1 /* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 * 13 * Alternatively, this software may be distributed under the terms of BSD 14 * license. 15 * 16 * See README and COPYING for more details. 17 */ 18 19 #include "includes.h" 20 #include <sys/ioctl.h> 21 #include <net/if.h> 22 #include <netlink/genl/genl.h> 23 #include <netlink/genl/family.h> 24 #include <netlink/genl/ctrl.h> 25 #include <netpacket/packet.h> 26 #include <linux/filter.h> 27 #include "nl80211_copy.h" 28 29 #include "common.h" 30 #include "eloop.h" 31 #include "common/ieee802_11_defs.h" 32 #include "netlink.h" 33 #include "linux_ioctl.h" 34 #include "radiotap.h" 35 #include "radiotap_iter.h" 36 #include "driver.h" 37 38 #ifdef CONFIG_LIBNL20 39 /* libnl 2.0 compatibility code */ 40 #define nl_handle nl_sock 41 #define nl_handle_alloc_cb nl_socket_alloc_cb 42 #define nl_handle_destroy nl_socket_free 43 #endif /* CONFIG_LIBNL20 */ 44 45 46 #ifndef IFF_LOWER_UP 47 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 48 #endif 49 #ifndef IFF_DORMANT 50 #define IFF_DORMANT 0x20000 /* driver signals dormant */ 51 #endif 52 53 #ifndef IF_OPER_DORMANT 54 #define IF_OPER_DORMANT 5 55 #endif 56 #ifndef IF_OPER_UP 57 #define IF_OPER_UP 6 58 #endif 59 60 struct i802_bss { 61 struct wpa_driver_nl80211_data *drv; 62 struct i802_bss *next; 63 int ifindex; 64 char ifname[IFNAMSIZ + 1]; 65 unsigned int beacon_set:1; 66 }; 67 68 struct wpa_driver_nl80211_data { 69 void *ctx; 70 struct netlink_data *netlink; 71 int ioctl_sock; /* socket for ioctl() use */ 72 char brname[IFNAMSIZ]; 73 int ifindex; 74 int if_removed; 75 struct wpa_driver_capa capa; 76 int has_capability; 77 78 int operstate; 79 80 int scan_complete_events; 81 82 struct nl_handle *nl_handle; 83 struct nl_handle *nl_handle_event; 84 struct nl_cache *nl_cache; 85 struct nl_cache *nl_cache_event; 86 struct nl_cb *nl_cb; 87 struct genl_family *nl80211; 88 89 u8 auth_bssid[ETH_ALEN]; 90 u8 bssid[ETH_ALEN]; 91 int associated; 92 u8 ssid[32]; 93 size_t ssid_len; 94 int nlmode; 95 int ap_scan_as_station; 96 unsigned int assoc_freq; 97 98 int monitor_sock; 99 int monitor_ifidx; 100 int probe_req_report; 101 int disable_11b_rates; 102 103 unsigned int pending_remain_on_chan:1; 104 unsigned int added_bridge:1; 105 unsigned int added_if_into_bridge:1; 106 107 u64 remain_on_chan_cookie; 108 u64 send_action_cookie; 109 110 struct wpa_driver_scan_filter *filter_ssids; 111 size_t num_filter_ssids; 112 113 struct i802_bss first_bss; 114 115 #ifdef HOSTAPD 116 int eapol_sock; /* socket for EAPOL frames */ 117 118 int default_if_indices[16]; 119 int *if_indices; 120 int num_if_indices; 121 122 int last_freq; 123 int last_freq_ht; 124 #endif /* HOSTAPD */ 125 }; 126 127 128 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 129 void *timeout_ctx); 130 static int wpa_driver_nl80211_set_mode(void *priv, int mode); 131 static int 132 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv); 133 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 134 const u8 *addr, int cmd, u16 reason_code, 135 int local_state_change); 136 static void nl80211_remove_monitor_interface( 137 struct wpa_driver_nl80211_data *drv); 138 139 #ifdef HOSTAPD 140 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 141 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 142 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 143 static int wpa_driver_nl80211_if_remove(void *priv, 144 enum wpa_driver_if_type type, 145 const char *ifname); 146 #else /* HOSTAPD */ 147 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 148 { 149 return 0; 150 } 151 #endif /* HOSTAPD */ 152 153 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq); 154 static void wpa_driver_nl80211_probe_req_report_timeout(void *eloop_ctx, 155 void *timeout_ctx); 156 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 157 int ifindex, int disabled); 158 159 160 /* nl80211 code */ 161 static int ack_handler(struct nl_msg *msg, void *arg) 162 { 163 int *err = arg; 164 *err = 0; 165 return NL_STOP; 166 } 167 168 static int finish_handler(struct nl_msg *msg, void *arg) 169 { 170 int *ret = arg; 171 *ret = 0; 172 return NL_SKIP; 173 } 174 175 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 176 void *arg) 177 { 178 int *ret = arg; 179 *ret = err->error; 180 return NL_SKIP; 181 } 182 183 184 static int no_seq_check(struct nl_msg *msg, void *arg) 185 { 186 return NL_OK; 187 } 188 189 190 static int send_and_recv(struct wpa_driver_nl80211_data *drv, 191 struct nl_handle *nl_handle, struct nl_msg *msg, 192 int (*valid_handler)(struct nl_msg *, void *), 193 void *valid_data) 194 { 195 struct nl_cb *cb; 196 int err = -ENOMEM; 197 198 cb = nl_cb_clone(drv->nl_cb); 199 if (!cb) 200 goto out; 201 202 err = nl_send_auto_complete(nl_handle, msg); 203 if (err < 0) 204 goto out; 205 206 err = 1; 207 208 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 209 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 210 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 211 212 if (valid_handler) 213 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 214 valid_handler, valid_data); 215 216 while (err > 0) 217 nl_recvmsgs(nl_handle, cb); 218 out: 219 nl_cb_put(cb); 220 nlmsg_free(msg); 221 return err; 222 } 223 224 225 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 226 struct nl_msg *msg, 227 int (*valid_handler)(struct nl_msg *, void *), 228 void *valid_data) 229 { 230 return send_and_recv(drv, drv->nl_handle, msg, valid_handler, 231 valid_data); 232 } 233 234 235 struct family_data { 236 const char *group; 237 int id; 238 }; 239 240 241 static int family_handler(struct nl_msg *msg, void *arg) 242 { 243 struct family_data *res = arg; 244 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 245 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 246 struct nlattr *mcgrp; 247 int i; 248 249 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 250 genlmsg_attrlen(gnlh, 0), NULL); 251 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 252 return NL_SKIP; 253 254 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 255 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 256 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 257 nla_len(mcgrp), NULL); 258 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 259 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 260 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 261 res->group, 262 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 263 continue; 264 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 265 break; 266 }; 267 268 return NL_SKIP; 269 } 270 271 272 static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv, 273 const char *family, const char *group) 274 { 275 struct nl_msg *msg; 276 int ret = -1; 277 struct family_data res = { group, -ENOENT }; 278 279 msg = nlmsg_alloc(); 280 if (!msg) 281 return -ENOMEM; 282 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"), 283 0, 0, CTRL_CMD_GETFAMILY, 0); 284 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 285 286 ret = send_and_recv_msgs(drv, msg, family_handler, &res); 287 msg = NULL; 288 if (ret == 0) 289 ret = res.id; 290 291 nla_put_failure: 292 nlmsg_free(msg); 293 return ret; 294 } 295 296 297 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 298 { 299 struct i802_bss *bss = priv; 300 struct wpa_driver_nl80211_data *drv = bss->drv; 301 if (!drv->associated) 302 return -1; 303 os_memcpy(bssid, drv->bssid, ETH_ALEN); 304 return 0; 305 } 306 307 308 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 309 { 310 struct i802_bss *bss = priv; 311 struct wpa_driver_nl80211_data *drv = bss->drv; 312 if (!drv->associated) 313 return -1; 314 os_memcpy(ssid, drv->ssid, drv->ssid_len); 315 return drv->ssid_len; 316 } 317 318 319 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv, 320 char *buf, size_t len, int del) 321 { 322 union wpa_event_data event; 323 324 os_memset(&event, 0, sizeof(event)); 325 if (len > sizeof(event.interface_status.ifname)) 326 len = sizeof(event.interface_status.ifname) - 1; 327 os_memcpy(event.interface_status.ifname, buf, len); 328 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 329 EVENT_INTERFACE_ADDED; 330 331 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 332 del ? "DEL" : "NEW", 333 event.interface_status.ifname, 334 del ? "removed" : "added"); 335 336 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) { 337 if (del) 338 drv->if_removed = 1; 339 else 340 drv->if_removed = 0; 341 } 342 343 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 344 } 345 346 347 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 348 u8 *buf, size_t len) 349 { 350 int attrlen, rta_len; 351 struct rtattr *attr; 352 353 attrlen = len; 354 attr = (struct rtattr *) buf; 355 356 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 357 while (RTA_OK(attr, attrlen)) { 358 if (attr->rta_type == IFLA_IFNAME) { 359 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname) 360 == 0) 361 return 1; 362 else 363 break; 364 } 365 attr = RTA_NEXT(attr, attrlen); 366 } 367 368 return 0; 369 } 370 371 372 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 373 int ifindex, u8 *buf, size_t len) 374 { 375 if (drv->ifindex == ifindex) 376 return 1; 377 378 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 379 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname); 380 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 381 "interface"); 382 wpa_driver_nl80211_finish_drv_init(drv); 383 return 1; 384 } 385 386 return 0; 387 } 388 389 390 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 391 struct ifinfomsg *ifi, 392 u8 *buf, size_t len) 393 { 394 struct wpa_driver_nl80211_data *drv = ctx; 395 int attrlen, rta_len; 396 struct rtattr *attr; 397 u32 brid = 0; 398 399 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, buf, len) && 400 !have_ifidx(drv, ifi->ifi_index)) { 401 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign " 402 "ifindex %d", ifi->ifi_index); 403 return; 404 } 405 406 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 407 "(%s%s%s%s)", 408 drv->operstate, ifi->ifi_flags, 409 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 410 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 411 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 412 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 413 /* 414 * Some drivers send the association event before the operup event--in 415 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 416 * fails. This will hit us when wpa_supplicant does not need to do 417 * IEEE 802.1X authentication 418 */ 419 if (drv->operstate == 1 && 420 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 421 !(ifi->ifi_flags & IFF_RUNNING)) 422 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 423 -1, IF_OPER_UP); 424 425 attrlen = len; 426 attr = (struct rtattr *) buf; 427 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 428 while (RTA_OK(attr, attrlen)) { 429 if (attr->rta_type == IFLA_IFNAME) { 430 wpa_driver_nl80211_event_link( 431 drv, 432 ((char *) attr) + rta_len, 433 attr->rta_len - rta_len, 0); 434 } else if (attr->rta_type == IFLA_MASTER) 435 brid = nla_get_u32((struct nlattr *) attr); 436 attr = RTA_NEXT(attr, attrlen); 437 } 438 439 #ifdef HOSTAPD 440 if (ifi->ifi_family == AF_BRIDGE && brid) { 441 /* device has been added to bridge */ 442 char namebuf[IFNAMSIZ]; 443 if_indextoname(brid, namebuf); 444 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 445 brid, namebuf); 446 add_ifidx(drv, brid); 447 } 448 #endif /* HOSTAPD */ 449 } 450 451 452 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 453 struct ifinfomsg *ifi, 454 u8 *buf, size_t len) 455 { 456 struct wpa_driver_nl80211_data *drv = ctx; 457 int attrlen, rta_len; 458 struct rtattr *attr; 459 u32 brid = 0; 460 461 attrlen = len; 462 attr = (struct rtattr *) buf; 463 464 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 465 while (RTA_OK(attr, attrlen)) { 466 if (attr->rta_type == IFLA_IFNAME) { 467 wpa_driver_nl80211_event_link( 468 drv, 469 ((char *) attr) + rta_len, 470 attr->rta_len - rta_len, 1); 471 } else if (attr->rta_type == IFLA_MASTER) 472 brid = nla_get_u32((struct nlattr *) attr); 473 attr = RTA_NEXT(attr, attrlen); 474 } 475 476 #ifdef HOSTAPD 477 if (ifi->ifi_family == AF_BRIDGE && brid) { 478 /* device has been removed from bridge */ 479 char namebuf[IFNAMSIZ]; 480 if_indextoname(brid, namebuf); 481 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 482 "%s", brid, namebuf); 483 del_ifidx(drv, brid); 484 } 485 #endif /* HOSTAPD */ 486 } 487 488 489 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 490 const u8 *frame, size_t len) 491 { 492 const struct ieee80211_mgmt *mgmt; 493 union wpa_event_data event; 494 495 mgmt = (const struct ieee80211_mgmt *) frame; 496 if (len < 24 + sizeof(mgmt->u.auth)) { 497 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 498 "frame"); 499 return; 500 } 501 502 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 503 os_memset(&event, 0, sizeof(event)); 504 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 505 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 506 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 507 if (len > 24 + sizeof(mgmt->u.auth)) { 508 event.auth.ies = mgmt->u.auth.variable; 509 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 510 } 511 512 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 513 } 514 515 516 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 517 const u8 *frame, size_t len) 518 { 519 const struct ieee80211_mgmt *mgmt; 520 union wpa_event_data event; 521 u16 status; 522 523 mgmt = (const struct ieee80211_mgmt *) frame; 524 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 525 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 526 "frame"); 527 return; 528 } 529 530 status = le_to_host16(mgmt->u.assoc_resp.status_code); 531 if (status != WLAN_STATUS_SUCCESS) { 532 os_memset(&event, 0, sizeof(event)); 533 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 534 event.assoc_reject.resp_ies = 535 (u8 *) mgmt->u.assoc_resp.variable; 536 event.assoc_reject.resp_ies_len = 537 len - 24 - sizeof(mgmt->u.assoc_resp); 538 } 539 event.assoc_reject.status_code = status; 540 541 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 542 return; 543 } 544 545 drv->associated = 1; 546 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 547 548 os_memset(&event, 0, sizeof(event)); 549 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 550 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 551 event.assoc_info.resp_ies_len = 552 len - 24 - sizeof(mgmt->u.assoc_resp); 553 } 554 555 event.assoc_info.freq = drv->assoc_freq; 556 557 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 558 } 559 560 561 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 562 enum nl80211_commands cmd, struct nlattr *status, 563 struct nlattr *addr, struct nlattr *req_ie, 564 struct nlattr *resp_ie) 565 { 566 union wpa_event_data event; 567 568 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 569 /* 570 * Avoid reporting two association events that would confuse 571 * the core code. 572 */ 573 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 574 "when using userspace SME", cmd); 575 return; 576 } 577 578 os_memset(&event, 0, sizeof(event)); 579 if (cmd == NL80211_CMD_CONNECT && 580 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 581 if (resp_ie) { 582 event.assoc_reject.resp_ies = nla_data(resp_ie); 583 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 584 } 585 event.assoc_reject.status_code = nla_get_u16(status); 586 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 587 return; 588 } 589 590 drv->associated = 1; 591 if (addr) 592 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 593 594 if (req_ie) { 595 event.assoc_info.req_ies = nla_data(req_ie); 596 event.assoc_info.req_ies_len = nla_len(req_ie); 597 } 598 if (resp_ie) { 599 event.assoc_info.resp_ies = nla_data(resp_ie); 600 event.assoc_info.resp_ies_len = nla_len(resp_ie); 601 } 602 603 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 604 } 605 606 607 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 608 enum nl80211_commands cmd, struct nlattr *addr) 609 { 610 union wpa_event_data event; 611 enum wpa_event_type ev; 612 613 if (nla_len(addr) != ETH_ALEN) 614 return; 615 616 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 617 cmd, MAC2STR((u8 *) nla_data(addr))); 618 619 if (cmd == NL80211_CMD_AUTHENTICATE) 620 ev = EVENT_AUTH_TIMED_OUT; 621 else if (cmd == NL80211_CMD_ASSOCIATE) 622 ev = EVENT_ASSOC_TIMED_OUT; 623 else 624 return; 625 626 os_memset(&event, 0, sizeof(event)); 627 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 628 wpa_supplicant_event(drv->ctx, ev, &event); 629 } 630 631 632 static void mlme_event_action(struct wpa_driver_nl80211_data *drv, 633 struct nlattr *freq, const u8 *frame, size_t len) 634 { 635 const struct ieee80211_mgmt *mgmt; 636 union wpa_event_data event; 637 u16 fc, stype; 638 639 mgmt = (const struct ieee80211_mgmt *) frame; 640 if (len < 24) { 641 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame"); 642 return; 643 } 644 645 fc = le_to_host16(mgmt->frame_control); 646 stype = WLAN_FC_GET_STYPE(fc); 647 648 os_memset(&event, 0, sizeof(event)); 649 event.rx_action.da = mgmt->da; 650 event.rx_action.sa = mgmt->sa; 651 event.rx_action.bssid = mgmt->bssid; 652 event.rx_action.category = mgmt->u.action.category; 653 event.rx_action.data = &mgmt->u.action.category + 1; 654 event.rx_action.len = frame + len - event.rx_action.data; 655 if (freq) 656 event.rx_action.freq = nla_get_u32(freq); 657 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event); 658 } 659 660 661 static void mlme_event_action_tx_status(struct wpa_driver_nl80211_data *drv, 662 struct nlattr *cookie, const u8 *frame, 663 size_t len, struct nlattr *ack) 664 { 665 union wpa_event_data event; 666 const struct ieee80211_hdr *hdr; 667 u16 fc; 668 u64 cookie_val; 669 670 if (!cookie) 671 return; 672 673 cookie_val = nla_get_u64(cookie); 674 wpa_printf(MSG_DEBUG, "nl80211: Action TX status: cookie=0%llx%s", 675 (long long unsigned int) cookie_val, 676 cookie_val == drv->send_action_cookie ? 677 " (match)" : " (unknown)"); 678 if (cookie_val != drv->send_action_cookie) 679 return; 680 681 hdr = (const struct ieee80211_hdr *) frame; 682 fc = le_to_host16(hdr->frame_control); 683 684 os_memset(&event, 0, sizeof(event)); 685 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 686 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 687 event.tx_status.dst = hdr->addr1; 688 event.tx_status.data = frame; 689 event.tx_status.data_len = len; 690 event.tx_status.ack = ack != NULL; 691 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 692 } 693 694 695 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 696 enum wpa_event_type type, 697 const u8 *frame, size_t len) 698 { 699 const struct ieee80211_mgmt *mgmt; 700 union wpa_event_data event; 701 const u8 *bssid = NULL; 702 u16 reason_code = 0; 703 704 mgmt = (const struct ieee80211_mgmt *) frame; 705 if (len >= 24) { 706 bssid = mgmt->bssid; 707 708 if (drv->associated != 0 && 709 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 710 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 711 /* 712 * We have presumably received this deauth as a 713 * response to a clear_state_mismatch() outgoing 714 * deauth. Don't let it take us offline! 715 */ 716 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 717 "from Unknown BSSID " MACSTR " -- ignoring", 718 MAC2STR(bssid)); 719 return; 720 } 721 } 722 723 drv->associated = 0; 724 os_memset(&event, 0, sizeof(event)); 725 726 /* Note: Same offset for Reason Code in both frame subtypes */ 727 if (len >= 24 + sizeof(mgmt->u.deauth)) 728 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 729 730 if (type == EVENT_DISASSOC) { 731 event.disassoc_info.addr = bssid; 732 event.disassoc_info.reason_code = reason_code; 733 } else { 734 event.deauth_info.addr = bssid; 735 event.deauth_info.reason_code = reason_code; 736 } 737 738 wpa_supplicant_event(drv->ctx, type, &event); 739 } 740 741 742 static void mlme_event(struct wpa_driver_nl80211_data *drv, 743 enum nl80211_commands cmd, struct nlattr *frame, 744 struct nlattr *addr, struct nlattr *timed_out, 745 struct nlattr *freq, struct nlattr *ack, 746 struct nlattr *cookie) 747 { 748 if (timed_out && addr) { 749 mlme_timeout_event(drv, cmd, addr); 750 return; 751 } 752 753 if (frame == NULL) { 754 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame " 755 "data", cmd); 756 return; 757 } 758 759 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd); 760 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 761 nla_data(frame), nla_len(frame)); 762 763 switch (cmd) { 764 case NL80211_CMD_AUTHENTICATE: 765 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 766 break; 767 case NL80211_CMD_ASSOCIATE: 768 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 769 break; 770 case NL80211_CMD_DEAUTHENTICATE: 771 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 772 nla_data(frame), nla_len(frame)); 773 break; 774 case NL80211_CMD_DISASSOCIATE: 775 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 776 nla_data(frame), nla_len(frame)); 777 break; 778 case NL80211_CMD_ACTION: 779 mlme_event_action(drv, freq, nla_data(frame), nla_len(frame)); 780 break; 781 case NL80211_CMD_ACTION_TX_STATUS: 782 mlme_event_action_tx_status(drv, cookie, nla_data(frame), 783 nla_len(frame), ack); 784 break; 785 default: 786 break; 787 } 788 } 789 790 791 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv, 792 struct nlattr *tb[]) 793 { 794 union wpa_event_data data; 795 796 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 797 os_memset(&data, 0, sizeof(data)); 798 if (tb[NL80211_ATTR_MAC]) { 799 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 800 nla_data(tb[NL80211_ATTR_MAC]), 801 nla_len(tb[NL80211_ATTR_MAC])); 802 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 803 } 804 if (tb[NL80211_ATTR_KEY_SEQ]) { 805 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 806 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 807 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 808 } 809 if (tb[NL80211_ATTR_KEY_TYPE]) { 810 enum nl80211_key_type key_type = 811 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 812 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 813 if (key_type == NL80211_KEYTYPE_PAIRWISE) 814 data.michael_mic_failure.unicast = 1; 815 } else 816 data.michael_mic_failure.unicast = 1; 817 818 if (tb[NL80211_ATTR_KEY_IDX]) { 819 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 820 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 821 } 822 823 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 824 } 825 826 827 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 828 struct nlattr *tb[]) 829 { 830 if (tb[NL80211_ATTR_MAC] == NULL) { 831 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 832 "event"); 833 return; 834 } 835 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 836 drv->associated = 1; 837 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 838 MAC2STR(drv->bssid)); 839 840 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 841 } 842 843 844 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 845 int cancel_event, struct nlattr *tb[]) 846 { 847 unsigned int freq, chan_type, duration; 848 union wpa_event_data data; 849 u64 cookie; 850 851 if (tb[NL80211_ATTR_WIPHY_FREQ]) 852 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 853 else 854 freq = 0; 855 856 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 857 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 858 else 859 chan_type = 0; 860 861 if (tb[NL80211_ATTR_DURATION]) 862 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 863 else 864 duration = 0; 865 866 if (tb[NL80211_ATTR_COOKIE]) 867 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 868 else 869 cookie = 0; 870 871 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 872 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 873 cancel_event, freq, chan_type, duration, 874 (long long unsigned int) cookie, 875 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 876 877 if (cookie != drv->remain_on_chan_cookie) 878 return; /* not for us */ 879 880 drv->pending_remain_on_chan = !cancel_event; 881 882 os_memset(&data, 0, sizeof(data)); 883 data.remain_on_channel.freq = freq; 884 data.remain_on_channel.duration = duration; 885 wpa_supplicant_event(drv->ctx, cancel_event ? 886 EVENT_CANCEL_REMAIN_ON_CHANNEL : 887 EVENT_REMAIN_ON_CHANNEL, &data); 888 } 889 890 891 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 892 struct nlattr *tb[]) 893 { 894 union wpa_event_data event; 895 struct nlattr *nl; 896 int rem; 897 struct scan_info *info; 898 #define MAX_REPORT_FREQS 50 899 int freqs[MAX_REPORT_FREQS]; 900 int num_freqs = 0; 901 902 os_memset(&event, 0, sizeof(event)); 903 info = &event.scan_info; 904 info->aborted = aborted; 905 906 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 907 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 908 struct wpa_driver_scan_ssid *s = 909 &info->ssids[info->num_ssids]; 910 s->ssid = nla_data(nl); 911 s->ssid_len = nla_len(nl); 912 info->num_ssids++; 913 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 914 break; 915 } 916 } 917 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 918 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 919 { 920 freqs[num_freqs] = nla_get_u32(nl); 921 num_freqs++; 922 if (num_freqs == MAX_REPORT_FREQS - 1) 923 break; 924 } 925 info->freqs = freqs; 926 info->num_freqs = num_freqs; 927 } 928 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 929 } 930 931 932 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 933 struct nlattr *tb[]) 934 { 935 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 936 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 937 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 938 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 939 }; 940 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 941 enum nl80211_cqm_rssi_threshold_event event; 942 union wpa_event_data ed; 943 944 if (tb[NL80211_ATTR_CQM] == NULL || 945 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 946 cqm_policy)) { 947 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 948 return; 949 } 950 951 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 952 return; 953 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 954 955 os_memset(&ed, 0, sizeof(ed)); 956 957 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 958 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 959 "event: RSSI high"); 960 ed.signal_change.above_threshold = 1; 961 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 962 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 963 "event: RSSI low"); 964 ed.signal_change.above_threshold = 0; 965 } else 966 return; 967 968 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 969 } 970 971 972 static int process_event(struct nl_msg *msg, void *arg) 973 { 974 struct wpa_driver_nl80211_data *drv = arg; 975 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 976 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 977 union wpa_event_data data; 978 979 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 980 genlmsg_attrlen(gnlh, 0), NULL); 981 982 if (tb[NL80211_ATTR_IFINDEX]) { 983 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 984 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) { 985 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)" 986 " for foreign interface (ifindex %d)", 987 gnlh->cmd, ifindex); 988 return NL_SKIP; 989 } 990 } 991 992 if (drv->ap_scan_as_station && 993 (gnlh->cmd == NL80211_CMD_NEW_SCAN_RESULTS || 994 gnlh->cmd == NL80211_CMD_SCAN_ABORTED)) { 995 wpa_driver_nl80211_set_mode(&drv->first_bss, 996 IEEE80211_MODE_AP); 997 drv->ap_scan_as_station = 0; 998 } 999 1000 switch (gnlh->cmd) { 1001 case NL80211_CMD_TRIGGER_SCAN: 1002 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger"); 1003 break; 1004 case NL80211_CMD_NEW_SCAN_RESULTS: 1005 wpa_printf(MSG_DEBUG, "nl80211: New scan results available"); 1006 drv->scan_complete_events = 1; 1007 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1008 drv->ctx); 1009 send_scan_event(drv, 0, tb); 1010 break; 1011 case NL80211_CMD_SCAN_ABORTED: 1012 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted"); 1013 /* 1014 * Need to indicate that scan results are available in order 1015 * not to make wpa_supplicant stop its scanning. 1016 */ 1017 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1018 drv->ctx); 1019 send_scan_event(drv, 1, tb); 1020 break; 1021 case NL80211_CMD_AUTHENTICATE: 1022 case NL80211_CMD_ASSOCIATE: 1023 case NL80211_CMD_DEAUTHENTICATE: 1024 case NL80211_CMD_DISASSOCIATE: 1025 case NL80211_CMD_ACTION: 1026 case NL80211_CMD_ACTION_TX_STATUS: 1027 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME], 1028 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 1029 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 1030 tb[NL80211_ATTR_COOKIE]); 1031 break; 1032 case NL80211_CMD_CONNECT: 1033 case NL80211_CMD_ROAM: 1034 mlme_event_connect(drv, gnlh->cmd, 1035 tb[NL80211_ATTR_STATUS_CODE], 1036 tb[NL80211_ATTR_MAC], 1037 tb[NL80211_ATTR_REQ_IE], 1038 tb[NL80211_ATTR_RESP_IE]); 1039 break; 1040 case NL80211_CMD_DISCONNECT: 1041 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1042 /* 1043 * Avoid reporting two disassociation events that could 1044 * confuse the core code. 1045 */ 1046 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1047 "event when using userspace SME"); 1048 break; 1049 } 1050 drv->associated = 0; 1051 os_memset(&data, 0, sizeof(data)); 1052 if (tb[NL80211_ATTR_REASON_CODE]) 1053 data.disassoc_info.reason_code = 1054 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 1055 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data); 1056 break; 1057 case NL80211_CMD_MICHAEL_MIC_FAILURE: 1058 mlme_event_michael_mic_failure(drv, tb); 1059 break; 1060 case NL80211_CMD_JOIN_IBSS: 1061 mlme_event_join_ibss(drv, tb); 1062 break; 1063 case NL80211_CMD_REMAIN_ON_CHANNEL: 1064 mlme_event_remain_on_channel(drv, 0, tb); 1065 break; 1066 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 1067 mlme_event_remain_on_channel(drv, 1, tb); 1068 break; 1069 case NL80211_CMD_NOTIFY_CQM: 1070 nl80211_cqm_event(drv, tb); 1071 break; 1072 default: 1073 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 1074 "(cmd=%d)", gnlh->cmd); 1075 break; 1076 } 1077 1078 return NL_SKIP; 1079 } 1080 1081 1082 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 1083 void *sock_ctx) 1084 { 1085 struct nl_cb *cb; 1086 struct wpa_driver_nl80211_data *drv = eloop_ctx; 1087 1088 wpa_printf(MSG_DEBUG, "nl80211: Event message available"); 1089 1090 cb = nl_cb_clone(drv->nl_cb); 1091 if (!cb) 1092 return; 1093 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 1094 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv); 1095 nl_recvmsgs(drv->nl_handle_event, cb); 1096 nl_cb_put(cb); 1097 } 1098 1099 1100 /** 1101 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 1102 * @priv: driver_nl80211 private data 1103 * @alpha2_arg: country to which to switch to 1104 * Returns: 0 on success, -1 on failure 1105 * 1106 * This asks nl80211 to set the regulatory domain for given 1107 * country ISO / IEC alpha2. 1108 */ 1109 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 1110 { 1111 struct i802_bss *bss = priv; 1112 struct wpa_driver_nl80211_data *drv = bss->drv; 1113 char alpha2[3]; 1114 struct nl_msg *msg; 1115 1116 msg = nlmsg_alloc(); 1117 if (!msg) 1118 return -ENOMEM; 1119 1120 alpha2[0] = alpha2_arg[0]; 1121 alpha2[1] = alpha2_arg[1]; 1122 alpha2[2] = '\0'; 1123 1124 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1125 0, NL80211_CMD_REQ_SET_REG, 0); 1126 1127 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 1128 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 1129 return -EINVAL; 1130 return 0; 1131 nla_put_failure: 1132 return -EINVAL; 1133 } 1134 1135 1136 #ifndef HOSTAPD 1137 struct wiphy_info_data { 1138 int max_scan_ssids; 1139 int ap_supported; 1140 int auth_supported; 1141 int connect_supported; 1142 }; 1143 1144 1145 static int wiphy_info_handler(struct nl_msg *msg, void *arg) 1146 { 1147 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1148 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1149 struct wiphy_info_data *info = arg; 1150 1151 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1152 genlmsg_attrlen(gnlh, 0), NULL); 1153 1154 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 1155 info->max_scan_ssids = 1156 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 1157 1158 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) { 1159 struct nlattr *nl_mode; 1160 int i; 1161 nla_for_each_nested(nl_mode, 1162 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) { 1163 if (nl_mode->nla_type == NL80211_IFTYPE_AP) { 1164 info->ap_supported = 1; 1165 break; 1166 } 1167 } 1168 } 1169 1170 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) { 1171 struct nlattr *nl_cmd; 1172 int i; 1173 1174 nla_for_each_nested(nl_cmd, 1175 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) { 1176 u32 cmd = nla_get_u32(nl_cmd); 1177 if (cmd == NL80211_CMD_AUTHENTICATE) 1178 info->auth_supported = 1; 1179 else if (cmd == NL80211_CMD_CONNECT) 1180 info->connect_supported = 1; 1181 } 1182 } 1183 1184 return NL_SKIP; 1185 } 1186 1187 1188 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 1189 struct wiphy_info_data *info) 1190 { 1191 struct nl_msg *msg; 1192 1193 os_memset(info, 0, sizeof(*info)); 1194 msg = nlmsg_alloc(); 1195 if (!msg) 1196 return -1; 1197 1198 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1199 0, NL80211_CMD_GET_WIPHY, 0); 1200 1201 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex); 1202 1203 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0) 1204 return 0; 1205 msg = NULL; 1206 nla_put_failure: 1207 nlmsg_free(msg); 1208 return -1; 1209 } 1210 1211 1212 static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 1213 { 1214 struct wiphy_info_data info; 1215 if (wpa_driver_nl80211_get_info(drv, &info)) 1216 return -1; 1217 drv->has_capability = 1; 1218 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */ 1219 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 1220 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 1221 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 1222 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 1223 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 | 1224 WPA_DRIVER_CAPA_ENC_WEP104 | 1225 WPA_DRIVER_CAPA_ENC_TKIP | 1226 WPA_DRIVER_CAPA_ENC_CCMP; 1227 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 1228 WPA_DRIVER_AUTH_SHARED | 1229 WPA_DRIVER_AUTH_LEAP; 1230 1231 drv->capa.max_scan_ssids = info.max_scan_ssids; 1232 if (info.ap_supported) 1233 drv->capa.flags |= WPA_DRIVER_FLAGS_AP; 1234 1235 if (info.auth_supported) 1236 drv->capa.flags |= WPA_DRIVER_FLAGS_SME; 1237 else if (!info.connect_supported) { 1238 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 1239 "authentication/association or connect commands"); 1240 return -1; 1241 } 1242 1243 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 1244 drv->capa.max_remain_on_chan = 5000; 1245 1246 return 0; 1247 } 1248 #endif /* HOSTAPD */ 1249 1250 1251 static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv, 1252 void *ctx) 1253 { 1254 int ret; 1255 1256 /* Initialize generic netlink and nl80211 */ 1257 1258 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 1259 if (drv->nl_cb == NULL) { 1260 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1261 "callbacks"); 1262 goto err1; 1263 } 1264 1265 drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb); 1266 if (drv->nl_handle == NULL) { 1267 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1268 "callbacks"); 1269 goto err2; 1270 } 1271 1272 drv->nl_handle_event = nl_handle_alloc_cb(drv->nl_cb); 1273 if (drv->nl_handle_event == NULL) { 1274 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1275 "callbacks (event)"); 1276 goto err2b; 1277 } 1278 1279 if (genl_connect(drv->nl_handle)) { 1280 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 1281 "netlink"); 1282 goto err3; 1283 } 1284 1285 if (genl_connect(drv->nl_handle_event)) { 1286 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 1287 "netlink (event)"); 1288 goto err3; 1289 } 1290 1291 #ifdef CONFIG_LIBNL20 1292 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) { 1293 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1294 "netlink cache"); 1295 goto err3; 1296 } 1297 if (genl_ctrl_alloc_cache(drv->nl_handle_event, &drv->nl_cache_event) < 1298 0) { 1299 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1300 "netlink cache (event)"); 1301 goto err3b; 1302 } 1303 #else /* CONFIG_LIBNL20 */ 1304 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle); 1305 if (drv->nl_cache == NULL) { 1306 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1307 "netlink cache"); 1308 goto err3; 1309 } 1310 drv->nl_cache_event = genl_ctrl_alloc_cache(drv->nl_handle_event); 1311 if (drv->nl_cache_event == NULL) { 1312 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1313 "netlink cache (event)"); 1314 goto err3b; 1315 } 1316 #endif /* CONFIG_LIBNL20 */ 1317 1318 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211"); 1319 if (drv->nl80211 == NULL) { 1320 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 1321 "found"); 1322 goto err4; 1323 } 1324 1325 ret = nl_get_multicast_id(drv, "nl80211", "scan"); 1326 if (ret >= 0) 1327 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1328 if (ret < 0) { 1329 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 1330 "membership for scan events: %d (%s)", 1331 ret, strerror(-ret)); 1332 goto err4; 1333 } 1334 1335 ret = nl_get_multicast_id(drv, "nl80211", "mlme"); 1336 if (ret >= 0) 1337 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1338 if (ret < 0) { 1339 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 1340 "membership for mlme events: %d (%s)", 1341 ret, strerror(-ret)); 1342 goto err4; 1343 } 1344 1345 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_event), 1346 wpa_driver_nl80211_event_receive, drv, ctx); 1347 1348 return 0; 1349 1350 err4: 1351 nl_cache_free(drv->nl_cache_event); 1352 err3b: 1353 nl_cache_free(drv->nl_cache); 1354 err3: 1355 nl_handle_destroy(drv->nl_handle_event); 1356 err2b: 1357 nl_handle_destroy(drv->nl_handle); 1358 err2: 1359 nl_cb_put(drv->nl_cb); 1360 err1: 1361 return -1; 1362 } 1363 1364 1365 /** 1366 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 1367 * @ctx: context to be used when calling wpa_supplicant functions, 1368 * e.g., wpa_supplicant_event() 1369 * @ifname: interface name, e.g., wlan0 1370 * Returns: Pointer to private data, %NULL on failure 1371 */ 1372 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname) 1373 { 1374 struct wpa_driver_nl80211_data *drv; 1375 struct netlink_config *cfg; 1376 struct i802_bss *bss; 1377 1378 drv = os_zalloc(sizeof(*drv)); 1379 if (drv == NULL) 1380 return NULL; 1381 drv->ctx = ctx; 1382 bss = &drv->first_bss; 1383 bss->drv = drv; 1384 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 1385 drv->monitor_ifidx = -1; 1386 drv->monitor_sock = -1; 1387 drv->ioctl_sock = -1; 1388 1389 if (wpa_driver_nl80211_init_nl(drv, ctx)) { 1390 os_free(drv); 1391 return NULL; 1392 } 1393 1394 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 1395 if (drv->ioctl_sock < 0) { 1396 perror("socket(PF_INET,SOCK_DGRAM)"); 1397 goto failed; 1398 } 1399 1400 cfg = os_zalloc(sizeof(*cfg)); 1401 if (cfg == NULL) 1402 goto failed; 1403 cfg->ctx = drv; 1404 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 1405 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 1406 drv->netlink = netlink_init(cfg); 1407 if (drv->netlink == NULL) { 1408 os_free(cfg); 1409 goto failed; 1410 } 1411 if (wpa_driver_nl80211_finish_drv_init(drv)) 1412 goto failed; 1413 1414 return bss; 1415 1416 failed: 1417 netlink_deinit(drv->netlink); 1418 if (drv->ioctl_sock >= 0) 1419 close(drv->ioctl_sock); 1420 1421 genl_family_put(drv->nl80211); 1422 nl_cache_free(drv->nl_cache); 1423 nl_handle_destroy(drv->nl_handle); 1424 nl_cb_put(drv->nl_cb); 1425 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 1426 1427 os_free(drv); 1428 return NULL; 1429 } 1430 1431 1432 static int nl80211_register_action_frame(struct wpa_driver_nl80211_data *drv, 1433 const u8 *match, size_t match_len) 1434 { 1435 struct nl_msg *msg; 1436 int ret = -1; 1437 1438 msg = nlmsg_alloc(); 1439 if (!msg) 1440 return -1; 1441 1442 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 1443 NL80211_CMD_REGISTER_ACTION, 0); 1444 1445 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1446 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 1447 1448 ret = send_and_recv(drv, drv->nl_handle_event, msg, NULL, NULL); 1449 msg = NULL; 1450 if (ret) { 1451 wpa_printf(MSG_DEBUG, "nl80211: Register Action command " 1452 "failed: ret=%d (%s)", ret, strerror(-ret)); 1453 wpa_hexdump(MSG_DEBUG, "nl80211: Register Action match", 1454 match, match_len); 1455 goto nla_put_failure; 1456 } 1457 ret = 0; 1458 nla_put_failure: 1459 nlmsg_free(msg); 1460 return ret; 1461 } 1462 1463 1464 static int nl80211_register_action_frames(struct wpa_driver_nl80211_data *drv) 1465 { 1466 /* FT Action frames */ 1467 if (nl80211_register_action_frame(drv, (u8 *) "\x06", 1) < 0) 1468 return -1; 1469 else 1470 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 1471 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 1472 1473 return 0; 1474 } 1475 1476 1477 static int 1478 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv) 1479 { 1480 struct i802_bss *bss = &drv->first_bss; 1481 1482 drv->ifindex = if_nametoindex(bss->ifname); 1483 drv->first_bss.ifindex = drv->ifindex; 1484 1485 #ifndef HOSTAPD 1486 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA) < 0) { 1487 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to " 1488 "use managed mode"); 1489 } 1490 1491 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) { 1492 wpa_printf(MSG_ERROR, "Could not set interface '%s' UP", 1493 bss->ifname); 1494 return -1; 1495 } 1496 1497 if (wpa_driver_nl80211_capa(drv)) 1498 return -1; 1499 1500 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 1501 1, IF_OPER_DORMANT); 1502 #endif /* HOSTAPD */ 1503 1504 if (nl80211_register_action_frames(drv) < 0) { 1505 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 1506 "frame processing - ignore for now"); 1507 /* 1508 * Older kernel versions did not support this, so ignore the 1509 * error for now. Some functionality may not be available 1510 * because of this. 1511 */ 1512 } 1513 1514 return 0; 1515 } 1516 1517 1518 static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 1519 { 1520 struct nl_msg *msg; 1521 1522 msg = nlmsg_alloc(); 1523 if (!msg) 1524 return -ENOMEM; 1525 1526 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1527 0, NL80211_CMD_DEL_BEACON, 0); 1528 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1529 1530 return send_and_recv_msgs(drv, msg, NULL, NULL); 1531 nla_put_failure: 1532 return -ENOBUFS; 1533 } 1534 1535 1536 /** 1537 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 1538 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init() 1539 * 1540 * Shut down driver interface and processing of driver events. Free 1541 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 1542 */ 1543 static void wpa_driver_nl80211_deinit(void *priv) 1544 { 1545 struct i802_bss *bss = priv; 1546 struct wpa_driver_nl80211_data *drv = bss->drv; 1547 1548 if (drv->added_if_into_bridge) { 1549 if (linux_br_del_if(drv->ioctl_sock, drv->brname, bss->ifname) 1550 < 0) 1551 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 1552 "interface %s from bridge %s: %s", 1553 bss->ifname, drv->brname, strerror(errno)); 1554 } 1555 if (drv->added_bridge) { 1556 if (linux_br_del(drv->ioctl_sock, drv->brname) < 0) 1557 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 1558 "bridge %s: %s", 1559 drv->brname, strerror(errno)); 1560 } 1561 1562 nl80211_remove_monitor_interface(drv); 1563 1564 if (drv->nlmode == NL80211_IFTYPE_AP) 1565 wpa_driver_nl80211_del_beacon(drv); 1566 1567 #ifdef HOSTAPD 1568 if (drv->last_freq_ht) { 1569 /* Clear HT flags from the driver */ 1570 struct hostapd_freq_params freq; 1571 os_memset(&freq, 0, sizeof(freq)); 1572 freq.freq = drv->last_freq; 1573 i802_set_freq(priv, &freq); 1574 } 1575 1576 if (drv->eapol_sock >= 0) { 1577 eloop_unregister_read_sock(drv->eapol_sock); 1578 close(drv->eapol_sock); 1579 } 1580 1581 if (drv->if_indices != drv->default_if_indices) 1582 os_free(drv->if_indices); 1583 #endif /* HOSTAPD */ 1584 1585 if (drv->disable_11b_rates) 1586 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 1587 1588 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP); 1589 netlink_deinit(drv->netlink); 1590 1591 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 1592 1593 (void) linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0); 1594 wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA); 1595 1596 if (drv->ioctl_sock >= 0) 1597 close(drv->ioctl_sock); 1598 1599 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 1600 genl_family_put(drv->nl80211); 1601 nl_cache_free(drv->nl_cache); 1602 nl_cache_free(drv->nl_cache_event); 1603 nl_handle_destroy(drv->nl_handle); 1604 nl_handle_destroy(drv->nl_handle_event); 1605 nl_cb_put(drv->nl_cb); 1606 1607 eloop_cancel_timeout(wpa_driver_nl80211_probe_req_report_timeout, 1608 drv, NULL); 1609 1610 os_free(drv->filter_ssids); 1611 1612 os_free(drv); 1613 } 1614 1615 1616 /** 1617 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 1618 * @eloop_ctx: Driver private data 1619 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 1620 * 1621 * This function can be used as registered timeout when starting a scan to 1622 * generate a scan completed event if the driver does not report this. 1623 */ 1624 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 1625 { 1626 struct wpa_driver_nl80211_data *drv = eloop_ctx; 1627 if (drv->ap_scan_as_station) { 1628 wpa_driver_nl80211_set_mode(&drv->first_bss, 1629 IEEE80211_MODE_AP); 1630 drv->ap_scan_as_station = 0; 1631 } 1632 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 1633 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 1634 } 1635 1636 1637 /** 1638 * wpa_driver_nl80211_scan - Request the driver to initiate scan 1639 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 1640 * @params: Scan parameters 1641 * Returns: 0 on success, -1 on failure 1642 */ 1643 static int wpa_driver_nl80211_scan(void *priv, 1644 struct wpa_driver_scan_params *params) 1645 { 1646 struct i802_bss *bss = priv; 1647 struct wpa_driver_nl80211_data *drv = bss->drv; 1648 int ret = 0, timeout; 1649 struct nl_msg *msg, *ssids, *freqs; 1650 size_t i; 1651 1652 msg = nlmsg_alloc(); 1653 ssids = nlmsg_alloc(); 1654 freqs = nlmsg_alloc(); 1655 if (!msg || !ssids || !freqs) { 1656 nlmsg_free(msg); 1657 nlmsg_free(ssids); 1658 nlmsg_free(freqs); 1659 return -1; 1660 } 1661 1662 os_free(drv->filter_ssids); 1663 drv->filter_ssids = params->filter_ssids; 1664 params->filter_ssids = NULL; 1665 drv->num_filter_ssids = params->num_filter_ssids; 1666 1667 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 1668 NL80211_CMD_TRIGGER_SCAN, 0); 1669 1670 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1671 1672 for (i = 0; i < params->num_ssids; i++) { 1673 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 1674 params->ssids[i].ssid, 1675 params->ssids[i].ssid_len); 1676 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len, 1677 params->ssids[i].ssid); 1678 } 1679 if (params->num_ssids) 1680 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids); 1681 1682 if (params->extra_ies) { 1683 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan extra IEs", 1684 params->extra_ies, params->extra_ies_len); 1685 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len, 1686 params->extra_ies); 1687 } 1688 1689 if (params->freqs) { 1690 for (i = 0; params->freqs[i]; i++) { 1691 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 1692 "MHz", params->freqs[i]); 1693 NLA_PUT_U32(freqs, i + 1, params->freqs[i]); 1694 } 1695 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs); 1696 } 1697 1698 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 1699 msg = NULL; 1700 if (ret) { 1701 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 1702 "(%s)", ret, strerror(-ret)); 1703 #ifdef HOSTAPD 1704 if (drv->nlmode == NL80211_IFTYPE_AP) { 1705 /* 1706 * mac80211 does not allow scan requests in AP mode, so 1707 * try to do this in station mode. 1708 */ 1709 if (wpa_driver_nl80211_set_mode(bss, 1710 IEEE80211_MODE_INFRA)) 1711 goto nla_put_failure; 1712 1713 if (wpa_driver_nl80211_scan(drv, params)) { 1714 wpa_driver_nl80211_set_mode(bss, 1715 IEEE80211_MODE_AP); 1716 goto nla_put_failure; 1717 } 1718 1719 /* Restore AP mode when processing scan results */ 1720 drv->ap_scan_as_station = 1; 1721 ret = 0; 1722 } else 1723 goto nla_put_failure; 1724 #else /* HOSTAPD */ 1725 goto nla_put_failure; 1726 #endif /* HOSTAPD */ 1727 } 1728 1729 /* Not all drivers generate "scan completed" wireless event, so try to 1730 * read results after a timeout. */ 1731 timeout = 10; 1732 if (drv->scan_complete_events) { 1733 /* 1734 * The driver seems to deliver events to notify when scan is 1735 * complete, so use longer timeout to avoid race conditions 1736 * with scanning and following association request. 1737 */ 1738 timeout = 30; 1739 } 1740 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 1741 "seconds", ret, timeout); 1742 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 1743 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 1744 drv, drv->ctx); 1745 1746 nla_put_failure: 1747 nlmsg_free(ssids); 1748 nlmsg_free(msg); 1749 nlmsg_free(freqs); 1750 return ret; 1751 } 1752 1753 1754 static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 1755 { 1756 const u8 *end, *pos; 1757 1758 if (ies == NULL) 1759 return NULL; 1760 1761 pos = ies; 1762 end = ies + ies_len; 1763 1764 while (pos + 1 < end) { 1765 if (pos + 2 + pos[1] > end) 1766 break; 1767 if (pos[0] == ie) 1768 return pos; 1769 pos += 2 + pos[1]; 1770 } 1771 1772 return NULL; 1773 } 1774 1775 1776 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 1777 const u8 *ie, size_t ie_len) 1778 { 1779 const u8 *ssid; 1780 size_t i; 1781 1782 if (drv->filter_ssids == NULL) 1783 return 0; 1784 1785 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 1786 if (ssid == NULL) 1787 return 1; 1788 1789 for (i = 0; i < drv->num_filter_ssids; i++) { 1790 if (ssid[1] == drv->filter_ssids[i].ssid_len && 1791 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 1792 0) 1793 return 0; 1794 } 1795 1796 return 1; 1797 } 1798 1799 1800 struct nl80211_bss_info_arg { 1801 struct wpa_driver_nl80211_data *drv; 1802 struct wpa_scan_results *res; 1803 }; 1804 1805 static int bss_info_handler(struct nl_msg *msg, void *arg) 1806 { 1807 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1808 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1809 struct nlattr *bss[NL80211_BSS_MAX + 1]; 1810 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 1811 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 1812 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 1813 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 1814 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 1815 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 1816 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 1817 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 1818 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 1819 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 1820 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 1821 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 1822 }; 1823 struct nl80211_bss_info_arg *_arg = arg; 1824 struct wpa_scan_results *res = _arg->res; 1825 struct wpa_scan_res **tmp; 1826 struct wpa_scan_res *r; 1827 const u8 *ie, *beacon_ie; 1828 size_t ie_len, beacon_ie_len; 1829 u8 *pos; 1830 1831 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1832 genlmsg_attrlen(gnlh, 0), NULL); 1833 if (!tb[NL80211_ATTR_BSS]) 1834 return NL_SKIP; 1835 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 1836 bss_policy)) 1837 return NL_SKIP; 1838 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 1839 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 1840 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 1841 } else { 1842 ie = NULL; 1843 ie_len = 0; 1844 } 1845 if (bss[NL80211_BSS_BEACON_IES]) { 1846 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 1847 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 1848 } else { 1849 beacon_ie = NULL; 1850 beacon_ie_len = 0; 1851 } 1852 1853 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 1854 ie ? ie_len : beacon_ie_len)) 1855 return NL_SKIP; 1856 1857 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 1858 if (r == NULL) 1859 return NL_SKIP; 1860 if (bss[NL80211_BSS_BSSID]) 1861 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 1862 ETH_ALEN); 1863 if (bss[NL80211_BSS_FREQUENCY]) 1864 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 1865 if (bss[NL80211_BSS_BEACON_INTERVAL]) 1866 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 1867 if (bss[NL80211_BSS_CAPABILITY]) 1868 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 1869 r->flags |= WPA_SCAN_NOISE_INVALID; 1870 if (bss[NL80211_BSS_SIGNAL_MBM]) { 1871 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 1872 r->level /= 100; /* mBm to dBm */ 1873 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 1874 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 1875 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 1876 r->flags |= WPA_SCAN_LEVEL_INVALID; 1877 } else 1878 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 1879 if (bss[NL80211_BSS_TSF]) 1880 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 1881 if (bss[NL80211_BSS_SEEN_MS_AGO]) 1882 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 1883 r->ie_len = ie_len; 1884 pos = (u8 *) (r + 1); 1885 if (ie) { 1886 os_memcpy(pos, ie, ie_len); 1887 pos += ie_len; 1888 } 1889 r->beacon_ie_len = beacon_ie_len; 1890 if (beacon_ie) 1891 os_memcpy(pos, beacon_ie, beacon_ie_len); 1892 1893 if (bss[NL80211_BSS_STATUS]) { 1894 enum nl80211_bss_status status; 1895 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 1896 switch (status) { 1897 case NL80211_BSS_STATUS_AUTHENTICATED: 1898 r->flags |= WPA_SCAN_AUTHENTICATED; 1899 break; 1900 case NL80211_BSS_STATUS_ASSOCIATED: 1901 r->flags |= WPA_SCAN_ASSOCIATED; 1902 break; 1903 default: 1904 break; 1905 } 1906 } 1907 1908 tmp = os_realloc(res->res, 1909 (res->num + 1) * sizeof(struct wpa_scan_res *)); 1910 if (tmp == NULL) { 1911 os_free(r); 1912 return NL_SKIP; 1913 } 1914 tmp[res->num++] = r; 1915 res->res = tmp; 1916 1917 return NL_SKIP; 1918 } 1919 1920 1921 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 1922 const u8 *addr) 1923 { 1924 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1925 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 1926 "mismatch (" MACSTR ")", MAC2STR(addr)); 1927 wpa_driver_nl80211_mlme(drv, addr, 1928 NL80211_CMD_DEAUTHENTICATE, 1929 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 1930 } 1931 } 1932 1933 1934 static void wpa_driver_nl80211_check_bss_status( 1935 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 1936 { 1937 size_t i; 1938 1939 for (i = 0; i < res->num; i++) { 1940 struct wpa_scan_res *r = res->res[i]; 1941 if (r->flags & WPA_SCAN_AUTHENTICATED) { 1942 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 1943 "indicates BSS status with " MACSTR 1944 " as authenticated", 1945 MAC2STR(r->bssid)); 1946 if (drv->nlmode == NL80211_IFTYPE_STATION && 1947 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 1948 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 1949 0) { 1950 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 1951 " in local state (auth=" MACSTR 1952 " assoc=" MACSTR ")", 1953 MAC2STR(drv->auth_bssid), 1954 MAC2STR(drv->bssid)); 1955 clear_state_mismatch(drv, r->bssid); 1956 } 1957 } 1958 1959 if (r->flags & WPA_SCAN_ASSOCIATED) { 1960 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 1961 "indicate BSS status with " MACSTR 1962 " as associated", 1963 MAC2STR(r->bssid)); 1964 if (drv->nlmode == NL80211_IFTYPE_STATION && 1965 !drv->associated) { 1966 wpa_printf(MSG_DEBUG, "nl80211: Local state " 1967 "(not associated) does not match " 1968 "with BSS state"); 1969 clear_state_mismatch(drv, r->bssid); 1970 } else if (drv->nlmode == NL80211_IFTYPE_STATION && 1971 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 1972 0) { 1973 wpa_printf(MSG_DEBUG, "nl80211: Local state " 1974 "(associated with " MACSTR ") does " 1975 "not match with BSS state", 1976 MAC2STR(drv->bssid)); 1977 clear_state_mismatch(drv, r->bssid); 1978 clear_state_mismatch(drv, drv->bssid); 1979 } 1980 } 1981 } 1982 } 1983 1984 1985 static void wpa_scan_results_free(struct wpa_scan_results *res) 1986 { 1987 size_t i; 1988 1989 if (res == NULL) 1990 return; 1991 1992 for (i = 0; i < res->num; i++) 1993 os_free(res->res[i]); 1994 os_free(res->res); 1995 os_free(res); 1996 } 1997 1998 1999 static struct wpa_scan_results * 2000 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 2001 { 2002 struct nl_msg *msg; 2003 struct wpa_scan_results *res; 2004 int ret; 2005 struct nl80211_bss_info_arg arg; 2006 2007 res = os_zalloc(sizeof(*res)); 2008 if (res == NULL) 2009 return NULL; 2010 msg = nlmsg_alloc(); 2011 if (!msg) 2012 goto nla_put_failure; 2013 2014 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP, 2015 NL80211_CMD_GET_SCAN, 0); 2016 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2017 2018 arg.drv = drv; 2019 arg.res = res; 2020 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 2021 msg = NULL; 2022 if (ret == 0) { 2023 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)", 2024 (unsigned long) res->num); 2025 return res; 2026 } 2027 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 2028 "(%s)", ret, strerror(-ret)); 2029 nla_put_failure: 2030 nlmsg_free(msg); 2031 wpa_scan_results_free(res); 2032 return NULL; 2033 } 2034 2035 2036 /** 2037 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 2038 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 2039 * Returns: Scan results on success, -1 on failure 2040 */ 2041 static struct wpa_scan_results * 2042 wpa_driver_nl80211_get_scan_results(void *priv) 2043 { 2044 struct i802_bss *bss = priv; 2045 struct wpa_driver_nl80211_data *drv = bss->drv; 2046 struct wpa_scan_results *res; 2047 2048 res = nl80211_get_scan_results(drv); 2049 if (res) 2050 wpa_driver_nl80211_check_bss_status(drv, res); 2051 return res; 2052 } 2053 2054 2055 static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 2056 { 2057 struct wpa_scan_results *res; 2058 size_t i; 2059 2060 res = nl80211_get_scan_results(drv); 2061 if (res == NULL) { 2062 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 2063 return; 2064 } 2065 2066 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 2067 for (i = 0; i < res->num; i++) { 2068 struct wpa_scan_res *r = res->res[i]; 2069 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 2070 (int) i, (int) res->num, MAC2STR(r->bssid), 2071 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 2072 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 2073 } 2074 2075 wpa_scan_results_free(res); 2076 } 2077 2078 2079 static int wpa_driver_nl80211_set_key(const char *ifname, void *priv, 2080 enum wpa_alg alg, const u8 *addr, 2081 int key_idx, int set_tx, 2082 const u8 *seq, size_t seq_len, 2083 const u8 *key, size_t key_len) 2084 { 2085 struct i802_bss *bss = priv; 2086 struct wpa_driver_nl80211_data *drv = bss->drv; 2087 int ifindex = if_nametoindex(ifname); 2088 struct nl_msg *msg; 2089 int ret; 2090 2091 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d " 2092 "set_tx=%d seq_len=%lu key_len=%lu", 2093 __func__, ifindex, alg, addr, key_idx, set_tx, 2094 (unsigned long) seq_len, (unsigned long) key_len); 2095 2096 msg = nlmsg_alloc(); 2097 if (!msg) 2098 return -ENOMEM; 2099 2100 if (alg == WPA_ALG_NONE) { 2101 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2102 0, NL80211_CMD_DEL_KEY, 0); 2103 } else { 2104 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2105 0, NL80211_CMD_NEW_KEY, 0); 2106 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 2107 switch (alg) { 2108 case WPA_ALG_WEP: 2109 if (key_len == 5) 2110 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2111 WLAN_CIPHER_SUITE_WEP40); 2112 else 2113 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2114 WLAN_CIPHER_SUITE_WEP104); 2115 break; 2116 case WPA_ALG_TKIP: 2117 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2118 WLAN_CIPHER_SUITE_TKIP); 2119 break; 2120 case WPA_ALG_CCMP: 2121 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2122 WLAN_CIPHER_SUITE_CCMP); 2123 break; 2124 case WPA_ALG_IGTK: 2125 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2126 WLAN_CIPHER_SUITE_AES_CMAC); 2127 break; 2128 default: 2129 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 2130 "algorithm %d", __func__, alg); 2131 nlmsg_free(msg); 2132 return -1; 2133 } 2134 } 2135 2136 if (seq && seq_len) 2137 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 2138 2139 if (addr && os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0) 2140 { 2141 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 2142 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 2143 } 2144 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 2145 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 2146 2147 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2148 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 2149 ret = 0; 2150 if (ret) 2151 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 2152 ret, strerror(-ret)); 2153 2154 /* 2155 * If we failed or don't need to set the default TX key (below), 2156 * we're done here. 2157 */ 2158 if (ret || !set_tx || alg == WPA_ALG_NONE) 2159 return ret; 2160 #ifdef HOSTAPD 2161 if (addr) 2162 return ret; 2163 #else /* HOSTAPD */ 2164 if (drv->nlmode == NL80211_IFTYPE_AP && addr) 2165 return ret; 2166 #endif /* HOSTAPD */ 2167 2168 msg = nlmsg_alloc(); 2169 if (!msg) 2170 return -ENOMEM; 2171 2172 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2173 0, NL80211_CMD_SET_KEY, 0); 2174 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 2175 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 2176 if (alg == WPA_ALG_IGTK) 2177 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 2178 else 2179 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 2180 2181 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2182 if (ret == -ENOENT) 2183 ret = 0; 2184 if (ret) 2185 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 2186 "err=%d %s)", ret, strerror(-ret)); 2187 return ret; 2188 2189 nla_put_failure: 2190 return -ENOBUFS; 2191 } 2192 2193 2194 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 2195 int key_idx, int defkey, 2196 const u8 *seq, size_t seq_len, 2197 const u8 *key, size_t key_len) 2198 { 2199 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 2200 if (!key_attr) 2201 return -1; 2202 2203 if (defkey && alg == WPA_ALG_IGTK) 2204 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 2205 else if (defkey) 2206 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 2207 2208 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 2209 2210 switch (alg) { 2211 case WPA_ALG_WEP: 2212 if (key_len == 5) 2213 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2214 WLAN_CIPHER_SUITE_WEP40); 2215 else 2216 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2217 WLAN_CIPHER_SUITE_WEP104); 2218 break; 2219 case WPA_ALG_TKIP: 2220 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP); 2221 break; 2222 case WPA_ALG_CCMP: 2223 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP); 2224 break; 2225 case WPA_ALG_IGTK: 2226 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2227 WLAN_CIPHER_SUITE_AES_CMAC); 2228 break; 2229 default: 2230 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 2231 "algorithm %d", __func__, alg); 2232 return -1; 2233 } 2234 2235 if (seq && seq_len) 2236 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 2237 2238 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 2239 2240 nla_nest_end(msg, key_attr); 2241 2242 return 0; 2243 nla_put_failure: 2244 return -1; 2245 } 2246 2247 2248 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 2249 struct nl_msg *msg) 2250 { 2251 int i, privacy = 0; 2252 struct nlattr *nl_keys, *nl_key; 2253 2254 for (i = 0; i < 4; i++) { 2255 if (!params->wep_key[i]) 2256 continue; 2257 privacy = 1; 2258 break; 2259 } 2260 if (!privacy) 2261 return 0; 2262 2263 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 2264 2265 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 2266 if (!nl_keys) 2267 goto nla_put_failure; 2268 2269 for (i = 0; i < 4; i++) { 2270 if (!params->wep_key[i]) 2271 continue; 2272 2273 nl_key = nla_nest_start(msg, i); 2274 if (!nl_key) 2275 goto nla_put_failure; 2276 2277 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 2278 params->wep_key[i]); 2279 if (params->wep_key_len[i] == 5) 2280 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2281 WLAN_CIPHER_SUITE_WEP40); 2282 else 2283 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2284 WLAN_CIPHER_SUITE_WEP104); 2285 2286 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 2287 2288 if (i == params->wep_tx_keyidx) 2289 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 2290 2291 nla_nest_end(msg, nl_key); 2292 } 2293 nla_nest_end(msg, nl_keys); 2294 2295 return 0; 2296 2297 nla_put_failure: 2298 return -ENOBUFS; 2299 } 2300 2301 2302 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 2303 const u8 *addr, int cmd, u16 reason_code, 2304 int local_state_change) 2305 { 2306 int ret = -1; 2307 struct nl_msg *msg; 2308 2309 msg = nlmsg_alloc(); 2310 if (!msg) 2311 return -1; 2312 2313 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0); 2314 2315 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2316 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 2317 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 2318 if (local_state_change) 2319 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 2320 2321 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2322 msg = NULL; 2323 if (ret) { 2324 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 2325 "(%s)", ret, strerror(-ret)); 2326 goto nla_put_failure; 2327 } 2328 ret = 0; 2329 2330 nla_put_failure: 2331 nlmsg_free(msg); 2332 return ret; 2333 } 2334 2335 2336 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 2337 const u8 *addr, int reason_code) 2338 { 2339 wpa_printf(MSG_DEBUG, "%s", __func__); 2340 drv->associated = 0; 2341 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT, 2342 reason_code, 0); 2343 } 2344 2345 2346 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr, 2347 int reason_code) 2348 { 2349 struct i802_bss *bss = priv; 2350 struct wpa_driver_nl80211_data *drv = bss->drv; 2351 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 2352 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 2353 wpa_printf(MSG_DEBUG, "%s", __func__); 2354 drv->associated = 0; 2355 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 2356 reason_code, 0); 2357 } 2358 2359 2360 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr, 2361 int reason_code) 2362 { 2363 struct i802_bss *bss = priv; 2364 struct wpa_driver_nl80211_data *drv = bss->drv; 2365 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 2366 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 2367 wpa_printf(MSG_DEBUG, "%s", __func__); 2368 drv->associated = 0; 2369 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE, 2370 reason_code, 0); 2371 } 2372 2373 2374 static int wpa_driver_nl80211_authenticate( 2375 void *priv, struct wpa_driver_auth_params *params) 2376 { 2377 struct i802_bss *bss = priv; 2378 struct wpa_driver_nl80211_data *drv = bss->drv; 2379 int ret = -1, i; 2380 struct nl_msg *msg; 2381 enum nl80211_auth_type type; 2382 int count = 0; 2383 2384 drv->associated = 0; 2385 os_memset(drv->auth_bssid, 0, ETH_ALEN); 2386 /* FIX: IBSS mode */ 2387 if (drv->nlmode != NL80211_IFTYPE_STATION) 2388 wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA); 2389 2390 if (wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA) < 0) 2391 return -1; 2392 2393 retry: 2394 msg = nlmsg_alloc(); 2395 if (!msg) 2396 return -1; 2397 2398 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 2399 drv->ifindex); 2400 2401 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 2402 NL80211_CMD_AUTHENTICATE, 0); 2403 2404 for (i = 0; i < 4; i++) { 2405 if (!params->wep_key[i]) 2406 continue; 2407 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP, 2408 NULL, i, 2409 i == params->wep_tx_keyidx, NULL, 0, 2410 params->wep_key[i], 2411 params->wep_key_len[i]); 2412 if (params->wep_tx_keyidx != i) 2413 continue; 2414 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 2415 params->wep_key[i], params->wep_key_len[i])) { 2416 nlmsg_free(msg); 2417 return -1; 2418 } 2419 } 2420 2421 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2422 if (params->bssid) { 2423 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 2424 MAC2STR(params->bssid)); 2425 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 2426 } 2427 if (params->freq) { 2428 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 2429 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 2430 } 2431 if (params->ssid) { 2432 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 2433 params->ssid, params->ssid_len); 2434 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 2435 params->ssid); 2436 } 2437 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 2438 if (params->ie) 2439 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 2440 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 2441 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 2442 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 2443 type = NL80211_AUTHTYPE_SHARED_KEY; 2444 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 2445 type = NL80211_AUTHTYPE_NETWORK_EAP; 2446 else if (params->auth_alg & WPA_AUTH_ALG_FT) 2447 type = NL80211_AUTHTYPE_FT; 2448 else 2449 goto nla_put_failure; 2450 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 2451 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 2452 if (params->local_state_change) { 2453 wpa_printf(MSG_DEBUG, " * Local state change only"); 2454 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 2455 } 2456 2457 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2458 msg = NULL; 2459 if (ret) { 2460 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 2461 "(%s)", ret, strerror(-ret)); 2462 count++; 2463 if (ret == -EALREADY && count == 1 && params->bssid && 2464 !params->local_state_change) { 2465 /* 2466 * mac80211 does not currently accept new 2467 * authentication if we are already authenticated. As a 2468 * workaround, force deauthentication and try again. 2469 */ 2470 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 2471 "after forced deauthentication"); 2472 wpa_driver_nl80211_deauthenticate( 2473 bss, params->bssid, 2474 WLAN_REASON_PREV_AUTH_NOT_VALID); 2475 nlmsg_free(msg); 2476 goto retry; 2477 } 2478 goto nla_put_failure; 2479 } 2480 ret = 0; 2481 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 2482 "successfully"); 2483 2484 nla_put_failure: 2485 nlmsg_free(msg); 2486 return ret; 2487 } 2488 2489 2490 struct phy_info_arg { 2491 u16 *num_modes; 2492 struct hostapd_hw_modes *modes; 2493 }; 2494 2495 static int phy_info_handler(struct nl_msg *msg, void *arg) 2496 { 2497 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 2498 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2499 struct phy_info_arg *phy_info = arg; 2500 2501 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 2502 2503 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 2504 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 2505 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 2506 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 2507 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG }, 2508 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG }, 2509 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 2510 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 2511 }; 2512 2513 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 2514 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 2515 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 2516 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG }, 2517 }; 2518 2519 struct nlattr *nl_band; 2520 struct nlattr *nl_freq; 2521 struct nlattr *nl_rate; 2522 int rem_band, rem_freq, rem_rate; 2523 struct hostapd_hw_modes *mode; 2524 int idx, mode_is_set; 2525 2526 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2527 genlmsg_attrlen(gnlh, 0), NULL); 2528 2529 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 2530 return NL_SKIP; 2531 2532 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) { 2533 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode)); 2534 if (!mode) 2535 return NL_SKIP; 2536 phy_info->modes = mode; 2537 2538 mode_is_set = 0; 2539 2540 mode = &phy_info->modes[*(phy_info->num_modes)]; 2541 memset(mode, 0, sizeof(*mode)); 2542 *(phy_info->num_modes) += 1; 2543 2544 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 2545 nla_len(nl_band), NULL); 2546 2547 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) { 2548 mode->ht_capab = nla_get_u16( 2549 tb_band[NL80211_BAND_ATTR_HT_CAPA]); 2550 } 2551 2552 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) { 2553 mode->a_mpdu_params |= nla_get_u8( 2554 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) & 2555 0x03; 2556 } 2557 2558 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) { 2559 mode->a_mpdu_params |= nla_get_u8( 2560 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) << 2561 2; 2562 } 2563 2564 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] && 2565 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) { 2566 u8 *mcs; 2567 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 2568 os_memcpy(mode->mcs_set, mcs, 16); 2569 } 2570 2571 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 2572 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 2573 nla_len(nl_freq), freq_policy); 2574 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 2575 continue; 2576 mode->num_channels++; 2577 } 2578 2579 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data)); 2580 if (!mode->channels) 2581 return NL_SKIP; 2582 2583 idx = 0; 2584 2585 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 2586 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 2587 nla_len(nl_freq), freq_policy); 2588 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 2589 continue; 2590 2591 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 2592 mode->channels[idx].flag = 0; 2593 2594 if (!mode_is_set) { 2595 /* crude heuristic */ 2596 if (mode->channels[idx].freq < 4000) 2597 mode->mode = HOSTAPD_MODE_IEEE80211B; 2598 else 2599 mode->mode = HOSTAPD_MODE_IEEE80211A; 2600 mode_is_set = 1; 2601 } 2602 2603 /* crude heuristic */ 2604 if (mode->channels[idx].freq < 4000) 2605 if (mode->channels[idx].freq == 2484) 2606 mode->channels[idx].chan = 14; 2607 else 2608 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5; 2609 else 2610 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000; 2611 2612 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 2613 mode->channels[idx].flag |= 2614 HOSTAPD_CHAN_DISABLED; 2615 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN]) 2616 mode->channels[idx].flag |= 2617 HOSTAPD_CHAN_PASSIVE_SCAN; 2618 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS]) 2619 mode->channels[idx].flag |= 2620 HOSTAPD_CHAN_NO_IBSS; 2621 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 2622 mode->channels[idx].flag |= 2623 HOSTAPD_CHAN_RADAR; 2624 2625 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] && 2626 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 2627 mode->channels[idx].max_tx_power = 2628 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100; 2629 2630 idx++; 2631 } 2632 2633 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 2634 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 2635 nla_len(nl_rate), rate_policy); 2636 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 2637 continue; 2638 mode->num_rates++; 2639 } 2640 2641 mode->rates = os_zalloc(mode->num_rates * sizeof(int)); 2642 if (!mode->rates) 2643 return NL_SKIP; 2644 2645 idx = 0; 2646 2647 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 2648 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 2649 nla_len(nl_rate), rate_policy); 2650 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 2651 continue; 2652 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]); 2653 2654 /* crude heuristic */ 2655 if (mode->mode == HOSTAPD_MODE_IEEE80211B && 2656 mode->rates[idx] > 200) 2657 mode->mode = HOSTAPD_MODE_IEEE80211G; 2658 2659 idx++; 2660 } 2661 } 2662 2663 return NL_SKIP; 2664 } 2665 2666 static struct hostapd_hw_modes * 2667 wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes) 2668 { 2669 u16 m; 2670 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 2671 int i, mode11g_idx = -1; 2672 2673 /* If only 802.11g mode is included, use it to construct matching 2674 * 802.11b mode data. */ 2675 2676 for (m = 0; m < *num_modes; m++) { 2677 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 2678 return modes; /* 802.11b already included */ 2679 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 2680 mode11g_idx = m; 2681 } 2682 2683 if (mode11g_idx < 0) 2684 return modes; /* 2.4 GHz band not supported at all */ 2685 2686 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes)); 2687 if (nmodes == NULL) 2688 return modes; /* Could not add 802.11b mode */ 2689 2690 mode = &nmodes[*num_modes]; 2691 os_memset(mode, 0, sizeof(*mode)); 2692 (*num_modes)++; 2693 modes = nmodes; 2694 2695 mode->mode = HOSTAPD_MODE_IEEE80211B; 2696 2697 mode11g = &modes[mode11g_idx]; 2698 mode->num_channels = mode11g->num_channels; 2699 mode->channels = os_malloc(mode11g->num_channels * 2700 sizeof(struct hostapd_channel_data)); 2701 if (mode->channels == NULL) { 2702 (*num_modes)--; 2703 return modes; /* Could not add 802.11b mode */ 2704 } 2705 os_memcpy(mode->channels, mode11g->channels, 2706 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 2707 2708 mode->num_rates = 0; 2709 mode->rates = os_malloc(4 * sizeof(int)); 2710 if (mode->rates == NULL) { 2711 os_free(mode->channels); 2712 (*num_modes)--; 2713 return modes; /* Could not add 802.11b mode */ 2714 } 2715 2716 for (i = 0; i < mode11g->num_rates; i++) { 2717 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 2718 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 2719 continue; 2720 mode->rates[mode->num_rates] = mode11g->rates[i]; 2721 mode->num_rates++; 2722 if (mode->num_rates == 4) 2723 break; 2724 } 2725 2726 if (mode->num_rates == 0) { 2727 os_free(mode->channels); 2728 os_free(mode->rates); 2729 (*num_modes)--; 2730 return modes; /* No 802.11b rates */ 2731 } 2732 2733 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 2734 "information"); 2735 2736 return modes; 2737 } 2738 2739 2740 static struct hostapd_hw_modes * 2741 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 2742 { 2743 struct i802_bss *bss = priv; 2744 struct wpa_driver_nl80211_data *drv = bss->drv; 2745 struct nl_msg *msg; 2746 struct phy_info_arg result = { 2747 .num_modes = num_modes, 2748 .modes = NULL, 2749 }; 2750 2751 *num_modes = 0; 2752 *flags = 0; 2753 2754 msg = nlmsg_alloc(); 2755 if (!msg) 2756 return NULL; 2757 2758 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2759 0, NL80211_CMD_GET_WIPHY, 0); 2760 2761 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2762 2763 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) 2764 return wpa_driver_nl80211_add_11b(result.modes, num_modes); 2765 nla_put_failure: 2766 return NULL; 2767 } 2768 2769 2770 static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv, 2771 const void *data, size_t len, 2772 int encrypt) 2773 { 2774 __u8 rtap_hdr[] = { 2775 0x00, 0x00, /* radiotap version */ 2776 0x0e, 0x00, /* radiotap length */ 2777 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 2778 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 2779 0x00, /* padding */ 2780 0x00, 0x00, /* RX and TX flags to indicate that */ 2781 0x00, 0x00, /* this is the injected frame directly */ 2782 }; 2783 struct iovec iov[2] = { 2784 { 2785 .iov_base = &rtap_hdr, 2786 .iov_len = sizeof(rtap_hdr), 2787 }, 2788 { 2789 .iov_base = (void *) data, 2790 .iov_len = len, 2791 } 2792 }; 2793 struct msghdr msg = { 2794 .msg_name = NULL, 2795 .msg_namelen = 0, 2796 .msg_iov = iov, 2797 .msg_iovlen = 2, 2798 .msg_control = NULL, 2799 .msg_controllen = 0, 2800 .msg_flags = 0, 2801 }; 2802 2803 if (encrypt) 2804 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 2805 2806 return sendmsg(drv->monitor_sock, &msg, 0); 2807 } 2808 2809 2810 static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data, 2811 size_t data_len) 2812 { 2813 struct i802_bss *bss = priv; 2814 struct wpa_driver_nl80211_data *drv = bss->drv; 2815 struct ieee80211_mgmt *mgmt; 2816 int encrypt = 1; 2817 u16 fc; 2818 2819 mgmt = (struct ieee80211_mgmt *) data; 2820 fc = le_to_host16(mgmt->frame_control); 2821 2822 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 2823 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 2824 /* 2825 * Only one of the authentication frame types is encrypted. 2826 * In order for static WEP encryption to work properly (i.e., 2827 * to not encrypt the frame), we need to tell mac80211 about 2828 * the frames that must not be encrypted. 2829 */ 2830 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 2831 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 2832 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 2833 encrypt = 0; 2834 } 2835 2836 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt); 2837 } 2838 2839 2840 static int wpa_driver_nl80211_set_beacon(void *priv, 2841 const u8 *head, size_t head_len, 2842 const u8 *tail, size_t tail_len, 2843 int dtim_period, int beacon_int) 2844 { 2845 struct i802_bss *bss = priv; 2846 struct wpa_driver_nl80211_data *drv = bss->drv; 2847 struct nl_msg *msg; 2848 u8 cmd = NL80211_CMD_NEW_BEACON; 2849 int ret; 2850 int beacon_set; 2851 int ifindex = if_nametoindex(bss->ifname); 2852 2853 beacon_set = bss->beacon_set; 2854 2855 msg = nlmsg_alloc(); 2856 if (!msg) 2857 return -ENOMEM; 2858 2859 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 2860 beacon_set); 2861 if (beacon_set) 2862 cmd = NL80211_CMD_SET_BEACON; 2863 2864 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2865 0, cmd, 0); 2866 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head); 2867 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail); 2868 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 2869 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, beacon_int); 2870 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period); 2871 2872 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2873 if (ret) { 2874 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 2875 ret, strerror(-ret)); 2876 } else { 2877 bss->beacon_set = 1; 2878 } 2879 return ret; 2880 nla_put_failure: 2881 return -ENOBUFS; 2882 } 2883 2884 2885 static int wpa_driver_nl80211_set_freq(struct wpa_driver_nl80211_data *drv, 2886 int freq, int ht_enabled, 2887 int sec_channel_offset) 2888 { 2889 struct nl_msg *msg; 2890 int ret; 2891 2892 msg = nlmsg_alloc(); 2893 if (!msg) 2894 return -1; 2895 2896 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 2897 NL80211_CMD_SET_WIPHY, 0); 2898 2899 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2900 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 2901 if (ht_enabled) { 2902 switch (sec_channel_offset) { 2903 case -1: 2904 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 2905 NL80211_CHAN_HT40MINUS); 2906 break; 2907 case 1: 2908 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 2909 NL80211_CHAN_HT40PLUS); 2910 break; 2911 default: 2912 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 2913 NL80211_CHAN_HT20); 2914 break; 2915 } 2916 } 2917 2918 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2919 if (ret == 0) 2920 return 0; 2921 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 2922 "%d (%s)", freq, ret, strerror(-ret)); 2923 nla_put_failure: 2924 return -1; 2925 } 2926 2927 2928 static int wpa_driver_nl80211_sta_add(void *priv, 2929 struct hostapd_sta_add_params *params) 2930 { 2931 struct i802_bss *bss = priv; 2932 struct wpa_driver_nl80211_data *drv = bss->drv; 2933 struct nl_msg *msg; 2934 int ret = -ENOBUFS; 2935 2936 msg = nlmsg_alloc(); 2937 if (!msg) 2938 return -ENOMEM; 2939 2940 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2941 0, NL80211_CMD_NEW_STATION, 0); 2942 2943 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 2944 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 2945 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 2946 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 2947 params->supp_rates); 2948 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 2949 params->listen_interval); 2950 if (params->ht_capabilities) { 2951 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 2952 sizeof(*params->ht_capabilities), 2953 params->ht_capabilities); 2954 } 2955 2956 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2957 if (ret) 2958 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION " 2959 "result: %d (%s)", ret, strerror(-ret)); 2960 if (ret == -EEXIST) 2961 ret = 0; 2962 nla_put_failure: 2963 return ret; 2964 } 2965 2966 2967 static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr) 2968 { 2969 struct i802_bss *bss = priv; 2970 struct wpa_driver_nl80211_data *drv = bss->drv; 2971 struct nl_msg *msg; 2972 int ret; 2973 2974 msg = nlmsg_alloc(); 2975 if (!msg) 2976 return -ENOMEM; 2977 2978 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2979 0, NL80211_CMD_DEL_STATION, 0); 2980 2981 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 2982 if_nametoindex(bss->ifname)); 2983 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 2984 2985 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2986 if (ret == -ENOENT) 2987 return 0; 2988 return ret; 2989 nla_put_failure: 2990 return -ENOBUFS; 2991 } 2992 2993 2994 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 2995 int ifidx) 2996 { 2997 struct nl_msg *msg; 2998 2999 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 3000 3001 #ifdef HOSTAPD 3002 /* stop listening for EAPOL on this interface */ 3003 del_ifidx(drv, ifidx); 3004 #endif /* HOSTAPD */ 3005 3006 msg = nlmsg_alloc(); 3007 if (!msg) 3008 goto nla_put_failure; 3009 3010 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3011 0, NL80211_CMD_DEL_INTERFACE, 0); 3012 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 3013 3014 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 3015 return; 3016 nla_put_failure: 3017 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 3018 } 3019 3020 3021 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 3022 const char *ifname, 3023 enum nl80211_iftype iftype, 3024 const u8 *addr, int wds) 3025 { 3026 struct nl_msg *msg, *flags = NULL; 3027 int ifidx; 3028 int ret = -ENOBUFS; 3029 3030 msg = nlmsg_alloc(); 3031 if (!msg) 3032 return -1; 3033 3034 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3035 0, NL80211_CMD_NEW_INTERFACE, 0); 3036 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3037 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 3038 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 3039 3040 if (iftype == NL80211_IFTYPE_MONITOR) { 3041 int err; 3042 3043 flags = nlmsg_alloc(); 3044 if (!flags) 3045 goto nla_put_failure; 3046 3047 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES); 3048 3049 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags); 3050 3051 nlmsg_free(flags); 3052 3053 if (err) 3054 goto nla_put_failure; 3055 } else if (wds) { 3056 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 3057 } 3058 3059 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3060 if (ret) { 3061 nla_put_failure: 3062 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 3063 ifname, ret, strerror(-ret)); 3064 return ret; 3065 } 3066 3067 ifidx = if_nametoindex(ifname); 3068 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 3069 ifname, ifidx); 3070 3071 if (ifidx <= 0) 3072 return -1; 3073 3074 #ifdef HOSTAPD 3075 /* start listening for EAPOL on this interface */ 3076 add_ifidx(drv, ifidx); 3077 #endif /* HOSTAPD */ 3078 3079 if (addr && iftype != NL80211_IFTYPE_MONITOR && 3080 linux_set_ifhwaddr(drv->ioctl_sock, ifname, addr)) { 3081 nl80211_remove_iface(drv, ifidx); 3082 return -1; 3083 } 3084 3085 return ifidx; 3086 } 3087 3088 3089 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 3090 const char *ifname, enum nl80211_iftype iftype, 3091 const u8 *addr, int wds) 3092 { 3093 int ret; 3094 3095 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds); 3096 3097 /* if error occured and interface exists already */ 3098 if (ret == -ENFILE && if_nametoindex(ifname)) { 3099 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 3100 3101 /* Try to remove the interface that was already there. */ 3102 nl80211_remove_iface(drv, if_nametoindex(ifname)); 3103 3104 /* Try to create the interface again */ 3105 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 3106 wds); 3107 } 3108 3109 if (ret >= 0 && drv->disable_11b_rates) 3110 nl80211_disable_11b_rates(drv, ret, 1); 3111 3112 return ret; 3113 } 3114 3115 3116 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 3117 { 3118 struct ieee80211_hdr *hdr; 3119 u16 fc; 3120 union wpa_event_data event; 3121 3122 hdr = (struct ieee80211_hdr *) buf; 3123 fc = le_to_host16(hdr->frame_control); 3124 3125 os_memset(&event, 0, sizeof(event)); 3126 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 3127 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 3128 event.tx_status.dst = hdr->addr1; 3129 event.tx_status.data = buf; 3130 event.tx_status.data_len = len; 3131 event.tx_status.ack = ok; 3132 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 3133 } 3134 3135 3136 static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 3137 u8 *buf, size_t len) 3138 { 3139 union wpa_event_data event; 3140 os_memset(&event, 0, sizeof(event)); 3141 event.rx_from_unknown.frame = buf; 3142 event.rx_from_unknown.len = len; 3143 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 3144 } 3145 3146 3147 static void handle_frame(struct wpa_driver_nl80211_data *drv, 3148 u8 *buf, size_t len, int datarate, int ssi_signal) 3149 { 3150 struct ieee80211_hdr *hdr; 3151 u16 fc; 3152 union wpa_event_data event; 3153 3154 hdr = (struct ieee80211_hdr *) buf; 3155 fc = le_to_host16(hdr->frame_control); 3156 3157 switch (WLAN_FC_GET_TYPE(fc)) { 3158 case WLAN_FC_TYPE_MGMT: 3159 os_memset(&event, 0, sizeof(event)); 3160 event.rx_mgmt.frame = buf; 3161 event.rx_mgmt.frame_len = len; 3162 event.rx_mgmt.datarate = datarate; 3163 event.rx_mgmt.ssi_signal = ssi_signal; 3164 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 3165 break; 3166 case WLAN_FC_TYPE_CTRL: 3167 /* can only get here with PS-Poll frames */ 3168 wpa_printf(MSG_DEBUG, "CTRL"); 3169 from_unknown_sta(drv, buf, len); 3170 break; 3171 case WLAN_FC_TYPE_DATA: 3172 from_unknown_sta(drv, buf, len); 3173 break; 3174 } 3175 } 3176 3177 3178 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 3179 { 3180 struct wpa_driver_nl80211_data *drv = eloop_ctx; 3181 int len; 3182 unsigned char buf[3000]; 3183 struct ieee80211_radiotap_iterator iter; 3184 int ret; 3185 int datarate = 0, ssi_signal = 0; 3186 int injected = 0, failed = 0, rxflags = 0; 3187 3188 len = recv(sock, buf, sizeof(buf), 0); 3189 if (len < 0) { 3190 perror("recv"); 3191 return; 3192 } 3193 3194 if (drv->nlmode == NL80211_IFTYPE_STATION && !drv->probe_req_report) { 3195 wpa_printf(MSG_DEBUG, "nl80211: Ignore monitor interface " 3196 "frame since Probe Request reporting is disabled"); 3197 return; 3198 } 3199 3200 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) { 3201 printf("received invalid radiotap frame\n"); 3202 return; 3203 } 3204 3205 while (1) { 3206 ret = ieee80211_radiotap_iterator_next(&iter); 3207 if (ret == -ENOENT) 3208 break; 3209 if (ret) { 3210 printf("received invalid radiotap frame (%d)\n", ret); 3211 return; 3212 } 3213 switch (iter.this_arg_index) { 3214 case IEEE80211_RADIOTAP_FLAGS: 3215 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 3216 len -= 4; 3217 break; 3218 case IEEE80211_RADIOTAP_RX_FLAGS: 3219 rxflags = 1; 3220 break; 3221 case IEEE80211_RADIOTAP_TX_FLAGS: 3222 injected = 1; 3223 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 3224 IEEE80211_RADIOTAP_F_TX_FAIL; 3225 break; 3226 case IEEE80211_RADIOTAP_DATA_RETRIES: 3227 break; 3228 case IEEE80211_RADIOTAP_CHANNEL: 3229 /* TODO: convert from freq/flags to channel number */ 3230 break; 3231 case IEEE80211_RADIOTAP_RATE: 3232 datarate = *iter.this_arg * 5; 3233 break; 3234 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 3235 ssi_signal = *iter.this_arg; 3236 break; 3237 } 3238 } 3239 3240 if (rxflags && injected) 3241 return; 3242 3243 if (!injected) 3244 handle_frame(drv, buf + iter.max_length, 3245 len - iter.max_length, datarate, ssi_signal); 3246 else 3247 handle_tx_callback(drv->ctx, buf + iter.max_length, 3248 len - iter.max_length, !failed); 3249 } 3250 3251 3252 /* 3253 * we post-process the filter code later and rewrite 3254 * this to the offset to the last instruction 3255 */ 3256 #define PASS 0xFF 3257 #define FAIL 0xFE 3258 3259 static struct sock_filter msock_filter_insns[] = { 3260 /* 3261 * do a little-endian load of the radiotap length field 3262 */ 3263 /* load lower byte into A */ 3264 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 3265 /* put it into X (== index register) */ 3266 BPF_STMT(BPF_MISC| BPF_TAX, 0), 3267 /* load upper byte into A */ 3268 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 3269 /* left-shift it by 8 */ 3270 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 3271 /* or with X */ 3272 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 3273 /* put result into X */ 3274 BPF_STMT(BPF_MISC| BPF_TAX, 0), 3275 3276 /* 3277 * Allow management frames through, this also gives us those 3278 * management frames that we sent ourselves with status 3279 */ 3280 /* load the lower byte of the IEEE 802.11 frame control field */ 3281 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 3282 /* mask off frame type and version */ 3283 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 3284 /* accept frame if it's both 0, fall through otherwise */ 3285 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 3286 3287 /* 3288 * TODO: add a bit to radiotap RX flags that indicates 3289 * that the sending station is not associated, then 3290 * add a filter here that filters on our DA and that flag 3291 * to allow us to deauth frames to that bad station. 3292 * 3293 * Not a regression -- we didn't do it before either. 3294 */ 3295 3296 #if 0 3297 /* 3298 * drop non-data frames 3299 */ 3300 /* load the lower byte of the frame control field */ 3301 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 3302 /* mask off QoS bit */ 3303 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 3304 /* drop non-data frames */ 3305 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 3306 #endif 3307 /* load the upper byte of the frame control field */ 3308 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 3309 /* mask off toDS/fromDS */ 3310 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 3311 /* accept WDS frames */ 3312 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 3313 3314 /* 3315 * add header length to index 3316 */ 3317 /* load the lower byte of the frame control field */ 3318 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 3319 /* mask off QoS bit */ 3320 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 3321 /* right shift it by 6 to give 0 or 2 */ 3322 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 3323 /* add data frame header length */ 3324 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 3325 /* add index, was start of 802.11 header */ 3326 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 3327 /* move to index, now start of LL header */ 3328 BPF_STMT(BPF_MISC | BPF_TAX, 0), 3329 3330 /* 3331 * Accept empty data frames, we use those for 3332 * polling activity. 3333 */ 3334 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 3335 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 3336 3337 /* 3338 * Accept EAPOL frames 3339 */ 3340 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 3341 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 3342 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 3343 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 3344 3345 /* keep these last two statements or change the code below */ 3346 /* return 0 == "DROP" */ 3347 BPF_STMT(BPF_RET | BPF_K, 0), 3348 /* return ~0 == "keep all" */ 3349 BPF_STMT(BPF_RET | BPF_K, ~0), 3350 }; 3351 3352 static struct sock_fprog msock_filter = { 3353 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]), 3354 .filter = msock_filter_insns, 3355 }; 3356 3357 3358 static int add_monitor_filter(int s) 3359 { 3360 int idx; 3361 3362 /* rewrite all PASS/FAIL jump offsets */ 3363 for (idx = 0; idx < msock_filter.len; idx++) { 3364 struct sock_filter *insn = &msock_filter_insns[idx]; 3365 3366 if (BPF_CLASS(insn->code) == BPF_JMP) { 3367 if (insn->code == (BPF_JMP|BPF_JA)) { 3368 if (insn->k == PASS) 3369 insn->k = msock_filter.len - idx - 2; 3370 else if (insn->k == FAIL) 3371 insn->k = msock_filter.len - idx - 3; 3372 } 3373 3374 if (insn->jt == PASS) 3375 insn->jt = msock_filter.len - idx - 2; 3376 else if (insn->jt == FAIL) 3377 insn->jt = msock_filter.len - idx - 3; 3378 3379 if (insn->jf == PASS) 3380 insn->jf = msock_filter.len - idx - 2; 3381 else if (insn->jf == FAIL) 3382 insn->jf = msock_filter.len - idx - 3; 3383 } 3384 } 3385 3386 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 3387 &msock_filter, sizeof(msock_filter))) { 3388 perror("SO_ATTACH_FILTER"); 3389 return -1; 3390 } 3391 3392 return 0; 3393 } 3394 3395 3396 static void nl80211_remove_monitor_interface( 3397 struct wpa_driver_nl80211_data *drv) 3398 { 3399 if (drv->monitor_ifidx >= 0) { 3400 nl80211_remove_iface(drv, drv->monitor_ifidx); 3401 drv->monitor_ifidx = -1; 3402 } 3403 if (drv->monitor_sock >= 0) { 3404 eloop_unregister_read_sock(drv->monitor_sock); 3405 close(drv->monitor_sock); 3406 drv->monitor_sock = -1; 3407 } 3408 } 3409 3410 3411 static int 3412 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 3413 { 3414 char buf[IFNAMSIZ]; 3415 struct sockaddr_ll ll; 3416 int optval; 3417 socklen_t optlen; 3418 3419 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname); 3420 buf[IFNAMSIZ - 1] = '\0'; 3421 3422 drv->monitor_ifidx = 3423 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 3424 0); 3425 3426 if (drv->monitor_ifidx < 0) 3427 return -1; 3428 3429 if (linux_set_iface_flags(drv->ioctl_sock, buf, 1)) 3430 goto error; 3431 3432 memset(&ll, 0, sizeof(ll)); 3433 ll.sll_family = AF_PACKET; 3434 ll.sll_ifindex = drv->monitor_ifidx; 3435 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 3436 if (drv->monitor_sock < 0) { 3437 perror("socket[PF_PACKET,SOCK_RAW]"); 3438 goto error; 3439 } 3440 3441 if (add_monitor_filter(drv->monitor_sock)) { 3442 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 3443 "interface; do filtering in user space"); 3444 /* This works, but will cost in performance. */ 3445 } 3446 3447 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 3448 perror("monitor socket bind"); 3449 goto error; 3450 } 3451 3452 optlen = sizeof(optval); 3453 optval = 20; 3454 if (setsockopt 3455 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 3456 perror("Failed to set socket priority"); 3457 goto error; 3458 } 3459 3460 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 3461 drv, NULL)) { 3462 printf("Could not register monitor read socket\n"); 3463 goto error; 3464 } 3465 3466 return 0; 3467 error: 3468 nl80211_remove_monitor_interface(drv); 3469 return -1; 3470 } 3471 3472 3473 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 3474 3475 static int wpa_driver_nl80211_hapd_send_eapol( 3476 void *priv, const u8 *addr, const u8 *data, 3477 size_t data_len, int encrypt, const u8 *own_addr) 3478 { 3479 struct i802_bss *bss = priv; 3480 struct wpa_driver_nl80211_data *drv = bss->drv; 3481 struct ieee80211_hdr *hdr; 3482 size_t len; 3483 u8 *pos; 3484 int res; 3485 #if 0 /* FIX */ 3486 int qos = sta->flags & WPA_STA_WMM; 3487 #else 3488 int qos = 0; 3489 #endif 3490 3491 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 3492 data_len; 3493 hdr = os_zalloc(len); 3494 if (hdr == NULL) { 3495 printf("malloc() failed for i802_send_data(len=%lu)\n", 3496 (unsigned long) len); 3497 return -1; 3498 } 3499 3500 hdr->frame_control = 3501 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 3502 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 3503 if (encrypt) 3504 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 3505 #if 0 /* To be enabled if qos determination is added above */ 3506 if (qos) { 3507 hdr->frame_control |= 3508 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 3509 } 3510 #endif 3511 3512 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 3513 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 3514 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 3515 pos = (u8 *) (hdr + 1); 3516 3517 #if 0 /* To be enabled if qos determination is added above */ 3518 if (qos) { 3519 /* add an empty QoS header if needed */ 3520 pos[0] = 0; 3521 pos[1] = 0; 3522 pos += 2; 3523 } 3524 #endif 3525 3526 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 3527 pos += sizeof(rfc1042_header); 3528 WPA_PUT_BE16(pos, ETH_P_PAE); 3529 pos += 2; 3530 memcpy(pos, data, data_len); 3531 3532 res = wpa_driver_nl80211_send_frame(drv, (u8 *) hdr, len, encrypt); 3533 if (res < 0) { 3534 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 3535 "failed: %d (%s)", 3536 (unsigned long) len, errno, strerror(errno)); 3537 } 3538 os_free(hdr); 3539 3540 return res; 3541 } 3542 3543 3544 static u32 sta_flags_nl80211(int flags) 3545 { 3546 u32 f = 0; 3547 3548 if (flags & WPA_STA_AUTHORIZED) 3549 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 3550 if (flags & WPA_STA_WMM) 3551 f |= BIT(NL80211_STA_FLAG_WME); 3552 if (flags & WPA_STA_SHORT_PREAMBLE) 3553 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 3554 if (flags & WPA_STA_MFP) 3555 f |= BIT(NL80211_STA_FLAG_MFP); 3556 3557 return f; 3558 } 3559 3560 3561 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 3562 int total_flags, 3563 int flags_or, int flags_and) 3564 { 3565 struct i802_bss *bss = priv; 3566 struct wpa_driver_nl80211_data *drv = bss->drv; 3567 struct nl_msg *msg, *flags = NULL; 3568 struct nl80211_sta_flag_update upd; 3569 3570 msg = nlmsg_alloc(); 3571 if (!msg) 3572 return -ENOMEM; 3573 3574 flags = nlmsg_alloc(); 3575 if (!flags) { 3576 nlmsg_free(msg); 3577 return -ENOMEM; 3578 } 3579 3580 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3581 0, NL80211_CMD_SET_STATION, 0); 3582 3583 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 3584 if_nametoindex(bss->ifname)); 3585 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 3586 3587 /* 3588 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 3589 * can be removed eventually. 3590 */ 3591 if (total_flags & WPA_STA_AUTHORIZED) 3592 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED); 3593 3594 if (total_flags & WPA_STA_WMM) 3595 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME); 3596 3597 if (total_flags & WPA_STA_SHORT_PREAMBLE) 3598 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE); 3599 3600 if (total_flags & WPA_STA_MFP) 3601 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP); 3602 3603 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags)) 3604 goto nla_put_failure; 3605 3606 os_memset(&upd, 0, sizeof(upd)); 3607 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 3608 upd.set = sta_flags_nl80211(flags_or); 3609 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 3610 3611 nlmsg_free(flags); 3612 3613 return send_and_recv_msgs(drv, msg, NULL, NULL); 3614 nla_put_failure: 3615 nlmsg_free(flags); 3616 return -ENOBUFS; 3617 } 3618 3619 3620 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 3621 struct wpa_driver_associate_params *params) 3622 { 3623 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode) || 3624 wpa_driver_nl80211_set_freq(drv, params->freq, 0, 0)) { 3625 nl80211_remove_monitor_interface(drv); 3626 return -1; 3627 } 3628 3629 /* TODO: setup monitor interface (and add code somewhere to remove this 3630 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */ 3631 3632 return 0; 3633 } 3634 3635 3636 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 3637 { 3638 struct nl_msg *msg; 3639 int ret = -1; 3640 3641 msg = nlmsg_alloc(); 3642 if (!msg) 3643 return -1; 3644 3645 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3646 NL80211_CMD_LEAVE_IBSS, 0); 3647 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3648 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3649 msg = NULL; 3650 if (ret) { 3651 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 3652 "(%s)", ret, strerror(-ret)); 3653 goto nla_put_failure; 3654 } 3655 3656 ret = 0; 3657 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 3658 3659 nla_put_failure: 3660 nlmsg_free(msg); 3661 return ret; 3662 } 3663 3664 3665 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 3666 struct wpa_driver_associate_params *params) 3667 { 3668 struct nl_msg *msg; 3669 int ret = -1; 3670 int count = 0; 3671 3672 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 3673 3674 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode)) { 3675 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 3676 "IBSS mode"); 3677 return -1; 3678 } 3679 3680 retry: 3681 msg = nlmsg_alloc(); 3682 if (!msg) 3683 return -1; 3684 3685 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3686 NL80211_CMD_JOIN_IBSS, 0); 3687 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3688 3689 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 3690 goto nla_put_failure; 3691 3692 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 3693 params->ssid, params->ssid_len); 3694 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 3695 params->ssid); 3696 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 3697 drv->ssid_len = params->ssid_len; 3698 3699 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 3700 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 3701 3702 ret = nl80211_set_conn_keys(params, msg); 3703 if (ret) 3704 goto nla_put_failure; 3705 3706 if (params->wpa_ie) { 3707 wpa_hexdump(MSG_DEBUG, 3708 " * Extra IEs for Beacon/Probe Response frames", 3709 params->wpa_ie, params->wpa_ie_len); 3710 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 3711 params->wpa_ie); 3712 } 3713 3714 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3715 msg = NULL; 3716 if (ret) { 3717 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 3718 ret, strerror(-ret)); 3719 count++; 3720 if (ret == -EALREADY && count == 1) { 3721 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 3722 "forced leave"); 3723 nl80211_leave_ibss(drv); 3724 nlmsg_free(msg); 3725 goto retry; 3726 } 3727 3728 goto nla_put_failure; 3729 } 3730 ret = 0; 3731 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 3732 3733 nla_put_failure: 3734 nlmsg_free(msg); 3735 return ret; 3736 } 3737 3738 3739 static int wpa_driver_nl80211_connect( 3740 struct wpa_driver_nl80211_data *drv, 3741 struct wpa_driver_associate_params *params) 3742 { 3743 struct nl_msg *msg; 3744 enum nl80211_auth_type type; 3745 int ret = 0; 3746 3747 msg = nlmsg_alloc(); 3748 if (!msg) 3749 return -1; 3750 3751 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 3752 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3753 NL80211_CMD_CONNECT, 0); 3754 3755 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3756 if (params->bssid) { 3757 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 3758 MAC2STR(params->bssid)); 3759 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 3760 } 3761 if (params->freq) { 3762 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 3763 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 3764 } 3765 if (params->ssid) { 3766 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 3767 params->ssid, params->ssid_len); 3768 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 3769 params->ssid); 3770 if (params->ssid_len > sizeof(drv->ssid)) 3771 goto nla_put_failure; 3772 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 3773 drv->ssid_len = params->ssid_len; 3774 } 3775 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 3776 if (params->wpa_ie) 3777 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 3778 params->wpa_ie); 3779 3780 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 3781 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 3782 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 3783 type = NL80211_AUTHTYPE_SHARED_KEY; 3784 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 3785 type = NL80211_AUTHTYPE_NETWORK_EAP; 3786 else if (params->auth_alg & WPA_AUTH_ALG_FT) 3787 type = NL80211_AUTHTYPE_FT; 3788 else 3789 goto nla_put_failure; 3790 3791 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 3792 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 3793 3794 if (params->wpa_ie && params->wpa_ie_len) { 3795 enum nl80211_wpa_versions ver; 3796 3797 if (params->wpa_ie[0] == WLAN_EID_RSN) 3798 ver = NL80211_WPA_VERSION_2; 3799 else 3800 ver = NL80211_WPA_VERSION_1; 3801 3802 wpa_printf(MSG_DEBUG, " * WPA Version %d", ver); 3803 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 3804 } 3805 3806 if (params->pairwise_suite != CIPHER_NONE) { 3807 int cipher; 3808 3809 switch (params->pairwise_suite) { 3810 case CIPHER_WEP40: 3811 cipher = WLAN_CIPHER_SUITE_WEP40; 3812 break; 3813 case CIPHER_WEP104: 3814 cipher = WLAN_CIPHER_SUITE_WEP104; 3815 break; 3816 case CIPHER_CCMP: 3817 cipher = WLAN_CIPHER_SUITE_CCMP; 3818 break; 3819 case CIPHER_TKIP: 3820 default: 3821 cipher = WLAN_CIPHER_SUITE_TKIP; 3822 break; 3823 } 3824 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 3825 } 3826 3827 if (params->group_suite != CIPHER_NONE) { 3828 int cipher; 3829 3830 switch (params->group_suite) { 3831 case CIPHER_WEP40: 3832 cipher = WLAN_CIPHER_SUITE_WEP40; 3833 break; 3834 case CIPHER_WEP104: 3835 cipher = WLAN_CIPHER_SUITE_WEP104; 3836 break; 3837 case CIPHER_CCMP: 3838 cipher = WLAN_CIPHER_SUITE_CCMP; 3839 break; 3840 case CIPHER_TKIP: 3841 default: 3842 cipher = WLAN_CIPHER_SUITE_TKIP; 3843 break; 3844 } 3845 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 3846 } 3847 3848 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 3849 params->key_mgmt_suite == KEY_MGMT_PSK) { 3850 int mgmt = WLAN_AKM_SUITE_PSK; 3851 3852 switch (params->key_mgmt_suite) { 3853 case KEY_MGMT_802_1X: 3854 mgmt = WLAN_AKM_SUITE_8021X; 3855 break; 3856 case KEY_MGMT_PSK: 3857 default: 3858 mgmt = WLAN_AKM_SUITE_PSK; 3859 break; 3860 } 3861 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 3862 } 3863 3864 ret = nl80211_set_conn_keys(params, msg); 3865 if (ret) 3866 goto nla_put_failure; 3867 3868 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3869 msg = NULL; 3870 if (ret) { 3871 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 3872 "(%s)", ret, strerror(-ret)); 3873 goto nla_put_failure; 3874 } 3875 ret = 0; 3876 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 3877 3878 nla_put_failure: 3879 nlmsg_free(msg); 3880 return ret; 3881 3882 } 3883 3884 3885 static int wpa_driver_nl80211_associate( 3886 void *priv, struct wpa_driver_associate_params *params) 3887 { 3888 struct i802_bss *bss = priv; 3889 struct wpa_driver_nl80211_data *drv = bss->drv; 3890 int ret = -1; 3891 struct nl_msg *msg; 3892 3893 if (params->mode == IEEE80211_MODE_AP) 3894 return wpa_driver_nl80211_ap(drv, params); 3895 3896 if (params->mode == IEEE80211_MODE_IBSS) 3897 return wpa_driver_nl80211_ibss(drv, params); 3898 3899 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 3900 if (wpa_driver_nl80211_set_mode(priv, params->mode) < 0) 3901 return -1; 3902 return wpa_driver_nl80211_connect(drv, params); 3903 } 3904 3905 drv->associated = 0; 3906 3907 msg = nlmsg_alloc(); 3908 if (!msg) 3909 return -1; 3910 3911 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 3912 drv->ifindex); 3913 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3914 NL80211_CMD_ASSOCIATE, 0); 3915 3916 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3917 if (params->bssid) { 3918 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 3919 MAC2STR(params->bssid)); 3920 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 3921 } 3922 if (params->freq) { 3923 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 3924 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 3925 drv->assoc_freq = params->freq; 3926 } else 3927 drv->assoc_freq = 0; 3928 if (params->ssid) { 3929 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 3930 params->ssid, params->ssid_len); 3931 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 3932 params->ssid); 3933 if (params->ssid_len > sizeof(drv->ssid)) 3934 goto nla_put_failure; 3935 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 3936 drv->ssid_len = params->ssid_len; 3937 } 3938 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 3939 if (params->wpa_ie) 3940 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 3941 params->wpa_ie); 3942 3943 #ifdef CONFIG_IEEE80211W 3944 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 3945 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 3946 #endif /* CONFIG_IEEE80211W */ 3947 3948 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 3949 3950 if (params->prev_bssid) { 3951 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 3952 MAC2STR(params->prev_bssid)); 3953 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 3954 params->prev_bssid); 3955 } 3956 3957 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3958 msg = NULL; 3959 if (ret) { 3960 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 3961 "(%s)", ret, strerror(-ret)); 3962 nl80211_dump_scan(drv); 3963 goto nla_put_failure; 3964 } 3965 ret = 0; 3966 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 3967 "successfully"); 3968 3969 nla_put_failure: 3970 nlmsg_free(msg); 3971 return ret; 3972 } 3973 3974 3975 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 3976 int ifindex, int mode) 3977 { 3978 struct nl_msg *msg; 3979 int ret = -ENOBUFS; 3980 3981 msg = nlmsg_alloc(); 3982 if (!msg) 3983 return -ENOMEM; 3984 3985 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3986 0, NL80211_CMD_SET_INTERFACE, 0); 3987 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 3988 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 3989 3990 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3991 if (!ret) 3992 return 0; 3993 nla_put_failure: 3994 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 3995 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 3996 return ret; 3997 } 3998 3999 4000 static int wpa_driver_nl80211_set_mode(void *priv, int mode) 4001 { 4002 struct i802_bss *bss = priv; 4003 struct wpa_driver_nl80211_data *drv = bss->drv; 4004 int ret = -1; 4005 int nlmode; 4006 4007 switch (mode) { 4008 case 0: 4009 nlmode = NL80211_IFTYPE_STATION; 4010 break; 4011 case 1: 4012 nlmode = NL80211_IFTYPE_ADHOC; 4013 break; 4014 case 2: 4015 nlmode = NL80211_IFTYPE_AP; 4016 break; 4017 default: 4018 return -1; 4019 } 4020 4021 if (nl80211_set_mode(drv, drv->ifindex, nlmode) == 0) { 4022 drv->nlmode = nlmode; 4023 ret = 0; 4024 goto done; 4025 } 4026 4027 if (nlmode == drv->nlmode) { 4028 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 4029 "requested mode - ignore error"); 4030 ret = 0; 4031 goto done; /* Already in the requested mode */ 4032 } 4033 4034 /* mac80211 doesn't allow mode changes while the device is up, so 4035 * take the device down, try to set the mode again, and bring the 4036 * device back up. 4037 */ 4038 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0) == 0) { 4039 /* Try to set the mode again while the interface is down */ 4040 ret = nl80211_set_mode(drv, drv->ifindex, nlmode); 4041 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) 4042 ret = -1; 4043 } 4044 4045 if (!ret) { 4046 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 4047 "interface is down"); 4048 drv->nlmode = nlmode; 4049 } 4050 4051 done: 4052 if (!ret && nlmode == NL80211_IFTYPE_AP) { 4053 /* Setup additional AP mode functionality if needed */ 4054 if (drv->monitor_ifidx < 0 && 4055 nl80211_create_monitor_interface(drv)) 4056 return -1; 4057 } else if (!ret && nlmode != NL80211_IFTYPE_AP) { 4058 /* Remove additional AP mode functionality */ 4059 nl80211_remove_monitor_interface(drv); 4060 bss->beacon_set = 0; 4061 } 4062 4063 if (ret) 4064 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 4065 "from %d failed", nlmode, drv->nlmode); 4066 4067 return ret; 4068 } 4069 4070 4071 static int wpa_driver_nl80211_get_capa(void *priv, 4072 struct wpa_driver_capa *capa) 4073 { 4074 struct i802_bss *bss = priv; 4075 struct wpa_driver_nl80211_data *drv = bss->drv; 4076 if (!drv->has_capability) 4077 return -1; 4078 os_memcpy(capa, &drv->capa, sizeof(*capa)); 4079 return 0; 4080 } 4081 4082 4083 static int wpa_driver_nl80211_set_operstate(void *priv, int state) 4084 { 4085 struct i802_bss *bss = priv; 4086 struct wpa_driver_nl80211_data *drv = bss->drv; 4087 4088 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 4089 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 4090 drv->operstate = state; 4091 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1, 4092 state ? IF_OPER_UP : IF_OPER_DORMANT); 4093 } 4094 4095 4096 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 4097 { 4098 struct i802_bss *bss = priv; 4099 struct wpa_driver_nl80211_data *drv = bss->drv; 4100 struct nl_msg *msg; 4101 struct nl80211_sta_flag_update upd; 4102 4103 msg = nlmsg_alloc(); 4104 if (!msg) 4105 return -ENOMEM; 4106 4107 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4108 0, NL80211_CMD_SET_STATION, 0); 4109 4110 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 4111 if_nametoindex(bss->ifname)); 4112 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 4113 4114 os_memset(&upd, 0, sizeof(upd)); 4115 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 4116 if (authorized) 4117 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 4118 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 4119 4120 return send_and_recv_msgs(drv, msg, NULL, NULL); 4121 nla_put_failure: 4122 return -ENOBUFS; 4123 } 4124 4125 4126 #ifdef HOSTAPD 4127 4128 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 4129 { 4130 int i; 4131 int *old; 4132 4133 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 4134 ifidx); 4135 for (i = 0; i < drv->num_if_indices; i++) { 4136 if (drv->if_indices[i] == 0) { 4137 drv->if_indices[i] = ifidx; 4138 return; 4139 } 4140 } 4141 4142 if (drv->if_indices != drv->default_if_indices) 4143 old = drv->if_indices; 4144 else 4145 old = NULL; 4146 4147 drv->if_indices = os_realloc(old, 4148 sizeof(int) * (drv->num_if_indices + 1)); 4149 if (!drv->if_indices) { 4150 if (!old) 4151 drv->if_indices = drv->default_if_indices; 4152 else 4153 drv->if_indices = old; 4154 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 4155 "interfaces"); 4156 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 4157 return; 4158 } else if (!old) 4159 os_memcpy(drv->if_indices, drv->default_if_indices, 4160 sizeof(drv->default_if_indices)); 4161 drv->if_indices[drv->num_if_indices] = ifidx; 4162 drv->num_if_indices++; 4163 } 4164 4165 4166 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 4167 { 4168 int i; 4169 4170 for (i = 0; i < drv->num_if_indices; i++) { 4171 if (drv->if_indices[i] == ifidx) { 4172 drv->if_indices[i] = 0; 4173 break; 4174 } 4175 } 4176 } 4177 4178 4179 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 4180 { 4181 int i; 4182 4183 for (i = 0; i < drv->num_if_indices; i++) 4184 if (drv->if_indices[i] == ifidx) 4185 return 1; 4186 4187 return 0; 4188 } 4189 4190 4191 static inline int min_int(int a, int b) 4192 { 4193 if (a < b) 4194 return a; 4195 return b; 4196 } 4197 4198 4199 static int get_key_handler(struct nl_msg *msg, void *arg) 4200 { 4201 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 4202 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 4203 4204 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 4205 genlmsg_attrlen(gnlh, 0), NULL); 4206 4207 /* 4208 * TODO: validate the key index and mac address! 4209 * Otherwise, there's a race condition as soon as 4210 * the kernel starts sending key notifications. 4211 */ 4212 4213 if (tb[NL80211_ATTR_KEY_SEQ]) 4214 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 4215 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 4216 return NL_SKIP; 4217 } 4218 4219 4220 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 4221 int idx, u8 *seq) 4222 { 4223 struct i802_bss *bss = priv; 4224 struct wpa_driver_nl80211_data *drv = bss->drv; 4225 struct nl_msg *msg; 4226 4227 msg = nlmsg_alloc(); 4228 if (!msg) 4229 return -ENOMEM; 4230 4231 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4232 0, NL80211_CMD_GET_KEY, 0); 4233 4234 if (addr) 4235 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 4236 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 4237 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 4238 4239 memset(seq, 0, 6); 4240 4241 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 4242 nla_put_failure: 4243 return -ENOBUFS; 4244 } 4245 4246 4247 static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates, 4248 int mode) 4249 { 4250 struct i802_bss *bss = priv; 4251 struct wpa_driver_nl80211_data *drv = bss->drv; 4252 struct nl_msg *msg; 4253 u8 rates[NL80211_MAX_SUPP_RATES]; 4254 u8 rates_len = 0; 4255 int i; 4256 4257 msg = nlmsg_alloc(); 4258 if (!msg) 4259 return -ENOMEM; 4260 4261 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4262 NL80211_CMD_SET_BSS, 0); 4263 4264 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++) 4265 rates[rates_len++] = basic_rates[i] / 5; 4266 4267 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 4268 4269 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 4270 4271 return send_and_recv_msgs(drv, msg, NULL, NULL); 4272 nla_put_failure: 4273 return -ENOBUFS; 4274 } 4275 4276 #endif /* HOSTAPD */ 4277 4278 4279 /* Set kernel driver on given frequency (MHz) */ 4280 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 4281 { 4282 struct i802_bss *bss = priv; 4283 struct wpa_driver_nl80211_data *drv = bss->drv; 4284 return wpa_driver_nl80211_set_freq(drv, freq->freq, freq->ht_enabled, 4285 freq->sec_channel_offset); 4286 } 4287 4288 4289 #ifdef HOSTAPD 4290 4291 static int i802_set_rts(void *priv, int rts) 4292 { 4293 struct i802_bss *bss = priv; 4294 struct wpa_driver_nl80211_data *drv = bss->drv; 4295 struct nl_msg *msg; 4296 int ret = -ENOBUFS; 4297 u32 val; 4298 4299 msg = nlmsg_alloc(); 4300 if (!msg) 4301 return -ENOMEM; 4302 4303 if (rts >= 2347) 4304 val = (u32) -1; 4305 else 4306 val = rts; 4307 4308 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4309 0, NL80211_CMD_SET_WIPHY, 0); 4310 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4311 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 4312 4313 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4314 if (!ret) 4315 return 0; 4316 nla_put_failure: 4317 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 4318 "%d (%s)", rts, ret, strerror(-ret)); 4319 return ret; 4320 } 4321 4322 4323 static int i802_set_frag(void *priv, int frag) 4324 { 4325 struct i802_bss *bss = priv; 4326 struct wpa_driver_nl80211_data *drv = bss->drv; 4327 struct nl_msg *msg; 4328 int ret = -ENOBUFS; 4329 u32 val; 4330 4331 msg = nlmsg_alloc(); 4332 if (!msg) 4333 return -ENOMEM; 4334 4335 if (frag >= 2346) 4336 val = (u32) -1; 4337 else 4338 val = frag; 4339 4340 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4341 0, NL80211_CMD_SET_WIPHY, 0); 4342 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4343 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 4344 4345 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4346 if (!ret) 4347 return 0; 4348 nla_put_failure: 4349 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 4350 "%d: %d (%s)", frag, ret, strerror(-ret)); 4351 return ret; 4352 } 4353 4354 4355 static int i802_flush(void *priv) 4356 { 4357 struct i802_bss *bss = priv; 4358 struct wpa_driver_nl80211_data *drv = bss->drv; 4359 struct nl_msg *msg; 4360 4361 msg = nlmsg_alloc(); 4362 if (!msg) 4363 return -1; 4364 4365 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4366 0, NL80211_CMD_DEL_STATION, 0); 4367 4368 /* 4369 * XXX: FIX! this needs to flush all VLANs too 4370 */ 4371 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 4372 if_nametoindex(bss->ifname)); 4373 4374 return send_and_recv_msgs(drv, msg, NULL, NULL); 4375 nla_put_failure: 4376 return -ENOBUFS; 4377 } 4378 4379 4380 static int get_sta_handler(struct nl_msg *msg, void *arg) 4381 { 4382 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 4383 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 4384 struct hostap_sta_driver_data *data = arg; 4385 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 4386 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 4387 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 4388 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 4389 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 4390 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 4391 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 4392 }; 4393 4394 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 4395 genlmsg_attrlen(gnlh, 0), NULL); 4396 4397 /* 4398 * TODO: validate the interface and mac address! 4399 * Otherwise, there's a race condition as soon as 4400 * the kernel starts sending station notifications. 4401 */ 4402 4403 if (!tb[NL80211_ATTR_STA_INFO]) { 4404 wpa_printf(MSG_DEBUG, "sta stats missing!"); 4405 return NL_SKIP; 4406 } 4407 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 4408 tb[NL80211_ATTR_STA_INFO], 4409 stats_policy)) { 4410 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 4411 return NL_SKIP; 4412 } 4413 4414 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 4415 data->inactive_msec = 4416 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 4417 if (stats[NL80211_STA_INFO_RX_BYTES]) 4418 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 4419 if (stats[NL80211_STA_INFO_TX_BYTES]) 4420 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 4421 if (stats[NL80211_STA_INFO_RX_PACKETS]) 4422 data->rx_packets = 4423 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 4424 if (stats[NL80211_STA_INFO_TX_PACKETS]) 4425 data->tx_packets = 4426 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 4427 4428 return NL_SKIP; 4429 } 4430 4431 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data, 4432 const u8 *addr) 4433 { 4434 struct i802_bss *bss = priv; 4435 struct wpa_driver_nl80211_data *drv = bss->drv; 4436 struct nl_msg *msg; 4437 4438 os_memset(data, 0, sizeof(*data)); 4439 msg = nlmsg_alloc(); 4440 if (!msg) 4441 return -ENOMEM; 4442 4443 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4444 0, NL80211_CMD_GET_STATION, 0); 4445 4446 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 4447 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 4448 4449 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 4450 nla_put_failure: 4451 return -ENOBUFS; 4452 } 4453 4454 4455 static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 4456 int cw_min, int cw_max, int burst_time) 4457 { 4458 struct i802_bss *bss = priv; 4459 struct wpa_driver_nl80211_data *drv = bss->drv; 4460 struct nl_msg *msg; 4461 struct nlattr *txq, *params; 4462 4463 msg = nlmsg_alloc(); 4464 if (!msg) 4465 return -1; 4466 4467 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4468 0, NL80211_CMD_SET_WIPHY, 0); 4469 4470 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 4471 4472 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 4473 if (!txq) 4474 goto nla_put_failure; 4475 4476 /* We are only sending parameters for a single TXQ at a time */ 4477 params = nla_nest_start(msg, 1); 4478 if (!params) 4479 goto nla_put_failure; 4480 4481 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, queue); 4482 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 4483 * 32 usec, so need to convert the value here. */ 4484 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 4485 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 4486 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 4487 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 4488 4489 nla_nest_end(msg, params); 4490 4491 nla_nest_end(msg, txq); 4492 4493 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 4494 return 0; 4495 nla_put_failure: 4496 return -1; 4497 } 4498 4499 4500 static int i802_set_bss(void *priv, int cts, int preamble, int slot) 4501 { 4502 struct i802_bss *bss = priv; 4503 struct wpa_driver_nl80211_data *drv = bss->drv; 4504 struct nl_msg *msg; 4505 4506 msg = nlmsg_alloc(); 4507 if (!msg) 4508 return -ENOMEM; 4509 4510 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4511 NL80211_CMD_SET_BSS, 0); 4512 4513 if (cts >= 0) 4514 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 4515 if (preamble >= 0) 4516 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 4517 if (slot >= 0) 4518 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 4519 4520 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 4521 4522 return send_and_recv_msgs(drv, msg, NULL, NULL); 4523 nla_put_failure: 4524 return -ENOBUFS; 4525 } 4526 4527 4528 static int i802_set_cts_protect(void *priv, int value) 4529 { 4530 return i802_set_bss(priv, value, -1, -1); 4531 } 4532 4533 4534 static int i802_set_preamble(void *priv, int value) 4535 { 4536 return i802_set_bss(priv, -1, value, -1); 4537 } 4538 4539 4540 static int i802_set_short_slot_time(void *priv, int value) 4541 { 4542 return i802_set_bss(priv, -1, -1, value); 4543 } 4544 4545 4546 static int i802_set_sta_vlan(void *priv, const u8 *addr, 4547 const char *ifname, int vlan_id) 4548 { 4549 struct i802_bss *bss = priv; 4550 struct wpa_driver_nl80211_data *drv = bss->drv; 4551 struct nl_msg *msg; 4552 int ret = -ENOBUFS; 4553 4554 msg = nlmsg_alloc(); 4555 if (!msg) 4556 return -ENOMEM; 4557 4558 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4559 0, NL80211_CMD_SET_STATION, 0); 4560 4561 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 4562 if_nametoindex(bss->ifname)); 4563 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 4564 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 4565 if_nametoindex(ifname)); 4566 4567 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4568 if (ret < 0) { 4569 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 4570 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 4571 MAC2STR(addr), ifname, vlan_id, ret, 4572 strerror(-ret)); 4573 } 4574 nla_put_failure: 4575 return ret; 4576 } 4577 4578 4579 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val) 4580 { 4581 struct i802_bss *bss = priv; 4582 struct wpa_driver_nl80211_data *drv = bss->drv; 4583 char name[IFNAMSIZ + 1]; 4584 4585 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 4586 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 4587 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 4588 if (val) { 4589 if (nl80211_create_iface(drv, name, NL80211_IFTYPE_AP_VLAN, 4590 NULL, 1) < 0) 4591 return -1; 4592 linux_set_iface_flags(drv->ioctl_sock, name, 1); 4593 return i802_set_sta_vlan(priv, addr, name, 0); 4594 } else { 4595 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 4596 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN, 4597 name); 4598 } 4599 } 4600 4601 4602 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 4603 { 4604 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4605 struct sockaddr_ll lladdr; 4606 unsigned char buf[3000]; 4607 int len; 4608 socklen_t fromlen = sizeof(lladdr); 4609 4610 len = recvfrom(sock, buf, sizeof(buf), 0, 4611 (struct sockaddr *)&lladdr, &fromlen); 4612 if (len < 0) { 4613 perror("recv"); 4614 return; 4615 } 4616 4617 if (have_ifidx(drv, lladdr.sll_ifindex)) 4618 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 4619 } 4620 4621 4622 static int i802_get_inact_sec(void *priv, const u8 *addr) 4623 { 4624 struct hostap_sta_driver_data data; 4625 int ret; 4626 4627 data.inactive_msec = (unsigned long) -1; 4628 ret = i802_read_sta_data(priv, &data, addr); 4629 if (ret || data.inactive_msec == (unsigned long) -1) 4630 return -1; 4631 return data.inactive_msec / 1000; 4632 } 4633 4634 4635 static int i802_sta_clear_stats(void *priv, const u8 *addr) 4636 { 4637 #if 0 4638 /* TODO */ 4639 #endif 4640 return 0; 4641 } 4642 4643 4644 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 4645 int reason) 4646 { 4647 struct i802_bss *bss = priv; 4648 struct ieee80211_mgmt mgmt; 4649 4650 memset(&mgmt, 0, sizeof(mgmt)); 4651 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 4652 WLAN_FC_STYPE_DEAUTH); 4653 memcpy(mgmt.da, addr, ETH_ALEN); 4654 memcpy(mgmt.sa, own_addr, ETH_ALEN); 4655 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 4656 mgmt.u.deauth.reason_code = host_to_le16(reason); 4657 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 4658 IEEE80211_HDRLEN + 4659 sizeof(mgmt.u.deauth)); 4660 } 4661 4662 4663 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 4664 int reason) 4665 { 4666 struct i802_bss *bss = priv; 4667 struct ieee80211_mgmt mgmt; 4668 4669 memset(&mgmt, 0, sizeof(mgmt)); 4670 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 4671 WLAN_FC_STYPE_DISASSOC); 4672 memcpy(mgmt.da, addr, ETH_ALEN); 4673 memcpy(mgmt.sa, own_addr, ETH_ALEN); 4674 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 4675 mgmt.u.disassoc.reason_code = host_to_le16(reason); 4676 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 4677 IEEE80211_HDRLEN + 4678 sizeof(mgmt.u.disassoc)); 4679 } 4680 4681 4682 static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 4683 const char *brname, const char *ifname) 4684 { 4685 int ifindex; 4686 char in_br[IFNAMSIZ]; 4687 4688 os_strlcpy(drv->brname, brname, IFNAMSIZ); 4689 ifindex = if_nametoindex(brname); 4690 if (ifindex == 0) { 4691 /* 4692 * Bridge was configured, but the bridge device does 4693 * not exist. Try to add it now. 4694 */ 4695 if (linux_br_add(drv->ioctl_sock, brname) < 0) { 4696 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 4697 "bridge interface %s: %s", 4698 brname, strerror(errno)); 4699 return -1; 4700 } 4701 drv->added_bridge = 1; 4702 add_ifidx(drv, if_nametoindex(brname)); 4703 } 4704 4705 if (linux_br_get(in_br, ifname) == 0) { 4706 if (os_strcmp(in_br, brname) == 0) 4707 return 0; /* already in the bridge */ 4708 4709 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 4710 "bridge %s", ifname, in_br); 4711 if (linux_br_del_if(drv->ioctl_sock, in_br, ifname) < 0) { 4712 wpa_printf(MSG_ERROR, "nl80211: Failed to " 4713 "remove interface %s from bridge " 4714 "%s: %s", 4715 ifname, brname, strerror(errno)); 4716 return -1; 4717 } 4718 } 4719 4720 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 4721 ifname, brname); 4722 if (linux_br_add_if(drv->ioctl_sock, brname, ifname) < 0) { 4723 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 4724 "into bridge %s: %s", 4725 ifname, brname, strerror(errno)); 4726 return -1; 4727 } 4728 drv->added_if_into_bridge = 1; 4729 4730 return 0; 4731 } 4732 4733 4734 static void *i802_init(struct hostapd_data *hapd, 4735 struct wpa_init_params *params) 4736 { 4737 struct wpa_driver_nl80211_data *drv; 4738 struct i802_bss *bss; 4739 size_t i; 4740 char brname[IFNAMSIZ]; 4741 int ifindex, br_ifindex; 4742 int br_added = 0; 4743 4744 bss = wpa_driver_nl80211_init(hapd, params->ifname); 4745 if (bss == NULL) 4746 return NULL; 4747 4748 drv = bss->drv; 4749 if (linux_br_get(brname, params->ifname) == 0) { 4750 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 4751 params->ifname, brname); 4752 br_ifindex = if_nametoindex(brname); 4753 } else { 4754 brname[0] = '\0'; 4755 br_ifindex = 0; 4756 } 4757 4758 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 4759 drv->if_indices = drv->default_if_indices; 4760 for (i = 0; i < params->num_bridge; i++) { 4761 if (params->bridge[i]) { 4762 ifindex = if_nametoindex(params->bridge[i]); 4763 if (ifindex) 4764 add_ifidx(drv, ifindex); 4765 if (ifindex == br_ifindex) 4766 br_added = 1; 4767 } 4768 } 4769 if (!br_added && br_ifindex && 4770 (params->num_bridge == 0 || !params->bridge[0])) 4771 add_ifidx(drv, br_ifindex); 4772 4773 /* start listening for EAPOL on the default AP interface */ 4774 add_ifidx(drv, drv->ifindex); 4775 4776 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0)) 4777 goto failed; 4778 4779 if (params->bssid) { 4780 if (linux_set_ifhwaddr(drv->ioctl_sock, bss->ifname, 4781 params->bssid)) 4782 goto failed; 4783 } 4784 4785 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_AP)) { 4786 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s " 4787 "into AP mode", bss->ifname); 4788 goto failed; 4789 } 4790 4791 if (params->num_bridge && params->bridge[0] && 4792 i802_check_bridge(drv, params->bridge[0], params->ifname) < 0) 4793 goto failed; 4794 4795 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) 4796 goto failed; 4797 4798 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 4799 if (drv->eapol_sock < 0) { 4800 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)"); 4801 goto failed; 4802 } 4803 4804 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 4805 { 4806 printf("Could not register read socket for eapol\n"); 4807 goto failed; 4808 } 4809 4810 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, params->own_addr)) 4811 goto failed; 4812 4813 return bss; 4814 4815 failed: 4816 nl80211_remove_monitor_interface(drv); 4817 if (drv->ioctl_sock >= 0) 4818 close(drv->ioctl_sock); 4819 4820 genl_family_put(drv->nl80211); 4821 nl_cache_free(drv->nl_cache); 4822 nl_handle_destroy(drv->nl_handle); 4823 nl_cb_put(drv->nl_cb); 4824 4825 os_free(drv); 4826 return NULL; 4827 } 4828 4829 4830 static void i802_deinit(void *priv) 4831 { 4832 wpa_driver_nl80211_deinit(priv); 4833 } 4834 4835 #endif /* HOSTAPD */ 4836 4837 4838 static enum nl80211_iftype wpa_driver_nl80211_if_type( 4839 enum wpa_driver_if_type type) 4840 { 4841 switch (type) { 4842 case WPA_IF_STATION: 4843 return NL80211_IFTYPE_STATION; 4844 case WPA_IF_AP_VLAN: 4845 return NL80211_IFTYPE_AP_VLAN; 4846 case WPA_IF_AP_BSS: 4847 return NL80211_IFTYPE_AP; 4848 } 4849 return -1; 4850 } 4851 4852 4853 static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 4854 const char *ifname, const u8 *addr, 4855 void *bss_ctx, void **drv_priv, 4856 char *force_ifname, u8 *if_addr) 4857 { 4858 struct i802_bss *bss = priv; 4859 struct wpa_driver_nl80211_data *drv = bss->drv; 4860 int ifidx; 4861 #ifdef HOSTAPD 4862 struct i802_bss *new_bss = NULL; 4863 4864 if (type == WPA_IF_AP_BSS) { 4865 new_bss = os_zalloc(sizeof(*new_bss)); 4866 if (new_bss == NULL) 4867 return -1; 4868 } 4869 #endif /* HOSTAPD */ 4870 4871 if (addr) 4872 os_memcpy(if_addr, addr, ETH_ALEN); 4873 ifidx = nl80211_create_iface(drv, ifname, 4874 wpa_driver_nl80211_if_type(type), addr, 4875 0); 4876 if (ifidx < 0) { 4877 #ifdef HOSTAPD 4878 os_free(new_bss); 4879 #endif /* HOSTAPD */ 4880 return -1; 4881 } 4882 4883 if (!addr && 4884 linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, if_addr) < 0) 4885 return -1; 4886 4887 #ifdef HOSTAPD 4888 if (type == WPA_IF_AP_BSS) { 4889 if (linux_set_iface_flags(drv->ioctl_sock, ifname, 1)) { 4890 nl80211_remove_iface(drv, ifidx); 4891 os_free(new_bss); 4892 return -1; 4893 } 4894 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 4895 new_bss->ifindex = ifidx; 4896 new_bss->drv = drv; 4897 new_bss->next = drv->first_bss.next; 4898 drv->first_bss.next = new_bss; 4899 if (drv_priv) 4900 *drv_priv = new_bss; 4901 } 4902 #endif /* HOSTAPD */ 4903 4904 return 0; 4905 } 4906 4907 4908 static int wpa_driver_nl80211_if_remove(void *priv, 4909 enum wpa_driver_if_type type, 4910 const char *ifname) 4911 { 4912 struct i802_bss *bss = priv; 4913 struct wpa_driver_nl80211_data *drv = bss->drv; 4914 int ifindex = if_nametoindex(ifname); 4915 4916 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d", 4917 __func__, type, ifname, ifindex); 4918 if (ifindex <= 0) 4919 return -1; 4920 nl80211_remove_iface(drv, ifindex); 4921 4922 #ifdef HOSTAPD 4923 if (type != WPA_IF_AP_BSS) 4924 return 0; 4925 4926 if (bss != &drv->first_bss) { 4927 struct i802_bss *tbss = &drv->first_bss; 4928 4929 while (tbss) { 4930 if (tbss->next != bss) 4931 continue; 4932 4933 tbss->next = bss->next; 4934 os_free(bss); 4935 break; 4936 } 4937 } 4938 #endif /* HOSTAPD */ 4939 4940 return 0; 4941 } 4942 4943 4944 static int cookie_handler(struct nl_msg *msg, void *arg) 4945 { 4946 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 4947 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 4948 u64 *cookie = arg; 4949 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 4950 genlmsg_attrlen(gnlh, 0), NULL); 4951 if (tb[NL80211_ATTR_COOKIE]) 4952 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 4953 return NL_SKIP; 4954 } 4955 4956 4957 static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq, 4958 const u8 *dst, const u8 *src, 4959 const u8 *bssid, 4960 const u8 *data, size_t data_len) 4961 { 4962 struct i802_bss *bss = priv; 4963 struct wpa_driver_nl80211_data *drv = bss->drv; 4964 int ret = -1; 4965 struct nl_msg *msg; 4966 u8 *buf; 4967 struct ieee80211_hdr *hdr; 4968 u64 cookie; 4969 4970 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d)", 4971 drv->ifindex); 4972 4973 buf = os_zalloc(24 + data_len); 4974 if (buf == NULL) 4975 return ret; 4976 os_memcpy(buf + 24, data, data_len); 4977 hdr = (struct ieee80211_hdr *) buf; 4978 hdr->frame_control = 4979 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 4980 os_memcpy(hdr->addr1, dst, ETH_ALEN); 4981 os_memcpy(hdr->addr2, src, ETH_ALEN); 4982 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 4983 4984 if (drv->nlmode == NL80211_IFTYPE_AP) { 4985 ret = wpa_driver_nl80211_send_mlme(priv, buf, 24 + data_len); 4986 os_free(buf); 4987 return ret; 4988 } 4989 4990 msg = nlmsg_alloc(); 4991 if (!msg) { 4992 os_free(buf); 4993 return -1; 4994 } 4995 4996 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4997 NL80211_CMD_ACTION, 0); 4998 4999 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5000 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 5001 NLA_PUT(msg, NL80211_ATTR_FRAME, 24 + data_len, buf); 5002 os_free(buf); 5003 buf = NULL; 5004 5005 cookie = 0; 5006 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 5007 msg = NULL; 5008 if (ret) { 5009 wpa_printf(MSG_DEBUG, "nl80211: Action command failed: ret=%d " 5010 "(%s)", ret, strerror(-ret)); 5011 goto nla_put_failure; 5012 } 5013 wpa_printf(MSG_DEBUG, "nl80211: Action TX command accepted; " 5014 "cookie 0x%llx", (long long unsigned int) cookie); 5015 drv->send_action_cookie = cookie; 5016 ret = 0; 5017 5018 nla_put_failure: 5019 os_free(buf); 5020 nlmsg_free(msg); 5021 return ret; 5022 } 5023 5024 5025 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 5026 unsigned int duration) 5027 { 5028 struct i802_bss *bss = priv; 5029 struct wpa_driver_nl80211_data *drv = bss->drv; 5030 struct nl_msg *msg; 5031 int ret; 5032 u64 cookie; 5033 5034 msg = nlmsg_alloc(); 5035 if (!msg) 5036 return -1; 5037 5038 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 5039 NL80211_CMD_REMAIN_ON_CHANNEL, 0); 5040 5041 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5042 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 5043 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 5044 5045 cookie = 0; 5046 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 5047 if (ret == 0) { 5048 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 5049 "0x%llx for freq=%u MHz duration=%u", 5050 (long long unsigned int) cookie, freq, duration); 5051 drv->remain_on_chan_cookie = cookie; 5052 return 0; 5053 } 5054 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 5055 "(freq=%d): %d (%s)", freq, ret, strerror(-ret)); 5056 nla_put_failure: 5057 return -1; 5058 } 5059 5060 5061 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 5062 { 5063 struct i802_bss *bss = priv; 5064 struct wpa_driver_nl80211_data *drv = bss->drv; 5065 struct nl_msg *msg; 5066 int ret; 5067 5068 if (!drv->pending_remain_on_chan) { 5069 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 5070 "to cancel"); 5071 return -1; 5072 } 5073 5074 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 5075 "0x%llx", 5076 (long long unsigned int) drv->remain_on_chan_cookie); 5077 5078 msg = nlmsg_alloc(); 5079 if (!msg) 5080 return -1; 5081 5082 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 5083 NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 0); 5084 5085 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5086 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 5087 5088 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5089 if (ret == 0) 5090 return 0; 5091 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 5092 "%d (%s)", ret, strerror(-ret)); 5093 nla_put_failure: 5094 return -1; 5095 } 5096 5097 5098 static void wpa_driver_nl80211_probe_req_report_timeout(void *eloop_ctx, 5099 void *timeout_ctx) 5100 { 5101 struct wpa_driver_nl80211_data *drv = eloop_ctx; 5102 if (drv->monitor_ifidx < 0) 5103 return; /* monitor interface already removed */ 5104 5105 if (drv->nlmode != NL80211_IFTYPE_STATION) 5106 return; /* not in station mode anymore */ 5107 5108 if (drv->probe_req_report) 5109 return; /* reporting enabled */ 5110 5111 wpa_printf(MSG_DEBUG, "nl80211: Remove monitor interface due to no " 5112 "Probe Request reporting needed anymore"); 5113 nl80211_remove_monitor_interface(drv); 5114 } 5115 5116 5117 static int wpa_driver_nl80211_probe_req_report(void *priv, int report) 5118 { 5119 struct i802_bss *bss = priv; 5120 struct wpa_driver_nl80211_data *drv = bss->drv; 5121 5122 if (drv->nlmode != NL80211_IFTYPE_STATION) { 5123 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only " 5124 "allowed in station mode (iftype=%d)", 5125 drv->nlmode); 5126 return -1; 5127 } 5128 drv->probe_req_report = report; 5129 5130 if (report) { 5131 eloop_cancel_timeout( 5132 wpa_driver_nl80211_probe_req_report_timeout, 5133 drv, NULL); 5134 if (drv->monitor_ifidx < 0 && 5135 nl80211_create_monitor_interface(drv)) 5136 return -1; 5137 } else { 5138 /* 5139 * It takes a while to remove the monitor interface, so try to 5140 * avoid doing this if it is needed again shortly. Instead, 5141 * schedule the interface to be removed later if no need for it 5142 * is seen. 5143 */ 5144 wpa_printf(MSG_DEBUG, "nl80211: Scheduling monitor interface " 5145 "to be removed after 10 seconds of no use"); 5146 eloop_register_timeout( 5147 10, 0, wpa_driver_nl80211_probe_req_report_timeout, 5148 drv, NULL); 5149 } 5150 5151 return 0; 5152 } 5153 5154 5155 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 5156 int ifindex, int disabled) 5157 { 5158 struct nl_msg *msg; 5159 struct nlattr *bands, *band; 5160 int ret; 5161 5162 msg = nlmsg_alloc(); 5163 if (!msg) 5164 return -1; 5165 5166 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 5167 NL80211_CMD_SET_TX_BITRATE_MASK, 0); 5168 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5169 5170 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 5171 if (!bands) 5172 goto nla_put_failure; 5173 5174 /* 5175 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 5176 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 5177 * rates. All 5 GHz rates are left enabled. 5178 */ 5179 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 5180 if (!band) 5181 goto nla_put_failure; 5182 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 5183 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 5184 nla_nest_end(msg, band); 5185 5186 nla_nest_end(msg, bands); 5187 5188 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5189 msg = NULL; 5190 if (ret) { 5191 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 5192 "(%s)", ret, strerror(-ret)); 5193 } 5194 5195 return ret; 5196 5197 nla_put_failure: 5198 nlmsg_free(msg); 5199 return -1; 5200 } 5201 5202 5203 static int wpa_driver_nl80211_disable_11b_rates(void *priv, int disabled) 5204 { 5205 struct i802_bss *bss = priv; 5206 struct wpa_driver_nl80211_data *drv = bss->drv; 5207 drv->disable_11b_rates = disabled; 5208 return nl80211_disable_11b_rates(drv, drv->ifindex, disabled); 5209 } 5210 5211 5212 static int wpa_driver_nl80211_deinit_ap(void *priv) 5213 { 5214 struct i802_bss *bss = priv; 5215 struct wpa_driver_nl80211_data *drv = bss->drv; 5216 if (drv->nlmode != NL80211_IFTYPE_AP) 5217 return -1; 5218 wpa_driver_nl80211_del_beacon(drv); 5219 return wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA); 5220 } 5221 5222 5223 static void wpa_driver_nl80211_resume(void *priv) 5224 { 5225 struct i802_bss *bss = priv; 5226 struct wpa_driver_nl80211_data *drv = bss->drv; 5227 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) { 5228 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on " 5229 "resume event"); 5230 } 5231 } 5232 5233 5234 static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 5235 const u8 *ies, size_t ies_len) 5236 { 5237 struct i802_bss *bss = priv; 5238 struct wpa_driver_nl80211_data *drv = bss->drv; 5239 int ret; 5240 u8 *data, *pos; 5241 size_t data_len; 5242 u8 own_addr[ETH_ALEN]; 5243 5244 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) < 0) 5245 return -1; 5246 5247 if (action != 1) { 5248 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 5249 "action %d", action); 5250 return -1; 5251 } 5252 5253 /* 5254 * Action frame payload: 5255 * Category[1] = 6 (Fast BSS Transition) 5256 * Action[1] = 1 (Fast BSS Transition Request) 5257 * STA Address 5258 * Target AP Address 5259 * FT IEs 5260 */ 5261 5262 data_len = 2 + 2 * ETH_ALEN + ies_len; 5263 data = os_malloc(data_len); 5264 if (data == NULL) 5265 return -1; 5266 pos = data; 5267 *pos++ = 0x06; /* FT Action category */ 5268 *pos++ = action; 5269 os_memcpy(pos, own_addr, ETH_ALEN); 5270 pos += ETH_ALEN; 5271 os_memcpy(pos, target_ap, ETH_ALEN); 5272 pos += ETH_ALEN; 5273 os_memcpy(pos, ies, ies_len); 5274 5275 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, drv->bssid, 5276 own_addr, drv->bssid, 5277 data, data_len); 5278 os_free(data); 5279 5280 return ret; 5281 } 5282 5283 5284 static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 5285 { 5286 struct i802_bss *bss = priv; 5287 struct wpa_driver_nl80211_data *drv = bss->drv; 5288 struct nl_msg *msg, *cqm = NULL; 5289 5290 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 5291 "hysteresis=%d", threshold, hysteresis); 5292 5293 msg = nlmsg_alloc(); 5294 if (!msg) 5295 return -1; 5296 5297 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5298 0, NL80211_CMD_SET_CQM, 0); 5299 5300 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 5301 5302 cqm = nlmsg_alloc(); 5303 if (cqm == NULL) 5304 return -1; 5305 5306 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 5307 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 5308 nla_put_nested(msg, NL80211_ATTR_CQM, cqm); 5309 5310 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 5311 return 0; 5312 msg = NULL; 5313 5314 nla_put_failure: 5315 if (cqm) 5316 nlmsg_free(cqm); 5317 nlmsg_free(msg); 5318 return -1; 5319 } 5320 5321 5322 static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 5323 int encrypt) 5324 { 5325 struct i802_bss *bss = priv; 5326 struct wpa_driver_nl80211_data *drv = bss->drv; 5327 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt); 5328 } 5329 5330 5331 const struct wpa_driver_ops wpa_driver_nl80211_ops = { 5332 .name = "nl80211", 5333 .desc = "Linux nl80211/cfg80211", 5334 .get_bssid = wpa_driver_nl80211_get_bssid, 5335 .get_ssid = wpa_driver_nl80211_get_ssid, 5336 .set_key = wpa_driver_nl80211_set_key, 5337 .scan2 = wpa_driver_nl80211_scan, 5338 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 5339 .deauthenticate = wpa_driver_nl80211_deauthenticate, 5340 .disassociate = wpa_driver_nl80211_disassociate, 5341 .authenticate = wpa_driver_nl80211_authenticate, 5342 .associate = wpa_driver_nl80211_associate, 5343 .init = wpa_driver_nl80211_init, 5344 .deinit = wpa_driver_nl80211_deinit, 5345 .get_capa = wpa_driver_nl80211_get_capa, 5346 .set_operstate = wpa_driver_nl80211_set_operstate, 5347 .set_supp_port = wpa_driver_nl80211_set_supp_port, 5348 .set_country = wpa_driver_nl80211_set_country, 5349 .set_beacon = wpa_driver_nl80211_set_beacon, 5350 .if_add = wpa_driver_nl80211_if_add, 5351 .if_remove = wpa_driver_nl80211_if_remove, 5352 .send_mlme = wpa_driver_nl80211_send_mlme, 5353 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 5354 .sta_add = wpa_driver_nl80211_sta_add, 5355 .sta_remove = wpa_driver_nl80211_sta_remove, 5356 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 5357 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 5358 #ifdef HOSTAPD 5359 .hapd_init = i802_init, 5360 .hapd_deinit = i802_deinit, 5361 .get_seqnum = i802_get_seqnum, 5362 .flush = i802_flush, 5363 .read_sta_data = i802_read_sta_data, 5364 .sta_deauth = i802_sta_deauth, 5365 .sta_disassoc = i802_sta_disassoc, 5366 .get_inact_sec = i802_get_inact_sec, 5367 .sta_clear_stats = i802_sta_clear_stats, 5368 .set_rts = i802_set_rts, 5369 .set_frag = i802_set_frag, 5370 .set_rate_sets = i802_set_rate_sets, 5371 .set_cts_protect = i802_set_cts_protect, 5372 .set_preamble = i802_set_preamble, 5373 .set_short_slot_time = i802_set_short_slot_time, 5374 .set_tx_queue_params = i802_set_tx_queue_params, 5375 .set_sta_vlan = i802_set_sta_vlan, 5376 .set_wds_sta = i802_set_wds_sta, 5377 #endif /* HOSTAPD */ 5378 .set_freq = i802_set_freq, 5379 .send_action = wpa_driver_nl80211_send_action, 5380 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 5381 .cancel_remain_on_channel = 5382 wpa_driver_nl80211_cancel_remain_on_channel, 5383 .probe_req_report = wpa_driver_nl80211_probe_req_report, 5384 .disable_11b_rates = wpa_driver_nl80211_disable_11b_rates, 5385 .deinit_ap = wpa_driver_nl80211_deinit_ap, 5386 .resume = wpa_driver_nl80211_resume, 5387 .send_ft_action = nl80211_send_ft_action, 5388 .signal_monitor = nl80211_signal_monitor, 5389 .send_frame = nl80211_send_frame, 5390 }; 5391