1 /*
2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009-2010, Atheros Communications
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 *
13 * Alternatively, this software may be distributed under the terms of BSD
14 * license.
15 *
16 * See README and COPYING for more details.
17 */
19 #include "includes.h"
20 #include <sys/ioctl.h>
21 #include <sys/types.h>
22 #include <sys/stat.h>
23 #include <fcntl.h>
24 #include <net/if.h>
25 #include <netlink/genl/genl.h>
26 #include <netlink/genl/family.h>
27 #include <netlink/genl/ctrl.h>
28 #include <linux/rtnetlink.h>
29 #include <netpacket/packet.h>
30 #include <linux/filter.h>
31 #include <linux/errqueue.h>
32 #include "nl80211_copy.h"
34 #include "common.h"
35 #include "eloop.h"
36 #include "utils/list.h"
37 #include "common/ieee802_11_defs.h"
38 #include "common/ieee802_11_common.h"
39 #include "l2_packet/l2_packet.h"
40 #include "netlink.h"
41 #include "linux_ioctl.h"
42 #include "radiotap.h"
43 #include "radiotap_iter.h"
44 #include "rfkill.h"
45 #include "driver.h"
47 #ifndef SO_WIFI_STATUS
48 # if defined(__sparc__)
49 # define SO_WIFI_STATUS 0x0025
50 # elif defined(__parisc__)
51 # define SO_WIFI_STATUS 0x4022
52 # else
53 # define SO_WIFI_STATUS 41
54 # endif
56 # define SCM_WIFI_STATUS SO_WIFI_STATUS
57 #endif
59 #ifndef SO_EE_ORIGIN_TXSTATUS
60 #define SO_EE_ORIGIN_TXSTATUS 4
61 #endif
63 #ifndef PACKET_TX_TIMESTAMP
64 #define PACKET_TX_TIMESTAMP 16
65 #endif
67 #ifdef ANDROID
68 #include "android_drv.h"
69 #endif /* ANDROID */
70 #ifdef CONFIG_LIBNL20
71 /* libnl 2.0 compatibility code */
72 #define nl_handle nl_sock
73 #define nl80211_handle_alloc nl_socket_alloc_cb
74 #define nl80211_handle_destroy nl_socket_free
75 #else
76 /*
77 * libnl 1.1 has a bug, it tries to allocate socket numbers densely
78 * but when you free a socket again it will mess up its bitmap and
79 * and use the wrong number the next time it needs a socket ID.
80 * Therefore, we wrap the handle alloc/destroy and add our own pid
81 * accounting.
82 */
83 static uint32_t port_bitmap[32] = { 0 };
85 static struct nl_handle *nl80211_handle_alloc(void *cb)
86 {
87 struct nl_handle *handle;
88 uint32_t pid = getpid() & 0x3FFFFF;
89 int i;
91 handle = nl_handle_alloc_cb(cb);
93 for (i = 0; i < 1024; i++) {
94 if (port_bitmap[i / 32] & (1 << (i % 32)))
95 continue;
96 port_bitmap[i / 32] |= 1 << (i % 32);
97 pid += i << 22;
98 break;
99 }
101 nl_socket_set_local_port(handle, pid);
103 return handle;
104 }
106 static void nl80211_handle_destroy(struct nl_handle *handle)
107 {
108 uint32_t port = nl_socket_get_local_port(handle);
110 port >>= 22;
111 port_bitmap[port / 32] &= ~(1 << (port % 32));
113 nl_handle_destroy(handle);
114 }
115 #endif /* CONFIG_LIBNL20 */
118 struct nl80211_handles {
119 struct nl_handle *handle;
120 };
123 static int nl_create_handles(struct nl80211_handles *handles, struct nl_cb *cb,
124 const char *dbg)
125 {
126 if (!handles)
127 return -1;
129 handles->handle = nl80211_handle_alloc(cb);
130 if (handles->handle == NULL) {
131 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
132 "callbacks (%s)", dbg);
133 return -1;
134 }
136 if (genl_connect(handles->handle)) {
137 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
138 "netlink (%s)", dbg);
139 goto err;
140 }
142 return 0;
143 err:
144 nl80211_handle_destroy(handles->handle);
145 return -1;
146 }
149 static void nl_destroy_handles(struct nl80211_handles *handles)
150 {
151 if (handles->handle == NULL)
152 return;
153 nl80211_handle_destroy(handles->handle);
154 handles->handle = NULL;
155 }
158 #ifndef IFF_LOWER_UP
159 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
160 #endif
161 #ifndef IFF_DORMANT
162 #define IFF_DORMANT 0x20000 /* driver signals dormant */
163 #endif
165 #ifndef IF_OPER_DORMANT
166 #define IF_OPER_DORMANT 5
167 #endif
168 #ifndef IF_OPER_UP
169 #define IF_OPER_UP 6
170 #endif
172 struct nl80211_global {
173 struct dl_list interfaces;
174 int if_add_ifindex;
175 struct netlink_data *netlink;
176 struct nl_cb *nl_cb;
177 struct nl80211_handles nl;
178 int nl80211_id;
179 int ioctl_sock; /* socket for ioctl() use */
180 };
182 struct nl80211_wiphy_data {
183 struct dl_list list;
184 struct dl_list bsss;
185 struct dl_list drvs;
187 struct nl80211_handles nl_beacons;
188 struct nl_cb *nl_cb;
190 int wiphy_idx;
191 };
193 static void nl80211_global_deinit(void *priv);
194 static void wpa_driver_nl80211_deinit(void *priv);
196 struct i802_bss {
197 struct wpa_driver_nl80211_data *drv;
198 struct i802_bss *next;
199 int ifindex;
200 char ifname[IFNAMSIZ + 1];
201 char brname[IFNAMSIZ];
202 unsigned int beacon_set:1;
203 unsigned int added_if_into_bridge:1;
204 unsigned int added_bridge:1;
206 int freq;
208 struct nl80211_handles nl_preq, nl_mgmt;
209 struct nl_cb *nl_cb;
211 struct nl80211_wiphy_data *wiphy_data;
212 struct dl_list wiphy_list;
213 };
215 struct wpa_driver_nl80211_data {
216 struct nl80211_global *global;
217 struct dl_list list;
218 struct dl_list wiphy_list;
219 u8 addr[ETH_ALEN];
220 char phyname[32];
221 void *ctx;
222 int ifindex;
223 int if_removed;
224 int if_disabled;
225 int ignore_if_down_event;
226 struct rfkill_data *rfkill;
227 struct wpa_driver_capa capa;
228 int has_capability;
230 int operstate;
232 int scan_complete_events;
234 struct nl80211_handles nl_event;
235 struct nl_cb *nl_cb;
237 u8 auth_bssid[ETH_ALEN];
238 u8 bssid[ETH_ALEN];
239 int associated;
240 u8 ssid[32];
241 size_t ssid_len;
242 enum nl80211_iftype nlmode;
243 enum nl80211_iftype ap_scan_as_station;
244 unsigned int assoc_freq;
246 int monitor_sock;
247 int monitor_ifidx;
248 int monitor_refcount;
250 unsigned int disabled_11b_rates:1;
251 unsigned int pending_remain_on_chan:1;
252 unsigned int in_interface_list:1;
253 unsigned int device_ap_sme:1;
254 unsigned int poll_command_supported:1;
255 unsigned int data_tx_status:1;
256 unsigned int scan_for_auth:1;
257 unsigned int retry_auth:1;
258 unsigned int use_monitor:1;
260 u64 remain_on_chan_cookie;
261 u64 send_action_cookie;
263 unsigned int last_mgmt_freq;
265 struct wpa_driver_scan_filter *filter_ssids;
266 size_t num_filter_ssids;
268 struct i802_bss first_bss;
270 int eapol_tx_sock;
272 #ifdef HOSTAPD
273 int eapol_sock; /* socket for EAPOL frames */
275 int default_if_indices[16];
276 int *if_indices;
277 int num_if_indices;
279 int last_freq;
280 int last_freq_ht;
281 #endif /* HOSTAPD */
283 /* From failed authentication command */
284 int auth_freq;
285 u8 auth_bssid_[ETH_ALEN];
286 u8 auth_ssid[32];
287 size_t auth_ssid_len;
288 int auth_alg;
289 u8 *auth_ie;
290 size_t auth_ie_len;
291 u8 auth_wep_key[4][16];
292 size_t auth_wep_key_len[4];
293 int auth_wep_tx_keyidx;
294 int auth_local_state_change;
295 int auth_p2p;
296 };
299 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
300 void *timeout_ctx);
301 static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
302 enum nl80211_iftype nlmode);
303 static int
304 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
305 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
306 const u8 *addr, int cmd, u16 reason_code,
307 int local_state_change);
308 static void nl80211_remove_monitor_interface(
309 struct wpa_driver_nl80211_data *drv);
310 static int nl80211_send_frame_cmd(struct i802_bss *bss,
311 unsigned int freq, unsigned int wait,
312 const u8 *buf, size_t buf_len, u64 *cookie,
313 int no_cck, int no_ack, int offchanok);
314 static int wpa_driver_nl80211_probe_req_report(void *priv, int report);
315 #ifdef ANDROID
316 static int android_pno_start(struct i802_bss *bss,
317 struct wpa_driver_scan_params *params);
318 static int android_pno_stop(struct i802_bss *bss);
319 #endif /* ANDROID */
321 #ifdef HOSTAPD
322 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
323 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
324 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
325 static int wpa_driver_nl80211_if_remove(void *priv,
326 enum wpa_driver_if_type type,
327 const char *ifname);
328 #else /* HOSTAPD */
329 static inline void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
330 {
331 }
333 static inline void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
334 {
335 }
337 static inline int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
338 {
339 return 0;
340 }
341 #endif /* HOSTAPD */
343 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq);
344 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
345 int ifindex, int disabled);
347 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv);
348 static int wpa_driver_nl80211_authenticate_retry(
349 struct wpa_driver_nl80211_data *drv);
352 static int is_ap_interface(enum nl80211_iftype nlmode)
353 {
354 return (nlmode == NL80211_IFTYPE_AP ||
355 nlmode == NL80211_IFTYPE_P2P_GO);
356 }
359 static int is_sta_interface(enum nl80211_iftype nlmode)
360 {
361 return (nlmode == NL80211_IFTYPE_STATION ||
362 nlmode == NL80211_IFTYPE_P2P_CLIENT);
363 }
366 static int is_p2p_interface(enum nl80211_iftype nlmode)
367 {
368 return (nlmode == NL80211_IFTYPE_P2P_CLIENT ||
369 nlmode == NL80211_IFTYPE_P2P_GO);
370 }
373 struct nl80211_bss_info_arg {
374 struct wpa_driver_nl80211_data *drv;
375 struct wpa_scan_results *res;
376 unsigned int assoc_freq;
377 u8 assoc_bssid[ETH_ALEN];
378 };
380 static int bss_info_handler(struct nl_msg *msg, void *arg);
383 /* nl80211 code */
384 static int ack_handler(struct nl_msg *msg, void *arg)
385 {
386 int *err = arg;
387 *err = 0;
388 return NL_STOP;
389 }
391 static int finish_handler(struct nl_msg *msg, void *arg)
392 {
393 int *ret = arg;
394 *ret = 0;
395 return NL_SKIP;
396 }
398 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
399 void *arg)
400 {
401 int *ret = arg;
402 *ret = err->error;
403 return NL_SKIP;
404 }
407 static int no_seq_check(struct nl_msg *msg, void *arg)
408 {
409 return NL_OK;
410 }
413 static int send_and_recv(struct wpa_driver_nl80211_data *drv,
414 struct nl_handle *nl_handle, struct nl_msg *msg,
415 int (*valid_handler)(struct nl_msg *, void *),
416 void *valid_data)
417 {
418 struct nl_cb *cb;
419 int err = -ENOMEM;
421 cb = nl_cb_clone(drv->global->nl_cb);
422 if (!cb)
423 goto out;
425 err = nl_send_auto_complete(nl_handle, msg);
426 if (err < 0)
427 goto out;
429 err = 1;
431 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
432 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
433 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
435 if (valid_handler)
436 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
437 valid_handler, valid_data);
439 while (err > 0)
440 nl_recvmsgs(nl_handle, cb);
441 out:
442 nl_cb_put(cb);
443 nlmsg_free(msg);
444 return err;
445 }
448 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
449 struct nl_msg *msg,
450 int (*valid_handler)(struct nl_msg *, void *),
451 void *valid_data)
452 {
453 return send_and_recv(drv, drv->global->nl.handle, msg, valid_handler,
454 valid_data);
455 }
458 struct family_data {
459 const char *group;
460 int id;
461 };
464 static int family_handler(struct nl_msg *msg, void *arg)
465 {
466 struct family_data *res = arg;
467 struct nlattr *tb[CTRL_ATTR_MAX + 1];
468 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
469 struct nlattr *mcgrp;
470 int i;
472 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
473 genlmsg_attrlen(gnlh, 0), NULL);
474 if (!tb[CTRL_ATTR_MCAST_GROUPS])
475 return NL_SKIP;
477 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
478 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
479 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
480 nla_len(mcgrp), NULL);
481 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
482 !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
483 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
484 res->group,
485 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
486 continue;
487 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
488 break;
489 };
491 return NL_SKIP;
492 }
495 static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv,
496 const char *family, const char *group)
497 {
498 struct nl_msg *msg;
499 int ret = -1;
500 struct family_data res = { group, -ENOENT };
502 msg = nlmsg_alloc();
503 if (!msg)
504 return -ENOMEM;
505 genlmsg_put(msg, 0, 0,
506 genl_ctrl_resolve(drv->global->nl.handle, "nlctrl"),
507 0, 0, CTRL_CMD_GETFAMILY, 0);
508 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
510 ret = send_and_recv_msgs(drv, msg, family_handler, &res);
511 msg = NULL;
512 if (ret == 0)
513 ret = res.id;
515 nla_put_failure:
516 nlmsg_free(msg);
517 return ret;
518 }
521 static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv,
522 struct nl_msg *msg, int flags, uint8_t cmd)
523 {
524 return genlmsg_put(msg, 0, 0, drv->global->nl80211_id,
525 0, flags, cmd, 0);
526 }
529 struct wiphy_idx_data {
530 int wiphy_idx;
531 };
534 static int netdev_info_handler(struct nl_msg *msg, void *arg)
535 {
536 struct nlattr *tb[NL80211_ATTR_MAX + 1];
537 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
538 struct wiphy_idx_data *info = arg;
540 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
541 genlmsg_attrlen(gnlh, 0), NULL);
543 if (tb[NL80211_ATTR_WIPHY])
544 info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
546 return NL_SKIP;
547 }
550 static int nl80211_get_wiphy_index(struct i802_bss *bss)
551 {
552 struct nl_msg *msg;
553 struct wiphy_idx_data data = {
554 .wiphy_idx = -1,
555 };
557 msg = nlmsg_alloc();
558 if (!msg)
559 return -1;
561 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
563 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
565 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0)
566 return data.wiphy_idx;
567 msg = NULL;
568 nla_put_failure:
569 nlmsg_free(msg);
570 return -1;
571 }
574 static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv,
575 struct nl80211_wiphy_data *w)
576 {
577 struct nl_msg *msg;
578 int ret = -1;
580 msg = nlmsg_alloc();
581 if (!msg)
582 return -1;
584 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS);
586 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx);
588 ret = send_and_recv(drv, w->nl_beacons.handle, msg, NULL, NULL);
589 msg = NULL;
590 if (ret) {
591 wpa_printf(MSG_DEBUG, "nl80211: Register beacons command "
592 "failed: ret=%d (%s)",
593 ret, strerror(-ret));
594 goto nla_put_failure;
595 }
596 ret = 0;
597 nla_put_failure:
598 nlmsg_free(msg);
599 return ret;
600 }
603 static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle)
604 {
605 struct nl80211_wiphy_data *w = eloop_ctx;
607 wpa_printf(MSG_DEBUG, "nl80211: Beacon event message available");
609 nl_recvmsgs(handle, w->nl_cb);
610 }
613 static int process_beacon_event(struct nl_msg *msg, void *arg)
614 {
615 struct nl80211_wiphy_data *w = arg;
616 struct wpa_driver_nl80211_data *drv;
617 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
618 struct nlattr *tb[NL80211_ATTR_MAX + 1];
619 union wpa_event_data event;
621 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
622 genlmsg_attrlen(gnlh, 0), NULL);
624 if (gnlh->cmd != NL80211_CMD_FRAME) {
625 wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)",
626 gnlh->cmd);
627 return NL_SKIP;
628 }
630 if (!tb[NL80211_ATTR_FRAME])
631 return NL_SKIP;
633 dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data,
634 wiphy_list) {
635 os_memset(&event, 0, sizeof(event));
636 event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]);
637 event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]);
638 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
639 }
641 return NL_SKIP;
642 }
645 static struct nl80211_wiphy_data *
646 nl80211_get_wiphy_data_ap(struct i802_bss *bss)
647 {
648 static DEFINE_DL_LIST(nl80211_wiphys);
649 struct nl80211_wiphy_data *w;
650 int wiphy_idx, found = 0;
651 struct i802_bss *tmp_bss;
653 if (bss->wiphy_data != NULL)
654 return bss->wiphy_data;
656 wiphy_idx = nl80211_get_wiphy_index(bss);
658 dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) {
659 if (w->wiphy_idx == wiphy_idx)
660 goto add;
661 }
663 /* alloc new one */
664 w = os_zalloc(sizeof(*w));
665 if (w == NULL)
666 return NULL;
667 w->wiphy_idx = wiphy_idx;
668 dl_list_init(&w->bsss);
669 dl_list_init(&w->drvs);
671 w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
672 if (!w->nl_cb) {
673 os_free(w);
674 return NULL;
675 }
676 nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
677 nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event,
678 w);
680 if (nl_create_handles(&w->nl_beacons, bss->drv->global->nl_cb,
681 "wiphy beacons")) {
682 os_free(w);
683 return NULL;
684 }
686 if (nl80211_register_beacons(bss->drv, w)) {
687 nl_destroy_handles(&w->nl_beacons);
688 os_free(w);
689 return NULL;
690 }
692 eloop_register_read_sock(nl_socket_get_fd(w->nl_beacons.handle),
693 nl80211_recv_beacons, w,
694 w->nl_beacons.handle);
696 dl_list_add(&nl80211_wiphys, &w->list);
698 add:
699 /* drv entry for this bss already there? */
700 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
701 if (tmp_bss->drv == bss->drv) {
702 found = 1;
703 break;
704 }
705 }
706 /* if not add it */
707 if (!found)
708 dl_list_add(&w->drvs, &bss->drv->wiphy_list);
710 dl_list_add(&w->bsss, &bss->wiphy_list);
711 bss->wiphy_data = w;
712 return w;
713 }
716 static void nl80211_put_wiphy_data_ap(struct i802_bss *bss)
717 {
718 struct nl80211_wiphy_data *w = bss->wiphy_data;
719 struct i802_bss *tmp_bss;
720 int found = 0;
722 if (w == NULL)
723 return;
724 bss->wiphy_data = NULL;
725 dl_list_del(&bss->wiphy_list);
727 /* still any for this drv present? */
728 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
729 if (tmp_bss->drv == bss->drv) {
730 found = 1;
731 break;
732 }
733 }
734 /* if not remove it */
735 if (!found)
736 dl_list_del(&bss->drv->wiphy_list);
738 if (!dl_list_empty(&w->bsss))
739 return;
741 eloop_unregister_read_sock(nl_socket_get_fd(w->nl_beacons.handle));
743 nl_cb_put(w->nl_cb);
744 nl_destroy_handles(&w->nl_beacons);
745 dl_list_del(&w->list);
746 os_free(w);
747 }
750 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
751 {
752 struct i802_bss *bss = priv;
753 struct wpa_driver_nl80211_data *drv = bss->drv;
754 if (!drv->associated)
755 return -1;
756 os_memcpy(bssid, drv->bssid, ETH_ALEN);
757 return 0;
758 }
761 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
762 {
763 struct i802_bss *bss = priv;
764 struct wpa_driver_nl80211_data *drv = bss->drv;
765 if (!drv->associated)
766 return -1;
767 os_memcpy(ssid, drv->ssid, drv->ssid_len);
768 return drv->ssid_len;
769 }
772 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
773 char *buf, size_t len, int del)
774 {
775 union wpa_event_data event;
777 os_memset(&event, 0, sizeof(event));
778 if (len > sizeof(event.interface_status.ifname))
779 len = sizeof(event.interface_status.ifname) - 1;
780 os_memcpy(event.interface_status.ifname, buf, len);
781 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
782 EVENT_INTERFACE_ADDED;
784 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
785 del ? "DEL" : "NEW",
786 event.interface_status.ifname,
787 del ? "removed" : "added");
789 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) {
790 if (del)
791 drv->if_removed = 1;
792 else
793 drv->if_removed = 0;
794 }
796 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
797 }
800 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
801 u8 *buf, size_t len)
802 {
803 int attrlen, rta_len;
804 struct rtattr *attr;
806 attrlen = len;
807 attr = (struct rtattr *) buf;
809 rta_len = RTA_ALIGN(sizeof(struct rtattr));
810 while (RTA_OK(attr, attrlen)) {
811 if (attr->rta_type == IFLA_IFNAME) {
812 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname)
813 == 0)
814 return 1;
815 else
816 break;
817 }
818 attr = RTA_NEXT(attr, attrlen);
819 }
821 return 0;
822 }
825 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
826 int ifindex, u8 *buf, size_t len)
827 {
828 if (drv->ifindex == ifindex)
829 return 1;
831 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
832 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname);
833 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
834 "interface");
835 wpa_driver_nl80211_finish_drv_init(drv);
836 return 1;
837 }
839 return 0;
840 }
843 static struct wpa_driver_nl80211_data *
844 nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len)
845 {
846 struct wpa_driver_nl80211_data *drv;
847 dl_list_for_each(drv, &global->interfaces,
848 struct wpa_driver_nl80211_data, list) {
849 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) ||
850 have_ifidx(drv, idx))
851 return drv;
852 }
853 return NULL;
854 }
857 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
858 struct ifinfomsg *ifi,
859 u8 *buf, size_t len)
860 {
861 struct nl80211_global *global = ctx;
862 struct wpa_driver_nl80211_data *drv;
863 int attrlen, rta_len;
864 struct rtattr *attr;
865 u32 brid = 0;
866 char namebuf[IFNAMSIZ];
868 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
869 if (!drv) {
870 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign "
871 "ifindex %d", ifi->ifi_index);
872 return;
873 }
875 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
876 "(%s%s%s%s)",
877 drv->operstate, ifi->ifi_flags,
878 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
879 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
880 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
881 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
883 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
884 if (if_indextoname(ifi->ifi_index, namebuf) &&
885 linux_iface_up(drv->global->ioctl_sock,
886 drv->first_bss.ifname) > 0) {
887 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
888 "event since interface %s is up", namebuf);
889 return;
890 }
891 wpa_printf(MSG_DEBUG, "nl80211: Interface down");
892 if (drv->ignore_if_down_event) {
893 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
894 "event generated by mode change");
895 drv->ignore_if_down_event = 0;
896 } else {
897 drv->if_disabled = 1;
898 wpa_supplicant_event(drv->ctx,
899 EVENT_INTERFACE_DISABLED, NULL);
900 }
901 }
903 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
904 if (if_indextoname(ifi->ifi_index, namebuf) &&
905 linux_iface_up(drv->global->ioctl_sock,
906 drv->first_bss.ifname) == 0) {
907 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
908 "event since interface %s is down",
909 namebuf);
910 } else {
911 wpa_printf(MSG_DEBUG, "nl80211: Interface up");
912 drv->if_disabled = 0;
913 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
914 NULL);
915 }
916 }
918 /*
919 * Some drivers send the association event before the operup event--in
920 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
921 * fails. This will hit us when wpa_supplicant does not need to do
922 * IEEE 802.1X authentication
923 */
924 if (drv->operstate == 1 &&
925 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
926 !(ifi->ifi_flags & IFF_RUNNING))
927 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
928 -1, IF_OPER_UP);
930 attrlen = len;
931 attr = (struct rtattr *) buf;
932 rta_len = RTA_ALIGN(sizeof(struct rtattr));
933 while (RTA_OK(attr, attrlen)) {
934 if (attr->rta_type == IFLA_IFNAME) {
935 wpa_driver_nl80211_event_link(
936 drv,
937 ((char *) attr) + rta_len,
938 attr->rta_len - rta_len, 0);
939 } else if (attr->rta_type == IFLA_MASTER)
940 brid = nla_get_u32((struct nlattr *) attr);
941 attr = RTA_NEXT(attr, attrlen);
942 }
944 if (ifi->ifi_family == AF_BRIDGE && brid) {
945 /* device has been added to bridge */
946 if_indextoname(brid, namebuf);
947 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
948 brid, namebuf);
949 add_ifidx(drv, brid);
950 }
951 }
954 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
955 struct ifinfomsg *ifi,
956 u8 *buf, size_t len)
957 {
958 struct nl80211_global *global = ctx;
959 struct wpa_driver_nl80211_data *drv;
960 int attrlen, rta_len;
961 struct rtattr *attr;
962 u32 brid = 0;
964 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
965 if (!drv) {
966 wpa_printf(MSG_DEBUG, "nl80211: Ignore dellink event for "
967 "foreign ifindex %d", ifi->ifi_index);
968 return;
969 }
971 attrlen = len;
972 attr = (struct rtattr *) buf;
974 rta_len = RTA_ALIGN(sizeof(struct rtattr));
975 while (RTA_OK(attr, attrlen)) {
976 if (attr->rta_type == IFLA_IFNAME) {
977 wpa_driver_nl80211_event_link(
978 drv,
979 ((char *) attr) + rta_len,
980 attr->rta_len - rta_len, 1);
981 } else if (attr->rta_type == IFLA_MASTER)
982 brid = nla_get_u32((struct nlattr *) attr);
983 attr = RTA_NEXT(attr, attrlen);
984 }
986 if (ifi->ifi_family == AF_BRIDGE && brid) {
987 /* device has been removed from bridge */
988 char namebuf[IFNAMSIZ];
989 if_indextoname(brid, namebuf);
990 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge "
991 "%s", brid, namebuf);
992 del_ifidx(drv, brid);
993 }
994 }
997 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
998 const u8 *frame, size_t len)
999 {
1000 const struct ieee80211_mgmt *mgmt;
1001 union wpa_event_data event;
1003 mgmt = (const struct ieee80211_mgmt *) frame;
1004 if (len < 24 + sizeof(mgmt->u.auth)) {
1005 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1006 "frame");
1007 return;
1008 }
1010 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN);
1011 os_memset(&event, 0, sizeof(event));
1012 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
1013 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
1014 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
1015 if (len > 24 + sizeof(mgmt->u.auth)) {
1016 event.auth.ies = mgmt->u.auth.variable;
1017 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
1018 }
1020 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
1021 }
1024 static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
1025 {
1026 struct nl_msg *msg;
1027 int ret;
1028 struct nl80211_bss_info_arg arg;
1030 os_memset(&arg, 0, sizeof(arg));
1031 msg = nlmsg_alloc();
1032 if (!msg)
1033 goto nla_put_failure;
1035 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1036 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1038 arg.drv = drv;
1039 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
1040 msg = NULL;
1041 if (ret == 0) {
1042 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the "
1043 "associated BSS from scan results: %u MHz",
1044 arg.assoc_freq);
1045 return arg.assoc_freq ? arg.assoc_freq : drv->assoc_freq;
1046 }
1047 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1048 "(%s)", ret, strerror(-ret));
1049 nla_put_failure:
1050 nlmsg_free(msg);
1051 return drv->assoc_freq;
1052 }
1055 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
1056 const u8 *frame, size_t len)
1057 {
1058 const struct ieee80211_mgmt *mgmt;
1059 union wpa_event_data event;
1060 u16 status;
1062 mgmt = (const struct ieee80211_mgmt *) frame;
1063 if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
1064 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1065 "frame");
1066 return;
1067 }
1069 status = le_to_host16(mgmt->u.assoc_resp.status_code);
1070 if (status != WLAN_STATUS_SUCCESS) {
1071 os_memset(&event, 0, sizeof(event));
1072 event.assoc_reject.bssid = mgmt->bssid;
1073 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
1074 event.assoc_reject.resp_ies =
1075 (u8 *) mgmt->u.assoc_resp.variable;
1076 event.assoc_reject.resp_ies_len =
1077 len - 24 - sizeof(mgmt->u.assoc_resp);
1078 }
1079 event.assoc_reject.status_code = status;
1081 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
1082 return;
1083 }
1085 drv->associated = 1;
1086 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
1088 os_memset(&event, 0, sizeof(event));
1089 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
1090 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
1091 event.assoc_info.resp_ies_len =
1092 len - 24 - sizeof(mgmt->u.assoc_resp);
1093 }
1095 event.assoc_info.freq = drv->assoc_freq;
1097 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
1098 }
1101 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
1102 enum nl80211_commands cmd, struct nlattr *status,
1103 struct nlattr *addr, struct nlattr *req_ie,
1104 struct nlattr *resp_ie)
1105 {
1106 union wpa_event_data event;
1108 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1109 /*
1110 * Avoid reporting two association events that would confuse
1111 * the core code.
1112 */
1113 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) "
1114 "when using userspace SME", cmd);
1115 return;
1116 }
1118 os_memset(&event, 0, sizeof(event));
1119 if (cmd == NL80211_CMD_CONNECT &&
1120 nla_get_u16(status) != WLAN_STATUS_SUCCESS) {
1121 if (addr)
1122 event.assoc_reject.bssid = nla_data(addr);
1123 if (resp_ie) {
1124 event.assoc_reject.resp_ies = nla_data(resp_ie);
1125 event.assoc_reject.resp_ies_len = nla_len(resp_ie);
1126 }
1127 event.assoc_reject.status_code = nla_get_u16(status);
1128 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
1129 return;
1130 }
1132 drv->associated = 1;
1133 if (addr)
1134 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN);
1136 if (req_ie) {
1137 event.assoc_info.req_ies = nla_data(req_ie);
1138 event.assoc_info.req_ies_len = nla_len(req_ie);
1139 }
1140 if (resp_ie) {
1141 event.assoc_info.resp_ies = nla_data(resp_ie);
1142 event.assoc_info.resp_ies_len = nla_len(resp_ie);
1143 }
1145 event.assoc_info.freq = nl80211_get_assoc_freq(drv);
1147 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
1148 }
1151 static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv,
1152 struct nlattr *reason, struct nlattr *addr)
1153 {
1154 union wpa_event_data data;
1156 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1157 /*
1158 * Avoid reporting two disassociation events that could
1159 * confuse the core code.
1160 */
1161 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1162 "event when using userspace SME");
1163 return;
1164 }
1166 drv->associated = 0;
1167 os_memset(&data, 0, sizeof(data));
1168 if (reason)
1169 data.disassoc_info.reason_code = nla_get_u16(reason);
1170 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data);
1171 }
1174 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv,
1175 enum nl80211_commands cmd, struct nlattr *addr)
1176 {
1177 union wpa_event_data event;
1178 enum wpa_event_type ev;
1180 if (nla_len(addr) != ETH_ALEN)
1181 return;
1183 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR,
1184 cmd, MAC2STR((u8 *) nla_data(addr)));
1186 if (cmd == NL80211_CMD_AUTHENTICATE)
1187 ev = EVENT_AUTH_TIMED_OUT;
1188 else if (cmd == NL80211_CMD_ASSOCIATE)
1189 ev = EVENT_ASSOC_TIMED_OUT;
1190 else
1191 return;
1193 os_memset(&event, 0, sizeof(event));
1194 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN);
1195 wpa_supplicant_event(drv->ctx, ev, &event);
1196 }
1199 static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv,
1200 struct nlattr *freq, const u8 *frame, size_t len)
1201 {
1202 const struct ieee80211_mgmt *mgmt;
1203 union wpa_event_data event;
1204 u16 fc, stype;
1206 mgmt = (const struct ieee80211_mgmt *) frame;
1207 if (len < 24) {
1208 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame");
1209 return;
1210 }
1212 fc = le_to_host16(mgmt->frame_control);
1213 stype = WLAN_FC_GET_STYPE(fc);
1215 os_memset(&event, 0, sizeof(event));
1216 if (freq) {
1217 event.rx_action.freq = nla_get_u32(freq);
1218 drv->last_mgmt_freq = event.rx_action.freq;
1219 }
1220 if (stype == WLAN_FC_STYPE_ACTION) {
1221 event.rx_action.da = mgmt->da;
1222 event.rx_action.sa = mgmt->sa;
1223 event.rx_action.bssid = mgmt->bssid;
1224 event.rx_action.category = mgmt->u.action.category;
1225 event.rx_action.data = &mgmt->u.action.category + 1;
1226 event.rx_action.len = frame + len - event.rx_action.data;
1227 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event);
1228 } else {
1229 event.rx_mgmt.frame = frame;
1230 event.rx_mgmt.frame_len = len;
1231 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
1232 }
1233 }
1236 static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv,
1237 struct nlattr *cookie, const u8 *frame,
1238 size_t len, struct nlattr *ack)
1239 {
1240 union wpa_event_data event;
1241 const struct ieee80211_hdr *hdr;
1242 u16 fc;
1244 if (!is_ap_interface(drv->nlmode)) {
1245 u64 cookie_val;
1247 if (!cookie)
1248 return;
1250 cookie_val = nla_get_u64(cookie);
1251 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:"
1252 " cookie=0%llx%s (ack=%d)",
1253 (long long unsigned int) cookie_val,
1254 cookie_val == drv->send_action_cookie ?
1255 " (match)" : " (unknown)", ack != NULL);
1256 if (cookie_val != drv->send_action_cookie)
1257 return;
1258 }
1260 hdr = (const struct ieee80211_hdr *) frame;
1261 fc = le_to_host16(hdr->frame_control);
1263 os_memset(&event, 0, sizeof(event));
1264 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
1265 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
1266 event.tx_status.dst = hdr->addr1;
1267 event.tx_status.data = frame;
1268 event.tx_status.data_len = len;
1269 event.tx_status.ack = ack != NULL;
1270 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event);
1271 }
1274 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
1275 enum wpa_event_type type,
1276 const u8 *frame, size_t len)
1277 {
1278 const struct ieee80211_mgmt *mgmt;
1279 union wpa_event_data event;
1280 const u8 *bssid = NULL;
1281 u16 reason_code = 0;
1283 mgmt = (const struct ieee80211_mgmt *) frame;
1284 if (len >= 24) {
1285 bssid = mgmt->bssid;
1287 if (drv->associated != 0 &&
1288 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
1289 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
1290 /*
1291 * We have presumably received this deauth as a
1292 * response to a clear_state_mismatch() outgoing
1293 * deauth. Don't let it take us offline!
1294 */
1295 wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
1296 "from Unknown BSSID " MACSTR " -- ignoring",
1297 MAC2STR(bssid));
1298 return;
1299 }
1300 }
1302 drv->associated = 0;
1303 os_memset(&event, 0, sizeof(event));
1305 /* Note: Same offset for Reason Code in both frame subtypes */
1306 if (len >= 24 + sizeof(mgmt->u.deauth))
1307 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1309 if (type == EVENT_DISASSOC) {
1310 event.disassoc_info.addr = bssid;
1311 event.disassoc_info.reason_code = reason_code;
1312 if (frame + len > mgmt->u.disassoc.variable) {
1313 event.disassoc_info.ie = mgmt->u.disassoc.variable;
1314 event.disassoc_info.ie_len = frame + len -
1315 mgmt->u.disassoc.variable;
1316 }
1317 } else {
1318 event.deauth_info.addr = bssid;
1319 event.deauth_info.reason_code = reason_code;
1320 if (frame + len > mgmt->u.deauth.variable) {
1321 event.deauth_info.ie = mgmt->u.deauth.variable;
1322 event.deauth_info.ie_len = frame + len -
1323 mgmt->u.deauth.variable;
1324 }
1325 }
1327 wpa_supplicant_event(drv->ctx, type, &event);
1328 }
1331 static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv,
1332 enum wpa_event_type type,
1333 const u8 *frame, size_t len)
1334 {
1335 const struct ieee80211_mgmt *mgmt;
1336 union wpa_event_data event;
1337 u16 reason_code = 0;
1339 if (len < 24)
1340 return;
1342 mgmt = (const struct ieee80211_mgmt *) frame;
1344 os_memset(&event, 0, sizeof(event));
1345 /* Note: Same offset for Reason Code in both frame subtypes */
1346 if (len >= 24 + sizeof(mgmt->u.deauth))
1347 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1349 if (type == EVENT_UNPROT_DISASSOC) {
1350 event.unprot_disassoc.sa = mgmt->sa;
1351 event.unprot_disassoc.da = mgmt->da;
1352 event.unprot_disassoc.reason_code = reason_code;
1353 } else {
1354 event.unprot_deauth.sa = mgmt->sa;
1355 event.unprot_deauth.da = mgmt->da;
1356 event.unprot_deauth.reason_code = reason_code;
1357 }
1359 wpa_supplicant_event(drv->ctx, type, &event);
1360 }
1363 static void mlme_event(struct wpa_driver_nl80211_data *drv,
1364 enum nl80211_commands cmd, struct nlattr *frame,
1365 struct nlattr *addr, struct nlattr *timed_out,
1366 struct nlattr *freq, struct nlattr *ack,
1367 struct nlattr *cookie)
1368 {
1369 if (timed_out && addr) {
1370 mlme_timeout_event(drv, cmd, addr);
1371 return;
1372 }
1374 if (frame == NULL) {
1375 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame "
1376 "data", cmd);
1377 return;
1378 }
1380 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd);
1381 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
1382 nla_data(frame), nla_len(frame));
1384 switch (cmd) {
1385 case NL80211_CMD_AUTHENTICATE:
1386 mlme_event_auth(drv, nla_data(frame), nla_len(frame));
1387 break;
1388 case NL80211_CMD_ASSOCIATE:
1389 mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
1390 break;
1391 case NL80211_CMD_DEAUTHENTICATE:
1392 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH,
1393 nla_data(frame), nla_len(frame));
1394 break;
1395 case NL80211_CMD_DISASSOCIATE:
1396 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC,
1397 nla_data(frame), nla_len(frame));
1398 break;
1399 case NL80211_CMD_FRAME:
1400 mlme_event_mgmt(drv, freq, nla_data(frame), nla_len(frame));
1401 break;
1402 case NL80211_CMD_FRAME_TX_STATUS:
1403 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame),
1404 nla_len(frame), ack);
1405 break;
1406 case NL80211_CMD_UNPROT_DEAUTHENTICATE:
1407 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH,
1408 nla_data(frame), nla_len(frame));
1409 break;
1410 case NL80211_CMD_UNPROT_DISASSOCIATE:
1411 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC,
1412 nla_data(frame), nla_len(frame));
1413 break;
1414 default:
1415 break;
1416 }
1417 }
1420 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv,
1421 struct nlattr *tb[])
1422 {
1423 union wpa_event_data data;
1425 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
1426 os_memset(&data, 0, sizeof(data));
1427 if (tb[NL80211_ATTR_MAC]) {
1428 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
1429 nla_data(tb[NL80211_ATTR_MAC]),
1430 nla_len(tb[NL80211_ATTR_MAC]));
1431 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]);
1432 }
1433 if (tb[NL80211_ATTR_KEY_SEQ]) {
1434 wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
1435 nla_data(tb[NL80211_ATTR_KEY_SEQ]),
1436 nla_len(tb[NL80211_ATTR_KEY_SEQ]));
1437 }
1438 if (tb[NL80211_ATTR_KEY_TYPE]) {
1439 enum nl80211_key_type key_type =
1440 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
1441 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
1442 if (key_type == NL80211_KEYTYPE_PAIRWISE)
1443 data.michael_mic_failure.unicast = 1;
1444 } else
1445 data.michael_mic_failure.unicast = 1;
1447 if (tb[NL80211_ATTR_KEY_IDX]) {
1448 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
1449 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
1450 }
1452 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
1453 }
1456 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv,
1457 struct nlattr *tb[])
1458 {
1459 if (tb[NL80211_ATTR_MAC] == NULL) {
1460 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined "
1461 "event");
1462 return;
1463 }
1464 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
1465 drv->associated = 1;
1466 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined",
1467 MAC2STR(drv->bssid));
1469 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
1470 }
1473 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv,
1474 int cancel_event, struct nlattr *tb[])
1475 {
1476 unsigned int freq, chan_type, duration;
1477 union wpa_event_data data;
1478 u64 cookie;
1480 if (tb[NL80211_ATTR_WIPHY_FREQ])
1481 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
1482 else
1483 freq = 0;
1485 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
1486 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1487 else
1488 chan_type = 0;
1490 if (tb[NL80211_ATTR_DURATION])
1491 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]);
1492 else
1493 duration = 0;
1495 if (tb[NL80211_ATTR_COOKIE])
1496 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
1497 else
1498 cookie = 0;
1500 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d "
1501 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))",
1502 cancel_event, freq, chan_type, duration,
1503 (long long unsigned int) cookie,
1504 cookie == drv->remain_on_chan_cookie ? "match" : "unknown");
1506 if (cookie != drv->remain_on_chan_cookie)
1507 return; /* not for us */
1509 if (cancel_event)
1510 drv->pending_remain_on_chan = 0;
1512 os_memset(&data, 0, sizeof(data));
1513 data.remain_on_channel.freq = freq;
1514 data.remain_on_channel.duration = duration;
1515 wpa_supplicant_event(drv->ctx, cancel_event ?
1516 EVENT_CANCEL_REMAIN_ON_CHANNEL :
1517 EVENT_REMAIN_ON_CHANNEL, &data);
1518 }
1521 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
1522 struct nlattr *tb[])
1523 {
1524 union wpa_event_data event;
1525 struct nlattr *nl;
1526 int rem;
1527 struct scan_info *info;
1528 #define MAX_REPORT_FREQS 50
1529 int freqs[MAX_REPORT_FREQS];
1530 int num_freqs = 0;
1532 if (drv->scan_for_auth) {
1533 drv->scan_for_auth = 0;
1534 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing "
1535 "cfg80211 BSS entry");
1536 wpa_driver_nl80211_authenticate_retry(drv);
1537 return;
1538 }
1540 os_memset(&event, 0, sizeof(event));
1541 info = &event.scan_info;
1542 info->aborted = aborted;
1544 if (tb[NL80211_ATTR_SCAN_SSIDS]) {
1545 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
1546 struct wpa_driver_scan_ssid *s =
1547 &info->ssids[info->num_ssids];
1548 s->ssid = nla_data(nl);
1549 s->ssid_len = nla_len(nl);
1550 info->num_ssids++;
1551 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
1552 break;
1553 }
1554 }
1555 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
1556 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem)
1557 {
1558 freqs[num_freqs] = nla_get_u32(nl);
1559 num_freqs++;
1560 if (num_freqs == MAX_REPORT_FREQS - 1)
1561 break;
1562 }
1563 info->freqs = freqs;
1564 info->num_freqs = num_freqs;
1565 }
1566 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
1567 }
1570 static int get_link_signal(struct nl_msg *msg, void *arg)
1571 {
1572 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1573 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1574 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
1575 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
1576 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
1577 };
1578 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1];
1579 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
1580 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
1581 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
1582 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG },
1583 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
1584 };
1585 struct wpa_signal_info *sig_change = arg;
1587 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1588 genlmsg_attrlen(gnlh, 0), NULL);
1589 if (!tb[NL80211_ATTR_STA_INFO] ||
1590 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
1591 tb[NL80211_ATTR_STA_INFO], policy))
1592 return NL_SKIP;
1593 if (!sinfo[NL80211_STA_INFO_SIGNAL])
1594 return NL_SKIP;
1596 sig_change->current_signal =
1597 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
1599 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) {
1600 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX,
1601 sinfo[NL80211_STA_INFO_TX_BITRATE],
1602 rate_policy)) {
1603 sig_change->current_txrate = 0;
1604 } else {
1605 if (rinfo[NL80211_RATE_INFO_BITRATE]) {
1606 sig_change->current_txrate =
1607 nla_get_u16(rinfo[
1608 NL80211_RATE_INFO_BITRATE]) * 100;
1609 }
1610 }
1611 }
1613 return NL_SKIP;
1614 }
1617 static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
1618 struct wpa_signal_info *sig)
1619 {
1620 struct nl_msg *msg;
1622 sig->current_signal = -9999;
1623 sig->current_txrate = 0;
1625 msg = nlmsg_alloc();
1626 if (!msg)
1627 return -ENOMEM;
1629 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION);
1631 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1632 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
1634 return send_and_recv_msgs(drv, msg, get_link_signal, sig);
1635 nla_put_failure:
1636 return -ENOBUFS;
1637 }
1640 static int get_link_noise(struct nl_msg *msg, void *arg)
1641 {
1642 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1643 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1644 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1645 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1646 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1647 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1648 };
1649 struct wpa_signal_info *sig_change = arg;
1651 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1652 genlmsg_attrlen(gnlh, 0), NULL);
1654 if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1655 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
1656 return NL_SKIP;
1657 }
1659 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1660 tb[NL80211_ATTR_SURVEY_INFO],
1661 survey_policy)) {
1662 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
1663 "attributes!");
1664 return NL_SKIP;
1665 }
1667 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1668 return NL_SKIP;
1670 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1671 sig_change->frequency)
1672 return NL_SKIP;
1674 if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1675 return NL_SKIP;
1677 sig_change->current_noise =
1678 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1680 return NL_SKIP;
1681 }
1684 static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
1685 struct wpa_signal_info *sig_change)
1686 {
1687 struct nl_msg *msg;
1689 sig_change->current_noise = 9999;
1690 sig_change->frequency = drv->assoc_freq;
1692 msg = nlmsg_alloc();
1693 if (!msg)
1694 return -ENOMEM;
1696 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
1698 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1700 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change);
1701 nla_put_failure:
1702 return -ENOBUFS;
1703 }
1706 static int get_noise_for_scan_results(struct nl_msg *msg, void *arg)
1707 {
1708 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1709 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1710 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1711 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1712 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1713 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1714 };
1715 struct wpa_scan_results *scan_results = arg;
1716 struct wpa_scan_res *scan_res;
1717 size_t i;
1719 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1720 genlmsg_attrlen(gnlh, 0), NULL);
1722 if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1723 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing");
1724 return NL_SKIP;
1725 }
1727 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1728 tb[NL80211_ATTR_SURVEY_INFO],
1729 survey_policy)) {
1730 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested "
1731 "attributes");
1732 return NL_SKIP;
1733 }
1735 if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1736 return NL_SKIP;
1738 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1739 return NL_SKIP;
1741 for (i = 0; i < scan_results->num; ++i) {
1742 scan_res = scan_results->res[i];
1743 if (!scan_res)
1744 continue;
1745 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1746 scan_res->freq)
1747 continue;
1748 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID))
1749 continue;
1750 scan_res->noise = (s8)
1751 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1752 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID;
1753 }
1755 return NL_SKIP;
1756 }
1759 static int nl80211_get_noise_for_scan_results(
1760 struct wpa_driver_nl80211_data *drv,
1761 struct wpa_scan_results *scan_res)
1762 {
1763 struct nl_msg *msg;
1765 msg = nlmsg_alloc();
1766 if (!msg)
1767 return -ENOMEM;
1769 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
1771 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1773 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results,
1774 scan_res);
1775 nla_put_failure:
1776 return -ENOBUFS;
1777 }
1780 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv,
1781 struct nlattr *tb[])
1782 {
1783 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
1784 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
1785 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 },
1786 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
1787 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 },
1788 };
1789 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1];
1790 enum nl80211_cqm_rssi_threshold_event event;
1791 union wpa_event_data ed;
1792 struct wpa_signal_info sig;
1793 int res;
1795 if (tb[NL80211_ATTR_CQM] == NULL ||
1796 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM],
1797 cqm_policy)) {
1798 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event");
1799 return;
1800 }
1802 os_memset(&ed, 0, sizeof(ed));
1804 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) {
1805 if (!tb[NL80211_ATTR_MAC])
1806 return;
1807 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]),
1808 ETH_ALEN);
1809 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed);
1810 return;
1811 }
1813 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL)
1814 return;
1815 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]);
1817 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) {
1818 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1819 "event: RSSI high");
1820 ed.signal_change.above_threshold = 1;
1821 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) {
1822 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1823 "event: RSSI low");
1824 ed.signal_change.above_threshold = 0;
1825 } else
1826 return;
1828 res = nl80211_get_link_signal(drv, &sig);
1829 if (res == 0) {
1830 ed.signal_change.current_signal = sig.current_signal;
1831 ed.signal_change.current_txrate = sig.current_txrate;
1832 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d",
1833 sig.current_signal, sig.current_txrate);
1834 }
1836 res = nl80211_get_link_noise(drv, &sig);
1837 if (res == 0) {
1838 ed.signal_change.current_noise = sig.current_noise;
1839 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm",
1840 sig.current_noise);
1841 }
1843 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed);
1844 }
1847 static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv,
1848 struct nlattr **tb)
1849 {
1850 u8 *addr;
1851 union wpa_event_data data;
1853 if (tb[NL80211_ATTR_MAC] == NULL)
1854 return;
1855 addr = nla_data(tb[NL80211_ATTR_MAC]);
1856 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr));
1858 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
1859 u8 *ies = NULL;
1860 size_t ies_len = 0;
1861 if (tb[NL80211_ATTR_IE]) {
1862 ies = nla_data(tb[NL80211_ATTR_IE]);
1863 ies_len = nla_len(tb[NL80211_ATTR_IE]);
1864 }
1865 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len);
1866 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0);
1867 return;
1868 }
1870 if (drv->nlmode != NL80211_IFTYPE_ADHOC)
1871 return;
1873 os_memset(&data, 0, sizeof(data));
1874 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN);
1875 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data);
1876 }
1879 static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv,
1880 struct nlattr **tb)
1881 {
1882 u8 *addr;
1883 union wpa_event_data data;
1885 if (tb[NL80211_ATTR_MAC] == NULL)
1886 return;
1887 addr = nla_data(tb[NL80211_ATTR_MAC]);
1888 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR,
1889 MAC2STR(addr));
1891 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
1892 drv_event_disassoc(drv->ctx, addr);
1893 return;
1894 }
1896 if (drv->nlmode != NL80211_IFTYPE_ADHOC)
1897 return;
1899 os_memset(&data, 0, sizeof(data));
1900 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN);
1901 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data);
1902 }
1905 static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv,
1906 struct nlattr **tb)
1907 {
1908 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA];
1909 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = {
1910 [NL80211_REKEY_DATA_KEK] = {
1911 .minlen = NL80211_KEK_LEN,
1912 .maxlen = NL80211_KEK_LEN,
1913 },
1914 [NL80211_REKEY_DATA_KCK] = {
1915 .minlen = NL80211_KCK_LEN,
1916 .maxlen = NL80211_KCK_LEN,
1917 },
1918 [NL80211_REKEY_DATA_REPLAY_CTR] = {
1919 .minlen = NL80211_REPLAY_CTR_LEN,
1920 .maxlen = NL80211_REPLAY_CTR_LEN,
1921 },
1922 };
1923 union wpa_event_data data;
1925 if (!tb[NL80211_ATTR_MAC])
1926 return;
1927 if (!tb[NL80211_ATTR_REKEY_DATA])
1928 return;
1929 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA,
1930 tb[NL80211_ATTR_REKEY_DATA], rekey_policy))
1931 return;
1932 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR])
1933 return;
1935 os_memset(&data, 0, sizeof(data));
1936 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]);
1937 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR,
1938 MAC2STR(data.driver_gtk_rekey.bssid));
1939 data.driver_gtk_rekey.replay_ctr =
1940 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]);
1941 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter",
1942 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN);
1943 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data);
1944 }
1947 static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv,
1948 struct nlattr **tb)
1949 {
1950 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE];
1951 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = {
1952 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 },
1953 [NL80211_PMKSA_CANDIDATE_BSSID] = {
1954 .minlen = ETH_ALEN,
1955 .maxlen = ETH_ALEN,
1956 },
1957 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG },
1958 };
1959 union wpa_event_data data;
1961 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE])
1962 return;
1963 if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE,
1964 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy))
1965 return;
1966 if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] ||
1967 !cand[NL80211_PMKSA_CANDIDATE_BSSID])
1968 return;
1970 os_memset(&data, 0, sizeof(data));
1971 os_memcpy(data.pmkid_candidate.bssid,
1972 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN);
1973 data.pmkid_candidate.index =
1974 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]);
1975 data.pmkid_candidate.preauth =
1976 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL;
1977 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
1978 }
1981 static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv,
1982 struct nlattr **tb)
1983 {
1984 union wpa_event_data data;
1986 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK])
1987 return;
1989 os_memset(&data, 0, sizeof(data));
1990 os_memcpy(data.client_poll.addr,
1991 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
1993 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data);
1994 }
1997 static void nl80211_spurious_class3_frame(struct i802_bss *bss,
1998 struct nlattr **tb)
1999 {
2000 struct wpa_driver_nl80211_data *drv = bss->drv;
2001 union wpa_event_data event;
2002 u8 bssid[ETH_ALEN];
2004 if (!tb[NL80211_ATTR_MAC])
2005 return;
2007 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, bssid) <
2008 0)
2009 return;
2011 os_memset(&event, 0, sizeof(event));
2012 event.rx_from_unknown.bssid = bssid;
2013 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]);
2015 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
2016 }
2019 static int process_drv_event(struct nl_msg *msg, void *arg)
2020 {
2021 struct wpa_driver_nl80211_data *drv = arg;
2022 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2023 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2025 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2026 genlmsg_attrlen(gnlh, 0), NULL);
2028 if (tb[NL80211_ATTR_IFINDEX]) {
2029 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2030 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) {
2031 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)"
2032 " for foreign interface (ifindex %d)",
2033 gnlh->cmd, ifindex);
2034 return NL_SKIP;
2035 }
2036 }
2038 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED &&
2039 (gnlh->cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
2040 gnlh->cmd == NL80211_CMD_SCAN_ABORTED)) {
2041 wpa_driver_nl80211_set_mode(&drv->first_bss,
2042 drv->ap_scan_as_station);
2043 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
2044 }
2046 switch (gnlh->cmd) {
2047 case NL80211_CMD_TRIGGER_SCAN:
2048 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger");
2049 break;
2050 case NL80211_CMD_START_SCHED_SCAN:
2051 wpa_printf(MSG_DEBUG, "nl80211: Sched scan started");
2052 break;
2053 case NL80211_CMD_SCHED_SCAN_STOPPED:
2054 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stopped");
2055 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL);
2056 break;
2057 case NL80211_CMD_NEW_SCAN_RESULTS:
2058 wpa_printf(MSG_DEBUG, "nl80211: New scan results available");
2059 drv->scan_complete_events = 1;
2060 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
2061 drv->ctx);
2062 send_scan_event(drv, 0, tb);
2063 break;
2064 case NL80211_CMD_SCHED_SCAN_RESULTS:
2065 wpa_printf(MSG_DEBUG,
2066 "nl80211: New sched scan results available");
2067 send_scan_event(drv, 0, tb);
2068 break;
2069 case NL80211_CMD_SCAN_ABORTED:
2070 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted");
2071 /*
2072 * Need to indicate that scan results are available in order
2073 * not to make wpa_supplicant stop its scanning.
2074 */
2075 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
2076 drv->ctx);
2077 send_scan_event(drv, 1, tb);
2078 break;
2079 case NL80211_CMD_AUTHENTICATE:
2080 case NL80211_CMD_ASSOCIATE:
2081 case NL80211_CMD_DEAUTHENTICATE:
2082 case NL80211_CMD_DISASSOCIATE:
2083 case NL80211_CMD_FRAME_TX_STATUS:
2084 case NL80211_CMD_UNPROT_DEAUTHENTICATE:
2085 case NL80211_CMD_UNPROT_DISASSOCIATE:
2086 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME],
2087 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
2088 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
2089 tb[NL80211_ATTR_COOKIE]);
2090 break;
2091 case NL80211_CMD_CONNECT:
2092 case NL80211_CMD_ROAM:
2093 mlme_event_connect(drv, gnlh->cmd,
2094 tb[NL80211_ATTR_STATUS_CODE],
2095 tb[NL80211_ATTR_MAC],
2096 tb[NL80211_ATTR_REQ_IE],
2097 tb[NL80211_ATTR_RESP_IE]);
2098 break;
2099 case NL80211_CMD_DISCONNECT:
2100 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE],
2101 tb[NL80211_ATTR_MAC]);
2102 break;
2103 case NL80211_CMD_MICHAEL_MIC_FAILURE:
2104 mlme_event_michael_mic_failure(drv, tb);
2105 break;
2106 case NL80211_CMD_JOIN_IBSS:
2107 mlme_event_join_ibss(drv, tb);
2108 break;
2109 case NL80211_CMD_REMAIN_ON_CHANNEL:
2110 mlme_event_remain_on_channel(drv, 0, tb);
2111 break;
2112 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL:
2113 mlme_event_remain_on_channel(drv, 1, tb);
2114 break;
2115 case NL80211_CMD_NOTIFY_CQM:
2116 nl80211_cqm_event(drv, tb);
2117 break;
2118 case NL80211_CMD_REG_CHANGE:
2119 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change");
2120 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
2121 NULL);
2122 break;
2123 case NL80211_CMD_REG_BEACON_HINT:
2124 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
2125 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
2126 NULL);
2127 break;
2128 case NL80211_CMD_NEW_STATION:
2129 nl80211_new_station_event(drv, tb);
2130 break;
2131 case NL80211_CMD_DEL_STATION:
2132 nl80211_del_station_event(drv, tb);
2133 break;
2134 case NL80211_CMD_SET_REKEY_OFFLOAD:
2135 nl80211_rekey_offload_event(drv, tb);
2136 break;
2137 case NL80211_CMD_PMKSA_CANDIDATE:
2138 nl80211_pmksa_candidate_event(drv, tb);
2139 break;
2140 case NL80211_CMD_PROBE_CLIENT:
2141 nl80211_client_probe_event(drv, tb);
2142 break;
2143 default:
2144 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
2145 "(cmd=%d)", gnlh->cmd);
2146 break;
2147 }
2149 return NL_SKIP;
2150 }
2153 static int process_bss_event(struct nl_msg *msg, void *arg)
2154 {
2155 struct i802_bss *bss = arg;
2156 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2157 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2159 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2160 genlmsg_attrlen(gnlh, 0), NULL);
2162 switch (gnlh->cmd) {
2163 case NL80211_CMD_FRAME:
2164 case NL80211_CMD_FRAME_TX_STATUS:
2165 mlme_event(bss->drv, gnlh->cmd, tb[NL80211_ATTR_FRAME],
2166 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
2167 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
2168 tb[NL80211_ATTR_COOKIE]);
2169 break;
2170 case NL80211_CMD_UNEXPECTED_FRAME:
2171 nl80211_spurious_class3_frame(bss, tb);
2172 break;
2173 default:
2174 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
2175 "(cmd=%d)", gnlh->cmd);
2176 break;
2177 }
2179 return NL_SKIP;
2180 }
2183 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
2184 void *handle)
2185 {
2186 struct nl_cb *cb = eloop_ctx;
2188 wpa_printf(MSG_DEBUG, "nl80211: Event message available");
2190 nl_recvmsgs(handle, cb);
2191 }
2194 /**
2195 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
2196 * @priv: driver_nl80211 private data
2197 * @alpha2_arg: country to which to switch to
2198 * Returns: 0 on success, -1 on failure
2199 *
2200 * This asks nl80211 to set the regulatory domain for given
2201 * country ISO / IEC alpha2.
2202 */
2203 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
2204 {
2205 struct i802_bss *bss = priv;
2206 struct wpa_driver_nl80211_data *drv = bss->drv;
2207 char alpha2[3];
2208 struct nl_msg *msg;
2210 msg = nlmsg_alloc();
2211 if (!msg)
2212 return -ENOMEM;
2214 alpha2[0] = alpha2_arg[0];
2215 alpha2[1] = alpha2_arg[1];
2216 alpha2[2] = '\0';
2218 nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG);
2220 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
2221 if (send_and_recv_msgs(drv, msg, NULL, NULL))
2222 return -EINVAL;
2223 return 0;
2224 nla_put_failure:
2225 return -EINVAL;
2226 }
2229 struct wiphy_info_data {
2230 struct wpa_driver_capa *capa;
2232 unsigned int error:1;
2233 unsigned int device_ap_sme:1;
2234 unsigned int poll_command_supported:1;
2235 unsigned int data_tx_status:1;
2236 };
2239 static int wiphy_info_handler(struct nl_msg *msg, void *arg)
2240 {
2241 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2242 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2243 struct wiphy_info_data *info = arg;
2244 int p2p_go_supported = 0, p2p_client_supported = 0;
2245 int p2p_concurrent = 0;
2246 int auth_supported = 0, connect_supported = 0;
2247 struct wpa_driver_capa *capa = info->capa;
2248 static struct nla_policy
2249 iface_combination_policy[NUM_NL80211_IFACE_COMB] = {
2250 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED },
2251 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 },
2252 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG },
2253 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 },
2254 },
2255 iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = {
2256 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED },
2257 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 },
2258 };
2260 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2261 genlmsg_attrlen(gnlh, 0), NULL);
2263 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
2264 capa->max_scan_ssids =
2265 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
2267 if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS])
2268 capa->max_sched_scan_ssids =
2269 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]);
2271 if (tb[NL80211_ATTR_MAX_MATCH_SETS])
2272 capa->max_match_sets =
2273 nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]);
2275 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) {
2276 struct nlattr *nl_mode;
2277 int i;
2278 nla_for_each_nested(nl_mode,
2279 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) {
2280 switch (nla_type(nl_mode)) {
2281 case NL80211_IFTYPE_AP:
2282 capa->flags |= WPA_DRIVER_FLAGS_AP;
2283 break;
2284 case NL80211_IFTYPE_P2P_GO:
2285 p2p_go_supported = 1;
2286 break;
2287 case NL80211_IFTYPE_P2P_CLIENT:
2288 p2p_client_supported = 1;
2289 break;
2290 }
2291 }
2292 }
2294 if (tb[NL80211_ATTR_INTERFACE_COMBINATIONS]) {
2295 struct nlattr *nl_combi;
2296 int rem_combi;
2298 nla_for_each_nested(nl_combi,
2299 tb[NL80211_ATTR_INTERFACE_COMBINATIONS],
2300 rem_combi) {
2301 struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB];
2302 struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT];
2303 struct nlattr *nl_limit, *nl_mode;
2304 int err, rem_limit, rem_mode;
2305 int combination_has_p2p = 0, combination_has_mgd = 0;
2307 err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB,
2308 nl_combi,
2309 iface_combination_policy);
2310 if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] ||
2311 !tb_comb[NL80211_IFACE_COMB_MAXNUM] ||
2312 !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS])
2313 goto broken_combination;
2315 nla_for_each_nested(nl_limit,
2316 tb_comb[NL80211_IFACE_COMB_LIMITS],
2317 rem_limit) {
2318 err = nla_parse_nested(tb_limit,
2319 MAX_NL80211_IFACE_LIMIT,
2320 nl_limit,
2321 iface_limit_policy);
2322 if (err ||
2323 !tb_limit[NL80211_IFACE_LIMIT_TYPES])
2324 goto broken_combination;
2326 nla_for_each_nested(
2327 nl_mode,
2328 tb_limit[NL80211_IFACE_LIMIT_TYPES],
2329 rem_mode) {
2330 int ift = nla_type(nl_mode);
2331 if (ift == NL80211_IFTYPE_P2P_GO ||
2332 ift == NL80211_IFTYPE_P2P_CLIENT)
2333 combination_has_p2p = 1;
2334 if (ift == NL80211_IFTYPE_STATION)
2335 combination_has_mgd = 1;
2336 }
2337 if (combination_has_p2p && combination_has_mgd)
2338 break;
2339 }
2341 if (combination_has_p2p && combination_has_mgd) {
2342 p2p_concurrent = 1;
2343 break;
2344 }
2346 broken_combination:
2347 ;
2348 }
2349 }
2351 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) {
2352 struct nlattr *nl_cmd;
2353 int i;
2355 nla_for_each_nested(nl_cmd,
2356 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) {
2357 switch (nla_get_u32(nl_cmd)) {
2358 case NL80211_CMD_AUTHENTICATE:
2359 auth_supported = 1;
2360 break;
2361 case NL80211_CMD_CONNECT:
2362 connect_supported = 1;
2363 break;
2364 case NL80211_CMD_START_SCHED_SCAN:
2365 capa->sched_scan_supported = 1;
2366 break;
2367 case NL80211_CMD_PROBE_CLIENT:
2368 info->poll_command_supported = 1;
2369 break;
2370 }
2371 }
2372 }
2374 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) {
2375 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based "
2376 "off-channel TX");
2377 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
2378 }
2380 if (tb[NL80211_ATTR_ROAM_SUPPORT]) {
2381 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming");
2382 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION;
2383 }
2385 /* default to 5000 since early versions of mac80211 don't set it */
2386 capa->max_remain_on_chan = 5000;
2388 if (tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION])
2389 capa->max_remain_on_chan =
2390 nla_get_u32(tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]);
2392 if (auth_supported)
2393 capa->flags |= WPA_DRIVER_FLAGS_SME;
2394 else if (!connect_supported) {
2395 wpa_printf(MSG_INFO, "nl80211: Driver does not support "
2396 "authentication/association or connect commands");
2397 info->error = 1;
2398 }
2400 if (p2p_go_supported && p2p_client_supported)
2401 capa->flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE;
2402 if (p2p_concurrent) {
2403 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
2404 "interface (driver advertised support)");
2405 capa->flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
2406 capa->flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
2407 }
2409 if (tb[NL80211_ATTR_TDLS_SUPPORT]) {
2410 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported");
2411 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT;
2413 if (tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]) {
2414 wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup");
2415 capa->flags |=
2416 WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP;
2417 }
2418 }
2420 if (tb[NL80211_ATTR_DEVICE_AP_SME])
2421 info->device_ap_sme = 1;
2423 if (tb[NL80211_ATTR_FEATURE_FLAGS]) {
2424 u32 flags = nla_get_u32(tb[NL80211_ATTR_FEATURE_FLAGS]);
2426 if (flags & NL80211_FEATURE_SK_TX_STATUS)
2427 info->data_tx_status = 1;
2428 }
2430 return NL_SKIP;
2431 }
2434 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
2435 struct wiphy_info_data *info)
2436 {
2437 struct nl_msg *msg;
2439 os_memset(info, 0, sizeof(*info));
2440 info->capa = &drv->capa;
2442 msg = nlmsg_alloc();
2443 if (!msg)
2444 return -1;
2446 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY);
2448 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex);
2450 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0)
2451 return 0;
2452 msg = NULL;
2453 nla_put_failure:
2454 nlmsg_free(msg);
2455 return -1;
2456 }
2459 static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
2460 {
2461 struct wiphy_info_data info;
2462 if (wpa_driver_nl80211_get_info(drv, &info))
2463 return -1;
2465 if (info.error)
2466 return -1;
2468 drv->has_capability = 1;
2469 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
2470 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
2471 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
2472 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
2473 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
2474 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
2475 WPA_DRIVER_CAPA_ENC_WEP104 |
2476 WPA_DRIVER_CAPA_ENC_TKIP |
2477 WPA_DRIVER_CAPA_ENC_CCMP;
2478 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
2479 WPA_DRIVER_AUTH_SHARED |
2480 WPA_DRIVER_AUTH_LEAP;
2482 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES;
2483 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE;
2484 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
2485 drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS;
2487 drv->device_ap_sme = info.device_ap_sme;
2488 drv->poll_command_supported = info.poll_command_supported;
2489 drv->data_tx_status = info.data_tx_status;
2491 /*
2492 * If poll command is supported mac80211 is new enough to
2493 * have everything we need to not need monitor interfaces.
2494 */
2495 drv->use_monitor = !info.poll_command_supported;
2497 /*
2498 * If we aren't going to use monitor interfaces, but the
2499 * driver doesn't support data TX status, we won't get TX
2500 * status for EAPOL frames.
2501 */
2502 if (!drv->use_monitor && !info.data_tx_status)
2503 drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
2505 return 0;
2506 }
2509 static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
2510 {
2511 global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
2512 if (global->nl_cb == NULL) {
2513 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
2514 "callbacks");
2515 return -1;
2516 }
2518 if (nl_create_handles(&global->nl, global->nl_cb, "nl"))
2519 return -1;
2521 global->nl80211_id = genl_ctrl_resolve(global->nl.handle, "nl80211");
2522 if (global->nl80211_id < 0) {
2523 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
2524 "found");
2525 return -1;
2526 }
2528 return 0;
2529 }
2532 static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv)
2533 {
2534 struct nl80211_global *global = drv->global;
2535 int ret;
2537 /* Initialize generic netlink and nl80211 */
2539 if (nl_create_handles(&drv->nl_event, global->nl_cb, "event"))
2540 goto err3;
2542 ret = nl_get_multicast_id(drv, "nl80211", "scan");
2543 if (ret >= 0)
2544 ret = nl_socket_add_membership(drv->nl_event.handle, ret);
2545 if (ret < 0) {
2546 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
2547 "membership for scan events: %d (%s)",
2548 ret, strerror(-ret));
2549 goto err4;
2550 }
2552 ret = nl_get_multicast_id(drv, "nl80211", "mlme");
2553 if (ret >= 0)
2554 ret = nl_socket_add_membership(drv->nl_event.handle, ret);
2555 if (ret < 0) {
2556 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
2557 "membership for mlme events: %d (%s)",
2558 ret, strerror(-ret));
2559 goto err4;
2560 }
2562 ret = nl_get_multicast_id(drv, "nl80211", "regulatory");
2563 if (ret >= 0)
2564 ret = nl_socket_add_membership(drv->nl_event.handle, ret);
2565 if (ret < 0) {
2566 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
2567 "membership for regulatory events: %d (%s)",
2568 ret, strerror(-ret));
2569 /* Continue without regulatory events */
2570 }
2572 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
2573 if (!drv->nl_cb) {
2574 wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct");
2575 goto err4;
2576 }
2578 nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
2579 no_seq_check, NULL);
2580 nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
2581 process_drv_event, drv);
2583 eloop_register_read_sock(nl_socket_get_fd(drv->nl_event.handle),
2584 wpa_driver_nl80211_event_receive, drv->nl_cb,
2585 drv->nl_event.handle);
2587 return 0;
2589 err4:
2590 nl_destroy_handles(&drv->nl_event);
2591 err3:
2592 return -1;
2593 }
2596 static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
2597 {
2598 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
2599 /*
2600 * This may be for any interface; use ifdown event to disable
2601 * interface.
2602 */
2603 }
2606 static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
2607 {
2608 struct wpa_driver_nl80211_data *drv = ctx;
2609 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
2610 if (linux_set_iface_flags(drv->global->ioctl_sock,
2611 drv->first_bss.ifname, 1)) {
2612 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
2613 "after rfkill unblock");
2614 return;
2615 }
2616 /* rtnetlink ifup handler will report interface as enabled */
2617 }
2620 static void nl80211_get_phy_name(struct wpa_driver_nl80211_data *drv)
2621 {
2622 /* Find phy (radio) to which this interface belongs */
2623 char buf[90], *pos;
2624 int f, rv;
2626 drv->phyname[0] = '\0';
2627 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name",
2628 drv->first_bss.ifname);
2629 f = open(buf, O_RDONLY);
2630 if (f < 0) {
2631 wpa_printf(MSG_DEBUG, "Could not open file %s: %s",
2632 buf, strerror(errno));
2633 return;
2634 }
2636 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1);
2637 close(f);
2638 if (rv < 0) {
2639 wpa_printf(MSG_DEBUG, "Could not read file %s: %s",
2640 buf, strerror(errno));
2641 return;
2642 }
2644 drv->phyname[rv] = '\0';
2645 pos = os_strchr(drv->phyname, '\n');
2646 if (pos)
2647 *pos = '\0';
2648 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s",
2649 drv->first_bss.ifname, drv->phyname);
2650 }
2653 static void wpa_driver_nl80211_handle_eapol_tx_status(int sock,
2654 void *eloop_ctx,
2655 void *handle)
2656 {
2657 struct wpa_driver_nl80211_data *drv = eloop_ctx;
2658 u8 data[2048];
2659 struct msghdr msg;
2660 struct iovec entry;
2661 struct {
2662 struct cmsghdr cm;
2663 char control[512];
2664 } control;
2665 struct cmsghdr *cmsg;
2666 int res, found_ee = 0, found_wifi = 0, acked = 0;
2667 union wpa_event_data event;
2669 memset(&msg, 0, sizeof(msg));
2670 msg.msg_iov = &entry;
2671 msg.msg_iovlen = 1;
2672 entry.iov_base = data;
2673 entry.iov_len = sizeof(data);
2674 msg.msg_control = &control;
2675 msg.msg_controllen = sizeof(control);
2677 res = recvmsg(sock, &msg, MSG_ERRQUEUE);
2678 /* if error or not fitting 802.3 header, return */
2679 if (res < 14)
2680 return;
2682 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
2683 {
2684 if (cmsg->cmsg_level == SOL_SOCKET &&
2685 cmsg->cmsg_type == SCM_WIFI_STATUS) {
2686 int *ack;
2688 found_wifi = 1;
2689 ack = (void *)CMSG_DATA(cmsg);
2690 acked = *ack;
2691 }
2693 if (cmsg->cmsg_level == SOL_PACKET &&
2694 cmsg->cmsg_type == PACKET_TX_TIMESTAMP) {
2695 struct sock_extended_err *err =
2696 (struct sock_extended_err *)CMSG_DATA(cmsg);
2698 if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS)
2699 found_ee = 1;
2700 }
2701 }
2703 if (!found_ee || !found_wifi)
2704 return;
2706 memset(&event, 0, sizeof(event));
2707 event.eapol_tx_status.dst = data;
2708 event.eapol_tx_status.data = data + 14;
2709 event.eapol_tx_status.data_len = res - 14;
2710 event.eapol_tx_status.ack = acked;
2711 wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event);
2712 }
2715 static int nl80211_init_bss(struct i802_bss *bss)
2716 {
2717 bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
2718 if (!bss->nl_cb)
2719 return -1;
2721 nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
2722 no_seq_check, NULL);
2723 nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
2724 process_bss_event, bss);
2726 return 0;
2727 }
2730 static void nl80211_destroy_bss(struct i802_bss *bss)
2731 {
2732 nl_cb_put(bss->nl_cb);
2733 bss->nl_cb = NULL;
2734 }
2737 /**
2738 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
2739 * @ctx: context to be used when calling wpa_supplicant functions,
2740 * e.g., wpa_supplicant_event()
2741 * @ifname: interface name, e.g., wlan0
2742 * @global_priv: private driver global data from global_init()
2743 * Returns: Pointer to private data, %NULL on failure
2744 */
2745 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
2746 void *global_priv)
2747 {
2748 struct wpa_driver_nl80211_data *drv;
2749 struct rfkill_config *rcfg;
2750 struct i802_bss *bss;
2752 if (global_priv == NULL)
2753 return NULL;
2754 drv = os_zalloc(sizeof(*drv));
2755 if (drv == NULL)
2756 return NULL;
2757 drv->global = global_priv;
2758 drv->ctx = ctx;
2759 bss = &drv->first_bss;
2760 bss->drv = drv;
2761 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
2762 drv->monitor_ifidx = -1;
2763 drv->monitor_sock = -1;
2764 drv->eapol_tx_sock = -1;
2765 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
2767 if (wpa_driver_nl80211_init_nl(drv)) {
2768 os_free(drv);
2769 return NULL;
2770 }
2772 if (nl80211_init_bss(bss))
2773 goto failed;
2775 nl80211_get_phy_name(drv);
2777 rcfg = os_zalloc(sizeof(*rcfg));
2778 if (rcfg == NULL)
2779 goto failed;
2780 rcfg->ctx = drv;
2781 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
2782 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
2783 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
2784 drv->rfkill = rfkill_init(rcfg);
2785 if (drv->rfkill == NULL) {
2786 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
2787 os_free(rcfg);
2788 }
2790 if (wpa_driver_nl80211_finish_drv_init(drv))
2791 goto failed;
2793 drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
2794 if (drv->eapol_tx_sock < 0)
2795 goto failed;
2797 if (drv->data_tx_status) {
2798 int enabled = 1;
2800 if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS,
2801 &enabled, sizeof(enabled)) < 0) {
2802 wpa_printf(MSG_DEBUG,
2803 "nl80211: wifi status sockopt failed\n");
2804 drv->data_tx_status = 0;
2805 if (!drv->use_monitor)
2806 drv->capa.flags &=
2807 ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
2808 } else {
2809 eloop_register_read_sock(drv->eapol_tx_sock,
2810 wpa_driver_nl80211_handle_eapol_tx_status,
2811 drv, NULL);
2812 }
2813 }
2815 if (drv->global) {
2816 dl_list_add(&drv->global->interfaces, &drv->list);
2817 drv->in_interface_list = 1;
2818 }
2820 return bss;
2822 failed:
2823 wpa_driver_nl80211_deinit(bss);
2824 return NULL;
2825 }
2828 static int nl80211_register_frame(struct i802_bss *bss,
2829 struct nl_handle *nl_handle,
2830 u16 type, const u8 *match, size_t match_len)
2831 {
2832 struct wpa_driver_nl80211_data *drv = bss->drv;
2833 struct nl_msg *msg;
2834 int ret = -1;
2836 msg = nlmsg_alloc();
2837 if (!msg)
2838 return -1;
2840 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION);
2842 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
2843 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type);
2844 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match);
2846 ret = send_and_recv(drv, nl_handle, msg, NULL, NULL);
2847 msg = NULL;
2848 if (ret) {
2849 wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
2850 "failed (type=%u): ret=%d (%s)",
2851 type, ret, strerror(-ret));
2852 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
2853 match, match_len);
2854 goto nla_put_failure;
2855 }
2856 ret = 0;
2857 nla_put_failure:
2858 nlmsg_free(msg);
2859 return ret;
2860 }
2863 static int nl80211_alloc_mgmt_handle(struct i802_bss *bss)
2864 {
2865 struct wpa_driver_nl80211_data *drv = bss->drv;
2867 if (bss->nl_mgmt.handle) {
2868 wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting "
2869 "already on!");
2870 return -1;
2871 }
2873 if (nl_create_handles(&bss->nl_mgmt, drv->nl_cb, "mgmt"))
2874 return -1;
2876 eloop_register_read_sock(nl_socket_get_fd(bss->nl_mgmt.handle),
2877 wpa_driver_nl80211_event_receive, bss->nl_cb,
2878 bss->nl_mgmt.handle);
2880 return 0;
2881 }
2884 static int nl80211_register_action_frame(struct i802_bss *bss,
2885 const u8 *match, size_t match_len)
2886 {
2887 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
2888 return nl80211_register_frame(bss, bss->nl_mgmt.handle,
2889 type, match, match_len);
2890 }
2893 static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
2894 {
2895 struct wpa_driver_nl80211_data *drv = bss->drv;
2897 if (nl80211_alloc_mgmt_handle(bss))
2898 return -1;
2900 #if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING)
2901 /* GAS Initial Request */
2902 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0)
2903 return -1;
2904 /* GAS Initial Response */
2905 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0)
2906 return -1;
2907 /* GAS Comeback Request */
2908 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0)
2909 return -1;
2910 /* GAS Comeback Response */
2911 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0)
2912 return -1;
2913 #endif /* CONFIG_P2P || CONFIG_INTERWORKING */
2914 #ifdef CONFIG_P2P
2915 /* P2P Public Action */
2916 if (nl80211_register_action_frame(bss,
2917 (u8 *) "\x04\x09\x50\x6f\x9a\x09",
2918 6) < 0)
2919 return -1;
2920 /* P2P Action */
2921 if (nl80211_register_action_frame(bss,
2922 (u8 *) "\x7f\x50\x6f\x9a\x09",
2923 5) < 0)
2924 return -1;
2925 #endif /* CONFIG_P2P */
2926 #ifdef CONFIG_IEEE80211W
2927 /* SA Query Response */
2928 if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0)
2929 return -1;
2930 #endif /* CONFIG_IEEE80211W */
2931 #ifdef CONFIG_TDLS
2932 if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) {
2933 /* TDLS Discovery Response */
2934 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0e", 2) <
2935 0)
2936 return -1;
2937 }
2938 #endif /* CONFIG_TDLS */
2940 /* FT Action frames */
2941 if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
2942 return -1;
2943 else
2944 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
2945 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
2947 /* WNM - BSS Transition Management Request */
2948 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0)
2949 return -1;
2951 return 0;
2952 }
2955 static int nl80211_register_spurious_class3(struct i802_bss *bss)
2956 {
2957 struct wpa_driver_nl80211_data *drv = bss->drv;
2958 struct nl_msg *msg;
2959 int ret = -1;
2961 msg = nlmsg_alloc();
2962 if (!msg)
2963 return -1;
2965 nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME);
2967 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
2969 ret = send_and_recv(drv, bss->nl_mgmt.handle, msg, NULL, NULL);
2970 msg = NULL;
2971 if (ret) {
2972 wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 "
2973 "failed: ret=%d (%s)",
2974 ret, strerror(-ret));
2975 goto nla_put_failure;
2976 }
2977 ret = 0;
2978 nla_put_failure:
2979 nlmsg_free(msg);
2980 return ret;
2981 }
2984 static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss)
2985 {
2986 static const int stypes[] = {
2987 WLAN_FC_STYPE_AUTH,
2988 WLAN_FC_STYPE_ASSOC_REQ,
2989 WLAN_FC_STYPE_REASSOC_REQ,
2990 WLAN_FC_STYPE_DISASSOC,
2991 WLAN_FC_STYPE_DEAUTH,
2992 WLAN_FC_STYPE_ACTION,
2993 WLAN_FC_STYPE_PROBE_REQ,
2994 /* Beacon doesn't work as mac80211 doesn't currently allow
2995 * it, but it wouldn't really be the right thing anyway as
2996 * it isn't per interface ... maybe just dump the scan
2997 * results periodically for OLBC?
2998 */
2999 // WLAN_FC_STYPE_BEACON,
3000 };
3001 unsigned int i;
3003 if (nl80211_alloc_mgmt_handle(bss))
3004 return -1;
3006 for (i = 0; i < sizeof(stypes) / sizeof(stypes[0]); i++) {
3007 if (nl80211_register_frame(bss, bss->nl_mgmt.handle,
3008 (WLAN_FC_TYPE_MGMT << 2) |
3009 (stypes[i] << 4),
3010 NULL, 0) < 0) {
3011 goto out_err;
3012 }
3013 }
3015 if (nl80211_register_spurious_class3(bss))
3016 goto out_err;
3018 if (nl80211_get_wiphy_data_ap(bss) == NULL)
3019 goto out_err;
3021 return 0;
3023 out_err:
3024 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt.handle));
3025 nl_destroy_handles(&bss->nl_mgmt);
3026 return -1;
3027 }
3030 static void nl80211_mgmt_unsubscribe(struct i802_bss *bss)
3031 {
3032 if (bss->nl_mgmt.handle == NULL)
3033 return;
3034 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt.handle));
3035 nl_destroy_handles(&bss->nl_mgmt);
3037 nl80211_put_wiphy_data_ap(bss);
3038 }
3041 static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
3042 {
3043 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
3044 }
3047 static int
3048 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
3049 {
3050 struct i802_bss *bss = &drv->first_bss;
3051 int send_rfkill_event = 0;
3053 drv->ifindex = if_nametoindex(bss->ifname);
3054 drv->first_bss.ifindex = drv->ifindex;
3056 #ifndef HOSTAPD
3057 /*
3058 * Make sure the interface starts up in station mode unless this is a
3059 * dynamically added interface (e.g., P2P) that was already configured
3060 * with proper iftype.
3061 */
3062 if (drv->ifindex != drv->global->if_add_ifindex &&
3063 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION) < 0) {
3064 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver to "
3065 "use managed mode");
3066 return -1;
3067 }
3069 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) {
3070 if (rfkill_is_blocked(drv->rfkill)) {
3071 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
3072 "interface '%s' due to rfkill",
3073 bss->ifname);
3074 drv->if_disabled = 1;
3075 send_rfkill_event = 1;
3076 } else {
3077 wpa_printf(MSG_ERROR, "nl80211: Could not set "
3078 "interface '%s' UP", bss->ifname);
3079 return -1;
3080 }
3081 }
3083 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
3084 1, IF_OPER_DORMANT);
3085 #endif /* HOSTAPD */
3087 if (wpa_driver_nl80211_capa(drv))
3088 return -1;
3090 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
3091 drv->addr))
3092 return -1;
3094 if (send_rfkill_event) {
3095 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
3096 drv, drv->ctx);
3097 }
3099 return 0;
3100 }
3103 static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
3104 {
3105 struct nl_msg *msg;
3107 msg = nlmsg_alloc();
3108 if (!msg)
3109 return -ENOMEM;
3111 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON);
3112 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3114 return send_and_recv_msgs(drv, msg, NULL, NULL);
3115 nla_put_failure:
3116 return -ENOBUFS;
3117 }
3120 /**
3121 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
3122 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init()
3123 *
3124 * Shut down driver interface and processing of driver events. Free
3125 * private data buffer if one was allocated in wpa_driver_nl80211_init().
3126 */
3127 static void wpa_driver_nl80211_deinit(void *priv)
3128 {
3129 struct i802_bss *bss = priv;
3130 struct wpa_driver_nl80211_data *drv = bss->drv;
3132 if (drv->data_tx_status)
3133 eloop_unregister_read_sock(drv->eapol_tx_sock);
3134 if (drv->eapol_tx_sock >= 0)
3135 close(drv->eapol_tx_sock);
3137 if (bss->nl_preq.handle)
3138 wpa_driver_nl80211_probe_req_report(bss, 0);
3139 if (bss->added_if_into_bridge) {
3140 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
3141 bss->ifname) < 0)
3142 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
3143 "interface %s from bridge %s: %s",
3144 bss->ifname, bss->brname, strerror(errno));
3145 }
3146 if (bss->added_bridge) {
3147 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
3148 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
3149 "bridge %s: %s",
3150 bss->brname, strerror(errno));
3151 }
3153 nl80211_remove_monitor_interface(drv);
3155 if (is_ap_interface(drv->nlmode))
3156 wpa_driver_nl80211_del_beacon(drv);
3158 #ifdef HOSTAPD
3159 if (drv->last_freq_ht) {
3160 /* Clear HT flags from the driver */
3161 struct hostapd_freq_params freq;
3162 os_memset(&freq, 0, sizeof(freq));
3163 freq.freq = drv->last_freq;
3164 i802_set_freq(priv, &freq);
3165 }
3167 if (drv->eapol_sock >= 0) {
3168 eloop_unregister_read_sock(drv->eapol_sock);
3169 close(drv->eapol_sock);
3170 }
3172 if (drv->if_indices != drv->default_if_indices)
3173 os_free(drv->if_indices);
3174 #endif /* HOSTAPD */
3176 if (drv->disabled_11b_rates)
3177 nl80211_disable_11b_rates(drv, drv->ifindex, 0);
3179 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0,
3180 IF_OPER_UP);
3181 rfkill_deinit(drv->rfkill);
3183 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
3185 (void) linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0);
3186 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION);
3187 nl80211_mgmt_unsubscribe(bss);
3189 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_event.handle));
3190 nl_destroy_handles(&drv->nl_event);
3191 nl_cb_put(drv->nl_cb);
3193 nl80211_destroy_bss(&drv->first_bss);
3195 os_free(drv->filter_ssids);
3197 os_free(drv->auth_ie);
3199 if (drv->in_interface_list)
3200 dl_list_del(&drv->list);
3202 os_free(drv);
3203 }
3206 /**
3207 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
3208 * @eloop_ctx: Driver private data
3209 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
3210 *
3211 * This function can be used as registered timeout when starting a scan to
3212 * generate a scan completed event if the driver does not report this.
3213 */
3214 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
3215 {
3216 struct wpa_driver_nl80211_data *drv = eloop_ctx;
3217 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) {
3218 wpa_driver_nl80211_set_mode(&drv->first_bss,
3219 drv->ap_scan_as_station);
3220 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
3221 }
3222 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
3223 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
3224 }
3227 /**
3228 * wpa_driver_nl80211_scan - Request the driver to initiate scan
3229 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
3230 * @params: Scan parameters
3231 * Returns: 0 on success, -1 on failure
3232 */
3233 static int wpa_driver_nl80211_scan(void *priv,
3234 struct wpa_driver_scan_params *params)
3235 {
3236 struct i802_bss *bss = priv;
3237 struct wpa_driver_nl80211_data *drv = bss->drv;
3238 int ret = 0, timeout;
3239 struct nl_msg *msg, *ssids, *freqs, *rates;
3240 size_t i;
3242 drv->scan_for_auth = 0;
3244 msg = nlmsg_alloc();
3245 ssids = nlmsg_alloc();
3246 freqs = nlmsg_alloc();
3247 rates = nlmsg_alloc();
3248 if (!msg || !ssids || !freqs || !rates) {
3249 nlmsg_free(msg);
3250 nlmsg_free(ssids);
3251 nlmsg_free(freqs);
3252 nlmsg_free(rates);
3253 return -1;
3254 }
3256 os_free(drv->filter_ssids);
3257 drv->filter_ssids = params->filter_ssids;
3258 params->filter_ssids = NULL;
3259 drv->num_filter_ssids = params->num_filter_ssids;
3261 nl80211_cmd(drv, msg, 0, NL80211_CMD_TRIGGER_SCAN);
3263 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3265 for (i = 0; i < params->num_ssids; i++) {
3266 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID",
3267 params->ssids[i].ssid,
3268 params->ssids[i].ssid_len);
3269 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
3270 params->ssids[i].ssid);
3271 }
3272 if (params->num_ssids)
3273 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
3275 if (params->extra_ies) {
3276 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
3277 params->extra_ies, params->extra_ies_len);
3278 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
3279 params->extra_ies);
3280 }
3282 if (params->freqs) {
3283 for (i = 0; params->freqs[i]; i++) {
3284 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
3285 "MHz", params->freqs[i]);
3286 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
3287 }
3288 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
3289 }
3291 if (params->p2p_probe) {
3292 /*
3293 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
3294 * by masking out everything else apart from the OFDM rates 6,
3295 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
3296 * rates are left enabled.
3297 */
3298 NLA_PUT(rates, NL80211_BAND_2GHZ, 8,
3299 "\x0c\x12\x18\x24\x30\x48\x60\x6c");
3300 nla_put_nested(msg, NL80211_ATTR_SCAN_SUPP_RATES, rates);
3302 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE);
3303 }
3305 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3306 msg = NULL;
3307 if (ret) {
3308 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
3309 "(%s)", ret, strerror(-ret));
3310 #ifdef HOSTAPD
3311 if (is_ap_interface(drv->nlmode)) {
3312 /*
3313 * mac80211 does not allow scan requests in AP mode, so
3314 * try to do this in station mode.
3315 */
3316 if (wpa_driver_nl80211_set_mode(
3317 bss, NL80211_IFTYPE_STATION))
3318 goto nla_put_failure;
3320 if (wpa_driver_nl80211_scan(drv, params)) {
3321 wpa_driver_nl80211_set_mode(bss, drv->nlmode);
3322 goto nla_put_failure;
3323 }
3325 /* Restore AP mode when processing scan results */
3326 drv->ap_scan_as_station = drv->nlmode;
3327 ret = 0;
3328 } else
3329 goto nla_put_failure;
3330 #else /* HOSTAPD */
3331 goto nla_put_failure;
3332 #endif /* HOSTAPD */
3333 }
3335 /* Not all drivers generate "scan completed" wireless event, so try to
3336 * read results after a timeout. */
3337 timeout = 10;
3338 if (drv->scan_complete_events) {
3339 /*
3340 * The driver seems to deliver events to notify when scan is
3341 * complete, so use longer timeout to avoid race conditions
3342 * with scanning and following association request.
3343 */
3344 timeout = 30;
3345 }
3346 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
3347 "seconds", ret, timeout);
3348 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
3349 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
3350 drv, drv->ctx);
3352 nla_put_failure:
3353 nlmsg_free(ssids);
3354 nlmsg_free(msg);
3355 nlmsg_free(freqs);
3356 nlmsg_free(rates);
3357 return ret;
3358 }
3361 /**
3362 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan
3363 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
3364 * @params: Scan parameters
3365 * @interval: Interval between scan cycles in milliseconds
3366 * Returns: 0 on success, -1 on failure or if not supported
3367 */
3368 static int wpa_driver_nl80211_sched_scan(void *priv,
3369 struct wpa_driver_scan_params *params,
3370 u32 interval)
3371 {
3372 struct i802_bss *bss = priv;
3373 struct wpa_driver_nl80211_data *drv = bss->drv;
3374 int ret = 0;
3375 struct nl_msg *msg, *ssids, *freqs, *match_set_ssid, *match_sets;
3376 size_t i;
3378 #ifdef ANDROID
3379 if (!drv->capa.sched_scan_supported)
3380 return android_pno_start(bss, params);
3381 #endif /* ANDROID */
3383 msg = nlmsg_alloc();
3384 ssids = nlmsg_alloc();
3385 freqs = nlmsg_alloc();
3386 if (!msg || !ssids || !freqs) {
3387 nlmsg_free(msg);
3388 nlmsg_free(ssids);
3389 nlmsg_free(freqs);
3390 return -1;
3391 }
3393 os_free(drv->filter_ssids);
3394 drv->filter_ssids = params->filter_ssids;
3395 params->filter_ssids = NULL;
3396 drv->num_filter_ssids = params->num_filter_ssids;
3398 nl80211_cmd(drv, msg, 0, NL80211_CMD_START_SCHED_SCAN);
3400 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3402 NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval);
3404 if (drv->num_filter_ssids &&
3405 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) {
3406 match_sets = nlmsg_alloc();
3408 for (i = 0; i < drv->num_filter_ssids; i++) {
3409 wpa_hexdump_ascii(MSG_MSGDUMP,
3410 "nl80211: Sched scan filter SSID",
3411 drv->filter_ssids[i].ssid,
3412 drv->filter_ssids[i].ssid_len);
3414 match_set_ssid = nlmsg_alloc();
3415 nla_put(match_set_ssid,
3416 NL80211_ATTR_SCHED_SCAN_MATCH_SSID,
3417 drv->filter_ssids[i].ssid_len,
3418 drv->filter_ssids[i].ssid);
3420 nla_put_nested(match_sets, i + 1, match_set_ssid);
3422 nlmsg_free(match_set_ssid);
3423 }
3425 nla_put_nested(msg, NL80211_ATTR_SCHED_SCAN_MATCH,
3426 match_sets);
3427 nlmsg_free(match_sets);
3428 }
3430 for (i = 0; i < params->num_ssids; i++) {
3431 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Sched scan SSID",
3432 params->ssids[i].ssid,
3433 params->ssids[i].ssid_len);
3434 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
3435 params->ssids[i].ssid);
3436 }
3437 if (params->num_ssids)
3438 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
3440 if (params->extra_ies) {
3441 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Sched scan extra IEs",
3442 params->extra_ies, params->extra_ies_len);
3443 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
3444 params->extra_ies);
3445 }
3447 if (params->freqs) {
3448 for (i = 0; params->freqs[i]; i++) {
3449 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
3450 "MHz", params->freqs[i]);
3451 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
3452 }
3453 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
3454 }
3456 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3458 /* TODO: if we get an error here, we should fall back to normal scan */
3460 msg = NULL;
3461 if (ret) {
3462 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: "
3463 "ret=%d (%s)", ret, strerror(-ret));
3464 goto nla_put_failure;
3465 }
3467 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - "
3468 "scan interval %d msec", ret, interval);
3470 nla_put_failure:
3471 nlmsg_free(ssids);
3472 nlmsg_free(msg);
3473 nlmsg_free(freqs);
3474 return ret;
3475 }
3478 /**
3479 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan
3480 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
3481 * Returns: 0 on success, -1 on failure or if not supported
3482 */
3483 static int wpa_driver_nl80211_stop_sched_scan(void *priv)
3484 {
3485 struct i802_bss *bss = priv;
3486 struct wpa_driver_nl80211_data *drv = bss->drv;
3487 int ret = 0;
3488 struct nl_msg *msg;
3490 #ifdef ANDROID
3491 if (!drv->capa.sched_scan_supported)
3492 return android_pno_stop(bss);
3493 #endif /* ANDROID */
3495 msg = nlmsg_alloc();
3496 if (!msg)
3497 return -1;
3499 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN);
3501 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3503 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3504 msg = NULL;
3505 if (ret) {
3506 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: "
3507 "ret=%d (%s)", ret, strerror(-ret));
3508 goto nla_put_failure;
3509 }
3511 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret);
3513 nla_put_failure:
3514 nlmsg_free(msg);
3515 return ret;
3516 }
3519 static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie)
3520 {
3521 const u8 *end, *pos;
3523 if (ies == NULL)
3524 return NULL;
3526 pos = ies;
3527 end = ies + ies_len;
3529 while (pos + 1 < end) {
3530 if (pos + 2 + pos[1] > end)
3531 break;
3532 if (pos[0] == ie)
3533 return pos;
3534 pos += 2 + pos[1];
3535 }
3537 return NULL;
3538 }
3541 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
3542 const u8 *ie, size_t ie_len)
3543 {
3544 const u8 *ssid;
3545 size_t i;
3547 if (drv->filter_ssids == NULL)
3548 return 0;
3550 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID);
3551 if (ssid == NULL)
3552 return 1;
3554 for (i = 0; i < drv->num_filter_ssids; i++) {
3555 if (ssid[1] == drv->filter_ssids[i].ssid_len &&
3556 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
3557 0)
3558 return 0;
3559 }
3561 return 1;
3562 }
3565 static int bss_info_handler(struct nl_msg *msg, void *arg)
3566 {
3567 struct nlattr *tb[NL80211_ATTR_MAX + 1];
3568 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3569 struct nlattr *bss[NL80211_BSS_MAX + 1];
3570 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
3571 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
3572 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
3573 [NL80211_BSS_TSF] = { .type = NLA_U64 },
3574 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
3575 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
3576 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
3577 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
3578 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
3579 [NL80211_BSS_STATUS] = { .type = NLA_U32 },
3580 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
3581 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
3582 };
3583 struct nl80211_bss_info_arg *_arg = arg;
3584 struct wpa_scan_results *res = _arg->res;
3585 struct wpa_scan_res **tmp;
3586 struct wpa_scan_res *r;
3587 const u8 *ie, *beacon_ie;
3588 size_t ie_len, beacon_ie_len;
3589 u8 *pos;
3590 size_t i;
3592 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3593 genlmsg_attrlen(gnlh, 0), NULL);
3594 if (!tb[NL80211_ATTR_BSS])
3595 return NL_SKIP;
3596 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
3597 bss_policy))
3598 return NL_SKIP;
3599 if (bss[NL80211_BSS_STATUS]) {
3600 enum nl80211_bss_status status;
3601 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
3602 if (status == NL80211_BSS_STATUS_ASSOCIATED &&
3603 bss[NL80211_BSS_FREQUENCY]) {
3604 _arg->assoc_freq =
3605 nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
3606 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz",
3607 _arg->assoc_freq);
3608 }
3609 if (status == NL80211_BSS_STATUS_ASSOCIATED &&
3610 bss[NL80211_BSS_BSSID]) {
3611 os_memcpy(_arg->assoc_bssid,
3612 nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN);
3613 wpa_printf(MSG_DEBUG, "nl80211: Associated with "
3614 MACSTR, MAC2STR(_arg->assoc_bssid));
3615 }
3616 }
3617 if (!res)
3618 return NL_SKIP;
3619 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
3620 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
3621 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
3622 } else {
3623 ie = NULL;
3624 ie_len = 0;
3625 }
3626 if (bss[NL80211_BSS_BEACON_IES]) {
3627 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
3628 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
3629 } else {
3630 beacon_ie = NULL;
3631 beacon_ie_len = 0;
3632 }
3634 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie,
3635 ie ? ie_len : beacon_ie_len))
3636 return NL_SKIP;
3638 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
3639 if (r == NULL)
3640 return NL_SKIP;
3641 if (bss[NL80211_BSS_BSSID])
3642 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
3643 ETH_ALEN);
3644 if (bss[NL80211_BSS_FREQUENCY])
3645 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
3646 if (bss[NL80211_BSS_BEACON_INTERVAL])
3647 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
3648 if (bss[NL80211_BSS_CAPABILITY])
3649 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
3650 r->flags |= WPA_SCAN_NOISE_INVALID;
3651 if (bss[NL80211_BSS_SIGNAL_MBM]) {
3652 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
3653 r->level /= 100; /* mBm to dBm */
3654 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
3655 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
3656 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
3657 r->flags |= WPA_SCAN_QUAL_INVALID;
3658 } else
3659 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
3660 if (bss[NL80211_BSS_TSF])
3661 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
3662 if (bss[NL80211_BSS_SEEN_MS_AGO])
3663 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
3664 r->ie_len = ie_len;
3665 pos = (u8 *) (r + 1);
3666 if (ie) {
3667 os_memcpy(pos, ie, ie_len);
3668 pos += ie_len;
3669 }
3670 r->beacon_ie_len = beacon_ie_len;
3671 if (beacon_ie)
3672 os_memcpy(pos, beacon_ie, beacon_ie_len);
3674 if (bss[NL80211_BSS_STATUS]) {
3675 enum nl80211_bss_status status;
3676 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
3677 switch (status) {
3678 case NL80211_BSS_STATUS_AUTHENTICATED:
3679 r->flags |= WPA_SCAN_AUTHENTICATED;
3680 break;
3681 case NL80211_BSS_STATUS_ASSOCIATED:
3682 r->flags |= WPA_SCAN_ASSOCIATED;
3683 break;
3684 default:
3685 break;
3686 }
3687 }
3689 /*
3690 * cfg80211 maintains separate BSS table entries for APs if the same
3691 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does
3692 * not use frequency as a separate key in the BSS table, so filter out
3693 * duplicated entries. Prefer associated BSS entry in such a case in
3694 * order to get the correct frequency into the BSS table.
3695 */
3696 for (i = 0; i < res->num; i++) {
3697 const u8 *s1, *s2;
3698 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0)
3699 continue;
3701 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1),
3702 res->res[i]->ie_len, WLAN_EID_SSID);
3703 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID);
3704 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] ||
3705 os_memcmp(s1, s2, 2 + s1[1]) != 0)
3706 continue;
3708 /* Same BSSID,SSID was already included in scan results */
3709 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result "
3710 "for " MACSTR, MAC2STR(r->bssid));
3712 if ((r->flags & WPA_SCAN_ASSOCIATED) &&
3713 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) {
3714 os_free(res->res[i]);
3715 res->res[i] = r;
3716 } else
3717 os_free(r);
3718 return NL_SKIP;
3719 }
3721 tmp = os_realloc(res->res,
3722 (res->num + 1) * sizeof(struct wpa_scan_res *));
3723 if (tmp == NULL) {
3724 os_free(r);
3725 return NL_SKIP;
3726 }
3727 tmp[res->num++] = r;
3728 res->res = tmp;
3730 return NL_SKIP;
3731 }
3734 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
3735 const u8 *addr)
3736 {
3737 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
3738 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
3739 "mismatch (" MACSTR ")", MAC2STR(addr));
3740 wpa_driver_nl80211_mlme(drv, addr,
3741 NL80211_CMD_DEAUTHENTICATE,
3742 WLAN_REASON_PREV_AUTH_NOT_VALID, 1);
3743 }
3744 }
3747 static void wpa_driver_nl80211_check_bss_status(
3748 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
3749 {
3750 size_t i;
3752 for (i = 0; i < res->num; i++) {
3753 struct wpa_scan_res *r = res->res[i];
3754 if (r->flags & WPA_SCAN_AUTHENTICATED) {
3755 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
3756 "indicates BSS status with " MACSTR
3757 " as authenticated",
3758 MAC2STR(r->bssid));
3759 if (is_sta_interface(drv->nlmode) &&
3760 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 &&
3761 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) !=
3762 0) {
3763 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID"
3764 " in local state (auth=" MACSTR
3765 " assoc=" MACSTR ")",
3766 MAC2STR(drv->auth_bssid),
3767 MAC2STR(drv->bssid));
3768 clear_state_mismatch(drv, r->bssid);
3769 }
3770 }
3772 if (r->flags & WPA_SCAN_ASSOCIATED) {
3773 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
3774 "indicate BSS status with " MACSTR
3775 " as associated",
3776 MAC2STR(r->bssid));
3777 if (is_sta_interface(drv->nlmode) &&
3778 !drv->associated) {
3779 wpa_printf(MSG_DEBUG, "nl80211: Local state "
3780 "(not associated) does not match "
3781 "with BSS state");
3782 clear_state_mismatch(drv, r->bssid);
3783 } else if (is_sta_interface(drv->nlmode) &&
3784 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) !=
3785 0) {
3786 wpa_printf(MSG_DEBUG, "nl80211: Local state "
3787 "(associated with " MACSTR ") does "
3788 "not match with BSS state",
3789 MAC2STR(drv->bssid));
3790 clear_state_mismatch(drv, r->bssid);
3791 clear_state_mismatch(drv, drv->bssid);
3792 }
3793 }
3794 }
3795 }
3798 static struct wpa_scan_results *
3799 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv)
3800 {
3801 struct nl_msg *msg;
3802 struct wpa_scan_results *res;
3803 int ret;
3804 struct nl80211_bss_info_arg arg;
3806 res = os_zalloc(sizeof(*res));
3807 if (res == NULL)
3808 return NULL;
3809 msg = nlmsg_alloc();
3810 if (!msg)
3811 goto nla_put_failure;
3813 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
3814 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3816 arg.drv = drv;
3817 arg.res = res;
3818 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
3819 msg = NULL;
3820 if (ret == 0) {
3821 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu "
3822 "BSSes)", (unsigned long) res->num);
3823 nl80211_get_noise_for_scan_results(drv, res);
3824 return res;
3825 }
3826 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
3827 "(%s)", ret, strerror(-ret));
3828 nla_put_failure:
3829 nlmsg_free(msg);
3830 wpa_scan_results_free(res);
3831 return NULL;
3832 }
3835 /**
3836 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
3837 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
3838 * Returns: Scan results on success, -1 on failure
3839 */
3840 static struct wpa_scan_results *
3841 wpa_driver_nl80211_get_scan_results(void *priv)
3842 {
3843 struct i802_bss *bss = priv;
3844 struct wpa_driver_nl80211_data *drv = bss->drv;
3845 struct wpa_scan_results *res;
3847 res = nl80211_get_scan_results(drv);
3848 if (res)
3849 wpa_driver_nl80211_check_bss_status(drv, res);
3850 return res;
3851 }
3854 static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv)
3855 {
3856 struct wpa_scan_results *res;
3857 size_t i;
3859 res = nl80211_get_scan_results(drv);
3860 if (res == NULL) {
3861 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results");
3862 return;
3863 }
3865 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump");
3866 for (i = 0; i < res->num; i++) {
3867 struct wpa_scan_res *r = res->res[i];
3868 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s",
3869 (int) i, (int) res->num, MAC2STR(r->bssid),
3870 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "",
3871 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : "");
3872 }
3874 wpa_scan_results_free(res);
3875 }
3878 static int wpa_driver_nl80211_set_key(const char *ifname, void *priv,
3879 enum wpa_alg alg, const u8 *addr,
3880 int key_idx, int set_tx,
3881 const u8 *seq, size_t seq_len,
3882 const u8 *key, size_t key_len)
3883 {
3884 struct i802_bss *bss = priv;
3885 struct wpa_driver_nl80211_data *drv = bss->drv;
3886 int ifindex = if_nametoindex(ifname);
3887 struct nl_msg *msg;
3888 int ret;
3890 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d "
3891 "set_tx=%d seq_len=%lu key_len=%lu",
3892 __func__, ifindex, alg, addr, key_idx, set_tx,
3893 (unsigned long) seq_len, (unsigned long) key_len);
3894 #ifdef CONFIG_TDLS
3895 if (key_idx == -1)
3896 key_idx = 0;
3897 #endif /* CONFIG_TDLS */
3899 msg = nlmsg_alloc();
3900 if (!msg)
3901 return -ENOMEM;
3903 if (alg == WPA_ALG_NONE) {
3904 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY);
3905 } else {
3906 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY);
3907 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
3908 switch (alg) {
3909 case WPA_ALG_WEP:
3910 if (key_len == 5)
3911 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
3912 WLAN_CIPHER_SUITE_WEP40);
3913 else
3914 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
3915 WLAN_CIPHER_SUITE_WEP104);
3916 break;
3917 case WPA_ALG_TKIP:
3918 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
3919 WLAN_CIPHER_SUITE_TKIP);
3920 break;
3921 case WPA_ALG_CCMP:
3922 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
3923 WLAN_CIPHER_SUITE_CCMP);
3924 break;
3925 case WPA_ALG_IGTK:
3926 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
3927 WLAN_CIPHER_SUITE_AES_CMAC);
3928 break;
3929 default:
3930 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
3931 "algorithm %d", __func__, alg);
3932 nlmsg_free(msg);
3933 return -1;
3934 }
3935 }
3937 if (seq && seq_len)
3938 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
3940 if (addr && !is_broadcast_ether_addr(addr)) {
3941 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
3942 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3944 if (alg != WPA_ALG_WEP && key_idx && !set_tx) {
3945 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK");
3946 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE,
3947 NL80211_KEYTYPE_GROUP);
3948 }
3949 } else if (addr && is_broadcast_ether_addr(addr)) {
3950 struct nl_msg *types;
3951 int err;
3952 wpa_printf(MSG_DEBUG, " broadcast key");
3953 types = nlmsg_alloc();
3954 if (!types)
3955 goto nla_put_failure;
3956 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
3957 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
3958 types);
3959 nlmsg_free(types);
3960 if (err)
3961 goto nla_put_failure;
3962 }
3963 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
3964 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
3966 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3967 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
3968 ret = 0;
3969 if (ret)
3970 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
3971 ret, strerror(-ret));
3973 /*
3974 * If we failed or don't need to set the default TX key (below),
3975 * we're done here.
3976 */
3977 if (ret || !set_tx || alg == WPA_ALG_NONE)
3978 return ret;
3979 if (is_ap_interface(drv->nlmode) && addr &&
3980 !is_broadcast_ether_addr(addr))
3981 return ret;
3983 msg = nlmsg_alloc();
3984 if (!msg)
3985 return -ENOMEM;
3987 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY);
3988 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
3989 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
3990 if (alg == WPA_ALG_IGTK)
3991 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
3992 else
3993 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
3994 if (addr && is_broadcast_ether_addr(addr)) {
3995 struct nl_msg *types;
3996 int err;
3997 types = nlmsg_alloc();
3998 if (!types)
3999 goto nla_put_failure;
4000 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
4001 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
4002 types);
4003 nlmsg_free(types);
4004 if (err)
4005 goto nla_put_failure;
4006 } else if (addr) {
4007 struct nl_msg *types;
4008 int err;
4009 types = nlmsg_alloc();
4010 if (!types)
4011 goto nla_put_failure;
4012 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_UNICAST);
4013 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
4014 types);
4015 nlmsg_free(types);
4016 if (err)
4017 goto nla_put_failure;
4018 }
4020 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4021 if (ret == -ENOENT)
4022 ret = 0;
4023 if (ret)
4024 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
4025 "err=%d %s)", ret, strerror(-ret));
4026 return ret;
4028 nla_put_failure:
4029 return -ENOBUFS;
4030 }
4033 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
4034 int key_idx, int defkey,
4035 const u8 *seq, size_t seq_len,
4036 const u8 *key, size_t key_len)
4037 {
4038 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
4039 if (!key_attr)
4040 return -1;
4042 if (defkey && alg == WPA_ALG_IGTK)
4043 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT);
4044 else if (defkey)
4045 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
4047 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx);
4049 switch (alg) {
4050 case WPA_ALG_WEP:
4051 if (key_len == 5)
4052 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
4053 WLAN_CIPHER_SUITE_WEP40);
4054 else
4055 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
4056 WLAN_CIPHER_SUITE_WEP104);
4057 break;
4058 case WPA_ALG_TKIP:
4059 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP);
4060 break;
4061 case WPA_ALG_CCMP:
4062 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP);
4063 break;
4064 case WPA_ALG_IGTK:
4065 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
4066 WLAN_CIPHER_SUITE_AES_CMAC);
4067 break;
4068 default:
4069 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
4070 "algorithm %d", __func__, alg);
4071 return -1;
4072 }
4074 if (seq && seq_len)
4075 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq);
4077 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key);
4079 nla_nest_end(msg, key_attr);
4081 return 0;
4082 nla_put_failure:
4083 return -1;
4084 }
4087 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
4088 struct nl_msg *msg)
4089 {
4090 int i, privacy = 0;
4091 struct nlattr *nl_keys, *nl_key;
4093 for (i = 0; i < 4; i++) {
4094 if (!params->wep_key[i])
4095 continue;
4096 privacy = 1;
4097 break;
4098 }
4099 if (params->wps == WPS_MODE_PRIVACY)
4100 privacy = 1;
4101 if (params->pairwise_suite &&
4102 params->pairwise_suite != WPA_CIPHER_NONE)
4103 privacy = 1;
4105 if (!privacy)
4106 return 0;
4108 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
4110 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
4111 if (!nl_keys)
4112 goto nla_put_failure;
4114 for (i = 0; i < 4; i++) {
4115 if (!params->wep_key[i])
4116 continue;
4118 nl_key = nla_nest_start(msg, i);
4119 if (!nl_key)
4120 goto nla_put_failure;
4122 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i],
4123 params->wep_key[i]);
4124 if (params->wep_key_len[i] == 5)
4125 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
4126 WLAN_CIPHER_SUITE_WEP40);
4127 else
4128 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
4129 WLAN_CIPHER_SUITE_WEP104);
4131 NLA_PUT_U8(msg, NL80211_KEY_IDX, i);
4133 if (i == params->wep_tx_keyidx)
4134 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
4136 nla_nest_end(msg, nl_key);
4137 }
4138 nla_nest_end(msg, nl_keys);
4140 return 0;
4142 nla_put_failure:
4143 return -ENOBUFS;
4144 }
4147 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
4148 const u8 *addr, int cmd, u16 reason_code,
4149 int local_state_change)
4150 {
4151 int ret = -1;
4152 struct nl_msg *msg;
4154 msg = nlmsg_alloc();
4155 if (!msg)
4156 return -1;
4158 nl80211_cmd(drv, msg, 0, cmd);
4160 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4161 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
4162 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4163 if (local_state_change)
4164 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
4166 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4167 msg = NULL;
4168 if (ret) {
4169 wpa_dbg(drv->ctx, MSG_DEBUG,
4170 "nl80211: MLME command failed: reason=%u ret=%d (%s)",
4171 reason_code, ret, strerror(-ret));
4172 goto nla_put_failure;
4173 }
4174 ret = 0;
4176 nla_put_failure:
4177 nlmsg_free(msg);
4178 return ret;
4179 }
4182 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
4183 const u8 *addr, int reason_code)
4184 {
4185 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
4186 __func__, MAC2STR(addr), reason_code);
4187 drv->associated = 0;
4188 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT,
4189 reason_code, 0);
4190 }
4193 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
4194 int reason_code)
4195 {
4196 struct i802_bss *bss = priv;
4197 struct wpa_driver_nl80211_data *drv = bss->drv;
4198 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
4199 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
4200 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
4201 __func__, MAC2STR(addr), reason_code);
4202 drv->associated = 0;
4203 if (drv->nlmode == NL80211_IFTYPE_ADHOC)
4204 return nl80211_leave_ibss(drv);
4205 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
4206 reason_code, 0);
4207 }
4210 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
4211 int reason_code)
4212 {
4213 struct i802_bss *bss = priv;
4214 struct wpa_driver_nl80211_data *drv = bss->drv;
4215 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
4216 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
4217 wpa_printf(MSG_DEBUG, "%s", __func__);
4218 drv->associated = 0;
4219 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE,
4220 reason_code, 0);
4221 }
4224 static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv,
4225 struct wpa_driver_auth_params *params)
4226 {
4227 int i;
4229 drv->auth_freq = params->freq;
4230 drv->auth_alg = params->auth_alg;
4231 drv->auth_wep_tx_keyidx = params->wep_tx_keyidx;
4232 drv->auth_local_state_change = params->local_state_change;
4233 drv->auth_p2p = params->p2p;
4235 if (params->bssid)
4236 os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN);
4237 else
4238 os_memset(drv->auth_bssid_, 0, ETH_ALEN);
4240 if (params->ssid) {
4241 os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len);
4242 drv->auth_ssid_len = params->ssid_len;
4243 } else
4244 drv->auth_ssid_len = 0;
4247 os_free(drv->auth_ie);
4248 drv->auth_ie = NULL;
4249 drv->auth_ie_len = 0;
4250 if (params->ie) {
4251 drv->auth_ie = os_malloc(params->ie_len);
4252 if (drv->auth_ie) {
4253 os_memcpy(drv->auth_ie, params->ie, params->ie_len);
4254 drv->auth_ie_len = params->ie_len;
4255 }
4256 }
4258 for (i = 0; i < 4; i++) {
4259 if (params->wep_key[i] && params->wep_key_len[i] &&
4260 params->wep_key_len[i] <= 16) {
4261 os_memcpy(drv->auth_wep_key[i], params->wep_key[i],
4262 params->wep_key_len[i]);
4263 drv->auth_wep_key_len[i] = params->wep_key_len[i];
4264 } else
4265 drv->auth_wep_key_len[i] = 0;
4266 }
4267 }
4270 static int wpa_driver_nl80211_authenticate(
4271 void *priv, struct wpa_driver_auth_params *params)
4272 {
4273 struct i802_bss *bss = priv;
4274 struct wpa_driver_nl80211_data *drv = bss->drv;
4275 int ret = -1, i;
4276 struct nl_msg *msg;
4277 enum nl80211_auth_type type;
4278 enum nl80211_iftype nlmode;
4279 int count = 0;
4280 int is_retry;
4282 is_retry = drv->retry_auth;
4283 drv->retry_auth = 0;
4285 drv->associated = 0;
4286 os_memset(drv->auth_bssid, 0, ETH_ALEN);
4287 /* FIX: IBSS mode */
4288 nlmode = params->p2p ?
4289 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
4290 if (drv->nlmode != nlmode &&
4291 wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
4292 return -1;
4294 retry:
4295 msg = nlmsg_alloc();
4296 if (!msg)
4297 return -1;
4299 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
4300 drv->ifindex);
4302 nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE);
4304 for (i = 0; i < 4; i++) {
4305 if (!params->wep_key[i])
4306 continue;
4307 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP,
4308 NULL, i,
4309 i == params->wep_tx_keyidx, NULL, 0,
4310 params->wep_key[i],
4311 params->wep_key_len[i]);
4312 if (params->wep_tx_keyidx != i)
4313 continue;
4314 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
4315 params->wep_key[i], params->wep_key_len[i])) {
4316 nlmsg_free(msg);
4317 return -1;
4318 }
4319 }
4321 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4322 if (params->bssid) {
4323 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
4324 MAC2STR(params->bssid));
4325 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
4326 }
4327 if (params->freq) {
4328 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
4329 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
4330 }
4331 if (params->ssid) {
4332 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
4333 params->ssid, params->ssid_len);
4334 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
4335 params->ssid);
4336 }
4337 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
4338 if (params->ie)
4339 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
4340 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
4341 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
4342 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
4343 type = NL80211_AUTHTYPE_SHARED_KEY;
4344 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
4345 type = NL80211_AUTHTYPE_NETWORK_EAP;
4346 else if (params->auth_alg & WPA_AUTH_ALG_FT)
4347 type = NL80211_AUTHTYPE_FT;
4348 else
4349 goto nla_put_failure;
4350 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
4351 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
4352 if (params->local_state_change) {
4353 wpa_printf(MSG_DEBUG, " * Local state change only");
4354 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
4355 }
4357 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4358 msg = NULL;
4359 if (ret) {
4360 wpa_dbg(drv->ctx, MSG_DEBUG,
4361 "nl80211: MLME command failed (auth): ret=%d (%s)",
4362 ret, strerror(-ret));
4363 count++;
4364 if (ret == -EALREADY && count == 1 && params->bssid &&
4365 !params->local_state_change) {
4366 /*
4367 * mac80211 does not currently accept new
4368 * authentication if we are already authenticated. As a
4369 * workaround, force deauthentication and try again.
4370 */
4371 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
4372 "after forced deauthentication");
4373 wpa_driver_nl80211_deauthenticate(
4374 bss, params->bssid,
4375 WLAN_REASON_PREV_AUTH_NOT_VALID);
4376 nlmsg_free(msg);
4377 goto retry;
4378 }
4380 if (ret == -ENOENT && params->freq && !is_retry) {
4381 /*
4382 * cfg80211 has likely expired the BSS entry even
4383 * though it was previously available in our internal
4384 * BSS table. To recover quickly, start a single
4385 * channel scan on the specified channel.
4386 */
4387 struct wpa_driver_scan_params scan;
4388 int freqs[2];
4390 os_memset(&scan, 0, sizeof(scan));
4391 scan.num_ssids = 1;
4392 if (params->ssid) {
4393 scan.ssids[0].ssid = params->ssid;
4394 scan.ssids[0].ssid_len = params->ssid_len;
4395 }
4396 freqs[0] = params->freq;
4397 freqs[1] = 0;
4398 scan.freqs = freqs;
4399 wpa_printf(MSG_DEBUG, "nl80211: Trigger single "
4400 "channel scan to refresh cfg80211 BSS "
4401 "entry");
4402 ret = wpa_driver_nl80211_scan(bss, &scan);
4403 if (ret == 0) {
4404 nl80211_copy_auth_params(drv, params);
4405 drv->scan_for_auth = 1;
4406 }
4407 } else if (is_retry) {
4408 /*
4409 * Need to indicate this with an event since the return
4410 * value from the retry is not delivered to core code.
4411 */
4412 union wpa_event_data event;
4413 wpa_printf(MSG_DEBUG, "nl80211: Authentication retry "
4414 "failed");
4415 os_memset(&event, 0, sizeof(event));
4416 os_memcpy(event.timeout_event.addr, drv->auth_bssid_,
4417 ETH_ALEN);
4418 wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT,
4419 &event);
4420 }
4422 goto nla_put_failure;
4423 }
4424 ret = 0;
4425 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
4426 "successfully");
4428 nla_put_failure:
4429 nlmsg_free(msg);
4430 return ret;
4431 }
4434 static int wpa_driver_nl80211_authenticate_retry(
4435 struct wpa_driver_nl80211_data *drv)
4436 {
4437 struct wpa_driver_auth_params params;
4438 struct i802_bss *bss = &drv->first_bss;
4439 int i;
4441 wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again");
4443 os_memset(¶ms, 0, sizeof(params));
4444 params.freq = drv->auth_freq;
4445 params.auth_alg = drv->auth_alg;
4446 params.wep_tx_keyidx = drv->auth_wep_tx_keyidx;
4447 params.local_state_change = drv->auth_local_state_change;
4448 params.p2p = drv->auth_p2p;
4450 if (!is_zero_ether_addr(drv->auth_bssid_))
4451 params.bssid = drv->auth_bssid_;
4453 if (drv->auth_ssid_len) {
4454 params.ssid = drv->auth_ssid;
4455 params.ssid_len = drv->auth_ssid_len;
4456 }
4458 params.ie = drv->auth_ie;
4459 params.ie_len = drv->auth_ie_len;
4461 for (i = 0; i < 4; i++) {
4462 if (drv->auth_wep_key_len[i]) {
4463 params.wep_key[i] = drv->auth_wep_key[i];
4464 params.wep_key_len[i] = drv->auth_wep_key_len[i];
4465 }
4466 }
4468 drv->retry_auth = 1;
4469 return wpa_driver_nl80211_authenticate(bss, ¶ms);
4470 }
4473 struct phy_info_arg {
4474 u16 *num_modes;
4475 struct hostapd_hw_modes *modes;
4476 };
4478 static int phy_info_handler(struct nl_msg *msg, void *arg)
4479 {
4480 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
4481 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
4482 struct phy_info_arg *phy_info = arg;
4484 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
4486 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
4487 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
4488 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
4489 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
4490 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
4491 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
4492 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
4493 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
4494 };
4496 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
4497 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
4498 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
4499 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
4500 };
4502 struct nlattr *nl_band;
4503 struct nlattr *nl_freq;
4504 struct nlattr *nl_rate;
4505 int rem_band, rem_freq, rem_rate;
4506 struct hostapd_hw_modes *mode;
4507 int idx, mode_is_set;
4509 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
4510 genlmsg_attrlen(gnlh, 0), NULL);
4512 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
4513 return NL_SKIP;
4515 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
4516 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
4517 if (!mode)
4518 return NL_SKIP;
4519 phy_info->modes = mode;
4521 mode_is_set = 0;
4523 mode = &phy_info->modes[*(phy_info->num_modes)];
4524 memset(mode, 0, sizeof(*mode));
4525 mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN;
4526 *(phy_info->num_modes) += 1;
4528 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
4529 nla_len(nl_band), NULL);
4531 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) {
4532 mode->ht_capab = nla_get_u16(
4533 tb_band[NL80211_BAND_ATTR_HT_CAPA]);
4534 }
4536 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) {
4537 mode->a_mpdu_params |= nla_get_u8(
4538 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) &
4539 0x03;
4540 }
4542 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) {
4543 mode->a_mpdu_params |= nla_get_u8(
4544 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) <<
4545 2;
4546 }
4548 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] &&
4549 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) {
4550 u8 *mcs;
4551 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]);
4552 os_memcpy(mode->mcs_set, mcs, 16);
4553 }
4555 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
4556 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
4557 nla_len(nl_freq), freq_policy);
4558 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
4559 continue;
4560 mode->num_channels++;
4561 }
4563 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data));
4564 if (!mode->channels)
4565 return NL_SKIP;
4567 idx = 0;
4569 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
4570 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
4571 nla_len(nl_freq), freq_policy);
4572 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
4573 continue;
4575 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
4576 mode->channels[idx].flag = 0;
4578 if (!mode_is_set) {
4579 /* crude heuristic */
4580 if (mode->channels[idx].freq < 4000)
4581 mode->mode = HOSTAPD_MODE_IEEE80211B;
4582 else
4583 mode->mode = HOSTAPD_MODE_IEEE80211A;
4584 mode_is_set = 1;
4585 }
4587 /* crude heuristic */
4588 if (mode->channels[idx].freq < 4000)
4589 if (mode->channels[idx].freq == 2484)
4590 mode->channels[idx].chan = 14;
4591 else
4592 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
4593 else
4594 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
4596 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
4597 mode->channels[idx].flag |=
4598 HOSTAPD_CHAN_DISABLED;
4599 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
4600 mode->channels[idx].flag |=
4601 HOSTAPD_CHAN_PASSIVE_SCAN;
4602 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
4603 mode->channels[idx].flag |=
4604 HOSTAPD_CHAN_NO_IBSS;
4605 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
4606 mode->channels[idx].flag |=
4607 HOSTAPD_CHAN_RADAR;
4609 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] &&
4610 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
4611 mode->channels[idx].max_tx_power =
4612 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100;
4614 idx++;
4615 }
4617 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
4618 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
4619 nla_len(nl_rate), rate_policy);
4620 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
4621 continue;
4622 mode->num_rates++;
4623 }
4625 mode->rates = os_zalloc(mode->num_rates * sizeof(int));
4626 if (!mode->rates)
4627 return NL_SKIP;
4629 idx = 0;
4631 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
4632 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
4633 nla_len(nl_rate), rate_policy);
4634 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
4635 continue;
4636 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
4638 /* crude heuristic */
4639 if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
4640 mode->rates[idx] > 200)
4641 mode->mode = HOSTAPD_MODE_IEEE80211G;
4643 idx++;
4644 }
4645 }
4647 return NL_SKIP;
4648 }
4650 static struct hostapd_hw_modes *
4651 wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes)
4652 {
4653 u16 m;
4654 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
4655 int i, mode11g_idx = -1;
4657 /* If only 802.11g mode is included, use it to construct matching
4658 * 802.11b mode data. */
4660 for (m = 0; m < *num_modes; m++) {
4661 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
4662 return modes; /* 802.11b already included */
4663 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
4664 mode11g_idx = m;
4665 }
4667 if (mode11g_idx < 0)
4668 return modes; /* 2.4 GHz band not supported at all */
4670 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes));
4671 if (nmodes == NULL)
4672 return modes; /* Could not add 802.11b mode */
4674 mode = &nmodes[*num_modes];
4675 os_memset(mode, 0, sizeof(*mode));
4676 (*num_modes)++;
4677 modes = nmodes;
4679 mode->mode = HOSTAPD_MODE_IEEE80211B;
4681 mode11g = &modes[mode11g_idx];
4682 mode->num_channels = mode11g->num_channels;
4683 mode->channels = os_malloc(mode11g->num_channels *
4684 sizeof(struct hostapd_channel_data));
4685 if (mode->channels == NULL) {
4686 (*num_modes)--;
4687 return modes; /* Could not add 802.11b mode */
4688 }
4689 os_memcpy(mode->channels, mode11g->channels,
4690 mode11g->num_channels * sizeof(struct hostapd_channel_data));
4692 mode->num_rates = 0;
4693 mode->rates = os_malloc(4 * sizeof(int));
4694 if (mode->rates == NULL) {
4695 os_free(mode->channels);
4696 (*num_modes)--;
4697 return modes; /* Could not add 802.11b mode */
4698 }
4700 for (i = 0; i < mode11g->num_rates; i++) {
4701 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 &&
4702 mode11g->rates[i] != 55 && mode11g->rates[i] != 110)
4703 continue;
4704 mode->rates[mode->num_rates] = mode11g->rates[i];
4705 mode->num_rates++;
4706 if (mode->num_rates == 4)
4707 break;
4708 }
4710 if (mode->num_rates == 0) {
4711 os_free(mode->channels);
4712 os_free(mode->rates);
4713 (*num_modes)--;
4714 return modes; /* No 802.11b rates */
4715 }
4717 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
4718 "information");
4720 return modes;
4721 }
4724 static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start,
4725 int end)
4726 {
4727 int c;
4729 for (c = 0; c < mode->num_channels; c++) {
4730 struct hostapd_channel_data *chan = &mode->channels[c];
4731 if (chan->freq - 10 >= start && chan->freq + 10 <= end)
4732 chan->flag |= HOSTAPD_CHAN_HT40;
4733 }
4734 }
4737 static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start,
4738 int end)
4739 {
4740 int c;
4742 for (c = 0; c < mode->num_channels; c++) {
4743 struct hostapd_channel_data *chan = &mode->channels[c];
4744 if (!(chan->flag & HOSTAPD_CHAN_HT40))
4745 continue;
4746 if (chan->freq - 30 >= start && chan->freq - 10 <= end)
4747 chan->flag |= HOSTAPD_CHAN_HT40MINUS;
4748 if (chan->freq + 10 >= start && chan->freq + 30 <= end)
4749 chan->flag |= HOSTAPD_CHAN_HT40PLUS;
4750 }
4751 }
4754 static void nl80211_reg_rule_ht40(struct nlattr *tb[],
4755 struct phy_info_arg *results)
4756 {
4757 u32 start, end, max_bw;
4758 u16 m;
4760 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
4761 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
4762 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
4763 return;
4765 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
4766 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
4767 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
4769 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz",
4770 start, end, max_bw);
4771 if (max_bw < 40)
4772 return;
4774 for (m = 0; m < *results->num_modes; m++) {
4775 if (!(results->modes[m].ht_capab &
4776 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
4777 continue;
4778 nl80211_set_ht40_mode(&results->modes[m], start, end);
4779 }
4780 }
4783 static void nl80211_reg_rule_sec(struct nlattr *tb[],
4784 struct phy_info_arg *results)
4785 {
4786 u32 start, end, max_bw;
4787 u16 m;
4789 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
4790 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
4791 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
4792 return;
4794 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
4795 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
4796 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
4798 if (max_bw < 20)
4799 return;
4801 for (m = 0; m < *results->num_modes; m++) {
4802 if (!(results->modes[m].ht_capab &
4803 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
4804 continue;
4805 nl80211_set_ht40_mode_sec(&results->modes[m], start, end);
4806 }
4807 }
4810 static int nl80211_get_reg(struct nl_msg *msg, void *arg)
4811 {
4812 struct phy_info_arg *results = arg;
4813 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
4814 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
4815 struct nlattr *nl_rule;
4816 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1];
4817 int rem_rule;
4818 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
4819 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
4820 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
4821 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
4822 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
4823 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
4824 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
4825 };
4827 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
4828 genlmsg_attrlen(gnlh, 0), NULL);
4829 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] ||
4830 !tb_msg[NL80211_ATTR_REG_RULES]) {
4831 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information "
4832 "available");
4833 return NL_SKIP;
4834 }
4836 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s",
4837 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]));
4839 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
4840 {
4841 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
4842 nla_data(nl_rule), nla_len(nl_rule), reg_policy);
4843 nl80211_reg_rule_ht40(tb_rule, results);
4844 }
4846 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
4847 {
4848 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
4849 nla_data(nl_rule), nla_len(nl_rule), reg_policy);
4850 nl80211_reg_rule_sec(tb_rule, results);
4851 }
4853 return NL_SKIP;
4854 }
4857 static int nl80211_set_ht40_flags(struct wpa_driver_nl80211_data *drv,
4858 struct phy_info_arg *results)
4859 {
4860 struct nl_msg *msg;
4862 msg = nlmsg_alloc();
4863 if (!msg)
4864 return -ENOMEM;
4866 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG);
4867 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results);
4868 }
4871 static struct hostapd_hw_modes *
4872 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
4873 {
4874 struct i802_bss *bss = priv;
4875 struct wpa_driver_nl80211_data *drv = bss->drv;
4876 struct nl_msg *msg;
4877 struct phy_info_arg result = {
4878 .num_modes = num_modes,
4879 .modes = NULL,
4880 };
4882 *num_modes = 0;
4883 *flags = 0;
4885 msg = nlmsg_alloc();
4886 if (!msg)
4887 return NULL;
4889 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY);
4891 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4893 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) {
4894 nl80211_set_ht40_flags(drv, &result);
4895 return wpa_driver_nl80211_add_11b(result.modes, num_modes);
4896 }
4897 nla_put_failure:
4898 return NULL;
4899 }
4902 static int wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data *drv,
4903 const void *data, size_t len,
4904 int encrypt, int noack)
4905 {
4906 __u8 rtap_hdr[] = {
4907 0x00, 0x00, /* radiotap version */
4908 0x0e, 0x00, /* radiotap length */
4909 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
4910 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
4911 0x00, /* padding */
4912 0x00, 0x00, /* RX and TX flags to indicate that */
4913 0x00, 0x00, /* this is the injected frame directly */
4914 };
4915 struct iovec iov[2] = {
4916 {
4917 .iov_base = &rtap_hdr,
4918 .iov_len = sizeof(rtap_hdr),
4919 },
4920 {
4921 .iov_base = (void *) data,
4922 .iov_len = len,
4923 }
4924 };
4925 struct msghdr msg = {
4926 .msg_name = NULL,
4927 .msg_namelen = 0,
4928 .msg_iov = iov,
4929 .msg_iovlen = 2,
4930 .msg_control = NULL,
4931 .msg_controllen = 0,
4932 .msg_flags = 0,
4933 };
4934 int res;
4935 u16 txflags = 0;
4937 if (encrypt)
4938 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
4940 if (drv->monitor_sock < 0) {
4941 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available "
4942 "for %s", __func__);
4943 return -1;
4944 }
4946 if (noack)
4947 txflags |= IEEE80211_RADIOTAP_F_TX_NOACK;
4948 *(le16 *) &rtap_hdr[12] = host_to_le16(txflags);
4950 res = sendmsg(drv->monitor_sock, &msg, 0);
4951 if (res < 0) {
4952 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno));
4953 return -1;
4954 }
4955 return 0;
4956 }
4959 static int wpa_driver_nl80211_send_frame(struct i802_bss *bss,
4960 const void *data, size_t len,
4961 int encrypt, int noack)
4962 {
4963 struct wpa_driver_nl80211_data *drv = bss->drv;
4964 u64 cookie;
4966 if (drv->use_monitor)
4967 return wpa_driver_nl80211_send_mntr(drv, data, len,
4968 encrypt, noack);
4970 return nl80211_send_frame_cmd(bss, bss->freq, 0, data, len,
4971 &cookie, 0, noack, 0);
4972 }
4975 static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data,
4976 size_t data_len, int noack)
4977 {
4978 struct i802_bss *bss = priv;
4979 struct wpa_driver_nl80211_data *drv = bss->drv;
4980 struct ieee80211_mgmt *mgmt;
4981 int encrypt = 1;
4982 u16 fc;
4984 mgmt = (struct ieee80211_mgmt *) data;
4985 fc = le_to_host16(mgmt->frame_control);
4987 if (is_sta_interface(drv->nlmode) &&
4988 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
4989 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
4990 /*
4991 * The use of last_mgmt_freq is a bit of a hack,
4992 * but it works due to the single-threaded nature
4993 * of wpa_supplicant.
4994 */
4995 return nl80211_send_frame_cmd(bss, drv->last_mgmt_freq, 0,
4996 data, data_len, NULL, 1, noack,
4997 1);
4998 }
5000 if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) {
5001 return nl80211_send_frame_cmd(bss, bss->freq, 0,
5002 data, data_len, NULL,
5003 0, noack, 0);
5004 }
5006 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
5007 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
5008 /*
5009 * Only one of the authentication frame types is encrypted.
5010 * In order for static WEP encryption to work properly (i.e.,
5011 * to not encrypt the frame), we need to tell mac80211 about
5012 * the frames that must not be encrypted.
5013 */
5014 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
5015 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
5016 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
5017 encrypt = 0;
5018 }
5020 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt,
5021 noack);
5022 }
5025 static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble,
5026 int slot, int ht_opmode, int ap_isolate,
5027 int *basic_rates)
5028 {
5029 struct wpa_driver_nl80211_data *drv = bss->drv;
5030 struct nl_msg *msg;
5032 msg = nlmsg_alloc();
5033 if (!msg)
5034 return -ENOMEM;
5036 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS);
5038 if (cts >= 0)
5039 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
5040 if (preamble >= 0)
5041 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
5042 if (slot >= 0)
5043 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
5044 if (ht_opmode >= 0)
5045 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode);
5046 if (ap_isolate >= 0)
5047 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate);
5049 if (basic_rates) {
5050 u8 rates[NL80211_MAX_SUPP_RATES];
5051 u8 rates_len = 0;
5052 int i;
5054 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0;
5055 i++)
5056 rates[rates_len++] = basic_rates[i] / 5;
5058 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
5059 }
5061 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
5063 return send_and_recv_msgs(drv, msg, NULL, NULL);
5064 nla_put_failure:
5065 return -ENOBUFS;
5066 }
5069 static int wpa_driver_nl80211_set_ap(void *priv,
5070 struct wpa_driver_ap_params *params)
5071 {
5072 struct i802_bss *bss = priv;
5073 struct wpa_driver_nl80211_data *drv = bss->drv;
5074 struct nl_msg *msg;
5075 u8 cmd = NL80211_CMD_NEW_BEACON;
5076 int ret;
5077 int beacon_set;
5078 int ifindex = if_nametoindex(bss->ifname);
5079 int num_suites;
5080 u32 suites[10];
5081 u32 ver;
5083 beacon_set = bss->beacon_set;
5085 msg = nlmsg_alloc();
5086 if (!msg)
5087 return -ENOMEM;
5089 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
5090 beacon_set);
5091 if (beacon_set)
5092 cmd = NL80211_CMD_SET_BEACON;
5094 nl80211_cmd(drv, msg, 0, cmd);
5095 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head);
5096 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail);
5097 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
5098 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int);
5099 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period);
5100 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
5101 params->ssid);
5102 switch (params->hide_ssid) {
5103 case NO_SSID_HIDING:
5104 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
5105 NL80211_HIDDEN_SSID_NOT_IN_USE);
5106 break;
5107 case HIDDEN_SSID_ZERO_LEN:
5108 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
5109 NL80211_HIDDEN_SSID_ZERO_LEN);
5110 break;
5111 case HIDDEN_SSID_ZERO_CONTENTS:
5112 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
5113 NL80211_HIDDEN_SSID_ZERO_CONTENTS);
5114 break;
5115 }
5116 if (params->privacy)
5117 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
5118 if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) ==
5119 (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) {
5120 /* Leave out the attribute */
5121 } else if (params->auth_algs & WPA_AUTH_ALG_SHARED)
5122 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
5123 NL80211_AUTHTYPE_SHARED_KEY);
5124 else
5125 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
5126 NL80211_AUTHTYPE_OPEN_SYSTEM);
5128 ver = 0;
5129 if (params->wpa_version & WPA_PROTO_WPA)
5130 ver |= NL80211_WPA_VERSION_1;
5131 if (params->wpa_version & WPA_PROTO_RSN)
5132 ver |= NL80211_WPA_VERSION_2;
5133 if (ver)
5134 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
5136 num_suites = 0;
5137 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X)
5138 suites[num_suites++] = WLAN_AKM_SUITE_8021X;
5139 if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)
5140 suites[num_suites++] = WLAN_AKM_SUITE_PSK;
5141 if (num_suites) {
5142 NLA_PUT(msg, NL80211_ATTR_AKM_SUITES,
5143 num_suites * sizeof(u32), suites);
5144 }
5146 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X &&
5147 params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40))
5148 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT);
5150 num_suites = 0;
5151 if (params->pairwise_ciphers & WPA_CIPHER_CCMP)
5152 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP;
5153 if (params->pairwise_ciphers & WPA_CIPHER_TKIP)
5154 suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP;
5155 if (params->pairwise_ciphers & WPA_CIPHER_WEP104)
5156 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104;
5157 if (params->pairwise_ciphers & WPA_CIPHER_WEP40)
5158 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40;
5159 if (num_suites) {
5160 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
5161 num_suites * sizeof(u32), suites);
5162 }
5164 switch (params->group_cipher) {
5165 case WPA_CIPHER_CCMP:
5166 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
5167 WLAN_CIPHER_SUITE_CCMP);
5168 break;
5169 case WPA_CIPHER_TKIP:
5170 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
5171 WLAN_CIPHER_SUITE_TKIP);
5172 break;
5173 case WPA_CIPHER_WEP104:
5174 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
5175 WLAN_CIPHER_SUITE_WEP104);
5176 break;
5177 case WPA_CIPHER_WEP40:
5178 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
5179 WLAN_CIPHER_SUITE_WEP40);
5180 break;
5181 }
5183 if (params->beacon_ies) {
5184 NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies),
5185 wpabuf_head(params->beacon_ies));
5186 }
5187 if (params->proberesp_ies) {
5188 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP,
5189 wpabuf_len(params->proberesp_ies),
5190 wpabuf_head(params->proberesp_ies));
5191 }
5192 if (params->assocresp_ies) {
5193 NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP,
5194 wpabuf_len(params->assocresp_ies),
5195 wpabuf_head(params->assocresp_ies));
5196 }
5198 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5199 if (ret) {
5200 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
5201 ret, strerror(-ret));
5202 } else {
5203 bss->beacon_set = 1;
5204 nl80211_set_bss(bss, params->cts_protect, params->preamble,
5205 params->short_slot_time, params->ht_opmode,
5206 params->isolate, params->basic_rates);
5207 }
5208 return ret;
5209 nla_put_failure:
5210 return -ENOBUFS;
5211 }
5214 static int wpa_driver_nl80211_set_freq(struct i802_bss *bss,
5215 int freq, int ht_enabled,
5216 int sec_channel_offset)
5217 {
5218 struct wpa_driver_nl80211_data *drv = bss->drv;
5219 struct nl_msg *msg;
5220 int ret;
5222 wpa_printf(MSG_DEBUG, "nl80211: Set freq %d (ht_enabled=%d "
5223 "sec_channel_offset=%d)",
5224 freq, ht_enabled, sec_channel_offset);
5225 msg = nlmsg_alloc();
5226 if (!msg)
5227 return -1;
5229 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
5231 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5232 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
5233 if (ht_enabled) {
5234 switch (sec_channel_offset) {
5235 case -1:
5236 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
5237 NL80211_CHAN_HT40MINUS);
5238 break;
5239 case 1:
5240 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
5241 NL80211_CHAN_HT40PLUS);
5242 break;
5243 default:
5244 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
5245 NL80211_CHAN_HT20);
5246 break;
5247 }
5248 }
5250 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5251 if (ret == 0) {
5252 bss->freq = freq;
5253 return 0;
5254 }
5255 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
5256 "%d (%s)", freq, ret, strerror(-ret));
5257 nla_put_failure:
5258 return -1;
5259 }
5262 static u32 sta_flags_nl80211(int flags)
5263 {
5264 u32 f = 0;
5266 if (flags & WPA_STA_AUTHORIZED)
5267 f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
5268 if (flags & WPA_STA_WMM)
5269 f |= BIT(NL80211_STA_FLAG_WME);
5270 if (flags & WPA_STA_SHORT_PREAMBLE)
5271 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
5272 if (flags & WPA_STA_MFP)
5273 f |= BIT(NL80211_STA_FLAG_MFP);
5274 if (flags & WPA_STA_TDLS_PEER)
5275 f |= BIT(NL80211_STA_FLAG_TDLS_PEER);
5277 return f;
5278 }
5281 static int wpa_driver_nl80211_sta_add(void *priv,
5282 struct hostapd_sta_add_params *params)
5283 {
5284 struct i802_bss *bss = priv;
5285 struct wpa_driver_nl80211_data *drv = bss->drv;
5286 struct nl_msg *msg;
5287 struct nl80211_sta_flag_update upd;
5288 int ret = -ENOBUFS;
5290 if ((params->flags & WPA_STA_TDLS_PEER) &&
5291 !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
5292 return -EOPNOTSUPP;
5294 msg = nlmsg_alloc();
5295 if (!msg)
5296 return -ENOMEM;
5298 nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION :
5299 NL80211_CMD_NEW_STATION);
5301 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
5302 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
5303 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
5304 params->supp_rates);
5305 if (!params->set) {
5306 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
5307 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
5308 params->listen_interval);
5309 }
5310 if (params->ht_capabilities) {
5311 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
5312 sizeof(*params->ht_capabilities),
5313 params->ht_capabilities);
5314 }
5316 os_memset(&upd, 0, sizeof(upd));
5317 upd.mask = sta_flags_nl80211(params->flags);
5318 upd.set = upd.mask;
5319 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
5321 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5322 if (ret)
5323 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION "
5324 "result: %d (%s)", params->set ? "SET" : "NEW", ret,
5325 strerror(-ret));
5326 if (ret == -EEXIST)
5327 ret = 0;
5328 nla_put_failure:
5329 return ret;
5330 }
5333 static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr)
5334 {
5335 struct i802_bss *bss = priv;
5336 struct wpa_driver_nl80211_data *drv = bss->drv;
5337 struct nl_msg *msg;
5338 int ret;
5340 msg = nlmsg_alloc();
5341 if (!msg)
5342 return -ENOMEM;
5344 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION);
5346 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
5347 if_nametoindex(bss->ifname));
5348 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5350 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5351 if (ret == -ENOENT)
5352 return 0;
5353 return ret;
5354 nla_put_failure:
5355 return -ENOBUFS;
5356 }
5359 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
5360 int ifidx)
5361 {
5362 struct nl_msg *msg;
5364 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
5366 /* stop listening for EAPOL on this interface */
5367 del_ifidx(drv, ifidx);
5369 msg = nlmsg_alloc();
5370 if (!msg)
5371 goto nla_put_failure;
5373 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE);
5374 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
5376 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
5377 return;
5378 nla_put_failure:
5379 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
5380 }
5383 static const char * nl80211_iftype_str(enum nl80211_iftype mode)
5384 {
5385 switch (mode) {
5386 case NL80211_IFTYPE_ADHOC:
5387 return "ADHOC";
5388 case NL80211_IFTYPE_STATION:
5389 return "STATION";
5390 case NL80211_IFTYPE_AP:
5391 return "AP";
5392 case NL80211_IFTYPE_MONITOR:
5393 return "MONITOR";
5394 case NL80211_IFTYPE_P2P_CLIENT:
5395 return "P2P_CLIENT";
5396 case NL80211_IFTYPE_P2P_GO:
5397 return "P2P_GO";
5398 default:
5399 return "unknown";
5400 }
5401 }
5404 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
5405 const char *ifname,
5406 enum nl80211_iftype iftype,
5407 const u8 *addr, int wds)
5408 {
5409 struct nl_msg *msg, *flags = NULL;
5410 int ifidx;
5411 int ret = -ENOBUFS;
5413 wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)",
5414 iftype, nl80211_iftype_str(iftype));
5416 msg = nlmsg_alloc();
5417 if (!msg)
5418 return -1;
5420 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE);
5421 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5422 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
5423 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
5425 if (iftype == NL80211_IFTYPE_MONITOR) {
5426 int err;
5428 flags = nlmsg_alloc();
5429 if (!flags)
5430 goto nla_put_failure;
5432 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
5434 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
5436 nlmsg_free(flags);
5438 if (err)
5439 goto nla_put_failure;
5440 } else if (wds) {
5441 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds);
5442 }
5444 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5445 if (ret) {
5446 nla_put_failure:
5447 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
5448 ifname, ret, strerror(-ret));
5449 return ret;
5450 }
5452 ifidx = if_nametoindex(ifname);
5453 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
5454 ifname, ifidx);
5456 if (ifidx <= 0)
5457 return -1;
5459 /* start listening for EAPOL on this interface */
5460 add_ifidx(drv, ifidx);
5462 if (addr && iftype != NL80211_IFTYPE_MONITOR &&
5463 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) {
5464 nl80211_remove_iface(drv, ifidx);
5465 return -1;
5466 }
5468 return ifidx;
5469 }
5472 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
5473 const char *ifname, enum nl80211_iftype iftype,
5474 const u8 *addr, int wds)
5475 {
5476 int ret;
5478 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds);
5480 /* if error occurred and interface exists already */
5481 if (ret == -ENFILE && if_nametoindex(ifname)) {
5482 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
5484 /* Try to remove the interface that was already there. */
5485 nl80211_remove_iface(drv, if_nametoindex(ifname));
5487 /* Try to create the interface again */
5488 ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
5489 wds);
5490 }
5492 if (ret >= 0 && is_p2p_interface(iftype))
5493 nl80211_disable_11b_rates(drv, ret, 1);
5495 return ret;
5496 }
5499 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
5500 {
5501 struct ieee80211_hdr *hdr;
5502 u16 fc;
5503 union wpa_event_data event;
5505 hdr = (struct ieee80211_hdr *) buf;
5506 fc = le_to_host16(hdr->frame_control);
5508 os_memset(&event, 0, sizeof(event));
5509 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
5510 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
5511 event.tx_status.dst = hdr->addr1;
5512 event.tx_status.data = buf;
5513 event.tx_status.data_len = len;
5514 event.tx_status.ack = ok;
5515 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event);
5516 }
5519 static void from_unknown_sta(struct wpa_driver_nl80211_data *drv,
5520 u8 *buf, size_t len)
5521 {
5522 struct ieee80211_hdr *hdr = (void *)buf;
5523 u16 fc;
5524 union wpa_event_data event;
5526 if (len < sizeof(*hdr))
5527 return;
5529 fc = le_to_host16(hdr->frame_control);
5531 os_memset(&event, 0, sizeof(event));
5532 event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len);
5533 event.rx_from_unknown.addr = hdr->addr2;
5534 event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) ==
5535 (WLAN_FC_FROMDS | WLAN_FC_TODS);
5536 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
5537 }
5540 static void handle_frame(struct wpa_driver_nl80211_data *drv,
5541 u8 *buf, size_t len, int datarate, int ssi_signal)
5542 {
5543 struct ieee80211_hdr *hdr;
5544 u16 fc;
5545 union wpa_event_data event;
5547 hdr = (struct ieee80211_hdr *) buf;
5548 fc = le_to_host16(hdr->frame_control);
5550 switch (WLAN_FC_GET_TYPE(fc)) {
5551 case WLAN_FC_TYPE_MGMT:
5552 os_memset(&event, 0, sizeof(event));
5553 event.rx_mgmt.frame = buf;
5554 event.rx_mgmt.frame_len = len;
5555 event.rx_mgmt.datarate = datarate;
5556 event.rx_mgmt.ssi_signal = ssi_signal;
5557 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
5558 break;
5559 case WLAN_FC_TYPE_CTRL:
5560 /* can only get here with PS-Poll frames */
5561 wpa_printf(MSG_DEBUG, "CTRL");
5562 from_unknown_sta(drv, buf, len);
5563 break;
5564 case WLAN_FC_TYPE_DATA:
5565 from_unknown_sta(drv, buf, len);
5566 break;
5567 }
5568 }
5571 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
5572 {
5573 struct wpa_driver_nl80211_data *drv = eloop_ctx;
5574 int len;
5575 unsigned char buf[3000];
5576 struct ieee80211_radiotap_iterator iter;
5577 int ret;
5578 int datarate = 0, ssi_signal = 0;
5579 int injected = 0, failed = 0, rxflags = 0;
5581 len = recv(sock, buf, sizeof(buf), 0);
5582 if (len < 0) {
5583 perror("recv");
5584 return;
5585 }
5587 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
5588 printf("received invalid radiotap frame\n");
5589 return;
5590 }
5592 while (1) {
5593 ret = ieee80211_radiotap_iterator_next(&iter);
5594 if (ret == -ENOENT)
5595 break;
5596 if (ret) {
5597 printf("received invalid radiotap frame (%d)\n", ret);
5598 return;
5599 }
5600 switch (iter.this_arg_index) {
5601 case IEEE80211_RADIOTAP_FLAGS:
5602 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
5603 len -= 4;
5604 break;
5605 case IEEE80211_RADIOTAP_RX_FLAGS:
5606 rxflags = 1;
5607 break;
5608 case IEEE80211_RADIOTAP_TX_FLAGS:
5609 injected = 1;
5610 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
5611 IEEE80211_RADIOTAP_F_TX_FAIL;
5612 break;
5613 case IEEE80211_RADIOTAP_DATA_RETRIES:
5614 break;
5615 case IEEE80211_RADIOTAP_CHANNEL:
5616 /* TODO: convert from freq/flags to channel number */
5617 break;
5618 case IEEE80211_RADIOTAP_RATE:
5619 datarate = *iter.this_arg * 5;
5620 break;
5621 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
5622 ssi_signal = *iter.this_arg;
5623 break;
5624 }
5625 }
5627 if (rxflags && injected)
5628 return;
5630 if (!injected)
5631 handle_frame(drv, buf + iter.max_length,
5632 len - iter.max_length, datarate, ssi_signal);
5633 else
5634 handle_tx_callback(drv->ctx, buf + iter.max_length,
5635 len - iter.max_length, !failed);
5636 }
5639 /*
5640 * we post-process the filter code later and rewrite
5641 * this to the offset to the last instruction
5642 */
5643 #define PASS 0xFF
5644 #define FAIL 0xFE
5646 static struct sock_filter msock_filter_insns[] = {
5647 /*
5648 * do a little-endian load of the radiotap length field
5649 */
5650 /* load lower byte into A */
5651 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
5652 /* put it into X (== index register) */
5653 BPF_STMT(BPF_MISC| BPF_TAX, 0),
5654 /* load upper byte into A */
5655 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
5656 /* left-shift it by 8 */
5657 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
5658 /* or with X */
5659 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
5660 /* put result into X */
5661 BPF_STMT(BPF_MISC| BPF_TAX, 0),
5663 /*
5664 * Allow management frames through, this also gives us those
5665 * management frames that we sent ourselves with status
5666 */
5667 /* load the lower byte of the IEEE 802.11 frame control field */
5668 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
5669 /* mask off frame type and version */
5670 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
5671 /* accept frame if it's both 0, fall through otherwise */
5672 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
5674 /*
5675 * TODO: add a bit to radiotap RX flags that indicates
5676 * that the sending station is not associated, then
5677 * add a filter here that filters on our DA and that flag
5678 * to allow us to deauth frames to that bad station.
5679 *
5680 * For now allow all To DS data frames through.
5681 */
5682 /* load the IEEE 802.11 frame control field */
5683 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0),
5684 /* mask off frame type, version and DS status */
5685 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03),
5686 /* accept frame if version 0, type 2 and To DS, fall through otherwise
5687 */
5688 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0),
5690 #if 0
5691 /*
5692 * drop non-data frames
5693 */
5694 /* load the lower byte of the frame control field */
5695 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
5696 /* mask off QoS bit */
5697 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
5698 /* drop non-data frames */
5699 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
5700 #endif
5701 /* load the upper byte of the frame control field */
5702 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1),
5703 /* mask off toDS/fromDS */
5704 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
5705 /* accept WDS frames */
5706 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0),
5708 /*
5709 * add header length to index
5710 */
5711 /* load the lower byte of the frame control field */
5712 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
5713 /* mask off QoS bit */
5714 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
5715 /* right shift it by 6 to give 0 or 2 */
5716 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
5717 /* add data frame header length */
5718 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
5719 /* add index, was start of 802.11 header */
5720 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
5721 /* move to index, now start of LL header */
5722 BPF_STMT(BPF_MISC | BPF_TAX, 0),
5724 /*
5725 * Accept empty data frames, we use those for
5726 * polling activity.
5727 */
5728 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
5729 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
5731 /*
5732 * Accept EAPOL frames
5733 */
5734 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
5735 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
5736 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
5737 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
5739 /* keep these last two statements or change the code below */
5740 /* return 0 == "DROP" */
5741 BPF_STMT(BPF_RET | BPF_K, 0),
5742 /* return ~0 == "keep all" */
5743 BPF_STMT(BPF_RET | BPF_K, ~0),
5744 };
5746 static struct sock_fprog msock_filter = {
5747 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
5748 .filter = msock_filter_insns,
5749 };
5752 static int add_monitor_filter(int s)
5753 {
5754 int idx;
5756 /* rewrite all PASS/FAIL jump offsets */
5757 for (idx = 0; idx < msock_filter.len; idx++) {
5758 struct sock_filter *insn = &msock_filter_insns[idx];
5760 if (BPF_CLASS(insn->code) == BPF_JMP) {
5761 if (insn->code == (BPF_JMP|BPF_JA)) {
5762 if (insn->k == PASS)
5763 insn->k = msock_filter.len - idx - 2;
5764 else if (insn->k == FAIL)
5765 insn->k = msock_filter.len - idx - 3;
5766 }
5768 if (insn->jt == PASS)
5769 insn->jt = msock_filter.len - idx - 2;
5770 else if (insn->jt == FAIL)
5771 insn->jt = msock_filter.len - idx - 3;
5773 if (insn->jf == PASS)
5774 insn->jf = msock_filter.len - idx - 2;
5775 else if (insn->jf == FAIL)
5776 insn->jf = msock_filter.len - idx - 3;
5777 }
5778 }
5780 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
5781 &msock_filter, sizeof(msock_filter))) {
5782 perror("SO_ATTACH_FILTER");
5783 return -1;
5784 }
5786 return 0;
5787 }
5790 static void nl80211_remove_monitor_interface(
5791 struct wpa_driver_nl80211_data *drv)
5792 {
5793 drv->monitor_refcount--;
5794 if (drv->monitor_refcount > 0)
5795 return;
5797 if (drv->monitor_ifidx >= 0) {
5798 nl80211_remove_iface(drv, drv->monitor_ifidx);
5799 drv->monitor_ifidx = -1;
5800 }
5801 if (drv->monitor_sock >= 0) {
5802 eloop_unregister_read_sock(drv->monitor_sock);
5803 close(drv->monitor_sock);
5804 drv->monitor_sock = -1;
5805 }
5806 }
5809 static int
5810 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
5811 {
5812 char buf[IFNAMSIZ];
5813 struct sockaddr_ll ll;
5814 int optval;
5815 socklen_t optlen;
5817 if (drv->monitor_ifidx >= 0) {
5818 drv->monitor_refcount++;
5819 return 0;
5820 }
5822 if (os_strncmp(drv->first_bss.ifname, "p2p-", 4) == 0) {
5823 /*
5824 * P2P interface name is of the format p2p-%s-%d. For monitor
5825 * interface name corresponding to P2P GO, replace "p2p-" with
5826 * "mon-" to retain the same interface name length and to
5827 * indicate that it is a monitor interface.
5828 */
5829 snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss.ifname + 4);
5830 } else {
5831 /* Non-P2P interface with AP functionality. */
5832 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname);
5833 }
5835 buf[IFNAMSIZ - 1] = '\0';
5837 drv->monitor_ifidx =
5838 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL,
5839 0);
5841 if (drv->monitor_ifidx == -EOPNOTSUPP) {
5842 /*
5843 * This is backward compatibility for a few versions of
5844 * the kernel only that didn't advertise the right
5845 * attributes for the only driver that then supported
5846 * AP mode w/o monitor -- ath6kl.
5847 */
5848 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support "
5849 "monitor interface type - try to run without it");
5850 drv->device_ap_sme = 1;
5851 }
5853 if (drv->monitor_ifidx < 0)
5854 return -1;
5856 if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1))
5857 goto error;
5859 memset(&ll, 0, sizeof(ll));
5860 ll.sll_family = AF_PACKET;
5861 ll.sll_ifindex = drv->monitor_ifidx;
5862 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
5863 if (drv->monitor_sock < 0) {
5864 perror("socket[PF_PACKET,SOCK_RAW]");
5865 goto error;
5866 }
5868 if (add_monitor_filter(drv->monitor_sock)) {
5869 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
5870 "interface; do filtering in user space");
5871 /* This works, but will cost in performance. */
5872 }
5874 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
5875 perror("monitor socket bind");
5876 goto error;
5877 }
5879 optlen = sizeof(optval);
5880 optval = 20;
5881 if (setsockopt
5882 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
5883 perror("Failed to set socket priority");
5884 goto error;
5885 }
5887 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
5888 drv, NULL)) {
5889 printf("Could not register monitor read socket\n");
5890 goto error;
5891 }
5893 return 0;
5894 error:
5895 nl80211_remove_monitor_interface(drv);
5896 return -1;
5897 }
5900 static int nl80211_setup_ap(struct i802_bss *bss)
5901 {
5902 struct wpa_driver_nl80211_data *drv = bss->drv;
5904 /*
5905 * Disable Probe Request reporting unless we need it in this way for
5906 * devices that include the AP SME, in the other case (unless using
5907 * monitor iface) we'll get it through the nl_mgmt socket instead.
5908 */
5909 if (!drv->device_ap_sme)
5910 wpa_driver_nl80211_probe_req_report(bss, 0);
5912 if (!drv->device_ap_sme && !drv->use_monitor)
5913 if (nl80211_mgmt_subscribe_ap(bss))
5914 return -1;
5916 if (!drv->device_ap_sme && drv->use_monitor &&
5917 nl80211_create_monitor_interface(drv) &&
5918 !drv->device_ap_sme)
5919 return -1;
5921 if (drv->device_ap_sme &&
5922 wpa_driver_nl80211_probe_req_report(bss, 1) < 0) {
5923 wpa_printf(MSG_DEBUG, "nl80211: Failed to enable "
5924 "Probe Request frame reporting in AP mode");
5925 /* Try to survive without this */
5926 }
5928 return 0;
5929 }
5932 static void nl80211_teardown_ap(struct i802_bss *bss)
5933 {
5934 struct wpa_driver_nl80211_data *drv = bss->drv;
5936 if (drv->device_ap_sme)
5937 wpa_driver_nl80211_probe_req_report(bss, 0);
5938 else if (drv->use_monitor)
5939 nl80211_remove_monitor_interface(drv);
5940 else
5941 nl80211_mgmt_unsubscribe(bss);
5943 bss->beacon_set = 0;
5944 }
5947 static int nl80211_send_eapol_data(struct i802_bss *bss,
5948 const u8 *addr, const u8 *data,
5949 size_t data_len)
5950 {
5951 struct sockaddr_ll ll;
5952 int ret;
5954 if (bss->drv->eapol_tx_sock < 0) {
5955 wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL");
5956 return -1;
5957 }
5959 os_memset(&ll, 0, sizeof(ll));
5960 ll.sll_family = AF_PACKET;
5961 ll.sll_ifindex = bss->ifindex;
5962 ll.sll_protocol = htons(ETH_P_PAE);
5963 ll.sll_halen = ETH_ALEN;
5964 os_memcpy(ll.sll_addr, addr, ETH_ALEN);
5965 ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0,
5966 (struct sockaddr *) &ll, sizeof(ll));
5967 if (ret < 0)
5968 wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s",
5969 strerror(errno));
5971 return ret;
5972 }
5975 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
5977 static int wpa_driver_nl80211_hapd_send_eapol(
5978 void *priv, const u8 *addr, const u8 *data,
5979 size_t data_len, int encrypt, const u8 *own_addr, u32 flags)
5980 {
5981 struct i802_bss *bss = priv;
5982 struct wpa_driver_nl80211_data *drv = bss->drv;
5983 struct ieee80211_hdr *hdr;
5984 size_t len;
5985 u8 *pos;
5986 int res;
5987 int qos = flags & WPA_STA_WMM;
5989 if (drv->device_ap_sme || !drv->use_monitor)
5990 return nl80211_send_eapol_data(bss, addr, data, data_len);
5992 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
5993 data_len;
5994 hdr = os_zalloc(len);
5995 if (hdr == NULL) {
5996 printf("malloc() failed for i802_send_data(len=%lu)\n",
5997 (unsigned long) len);
5998 return -1;
5999 }
6001 hdr->frame_control =
6002 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
6003 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
6004 if (encrypt)
6005 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
6006 if (qos) {
6007 hdr->frame_control |=
6008 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
6009 }
6011 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
6012 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
6013 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
6014 pos = (u8 *) (hdr + 1);
6016 if (qos) {
6017 /* add an empty QoS header if needed */
6018 pos[0] = 0;
6019 pos[1] = 0;
6020 pos += 2;
6021 }
6023 memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
6024 pos += sizeof(rfc1042_header);
6025 WPA_PUT_BE16(pos, ETH_P_PAE);
6026 pos += 2;
6027 memcpy(pos, data, data_len);
6029 res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0);
6030 if (res < 0) {
6031 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
6032 "failed: %d (%s)",
6033 (unsigned long) len, errno, strerror(errno));
6034 }
6035 os_free(hdr);
6037 return res;
6038 }
6041 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
6042 int total_flags,
6043 int flags_or, int flags_and)
6044 {
6045 struct i802_bss *bss = priv;
6046 struct wpa_driver_nl80211_data *drv = bss->drv;
6047 struct nl_msg *msg, *flags = NULL;
6048 struct nl80211_sta_flag_update upd;
6050 msg = nlmsg_alloc();
6051 if (!msg)
6052 return -ENOMEM;
6054 flags = nlmsg_alloc();
6055 if (!flags) {
6056 nlmsg_free(msg);
6057 return -ENOMEM;
6058 }
6060 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
6062 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
6063 if_nametoindex(bss->ifname));
6064 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
6066 /*
6067 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
6068 * can be removed eventually.
6069 */
6070 if (total_flags & WPA_STA_AUTHORIZED)
6071 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
6073 if (total_flags & WPA_STA_WMM)
6074 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
6076 if (total_flags & WPA_STA_SHORT_PREAMBLE)
6077 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
6079 if (total_flags & WPA_STA_MFP)
6080 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP);
6082 if (total_flags & WPA_STA_TDLS_PEER)
6083 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_TDLS_PEER);
6085 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
6086 goto nla_put_failure;
6088 os_memset(&upd, 0, sizeof(upd));
6089 upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
6090 upd.set = sta_flags_nl80211(flags_or);
6091 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
6093 nlmsg_free(flags);
6095 return send_and_recv_msgs(drv, msg, NULL, NULL);
6096 nla_put_failure:
6097 nlmsg_free(flags);
6098 return -ENOBUFS;
6099 }
6102 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
6103 struct wpa_driver_associate_params *params)
6104 {
6105 enum nl80211_iftype nlmode;
6107 if (params->p2p) {
6108 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P "
6109 "group (GO)");
6110 nlmode = NL80211_IFTYPE_P2P_GO;
6111 } else
6112 nlmode = NL80211_IFTYPE_AP;
6114 if (wpa_driver_nl80211_set_mode(&drv->first_bss, nlmode) ||
6115 wpa_driver_nl80211_set_freq(&drv->first_bss, params->freq, 0, 0)) {
6116 nl80211_remove_monitor_interface(drv);
6117 return -1;
6118 }
6120 return 0;
6121 }
6124 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv)
6125 {
6126 struct nl_msg *msg;
6127 int ret = -1;
6129 msg = nlmsg_alloc();
6130 if (!msg)
6131 return -1;
6133 nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS);
6134 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6135 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6136 msg = NULL;
6137 if (ret) {
6138 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
6139 "(%s)", ret, strerror(-ret));
6140 goto nla_put_failure;
6141 }
6143 ret = 0;
6144 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully");
6146 nla_put_failure:
6147 nlmsg_free(msg);
6148 return ret;
6149 }
6152 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
6153 struct wpa_driver_associate_params *params)
6154 {
6155 struct nl_msg *msg;
6156 int ret = -1;
6157 int count = 0;
6159 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
6161 if (wpa_driver_nl80211_set_mode(&drv->first_bss,
6162 NL80211_IFTYPE_ADHOC)) {
6163 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
6164 "IBSS mode");
6165 return -1;
6166 }
6168 retry:
6169 msg = nlmsg_alloc();
6170 if (!msg)
6171 return -1;
6173 nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS);
6174 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6176 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
6177 goto nla_put_failure;
6179 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
6180 params->ssid, params->ssid_len);
6181 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
6182 params->ssid);
6183 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
6184 drv->ssid_len = params->ssid_len;
6186 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
6187 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
6189 ret = nl80211_set_conn_keys(params, msg);
6190 if (ret)
6191 goto nla_put_failure;
6193 if (params->wpa_ie) {
6194 wpa_hexdump(MSG_DEBUG,
6195 " * Extra IEs for Beacon/Probe Response frames",
6196 params->wpa_ie, params->wpa_ie_len);
6197 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
6198 params->wpa_ie);
6199 }
6201 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6202 msg = NULL;
6203 if (ret) {
6204 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
6205 ret, strerror(-ret));
6206 count++;
6207 if (ret == -EALREADY && count == 1) {
6208 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
6209 "forced leave");
6210 nl80211_leave_ibss(drv);
6211 nlmsg_free(msg);
6212 goto retry;
6213 }
6215 goto nla_put_failure;
6216 }
6217 ret = 0;
6218 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully");
6220 nla_put_failure:
6221 nlmsg_free(msg);
6222 return ret;
6223 }
6226 static unsigned int nl80211_get_assoc_bssid(struct wpa_driver_nl80211_data *drv,
6227 u8 *bssid)
6228 {
6229 struct nl_msg *msg;
6230 int ret;
6231 struct nl80211_bss_info_arg arg;
6233 os_memset(&arg, 0, sizeof(arg));
6234 msg = nlmsg_alloc();
6235 if (!msg)
6236 goto nla_put_failure;
6238 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
6239 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6241 arg.drv = drv;
6242 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
6243 msg = NULL;
6244 if (ret == 0) {
6245 if (is_zero_ether_addr(arg.assoc_bssid))
6246 return -ENOTCONN;
6247 os_memcpy(bssid, arg.assoc_bssid, ETH_ALEN);
6248 return 0;
6249 }
6250 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
6251 "(%s)", ret, strerror(-ret));
6252 nla_put_failure:
6253 nlmsg_free(msg);
6254 return drv->assoc_freq;
6255 }
6258 static int nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
6259 const u8 *bssid)
6260 {
6261 u8 addr[ETH_ALEN];
6263 if (bssid == NULL) {
6264 int res = nl80211_get_assoc_bssid(drv, addr);
6265 if (res)
6266 return res;
6267 bssid = addr;
6268 }
6270 return wpa_driver_nl80211_disconnect(drv, bssid,
6271 WLAN_REASON_PREV_AUTH_NOT_VALID);
6272 }
6275 static int wpa_driver_nl80211_connect(
6276 struct wpa_driver_nl80211_data *drv,
6277 struct wpa_driver_associate_params *params)
6278 {
6279 struct nl_msg *msg;
6280 enum nl80211_auth_type type;
6281 int ret = 0;
6282 int algs;
6284 msg = nlmsg_alloc();
6285 if (!msg)
6286 return -1;
6288 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
6289 nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT);
6291 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6292 if (params->bssid) {
6293 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
6294 MAC2STR(params->bssid));
6295 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
6296 }
6297 if (params->freq) {
6298 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
6299 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
6300 }
6301 if (params->ssid) {
6302 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
6303 params->ssid, params->ssid_len);
6304 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
6305 params->ssid);
6306 if (params->ssid_len > sizeof(drv->ssid))
6307 goto nla_put_failure;
6308 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
6309 drv->ssid_len = params->ssid_len;
6310 }
6311 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
6312 if (params->wpa_ie)
6313 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
6314 params->wpa_ie);
6316 algs = 0;
6317 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
6318 algs++;
6319 if (params->auth_alg & WPA_AUTH_ALG_SHARED)
6320 algs++;
6321 if (params->auth_alg & WPA_AUTH_ALG_LEAP)
6322 algs++;
6323 if (algs > 1) {
6324 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic "
6325 "selection");
6326 goto skip_auth_type;
6327 }
6329 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
6330 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
6331 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
6332 type = NL80211_AUTHTYPE_SHARED_KEY;
6333 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
6334 type = NL80211_AUTHTYPE_NETWORK_EAP;
6335 else if (params->auth_alg & WPA_AUTH_ALG_FT)
6336 type = NL80211_AUTHTYPE_FT;
6337 else
6338 goto nla_put_failure;
6340 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
6341 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
6343 skip_auth_type:
6344 if (params->wpa_proto) {
6345 enum nl80211_wpa_versions ver = 0;
6347 if (params->wpa_proto & WPA_PROTO_WPA)
6348 ver |= NL80211_WPA_VERSION_1;
6349 if (params->wpa_proto & WPA_PROTO_RSN)
6350 ver |= NL80211_WPA_VERSION_2;
6352 wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver);
6353 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
6354 }
6356 if (params->pairwise_suite != CIPHER_NONE) {
6357 int cipher;
6359 switch (params->pairwise_suite) {
6360 case CIPHER_WEP40:
6361 cipher = WLAN_CIPHER_SUITE_WEP40;
6362 break;
6363 case CIPHER_WEP104:
6364 cipher = WLAN_CIPHER_SUITE_WEP104;
6365 break;
6366 case CIPHER_CCMP:
6367 cipher = WLAN_CIPHER_SUITE_CCMP;
6368 break;
6369 case CIPHER_TKIP:
6370 default:
6371 cipher = WLAN_CIPHER_SUITE_TKIP;
6372 break;
6373 }
6374 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
6375 }
6377 if (params->group_suite != CIPHER_NONE) {
6378 int cipher;
6380 switch (params->group_suite) {
6381 case CIPHER_WEP40:
6382 cipher = WLAN_CIPHER_SUITE_WEP40;
6383 break;
6384 case CIPHER_WEP104:
6385 cipher = WLAN_CIPHER_SUITE_WEP104;
6386 break;
6387 case CIPHER_CCMP:
6388 cipher = WLAN_CIPHER_SUITE_CCMP;
6389 break;
6390 case CIPHER_TKIP:
6391 default:
6392 cipher = WLAN_CIPHER_SUITE_TKIP;
6393 break;
6394 }
6395 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
6396 }
6398 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
6399 params->key_mgmt_suite == KEY_MGMT_PSK) {
6400 int mgmt = WLAN_AKM_SUITE_PSK;
6402 switch (params->key_mgmt_suite) {
6403 case KEY_MGMT_802_1X:
6404 mgmt = WLAN_AKM_SUITE_8021X;
6405 break;
6406 case KEY_MGMT_PSK:
6407 default:
6408 mgmt = WLAN_AKM_SUITE_PSK;
6409 break;
6410 }
6411 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt);
6412 }
6414 ret = nl80211_set_conn_keys(params, msg);
6415 if (ret)
6416 goto nla_put_failure;
6418 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6419 msg = NULL;
6420 if (ret) {
6421 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
6422 "(%s)", ret, strerror(-ret));
6423 /*
6424 * cfg80211 does not currently accept new connection if we are
6425 * already connected. As a workaround, force disconnection and
6426 * try again once the driver indicates it completed
6427 * disconnection.
6428 */
6429 if (ret == -EALREADY)
6430 nl80211_disconnect(drv, params->bssid);
6431 goto nla_put_failure;
6432 }
6433 ret = 0;
6434 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully");
6436 nla_put_failure:
6437 nlmsg_free(msg);
6438 return ret;
6440 }
6443 static int wpa_driver_nl80211_associate(
6444 void *priv, struct wpa_driver_associate_params *params)
6445 {
6446 struct i802_bss *bss = priv;
6447 struct wpa_driver_nl80211_data *drv = bss->drv;
6448 int ret = -1;
6449 struct nl_msg *msg;
6451 if (params->mode == IEEE80211_MODE_AP)
6452 return wpa_driver_nl80211_ap(drv, params);
6454 if (params->mode == IEEE80211_MODE_IBSS)
6455 return wpa_driver_nl80211_ibss(drv, params);
6457 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
6458 enum nl80211_iftype nlmode = params->p2p ?
6459 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
6461 if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
6462 return -1;
6463 return wpa_driver_nl80211_connect(drv, params);
6464 }
6466 drv->associated = 0;
6468 msg = nlmsg_alloc();
6469 if (!msg)
6470 return -1;
6472 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
6473 drv->ifindex);
6474 nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE);
6476 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6477 if (params->bssid) {
6478 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
6479 MAC2STR(params->bssid));
6480 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
6481 }
6482 if (params->freq) {
6483 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
6484 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
6485 drv->assoc_freq = params->freq;
6486 } else
6487 drv->assoc_freq = 0;
6488 if (params->ssid) {
6489 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
6490 params->ssid, params->ssid_len);
6491 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
6492 params->ssid);
6493 if (params->ssid_len > sizeof(drv->ssid))
6494 goto nla_put_failure;
6495 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
6496 drv->ssid_len = params->ssid_len;
6497 }
6498 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
6499 if (params->wpa_ie)
6500 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
6501 params->wpa_ie);
6503 if (params->pairwise_suite != CIPHER_NONE) {
6504 int cipher;
6506 switch (params->pairwise_suite) {
6507 case CIPHER_WEP40:
6508 cipher = WLAN_CIPHER_SUITE_WEP40;
6509 break;
6510 case CIPHER_WEP104:
6511 cipher = WLAN_CIPHER_SUITE_WEP104;
6512 break;
6513 case CIPHER_CCMP:
6514 cipher = WLAN_CIPHER_SUITE_CCMP;
6515 break;
6516 case CIPHER_TKIP:
6517 default:
6518 cipher = WLAN_CIPHER_SUITE_TKIP;
6519 break;
6520 }
6521 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher);
6522 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
6523 }
6525 if (params->group_suite != CIPHER_NONE) {
6526 int cipher;
6528 switch (params->group_suite) {
6529 case CIPHER_WEP40:
6530 cipher = WLAN_CIPHER_SUITE_WEP40;
6531 break;
6532 case CIPHER_WEP104:
6533 cipher = WLAN_CIPHER_SUITE_WEP104;
6534 break;
6535 case CIPHER_CCMP:
6536 cipher = WLAN_CIPHER_SUITE_CCMP;
6537 break;
6538 case CIPHER_TKIP:
6539 default:
6540 cipher = WLAN_CIPHER_SUITE_TKIP;
6541 break;
6542 }
6543 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher);
6544 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
6545 }
6547 #ifdef CONFIG_IEEE80211W
6548 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED)
6549 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
6550 #endif /* CONFIG_IEEE80211W */
6552 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
6554 if (params->prev_bssid) {
6555 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR,
6556 MAC2STR(params->prev_bssid));
6557 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
6558 params->prev_bssid);
6559 }
6561 if (params->p2p)
6562 wpa_printf(MSG_DEBUG, " * P2P group");
6564 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6565 msg = NULL;
6566 if (ret) {
6567 wpa_dbg(drv->ctx, MSG_DEBUG,
6568 "nl80211: MLME command failed (assoc): ret=%d (%s)",
6569 ret, strerror(-ret));
6570 nl80211_dump_scan(drv);
6571 goto nla_put_failure;
6572 }
6573 ret = 0;
6574 wpa_printf(MSG_DEBUG, "nl80211: Association request send "
6575 "successfully");
6577 nla_put_failure:
6578 nlmsg_free(msg);
6579 return ret;
6580 }
6583 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
6584 int ifindex, enum nl80211_iftype mode)
6585 {
6586 struct nl_msg *msg;
6587 int ret = -ENOBUFS;
6589 wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)",
6590 ifindex, mode, nl80211_iftype_str(mode));
6592 msg = nlmsg_alloc();
6593 if (!msg)
6594 return -ENOMEM;
6596 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE);
6597 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
6598 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
6600 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6601 if (!ret)
6602 return 0;
6603 nla_put_failure:
6604 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
6605 " %d (%s)", ifindex, mode, ret, strerror(-ret));
6606 return ret;
6607 }
6610 static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
6611 enum nl80211_iftype nlmode)
6612 {
6613 struct wpa_driver_nl80211_data *drv = bss->drv;
6614 int ret = -1;
6615 int i;
6616 int was_ap = is_ap_interface(drv->nlmode);
6618 if (nl80211_set_mode(drv, drv->ifindex, nlmode) == 0) {
6619 drv->nlmode = nlmode;
6620 ret = 0;
6621 goto done;
6622 }
6624 if (nlmode == drv->nlmode) {
6625 wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
6626 "requested mode - ignore error");
6627 ret = 0;
6628 goto done; /* Already in the requested mode */
6629 }
6631 /* mac80211 doesn't allow mode changes while the device is up, so
6632 * take the device down, try to set the mode again, and bring the
6633 * device back up.
6634 */
6635 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting "
6636 "interface down");
6637 for (i = 0; i < 10; i++) {
6638 int res;
6639 res = linux_set_iface_flags(drv->global->ioctl_sock,
6640 bss->ifname, 0);
6641 if (res == -EACCES || res == -ENODEV)
6642 break;
6643 if (res == 0) {
6644 /* Try to set the mode again while the interface is
6645 * down */
6646 ret = nl80211_set_mode(drv, drv->ifindex, nlmode);
6647 if (ret == -EACCES)
6648 break;
6649 res = linux_set_iface_flags(drv->global->ioctl_sock,
6650 bss->ifname, 1);
6651 if (res && !ret)
6652 ret = -1;
6653 else if (ret != -EBUSY)
6654 break;
6655 } else
6656 wpa_printf(MSG_DEBUG, "nl80211: Failed to set "
6657 "interface down");
6658 os_sleep(0, 100000);
6659 }
6661 if (!ret) {
6662 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
6663 "interface is down");
6664 drv->nlmode = nlmode;
6665 drv->ignore_if_down_event = 1;
6666 }
6668 done:
6669 if (ret) {
6670 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
6671 "from %d failed", nlmode, drv->nlmode);
6672 return ret;
6673 }
6675 if (is_ap_interface(nlmode)) {
6676 nl80211_mgmt_unsubscribe(bss);
6677 /* Setup additional AP mode functionality if needed */
6678 if (nl80211_setup_ap(bss))
6679 return -1;
6680 } else if (was_ap) {
6681 /* Remove additional AP mode functionality */
6682 nl80211_teardown_ap(bss);
6683 } else {
6684 nl80211_mgmt_unsubscribe(bss);
6685 }
6687 if (!is_ap_interface(nlmode) &&
6688 nl80211_mgmt_subscribe_non_ap(bss) < 0)
6689 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
6690 "frame processing - ignore for now");
6692 return 0;
6693 }
6696 static int wpa_driver_nl80211_get_capa(void *priv,
6697 struct wpa_driver_capa *capa)
6698 {
6699 struct i802_bss *bss = priv;
6700 struct wpa_driver_nl80211_data *drv = bss->drv;
6701 if (!drv->has_capability)
6702 return -1;
6703 os_memcpy(capa, &drv->capa, sizeof(*capa));
6704 return 0;
6705 }
6708 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
6709 {
6710 struct i802_bss *bss = priv;
6711 struct wpa_driver_nl80211_data *drv = bss->drv;
6713 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
6714 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
6715 drv->operstate = state;
6716 return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1,
6717 state ? IF_OPER_UP : IF_OPER_DORMANT);
6718 }
6721 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
6722 {
6723 struct i802_bss *bss = priv;
6724 struct wpa_driver_nl80211_data *drv = bss->drv;
6725 struct nl_msg *msg;
6726 struct nl80211_sta_flag_update upd;
6728 msg = nlmsg_alloc();
6729 if (!msg)
6730 return -ENOMEM;
6732 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
6734 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
6735 if_nametoindex(bss->ifname));
6736 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
6738 os_memset(&upd, 0, sizeof(upd));
6739 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
6740 if (authorized)
6741 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
6742 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
6744 return send_and_recv_msgs(drv, msg, NULL, NULL);
6745 nla_put_failure:
6746 return -ENOBUFS;
6747 }
6750 /* Set kernel driver on given frequency (MHz) */
6751 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
6752 {
6753 struct i802_bss *bss = priv;
6754 return wpa_driver_nl80211_set_freq(bss, freq->freq, freq->ht_enabled,
6755 freq->sec_channel_offset);
6756 }
6759 #if defined(HOSTAPD) || defined(CONFIG_AP)
6761 static inline int min_int(int a, int b)
6762 {
6763 if (a < b)
6764 return a;
6765 return b;
6766 }
6769 static int get_key_handler(struct nl_msg *msg, void *arg)
6770 {
6771 struct nlattr *tb[NL80211_ATTR_MAX + 1];
6772 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6774 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6775 genlmsg_attrlen(gnlh, 0), NULL);
6777 /*
6778 * TODO: validate the key index and mac address!
6779 * Otherwise, there's a race condition as soon as
6780 * the kernel starts sending key notifications.
6781 */
6783 if (tb[NL80211_ATTR_KEY_SEQ])
6784 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
6785 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
6786 return NL_SKIP;
6787 }
6790 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
6791 int idx, u8 *seq)
6792 {
6793 struct i802_bss *bss = priv;
6794 struct wpa_driver_nl80211_data *drv = bss->drv;
6795 struct nl_msg *msg;
6797 msg = nlmsg_alloc();
6798 if (!msg)
6799 return -ENOMEM;
6801 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY);
6803 if (addr)
6804 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
6805 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
6806 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
6808 memset(seq, 0, 6);
6810 return send_and_recv_msgs(drv, msg, get_key_handler, seq);
6811 nla_put_failure:
6812 return -ENOBUFS;
6813 }
6816 static int i802_set_rts(void *priv, int rts)
6817 {
6818 struct i802_bss *bss = priv;
6819 struct wpa_driver_nl80211_data *drv = bss->drv;
6820 struct nl_msg *msg;
6821 int ret = -ENOBUFS;
6822 u32 val;
6824 msg = nlmsg_alloc();
6825 if (!msg)
6826 return -ENOMEM;
6828 if (rts >= 2347)
6829 val = (u32) -1;
6830 else
6831 val = rts;
6833 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
6834 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6835 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val);
6837 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6838 if (!ret)
6839 return 0;
6840 nla_put_failure:
6841 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
6842 "%d (%s)", rts, ret, strerror(-ret));
6843 return ret;
6844 }
6847 static int i802_set_frag(void *priv, int frag)
6848 {
6849 struct i802_bss *bss = priv;
6850 struct wpa_driver_nl80211_data *drv = bss->drv;
6851 struct nl_msg *msg;
6852 int ret = -ENOBUFS;
6853 u32 val;
6855 msg = nlmsg_alloc();
6856 if (!msg)
6857 return -ENOMEM;
6859 if (frag >= 2346)
6860 val = (u32) -1;
6861 else
6862 val = frag;
6864 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
6865 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6866 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val);
6868 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6869 if (!ret)
6870 return 0;
6871 nla_put_failure:
6872 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
6873 "%d: %d (%s)", frag, ret, strerror(-ret));
6874 return ret;
6875 }
6878 static int i802_flush(void *priv)
6879 {
6880 struct i802_bss *bss = priv;
6881 struct wpa_driver_nl80211_data *drv = bss->drv;
6882 struct nl_msg *msg;
6884 msg = nlmsg_alloc();
6885 if (!msg)
6886 return -1;
6888 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION);
6890 /*
6891 * XXX: FIX! this needs to flush all VLANs too
6892 */
6893 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
6894 if_nametoindex(bss->ifname));
6896 return send_and_recv_msgs(drv, msg, NULL, NULL);
6897 nla_put_failure:
6898 return -ENOBUFS;
6899 }
6902 static int get_sta_handler(struct nl_msg *msg, void *arg)
6903 {
6904 struct nlattr *tb[NL80211_ATTR_MAX + 1];
6905 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6906 struct hostap_sta_driver_data *data = arg;
6907 struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
6908 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
6909 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
6910 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
6911 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
6912 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
6913 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
6914 };
6916 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6917 genlmsg_attrlen(gnlh, 0), NULL);
6919 /*
6920 * TODO: validate the interface and mac address!
6921 * Otherwise, there's a race condition as soon as
6922 * the kernel starts sending station notifications.
6923 */
6925 if (!tb[NL80211_ATTR_STA_INFO]) {
6926 wpa_printf(MSG_DEBUG, "sta stats missing!");
6927 return NL_SKIP;
6928 }
6929 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
6930 tb[NL80211_ATTR_STA_INFO],
6931 stats_policy)) {
6932 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
6933 return NL_SKIP;
6934 }
6936 if (stats[NL80211_STA_INFO_INACTIVE_TIME])
6937 data->inactive_msec =
6938 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
6939 if (stats[NL80211_STA_INFO_RX_BYTES])
6940 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
6941 if (stats[NL80211_STA_INFO_TX_BYTES])
6942 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
6943 if (stats[NL80211_STA_INFO_RX_PACKETS])
6944 data->rx_packets =
6945 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
6946 if (stats[NL80211_STA_INFO_TX_PACKETS])
6947 data->tx_packets =
6948 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
6950 return NL_SKIP;
6951 }
6953 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
6954 const u8 *addr)
6955 {
6956 struct i802_bss *bss = priv;
6957 struct wpa_driver_nl80211_data *drv = bss->drv;
6958 struct nl_msg *msg;
6960 os_memset(data, 0, sizeof(*data));
6961 msg = nlmsg_alloc();
6962 if (!msg)
6963 return -ENOMEM;
6965 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION);
6967 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
6968 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
6970 return send_and_recv_msgs(drv, msg, get_sta_handler, data);
6971 nla_put_failure:
6972 return -ENOBUFS;
6973 }
6976 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
6977 int cw_min, int cw_max, int burst_time)
6978 {
6979 struct i802_bss *bss = priv;
6980 struct wpa_driver_nl80211_data *drv = bss->drv;
6981 struct nl_msg *msg;
6982 struct nlattr *txq, *params;
6984 msg = nlmsg_alloc();
6985 if (!msg)
6986 return -1;
6988 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
6990 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
6992 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
6993 if (!txq)
6994 goto nla_put_failure;
6996 /* We are only sending parameters for a single TXQ at a time */
6997 params = nla_nest_start(msg, 1);
6998 if (!params)
6999 goto nla_put_failure;
7001 switch (queue) {
7002 case 0:
7003 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO);
7004 break;
7005 case 1:
7006 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI);
7007 break;
7008 case 2:
7009 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE);
7010 break;
7011 case 3:
7012 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK);
7013 break;
7014 }
7015 /* Burst time is configured in units of 0.1 msec and TXOP parameter in
7016 * 32 usec, so need to convert the value here. */
7017 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
7018 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
7019 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
7020 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
7022 nla_nest_end(msg, params);
7024 nla_nest_end(msg, txq);
7026 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
7027 return 0;
7028 nla_put_failure:
7029 return -1;
7030 }
7033 static int i802_set_sta_vlan(void *priv, const u8 *addr,
7034 const char *ifname, int vlan_id)
7035 {
7036 struct i802_bss *bss = priv;
7037 struct wpa_driver_nl80211_data *drv = bss->drv;
7038 struct nl_msg *msg;
7039 int ret = -ENOBUFS;
7041 msg = nlmsg_alloc();
7042 if (!msg)
7043 return -ENOMEM;
7045 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
7047 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
7048 if_nametoindex(bss->ifname));
7049 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7050 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN,
7051 if_nametoindex(ifname));
7053 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7054 if (ret < 0) {
7055 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
7056 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
7057 MAC2STR(addr), ifname, vlan_id, ret,
7058 strerror(-ret));
7059 }
7060 nla_put_failure:
7061 return ret;
7062 }
7065 static int i802_get_inact_sec(void *priv, const u8 *addr)
7066 {
7067 struct hostap_sta_driver_data data;
7068 int ret;
7070 data.inactive_msec = (unsigned long) -1;
7071 ret = i802_read_sta_data(priv, &data, addr);
7072 if (ret || data.inactive_msec == (unsigned long) -1)
7073 return -1;
7074 return data.inactive_msec / 1000;
7075 }
7078 static int i802_sta_clear_stats(void *priv, const u8 *addr)
7079 {
7080 #if 0
7081 /* TODO */
7082 #endif
7083 return 0;
7084 }
7087 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
7088 int reason)
7089 {
7090 struct i802_bss *bss = priv;
7091 struct ieee80211_mgmt mgmt;
7093 memset(&mgmt, 0, sizeof(mgmt));
7094 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
7095 WLAN_FC_STYPE_DEAUTH);
7096 memcpy(mgmt.da, addr, ETH_ALEN);
7097 memcpy(mgmt.sa, own_addr, ETH_ALEN);
7098 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
7099 mgmt.u.deauth.reason_code = host_to_le16(reason);
7100 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
7101 IEEE80211_HDRLEN +
7102 sizeof(mgmt.u.deauth), 0);
7103 }
7106 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
7107 int reason)
7108 {
7109 struct i802_bss *bss = priv;
7110 struct ieee80211_mgmt mgmt;
7112 memset(&mgmt, 0, sizeof(mgmt));
7113 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
7114 WLAN_FC_STYPE_DISASSOC);
7115 memcpy(mgmt.da, addr, ETH_ALEN);
7116 memcpy(mgmt.sa, own_addr, ETH_ALEN);
7117 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
7118 mgmt.u.disassoc.reason_code = host_to_le16(reason);
7119 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
7120 IEEE80211_HDRLEN +
7121 sizeof(mgmt.u.disassoc), 0);
7122 }
7124 #endif /* HOSTAPD || CONFIG_AP */
7126 #ifdef HOSTAPD
7128 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
7129 {
7130 int i;
7131 int *old;
7133 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d",
7134 ifidx);
7135 for (i = 0; i < drv->num_if_indices; i++) {
7136 if (drv->if_indices[i] == 0) {
7137 drv->if_indices[i] = ifidx;
7138 return;
7139 }
7140 }
7142 if (drv->if_indices != drv->default_if_indices)
7143 old = drv->if_indices;
7144 else
7145 old = NULL;
7147 drv->if_indices = os_realloc(old,
7148 sizeof(int) * (drv->num_if_indices + 1));
7149 if (!drv->if_indices) {
7150 if (!old)
7151 drv->if_indices = drv->default_if_indices;
7152 else
7153 drv->if_indices = old;
7154 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
7155 "interfaces");
7156 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
7157 return;
7158 } else if (!old)
7159 os_memcpy(drv->if_indices, drv->default_if_indices,
7160 sizeof(drv->default_if_indices));
7161 drv->if_indices[drv->num_if_indices] = ifidx;
7162 drv->num_if_indices++;
7163 }
7166 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
7167 {
7168 int i;
7170 for (i = 0; i < drv->num_if_indices; i++) {
7171 if (drv->if_indices[i] == ifidx) {
7172 drv->if_indices[i] = 0;
7173 break;
7174 }
7175 }
7176 }
7179 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
7180 {
7181 int i;
7183 for (i = 0; i < drv->num_if_indices; i++)
7184 if (drv->if_indices[i] == ifidx)
7185 return 1;
7187 return 0;
7188 }
7191 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val,
7192 const char *bridge_ifname)
7193 {
7194 struct i802_bss *bss = priv;
7195 struct wpa_driver_nl80211_data *drv = bss->drv;
7196 char name[IFNAMSIZ + 1];
7198 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
7199 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
7200 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
7201 if (val) {
7202 if (!if_nametoindex(name)) {
7203 if (nl80211_create_iface(drv, name,
7204 NL80211_IFTYPE_AP_VLAN,
7205 NULL, 1) < 0)
7206 return -1;
7207 if (bridge_ifname &&
7208 linux_br_add_if(drv->global->ioctl_sock,
7209 bridge_ifname, name) < 0)
7210 return -1;
7211 }
7212 linux_set_iface_flags(drv->global->ioctl_sock, name, 1);
7213 return i802_set_sta_vlan(priv, addr, name, 0);
7214 } else {
7215 i802_set_sta_vlan(priv, addr, bss->ifname, 0);
7216 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN,
7217 name);
7218 }
7219 }
7222 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
7223 {
7224 struct wpa_driver_nl80211_data *drv = eloop_ctx;
7225 struct sockaddr_ll lladdr;
7226 unsigned char buf[3000];
7227 int len;
7228 socklen_t fromlen = sizeof(lladdr);
7230 len = recvfrom(sock, buf, sizeof(buf), 0,
7231 (struct sockaddr *)&lladdr, &fromlen);
7232 if (len < 0) {
7233 perror("recv");
7234 return;
7235 }
7237 if (have_ifidx(drv, lladdr.sll_ifindex))
7238 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
7239 }
7242 static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
7243 struct i802_bss *bss,
7244 const char *brname, const char *ifname)
7245 {
7246 int ifindex;
7247 char in_br[IFNAMSIZ];
7249 os_strlcpy(bss->brname, brname, IFNAMSIZ);
7250 ifindex = if_nametoindex(brname);
7251 if (ifindex == 0) {
7252 /*
7253 * Bridge was configured, but the bridge device does
7254 * not exist. Try to add it now.
7255 */
7256 if (linux_br_add(drv->global->ioctl_sock, brname) < 0) {
7257 wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
7258 "bridge interface %s: %s",
7259 brname, strerror(errno));
7260 return -1;
7261 }
7262 bss->added_bridge = 1;
7263 add_ifidx(drv, if_nametoindex(brname));
7264 }
7266 if (linux_br_get(in_br, ifname) == 0) {
7267 if (os_strcmp(in_br, brname) == 0)
7268 return 0; /* already in the bridge */
7270 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
7271 "bridge %s", ifname, in_br);
7272 if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) <
7273 0) {
7274 wpa_printf(MSG_ERROR, "nl80211: Failed to "
7275 "remove interface %s from bridge "
7276 "%s: %s",
7277 ifname, brname, strerror(errno));
7278 return -1;
7279 }
7280 }
7282 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
7283 ifname, brname);
7284 if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) {
7285 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s "
7286 "into bridge %s: %s",
7287 ifname, brname, strerror(errno));
7288 return -1;
7289 }
7290 bss->added_if_into_bridge = 1;
7292 return 0;
7293 }
7296 static void *i802_init(struct hostapd_data *hapd,
7297 struct wpa_init_params *params)
7298 {
7299 struct wpa_driver_nl80211_data *drv;
7300 struct i802_bss *bss;
7301 size_t i;
7302 char brname[IFNAMSIZ];
7303 int ifindex, br_ifindex;
7304 int br_added = 0;
7306 bss = wpa_driver_nl80211_init(hapd, params->ifname,
7307 params->global_priv);
7308 if (bss == NULL)
7309 return NULL;
7311 drv = bss->drv;
7312 drv->nlmode = NL80211_IFTYPE_AP;
7313 drv->eapol_sock = -1;
7315 if (linux_br_get(brname, params->ifname) == 0) {
7316 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
7317 params->ifname, brname);
7318 br_ifindex = if_nametoindex(brname);
7319 } else {
7320 brname[0] = '\0';
7321 br_ifindex = 0;
7322 }
7324 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
7325 drv->if_indices = drv->default_if_indices;
7326 for (i = 0; i < params->num_bridge; i++) {
7327 if (params->bridge[i]) {
7328 ifindex = if_nametoindex(params->bridge[i]);
7329 if (ifindex)
7330 add_ifidx(drv, ifindex);
7331 if (ifindex == br_ifindex)
7332 br_added = 1;
7333 }
7334 }
7335 if (!br_added && br_ifindex &&
7336 (params->num_bridge == 0 || !params->bridge[0]))
7337 add_ifidx(drv, br_ifindex);
7339 /* start listening for EAPOL on the default AP interface */
7340 add_ifidx(drv, drv->ifindex);
7342 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0))
7343 goto failed;
7345 if (params->bssid) {
7346 if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
7347 params->bssid))
7348 goto failed;
7349 }
7351 if (wpa_driver_nl80211_set_mode(bss, drv->nlmode)) {
7352 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s "
7353 "into AP mode", bss->ifname);
7354 goto failed;
7355 }
7357 if (params->num_bridge && params->bridge[0] &&
7358 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0)
7359 goto failed;
7361 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1))
7362 goto failed;
7364 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
7365 if (drv->eapol_sock < 0) {
7366 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
7367 goto failed;
7368 }
7370 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
7371 {
7372 printf("Could not register read socket for eapol\n");
7373 goto failed;
7374 }
7376 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
7377 params->own_addr))
7378 goto failed;
7380 return bss;
7382 failed:
7383 wpa_driver_nl80211_deinit(bss);
7384 return NULL;
7385 }
7388 static void i802_deinit(void *priv)
7389 {
7390 wpa_driver_nl80211_deinit(priv);
7391 }
7393 #endif /* HOSTAPD */
7396 static enum nl80211_iftype wpa_driver_nl80211_if_type(
7397 enum wpa_driver_if_type type)
7398 {
7399 switch (type) {
7400 case WPA_IF_STATION:
7401 return NL80211_IFTYPE_STATION;
7402 case WPA_IF_P2P_CLIENT:
7403 case WPA_IF_P2P_GROUP:
7404 return NL80211_IFTYPE_P2P_CLIENT;
7405 case WPA_IF_AP_VLAN:
7406 return NL80211_IFTYPE_AP_VLAN;
7407 case WPA_IF_AP_BSS:
7408 return NL80211_IFTYPE_AP;
7409 case WPA_IF_P2P_GO:
7410 return NL80211_IFTYPE_P2P_GO;
7411 }
7412 return -1;
7413 }
7416 #ifdef CONFIG_P2P
7418 static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
7419 {
7420 struct wpa_driver_nl80211_data *drv;
7421 dl_list_for_each(drv, &global->interfaces,
7422 struct wpa_driver_nl80211_data, list) {
7423 if (os_memcmp(addr, drv->addr, ETH_ALEN) == 0)
7424 return 1;
7425 }
7426 return 0;
7427 }
7430 static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv,
7431 u8 *new_addr)
7432 {
7433 unsigned int idx;
7435 if (!drv->global)
7436 return -1;
7438 os_memcpy(new_addr, drv->addr, ETH_ALEN);
7439 for (idx = 0; idx < 64; idx++) {
7440 new_addr[0] = drv->addr[0] | 0x02;
7441 new_addr[0] ^= idx << 2;
7442 if (!nl80211_addr_in_use(drv->global, new_addr))
7443 break;
7444 }
7445 if (idx == 64)
7446 return -1;
7448 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address "
7449 MACSTR, MAC2STR(new_addr));
7451 return 0;
7452 }
7454 #endif /* CONFIG_P2P */
7457 static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
7458 const char *ifname, const u8 *addr,
7459 void *bss_ctx, void **drv_priv,
7460 char *force_ifname, u8 *if_addr,
7461 const char *bridge)
7462 {
7463 struct i802_bss *bss = priv;
7464 struct wpa_driver_nl80211_data *drv = bss->drv;
7465 int ifidx;
7466 #ifdef HOSTAPD
7467 struct i802_bss *new_bss = NULL;
7469 if (type == WPA_IF_AP_BSS) {
7470 new_bss = os_zalloc(sizeof(*new_bss));
7471 if (new_bss == NULL)
7472 return -1;
7473 }
7474 #endif /* HOSTAPD */
7476 if (addr)
7477 os_memcpy(if_addr, addr, ETH_ALEN);
7478 ifidx = nl80211_create_iface(drv, ifname,
7479 wpa_driver_nl80211_if_type(type), addr,
7480 0);
7481 if (ifidx < 0) {
7482 #ifdef HOSTAPD
7483 os_free(new_bss);
7484 #endif /* HOSTAPD */
7485 return -1;
7486 }
7488 if (!addr &&
7489 linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
7490 if_addr) < 0) {
7491 nl80211_remove_iface(drv, ifidx);
7492 return -1;
7493 }
7495 #ifdef CONFIG_P2P
7496 if (!addr &&
7497 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP ||
7498 type == WPA_IF_P2P_GO)) {
7499 /* Enforce unique P2P Interface Address */
7500 u8 new_addr[ETH_ALEN], own_addr[ETH_ALEN];
7502 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
7503 own_addr) < 0 ||
7504 linux_get_ifhwaddr(drv->global->ioctl_sock, ifname,
7505 new_addr) < 0) {
7506 nl80211_remove_iface(drv, ifidx);
7507 return -1;
7508 }
7509 if (os_memcmp(own_addr, new_addr, ETH_ALEN) == 0) {
7510 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address "
7511 "for P2P group interface");
7512 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) {
7513 nl80211_remove_iface(drv, ifidx);
7514 return -1;
7515 }
7516 if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
7517 new_addr) < 0) {
7518 nl80211_remove_iface(drv, ifidx);
7519 return -1;
7520 }
7521 }
7522 os_memcpy(if_addr, new_addr, ETH_ALEN);
7523 }
7524 #endif /* CONFIG_P2P */
7526 #ifdef HOSTAPD
7527 if (bridge &&
7528 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) {
7529 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new "
7530 "interface %s to a bridge %s", ifname, bridge);
7531 nl80211_remove_iface(drv, ifidx);
7532 os_free(new_bss);
7533 return -1;
7534 }
7536 if (type == WPA_IF_AP_BSS) {
7537 if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1))
7538 {
7539 nl80211_remove_iface(drv, ifidx);
7540 os_free(new_bss);
7541 return -1;
7542 }
7543 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
7544 new_bss->ifindex = ifidx;
7545 new_bss->drv = drv;
7546 new_bss->next = drv->first_bss.next;
7547 drv->first_bss.next = new_bss;
7548 if (drv_priv)
7549 *drv_priv = new_bss;
7550 nl80211_init_bss(new_bss);
7551 }
7552 #endif /* HOSTAPD */
7554 if (drv->global)
7555 drv->global->if_add_ifindex = ifidx;
7557 return 0;
7558 }
7561 static int wpa_driver_nl80211_if_remove(void *priv,
7562 enum wpa_driver_if_type type,
7563 const char *ifname)
7564 {
7565 struct i802_bss *bss = priv;
7566 struct wpa_driver_nl80211_data *drv = bss->drv;
7567 int ifindex = if_nametoindex(ifname);
7569 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d",
7570 __func__, type, ifname, ifindex);
7571 if (ifindex <= 0)
7572 return -1;
7574 #ifdef HOSTAPD
7575 if (bss->added_if_into_bridge) {
7576 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
7577 bss->ifname) < 0)
7578 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
7579 "interface %s from bridge %s: %s",
7580 bss->ifname, bss->brname, strerror(errno));
7581 }
7582 if (bss->added_bridge) {
7583 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
7584 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
7585 "bridge %s: %s",
7586 bss->brname, strerror(errno));
7587 }
7588 #endif /* HOSTAPD */
7590 nl80211_remove_iface(drv, ifindex);
7592 #ifdef HOSTAPD
7593 if (type != WPA_IF_AP_BSS)
7594 return 0;
7596 if (bss != &drv->first_bss) {
7597 struct i802_bss *tbss;
7599 for (tbss = &drv->first_bss; tbss; tbss = tbss->next) {
7600 if (tbss->next == bss) {
7601 tbss->next = bss->next;
7602 nl80211_destroy_bss(bss);
7603 os_free(bss);
7604 bss = NULL;
7605 break;
7606 }
7607 }
7608 if (bss)
7609 wpa_printf(MSG_INFO, "nl80211: %s - could not find "
7610 "BSS %p in the list", __func__, bss);
7611 }
7612 #endif /* HOSTAPD */
7614 return 0;
7615 }
7618 static int cookie_handler(struct nl_msg *msg, void *arg)
7619 {
7620 struct nlattr *tb[NL80211_ATTR_MAX + 1];
7621 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
7622 u64 *cookie = arg;
7623 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
7624 genlmsg_attrlen(gnlh, 0), NULL);
7625 if (tb[NL80211_ATTR_COOKIE])
7626 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
7627 return NL_SKIP;
7628 }
7631 static int nl80211_send_frame_cmd(struct i802_bss *bss,
7632 unsigned int freq, unsigned int wait,
7633 const u8 *buf, size_t buf_len,
7634 u64 *cookie_out, int no_cck, int no_ack,
7635 int offchanok)
7636 {
7637 struct wpa_driver_nl80211_data *drv = bss->drv;
7638 struct nl_msg *msg;
7639 u64 cookie;
7640 int ret = -1;
7642 msg = nlmsg_alloc();
7643 if (!msg)
7644 return -1;
7646 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME);
7648 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
7649 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
7650 if (wait)
7651 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait);
7652 if (offchanok)
7653 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
7654 if (no_cck)
7655 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE);
7656 if (no_ack)
7657 NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK);
7659 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf);
7661 cookie = 0;
7662 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
7663 msg = NULL;
7664 if (ret) {
7665 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d "
7666 "(%s) (freq=%u wait=%u)", ret, strerror(-ret),
7667 freq, wait);
7668 goto nla_put_failure;
7669 }
7670 wpa_printf(MSG_DEBUG, "nl80211: Frame TX command accepted%s; "
7671 "cookie 0x%llx", no_ack ? " (no ACK)" : "",
7672 (long long unsigned int) cookie);
7674 if (cookie_out)
7675 *cookie_out = no_ack ? (u64) -1 : cookie;
7677 nla_put_failure:
7678 nlmsg_free(msg);
7679 return ret;
7680 }
7683 static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq,
7684 unsigned int wait_time,
7685 const u8 *dst, const u8 *src,
7686 const u8 *bssid,
7687 const u8 *data, size_t data_len,
7688 int no_cck)
7689 {
7690 struct i802_bss *bss = priv;
7691 struct wpa_driver_nl80211_data *drv = bss->drv;
7692 int ret = -1;
7693 u8 *buf;
7694 struct ieee80211_hdr *hdr;
7696 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
7697 "wait=%d ms no_cck=%d)", drv->ifindex, wait_time, no_cck);
7699 buf = os_zalloc(24 + data_len);
7700 if (buf == NULL)
7701 return ret;
7702 os_memcpy(buf + 24, data, data_len);
7703 hdr = (struct ieee80211_hdr *) buf;
7704 hdr->frame_control =
7705 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
7706 os_memcpy(hdr->addr1, dst, ETH_ALEN);
7707 os_memcpy(hdr->addr2, src, ETH_ALEN);
7708 os_memcpy(hdr->addr3, bssid, ETH_ALEN);
7710 if (is_ap_interface(drv->nlmode))
7711 ret = wpa_driver_nl80211_send_mlme(priv, buf, 24 + data_len,
7712 0);
7713 else
7714 ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf,
7715 24 + data_len,
7716 &drv->send_action_cookie,
7717 no_cck, 0, 1);
7719 os_free(buf);
7720 return ret;
7721 }
7724 static void wpa_driver_nl80211_send_action_cancel_wait(void *priv)
7725 {
7726 struct i802_bss *bss = priv;
7727 struct wpa_driver_nl80211_data *drv = bss->drv;
7728 struct nl_msg *msg;
7729 int ret;
7731 msg = nlmsg_alloc();
7732 if (!msg)
7733 return;
7735 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL);
7737 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7738 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie);
7740 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7741 msg = NULL;
7742 if (ret)
7743 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d "
7744 "(%s)", ret, strerror(-ret));
7746 nla_put_failure:
7747 nlmsg_free(msg);
7748 }
7751 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
7752 unsigned int duration)
7753 {
7754 struct i802_bss *bss = priv;
7755 struct wpa_driver_nl80211_data *drv = bss->drv;
7756 struct nl_msg *msg;
7757 int ret;
7758 u64 cookie;
7760 msg = nlmsg_alloc();
7761 if (!msg)
7762 return -1;
7764 nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL);
7766 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7767 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
7768 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
7770 cookie = 0;
7771 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
7772 if (ret == 0) {
7773 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
7774 "0x%llx for freq=%u MHz duration=%u",
7775 (long long unsigned int) cookie, freq, duration);
7776 drv->remain_on_chan_cookie = cookie;
7777 drv->pending_remain_on_chan = 1;
7778 return 0;
7779 }
7780 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
7781 "(freq=%d duration=%u): %d (%s)",
7782 freq, duration, ret, strerror(-ret));
7783 nla_put_failure:
7784 return -1;
7785 }
7788 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
7789 {
7790 struct i802_bss *bss = priv;
7791 struct wpa_driver_nl80211_data *drv = bss->drv;
7792 struct nl_msg *msg;
7793 int ret;
7795 if (!drv->pending_remain_on_chan) {
7796 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
7797 "to cancel");
7798 return -1;
7799 }
7801 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
7802 "0x%llx",
7803 (long long unsigned int) drv->remain_on_chan_cookie);
7805 msg = nlmsg_alloc();
7806 if (!msg)
7807 return -1;
7809 nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL);
7811 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7812 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie);
7814 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7815 if (ret == 0)
7816 return 0;
7817 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
7818 "%d (%s)", ret, strerror(-ret));
7819 nla_put_failure:
7820 return -1;
7821 }
7824 static int wpa_driver_nl80211_probe_req_report(void *priv, int report)
7825 {
7826 struct i802_bss *bss = priv;
7827 struct wpa_driver_nl80211_data *drv = bss->drv;
7829 if (!report) {
7830 if (bss->nl_preq.handle) {
7831 eloop_unregister_read_sock(
7832 nl_socket_get_fd(bss->nl_preq.handle));
7833 nl_destroy_handles(&bss->nl_preq);
7834 }
7835 return 0;
7836 }
7838 if (bss->nl_preq.handle) {
7839 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting "
7840 "already on!");
7841 return 0;
7842 }
7844 if (nl_create_handles(&bss->nl_preq, drv->global->nl_cb, "preq"))
7845 return -1;
7847 if (nl80211_register_frame(bss, bss->nl_preq.handle,
7848 (WLAN_FC_TYPE_MGMT << 2) |
7849 (WLAN_FC_STYPE_PROBE_REQ << 4),
7850 NULL, 0) < 0)
7851 goto out_err;
7853 eloop_register_read_sock(nl_socket_get_fd(bss->nl_preq.handle),
7854 wpa_driver_nl80211_event_receive, bss->nl_cb,
7855 bss->nl_preq.handle);
7857 return 0;
7859 out_err:
7860 nl_destroy_handles(&bss->nl_preq);
7861 return -1;
7862 }
7865 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
7866 int ifindex, int disabled)
7867 {
7868 struct nl_msg *msg;
7869 struct nlattr *bands, *band;
7870 int ret;
7872 msg = nlmsg_alloc();
7873 if (!msg)
7874 return -1;
7876 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK);
7877 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
7879 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
7880 if (!bands)
7881 goto nla_put_failure;
7883 /*
7884 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
7885 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
7886 * rates. All 5 GHz rates are left enabled.
7887 */
7888 band = nla_nest_start(msg, NL80211_BAND_2GHZ);
7889 if (!band)
7890 goto nla_put_failure;
7891 if (disabled) {
7892 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8,
7893 "\x0c\x12\x18\x24\x30\x48\x60\x6c");
7894 }
7895 nla_nest_end(msg, band);
7897 nla_nest_end(msg, bands);
7899 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7900 msg = NULL;
7901 if (ret) {
7902 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
7903 "(%s)", ret, strerror(-ret));
7904 }
7906 return ret;
7908 nla_put_failure:
7909 nlmsg_free(msg);
7910 return -1;
7911 }
7914 static int wpa_driver_nl80211_deinit_ap(void *priv)
7915 {
7916 struct i802_bss *bss = priv;
7917 struct wpa_driver_nl80211_data *drv = bss->drv;
7918 if (!is_ap_interface(drv->nlmode))
7919 return -1;
7920 wpa_driver_nl80211_del_beacon(drv);
7921 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
7922 }
7925 static void wpa_driver_nl80211_resume(void *priv)
7926 {
7927 struct i802_bss *bss = priv;
7928 struct wpa_driver_nl80211_data *drv = bss->drv;
7929 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) {
7930 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on "
7931 "resume event");
7932 }
7933 }
7936 static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap,
7937 const u8 *ies, size_t ies_len)
7938 {
7939 struct i802_bss *bss = priv;
7940 struct wpa_driver_nl80211_data *drv = bss->drv;
7941 int ret;
7942 u8 *data, *pos;
7943 size_t data_len;
7944 u8 own_addr[ETH_ALEN];
7946 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
7947 own_addr) < 0)
7948 return -1;
7950 if (action != 1) {
7951 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action "
7952 "action %d", action);
7953 return -1;
7954 }
7956 /*
7957 * Action frame payload:
7958 * Category[1] = 6 (Fast BSS Transition)
7959 * Action[1] = 1 (Fast BSS Transition Request)
7960 * STA Address
7961 * Target AP Address
7962 * FT IEs
7963 */
7965 data_len = 2 + 2 * ETH_ALEN + ies_len;
7966 data = os_malloc(data_len);
7967 if (data == NULL)
7968 return -1;
7969 pos = data;
7970 *pos++ = 0x06; /* FT Action category */
7971 *pos++ = action;
7972 os_memcpy(pos, own_addr, ETH_ALEN);
7973 pos += ETH_ALEN;
7974 os_memcpy(pos, target_ap, ETH_ALEN);
7975 pos += ETH_ALEN;
7976 os_memcpy(pos, ies, ies_len);
7978 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0,
7979 drv->bssid, own_addr, drv->bssid,
7980 data, data_len, 0);
7981 os_free(data);
7983 return ret;
7984 }
7987 static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
7988 {
7989 struct i802_bss *bss = priv;
7990 struct wpa_driver_nl80211_data *drv = bss->drv;
7991 struct nl_msg *msg, *cqm = NULL;
7993 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
7994 "hysteresis=%d", threshold, hysteresis);
7996 msg = nlmsg_alloc();
7997 if (!msg)
7998 return -1;
8000 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM);
8002 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
8004 cqm = nlmsg_alloc();
8005 if (cqm == NULL)
8006 return -1;
8008 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold);
8009 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis);
8010 nla_put_nested(msg, NL80211_ATTR_CQM, cqm);
8012 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
8013 return 0;
8014 msg = NULL;
8016 nla_put_failure:
8017 if (cqm)
8018 nlmsg_free(cqm);
8019 nlmsg_free(msg);
8020 return -1;
8021 }
8024 static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si)
8025 {
8026 struct i802_bss *bss = priv;
8027 struct wpa_driver_nl80211_data *drv = bss->drv;
8028 int res;
8030 os_memset(si, 0, sizeof(*si));
8031 res = nl80211_get_link_signal(drv, si);
8032 if (res != 0)
8033 return res;
8035 return nl80211_get_link_noise(drv, si);
8036 }
8039 static int wpa_driver_nl80211_shared_freq(void *priv)
8040 {
8041 struct i802_bss *bss = priv;
8042 struct wpa_driver_nl80211_data *drv = bss->drv;
8043 struct wpa_driver_nl80211_data *driver;
8044 int freq = 0;
8046 /*
8047 * If the same PHY is in connected state with some other interface,
8048 * then retrieve the assoc freq.
8049 */
8050 wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s",
8051 drv->phyname);
8053 dl_list_for_each(driver, &drv->global->interfaces,
8054 struct wpa_driver_nl80211_data, list) {
8055 if (drv == driver ||
8056 os_strcmp(drv->phyname, driver->phyname) != 0 ||
8057 !driver->associated)
8058 continue;
8060 wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s "
8061 MACSTR,
8062 driver->phyname, driver->first_bss.ifname,
8063 MAC2STR(driver->addr));
8064 freq = nl80211_get_assoc_freq(driver);
8065 wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d",
8066 drv->phyname, freq);
8067 }
8069 if (!freq)
8070 wpa_printf(MSG_DEBUG, "nl80211: No shared interface for "
8071 "PHY (%s) in associated state", drv->phyname);
8073 return freq;
8074 }
8077 static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len,
8078 int encrypt)
8079 {
8080 struct i802_bss *bss = priv;
8081 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0);
8082 }
8085 static int nl80211_set_param(void *priv, const char *param)
8086 {
8087 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param);
8088 if (param == NULL)
8089 return 0;
8091 #ifdef CONFIG_P2P
8092 if (os_strstr(param, "use_p2p_group_interface=1")) {
8093 struct i802_bss *bss = priv;
8094 struct wpa_driver_nl80211_data *drv = bss->drv;
8096 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
8097 "interface");
8098 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
8099 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
8100 }
8101 #endif /* CONFIG_P2P */
8103 return 0;
8104 }
8107 static void * nl80211_global_init(void)
8108 {
8109 struct nl80211_global *global;
8110 struct netlink_config *cfg;
8112 global = os_zalloc(sizeof(*global));
8113 if (global == NULL)
8114 return NULL;
8115 global->ioctl_sock = -1;
8116 dl_list_init(&global->interfaces);
8117 global->if_add_ifindex = -1;
8119 cfg = os_zalloc(sizeof(*cfg));
8120 if (cfg == NULL)
8121 goto err;
8123 cfg->ctx = global;
8124 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
8125 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
8126 global->netlink = netlink_init(cfg);
8127 if (global->netlink == NULL) {
8128 os_free(cfg);
8129 goto err;
8130 }
8132 if (wpa_driver_nl80211_init_nl_global(global) < 0)
8133 goto err;
8135 global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
8136 if (global->ioctl_sock < 0) {
8137 perror("socket(PF_INET,SOCK_DGRAM)");
8138 goto err;
8139 }
8141 return global;
8143 err:
8144 nl80211_global_deinit(global);
8145 return NULL;
8146 }
8149 static void nl80211_global_deinit(void *priv)
8150 {
8151 struct nl80211_global *global = priv;
8152 if (global == NULL)
8153 return;
8154 if (!dl_list_empty(&global->interfaces)) {
8155 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at "
8156 "nl80211_global_deinit",
8157 dl_list_len(&global->interfaces));
8158 }
8160 if (global->netlink)
8161 netlink_deinit(global->netlink);
8163 nl_destroy_handles(&global->nl);
8165 if (global->nl_cb)
8166 nl_cb_put(global->nl_cb);
8168 if (global->ioctl_sock >= 0)
8169 close(global->ioctl_sock);
8171 os_free(global);
8172 }
8175 static const char * nl80211_get_radio_name(void *priv)
8176 {
8177 struct i802_bss *bss = priv;
8178 struct wpa_driver_nl80211_data *drv = bss->drv;
8179 return drv->phyname;
8180 }
8183 static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid,
8184 const u8 *pmkid)
8185 {
8186 struct nl_msg *msg;
8188 msg = nlmsg_alloc();
8189 if (!msg)
8190 return -ENOMEM;
8192 nl80211_cmd(bss->drv, msg, 0, cmd);
8194 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
8195 if (pmkid)
8196 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid);
8197 if (bssid)
8198 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
8200 return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
8201 nla_put_failure:
8202 return -ENOBUFS;
8203 }
8206 static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
8207 {
8208 struct i802_bss *bss = priv;
8209 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid));
8210 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid);
8211 }
8214 static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
8215 {
8216 struct i802_bss *bss = priv;
8217 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR,
8218 MAC2STR(bssid));
8219 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid);
8220 }
8223 static int nl80211_flush_pmkid(void *priv)
8224 {
8225 struct i802_bss *bss = priv;
8226 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs");
8227 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL);
8228 }
8231 static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck,
8232 const u8 *replay_ctr)
8233 {
8234 struct i802_bss *bss = priv;
8235 struct wpa_driver_nl80211_data *drv = bss->drv;
8236 struct nlattr *replay_nested;
8237 struct nl_msg *msg;
8239 msg = nlmsg_alloc();
8240 if (!msg)
8241 return;
8243 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
8245 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
8247 replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
8248 if (!replay_nested)
8249 goto nla_put_failure;
8251 NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek);
8252 NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck);
8253 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN,
8254 replay_ctr);
8256 nla_nest_end(msg, replay_nested);
8258 send_and_recv_msgs(drv, msg, NULL, NULL);
8259 return;
8260 nla_put_failure:
8261 nlmsg_free(msg);
8262 }
8265 static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr,
8266 const u8 *addr, int qos)
8267 {
8268 /* send data frame to poll STA and check whether
8269 * this frame is ACKed */
8270 struct {
8271 struct ieee80211_hdr hdr;
8272 u16 qos_ctl;
8273 } STRUCT_PACKED nulldata;
8274 size_t size;
8276 /* Send data frame to poll STA and check whether this frame is ACKed */
8278 os_memset(&nulldata, 0, sizeof(nulldata));
8280 if (qos) {
8281 nulldata.hdr.frame_control =
8282 IEEE80211_FC(WLAN_FC_TYPE_DATA,
8283 WLAN_FC_STYPE_QOS_NULL);
8284 size = sizeof(nulldata);
8285 } else {
8286 nulldata.hdr.frame_control =
8287 IEEE80211_FC(WLAN_FC_TYPE_DATA,
8288 WLAN_FC_STYPE_NULLFUNC);
8289 size = sizeof(struct ieee80211_hdr);
8290 }
8292 nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS);
8293 os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN);
8294 os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
8295 os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
8297 if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0) < 0)
8298 wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to "
8299 "send poll frame");
8300 }
8302 static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr,
8303 int qos)
8304 {
8305 struct i802_bss *bss = priv;
8306 struct wpa_driver_nl80211_data *drv = bss->drv;
8307 struct nl_msg *msg;
8309 if (!drv->poll_command_supported) {
8310 nl80211_send_null_frame(bss, own_addr, addr, qos);
8311 return;
8312 }
8314 msg = nlmsg_alloc();
8315 if (!msg)
8316 return;
8318 nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT);
8320 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
8321 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
8323 send_and_recv_msgs(drv, msg, NULL, NULL);
8324 return;
8325 nla_put_failure:
8326 nlmsg_free(msg);
8327 }
8330 static int nl80211_set_power_save(struct i802_bss *bss, int enabled)
8331 {
8332 struct nl_msg *msg;
8334 msg = nlmsg_alloc();
8335 if (!msg)
8336 return -ENOMEM;
8338 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_SET_POWER_SAVE);
8339 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
8340 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE,
8341 enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED);
8342 return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
8343 nla_put_failure:
8344 nlmsg_free(msg);
8345 return -ENOBUFS;
8346 }
8349 static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps,
8350 int ctwindow)
8351 {
8352 struct i802_bss *bss = priv;
8354 wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d "
8355 "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow);
8357 if (opp_ps != -1 || ctwindow != -1)
8358 return -1; /* Not yet supported */
8360 if (legacy_ps == -1)
8361 return 0;
8362 if (legacy_ps != 0 && legacy_ps != 1)
8363 return -1; /* Not yet supported */
8365 return nl80211_set_power_save(bss, legacy_ps);
8366 }
8369 #ifdef CONFIG_TDLS
8371 static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code,
8372 u8 dialog_token, u16 status_code,
8373 const u8 *buf, size_t len)
8374 {
8375 struct i802_bss *bss = priv;
8376 struct wpa_driver_nl80211_data *drv = bss->drv;
8377 struct nl_msg *msg;
8379 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
8380 return -EOPNOTSUPP;
8382 if (!dst)
8383 return -EINVAL;
8385 msg = nlmsg_alloc();
8386 if (!msg)
8387 return -ENOMEM;
8389 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT);
8390 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
8391 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
8392 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code);
8393 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token);
8394 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code);
8395 NLA_PUT(msg, NL80211_ATTR_IE, len, buf);
8397 return send_and_recv_msgs(drv, msg, NULL, NULL);
8399 nla_put_failure:
8400 nlmsg_free(msg);
8401 return -ENOBUFS;
8402 }
8405 static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer)
8406 {
8407 struct i802_bss *bss = priv;
8408 struct wpa_driver_nl80211_data *drv = bss->drv;
8409 struct nl_msg *msg;
8410 enum nl80211_tdls_operation nl80211_oper;
8412 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
8413 return -EOPNOTSUPP;
8415 switch (oper) {
8416 case TDLS_DISCOVERY_REQ:
8417 nl80211_oper = NL80211_TDLS_DISCOVERY_REQ;
8418 break;
8419 case TDLS_SETUP:
8420 nl80211_oper = NL80211_TDLS_SETUP;
8421 break;
8422 case TDLS_TEARDOWN:
8423 nl80211_oper = NL80211_TDLS_TEARDOWN;
8424 break;
8425 case TDLS_ENABLE_LINK:
8426 nl80211_oper = NL80211_TDLS_ENABLE_LINK;
8427 break;
8428 case TDLS_DISABLE_LINK:
8429 nl80211_oper = NL80211_TDLS_DISABLE_LINK;
8430 break;
8431 case TDLS_ENABLE:
8432 return 0;
8433 case TDLS_DISABLE:
8434 return 0;
8435 default:
8436 return -EINVAL;
8437 }
8439 msg = nlmsg_alloc();
8440 if (!msg)
8441 return -ENOMEM;
8443 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER);
8444 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper);
8445 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
8446 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer);
8448 return send_and_recv_msgs(drv, msg, NULL, NULL);
8450 nla_put_failure:
8451 nlmsg_free(msg);
8452 return -ENOBUFS;
8453 }
8455 #endif /* CONFIG TDLS */
8458 #ifdef ANDROID
8460 typedef struct android_wifi_priv_cmd {
8461 char *buf;
8462 int used_len;
8463 int total_len;
8464 } android_wifi_priv_cmd;
8466 static int drv_errors = 0;
8468 static void wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data *drv)
8469 {
8470 drv_errors++;
8471 if (drv_errors > DRV_NUMBER_SEQUENTIAL_ERRORS) {
8472 drv_errors = 0;
8473 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED");
8474 }
8475 }
8478 static int android_priv_cmd(struct i802_bss *bss, const char *cmd)
8479 {
8480 struct wpa_driver_nl80211_data *drv = bss->drv;
8481 struct ifreq ifr;
8482 android_wifi_priv_cmd priv_cmd;
8483 char buf[MAX_DRV_CMD_SIZE];
8484 int ret;
8486 os_memset(&ifr, 0, sizeof(ifr));
8487 os_memset(&priv_cmd, 0, sizeof(priv_cmd));
8488 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ);
8490 os_memset(buf, 0, sizeof(buf));
8491 os_strlcpy(buf, cmd, sizeof(buf));
8493 priv_cmd.buf = buf;
8494 priv_cmd.used_len = sizeof(buf);
8495 priv_cmd.total_len = sizeof(buf);
8496 ifr.ifr_data = &priv_cmd;
8498 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr);
8499 if (ret < 0) {
8500 wpa_printf(MSG_ERROR, "%s: failed to issue private commands",
8501 __func__);
8502 wpa_driver_send_hang_msg(drv);
8503 return ret;
8504 }
8506 drv_errors = 0;
8507 return 0;
8508 }
8511 static int android_pno_start(struct i802_bss *bss,
8512 struct wpa_driver_scan_params *params)
8513 {
8514 struct wpa_driver_nl80211_data *drv = bss->drv;
8515 struct ifreq ifr;
8516 android_wifi_priv_cmd priv_cmd;
8517 int ret = 0, i = 0, bp;
8518 char buf[WEXT_PNO_MAX_COMMAND_SIZE];
8520 bp = WEXT_PNOSETUP_HEADER_SIZE;
8521 os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp);
8522 buf[bp++] = WEXT_PNO_TLV_PREFIX;
8523 buf[bp++] = WEXT_PNO_TLV_VERSION;
8524 buf[bp++] = WEXT_PNO_TLV_SUBVERSION;
8525 buf[bp++] = WEXT_PNO_TLV_RESERVED;
8527 while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) {
8528 /* Check that there is enough space needed for 1 more SSID, the
8529 * other sections and null termination */
8530 if ((bp + WEXT_PNO_SSID_HEADER_SIZE + MAX_SSID_LEN +
8531 WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf))
8532 break;
8533 wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan",
8534 ssid[i].ssid, ssid[i].ssid_len);
8535 buf[bp++] = WEXT_PNO_SSID_SECTION;
8536 buf[bp++] = params->ssids[i].ssid_len;
8537 os_memcpy(&buf[bp], params->ssids[i].ssid,
8538 params->ssids[i].ssid_len);
8539 bp += params->ssids[i].ssid_len;
8540 i++;
8541 }
8543 buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION;
8544 os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x",
8545 WEXT_PNO_SCAN_INTERVAL);
8546 bp += WEXT_PNO_SCAN_INTERVAL_LENGTH;
8548 buf[bp++] = WEXT_PNO_REPEAT_SECTION;
8549 os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x",
8550 WEXT_PNO_REPEAT);
8551 bp += WEXT_PNO_REPEAT_LENGTH;
8553 buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION;
8554 os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x",
8555 WEXT_PNO_MAX_REPEAT);
8556 bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1;
8558 memset(&ifr, 0, sizeof(ifr));
8559 memset(&priv_cmd, 0, sizeof(priv_cmd));
8560 os_strncpy(ifr.ifr_name, bss->ifname, IFNAMSIZ);
8562 priv_cmd.buf = buf;
8563 priv_cmd.used_len = bp;
8564 priv_cmd.total_len = bp;
8565 ifr.ifr_data = &priv_cmd;
8567 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr);
8569 if (ret < 0) {
8570 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d",
8571 ret);
8572 wpa_driver_send_hang_msg(drv);
8573 return ret;
8574 }
8576 drv_errors = 0;
8578 return android_priv_cmd(bss, "PNOFORCE 1");
8579 }
8582 static int android_pno_stop(struct i802_bss *bss)
8583 {
8584 return android_priv_cmd(bss, "PNOFORCE 0");
8585 }
8587 #endif /* ANDROID */
8590 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
8591 .name = "nl80211",
8592 .desc = "Linux nl80211/cfg80211",
8593 .get_bssid = wpa_driver_nl80211_get_bssid,
8594 .get_ssid = wpa_driver_nl80211_get_ssid,
8595 .set_key = wpa_driver_nl80211_set_key,
8596 .scan2 = wpa_driver_nl80211_scan,
8597 .sched_scan = wpa_driver_nl80211_sched_scan,
8598 .stop_sched_scan = wpa_driver_nl80211_stop_sched_scan,
8599 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
8600 .deauthenticate = wpa_driver_nl80211_deauthenticate,
8601 .disassociate = wpa_driver_nl80211_disassociate,
8602 .authenticate = wpa_driver_nl80211_authenticate,
8603 .associate = wpa_driver_nl80211_associate,
8604 .global_init = nl80211_global_init,
8605 .global_deinit = nl80211_global_deinit,
8606 .init2 = wpa_driver_nl80211_init,
8607 .deinit = wpa_driver_nl80211_deinit,
8608 .get_capa = wpa_driver_nl80211_get_capa,
8609 .set_operstate = wpa_driver_nl80211_set_operstate,
8610 .set_supp_port = wpa_driver_nl80211_set_supp_port,
8611 .set_country = wpa_driver_nl80211_set_country,
8612 .set_ap = wpa_driver_nl80211_set_ap,
8613 .if_add = wpa_driver_nl80211_if_add,
8614 .if_remove = wpa_driver_nl80211_if_remove,
8615 .send_mlme = wpa_driver_nl80211_send_mlme,
8616 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
8617 .sta_add = wpa_driver_nl80211_sta_add,
8618 .sta_remove = wpa_driver_nl80211_sta_remove,
8619 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
8620 .sta_set_flags = wpa_driver_nl80211_sta_set_flags,
8621 #ifdef HOSTAPD
8622 .hapd_init = i802_init,
8623 .hapd_deinit = i802_deinit,
8624 .set_wds_sta = i802_set_wds_sta,
8625 #endif /* HOSTAPD */
8626 #if defined(HOSTAPD) || defined(CONFIG_AP)
8627 .get_seqnum = i802_get_seqnum,
8628 .flush = i802_flush,
8629 .read_sta_data = i802_read_sta_data,
8630 .get_inact_sec = i802_get_inact_sec,
8631 .sta_clear_stats = i802_sta_clear_stats,
8632 .set_rts = i802_set_rts,
8633 .set_frag = i802_set_frag,
8634 .set_tx_queue_params = i802_set_tx_queue_params,
8635 .set_sta_vlan = i802_set_sta_vlan,
8636 .sta_deauth = i802_sta_deauth,
8637 .sta_disassoc = i802_sta_disassoc,
8638 #endif /* HOSTAPD || CONFIG_AP */
8639 .set_freq = i802_set_freq,
8640 .send_action = wpa_driver_nl80211_send_action,
8641 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait,
8642 .remain_on_channel = wpa_driver_nl80211_remain_on_channel,
8643 .cancel_remain_on_channel =
8644 wpa_driver_nl80211_cancel_remain_on_channel,
8645 .probe_req_report = wpa_driver_nl80211_probe_req_report,
8646 .deinit_ap = wpa_driver_nl80211_deinit_ap,
8647 .resume = wpa_driver_nl80211_resume,
8648 .send_ft_action = nl80211_send_ft_action,
8649 .signal_monitor = nl80211_signal_monitor,
8650 .signal_poll = nl80211_signal_poll,
8651 .send_frame = nl80211_send_frame,
8652 .shared_freq = wpa_driver_nl80211_shared_freq,
8653 .set_param = nl80211_set_param,
8654 .get_radio_name = nl80211_get_radio_name,
8655 .add_pmkid = nl80211_add_pmkid,
8656 .remove_pmkid = nl80211_remove_pmkid,
8657 .flush_pmkid = nl80211_flush_pmkid,
8658 .set_rekey_info = nl80211_set_rekey_info,
8659 .poll_client = nl80211_poll_client,
8660 .set_p2p_powersave = nl80211_set_p2p_powersave,
8661 #ifdef CONFIG_TDLS
8662 .send_tdls_mgmt = nl80211_send_tdls_mgmt,
8663 .tdls_oper = nl80211_tdls_oper,
8664 #endif /* CONFIG_TDLS */
8665 };