2 * WPA Supplicant / UDP socket -based control interface
3 * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
14 #include "eapol_supp/eapol_supp_sm.h"
15 #include "wpa_supplicant_i.h"
16 #include "ctrl_iface.h"
17 #include "common/wpa_ctrl.h"
22 /* Per-interface ctrl_iface */
25 * struct wpa_ctrl_dst - Internal data structure of control interface monitors
27 * This structure is used to store information about registered control
28 * interface monitors into struct wpa_supplicant. This data is private to
29 * ctrl_iface_udp.c and should not be touched directly from other files.
32 struct wpa_ctrl_dst
*next
;
33 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
34 struct sockaddr_in6 addr
;
35 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
36 struct sockaddr_in addr
;
37 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
44 struct ctrl_iface_priv
{
45 struct wpa_supplicant
*wpa_s
;
47 struct wpa_ctrl_dst
*ctrl_dst
;
48 u8 cookie
[COOKIE_LEN
];
52 static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv
*priv
,
53 int level
, const char *buf
,
57 static int wpa_supplicant_ctrl_iface_attach(struct ctrl_iface_priv
*priv
,
58 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
59 struct sockaddr_in6
*from
,
60 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
61 struct sockaddr_in
*from
,
62 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
65 struct wpa_ctrl_dst
*dst
;
66 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
67 char addr
[INET6_ADDRSTRLEN
];
68 #endif /* CONFIG_UDP_IPV6 */
70 dst
= os_zalloc(sizeof(*dst
));
73 os_memcpy(&dst
->addr
, from
, sizeof(*from
));
74 dst
->addrlen
= fromlen
;
75 dst
->debug_level
= MSG_INFO
;
76 dst
->next
= priv
->ctrl_dst
;
78 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
79 wpa_printf(MSG_DEBUG
, "CTRL_IFACE monitor attached %s:%d",
80 inet_ntop(AF_INET6
, &from
->sin6_addr
, addr
, sizeof(*from
)),
81 ntohs(from
->sin6_port
));
82 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
83 wpa_printf(MSG_DEBUG
, "CTRL_IFACE monitor attached %s:%d",
84 inet_ntoa(from
->sin_addr
), ntohs(from
->sin_port
));
85 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
90 static int wpa_supplicant_ctrl_iface_detach(struct ctrl_iface_priv
*priv
,
91 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
92 struct sockaddr_in6
*from
,
93 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
94 struct sockaddr_in
*from
,
95 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
98 struct wpa_ctrl_dst
*dst
, *prev
= NULL
;
99 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
100 char addr
[INET6_ADDRSTRLEN
];
101 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
103 dst
= priv
->ctrl_dst
;
105 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
106 if (from
->sin6_port
== dst
->addr
.sin6_port
&&
107 !os_memcmp(&from
->sin6_addr
, &dst
->addr
.sin6_addr
,
108 sizeof(from
->sin6_addr
))) {
109 wpa_printf(MSG_DEBUG
, "CTRL_IFACE monitor detached %s:%d",
110 inet_ntop(AF_INET6
, &from
->sin6_addr
, addr
,
112 ntohs(from
->sin6_port
));
113 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
114 if (from
->sin_addr
.s_addr
== dst
->addr
.sin_addr
.s_addr
&&
115 from
->sin_port
== dst
->addr
.sin_port
) {
116 wpa_printf(MSG_DEBUG
, "CTRL_IFACE monitor detached "
117 "%s:%d", inet_ntoa(from
->sin_addr
),
118 ntohs(from
->sin_port
));
119 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
121 priv
->ctrl_dst
= dst
->next
;
123 prev
->next
= dst
->next
;
134 static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv
*priv
,
135 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
136 struct sockaddr_in6
*from
,
137 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
138 struct sockaddr_in
*from
,
139 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
143 struct wpa_ctrl_dst
*dst
;
144 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
145 char addr
[INET6_ADDRSTRLEN
];
146 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
148 wpa_printf(MSG_DEBUG
, "CTRL_IFACE LEVEL %s", level
);
150 dst
= priv
->ctrl_dst
;
152 #if CONFIG_CTRL_IFACE_UDP_IPV6
153 if (from
->sin6_port
== dst
->addr
.sin6_port
&&
154 !os_memcmp(&from
->sin6_addr
, &dst
->addr
.sin6_addr
,
155 sizeof(from
->sin6_addr
))) {
156 wpa_printf(MSG_DEBUG
, "CTRL_IFACE changed monitor level %s:%d",
157 inet_ntop(AF_INET6
, &from
->sin6_addr
, addr
,
159 ntohs(from
->sin6_port
));
160 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
161 if (from
->sin_addr
.s_addr
== dst
->addr
.sin_addr
.s_addr
&&
162 from
->sin_port
== dst
->addr
.sin_port
) {
163 wpa_printf(MSG_DEBUG
, "CTRL_IFACE changed monitor "
164 "level %s:%d", inet_ntoa(from
->sin_addr
),
165 ntohs(from
->sin_port
));
166 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
167 dst
->debug_level
= atoi(level
);
178 wpa_supplicant_ctrl_iface_get_cookie(struct ctrl_iface_priv
*priv
,
182 reply
= os_malloc(7 + 2 * COOKIE_LEN
+ 1);
188 os_memcpy(reply
, "COOKIE=", 7);
189 wpa_snprintf_hex(reply
+ 7, 2 * COOKIE_LEN
+ 1,
190 priv
->cookie
, COOKIE_LEN
);
192 *reply_len
= 7 + 2 * COOKIE_LEN
;
197 static void wpa_supplicant_ctrl_iface_receive(int sock
, void *eloop_ctx
,
200 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
201 struct ctrl_iface_priv
*priv
= sock_ctx
;
204 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
205 struct sockaddr_in6 from
;
206 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
207 char addr
[INET6_ADDRSTRLEN
];
208 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
209 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
210 struct sockaddr_in from
;
211 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
212 socklen_t fromlen
= sizeof(from
);
214 size_t reply_len
= 0;
215 int new_attached
= 0;
216 u8 cookie
[COOKIE_LEN
];
218 res
= recvfrom(sock
, buf
, sizeof(buf
) - 1, 0,
219 (struct sockaddr
*) &from
, &fromlen
);
221 perror("recvfrom(ctrl_iface)");
225 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
226 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
227 inet_ntop(AF_INET6
, &from
.sin6_addr
, addr
, sizeof(from
));
228 if (os_strcmp(addr
, "::1")) {
229 wpa_printf(MSG_DEBUG
, "CTRL: Drop packet from unexpected source %s",
232 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
233 if (from
.sin_addr
.s_addr
!= htonl((127 << 24) | 1)) {
235 * The OS networking stack is expected to drop this kind of
236 * frames since the socket is bound to only localhost address.
237 * Just in case, drop the frame if it is coming from any other
240 wpa_printf(MSG_DEBUG
, "CTRL: Drop packet from unexpected "
241 "source %s", inet_ntoa(from
.sin_addr
));
244 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
245 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
249 if (os_strcmp(buf
, "GET_COOKIE") == 0) {
250 reply
= wpa_supplicant_ctrl_iface_get_cookie(priv
, &reply_len
);
255 * Require that the client includes a prefix with the 'cookie' value
256 * fetched with GET_COOKIE command. This is used to verify that the
257 * client has access to a bidirectional link over UDP in order to
258 * avoid attacks using forged localhost IP address even if the OS does
259 * not block such frames from remote destinations.
261 if (os_strncmp(buf
, "COOKIE=", 7) != 0) {
262 wpa_printf(MSG_DEBUG
, "CTLR: No cookie in the request - "
267 if (hexstr2bin(buf
+ 7, cookie
, COOKIE_LEN
) < 0) {
268 wpa_printf(MSG_DEBUG
, "CTLR: Invalid cookie format in the "
269 "request - drop request");
273 if (os_memcmp(cookie
, priv
->cookie
, COOKIE_LEN
) != 0) {
274 wpa_printf(MSG_DEBUG
, "CTLR: Invalid cookie in the request - "
279 pos
= buf
+ 7 + 2 * COOKIE_LEN
;
283 if (os_strcmp(pos
, "ATTACH") == 0) {
284 if (wpa_supplicant_ctrl_iface_attach(priv
, &from
, fromlen
))
290 } else if (os_strcmp(pos
, "DETACH") == 0) {
291 if (wpa_supplicant_ctrl_iface_detach(priv
, &from
, fromlen
))
295 } else if (os_strncmp(pos
, "LEVEL ", 6) == 0) {
296 if (wpa_supplicant_ctrl_iface_level(priv
, &from
, fromlen
,
302 reply
= wpa_supplicant_ctrl_iface_process(wpa_s
, pos
,
308 sendto(sock
, reply
, reply_len
, 0, (struct sockaddr
*) &from
,
311 } else if (reply_len
== 1) {
312 sendto(sock
, "FAIL\n", 5, 0, (struct sockaddr
*) &from
,
314 } else if (reply_len
== 2) {
315 sendto(sock
, "OK\n", 3, 0, (struct sockaddr
*) &from
,
320 eapol_sm_notify_ctrl_attached(wpa_s
->eapol
);
324 static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx
, int level
, int global
,
325 const char *txt
, size_t len
)
327 struct wpa_supplicant
*wpa_s
= ctx
;
328 if (wpa_s
== NULL
|| wpa_s
->ctrl_iface
== NULL
)
330 wpa_supplicant_ctrl_iface_send(wpa_s
->ctrl_iface
, level
, txt
, len
);
334 struct ctrl_iface_priv
*
335 wpa_supplicant_ctrl_iface_init(struct wpa_supplicant
*wpa_s
)
337 struct ctrl_iface_priv
*priv
;
338 int port
= WPA_CTRL_IFACE_PORT
;
339 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
340 struct sockaddr_in6 addr
;
341 int domain
= PF_INET6
;
342 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
343 struct sockaddr_in addr
;
344 int domain
= PF_INET
;
345 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
347 priv
= os_zalloc(sizeof(*priv
));
352 os_get_random(priv
->cookie
, COOKIE_LEN
);
354 if (wpa_s
->conf
->ctrl_interface
== NULL
)
357 priv
->sock
= socket(domain
, SOCK_DGRAM
, 0);
358 if (priv
->sock
< 0) {
359 perror("socket(PF_INET)");
363 os_memset(&addr
, 0, sizeof(addr
));
364 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
365 addr
.sin6_family
= AF_INET6
;
366 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
367 addr
.sin6_addr
= in6addr_any
;
368 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
369 inet_pton(AF_INET6
, "::1", &addr
.sin6_addr
);
370 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
371 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
372 addr
.sin_family
= AF_INET
;
373 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
374 addr
.sin_addr
.s_addr
= INADDR_ANY
;
375 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
376 addr
.sin_addr
.s_addr
= htonl((127 << 24) | 1);
377 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
378 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
380 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
381 addr
.sin6_port
= htons(port
);
382 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
383 addr
.sin_port
= htons(port
);
384 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
385 if (bind(priv
->sock
, (struct sockaddr
*) &addr
, sizeof(addr
)) < 0) {
387 if ((WPA_CTRL_IFACE_PORT
- port
) < WPA_CTRL_IFACE_PORT_LIMIT
)
389 perror("bind(AF_INET)");
393 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
394 wpa_msg(wpa_s
, MSG_DEBUG
, "ctrl_iface_init UDP port: %d", port
);
395 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
397 eloop_register_read_sock(priv
->sock
, wpa_supplicant_ctrl_iface_receive
,
399 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb
);
411 void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv
*priv
)
413 struct wpa_ctrl_dst
*dst
, *prev
;
415 if (priv
->sock
> -1) {
416 eloop_unregister_read_sock(priv
->sock
);
417 if (priv
->ctrl_dst
) {
419 * Wait before closing the control socket if
420 * there are any attached monitors in order to allow
421 * them to receive any pending messages.
423 wpa_printf(MSG_DEBUG
, "CTRL_IFACE wait for attached "
424 "monitors to receive messages");
431 dst
= priv
->ctrl_dst
;
441 static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv
*priv
,
442 int level
, const char *buf
,
445 struct wpa_ctrl_dst
*dst
, *next
;
450 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
451 char addr
[INET6_ADDRSTRLEN
];
452 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
454 dst
= priv
->ctrl_dst
;
455 if (priv
->sock
< 0 || dst
== NULL
)
458 os_snprintf(levelstr
, sizeof(levelstr
), "<%d>", level
);
460 llen
= os_strlen(levelstr
);
461 sbuf
= os_malloc(llen
+ len
);
465 os_memcpy(sbuf
, levelstr
, llen
);
466 os_memcpy(sbuf
+ llen
, buf
, len
);
471 if (level
>= dst
->debug_level
) {
472 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
473 wpa_printf(MSG_DEBUG
, "CTRL_IFACE monitor send %s:%d",
474 inet_ntop(AF_INET6
, &dst
->addr
.sin6_addr
,
475 addr
, sizeof(dst
->addr
)),
476 ntohs(dst
->addr
.sin6_port
));
477 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
478 wpa_printf(MSG_DEBUG
, "CTRL_IFACE monitor send %s:%d",
479 inet_ntoa(dst
->addr
.sin_addr
),
480 ntohs(dst
->addr
.sin_port
));
481 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
482 if (sendto(priv
->sock
, sbuf
, llen
+ len
, 0,
483 (struct sockaddr
*) &dst
->addr
,
484 sizeof(dst
->addr
)) < 0) {
485 perror("sendto(CTRL_IFACE monitor)");
487 if (dst
->errors
> 10) {
488 wpa_supplicant_ctrl_iface_detach(
502 void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv
*priv
)
504 wpa_printf(MSG_DEBUG
, "CTRL_IFACE - %s - wait for monitor",
505 priv
->wpa_s
->ifname
);
506 eloop_wait_for_read_sock(priv
->sock
);
510 /* Global ctrl_iface */
512 struct ctrl_iface_global_priv
{
514 u8 cookie
[COOKIE_LEN
];
519 wpa_supplicant_global_get_cookie(struct ctrl_iface_global_priv
*priv
,
523 reply
= os_malloc(7 + 2 * COOKIE_LEN
+ 1);
529 os_memcpy(reply
, "COOKIE=", 7);
530 wpa_snprintf_hex(reply
+ 7, 2 * COOKIE_LEN
+ 1,
531 priv
->cookie
, COOKIE_LEN
);
533 *reply_len
= 7 + 2 * COOKIE_LEN
;
538 static void wpa_supplicant_global_ctrl_iface_receive(int sock
, void *eloop_ctx
,
541 struct wpa_global
*global
= eloop_ctx
;
542 struct ctrl_iface_global_priv
*priv
= sock_ctx
;
545 struct sockaddr_in from
;
546 socklen_t fromlen
= sizeof(from
);
549 u8 cookie
[COOKIE_LEN
];
551 res
= recvfrom(sock
, buf
, sizeof(buf
) - 1, 0,
552 (struct sockaddr
*) &from
, &fromlen
);
554 perror("recvfrom(ctrl_iface)");
558 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
559 if (from
.sin_addr
.s_addr
!= htonl((127 << 24) | 1)) {
561 * The OS networking stack is expected to drop this kind of
562 * frames since the socket is bound to only localhost address.
563 * Just in case, drop the frame if it is coming from any other
566 wpa_printf(MSG_DEBUG
, "CTRL: Drop packet from unexpected "
567 "source %s", inet_ntoa(from
.sin_addr
));
570 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
574 if (os_strcmp(buf
, "GET_COOKIE") == 0) {
575 reply
= wpa_supplicant_global_get_cookie(priv
, &reply_len
);
579 if (os_strncmp(buf
, "COOKIE=", 7) != 0) {
580 wpa_printf(MSG_DEBUG
, "CTLR: No cookie in the request - "
585 if (hexstr2bin(buf
+ 7, cookie
, COOKIE_LEN
) < 0) {
586 wpa_printf(MSG_DEBUG
, "CTLR: Invalid cookie format in the "
587 "request - drop request");
591 if (os_memcmp(cookie
, priv
->cookie
, COOKIE_LEN
) != 0) {
592 wpa_printf(MSG_DEBUG
, "CTLR: Invalid cookie in the request - "
597 pos
= buf
+ 7 + 2 * COOKIE_LEN
;
601 reply
= wpa_supplicant_global_ctrl_iface_process(global
, pos
,
606 sendto(sock
, reply
, reply_len
, 0, (struct sockaddr
*) &from
,
609 } else if (reply_len
) {
610 sendto(sock
, "FAIL\n", 5, 0, (struct sockaddr
*) &from
,
616 struct ctrl_iface_global_priv
*
617 wpa_supplicant_global_ctrl_iface_init(struct wpa_global
*global
)
619 struct ctrl_iface_global_priv
*priv
;
620 struct sockaddr_in addr
;
621 int port
= WPA_GLOBAL_CTRL_IFACE_PORT
;
623 priv
= os_zalloc(sizeof(*priv
));
627 os_get_random(priv
->cookie
, COOKIE_LEN
);
629 if (global
->params
.ctrl_interface
== NULL
)
632 wpa_printf(MSG_DEBUG
, "Global control interface '%s'",
633 global
->params
.ctrl_interface
);
635 priv
->sock
= socket(PF_INET
, SOCK_DGRAM
, 0);
636 if (priv
->sock
< 0) {
637 perror("socket(PF_INET)");
641 os_memset(&addr
, 0, sizeof(addr
));
642 addr
.sin_family
= AF_INET
;
643 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
644 addr
.sin_addr
.s_addr
= INADDR_ANY
;
645 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
646 addr
.sin_addr
.s_addr
= htonl((127 << 24) | 1);
647 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
649 addr
.sin_port
= htons(port
);
650 if (bind(priv
->sock
, (struct sockaddr
*) &addr
, sizeof(addr
)) < 0) {
652 if ((port
- WPA_GLOBAL_CTRL_IFACE_PORT
) <
653 WPA_GLOBAL_CTRL_IFACE_PORT_LIMIT
)
655 perror("bind(AF_INET)");
659 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
660 wpa_printf(MSG_DEBUG
, "global_ctrl_iface_init UDP port: %d", port
);
661 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
663 eloop_register_read_sock(priv
->sock
,
664 wpa_supplicant_global_ctrl_iface_receive
,
678 wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv
*priv
)
680 if (priv
->sock
>= 0) {
681 eloop_unregister_read_sock(priv
->sock
);