]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/drivers/driver_nl80211.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Added option to force SoH version 1 (tnc=soh1)
[thirdparty/hostap.git] / src / drivers / driver_nl80211.c
CommitLineData
3f5285e8
JM		 1/*
2 * WPA Supplicant - driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 *
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
11 *
12 * See README and COPYING for more details.
13 */
14
15#include "includes.h"
16#include <sys/ioctl.h>
17#include <net/if_arp.h>
18#include <netlink/genl/genl.h>
19#include <netlink/genl/family.h>
20#include <netlink/genl/ctrl.h>
21#include <linux/nl80211.h>
1c873584
JM		 22#ifdef CONFIG_CLIENT_MLME
23#include <netpacket/packet.h>
24#include <linux/if_ether.h>
25#include "radiotap.h"
26#include "radiotap_iter.h"
27#endif /* CONFIG_CLIENT_MLME */
3f5285e8
JM		 28
29#include "wireless_copy.h"
30#include "common.h"
31#include "driver.h"
32#include "eloop.h"
33#include "ieee802_11_defs.h"
34
35#ifndef IFF_LOWER_UP
36#define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
37#endif
38#ifndef IFF_DORMANT
39#define IFF_DORMANT 0x20000 /* driver signals dormant */
40#endif
41
42#ifndef IF_OPER_DORMANT
43#define IF_OPER_DORMANT 5
44#endif
45#ifndef IF_OPER_UP
46#define IF_OPER_UP 6
47#endif
48
49
50struct wpa_driver_nl80211_data {
51 void *ctx;
52 int event_sock;
53 int ioctl_sock;
54 char ifname[IFNAMSIZ + 1];
55 int ifindex;
7524cfb1 56 int if_removed;
3f5285e8
JM		 57 u8 *assoc_req_ies;
58 size_t assoc_req_ies_len;
59 u8 *assoc_resp_ies;
60 size_t assoc_resp_ies_len;
61 struct wpa_driver_capa capa;
62 int has_capability;
63 int we_version_compiled;
64
65 /* for set_auth_alg fallback */
66 int use_crypt;
67 int auth_alg_fallback;
68
69 int operstate;
70
71 char mlmedev[IFNAMSIZ + 1];
72
73 int scan_complete_events;
74
75 struct nl_handle *nl_handle;
76 struct nl_cache *nl_cache;
77 struct nl_cb *nl_cb;
78 struct genl_family *nl80211;
1c873584
JM		 79
80#ifdef CONFIG_CLIENT_MLME
81 int monitor_sock; /* socket for monitor */
82 int monitor_ifidx;
83#endif /* CONFIG_CLIENT_MLME */
3f5285e8
JM		 84};
85
86
87static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
88 void *timeout_ctx);
89static int wpa_driver_nl80211_set_mode(void *priv, int mode);
90static int wpa_driver_nl80211_flush_pmkid(void *priv);
91static int wpa_driver_nl80211_get_range(void *priv);
7524cfb1
JM		 92static void
93wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
94
3f5285e8 95
6241fcb1
JM		 96/* nl80211 code */
97static int ack_handler(struct nl_msg *msg, void *arg)
98{
99 int *err = arg;
100 *err = 0;
101 return NL_STOP;
102}
103
104static int finish_handler(struct nl_msg *msg, void *arg)
105{
8e8df255
JM		 106 int *ret = arg;
107 *ret = 0;
6241fcb1
JM		 108 return NL_SKIP;
109}
110
111static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
112 void *arg)
113{
114 int *ret = arg;
115 *ret = err->error;
116 return NL_SKIP;
117}
118
119static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
120 struct nl_msg *msg,
121 int (*valid_handler)(struct nl_msg *, void *),
122 void *valid_data)
123{
124 struct nl_cb *cb;
125 int err = -ENOMEM;
126
127 cb = nl_cb_clone(drv->nl_cb);
128 if (!cb)
129 goto out;
130
131 err = nl_send_auto_complete(drv->nl_handle, msg);
132 if (err < 0)
133 goto out;
134
135 err = 1;
136
137 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
8e8df255 138 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
6241fcb1
JM		 139 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
140
141 if (valid_handler)
142 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
143 valid_handler, valid_data);
144
145 while (err > 0)
146 nl_recvmsgs(drv->nl_handle, cb);
147 out:
148 nl_cb_put(cb);
149 nlmsg_free(msg);
150 return err;
151}
152
153
3f5285e8
JM		 154static int wpa_driver_nl80211_send_oper_ifla(
155 struct wpa_driver_nl80211_data *drv,
156 int linkmode, int operstate)
157{
158 struct {
159 struct nlmsghdr hdr;
160 struct ifinfomsg ifinfo;
161 char opts[16];
162 } req;
163 struct rtattr *rta;
164 static int nl_seq;
165 ssize_t ret;
166
167 os_memset(&req, 0, sizeof(req));
168
169 req.hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
170 req.hdr.nlmsg_type = RTM_SETLINK;
171 req.hdr.nlmsg_flags = NLM_F_REQUEST;
172 req.hdr.nlmsg_seq = ++nl_seq;
173 req.hdr.nlmsg_pid = 0;
174
175 req.ifinfo.ifi_family = AF_UNSPEC;
176 req.ifinfo.ifi_type = 0;
177 req.ifinfo.ifi_index = drv->ifindex;
178 req.ifinfo.ifi_flags = 0;
179 req.ifinfo.ifi_change = 0;
180
181 if (linkmode != -1) {
182 rta = (struct rtattr *)
183 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
184 rta->rta_type = IFLA_LINKMODE;
185 rta->rta_len = RTA_LENGTH(sizeof(char));
186 *((char *) RTA_DATA(rta)) = linkmode;
187 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
188 RTA_LENGTH(sizeof(char));
189 }
190 if (operstate != -1) {
191 rta = (struct rtattr *)
192 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
193 rta->rta_type = IFLA_OPERSTATE;
194 rta->rta_len = RTA_LENGTH(sizeof(char));
195 *((char *) RTA_DATA(rta)) = operstate;
196 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
197 RTA_LENGTH(sizeof(char));
198 }
199
200 wpa_printf(MSG_DEBUG, "WEXT: Operstate: linkmode=%d, operstate=%d",
201 linkmode, operstate);
202
203 ret = send(drv->event_sock, &req, req.hdr.nlmsg_len, 0);
204 if (ret < 0) {
205 wpa_printf(MSG_DEBUG, "WEXT: Sending operstate IFLA failed: "
206 "%s (assume operstate is not supported)",
207 strerror(errno));
208 }
209
210 return ret < 0 ? -1 : 0;
211}
212
213
214static int wpa_driver_nl80211_set_auth_param(
215 struct wpa_driver_nl80211_data *drv, int idx, u32 value)
216{
217 struct iwreq iwr;
218 int ret = 0;
219
220 os_memset(&iwr, 0, sizeof(iwr));
221 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
222 iwr.u.param.flags = idx & IW_AUTH_INDEX;
223 iwr.u.param.value = value;
224
225 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
226 if (errno != EOPNOTSUPP) {
227 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
228 "value 0x%x) failed: %s)",
229 idx, value, strerror(errno));
230 }
231 ret = errno == EOPNOTSUPP ? -2 : -1;
232 }
233
234 return ret;
235}
236
237
238static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
239{
240 struct wpa_driver_nl80211_data *drv = priv;
241 struct iwreq iwr;
242 int ret = 0;
243
244 os_memset(&iwr, 0, sizeof(iwr));
245 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
246
247 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
248 perror("ioctl[SIOCGIWAP]");
249 ret = -1;
250 }
251 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
252
253 return ret;
254}
255
256
257static int wpa_driver_nl80211_set_bssid(void *priv, const u8 *bssid)
258{
259 struct wpa_driver_nl80211_data *drv = priv;
260 struct iwreq iwr;
261 int ret = 0;
262
263 os_memset(&iwr, 0, sizeof(iwr));
264 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
265 iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
266 if (bssid)
267 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
268 else
269 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
270
271 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
272 perror("ioctl[SIOCSIWAP]");
273 ret = -1;
274 }
275
276 return ret;
277}
278
279
280static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
281{
282 struct wpa_driver_nl80211_data *drv = priv;
283 struct iwreq iwr;
284 int ret = 0;
285
286 os_memset(&iwr, 0, sizeof(iwr));
287 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
288 iwr.u.essid.pointer = (caddr_t) ssid;
289 iwr.u.essid.length = 32;
290
291 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
292 perror("ioctl[SIOCGIWESSID]");
293 ret = -1;
294 } else {
295 ret = iwr.u.essid.length;
296 if (ret > 32)
297 ret = 32;
298 /* Some drivers include nul termination in the SSID, so let's
299 * remove it here before further processing. WE-21 changes this
300 * to explicitly require the length _not_ to include nul
301 * termination. */
302 if (ret > 0 && ssid[ret - 1] == '\0' &&
303 drv->we_version_compiled < 21)
304 ret--;
305 }
306
307 return ret;
308}
309
310
311static int wpa_driver_nl80211_set_ssid(void *priv, const u8 *ssid,
312 size_t ssid_len)
313{
314 struct wpa_driver_nl80211_data *drv = priv;
315 struct iwreq iwr;
316 int ret = 0;
317 char buf[33];
318
319 if (ssid_len > 32)
320 return -1;
321
322 os_memset(&iwr, 0, sizeof(iwr));
323 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
324 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */
325 iwr.u.essid.flags = (ssid_len != 0);
326 os_memset(buf, 0, sizeof(buf));
327 os_memcpy(buf, ssid, ssid_len);
328 iwr.u.essid.pointer = (caddr_t) buf;
329 if (drv->we_version_compiled < 21) {
330 /* For historic reasons, set SSID length to include one extra
331 * character, C string nul termination, even though SSID is
332 * really an octet string that should not be presented as a C
333 * string. Some Linux drivers decrement the length by one and
334 * can thus end up missing the last octet of the SSID if the
335 * length is not incremented here. WE-21 changes this to
336 * explicitly require the length _not_ to include nul
337 * termination. */
338 if (ssid_len)
339 ssid_len++;
340 }
341 iwr.u.essid.length = ssid_len;
342
343 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
344 perror("ioctl[SIOCSIWESSID]");
345 ret = -1;
346 }
347
348 return ret;
349}
350
351
352static int wpa_driver_nl80211_set_freq(void *priv, int freq)
353{
354 struct wpa_driver_nl80211_data *drv = priv;
355 struct iwreq iwr;
356 int ret = 0;
357
358 os_memset(&iwr, 0, sizeof(iwr));
359 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
360 iwr.u.freq.m = freq * 100000;
361 iwr.u.freq.e = 1;
362
363 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
364 perror("ioctl[SIOCSIWFREQ]");
365 ret = -1;
366 }
367
368 return ret;
369}
370
371
372static void
373wpa_driver_nl80211_event_wireless_custom(void *ctx, char *custom)
374{
375 union wpa_event_data data;
376
377 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
378 custom);
379
380 os_memset(&data, 0, sizeof(data));
381 /* Host AP driver */
382 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
383 data.michael_mic_failure.unicast =
384 os_strstr(custom, " unicast ") != NULL;
385 /* TODO: parse parameters(?) */
386 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
387 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
388 char *spos;
389 int bytes;
390
391 spos = custom + 17;
392
393 bytes = strspn(spos, "0123456789abcdefABCDEF");
394 if (!bytes || (bytes & 1))
395 return;
396 bytes /= 2;
397
398 data.assoc_info.req_ies = os_malloc(bytes);
399 if (data.assoc_info.req_ies == NULL)
400 return;
401
402 data.assoc_info.req_ies_len = bytes;
403 hexstr2bin(spos, data.assoc_info.req_ies, bytes);
404
405 spos += bytes * 2;
406
407 data.assoc_info.resp_ies = NULL;
408 data.assoc_info.resp_ies_len = 0;
409
410 if (os_strncmp(spos, " RespIEs=", 9) == 0) {
411 spos += 9;
412
413 bytes = strspn(spos, "0123456789abcdefABCDEF");
414 if (!bytes || (bytes & 1))
415 goto done;
416 bytes /= 2;
417
418 data.assoc_info.resp_ies = os_malloc(bytes);
419 if (data.assoc_info.resp_ies == NULL)
420 goto done;
421
422 data.assoc_info.resp_ies_len = bytes;
423 hexstr2bin(spos, data.assoc_info.resp_ies, bytes);
424 }
425
426 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
427
428 done:
429 os_free(data.assoc_info.resp_ies);
430 os_free(data.assoc_info.req_ies);
431#ifdef CONFIG_PEERKEY
432 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
433 if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
434 wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
435 "STKSTART.request '%s'", custom + 17);
436 return;
437 }
438 wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
439#endif /* CONFIG_PEERKEY */
440 }
441}
442
443
444static int wpa_driver_nl80211_event_wireless_michaelmicfailure(
445 void *ctx, const char *ev, size_t len)
446{
447 const struct iw_michaelmicfailure *mic;
448 union wpa_event_data data;
449
450 if (len < sizeof(*mic))
451 return -1;
452
453 mic = (const struct iw_michaelmicfailure *) ev;
454
455 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
456 "flags=0x%x src_addr=" MACSTR, mic->flags,
457 MAC2STR(mic->src_addr.sa_data));
458
459 os_memset(&data, 0, sizeof(data));
460 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
461 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
462
463 return 0;
464}
465
466
467static int wpa_driver_nl80211_event_wireless_pmkidcand(
468 struct wpa_driver_nl80211_data *drv, const char *ev, size_t len)
469{
470 const struct iw_pmkid_cand *cand;
471 union wpa_event_data data;
472 const u8 *addr;
473
474 if (len < sizeof(*cand))
475 return -1;
476
477 cand = (const struct iw_pmkid_cand *) ev;
478 addr = (const u8 *) cand->bssid.sa_data;
479
480 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
481 "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
482 cand->index, MAC2STR(addr));
483
484 os_memset(&data, 0, sizeof(data));
485 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
486 data.pmkid_candidate.index = cand->index;
487 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
488 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
489
490 return 0;
491}
492
493
494static int wpa_driver_nl80211_event_wireless_assocreqie(
495 struct wpa_driver_nl80211_data *drv, const char *ev, int len)
496{
497 if (len < 0)
498 return -1;
499
500 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
501 len);
502 os_free(drv->assoc_req_ies);
503 drv->assoc_req_ies = os_malloc(len);
504 if (drv->assoc_req_ies == NULL) {
505 drv->assoc_req_ies_len = 0;
506 return -1;
507 }
508 os_memcpy(drv->assoc_req_ies, ev, len);
509 drv->assoc_req_ies_len = len;
510
511 return 0;
512}
513
514
515static int wpa_driver_nl80211_event_wireless_assocrespie(
516 struct wpa_driver_nl80211_data *drv, const char *ev, int len)
517{
518 if (len < 0)
519 return -1;
520
521 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
522 len);
523 os_free(drv->assoc_resp_ies);
524 drv->assoc_resp_ies = os_malloc(len);
525 if (drv->assoc_resp_ies == NULL) {
526 drv->assoc_resp_ies_len = 0;
527 return -1;
528 }
529 os_memcpy(drv->assoc_resp_ies, ev, len);
530 drv->assoc_resp_ies_len = len;
531
532 return 0;
533}
534
535
536static void wpa_driver_nl80211_event_assoc_ies(struct wpa_driver_nl80211_data *drv)
537{
538 union wpa_event_data data;
539
540 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
541 return;
542
543 os_memset(&data, 0, sizeof(data));
544 if (drv->assoc_req_ies) {
545 data.assoc_info.req_ies = drv->assoc_req_ies;
546 drv->assoc_req_ies = NULL;
547 data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
548 }
549 if (drv->assoc_resp_ies) {
550 data.assoc_info.resp_ies = drv->assoc_resp_ies;
551 drv->assoc_resp_ies = NULL;
552 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
553 }
554
555 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
556
557 os_free(data.assoc_info.req_ies);
558 os_free(data.assoc_info.resp_ies);
559}
560
561
562static void wpa_driver_nl80211_event_wireless(struct wpa_driver_nl80211_data *drv,
563 void *ctx, char *data, int len)
564{
565 struct iw_event iwe_buf, *iwe = &iwe_buf;
566 char *pos, *end, *custom, *buf;
567
568 pos = data;
569 end = data + len;
570
571 while (pos + IW_EV_LCP_LEN <= end) {
572 /* Event data may be unaligned, so make a local, aligned copy
573 * before processing. */
574 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
575 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
576 iwe->cmd, iwe->len);
577 if (iwe->len <= IW_EV_LCP_LEN)
578 return;
579
580 custom = pos + IW_EV_POINT_LEN;
581 if (drv->we_version_compiled > 18 &&
582 (iwe->cmd == IWEVMICHAELMICFAILURE ||
583 iwe->cmd == IWEVCUSTOM ||
584 iwe->cmd == IWEVASSOCREQIE ||
585 iwe->cmd == IWEVASSOCRESPIE ||
586 iwe->cmd == IWEVPMKIDCAND)) {
587 /* WE-19 removed the pointer from struct iw_point */
588 char *dpos = (char *) &iwe_buf.u.data.length;
589 int dlen = dpos - (char *) &iwe_buf;
590 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
591 sizeof(struct iw_event) - dlen);
592 } else {
593 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
594 custom += IW_EV_POINT_OFF;
595 }
596
597 switch (iwe->cmd) {
598 case SIOCGIWAP:
599 wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
600 MACSTR,
601 MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
602 if (is_zero_ether_addr(
603 (const u8 *) iwe->u.ap_addr.sa_data) ||
604 os_memcmp(iwe->u.ap_addr.sa_data,
605 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
606 0) {
607 os_free(drv->assoc_req_ies);
608 drv->assoc_req_ies = NULL;
609 os_free(drv->assoc_resp_ies);
610 drv->assoc_resp_ies = NULL;
611 wpa_supplicant_event(ctx, EVENT_DISASSOC,
612 NULL);
613
614 } else {
615 wpa_driver_nl80211_event_assoc_ies(drv);
616 wpa_supplicant_event(ctx, EVENT_ASSOC, NULL);
617 }
618 break;
619 case IWEVMICHAELMICFAILURE:
620 wpa_driver_nl80211_event_wireless_michaelmicfailure(
621 ctx, custom, iwe->u.data.length);
622 break;
623 case IWEVCUSTOM:
624 if (custom + iwe->u.data.length > end)
625 return;
626 buf = os_malloc(iwe->u.data.length + 1);
627 if (buf == NULL)
628 return;
629 os_memcpy(buf, custom, iwe->u.data.length);
630 buf[iwe->u.data.length] = '\0';
631 wpa_driver_nl80211_event_wireless_custom(ctx, buf);
632 os_free(buf);
633 break;
634 case SIOCGIWSCAN:
635 drv->scan_complete_events = 1;
636 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout,
637 drv, ctx);
638 wpa_supplicant_event(ctx, EVENT_SCAN_RESULTS, NULL);
639 break;
640 case IWEVASSOCREQIE:
641 wpa_driver_nl80211_event_wireless_assocreqie(
642 drv, custom, iwe->u.data.length);
643 break;
644 case IWEVASSOCRESPIE:
645 wpa_driver_nl80211_event_wireless_assocrespie(
646 drv, custom, iwe->u.data.length);
647 break;
648 case IWEVPMKIDCAND:
649 wpa_driver_nl80211_event_wireless_pmkidcand(
650 drv, custom, iwe->u.data.length);
651 break;
652 }
653
654 pos += iwe->len;
655 }
656}
657
658
7524cfb1
JM		 659static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
660 void *ctx, char *buf, size_t len,
661 int del)
3f5285e8
JM		 662{
663 union wpa_event_data event;
664
665 os_memset(&event, 0, sizeof(event));
666 if (len > sizeof(event.interface_status.ifname))
667 len = sizeof(event.interface_status.ifname) - 1;
668 os_memcpy(event.interface_status.ifname, buf, len);
669 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
670 EVENT_INTERFACE_ADDED;
671
672 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
673 del ? "DEL" : "NEW",
674 event.interface_status.ifname,
675 del ? "removed" : "added");
676
7524cfb1
JM		 677 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
678 if (del)
679 drv->if_removed = 1;
680 else
681 drv->if_removed = 0;
682 }
683
3f5285e8
JM		 684 wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event);
685}
686
687
7524cfb1
JM		 688static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
689 struct nlmsghdr *h)
690{
691 struct ifinfomsg *ifi;
692 int attrlen, _nlmsg_len, rta_len;
693 struct rtattr *attr;
694
695 ifi = NLMSG_DATA(h);
696
697 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
698
699 attrlen = h->nlmsg_len - _nlmsg_len;
700 if (attrlen < 0)
701 return 0;
702
703 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
704
705 rta_len = RTA_ALIGN(sizeof(struct rtattr));
706 while (RTA_OK(attr, attrlen)) {
707 if (attr->rta_type == IFLA_IFNAME) {
708 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
709 == 0)
710 return 1;
711 else
712 break;
713 }
714 attr = RTA_NEXT(attr, attrlen);
715 }
716
717 return 0;
718}
719
720
721static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
722 int ifindex, struct nlmsghdr *h)
723{
724 if (drv->ifindex == ifindex)
725 return 1;
726
727 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, h)) {
728 drv->ifindex = if_nametoindex(drv->ifname);
729 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
730 "interface");
731 wpa_driver_nl80211_finish_drv_init(drv);
732 return 1;
733 }
734
735 return 0;
736}
737
738
3f5285e8
JM		 739static void wpa_driver_nl80211_event_rtm_newlink(struct wpa_driver_nl80211_data *drv,
740 void *ctx, struct nlmsghdr *h,
741 size_t len)
742{
743 struct ifinfomsg *ifi;
744 int attrlen, _nlmsg_len, rta_len;
745 struct rtattr * attr;
746
747 if (len < sizeof(*ifi))
748 return;
749
750 ifi = NLMSG_DATA(h);
751
7524cfb1 752 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, h)) {
3f5285e8
JM		 753 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
754 ifi->ifi_index);
755 return;
756 }
757
758 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
759 "(%s%s%s%s)",
760 drv->operstate, ifi->ifi_flags,
761 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
762 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
763 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
764 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
765 /*
766 * Some drivers send the association event before the operup event--in
767 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
768 * fails. This will hit us when wpa_supplicant does not need to do
769 * IEEE 802.1X authentication
770 */
771 if (drv->operstate == 1 &&
772 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
773 !(ifi->ifi_flags & IFF_RUNNING))
774 wpa_driver_nl80211_send_oper_ifla(drv, -1, IF_OPER_UP);
775
776 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
777
778 attrlen = h->nlmsg_len - _nlmsg_len;
779 if (attrlen < 0)
780 return;
781
782 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
783
784 rta_len = RTA_ALIGN(sizeof(struct rtattr));
785 while (RTA_OK(attr, attrlen)) {
786 if (attr->rta_type == IFLA_WIRELESS) {
787 wpa_driver_nl80211_event_wireless(
788 drv, ctx, ((char *) attr) + rta_len,
789 attr->rta_len - rta_len);
790 } else if (attr->rta_type == IFLA_IFNAME) {
7524cfb1
JM		 791 wpa_driver_nl80211_event_link(
792 drv, ctx,
793 ((char *) attr) + rta_len,
794 attr->rta_len - rta_len, 0);
3f5285e8
JM		 795 }
796 attr = RTA_NEXT(attr, attrlen);
797 }
798}
799
800
801static void wpa_driver_nl80211_event_rtm_dellink(struct wpa_driver_nl80211_data *drv,
802 void *ctx, struct nlmsghdr *h,
803 size_t len)
804{
805 struct ifinfomsg *ifi;
806 int attrlen, _nlmsg_len, rta_len;
807 struct rtattr * attr;
808
809 if (len < sizeof(*ifi))
810 return;
811
812 ifi = NLMSG_DATA(h);
813
814 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
815
816 attrlen = h->nlmsg_len - _nlmsg_len;
817 if (attrlen < 0)
818 return;
819
820 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
821
822 rta_len = RTA_ALIGN(sizeof(struct rtattr));
823 while (RTA_OK(attr, attrlen)) {
824 if (attr->rta_type == IFLA_IFNAME) {
7524cfb1
JM		 825 wpa_driver_nl80211_event_link(
826 drv, ctx,
827 ((char *) attr) + rta_len,
828 attr->rta_len - rta_len, 1);
3f5285e8
JM		 829 }
830 attr = RTA_NEXT(attr, attrlen);
831 }
832}
833
834
835static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
836 void *sock_ctx)
837{
838 char buf[8192];
839 int left;
840 struct sockaddr_nl from;
841 socklen_t fromlen;
842 struct nlmsghdr *h;
843 int max_events = 10;
844
845try_again:
846 fromlen = sizeof(from);
847 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
848 (struct sockaddr *) &from, &fromlen);
849 if (left < 0) {
850 if (errno != EINTR && errno != EAGAIN)
851 perror("recvfrom(netlink)");
852 return;
853 }
854
855 h = (struct nlmsghdr *) buf;
856 while (left >= (int) sizeof(*h)) {
857 int len, plen;
858
859 len = h->nlmsg_len;
860 plen = len - sizeof(*h);
861 if (len > left || plen < 0) {
862 wpa_printf(MSG_DEBUG, "Malformed netlink message: "
863 "len=%d left=%d plen=%d",
864 len, left, plen);
865 break;
866 }
867
868 switch (h->nlmsg_type) {
869 case RTM_NEWLINK:
870 wpa_driver_nl80211_event_rtm_newlink(eloop_ctx, sock_ctx,
871 h, plen);
872 break;
873 case RTM_DELLINK:
874 wpa_driver_nl80211_event_rtm_dellink(eloop_ctx, sock_ctx,
875 h, plen);
876 break;
877 }
878
879 len = NLMSG_ALIGN(len);
880 left -= len;
881 h = (struct nlmsghdr *) ((char *) h + len);
882 }
883
884 if (left > 0) {
885 wpa_printf(MSG_DEBUG, "%d extra bytes in the end of netlink "
886 "message", left);
887 }
888
889 if (--max_events > 0) {
890 /*
891 * Try to receive all events in one eloop call in order to
892 * limit race condition on cases where AssocInfo event, Assoc
893 * event, and EAPOL frames are received more or less at the
894 * same time. We want to process the event messages first
895 * before starting EAPOL processing.
896 */
897 goto try_again;
898 }
899}
900
901
902static int wpa_driver_nl80211_get_ifflags_ifname(struct wpa_driver_nl80211_data *drv,
903 const char *ifname, int *flags)
904{
905 struct ifreq ifr;
906
907 os_memset(&ifr, 0, sizeof(ifr));
908 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
909 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
910 perror("ioctl[SIOCGIFFLAGS]");
911 return -1;
912 }
913 *flags = ifr.ifr_flags & 0xffff;
914 return 0;
915}
916
917
918/**
919 * wpa_driver_nl80211_get_ifflags - Get interface flags (SIOCGIFFLAGS)
920 * @drv: driver_nl80211 private data
921 * @flags: Pointer to returned flags value
922 * Returns: 0 on success, -1 on failure
923 */
924static int wpa_driver_nl80211_get_ifflags(struct wpa_driver_nl80211_data *drv,
925 int *flags)
926{
927 return wpa_driver_nl80211_get_ifflags_ifname(drv, drv->ifname, flags);
928}
929
930
931static int wpa_driver_nl80211_set_ifflags_ifname(
932 struct wpa_driver_nl80211_data *drv,
933 const char *ifname, int flags)
934{
935 struct ifreq ifr;
936
937 os_memset(&ifr, 0, sizeof(ifr));
938 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
939 ifr.ifr_flags = flags & 0xffff;
940 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
941 perror("SIOCSIFFLAGS");
942 return -1;
943 }
944 return 0;
945}
946
947
948/**
949 * wpa_driver_nl80211_set_ifflags - Set interface flags (SIOCSIFFLAGS)
950 * @drv: driver_nl80211 private data
951 * @flags: New value for flags
952 * Returns: 0 on success, -1 on failure
953 */
954static int wpa_driver_nl80211_set_ifflags(struct wpa_driver_nl80211_data *drv,
955 int flags)
956{
957 return wpa_driver_nl80211_set_ifflags_ifname(drv, drv->ifname, flags);
958}
959
960
1c873584
JM		 961#ifdef CONFIG_CLIENT_MLME
962
963static int nl80211_set_vif(struct wpa_driver_nl80211_data *drv,
964 int drop_unencrypted, int userspace_mlme)
965{
966#ifdef NL80211_CMD_SET_VIF
967 struct nl_msg *msg;
968 int ret = -1;
969
970 msg = nlmsg_alloc();
971 if (!msg)
6241fcb1 972 return -ENOMEM;
1c873584
JM		 973
974 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
975 NL80211_CMD_SET_VIF, 0);
976
977 if (drop_unencrypted >= 0)
978 NLA_PUT_U8(msg, NL80211_ATTR_VIF_DROP_UNENCRYPTED,
979 drop_unencrypted);
980 if (userspace_mlme >= 0)
981 NLA_PUT_U8(msg, NL80211_ATTR_VIF_USERSPACE_MLME,
982 userspace_mlme);
983
984 ret = 0;
985
986 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
987
6241fcb1
JM		 988 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
989 return ret;
1c873584
JM		 990
991nla_put_failure:
6241fcb1 992 return -ENOBUFS;
1c873584
JM		 993#else /* NL80211_CMD_SET_VIF */
994 return -1;
995#endif /* NL80211_CMD_SET_VIF */
996}
997
998
999static int wpa_driver_nl80211_set_userspace_mlme(
1000 struct wpa_driver_nl80211_data *drv, int enabled)
1001{
1002 return nl80211_set_vif(drv, -1, enabled);
1003}
1004
1005
1006static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
1007 int ifidx)
1008{
1009 struct nl_msg *msg;
1010
1011 msg = nlmsg_alloc();
1012 if (!msg)
1013 goto nla_put_failure;
1014
1015 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1016 0, NL80211_CMD_DEL_INTERFACE, 0);
1017 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
6241fcb1
JM		 1018 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
1019 return;
1020nla_put_failure:
1021 wpa_printf(MSG_ERROR, "nl80211: Failed to remove interface.");
1c873584
JM		 1022}
1023
1024
1025static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
1026 const char *ifname, enum nl80211_iftype iftype)
1027{
1028 struct nl_msg *msg, *flags = NULL;
1029 int ifidx, err;
6241fcb1 1030 int ret = -ENOBUFS;
1c873584
JM		 1031
1032 msg = nlmsg_alloc();
1033 if (!msg)
1034 return -1;
1035
1036 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1037 0, NL80211_CMD_NEW_INTERFACE, 0);
1038 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
1039 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
1040 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
1041
1042 if (iftype == NL80211_IFTYPE_MONITOR) {
1043 flags = nlmsg_alloc();
1044 if (!flags)
1045 goto nla_put_failure;
1046
1047 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
1048
1049 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
1050
1051 nlmsg_free(flags);
1052
1053 if (err)
1054 goto nla_put_failure;
1055 }
1056
6241fcb1
JM		 1057 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1058 if (ret) {
1059 nla_put_failure:
1060 wpa_printf(MSG_ERROR, "nl80211: Failed to create interface %d",
1061 ret);
1062 return ret;
1c873584
JM		 1063 }
1064
1c873584
JM		 1065 ifidx = if_nametoindex(ifname);
1066 if (ifidx <= 0)
1067 return -1;
1068
1069 return ifidx;
1070}
1071
1072
1073static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
1074{
1075 struct wpa_driver_nl80211_data *drv = eloop_ctx;
1076 int len;
1077 unsigned char buf[3000];
1078 struct ieee80211_radiotap_iterator iter;
1079 int ret;
1080 int injected = 0, failed = 0, rxflags = 0;
1081 struct ieee80211_rx_status rx_status;
1082
1083 len = recv(sock, buf, sizeof(buf), 0);
1084 if (len < 0) {
1085 perror("recv");
1086 return;
1087 }
1088
1089 if (ieee80211_radiotap_iterator_init(&iter, (void *) buf, len)) {
1090 wpa_printf(MSG_DEBUG, "nl80211: received invalid radiotap "
1091 "frame");
1092 return;
1093 }
1094
1095 os_memset(&rx_status, 0, sizeof(rx_status));
1096
1097 while (1) {
1098 ret = ieee80211_radiotap_iterator_next(&iter);
1099 if (ret == -ENOENT)
1100 break;
1101 if (ret) {
1102 wpa_printf(MSG_DEBUG, "nl80211: received invalid "
1103 "radiotap frame (%d)", ret);
1104 return;
1105 }
1106 switch (iter.this_arg_index) {
1107 case IEEE80211_RADIOTAP_FLAGS:
1108 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
1109 len -= 4;
1110 break;
1111 case IEEE80211_RADIOTAP_RX_FLAGS:
1112 rxflags = 1;
1113 break;
1114 case IEEE80211_RADIOTAP_TX_FLAGS:
1115 injected = 1;
1116 failed = le_to_host16((*(u16 *) iter.this_arg)) &
1117 IEEE80211_RADIOTAP_F_TX_FAIL;
1118 break;
1119 case IEEE80211_RADIOTAP_DATA_RETRIES:
1120 break;
1121 case IEEE80211_RADIOTAP_CHANNEL:
1122 /* TODO convert from freq/flags to channel number
1123 * rx_status.channel = XXX;
1124 */
1125 break;
1126 case IEEE80211_RADIOTAP_RATE:
1127 break;
1128 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
1129 rx_status.ssi = *iter.this_arg;
1130 break;
1131 }
1132 }
1133
1134 if (rxflags && injected)
1135 return;
1136
1137 if (!injected) {
1138 wpa_supplicant_sta_rx(drv->ctx, buf + iter.max_length,
1139 len - iter.max_length, &rx_status);
1140 } else if (failed) {
1141 /* TX failure callback */
1142 } else {
1143 /* TX success (ACK) callback */
1144 }
1145}
1146
1147
1148static int wpa_driver_nl80211_create_monitor_interface(
1149 struct wpa_driver_nl80211_data *drv)
1150{
1151 char buf[IFNAMSIZ];
1152 struct sockaddr_ll ll;
1153 int optval, flags;
1154 socklen_t optlen;
1155
1156 os_snprintf(buf, IFNAMSIZ, "mon.%s", drv->ifname);
1157 buf[IFNAMSIZ - 1] = '\0';
1158
1159 drv->monitor_ifidx =
1160 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR);
1161
1162 if (drv->monitor_ifidx < 0)
1163 return -1;
1164
1165 if (wpa_driver_nl80211_get_ifflags_ifname(drv, buf, &flags) != 0 ||
1166 wpa_driver_nl80211_set_ifflags_ifname(drv, buf, flags | IFF_UP) !=
1167 0) {
1168 wpa_printf(MSG_ERROR, "nl80211: Could not set interface '%s' "
1169 "UP", buf);
1170 goto error;
1171 }
1172
1173 os_memset(&ll, 0, sizeof(ll));
1174 ll.sll_family = AF_PACKET;
1175 ll.sll_ifindex = drv->monitor_ifidx;
1176 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
1177 if (drv->monitor_sock < 0) {
1178 perror("socket[PF_PACKET,SOCK_RAW]");
1179 goto error;
1180 }
1181
1182 if (bind(drv->monitor_sock, (struct sockaddr *) &ll,
1183 sizeof(ll)) < 0) {
1184 perror("monitor socket bind");
1185 goto error;
1186 }
1187
1188 optlen = sizeof(optval);
1189 optval = 20;
1190 if (setsockopt
1191 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
1192 perror("Failed to set socket priority");
1193 goto error;
1194 }
1195
1196 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
1197 drv, NULL)) {
1198 wpa_printf(MSG_ERROR, "nl80211: Could not register monitor "
1199 "read socket");
1200 goto error;
1201 }
1202
1203 return 0;
1204
1205 error:
1206 nl80211_remove_iface(drv, drv->monitor_ifidx);
1207 return -1;
1208}
1209
1210#endif /* CONFIG_CLIENT_MLME */
1211
1212
3f5285e8
JM		 1213/**
1214 * wpa_driver_nl80211_init - Initialize WE driver interface
1215 * @ctx: context to be used when calling wpa_supplicant functions,
1216 * e.g., wpa_supplicant_event()
1217 * @ifname: interface name, e.g., wlan0
1218 * Returns: Pointer to private data, %NULL on failure
1219 */
1220void * wpa_driver_nl80211_init(void *ctx, const char *ifname)
1221{
7524cfb1 1222 int s;
3f5285e8
JM		 1223 struct sockaddr_nl local;
1224 struct wpa_driver_nl80211_data *drv;
1225
1226 drv = os_zalloc(sizeof(*drv));
1227 if (drv == NULL)
1228 return NULL;
1229 drv->ctx = ctx;
1230 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
1231
1232 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1233 if (drv->nl_cb == NULL) {
1234 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1235 "callbacks");
1236 goto err1;
1237 }
1238
1239 drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb);
1240 if (drv->nl_handle == NULL) {
1241 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1242 "callbacks");
1243 goto err2;
1244 }
1245
1246 if (genl_connect(drv->nl_handle)) {
1247 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1248 "netlink");
1249 goto err3;
1250 }
1251
1252 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
1253 if (drv->nl_cache == NULL) {
1254 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1255 "netlink cache");
1256 goto err3;
1257 }
1258
1259 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
1260 if (drv->nl80211 == NULL) {
1261 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
1262 "found");
1263 goto err4;
1264 }
1265
1266 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1267 if (drv->ioctl_sock < 0) {
1268 perror("socket(PF_INET,SOCK_DGRAM)");
1269 goto err5;
1270 }
1271
1272 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
1273 if (s < 0) {
1274 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
1275 goto err6;
1276 }
1277
1278 os_memset(&local, 0, sizeof(local));
1279 local.nl_family = AF_NETLINK;
1280 local.nl_groups = RTMGRP_LINK;
1281 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
1282 perror("bind(netlink)");
1283 close(s);
1284 goto err6;
1285 }
1286
1287 eloop_register_read_sock(s, wpa_driver_nl80211_event_receive, drv,
1288 ctx);
1289 drv->event_sock = s;
1290
7524cfb1
JM		 1291 wpa_driver_nl80211_finish_drv_init(drv);
1292
1293 return drv;
1294
1295err6:
1296 close(drv->ioctl_sock);
1297err5:
1298 genl_family_put(drv->nl80211);
1299err4:
1300 nl_cache_free(drv->nl_cache);
1301err3:
1302 nl_handle_destroy(drv->nl_handle);
1303err2:
1304 nl_cb_put(drv->nl_cb);
1305err1:
1306 os_free(drv);
1307 return NULL;
1308}
1309
1310
1311static void
1312wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
1313{
1314 int flags;
1315
3f5285e8
JM		 1316 if (wpa_driver_nl80211_get_ifflags(drv, &flags) != 0)
1317 printf("Could not get interface '%s' flags\n", drv->ifname);
1318 else if (!(flags & IFF_UP)) {
1319 if (wpa_driver_nl80211_set_ifflags(drv, flags | IFF_UP) != 0) {
1320 printf("Could not set interface '%s' UP\n",
1321 drv->ifname);
1322 } else {
1323 /*
1324 * Wait some time to allow driver to initialize before
1325 * starting configuring the driver. This seems to be
1326 * needed at least some drivers that load firmware etc.
1327 * when the interface is set up.
1328 */
1329 wpa_printf(MSG_DEBUG, "Interface %s set UP - waiting "
1330 "a second for the driver to complete "
1331 "initialization", drv->ifname);
1332 sleep(1);
1333 }
1334 }
1335
1336 /*
1337 * Make sure that the driver does not have any obsolete PMKID entries.
1338 */
1339 wpa_driver_nl80211_flush_pmkid(drv);
1340
1341 if (wpa_driver_nl80211_set_mode(drv, 0) < 0) {
1342 printf("Could not configure driver to use managed mode\n");
1343 }
1344
1345 wpa_driver_nl80211_get_range(drv);
1346
1347 drv->ifindex = if_nametoindex(drv->ifname);
1348
1349 wpa_driver_nl80211_send_oper_ifla(drv, 1, IF_OPER_DORMANT);
3f5285e8
JM		 1350}
1351
1352
1353/**
1354 * wpa_driver_nl80211_deinit - Deinitialize WE driver interface
1355 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
1356 *
1357 * Shut down driver interface and processing of driver events. Free
1358 * private data buffer if one was allocated in wpa_driver_nl80211_init().
1359 */
1360void wpa_driver_nl80211_deinit(void *priv)
1361{
1362 struct wpa_driver_nl80211_data *drv = priv;
1363 int flags;
1364
1c873584
JM		 1365#ifdef CONFIG_CLIENT_MLME
1366 if (drv->monitor_sock >= 0) {
1367 eloop_unregister_read_sock(drv->monitor_sock);
1368 close(drv->monitor_sock);
1369 }
1370 if (drv->monitor_ifidx > 0)
1371 nl80211_remove_iface(drv, drv->monitor_ifidx);
1372 if (drv->capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1373 wpa_driver_nl80211_set_userspace_mlme(drv, 0);
1374#endif /* CONFIG_CLIENT_MLME */
1375
3f5285e8
JM		 1376 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1377
1378 /*
1379 * Clear possibly configured driver parameters in order to make it
1380 * easier to use the driver after wpa_supplicant has been terminated.
1381 */
1382 (void) wpa_driver_nl80211_set_bssid(drv,
1383 (u8 *) "\x00\x00\x00\x00\x00\x00");
1384
1385 wpa_driver_nl80211_send_oper_ifla(priv, 0, IF_OPER_UP);
1386
1387 eloop_unregister_read_sock(drv->event_sock);
1388
1389 if (wpa_driver_nl80211_get_ifflags(drv, &flags) == 0)
1390 (void) wpa_driver_nl80211_set_ifflags(drv, flags & ~IFF_UP);
1391
1392 close(drv->event_sock);
1393 close(drv->ioctl_sock);
1394 os_free(drv->assoc_req_ies);
1395 os_free(drv->assoc_resp_ies);
1396
1397 genl_family_put(drv->nl80211);
1398 nl_cache_free(drv->nl_cache);
1399 nl_handle_destroy(drv->nl_handle);
1400 nl_cb_put(drv->nl_cb);
1401
1402 os_free(drv);
1403}
1404
1405
1406/**
1407 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
1408 * @eloop_ctx: Unused
1409 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
1410 *
1411 * This function can be used as registered timeout when starting a scan to
1412 * generate a scan completed event if the driver does not report this.
1413 */
1414static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1415{
1416 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1417 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1418}
1419
1420
1421/**
1422 * wpa_driver_nl80211_scan - Request the driver to initiate scan
1423 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
1424 * @ssid: Specific SSID to scan for (ProbeReq) or %NULL to scan for
1425 * all SSIDs (either active scan with broadcast SSID or passive
1426 * scan
1427 * @ssid_len: Length of the SSID
1428 * Returns: 0 on success, -1 on failure
1429 */
1430static int wpa_driver_nl80211_scan(void *priv, const u8 *ssid, size_t ssid_len)
1431{
1432 struct wpa_driver_nl80211_data *drv = priv;
1433 struct iwreq iwr;
1434 int ret = 0, timeout;
1435 struct iw_scan_req req;
1436
1437 if (ssid_len > IW_ESSID_MAX_SIZE) {
1438 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
1439 __FUNCTION__, (unsigned long) ssid_len);
1440 return -1;
1441 }
1442
1443 os_memset(&iwr, 0, sizeof(iwr));
1444 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1445
1446 if (ssid && ssid_len) {
1447 os_memset(&req, 0, sizeof(req));
1448 req.essid_len = ssid_len;
1449 req.bssid.sa_family = ARPHRD_ETHER;
1450 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
1451 os_memcpy(req.essid, ssid, ssid_len);
1452 iwr.u.data.pointer = (caddr_t) &req;
1453 iwr.u.data.length = sizeof(req);
1454 iwr.u.data.flags = IW_SCAN_THIS_ESSID;
1455 }
1456
1457 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
1458 perror("ioctl[SIOCSIWSCAN]");
1459 ret = -1;
1460 }
1461
1462 /* Not all drivers generate "scan completed" wireless event, so try to
1463 * read results after a timeout. */
1464 timeout = 5;
1465 if (drv->scan_complete_events) {
1466 /*
1467 * The driver seems to deliver SIOCGIWSCAN events to notify
1468 * when scan is complete, so use longer timeout to avoid race
1469 * conditions with scanning and following association request.
1470 */
1471 timeout = 30;
1472 }
1473 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1474 "seconds", ret, timeout);
1475 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1476 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, drv,
1477 drv->ctx);
1478
1479 return ret;
1480}
1481
1482
1483static u8 * wpa_driver_nl80211_giwscan(struct wpa_driver_nl80211_data *drv,
1484 size_t *len)
1485{
1486 struct iwreq iwr;
1487 u8 *res_buf;
1488 size_t res_buf_len;
1489
1490 res_buf_len = IW_SCAN_MAX_DATA;
1491 for (;;) {
1492 res_buf = os_malloc(res_buf_len);
1493 if (res_buf == NULL)
1494 return NULL;
1495 os_memset(&iwr, 0, sizeof(iwr));
1496 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1497 iwr.u.data.pointer = res_buf;
1498 iwr.u.data.length = res_buf_len;
1499
1500 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
1501 break;
1502
1503 if (errno == E2BIG && res_buf_len < 100000) {
1504 os_free(res_buf);
1505 res_buf = NULL;
1506 res_buf_len *= 2;
1507 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
1508 "trying larger buffer (%lu bytes)",
1509 (unsigned long) res_buf_len);
1510 } else {
1511 perror("ioctl[SIOCGIWSCAN]");
1512 os_free(res_buf);
1513 return NULL;
1514 }
1515 }
1516
1517 if (iwr.u.data.length > res_buf_len) {
1518 os_free(res_buf);
1519 return NULL;
1520 }
1521 *len = iwr.u.data.length;
1522
1523 return res_buf;
1524}
1525
1526
1527/*
1528 * Data structure for collecting WEXT scan results. This is needed to allow
1529 * the various methods of reporting IEs to be combined into a single IE buffer.
1530 */
1531struct wext_scan_data {
1532 struct wpa_scan_res res;
1533 u8 *ie;
1534 size_t ie_len;
1535 u8 ssid[32];
1536 size_t ssid_len;
1537 int maxrate;
1538};
1539
1540
1541static void wext_get_scan_mode(struct iw_event *iwe,
1542 struct wext_scan_data *res)
1543{
1544 if (iwe->u.mode == IW_MODE_ADHOC)
1545 res->res.caps |= IEEE80211_CAP_IBSS;
1546 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA)
1547 res->res.caps |= IEEE80211_CAP_ESS;
1548}
1549
1550
1551static void wext_get_scan_ssid(struct iw_event *iwe,
1552 struct wext_scan_data *res, char *custom,
1553 char *end)
1554{
1555 int ssid_len = iwe->u.essid.length;
1556 if (custom + ssid_len > end)
1557 return;
1558 if (iwe->u.essid.flags &&
1559 ssid_len > 0 &&
1560 ssid_len <= IW_ESSID_MAX_SIZE) {
1561 os_memcpy(res->ssid, custom, ssid_len);
1562 res->ssid_len = ssid_len;
1563 }
1564}
1565
1566
1567static void wext_get_scan_freq(struct iw_event *iwe,
1568 struct wext_scan_data *res)
1569{
1570 int divi = 1000000, i;
1571
1572 if (iwe->u.freq.e == 0) {
1573 /*
1574 * Some drivers do not report frequency, but a channel.
1575 * Try to map this to frequency by assuming they are using
1576 * IEEE 802.11b/g. But don't overwrite a previously parsed
1577 * frequency if the driver sends both frequency and channel,
1578 * since the driver may be sending an A-band channel that we
1579 * don't handle here.
1580 */
1581
1582 if (res->res.freq)
1583 return;
1584
1585 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
1586 res->res.freq = 2407 + 5 * iwe->u.freq.m;
1587 return;
1588 } else if (iwe->u.freq.m == 14) {
1589 res->res.freq = 2484;
1590 return;
1591 }
1592 }
1593
1594 if (iwe->u.freq.e > 6) {
1595 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID="
1596 MACSTR " m=%d e=%d)",
1597 MAC2STR(res->res.bssid), iwe->u.freq.m,
1598 iwe->u.freq.e);
1599 return;
1600 }
1601
1602 for (i = 0; i < iwe->u.freq.e; i++)
1603 divi /= 10;
1604 res->res.freq = iwe->u.freq.m / divi;
1605}
1606
1607
1608static void wext_get_scan_qual(struct iw_event *iwe,
1609 struct wext_scan_data *res)
1610{
1611 res->res.qual = iwe->u.qual.qual;
1612 res->res.noise = iwe->u.qual.noise;
1613 res->res.level = iwe->u.qual.level;
1614}
1615
1616
1617static void wext_get_scan_encode(struct iw_event *iwe,
1618 struct wext_scan_data *res)
1619{
1620 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED))
1621 res->res.caps |= IEEE80211_CAP_PRIVACY;
1622}
1623
1624
1625static void wext_get_scan_rate(struct iw_event *iwe,
1626 struct wext_scan_data *res, char *pos,
1627 char *end)
1628{
1629 int maxrate;
1630 char *custom = pos + IW_EV_LCP_LEN;
1631 struct iw_param p;
1632 size_t clen;
1633
1634 clen = iwe->len;
1635 if (custom + clen > end)
1636 return;
1637 maxrate = 0;
1638 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
1639 /* Note: may be misaligned, make a local, aligned copy */
1640 os_memcpy(&p, custom, sizeof(struct iw_param));
1641 if (p.value > maxrate)
1642 maxrate = p.value;
1643 clen -= sizeof(struct iw_param);
1644 custom += sizeof(struct iw_param);
1645 }
93ef879f
DW		 1646
1647 /* Convert the maxrate from WE-style (b/s units) to
1648 * 802.11 rates (500000 b/s units).
1649 */
1650 res->maxrate = maxrate / 500000;
3f5285e8
JM		 1651}
1652
1653
1654static void wext_get_scan_iwevgenie(struct iw_event *iwe,
1655 struct wext_scan_data *res, char *custom,
1656 char *end)
1657{
1658 char *genie, *gpos, *gend;
1659 u8 *tmp;
1660
fd630bc1
JM		 1661 if (iwe->u.data.length == 0)
1662 return;
1663
3f5285e8
JM		 1664 gpos = genie = custom;
1665 gend = genie + iwe->u.data.length;
1666 if (gend > end) {
1667 wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1668 return;
1669 }
1670
1671 tmp = os_realloc(res->ie, res->ie_len + gend - gpos);
1672 if (tmp == NULL)
1673 return;
1674 os_memcpy(tmp + res->ie_len, gpos, gend - gpos);
1675 res->ie = tmp;
1676 res->ie_len += gend - gpos;
1677}
1678
1679
1680static void wext_get_scan_custom(struct iw_event *iwe,
1681 struct wext_scan_data *res, char *custom,
1682 char *end)
1683{
1684 size_t clen;
1685 u8 *tmp;
1686
1687 clen = iwe->u.data.length;
1688 if (custom + clen > end)
1689 return;
1690
1691 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
1692 char *spos;
1693 int bytes;
1694 spos = custom + 7;
1695 bytes = custom + clen - spos;
fd630bc1 1696 if (bytes & 1 || bytes == 0)
3f5285e8
JM		 1697 return;
1698 bytes /= 2;
1699 tmp = os_realloc(res->ie, res->ie_len + bytes);
1700 if (tmp == NULL)
1701 return;
1702 hexstr2bin(spos, tmp + res->ie_len, bytes);
1703 res->ie = tmp;
1704 res->ie_len += bytes;
1705 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) {
1706 char *spos;
1707 int bytes;
1708 spos = custom + 7;
1709 bytes = custom + clen - spos;
fd630bc1 1710 if (bytes & 1 || bytes == 0)
3f5285e8
JM		 1711 return;
1712 bytes /= 2;
1713 tmp = os_realloc(res->ie, res->ie_len + bytes);
1714 if (tmp == NULL)
1715 return;
1716 hexstr2bin(spos, tmp + res->ie_len, bytes);
1717 res->ie = tmp;
1718 res->ie_len += bytes;
1719 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) {
1720 char *spos;
1721 int bytes;
1722 u8 bin[8];
1723 spos = custom + 4;
1724 bytes = custom + clen - spos;
1725 if (bytes != 16) {
1726 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
1727 return;
1728 }
1729 bytes /= 2;
1730 hexstr2bin(spos, bin, bytes);
1731 res->res.tsf += WPA_GET_BE64(bin);
1732 }
1733}
1734
1735
1736static int wext_19_iw_point(struct wpa_driver_nl80211_data *drv, u16 cmd)
1737{
1738 return drv->we_version_compiled > 18 &&
1739 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE ||
1740 cmd == IWEVGENIE || cmd == IWEVCUSTOM);
1741}
1742
1743
1744static void wpa_driver_nl80211_add_scan_entry(struct wpa_scan_results *res,
1745 struct wext_scan_data *data)
1746{
1747 struct wpa_scan_res **tmp;
1748 struct wpa_scan_res *r;
1749 size_t extra_len;
1750 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL;
1751
1752 /* Figure out whether we need to fake any IEs */
1753 pos = data->ie;
1754 end = pos + data->ie_len;
1755 while (pos && pos + 1 < end) {
1756 if (pos + 2 + pos[1] > end)
1757 break;
1758 if (pos[0] == WLAN_EID_SSID)
1759 ssid_ie = pos;
1760 else if (pos[0] == WLAN_EID_SUPP_RATES)
1761 rate_ie = pos;
1762 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES)
1763 rate_ie = pos;
1764 pos += 2 + pos[1];
1765 }
1766
1767 extra_len = 0;
1768 if (ssid_ie == NULL)
1769 extra_len += 2 + data->ssid_len;
1770 if (rate_ie == NULL && data->maxrate)
1771 extra_len += 3;
1772
1773 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len);
1774 if (r == NULL)
1775 return;
1776 os_memcpy(r, &data->res, sizeof(*r));
1777 r->ie_len = extra_len + data->ie_len;
1778 pos = (u8 *) (r + 1);
1779 if (ssid_ie == NULL) {
1780 /*
1781 * Generate a fake SSID IE since the driver did not report
1782 * a full IE list.
1783 */
1784 *pos++ = WLAN_EID_SSID;
1785 *pos++ = data->ssid_len;
1786 os_memcpy(pos, data->ssid, data->ssid_len);
1787 pos += data->ssid_len;
1788 }
1789 if (rate_ie == NULL && data->maxrate) {
1790 /*
1791 * Generate a fake Supported Rates IE since the driver did not
1792 * report a full IE list.
1793 */
1794 *pos++ = WLAN_EID_SUPP_RATES;
1795 *pos++ = 1;
1796 *pos++ = data->maxrate;
1797 }
1798 if (data->ie)
1799 os_memcpy(pos, data->ie, data->ie_len);
1800
1801 tmp = os_realloc(res->res,
1802 (res->num + 1) * sizeof(struct wpa_scan_res *));
1803 if (tmp == NULL) {
1804 os_free(r);
1805 return;
1806 }
1807 tmp[res->num++] = r;
1808 res->res = tmp;
1809}
1810
1811
1812/**
1813 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
1814 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
1815 * Returns: Scan results on success, -1 on failure
1816 */
1817struct wpa_scan_results * wpa_driver_nl80211_get_scan_results(void *priv)
1818{
1819 struct wpa_driver_nl80211_data *drv = priv;
1820 size_t ap_num = 0, len;
1821 int first;
1822 u8 *res_buf;
1823 struct iw_event iwe_buf, *iwe = &iwe_buf;
1824 char *pos, *end, *custom;
1825 struct wpa_scan_results *res;
1826 struct wext_scan_data data;
1827
1828 res_buf = wpa_driver_nl80211_giwscan(drv, &len);
1829 if (res_buf == NULL)
1830 return NULL;
1831
1832 ap_num = 0;
1833 first = 1;
1834
1835 res = os_zalloc(sizeof(*res));
1836 if (res == NULL) {
1837 os_free(res_buf);
1838 return NULL;
1839 }
1840
1841 pos = (char *) res_buf;
1842 end = (char *) res_buf + len;
1843 os_memset(&data, 0, sizeof(data));
1844
1845 while (pos + IW_EV_LCP_LEN <= end) {
1846 /* Event data may be unaligned, so make a local, aligned copy
1847 * before processing. */
1848 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1849 if (iwe->len <= IW_EV_LCP_LEN)
1850 break;
1851
1852 custom = pos + IW_EV_POINT_LEN;
1853 if (wext_19_iw_point(drv, iwe->cmd)) {
1854 /* WE-19 removed the pointer from struct iw_point */
1855 char *dpos = (char *) &iwe_buf.u.data.length;
1856 int dlen = dpos - (char *) &iwe_buf;
1857 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1858 sizeof(struct iw_event) - dlen);
1859 } else {
1860 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1861 custom += IW_EV_POINT_OFF;
1862 }
1863
1864 switch (iwe->cmd) {
1865 case SIOCGIWAP:
1866 if (!first)
1867 wpa_driver_nl80211_add_scan_entry(res, &data);
1868 first = 0;
1869 os_free(data.ie);
1870 os_memset(&data, 0, sizeof(data));
1871 os_memcpy(data.res.bssid,
1872 iwe->u.ap_addr.sa_data, ETH_ALEN);
1873 break;
1874 case SIOCGIWMODE:
1875 wext_get_scan_mode(iwe, &data);
1876 break;
1877 case SIOCGIWESSID:
1878 wext_get_scan_ssid(iwe, &data, custom, end);
1879 break;
1880 case SIOCGIWFREQ:
1881 wext_get_scan_freq(iwe, &data);
1882 break;
1883 case IWEVQUAL:
1884 wext_get_scan_qual(iwe, &data);
1885 break;
1886 case SIOCGIWENCODE:
1887 wext_get_scan_encode(iwe, &data);
1888 break;
1889 case SIOCGIWRATE:
1890 wext_get_scan_rate(iwe, &data, pos, end);
1891 break;
1892 case IWEVGENIE:
1893 wext_get_scan_iwevgenie(iwe, &data, custom, end);
1894 break;
1895 case IWEVCUSTOM:
1896 wext_get_scan_custom(iwe, &data, custom, end);
1897 break;
1898 }
1899
1900 pos += iwe->len;
1901 }
1902 os_free(res_buf);
1903 res_buf = NULL;
1904 if (!first)
1905 wpa_driver_nl80211_add_scan_entry(res, &data);
1906 os_free(data.ie);
1907
1908 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1909 (unsigned long) len, (unsigned long) res->num);
1910
1911 return res;
1912}
1913
1914
1915static int wpa_driver_nl80211_get_range(void *priv)
1916{
1917 struct wpa_driver_nl80211_data *drv = priv;
1918 struct iw_range *range;
1919 struct iwreq iwr;
1920 int minlen;
1921 size_t buflen;
1922
1923 /*
1924 * Use larger buffer than struct iw_range in order to allow the
1925 * structure to grow in the future.
1926 */
1927 buflen = sizeof(struct iw_range) + 500;
1928 range = os_zalloc(buflen);
1929 if (range == NULL)
1930 return -1;
1931
1932 os_memset(&iwr, 0, sizeof(iwr));
1933 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1934 iwr.u.data.pointer = (caddr_t) range;
1935 iwr.u.data.length = buflen;
1936
1937 minlen = ((char *) &range->enc_capa) - (char *) range +
1938 sizeof(range->enc_capa);
1939
1940 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1941 perror("ioctl[SIOCGIWRANGE]");
1942 os_free(range);
1943 return -1;
1944 } else if (iwr.u.data.length >= minlen &&
1945 range->we_version_compiled >= 18) {
1946 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1947 "WE(source)=%d enc_capa=0x%x",
1948 range->we_version_compiled,
1949 range->we_version_source,
1950 range->enc_capa);
1951 drv->has_capability = 1;
1952 drv->we_version_compiled = range->we_version_compiled;
1953 if (range->enc_capa & IW_ENC_CAPA_WPA) {
1954 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1955 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1956 }
1957 if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1958 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1959 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1960 }
1961 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1962 WPA_DRIVER_CAPA_ENC_WEP104;
1963 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1964 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1965 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1966 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1967 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x",
1968 drv->capa.key_mgmt, drv->capa.enc);
1969 } else {
1970 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1971 "assuming WPA is not supported");
1972 }
1973
1974 os_free(range);
1975 return 0;
1976}
1977
1978
1979static int wpa_driver_nl80211_set_wpa(void *priv, int enabled)
1980{
1981 struct wpa_driver_nl80211_data *drv = priv;
1982 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1983
1984 return wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_WPA_ENABLED,
1985 enabled);
1986}
1987
1988
1989static int wpa_driver_nl80211_set_key(void *priv, wpa_alg alg,
1990 const u8 *addr, int key_idx,
1991 int set_tx, const u8 *seq,
1992 size_t seq_len,
1993 const u8 *key, size_t key_len)
1994{
1995 struct wpa_driver_nl80211_data *drv = priv;
6241fcb1 1996 int err;
3f5285e8
JM		 1997 struct nl_msg *msg;
1998
1999 wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%p key_idx=%d set_tx=%d "
2000 "seq_len=%lu key_len=%lu",
2001 __func__, alg, addr, key_idx, set_tx,
2002 (unsigned long) seq_len, (unsigned long) key_len);
2003
2004 msg = nlmsg_alloc();
2005 if (msg == NULL)
2006 return -1;
2007
2008 if (alg == WPA_ALG_NONE) {
2009 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2010 NL80211_CMD_DEL_KEY, 0);
2011 } else {
2012 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2013 NL80211_CMD_NEW_KEY, 0);
2014 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
2015 switch (alg) {
2016 case WPA_ALG_WEP:
2017 if (key_len == 5)
2018 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2019 0x000FAC01);
2020 else
2021 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2022 0x000FAC05);
2023 break;
2024 case WPA_ALG_TKIP:
2025 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC02);
2026 break;
2027 case WPA_ALG_CCMP:
2028 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC04);
2029 break;
2030 default:
2031 nlmsg_free(msg);
2032 return -1;
2033 }
2034 }
2035
2036 if (addr && os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
2037 {
2038 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
2039 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
2040 }
2041 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
2042 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2043
6241fcb1
JM		 2044 err = send_and_recv_msgs(drv, msg, NULL, NULL);
2045 if (err) {
3f5285e8 2046 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d", err);
3f5285e8
JM		 2047 return -1;
2048 }
2049
2050 if (set_tx && alg != WPA_ALG_NONE) {
3f5285e8
JM		 2051 msg = nlmsg_alloc();
2052 if (msg == NULL)
2053 return -1;
2054
2055 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2056 0, NL80211_CMD_SET_KEY, 0);
2057 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
2058 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2059 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
2060
6241fcb1
JM		 2061 err = send_and_recv_msgs(drv, msg, NULL, NULL);
2062 if (err) {
3f5285e8
JM		 2063 wpa_printf(MSG_DEBUG, "nl80211: set default key "
2064 "failed; err=%d", err);
3f5285e8
JM		 2065 return -1;
2066 }
2067 }
2068
6241fcb1 2069 return 0;
3f5285e8
JM		 2070
2071nla_put_failure:
6241fcb1 2072 return -ENOBUFS;
3f5285e8
JM		 2073}
2074
2075
2076static int wpa_driver_nl80211_set_countermeasures(void *priv,
2077 int enabled)
2078{
2079 struct wpa_driver_nl80211_data *drv = priv;
2080 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2081 return wpa_driver_nl80211_set_auth_param(drv,
2082 IW_AUTH_TKIP_COUNTERMEASURES,
2083 enabled);
2084}
2085
2086
2087static int wpa_driver_nl80211_set_drop_unencrypted(void *priv,
2088 int enabled)
2089{
2090 struct wpa_driver_nl80211_data *drv = priv;
2091 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2092 drv->use_crypt = enabled;
2093 return wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
2094 enabled);
2095}
2096
2097
2098static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
2099 const u8 *addr, int cmd, int reason_code)
2100{
2101 struct iwreq iwr;
2102 struct iw_mlme mlme;
2103 int ret = 0;
2104
2105 os_memset(&iwr, 0, sizeof(iwr));
2106 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2107 os_memset(&mlme, 0, sizeof(mlme));
2108 mlme.cmd = cmd;
2109 mlme.reason_code = reason_code;
2110 mlme.addr.sa_family = ARPHRD_ETHER;
2111 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
2112 iwr.u.data.pointer = (caddr_t) &mlme;
2113 iwr.u.data.length = sizeof(mlme);
2114
2115 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
2116 perror("ioctl[SIOCSIWMLME]");
2117 ret = -1;
2118 }
2119
2120 return ret;
2121}
2122
2123
2124static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
2125 int reason_code)
2126{
2127 struct wpa_driver_nl80211_data *drv = priv;
2128 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2129 return wpa_driver_nl80211_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
2130}
2131
2132
2133static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
2134 int reason_code)
2135{
2136 struct wpa_driver_nl80211_data *drv = priv;
2137 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2138 return wpa_driver_nl80211_mlme(drv, addr, IW_MLME_DISASSOC,
2139 reason_code);
2140}
2141
2142
2143static int wpa_driver_nl80211_set_gen_ie(void *priv, const u8 *ie,
2144 size_t ie_len)
2145{
2146 struct wpa_driver_nl80211_data *drv = priv;
2147 struct iwreq iwr;
2148 int ret = 0;
2149
2150 os_memset(&iwr, 0, sizeof(iwr));
2151 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2152 iwr.u.data.pointer = (caddr_t) ie;
2153 iwr.u.data.length = ie_len;
2154
2155 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
2156 perror("ioctl[SIOCSIWGENIE]");
2157 ret = -1;
2158 }
2159
2160 return ret;
2161}
2162
2163
2164static int wpa_driver_nl80211_cipher2wext(int cipher)
2165{
2166 switch (cipher) {
2167 case CIPHER_NONE:
2168 return IW_AUTH_CIPHER_NONE;
2169 case CIPHER_WEP40:
2170 return IW_AUTH_CIPHER_WEP40;
2171 case CIPHER_TKIP:
2172 return IW_AUTH_CIPHER_TKIP;
2173 case CIPHER_CCMP:
2174 return IW_AUTH_CIPHER_CCMP;
2175 case CIPHER_WEP104:
2176 return IW_AUTH_CIPHER_WEP104;
2177 default:
2178 return 0;
2179 }
2180}
2181
2182
2183static int wpa_driver_nl80211_keymgmt2wext(int keymgmt)
2184{
2185 switch (keymgmt) {
2186 case KEY_MGMT_802_1X:
2187 case KEY_MGMT_802_1X_NO_WPA:
2188 return IW_AUTH_KEY_MGMT_802_1X;
2189 case KEY_MGMT_PSK:
2190 return IW_AUTH_KEY_MGMT_PSK;
2191 default:
2192 return 0;
2193 }
2194}
2195
2196
2197static int
2198wpa_driver_nl80211_auth_alg_fallback(struct wpa_driver_nl80211_data *drv,
2199 struct wpa_driver_associate_params *params)
2200{
2201 struct iwreq iwr;
2202 int ret = 0;
2203
2204 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
2205 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
2206
2207 os_memset(&iwr, 0, sizeof(iwr));
2208 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2209 /* Just changing mode, not actual keys */
2210 iwr.u.encoding.flags = 0;
2211 iwr.u.encoding.pointer = (caddr_t) NULL;
2212 iwr.u.encoding.length = 0;
2213
2214 /*
2215 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
2216 * different things. Here they are used to indicate Open System vs.
2217 * Shared Key authentication algorithm. However, some drivers may use
2218 * them to select between open/restricted WEP encrypted (open = allow
2219 * both unencrypted and encrypted frames; restricted = only allow
2220 * encrypted frames).
2221 */
2222
2223 if (!drv->use_crypt) {
2224 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
2225 } else {
2226 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
2227 iwr.u.encoding.flags |= IW_ENCODE_OPEN;
2228 if (params->auth_alg & AUTH_ALG_SHARED_KEY)
2229 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
2230 }
2231
2232 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
2233 perror("ioctl[SIOCSIWENCODE]");
2234 ret = -1;
2235 }
2236
2237 return ret;
2238}
2239
2240
2241static int wpa_driver_nl80211_associate(
2242 void *priv, struct wpa_driver_associate_params *params)
2243{
2244 struct wpa_driver_nl80211_data *drv = priv;
2245 int ret = 0;
2246 int allow_unencrypted_eapol;
2247 int value;
2248
2249 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
2250
2251 /*
2252 * If the driver did not support SIOCSIWAUTH, fallback to
2253 * SIOCSIWENCODE here.
2254 */
2255 if (drv->auth_alg_fallback &&
2256 wpa_driver_nl80211_auth_alg_fallback(drv, params) < 0)
2257 ret = -1;
2258
2259 if (!params->bssid &&
2260 wpa_driver_nl80211_set_bssid(drv, NULL) < 0)
2261 ret = -1;
2262
3f5285e8
JM		 2263 /* TODO: should consider getting wpa version and cipher/key_mgmt suites
2264 * from configuration, not from here, where only the selected suite is
2265 * available */
2266 if (wpa_driver_nl80211_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
2267 < 0)
2268 ret = -1;
2269 if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
2270 value = IW_AUTH_WPA_VERSION_DISABLED;
2271 else if (params->wpa_ie[0] == WLAN_EID_RSN)
2272 value = IW_AUTH_WPA_VERSION_WPA2;
2273 else
2274 value = IW_AUTH_WPA_VERSION_WPA;
2275 if (wpa_driver_nl80211_set_auth_param(drv,
2276 IW_AUTH_WPA_VERSION, value) < 0)
2277 ret = -1;
2278 value = wpa_driver_nl80211_cipher2wext(params->pairwise_suite);
2279 if (wpa_driver_nl80211_set_auth_param(drv,
2280 IW_AUTH_CIPHER_PAIRWISE, value) < 0)
2281 ret = -1;
2282 value = wpa_driver_nl80211_cipher2wext(params->group_suite);
2283 if (wpa_driver_nl80211_set_auth_param(drv,
2284 IW_AUTH_CIPHER_GROUP, value) < 0)
2285 ret = -1;
2286 value = wpa_driver_nl80211_keymgmt2wext(params->key_mgmt_suite);
2287 if (wpa_driver_nl80211_set_auth_param(drv,
2288 IW_AUTH_KEY_MGMT, value) < 0)
2289 ret = -1;
2290 value = params->key_mgmt_suite != KEY_MGMT_NONE ||
2291 params->pairwise_suite != CIPHER_NONE ||
2292 params->group_suite != CIPHER_NONE ||
2293 params->wpa_ie_len;
2294 if (wpa_driver_nl80211_set_auth_param(drv,
2295 IW_AUTH_PRIVACY_INVOKED, value) < 0)
2296 ret = -1;
2297
2298 /* Allow unencrypted EAPOL messages even if pairwise keys are set when
2299 * not using WPA. IEEE 802.1X specifies that these frames are not
2300 * encrypted, but WPA encrypts them when pairwise keys are in use. */
2301 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
2302 params->key_mgmt_suite == KEY_MGMT_PSK)
2303 allow_unencrypted_eapol = 0;
2304 else
2305 allow_unencrypted_eapol = 1;
2306
2307 if (wpa_driver_nl80211_set_auth_param(drv,
2308 IW_AUTH_RX_UNENCRYPTED_EAPOL,
2309 allow_unencrypted_eapol) < 0)
2310 ret = -1;
2311 if (params->freq && wpa_driver_nl80211_set_freq(drv, params->freq) < 0)
2312 ret = -1;
2313 if (wpa_driver_nl80211_set_ssid(drv, params->ssid, params->ssid_len) < 0)
2314 ret = -1;
2315 if (params->bssid &&
2316 wpa_driver_nl80211_set_bssid(drv, params->bssid) < 0)
2317 ret = -1;
2318
2319 return ret;
2320}
2321
2322
2323static int wpa_driver_nl80211_set_auth_alg(void *priv, int auth_alg)
2324{
2325 struct wpa_driver_nl80211_data *drv = priv;
2326 int algs = 0, res;
2327
2328 if (auth_alg & AUTH_ALG_OPEN_SYSTEM)
2329 algs |= IW_AUTH_ALG_OPEN_SYSTEM;
2330 if (auth_alg & AUTH_ALG_SHARED_KEY)
2331 algs |= IW_AUTH_ALG_SHARED_KEY;
2332 if (auth_alg & AUTH_ALG_LEAP)
2333 algs |= IW_AUTH_ALG_LEAP;
2334 if (algs == 0) {
2335 /* at least one algorithm should be set */
2336 algs = IW_AUTH_ALG_OPEN_SYSTEM;
2337 }
2338
2339 res = wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
2340 algs);
2341 drv->auth_alg_fallback = res == -2;
2342 return res;
2343}
2344
2345
2346/**
2347 * wpa_driver_nl80211_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
2348 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
2349 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2350 * Returns: 0 on success, -1 on failure
2351 */
2352static int wpa_driver_nl80211_set_mode(void *priv, int mode)
2353{
2354 struct wpa_driver_nl80211_data *drv = priv;
2355 int ret = -1, flags;
2356 struct nl_msg *msg;
2357
2358 msg = nlmsg_alloc();
2359 if (!msg)
2360 return -1;
2361
2362 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2363 0, NL80211_CMD_SET_INTERFACE, 0);
2364 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
0a4e6cbf
JM		 2365 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE,
2366 mode ? NL80211_IFTYPE_ADHOC : NL80211_IFTYPE_STATION);
3f5285e8 2367
6241fcb1
JM		 2368 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2369 if (!ret)
2370 return 0;
2371 else
3f5285e8
JM		 2372 goto try_again;
2373
3f5285e8 2374nla_put_failure:
6241fcb1 2375 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface mode");
3f5285e8
JM		 2376 return -1;
2377
2378try_again:
2379 /* mac80211 doesn't allow mode changes while the device is up, so
2380 * take the device down, try to set the mode again, and bring the
2381 * device back up.
2382 */
2383 if (wpa_driver_nl80211_get_ifflags(drv, &flags) == 0) {
2384 (void) wpa_driver_nl80211_set_ifflags(drv, flags & ~IFF_UP);
2385
2386 /* Try to set the mode again while the interface is down */
6241fcb1
JM		 2387 msg = nlmsg_alloc();
2388 if (!msg)
2389 return -1;
2390
2391 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2392 0, NL80211_CMD_SET_INTERFACE, 0);
2393 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2394 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE,
2395 mode ? NL80211_IFTYPE_ADHOC :
2396 NL80211_IFTYPE_STATION);
2397 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2398 if (ret) {
3f5285e8
JM		 2399 wpa_printf(MSG_ERROR, "Failed to set interface %s "
2400 "mode", drv->ifname);
6241fcb1 2401 }
3f5285e8
JM		 2402
2403 /* Ignore return value of get_ifflags to ensure that the device
2404 * is always up like it was before this function was called.
2405 */
2406 (void) wpa_driver_nl80211_get_ifflags(drv, &flags);
2407 (void) wpa_driver_nl80211_set_ifflags(drv, flags | IFF_UP);
2408 }
2409
3f5285e8
JM		 2410 return ret;
2411}
2412
2413
2414static int wpa_driver_nl80211_pmksa(struct wpa_driver_nl80211_data *drv,
2415 u32 cmd, const u8 *bssid, const u8 *pmkid)
2416{
2417 struct iwreq iwr;
2418 struct iw_pmksa pmksa;
2419 int ret = 0;
2420
2421 os_memset(&iwr, 0, sizeof(iwr));
2422 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2423 os_memset(&pmksa, 0, sizeof(pmksa));
2424 pmksa.cmd = cmd;
2425 pmksa.bssid.sa_family = ARPHRD_ETHER;
2426 if (bssid)
2427 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2428 if (pmkid)
2429 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2430 iwr.u.data.pointer = (caddr_t) &pmksa;
2431 iwr.u.data.length = sizeof(pmksa);
2432
2433 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2434 if (errno != EOPNOTSUPP)
2435 perror("ioctl[SIOCSIWPMKSA]");
2436 ret = -1;
2437 }
2438
2439 return ret;
2440}
2441
2442
2443static int wpa_driver_nl80211_add_pmkid(void *priv, const u8 *bssid,
2444 const u8 *pmkid)
2445{
2446 struct wpa_driver_nl80211_data *drv = priv;
2447 return wpa_driver_nl80211_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
2448}
2449
2450
2451static int wpa_driver_nl80211_remove_pmkid(void *priv, const u8 *bssid,
2452 const u8 *pmkid)
2453{
2454 struct wpa_driver_nl80211_data *drv = priv;
2455 return wpa_driver_nl80211_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
2456}
2457
2458
2459static int wpa_driver_nl80211_flush_pmkid(void *priv)
2460{
2461 struct wpa_driver_nl80211_data *drv = priv;
2462 return wpa_driver_nl80211_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2463}
2464
2465
2466static int wpa_driver_nl80211_get_capa(void *priv,
2467 struct wpa_driver_capa *capa)
2468{
2469 struct wpa_driver_nl80211_data *drv = priv;
2470 if (!drv->has_capability)
2471 return -1;
2472 os_memcpy(capa, &drv->capa, sizeof(*capa));
2473 return 0;
2474}
2475
2476
2477static int wpa_driver_nl80211_set_operstate(void *priv, int state)
2478{
2479 struct wpa_driver_nl80211_data *drv = priv;
2480
2481 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2482 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2483 drv->operstate = state;
2484 return wpa_driver_nl80211_send_oper_ifla(
2485 drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT);
2486}
2487
2488
1c873584
JM		 2489#ifdef CONFIG_CLIENT_MLME
2490static int wpa_driver_nl80211_open_mlme(struct wpa_driver_nl80211_data *drv)
2491{
2492 if (wpa_driver_nl80211_set_userspace_mlme(drv, 1) < 0) {
2493 wpa_printf(MSG_ERROR, "nl80211: Failed to enable userspace "
2494 "MLME");
2495 return -1;
2496 }
2497 if (wpa_driver_nl80211_create_monitor_interface(drv)) {
2498 wpa_printf(MSG_ERROR, "nl80211: Failed to create monitor "
2499 "interface");
2500 return -1;
2501 }
2502 return 0;
2503}
2504#endif /* CONFIG_CLIENT_MLME */
2505
2506
2507static int wpa_driver_nl80211_set_param(void *priv, const char *param)
2508{
2509#ifdef CONFIG_CLIENT_MLME
2510 struct wpa_driver_nl80211_data *drv = priv;
2511
2512 if (param == NULL)
2513 return 0;
2514
2515 wpa_printf(MSG_DEBUG, "%s: param='%s'", __func__, param);
2516
2517 if (os_strstr(param, "use_mlme=1")) {
2518 wpa_printf(MSG_DEBUG, "nl80211: Using user space MLME");
2519 drv->capa.flags |= WPA_DRIVER_FLAGS_USER_SPACE_MLME;
2520
2521 if (wpa_driver_nl80211_open_mlme(drv))
2522 return -1;
2523 }
2524#endif /* CONFIG_CLIENT_MLME */
2525
2526 return 0;
2527}
2528
2529
2530#ifdef CONFIG_CLIENT_MLME
2531
1c873584
JM		 2532struct phy_info_arg {
2533 u16 *num_modes;
2534 struct wpa_hw_modes *modes;
1c873584
JM		 2535};
2536
2537
2538static int phy_info_handler(struct nl_msg *msg, void *arg)
2539{
2540 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
2541 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2542 struct phy_info_arg *phy_info = arg;
2543
2544 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
2545
2546 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
2547 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1]
2548 = {
2549 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
2550 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
2551 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
2552 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
2553 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
2554 };
2555
2556 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
2557 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
2558 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
2559 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] =
2560 { .type = NLA_FLAG },
2561 };
2562
2563 struct nlattr *nl_band;
2564 struct nlattr *nl_freq;
2565 struct nlattr *nl_rate;
2566 int rem_band, rem_freq, rem_rate;
2567 struct wpa_hw_modes *mode;
2568 int idx, mode_is_set;
2569
2570 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2571 genlmsg_attrlen(gnlh, 0), NULL);
2572
2573 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
2574 return NL_SKIP;
2575
2576 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS],
2577 rem_band) {
2578 mode = os_realloc(phy_info->modes,
2579 (*phy_info->num_modes + 1) * sizeof(*mode));
2580 if (!mode)
2581 return NL_SKIP;
2582 phy_info->modes = mode;
2583
2584 mode_is_set = 0;
2585
2586 mode = &phy_info->modes[*(phy_info->num_modes)];
2587 os_memset(mode, 0, sizeof(*mode));
2588 *(phy_info->num_modes) += 1;
2589
2590 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
2591 nla_len(nl_band), NULL);
2592
2593 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS],
2594 rem_freq) {
2595 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX,
2596 nla_data(nl_freq), nla_len(nl_freq),
2597 freq_policy);
2598 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
2599 continue;
2600 mode->num_channels++;
2601 }
2602
2603 mode->channels = os_zalloc(mode->num_channels *
2604 sizeof(struct wpa_channel_data));
2605 if (!mode->channels)
2606 return NL_SKIP;
2607
2608 idx = 0;
2609
2610 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS],
2611 rem_freq) {
2612 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX,
2613 nla_data(nl_freq), nla_len(nl_freq),
2614 freq_policy);
2615 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
2616 continue;
2617
2618 mode->channels[idx].freq = nla_get_u32(
2619 tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
2620 mode->channels[idx].flag |= WPA_CHAN_W_SCAN |
2621 WPA_CHAN_W_ACTIVE_SCAN |
2622 WPA_CHAN_W_IBSS;
2623
2624 if (!mode_is_set) {
2625 /* crude heuristic */
2626 if (mode->channels[idx].freq < 4000)
2627 mode->mode = WPA_MODE_IEEE80211B;
2628 else
2629 mode->mode = WPA_MODE_IEEE80211A;
2630 mode_is_set = 1;
2631 }
2632
2633 /* crude heuristic */
2634 if (mode->channels[idx].freq < 4000) {
2635 if (mode->channels[idx].freq == 2848)
2636 mode->channels[idx].chan = 14;
2637 else
2638 mode->channels[idx].chan =
2639 (mode->channels[idx].freq -
2640 2407) / 5;
2641 } else
2642 mode->channels[idx].chan =
2643 mode->channels[idx].freq / 5 - 1000;
2644
2645 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
2646 mode->channels[idx].flag &= ~WPA_CHAN_W_SCAN;
2647 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
2648 mode->channels[idx].flag &=
2649 ~WPA_CHAN_W_ACTIVE_SCAN;
2650 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
2651 mode->channels[idx].flag &= ~WPA_CHAN_W_IBSS;
2652 idx++;
2653 }
2654
2655 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES],
2656 rem_rate) {
2657 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX,
2658 nla_data(nl_rate), nla_len(nl_rate),
2659 rate_policy);
2660 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
2661 continue;
2662 mode->num_rates++;
2663 }
2664
2665 mode->rates = os_zalloc(mode->num_rates *
2666 sizeof(struct wpa_rate_data));
2667 if (!mode->rates)
2668 return NL_SKIP;
2669
2670 idx = 0;
2671
2672 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES],
2673 rem_rate) {
2674 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX,
2675 nla_data(nl_rate), nla_len(nl_rate),
2676 rate_policy);
2677 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
2678 continue;
2679 mode->rates[idx].rate = nla_get_u32(
2680 tb_rate[NL80211_BITRATE_ATTR_RATE]);
2681
2682 /* crude heuristic */
2683 if (mode->mode == WPA_MODE_IEEE80211B &&
2684 mode->rates[idx].rate > 200)
2685 mode->mode = WPA_MODE_IEEE80211G;
2686
2687 if (tb_rate[NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE])
2688 mode->rates[idx].flags |= WPA_RATE_PREAMBLE2;
2689
2690 idx++;
2691 }
2692 }
2693
1c873584
JM		 2694 return NL_SKIP;
2695}
2696
2697
2698static struct wpa_hw_modes *
2699wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
2700{
2701 struct wpa_driver_nl80211_data *drv = priv;
2702 struct nl_msg *msg;
1c873584
JM		 2703 struct phy_info_arg result = {
2704 .num_modes = num_modes,
2705 .modes = NULL,
1c873584
JM		 2706 };
2707
2708 *num_modes = 0;
2709 *flags = 0;
2710
2711 msg = nlmsg_alloc();
2712 if (!msg)
2713 return NULL;
2714
2715 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2716 0, NL80211_CMD_GET_WIPHY, 0);
2717
2718 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2719
6241fcb1
JM		 2720 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0)
2721 return result.modes;
2722nla_put_failure:
2723 return NULL;
1c873584
JM		 2724}
2725
2726
2727static int wpa_driver_nl80211_set_channel(void *priv, wpa_hw_mode phymode,
2728 int chan, int freq)
2729{
2730 return wpa_driver_nl80211_set_freq(priv, freq);
2731}
2732
2733
2734static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data,
2735 size_t data_len)
2736{
2737 struct wpa_driver_nl80211_data *drv = priv;
2738 __u8 rtap_hdr[] = {
2739 0x00, 0x00, /* radiotap version */
2740 0x0e, 0x00, /* radiotap length */
2741 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
2742 0x0c, /* F_WEP | F_FRAG (encrypt/fragment if required) */
2743 0x00, /* padding */
2744 0x00, 0x00, /* RX and TX flags to indicate that */
2745 0x00, 0x00, /* this is the injected frame directly */
2746 };
2747 struct iovec iov[2] = {
2748 {
2749 .iov_base = &rtap_hdr,
2750 .iov_len = sizeof(rtap_hdr),
2751 },
2752 {
2753 .iov_base = (void *) data,
2754 .iov_len = data_len,
2755 }
2756 };
2757 struct msghdr msg = {
2758 .msg_name = NULL,
2759 .msg_namelen = 0,
2760 .msg_iov = iov,
2761 .msg_iovlen = 2,
2762 .msg_control = NULL,
2763 .msg_controllen = 0,
2764 .msg_flags = 0,
2765 };
2766
2767 if (sendmsg(drv->monitor_sock, &msg, 0) < 0) {
2768 perror("send[MLME]");
2769 return -1;
2770 }
2771
2772 return 0;
2773}
2774
3c83f19c
JM		 2775
2776static int wpa_driver_nl80211_mlme_add_sta(void *priv, const u8 *addr,
2777 const u8 *supp_rates,
2778 size_t supp_rates_len)
2779{
2780 struct wpa_driver_nl80211_data *drv = priv;
2781 struct nl_msg *msg;
2782 int ret = -1;
2783
2784 msg = nlmsg_alloc();
2785 if (!msg)
6241fcb1 2786 return -ENOMEM;
3c83f19c
JM		 2787
2788 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2789 0, NL80211_CMD_NEW_STATION, 0);
2790
2791 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2792 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
2793 /* TODO: Get proper Association ID and listen interval */
2794 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, 1);
2795 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, supp_rates_len,
2796 supp_rates);
2797 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 1);
2798
6241fcb1 2799 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3c83f19c
JM		 2800 /* ignore EEXIST, this happens if a STA associates while associated */
2801 if (ret == -EEXIST || ret >= 0)
2802 ret = 0;
2803
6241fcb1 2804nla_put_failure:
3c83f19c
JM		 2805 return ret;
2806}
2807
2808
2809static int wpa_driver_nl80211_mlme_remove_sta(void *priv, const u8 *addr)
2810{
2811 struct wpa_driver_nl80211_data *drv = priv;
2812 struct nl_msg *msg;
2813 int ret = -1;
2814
2815 msg = nlmsg_alloc();
2816 if (!msg)
6241fcb1 2817 return -ENOMEM;
3c83f19c
JM		 2818
2819 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2820 0, NL80211_CMD_DEL_STATION, 0);
2821
2822 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2823 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
2824
2825 ret = 0;
2826
6241fcb1 2827 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3c83f19c 2828 return ret;
6241fcb1
JM		 2829
2830nla_put_failure:
2831 return -ENOBUFS;
3c83f19c
JM		 2832}
2833
1c873584
JM		 2834#endif /* CONFIG_CLIENT_MLME */
2835
2836
3f5285e8
JM		 2837const struct wpa_driver_ops wpa_driver_nl80211_ops = {
2838 .name = "nl80211",
2839 .desc = "Linux nl80211/cfg80211",
2840 .get_bssid = wpa_driver_nl80211_get_bssid,
2841 .get_ssid = wpa_driver_nl80211_get_ssid,
2842 .set_wpa = wpa_driver_nl80211_set_wpa,
2843 .set_key = wpa_driver_nl80211_set_key,
2844 .set_countermeasures = wpa_driver_nl80211_set_countermeasures,
2845 .set_drop_unencrypted = wpa_driver_nl80211_set_drop_unencrypted,
2846 .scan = wpa_driver_nl80211_scan,
2847 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
2848 .deauthenticate = wpa_driver_nl80211_deauthenticate,
2849 .disassociate = wpa_driver_nl80211_disassociate,
ec5f180a 2850 .set_mode = wpa_driver_nl80211_set_mode,
3f5285e8
JM		 2851 .associate = wpa_driver_nl80211_associate,
2852 .set_auth_alg = wpa_driver_nl80211_set_auth_alg,
2853 .init = wpa_driver_nl80211_init,
2854 .deinit = wpa_driver_nl80211_deinit,
1c873584 2855 .set_param = wpa_driver_nl80211_set_param,
3f5285e8
JM		 2856 .add_pmkid = wpa_driver_nl80211_add_pmkid,
2857 .remove_pmkid = wpa_driver_nl80211_remove_pmkid,
2858 .flush_pmkid = wpa_driver_nl80211_flush_pmkid,
2859 .get_capa = wpa_driver_nl80211_get_capa,
2860 .set_operstate = wpa_driver_nl80211_set_operstate,
1c873584
JM		 2861#ifdef CONFIG_CLIENT_MLME
2862 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
2863 .set_channel = wpa_driver_nl80211_set_channel,
2864 .set_ssid = wpa_driver_nl80211_set_ssid,
2865 .set_bssid = wpa_driver_nl80211_set_bssid,
2866 .send_mlme = wpa_driver_nl80211_send_mlme,
3c83f19c
JM		 2867 .mlme_add_sta = wpa_driver_nl80211_mlme_add_sta,
2868 .mlme_remove_sta = wpa_driver_nl80211_mlme_remove_sta,
1c873584 2869#endif /* CONFIG_CLIENT_MLME */
3f5285e8 2870};
Unnamed repository; edit this file 'description' to name the repository.