1 /*
2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009-2010, Atheros Communications
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 *
13 * Alternatively, this software may be distributed under the terms of BSD
14 * license.
15 *
16 * See README and COPYING for more details.
17 */
19 #include "includes.h"
20 #include <sys/ioctl.h>
21 #include <sys/types.h>
22 #include <sys/stat.h>
23 #include <fcntl.h>
24 #include <net/if.h>
25 #include <netlink/genl/genl.h>
26 #include <netlink/genl/family.h>
27 #include <netlink/genl/ctrl.h>
28 #include <linux/rtnetlink.h>
29 #include <netpacket/packet.h>
30 #include <linux/filter.h>
31 #include "nl80211_copy.h"
33 #include "common.h"
34 #include "eloop.h"
35 #include "utils/list.h"
36 #include "common/ieee802_11_defs.h"
37 #include "common/ieee802_11_common.h"
38 #include "l2_packet/l2_packet.h"
39 #include "netlink.h"
40 #include "linux_ioctl.h"
41 #include "radiotap.h"
42 #include "radiotap_iter.h"
43 #include "rfkill.h"
44 #include "driver.h"
46 #ifdef CONFIG_LIBNL20
47 /* libnl 2.0 compatibility code */
48 #define nl_handle nl_sock
49 #define nl80211_handle_alloc nl_socket_alloc_cb
50 #define nl80211_handle_destroy nl_socket_free
51 #else
52 /*
53 * libnl 1.1 has a bug, it tries to allocate socket numbers densely
54 * but when you free a socket again it will mess up its bitmap and
55 * and use the wrong number the next time it needs a socket ID.
56 * Therefore, we wrap the handle alloc/destroy and add our own pid
57 * accounting.
58 */
59 static uint32_t port_bitmap[32] = { 0 };
61 static struct nl_handle *nl80211_handle_alloc(void *cb)
62 {
63 struct nl_handle *handle;
64 uint32_t pid = getpid() & 0x3FFFFF;
65 int i;
67 handle = nl_handle_alloc_cb(cb);
69 for (i = 0; i < 1024; i++) {
70 if (port_bitmap[i / 32] & (1 << (i % 32)))
71 continue;
72 port_bitmap[i / 32] |= 1 << (i % 32);
73 pid += i << 22;
74 break;
75 }
77 nl_socket_set_local_port(handle, pid);
79 return handle;
80 }
82 static void nl80211_handle_destroy(struct nl_handle *handle)
83 {
84 uint32_t port = nl_socket_get_local_port(handle);
86 port >>= 22;
87 port_bitmap[port / 32] &= ~(1 << (port % 32));
89 nl_handle_destroy(handle);
90 }
91 #endif /* CONFIG_LIBNL20 */
94 struct nl80211_handles {
95 struct nl_handle *handle;
96 };
99 static int nl_create_handles(struct nl80211_handles *handles, struct nl_cb *cb,
100 const char *dbg)
101 {
102 if (!handles)
103 return -1;
105 handles->handle = nl80211_handle_alloc(cb);
106 if (handles->handle == NULL) {
107 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
108 "callbacks (%s)", dbg);
109 return -1;
110 }
112 if (genl_connect(handles->handle)) {
113 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
114 "netlink (%s)", dbg);
115 goto err;
116 }
118 return 0;
119 err:
120 nl80211_handle_destroy(handles->handle);
121 return -1;
122 }
125 static void nl_destroy_handles(struct nl80211_handles *handles)
126 {
127 if (handles->handle == NULL)
128 return;
129 nl80211_handle_destroy(handles->handle);
130 handles->handle = NULL;
131 }
134 #ifndef IFF_LOWER_UP
135 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
136 #endif
137 #ifndef IFF_DORMANT
138 #define IFF_DORMANT 0x20000 /* driver signals dormant */
139 #endif
141 #ifndef IF_OPER_DORMANT
142 #define IF_OPER_DORMANT 5
143 #endif
144 #ifndef IF_OPER_UP
145 #define IF_OPER_UP 6
146 #endif
148 struct nl80211_global {
149 struct dl_list interfaces;
150 int if_add_ifindex;
151 struct netlink_data *netlink;
152 struct nl_cb *nl_cb;
153 struct nl80211_handles nl;
154 int nl80211_id;
155 int ioctl_sock; /* socket for ioctl() use */
156 };
158 static void nl80211_global_deinit(void *priv);
159 static void wpa_driver_nl80211_deinit(void *priv);
161 struct i802_bss {
162 struct wpa_driver_nl80211_data *drv;
163 struct i802_bss *next;
164 int ifindex;
165 char ifname[IFNAMSIZ + 1];
166 char brname[IFNAMSIZ];
167 unsigned int beacon_set:1;
168 unsigned int added_if_into_bridge:1;
169 unsigned int added_bridge:1;
171 struct nl80211_handles nl_preq;
172 };
174 struct wpa_driver_nl80211_data {
175 struct nl80211_global *global;
176 struct dl_list list;
177 u8 addr[ETH_ALEN];
178 char phyname[32];
179 void *ctx;
180 int ifindex;
181 int if_removed;
182 int if_disabled;
183 int ignore_if_down_event;
184 struct rfkill_data *rfkill;
185 struct wpa_driver_capa capa;
186 int has_capability;
188 int operstate;
190 int scan_complete_events;
192 struct nl80211_handles nl_event;
194 u8 auth_bssid[ETH_ALEN];
195 u8 bssid[ETH_ALEN];
196 int associated;
197 u8 ssid[32];
198 size_t ssid_len;
199 enum nl80211_iftype nlmode;
200 enum nl80211_iftype ap_scan_as_station;
201 unsigned int assoc_freq;
203 int monitor_sock;
204 int monitor_ifidx;
206 unsigned int disabled_11b_rates:1;
207 unsigned int pending_remain_on_chan:1;
208 unsigned int in_interface_list:1;
209 unsigned int device_ap_sme:1;
210 unsigned int poll_command_supported:1;
212 u64 remain_on_chan_cookie;
213 u64 send_action_cookie;
215 unsigned int last_mgmt_freq;
216 unsigned int ap_oper_freq;
218 struct wpa_driver_scan_filter *filter_ssids;
219 size_t num_filter_ssids;
221 struct i802_bss first_bss;
223 #ifdef CONFIG_AP
224 int eapol_tx_sock;
225 #endif /* CONFIG_AP */
227 #ifdef HOSTAPD
228 int eapol_sock; /* socket for EAPOL frames */
230 int default_if_indices[16];
231 int *if_indices;
232 int num_if_indices;
234 int last_freq;
235 int last_freq_ht;
236 #endif /* HOSTAPD */
237 };
240 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
241 void *timeout_ctx);
242 static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
243 enum nl80211_iftype nlmode);
244 static int
245 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
246 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
247 const u8 *addr, int cmd, u16 reason_code,
248 int local_state_change);
249 static void nl80211_remove_monitor_interface(
250 struct wpa_driver_nl80211_data *drv);
251 static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv,
252 unsigned int freq, unsigned int wait,
253 const u8 *buf, size_t buf_len, u64 *cookie,
254 int no_cck, int no_ack);
255 static int wpa_driver_nl80211_probe_req_report(void *priv, int report);
257 #ifdef HOSTAPD
258 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
259 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
260 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
261 static int wpa_driver_nl80211_if_remove(void *priv,
262 enum wpa_driver_if_type type,
263 const char *ifname);
264 #else /* HOSTAPD */
265 static inline void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
266 {
267 }
269 static inline void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
270 {
271 }
273 static inline int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
274 {
275 return 0;
276 }
277 #endif /* HOSTAPD */
279 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq);
280 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
281 int ifindex, int disabled);
283 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv);
286 static int is_ap_interface(enum nl80211_iftype nlmode)
287 {
288 return (nlmode == NL80211_IFTYPE_AP ||
289 nlmode == NL80211_IFTYPE_P2P_GO);
290 }
293 static int is_sta_interface(enum nl80211_iftype nlmode)
294 {
295 return (nlmode == NL80211_IFTYPE_STATION ||
296 nlmode == NL80211_IFTYPE_P2P_CLIENT);
297 }
300 static int is_p2p_interface(enum nl80211_iftype nlmode)
301 {
302 return (nlmode == NL80211_IFTYPE_P2P_CLIENT ||
303 nlmode == NL80211_IFTYPE_P2P_GO);
304 }
307 struct nl80211_bss_info_arg {
308 struct wpa_driver_nl80211_data *drv;
309 struct wpa_scan_results *res;
310 unsigned int assoc_freq;
311 u8 assoc_bssid[ETH_ALEN];
312 };
314 static int bss_info_handler(struct nl_msg *msg, void *arg);
317 /* nl80211 code */
318 static int ack_handler(struct nl_msg *msg, void *arg)
319 {
320 int *err = arg;
321 *err = 0;
322 return NL_STOP;
323 }
325 static int finish_handler(struct nl_msg *msg, void *arg)
326 {
327 int *ret = arg;
328 *ret = 0;
329 return NL_SKIP;
330 }
332 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
333 void *arg)
334 {
335 int *ret = arg;
336 *ret = err->error;
337 return NL_SKIP;
338 }
341 static int no_seq_check(struct nl_msg *msg, void *arg)
342 {
343 return NL_OK;
344 }
347 static int send_and_recv(struct wpa_driver_nl80211_data *drv,
348 struct nl_handle *nl_handle, struct nl_msg *msg,
349 int (*valid_handler)(struct nl_msg *, void *),
350 void *valid_data)
351 {
352 struct nl_cb *cb;
353 int err = -ENOMEM;
355 cb = nl_cb_clone(drv->global->nl_cb);
356 if (!cb)
357 goto out;
359 err = nl_send_auto_complete(nl_handle, msg);
360 if (err < 0)
361 goto out;
363 err = 1;
365 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
366 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
367 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
369 if (valid_handler)
370 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
371 valid_handler, valid_data);
373 while (err > 0)
374 nl_recvmsgs(nl_handle, cb);
375 out:
376 nl_cb_put(cb);
377 nlmsg_free(msg);
378 return err;
379 }
382 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
383 struct nl_msg *msg,
384 int (*valid_handler)(struct nl_msg *, void *),
385 void *valid_data)
386 {
387 return send_and_recv(drv, drv->global->nl.handle, msg, valid_handler,
388 valid_data);
389 }
392 struct family_data {
393 const char *group;
394 int id;
395 };
398 static int family_handler(struct nl_msg *msg, void *arg)
399 {
400 struct family_data *res = arg;
401 struct nlattr *tb[CTRL_ATTR_MAX + 1];
402 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
403 struct nlattr *mcgrp;
404 int i;
406 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
407 genlmsg_attrlen(gnlh, 0), NULL);
408 if (!tb[CTRL_ATTR_MCAST_GROUPS])
409 return NL_SKIP;
411 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
412 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
413 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
414 nla_len(mcgrp), NULL);
415 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
416 !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
417 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
418 res->group,
419 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
420 continue;
421 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
422 break;
423 };
425 return NL_SKIP;
426 }
429 static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv,
430 const char *family, const char *group)
431 {
432 struct nl_msg *msg;
433 int ret = -1;
434 struct family_data res = { group, -ENOENT };
436 msg = nlmsg_alloc();
437 if (!msg)
438 return -ENOMEM;
439 genlmsg_put(msg, 0, 0,
440 genl_ctrl_resolve(drv->global->nl.handle, "nlctrl"),
441 0, 0, CTRL_CMD_GETFAMILY, 0);
442 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
444 ret = send_and_recv_msgs(drv, msg, family_handler, &res);
445 msg = NULL;
446 if (ret == 0)
447 ret = res.id;
449 nla_put_failure:
450 nlmsg_free(msg);
451 return ret;
452 }
455 static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv,
456 struct nl_msg *msg, int flags, uint8_t cmd)
457 {
458 return genlmsg_put(msg, 0, 0, drv->global->nl80211_id,
459 0, flags, cmd, 0);
460 }
463 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
464 {
465 struct i802_bss *bss = priv;
466 struct wpa_driver_nl80211_data *drv = bss->drv;
467 if (!drv->associated)
468 return -1;
469 os_memcpy(bssid, drv->bssid, ETH_ALEN);
470 return 0;
471 }
474 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
475 {
476 struct i802_bss *bss = priv;
477 struct wpa_driver_nl80211_data *drv = bss->drv;
478 if (!drv->associated)
479 return -1;
480 os_memcpy(ssid, drv->ssid, drv->ssid_len);
481 return drv->ssid_len;
482 }
485 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
486 char *buf, size_t len, int del)
487 {
488 union wpa_event_data event;
490 os_memset(&event, 0, sizeof(event));
491 if (len > sizeof(event.interface_status.ifname))
492 len = sizeof(event.interface_status.ifname) - 1;
493 os_memcpy(event.interface_status.ifname, buf, len);
494 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
495 EVENT_INTERFACE_ADDED;
497 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
498 del ? "DEL" : "NEW",
499 event.interface_status.ifname,
500 del ? "removed" : "added");
502 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) {
503 if (del)
504 drv->if_removed = 1;
505 else
506 drv->if_removed = 0;
507 }
509 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
510 }
513 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
514 u8 *buf, size_t len)
515 {
516 int attrlen, rta_len;
517 struct rtattr *attr;
519 attrlen = len;
520 attr = (struct rtattr *) buf;
522 rta_len = RTA_ALIGN(sizeof(struct rtattr));
523 while (RTA_OK(attr, attrlen)) {
524 if (attr->rta_type == IFLA_IFNAME) {
525 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname)
526 == 0)
527 return 1;
528 else
529 break;
530 }
531 attr = RTA_NEXT(attr, attrlen);
532 }
534 return 0;
535 }
538 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
539 int ifindex, u8 *buf, size_t len)
540 {
541 if (drv->ifindex == ifindex)
542 return 1;
544 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
545 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname);
546 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
547 "interface");
548 wpa_driver_nl80211_finish_drv_init(drv);
549 return 1;
550 }
552 return 0;
553 }
556 static struct wpa_driver_nl80211_data *
557 nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len)
558 {
559 struct wpa_driver_nl80211_data *drv;
560 dl_list_for_each(drv, &global->interfaces,
561 struct wpa_driver_nl80211_data, list) {
562 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) ||
563 have_ifidx(drv, idx))
564 return drv;
565 }
566 return NULL;
567 }
570 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
571 struct ifinfomsg *ifi,
572 u8 *buf, size_t len)
573 {
574 struct nl80211_global *global = ctx;
575 struct wpa_driver_nl80211_data *drv;
576 int attrlen, rta_len;
577 struct rtattr *attr;
578 u32 brid = 0;
580 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
581 if (!drv) {
582 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign "
583 "ifindex %d", ifi->ifi_index);
584 return;
585 }
587 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
588 "(%s%s%s%s)",
589 drv->operstate, ifi->ifi_flags,
590 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
591 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
592 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
593 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
595 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
596 char namebuf[IFNAMSIZ];
597 if (if_indextoname(ifi->ifi_index, namebuf) &&
598 linux_iface_up(drv->global->ioctl_sock,
599 drv->first_bss.ifname) > 0) {
600 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
601 "event since interface %s is up", namebuf);
602 return;
603 }
604 wpa_printf(MSG_DEBUG, "nl80211: Interface down");
605 if (drv->ignore_if_down_event) {
606 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
607 "event generated by mode change");
608 drv->ignore_if_down_event = 0;
609 } else {
610 drv->if_disabled = 1;
611 wpa_supplicant_event(drv->ctx,
612 EVENT_INTERFACE_DISABLED, NULL);
613 }
614 }
616 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
617 wpa_printf(MSG_DEBUG, "nl80211: Interface up");
618 drv->if_disabled = 0;
619 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL);
620 }
622 /*
623 * Some drivers send the association event before the operup event--in
624 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
625 * fails. This will hit us when wpa_supplicant does not need to do
626 * IEEE 802.1X authentication
627 */
628 if (drv->operstate == 1 &&
629 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
630 !(ifi->ifi_flags & IFF_RUNNING))
631 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
632 -1, IF_OPER_UP);
634 attrlen = len;
635 attr = (struct rtattr *) buf;
636 rta_len = RTA_ALIGN(sizeof(struct rtattr));
637 while (RTA_OK(attr, attrlen)) {
638 if (attr->rta_type == IFLA_IFNAME) {
639 wpa_driver_nl80211_event_link(
640 drv,
641 ((char *) attr) + rta_len,
642 attr->rta_len - rta_len, 0);
643 } else if (attr->rta_type == IFLA_MASTER)
644 brid = nla_get_u32((struct nlattr *) attr);
645 attr = RTA_NEXT(attr, attrlen);
646 }
648 if (ifi->ifi_family == AF_BRIDGE && brid) {
649 /* device has been added to bridge */
650 char namebuf[IFNAMSIZ];
651 if_indextoname(brid, namebuf);
652 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
653 brid, namebuf);
654 add_ifidx(drv, brid);
655 }
656 }
659 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
660 struct ifinfomsg *ifi,
661 u8 *buf, size_t len)
662 {
663 struct nl80211_global *global = ctx;
664 struct wpa_driver_nl80211_data *drv;
665 int attrlen, rta_len;
666 struct rtattr *attr;
667 u32 brid = 0;
669 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
670 if (!drv) {
671 wpa_printf(MSG_DEBUG, "nl80211: Ignore dellink event for "
672 "foreign ifindex %d", ifi->ifi_index);
673 return;
674 }
676 attrlen = len;
677 attr = (struct rtattr *) buf;
679 rta_len = RTA_ALIGN(sizeof(struct rtattr));
680 while (RTA_OK(attr, attrlen)) {
681 if (attr->rta_type == IFLA_IFNAME) {
682 wpa_driver_nl80211_event_link(
683 drv,
684 ((char *) attr) + rta_len,
685 attr->rta_len - rta_len, 1);
686 } else if (attr->rta_type == IFLA_MASTER)
687 brid = nla_get_u32((struct nlattr *) attr);
688 attr = RTA_NEXT(attr, attrlen);
689 }
691 if (ifi->ifi_family == AF_BRIDGE && brid) {
692 /* device has been removed from bridge */
693 char namebuf[IFNAMSIZ];
694 if_indextoname(brid, namebuf);
695 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge "
696 "%s", brid, namebuf);
697 del_ifidx(drv, brid);
698 }
699 }
702 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
703 const u8 *frame, size_t len)
704 {
705 const struct ieee80211_mgmt *mgmt;
706 union wpa_event_data event;
708 mgmt = (const struct ieee80211_mgmt *) frame;
709 if (len < 24 + sizeof(mgmt->u.auth)) {
710 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
711 "frame");
712 return;
713 }
715 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN);
716 os_memset(&event, 0, sizeof(event));
717 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
718 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
719 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
720 if (len > 24 + sizeof(mgmt->u.auth)) {
721 event.auth.ies = mgmt->u.auth.variable;
722 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
723 }
725 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
726 }
729 static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
730 {
731 struct nl_msg *msg;
732 int ret;
733 struct nl80211_bss_info_arg arg;
735 os_memset(&arg, 0, sizeof(arg));
736 msg = nlmsg_alloc();
737 if (!msg)
738 goto nla_put_failure;
740 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
741 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
743 arg.drv = drv;
744 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
745 msg = NULL;
746 if (ret == 0) {
747 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the "
748 "associated BSS from scan results: %u MHz",
749 arg.assoc_freq);
750 return arg.assoc_freq ? arg.assoc_freq : drv->assoc_freq;
751 }
752 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
753 "(%s)", ret, strerror(-ret));
754 nla_put_failure:
755 nlmsg_free(msg);
756 return drv->assoc_freq;
757 }
760 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
761 const u8 *frame, size_t len)
762 {
763 const struct ieee80211_mgmt *mgmt;
764 union wpa_event_data event;
765 u16 status;
767 mgmt = (const struct ieee80211_mgmt *) frame;
768 if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
769 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
770 "frame");
771 return;
772 }
774 status = le_to_host16(mgmt->u.assoc_resp.status_code);
775 if (status != WLAN_STATUS_SUCCESS) {
776 os_memset(&event, 0, sizeof(event));
777 event.assoc_reject.bssid = mgmt->bssid;
778 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
779 event.assoc_reject.resp_ies =
780 (u8 *) mgmt->u.assoc_resp.variable;
781 event.assoc_reject.resp_ies_len =
782 len - 24 - sizeof(mgmt->u.assoc_resp);
783 }
784 event.assoc_reject.status_code = status;
786 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
787 return;
788 }
790 drv->associated = 1;
791 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
793 os_memset(&event, 0, sizeof(event));
794 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
795 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
796 event.assoc_info.resp_ies_len =
797 len - 24 - sizeof(mgmt->u.assoc_resp);
798 }
800 event.assoc_info.freq = drv->assoc_freq;
802 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
803 }
806 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
807 enum nl80211_commands cmd, struct nlattr *status,
808 struct nlattr *addr, struct nlattr *req_ie,
809 struct nlattr *resp_ie)
810 {
811 union wpa_event_data event;
813 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
814 /*
815 * Avoid reporting two association events that would confuse
816 * the core code.
817 */
818 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) "
819 "when using userspace SME", cmd);
820 return;
821 }
823 os_memset(&event, 0, sizeof(event));
824 if (cmd == NL80211_CMD_CONNECT &&
825 nla_get_u16(status) != WLAN_STATUS_SUCCESS) {
826 if (addr)
827 event.assoc_reject.bssid = nla_data(addr);
828 if (resp_ie) {
829 event.assoc_reject.resp_ies = nla_data(resp_ie);
830 event.assoc_reject.resp_ies_len = nla_len(resp_ie);
831 }
832 event.assoc_reject.status_code = nla_get_u16(status);
833 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
834 return;
835 }
837 drv->associated = 1;
838 if (addr)
839 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN);
841 if (req_ie) {
842 event.assoc_info.req_ies = nla_data(req_ie);
843 event.assoc_info.req_ies_len = nla_len(req_ie);
844 }
845 if (resp_ie) {
846 event.assoc_info.resp_ies = nla_data(resp_ie);
847 event.assoc_info.resp_ies_len = nla_len(resp_ie);
848 }
850 event.assoc_info.freq = nl80211_get_assoc_freq(drv);
852 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
853 }
856 static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv,
857 struct nlattr *reason, struct nlattr *addr)
858 {
859 union wpa_event_data data;
861 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
862 /*
863 * Avoid reporting two disassociation events that could
864 * confuse the core code.
865 */
866 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
867 "event when using userspace SME");
868 return;
869 }
871 drv->associated = 0;
872 os_memset(&data, 0, sizeof(data));
873 if (reason)
874 data.disassoc_info.reason_code = nla_get_u16(reason);
875 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data);
876 }
879 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv,
880 enum nl80211_commands cmd, struct nlattr *addr)
881 {
882 union wpa_event_data event;
883 enum wpa_event_type ev;
885 if (nla_len(addr) != ETH_ALEN)
886 return;
888 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR,
889 cmd, MAC2STR((u8 *) nla_data(addr)));
891 if (cmd == NL80211_CMD_AUTHENTICATE)
892 ev = EVENT_AUTH_TIMED_OUT;
893 else if (cmd == NL80211_CMD_ASSOCIATE)
894 ev = EVENT_ASSOC_TIMED_OUT;
895 else
896 return;
898 os_memset(&event, 0, sizeof(event));
899 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN);
900 wpa_supplicant_event(drv->ctx, ev, &event);
901 }
904 static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv,
905 struct nlattr *freq, const u8 *frame, size_t len)
906 {
907 const struct ieee80211_mgmt *mgmt;
908 union wpa_event_data event;
909 u16 fc, stype;
911 mgmt = (const struct ieee80211_mgmt *) frame;
912 if (len < 24) {
913 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame");
914 return;
915 }
917 fc = le_to_host16(mgmt->frame_control);
918 stype = WLAN_FC_GET_STYPE(fc);
920 os_memset(&event, 0, sizeof(event));
921 if (freq) {
922 event.rx_action.freq = nla_get_u32(freq);
923 drv->last_mgmt_freq = event.rx_action.freq;
924 }
925 if (stype == WLAN_FC_STYPE_ACTION) {
926 event.rx_action.da = mgmt->da;
927 event.rx_action.sa = mgmt->sa;
928 event.rx_action.bssid = mgmt->bssid;
929 event.rx_action.category = mgmt->u.action.category;
930 event.rx_action.data = &mgmt->u.action.category + 1;
931 event.rx_action.len = frame + len - event.rx_action.data;
932 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event);
933 } else {
934 event.rx_mgmt.frame = frame;
935 event.rx_mgmt.frame_len = len;
936 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
937 }
938 }
941 static void mlme_event_action_tx_status(struct wpa_driver_nl80211_data *drv,
942 struct nlattr *cookie, const u8 *frame,
943 size_t len, struct nlattr *ack)
944 {
945 union wpa_event_data event;
946 const struct ieee80211_hdr *hdr;
947 u16 fc;
948 u64 cookie_val;
950 if (!cookie)
951 return;
953 cookie_val = nla_get_u64(cookie);
954 wpa_printf(MSG_DEBUG, "nl80211: Action TX status: cookie=0%llx%s "
955 "(ack=%d)",
956 (long long unsigned int) cookie_val,
957 cookie_val == drv->send_action_cookie ?
958 " (match)" : " (unknown)", ack != NULL);
959 if (cookie_val != drv->send_action_cookie)
960 return;
962 hdr = (const struct ieee80211_hdr *) frame;
963 fc = le_to_host16(hdr->frame_control);
965 os_memset(&event, 0, sizeof(event));
966 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
967 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
968 event.tx_status.dst = hdr->addr1;
969 event.tx_status.data = frame;
970 event.tx_status.data_len = len;
971 event.tx_status.ack = ack != NULL;
972 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event);
973 }
976 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
977 enum wpa_event_type type,
978 const u8 *frame, size_t len)
979 {
980 const struct ieee80211_mgmt *mgmt;
981 union wpa_event_data event;
982 const u8 *bssid = NULL;
983 u16 reason_code = 0;
985 mgmt = (const struct ieee80211_mgmt *) frame;
986 if (len >= 24) {
987 bssid = mgmt->bssid;
989 if (drv->associated != 0 &&
990 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
991 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
992 /*
993 * We have presumably received this deauth as a
994 * response to a clear_state_mismatch() outgoing
995 * deauth. Don't let it take us offline!
996 */
997 wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
998 "from Unknown BSSID " MACSTR " -- ignoring",
999 MAC2STR(bssid));
1000 return;
1001 }
1002 }
1004 drv->associated = 0;
1005 os_memset(&event, 0, sizeof(event));
1007 /* Note: Same offset for Reason Code in both frame subtypes */
1008 if (len >= 24 + sizeof(mgmt->u.deauth))
1009 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1011 if (type == EVENT_DISASSOC) {
1012 event.disassoc_info.addr = bssid;
1013 event.disassoc_info.reason_code = reason_code;
1014 if (frame + len > mgmt->u.disassoc.variable) {
1015 event.disassoc_info.ie = mgmt->u.disassoc.variable;
1016 event.disassoc_info.ie_len = frame + len -
1017 mgmt->u.disassoc.variable;
1018 }
1019 } else {
1020 event.deauth_info.addr = bssid;
1021 event.deauth_info.reason_code = reason_code;
1022 if (frame + len > mgmt->u.deauth.variable) {
1023 event.deauth_info.ie = mgmt->u.deauth.variable;
1024 event.deauth_info.ie_len = frame + len -
1025 mgmt->u.deauth.variable;
1026 }
1027 }
1029 wpa_supplicant_event(drv->ctx, type, &event);
1030 }
1033 static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv,
1034 enum wpa_event_type type,
1035 const u8 *frame, size_t len)
1036 {
1037 const struct ieee80211_mgmt *mgmt;
1038 union wpa_event_data event;
1039 u16 reason_code = 0;
1041 if (len < 24)
1042 return;
1044 mgmt = (const struct ieee80211_mgmt *) frame;
1046 os_memset(&event, 0, sizeof(event));
1047 /* Note: Same offset for Reason Code in both frame subtypes */
1048 if (len >= 24 + sizeof(mgmt->u.deauth))
1049 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1051 if (type == EVENT_UNPROT_DISASSOC) {
1052 event.unprot_disassoc.sa = mgmt->sa;
1053 event.unprot_disassoc.da = mgmt->da;
1054 event.unprot_disassoc.reason_code = reason_code;
1055 } else {
1056 event.unprot_deauth.sa = mgmt->sa;
1057 event.unprot_deauth.da = mgmt->da;
1058 event.unprot_deauth.reason_code = reason_code;
1059 }
1061 wpa_supplicant_event(drv->ctx, type, &event);
1062 }
1065 static void mlme_event(struct wpa_driver_nl80211_data *drv,
1066 enum nl80211_commands cmd, struct nlattr *frame,
1067 struct nlattr *addr, struct nlattr *timed_out,
1068 struct nlattr *freq, struct nlattr *ack,
1069 struct nlattr *cookie)
1070 {
1071 if (timed_out && addr) {
1072 mlme_timeout_event(drv, cmd, addr);
1073 return;
1074 }
1076 if (frame == NULL) {
1077 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame "
1078 "data", cmd);
1079 return;
1080 }
1082 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd);
1083 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
1084 nla_data(frame), nla_len(frame));
1086 switch (cmd) {
1087 case NL80211_CMD_AUTHENTICATE:
1088 mlme_event_auth(drv, nla_data(frame), nla_len(frame));
1089 break;
1090 case NL80211_CMD_ASSOCIATE:
1091 mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
1092 break;
1093 case NL80211_CMD_DEAUTHENTICATE:
1094 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH,
1095 nla_data(frame), nla_len(frame));
1096 break;
1097 case NL80211_CMD_DISASSOCIATE:
1098 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC,
1099 nla_data(frame), nla_len(frame));
1100 break;
1101 case NL80211_CMD_FRAME:
1102 mlme_event_mgmt(drv, freq, nla_data(frame), nla_len(frame));
1103 break;
1104 case NL80211_CMD_FRAME_TX_STATUS:
1105 mlme_event_action_tx_status(drv, cookie, nla_data(frame),
1106 nla_len(frame), ack);
1107 break;
1108 case NL80211_CMD_UNPROT_DEAUTHENTICATE:
1109 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH,
1110 nla_data(frame), nla_len(frame));
1111 break;
1112 case NL80211_CMD_UNPROT_DISASSOCIATE:
1113 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC,
1114 nla_data(frame), nla_len(frame));
1115 break;
1116 default:
1117 break;
1118 }
1119 }
1122 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv,
1123 struct nlattr *tb[])
1124 {
1125 union wpa_event_data data;
1127 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
1128 os_memset(&data, 0, sizeof(data));
1129 if (tb[NL80211_ATTR_MAC]) {
1130 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
1131 nla_data(tb[NL80211_ATTR_MAC]),
1132 nla_len(tb[NL80211_ATTR_MAC]));
1133 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]);
1134 }
1135 if (tb[NL80211_ATTR_KEY_SEQ]) {
1136 wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
1137 nla_data(tb[NL80211_ATTR_KEY_SEQ]),
1138 nla_len(tb[NL80211_ATTR_KEY_SEQ]));
1139 }
1140 if (tb[NL80211_ATTR_KEY_TYPE]) {
1141 enum nl80211_key_type key_type =
1142 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
1143 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
1144 if (key_type == NL80211_KEYTYPE_PAIRWISE)
1145 data.michael_mic_failure.unicast = 1;
1146 } else
1147 data.michael_mic_failure.unicast = 1;
1149 if (tb[NL80211_ATTR_KEY_IDX]) {
1150 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
1151 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
1152 }
1154 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
1155 }
1158 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv,
1159 struct nlattr *tb[])
1160 {
1161 if (tb[NL80211_ATTR_MAC] == NULL) {
1162 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined "
1163 "event");
1164 return;
1165 }
1166 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
1167 drv->associated = 1;
1168 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined",
1169 MAC2STR(drv->bssid));
1171 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
1172 }
1175 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv,
1176 int cancel_event, struct nlattr *tb[])
1177 {
1178 unsigned int freq, chan_type, duration;
1179 union wpa_event_data data;
1180 u64 cookie;
1182 if (tb[NL80211_ATTR_WIPHY_FREQ])
1183 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
1184 else
1185 freq = 0;
1187 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
1188 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1189 else
1190 chan_type = 0;
1192 if (tb[NL80211_ATTR_DURATION])
1193 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]);
1194 else
1195 duration = 0;
1197 if (tb[NL80211_ATTR_COOKIE])
1198 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
1199 else
1200 cookie = 0;
1202 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d "
1203 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))",
1204 cancel_event, freq, chan_type, duration,
1205 (long long unsigned int) cookie,
1206 cookie == drv->remain_on_chan_cookie ? "match" : "unknown");
1208 if (cookie != drv->remain_on_chan_cookie)
1209 return; /* not for us */
1211 if (cancel_event)
1212 drv->pending_remain_on_chan = 0;
1214 os_memset(&data, 0, sizeof(data));
1215 data.remain_on_channel.freq = freq;
1216 data.remain_on_channel.duration = duration;
1217 wpa_supplicant_event(drv->ctx, cancel_event ?
1218 EVENT_CANCEL_REMAIN_ON_CHANNEL :
1219 EVENT_REMAIN_ON_CHANNEL, &data);
1220 }
1223 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
1224 struct nlattr *tb[])
1225 {
1226 union wpa_event_data event;
1227 struct nlattr *nl;
1228 int rem;
1229 struct scan_info *info;
1230 #define MAX_REPORT_FREQS 50
1231 int freqs[MAX_REPORT_FREQS];
1232 int num_freqs = 0;
1234 os_memset(&event, 0, sizeof(event));
1235 info = &event.scan_info;
1236 info->aborted = aborted;
1238 if (tb[NL80211_ATTR_SCAN_SSIDS]) {
1239 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
1240 struct wpa_driver_scan_ssid *s =
1241 &info->ssids[info->num_ssids];
1242 s->ssid = nla_data(nl);
1243 s->ssid_len = nla_len(nl);
1244 info->num_ssids++;
1245 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
1246 break;
1247 }
1248 }
1249 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
1250 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem)
1251 {
1252 freqs[num_freqs] = nla_get_u32(nl);
1253 num_freqs++;
1254 if (num_freqs == MAX_REPORT_FREQS - 1)
1255 break;
1256 }
1257 info->freqs = freqs;
1258 info->num_freqs = num_freqs;
1259 }
1260 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
1261 }
1264 static int get_link_signal(struct nl_msg *msg, void *arg)
1265 {
1266 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1267 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1268 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
1269 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
1270 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
1271 };
1272 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1];
1273 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
1274 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
1275 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
1276 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG },
1277 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
1278 };
1279 struct wpa_signal_info *sig_change = arg;
1281 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1282 genlmsg_attrlen(gnlh, 0), NULL);
1283 if (!tb[NL80211_ATTR_STA_INFO] ||
1284 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
1285 tb[NL80211_ATTR_STA_INFO], policy))
1286 return NL_SKIP;
1287 if (!sinfo[NL80211_STA_INFO_SIGNAL])
1288 return NL_SKIP;
1290 sig_change->current_signal =
1291 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
1293 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) {
1294 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX,
1295 sinfo[NL80211_STA_INFO_TX_BITRATE],
1296 rate_policy)) {
1297 sig_change->current_txrate = 0;
1298 } else {
1299 if (rinfo[NL80211_RATE_INFO_BITRATE]) {
1300 sig_change->current_txrate =
1301 nla_get_u16(rinfo[
1302 NL80211_RATE_INFO_BITRATE]) * 100;
1303 }
1304 }
1305 }
1307 return NL_SKIP;
1308 }
1311 static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
1312 struct wpa_signal_info *sig)
1313 {
1314 struct nl_msg *msg;
1316 sig->current_signal = -9999;
1317 sig->current_txrate = 0;
1319 msg = nlmsg_alloc();
1320 if (!msg)
1321 return -ENOMEM;
1323 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION);
1325 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1326 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
1328 return send_and_recv_msgs(drv, msg, get_link_signal, sig);
1329 nla_put_failure:
1330 return -ENOBUFS;
1331 }
1334 static int get_link_noise(struct nl_msg *msg, void *arg)
1335 {
1336 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1337 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1338 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1339 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1340 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1341 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1342 };
1343 struct wpa_signal_info *sig_change = arg;
1345 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1346 genlmsg_attrlen(gnlh, 0), NULL);
1348 if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1349 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
1350 return NL_SKIP;
1351 }
1353 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1354 tb[NL80211_ATTR_SURVEY_INFO],
1355 survey_policy)) {
1356 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
1357 "attributes!");
1358 return NL_SKIP;
1359 }
1361 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1362 return NL_SKIP;
1364 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1365 sig_change->frequency)
1366 return NL_SKIP;
1368 if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1369 return NL_SKIP;
1371 sig_change->current_noise =
1372 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1374 return NL_SKIP;
1375 }
1378 static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
1379 struct wpa_signal_info *sig_change)
1380 {
1381 struct nl_msg *msg;
1383 sig_change->current_noise = 9999;
1384 sig_change->frequency = drv->assoc_freq;
1386 msg = nlmsg_alloc();
1387 if (!msg)
1388 return -ENOMEM;
1390 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
1392 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1394 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change);
1395 nla_put_failure:
1396 return -ENOBUFS;
1397 }
1400 static int get_noise_for_scan_results(struct nl_msg *msg, void *arg)
1401 {
1402 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1403 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1404 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1405 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1406 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1407 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1408 };
1409 struct wpa_scan_results *scan_results = arg;
1410 struct wpa_scan_res *scan_res;
1411 size_t i;
1413 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1414 genlmsg_attrlen(gnlh, 0), NULL);
1416 if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1417 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing");
1418 return NL_SKIP;
1419 }
1421 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1422 tb[NL80211_ATTR_SURVEY_INFO],
1423 survey_policy)) {
1424 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested "
1425 "attributes");
1426 return NL_SKIP;
1427 }
1429 if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1430 return NL_SKIP;
1432 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1433 return NL_SKIP;
1435 for (i = 0; i < scan_results->num; ++i) {
1436 scan_res = scan_results->res[i];
1437 if (!scan_res)
1438 continue;
1439 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1440 scan_res->freq)
1441 continue;
1442 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID))
1443 continue;
1444 scan_res->noise = (s8)
1445 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1446 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID;
1447 }
1449 return NL_SKIP;
1450 }
1453 static int nl80211_get_noise_for_scan_results(
1454 struct wpa_driver_nl80211_data *drv,
1455 struct wpa_scan_results *scan_res)
1456 {
1457 struct nl_msg *msg;
1459 msg = nlmsg_alloc();
1460 if (!msg)
1461 return -ENOMEM;
1463 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
1465 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1467 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results,
1468 scan_res);
1469 nla_put_failure:
1470 return -ENOBUFS;
1471 }
1474 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv,
1475 struct nlattr *tb[])
1476 {
1477 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
1478 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
1479 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 },
1480 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
1481 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 },
1482 };
1483 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1];
1484 enum nl80211_cqm_rssi_threshold_event event;
1485 union wpa_event_data ed;
1486 struct wpa_signal_info sig;
1487 int res;
1489 if (tb[NL80211_ATTR_CQM] == NULL ||
1490 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM],
1491 cqm_policy)) {
1492 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event");
1493 return;
1494 }
1496 os_memset(&ed, 0, sizeof(ed));
1498 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) {
1499 if (!tb[NL80211_ATTR_MAC])
1500 return;
1501 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]),
1502 ETH_ALEN);
1503 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed);
1504 return;
1505 }
1507 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL)
1508 return;
1509 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]);
1511 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) {
1512 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1513 "event: RSSI high");
1514 ed.signal_change.above_threshold = 1;
1515 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) {
1516 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1517 "event: RSSI low");
1518 ed.signal_change.above_threshold = 0;
1519 } else
1520 return;
1522 res = nl80211_get_link_signal(drv, &sig);
1523 if (res == 0) {
1524 ed.signal_change.current_signal = sig.current_signal;
1525 ed.signal_change.current_txrate = sig.current_txrate;
1526 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d",
1527 sig.current_signal, sig.current_txrate);
1528 }
1530 res = nl80211_get_link_noise(drv, &sig);
1531 if (res == 0) {
1532 ed.signal_change.current_noise = sig.current_noise;
1533 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm",
1534 sig.current_noise);
1535 }
1537 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed);
1538 }
1541 static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv,
1542 struct nlattr **tb)
1543 {
1544 u8 *addr;
1545 union wpa_event_data data;
1547 if (tb[NL80211_ATTR_MAC] == NULL)
1548 return;
1549 addr = nla_data(tb[NL80211_ATTR_MAC]);
1550 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr));
1552 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
1553 u8 *ies = NULL;
1554 size_t ies_len = 0;
1555 if (tb[NL80211_ATTR_IE]) {
1556 ies = nla_data(tb[NL80211_ATTR_IE]);
1557 ies_len = nla_len(tb[NL80211_ATTR_IE]);
1558 }
1559 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len);
1560 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0);
1561 return;
1562 }
1564 if (drv->nlmode != NL80211_IFTYPE_ADHOC)
1565 return;
1567 os_memset(&data, 0, sizeof(data));
1568 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN);
1569 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data);
1570 }
1573 static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv,
1574 struct nlattr **tb)
1575 {
1576 u8 *addr;
1577 union wpa_event_data data;
1579 if (tb[NL80211_ATTR_MAC] == NULL)
1580 return;
1581 addr = nla_data(tb[NL80211_ATTR_MAC]);
1582 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR,
1583 MAC2STR(addr));
1585 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
1586 drv_event_disassoc(drv->ctx, addr);
1587 return;
1588 }
1590 if (drv->nlmode != NL80211_IFTYPE_ADHOC)
1591 return;
1593 os_memset(&data, 0, sizeof(data));
1594 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN);
1595 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data);
1596 }
1599 static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv,
1600 struct nlattr **tb)
1601 {
1602 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA];
1603 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = {
1604 [NL80211_REKEY_DATA_KEK] = {
1605 .minlen = NL80211_KEK_LEN,
1606 .maxlen = NL80211_KEK_LEN,
1607 },
1608 [NL80211_REKEY_DATA_KCK] = {
1609 .minlen = NL80211_KCK_LEN,
1610 .maxlen = NL80211_KCK_LEN,
1611 },
1612 [NL80211_REKEY_DATA_REPLAY_CTR] = {
1613 .minlen = NL80211_REPLAY_CTR_LEN,
1614 .maxlen = NL80211_REPLAY_CTR_LEN,
1615 },
1616 };
1617 union wpa_event_data data;
1619 if (!tb[NL80211_ATTR_MAC])
1620 return;
1621 if (!tb[NL80211_ATTR_REKEY_DATA])
1622 return;
1623 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA,
1624 tb[NL80211_ATTR_REKEY_DATA], rekey_policy))
1625 return;
1626 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR])
1627 return;
1629 os_memset(&data, 0, sizeof(data));
1630 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]);
1631 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR,
1632 MAC2STR(data.driver_gtk_rekey.bssid));
1633 data.driver_gtk_rekey.replay_ctr =
1634 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]);
1635 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter",
1636 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN);
1637 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data);
1638 }
1641 static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv,
1642 struct nlattr **tb)
1643 {
1644 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE];
1645 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = {
1646 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 },
1647 [NL80211_PMKSA_CANDIDATE_BSSID] = {
1648 .minlen = ETH_ALEN,
1649 .maxlen = ETH_ALEN,
1650 },
1651 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG },
1652 };
1653 union wpa_event_data data;
1655 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE])
1656 return;
1657 if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE,
1658 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy))
1659 return;
1660 if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] ||
1661 !cand[NL80211_PMKSA_CANDIDATE_BSSID])
1662 return;
1664 os_memset(&data, 0, sizeof(data));
1665 os_memcpy(data.pmkid_candidate.bssid,
1666 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN);
1667 data.pmkid_candidate.index =
1668 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]);
1669 data.pmkid_candidate.preauth =
1670 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL;
1671 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
1672 }
1675 static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv,
1676 struct nlattr **tb)
1677 {
1678 union wpa_event_data data;
1680 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK])
1681 return;
1683 os_memset(&data, 0, sizeof(data));
1684 os_memcpy(data.client_poll.addr,
1685 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
1687 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data);
1688 }
1691 static int process_event(struct nl_msg *msg, void *arg)
1692 {
1693 struct wpa_driver_nl80211_data *drv = arg;
1694 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1695 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1697 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1698 genlmsg_attrlen(gnlh, 0), NULL);
1700 if (tb[NL80211_ATTR_IFINDEX]) {
1701 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1702 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) {
1703 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)"
1704 " for foreign interface (ifindex %d)",
1705 gnlh->cmd, ifindex);
1706 return NL_SKIP;
1707 }
1708 }
1710 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED &&
1711 (gnlh->cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
1712 gnlh->cmd == NL80211_CMD_SCAN_ABORTED)) {
1713 wpa_driver_nl80211_set_mode(&drv->first_bss,
1714 drv->ap_scan_as_station);
1715 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
1716 }
1718 switch (gnlh->cmd) {
1719 case NL80211_CMD_TRIGGER_SCAN:
1720 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger");
1721 break;
1722 case NL80211_CMD_START_SCHED_SCAN:
1723 wpa_printf(MSG_DEBUG, "nl80211: Sched scan started");
1724 break;
1725 case NL80211_CMD_SCHED_SCAN_STOPPED:
1726 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stopped");
1727 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL);
1728 break;
1729 case NL80211_CMD_NEW_SCAN_RESULTS:
1730 wpa_printf(MSG_DEBUG, "nl80211: New scan results available");
1731 drv->scan_complete_events = 1;
1732 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
1733 drv->ctx);
1734 send_scan_event(drv, 0, tb);
1735 break;
1736 case NL80211_CMD_SCHED_SCAN_RESULTS:
1737 wpa_printf(MSG_DEBUG,
1738 "nl80211: New sched scan results available");
1739 send_scan_event(drv, 0, tb);
1740 break;
1741 case NL80211_CMD_SCAN_ABORTED:
1742 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted");
1743 /*
1744 * Need to indicate that scan results are available in order
1745 * not to make wpa_supplicant stop its scanning.
1746 */
1747 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
1748 drv->ctx);
1749 send_scan_event(drv, 1, tb);
1750 break;
1751 case NL80211_CMD_AUTHENTICATE:
1752 case NL80211_CMD_ASSOCIATE:
1753 case NL80211_CMD_DEAUTHENTICATE:
1754 case NL80211_CMD_DISASSOCIATE:
1755 case NL80211_CMD_FRAME:
1756 case NL80211_CMD_FRAME_TX_STATUS:
1757 case NL80211_CMD_UNPROT_DEAUTHENTICATE:
1758 case NL80211_CMD_UNPROT_DISASSOCIATE:
1759 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME],
1760 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
1761 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
1762 tb[NL80211_ATTR_COOKIE]);
1763 break;
1764 case NL80211_CMD_CONNECT:
1765 case NL80211_CMD_ROAM:
1766 mlme_event_connect(drv, gnlh->cmd,
1767 tb[NL80211_ATTR_STATUS_CODE],
1768 tb[NL80211_ATTR_MAC],
1769 tb[NL80211_ATTR_REQ_IE],
1770 tb[NL80211_ATTR_RESP_IE]);
1771 break;
1772 case NL80211_CMD_DISCONNECT:
1773 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE],
1774 tb[NL80211_ATTR_MAC]);
1775 break;
1776 case NL80211_CMD_MICHAEL_MIC_FAILURE:
1777 mlme_event_michael_mic_failure(drv, tb);
1778 break;
1779 case NL80211_CMD_JOIN_IBSS:
1780 mlme_event_join_ibss(drv, tb);
1781 break;
1782 case NL80211_CMD_REMAIN_ON_CHANNEL:
1783 mlme_event_remain_on_channel(drv, 0, tb);
1784 break;
1785 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL:
1786 mlme_event_remain_on_channel(drv, 1, tb);
1787 break;
1788 case NL80211_CMD_NOTIFY_CQM:
1789 nl80211_cqm_event(drv, tb);
1790 break;
1791 case NL80211_CMD_REG_CHANGE:
1792 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change");
1793 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
1794 NULL);
1795 break;
1796 case NL80211_CMD_REG_BEACON_HINT:
1797 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
1798 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
1799 NULL);
1800 break;
1801 case NL80211_CMD_NEW_STATION:
1802 nl80211_new_station_event(drv, tb);
1803 break;
1804 case NL80211_CMD_DEL_STATION:
1805 nl80211_del_station_event(drv, tb);
1806 break;
1807 case NL80211_CMD_SET_REKEY_OFFLOAD:
1808 nl80211_rekey_offload_event(drv, tb);
1809 break;
1810 case NL80211_CMD_PMKSA_CANDIDATE:
1811 nl80211_pmksa_candidate_event(drv, tb);
1812 break;
1813 case NL80211_CMD_PROBE_CLIENT:
1814 nl80211_client_probe_event(drv, tb);
1815 break;
1816 default:
1817 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
1818 "(cmd=%d)", gnlh->cmd);
1819 break;
1820 }
1822 return NL_SKIP;
1823 }
1826 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
1827 void *handle)
1828 {
1829 struct nl_cb *cb;
1830 struct wpa_driver_nl80211_data *drv = eloop_ctx;
1832 wpa_printf(MSG_DEBUG, "nl80211: Event message available");
1834 cb = nl_cb_clone(drv->global->nl_cb);
1835 if (!cb)
1836 return;
1837 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
1838 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv);
1839 nl_recvmsgs(handle, cb);
1840 nl_cb_put(cb);
1841 }
1844 /**
1845 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
1846 * @priv: driver_nl80211 private data
1847 * @alpha2_arg: country to which to switch to
1848 * Returns: 0 on success, -1 on failure
1849 *
1850 * This asks nl80211 to set the regulatory domain for given
1851 * country ISO / IEC alpha2.
1852 */
1853 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
1854 {
1855 struct i802_bss *bss = priv;
1856 struct wpa_driver_nl80211_data *drv = bss->drv;
1857 char alpha2[3];
1858 struct nl_msg *msg;
1860 msg = nlmsg_alloc();
1861 if (!msg)
1862 return -ENOMEM;
1864 alpha2[0] = alpha2_arg[0];
1865 alpha2[1] = alpha2_arg[1];
1866 alpha2[2] = '\0';
1868 nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG);
1870 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
1871 if (send_and_recv_msgs(drv, msg, NULL, NULL))
1872 return -EINVAL;
1873 return 0;
1874 nla_put_failure:
1875 return -EINVAL;
1876 }
1879 struct wiphy_info_data {
1880 struct wpa_driver_capa *capa;
1882 unsigned int error:1;
1883 unsigned int device_ap_sme:1;
1884 unsigned int poll_command_supported:1;
1885 };
1888 static int wiphy_info_handler(struct nl_msg *msg, void *arg)
1889 {
1890 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1891 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1892 struct wiphy_info_data *info = arg;
1893 int p2p_go_supported = 0, p2p_client_supported = 0;
1894 int p2p_concurrent = 0;
1895 int auth_supported = 0, connect_supported = 0;
1896 struct wpa_driver_capa *capa = info->capa;
1897 static struct nla_policy
1898 iface_combination_policy[NUM_NL80211_IFACE_COMB] = {
1899 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED },
1900 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 },
1901 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG },
1902 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 },
1903 },
1904 iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = {
1905 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED },
1906 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 },
1907 };
1909 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1910 genlmsg_attrlen(gnlh, 0), NULL);
1912 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
1913 capa->max_scan_ssids =
1914 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
1916 if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS])
1917 capa->max_sched_scan_ssids =
1918 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]);
1920 if (tb[NL80211_ATTR_MAX_MATCH_SETS])
1921 capa->max_match_sets =
1922 nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]);
1924 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) {
1925 struct nlattr *nl_mode;
1926 int i;
1927 nla_for_each_nested(nl_mode,
1928 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) {
1929 switch (nla_type(nl_mode)) {
1930 case NL80211_IFTYPE_AP:
1931 capa->flags |= WPA_DRIVER_FLAGS_AP;
1932 break;
1933 case NL80211_IFTYPE_P2P_GO:
1934 p2p_go_supported = 1;
1935 break;
1936 case NL80211_IFTYPE_P2P_CLIENT:
1937 p2p_client_supported = 1;
1938 break;
1939 }
1940 }
1941 }
1943 if (tb[NL80211_ATTR_INTERFACE_COMBINATIONS]) {
1944 struct nlattr *nl_combi;
1945 int rem_combi;
1947 nla_for_each_nested(nl_combi,
1948 tb[NL80211_ATTR_INTERFACE_COMBINATIONS],
1949 rem_combi) {
1950 struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB];
1951 struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT];
1952 struct nlattr *nl_limit, *nl_mode;
1953 int err, rem_limit, rem_mode;
1954 int combination_has_p2p = 0, combination_has_mgd = 0;
1956 err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB,
1957 nl_combi,
1958 iface_combination_policy);
1959 if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] ||
1960 !tb_comb[NL80211_IFACE_COMB_MAXNUM] ||
1961 !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS])
1962 goto broken_combination;
1964 nla_for_each_nested(nl_limit,
1965 tb_comb[NL80211_IFACE_COMB_LIMITS],
1966 rem_limit) {
1967 err = nla_parse_nested(tb_limit,
1968 MAX_NL80211_IFACE_LIMIT,
1969 nl_limit,
1970 iface_limit_policy);
1971 if (err ||
1972 !tb_limit[NL80211_IFACE_LIMIT_TYPES])
1973 goto broken_combination;
1975 nla_for_each_nested(
1976 nl_mode,
1977 tb_limit[NL80211_IFACE_LIMIT_TYPES],
1978 rem_mode) {
1979 int ift = nla_type(nl_mode);
1980 if (ift == NL80211_IFTYPE_P2P_GO ||
1981 ift == NL80211_IFTYPE_P2P_CLIENT)
1982 combination_has_p2p = 1;
1983 if (ift == NL80211_IFTYPE_STATION)
1984 combination_has_mgd = 1;
1985 }
1986 if (combination_has_p2p && combination_has_mgd)
1987 break;
1988 }
1990 if (combination_has_p2p && combination_has_mgd) {
1991 p2p_concurrent = 1;
1992 break;
1993 }
1995 broken_combination:
1996 ;
1997 }
1998 }
2000 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) {
2001 struct nlattr *nl_cmd;
2002 int i;
2004 nla_for_each_nested(nl_cmd,
2005 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) {
2006 switch (nla_get_u32(nl_cmd)) {
2007 case NL80211_CMD_AUTHENTICATE:
2008 auth_supported = 1;
2009 break;
2010 case NL80211_CMD_CONNECT:
2011 connect_supported = 1;
2012 break;
2013 case NL80211_CMD_START_SCHED_SCAN:
2014 capa->sched_scan_supported = 1;
2015 break;
2016 case NL80211_CMD_PROBE_CLIENT:
2017 info->poll_command_supported = 1;
2018 break;
2019 }
2020 }
2021 }
2023 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) {
2024 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based "
2025 "off-channel TX");
2026 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
2027 }
2029 if (tb[NL80211_ATTR_ROAM_SUPPORT]) {
2030 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming");
2031 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION;
2032 }
2034 /* default to 5000 since early versions of mac80211 don't set it */
2035 capa->max_remain_on_chan = 5000;
2037 if (tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION])
2038 capa->max_remain_on_chan =
2039 nla_get_u32(tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]);
2041 if (auth_supported)
2042 capa->flags |= WPA_DRIVER_FLAGS_SME;
2043 else if (!connect_supported) {
2044 wpa_printf(MSG_INFO, "nl80211: Driver does not support "
2045 "authentication/association or connect commands");
2046 info->error = 1;
2047 }
2049 if (p2p_go_supported && p2p_client_supported)
2050 capa->flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE;
2051 if (p2p_concurrent) {
2052 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
2053 "interface (driver advertised support)");
2054 capa->flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
2055 capa->flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
2056 }
2058 if (tb[NL80211_ATTR_TDLS_SUPPORT]) {
2059 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported");
2060 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT;
2062 if (tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]) {
2063 wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup");
2064 capa->flags |=
2065 WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP;
2066 }
2067 }
2069 if (tb[NL80211_ATTR_DEVICE_AP_SME])
2070 info->device_ap_sme = 1;
2072 return NL_SKIP;
2073 }
2076 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
2077 struct wiphy_info_data *info)
2078 {
2079 struct nl_msg *msg;
2081 os_memset(info, 0, sizeof(*info));
2082 info->capa = &drv->capa;
2084 msg = nlmsg_alloc();
2085 if (!msg)
2086 return -1;
2088 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY);
2090 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex);
2092 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0)
2093 return 0;
2094 msg = NULL;
2095 nla_put_failure:
2096 nlmsg_free(msg);
2097 return -1;
2098 }
2101 static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
2102 {
2103 struct wiphy_info_data info;
2104 if (wpa_driver_nl80211_get_info(drv, &info))
2105 return -1;
2107 if (info.error)
2108 return -1;
2110 drv->has_capability = 1;
2111 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
2112 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
2113 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
2114 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
2115 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
2116 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
2117 WPA_DRIVER_CAPA_ENC_WEP104 |
2118 WPA_DRIVER_CAPA_ENC_TKIP |
2119 WPA_DRIVER_CAPA_ENC_CCMP;
2120 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
2121 WPA_DRIVER_AUTH_SHARED |
2122 WPA_DRIVER_AUTH_LEAP;
2124 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES;
2125 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE;
2126 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
2127 drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS;
2129 drv->device_ap_sme = info.device_ap_sme;
2130 drv->poll_command_supported = info.poll_command_supported;
2132 return 0;
2133 }
2136 static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
2137 {
2138 global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
2139 if (global->nl_cb == NULL) {
2140 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
2141 "callbacks");
2142 return -1;
2143 }
2145 if (nl_create_handles(&global->nl, global->nl_cb, "nl"))
2146 return -1;
2148 global->nl80211_id = genl_ctrl_resolve(global->nl.handle, "nl80211");
2149 if (global->nl80211_id < 0) {
2150 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
2151 "found");
2152 return -1;
2153 }
2155 return 0;
2156 }
2159 static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv)
2160 {
2161 struct nl80211_global *global = drv->global;
2162 int ret;
2164 /* Initialize generic netlink and nl80211 */
2166 if (nl_create_handles(&drv->nl_event, global->nl_cb, "event"))
2167 goto err3;
2169 ret = nl_get_multicast_id(drv, "nl80211", "scan");
2170 if (ret >= 0)
2171 ret = nl_socket_add_membership(drv->nl_event.handle, ret);
2172 if (ret < 0) {
2173 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
2174 "membership for scan events: %d (%s)",
2175 ret, strerror(-ret));
2176 goto err4;
2177 }
2179 ret = nl_get_multicast_id(drv, "nl80211", "mlme");
2180 if (ret >= 0)
2181 ret = nl_socket_add_membership(drv->nl_event.handle, ret);
2182 if (ret < 0) {
2183 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
2184 "membership for mlme events: %d (%s)",
2185 ret, strerror(-ret));
2186 goto err4;
2187 }
2189 ret = nl_get_multicast_id(drv, "nl80211", "regulatory");
2190 if (ret >= 0)
2191 ret = nl_socket_add_membership(drv->nl_event.handle, ret);
2192 if (ret < 0) {
2193 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
2194 "membership for regulatory events: %d (%s)",
2195 ret, strerror(-ret));
2196 /* Continue without regulatory events */
2197 }
2199 eloop_register_read_sock(nl_socket_get_fd(drv->nl_event.handle),
2200 wpa_driver_nl80211_event_receive, drv,
2201 drv->nl_event.handle);
2203 return 0;
2205 err4:
2206 nl_destroy_handles(&drv->nl_event);
2207 err3:
2208 return -1;
2209 }
2212 static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
2213 {
2214 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
2215 /*
2216 * This may be for any interface; use ifdown event to disable
2217 * interface.
2218 */
2219 }
2222 static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
2223 {
2224 struct wpa_driver_nl80211_data *drv = ctx;
2225 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
2226 if (linux_set_iface_flags(drv->global->ioctl_sock,
2227 drv->first_bss.ifname, 1)) {
2228 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
2229 "after rfkill unblock");
2230 return;
2231 }
2232 /* rtnetlink ifup handler will report interface as enabled */
2233 }
2236 static void nl80211_get_phy_name(struct wpa_driver_nl80211_data *drv)
2237 {
2238 /* Find phy (radio) to which this interface belongs */
2239 char buf[90], *pos;
2240 int f, rv;
2242 drv->phyname[0] = '\0';
2243 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name",
2244 drv->first_bss.ifname);
2245 f = open(buf, O_RDONLY);
2246 if (f < 0) {
2247 wpa_printf(MSG_DEBUG, "Could not open file %s: %s",
2248 buf, strerror(errno));
2249 return;
2250 }
2252 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1);
2253 close(f);
2254 if (rv < 0) {
2255 wpa_printf(MSG_DEBUG, "Could not read file %s: %s",
2256 buf, strerror(errno));
2257 return;
2258 }
2260 drv->phyname[rv] = '\0';
2261 pos = os_strchr(drv->phyname, '\n');
2262 if (pos)
2263 *pos = '\0';
2264 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s",
2265 drv->first_bss.ifname, drv->phyname);
2266 }
2269 /**
2270 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
2271 * @ctx: context to be used when calling wpa_supplicant functions,
2272 * e.g., wpa_supplicant_event()
2273 * @ifname: interface name, e.g., wlan0
2274 * @global_priv: private driver global data from global_init()
2275 * Returns: Pointer to private data, %NULL on failure
2276 */
2277 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
2278 void *global_priv)
2279 {
2280 struct wpa_driver_nl80211_data *drv;
2281 struct rfkill_config *rcfg;
2282 struct i802_bss *bss;
2284 if (global_priv == NULL)
2285 return NULL;
2286 drv = os_zalloc(sizeof(*drv));
2287 if (drv == NULL)
2288 return NULL;
2289 drv->global = global_priv;
2290 drv->ctx = ctx;
2291 bss = &drv->first_bss;
2292 bss->drv = drv;
2293 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
2294 drv->monitor_ifidx = -1;
2295 drv->monitor_sock = -1;
2296 #ifdef CONFIG_AP
2297 drv->eapol_tx_sock = -1;
2298 #endif /* CONFIG_AP */
2299 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
2301 if (wpa_driver_nl80211_init_nl(drv)) {
2302 os_free(drv);
2303 return NULL;
2304 }
2306 nl80211_get_phy_name(drv);
2308 rcfg = os_zalloc(sizeof(*rcfg));
2309 if (rcfg == NULL)
2310 goto failed;
2311 rcfg->ctx = drv;
2312 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
2313 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
2314 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
2315 drv->rfkill = rfkill_init(rcfg);
2316 if (drv->rfkill == NULL) {
2317 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
2318 os_free(rcfg);
2319 }
2321 if (wpa_driver_nl80211_finish_drv_init(drv))
2322 goto failed;
2324 #ifdef CONFIG_AP
2325 drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
2326 #endif /* CONFIG_AP */
2328 if (drv->global) {
2329 dl_list_add(&drv->global->interfaces, &drv->list);
2330 drv->in_interface_list = 1;
2331 }
2333 return bss;
2335 failed:
2336 wpa_driver_nl80211_deinit(bss);
2337 return NULL;
2338 }
2341 static int nl80211_register_frame(struct wpa_driver_nl80211_data *drv,
2342 struct nl_handle *nl_handle,
2343 u16 type, const u8 *match, size_t match_len)
2344 {
2345 struct nl_msg *msg;
2346 int ret = -1;
2348 msg = nlmsg_alloc();
2349 if (!msg)
2350 return -1;
2352 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION);
2354 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2355 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type);
2356 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match);
2358 ret = send_and_recv(drv, nl_handle, msg, NULL, NULL);
2359 msg = NULL;
2360 if (ret) {
2361 wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
2362 "failed (type=%u): ret=%d (%s)",
2363 type, ret, strerror(-ret));
2364 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
2365 match, match_len);
2366 goto nla_put_failure;
2367 }
2368 ret = 0;
2369 nla_put_failure:
2370 nlmsg_free(msg);
2371 return ret;
2372 }
2375 static int nl80211_register_action_frame(struct wpa_driver_nl80211_data *drv,
2376 const u8 *match, size_t match_len)
2377 {
2378 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
2379 return nl80211_register_frame(drv, drv->nl_event.handle,
2380 type, match, match_len);
2381 }
2384 static int nl80211_register_action_frames(struct wpa_driver_nl80211_data *drv)
2385 {
2386 #if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING)
2387 /* GAS Initial Request */
2388 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0a", 2) < 0)
2389 return -1;
2390 /* GAS Initial Response */
2391 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0b", 2) < 0)
2392 return -1;
2393 /* GAS Comeback Request */
2394 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0c", 2) < 0)
2395 return -1;
2396 /* GAS Comeback Response */
2397 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0d", 2) < 0)
2398 return -1;
2399 #endif /* CONFIG_P2P || CONFIG_INTERWORKING */
2400 #ifdef CONFIG_P2P
2401 /* P2P Public Action */
2402 if (nl80211_register_action_frame(drv,
2403 (u8 *) "\x04\x09\x50\x6f\x9a\x09",
2404 6) < 0)
2405 return -1;
2406 /* P2P Action */
2407 if (nl80211_register_action_frame(drv,
2408 (u8 *) "\x7f\x50\x6f\x9a\x09",
2409 5) < 0)
2410 return -1;
2411 #endif /* CONFIG_P2P */
2412 #ifdef CONFIG_IEEE80211W
2413 /* SA Query Response */
2414 if (nl80211_register_action_frame(drv, (u8 *) "\x08\x01", 2) < 0)
2415 return -1;
2416 #endif /* CONFIG_IEEE80211W */
2417 #ifdef CONFIG_TDLS
2418 if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) {
2419 /* TDLS Discovery Response */
2420 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0e", 2) <
2421 0)
2422 return -1;
2423 }
2424 #endif /* CONFIG_TDLS */
2426 /* FT Action frames */
2427 if (nl80211_register_action_frame(drv, (u8 *) "\x06", 1) < 0)
2428 return -1;
2429 else
2430 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
2431 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
2433 /* WNM - BSS Transition Management Request */
2434 if (nl80211_register_action_frame(drv, (u8 *) "\x0a\x07", 2) < 0)
2435 return -1;
2437 return 0;
2438 }
2441 static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
2442 {
2443 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
2444 }
2447 static int
2448 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
2449 {
2450 struct i802_bss *bss = &drv->first_bss;
2451 int send_rfkill_event = 0;
2453 drv->ifindex = if_nametoindex(bss->ifname);
2454 drv->first_bss.ifindex = drv->ifindex;
2456 #ifndef HOSTAPD
2457 /*
2458 * Make sure the interface starts up in station mode unless this is a
2459 * dynamically added interface (e.g., P2P) that was already configured
2460 * with proper iftype.
2461 */
2462 if (drv->ifindex != drv->global->if_add_ifindex &&
2463 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION) < 0) {
2464 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver to "
2465 "use managed mode");
2466 return -1;
2467 }
2469 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) {
2470 if (rfkill_is_blocked(drv->rfkill)) {
2471 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
2472 "interface '%s' due to rfkill",
2473 bss->ifname);
2474 drv->if_disabled = 1;
2475 send_rfkill_event = 1;
2476 } else {
2477 wpa_printf(MSG_ERROR, "nl80211: Could not set "
2478 "interface '%s' UP", bss->ifname);
2479 return -1;
2480 }
2481 }
2483 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
2484 1, IF_OPER_DORMANT);
2485 #endif /* HOSTAPD */
2487 if (wpa_driver_nl80211_capa(drv))
2488 return -1;
2490 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
2491 drv->addr))
2492 return -1;
2494 if (nl80211_register_action_frames(drv) < 0) {
2495 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
2496 "frame processing - ignore for now");
2497 /*
2498 * Older kernel versions did not support this, so ignore the
2499 * error for now. Some functionality may not be available
2500 * because of this.
2501 */
2502 }
2504 if (send_rfkill_event) {
2505 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
2506 drv, drv->ctx);
2507 }
2509 return 0;
2510 }
2513 static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
2514 {
2515 struct nl_msg *msg;
2517 msg = nlmsg_alloc();
2518 if (!msg)
2519 return -ENOMEM;
2521 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON);
2522 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2524 return send_and_recv_msgs(drv, msg, NULL, NULL);
2525 nla_put_failure:
2526 return -ENOBUFS;
2527 }
2530 /**
2531 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
2532 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init()
2533 *
2534 * Shut down driver interface and processing of driver events. Free
2535 * private data buffer if one was allocated in wpa_driver_nl80211_init().
2536 */
2537 static void wpa_driver_nl80211_deinit(void *priv)
2538 {
2539 struct i802_bss *bss = priv;
2540 struct wpa_driver_nl80211_data *drv = bss->drv;
2542 #ifdef CONFIG_AP
2543 if (drv->eapol_tx_sock >= 0)
2544 close(drv->eapol_tx_sock);
2545 #endif /* CONFIG_AP */
2547 if (bss->nl_preq.handle)
2548 wpa_driver_nl80211_probe_req_report(bss, 0);
2549 if (bss->added_if_into_bridge) {
2550 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
2551 bss->ifname) < 0)
2552 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
2553 "interface %s from bridge %s: %s",
2554 bss->ifname, bss->brname, strerror(errno));
2555 }
2556 if (bss->added_bridge) {
2557 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
2558 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
2559 "bridge %s: %s",
2560 bss->brname, strerror(errno));
2561 }
2563 nl80211_remove_monitor_interface(drv);
2565 if (is_ap_interface(drv->nlmode))
2566 wpa_driver_nl80211_del_beacon(drv);
2568 #ifdef HOSTAPD
2569 if (drv->last_freq_ht) {
2570 /* Clear HT flags from the driver */
2571 struct hostapd_freq_params freq;
2572 os_memset(&freq, 0, sizeof(freq));
2573 freq.freq = drv->last_freq;
2574 i802_set_freq(priv, &freq);
2575 }
2577 if (drv->eapol_sock >= 0) {
2578 eloop_unregister_read_sock(drv->eapol_sock);
2579 close(drv->eapol_sock);
2580 }
2582 if (drv->if_indices != drv->default_if_indices)
2583 os_free(drv->if_indices);
2584 #endif /* HOSTAPD */
2586 if (drv->disabled_11b_rates)
2587 nl80211_disable_11b_rates(drv, drv->ifindex, 0);
2589 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0,
2590 IF_OPER_UP);
2591 rfkill_deinit(drv->rfkill);
2593 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
2595 (void) linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0);
2596 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION);
2598 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_event.handle));
2599 nl_destroy_handles(&drv->nl_event);
2601 os_free(drv->filter_ssids);
2603 if (drv->in_interface_list)
2604 dl_list_del(&drv->list);
2606 os_free(drv);
2607 }
2610 /**
2611 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
2612 * @eloop_ctx: Driver private data
2613 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
2614 *
2615 * This function can be used as registered timeout when starting a scan to
2616 * generate a scan completed event if the driver does not report this.
2617 */
2618 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
2619 {
2620 struct wpa_driver_nl80211_data *drv = eloop_ctx;
2621 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) {
2622 wpa_driver_nl80211_set_mode(&drv->first_bss,
2623 drv->ap_scan_as_station);
2624 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
2625 }
2626 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
2627 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
2628 }
2631 /**
2632 * wpa_driver_nl80211_scan - Request the driver to initiate scan
2633 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
2634 * @params: Scan parameters
2635 * Returns: 0 on success, -1 on failure
2636 */
2637 static int wpa_driver_nl80211_scan(void *priv,
2638 struct wpa_driver_scan_params *params)
2639 {
2640 struct i802_bss *bss = priv;
2641 struct wpa_driver_nl80211_data *drv = bss->drv;
2642 int ret = 0, timeout;
2643 struct nl_msg *msg, *ssids, *freqs, *rates;
2644 size_t i;
2646 msg = nlmsg_alloc();
2647 ssids = nlmsg_alloc();
2648 freqs = nlmsg_alloc();
2649 rates = nlmsg_alloc();
2650 if (!msg || !ssids || !freqs || !rates) {
2651 nlmsg_free(msg);
2652 nlmsg_free(ssids);
2653 nlmsg_free(freqs);
2654 nlmsg_free(rates);
2655 return -1;
2656 }
2658 os_free(drv->filter_ssids);
2659 drv->filter_ssids = params->filter_ssids;
2660 params->filter_ssids = NULL;
2661 drv->num_filter_ssids = params->num_filter_ssids;
2663 nl80211_cmd(drv, msg, 0, NL80211_CMD_TRIGGER_SCAN);
2665 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2667 for (i = 0; i < params->num_ssids; i++) {
2668 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID",
2669 params->ssids[i].ssid,
2670 params->ssids[i].ssid_len);
2671 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
2672 params->ssids[i].ssid);
2673 }
2674 if (params->num_ssids)
2675 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
2677 if (params->extra_ies) {
2678 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan extra IEs",
2679 params->extra_ies, params->extra_ies_len);
2680 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
2681 params->extra_ies);
2682 }
2684 if (params->freqs) {
2685 for (i = 0; params->freqs[i]; i++) {
2686 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
2687 "MHz", params->freqs[i]);
2688 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
2689 }
2690 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
2691 }
2693 if (params->p2p_probe) {
2694 /*
2695 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
2696 * by masking out everything else apart from the OFDM rates 6,
2697 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
2698 * rates are left enabled.
2699 */
2700 NLA_PUT(rates, NL80211_BAND_2GHZ, 8,
2701 "\x0c\x12\x18\x24\x30\x48\x60\x6c");
2702 nla_put_nested(msg, NL80211_ATTR_SCAN_SUPP_RATES, rates);
2704 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE);
2705 }
2707 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2708 msg = NULL;
2709 if (ret) {
2710 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
2711 "(%s)", ret, strerror(-ret));
2712 #ifdef HOSTAPD
2713 if (is_ap_interface(drv->nlmode)) {
2714 /*
2715 * mac80211 does not allow scan requests in AP mode, so
2716 * try to do this in station mode.
2717 */
2718 if (wpa_driver_nl80211_set_mode(
2719 bss, NL80211_IFTYPE_STATION))
2720 goto nla_put_failure;
2722 if (wpa_driver_nl80211_scan(drv, params)) {
2723 wpa_driver_nl80211_set_mode(bss, drv->nlmode);
2724 goto nla_put_failure;
2725 }
2727 /* Restore AP mode when processing scan results */
2728 drv->ap_scan_as_station = drv->nlmode;
2729 ret = 0;
2730 } else
2731 goto nla_put_failure;
2732 #else /* HOSTAPD */
2733 goto nla_put_failure;
2734 #endif /* HOSTAPD */
2735 }
2737 /* Not all drivers generate "scan completed" wireless event, so try to
2738 * read results after a timeout. */
2739 timeout = 10;
2740 if (drv->scan_complete_events) {
2741 /*
2742 * The driver seems to deliver events to notify when scan is
2743 * complete, so use longer timeout to avoid race conditions
2744 * with scanning and following association request.
2745 */
2746 timeout = 30;
2747 }
2748 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
2749 "seconds", ret, timeout);
2750 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
2751 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
2752 drv, drv->ctx);
2754 nla_put_failure:
2755 nlmsg_free(ssids);
2756 nlmsg_free(msg);
2757 nlmsg_free(freqs);
2758 nlmsg_free(rates);
2759 return ret;
2760 }
2763 /**
2764 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan
2765 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
2766 * @params: Scan parameters
2767 * @interval: Interval between scan cycles in milliseconds
2768 * Returns: 0 on success, -1 on failure or if not supported
2769 */
2770 static int wpa_driver_nl80211_sched_scan(void *priv,
2771 struct wpa_driver_scan_params *params,
2772 u32 interval)
2773 {
2774 struct i802_bss *bss = priv;
2775 struct wpa_driver_nl80211_data *drv = bss->drv;
2776 int ret = 0;
2777 struct nl_msg *msg, *ssids, *freqs, *match_set_ssid, *match_sets;
2778 size_t i;
2780 msg = nlmsg_alloc();
2781 ssids = nlmsg_alloc();
2782 freqs = nlmsg_alloc();
2783 if (!msg || !ssids || !freqs) {
2784 nlmsg_free(msg);
2785 nlmsg_free(ssids);
2786 nlmsg_free(freqs);
2787 return -1;
2788 }
2790 os_free(drv->filter_ssids);
2791 drv->filter_ssids = params->filter_ssids;
2792 params->filter_ssids = NULL;
2793 drv->num_filter_ssids = params->num_filter_ssids;
2795 nl80211_cmd(drv, msg, 0, NL80211_CMD_START_SCHED_SCAN);
2797 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2799 NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval);
2801 if (drv->num_filter_ssids) {
2802 match_sets = nlmsg_alloc();
2804 for (i = 0; i < drv->num_filter_ssids; i++) {
2805 wpa_hexdump_ascii(MSG_MSGDUMP,
2806 "nl80211: Sched scan filter SSID",
2807 drv->filter_ssids[i].ssid,
2808 drv->filter_ssids[i].ssid_len);
2810 match_set_ssid = nlmsg_alloc();
2811 nla_put(match_set_ssid,
2812 NL80211_ATTR_SCHED_SCAN_MATCH_SSID,
2813 drv->filter_ssids[i].ssid_len,
2814 drv->filter_ssids[i].ssid);
2816 nla_put_nested(match_sets, i + 1, match_set_ssid);
2818 nlmsg_free(match_set_ssid);
2819 }
2821 nla_put_nested(msg, NL80211_ATTR_SCHED_SCAN_MATCH,
2822 match_sets);
2823 nlmsg_free(match_sets);
2824 }
2826 for (i = 0; i < params->num_ssids; i++) {
2827 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Sched scan SSID",
2828 params->ssids[i].ssid,
2829 params->ssids[i].ssid_len);
2830 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
2831 params->ssids[i].ssid);
2832 }
2833 if (params->num_ssids)
2834 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
2836 if (params->extra_ies) {
2837 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Sched scan extra IEs",
2838 params->extra_ies, params->extra_ies_len);
2839 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
2840 params->extra_ies);
2841 }
2843 if (params->freqs) {
2844 for (i = 0; params->freqs[i]; i++) {
2845 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
2846 "MHz", params->freqs[i]);
2847 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
2848 }
2849 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
2850 }
2852 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2854 /* TODO: if we get an error here, we should fall back to normal scan */
2856 msg = NULL;
2857 if (ret) {
2858 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: "
2859 "ret=%d (%s)", ret, strerror(-ret));
2860 goto nla_put_failure;
2861 }
2863 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - "
2864 "scan interval %d msec", ret, interval);
2866 nla_put_failure:
2867 nlmsg_free(ssids);
2868 nlmsg_free(msg);
2869 nlmsg_free(freqs);
2870 return ret;
2871 }
2874 /**
2875 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan
2876 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
2877 * Returns: 0 on success, -1 on failure or if not supported
2878 */
2879 static int wpa_driver_nl80211_stop_sched_scan(void *priv)
2880 {
2881 struct i802_bss *bss = priv;
2882 struct wpa_driver_nl80211_data *drv = bss->drv;
2883 int ret = 0;
2884 struct nl_msg *msg;
2886 msg = nlmsg_alloc();
2887 if (!msg)
2888 return -1;
2890 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN);
2892 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2894 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2895 msg = NULL;
2896 if (ret) {
2897 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: "
2898 "ret=%d (%s)", ret, strerror(-ret));
2899 goto nla_put_failure;
2900 }
2902 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret);
2904 nla_put_failure:
2905 nlmsg_free(msg);
2906 return ret;
2907 }
2910 static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie)
2911 {
2912 const u8 *end, *pos;
2914 if (ies == NULL)
2915 return NULL;
2917 pos = ies;
2918 end = ies + ies_len;
2920 while (pos + 1 < end) {
2921 if (pos + 2 + pos[1] > end)
2922 break;
2923 if (pos[0] == ie)
2924 return pos;
2925 pos += 2 + pos[1];
2926 }
2928 return NULL;
2929 }
2932 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
2933 const u8 *ie, size_t ie_len)
2934 {
2935 const u8 *ssid;
2936 size_t i;
2938 if (drv->filter_ssids == NULL)
2939 return 0;
2941 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID);
2942 if (ssid == NULL)
2943 return 1;
2945 for (i = 0; i < drv->num_filter_ssids; i++) {
2946 if (ssid[1] == drv->filter_ssids[i].ssid_len &&
2947 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
2948 0)
2949 return 0;
2950 }
2952 return 1;
2953 }
2956 static int bss_info_handler(struct nl_msg *msg, void *arg)
2957 {
2958 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2959 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2960 struct nlattr *bss[NL80211_BSS_MAX + 1];
2961 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
2962 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
2963 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
2964 [NL80211_BSS_TSF] = { .type = NLA_U64 },
2965 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
2966 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
2967 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
2968 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
2969 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
2970 [NL80211_BSS_STATUS] = { .type = NLA_U32 },
2971 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
2972 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
2973 };
2974 struct nl80211_bss_info_arg *_arg = arg;
2975 struct wpa_scan_results *res = _arg->res;
2976 struct wpa_scan_res **tmp;
2977 struct wpa_scan_res *r;
2978 const u8 *ie, *beacon_ie;
2979 size_t ie_len, beacon_ie_len;
2980 u8 *pos;
2981 size_t i;
2983 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2984 genlmsg_attrlen(gnlh, 0), NULL);
2985 if (!tb[NL80211_ATTR_BSS])
2986 return NL_SKIP;
2987 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
2988 bss_policy))
2989 return NL_SKIP;
2990 if (bss[NL80211_BSS_STATUS]) {
2991 enum nl80211_bss_status status;
2992 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
2993 if (status == NL80211_BSS_STATUS_ASSOCIATED &&
2994 bss[NL80211_BSS_FREQUENCY]) {
2995 _arg->assoc_freq =
2996 nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
2997 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz",
2998 _arg->assoc_freq);
2999 }
3000 if (status == NL80211_BSS_STATUS_ASSOCIATED &&
3001 bss[NL80211_BSS_BSSID]) {
3002 os_memcpy(_arg->assoc_bssid,
3003 nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN);
3004 wpa_printf(MSG_DEBUG, "nl80211: Associated with "
3005 MACSTR, MAC2STR(_arg->assoc_bssid));
3006 }
3007 }
3008 if (!res)
3009 return NL_SKIP;
3010 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
3011 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
3012 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
3013 } else {
3014 ie = NULL;
3015 ie_len = 0;
3016 }
3017 if (bss[NL80211_BSS_BEACON_IES]) {
3018 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
3019 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
3020 } else {
3021 beacon_ie = NULL;
3022 beacon_ie_len = 0;
3023 }
3025 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie,
3026 ie ? ie_len : beacon_ie_len))
3027 return NL_SKIP;
3029 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
3030 if (r == NULL)
3031 return NL_SKIP;
3032 if (bss[NL80211_BSS_BSSID])
3033 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
3034 ETH_ALEN);
3035 if (bss[NL80211_BSS_FREQUENCY])
3036 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
3037 if (bss[NL80211_BSS_BEACON_INTERVAL])
3038 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
3039 if (bss[NL80211_BSS_CAPABILITY])
3040 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
3041 r->flags |= WPA_SCAN_NOISE_INVALID;
3042 if (bss[NL80211_BSS_SIGNAL_MBM]) {
3043 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
3044 r->level /= 100; /* mBm to dBm */
3045 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
3046 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
3047 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
3048 r->flags |= WPA_SCAN_QUAL_INVALID;
3049 } else
3050 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
3051 if (bss[NL80211_BSS_TSF])
3052 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
3053 if (bss[NL80211_BSS_SEEN_MS_AGO])
3054 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
3055 r->ie_len = ie_len;
3056 pos = (u8 *) (r + 1);
3057 if (ie) {
3058 os_memcpy(pos, ie, ie_len);
3059 pos += ie_len;
3060 }
3061 r->beacon_ie_len = beacon_ie_len;
3062 if (beacon_ie)
3063 os_memcpy(pos, beacon_ie, beacon_ie_len);
3065 if (bss[NL80211_BSS_STATUS]) {
3066 enum nl80211_bss_status status;
3067 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
3068 switch (status) {
3069 case NL80211_BSS_STATUS_AUTHENTICATED:
3070 r->flags |= WPA_SCAN_AUTHENTICATED;
3071 break;
3072 case NL80211_BSS_STATUS_ASSOCIATED:
3073 r->flags |= WPA_SCAN_ASSOCIATED;
3074 break;
3075 default:
3076 break;
3077 }
3078 }
3080 /*
3081 * cfg80211 maintains separate BSS table entries for APs if the same
3082 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does
3083 * not use frequency as a separate key in the BSS table, so filter out
3084 * duplicated entries. Prefer associated BSS entry in such a case in
3085 * order to get the correct frequency into the BSS table.
3086 */
3087 for (i = 0; i < res->num; i++) {
3088 const u8 *s1, *s2;
3089 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0)
3090 continue;
3092 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1),
3093 res->res[i]->ie_len, WLAN_EID_SSID);
3094 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID);
3095 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] ||
3096 os_memcmp(s1, s2, 2 + s1[1]) != 0)
3097 continue;
3099 /* Same BSSID,SSID was already included in scan results */
3100 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result "
3101 "for " MACSTR, MAC2STR(r->bssid));
3103 if ((r->flags & WPA_SCAN_ASSOCIATED) &&
3104 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) {
3105 os_free(res->res[i]);
3106 res->res[i] = r;
3107 } else
3108 os_free(r);
3109 return NL_SKIP;
3110 }
3112 tmp = os_realloc(res->res,
3113 (res->num + 1) * sizeof(struct wpa_scan_res *));
3114 if (tmp == NULL) {
3115 os_free(r);
3116 return NL_SKIP;
3117 }
3118 tmp[res->num++] = r;
3119 res->res = tmp;
3121 return NL_SKIP;
3122 }
3125 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
3126 const u8 *addr)
3127 {
3128 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
3129 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
3130 "mismatch (" MACSTR ")", MAC2STR(addr));
3131 wpa_driver_nl80211_mlme(drv, addr,
3132 NL80211_CMD_DEAUTHENTICATE,
3133 WLAN_REASON_PREV_AUTH_NOT_VALID, 1);
3134 }
3135 }
3138 static void wpa_driver_nl80211_check_bss_status(
3139 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
3140 {
3141 size_t i;
3143 for (i = 0; i < res->num; i++) {
3144 struct wpa_scan_res *r = res->res[i];
3145 if (r->flags & WPA_SCAN_AUTHENTICATED) {
3146 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
3147 "indicates BSS status with " MACSTR
3148 " as authenticated",
3149 MAC2STR(r->bssid));
3150 if (is_sta_interface(drv->nlmode) &&
3151 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 &&
3152 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) !=
3153 0) {
3154 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID"
3155 " in local state (auth=" MACSTR
3156 " assoc=" MACSTR ")",
3157 MAC2STR(drv->auth_bssid),
3158 MAC2STR(drv->bssid));
3159 clear_state_mismatch(drv, r->bssid);
3160 }
3161 }
3163 if (r->flags & WPA_SCAN_ASSOCIATED) {
3164 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
3165 "indicate BSS status with " MACSTR
3166 " as associated",
3167 MAC2STR(r->bssid));
3168 if (is_sta_interface(drv->nlmode) &&
3169 !drv->associated) {
3170 wpa_printf(MSG_DEBUG, "nl80211: Local state "
3171 "(not associated) does not match "
3172 "with BSS state");
3173 clear_state_mismatch(drv, r->bssid);
3174 } else if (is_sta_interface(drv->nlmode) &&
3175 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) !=
3176 0) {
3177 wpa_printf(MSG_DEBUG, "nl80211: Local state "
3178 "(associated with " MACSTR ") does "
3179 "not match with BSS state",
3180 MAC2STR(drv->bssid));
3181 clear_state_mismatch(drv, r->bssid);
3182 clear_state_mismatch(drv, drv->bssid);
3183 }
3184 }
3185 }
3186 }
3189 static struct wpa_scan_results *
3190 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv)
3191 {
3192 struct nl_msg *msg;
3193 struct wpa_scan_results *res;
3194 int ret;
3195 struct nl80211_bss_info_arg arg;
3197 res = os_zalloc(sizeof(*res));
3198 if (res == NULL)
3199 return NULL;
3200 msg = nlmsg_alloc();
3201 if (!msg)
3202 goto nla_put_failure;
3204 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
3205 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3207 arg.drv = drv;
3208 arg.res = res;
3209 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
3210 msg = NULL;
3211 if (ret == 0) {
3212 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu "
3213 "BSSes)", (unsigned long) res->num);
3214 nl80211_get_noise_for_scan_results(drv, res);
3215 return res;
3216 }
3217 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
3218 "(%s)", ret, strerror(-ret));
3219 nla_put_failure:
3220 nlmsg_free(msg);
3221 wpa_scan_results_free(res);
3222 return NULL;
3223 }
3226 /**
3227 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
3228 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
3229 * Returns: Scan results on success, -1 on failure
3230 */
3231 static struct wpa_scan_results *
3232 wpa_driver_nl80211_get_scan_results(void *priv)
3233 {
3234 struct i802_bss *bss = priv;
3235 struct wpa_driver_nl80211_data *drv = bss->drv;
3236 struct wpa_scan_results *res;
3238 res = nl80211_get_scan_results(drv);
3239 if (res)
3240 wpa_driver_nl80211_check_bss_status(drv, res);
3241 return res;
3242 }
3245 static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv)
3246 {
3247 struct wpa_scan_results *res;
3248 size_t i;
3250 res = nl80211_get_scan_results(drv);
3251 if (res == NULL) {
3252 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results");
3253 return;
3254 }
3256 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump");
3257 for (i = 0; i < res->num; i++) {
3258 struct wpa_scan_res *r = res->res[i];
3259 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s",
3260 (int) i, (int) res->num, MAC2STR(r->bssid),
3261 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "",
3262 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : "");
3263 }
3265 wpa_scan_results_free(res);
3266 }
3269 static int wpa_driver_nl80211_set_key(const char *ifname, void *priv,
3270 enum wpa_alg alg, const u8 *addr,
3271 int key_idx, int set_tx,
3272 const u8 *seq, size_t seq_len,
3273 const u8 *key, size_t key_len)
3274 {
3275 struct i802_bss *bss = priv;
3276 struct wpa_driver_nl80211_data *drv = bss->drv;
3277 int ifindex = if_nametoindex(ifname);
3278 struct nl_msg *msg;
3279 int ret;
3281 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d "
3282 "set_tx=%d seq_len=%lu key_len=%lu",
3283 __func__, ifindex, alg, addr, key_idx, set_tx,
3284 (unsigned long) seq_len, (unsigned long) key_len);
3285 #ifdef CONFIG_TDLS
3286 if (key_idx == -1)
3287 key_idx = 0;
3288 #endif /* CONFIG_TDLS */
3290 msg = nlmsg_alloc();
3291 if (!msg)
3292 return -ENOMEM;
3294 if (alg == WPA_ALG_NONE) {
3295 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY);
3296 } else {
3297 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY);
3298 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
3299 switch (alg) {
3300 case WPA_ALG_WEP:
3301 if (key_len == 5)
3302 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
3303 WLAN_CIPHER_SUITE_WEP40);
3304 else
3305 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
3306 WLAN_CIPHER_SUITE_WEP104);
3307 break;
3308 case WPA_ALG_TKIP:
3309 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
3310 WLAN_CIPHER_SUITE_TKIP);
3311 break;
3312 case WPA_ALG_CCMP:
3313 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
3314 WLAN_CIPHER_SUITE_CCMP);
3315 break;
3316 case WPA_ALG_IGTK:
3317 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
3318 WLAN_CIPHER_SUITE_AES_CMAC);
3319 break;
3320 default:
3321 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
3322 "algorithm %d", __func__, alg);
3323 nlmsg_free(msg);
3324 return -1;
3325 }
3326 }
3328 if (seq && seq_len)
3329 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
3331 if (addr && !is_broadcast_ether_addr(addr)) {
3332 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
3333 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3335 if (alg != WPA_ALG_WEP && key_idx && !set_tx) {
3336 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK");
3337 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE,
3338 NL80211_KEYTYPE_GROUP);
3339 }
3340 } else if (addr && is_broadcast_ether_addr(addr)) {
3341 struct nl_msg *types;
3342 int err;
3343 wpa_printf(MSG_DEBUG, " broadcast key");
3344 types = nlmsg_alloc();
3345 if (!types)
3346 goto nla_put_failure;
3347 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
3348 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
3349 types);
3350 nlmsg_free(types);
3351 if (err)
3352 goto nla_put_failure;
3353 }
3354 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
3355 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
3357 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3358 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
3359 ret = 0;
3360 if (ret)
3361 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
3362 ret, strerror(-ret));
3364 /*
3365 * If we failed or don't need to set the default TX key (below),
3366 * we're done here.
3367 */
3368 if (ret || !set_tx || alg == WPA_ALG_NONE)
3369 return ret;
3370 if (is_ap_interface(drv->nlmode) && addr &&
3371 !is_broadcast_ether_addr(addr))
3372 return ret;
3374 msg = nlmsg_alloc();
3375 if (!msg)
3376 return -ENOMEM;
3378 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY);
3379 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
3380 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
3381 if (alg == WPA_ALG_IGTK)
3382 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
3383 else
3384 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
3385 if (addr && is_broadcast_ether_addr(addr)) {
3386 struct nl_msg *types;
3387 int err;
3388 types = nlmsg_alloc();
3389 if (!types)
3390 goto nla_put_failure;
3391 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
3392 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
3393 types);
3394 nlmsg_free(types);
3395 if (err)
3396 goto nla_put_failure;
3397 } else if (addr) {
3398 struct nl_msg *types;
3399 int err;
3400 types = nlmsg_alloc();
3401 if (!types)
3402 goto nla_put_failure;
3403 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_UNICAST);
3404 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
3405 types);
3406 nlmsg_free(types);
3407 if (err)
3408 goto nla_put_failure;
3409 }
3411 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3412 if (ret == -ENOENT)
3413 ret = 0;
3414 if (ret)
3415 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
3416 "err=%d %s)", ret, strerror(-ret));
3417 return ret;
3419 nla_put_failure:
3420 return -ENOBUFS;
3421 }
3424 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
3425 int key_idx, int defkey,
3426 const u8 *seq, size_t seq_len,
3427 const u8 *key, size_t key_len)
3428 {
3429 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
3430 if (!key_attr)
3431 return -1;
3433 if (defkey && alg == WPA_ALG_IGTK)
3434 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT);
3435 else if (defkey)
3436 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
3438 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx);
3440 switch (alg) {
3441 case WPA_ALG_WEP:
3442 if (key_len == 5)
3443 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
3444 WLAN_CIPHER_SUITE_WEP40);
3445 else
3446 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
3447 WLAN_CIPHER_SUITE_WEP104);
3448 break;
3449 case WPA_ALG_TKIP:
3450 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP);
3451 break;
3452 case WPA_ALG_CCMP:
3453 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP);
3454 break;
3455 case WPA_ALG_IGTK:
3456 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
3457 WLAN_CIPHER_SUITE_AES_CMAC);
3458 break;
3459 default:
3460 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
3461 "algorithm %d", __func__, alg);
3462 return -1;
3463 }
3465 if (seq && seq_len)
3466 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq);
3468 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key);
3470 nla_nest_end(msg, key_attr);
3472 return 0;
3473 nla_put_failure:
3474 return -1;
3475 }
3478 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
3479 struct nl_msg *msg)
3480 {
3481 int i, privacy = 0;
3482 struct nlattr *nl_keys, *nl_key;
3484 for (i = 0; i < 4; i++) {
3485 if (!params->wep_key[i])
3486 continue;
3487 privacy = 1;
3488 break;
3489 }
3490 if (params->wps == WPS_MODE_PRIVACY)
3491 privacy = 1;
3492 if (params->pairwise_suite &&
3493 params->pairwise_suite != WPA_CIPHER_NONE)
3494 privacy = 1;
3496 if (!privacy)
3497 return 0;
3499 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
3501 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
3502 if (!nl_keys)
3503 goto nla_put_failure;
3505 for (i = 0; i < 4; i++) {
3506 if (!params->wep_key[i])
3507 continue;
3509 nl_key = nla_nest_start(msg, i);
3510 if (!nl_key)
3511 goto nla_put_failure;
3513 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i],
3514 params->wep_key[i]);
3515 if (params->wep_key_len[i] == 5)
3516 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
3517 WLAN_CIPHER_SUITE_WEP40);
3518 else
3519 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
3520 WLAN_CIPHER_SUITE_WEP104);
3522 NLA_PUT_U8(msg, NL80211_KEY_IDX, i);
3524 if (i == params->wep_tx_keyidx)
3525 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
3527 nla_nest_end(msg, nl_key);
3528 }
3529 nla_nest_end(msg, nl_keys);
3531 return 0;
3533 nla_put_failure:
3534 return -ENOBUFS;
3535 }
3538 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
3539 const u8 *addr, int cmd, u16 reason_code,
3540 int local_state_change)
3541 {
3542 int ret = -1;
3543 struct nl_msg *msg;
3545 msg = nlmsg_alloc();
3546 if (!msg)
3547 return -1;
3549 nl80211_cmd(drv, msg, 0, cmd);
3551 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3552 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
3553 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3554 if (local_state_change)
3555 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
3557 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3558 msg = NULL;
3559 if (ret) {
3560 wpa_dbg(drv->ctx, MSG_DEBUG,
3561 "nl80211: MLME command failed: reason=%u ret=%d (%s)",
3562 reason_code, ret, strerror(-ret));
3563 goto nla_put_failure;
3564 }
3565 ret = 0;
3567 nla_put_failure:
3568 nlmsg_free(msg);
3569 return ret;
3570 }
3573 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
3574 const u8 *addr, int reason_code)
3575 {
3576 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
3577 __func__, MAC2STR(addr), reason_code);
3578 drv->associated = 0;
3579 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT,
3580 reason_code, 0);
3581 }
3584 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
3585 int reason_code)
3586 {
3587 struct i802_bss *bss = priv;
3588 struct wpa_driver_nl80211_data *drv = bss->drv;
3589 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
3590 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
3591 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
3592 __func__, MAC2STR(addr), reason_code);
3593 drv->associated = 0;
3594 if (drv->nlmode == NL80211_IFTYPE_ADHOC)
3595 return nl80211_leave_ibss(drv);
3596 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
3597 reason_code, 0);
3598 }
3601 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
3602 int reason_code)
3603 {
3604 struct i802_bss *bss = priv;
3605 struct wpa_driver_nl80211_data *drv = bss->drv;
3606 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
3607 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
3608 wpa_printf(MSG_DEBUG, "%s", __func__);
3609 drv->associated = 0;
3610 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE,
3611 reason_code, 0);
3612 }
3615 static int wpa_driver_nl80211_authenticate(
3616 void *priv, struct wpa_driver_auth_params *params)
3617 {
3618 struct i802_bss *bss = priv;
3619 struct wpa_driver_nl80211_data *drv = bss->drv;
3620 int ret = -1, i;
3621 struct nl_msg *msg;
3622 enum nl80211_auth_type type;
3623 enum nl80211_iftype nlmode;
3624 int count = 0;
3626 drv->associated = 0;
3627 os_memset(drv->auth_bssid, 0, ETH_ALEN);
3628 /* FIX: IBSS mode */
3629 nlmode = params->p2p ?
3630 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
3631 if (drv->nlmode != nlmode &&
3632 wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
3633 return -1;
3635 retry:
3636 msg = nlmsg_alloc();
3637 if (!msg)
3638 return -1;
3640 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
3641 drv->ifindex);
3643 nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE);
3645 for (i = 0; i < 4; i++) {
3646 if (!params->wep_key[i])
3647 continue;
3648 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP,
3649 NULL, i,
3650 i == params->wep_tx_keyidx, NULL, 0,
3651 params->wep_key[i],
3652 params->wep_key_len[i]);
3653 if (params->wep_tx_keyidx != i)
3654 continue;
3655 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
3656 params->wep_key[i], params->wep_key_len[i])) {
3657 nlmsg_free(msg);
3658 return -1;
3659 }
3660 }
3662 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3663 if (params->bssid) {
3664 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
3665 MAC2STR(params->bssid));
3666 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
3667 }
3668 if (params->freq) {
3669 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
3670 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
3671 }
3672 if (params->ssid) {
3673 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
3674 params->ssid, params->ssid_len);
3675 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
3676 params->ssid);
3677 }
3678 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
3679 if (params->ie)
3680 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
3681 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
3682 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
3683 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
3684 type = NL80211_AUTHTYPE_SHARED_KEY;
3685 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
3686 type = NL80211_AUTHTYPE_NETWORK_EAP;
3687 else if (params->auth_alg & WPA_AUTH_ALG_FT)
3688 type = NL80211_AUTHTYPE_FT;
3689 else
3690 goto nla_put_failure;
3691 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
3692 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
3693 if (params->local_state_change) {
3694 wpa_printf(MSG_DEBUG, " * Local state change only");
3695 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
3696 }
3698 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3699 msg = NULL;
3700 if (ret) {
3701 wpa_dbg(drv->ctx, MSG_DEBUG,
3702 "nl80211: MLME command failed (auth): ret=%d (%s)",
3703 ret, strerror(-ret));
3704 count++;
3705 if (ret == -EALREADY && count == 1 && params->bssid &&
3706 !params->local_state_change) {
3707 /*
3708 * mac80211 does not currently accept new
3709 * authentication if we are already authenticated. As a
3710 * workaround, force deauthentication and try again.
3711 */
3712 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
3713 "after forced deauthentication");
3714 wpa_driver_nl80211_deauthenticate(
3715 bss, params->bssid,
3716 WLAN_REASON_PREV_AUTH_NOT_VALID);
3717 nlmsg_free(msg);
3718 goto retry;
3719 }
3720 goto nla_put_failure;
3721 }
3722 ret = 0;
3723 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
3724 "successfully");
3726 nla_put_failure:
3727 nlmsg_free(msg);
3728 return ret;
3729 }
3732 struct phy_info_arg {
3733 u16 *num_modes;
3734 struct hostapd_hw_modes *modes;
3735 };
3737 static int phy_info_handler(struct nl_msg *msg, void *arg)
3738 {
3739 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
3740 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3741 struct phy_info_arg *phy_info = arg;
3743 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
3745 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
3746 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
3747 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
3748 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
3749 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
3750 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
3751 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
3752 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
3753 };
3755 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
3756 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
3757 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
3758 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
3759 };
3761 struct nlattr *nl_band;
3762 struct nlattr *nl_freq;
3763 struct nlattr *nl_rate;
3764 int rem_band, rem_freq, rem_rate;
3765 struct hostapd_hw_modes *mode;
3766 int idx, mode_is_set;
3768 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3769 genlmsg_attrlen(gnlh, 0), NULL);
3771 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
3772 return NL_SKIP;
3774 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
3775 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
3776 if (!mode)
3777 return NL_SKIP;
3778 phy_info->modes = mode;
3780 mode_is_set = 0;
3782 mode = &phy_info->modes[*(phy_info->num_modes)];
3783 memset(mode, 0, sizeof(*mode));
3784 mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN;
3785 *(phy_info->num_modes) += 1;
3787 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
3788 nla_len(nl_band), NULL);
3790 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) {
3791 mode->ht_capab = nla_get_u16(
3792 tb_band[NL80211_BAND_ATTR_HT_CAPA]);
3793 }
3795 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) {
3796 mode->a_mpdu_params |= nla_get_u8(
3797 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) &
3798 0x03;
3799 }
3801 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) {
3802 mode->a_mpdu_params |= nla_get_u8(
3803 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) <<
3804 2;
3805 }
3807 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] &&
3808 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) {
3809 u8 *mcs;
3810 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]);
3811 os_memcpy(mode->mcs_set, mcs, 16);
3812 }
3814 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
3815 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
3816 nla_len(nl_freq), freq_policy);
3817 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
3818 continue;
3819 mode->num_channels++;
3820 }
3822 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data));
3823 if (!mode->channels)
3824 return NL_SKIP;
3826 idx = 0;
3828 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
3829 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
3830 nla_len(nl_freq), freq_policy);
3831 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
3832 continue;
3834 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
3835 mode->channels[idx].flag = 0;
3837 if (!mode_is_set) {
3838 /* crude heuristic */
3839 if (mode->channels[idx].freq < 4000)
3840 mode->mode = HOSTAPD_MODE_IEEE80211B;
3841 else
3842 mode->mode = HOSTAPD_MODE_IEEE80211A;
3843 mode_is_set = 1;
3844 }
3846 /* crude heuristic */
3847 if (mode->channels[idx].freq < 4000)
3848 if (mode->channels[idx].freq == 2484)
3849 mode->channels[idx].chan = 14;
3850 else
3851 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
3852 else
3853 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
3855 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
3856 mode->channels[idx].flag |=
3857 HOSTAPD_CHAN_DISABLED;
3858 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
3859 mode->channels[idx].flag |=
3860 HOSTAPD_CHAN_PASSIVE_SCAN;
3861 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
3862 mode->channels[idx].flag |=
3863 HOSTAPD_CHAN_NO_IBSS;
3864 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
3865 mode->channels[idx].flag |=
3866 HOSTAPD_CHAN_RADAR;
3868 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] &&
3869 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
3870 mode->channels[idx].max_tx_power =
3871 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100;
3873 idx++;
3874 }
3876 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
3877 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
3878 nla_len(nl_rate), rate_policy);
3879 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
3880 continue;
3881 mode->num_rates++;
3882 }
3884 mode->rates = os_zalloc(mode->num_rates * sizeof(int));
3885 if (!mode->rates)
3886 return NL_SKIP;
3888 idx = 0;
3890 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
3891 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
3892 nla_len(nl_rate), rate_policy);
3893 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
3894 continue;
3895 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
3897 /* crude heuristic */
3898 if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
3899 mode->rates[idx] > 200)
3900 mode->mode = HOSTAPD_MODE_IEEE80211G;
3902 idx++;
3903 }
3904 }
3906 return NL_SKIP;
3907 }
3909 static struct hostapd_hw_modes *
3910 wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes)
3911 {
3912 u16 m;
3913 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
3914 int i, mode11g_idx = -1;
3916 /* If only 802.11g mode is included, use it to construct matching
3917 * 802.11b mode data. */
3919 for (m = 0; m < *num_modes; m++) {
3920 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
3921 return modes; /* 802.11b already included */
3922 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
3923 mode11g_idx = m;
3924 }
3926 if (mode11g_idx < 0)
3927 return modes; /* 2.4 GHz band not supported at all */
3929 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes));
3930 if (nmodes == NULL)
3931 return modes; /* Could not add 802.11b mode */
3933 mode = &nmodes[*num_modes];
3934 os_memset(mode, 0, sizeof(*mode));
3935 (*num_modes)++;
3936 modes = nmodes;
3938 mode->mode = HOSTAPD_MODE_IEEE80211B;
3940 mode11g = &modes[mode11g_idx];
3941 mode->num_channels = mode11g->num_channels;
3942 mode->channels = os_malloc(mode11g->num_channels *
3943 sizeof(struct hostapd_channel_data));
3944 if (mode->channels == NULL) {
3945 (*num_modes)--;
3946 return modes; /* Could not add 802.11b mode */
3947 }
3948 os_memcpy(mode->channels, mode11g->channels,
3949 mode11g->num_channels * sizeof(struct hostapd_channel_data));
3951 mode->num_rates = 0;
3952 mode->rates = os_malloc(4 * sizeof(int));
3953 if (mode->rates == NULL) {
3954 os_free(mode->channels);
3955 (*num_modes)--;
3956 return modes; /* Could not add 802.11b mode */
3957 }
3959 for (i = 0; i < mode11g->num_rates; i++) {
3960 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 &&
3961 mode11g->rates[i] != 55 && mode11g->rates[i] != 110)
3962 continue;
3963 mode->rates[mode->num_rates] = mode11g->rates[i];
3964 mode->num_rates++;
3965 if (mode->num_rates == 4)
3966 break;
3967 }
3969 if (mode->num_rates == 0) {
3970 os_free(mode->channels);
3971 os_free(mode->rates);
3972 (*num_modes)--;
3973 return modes; /* No 802.11b rates */
3974 }
3976 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
3977 "information");
3979 return modes;
3980 }
3983 static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start,
3984 int end)
3985 {
3986 int c;
3988 for (c = 0; c < mode->num_channels; c++) {
3989 struct hostapd_channel_data *chan = &mode->channels[c];
3990 if (chan->freq - 10 >= start && chan->freq + 10 <= end)
3991 chan->flag |= HOSTAPD_CHAN_HT40;
3992 }
3993 }
3996 static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start,
3997 int end)
3998 {
3999 int c;
4001 for (c = 0; c < mode->num_channels; c++) {
4002 struct hostapd_channel_data *chan = &mode->channels[c];
4003 if (!(chan->flag & HOSTAPD_CHAN_HT40))
4004 continue;
4005 if (chan->freq - 30 >= start && chan->freq - 10 <= end)
4006 chan->flag |= HOSTAPD_CHAN_HT40MINUS;
4007 if (chan->freq + 10 >= start && chan->freq + 30 <= end)
4008 chan->flag |= HOSTAPD_CHAN_HT40PLUS;
4009 }
4010 }
4013 static void nl80211_reg_rule_ht40(struct nlattr *tb[],
4014 struct phy_info_arg *results)
4015 {
4016 u32 start, end, max_bw;
4017 u16 m;
4019 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
4020 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
4021 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
4022 return;
4024 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
4025 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
4026 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
4028 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz",
4029 start, end, max_bw);
4030 if (max_bw < 40)
4031 return;
4033 for (m = 0; m < *results->num_modes; m++) {
4034 if (!(results->modes[m].ht_capab &
4035 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
4036 continue;
4037 nl80211_set_ht40_mode(&results->modes[m], start, end);
4038 }
4039 }
4042 static void nl80211_reg_rule_sec(struct nlattr *tb[],
4043 struct phy_info_arg *results)
4044 {
4045 u32 start, end, max_bw;
4046 u16 m;
4048 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
4049 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
4050 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
4051 return;
4053 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
4054 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
4055 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
4057 if (max_bw < 20)
4058 return;
4060 for (m = 0; m < *results->num_modes; m++) {
4061 if (!(results->modes[m].ht_capab &
4062 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
4063 continue;
4064 nl80211_set_ht40_mode_sec(&results->modes[m], start, end);
4065 }
4066 }
4069 static int nl80211_get_reg(struct nl_msg *msg, void *arg)
4070 {
4071 struct phy_info_arg *results = arg;
4072 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
4073 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
4074 struct nlattr *nl_rule;
4075 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1];
4076 int rem_rule;
4077 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
4078 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
4079 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
4080 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
4081 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
4082 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
4083 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
4084 };
4086 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
4087 genlmsg_attrlen(gnlh, 0), NULL);
4088 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] ||
4089 !tb_msg[NL80211_ATTR_REG_RULES]) {
4090 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information "
4091 "available");
4092 return NL_SKIP;
4093 }
4095 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s",
4096 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]));
4098 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
4099 {
4100 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
4101 nla_data(nl_rule), nla_len(nl_rule), reg_policy);
4102 nl80211_reg_rule_ht40(tb_rule, results);
4103 }
4105 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
4106 {
4107 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
4108 nla_data(nl_rule), nla_len(nl_rule), reg_policy);
4109 nl80211_reg_rule_sec(tb_rule, results);
4110 }
4112 return NL_SKIP;
4113 }
4116 static int nl80211_set_ht40_flags(struct wpa_driver_nl80211_data *drv,
4117 struct phy_info_arg *results)
4118 {
4119 struct nl_msg *msg;
4121 msg = nlmsg_alloc();
4122 if (!msg)
4123 return -ENOMEM;
4125 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG);
4126 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results);
4127 }
4130 static struct hostapd_hw_modes *
4131 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
4132 {
4133 struct i802_bss *bss = priv;
4134 struct wpa_driver_nl80211_data *drv = bss->drv;
4135 struct nl_msg *msg;
4136 struct phy_info_arg result = {
4137 .num_modes = num_modes,
4138 .modes = NULL,
4139 };
4141 *num_modes = 0;
4142 *flags = 0;
4144 msg = nlmsg_alloc();
4145 if (!msg)
4146 return NULL;
4148 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY);
4150 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4152 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) {
4153 nl80211_set_ht40_flags(drv, &result);
4154 return wpa_driver_nl80211_add_11b(result.modes, num_modes);
4155 }
4156 nla_put_failure:
4157 return NULL;
4158 }
4161 static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv,
4162 const void *data, size_t len,
4163 int encrypt, int noack)
4164 {
4165 __u8 rtap_hdr[] = {
4166 0x00, 0x00, /* radiotap version */
4167 0x0e, 0x00, /* radiotap length */
4168 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
4169 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
4170 0x00, /* padding */
4171 0x00, 0x00, /* RX and TX flags to indicate that */
4172 0x00, 0x00, /* this is the injected frame directly */
4173 };
4174 struct iovec iov[2] = {
4175 {
4176 .iov_base = &rtap_hdr,
4177 .iov_len = sizeof(rtap_hdr),
4178 },
4179 {
4180 .iov_base = (void *) data,
4181 .iov_len = len,
4182 }
4183 };
4184 struct msghdr msg = {
4185 .msg_name = NULL,
4186 .msg_namelen = 0,
4187 .msg_iov = iov,
4188 .msg_iovlen = 2,
4189 .msg_control = NULL,
4190 .msg_controllen = 0,
4191 .msg_flags = 0,
4192 };
4193 int res;
4194 u16 txflags = 0;
4196 if (encrypt)
4197 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
4199 if (drv->monitor_sock < 0) {
4200 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available "
4201 "for %s", __func__);
4202 return -1;
4203 }
4205 if (noack)
4206 txflags |= IEEE80211_RADIOTAP_F_TX_NOACK;
4207 *(le16 *) &rtap_hdr[12] = host_to_le16(txflags);
4209 res = sendmsg(drv->monitor_sock, &msg, 0);
4210 if (res < 0) {
4211 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno));
4212 return -1;
4213 }
4214 return 0;
4215 }
4218 static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data,
4219 size_t data_len, int noack)
4220 {
4221 struct i802_bss *bss = priv;
4222 struct wpa_driver_nl80211_data *drv = bss->drv;
4223 struct ieee80211_mgmt *mgmt;
4224 int encrypt = 1;
4225 u16 fc;
4227 mgmt = (struct ieee80211_mgmt *) data;
4228 fc = le_to_host16(mgmt->frame_control);
4230 if (is_sta_interface(drv->nlmode) &&
4231 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
4232 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
4233 /*
4234 * The use of last_mgmt_freq is a bit of a hack,
4235 * but it works due to the single-threaded nature
4236 * of wpa_supplicant.
4237 */
4238 return nl80211_send_frame_cmd(drv, drv->last_mgmt_freq, 0,
4239 data, data_len, NULL, 1, noack);
4240 }
4242 if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) {
4243 return nl80211_send_frame_cmd(drv, drv->ap_oper_freq, 0,
4244 data, data_len, NULL, 0, noack);
4245 }
4247 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
4248 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
4249 /*
4250 * Only one of the authentication frame types is encrypted.
4251 * In order for static WEP encryption to work properly (i.e.,
4252 * to not encrypt the frame), we need to tell mac80211 about
4253 * the frames that must not be encrypted.
4254 */
4255 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
4256 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
4257 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
4258 encrypt = 0;
4259 }
4261 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt,
4262 noack);
4263 }
4266 static int nl80211_set_ap_isolate(struct i802_bss *bss, int enabled)
4267 {
4268 struct wpa_driver_nl80211_data *drv = bss->drv;
4269 struct nl_msg *msg;
4271 msg = nlmsg_alloc();
4272 if (!msg)
4273 return -ENOMEM;
4275 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS);
4277 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4278 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, enabled);
4280 return send_and_recv_msgs(drv, msg, NULL, NULL);
4281 nla_put_failure:
4282 return -ENOBUFS;
4283 }
4286 static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble,
4287 int slot, int ht_opmode)
4288 {
4289 struct wpa_driver_nl80211_data *drv = bss->drv;
4290 struct nl_msg *msg;
4292 msg = nlmsg_alloc();
4293 if (!msg)
4294 return -ENOMEM;
4296 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS);
4298 if (cts >= 0)
4299 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
4300 if (preamble >= 0)
4301 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
4302 if (slot >= 0)
4303 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
4304 if (ht_opmode >= 0)
4305 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode);
4306 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4308 return send_and_recv_msgs(drv, msg, NULL, NULL);
4309 nla_put_failure:
4310 return -ENOBUFS;
4311 }
4314 static int wpa_driver_nl80211_set_ap(void *priv,
4315 struct wpa_driver_ap_params *params)
4316 {
4317 struct i802_bss *bss = priv;
4318 struct wpa_driver_nl80211_data *drv = bss->drv;
4319 struct nl_msg *msg;
4320 u8 cmd = NL80211_CMD_NEW_BEACON;
4321 int ret;
4322 int beacon_set;
4323 int ifindex = if_nametoindex(bss->ifname);
4324 int num_suites;
4325 u32 suites[10];
4326 u32 ver;
4328 beacon_set = bss->beacon_set;
4330 msg = nlmsg_alloc();
4331 if (!msg)
4332 return -ENOMEM;
4334 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
4335 beacon_set);
4336 if (beacon_set)
4337 cmd = NL80211_CMD_SET_BEACON;
4339 nl80211_cmd(drv, msg, 0, cmd);
4340 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head);
4341 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail);
4342 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
4343 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int);
4344 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period);
4345 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
4346 params->ssid);
4347 switch (params->hide_ssid) {
4348 case NO_SSID_HIDING:
4349 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
4350 NL80211_HIDDEN_SSID_NOT_IN_USE);
4351 break;
4352 case HIDDEN_SSID_ZERO_LEN:
4353 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
4354 NL80211_HIDDEN_SSID_ZERO_LEN);
4355 break;
4356 case HIDDEN_SSID_ZERO_CONTENTS:
4357 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
4358 NL80211_HIDDEN_SSID_ZERO_CONTENTS);
4359 break;
4360 }
4361 if (params->privacy)
4362 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
4363 if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) ==
4364 (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) {
4365 /* Leave out the attribute */
4366 } else if (params->auth_algs & WPA_AUTH_ALG_SHARED)
4367 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
4368 NL80211_AUTHTYPE_SHARED_KEY);
4369 else
4370 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
4371 NL80211_AUTHTYPE_OPEN_SYSTEM);
4373 ver = 0;
4374 if (params->wpa_version & WPA_PROTO_WPA)
4375 ver |= NL80211_WPA_VERSION_1;
4376 if (params->wpa_version & WPA_PROTO_RSN)
4377 ver |= NL80211_WPA_VERSION_2;
4378 if (ver)
4379 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
4381 num_suites = 0;
4382 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X)
4383 suites[num_suites++] = WLAN_AKM_SUITE_8021X;
4384 if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)
4385 suites[num_suites++] = WLAN_AKM_SUITE_PSK;
4386 if (num_suites) {
4387 NLA_PUT(msg, NL80211_ATTR_AKM_SUITES,
4388 num_suites * sizeof(u32), suites);
4389 }
4391 num_suites = 0;
4392 if (params->pairwise_ciphers & WPA_CIPHER_CCMP)
4393 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP;
4394 if (params->pairwise_ciphers & WPA_CIPHER_TKIP)
4395 suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP;
4396 if (params->pairwise_ciphers & WPA_CIPHER_WEP104)
4397 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104;
4398 if (params->pairwise_ciphers & WPA_CIPHER_WEP40)
4399 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40;
4400 if (num_suites) {
4401 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
4402 num_suites * sizeof(u32), suites);
4403 }
4405 switch (params->group_cipher) {
4406 case WPA_CIPHER_CCMP:
4407 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
4408 WLAN_CIPHER_SUITE_CCMP);
4409 break;
4410 case WPA_CIPHER_TKIP:
4411 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
4412 WLAN_CIPHER_SUITE_TKIP);
4413 break;
4414 case WPA_CIPHER_WEP104:
4415 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
4416 WLAN_CIPHER_SUITE_WEP104);
4417 break;
4418 case WPA_CIPHER_WEP40:
4419 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
4420 WLAN_CIPHER_SUITE_WEP40);
4421 break;
4422 }
4424 if (params->beacon_ies) {
4425 NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies),
4426 wpabuf_head(params->beacon_ies));
4427 }
4428 if (params->proberesp_ies) {
4429 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP,
4430 wpabuf_len(params->proberesp_ies),
4431 wpabuf_head(params->proberesp_ies));
4432 }
4433 if (params->assocresp_ies) {
4434 NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP,
4435 wpabuf_len(params->assocresp_ies),
4436 wpabuf_head(params->assocresp_ies));
4437 }
4439 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4440 if (ret) {
4441 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
4442 ret, strerror(-ret));
4443 } else {
4444 bss->beacon_set = 1;
4445 ret = nl80211_set_ap_isolate(bss, params->isolate);
4446 if (!params->isolate && ret) {
4447 wpa_printf(MSG_DEBUG, "nl80211: Ignore AP isolation "
4448 "configuration error since isolation is "
4449 "not used");
4450 ret = 0;
4451 }
4453 nl80211_set_bss(bss, params->cts_protect, params->preamble,
4454 params->short_slot_time, params->ht_opmode);
4455 }
4456 return ret;
4457 nla_put_failure:
4458 return -ENOBUFS;
4459 }
4462 static int wpa_driver_nl80211_set_freq(struct wpa_driver_nl80211_data *drv,
4463 int freq, int ht_enabled,
4464 int sec_channel_offset)
4465 {
4466 struct nl_msg *msg;
4467 int ret;
4469 wpa_printf(MSG_DEBUG, "nl80211: Set freq %d (ht_enabled=%d "
4470 "sec_channel_offset=%d)",
4471 freq, ht_enabled, sec_channel_offset);
4472 msg = nlmsg_alloc();
4473 if (!msg)
4474 return -1;
4476 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
4478 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4479 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
4480 if (ht_enabled) {
4481 switch (sec_channel_offset) {
4482 case -1:
4483 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
4484 NL80211_CHAN_HT40MINUS);
4485 break;
4486 case 1:
4487 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
4488 NL80211_CHAN_HT40PLUS);
4489 break;
4490 default:
4491 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
4492 NL80211_CHAN_HT20);
4493 break;
4494 }
4495 }
4497 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4498 if (ret == 0)
4499 return 0;
4500 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
4501 "%d (%s)", freq, ret, strerror(-ret));
4502 nla_put_failure:
4503 return -1;
4504 }
4507 static u32 sta_flags_nl80211(int flags)
4508 {
4509 u32 f = 0;
4511 if (flags & WPA_STA_AUTHORIZED)
4512 f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
4513 if (flags & WPA_STA_WMM)
4514 f |= BIT(NL80211_STA_FLAG_WME);
4515 if (flags & WPA_STA_SHORT_PREAMBLE)
4516 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
4517 if (flags & WPA_STA_MFP)
4518 f |= BIT(NL80211_STA_FLAG_MFP);
4519 if (flags & WPA_STA_TDLS_PEER)
4520 f |= BIT(NL80211_STA_FLAG_TDLS_PEER);
4522 return f;
4523 }
4526 static int wpa_driver_nl80211_sta_add(void *priv,
4527 struct hostapd_sta_add_params *params)
4528 {
4529 struct i802_bss *bss = priv;
4530 struct wpa_driver_nl80211_data *drv = bss->drv;
4531 struct nl_msg *msg;
4532 struct nl80211_sta_flag_update upd;
4533 int ret = -ENOBUFS;
4535 if ((params->flags & WPA_STA_TDLS_PEER) &&
4536 !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
4537 return -EOPNOTSUPP;
4539 msg = nlmsg_alloc();
4540 if (!msg)
4541 return -ENOMEM;
4543 nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION :
4544 NL80211_CMD_NEW_STATION);
4546 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4547 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
4548 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
4549 params->supp_rates);
4550 if (!params->set) {
4551 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
4552 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
4553 params->listen_interval);
4554 }
4555 if (params->ht_capabilities) {
4556 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
4557 sizeof(*params->ht_capabilities),
4558 params->ht_capabilities);
4559 }
4561 os_memset(&upd, 0, sizeof(upd));
4562 upd.mask = sta_flags_nl80211(params->flags);
4563 upd.set = upd.mask;
4564 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
4566 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4567 if (ret)
4568 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION "
4569 "result: %d (%s)", params->set ? "SET" : "NEW", ret,
4570 strerror(-ret));
4571 if (ret == -EEXIST)
4572 ret = 0;
4573 nla_put_failure:
4574 return ret;
4575 }
4578 static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr)
4579 {
4580 struct i802_bss *bss = priv;
4581 struct wpa_driver_nl80211_data *drv = bss->drv;
4582 struct nl_msg *msg;
4583 int ret;
4585 msg = nlmsg_alloc();
4586 if (!msg)
4587 return -ENOMEM;
4589 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION);
4591 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
4592 if_nametoindex(bss->ifname));
4593 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4595 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4596 if (ret == -ENOENT)
4597 return 0;
4598 return ret;
4599 nla_put_failure:
4600 return -ENOBUFS;
4601 }
4604 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
4605 int ifidx)
4606 {
4607 struct nl_msg *msg;
4609 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
4611 /* stop listening for EAPOL on this interface */
4612 del_ifidx(drv, ifidx);
4614 msg = nlmsg_alloc();
4615 if (!msg)
4616 goto nla_put_failure;
4618 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE);
4619 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
4621 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
4622 return;
4623 nla_put_failure:
4624 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
4625 }
4628 static const char * nl80211_iftype_str(enum nl80211_iftype mode)
4629 {
4630 switch (mode) {
4631 case NL80211_IFTYPE_ADHOC:
4632 return "ADHOC";
4633 case NL80211_IFTYPE_STATION:
4634 return "STATION";
4635 case NL80211_IFTYPE_AP:
4636 return "AP";
4637 case NL80211_IFTYPE_MONITOR:
4638 return "MONITOR";
4639 case NL80211_IFTYPE_P2P_CLIENT:
4640 return "P2P_CLIENT";
4641 case NL80211_IFTYPE_P2P_GO:
4642 return "P2P_GO";
4643 default:
4644 return "unknown";
4645 }
4646 }
4649 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
4650 const char *ifname,
4651 enum nl80211_iftype iftype,
4652 const u8 *addr, int wds)
4653 {
4654 struct nl_msg *msg, *flags = NULL;
4655 int ifidx;
4656 int ret = -ENOBUFS;
4658 wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)",
4659 iftype, nl80211_iftype_str(iftype));
4661 msg = nlmsg_alloc();
4662 if (!msg)
4663 return -1;
4665 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE);
4666 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4667 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
4668 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
4670 if (iftype == NL80211_IFTYPE_MONITOR) {
4671 int err;
4673 flags = nlmsg_alloc();
4674 if (!flags)
4675 goto nla_put_failure;
4677 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
4679 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
4681 nlmsg_free(flags);
4683 if (err)
4684 goto nla_put_failure;
4685 } else if (wds) {
4686 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds);
4687 }
4689 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4690 if (ret) {
4691 nla_put_failure:
4692 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
4693 ifname, ret, strerror(-ret));
4694 return ret;
4695 }
4697 ifidx = if_nametoindex(ifname);
4698 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
4699 ifname, ifidx);
4701 if (ifidx <= 0)
4702 return -1;
4704 /* start listening for EAPOL on this interface */
4705 add_ifidx(drv, ifidx);
4707 if (addr && iftype != NL80211_IFTYPE_MONITOR &&
4708 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) {
4709 nl80211_remove_iface(drv, ifidx);
4710 return -1;
4711 }
4713 return ifidx;
4714 }
4717 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
4718 const char *ifname, enum nl80211_iftype iftype,
4719 const u8 *addr, int wds)
4720 {
4721 int ret;
4723 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds);
4725 /* if error occurred and interface exists already */
4726 if (ret == -ENFILE && if_nametoindex(ifname)) {
4727 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
4729 /* Try to remove the interface that was already there. */
4730 nl80211_remove_iface(drv, if_nametoindex(ifname));
4732 /* Try to create the interface again */
4733 ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
4734 wds);
4735 }
4737 if (ret >= 0 && is_p2p_interface(iftype))
4738 nl80211_disable_11b_rates(drv, ret, 1);
4740 return ret;
4741 }
4744 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
4745 {
4746 struct ieee80211_hdr *hdr;
4747 u16 fc;
4748 union wpa_event_data event;
4750 hdr = (struct ieee80211_hdr *) buf;
4751 fc = le_to_host16(hdr->frame_control);
4753 os_memset(&event, 0, sizeof(event));
4754 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
4755 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
4756 event.tx_status.dst = hdr->addr1;
4757 event.tx_status.data = buf;
4758 event.tx_status.data_len = len;
4759 event.tx_status.ack = ok;
4760 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event);
4761 }
4764 static void from_unknown_sta(struct wpa_driver_nl80211_data *drv,
4765 u8 *buf, size_t len)
4766 {
4767 struct ieee80211_hdr *hdr = (void *)buf;
4768 u16 fc;
4769 union wpa_event_data event;
4771 if (len < sizeof(*hdr))
4772 return;
4774 fc = le_to_host16(hdr->frame_control);
4776 os_memset(&event, 0, sizeof(event));
4777 event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len);
4778 event.rx_from_unknown.addr = hdr->addr2;
4779 event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) ==
4780 (WLAN_FC_FROMDS | WLAN_FC_TODS);
4781 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
4782 }
4785 static void handle_frame(struct wpa_driver_nl80211_data *drv,
4786 u8 *buf, size_t len, int datarate, int ssi_signal)
4787 {
4788 struct ieee80211_hdr *hdr;
4789 u16 fc;
4790 union wpa_event_data event;
4792 hdr = (struct ieee80211_hdr *) buf;
4793 fc = le_to_host16(hdr->frame_control);
4795 switch (WLAN_FC_GET_TYPE(fc)) {
4796 case WLAN_FC_TYPE_MGMT:
4797 os_memset(&event, 0, sizeof(event));
4798 event.rx_mgmt.frame = buf;
4799 event.rx_mgmt.frame_len = len;
4800 event.rx_mgmt.datarate = datarate;
4801 event.rx_mgmt.ssi_signal = ssi_signal;
4802 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
4803 break;
4804 case WLAN_FC_TYPE_CTRL:
4805 /* can only get here with PS-Poll frames */
4806 wpa_printf(MSG_DEBUG, "CTRL");
4807 from_unknown_sta(drv, buf, len);
4808 break;
4809 case WLAN_FC_TYPE_DATA:
4810 from_unknown_sta(drv, buf, len);
4811 break;
4812 }
4813 }
4816 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
4817 {
4818 struct wpa_driver_nl80211_data *drv = eloop_ctx;
4819 int len;
4820 unsigned char buf[3000];
4821 struct ieee80211_radiotap_iterator iter;
4822 int ret;
4823 int datarate = 0, ssi_signal = 0;
4824 int injected = 0, failed = 0, rxflags = 0;
4826 len = recv(sock, buf, sizeof(buf), 0);
4827 if (len < 0) {
4828 perror("recv");
4829 return;
4830 }
4832 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
4833 printf("received invalid radiotap frame\n");
4834 return;
4835 }
4837 while (1) {
4838 ret = ieee80211_radiotap_iterator_next(&iter);
4839 if (ret == -ENOENT)
4840 break;
4841 if (ret) {
4842 printf("received invalid radiotap frame (%d)\n", ret);
4843 return;
4844 }
4845 switch (iter.this_arg_index) {
4846 case IEEE80211_RADIOTAP_FLAGS:
4847 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
4848 len -= 4;
4849 break;
4850 case IEEE80211_RADIOTAP_RX_FLAGS:
4851 rxflags = 1;
4852 break;
4853 case IEEE80211_RADIOTAP_TX_FLAGS:
4854 injected = 1;
4855 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
4856 IEEE80211_RADIOTAP_F_TX_FAIL;
4857 break;
4858 case IEEE80211_RADIOTAP_DATA_RETRIES:
4859 break;
4860 case IEEE80211_RADIOTAP_CHANNEL:
4861 /* TODO: convert from freq/flags to channel number */
4862 break;
4863 case IEEE80211_RADIOTAP_RATE:
4864 datarate = *iter.this_arg * 5;
4865 break;
4866 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
4867 ssi_signal = *iter.this_arg;
4868 break;
4869 }
4870 }
4872 if (rxflags && injected)
4873 return;
4875 if (!injected)
4876 handle_frame(drv, buf + iter.max_length,
4877 len - iter.max_length, datarate, ssi_signal);
4878 else
4879 handle_tx_callback(drv->ctx, buf + iter.max_length,
4880 len - iter.max_length, !failed);
4881 }
4884 /*
4885 * we post-process the filter code later and rewrite
4886 * this to the offset to the last instruction
4887 */
4888 #define PASS 0xFF
4889 #define FAIL 0xFE
4891 static struct sock_filter msock_filter_insns[] = {
4892 /*
4893 * do a little-endian load of the radiotap length field
4894 */
4895 /* load lower byte into A */
4896 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
4897 /* put it into X (== index register) */
4898 BPF_STMT(BPF_MISC| BPF_TAX, 0),
4899 /* load upper byte into A */
4900 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
4901 /* left-shift it by 8 */
4902 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
4903 /* or with X */
4904 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
4905 /* put result into X */
4906 BPF_STMT(BPF_MISC| BPF_TAX, 0),
4908 /*
4909 * Allow management frames through, this also gives us those
4910 * management frames that we sent ourselves with status
4911 */
4912 /* load the lower byte of the IEEE 802.11 frame control field */
4913 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
4914 /* mask off frame type and version */
4915 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
4916 /* accept frame if it's both 0, fall through otherwise */
4917 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
4919 /*
4920 * TODO: add a bit to radiotap RX flags that indicates
4921 * that the sending station is not associated, then
4922 * add a filter here that filters on our DA and that flag
4923 * to allow us to deauth frames to that bad station.
4924 *
4925 * For now allow all To DS data frames through.
4926 */
4927 /* load the IEEE 802.11 frame control field */
4928 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0),
4929 /* mask off frame type, version and DS status */
4930 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03),
4931 /* accept frame if version 0, type 2 and To DS, fall through otherwise
4932 */
4933 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0),
4935 #if 0
4936 /*
4937 * drop non-data frames
4938 */
4939 /* load the lower byte of the frame control field */
4940 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
4941 /* mask off QoS bit */
4942 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
4943 /* drop non-data frames */
4944 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
4945 #endif
4946 /* load the upper byte of the frame control field */
4947 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1),
4948 /* mask off toDS/fromDS */
4949 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
4950 /* accept WDS frames */
4951 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0),
4953 /*
4954 * add header length to index
4955 */
4956 /* load the lower byte of the frame control field */
4957 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
4958 /* mask off QoS bit */
4959 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
4960 /* right shift it by 6 to give 0 or 2 */
4961 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
4962 /* add data frame header length */
4963 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
4964 /* add index, was start of 802.11 header */
4965 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
4966 /* move to index, now start of LL header */
4967 BPF_STMT(BPF_MISC | BPF_TAX, 0),
4969 /*
4970 * Accept empty data frames, we use those for
4971 * polling activity.
4972 */
4973 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
4974 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
4976 /*
4977 * Accept EAPOL frames
4978 */
4979 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
4980 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
4981 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
4982 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
4984 /* keep these last two statements or change the code below */
4985 /* return 0 == "DROP" */
4986 BPF_STMT(BPF_RET | BPF_K, 0),
4987 /* return ~0 == "keep all" */
4988 BPF_STMT(BPF_RET | BPF_K, ~0),
4989 };
4991 static struct sock_fprog msock_filter = {
4992 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
4993 .filter = msock_filter_insns,
4994 };
4997 static int add_monitor_filter(int s)
4998 {
4999 int idx;
5001 /* rewrite all PASS/FAIL jump offsets */
5002 for (idx = 0; idx < msock_filter.len; idx++) {
5003 struct sock_filter *insn = &msock_filter_insns[idx];
5005 if (BPF_CLASS(insn->code) == BPF_JMP) {
5006 if (insn->code == (BPF_JMP|BPF_JA)) {
5007 if (insn->k == PASS)
5008 insn->k = msock_filter.len - idx - 2;
5009 else if (insn->k == FAIL)
5010 insn->k = msock_filter.len - idx - 3;
5011 }
5013 if (insn->jt == PASS)
5014 insn->jt = msock_filter.len - idx - 2;
5015 else if (insn->jt == FAIL)
5016 insn->jt = msock_filter.len - idx - 3;
5018 if (insn->jf == PASS)
5019 insn->jf = msock_filter.len - idx - 2;
5020 else if (insn->jf == FAIL)
5021 insn->jf = msock_filter.len - idx - 3;
5022 }
5023 }
5025 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
5026 &msock_filter, sizeof(msock_filter))) {
5027 perror("SO_ATTACH_FILTER");
5028 return -1;
5029 }
5031 return 0;
5032 }
5035 static void nl80211_remove_monitor_interface(
5036 struct wpa_driver_nl80211_data *drv)
5037 {
5038 if (drv->monitor_ifidx >= 0) {
5039 nl80211_remove_iface(drv, drv->monitor_ifidx);
5040 drv->monitor_ifidx = -1;
5041 }
5042 if (drv->monitor_sock >= 0) {
5043 eloop_unregister_read_sock(drv->monitor_sock);
5044 close(drv->monitor_sock);
5045 drv->monitor_sock = -1;
5046 }
5047 }
5050 static int
5051 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
5052 {
5053 char buf[IFNAMSIZ];
5054 struct sockaddr_ll ll;
5055 int optval;
5056 socklen_t optlen;
5058 if (os_strncmp(drv->first_bss.ifname, "p2p-", 4) == 0) {
5059 /*
5060 * P2P interface name is of the format p2p-%s-%d. For monitor
5061 * interface name corresponding to P2P GO, replace "p2p-" with
5062 * "mon-" to retain the same interface name length and to
5063 * indicate that it is a monitor interface.
5064 */
5065 snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss.ifname + 4);
5066 } else {
5067 /* Non-P2P interface with AP functionality. */
5068 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname);
5069 }
5071 buf[IFNAMSIZ - 1] = '\0';
5073 drv->monitor_ifidx =
5074 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL,
5075 0);
5077 if (drv->monitor_ifidx == -EOPNOTSUPP) {
5078 /*
5079 * This is backward compatibility for a few versions of
5080 * the kernel only that didn't advertise the right
5081 * attributes for the only driver that then supported
5082 * AP mode w/o monitor -- ath6kl.
5083 */
5084 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support "
5085 "monitor interface type - try to run without it");
5086 drv->device_ap_sme = 1;
5087 }
5089 if (drv->monitor_ifidx < 0)
5090 return -1;
5092 if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1))
5093 goto error;
5095 memset(&ll, 0, sizeof(ll));
5096 ll.sll_family = AF_PACKET;
5097 ll.sll_ifindex = drv->monitor_ifidx;
5098 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
5099 if (drv->monitor_sock < 0) {
5100 perror("socket[PF_PACKET,SOCK_RAW]");
5101 goto error;
5102 }
5104 if (add_monitor_filter(drv->monitor_sock)) {
5105 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
5106 "interface; do filtering in user space");
5107 /* This works, but will cost in performance. */
5108 }
5110 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
5111 perror("monitor socket bind");
5112 goto error;
5113 }
5115 optlen = sizeof(optval);
5116 optval = 20;
5117 if (setsockopt
5118 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
5119 perror("Failed to set socket priority");
5120 goto error;
5121 }
5123 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
5124 drv, NULL)) {
5125 printf("Could not register monitor read socket\n");
5126 goto error;
5127 }
5129 return 0;
5130 error:
5131 nl80211_remove_monitor_interface(drv);
5132 return -1;
5133 }
5136 #ifdef CONFIG_AP
5137 static int nl80211_send_eapol_data(struct i802_bss *bss,
5138 const u8 *addr, const u8 *data,
5139 size_t data_len)
5140 {
5141 struct sockaddr_ll ll;
5142 int ret;
5144 if (bss->drv->eapol_tx_sock < 0) {
5145 wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL");
5146 return -1;
5147 }
5149 os_memset(&ll, 0, sizeof(ll));
5150 ll.sll_family = AF_PACKET;
5151 ll.sll_ifindex = bss->ifindex;
5152 ll.sll_protocol = htons(ETH_P_PAE);
5153 ll.sll_halen = ETH_ALEN;
5154 os_memcpy(ll.sll_addr, addr, ETH_ALEN);
5155 ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0,
5156 (struct sockaddr *) &ll, sizeof(ll));
5157 if (ret < 0)
5158 wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s",
5159 strerror(errno));
5161 return ret;
5162 }
5163 #endif /* CONFIG_AP */
5166 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
5168 static int wpa_driver_nl80211_hapd_send_eapol(
5169 void *priv, const u8 *addr, const u8 *data,
5170 size_t data_len, int encrypt, const u8 *own_addr, u32 flags)
5171 {
5172 struct i802_bss *bss = priv;
5173 struct wpa_driver_nl80211_data *drv = bss->drv;
5174 struct ieee80211_hdr *hdr;
5175 size_t len;
5176 u8 *pos;
5177 int res;
5178 int qos = flags & WPA_STA_WMM;
5180 #ifdef CONFIG_AP
5181 if (drv->device_ap_sme)
5182 return nl80211_send_eapol_data(bss, addr, data, data_len);
5183 #endif /* CONFIG_AP */
5185 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
5186 data_len;
5187 hdr = os_zalloc(len);
5188 if (hdr == NULL) {
5189 printf("malloc() failed for i802_send_data(len=%lu)\n",
5190 (unsigned long) len);
5191 return -1;
5192 }
5194 hdr->frame_control =
5195 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
5196 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
5197 if (encrypt)
5198 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
5199 if (qos) {
5200 hdr->frame_control |=
5201 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
5202 }
5204 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
5205 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
5206 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
5207 pos = (u8 *) (hdr + 1);
5209 if (qos) {
5210 /* add an empty QoS header if needed */
5211 pos[0] = 0;
5212 pos[1] = 0;
5213 pos += 2;
5214 }
5216 memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
5217 pos += sizeof(rfc1042_header);
5218 WPA_PUT_BE16(pos, ETH_P_PAE);
5219 pos += 2;
5220 memcpy(pos, data, data_len);
5222 res = wpa_driver_nl80211_send_frame(drv, (u8 *) hdr, len, encrypt, 0);
5223 if (res < 0) {
5224 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
5225 "failed: %d (%s)",
5226 (unsigned long) len, errno, strerror(errno));
5227 }
5228 os_free(hdr);
5230 return res;
5231 }
5234 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
5235 int total_flags,
5236 int flags_or, int flags_and)
5237 {
5238 struct i802_bss *bss = priv;
5239 struct wpa_driver_nl80211_data *drv = bss->drv;
5240 struct nl_msg *msg, *flags = NULL;
5241 struct nl80211_sta_flag_update upd;
5243 msg = nlmsg_alloc();
5244 if (!msg)
5245 return -ENOMEM;
5247 flags = nlmsg_alloc();
5248 if (!flags) {
5249 nlmsg_free(msg);
5250 return -ENOMEM;
5251 }
5253 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
5255 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
5256 if_nametoindex(bss->ifname));
5257 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5259 /*
5260 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
5261 * can be removed eventually.
5262 */
5263 if (total_flags & WPA_STA_AUTHORIZED)
5264 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
5266 if (total_flags & WPA_STA_WMM)
5267 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
5269 if (total_flags & WPA_STA_SHORT_PREAMBLE)
5270 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
5272 if (total_flags & WPA_STA_MFP)
5273 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP);
5275 if (total_flags & WPA_STA_TDLS_PEER)
5276 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_TDLS_PEER);
5278 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
5279 goto nla_put_failure;
5281 os_memset(&upd, 0, sizeof(upd));
5282 upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
5283 upd.set = sta_flags_nl80211(flags_or);
5284 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
5286 nlmsg_free(flags);
5288 return send_and_recv_msgs(drv, msg, NULL, NULL);
5289 nla_put_failure:
5290 nlmsg_free(flags);
5291 return -ENOBUFS;
5292 }
5295 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
5296 struct wpa_driver_associate_params *params)
5297 {
5298 enum nl80211_iftype nlmode;
5300 if (params->p2p) {
5301 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P "
5302 "group (GO)");
5303 nlmode = NL80211_IFTYPE_P2P_GO;
5304 } else
5305 nlmode = NL80211_IFTYPE_AP;
5307 if (wpa_driver_nl80211_set_mode(&drv->first_bss, nlmode) ||
5308 wpa_driver_nl80211_set_freq(drv, params->freq, 0, 0)) {
5309 nl80211_remove_monitor_interface(drv);
5310 return -1;
5311 }
5313 if (drv->device_ap_sme) {
5314 if (wpa_driver_nl80211_probe_req_report(&drv->first_bss, 1) < 0)
5315 {
5316 wpa_printf(MSG_DEBUG, "nl80211: Failed to enable "
5317 "Probe Request frame reporting in AP mode");
5318 /* Try to survive without this */
5319 }
5320 }
5322 drv->ap_oper_freq = params->freq;
5324 return 0;
5325 }
5328 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv)
5329 {
5330 struct nl_msg *msg;
5331 int ret = -1;
5333 msg = nlmsg_alloc();
5334 if (!msg)
5335 return -1;
5337 nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS);
5338 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5339 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5340 msg = NULL;
5341 if (ret) {
5342 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
5343 "(%s)", ret, strerror(-ret));
5344 goto nla_put_failure;
5345 }
5347 ret = 0;
5348 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully");
5350 nla_put_failure:
5351 nlmsg_free(msg);
5352 return ret;
5353 }
5356 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
5357 struct wpa_driver_associate_params *params)
5358 {
5359 struct nl_msg *msg;
5360 int ret = -1;
5361 int count = 0;
5363 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
5365 if (wpa_driver_nl80211_set_mode(&drv->first_bss,
5366 NL80211_IFTYPE_ADHOC)) {
5367 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
5368 "IBSS mode");
5369 return -1;
5370 }
5372 retry:
5373 msg = nlmsg_alloc();
5374 if (!msg)
5375 return -1;
5377 nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS);
5378 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5380 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
5381 goto nla_put_failure;
5383 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
5384 params->ssid, params->ssid_len);
5385 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
5386 params->ssid);
5387 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
5388 drv->ssid_len = params->ssid_len;
5390 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
5391 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
5393 ret = nl80211_set_conn_keys(params, msg);
5394 if (ret)
5395 goto nla_put_failure;
5397 if (params->wpa_ie) {
5398 wpa_hexdump(MSG_DEBUG,
5399 " * Extra IEs for Beacon/Probe Response frames",
5400 params->wpa_ie, params->wpa_ie_len);
5401 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
5402 params->wpa_ie);
5403 }
5405 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5406 msg = NULL;
5407 if (ret) {
5408 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
5409 ret, strerror(-ret));
5410 count++;
5411 if (ret == -EALREADY && count == 1) {
5412 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
5413 "forced leave");
5414 nl80211_leave_ibss(drv);
5415 nlmsg_free(msg);
5416 goto retry;
5417 }
5419 goto nla_put_failure;
5420 }
5421 ret = 0;
5422 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully");
5424 nla_put_failure:
5425 nlmsg_free(msg);
5426 return ret;
5427 }
5430 static unsigned int nl80211_get_assoc_bssid(struct wpa_driver_nl80211_data *drv,
5431 u8 *bssid)
5432 {
5433 struct nl_msg *msg;
5434 int ret;
5435 struct nl80211_bss_info_arg arg;
5437 os_memset(&arg, 0, sizeof(arg));
5438 msg = nlmsg_alloc();
5439 if (!msg)
5440 goto nla_put_failure;
5442 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
5443 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5445 arg.drv = drv;
5446 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
5447 msg = NULL;
5448 if (ret == 0) {
5449 if (is_zero_ether_addr(arg.assoc_bssid))
5450 return -ENOTCONN;
5451 os_memcpy(bssid, arg.assoc_bssid, ETH_ALEN);
5452 return 0;
5453 }
5454 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
5455 "(%s)", ret, strerror(-ret));
5456 nla_put_failure:
5457 nlmsg_free(msg);
5458 return drv->assoc_freq;
5459 }
5462 static int nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
5463 const u8 *bssid)
5464 {
5465 u8 addr[ETH_ALEN];
5467 if (bssid == NULL) {
5468 int res = nl80211_get_assoc_bssid(drv, addr);
5469 if (res)
5470 return res;
5471 bssid = addr;
5472 }
5474 return wpa_driver_nl80211_disconnect(drv, bssid,
5475 WLAN_REASON_PREV_AUTH_NOT_VALID);
5476 }
5479 static int wpa_driver_nl80211_connect(
5480 struct wpa_driver_nl80211_data *drv,
5481 struct wpa_driver_associate_params *params)
5482 {
5483 struct nl_msg *msg;
5484 enum nl80211_auth_type type;
5485 int ret = 0;
5486 int algs;
5488 msg = nlmsg_alloc();
5489 if (!msg)
5490 return -1;
5492 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
5493 nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT);
5495 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5496 if (params->bssid) {
5497 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
5498 MAC2STR(params->bssid));
5499 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
5500 }
5501 if (params->freq) {
5502 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
5503 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
5504 }
5505 if (params->ssid) {
5506 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
5507 params->ssid, params->ssid_len);
5508 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
5509 params->ssid);
5510 if (params->ssid_len > sizeof(drv->ssid))
5511 goto nla_put_failure;
5512 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
5513 drv->ssid_len = params->ssid_len;
5514 }
5515 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
5516 if (params->wpa_ie)
5517 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
5518 params->wpa_ie);
5520 algs = 0;
5521 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
5522 algs++;
5523 if (params->auth_alg & WPA_AUTH_ALG_SHARED)
5524 algs++;
5525 if (params->auth_alg & WPA_AUTH_ALG_LEAP)
5526 algs++;
5527 if (algs > 1) {
5528 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic "
5529 "selection");
5530 goto skip_auth_type;
5531 }
5533 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
5534 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
5535 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
5536 type = NL80211_AUTHTYPE_SHARED_KEY;
5537 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
5538 type = NL80211_AUTHTYPE_NETWORK_EAP;
5539 else if (params->auth_alg & WPA_AUTH_ALG_FT)
5540 type = NL80211_AUTHTYPE_FT;
5541 else
5542 goto nla_put_failure;
5544 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
5545 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
5547 skip_auth_type:
5548 if (params->wpa_proto) {
5549 enum nl80211_wpa_versions ver = 0;
5551 if (params->wpa_proto & WPA_PROTO_WPA)
5552 ver |= NL80211_WPA_VERSION_1;
5553 if (params->wpa_proto & WPA_PROTO_RSN)
5554 ver |= NL80211_WPA_VERSION_2;
5556 wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver);
5557 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
5558 }
5560 if (params->pairwise_suite != CIPHER_NONE) {
5561 int cipher;
5563 switch (params->pairwise_suite) {
5564 case CIPHER_WEP40:
5565 cipher = WLAN_CIPHER_SUITE_WEP40;
5566 break;
5567 case CIPHER_WEP104:
5568 cipher = WLAN_CIPHER_SUITE_WEP104;
5569 break;
5570 case CIPHER_CCMP:
5571 cipher = WLAN_CIPHER_SUITE_CCMP;
5572 break;
5573 case CIPHER_TKIP:
5574 default:
5575 cipher = WLAN_CIPHER_SUITE_TKIP;
5576 break;
5577 }
5578 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
5579 }
5581 if (params->group_suite != CIPHER_NONE) {
5582 int cipher;
5584 switch (params->group_suite) {
5585 case CIPHER_WEP40:
5586 cipher = WLAN_CIPHER_SUITE_WEP40;
5587 break;
5588 case CIPHER_WEP104:
5589 cipher = WLAN_CIPHER_SUITE_WEP104;
5590 break;
5591 case CIPHER_CCMP:
5592 cipher = WLAN_CIPHER_SUITE_CCMP;
5593 break;
5594 case CIPHER_TKIP:
5595 default:
5596 cipher = WLAN_CIPHER_SUITE_TKIP;
5597 break;
5598 }
5599 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
5600 }
5602 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
5603 params->key_mgmt_suite == KEY_MGMT_PSK) {
5604 int mgmt = WLAN_AKM_SUITE_PSK;
5606 switch (params->key_mgmt_suite) {
5607 case KEY_MGMT_802_1X:
5608 mgmt = WLAN_AKM_SUITE_8021X;
5609 break;
5610 case KEY_MGMT_PSK:
5611 default:
5612 mgmt = WLAN_AKM_SUITE_PSK;
5613 break;
5614 }
5615 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt);
5616 }
5618 ret = nl80211_set_conn_keys(params, msg);
5619 if (ret)
5620 goto nla_put_failure;
5622 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5623 msg = NULL;
5624 if (ret) {
5625 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
5626 "(%s)", ret, strerror(-ret));
5627 /*
5628 * cfg80211 does not currently accept new connection if we are
5629 * already connected. As a workaround, force disconnection and
5630 * try again once the driver indicates it completed
5631 * disconnection.
5632 */
5633 if (ret == -EALREADY)
5634 nl80211_disconnect(drv, params->bssid);
5635 goto nla_put_failure;
5636 }
5637 ret = 0;
5638 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully");
5640 nla_put_failure:
5641 nlmsg_free(msg);
5642 return ret;
5644 }
5647 static int wpa_driver_nl80211_associate(
5648 void *priv, struct wpa_driver_associate_params *params)
5649 {
5650 struct i802_bss *bss = priv;
5651 struct wpa_driver_nl80211_data *drv = bss->drv;
5652 int ret = -1;
5653 struct nl_msg *msg;
5655 if (params->mode == IEEE80211_MODE_AP)
5656 return wpa_driver_nl80211_ap(drv, params);
5658 if (params->mode == IEEE80211_MODE_IBSS)
5659 return wpa_driver_nl80211_ibss(drv, params);
5661 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
5662 enum nl80211_iftype nlmode = params->p2p ?
5663 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
5665 if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
5666 return -1;
5667 return wpa_driver_nl80211_connect(drv, params);
5668 }
5670 drv->associated = 0;
5672 msg = nlmsg_alloc();
5673 if (!msg)
5674 return -1;
5676 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
5677 drv->ifindex);
5678 nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE);
5680 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5681 if (params->bssid) {
5682 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
5683 MAC2STR(params->bssid));
5684 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
5685 }
5686 if (params->freq) {
5687 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
5688 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
5689 drv->assoc_freq = params->freq;
5690 } else
5691 drv->assoc_freq = 0;
5692 if (params->ssid) {
5693 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
5694 params->ssid, params->ssid_len);
5695 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
5696 params->ssid);
5697 if (params->ssid_len > sizeof(drv->ssid))
5698 goto nla_put_failure;
5699 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
5700 drv->ssid_len = params->ssid_len;
5701 }
5702 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
5703 if (params->wpa_ie)
5704 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
5705 params->wpa_ie);
5707 if (params->pairwise_suite != CIPHER_NONE) {
5708 int cipher;
5710 switch (params->pairwise_suite) {
5711 case CIPHER_WEP40:
5712 cipher = WLAN_CIPHER_SUITE_WEP40;
5713 break;
5714 case CIPHER_WEP104:
5715 cipher = WLAN_CIPHER_SUITE_WEP104;
5716 break;
5717 case CIPHER_CCMP:
5718 cipher = WLAN_CIPHER_SUITE_CCMP;
5719 break;
5720 case CIPHER_TKIP:
5721 default:
5722 cipher = WLAN_CIPHER_SUITE_TKIP;
5723 break;
5724 }
5725 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher);
5726 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
5727 }
5729 if (params->group_suite != CIPHER_NONE) {
5730 int cipher;
5732 switch (params->group_suite) {
5733 case CIPHER_WEP40:
5734 cipher = WLAN_CIPHER_SUITE_WEP40;
5735 break;
5736 case CIPHER_WEP104:
5737 cipher = WLAN_CIPHER_SUITE_WEP104;
5738 break;
5739 case CIPHER_CCMP:
5740 cipher = WLAN_CIPHER_SUITE_CCMP;
5741 break;
5742 case CIPHER_TKIP:
5743 default:
5744 cipher = WLAN_CIPHER_SUITE_TKIP;
5745 break;
5746 }
5747 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher);
5748 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
5749 }
5751 #ifdef CONFIG_IEEE80211W
5752 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED)
5753 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
5754 #endif /* CONFIG_IEEE80211W */
5756 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
5758 if (params->prev_bssid) {
5759 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR,
5760 MAC2STR(params->prev_bssid));
5761 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
5762 params->prev_bssid);
5763 }
5765 if (params->p2p)
5766 wpa_printf(MSG_DEBUG, " * P2P group");
5768 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5769 msg = NULL;
5770 if (ret) {
5771 wpa_dbg(drv->ctx, MSG_DEBUG,
5772 "nl80211: MLME command failed (assoc): ret=%d (%s)",
5773 ret, strerror(-ret));
5774 nl80211_dump_scan(drv);
5775 goto nla_put_failure;
5776 }
5777 ret = 0;
5778 wpa_printf(MSG_DEBUG, "nl80211: Association request send "
5779 "successfully");
5781 nla_put_failure:
5782 nlmsg_free(msg);
5783 return ret;
5784 }
5787 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
5788 int ifindex, enum nl80211_iftype mode)
5789 {
5790 struct nl_msg *msg;
5791 int ret = -ENOBUFS;
5793 wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)",
5794 ifindex, mode, nl80211_iftype_str(mode));
5796 msg = nlmsg_alloc();
5797 if (!msg)
5798 return -ENOMEM;
5800 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE);
5801 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
5802 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
5804 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5805 if (!ret)
5806 return 0;
5807 nla_put_failure:
5808 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
5809 " %d (%s)", ifindex, mode, ret, strerror(-ret));
5810 return ret;
5811 }
5814 static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
5815 enum nl80211_iftype nlmode)
5816 {
5817 struct wpa_driver_nl80211_data *drv = bss->drv;
5818 int ret = -1;
5819 int i;
5820 int was_ap = is_ap_interface(drv->nlmode);
5822 if (nl80211_set_mode(drv, drv->ifindex, nlmode) == 0) {
5823 drv->nlmode = nlmode;
5824 ret = 0;
5825 goto done;
5826 }
5828 if (nlmode == drv->nlmode) {
5829 wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
5830 "requested mode - ignore error");
5831 ret = 0;
5832 goto done; /* Already in the requested mode */
5833 }
5835 /* mac80211 doesn't allow mode changes while the device is up, so
5836 * take the device down, try to set the mode again, and bring the
5837 * device back up.
5838 */
5839 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting "
5840 "interface down");
5841 for (i = 0; i < 10; i++) {
5842 int res;
5843 res = linux_set_iface_flags(drv->global->ioctl_sock,
5844 bss->ifname, 0);
5845 if (res == -EACCES || res == -ENODEV)
5846 break;
5847 if (res == 0) {
5848 /* Try to set the mode again while the interface is
5849 * down */
5850 ret = nl80211_set_mode(drv, drv->ifindex, nlmode);
5851 if (ret == -EACCES)
5852 break;
5853 res = linux_set_iface_flags(drv->global->ioctl_sock,
5854 bss->ifname, 1);
5855 if (res && !ret)
5856 ret = -1;
5857 else if (ret != -EBUSY)
5858 break;
5859 } else
5860 wpa_printf(MSG_DEBUG, "nl80211: Failed to set "
5861 "interface down");
5862 os_sleep(0, 100000);
5863 }
5865 if (!ret) {
5866 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
5867 "interface is down");
5868 drv->nlmode = nlmode;
5869 drv->ignore_if_down_event = 1;
5870 }
5872 done:
5873 if (!ret && is_ap_interface(nlmode)) {
5874 /* Setup additional AP mode functionality if needed */
5875 if (!drv->device_ap_sme && drv->monitor_ifidx < 0 &&
5876 nl80211_create_monitor_interface(drv) &&
5877 !drv->device_ap_sme)
5878 return -1;
5879 } else if (!ret && !is_ap_interface(nlmode)) {
5880 /* Remove additional AP mode functionality */
5881 if (was_ap && drv->device_ap_sme)
5882 wpa_driver_nl80211_probe_req_report(bss, 0);
5883 nl80211_remove_monitor_interface(drv);
5884 bss->beacon_set = 0;
5885 }
5887 if (!ret && is_p2p_interface(drv->nlmode)) {
5888 nl80211_disable_11b_rates(drv, drv->ifindex, 1);
5889 drv->disabled_11b_rates = 1;
5890 } else if (!ret && drv->disabled_11b_rates) {
5891 nl80211_disable_11b_rates(drv, drv->ifindex, 0);
5892 drv->disabled_11b_rates = 0;
5893 }
5895 if (ret)
5896 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
5897 "from %d failed", nlmode, drv->nlmode);
5899 return ret;
5900 }
5903 static int wpa_driver_nl80211_get_capa(void *priv,
5904 struct wpa_driver_capa *capa)
5905 {
5906 struct i802_bss *bss = priv;
5907 struct wpa_driver_nl80211_data *drv = bss->drv;
5908 if (!drv->has_capability)
5909 return -1;
5910 os_memcpy(capa, &drv->capa, sizeof(*capa));
5911 return 0;
5912 }
5915 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
5916 {
5917 struct i802_bss *bss = priv;
5918 struct wpa_driver_nl80211_data *drv = bss->drv;
5920 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
5921 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
5922 drv->operstate = state;
5923 return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1,
5924 state ? IF_OPER_UP : IF_OPER_DORMANT);
5925 }
5928 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
5929 {
5930 struct i802_bss *bss = priv;
5931 struct wpa_driver_nl80211_data *drv = bss->drv;
5932 struct nl_msg *msg;
5933 struct nl80211_sta_flag_update upd;
5935 msg = nlmsg_alloc();
5936 if (!msg)
5937 return -ENOMEM;
5939 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
5941 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
5942 if_nametoindex(bss->ifname));
5943 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
5945 os_memset(&upd, 0, sizeof(upd));
5946 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
5947 if (authorized)
5948 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
5949 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
5951 return send_and_recv_msgs(drv, msg, NULL, NULL);
5952 nla_put_failure:
5953 return -ENOBUFS;
5954 }
5957 /* Set kernel driver on given frequency (MHz) */
5958 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
5959 {
5960 struct i802_bss *bss = priv;
5961 struct wpa_driver_nl80211_data *drv = bss->drv;
5962 return wpa_driver_nl80211_set_freq(drv, freq->freq, freq->ht_enabled,
5963 freq->sec_channel_offset);
5964 }
5967 #if defined(HOSTAPD) || defined(CONFIG_AP)
5969 static inline int min_int(int a, int b)
5970 {
5971 if (a < b)
5972 return a;
5973 return b;
5974 }
5977 static int get_key_handler(struct nl_msg *msg, void *arg)
5978 {
5979 struct nlattr *tb[NL80211_ATTR_MAX + 1];
5980 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
5982 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
5983 genlmsg_attrlen(gnlh, 0), NULL);
5985 /*
5986 * TODO: validate the key index and mac address!
5987 * Otherwise, there's a race condition as soon as
5988 * the kernel starts sending key notifications.
5989 */
5991 if (tb[NL80211_ATTR_KEY_SEQ])
5992 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
5993 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
5994 return NL_SKIP;
5995 }
5998 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
5999 int idx, u8 *seq)
6000 {
6001 struct i802_bss *bss = priv;
6002 struct wpa_driver_nl80211_data *drv = bss->drv;
6003 struct nl_msg *msg;
6005 msg = nlmsg_alloc();
6006 if (!msg)
6007 return -ENOMEM;
6009 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY);
6011 if (addr)
6012 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
6013 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
6014 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
6016 memset(seq, 0, 6);
6018 return send_and_recv_msgs(drv, msg, get_key_handler, seq);
6019 nla_put_failure:
6020 return -ENOBUFS;
6021 }
6024 static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates,
6025 int mode)
6026 {
6027 struct i802_bss *bss = priv;
6028 struct wpa_driver_nl80211_data *drv = bss->drv;
6029 struct nl_msg *msg;
6030 u8 rates[NL80211_MAX_SUPP_RATES];
6031 u8 rates_len = 0;
6032 int i;
6034 msg = nlmsg_alloc();
6035 if (!msg)
6036 return -ENOMEM;
6038 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS);
6040 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++)
6041 rates[rates_len++] = basic_rates[i] / 5;
6043 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
6045 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
6047 return send_and_recv_msgs(drv, msg, NULL, NULL);
6048 nla_put_failure:
6049 return -ENOBUFS;
6050 }
6053 static int i802_set_rts(void *priv, int rts)
6054 {
6055 struct i802_bss *bss = priv;
6056 struct wpa_driver_nl80211_data *drv = bss->drv;
6057 struct nl_msg *msg;
6058 int ret = -ENOBUFS;
6059 u32 val;
6061 msg = nlmsg_alloc();
6062 if (!msg)
6063 return -ENOMEM;
6065 if (rts >= 2347)
6066 val = (u32) -1;
6067 else
6068 val = rts;
6070 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
6071 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6072 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val);
6074 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6075 if (!ret)
6076 return 0;
6077 nla_put_failure:
6078 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
6079 "%d (%s)", rts, ret, strerror(-ret));
6080 return ret;
6081 }
6084 static int i802_set_frag(void *priv, int frag)
6085 {
6086 struct i802_bss *bss = priv;
6087 struct wpa_driver_nl80211_data *drv = bss->drv;
6088 struct nl_msg *msg;
6089 int ret = -ENOBUFS;
6090 u32 val;
6092 msg = nlmsg_alloc();
6093 if (!msg)
6094 return -ENOMEM;
6096 if (frag >= 2346)
6097 val = (u32) -1;
6098 else
6099 val = frag;
6101 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
6102 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6103 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val);
6105 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6106 if (!ret)
6107 return 0;
6108 nla_put_failure:
6109 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
6110 "%d: %d (%s)", frag, ret, strerror(-ret));
6111 return ret;
6112 }
6115 static int i802_flush(void *priv)
6116 {
6117 struct i802_bss *bss = priv;
6118 struct wpa_driver_nl80211_data *drv = bss->drv;
6119 struct nl_msg *msg;
6121 msg = nlmsg_alloc();
6122 if (!msg)
6123 return -1;
6125 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION);
6127 /*
6128 * XXX: FIX! this needs to flush all VLANs too
6129 */
6130 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
6131 if_nametoindex(bss->ifname));
6133 return send_and_recv_msgs(drv, msg, NULL, NULL);
6134 nla_put_failure:
6135 return -ENOBUFS;
6136 }
6139 static int get_sta_handler(struct nl_msg *msg, void *arg)
6140 {
6141 struct nlattr *tb[NL80211_ATTR_MAX + 1];
6142 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6143 struct hostap_sta_driver_data *data = arg;
6144 struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
6145 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
6146 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
6147 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
6148 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
6149 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
6150 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
6151 };
6153 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6154 genlmsg_attrlen(gnlh, 0), NULL);
6156 /*
6157 * TODO: validate the interface and mac address!
6158 * Otherwise, there's a race condition as soon as
6159 * the kernel starts sending station notifications.
6160 */
6162 if (!tb[NL80211_ATTR_STA_INFO]) {
6163 wpa_printf(MSG_DEBUG, "sta stats missing!");
6164 return NL_SKIP;
6165 }
6166 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
6167 tb[NL80211_ATTR_STA_INFO],
6168 stats_policy)) {
6169 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
6170 return NL_SKIP;
6171 }
6173 if (stats[NL80211_STA_INFO_INACTIVE_TIME])
6174 data->inactive_msec =
6175 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
6176 if (stats[NL80211_STA_INFO_RX_BYTES])
6177 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
6178 if (stats[NL80211_STA_INFO_TX_BYTES])
6179 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
6180 if (stats[NL80211_STA_INFO_RX_PACKETS])
6181 data->rx_packets =
6182 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
6183 if (stats[NL80211_STA_INFO_TX_PACKETS])
6184 data->tx_packets =
6185 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
6187 return NL_SKIP;
6188 }
6190 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
6191 const u8 *addr)
6192 {
6193 struct i802_bss *bss = priv;
6194 struct wpa_driver_nl80211_data *drv = bss->drv;
6195 struct nl_msg *msg;
6197 os_memset(data, 0, sizeof(*data));
6198 msg = nlmsg_alloc();
6199 if (!msg)
6200 return -ENOMEM;
6202 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION);
6204 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
6205 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
6207 return send_and_recv_msgs(drv, msg, get_sta_handler, data);
6208 nla_put_failure:
6209 return -ENOBUFS;
6210 }
6213 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
6214 int cw_min, int cw_max, int burst_time)
6215 {
6216 struct i802_bss *bss = priv;
6217 struct wpa_driver_nl80211_data *drv = bss->drv;
6218 struct nl_msg *msg;
6219 struct nlattr *txq, *params;
6221 msg = nlmsg_alloc();
6222 if (!msg)
6223 return -1;
6225 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
6227 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
6229 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
6230 if (!txq)
6231 goto nla_put_failure;
6233 /* We are only sending parameters for a single TXQ at a time */
6234 params = nla_nest_start(msg, 1);
6235 if (!params)
6236 goto nla_put_failure;
6238 switch (queue) {
6239 case 0:
6240 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO);
6241 break;
6242 case 1:
6243 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI);
6244 break;
6245 case 2:
6246 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE);
6247 break;
6248 case 3:
6249 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK);
6250 break;
6251 }
6252 /* Burst time is configured in units of 0.1 msec and TXOP parameter in
6253 * 32 usec, so need to convert the value here. */
6254 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
6255 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
6256 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
6257 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
6259 nla_nest_end(msg, params);
6261 nla_nest_end(msg, txq);
6263 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
6264 return 0;
6265 nla_put_failure:
6266 return -1;
6267 }
6270 static int i802_set_sta_vlan(void *priv, const u8 *addr,
6271 const char *ifname, int vlan_id)
6272 {
6273 struct i802_bss *bss = priv;
6274 struct wpa_driver_nl80211_data *drv = bss->drv;
6275 struct nl_msg *msg;
6276 int ret = -ENOBUFS;
6278 msg = nlmsg_alloc();
6279 if (!msg)
6280 return -ENOMEM;
6282 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
6284 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
6285 if_nametoindex(bss->ifname));
6286 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
6287 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN,
6288 if_nametoindex(ifname));
6290 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6291 if (ret < 0) {
6292 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
6293 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
6294 MAC2STR(addr), ifname, vlan_id, ret,
6295 strerror(-ret));
6296 }
6297 nla_put_failure:
6298 return ret;
6299 }
6302 static int i802_get_inact_sec(void *priv, const u8 *addr)
6303 {
6304 struct hostap_sta_driver_data data;
6305 int ret;
6307 data.inactive_msec = (unsigned long) -1;
6308 ret = i802_read_sta_data(priv, &data, addr);
6309 if (ret || data.inactive_msec == (unsigned long) -1)
6310 return -1;
6311 return data.inactive_msec / 1000;
6312 }
6315 static int i802_sta_clear_stats(void *priv, const u8 *addr)
6316 {
6317 #if 0
6318 /* TODO */
6319 #endif
6320 return 0;
6321 }
6324 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
6325 int reason)
6326 {
6327 struct i802_bss *bss = priv;
6328 struct ieee80211_mgmt mgmt;
6330 memset(&mgmt, 0, sizeof(mgmt));
6331 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
6332 WLAN_FC_STYPE_DEAUTH);
6333 memcpy(mgmt.da, addr, ETH_ALEN);
6334 memcpy(mgmt.sa, own_addr, ETH_ALEN);
6335 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
6336 mgmt.u.deauth.reason_code = host_to_le16(reason);
6337 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
6338 IEEE80211_HDRLEN +
6339 sizeof(mgmt.u.deauth), 0);
6340 }
6343 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
6344 int reason)
6345 {
6346 struct i802_bss *bss = priv;
6347 struct ieee80211_mgmt mgmt;
6349 memset(&mgmt, 0, sizeof(mgmt));
6350 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
6351 WLAN_FC_STYPE_DISASSOC);
6352 memcpy(mgmt.da, addr, ETH_ALEN);
6353 memcpy(mgmt.sa, own_addr, ETH_ALEN);
6354 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
6355 mgmt.u.disassoc.reason_code = host_to_le16(reason);
6356 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
6357 IEEE80211_HDRLEN +
6358 sizeof(mgmt.u.disassoc), 0);
6359 }
6361 #endif /* HOSTAPD || CONFIG_AP */
6363 #ifdef HOSTAPD
6365 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
6366 {
6367 int i;
6368 int *old;
6370 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d",
6371 ifidx);
6372 for (i = 0; i < drv->num_if_indices; i++) {
6373 if (drv->if_indices[i] == 0) {
6374 drv->if_indices[i] = ifidx;
6375 return;
6376 }
6377 }
6379 if (drv->if_indices != drv->default_if_indices)
6380 old = drv->if_indices;
6381 else
6382 old = NULL;
6384 drv->if_indices = os_realloc(old,
6385 sizeof(int) * (drv->num_if_indices + 1));
6386 if (!drv->if_indices) {
6387 if (!old)
6388 drv->if_indices = drv->default_if_indices;
6389 else
6390 drv->if_indices = old;
6391 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
6392 "interfaces");
6393 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
6394 return;
6395 } else if (!old)
6396 os_memcpy(drv->if_indices, drv->default_if_indices,
6397 sizeof(drv->default_if_indices));
6398 drv->if_indices[drv->num_if_indices] = ifidx;
6399 drv->num_if_indices++;
6400 }
6403 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
6404 {
6405 int i;
6407 for (i = 0; i < drv->num_if_indices; i++) {
6408 if (drv->if_indices[i] == ifidx) {
6409 drv->if_indices[i] = 0;
6410 break;
6411 }
6412 }
6413 }
6416 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
6417 {
6418 int i;
6420 for (i = 0; i < drv->num_if_indices; i++)
6421 if (drv->if_indices[i] == ifidx)
6422 return 1;
6424 return 0;
6425 }
6428 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val,
6429 const char *bridge_ifname)
6430 {
6431 struct i802_bss *bss = priv;
6432 struct wpa_driver_nl80211_data *drv = bss->drv;
6433 char name[IFNAMSIZ + 1];
6435 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
6436 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
6437 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
6438 if (val) {
6439 if (!if_nametoindex(name)) {
6440 if (nl80211_create_iface(drv, name,
6441 NL80211_IFTYPE_AP_VLAN,
6442 NULL, 1) < 0)
6443 return -1;
6444 if (bridge_ifname &&
6445 linux_br_add_if(drv->global->ioctl_sock,
6446 bridge_ifname, name) < 0)
6447 return -1;
6448 }
6449 linux_set_iface_flags(drv->global->ioctl_sock, name, 1);
6450 return i802_set_sta_vlan(priv, addr, name, 0);
6451 } else {
6452 i802_set_sta_vlan(priv, addr, bss->ifname, 0);
6453 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN,
6454 name);
6455 }
6456 }
6459 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
6460 {
6461 struct wpa_driver_nl80211_data *drv = eloop_ctx;
6462 struct sockaddr_ll lladdr;
6463 unsigned char buf[3000];
6464 int len;
6465 socklen_t fromlen = sizeof(lladdr);
6467 len = recvfrom(sock, buf, sizeof(buf), 0,
6468 (struct sockaddr *)&lladdr, &fromlen);
6469 if (len < 0) {
6470 perror("recv");
6471 return;
6472 }
6474 if (have_ifidx(drv, lladdr.sll_ifindex))
6475 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
6476 }
6479 static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
6480 struct i802_bss *bss,
6481 const char *brname, const char *ifname)
6482 {
6483 int ifindex;
6484 char in_br[IFNAMSIZ];
6486 os_strlcpy(bss->brname, brname, IFNAMSIZ);
6487 ifindex = if_nametoindex(brname);
6488 if (ifindex == 0) {
6489 /*
6490 * Bridge was configured, but the bridge device does
6491 * not exist. Try to add it now.
6492 */
6493 if (linux_br_add(drv->global->ioctl_sock, brname) < 0) {
6494 wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
6495 "bridge interface %s: %s",
6496 brname, strerror(errno));
6497 return -1;
6498 }
6499 bss->added_bridge = 1;
6500 add_ifidx(drv, if_nametoindex(brname));
6501 }
6503 if (linux_br_get(in_br, ifname) == 0) {
6504 if (os_strcmp(in_br, brname) == 0)
6505 return 0; /* already in the bridge */
6507 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
6508 "bridge %s", ifname, in_br);
6509 if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) <
6510 0) {
6511 wpa_printf(MSG_ERROR, "nl80211: Failed to "
6512 "remove interface %s from bridge "
6513 "%s: %s",
6514 ifname, brname, strerror(errno));
6515 return -1;
6516 }
6517 }
6519 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
6520 ifname, brname);
6521 if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) {
6522 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s "
6523 "into bridge %s: %s",
6524 ifname, brname, strerror(errno));
6525 return -1;
6526 }
6527 bss->added_if_into_bridge = 1;
6529 return 0;
6530 }
6533 static void *i802_init(struct hostapd_data *hapd,
6534 struct wpa_init_params *params)
6535 {
6536 struct wpa_driver_nl80211_data *drv;
6537 struct i802_bss *bss;
6538 size_t i;
6539 char brname[IFNAMSIZ];
6540 int ifindex, br_ifindex;
6541 int br_added = 0;
6543 bss = wpa_driver_nl80211_init(hapd, params->ifname,
6544 params->global_priv);
6545 if (bss == NULL)
6546 return NULL;
6548 drv = bss->drv;
6549 drv->nlmode = NL80211_IFTYPE_AP;
6550 drv->eapol_sock = -1;
6552 if (linux_br_get(brname, params->ifname) == 0) {
6553 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
6554 params->ifname, brname);
6555 br_ifindex = if_nametoindex(brname);
6556 } else {
6557 brname[0] = '\0';
6558 br_ifindex = 0;
6559 }
6561 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
6562 drv->if_indices = drv->default_if_indices;
6563 for (i = 0; i < params->num_bridge; i++) {
6564 if (params->bridge[i]) {
6565 ifindex = if_nametoindex(params->bridge[i]);
6566 if (ifindex)
6567 add_ifidx(drv, ifindex);
6568 if (ifindex == br_ifindex)
6569 br_added = 1;
6570 }
6571 }
6572 if (!br_added && br_ifindex &&
6573 (params->num_bridge == 0 || !params->bridge[0]))
6574 add_ifidx(drv, br_ifindex);
6576 /* start listening for EAPOL on the default AP interface */
6577 add_ifidx(drv, drv->ifindex);
6579 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0))
6580 goto failed;
6582 if (params->bssid) {
6583 if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
6584 params->bssid))
6585 goto failed;
6586 }
6588 if (wpa_driver_nl80211_set_mode(bss, drv->nlmode)) {
6589 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s "
6590 "into AP mode", bss->ifname);
6591 goto failed;
6592 }
6594 if (params->num_bridge && params->bridge[0] &&
6595 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0)
6596 goto failed;
6598 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1))
6599 goto failed;
6601 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
6602 if (drv->eapol_sock < 0) {
6603 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
6604 goto failed;
6605 }
6607 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
6608 {
6609 printf("Could not register read socket for eapol\n");
6610 goto failed;
6611 }
6613 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
6614 params->own_addr))
6615 goto failed;
6617 return bss;
6619 failed:
6620 wpa_driver_nl80211_deinit(bss);
6621 return NULL;
6622 }
6625 static void i802_deinit(void *priv)
6626 {
6627 wpa_driver_nl80211_deinit(priv);
6628 }
6630 #endif /* HOSTAPD */
6633 static enum nl80211_iftype wpa_driver_nl80211_if_type(
6634 enum wpa_driver_if_type type)
6635 {
6636 switch (type) {
6637 case WPA_IF_STATION:
6638 return NL80211_IFTYPE_STATION;
6639 case WPA_IF_P2P_CLIENT:
6640 case WPA_IF_P2P_GROUP:
6641 return NL80211_IFTYPE_P2P_CLIENT;
6642 case WPA_IF_AP_VLAN:
6643 return NL80211_IFTYPE_AP_VLAN;
6644 case WPA_IF_AP_BSS:
6645 return NL80211_IFTYPE_AP;
6646 case WPA_IF_P2P_GO:
6647 return NL80211_IFTYPE_P2P_GO;
6648 }
6649 return -1;
6650 }
6653 #ifdef CONFIG_P2P
6655 static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
6656 {
6657 struct wpa_driver_nl80211_data *drv;
6658 dl_list_for_each(drv, &global->interfaces,
6659 struct wpa_driver_nl80211_data, list) {
6660 if (os_memcmp(addr, drv->addr, ETH_ALEN) == 0)
6661 return 1;
6662 }
6663 return 0;
6664 }
6667 static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv,
6668 u8 *new_addr)
6669 {
6670 unsigned int idx;
6672 if (!drv->global)
6673 return -1;
6675 os_memcpy(new_addr, drv->addr, ETH_ALEN);
6676 for (idx = 0; idx < 64; idx++) {
6677 new_addr[0] = drv->addr[0] | 0x02;
6678 new_addr[0] ^= idx << 2;
6679 if (!nl80211_addr_in_use(drv->global, new_addr))
6680 break;
6681 }
6682 if (idx == 64)
6683 return -1;
6685 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address "
6686 MACSTR, MAC2STR(new_addr));
6688 return 0;
6689 }
6691 #endif /* CONFIG_P2P */
6694 static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
6695 const char *ifname, const u8 *addr,
6696 void *bss_ctx, void **drv_priv,
6697 char *force_ifname, u8 *if_addr,
6698 const char *bridge)
6699 {
6700 struct i802_bss *bss = priv;
6701 struct wpa_driver_nl80211_data *drv = bss->drv;
6702 int ifidx;
6703 #ifdef HOSTAPD
6704 struct i802_bss *new_bss = NULL;
6706 if (type == WPA_IF_AP_BSS) {
6707 new_bss = os_zalloc(sizeof(*new_bss));
6708 if (new_bss == NULL)
6709 return -1;
6710 }
6711 #endif /* HOSTAPD */
6713 if (addr)
6714 os_memcpy(if_addr, addr, ETH_ALEN);
6715 ifidx = nl80211_create_iface(drv, ifname,
6716 wpa_driver_nl80211_if_type(type), addr,
6717 0);
6718 if (ifidx < 0) {
6719 #ifdef HOSTAPD
6720 os_free(new_bss);
6721 #endif /* HOSTAPD */
6722 return -1;
6723 }
6725 if (!addr &&
6726 linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
6727 if_addr) < 0) {
6728 nl80211_remove_iface(drv, ifidx);
6729 return -1;
6730 }
6732 #ifdef CONFIG_P2P
6733 if (!addr &&
6734 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP ||
6735 type == WPA_IF_P2P_GO)) {
6736 /* Enforce unique P2P Interface Address */
6737 u8 new_addr[ETH_ALEN], own_addr[ETH_ALEN];
6739 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
6740 own_addr) < 0 ||
6741 linux_get_ifhwaddr(drv->global->ioctl_sock, ifname,
6742 new_addr) < 0) {
6743 nl80211_remove_iface(drv, ifidx);
6744 return -1;
6745 }
6746 if (os_memcmp(own_addr, new_addr, ETH_ALEN) == 0) {
6747 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address "
6748 "for P2P group interface");
6749 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) {
6750 nl80211_remove_iface(drv, ifidx);
6751 return -1;
6752 }
6753 if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
6754 new_addr) < 0) {
6755 nl80211_remove_iface(drv, ifidx);
6756 return -1;
6757 }
6758 }
6759 os_memcpy(if_addr, new_addr, ETH_ALEN);
6760 }
6761 #endif /* CONFIG_P2P */
6763 #ifdef HOSTAPD
6764 if (bridge &&
6765 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) {
6766 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new "
6767 "interface %s to a bridge %s", ifname, bridge);
6768 nl80211_remove_iface(drv, ifidx);
6769 os_free(new_bss);
6770 return -1;
6771 }
6773 if (type == WPA_IF_AP_BSS) {
6774 if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1))
6775 {
6776 nl80211_remove_iface(drv, ifidx);
6777 os_free(new_bss);
6778 return -1;
6779 }
6780 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
6781 new_bss->ifindex = ifidx;
6782 new_bss->drv = drv;
6783 new_bss->next = drv->first_bss.next;
6784 drv->first_bss.next = new_bss;
6785 if (drv_priv)
6786 *drv_priv = new_bss;
6787 }
6788 #endif /* HOSTAPD */
6790 if (drv->global)
6791 drv->global->if_add_ifindex = ifidx;
6793 return 0;
6794 }
6797 static int wpa_driver_nl80211_if_remove(void *priv,
6798 enum wpa_driver_if_type type,
6799 const char *ifname)
6800 {
6801 struct i802_bss *bss = priv;
6802 struct wpa_driver_nl80211_data *drv = bss->drv;
6803 int ifindex = if_nametoindex(ifname);
6805 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d",
6806 __func__, type, ifname, ifindex);
6807 if (ifindex <= 0)
6808 return -1;
6810 #ifdef HOSTAPD
6811 if (bss->added_if_into_bridge) {
6812 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
6813 bss->ifname) < 0)
6814 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
6815 "interface %s from bridge %s: %s",
6816 bss->ifname, bss->brname, strerror(errno));
6817 }
6818 if (bss->added_bridge) {
6819 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
6820 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
6821 "bridge %s: %s",
6822 bss->brname, strerror(errno));
6823 }
6824 #endif /* HOSTAPD */
6826 nl80211_remove_iface(drv, ifindex);
6828 #ifdef HOSTAPD
6829 if (type != WPA_IF_AP_BSS)
6830 return 0;
6832 if (bss != &drv->first_bss) {
6833 struct i802_bss *tbss;
6835 for (tbss = &drv->first_bss; tbss; tbss = tbss->next) {
6836 if (tbss->next == bss) {
6837 tbss->next = bss->next;
6838 os_free(bss);
6839 bss = NULL;
6840 break;
6841 }
6842 }
6843 if (bss)
6844 wpa_printf(MSG_INFO, "nl80211: %s - could not find "
6845 "BSS %p in the list", __func__, bss);
6846 }
6847 #endif /* HOSTAPD */
6849 return 0;
6850 }
6853 static int cookie_handler(struct nl_msg *msg, void *arg)
6854 {
6855 struct nlattr *tb[NL80211_ATTR_MAX + 1];
6856 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6857 u64 *cookie = arg;
6858 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6859 genlmsg_attrlen(gnlh, 0), NULL);
6860 if (tb[NL80211_ATTR_COOKIE])
6861 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
6862 return NL_SKIP;
6863 }
6866 static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv,
6867 unsigned int freq, unsigned int wait,
6868 const u8 *buf, size_t buf_len,
6869 u64 *cookie_out, int no_cck, int no_ack)
6870 {
6871 struct nl_msg *msg;
6872 u64 cookie;
6873 int ret = -1;
6875 msg = nlmsg_alloc();
6876 if (!msg)
6877 return -1;
6879 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME);
6881 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6882 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
6883 if (wait)
6884 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait);
6885 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
6886 if (no_cck)
6887 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE);
6888 if (no_ack)
6889 NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK);
6891 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf);
6893 cookie = 0;
6894 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
6895 msg = NULL;
6896 if (ret) {
6897 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d "
6898 "(%s) (freq=%u wait=%u)", ret, strerror(-ret),
6899 freq, wait);
6900 goto nla_put_failure;
6901 }
6902 wpa_printf(MSG_DEBUG, "nl80211: Frame TX command accepted%s; "
6903 "cookie 0x%llx", no_ack ? " (no ACK)" : "",
6904 (long long unsigned int) cookie);
6906 if (cookie_out)
6907 *cookie_out = no_ack ? (u64) -1 : cookie;
6909 nla_put_failure:
6910 nlmsg_free(msg);
6911 return ret;
6912 }
6915 static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq,
6916 unsigned int wait_time,
6917 const u8 *dst, const u8 *src,
6918 const u8 *bssid,
6919 const u8 *data, size_t data_len,
6920 int no_cck)
6921 {
6922 struct i802_bss *bss = priv;
6923 struct wpa_driver_nl80211_data *drv = bss->drv;
6924 int ret = -1;
6925 u8 *buf;
6926 struct ieee80211_hdr *hdr;
6928 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
6929 "wait=%d ms no_cck=%d)", drv->ifindex, wait_time, no_cck);
6931 buf = os_zalloc(24 + data_len);
6932 if (buf == NULL)
6933 return ret;
6934 os_memcpy(buf + 24, data, data_len);
6935 hdr = (struct ieee80211_hdr *) buf;
6936 hdr->frame_control =
6937 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
6938 os_memcpy(hdr->addr1, dst, ETH_ALEN);
6939 os_memcpy(hdr->addr2, src, ETH_ALEN);
6940 os_memcpy(hdr->addr3, bssid, ETH_ALEN);
6942 if (is_ap_interface(drv->nlmode))
6943 ret = wpa_driver_nl80211_send_mlme(priv, buf, 24 + data_len,
6944 0);
6945 else
6946 ret = nl80211_send_frame_cmd(drv, freq, wait_time, buf,
6947 24 + data_len,
6948 &drv->send_action_cookie,
6949 no_cck, 0);
6951 os_free(buf);
6952 return ret;
6953 }
6956 static void wpa_driver_nl80211_send_action_cancel_wait(void *priv)
6957 {
6958 struct i802_bss *bss = priv;
6959 struct wpa_driver_nl80211_data *drv = bss->drv;
6960 struct nl_msg *msg;
6961 int ret;
6963 msg = nlmsg_alloc();
6964 if (!msg)
6965 return;
6967 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL);
6969 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6970 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie);
6972 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6973 msg = NULL;
6974 if (ret)
6975 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d "
6976 "(%s)", ret, strerror(-ret));
6978 nla_put_failure:
6979 nlmsg_free(msg);
6980 }
6983 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
6984 unsigned int duration)
6985 {
6986 struct i802_bss *bss = priv;
6987 struct wpa_driver_nl80211_data *drv = bss->drv;
6988 struct nl_msg *msg;
6989 int ret;
6990 u64 cookie;
6992 msg = nlmsg_alloc();
6993 if (!msg)
6994 return -1;
6996 nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL);
6998 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6999 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
7000 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
7002 cookie = 0;
7003 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
7004 if (ret == 0) {
7005 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
7006 "0x%llx for freq=%u MHz duration=%u",
7007 (long long unsigned int) cookie, freq, duration);
7008 drv->remain_on_chan_cookie = cookie;
7009 drv->pending_remain_on_chan = 1;
7010 return 0;
7011 }
7012 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
7013 "(freq=%d duration=%u): %d (%s)",
7014 freq, duration, ret, strerror(-ret));
7015 nla_put_failure:
7016 return -1;
7017 }
7020 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
7021 {
7022 struct i802_bss *bss = priv;
7023 struct wpa_driver_nl80211_data *drv = bss->drv;
7024 struct nl_msg *msg;
7025 int ret;
7027 if (!drv->pending_remain_on_chan) {
7028 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
7029 "to cancel");
7030 return -1;
7031 }
7033 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
7034 "0x%llx",
7035 (long long unsigned int) drv->remain_on_chan_cookie);
7037 msg = nlmsg_alloc();
7038 if (!msg)
7039 return -1;
7041 nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL);
7043 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7044 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie);
7046 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7047 if (ret == 0)
7048 return 0;
7049 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
7050 "%d (%s)", ret, strerror(-ret));
7051 nla_put_failure:
7052 return -1;
7053 }
7056 static int wpa_driver_nl80211_probe_req_report(void *priv, int report)
7057 {
7058 struct i802_bss *bss = priv;
7059 struct wpa_driver_nl80211_data *drv = bss->drv;
7061 if (!report) {
7062 if (bss->nl_preq.handle) {
7063 eloop_unregister_read_sock(
7064 nl_socket_get_fd(bss->nl_preq.handle));
7065 nl_destroy_handles(&bss->nl_preq);
7066 }
7067 return 0;
7068 }
7070 if (bss->nl_preq.handle) {
7071 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting "
7072 "already on!");
7073 return 0;
7074 }
7076 if (nl_create_handles(&bss->nl_preq, drv->global->nl_cb, "preq"))
7077 return -1;
7079 if (nl80211_register_frame(drv, bss->nl_preq.handle,
7080 (WLAN_FC_TYPE_MGMT << 2) |
7081 (WLAN_FC_STYPE_PROBE_REQ << 4),
7082 NULL, 0) < 0)
7083 goto out_err;
7085 eloop_register_read_sock(nl_socket_get_fd(bss->nl_preq.handle),
7086 wpa_driver_nl80211_event_receive, drv,
7087 bss->nl_preq.handle);
7089 return 0;
7091 out_err:
7092 nl_destroy_handles(&bss->nl_preq);
7093 return -1;
7094 }
7097 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
7098 int ifindex, int disabled)
7099 {
7100 struct nl_msg *msg;
7101 struct nlattr *bands, *band;
7102 int ret;
7104 msg = nlmsg_alloc();
7105 if (!msg)
7106 return -1;
7108 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK);
7109 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
7111 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
7112 if (!bands)
7113 goto nla_put_failure;
7115 /*
7116 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
7117 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
7118 * rates. All 5 GHz rates are left enabled.
7119 */
7120 band = nla_nest_start(msg, NL80211_BAND_2GHZ);
7121 if (!band)
7122 goto nla_put_failure;
7123 if (disabled) {
7124 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8,
7125 "\x0c\x12\x18\x24\x30\x48\x60\x6c");
7126 }
7127 nla_nest_end(msg, band);
7129 nla_nest_end(msg, bands);
7131 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7132 msg = NULL;
7133 if (ret) {
7134 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
7135 "(%s)", ret, strerror(-ret));
7136 }
7138 return ret;
7140 nla_put_failure:
7141 nlmsg_free(msg);
7142 return -1;
7143 }
7146 static int wpa_driver_nl80211_deinit_ap(void *priv)
7147 {
7148 struct i802_bss *bss = priv;
7149 struct wpa_driver_nl80211_data *drv = bss->drv;
7150 if (!is_ap_interface(drv->nlmode))
7151 return -1;
7152 wpa_driver_nl80211_del_beacon(drv);
7153 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
7154 }
7157 static void wpa_driver_nl80211_resume(void *priv)
7158 {
7159 struct i802_bss *bss = priv;
7160 struct wpa_driver_nl80211_data *drv = bss->drv;
7161 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) {
7162 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on "
7163 "resume event");
7164 }
7165 }
7168 static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap,
7169 const u8 *ies, size_t ies_len)
7170 {
7171 struct i802_bss *bss = priv;
7172 struct wpa_driver_nl80211_data *drv = bss->drv;
7173 int ret;
7174 u8 *data, *pos;
7175 size_t data_len;
7176 u8 own_addr[ETH_ALEN];
7178 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
7179 own_addr) < 0)
7180 return -1;
7182 if (action != 1) {
7183 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action "
7184 "action %d", action);
7185 return -1;
7186 }
7188 /*
7189 * Action frame payload:
7190 * Category[1] = 6 (Fast BSS Transition)
7191 * Action[1] = 1 (Fast BSS Transition Request)
7192 * STA Address
7193 * Target AP Address
7194 * FT IEs
7195 */
7197 data_len = 2 + 2 * ETH_ALEN + ies_len;
7198 data = os_malloc(data_len);
7199 if (data == NULL)
7200 return -1;
7201 pos = data;
7202 *pos++ = 0x06; /* FT Action category */
7203 *pos++ = action;
7204 os_memcpy(pos, own_addr, ETH_ALEN);
7205 pos += ETH_ALEN;
7206 os_memcpy(pos, target_ap, ETH_ALEN);
7207 pos += ETH_ALEN;
7208 os_memcpy(pos, ies, ies_len);
7210 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0,
7211 drv->bssid, own_addr, drv->bssid,
7212 data, data_len, 0);
7213 os_free(data);
7215 return ret;
7216 }
7219 static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
7220 {
7221 struct i802_bss *bss = priv;
7222 struct wpa_driver_nl80211_data *drv = bss->drv;
7223 struct nl_msg *msg, *cqm = NULL;
7225 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
7226 "hysteresis=%d", threshold, hysteresis);
7228 msg = nlmsg_alloc();
7229 if (!msg)
7230 return -1;
7232 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM);
7234 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
7236 cqm = nlmsg_alloc();
7237 if (cqm == NULL)
7238 return -1;
7240 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold);
7241 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis);
7242 nla_put_nested(msg, NL80211_ATTR_CQM, cqm);
7244 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
7245 return 0;
7246 msg = NULL;
7248 nla_put_failure:
7249 if (cqm)
7250 nlmsg_free(cqm);
7251 nlmsg_free(msg);
7252 return -1;
7253 }
7256 static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si)
7257 {
7258 struct i802_bss *bss = priv;
7259 struct wpa_driver_nl80211_data *drv = bss->drv;
7260 int res;
7262 os_memset(si, 0, sizeof(*si));
7263 res = nl80211_get_link_signal(drv, si);
7264 if (res != 0)
7265 return res;
7267 return nl80211_get_link_noise(drv, si);
7268 }
7271 static int wpa_driver_nl80211_shared_freq(void *priv)
7272 {
7273 struct i802_bss *bss = priv;
7274 struct wpa_driver_nl80211_data *drv = bss->drv;
7275 struct wpa_driver_nl80211_data *driver;
7276 int freq = 0;
7278 /*
7279 * If the same PHY is in connected state with some other interface,
7280 * then retrieve the assoc freq.
7281 */
7282 wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s",
7283 drv->phyname);
7285 dl_list_for_each(driver, &drv->global->interfaces,
7286 struct wpa_driver_nl80211_data, list) {
7287 if (drv == driver ||
7288 os_strcmp(drv->phyname, driver->phyname) != 0 ||
7289 !driver->associated)
7290 continue;
7292 wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s "
7293 MACSTR,
7294 driver->phyname, driver->first_bss.ifname,
7295 MAC2STR(driver->addr));
7296 freq = nl80211_get_assoc_freq(driver);
7297 wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d",
7298 drv->phyname, freq);
7299 }
7301 if (!freq)
7302 wpa_printf(MSG_DEBUG, "nl80211: No shared interface for "
7303 "PHY (%s) in associated state", drv->phyname);
7305 return freq;
7306 }
7309 static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len,
7310 int encrypt)
7311 {
7312 struct i802_bss *bss = priv;
7313 struct wpa_driver_nl80211_data *drv = bss->drv;
7314 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt, 0);
7315 }
7318 static int nl80211_set_param(void *priv, const char *param)
7319 {
7320 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param);
7321 if (param == NULL)
7322 return 0;
7324 #ifdef CONFIG_P2P
7325 if (os_strstr(param, "use_p2p_group_interface=1")) {
7326 struct i802_bss *bss = priv;
7327 struct wpa_driver_nl80211_data *drv = bss->drv;
7329 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
7330 "interface");
7331 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
7332 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
7333 }
7334 #endif /* CONFIG_P2P */
7336 return 0;
7337 }
7340 static void * nl80211_global_init(void)
7341 {
7342 struct nl80211_global *global;
7343 struct netlink_config *cfg;
7345 global = os_zalloc(sizeof(*global));
7346 if (global == NULL)
7347 return NULL;
7348 global->ioctl_sock = -1;
7349 dl_list_init(&global->interfaces);
7350 global->if_add_ifindex = -1;
7352 cfg = os_zalloc(sizeof(*cfg));
7353 if (cfg == NULL)
7354 goto err;
7356 cfg->ctx = global;
7357 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
7358 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
7359 global->netlink = netlink_init(cfg);
7360 if (global->netlink == NULL) {
7361 os_free(cfg);
7362 goto err;
7363 }
7365 if (wpa_driver_nl80211_init_nl_global(global) < 0)
7366 goto err;
7368 global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
7369 if (global->ioctl_sock < 0) {
7370 perror("socket(PF_INET,SOCK_DGRAM)");
7371 goto err;
7372 }
7374 return global;
7376 err:
7377 nl80211_global_deinit(global);
7378 return NULL;
7379 }
7382 static void nl80211_global_deinit(void *priv)
7383 {
7384 struct nl80211_global *global = priv;
7385 if (global == NULL)
7386 return;
7387 if (!dl_list_empty(&global->interfaces)) {
7388 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at "
7389 "nl80211_global_deinit",
7390 dl_list_len(&global->interfaces));
7391 }
7393 if (global->netlink)
7394 netlink_deinit(global->netlink);
7396 nl_destroy_handles(&global->nl);
7398 if (global->nl_cb)
7399 nl_cb_put(global->nl_cb);
7401 if (global->ioctl_sock >= 0)
7402 close(global->ioctl_sock);
7404 os_free(global);
7405 }
7408 static const char * nl80211_get_radio_name(void *priv)
7409 {
7410 struct i802_bss *bss = priv;
7411 struct wpa_driver_nl80211_data *drv = bss->drv;
7412 return drv->phyname;
7413 }
7416 static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid,
7417 const u8 *pmkid)
7418 {
7419 struct nl_msg *msg;
7421 msg = nlmsg_alloc();
7422 if (!msg)
7423 return -ENOMEM;
7425 nl80211_cmd(bss->drv, msg, 0, cmd);
7427 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
7428 if (pmkid)
7429 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid);
7430 if (bssid)
7431 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
7433 return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
7434 nla_put_failure:
7435 return -ENOBUFS;
7436 }
7439 static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
7440 {
7441 struct i802_bss *bss = priv;
7442 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid));
7443 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid);
7444 }
7447 static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
7448 {
7449 struct i802_bss *bss = priv;
7450 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR,
7451 MAC2STR(bssid));
7452 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid);
7453 }
7456 static int nl80211_flush_pmkid(void *priv)
7457 {
7458 struct i802_bss *bss = priv;
7459 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs");
7460 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL);
7461 }
7464 static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck,
7465 const u8 *replay_ctr)
7466 {
7467 struct i802_bss *bss = priv;
7468 struct wpa_driver_nl80211_data *drv = bss->drv;
7469 struct nlattr *replay_nested;
7470 struct nl_msg *msg;
7472 msg = nlmsg_alloc();
7473 if (!msg)
7474 return;
7476 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
7478 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
7480 replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
7481 if (!replay_nested)
7482 goto nla_put_failure;
7484 NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek);
7485 NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck);
7486 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN,
7487 replay_ctr);
7489 nla_nest_end(msg, replay_nested);
7491 send_and_recv_msgs(drv, msg, NULL, NULL);
7492 return;
7493 nla_put_failure:
7494 nlmsg_free(msg);
7495 }
7498 static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr,
7499 const u8 *addr, int qos)
7500 {
7501 /* send data frame to poll STA and check whether
7502 * this frame is ACKed */
7503 struct {
7504 struct ieee80211_hdr hdr;
7505 u16 qos_ctl;
7506 } STRUCT_PACKED nulldata;
7507 size_t size;
7509 /* Send data frame to poll STA and check whether this frame is ACKed */
7511 os_memset(&nulldata, 0, sizeof(nulldata));
7513 if (qos) {
7514 nulldata.hdr.frame_control =
7515 IEEE80211_FC(WLAN_FC_TYPE_DATA,
7516 WLAN_FC_STYPE_QOS_NULL);
7517 size = sizeof(nulldata);
7518 } else {
7519 nulldata.hdr.frame_control =
7520 IEEE80211_FC(WLAN_FC_TYPE_DATA,
7521 WLAN_FC_STYPE_NULLFUNC);
7522 size = sizeof(struct ieee80211_hdr);
7523 }
7525 nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS);
7526 os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN);
7527 os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
7528 os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
7530 if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0) < 0)
7531 wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to "
7532 "send poll frame");
7533 }
7535 static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr,
7536 int qos)
7537 {
7538 struct i802_bss *bss = priv;
7539 struct wpa_driver_nl80211_data *drv = bss->drv;
7540 struct nl_msg *msg;
7542 if (!drv->poll_command_supported) {
7543 nl80211_send_null_frame(bss, own_addr, addr, qos);
7544 return;
7545 }
7547 msg = nlmsg_alloc();
7548 if (!msg)
7549 return;
7551 nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT);
7553 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
7554 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7556 send_and_recv_msgs(drv, msg, NULL, NULL);
7557 return;
7558 nla_put_failure:
7559 nlmsg_free(msg);
7560 }
7563 #ifdef CONFIG_TDLS
7565 static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code,
7566 u8 dialog_token, u16 status_code,
7567 const u8 *buf, size_t len)
7568 {
7569 struct i802_bss *bss = priv;
7570 struct wpa_driver_nl80211_data *drv = bss->drv;
7571 struct nl_msg *msg;
7573 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
7574 return -EOPNOTSUPP;
7576 if (!dst)
7577 return -EINVAL;
7579 msg = nlmsg_alloc();
7580 if (!msg)
7581 return -ENOMEM;
7583 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT);
7584 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7585 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
7586 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code);
7587 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token);
7588 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code);
7589 NLA_PUT(msg, NL80211_ATTR_IE, len, buf);
7591 return send_and_recv_msgs(drv, msg, NULL, NULL);
7593 nla_put_failure:
7594 nlmsg_free(msg);
7595 return -ENOBUFS;
7596 }
7599 static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer)
7600 {
7601 struct i802_bss *bss = priv;
7602 struct wpa_driver_nl80211_data *drv = bss->drv;
7603 struct nl_msg *msg;
7604 enum nl80211_tdls_operation nl80211_oper;
7606 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
7607 return -EOPNOTSUPP;
7609 switch (oper) {
7610 case TDLS_DISCOVERY_REQ:
7611 nl80211_oper = NL80211_TDLS_DISCOVERY_REQ;
7612 break;
7613 case TDLS_SETUP:
7614 nl80211_oper = NL80211_TDLS_SETUP;
7615 break;
7616 case TDLS_TEARDOWN:
7617 nl80211_oper = NL80211_TDLS_TEARDOWN;
7618 break;
7619 case TDLS_ENABLE_LINK:
7620 nl80211_oper = NL80211_TDLS_ENABLE_LINK;
7621 break;
7622 case TDLS_DISABLE_LINK:
7623 nl80211_oper = NL80211_TDLS_DISABLE_LINK;
7624 break;
7625 case TDLS_ENABLE:
7626 return 0;
7627 case TDLS_DISABLE:
7628 return 0;
7629 default:
7630 return -EINVAL;
7631 }
7633 msg = nlmsg_alloc();
7634 if (!msg)
7635 return -ENOMEM;
7637 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER);
7638 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper);
7639 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7640 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer);
7642 return send_and_recv_msgs(drv, msg, NULL, NULL);
7644 nla_put_failure:
7645 nlmsg_free(msg);
7646 return -ENOBUFS;
7647 }
7649 #endif /* CONFIG TDLS */
7652 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
7653 .name = "nl80211",
7654 .desc = "Linux nl80211/cfg80211",
7655 .get_bssid = wpa_driver_nl80211_get_bssid,
7656 .get_ssid = wpa_driver_nl80211_get_ssid,
7657 .set_key = wpa_driver_nl80211_set_key,
7658 .scan2 = wpa_driver_nl80211_scan,
7659 .sched_scan = wpa_driver_nl80211_sched_scan,
7660 .stop_sched_scan = wpa_driver_nl80211_stop_sched_scan,
7661 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
7662 .deauthenticate = wpa_driver_nl80211_deauthenticate,
7663 .disassociate = wpa_driver_nl80211_disassociate,
7664 .authenticate = wpa_driver_nl80211_authenticate,
7665 .associate = wpa_driver_nl80211_associate,
7666 .global_init = nl80211_global_init,
7667 .global_deinit = nl80211_global_deinit,
7668 .init2 = wpa_driver_nl80211_init,
7669 .deinit = wpa_driver_nl80211_deinit,
7670 .get_capa = wpa_driver_nl80211_get_capa,
7671 .set_operstate = wpa_driver_nl80211_set_operstate,
7672 .set_supp_port = wpa_driver_nl80211_set_supp_port,
7673 .set_country = wpa_driver_nl80211_set_country,
7674 .set_ap = wpa_driver_nl80211_set_ap,
7675 .if_add = wpa_driver_nl80211_if_add,
7676 .if_remove = wpa_driver_nl80211_if_remove,
7677 .send_mlme = wpa_driver_nl80211_send_mlme,
7678 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
7679 .sta_add = wpa_driver_nl80211_sta_add,
7680 .sta_remove = wpa_driver_nl80211_sta_remove,
7681 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
7682 .sta_set_flags = wpa_driver_nl80211_sta_set_flags,
7683 #ifdef HOSTAPD
7684 .hapd_init = i802_init,
7685 .hapd_deinit = i802_deinit,
7686 .set_wds_sta = i802_set_wds_sta,
7687 #endif /* HOSTAPD */
7688 #if defined(HOSTAPD) || defined(CONFIG_AP)
7689 .get_seqnum = i802_get_seqnum,
7690 .flush = i802_flush,
7691 .read_sta_data = i802_read_sta_data,
7692 .get_inact_sec = i802_get_inact_sec,
7693 .sta_clear_stats = i802_sta_clear_stats,
7694 .set_rts = i802_set_rts,
7695 .set_frag = i802_set_frag,
7696 .set_tx_queue_params = i802_set_tx_queue_params,
7697 .set_sta_vlan = i802_set_sta_vlan,
7698 .set_rate_sets = i802_set_rate_sets,
7699 .sta_deauth = i802_sta_deauth,
7700 .sta_disassoc = i802_sta_disassoc,
7701 #endif /* HOSTAPD || CONFIG_AP */
7702 .set_freq = i802_set_freq,
7703 .send_action = wpa_driver_nl80211_send_action,
7704 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait,
7705 .remain_on_channel = wpa_driver_nl80211_remain_on_channel,
7706 .cancel_remain_on_channel =
7707 wpa_driver_nl80211_cancel_remain_on_channel,
7708 .probe_req_report = wpa_driver_nl80211_probe_req_report,
7709 .deinit_ap = wpa_driver_nl80211_deinit_ap,
7710 .resume = wpa_driver_nl80211_resume,
7711 .send_ft_action = nl80211_send_ft_action,
7712 .signal_monitor = nl80211_signal_monitor,
7713 .signal_poll = nl80211_signal_poll,
7714 .send_frame = nl80211_send_frame,
7715 .shared_freq = wpa_driver_nl80211_shared_freq,
7716 .set_param = nl80211_set_param,
7717 .get_radio_name = nl80211_get_radio_name,
7718 .add_pmkid = nl80211_add_pmkid,
7719 .remove_pmkid = nl80211_remove_pmkid,
7720 .flush_pmkid = nl80211_flush_pmkid,
7721 .set_rekey_info = nl80211_set_rekey_info,
7722 .poll_client = nl80211_poll_client,
7723 #ifdef CONFIG_TDLS
7724 .send_tdls_mgmt = nl80211_send_tdls_mgmt,
7725 .tdls_oper = nl80211_tdls_oper,
7726 #endif /* CONFIG_TDLS */
7727 };