2 * WPA Supplicant / UDP socket -based control interface
3 * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
14 #include "eapol_supp/eapol_supp_sm.h"
15 #include "wpa_supplicant_i.h"
16 #include "ctrl_iface.h"
17 #include "common/wpa_ctrl.h"
22 /* Per-interface ctrl_iface */
25 * struct wpa_ctrl_dst - Internal data structure of control interface monitors
27 * This structure is used to store information about registered control
28 * interface monitors into struct wpa_supplicant. This data is private to
29 * ctrl_iface_udp.c and should not be touched directly from other files.
32 struct wpa_ctrl_dst
*next
;
33 struct sockaddr_in addr
;
40 struct ctrl_iface_priv
{
41 struct wpa_supplicant
*wpa_s
;
43 struct wpa_ctrl_dst
*ctrl_dst
;
44 u8 cookie
[COOKIE_LEN
];
48 static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv
*priv
,
49 int level
, const char *buf
,
53 static int wpa_supplicant_ctrl_iface_attach(struct ctrl_iface_priv
*priv
,
54 struct sockaddr_in
*from
,
57 struct wpa_ctrl_dst
*dst
;
59 dst
= os_zalloc(sizeof(*dst
));
62 os_memcpy(&dst
->addr
, from
, sizeof(struct sockaddr_in
));
63 dst
->addrlen
= fromlen
;
64 dst
->debug_level
= MSG_INFO
;
65 dst
->next
= priv
->ctrl_dst
;
67 wpa_printf(MSG_DEBUG
, "CTRL_IFACE monitor attached %s:%d",
68 inet_ntoa(from
->sin_addr
), ntohs(from
->sin_port
));
73 static int wpa_supplicant_ctrl_iface_detach(struct ctrl_iface_priv
*priv
,
74 struct sockaddr_in
*from
,
77 struct wpa_ctrl_dst
*dst
, *prev
= NULL
;
81 if (from
->sin_addr
.s_addr
== dst
->addr
.sin_addr
.s_addr
&&
82 from
->sin_port
== dst
->addr
.sin_port
) {
84 priv
->ctrl_dst
= dst
->next
;
86 prev
->next
= dst
->next
;
88 wpa_printf(MSG_DEBUG
, "CTRL_IFACE monitor detached "
89 "%s:%d", inet_ntoa(from
->sin_addr
),
90 ntohs(from
->sin_port
));
100 static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv
*priv
,
101 struct sockaddr_in
*from
,
105 struct wpa_ctrl_dst
*dst
;
107 wpa_printf(MSG_DEBUG
, "CTRL_IFACE LEVEL %s", level
);
109 dst
= priv
->ctrl_dst
;
111 if (from
->sin_addr
.s_addr
== dst
->addr
.sin_addr
.s_addr
&&
112 from
->sin_port
== dst
->addr
.sin_port
) {
113 wpa_printf(MSG_DEBUG
, "CTRL_IFACE changed monitor "
114 "level %s:%d", inet_ntoa(from
->sin_addr
),
115 ntohs(from
->sin_port
));
116 dst
->debug_level
= atoi(level
);
127 wpa_supplicant_ctrl_iface_get_cookie(struct ctrl_iface_priv
*priv
,
131 reply
= os_malloc(7 + 2 * COOKIE_LEN
+ 1);
137 os_memcpy(reply
, "COOKIE=", 7);
138 wpa_snprintf_hex(reply
+ 7, 2 * COOKIE_LEN
+ 1,
139 priv
->cookie
, COOKIE_LEN
);
141 *reply_len
= 7 + 2 * COOKIE_LEN
;
146 static void wpa_supplicant_ctrl_iface_receive(int sock
, void *eloop_ctx
,
149 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
150 struct ctrl_iface_priv
*priv
= sock_ctx
;
153 struct sockaddr_in from
;
154 socklen_t fromlen
= sizeof(from
);
156 size_t reply_len
= 0;
157 int new_attached
= 0;
158 u8 cookie
[COOKIE_LEN
];
160 res
= recvfrom(sock
, buf
, sizeof(buf
) - 1, 0,
161 (struct sockaddr
*) &from
, &fromlen
);
163 perror("recvfrom(ctrl_iface)");
166 if (from
.sin_addr
.s_addr
!= htonl((127 << 24) | 1)) {
168 * The OS networking stack is expected to drop this kind of
169 * frames since the socket is bound to only localhost address.
170 * Just in case, drop the frame if it is coming from any other
173 wpa_printf(MSG_DEBUG
, "CTRL: Drop packet from unexpected "
174 "source %s", inet_ntoa(from
.sin_addr
));
179 if (os_strcmp(buf
, "GET_COOKIE") == 0) {
180 reply
= wpa_supplicant_ctrl_iface_get_cookie(priv
, &reply_len
);
185 * Require that the client includes a prefix with the 'cookie' value
186 * fetched with GET_COOKIE command. This is used to verify that the
187 * client has access to a bidirectional link over UDP in order to
188 * avoid attacks using forged localhost IP address even if the OS does
189 * not block such frames from remote destinations.
191 if (os_strncmp(buf
, "COOKIE=", 7) != 0) {
192 wpa_printf(MSG_DEBUG
, "CTLR: No cookie in the request - "
197 if (hexstr2bin(buf
+ 7, cookie
, COOKIE_LEN
) < 0) {
198 wpa_printf(MSG_DEBUG
, "CTLR: Invalid cookie format in the "
199 "request - drop request");
203 if (os_memcmp(cookie
, priv
->cookie
, COOKIE_LEN
) != 0) {
204 wpa_printf(MSG_DEBUG
, "CTLR: Invalid cookie in the request - "
209 pos
= buf
+ 7 + 2 * COOKIE_LEN
;
213 if (os_strcmp(pos
, "ATTACH") == 0) {
214 if (wpa_supplicant_ctrl_iface_attach(priv
, &from
, fromlen
))
220 } else if (os_strcmp(pos
, "DETACH") == 0) {
221 if (wpa_supplicant_ctrl_iface_detach(priv
, &from
, fromlen
))
225 } else if (os_strncmp(pos
, "LEVEL ", 6) == 0) {
226 if (wpa_supplicant_ctrl_iface_level(priv
, &from
, fromlen
,
232 reply
= wpa_supplicant_ctrl_iface_process(wpa_s
, pos
,
238 sendto(sock
, reply
, reply_len
, 0, (struct sockaddr
*) &from
,
241 } else if (reply_len
== 1) {
242 sendto(sock
, "FAIL\n", 5, 0, (struct sockaddr
*) &from
,
244 } else if (reply_len
== 2) {
245 sendto(sock
, "OK\n", 3, 0, (struct sockaddr
*) &from
,
250 eapol_sm_notify_ctrl_attached(wpa_s
->eapol
);
254 static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx
, int level
,
255 const char *txt
, size_t len
)
257 struct wpa_supplicant
*wpa_s
= ctx
;
258 if (wpa_s
== NULL
|| wpa_s
->ctrl_iface
== NULL
)
260 wpa_supplicant_ctrl_iface_send(wpa_s
->ctrl_iface
, level
, txt
, len
);
264 struct ctrl_iface_priv
*
265 wpa_supplicant_ctrl_iface_init(struct wpa_supplicant
*wpa_s
)
267 struct ctrl_iface_priv
*priv
;
268 struct sockaddr_in addr
;
270 priv
= os_zalloc(sizeof(*priv
));
275 os_get_random(priv
->cookie
, COOKIE_LEN
);
277 if (wpa_s
->conf
->ctrl_interface
== NULL
)
280 priv
->sock
= socket(PF_INET
, SOCK_DGRAM
, 0);
281 if (priv
->sock
< 0) {
282 perror("socket(PF_INET)");
286 os_memset(&addr
, 0, sizeof(addr
));
287 addr
.sin_family
= AF_INET
;
288 addr
.sin_addr
.s_addr
= htonl((127 << 24) | 1);
289 addr
.sin_port
= htons(WPA_CTRL_IFACE_PORT
);
290 if (bind(priv
->sock
, (struct sockaddr
*) &addr
, sizeof(addr
)) < 0) {
291 perror("bind(AF_INET)");
295 eloop_register_read_sock(priv
->sock
, wpa_supplicant_ctrl_iface_receive
,
297 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb
);
309 void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv
*priv
)
311 struct wpa_ctrl_dst
*dst
, *prev
;
313 if (priv
->sock
> -1) {
314 eloop_unregister_read_sock(priv
->sock
);
315 if (priv
->ctrl_dst
) {
317 * Wait a second before closing the control socket if
318 * there are any attached monitors in order to allow
319 * them to receive any pending messages.
321 wpa_printf(MSG_DEBUG
, "CTRL_IFACE wait for attached "
322 "monitors to receive messages");
329 dst
= priv
->ctrl_dst
;
339 static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv
*priv
,
340 int level
, const char *buf
,
343 struct wpa_ctrl_dst
*dst
, *next
;
349 dst
= priv
->ctrl_dst
;
350 if (priv
->sock
< 0 || dst
== NULL
)
353 os_snprintf(levelstr
, sizeof(levelstr
), "<%d>", level
);
355 llen
= os_strlen(levelstr
);
356 sbuf
= os_malloc(llen
+ len
);
360 os_memcpy(sbuf
, levelstr
, llen
);
361 os_memcpy(sbuf
+ llen
, buf
, len
);
366 if (level
>= dst
->debug_level
) {
367 wpa_printf(MSG_DEBUG
, "CTRL_IFACE monitor send %s:%d",
368 inet_ntoa(dst
->addr
.sin_addr
),
369 ntohs(dst
->addr
.sin_port
));
370 if (sendto(priv
->sock
, sbuf
, llen
+ len
, 0,
371 (struct sockaddr
*) &dst
->addr
,
372 sizeof(dst
->addr
)) < 0) {
373 perror("sendto(CTRL_IFACE monitor)");
375 if (dst
->errors
> 10) {
376 wpa_supplicant_ctrl_iface_detach(
390 void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv
*priv
)
392 wpa_printf(MSG_DEBUG
, "CTRL_IFACE - %s - wait for monitor",
393 priv
->wpa_s
->ifname
);
394 eloop_wait_for_read_sock(priv
->sock
);
398 /* Global ctrl_iface */
400 struct ctrl_iface_global_priv
{
402 u8 cookie
[COOKIE_LEN
];
407 wpa_supplicant_global_get_cookie(struct ctrl_iface_global_priv
*priv
,
411 reply
= os_malloc(7 + 2 * COOKIE_LEN
+ 1);
417 os_memcpy(reply
, "COOKIE=", 7);
418 wpa_snprintf_hex(reply
+ 7, 2 * COOKIE_LEN
+ 1,
419 priv
->cookie
, COOKIE_LEN
);
421 *reply_len
= 7 + 2 * COOKIE_LEN
;
426 static void wpa_supplicant_global_ctrl_iface_receive(int sock
, void *eloop_ctx
,
429 struct wpa_global
*global
= eloop_ctx
;
430 struct ctrl_iface_global_priv
*priv
= sock_ctx
;
433 struct sockaddr_in from
;
434 socklen_t fromlen
= sizeof(from
);
437 u8 cookie
[COOKIE_LEN
];
439 res
= recvfrom(sock
, buf
, sizeof(buf
) - 1, 0,
440 (struct sockaddr
*) &from
, &fromlen
);
442 perror("recvfrom(ctrl_iface)");
445 if (from
.sin_addr
.s_addr
!= htonl((127 << 24) | 1)) {
447 * The OS networking stack is expected to drop this kind of
448 * frames since the socket is bound to only localhost address.
449 * Just in case, drop the frame if it is coming from any other
452 wpa_printf(MSG_DEBUG
, "CTRL: Drop packet from unexpected "
453 "source %s", inet_ntoa(from
.sin_addr
));
458 if (os_strcmp(buf
, "GET_COOKIE") == 0) {
459 reply
= wpa_supplicant_global_get_cookie(priv
, &reply_len
);
463 if (os_strncmp(buf
, "COOKIE=", 7) != 0) {
464 wpa_printf(MSG_DEBUG
, "CTLR: No cookie in the request - "
469 if (hexstr2bin(buf
+ 7, cookie
, COOKIE_LEN
) < 0) {
470 wpa_printf(MSG_DEBUG
, "CTLR: Invalid cookie format in the "
471 "request - drop request");
475 if (os_memcmp(cookie
, priv
->cookie
, COOKIE_LEN
) != 0) {
476 wpa_printf(MSG_DEBUG
, "CTLR: Invalid cookie in the request - "
481 pos
= buf
+ 7 + 2 * COOKIE_LEN
;
485 reply
= wpa_supplicant_global_ctrl_iface_process(global
, pos
,
490 sendto(sock
, reply
, reply_len
, 0, (struct sockaddr
*) &from
,
493 } else if (reply_len
) {
494 sendto(sock
, "FAIL\n", 5, 0, (struct sockaddr
*) &from
,
500 struct ctrl_iface_global_priv
*
501 wpa_supplicant_global_ctrl_iface_init(struct wpa_global
*global
)
503 struct ctrl_iface_global_priv
*priv
;
504 struct sockaddr_in addr
;
506 priv
= os_zalloc(sizeof(*priv
));
510 os_get_random(priv
->cookie
, COOKIE_LEN
);
512 if (global
->params
.ctrl_interface
== NULL
)
515 wpa_printf(MSG_DEBUG
, "Global control interface '%s'",
516 global
->params
.ctrl_interface
);
518 priv
->sock
= socket(PF_INET
, SOCK_DGRAM
, 0);
519 if (priv
->sock
< 0) {
520 perror("socket(PF_INET)");
524 os_memset(&addr
, 0, sizeof(addr
));
525 addr
.sin_family
= AF_INET
;
526 addr
.sin_addr
.s_addr
= htonl((127 << 24) | 1);
527 addr
.sin_port
= htons(WPA_GLOBAL_CTRL_IFACE_PORT
);
528 if (bind(priv
->sock
, (struct sockaddr
*) &addr
, sizeof(addr
)) < 0) {
529 perror("bind(AF_INET)");
533 eloop_register_read_sock(priv
->sock
,
534 wpa_supplicant_global_ctrl_iface_receive
,
548 wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv
*priv
)
550 if (priv
->sock
>= 0) {
551 eloop_unregister_read_sock(priv
->sock
);