fd9b082a2940f4f0964611f605c5e7fa8fea0bdd
[build-utilities/hostap.git] / src / drivers / driver_nl80211.c
1 /*
2  * Driver interaction with Linux nl80211/cfg80211
3  * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
4  * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5  * Copyright (c) 2005-2006, Devicescape Software, Inc.
6  * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7  * Copyright (c) 2009-2010, Atheros Communications
8  *
9  * This software may be distributed under the terms of the BSD license.
10  * See README for more details.
11  */
13 #include "includes.h"
14 #include <sys/ioctl.h>
15 #include <sys/types.h>
16 #include <sys/stat.h>
17 #include <fcntl.h>
18 #include <net/if.h>
19 #include <netlink/genl/genl.h>
20 #include <netlink/genl/family.h>
21 #include <netlink/genl/ctrl.h>
22 #include <linux/rtnetlink.h>
23 #include <netpacket/packet.h>
24 #include <linux/filter.h>
25 #include <linux/errqueue.h>
26 #include "nl80211_copy.h"
28 #include "common.h"
29 #include "eloop.h"
30 #include "utils/list.h"
31 #include "common/ieee802_11_defs.h"
32 #include "common/ieee802_11_common.h"
33 #include "l2_packet/l2_packet.h"
34 #include "netlink.h"
35 #include "linux_ioctl.h"
36 #include "radiotap.h"
37 #include "radiotap_iter.h"
38 #include "rfkill.h"
39 #include "driver.h"
41 #ifndef SO_WIFI_STATUS
42 # if defined(__sparc__)
43 #  define SO_WIFI_STATUS        0x0025
44 # elif defined(__parisc__)
45 #  define SO_WIFI_STATUS        0x4022
46 # else
47 #  define SO_WIFI_STATUS        41
48 # endif
50 # define SCM_WIFI_STATUS        SO_WIFI_STATUS
51 #endif
53 #ifndef SO_EE_ORIGIN_TXSTATUS
54 #define SO_EE_ORIGIN_TXSTATUS   4
55 #endif
57 #ifndef PACKET_TX_TIMESTAMP
58 #define PACKET_TX_TIMESTAMP     16
59 #endif
61 #ifdef ANDROID
62 #include "android_drv.h"
64 static int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf,
65                                          size_t buf_len);
66 #endif /* ANDROID */
67 #ifdef CONFIG_LIBNL20
68 /* libnl 2.0 compatibility code */
69 #define nl_handle nl_sock
70 #define nl80211_handle_alloc nl_socket_alloc_cb
71 #define nl80211_handle_destroy nl_socket_free
72 #else
73 /*
74  * libnl 1.1 has a bug, it tries to allocate socket numbers densely
75  * but when you free a socket again it will mess up its bitmap and
76  * and use the wrong number the next time it needs a socket ID.
77  * Therefore, we wrap the handle alloc/destroy and add our own pid
78  * accounting.
79  */
80 static uint32_t port_bitmap[32] = { 0 };
82 static struct nl_handle *nl80211_handle_alloc(void *cb)
83 {
84         struct nl_handle *handle;
85         uint32_t pid = getpid() & 0x3FFFFF;
86         int i;
88         handle = nl_handle_alloc_cb(cb);
90         for (i = 0; i < 1024; i++) {
91                 if (port_bitmap[i / 32] & (1 << (i % 32)))
92                         continue;
93                 port_bitmap[i / 32] |= 1 << (i % 32);
94                 pid += i << 22;
95                 break;
96         }
98         nl_socket_set_local_port(handle, pid);
100         return handle;
103 static void nl80211_handle_destroy(struct nl_handle *handle)
105         uint32_t port = nl_socket_get_local_port(handle);
107         port >>= 22;
108         port_bitmap[port / 32] &= ~(1 << (port % 32));
110         nl_handle_destroy(handle);
112 #endif /* CONFIG_LIBNL20 */
115 static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg)
117         struct nl_handle *handle;
119         handle = nl80211_handle_alloc(cb);
120         if (handle == NULL) {
121                 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
122                            "callbacks (%s)", dbg);
123                 return NULL;
124         }
126         if (genl_connect(handle)) {
127                 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
128                            "netlink (%s)", dbg);
129                 nl80211_handle_destroy(handle);
130                 return NULL;
131         }
133         return handle;
137 static void nl_destroy_handles(struct nl_handle **handle)
139         if (*handle == NULL)
140                 return;
141         nl80211_handle_destroy(*handle);
142         *handle = NULL;
146 #ifndef IFF_LOWER_UP
147 #define IFF_LOWER_UP   0x10000         /* driver signals L1 up         */
148 #endif
149 #ifndef IFF_DORMANT
150 #define IFF_DORMANT    0x20000         /* driver signals dormant       */
151 #endif
153 #ifndef IF_OPER_DORMANT
154 #define IF_OPER_DORMANT 5
155 #endif
156 #ifndef IF_OPER_UP
157 #define IF_OPER_UP 6
158 #endif
160 struct nl80211_global {
161         struct dl_list interfaces;
162         int if_add_ifindex;
163         struct netlink_data *netlink;
164         struct nl_cb *nl_cb;
165         struct nl_handle *nl;
166         int nl80211_id;
167         int ioctl_sock; /* socket for ioctl() use */
169         struct nl_handle *nl_event;
170 };
172 struct nl80211_wiphy_data {
173         struct dl_list list;
174         struct dl_list bsss;
175         struct dl_list drvs;
177         struct nl_handle *nl_beacons;
178         struct nl_cb *nl_cb;
180         int wiphy_idx;
181 };
183 static void nl80211_global_deinit(void *priv);
184 static void wpa_driver_nl80211_deinit(void *priv);
186 struct i802_bss {
187         struct wpa_driver_nl80211_data *drv;
188         struct i802_bss *next;
189         int ifindex;
190         char ifname[IFNAMSIZ + 1];
191         char brname[IFNAMSIZ];
192         unsigned int beacon_set:1;
193         unsigned int added_if_into_bridge:1;
194         unsigned int added_bridge:1;
196         u8 addr[ETH_ALEN];
198         int freq;
200         struct nl_handle *nl_preq, *nl_mgmt;
201         struct nl_cb *nl_cb;
203         struct nl80211_wiphy_data *wiphy_data;
204         struct dl_list wiphy_list;
205 };
207 struct wpa_driver_nl80211_data {
208         struct nl80211_global *global;
209         struct dl_list list;
210         struct dl_list wiphy_list;
211         char phyname[32];
212         void *ctx;
213         int ifindex;
214         int if_removed;
215         int if_disabled;
216         int ignore_if_down_event;
217         struct rfkill_data *rfkill;
218         struct wpa_driver_capa capa;
219         int has_capability;
221         int operstate;
223         int scan_complete_events;
225         struct nl_cb *nl_cb;
227         u8 auth_bssid[ETH_ALEN];
228         u8 bssid[ETH_ALEN];
229         int associated;
230         u8 ssid[32];
231         size_t ssid_len;
232         enum nl80211_iftype nlmode;
233         enum nl80211_iftype ap_scan_as_station;
234         unsigned int assoc_freq;
236         int monitor_sock;
237         int monitor_ifidx;
238         int monitor_refcount;
240         unsigned int disabled_11b_rates:1;
241         unsigned int pending_remain_on_chan:1;
242         unsigned int in_interface_list:1;
243         unsigned int device_ap_sme:1;
244         unsigned int poll_command_supported:1;
245         unsigned int data_tx_status:1;
246         unsigned int scan_for_auth:1;
247         unsigned int retry_auth:1;
248         unsigned int use_monitor:1;
250         u64 remain_on_chan_cookie;
251         u64 send_action_cookie;
253         unsigned int last_mgmt_freq;
255         struct wpa_driver_scan_filter *filter_ssids;
256         size_t num_filter_ssids;
258         struct i802_bss first_bss;
260         int eapol_tx_sock;
262 #ifdef HOSTAPD
263         int eapol_sock; /* socket for EAPOL frames */
265         int default_if_indices[16];
266         int *if_indices;
267         int num_if_indices;
269         int last_freq;
270         int last_freq_ht;
271 #endif /* HOSTAPD */
273         /* From failed authentication command */
274         int auth_freq;
275         u8 auth_bssid_[ETH_ALEN];
276         u8 auth_ssid[32];
277         size_t auth_ssid_len;
278         int auth_alg;
279         u8 *auth_ie;
280         size_t auth_ie_len;
281         u8 auth_wep_key[4][16];
282         size_t auth_wep_key_len[4];
283         int auth_wep_tx_keyidx;
284         int auth_local_state_change;
285         int auth_p2p;
286 #ifdef ANDROID
287         u8 wowlan_triggers;
288         u8 wowlan_enabled;
289 #endif
290 };
293 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
294                                             void *timeout_ctx);
295 static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
296                                        enum nl80211_iftype nlmode);
297 static int
298 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
299 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
300                                    const u8 *addr, int cmd, u16 reason_code,
301                                    int local_state_change);
302 static void nl80211_remove_monitor_interface(
303         struct wpa_driver_nl80211_data *drv);
304 static int nl80211_send_frame_cmd(struct i802_bss *bss,
305                                   unsigned int freq, unsigned int wait,
306                                   const u8 *buf, size_t buf_len, u64 *cookie,
307                                   int no_cck, int no_ack, int offchanok);
308 static int wpa_driver_nl80211_probe_req_report(void *priv, int report);
309 #ifdef ANDROID
310 static int android_pno_start(struct i802_bss *bss,
311                              struct wpa_driver_scan_params *params);
312 static int android_pno_stop(struct i802_bss *bss);
313 #endif /* ANDROID */
314 #ifdef ANDROID_BRCM_P2P_PATCH
315 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
316                                   enum wpa_event_type type,
317                                   const u8 *frame, size_t len);
318 #endif /* ANDROID_BRCM_P2P_PATCH */
320 #ifdef HOSTAPD
321 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
322 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
323 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
324 static int wpa_driver_nl80211_if_remove(void *priv,
325                                         enum wpa_driver_if_type type,
326                                         const char *ifname);
327 #else /* HOSTAPD */
328 static inline void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
332 static inline void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
336 static inline int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
338         return 0;
340 #endif /* HOSTAPD */
342 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq);
343 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
344                                      int ifindex, int disabled);
346 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv);
347 static int wpa_driver_nl80211_authenticate_retry(
348         struct wpa_driver_nl80211_data *drv);
351 static int is_ap_interface(enum nl80211_iftype nlmode)
353         return (nlmode == NL80211_IFTYPE_AP ||
354                 nlmode == NL80211_IFTYPE_P2P_GO);
358 static int is_sta_interface(enum nl80211_iftype nlmode)
360         return (nlmode == NL80211_IFTYPE_STATION ||
361                 nlmode == NL80211_IFTYPE_P2P_CLIENT);
365 static int is_p2p_interface(enum nl80211_iftype nlmode)
367         return (nlmode == NL80211_IFTYPE_P2P_CLIENT ||
368                 nlmode == NL80211_IFTYPE_P2P_GO);
372 struct nl80211_bss_info_arg {
373         struct wpa_driver_nl80211_data *drv;
374         struct wpa_scan_results *res;
375         unsigned int assoc_freq;
376         u8 assoc_bssid[ETH_ALEN];
377 };
379 static int bss_info_handler(struct nl_msg *msg, void *arg);
382 /* nl80211 code */
383 static int ack_handler(struct nl_msg *msg, void *arg)
385         int *err = arg;
386         *err = 0;
387         return NL_STOP;
390 static int finish_handler(struct nl_msg *msg, void *arg)
392         int *ret = arg;
393         *ret = 0;
394         return NL_SKIP;
397 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
398                          void *arg)
400         int *ret = arg;
401         *ret = err->error;
402         return NL_SKIP;
406 static int no_seq_check(struct nl_msg *msg, void *arg)
408         return NL_OK;
412 static int send_and_recv(struct nl80211_global *global,
413                          struct nl_handle *nl_handle, struct nl_msg *msg,
414                          int (*valid_handler)(struct nl_msg *, void *),
415                          void *valid_data)
417         struct nl_cb *cb;
418         int err = -ENOMEM;
420         cb = nl_cb_clone(global->nl_cb);
421         if (!cb)
422                 goto out;
424         err = nl_send_auto_complete(nl_handle, msg);
425         if (err < 0)
426                 goto out;
428         err = 1;
430         nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
431         nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
432         nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
434         if (valid_handler)
435                 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
436                           valid_handler, valid_data);
438         while (err > 0)
439                 nl_recvmsgs(nl_handle, cb);
440  out:
441         nl_cb_put(cb);
442         nlmsg_free(msg);
443         return err;
447 static int send_and_recv_msgs_global(struct nl80211_global *global,
448                                      struct nl_msg *msg,
449                                      int (*valid_handler)(struct nl_msg *, void *),
450                                      void *valid_data)
452         return send_and_recv(global, global->nl, msg, valid_handler,
453                              valid_data);
457 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
458                               struct nl_msg *msg,
459                               int (*valid_handler)(struct nl_msg *, void *),
460                               void *valid_data)
462         return send_and_recv(drv->global, drv->global->nl, msg,
463                              valid_handler, valid_data);
467 struct family_data {
468         const char *group;
469         int id;
470 };
473 static int family_handler(struct nl_msg *msg, void *arg)
475         struct family_data *res = arg;
476         struct nlattr *tb[CTRL_ATTR_MAX + 1];
477         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
478         struct nlattr *mcgrp;
479         int i;
481         nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
482                   genlmsg_attrlen(gnlh, 0), NULL);
483         if (!tb[CTRL_ATTR_MCAST_GROUPS])
484                 return NL_SKIP;
486         nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
487                 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
488                 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
489                           nla_len(mcgrp), NULL);
490                 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
491                     !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
492                     os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
493                                res->group,
494                                nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
495                         continue;
496                 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
497                 break;
498         };
500         return NL_SKIP;
504 static int nl_get_multicast_id(struct nl80211_global *global,
505                                const char *family, const char *group)
507         struct nl_msg *msg;
508         int ret = -1;
509         struct family_data res = { group, -ENOENT };
511         msg = nlmsg_alloc();
512         if (!msg)
513                 return -ENOMEM;
514         genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"),
515                     0, 0, CTRL_CMD_GETFAMILY, 0);
516         NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
518         ret = send_and_recv_msgs_global(global, msg, family_handler, &res);
519         msg = NULL;
520         if (ret == 0)
521                 ret = res.id;
523 nla_put_failure:
524         nlmsg_free(msg);
525         return ret;
529 static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv,
530                           struct nl_msg *msg, int flags, uint8_t cmd)
532         return genlmsg_put(msg, 0, 0, drv->global->nl80211_id,
533                            0, flags, cmd, 0);
537 struct wiphy_idx_data {
538         int wiphy_idx;
539 };
542 static int netdev_info_handler(struct nl_msg *msg, void *arg)
544         struct nlattr *tb[NL80211_ATTR_MAX + 1];
545         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
546         struct wiphy_idx_data *info = arg;
548         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
549                   genlmsg_attrlen(gnlh, 0), NULL);
551         if (tb[NL80211_ATTR_WIPHY])
552                 info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
554         return NL_SKIP;
558 static int nl80211_get_wiphy_index(struct i802_bss *bss)
560         struct nl_msg *msg;
561         struct wiphy_idx_data data = {
562                 .wiphy_idx = -1,
563         };
565         msg = nlmsg_alloc();
566         if (!msg)
567                 return -1;
569         nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
571         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
573         if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0)
574                 return data.wiphy_idx;
575         msg = NULL;
576 nla_put_failure:
577         nlmsg_free(msg);
578         return -1;
582 static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv,
583                                     struct nl80211_wiphy_data *w)
585         struct nl_msg *msg;
586         int ret = -1;
588         msg = nlmsg_alloc();
589         if (!msg)
590                 return -1;
592         nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS);
594         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx);
596         ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL);
597         msg = NULL;
598         if (ret) {
599                 wpa_printf(MSG_DEBUG, "nl80211: Register beacons command "
600                            "failed: ret=%d (%s)",
601                            ret, strerror(-ret));
602                 goto nla_put_failure;
603         }
604         ret = 0;
605 nla_put_failure:
606         nlmsg_free(msg);
607         return ret;
611 static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle)
613         struct nl80211_wiphy_data *w = eloop_ctx;
615         wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available");
617         nl_recvmsgs(handle, w->nl_cb);
621 static int process_beacon_event(struct nl_msg *msg, void *arg)
623         struct nl80211_wiphy_data *w = arg;
624         struct wpa_driver_nl80211_data *drv;
625         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
626         struct nlattr *tb[NL80211_ATTR_MAX + 1];
627         union wpa_event_data event;
629         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
630                   genlmsg_attrlen(gnlh, 0), NULL);
632         if (gnlh->cmd != NL80211_CMD_FRAME) {
633                 wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)",
634                            gnlh->cmd);
635                 return NL_SKIP;
636         }
638         if (!tb[NL80211_ATTR_FRAME])
639                 return NL_SKIP;
641         dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data,
642                          wiphy_list) {
643                 os_memset(&event, 0, sizeof(event));
644                 event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]);
645                 event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]);
646                 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
647         }
649         return NL_SKIP;
653 static struct nl80211_wiphy_data *
654 nl80211_get_wiphy_data_ap(struct i802_bss *bss)
656         static DEFINE_DL_LIST(nl80211_wiphys);
657         struct nl80211_wiphy_data *w;
658         int wiphy_idx, found = 0;
659         struct i802_bss *tmp_bss;
661         if (bss->wiphy_data != NULL)
662                 return bss->wiphy_data;
664         wiphy_idx = nl80211_get_wiphy_index(bss);
666         dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) {
667                 if (w->wiphy_idx == wiphy_idx)
668                         goto add;
669         }
671         /* alloc new one */
672         w = os_zalloc(sizeof(*w));
673         if (w == NULL)
674                 return NULL;
675         w->wiphy_idx = wiphy_idx;
676         dl_list_init(&w->bsss);
677         dl_list_init(&w->drvs);
679         w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
680         if (!w->nl_cb) {
681                 os_free(w);
682                 return NULL;
683         }
684         nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
685         nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event,
686                   w);
688         w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb,
689                                          "wiphy beacons");
690         if (w->nl_beacons == NULL) {
691                 os_free(w);
692                 return NULL;
693         }
695         if (nl80211_register_beacons(bss->drv, w)) {
696                 nl_destroy_handles(&w->nl_beacons);
697                 os_free(w);
698                 return NULL;
699         }
701         eloop_register_read_sock(nl_socket_get_fd(w->nl_beacons),
702                                  nl80211_recv_beacons, w, w->nl_beacons);
704         dl_list_add(&nl80211_wiphys, &w->list);
706 add:
707         /* drv entry for this bss already there? */
708         dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
709                 if (tmp_bss->drv == bss->drv) {
710                         found = 1;
711                         break;
712                 }
713         }
714         /* if not add it */
715         if (!found)
716                 dl_list_add(&w->drvs, &bss->drv->wiphy_list);
718         dl_list_add(&w->bsss, &bss->wiphy_list);
719         bss->wiphy_data = w;
720         return w;
724 static void nl80211_put_wiphy_data_ap(struct i802_bss *bss)
726         struct nl80211_wiphy_data *w = bss->wiphy_data;
727         struct i802_bss *tmp_bss;
728         int found = 0;
730         if (w == NULL)
731                 return;
732         bss->wiphy_data = NULL;
733         dl_list_del(&bss->wiphy_list);
735         /* still any for this drv present? */
736         dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
737                 if (tmp_bss->drv == bss->drv) {
738                         found = 1;
739                         break;
740                 }
741         }
742         /* if not remove it */
743         if (!found)
744                 dl_list_del(&bss->drv->wiphy_list);
746         if (!dl_list_empty(&w->bsss))
747                 return;
749         eloop_unregister_read_sock(nl_socket_get_fd(w->nl_beacons));
751         nl_cb_put(w->nl_cb);
752         nl_destroy_handles(&w->nl_beacons);
753         dl_list_del(&w->list);
754         os_free(w);
758 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
760         struct i802_bss *bss = priv;
761         struct wpa_driver_nl80211_data *drv = bss->drv;
762         if (!drv->associated)
763                 return -1;
764         os_memcpy(bssid, drv->bssid, ETH_ALEN);
765         return 0;
769 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
771         struct i802_bss *bss = priv;
772         struct wpa_driver_nl80211_data *drv = bss->drv;
773         if (!drv->associated)
774                 return -1;
775         os_memcpy(ssid, drv->ssid, drv->ssid_len);
776         return drv->ssid_len;
780 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
781                                           char *buf, size_t len, int del)
783         union wpa_event_data event;
785         os_memset(&event, 0, sizeof(event));
786         if (len > sizeof(event.interface_status.ifname))
787                 len = sizeof(event.interface_status.ifname) - 1;
788         os_memcpy(event.interface_status.ifname, buf, len);
789         event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
790                 EVENT_INTERFACE_ADDED;
792         wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
793                    del ? "DEL" : "NEW",
794                    event.interface_status.ifname,
795                    del ? "removed" : "added");
797         if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) {
798                 if (del) {
799                         if (drv->if_removed) {
800                                 wpa_printf(MSG_DEBUG, "nl80211: if_removed "
801                                            "already set - ignore event");
802                                 return;
803                         }
804                         drv->if_removed = 1;
805                 } else {
806                         if (if_nametoindex(drv->first_bss.ifname) == 0) {
807                                 wpa_printf(MSG_DEBUG, "nl80211: Interface %s "
808                                            "does not exist - ignore "
809                                            "RTM_NEWLINK",
810                                            drv->first_bss.ifname);
811                                 return;
812                         }
813                         if (!drv->if_removed) {
814                                 wpa_printf(MSG_DEBUG, "nl80211: if_removed "
815                                            "already cleared - ignore event");
816                                 return;
817                         }
818                         drv->if_removed = 0;
819                 }
820         }
822         wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
826 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
827                                          u8 *buf, size_t len)
829         int attrlen, rta_len;
830         struct rtattr *attr;
832         attrlen = len;
833         attr = (struct rtattr *) buf;
835         rta_len = RTA_ALIGN(sizeof(struct rtattr));
836         while (RTA_OK(attr, attrlen)) {
837                 if (attr->rta_type == IFLA_IFNAME) {
838                         if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname)
839                             == 0)
840                                 return 1;
841                         else
842                                 break;
843                 }
844                 attr = RTA_NEXT(attr, attrlen);
845         }
847         return 0;
851 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
852                                           int ifindex, u8 *buf, size_t len)
854         if (drv->ifindex == ifindex)
855                 return 1;
857         if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
858                 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname);
859                 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
860                            "interface");
861                 wpa_driver_nl80211_finish_drv_init(drv);
862                 return 1;
863         }
865         return 0;
869 static struct wpa_driver_nl80211_data *
870 nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len)
872         struct wpa_driver_nl80211_data *drv;
873         dl_list_for_each(drv, &global->interfaces,
874                          struct wpa_driver_nl80211_data, list) {
875                 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) ||
876                     have_ifidx(drv, idx))
877                         return drv;
878         }
879         return NULL;
883 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
884                                                  struct ifinfomsg *ifi,
885                                                  u8 *buf, size_t len)
887         struct nl80211_global *global = ctx;
888         struct wpa_driver_nl80211_data *drv;
889         int attrlen, rta_len;
890         struct rtattr *attr;
891         u32 brid = 0;
892         char namebuf[IFNAMSIZ];
894         drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
895         if (!drv) {
896                 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign "
897                            "ifindex %d", ifi->ifi_index);
898                 return;
899         }
901         wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
902                    "(%s%s%s%s)",
903                    drv->operstate, ifi->ifi_flags,
904                    (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
905                    (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
906                    (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
907                    (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
909         if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
910                 if (if_indextoname(ifi->ifi_index, namebuf) &&
911                     linux_iface_up(drv->global->ioctl_sock,
912                                    drv->first_bss.ifname) > 0) {
913                         wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
914                                    "event since interface %s is up", namebuf);
915                         return;
916                 }
917                 wpa_printf(MSG_DEBUG, "nl80211: Interface down");
918                 if (drv->ignore_if_down_event) {
919                         wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
920                                    "event generated by mode change");
921                         drv->ignore_if_down_event = 0;
922                 } else {
923                         drv->if_disabled = 1;
924                         wpa_supplicant_event(drv->ctx,
925                                              EVENT_INTERFACE_DISABLED, NULL);
926                 }
927         }
929         if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
930                 if (if_indextoname(ifi->ifi_index, namebuf) &&
931                     linux_iface_up(drv->global->ioctl_sock,
932                                    drv->first_bss.ifname) == 0) {
933                         wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
934                                    "event since interface %s is down",
935                                    namebuf);
936                 } else if (if_nametoindex(drv->first_bss.ifname) == 0) {
937                         wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
938                                    "event since interface %s does not exist",
939                                    drv->first_bss.ifname);
940                 } else if (drv->if_removed) {
941                         wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
942                                    "event since interface %s is marked "
943                                    "removed", drv->first_bss.ifname);
944                 } else {
945                         wpa_printf(MSG_DEBUG, "nl80211: Interface up");
946                         drv->if_disabled = 0;
947                         wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
948                                              NULL);
949                 }
950         }
952         /*
953          * Some drivers send the association event before the operup event--in
954          * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
955          * fails. This will hit us when wpa_supplicant does not need to do
956          * IEEE 802.1X authentication
957          */
958         if (drv->operstate == 1 &&
959             (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
960             !(ifi->ifi_flags & IFF_RUNNING))
961                 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
962                                        -1, IF_OPER_UP);
964         attrlen = len;
965         attr = (struct rtattr *) buf;
966         rta_len = RTA_ALIGN(sizeof(struct rtattr));
967         while (RTA_OK(attr, attrlen)) {
968                 if (attr->rta_type == IFLA_IFNAME) {
969                         wpa_driver_nl80211_event_link(
970                                 drv,
971                                 ((char *) attr) + rta_len,
972                                 attr->rta_len - rta_len, 0);
973                 } else if (attr->rta_type == IFLA_MASTER)
974                         brid = nla_get_u32((struct nlattr *) attr);
975                 attr = RTA_NEXT(attr, attrlen);
976         }
978         if (ifi->ifi_family == AF_BRIDGE && brid) {
979                 /* device has been added to bridge */
980                 if_indextoname(brid, namebuf);
981                 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
982                            brid, namebuf);
983                 add_ifidx(drv, brid);
984         }
988 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
989                                                  struct ifinfomsg *ifi,
990                                                  u8 *buf, size_t len)
992         struct nl80211_global *global = ctx;
993         struct wpa_driver_nl80211_data *drv;
994         int attrlen, rta_len;
995         struct rtattr *attr;
996         u32 brid = 0;
998         drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
999         if (!drv) {
1000                 wpa_printf(MSG_DEBUG, "nl80211: Ignore dellink event for "
1001                            "foreign ifindex %d", ifi->ifi_index);
1002                 return;
1003         }
1005         attrlen = len;
1006         attr = (struct rtattr *) buf;
1008         rta_len = RTA_ALIGN(sizeof(struct rtattr));
1009         while (RTA_OK(attr, attrlen)) {
1010                 if (attr->rta_type == IFLA_IFNAME) {
1011                         wpa_driver_nl80211_event_link(
1012                                 drv,
1013                                 ((char *) attr) + rta_len,
1014                                 attr->rta_len - rta_len, 1);
1015                 } else if (attr->rta_type == IFLA_MASTER)
1016                         brid = nla_get_u32((struct nlattr *) attr);
1017                 attr = RTA_NEXT(attr, attrlen);
1018         }
1020         if (ifi->ifi_family == AF_BRIDGE && brid) {
1021                 /* device has been removed from bridge */
1022                 char namebuf[IFNAMSIZ];
1023                 if_indextoname(brid, namebuf);
1024                 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge "
1025                            "%s", brid, namebuf);
1026                 del_ifidx(drv, brid);
1027         }
1031 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
1032                             const u8 *frame, size_t len)
1034         const struct ieee80211_mgmt *mgmt;
1035         union wpa_event_data event;
1037         mgmt = (const struct ieee80211_mgmt *) frame;
1038         if (len < 24 + sizeof(mgmt->u.auth)) {
1039                 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1040                            "frame");
1041                 return;
1042         }
1044         os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN);
1045         os_memset(&event, 0, sizeof(event));
1046         os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
1047         event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
1048         event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
1049         if (len > 24 + sizeof(mgmt->u.auth)) {
1050                 event.auth.ies = mgmt->u.auth.variable;
1051                 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
1052         }
1054         wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
1058 static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
1060         struct nl_msg *msg;
1061         int ret;
1062         struct nl80211_bss_info_arg arg;
1064         os_memset(&arg, 0, sizeof(arg));
1065         msg = nlmsg_alloc();
1066         if (!msg)
1067                 goto nla_put_failure;
1069         nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1070         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1072         arg.drv = drv;
1073         ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
1074         msg = NULL;
1075         if (ret == 0) {
1076                 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the "
1077                            "associated BSS from scan results: %u MHz",
1078                            arg.assoc_freq);
1079                 return arg.assoc_freq ? arg.assoc_freq : drv->assoc_freq;
1080         }
1081         wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1082                    "(%s)", ret, strerror(-ret));
1083 nla_put_failure:
1084         nlmsg_free(msg);
1085         return drv->assoc_freq;
1089 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
1090                             const u8 *frame, size_t len)
1092         const struct ieee80211_mgmt *mgmt;
1093         union wpa_event_data event;
1094         u16 status;
1096         mgmt = (const struct ieee80211_mgmt *) frame;
1097 #if (defined (CONFIG_AP) || defined (HOSTAPD) ) && defined (ANDROID_BRCM_P2P_PATCH)
1098         if (drv->nlmode == NL80211_IFTYPE_AP || drv->nlmode == NL80211_IFTYPE_P2P_GO) {
1099                 if (len < 24 + sizeof(mgmt->u.assoc_req)) {
1100                         wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1101                            "frame");
1102                         return;
1103                 }
1104                 os_memset(&event, 0, sizeof(event));
1105                 event.assoc_info.freq = drv->assoc_freq;
1106                 event.assoc_info.req_ies = (u8 *) mgmt->u.assoc_req.variable;
1107                 event.assoc_info.req_ies_len = len - 24 - sizeof(mgmt->u.assoc_req);
1108                 event.assoc_info.addr = mgmt->sa;
1109         } else {
1110 #endif
1111         if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
1112                 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1113                            "frame");
1114                 return;
1115         }
1117         status = le_to_host16(mgmt->u.assoc_resp.status_code);
1118         if (status != WLAN_STATUS_SUCCESS) {
1119                 os_memset(&event, 0, sizeof(event));
1120                 event.assoc_reject.bssid = mgmt->bssid;
1121                 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
1122                         event.assoc_reject.resp_ies =
1123                                 (u8 *) mgmt->u.assoc_resp.variable;
1124                         event.assoc_reject.resp_ies_len =
1125                                 len - 24 - sizeof(mgmt->u.assoc_resp);
1126                 }
1127                 event.assoc_reject.status_code = status;
1129                 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
1130                 return;
1131         }
1133         drv->associated = 1;
1134         os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
1136         os_memset(&event, 0, sizeof(event));
1137         if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
1138                 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
1139                 event.assoc_info.resp_ies_len =
1140                         len - 24 - sizeof(mgmt->u.assoc_resp);
1141         }
1143         event.assoc_info.freq = drv->assoc_freq;
1144 #if (defined (CONFIG_AP) || defined(HOSTAPD)) && defined (ANDROID_BRCM_P2P_PATCH)
1145         }
1146 #endif
1148         wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
1152 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
1153                                enum nl80211_commands cmd, struct nlattr *status,
1154                                struct nlattr *addr, struct nlattr *req_ie,
1155                                struct nlattr *resp_ie)
1157         union wpa_event_data event;
1159         if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1160                 /*
1161                  * Avoid reporting two association events that would confuse
1162                  * the core code.
1163                  */
1164                 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) "
1165                            "when using userspace SME", cmd);
1166                 return;
1167         }
1169         os_memset(&event, 0, sizeof(event));
1170         if (cmd == NL80211_CMD_CONNECT &&
1171             nla_get_u16(status) != WLAN_STATUS_SUCCESS) {
1172                 if (addr)
1173                         event.assoc_reject.bssid = nla_data(addr);
1174                 if (resp_ie) {
1175                         event.assoc_reject.resp_ies = nla_data(resp_ie);
1176                         event.assoc_reject.resp_ies_len = nla_len(resp_ie);
1177                 }
1178                 event.assoc_reject.status_code = nla_get_u16(status);
1179                 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
1180                 return;
1181         }
1183         drv->associated = 1;
1184         if (addr)
1185                 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN);
1187         if (req_ie) {
1188                 event.assoc_info.req_ies = nla_data(req_ie);
1189                 event.assoc_info.req_ies_len = nla_len(req_ie);
1190         }
1191         if (resp_ie) {
1192                 event.assoc_info.resp_ies = nla_data(resp_ie);
1193                 event.assoc_info.resp_ies_len = nla_len(resp_ie);
1194         }
1196         event.assoc_info.freq = nl80211_get_assoc_freq(drv);
1198         wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
1202 static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv,
1203                                   struct nlattr *reason, struct nlattr *addr,
1204                                   struct nlattr *by_ap)
1206         union wpa_event_data data;
1208         if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1209                 /*
1210                  * Avoid reporting two disassociation events that could
1211                  * confuse the core code.
1212                  */
1213                 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1214                            "event when using userspace SME");
1215                 return;
1216         }
1218         drv->associated = 0;
1219         os_memset(&data, 0, sizeof(data));
1220         if (reason)
1221                 data.disassoc_info.reason_code = nla_get_u16(reason);
1222         data.disassoc_info.locally_generated = by_ap == NULL;
1223         wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data);
1227 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv,
1228                                enum nl80211_commands cmd, struct nlattr *addr)
1230         union wpa_event_data event;
1231         enum wpa_event_type ev;
1233         if (nla_len(addr) != ETH_ALEN)
1234                 return;
1236         wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR,
1237                    cmd, MAC2STR((u8 *) nla_data(addr)));
1239         if (cmd == NL80211_CMD_AUTHENTICATE)
1240                 ev = EVENT_AUTH_TIMED_OUT;
1241         else if (cmd == NL80211_CMD_ASSOCIATE)
1242                 ev = EVENT_ASSOC_TIMED_OUT;
1243         else
1244                 return;
1246         os_memset(&event, 0, sizeof(event));
1247         os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN);
1248         wpa_supplicant_event(drv->ctx, ev, &event);
1252 static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv,
1253                             struct nlattr *freq, const u8 *frame, size_t len)
1255         const struct ieee80211_mgmt *mgmt;
1256         union wpa_event_data event;
1257         u16 fc, stype;
1259         mgmt = (const struct ieee80211_mgmt *) frame;
1260         if (len < 24) {
1261                 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame");
1262                 return;
1263         }
1265         fc = le_to_host16(mgmt->frame_control);
1266         stype = WLAN_FC_GET_STYPE(fc);
1268         os_memset(&event, 0, sizeof(event));
1269         if (freq) {
1270                 event.rx_action.freq = nla_get_u32(freq);
1271                 drv->last_mgmt_freq = event.rx_action.freq;
1272         }
1273         if (stype == WLAN_FC_STYPE_ACTION) {
1274                 event.rx_action.da = mgmt->da;
1275                 event.rx_action.sa = mgmt->sa;
1276                 event.rx_action.bssid = mgmt->bssid;
1277                 event.rx_action.category = mgmt->u.action.category;
1278                 event.rx_action.data = &mgmt->u.action.category + 1;
1279                 event.rx_action.len = frame + len - event.rx_action.data;
1280                 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event);
1281 #ifdef ANDROID_BRCM_P2P_PATCH
1282         } else if (stype == WLAN_FC_STYPE_ASSOC_REQ) {
1283                 mlme_event_assoc(drv, frame, len);
1284         } else if (stype == WLAN_FC_STYPE_DISASSOC) {
1285                 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, frame, len);
1286         } else if (stype == WLAN_FC_STYPE_DEAUTH) {
1287                 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, frame, len);
1288 #endif /* ANDROID_BRCM_P2P_PATCH */
1289         } else {
1290                 event.rx_mgmt.frame = frame;
1291                 event.rx_mgmt.frame_len = len;
1292                 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
1293         }
1297 static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv,
1298                                       struct nlattr *cookie, const u8 *frame,
1299                                       size_t len, struct nlattr *ack)
1301         union wpa_event_data event;
1302         const struct ieee80211_hdr *hdr;
1303         u16 fc;
1305         if (!is_ap_interface(drv->nlmode)) {
1306                 u64 cookie_val;
1308                 if (!cookie)
1309                         return;
1311                 cookie_val = nla_get_u64(cookie);
1312                 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:"
1313                            " cookie=0%llx%s (ack=%d)",
1314                            (long long unsigned int) cookie_val,
1315                            cookie_val == drv->send_action_cookie ?
1316                            " (match)" : " (unknown)", ack != NULL);
1317                 if (cookie_val != drv->send_action_cookie)
1318                         return;
1319         }
1321         hdr = (const struct ieee80211_hdr *) frame;
1322         fc = le_to_host16(hdr->frame_control);
1324         os_memset(&event, 0, sizeof(event));
1325         event.tx_status.type = WLAN_FC_GET_TYPE(fc);
1326         event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
1327         event.tx_status.dst = hdr->addr1;
1328         event.tx_status.data = frame;
1329         event.tx_status.data_len = len;
1330         event.tx_status.ack = ack != NULL;
1331         wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event);
1335 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
1336                                        enum wpa_event_type type,
1337                                        const u8 *frame, size_t len)
1339         const struct ieee80211_mgmt *mgmt;
1340         union wpa_event_data event;
1341         const u8 *bssid = NULL;
1342         u16 reason_code = 0;
1344         mgmt = (const struct ieee80211_mgmt *) frame;
1345         if (len >= 24) {
1346                 bssid = mgmt->bssid;
1348                 if (drv->associated != 0 &&
1349                     os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
1350                     os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
1351                         /*
1352                          * We have presumably received this deauth as a
1353                          * response to a clear_state_mismatch() outgoing
1354                          * deauth.  Don't let it take us offline!
1355                          */
1356                         wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
1357                                    "from Unknown BSSID " MACSTR " -- ignoring",
1358                                    MAC2STR(bssid));
1359                         return;
1360                 }
1361         }
1363         drv->associated = 0;
1364         os_memset(&event, 0, sizeof(event));
1366         /* Note: Same offset for Reason Code in both frame subtypes */
1367         if (len >= 24 + sizeof(mgmt->u.deauth))
1368                 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1370         if (type == EVENT_DISASSOC) {
1371                 event.disassoc_info.locally_generated =
1372                         !os_memcmp(mgmt->sa, drv->first_bss.addr, ETH_ALEN);
1373 #ifdef ANDROID_BRCM_P2P_PATCH
1374                 if (is_ap_interface(drv->nlmode)) {
1375                         event.disassoc_info.addr = mgmt->sa;
1376                 } else
1377 #endif /* ANDROID_BRCM_P2P_PATCH */
1378                 event.disassoc_info.addr = bssid;
1379                 event.disassoc_info.reason_code = reason_code;
1380                 if (frame + len > mgmt->u.disassoc.variable) {
1381                         event.disassoc_info.ie = mgmt->u.disassoc.variable;
1382                         event.disassoc_info.ie_len = frame + len -
1383                                 mgmt->u.disassoc.variable;
1384                 }
1385         } else {
1386                 event.deauth_info.locally_generated =
1387                         !os_memcmp(mgmt->sa, drv->first_bss.addr, ETH_ALEN);
1388 #ifdef ANDROID_BRCM_P2P_PATCH
1389                 if (is_ap_interface(drv->nlmode)) {
1390                         event.deauth_info.addr = mgmt->sa;
1391                 } else
1392 #endif /* ANDROID_BRCM_P2P_PATCH */
1393                 event.deauth_info.addr = bssid;
1394                 event.deauth_info.reason_code = reason_code;
1395                 if (frame + len > mgmt->u.deauth.variable) {
1396                         event.deauth_info.ie = mgmt->u.deauth.variable;
1397                         event.deauth_info.ie_len = frame + len -
1398                                 mgmt->u.deauth.variable;
1399                 }
1400         }
1402         wpa_supplicant_event(drv->ctx, type, &event);
1406 static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv,
1407                                          enum wpa_event_type type,
1408                                          const u8 *frame, size_t len)
1410         const struct ieee80211_mgmt *mgmt;
1411         union wpa_event_data event;
1412         u16 reason_code = 0;
1414         if (len < 24)
1415                 return;
1417         mgmt = (const struct ieee80211_mgmt *) frame;
1419         os_memset(&event, 0, sizeof(event));
1420         /* Note: Same offset for Reason Code in both frame subtypes */
1421         if (len >= 24 + sizeof(mgmt->u.deauth))
1422                 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1424         if (type == EVENT_UNPROT_DISASSOC) {
1425                 event.unprot_disassoc.sa = mgmt->sa;
1426                 event.unprot_disassoc.da = mgmt->da;
1427                 event.unprot_disassoc.reason_code = reason_code;
1428         } else {
1429                 event.unprot_deauth.sa = mgmt->sa;
1430                 event.unprot_deauth.da = mgmt->da;
1431                 event.unprot_deauth.reason_code = reason_code;
1432         }
1434         wpa_supplicant_event(drv->ctx, type, &event);
1438 static void mlme_event(struct wpa_driver_nl80211_data *drv,
1439                        enum nl80211_commands cmd, struct nlattr *frame,
1440                        struct nlattr *addr, struct nlattr *timed_out,
1441                        struct nlattr *freq, struct nlattr *ack,
1442                        struct nlattr *cookie)
1444         if (timed_out && addr) {
1445                 mlme_timeout_event(drv, cmd, addr);
1446                 return;
1447         }
1449         if (frame == NULL) {
1450                 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame "
1451                            "data", cmd);
1452                 return;
1453         }
1455         wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd);
1456         wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
1457                     nla_data(frame), nla_len(frame));
1459         switch (cmd) {
1460         case NL80211_CMD_AUTHENTICATE:
1461                 mlme_event_auth(drv, nla_data(frame), nla_len(frame));
1462                 break;
1463         case NL80211_CMD_ASSOCIATE:
1464                 mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
1465                 break;
1466         case NL80211_CMD_DEAUTHENTICATE:
1467                 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH,
1468                                            nla_data(frame), nla_len(frame));
1469                 break;
1470         case NL80211_CMD_DISASSOCIATE:
1471                 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC,
1472                                            nla_data(frame), nla_len(frame));
1473                 break;
1474         case NL80211_CMD_FRAME:
1475                 mlme_event_mgmt(drv, freq, nla_data(frame), nla_len(frame));
1476                 break;
1477         case NL80211_CMD_FRAME_TX_STATUS:
1478                 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame),
1479                                           nla_len(frame), ack);
1480                 break;
1481         case NL80211_CMD_UNPROT_DEAUTHENTICATE:
1482                 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH,
1483                                              nla_data(frame), nla_len(frame));
1484                 break;
1485         case NL80211_CMD_UNPROT_DISASSOCIATE:
1486                 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC,
1487                                              nla_data(frame), nla_len(frame));
1488                 break;
1489         default:
1490                 break;
1491         }
1495 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv,
1496                                            struct nlattr *tb[])
1498         union wpa_event_data data;
1500         wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
1501         os_memset(&data, 0, sizeof(data));
1502         if (tb[NL80211_ATTR_MAC]) {
1503                 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
1504                             nla_data(tb[NL80211_ATTR_MAC]),
1505                             nla_len(tb[NL80211_ATTR_MAC]));
1506                 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]);
1507         }
1508         if (tb[NL80211_ATTR_KEY_SEQ]) {
1509                 wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
1510                             nla_data(tb[NL80211_ATTR_KEY_SEQ]),
1511                             nla_len(tb[NL80211_ATTR_KEY_SEQ]));
1512         }
1513         if (tb[NL80211_ATTR_KEY_TYPE]) {
1514                 enum nl80211_key_type key_type =
1515                         nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
1516                 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
1517                 if (key_type == NL80211_KEYTYPE_PAIRWISE)
1518                         data.michael_mic_failure.unicast = 1;
1519         } else
1520                 data.michael_mic_failure.unicast = 1;
1522         if (tb[NL80211_ATTR_KEY_IDX]) {
1523                 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
1524                 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
1525         }
1527         wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
1531 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv,
1532                                  struct nlattr *tb[])
1534         if (tb[NL80211_ATTR_MAC] == NULL) {
1535                 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined "
1536                            "event");
1537                 return;
1538         }
1539         os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
1540         drv->associated = 1;
1541         wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined",
1542                    MAC2STR(drv->bssid));
1544         wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
1548 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv,
1549                                          int cancel_event, struct nlattr *tb[])
1551         unsigned int freq, chan_type, duration;
1552         union wpa_event_data data;
1553         u64 cookie;
1555         if (tb[NL80211_ATTR_WIPHY_FREQ])
1556                 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
1557         else
1558                 freq = 0;
1560         if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
1561                 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1562         else
1563                 chan_type = 0;
1565         if (tb[NL80211_ATTR_DURATION])
1566                 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]);
1567         else
1568                 duration = 0;
1570         if (tb[NL80211_ATTR_COOKIE])
1571                 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
1572         else
1573                 cookie = 0;
1575         wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d "
1576                    "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))",
1577                    cancel_event, freq, chan_type, duration,
1578                    (long long unsigned int) cookie,
1579                    cookie == drv->remain_on_chan_cookie ? "match" : "unknown");
1581         if (cookie != drv->remain_on_chan_cookie)
1582                 return; /* not for us */
1584         if (cancel_event)
1585                 drv->pending_remain_on_chan = 0;
1587         os_memset(&data, 0, sizeof(data));
1588         data.remain_on_channel.freq = freq;
1589         data.remain_on_channel.duration = duration;
1590         wpa_supplicant_event(drv->ctx, cancel_event ?
1591                              EVENT_CANCEL_REMAIN_ON_CHANNEL :
1592                              EVENT_REMAIN_ON_CHANNEL, &data);
1596 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
1597                             struct nlattr *tb[])
1599         union wpa_event_data event;
1600         struct nlattr *nl;
1601         int rem;
1602         struct scan_info *info;
1603 #define MAX_REPORT_FREQS 50
1604         int freqs[MAX_REPORT_FREQS];
1605         int num_freqs = 0;
1607         if (drv->scan_for_auth) {
1608                 drv->scan_for_auth = 0;
1609                 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing "
1610                            "cfg80211 BSS entry");
1611                 wpa_driver_nl80211_authenticate_retry(drv);
1612                 return;
1613         }
1615         os_memset(&event, 0, sizeof(event));
1616         info = &event.scan_info;
1617         info->aborted = aborted;
1619         if (tb[NL80211_ATTR_SCAN_SSIDS]) {
1620                 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
1621                         struct wpa_driver_scan_ssid *s =
1622                                 &info->ssids[info->num_ssids];
1623                         s->ssid = nla_data(nl);
1624                         s->ssid_len = nla_len(nl);
1625                         info->num_ssids++;
1626                         if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
1627                                 break;
1628                 }
1629         }
1630         if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
1631                 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem)
1632                 {
1633                         freqs[num_freqs] = nla_get_u32(nl);
1634                         num_freqs++;
1635                         if (num_freqs == MAX_REPORT_FREQS - 1)
1636                                 break;
1637                 }
1638                 info->freqs = freqs;
1639                 info->num_freqs = num_freqs;
1640         }
1641         wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
1645 static int get_link_signal(struct nl_msg *msg, void *arg)
1647         struct nlattr *tb[NL80211_ATTR_MAX + 1];
1648         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1649         struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
1650         static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
1651                 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
1652         };
1653         struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1];
1654         static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
1655                 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
1656                 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
1657                 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG },
1658                 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
1659         };
1660         struct wpa_signal_info *sig_change = arg;
1662         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1663                   genlmsg_attrlen(gnlh, 0), NULL);
1664         if (!tb[NL80211_ATTR_STA_INFO] ||
1665             nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
1666                              tb[NL80211_ATTR_STA_INFO], policy))
1667                 return NL_SKIP;
1668         if (!sinfo[NL80211_STA_INFO_SIGNAL])
1669                 return NL_SKIP;
1671         sig_change->current_signal =
1672                 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
1674         if (sinfo[NL80211_STA_INFO_TX_BITRATE]) {
1675                 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX,
1676                                      sinfo[NL80211_STA_INFO_TX_BITRATE],
1677                                      rate_policy)) {
1678                         sig_change->current_txrate = 0;
1679                 } else {
1680                         if (rinfo[NL80211_RATE_INFO_BITRATE]) {
1681                                 sig_change->current_txrate =
1682                                         nla_get_u16(rinfo[
1683                                              NL80211_RATE_INFO_BITRATE]) * 100;
1684                         }
1685                 }
1686         }
1688         return NL_SKIP;
1692 static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
1693                                    struct wpa_signal_info *sig)
1695         struct nl_msg *msg;
1697         sig->current_signal = -9999;
1698         sig->current_txrate = 0;
1700         msg = nlmsg_alloc();
1701         if (!msg)
1702                 return -ENOMEM;
1704         nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION);
1706         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1707         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
1709         return send_and_recv_msgs(drv, msg, get_link_signal, sig);
1710  nla_put_failure:
1711         nlmsg_free(msg);
1712         return -ENOBUFS;
1716 static int get_link_noise(struct nl_msg *msg, void *arg)
1718         struct nlattr *tb[NL80211_ATTR_MAX + 1];
1719         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1720         struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1721         static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1722                 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1723                 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1724         };
1725         struct wpa_signal_info *sig_change = arg;
1727         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1728                   genlmsg_attrlen(gnlh, 0), NULL);
1730         if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1731                 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
1732                 return NL_SKIP;
1733         }
1735         if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1736                              tb[NL80211_ATTR_SURVEY_INFO],
1737                              survey_policy)) {
1738                 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
1739                            "attributes!");
1740                 return NL_SKIP;
1741         }
1743         if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1744                 return NL_SKIP;
1746         if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1747             sig_change->frequency)
1748                 return NL_SKIP;
1750         if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1751                 return NL_SKIP;
1753         sig_change->current_noise =
1754                 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1756         return NL_SKIP;
1760 static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
1761                                   struct wpa_signal_info *sig_change)
1763         struct nl_msg *msg;
1765         sig_change->current_noise = 9999;
1766         sig_change->frequency = drv->assoc_freq;
1768         msg = nlmsg_alloc();
1769         if (!msg)
1770                 return -ENOMEM;
1772         nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
1774         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1776         return send_and_recv_msgs(drv, msg, get_link_noise, sig_change);
1777  nla_put_failure:
1778         nlmsg_free(msg);
1779         return -ENOBUFS;
1783 static int get_noise_for_scan_results(struct nl_msg *msg, void *arg)
1785         struct nlattr *tb[NL80211_ATTR_MAX + 1];
1786         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1787         struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1788         static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1789                 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1790                 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1791         };
1792         struct wpa_scan_results *scan_results = arg;
1793         struct wpa_scan_res *scan_res;
1794         size_t i;
1796         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1797                   genlmsg_attrlen(gnlh, 0), NULL);
1799         if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1800                 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing");
1801                 return NL_SKIP;
1802         }
1804         if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1805                              tb[NL80211_ATTR_SURVEY_INFO],
1806                              survey_policy)) {
1807                 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested "
1808                            "attributes");
1809                 return NL_SKIP;
1810         }
1812         if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1813                 return NL_SKIP;
1815         if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1816                 return NL_SKIP;
1818         for (i = 0; i < scan_results->num; ++i) {
1819                 scan_res = scan_results->res[i];
1820                 if (!scan_res)
1821                         continue;
1822                 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1823                     scan_res->freq)
1824                         continue;
1825                 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID))
1826                         continue;
1827                 scan_res->noise = (s8)
1828                         nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1829                 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID;
1830         }
1832         return NL_SKIP;
1836 static int nl80211_get_noise_for_scan_results(
1837         struct wpa_driver_nl80211_data *drv,
1838         struct wpa_scan_results *scan_res)
1840         struct nl_msg *msg;
1842         msg = nlmsg_alloc();
1843         if (!msg)
1844                 return -ENOMEM;
1846         nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
1848         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1850         return send_and_recv_msgs(drv, msg, get_noise_for_scan_results,
1851                                   scan_res);
1852  nla_put_failure:
1853         nlmsg_free(msg);
1854         return -ENOBUFS;
1858 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv,
1859                               struct nlattr *tb[])
1861         static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
1862                 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
1863                 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 },
1864                 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
1865                 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 },
1866         };
1867         struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1];
1868         enum nl80211_cqm_rssi_threshold_event event;
1869         union wpa_event_data ed;
1870         struct wpa_signal_info sig;
1871         int res;
1873         if (tb[NL80211_ATTR_CQM] == NULL ||
1874             nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM],
1875                              cqm_policy)) {
1876                 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event");
1877                 return;
1878         }
1880         os_memset(&ed, 0, sizeof(ed));
1882         if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) {
1883                 if (!tb[NL80211_ATTR_MAC])
1884                         return;
1885                 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]),
1886                           ETH_ALEN);
1887                 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed);
1888                 return;
1889         }
1891         if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL)
1892                 return;
1893         event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]);
1895         if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) {
1896                 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1897                            "event: RSSI high");
1898                 ed.signal_change.above_threshold = 1;
1899         } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) {
1900                 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1901                            "event: RSSI low");
1902                 ed.signal_change.above_threshold = 0;
1903         } else if (event == NL80211_CQM_RSSI_BEACON_LOSS) {
1904                 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1905                            "event: beacon loss!");
1906                 wpa_supplicant_event(drv->ctx, EVENT_START_ROAMING, &ed);
1907         } else
1908                 return;
1910         res = nl80211_get_link_signal(drv, &sig);
1911         if (res == 0) {
1912                 ed.signal_change.current_signal = sig.current_signal;
1913                 ed.signal_change.current_txrate = sig.current_txrate;
1914                 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm  txrate: %d",
1915                            sig.current_signal, sig.current_txrate);
1916         }
1918         res = nl80211_get_link_noise(drv, &sig);
1919         if (res == 0) {
1920                 ed.signal_change.current_noise = sig.current_noise;
1921                 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm",
1922                            sig.current_noise);
1923         }
1925         wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed);
1929 static void nl80211_roaming_support_event(struct wpa_driver_nl80211_data *drv,
1930                                           struct nlattr *tb[])
1932         int enabled;
1933         enum wpa_event_type event;
1935         enabled = (tb[NL80211_ATTR_ROAMING_DISABLED] == NULL);
1937         if (enabled)
1938                 event = EVENT_ROAMING_ENABLED;
1939         else
1940                 event = EVENT_ROAMING_DISABLED;
1942         wpa_printf(MSG_DEBUG, "nl80211: roaming %s",
1943                    enabled ? "enabled" : "disabled");
1945         wpa_supplicant_event(drv->ctx, event, NULL);
1948 static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv,
1949                                       struct nlattr **tb)
1951         u8 *addr;
1952         union wpa_event_data data;
1954         if (tb[NL80211_ATTR_MAC] == NULL)
1955                 return;
1956         addr = nla_data(tb[NL80211_ATTR_MAC]);
1957         wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr));
1959         if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
1960                 u8 *ies = NULL;
1961                 size_t ies_len = 0;
1962                 if (tb[NL80211_ATTR_IE]) {
1963                         ies = nla_data(tb[NL80211_ATTR_IE]);
1964                         ies_len = nla_len(tb[NL80211_ATTR_IE]);
1965                 }
1966                 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len);
1967                 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0);
1968                 return;
1969         }
1971         if (drv->nlmode != NL80211_IFTYPE_ADHOC)
1972                 return;
1974         os_memset(&data, 0, sizeof(data));
1975         os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN);
1976         wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data);
1980 static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv,
1981                                       struct nlattr **tb)
1983         u8 *addr;
1984         union wpa_event_data data;
1986         if (tb[NL80211_ATTR_MAC] == NULL)
1987                 return;
1988         addr = nla_data(tb[NL80211_ATTR_MAC]);
1989         wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR,
1990                    MAC2STR(addr));
1992         if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
1993                 drv_event_disassoc(drv->ctx, addr);
1994                 return;
1995         }
1997         if (drv->nlmode != NL80211_IFTYPE_ADHOC)
1998                 return;
2000         os_memset(&data, 0, sizeof(data));
2001         os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN);
2002         wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data);
2006 static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv,
2007                                         struct nlattr **tb)
2009         struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA];
2010         static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = {
2011                 [NL80211_REKEY_DATA_KEK] = {
2012                         .minlen = NL80211_KEK_LEN,
2013                         .maxlen = NL80211_KEK_LEN,
2014                 },
2015                 [NL80211_REKEY_DATA_KCK] = {
2016                         .minlen = NL80211_KCK_LEN,
2017                         .maxlen = NL80211_KCK_LEN,
2018                 },
2019                 [NL80211_REKEY_DATA_REPLAY_CTR] = {
2020                         .minlen = NL80211_REPLAY_CTR_LEN,
2021                         .maxlen = NL80211_REPLAY_CTR_LEN,
2022                 },
2023         };
2024         union wpa_event_data data;
2026         if (!tb[NL80211_ATTR_MAC])
2027                 return;
2028         if (!tb[NL80211_ATTR_REKEY_DATA])
2029                 return;
2030         if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA,
2031                              tb[NL80211_ATTR_REKEY_DATA], rekey_policy))
2032                 return;
2033         if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR])
2034                 return;
2036         os_memset(&data, 0, sizeof(data));
2037         data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]);
2038         wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR,
2039                    MAC2STR(data.driver_gtk_rekey.bssid));
2040         data.driver_gtk_rekey.replay_ctr =
2041                 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]);
2042         wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter",
2043                     data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN);
2044         wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data);
2048 static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv,
2049                                           struct nlattr **tb)
2051         struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE];
2052         static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = {
2053                 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 },
2054                 [NL80211_PMKSA_CANDIDATE_BSSID] = {
2055                         .minlen = ETH_ALEN,
2056                         .maxlen = ETH_ALEN,
2057                 },
2058                 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG },
2059         };
2060         union wpa_event_data data;
2062         if (!tb[NL80211_ATTR_PMKSA_CANDIDATE])
2063                 return;
2064         if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE,
2065                              tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy))
2066                 return;
2067         if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] ||
2068             !cand[NL80211_PMKSA_CANDIDATE_BSSID])
2069                 return;
2071         os_memset(&data, 0, sizeof(data));
2072         os_memcpy(data.pmkid_candidate.bssid,
2073                   nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN);
2074         data.pmkid_candidate.index =
2075                 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]);
2076         data.pmkid_candidate.preauth =
2077                 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL;
2078         wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
2082 static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv,
2083                                        struct nlattr **tb)
2085         union wpa_event_data data;
2087         if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK])
2088                 return;
2090         os_memset(&data, 0, sizeof(data));
2091         os_memcpy(data.client_poll.addr,
2092                   nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2094         wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data);
2098 static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb,
2099                                    int wds)
2101         struct wpa_driver_nl80211_data *drv = bss->drv;
2102         union wpa_event_data event;
2104         if (!tb[NL80211_ATTR_MAC])
2105                 return;
2107         os_memset(&event, 0, sizeof(event));
2108         event.rx_from_unknown.bssid = bss->addr;
2109         event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]);
2110         event.rx_from_unknown.wds = wds;
2112         wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
2116 static void do_process_drv_event(struct wpa_driver_nl80211_data *drv,
2117                                  int cmd, struct nlattr **tb)
2119         if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED &&
2120             (cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
2121              cmd == NL80211_CMD_SCAN_ABORTED)) {
2122                 wpa_driver_nl80211_set_mode(&drv->first_bss,
2123                                             drv->ap_scan_as_station);
2124                 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
2125         }
2127         switch (cmd) {
2128         case NL80211_CMD_TRIGGER_SCAN:
2129                 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger");
2130                 break;
2131         case NL80211_CMD_START_SCHED_SCAN:
2132                 wpa_printf(MSG_DEBUG, "nl80211: Sched scan started");
2133                 break;
2134         case NL80211_CMD_SCHED_SCAN_STOPPED:
2135                 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stopped");
2136                 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL);
2137                 break;
2138         case NL80211_CMD_NEW_SCAN_RESULTS:
2139                 wpa_printf(MSG_DEBUG, "nl80211: New scan results available");
2140                 drv->scan_complete_events = 1;
2141                 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
2142                                      drv->ctx);
2143                 send_scan_event(drv, 0, tb);
2144                 break;
2145         case NL80211_CMD_SCHED_SCAN_RESULTS:
2146                 wpa_printf(MSG_DEBUG,
2147                            "nl80211: New sched scan results available");
2148                 send_scan_event(drv, 0, tb);
2149                 break;
2150         case NL80211_CMD_SCAN_ABORTED:
2151                 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted");
2152                 /*
2153                  * Need to indicate that scan results are available in order
2154                  * not to make wpa_supplicant stop its scanning.
2155                  */
2156                 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
2157                                      drv->ctx);
2158                 send_scan_event(drv, 1, tb);
2159                 break;
2160         case NL80211_CMD_AUTHENTICATE:
2161         case NL80211_CMD_ASSOCIATE:
2162         case NL80211_CMD_DEAUTHENTICATE:
2163         case NL80211_CMD_DISASSOCIATE:
2164         case NL80211_CMD_FRAME_TX_STATUS:
2165         case NL80211_CMD_UNPROT_DEAUTHENTICATE:
2166         case NL80211_CMD_UNPROT_DISASSOCIATE:
2167                 mlme_event(drv, cmd, tb[NL80211_ATTR_FRAME],
2168                            tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
2169                            tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
2170                            tb[NL80211_ATTR_COOKIE]);
2171                 break;
2172         case NL80211_CMD_CONNECT:
2173         case NL80211_CMD_ROAM:
2174                 mlme_event_connect(drv, cmd,
2175                                    tb[NL80211_ATTR_STATUS_CODE],
2176                                    tb[NL80211_ATTR_MAC],
2177                                    tb[NL80211_ATTR_REQ_IE],
2178                                    tb[NL80211_ATTR_RESP_IE]);
2179                 break;
2180         case NL80211_CMD_DISCONNECT:
2181                 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE],
2182                                       tb[NL80211_ATTR_MAC],
2183                                       tb[NL80211_ATTR_DISCONNECTED_BY_AP]);
2184                 break;
2185         case NL80211_CMD_MICHAEL_MIC_FAILURE:
2186                 mlme_event_michael_mic_failure(drv, tb);
2187                 break;
2188         case NL80211_CMD_JOIN_IBSS:
2189                 mlme_event_join_ibss(drv, tb);
2190                 break;
2191         case NL80211_CMD_REMAIN_ON_CHANNEL:
2192                 mlme_event_remain_on_channel(drv, 0, tb);
2193                 break;
2194         case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL:
2195                 mlme_event_remain_on_channel(drv, 1, tb);
2196                 break;
2197         case NL80211_CMD_NOTIFY_CQM:
2198                 nl80211_cqm_event(drv, tb);
2199                 break;
2200         case NL80211_CMD_ROAMING_SUPPORT:
2201                 nl80211_roaming_support_event(drv, tb);
2202                 break;
2203         case NL80211_CMD_REG_CHANGE:
2204                 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change");
2205                 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
2206                                      NULL);
2207                 break;
2208         case NL80211_CMD_REG_BEACON_HINT:
2209                 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
2210                 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
2211                                      NULL);
2212                 break;
2213         case NL80211_CMD_NEW_STATION:
2214                 nl80211_new_station_event(drv, tb);
2215                 break;
2216         case NL80211_CMD_DEL_STATION:
2217                 nl80211_del_station_event(drv, tb);
2218                 break;
2219         case NL80211_CMD_SET_REKEY_OFFLOAD:
2220                 nl80211_rekey_offload_event(drv, tb);
2221                 break;
2222         case NL80211_CMD_PMKSA_CANDIDATE:
2223                 nl80211_pmksa_candidate_event(drv, tb);
2224                 break;
2225         case NL80211_CMD_PROBE_CLIENT:
2226                 nl80211_client_probe_event(drv, tb);
2227                 break;
2228         default:
2229                 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
2230                            "(cmd=%d)", cmd);
2231                 break;
2232         }
2236 static int process_drv_event(struct nl_msg *msg, void *arg)
2238         struct wpa_driver_nl80211_data *drv = arg;
2239         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2240         struct nlattr *tb[NL80211_ATTR_MAX + 1];
2242         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2243                   genlmsg_attrlen(gnlh, 0), NULL);
2245         if (tb[NL80211_ATTR_IFINDEX]) {
2246                 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2247                 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) {
2248                         wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)"
2249                                    " for foreign interface (ifindex %d)",
2250                                    gnlh->cmd, ifindex);
2251                         return NL_SKIP;
2252                 }
2253         }
2255         do_process_drv_event(drv, gnlh->cmd, tb);
2256         return NL_SKIP;
2260 static int process_global_event(struct nl_msg *msg, void *arg)
2262         struct nl80211_global *global = arg;
2263         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2264         struct nlattr *tb[NL80211_ATTR_MAX + 1];
2265         struct wpa_driver_nl80211_data *drv;
2266         int ifidx = -1;
2268         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2269                   genlmsg_attrlen(gnlh, 0), NULL);
2271         if (tb[NL80211_ATTR_IFINDEX])
2272                 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2274         dl_list_for_each(drv, &global->interfaces,
2275                          struct wpa_driver_nl80211_data, list) {
2276                 if (ifidx == -1 || ifidx == drv->ifindex ||
2277                     have_ifidx(drv, ifidx))
2278                         do_process_drv_event(drv, gnlh->cmd, tb);
2279         }
2281         return NL_SKIP;
2285 static int process_bss_event(struct nl_msg *msg, void *arg)
2287         struct i802_bss *bss = arg;
2288         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2289         struct nlattr *tb[NL80211_ATTR_MAX + 1];
2291         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2292                   genlmsg_attrlen(gnlh, 0), NULL);
2294         switch (gnlh->cmd) {
2295         case NL80211_CMD_FRAME:
2296         case NL80211_CMD_FRAME_TX_STATUS:
2297                 mlme_event(bss->drv, gnlh->cmd, tb[NL80211_ATTR_FRAME],
2298                            tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
2299                            tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
2300                            tb[NL80211_ATTR_COOKIE]);
2301                 break;
2302         case NL80211_CMD_UNEXPECTED_FRAME:
2303                 nl80211_spurious_frame(bss, tb, 0);
2304                 break;
2305         case NL80211_CMD_UNEXPECTED_4ADDR_FRAME:
2306                 nl80211_spurious_frame(bss, tb, 1);
2307                 break;
2308         default:
2309                 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
2310                            "(cmd=%d)", gnlh->cmd);
2311                 break;
2312         }
2314         return NL_SKIP;
2318 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
2319                                              void *handle)
2321         struct nl_cb *cb = eloop_ctx;
2323         wpa_printf(MSG_DEBUG, "nl80211: Event message available");
2325         nl_recvmsgs(handle, cb);
2329 /**
2330  * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
2331  * @priv: driver_nl80211 private data
2332  * @alpha2_arg: country to which to switch to
2333  * Returns: 0 on success, -1 on failure
2334  *
2335  * This asks nl80211 to set the regulatory domain for given
2336  * country ISO / IEC alpha2.
2337  */
2338 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
2340         struct i802_bss *bss = priv;
2341         struct wpa_driver_nl80211_data *drv = bss->drv;
2342         char alpha2[3];
2343         struct nl_msg *msg;
2345         msg = nlmsg_alloc();
2346         if (!msg)
2347                 return -ENOMEM;
2349         alpha2[0] = alpha2_arg[0];
2350         alpha2[1] = alpha2_arg[1];
2351         alpha2[2] = '\0';
2353         nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG);
2355         NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
2356         if (send_and_recv_msgs(drv, msg, NULL, NULL))
2357                 return -EINVAL;
2358         return 0;
2359 nla_put_failure:
2360         nlmsg_free(msg);
2361         return -EINVAL;
2365 struct wiphy_info_data {
2366         struct wpa_driver_capa *capa;
2368         unsigned int error:1;
2369         unsigned int device_ap_sme:1;
2370         unsigned int poll_command_supported:1;
2371         unsigned int data_tx_status:1;
2372         unsigned int monitor_supported:1;
2373 };
2376 static unsigned int probe_resp_offload_support(int supp_protocols)
2378         unsigned int prot = 0;
2380         if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS)
2381                 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS;
2382         if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2)
2383                 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2;
2384         if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P)
2385                 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P;
2386         if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U)
2387                 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING;
2389         return prot;
2393 static int wiphy_info_handler(struct nl_msg *msg, void *arg)
2395         struct nlattr *tb[NL80211_ATTR_MAX + 1];
2396         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2397         struct wiphy_info_data *info = arg;
2398         int p2p_go_supported = 0, p2p_client_supported = 0;
2399         int p2p_concurrent = 0;
2400         int auth_supported = 0, connect_supported = 0;
2401         struct wpa_driver_capa *capa = info->capa;
2402         static struct nla_policy
2403         iface_combination_policy[NUM_NL80211_IFACE_COMB] = {
2404                 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED },
2405                 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 },
2406                 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG },
2407                 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 },
2408         },
2409         iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = {
2410                 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED },
2411                 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 },
2412         };
2414         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2415                   genlmsg_attrlen(gnlh, 0), NULL);
2417         if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
2418                 capa->max_scan_ssids =
2419                         nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
2421         if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS])
2422                 capa->max_sched_scan_ssids =
2423                         nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]);
2425         if (tb[NL80211_ATTR_MAX_MATCH_SETS])
2426                 capa->max_match_sets =
2427                         nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]);
2429         if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) {
2430                 struct nlattr *nl_mode;
2431                 int i;
2432                 nla_for_each_nested(nl_mode,
2433                                     tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) {
2434                         switch (nla_type(nl_mode)) {
2435                         case NL80211_IFTYPE_AP:
2436                                 capa->flags |= WPA_DRIVER_FLAGS_AP;
2437                                 break;
2438                         case NL80211_IFTYPE_P2P_GO:
2439                                 p2p_go_supported = 1;
2440                                 break;
2441                         case NL80211_IFTYPE_P2P_CLIENT:
2442                                 p2p_client_supported = 1;
2443                                 break;
2444                         case NL80211_IFTYPE_MONITOR:
2445                                 info->monitor_supported = 1;
2446                                 break;
2447                         }
2448                 }
2449         }
2451         if (tb[NL80211_ATTR_INTERFACE_COMBINATIONS]) {
2452                 struct nlattr *nl_combi;
2453                 int rem_combi;
2455                 nla_for_each_nested(nl_combi,
2456                                     tb[NL80211_ATTR_INTERFACE_COMBINATIONS],
2457                                     rem_combi) {
2458                         struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB];
2459                         struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT];
2460                         struct nlattr *nl_limit, *nl_mode;
2461                         int err, rem_limit, rem_mode;
2462                         int combination_has_p2p = 0, combination_has_mgd = 0;
2464                         err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB,
2465                                                nl_combi,
2466                                                iface_combination_policy);
2467                         if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] ||
2468                             !tb_comb[NL80211_IFACE_COMB_MAXNUM] ||
2469                             !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS])
2470                                 goto broken_combination;
2472                         nla_for_each_nested(nl_limit,
2473                                             tb_comb[NL80211_IFACE_COMB_LIMITS],
2474                                             rem_limit) {
2475                                 err = nla_parse_nested(tb_limit,
2476                                                        MAX_NL80211_IFACE_LIMIT,
2477                                                        nl_limit,
2478                                                        iface_limit_policy);
2479                                 if (err ||
2480                                     !tb_limit[NL80211_IFACE_LIMIT_TYPES])
2481                                         goto broken_combination;
2483                                 nla_for_each_nested(
2484                                         nl_mode,
2485                                         tb_limit[NL80211_IFACE_LIMIT_TYPES],
2486                                         rem_mode) {
2487                                         int ift = nla_type(nl_mode);
2488                                         if (ift == NL80211_IFTYPE_P2P_GO ||
2489                                             ift == NL80211_IFTYPE_P2P_CLIENT)
2490                                                 combination_has_p2p = 1;
2491                                         if (ift == NL80211_IFTYPE_STATION)
2492                                                 combination_has_mgd = 1;
2493                                 }
2494                                 if (combination_has_p2p && combination_has_mgd)
2495                                         break;
2496                         }
2498                         if (combination_has_p2p && combination_has_mgd) {
2499                                 p2p_concurrent = 1;
2500                                 break;
2501                         }
2503 broken_combination:
2504                         ;
2505                 }
2506         }
2508         if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) {
2509                 struct nlattr *nl_cmd;
2510                 int i;
2512                 nla_for_each_nested(nl_cmd,
2513                                     tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) {
2514                         switch (nla_get_u32(nl_cmd)) {
2515                         case NL80211_CMD_AUTHENTICATE:
2516                                 auth_supported = 1;
2517                                 break;
2518                         case NL80211_CMD_CONNECT:
2519                                 connect_supported = 1;
2520                                 break;
2521                         case NL80211_CMD_START_SCHED_SCAN:
2522                                 capa->sched_scan_supported = 1;
2523                                 break;
2524                         case NL80211_CMD_PROBE_CLIENT:
2525                                 info->poll_command_supported = 1;
2526                                 break;
2527                         }
2528                 }
2529         }
2531         if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) {
2532                 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based "
2533                            "off-channel TX");
2534                 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
2535         }
2537         if (tb[NL80211_ATTR_ROAM_SUPPORT]) {
2538                 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming");
2539                 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION;
2540         }
2542         /* default to 5000 since early versions of mac80211 don't set it */
2543         capa->max_remain_on_chan = 5000;
2545         if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD])
2546                 capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD;
2548         if (tb[NL80211_ATTR_FEATURE_FLAGS]) {
2549                 int features = nla_get_u32(tb[NL80211_ATTR_FEATURE_FLAGS]);
2550                 if (features & NL80211_FEATURE_SCHED_SCAN_INTERVALS)
2551                         capa->sched_scan_intervals_supported = 1;
2552         }
2554         if (tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION])
2555                 capa->max_remain_on_chan =
2556                         nla_get_u32(tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]);
2558         if (auth_supported)
2559                 capa->flags |= WPA_DRIVER_FLAGS_SME;
2560         else if (!connect_supported) {
2561                 wpa_printf(MSG_INFO, "nl80211: Driver does not support "
2562                            "authentication/association or connect commands");
2563                 info->error = 1;
2564         }
2566         if (p2p_go_supported && p2p_client_supported)
2567                 capa->flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE;
2568         if (p2p_concurrent) {
2569                 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
2570                            "interface (driver advertised support)");
2571                 capa->flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
2572                 capa->flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
2573         }
2575         if (tb[NL80211_ATTR_TDLS_SUPPORT]) {
2576                 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported");
2577                 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT;
2579                 if (tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]) {
2580                         wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup");
2581                         capa->flags |=
2582                                 WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP;
2583                 }
2584         }
2586         if (tb[NL80211_ATTR_DEVICE_AP_SME])
2587                 info->device_ap_sme = 1;
2589         if (tb[NL80211_ATTR_FEATURE_FLAGS]) {
2590                 u32 flags = nla_get_u32(tb[NL80211_ATTR_FEATURE_FLAGS]);
2592                 if (flags & NL80211_FEATURE_SK_TX_STATUS)
2593                         info->data_tx_status = 1;
2594         }
2596         if (tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]) {
2597                 int protocols =
2598                         nla_get_u32(tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]);
2599                 wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response "
2600                            "offload in AP mode");
2601                 capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD;
2602                 capa->probe_resp_offloads =
2603                         probe_resp_offload_support(protocols);
2604         }
2606         return NL_SKIP;
2610 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
2611                                        struct wiphy_info_data *info)
2613         struct nl_msg *msg;
2615         os_memset(info, 0, sizeof(*info));
2616         info->capa = &drv->capa;
2618         msg = nlmsg_alloc();
2619         if (!msg)
2620                 return -1;
2622         nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY);
2624         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex);
2626         if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0)
2627                 return 0;
2628         msg = NULL;
2629 nla_put_failure:
2630         nlmsg_free(msg);
2631         return -1;
2635 static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
2637         struct wiphy_info_data info;
2638         if (wpa_driver_nl80211_get_info(drv, &info))
2639                 return -1;
2641         if (info.error)
2642                 return -1;
2644         drv->has_capability = 1;
2645         /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
2646         drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
2647                 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
2648                 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
2649                 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
2650         drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
2651                 WPA_DRIVER_CAPA_ENC_WEP104 |
2652                 WPA_DRIVER_CAPA_ENC_TKIP |
2653                 WPA_DRIVER_CAPA_ENC_CCMP;
2654         drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
2655                 WPA_DRIVER_AUTH_SHARED |
2656                 WPA_DRIVER_AUTH_LEAP;
2658         drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES;
2659         drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE;
2660         drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
2661         drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS;
2663         drv->device_ap_sme = info.device_ap_sme;
2664         drv->poll_command_supported = info.poll_command_supported;
2665         drv->data_tx_status = info.data_tx_status;
2667         /*
2668          * If poll command is supported mac80211 is new enough to
2669          * have everything we need to not need monitor interfaces.
2670          */
2671         drv->use_monitor = !info.poll_command_supported;
2673         if (drv->device_ap_sme && drv->use_monitor) {
2674                 /*
2675                  * Non-mac80211 drivers may not support monitor interface.
2676                  * Make sure we do not get stuck with incorrect capability here
2677                  * by explicitly testing this.
2678                  */
2679                 if (!info.monitor_supported) {
2680                         wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor "
2681                                    "with device_ap_sme since no monitor mode "
2682                                    "support detected");
2683                         drv->use_monitor = 0;
2684                 }
2685         }
2687         /*
2688          * If we aren't going to use monitor interfaces, but the
2689          * driver doesn't support data TX status, we won't get TX
2690          * status for EAPOL frames.
2691          */
2692         if (!drv->use_monitor && !info.data_tx_status)
2693                 drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
2695         return 0;
2699 #ifdef ANDROID
2700 static int android_genl_ctrl_resolve(struct nl_handle *handle,
2701                                      const char *name)
2703         /*
2704          * Android ICS has very minimal genl_ctrl_resolve() implementation, so
2705          * need to work around that.
2706          */
2707         struct nl_cache *cache = NULL;
2708         struct genl_family *nl80211 = NULL;
2709         int id = -1;
2711         if (genl_ctrl_alloc_cache(handle, &cache) < 0) {
2712                 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
2713                            "netlink cache");
2714                 goto fail;
2715         }
2717         nl80211 = genl_ctrl_search_by_name(cache, name);
2718         if (nl80211 == NULL)
2719                 goto fail;
2721         id = genl_family_get_id(nl80211);
2723 fail:
2724         if (nl80211)
2725                 genl_family_put(nl80211);
2726         if (cache)
2727                 nl_cache_free(cache);
2729         return id;
2731 #define genl_ctrl_resolve android_genl_ctrl_resolve
2732 #endif /* ANDROID */
2735 static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
2737         int ret;
2739         global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
2740         if (global->nl_cb == NULL) {
2741                 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
2742                            "callbacks");
2743                 return -1;
2744         }
2746         global->nl = nl_create_handle(global->nl_cb, "nl");
2747         if (global->nl == NULL)
2748                 goto err;
2750         global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211");
2751         if (global->nl80211_id < 0) {
2752                 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
2753                            "found");
2754                 goto err;
2755         }
2757         global->nl_event = nl_create_handle(global->nl_cb, "event");
2758         if (global->nl_event == NULL)
2759                 goto err;
2761         ret = nl_get_multicast_id(global, "nl80211", "scan");
2762         if (ret >= 0)
2763                 ret = nl_socket_add_membership(global->nl_event, ret);
2764         if (ret < 0) {
2765                 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
2766                            "membership for scan events: %d (%s)",
2767                            ret, strerror(-ret));
2768                 goto err;
2769         }
2771         ret = nl_get_multicast_id(global, "nl80211", "mlme");
2772         if (ret >= 0)
2773                 ret = nl_socket_add_membership(global->nl_event, ret);
2774         if (ret < 0) {
2775                 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
2776                            "membership for mlme events: %d (%s)",
2777                            ret, strerror(-ret));
2778                 goto err;
2779         }
2781         ret = nl_get_multicast_id(global, "nl80211", "regulatory");
2782         if (ret >= 0)
2783                 ret = nl_socket_add_membership(global->nl_event, ret);
2784         if (ret < 0) {
2785                 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
2786                            "membership for regulatory events: %d (%s)",
2787                            ret, strerror(-ret));
2788                 /* Continue without regulatory events */
2789         }
2791         nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
2792                   no_seq_check, NULL);
2793         nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
2794                   process_global_event, global);
2796         eloop_register_read_sock(nl_socket_get_fd(global->nl_event),
2797                                  wpa_driver_nl80211_event_receive,
2798                                  global->nl_cb, global->nl_event);
2800         return 0;
2802 err:
2803         nl_destroy_handles(&global->nl_event);
2804         nl_destroy_handles(&global->nl);
2805         nl_cb_put(global->nl_cb);
2806         global->nl_cb = NULL;
2807         return -1;
2811 static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv)
2813         drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
2814         if (!drv->nl_cb) {
2815                 wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct");
2816                 return -1;
2817         }
2819         nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
2820                   no_seq_check, NULL);
2821         nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
2822                   process_drv_event, drv);
2824         return 0;
2828 static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
2830         wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
2831         /*
2832          * This may be for any interface; use ifdown event to disable
2833          * interface.
2834          */
2838 static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
2840         struct wpa_driver_nl80211_data *drv = ctx;
2841         wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
2842         if (linux_set_iface_flags(drv->global->ioctl_sock,
2843                                   drv->first_bss.ifname, 1)) {
2844                 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
2845                            "after rfkill unblock");
2846                 return;
2847         }
2848         /* rtnetlink ifup handler will report interface as enabled */
2852 static void nl80211_get_phy_name(struct wpa_driver_nl80211_data *drv)
2854         /* Find phy (radio) to which this interface belongs */
2855         char buf[90], *pos;
2856         int f, rv;
2858         drv->phyname[0] = '\0';
2859         snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name",
2860                  drv->first_bss.ifname);
2861         f = open(buf, O_RDONLY);
2862         if (f < 0) {
2863                 wpa_printf(MSG_DEBUG, "Could not open file %s: %s",
2864                            buf, strerror(errno));
2865                 return;
2866         }
2868         rv = read(f, drv->phyname, sizeof(drv->phyname) - 1);
2869         close(f);
2870         if (rv < 0) {
2871                 wpa_printf(MSG_DEBUG, "Could not read file %s: %s",
2872                            buf, strerror(errno));
2873                 return;
2874         }
2876         drv->phyname[rv] = '\0';
2877         pos = os_strchr(drv->phyname, '\n');
2878         if (pos)
2879                 *pos = '\0';
2880         wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s",
2881                    drv->first_bss.ifname, drv->phyname);
2885 static void wpa_driver_nl80211_handle_eapol_tx_status(int sock,
2886                                                       void *eloop_ctx,
2887                                                       void *handle)
2889         struct wpa_driver_nl80211_data *drv = eloop_ctx;
2890         u8 data[2048];
2891         struct msghdr msg;
2892         struct iovec entry;
2893         struct {
2894                 struct cmsghdr cm;
2895                 char control[512];
2896         } control;
2897         struct cmsghdr *cmsg;
2898         int res, found_ee = 0, found_wifi = 0, acked = 0;
2899         union wpa_event_data event;
2901         memset(&msg, 0, sizeof(msg));
2902         msg.msg_iov = &entry;
2903         msg.msg_iovlen = 1;
2904         entry.iov_base = data;
2905         entry.iov_len = sizeof(data);
2906         msg.msg_control = &control;
2907         msg.msg_controllen = sizeof(control);
2909         res = recvmsg(sock, &msg, MSG_ERRQUEUE);
2910         /* if error or not fitting 802.3 header, return */
2911         if (res < 14)
2912                 return;
2914         for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
2915         {
2916                 if (cmsg->cmsg_level == SOL_SOCKET &&
2917                     cmsg->cmsg_type == SCM_WIFI_STATUS) {
2918                         int *ack;
2920                         found_wifi = 1;
2921                         ack = (void *)CMSG_DATA(cmsg);
2922                         acked = *ack;
2923                 }
2925                 if (cmsg->cmsg_level == SOL_PACKET &&
2926                     cmsg->cmsg_type == PACKET_TX_TIMESTAMP) {
2927                         struct sock_extended_err *err =
2928                                 (struct sock_extended_err *)CMSG_DATA(cmsg);
2930                         if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS)
2931                                 found_ee = 1;
2932                 }
2933         }
2935         if (!found_ee || !found_wifi)
2936                 return;
2938         memset(&event, 0, sizeof(event));
2939         event.eapol_tx_status.dst = data;
2940         event.eapol_tx_status.data = data + 14;
2941         event.eapol_tx_status.data_len = res - 14;
2942         event.eapol_tx_status.ack = acked;
2943         wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event);
2947 static int nl80211_init_bss(struct i802_bss *bss)
2949         bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
2950         if (!bss->nl_cb)
2951                 return -1;
2953         nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
2954                   no_seq_check, NULL);
2955         nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
2956                   process_bss_event, bss);
2958         return 0;
2962 static void nl80211_destroy_bss(struct i802_bss *bss)
2964         nl_cb_put(bss->nl_cb);
2965         bss->nl_cb = NULL;
2969 /**
2970  * wpa_driver_nl80211_init - Initialize nl80211 driver interface
2971  * @ctx: context to be used when calling wpa_supplicant functions,
2972  * e.g., wpa_supplicant_event()
2973  * @ifname: interface name, e.g., wlan0
2974  * @global_priv: private driver global data from global_init()
2975  * Returns: Pointer to private data, %NULL on failure
2976  */
2977 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
2978                                       void *global_priv)
2980         struct wpa_driver_nl80211_data *drv;
2981         struct rfkill_config *rcfg;
2982         struct i802_bss *bss;
2984         if (global_priv == NULL)
2985                 return NULL;
2986         drv = os_zalloc(sizeof(*drv));
2987         if (drv == NULL)
2988                 return NULL;
2989         drv->global = global_priv;
2990         drv->ctx = ctx;
2991         bss = &drv->first_bss;
2992         bss->drv = drv;
2993         os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
2994         drv->monitor_ifidx = -1;
2995         drv->monitor_sock = -1;
2996         drv->eapol_tx_sock = -1;
2997         drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
2999         if (wpa_driver_nl80211_init_nl(drv)) {
3000                 os_free(drv);
3001                 return NULL;
3002         }
3004         if (nl80211_init_bss(bss))
3005                 goto failed;
3007         nl80211_get_phy_name(drv);
3009         rcfg = os_zalloc(sizeof(*rcfg));
3010         if (rcfg == NULL)
3011                 goto failed;
3012         rcfg->ctx = drv;
3013         os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
3014         rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
3015         rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
3016         drv->rfkill = rfkill_init(rcfg);
3017         if (drv->rfkill == NULL) {
3018                 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
3019                 os_free(rcfg);
3020         }
3022         if (wpa_driver_nl80211_finish_drv_init(drv))
3023                 goto failed;
3025         drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
3026         if (drv->eapol_tx_sock < 0)
3027                 goto failed;
3029         if (drv->data_tx_status) {
3030                 int enabled = 1;
3032                 if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS,
3033                                &enabled, sizeof(enabled)) < 0) {
3034                         wpa_printf(MSG_DEBUG,
3035                                 "nl80211: wifi status sockopt failed\n");
3036                         drv->data_tx_status = 0;
3037                         if (!drv->use_monitor)
3038                                 drv->capa.flags &=
3039                                         ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
3040                 } else {
3041                         eloop_register_read_sock(drv->eapol_tx_sock,
3042                                 wpa_driver_nl80211_handle_eapol_tx_status,
3043                                 drv, NULL);
3044                 }
3045         }
3047         if (drv->global) {
3048                 dl_list_add(&drv->global->interfaces, &drv->list);
3049                 drv->in_interface_list = 1;
3050         }
3052         return bss;
3054 failed:
3055         wpa_driver_nl80211_deinit(bss);
3056         return NULL;
3060 static int nl80211_register_frame(struct i802_bss *bss,
3061                                   struct nl_handle *nl_handle,
3062                                   u16 type, const u8 *match, size_t match_len)
3064         struct wpa_driver_nl80211_data *drv = bss->drv;
3065         struct nl_msg *msg;
3066         int ret = -1;
3068         msg = nlmsg_alloc();
3069         if (!msg)
3070                 return -1;
3072         wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x nl_handle=%p",
3073                    type, nl_handle);
3074         wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
3075                     match, match_len);
3077         nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION);
3079         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
3080         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type);
3081         NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match);
3083         ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL);
3084         msg = NULL;
3085         if (ret) {
3086                 wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
3087                            "failed (type=%u): ret=%d (%s)",
3088                            type, ret, strerror(-ret));
3089                 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
3090                             match, match_len);
3091                 goto nla_put_failure;
3092         }
3093         ret = 0;
3094 nla_put_failure:
3095         nlmsg_free(msg);
3096         return ret;
3100 static int nl80211_alloc_mgmt_handle(struct i802_bss *bss)
3102         struct wpa_driver_nl80211_data *drv = bss->drv;
3104         if (bss->nl_mgmt) {
3105                 wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting "
3106                            "already on! (nl_mgmt=%p)", bss->nl_mgmt);
3107                 return -1;
3108         }
3110         bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt");
3111         if (bss->nl_mgmt == NULL)
3112                 return -1;
3114         eloop_register_read_sock(nl_socket_get_fd(bss->nl_mgmt),
3115                                  wpa_driver_nl80211_event_receive, bss->nl_cb,
3116                                  bss->nl_mgmt);
3118         return 0;
3122 static int nl80211_register_action_frame(struct i802_bss *bss,
3123                                          const u8 *match, size_t match_len)
3125         u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
3126         return nl80211_register_frame(bss, bss->nl_mgmt,
3127                                       type, match, match_len);
3131 static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
3133         struct wpa_driver_nl80211_data *drv = bss->drv;
3135         if (nl80211_alloc_mgmt_handle(bss))
3136                 return -1;
3137         wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP "
3138                    "handle %p", bss->nl_mgmt);
3140 #if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING)
3141         /* GAS Initial Request */
3142         if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0)
3143                 return -1;
3144         /* GAS Initial Response */
3145         if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0)
3146                 return -1;
3147         /* GAS Comeback Request */
3148         if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0)
3149                 return -1;
3150         /* GAS Comeback Response */
3151         if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0)
3152                 return -1;
3153 #endif /* CONFIG_P2P || CONFIG_INTERWORKING */
3154 #ifdef CONFIG_P2P
3155         /* P2P Public Action */
3156         if (nl80211_register_action_frame(bss,
3157                                           (u8 *) "\x04\x09\x50\x6f\x9a\x09",
3158                                           6) < 0)
3159                 return -1;
3160         /* P2P Action */
3161         if (nl80211_register_action_frame(bss,
3162                                           (u8 *) "\x7f\x50\x6f\x9a\x09",
3163                                           5) < 0)
3164                 return -1;
3165 #endif /* CONFIG_P2P */
3166 #ifdef CONFIG_IEEE80211W
3167         /* SA Query Response */
3168         if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0)
3169                 return -1;
3170 #endif /* CONFIG_IEEE80211W */
3171 #ifdef CONFIG_TDLS
3172         if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) {
3173                 /* TDLS Discovery Response */
3174                 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) <
3175                     0)
3176                         return -1;
3177         }
3178 #endif /* CONFIG_TDLS */
3180         /* FT Action frames */
3181         if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
3182                 return -1;
3183         else
3184                 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
3185                         WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
3187         /* WNM - BSS Transition Management Request */
3188         if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0)
3189                 return -1;
3191         return 0;
3195 static int nl80211_register_spurious_class3(struct i802_bss *bss)
3197         struct wpa_driver_nl80211_data *drv = bss->drv;
3198         struct nl_msg *msg;
3199         int ret = -1;
3201         msg = nlmsg_alloc();
3202         if (!msg)
3203                 return -1;
3205         nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME);
3207         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
3209         ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL);
3210         msg = NULL;
3211         if (ret) {
3212                 wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 "
3213                            "failed: ret=%d (%s)",
3214                            ret, strerror(-ret));
3215                 goto nla_put_failure;
3216         }
3217         ret = 0;
3218 nla_put_failure:
3219         nlmsg_free(msg);
3220         return ret;
3224 static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss)
3226         static const int stypes[] = {
3227                 WLAN_FC_STYPE_AUTH,
3228                 WLAN_FC_STYPE_ASSOC_REQ,
3229                 WLAN_FC_STYPE_REASSOC_REQ,
3230                 WLAN_FC_STYPE_DISASSOC,
3231                 WLAN_FC_STYPE_DEAUTH,
3232                 WLAN_FC_STYPE_ACTION,
3233                 WLAN_FC_STYPE_PROBE_REQ,
3234 /* Beacon doesn't work as mac80211 doesn't currently allow
3235  * it, but it wouldn't really be the right thing anyway as
3236  * it isn't per interface ... maybe just dump the scan
3237  * results periodically for OLBC?
3238  */
3239 //              WLAN_FC_STYPE_BEACON,
3240         };
3241         unsigned int i;
3243         if (nl80211_alloc_mgmt_handle(bss))
3244                 return -1;
3245         wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
3246                    "handle %p", bss->nl_mgmt);
3248         for (i = 0; i < sizeof(stypes) / sizeof(stypes[0]); i++) {
3249                 if (nl80211_register_frame(bss, bss->nl_mgmt,
3250                                            (WLAN_FC_TYPE_MGMT << 2) |
3251                                            (stypes[i] << 4),
3252                                            NULL, 0) < 0) {
3253                         goto out_err;
3254                 }
3255         }
3257         if (nl80211_register_spurious_class3(bss))
3258                 goto out_err;
3260         if (nl80211_get_wiphy_data_ap(bss) == NULL)
3261                 goto out_err;
3263         return 0;
3265 out_err:
3266         eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt));
3267         nl_destroy_handles(&bss->nl_mgmt);
3268         return -1;
3272 static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss)
3274         if (nl80211_alloc_mgmt_handle(bss))
3275                 return -1;
3276         wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
3277                    "handle %p (device SME)", bss->nl_mgmt);
3279         if (nl80211_register_frame(bss, bss->nl_mgmt,
3280                                    (WLAN_FC_TYPE_MGMT << 2) |
3281                                    (WLAN_FC_STYPE_ACTION << 4),
3282                                    NULL, 0) < 0)
3283                 goto out_err;
3285         return 0;
3287 out_err:
3288         eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt));
3289         nl_destroy_handles(&bss->nl_mgmt);
3290         return -1;
3294 static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason)
3296         if (bss->nl_mgmt == NULL)
3297                 return;
3298         wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p "
3299                    "(%s)", bss->nl_mgmt, reason);
3300         eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt));
3301         nl_destroy_handles(&bss->nl_mgmt);
3303         nl80211_put_wiphy_data_ap(bss);
3307 static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
3309         wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
3313 static int
3314 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
3316         struct i802_bss *bss = &drv->first_bss;
3317         int send_rfkill_event = 0;
3319         drv->ifindex = if_nametoindex(bss->ifname);
3320         drv->first_bss.ifindex = drv->ifindex;
3322 #ifndef HOSTAPD
3323         /*
3324          * Make sure the interface starts up in station mode unless this is a
3325          * dynamically added interface (e.g., P2P) that was already configured
3326          * with proper iftype.
3327          */
3328         if (drv->ifindex != drv->global->if_add_ifindex &&
3329             wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION) < 0) {
3330                 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver to "
3331                            "use managed mode");
3332                 return -1;
3333         }
3335         if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) {
3336                 if (rfkill_is_blocked(drv->rfkill)) {
3337                         wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
3338                                    "interface '%s' due to rfkill",
3339                                    bss->ifname);
3340                         drv->if_disabled = 1;
3341                         send_rfkill_event = 1;
3342                 } else {
3343                         wpa_printf(MSG_ERROR, "nl80211: Could not set "
3344                                    "interface '%s' UP", bss->ifname);
3345                         return -1;
3346                 }
3347         }
3349         netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
3350                                1, IF_OPER_DORMANT);
3351 #endif /* HOSTAPD */
3353         if (wpa_driver_nl80211_capa(drv))
3354                 return -1;
3356         if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
3357                                bss->addr))
3358                 return -1;
3360         if (send_rfkill_event) {
3361                 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
3362                                        drv, drv->ctx);
3363         }
3365         return 0;
3369 static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
3371         struct nl_msg *msg;
3373         msg = nlmsg_alloc();
3374         if (!msg)
3375                 return -ENOMEM;
3377         nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON);
3378         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3380         return send_and_recv_msgs(drv, msg, NULL, NULL);
3381  nla_put_failure:
3382         nlmsg_free(msg);
3383         return -ENOBUFS;
3387 /**
3388  * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
3389  * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init()
3390  *
3391  * Shut down driver interface and processing of driver events. Free
3392  * private data buffer if one was allocated in wpa_driver_nl80211_init().
3393  */
3394 static void wpa_driver_nl80211_deinit(void *priv)
3396         struct i802_bss *bss = priv;
3397         struct wpa_driver_nl80211_data *drv = bss->drv;
3399         if (drv->data_tx_status)
3400                 eloop_unregister_read_sock(drv->eapol_tx_sock);
3401         if (drv->eapol_tx_sock >= 0)
3402                 close(drv->eapol_tx_sock);
3404         if (bss->nl_preq)
3405                 wpa_driver_nl80211_probe_req_report(bss, 0);
3406         if (bss->added_if_into_bridge) {
3407                 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
3408                                     bss->ifname) < 0)
3409                         wpa_printf(MSG_INFO, "nl80211: Failed to remove "
3410                                    "interface %s from bridge %s: %s",
3411                                    bss->ifname, bss->brname, strerror(errno));
3412         }
3413         if (bss->added_bridge) {
3414                 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
3415                         wpa_printf(MSG_INFO, "nl80211: Failed to remove "
3416                                    "bridge %s: %s",
3417                                    bss->brname, strerror(errno));
3418         }
3420         nl80211_remove_monitor_interface(drv);
3422         if (is_ap_interface(drv->nlmode))
3423                 wpa_driver_nl80211_del_beacon(drv);
3425 #ifdef HOSTAPD
3426         if (drv->last_freq_ht) {
3427                 /* Clear HT flags from the driver */
3428                 struct hostapd_freq_params freq;
3429                 os_memset(&freq, 0, sizeof(freq));
3430                 freq.freq = drv->last_freq;
3431                 i802_set_freq(priv, &freq);
3432         }
3434         if (drv->eapol_sock >= 0) {
3435                 eloop_unregister_read_sock(drv->eapol_sock);
3436                 close(drv->eapol_sock);
3437         }
3439         if (drv->if_indices != drv->default_if_indices)
3440                 os_free(drv->if_indices);
3441 #endif /* HOSTAPD */
3443         if (drv->disabled_11b_rates)
3444                 nl80211_disable_11b_rates(drv, drv->ifindex, 0);
3446         netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0,
3447                                IF_OPER_UP);
3448         rfkill_deinit(drv->rfkill);
3450         eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
3452         (void) linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0);
3453         wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION);
3454         nl80211_mgmt_unsubscribe(bss, "deinit");
3456         nl_cb_put(drv->nl_cb);
3458         nl80211_destroy_bss(&drv->first_bss);
3460         os_free(drv->filter_ssids);
3462         os_free(drv->auth_ie);
3464         if (drv->in_interface_list)
3465                 dl_list_del(&drv->list);
3467         os_free(drv);
3471 /**
3472  * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
3473  * @eloop_ctx: Driver private data
3474  * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
3475  *
3476  * This function can be used as registered timeout when starting a scan to
3477  * generate a scan completed event if the driver does not report this.
3478  */
3479 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
3481         struct wpa_driver_nl80211_data *drv = eloop_ctx;
3482         if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) {
3483                 wpa_driver_nl80211_set_mode(&drv->first_bss,
3484                                             drv->ap_scan_as_station);
3485                 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
3486         }
3487         wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
3488         wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
3492 /**
3493  * wpa_driver_nl80211_scan - Request the driver to initiate scan
3494  * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
3495  * @params: Scan parameters
3496  * Returns: 0 on success, -1 on failure
3497  */
3498 static int wpa_driver_nl80211_scan(void *priv,
3499                                    struct wpa_driver_scan_params *params)
3501         struct i802_bss *bss = priv;
3502         struct wpa_driver_nl80211_data *drv = bss->drv;
3503         int ret = 0, timeout;
3504         struct nl_msg *msg, *ssids, *freqs, *rates;
3505         size_t i;
3507         drv->scan_for_auth = 0;
3509         msg = nlmsg_alloc();
3510         ssids = nlmsg_alloc();
3511         freqs = nlmsg_alloc();
3512         rates = nlmsg_alloc();
3513         if (!msg || !ssids || !freqs || !rates) {
3514                 nlmsg_free(msg);
3515                 nlmsg_free(ssids);
3516                 nlmsg_free(freqs);
3517                 nlmsg_free(rates);
3518                 return -1;
3519         }
3521         os_free(drv->filter_ssids);
3522         drv->filter_ssids = params->filter_ssids;
3523         params->filter_ssids = NULL;
3524         drv->num_filter_ssids = params->num_filter_ssids;
3526         nl80211_cmd(drv, msg, 0, NL80211_CMD_TRIGGER_SCAN);
3528         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3530         for (i = 0; i < params->num_ssids; i++) {
3531                 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID",
3532                                   params->ssids[i].ssid,
3533                                   params->ssids[i].ssid_len);
3534                 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
3535                         params->ssids[i].ssid);
3536         }
3537         if (params->num_ssids)
3538                 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
3540         if (params->extra_ies) {
3541                 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
3542                             params->extra_ies, params->extra_ies_len);
3543                 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
3544                         params->extra_ies);
3545         }
3547         if (params->freqs) {
3548                 for (i = 0; params->freqs[i]; i++) {
3549                         wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
3550                                    "MHz", params->freqs[i]);
3551                         NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
3552                 }
3553                 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
3554         }
3556         if (params->p2p_probe) {
3557                 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates");
3559                 /*
3560                  * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
3561                  * by masking out everything else apart from the OFDM rates 6,
3562                  * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
3563                  * rates are left enabled.
3564                  */
3565                 NLA_PUT(rates, NL80211_BAND_2GHZ, 8,
3566                         "\x0c\x12\x18\x24\x30\x48\x60\x6c");
3567                 nla_put_nested(msg, NL80211_ATTR_SCAN_SUPP_RATES, rates);
3569                 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE);
3570         }
3572         ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3573         msg = NULL;
3574         if (ret) {
3575                 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
3576                            "(%s)", ret, strerror(-ret));
3577 #ifdef HOSTAPD
3578                 if (is_ap_interface(drv->nlmode)) {
3579                         /*
3580                          * mac80211 does not allow scan requests in AP mode, so
3581                          * try to do this in station mode.
3582                          */
3583                         if (wpa_driver_nl80211_set_mode(
3584                                     bss, NL80211_IFTYPE_STATION))
3585                                 goto nla_put_failure;
3587                         if (wpa_driver_nl80211_scan(drv, params)) {
3588                                 wpa_driver_nl80211_set_mode(bss, drv->nlmode);
3589                                 goto nla_put_failure;
3590                         }
3592                         /* Restore AP mode when processing scan results */
3593                         drv->ap_scan_as_station = drv->nlmode;
3594                         ret = 0;
3595                 } else
3596                         goto nla_put_failure;
3597 #else /* HOSTAPD */
3598                 goto nla_put_failure;
3599 #endif /* HOSTAPD */
3600         }
3602         /* Not all drivers generate "scan completed" wireless event, so try to
3603          * read results after a timeout. */
3604         timeout = 10;
3605         if (drv->scan_complete_events) {
3606                 /*
3607                  * The driver seems to deliver events to notify when scan is
3608                  * complete, so use longer timeout to avoid race conditions
3609                  * with scanning and following association request.
3610                  */
3611                 timeout = 30;
3612         }
3613         wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
3614                    "seconds", ret, timeout);
3615         eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
3616         eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
3617                                drv, drv->ctx);
3619 nla_put_failure:
3620         nlmsg_free(ssids);
3621         nlmsg_free(msg);
3622