1 /* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 * 13 * Alternatively, this software may be distributed under the terms of BSD 14 * license. 15 * 16 * See README and COPYING for more details. 17 */ 18 19 #include "includes.h" 20 #include <sys/ioctl.h> 21 #include <net/if.h> 22 #include <netlink/genl/genl.h> 23 #include <netlink/genl/family.h> 24 #include <netlink/genl/ctrl.h> 25 #include <netpacket/packet.h> 26 #include <linux/filter.h> 27 #include "nl80211_copy.h" 28 29 #include "common.h" 30 #include "eloop.h" 31 #include "common/ieee802_11_defs.h" 32 #include "netlink.h" 33 #include "linux_ioctl.h" 34 #include "radiotap.h" 35 #include "radiotap_iter.h" 36 #include "driver.h" 37 38 #ifdef CONFIG_LIBNL20 39 /* libnl 2.0 compatibility code */ 40 #define nl_handle nl_sock 41 #define nl_handle_alloc_cb nl_socket_alloc_cb 42 #define nl_handle_destroy nl_socket_free 43 #endif /* CONFIG_LIBNL20 */ 44 45 46 #ifndef IFF_LOWER_UP 47 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 48 #endif 49 #ifndef IFF_DORMANT 50 #define IFF_DORMANT 0x20000 /* driver signals dormant */ 51 #endif 52 53 #ifndef IF_OPER_DORMANT 54 #define IF_OPER_DORMANT 5 55 #endif 56 #ifndef IF_OPER_UP 57 #define IF_OPER_UP 6 58 #endif 59 60 struct i802_bss { 61 struct wpa_driver_nl80211_data *drv; 62 struct i802_bss *next; 63 int ifindex; 64 char ifname[IFNAMSIZ + 1]; 65 unsigned int beacon_set:1; 66 }; 67 68 struct wpa_driver_nl80211_data { 69 void *ctx; 70 struct netlink_data *netlink; 71 int ioctl_sock; /* socket for ioctl() use */ 72 char brname[IFNAMSIZ]; 73 int ifindex; 74 int if_removed; 75 struct wpa_driver_capa capa; 76 int has_capability; 77 78 int operstate; 79 80 int scan_complete_events; 81 82 struct nl_handle *nl_handle; 83 struct nl_handle *nl_handle_event; 84 struct nl_cache *nl_cache; 85 struct nl_cache *nl_cache_event; 86 struct nl_cb *nl_cb; 87 struct genl_family *nl80211; 88 89 u8 auth_bssid[ETH_ALEN]; 90 u8 bssid[ETH_ALEN]; 91 int associated; 92 u8 ssid[32]; 93 size_t ssid_len; 94 int nlmode; 95 int ap_scan_as_station; 96 unsigned int assoc_freq; 97 98 int monitor_sock; 99 int monitor_ifidx; 100 int probe_req_report; 101 int disable_11b_rates; 102 103 unsigned int pending_remain_on_chan:1; 104 unsigned int pending_send_action:1; 105 unsigned int added_bridge:1; 106 unsigned int added_if_into_bridge:1; 107 108 u64 remain_on_chan_cookie; 109 u64 send_action_cookie; 110 111 struct wpa_driver_scan_filter *filter_ssids; 112 size_t num_filter_ssids; 113 114 struct i802_bss first_bss; 115 116 #ifdef HOSTAPD 117 int eapol_sock; /* socket for EAPOL frames */ 118 119 int default_if_indices[16]; 120 int *if_indices; 121 int num_if_indices; 122 123 int last_freq; 124 int last_freq_ht; 125 #endif /* HOSTAPD */ 126 }; 127 128 129 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 130 void *timeout_ctx); 131 static int wpa_driver_nl80211_set_mode(void *priv, int mode); 132 static int 133 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv); 134 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 135 const u8 *addr, int cmd, u16 reason_code, 136 int local_state_change); 137 static void nl80211_remove_monitor_interface( 138 struct wpa_driver_nl80211_data *drv); 139 140 #ifdef HOSTAPD 141 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 142 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 143 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 144 static int wpa_driver_nl80211_if_remove(void *priv, 145 enum wpa_driver_if_type type, 146 const char *ifname); 147 #else /* HOSTAPD */ 148 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 149 { 150 return 0; 151 } 152 #endif /* HOSTAPD */ 153 154 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq); 155 static void wpa_driver_nl80211_probe_req_report_timeout(void *eloop_ctx, 156 void *timeout_ctx); 157 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 158 int ifindex, int disabled); 159 160 161 /* nl80211 code */ 162 static int ack_handler(struct nl_msg *msg, void *arg) 163 { 164 int *err = arg; 165 *err = 0; 166 return NL_STOP; 167 } 168 169 static int finish_handler(struct nl_msg *msg, void *arg) 170 { 171 int *ret = arg; 172 *ret = 0; 173 return NL_SKIP; 174 } 175 176 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 177 void *arg) 178 { 179 int *ret = arg; 180 *ret = err->error; 181 return NL_SKIP; 182 } 183 184 185 static int no_seq_check(struct nl_msg *msg, void *arg) 186 { 187 return NL_OK; 188 } 189 190 191 static int send_and_recv(struct wpa_driver_nl80211_data *drv, 192 struct nl_handle *nl_handle, struct nl_msg *msg, 193 int (*valid_handler)(struct nl_msg *, void *), 194 void *valid_data) 195 { 196 struct nl_cb *cb; 197 int err = -ENOMEM; 198 199 cb = nl_cb_clone(drv->nl_cb); 200 if (!cb) 201 goto out; 202 203 err = nl_send_auto_complete(nl_handle, msg); 204 if (err < 0) 205 goto out; 206 207 err = 1; 208 209 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 210 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 211 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 212 213 if (valid_handler) 214 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 215 valid_handler, valid_data); 216 217 while (err > 0) 218 nl_recvmsgs(nl_handle, cb); 219 out: 220 nl_cb_put(cb); 221 nlmsg_free(msg); 222 return err; 223 } 224 225 226 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 227 struct nl_msg *msg, 228 int (*valid_handler)(struct nl_msg *, void *), 229 void *valid_data) 230 { 231 return send_and_recv(drv, drv->nl_handle, msg, valid_handler, 232 valid_data); 233 } 234 235 236 struct family_data { 237 const char *group; 238 int id; 239 }; 240 241 242 static int family_handler(struct nl_msg *msg, void *arg) 243 { 244 struct family_data *res = arg; 245 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 246 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 247 struct nlattr *mcgrp; 248 int i; 249 250 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 251 genlmsg_attrlen(gnlh, 0), NULL); 252 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 253 return NL_SKIP; 254 255 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 256 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 257 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 258 nla_len(mcgrp), NULL); 259 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 260 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 261 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 262 res->group, 263 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 264 continue; 265 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 266 break; 267 }; 268 269 return NL_SKIP; 270 } 271 272 273 static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv, 274 const char *family, const char *group) 275 { 276 struct nl_msg *msg; 277 int ret = -1; 278 struct family_data res = { group, -ENOENT }; 279 280 msg = nlmsg_alloc(); 281 if (!msg) 282 return -ENOMEM; 283 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"), 284 0, 0, CTRL_CMD_GETFAMILY, 0); 285 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 286 287 ret = send_and_recv_msgs(drv, msg, family_handler, &res); 288 msg = NULL; 289 if (ret == 0) 290 ret = res.id; 291 292 nla_put_failure: 293 nlmsg_free(msg); 294 return ret; 295 } 296 297 298 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 299 { 300 struct i802_bss *bss = priv; 301 struct wpa_driver_nl80211_data *drv = bss->drv; 302 if (!drv->associated) 303 return -1; 304 os_memcpy(bssid, drv->bssid, ETH_ALEN); 305 return 0; 306 } 307 308 309 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 310 { 311 struct i802_bss *bss = priv; 312 struct wpa_driver_nl80211_data *drv = bss->drv; 313 if (!drv->associated) 314 return -1; 315 os_memcpy(ssid, drv->ssid, drv->ssid_len); 316 return drv->ssid_len; 317 } 318 319 320 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv, 321 char *buf, size_t len, int del) 322 { 323 union wpa_event_data event; 324 325 os_memset(&event, 0, sizeof(event)); 326 if (len > sizeof(event.interface_status.ifname)) 327 len = sizeof(event.interface_status.ifname) - 1; 328 os_memcpy(event.interface_status.ifname, buf, len); 329 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 330 EVENT_INTERFACE_ADDED; 331 332 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 333 del ? "DEL" : "NEW", 334 event.interface_status.ifname, 335 del ? "removed" : "added"); 336 337 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) { 338 if (del) 339 drv->if_removed = 1; 340 else 341 drv->if_removed = 0; 342 } 343 344 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 345 } 346 347 348 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 349 u8 *buf, size_t len) 350 { 351 int attrlen, rta_len; 352 struct rtattr *attr; 353 354 attrlen = len; 355 attr = (struct rtattr *) buf; 356 357 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 358 while (RTA_OK(attr, attrlen)) { 359 if (attr->rta_type == IFLA_IFNAME) { 360 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname) 361 == 0) 362 return 1; 363 else 364 break; 365 } 366 attr = RTA_NEXT(attr, attrlen); 367 } 368 369 return 0; 370 } 371 372 373 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 374 int ifindex, u8 *buf, size_t len) 375 { 376 if (drv->ifindex == ifindex) 377 return 1; 378 379 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 380 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname); 381 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 382 "interface"); 383 wpa_driver_nl80211_finish_drv_init(drv); 384 return 1; 385 } 386 387 return 0; 388 } 389 390 391 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 392 struct ifinfomsg *ifi, 393 u8 *buf, size_t len) 394 { 395 struct wpa_driver_nl80211_data *drv = ctx; 396 int attrlen, rta_len; 397 struct rtattr *attr; 398 u32 brid = 0; 399 400 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, buf, len) && 401 !have_ifidx(drv, ifi->ifi_index)) { 402 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign " 403 "ifindex %d", ifi->ifi_index); 404 return; 405 } 406 407 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 408 "(%s%s%s%s)", 409 drv->operstate, ifi->ifi_flags, 410 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 411 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 412 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 413 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 414 /* 415 * Some drivers send the association event before the operup event--in 416 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 417 * fails. This will hit us when wpa_supplicant does not need to do 418 * IEEE 802.1X authentication 419 */ 420 if (drv->operstate == 1 && 421 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 422 !(ifi->ifi_flags & IFF_RUNNING)) 423 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 424 -1, IF_OPER_UP); 425 426 attrlen = len; 427 attr = (struct rtattr *) buf; 428 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 429 while (RTA_OK(attr, attrlen)) { 430 if (attr->rta_type == IFLA_IFNAME) { 431 wpa_driver_nl80211_event_link( 432 drv, 433 ((char *) attr) + rta_len, 434 attr->rta_len - rta_len, 0); 435 } else if (attr->rta_type == IFLA_MASTER) 436 brid = nla_get_u32((struct nlattr *) attr); 437 attr = RTA_NEXT(attr, attrlen); 438 } 439 440 #ifdef HOSTAPD 441 if (ifi->ifi_family == AF_BRIDGE && brid) { 442 /* device has been added to bridge */ 443 char namebuf[IFNAMSIZ]; 444 if_indextoname(brid, namebuf); 445 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 446 brid, namebuf); 447 add_ifidx(drv, brid); 448 } 449 #endif /* HOSTAPD */ 450 } 451 452 453 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 454 struct ifinfomsg *ifi, 455 u8 *buf, size_t len) 456 { 457 struct wpa_driver_nl80211_data *drv = ctx; 458 int attrlen, rta_len; 459 struct rtattr *attr; 460 u32 brid = 0; 461 462 attrlen = len; 463 attr = (struct rtattr *) buf; 464 465 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 466 while (RTA_OK(attr, attrlen)) { 467 if (attr->rta_type == IFLA_IFNAME) { 468 wpa_driver_nl80211_event_link( 469 drv, 470 ((char *) attr) + rta_len, 471 attr->rta_len - rta_len, 1); 472 } else if (attr->rta_type == IFLA_MASTER) 473 brid = nla_get_u32((struct nlattr *) attr); 474 attr = RTA_NEXT(attr, attrlen); 475 } 476 477 #ifdef HOSTAPD 478 if (ifi->ifi_family == AF_BRIDGE && brid) { 479 /* device has been removed from bridge */ 480 char namebuf[IFNAMSIZ]; 481 if_indextoname(brid, namebuf); 482 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 483 "%s", brid, namebuf); 484 del_ifidx(drv, brid); 485 } 486 #endif /* HOSTAPD */ 487 } 488 489 490 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 491 const u8 *frame, size_t len) 492 { 493 const struct ieee80211_mgmt *mgmt; 494 union wpa_event_data event; 495 496 mgmt = (const struct ieee80211_mgmt *) frame; 497 if (len < 24 + sizeof(mgmt->u.auth)) { 498 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 499 "frame"); 500 return; 501 } 502 503 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 504 os_memset(&event, 0, sizeof(event)); 505 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 506 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 507 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 508 if (len > 24 + sizeof(mgmt->u.auth)) { 509 event.auth.ies = mgmt->u.auth.variable; 510 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 511 } 512 513 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 514 } 515 516 517 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 518 const u8 *frame, size_t len) 519 { 520 const struct ieee80211_mgmt *mgmt; 521 union wpa_event_data event; 522 u16 status; 523 524 mgmt = (const struct ieee80211_mgmt *) frame; 525 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 526 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 527 "frame"); 528 return; 529 } 530 531 status = le_to_host16(mgmt->u.assoc_resp.status_code); 532 if (status != WLAN_STATUS_SUCCESS) { 533 os_memset(&event, 0, sizeof(event)); 534 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 535 event.assoc_reject.resp_ies = 536 (u8 *) mgmt->u.assoc_resp.variable; 537 event.assoc_reject.resp_ies_len = 538 len - 24 - sizeof(mgmt->u.assoc_resp); 539 } 540 event.assoc_reject.status_code = status; 541 542 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 543 return; 544 } 545 546 drv->associated = 1; 547 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 548 549 os_memset(&event, 0, sizeof(event)); 550 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 551 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 552 event.assoc_info.resp_ies_len = 553 len - 24 - sizeof(mgmt->u.assoc_resp); 554 } 555 556 event.assoc_info.freq = drv->assoc_freq; 557 558 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 559 } 560 561 562 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 563 enum nl80211_commands cmd, struct nlattr *status, 564 struct nlattr *addr, struct nlattr *req_ie, 565 struct nlattr *resp_ie) 566 { 567 union wpa_event_data event; 568 569 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 570 /* 571 * Avoid reporting two association events that would confuse 572 * the core code. 573 */ 574 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 575 "when using userspace SME", cmd); 576 return; 577 } 578 579 os_memset(&event, 0, sizeof(event)); 580 if (cmd == NL80211_CMD_CONNECT && 581 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 582 if (resp_ie) { 583 event.assoc_reject.resp_ies = nla_data(resp_ie); 584 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 585 } 586 event.assoc_reject.status_code = nla_get_u16(status); 587 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 588 return; 589 } 590 591 drv->associated = 1; 592 if (addr) 593 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 594 595 if (req_ie) { 596 event.assoc_info.req_ies = nla_data(req_ie); 597 event.assoc_info.req_ies_len = nla_len(req_ie); 598 } 599 if (resp_ie) { 600 event.assoc_info.resp_ies = nla_data(resp_ie); 601 event.assoc_info.resp_ies_len = nla_len(resp_ie); 602 } 603 604 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 605 } 606 607 608 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 609 enum nl80211_commands cmd, struct nlattr *addr) 610 { 611 union wpa_event_data event; 612 enum wpa_event_type ev; 613 614 if (nla_len(addr) != ETH_ALEN) 615 return; 616 617 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 618 cmd, MAC2STR((u8 *) nla_data(addr))); 619 620 if (cmd == NL80211_CMD_AUTHENTICATE) 621 ev = EVENT_AUTH_TIMED_OUT; 622 else if (cmd == NL80211_CMD_ASSOCIATE) 623 ev = EVENT_ASSOC_TIMED_OUT; 624 else 625 return; 626 627 os_memset(&event, 0, sizeof(event)); 628 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 629 wpa_supplicant_event(drv->ctx, ev, &event); 630 } 631 632 633 static void mlme_event_action(struct wpa_driver_nl80211_data *drv, 634 struct nlattr *freq, const u8 *frame, size_t len) 635 { 636 const struct ieee80211_mgmt *mgmt; 637 union wpa_event_data event; 638 u16 fc, stype; 639 640 mgmt = (const struct ieee80211_mgmt *) frame; 641 if (len < 24) { 642 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame"); 643 return; 644 } 645 646 fc = le_to_host16(mgmt->frame_control); 647 stype = WLAN_FC_GET_STYPE(fc); 648 649 os_memset(&event, 0, sizeof(event)); 650 event.rx_action.da = mgmt->da; 651 event.rx_action.sa = mgmt->sa; 652 event.rx_action.bssid = mgmt->bssid; 653 event.rx_action.category = mgmt->u.action.category; 654 event.rx_action.data = &mgmt->u.action.category + 1; 655 event.rx_action.len = frame + len - event.rx_action.data; 656 if (freq) 657 event.rx_action.freq = nla_get_u32(freq); 658 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event); 659 } 660 661 662 static void mlme_event_action_tx_status(struct wpa_driver_nl80211_data *drv, 663 struct nlattr *cookie, const u8 *frame, 664 size_t len, struct nlattr *ack) 665 { 666 union wpa_event_data event; 667 const struct ieee80211_hdr *hdr; 668 u16 fc; 669 u64 cookie_val; 670 671 if (!cookie) 672 return; 673 674 cookie_val = nla_get_u64(cookie); 675 wpa_printf(MSG_DEBUG, "nl80211: Action TX status: cookie=0%llx%s", 676 (long long unsigned int) cookie_val, 677 cookie_val == drv->send_action_cookie ? 678 " (match)" : " (unknown)"); 679 if (cookie_val != drv->send_action_cookie) 680 return; 681 682 hdr = (const struct ieee80211_hdr *) frame; 683 fc = le_to_host16(hdr->frame_control); 684 685 os_memset(&event, 0, sizeof(event)); 686 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 687 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 688 event.tx_status.dst = hdr->addr1; 689 event.tx_status.data = frame; 690 event.tx_status.data_len = len; 691 event.tx_status.ack = ack != NULL; 692 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 693 } 694 695 696 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 697 enum wpa_event_type type, 698 const u8 *frame, size_t len) 699 { 700 const struct ieee80211_mgmt *mgmt; 701 union wpa_event_data event; 702 const u8 *bssid = NULL; 703 u16 reason_code = 0; 704 705 drv->associated = 0; 706 os_memset(&event, 0, sizeof(event)); 707 708 mgmt = (const struct ieee80211_mgmt *) frame; 709 if (len >= 24) 710 bssid = mgmt->bssid; 711 /* Note: Same offset for Reason Code in both frame subtypes */ 712 if (len >= 24 + sizeof(mgmt->u.deauth)) 713 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 714 715 if (type == EVENT_DISASSOC) { 716 event.disassoc_info.addr = bssid; 717 event.disassoc_info.reason_code = reason_code; 718 } else { 719 event.deauth_info.addr = bssid; 720 event.deauth_info.reason_code = reason_code; 721 } 722 723 wpa_supplicant_event(drv->ctx, type, &event); 724 } 725 726 727 static void mlme_event(struct wpa_driver_nl80211_data *drv, 728 enum nl80211_commands cmd, struct nlattr *frame, 729 struct nlattr *addr, struct nlattr *timed_out, 730 struct nlattr *freq, struct nlattr *ack, 731 struct nlattr *cookie) 732 { 733 if (timed_out && addr) { 734 mlme_timeout_event(drv, cmd, addr); 735 return; 736 } 737 738 if (frame == NULL) { 739 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame " 740 "data", cmd); 741 return; 742 } 743 744 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd); 745 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 746 nla_data(frame), nla_len(frame)); 747 748 switch (cmd) { 749 case NL80211_CMD_AUTHENTICATE: 750 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 751 break; 752 case NL80211_CMD_ASSOCIATE: 753 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 754 break; 755 case NL80211_CMD_DEAUTHENTICATE: 756 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 757 nla_data(frame), nla_len(frame)); 758 break; 759 case NL80211_CMD_DISASSOCIATE: 760 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 761 nla_data(frame), nla_len(frame)); 762 break; 763 case NL80211_CMD_ACTION: 764 mlme_event_action(drv, freq, nla_data(frame), nla_len(frame)); 765 break; 766 case NL80211_CMD_ACTION_TX_STATUS: 767 mlme_event_action_tx_status(drv, cookie, nla_data(frame), 768 nla_len(frame), ack); 769 break; 770 default: 771 break; 772 } 773 } 774 775 776 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv, 777 struct nlattr *tb[]) 778 { 779 union wpa_event_data data; 780 781 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 782 os_memset(&data, 0, sizeof(data)); 783 if (tb[NL80211_ATTR_MAC]) { 784 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 785 nla_data(tb[NL80211_ATTR_MAC]), 786 nla_len(tb[NL80211_ATTR_MAC])); 787 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 788 } 789 if (tb[NL80211_ATTR_KEY_SEQ]) { 790 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 791 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 792 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 793 } 794 if (tb[NL80211_ATTR_KEY_TYPE]) { 795 enum nl80211_key_type key_type = 796 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 797 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 798 if (key_type == NL80211_KEYTYPE_PAIRWISE) 799 data.michael_mic_failure.unicast = 1; 800 } else 801 data.michael_mic_failure.unicast = 1; 802 803 if (tb[NL80211_ATTR_KEY_IDX]) { 804 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 805 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 806 } 807 808 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 809 } 810 811 812 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 813 struct nlattr *tb[]) 814 { 815 if (tb[NL80211_ATTR_MAC] == NULL) { 816 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 817 "event"); 818 return; 819 } 820 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 821 drv->associated = 1; 822 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 823 MAC2STR(drv->bssid)); 824 825 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 826 } 827 828 829 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 830 int cancel_event, struct nlattr *tb[]) 831 { 832 unsigned int freq, chan_type, duration; 833 union wpa_event_data data; 834 u64 cookie; 835 836 if (tb[NL80211_ATTR_WIPHY_FREQ]) 837 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 838 else 839 freq = 0; 840 841 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 842 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 843 else 844 chan_type = 0; 845 846 if (tb[NL80211_ATTR_DURATION]) 847 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 848 else 849 duration = 0; 850 851 if (tb[NL80211_ATTR_COOKIE]) 852 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 853 else 854 cookie = 0; 855 856 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 857 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 858 cancel_event, freq, chan_type, duration, 859 (long long unsigned int) cookie, 860 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 861 862 if (cookie != drv->remain_on_chan_cookie) 863 return; /* not for us */ 864 865 drv->pending_remain_on_chan = !cancel_event; 866 867 os_memset(&data, 0, sizeof(data)); 868 data.remain_on_channel.freq = freq; 869 data.remain_on_channel.duration = duration; 870 wpa_supplicant_event(drv->ctx, cancel_event ? 871 EVENT_CANCEL_REMAIN_ON_CHANNEL : 872 EVENT_REMAIN_ON_CHANNEL, &data); 873 } 874 875 876 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 877 struct nlattr *tb[]) 878 { 879 union wpa_event_data event; 880 struct nlattr *nl; 881 int rem; 882 struct scan_info *info; 883 #define MAX_REPORT_FREQS 50 884 int freqs[MAX_REPORT_FREQS]; 885 int num_freqs = 0; 886 887 os_memset(&event, 0, sizeof(event)); 888 info = &event.scan_info; 889 info->aborted = aborted; 890 891 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 892 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 893 struct wpa_driver_scan_ssid *s = 894 &info->ssids[info->num_ssids]; 895 s->ssid = nla_data(nl); 896 s->ssid_len = nla_len(nl); 897 info->num_ssids++; 898 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 899 break; 900 } 901 } 902 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 903 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 904 { 905 freqs[num_freqs] = nla_get_u32(nl); 906 num_freqs++; 907 if (num_freqs == MAX_REPORT_FREQS - 1) 908 break; 909 } 910 info->freqs = freqs; 911 info->num_freqs = num_freqs; 912 } 913 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 914 } 915 916 917 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 918 struct nlattr *tb[]) 919 { 920 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 921 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 922 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 923 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 924 }; 925 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 926 enum nl80211_cqm_rssi_threshold_event event; 927 union wpa_event_data ed; 928 929 if (tb[NL80211_ATTR_CQM] == NULL || 930 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 931 cqm_policy)) { 932 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 933 return; 934 } 935 936 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 937 return; 938 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 939 940 os_memset(&ed, 0, sizeof(ed)); 941 942 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 943 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 944 "event: RSSI high"); 945 ed.signal_change.above_threshold = 1; 946 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 947 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 948 "event: RSSI low"); 949 ed.signal_change.above_threshold = 0; 950 } else 951 return; 952 953 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 954 } 955 956 957 static int process_event(struct nl_msg *msg, void *arg) 958 { 959 struct wpa_driver_nl80211_data *drv = arg; 960 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 961 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 962 union wpa_event_data data; 963 964 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 965 genlmsg_attrlen(gnlh, 0), NULL); 966 967 if (tb[NL80211_ATTR_IFINDEX]) { 968 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 969 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) { 970 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)" 971 " for foreign interface (ifindex %d)", 972 gnlh->cmd, ifindex); 973 return NL_SKIP; 974 } 975 } 976 977 if (drv->ap_scan_as_station && 978 (gnlh->cmd == NL80211_CMD_NEW_SCAN_RESULTS || 979 gnlh->cmd == NL80211_CMD_SCAN_ABORTED)) { 980 wpa_driver_nl80211_set_mode(&drv->first_bss, 981 IEEE80211_MODE_AP); 982 drv->ap_scan_as_station = 0; 983 } 984 985 switch (gnlh->cmd) { 986 case NL80211_CMD_TRIGGER_SCAN: 987 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger"); 988 break; 989 case NL80211_CMD_NEW_SCAN_RESULTS: 990 wpa_printf(MSG_DEBUG, "nl80211: New scan results available"); 991 drv->scan_complete_events = 1; 992 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 993 drv->ctx); 994 send_scan_event(drv, 0, tb); 995 break; 996 case NL80211_CMD_SCAN_ABORTED: 997 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted"); 998 /* 999 * Need to indicate that scan results are available in order 1000 * not to make wpa_supplicant stop its scanning. 1001 */ 1002 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1003 drv->ctx); 1004 send_scan_event(drv, 1, tb); 1005 break; 1006 case NL80211_CMD_AUTHENTICATE: 1007 case NL80211_CMD_ASSOCIATE: 1008 case NL80211_CMD_DEAUTHENTICATE: 1009 case NL80211_CMD_DISASSOCIATE: 1010 case NL80211_CMD_ACTION: 1011 case NL80211_CMD_ACTION_TX_STATUS: 1012 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME], 1013 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 1014 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 1015 tb[NL80211_ATTR_COOKIE]); 1016 break; 1017 case NL80211_CMD_CONNECT: 1018 case NL80211_CMD_ROAM: 1019 mlme_event_connect(drv, gnlh->cmd, 1020 tb[NL80211_ATTR_STATUS_CODE], 1021 tb[NL80211_ATTR_MAC], 1022 tb[NL80211_ATTR_REQ_IE], 1023 tb[NL80211_ATTR_RESP_IE]); 1024 break; 1025 case NL80211_CMD_DISCONNECT: 1026 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1027 /* 1028 * Avoid reporting two disassociation events that could 1029 * confuse the core code. 1030 */ 1031 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1032 "event when using userspace SME"); 1033 break; 1034 } 1035 drv->associated = 0; 1036 os_memset(&data, 0, sizeof(data)); 1037 if (tb[NL80211_ATTR_REASON_CODE]) 1038 data.disassoc_info.reason_code = 1039 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 1040 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data); 1041 break; 1042 case NL80211_CMD_MICHAEL_MIC_FAILURE: 1043 mlme_event_michael_mic_failure(drv, tb); 1044 break; 1045 case NL80211_CMD_JOIN_IBSS: 1046 mlme_event_join_ibss(drv, tb); 1047 break; 1048 case NL80211_CMD_REMAIN_ON_CHANNEL: 1049 mlme_event_remain_on_channel(drv, 0, tb); 1050 break; 1051 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 1052 mlme_event_remain_on_channel(drv, 1, tb); 1053 break; 1054 case NL80211_CMD_NOTIFY_CQM: 1055 nl80211_cqm_event(drv, tb); 1056 break; 1057 default: 1058 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 1059 "(cmd=%d)", gnlh->cmd); 1060 break; 1061 } 1062 1063 return NL_SKIP; 1064 } 1065 1066 1067 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 1068 void *sock_ctx) 1069 { 1070 struct nl_cb *cb; 1071 struct wpa_driver_nl80211_data *drv = eloop_ctx; 1072 1073 wpa_printf(MSG_DEBUG, "nl80211: Event message available"); 1074 1075 cb = nl_cb_clone(drv->nl_cb); 1076 if (!cb) 1077 return; 1078 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 1079 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv); 1080 nl_recvmsgs(drv->nl_handle_event, cb); 1081 nl_cb_put(cb); 1082 } 1083 1084 1085 /** 1086 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 1087 * @priv: driver_nl80211 private data 1088 * @alpha2_arg: country to which to switch to 1089 * Returns: 0 on success, -1 on failure 1090 * 1091 * This asks nl80211 to set the regulatory domain for given 1092 * country ISO / IEC alpha2. 1093 */ 1094 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 1095 { 1096 struct i802_bss *bss = priv; 1097 struct wpa_driver_nl80211_data *drv = bss->drv; 1098 char alpha2[3]; 1099 struct nl_msg *msg; 1100 1101 msg = nlmsg_alloc(); 1102 if (!msg) 1103 return -ENOMEM; 1104 1105 alpha2[0] = alpha2_arg[0]; 1106 alpha2[1] = alpha2_arg[1]; 1107 alpha2[2] = '\0'; 1108 1109 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1110 0, NL80211_CMD_REQ_SET_REG, 0); 1111 1112 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 1113 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 1114 return -EINVAL; 1115 return 0; 1116 nla_put_failure: 1117 return -EINVAL; 1118 } 1119 1120 1121 #ifndef HOSTAPD 1122 struct wiphy_info_data { 1123 int max_scan_ssids; 1124 int ap_supported; 1125 int auth_supported; 1126 int connect_supported; 1127 }; 1128 1129 1130 static int wiphy_info_handler(struct nl_msg *msg, void *arg) 1131 { 1132 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1133 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1134 struct wiphy_info_data *info = arg; 1135 1136 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1137 genlmsg_attrlen(gnlh, 0), NULL); 1138 1139 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 1140 info->max_scan_ssids = 1141 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 1142 1143 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) { 1144 struct nlattr *nl_mode; 1145 int i; 1146 nla_for_each_nested(nl_mode, 1147 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) { 1148 if (nl_mode->nla_type == NL80211_IFTYPE_AP) { 1149 info->ap_supported = 1; 1150 break; 1151 } 1152 } 1153 } 1154 1155 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) { 1156 struct nlattr *nl_cmd; 1157 int i; 1158 1159 nla_for_each_nested(nl_cmd, 1160 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) { 1161 u32 cmd = nla_get_u32(nl_cmd); 1162 if (cmd == NL80211_CMD_AUTHENTICATE) 1163 info->auth_supported = 1; 1164 else if (cmd == NL80211_CMD_CONNECT) 1165 info->connect_supported = 1; 1166 } 1167 } 1168 1169 return NL_SKIP; 1170 } 1171 1172 1173 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 1174 struct wiphy_info_data *info) 1175 { 1176 struct nl_msg *msg; 1177 1178 os_memset(info, 0, sizeof(*info)); 1179 msg = nlmsg_alloc(); 1180 if (!msg) 1181 return -1; 1182 1183 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1184 0, NL80211_CMD_GET_WIPHY, 0); 1185 1186 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex); 1187 1188 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0) 1189 return 0; 1190 msg = NULL; 1191 nla_put_failure: 1192 nlmsg_free(msg); 1193 return -1; 1194 } 1195 1196 1197 static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 1198 { 1199 struct wiphy_info_data info; 1200 if (wpa_driver_nl80211_get_info(drv, &info)) 1201 return -1; 1202 drv->has_capability = 1; 1203 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */ 1204 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 1205 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 1206 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 1207 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 1208 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 | 1209 WPA_DRIVER_CAPA_ENC_WEP104 | 1210 WPA_DRIVER_CAPA_ENC_TKIP | 1211 WPA_DRIVER_CAPA_ENC_CCMP; 1212 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 1213 WPA_DRIVER_AUTH_SHARED | 1214 WPA_DRIVER_AUTH_LEAP; 1215 1216 drv->capa.max_scan_ssids = info.max_scan_ssids; 1217 if (info.ap_supported) 1218 drv->capa.flags |= WPA_DRIVER_FLAGS_AP; 1219 1220 if (info.auth_supported) 1221 drv->capa.flags |= WPA_DRIVER_FLAGS_SME; 1222 else if (!info.connect_supported) { 1223 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 1224 "authentication/association or connect commands"); 1225 return -1; 1226 } 1227 1228 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 1229 drv->capa.max_remain_on_chan = 5000; 1230 1231 return 0; 1232 } 1233 #endif /* HOSTAPD */ 1234 1235 1236 static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv, 1237 void *ctx) 1238 { 1239 int ret; 1240 1241 /* Initialize generic netlink and nl80211 */ 1242 1243 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 1244 if (drv->nl_cb == NULL) { 1245 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1246 "callbacks"); 1247 goto err1; 1248 } 1249 1250 drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb); 1251 if (drv->nl_handle == NULL) { 1252 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1253 "callbacks"); 1254 goto err2; 1255 } 1256 1257 drv->nl_handle_event = nl_handle_alloc_cb(drv->nl_cb); 1258 if (drv->nl_handle_event == NULL) { 1259 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 1260 "callbacks (event)"); 1261 goto err2b; 1262 } 1263 1264 if (genl_connect(drv->nl_handle)) { 1265 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 1266 "netlink"); 1267 goto err3; 1268 } 1269 1270 if (genl_connect(drv->nl_handle_event)) { 1271 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 1272 "netlink (event)"); 1273 goto err3; 1274 } 1275 1276 #ifdef CONFIG_LIBNL20 1277 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) { 1278 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1279 "netlink cache"); 1280 goto err3; 1281 } 1282 if (genl_ctrl_alloc_cache(drv->nl_handle_event, &drv->nl_cache_event) < 1283 0) { 1284 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1285 "netlink cache (event)"); 1286 goto err3b; 1287 } 1288 #else /* CONFIG_LIBNL20 */ 1289 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle); 1290 if (drv->nl_cache == NULL) { 1291 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1292 "netlink cache"); 1293 goto err3; 1294 } 1295 drv->nl_cache_event = genl_ctrl_alloc_cache(drv->nl_handle_event); 1296 if (drv->nl_cache_event == NULL) { 1297 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 1298 "netlink cache (event)"); 1299 goto err3b; 1300 } 1301 #endif /* CONFIG_LIBNL20 */ 1302 1303 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211"); 1304 if (drv->nl80211 == NULL) { 1305 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 1306 "found"); 1307 goto err4; 1308 } 1309 1310 ret = nl_get_multicast_id(drv, "nl80211", "scan"); 1311 if (ret >= 0) 1312 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1313 if (ret < 0) { 1314 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 1315 "membership for scan events: %d (%s)", 1316 ret, strerror(-ret)); 1317 goto err4; 1318 } 1319 1320 ret = nl_get_multicast_id(drv, "nl80211", "mlme"); 1321 if (ret >= 0) 1322 ret = nl_socket_add_membership(drv->nl_handle_event, ret); 1323 if (ret < 0) { 1324 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 1325 "membership for mlme events: %d (%s)", 1326 ret, strerror(-ret)); 1327 goto err4; 1328 } 1329 1330 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_event), 1331 wpa_driver_nl80211_event_receive, drv, ctx); 1332 1333 return 0; 1334 1335 err4: 1336 nl_cache_free(drv->nl_cache_event); 1337 err3b: 1338 nl_cache_free(drv->nl_cache); 1339 err3: 1340 nl_handle_destroy(drv->nl_handle_event); 1341 err2b: 1342 nl_handle_destroy(drv->nl_handle); 1343 err2: 1344 nl_cb_put(drv->nl_cb); 1345 err1: 1346 return -1; 1347 } 1348 1349 1350 /** 1351 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 1352 * @ctx: context to be used when calling wpa_supplicant functions, 1353 * e.g., wpa_supplicant_event() 1354 * @ifname: interface name, e.g., wlan0 1355 * Returns: Pointer to private data, %NULL on failure 1356 */ 1357 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname) 1358 { 1359 struct wpa_driver_nl80211_data *drv; 1360 struct netlink_config *cfg; 1361 struct i802_bss *bss; 1362 1363 drv = os_zalloc(sizeof(*drv)); 1364 if (drv == NULL) 1365 return NULL; 1366 drv->ctx = ctx; 1367 bss = &drv->first_bss; 1368 bss->drv = drv; 1369 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 1370 drv->monitor_ifidx = -1; 1371 drv->monitor_sock = -1; 1372 drv->ioctl_sock = -1; 1373 1374 if (wpa_driver_nl80211_init_nl(drv, ctx)) { 1375 os_free(drv); 1376 return NULL; 1377 } 1378 1379 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); 1380 if (drv->ioctl_sock < 0) { 1381 perror("socket(PF_INET,SOCK_DGRAM)"); 1382 goto failed; 1383 } 1384 1385 cfg = os_zalloc(sizeof(*cfg)); 1386 if (cfg == NULL) 1387 goto failed; 1388 cfg->ctx = drv; 1389 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink; 1390 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink; 1391 drv->netlink = netlink_init(cfg); 1392 if (drv->netlink == NULL) { 1393 os_free(cfg); 1394 goto failed; 1395 } 1396 if (wpa_driver_nl80211_finish_drv_init(drv)) 1397 goto failed; 1398 1399 return bss; 1400 1401 failed: 1402 netlink_deinit(drv->netlink); 1403 if (drv->ioctl_sock >= 0) 1404 close(drv->ioctl_sock); 1405 1406 genl_family_put(drv->nl80211); 1407 nl_cache_free(drv->nl_cache); 1408 nl_handle_destroy(drv->nl_handle); 1409 nl_cb_put(drv->nl_cb); 1410 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 1411 1412 os_free(drv); 1413 return NULL; 1414 } 1415 1416 1417 static int nl80211_register_action_frame(struct wpa_driver_nl80211_data *drv, 1418 const u8 *match, size_t match_len) 1419 { 1420 struct nl_msg *msg; 1421 int ret = -1; 1422 1423 msg = nlmsg_alloc(); 1424 if (!msg) 1425 return -1; 1426 1427 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 1428 NL80211_CMD_REGISTER_ACTION, 0); 1429 1430 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1431 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 1432 1433 ret = send_and_recv(drv, drv->nl_handle_event, msg, NULL, NULL); 1434 msg = NULL; 1435 if (ret) { 1436 wpa_printf(MSG_DEBUG, "nl80211: Register Action command " 1437 "failed: ret=%d (%s)", ret, strerror(-ret)); 1438 wpa_hexdump(MSG_DEBUG, "nl80211: Register Action match", 1439 match, match_len); 1440 goto nla_put_failure; 1441 } 1442 ret = 0; 1443 nla_put_failure: 1444 nlmsg_free(msg); 1445 return ret; 1446 } 1447 1448 1449 static int nl80211_register_action_frames(struct wpa_driver_nl80211_data *drv) 1450 { 1451 /* FT Action frames */ 1452 if (nl80211_register_action_frame(drv, (u8 *) "\x06", 1) < 0) 1453 return -1; 1454 else 1455 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 1456 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 1457 1458 return 0; 1459 } 1460 1461 1462 static int 1463 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv) 1464 { 1465 struct i802_bss *bss = &drv->first_bss; 1466 1467 drv->ifindex = if_nametoindex(bss->ifname); 1468 drv->first_bss.ifindex = drv->ifindex; 1469 1470 #ifndef HOSTAPD 1471 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA) < 0) { 1472 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to " 1473 "use managed mode"); 1474 } 1475 1476 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) { 1477 wpa_printf(MSG_ERROR, "Could not set interface '%s' UP", 1478 bss->ifname); 1479 return -1; 1480 } 1481 1482 if (wpa_driver_nl80211_capa(drv)) 1483 return -1; 1484 1485 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 1486 1, IF_OPER_DORMANT); 1487 #endif /* HOSTAPD */ 1488 1489 if (nl80211_register_action_frames(drv) < 0) { 1490 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action " 1491 "frame processing - ignore for now"); 1492 /* 1493 * Older kernel versions did not support this, so ignore the 1494 * error for now. Some functionality may not be available 1495 * because of this. 1496 */ 1497 } 1498 1499 return 0; 1500 } 1501 1502 1503 static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 1504 { 1505 struct nl_msg *msg; 1506 1507 msg = nlmsg_alloc(); 1508 if (!msg) 1509 return -ENOMEM; 1510 1511 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 1512 0, NL80211_CMD_DEL_BEACON, 0); 1513 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1514 1515 return send_and_recv_msgs(drv, msg, NULL, NULL); 1516 nla_put_failure: 1517 return -ENOBUFS; 1518 } 1519 1520 1521 /** 1522 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 1523 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init() 1524 * 1525 * Shut down driver interface and processing of driver events. Free 1526 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 1527 */ 1528 static void wpa_driver_nl80211_deinit(void *priv) 1529 { 1530 struct i802_bss *bss = priv; 1531 struct wpa_driver_nl80211_data *drv = bss->drv; 1532 1533 if (drv->added_if_into_bridge) { 1534 if (linux_br_del_if(drv->ioctl_sock, drv->brname, bss->ifname) 1535 < 0) 1536 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 1537 "interface %s from bridge %s: %s", 1538 bss->ifname, drv->brname, strerror(errno)); 1539 } 1540 if (drv->added_bridge) { 1541 if (linux_br_del(drv->ioctl_sock, drv->brname) < 0) 1542 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 1543 "bridge %s: %s", 1544 drv->brname, strerror(errno)); 1545 } 1546 1547 nl80211_remove_monitor_interface(drv); 1548 1549 if (drv->nlmode == NL80211_IFTYPE_AP) 1550 wpa_driver_nl80211_del_beacon(drv); 1551 1552 #ifdef HOSTAPD 1553 if (drv->last_freq_ht) { 1554 /* Clear HT flags from the driver */ 1555 struct hostapd_freq_params freq; 1556 os_memset(&freq, 0, sizeof(freq)); 1557 freq.freq = drv->last_freq; 1558 i802_set_freq(priv, &freq); 1559 } 1560 1561 if (drv->eapol_sock >= 0) { 1562 eloop_unregister_read_sock(drv->eapol_sock); 1563 close(drv->eapol_sock); 1564 } 1565 1566 if (drv->if_indices != drv->default_if_indices) 1567 os_free(drv->if_indices); 1568 #endif /* HOSTAPD */ 1569 1570 if (drv->disable_11b_rates) 1571 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 1572 1573 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP); 1574 netlink_deinit(drv->netlink); 1575 1576 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 1577 1578 (void) linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0); 1579 wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA); 1580 1581 if (drv->ioctl_sock >= 0) 1582 close(drv->ioctl_sock); 1583 1584 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event)); 1585 genl_family_put(drv->nl80211); 1586 nl_cache_free(drv->nl_cache); 1587 nl_cache_free(drv->nl_cache_event); 1588 nl_handle_destroy(drv->nl_handle); 1589 nl_handle_destroy(drv->nl_handle_event); 1590 nl_cb_put(drv->nl_cb); 1591 1592 eloop_cancel_timeout(wpa_driver_nl80211_probe_req_report_timeout, 1593 drv, NULL); 1594 1595 os_free(drv->filter_ssids); 1596 1597 os_free(drv); 1598 } 1599 1600 1601 /** 1602 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 1603 * @eloop_ctx: Driver private data 1604 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 1605 * 1606 * This function can be used as registered timeout when starting a scan to 1607 * generate a scan completed event if the driver does not report this. 1608 */ 1609 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 1610 { 1611 struct wpa_driver_nl80211_data *drv = eloop_ctx; 1612 if (drv->ap_scan_as_station) { 1613 wpa_driver_nl80211_set_mode(&drv->first_bss, 1614 IEEE80211_MODE_AP); 1615 drv->ap_scan_as_station = 0; 1616 } 1617 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 1618 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 1619 } 1620 1621 1622 /** 1623 * wpa_driver_nl80211_scan - Request the driver to initiate scan 1624 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 1625 * @params: Scan parameters 1626 * Returns: 0 on success, -1 on failure 1627 */ 1628 static int wpa_driver_nl80211_scan(void *priv, 1629 struct wpa_driver_scan_params *params) 1630 { 1631 struct i802_bss *bss = priv; 1632 struct wpa_driver_nl80211_data *drv = bss->drv; 1633 int ret = 0, timeout; 1634 struct nl_msg *msg, *ssids, *freqs; 1635 size_t i; 1636 1637 msg = nlmsg_alloc(); 1638 ssids = nlmsg_alloc(); 1639 freqs = nlmsg_alloc(); 1640 if (!msg || !ssids || !freqs) { 1641 nlmsg_free(msg); 1642 nlmsg_free(ssids); 1643 nlmsg_free(freqs); 1644 return -1; 1645 } 1646 1647 os_free(drv->filter_ssids); 1648 drv->filter_ssids = params->filter_ssids; 1649 params->filter_ssids = NULL; 1650 drv->num_filter_ssids = params->num_filter_ssids; 1651 1652 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 1653 NL80211_CMD_TRIGGER_SCAN, 0); 1654 1655 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1656 1657 for (i = 0; i < params->num_ssids; i++) { 1658 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 1659 params->ssids[i].ssid, 1660 params->ssids[i].ssid_len); 1661 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len, 1662 params->ssids[i].ssid); 1663 } 1664 if (params->num_ssids) 1665 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids); 1666 1667 if (params->extra_ies) { 1668 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan extra IEs", 1669 params->extra_ies, params->extra_ies_len); 1670 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len, 1671 params->extra_ies); 1672 } 1673 1674 if (params->freqs) { 1675 for (i = 0; params->freqs[i]; i++) { 1676 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 1677 "MHz", params->freqs[i]); 1678 NLA_PUT_U32(freqs, i + 1, params->freqs[i]); 1679 } 1680 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs); 1681 } 1682 1683 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 1684 msg = NULL; 1685 if (ret) { 1686 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 1687 "(%s)", ret, strerror(-ret)); 1688 #ifdef HOSTAPD 1689 if (drv->nlmode == NL80211_IFTYPE_AP) { 1690 /* 1691 * mac80211 does not allow scan requests in AP mode, so 1692 * try to do this in station mode. 1693 */ 1694 if (wpa_driver_nl80211_set_mode(bss, 1695 IEEE80211_MODE_INFRA)) 1696 goto nla_put_failure; 1697 1698 if (wpa_driver_nl80211_scan(drv, params)) { 1699 wpa_driver_nl80211_set_mode(bss, 1700 IEEE80211_MODE_AP); 1701 goto nla_put_failure; 1702 } 1703 1704 /* Restore AP mode when processing scan results */ 1705 drv->ap_scan_as_station = 1; 1706 ret = 0; 1707 } else 1708 goto nla_put_failure; 1709 #else /* HOSTAPD */ 1710 goto nla_put_failure; 1711 #endif /* HOSTAPD */ 1712 } 1713 1714 /* Not all drivers generate "scan completed" wireless event, so try to 1715 * read results after a timeout. */ 1716 timeout = 10; 1717 if (drv->scan_complete_events) { 1718 /* 1719 * The driver seems to deliver events to notify when scan is 1720 * complete, so use longer timeout to avoid race conditions 1721 * with scanning and following association request. 1722 */ 1723 timeout = 30; 1724 } 1725 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 1726 "seconds", ret, timeout); 1727 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 1728 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 1729 drv, drv->ctx); 1730 1731 nla_put_failure: 1732 nlmsg_free(ssids); 1733 nlmsg_free(msg); 1734 nlmsg_free(freqs); 1735 return ret; 1736 } 1737 1738 1739 static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie) 1740 { 1741 const u8 *end, *pos; 1742 1743 if (ies == NULL) 1744 return NULL; 1745 1746 pos = ies; 1747 end = ies + ies_len; 1748 1749 while (pos + 1 < end) { 1750 if (pos + 2 + pos[1] > end) 1751 break; 1752 if (pos[0] == ie) 1753 return pos; 1754 pos += 2 + pos[1]; 1755 } 1756 1757 return NULL; 1758 } 1759 1760 1761 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 1762 const u8 *ie, size_t ie_len) 1763 { 1764 const u8 *ssid; 1765 size_t i; 1766 1767 if (drv->filter_ssids == NULL) 1768 return 0; 1769 1770 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID); 1771 if (ssid == NULL) 1772 return 1; 1773 1774 for (i = 0; i < drv->num_filter_ssids; i++) { 1775 if (ssid[1] == drv->filter_ssids[i].ssid_len && 1776 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 1777 0) 1778 return 0; 1779 } 1780 1781 return 1; 1782 } 1783 1784 1785 struct nl80211_bss_info_arg { 1786 struct wpa_driver_nl80211_data *drv; 1787 struct wpa_scan_results *res; 1788 }; 1789 1790 static int bss_info_handler(struct nl_msg *msg, void *arg) 1791 { 1792 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1793 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1794 struct nlattr *bss[NL80211_BSS_MAX + 1]; 1795 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 1796 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 1797 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 1798 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 1799 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 1800 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 1801 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 1802 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 1803 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 1804 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 1805 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 1806 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 1807 }; 1808 struct nl80211_bss_info_arg *_arg = arg; 1809 struct wpa_scan_results *res = _arg->res; 1810 struct wpa_scan_res **tmp; 1811 struct wpa_scan_res *r; 1812 const u8 *ie, *beacon_ie; 1813 size_t ie_len, beacon_ie_len; 1814 u8 *pos; 1815 1816 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1817 genlmsg_attrlen(gnlh, 0), NULL); 1818 if (!tb[NL80211_ATTR_BSS]) 1819 return NL_SKIP; 1820 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 1821 bss_policy)) 1822 return NL_SKIP; 1823 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 1824 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 1825 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 1826 } else { 1827 ie = NULL; 1828 ie_len = 0; 1829 } 1830 if (bss[NL80211_BSS_BEACON_IES]) { 1831 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 1832 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 1833 } else { 1834 beacon_ie = NULL; 1835 beacon_ie_len = 0; 1836 } 1837 1838 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie, 1839 ie ? ie_len : beacon_ie_len)) 1840 return NL_SKIP; 1841 1842 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 1843 if (r == NULL) 1844 return NL_SKIP; 1845 if (bss[NL80211_BSS_BSSID]) 1846 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 1847 ETH_ALEN); 1848 if (bss[NL80211_BSS_FREQUENCY]) 1849 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 1850 if (bss[NL80211_BSS_BEACON_INTERVAL]) 1851 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 1852 if (bss[NL80211_BSS_CAPABILITY]) 1853 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 1854 r->flags |= WPA_SCAN_NOISE_INVALID; 1855 if (bss[NL80211_BSS_SIGNAL_MBM]) { 1856 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 1857 r->level /= 100; /* mBm to dBm */ 1858 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 1859 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 1860 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 1861 r->flags |= WPA_SCAN_LEVEL_INVALID; 1862 } else 1863 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 1864 if (bss[NL80211_BSS_TSF]) 1865 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 1866 if (bss[NL80211_BSS_SEEN_MS_AGO]) 1867 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 1868 r->ie_len = ie_len; 1869 pos = (u8 *) (r + 1); 1870 if (ie) { 1871 os_memcpy(pos, ie, ie_len); 1872 pos += ie_len; 1873 } 1874 r->beacon_ie_len = beacon_ie_len; 1875 if (beacon_ie) 1876 os_memcpy(pos, beacon_ie, beacon_ie_len); 1877 1878 if (bss[NL80211_BSS_STATUS]) { 1879 enum nl80211_bss_status status; 1880 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 1881 switch (status) { 1882 case NL80211_BSS_STATUS_AUTHENTICATED: 1883 r->flags |= WPA_SCAN_AUTHENTICATED; 1884 break; 1885 case NL80211_BSS_STATUS_ASSOCIATED: 1886 r->flags |= WPA_SCAN_ASSOCIATED; 1887 break; 1888 default: 1889 break; 1890 } 1891 } 1892 1893 tmp = os_realloc(res->res, 1894 (res->num + 1) * sizeof(struct wpa_scan_res *)); 1895 if (tmp == NULL) { 1896 os_free(r); 1897 return NL_SKIP; 1898 } 1899 tmp[res->num++] = r; 1900 res->res = tmp; 1901 1902 return NL_SKIP; 1903 } 1904 1905 1906 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 1907 const u8 *addr) 1908 { 1909 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1910 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 1911 "mismatch (" MACSTR ")", MAC2STR(addr)); 1912 wpa_driver_nl80211_mlme(drv, addr, 1913 NL80211_CMD_DEAUTHENTICATE, 1914 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 1915 } 1916 } 1917 1918 1919 static void wpa_driver_nl80211_check_bss_status( 1920 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 1921 { 1922 size_t i; 1923 1924 for (i = 0; i < res->num; i++) { 1925 struct wpa_scan_res *r = res->res[i]; 1926 if (r->flags & WPA_SCAN_AUTHENTICATED) { 1927 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 1928 "indicates BSS status with " MACSTR 1929 " as authenticated", 1930 MAC2STR(r->bssid)); 1931 if (drv->nlmode == NL80211_IFTYPE_STATION && 1932 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 && 1933 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) != 1934 0) { 1935 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID" 1936 " in local state (auth=" MACSTR 1937 " assoc=" MACSTR ")", 1938 MAC2STR(drv->auth_bssid), 1939 MAC2STR(drv->bssid)); 1940 clear_state_mismatch(drv, r->bssid); 1941 } 1942 } 1943 1944 if (r->flags & WPA_SCAN_ASSOCIATED) { 1945 wpa_printf(MSG_DEBUG, "nl80211: Scan results " 1946 "indicate BSS status with " MACSTR 1947 " as associated", 1948 MAC2STR(r->bssid)); 1949 if (drv->nlmode == NL80211_IFTYPE_STATION && 1950 !drv->associated) { 1951 wpa_printf(MSG_DEBUG, "nl80211: Local state " 1952 "(not associated) does not match " 1953 "with BSS state"); 1954 clear_state_mismatch(drv, r->bssid); 1955 } else if (drv->nlmode == NL80211_IFTYPE_STATION && 1956 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 1957 0) { 1958 wpa_printf(MSG_DEBUG, "nl80211: Local state " 1959 "(associated with " MACSTR ") does " 1960 "not match with BSS state", 1961 MAC2STR(drv->bssid)); 1962 clear_state_mismatch(drv, r->bssid); 1963 clear_state_mismatch(drv, drv->bssid); 1964 } 1965 } 1966 } 1967 } 1968 1969 1970 static void wpa_scan_results_free(struct wpa_scan_results *res) 1971 { 1972 size_t i; 1973 1974 if (res == NULL) 1975 return; 1976 1977 for (i = 0; i < res->num; i++) 1978 os_free(res->res[i]); 1979 os_free(res->res); 1980 os_free(res); 1981 } 1982 1983 1984 static struct wpa_scan_results * 1985 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 1986 { 1987 struct nl_msg *msg; 1988 struct wpa_scan_results *res; 1989 int ret; 1990 struct nl80211_bss_info_arg arg; 1991 1992 res = os_zalloc(sizeof(*res)); 1993 if (res == NULL) 1994 return NULL; 1995 msg = nlmsg_alloc(); 1996 if (!msg) 1997 goto nla_put_failure; 1998 1999 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP, 2000 NL80211_CMD_GET_SCAN, 0); 2001 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2002 2003 arg.drv = drv; 2004 arg.res = res; 2005 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 2006 msg = NULL; 2007 if (ret == 0) { 2008 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)", 2009 (unsigned long) res->num); 2010 return res; 2011 } 2012 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 2013 "(%s)", ret, strerror(-ret)); 2014 nla_put_failure: 2015 nlmsg_free(msg); 2016 wpa_scan_results_free(res); 2017 return NULL; 2018 } 2019 2020 2021 /** 2022 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 2023 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 2024 * Returns: Scan results on success, -1 on failure 2025 */ 2026 static struct wpa_scan_results * 2027 wpa_driver_nl80211_get_scan_results(void *priv) 2028 { 2029 struct i802_bss *bss = priv; 2030 struct wpa_driver_nl80211_data *drv = bss->drv; 2031 struct wpa_scan_results *res; 2032 2033 res = nl80211_get_scan_results(drv); 2034 if (res) 2035 wpa_driver_nl80211_check_bss_status(drv, res); 2036 return res; 2037 } 2038 2039 2040 static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 2041 { 2042 struct wpa_scan_results *res; 2043 size_t i; 2044 2045 res = nl80211_get_scan_results(drv); 2046 if (res == NULL) { 2047 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results"); 2048 return; 2049 } 2050 2051 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 2052 for (i = 0; i < res->num; i++) { 2053 struct wpa_scan_res *r = res->res[i]; 2054 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s", 2055 (int) i, (int) res->num, MAC2STR(r->bssid), 2056 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "", 2057 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 2058 } 2059 2060 wpa_scan_results_free(res); 2061 } 2062 2063 2064 static int wpa_driver_nl80211_set_key(const char *ifname, void *priv, 2065 enum wpa_alg alg, const u8 *addr, 2066 int key_idx, int set_tx, 2067 const u8 *seq, size_t seq_len, 2068 const u8 *key, size_t key_len) 2069 { 2070 struct i802_bss *bss = priv; 2071 struct wpa_driver_nl80211_data *drv = bss->drv; 2072 int ifindex = if_nametoindex(ifname); 2073 struct nl_msg *msg; 2074 int ret; 2075 2076 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d " 2077 "set_tx=%d seq_len=%lu key_len=%lu", 2078 __func__, ifindex, alg, addr, key_idx, set_tx, 2079 (unsigned long) seq_len, (unsigned long) key_len); 2080 2081 msg = nlmsg_alloc(); 2082 if (!msg) 2083 return -ENOMEM; 2084 2085 if (alg == WPA_ALG_NONE) { 2086 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2087 0, NL80211_CMD_DEL_KEY, 0); 2088 } else { 2089 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2090 0, NL80211_CMD_NEW_KEY, 0); 2091 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key); 2092 switch (alg) { 2093 case WPA_ALG_WEP: 2094 if (key_len == 5) 2095 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2096 WLAN_CIPHER_SUITE_WEP40); 2097 else 2098 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2099 WLAN_CIPHER_SUITE_WEP104); 2100 break; 2101 case WPA_ALG_TKIP: 2102 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2103 WLAN_CIPHER_SUITE_TKIP); 2104 break; 2105 case WPA_ALG_CCMP: 2106 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2107 WLAN_CIPHER_SUITE_CCMP); 2108 break; 2109 case WPA_ALG_IGTK: 2110 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 2111 WLAN_CIPHER_SUITE_AES_CMAC); 2112 break; 2113 default: 2114 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 2115 "algorithm %d", __func__, alg); 2116 nlmsg_free(msg); 2117 return -1; 2118 } 2119 } 2120 2121 if (seq && seq_len) 2122 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq); 2123 2124 if (addr && os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0) 2125 { 2126 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr)); 2127 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 2128 } 2129 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 2130 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 2131 2132 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2133 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) 2134 ret = 0; 2135 if (ret) 2136 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)", 2137 ret, strerror(-ret)); 2138 2139 /* 2140 * If we failed or don't need to set the default TX key (below), 2141 * we're done here. 2142 */ 2143 if (ret || !set_tx || alg == WPA_ALG_NONE) 2144 return ret; 2145 #ifdef HOSTAPD 2146 if (addr) 2147 return ret; 2148 #else /* HOSTAPD */ 2149 if (drv->nlmode == NL80211_IFTYPE_AP && addr) 2150 return ret; 2151 #endif /* HOSTAPD */ 2152 2153 msg = nlmsg_alloc(); 2154 if (!msg) 2155 return -ENOMEM; 2156 2157 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2158 0, NL80211_CMD_SET_KEY, 0); 2159 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 2160 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 2161 if (alg == WPA_ALG_IGTK) 2162 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT); 2163 else 2164 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT); 2165 2166 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2167 if (ret == -ENOENT) 2168 ret = 0; 2169 if (ret) 2170 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; " 2171 "err=%d %s)", ret, strerror(-ret)); 2172 return ret; 2173 2174 nla_put_failure: 2175 return -ENOBUFS; 2176 } 2177 2178 2179 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg, 2180 int key_idx, int defkey, 2181 const u8 *seq, size_t seq_len, 2182 const u8 *key, size_t key_len) 2183 { 2184 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY); 2185 if (!key_attr) 2186 return -1; 2187 2188 if (defkey && alg == WPA_ALG_IGTK) 2189 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT); 2190 else if (defkey) 2191 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 2192 2193 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx); 2194 2195 switch (alg) { 2196 case WPA_ALG_WEP: 2197 if (key_len == 5) 2198 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2199 WLAN_CIPHER_SUITE_WEP40); 2200 else 2201 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2202 WLAN_CIPHER_SUITE_WEP104); 2203 break; 2204 case WPA_ALG_TKIP: 2205 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP); 2206 break; 2207 case WPA_ALG_CCMP: 2208 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP); 2209 break; 2210 case WPA_ALG_IGTK: 2211 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2212 WLAN_CIPHER_SUITE_AES_CMAC); 2213 break; 2214 default: 2215 wpa_printf(MSG_ERROR, "%s: Unsupported encryption " 2216 "algorithm %d", __func__, alg); 2217 return -1; 2218 } 2219 2220 if (seq && seq_len) 2221 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq); 2222 2223 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key); 2224 2225 nla_nest_end(msg, key_attr); 2226 2227 return 0; 2228 nla_put_failure: 2229 return -1; 2230 } 2231 2232 2233 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params, 2234 struct nl_msg *msg) 2235 { 2236 int i, privacy = 0; 2237 struct nlattr *nl_keys, *nl_key; 2238 2239 for (i = 0; i < 4; i++) { 2240 if (!params->wep_key[i]) 2241 continue; 2242 privacy = 1; 2243 break; 2244 } 2245 if (!privacy) 2246 return 0; 2247 2248 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY); 2249 2250 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS); 2251 if (!nl_keys) 2252 goto nla_put_failure; 2253 2254 for (i = 0; i < 4; i++) { 2255 if (!params->wep_key[i]) 2256 continue; 2257 2258 nl_key = nla_nest_start(msg, i); 2259 if (!nl_key) 2260 goto nla_put_failure; 2261 2262 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i], 2263 params->wep_key[i]); 2264 if (params->wep_key_len[i] == 5) 2265 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2266 WLAN_CIPHER_SUITE_WEP40); 2267 else 2268 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, 2269 WLAN_CIPHER_SUITE_WEP104); 2270 2271 NLA_PUT_U8(msg, NL80211_KEY_IDX, i); 2272 2273 if (i == params->wep_tx_keyidx) 2274 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT); 2275 2276 nla_nest_end(msg, nl_key); 2277 } 2278 nla_nest_end(msg, nl_keys); 2279 2280 return 0; 2281 2282 nla_put_failure: 2283 return -ENOBUFS; 2284 } 2285 2286 2287 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 2288 const u8 *addr, int cmd, u16 reason_code, 2289 int local_state_change) 2290 { 2291 int ret = -1; 2292 struct nl_msg *msg; 2293 2294 msg = nlmsg_alloc(); 2295 if (!msg) 2296 return -1; 2297 2298 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0); 2299 2300 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2301 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code); 2302 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 2303 if (local_state_change) 2304 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 2305 2306 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2307 msg = NULL; 2308 if (ret) { 2309 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 2310 "(%s)", ret, strerror(-ret)); 2311 goto nla_put_failure; 2312 } 2313 ret = 0; 2314 2315 nla_put_failure: 2316 nlmsg_free(msg); 2317 return ret; 2318 } 2319 2320 2321 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv, 2322 const u8 *addr, int reason_code) 2323 { 2324 wpa_printf(MSG_DEBUG, "%s", __func__); 2325 drv->associated = 0; 2326 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT, 2327 reason_code, 0); 2328 } 2329 2330 2331 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr, 2332 int reason_code) 2333 { 2334 struct i802_bss *bss = priv; 2335 struct wpa_driver_nl80211_data *drv = bss->drv; 2336 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 2337 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 2338 wpa_printf(MSG_DEBUG, "%s", __func__); 2339 drv->associated = 0; 2340 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, 2341 reason_code, 0); 2342 } 2343 2344 2345 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr, 2346 int reason_code) 2347 { 2348 struct i802_bss *bss = priv; 2349 struct wpa_driver_nl80211_data *drv = bss->drv; 2350 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) 2351 return wpa_driver_nl80211_disconnect(drv, addr, reason_code); 2352 wpa_printf(MSG_DEBUG, "%s", __func__); 2353 drv->associated = 0; 2354 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE, 2355 reason_code, 0); 2356 } 2357 2358 2359 static int wpa_driver_nl80211_authenticate( 2360 void *priv, struct wpa_driver_auth_params *params) 2361 { 2362 struct i802_bss *bss = priv; 2363 struct wpa_driver_nl80211_data *drv = bss->drv; 2364 int ret = -1, i; 2365 struct nl_msg *msg; 2366 enum nl80211_auth_type type; 2367 int count = 0; 2368 2369 drv->associated = 0; 2370 os_memset(drv->auth_bssid, 0, ETH_ALEN); 2371 /* FIX: IBSS mode */ 2372 if (drv->nlmode != NL80211_IFTYPE_STATION) 2373 wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA); 2374 2375 if (wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA) < 0) 2376 return -1; 2377 2378 retry: 2379 msg = nlmsg_alloc(); 2380 if (!msg) 2381 return -1; 2382 2383 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)", 2384 drv->ifindex); 2385 2386 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 2387 NL80211_CMD_AUTHENTICATE, 0); 2388 2389 for (i = 0; i < 4; i++) { 2390 if (!params->wep_key[i]) 2391 continue; 2392 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP, 2393 NULL, i, 2394 i == params->wep_tx_keyidx, NULL, 0, 2395 params->wep_key[i], 2396 params->wep_key_len[i]); 2397 if (params->wep_tx_keyidx != i) 2398 continue; 2399 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0, 2400 params->wep_key[i], params->wep_key_len[i])) { 2401 nlmsg_free(msg); 2402 return -1; 2403 } 2404 } 2405 2406 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2407 if (params->bssid) { 2408 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 2409 MAC2STR(params->bssid)); 2410 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 2411 } 2412 if (params->freq) { 2413 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 2414 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 2415 } 2416 if (params->ssid) { 2417 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 2418 params->ssid, params->ssid_len); 2419 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 2420 params->ssid); 2421 } 2422 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len); 2423 if (params->ie) 2424 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie); 2425 /* 2426 * TODO: if multiple auth_alg options enabled, try them one by one if 2427 * the AP rejects authentication due to unknown auth alg 2428 */ 2429 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 2430 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 2431 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 2432 type = NL80211_AUTHTYPE_SHARED_KEY; 2433 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 2434 type = NL80211_AUTHTYPE_NETWORK_EAP; 2435 else if (params->auth_alg & WPA_AUTH_ALG_FT) 2436 type = NL80211_AUTHTYPE_FT; 2437 else 2438 goto nla_put_failure; 2439 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 2440 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 2441 if (params->local_state_change) { 2442 wpa_printf(MSG_DEBUG, " * Local state change only"); 2443 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE); 2444 } 2445 2446 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2447 msg = NULL; 2448 if (ret) { 2449 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 2450 "(%s)", ret, strerror(-ret)); 2451 count++; 2452 if (ret == -EALREADY && count == 1 && params->bssid && 2453 !params->local_state_change) { 2454 /* 2455 * mac80211 does not currently accept new 2456 * authentication if we are already authenticated. As a 2457 * workaround, force deauthentication and try again. 2458 */ 2459 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication " 2460 "after forced deauthentication"); 2461 wpa_driver_nl80211_deauthenticate( 2462 bss, params->bssid, 2463 WLAN_REASON_PREV_AUTH_NOT_VALID); 2464 nlmsg_free(msg); 2465 goto retry; 2466 } 2467 goto nla_put_failure; 2468 } 2469 ret = 0; 2470 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send " 2471 "successfully"); 2472 2473 nla_put_failure: 2474 nlmsg_free(msg); 2475 return ret; 2476 } 2477 2478 2479 struct phy_info_arg { 2480 u16 *num_modes; 2481 struct hostapd_hw_modes *modes; 2482 }; 2483 2484 static int phy_info_handler(struct nl_msg *msg, void *arg) 2485 { 2486 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1]; 2487 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2488 struct phy_info_arg *phy_info = arg; 2489 2490 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1]; 2491 2492 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1]; 2493 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = { 2494 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 }, 2495 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG }, 2496 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG }, 2497 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG }, 2498 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG }, 2499 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 }, 2500 }; 2501 2502 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1]; 2503 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = { 2504 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 }, 2505 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG }, 2506 }; 2507 2508 struct nlattr *nl_band; 2509 struct nlattr *nl_freq; 2510 struct nlattr *nl_rate; 2511 int rem_band, rem_freq, rem_rate; 2512 struct hostapd_hw_modes *mode; 2513 int idx, mode_is_set; 2514 2515 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2516 genlmsg_attrlen(gnlh, 0), NULL); 2517 2518 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS]) 2519 return NL_SKIP; 2520 2521 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) { 2522 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode)); 2523 if (!mode) 2524 return NL_SKIP; 2525 phy_info->modes = mode; 2526 2527 mode_is_set = 0; 2528 2529 mode = &phy_info->modes[*(phy_info->num_modes)]; 2530 memset(mode, 0, sizeof(*mode)); 2531 *(phy_info->num_modes) += 1; 2532 2533 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band), 2534 nla_len(nl_band), NULL); 2535 2536 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) { 2537 mode->ht_capab = nla_get_u16( 2538 tb_band[NL80211_BAND_ATTR_HT_CAPA]); 2539 } 2540 2541 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) { 2542 mode->a_mpdu_params |= nla_get_u8( 2543 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) & 2544 0x03; 2545 } 2546 2547 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) { 2548 mode->a_mpdu_params |= nla_get_u8( 2549 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) << 2550 2; 2551 } 2552 2553 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] && 2554 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) { 2555 u8 *mcs; 2556 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]); 2557 os_memcpy(mode->mcs_set, mcs, 16); 2558 } 2559 2560 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 2561 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 2562 nla_len(nl_freq), freq_policy); 2563 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 2564 continue; 2565 mode->num_channels++; 2566 } 2567 2568 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data)); 2569 if (!mode->channels) 2570 return NL_SKIP; 2571 2572 idx = 0; 2573 2574 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) { 2575 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq), 2576 nla_len(nl_freq), freq_policy); 2577 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ]) 2578 continue; 2579 2580 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]); 2581 mode->channels[idx].flag = 0; 2582 2583 if (!mode_is_set) { 2584 /* crude heuristic */ 2585 if (mode->channels[idx].freq < 4000) 2586 mode->mode = HOSTAPD_MODE_IEEE80211B; 2587 else 2588 mode->mode = HOSTAPD_MODE_IEEE80211A; 2589 mode_is_set = 1; 2590 } 2591 2592 /* crude heuristic */ 2593 if (mode->channels[idx].freq < 4000) 2594 if (mode->channels[idx].freq == 2484) 2595 mode->channels[idx].chan = 14; 2596 else 2597 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5; 2598 else 2599 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000; 2600 2601 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 2602 mode->channels[idx].flag |= 2603 HOSTAPD_CHAN_DISABLED; 2604 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN]) 2605 mode->channels[idx].flag |= 2606 HOSTAPD_CHAN_PASSIVE_SCAN; 2607 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS]) 2608 mode->channels[idx].flag |= 2609 HOSTAPD_CHAN_NO_IBSS; 2610 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR]) 2611 mode->channels[idx].flag |= 2612 HOSTAPD_CHAN_RADAR; 2613 2614 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] && 2615 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED]) 2616 mode->channels[idx].max_tx_power = 2617 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100; 2618 2619 idx++; 2620 } 2621 2622 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 2623 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 2624 nla_len(nl_rate), rate_policy); 2625 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 2626 continue; 2627 mode->num_rates++; 2628 } 2629 2630 mode->rates = os_zalloc(mode->num_rates * sizeof(int)); 2631 if (!mode->rates) 2632 return NL_SKIP; 2633 2634 idx = 0; 2635 2636 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { 2637 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate), 2638 nla_len(nl_rate), rate_policy); 2639 if (!tb_rate[NL80211_BITRATE_ATTR_RATE]) 2640 continue; 2641 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]); 2642 2643 /* crude heuristic */ 2644 if (mode->mode == HOSTAPD_MODE_IEEE80211B && 2645 mode->rates[idx] > 200) 2646 mode->mode = HOSTAPD_MODE_IEEE80211G; 2647 2648 idx++; 2649 } 2650 } 2651 2652 return NL_SKIP; 2653 } 2654 2655 static struct hostapd_hw_modes * 2656 wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes) 2657 { 2658 u16 m; 2659 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode; 2660 int i, mode11g_idx = -1; 2661 2662 /* If only 802.11g mode is included, use it to construct matching 2663 * 802.11b mode data. */ 2664 2665 for (m = 0; m < *num_modes; m++) { 2666 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B) 2667 return modes; /* 802.11b already included */ 2668 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G) 2669 mode11g_idx = m; 2670 } 2671 2672 if (mode11g_idx < 0) 2673 return modes; /* 2.4 GHz band not supported at all */ 2674 2675 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes)); 2676 if (nmodes == NULL) 2677 return modes; /* Could not add 802.11b mode */ 2678 2679 mode = &nmodes[*num_modes]; 2680 os_memset(mode, 0, sizeof(*mode)); 2681 (*num_modes)++; 2682 modes = nmodes; 2683 2684 mode->mode = HOSTAPD_MODE_IEEE80211B; 2685 2686 mode11g = &modes[mode11g_idx]; 2687 mode->num_channels = mode11g->num_channels; 2688 mode->channels = os_malloc(mode11g->num_channels * 2689 sizeof(struct hostapd_channel_data)); 2690 if (mode->channels == NULL) { 2691 (*num_modes)--; 2692 return modes; /* Could not add 802.11b mode */ 2693 } 2694 os_memcpy(mode->channels, mode11g->channels, 2695 mode11g->num_channels * sizeof(struct hostapd_channel_data)); 2696 2697 mode->num_rates = 0; 2698 mode->rates = os_malloc(4 * sizeof(int)); 2699 if (mode->rates == NULL) { 2700 os_free(mode->channels); 2701 (*num_modes)--; 2702 return modes; /* Could not add 802.11b mode */ 2703 } 2704 2705 for (i = 0; i < mode11g->num_rates; i++) { 2706 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 && 2707 mode11g->rates[i] != 55 && mode11g->rates[i] != 110) 2708 continue; 2709 mode->rates[mode->num_rates] = mode11g->rates[i]; 2710 mode->num_rates++; 2711 if (mode->num_rates == 4) 2712 break; 2713 } 2714 2715 if (mode->num_rates == 0) { 2716 os_free(mode->channels); 2717 os_free(mode->rates); 2718 (*num_modes)--; 2719 return modes; /* No 802.11b rates */ 2720 } 2721 2722 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g " 2723 "information"); 2724 2725 return modes; 2726 } 2727 2728 2729 static struct hostapd_hw_modes * 2730 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags) 2731 { 2732 struct i802_bss *bss = priv; 2733 struct wpa_driver_nl80211_data *drv = bss->drv; 2734 struct nl_msg *msg; 2735 struct phy_info_arg result = { 2736 .num_modes = num_modes, 2737 .modes = NULL, 2738 }; 2739 2740 *num_modes = 0; 2741 *flags = 0; 2742 2743 msg = nlmsg_alloc(); 2744 if (!msg) 2745 return NULL; 2746 2747 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2748 0, NL80211_CMD_GET_WIPHY, 0); 2749 2750 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2751 2752 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) 2753 return wpa_driver_nl80211_add_11b(result.modes, num_modes); 2754 nla_put_failure: 2755 return NULL; 2756 } 2757 2758 2759 static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv, 2760 const void *data, size_t len, 2761 int encrypt) 2762 { 2763 __u8 rtap_hdr[] = { 2764 0x00, 0x00, /* radiotap version */ 2765 0x0e, 0x00, /* radiotap length */ 2766 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */ 2767 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */ 2768 0x00, /* padding */ 2769 0x00, 0x00, /* RX and TX flags to indicate that */ 2770 0x00, 0x00, /* this is the injected frame directly */ 2771 }; 2772 struct iovec iov[2] = { 2773 { 2774 .iov_base = &rtap_hdr, 2775 .iov_len = sizeof(rtap_hdr), 2776 }, 2777 { 2778 .iov_base = (void *) data, 2779 .iov_len = len, 2780 } 2781 }; 2782 struct msghdr msg = { 2783 .msg_name = NULL, 2784 .msg_namelen = 0, 2785 .msg_iov = iov, 2786 .msg_iovlen = 2, 2787 .msg_control = NULL, 2788 .msg_controllen = 0, 2789 .msg_flags = 0, 2790 }; 2791 2792 if (encrypt) 2793 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP; 2794 2795 return sendmsg(drv->monitor_sock, &msg, 0); 2796 } 2797 2798 2799 static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data, 2800 size_t data_len) 2801 { 2802 struct i802_bss *bss = priv; 2803 struct wpa_driver_nl80211_data *drv = bss->drv; 2804 struct ieee80211_mgmt *mgmt; 2805 int encrypt = 1; 2806 u16 fc; 2807 2808 mgmt = (struct ieee80211_mgmt *) data; 2809 fc = le_to_host16(mgmt->frame_control); 2810 2811 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 2812 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) { 2813 /* 2814 * Only one of the authentication frame types is encrypted. 2815 * In order for static WEP encryption to work properly (i.e., 2816 * to not encrypt the frame), we need to tell mac80211 about 2817 * the frames that must not be encrypted. 2818 */ 2819 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 2820 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction); 2821 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3) 2822 encrypt = 0; 2823 } 2824 2825 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt); 2826 } 2827 2828 2829 static int wpa_driver_nl80211_set_beacon(void *priv, 2830 const u8 *head, size_t head_len, 2831 const u8 *tail, size_t tail_len, 2832 int dtim_period, int beacon_int) 2833 { 2834 struct i802_bss *bss = priv; 2835 struct wpa_driver_nl80211_data *drv = bss->drv; 2836 struct nl_msg *msg; 2837 u8 cmd = NL80211_CMD_NEW_BEACON; 2838 int ret; 2839 int beacon_set; 2840 int ifindex = if_nametoindex(bss->ifname); 2841 2842 beacon_set = bss->beacon_set; 2843 2844 msg = nlmsg_alloc(); 2845 if (!msg) 2846 return -ENOMEM; 2847 2848 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)", 2849 beacon_set); 2850 if (beacon_set) 2851 cmd = NL80211_CMD_SET_BEACON; 2852 2853 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2854 0, cmd, 0); 2855 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head); 2856 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail); 2857 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 2858 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, beacon_int); 2859 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period); 2860 2861 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2862 if (ret) { 2863 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", 2864 ret, strerror(-ret)); 2865 } else { 2866 bss->beacon_set = 1; 2867 } 2868 return ret; 2869 nla_put_failure: 2870 return -ENOBUFS; 2871 } 2872 2873 2874 static int wpa_driver_nl80211_set_freq(struct wpa_driver_nl80211_data *drv, 2875 int freq, int ht_enabled, 2876 int sec_channel_offset) 2877 { 2878 struct nl_msg *msg; 2879 int ret; 2880 2881 msg = nlmsg_alloc(); 2882 if (!msg) 2883 return -1; 2884 2885 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 2886 NL80211_CMD_SET_WIPHY, 0); 2887 2888 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 2889 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 2890 if (ht_enabled) { 2891 switch (sec_channel_offset) { 2892 case -1: 2893 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 2894 NL80211_CHAN_HT40MINUS); 2895 break; 2896 case 1: 2897 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 2898 NL80211_CHAN_HT40PLUS); 2899 break; 2900 default: 2901 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 2902 NL80211_CHAN_HT20); 2903 break; 2904 } 2905 } 2906 2907 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2908 if (ret == 0) 2909 return 0; 2910 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): " 2911 "%d (%s)", freq, ret, strerror(-ret)); 2912 nla_put_failure: 2913 return -1; 2914 } 2915 2916 2917 static int wpa_driver_nl80211_sta_add(void *priv, 2918 struct hostapd_sta_add_params *params) 2919 { 2920 struct i802_bss *bss = priv; 2921 struct wpa_driver_nl80211_data *drv = bss->drv; 2922 struct nl_msg *msg; 2923 int ret = -ENOBUFS; 2924 2925 msg = nlmsg_alloc(); 2926 if (!msg) 2927 return -ENOMEM; 2928 2929 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2930 0, NL80211_CMD_NEW_STATION, 0); 2931 2932 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 2933 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr); 2934 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid); 2935 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len, 2936 params->supp_rates); 2937 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, 2938 params->listen_interval); 2939 if (params->ht_capabilities) { 2940 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, 2941 sizeof(*params->ht_capabilities), 2942 params->ht_capabilities); 2943 } 2944 2945 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2946 if (ret) 2947 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION " 2948 "result: %d (%s)", ret, strerror(-ret)); 2949 if (ret == -EEXIST) 2950 ret = 0; 2951 nla_put_failure: 2952 return ret; 2953 } 2954 2955 2956 static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr) 2957 { 2958 struct i802_bss *bss = priv; 2959 struct wpa_driver_nl80211_data *drv = bss->drv; 2960 struct nl_msg *msg; 2961 int ret; 2962 2963 msg = nlmsg_alloc(); 2964 if (!msg) 2965 return -ENOMEM; 2966 2967 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 2968 0, NL80211_CMD_DEL_STATION, 0); 2969 2970 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 2971 if_nametoindex(bss->ifname)); 2972 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 2973 2974 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 2975 if (ret == -ENOENT) 2976 return 0; 2977 return ret; 2978 nla_put_failure: 2979 return -ENOBUFS; 2980 } 2981 2982 2983 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, 2984 int ifidx) 2985 { 2986 struct nl_msg *msg; 2987 2988 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx); 2989 2990 #ifdef HOSTAPD 2991 /* stop listening for EAPOL on this interface */ 2992 del_ifidx(drv, ifidx); 2993 #endif /* HOSTAPD */ 2994 2995 msg = nlmsg_alloc(); 2996 if (!msg) 2997 goto nla_put_failure; 2998 2999 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3000 0, NL80211_CMD_DEL_INTERFACE, 0); 3001 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx); 3002 3003 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 3004 return; 3005 nla_put_failure: 3006 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx); 3007 } 3008 3009 3010 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv, 3011 const char *ifname, 3012 enum nl80211_iftype iftype, 3013 const u8 *addr, int wds) 3014 { 3015 struct nl_msg *msg, *flags = NULL; 3016 int ifidx; 3017 int ret = -ENOBUFS; 3018 3019 msg = nlmsg_alloc(); 3020 if (!msg) 3021 return -1; 3022 3023 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3024 0, NL80211_CMD_NEW_INTERFACE, 0); 3025 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3026 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname); 3027 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype); 3028 3029 if (iftype == NL80211_IFTYPE_MONITOR) { 3030 int err; 3031 3032 flags = nlmsg_alloc(); 3033 if (!flags) 3034 goto nla_put_failure; 3035 3036 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES); 3037 3038 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags); 3039 3040 nlmsg_free(flags); 3041 3042 if (err) 3043 goto nla_put_failure; 3044 } else if (wds) { 3045 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds); 3046 } 3047 3048 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3049 if (ret) { 3050 nla_put_failure: 3051 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)", 3052 ifname, ret, strerror(-ret)); 3053 return ret; 3054 } 3055 3056 ifidx = if_nametoindex(ifname); 3057 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d", 3058 ifname, ifidx); 3059 3060 if (ifidx <= 0) 3061 return -1; 3062 3063 #ifdef HOSTAPD 3064 /* start listening for EAPOL on this interface */ 3065 add_ifidx(drv, ifidx); 3066 #endif /* HOSTAPD */ 3067 3068 if (addr && iftype != NL80211_IFTYPE_MONITOR && 3069 linux_set_ifhwaddr(drv->ioctl_sock, ifname, addr)) { 3070 nl80211_remove_iface(drv, ifidx); 3071 return -1; 3072 } 3073 3074 return ifidx; 3075 } 3076 3077 3078 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, 3079 const char *ifname, enum nl80211_iftype iftype, 3080 const u8 *addr, int wds) 3081 { 3082 int ret; 3083 3084 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds); 3085 3086 /* if error occured and interface exists already */ 3087 if (ret == -ENFILE && if_nametoindex(ifname)) { 3088 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname); 3089 3090 /* Try to remove the interface that was already there. */ 3091 nl80211_remove_iface(drv, if_nametoindex(ifname)); 3092 3093 /* Try to create the interface again */ 3094 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, 3095 wds); 3096 } 3097 3098 if (ret >= 0 && drv->disable_11b_rates) 3099 nl80211_disable_11b_rates(drv, ret, 1); 3100 3101 return ret; 3102 } 3103 3104 3105 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok) 3106 { 3107 struct ieee80211_hdr *hdr; 3108 u16 fc; 3109 union wpa_event_data event; 3110 3111 hdr = (struct ieee80211_hdr *) buf; 3112 fc = le_to_host16(hdr->frame_control); 3113 3114 os_memset(&event, 0, sizeof(event)); 3115 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 3116 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 3117 event.tx_status.dst = hdr->addr1; 3118 event.tx_status.data = buf; 3119 event.tx_status.data_len = len; 3120 event.tx_status.ack = ok; 3121 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event); 3122 } 3123 3124 3125 static void from_unknown_sta(struct wpa_driver_nl80211_data *drv, 3126 u8 *buf, size_t len) 3127 { 3128 union wpa_event_data event; 3129 os_memset(&event, 0, sizeof(event)); 3130 event.rx_from_unknown.frame = buf; 3131 event.rx_from_unknown.len = len; 3132 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 3133 } 3134 3135 3136 static void handle_frame(struct wpa_driver_nl80211_data *drv, 3137 u8 *buf, size_t len, int datarate, int ssi_signal) 3138 { 3139 struct ieee80211_hdr *hdr; 3140 u16 fc; 3141 union wpa_event_data event; 3142 3143 hdr = (struct ieee80211_hdr *) buf; 3144 fc = le_to_host16(hdr->frame_control); 3145 3146 switch (WLAN_FC_GET_TYPE(fc)) { 3147 case WLAN_FC_TYPE_MGMT: 3148 os_memset(&event, 0, sizeof(event)); 3149 event.rx_mgmt.frame = buf; 3150 event.rx_mgmt.frame_len = len; 3151 event.rx_mgmt.datarate = datarate; 3152 event.rx_mgmt.ssi_signal = ssi_signal; 3153 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 3154 break; 3155 case WLAN_FC_TYPE_CTRL: 3156 /* can only get here with PS-Poll frames */ 3157 wpa_printf(MSG_DEBUG, "CTRL"); 3158 from_unknown_sta(drv, buf, len); 3159 break; 3160 case WLAN_FC_TYPE_DATA: 3161 from_unknown_sta(drv, buf, len); 3162 break; 3163 } 3164 } 3165 3166 3167 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx) 3168 { 3169 struct wpa_driver_nl80211_data *drv = eloop_ctx; 3170 int len; 3171 unsigned char buf[3000]; 3172 struct ieee80211_radiotap_iterator iter; 3173 int ret; 3174 int datarate = 0, ssi_signal = 0; 3175 int injected = 0, failed = 0, rxflags = 0; 3176 3177 len = recv(sock, buf, sizeof(buf), 0); 3178 if (len < 0) { 3179 perror("recv"); 3180 return; 3181 } 3182 3183 if (drv->nlmode == NL80211_IFTYPE_STATION && !drv->probe_req_report) { 3184 wpa_printf(MSG_DEBUG, "nl80211: Ignore monitor interface " 3185 "frame since Probe Request reporting is disabled"); 3186 return; 3187 } 3188 3189 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) { 3190 printf("received invalid radiotap frame\n"); 3191 return; 3192 } 3193 3194 while (1) { 3195 ret = ieee80211_radiotap_iterator_next(&iter); 3196 if (ret == -ENOENT) 3197 break; 3198 if (ret) { 3199 printf("received invalid radiotap frame (%d)\n", ret); 3200 return; 3201 } 3202 switch (iter.this_arg_index) { 3203 case IEEE80211_RADIOTAP_FLAGS: 3204 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS) 3205 len -= 4; 3206 break; 3207 case IEEE80211_RADIOTAP_RX_FLAGS: 3208 rxflags = 1; 3209 break; 3210 case IEEE80211_RADIOTAP_TX_FLAGS: 3211 injected = 1; 3212 failed = le_to_host16((*(uint16_t *) iter.this_arg)) & 3213 IEEE80211_RADIOTAP_F_TX_FAIL; 3214 break; 3215 case IEEE80211_RADIOTAP_DATA_RETRIES: 3216 break; 3217 case IEEE80211_RADIOTAP_CHANNEL: 3218 /* TODO: convert from freq/flags to channel number */ 3219 break; 3220 case IEEE80211_RADIOTAP_RATE: 3221 datarate = *iter.this_arg * 5; 3222 break; 3223 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 3224 ssi_signal = *iter.this_arg; 3225 break; 3226 } 3227 } 3228 3229 if (rxflags && injected) 3230 return; 3231 3232 if (!injected) 3233 handle_frame(drv, buf + iter.max_length, 3234 len - iter.max_length, datarate, ssi_signal); 3235 else 3236 handle_tx_callback(drv->ctx, buf + iter.max_length, 3237 len - iter.max_length, !failed); 3238 } 3239 3240 3241 /* 3242 * we post-process the filter code later and rewrite 3243 * this to the offset to the last instruction 3244 */ 3245 #define PASS 0xFF 3246 #define FAIL 0xFE 3247 3248 static struct sock_filter msock_filter_insns[] = { 3249 /* 3250 * do a little-endian load of the radiotap length field 3251 */ 3252 /* load lower byte into A */ 3253 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), 3254 /* put it into X (== index register) */ 3255 BPF_STMT(BPF_MISC| BPF_TAX, 0), 3256 /* load upper byte into A */ 3257 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3), 3258 /* left-shift it by 8 */ 3259 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8), 3260 /* or with X */ 3261 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0), 3262 /* put result into X */ 3263 BPF_STMT(BPF_MISC| BPF_TAX, 0), 3264 3265 /* 3266 * Allow management frames through, this also gives us those 3267 * management frames that we sent ourselves with status 3268 */ 3269 /* load the lower byte of the IEEE 802.11 frame control field */ 3270 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 3271 /* mask off frame type and version */ 3272 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF), 3273 /* accept frame if it's both 0, fall through otherwise */ 3274 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0), 3275 3276 /* 3277 * TODO: add a bit to radiotap RX flags that indicates 3278 * that the sending station is not associated, then 3279 * add a filter here that filters on our DA and that flag 3280 * to allow us to deauth frames to that bad station. 3281 * 3282 * Not a regression -- we didn't do it before either. 3283 */ 3284 3285 #if 0 3286 /* 3287 * drop non-data frames 3288 */ 3289 /* load the lower byte of the frame control field */ 3290 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 3291 /* mask off QoS bit */ 3292 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c), 3293 /* drop non-data frames */ 3294 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL), 3295 #endif 3296 /* load the upper byte of the frame control field */ 3297 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), 3298 /* mask off toDS/fromDS */ 3299 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03), 3300 /* accept WDS frames */ 3301 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0), 3302 3303 /* 3304 * add header length to index 3305 */ 3306 /* load the lower byte of the frame control field */ 3307 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), 3308 /* mask off QoS bit */ 3309 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80), 3310 /* right shift it by 6 to give 0 or 2 */ 3311 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6), 3312 /* add data frame header length */ 3313 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24), 3314 /* add index, was start of 802.11 header */ 3315 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), 3316 /* move to index, now start of LL header */ 3317 BPF_STMT(BPF_MISC | BPF_TAX, 0), 3318 3319 /* 3320 * Accept empty data frames, we use those for 3321 * polling activity. 3322 */ 3323 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0), 3324 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0), 3325 3326 /* 3327 * Accept EAPOL frames 3328 */ 3329 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), 3330 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL), 3331 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4), 3332 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL), 3333 3334 /* keep these last two statements or change the code below */ 3335 /* return 0 == "DROP" */ 3336 BPF_STMT(BPF_RET | BPF_K, 0), 3337 /* return ~0 == "keep all" */ 3338 BPF_STMT(BPF_RET | BPF_K, ~0), 3339 }; 3340 3341 static struct sock_fprog msock_filter = { 3342 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]), 3343 .filter = msock_filter_insns, 3344 }; 3345 3346 3347 static int add_monitor_filter(int s) 3348 { 3349 int idx; 3350 3351 /* rewrite all PASS/FAIL jump offsets */ 3352 for (idx = 0; idx < msock_filter.len; idx++) { 3353 struct sock_filter *insn = &msock_filter_insns[idx]; 3354 3355 if (BPF_CLASS(insn->code) == BPF_JMP) { 3356 if (insn->code == (BPF_JMP|BPF_JA)) { 3357 if (insn->k == PASS) 3358 insn->k = msock_filter.len - idx - 2; 3359 else if (insn->k == FAIL) 3360 insn->k = msock_filter.len - idx - 3; 3361 } 3362 3363 if (insn->jt == PASS) 3364 insn->jt = msock_filter.len - idx - 2; 3365 else if (insn->jt == FAIL) 3366 insn->jt = msock_filter.len - idx - 3; 3367 3368 if (insn->jf == PASS) 3369 insn->jf = msock_filter.len - idx - 2; 3370 else if (insn->jf == FAIL) 3371 insn->jf = msock_filter.len - idx - 3; 3372 } 3373 } 3374 3375 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER, 3376 &msock_filter, sizeof(msock_filter))) { 3377 perror("SO_ATTACH_FILTER"); 3378 return -1; 3379 } 3380 3381 return 0; 3382 } 3383 3384 3385 static void nl80211_remove_monitor_interface( 3386 struct wpa_driver_nl80211_data *drv) 3387 { 3388 if (drv->monitor_ifidx >= 0) { 3389 nl80211_remove_iface(drv, drv->monitor_ifidx); 3390 drv->monitor_ifidx = -1; 3391 } 3392 if (drv->monitor_sock >= 0) { 3393 eloop_unregister_read_sock(drv->monitor_sock); 3394 close(drv->monitor_sock); 3395 drv->monitor_sock = -1; 3396 } 3397 } 3398 3399 3400 static int 3401 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv) 3402 { 3403 char buf[IFNAMSIZ]; 3404 struct sockaddr_ll ll; 3405 int optval; 3406 socklen_t optlen; 3407 3408 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname); 3409 buf[IFNAMSIZ - 1] = '\0'; 3410 3411 drv->monitor_ifidx = 3412 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL, 3413 0); 3414 3415 if (drv->monitor_ifidx < 0) 3416 return -1; 3417 3418 if (linux_set_iface_flags(drv->ioctl_sock, buf, 1)) 3419 goto error; 3420 3421 memset(&ll, 0, sizeof(ll)); 3422 ll.sll_family = AF_PACKET; 3423 ll.sll_ifindex = drv->monitor_ifidx; 3424 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 3425 if (drv->monitor_sock < 0) { 3426 perror("socket[PF_PACKET,SOCK_RAW]"); 3427 goto error; 3428 } 3429 3430 if (add_monitor_filter(drv->monitor_sock)) { 3431 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor " 3432 "interface; do filtering in user space"); 3433 /* This works, but will cost in performance. */ 3434 } 3435 3436 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) { 3437 perror("monitor socket bind"); 3438 goto error; 3439 } 3440 3441 optlen = sizeof(optval); 3442 optval = 20; 3443 if (setsockopt 3444 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) { 3445 perror("Failed to set socket priority"); 3446 goto error; 3447 } 3448 3449 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read, 3450 drv, NULL)) { 3451 printf("Could not register monitor read socket\n"); 3452 goto error; 3453 } 3454 3455 return 0; 3456 error: 3457 nl80211_remove_monitor_interface(drv); 3458 return -1; 3459 } 3460 3461 3462 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; 3463 3464 static int wpa_driver_nl80211_hapd_send_eapol( 3465 void *priv, const u8 *addr, const u8 *data, 3466 size_t data_len, int encrypt, const u8 *own_addr) 3467 { 3468 struct i802_bss *bss = priv; 3469 struct wpa_driver_nl80211_data *drv = bss->drv; 3470 struct ieee80211_hdr *hdr; 3471 size_t len; 3472 u8 *pos; 3473 int res; 3474 #if 0 /* FIX */ 3475 int qos = sta->flags & WPA_STA_WMM; 3476 #else 3477 int qos = 0; 3478 #endif 3479 3480 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 + 3481 data_len; 3482 hdr = os_zalloc(len); 3483 if (hdr == NULL) { 3484 printf("malloc() failed for i802_send_data(len=%lu)\n", 3485 (unsigned long) len); 3486 return -1; 3487 } 3488 3489 hdr->frame_control = 3490 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); 3491 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); 3492 if (encrypt) 3493 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); 3494 #if 0 /* To be enabled if qos determination is added above */ 3495 if (qos) { 3496 hdr->frame_control |= 3497 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4); 3498 } 3499 #endif 3500 3501 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); 3502 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); 3503 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); 3504 pos = (u8 *) (hdr + 1); 3505 3506 #if 0 /* To be enabled if qos determination is added above */ 3507 if (qos) { 3508 /* add an empty QoS header if needed */ 3509 pos[0] = 0; 3510 pos[1] = 0; 3511 pos += 2; 3512 } 3513 #endif 3514 3515 memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); 3516 pos += sizeof(rfc1042_header); 3517 WPA_PUT_BE16(pos, ETH_P_PAE); 3518 pos += 2; 3519 memcpy(pos, data, data_len); 3520 3521 res = wpa_driver_nl80211_send_frame(drv, (u8 *) hdr, len, encrypt); 3522 if (res < 0) { 3523 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - " 3524 "failed: %d (%s)", 3525 (unsigned long) len, errno, strerror(errno)); 3526 } 3527 os_free(hdr); 3528 3529 return res; 3530 } 3531 3532 3533 static u32 sta_flags_nl80211(int flags) 3534 { 3535 u32 f = 0; 3536 3537 if (flags & WPA_STA_AUTHORIZED) 3538 f |= BIT(NL80211_STA_FLAG_AUTHORIZED); 3539 if (flags & WPA_STA_WMM) 3540 f |= BIT(NL80211_STA_FLAG_WME); 3541 if (flags & WPA_STA_SHORT_PREAMBLE) 3542 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE); 3543 if (flags & WPA_STA_MFP) 3544 f |= BIT(NL80211_STA_FLAG_MFP); 3545 3546 return f; 3547 } 3548 3549 3550 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr, 3551 int total_flags, 3552 int flags_or, int flags_and) 3553 { 3554 struct i802_bss *bss = priv; 3555 struct wpa_driver_nl80211_data *drv = bss->drv; 3556 struct nl_msg *msg, *flags = NULL; 3557 struct nl80211_sta_flag_update upd; 3558 3559 msg = nlmsg_alloc(); 3560 if (!msg) 3561 return -ENOMEM; 3562 3563 flags = nlmsg_alloc(); 3564 if (!flags) { 3565 nlmsg_free(msg); 3566 return -ENOMEM; 3567 } 3568 3569 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3570 0, NL80211_CMD_SET_STATION, 0); 3571 3572 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 3573 if_nametoindex(bss->ifname)); 3574 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 3575 3576 /* 3577 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This 3578 * can be removed eventually. 3579 */ 3580 if (total_flags & WPA_STA_AUTHORIZED) 3581 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED); 3582 3583 if (total_flags & WPA_STA_WMM) 3584 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME); 3585 3586 if (total_flags & WPA_STA_SHORT_PREAMBLE) 3587 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE); 3588 3589 if (total_flags & WPA_STA_MFP) 3590 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP); 3591 3592 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags)) 3593 goto nla_put_failure; 3594 3595 os_memset(&upd, 0, sizeof(upd)); 3596 upd.mask = sta_flags_nl80211(flags_or | ~flags_and); 3597 upd.set = sta_flags_nl80211(flags_or); 3598 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 3599 3600 nlmsg_free(flags); 3601 3602 return send_and_recv_msgs(drv, msg, NULL, NULL); 3603 nla_put_failure: 3604 nlmsg_free(flags); 3605 return -ENOBUFS; 3606 } 3607 3608 3609 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv, 3610 struct wpa_driver_associate_params *params) 3611 { 3612 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode) || 3613 wpa_driver_nl80211_set_freq(drv, params->freq, 0, 0)) { 3614 nl80211_remove_monitor_interface(drv); 3615 return -1; 3616 } 3617 3618 /* TODO: setup monitor interface (and add code somewhere to remove this 3619 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */ 3620 3621 return 0; 3622 } 3623 3624 3625 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv) 3626 { 3627 struct nl_msg *msg; 3628 int ret = -1; 3629 3630 msg = nlmsg_alloc(); 3631 if (!msg) 3632 return -1; 3633 3634 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3635 NL80211_CMD_LEAVE_IBSS, 0); 3636 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3637 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3638 msg = NULL; 3639 if (ret) { 3640 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " 3641 "(%s)", ret, strerror(-ret)); 3642 goto nla_put_failure; 3643 } 3644 3645 ret = 0; 3646 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully"); 3647 3648 nla_put_failure: 3649 nlmsg_free(msg); 3650 return ret; 3651 } 3652 3653 3654 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv, 3655 struct wpa_driver_associate_params *params) 3656 { 3657 struct nl_msg *msg; 3658 int ret = -1; 3659 int count = 0; 3660 3661 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); 3662 3663 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode)) { 3664 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into " 3665 "IBSS mode"); 3666 return -1; 3667 } 3668 3669 retry: 3670 msg = nlmsg_alloc(); 3671 if (!msg) 3672 return -1; 3673 3674 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3675 NL80211_CMD_JOIN_IBSS, 0); 3676 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3677 3678 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid)) 3679 goto nla_put_failure; 3680 3681 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 3682 params->ssid, params->ssid_len); 3683 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 3684 params->ssid); 3685 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 3686 drv->ssid_len = params->ssid_len; 3687 3688 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 3689 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 3690 3691 ret = nl80211_set_conn_keys(params, msg); 3692 if (ret) 3693 goto nla_put_failure; 3694 3695 if (params->wpa_ie) { 3696 wpa_hexdump(MSG_DEBUG, 3697 " * Extra IEs for Beacon/Probe Response frames", 3698 params->wpa_ie, params->wpa_ie_len); 3699 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 3700 params->wpa_ie); 3701 } 3702 3703 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3704 msg = NULL; 3705 if (ret) { 3706 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", 3707 ret, strerror(-ret)); 3708 count++; 3709 if (ret == -EALREADY && count == 1) { 3710 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after " 3711 "forced leave"); 3712 nl80211_leave_ibss(drv); 3713 nlmsg_free(msg); 3714 goto retry; 3715 } 3716 3717 goto nla_put_failure; 3718 } 3719 ret = 0; 3720 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully"); 3721 3722 nla_put_failure: 3723 nlmsg_free(msg); 3724 return ret; 3725 } 3726 3727 3728 static int wpa_driver_nl80211_connect( 3729 struct wpa_driver_nl80211_data *drv, 3730 struct wpa_driver_associate_params *params) 3731 { 3732 struct nl_msg *msg; 3733 enum nl80211_auth_type type; 3734 int ret = 0; 3735 3736 msg = nlmsg_alloc(); 3737 if (!msg) 3738 return -1; 3739 3740 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex); 3741 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3742 NL80211_CMD_CONNECT, 0); 3743 3744 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3745 if (params->bssid) { 3746 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 3747 MAC2STR(params->bssid)); 3748 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 3749 } 3750 if (params->freq) { 3751 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 3752 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 3753 } 3754 if (params->ssid) { 3755 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 3756 params->ssid, params->ssid_len); 3757 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 3758 params->ssid); 3759 if (params->ssid_len > sizeof(drv->ssid)) 3760 goto nla_put_failure; 3761 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 3762 drv->ssid_len = params->ssid_len; 3763 } 3764 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 3765 if (params->wpa_ie) 3766 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 3767 params->wpa_ie); 3768 3769 if (params->auth_alg & WPA_AUTH_ALG_OPEN) 3770 type = NL80211_AUTHTYPE_OPEN_SYSTEM; 3771 else if (params->auth_alg & WPA_AUTH_ALG_SHARED) 3772 type = NL80211_AUTHTYPE_SHARED_KEY; 3773 else if (params->auth_alg & WPA_AUTH_ALG_LEAP) 3774 type = NL80211_AUTHTYPE_NETWORK_EAP; 3775 else if (params->auth_alg & WPA_AUTH_ALG_FT) 3776 type = NL80211_AUTHTYPE_FT; 3777 else 3778 goto nla_put_failure; 3779 3780 wpa_printf(MSG_DEBUG, " * Auth Type %d", type); 3781 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type); 3782 3783 if (params->wpa_ie && params->wpa_ie_len) { 3784 enum nl80211_wpa_versions ver; 3785 3786 if (params->wpa_ie[0] == WLAN_EID_RSN) 3787 ver = NL80211_WPA_VERSION_2; 3788 else 3789 ver = NL80211_WPA_VERSION_1; 3790 3791 wpa_printf(MSG_DEBUG, " * WPA Version %d", ver); 3792 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver); 3793 } 3794 3795 if (params->pairwise_suite != CIPHER_NONE) { 3796 int cipher; 3797 3798 switch (params->pairwise_suite) { 3799 case CIPHER_WEP40: 3800 cipher = WLAN_CIPHER_SUITE_WEP40; 3801 break; 3802 case CIPHER_WEP104: 3803 cipher = WLAN_CIPHER_SUITE_WEP104; 3804 break; 3805 case CIPHER_CCMP: 3806 cipher = WLAN_CIPHER_SUITE_CCMP; 3807 break; 3808 case CIPHER_TKIP: 3809 default: 3810 cipher = WLAN_CIPHER_SUITE_TKIP; 3811 break; 3812 } 3813 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher); 3814 } 3815 3816 if (params->group_suite != CIPHER_NONE) { 3817 int cipher; 3818 3819 switch (params->group_suite) { 3820 case CIPHER_WEP40: 3821 cipher = WLAN_CIPHER_SUITE_WEP40; 3822 break; 3823 case CIPHER_WEP104: 3824 cipher = WLAN_CIPHER_SUITE_WEP104; 3825 break; 3826 case CIPHER_CCMP: 3827 cipher = WLAN_CIPHER_SUITE_CCMP; 3828 break; 3829 case CIPHER_TKIP: 3830 default: 3831 cipher = WLAN_CIPHER_SUITE_TKIP; 3832 break; 3833 } 3834 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher); 3835 } 3836 3837 if (params->key_mgmt_suite == KEY_MGMT_802_1X || 3838 params->key_mgmt_suite == KEY_MGMT_PSK) { 3839 int mgmt = WLAN_AKM_SUITE_PSK; 3840 3841 switch (params->key_mgmt_suite) { 3842 case KEY_MGMT_802_1X: 3843 mgmt = WLAN_AKM_SUITE_8021X; 3844 break; 3845 case KEY_MGMT_PSK: 3846 default: 3847 mgmt = WLAN_AKM_SUITE_PSK; 3848 break; 3849 } 3850 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt); 3851 } 3852 3853 ret = nl80211_set_conn_keys(params, msg); 3854 if (ret) 3855 goto nla_put_failure; 3856 3857 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3858 msg = NULL; 3859 if (ret) { 3860 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " 3861 "(%s)", ret, strerror(-ret)); 3862 goto nla_put_failure; 3863 } 3864 ret = 0; 3865 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully"); 3866 3867 nla_put_failure: 3868 nlmsg_free(msg); 3869 return ret; 3870 3871 } 3872 3873 3874 static int wpa_driver_nl80211_associate( 3875 void *priv, struct wpa_driver_associate_params *params) 3876 { 3877 struct i802_bss *bss = priv; 3878 struct wpa_driver_nl80211_data *drv = bss->drv; 3879 int ret = -1; 3880 struct nl_msg *msg; 3881 3882 if (params->mode == IEEE80211_MODE_AP) 3883 return wpa_driver_nl80211_ap(drv, params); 3884 3885 if (params->mode == IEEE80211_MODE_IBSS) 3886 return wpa_driver_nl80211_ibss(drv, params); 3887 3888 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { 3889 if (wpa_driver_nl80211_set_mode(priv, params->mode) < 0) 3890 return -1; 3891 return wpa_driver_nl80211_connect(drv, params); 3892 } 3893 3894 drv->associated = 0; 3895 3896 msg = nlmsg_alloc(); 3897 if (!msg) 3898 return -1; 3899 3900 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)", 3901 drv->ifindex); 3902 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 3903 NL80211_CMD_ASSOCIATE, 0); 3904 3905 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3906 if (params->bssid) { 3907 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR, 3908 MAC2STR(params->bssid)); 3909 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid); 3910 } 3911 if (params->freq) { 3912 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq); 3913 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq); 3914 drv->assoc_freq = params->freq; 3915 } else 3916 drv->assoc_freq = 0; 3917 if (params->ssid) { 3918 wpa_hexdump_ascii(MSG_DEBUG, " * SSID", 3919 params->ssid, params->ssid_len); 3920 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len, 3921 params->ssid); 3922 if (params->ssid_len > sizeof(drv->ssid)) 3923 goto nla_put_failure; 3924 os_memcpy(drv->ssid, params->ssid, params->ssid_len); 3925 drv->ssid_len = params->ssid_len; 3926 } 3927 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len); 3928 if (params->wpa_ie) 3929 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len, 3930 params->wpa_ie); 3931 3932 #ifdef CONFIG_IEEE80211W 3933 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED) 3934 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED); 3935 #endif /* CONFIG_IEEE80211W */ 3936 3937 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT); 3938 3939 if (params->prev_bssid) { 3940 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR, 3941 MAC2STR(params->prev_bssid)); 3942 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN, 3943 params->prev_bssid); 3944 } 3945 3946 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3947 msg = NULL; 3948 if (ret) { 3949 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d " 3950 "(%s)", ret, strerror(-ret)); 3951 nl80211_dump_scan(drv); 3952 goto nla_put_failure; 3953 } 3954 ret = 0; 3955 wpa_printf(MSG_DEBUG, "nl80211: Association request send " 3956 "successfully"); 3957 3958 nla_put_failure: 3959 nlmsg_free(msg); 3960 return ret; 3961 } 3962 3963 3964 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, 3965 int ifindex, int mode) 3966 { 3967 struct nl_msg *msg; 3968 int ret = -ENOBUFS; 3969 3970 msg = nlmsg_alloc(); 3971 if (!msg) 3972 return -ENOMEM; 3973 3974 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 3975 0, NL80211_CMD_SET_INTERFACE, 0); 3976 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 3977 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode); 3978 3979 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 3980 if (!ret) 3981 return 0; 3982 nla_put_failure: 3983 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:" 3984 " %d (%s)", ifindex, mode, ret, strerror(-ret)); 3985 return ret; 3986 } 3987 3988 3989 static int wpa_driver_nl80211_set_mode(void *priv, int mode) 3990 { 3991 struct i802_bss *bss = priv; 3992 struct wpa_driver_nl80211_data *drv = bss->drv; 3993 int ret = -1; 3994 int nlmode; 3995 3996 switch (mode) { 3997 case 0: 3998 nlmode = NL80211_IFTYPE_STATION; 3999 break; 4000 case 1: 4001 nlmode = NL80211_IFTYPE_ADHOC; 4002 break; 4003 case 2: 4004 nlmode = NL80211_IFTYPE_AP; 4005 break; 4006 default: 4007 return -1; 4008 } 4009 4010 if (nl80211_set_mode(drv, drv->ifindex, nlmode) == 0) { 4011 drv->nlmode = nlmode; 4012 ret = 0; 4013 goto done; 4014 } 4015 4016 if (nlmode == drv->nlmode) { 4017 wpa_printf(MSG_DEBUG, "nl80211: Interface already in " 4018 "requested mode - ignore error"); 4019 ret = 0; 4020 goto done; /* Already in the requested mode */ 4021 } 4022 4023 /* mac80211 doesn't allow mode changes while the device is up, so 4024 * take the device down, try to set the mode again, and bring the 4025 * device back up. 4026 */ 4027 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0) == 0) { 4028 /* Try to set the mode again while the interface is down */ 4029 ret = nl80211_set_mode(drv, drv->ifindex, nlmode); 4030 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) 4031 ret = -1; 4032 } 4033 4034 if (!ret) { 4035 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while " 4036 "interface is down"); 4037 drv->nlmode = nlmode; 4038 } 4039 4040 done: 4041 if (!ret && nlmode == NL80211_IFTYPE_AP) { 4042 /* Setup additional AP mode functionality if needed */ 4043 if (drv->monitor_ifidx < 0 && 4044 nl80211_create_monitor_interface(drv)) 4045 return -1; 4046 } else if (!ret && nlmode != NL80211_IFTYPE_AP) { 4047 /* Remove additional AP mode functionality */ 4048 nl80211_remove_monitor_interface(drv); 4049 bss->beacon_set = 0; 4050 } 4051 4052 if (ret) 4053 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d " 4054 "from %d failed", nlmode, drv->nlmode); 4055 4056 return ret; 4057 } 4058 4059 4060 static int wpa_driver_nl80211_get_capa(void *priv, 4061 struct wpa_driver_capa *capa) 4062 { 4063 struct i802_bss *bss = priv; 4064 struct wpa_driver_nl80211_data *drv = bss->drv; 4065 if (!drv->has_capability) 4066 return -1; 4067 os_memcpy(capa, &drv->capa, sizeof(*capa)); 4068 return 0; 4069 } 4070 4071 4072 static int wpa_driver_nl80211_set_operstate(void *priv, int state) 4073 { 4074 struct i802_bss *bss = priv; 4075 struct wpa_driver_nl80211_data *drv = bss->drv; 4076 4077 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)", 4078 __func__, drv->operstate, state, state ? "UP" : "DORMANT"); 4079 drv->operstate = state; 4080 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1, 4081 state ? IF_OPER_UP : IF_OPER_DORMANT); 4082 } 4083 4084 4085 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized) 4086 { 4087 struct i802_bss *bss = priv; 4088 struct wpa_driver_nl80211_data *drv = bss->drv; 4089 struct nl_msg *msg; 4090 struct nl80211_sta_flag_update upd; 4091 4092 msg = nlmsg_alloc(); 4093 if (!msg) 4094 return -ENOMEM; 4095 4096 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4097 0, NL80211_CMD_SET_STATION, 0); 4098 4099 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 4100 if_nametoindex(bss->ifname)); 4101 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 4102 4103 os_memset(&upd, 0, sizeof(upd)); 4104 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED); 4105 if (authorized) 4106 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED); 4107 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd); 4108 4109 return send_and_recv_msgs(drv, msg, NULL, NULL); 4110 nla_put_failure: 4111 return -ENOBUFS; 4112 } 4113 4114 4115 #ifdef HOSTAPD 4116 4117 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 4118 { 4119 int i; 4120 int *old; 4121 4122 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d", 4123 ifidx); 4124 for (i = 0; i < drv->num_if_indices; i++) { 4125 if (drv->if_indices[i] == 0) { 4126 drv->if_indices[i] = ifidx; 4127 return; 4128 } 4129 } 4130 4131 if (drv->if_indices != drv->default_if_indices) 4132 old = drv->if_indices; 4133 else 4134 old = NULL; 4135 4136 drv->if_indices = os_realloc(old, 4137 sizeof(int) * (drv->num_if_indices + 1)); 4138 if (!drv->if_indices) { 4139 if (!old) 4140 drv->if_indices = drv->default_if_indices; 4141 else 4142 drv->if_indices = old; 4143 wpa_printf(MSG_ERROR, "Failed to reallocate memory for " 4144 "interfaces"); 4145 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx); 4146 return; 4147 } else if (!old) 4148 os_memcpy(drv->if_indices, drv->default_if_indices, 4149 sizeof(drv->default_if_indices)); 4150 drv->if_indices[drv->num_if_indices] = ifidx; 4151 drv->num_if_indices++; 4152 } 4153 4154 4155 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 4156 { 4157 int i; 4158 4159 for (i = 0; i < drv->num_if_indices; i++) { 4160 if (drv->if_indices[i] == ifidx) { 4161 drv->if_indices[i] = 0; 4162 break; 4163 } 4164 } 4165 } 4166 4167 4168 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 4169 { 4170 int i; 4171 4172 for (i = 0; i < drv->num_if_indices; i++) 4173 if (drv->if_indices[i] == ifidx) 4174 return 1; 4175 4176 return 0; 4177 } 4178 4179 4180 static inline int min_int(int a, int b) 4181 { 4182 if (a < b) 4183 return a; 4184 return b; 4185 } 4186 4187 4188 static int get_key_handler(struct nl_msg *msg, void *arg) 4189 { 4190 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 4191 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 4192 4193 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 4194 genlmsg_attrlen(gnlh, 0), NULL); 4195 4196 /* 4197 * TODO: validate the key index and mac address! 4198 * Otherwise, there's a race condition as soon as 4199 * the kernel starts sending key notifications. 4200 */ 4201 4202 if (tb[NL80211_ATTR_KEY_SEQ]) 4203 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]), 4204 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6)); 4205 return NL_SKIP; 4206 } 4207 4208 4209 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr, 4210 int idx, u8 *seq) 4211 { 4212 struct i802_bss *bss = priv; 4213 struct wpa_driver_nl80211_data *drv = bss->drv; 4214 struct nl_msg *msg; 4215 4216 msg = nlmsg_alloc(); 4217 if (!msg) 4218 return -ENOMEM; 4219 4220 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4221 0, NL80211_CMD_GET_KEY, 0); 4222 4223 if (addr) 4224 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 4225 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx); 4226 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface)); 4227 4228 memset(seq, 0, 6); 4229 4230 return send_and_recv_msgs(drv, msg, get_key_handler, seq); 4231 nla_put_failure: 4232 return -ENOBUFS; 4233 } 4234 4235 4236 static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates, 4237 int mode) 4238 { 4239 struct i802_bss *bss = priv; 4240 struct wpa_driver_nl80211_data *drv = bss->drv; 4241 struct nl_msg *msg; 4242 u8 rates[NL80211_MAX_SUPP_RATES]; 4243 u8 rates_len = 0; 4244 int i; 4245 4246 msg = nlmsg_alloc(); 4247 if (!msg) 4248 return -ENOMEM; 4249 4250 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4251 NL80211_CMD_SET_BSS, 0); 4252 4253 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++) 4254 rates[rates_len++] = basic_rates[i] / 5; 4255 4256 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates); 4257 4258 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 4259 4260 return send_and_recv_msgs(drv, msg, NULL, NULL); 4261 nla_put_failure: 4262 return -ENOBUFS; 4263 } 4264 4265 #endif /* HOSTAPD */ 4266 4267 4268 /* Set kernel driver on given frequency (MHz) */ 4269 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq) 4270 { 4271 struct i802_bss *bss = priv; 4272 struct wpa_driver_nl80211_data *drv = bss->drv; 4273 return wpa_driver_nl80211_set_freq(drv, freq->freq, freq->ht_enabled, 4274 freq->sec_channel_offset); 4275 } 4276 4277 4278 #ifdef HOSTAPD 4279 4280 static int i802_set_rts(void *priv, int rts) 4281 { 4282 struct i802_bss *bss = priv; 4283 struct wpa_driver_nl80211_data *drv = bss->drv; 4284 struct nl_msg *msg; 4285 int ret = -ENOBUFS; 4286 u32 val; 4287 4288 msg = nlmsg_alloc(); 4289 if (!msg) 4290 return -ENOMEM; 4291 4292 if (rts >= 2347) 4293 val = (u32) -1; 4294 else 4295 val = rts; 4296 4297 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4298 0, NL80211_CMD_SET_WIPHY, 0); 4299 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4300 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val); 4301 4302 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4303 if (!ret) 4304 return 0; 4305 nla_put_failure: 4306 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: " 4307 "%d (%s)", rts, ret, strerror(-ret)); 4308 return ret; 4309 } 4310 4311 4312 static int i802_set_frag(void *priv, int frag) 4313 { 4314 struct i802_bss *bss = priv; 4315 struct wpa_driver_nl80211_data *drv = bss->drv; 4316 struct nl_msg *msg; 4317 int ret = -ENOBUFS; 4318 u32 val; 4319 4320 msg = nlmsg_alloc(); 4321 if (!msg) 4322 return -ENOMEM; 4323 4324 if (frag >= 2346) 4325 val = (u32) -1; 4326 else 4327 val = frag; 4328 4329 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4330 0, NL80211_CMD_SET_WIPHY, 0); 4331 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4332 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val); 4333 4334 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4335 if (!ret) 4336 return 0; 4337 nla_put_failure: 4338 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold " 4339 "%d: %d (%s)", frag, ret, strerror(-ret)); 4340 return ret; 4341 } 4342 4343 4344 static int i802_flush(void *priv) 4345 { 4346 struct i802_bss *bss = priv; 4347 struct wpa_driver_nl80211_data *drv = bss->drv; 4348 struct nl_msg *msg; 4349 4350 msg = nlmsg_alloc(); 4351 if (!msg) 4352 return -1; 4353 4354 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4355 0, NL80211_CMD_DEL_STATION, 0); 4356 4357 /* 4358 * XXX: FIX! this needs to flush all VLANs too 4359 */ 4360 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 4361 if_nametoindex(bss->ifname)); 4362 4363 return send_and_recv_msgs(drv, msg, NULL, NULL); 4364 nla_put_failure: 4365 return -ENOBUFS; 4366 } 4367 4368 4369 static int get_sta_handler(struct nl_msg *msg, void *arg) 4370 { 4371 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 4372 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 4373 struct hostap_sta_driver_data *data = arg; 4374 struct nlattr *stats[NL80211_STA_INFO_MAX + 1]; 4375 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = { 4376 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 }, 4377 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 }, 4378 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 }, 4379 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 }, 4380 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 }, 4381 }; 4382 4383 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 4384 genlmsg_attrlen(gnlh, 0), NULL); 4385 4386 /* 4387 * TODO: validate the interface and mac address! 4388 * Otherwise, there's a race condition as soon as 4389 * the kernel starts sending station notifications. 4390 */ 4391 4392 if (!tb[NL80211_ATTR_STA_INFO]) { 4393 wpa_printf(MSG_DEBUG, "sta stats missing!"); 4394 return NL_SKIP; 4395 } 4396 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX, 4397 tb[NL80211_ATTR_STA_INFO], 4398 stats_policy)) { 4399 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!"); 4400 return NL_SKIP; 4401 } 4402 4403 if (stats[NL80211_STA_INFO_INACTIVE_TIME]) 4404 data->inactive_msec = 4405 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]); 4406 if (stats[NL80211_STA_INFO_RX_BYTES]) 4407 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]); 4408 if (stats[NL80211_STA_INFO_TX_BYTES]) 4409 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]); 4410 if (stats[NL80211_STA_INFO_RX_PACKETS]) 4411 data->rx_packets = 4412 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]); 4413 if (stats[NL80211_STA_INFO_TX_PACKETS]) 4414 data->tx_packets = 4415 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]); 4416 4417 return NL_SKIP; 4418 } 4419 4420 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data, 4421 const u8 *addr) 4422 { 4423 struct i802_bss *bss = priv; 4424 struct wpa_driver_nl80211_data *drv = bss->drv; 4425 struct nl_msg *msg; 4426 4427 os_memset(data, 0, sizeof(*data)); 4428 msg = nlmsg_alloc(); 4429 if (!msg) 4430 return -ENOMEM; 4431 4432 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4433 0, NL80211_CMD_GET_STATION, 0); 4434 4435 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 4436 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 4437 4438 return send_and_recv_msgs(drv, msg, get_sta_handler, data); 4439 nla_put_failure: 4440 return -ENOBUFS; 4441 } 4442 4443 4444 static int i802_set_tx_queue_params(void *priv, int queue, int aifs, 4445 int cw_min, int cw_max, int burst_time) 4446 { 4447 struct i802_bss *bss = priv; 4448 struct wpa_driver_nl80211_data *drv = bss->drv; 4449 struct nl_msg *msg; 4450 struct nlattr *txq, *params; 4451 4452 msg = nlmsg_alloc(); 4453 if (!msg) 4454 return -1; 4455 4456 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4457 0, NL80211_CMD_SET_WIPHY, 0); 4458 4459 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 4460 4461 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS); 4462 if (!txq) 4463 goto nla_put_failure; 4464 4465 /* We are only sending parameters for a single TXQ at a time */ 4466 params = nla_nest_start(msg, 1); 4467 if (!params) 4468 goto nla_put_failure; 4469 4470 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, queue); 4471 /* Burst time is configured in units of 0.1 msec and TXOP parameter in 4472 * 32 usec, so need to convert the value here. */ 4473 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32); 4474 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min); 4475 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max); 4476 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs); 4477 4478 nla_nest_end(msg, params); 4479 4480 nla_nest_end(msg, txq); 4481 4482 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 4483 return 0; 4484 nla_put_failure: 4485 return -1; 4486 } 4487 4488 4489 static int i802_set_bss(void *priv, int cts, int preamble, int slot) 4490 { 4491 struct i802_bss *bss = priv; 4492 struct wpa_driver_nl80211_data *drv = bss->drv; 4493 struct nl_msg *msg; 4494 4495 msg = nlmsg_alloc(); 4496 if (!msg) 4497 return -ENOMEM; 4498 4499 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4500 NL80211_CMD_SET_BSS, 0); 4501 4502 if (cts >= 0) 4503 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts); 4504 if (preamble >= 0) 4505 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble); 4506 if (slot >= 0) 4507 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot); 4508 4509 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname)); 4510 4511 return send_and_recv_msgs(drv, msg, NULL, NULL); 4512 nla_put_failure: 4513 return -ENOBUFS; 4514 } 4515 4516 4517 static int i802_set_cts_protect(void *priv, int value) 4518 { 4519 return i802_set_bss(priv, value, -1, -1); 4520 } 4521 4522 4523 static int i802_set_preamble(void *priv, int value) 4524 { 4525 return i802_set_bss(priv, -1, value, -1); 4526 } 4527 4528 4529 static int i802_set_short_slot_time(void *priv, int value) 4530 { 4531 return i802_set_bss(priv, -1, -1, value); 4532 } 4533 4534 4535 static int i802_set_sta_vlan(void *priv, const u8 *addr, 4536 const char *ifname, int vlan_id) 4537 { 4538 struct i802_bss *bss = priv; 4539 struct wpa_driver_nl80211_data *drv = bss->drv; 4540 struct nl_msg *msg; 4541 int ret = -ENOBUFS; 4542 4543 msg = nlmsg_alloc(); 4544 if (!msg) 4545 return -ENOMEM; 4546 4547 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 4548 0, NL80211_CMD_SET_STATION, 0); 4549 4550 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, 4551 if_nametoindex(bss->ifname)); 4552 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 4553 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN, 4554 if_nametoindex(ifname)); 4555 4556 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 4557 if (ret < 0) { 4558 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr=" 4559 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)", 4560 MAC2STR(addr), ifname, vlan_id, ret, 4561 strerror(-ret)); 4562 } 4563 nla_put_failure: 4564 return ret; 4565 } 4566 4567 4568 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val) 4569 { 4570 struct i802_bss *bss = priv; 4571 struct wpa_driver_nl80211_data *drv = bss->drv; 4572 char name[IFNAMSIZ + 1]; 4573 4574 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid); 4575 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR 4576 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name); 4577 if (val) { 4578 if (nl80211_create_iface(drv, name, NL80211_IFTYPE_AP_VLAN, 4579 NULL, 1) < 0) 4580 return -1; 4581 linux_set_iface_flags(drv->ioctl_sock, name, 1); 4582 return i802_set_sta_vlan(priv, addr, name, 0); 4583 } else { 4584 i802_set_sta_vlan(priv, addr, bss->ifname, 0); 4585 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN, 4586 name); 4587 } 4588 } 4589 4590 4591 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx) 4592 { 4593 struct wpa_driver_nl80211_data *drv = eloop_ctx; 4594 struct sockaddr_ll lladdr; 4595 unsigned char buf[3000]; 4596 int len; 4597 socklen_t fromlen = sizeof(lladdr); 4598 4599 len = recvfrom(sock, buf, sizeof(buf), 0, 4600 (struct sockaddr *)&lladdr, &fromlen); 4601 if (len < 0) { 4602 perror("recv"); 4603 return; 4604 } 4605 4606 if (have_ifidx(drv, lladdr.sll_ifindex)) 4607 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len); 4608 } 4609 4610 4611 static int i802_get_inact_sec(void *priv, const u8 *addr) 4612 { 4613 struct hostap_sta_driver_data data; 4614 int ret; 4615 4616 data.inactive_msec = (unsigned long) -1; 4617 ret = i802_read_sta_data(priv, &data, addr); 4618 if (ret || data.inactive_msec == (unsigned long) -1) 4619 return -1; 4620 return data.inactive_msec / 1000; 4621 } 4622 4623 4624 static int i802_sta_clear_stats(void *priv, const u8 *addr) 4625 { 4626 #if 0 4627 /* TODO */ 4628 #endif 4629 return 0; 4630 } 4631 4632 4633 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, 4634 int reason) 4635 { 4636 struct i802_bss *bss = priv; 4637 struct ieee80211_mgmt mgmt; 4638 4639 memset(&mgmt, 0, sizeof(mgmt)); 4640 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 4641 WLAN_FC_STYPE_DEAUTH); 4642 memcpy(mgmt.da, addr, ETH_ALEN); 4643 memcpy(mgmt.sa, own_addr, ETH_ALEN); 4644 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 4645 mgmt.u.deauth.reason_code = host_to_le16(reason); 4646 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 4647 IEEE80211_HDRLEN + 4648 sizeof(mgmt.u.deauth)); 4649 } 4650 4651 4652 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr, 4653 int reason) 4654 { 4655 struct i802_bss *bss = priv; 4656 struct ieee80211_mgmt mgmt; 4657 4658 memset(&mgmt, 0, sizeof(mgmt)); 4659 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 4660 WLAN_FC_STYPE_DISASSOC); 4661 memcpy(mgmt.da, addr, ETH_ALEN); 4662 memcpy(mgmt.sa, own_addr, ETH_ALEN); 4663 memcpy(mgmt.bssid, own_addr, ETH_ALEN); 4664 mgmt.u.disassoc.reason_code = host_to_le16(reason); 4665 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt, 4666 IEEE80211_HDRLEN + 4667 sizeof(mgmt.u.disassoc)); 4668 } 4669 4670 4671 static int i802_check_bridge(struct wpa_driver_nl80211_data *drv, 4672 const char *brname, const char *ifname) 4673 { 4674 int ifindex; 4675 char in_br[IFNAMSIZ]; 4676 4677 os_strlcpy(drv->brname, brname, IFNAMSIZ); 4678 ifindex = if_nametoindex(brname); 4679 if (ifindex == 0) { 4680 /* 4681 * Bridge was configured, but the bridge device does 4682 * not exist. Try to add it now. 4683 */ 4684 if (linux_br_add(drv->ioctl_sock, brname) < 0) { 4685 wpa_printf(MSG_ERROR, "nl80211: Failed to add the " 4686 "bridge interface %s: %s", 4687 brname, strerror(errno)); 4688 return -1; 4689 } 4690 drv->added_bridge = 1; 4691 add_ifidx(drv, if_nametoindex(brname)); 4692 } 4693 4694 if (linux_br_get(in_br, ifname) == 0) { 4695 if (os_strcmp(in_br, brname) == 0) 4696 return 0; /* already in the bridge */ 4697 4698 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from " 4699 "bridge %s", ifname, in_br); 4700 if (linux_br_del_if(drv->ioctl_sock, in_br, ifname) < 0) { 4701 wpa_printf(MSG_ERROR, "nl80211: Failed to " 4702 "remove interface %s from bridge " 4703 "%s: %s", 4704 ifname, brname, strerror(errno)); 4705 return -1; 4706 } 4707 } 4708 4709 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s", 4710 ifname, brname); 4711 if (linux_br_add_if(drv->ioctl_sock, brname, ifname) < 0) { 4712 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s " 4713 "into bridge %s: %s", 4714 ifname, brname, strerror(errno)); 4715 return -1; 4716 } 4717 drv->added_if_into_bridge = 1; 4718 4719 return 0; 4720 } 4721 4722 4723 static void *i802_init(struct hostapd_data *hapd, 4724 struct wpa_init_params *params) 4725 { 4726 struct wpa_driver_nl80211_data *drv; 4727 struct i802_bss *bss; 4728 size_t i; 4729 char brname[IFNAMSIZ]; 4730 int ifindex, br_ifindex; 4731 int br_added = 0; 4732 4733 bss = wpa_driver_nl80211_init(hapd, params->ifname); 4734 if (bss == NULL) 4735 return NULL; 4736 4737 drv = bss->drv; 4738 if (linux_br_get(brname, params->ifname) == 0) { 4739 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s", 4740 params->ifname, brname); 4741 br_ifindex = if_nametoindex(brname); 4742 } else { 4743 brname[0] = '\0'; 4744 br_ifindex = 0; 4745 } 4746 4747 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int); 4748 drv->if_indices = drv->default_if_indices; 4749 for (i = 0; i < params->num_bridge; i++) { 4750 if (params->bridge[i]) { 4751 ifindex = if_nametoindex(params->bridge[i]); 4752 if (ifindex) 4753 add_ifidx(drv, ifindex); 4754 if (ifindex == br_ifindex) 4755 br_added = 1; 4756 } 4757 } 4758 if (!br_added && br_ifindex && 4759 (params->num_bridge == 0 || !params->bridge[0])) 4760 add_ifidx(drv, br_ifindex); 4761 4762 /* start listening for EAPOL on the default AP interface */ 4763 add_ifidx(drv, drv->ifindex); 4764 4765 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0)) 4766 goto failed; 4767 4768 if (params->bssid) { 4769 if (linux_set_ifhwaddr(drv->ioctl_sock, bss->ifname, 4770 params->bssid)) 4771 goto failed; 4772 } 4773 4774 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_AP)) { 4775 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s " 4776 "into AP mode", bss->ifname); 4777 goto failed; 4778 } 4779 4780 if (params->num_bridge && params->bridge[0] && 4781 i802_check_bridge(drv, params->bridge[0], params->ifname) < 0) 4782 goto failed; 4783 4784 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) 4785 goto failed; 4786 4787 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); 4788 if (drv->eapol_sock < 0) { 4789 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)"); 4790 goto failed; 4791 } 4792 4793 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL)) 4794 { 4795 printf("Could not register read socket for eapol\n"); 4796 goto failed; 4797 } 4798 4799 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, params->own_addr)) 4800 goto failed; 4801 4802 return bss; 4803 4804 failed: 4805 nl80211_remove_monitor_interface(drv); 4806 if (drv->ioctl_sock >= 0) 4807 close(drv->ioctl_sock); 4808 4809 genl_family_put(drv->nl80211); 4810 nl_cache_free(drv->nl_cache); 4811 nl_handle_destroy(drv->nl_handle); 4812 nl_cb_put(drv->nl_cb); 4813 4814 os_free(drv); 4815 return NULL; 4816 } 4817 4818 4819 static void i802_deinit(void *priv) 4820 { 4821 wpa_driver_nl80211_deinit(priv); 4822 } 4823 4824 #endif /* HOSTAPD */ 4825 4826 4827 static enum nl80211_iftype wpa_driver_nl80211_if_type( 4828 enum wpa_driver_if_type type) 4829 { 4830 switch (type) { 4831 case WPA_IF_STATION: 4832 return NL80211_IFTYPE_STATION; 4833 case WPA_IF_AP_VLAN: 4834 return NL80211_IFTYPE_AP_VLAN; 4835 case WPA_IF_AP_BSS: 4836 return NL80211_IFTYPE_AP; 4837 } 4838 return -1; 4839 } 4840 4841 4842 static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type, 4843 const char *ifname, const u8 *addr, 4844 void *bss_ctx, void **drv_priv, 4845 char *force_ifname, u8 *if_addr) 4846 { 4847 struct i802_bss *bss = priv; 4848 struct wpa_driver_nl80211_data *drv = bss->drv; 4849 int ifidx; 4850 #ifdef HOSTAPD 4851 struct i802_bss *new_bss = NULL; 4852 4853 if (type == WPA_IF_AP_BSS) { 4854 new_bss = os_zalloc(sizeof(*new_bss)); 4855 if (new_bss == NULL) 4856 return -1; 4857 } 4858 #endif /* HOSTAPD */ 4859 4860 if (addr) 4861 os_memcpy(if_addr, addr, ETH_ALEN); 4862 ifidx = nl80211_create_iface(drv, ifname, 4863 wpa_driver_nl80211_if_type(type), addr, 4864 0); 4865 if (ifidx < 0) { 4866 #ifdef HOSTAPD 4867 os_free(new_bss); 4868 #endif /* HOSTAPD */ 4869 return -1; 4870 } 4871 4872 if (!addr && 4873 linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, if_addr) < 0) 4874 return -1; 4875 4876 #ifdef HOSTAPD 4877 if (type == WPA_IF_AP_BSS) { 4878 if (linux_set_iface_flags(drv->ioctl_sock, ifname, 1)) { 4879 nl80211_remove_iface(drv, ifidx); 4880 os_free(new_bss); 4881 return -1; 4882 } 4883 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ); 4884 new_bss->ifindex = ifidx; 4885 new_bss->drv = drv; 4886 new_bss->next = drv->first_bss.next; 4887 drv->first_bss.next = new_bss; 4888 if (drv_priv) 4889 *drv_priv = new_bss; 4890 } 4891 #endif /* HOSTAPD */ 4892 4893 return 0; 4894 } 4895 4896 4897 static int wpa_driver_nl80211_if_remove(void *priv, 4898 enum wpa_driver_if_type type, 4899 const char *ifname) 4900 { 4901 struct i802_bss *bss = priv; 4902 struct wpa_driver_nl80211_data *drv = bss->drv; 4903 int ifindex = if_nametoindex(ifname); 4904 4905 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d", 4906 __func__, type, ifname, ifindex); 4907 if (ifindex <= 0) 4908 return -1; 4909 nl80211_remove_iface(drv, ifindex); 4910 4911 #ifdef HOSTAPD 4912 if (type != WPA_IF_AP_BSS) 4913 return 0; 4914 4915 if (bss != &drv->first_bss) { 4916 struct i802_bss *tbss = &drv->first_bss; 4917 4918 while (tbss) { 4919 if (tbss->next != bss) 4920 continue; 4921 4922 tbss->next = bss->next; 4923 os_free(bss); 4924 break; 4925 } 4926 } 4927 #endif /* HOSTAPD */ 4928 4929 return 0; 4930 } 4931 4932 4933 static int cookie_handler(struct nl_msg *msg, void *arg) 4934 { 4935 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 4936 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 4937 u64 *cookie = arg; 4938 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 4939 genlmsg_attrlen(gnlh, 0), NULL); 4940 if (tb[NL80211_ATTR_COOKIE]) 4941 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 4942 return NL_SKIP; 4943 } 4944 4945 4946 static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq, 4947 const u8 *dst, const u8 *src, 4948 const u8 *bssid, 4949 const u8 *data, size_t data_len) 4950 { 4951 struct i802_bss *bss = priv; 4952 struct wpa_driver_nl80211_data *drv = bss->drv; 4953 int ret = -1; 4954 struct nl_msg *msg; 4955 u8 *buf; 4956 struct ieee80211_hdr *hdr; 4957 u64 cookie; 4958 4959 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d)", 4960 drv->ifindex); 4961 4962 buf = os_zalloc(24 + data_len); 4963 if (buf == NULL) 4964 return ret; 4965 os_memcpy(buf + 24, data, data_len); 4966 hdr = (struct ieee80211_hdr *) buf; 4967 hdr->frame_control = 4968 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); 4969 os_memcpy(hdr->addr1, dst, ETH_ALEN); 4970 os_memcpy(hdr->addr2, src, ETH_ALEN); 4971 os_memcpy(hdr->addr3, bssid, ETH_ALEN); 4972 4973 if (drv->nlmode == NL80211_IFTYPE_AP) { 4974 ret = wpa_driver_nl80211_send_mlme(priv, buf, 24 + data_len); 4975 os_free(buf); 4976 return ret; 4977 } 4978 4979 msg = nlmsg_alloc(); 4980 if (!msg) { 4981 os_free(buf); 4982 return -1; 4983 } 4984 4985 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 4986 NL80211_CMD_ACTION, 0); 4987 4988 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 4989 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 4990 NLA_PUT(msg, NL80211_ATTR_FRAME, 24 + data_len, buf); 4991 os_free(buf); 4992 buf = NULL; 4993 4994 cookie = 0; 4995 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 4996 msg = NULL; 4997 if (ret) { 4998 wpa_printf(MSG_DEBUG, "nl80211: Action command failed: ret=%d " 4999 "(%s)", ret, strerror(-ret)); 5000 goto nla_put_failure; 5001 } 5002 wpa_printf(MSG_DEBUG, "nl80211: Action TX command accepted; " 5003 "cookie 0x%llx", (long long unsigned int) cookie); 5004 drv->send_action_cookie = cookie; 5005 drv->pending_send_action = 1; 5006 ret = 0; 5007 5008 nla_put_failure: 5009 os_free(buf); 5010 nlmsg_free(msg); 5011 return ret; 5012 } 5013 5014 5015 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq, 5016 unsigned int duration) 5017 { 5018 struct i802_bss *bss = priv; 5019 struct wpa_driver_nl80211_data *drv = bss->drv; 5020 struct nl_msg *msg; 5021 int ret; 5022 u64 cookie; 5023 5024 msg = nlmsg_alloc(); 5025 if (!msg) 5026 return -1; 5027 5028 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 5029 NL80211_CMD_REMAIN_ON_CHANNEL, 0); 5030 5031 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5032 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 5033 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 5034 5035 cookie = 0; 5036 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie); 5037 if (ret == 0) { 5038 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie " 5039 "0x%llx for freq=%u MHz duration=%u", 5040 (long long unsigned int) cookie, freq, duration); 5041 drv->remain_on_chan_cookie = cookie; 5042 return 0; 5043 } 5044 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel " 5045 "(freq=%d): %d (%s)", freq, ret, strerror(-ret)); 5046 nla_put_failure: 5047 return -1; 5048 } 5049 5050 5051 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv) 5052 { 5053 struct i802_bss *bss = priv; 5054 struct wpa_driver_nl80211_data *drv = bss->drv; 5055 struct nl_msg *msg; 5056 int ret; 5057 5058 if (!drv->pending_remain_on_chan) { 5059 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel " 5060 "to cancel"); 5061 return -1; 5062 } 5063 5064 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie " 5065 "0x%llx", 5066 (long long unsigned int) drv->remain_on_chan_cookie); 5067 5068 msg = nlmsg_alloc(); 5069 if (!msg) 5070 return -1; 5071 5072 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 5073 NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 0); 5074 5075 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 5076 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie); 5077 5078 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5079 if (ret == 0) 5080 return 0; 5081 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: " 5082 "%d (%s)", ret, strerror(-ret)); 5083 nla_put_failure: 5084 return -1; 5085 } 5086 5087 5088 static void wpa_driver_nl80211_probe_req_report_timeout(void *eloop_ctx, 5089 void *timeout_ctx) 5090 { 5091 struct wpa_driver_nl80211_data *drv = eloop_ctx; 5092 if (drv->monitor_ifidx < 0) 5093 return; /* monitor interface already removed */ 5094 5095 if (drv->nlmode != NL80211_IFTYPE_STATION) 5096 return; /* not in station mode anymore */ 5097 5098 if (drv->probe_req_report) 5099 return; /* reporting enabled */ 5100 5101 wpa_printf(MSG_DEBUG, "nl80211: Remove monitor interface due to no " 5102 "Probe Request reporting needed anymore"); 5103 nl80211_remove_monitor_interface(drv); 5104 } 5105 5106 5107 static int wpa_driver_nl80211_probe_req_report(void *priv, int report) 5108 { 5109 struct i802_bss *bss = priv; 5110 struct wpa_driver_nl80211_data *drv = bss->drv; 5111 5112 if (drv->nlmode != NL80211_IFTYPE_STATION) { 5113 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only " 5114 "allowed in station mode (iftype=%d)", 5115 drv->nlmode); 5116 return -1; 5117 } 5118 drv->probe_req_report = report; 5119 5120 if (report) { 5121 eloop_cancel_timeout( 5122 wpa_driver_nl80211_probe_req_report_timeout, 5123 drv, NULL); 5124 if (drv->monitor_ifidx < 0 && 5125 nl80211_create_monitor_interface(drv)) 5126 return -1; 5127 } else { 5128 /* 5129 * It takes a while to remove the monitor interface, so try to 5130 * avoid doing this if it is needed again shortly. Instead, 5131 * schedule the interface to be removed later if no need for it 5132 * is seen. 5133 */ 5134 wpa_printf(MSG_DEBUG, "nl80211: Scheduling monitor interface " 5135 "to be removed after 10 seconds of no use"); 5136 eloop_register_timeout( 5137 10, 0, wpa_driver_nl80211_probe_req_report_timeout, 5138 drv, NULL); 5139 } 5140 5141 return 0; 5142 } 5143 5144 5145 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 5146 int ifindex, int disabled) 5147 { 5148 struct nl_msg *msg; 5149 struct nlattr *bands, *band; 5150 int ret; 5151 5152 msg = nlmsg_alloc(); 5153 if (!msg) 5154 return -1; 5155 5156 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, 5157 NL80211_CMD_SET_TX_BITRATE_MASK, 0); 5158 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex); 5159 5160 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES); 5161 if (!bands) 5162 goto nla_put_failure; 5163 5164 /* 5165 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything 5166 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS 5167 * rates. All 5 GHz rates are left enabled. 5168 */ 5169 band = nla_nest_start(msg, NL80211_BAND_2GHZ); 5170 if (!band) 5171 goto nla_put_failure; 5172 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8, 5173 "\x0c\x12\x18\x24\x30\x48\x60\x6c"); 5174 nla_nest_end(msg, band); 5175 5176 nla_nest_end(msg, bands); 5177 5178 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 5179 msg = NULL; 5180 if (ret) { 5181 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d " 5182 "(%s)", ret, strerror(-ret)); 5183 } 5184 5185 return ret; 5186 5187 nla_put_failure: 5188 nlmsg_free(msg); 5189 return -1; 5190 } 5191 5192 5193 static int wpa_driver_nl80211_disable_11b_rates(void *priv, int disabled) 5194 { 5195 struct i802_bss *bss = priv; 5196 struct wpa_driver_nl80211_data *drv = bss->drv; 5197 drv->disable_11b_rates = disabled; 5198 return nl80211_disable_11b_rates(drv, drv->ifindex, disabled); 5199 } 5200 5201 5202 static int wpa_driver_nl80211_deinit_ap(void *priv) 5203 { 5204 struct i802_bss *bss = priv; 5205 struct wpa_driver_nl80211_data *drv = bss->drv; 5206 if (drv->nlmode != NL80211_IFTYPE_AP) 5207 return -1; 5208 wpa_driver_nl80211_del_beacon(drv); 5209 return wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA); 5210 } 5211 5212 5213 static void wpa_driver_nl80211_resume(void *priv) 5214 { 5215 struct i802_bss *bss = priv; 5216 struct wpa_driver_nl80211_data *drv = bss->drv; 5217 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) { 5218 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on " 5219 "resume event"); 5220 } 5221 } 5222 5223 5224 static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap, 5225 const u8 *ies, size_t ies_len) 5226 { 5227 struct i802_bss *bss = priv; 5228 struct wpa_driver_nl80211_data *drv = bss->drv; 5229 int ret; 5230 u8 *data, *pos; 5231 size_t data_len; 5232 u8 own_addr[ETH_ALEN]; 5233 5234 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) < 0) 5235 return -1; 5236 5237 if (action != 1) { 5238 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action " 5239 "action %d", action); 5240 return -1; 5241 } 5242 5243 /* 5244 * Action frame payload: 5245 * Category[1] = 6 (Fast BSS Transition) 5246 * Action[1] = 1 (Fast BSS Transition Request) 5247 * STA Address 5248 * Target AP Address 5249 * FT IEs 5250 */ 5251 5252 data_len = 2 + 2 * ETH_ALEN + ies_len; 5253 data = os_malloc(data_len); 5254 if (data == NULL) 5255 return -1; 5256 pos = data; 5257 *pos++ = 0x06; /* FT Action category */ 5258 *pos++ = action; 5259 os_memcpy(pos, own_addr, ETH_ALEN); 5260 pos += ETH_ALEN; 5261 os_memcpy(pos, target_ap, ETH_ALEN); 5262 pos += ETH_ALEN; 5263 os_memcpy(pos, ies, ies_len); 5264 5265 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, drv->bssid, 5266 own_addr, drv->bssid, 5267 data, data_len); 5268 os_free(data); 5269 5270 return ret; 5271 } 5272 5273 5274 static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis) 5275 { 5276 struct i802_bss *bss = priv; 5277 struct wpa_driver_nl80211_data *drv = bss->drv; 5278 struct nl_msg *msg, *cqm = NULL; 5279 5280 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d " 5281 "hysteresis=%d", threshold, hysteresis); 5282 5283 msg = nlmsg_alloc(); 5284 if (!msg) 5285 return -1; 5286 5287 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 5288 0, NL80211_CMD_SET_CQM, 0); 5289 5290 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 5291 5292 cqm = nlmsg_alloc(); 5293 if (cqm == NULL) 5294 return -1; 5295 5296 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold); 5297 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis); 5298 nla_put_nested(msg, NL80211_ATTR_CQM, cqm); 5299 5300 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0) 5301 return 0; 5302 msg = NULL; 5303 5304 nla_put_failure: 5305 if (cqm) 5306 nlmsg_free(cqm); 5307 nlmsg_free(msg); 5308 return -1; 5309 } 5310 5311 5312 static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len, 5313 int encrypt) 5314 { 5315 struct i802_bss *bss = priv; 5316 struct wpa_driver_nl80211_data *drv = bss->drv; 5317 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt); 5318 } 5319 5320 5321 const struct wpa_driver_ops wpa_driver_nl80211_ops = { 5322 .name = "nl80211", 5323 .desc = "Linux nl80211/cfg80211", 5324 .get_bssid = wpa_driver_nl80211_get_bssid, 5325 .get_ssid = wpa_driver_nl80211_get_ssid, 5326 .set_key = wpa_driver_nl80211_set_key, 5327 .scan2 = wpa_driver_nl80211_scan, 5328 .get_scan_results2 = wpa_driver_nl80211_get_scan_results, 5329 .deauthenticate = wpa_driver_nl80211_deauthenticate, 5330 .disassociate = wpa_driver_nl80211_disassociate, 5331 .authenticate = wpa_driver_nl80211_authenticate, 5332 .associate = wpa_driver_nl80211_associate, 5333 .init = wpa_driver_nl80211_init, 5334 .deinit = wpa_driver_nl80211_deinit, 5335 .get_capa = wpa_driver_nl80211_get_capa, 5336 .set_operstate = wpa_driver_nl80211_set_operstate, 5337 .set_supp_port = wpa_driver_nl80211_set_supp_port, 5338 .set_country = wpa_driver_nl80211_set_country, 5339 .set_beacon = wpa_driver_nl80211_set_beacon, 5340 .if_add = wpa_driver_nl80211_if_add, 5341 .if_remove = wpa_driver_nl80211_if_remove, 5342 .send_mlme = wpa_driver_nl80211_send_mlme, 5343 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data, 5344 .sta_add = wpa_driver_nl80211_sta_add, 5345 .sta_remove = wpa_driver_nl80211_sta_remove, 5346 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol, 5347 .sta_set_flags = wpa_driver_nl80211_sta_set_flags, 5348 #ifdef HOSTAPD 5349 .hapd_init = i802_init, 5350 .hapd_deinit = i802_deinit, 5351 .get_seqnum = i802_get_seqnum, 5352 .flush = i802_flush, 5353 .read_sta_data = i802_read_sta_data, 5354 .sta_deauth = i802_sta_deauth, 5355 .sta_disassoc = i802_sta_disassoc, 5356 .get_inact_sec = i802_get_inact_sec, 5357 .sta_clear_stats = i802_sta_clear_stats, 5358 .set_rts = i802_set_rts, 5359 .set_frag = i802_set_frag, 5360 .set_rate_sets = i802_set_rate_sets, 5361 .set_cts_protect = i802_set_cts_protect, 5362 .set_preamble = i802_set_preamble, 5363 .set_short_slot_time = i802_set_short_slot_time, 5364 .set_tx_queue_params = i802_set_tx_queue_params, 5365 .set_sta_vlan = i802_set_sta_vlan, 5366 .set_wds_sta = i802_set_wds_sta, 5367 #endif /* HOSTAPD */ 5368 .set_freq = i802_set_freq, 5369 .send_action = wpa_driver_nl80211_send_action, 5370 .remain_on_channel = wpa_driver_nl80211_remain_on_channel, 5371 .cancel_remain_on_channel = 5372 wpa_driver_nl80211_cancel_remain_on_channel, 5373 .probe_req_report = wpa_driver_nl80211_probe_req_report, 5374 .disable_11b_rates = wpa_driver_nl80211_disable_11b_rates, 5375 .deinit_ap = wpa_driver_nl80211_deinit_ap, 5376 .resume = wpa_driver_nl80211_resume, 5377 .send_ft_action = nl80211_send_ft_action, 5378 .signal_monitor = nl80211_signal_monitor, 5379 .send_frame = nl80211_send_frame, 5380 }; 5381