]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/drivers/driver_nl80211.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
WPS: Send WSC_NACK if message without Message Type is received
[thirdparty/hostap.git] / src / drivers / driver_nl80211.c
1 /*
2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009-2010, Atheros Communications
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 *
13 * Alternatively, this software may be distributed under the terms of BSD
14 * license.
15 *
16 * See README and COPYING for more details.
17 */
18
19 #include "includes.h"
20 #include <sys/ioctl.h>
21 #include <net/if.h>
22 #include <netlink/genl/genl.h>
23 #include <netlink/genl/family.h>
24 #include <netlink/genl/ctrl.h>
25 #include <linux/rtnetlink.h>
26 #include <netpacket/packet.h>
27 #include <linux/filter.h>
28 #include "nl80211_copy.h"
29
30 #include "common.h"
31 #include "eloop.h"
32 #include "common/ieee802_11_defs.h"
33 #include "netlink.h"
34 #include "linux_ioctl.h"
35 #include "radiotap.h"
36 #include "radiotap_iter.h"
37 #include "rfkill.h"
38 #include "driver.h"
39
40 #ifdef CONFIG_LIBNL20
41 /* libnl 2.0 compatibility code */
42 #define nl_handle nl_sock
43 #define nl80211_handle_alloc nl_socket_alloc_cb
44 #define nl80211_handle_destroy nl_socket_free
45 #else
46 /*
47 * libnl 1.1 has a bug, it tries to allocate socket numbers densely
48 * but when you free a socket again it will mess up its bitmap and
49 * and use the wrong number the next time it needs a socket ID.
50 * Therefore, we wrap the handle alloc/destroy and add our own pid
51 * accounting.
52 */
53 static uint32_t port_bitmap[32] = { 0 };
54
55 static struct nl_handle *nl80211_handle_alloc(void *cb)
56 {
57 struct nl_handle *handle;
58 uint32_t pid = getpid() & 0x3FFFFF;
59 int i;
60
61 handle = nl_handle_alloc_cb(cb);
62
63 for (i = 0; i < 1024; i++) {
64 if (port_bitmap[i / 32] & (1 << (i % 32)))
65 continue;
66 port_bitmap[i / 32] |= 1 << (i % 32);
67 pid += i << 22;
68 break;
69 }
70
71 nl_socket_set_local_port(handle, pid);
72
73 return handle;
74 }
75
76 static void nl80211_handle_destroy(struct nl_handle *handle)
77 {
78 uint32_t port = nl_socket_get_local_port(handle);
79
80 port >>= 22;
81 port_bitmap[port / 32] &= ~(1 << (port % 32));
82
83 nl_handle_destroy(handle);
84 }
85 #endif /* CONFIG_LIBNL20 */
86
87
88 #ifndef IFF_LOWER_UP
89 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
90 #endif
91 #ifndef IFF_DORMANT
92 #define IFF_DORMANT 0x20000 /* driver signals dormant */
93 #endif
94
95 #ifndef IF_OPER_DORMANT
96 #define IF_OPER_DORMANT 5
97 #endif
98 #ifndef IF_OPER_UP
99 #define IF_OPER_UP 6
100 #endif
101
102 struct i802_bss {
103 struct wpa_driver_nl80211_data *drv;
104 struct i802_bss *next;
105 int ifindex;
106 char ifname[IFNAMSIZ + 1];
107 unsigned int beacon_set:1;
108 };
109
110 struct wpa_driver_nl80211_data {
111 void *ctx;
112 struct netlink_data *netlink;
113 int ioctl_sock; /* socket for ioctl() use */
114 char brname[IFNAMSIZ];
115 int ifindex;
116 int if_removed;
117 int if_disabled;
118 struct rfkill_data *rfkill;
119 struct wpa_driver_capa capa;
120 int has_capability;
121
122 int operstate;
123
124 int scan_complete_events;
125
126 struct nl_handle *nl_handle;
127 struct nl_handle *nl_handle_event;
128 struct nl_handle *nl_handle_preq;
129 struct nl_cache *nl_cache;
130 struct nl_cache *nl_cache_event;
131 struct nl_cache *nl_cache_preq;
132 struct nl_cb *nl_cb;
133 struct genl_family *nl80211;
134
135 u8 auth_bssid[ETH_ALEN];
136 u8 bssid[ETH_ALEN];
137 int associated;
138 u8 ssid[32];
139 size_t ssid_len;
140 int nlmode;
141 int ap_scan_as_station;
142 unsigned int assoc_freq;
143
144 int monitor_sock;
145 int monitor_ifidx;
146 int disable_11b_rates;
147
148 unsigned int pending_remain_on_chan:1;
149 unsigned int added_bridge:1;
150 unsigned int added_if_into_bridge:1;
151
152 u64 remain_on_chan_cookie;
153 u64 send_action_cookie;
154
155 unsigned int last_mgmt_freq;
156
157 struct wpa_driver_scan_filter *filter_ssids;
158 size_t num_filter_ssids;
159
160 struct i802_bss first_bss;
161
162 #ifdef HOSTAPD
163 int eapol_sock; /* socket for EAPOL frames */
164
165 int default_if_indices[16];
166 int *if_indices;
167 int num_if_indices;
168
169 int last_freq;
170 int last_freq_ht;
171 #endif /* HOSTAPD */
172 };
173
174
175 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
176 void *timeout_ctx);
177 static int wpa_driver_nl80211_set_mode(void *priv, int mode);
178 static int
179 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
180 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
181 const u8 *addr, int cmd, u16 reason_code,
182 int local_state_change);
183 static void nl80211_remove_monitor_interface(
184 struct wpa_driver_nl80211_data *drv);
185 static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv,
186 unsigned int freq, const u8 *buf,
187 size_t buf_len, u64 *cookie);
188 static int wpa_driver_nl80211_probe_req_report(void *priv, int report);
189
190 #ifdef HOSTAPD
191 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
192 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
193 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
194 static int wpa_driver_nl80211_if_remove(void *priv,
195 enum wpa_driver_if_type type,
196 const char *ifname);
197 #else /* HOSTAPD */
198 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
199 {
200 return 0;
201 }
202 #endif /* HOSTAPD */
203
204 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq);
205 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
206 int ifindex, int disabled);
207
208
209 /* nl80211 code */
210 static int ack_handler(struct nl_msg *msg, void *arg)
211 {
212 int *err = arg;
213 *err = 0;
214 return NL_STOP;
215 }
216
217 static int finish_handler(struct nl_msg *msg, void *arg)
218 {
219 int *ret = arg;
220 *ret = 0;
221 return NL_SKIP;
222 }
223
224 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
225 void *arg)
226 {
227 int *ret = arg;
228 *ret = err->error;
229 return NL_SKIP;
230 }
231
232
233 static int no_seq_check(struct nl_msg *msg, void *arg)
234 {
235 return NL_OK;
236 }
237
238
239 static int send_and_recv(struct wpa_driver_nl80211_data *drv,
240 struct nl_handle *nl_handle, struct nl_msg *msg,
241 int (*valid_handler)(struct nl_msg *, void *),
242 void *valid_data)
243 {
244 struct nl_cb *cb;
245 int err = -ENOMEM;
246
247 cb = nl_cb_clone(drv->nl_cb);
248 if (!cb)
249 goto out;
250
251 err = nl_send_auto_complete(nl_handle, msg);
252 if (err < 0)
253 goto out;
254
255 err = 1;
256
257 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
258 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
259 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
260
261 if (valid_handler)
262 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
263 valid_handler, valid_data);
264
265 while (err > 0)
266 nl_recvmsgs(nl_handle, cb);
267 out:
268 nl_cb_put(cb);
269 nlmsg_free(msg);
270 return err;
271 }
272
273
274 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
275 struct nl_msg *msg,
276 int (*valid_handler)(struct nl_msg *, void *),
277 void *valid_data)
278 {
279 return send_and_recv(drv, drv->nl_handle, msg, valid_handler,
280 valid_data);
281 }
282
283
284 struct family_data {
285 const char *group;
286 int id;
287 };
288
289
290 static int family_handler(struct nl_msg *msg, void *arg)
291 {
292 struct family_data *res = arg;
293 struct nlattr *tb[CTRL_ATTR_MAX + 1];
294 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
295 struct nlattr *mcgrp;
296 int i;
297
298 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
299 genlmsg_attrlen(gnlh, 0), NULL);
300 if (!tb[CTRL_ATTR_MCAST_GROUPS])
301 return NL_SKIP;
302
303 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
304 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
305 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
306 nla_len(mcgrp), NULL);
307 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
308 !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
309 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
310 res->group,
311 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
312 continue;
313 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
314 break;
315 };
316
317 return NL_SKIP;
318 }
319
320
321 static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv,
322 const char *family, const char *group)
323 {
324 struct nl_msg *msg;
325 int ret = -1;
326 struct family_data res = { group, -ENOENT };
327
328 msg = nlmsg_alloc();
329 if (!msg)
330 return -ENOMEM;
331 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"),
332 0, 0, CTRL_CMD_GETFAMILY, 0);
333 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
334
335 ret = send_and_recv_msgs(drv, msg, family_handler, &res);
336 msg = NULL;
337 if (ret == 0)
338 ret = res.id;
339
340 nla_put_failure:
341 nlmsg_free(msg);
342 return ret;
343 }
344
345
346 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
347 {
348 struct i802_bss *bss = priv;
349 struct wpa_driver_nl80211_data *drv = bss->drv;
350 if (!drv->associated)
351 return -1;
352 os_memcpy(bssid, drv->bssid, ETH_ALEN);
353 return 0;
354 }
355
356
357 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
358 {
359 struct i802_bss *bss = priv;
360 struct wpa_driver_nl80211_data *drv = bss->drv;
361 if (!drv->associated)
362 return -1;
363 os_memcpy(ssid, drv->ssid, drv->ssid_len);
364 return drv->ssid_len;
365 }
366
367
368 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
369 char *buf, size_t len, int del)
370 {
371 union wpa_event_data event;
372
373 os_memset(&event, 0, sizeof(event));
374 if (len > sizeof(event.interface_status.ifname))
375 len = sizeof(event.interface_status.ifname) - 1;
376 os_memcpy(event.interface_status.ifname, buf, len);
377 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
378 EVENT_INTERFACE_ADDED;
379
380 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
381 del ? "DEL" : "NEW",
382 event.interface_status.ifname,
383 del ? "removed" : "added");
384
385 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) {
386 if (del)
387 drv->if_removed = 1;
388 else
389 drv->if_removed = 0;
390 }
391
392 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
393 }
394
395
396 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
397 u8 *buf, size_t len)
398 {
399 int attrlen, rta_len;
400 struct rtattr *attr;
401
402 attrlen = len;
403 attr = (struct rtattr *) buf;
404
405 rta_len = RTA_ALIGN(sizeof(struct rtattr));
406 while (RTA_OK(attr, attrlen)) {
407 if (attr->rta_type == IFLA_IFNAME) {
408 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname)
409 == 0)
410 return 1;
411 else
412 break;
413 }
414 attr = RTA_NEXT(attr, attrlen);
415 }
416
417 return 0;
418 }
419
420
421 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
422 int ifindex, u8 *buf, size_t len)
423 {
424 if (drv->ifindex == ifindex)
425 return 1;
426
427 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
428 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname);
429 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
430 "interface");
431 wpa_driver_nl80211_finish_drv_init(drv);
432 return 1;
433 }
434
435 return 0;
436 }
437
438
439 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
440 struct ifinfomsg *ifi,
441 u8 *buf, size_t len)
442 {
443 struct wpa_driver_nl80211_data *drv = ctx;
444 int attrlen, rta_len;
445 struct rtattr *attr;
446 u32 brid = 0;
447
448 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, buf, len) &&
449 !have_ifidx(drv, ifi->ifi_index)) {
450 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign "
451 "ifindex %d", ifi->ifi_index);
452 return;
453 }
454
455 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
456 "(%s%s%s%s)",
457 drv->operstate, ifi->ifi_flags,
458 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
459 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
460 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
461 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
462
463 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
464 wpa_printf(MSG_DEBUG, "nl80211: Interface down");
465 drv->if_disabled = 1;
466 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL);
467 }
468
469 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
470 wpa_printf(MSG_DEBUG, "nl80211: Interface up");
471 drv->if_disabled = 0;
472 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL);
473 }
474
475 /*
476 * Some drivers send the association event before the operup event--in
477 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
478 * fails. This will hit us when wpa_supplicant does not need to do
479 * IEEE 802.1X authentication
480 */
481 if (drv->operstate == 1 &&
482 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
483 !(ifi->ifi_flags & IFF_RUNNING))
484 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
485 -1, IF_OPER_UP);
486
487 attrlen = len;
488 attr = (struct rtattr *) buf;
489 rta_len = RTA_ALIGN(sizeof(struct rtattr));
490 while (RTA_OK(attr, attrlen)) {
491 if (attr->rta_type == IFLA_IFNAME) {
492 wpa_driver_nl80211_event_link(
493 drv,
494 ((char *) attr) + rta_len,
495 attr->rta_len - rta_len, 0);
496 } else if (attr->rta_type == IFLA_MASTER)
497 brid = nla_get_u32((struct nlattr *) attr);
498 attr = RTA_NEXT(attr, attrlen);
499 }
500
501 #ifdef HOSTAPD
502 if (ifi->ifi_family == AF_BRIDGE && brid) {
503 /* device has been added to bridge */
504 char namebuf[IFNAMSIZ];
505 if_indextoname(brid, namebuf);
506 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
507 brid, namebuf);
508 add_ifidx(drv, brid);
509 }
510 #endif /* HOSTAPD */
511 }
512
513
514 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
515 struct ifinfomsg *ifi,
516 u8 *buf, size_t len)
517 {
518 struct wpa_driver_nl80211_data *drv = ctx;
519 int attrlen, rta_len;
520 struct rtattr *attr;
521 u32 brid = 0;
522
523 attrlen = len;
524 attr = (struct rtattr *) buf;
525
526 rta_len = RTA_ALIGN(sizeof(struct rtattr));
527 while (RTA_OK(attr, attrlen)) {
528 if (attr->rta_type == IFLA_IFNAME) {
529 wpa_driver_nl80211_event_link(
530 drv,
531 ((char *) attr) + rta_len,
532 attr->rta_len - rta_len, 1);
533 } else if (attr->rta_type == IFLA_MASTER)
534 brid = nla_get_u32((struct nlattr *) attr);
535 attr = RTA_NEXT(attr, attrlen);
536 }
537
538 #ifdef HOSTAPD
539 if (ifi->ifi_family == AF_BRIDGE && brid) {
540 /* device has been removed from bridge */
541 char namebuf[IFNAMSIZ];
542 if_indextoname(brid, namebuf);
543 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge "
544 "%s", brid, namebuf);
545 del_ifidx(drv, brid);
546 }
547 #endif /* HOSTAPD */
548 }
549
550
551 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
552 const u8 *frame, size_t len)
553 {
554 const struct ieee80211_mgmt *mgmt;
555 union wpa_event_data event;
556
557 mgmt = (const struct ieee80211_mgmt *) frame;
558 if (len < 24 + sizeof(mgmt->u.auth)) {
559 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
560 "frame");
561 return;
562 }
563
564 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN);
565 os_memset(&event, 0, sizeof(event));
566 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
567 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
568 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
569 if (len > 24 + sizeof(mgmt->u.auth)) {
570 event.auth.ies = mgmt->u.auth.variable;
571 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
572 }
573
574 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
575 }
576
577
578 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
579 const u8 *frame, size_t len)
580 {
581 const struct ieee80211_mgmt *mgmt;
582 union wpa_event_data event;
583 u16 status;
584
585 mgmt = (const struct ieee80211_mgmt *) frame;
586 if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
587 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
588 "frame");
589 return;
590 }
591
592 status = le_to_host16(mgmt->u.assoc_resp.status_code);
593 if (status != WLAN_STATUS_SUCCESS) {
594 os_memset(&event, 0, sizeof(event));
595 event.assoc_reject.bssid = mgmt->bssid;
596 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
597 event.assoc_reject.resp_ies =
598 (u8 *) mgmt->u.assoc_resp.variable;
599 event.assoc_reject.resp_ies_len =
600 len - 24 - sizeof(mgmt->u.assoc_resp);
601 }
602 event.assoc_reject.status_code = status;
603
604 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
605 return;
606 }
607
608 drv->associated = 1;
609 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
610
611 os_memset(&event, 0, sizeof(event));
612 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
613 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
614 event.assoc_info.resp_ies_len =
615 len - 24 - sizeof(mgmt->u.assoc_resp);
616 }
617
618 event.assoc_info.freq = drv->assoc_freq;
619
620 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
621 }
622
623
624 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
625 enum nl80211_commands cmd, struct nlattr *status,
626 struct nlattr *addr, struct nlattr *req_ie,
627 struct nlattr *resp_ie)
628 {
629 union wpa_event_data event;
630
631 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
632 /*
633 * Avoid reporting two association events that would confuse
634 * the core code.
635 */
636 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) "
637 "when using userspace SME", cmd);
638 return;
639 }
640
641 os_memset(&event, 0, sizeof(event));
642 if (cmd == NL80211_CMD_CONNECT &&
643 nla_get_u16(status) != WLAN_STATUS_SUCCESS) {
644 if (resp_ie) {
645 event.assoc_reject.resp_ies = nla_data(resp_ie);
646 event.assoc_reject.resp_ies_len = nla_len(resp_ie);
647 }
648 event.assoc_reject.status_code = nla_get_u16(status);
649 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
650 return;
651 }
652
653 drv->associated = 1;
654 if (addr)
655 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN);
656
657 if (req_ie) {
658 event.assoc_info.req_ies = nla_data(req_ie);
659 event.assoc_info.req_ies_len = nla_len(req_ie);
660 }
661 if (resp_ie) {
662 event.assoc_info.resp_ies = nla_data(resp_ie);
663 event.assoc_info.resp_ies_len = nla_len(resp_ie);
664 }
665
666 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
667 }
668
669
670 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv,
671 enum nl80211_commands cmd, struct nlattr *addr)
672 {
673 union wpa_event_data event;
674 enum wpa_event_type ev;
675
676 if (nla_len(addr) != ETH_ALEN)
677 return;
678
679 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR,
680 cmd, MAC2STR((u8 *) nla_data(addr)));
681
682 if (cmd == NL80211_CMD_AUTHENTICATE)
683 ev = EVENT_AUTH_TIMED_OUT;
684 else if (cmd == NL80211_CMD_ASSOCIATE)
685 ev = EVENT_ASSOC_TIMED_OUT;
686 else
687 return;
688
689 os_memset(&event, 0, sizeof(event));
690 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN);
691 wpa_supplicant_event(drv->ctx, ev, &event);
692 }
693
694
695 static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv,
696 struct nlattr *freq, const u8 *frame, size_t len)
697 {
698 const struct ieee80211_mgmt *mgmt;
699 union wpa_event_data event;
700 u16 fc, stype;
701
702 mgmt = (const struct ieee80211_mgmt *) frame;
703 if (len < 24) {
704 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame");
705 return;
706 }
707
708 fc = le_to_host16(mgmt->frame_control);
709 stype = WLAN_FC_GET_STYPE(fc);
710
711 os_memset(&event, 0, sizeof(event));
712 if (freq) {
713 event.rx_action.freq = nla_get_u32(freq);
714 drv->last_mgmt_freq = event.rx_action.freq;
715 }
716 if (stype == WLAN_FC_STYPE_ACTION) {
717 event.rx_action.da = mgmt->da;
718 event.rx_action.sa = mgmt->sa;
719 event.rx_action.bssid = mgmt->bssid;
720 event.rx_action.category = mgmt->u.action.category;
721 event.rx_action.data = &mgmt->u.action.category + 1;
722 event.rx_action.len = frame + len - event.rx_action.data;
723 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event);
724 } else {
725 event.rx_mgmt.frame = frame;
726 event.rx_mgmt.frame_len = len;
727 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
728 }
729 }
730
731
732 static void mlme_event_action_tx_status(struct wpa_driver_nl80211_data *drv,
733 struct nlattr *cookie, const u8 *frame,
734 size_t len, struct nlattr *ack)
735 {
736 union wpa_event_data event;
737 const struct ieee80211_hdr *hdr;
738 u16 fc;
739 u64 cookie_val;
740
741 if (!cookie)
742 return;
743
744 cookie_val = nla_get_u64(cookie);
745 wpa_printf(MSG_DEBUG, "nl80211: Action TX status: cookie=0%llx%s "
746 "(ack=%d)",
747 (long long unsigned int) cookie_val,
748 cookie_val == drv->send_action_cookie ?
749 " (match)" : " (unknown)", ack != NULL);
750 if (cookie_val != drv->send_action_cookie)
751 return;
752
753 hdr = (const struct ieee80211_hdr *) frame;
754 fc = le_to_host16(hdr->frame_control);
755
756 os_memset(&event, 0, sizeof(event));
757 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
758 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
759 event.tx_status.dst = hdr->addr1;
760 event.tx_status.data = frame;
761 event.tx_status.data_len = len;
762 event.tx_status.ack = ack != NULL;
763 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event);
764 }
765
766
767 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
768 enum wpa_event_type type,
769 const u8 *frame, size_t len)
770 {
771 const struct ieee80211_mgmt *mgmt;
772 union wpa_event_data event;
773 const u8 *bssid = NULL;
774 u16 reason_code = 0;
775
776 mgmt = (const struct ieee80211_mgmt *) frame;
777 if (len >= 24) {
778 bssid = mgmt->bssid;
779
780 if (drv->associated != 0 &&
781 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
782 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
783 /*
784 * We have presumably received this deauth as a
785 * response to a clear_state_mismatch() outgoing
786 * deauth. Don't let it take us offline!
787 */
788 wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
789 "from Unknown BSSID " MACSTR " -- ignoring",
790 MAC2STR(bssid));
791 return;
792 }
793 }
794
795 drv->associated = 0;
796 os_memset(&event, 0, sizeof(event));
797
798 /* Note: Same offset for Reason Code in both frame subtypes */
799 if (len >= 24 + sizeof(mgmt->u.deauth))
800 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
801
802 if (type == EVENT_DISASSOC) {
803 event.disassoc_info.addr = bssid;
804 event.disassoc_info.reason_code = reason_code;
805 if (frame + len > mgmt->u.disassoc.variable) {
806 event.disassoc_info.ie = mgmt->u.disassoc.variable;
807 event.disassoc_info.ie_len = frame + len -
808 mgmt->u.disassoc.variable;
809 }
810 } else {
811 event.deauth_info.addr = bssid;
812 event.deauth_info.reason_code = reason_code;
813 if (frame + len > mgmt->u.deauth.variable) {
814 event.deauth_info.ie = mgmt->u.deauth.variable;
815 event.deauth_info.ie_len = frame + len -
816 mgmt->u.deauth.variable;
817 }
818 }
819
820 wpa_supplicant_event(drv->ctx, type, &event);
821 }
822
823
824 static void mlme_event(struct wpa_driver_nl80211_data *drv,
825 enum nl80211_commands cmd, struct nlattr *frame,
826 struct nlattr *addr, struct nlattr *timed_out,
827 struct nlattr *freq, struct nlattr *ack,
828 struct nlattr *cookie)
829 {
830 if (timed_out && addr) {
831 mlme_timeout_event(drv, cmd, addr);
832 return;
833 }
834
835 if (frame == NULL) {
836 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame "
837 "data", cmd);
838 return;
839 }
840
841 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd);
842 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
843 nla_data(frame), nla_len(frame));
844
845 switch (cmd) {
846 case NL80211_CMD_AUTHENTICATE:
847 mlme_event_auth(drv, nla_data(frame), nla_len(frame));
848 break;
849 case NL80211_CMD_ASSOCIATE:
850 mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
851 break;
852 case NL80211_CMD_DEAUTHENTICATE:
853 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH,
854 nla_data(frame), nla_len(frame));
855 break;
856 case NL80211_CMD_DISASSOCIATE:
857 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC,
858 nla_data(frame), nla_len(frame));
859 break;
860 case NL80211_CMD_FRAME:
861 mlme_event_mgmt(drv, freq, nla_data(frame), nla_len(frame));
862 break;
863 case NL80211_CMD_FRAME_TX_STATUS:
864 mlme_event_action_tx_status(drv, cookie, nla_data(frame),
865 nla_len(frame), ack);
866 break;
867 default:
868 break;
869 }
870 }
871
872
873 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv,
874 struct nlattr *tb[])
875 {
876 union wpa_event_data data;
877
878 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
879 os_memset(&data, 0, sizeof(data));
880 if (tb[NL80211_ATTR_MAC]) {
881 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
882 nla_data(tb[NL80211_ATTR_MAC]),
883 nla_len(tb[NL80211_ATTR_MAC]));
884 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]);
885 }
886 if (tb[NL80211_ATTR_KEY_SEQ]) {
887 wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
888 nla_data(tb[NL80211_ATTR_KEY_SEQ]),
889 nla_len(tb[NL80211_ATTR_KEY_SEQ]));
890 }
891 if (tb[NL80211_ATTR_KEY_TYPE]) {
892 enum nl80211_key_type key_type =
893 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
894 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
895 if (key_type == NL80211_KEYTYPE_PAIRWISE)
896 data.michael_mic_failure.unicast = 1;
897 } else
898 data.michael_mic_failure.unicast = 1;
899
900 if (tb[NL80211_ATTR_KEY_IDX]) {
901 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
902 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
903 }
904
905 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
906 }
907
908
909 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv,
910 struct nlattr *tb[])
911 {
912 if (tb[NL80211_ATTR_MAC] == NULL) {
913 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined "
914 "event");
915 return;
916 }
917 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
918 drv->associated = 1;
919 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined",
920 MAC2STR(drv->bssid));
921
922 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
923 }
924
925
926 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv,
927 int cancel_event, struct nlattr *tb[])
928 {
929 unsigned int freq, chan_type, duration;
930 union wpa_event_data data;
931 u64 cookie;
932
933 if (tb[NL80211_ATTR_WIPHY_FREQ])
934 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
935 else
936 freq = 0;
937
938 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
939 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
940 else
941 chan_type = 0;
942
943 if (tb[NL80211_ATTR_DURATION])
944 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]);
945 else
946 duration = 0;
947
948 if (tb[NL80211_ATTR_COOKIE])
949 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
950 else
951 cookie = 0;
952
953 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d "
954 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))",
955 cancel_event, freq, chan_type, duration,
956 (long long unsigned int) cookie,
957 cookie == drv->remain_on_chan_cookie ? "match" : "unknown");
958
959 if (cookie != drv->remain_on_chan_cookie)
960 return; /* not for us */
961
962 drv->pending_remain_on_chan = !cancel_event;
963
964 os_memset(&data, 0, sizeof(data));
965 data.remain_on_channel.freq = freq;
966 data.remain_on_channel.duration = duration;
967 wpa_supplicant_event(drv->ctx, cancel_event ?
968 EVENT_CANCEL_REMAIN_ON_CHANNEL :
969 EVENT_REMAIN_ON_CHANNEL, &data);
970 }
971
972
973 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
974 struct nlattr *tb[])
975 {
976 union wpa_event_data event;
977 struct nlattr *nl;
978 int rem;
979 struct scan_info *info;
980 #define MAX_REPORT_FREQS 50
981 int freqs[MAX_REPORT_FREQS];
982 int num_freqs = 0;
983
984 os_memset(&event, 0, sizeof(event));
985 info = &event.scan_info;
986 info->aborted = aborted;
987
988 if (tb[NL80211_ATTR_SCAN_SSIDS]) {
989 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
990 struct wpa_driver_scan_ssid *s =
991 &info->ssids[info->num_ssids];
992 s->ssid = nla_data(nl);
993 s->ssid_len = nla_len(nl);
994 info->num_ssids++;
995 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
996 break;
997 }
998 }
999 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
1000 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem)
1001 {
1002 freqs[num_freqs] = nla_get_u32(nl);
1003 num_freqs++;
1004 if (num_freqs == MAX_REPORT_FREQS - 1)
1005 break;
1006 }
1007 info->freqs = freqs;
1008 info->num_freqs = num_freqs;
1009 }
1010 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
1011 }
1012
1013
1014 static int get_link_signal(struct nl_msg *msg, void *arg)
1015 {
1016 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1017 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1018 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
1019 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
1020 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
1021 };
1022 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1];
1023 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
1024 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
1025 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
1026 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG },
1027 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
1028 };
1029 struct signal_change *sig_change = arg;
1030
1031 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1032 genlmsg_attrlen(gnlh, 0), NULL);
1033 if (!tb[NL80211_ATTR_STA_INFO] ||
1034 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
1035 tb[NL80211_ATTR_STA_INFO], policy))
1036 return NL_SKIP;
1037 if (!sinfo[NL80211_STA_INFO_SIGNAL])
1038 return NL_SKIP;
1039
1040 sig_change->current_signal =
1041 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
1042
1043 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) {
1044 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX,
1045 sinfo[NL80211_STA_INFO_TX_BITRATE],
1046 rate_policy)) {
1047 sig_change->current_txrate = 0;
1048 } else {
1049 if (rinfo[NL80211_RATE_INFO_BITRATE]) {
1050 sig_change->current_txrate =
1051 nla_get_u16(rinfo[
1052 NL80211_RATE_INFO_BITRATE]) * 100;
1053 }
1054 }
1055 }
1056
1057 return NL_SKIP;
1058 }
1059
1060
1061 static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
1062 struct signal_change *sig)
1063 {
1064 struct nl_msg *msg;
1065
1066 sig->current_signal = -9999;
1067 sig->current_txrate = 0;
1068
1069 msg = nlmsg_alloc();
1070 if (!msg)
1071 return -ENOMEM;
1072
1073 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1074 0, NL80211_CMD_GET_STATION, 0);
1075
1076 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1077 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
1078
1079 return send_and_recv_msgs(drv, msg, get_link_signal, sig);
1080 nla_put_failure:
1081 return -ENOBUFS;
1082 }
1083
1084
1085 static int get_link_noise(struct nl_msg *msg, void *arg)
1086 {
1087 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1088 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1089 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1090 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1091 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1092 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1093 };
1094 struct signal_change *sig_change = arg;
1095
1096 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1097 genlmsg_attrlen(gnlh, 0), NULL);
1098
1099 if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1100 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
1101 return NL_SKIP;
1102 }
1103
1104 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1105 tb[NL80211_ATTR_SURVEY_INFO],
1106 survey_policy)) {
1107 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
1108 "attributes!");
1109 return NL_SKIP;
1110 }
1111
1112 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1113 return NL_SKIP;
1114
1115 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1116 sig_change->frequency)
1117 return NL_SKIP;
1118
1119 if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1120 return NL_SKIP;
1121
1122 sig_change->current_noise =
1123 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1124
1125 return NL_SKIP;
1126 }
1127
1128
1129 static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
1130 struct signal_change *sig_change)
1131 {
1132 struct nl_msg *msg;
1133
1134 sig_change->current_noise = 9999;
1135 sig_change->frequency = drv->assoc_freq;
1136
1137 msg = nlmsg_alloc();
1138 if (!msg)
1139 return -ENOMEM;
1140
1141 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1142 NLM_F_DUMP, NL80211_CMD_GET_SURVEY, 0);
1143
1144 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1145
1146 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change);
1147 nla_put_failure:
1148 return -ENOBUFS;
1149 }
1150
1151
1152 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv,
1153 struct nlattr *tb[])
1154 {
1155 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
1156 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
1157 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 },
1158 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
1159 };
1160 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1];
1161 enum nl80211_cqm_rssi_threshold_event event;
1162 union wpa_event_data ed;
1163 struct signal_change sig;
1164 int res;
1165
1166 if (tb[NL80211_ATTR_CQM] == NULL ||
1167 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM],
1168 cqm_policy)) {
1169 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event");
1170 return;
1171 }
1172
1173 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL)
1174 return;
1175 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]);
1176
1177 os_memset(&ed, 0, sizeof(ed));
1178
1179 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) {
1180 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1181 "event: RSSI high");
1182 ed.signal_change.above_threshold = 1;
1183 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) {
1184 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1185 "event: RSSI low");
1186 ed.signal_change.above_threshold = 0;
1187 } else
1188 return;
1189
1190 res = nl80211_get_link_signal(drv, &sig);
1191 if (res == 0) {
1192 ed.signal_change.current_signal = sig.current_signal;
1193 ed.signal_change.current_txrate = sig.current_txrate;
1194 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d",
1195 sig.current_signal, sig.current_txrate);
1196 }
1197
1198 res = nl80211_get_link_noise(drv, &sig);
1199 if (res == 0) {
1200 ed.signal_change.current_noise = sig.current_noise;
1201 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm",
1202 sig.current_noise);
1203 }
1204
1205 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed);
1206 }
1207
1208
1209 static int process_event(struct nl_msg *msg, void *arg)
1210 {
1211 struct wpa_driver_nl80211_data *drv = arg;
1212 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1213 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1214 union wpa_event_data data;
1215
1216 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1217 genlmsg_attrlen(gnlh, 0), NULL);
1218
1219 if (tb[NL80211_ATTR_IFINDEX]) {
1220 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1221 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) {
1222 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)"
1223 " for foreign interface (ifindex %d)",
1224 gnlh->cmd, ifindex);
1225 return NL_SKIP;
1226 }
1227 }
1228
1229 if (drv->ap_scan_as_station &&
1230 (gnlh->cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
1231 gnlh->cmd == NL80211_CMD_SCAN_ABORTED)) {
1232 wpa_driver_nl80211_set_mode(&drv->first_bss,
1233 IEEE80211_MODE_AP);
1234 drv->ap_scan_as_station = 0;
1235 }
1236
1237 switch (gnlh->cmd) {
1238 case NL80211_CMD_TRIGGER_SCAN:
1239 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger");
1240 break;
1241 case NL80211_CMD_NEW_SCAN_RESULTS:
1242 wpa_printf(MSG_DEBUG, "nl80211: New scan results available");
1243 drv->scan_complete_events = 1;
1244 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
1245 drv->ctx);
1246 send_scan_event(drv, 0, tb);
1247 break;
1248 case NL80211_CMD_SCAN_ABORTED:
1249 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted");
1250 /*
1251 * Need to indicate that scan results are available in order
1252 * not to make wpa_supplicant stop its scanning.
1253 */
1254 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
1255 drv->ctx);
1256 send_scan_event(drv, 1, tb);
1257 break;
1258 case NL80211_CMD_AUTHENTICATE:
1259 case NL80211_CMD_ASSOCIATE:
1260 case NL80211_CMD_DEAUTHENTICATE:
1261 case NL80211_CMD_DISASSOCIATE:
1262 case NL80211_CMD_FRAME:
1263 case NL80211_CMD_FRAME_TX_STATUS:
1264 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME],
1265 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
1266 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
1267 tb[NL80211_ATTR_COOKIE]);
1268 break;
1269 case NL80211_CMD_CONNECT:
1270 case NL80211_CMD_ROAM:
1271 mlme_event_connect(drv, gnlh->cmd,
1272 tb[NL80211_ATTR_STATUS_CODE],
1273 tb[NL80211_ATTR_MAC],
1274 tb[NL80211_ATTR_REQ_IE],
1275 tb[NL80211_ATTR_RESP_IE]);
1276 break;
1277 case NL80211_CMD_DISCONNECT:
1278 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1279 /*
1280 * Avoid reporting two disassociation events that could
1281 * confuse the core code.
1282 */
1283 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1284 "event when using userspace SME");
1285 break;
1286 }
1287 drv->associated = 0;
1288 os_memset(&data, 0, sizeof(data));
1289 if (tb[NL80211_ATTR_REASON_CODE])
1290 data.disassoc_info.reason_code =
1291 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]);
1292 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data);
1293 break;
1294 case NL80211_CMD_MICHAEL_MIC_FAILURE:
1295 mlme_event_michael_mic_failure(drv, tb);
1296 break;
1297 case NL80211_CMD_JOIN_IBSS:
1298 mlme_event_join_ibss(drv, tb);
1299 break;
1300 case NL80211_CMD_REMAIN_ON_CHANNEL:
1301 mlme_event_remain_on_channel(drv, 0, tb);
1302 break;
1303 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL:
1304 mlme_event_remain_on_channel(drv, 1, tb);
1305 break;
1306 case NL80211_CMD_NOTIFY_CQM:
1307 nl80211_cqm_event(drv, tb);
1308 break;
1309 case NL80211_CMD_REG_CHANGE:
1310 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change");
1311 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
1312 NULL);
1313 break;
1314 case NL80211_CMD_REG_BEACON_HINT:
1315 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
1316 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
1317 NULL);
1318 break;
1319 default:
1320 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
1321 "(cmd=%d)", gnlh->cmd);
1322 break;
1323 }
1324
1325 return NL_SKIP;
1326 }
1327
1328
1329 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
1330 void *handle)
1331 {
1332 struct nl_cb *cb;
1333 struct wpa_driver_nl80211_data *drv = eloop_ctx;
1334
1335 wpa_printf(MSG_DEBUG, "nl80211: Event message available");
1336
1337 cb = nl_cb_clone(drv->nl_cb);
1338 if (!cb)
1339 return;
1340 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
1341 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv);
1342 nl_recvmsgs(handle, cb);
1343 nl_cb_put(cb);
1344 }
1345
1346
1347 /**
1348 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
1349 * @priv: driver_nl80211 private data
1350 * @alpha2_arg: country to which to switch to
1351 * Returns: 0 on success, -1 on failure
1352 *
1353 * This asks nl80211 to set the regulatory domain for given
1354 * country ISO / IEC alpha2.
1355 */
1356 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
1357 {
1358 struct i802_bss *bss = priv;
1359 struct wpa_driver_nl80211_data *drv = bss->drv;
1360 char alpha2[3];
1361 struct nl_msg *msg;
1362
1363 msg = nlmsg_alloc();
1364 if (!msg)
1365 return -ENOMEM;
1366
1367 alpha2[0] = alpha2_arg[0];
1368 alpha2[1] = alpha2_arg[1];
1369 alpha2[2] = '\0';
1370
1371 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1372 0, NL80211_CMD_REQ_SET_REG, 0);
1373
1374 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
1375 if (send_and_recv_msgs(drv, msg, NULL, NULL))
1376 return -EINVAL;
1377 return 0;
1378 nla_put_failure:
1379 return -EINVAL;
1380 }
1381
1382
1383 #ifndef HOSTAPD
1384 struct wiphy_info_data {
1385 int max_scan_ssids;
1386 int ap_supported;
1387 int auth_supported;
1388 int connect_supported;
1389 };
1390
1391
1392 static int wiphy_info_handler(struct nl_msg *msg, void *arg)
1393 {
1394 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1395 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1396 struct wiphy_info_data *info = arg;
1397
1398 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1399 genlmsg_attrlen(gnlh, 0), NULL);
1400
1401 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
1402 info->max_scan_ssids =
1403 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
1404
1405 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) {
1406 struct nlattr *nl_mode;
1407 int i;
1408 nla_for_each_nested(nl_mode,
1409 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) {
1410 if (nl_mode->nla_type == NL80211_IFTYPE_AP) {
1411 info->ap_supported = 1;
1412 break;
1413 }
1414 }
1415 }
1416
1417 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) {
1418 struct nlattr *nl_cmd;
1419 int i;
1420
1421 nla_for_each_nested(nl_cmd,
1422 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) {
1423 u32 cmd = nla_get_u32(nl_cmd);
1424 if (cmd == NL80211_CMD_AUTHENTICATE)
1425 info->auth_supported = 1;
1426 else if (cmd == NL80211_CMD_CONNECT)
1427 info->connect_supported = 1;
1428 }
1429 }
1430
1431 return NL_SKIP;
1432 }
1433
1434
1435 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
1436 struct wiphy_info_data *info)
1437 {
1438 struct nl_msg *msg;
1439
1440 os_memset(info, 0, sizeof(*info));
1441 msg = nlmsg_alloc();
1442 if (!msg)
1443 return -1;
1444
1445 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1446 0, NL80211_CMD_GET_WIPHY, 0);
1447
1448 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex);
1449
1450 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0)
1451 return 0;
1452 msg = NULL;
1453 nla_put_failure:
1454 nlmsg_free(msg);
1455 return -1;
1456 }
1457
1458
1459 static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
1460 {
1461 struct wiphy_info_data info;
1462 if (wpa_driver_nl80211_get_info(drv, &info))
1463 return -1;
1464 drv->has_capability = 1;
1465 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
1466 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1467 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
1468 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1469 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1470 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
1471 WPA_DRIVER_CAPA_ENC_WEP104 |
1472 WPA_DRIVER_CAPA_ENC_TKIP |
1473 WPA_DRIVER_CAPA_ENC_CCMP;
1474 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1475 WPA_DRIVER_AUTH_SHARED |
1476 WPA_DRIVER_AUTH_LEAP;
1477
1478 drv->capa.max_scan_ssids = info.max_scan_ssids;
1479 if (info.ap_supported)
1480 drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
1481
1482 if (info.auth_supported)
1483 drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
1484 else if (!info.connect_supported) {
1485 wpa_printf(MSG_INFO, "nl80211: Driver does not support "
1486 "authentication/association or connect commands");
1487 return -1;
1488 }
1489
1490 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE;
1491 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE;
1492 drv->capa.max_remain_on_chan = 5000;
1493
1494 return 0;
1495 }
1496 #endif /* HOSTAPD */
1497
1498
1499 static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv)
1500 {
1501 int ret;
1502
1503 /* Initialize generic netlink and nl80211 */
1504
1505 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1506 if (drv->nl_cb == NULL) {
1507 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1508 "callbacks");
1509 goto err1;
1510 }
1511
1512 drv->nl_handle = nl80211_handle_alloc(drv->nl_cb);
1513 if (drv->nl_handle == NULL) {
1514 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1515 "callbacks");
1516 goto err2;
1517 }
1518
1519 drv->nl_handle_event = nl80211_handle_alloc(drv->nl_cb);
1520 if (drv->nl_handle_event == NULL) {
1521 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1522 "callbacks (event)");
1523 goto err2b;
1524 }
1525
1526 if (genl_connect(drv->nl_handle)) {
1527 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1528 "netlink");
1529 goto err3;
1530 }
1531
1532 if (genl_connect(drv->nl_handle_event)) {
1533 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1534 "netlink (event)");
1535 goto err3;
1536 }
1537
1538 #ifdef CONFIG_LIBNL20
1539 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) {
1540 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1541 "netlink cache");
1542 goto err3;
1543 }
1544 if (genl_ctrl_alloc_cache(drv->nl_handle_event, &drv->nl_cache_event) <
1545 0) {
1546 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1547 "netlink cache (event)");
1548 goto err3b;
1549 }
1550 #else /* CONFIG_LIBNL20 */
1551 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
1552 if (drv->nl_cache == NULL) {
1553 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1554 "netlink cache");
1555 goto err3;
1556 }
1557 drv->nl_cache_event = genl_ctrl_alloc_cache(drv->nl_handle_event);
1558 if (drv->nl_cache_event == NULL) {
1559 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1560 "netlink cache (event)");
1561 goto err3b;
1562 }
1563 #endif /* CONFIG_LIBNL20 */
1564
1565 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
1566 if (drv->nl80211 == NULL) {
1567 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
1568 "found");
1569 goto err4;
1570 }
1571
1572 ret = nl_get_multicast_id(drv, "nl80211", "scan");
1573 if (ret >= 0)
1574 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1575 if (ret < 0) {
1576 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1577 "membership for scan events: %d (%s)",
1578 ret, strerror(-ret));
1579 goto err4;
1580 }
1581
1582 ret = nl_get_multicast_id(drv, "nl80211", "mlme");
1583 if (ret >= 0)
1584 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1585 if (ret < 0) {
1586 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1587 "membership for mlme events: %d (%s)",
1588 ret, strerror(-ret));
1589 goto err4;
1590 }
1591
1592 ret = nl_get_multicast_id(drv, "nl80211", "regulatory");
1593 if (ret >= 0)
1594 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1595 if (ret < 0) {
1596 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
1597 "membership for regulatory events: %d (%s)",
1598 ret, strerror(-ret));
1599 /* Continue without regulatory events */
1600 }
1601
1602 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_event),
1603 wpa_driver_nl80211_event_receive, drv,
1604 drv->nl_handle_event);
1605
1606 return 0;
1607
1608 err4:
1609 nl_cache_free(drv->nl_cache_event);
1610 err3b:
1611 nl_cache_free(drv->nl_cache);
1612 err3:
1613 nl80211_handle_destroy(drv->nl_handle_event);
1614 err2b:
1615 nl80211_handle_destroy(drv->nl_handle);
1616 err2:
1617 nl_cb_put(drv->nl_cb);
1618 err1:
1619 return -1;
1620 }
1621
1622
1623 static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
1624 {
1625 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
1626 /*
1627 * This may be for any interface; use ifdown event to disable
1628 * interface.
1629 */
1630 }
1631
1632
1633 static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
1634 {
1635 struct wpa_driver_nl80211_data *drv = ctx;
1636 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
1637 if (linux_set_iface_flags(drv->ioctl_sock, drv->first_bss.ifname, 1)) {
1638 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
1639 "after rfkill unblock");
1640 return;
1641 }
1642 /* rtnetlink ifup handler will report interface as enabled */
1643 }
1644
1645
1646 /**
1647 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
1648 * @ctx: context to be used when calling wpa_supplicant functions,
1649 * e.g., wpa_supplicant_event()
1650 * @ifname: interface name, e.g., wlan0
1651 * Returns: Pointer to private data, %NULL on failure
1652 */
1653 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname)
1654 {
1655 struct wpa_driver_nl80211_data *drv;
1656 struct netlink_config *cfg;
1657 struct rfkill_config *rcfg;
1658 struct i802_bss *bss;
1659
1660 drv = os_zalloc(sizeof(*drv));
1661 if (drv == NULL)
1662 return NULL;
1663 drv->ctx = ctx;
1664 bss = &drv->first_bss;
1665 bss->drv = drv;
1666 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
1667 drv->monitor_ifidx = -1;
1668 drv->monitor_sock = -1;
1669 drv->ioctl_sock = -1;
1670
1671 if (wpa_driver_nl80211_init_nl(drv)) {
1672 os_free(drv);
1673 return NULL;
1674 }
1675
1676 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1677 if (drv->ioctl_sock < 0) {
1678 perror("socket(PF_INET,SOCK_DGRAM)");
1679 goto failed;
1680 }
1681
1682 cfg = os_zalloc(sizeof(*cfg));
1683 if (cfg == NULL)
1684 goto failed;
1685 cfg->ctx = drv;
1686 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
1687 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
1688 drv->netlink = netlink_init(cfg);
1689 if (drv->netlink == NULL) {
1690 os_free(cfg);
1691 goto failed;
1692 }
1693
1694 rcfg = os_zalloc(sizeof(*rcfg));
1695 if (rcfg == NULL)
1696 goto failed;
1697 rcfg->ctx = drv;
1698 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
1699 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
1700 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
1701 drv->rfkill = rfkill_init(rcfg);
1702 if (drv->rfkill == NULL) {
1703 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
1704 os_free(rcfg);
1705 }
1706
1707 if (wpa_driver_nl80211_finish_drv_init(drv))
1708 goto failed;
1709
1710 return bss;
1711
1712 failed:
1713 rfkill_deinit(drv->rfkill);
1714 netlink_deinit(drv->netlink);
1715 if (drv->ioctl_sock >= 0)
1716 close(drv->ioctl_sock);
1717
1718 genl_family_put(drv->nl80211);
1719 nl_cache_free(drv->nl_cache);
1720 nl80211_handle_destroy(drv->nl_handle);
1721 nl_cb_put(drv->nl_cb);
1722 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event));
1723
1724 os_free(drv);
1725 return NULL;
1726 }
1727
1728
1729 static int nl80211_register_frame(struct wpa_driver_nl80211_data *drv,
1730 struct nl_handle *nl_handle,
1731 u16 type, const u8 *match, size_t match_len)
1732 {
1733 struct nl_msg *msg;
1734 int ret = -1;
1735
1736 msg = nlmsg_alloc();
1737 if (!msg)
1738 return -1;
1739
1740 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1741 NL80211_CMD_REGISTER_ACTION, 0);
1742
1743 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1744 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type);
1745 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match);
1746
1747 ret = send_and_recv(drv, nl_handle, msg, NULL, NULL);
1748 msg = NULL;
1749 if (ret) {
1750 wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
1751 "failed (type=%u): ret=%d (%s)",
1752 type, ret, strerror(-ret));
1753 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
1754 match, match_len);
1755 goto nla_put_failure;
1756 }
1757 ret = 0;
1758 nla_put_failure:
1759 nlmsg_free(msg);
1760 return ret;
1761 }
1762
1763
1764 static int nl80211_register_action_frame(struct wpa_driver_nl80211_data *drv,
1765 const u8 *match, size_t match_len)
1766 {
1767 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
1768 return nl80211_register_frame(drv, drv->nl_handle_event,
1769 type, match, match_len);
1770 }
1771
1772
1773 static int nl80211_register_action_frames(struct wpa_driver_nl80211_data *drv)
1774 {
1775 #ifdef CONFIG_P2P
1776 /* GAS Initial Request */
1777 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0a", 2) < 0)
1778 return -1;
1779 /* GAS Initial Response */
1780 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0b", 2) < 0)
1781 return -1;
1782 /* GAS Comeback Request */
1783 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0c", 2) < 0)
1784 return -1;
1785 /* GAS Comeback Response */
1786 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0d", 2) < 0)
1787 return -1;
1788 /* P2P Public Action */
1789 if (nl80211_register_action_frame(drv,
1790 (u8 *) "\x04\x09\x50\x6f\x9a\x09",
1791 6) < 0)
1792 return -1;
1793 /* P2P Action */
1794 if (nl80211_register_action_frame(drv,
1795 (u8 *) "\x7f\x50\x6f\x9a\x09",
1796 5) < 0)
1797 return -1;
1798 #endif /* CONFIG_P2P */
1799
1800 /* FT Action frames */
1801 if (nl80211_register_action_frame(drv, (u8 *) "\x06", 1) < 0)
1802 return -1;
1803 else
1804 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
1805 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
1806
1807 return 0;
1808 }
1809
1810
1811 static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
1812 {
1813 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
1814 }
1815
1816
1817 static int
1818 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
1819 {
1820 struct i802_bss *bss = &drv->first_bss;
1821 int send_rfkill_event = 0;
1822
1823 drv->ifindex = if_nametoindex(bss->ifname);
1824 drv->first_bss.ifindex = drv->ifindex;
1825
1826 #ifndef HOSTAPD
1827 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA) < 0) {
1828 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to "
1829 "use managed mode");
1830 }
1831
1832 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) {
1833 if (rfkill_is_blocked(drv->rfkill)) {
1834 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
1835 "interface '%s' due to rfkill",
1836 bss->ifname);
1837 drv->if_disabled = 1;
1838 send_rfkill_event = 1;
1839 } else {
1840 wpa_printf(MSG_ERROR, "nl80211: Could not set "
1841 "interface '%s' UP", bss->ifname);
1842 return -1;
1843 }
1844 }
1845
1846 if (wpa_driver_nl80211_capa(drv))
1847 return -1;
1848
1849 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
1850 1, IF_OPER_DORMANT);
1851 #endif /* HOSTAPD */
1852
1853 if (nl80211_register_action_frames(drv) < 0) {
1854 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
1855 "frame processing - ignore for now");
1856 /*
1857 * Older kernel versions did not support this, so ignore the
1858 * error for now. Some functionality may not be available
1859 * because of this.
1860 */
1861 }
1862
1863 if (send_rfkill_event) {
1864 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
1865 drv, drv->ctx);
1866 }
1867
1868 return 0;
1869 }
1870
1871
1872 static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
1873 {
1874 struct nl_msg *msg;
1875
1876 msg = nlmsg_alloc();
1877 if (!msg)
1878 return -ENOMEM;
1879
1880 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1881 0, NL80211_CMD_DEL_BEACON, 0);
1882 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1883
1884 return send_and_recv_msgs(drv, msg, NULL, NULL);
1885 nla_put_failure:
1886 return -ENOBUFS;
1887 }
1888
1889
1890 /**
1891 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
1892 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init()
1893 *
1894 * Shut down driver interface and processing of driver events. Free
1895 * private data buffer if one was allocated in wpa_driver_nl80211_init().
1896 */
1897 static void wpa_driver_nl80211_deinit(void *priv)
1898 {
1899 struct i802_bss *bss = priv;
1900 struct wpa_driver_nl80211_data *drv = bss->drv;
1901
1902 if (drv->nl_handle_preq)
1903 wpa_driver_nl80211_probe_req_report(bss, 0);
1904 if (drv->added_if_into_bridge) {
1905 if (linux_br_del_if(drv->ioctl_sock, drv->brname, bss->ifname)
1906 < 0)
1907 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
1908 "interface %s from bridge %s: %s",
1909 bss->ifname, drv->brname, strerror(errno));
1910 }
1911 if (drv->added_bridge) {
1912 if (linux_br_del(drv->ioctl_sock, drv->brname) < 0)
1913 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
1914 "bridge %s: %s",
1915 drv->brname, strerror(errno));
1916 }
1917
1918 nl80211_remove_monitor_interface(drv);
1919
1920 if (drv->nlmode == NL80211_IFTYPE_AP)
1921 wpa_driver_nl80211_del_beacon(drv);
1922
1923 #ifdef HOSTAPD
1924 if (drv->last_freq_ht) {
1925 /* Clear HT flags from the driver */
1926 struct hostapd_freq_params freq;
1927 os_memset(&freq, 0, sizeof(freq));
1928 freq.freq = drv->last_freq;
1929 i802_set_freq(priv, &freq);
1930 }
1931
1932 if (drv->eapol_sock >= 0) {
1933 eloop_unregister_read_sock(drv->eapol_sock);
1934 close(drv->eapol_sock);
1935 }
1936
1937 if (drv->if_indices != drv->default_if_indices)
1938 os_free(drv->if_indices);
1939 #endif /* HOSTAPD */
1940
1941 if (drv->disable_11b_rates)
1942 nl80211_disable_11b_rates(drv, drv->ifindex, 0);
1943
1944 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP);
1945 netlink_deinit(drv->netlink);
1946 rfkill_deinit(drv->rfkill);
1947
1948 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1949
1950 (void) linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0);
1951 wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA);
1952
1953 if (drv->ioctl_sock >= 0)
1954 close(drv->ioctl_sock);
1955
1956 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event));
1957 genl_family_put(drv->nl80211);
1958 nl_cache_free(drv->nl_cache);
1959 nl_cache_free(drv->nl_cache_event);
1960 nl80211_handle_destroy(drv->nl_handle);
1961 nl80211_handle_destroy(drv->nl_handle_event);
1962 nl_cb_put(drv->nl_cb);
1963
1964 os_free(drv->filter_ssids);
1965
1966 os_free(drv);
1967 }
1968
1969
1970 /**
1971 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
1972 * @eloop_ctx: Driver private data
1973 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
1974 *
1975 * This function can be used as registered timeout when starting a scan to
1976 * generate a scan completed event if the driver does not report this.
1977 */
1978 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1979 {
1980 struct wpa_driver_nl80211_data *drv = eloop_ctx;
1981 if (drv->ap_scan_as_station) {
1982 wpa_driver_nl80211_set_mode(&drv->first_bss,
1983 IEEE80211_MODE_AP);
1984 drv->ap_scan_as_station = 0;
1985 }
1986 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1987 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1988 }
1989
1990
1991 /**
1992 * wpa_driver_nl80211_scan - Request the driver to initiate scan
1993 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
1994 * @params: Scan parameters
1995 * Returns: 0 on success, -1 on failure
1996 */
1997 static int wpa_driver_nl80211_scan(void *priv,
1998 struct wpa_driver_scan_params *params)
1999 {
2000 struct i802_bss *bss = priv;
2001 struct wpa_driver_nl80211_data *drv = bss->drv;
2002 int ret = 0, timeout;
2003 struct nl_msg *msg, *ssids, *freqs;
2004 size_t i;
2005
2006 msg = nlmsg_alloc();
2007 ssids = nlmsg_alloc();
2008 freqs = nlmsg_alloc();
2009 if (!msg || !ssids || !freqs) {
2010 nlmsg_free(msg);
2011 nlmsg_free(ssids);
2012 nlmsg_free(freqs);
2013 return -1;
2014 }
2015
2016 os_free(drv->filter_ssids);
2017 drv->filter_ssids = params->filter_ssids;
2018 params->filter_ssids = NULL;
2019 drv->num_filter_ssids = params->num_filter_ssids;
2020
2021 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2022 NL80211_CMD_TRIGGER_SCAN, 0);
2023
2024 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2025
2026 for (i = 0; i < params->num_ssids; i++) {
2027 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID",
2028 params->ssids[i].ssid,
2029 params->ssids[i].ssid_len);
2030 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
2031 params->ssids[i].ssid);
2032 }
2033 if (params->num_ssids)
2034 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
2035
2036 if (params->extra_ies) {
2037 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan extra IEs",
2038 params->extra_ies, params->extra_ies_len);
2039 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
2040 params->extra_ies);
2041 }
2042
2043 if (params->freqs) {
2044 for (i = 0; params->freqs[i]; i++) {
2045 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
2046 "MHz", params->freqs[i]);
2047 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
2048 }
2049 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
2050 }
2051
2052 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2053 msg = NULL;
2054 if (ret) {
2055 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
2056 "(%s)", ret, strerror(-ret));
2057 #ifdef HOSTAPD
2058 if (drv->nlmode == NL80211_IFTYPE_AP) {
2059 /*
2060 * mac80211 does not allow scan requests in AP mode, so
2061 * try to do this in station mode.
2062 */
2063 if (wpa_driver_nl80211_set_mode(bss,
2064 IEEE80211_MODE_INFRA))
2065 goto nla_put_failure;
2066
2067 if (wpa_driver_nl80211_scan(drv, params)) {
2068 wpa_driver_nl80211_set_mode(bss,
2069 IEEE80211_MODE_AP);
2070 goto nla_put_failure;
2071 }
2072
2073 /* Restore AP mode when processing scan results */
2074 drv->ap_scan_as_station = 1;
2075 ret = 0;
2076 } else
2077 goto nla_put_failure;
2078 #else /* HOSTAPD */
2079 goto nla_put_failure;
2080 #endif /* HOSTAPD */
2081 }
2082
2083 /* Not all drivers generate "scan completed" wireless event, so try to
2084 * read results after a timeout. */
2085 timeout = 10;
2086 if (drv->scan_complete_events) {
2087 /*
2088 * The driver seems to deliver events to notify when scan is
2089 * complete, so use longer timeout to avoid race conditions
2090 * with scanning and following association request.
2091 */
2092 timeout = 30;
2093 }
2094 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
2095 "seconds", ret, timeout);
2096 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
2097 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
2098 drv, drv->ctx);
2099
2100 nla_put_failure:
2101 nlmsg_free(ssids);
2102 nlmsg_free(msg);
2103 nlmsg_free(freqs);
2104 return ret;
2105 }
2106
2107
2108 static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie)
2109 {
2110 const u8 *end, *pos;
2111
2112 if (ies == NULL)
2113 return NULL;
2114
2115 pos = ies;
2116 end = ies + ies_len;
2117
2118 while (pos + 1 < end) {
2119 if (pos + 2 + pos[1] > end)
2120 break;
2121 if (pos[0] == ie)
2122 return pos;
2123 pos += 2 + pos[1];
2124 }
2125
2126 return NULL;
2127 }
2128
2129
2130 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
2131 const u8 *ie, size_t ie_len)
2132 {
2133 const u8 *ssid;
2134 size_t i;
2135
2136 if (drv->filter_ssids == NULL)
2137 return 0;
2138
2139 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID);
2140 if (ssid == NULL)
2141 return 1;
2142
2143 for (i = 0; i < drv->num_filter_ssids; i++) {
2144 if (ssid[1] == drv->filter_ssids[i].ssid_len &&
2145 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
2146 0)
2147 return 0;
2148 }
2149
2150 return 1;
2151 }
2152
2153
2154 struct nl80211_bss_info_arg {
2155 struct wpa_driver_nl80211_data *drv;
2156 struct wpa_scan_results *res;
2157 };
2158
2159 static int bss_info_handler(struct nl_msg *msg, void *arg)
2160 {
2161 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2162 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2163 struct nlattr *bss[NL80211_BSS_MAX + 1];
2164 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
2165 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
2166 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
2167 [NL80211_BSS_TSF] = { .type = NLA_U64 },
2168 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
2169 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
2170 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
2171 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
2172 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
2173 [NL80211_BSS_STATUS] = { .type = NLA_U32 },
2174 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
2175 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
2176 };
2177 struct nl80211_bss_info_arg *_arg = arg;
2178 struct wpa_scan_results *res = _arg->res;
2179 struct wpa_scan_res **tmp;
2180 struct wpa_scan_res *r;
2181 const u8 *ie, *beacon_ie;
2182 size_t ie_len, beacon_ie_len;
2183 u8 *pos;
2184
2185 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2186 genlmsg_attrlen(gnlh, 0), NULL);
2187 if (!tb[NL80211_ATTR_BSS])
2188 return NL_SKIP;
2189 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
2190 bss_policy))
2191 return NL_SKIP;
2192 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
2193 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
2194 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
2195 } else {
2196 ie = NULL;
2197 ie_len = 0;
2198 }
2199 if (bss[NL80211_BSS_BEACON_IES]) {
2200 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
2201 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
2202 } else {
2203 beacon_ie = NULL;
2204 beacon_ie_len = 0;
2205 }
2206
2207 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie,
2208 ie ? ie_len : beacon_ie_len))
2209 return NL_SKIP;
2210
2211 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
2212 if (r == NULL)
2213 return NL_SKIP;
2214 if (bss[NL80211_BSS_BSSID])
2215 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
2216 ETH_ALEN);
2217 if (bss[NL80211_BSS_FREQUENCY])
2218 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
2219 if (bss[NL80211_BSS_BEACON_INTERVAL])
2220 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
2221 if (bss[NL80211_BSS_CAPABILITY])
2222 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
2223 r->flags |= WPA_SCAN_NOISE_INVALID;
2224 if (bss[NL80211_BSS_SIGNAL_MBM]) {
2225 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
2226 r->level /= 100; /* mBm to dBm */
2227 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
2228 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
2229 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
2230 r->flags |= WPA_SCAN_LEVEL_INVALID;
2231 } else
2232 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
2233 if (bss[NL80211_BSS_TSF])
2234 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
2235 if (bss[NL80211_BSS_SEEN_MS_AGO])
2236 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
2237 r->ie_len = ie_len;
2238 pos = (u8 *) (r + 1);
2239 if (ie) {
2240 os_memcpy(pos, ie, ie_len);
2241 pos += ie_len;
2242 }
2243 r->beacon_ie_len = beacon_ie_len;
2244 if (beacon_ie)
2245 os_memcpy(pos, beacon_ie, beacon_ie_len);
2246
2247 if (bss[NL80211_BSS_STATUS]) {
2248 enum nl80211_bss_status status;
2249 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
2250 switch (status) {
2251 case NL80211_BSS_STATUS_AUTHENTICATED:
2252 r->flags |= WPA_SCAN_AUTHENTICATED;
2253 break;
2254 case NL80211_BSS_STATUS_ASSOCIATED:
2255 r->flags |= WPA_SCAN_ASSOCIATED;
2256 break;
2257 default:
2258 break;
2259 }
2260 }
2261
2262 tmp = os_realloc(res->res,
2263 (res->num + 1) * sizeof(struct wpa_scan_res *));
2264 if (tmp == NULL) {
2265 os_free(r);
2266 return NL_SKIP;
2267 }
2268 tmp[res->num++] = r;
2269 res->res = tmp;
2270
2271 return NL_SKIP;
2272 }
2273
2274
2275 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
2276 const u8 *addr)
2277 {
2278 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
2279 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
2280 "mismatch (" MACSTR ")", MAC2STR(addr));
2281 wpa_driver_nl80211_mlme(drv, addr,
2282 NL80211_CMD_DEAUTHENTICATE,
2283 WLAN_REASON_PREV_AUTH_NOT_VALID, 1);
2284 }
2285 }
2286
2287
2288 static void wpa_driver_nl80211_check_bss_status(
2289 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
2290 {
2291 size_t i;
2292
2293 for (i = 0; i < res->num; i++) {
2294 struct wpa_scan_res *r = res->res[i];
2295 if (r->flags & WPA_SCAN_AUTHENTICATED) {
2296 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
2297 "indicates BSS status with " MACSTR
2298 " as authenticated",
2299 MAC2STR(r->bssid));
2300 if (drv->nlmode == NL80211_IFTYPE_STATION &&
2301 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 &&
2302 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) !=
2303 0) {
2304 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID"
2305 " in local state (auth=" MACSTR
2306 " assoc=" MACSTR ")",
2307 MAC2STR(drv->auth_bssid),
2308 MAC2STR(drv->bssid));
2309 clear_state_mismatch(drv, r->bssid);
2310 }
2311 }
2312
2313 if (r->flags & WPA_SCAN_ASSOCIATED) {
2314 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
2315 "indicate BSS status with " MACSTR
2316 " as associated",
2317 MAC2STR(r->bssid));
2318 if (drv->nlmode == NL80211_IFTYPE_STATION &&
2319 !drv->associated) {
2320 wpa_printf(MSG_DEBUG, "nl80211: Local state "
2321 "(not associated) does not match "
2322 "with BSS state");
2323 clear_state_mismatch(drv, r->bssid);
2324 } else if (drv->nlmode == NL80211_IFTYPE_STATION &&
2325 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) !=
2326 0) {
2327 wpa_printf(MSG_DEBUG, "nl80211: Local state "
2328 "(associated with " MACSTR ") does "
2329 "not match with BSS state",
2330 MAC2STR(drv->bssid));
2331 clear_state_mismatch(drv, r->bssid);
2332 clear_state_mismatch(drv, drv->bssid);
2333 }
2334 }
2335 }
2336 }
2337
2338
2339 static void wpa_scan_results_free(struct wpa_scan_results *res)
2340 {
2341 size_t i;
2342
2343 if (res == NULL)
2344 return;
2345
2346 for (i = 0; i < res->num; i++)
2347 os_free(res->res[i]);
2348 os_free(res->res);
2349 os_free(res);
2350 }
2351
2352
2353 static struct wpa_scan_results *
2354 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv)
2355 {
2356 struct nl_msg *msg;
2357 struct wpa_scan_results *res;
2358 int ret;
2359 struct nl80211_bss_info_arg arg;
2360
2361 res = os_zalloc(sizeof(*res));
2362 if (res == NULL)
2363 return NULL;
2364 msg = nlmsg_alloc();
2365 if (!msg)
2366 goto nla_put_failure;
2367
2368 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP,
2369 NL80211_CMD_GET_SCAN, 0);
2370 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2371
2372 arg.drv = drv;
2373 arg.res = res;
2374 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
2375 msg = NULL;
2376 if (ret == 0) {
2377 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)",
2378 (unsigned long) res->num);
2379 return res;
2380 }
2381 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
2382 "(%s)", ret, strerror(-ret));
2383 nla_put_failure:
2384 nlmsg_free(msg);
2385 wpa_scan_results_free(res);
2386 return NULL;
2387 }
2388
2389
2390 /**
2391 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
2392 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
2393 * Returns: Scan results on success, -1 on failure
2394 */
2395 static struct wpa_scan_results *
2396 wpa_driver_nl80211_get_scan_results(void *priv)
2397 {
2398 struct i802_bss *bss = priv;
2399 struct wpa_driver_nl80211_data *drv = bss->drv;
2400 struct wpa_scan_results *res;
2401
2402 res = nl80211_get_scan_results(drv);
2403 if (res)
2404 wpa_driver_nl80211_check_bss_status(drv, res);
2405 return res;
2406 }
2407
2408
2409 static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv)
2410 {
2411 struct wpa_scan_results *res;
2412 size_t i;
2413
2414 res = nl80211_get_scan_results(drv);
2415 if (res == NULL) {
2416 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results");
2417 return;
2418 }
2419
2420 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump");
2421 for (i = 0; i < res->num; i++) {
2422 struct wpa_scan_res *r = res->res[i];
2423 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s",
2424 (int) i, (int) res->num, MAC2STR(r->bssid),
2425 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "",
2426 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : "");
2427 }
2428
2429 wpa_scan_results_free(res);
2430 }
2431
2432
2433 static int wpa_driver_nl80211_set_key(const char *ifname, void *priv,
2434 enum wpa_alg alg, const u8 *addr,
2435 int key_idx, int set_tx,
2436 const u8 *seq, size_t seq_len,
2437 const u8 *key, size_t key_len)
2438 {
2439 struct i802_bss *bss = priv;
2440 struct wpa_driver_nl80211_data *drv = bss->drv;
2441 int ifindex = if_nametoindex(ifname);
2442 struct nl_msg *msg;
2443 int ret;
2444
2445 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d "
2446 "set_tx=%d seq_len=%lu key_len=%lu",
2447 __func__, ifindex, alg, addr, key_idx, set_tx,
2448 (unsigned long) seq_len, (unsigned long) key_len);
2449
2450 msg = nlmsg_alloc();
2451 if (!msg)
2452 return -ENOMEM;
2453
2454 if (alg == WPA_ALG_NONE) {
2455 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2456 0, NL80211_CMD_DEL_KEY, 0);
2457 } else {
2458 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2459 0, NL80211_CMD_NEW_KEY, 0);
2460 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
2461 switch (alg) {
2462 case WPA_ALG_WEP:
2463 if (key_len == 5)
2464 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2465 WLAN_CIPHER_SUITE_WEP40);
2466 else
2467 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2468 WLAN_CIPHER_SUITE_WEP104);
2469 break;
2470 case WPA_ALG_TKIP:
2471 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2472 WLAN_CIPHER_SUITE_TKIP);
2473 break;
2474 case WPA_ALG_CCMP:
2475 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2476 WLAN_CIPHER_SUITE_CCMP);
2477 break;
2478 case WPA_ALG_IGTK:
2479 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2480 WLAN_CIPHER_SUITE_AES_CMAC);
2481 break;
2482 default:
2483 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
2484 "algorithm %d", __func__, alg);
2485 nlmsg_free(msg);
2486 return -1;
2487 }
2488 }
2489
2490 if (seq && seq_len)
2491 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
2492
2493 if (addr && os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
2494 {
2495 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
2496 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
2497 }
2498 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
2499 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
2500
2501 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2502 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
2503 ret = 0;
2504 if (ret)
2505 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
2506 ret, strerror(-ret));
2507
2508 /*
2509 * If we failed or don't need to set the default TX key (below),
2510 * we're done here.
2511 */
2512 if (ret || !set_tx || alg == WPA_ALG_NONE)
2513 return ret;
2514 #ifdef HOSTAPD
2515 if (addr)
2516 return ret;
2517 #else /* HOSTAPD */
2518 if (drv->nlmode == NL80211_IFTYPE_AP && addr)
2519 return ret;
2520 #endif /* HOSTAPD */
2521
2522 msg = nlmsg_alloc();
2523 if (!msg)
2524 return -ENOMEM;
2525
2526 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2527 0, NL80211_CMD_SET_KEY, 0);
2528 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
2529 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
2530 if (alg == WPA_ALG_IGTK)
2531 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
2532 else
2533 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
2534
2535 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2536 if (ret == -ENOENT)
2537 ret = 0;
2538 if (ret)
2539 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
2540 "err=%d %s)", ret, strerror(-ret));
2541 return ret;
2542
2543 nla_put_failure:
2544 return -ENOBUFS;
2545 }
2546
2547
2548 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
2549 int key_idx, int defkey,
2550 const u8 *seq, size_t seq_len,
2551 const u8 *key, size_t key_len)
2552 {
2553 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
2554 if (!key_attr)
2555 return -1;
2556
2557 if (defkey && alg == WPA_ALG_IGTK)
2558 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT);
2559 else if (defkey)
2560 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
2561
2562 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx);
2563
2564 switch (alg) {
2565 case WPA_ALG_WEP:
2566 if (key_len == 5)
2567 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2568 WLAN_CIPHER_SUITE_WEP40);
2569 else
2570 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2571 WLAN_CIPHER_SUITE_WEP104);
2572 break;
2573 case WPA_ALG_TKIP:
2574 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP);
2575 break;
2576 case WPA_ALG_CCMP:
2577 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP);
2578 break;
2579 case WPA_ALG_IGTK:
2580 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2581 WLAN_CIPHER_SUITE_AES_CMAC);
2582 break;
2583 default:
2584 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
2585 "algorithm %d", __func__, alg);
2586 return -1;
2587 }
2588
2589 if (seq && seq_len)
2590 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq);
2591
2592 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key);
2593
2594 nla_nest_end(msg, key_attr);
2595
2596 return 0;
2597 nla_put_failure:
2598 return -1;
2599 }
2600
2601
2602 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
2603 struct nl_msg *msg)
2604 {
2605 int i, privacy = 0;
2606 struct nlattr *nl_keys, *nl_key;
2607
2608 for (i = 0; i < 4; i++) {
2609 if (!params->wep_key[i])
2610 continue;
2611 privacy = 1;
2612 break;
2613 }
2614 if (!privacy)
2615 return 0;
2616
2617 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
2618
2619 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
2620 if (!nl_keys)
2621 goto nla_put_failure;
2622
2623 for (i = 0; i < 4; i++) {
2624 if (!params->wep_key[i])
2625 continue;
2626
2627 nl_key = nla_nest_start(msg, i);
2628 if (!nl_key)
2629 goto nla_put_failure;
2630
2631 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i],
2632 params->wep_key[i]);
2633 if (params->wep_key_len[i] == 5)
2634 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2635 WLAN_CIPHER_SUITE_WEP40);
2636 else
2637 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2638 WLAN_CIPHER_SUITE_WEP104);
2639
2640 NLA_PUT_U8(msg, NL80211_KEY_IDX, i);
2641
2642 if (i == params->wep_tx_keyidx)
2643 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
2644
2645 nla_nest_end(msg, nl_key);
2646 }
2647 nla_nest_end(msg, nl_keys);
2648
2649 return 0;
2650
2651 nla_put_failure:
2652 return -ENOBUFS;
2653 }
2654
2655
2656 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
2657 const u8 *addr, int cmd, u16 reason_code,
2658 int local_state_change)
2659 {
2660 int ret = -1;
2661 struct nl_msg *msg;
2662
2663 msg = nlmsg_alloc();
2664 if (!msg)
2665 return -1;
2666
2667 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0);
2668
2669 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2670 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
2671 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
2672 if (local_state_change)
2673 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
2674
2675 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2676 msg = NULL;
2677 if (ret) {
2678 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
2679 "(%s)", ret, strerror(-ret));
2680 goto nla_put_failure;
2681 }
2682 ret = 0;
2683
2684 nla_put_failure:
2685 nlmsg_free(msg);
2686 return ret;
2687 }
2688
2689
2690 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
2691 const u8 *addr, int reason_code)
2692 {
2693 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
2694 __func__, MAC2STR(addr), reason_code);
2695 drv->associated = 0;
2696 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT,
2697 reason_code, 0);
2698 }
2699
2700
2701 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
2702 int reason_code)
2703 {
2704 struct i802_bss *bss = priv;
2705 struct wpa_driver_nl80211_data *drv = bss->drv;
2706 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
2707 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
2708 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
2709 __func__, MAC2STR(addr), reason_code);
2710 drv->associated = 0;
2711 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
2712 reason_code, 0);
2713 }
2714
2715
2716 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
2717 int reason_code)
2718 {
2719 struct i802_bss *bss = priv;
2720 struct wpa_driver_nl80211_data *drv = bss->drv;
2721 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
2722 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
2723 wpa_printf(MSG_DEBUG, "%s", __func__);
2724 drv->associated = 0;
2725 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE,
2726 reason_code, 0);
2727 }
2728
2729
2730 static int wpa_driver_nl80211_authenticate(
2731 void *priv, struct wpa_driver_auth_params *params)
2732 {
2733 struct i802_bss *bss = priv;
2734 struct wpa_driver_nl80211_data *drv = bss->drv;
2735 int ret = -1, i;
2736 struct nl_msg *msg;
2737 enum nl80211_auth_type type;
2738 int count = 0;
2739
2740 drv->associated = 0;
2741 os_memset(drv->auth_bssid, 0, ETH_ALEN);
2742 /* FIX: IBSS mode */
2743 if (drv->nlmode != NL80211_IFTYPE_STATION)
2744 wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA);
2745
2746 if (wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA) < 0)
2747 return -1;
2748
2749 retry:
2750 msg = nlmsg_alloc();
2751 if (!msg)
2752 return -1;
2753
2754 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
2755 drv->ifindex);
2756
2757 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2758 NL80211_CMD_AUTHENTICATE, 0);
2759
2760 for (i = 0; i < 4; i++) {
2761 if (!params->wep_key[i])
2762 continue;
2763 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP,
2764 NULL, i,
2765 i == params->wep_tx_keyidx, NULL, 0,
2766 params->wep_key[i],
2767 params->wep_key_len[i]);
2768 if (params->wep_tx_keyidx != i)
2769 continue;
2770 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
2771 params->wep_key[i], params->wep_key_len[i])) {
2772 nlmsg_free(msg);
2773 return -1;
2774 }
2775 }
2776
2777 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2778 if (params->bssid) {
2779 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
2780 MAC2STR(params->bssid));
2781 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
2782 }
2783 if (params->freq) {
2784 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
2785 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
2786 }
2787 if (params->ssid) {
2788 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
2789 params->ssid, params->ssid_len);
2790 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
2791 params->ssid);
2792 }
2793 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
2794 if (params->ie)
2795 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
2796 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
2797 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
2798 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
2799 type = NL80211_AUTHTYPE_SHARED_KEY;
2800 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
2801 type = NL80211_AUTHTYPE_NETWORK_EAP;
2802 else if (params->auth_alg & WPA_AUTH_ALG_FT)
2803 type = NL80211_AUTHTYPE_FT;
2804 else
2805 goto nla_put_failure;
2806 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
2807 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
2808 if (params->local_state_change) {
2809 wpa_printf(MSG_DEBUG, " * Local state change only");
2810 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
2811 }
2812
2813 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2814 msg = NULL;
2815 if (ret) {
2816 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
2817 "(%s)", ret, strerror(-ret));
2818 count++;
2819 if (ret == -EALREADY && count == 1 && params->bssid &&
2820 !params->local_state_change) {
2821 /*
2822 * mac80211 does not currently accept new
2823 * authentication if we are already authenticated. As a
2824 * workaround, force deauthentication and try again.
2825 */
2826 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
2827 "after forced deauthentication");
2828 wpa_driver_nl80211_deauthenticate(
2829 bss, params->bssid,
2830 WLAN_REASON_PREV_AUTH_NOT_VALID);
2831 nlmsg_free(msg);
2832 goto retry;
2833 }
2834 goto nla_put_failure;
2835 }
2836 ret = 0;
2837 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
2838 "successfully");
2839
2840 nla_put_failure:
2841 nlmsg_free(msg);
2842 return ret;
2843 }
2844
2845
2846 struct phy_info_arg {
2847 u16 *num_modes;
2848 struct hostapd_hw_modes *modes;
2849 };
2850
2851 static int phy_info_handler(struct nl_msg *msg, void *arg)
2852 {
2853 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
2854 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2855 struct phy_info_arg *phy_info = arg;
2856
2857 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
2858
2859 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
2860 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
2861 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
2862 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
2863 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
2864 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
2865 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
2866 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
2867 };
2868
2869 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
2870 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
2871 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
2872 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
2873 };
2874
2875 struct nlattr *nl_band;
2876 struct nlattr *nl_freq;
2877 struct nlattr *nl_rate;
2878 int rem_band, rem_freq, rem_rate;
2879 struct hostapd_hw_modes *mode;
2880 int idx, mode_is_set;
2881
2882 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2883 genlmsg_attrlen(gnlh, 0), NULL);
2884
2885 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
2886 return NL_SKIP;
2887
2888 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
2889 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
2890 if (!mode)
2891 return NL_SKIP;
2892 phy_info->modes = mode;
2893
2894 mode_is_set = 0;
2895
2896 mode = &phy_info->modes[*(phy_info->num_modes)];
2897 memset(mode, 0, sizeof(*mode));
2898 *(phy_info->num_modes) += 1;
2899
2900 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
2901 nla_len(nl_band), NULL);
2902
2903 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) {
2904 mode->ht_capab = nla_get_u16(
2905 tb_band[NL80211_BAND_ATTR_HT_CAPA]);
2906 }
2907
2908 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) {
2909 mode->a_mpdu_params |= nla_get_u8(
2910 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) &
2911 0x03;
2912 }
2913
2914 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) {
2915 mode->a_mpdu_params |= nla_get_u8(
2916 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) <<
2917 2;
2918 }
2919
2920 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] &&
2921 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) {
2922 u8 *mcs;
2923 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]);
2924 os_memcpy(mode->mcs_set, mcs, 16);
2925 }
2926
2927 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
2928 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
2929 nla_len(nl_freq), freq_policy);
2930 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
2931 continue;
2932 mode->num_channels++;
2933 }
2934
2935 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data));
2936 if (!mode->channels)
2937 return NL_SKIP;
2938
2939 idx = 0;
2940
2941 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
2942 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
2943 nla_len(nl_freq), freq_policy);
2944 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
2945 continue;
2946
2947 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
2948 mode->channels[idx].flag = 0;
2949
2950 if (!mode_is_set) {
2951 /* crude heuristic */
2952 if (mode->channels[idx].freq < 4000)
2953 mode->mode = HOSTAPD_MODE_IEEE80211B;
2954 else
2955 mode->mode = HOSTAPD_MODE_IEEE80211A;
2956 mode_is_set = 1;
2957 }
2958
2959 /* crude heuristic */
2960 if (mode->channels[idx].freq < 4000)
2961 if (mode->channels[idx].freq == 2484)
2962 mode->channels[idx].chan = 14;
2963 else
2964 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
2965 else
2966 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
2967
2968 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
2969 mode->channels[idx].flag |=
2970 HOSTAPD_CHAN_DISABLED;
2971 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
2972 mode->channels[idx].flag |=
2973 HOSTAPD_CHAN_PASSIVE_SCAN;
2974 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
2975 mode->channels[idx].flag |=
2976 HOSTAPD_CHAN_NO_IBSS;
2977 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
2978 mode->channels[idx].flag |=
2979 HOSTAPD_CHAN_RADAR;
2980
2981 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] &&
2982 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
2983 mode->channels[idx].max_tx_power =
2984 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100;
2985
2986 idx++;
2987 }
2988
2989 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
2990 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
2991 nla_len(nl_rate), rate_policy);
2992 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
2993 continue;
2994 mode->num_rates++;
2995 }
2996
2997 mode->rates = os_zalloc(mode->num_rates * sizeof(int));
2998 if (!mode->rates)
2999 return NL_SKIP;
3000
3001 idx = 0;
3002
3003 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
3004 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
3005 nla_len(nl_rate), rate_policy);
3006 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
3007 continue;
3008 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
3009
3010 /* crude heuristic */
3011 if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
3012 mode->rates[idx] > 200)
3013 mode->mode = HOSTAPD_MODE_IEEE80211G;
3014
3015 idx++;
3016 }
3017 }
3018
3019 return NL_SKIP;
3020 }
3021
3022 static struct hostapd_hw_modes *
3023 wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes)
3024 {
3025 u16 m;
3026 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
3027 int i, mode11g_idx = -1;
3028
3029 /* If only 802.11g mode is included, use it to construct matching
3030 * 802.11b mode data. */
3031
3032 for (m = 0; m < *num_modes; m++) {
3033 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
3034 return modes; /* 802.11b already included */
3035 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
3036 mode11g_idx = m;
3037 }
3038
3039 if (mode11g_idx < 0)
3040 return modes; /* 2.4 GHz band not supported at all */
3041
3042 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes));
3043 if (nmodes == NULL)
3044 return modes; /* Could not add 802.11b mode */
3045
3046 mode = &nmodes[*num_modes];
3047 os_memset(mode, 0, sizeof(*mode));
3048 (*num_modes)++;
3049 modes = nmodes;
3050
3051 mode->mode = HOSTAPD_MODE_IEEE80211B;
3052
3053 mode11g = &modes[mode11g_idx];
3054 mode->num_channels = mode11g->num_channels;
3055 mode->channels = os_malloc(mode11g->num_channels *
3056 sizeof(struct hostapd_channel_data));
3057 if (mode->channels == NULL) {
3058 (*num_modes)--;
3059 return modes; /* Could not add 802.11b mode */
3060 }
3061 os_memcpy(mode->channels, mode11g->channels,
3062 mode11g->num_channels * sizeof(struct hostapd_channel_data));
3063
3064 mode->num_rates = 0;
3065 mode->rates = os_malloc(4 * sizeof(int));
3066 if (mode->rates == NULL) {
3067 os_free(mode->channels);
3068 (*num_modes)--;
3069 return modes; /* Could not add 802.11b mode */
3070 }
3071
3072 for (i = 0; i < mode11g->num_rates; i++) {
3073 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 &&
3074 mode11g->rates[i] != 55 && mode11g->rates[i] != 110)
3075 continue;
3076 mode->rates[mode->num_rates] = mode11g->rates[i];
3077 mode->num_rates++;
3078 if (mode->num_rates == 4)
3079 break;
3080 }
3081
3082 if (mode->num_rates == 0) {
3083 os_free(mode->channels);
3084 os_free(mode->rates);
3085 (*num_modes)--;
3086 return modes; /* No 802.11b rates */
3087 }
3088
3089 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
3090 "information");
3091
3092 return modes;
3093 }
3094
3095
3096 static struct hostapd_hw_modes *
3097 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
3098 {
3099 struct i802_bss *bss = priv;
3100 struct wpa_driver_nl80211_data *drv = bss->drv;
3101 struct nl_msg *msg;
3102 struct phy_info_arg result = {
3103 .num_modes = num_modes,
3104 .modes = NULL,
3105 };
3106
3107 *num_modes = 0;
3108 *flags = 0;
3109
3110 msg = nlmsg_alloc();
3111 if (!msg)
3112 return NULL;
3113
3114 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3115 0, NL80211_CMD_GET_WIPHY, 0);
3116
3117 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3118
3119 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0)
3120 return wpa_driver_nl80211_add_11b(result.modes, num_modes);
3121 nla_put_failure:
3122 return NULL;
3123 }
3124
3125
3126 static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv,
3127 const void *data, size_t len,
3128 int encrypt)
3129 {
3130 __u8 rtap_hdr[] = {
3131 0x00, 0x00, /* radiotap version */
3132 0x0e, 0x00, /* radiotap length */
3133 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
3134 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
3135 0x00, /* padding */
3136 0x00, 0x00, /* RX and TX flags to indicate that */
3137 0x00, 0x00, /* this is the injected frame directly */
3138 };
3139 struct iovec iov[2] = {
3140 {
3141 .iov_base = &rtap_hdr,
3142 .iov_len = sizeof(rtap_hdr),
3143 },
3144 {
3145 .iov_base = (void *) data,
3146 .iov_len = len,
3147 }
3148 };
3149 struct msghdr msg = {
3150 .msg_name = NULL,
3151 .msg_namelen = 0,
3152 .msg_iov = iov,
3153 .msg_iovlen = 2,
3154 .msg_control = NULL,
3155 .msg_controllen = 0,
3156 .msg_flags = 0,
3157 };
3158
3159 if (encrypt)
3160 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
3161
3162 return sendmsg(drv->monitor_sock, &msg, 0);
3163 }
3164
3165
3166 static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data,
3167 size_t data_len)
3168 {
3169 struct i802_bss *bss = priv;
3170 struct wpa_driver_nl80211_data *drv = bss->drv;
3171 struct ieee80211_mgmt *mgmt;
3172 int encrypt = 1;
3173 u16 fc;
3174
3175 mgmt = (struct ieee80211_mgmt *) data;
3176 fc = le_to_host16(mgmt->frame_control);
3177
3178 if (drv->nlmode == NL80211_IFTYPE_STATION &&
3179 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
3180 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
3181 /*
3182 * The use of last_mgmt_freq is a bit of a hack,
3183 * but it works due to the single-threaded nature
3184 * of wpa_supplicant.
3185 */
3186 return nl80211_send_frame_cmd(drv, drv->last_mgmt_freq,
3187 data, data_len, NULL);
3188 }
3189
3190 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
3191 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
3192 /*
3193 * Only one of the authentication frame types is encrypted.
3194 * In order for static WEP encryption to work properly (i.e.,
3195 * to not encrypt the frame), we need to tell mac80211 about
3196 * the frames that must not be encrypted.
3197 */
3198 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
3199 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
3200 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
3201 encrypt = 0;
3202 }
3203
3204 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt);
3205 }
3206
3207
3208 static int wpa_driver_nl80211_set_beacon(void *priv,
3209 const u8 *head, size_t head_len,
3210 const u8 *tail, size_t tail_len,
3211 int dtim_period, int beacon_int)
3212 {
3213 struct i802_bss *bss = priv;
3214 struct wpa_driver_nl80211_data *drv = bss->drv;
3215 struct nl_msg *msg;
3216 u8 cmd = NL80211_CMD_NEW_BEACON;
3217 int ret;
3218 int beacon_set;
3219 int ifindex = if_nametoindex(bss->ifname);
3220
3221 beacon_set = bss->beacon_set;
3222
3223 msg = nlmsg_alloc();
3224 if (!msg)
3225 return -ENOMEM;
3226
3227 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
3228 beacon_set);
3229 if (beacon_set)
3230 cmd = NL80211_CMD_SET_BEACON;
3231
3232 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3233 0, cmd, 0);
3234 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
3235 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
3236 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
3237 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, beacon_int);
3238 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period);
3239
3240 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3241 if (ret) {
3242 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
3243 ret, strerror(-ret));
3244 } else {
3245 bss->beacon_set = 1;
3246 }
3247 return ret;
3248 nla_put_failure:
3249 return -ENOBUFS;
3250 }
3251
3252
3253 static int wpa_driver_nl80211_set_freq(struct wpa_driver_nl80211_data *drv,
3254 int freq, int ht_enabled,
3255 int sec_channel_offset)
3256 {
3257 struct nl_msg *msg;
3258 int ret;
3259
3260 msg = nlmsg_alloc();
3261 if (!msg)
3262 return -1;
3263
3264 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3265 NL80211_CMD_SET_WIPHY, 0);
3266
3267 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3268 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
3269 if (ht_enabled) {
3270 switch (sec_channel_offset) {
3271 case -1:
3272 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3273 NL80211_CHAN_HT40MINUS);
3274 break;
3275 case 1:
3276 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3277 NL80211_CHAN_HT40PLUS);
3278 break;
3279 default:
3280 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3281 NL80211_CHAN_HT20);
3282 break;
3283 }
3284 }
3285
3286 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3287 if (ret == 0)
3288 return 0;
3289 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
3290 "%d (%s)", freq, ret, strerror(-ret));
3291 nla_put_failure:
3292 return -1;
3293 }
3294
3295
3296 static int wpa_driver_nl80211_sta_add(void *priv,
3297 struct hostapd_sta_add_params *params)
3298 {
3299 struct i802_bss *bss = priv;
3300 struct wpa_driver_nl80211_data *drv = bss->drv;
3301 struct nl_msg *msg;
3302 int ret = -ENOBUFS;
3303
3304 msg = nlmsg_alloc();
3305 if (!msg)
3306 return -ENOMEM;
3307
3308 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3309 0, NL80211_CMD_NEW_STATION, 0);
3310
3311 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
3312 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
3313 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
3314 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
3315 params->supp_rates);
3316 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
3317 params->listen_interval);
3318 if (params->ht_capabilities) {
3319 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
3320 sizeof(*params->ht_capabilities),
3321 params->ht_capabilities);
3322 }
3323
3324 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3325 if (ret)
3326 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION "
3327 "result: %d (%s)", ret, strerror(-ret));
3328 if (ret == -EEXIST)
3329 ret = 0;
3330 nla_put_failure:
3331 return ret;
3332 }
3333
3334
3335 static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr)
3336 {
3337 struct i802_bss *bss = priv;
3338 struct wpa_driver_nl80211_data *drv = bss->drv;
3339 struct nl_msg *msg;
3340 int ret;
3341
3342 msg = nlmsg_alloc();
3343 if (!msg)
3344 return -ENOMEM;
3345
3346 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3347 0, NL80211_CMD_DEL_STATION, 0);
3348
3349 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3350 if_nametoindex(bss->ifname));
3351 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3352
3353 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3354 if (ret == -ENOENT)
3355 return 0;
3356 return ret;
3357 nla_put_failure:
3358 return -ENOBUFS;
3359 }
3360
3361
3362 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
3363 int ifidx)
3364 {
3365 struct nl_msg *msg;
3366
3367 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
3368
3369 #ifdef HOSTAPD
3370 /* stop listening for EAPOL on this interface */
3371 del_ifidx(drv, ifidx);
3372 #endif /* HOSTAPD */
3373
3374 msg = nlmsg_alloc();
3375 if (!msg)
3376 goto nla_put_failure;
3377
3378 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3379 0, NL80211_CMD_DEL_INTERFACE, 0);
3380 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
3381
3382 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
3383 return;
3384 nla_put_failure:
3385 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
3386 }
3387
3388
3389 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
3390 const char *ifname,
3391 enum nl80211_iftype iftype,
3392 const u8 *addr, int wds)
3393 {
3394 struct nl_msg *msg, *flags = NULL;
3395 int ifidx;
3396 int ret = -ENOBUFS;
3397
3398 msg = nlmsg_alloc();
3399 if (!msg)
3400 return -1;
3401
3402 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3403 0, NL80211_CMD_NEW_INTERFACE, 0);
3404 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3405 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
3406 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
3407
3408 if (iftype == NL80211_IFTYPE_MONITOR) {
3409 int err;
3410
3411 flags = nlmsg_alloc();
3412 if (!flags)
3413 goto nla_put_failure;
3414
3415 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
3416
3417 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
3418
3419 nlmsg_free(flags);
3420
3421 if (err)
3422 goto nla_put_failure;
3423 } else if (wds) {
3424 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds);
3425 }
3426
3427 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3428 if (ret) {
3429 nla_put_failure:
3430 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
3431 ifname, ret, strerror(-ret));
3432 return ret;
3433 }
3434
3435 ifidx = if_nametoindex(ifname);
3436 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
3437 ifname, ifidx);
3438
3439 if (ifidx <= 0)
3440 return -1;
3441
3442 #ifdef HOSTAPD
3443 /* start listening for EAPOL on this interface */
3444 add_ifidx(drv, ifidx);
3445 #endif /* HOSTAPD */
3446
3447 if (addr && iftype != NL80211_IFTYPE_MONITOR &&
3448 linux_set_ifhwaddr(drv->ioctl_sock, ifname, addr)) {
3449 nl80211_remove_iface(drv, ifidx);
3450 return -1;
3451 }
3452
3453 return ifidx;
3454 }
3455
3456
3457 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
3458 const char *ifname, enum nl80211_iftype iftype,
3459 const u8 *addr, int wds)
3460 {
3461 int ret;
3462
3463 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds);
3464
3465 /* if error occured and interface exists already */
3466 if (ret == -ENFILE && if_nametoindex(ifname)) {
3467 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
3468
3469 /* Try to remove the interface that was already there. */
3470 nl80211_remove_iface(drv, if_nametoindex(ifname));
3471
3472 /* Try to create the interface again */
3473 ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
3474 wds);
3475 }
3476
3477 if (ret >= 0 && drv->disable_11b_rates)
3478 nl80211_disable_11b_rates(drv, ret, 1);
3479
3480 return ret;
3481 }
3482
3483
3484 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
3485 {
3486 struct ieee80211_hdr *hdr;
3487 u16 fc;
3488 union wpa_event_data event;
3489
3490 hdr = (struct ieee80211_hdr *) buf;
3491 fc = le_to_host16(hdr->frame_control);
3492
3493 os_memset(&event, 0, sizeof(event));
3494 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
3495 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
3496 event.tx_status.dst = hdr->addr1;
3497 event.tx_status.data = buf;
3498 event.tx_status.data_len = len;
3499 event.tx_status.ack = ok;
3500 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event);
3501 }
3502
3503
3504 static void from_unknown_sta(struct wpa_driver_nl80211_data *drv,
3505 u8 *buf, size_t len)
3506 {
3507 union wpa_event_data event;
3508 os_memset(&event, 0, sizeof(event));
3509 event.rx_from_unknown.frame = buf;
3510 event.rx_from_unknown.len = len;
3511 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
3512 }
3513
3514
3515 static void handle_frame(struct wpa_driver_nl80211_data *drv,
3516 u8 *buf, size_t len, int datarate, int ssi_signal)
3517 {
3518 struct ieee80211_hdr *hdr;
3519 u16 fc;
3520 union wpa_event_data event;
3521
3522 hdr = (struct ieee80211_hdr *) buf;
3523 fc = le_to_host16(hdr->frame_control);
3524
3525 switch (WLAN_FC_GET_TYPE(fc)) {
3526 case WLAN_FC_TYPE_MGMT:
3527 os_memset(&event, 0, sizeof(event));
3528 event.rx_mgmt.frame = buf;
3529 event.rx_mgmt.frame_len = len;
3530 event.rx_mgmt.datarate = datarate;
3531 event.rx_mgmt.ssi_signal = ssi_signal;
3532 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
3533 break;
3534 case WLAN_FC_TYPE_CTRL:
3535 /* can only get here with PS-Poll frames */
3536 wpa_printf(MSG_DEBUG, "CTRL");
3537 from_unknown_sta(drv, buf, len);
3538 break;
3539 case WLAN_FC_TYPE_DATA:
3540 from_unknown_sta(drv, buf, len);
3541 break;
3542 }
3543 }
3544
3545
3546 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
3547 {
3548 struct wpa_driver_nl80211_data *drv = eloop_ctx;
3549 int len;
3550 unsigned char buf[3000];
3551 struct ieee80211_radiotap_iterator iter;
3552 int ret;
3553 int datarate = 0, ssi_signal = 0;
3554 int injected = 0, failed = 0, rxflags = 0;
3555
3556 len = recv(sock, buf, sizeof(buf), 0);
3557 if (len < 0) {
3558 perror("recv");
3559 return;
3560 }
3561
3562 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
3563 printf("received invalid radiotap frame\n");
3564 return;
3565 }
3566
3567 while (1) {
3568 ret = ieee80211_radiotap_iterator_next(&iter);
3569 if (ret == -ENOENT)
3570 break;
3571 if (ret) {
3572 printf("received invalid radiotap frame (%d)\n", ret);
3573 return;
3574 }
3575 switch (iter.this_arg_index) {
3576 case IEEE80211_RADIOTAP_FLAGS:
3577 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
3578 len -= 4;
3579 break;
3580 case IEEE80211_RADIOTAP_RX_FLAGS:
3581 rxflags = 1;
3582 break;
3583 case IEEE80211_RADIOTAP_TX_FLAGS:
3584 injected = 1;
3585 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
3586 IEEE80211_RADIOTAP_F_TX_FAIL;
3587 break;
3588 case IEEE80211_RADIOTAP_DATA_RETRIES:
3589 break;
3590 case IEEE80211_RADIOTAP_CHANNEL:
3591 /* TODO: convert from freq/flags to channel number */
3592 break;
3593 case IEEE80211_RADIOTAP_RATE:
3594 datarate = *iter.this_arg * 5;
3595 break;
3596 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
3597 ssi_signal = *iter.this_arg;
3598 break;
3599 }
3600 }
3601
3602 if (rxflags && injected)
3603 return;
3604
3605 if (!injected)
3606 handle_frame(drv, buf + iter.max_length,
3607 len - iter.max_length, datarate, ssi_signal);
3608 else
3609 handle_tx_callback(drv->ctx, buf + iter.max_length,
3610 len - iter.max_length, !failed);
3611 }
3612
3613
3614 /*
3615 * we post-process the filter code later and rewrite
3616 * this to the offset to the last instruction
3617 */
3618 #define PASS 0xFF
3619 #define FAIL 0xFE
3620
3621 static struct sock_filter msock_filter_insns[] = {
3622 /*
3623 * do a little-endian load of the radiotap length field
3624 */
3625 /* load lower byte into A */
3626 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
3627 /* put it into X (== index register) */
3628 BPF_STMT(BPF_MISC| BPF_TAX, 0),
3629 /* load upper byte into A */
3630 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
3631 /* left-shift it by 8 */
3632 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
3633 /* or with X */
3634 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
3635 /* put result into X */
3636 BPF_STMT(BPF_MISC| BPF_TAX, 0),
3637
3638 /*
3639 * Allow management frames through, this also gives us those
3640 * management frames that we sent ourselves with status
3641 */
3642 /* load the lower byte of the IEEE 802.11 frame control field */
3643 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
3644 /* mask off frame type and version */
3645 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
3646 /* accept frame if it's both 0, fall through otherwise */
3647 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
3648
3649 /*
3650 * TODO: add a bit to radiotap RX flags that indicates
3651 * that the sending station is not associated, then
3652 * add a filter here that filters on our DA and that flag
3653 * to allow us to deauth frames to that bad station.
3654 *
3655 * For now allow all To DS data frames through.
3656 */
3657 /* load the IEEE 802.11 frame control field */
3658 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0),
3659 /* mask off frame type, version and DS status */
3660 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03),
3661 /* accept frame if version 0, type 2 and To DS, fall through otherwise
3662 */
3663 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0),
3664
3665 #if 0
3666 /*
3667 * drop non-data frames
3668 */
3669 /* load the lower byte of the frame control field */
3670 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
3671 /* mask off QoS bit */
3672 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
3673 /* drop non-data frames */
3674 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
3675 #endif
3676 /* load the upper byte of the frame control field */
3677 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1),
3678 /* mask off toDS/fromDS */
3679 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
3680 /* accept WDS frames */
3681 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0),
3682
3683 /*
3684 * add header length to index
3685 */
3686 /* load the lower byte of the frame control field */
3687 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
3688 /* mask off QoS bit */
3689 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
3690 /* right shift it by 6 to give 0 or 2 */
3691 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
3692 /* add data frame header length */
3693 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
3694 /* add index, was start of 802.11 header */
3695 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
3696 /* move to index, now start of LL header */
3697 BPF_STMT(BPF_MISC | BPF_TAX, 0),
3698
3699 /*
3700 * Accept empty data frames, we use those for
3701 * polling activity.
3702 */
3703 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
3704 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
3705
3706 /*
3707 * Accept EAPOL frames
3708 */
3709 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
3710 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
3711 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
3712 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
3713
3714 /* keep these last two statements or change the code below */
3715 /* return 0 == "DROP" */
3716 BPF_STMT(BPF_RET | BPF_K, 0),
3717 /* return ~0 == "keep all" */
3718 BPF_STMT(BPF_RET | BPF_K, ~0),
3719 };
3720
3721 static struct sock_fprog msock_filter = {
3722 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
3723 .filter = msock_filter_insns,
3724 };
3725
3726
3727 static int add_monitor_filter(int s)
3728 {
3729 int idx;
3730
3731 /* rewrite all PASS/FAIL jump offsets */
3732 for (idx = 0; idx < msock_filter.len; idx++) {
3733 struct sock_filter *insn = &msock_filter_insns[idx];
3734
3735 if (BPF_CLASS(insn->code) == BPF_JMP) {
3736 if (insn->code == (BPF_JMP|BPF_JA)) {
3737 if (insn->k == PASS)
3738 insn->k = msock_filter.len - idx - 2;
3739 else if (insn->k == FAIL)
3740 insn->k = msock_filter.len - idx - 3;
3741 }
3742
3743 if (insn->jt == PASS)
3744 insn->jt = msock_filter.len - idx - 2;
3745 else if (insn->jt == FAIL)
3746 insn->jt = msock_filter.len - idx - 3;
3747
3748 if (insn->jf == PASS)
3749 insn->jf = msock_filter.len - idx - 2;
3750 else if (insn->jf == FAIL)
3751 insn->jf = msock_filter.len - idx - 3;
3752 }
3753 }
3754
3755 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
3756 &msock_filter, sizeof(msock_filter))) {
3757 perror("SO_ATTACH_FILTER");
3758 return -1;
3759 }
3760
3761 return 0;
3762 }
3763
3764
3765 static void nl80211_remove_monitor_interface(
3766 struct wpa_driver_nl80211_data *drv)
3767 {
3768 if (drv->monitor_ifidx >= 0) {
3769 nl80211_remove_iface(drv, drv->monitor_ifidx);
3770 drv->monitor_ifidx = -1;
3771 }
3772 if (drv->monitor_sock >= 0) {
3773 eloop_unregister_read_sock(drv->monitor_sock);
3774 close(drv->monitor_sock);
3775 drv->monitor_sock = -1;
3776 }
3777 }
3778
3779
3780 static int
3781 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
3782 {
3783 char buf[IFNAMSIZ];
3784 struct sockaddr_ll ll;
3785 int optval;
3786 socklen_t optlen;
3787
3788 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname);
3789 buf[IFNAMSIZ - 1] = '\0';
3790
3791 drv->monitor_ifidx =
3792 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL,
3793 0);
3794
3795 if (drv->monitor_ifidx < 0)
3796 return -1;
3797
3798 if (linux_set_iface_flags(drv->ioctl_sock, buf, 1))
3799 goto error;
3800
3801 memset(&ll, 0, sizeof(ll));
3802 ll.sll_family = AF_PACKET;
3803 ll.sll_ifindex = drv->monitor_ifidx;
3804 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
3805 if (drv->monitor_sock < 0) {
3806 perror("socket[PF_PACKET,SOCK_RAW]");
3807 goto error;
3808 }
3809
3810 if (add_monitor_filter(drv->monitor_sock)) {
3811 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
3812 "interface; do filtering in user space");
3813 /* This works, but will cost in performance. */
3814 }
3815
3816 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
3817 perror("monitor socket bind");
3818 goto error;
3819 }
3820
3821 optlen = sizeof(optval);
3822 optval = 20;
3823 if (setsockopt
3824 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
3825 perror("Failed to set socket priority");
3826 goto error;
3827 }
3828
3829 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
3830 drv, NULL)) {
3831 printf("Could not register monitor read socket\n");
3832 goto error;
3833 }
3834
3835 return 0;
3836 error:
3837 nl80211_remove_monitor_interface(drv);
3838 return -1;
3839 }
3840
3841
3842 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
3843
3844 static int wpa_driver_nl80211_hapd_send_eapol(
3845 void *priv, const u8 *addr, const u8 *data,
3846 size_t data_len, int encrypt, const u8 *own_addr)
3847 {
3848 struct i802_bss *bss = priv;
3849 struct wpa_driver_nl80211_data *drv = bss->drv;
3850 struct ieee80211_hdr *hdr;
3851 size_t len;
3852 u8 *pos;
3853 int res;
3854 #if 0 /* FIX */
3855 int qos = sta->flags & WPA_STA_WMM;
3856 #else
3857 int qos = 0;
3858 #endif
3859
3860 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
3861 data_len;
3862 hdr = os_zalloc(len);
3863 if (hdr == NULL) {
3864 printf("malloc() failed for i802_send_data(len=%lu)\n",
3865 (unsigned long) len);
3866 return -1;
3867 }
3868
3869 hdr->frame_control =
3870 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
3871 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
3872 if (encrypt)
3873 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
3874 #if 0 /* To be enabled if qos determination is added above */
3875 if (qos) {
3876 hdr->frame_control |=
3877 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
3878 }
3879 #endif
3880
3881 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
3882 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
3883 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
3884 pos = (u8 *) (hdr + 1);
3885
3886 #if 0 /* To be enabled if qos determination is added above */
3887 if (qos) {
3888 /* add an empty QoS header if needed */
3889 pos[0] = 0;
3890 pos[1] = 0;
3891 pos += 2;
3892 }
3893 #endif
3894
3895 memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
3896 pos += sizeof(rfc1042_header);
3897 WPA_PUT_BE16(pos, ETH_P_PAE);
3898 pos += 2;
3899 memcpy(pos, data, data_len);
3900
3901 res = wpa_driver_nl80211_send_frame(drv, (u8 *) hdr, len, encrypt);
3902 if (res < 0) {
3903 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
3904 "failed: %d (%s)",
3905 (unsigned long) len, errno, strerror(errno));
3906 }
3907 os_free(hdr);
3908
3909 return res;
3910 }
3911
3912
3913 static u32 sta_flags_nl80211(int flags)
3914 {
3915 u32 f = 0;
3916
3917 if (flags & WPA_STA_AUTHORIZED)
3918 f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
3919 if (flags & WPA_STA_WMM)
3920 f |= BIT(NL80211_STA_FLAG_WME);
3921 if (flags & WPA_STA_SHORT_PREAMBLE)
3922 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
3923 if (flags & WPA_STA_MFP)
3924 f |= BIT(NL80211_STA_FLAG_MFP);
3925
3926 return f;
3927 }
3928
3929
3930 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
3931 int total_flags,
3932 int flags_or, int flags_and)
3933 {
3934 struct i802_bss *bss = priv;
3935 struct wpa_driver_nl80211_data *drv = bss->drv;
3936 struct nl_msg *msg, *flags = NULL;
3937 struct nl80211_sta_flag_update upd;
3938
3939 msg = nlmsg_alloc();
3940 if (!msg)
3941 return -ENOMEM;
3942
3943 flags = nlmsg_alloc();
3944 if (!flags) {
3945 nlmsg_free(msg);
3946 return -ENOMEM;
3947 }
3948
3949 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3950 0, NL80211_CMD_SET_STATION, 0);
3951
3952 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3953 if_nametoindex(bss->ifname));
3954 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3955
3956 /*
3957 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
3958 * can be removed eventually.
3959 */
3960 if (total_flags & WPA_STA_AUTHORIZED)
3961 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
3962
3963 if (total_flags & WPA_STA_WMM)
3964 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
3965
3966 if (total_flags & WPA_STA_SHORT_PREAMBLE)
3967 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
3968
3969 if (total_flags & WPA_STA_MFP)
3970 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP);
3971
3972 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
3973 goto nla_put_failure;
3974
3975 os_memset(&upd, 0, sizeof(upd));
3976 upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
3977 upd.set = sta_flags_nl80211(flags_or);
3978 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
3979
3980 nlmsg_free(flags);
3981
3982 return send_and_recv_msgs(drv, msg, NULL, NULL);
3983 nla_put_failure:
3984 nlmsg_free(flags);
3985 return -ENOBUFS;
3986 }
3987
3988
3989 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
3990 struct wpa_driver_associate_params *params)
3991 {
3992 if (params->p2p)
3993 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P "
3994 "group (GO)");
3995 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode) ||
3996 wpa_driver_nl80211_set_freq(drv, params->freq, 0, 0)) {
3997 nl80211_remove_monitor_interface(drv);
3998 return -1;
3999 }
4000
4001 /* TODO: setup monitor interface (and add code somewhere to remove this
4002 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */
4003
4004 return 0;
4005 }
4006
4007
4008 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv)
4009 {
4010 struct nl_msg *msg;
4011 int ret = -1;
4012
4013 msg = nlmsg_alloc();
4014 if (!msg)
4015 return -1;
4016
4017 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4018 NL80211_CMD_LEAVE_IBSS, 0);
4019 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4020 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4021 msg = NULL;
4022 if (ret) {
4023 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
4024 "(%s)", ret, strerror(-ret));
4025 goto nla_put_failure;
4026 }
4027
4028 ret = 0;
4029 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully");
4030
4031 nla_put_failure:
4032 nlmsg_free(msg);
4033 return ret;
4034 }
4035
4036
4037 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
4038 struct wpa_driver_associate_params *params)
4039 {
4040 struct nl_msg *msg;
4041 int ret = -1;
4042 int count = 0;
4043
4044 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
4045
4046 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode)) {
4047 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
4048 "IBSS mode");
4049 return -1;
4050 }
4051
4052 retry:
4053 msg = nlmsg_alloc();
4054 if (!msg)
4055 return -1;
4056
4057 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4058 NL80211_CMD_JOIN_IBSS, 0);
4059 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4060
4061 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
4062 goto nla_put_failure;
4063
4064 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
4065 params->ssid, params->ssid_len);
4066 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
4067 params->ssid);
4068 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
4069 drv->ssid_len = params->ssid_len;
4070
4071 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
4072 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
4073
4074 ret = nl80211_set_conn_keys(params, msg);
4075 if (ret)
4076 goto nla_put_failure;
4077
4078 if (params->wpa_ie) {
4079 wpa_hexdump(MSG_DEBUG,
4080 " * Extra IEs for Beacon/Probe Response frames",
4081 params->wpa_ie, params->wpa_ie_len);
4082 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
4083 params->wpa_ie);
4084 }
4085
4086 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4087 msg = NULL;
4088 if (ret) {
4089 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
4090 ret, strerror(-ret));
4091 count++;
4092 if (ret == -EALREADY && count == 1) {
4093 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
4094 "forced leave");
4095 nl80211_leave_ibss(drv);
4096 nlmsg_free(msg);
4097 goto retry;
4098 }
4099
4100 goto nla_put_failure;
4101 }
4102 ret = 0;
4103 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully");
4104
4105 nla_put_failure:
4106 nlmsg_free(msg);
4107 return ret;
4108 }
4109
4110
4111 static int wpa_driver_nl80211_connect(
4112 struct wpa_driver_nl80211_data *drv,
4113 struct wpa_driver_associate_params *params)
4114 {
4115 struct nl_msg *msg;
4116 enum nl80211_auth_type type;
4117 int ret = 0;
4118
4119 msg = nlmsg_alloc();
4120 if (!msg)
4121 return -1;
4122
4123 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
4124 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4125 NL80211_CMD_CONNECT, 0);
4126
4127 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4128 if (params->bssid) {
4129 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
4130 MAC2STR(params->bssid));
4131 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
4132 }
4133 if (params->freq) {
4134 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
4135 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
4136 }
4137 if (params->ssid) {
4138 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
4139 params->ssid, params->ssid_len);
4140 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
4141 params->ssid);
4142 if (params->ssid_len > sizeof(drv->ssid))
4143 goto nla_put_failure;
4144 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
4145 drv->ssid_len = params->ssid_len;
4146 }
4147 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
4148 if (params->wpa_ie)
4149 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
4150 params->wpa_ie);
4151
4152 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
4153 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
4154 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
4155 type = NL80211_AUTHTYPE_SHARED_KEY;
4156 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
4157 type = NL80211_AUTHTYPE_NETWORK_EAP;
4158 else if (params->auth_alg & WPA_AUTH_ALG_FT)
4159 type = NL80211_AUTHTYPE_FT;
4160 else
4161 goto nla_put_failure;
4162
4163 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
4164 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
4165
4166 if (params->wpa_ie && params->wpa_ie_len) {
4167 enum nl80211_wpa_versions ver;
4168
4169 if (params->wpa_ie[0] == WLAN_EID_RSN)
4170 ver = NL80211_WPA_VERSION_2;
4171 else
4172 ver = NL80211_WPA_VERSION_1;
4173
4174 wpa_printf(MSG_DEBUG, " * WPA Version %d", ver);
4175 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
4176 }
4177
4178 if (params->pairwise_suite != CIPHER_NONE) {
4179 int cipher;
4180
4181 switch (params->pairwise_suite) {
4182 case CIPHER_WEP40:
4183 cipher = WLAN_CIPHER_SUITE_WEP40;
4184 break;
4185 case CIPHER_WEP104:
4186 cipher = WLAN_CIPHER_SUITE_WEP104;
4187 break;
4188 case CIPHER_CCMP:
4189 cipher = WLAN_CIPHER_SUITE_CCMP;
4190 break;
4191 case CIPHER_TKIP:
4192 default:
4193 cipher = WLAN_CIPHER_SUITE_TKIP;
4194 break;
4195 }
4196 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
4197 }
4198
4199 if (params->group_suite != CIPHER_NONE) {
4200 int cipher;
4201
4202 switch (params->group_suite) {
4203 case CIPHER_WEP40:
4204 cipher = WLAN_CIPHER_SUITE_WEP40;
4205 break;
4206 case CIPHER_WEP104:
4207 cipher = WLAN_CIPHER_SUITE_WEP104;
4208 break;
4209 case CIPHER_CCMP:
4210 cipher = WLAN_CIPHER_SUITE_CCMP;
4211 break;
4212 case CIPHER_TKIP:
4213 default:
4214 cipher = WLAN_CIPHER_SUITE_TKIP;
4215 break;
4216 }
4217 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
4218 }
4219
4220 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
4221 params->key_mgmt_suite == KEY_MGMT_PSK) {
4222 int mgmt = WLAN_AKM_SUITE_PSK;
4223
4224 switch (params->key_mgmt_suite) {
4225 case KEY_MGMT_802_1X:
4226 mgmt = WLAN_AKM_SUITE_8021X;
4227 break;
4228 case KEY_MGMT_PSK:
4229 default:
4230 mgmt = WLAN_AKM_SUITE_PSK;
4231 break;
4232 }
4233 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt);
4234 }
4235
4236 ret = nl80211_set_conn_keys(params, msg);
4237 if (ret)
4238 goto nla_put_failure;
4239
4240 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4241 msg = NULL;
4242 if (ret) {
4243 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
4244 "(%s)", ret, strerror(-ret));
4245 goto nla_put_failure;
4246 }
4247 ret = 0;
4248 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully");
4249
4250 nla_put_failure:
4251 nlmsg_free(msg);
4252 return ret;
4253
4254 }
4255
4256
4257 static int wpa_driver_nl80211_associate(
4258 void *priv, struct wpa_driver_associate_params *params)
4259 {
4260 struct i802_bss *bss = priv;
4261 struct wpa_driver_nl80211_data *drv = bss->drv;
4262 int ret = -1;
4263 struct nl_msg *msg;
4264
4265 if (params->mode == IEEE80211_MODE_AP)
4266 return wpa_driver_nl80211_ap(drv, params);
4267
4268 if (params->mode == IEEE80211_MODE_IBSS)
4269 return wpa_driver_nl80211_ibss(drv, params);
4270
4271 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
4272 if (wpa_driver_nl80211_set_mode(priv, params->mode) < 0)
4273 return -1;
4274 return wpa_driver_nl80211_connect(drv, params);
4275 }
4276
4277 drv->associated = 0;
4278
4279 msg = nlmsg_alloc();
4280 if (!msg)
4281 return -1;
4282
4283 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
4284 drv->ifindex);
4285 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4286 NL80211_CMD_ASSOCIATE, 0);
4287
4288 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4289 if (params->bssid) {
4290 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
4291 MAC2STR(params->bssid));
4292 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
4293 }
4294 if (params->freq) {
4295 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
4296 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
4297 drv->assoc_freq = params->freq;
4298 } else
4299 drv->assoc_freq = 0;
4300 if (params->ssid) {
4301 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
4302 params->ssid, params->ssid_len);
4303 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
4304 params->ssid);
4305 if (params->ssid_len > sizeof(drv->ssid))
4306 goto nla_put_failure;
4307 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
4308 drv->ssid_len = params->ssid_len;
4309 }
4310 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
4311 if (params->wpa_ie)
4312 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
4313 params->wpa_ie);
4314
4315 #ifdef CONFIG_IEEE80211W
4316 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED)
4317 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
4318 #endif /* CONFIG_IEEE80211W */
4319
4320 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
4321
4322 if (params->prev_bssid) {
4323 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR,
4324 MAC2STR(params->prev_bssid));
4325 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
4326 params->prev_bssid);
4327 }
4328
4329 if (params->p2p)
4330 wpa_printf(MSG_DEBUG, " * P2P group");
4331
4332 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4333 msg = NULL;
4334 if (ret) {
4335 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
4336 "(%s)", ret, strerror(-ret));
4337 nl80211_dump_scan(drv);
4338 goto nla_put_failure;
4339 }
4340 ret = 0;
4341 wpa_printf(MSG_DEBUG, "nl80211: Association request send "
4342 "successfully");
4343
4344 nla_put_failure:
4345 nlmsg_free(msg);
4346 return ret;
4347 }
4348
4349
4350 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
4351 int ifindex, int mode)
4352 {
4353 struct nl_msg *msg;
4354 int ret = -ENOBUFS;
4355
4356 msg = nlmsg_alloc();
4357 if (!msg)
4358 return -ENOMEM;
4359
4360 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4361 0, NL80211_CMD_SET_INTERFACE, 0);
4362 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
4363 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
4364
4365 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4366 if (!ret)
4367 return 0;
4368 nla_put_failure:
4369 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
4370 " %d (%s)", ifindex, mode, ret, strerror(-ret));
4371 return ret;
4372 }
4373
4374
4375 static int wpa_driver_nl80211_set_mode(void *priv, int mode)
4376 {
4377 struct i802_bss *bss = priv;
4378 struct wpa_driver_nl80211_data *drv = bss->drv;
4379 int ret = -1;
4380 int nlmode;
4381 int i;
4382
4383 switch (mode) {
4384 case 0:
4385 nlmode = NL80211_IFTYPE_STATION;
4386 break;
4387 case 1:
4388 nlmode = NL80211_IFTYPE_ADHOC;
4389 break;
4390 case 2:
4391 nlmode = NL80211_IFTYPE_AP;
4392 break;
4393 default:
4394 return -1;
4395 }
4396
4397 if (nl80211_set_mode(drv, drv->ifindex, nlmode) == 0) {
4398 drv->nlmode = nlmode;
4399 ret = 0;
4400 goto done;
4401 }
4402
4403 if (nlmode == drv->nlmode) {
4404 wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
4405 "requested mode - ignore error");
4406 ret = 0;
4407 goto done; /* Already in the requested mode */
4408 }
4409
4410 /* mac80211 doesn't allow mode changes while the device is up, so
4411 * take the device down, try to set the mode again, and bring the
4412 * device back up.
4413 */
4414 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting "
4415 "interface down");
4416 for (i = 0; i < 10; i++) {
4417 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0) ==
4418 0) {
4419 /* Try to set the mode again while the interface is
4420 * down */
4421 ret = nl80211_set_mode(drv, drv->ifindex, nlmode);
4422 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname,
4423 1))
4424 ret = -1;
4425 if (!ret)
4426 break;
4427 } else
4428 wpa_printf(MSG_DEBUG, "nl80211: Failed to set "
4429 "interface down");
4430 os_sleep(0, 100000);
4431 }
4432
4433 if (!ret) {
4434 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
4435 "interface is down");
4436 drv->nlmode = nlmode;
4437 }
4438
4439 done:
4440 if (!ret && nlmode == NL80211_IFTYPE_AP) {
4441 /* Setup additional AP mode functionality if needed */
4442 if (drv->monitor_ifidx < 0 &&
4443 nl80211_create_monitor_interface(drv))
4444 return -1;
4445 } else if (!ret && nlmode != NL80211_IFTYPE_AP) {
4446 /* Remove additional AP mode functionality */
4447 nl80211_remove_monitor_interface(drv);
4448 bss->beacon_set = 0;
4449 }
4450
4451 if (ret)
4452 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
4453 "from %d failed", nlmode, drv->nlmode);
4454
4455 return ret;
4456 }
4457
4458
4459 static int wpa_driver_nl80211_get_capa(void *priv,
4460 struct wpa_driver_capa *capa)
4461 {
4462 struct i802_bss *bss = priv;
4463 struct wpa_driver_nl80211_data *drv = bss->drv;
4464 if (!drv->has_capability)
4465 return -1;
4466 os_memcpy(capa, &drv->capa, sizeof(*capa));
4467 return 0;
4468 }
4469
4470
4471 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
4472 {
4473 struct i802_bss *bss = priv;
4474 struct wpa_driver_nl80211_data *drv = bss->drv;
4475
4476 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
4477 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
4478 drv->operstate = state;
4479 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
4480 state ? IF_OPER_UP : IF_OPER_DORMANT);
4481 }
4482
4483
4484 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
4485 {
4486 struct i802_bss *bss = priv;
4487 struct wpa_driver_nl80211_data *drv = bss->drv;
4488 struct nl_msg *msg;
4489 struct nl80211_sta_flag_update upd;
4490
4491 msg = nlmsg_alloc();
4492 if (!msg)
4493 return -ENOMEM;
4494
4495 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4496 0, NL80211_CMD_SET_STATION, 0);
4497
4498 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
4499 if_nametoindex(bss->ifname));
4500 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
4501
4502 os_memset(&upd, 0, sizeof(upd));
4503 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
4504 if (authorized)
4505 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
4506 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
4507
4508 return send_and_recv_msgs(drv, msg, NULL, NULL);
4509 nla_put_failure:
4510 return -ENOBUFS;
4511 }
4512
4513
4514 #ifdef HOSTAPD
4515
4516 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
4517 {
4518 int i;
4519 int *old;
4520
4521 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d",
4522 ifidx);
4523 for (i = 0; i < drv->num_if_indices; i++) {
4524 if (drv->if_indices[i] == 0) {
4525 drv->if_indices[i] = ifidx;
4526 return;
4527 }
4528 }
4529
4530 if (drv->if_indices != drv->default_if_indices)
4531 old = drv->if_indices;
4532 else
4533 old = NULL;
4534
4535 drv->if_indices = os_realloc(old,
4536 sizeof(int) * (drv->num_if_indices + 1));
4537 if (!drv->if_indices) {
4538 if (!old)
4539 drv->if_indices = drv->default_if_indices;
4540 else
4541 drv->if_indices = old;
4542 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
4543 "interfaces");
4544 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
4545 return;
4546 } else if (!old)
4547 os_memcpy(drv->if_indices, drv->default_if_indices,
4548 sizeof(drv->default_if_indices));
4549 drv->if_indices[drv->num_if_indices] = ifidx;
4550 drv->num_if_indices++;
4551 }
4552
4553
4554 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
4555 {
4556 int i;
4557
4558 for (i = 0; i < drv->num_if_indices; i++) {
4559 if (drv->if_indices[i] == ifidx) {
4560 drv->if_indices[i] = 0;
4561 break;
4562 }
4563 }
4564 }
4565
4566
4567 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
4568 {
4569 int i;
4570
4571 for (i = 0; i < drv->num_if_indices; i++)
4572 if (drv->if_indices[i] == ifidx)
4573 return 1;
4574
4575 return 0;
4576 }
4577
4578
4579 static inline int min_int(int a, int b)
4580 {
4581 if (a < b)
4582 return a;
4583 return b;
4584 }
4585
4586
4587 static int get_key_handler(struct nl_msg *msg, void *arg)
4588 {
4589 struct nlattr *tb[NL80211_ATTR_MAX + 1];
4590 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
4591
4592 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
4593 genlmsg_attrlen(gnlh, 0), NULL);
4594
4595 /*
4596 * TODO: validate the key index and mac address!
4597 * Otherwise, there's a race condition as soon as
4598 * the kernel starts sending key notifications.
4599 */
4600
4601 if (tb[NL80211_ATTR_KEY_SEQ])
4602 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
4603 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
4604 return NL_SKIP;
4605 }
4606
4607
4608 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
4609 int idx, u8 *seq)
4610 {
4611 struct i802_bss *bss = priv;
4612 struct wpa_driver_nl80211_data *drv = bss->drv;
4613 struct nl_msg *msg;
4614
4615 msg = nlmsg_alloc();
4616 if (!msg)
4617 return -ENOMEM;
4618
4619 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4620 0, NL80211_CMD_GET_KEY, 0);
4621
4622 if (addr)
4623 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4624 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
4625 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
4626
4627 memset(seq, 0, 6);
4628
4629 return send_and_recv_msgs(drv, msg, get_key_handler, seq);
4630 nla_put_failure:
4631 return -ENOBUFS;
4632 }
4633
4634
4635 static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates,
4636 int mode)
4637 {
4638 struct i802_bss *bss = priv;
4639 struct wpa_driver_nl80211_data *drv = bss->drv;
4640 struct nl_msg *msg;
4641 u8 rates[NL80211_MAX_SUPP_RATES];
4642 u8 rates_len = 0;
4643 int i;
4644
4645 msg = nlmsg_alloc();
4646 if (!msg)
4647 return -ENOMEM;
4648
4649 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4650 NL80211_CMD_SET_BSS, 0);
4651
4652 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++)
4653 rates[rates_len++] = basic_rates[i] / 5;
4654
4655 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
4656
4657 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4658
4659 return send_and_recv_msgs(drv, msg, NULL, NULL);
4660 nla_put_failure:
4661 return -ENOBUFS;
4662 }
4663
4664 #endif /* HOSTAPD */
4665
4666
4667 /* Set kernel driver on given frequency (MHz) */
4668 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
4669 {
4670 struct i802_bss *bss = priv;
4671 struct wpa_driver_nl80211_data *drv = bss->drv;
4672 return wpa_driver_nl80211_set_freq(drv, freq->freq, freq->ht_enabled,
4673 freq->sec_channel_offset);
4674 }
4675
4676
4677 #ifdef HOSTAPD
4678
4679 static int i802_set_rts(void *priv, int rts)
4680 {
4681 struct i802_bss *bss = priv;
4682 struct wpa_driver_nl80211_data *drv = bss->drv;
4683 struct nl_msg *msg;
4684 int ret = -ENOBUFS;
4685 u32 val;
4686
4687 msg = nlmsg_alloc();
4688 if (!msg)
4689 return -ENOMEM;
4690
4691 if (rts >= 2347)
4692 val = (u32) -1;
4693 else
4694 val = rts;
4695
4696 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4697 0, NL80211_CMD_SET_WIPHY, 0);
4698 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4699 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val);
4700
4701 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4702 if (!ret)
4703 return 0;
4704 nla_put_failure:
4705 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
4706 "%d (%s)", rts, ret, strerror(-ret));
4707 return ret;
4708 }
4709
4710
4711 static int i802_set_frag(void *priv, int frag)
4712 {
4713 struct i802_bss *bss = priv;
4714 struct wpa_driver_nl80211_data *drv = bss->drv;
4715 struct nl_msg *msg;
4716 int ret = -ENOBUFS;
4717 u32 val;
4718
4719 msg = nlmsg_alloc();
4720 if (!msg)
4721 return -ENOMEM;
4722
4723 if (frag >= 2346)
4724 val = (u32) -1;
4725 else
4726 val = frag;
4727
4728 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4729 0, NL80211_CMD_SET_WIPHY, 0);
4730 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4731 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val);
4732
4733 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4734 if (!ret)
4735 return 0;
4736 nla_put_failure:
4737 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
4738 "%d: %d (%s)", frag, ret, strerror(-ret));
4739 return ret;
4740 }
4741
4742
4743 static int i802_flush(void *priv)
4744 {
4745 struct i802_bss *bss = priv;
4746 struct wpa_driver_nl80211_data *drv = bss->drv;
4747 struct nl_msg *msg;
4748
4749 msg = nlmsg_alloc();
4750 if (!msg)
4751 return -1;
4752
4753 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4754 0, NL80211_CMD_DEL_STATION, 0);
4755
4756 /*
4757 * XXX: FIX! this needs to flush all VLANs too
4758 */
4759 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
4760 if_nametoindex(bss->ifname));
4761
4762 return send_and_recv_msgs(drv, msg, NULL, NULL);
4763 nla_put_failure:
4764 return -ENOBUFS;
4765 }
4766
4767
4768 static int get_sta_handler(struct nl_msg *msg, void *arg)
4769 {
4770 struct nlattr *tb[NL80211_ATTR_MAX + 1];
4771 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
4772 struct hostap_sta_driver_data *data = arg;
4773 struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
4774 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
4775 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
4776 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
4777 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
4778 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
4779 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
4780 };
4781
4782 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
4783 genlmsg_attrlen(gnlh, 0), NULL);
4784
4785 /*
4786 * TODO: validate the interface and mac address!
4787 * Otherwise, there's a race condition as soon as
4788 * the kernel starts sending station notifications.
4789 */
4790
4791 if (!tb[NL80211_ATTR_STA_INFO]) {
4792 wpa_printf(MSG_DEBUG, "sta stats missing!");
4793 return NL_SKIP;
4794 }
4795 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
4796 tb[NL80211_ATTR_STA_INFO],
4797 stats_policy)) {
4798 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
4799 return NL_SKIP;
4800 }
4801
4802 if (stats[NL80211_STA_INFO_INACTIVE_TIME])
4803 data->inactive_msec =
4804 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
4805 if (stats[NL80211_STA_INFO_RX_BYTES])
4806 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
4807 if (stats[NL80211_STA_INFO_TX_BYTES])
4808 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
4809 if (stats[NL80211_STA_INFO_RX_PACKETS])
4810 data->rx_packets =
4811 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
4812 if (stats[NL80211_STA_INFO_TX_PACKETS])
4813 data->tx_packets =
4814 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
4815
4816 return NL_SKIP;
4817 }
4818
4819 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
4820 const u8 *addr)
4821 {
4822 struct i802_bss *bss = priv;
4823 struct wpa_driver_nl80211_data *drv = bss->drv;
4824 struct nl_msg *msg;
4825
4826 os_memset(data, 0, sizeof(*data));
4827 msg = nlmsg_alloc();
4828 if (!msg)
4829 return -ENOMEM;
4830
4831 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4832 0, NL80211_CMD_GET_STATION, 0);
4833
4834 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4835 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4836
4837 return send_and_recv_msgs(drv, msg, get_sta_handler, data);
4838 nla_put_failure:
4839 return -ENOBUFS;
4840 }
4841
4842
4843 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
4844 int cw_min, int cw_max, int burst_time)
4845 {
4846 struct i802_bss *bss = priv;
4847 struct wpa_driver_nl80211_data *drv = bss->drv;
4848 struct nl_msg *msg;
4849 struct nlattr *txq, *params;
4850
4851 msg = nlmsg_alloc();
4852 if (!msg)
4853 return -1;
4854
4855 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4856 0, NL80211_CMD_SET_WIPHY, 0);
4857
4858 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4859
4860 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
4861 if (!txq)
4862 goto nla_put_failure;
4863
4864 /* We are only sending parameters for a single TXQ at a time */
4865 params = nla_nest_start(msg, 1);
4866 if (!params)
4867 goto nla_put_failure;
4868
4869 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, queue);
4870 /* Burst time is configured in units of 0.1 msec and TXOP parameter in
4871 * 32 usec, so need to convert the value here. */
4872 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
4873 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
4874 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
4875 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
4876
4877 nla_nest_end(msg, params);
4878
4879 nla_nest_end(msg, txq);
4880
4881 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
4882 return 0;
4883 nla_put_failure:
4884 return -1;
4885 }
4886
4887
4888 static int i802_set_bss(void *priv, int cts, int preamble, int slot)
4889 {
4890 struct i802_bss *bss = priv;
4891 struct wpa_driver_nl80211_data *drv = bss->drv;
4892 struct nl_msg *msg;
4893
4894 msg = nlmsg_alloc();
4895 if (!msg)
4896 return -ENOMEM;
4897
4898 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4899 NL80211_CMD_SET_BSS, 0);
4900
4901 if (cts >= 0)
4902 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
4903 if (preamble >= 0)
4904 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
4905 if (slot >= 0)
4906 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
4907
4908 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4909
4910 return send_and_recv_msgs(drv, msg, NULL, NULL);
4911 nla_put_failure:
4912 return -ENOBUFS;
4913 }
4914
4915
4916 static int i802_set_cts_protect(void *priv, int value)
4917 {
4918 return i802_set_bss(priv, value, -1, -1);
4919 }
4920
4921
4922 static int i802_set_preamble(void *priv, int value)
4923 {
4924 return i802_set_bss(priv, -1, value, -1);
4925 }
4926
4927
4928 static int i802_set_short_slot_time(void *priv, int value)
4929 {
4930 return i802_set_bss(priv, -1, -1, value);
4931 }
4932
4933
4934 static int i802_set_sta_vlan(void *priv, const u8 *addr,
4935 const char *ifname, int vlan_id)
4936 {
4937 struct i802_bss *bss = priv;
4938 struct wpa_driver_nl80211_data *drv = bss->drv;
4939 struct nl_msg *msg;
4940 int ret = -ENOBUFS;
4941
4942 msg = nlmsg_alloc();
4943 if (!msg)
4944 return -ENOMEM;
4945
4946 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4947 0, NL80211_CMD_SET_STATION, 0);
4948
4949 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
4950 if_nametoindex(bss->ifname));
4951 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4952 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN,
4953 if_nametoindex(ifname));
4954
4955 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4956 if (ret < 0) {
4957 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
4958 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
4959 MAC2STR(addr), ifname, vlan_id, ret,
4960 strerror(-ret));
4961 }
4962 nla_put_failure:
4963 return ret;
4964 }
4965
4966
4967 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val)
4968 {
4969 struct i802_bss *bss = priv;
4970 struct wpa_driver_nl80211_data *drv = bss->drv;
4971 char name[IFNAMSIZ + 1];
4972
4973 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
4974 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
4975 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
4976 if (val) {
4977 if (nl80211_create_iface(drv, name, NL80211_IFTYPE_AP_VLAN,
4978 NULL, 1) < 0)
4979 return -1;
4980 linux_set_iface_flags(drv->ioctl_sock, name, 1);
4981 return i802_set_sta_vlan(priv, addr, name, 0);
4982 } else {
4983 i802_set_sta_vlan(priv, addr, bss->ifname, 0);
4984 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN,
4985 name);
4986 }
4987 }
4988
4989
4990 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
4991 {
4992 struct wpa_driver_nl80211_data *drv = eloop_ctx;
4993 struct sockaddr_ll lladdr;
4994 unsigned char buf[3000];
4995 int len;
4996 socklen_t fromlen = sizeof(lladdr);
4997
4998 len = recvfrom(sock, buf, sizeof(buf), 0,
4999 (struct sockaddr *)&lladdr, &fromlen);
5000 if (len < 0) {
5001 perror("recv");
5002 return;
5003 }
5004
5005 if (have_ifidx(drv, lladdr.sll_ifindex))
5006 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
5007 }
5008
5009
5010 static int i802_get_inact_sec(void *priv, const u8 *addr)
5011 {
5012 struct hostap_sta_driver_data data;
5013 int ret;
5014
5015 data.inactive_msec = (unsigned long) -1;
5016 ret = i802_read_sta_data(priv, &data, addr);
5017 if (ret || data.inactive_msec == (unsigned long) -1)
5018 return -1;
5019 return data.inactive_msec / 1000;
5020 }
5021
5022
5023 static int i802_sta_clear_stats(void *priv, const u8 *addr)
5024 {
5025 #if 0
5026 /* TODO */
5027 #endif
5028 return 0;
5029 }
5030
5031
5032 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
5033 int reason)
5034 {
5035 struct i802_bss *bss = priv;
5036 struct ieee80211_mgmt mgmt;
5037
5038 memset(&mgmt, 0, sizeof(mgmt));
5039 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
5040 WLAN_FC_STYPE_DEAUTH);
5041 memcpy(mgmt.da, addr, ETH_ALEN);
5042 memcpy(mgmt.sa, own_addr, ETH_ALEN);
5043 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
5044 mgmt.u.deauth.reason_code = host_to_le16(reason);
5045 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
5046 IEEE80211_HDRLEN +
5047 sizeof(mgmt.u.deauth));
5048 }
5049
5050
5051 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
5052 int reason)
5053 {
5054 struct i802_bss *bss = priv;
5055 struct ieee80211_mgmt mgmt;
5056
5057 memset(&mgmt, 0, sizeof(mgmt));
5058 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
5059 WLAN_FC_STYPE_DISASSOC);
5060 memcpy(mgmt.da, addr, ETH_ALEN);
5061 memcpy(mgmt.sa, own_addr, ETH_ALEN);
5062 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
5063 mgmt.u.disassoc.reason_code = host_to_le16(reason);
5064 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
5065 IEEE80211_HDRLEN +
5066 sizeof(mgmt.u.disassoc));
5067 }
5068
5069
5070 static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
5071 const char *brname, const char *ifname)
5072 {
5073 int ifindex;
5074 char in_br[IFNAMSIZ];
5075
5076 os_strlcpy(drv->brname, brname, IFNAMSIZ);
5077 ifindex = if_nametoindex(brname);
5078 if (ifindex == 0) {
5079 /*
5080 * Bridge was configured, but the bridge device does
5081 * not exist. Try to add it now.
5082 */
5083 if (linux_br_add(drv->ioctl_sock, brname) < 0) {
5084 wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
5085 "bridge interface %s: %s",
5086 brname, strerror(errno));
5087 return -1;
5088 }
5089 drv->added_bridge = 1;
5090 add_ifidx(drv, if_nametoindex(brname));
5091 }
5092
5093 if (linux_br_get(in_br, ifname) == 0) {
5094 if (os_strcmp(in_br, brname) == 0)
5095 return 0; /* already in the bridge */
5096
5097 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
5098 "bridge %s", ifname, in_br);
5099 if (linux_br_del_if(drv->ioctl_sock, in_br, ifname) < 0) {
5100 wpa_printf(MSG_ERROR, "nl80211: Failed to "
5101 "remove interface %s from bridge "
5102 "%s: %s",
5103 ifname, brname, strerror(errno));
5104 return -1;
5105 }
5106 }
5107
5108 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
5109 ifname, brname);
5110 if (linux_br_add_if(drv->ioctl_sock, brname, ifname) < 0) {
5111 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s "
5112 "into bridge %s: %s",
5113 ifname, brname, strerror(errno));
5114 return -1;
5115 }
5116 drv->added_if_into_bridge = 1;
5117
5118 return 0;
5119 }
5120
5121
5122 static void *i802_init(struct hostapd_data *hapd,
5123 struct wpa_init_params *params)
5124 {
5125 struct wpa_driver_nl80211_data *drv;
5126 struct i802_bss *bss;
5127 size_t i;
5128 char brname[IFNAMSIZ];
5129 int ifindex, br_ifindex;
5130 int br_added = 0;
5131
5132 bss = wpa_driver_nl80211_init(hapd, params->ifname);
5133 if (bss == NULL)
5134 return NULL;
5135
5136 drv = bss->drv;
5137 if (linux_br_get(brname, params->ifname) == 0) {
5138 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
5139 params->ifname, brname);
5140 br_ifindex = if_nametoindex(brname);
5141 } else {
5142 brname[0] = '\0';
5143 br_ifindex = 0;
5144 }
5145
5146 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
5147 drv->if_indices = drv->default_if_indices;
5148 for (i = 0; i < params->num_bridge; i++) {
5149 if (params->bridge[i]) {
5150 ifindex = if_nametoindex(params->bridge[i]);
5151 if (ifindex)
5152 add_ifidx(drv, ifindex);
5153 if (ifindex == br_ifindex)
5154 br_added = 1;
5155 }
5156 }
5157 if (!br_added && br_ifindex &&
5158 (params->num_bridge == 0 || !params->bridge[0]))
5159 add_ifidx(drv, br_ifindex);
5160
5161 /* start listening for EAPOL on the default AP interface */
5162 add_ifidx(drv, drv->ifindex);
5163
5164 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0))
5165 goto failed;
5166
5167 if (params->bssid) {
5168 if (linux_set_ifhwaddr(drv->ioctl_sock, bss->ifname,
5169 params->bssid))
5170 goto failed;
5171 }
5172
5173 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_AP)) {
5174 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s "
5175 "into AP mode", bss->ifname);
5176 goto failed;
5177 }
5178
5179 if (params->num_bridge && params->bridge[0] &&
5180 i802_check_bridge(drv, params->bridge[0], params->ifname) < 0)
5181 goto failed;
5182
5183 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1))
5184 goto failed;
5185
5186 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
5187 if (drv->eapol_sock < 0) {
5188 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
5189 goto failed;
5190 }
5191
5192 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
5193 {
5194 printf("Could not register read socket for eapol\n");
5195 goto failed;
5196 }
5197
5198 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, params->own_addr))
5199 goto failed;
5200
5201 return bss;
5202
5203 failed:
5204 nl80211_remove_monitor_interface(drv);
5205 if (drv->ioctl_sock >= 0)
5206 close(drv->ioctl_sock);
5207
5208 genl_family_put(drv->nl80211);
5209 nl_cache_free(drv->nl_cache);
5210 nl80211_handle_destroy(drv->nl_handle);
5211 nl_cb_put(drv->nl_cb);
5212
5213 os_free(drv);
5214 return NULL;
5215 }
5216
5217
5218 static void i802_deinit(void *priv)
5219 {
5220 wpa_driver_nl80211_deinit(priv);
5221 }
5222
5223 #endif /* HOSTAPD */
5224
5225
5226 static enum nl80211_iftype wpa_driver_nl80211_if_type(
5227 enum wpa_driver_if_type type)
5228 {
5229 switch (type) {
5230 case WPA_IF_STATION:
5231 case WPA_IF_P2P_CLIENT:
5232 case WPA_IF_P2P_GROUP:
5233 return NL80211_IFTYPE_STATION;
5234 case WPA_IF_AP_VLAN:
5235 return NL80211_IFTYPE_AP_VLAN;
5236 case WPA_IF_AP_BSS:
5237 case WPA_IF_P2P_GO:
5238 return NL80211_IFTYPE_AP;
5239 }
5240 return -1;
5241 }
5242
5243
5244 static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
5245 const char *ifname, const u8 *addr,
5246 void *bss_ctx, void **drv_priv,
5247 char *force_ifname, u8 *if_addr)
5248 {
5249 struct i802_bss *bss = priv;
5250 struct wpa_driver_nl80211_data *drv = bss->drv;
5251 int ifidx;
5252 #ifdef HOSTAPD
5253 struct i802_bss *new_bss = NULL;
5254
5255 if (type == WPA_IF_AP_BSS) {
5256 new_bss = os_zalloc(sizeof(*new_bss));
5257 if (new_bss == NULL)
5258 return -1;
5259 }
5260 #endif /* HOSTAPD */
5261
5262 if (addr)
5263 os_memcpy(if_addr, addr, ETH_ALEN);
5264 ifidx = nl80211_create_iface(drv, ifname,
5265 wpa_driver_nl80211_if_type(type), addr,
5266 0);
5267 if (ifidx < 0) {
5268 #ifdef HOSTAPD
5269 os_free(new_bss);
5270 #endif /* HOSTAPD */
5271 return -1;
5272 }
5273
5274 if (!addr &&
5275 linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, if_addr) < 0)
5276 return -1;
5277
5278 #ifdef HOSTAPD
5279 if (type == WPA_IF_AP_BSS) {
5280 if (linux_set_iface_flags(drv->ioctl_sock, ifname, 1)) {
5281 nl80211_remove_iface(drv, ifidx);
5282 os_free(new_bss);
5283 return -1;
5284 }
5285 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
5286 new_bss->ifindex = ifidx;
5287 new_bss->drv = drv;
5288 new_bss->next = drv->first_bss.next;
5289 drv->first_bss.next = new_bss;
5290 if (drv_priv)
5291 *drv_priv = new_bss;
5292 }
5293 #endif /* HOSTAPD */
5294
5295 return 0;
5296 }
5297
5298
5299 static int wpa_driver_nl80211_if_remove(void *priv,
5300 enum wpa_driver_if_type type,
5301 const char *ifname)
5302 {
5303 struct i802_bss *bss = priv;
5304 struct wpa_driver_nl80211_data *drv = bss->drv;
5305 int ifindex = if_nametoindex(ifname);
5306
5307 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d",
5308 __func__, type, ifname, ifindex);
5309 if (ifindex <= 0)
5310 return -1;
5311 nl80211_remove_iface(drv, ifindex);
5312
5313 #ifdef HOSTAPD
5314 if (type != WPA_IF_AP_BSS)
5315 return 0;
5316
5317 if (bss != &drv->first_bss) {
5318 struct i802_bss *tbss = &drv->first_bss;
5319
5320 while (tbss) {
5321 if (tbss->next != bss)
5322 continue;
5323
5324 tbss->next = bss->next;
5325 os_free(bss);
5326 break;
5327 }
5328 }
5329 #endif /* HOSTAPD */
5330
5331 return 0;
5332 }
5333
5334
5335 static int cookie_handler(struct nl_msg *msg, void *arg)
5336 {
5337 struct nlattr *tb[NL80211_ATTR_MAX + 1];
5338 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
5339 u64 *cookie = arg;
5340 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
5341 genlmsg_attrlen(gnlh, 0), NULL);
5342 if (tb[NL80211_ATTR_COOKIE])
5343 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
5344 return NL_SKIP;
5345 }
5346
5347
5348 static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv,
5349 unsigned int freq, const u8 *buf,
5350 size_t buf_len, u64 *cookie_out)
5351 {
5352 struct nl_msg *msg;
5353 u64 cookie;
5354 int ret = -1;
5355
5356 msg = nlmsg_alloc();
5357 if (!msg)
5358 return -1;
5359
5360 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5361 NL80211_CMD_FRAME, 0);
5362
5363 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5364 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
5365 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf);
5366
5367 cookie = 0;
5368 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
5369 msg = NULL;
5370 if (ret) {
5371 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d "
5372 "(%s)", ret, strerror(-ret));
5373 goto nla_put_failure;
5374 }
5375 wpa_printf(MSG_DEBUG, "nl80211: Frame TX command accepted; "
5376 "cookie 0x%llx", (long long unsigned int) cookie);
5377
5378 if (cookie_out)
5379 *cookie_out = cookie;
5380
5381 nla_put_failure:
5382 nlmsg_free(msg);
5383 return ret;
5384 }
5385
5386
5387 static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq,
5388 const u8 *dst, const u8 *src,
5389 const u8 *bssid,
5390 const u8 *data, size_t data_len)
5391 {
5392 struct i802_bss *bss = priv;
5393 struct wpa_driver_nl80211_data *drv = bss->drv;
5394 int ret = -1;
5395 u8 *buf;
5396 struct ieee80211_hdr *hdr;
5397
5398 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d)",
5399 drv->ifindex);
5400
5401 buf = os_zalloc(24 + data_len);
5402 if (buf == NULL)
5403 return ret;
5404 os_memcpy(buf + 24, data, data_len);
5405 hdr = (struct ieee80211_hdr *) buf;
5406 hdr->frame_control =
5407 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
5408 os_memcpy(hdr->addr1, dst, ETH_ALEN);
5409 os_memcpy(hdr->addr2, src, ETH_ALEN);
5410 os_memcpy(hdr->addr3, bssid, ETH_ALEN);
5411
5412 if (drv->nlmode == NL80211_IFTYPE_AP)
5413 ret = wpa_driver_nl80211_send_mlme(priv, buf, 24 + data_len);
5414 else
5415 ret = nl80211_send_frame_cmd(drv, freq, buf, 24 + data_len,
5416 &drv->send_action_cookie);
5417
5418 os_free(buf);
5419 return ret;
5420 }
5421
5422
5423 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
5424 unsigned int duration)
5425 {
5426 struct i802_bss *bss = priv;
5427 struct wpa_driver_nl80211_data *drv = bss->drv;
5428 struct nl_msg *msg;
5429 int ret;
5430 u64 cookie;
5431
5432 msg = nlmsg_alloc();
5433 if (!msg)
5434 return -1;
5435
5436 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5437 NL80211_CMD_REMAIN_ON_CHANNEL, 0);
5438
5439 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5440 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
5441 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
5442
5443 cookie = 0;
5444 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
5445 if (ret == 0) {
5446 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
5447 "0x%llx for freq=%u MHz duration=%u",
5448 (long long unsigned int) cookie, freq, duration);
5449 drv->remain_on_chan_cookie = cookie;
5450 return 0;
5451 }
5452 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
5453 "(freq=%d duration=%u): %d (%s)",
5454 freq, duration, ret, strerror(-ret));
5455 nla_put_failure:
5456 return -1;
5457 }
5458
5459
5460 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
5461 {
5462 struct i802_bss *bss = priv;
5463 struct wpa_driver_nl80211_data *drv = bss->drv;
5464 struct nl_msg *msg;
5465 int ret;
5466
5467 if (!drv->pending_remain_on_chan) {
5468 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
5469 "to cancel");
5470 return -1;
5471 }
5472
5473 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
5474 "0x%llx",
5475 (long long unsigned int) drv->remain_on_chan_cookie);
5476
5477 msg = nlmsg_alloc();
5478 if (!msg)
5479 return -1;
5480
5481 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5482 NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 0);
5483
5484 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5485 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie);
5486
5487 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5488 if (ret == 0)
5489 return 0;
5490 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
5491 "%d (%s)", ret, strerror(-ret));
5492 nla_put_failure:
5493 return -1;
5494 }
5495
5496
5497 static int wpa_driver_nl80211_probe_req_report(void *priv, int report)
5498 {
5499 struct i802_bss *bss = priv;
5500 struct wpa_driver_nl80211_data *drv = bss->drv;
5501
5502 if (drv->nlmode != NL80211_IFTYPE_STATION) {
5503 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only "
5504 "allowed in station mode (iftype=%d)",
5505 drv->nlmode);
5506 return -1;
5507 }
5508
5509 if (!report) {
5510 if (drv->nl_handle_preq) {
5511 eloop_unregister_read_sock(
5512 nl_socket_get_fd(drv->nl_handle_preq));
5513 nl_cache_free(drv->nl_cache_preq);
5514 nl80211_handle_destroy(drv->nl_handle_preq);
5515 drv->nl_handle_preq = NULL;
5516 }
5517 return 0;
5518 }
5519
5520 if (drv->nl_handle_preq) {
5521 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting "
5522 "already on!");
5523 return 0;
5524 }
5525
5526 drv->nl_handle_preq = nl80211_handle_alloc(drv->nl_cb);
5527 if (drv->nl_handle_preq == NULL) {
5528 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate "
5529 "netlink callbacks (preq)");
5530 goto out_err1;
5531 }
5532
5533 if (genl_connect(drv->nl_handle_preq)) {
5534 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to "
5535 "generic netlink (preq)");
5536 goto out_err2;
5537 return -1;
5538 }
5539
5540 #ifdef CONFIG_LIBNL20
5541 if (genl_ctrl_alloc_cache(drv->nl_handle_preq,
5542 &drv->nl_cache_preq) < 0) {
5543 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
5544 "netlink cache (preq)");
5545 goto out_err2;
5546 }
5547 #else /* CONFIG_LIBNL20 */
5548 drv->nl_cache_preq = genl_ctrl_alloc_cache(drv->nl_handle_preq);
5549 if (drv->nl_cache_preq == NULL) {
5550 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
5551 "netlink cache (preq)");
5552 goto out_err2;
5553 }
5554 #endif /* CONFIG_LIBNL20 */
5555
5556 if (nl80211_register_frame(drv, drv->nl_handle_preq,
5557 (WLAN_FC_TYPE_MGMT << 2) |
5558 (WLAN_FC_STYPE_PROBE_REQ << 4),
5559 NULL, 0) < 0) {
5560 goto out_err3;
5561 }
5562
5563 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_preq),
5564 wpa_driver_nl80211_event_receive, drv,
5565 drv->nl_handle_preq);
5566
5567 return 0;
5568
5569 out_err3:
5570 nl_cache_free(drv->nl_cache_preq);
5571 out_err2:
5572 nl80211_handle_destroy(drv->nl_handle_preq);
5573 drv->nl_handle_preq = NULL;
5574 out_err1:
5575 return -1;
5576 }
5577
5578
5579 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
5580 int ifindex, int disabled)
5581 {
5582 struct nl_msg *msg;
5583 struct nlattr *bands, *band;
5584 int ret;
5585
5586 msg = nlmsg_alloc();
5587 if (!msg)
5588 return -1;
5589
5590 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5591 NL80211_CMD_SET_TX_BITRATE_MASK, 0);
5592 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
5593
5594 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
5595 if (!bands)
5596 goto nla_put_failure;
5597
5598 /*
5599 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
5600 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
5601 * rates. All 5 GHz rates are left enabled.
5602 */
5603 band = nla_nest_start(msg, NL80211_BAND_2GHZ);
5604 if (!band)
5605 goto nla_put_failure;
5606 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8,
5607 "\x0c\x12\x18\x24\x30\x48\x60\x6c");
5608 nla_nest_end(msg, band);
5609
5610 nla_nest_end(msg, bands);
5611
5612 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5613 msg = NULL;
5614 if (ret) {
5615 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
5616 "(%s)", ret, strerror(-ret));
5617 }
5618
5619 return ret;
5620
5621 nla_put_failure:
5622 nlmsg_free(msg);
5623 return -1;
5624 }
5625
5626
5627 static int wpa_driver_nl80211_disable_11b_rates(void *priv, int disabled)
5628 {
5629 struct i802_bss *bss = priv;
5630 struct wpa_driver_nl80211_data *drv = bss->drv;
5631 drv->disable_11b_rates = disabled;
5632 return nl80211_disable_11b_rates(drv, drv->ifindex, disabled);
5633 }
5634
5635
5636 static int wpa_driver_nl80211_deinit_ap(void *priv)
5637 {
5638 struct i802_bss *bss = priv;
5639 struct wpa_driver_nl80211_data *drv = bss->drv;
5640 if (drv->nlmode != NL80211_IFTYPE_AP)
5641 return -1;
5642 wpa_driver_nl80211_del_beacon(drv);
5643 return wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA);
5644 }
5645
5646
5647 static void wpa_driver_nl80211_resume(void *priv)
5648 {
5649 struct i802_bss *bss = priv;
5650 struct wpa_driver_nl80211_data *drv = bss->drv;
5651 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) {
5652 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on "
5653 "resume event");
5654 }
5655 }
5656
5657
5658 static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap,
5659 const u8 *ies, size_t ies_len)
5660 {
5661 struct i802_bss *bss = priv;
5662 struct wpa_driver_nl80211_data *drv = bss->drv;
5663 int ret;
5664 u8 *data, *pos;
5665 size_t data_len;
5666 u8 own_addr[ETH_ALEN];
5667
5668 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) < 0)
5669 return -1;
5670
5671 if (action != 1) {
5672 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action "
5673 "action %d", action);
5674 return -1;
5675 }
5676
5677 /*
5678 * Action frame payload:
5679 * Category[1] = 6 (Fast BSS Transition)
5680 * Action[1] = 1 (Fast BSS Transition Request)
5681 * STA Address
5682 * Target AP Address
5683 * FT IEs
5684 */
5685
5686 data_len = 2 + 2 * ETH_ALEN + ies_len;
5687 data = os_malloc(data_len);
5688 if (data == NULL)
5689 return -1;
5690 pos = data;
5691 *pos++ = 0x06; /* FT Action category */
5692 *pos++ = action;
5693 os_memcpy(pos, own_addr, ETH_ALEN);
5694 pos += ETH_ALEN;
5695 os_memcpy(pos, target_ap, ETH_ALEN);
5696 pos += ETH_ALEN;
5697 os_memcpy(pos, ies, ies_len);
5698
5699 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, drv->bssid,
5700 own_addr, drv->bssid,
5701 data, data_len);
5702 os_free(data);
5703
5704 return ret;
5705 }
5706
5707
5708 static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
5709 {
5710 struct i802_bss *bss = priv;
5711 struct wpa_driver_nl80211_data *drv = bss->drv;
5712 struct nl_msg *msg, *cqm = NULL;
5713
5714 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
5715 "hysteresis=%d", threshold, hysteresis);
5716
5717 msg = nlmsg_alloc();
5718 if (!msg)
5719 return -1;
5720
5721 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5722 0, NL80211_CMD_SET_CQM, 0);
5723
5724 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
5725
5726 cqm = nlmsg_alloc();
5727 if (cqm == NULL)
5728 return -1;
5729
5730 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold);
5731 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis);
5732 nla_put_nested(msg, NL80211_ATTR_CQM, cqm);
5733
5734 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
5735 return 0;
5736 msg = NULL;
5737
5738 nla_put_failure:
5739 if (cqm)
5740 nlmsg_free(cqm);
5741 nlmsg_free(msg);
5742 return -1;
5743 }
5744
5745
5746 static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len,
5747 int encrypt)
5748 {
5749 struct i802_bss *bss = priv;
5750 struct wpa_driver_nl80211_data *drv = bss->drv;
5751 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt);
5752 }
5753
5754
5755 static int nl80211_set_intra_bss(void *priv, int enabled)
5756 {
5757 struct i802_bss *bss = priv;
5758 struct wpa_driver_nl80211_data *drv = bss->drv;
5759 struct nl_msg *msg;
5760
5761 msg = nlmsg_alloc();
5762 if (!msg)
5763 return -ENOMEM;
5764
5765 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5766 NL80211_CMD_SET_BSS, 0);
5767
5768 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
5769 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, !enabled);
5770
5771 return send_and_recv_msgs(drv, msg, NULL, NULL);
5772 nla_put_failure:
5773 return -ENOBUFS;
5774 }
5775
5776
5777 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
5778 .name = "nl80211",
5779 .desc = "Linux nl80211/cfg80211",
5780 .get_bssid = wpa_driver_nl80211_get_bssid,
5781 .get_ssid = wpa_driver_nl80211_get_ssid,
5782 .set_key = wpa_driver_nl80211_set_key,
5783 .scan2 = wpa_driver_nl80211_scan,
5784 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
5785 .deauthenticate = wpa_driver_nl80211_deauthenticate,
5786 .disassociate = wpa_driver_nl80211_disassociate,
5787 .authenticate = wpa_driver_nl80211_authenticate,
5788 .associate = wpa_driver_nl80211_associate,
5789 .init = wpa_driver_nl80211_init,
5790 .deinit = wpa_driver_nl80211_deinit,
5791 .get_capa = wpa_driver_nl80211_get_capa,
5792 .set_operstate = wpa_driver_nl80211_set_operstate,
5793 .set_supp_port = wpa_driver_nl80211_set_supp_port,
5794 .set_country = wpa_driver_nl80211_set_country,
5795 .set_beacon = wpa_driver_nl80211_set_beacon,
5796 .if_add = wpa_driver_nl80211_if_add,
5797 .if_remove = wpa_driver_nl80211_if_remove,
5798 .send_mlme = wpa_driver_nl80211_send_mlme,
5799 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
5800 .sta_add = wpa_driver_nl80211_sta_add,
5801 .sta_remove = wpa_driver_nl80211_sta_remove,
5802 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
5803 .sta_set_flags = wpa_driver_nl80211_sta_set_flags,
5804 #ifdef HOSTAPD
5805 .hapd_init = i802_init,
5806 .hapd_deinit = i802_deinit,
5807 .get_seqnum = i802_get_seqnum,
5808 .flush = i802_flush,
5809 .read_sta_data = i802_read_sta_data,
5810 .sta_deauth = i802_sta_deauth,
5811 .sta_disassoc = i802_sta_disassoc,
5812 .get_inact_sec = i802_get_inact_sec,
5813 .sta_clear_stats = i802_sta_clear_stats,
5814 .set_rts = i802_set_rts,
5815 .set_frag = i802_set_frag,
5816 .set_rate_sets = i802_set_rate_sets,
5817 .set_cts_protect = i802_set_cts_protect,
5818 .set_preamble = i802_set_preamble,
5819 .set_short_slot_time = i802_set_short_slot_time,
5820 .set_tx_queue_params = i802_set_tx_queue_params,
5821 .set_sta_vlan = i802_set_sta_vlan,
5822 .set_wds_sta = i802_set_wds_sta,
5823 #endif /* HOSTAPD */
5824 .set_freq = i802_set_freq,
5825 .send_action = wpa_driver_nl80211_send_action,
5826 .remain_on_channel = wpa_driver_nl80211_remain_on_channel,
5827 .cancel_remain_on_channel =
5828 wpa_driver_nl80211_cancel_remain_on_channel,
5829 .probe_req_report = wpa_driver_nl80211_probe_req_report,
5830 .disable_11b_rates = wpa_driver_nl80211_disable_11b_rates,
5831 .deinit_ap = wpa_driver_nl80211_deinit_ap,
5832 .resume = wpa_driver_nl80211_resume,
5833 .send_ft_action = nl80211_send_ft_action,
5834 .signal_monitor = nl80211_signal_monitor,
5835 .send_frame = nl80211_send_frame,
5836 .set_intra_bss = nl80211_set_intra_bss,
5837 };
Unnamed repository; edit this file 'description' to name the repository.