]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/drivers/driver_nl80211.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
nl80211: Add debug prints for mgmt RX subscription
[thirdparty/hostap.git] / src / drivers / driver_nl80211.c
1 /*
2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009-2010, Atheros Communications
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 *
13 * Alternatively, this software may be distributed under the terms of BSD
14 * license.
15 *
16 * See README and COPYING for more details.
17 */
18
19 #include "includes.h"
20 #include <sys/ioctl.h>
21 #include <sys/types.h>
22 #include <sys/stat.h>
23 #include <fcntl.h>
24 #include <net/if.h>
25 #include <netlink/genl/genl.h>
26 #include <netlink/genl/family.h>
27 #include <netlink/genl/ctrl.h>
28 #include <linux/rtnetlink.h>
29 #include <netpacket/packet.h>
30 #include <linux/filter.h>
31 #include <linux/errqueue.h>
32 #include "nl80211_copy.h"
33
34 #include "common.h"
35 #include "eloop.h"
36 #include "utils/list.h"
37 #include "common/ieee802_11_defs.h"
38 #include "common/ieee802_11_common.h"
39 #include "l2_packet/l2_packet.h"
40 #include "netlink.h"
41 #include "linux_ioctl.h"
42 #include "radiotap.h"
43 #include "radiotap_iter.h"
44 #include "rfkill.h"
45 #include "driver.h"
46
47 #ifndef SO_WIFI_STATUS
48 # if defined(__sparc__)
49 # define SO_WIFI_STATUS 0x0025
50 # elif defined(__parisc__)
51 # define SO_WIFI_STATUS 0x4022
52 # else
53 # define SO_WIFI_STATUS 41
54 # endif
55
56 # define SCM_WIFI_STATUS SO_WIFI_STATUS
57 #endif
58
59 #ifndef SO_EE_ORIGIN_TXSTATUS
60 #define SO_EE_ORIGIN_TXSTATUS 4
61 #endif
62
63 #ifndef PACKET_TX_TIMESTAMP
64 #define PACKET_TX_TIMESTAMP 16
65 #endif
66
67 #ifdef ANDROID
68 #include "android_drv.h"
69 #endif /* ANDROID */
70 #ifdef CONFIG_LIBNL20
71 /* libnl 2.0 compatibility code */
72 #define nl_handle nl_sock
73 #define nl80211_handle_alloc nl_socket_alloc_cb
74 #define nl80211_handle_destroy nl_socket_free
75 #else
76 /*
77 * libnl 1.1 has a bug, it tries to allocate socket numbers densely
78 * but when you free a socket again it will mess up its bitmap and
79 * and use the wrong number the next time it needs a socket ID.
80 * Therefore, we wrap the handle alloc/destroy and add our own pid
81 * accounting.
82 */
83 static uint32_t port_bitmap[32] = { 0 };
84
85 static struct nl_handle *nl80211_handle_alloc(void *cb)
86 {
87 struct nl_handle *handle;
88 uint32_t pid = getpid() & 0x3FFFFF;
89 int i;
90
91 handle = nl_handle_alloc_cb(cb);
92
93 for (i = 0; i < 1024; i++) {
94 if (port_bitmap[i / 32] & (1 << (i % 32)))
95 continue;
96 port_bitmap[i / 32] |= 1 << (i % 32);
97 pid += i << 22;
98 break;
99 }
100
101 nl_socket_set_local_port(handle, pid);
102
103 return handle;
104 }
105
106 static void nl80211_handle_destroy(struct nl_handle *handle)
107 {
108 uint32_t port = nl_socket_get_local_port(handle);
109
110 port >>= 22;
111 port_bitmap[port / 32] &= ~(1 << (port % 32));
112
113 nl_handle_destroy(handle);
114 }
115 #endif /* CONFIG_LIBNL20 */
116
117
118 static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg)
119 {
120 struct nl_handle *handle;
121
122 handle = nl80211_handle_alloc(cb);
123 if (handle == NULL) {
124 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
125 "callbacks (%s)", dbg);
126 return NULL;
127 }
128
129 if (genl_connect(handle)) {
130 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
131 "netlink (%s)", dbg);
132 nl80211_handle_destroy(handle);
133 return NULL;
134 }
135
136 return handle;
137 }
138
139
140 static void nl_destroy_handles(struct nl_handle **handle)
141 {
142 if (*handle == NULL)
143 return;
144 nl80211_handle_destroy(*handle);
145 *handle = NULL;
146 }
147
148
149 #ifndef IFF_LOWER_UP
150 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
151 #endif
152 #ifndef IFF_DORMANT
153 #define IFF_DORMANT 0x20000 /* driver signals dormant */
154 #endif
155
156 #ifndef IF_OPER_DORMANT
157 #define IF_OPER_DORMANT 5
158 #endif
159 #ifndef IF_OPER_UP
160 #define IF_OPER_UP 6
161 #endif
162
163 struct nl80211_global {
164 struct dl_list interfaces;
165 int if_add_ifindex;
166 struct netlink_data *netlink;
167 struct nl_cb *nl_cb;
168 struct nl_handle *nl;
169 int nl80211_id;
170 int ioctl_sock; /* socket for ioctl() use */
171
172 struct nl_handle *nl_event;
173 };
174
175 struct nl80211_wiphy_data {
176 struct dl_list list;
177 struct dl_list bsss;
178 struct dl_list drvs;
179
180 struct nl_handle *nl_beacons;
181 struct nl_cb *nl_cb;
182
183 int wiphy_idx;
184 };
185
186 static void nl80211_global_deinit(void *priv);
187 static void wpa_driver_nl80211_deinit(void *priv);
188
189 struct i802_bss {
190 struct wpa_driver_nl80211_data *drv;
191 struct i802_bss *next;
192 int ifindex;
193 char ifname[IFNAMSIZ + 1];
194 char brname[IFNAMSIZ];
195 unsigned int beacon_set:1;
196 unsigned int added_if_into_bridge:1;
197 unsigned int added_bridge:1;
198
199 u8 addr[ETH_ALEN];
200
201 int freq;
202
203 struct nl_handle *nl_preq, *nl_mgmt;
204 struct nl_cb *nl_cb;
205
206 struct nl80211_wiphy_data *wiphy_data;
207 struct dl_list wiphy_list;
208 };
209
210 struct wpa_driver_nl80211_data {
211 struct nl80211_global *global;
212 struct dl_list list;
213 struct dl_list wiphy_list;
214 char phyname[32];
215 void *ctx;
216 int ifindex;
217 int if_removed;
218 int if_disabled;
219 int ignore_if_down_event;
220 struct rfkill_data *rfkill;
221 struct wpa_driver_capa capa;
222 int has_capability;
223
224 int operstate;
225
226 int scan_complete_events;
227
228 struct nl_cb *nl_cb;
229
230 u8 auth_bssid[ETH_ALEN];
231 u8 bssid[ETH_ALEN];
232 int associated;
233 u8 ssid[32];
234 size_t ssid_len;
235 enum nl80211_iftype nlmode;
236 enum nl80211_iftype ap_scan_as_station;
237 unsigned int assoc_freq;
238
239 int monitor_sock;
240 int monitor_ifidx;
241 int monitor_refcount;
242
243 unsigned int disabled_11b_rates:1;
244 unsigned int pending_remain_on_chan:1;
245 unsigned int in_interface_list:1;
246 unsigned int device_ap_sme:1;
247 unsigned int poll_command_supported:1;
248 unsigned int data_tx_status:1;
249 unsigned int scan_for_auth:1;
250 unsigned int retry_auth:1;
251 unsigned int use_monitor:1;
252
253 u64 remain_on_chan_cookie;
254 u64 send_action_cookie;
255
256 unsigned int last_mgmt_freq;
257
258 struct wpa_driver_scan_filter *filter_ssids;
259 size_t num_filter_ssids;
260
261 struct i802_bss first_bss;
262
263 int eapol_tx_sock;
264
265 #ifdef HOSTAPD
266 int eapol_sock; /* socket for EAPOL frames */
267
268 int default_if_indices[16];
269 int *if_indices;
270 int num_if_indices;
271
272 int last_freq;
273 int last_freq_ht;
274 #endif /* HOSTAPD */
275
276 /* From failed authentication command */
277 int auth_freq;
278 u8 auth_bssid_[ETH_ALEN];
279 u8 auth_ssid[32];
280 size_t auth_ssid_len;
281 int auth_alg;
282 u8 *auth_ie;
283 size_t auth_ie_len;
284 u8 auth_wep_key[4][16];
285 size_t auth_wep_key_len[4];
286 int auth_wep_tx_keyidx;
287 int auth_local_state_change;
288 int auth_p2p;
289 };
290
291
292 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
293 void *timeout_ctx);
294 static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
295 enum nl80211_iftype nlmode);
296 static int
297 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
298 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
299 const u8 *addr, int cmd, u16 reason_code,
300 int local_state_change);
301 static void nl80211_remove_monitor_interface(
302 struct wpa_driver_nl80211_data *drv);
303 static int nl80211_send_frame_cmd(struct i802_bss *bss,
304 unsigned int freq, unsigned int wait,
305 const u8 *buf, size_t buf_len, u64 *cookie,
306 int no_cck, int no_ack, int offchanok);
307 static int wpa_driver_nl80211_probe_req_report(void *priv, int report);
308 #ifdef ANDROID
309 static int android_pno_start(struct i802_bss *bss,
310 struct wpa_driver_scan_params *params);
311 static int android_pno_stop(struct i802_bss *bss);
312 #endif /* ANDROID */
313
314 #ifdef HOSTAPD
315 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
316 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
317 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
318 static int wpa_driver_nl80211_if_remove(void *priv,
319 enum wpa_driver_if_type type,
320 const char *ifname);
321 #else /* HOSTAPD */
322 static inline void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
323 {
324 }
325
326 static inline void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
327 {
328 }
329
330 static inline int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
331 {
332 return 0;
333 }
334 #endif /* HOSTAPD */
335
336 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq);
337 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
338 int ifindex, int disabled);
339
340 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv);
341 static int wpa_driver_nl80211_authenticate_retry(
342 struct wpa_driver_nl80211_data *drv);
343
344
345 static int is_ap_interface(enum nl80211_iftype nlmode)
346 {
347 return (nlmode == NL80211_IFTYPE_AP ||
348 nlmode == NL80211_IFTYPE_P2P_GO);
349 }
350
351
352 static int is_sta_interface(enum nl80211_iftype nlmode)
353 {
354 return (nlmode == NL80211_IFTYPE_STATION ||
355 nlmode == NL80211_IFTYPE_P2P_CLIENT);
356 }
357
358
359 static int is_p2p_interface(enum nl80211_iftype nlmode)
360 {
361 return (nlmode == NL80211_IFTYPE_P2P_CLIENT ||
362 nlmode == NL80211_IFTYPE_P2P_GO);
363 }
364
365
366 struct nl80211_bss_info_arg {
367 struct wpa_driver_nl80211_data *drv;
368 struct wpa_scan_results *res;
369 unsigned int assoc_freq;
370 u8 assoc_bssid[ETH_ALEN];
371 };
372
373 static int bss_info_handler(struct nl_msg *msg, void *arg);
374
375
376 /* nl80211 code */
377 static int ack_handler(struct nl_msg *msg, void *arg)
378 {
379 int *err = arg;
380 *err = 0;
381 return NL_STOP;
382 }
383
384 static int finish_handler(struct nl_msg *msg, void *arg)
385 {
386 int *ret = arg;
387 *ret = 0;
388 return NL_SKIP;
389 }
390
391 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
392 void *arg)
393 {
394 int *ret = arg;
395 *ret = err->error;
396 return NL_SKIP;
397 }
398
399
400 static int no_seq_check(struct nl_msg *msg, void *arg)
401 {
402 return NL_OK;
403 }
404
405
406 static int send_and_recv(struct nl80211_global *global,
407 struct nl_handle *nl_handle, struct nl_msg *msg,
408 int (*valid_handler)(struct nl_msg *, void *),
409 void *valid_data)
410 {
411 struct nl_cb *cb;
412 int err = -ENOMEM;
413
414 cb = nl_cb_clone(global->nl_cb);
415 if (!cb)
416 goto out;
417
418 err = nl_send_auto_complete(nl_handle, msg);
419 if (err < 0)
420 goto out;
421
422 err = 1;
423
424 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
425 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
426 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
427
428 if (valid_handler)
429 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
430 valid_handler, valid_data);
431
432 while (err > 0)
433 nl_recvmsgs(nl_handle, cb);
434 out:
435 nl_cb_put(cb);
436 nlmsg_free(msg);
437 return err;
438 }
439
440
441 static int send_and_recv_msgs_global(struct nl80211_global *global,
442 struct nl_msg *msg,
443 int (*valid_handler)(struct nl_msg *, void *),
444 void *valid_data)
445 {
446 return send_and_recv(global, global->nl, msg, valid_handler,
447 valid_data);
448 }
449
450
451 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
452 struct nl_msg *msg,
453 int (*valid_handler)(struct nl_msg *, void *),
454 void *valid_data)
455 {
456 return send_and_recv(drv->global, drv->global->nl, msg,
457 valid_handler, valid_data);
458 }
459
460
461 struct family_data {
462 const char *group;
463 int id;
464 };
465
466
467 static int family_handler(struct nl_msg *msg, void *arg)
468 {
469 struct family_data *res = arg;
470 struct nlattr *tb[CTRL_ATTR_MAX + 1];
471 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
472 struct nlattr *mcgrp;
473 int i;
474
475 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
476 genlmsg_attrlen(gnlh, 0), NULL);
477 if (!tb[CTRL_ATTR_MCAST_GROUPS])
478 return NL_SKIP;
479
480 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
481 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
482 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
483 nla_len(mcgrp), NULL);
484 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
485 !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
486 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
487 res->group,
488 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
489 continue;
490 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
491 break;
492 };
493
494 return NL_SKIP;
495 }
496
497
498 static int nl_get_multicast_id(struct nl80211_global *global,
499 const char *family, const char *group)
500 {
501 struct nl_msg *msg;
502 int ret = -1;
503 struct family_data res = { group, -ENOENT };
504
505 msg = nlmsg_alloc();
506 if (!msg)
507 return -ENOMEM;
508 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"),
509 0, 0, CTRL_CMD_GETFAMILY, 0);
510 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
511
512 ret = send_and_recv_msgs_global(global, msg, family_handler, &res);
513 msg = NULL;
514 if (ret == 0)
515 ret = res.id;
516
517 nla_put_failure:
518 nlmsg_free(msg);
519 return ret;
520 }
521
522
523 static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv,
524 struct nl_msg *msg, int flags, uint8_t cmd)
525 {
526 return genlmsg_put(msg, 0, 0, drv->global->nl80211_id,
527 0, flags, cmd, 0);
528 }
529
530
531 struct wiphy_idx_data {
532 int wiphy_idx;
533 };
534
535
536 static int netdev_info_handler(struct nl_msg *msg, void *arg)
537 {
538 struct nlattr *tb[NL80211_ATTR_MAX + 1];
539 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
540 struct wiphy_idx_data *info = arg;
541
542 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
543 genlmsg_attrlen(gnlh, 0), NULL);
544
545 if (tb[NL80211_ATTR_WIPHY])
546 info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
547
548 return NL_SKIP;
549 }
550
551
552 static int nl80211_get_wiphy_index(struct i802_bss *bss)
553 {
554 struct nl_msg *msg;
555 struct wiphy_idx_data data = {
556 .wiphy_idx = -1,
557 };
558
559 msg = nlmsg_alloc();
560 if (!msg)
561 return -1;
562
563 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
564
565 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
566
567 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0)
568 return data.wiphy_idx;
569 msg = NULL;
570 nla_put_failure:
571 nlmsg_free(msg);
572 return -1;
573 }
574
575
576 static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv,
577 struct nl80211_wiphy_data *w)
578 {
579 struct nl_msg *msg;
580 int ret = -1;
581
582 msg = nlmsg_alloc();
583 if (!msg)
584 return -1;
585
586 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS);
587
588 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx);
589
590 ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL);
591 msg = NULL;
592 if (ret) {
593 wpa_printf(MSG_DEBUG, "nl80211: Register beacons command "
594 "failed: ret=%d (%s)",
595 ret, strerror(-ret));
596 goto nla_put_failure;
597 }
598 ret = 0;
599 nla_put_failure:
600 nlmsg_free(msg);
601 return ret;
602 }
603
604
605 static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle)
606 {
607 struct nl80211_wiphy_data *w = eloop_ctx;
608
609 wpa_printf(MSG_DEBUG, "nl80211: Beacon event message available");
610
611 nl_recvmsgs(handle, w->nl_cb);
612 }
613
614
615 static int process_beacon_event(struct nl_msg *msg, void *arg)
616 {
617 struct nl80211_wiphy_data *w = arg;
618 struct wpa_driver_nl80211_data *drv;
619 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
620 struct nlattr *tb[NL80211_ATTR_MAX + 1];
621 union wpa_event_data event;
622
623 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
624 genlmsg_attrlen(gnlh, 0), NULL);
625
626 if (gnlh->cmd != NL80211_CMD_FRAME) {
627 wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)",
628 gnlh->cmd);
629 return NL_SKIP;
630 }
631
632 if (!tb[NL80211_ATTR_FRAME])
633 return NL_SKIP;
634
635 dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data,
636 wiphy_list) {
637 os_memset(&event, 0, sizeof(event));
638 event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]);
639 event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]);
640 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
641 }
642
643 return NL_SKIP;
644 }
645
646
647 static struct nl80211_wiphy_data *
648 nl80211_get_wiphy_data_ap(struct i802_bss *bss)
649 {
650 static DEFINE_DL_LIST(nl80211_wiphys);
651 struct nl80211_wiphy_data *w;
652 int wiphy_idx, found = 0;
653 struct i802_bss *tmp_bss;
654
655 if (bss->wiphy_data != NULL)
656 return bss->wiphy_data;
657
658 wiphy_idx = nl80211_get_wiphy_index(bss);
659
660 dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) {
661 if (w->wiphy_idx == wiphy_idx)
662 goto add;
663 }
664
665 /* alloc new one */
666 w = os_zalloc(sizeof(*w));
667 if (w == NULL)
668 return NULL;
669 w->wiphy_idx = wiphy_idx;
670 dl_list_init(&w->bsss);
671 dl_list_init(&w->drvs);
672
673 w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
674 if (!w->nl_cb) {
675 os_free(w);
676 return NULL;
677 }
678 nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
679 nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event,
680 w);
681
682 w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb,
683 "wiphy beacons");
684 if (w->nl_beacons == NULL) {
685 os_free(w);
686 return NULL;
687 }
688
689 if (nl80211_register_beacons(bss->drv, w)) {
690 nl_destroy_handles(&w->nl_beacons);
691 os_free(w);
692 return NULL;
693 }
694
695 eloop_register_read_sock(nl_socket_get_fd(w->nl_beacons),
696 nl80211_recv_beacons, w, w->nl_beacons);
697
698 dl_list_add(&nl80211_wiphys, &w->list);
699
700 add:
701 /* drv entry for this bss already there? */
702 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
703 if (tmp_bss->drv == bss->drv) {
704 found = 1;
705 break;
706 }
707 }
708 /* if not add it */
709 if (!found)
710 dl_list_add(&w->drvs, &bss->drv->wiphy_list);
711
712 dl_list_add(&w->bsss, &bss->wiphy_list);
713 bss->wiphy_data = w;
714 return w;
715 }
716
717
718 static void nl80211_put_wiphy_data_ap(struct i802_bss *bss)
719 {
720 struct nl80211_wiphy_data *w = bss->wiphy_data;
721 struct i802_bss *tmp_bss;
722 int found = 0;
723
724 if (w == NULL)
725 return;
726 bss->wiphy_data = NULL;
727 dl_list_del(&bss->wiphy_list);
728
729 /* still any for this drv present? */
730 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
731 if (tmp_bss->drv == bss->drv) {
732 found = 1;
733 break;
734 }
735 }
736 /* if not remove it */
737 if (!found)
738 dl_list_del(&bss->drv->wiphy_list);
739
740 if (!dl_list_empty(&w->bsss))
741 return;
742
743 eloop_unregister_read_sock(nl_socket_get_fd(w->nl_beacons));
744
745 nl_cb_put(w->nl_cb);
746 nl_destroy_handles(&w->nl_beacons);
747 dl_list_del(&w->list);
748 os_free(w);
749 }
750
751
752 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
753 {
754 struct i802_bss *bss = priv;
755 struct wpa_driver_nl80211_data *drv = bss->drv;
756 if (!drv->associated)
757 return -1;
758 os_memcpy(bssid, drv->bssid, ETH_ALEN);
759 return 0;
760 }
761
762
763 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
764 {
765 struct i802_bss *bss = priv;
766 struct wpa_driver_nl80211_data *drv = bss->drv;
767 if (!drv->associated)
768 return -1;
769 os_memcpy(ssid, drv->ssid, drv->ssid_len);
770 return drv->ssid_len;
771 }
772
773
774 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
775 char *buf, size_t len, int del)
776 {
777 union wpa_event_data event;
778
779 os_memset(&event, 0, sizeof(event));
780 if (len > sizeof(event.interface_status.ifname))
781 len = sizeof(event.interface_status.ifname) - 1;
782 os_memcpy(event.interface_status.ifname, buf, len);
783 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
784 EVENT_INTERFACE_ADDED;
785
786 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
787 del ? "DEL" : "NEW",
788 event.interface_status.ifname,
789 del ? "removed" : "added");
790
791 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) {
792 if (del)
793 drv->if_removed = 1;
794 else
795 drv->if_removed = 0;
796 }
797
798 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
799 }
800
801
802 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
803 u8 *buf, size_t len)
804 {
805 int attrlen, rta_len;
806 struct rtattr *attr;
807
808 attrlen = len;
809 attr = (struct rtattr *) buf;
810
811 rta_len = RTA_ALIGN(sizeof(struct rtattr));
812 while (RTA_OK(attr, attrlen)) {
813 if (attr->rta_type == IFLA_IFNAME) {
814 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname)
815 == 0)
816 return 1;
817 else
818 break;
819 }
820 attr = RTA_NEXT(attr, attrlen);
821 }
822
823 return 0;
824 }
825
826
827 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
828 int ifindex, u8 *buf, size_t len)
829 {
830 if (drv->ifindex == ifindex)
831 return 1;
832
833 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
834 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname);
835 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
836 "interface");
837 wpa_driver_nl80211_finish_drv_init(drv);
838 return 1;
839 }
840
841 return 0;
842 }
843
844
845 static struct wpa_driver_nl80211_data *
846 nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len)
847 {
848 struct wpa_driver_nl80211_data *drv;
849 dl_list_for_each(drv, &global->interfaces,
850 struct wpa_driver_nl80211_data, list) {
851 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) ||
852 have_ifidx(drv, idx))
853 return drv;
854 }
855 return NULL;
856 }
857
858
859 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
860 struct ifinfomsg *ifi,
861 u8 *buf, size_t len)
862 {
863 struct nl80211_global *global = ctx;
864 struct wpa_driver_nl80211_data *drv;
865 int attrlen, rta_len;
866 struct rtattr *attr;
867 u32 brid = 0;
868 char namebuf[IFNAMSIZ];
869
870 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
871 if (!drv) {
872 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign "
873 "ifindex %d", ifi->ifi_index);
874 return;
875 }
876
877 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
878 "(%s%s%s%s)",
879 drv->operstate, ifi->ifi_flags,
880 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
881 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
882 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
883 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
884
885 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
886 if (if_indextoname(ifi->ifi_index, namebuf) &&
887 linux_iface_up(drv->global->ioctl_sock,
888 drv->first_bss.ifname) > 0) {
889 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
890 "event since interface %s is up", namebuf);
891 return;
892 }
893 wpa_printf(MSG_DEBUG, "nl80211: Interface down");
894 if (drv->ignore_if_down_event) {
895 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
896 "event generated by mode change");
897 drv->ignore_if_down_event = 0;
898 } else {
899 drv->if_disabled = 1;
900 wpa_supplicant_event(drv->ctx,
901 EVENT_INTERFACE_DISABLED, NULL);
902 }
903 }
904
905 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
906 if (if_indextoname(ifi->ifi_index, namebuf) &&
907 linux_iface_up(drv->global->ioctl_sock,
908 drv->first_bss.ifname) == 0) {
909 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
910 "event since interface %s is down",
911 namebuf);
912 } else {
913 wpa_printf(MSG_DEBUG, "nl80211: Interface up");
914 drv->if_disabled = 0;
915 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
916 NULL);
917 }
918 }
919
920 /*
921 * Some drivers send the association event before the operup event--in
922 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
923 * fails. This will hit us when wpa_supplicant does not need to do
924 * IEEE 802.1X authentication
925 */
926 if (drv->operstate == 1 &&
927 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
928 !(ifi->ifi_flags & IFF_RUNNING))
929 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
930 -1, IF_OPER_UP);
931
932 attrlen = len;
933 attr = (struct rtattr *) buf;
934 rta_len = RTA_ALIGN(sizeof(struct rtattr));
935 while (RTA_OK(attr, attrlen)) {
936 if (attr->rta_type == IFLA_IFNAME) {
937 wpa_driver_nl80211_event_link(
938 drv,
939 ((char *) attr) + rta_len,
940 attr->rta_len - rta_len, 0);
941 } else if (attr->rta_type == IFLA_MASTER)
942 brid = nla_get_u32((struct nlattr *) attr);
943 attr = RTA_NEXT(attr, attrlen);
944 }
945
946 if (ifi->ifi_family == AF_BRIDGE && brid) {
947 /* device has been added to bridge */
948 if_indextoname(brid, namebuf);
949 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
950 brid, namebuf);
951 add_ifidx(drv, brid);
952 }
953 }
954
955
956 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
957 struct ifinfomsg *ifi,
958 u8 *buf, size_t len)
959 {
960 struct nl80211_global *global = ctx;
961 struct wpa_driver_nl80211_data *drv;
962 int attrlen, rta_len;
963 struct rtattr *attr;
964 u32 brid = 0;
965
966 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
967 if (!drv) {
968 wpa_printf(MSG_DEBUG, "nl80211: Ignore dellink event for "
969 "foreign ifindex %d", ifi->ifi_index);
970 return;
971 }
972
973 attrlen = len;
974 attr = (struct rtattr *) buf;
975
976 rta_len = RTA_ALIGN(sizeof(struct rtattr));
977 while (RTA_OK(attr, attrlen)) {
978 if (attr->rta_type == IFLA_IFNAME) {
979 wpa_driver_nl80211_event_link(
980 drv,
981 ((char *) attr) + rta_len,
982 attr->rta_len - rta_len, 1);
983 } else if (attr->rta_type == IFLA_MASTER)
984 brid = nla_get_u32((struct nlattr *) attr);
985 attr = RTA_NEXT(attr, attrlen);
986 }
987
988 if (ifi->ifi_family == AF_BRIDGE && brid) {
989 /* device has been removed from bridge */
990 char namebuf[IFNAMSIZ];
991 if_indextoname(brid, namebuf);
992 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge "
993 "%s", brid, namebuf);
994 del_ifidx(drv, brid);
995 }
996 }
997
998
999 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
1000 const u8 *frame, size_t len)
1001 {
1002 const struct ieee80211_mgmt *mgmt;
1003 union wpa_event_data event;
1004
1005 mgmt = (const struct ieee80211_mgmt *) frame;
1006 if (len < 24 + sizeof(mgmt->u.auth)) {
1007 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1008 "frame");
1009 return;
1010 }
1011
1012 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN);
1013 os_memset(&event, 0, sizeof(event));
1014 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
1015 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
1016 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
1017 if (len > 24 + sizeof(mgmt->u.auth)) {
1018 event.auth.ies = mgmt->u.auth.variable;
1019 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
1020 }
1021
1022 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
1023 }
1024
1025
1026 static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
1027 {
1028 struct nl_msg *msg;
1029 int ret;
1030 struct nl80211_bss_info_arg arg;
1031
1032 os_memset(&arg, 0, sizeof(arg));
1033 msg = nlmsg_alloc();
1034 if (!msg)
1035 goto nla_put_failure;
1036
1037 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1038 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1039
1040 arg.drv = drv;
1041 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
1042 msg = NULL;
1043 if (ret == 0) {
1044 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the "
1045 "associated BSS from scan results: %u MHz",
1046 arg.assoc_freq);
1047 return arg.assoc_freq ? arg.assoc_freq : drv->assoc_freq;
1048 }
1049 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1050 "(%s)", ret, strerror(-ret));
1051 nla_put_failure:
1052 nlmsg_free(msg);
1053 return drv->assoc_freq;
1054 }
1055
1056
1057 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
1058 const u8 *frame, size_t len)
1059 {
1060 const struct ieee80211_mgmt *mgmt;
1061 union wpa_event_data event;
1062 u16 status;
1063
1064 mgmt = (const struct ieee80211_mgmt *) frame;
1065 if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
1066 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1067 "frame");
1068 return;
1069 }
1070
1071 status = le_to_host16(mgmt->u.assoc_resp.status_code);
1072 if (status != WLAN_STATUS_SUCCESS) {
1073 os_memset(&event, 0, sizeof(event));
1074 event.assoc_reject.bssid = mgmt->bssid;
1075 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
1076 event.assoc_reject.resp_ies =
1077 (u8 *) mgmt->u.assoc_resp.variable;
1078 event.assoc_reject.resp_ies_len =
1079 len - 24 - sizeof(mgmt->u.assoc_resp);
1080 }
1081 event.assoc_reject.status_code = status;
1082
1083 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
1084 return;
1085 }
1086
1087 drv->associated = 1;
1088 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
1089
1090 os_memset(&event, 0, sizeof(event));
1091 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
1092 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
1093 event.assoc_info.resp_ies_len =
1094 len - 24 - sizeof(mgmt->u.assoc_resp);
1095 }
1096
1097 event.assoc_info.freq = drv->assoc_freq;
1098
1099 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
1100 }
1101
1102
1103 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
1104 enum nl80211_commands cmd, struct nlattr *status,
1105 struct nlattr *addr, struct nlattr *req_ie,
1106 struct nlattr *resp_ie)
1107 {
1108 union wpa_event_data event;
1109
1110 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1111 /*
1112 * Avoid reporting two association events that would confuse
1113 * the core code.
1114 */
1115 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) "
1116 "when using userspace SME", cmd);
1117 return;
1118 }
1119
1120 os_memset(&event, 0, sizeof(event));
1121 if (cmd == NL80211_CMD_CONNECT &&
1122 nla_get_u16(status) != WLAN_STATUS_SUCCESS) {
1123 if (addr)
1124 event.assoc_reject.bssid = nla_data(addr);
1125 if (resp_ie) {
1126 event.assoc_reject.resp_ies = nla_data(resp_ie);
1127 event.assoc_reject.resp_ies_len = nla_len(resp_ie);
1128 }
1129 event.assoc_reject.status_code = nla_get_u16(status);
1130 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
1131 return;
1132 }
1133
1134 drv->associated = 1;
1135 if (addr)
1136 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN);
1137
1138 if (req_ie) {
1139 event.assoc_info.req_ies = nla_data(req_ie);
1140 event.assoc_info.req_ies_len = nla_len(req_ie);
1141 }
1142 if (resp_ie) {
1143 event.assoc_info.resp_ies = nla_data(resp_ie);
1144 event.assoc_info.resp_ies_len = nla_len(resp_ie);
1145 }
1146
1147 event.assoc_info.freq = nl80211_get_assoc_freq(drv);
1148
1149 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
1150 }
1151
1152
1153 static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv,
1154 struct nlattr *reason, struct nlattr *addr)
1155 {
1156 union wpa_event_data data;
1157
1158 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1159 /*
1160 * Avoid reporting two disassociation events that could
1161 * confuse the core code.
1162 */
1163 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1164 "event when using userspace SME");
1165 return;
1166 }
1167
1168 drv->associated = 0;
1169 os_memset(&data, 0, sizeof(data));
1170 if (reason)
1171 data.disassoc_info.reason_code = nla_get_u16(reason);
1172 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data);
1173 }
1174
1175
1176 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv,
1177 enum nl80211_commands cmd, struct nlattr *addr)
1178 {
1179 union wpa_event_data event;
1180 enum wpa_event_type ev;
1181
1182 if (nla_len(addr) != ETH_ALEN)
1183 return;
1184
1185 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR,
1186 cmd, MAC2STR((u8 *) nla_data(addr)));
1187
1188 if (cmd == NL80211_CMD_AUTHENTICATE)
1189 ev = EVENT_AUTH_TIMED_OUT;
1190 else if (cmd == NL80211_CMD_ASSOCIATE)
1191 ev = EVENT_ASSOC_TIMED_OUT;
1192 else
1193 return;
1194
1195 os_memset(&event, 0, sizeof(event));
1196 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN);
1197 wpa_supplicant_event(drv->ctx, ev, &event);
1198 }
1199
1200
1201 static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv,
1202 struct nlattr *freq, const u8 *frame, size_t len)
1203 {
1204 const struct ieee80211_mgmt *mgmt;
1205 union wpa_event_data event;
1206 u16 fc, stype;
1207
1208 mgmt = (const struct ieee80211_mgmt *) frame;
1209 if (len < 24) {
1210 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame");
1211 return;
1212 }
1213
1214 fc = le_to_host16(mgmt->frame_control);
1215 stype = WLAN_FC_GET_STYPE(fc);
1216
1217 os_memset(&event, 0, sizeof(event));
1218 if (freq) {
1219 event.rx_action.freq = nla_get_u32(freq);
1220 drv->last_mgmt_freq = event.rx_action.freq;
1221 }
1222 if (stype == WLAN_FC_STYPE_ACTION) {
1223 event.rx_action.da = mgmt->da;
1224 event.rx_action.sa = mgmt->sa;
1225 event.rx_action.bssid = mgmt->bssid;
1226 event.rx_action.category = mgmt->u.action.category;
1227 event.rx_action.data = &mgmt->u.action.category + 1;
1228 event.rx_action.len = frame + len - event.rx_action.data;
1229 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event);
1230 } else {
1231 event.rx_mgmt.frame = frame;
1232 event.rx_mgmt.frame_len = len;
1233 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
1234 }
1235 }
1236
1237
1238 static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv,
1239 struct nlattr *cookie, const u8 *frame,
1240 size_t len, struct nlattr *ack)
1241 {
1242 union wpa_event_data event;
1243 const struct ieee80211_hdr *hdr;
1244 u16 fc;
1245
1246 if (!is_ap_interface(drv->nlmode)) {
1247 u64 cookie_val;
1248
1249 if (!cookie)
1250 return;
1251
1252 cookie_val = nla_get_u64(cookie);
1253 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:"
1254 " cookie=0%llx%s (ack=%d)",
1255 (long long unsigned int) cookie_val,
1256 cookie_val == drv->send_action_cookie ?
1257 " (match)" : " (unknown)", ack != NULL);
1258 if (cookie_val != drv->send_action_cookie)
1259 return;
1260 }
1261
1262 hdr = (const struct ieee80211_hdr *) frame;
1263 fc = le_to_host16(hdr->frame_control);
1264
1265 os_memset(&event, 0, sizeof(event));
1266 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
1267 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
1268 event.tx_status.dst = hdr->addr1;
1269 event.tx_status.data = frame;
1270 event.tx_status.data_len = len;
1271 event.tx_status.ack = ack != NULL;
1272 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event);
1273 }
1274
1275
1276 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
1277 enum wpa_event_type type,
1278 const u8 *frame, size_t len)
1279 {
1280 const struct ieee80211_mgmt *mgmt;
1281 union wpa_event_data event;
1282 const u8 *bssid = NULL;
1283 u16 reason_code = 0;
1284
1285 mgmt = (const struct ieee80211_mgmt *) frame;
1286 if (len >= 24) {
1287 bssid = mgmt->bssid;
1288
1289 if (drv->associated != 0 &&
1290 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
1291 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
1292 /*
1293 * We have presumably received this deauth as a
1294 * response to a clear_state_mismatch() outgoing
1295 * deauth. Don't let it take us offline!
1296 */
1297 wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
1298 "from Unknown BSSID " MACSTR " -- ignoring",
1299 MAC2STR(bssid));
1300 return;
1301 }
1302 }
1303
1304 drv->associated = 0;
1305 os_memset(&event, 0, sizeof(event));
1306
1307 /* Note: Same offset for Reason Code in both frame subtypes */
1308 if (len >= 24 + sizeof(mgmt->u.deauth))
1309 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1310
1311 if (type == EVENT_DISASSOC) {
1312 event.disassoc_info.addr = bssid;
1313 event.disassoc_info.reason_code = reason_code;
1314 if (frame + len > mgmt->u.disassoc.variable) {
1315 event.disassoc_info.ie = mgmt->u.disassoc.variable;
1316 event.disassoc_info.ie_len = frame + len -
1317 mgmt->u.disassoc.variable;
1318 }
1319 } else {
1320 event.deauth_info.addr = bssid;
1321 event.deauth_info.reason_code = reason_code;
1322 if (frame + len > mgmt->u.deauth.variable) {
1323 event.deauth_info.ie = mgmt->u.deauth.variable;
1324 event.deauth_info.ie_len = frame + len -
1325 mgmt->u.deauth.variable;
1326 }
1327 }
1328
1329 wpa_supplicant_event(drv->ctx, type, &event);
1330 }
1331
1332
1333 static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv,
1334 enum wpa_event_type type,
1335 const u8 *frame, size_t len)
1336 {
1337 const struct ieee80211_mgmt *mgmt;
1338 union wpa_event_data event;
1339 u16 reason_code = 0;
1340
1341 if (len < 24)
1342 return;
1343
1344 mgmt = (const struct ieee80211_mgmt *) frame;
1345
1346 os_memset(&event, 0, sizeof(event));
1347 /* Note: Same offset for Reason Code in both frame subtypes */
1348 if (len >= 24 + sizeof(mgmt->u.deauth))
1349 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1350
1351 if (type == EVENT_UNPROT_DISASSOC) {
1352 event.unprot_disassoc.sa = mgmt->sa;
1353 event.unprot_disassoc.da = mgmt->da;
1354 event.unprot_disassoc.reason_code = reason_code;
1355 } else {
1356 event.unprot_deauth.sa = mgmt->sa;
1357 event.unprot_deauth.da = mgmt->da;
1358 event.unprot_deauth.reason_code = reason_code;
1359 }
1360
1361 wpa_supplicant_event(drv->ctx, type, &event);
1362 }
1363
1364
1365 static void mlme_event(struct wpa_driver_nl80211_data *drv,
1366 enum nl80211_commands cmd, struct nlattr *frame,
1367 struct nlattr *addr, struct nlattr *timed_out,
1368 struct nlattr *freq, struct nlattr *ack,
1369 struct nlattr *cookie)
1370 {
1371 if (timed_out && addr) {
1372 mlme_timeout_event(drv, cmd, addr);
1373 return;
1374 }
1375
1376 if (frame == NULL) {
1377 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame "
1378 "data", cmd);
1379 return;
1380 }
1381
1382 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd);
1383 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
1384 nla_data(frame), nla_len(frame));
1385
1386 switch (cmd) {
1387 case NL80211_CMD_AUTHENTICATE:
1388 mlme_event_auth(drv, nla_data(frame), nla_len(frame));
1389 break;
1390 case NL80211_CMD_ASSOCIATE:
1391 mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
1392 break;
1393 case NL80211_CMD_DEAUTHENTICATE:
1394 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH,
1395 nla_data(frame), nla_len(frame));
1396 break;
1397 case NL80211_CMD_DISASSOCIATE:
1398 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC,
1399 nla_data(frame), nla_len(frame));
1400 break;
1401 case NL80211_CMD_FRAME:
1402 mlme_event_mgmt(drv, freq, nla_data(frame), nla_len(frame));
1403 break;
1404 case NL80211_CMD_FRAME_TX_STATUS:
1405 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame),
1406 nla_len(frame), ack);
1407 break;
1408 case NL80211_CMD_UNPROT_DEAUTHENTICATE:
1409 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH,
1410 nla_data(frame), nla_len(frame));
1411 break;
1412 case NL80211_CMD_UNPROT_DISASSOCIATE:
1413 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC,
1414 nla_data(frame), nla_len(frame));
1415 break;
1416 default:
1417 break;
1418 }
1419 }
1420
1421
1422 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv,
1423 struct nlattr *tb[])
1424 {
1425 union wpa_event_data data;
1426
1427 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
1428 os_memset(&data, 0, sizeof(data));
1429 if (tb[NL80211_ATTR_MAC]) {
1430 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
1431 nla_data(tb[NL80211_ATTR_MAC]),
1432 nla_len(tb[NL80211_ATTR_MAC]));
1433 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]);
1434 }
1435 if (tb[NL80211_ATTR_KEY_SEQ]) {
1436 wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
1437 nla_data(tb[NL80211_ATTR_KEY_SEQ]),
1438 nla_len(tb[NL80211_ATTR_KEY_SEQ]));
1439 }
1440 if (tb[NL80211_ATTR_KEY_TYPE]) {
1441 enum nl80211_key_type key_type =
1442 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
1443 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
1444 if (key_type == NL80211_KEYTYPE_PAIRWISE)
1445 data.michael_mic_failure.unicast = 1;
1446 } else
1447 data.michael_mic_failure.unicast = 1;
1448
1449 if (tb[NL80211_ATTR_KEY_IDX]) {
1450 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
1451 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
1452 }
1453
1454 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
1455 }
1456
1457
1458 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv,
1459 struct nlattr *tb[])
1460 {
1461 if (tb[NL80211_ATTR_MAC] == NULL) {
1462 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined "
1463 "event");
1464 return;
1465 }
1466 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
1467 drv->associated = 1;
1468 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined",
1469 MAC2STR(drv->bssid));
1470
1471 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
1472 }
1473
1474
1475 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv,
1476 int cancel_event, struct nlattr *tb[])
1477 {
1478 unsigned int freq, chan_type, duration;
1479 union wpa_event_data data;
1480 u64 cookie;
1481
1482 if (tb[NL80211_ATTR_WIPHY_FREQ])
1483 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
1484 else
1485 freq = 0;
1486
1487 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
1488 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1489 else
1490 chan_type = 0;
1491
1492 if (tb[NL80211_ATTR_DURATION])
1493 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]);
1494 else
1495 duration = 0;
1496
1497 if (tb[NL80211_ATTR_COOKIE])
1498 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
1499 else
1500 cookie = 0;
1501
1502 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d "
1503 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))",
1504 cancel_event, freq, chan_type, duration,
1505 (long long unsigned int) cookie,
1506 cookie == drv->remain_on_chan_cookie ? "match" : "unknown");
1507
1508 if (cookie != drv->remain_on_chan_cookie)
1509 return; /* not for us */
1510
1511 if (cancel_event)
1512 drv->pending_remain_on_chan = 0;
1513
1514 os_memset(&data, 0, sizeof(data));
1515 data.remain_on_channel.freq = freq;
1516 data.remain_on_channel.duration = duration;
1517 wpa_supplicant_event(drv->ctx, cancel_event ?
1518 EVENT_CANCEL_REMAIN_ON_CHANNEL :
1519 EVENT_REMAIN_ON_CHANNEL, &data);
1520 }
1521
1522
1523 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
1524 struct nlattr *tb[])
1525 {
1526 union wpa_event_data event;
1527 struct nlattr *nl;
1528 int rem;
1529 struct scan_info *info;
1530 #define MAX_REPORT_FREQS 50
1531 int freqs[MAX_REPORT_FREQS];
1532 int num_freqs = 0;
1533
1534 if (drv->scan_for_auth) {
1535 drv->scan_for_auth = 0;
1536 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing "
1537 "cfg80211 BSS entry");
1538 wpa_driver_nl80211_authenticate_retry(drv);
1539 return;
1540 }
1541
1542 os_memset(&event, 0, sizeof(event));
1543 info = &event.scan_info;
1544 info->aborted = aborted;
1545
1546 if (tb[NL80211_ATTR_SCAN_SSIDS]) {
1547 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
1548 struct wpa_driver_scan_ssid *s =
1549 &info->ssids[info->num_ssids];
1550 s->ssid = nla_data(nl);
1551 s->ssid_len = nla_len(nl);
1552 info->num_ssids++;
1553 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
1554 break;
1555 }
1556 }
1557 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
1558 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem)
1559 {
1560 freqs[num_freqs] = nla_get_u32(nl);
1561 num_freqs++;
1562 if (num_freqs == MAX_REPORT_FREQS - 1)
1563 break;
1564 }
1565 info->freqs = freqs;
1566 info->num_freqs = num_freqs;
1567 }
1568 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
1569 }
1570
1571
1572 static int get_link_signal(struct nl_msg *msg, void *arg)
1573 {
1574 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1575 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1576 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
1577 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
1578 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
1579 };
1580 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1];
1581 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
1582 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
1583 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
1584 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG },
1585 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
1586 };
1587 struct wpa_signal_info *sig_change = arg;
1588
1589 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1590 genlmsg_attrlen(gnlh, 0), NULL);
1591 if (!tb[NL80211_ATTR_STA_INFO] ||
1592 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
1593 tb[NL80211_ATTR_STA_INFO], policy))
1594 return NL_SKIP;
1595 if (!sinfo[NL80211_STA_INFO_SIGNAL])
1596 return NL_SKIP;
1597
1598 sig_change->current_signal =
1599 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
1600
1601 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) {
1602 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX,
1603 sinfo[NL80211_STA_INFO_TX_BITRATE],
1604 rate_policy)) {
1605 sig_change->current_txrate = 0;
1606 } else {
1607 if (rinfo[NL80211_RATE_INFO_BITRATE]) {
1608 sig_change->current_txrate =
1609 nla_get_u16(rinfo[
1610 NL80211_RATE_INFO_BITRATE]) * 100;
1611 }
1612 }
1613 }
1614
1615 return NL_SKIP;
1616 }
1617
1618
1619 static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
1620 struct wpa_signal_info *sig)
1621 {
1622 struct nl_msg *msg;
1623
1624 sig->current_signal = -9999;
1625 sig->current_txrate = 0;
1626
1627 msg = nlmsg_alloc();
1628 if (!msg)
1629 return -ENOMEM;
1630
1631 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION);
1632
1633 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1634 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
1635
1636 return send_and_recv_msgs(drv, msg, get_link_signal, sig);
1637 nla_put_failure:
1638 nlmsg_free(msg);
1639 return -ENOBUFS;
1640 }
1641
1642
1643 static int get_link_noise(struct nl_msg *msg, void *arg)
1644 {
1645 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1646 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1647 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1648 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1649 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1650 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1651 };
1652 struct wpa_signal_info *sig_change = arg;
1653
1654 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1655 genlmsg_attrlen(gnlh, 0), NULL);
1656
1657 if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1658 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
1659 return NL_SKIP;
1660 }
1661
1662 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1663 tb[NL80211_ATTR_SURVEY_INFO],
1664 survey_policy)) {
1665 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
1666 "attributes!");
1667 return NL_SKIP;
1668 }
1669
1670 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1671 return NL_SKIP;
1672
1673 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1674 sig_change->frequency)
1675 return NL_SKIP;
1676
1677 if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1678 return NL_SKIP;
1679
1680 sig_change->current_noise =
1681 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1682
1683 return NL_SKIP;
1684 }
1685
1686
1687 static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
1688 struct wpa_signal_info *sig_change)
1689 {
1690 struct nl_msg *msg;
1691
1692 sig_change->current_noise = 9999;
1693 sig_change->frequency = drv->assoc_freq;
1694
1695 msg = nlmsg_alloc();
1696 if (!msg)
1697 return -ENOMEM;
1698
1699 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
1700
1701 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1702
1703 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change);
1704 nla_put_failure:
1705 nlmsg_free(msg);
1706 return -ENOBUFS;
1707 }
1708
1709
1710 static int get_noise_for_scan_results(struct nl_msg *msg, void *arg)
1711 {
1712 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1713 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1714 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1715 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1716 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1717 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1718 };
1719 struct wpa_scan_results *scan_results = arg;
1720 struct wpa_scan_res *scan_res;
1721 size_t i;
1722
1723 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1724 genlmsg_attrlen(gnlh, 0), NULL);
1725
1726 if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1727 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing");
1728 return NL_SKIP;
1729 }
1730
1731 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1732 tb[NL80211_ATTR_SURVEY_INFO],
1733 survey_policy)) {
1734 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested "
1735 "attributes");
1736 return NL_SKIP;
1737 }
1738
1739 if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1740 return NL_SKIP;
1741
1742 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1743 return NL_SKIP;
1744
1745 for (i = 0; i < scan_results->num; ++i) {
1746 scan_res = scan_results->res[i];
1747 if (!scan_res)
1748 continue;
1749 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1750 scan_res->freq)
1751 continue;
1752 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID))
1753 continue;
1754 scan_res->noise = (s8)
1755 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1756 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID;
1757 }
1758
1759 return NL_SKIP;
1760 }
1761
1762
1763 static int nl80211_get_noise_for_scan_results(
1764 struct wpa_driver_nl80211_data *drv,
1765 struct wpa_scan_results *scan_res)
1766 {
1767 struct nl_msg *msg;
1768
1769 msg = nlmsg_alloc();
1770 if (!msg)
1771 return -ENOMEM;
1772
1773 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
1774
1775 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1776
1777 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results,
1778 scan_res);
1779 nla_put_failure:
1780 nlmsg_free(msg);
1781 return -ENOBUFS;
1782 }
1783
1784
1785 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv,
1786 struct nlattr *tb[])
1787 {
1788 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
1789 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
1790 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 },
1791 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
1792 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 },
1793 };
1794 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1];
1795 enum nl80211_cqm_rssi_threshold_event event;
1796 union wpa_event_data ed;
1797 struct wpa_signal_info sig;
1798 int res;
1799
1800 if (tb[NL80211_ATTR_CQM] == NULL ||
1801 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM],
1802 cqm_policy)) {
1803 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event");
1804 return;
1805 }
1806
1807 os_memset(&ed, 0, sizeof(ed));
1808
1809 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) {
1810 if (!tb[NL80211_ATTR_MAC])
1811 return;
1812 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]),
1813 ETH_ALEN);
1814 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed);
1815 return;
1816 }
1817
1818 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL)
1819 return;
1820 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]);
1821
1822 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) {
1823 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1824 "event: RSSI high");
1825 ed.signal_change.above_threshold = 1;
1826 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) {
1827 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1828 "event: RSSI low");
1829 ed.signal_change.above_threshold = 0;
1830 } else
1831 return;
1832
1833 res = nl80211_get_link_signal(drv, &sig);
1834 if (res == 0) {
1835 ed.signal_change.current_signal = sig.current_signal;
1836 ed.signal_change.current_txrate = sig.current_txrate;
1837 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d",
1838 sig.current_signal, sig.current_txrate);
1839 }
1840
1841 res = nl80211_get_link_noise(drv, &sig);
1842 if (res == 0) {
1843 ed.signal_change.current_noise = sig.current_noise;
1844 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm",
1845 sig.current_noise);
1846 }
1847
1848 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed);
1849 }
1850
1851
1852 static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv,
1853 struct nlattr **tb)
1854 {
1855 u8 *addr;
1856 union wpa_event_data data;
1857
1858 if (tb[NL80211_ATTR_MAC] == NULL)
1859 return;
1860 addr = nla_data(tb[NL80211_ATTR_MAC]);
1861 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr));
1862
1863 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
1864 u8 *ies = NULL;
1865 size_t ies_len = 0;
1866 if (tb[NL80211_ATTR_IE]) {
1867 ies = nla_data(tb[NL80211_ATTR_IE]);
1868 ies_len = nla_len(tb[NL80211_ATTR_IE]);
1869 }
1870 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len);
1871 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0);
1872 return;
1873 }
1874
1875 if (drv->nlmode != NL80211_IFTYPE_ADHOC)
1876 return;
1877
1878 os_memset(&data, 0, sizeof(data));
1879 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN);
1880 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data);
1881 }
1882
1883
1884 static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv,
1885 struct nlattr **tb)
1886 {
1887 u8 *addr;
1888 union wpa_event_data data;
1889
1890 if (tb[NL80211_ATTR_MAC] == NULL)
1891 return;
1892 addr = nla_data(tb[NL80211_ATTR_MAC]);
1893 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR,
1894 MAC2STR(addr));
1895
1896 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
1897 drv_event_disassoc(drv->ctx, addr);
1898 return;
1899 }
1900
1901 if (drv->nlmode != NL80211_IFTYPE_ADHOC)
1902 return;
1903
1904 os_memset(&data, 0, sizeof(data));
1905 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN);
1906 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data);
1907 }
1908
1909
1910 static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv,
1911 struct nlattr **tb)
1912 {
1913 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA];
1914 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = {
1915 [NL80211_REKEY_DATA_KEK] = {
1916 .minlen = NL80211_KEK_LEN,
1917 .maxlen = NL80211_KEK_LEN,
1918 },
1919 [NL80211_REKEY_DATA_KCK] = {
1920 .minlen = NL80211_KCK_LEN,
1921 .maxlen = NL80211_KCK_LEN,
1922 },
1923 [NL80211_REKEY_DATA_REPLAY_CTR] = {
1924 .minlen = NL80211_REPLAY_CTR_LEN,
1925 .maxlen = NL80211_REPLAY_CTR_LEN,
1926 },
1927 };
1928 union wpa_event_data data;
1929
1930 if (!tb[NL80211_ATTR_MAC])
1931 return;
1932 if (!tb[NL80211_ATTR_REKEY_DATA])
1933 return;
1934 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA,
1935 tb[NL80211_ATTR_REKEY_DATA], rekey_policy))
1936 return;
1937 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR])
1938 return;
1939
1940 os_memset(&data, 0, sizeof(data));
1941 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]);
1942 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR,
1943 MAC2STR(data.driver_gtk_rekey.bssid));
1944 data.driver_gtk_rekey.replay_ctr =
1945 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]);
1946 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter",
1947 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN);
1948 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data);
1949 }
1950
1951
1952 static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv,
1953 struct nlattr **tb)
1954 {
1955 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE];
1956 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = {
1957 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 },
1958 [NL80211_PMKSA_CANDIDATE_BSSID] = {
1959 .minlen = ETH_ALEN,
1960 .maxlen = ETH_ALEN,
1961 },
1962 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG },
1963 };
1964 union wpa_event_data data;
1965
1966 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE])
1967 return;
1968 if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE,
1969 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy))
1970 return;
1971 if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] ||
1972 !cand[NL80211_PMKSA_CANDIDATE_BSSID])
1973 return;
1974
1975 os_memset(&data, 0, sizeof(data));
1976 os_memcpy(data.pmkid_candidate.bssid,
1977 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN);
1978 data.pmkid_candidate.index =
1979 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]);
1980 data.pmkid_candidate.preauth =
1981 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL;
1982 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
1983 }
1984
1985
1986 static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv,
1987 struct nlattr **tb)
1988 {
1989 union wpa_event_data data;
1990
1991 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK])
1992 return;
1993
1994 os_memset(&data, 0, sizeof(data));
1995 os_memcpy(data.client_poll.addr,
1996 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
1997
1998 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data);
1999 }
2000
2001
2002 static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb,
2003 int wds)
2004 {
2005 struct wpa_driver_nl80211_data *drv = bss->drv;
2006 union wpa_event_data event;
2007
2008 if (!tb[NL80211_ATTR_MAC])
2009 return;
2010
2011 os_memset(&event, 0, sizeof(event));
2012 event.rx_from_unknown.bssid = bss->addr;
2013 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]);
2014 event.rx_from_unknown.wds = wds;
2015
2016 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
2017 }
2018
2019
2020 static void do_process_drv_event(struct wpa_driver_nl80211_data *drv,
2021 int cmd, struct nlattr **tb)
2022 {
2023 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED &&
2024 (cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
2025 cmd == NL80211_CMD_SCAN_ABORTED)) {
2026 wpa_driver_nl80211_set_mode(&drv->first_bss,
2027 drv->ap_scan_as_station);
2028 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
2029 }
2030
2031 switch (cmd) {
2032 case NL80211_CMD_TRIGGER_SCAN:
2033 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger");
2034 break;
2035 case NL80211_CMD_START_SCHED_SCAN:
2036 wpa_printf(MSG_DEBUG, "nl80211: Sched scan started");
2037 break;
2038 case NL80211_CMD_SCHED_SCAN_STOPPED:
2039 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stopped");
2040 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL);
2041 break;
2042 case NL80211_CMD_NEW_SCAN_RESULTS:
2043 wpa_printf(MSG_DEBUG, "nl80211: New scan results available");
2044 drv->scan_complete_events = 1;
2045 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
2046 drv->ctx);
2047 send_scan_event(drv, 0, tb);
2048 break;
2049 case NL80211_CMD_SCHED_SCAN_RESULTS:
2050 wpa_printf(MSG_DEBUG,
2051 "nl80211: New sched scan results available");
2052 send_scan_event(drv, 0, tb);
2053 break;
2054 case NL80211_CMD_SCAN_ABORTED:
2055 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted");
2056 /*
2057 * Need to indicate that scan results are available in order
2058 * not to make wpa_supplicant stop its scanning.
2059 */
2060 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
2061 drv->ctx);
2062 send_scan_event(drv, 1, tb);
2063 break;
2064 case NL80211_CMD_AUTHENTICATE:
2065 case NL80211_CMD_ASSOCIATE:
2066 case NL80211_CMD_DEAUTHENTICATE:
2067 case NL80211_CMD_DISASSOCIATE:
2068 case NL80211_CMD_FRAME_TX_STATUS:
2069 case NL80211_CMD_UNPROT_DEAUTHENTICATE:
2070 case NL80211_CMD_UNPROT_DISASSOCIATE:
2071 mlme_event(drv, cmd, tb[NL80211_ATTR_FRAME],
2072 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
2073 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
2074 tb[NL80211_ATTR_COOKIE]);
2075 break;
2076 case NL80211_CMD_CONNECT:
2077 case NL80211_CMD_ROAM:
2078 mlme_event_connect(drv, cmd,
2079 tb[NL80211_ATTR_STATUS_CODE],
2080 tb[NL80211_ATTR_MAC],
2081 tb[NL80211_ATTR_REQ_IE],
2082 tb[NL80211_ATTR_RESP_IE]);
2083 break;
2084 case NL80211_CMD_DISCONNECT:
2085 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE],
2086 tb[NL80211_ATTR_MAC]);
2087 break;
2088 case NL80211_CMD_MICHAEL_MIC_FAILURE:
2089 mlme_event_michael_mic_failure(drv, tb);
2090 break;
2091 case NL80211_CMD_JOIN_IBSS:
2092 mlme_event_join_ibss(drv, tb);
2093 break;
2094 case NL80211_CMD_REMAIN_ON_CHANNEL:
2095 mlme_event_remain_on_channel(drv, 0, tb);
2096 break;
2097 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL:
2098 mlme_event_remain_on_channel(drv, 1, tb);
2099 break;
2100 case NL80211_CMD_NOTIFY_CQM:
2101 nl80211_cqm_event(drv, tb);
2102 break;
2103 case NL80211_CMD_REG_CHANGE:
2104 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change");
2105 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
2106 NULL);
2107 break;
2108 case NL80211_CMD_REG_BEACON_HINT:
2109 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
2110 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
2111 NULL);
2112 break;
2113 case NL80211_CMD_NEW_STATION:
2114 nl80211_new_station_event(drv, tb);
2115 break;
2116 case NL80211_CMD_DEL_STATION:
2117 nl80211_del_station_event(drv, tb);
2118 break;
2119 case NL80211_CMD_SET_REKEY_OFFLOAD:
2120 nl80211_rekey_offload_event(drv, tb);
2121 break;
2122 case NL80211_CMD_PMKSA_CANDIDATE:
2123 nl80211_pmksa_candidate_event(drv, tb);
2124 break;
2125 case NL80211_CMD_PROBE_CLIENT:
2126 nl80211_client_probe_event(drv, tb);
2127 break;
2128 default:
2129 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
2130 "(cmd=%d)", cmd);
2131 break;
2132 }
2133 }
2134
2135
2136 static int process_drv_event(struct nl_msg *msg, void *arg)
2137 {
2138 struct wpa_driver_nl80211_data *drv = arg;
2139 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2140 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2141
2142 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2143 genlmsg_attrlen(gnlh, 0), NULL);
2144
2145 if (tb[NL80211_ATTR_IFINDEX]) {
2146 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2147 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) {
2148 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)"
2149 " for foreign interface (ifindex %d)",
2150 gnlh->cmd, ifindex);
2151 return NL_SKIP;
2152 }
2153 }
2154
2155 do_process_drv_event(drv, gnlh->cmd, tb);
2156 return NL_SKIP;
2157 }
2158
2159
2160 static int process_global_event(struct nl_msg *msg, void *arg)
2161 {
2162 struct nl80211_global *global = arg;
2163 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2164 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2165 struct wpa_driver_nl80211_data *drv;
2166 int ifidx = -1;
2167
2168 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2169 genlmsg_attrlen(gnlh, 0), NULL);
2170
2171 if (tb[NL80211_ATTR_IFINDEX])
2172 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2173
2174 dl_list_for_each(drv, &global->interfaces,
2175 struct wpa_driver_nl80211_data, list) {
2176 if (ifidx == -1 || ifidx == drv->ifindex ||
2177 have_ifidx(drv, ifidx))
2178 do_process_drv_event(drv, gnlh->cmd, tb);
2179 }
2180
2181 return NL_SKIP;
2182 }
2183
2184
2185 static int process_bss_event(struct nl_msg *msg, void *arg)
2186 {
2187 struct i802_bss *bss = arg;
2188 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2189 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2190
2191 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2192 genlmsg_attrlen(gnlh, 0), NULL);
2193
2194 switch (gnlh->cmd) {
2195 case NL80211_CMD_FRAME:
2196 case NL80211_CMD_FRAME_TX_STATUS:
2197 mlme_event(bss->drv, gnlh->cmd, tb[NL80211_ATTR_FRAME],
2198 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
2199 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
2200 tb[NL80211_ATTR_COOKIE]);
2201 break;
2202 case NL80211_CMD_UNEXPECTED_FRAME:
2203 nl80211_spurious_frame(bss, tb, 0);
2204 break;
2205 case NL80211_CMD_UNEXPECTED_4ADDR_FRAME:
2206 nl80211_spurious_frame(bss, tb, 1);
2207 break;
2208 default:
2209 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
2210 "(cmd=%d)", gnlh->cmd);
2211 break;
2212 }
2213
2214 return NL_SKIP;
2215 }
2216
2217
2218 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
2219 void *handle)
2220 {
2221 struct nl_cb *cb = eloop_ctx;
2222
2223 wpa_printf(MSG_DEBUG, "nl80211: Event message available");
2224
2225 nl_recvmsgs(handle, cb);
2226 }
2227
2228
2229 /**
2230 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
2231 * @priv: driver_nl80211 private data
2232 * @alpha2_arg: country to which to switch to
2233 * Returns: 0 on success, -1 on failure
2234 *
2235 * This asks nl80211 to set the regulatory domain for given
2236 * country ISO / IEC alpha2.
2237 */
2238 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
2239 {
2240 struct i802_bss *bss = priv;
2241 struct wpa_driver_nl80211_data *drv = bss->drv;
2242 char alpha2[3];
2243 struct nl_msg *msg;
2244
2245 msg = nlmsg_alloc();
2246 if (!msg)
2247 return -ENOMEM;
2248
2249 alpha2[0] = alpha2_arg[0];
2250 alpha2[1] = alpha2_arg[1];
2251 alpha2[2] = '\0';
2252
2253 nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG);
2254
2255 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
2256 if (send_and_recv_msgs(drv, msg, NULL, NULL))
2257 return -EINVAL;
2258 return 0;
2259 nla_put_failure:
2260 nlmsg_free(msg);
2261 return -EINVAL;
2262 }
2263
2264
2265 struct wiphy_info_data {
2266 struct wpa_driver_capa *capa;
2267
2268 unsigned int error:1;
2269 unsigned int device_ap_sme:1;
2270 unsigned int poll_command_supported:1;
2271 unsigned int data_tx_status:1;
2272 };
2273
2274
2275 static unsigned int probe_resp_offload_support(int supp_protocols)
2276 {
2277 unsigned int prot = 0;
2278
2279 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS)
2280 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS;
2281 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2)
2282 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2;
2283 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P)
2284 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P;
2285 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U)
2286 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING;
2287
2288 return prot;
2289 }
2290
2291
2292 static int wiphy_info_handler(struct nl_msg *msg, void *arg)
2293 {
2294 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2295 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2296 struct wiphy_info_data *info = arg;
2297 int p2p_go_supported = 0, p2p_client_supported = 0;
2298 int p2p_concurrent = 0;
2299 int auth_supported = 0, connect_supported = 0;
2300 struct wpa_driver_capa *capa = info->capa;
2301 static struct nla_policy
2302 iface_combination_policy[NUM_NL80211_IFACE_COMB] = {
2303 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED },
2304 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 },
2305 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG },
2306 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 },
2307 },
2308 iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = {
2309 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED },
2310 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 },
2311 };
2312
2313 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2314 genlmsg_attrlen(gnlh, 0), NULL);
2315
2316 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
2317 capa->max_scan_ssids =
2318 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
2319
2320 if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS])
2321 capa->max_sched_scan_ssids =
2322 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]);
2323
2324 if (tb[NL80211_ATTR_MAX_MATCH_SETS])
2325 capa->max_match_sets =
2326 nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]);
2327
2328 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) {
2329 struct nlattr *nl_mode;
2330 int i;
2331 nla_for_each_nested(nl_mode,
2332 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) {
2333 switch (nla_type(nl_mode)) {
2334 case NL80211_IFTYPE_AP:
2335 capa->flags |= WPA_DRIVER_FLAGS_AP;
2336 break;
2337 case NL80211_IFTYPE_P2P_GO:
2338 p2p_go_supported = 1;
2339 break;
2340 case NL80211_IFTYPE_P2P_CLIENT:
2341 p2p_client_supported = 1;
2342 break;
2343 }
2344 }
2345 }
2346
2347 if (tb[NL80211_ATTR_INTERFACE_COMBINATIONS]) {
2348 struct nlattr *nl_combi;
2349 int rem_combi;
2350
2351 nla_for_each_nested(nl_combi,
2352 tb[NL80211_ATTR_INTERFACE_COMBINATIONS],
2353 rem_combi) {
2354 struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB];
2355 struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT];
2356 struct nlattr *nl_limit, *nl_mode;
2357 int err, rem_limit, rem_mode;
2358 int combination_has_p2p = 0, combination_has_mgd = 0;
2359
2360 err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB,
2361 nl_combi,
2362 iface_combination_policy);
2363 if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] ||
2364 !tb_comb[NL80211_IFACE_COMB_MAXNUM] ||
2365 !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS])
2366 goto broken_combination;
2367
2368 nla_for_each_nested(nl_limit,
2369 tb_comb[NL80211_IFACE_COMB_LIMITS],
2370 rem_limit) {
2371 err = nla_parse_nested(tb_limit,
2372 MAX_NL80211_IFACE_LIMIT,
2373 nl_limit,
2374 iface_limit_policy);
2375 if (err ||
2376 !tb_limit[NL80211_IFACE_LIMIT_TYPES])
2377 goto broken_combination;
2378
2379 nla_for_each_nested(
2380 nl_mode,
2381 tb_limit[NL80211_IFACE_LIMIT_TYPES],
2382 rem_mode) {
2383 int ift = nla_type(nl_mode);
2384 if (ift == NL80211_IFTYPE_P2P_GO ||
2385 ift == NL80211_IFTYPE_P2P_CLIENT)
2386 combination_has_p2p = 1;
2387 if (ift == NL80211_IFTYPE_STATION)
2388 combination_has_mgd = 1;
2389 }
2390 if (combination_has_p2p && combination_has_mgd)
2391 break;
2392 }
2393
2394 if (combination_has_p2p && combination_has_mgd) {
2395 p2p_concurrent = 1;
2396 break;
2397 }
2398
2399 broken_combination:
2400 ;
2401 }
2402 }
2403
2404 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) {
2405 struct nlattr *nl_cmd;
2406 int i;
2407
2408 nla_for_each_nested(nl_cmd,
2409 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) {
2410 switch (nla_get_u32(nl_cmd)) {
2411 case NL80211_CMD_AUTHENTICATE:
2412 auth_supported = 1;
2413 break;
2414 case NL80211_CMD_CONNECT:
2415 connect_supported = 1;
2416 break;
2417 case NL80211_CMD_START_SCHED_SCAN:
2418 capa->sched_scan_supported = 1;
2419 break;
2420 case NL80211_CMD_PROBE_CLIENT:
2421 info->poll_command_supported = 1;
2422 break;
2423 }
2424 }
2425 }
2426
2427 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) {
2428 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based "
2429 "off-channel TX");
2430 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
2431 }
2432
2433 if (tb[NL80211_ATTR_ROAM_SUPPORT]) {
2434 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming");
2435 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION;
2436 }
2437
2438 /* default to 5000 since early versions of mac80211 don't set it */
2439 capa->max_remain_on_chan = 5000;
2440
2441 if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD])
2442 capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD;
2443
2444 if (tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION])
2445 capa->max_remain_on_chan =
2446 nla_get_u32(tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]);
2447
2448 if (auth_supported)
2449 capa->flags |= WPA_DRIVER_FLAGS_SME;
2450 else if (!connect_supported) {
2451 wpa_printf(MSG_INFO, "nl80211: Driver does not support "
2452 "authentication/association or connect commands");
2453 info->error = 1;
2454 }
2455
2456 if (p2p_go_supported && p2p_client_supported)
2457 capa->flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE;
2458 if (p2p_concurrent) {
2459 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
2460 "interface (driver advertised support)");
2461 capa->flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
2462 capa->flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
2463 }
2464
2465 if (tb[NL80211_ATTR_TDLS_SUPPORT]) {
2466 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported");
2467 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT;
2468
2469 if (tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]) {
2470 wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup");
2471 capa->flags |=
2472 WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP;
2473 }
2474 }
2475
2476 if (tb[NL80211_ATTR_DEVICE_AP_SME])
2477 info->device_ap_sme = 1;
2478
2479 if (tb[NL80211_ATTR_FEATURE_FLAGS]) {
2480 u32 flags = nla_get_u32(tb[NL80211_ATTR_FEATURE_FLAGS]);
2481
2482 if (flags & NL80211_FEATURE_SK_TX_STATUS)
2483 info->data_tx_status = 1;
2484 }
2485
2486 if (tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]) {
2487 int protocols =
2488 nla_get_u32(tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]);
2489 wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response "
2490 "offload in AP mode");
2491 capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD;
2492 capa->probe_resp_offloads =
2493 probe_resp_offload_support(protocols);
2494 }
2495
2496 return NL_SKIP;
2497 }
2498
2499
2500 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
2501 struct wiphy_info_data *info)
2502 {
2503 struct nl_msg *msg;
2504
2505 os_memset(info, 0, sizeof(*info));
2506 info->capa = &drv->capa;
2507
2508 msg = nlmsg_alloc();
2509 if (!msg)
2510 return -1;
2511
2512 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY);
2513
2514 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex);
2515
2516 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0)
2517 return 0;
2518 msg = NULL;
2519 nla_put_failure:
2520 nlmsg_free(msg);
2521 return -1;
2522 }
2523
2524
2525 static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
2526 {
2527 struct wiphy_info_data info;
2528 if (wpa_driver_nl80211_get_info(drv, &info))
2529 return -1;
2530
2531 if (info.error)
2532 return -1;
2533
2534 drv->has_capability = 1;
2535 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
2536 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
2537 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
2538 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
2539 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
2540 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
2541 WPA_DRIVER_CAPA_ENC_WEP104 |
2542 WPA_DRIVER_CAPA_ENC_TKIP |
2543 WPA_DRIVER_CAPA_ENC_CCMP;
2544 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
2545 WPA_DRIVER_AUTH_SHARED |
2546 WPA_DRIVER_AUTH_LEAP;
2547
2548 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES;
2549 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE;
2550 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
2551 drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS;
2552
2553 drv->device_ap_sme = info.device_ap_sme;
2554 drv->poll_command_supported = info.poll_command_supported;
2555 drv->data_tx_status = info.data_tx_status;
2556
2557 /*
2558 * If poll command is supported mac80211 is new enough to
2559 * have everything we need to not need monitor interfaces.
2560 */
2561 drv->use_monitor = !info.poll_command_supported;
2562
2563 /*
2564 * If we aren't going to use monitor interfaces, but the
2565 * driver doesn't support data TX status, we won't get TX
2566 * status for EAPOL frames.
2567 */
2568 if (!drv->use_monitor && !info.data_tx_status)
2569 drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
2570
2571 return 0;
2572 }
2573
2574
2575 #ifdef ANDROID
2576 static int android_genl_ctrl_resolve(struct nl_handle *handle,
2577 const char *name)
2578 {
2579 /*
2580 * Android ICS has very minimal genl_ctrl_resolve() implementation, so
2581 * need to work around that.
2582 */
2583 struct nl_cache *cache = NULL;
2584 struct genl_family *nl80211 = NULL;
2585 int id = -1;
2586
2587 if (genl_ctrl_alloc_cache(handle, &cache) < 0) {
2588 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
2589 "netlink cache");
2590 goto fail;
2591 }
2592
2593 nl80211 = genl_ctrl_search_by_name(cache, name);
2594 if (nl80211 == NULL)
2595 goto fail;
2596
2597 id = genl_family_get_id(nl80211);
2598
2599 fail:
2600 if (nl80211)
2601 genl_family_put(nl80211);
2602 if (cache)
2603 nl_cache_free(cache);
2604
2605 return id;
2606 }
2607 #define genl_ctrl_resolve android_genl_ctrl_resolve
2608 #endif /* ANDROID */
2609
2610
2611 static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
2612 {
2613 int ret;
2614
2615 global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
2616 if (global->nl_cb == NULL) {
2617 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
2618 "callbacks");
2619 return -1;
2620 }
2621
2622 global->nl = nl_create_handle(global->nl_cb, "nl");
2623 if (global->nl == NULL)
2624 goto err;
2625
2626 global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211");
2627 if (global->nl80211_id < 0) {
2628 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
2629 "found");
2630 goto err;
2631 }
2632
2633 global->nl_event = nl_create_handle(global->nl_cb, "event");
2634 if (global->nl_event == NULL)
2635 goto err;
2636
2637 ret = nl_get_multicast_id(global, "nl80211", "scan");
2638 if (ret >= 0)
2639 ret = nl_socket_add_membership(global->nl_event, ret);
2640 if (ret < 0) {
2641 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
2642 "membership for scan events: %d (%s)",
2643 ret, strerror(-ret));
2644 goto err;
2645 }
2646
2647 ret = nl_get_multicast_id(global, "nl80211", "mlme");
2648 if (ret >= 0)
2649 ret = nl_socket_add_membership(global->nl_event, ret);
2650 if (ret < 0) {
2651 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
2652 "membership for mlme events: %d (%s)",
2653 ret, strerror(-ret));
2654 goto err;
2655 }
2656
2657 ret = nl_get_multicast_id(global, "nl80211", "regulatory");
2658 if (ret >= 0)
2659 ret = nl_socket_add_membership(global->nl_event, ret);
2660 if (ret < 0) {
2661 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
2662 "membership for regulatory events: %d (%s)",
2663 ret, strerror(-ret));
2664 /* Continue without regulatory events */
2665 }
2666
2667 nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
2668 no_seq_check, NULL);
2669 nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
2670 process_global_event, global);
2671
2672 eloop_register_read_sock(nl_socket_get_fd(global->nl_event),
2673 wpa_driver_nl80211_event_receive,
2674 global->nl_cb, global->nl_event);
2675
2676 return 0;
2677
2678 err:
2679 nl_destroy_handles(&global->nl_event);
2680 nl_destroy_handles(&global->nl);
2681 nl_cb_put(global->nl_cb);
2682 global->nl_cb = NULL;
2683 return -1;
2684 }
2685
2686
2687 static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv)
2688 {
2689 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
2690 if (!drv->nl_cb) {
2691 wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct");
2692 return -1;
2693 }
2694
2695 nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
2696 no_seq_check, NULL);
2697 nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
2698 process_drv_event, drv);
2699
2700 return 0;
2701 }
2702
2703
2704 static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
2705 {
2706 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
2707 /*
2708 * This may be for any interface; use ifdown event to disable
2709 * interface.
2710 */
2711 }
2712
2713
2714 static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
2715 {
2716 struct wpa_driver_nl80211_data *drv = ctx;
2717 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
2718 if (linux_set_iface_flags(drv->global->ioctl_sock,
2719 drv->first_bss.ifname, 1)) {
2720 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
2721 "after rfkill unblock");
2722 return;
2723 }
2724 /* rtnetlink ifup handler will report interface as enabled */
2725 }
2726
2727
2728 static void nl80211_get_phy_name(struct wpa_driver_nl80211_data *drv)
2729 {
2730 /* Find phy (radio) to which this interface belongs */
2731 char buf[90], *pos;
2732 int f, rv;
2733
2734 drv->phyname[0] = '\0';
2735 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name",
2736 drv->first_bss.ifname);
2737 f = open(buf, O_RDONLY);
2738 if (f < 0) {
2739 wpa_printf(MSG_DEBUG, "Could not open file %s: %s",
2740 buf, strerror(errno));
2741 return;
2742 }
2743
2744 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1);
2745 close(f);
2746 if (rv < 0) {
2747 wpa_printf(MSG_DEBUG, "Could not read file %s: %s",
2748 buf, strerror(errno));
2749 return;
2750 }
2751
2752 drv->phyname[rv] = '\0';
2753 pos = os_strchr(drv->phyname, '\n');
2754 if (pos)
2755 *pos = '\0';
2756 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s",
2757 drv->first_bss.ifname, drv->phyname);
2758 }
2759
2760
2761 static void wpa_driver_nl80211_handle_eapol_tx_status(int sock,
2762 void *eloop_ctx,
2763 void *handle)
2764 {
2765 struct wpa_driver_nl80211_data *drv = eloop_ctx;
2766 u8 data[2048];
2767 struct msghdr msg;
2768 struct iovec entry;
2769 struct {
2770 struct cmsghdr cm;
2771 char control[512];
2772 } control;
2773 struct cmsghdr *cmsg;
2774 int res, found_ee = 0, found_wifi = 0, acked = 0;
2775 union wpa_event_data event;
2776
2777 memset(&msg, 0, sizeof(msg));
2778 msg.msg_iov = &entry;
2779 msg.msg_iovlen = 1;
2780 entry.iov_base = data;
2781 entry.iov_len = sizeof(data);
2782 msg.msg_control = &control;
2783 msg.msg_controllen = sizeof(control);
2784
2785 res = recvmsg(sock, &msg, MSG_ERRQUEUE);
2786 /* if error or not fitting 802.3 header, return */
2787 if (res < 14)
2788 return;
2789
2790 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
2791 {
2792 if (cmsg->cmsg_level == SOL_SOCKET &&
2793 cmsg->cmsg_type == SCM_WIFI_STATUS) {
2794 int *ack;
2795
2796 found_wifi = 1;
2797 ack = (void *)CMSG_DATA(cmsg);
2798 acked = *ack;
2799 }
2800
2801 if (cmsg->cmsg_level == SOL_PACKET &&
2802 cmsg->cmsg_type == PACKET_TX_TIMESTAMP) {
2803 struct sock_extended_err *err =
2804 (struct sock_extended_err *)CMSG_DATA(cmsg);
2805
2806 if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS)
2807 found_ee = 1;
2808 }
2809 }
2810
2811 if (!found_ee || !found_wifi)
2812 return;
2813
2814 memset(&event, 0, sizeof(event));
2815 event.eapol_tx_status.dst = data;
2816 event.eapol_tx_status.data = data + 14;
2817 event.eapol_tx_status.data_len = res - 14;
2818 event.eapol_tx_status.ack = acked;
2819 wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event);
2820 }
2821
2822
2823 static int nl80211_init_bss(struct i802_bss *bss)
2824 {
2825 bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
2826 if (!bss->nl_cb)
2827 return -1;
2828
2829 nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
2830 no_seq_check, NULL);
2831 nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
2832 process_bss_event, bss);
2833
2834 return 0;
2835 }
2836
2837
2838 static void nl80211_destroy_bss(struct i802_bss *bss)
2839 {
2840 nl_cb_put(bss->nl_cb);
2841 bss->nl_cb = NULL;
2842 }
2843
2844
2845 /**
2846 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
2847 * @ctx: context to be used when calling wpa_supplicant functions,
2848 * e.g., wpa_supplicant_event()
2849 * @ifname: interface name, e.g., wlan0
2850 * @global_priv: private driver global data from global_init()
2851 * Returns: Pointer to private data, %NULL on failure
2852 */
2853 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
2854 void *global_priv)
2855 {
2856 struct wpa_driver_nl80211_data *drv;
2857 struct rfkill_config *rcfg;
2858 struct i802_bss *bss;
2859
2860 if (global_priv == NULL)
2861 return NULL;
2862 drv = os_zalloc(sizeof(*drv));
2863 if (drv == NULL)
2864 return NULL;
2865 drv->global = global_priv;
2866 drv->ctx = ctx;
2867 bss = &drv->first_bss;
2868 bss->drv = drv;
2869 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
2870 drv->monitor_ifidx = -1;
2871 drv->monitor_sock = -1;
2872 drv->eapol_tx_sock = -1;
2873 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
2874
2875 if (wpa_driver_nl80211_init_nl(drv)) {
2876 os_free(drv);
2877 return NULL;
2878 }
2879
2880 if (nl80211_init_bss(bss))
2881 goto failed;
2882
2883 nl80211_get_phy_name(drv);
2884
2885 rcfg = os_zalloc(sizeof(*rcfg));
2886 if (rcfg == NULL)
2887 goto failed;
2888 rcfg->ctx = drv;
2889 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
2890 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
2891 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
2892 drv->rfkill = rfkill_init(rcfg);
2893 if (drv->rfkill == NULL) {
2894 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
2895 os_free(rcfg);
2896 }
2897
2898 if (wpa_driver_nl80211_finish_drv_init(drv))
2899 goto failed;
2900
2901 drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
2902 if (drv->eapol_tx_sock < 0)
2903 goto failed;
2904
2905 if (drv->data_tx_status) {
2906 int enabled = 1;
2907
2908 if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS,
2909 &enabled, sizeof(enabled)) < 0) {
2910 wpa_printf(MSG_DEBUG,
2911 "nl80211: wifi status sockopt failed\n");
2912 drv->data_tx_status = 0;
2913 if (!drv->use_monitor)
2914 drv->capa.flags &=
2915 ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
2916 } else {
2917 eloop_register_read_sock(drv->eapol_tx_sock,
2918 wpa_driver_nl80211_handle_eapol_tx_status,
2919 drv, NULL);
2920 }
2921 }
2922
2923 if (drv->global) {
2924 dl_list_add(&drv->global->interfaces, &drv->list);
2925 drv->in_interface_list = 1;
2926 }
2927
2928 return bss;
2929
2930 failed:
2931 wpa_driver_nl80211_deinit(bss);
2932 return NULL;
2933 }
2934
2935
2936 static int nl80211_register_frame(struct i802_bss *bss,
2937 struct nl_handle *nl_handle,
2938 u16 type, const u8 *match, size_t match_len)
2939 {
2940 struct wpa_driver_nl80211_data *drv = bss->drv;
2941 struct nl_msg *msg;
2942 int ret = -1;
2943
2944 msg = nlmsg_alloc();
2945 if (!msg)
2946 return -1;
2947
2948 wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x nl_handle=%p",
2949 type, nl_handle);
2950 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
2951 match, match_len);
2952
2953 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION);
2954
2955 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
2956 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type);
2957 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match);
2958
2959 ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL);
2960 msg = NULL;
2961 if (ret) {
2962 wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
2963 "failed (type=%u): ret=%d (%s)",
2964 type, ret, strerror(-ret));
2965 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
2966 match, match_len);
2967 goto nla_put_failure;
2968 }
2969 ret = 0;
2970 nla_put_failure:
2971 nlmsg_free(msg);
2972 return ret;
2973 }
2974
2975
2976 static int nl80211_alloc_mgmt_handle(struct i802_bss *bss)
2977 {
2978 struct wpa_driver_nl80211_data *drv = bss->drv;
2979
2980 if (bss->nl_mgmt) {
2981 wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting "
2982 "already on! (nl_mgmt=%p)", bss->nl_mgmt);
2983 return -1;
2984 }
2985
2986 bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt");
2987 if (bss->nl_mgmt == NULL)
2988 return -1;
2989
2990 eloop_register_read_sock(nl_socket_get_fd(bss->nl_mgmt),
2991 wpa_driver_nl80211_event_receive, bss->nl_cb,
2992 bss->nl_mgmt);
2993
2994 return 0;
2995 }
2996
2997
2998 static int nl80211_register_action_frame(struct i802_bss *bss,
2999 const u8 *match, size_t match_len)
3000 {
3001 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
3002 return nl80211_register_frame(bss, bss->nl_mgmt,
3003 type, match, match_len);
3004 }
3005
3006
3007 static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
3008 {
3009 struct wpa_driver_nl80211_data *drv = bss->drv;
3010
3011 if (nl80211_alloc_mgmt_handle(bss))
3012 return -1;
3013 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP "
3014 "handle %p", bss->nl_mgmt);
3015
3016 #if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING)
3017 /* GAS Initial Request */
3018 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0)
3019 return -1;
3020 /* GAS Initial Response */
3021 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0)
3022 return -1;
3023 /* GAS Comeback Request */
3024 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0)
3025 return -1;
3026 /* GAS Comeback Response */
3027 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0)
3028 return -1;
3029 #endif /* CONFIG_P2P || CONFIG_INTERWORKING */
3030 #ifdef CONFIG_P2P
3031 /* P2P Public Action */
3032 if (nl80211_register_action_frame(bss,
3033 (u8 *) "\x04\x09\x50\x6f\x9a\x09",
3034 6) < 0)
3035 return -1;
3036 /* P2P Action */
3037 if (nl80211_register_action_frame(bss,
3038 (u8 *) "\x7f\x50\x6f\x9a\x09",
3039 5) < 0)
3040 return -1;
3041 #endif /* CONFIG_P2P */
3042 #ifdef CONFIG_IEEE80211W
3043 /* SA Query Response */
3044 if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0)
3045 return -1;
3046 #endif /* CONFIG_IEEE80211W */
3047 #ifdef CONFIG_TDLS
3048 if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) {
3049 /* TDLS Discovery Response */
3050 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) <
3051 0)
3052 return -1;
3053 }
3054 #endif /* CONFIG_TDLS */
3055
3056 /* FT Action frames */
3057 if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
3058 return -1;
3059 else
3060 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
3061 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
3062
3063 /* WNM - BSS Transition Management Request */
3064 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0)
3065 return -1;
3066
3067 return 0;
3068 }
3069
3070
3071 static int nl80211_register_spurious_class3(struct i802_bss *bss)
3072 {
3073 struct wpa_driver_nl80211_data *drv = bss->drv;
3074 struct nl_msg *msg;
3075 int ret = -1;
3076
3077 msg = nlmsg_alloc();
3078 if (!msg)
3079 return -1;
3080
3081 nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME);
3082
3083 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
3084
3085 ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL);
3086 msg = NULL;
3087 if (ret) {
3088 wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 "
3089 "failed: ret=%d (%s)",
3090 ret, strerror(-ret));
3091 goto nla_put_failure;
3092 }
3093 ret = 0;
3094 nla_put_failure:
3095 nlmsg_free(msg);
3096 return ret;
3097 }
3098
3099
3100 static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss)
3101 {
3102 static const int stypes[] = {
3103 WLAN_FC_STYPE_AUTH,
3104 WLAN_FC_STYPE_ASSOC_REQ,
3105 WLAN_FC_STYPE_REASSOC_REQ,
3106 WLAN_FC_STYPE_DISASSOC,
3107 WLAN_FC_STYPE_DEAUTH,
3108 WLAN_FC_STYPE_ACTION,
3109 WLAN_FC_STYPE_PROBE_REQ,
3110 /* Beacon doesn't work as mac80211 doesn't currently allow
3111 * it, but it wouldn't really be the right thing anyway as
3112 * it isn't per interface ... maybe just dump the scan
3113 * results periodically for OLBC?
3114 */
3115 // WLAN_FC_STYPE_BEACON,
3116 };
3117 unsigned int i;
3118
3119 if (nl80211_alloc_mgmt_handle(bss))
3120 return -1;
3121 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
3122 "handle %p", bss->nl_mgmt);
3123
3124 for (i = 0; i < sizeof(stypes) / sizeof(stypes[0]); i++) {
3125 if (nl80211_register_frame(bss, bss->nl_mgmt,
3126 (WLAN_FC_TYPE_MGMT << 2) |
3127 (stypes[i] << 4),
3128 NULL, 0) < 0) {
3129 goto out_err;
3130 }
3131 }
3132
3133 if (nl80211_register_spurious_class3(bss))
3134 goto out_err;
3135
3136 if (nl80211_get_wiphy_data_ap(bss) == NULL)
3137 goto out_err;
3138
3139 return 0;
3140
3141 out_err:
3142 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt));
3143 nl_destroy_handles(&bss->nl_mgmt);
3144 return -1;
3145 }
3146
3147
3148 static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason)
3149 {
3150 if (bss->nl_mgmt == NULL)
3151 return;
3152 wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p "
3153 "(%s)", bss->nl_mgmt, reason);
3154 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt));
3155 nl_destroy_handles(&bss->nl_mgmt);
3156
3157 nl80211_put_wiphy_data_ap(bss);
3158 }
3159
3160
3161 static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
3162 {
3163 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
3164 }
3165
3166
3167 static int
3168 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
3169 {
3170 struct i802_bss *bss = &drv->first_bss;
3171 int send_rfkill_event = 0;
3172
3173 drv->ifindex = if_nametoindex(bss->ifname);
3174 drv->first_bss.ifindex = drv->ifindex;
3175
3176 #ifndef HOSTAPD
3177 /*
3178 * Make sure the interface starts up in station mode unless this is a
3179 * dynamically added interface (e.g., P2P) that was already configured
3180 * with proper iftype.
3181 */
3182 if (drv->ifindex != drv->global->if_add_ifindex &&
3183 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION) < 0) {
3184 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver to "
3185 "use managed mode");
3186 return -1;
3187 }
3188
3189 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) {
3190 if (rfkill_is_blocked(drv->rfkill)) {
3191 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
3192 "interface '%s' due to rfkill",
3193 bss->ifname);
3194 drv->if_disabled = 1;
3195 send_rfkill_event = 1;
3196 } else {
3197 wpa_printf(MSG_ERROR, "nl80211: Could not set "
3198 "interface '%s' UP", bss->ifname);
3199 return -1;
3200 }
3201 }
3202
3203 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
3204 1, IF_OPER_DORMANT);
3205 #endif /* HOSTAPD */
3206
3207 if (wpa_driver_nl80211_capa(drv))
3208 return -1;
3209
3210 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
3211 bss->addr))
3212 return -1;
3213
3214 if (send_rfkill_event) {
3215 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
3216 drv, drv->ctx);
3217 }
3218
3219 return 0;
3220 }
3221
3222
3223 static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
3224 {
3225 struct nl_msg *msg;
3226
3227 msg = nlmsg_alloc();
3228 if (!msg)
3229 return -ENOMEM;
3230
3231 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON);
3232 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3233
3234 return send_and_recv_msgs(drv, msg, NULL, NULL);
3235 nla_put_failure:
3236 nlmsg_free(msg);
3237 return -ENOBUFS;
3238 }
3239
3240
3241 /**
3242 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
3243 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init()
3244 *
3245 * Shut down driver interface and processing of driver events. Free
3246 * private data buffer if one was allocated in wpa_driver_nl80211_init().
3247 */
3248 static void wpa_driver_nl80211_deinit(void *priv)
3249 {
3250 struct i802_bss *bss = priv;
3251 struct wpa_driver_nl80211_data *drv = bss->drv;
3252
3253 if (drv->data_tx_status)
3254 eloop_unregister_read_sock(drv->eapol_tx_sock);
3255 if (drv->eapol_tx_sock >= 0)
3256 close(drv->eapol_tx_sock);
3257
3258 if (bss->nl_preq)
3259 wpa_driver_nl80211_probe_req_report(bss, 0);
3260 if (bss->added_if_into_bridge) {
3261 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
3262 bss->ifname) < 0)
3263 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
3264 "interface %s from bridge %s: %s",
3265 bss->ifname, bss->brname, strerror(errno));
3266 }
3267 if (bss->added_bridge) {
3268 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
3269 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
3270 "bridge %s: %s",
3271 bss->brname, strerror(errno));
3272 }
3273
3274 nl80211_remove_monitor_interface(drv);
3275
3276 if (is_ap_interface(drv->nlmode))
3277 wpa_driver_nl80211_del_beacon(drv);
3278
3279 #ifdef HOSTAPD
3280 if (drv->last_freq_ht) {
3281 /* Clear HT flags from the driver */
3282 struct hostapd_freq_params freq;
3283 os_memset(&freq, 0, sizeof(freq));
3284 freq.freq = drv->last_freq;
3285 i802_set_freq(priv, &freq);
3286 }
3287
3288 if (drv->eapol_sock >= 0) {
3289 eloop_unregister_read_sock(drv->eapol_sock);
3290 close(drv->eapol_sock);
3291 }
3292
3293 if (drv->if_indices != drv->default_if_indices)
3294 os_free(drv->if_indices);
3295 #endif /* HOSTAPD */
3296
3297 if (drv->disabled_11b_rates)
3298 nl80211_disable_11b_rates(drv, drv->ifindex, 0);
3299
3300 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0,
3301 IF_OPER_UP);
3302 rfkill_deinit(drv->rfkill);
3303
3304 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
3305
3306 (void) linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0);
3307 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION);
3308 nl80211_mgmt_unsubscribe(bss, "deinit");
3309
3310 nl_cb_put(drv->nl_cb);
3311
3312 nl80211_destroy_bss(&drv->first_bss);
3313
3314 os_free(drv->filter_ssids);
3315
3316 os_free(drv->auth_ie);
3317
3318 if (drv->in_interface_list)
3319 dl_list_del(&drv->list);
3320
3321 os_free(drv);
3322 }
3323
3324
3325 /**
3326 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
3327 * @eloop_ctx: Driver private data
3328 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
3329 *
3330 * This function can be used as registered timeout when starting a scan to
3331 * generate a scan completed event if the driver does not report this.
3332 */
3333 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
3334 {
3335 struct wpa_driver_nl80211_data *drv = eloop_ctx;
3336 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) {
3337 wpa_driver_nl80211_set_mode(&drv->first_bss,
3338 drv->ap_scan_as_station);
3339 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
3340 }
3341 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
3342 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
3343 }
3344
3345
3346 /**
3347 * wpa_driver_nl80211_scan - Request the driver to initiate scan
3348 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
3349 * @params: Scan parameters
3350 * Returns: 0 on success, -1 on failure
3351 */
3352 static int wpa_driver_nl80211_scan(void *priv,
3353 struct wpa_driver_scan_params *params)
3354 {
3355 struct i802_bss *bss = priv;
3356 struct wpa_driver_nl80211_data *drv = bss->drv;
3357 int ret = 0, timeout;
3358 struct nl_msg *msg, *ssids, *freqs, *rates;
3359 size_t i;
3360
3361 drv->scan_for_auth = 0;
3362
3363 msg = nlmsg_alloc();
3364 ssids = nlmsg_alloc();
3365 freqs = nlmsg_alloc();
3366 rates = nlmsg_alloc();
3367 if (!msg || !ssids || !freqs || !rates) {
3368 nlmsg_free(msg);
3369 nlmsg_free(ssids);
3370 nlmsg_free(freqs);
3371 nlmsg_free(rates);
3372 return -1;
3373 }
3374
3375 os_free(drv->filter_ssids);
3376 drv->filter_ssids = params->filter_ssids;
3377 params->filter_ssids = NULL;
3378 drv->num_filter_ssids = params->num_filter_ssids;
3379
3380 nl80211_cmd(drv, msg, 0, NL80211_CMD_TRIGGER_SCAN);
3381
3382 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3383
3384 for (i = 0; i < params->num_ssids; i++) {
3385 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID",
3386 params->ssids[i].ssid,
3387 params->ssids[i].ssid_len);
3388 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
3389 params->ssids[i].ssid);
3390 }
3391 if (params->num_ssids)
3392 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
3393
3394 if (params->extra_ies) {
3395 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
3396 params->extra_ies, params->extra_ies_len);
3397 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
3398 params->extra_ies);
3399 }
3400
3401 if (params->freqs) {
3402 for (i = 0; params->freqs[i]; i++) {
3403 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
3404 "MHz", params->freqs[i]);
3405 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
3406 }
3407 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
3408 }
3409
3410 if (params->p2p_probe) {
3411 /*
3412 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
3413 * by masking out everything else apart from the OFDM rates 6,
3414 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
3415 * rates are left enabled.
3416 */
3417 NLA_PUT(rates, NL80211_BAND_2GHZ, 8,
3418 "\x0c\x12\x18\x24\x30\x48\x60\x6c");
3419 nla_put_nested(msg, NL80211_ATTR_SCAN_SUPP_RATES, rates);
3420
3421 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE);
3422 }
3423
3424 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3425 msg = NULL;
3426 if (ret) {
3427 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
3428 "(%s)", ret, strerror(-ret));
3429 #ifdef HOSTAPD
3430 if (is_ap_interface(drv->nlmode)) {
3431 /*
3432 * mac80211 does not allow scan requests in AP mode, so
3433 * try to do this in station mode.
3434 */
3435 if (wpa_driver_nl80211_set_mode(
3436 bss, NL80211_IFTYPE_STATION))
3437 goto nla_put_failure;
3438
3439 if (wpa_driver_nl80211_scan(drv, params)) {
3440 wpa_driver_nl80211_set_mode(bss, drv->nlmode);
3441 goto nla_put_failure;
3442 }
3443
3444 /* Restore AP mode when processing scan results */
3445 drv->ap_scan_as_station = drv->nlmode;
3446 ret = 0;
3447 } else
3448 goto nla_put_failure;
3449 #else /* HOSTAPD */
3450 goto nla_put_failure;
3451 #endif /* HOSTAPD */
3452 }
3453
3454 /* Not all drivers generate "scan completed" wireless event, so try to
3455 * read results after a timeout. */
3456 timeout = 10;
3457 if (drv->scan_complete_events) {
3458 /*
3459 * The driver seems to deliver events to notify when scan is
3460 * complete, so use longer timeout to avoid race conditions
3461 * with scanning and following association request.
3462 */
3463 timeout = 30;
3464 }
3465 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
3466 "seconds", ret, timeout);
3467 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
3468 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
3469 drv, drv->ctx);
3470
3471 nla_put_failure:
3472 nlmsg_free(ssids);
3473 nlmsg_free(msg);
3474 nlmsg_free(freqs);
3475 nlmsg_free(rates);
3476 return ret;
3477 }
3478
3479
3480 /**
3481 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan
3482 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
3483 * @params: Scan parameters
3484 * @interval: Interval between scan cycles in milliseconds
3485 * Returns: 0 on success, -1 on failure or if not supported
3486 */
3487 static int wpa_driver_nl80211_sched_scan(void *priv,
3488 struct wpa_driver_scan_params *params,
3489 u32 interval)
3490 {
3491 struct i802_bss *bss = priv;
3492 struct wpa_driver_nl80211_data *drv = bss->drv;
3493 int ret = 0;
3494 struct nl_msg *msg, *ssids, *freqs, *match_set_ssid, *match_sets;
3495 size_t i;
3496
3497 #ifdef ANDROID
3498 if (!drv->capa.sched_scan_supported)
3499 return android_pno_start(bss, params);
3500 #endif /* ANDROID */
3501
3502 msg = nlmsg_alloc();
3503 ssids = nlmsg_alloc();
3504 freqs = nlmsg_alloc();
3505 if (!msg || !ssids || !freqs) {
3506 nlmsg_free(msg);
3507 nlmsg_free(ssids);
3508 nlmsg_free(freqs);
3509 return -1;
3510 }
3511
3512 os_free(drv->filter_ssids);
3513 drv->filter_ssids = params->filter_ssids;
3514 params->filter_ssids = NULL;
3515 drv->num_filter_ssids = params->num_filter_ssids;
3516
3517 nl80211_cmd(drv, msg, 0, NL80211_CMD_START_SCHED_SCAN);
3518
3519 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3520
3521 NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval);
3522
3523 if (drv->num_filter_ssids &&
3524 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) {
3525 match_sets = nlmsg_alloc();
3526
3527 for (i = 0; i < drv->num_filter_ssids; i++) {
3528 wpa_hexdump_ascii(MSG_MSGDUMP,
3529 "nl80211: Sched scan filter SSID",
3530 drv->filter_ssids[i].ssid,
3531 drv->filter_ssids[i].ssid_len);
3532
3533 match_set_ssid = nlmsg_alloc();
3534 nla_put(match_set_ssid,
3535 NL80211_ATTR_SCHED_SCAN_MATCH_SSID,
3536 drv->filter_ssids[i].ssid_len,
3537 drv->filter_ssids[i].ssid);
3538
3539 nla_put_nested(match_sets, i + 1, match_set_ssid);
3540
3541 nlmsg_free(match_set_ssid);
3542 }
3543
3544 nla_put_nested(msg, NL80211_ATTR_SCHED_SCAN_MATCH,
3545 match_sets);
3546 nlmsg_free(match_sets);
3547 }
3548
3549 for (i = 0; i < params->num_ssids; i++) {
3550 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Sched scan SSID",
3551 params->ssids[i].ssid,
3552 params->ssids[i].ssid_len);
3553 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
3554 params->ssids[i].ssid);
3555 }
3556 if (params->num_ssids)
3557 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
3558
3559 if (params->extra_ies) {
3560 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Sched scan extra IEs",
3561 params->extra_ies, params->extra_ies_len);
3562 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
3563 params->extra_ies);
3564 }
3565
3566 if (params->freqs) {
3567 for (i = 0; params->freqs[i]; i++) {
3568 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
3569 "MHz", params->freqs[i]);
3570 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
3571 }
3572 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
3573 }
3574
3575 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3576
3577 /* TODO: if we get an error here, we should fall back to normal scan */
3578
3579 msg = NULL;
3580 if (ret) {
3581 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: "
3582 "ret=%d (%s)", ret, strerror(-ret));
3583 goto nla_put_failure;
3584 }
3585
3586 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - "
3587 "scan interval %d msec", ret, interval);
3588
3589 nla_put_failure:
3590 nlmsg_free(ssids);
3591 nlmsg_free(msg);
3592 nlmsg_free(freqs);
3593 return ret;
3594 }
3595
3596
3597 /**
3598 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan
3599 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
3600 * Returns: 0 on success, -1 on failure or if not supported
3601 */
3602 static int wpa_driver_nl80211_stop_sched_scan(void *priv)
3603 {
3604 struct i802_bss *bss = priv;
3605 struct wpa_driver_nl80211_data *drv = bss->drv;
3606 int ret = 0;
3607 struct nl_msg *msg;
3608
3609 #ifdef ANDROID
3610 if (!drv->capa.sched_scan_supported)
3611 return android_pno_stop(bss);
3612 #endif /* ANDROID */
3613
3614 msg = nlmsg_alloc();
3615 if (!msg)
3616 return -1;
3617
3618 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN);
3619
3620 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3621
3622 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3623 msg = NULL;
3624 if (ret) {
3625 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: "
3626 "ret=%d (%s)", ret, strerror(-ret));
3627 goto nla_put_failure;
3628 }
3629
3630 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret);
3631
3632 nla_put_failure:
3633 nlmsg_free(msg);
3634 return ret;
3635 }
3636
3637
3638 static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie)
3639 {
3640 const u8 *end, *pos;
3641
3642 if (ies == NULL)
3643 return NULL;
3644
3645 pos = ies;
3646 end = ies + ies_len;
3647
3648 while (pos + 1 < end) {
3649 if (pos + 2 + pos[1] > end)
3650 break;
3651 if (pos[0] == ie)
3652 return pos;
3653 pos += 2 + pos[1];
3654 }
3655
3656 return NULL;
3657 }
3658
3659
3660 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
3661 const u8 *ie, size_t ie_len)
3662 {
3663 const u8 *ssid;
3664 size_t i;
3665
3666 if (drv->filter_ssids == NULL)
3667 return 0;
3668
3669 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID);
3670 if (ssid == NULL)
3671 return 1;
3672
3673 for (i = 0; i < drv->num_filter_ssids; i++) {
3674 if (ssid[1] == drv->filter_ssids[i].ssid_len &&
3675 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
3676 0)
3677 return 0;
3678 }
3679
3680 return 1;
3681 }
3682
3683
3684 static int bss_info_handler(struct nl_msg *msg, void *arg)
3685 {
3686 struct nlattr *tb[NL80211_ATTR_MAX + 1];
3687 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3688 struct nlattr *bss[NL80211_BSS_MAX + 1];
3689 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
3690 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
3691 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
3692 [NL80211_BSS_TSF] = { .type = NLA_U64 },
3693 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
3694 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
3695 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
3696 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
3697 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
3698 [NL80211_BSS_STATUS] = { .type = NLA_U32 },
3699 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
3700 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
3701 };
3702 struct nl80211_bss_info_arg *_arg = arg;
3703 struct wpa_scan_results *res = _arg->res;
3704 struct wpa_scan_res **tmp;
3705 struct wpa_scan_res *r;
3706 const u8 *ie, *beacon_ie;
3707 size_t ie_len, beacon_ie_len;
3708 u8 *pos;
3709 size_t i;
3710
3711 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3712 genlmsg_attrlen(gnlh, 0), NULL);
3713 if (!tb[NL80211_ATTR_BSS])
3714 return NL_SKIP;
3715 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
3716 bss_policy))
3717 return NL_SKIP;
3718 if (bss[NL80211_BSS_STATUS]) {
3719 enum nl80211_bss_status status;
3720 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
3721 if (status == NL80211_BSS_STATUS_ASSOCIATED &&
3722 bss[NL80211_BSS_FREQUENCY]) {
3723 _arg->assoc_freq =
3724 nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
3725 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz",
3726 _arg->assoc_freq);
3727 }
3728 if (status == NL80211_BSS_STATUS_ASSOCIATED &&
3729 bss[NL80211_BSS_BSSID]) {
3730 os_memcpy(_arg->assoc_bssid,
3731 nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN);
3732 wpa_printf(MSG_DEBUG, "nl80211: Associated with "
3733 MACSTR, MAC2STR(_arg->assoc_bssid));
3734 }
3735 }
3736 if (!res)
3737 return NL_SKIP;
3738 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
3739 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
3740 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
3741 } else {
3742 ie = NULL;
3743 ie_len = 0;
3744 }
3745 if (bss[NL80211_BSS_BEACON_IES]) {
3746 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
3747 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
3748 } else {
3749 beacon_ie = NULL;
3750 beacon_ie_len = 0;
3751 }
3752
3753 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie,
3754 ie ? ie_len : beacon_ie_len))
3755 return NL_SKIP;
3756
3757 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
3758 if (r == NULL)
3759 return NL_SKIP;
3760 if (bss[NL80211_BSS_BSSID])
3761 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
3762 ETH_ALEN);
3763 if (bss[NL80211_BSS_FREQUENCY])
3764 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
3765 if (bss[NL80211_BSS_BEACON_INTERVAL])
3766 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
3767 if (bss[NL80211_BSS_CAPABILITY])
3768 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
3769 r->flags |= WPA_SCAN_NOISE_INVALID;
3770 if (bss[NL80211_BSS_SIGNAL_MBM]) {
3771 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
3772 r->level /= 100; /* mBm to dBm */
3773 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
3774 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
3775 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
3776 r->flags |= WPA_SCAN_QUAL_INVALID;
3777 } else
3778 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
3779 if (bss[NL80211_BSS_TSF])
3780 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
3781 if (bss[NL80211_BSS_SEEN_MS_AGO])
3782 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
3783 r->ie_len = ie_len;
3784 pos = (u8 *) (r + 1);
3785 if (ie) {
3786 os_memcpy(pos, ie, ie_len);
3787 pos += ie_len;
3788 }
3789 r->beacon_ie_len = beacon_ie_len;
3790 if (beacon_ie)
3791 os_memcpy(pos, beacon_ie, beacon_ie_len);
3792
3793 if (bss[NL80211_BSS_STATUS]) {
3794 enum nl80211_bss_status status;
3795 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
3796 switch (status) {
3797 case NL80211_BSS_STATUS_AUTHENTICATED:
3798 r->flags |= WPA_SCAN_AUTHENTICATED;
3799 break;
3800 case NL80211_BSS_STATUS_ASSOCIATED:
3801 r->flags |= WPA_SCAN_ASSOCIATED;
3802 break;
3803 default:
3804 break;
3805 }
3806 }
3807
3808 /*
3809 * cfg80211 maintains separate BSS table entries for APs if the same
3810 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does
3811 * not use frequency as a separate key in the BSS table, so filter out
3812 * duplicated entries. Prefer associated BSS entry in such a case in
3813 * order to get the correct frequency into the BSS table.
3814 */
3815 for (i = 0; i < res->num; i++) {
3816 const u8 *s1, *s2;
3817 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0)
3818 continue;
3819
3820 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1),
3821 res->res[i]->ie_len, WLAN_EID_SSID);
3822 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID);
3823 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] ||
3824 os_memcmp(s1, s2, 2 + s1[1]) != 0)
3825 continue;
3826
3827 /* Same BSSID,SSID was already included in scan results */
3828 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result "
3829 "for " MACSTR, MAC2STR(r->bssid));
3830
3831 if ((r->flags & WPA_SCAN_ASSOCIATED) &&
3832 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) {
3833 os_free(res->res[i]);
3834 res->res[i] = r;
3835 } else
3836 os_free(r);
3837 return NL_SKIP;
3838 }
3839
3840 tmp = os_realloc(res->res,
3841 (res->num + 1) * sizeof(struct wpa_scan_res *));
3842 if (tmp == NULL) {
3843 os_free(r);
3844 return NL_SKIP;
3845 }
3846 tmp[res->num++] = r;
3847 res->res = tmp;
3848
3849 return NL_SKIP;
3850 }
3851
3852
3853 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
3854 const u8 *addr)
3855 {
3856 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
3857 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
3858 "mismatch (" MACSTR ")", MAC2STR(addr));
3859 wpa_driver_nl80211_mlme(drv, addr,
3860 NL80211_CMD_DEAUTHENTICATE,
3861 WLAN_REASON_PREV_AUTH_NOT_VALID, 1);
3862 }
3863 }
3864
3865
3866 static void wpa_driver_nl80211_check_bss_status(
3867 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
3868 {
3869 size_t i;
3870
3871 for (i = 0; i < res->num; i++) {
3872 struct wpa_scan_res *r = res->res[i];
3873 if (r->flags & WPA_SCAN_AUTHENTICATED) {
3874 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
3875 "indicates BSS status with " MACSTR
3876 " as authenticated",
3877 MAC2STR(r->bssid));
3878 if (is_sta_interface(drv->nlmode) &&
3879 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 &&
3880 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) !=
3881 0) {
3882 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID"
3883 " in local state (auth=" MACSTR
3884 " assoc=" MACSTR ")",
3885 MAC2STR(drv->auth_bssid),
3886 MAC2STR(drv->bssid));
3887 clear_state_mismatch(drv, r->bssid);
3888 }
3889 }
3890
3891 if (r->flags & WPA_SCAN_ASSOCIATED) {
3892 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
3893 "indicate BSS status with " MACSTR
3894 " as associated",
3895 MAC2STR(r->bssid));
3896 if (is_sta_interface(drv->nlmode) &&
3897 !drv->associated) {
3898 wpa_printf(MSG_DEBUG, "nl80211: Local state "
3899 "(not associated) does not match "
3900 "with BSS state");
3901 clear_state_mismatch(drv, r->bssid);
3902 } else if (is_sta_interface(drv->nlmode) &&
3903 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) !=
3904 0) {
3905 wpa_printf(MSG_DEBUG, "nl80211: Local state "
3906 "(associated with " MACSTR ") does "
3907 "not match with BSS state",
3908 MAC2STR(drv->bssid));
3909 clear_state_mismatch(drv, r->bssid);
3910 clear_state_mismatch(drv, drv->bssid);
3911 }
3912 }
3913 }
3914 }
3915
3916
3917 static struct wpa_scan_results *
3918 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv)
3919 {
3920 struct nl_msg *msg;
3921 struct wpa_scan_results *res;
3922 int ret;
3923 struct nl80211_bss_info_arg arg;
3924
3925 res = os_zalloc(sizeof(*res));
3926 if (res == NULL)
3927 return NULL;
3928 msg = nlmsg_alloc();
3929 if (!msg)
3930 goto nla_put_failure;
3931
3932 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
3933 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3934
3935 arg.drv = drv;
3936 arg.res = res;
3937 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
3938 msg = NULL;
3939 if (ret == 0) {
3940 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu "
3941 "BSSes)", (unsigned long) res->num);
3942 nl80211_get_noise_for_scan_results(drv, res);
3943 return res;
3944 }
3945 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
3946 "(%s)", ret, strerror(-ret));
3947 nla_put_failure:
3948 nlmsg_free(msg);
3949 wpa_scan_results_free(res);
3950 return NULL;
3951 }
3952
3953
3954 /**
3955 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
3956 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
3957 * Returns: Scan results on success, -1 on failure
3958 */
3959 static struct wpa_scan_results *
3960 wpa_driver_nl80211_get_scan_results(void *priv)
3961 {
3962 struct i802_bss *bss = priv;
3963 struct wpa_driver_nl80211_data *drv = bss->drv;
3964 struct wpa_scan_results *res;
3965
3966 res = nl80211_get_scan_results(drv);
3967 if (res)
3968 wpa_driver_nl80211_check_bss_status(drv, res);
3969 return res;
3970 }
3971
3972
3973 static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv)
3974 {
3975 struct wpa_scan_results *res;
3976 size_t i;
3977
3978 res = nl80211_get_scan_results(drv);
3979 if (res == NULL) {
3980 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results");
3981 return;
3982 }
3983
3984 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump");
3985 for (i = 0; i < res->num; i++) {
3986 struct wpa_scan_res *r = res->res[i];
3987 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s",
3988 (int) i, (int) res->num, MAC2STR(r->bssid),
3989 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "",
3990 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : "");
3991 }
3992
3993 wpa_scan_results_free(res);
3994 }
3995
3996
3997 static int wpa_driver_nl80211_set_key(const char *ifname, void *priv,
3998 enum wpa_alg alg, const u8 *addr,
3999 int key_idx, int set_tx,
4000 const u8 *seq, size_t seq_len,
4001 const u8 *key, size_t key_len)
4002 {
4003 struct i802_bss *bss = priv;
4004 struct wpa_driver_nl80211_data *drv = bss->drv;
4005 int ifindex = if_nametoindex(ifname);
4006 struct nl_msg *msg;
4007 int ret;
4008
4009 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d "
4010 "set_tx=%d seq_len=%lu key_len=%lu",
4011 __func__, ifindex, alg, addr, key_idx, set_tx,
4012 (unsigned long) seq_len, (unsigned long) key_len);
4013 #ifdef CONFIG_TDLS
4014 if (key_idx == -1)
4015 key_idx = 0;
4016 #endif /* CONFIG_TDLS */
4017
4018 msg = nlmsg_alloc();
4019 if (!msg)
4020 return -ENOMEM;
4021
4022 if (alg == WPA_ALG_NONE) {
4023 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY);
4024 } else {
4025 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY);
4026 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
4027 switch (alg) {
4028 case WPA_ALG_WEP:
4029 if (key_len == 5)
4030 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
4031 WLAN_CIPHER_SUITE_WEP40);
4032 else
4033 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
4034 WLAN_CIPHER_SUITE_WEP104);
4035 break;
4036 case WPA_ALG_TKIP:
4037 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
4038 WLAN_CIPHER_SUITE_TKIP);
4039 break;
4040 case WPA_ALG_CCMP:
4041 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
4042 WLAN_CIPHER_SUITE_CCMP);
4043 break;
4044 case WPA_ALG_IGTK:
4045 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
4046 WLAN_CIPHER_SUITE_AES_CMAC);
4047 break;
4048 default:
4049 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
4050 "algorithm %d", __func__, alg);
4051 nlmsg_free(msg);
4052 return -1;
4053 }
4054 }
4055
4056 if (seq && seq_len)
4057 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
4058
4059 if (addr && !is_broadcast_ether_addr(addr)) {
4060 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
4061 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4062
4063 if (alg != WPA_ALG_WEP && key_idx && !set_tx) {
4064 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK");
4065 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE,
4066 NL80211_KEYTYPE_GROUP);
4067 }
4068 } else if (addr && is_broadcast_ether_addr(addr)) {
4069 struct nl_msg *types;
4070 int err;
4071 wpa_printf(MSG_DEBUG, " broadcast key");
4072 types = nlmsg_alloc();
4073 if (!types)
4074 goto nla_put_failure;
4075 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
4076 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
4077 types);
4078 nlmsg_free(types);
4079 if (err)
4080 goto nla_put_failure;
4081 }
4082 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
4083 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
4084
4085 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4086 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
4087 ret = 0;
4088 if (ret)
4089 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
4090 ret, strerror(-ret));
4091
4092 /*
4093 * If we failed or don't need to set the default TX key (below),
4094 * we're done here.
4095 */
4096 if (ret || !set_tx || alg == WPA_ALG_NONE)
4097 return ret;
4098 if (is_ap_interface(drv->nlmode) && addr &&
4099 !is_broadcast_ether_addr(addr))
4100 return ret;
4101
4102 msg = nlmsg_alloc();
4103 if (!msg)
4104 return -ENOMEM;
4105
4106 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY);
4107 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
4108 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
4109 if (alg == WPA_ALG_IGTK)
4110 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
4111 else
4112 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
4113 if (addr && is_broadcast_ether_addr(addr)) {
4114 struct nl_msg *types;
4115 int err;
4116 types = nlmsg_alloc();
4117 if (!types)
4118 goto nla_put_failure;
4119 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
4120 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
4121 types);
4122 nlmsg_free(types);
4123 if (err)
4124 goto nla_put_failure;
4125 } else if (addr) {
4126 struct nl_msg *types;
4127 int err;
4128 types = nlmsg_alloc();
4129 if (!types)
4130 goto nla_put_failure;
4131 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_UNICAST);
4132 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
4133 types);
4134 nlmsg_free(types);
4135 if (err)
4136 goto nla_put_failure;
4137 }
4138
4139 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4140 if (ret == -ENOENT)
4141 ret = 0;
4142 if (ret)
4143 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
4144 "err=%d %s)", ret, strerror(-ret));
4145 return ret;
4146
4147 nla_put_failure:
4148 nlmsg_free(msg);
4149 return -ENOBUFS;
4150 }
4151
4152
4153 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
4154 int key_idx, int defkey,
4155 const u8 *seq, size_t seq_len,
4156 const u8 *key, size_t key_len)
4157 {
4158 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
4159 if (!key_attr)
4160 return -1;
4161
4162 if (defkey && alg == WPA_ALG_IGTK)
4163 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT);
4164 else if (defkey)
4165 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
4166
4167 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx);
4168
4169 switch (alg) {
4170 case WPA_ALG_WEP:
4171 if (key_len == 5)
4172 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
4173 WLAN_CIPHER_SUITE_WEP40);
4174 else
4175 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
4176 WLAN_CIPHER_SUITE_WEP104);
4177 break;
4178 case WPA_ALG_TKIP:
4179 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP);
4180 break;
4181 case WPA_ALG_CCMP:
4182 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP);
4183 break;
4184 case WPA_ALG_IGTK:
4185 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
4186 WLAN_CIPHER_SUITE_AES_CMAC);
4187 break;
4188 default:
4189 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
4190 "algorithm %d", __func__, alg);
4191 return -1;
4192 }
4193
4194 if (seq && seq_len)
4195 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq);
4196
4197 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key);
4198
4199 nla_nest_end(msg, key_attr);
4200
4201 return 0;
4202 nla_put_failure:
4203 return -1;
4204 }
4205
4206
4207 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
4208 struct nl_msg *msg)
4209 {
4210 int i, privacy = 0;
4211 struct nlattr *nl_keys, *nl_key;
4212
4213 for (i = 0; i < 4; i++) {
4214 if (!params->wep_key[i])
4215 continue;
4216 privacy = 1;
4217 break;
4218 }
4219 if (params->wps == WPS_MODE_PRIVACY)
4220 privacy = 1;
4221 if (params->pairwise_suite &&
4222 params->pairwise_suite != WPA_CIPHER_NONE)
4223 privacy = 1;
4224
4225 if (!privacy)
4226 return 0;
4227
4228 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
4229
4230 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
4231 if (!nl_keys)
4232 goto nla_put_failure;
4233
4234 for (i = 0; i < 4; i++) {
4235 if (!params->wep_key[i])
4236 continue;
4237
4238 nl_key = nla_nest_start(msg, i);
4239 if (!nl_key)
4240 goto nla_put_failure;
4241
4242 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i],
4243 params->wep_key[i]);
4244 if (params->wep_key_len[i] == 5)
4245 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
4246 WLAN_CIPHER_SUITE_WEP40);
4247 else
4248 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
4249 WLAN_CIPHER_SUITE_WEP104);
4250
4251 NLA_PUT_U8(msg, NL80211_KEY_IDX, i);
4252
4253 if (i == params->wep_tx_keyidx)
4254 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
4255
4256 nla_nest_end(msg, nl_key);
4257 }
4258 nla_nest_end(msg, nl_keys);
4259
4260 return 0;
4261
4262 nla_put_failure:
4263 return -ENOBUFS;
4264 }
4265
4266
4267 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
4268 const u8 *addr, int cmd, u16 reason_code,
4269 int local_state_change)
4270 {
4271 int ret = -1;
4272 struct nl_msg *msg;
4273
4274 msg = nlmsg_alloc();
4275 if (!msg)
4276 return -1;
4277
4278 nl80211_cmd(drv, msg, 0, cmd);
4279
4280 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4281 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
4282 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4283 if (local_state_change)
4284 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
4285
4286 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4287 msg = NULL;
4288 if (ret) {
4289 wpa_dbg(drv->ctx, MSG_DEBUG,
4290 "nl80211: MLME command failed: reason=%u ret=%d (%s)",
4291 reason_code, ret, strerror(-ret));
4292 goto nla_put_failure;
4293 }
4294 ret = 0;
4295
4296 nla_put_failure:
4297 nlmsg_free(msg);
4298 return ret;
4299 }
4300
4301
4302 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
4303 const u8 *addr, int reason_code)
4304 {
4305 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
4306 __func__, MAC2STR(addr), reason_code);
4307 drv->associated = 0;
4308 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT,
4309 reason_code, 0);
4310 }
4311
4312
4313 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
4314 int reason_code)
4315 {
4316 struct i802_bss *bss = priv;
4317 struct wpa_driver_nl80211_data *drv = bss->drv;
4318 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
4319 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
4320 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
4321 __func__, MAC2STR(addr), reason_code);
4322 drv->associated = 0;
4323 if (drv->nlmode == NL80211_IFTYPE_ADHOC)
4324 return nl80211_leave_ibss(drv);
4325 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
4326 reason_code, 0);
4327 }
4328
4329
4330 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
4331 int reason_code)
4332 {
4333 struct i802_bss *bss = priv;
4334 struct wpa_driver_nl80211_data *drv = bss->drv;
4335 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
4336 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
4337 wpa_printf(MSG_DEBUG, "%s", __func__);
4338 drv->associated = 0;
4339 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE,
4340 reason_code, 0);
4341 }
4342
4343
4344 static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv,
4345 struct wpa_driver_auth_params *params)
4346 {
4347 int i;
4348
4349 drv->auth_freq = params->freq;
4350 drv->auth_alg = params->auth_alg;
4351 drv->auth_wep_tx_keyidx = params->wep_tx_keyidx;
4352 drv->auth_local_state_change = params->local_state_change;
4353 drv->auth_p2p = params->p2p;
4354
4355 if (params->bssid)
4356 os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN);
4357 else
4358 os_memset(drv->auth_bssid_, 0, ETH_ALEN);
4359
4360 if (params->ssid) {
4361 os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len);
4362 drv->auth_ssid_len = params->ssid_len;
4363 } else
4364 drv->auth_ssid_len = 0;
4365
4366
4367 os_free(drv->auth_ie);
4368 drv->auth_ie = NULL;
4369 drv->auth_ie_len = 0;
4370 if (params->ie) {
4371 drv->auth_ie = os_malloc(params->ie_len);
4372 if (drv->auth_ie) {
4373 os_memcpy(drv->auth_ie, params->ie, params->ie_len);
4374 drv->auth_ie_len = params->ie_len;
4375 }
4376 }
4377
4378 for (i = 0; i < 4; i++) {
4379 if (params->wep_key[i] && params->wep_key_len[i] &&
4380 params->wep_key_len[i] <= 16) {
4381 os_memcpy(drv->auth_wep_key[i], params->wep_key[i],
4382 params->wep_key_len[i]);
4383 drv->auth_wep_key_len[i] = params->wep_key_len[i];
4384 } else
4385 drv->auth_wep_key_len[i] = 0;
4386 }
4387 }
4388
4389
4390 static int wpa_driver_nl80211_authenticate(
4391 void *priv, struct wpa_driver_auth_params *params)
4392 {
4393 struct i802_bss *bss = priv;
4394 struct wpa_driver_nl80211_data *drv = bss->drv;
4395 int ret = -1, i;
4396 struct nl_msg *msg;
4397 enum nl80211_auth_type type;
4398 enum nl80211_iftype nlmode;
4399 int count = 0;
4400 int is_retry;
4401
4402 is_retry = drv->retry_auth;
4403 drv->retry_auth = 0;
4404
4405 drv->associated = 0;
4406 os_memset(drv->auth_bssid, 0, ETH_ALEN);
4407 /* FIX: IBSS mode */
4408 nlmode = params->p2p ?
4409 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
4410 if (drv->nlmode != nlmode &&
4411 wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
4412 return -1;
4413
4414 retry:
4415 msg = nlmsg_alloc();
4416 if (!msg)
4417 return -1;
4418
4419 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
4420 drv->ifindex);
4421
4422 nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE);
4423
4424 for (i = 0; i < 4; i++) {
4425 if (!params->wep_key[i])
4426 continue;
4427 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP,
4428 NULL, i,
4429 i == params->wep_tx_keyidx, NULL, 0,
4430 params->wep_key[i],
4431 params->wep_key_len[i]);
4432 if (params->wep_tx_keyidx != i)
4433 continue;
4434 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
4435 params->wep_key[i], params->wep_key_len[i])) {
4436 nlmsg_free(msg);
4437 return -1;
4438 }
4439 }
4440
4441 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4442 if (params->bssid) {
4443 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
4444 MAC2STR(params->bssid));
4445 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
4446 }
4447 if (params->freq) {
4448 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
4449 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
4450 }
4451 if (params->ssid) {
4452 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
4453 params->ssid, params->ssid_len);
4454 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
4455 params->ssid);
4456 }
4457 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
4458 if (params->ie)
4459 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
4460 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
4461 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
4462 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
4463 type = NL80211_AUTHTYPE_SHARED_KEY;
4464 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
4465 type = NL80211_AUTHTYPE_NETWORK_EAP;
4466 else if (params->auth_alg & WPA_AUTH_ALG_FT)
4467 type = NL80211_AUTHTYPE_FT;
4468 else
4469 goto nla_put_failure;
4470 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
4471 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
4472 if (params->local_state_change) {
4473 wpa_printf(MSG_DEBUG, " * Local state change only");
4474 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
4475 }
4476
4477 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4478 msg = NULL;
4479 if (ret) {
4480 wpa_dbg(drv->ctx, MSG_DEBUG,
4481 "nl80211: MLME command failed (auth): ret=%d (%s)",
4482 ret, strerror(-ret));
4483 count++;
4484 if (ret == -EALREADY && count == 1 && params->bssid &&
4485 !params->local_state_change) {
4486 /*
4487 * mac80211 does not currently accept new
4488 * authentication if we are already authenticated. As a
4489 * workaround, force deauthentication and try again.
4490 */
4491 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
4492 "after forced deauthentication");
4493 wpa_driver_nl80211_deauthenticate(
4494 bss, params->bssid,
4495 WLAN_REASON_PREV_AUTH_NOT_VALID);
4496 nlmsg_free(msg);
4497 goto retry;
4498 }
4499
4500 if (ret == -ENOENT && params->freq && !is_retry) {
4501 /*
4502 * cfg80211 has likely expired the BSS entry even
4503 * though it was previously available in our internal
4504 * BSS table. To recover quickly, start a single
4505 * channel scan on the specified channel.
4506 */
4507 struct wpa_driver_scan_params scan;
4508 int freqs[2];
4509
4510 os_memset(&scan, 0, sizeof(scan));
4511 scan.num_ssids = 1;
4512 if (params->ssid) {
4513 scan.ssids[0].ssid = params->ssid;
4514 scan.ssids[0].ssid_len = params->ssid_len;
4515 }
4516 freqs[0] = params->freq;
4517 freqs[1] = 0;
4518 scan.freqs = freqs;
4519 wpa_printf(MSG_DEBUG, "nl80211: Trigger single "
4520 "channel scan to refresh cfg80211 BSS "
4521 "entry");
4522 ret = wpa_driver_nl80211_scan(bss, &scan);
4523 if (ret == 0) {
4524 nl80211_copy_auth_params(drv, params);
4525 drv->scan_for_auth = 1;
4526 }
4527 } else if (is_retry) {
4528 /*
4529 * Need to indicate this with an event since the return
4530 * value from the retry is not delivered to core code.
4531 */
4532 union wpa_event_data event;
4533 wpa_printf(MSG_DEBUG, "nl80211: Authentication retry "
4534 "failed");
4535 os_memset(&event, 0, sizeof(event));
4536 os_memcpy(event.timeout_event.addr, drv->auth_bssid_,
4537 ETH_ALEN);
4538 wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT,
4539 &event);
4540 }
4541
4542 goto nla_put_failure;
4543 }
4544 ret = 0;
4545 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
4546 "successfully");
4547
4548 nla_put_failure:
4549 nlmsg_free(msg);
4550 return ret;
4551 }
4552
4553
4554 static int wpa_driver_nl80211_authenticate_retry(
4555 struct wpa_driver_nl80211_data *drv)
4556 {
4557 struct wpa_driver_auth_params params;
4558 struct i802_bss *bss = &drv->first_bss;
4559 int i;
4560
4561 wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again");
4562
4563 os_memset(&params, 0, sizeof(params));
4564 params.freq = drv->auth_freq;
4565 params.auth_alg = drv->auth_alg;
4566 params.wep_tx_keyidx = drv->auth_wep_tx_keyidx;
4567 params.local_state_change = drv->auth_local_state_change;
4568 params.p2p = drv->auth_p2p;
4569
4570 if (!is_zero_ether_addr(drv->auth_bssid_))
4571 params.bssid = drv->auth_bssid_;
4572
4573 if (drv->auth_ssid_len) {
4574 params.ssid = drv->auth_ssid;
4575 params.ssid_len = drv->auth_ssid_len;
4576 }
4577
4578 params.ie = drv->auth_ie;
4579 params.ie_len = drv->auth_ie_len;
4580
4581 for (i = 0; i < 4; i++) {
4582 if (drv->auth_wep_key_len[i]) {
4583 params.wep_key[i] = drv->auth_wep_key[i];
4584 params.wep_key_len[i] = drv->auth_wep_key_len[i];
4585 }
4586 }
4587
4588 drv->retry_auth = 1;
4589 return wpa_driver_nl80211_authenticate(bss, &params);
4590 }
4591
4592
4593 struct phy_info_arg {
4594 u16 *num_modes;
4595 struct hostapd_hw_modes *modes;
4596 };
4597
4598 static int phy_info_handler(struct nl_msg *msg, void *arg)
4599 {
4600 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
4601 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
4602 struct phy_info_arg *phy_info = arg;
4603
4604 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
4605
4606 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
4607 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
4608 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
4609 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
4610 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
4611 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
4612 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
4613 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
4614 };
4615
4616 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
4617 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
4618 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
4619 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
4620 };
4621
4622 struct nlattr *nl_band;
4623 struct nlattr *nl_freq;
4624 struct nlattr *nl_rate;
4625 int rem_band, rem_freq, rem_rate;
4626 struct hostapd_hw_modes *mode;
4627 int idx, mode_is_set;
4628
4629 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
4630 genlmsg_attrlen(gnlh, 0), NULL);
4631
4632 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
4633 return NL_SKIP;
4634
4635 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
4636 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
4637 if (!mode)
4638 return NL_SKIP;
4639 phy_info->modes = mode;
4640
4641 mode_is_set = 0;
4642
4643 mode = &phy_info->modes[*(phy_info->num_modes)];
4644 memset(mode, 0, sizeof(*mode));
4645 mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN;
4646 *(phy_info->num_modes) += 1;
4647
4648 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
4649 nla_len(nl_band), NULL);
4650
4651 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) {
4652 mode->ht_capab = nla_get_u16(
4653 tb_band[NL80211_BAND_ATTR_HT_CAPA]);
4654 }
4655
4656 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) {
4657 mode->a_mpdu_params |= nla_get_u8(
4658 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) &
4659 0x03;
4660 }
4661
4662 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) {
4663 mode->a_mpdu_params |= nla_get_u8(
4664 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) <<
4665 2;
4666 }
4667
4668 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] &&
4669 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) {
4670 u8 *mcs;
4671 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]);
4672 os_memcpy(mode->mcs_set, mcs, 16);
4673 }
4674
4675 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
4676 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
4677 nla_len(nl_freq), freq_policy);
4678 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
4679 continue;
4680 mode->num_channels++;
4681 }
4682
4683 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data));
4684 if (!mode->channels)
4685 return NL_SKIP;
4686
4687 idx = 0;
4688
4689 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
4690 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
4691 nla_len(nl_freq), freq_policy);
4692 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
4693 continue;
4694
4695 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
4696 mode->channels[idx].flag = 0;
4697
4698 if (!mode_is_set) {
4699 /* crude heuristic */
4700 if (mode->channels[idx].freq < 4000)
4701 mode->mode = HOSTAPD_MODE_IEEE80211B;
4702 else
4703 mode->mode = HOSTAPD_MODE_IEEE80211A;
4704 mode_is_set = 1;
4705 }
4706
4707 /* crude heuristic */
4708 if (mode->channels[idx].freq < 4000)
4709 if (mode->channels[idx].freq == 2484)
4710 mode->channels[idx].chan = 14;
4711 else
4712 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
4713 else
4714 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
4715
4716 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
4717 mode->channels[idx].flag |=
4718 HOSTAPD_CHAN_DISABLED;
4719 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
4720 mode->channels[idx].flag |=
4721 HOSTAPD_CHAN_PASSIVE_SCAN;
4722 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
4723 mode->channels[idx].flag |=
4724 HOSTAPD_CHAN_NO_IBSS;
4725 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
4726 mode->channels[idx].flag |=
4727 HOSTAPD_CHAN_RADAR;
4728
4729 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] &&
4730 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
4731 mode->channels[idx].max_tx_power =
4732 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100;
4733
4734 idx++;
4735 }
4736
4737 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
4738 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
4739 nla_len(nl_rate), rate_policy);
4740 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
4741 continue;
4742 mode->num_rates++;
4743 }
4744
4745 mode->rates = os_zalloc(mode->num_rates * sizeof(int));
4746 if (!mode->rates)
4747 return NL_SKIP;
4748
4749 idx = 0;
4750
4751 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
4752 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
4753 nla_len(nl_rate), rate_policy);
4754 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
4755 continue;
4756 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
4757
4758 /* crude heuristic */
4759 if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
4760 mode->rates[idx] > 200)
4761 mode->mode = HOSTAPD_MODE_IEEE80211G;
4762
4763 idx++;
4764 }
4765 }
4766
4767 return NL_SKIP;
4768 }
4769
4770 static struct hostapd_hw_modes *
4771 wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes)
4772 {
4773 u16 m;
4774 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
4775 int i, mode11g_idx = -1;
4776
4777 /* If only 802.11g mode is included, use it to construct matching
4778 * 802.11b mode data. */
4779
4780 for (m = 0; m < *num_modes; m++) {
4781 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
4782 return modes; /* 802.11b already included */
4783 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
4784 mode11g_idx = m;
4785 }
4786
4787 if (mode11g_idx < 0)
4788 return modes; /* 2.4 GHz band not supported at all */
4789
4790 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes));
4791 if (nmodes == NULL)
4792 return modes; /* Could not add 802.11b mode */
4793
4794 mode = &nmodes[*num_modes];
4795 os_memset(mode, 0, sizeof(*mode));
4796 (*num_modes)++;
4797 modes = nmodes;
4798
4799 mode->mode = HOSTAPD_MODE_IEEE80211B;
4800
4801 mode11g = &modes[mode11g_idx];
4802 mode->num_channels = mode11g->num_channels;
4803 mode->channels = os_malloc(mode11g->num_channels *
4804 sizeof(struct hostapd_channel_data));
4805 if (mode->channels == NULL) {
4806 (*num_modes)--;
4807 return modes; /* Could not add 802.11b mode */
4808 }
4809 os_memcpy(mode->channels, mode11g->channels,
4810 mode11g->num_channels * sizeof(struct hostapd_channel_data));
4811
4812 mode->num_rates = 0;
4813 mode->rates = os_malloc(4 * sizeof(int));
4814 if (mode->rates == NULL) {
4815 os_free(mode->channels);
4816 (*num_modes)--;
4817 return modes; /* Could not add 802.11b mode */
4818 }
4819
4820 for (i = 0; i < mode11g->num_rates; i++) {
4821 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 &&
4822 mode11g->rates[i] != 55 && mode11g->rates[i] != 110)
4823 continue;
4824 mode->rates[mode->num_rates] = mode11g->rates[i];
4825 mode->num_rates++;
4826 if (mode->num_rates == 4)
4827 break;
4828 }
4829
4830 if (mode->num_rates == 0) {
4831 os_free(mode->channels);
4832 os_free(mode->rates);
4833 (*num_modes)--;
4834 return modes; /* No 802.11b rates */
4835 }
4836
4837 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
4838 "information");
4839
4840 return modes;
4841 }
4842
4843
4844 static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start,
4845 int end)
4846 {
4847 int c;
4848
4849 for (c = 0; c < mode->num_channels; c++) {
4850 struct hostapd_channel_data *chan = &mode->channels[c];
4851 if (chan->freq - 10 >= start && chan->freq + 10 <= end)
4852 chan->flag |= HOSTAPD_CHAN_HT40;
4853 }
4854 }
4855
4856
4857 static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start,
4858 int end)
4859 {
4860 int c;
4861
4862 for (c = 0; c < mode->num_channels; c++) {
4863 struct hostapd_channel_data *chan = &mode->channels[c];
4864 if (!(chan->flag & HOSTAPD_CHAN_HT40))
4865 continue;
4866 if (chan->freq - 30 >= start && chan->freq - 10 <= end)
4867 chan->flag |= HOSTAPD_CHAN_HT40MINUS;
4868 if (chan->freq + 10 >= start && chan->freq + 30 <= end)
4869 chan->flag |= HOSTAPD_CHAN_HT40PLUS;
4870 }
4871 }
4872
4873
4874 static void nl80211_reg_rule_ht40(struct nlattr *tb[],
4875 struct phy_info_arg *results)
4876 {
4877 u32 start, end, max_bw;
4878 u16 m;
4879
4880 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
4881 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
4882 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
4883 return;
4884
4885 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
4886 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
4887 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
4888
4889 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz",
4890 start, end, max_bw);
4891 if (max_bw < 40)
4892 return;
4893
4894 for (m = 0; m < *results->num_modes; m++) {
4895 if (!(results->modes[m].ht_capab &
4896 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
4897 continue;
4898 nl80211_set_ht40_mode(&results->modes[m], start, end);
4899 }
4900 }
4901
4902
4903 static void nl80211_reg_rule_sec(struct nlattr *tb[],
4904 struct phy_info_arg *results)
4905 {
4906 u32 start, end, max_bw;
4907 u16 m;
4908
4909 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
4910 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
4911 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
4912 return;
4913
4914 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
4915 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
4916 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
4917
4918 if (max_bw < 20)
4919 return;
4920
4921 for (m = 0; m < *results->num_modes; m++) {
4922 if (!(results->modes[m].ht_capab &
4923 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
4924 continue;
4925 nl80211_set_ht40_mode_sec(&results->modes[m], start, end);
4926 }
4927 }
4928
4929
4930 static int nl80211_get_reg(struct nl_msg *msg, void *arg)
4931 {
4932 struct phy_info_arg *results = arg;
4933 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
4934 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
4935 struct nlattr *nl_rule;
4936 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1];
4937 int rem_rule;
4938 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
4939 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
4940 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
4941 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
4942 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
4943 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
4944 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
4945 };
4946
4947 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
4948 genlmsg_attrlen(gnlh, 0), NULL);
4949 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] ||
4950 !tb_msg[NL80211_ATTR_REG_RULES]) {
4951 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information "
4952 "available");
4953 return NL_SKIP;
4954 }
4955
4956 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s",
4957 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]));
4958
4959 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
4960 {
4961 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
4962 nla_data(nl_rule), nla_len(nl_rule), reg_policy);
4963 nl80211_reg_rule_ht40(tb_rule, results);
4964 }
4965
4966 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
4967 {
4968 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
4969 nla_data(nl_rule), nla_len(nl_rule), reg_policy);
4970 nl80211_reg_rule_sec(tb_rule, results);
4971 }
4972
4973 return NL_SKIP;
4974 }
4975
4976
4977 static int nl80211_set_ht40_flags(struct wpa_driver_nl80211_data *drv,
4978 struct phy_info_arg *results)
4979 {
4980 struct nl_msg *msg;
4981
4982 msg = nlmsg_alloc();
4983 if (!msg)
4984 return -ENOMEM;
4985
4986 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG);
4987 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results);
4988 }
4989
4990
4991 static struct hostapd_hw_modes *
4992 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
4993 {
4994 struct i802_bss *bss = priv;
4995 struct wpa_driver_nl80211_data *drv = bss->drv;
4996 struct nl_msg *msg;
4997 struct phy_info_arg result = {
4998 .num_modes = num_modes,
4999 .modes = NULL,
5000 };
5001
5002 *num_modes = 0;
5003 *flags = 0;
5004
5005 msg = nlmsg_alloc();
5006 if (!msg)
5007 return NULL;
5008
5009 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY);
5010
5011 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5012
5013 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) {
5014 nl80211_set_ht40_flags(drv, &result);
5015 return wpa_driver_nl80211_add_11b(result.modes, num_modes);
5016 }
5017 msg = NULL;
5018 nla_put_failure:
5019 nlmsg_free(msg);
5020 return NULL;
5021 }
5022
5023
5024 static int wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data *drv,
5025 const void *data, size_t len,
5026 int encrypt, int noack)
5027 {
5028 __u8 rtap_hdr[] = {
5029 0x00, 0x00, /* radiotap version */
5030 0x0e, 0x00, /* radiotap length */
5031 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
5032 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
5033 0x00, /* padding */
5034 0x00, 0x00, /* RX and TX flags to indicate that */
5035 0x00, 0x00, /* this is the injected frame directly */
5036 };
5037 struct iovec iov[2] = {
5038 {
5039 .iov_base = &rtap_hdr,
5040 .iov_len = sizeof(rtap_hdr),
5041 },
5042 {
5043 .iov_base = (void *) data,
5044 .iov_len = len,
5045 }
5046 };
5047 struct msghdr msg = {
5048 .msg_name = NULL,
5049 .msg_namelen = 0,
5050 .msg_iov = iov,
5051 .msg_iovlen = 2,
5052 .msg_control = NULL,
5053 .msg_controllen = 0,
5054 .msg_flags = 0,
5055 };
5056 int res;
5057 u16 txflags = 0;
5058
5059 if (encrypt)
5060 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
5061
5062 if (drv->monitor_sock < 0) {
5063 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available "
5064 "for %s", __func__);
5065 return -1;
5066 }
5067
5068 if (noack)
5069 txflags |= IEEE80211_RADIOTAP_F_TX_NOACK;
5070 *(le16 *) &rtap_hdr[12] = host_to_le16(txflags);
5071
5072 res = sendmsg(drv->monitor_sock, &msg, 0);
5073 if (res < 0) {
5074 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno));
5075 return -1;
5076 }
5077 return 0;
5078 }
5079
5080
5081 static int wpa_driver_nl80211_send_frame(struct i802_bss *bss,
5082 const void *data, size_t len,
5083 int encrypt, int noack)
5084 {
5085 struct wpa_driver_nl80211_data *drv = bss->drv;
5086 u64 cookie;
5087
5088 if (drv->use_monitor)
5089 return wpa_driver_nl80211_send_mntr(drv, data, len,
5090 encrypt, noack);
5091
5092 return nl80211_send_frame_cmd(bss, bss->freq, 0, data, len,
5093 &cookie, 0, noack, 0);
5094 }
5095
5096
5097 static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data,
5098 size_t data_len, int noack)
5099 {
5100 struct i802_bss *bss = priv;
5101 struct wpa_driver_nl80211_data *drv = bss->drv;
5102 struct ieee80211_mgmt *mgmt;
5103 int encrypt = 1;
5104 u16 fc;
5105
5106 mgmt = (struct ieee80211_mgmt *) data;
5107 fc = le_to_host16(mgmt->frame_control);
5108
5109 if (is_sta_interface(drv->nlmode) &&
5110 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
5111 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
5112 /*
5113 * The use of last_mgmt_freq is a bit of a hack,
5114 * but it works due to the single-threaded nature
5115 * of wpa_supplicant.
5116 */
5117 return nl80211_send_frame_cmd(bss, drv->last_mgmt_freq, 0,
5118 data, data_len, NULL, 1, noack,
5119 1);
5120 }
5121
5122 if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) {
5123 return nl80211_send_frame_cmd(bss, bss->freq, 0,
5124 data, data_len, NULL,
5125 0, noack, 0);
5126 }
5127
5128 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
5129 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
5130 /*
5131 * Only one of the authentication frame types is encrypted.
5132 * In order for static WEP encryption to work properly (i.e.,
5133 * to not encrypt the frame), we need to tell mac80211 about
5134 * the frames that must not be encrypted.
5135 */
5136 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
5137 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
5138 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
5139 encrypt = 0;
5140 }
5141
5142 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt,
5143 noack);
5144 }
5145
5146
5147 static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble,
5148 int slot, int ht_opmode, int ap_isolate,
5149 int *basic_rates)
5150 {
5151 struct wpa_driver_nl80211_data *drv = bss->drv;
5152 struct nl_msg *msg;
5153
5154 msg = nlmsg_alloc();
5155 if (!msg)
5156 return -ENOMEM;
5157
5158 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS);
5159
5160 if (cts >= 0)
5161 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
5162 if (preamble >= 0)
5163 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
5164 if (slot >= 0)
5165 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
5166 if (ht_opmode >= 0)
5167 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode);
5168 if (ap_isolate >= 0)
5169 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate);
5170
5171 if (basic_rates) {
5172 u8 rates[NL80211_MAX_SUPP_RATES];
5173 u8 rates_len = 0;
5174 int i;
5175
5176 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0;
5177 i++)
5178 rates[rates_len++] = basic_rates[i] / 5;
5179
5180 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
5181 }
5182
5183 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
5184
5185 return send_and_recv_msgs(drv, msg, NULL, NULL);
5186 nla_put_failure:
5187 nlmsg_free(msg);
5188 return -ENOBUFS;
5189 }
5190
5191
5192 static int wpa_driver_nl80211_set_ap(void *priv,
5193 struct wpa_driver_ap_params *params)
5194 {
5195 struct i802_bss *bss = priv;
5196 struct wpa_driver_nl80211_data *drv = bss->drv;
5197 struct nl_msg *msg;
5198 u8 cmd = NL80211_CMD_NEW_BEACON;
5199 int ret;
5200 int beacon_set;
5201 int ifindex = if_nametoindex(bss->ifname);
5202 int num_suites;
5203 u32 suites[10];
5204 u32 ver;
5205
5206 beacon_set = bss->beacon_set;
5207
5208 msg = nlmsg_alloc();
5209 if (!msg)
5210 return -ENOMEM;
5211
5212 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
5213 beacon_set);
5214 if (beacon_set)
5215 cmd = NL80211_CMD_SET_BEACON;
5216
5217 nl80211_cmd(drv, msg, 0, cmd);
5218 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head);
5219 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail);
5220 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
5221 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int);
5222 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period);
5223 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
5224 params->ssid);
5225 if (params->proberesp && params->proberesp_len)
5226 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len,
5227 params->proberesp);
5228 switch (params->hide_ssid) {
5229 case NO_SSID_HIDING:
5230 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
5231 NL80211_HIDDEN_SSID_NOT_IN_USE);
5232 break;
5233 case HIDDEN_SSID_ZERO_LEN:
5234 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
5235 NL80211_HIDDEN_SSID_ZERO_LEN);
5236 break;
5237 case HIDDEN_SSID_ZERO_CONTENTS:
5238 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
5239 NL80211_HIDDEN_SSID_ZERO_CONTENTS);
5240 break;
5241 }
5242 if (params->privacy)
5243 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
5244 if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) ==
5245 (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) {
5246 /* Leave out the attribute */
5247 } else if (params->auth_algs & WPA_AUTH_ALG_SHARED)
5248 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
5249 NL80211_AUTHTYPE_SHARED_KEY);
5250 else
5251 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
5252 NL80211_AUTHTYPE_OPEN_SYSTEM);
5253
5254 ver = 0;
5255 if (params->wpa_version & WPA_PROTO_WPA)
5256 ver |= NL80211_WPA_VERSION_1;
5257 if (params->wpa_version & WPA_PROTO_RSN)
5258 ver |= NL80211_WPA_VERSION_2;
5259 if (ver)
5260 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
5261
5262 num_suites = 0;
5263 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X)
5264 suites[num_suites++] = WLAN_AKM_SUITE_8021X;
5265 if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)
5266 suites[num_suites++] = WLAN_AKM_SUITE_PSK;
5267 if (num_suites) {
5268 NLA_PUT(msg, NL80211_ATTR_AKM_SUITES,
5269 num_suites * sizeof(u32), suites);
5270 }
5271
5272 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X &&
5273 params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40))
5274 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT);
5275
5276 num_suites = 0;
5277 if (params->pairwise_ciphers & WPA_CIPHER_CCMP)
5278 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP;
5279 if (params->pairwise_ciphers & WPA_CIPHER_TKIP)
5280 suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP;
5281 if (params->pairwise_ciphers & WPA_CIPHER_WEP104)
5282 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104;
5283 if (params->pairwise_ciphers & WPA_CIPHER_WEP40)
5284 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40;
5285 if (num_suites) {
5286 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
5287 num_suites * sizeof(u32), suites);
5288 }
5289
5290 switch (params->group_cipher) {
5291 case WPA_CIPHER_CCMP:
5292 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
5293 WLAN_CIPHER_SUITE_CCMP);
5294 break;
5295 case WPA_CIPHER_TKIP:
5296 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
5297 WLAN_CIPHER_SUITE_TKIP);
5298 break;
5299 case WPA_CIPHER_WEP104:
5300 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
5301 WLAN_CIPHER_SUITE_WEP104);
5302 break;
5303 case WPA_CIPHER_WEP40:
5304 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
5305 WLAN_CIPHER_SUITE_WEP40);
5306 break;
5307 }
5308
5309 if (params->beacon_ies) {
5310 NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies),
5311 wpabuf_head(params->beacon_ies));
5312 }
5313 if (params->proberesp_ies) {
5314 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP,
5315 wpabuf_len(params->proberesp_ies),
5316 wpabuf_head(params->proberesp_ies));
5317 }
5318 if (params->assocresp_ies) {
5319 NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP,
5320 wpabuf_len(params->assocresp_ies),
5321 wpabuf_head(params->assocresp_ies));
5322 }
5323
5324 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5325 if (ret) {
5326 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
5327 ret, strerror(-ret));
5328 } else {
5329 bss->beacon_set = 1;
5330 nl80211_set_bss(bss, params->cts_protect, params->preamble,
5331 params->short_slot_time, params->ht_opmode,
5332 params->isolate, params->basic_rates);
5333 }
5334 return ret;
5335 nla_put_failure:
5336 nlmsg_free(msg);
5337 return -ENOBUFS;
5338 }
5339
5340
5341 static int wpa_driver_nl80211_set_freq(struct i802_bss *bss,
5342 int freq, int ht_enabled,
5343 int sec_channel_offset)
5344 {
5345 struct wpa_driver_nl80211_data *drv = bss->drv;
5346 struct nl_msg *msg;
5347 int ret;
5348
5349 wpa_printf(MSG_DEBUG, "nl80211: Set freq %d (ht_enabled=%d "
5350 "sec_channel_offset=%d)",
5351 freq, ht_enabled, sec_channel_offset);
5352 msg = nlmsg_alloc();
5353 if (!msg)
5354 return -1;
5355
5356 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
5357
5358 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5359 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
5360 if (ht_enabled) {
5361 switch (sec_channel_offset) {
5362 case -1:
5363 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
5364 NL80211_CHAN_HT40MINUS);
5365 break;
5366 case 1:
5367 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
5368 NL80211_CHAN_HT40PLUS);
5369 break;
5370 default:
5371 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
5372 NL80211_CHAN_HT20);
5373 break;
5374 }
5375 }
5376
5377 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5378 msg = NULL;
5379 if (ret == 0) {
5380 bss->freq = freq;
5381 return 0;
5382 }
5383 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
5384 "%d (%s)", freq, ret, strerror(-ret));
5385 nla_put_failure:
5386 nlmsg_free(msg);
5387 return -1;
5388 }
5389
5390
5391 static u32 sta_flags_nl80211(int flags)
5392 {
5393 u32 f = 0;
5394
5395 if (flags & WPA_STA_AUTHORIZED)
5396 f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
5397 if (flags & WPA_STA_WMM)
5398 f |= BIT(NL80211_STA_FLAG_WME);
5399 if (flags & WPA_STA_SHORT_PREAMBLE)
5400 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
5401 if (flags & WPA_STA_MFP)
5402 f |= BIT(NL80211_STA_FLAG_MFP);
5403 if (flags & WPA_STA_TDLS_PEER)
5404 f |= BIT(NL80211_STA_FLAG_TDLS_PEER);
5405
5406 return f;
5407 }
5408
5409
5410 static int wpa_driver_nl80211_sta_add(void *priv,
5411 struct hostapd_sta_add_params *params)
5412 {
5413 struct i802_bss *bss = priv;
5414 struct wpa_driver_nl80211_data *drv = bss->drv;
5415 struct nl_msg *msg, *wme = NULL;
5416 struct nl80211_sta_flag_update upd;
5417 int ret = -ENOBUFS;
5418
5419 if ((params->flags & WPA_STA_TDLS_PEER) &&
5420 !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
5421 return -EOPNOTSUPP;
5422
5423 msg = nlmsg_alloc();
5424 if (!msg)
5425 return -ENOMEM;
5426
5427 nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION :
5428 NL80211_CMD_NEW_STATION);
5429
5430 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
5431 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
5432 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
5433 params->supp_rates);
5434 if (!params->set) {
5435 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
5436 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
5437 params->listen_interval);
5438 }
5439 if (params->ht_capabilities) {
5440 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
5441 sizeof(*params->ht_capabilities),
5442 params->ht_capabilities);
5443 }
5444
5445 os_memset(&upd, 0, sizeof(upd));
5446 upd.mask = sta_flags_nl80211(params->flags);
5447 upd.set = upd.mask;
5448 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
5449
5450 if (params->flags & WPA_STA_WMM) {
5451 wme = nlmsg_alloc();
5452 if (!wme)
5453 goto nla_put_failure;
5454
5455 NLA_PUT_U8(wme, NL80211_STA_WME_UAPSD_QUEUES,
5456 params->qosinfo & WMM_QOSINFO_STA_AC_MASK);
5457 NLA_PUT_U8(wme, NL80211_STA_WME_MAX_SP,
5458 (params->qosinfo > WMM_QOSINFO_STA_SP_SHIFT) &
5459 WMM_QOSINFO_STA_SP_MASK);
5460 nla_put_nested(msg, NL80211_ATTR_STA_WME, wme);
5461 }
5462
5463 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5464 msg = NULL;
5465 if (ret)
5466 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION "
5467 "result: %d (%s)", params->set ? "SET" : "NEW", ret,
5468 strerror(-ret));
5469 if (ret == -EEXIST)
5470 ret = 0;
5471 nla_put_failure:
5472 nlmsg_free(wme);
5473 nlmsg_free(msg);
5474 return ret;
5475 }
5476
5477
5478 static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr)
5479 {
5480 struct i802_bss *bss = priv;
5481 struct wpa_driver_nl80211_data *drv = bss->drv;
5482 struct nl_msg *msg;
5483 int ret;
5484
5485 msg = nlmsg_alloc();
5486 if (!msg)
5487 return -ENOMEM;
5488
5489 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION);
5490
5491 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
5492 if_nametoindex(bss->ifname));
5493 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5494
5495 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5496 if (ret == -ENOENT)
5497 return 0;
5498 return ret;
5499 nla_put_failure:
5500 nlmsg_free(msg);
5501 return -ENOBUFS;
5502 }
5503
5504
5505 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
5506 int ifidx)
5507 {
5508 struct nl_msg *msg;
5509
5510 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
5511
5512 /* stop listening for EAPOL on this interface */
5513 del_ifidx(drv, ifidx);
5514
5515 msg = nlmsg_alloc();
5516 if (!msg)
5517 goto nla_put_failure;
5518
5519 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE);
5520 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
5521
5522 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
5523 return;
5524 msg = NULL;
5525 nla_put_failure:
5526 nlmsg_free(msg);
5527 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
5528 }
5529
5530
5531 static const char * nl80211_iftype_str(enum nl80211_iftype mode)
5532 {
5533 switch (mode) {
5534 case NL80211_IFTYPE_ADHOC:
5535 return "ADHOC";
5536 case NL80211_IFTYPE_STATION:
5537 return "STATION";
5538 case NL80211_IFTYPE_AP:
5539 return "AP";
5540 case NL80211_IFTYPE_MONITOR:
5541 return "MONITOR";
5542 case NL80211_IFTYPE_P2P_CLIENT:
5543 return "P2P_CLIENT";
5544 case NL80211_IFTYPE_P2P_GO:
5545 return "P2P_GO";
5546 default:
5547 return "unknown";
5548 }
5549 }
5550
5551
5552 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
5553 const char *ifname,
5554 enum nl80211_iftype iftype,
5555 const u8 *addr, int wds)
5556 {
5557 struct nl_msg *msg, *flags = NULL;
5558 int ifidx;
5559 int ret = -ENOBUFS;
5560
5561 wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)",
5562 iftype, nl80211_iftype_str(iftype));
5563
5564 msg = nlmsg_alloc();
5565 if (!msg)
5566 return -1;
5567
5568 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE);
5569 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5570 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
5571 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
5572
5573 if (iftype == NL80211_IFTYPE_MONITOR) {
5574 int err;
5575
5576 flags = nlmsg_alloc();
5577 if (!flags)
5578 goto nla_put_failure;
5579
5580 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
5581
5582 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
5583
5584 nlmsg_free(flags);
5585
5586 if (err)
5587 goto nla_put_failure;
5588 } else if (wds) {
5589 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds);
5590 }
5591
5592 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5593 msg = NULL;
5594 if (ret) {
5595 nla_put_failure:
5596 nlmsg_free(msg);
5597 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
5598 ifname, ret, strerror(-ret));
5599 return ret;
5600 }
5601
5602 ifidx = if_nametoindex(ifname);
5603 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
5604 ifname, ifidx);
5605
5606 if (ifidx <= 0)
5607 return -1;
5608
5609 /* start listening for EAPOL on this interface */
5610 add_ifidx(drv, ifidx);
5611
5612 if (addr && iftype != NL80211_IFTYPE_MONITOR &&
5613 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) {
5614 nl80211_remove_iface(drv, ifidx);
5615 return -1;
5616 }
5617
5618 return ifidx;
5619 }
5620
5621
5622 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
5623 const char *ifname, enum nl80211_iftype iftype,
5624 const u8 *addr, int wds)
5625 {
5626 int ret;
5627
5628 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds);
5629
5630 /* if error occurred and interface exists already */
5631 if (ret == -ENFILE && if_nametoindex(ifname)) {
5632 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
5633
5634 /* Try to remove the interface that was already there. */
5635 nl80211_remove_iface(drv, if_nametoindex(ifname));
5636
5637 /* Try to create the interface again */
5638 ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
5639 wds);
5640 }
5641
5642 if (ret >= 0 && is_p2p_interface(iftype))
5643 nl80211_disable_11b_rates(drv, ret, 1);
5644
5645 return ret;
5646 }
5647
5648
5649 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
5650 {
5651 struct ieee80211_hdr *hdr;
5652 u16 fc;
5653 union wpa_event_data event;
5654
5655 hdr = (struct ieee80211_hdr *) buf;
5656 fc = le_to_host16(hdr->frame_control);
5657
5658 os_memset(&event, 0, sizeof(event));
5659 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
5660 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
5661 event.tx_status.dst = hdr->addr1;
5662 event.tx_status.data = buf;
5663 event.tx_status.data_len = len;
5664 event.tx_status.ack = ok;
5665 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event);
5666 }
5667
5668
5669 static void from_unknown_sta(struct wpa_driver_nl80211_data *drv,
5670 u8 *buf, size_t len)
5671 {
5672 struct ieee80211_hdr *hdr = (void *)buf;
5673 u16 fc;
5674 union wpa_event_data event;
5675
5676 if (len < sizeof(*hdr))
5677 return;
5678
5679 fc = le_to_host16(hdr->frame_control);
5680
5681 os_memset(&event, 0, sizeof(event));
5682 event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len);
5683 event.rx_from_unknown.addr = hdr->addr2;
5684 event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) ==
5685 (WLAN_FC_FROMDS | WLAN_FC_TODS);
5686 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
5687 }
5688
5689
5690 static void handle_frame(struct wpa_driver_nl80211_data *drv,
5691 u8 *buf, size_t len, int datarate, int ssi_signal)
5692 {
5693 struct ieee80211_hdr *hdr;
5694 u16 fc;
5695 union wpa_event_data event;
5696
5697 hdr = (struct ieee80211_hdr *) buf;
5698 fc = le_to_host16(hdr->frame_control);
5699
5700 switch (WLAN_FC_GET_TYPE(fc)) {
5701 case WLAN_FC_TYPE_MGMT:
5702 os_memset(&event, 0, sizeof(event));
5703 event.rx_mgmt.frame = buf;
5704 event.rx_mgmt.frame_len = len;
5705 event.rx_mgmt.datarate = datarate;
5706 event.rx_mgmt.ssi_signal = ssi_signal;
5707 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
5708 break;
5709 case WLAN_FC_TYPE_CTRL:
5710 /* can only get here with PS-Poll frames */
5711 wpa_printf(MSG_DEBUG, "CTRL");
5712 from_unknown_sta(drv, buf, len);
5713 break;
5714 case WLAN_FC_TYPE_DATA:
5715 from_unknown_sta(drv, buf, len);
5716 break;
5717 }
5718 }
5719
5720
5721 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
5722 {
5723 struct wpa_driver_nl80211_data *drv = eloop_ctx;
5724 int len;
5725 unsigned char buf[3000];
5726 struct ieee80211_radiotap_iterator iter;
5727 int ret;
5728 int datarate = 0, ssi_signal = 0;
5729 int injected = 0, failed = 0, rxflags = 0;
5730
5731 len = recv(sock, buf, sizeof(buf), 0);
5732 if (len < 0) {
5733 perror("recv");
5734 return;
5735 }
5736
5737 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
5738 printf("received invalid radiotap frame\n");
5739 return;
5740 }
5741
5742 while (1) {
5743 ret = ieee80211_radiotap_iterator_next(&iter);
5744 if (ret == -ENOENT)
5745 break;
5746 if (ret) {
5747 printf("received invalid radiotap frame (%d)\n", ret);
5748 return;
5749 }
5750 switch (iter.this_arg_index) {
5751 case IEEE80211_RADIOTAP_FLAGS:
5752 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
5753 len -= 4;
5754 break;
5755 case IEEE80211_RADIOTAP_RX_FLAGS:
5756 rxflags = 1;
5757 break;
5758 case IEEE80211_RADIOTAP_TX_FLAGS:
5759 injected = 1;
5760 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
5761 IEEE80211_RADIOTAP_F_TX_FAIL;
5762 break;
5763 case IEEE80211_RADIOTAP_DATA_RETRIES:
5764 break;
5765 case IEEE80211_RADIOTAP_CHANNEL:
5766 /* TODO: convert from freq/flags to channel number */
5767 break;
5768 case IEEE80211_RADIOTAP_RATE:
5769 datarate = *iter.this_arg * 5;
5770 break;
5771 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
5772 ssi_signal = *iter.this_arg;
5773 break;
5774 }
5775 }
5776
5777 if (rxflags && injected)
5778 return;
5779
5780 if (!injected)
5781 handle_frame(drv, buf + iter.max_length,
5782 len - iter.max_length, datarate, ssi_signal);
5783 else
5784 handle_tx_callback(drv->ctx, buf + iter.max_length,
5785 len - iter.max_length, !failed);
5786 }
5787
5788
5789 /*
5790 * we post-process the filter code later and rewrite
5791 * this to the offset to the last instruction
5792 */
5793 #define PASS 0xFF
5794 #define FAIL 0xFE
5795
5796 static struct sock_filter msock_filter_insns[] = {
5797 /*
5798 * do a little-endian load of the radiotap length field
5799 */
5800 /* load lower byte into A */
5801 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
5802 /* put it into X (== index register) */
5803 BPF_STMT(BPF_MISC| BPF_TAX, 0),
5804 /* load upper byte into A */
5805 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
5806 /* left-shift it by 8 */
5807 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
5808 /* or with X */
5809 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
5810 /* put result into X */
5811 BPF_STMT(BPF_MISC| BPF_TAX, 0),
5812
5813 /*
5814 * Allow management frames through, this also gives us those
5815 * management frames that we sent ourselves with status
5816 */
5817 /* load the lower byte of the IEEE 802.11 frame control field */
5818 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
5819 /* mask off frame type and version */
5820 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
5821 /* accept frame if it's both 0, fall through otherwise */
5822 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
5823
5824 /*
5825 * TODO: add a bit to radiotap RX flags that indicates
5826 * that the sending station is not associated, then
5827 * add a filter here that filters on our DA and that flag
5828 * to allow us to deauth frames to that bad station.
5829 *
5830 * For now allow all To DS data frames through.
5831 */
5832 /* load the IEEE 802.11 frame control field */
5833 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0),
5834 /* mask off frame type, version and DS status */
5835 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03),
5836 /* accept frame if version 0, type 2 and To DS, fall through otherwise
5837 */
5838 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0),
5839
5840 #if 0
5841 /*
5842 * drop non-data frames
5843 */
5844 /* load the lower byte of the frame control field */
5845 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
5846 /* mask off QoS bit */
5847 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
5848 /* drop non-data frames */
5849 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
5850 #endif
5851 /* load the upper byte of the frame control field */
5852 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1),
5853 /* mask off toDS/fromDS */
5854 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
5855 /* accept WDS frames */
5856 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0),
5857
5858 /*
5859 * add header length to index
5860 */
5861 /* load the lower byte of the frame control field */
5862 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
5863 /* mask off QoS bit */
5864 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
5865 /* right shift it by 6 to give 0 or 2 */
5866 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
5867 /* add data frame header length */
5868 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
5869 /* add index, was start of 802.11 header */
5870 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
5871 /* move to index, now start of LL header */
5872 BPF_STMT(BPF_MISC | BPF_TAX, 0),
5873
5874 /*
5875 * Accept empty data frames, we use those for
5876 * polling activity.
5877 */
5878 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
5879 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
5880
5881 /*
5882 * Accept EAPOL frames
5883 */
5884 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
5885 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
5886 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
5887 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
5888
5889 /* keep these last two statements or change the code below */
5890 /* return 0 == "DROP" */
5891 BPF_STMT(BPF_RET | BPF_K, 0),
5892 /* return ~0 == "keep all" */
5893 BPF_STMT(BPF_RET | BPF_K, ~0),
5894 };
5895
5896 static struct sock_fprog msock_filter = {
5897 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
5898 .filter = msock_filter_insns,
5899 };
5900
5901
5902 static int add_monitor_filter(int s)
5903 {
5904 int idx;
5905
5906 /* rewrite all PASS/FAIL jump offsets */
5907 for (idx = 0; idx < msock_filter.len; idx++) {
5908 struct sock_filter *insn = &msock_filter_insns[idx];
5909
5910 if (BPF_CLASS(insn->code) == BPF_JMP) {
5911 if (insn->code == (BPF_JMP|BPF_JA)) {
5912 if (insn->k == PASS)
5913 insn->k = msock_filter.len - idx - 2;
5914 else if (insn->k == FAIL)
5915 insn->k = msock_filter.len - idx - 3;
5916 }
5917
5918 if (insn->jt == PASS)
5919 insn->jt = msock_filter.len - idx - 2;
5920 else if (insn->jt == FAIL)
5921 insn->jt = msock_filter.len - idx - 3;
5922
5923 if (insn->jf == PASS)
5924 insn->jf = msock_filter.len - idx - 2;
5925 else if (insn->jf == FAIL)
5926 insn->jf = msock_filter.len - idx - 3;
5927 }
5928 }
5929
5930 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
5931 &msock_filter, sizeof(msock_filter))) {
5932 perror("SO_ATTACH_FILTER");
5933 return -1;
5934 }
5935
5936 return 0;
5937 }
5938
5939
5940 static void nl80211_remove_monitor_interface(
5941 struct wpa_driver_nl80211_data *drv)
5942 {
5943 drv->monitor_refcount--;
5944 if (drv->monitor_refcount > 0)
5945 return;
5946
5947 if (drv->monitor_ifidx >= 0) {
5948 nl80211_remove_iface(drv, drv->monitor_ifidx);
5949 drv->monitor_ifidx = -1;
5950 }
5951 if (drv->monitor_sock >= 0) {
5952 eloop_unregister_read_sock(drv->monitor_sock);
5953 close(drv->monitor_sock);
5954 drv->monitor_sock = -1;
5955 }
5956 }
5957
5958
5959 static int
5960 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
5961 {
5962 char buf[IFNAMSIZ];
5963 struct sockaddr_ll ll;
5964 int optval;
5965 socklen_t optlen;
5966
5967 if (drv->monitor_ifidx >= 0) {
5968 drv->monitor_refcount++;
5969 return 0;
5970 }
5971
5972 if (os_strncmp(drv->first_bss.ifname, "p2p-", 4) == 0) {
5973 /*
5974 * P2P interface name is of the format p2p-%s-%d. For monitor
5975 * interface name corresponding to P2P GO, replace "p2p-" with
5976 * "mon-" to retain the same interface name length and to
5977 * indicate that it is a monitor interface.
5978 */
5979 snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss.ifname + 4);
5980 } else {
5981 /* Non-P2P interface with AP functionality. */
5982 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname);
5983 }
5984
5985 buf[IFNAMSIZ - 1] = '\0';
5986
5987 drv->monitor_ifidx =
5988 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL,
5989 0);
5990
5991 if (drv->monitor_ifidx == -EOPNOTSUPP) {
5992 /*
5993 * This is backward compatibility for a few versions of
5994 * the kernel only that didn't advertise the right
5995 * attributes for the only driver that then supported
5996 * AP mode w/o monitor -- ath6kl.
5997 */
5998 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support "
5999 "monitor interface type - try to run without it");
6000 drv->device_ap_sme = 1;
6001 }
6002
6003 if (drv->monitor_ifidx < 0)
6004 return -1;
6005
6006 if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1))
6007 goto error;
6008
6009 memset(&ll, 0, sizeof(ll));
6010 ll.sll_family = AF_PACKET;
6011 ll.sll_ifindex = drv->monitor_ifidx;
6012 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
6013 if (drv->monitor_sock < 0) {
6014 perror("socket[PF_PACKET,SOCK_RAW]");
6015 goto error;
6016 }
6017
6018 if (add_monitor_filter(drv->monitor_sock)) {
6019 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
6020 "interface; do filtering in user space");
6021 /* This works, but will cost in performance. */
6022 }
6023
6024 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
6025 perror("monitor socket bind");
6026 goto error;
6027 }
6028
6029 optlen = sizeof(optval);
6030 optval = 20;
6031 if (setsockopt
6032 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
6033 perror("Failed to set socket priority");
6034 goto error;
6035 }
6036
6037 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
6038 drv, NULL)) {
6039 printf("Could not register monitor read socket\n");
6040 goto error;
6041 }
6042
6043 return 0;
6044 error:
6045 nl80211_remove_monitor_interface(drv);
6046 return -1;
6047 }
6048
6049
6050 static int nl80211_setup_ap(struct i802_bss *bss)
6051 {
6052 struct wpa_driver_nl80211_data *drv = bss->drv;
6053
6054 wpa_printf(MSG_DEBUG, "nl80211: Setup AP - device_ap_sme=%d "
6055 "use_monitor=%d", drv->device_ap_sme, drv->use_monitor);
6056
6057 /*
6058 * Disable Probe Request reporting unless we need it in this way for
6059 * devices that include the AP SME, in the other case (unless using
6060 * monitor iface) we'll get it through the nl_mgmt socket instead.
6061 */
6062 if (!drv->device_ap_sme)
6063 wpa_driver_nl80211_probe_req_report(bss, 0);
6064
6065 if (!drv->device_ap_sme && !drv->use_monitor)
6066 if (nl80211_mgmt_subscribe_ap(bss))
6067 return -1;
6068
6069 if (!drv->device_ap_sme && drv->use_monitor &&
6070 nl80211_create_monitor_interface(drv) &&
6071 !drv->device_ap_sme)
6072 return -1;
6073
6074 if (drv->device_ap_sme &&
6075 wpa_driver_nl80211_probe_req_report(bss, 1) < 0) {
6076 wpa_printf(MSG_DEBUG, "nl80211: Failed to enable "
6077 "Probe Request frame reporting in AP mode");
6078 /* Try to survive without this */
6079 }
6080
6081 return 0;
6082 }
6083
6084
6085 static void nl80211_teardown_ap(struct i802_bss *bss)
6086 {
6087 struct wpa_driver_nl80211_data *drv = bss->drv;
6088
6089 if (drv->device_ap_sme)
6090 wpa_driver_nl80211_probe_req_report(bss, 0);
6091 else if (drv->use_monitor)
6092 nl80211_remove_monitor_interface(drv);
6093 else
6094 nl80211_mgmt_unsubscribe(bss, "AP teardown");
6095
6096 bss->beacon_set = 0;
6097 }
6098
6099
6100 static int nl80211_send_eapol_data(struct i802_bss *bss,
6101 const u8 *addr, const u8 *data,
6102 size_t data_len)
6103 {
6104 struct sockaddr_ll ll;
6105 int ret;
6106
6107 if (bss->drv->eapol_tx_sock < 0) {
6108 wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL");
6109 return -1;
6110 }
6111
6112 os_memset(&ll, 0, sizeof(ll));
6113 ll.sll_family = AF_PACKET;
6114 ll.sll_ifindex = bss->ifindex;
6115 ll.sll_protocol = htons(ETH_P_PAE);
6116 ll.sll_halen = ETH_ALEN;
6117 os_memcpy(ll.sll_addr, addr, ETH_ALEN);
6118 ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0,
6119 (struct sockaddr *) &ll, sizeof(ll));
6120 if (ret < 0)
6121 wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s",
6122 strerror(errno));
6123
6124 return ret;
6125 }
6126
6127
6128 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
6129
6130 static int wpa_driver_nl80211_hapd_send_eapol(
6131 void *priv, const u8 *addr, const u8 *data,
6132 size_t data_len, int encrypt, const u8 *own_addr, u32 flags)
6133 {
6134 struct i802_bss *bss = priv;
6135 struct wpa_driver_nl80211_data *drv = bss->drv;
6136 struct ieee80211_hdr *hdr;
6137 size_t len;
6138 u8 *pos;
6139 int res;
6140 int qos = flags & WPA_STA_WMM;
6141
6142 if (drv->device_ap_sme || !drv->use_monitor)
6143 return nl80211_send_eapol_data(bss, addr, data, data_len);
6144
6145 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
6146 data_len;
6147 hdr = os_zalloc(len);
6148 if (hdr == NULL) {
6149 printf("malloc() failed for i802_send_data(len=%lu)\n",
6150 (unsigned long) len);
6151 return -1;
6152 }
6153
6154 hdr->frame_control =
6155 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
6156 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
6157 if (encrypt)
6158 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
6159 if (qos) {
6160 hdr->frame_control |=
6161 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
6162 }
6163
6164 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
6165 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
6166 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
6167 pos = (u8 *) (hdr + 1);
6168
6169 if (qos) {
6170 /* add an empty QoS header if needed */
6171 pos[0] = 0;
6172 pos[1] = 0;
6173 pos += 2;
6174 }
6175
6176 memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
6177 pos += sizeof(rfc1042_header);
6178 WPA_PUT_BE16(pos, ETH_P_PAE);
6179 pos += 2;
6180 memcpy(pos, data, data_len);
6181
6182 res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0);
6183 if (res < 0) {
6184 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
6185 "failed: %d (%s)",
6186 (unsigned long) len, errno, strerror(errno));
6187 }
6188 os_free(hdr);
6189
6190 return res;
6191 }
6192
6193
6194 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
6195 int total_flags,
6196 int flags_or, int flags_and)
6197 {
6198 struct i802_bss *bss = priv;
6199 struct wpa_driver_nl80211_data *drv = bss->drv;
6200 struct nl_msg *msg, *flags = NULL;
6201 struct nl80211_sta_flag_update upd;
6202
6203 msg = nlmsg_alloc();
6204 if (!msg)
6205 return -ENOMEM;
6206
6207 flags = nlmsg_alloc();
6208 if (!flags) {
6209 nlmsg_free(msg);
6210 return -ENOMEM;
6211 }
6212
6213 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
6214
6215 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
6216 if_nametoindex(bss->ifname));
6217 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
6218
6219 /*
6220 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
6221 * can be removed eventually.
6222 */
6223 if (total_flags & WPA_STA_AUTHORIZED)
6224 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
6225
6226 if (total_flags & WPA_STA_WMM)
6227 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
6228
6229 if (total_flags & WPA_STA_SHORT_PREAMBLE)
6230 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
6231
6232 if (total_flags & WPA_STA_MFP)
6233 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP);
6234
6235 if (total_flags & WPA_STA_TDLS_PEER)
6236 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_TDLS_PEER);
6237
6238 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
6239 goto nla_put_failure;
6240
6241 os_memset(&upd, 0, sizeof(upd));
6242 upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
6243 upd.set = sta_flags_nl80211(flags_or);
6244 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
6245
6246 nlmsg_free(flags);
6247
6248 return send_and_recv_msgs(drv, msg, NULL, NULL);
6249 nla_put_failure:
6250 nlmsg_free(msg);
6251 nlmsg_free(flags);
6252 return -ENOBUFS;
6253 }
6254
6255
6256 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
6257 struct wpa_driver_associate_params *params)
6258 {
6259 enum nl80211_iftype nlmode;
6260
6261 if (params->p2p) {
6262 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P "
6263 "group (GO)");
6264 nlmode = NL80211_IFTYPE_P2P_GO;
6265 } else
6266 nlmode = NL80211_IFTYPE_AP;
6267
6268 if (wpa_driver_nl80211_set_mode(&drv->first_bss, nlmode) ||
6269 wpa_driver_nl80211_set_freq(&drv->first_bss, params->freq, 0, 0)) {
6270 nl80211_remove_monitor_interface(drv);
6271 return -1;
6272 }
6273
6274 return 0;
6275 }
6276
6277
6278 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv)
6279 {
6280 struct nl_msg *msg;
6281 int ret = -1;
6282
6283 msg = nlmsg_alloc();
6284 if (!msg)
6285 return -1;
6286
6287 nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS);
6288 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6289 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6290 msg = NULL;
6291 if (ret) {
6292 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
6293 "(%s)", ret, strerror(-ret));
6294 goto nla_put_failure;
6295 }
6296
6297 ret = 0;
6298 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully");
6299
6300 nla_put_failure:
6301 nlmsg_free(msg);
6302 return ret;
6303 }
6304
6305
6306 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
6307 struct wpa_driver_associate_params *params)
6308 {
6309 struct nl_msg *msg;
6310 int ret = -1;
6311 int count = 0;
6312
6313 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
6314
6315 if (wpa_driver_nl80211_set_mode(&drv->first_bss,
6316 NL80211_IFTYPE_ADHOC)) {
6317 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
6318 "IBSS mode");
6319 return -1;
6320 }
6321
6322 retry:
6323 msg = nlmsg_alloc();
6324 if (!msg)
6325 return -1;
6326
6327 nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS);
6328 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6329
6330 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
6331 goto nla_put_failure;
6332
6333 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
6334 params->ssid, params->ssid_len);
6335 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
6336 params->ssid);
6337 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
6338 drv->ssid_len = params->ssid_len;
6339
6340 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
6341 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
6342
6343 ret = nl80211_set_conn_keys(params, msg);
6344 if (ret)
6345 goto nla_put_failure;
6346
6347 if (params->wpa_ie) {
6348 wpa_hexdump(MSG_DEBUG,
6349 " * Extra IEs for Beacon/Probe Response frames",
6350 params->wpa_ie, params->wpa_ie_len);
6351 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
6352 params->wpa_ie);
6353 }
6354
6355 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6356 msg = NULL;
6357 if (ret) {
6358 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
6359 ret, strerror(-ret));
6360 count++;
6361 if (ret == -EALREADY && count == 1) {
6362 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
6363 "forced leave");
6364 nl80211_leave_ibss(drv);
6365 nlmsg_free(msg);
6366 goto retry;
6367 }
6368
6369 goto nla_put_failure;
6370 }
6371 ret = 0;
6372 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully");
6373
6374 nla_put_failure:
6375 nlmsg_free(msg);
6376 return ret;
6377 }
6378
6379
6380 static unsigned int nl80211_get_assoc_bssid(struct wpa_driver_nl80211_data *drv,
6381 u8 *bssid)
6382 {
6383 struct nl_msg *msg;
6384 int ret;
6385 struct nl80211_bss_info_arg arg;
6386
6387 os_memset(&arg, 0, sizeof(arg));
6388 msg = nlmsg_alloc();
6389 if (!msg)
6390 goto nla_put_failure;
6391
6392 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
6393 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6394
6395 arg.drv = drv;
6396 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
6397 msg = NULL;
6398 if (ret == 0) {
6399 if (is_zero_ether_addr(arg.assoc_bssid))
6400 return -ENOTCONN;
6401 os_memcpy(bssid, arg.assoc_bssid, ETH_ALEN);
6402 return 0;
6403 }
6404 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
6405 "(%s)", ret, strerror(-ret));
6406 nla_put_failure:
6407 nlmsg_free(msg);
6408 return drv->assoc_freq;
6409 }
6410
6411
6412 static int nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
6413 const u8 *bssid)
6414 {
6415 u8 addr[ETH_ALEN];
6416
6417 if (bssid == NULL) {
6418 int res = nl80211_get_assoc_bssid(drv, addr);
6419 if (res)
6420 return res;
6421 bssid = addr;
6422 }
6423
6424 return wpa_driver_nl80211_disconnect(drv, bssid,
6425 WLAN_REASON_PREV_AUTH_NOT_VALID);
6426 }
6427
6428
6429 static int wpa_driver_nl80211_connect(
6430 struct wpa_driver_nl80211_data *drv,
6431 struct wpa_driver_associate_params *params)
6432 {
6433 struct nl_msg *msg;
6434 enum nl80211_auth_type type;
6435 int ret = 0;
6436 int algs;
6437
6438 msg = nlmsg_alloc();
6439 if (!msg)
6440 return -1;
6441
6442 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
6443 nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT);
6444
6445 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6446 if (params->bssid) {
6447 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
6448 MAC2STR(params->bssid));
6449 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
6450 }
6451 if (params->freq) {
6452 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
6453 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
6454 }
6455 if (params->ssid) {
6456 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
6457 params->ssid, params->ssid_len);
6458 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
6459 params->ssid);
6460 if (params->ssid_len > sizeof(drv->ssid))
6461 goto nla_put_failure;
6462 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
6463 drv->ssid_len = params->ssid_len;
6464 }
6465 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
6466 if (params->wpa_ie)
6467 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
6468 params->wpa_ie);
6469
6470 algs = 0;
6471 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
6472 algs++;
6473 if (params->auth_alg & WPA_AUTH_ALG_SHARED)
6474 algs++;
6475 if (params->auth_alg & WPA_AUTH_ALG_LEAP)
6476 algs++;
6477 if (algs > 1) {
6478 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic "
6479 "selection");
6480 goto skip_auth_type;
6481 }
6482
6483 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
6484 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
6485 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
6486 type = NL80211_AUTHTYPE_SHARED_KEY;
6487 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
6488 type = NL80211_AUTHTYPE_NETWORK_EAP;
6489 else if (params->auth_alg & WPA_AUTH_ALG_FT)
6490 type = NL80211_AUTHTYPE_FT;
6491 else
6492 goto nla_put_failure;
6493
6494 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
6495 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
6496
6497 skip_auth_type:
6498 if (params->wpa_proto) {
6499 enum nl80211_wpa_versions ver = 0;
6500
6501 if (params->wpa_proto & WPA_PROTO_WPA)
6502 ver |= NL80211_WPA_VERSION_1;
6503 if (params->wpa_proto & WPA_PROTO_RSN)
6504 ver |= NL80211_WPA_VERSION_2;
6505
6506 wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver);
6507 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
6508 }
6509
6510 if (params->pairwise_suite != CIPHER_NONE) {
6511 int cipher;
6512
6513 switch (params->pairwise_suite) {
6514 case CIPHER_WEP40:
6515 cipher = WLAN_CIPHER_SUITE_WEP40;
6516 break;
6517 case CIPHER_WEP104:
6518 cipher = WLAN_CIPHER_SUITE_WEP104;
6519 break;
6520 case CIPHER_CCMP:
6521 cipher = WLAN_CIPHER_SUITE_CCMP;
6522 break;
6523 case CIPHER_TKIP:
6524 default:
6525 cipher = WLAN_CIPHER_SUITE_TKIP;
6526 break;
6527 }
6528 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
6529 }
6530
6531 if (params->group_suite != CIPHER_NONE) {
6532 int cipher;
6533
6534 switch (params->group_suite) {
6535 case CIPHER_WEP40:
6536 cipher = WLAN_CIPHER_SUITE_WEP40;
6537 break;
6538 case CIPHER_WEP104:
6539 cipher = WLAN_CIPHER_SUITE_WEP104;
6540 break;
6541 case CIPHER_CCMP:
6542 cipher = WLAN_CIPHER_SUITE_CCMP;
6543 break;
6544 case CIPHER_TKIP:
6545 default:
6546 cipher = WLAN_CIPHER_SUITE_TKIP;
6547 break;
6548 }
6549 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
6550 }
6551
6552 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
6553 params->key_mgmt_suite == KEY_MGMT_PSK) {
6554 int mgmt = WLAN_AKM_SUITE_PSK;
6555
6556 switch (params->key_mgmt_suite) {
6557 case KEY_MGMT_802_1X:
6558 mgmt = WLAN_AKM_SUITE_8021X;
6559 break;
6560 case KEY_MGMT_PSK:
6561 default:
6562 mgmt = WLAN_AKM_SUITE_PSK;
6563 break;
6564 }
6565 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt);
6566 }
6567
6568 ret = nl80211_set_conn_keys(params, msg);
6569 if (ret)
6570 goto nla_put_failure;
6571
6572 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6573 msg = NULL;
6574 if (ret) {
6575 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
6576 "(%s)", ret, strerror(-ret));
6577 /*
6578 * cfg80211 does not currently accept new connection if we are
6579 * already connected. As a workaround, force disconnection and
6580 * try again once the driver indicates it completed
6581 * disconnection.
6582 */
6583 if (ret == -EALREADY)
6584 nl80211_disconnect(drv, params->bssid);
6585 goto nla_put_failure;
6586 }
6587 ret = 0;
6588 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully");
6589
6590 nla_put_failure:
6591 nlmsg_free(msg);
6592 return ret;
6593
6594 }
6595
6596
6597 static int wpa_driver_nl80211_associate(
6598 void *priv, struct wpa_driver_associate_params *params)
6599 {
6600 struct i802_bss *bss = priv;
6601 struct wpa_driver_nl80211_data *drv = bss->drv;
6602 int ret = -1;
6603 struct nl_msg *msg;
6604
6605 if (params->mode == IEEE80211_MODE_AP)
6606 return wpa_driver_nl80211_ap(drv, params);
6607
6608 if (params->mode == IEEE80211_MODE_IBSS)
6609 return wpa_driver_nl80211_ibss(drv, params);
6610
6611 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
6612 enum nl80211_iftype nlmode = params->p2p ?
6613 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
6614
6615 if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
6616 return -1;
6617 return wpa_driver_nl80211_connect(drv, params);
6618 }
6619
6620 drv->associated = 0;
6621
6622 msg = nlmsg_alloc();
6623 if (!msg)
6624 return -1;
6625
6626 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
6627 drv->ifindex);
6628 nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE);
6629
6630 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6631 if (params->bssid) {
6632 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
6633 MAC2STR(params->bssid));
6634 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
6635 }
6636 if (params->freq) {
6637 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
6638 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
6639 drv->assoc_freq = params->freq;
6640 } else
6641 drv->assoc_freq = 0;
6642 if (params->ssid) {
6643 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
6644 params->ssid, params->ssid_len);
6645 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
6646 params->ssid);
6647 if (params->ssid_len > sizeof(drv->ssid))
6648 goto nla_put_failure;
6649 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
6650 drv->ssid_len = params->ssid_len;
6651 }
6652 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
6653 if (params->wpa_ie)
6654 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
6655 params->wpa_ie);
6656
6657 if (params->pairwise_suite != CIPHER_NONE) {
6658 int cipher;
6659
6660 switch (params->pairwise_suite) {
6661 case CIPHER_WEP40:
6662 cipher = WLAN_CIPHER_SUITE_WEP40;
6663 break;
6664 case CIPHER_WEP104:
6665 cipher = WLAN_CIPHER_SUITE_WEP104;
6666 break;
6667 case CIPHER_CCMP:
6668 cipher = WLAN_CIPHER_SUITE_CCMP;
6669 break;
6670 case CIPHER_TKIP:
6671 default:
6672 cipher = WLAN_CIPHER_SUITE_TKIP;
6673 break;
6674 }
6675 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher);
6676 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
6677 }
6678
6679 if (params->group_suite != CIPHER_NONE) {
6680 int cipher;
6681
6682 switch (params->group_suite) {
6683 case CIPHER_WEP40:
6684 cipher = WLAN_CIPHER_SUITE_WEP40;
6685 break;
6686 case CIPHER_WEP104:
6687 cipher = WLAN_CIPHER_SUITE_WEP104;
6688 break;
6689 case CIPHER_CCMP:
6690 cipher = WLAN_CIPHER_SUITE_CCMP;
6691 break;
6692 case CIPHER_TKIP:
6693 default:
6694 cipher = WLAN_CIPHER_SUITE_TKIP;
6695 break;
6696 }
6697 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher);
6698 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
6699 }
6700
6701 #ifdef CONFIG_IEEE80211W
6702 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED)
6703 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
6704 #endif /* CONFIG_IEEE80211W */
6705
6706 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
6707
6708 if (params->prev_bssid) {
6709 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR,
6710 MAC2STR(params->prev_bssid));
6711 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
6712 params->prev_bssid);
6713 }
6714
6715 if (params->p2p)
6716 wpa_printf(MSG_DEBUG, " * P2P group");
6717
6718 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6719 msg = NULL;
6720 if (ret) {
6721 wpa_dbg(drv->ctx, MSG_DEBUG,
6722 "nl80211: MLME command failed (assoc): ret=%d (%s)",
6723 ret, strerror(-ret));
6724 nl80211_dump_scan(drv);
6725 goto nla_put_failure;
6726 }
6727 ret = 0;
6728 wpa_printf(MSG_DEBUG, "nl80211: Association request send "
6729 "successfully");
6730
6731 nla_put_failure:
6732 nlmsg_free(msg);
6733 return ret;
6734 }
6735
6736
6737 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
6738 int ifindex, enum nl80211_iftype mode)
6739 {
6740 struct nl_msg *msg;
6741 int ret = -ENOBUFS;
6742
6743 wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)",
6744 ifindex, mode, nl80211_iftype_str(mode));
6745
6746 msg = nlmsg_alloc();
6747 if (!msg)
6748 return -ENOMEM;
6749
6750 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE);
6751 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
6752 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
6753
6754 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6755 msg = NULL;
6756 if (!ret)
6757 return 0;
6758 nla_put_failure:
6759 nlmsg_free(msg);
6760 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
6761 " %d (%s)", ifindex, mode, ret, strerror(-ret));
6762 return ret;
6763 }
6764
6765
6766 static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
6767 enum nl80211_iftype nlmode)
6768 {
6769 struct wpa_driver_nl80211_data *drv = bss->drv;
6770 int ret = -1;
6771 int i;
6772 int was_ap = is_ap_interface(drv->nlmode);
6773 int res;
6774
6775 res = nl80211_set_mode(drv, drv->ifindex, nlmode);
6776 if (res == 0) {
6777 drv->nlmode = nlmode;
6778 ret = 0;
6779 goto done;
6780 }
6781
6782 if (res == -ENODEV)
6783 return -1;
6784
6785 if (nlmode == drv->nlmode) {
6786 wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
6787 "requested mode - ignore error");
6788 ret = 0;
6789 goto done; /* Already in the requested mode */
6790 }
6791
6792 /* mac80211 doesn't allow mode changes while the device is up, so
6793 * take the device down, try to set the mode again, and bring the
6794 * device back up.
6795 */
6796 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting "
6797 "interface down");
6798 for (i = 0; i < 10; i++) {
6799 res = linux_set_iface_flags(drv->global->ioctl_sock,
6800 bss->ifname, 0);
6801 if (res == -EACCES || res == -ENODEV)
6802 break;
6803 if (res == 0) {
6804 /* Try to set the mode again while the interface is
6805 * down */
6806 ret = nl80211_set_mode(drv, drv->ifindex, nlmode);
6807 if (ret == -EACCES)
6808 break;
6809 res = linux_set_iface_flags(drv->global->ioctl_sock,
6810 bss->ifname, 1);
6811 if (res && !ret)
6812 ret = -1;
6813 else if (ret != -EBUSY)
6814 break;
6815 } else
6816 wpa_printf(MSG_DEBUG, "nl80211: Failed to set "
6817 "interface down");
6818 os_sleep(0, 100000);
6819 }
6820
6821 if (!ret) {
6822 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
6823 "interface is down");
6824 drv->nlmode = nlmode;
6825 drv->ignore_if_down_event = 1;
6826 }
6827
6828 done:
6829 if (ret) {
6830 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
6831 "from %d failed", nlmode, drv->nlmode);
6832 return ret;
6833 }
6834
6835 if (is_ap_interface(nlmode)) {
6836 nl80211_mgmt_unsubscribe(bss, "start AP");
6837 /* Setup additional AP mode functionality if needed */
6838 if (nl80211_setup_ap(bss))
6839 return -1;
6840 } else if (was_ap) {
6841 /* Remove additional AP mode functionality */
6842 nl80211_teardown_ap(bss);
6843 } else {
6844 nl80211_mgmt_unsubscribe(bss, "mode change");
6845 }
6846
6847 if (!is_ap_interface(nlmode) &&
6848 nl80211_mgmt_subscribe_non_ap(bss) < 0)
6849 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
6850 "frame processing - ignore for now");
6851
6852 return 0;
6853 }
6854
6855
6856 static int wpa_driver_nl80211_get_capa(void *priv,
6857 struct wpa_driver_capa *capa)
6858 {
6859 struct i802_bss *bss = priv;
6860 struct wpa_driver_nl80211_data *drv = bss->drv;
6861 if (!drv->has_capability)
6862 return -1;
6863 os_memcpy(capa, &drv->capa, sizeof(*capa));
6864 return 0;
6865 }
6866
6867
6868 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
6869 {
6870 struct i802_bss *bss = priv;
6871 struct wpa_driver_nl80211_data *drv = bss->drv;
6872
6873 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
6874 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
6875 drv->operstate = state;
6876 return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1,
6877 state ? IF_OPER_UP : IF_OPER_DORMANT);
6878 }
6879
6880
6881 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
6882 {
6883 struct i802_bss *bss = priv;
6884 struct wpa_driver_nl80211_data *drv = bss->drv;
6885 struct nl_msg *msg;
6886 struct nl80211_sta_flag_update upd;
6887
6888 msg = nlmsg_alloc();
6889 if (!msg)
6890 return -ENOMEM;
6891
6892 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
6893
6894 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
6895 if_nametoindex(bss->ifname));
6896 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
6897
6898 os_memset(&upd, 0, sizeof(upd));
6899 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
6900 if (authorized)
6901 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
6902 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
6903
6904 return send_and_recv_msgs(drv, msg, NULL, NULL);
6905 nla_put_failure:
6906 nlmsg_free(msg);
6907 return -ENOBUFS;
6908 }
6909
6910
6911 /* Set kernel driver on given frequency (MHz) */
6912 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
6913 {
6914 struct i802_bss *bss = priv;
6915 return wpa_driver_nl80211_set_freq(bss, freq->freq, freq->ht_enabled,
6916 freq->sec_channel_offset);
6917 }
6918
6919
6920 #if defined(HOSTAPD) || defined(CONFIG_AP)
6921
6922 static inline int min_int(int a, int b)
6923 {
6924 if (a < b)
6925 return a;
6926 return b;
6927 }
6928
6929
6930 static int get_key_handler(struct nl_msg *msg, void *arg)
6931 {
6932 struct nlattr *tb[NL80211_ATTR_MAX + 1];
6933 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6934
6935 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6936 genlmsg_attrlen(gnlh, 0), NULL);
6937
6938 /*
6939 * TODO: validate the key index and mac address!
6940 * Otherwise, there's a race condition as soon as
6941 * the kernel starts sending key notifications.
6942 */
6943
6944 if (tb[NL80211_ATTR_KEY_SEQ])
6945 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
6946 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
6947 return NL_SKIP;
6948 }
6949
6950
6951 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
6952 int idx, u8 *seq)
6953 {
6954 struct i802_bss *bss = priv;
6955 struct wpa_driver_nl80211_data *drv = bss->drv;
6956 struct nl_msg *msg;
6957
6958 msg = nlmsg_alloc();
6959 if (!msg)
6960 return -ENOMEM;
6961
6962 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY);
6963
6964 if (addr)
6965 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
6966 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
6967 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
6968
6969 memset(seq, 0, 6);
6970
6971 return send_and_recv_msgs(drv, msg, get_key_handler, seq);
6972 nla_put_failure:
6973 nlmsg_free(msg);
6974 return -ENOBUFS;
6975 }
6976
6977
6978 static int i802_set_rts(void *priv, int rts)
6979 {
6980 struct i802_bss *bss = priv;
6981 struct wpa_driver_nl80211_data *drv = bss->drv;
6982 struct nl_msg *msg;
6983 int ret = -ENOBUFS;
6984 u32 val;
6985
6986 msg = nlmsg_alloc();
6987 if (!msg)
6988 return -ENOMEM;
6989
6990 if (rts >= 2347)
6991 val = (u32) -1;
6992 else
6993 val = rts;
6994
6995 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
6996 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6997 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val);
6998
6999 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7000 msg = NULL;
7001 if (!ret)
7002 return 0;
7003 nla_put_failure:
7004 nlmsg_free(msg);
7005 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
7006 "%d (%s)", rts, ret, strerror(-ret));
7007 return ret;
7008 }
7009
7010
7011 static int i802_set_frag(void *priv, int frag)
7012 {
7013 struct i802_bss *bss = priv;
7014 struct wpa_driver_nl80211_data *drv = bss->drv;
7015 struct nl_msg *msg;
7016 int ret = -ENOBUFS;
7017 u32 val;
7018
7019 msg = nlmsg_alloc();
7020 if (!msg)
7021 return -ENOMEM;
7022
7023 if (frag >= 2346)
7024 val = (u32) -1;
7025 else
7026 val = frag;
7027
7028 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
7029 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7030 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val);
7031
7032 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7033 msg = NULL;
7034 if (!ret)
7035 return 0;
7036 nla_put_failure:
7037 nlmsg_free(msg);
7038 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
7039 "%d: %d (%s)", frag, ret, strerror(-ret));
7040 return ret;
7041 }
7042
7043
7044 static int i802_flush(void *priv)
7045 {
7046 struct i802_bss *bss = priv;
7047 struct wpa_driver_nl80211_data *drv = bss->drv;
7048 struct nl_msg *msg;
7049
7050 msg = nlmsg_alloc();
7051 if (!msg)
7052 return -1;
7053
7054 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION);
7055
7056 /*
7057 * XXX: FIX! this needs to flush all VLANs too
7058 */
7059 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
7060 if_nametoindex(bss->ifname));
7061
7062 return send_and_recv_msgs(drv, msg, NULL, NULL);
7063 nla_put_failure:
7064 nlmsg_free(msg);
7065 return -ENOBUFS;
7066 }
7067
7068
7069 static int get_sta_handler(struct nl_msg *msg, void *arg)
7070 {
7071 struct nlattr *tb[NL80211_ATTR_MAX + 1];
7072 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
7073 struct hostap_sta_driver_data *data = arg;
7074 struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
7075 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
7076 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
7077 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
7078 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
7079 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
7080 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
7081 };
7082
7083 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
7084 genlmsg_attrlen(gnlh, 0), NULL);
7085
7086 /*
7087 * TODO: validate the interface and mac address!
7088 * Otherwise, there's a race condition as soon as
7089 * the kernel starts sending station notifications.
7090 */
7091
7092 if (!tb[NL80211_ATTR_STA_INFO]) {
7093 wpa_printf(MSG_DEBUG, "sta stats missing!");
7094 return NL_SKIP;
7095 }
7096 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
7097 tb[NL80211_ATTR_STA_INFO],
7098 stats_policy)) {
7099 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
7100 return NL_SKIP;
7101 }
7102
7103 if (stats[NL80211_STA_INFO_INACTIVE_TIME])
7104 data->inactive_msec =
7105 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
7106 if (stats[NL80211_STA_INFO_RX_BYTES])
7107 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
7108 if (stats[NL80211_STA_INFO_TX_BYTES])
7109 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
7110 if (stats[NL80211_STA_INFO_RX_PACKETS])
7111 data->rx_packets =
7112 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
7113 if (stats[NL80211_STA_INFO_TX_PACKETS])
7114 data->tx_packets =
7115 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
7116
7117 return NL_SKIP;
7118 }
7119
7120 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
7121 const u8 *addr)
7122 {
7123 struct i802_bss *bss = priv;
7124 struct wpa_driver_nl80211_data *drv = bss->drv;
7125 struct nl_msg *msg;
7126
7127 os_memset(data, 0, sizeof(*data));
7128 msg = nlmsg_alloc();
7129 if (!msg)
7130 return -ENOMEM;
7131
7132 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION);
7133
7134 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7135 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
7136
7137 return send_and_recv_msgs(drv, msg, get_sta_handler, data);
7138 nla_put_failure:
7139 nlmsg_free(msg);
7140 return -ENOBUFS;
7141 }
7142
7143
7144 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
7145 int cw_min, int cw_max, int burst_time)
7146 {
7147 struct i802_bss *bss = priv;
7148 struct wpa_driver_nl80211_data *drv = bss->drv;
7149 struct nl_msg *msg;
7150 struct nlattr *txq, *params;
7151
7152 msg = nlmsg_alloc();
7153 if (!msg)
7154 return -1;
7155
7156 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
7157
7158 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
7159
7160 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
7161 if (!txq)
7162 goto nla_put_failure;
7163
7164 /* We are only sending parameters for a single TXQ at a time */
7165 params = nla_nest_start(msg, 1);
7166 if (!params)
7167 goto nla_put_failure;
7168
7169 switch (queue) {
7170 case 0:
7171 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO);
7172 break;
7173 case 1:
7174 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI);
7175 break;
7176 case 2:
7177 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE);
7178 break;
7179 case 3:
7180 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK);
7181 break;
7182 }
7183 /* Burst time is configured in units of 0.1 msec and TXOP parameter in
7184 * 32 usec, so need to convert the value here. */
7185 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
7186 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
7187 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
7188 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
7189
7190 nla_nest_end(msg, params);
7191
7192 nla_nest_end(msg, txq);
7193
7194 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
7195 return 0;
7196 msg = NULL;
7197 nla_put_failure:
7198 nlmsg_free(msg);
7199 return -1;
7200 }
7201
7202
7203 static int i802_set_sta_vlan(void *priv, const u8 *addr,
7204 const char *ifname, int vlan_id)
7205 {
7206 struct i802_bss *bss = priv;
7207 struct wpa_driver_nl80211_data *drv = bss->drv;
7208 struct nl_msg *msg;
7209 int ret = -ENOBUFS;
7210
7211 msg = nlmsg_alloc();
7212 if (!msg)
7213 return -ENOMEM;
7214
7215 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
7216
7217 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
7218 if_nametoindex(bss->ifname));
7219 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7220 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN,
7221 if_nametoindex(ifname));
7222
7223 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7224 msg = NULL;
7225 if (ret < 0) {
7226 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
7227 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
7228 MAC2STR(addr), ifname, vlan_id, ret,
7229 strerror(-ret));
7230 }
7231 nla_put_failure:
7232 nlmsg_free(msg);
7233 return ret;
7234 }
7235
7236
7237 static int i802_get_inact_sec(void *priv, const u8 *addr)
7238 {
7239 struct hostap_sta_driver_data data;
7240 int ret;
7241
7242 data.inactive_msec = (unsigned long) -1;
7243 ret = i802_read_sta_data(priv, &data, addr);
7244 if (ret || data.inactive_msec == (unsigned long) -1)
7245 return -1;
7246 return data.inactive_msec / 1000;
7247 }
7248
7249
7250 static int i802_sta_clear_stats(void *priv, const u8 *addr)
7251 {
7252 #if 0
7253 /* TODO */
7254 #endif
7255 return 0;
7256 }
7257
7258
7259 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
7260 int reason)
7261 {
7262 struct i802_bss *bss = priv;
7263 struct ieee80211_mgmt mgmt;
7264
7265 memset(&mgmt, 0, sizeof(mgmt));
7266 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
7267 WLAN_FC_STYPE_DEAUTH);
7268 memcpy(mgmt.da, addr, ETH_ALEN);
7269 memcpy(mgmt.sa, own_addr, ETH_ALEN);
7270 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
7271 mgmt.u.deauth.reason_code = host_to_le16(reason);
7272 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
7273 IEEE80211_HDRLEN +
7274 sizeof(mgmt.u.deauth), 0);
7275 }
7276
7277
7278 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
7279 int reason)
7280 {
7281 struct i802_bss *bss = priv;
7282 struct ieee80211_mgmt mgmt;
7283
7284 memset(&mgmt, 0, sizeof(mgmt));
7285 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
7286 WLAN_FC_STYPE_DISASSOC);
7287 memcpy(mgmt.da, addr, ETH_ALEN);
7288 memcpy(mgmt.sa, own_addr, ETH_ALEN);
7289 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
7290 mgmt.u.disassoc.reason_code = host_to_le16(reason);
7291 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
7292 IEEE80211_HDRLEN +
7293 sizeof(mgmt.u.disassoc), 0);
7294 }
7295
7296 #endif /* HOSTAPD || CONFIG_AP */
7297
7298 #ifdef HOSTAPD
7299
7300 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
7301 {
7302 int i;
7303 int *old;
7304
7305 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d",
7306 ifidx);
7307 for (i = 0; i < drv->num_if_indices; i++) {
7308 if (drv->if_indices[i] == 0) {
7309 drv->if_indices[i] = ifidx;
7310 return;
7311 }
7312 }
7313
7314 if (drv->if_indices != drv->default_if_indices)
7315 old = drv->if_indices;
7316 else
7317 old = NULL;
7318
7319 drv->if_indices = os_realloc(old,
7320 sizeof(int) * (drv->num_if_indices + 1));
7321 if (!drv->if_indices) {
7322 if (!old)
7323 drv->if_indices = drv->default_if_indices;
7324 else
7325 drv->if_indices = old;
7326 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
7327 "interfaces");
7328 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
7329 return;
7330 } else if (!old)
7331 os_memcpy(drv->if_indices, drv->default_if_indices,
7332 sizeof(drv->default_if_indices));
7333 drv->if_indices[drv->num_if_indices] = ifidx;
7334 drv->num_if_indices++;
7335 }
7336
7337
7338 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
7339 {
7340 int i;
7341
7342 for (i = 0; i < drv->num_if_indices; i++) {
7343 if (drv->if_indices[i] == ifidx) {
7344 drv->if_indices[i] = 0;
7345 break;
7346 }
7347 }
7348 }
7349
7350
7351 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
7352 {
7353 int i;
7354
7355 for (i = 0; i < drv->num_if_indices; i++)
7356 if (drv->if_indices[i] == ifidx)
7357 return 1;
7358
7359 return 0;
7360 }
7361
7362
7363 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val,
7364 const char *bridge_ifname)
7365 {
7366 struct i802_bss *bss = priv;
7367 struct wpa_driver_nl80211_data *drv = bss->drv;
7368 char name[IFNAMSIZ + 1];
7369
7370 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
7371 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
7372 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
7373 if (val) {
7374 if (!if_nametoindex(name)) {
7375 if (nl80211_create_iface(drv, name,
7376 NL80211_IFTYPE_AP_VLAN,
7377 NULL, 1) < 0)
7378 return -1;
7379 if (bridge_ifname &&
7380 linux_br_add_if(drv->global->ioctl_sock,
7381 bridge_ifname, name) < 0)
7382 return -1;
7383 }
7384 linux_set_iface_flags(drv->global->ioctl_sock, name, 1);
7385 return i802_set_sta_vlan(priv, addr, name, 0);
7386 } else {
7387 i802_set_sta_vlan(priv, addr, bss->ifname, 0);
7388 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN,
7389 name);
7390 }
7391 }
7392
7393
7394 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
7395 {
7396 struct wpa_driver_nl80211_data *drv = eloop_ctx;
7397 struct sockaddr_ll lladdr;
7398 unsigned char buf[3000];
7399 int len;
7400 socklen_t fromlen = sizeof(lladdr);
7401
7402 len = recvfrom(sock, buf, sizeof(buf), 0,
7403 (struct sockaddr *)&lladdr, &fromlen);
7404 if (len < 0) {
7405 perror("recv");
7406 return;
7407 }
7408
7409 if (have_ifidx(drv, lladdr.sll_ifindex))
7410 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
7411 }
7412
7413
7414 static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
7415 struct i802_bss *bss,
7416 const char *brname, const char *ifname)
7417 {
7418 int ifindex;
7419 char in_br[IFNAMSIZ];
7420
7421 os_strlcpy(bss->brname, brname, IFNAMSIZ);
7422 ifindex = if_nametoindex(brname);
7423 if (ifindex == 0) {
7424 /*
7425 * Bridge was configured, but the bridge device does
7426 * not exist. Try to add it now.
7427 */
7428 if (linux_br_add(drv->global->ioctl_sock, brname) < 0) {
7429 wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
7430 "bridge interface %s: %s",
7431 brname, strerror(errno));
7432 return -1;
7433 }
7434 bss->added_bridge = 1;
7435 add_ifidx(drv, if_nametoindex(brname));
7436 }
7437
7438 if (linux_br_get(in_br, ifname) == 0) {
7439 if (os_strcmp(in_br, brname) == 0)
7440 return 0; /* already in the bridge */
7441
7442 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
7443 "bridge %s", ifname, in_br);
7444 if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) <
7445 0) {
7446 wpa_printf(MSG_ERROR, "nl80211: Failed to "
7447 "remove interface %s from bridge "
7448 "%s: %s",
7449 ifname, brname, strerror(errno));
7450 return -1;
7451 }
7452 }
7453
7454 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
7455 ifname, brname);
7456 if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) {
7457 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s "
7458 "into bridge %s: %s",
7459 ifname, brname, strerror(errno));
7460 return -1;
7461 }
7462 bss->added_if_into_bridge = 1;
7463
7464 return 0;
7465 }
7466
7467
7468 static void *i802_init(struct hostapd_data *hapd,
7469 struct wpa_init_params *params)
7470 {
7471 struct wpa_driver_nl80211_data *drv;
7472 struct i802_bss *bss;
7473 size_t i;
7474 char brname[IFNAMSIZ];
7475 int ifindex, br_ifindex;
7476 int br_added = 0;
7477
7478 bss = wpa_driver_nl80211_init(hapd, params->ifname,
7479 params->global_priv);
7480 if (bss == NULL)
7481 return NULL;
7482
7483 drv = bss->drv;
7484 drv->nlmode = NL80211_IFTYPE_AP;
7485 drv->eapol_sock = -1;
7486
7487 if (linux_br_get(brname, params->ifname) == 0) {
7488 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
7489 params->ifname, brname);
7490 br_ifindex = if_nametoindex(brname);
7491 } else {
7492 brname[0] = '\0';
7493 br_ifindex = 0;
7494 }
7495
7496 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
7497 drv->if_indices = drv->default_if_indices;
7498 for (i = 0; i < params->num_bridge; i++) {
7499 if (params->bridge[i]) {
7500 ifindex = if_nametoindex(params->bridge[i]);
7501 if (ifindex)
7502 add_ifidx(drv, ifindex);
7503 if (ifindex == br_ifindex)
7504 br_added = 1;
7505 }
7506 }
7507 if (!br_added && br_ifindex &&
7508 (params->num_bridge == 0 || !params->bridge[0]))
7509 add_ifidx(drv, br_ifindex);
7510
7511 /* start listening for EAPOL on the default AP interface */
7512 add_ifidx(drv, drv->ifindex);
7513
7514 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0))
7515 goto failed;
7516
7517 if (params->bssid) {
7518 if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
7519 params->bssid))
7520 goto failed;
7521 }
7522
7523 if (wpa_driver_nl80211_set_mode(bss, drv->nlmode)) {
7524 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s "
7525 "into AP mode", bss->ifname);
7526 goto failed;
7527 }
7528
7529 if (params->num_bridge && params->bridge[0] &&
7530 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0)
7531 goto failed;
7532
7533 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1))
7534 goto failed;
7535
7536 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
7537 if (drv->eapol_sock < 0) {
7538 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
7539 goto failed;
7540 }
7541
7542 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
7543 {
7544 printf("Could not register read socket for eapol\n");
7545 goto failed;
7546 }
7547
7548 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
7549 params->own_addr))
7550 goto failed;
7551
7552 memcpy(bss->addr, params->own_addr, ETH_ALEN);
7553
7554 return bss;
7555
7556 failed:
7557 wpa_driver_nl80211_deinit(bss);
7558 return NULL;
7559 }
7560
7561
7562 static void i802_deinit(void *priv)
7563 {
7564 wpa_driver_nl80211_deinit(priv);
7565 }
7566
7567 #endif /* HOSTAPD */
7568
7569
7570 static enum nl80211_iftype wpa_driver_nl80211_if_type(
7571 enum wpa_driver_if_type type)
7572 {
7573 switch (type) {
7574 case WPA_IF_STATION:
7575 return NL80211_IFTYPE_STATION;
7576 case WPA_IF_P2P_CLIENT:
7577 case WPA_IF_P2P_GROUP:
7578 return NL80211_IFTYPE_P2P_CLIENT;
7579 case WPA_IF_AP_VLAN:
7580 return NL80211_IFTYPE_AP_VLAN;
7581 case WPA_IF_AP_BSS:
7582 return NL80211_IFTYPE_AP;
7583 case WPA_IF_P2P_GO:
7584 return NL80211_IFTYPE_P2P_GO;
7585 }
7586 return -1;
7587 }
7588
7589
7590 #ifdef CONFIG_P2P
7591
7592 static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
7593 {
7594 struct wpa_driver_nl80211_data *drv;
7595 dl_list_for_each(drv, &global->interfaces,
7596 struct wpa_driver_nl80211_data, list) {
7597 if (os_memcmp(addr, drv->first_bss.addr, ETH_ALEN) == 0)
7598 return 1;
7599 }
7600 return 0;
7601 }
7602
7603
7604 static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv,
7605 u8 *new_addr)
7606 {
7607 unsigned int idx;
7608
7609 if (!drv->global)
7610 return -1;
7611
7612 os_memcpy(new_addr, drv->first_bss.addr, ETH_ALEN);
7613 for (idx = 0; idx < 64; idx++) {
7614 new_addr[0] = drv->first_bss.addr[0] | 0x02;
7615 new_addr[0] ^= idx << 2;
7616 if (!nl80211_addr_in_use(drv->global, new_addr))
7617 break;
7618 }
7619 if (idx == 64)
7620 return -1;
7621
7622 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address "
7623 MACSTR, MAC2STR(new_addr));
7624
7625 return 0;
7626 }
7627
7628 #endif /* CONFIG_P2P */
7629
7630
7631 static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
7632 const char *ifname, const u8 *addr,
7633 void *bss_ctx, void **drv_priv,
7634 char *force_ifname, u8 *if_addr,
7635 const char *bridge)
7636 {
7637 struct i802_bss *bss = priv;
7638 struct wpa_driver_nl80211_data *drv = bss->drv;
7639 int ifidx;
7640 #ifdef HOSTAPD
7641 struct i802_bss *new_bss = NULL;
7642
7643 if (type == WPA_IF_AP_BSS) {
7644 new_bss = os_zalloc(sizeof(*new_bss));
7645 if (new_bss == NULL)
7646 return -1;
7647 }
7648 #endif /* HOSTAPD */
7649
7650 if (addr)
7651 os_memcpy(if_addr, addr, ETH_ALEN);
7652 ifidx = nl80211_create_iface(drv, ifname,
7653 wpa_driver_nl80211_if_type(type), addr,
7654 0);
7655 if (ifidx < 0) {
7656 #ifdef HOSTAPD
7657 os_free(new_bss);
7658 #endif /* HOSTAPD */
7659 return -1;
7660 }
7661
7662 if (!addr &&
7663 linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
7664 if_addr) < 0) {
7665 nl80211_remove_iface(drv, ifidx);
7666 return -1;
7667 }
7668
7669 #ifdef CONFIG_P2P
7670 if (!addr &&
7671 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP ||
7672 type == WPA_IF_P2P_GO)) {
7673 /* Enforce unique P2P Interface Address */
7674 u8 new_addr[ETH_ALEN], own_addr[ETH_ALEN];
7675
7676 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
7677 own_addr) < 0 ||
7678 linux_get_ifhwaddr(drv->global->ioctl_sock, ifname,
7679 new_addr) < 0) {
7680 nl80211_remove_iface(drv, ifidx);
7681 return -1;
7682 }
7683 if (os_memcmp(own_addr, new_addr, ETH_ALEN) == 0) {
7684 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address "
7685 "for P2P group interface");
7686 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) {
7687 nl80211_remove_iface(drv, ifidx);
7688 return -1;
7689 }
7690 if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
7691 new_addr) < 0) {
7692 nl80211_remove_iface(drv, ifidx);
7693 return -1;
7694 }
7695 }
7696 os_memcpy(if_addr, new_addr, ETH_ALEN);
7697 }
7698 #endif /* CONFIG_P2P */
7699
7700 #ifdef HOSTAPD
7701 if (bridge &&
7702 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) {
7703 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new "
7704 "interface %s to a bridge %s", ifname, bridge);
7705 nl80211_remove_iface(drv, ifidx);
7706 os_free(new_bss);
7707 return -1;
7708 }
7709
7710 if (type == WPA_IF_AP_BSS) {
7711 if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1))
7712 {
7713 nl80211_remove_iface(drv, ifidx);
7714 os_free(new_bss);
7715 return -1;
7716 }
7717 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
7718 os_memcpy(new_bss->addr, if_addr, ETH_ALEN);
7719 new_bss->ifindex = ifidx;
7720 new_bss->drv = drv;
7721 new_bss->next = drv->first_bss.next;
7722 drv->first_bss.next = new_bss;
7723 if (drv_priv)
7724 *drv_priv = new_bss;
7725 nl80211_init_bss(new_bss);
7726 }
7727 #endif /* HOSTAPD */
7728
7729 if (drv->global)
7730 drv->global->if_add_ifindex = ifidx;
7731
7732 return 0;
7733 }
7734
7735
7736 static int wpa_driver_nl80211_if_remove(void *priv,
7737 enum wpa_driver_if_type type,
7738 const char *ifname)
7739 {
7740 struct i802_bss *bss = priv;
7741 struct wpa_driver_nl80211_data *drv = bss->drv;
7742 int ifindex = if_nametoindex(ifname);
7743
7744 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d",
7745 __func__, type, ifname, ifindex);
7746 if (ifindex <= 0)
7747 return -1;
7748
7749 #ifdef HOSTAPD
7750 if (bss->added_if_into_bridge) {
7751 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
7752 bss->ifname) < 0)
7753 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
7754 "interface %s from bridge %s: %s",
7755 bss->ifname, bss->brname, strerror(errno));
7756 }
7757 if (bss->added_bridge) {
7758 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
7759 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
7760 "bridge %s: %s",
7761 bss->brname, strerror(errno));
7762 }
7763 #endif /* HOSTAPD */
7764
7765 nl80211_remove_iface(drv, ifindex);
7766
7767 #ifdef HOSTAPD
7768 if (type != WPA_IF_AP_BSS)
7769 return 0;
7770
7771 if (bss != &drv->first_bss) {
7772 struct i802_bss *tbss;
7773
7774 for (tbss = &drv->first_bss; tbss; tbss = tbss->next) {
7775 if (tbss->next == bss) {
7776 tbss->next = bss->next;
7777 nl80211_destroy_bss(bss);
7778 os_free(bss);
7779 bss = NULL;
7780 break;
7781 }
7782 }
7783 if (bss)
7784 wpa_printf(MSG_INFO, "nl80211: %s - could not find "
7785 "BSS %p in the list", __func__, bss);
7786 }
7787 #endif /* HOSTAPD */
7788
7789 return 0;
7790 }
7791
7792
7793 static int cookie_handler(struct nl_msg *msg, void *arg)
7794 {
7795 struct nlattr *tb[NL80211_ATTR_MAX + 1];
7796 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
7797 u64 *cookie = arg;
7798 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
7799 genlmsg_attrlen(gnlh, 0), NULL);
7800 if (tb[NL80211_ATTR_COOKIE])
7801 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
7802 return NL_SKIP;
7803 }
7804
7805
7806 static int nl80211_send_frame_cmd(struct i802_bss *bss,
7807 unsigned int freq, unsigned int wait,
7808 const u8 *buf, size_t buf_len,
7809 u64 *cookie_out, int no_cck, int no_ack,
7810 int offchanok)
7811 {
7812 struct wpa_driver_nl80211_data *drv = bss->drv;
7813 struct nl_msg *msg;
7814 u64 cookie;
7815 int ret = -1;
7816
7817 msg = nlmsg_alloc();
7818 if (!msg)
7819 return -1;
7820
7821 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME);
7822
7823 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
7824 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
7825 if (wait)
7826 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait);
7827 if (offchanok)
7828 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
7829 if (no_cck)
7830 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE);
7831 if (no_ack)
7832 NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK);
7833
7834 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf);
7835
7836 cookie = 0;
7837 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
7838 msg = NULL;
7839 if (ret) {
7840 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d "
7841 "(%s) (freq=%u wait=%u)", ret, strerror(-ret),
7842 freq, wait);
7843 goto nla_put_failure;
7844 }
7845 wpa_printf(MSG_DEBUG, "nl80211: Frame TX command accepted%s; "
7846 "cookie 0x%llx", no_ack ? " (no ACK)" : "",
7847 (long long unsigned int) cookie);
7848
7849 if (cookie_out)
7850 *cookie_out = no_ack ? (u64) -1 : cookie;
7851
7852 nla_put_failure:
7853 nlmsg_free(msg);
7854 return ret;
7855 }
7856
7857
7858 static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq,
7859 unsigned int wait_time,
7860 const u8 *dst, const u8 *src,
7861 const u8 *bssid,
7862 const u8 *data, size_t data_len,
7863 int no_cck)
7864 {
7865 struct i802_bss *bss = priv;
7866 struct wpa_driver_nl80211_data *drv = bss->drv;
7867 int ret = -1;
7868 u8 *buf;
7869 struct ieee80211_hdr *hdr;
7870
7871 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
7872 "wait=%d ms no_cck=%d)", drv->ifindex, wait_time, no_cck);
7873
7874 buf = os_zalloc(24 + data_len);
7875 if (buf == NULL)
7876 return ret;
7877 os_memcpy(buf + 24, data, data_len);
7878 hdr = (struct ieee80211_hdr *) buf;
7879 hdr->frame_control =
7880 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
7881 os_memcpy(hdr->addr1, dst, ETH_ALEN);
7882 os_memcpy(hdr->addr2, src, ETH_ALEN);
7883 os_memcpy(hdr->addr3, bssid, ETH_ALEN);
7884
7885 if (is_ap_interface(drv->nlmode))
7886 ret = wpa_driver_nl80211_send_mlme(priv, buf, 24 + data_len,
7887 0);
7888 else
7889 ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf,
7890 24 + data_len,
7891 &drv->send_action_cookie,
7892 no_cck, 0, 1);
7893
7894 os_free(buf);
7895 return ret;
7896 }
7897
7898
7899 static void wpa_driver_nl80211_send_action_cancel_wait(void *priv)
7900 {
7901 struct i802_bss *bss = priv;
7902 struct wpa_driver_nl80211_data *drv = bss->drv;
7903 struct nl_msg *msg;
7904 int ret;
7905
7906 msg = nlmsg_alloc();
7907 if (!msg)
7908 return;
7909
7910 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL);
7911
7912 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7913 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie);
7914
7915 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7916 msg = NULL;
7917 if (ret)
7918 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d "
7919 "(%s)", ret, strerror(-ret));
7920
7921 nla_put_failure:
7922 nlmsg_free(msg);
7923 }
7924
7925
7926 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
7927 unsigned int duration)
7928 {
7929 struct i802_bss *bss = priv;
7930 struct wpa_driver_nl80211_data *drv = bss->drv;
7931 struct nl_msg *msg;
7932 int ret;
7933 u64 cookie;
7934
7935 msg = nlmsg_alloc();
7936 if (!msg)
7937 return -1;
7938
7939 nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL);
7940
7941 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7942 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
7943 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
7944
7945 cookie = 0;
7946 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
7947 msg = NULL;
7948 if (ret == 0) {
7949 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
7950 "0x%llx for freq=%u MHz duration=%u",
7951 (long long unsigned int) cookie, freq, duration);
7952 drv->remain_on_chan_cookie = cookie;
7953 drv->pending_remain_on_chan = 1;
7954 return 0;
7955 }
7956 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
7957 "(freq=%d duration=%u): %d (%s)",
7958 freq, duration, ret, strerror(-ret));
7959 nla_put_failure:
7960 nlmsg_free(msg);
7961 return -1;
7962 }
7963
7964
7965 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
7966 {
7967 struct i802_bss *bss = priv;
7968 struct wpa_driver_nl80211_data *drv = bss->drv;
7969 struct nl_msg *msg;
7970 int ret;
7971
7972 if (!drv->pending_remain_on_chan) {
7973 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
7974 "to cancel");
7975 return -1;
7976 }
7977
7978 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
7979 "0x%llx",
7980 (long long unsigned int) drv->remain_on_chan_cookie);
7981
7982 msg = nlmsg_alloc();
7983 if (!msg)
7984 return -1;
7985
7986 nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL);
7987
7988 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7989 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie);
7990
7991 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7992 msg = NULL;
7993 if (ret == 0)
7994 return 0;
7995 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
7996 "%d (%s)", ret, strerror(-ret));
7997 nla_put_failure:
7998 nlmsg_free(msg);
7999 return -1;
8000 }
8001
8002
8003 static int wpa_driver_nl80211_probe_req_report(void *priv, int report)
8004 {
8005 struct i802_bss *bss = priv;
8006 struct wpa_driver_nl80211_data *drv = bss->drv;
8007
8008 if (!report) {
8009 if (bss->nl_preq) {
8010 wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request "
8011 "reporting nl_preq=%p", bss->nl_preq);
8012 eloop_unregister_read_sock(
8013 nl_socket_get_fd(bss->nl_preq));
8014 nl_destroy_handles(&bss->nl_preq);
8015 }
8016 return 0;
8017 }
8018
8019 if (bss->nl_preq) {
8020 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting "
8021 "already on! nl_preq=%p", bss->nl_preq);
8022 return 0;
8023 }
8024
8025 bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq");
8026 if (bss->nl_preq == NULL)
8027 return -1;
8028 wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request "
8029 "reporting nl_preq=%p", bss->nl_preq);
8030
8031 if (nl80211_register_frame(bss, bss->nl_preq,
8032 (WLAN_FC_TYPE_MGMT << 2) |
8033 (WLAN_FC_STYPE_PROBE_REQ << 4),
8034 NULL, 0) < 0)
8035 goto out_err;
8036
8037 eloop_register_read_sock(nl_socket_get_fd(bss->nl_preq),
8038 wpa_driver_nl80211_event_receive, bss->nl_cb,
8039 bss->nl_preq);
8040
8041 return 0;
8042
8043 out_err:
8044 nl_destroy_handles(&bss->nl_preq);
8045 return -1;
8046 }
8047
8048
8049 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
8050 int ifindex, int disabled)
8051 {
8052 struct nl_msg *msg;
8053 struct nlattr *bands, *band;
8054 int ret;
8055
8056 msg = nlmsg_alloc();
8057 if (!msg)
8058 return -1;
8059
8060 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK);
8061 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
8062
8063 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
8064 if (!bands)
8065 goto nla_put_failure;
8066
8067 /*
8068 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
8069 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
8070 * rates. All 5 GHz rates are left enabled.
8071 */
8072 band = nla_nest_start(msg, NL80211_BAND_2GHZ);
8073 if (!band)
8074 goto nla_put_failure;
8075 if (disabled) {
8076 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8,
8077 "\x0c\x12\x18\x24\x30\x48\x60\x6c");
8078 }
8079 nla_nest_end(msg, band);
8080
8081 nla_nest_end(msg, bands);
8082
8083 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8084 msg = NULL;
8085 if (ret) {
8086 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
8087 "(%s)", ret, strerror(-ret));
8088 }
8089
8090 return ret;
8091
8092 nla_put_failure:
8093 nlmsg_free(msg);
8094 return -1;
8095 }
8096
8097
8098 static int wpa_driver_nl80211_deinit_ap(void *priv)
8099 {
8100 struct i802_bss *bss = priv;
8101 struct wpa_driver_nl80211_data *drv = bss->drv;
8102 if (!is_ap_interface(drv->nlmode))
8103 return -1;
8104 wpa_driver_nl80211_del_beacon(drv);
8105 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
8106 }
8107
8108
8109 static void wpa_driver_nl80211_resume(void *priv)
8110 {
8111 struct i802_bss *bss = priv;
8112 struct wpa_driver_nl80211_data *drv = bss->drv;
8113 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) {
8114 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on "
8115 "resume event");
8116 }
8117 }
8118
8119
8120 static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap,
8121 const u8 *ies, size_t ies_len)
8122 {
8123 struct i802_bss *bss = priv;
8124 struct wpa_driver_nl80211_data *drv = bss->drv;
8125 int ret;
8126 u8 *data, *pos;
8127 size_t data_len;
8128 const u8 *own_addr = bss->addr;
8129
8130 if (action != 1) {
8131 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action "
8132 "action %d", action);
8133 return -1;
8134 }
8135
8136 /*
8137 * Action frame payload:
8138 * Category[1] = 6 (Fast BSS Transition)
8139 * Action[1] = 1 (Fast BSS Transition Request)
8140 * STA Address
8141 * Target AP Address
8142 * FT IEs
8143 */
8144
8145 data_len = 2 + 2 * ETH_ALEN + ies_len;
8146 data = os_malloc(data_len);
8147 if (data == NULL)
8148 return -1;
8149 pos = data;
8150 *pos++ = 0x06; /* FT Action category */
8151 *pos++ = action;
8152 os_memcpy(pos, own_addr, ETH_ALEN);
8153 pos += ETH_ALEN;
8154 os_memcpy(pos, target_ap, ETH_ALEN);
8155 pos += ETH_ALEN;
8156 os_memcpy(pos, ies, ies_len);
8157
8158 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0,
8159 drv->bssid, own_addr, drv->bssid,
8160 data, data_len, 0);
8161 os_free(data);
8162
8163 return ret;
8164 }
8165
8166
8167 static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
8168 {
8169 struct i802_bss *bss = priv;
8170 struct wpa_driver_nl80211_data *drv = bss->drv;
8171 struct nl_msg *msg, *cqm = NULL;
8172
8173 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
8174 "hysteresis=%d", threshold, hysteresis);
8175
8176 msg = nlmsg_alloc();
8177 if (!msg)
8178 return -1;
8179
8180 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM);
8181
8182 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
8183
8184 cqm = nlmsg_alloc();
8185 if (cqm == NULL)
8186 return -1;
8187
8188 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold);
8189 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis);
8190 nla_put_nested(msg, NL80211_ATTR_CQM, cqm);
8191
8192 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
8193 return 0;
8194 msg = NULL;
8195
8196 nla_put_failure:
8197 nlmsg_free(cqm);
8198 nlmsg_free(msg);
8199 return -1;
8200 }
8201
8202
8203 static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si)
8204 {
8205 struct i802_bss *bss = priv;
8206 struct wpa_driver_nl80211_data *drv = bss->drv;
8207 int res;
8208
8209 os_memset(si, 0, sizeof(*si));
8210 res = nl80211_get_link_signal(drv, si);
8211 if (res != 0)
8212 return res;
8213
8214 return nl80211_get_link_noise(drv, si);
8215 }
8216
8217
8218 static int wpa_driver_nl80211_shared_freq(void *priv)
8219 {
8220 struct i802_bss *bss = priv;
8221 struct wpa_driver_nl80211_data *drv = bss->drv;
8222 struct wpa_driver_nl80211_data *driver;
8223 int freq = 0;
8224
8225 /*
8226 * If the same PHY is in connected state with some other interface,
8227 * then retrieve the assoc freq.
8228 */
8229 wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s",
8230 drv->phyname);
8231
8232 dl_list_for_each(driver, &drv->global->interfaces,
8233 struct wpa_driver_nl80211_data, list) {
8234 if (drv == driver ||
8235 os_strcmp(drv->phyname, driver->phyname) != 0 ||
8236 !driver->associated)
8237 continue;
8238
8239 wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s "
8240 MACSTR,
8241 driver->phyname, driver->first_bss.ifname,
8242 MAC2STR(driver->first_bss.addr));
8243 freq = nl80211_get_assoc_freq(driver);
8244 wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d",
8245 drv->phyname, freq);
8246 }
8247
8248 if (!freq)
8249 wpa_printf(MSG_DEBUG, "nl80211: No shared interface for "
8250 "PHY (%s) in associated state", drv->phyname);
8251
8252 return freq;
8253 }
8254
8255
8256 static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len,
8257 int encrypt)
8258 {
8259 struct i802_bss *bss = priv;
8260 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0);
8261 }
8262
8263
8264 static int nl80211_set_param(void *priv, const char *param)
8265 {
8266 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param);
8267 if (param == NULL)
8268 return 0;
8269
8270 #ifdef CONFIG_P2P
8271 if (os_strstr(param, "use_p2p_group_interface=1")) {
8272 struct i802_bss *bss = priv;
8273 struct wpa_driver_nl80211_data *drv = bss->drv;
8274
8275 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
8276 "interface");
8277 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
8278 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
8279 }
8280 #endif /* CONFIG_P2P */
8281
8282 return 0;
8283 }
8284
8285
8286 static void * nl80211_global_init(void)
8287 {
8288 struct nl80211_global *global;
8289 struct netlink_config *cfg;
8290
8291 global = os_zalloc(sizeof(*global));
8292 if (global == NULL)
8293 return NULL;
8294 global->ioctl_sock = -1;
8295 dl_list_init(&global->interfaces);
8296 global->if_add_ifindex = -1;
8297
8298 cfg = os_zalloc(sizeof(*cfg));
8299 if (cfg == NULL)
8300 goto err;
8301
8302 cfg->ctx = global;
8303 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
8304 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
8305 global->netlink = netlink_init(cfg);
8306 if (global->netlink == NULL) {
8307 os_free(cfg);
8308 goto err;
8309 }
8310
8311 if (wpa_driver_nl80211_init_nl_global(global) < 0)
8312 goto err;
8313
8314 global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
8315 if (global->ioctl_sock < 0) {
8316 perror("socket(PF_INET,SOCK_DGRAM)");
8317 goto err;
8318 }
8319
8320 return global;
8321
8322 err:
8323 nl80211_global_deinit(global);
8324 return NULL;
8325 }
8326
8327
8328 static void nl80211_global_deinit(void *priv)
8329 {
8330 struct nl80211_global *global = priv;
8331 if (global == NULL)
8332 return;
8333 if (!dl_list_empty(&global->interfaces)) {
8334 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at "
8335 "nl80211_global_deinit",
8336 dl_list_len(&global->interfaces));
8337 }
8338
8339 if (global->netlink)
8340 netlink_deinit(global->netlink);
8341
8342 nl_destroy_handles(&global->nl);
8343
8344 if (global->nl_event) {
8345 eloop_unregister_read_sock(
8346 nl_socket_get_fd(global->nl_event));
8347 nl_destroy_handles(&global->nl_event);
8348 }
8349
8350 nl_cb_put(global->nl_cb);
8351
8352 if (global->ioctl_sock >= 0)
8353 close(global->ioctl_sock);
8354
8355 os_free(global);
8356 }
8357
8358
8359 static const char * nl80211_get_radio_name(void *priv)
8360 {
8361 struct i802_bss *bss = priv;
8362 struct wpa_driver_nl80211_data *drv = bss->drv;
8363 return drv->phyname;
8364 }
8365
8366
8367 static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid,
8368 const u8 *pmkid)
8369 {
8370 struct nl_msg *msg;
8371
8372 msg = nlmsg_alloc();
8373 if (!msg)
8374 return -ENOMEM;
8375
8376 nl80211_cmd(bss->drv, msg, 0, cmd);
8377
8378 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
8379 if (pmkid)
8380 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid);
8381 if (bssid)
8382 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
8383
8384 return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
8385 nla_put_failure:
8386 nlmsg_free(msg);
8387 return -ENOBUFS;
8388 }
8389
8390
8391 static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
8392 {
8393 struct i802_bss *bss = priv;
8394 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid));
8395 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid);
8396 }
8397
8398
8399 static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
8400 {
8401 struct i802_bss *bss = priv;
8402 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR,
8403 MAC2STR(bssid));
8404 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid);
8405 }
8406
8407
8408 static int nl80211_flush_pmkid(void *priv)
8409 {
8410 struct i802_bss *bss = priv;
8411 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs");
8412 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL);
8413 }
8414
8415
8416 static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck,
8417 const u8 *replay_ctr)
8418 {
8419 struct i802_bss *bss = priv;
8420 struct wpa_driver_nl80211_data *drv = bss->drv;
8421 struct nlattr *replay_nested;
8422 struct nl_msg *msg;
8423
8424 msg = nlmsg_alloc();
8425 if (!msg)
8426 return;
8427
8428 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
8429
8430 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
8431
8432 replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
8433 if (!replay_nested)
8434 goto nla_put_failure;
8435
8436 NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek);
8437 NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck);
8438 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN,
8439 replay_ctr);
8440
8441 nla_nest_end(msg, replay_nested);
8442
8443 send_and_recv_msgs(drv, msg, NULL, NULL);
8444 return;
8445 nla_put_failure:
8446 nlmsg_free(msg);
8447 }
8448
8449
8450 static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr,
8451 const u8 *addr, int qos)
8452 {
8453 /* send data frame to poll STA and check whether
8454 * this frame is ACKed */
8455 struct {
8456 struct ieee80211_hdr hdr;
8457 u16 qos_ctl;
8458 } STRUCT_PACKED nulldata;
8459 size_t size;
8460
8461 /* Send data frame to poll STA and check whether this frame is ACKed */
8462
8463 os_memset(&nulldata, 0, sizeof(nulldata));
8464
8465 if (qos) {
8466 nulldata.hdr.frame_control =
8467 IEEE80211_FC(WLAN_FC_TYPE_DATA,
8468 WLAN_FC_STYPE_QOS_NULL);
8469 size = sizeof(nulldata);
8470 } else {
8471 nulldata.hdr.frame_control =
8472 IEEE80211_FC(WLAN_FC_TYPE_DATA,
8473 WLAN_FC_STYPE_NULLFUNC);
8474 size = sizeof(struct ieee80211_hdr);
8475 }
8476
8477 nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS);
8478 os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN);
8479 os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
8480 os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
8481
8482 if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0) < 0)
8483 wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to "
8484 "send poll frame");
8485 }
8486
8487 static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr,
8488 int qos)
8489 {
8490 struct i802_bss *bss = priv;
8491 struct wpa_driver_nl80211_data *drv = bss->drv;
8492 struct nl_msg *msg;
8493
8494 if (!drv->poll_command_supported) {
8495 nl80211_send_null_frame(bss, own_addr, addr, qos);
8496 return;
8497 }
8498
8499 msg = nlmsg_alloc();
8500 if (!msg)
8501 return;
8502
8503 nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT);
8504
8505 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
8506 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
8507
8508 send_and_recv_msgs(drv, msg, NULL, NULL);
8509 return;
8510 nla_put_failure:
8511 nlmsg_free(msg);
8512 }
8513
8514
8515 static int nl80211_set_power_save(struct i802_bss *bss, int enabled)
8516 {
8517 struct nl_msg *msg;
8518
8519 msg = nlmsg_alloc();
8520 if (!msg)
8521 return -ENOMEM;
8522
8523 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_SET_POWER_SAVE);
8524 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
8525 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE,
8526 enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED);
8527 return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
8528 nla_put_failure:
8529 nlmsg_free(msg);
8530 return -ENOBUFS;
8531 }
8532
8533
8534 static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps,
8535 int ctwindow)
8536 {
8537 struct i802_bss *bss = priv;
8538
8539 wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d "
8540 "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow);
8541
8542 if (opp_ps != -1 || ctwindow != -1)
8543 return -1; /* Not yet supported */
8544
8545 if (legacy_ps == -1)
8546 return 0;
8547 if (legacy_ps != 0 && legacy_ps != 1)
8548 return -1; /* Not yet supported */
8549
8550 return nl80211_set_power_save(bss, legacy_ps);
8551 }
8552
8553
8554 #ifdef CONFIG_TDLS
8555
8556 static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code,
8557 u8 dialog_token, u16 status_code,
8558 const u8 *buf, size_t len)
8559 {
8560 struct i802_bss *bss = priv;
8561 struct wpa_driver_nl80211_data *drv = bss->drv;
8562 struct nl_msg *msg;
8563
8564 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
8565 return -EOPNOTSUPP;
8566
8567 if (!dst)
8568 return -EINVAL;
8569
8570 msg = nlmsg_alloc();
8571 if (!msg)
8572 return -ENOMEM;
8573
8574 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT);
8575 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
8576 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
8577 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code);
8578 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token);
8579 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code);
8580 NLA_PUT(msg, NL80211_ATTR_IE, len, buf);
8581
8582 return send_and_recv_msgs(drv, msg, NULL, NULL);
8583
8584 nla_put_failure:
8585 nlmsg_free(msg);
8586 return -ENOBUFS;
8587 }
8588
8589
8590 static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer)
8591 {
8592 struct i802_bss *bss = priv;
8593 struct wpa_driver_nl80211_data *drv = bss->drv;
8594 struct nl_msg *msg;
8595 enum nl80211_tdls_operation nl80211_oper;
8596
8597 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
8598 return -EOPNOTSUPP;
8599
8600 switch (oper) {
8601 case TDLS_DISCOVERY_REQ:
8602 nl80211_oper = NL80211_TDLS_DISCOVERY_REQ;
8603 break;
8604 case TDLS_SETUP:
8605 nl80211_oper = NL80211_TDLS_SETUP;
8606 break;
8607 case TDLS_TEARDOWN:
8608 nl80211_oper = NL80211_TDLS_TEARDOWN;
8609 break;
8610 case TDLS_ENABLE_LINK:
8611 nl80211_oper = NL80211_TDLS_ENABLE_LINK;
8612 break;
8613 case TDLS_DISABLE_LINK:
8614 nl80211_oper = NL80211_TDLS_DISABLE_LINK;
8615 break;
8616 case TDLS_ENABLE:
8617 return 0;
8618 case TDLS_DISABLE:
8619 return 0;
8620 default:
8621 return -EINVAL;
8622 }
8623
8624 msg = nlmsg_alloc();
8625 if (!msg)
8626 return -ENOMEM;
8627
8628 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER);
8629 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper);
8630 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
8631 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer);
8632
8633 return send_and_recv_msgs(drv, msg, NULL, NULL);
8634
8635 nla_put_failure:
8636 nlmsg_free(msg);
8637 return -ENOBUFS;
8638 }
8639
8640 #endif /* CONFIG TDLS */
8641
8642
8643 #ifdef ANDROID
8644
8645 typedef struct android_wifi_priv_cmd {
8646 char *buf;
8647 int used_len;
8648 int total_len;
8649 } android_wifi_priv_cmd;
8650
8651 static int drv_errors = 0;
8652
8653 static void wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data *drv)
8654 {
8655 drv_errors++;
8656 if (drv_errors > DRV_NUMBER_SEQUENTIAL_ERRORS) {
8657 drv_errors = 0;
8658 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED");
8659 }
8660 }
8661
8662
8663 static int android_priv_cmd(struct i802_bss *bss, const char *cmd)
8664 {
8665 struct wpa_driver_nl80211_data *drv = bss->drv;
8666 struct ifreq ifr;
8667 android_wifi_priv_cmd priv_cmd;
8668 char buf[MAX_DRV_CMD_SIZE];
8669 int ret;
8670
8671 os_memset(&ifr, 0, sizeof(ifr));
8672 os_memset(&priv_cmd, 0, sizeof(priv_cmd));
8673 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ);
8674
8675 os_memset(buf, 0, sizeof(buf));
8676 os_strlcpy(buf, cmd, sizeof(buf));
8677
8678 priv_cmd.buf = buf;
8679 priv_cmd.used_len = sizeof(buf);
8680 priv_cmd.total_len = sizeof(buf);
8681 ifr.ifr_data = &priv_cmd;
8682
8683 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr);
8684 if (ret < 0) {
8685 wpa_printf(MSG_ERROR, "%s: failed to issue private commands",
8686 __func__);
8687 wpa_driver_send_hang_msg(drv);
8688 return ret;
8689 }
8690
8691 drv_errors = 0;
8692 return 0;
8693 }
8694
8695
8696 static int android_pno_start(struct i802_bss *bss,
8697 struct wpa_driver_scan_params *params)
8698 {
8699 struct wpa_driver_nl80211_data *drv = bss->drv;
8700 struct ifreq ifr;
8701 android_wifi_priv_cmd priv_cmd;
8702 int ret = 0, i = 0, bp;
8703 char buf[WEXT_PNO_MAX_COMMAND_SIZE];
8704
8705 bp = WEXT_PNOSETUP_HEADER_SIZE;
8706 os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp);
8707 buf[bp++] = WEXT_PNO_TLV_PREFIX;
8708 buf[bp++] = WEXT_PNO_TLV_VERSION;
8709 buf[bp++] = WEXT_PNO_TLV_SUBVERSION;
8710 buf[bp++] = WEXT_PNO_TLV_RESERVED;
8711
8712 while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) {
8713 /* Check that there is enough space needed for 1 more SSID, the
8714 * other sections and null termination */
8715 if ((bp + WEXT_PNO_SSID_HEADER_SIZE + MAX_SSID_LEN +
8716 WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf))
8717 break;
8718 wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan",
8719 params->ssids[i].ssid,
8720 params->ssids[i].ssid_len);
8721 buf[bp++] = WEXT_PNO_SSID_SECTION;
8722 buf[bp++] = params->ssids[i].ssid_len;
8723 os_memcpy(&buf[bp], params->ssids[i].ssid,
8724 params->ssids[i].ssid_len);
8725 bp += params->ssids[i].ssid_len;
8726 i++;
8727 }
8728
8729 buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION;
8730 os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x",
8731 WEXT_PNO_SCAN_INTERVAL);
8732 bp += WEXT_PNO_SCAN_INTERVAL_LENGTH;
8733
8734 buf[bp++] = WEXT_PNO_REPEAT_SECTION;
8735 os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x",
8736 WEXT_PNO_REPEAT);
8737 bp += WEXT_PNO_REPEAT_LENGTH;
8738
8739 buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION;
8740 os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x",
8741 WEXT_PNO_MAX_REPEAT);
8742 bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1;
8743
8744 memset(&ifr, 0, sizeof(ifr));
8745 memset(&priv_cmd, 0, sizeof(priv_cmd));
8746 os_strncpy(ifr.ifr_name, bss->ifname, IFNAMSIZ);
8747
8748 priv_cmd.buf = buf;
8749 priv_cmd.used_len = bp;
8750 priv_cmd.total_len = bp;
8751 ifr.ifr_data = &priv_cmd;
8752
8753 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr);
8754
8755 if (ret < 0) {
8756 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d",
8757 ret);
8758 wpa_driver_send_hang_msg(drv);
8759 return ret;
8760 }
8761
8762 drv_errors = 0;
8763
8764 return android_priv_cmd(bss, "PNOFORCE 1");
8765 }
8766
8767
8768 static int android_pno_stop(struct i802_bss *bss)
8769 {
8770 return android_priv_cmd(bss, "PNOFORCE 0");
8771 }
8772
8773 #endif /* ANDROID */
8774
8775
8776 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
8777 .name = "nl80211",
8778 .desc = "Linux nl80211/cfg80211",
8779 .get_bssid = wpa_driver_nl80211_get_bssid,
8780 .get_ssid = wpa_driver_nl80211_get_ssid,
8781 .set_key = wpa_driver_nl80211_set_key,
8782 .scan2 = wpa_driver_nl80211_scan,
8783 .sched_scan = wpa_driver_nl80211_sched_scan,
8784 .stop_sched_scan = wpa_driver_nl80211_stop_sched_scan,
8785 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
8786 .deauthenticate = wpa_driver_nl80211_deauthenticate,
8787 .disassociate = wpa_driver_nl80211_disassociate,
8788 .authenticate = wpa_driver_nl80211_authenticate,
8789 .associate = wpa_driver_nl80211_associate,
8790 .global_init = nl80211_global_init,
8791 .global_deinit = nl80211_global_deinit,
8792 .init2 = wpa_driver_nl80211_init,
8793 .deinit = wpa_driver_nl80211_deinit,
8794 .get_capa = wpa_driver_nl80211_get_capa,
8795 .set_operstate = wpa_driver_nl80211_set_operstate,
8796 .set_supp_port = wpa_driver_nl80211_set_supp_port,
8797 .set_country = wpa_driver_nl80211_set_country,
8798 .set_ap = wpa_driver_nl80211_set_ap,
8799 .if_add = wpa_driver_nl80211_if_add,
8800 .if_remove = wpa_driver_nl80211_if_remove,
8801 .send_mlme = wpa_driver_nl80211_send_mlme,
8802 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
8803 .sta_add = wpa_driver_nl80211_sta_add,
8804 .sta_remove = wpa_driver_nl80211_sta_remove,
8805 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
8806 .sta_set_flags = wpa_driver_nl80211_sta_set_flags,
8807 #ifdef HOSTAPD
8808 .hapd_init = i802_init,
8809 .hapd_deinit = i802_deinit,
8810 .set_wds_sta = i802_set_wds_sta,
8811 #endif /* HOSTAPD */
8812 #if defined(HOSTAPD) || defined(CONFIG_AP)
8813 .get_seqnum = i802_get_seqnum,
8814 .flush = i802_flush,
8815 .read_sta_data = i802_read_sta_data,
8816 .get_inact_sec = i802_get_inact_sec,
8817 .sta_clear_stats = i802_sta_clear_stats,
8818 .set_rts = i802_set_rts,
8819 .set_frag = i802_set_frag,
8820 .set_tx_queue_params = i802_set_tx_queue_params,
8821 .set_sta_vlan = i802_set_sta_vlan,
8822 .sta_deauth = i802_sta_deauth,
8823 .sta_disassoc = i802_sta_disassoc,
8824 #endif /* HOSTAPD || CONFIG_AP */
8825 .set_freq = i802_set_freq,
8826 .send_action = wpa_driver_nl80211_send_action,
8827 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait,
8828 .remain_on_channel = wpa_driver_nl80211_remain_on_channel,
8829 .cancel_remain_on_channel =
8830 wpa_driver_nl80211_cancel_remain_on_channel,
8831 .probe_req_report = wpa_driver_nl80211_probe_req_report,
8832 .deinit_ap = wpa_driver_nl80211_deinit_ap,
8833 .resume = wpa_driver_nl80211_resume,
8834 .send_ft_action = nl80211_send_ft_action,
8835 .signal_monitor = nl80211_signal_monitor,
8836 .signal_poll = nl80211_signal_poll,
8837 .send_frame = nl80211_send_frame,
8838 .shared_freq = wpa_driver_nl80211_shared_freq,
8839 .set_param = nl80211_set_param,
8840 .get_radio_name = nl80211_get_radio_name,
8841 .add_pmkid = nl80211_add_pmkid,
8842 .remove_pmkid = nl80211_remove_pmkid,
8843 .flush_pmkid = nl80211_flush_pmkid,
8844 .set_rekey_info = nl80211_set_rekey_info,
8845 .poll_client = nl80211_poll_client,
8846 .set_p2p_powersave = nl80211_set_p2p_powersave,
8847 #ifdef CONFIG_TDLS
8848 .send_tdls_mgmt = nl80211_send_tdls_mgmt,
8849 .tdls_oper = nl80211_tdls_oper,
8850 #endif /* CONFIG_TDLS */
8851 };
Unnamed repository; edit this file 'description' to name the repository.