bss *bss, 9639 unsigned int freq, 9640 unsigned int wait_time, 9641 const u8 *dst, const u8 *src, 9642 const u8 *bssid, 9643 const u8 *data, size_t data_len, 9644 int no_cck) 9645{ 9646 struct wpa_driver_nl80211_data *drv = bss->drv; 9647 int ret = -1; 9648 u8 *buf; 9649 struct ieee80211_hdr *hdr; 9650 9651 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, " 9652 "freq=%u MHz wait=%d ms no_cck=%d)", 9653 drv->ifindex, freq, wait_time, no_cck); 9654 9655 buf = os_zalloc(24 + data_len); 9656 if (buf == NULL) 9657 return ret; 9658 os_memcpy(buf + 24, data, data_len); 9659 hdr = (struct ieee80211_hdr *) buf; 9660 hdr->frame_control = 9661 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 9662 os_memcpy(hdr->addr1, dst, ETH_ALEN); 9663 os_memcpy(hdr->addr2, src, ETH_ALEN); 9664 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 9665 9666 if (is_ap_interface(drv->nlmode) && 9667 (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) || 9668 (int) freq == bss->freq || drv->device_ap_sme || 9669 !drv->use_monitor)) 9670 ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len, 9671 0, freq, no_cck, 1, 9672 wait_time); 9673 else 9674 ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf, 9675 24 + data_len, 9676 &drv->send_action_cookie, 9677 no_cck, 0, 1); 9678 9679 os_free(buf); 9680 return ret; 9681} 9682 9683 9684static void wpa_driver_nl80211_send_action_cancel_wait(void *priv) 9685{ 9686 struct i802_bss *bss = priv; 9687 struct wpa_driver_nl80211_data *drv = bss->drv; 9688 struct nl_msg *msg; 9689 int ret; 9690 9691 msg = nlmsg_alloc(); 9692 if (!msg) 9693 return; 9694 9695 wpa_printf(MSG_DEBUG, "nl80211: Cancel TX frame wait: cookie=0x%llx", 9696 (long long unsigned int) drv->send_action_cookie); 9697 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL); 9698 9699 if (nl80211_set_iface_id(msg, bss) < 0) 9700 goto nla_put_failure; 9701 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie); 9702 9703 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9704 msg = NULL; 9705 if (ret) 9706 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d " 9707 "(%s)", ret, strerror(-ret)); 9708 9709 nla_put_failure: 9710 nlmsg_free(msg); 9711} 9712 9713 9714static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 9715 unsigned int duration) 9716{ 9717 struct i802_bss *bss = priv; 9718 struct wpa_driver_nl80211_data *drv = bss->drv; 9719 struct nl_msg *msg; 9720 int ret; 9721 u64 cookie; 9722 9723 msg = nlmsg_alloc(); 9724 if (!msg) 9725 return -1; 9726 9727 nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL); 9728 9729 if (nl80211_set_iface_id(msg, bss) < 0) 9730 goto nla_put_failure; 9731 9732 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 9733 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 9734 9735 cookie = 0; 9736 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 9737 msg = NULL; 9738 if (ret == 0) { 9739 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 9740 "0x%llx for freq=%u MHz duration=%u", 9741 (long long unsigned int) cookie, freq, duration); 9742 drv->remain_on_chan_cookie = cookie; 9743 drv->pending_remain_on_chan = 1; 9744 return 0; 9745 } 9746 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 9747 "(freq=%d duration=%u): %d (%s)", 9748 freq, duration, ret, strerror(-ret)); 9749nla_put_failure: 9750 nlmsg_free(msg); 9751 return -1; 9752} 9753 9754 9755static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 9756{ 9757 struct i802_bss *bss = priv; 9758 struct wpa_driver_nl80211_data *drv = bss->drv; 9759 struct nl_msg *msg; 9760 int ret; 9761 9762 if (!drv->pending_remain_on_chan) { 9763 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 9764 "to cancel"); 9765 return -1; 9766 } 9767 9768 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 9769 "0x%llx", 9770 (long long unsigned int) drv->remain_on_chan_cookie); 9771 9772 msg = nlmsg_alloc(); 9773 if (!msg) 9774 return -1; 9775 9776 nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL); 9777 9778 if (nl80211_set_iface_id(msg, bss) < 0) 9779 goto nla_put_failure; 9780 9781 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 9782 9783 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9784 msg = NULL; 9785 if (ret == 0) 9786 return 0; 9787 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 9788 "%d (%s)", ret, strerror(-ret)); 9789nla_put_failure: 9790 nlmsg_free(msg); 9791 return -1; 9792} 9793 9794 9795static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, int report) 9796{ 9797 struct wpa_driver_nl80211_data *drv = bss->drv; 9798 9799 if (!report) { 9800 if (bss->nl_preq && drv->device_ap_sme && 9801 is_ap_interface(drv->nlmode)) { 9802 /* 9803 * Do not disable Probe Request reporting that was 9804 * enabled in nl80211_setup_ap(). 9805 */ 9806 wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of " 9807 "Probe Request reporting nl_preq=%p while " 9808 "in AP mode", bss->nl_preq); 9809 } else if (bss->nl_preq) { 9810 wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request " 9811 "reporting nl_preq=%p", bss->nl_preq); 9812 nl80211_destroy_eloop_handle(&bss->nl_preq); 9813 } 9814 return 0; 9815 } 9816 9817 if (bss->nl_preq) { 9818 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting " 9819 "already on! nl_preq=%p", bss->nl_preq); 9820 return 0; 9821 } 9822 9823 bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq"); 9824 if (bss->nl_preq == NULL) 9825 return -1; 9826 wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request " 9827 "reporting nl_preq=%p", bss->nl_preq); 9828 9829 if (nl80211_register_frame(bss, bss->nl_preq, 9830 (WLAN_FC_TYPE_MGMT << 2) | 9831 (WLAN_FC_STYPE_PROBE_REQ << 4), 9832 NULL, 0) < 0) 9833 goto out_err; 9834 9835 nl80211_register_eloop_read(&bss->nl_preq, 9836 wpa_driver_nl80211_event_receive, 9837 bss->nl_cb); 9838 9839 return 0; 9840 9841 out_err: 9842 nl_destroy_handles(&bss->nl_preq); 9843 return -1; 9844} 9845 9846 9847static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 9848 int ifindex, int disabled) 9849{ 9850 struct nl_msg *msg; 9851 struct nlattr *bands, *band; 9852 int ret; 9853 9854 msg = nlmsg_alloc(); 9855 if (!msg) 9856 return -1; 9857 9858 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK); 9859 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 9860 9861 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 9862 if (!bands) 9863 goto nla_put_failure; 9864 9865 /* 9866 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 9867 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 9868 * rates. All 5 GHz rates are left enabled. 9869 */ 9870 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 9871 if (!band) 9872 goto nla_put_failure; 9873 if (disabled) { 9874 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 9875 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 9876 } 9877 nla_nest_end(msg, band); 9878 9879 nla_nest_end(msg, bands); 9880 9881 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 9882 msg = NULL; 9883 if (ret) { 9884 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 9885 "(%s)", ret, strerror(-ret)); 9886 } else 9887 drv->disabled_11b_rates = disabled; 9888 9889 return ret; 9890 9891nla_put_failure: 9892 nlmsg_free(msg); 9893 return -1; 9894} 9895 9896 9897static int wpa_driver_nl80211_deinit_ap(void *priv) 9898{ 9899 struct i802_bss *bss = priv; 9900 struct wpa_driver_nl80211_data *drv = bss->drv; 9901 if (!is_ap_interface(drv->nlmode)) 9902 return -1; 9903 wpa_driver_nl80211_del_beacon(drv); 9904 9905 /* 9906 * If the P2P GO interface was dynamically added, then it is 9907 * possible that the interface change to station is not possible. 9908 */ 9909 if (drv->nlmode == NL80211_IFTYPE_P2P_GO && bss->if_dynamic) 9910 return 0; 9911 9912 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 9913} 9914 9915 9916static int wpa_driver_nl80211_stop_ap(void *priv) 9917{ 9918 struct i802_bss *bss = priv; 9919 struct wpa_driver_nl80211_data *drv = bss->drv; 9920 if (!is_ap_interface(drv->nlmode)) 9921 return -1; 9922 wpa_driver_nl80211_del_beacon(drv); 9923 bss->beacon_set = 0; 9924 return 0; 9925} 9926 9927 9928static int wpa_driver_nl80211_deinit_p2p_cli(void *priv) 9929{ 9930 struct i802_bss *bss = priv; 9931 struct wpa_driver_nl80211_data *drv = bss->drv; 9932 if (drv->nlmode != NL80211_IFTYPE_P2P_CLIENT) 9933 return -1; 9934 9935 /* 9936 * If the P2P Client interface was dynamically added, then it is 9937 * possible that the interface change to station is not possible. 9938 */ 9939 if (bss->if_dynamic) 9940 return 0; 9941 9942 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION); 9943} 9944 9945 9946static void wpa_driver_nl80211_resume(void *priv) 9947{ 9948 struct i802_bss *bss = priv; 9949 9950 if (i802_set_iface_flags(bss, 1)) 9951 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event"); 9952} 9953 9954 9955static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 9956 const u8 *ies, size_t ies_len) 9957{ 9958 struct i802_bss *bss = priv; 9959 struct wpa_driver_nl80211_data *drv = bss->drv; 9960 int ret; 9961 u8 *data, *pos; 9962 size_t data_len; 9963 const u8 *own_addr = bss->addr; 9964 9965 if (action != 1) { 9966 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 9967 "action %d", action); 9968 return -1; 9969 } 9970 9971 /* 9972 * Action frame payload: 9973 * Category[1] = 6 (Fast BSS Transition) 9974 * Action[1] = 1 (Fast BSS Transition Request) 9975 * STA Address 9976 * Target AP Address 9977 * FT IEs 9978 */ 9979 9980 data_len = 2 + 2 * ETH_ALEN + ies_len; 9981 data = os_malloc(data_len); 9982 if (data == NULL) 9983 return -1; 9984 pos = data; 9985 *pos++ = 0x06; /* FT Action category */ 9986 *pos++ = action; 9987 os_memcpy(pos, own_addr, ETH_ALEN); 9988 pos += ETH_ALEN; 9989 os_memcpy(pos, target_ap, ETH_ALEN); 9990 pos += ETH_ALEN; 9991 os_memcpy(pos, ies, ies_len); 9992 9993 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0, 9994 drv->bssid, own_addr, drv->bssid, 9995 data, data_len, 0); 9996 os_free(data); 9997 9998 return ret; 9999} 10000 10001 10002static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 10003{ 10004 struct i802_bss *bss = priv; 10005 struct wpa_driver_nl80211_data *drv = bss->drv; 10006 struct nl_msg *msg; 10007 struct nlattr *cqm; 10008 int ret = -1; 10009 10010 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 10011 "hysteresis=%d", threshold, hysteresis); 10012 10013 msg = nlmsg_alloc(); 10014 if (!msg) 10015 return -1; 10016 10017 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM); 10018 10019 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10020 10021 cqm = nla_nest_start(msg, NL80211_ATTR_CQM); 10022 if (cqm == NULL) 10023 goto nla_put_failure; 10024 10025 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 10026 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 10027 nla_nest_end(msg, cqm); 10028 10029 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10030 msg = NULL; 10031 10032nla_put_failure: 10033 nlmsg_free(msg); 10034 return ret; 10035} 10036 10037 10038/* Converts nl80211_chan_width to a common format */ 10039static enum chan_width convert2width(int width) 10040{ 10041 switch (width) { 10042 case NL80211_CHAN_WIDTH_20_NOHT: 10043 return CHAN_WIDTH_20_NOHT; 10044 case NL80211_CHAN_WIDTH_20: 10045 return CHAN_WIDTH_20; 10046 case NL80211_CHAN_WIDTH_40: 10047 return CHAN_WIDTH_40; 10048 case NL80211_CHAN_WIDTH_80: 10049 return CHAN_WIDTH_80; 10050 case NL80211_CHAN_WIDTH_80P80: 10051 return CHAN_WIDTH_80P80; 10052 case NL80211_CHAN_WIDTH_160: 10053 return CHAN_WIDTH_160; 10054 } 10055 return CHAN_WIDTH_UNKNOWN; 10056} 10057 10058 10059static int get_channel_width(struct nl_msg *msg, void *arg) 10060{ 10061 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10062 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10063 struct wpa_signal_info *sig_change = arg; 10064 10065 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10066 genlmsg_attrlen(gnlh, 0), NULL); 10067 10068 sig_change->center_frq1 = -1; 10069 sig_change->center_frq2 = -1; 10070 sig_change->chanwidth = CHAN_WIDTH_UNKNOWN; 10071 10072 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) { 10073 sig_change->chanwidth = convert2width( 10074 nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH])); 10075 if (tb[NL80211_ATTR_CENTER_FREQ1]) 10076 sig_change->center_frq1 = 10077 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 10078 if (tb[NL80211_ATTR_CENTER_FREQ2]) 10079 sig_change->center_frq2 = 10080 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 10081 } 10082 10083 return NL_SKIP; 10084} 10085 10086 10087static int nl80211_get_channel_width(struct wpa_driver_nl80211_data *drv, 10088 struct wpa_signal_info *sig) 10089{ 10090 struct nl_msg *msg; 10091 10092 msg = nlmsg_alloc(); 10093 if (!msg) 10094 return -ENOMEM; 10095 10096 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_INTERFACE); 10097 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10098 10099 return send_and_recv_msgs(drv, msg, get_channel_width, sig); 10100 10101nla_put_failure: 10102 nlmsg_free(msg); 10103 return -ENOBUFS; 10104} 10105 10106 10107static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si) 10108{ 10109 struct i802_bss *bss = priv; 10110 struct wpa_driver_nl80211_data *drv = bss->drv; 10111 int res; 10112 10113 os_memset(si, 0, sizeof(*si)); 10114 res = nl80211_get_link_signal(drv, si); 10115 if (res != 0) 10116 return res; 10117 10118 res = nl80211_get_channel_width(drv, si); 10119 if (res != 0) 10120 return res; 10121 10122 return nl80211_get_link_noise(drv, si); 10123} 10124 10125 10126static int wpa_driver_nl80211_shared_freq(void *priv) 10127{ 10128 struct i802_bss *bss = priv; 10129 struct wpa_driver_nl80211_data *drv = bss->drv; 10130 struct wpa_driver_nl80211_data *driver; 10131 int freq = 0; 10132 10133 /* 10134 * If the same PHY is in connected state with some other interface, 10135 * then retrieve the assoc freq. 10136 */ 10137 wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s", 10138 drv->phyname); 10139 10140 dl_list_for_each(driver, &drv->global->interfaces, 10141 struct wpa_driver_nl80211_data, list) { 10142 if (drv == driver || 10143 os_strcmp(drv->phyname, driver->phyname) != 0 || 10144#ifdef ANDROID_P2P 10145 (!driver->associated && !is_ap_interface(driver->nlmode))) 10146#else 10147 !driver->associated) 10148#endif 10149 continue; 10150 10151 wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s " 10152 MACSTR, 10153 driver->phyname, driver->first_bss->ifname, 10154 MAC2STR(driver->first_bss->addr)); 10155 if (is_ap_interface(driver->nlmode)) 10156 freq = driver->first_bss->freq; 10157 else 10158 freq = nl80211_get_assoc_freq(driver); 10159 wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d", 10160 drv->phyname, freq); 10161 } 10162 10163 if (!freq) 10164 wpa_printf(MSG_DEBUG, "nl80211: No shared interface for " 10165 "PHY (%s) in associated state", drv->phyname); 10166 10167 return freq; 10168} 10169 10170 10171static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 10172 int encrypt) 10173{ 10174 struct i802_bss *bss = priv; 10175 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0, 10176 0, 0, 0, 0); 10177} 10178 10179 10180static int nl80211_set_param(void *priv, const char *param) 10181{ 10182 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param); 10183 if (param == NULL) 10184 return 0; 10185 10186#ifdef CONFIG_P2P 10187 if (os_strstr(param, "use_p2p_group_interface=1")) { 10188 struct i802_bss *bss = priv; 10189 struct wpa_driver_nl80211_data *drv = bss->drv; 10190 10191 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 10192 "interface"); 10193 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 10194 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 10195 } 10196 10197 if (os_strstr(param, "p2p_device=1")) { 10198 struct i802_bss *bss = priv; 10199 struct wpa_driver_nl80211_data *drv = bss->drv; 10200 drv->allow_p2p_device = 1; 10201 } 10202#endif /* CONFIG_P2P */ 10203 10204 return 0; 10205} 10206 10207 10208static void * nl80211_global_init(void) 10209{ 10210 struct nl80211_global *global; 10211 struct netlink_config *cfg; 10212 10213 global = os_zalloc(sizeof(*global)); 10214 if (global == NULL) 10215 return NULL; 10216 global->ioctl_sock = -1; 10217 dl_list_init(&global->interfaces); 10218 global->if_add_ifindex = -1; 10219 10220 cfg = os_zalloc(sizeof(*cfg)); 10221 if (cfg == NULL) 10222 goto err; 10223 10224 cfg->ctx = global; 10225 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 10226 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 10227 global->netlink = netlink_init(cfg); 10228 if (global->netlink == NULL) { 10229 os_free(cfg); 10230 goto err; 10231 } 10232 10233 if (wpa_driver_nl80211_init_nl_global(global) < 0) 10234 goto err; 10235 10236 global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 10237 if (global->ioctl_sock < 0) { 10238 wpa_printf(MSG_ERROR, "nl80211: socket(PF_INET,SOCK_DGRAM) failed: %s", 10239 strerror(errno)); 10240 goto err; 10241 } 10242 10243 return global; 10244 10245err: 10246 nl80211_global_deinit(global); 10247 return NULL; 10248} 10249 10250 10251static void nl80211_global_deinit(void *priv) 10252{ 10253 struct nl80211_global *global = priv; 10254 if (global == NULL) 10255 return; 10256 if (!dl_list_empty(&global->interfaces)) { 10257 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at " 10258 "nl80211_global_deinit", 10259 dl_list_len(&global->interfaces)); 10260 } 10261 10262 if (global->netlink) 10263 netlink_deinit(global->netlink); 10264 10265 nl_destroy_handles(&global->nl); 10266 10267 if (global->nl_event) 10268 nl80211_destroy_eloop_handle(&global->nl_event); 10269 10270 nl_cb_put(global->nl_cb); 10271 10272 if (global->ioctl_sock >= 0) 10273 close(global->ioctl_sock); 10274 10275 os_free(global); 10276} 10277 10278 10279static const char * nl80211_get_radio_name(void *priv) 10280{ 10281 struct i802_bss *bss = priv; 10282 struct wpa_driver_nl80211_data *drv = bss->drv; 10283 return drv->phyname; 10284} 10285 10286 10287static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid, 10288 const u8 *pmkid) 10289{ 10290 struct nl_msg *msg; 10291 10292 msg = nlmsg_alloc(); 10293 if (!msg) 10294 return -ENOMEM; 10295 10296 nl80211_cmd(bss->drv, msg, 0, cmd); 10297 10298 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 10299 if (pmkid) 10300 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid); 10301 if (bssid) 10302 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 10303 10304 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 10305 nla_put_failure: 10306 nlmsg_free(msg); 10307 return -ENOBUFS; 10308} 10309 10310 10311static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 10312{ 10313 struct i802_bss *bss = priv; 10314 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid)); 10315 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid); 10316} 10317 10318 10319static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid) 10320{ 10321 struct i802_bss *bss = priv; 10322 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR, 10323 MAC2STR(bssid)); 10324 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid); 10325} 10326 10327 10328static int nl80211_flush_pmkid(void *priv) 10329{ 10330 struct i802_bss *bss = priv; 10331 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs"); 10332 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL); 10333} 10334 10335 10336static void clean_survey_results(struct survey_results *survey_results) 10337{ 10338 struct freq_survey *survey, *tmp; 10339 10340 if (dl_list_empty(&survey_results->survey_list)) 10341 return; 10342 10343 dl_list_for_each_safe(survey, tmp, &survey_results->survey_list, 10344 struct freq_survey, list) { 10345 dl_list_del(&survey->list); 10346 os_free(survey); 10347 } 10348} 10349 10350 10351static void add_survey(struct nlattr **sinfo, u32 ifidx, 10352 struct dl_list *survey_list) 10353{ 10354 struct freq_survey *survey; 10355 10356 survey = os_zalloc(sizeof(struct freq_survey)); 10357 if (!survey) 10358 return; 10359 10360 survey->ifidx = ifidx; 10361 survey->freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 10362 survey->filled = 0; 10363 10364 if (sinfo[NL80211_SURVEY_INFO_NOISE]) { 10365 survey->nf = (int8_t) 10366 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 10367 survey->filled |= SURVEY_HAS_NF; 10368 } 10369 10370 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]) { 10371 survey->channel_time = 10372 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]); 10373 survey->filled |= SURVEY_HAS_CHAN_TIME; 10374 } 10375 10376 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]) { 10377 survey->channel_time_busy = 10378 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]); 10379 survey->filled |= SURVEY_HAS_CHAN_TIME_BUSY; 10380 } 10381 10382 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]) { 10383 survey->channel_time_rx = 10384 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]); 10385 survey->filled |= SURVEY_HAS_CHAN_TIME_RX; 10386 } 10387 10388 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]) { 10389 survey->channel_time_tx = 10390 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]); 10391 survey->filled |= SURVEY_HAS_CHAN_TIME_TX; 10392 } 10393 10394 wpa_printf(MSG_DEBUG, "nl80211: Freq survey dump event (freq=%d MHz noise=%d channel_time=%ld busy_time=%ld tx_time=%ld rx_time=%ld filled=%04x)", 10395 survey->freq, 10396 survey->nf, 10397 (unsigned long int) survey->channel_time, 10398 (unsigned long int) survey->channel_time_busy, 10399 (unsigned long int) survey->channel_time_tx, 10400 (unsigned long int) survey->channel_time_rx, 10401 survey->filled); 10402 10403 dl_list_add_tail(survey_list, &survey->list); 10404} 10405 10406 10407static int check_survey_ok(struct nlattr **sinfo, u32 surveyed_freq, 10408 unsigned int freq_filter) 10409{ 10410 if (!freq_filter) 10411 return 1; 10412 10413 return freq_filter == surveyed_freq; 10414} 10415 10416 10417static int survey_handler(struct nl_msg *msg, void *arg) 10418{ 10419 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 10420 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 10421 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 10422 struct survey_results *survey_results; 10423 u32 surveyed_freq = 0; 10424 u32 ifidx; 10425 10426 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 10427 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 10428 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 10429 }; 10430 10431 survey_results = (struct survey_results *) arg; 10432 10433 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 10434 genlmsg_attrlen(gnlh, 0), NULL); 10435 10436 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 10437 10438 if (!tb[NL80211_ATTR_SURVEY_INFO]) 10439 return NL_SKIP; 10440 10441 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 10442 tb[NL80211_ATTR_SURVEY_INFO], 10443 survey_policy)) 10444 return NL_SKIP; 10445 10446 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) { 10447 wpa_printf(MSG_ERROR, "nl80211: Invalid survey data"); 10448 return NL_SKIP; 10449 } 10450 10451 surveyed_freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 10452 10453 if (!check_survey_ok(sinfo, surveyed_freq, 10454 survey_results->freq_filter)) 10455 return NL_SKIP; 10456 10457 if (survey_results->freq_filter && 10458 survey_results->freq_filter != surveyed_freq) { 10459 wpa_printf(MSG_EXCESSIVE, "nl80211: Ignoring survey data for freq %d MHz", 10460 surveyed_freq); 10461 return NL_SKIP; 10462 } 10463 10464 add_survey(sinfo, ifidx, &survey_results->survey_list); 10465 10466 return NL_SKIP; 10467} 10468 10469 10470static int wpa_driver_nl80211_get_survey(void *priv, unsigned int freq) 10471{ 10472 struct i802_bss *bss = priv; 10473 struct wpa_driver_nl80211_data *drv = bss->drv; 10474 struct nl_msg *msg; 10475 int err = -ENOBUFS; 10476 union wpa_event_data data; 10477 struct survey_results *survey_results; 10478 10479 os_memset(&data, 0, sizeof(data)); 10480 survey_results = &data.survey_results; 10481 10482 dl_list_init(&survey_results->survey_list); 10483 10484 msg = nlmsg_alloc(); 10485 if (!msg) 10486 goto nla_put_failure; 10487 10488 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 10489 10490 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10491 10492 if (freq) 10493 data.survey_results.freq_filter = freq; 10494 10495 do { 10496 wpa_printf(MSG_DEBUG, "nl80211: Fetch survey data"); 10497 err = send_and_recv_msgs(drv, msg, survey_handler, 10498 survey_results); 10499 } while (err > 0); 10500 10501 if (err) { 10502 wpa_printf(MSG_ERROR, "nl80211: Failed to process survey data"); 10503 goto out_clean; 10504 } 10505 10506 wpa_supplicant_event(drv->ctx, EVENT_SURVEY, &data); 10507 10508out_clean: 10509 clean_survey_results(survey_results); 10510nla_put_failure: 10511 return err; 10512} 10513 10514 10515static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck, 10516 const u8 *replay_ctr) 10517{ 10518 struct i802_bss *bss = priv; 10519 struct wpa_driver_nl80211_data *drv = bss->drv; 10520 struct nlattr *replay_nested; 10521 struct nl_msg *msg; 10522 10523 msg = nlmsg_alloc(); 10524 if (!msg) 10525 return; 10526 10527 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD); 10528 10529 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10530 10531 replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA); 10532 if (!replay_nested) 10533 goto nla_put_failure; 10534 10535 NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek); 10536 NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck); 10537 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN, 10538 replay_ctr); 10539 10540 nla_nest_end(msg, replay_nested); 10541 10542 send_and_recv_msgs(drv, msg, NULL, NULL); 10543 return; 10544 nla_put_failure: 10545 nlmsg_free(msg); 10546} 10547 10548 10549static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr, 10550 const u8 *addr, int qos) 10551{ 10552 /* send data frame to poll STA and check whether 10553 * this frame is ACKed */ 10554 struct { 10555 struct ieee80211_hdr hdr; 10556 u16 qos_ctl; 10557 } STRUCT_PACKED nulldata; 10558 size_t size; 10559 10560 /* Send data frame to poll STA and check whether this frame is ACKed */ 10561 10562 os_memset(&nulldata, 0, sizeof(nulldata)); 10563 10564 if (qos) { 10565 nulldata.hdr.frame_control = 10566 IEEE80211_FC(WLAN_FC_TYPE_DATA, 10567 WLAN_FC_STYPE_QOS_NULL); 10568 size = sizeof(nulldata); 10569 } else { 10570 nulldata.hdr.frame_control = 10571 IEEE80211_FC(WLAN_FC_TYPE_DATA, 10572 WLAN_FC_STYPE_NULLFUNC); 10573 size = sizeof(struct ieee80211_hdr); 10574 } 10575 10576 nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS); 10577 os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN); 10578 os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 10579 os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 10580 10581 if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0, 10582 0, 0) < 0) 10583 wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to " 10584 "send poll frame"); 10585} 10586 10587static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr, 10588 int qos) 10589{ 10590 struct i802_bss *bss = priv; 10591 struct wpa_driver_nl80211_data *drv = bss->drv; 10592 struct nl_msg *msg; 10593 10594 if (!drv->poll_command_supported) { 10595 nl80211_send_null_frame(bss, own_addr, addr, qos); 10596 return; 10597 } 10598 10599 msg = nlmsg_alloc(); 10600 if (!msg) 10601 return; 10602 10603 nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT); 10604 10605 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10606 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 10607 10608 send_and_recv_msgs(drv, msg, NULL, NULL); 10609 return; 10610 nla_put_failure: 10611 nlmsg_free(msg); 10612} 10613 10614 10615static int nl80211_set_power_save(struct i802_bss *bss, int enabled) 10616{ 10617 struct nl_msg *msg; 10618 10619 msg = nlmsg_alloc(); 10620 if (!msg) 10621 return -ENOMEM; 10622 10623 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_SET_POWER_SAVE); 10624 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 10625 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, 10626 enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED); 10627 return send_and_recv_msgs(bss->drv, msg, NULL, NULL); 10628nla_put_failure: 10629 nlmsg_free(msg); 10630 return -ENOBUFS; 10631} 10632 10633 10634static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps, 10635 int ctwindow) 10636{ 10637 struct i802_bss *bss = priv; 10638 10639 wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d " 10640 "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow); 10641 10642 if (opp_ps != -1 || ctwindow != -1) 10643#ifdef ANDROID_P2P 10644 wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow); 10645#else 10646 return -1; /* Not yet supported */ 10647#endif 10648 10649 if (legacy_ps == -1) 10650 return 0; 10651 if (legacy_ps != 0 && legacy_ps != 1) 10652 return -1; /* Not yet supported */ 10653 10654 return nl80211_set_power_save(bss, legacy_ps); 10655} 10656 10657 10658static int nl80211_start_radar_detection(void *priv, 10659 struct hostapd_freq_params *freq) 10660{ 10661 struct i802_bss *bss = priv; 10662 struct wpa_driver_nl80211_data *drv = bss->drv; 10663 struct nl_msg *msg; 10664 int ret; 10665 10666 wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)", 10667 freq->freq, freq->ht_enabled, freq->vht_enabled, 10668 freq->bandwidth, freq->center_freq1, freq->center_freq2); 10669 10670 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) { 10671 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support radar " 10672 "detection"); 10673 return -1; 10674 } 10675 10676 msg = nlmsg_alloc(); 10677 if (!msg) 10678 return -1; 10679 10680 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_RADAR_DETECT); 10681 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10682 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq); 10683 10684 if (freq->vht_enabled) { 10685 switch (freq->bandwidth) { 10686 case 20: 10687 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10688 NL80211_CHAN_WIDTH_20); 10689 break; 10690 case 40: 10691 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10692 NL80211_CHAN_WIDTH_40); 10693 break; 10694 case 80: 10695 if (freq->center_freq2) 10696 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10697 NL80211_CHAN_WIDTH_80P80); 10698 else 10699 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10700 NL80211_CHAN_WIDTH_80); 10701 break; 10702 case 160: 10703 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH, 10704 NL80211_CHAN_WIDTH_160); 10705 break; 10706 default: 10707 return -1; 10708 } 10709 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1); 10710 if (freq->center_freq2) 10711 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2, 10712 freq->center_freq2); 10713 } else if (freq->ht_enabled) { 10714 switch (freq->sec_channel_offset) { 10715 case -1: 10716 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 10717 NL80211_CHAN_HT40MINUS); 10718 break; 10719 case 1: 10720 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 10721 NL80211_CHAN_HT40PLUS); 10722 break; 10723 default: 10724 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 10725 NL80211_CHAN_HT20); 10726 break; 10727 } 10728 } 10729 10730 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 10731 if (ret == 0) 10732 return 0; 10733 wpa_printf(MSG_DEBUG, "nl80211: Failed to start radar detection: " 10734 "%d (%s)", ret, strerror(-ret)); 10735nla_put_failure: 10736 return -1; 10737} 10738 10739#ifdef CONFIG_TDLS 10740 10741static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code, 10742 u8 dialog_token, u16 status_code, 10743 const u8 *buf, size_t len) 10744{ 10745 struct i802_bss *bss = priv; 10746 struct wpa_driver_nl80211_data *drv = bss->drv; 10747 struct nl_msg *msg; 10748 10749 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 10750 return -EOPNOTSUPP; 10751 10752 if (!dst) 10753 return -EINVAL; 10754 10755 msg = nlmsg_alloc(); 10756 if (!msg) 10757 return -ENOMEM; 10758 10759 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT); 10760 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10761 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 10762 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code); 10763 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token); 10764 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code); 10765 NLA_PUT(msg, NL80211_ATTR_IE, len, buf); 10766 10767 return send_and_recv_msgs(drv, msg, NULL, NULL); 10768 10769nla_put_failure: 10770 nlmsg_free(msg); 10771 return -ENOBUFS; 10772} 10773 10774 10775static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer) 10776{ 10777 struct i802_bss *bss = priv; 10778 struct wpa_driver_nl80211_data *drv = bss->drv; 10779 struct nl_msg *msg; 10780 enum nl80211_tdls_operation nl80211_oper; 10781 10782 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) 10783 return -EOPNOTSUPP; 10784 10785 switch (oper) { 10786 case TDLS_DISCOVERY_REQ: 10787 nl80211_oper = NL80211_TDLS_DISCOVERY_REQ; 10788 break; 10789 case TDLS_SETUP: 10790 nl80211_oper = NL80211_TDLS_SETUP; 10791 break; 10792 case TDLS_TEARDOWN: 10793 nl80211_oper = NL80211_TDLS_TEARDOWN; 10794 break; 10795 case TDLS_ENABLE_LINK: 10796 nl80211_oper = NL80211_TDLS_ENABLE_LINK; 10797 break; 10798 case TDLS_DISABLE_LINK: 10799 nl80211_oper = NL80211_TDLS_DISABLE_LINK; 10800 break; 10801 case TDLS_ENABLE: 10802 return 0; 10803 case TDLS_DISABLE: 10804 return 0; 10805 default: 10806 return -EINVAL; 10807 } 10808 10809 msg = nlmsg_alloc(); 10810 if (!msg) 10811 return -ENOMEM; 10812 10813 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER); 10814 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper); 10815 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 10816 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer); 10817 10818 return send_and_recv_msgs(drv, msg, NULL, NULL); 10819 10820nla_put_failure: 10821 nlmsg_free(msg); 10822 return -ENOBUFS; 10823} 10824 10825#endif /* CONFIG TDLS */ 10826 10827 10828#ifdef ANDROID 10829 10830typedef struct android_wifi_priv_cmd { 10831 char *buf; 10832 int used_len; 10833 int total_len; 10834} android_wifi_priv_cmd; 10835 10836static int drv_errors = 0; 10837 10838static void wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data *drv) 10839{ 10840 drv_errors++; 10841 if (drv_errors > DRV_NUMBER_SEQUENTIAL_ERRORS) { 10842 drv_errors = 0; 10843 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED"); 10844 } 10845} 10846 10847 10848static int android_priv_cmd(struct i802_bss *bss, const char *cmd) 10849{ 10850 struct wpa_driver_nl80211_data *drv = bss->drv; 10851 struct ifreq ifr; 10852 android_wifi_priv_cmd priv_cmd; 10853 char buf[MAX_DRV_CMD_SIZE]; 10854 int ret; 10855 10856 os_memset(&ifr, 0, sizeof(ifr)); 10857 os_memset(&priv_cmd, 0, sizeof(priv_cmd)); 10858 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 10859 10860 os_memset(buf, 0, sizeof(buf)); 10861 os_strlcpy(buf, cmd, sizeof(buf)); 10862 10863 priv_cmd.buf = buf; 10864 priv_cmd.used_len = sizeof(buf); 10865 priv_cmd.total_len = sizeof(buf); 10866 ifr.ifr_data = &priv_cmd; 10867 10868 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 10869 if (ret < 0) { 10870 wpa_printf(MSG_ERROR, "%s: failed to issue private commands", 10871 __func__); 10872 wpa_driver_send_hang_msg(drv); 10873 return ret; 10874 } 10875 10876 drv_errors = 0; 10877 return 0; 10878} 10879 10880 10881static int android_pno_start(struct i802_bss *bss, 10882 struct wpa_driver_scan_params *params) 10883{ 10884 struct wpa_driver_nl80211_data *drv = bss->drv; 10885 struct ifreq ifr; 10886 android_wifi_priv_cmd priv_cmd; 10887 int ret = 0, i = 0, bp; 10888 char buf[WEXT_PNO_MAX_COMMAND_SIZE]; 10889 10890 bp = WEXT_PNOSETUP_HEADER_SIZE; 10891 os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp); 10892 buf[bp++] = WEXT_PNO_TLV_PREFIX; 10893 buf[bp++] = WEXT_PNO_TLV_VERSION; 10894 buf[bp++] = WEXT_PNO_TLV_SUBVERSION; 10895 buf[bp++] = WEXT_PNO_TLV_RESERVED; 10896 10897 while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) { 10898 /* Check that there is enough space needed for 1 more SSID, the 10899 * other sections and null termination */ 10900 if ((bp + WEXT_PNO_SSID_HEADER_SIZE + MAX_SSID_LEN + 10901 WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf)) 10902 break; 10903 wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan", 10904 params->ssids[i].ssid, 10905 params->ssids[i].ssid_len); 10906 buf[bp++] = WEXT_PNO_SSID_SECTION; 10907 buf[bp++] = params->ssids[i].ssid_len; 10908 os_memcpy(&buf[bp], params->ssids[i].ssid, 10909 params->ssids[i].ssid_len); 10910 bp += params->ssids[i].ssid_len; 10911 i++; 10912 } 10913 10914 buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION; 10915 os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x", 10916 WEXT_PNO_SCAN_INTERVAL); 10917 bp += WEXT_PNO_SCAN_INTERVAL_LENGTH; 10918 10919 buf[bp++] = WEXT_PNO_REPEAT_SECTION; 10920 os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x", 10921 WEXT_PNO_REPEAT); 10922 bp += WEXT_PNO_REPEAT_LENGTH; 10923 10924 buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION; 10925 os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x", 10926 WEXT_PNO_MAX_REPEAT); 10927 bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1; 10928 10929 memset(&ifr, 0, sizeof(ifr)); 10930 memset(&priv_cmd, 0, sizeof(priv_cmd)); 10931 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ); 10932 10933 priv_cmd.buf = buf; 10934 priv_cmd.used_len = bp; 10935 priv_cmd.total_len = bp; 10936 ifr.ifr_data = &priv_cmd; 10937 10938 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr); 10939 10940 if (ret < 0) { 10941 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d", 10942 ret); 10943 wpa_driver_send_hang_msg(drv); 10944 return ret; 10945 } 10946 10947 drv_errors = 0; 10948 10949 return android_priv_cmd(bss, "PNOFORCE 1"); 10950} 10951 10952 10953static int android_pno_stop(struct i802_bss *bss) 10954{ 10955 return android_priv_cmd(bss, "PNOFORCE 0"); 10956} 10957 10958#endif /* ANDROID */ 10959 10960 10961static int driver_nl80211_set_key(const char *ifname, void *priv, 10962 enum wpa_alg alg, const u8 *addr, 10963 int key_idx, int set_tx, 10964 const u8 *seq, size_t seq_len, 10965 const u8 *key, size_t key_len) 10966{ 10967 struct i802_bss *bss = priv; 10968 return wpa_driver_nl80211_set_key(ifname, bss, alg, addr, key_idx, 10969 set_tx, seq, seq_len, key, key_len); 10970} 10971 10972 10973static int driver_nl80211_scan2(void *priv, 10974 struct wpa_driver_scan_params *params) 10975{ 10976 struct i802_bss *bss = priv; 10977 return wpa_driver_nl80211_scan(bss, params); 10978} 10979 10980 10981static int driver_nl80211_deauthenticate(void *priv, const u8 *addr, 10982 int reason_code) 10983{ 10984 struct i802_bss *bss = priv; 10985 return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code); 10986} 10987 10988 10989static int driver_nl80211_authenticate(void *priv, 10990 struct wpa_driver_auth_params *params) 10991{ 10992 struct i802_bss *bss = priv; 10993 return wpa_driver_nl80211_authenticate(bss, params); 10994} 10995 10996 10997static void driver_nl80211_deinit(void *priv) 10998{ 10999 struct i802_bss *bss = priv; 11000 wpa_driver_nl80211_deinit(bss); 11001} 11002 11003 11004static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type, 11005 const char *ifname) 11006{ 11007 struct i802_bss *bss = priv; 11008 return wpa_driver_nl80211_if_remove(bss, type, ifname); 11009} 11010 11011 11012static int driver_nl80211_send_mlme(void *priv, const u8 *data, 11013 size_t data_len, int noack) 11014{ 11015 struct i802_bss *bss = priv; 11016 return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack, 11017 0, 0, 0, 0); 11018} 11019 11020 11021static int driver_nl80211_sta_remove(void *priv, const u8 *addr) 11022{ 11023 struct i802_bss *bss = priv; 11024 return wpa_driver_nl80211_sta_remove(bss, addr); 11025} 11026 11027 11028#if defined(HOSTAPD) || defined(CONFIG_AP) 11029static int driver_nl80211_set_sta_vlan(void *priv, const u8 *addr, 11030 const char *ifname, int vlan_id) 11031{ 11032 struct i802_bss *bss = priv; 11033 return i802_set_sta_vlan(bss, addr, ifname, vlan_id); 11034} 11035#endif /* HOSTAPD || CONFIG_AP */ 11036 11037 11038static int driver_nl80211_read_sta_data(void *priv, 11039 struct hostap_sta_driver_data *data, 11040 const u8 *addr) 11041{ 11042 struct i802_bss *bss = priv; 11043 return i802_read_sta_data(bss, data, addr); 11044} 11045 11046 11047static int driver_nl80211_send_action(void *priv, unsigned int freq, 11048 unsigned int wait_time, 11049 const u8 *dst, const u8 *src, 11050 const u8 *bssid, 11051 const u8 *data, size_t data_len, 11052 int no_cck) 11053{ 11054 struct i802_bss *bss = priv; 11055 return wpa_driver_nl80211_send_action(bss, freq, wait_time, dst, src, 11056 bssid, data, data_len, no_cck); 11057} 11058 11059 11060static int driver_nl80211_probe_req_report(void *priv, int report) 11061{ 11062 struct i802_bss *bss = priv; 11063 return wpa_driver_nl80211_probe_req_report(bss, report); 11064} 11065 11066 11067static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md, 11068 const u8 *ies, size_t ies_len) 11069{ 11070 int ret; 11071 struct nl_msg *msg; 11072 struct i802_bss *bss = priv; 11073 struct wpa_driver_nl80211_data *drv = bss->drv; 11074 u16 mdid = WPA_GET_LE16(md); 11075 11076 msg = nlmsg_alloc(); 11077 if (!msg) 11078 return -ENOMEM; 11079 11080 wpa_printf(MSG_DEBUG, "nl80211: Updating FT IEs"); 11081 nl80211_cmd(drv, msg, 0, NL80211_CMD_UPDATE_FT_IES); 11082 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 11083 NLA_PUT(msg, NL80211_ATTR_IE, ies_len, ies); 11084 NLA_PUT_U16(msg, NL80211_ATTR_MDID, mdid); 11085 11086 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 11087 if (ret) { 11088 wpa_printf(MSG_DEBUG, "nl80211: update_ft_ies failed " 11089 "err=%d (%s)", ret, strerror(-ret)); 11090 } 11091 11092 return ret; 11093 11094nla_put_failure: 11095 nlmsg_free(msg); 11096 return -ENOBUFS; 11097} 11098 11099 11100const u8 * wpa_driver_nl80211_get_macaddr(void *priv) 11101{ 11102 struct i802_bss *bss = priv; 11103 struct wpa_driver_nl80211_data *drv = bss->drv; 11104 11105 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) 11106 return NULL; 11107 11108 return bss->addr; 11109} 11110 11111 11112static const char * scan_state_str(enum scan_states scan_state) 11113{ 11114 switch (scan_state) { 11115 case NO_SCAN: 11116 return "NO_SCAN"; 11117 case SCAN_REQUESTED: 11118 return "SCAN_REQUESTED"; 11119 case SCAN_STARTED: 11120 return "SCAN_STARTED"; 11121 case SCAN_COMPLETED: 11122 return "SCAN_COMPLETED"; 11123 case SCAN_ABORTED: 11124 return "SCAN_ABORTED"; 11125 case SCHED_SCAN_STARTED: 11126 return "SCHED_SCAN_STARTED"; 11127 case SCHED_SCAN_STOPPED: 11128 return "SCHED_SCAN_STOPPED"; 11129 case SCHED_SCAN_RESULTS: 11130 return "SCHED_SCAN_RESULTS"; 11131 } 11132 11133 return "??"; 11134} 11135 11136 11137static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen) 11138{ 11139 struct i802_bss *bss = priv; 11140 struct wpa_driver_nl80211_data *drv = bss->drv; 11141 int res; 11142 char *pos, *end; 11143 11144 pos = buf; 11145 end = buf + buflen; 11146 11147 res = os_snprintf(pos, end - pos, 11148 "ifindex=%d\n" 11149 "ifname=%s\n" 11150 "brname=%s\n" 11151 "addr=" MACSTR "\n" 11152 "freq=%d\n" 11153 "%s%s%s%s%s", 11154 bss->ifindex, 11155 bss->ifname, 11156 bss->brname, 11157 MAC2STR(bss->addr), 11158 bss->freq, 11159 bss->beacon_set ? "beacon_set=1\n" : "", 11160 bss->added_if_into_bridge ? 11161 "added_if_into_bridge=1\n" : "", 11162 bss->added_bridge ? "added_bridge=1\n" : "", 11163 bss->in_deinit ? "in_deinit=1\n" : "", 11164 bss->if_dynamic ? "if_dynamic=1\n" : ""); 11165 if (res < 0 || res >= end - pos) 11166 return pos - buf; 11167 pos += res; 11168 11169 if (bss->wdev_id_set) { 11170 res = os_snprintf(pos, end - pos, "wdev_id=%llu\n", 11171 (unsigned long long) bss->wdev_id); 11172 if (res < 0 || res >= end - pos) 11173 return pos - buf; 11174 pos += res; 11175 } 11176 11177 res = os_snprintf(pos, end - pos, 11178 "phyname=%s\n" 11179 "drv_ifindex=%d\n" 11180 "operstate=%d\n" 11181 "scan_state=%s\n" 11182 "auth_bssid=" MACSTR "\n" 11183 "auth_attempt_bssid=" MACSTR "\n" 11184 "bssid=" MACSTR "\n" 11185 "prev_bssid=" MACSTR "\n" 11186 "associated=%d\n" 11187 "assoc_freq=%u\n" 11188 "monitor_sock=%d\n" 11189 "monitor_ifidx=%d\n" 11190 "monitor_refcount=%d\n" 11191 "last_mgmt_freq=%u\n" 11192 "eapol_tx_sock=%d\n" 11193 "%s%s%s%s%s%s%s%s%s%s%s%s%s", 11194 drv->phyname, 11195 drv->ifindex, 11196 drv->operstate, 11197 scan_state_str(drv->scan_state), 11198 MAC2STR(drv->auth_bssid), 11199 MAC2STR(drv->auth_attempt_bssid), 11200 MAC2STR(drv->bssid), 11201 MAC2STR(drv->prev_bssid), 11202 drv->associated, 11203 drv->assoc_freq, 11204 drv->monitor_sock, 11205 drv->monitor_ifidx, 11206 drv->monitor_refcount, 11207 drv->last_mgmt_freq, 11208 drv->eapol_tx_sock, 11209 drv->ignore_if_down_event ? 11210 "ignore_if_down_event=1\n" : "", 11211 drv->scan_complete_events ? 11212 "scan_complete_events=1\n" : "", 11213 drv->disabled_11b_rates ? 11214 "disabled_11b_rates=1\n" : "", 11215 drv->pending_remain_on_chan ? 11216 "pending_remain_on_chan=1\n" : "", 11217 drv->in_interface_list ? "in_interface_list=1\n" : "", 11218 drv->device_ap_sme ? "device_ap_sme=1\n" : "", 11219 drv->poll_command_supported ? 11220 "poll_command_supported=1\n" : "", 11221 drv->data_tx_status ? "data_tx_status=1\n" : "", 11222 drv->scan_for_auth ? "scan_for_auth=1\n" : "", 11223 drv->retry_auth ? "retry_auth=1\n" : "", 11224 drv->use_monitor ? "use_monitor=1\n" : "", 11225 drv->ignore_next_local_disconnect ? 11226 "ignore_next_local_disconnect=1\n" : "", 11227 drv->allow_p2p_device ? "allow_p2p_device=1\n" : ""); 11228 if (res < 0 || res >= end - pos) 11229 return pos - buf; 11230 pos += res; 11231 11232 if (drv->has_capability) { 11233 res = os_snprintf(pos, end - pos, 11234 "capa.key_mgmt=0x%x\n" 11235 "capa.enc=0x%x\n" 11236 "capa.auth=0x%x\n" 11237 "capa.flags=0x%x\n" 11238 "capa.max_scan_ssids=%d\n" 11239 "capa.max_sched_scan_ssids=%d\n" 11240 "capa.sched_scan_supported=%d\n" 11241 "capa.max_match_sets=%d\n" 11242 "capa.max_remain_on_chan=%u\n" 11243 "capa.max_stations=%u\n" 11244 "capa.probe_resp_offloads=0x%x\n" 11245 "capa.max_acl_mac_addrs=%u\n" 11246 "capa.num_multichan_concurrent=%u\n", 11247 drv->capa.key_mgmt, 11248 drv->capa.enc, 11249 drv->capa.auth, 11250 drv->capa.flags, 11251 drv->capa.max_scan_ssids, 11252 drv->capa.max_sched_scan_ssids, 11253 drv->capa.sched_scan_supported, 11254 drv->capa.max_match_sets, 11255 drv->capa.max_remain_on_chan, 11256 drv->capa.max_stations, 11257 drv->capa.probe_resp_offloads, 11258 drv->capa.max_acl_mac_addrs, 11259 drv->capa.num_multichan_concurrent); 11260 if (res < 0 || res >= end - pos) 11261 return pos - buf; 11262 pos += res; 11263 } 11264 11265 return pos - buf; 11266} 11267 11268 11269const struct wpa_driver_ops wpa_driver_nl80211_ops = { 11270 .name = "nl80211", 11271 .desc = "Linux nl80211/cfg80211", 11272 .get_bssid = wpa_driver_nl80211_get_bssid, 11273 .get_ssid = wpa_driver_nl80211_get_ssid, 11274 .set_key = driver_nl80211_set_key, 11275 .scan2 = driver_nl80211_scan2, 11276 .sched_scan = wpa_driver_nl80211_sched_scan, 11277 .stop_sched_scan = wpa_driver_nl80211_stop_sched_scan, 11278 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 11279 .deauthenticate = driver_nl80211_deauthenticate, 11280 .authenticate = driver_nl80211_authenticate, 11281 .associate = wpa_driver_nl80211_associate, 11282 .global_init = nl80211_global_init, 11283 .global_deinit = nl80211_global_deinit, 11284 .init2 = wpa_driver_nl80211_init, 11285 .deinit = driver_nl80211_deinit, 11286 .get_capa = wpa_driver_nl80211_get_capa, 11287 .set_operstate = wpa_driver_nl80211_set_operstate, 11288 .set_supp_port = wpa_driver_nl80211_set_supp_port, 11289 .set_country = wpa_driver_nl80211_set_country, 11290 .get_country = wpa_driver_nl80211_get_country, 11291 .set_ap = wpa_driver_nl80211_set_ap, 11292 .set_acl = wpa_driver_nl80211_set_acl, 11293 .if_add = wpa_driver_nl80211_if_add, 11294 .if_remove = driver_nl80211_if_remove, 11295 .send_mlme = driver_nl80211_send_mlme, 11296 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 11297 .sta_add = wpa_driver_nl80211_sta_add, 11298 .sta_remove = driver_nl80211_sta_remove, 11299 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 11300 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 11301#ifdef HOSTAPD 11302 .hapd_init = i802_init, 11303 .hapd_deinit = i802_deinit, 11304 .set_wds_sta = i802_set_wds_sta, 11305#endif /* HOSTAPD */ 11306#if defined(HOSTAPD) || defined(CONFIG_AP) 11307 .get_seqnum = i802_get_seqnum, 11308 .flush = i802_flush, 11309 .get_inact_sec = i802_get_inact_sec, 11310 .sta_clear_stats = i802_sta_clear_stats, 11311 .set_rts = i802_set_rts, 11312 .set_frag = i802_set_frag, 11313 .set_tx_queue_params = i802_set_tx_queue_params, 11314 .set_sta_vlan = driver_nl80211_set_sta_vlan, 11315 .sta_deauth = i802_sta_deauth, 11316 .sta_disassoc = i802_sta_disassoc, 11317#endif /* HOSTAPD || CONFIG_AP */ 11318 .read_sta_data = driver_nl80211_read_sta_data, 11319 .set_freq = i802_set_freq, 11320 .send_action = driver_nl80211_send_action, 11321 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait, 11322 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 11323 .cancel_remain_on_channel = 11324 wpa_driver_nl80211_cancel_remain_on_channel, 11325 .probe_req_report = driver_nl80211_probe_req_report, 11326 .deinit_ap = wpa_driver_nl80211_deinit_ap, 11327 .deinit_p2p_cli = wpa_driver_nl80211_deinit_p2p_cli, 11328 .resume = wpa_driver_nl80211_resume, 11329 .send_ft_action = nl80211_send_ft_action, 11330 .signal_monitor = nl80211_signal_monitor, 11331 .signal_poll = nl80211_signal_poll, 11332 .send_frame = nl80211_send_frame, 11333 .shared_freq = wpa_driver_nl80211_shared_freq, 11334 .set_param = nl80211_set_param, 11335 .get_radio_name = nl80211_get_radio_name, 11336 .add_pmkid = nl80211_add_pmkid, 11337 .remove_pmkid = nl80211_remove_pmkid, 11338 .flush_pmkid = nl80211_flush_pmkid, 11339 .set_rekey_info = nl80211_set_rekey_info, 11340 .poll_client = nl80211_poll_client, 11341 .set_p2p_powersave = nl80211_set_p2p_powersave, 11342 .start_dfs_cac = nl80211_start_radar_detection, 11343 .stop_ap = wpa_driver_nl80211_stop_ap, 11344#ifdef CONFIG_TDLS 11345 .send_tdls_mgmt = nl80211_send_tdls_mgmt, 11346 .tdls_oper = nl80211_tdls_oper, 11347#endif /* CONFIG_TDLS */ 11348 .update_ft_ies = wpa_driver_nl80211_update_ft_ies, 11349 .get_mac_addr = wpa_driver_nl80211_get_macaddr, 11350 .get_survey = wpa_driver_nl80211_get_survey, 11351 .status = wpa_driver_nl80211_status, 11352#ifdef ANDROID_P2P 11353 .set_noa = wpa_driver_set_p2p_noa, 11354 .get_noa = wpa_driver_get_p2p_noa, 11355 .set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie, 11356#endif 11357#ifdef ANDROID 11358 .driver_cmd = wpa_driver_nl80211_driver_cmd, 11359#endif 11360}; 11361