1 /*
2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009-2010, Atheros Communications
8 *
9 * This software may be distributed under the terms of the BSD license.
10 * See README for more details.
11 */
12
13 #include "includes.h"
14 #include <sys/ioctl.h>
15 #include <sys/types.h>
16 #include <sys/stat.h>
17 #include <fcntl.h>
18 #include <net/if.h>
19 #include <netlink/genl/genl.h>
20 #include <netlink/genl/family.h>
21 #include <netlink/genl/ctrl.h>
22 #include <linux/rtnetlink.h>
23 #include <netpacket/packet.h>
24 #include <linux/filter.h>
25 #include <linux/errqueue.h>
26 #include "nl80211_copy.h"
27
28 #include "common.h"
29 #include "eloop.h"
30 #include "utils/list.h"
31 #include "common/ieee802_11_defs.h"
32 #include "common/ieee802_11_common.h"
33 #include "l2_packet/l2_packet.h"
34 #include "netlink.h"
35 #include "linux_ioctl.h"
36 #include "radiotap.h"
37 #include "radiotap_iter.h"
38 #include "rfkill.h"
39 #include "driver.h"
40
41 #ifndef SO_WIFI_STATUS
42 # if defined(__sparc__)
43 # define SO_WIFI_STATUS 0x0025
44 # elif defined(__parisc__)
45 # define SO_WIFI_STATUS 0x4022
46 # else
47 # define SO_WIFI_STATUS 41
48 # endif
49
50 # define SCM_WIFI_STATUS SO_WIFI_STATUS
51 #endif
52
53 #ifndef SO_EE_ORIGIN_TXSTATUS
54 #define SO_EE_ORIGIN_TXSTATUS 4
55 #endif
56
57 #ifndef PACKET_TX_TIMESTAMP
58 #define PACKET_TX_TIMESTAMP 16
59 #endif
60
61 #ifdef ANDROID
62 #include "android_drv.h"
63 #endif /* ANDROID */
64 #ifdef CONFIG_LIBNL20
65 /* libnl 2.0 compatibility code */
66 #define nl_handle nl_sock
67 #define nl80211_handle_alloc nl_socket_alloc_cb
68 #define nl80211_handle_destroy nl_socket_free
69 #else
70 /*
71 * libnl 1.1 has a bug, it tries to allocate socket numbers densely
72 * but when you free a socket again it will mess up its bitmap and
73 * and use the wrong number the next time it needs a socket ID.
74 * Therefore, we wrap the handle alloc/destroy and add our own pid
75 * accounting.
76 */
77 static uint32_t port_bitmap[32] = { 0 };
78
nl80211_handle_alloc(void * cb)79 static struct nl_handle *nl80211_handle_alloc(void *cb)
80 {
81 struct nl_handle *handle;
82 uint32_t pid = getpid() & 0x3FFFFF;
83 int i;
84
85 handle = nl_handle_alloc_cb(cb);
86
87 for (i = 0; i < 1024; i++) {
88 if (port_bitmap[i / 32] & (1 << (i % 32)))
89 continue;
90 port_bitmap[i / 32] |= 1 << (i % 32);
91 pid += i << 22;
92 break;
93 }
94
95 nl_socket_set_local_port(handle, pid);
96
97 return handle;
98 }
99
nl80211_handle_destroy(struct nl_handle * handle)100 static void nl80211_handle_destroy(struct nl_handle *handle)
101 {
102 uint32_t port = nl_socket_get_local_port(handle);
103
104 port >>= 22;
105 port_bitmap[port / 32] &= ~(1 << (port % 32));
106
107 nl_handle_destroy(handle);
108 }
109 #endif /* CONFIG_LIBNL20 */
110
111
nl_create_handle(struct nl_cb * cb,const char * dbg)112 static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg)
113 {
114 struct nl_handle *handle;
115
116 handle = nl80211_handle_alloc(cb);
117 if (handle == NULL) {
118 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
119 "callbacks (%s)", dbg);
120 return NULL;
121 }
122
123 if (genl_connect(handle)) {
124 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
125 "netlink (%s)", dbg);
126 nl80211_handle_destroy(handle);
127 return NULL;
128 }
129
130 return handle;
131 }
132
133
nl_destroy_handles(struct nl_handle ** handle)134 static void nl_destroy_handles(struct nl_handle **handle)
135 {
136 if (*handle == NULL)
137 return;
138 nl80211_handle_destroy(*handle);
139 *handle = NULL;
140 }
141
142
143 #ifndef IFF_LOWER_UP
144 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
145 #endif
146 #ifndef IFF_DORMANT
147 #define IFF_DORMANT 0x20000 /* driver signals dormant */
148 #endif
149
150 #ifndef IF_OPER_DORMANT
151 #define IF_OPER_DORMANT 5
152 #endif
153 #ifndef IF_OPER_UP
154 #define IF_OPER_UP 6
155 #endif
156
157 struct nl80211_global {
158 struct dl_list interfaces;
159 int if_add_ifindex;
160 u64 if_add_wdevid;
161 int if_add_wdevid_set;
162 struct netlink_data *netlink;
163 struct nl_cb *nl_cb;
164 struct nl_handle *nl;
165 int nl80211_id;
166 int ioctl_sock; /* socket for ioctl() use */
167
168 struct nl_handle *nl_event;
169 };
170
171 struct nl80211_wiphy_data {
172 struct dl_list list;
173 struct dl_list bsss;
174 struct dl_list drvs;
175
176 struct nl_handle *nl_beacons;
177 struct nl_cb *nl_cb;
178
179 int wiphy_idx;
180 };
181
182 static void nl80211_global_deinit(void *priv);
183
184 struct i802_bss {
185 struct wpa_driver_nl80211_data *drv;
186 struct i802_bss *next;
187 int ifindex;
188 u64 wdev_id;
189 char ifname[IFNAMSIZ + 1];
190 char brname[IFNAMSIZ];
191 unsigned int beacon_set:1;
192 unsigned int added_if_into_bridge:1;
193 unsigned int added_bridge:1;
194 unsigned int in_deinit:1;
195 unsigned int wdev_id_set:1;
196
197 u8 addr[ETH_ALEN];
198
199 int freq;
200 int if_dynamic;
201
202 void *ctx;
203 struct nl_handle *nl_preq, *nl_mgmt;
204 struct nl_cb *nl_cb;
205
206 struct nl80211_wiphy_data *wiphy_data;
207 struct dl_list wiphy_list;
208 };
209
210 struct wpa_driver_nl80211_data {
211 struct nl80211_global *global;
212 struct dl_list list;
213 struct dl_list wiphy_list;
214 char phyname[32];
215 void *ctx;
216 int ifindex;
217 int if_removed;
218 int if_disabled;
219 int ignore_if_down_event;
220 struct rfkill_data *rfkill;
221 struct wpa_driver_capa capa;
222 u8 *extended_capa, *extended_capa_mask;
223 unsigned int extended_capa_len;
224 int has_capability;
225
226 int operstate;
227
228 int scan_complete_events;
229
230 struct nl_cb *nl_cb;
231
232 u8 auth_bssid[ETH_ALEN];
233 u8 auth_attempt_bssid[ETH_ALEN];
234 u8 bssid[ETH_ALEN];
235 u8 prev_bssid[ETH_ALEN];
236 int associated;
237 u8 ssid[32];
238 size_t ssid_len;
239 enum nl80211_iftype nlmode;
240 enum nl80211_iftype ap_scan_as_station;
241 unsigned int assoc_freq;
242
243 int monitor_sock;
244 int monitor_ifidx;
245 int monitor_refcount;
246
247 unsigned int disabled_11b_rates:1;
248 unsigned int pending_remain_on_chan:1;
249 unsigned int in_interface_list:1;
250 unsigned int device_ap_sme:1;
251 unsigned int poll_command_supported:1;
252 unsigned int data_tx_status:1;
253 unsigned int scan_for_auth:1;
254 unsigned int retry_auth:1;
255 unsigned int use_monitor:1;
256 unsigned int ignore_next_local_disconnect:1;
257 unsigned int allow_p2p_device:1;
258
259 u64 remain_on_chan_cookie;
260 u64 send_action_cookie;
261
262 unsigned int last_mgmt_freq;
263
264 struct wpa_driver_scan_filter *filter_ssids;
265 size_t num_filter_ssids;
266
267 struct i802_bss first_bss;
268
269 int eapol_tx_sock;
270
271 #ifdef HOSTAPD
272 int eapol_sock; /* socket for EAPOL frames */
273
274 int default_if_indices[16];
275 int *if_indices;
276 int num_if_indices;
277
278 int last_freq;
279 int last_freq_ht;
280 #endif /* HOSTAPD */
281
282 /* From failed authentication command */
283 int auth_freq;
284 u8 auth_bssid_[ETH_ALEN];
285 u8 auth_ssid[32];
286 size_t auth_ssid_len;
287 int auth_alg;
288 u8 *auth_ie;
289 size_t auth_ie_len;
290 u8 auth_wep_key[4][16];
291 size_t auth_wep_key_len[4];
292 int auth_wep_tx_keyidx;
293 int auth_local_state_change;
294 int auth_p2p;
295 };
296
297
298 static void wpa_driver_nl80211_deinit(struct i802_bss *bss);
299 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
300 void *timeout_ctx);
301 static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
302 enum nl80211_iftype nlmode);
303 static int
304 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
305 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
306 const u8 *addr, int cmd, u16 reason_code,
307 int local_state_change);
308 static void nl80211_remove_monitor_interface(
309 struct wpa_driver_nl80211_data *drv);
310 static int nl80211_send_frame_cmd(struct i802_bss *bss,
311 unsigned int freq, unsigned int wait,
312 const u8 *buf, size_t buf_len, u64 *cookie,
313 int no_cck, int no_ack, int offchanok);
314 static int nl80211_register_frame(struct i802_bss *bss,
315 struct nl_handle *hl_handle,
316 u16 type, const u8 *match, size_t match_len);
317 static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss,
318 int report);
319 #ifdef ANDROID
320 static int android_pno_start(struct i802_bss *bss,
321 struct wpa_driver_scan_params *params);
322 static int android_pno_stop(struct i802_bss *bss);
323 #endif /* ANDROID */
324 #ifdef ANDROID_P2P
325 int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration);
326 int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len);
327 int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow);
328 int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon,
329 const struct wpabuf *proberesp,
330 const struct wpabuf *assocresp);
331
332 #endif
333 #ifdef HOSTAPD
334 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
335 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
336 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
337 static int wpa_driver_nl80211_if_remove(struct i802_bss *bss,
338 enum wpa_driver_if_type type,
339 const char *ifname);
340 #else /* HOSTAPD */
add_ifidx(struct wpa_driver_nl80211_data * drv,int ifidx)341 static inline void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
342 {
343 }
344
del_ifidx(struct wpa_driver_nl80211_data * drv,int ifidx)345 static inline void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
346 {
347 }
348
have_ifidx(struct wpa_driver_nl80211_data * drv,int ifidx)349 static inline int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
350 {
351 return 0;
352 }
353 #endif /* HOSTAPD */
354 #ifdef ANDROID
355 extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf,
356 size_t buf_len);
357 #endif
358
359 static int wpa_driver_nl80211_set_freq(struct i802_bss *bss,
360 struct hostapd_freq_params *freq);
361 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
362 int ifindex, int disabled);
363
364 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv);
365 static int wpa_driver_nl80211_authenticate_retry(
366 struct wpa_driver_nl80211_data *drv);
367
368 static int i802_set_iface_flags(struct i802_bss *bss, int up);
369
370
nl80211_command_to_string(enum nl80211_commands cmd)371 static const char * nl80211_command_to_string(enum nl80211_commands cmd)
372 {
373 #define C2S(x) case x: return #x;
374 switch (cmd) {
375 C2S(NL80211_CMD_UNSPEC)
376 C2S(NL80211_CMD_GET_WIPHY)
377 C2S(NL80211_CMD_SET_WIPHY)
378 C2S(NL80211_CMD_NEW_WIPHY)
379 C2S(NL80211_CMD_DEL_WIPHY)
380 C2S(NL80211_CMD_GET_INTERFACE)
381 C2S(NL80211_CMD_SET_INTERFACE)
382 C2S(NL80211_CMD_NEW_INTERFACE)
383 C2S(NL80211_CMD_DEL_INTERFACE)
384 C2S(NL80211_CMD_GET_KEY)
385 C2S(NL80211_CMD_SET_KEY)
386 C2S(NL80211_CMD_NEW_KEY)
387 C2S(NL80211_CMD_DEL_KEY)
388 C2S(NL80211_CMD_GET_BEACON)
389 C2S(NL80211_CMD_SET_BEACON)
390 C2S(NL80211_CMD_START_AP)
391 C2S(NL80211_CMD_STOP_AP)
392 C2S(NL80211_CMD_GET_STATION)
393 C2S(NL80211_CMD_SET_STATION)
394 C2S(NL80211_CMD_NEW_STATION)
395 C2S(NL80211_CMD_DEL_STATION)
396 C2S(NL80211_CMD_GET_MPATH)
397 C2S(NL80211_CMD_SET_MPATH)
398 C2S(NL80211_CMD_NEW_MPATH)
399 C2S(NL80211_CMD_DEL_MPATH)
400 C2S(NL80211_CMD_SET_BSS)
401 C2S(NL80211_CMD_SET_REG)
402 C2S(NL80211_CMD_REQ_SET_REG)
403 C2S(NL80211_CMD_GET_MESH_CONFIG)
404 C2S(NL80211_CMD_SET_MESH_CONFIG)
405 C2S(NL80211_CMD_SET_MGMT_EXTRA_IE)
406 C2S(NL80211_CMD_GET_REG)
407 C2S(NL80211_CMD_GET_SCAN)
408 C2S(NL80211_CMD_TRIGGER_SCAN)
409 C2S(NL80211_CMD_NEW_SCAN_RESULTS)
410 C2S(NL80211_CMD_SCAN_ABORTED)
411 C2S(NL80211_CMD_REG_CHANGE)
412 C2S(NL80211_CMD_AUTHENTICATE)
413 C2S(NL80211_CMD_ASSOCIATE)
414 C2S(NL80211_CMD_DEAUTHENTICATE)
415 C2S(NL80211_CMD_DISASSOCIATE)
416 C2S(NL80211_CMD_MICHAEL_MIC_FAILURE)
417 C2S(NL80211_CMD_REG_BEACON_HINT)
418 C2S(NL80211_CMD_JOIN_IBSS)
419 C2S(NL80211_CMD_LEAVE_IBSS)
420 C2S(NL80211_CMD_TESTMODE)
421 C2S(NL80211_CMD_CONNECT)
422 C2S(NL80211_CMD_ROAM)
423 C2S(NL80211_CMD_DISCONNECT)
424 C2S(NL80211_CMD_SET_WIPHY_NETNS)
425 C2S(NL80211_CMD_GET_SURVEY)
426 C2S(NL80211_CMD_NEW_SURVEY_RESULTS)
427 C2S(NL80211_CMD_SET_PMKSA)
428 C2S(NL80211_CMD_DEL_PMKSA)
429 C2S(NL80211_CMD_FLUSH_PMKSA)
430 C2S(NL80211_CMD_REMAIN_ON_CHANNEL)
431 C2S(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL)
432 C2S(NL80211_CMD_SET_TX_BITRATE_MASK)
433 C2S(NL80211_CMD_REGISTER_FRAME)
434 C2S(NL80211_CMD_FRAME)
435 C2S(NL80211_CMD_FRAME_TX_STATUS)
436 C2S(NL80211_CMD_SET_POWER_SAVE)
437 C2S(NL80211_CMD_GET_POWER_SAVE)
438 C2S(NL80211_CMD_SET_CQM)
439 C2S(NL80211_CMD_NOTIFY_CQM)
440 C2S(NL80211_CMD_SET_CHANNEL)
441 C2S(NL80211_CMD_SET_WDS_PEER)
442 C2S(NL80211_CMD_FRAME_WAIT_CANCEL)
443 C2S(NL80211_CMD_JOIN_MESH)
444 C2S(NL80211_CMD_LEAVE_MESH)
445 C2S(NL80211_CMD_UNPROT_DEAUTHENTICATE)
446 C2S(NL80211_CMD_UNPROT_DISASSOCIATE)
447 C2S(NL80211_CMD_NEW_PEER_CANDIDATE)
448 C2S(NL80211_CMD_GET_WOWLAN)
449 C2S(NL80211_CMD_SET_WOWLAN)
450 C2S(NL80211_CMD_START_SCHED_SCAN)
451 C2S(NL80211_CMD_STOP_SCHED_SCAN)
452 C2S(NL80211_CMD_SCHED_SCAN_RESULTS)
453 C2S(NL80211_CMD_SCHED_SCAN_STOPPED)
454 C2S(NL80211_CMD_SET_REKEY_OFFLOAD)
455 C2S(NL80211_CMD_PMKSA_CANDIDATE)
456 C2S(NL80211_CMD_TDLS_OPER)
457 C2S(NL80211_CMD_TDLS_MGMT)
458 C2S(NL80211_CMD_UNEXPECTED_FRAME)
459 C2S(NL80211_CMD_PROBE_CLIENT)
460 C2S(NL80211_CMD_REGISTER_BEACONS)
461 C2S(NL80211_CMD_UNEXPECTED_4ADDR_FRAME)
462 C2S(NL80211_CMD_SET_NOACK_MAP)
463 C2S(NL80211_CMD_CH_SWITCH_NOTIFY)
464 C2S(NL80211_CMD_START_P2P_DEVICE)
465 C2S(NL80211_CMD_STOP_P2P_DEVICE)
466 C2S(NL80211_CMD_CONN_FAILED)
467 C2S(NL80211_CMD_SET_MCAST_RATE)
468 C2S(NL80211_CMD_SET_MAC_ACL)
469 C2S(NL80211_CMD_RADAR_DETECT)
470 C2S(NL80211_CMD_GET_PROTOCOL_FEATURES)
471 C2S(NL80211_CMD_UPDATE_FT_IES)
472 C2S(NL80211_CMD_FT_EVENT)
473 C2S(NL80211_CMD_CRIT_PROTOCOL_START)
474 C2S(NL80211_CMD_CRIT_PROTOCOL_STOP)
475 default:
476 return "NL80211_CMD_UNKNOWN";
477 }
478 #undef C2S
479 }
480
481
is_ap_interface(enum nl80211_iftype nlmode)482 static int is_ap_interface(enum nl80211_iftype nlmode)
483 {
484 return (nlmode == NL80211_IFTYPE_AP ||
485 nlmode == NL80211_IFTYPE_P2P_GO);
486 }
487
488
is_sta_interface(enum nl80211_iftype nlmode)489 static int is_sta_interface(enum nl80211_iftype nlmode)
490 {
491 return (nlmode == NL80211_IFTYPE_STATION ||
492 nlmode == NL80211_IFTYPE_P2P_CLIENT);
493 }
494
495
is_p2p_net_interface(enum nl80211_iftype nlmode)496 static int is_p2p_net_interface(enum nl80211_iftype nlmode)
497 {
498 return (nlmode == NL80211_IFTYPE_P2P_CLIENT ||
499 nlmode == NL80211_IFTYPE_P2P_GO);
500 }
501
502
nl80211_mark_disconnected(struct wpa_driver_nl80211_data * drv)503 static void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv)
504 {
505 if (drv->associated)
506 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN);
507 drv->associated = 0;
508 os_memset(drv->bssid, 0, ETH_ALEN);
509 }
510
511
512 struct nl80211_bss_info_arg {
513 struct wpa_driver_nl80211_data *drv;
514 struct wpa_scan_results *res;
515 unsigned int assoc_freq;
516 u8 assoc_bssid[ETH_ALEN];
517 };
518
519 static int bss_info_handler(struct nl_msg *msg, void *arg);
520
521
522 /* nl80211 code */
ack_handler(struct nl_msg * msg,void * arg)523 static int ack_handler(struct nl_msg *msg, void *arg)
524 {
525 int *err = arg;
526 *err = 0;
527 return NL_STOP;
528 }
529
finish_handler(struct nl_msg * msg,void * arg)530 static int finish_handler(struct nl_msg *msg, void *arg)
531 {
532 int *ret = arg;
533 *ret = 0;
534 return NL_SKIP;
535 }
536
error_handler(struct sockaddr_nl * nla,struct nlmsgerr * err,void * arg)537 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
538 void *arg)
539 {
540 int *ret = arg;
541 *ret = err->error;
542 return NL_SKIP;
543 }
544
545
no_seq_check(struct nl_msg * msg,void * arg)546 static int no_seq_check(struct nl_msg *msg, void *arg)
547 {
548 return NL_OK;
549 }
550
551
send_and_recv(struct nl80211_global * global,struct nl_handle * nl_handle,struct nl_msg * msg,int (* valid_handler)(struct nl_msg *,void *),void * valid_data)552 static int send_and_recv(struct nl80211_global *global,
553 struct nl_handle *nl_handle, struct nl_msg *msg,
554 int (*valid_handler)(struct nl_msg *, void *),
555 void *valid_data)
556 {
557 struct nl_cb *cb;
558 int err = -ENOMEM;
559
560 cb = nl_cb_clone(global->nl_cb);
561 if (!cb)
562 goto out;
563
564 err = nl_send_auto_complete(nl_handle, msg);
565 if (err < 0)
566 goto out;
567
568 err = 1;
569
570 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
571 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
572 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
573
574 if (valid_handler)
575 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
576 valid_handler, valid_data);
577
578 while (err > 0)
579 nl_recvmsgs(nl_handle, cb);
580 out:
581 nl_cb_put(cb);
582 nlmsg_free(msg);
583 return err;
584 }
585
586
send_and_recv_msgs_global(struct nl80211_global * global,struct nl_msg * msg,int (* valid_handler)(struct nl_msg *,void *),void * valid_data)587 static int send_and_recv_msgs_global(struct nl80211_global *global,
588 struct nl_msg *msg,
589 int (*valid_handler)(struct nl_msg *, void *),
590 void *valid_data)
591 {
592 return send_and_recv(global, global->nl, msg, valid_handler,
593 valid_data);
594 }
595
596
597 #ifndef ANDROID
598 static
599 #endif
send_and_recv_msgs(struct wpa_driver_nl80211_data * drv,struct nl_msg * msg,int (* valid_handler)(struct nl_msg *,void *),void * valid_data)600 int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
601 struct nl_msg *msg,
602 int (*valid_handler)(struct nl_msg *, void *),
603 void *valid_data)
604 {
605 return send_and_recv(drv->global, drv->global->nl, msg,
606 valid_handler, valid_data);
607 }
608
609
610 struct family_data {
611 const char *group;
612 int id;
613 };
614
615
nl80211_set_iface_id(struct nl_msg * msg,struct i802_bss * bss)616 static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss)
617 {
618 if (bss->wdev_id_set)
619 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
620 else
621 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
622 return 0;
623
624 nla_put_failure:
625 return -1;
626 }
627
628
family_handler(struct nl_msg * msg,void * arg)629 static int family_handler(struct nl_msg *msg, void *arg)
630 {
631 struct family_data *res = arg;
632 struct nlattr *tb[CTRL_ATTR_MAX + 1];
633 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
634 struct nlattr *mcgrp;
635 int i;
636
637 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
638 genlmsg_attrlen(gnlh, 0), NULL);
639 if (!tb[CTRL_ATTR_MCAST_GROUPS])
640 return NL_SKIP;
641
642 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
643 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
644 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
645 nla_len(mcgrp), NULL);
646 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
647 !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
648 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
649 res->group,
650 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
651 continue;
652 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
653 break;
654 };
655
656 return NL_SKIP;
657 }
658
659
nl_get_multicast_id(struct nl80211_global * global,const char * family,const char * group)660 static int nl_get_multicast_id(struct nl80211_global *global,
661 const char *family, const char *group)
662 {
663 struct nl_msg *msg;
664 int ret = -1;
665 struct family_data res = { group, -ENOENT };
666
667 msg = nlmsg_alloc();
668 if (!msg)
669 return -ENOMEM;
670 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"),
671 0, 0, CTRL_CMD_GETFAMILY, 0);
672 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
673
674 ret = send_and_recv_msgs_global(global, msg, family_handler, &res);
675 msg = NULL;
676 if (ret == 0)
677 ret = res.id;
678
679 nla_put_failure:
680 nlmsg_free(msg);
681 return ret;
682 }
683
684
nl80211_cmd(struct wpa_driver_nl80211_data * drv,struct nl_msg * msg,int flags,uint8_t cmd)685 static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv,
686 struct nl_msg *msg, int flags, uint8_t cmd)
687 {
688 return genlmsg_put(msg, 0, 0, drv->global->nl80211_id,
689 0, flags, cmd, 0);
690 }
691
692
693 struct wiphy_idx_data {
694 int wiphy_idx;
695 enum nl80211_iftype nlmode;
696 u8 *macaddr;
697 };
698
699
netdev_info_handler(struct nl_msg * msg,void * arg)700 static int netdev_info_handler(struct nl_msg *msg, void *arg)
701 {
702 struct nlattr *tb[NL80211_ATTR_MAX + 1];
703 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
704 struct wiphy_idx_data *info = arg;
705
706 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
707 genlmsg_attrlen(gnlh, 0), NULL);
708
709 if (tb[NL80211_ATTR_WIPHY])
710 info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
711
712 if (tb[NL80211_ATTR_IFTYPE])
713 info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]);
714
715 if (tb[NL80211_ATTR_MAC] && info->macaddr)
716 os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
717 ETH_ALEN);
718
719 return NL_SKIP;
720 }
721
722
nl80211_get_wiphy_index(struct i802_bss * bss)723 static int nl80211_get_wiphy_index(struct i802_bss *bss)
724 {
725 struct nl_msg *msg;
726 struct wiphy_idx_data data = {
727 .wiphy_idx = -1,
728 .macaddr = NULL,
729 };
730
731 msg = nlmsg_alloc();
732 if (!msg)
733 return NL80211_IFTYPE_UNSPECIFIED;
734
735 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
736
737 if (nl80211_set_iface_id(msg, bss) < 0)
738 goto nla_put_failure;
739
740 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0)
741 return data.wiphy_idx;
742 msg = NULL;
743 nla_put_failure:
744 nlmsg_free(msg);
745 return -1;
746 }
747
748
nl80211_get_ifmode(struct i802_bss * bss)749 static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss)
750 {
751 struct nl_msg *msg;
752 struct wiphy_idx_data data = {
753 .nlmode = NL80211_IFTYPE_UNSPECIFIED,
754 .macaddr = NULL,
755 };
756
757 msg = nlmsg_alloc();
758 if (!msg)
759 return -1;
760
761 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
762
763 if (nl80211_set_iface_id(msg, bss) < 0)
764 goto nla_put_failure;
765
766 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0)
767 return data.nlmode;
768 msg = NULL;
769 nla_put_failure:
770 nlmsg_free(msg);
771 return NL80211_IFTYPE_UNSPECIFIED;
772 }
773
774
775 #ifndef HOSTAPD
nl80211_get_macaddr(struct i802_bss * bss)776 static int nl80211_get_macaddr(struct i802_bss *bss)
777 {
778 struct nl_msg *msg;
779 struct wiphy_idx_data data = {
780 .macaddr = bss->addr,
781 };
782
783 msg = nlmsg_alloc();
784 if (!msg)
785 return NL80211_IFTYPE_UNSPECIFIED;
786
787 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE);
788 if (nl80211_set_iface_id(msg, bss) < 0)
789 goto nla_put_failure;
790
791 return send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data);
792
793 nla_put_failure:
794 nlmsg_free(msg);
795 return NL80211_IFTYPE_UNSPECIFIED;
796 }
797 #endif /* HOSTAPD */
798
799
nl80211_register_beacons(struct wpa_driver_nl80211_data * drv,struct nl80211_wiphy_data * w)800 static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv,
801 struct nl80211_wiphy_data *w)
802 {
803 struct nl_msg *msg;
804 int ret = -1;
805
806 msg = nlmsg_alloc();
807 if (!msg)
808 return -1;
809
810 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS);
811
812 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx);
813
814 ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL);
815 msg = NULL;
816 if (ret) {
817 wpa_printf(MSG_DEBUG, "nl80211: Register beacons command "
818 "failed: ret=%d (%s)",
819 ret, strerror(-ret));
820 goto nla_put_failure;
821 }
822 ret = 0;
823 nla_put_failure:
824 nlmsg_free(msg);
825 return ret;
826 }
827
828
nl80211_recv_beacons(int sock,void * eloop_ctx,void * handle)829 static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle)
830 {
831 struct nl80211_wiphy_data *w = eloop_ctx;
832
833 wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available");
834
835 nl_recvmsgs(handle, w->nl_cb);
836 }
837
838
process_beacon_event(struct nl_msg * msg,void * arg)839 static int process_beacon_event(struct nl_msg *msg, void *arg)
840 {
841 struct nl80211_wiphy_data *w = arg;
842 struct wpa_driver_nl80211_data *drv;
843 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
844 struct nlattr *tb[NL80211_ATTR_MAX + 1];
845 union wpa_event_data event;
846
847 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
848 genlmsg_attrlen(gnlh, 0), NULL);
849
850 if (gnlh->cmd != NL80211_CMD_FRAME) {
851 wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)",
852 gnlh->cmd);
853 return NL_SKIP;
854 }
855
856 if (!tb[NL80211_ATTR_FRAME])
857 return NL_SKIP;
858
859 dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data,
860 wiphy_list) {
861 os_memset(&event, 0, sizeof(event));
862 event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]);
863 event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]);
864 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
865 }
866
867 return NL_SKIP;
868 }
869
870
871 static struct nl80211_wiphy_data *
nl80211_get_wiphy_data_ap(struct i802_bss * bss)872 nl80211_get_wiphy_data_ap(struct i802_bss *bss)
873 {
874 static DEFINE_DL_LIST(nl80211_wiphys);
875 struct nl80211_wiphy_data *w;
876 int wiphy_idx, found = 0;
877 struct i802_bss *tmp_bss;
878
879 if (bss->wiphy_data != NULL)
880 return bss->wiphy_data;
881
882 wiphy_idx = nl80211_get_wiphy_index(bss);
883
884 dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) {
885 if (w->wiphy_idx == wiphy_idx)
886 goto add;
887 }
888
889 /* alloc new one */
890 w = os_zalloc(sizeof(*w));
891 if (w == NULL)
892 return NULL;
893 w->wiphy_idx = wiphy_idx;
894 dl_list_init(&w->bsss);
895 dl_list_init(&w->drvs);
896
897 w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
898 if (!w->nl_cb) {
899 os_free(w);
900 return NULL;
901 }
902 nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
903 nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event,
904 w);
905
906 w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb,
907 "wiphy beacons");
908 if (w->nl_beacons == NULL) {
909 os_free(w);
910 return NULL;
911 }
912
913 if (nl80211_register_beacons(bss->drv, w)) {
914 nl_destroy_handles(&w->nl_beacons);
915 os_free(w);
916 return NULL;
917 }
918
919 eloop_register_read_sock(nl_socket_get_fd(w->nl_beacons),
920 nl80211_recv_beacons, w, w->nl_beacons);
921
922 dl_list_add(&nl80211_wiphys, &w->list);
923
924 add:
925 /* drv entry for this bss already there? */
926 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
927 if (tmp_bss->drv == bss->drv) {
928 found = 1;
929 break;
930 }
931 }
932 /* if not add it */
933 if (!found)
934 dl_list_add(&w->drvs, &bss->drv->wiphy_list);
935
936 dl_list_add(&w->bsss, &bss->wiphy_list);
937 bss->wiphy_data = w;
938 return w;
939 }
940
941
nl80211_put_wiphy_data_ap(struct i802_bss * bss)942 static void nl80211_put_wiphy_data_ap(struct i802_bss *bss)
943 {
944 struct nl80211_wiphy_data *w = bss->wiphy_data;
945 struct i802_bss *tmp_bss;
946 int found = 0;
947
948 if (w == NULL)
949 return;
950 bss->wiphy_data = NULL;
951 dl_list_del(&bss->wiphy_list);
952
953 /* still any for this drv present? */
954 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
955 if (tmp_bss->drv == bss->drv) {
956 found = 1;
957 break;
958 }
959 }
960 /* if not remove it */
961 if (!found)
962 dl_list_del(&bss->drv->wiphy_list);
963
964 if (!dl_list_empty(&w->bsss))
965 return;
966
967 eloop_unregister_read_sock(nl_socket_get_fd(w->nl_beacons));
968
969 nl_cb_put(w->nl_cb);
970 nl_destroy_handles(&w->nl_beacons);
971 dl_list_del(&w->list);
972 os_free(w);
973 }
974
975
wpa_driver_nl80211_get_bssid(void * priv,u8 * bssid)976 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
977 {
978 struct i802_bss *bss = priv;
979 struct wpa_driver_nl80211_data *drv = bss->drv;
980 if (!drv->associated)
981 return -1;
982 os_memcpy(bssid, drv->bssid, ETH_ALEN);
983 return 0;
984 }
985
986
wpa_driver_nl80211_get_ssid(void * priv,u8 * ssid)987 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
988 {
989 struct i802_bss *bss = priv;
990 struct wpa_driver_nl80211_data *drv = bss->drv;
991 if (!drv->associated)
992 return -1;
993 os_memcpy(ssid, drv->ssid, drv->ssid_len);
994 return drv->ssid_len;
995 }
996
997
wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data * drv,char * buf,size_t len,int del)998 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
999 char *buf, size_t len, int del)
1000 {
1001 union wpa_event_data event;
1002
1003 os_memset(&event, 0, sizeof(event));
1004 if (len > sizeof(event.interface_status.ifname))
1005 len = sizeof(event.interface_status.ifname) - 1;
1006 os_memcpy(event.interface_status.ifname, buf, len);
1007 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
1008 EVENT_INTERFACE_ADDED;
1009
1010 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
1011 del ? "DEL" : "NEW",
1012 event.interface_status.ifname,
1013 del ? "removed" : "added");
1014
1015 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) {
1016 if (del) {
1017 if (drv->if_removed) {
1018 wpa_printf(MSG_DEBUG, "nl80211: if_removed "
1019 "already set - ignore event");
1020 return;
1021 }
1022 drv->if_removed = 1;
1023 } else {
1024 if (if_nametoindex(drv->first_bss.ifname) == 0) {
1025 wpa_printf(MSG_DEBUG, "nl80211: Interface %s "
1026 "does not exist - ignore "
1027 "RTM_NEWLINK",
1028 drv->first_bss.ifname);
1029 return;
1030 }
1031 if (!drv->if_removed) {
1032 wpa_printf(MSG_DEBUG, "nl80211: if_removed "
1033 "already cleared - ignore event");
1034 return;
1035 }
1036 drv->if_removed = 0;
1037 }
1038 }
1039
1040 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
1041 }
1042
1043
wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data * drv,u8 * buf,size_t len)1044 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
1045 u8 *buf, size_t len)
1046 {
1047 int attrlen, rta_len;
1048 struct rtattr *attr;
1049
1050 attrlen = len;
1051 attr = (struct rtattr *) buf;
1052
1053 rta_len = RTA_ALIGN(sizeof(struct rtattr));
1054 while (RTA_OK(attr, attrlen)) {
1055 if (attr->rta_type == IFLA_IFNAME) {
1056 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname)
1057 == 0)
1058 return 1;
1059 else
1060 break;
1061 }
1062 attr = RTA_NEXT(attr, attrlen);
1063 }
1064
1065 return 0;
1066 }
1067
1068
wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data * drv,int ifindex,u8 * buf,size_t len)1069 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
1070 int ifindex, u8 *buf, size_t len)
1071 {
1072 if (drv->ifindex == ifindex)
1073 return 1;
1074
1075 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
1076 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
1077 "interface");
1078 wpa_driver_nl80211_finish_drv_init(drv);
1079 return 1;
1080 }
1081
1082 return 0;
1083 }
1084
1085
1086 static struct wpa_driver_nl80211_data *
nl80211_find_drv(struct nl80211_global * global,int idx,u8 * buf,size_t len)1087 nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len)
1088 {
1089 struct wpa_driver_nl80211_data *drv;
1090 dl_list_for_each(drv, &global->interfaces,
1091 struct wpa_driver_nl80211_data, list) {
1092 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) ||
1093 have_ifidx(drv, idx))
1094 return drv;
1095 }
1096 return NULL;
1097 }
1098
1099
wpa_driver_nl80211_event_rtm_newlink(void * ctx,struct ifinfomsg * ifi,u8 * buf,size_t len)1100 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
1101 struct ifinfomsg *ifi,
1102 u8 *buf, size_t len)
1103 {
1104 struct nl80211_global *global = ctx;
1105 struct wpa_driver_nl80211_data *drv;
1106 int attrlen, rta_len;
1107 struct rtattr *attr;
1108 u32 brid = 0;
1109 char namebuf[IFNAMSIZ];
1110
1111 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
1112 if (!drv) {
1113 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign "
1114 "ifindex %d", ifi->ifi_index);
1115 return;
1116 }
1117
1118 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
1119 "(%s%s%s%s)",
1120 drv->operstate, ifi->ifi_flags,
1121 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
1122 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
1123 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
1124 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
1125
1126 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
1127 if (if_indextoname(ifi->ifi_index, namebuf) &&
1128 linux_iface_up(drv->global->ioctl_sock,
1129 drv->first_bss.ifname) > 0) {
1130 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
1131 "event since interface %s is up", namebuf);
1132 return;
1133 }
1134 wpa_printf(MSG_DEBUG, "nl80211: Interface down");
1135 if (drv->ignore_if_down_event) {
1136 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
1137 "event generated by mode change");
1138 drv->ignore_if_down_event = 0;
1139 } else {
1140 drv->if_disabled = 1;
1141 wpa_supplicant_event(drv->ctx,
1142 EVENT_INTERFACE_DISABLED, NULL);
1143 }
1144 }
1145
1146 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
1147 if (if_indextoname(ifi->ifi_index, namebuf) &&
1148 linux_iface_up(drv->global->ioctl_sock,
1149 drv->first_bss.ifname) == 0) {
1150 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1151 "event since interface %s is down",
1152 namebuf);
1153 } else if (if_nametoindex(drv->first_bss.ifname) == 0) {
1154 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1155 "event since interface %s does not exist",
1156 drv->first_bss.ifname);
1157 } else if (drv->if_removed) {
1158 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1159 "event since interface %s is marked "
1160 "removed", drv->first_bss.ifname);
1161 } else {
1162 wpa_printf(MSG_DEBUG, "nl80211: Interface up");
1163 drv->if_disabled = 0;
1164 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
1165 NULL);
1166 }
1167 }
1168
1169 /*
1170 * Some drivers send the association event before the operup event--in
1171 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
1172 * fails. This will hit us when wpa_supplicant does not need to do
1173 * IEEE 802.1X authentication
1174 */
1175 if (drv->operstate == 1 &&
1176 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
1177 !(ifi->ifi_flags & IFF_RUNNING))
1178 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
1179 -1, IF_OPER_UP);
1180
1181 attrlen = len;
1182 attr = (struct rtattr *) buf;
1183 rta_len = RTA_ALIGN(sizeof(struct rtattr));
1184 while (RTA_OK(attr, attrlen)) {
1185 if (attr->rta_type == IFLA_IFNAME) {
1186 wpa_driver_nl80211_event_link(
1187 drv,
1188 ((char *) attr) + rta_len,
1189 attr->rta_len - rta_len, 0);
1190 } else if (attr->rta_type == IFLA_MASTER)
1191 brid = nla_get_u32((struct nlattr *) attr);
1192 attr = RTA_NEXT(attr, attrlen);
1193 }
1194
1195 if (ifi->ifi_family == AF_BRIDGE && brid) {
1196 /* device has been added to bridge */
1197 if_indextoname(brid, namebuf);
1198 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
1199 brid, namebuf);
1200 add_ifidx(drv, brid);
1201 }
1202 }
1203
1204
wpa_driver_nl80211_event_rtm_dellink(void * ctx,struct ifinfomsg * ifi,u8 * buf,size_t len)1205 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
1206 struct ifinfomsg *ifi,
1207 u8 *buf, size_t len)
1208 {
1209 struct nl80211_global *global = ctx;
1210 struct wpa_driver_nl80211_data *drv;
1211 int attrlen, rta_len;
1212 struct rtattr *attr;
1213 u32 brid = 0;
1214
1215 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len);
1216 if (!drv) {
1217 wpa_printf(MSG_DEBUG, "nl80211: Ignore dellink event for "
1218 "foreign ifindex %d", ifi->ifi_index);
1219 return;
1220 }
1221
1222 attrlen = len;
1223 attr = (struct rtattr *) buf;
1224
1225 rta_len = RTA_ALIGN(sizeof(struct rtattr));
1226 while (RTA_OK(attr, attrlen)) {
1227 if (attr->rta_type == IFLA_IFNAME) {
1228 wpa_driver_nl80211_event_link(
1229 drv,
1230 ((char *) attr) + rta_len,
1231 attr->rta_len - rta_len, 1);
1232 } else if (attr->rta_type == IFLA_MASTER)
1233 brid = nla_get_u32((struct nlattr *) attr);
1234 attr = RTA_NEXT(attr, attrlen);
1235 }
1236
1237 if (ifi->ifi_family == AF_BRIDGE && brid) {
1238 /* device has been removed from bridge */
1239 char namebuf[IFNAMSIZ];
1240 if_indextoname(brid, namebuf);
1241 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge "
1242 "%s", brid, namebuf);
1243 del_ifidx(drv, brid);
1244 }
1245 }
1246
1247
mlme_event_auth(struct wpa_driver_nl80211_data * drv,const u8 * frame,size_t len)1248 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
1249 const u8 *frame, size_t len)
1250 {
1251 const struct ieee80211_mgmt *mgmt;
1252 union wpa_event_data event;
1253
1254 wpa_printf(MSG_DEBUG, "nl80211: Authenticate event");
1255 mgmt = (const struct ieee80211_mgmt *) frame;
1256 if (len < 24 + sizeof(mgmt->u.auth)) {
1257 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1258 "frame");
1259 return;
1260 }
1261
1262 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN);
1263 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
1264 os_memset(&event, 0, sizeof(event));
1265 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
1266 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
1267 event.auth.auth_transaction =
1268 le_to_host16(mgmt->u.auth.auth_transaction);
1269 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
1270 if (len > 24 + sizeof(mgmt->u.auth)) {
1271 event.auth.ies = mgmt->u.auth.variable;
1272 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
1273 }
1274
1275 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
1276 }
1277
1278
nl80211_get_assoc_freq(struct wpa_driver_nl80211_data * drv)1279 static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
1280 {
1281 struct nl_msg *msg;
1282 int ret;
1283 struct nl80211_bss_info_arg arg;
1284
1285 os_memset(&arg, 0, sizeof(arg));
1286 msg = nlmsg_alloc();
1287 if (!msg)
1288 goto nla_put_failure;
1289
1290 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1291 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1292
1293 arg.drv = drv;
1294 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
1295 msg = NULL;
1296 if (ret == 0) {
1297 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the "
1298 "associated BSS from scan results: %u MHz",
1299 arg.assoc_freq);
1300 if (arg.assoc_freq)
1301 drv->assoc_freq = arg.assoc_freq;
1302 return drv->assoc_freq;
1303 }
1304 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1305 "(%s)", ret, strerror(-ret));
1306 nla_put_failure:
1307 nlmsg_free(msg);
1308 return drv->assoc_freq;
1309 }
1310
1311
mlme_event_assoc(struct wpa_driver_nl80211_data * drv,const u8 * frame,size_t len)1312 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
1313 const u8 *frame, size_t len)
1314 {
1315 const struct ieee80211_mgmt *mgmt;
1316 union wpa_event_data event;
1317 u16 status;
1318
1319 wpa_printf(MSG_DEBUG, "nl80211: Associate event");
1320 mgmt = (const struct ieee80211_mgmt *) frame;
1321 if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
1322 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
1323 "frame");
1324 return;
1325 }
1326
1327 status = le_to_host16(mgmt->u.assoc_resp.status_code);
1328 if (status != WLAN_STATUS_SUCCESS) {
1329 os_memset(&event, 0, sizeof(event));
1330 event.assoc_reject.bssid = mgmt->bssid;
1331 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
1332 event.assoc_reject.resp_ies =
1333 (u8 *) mgmt->u.assoc_resp.variable;
1334 event.assoc_reject.resp_ies_len =
1335 len - 24 - sizeof(mgmt->u.assoc_resp);
1336 }
1337 event.assoc_reject.status_code = status;
1338
1339 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
1340 return;
1341 }
1342
1343 drv->associated = 1;
1344 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
1345 os_memcpy(drv->prev_bssid, mgmt->sa, ETH_ALEN);
1346
1347 os_memset(&event, 0, sizeof(event));
1348 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
1349 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
1350 event.assoc_info.resp_ies_len =
1351 len - 24 - sizeof(mgmt->u.assoc_resp);
1352 }
1353
1354 event.assoc_info.freq = drv->assoc_freq;
1355
1356 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
1357 }
1358
1359
mlme_event_connect(struct wpa_driver_nl80211_data * drv,enum nl80211_commands cmd,struct nlattr * status,struct nlattr * addr,struct nlattr * req_ie,struct nlattr * resp_ie)1360 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
1361 enum nl80211_commands cmd, struct nlattr *status,
1362 struct nlattr *addr, struct nlattr *req_ie,
1363 struct nlattr *resp_ie)
1364 {
1365 union wpa_event_data event;
1366
1367 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1368 /*
1369 * Avoid reporting two association events that would confuse
1370 * the core code.
1371 */
1372 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) "
1373 "when using userspace SME", cmd);
1374 return;
1375 }
1376
1377 if (cmd == NL80211_CMD_CONNECT)
1378 wpa_printf(MSG_DEBUG, "nl80211: Connect event");
1379 else if (cmd == NL80211_CMD_ROAM)
1380 wpa_printf(MSG_DEBUG, "nl80211: Roam event");
1381
1382 os_memset(&event, 0, sizeof(event));
1383 if (cmd == NL80211_CMD_CONNECT &&
1384 nla_get_u16(status) != WLAN_STATUS_SUCCESS) {
1385 if (addr)
1386 event.assoc_reject.bssid = nla_data(addr);
1387 if (resp_ie) {
1388 event.assoc_reject.resp_ies = nla_data(resp_ie);
1389 event.assoc_reject.resp_ies_len = nla_len(resp_ie);
1390 }
1391 event.assoc_reject.status_code = nla_get_u16(status);
1392 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
1393 return;
1394 }
1395
1396 drv->associated = 1;
1397 if (addr) {
1398 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN);
1399 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN);
1400 }
1401
1402 if (req_ie) {
1403 event.assoc_info.req_ies = nla_data(req_ie);
1404 event.assoc_info.req_ies_len = nla_len(req_ie);
1405 }
1406 if (resp_ie) {
1407 event.assoc_info.resp_ies = nla_data(resp_ie);
1408 event.assoc_info.resp_ies_len = nla_len(resp_ie);
1409 }
1410
1411 event.assoc_info.freq = nl80211_get_assoc_freq(drv);
1412
1413 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
1414 }
1415
1416
mlme_event_disconnect(struct wpa_driver_nl80211_data * drv,struct nlattr * reason,struct nlattr * addr,struct nlattr * by_ap)1417 static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv,
1418 struct nlattr *reason, struct nlattr *addr,
1419 struct nlattr *by_ap)
1420 {
1421 union wpa_event_data data;
1422 unsigned int locally_generated = by_ap == NULL;
1423
1424 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1425 /*
1426 * Avoid reporting two disassociation events that could
1427 * confuse the core code.
1428 */
1429 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1430 "event when using userspace SME");
1431 return;
1432 }
1433
1434 if (drv->ignore_next_local_disconnect) {
1435 drv->ignore_next_local_disconnect = 0;
1436 if (locally_generated) {
1437 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1438 "event triggered during reassociation");
1439 return;
1440 }
1441 wpa_printf(MSG_WARNING, "nl80211: Was expecting local "
1442 "disconnect but got another disconnect "
1443 "event first");
1444 }
1445
1446 wpa_printf(MSG_DEBUG, "nl80211: Disconnect event");
1447 nl80211_mark_disconnected(drv);
1448 os_memset(&data, 0, sizeof(data));
1449 if (reason)
1450 data.deauth_info.reason_code = nla_get_u16(reason);
1451 data.deauth_info.locally_generated = by_ap == NULL;
1452 wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, &data);
1453 }
1454
1455
mlme_event_ch_switch(struct wpa_driver_nl80211_data * drv,struct nlattr * freq,struct nlattr * type)1456 static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv,
1457 struct nlattr *freq, struct nlattr *type)
1458 {
1459 union wpa_event_data data;
1460 int ht_enabled = 1;
1461 int chan_offset = 0;
1462
1463 wpa_printf(MSG_DEBUG, "nl80211: Channel switch event");
1464
1465 if (!freq || !type)
1466 return;
1467
1468 switch (nla_get_u32(type)) {
1469 case NL80211_CHAN_NO_HT:
1470 ht_enabled = 0;
1471 break;
1472 case NL80211_CHAN_HT20:
1473 break;
1474 case NL80211_CHAN_HT40PLUS:
1475 chan_offset = 1;
1476 break;
1477 case NL80211_CHAN_HT40MINUS:
1478 chan_offset = -1;
1479 break;
1480 }
1481
1482 data.ch_switch.freq = nla_get_u32(freq);
1483 data.ch_switch.ht_enabled = ht_enabled;
1484 data.ch_switch.ch_offset = chan_offset;
1485
1486 wpa_supplicant_event(drv->ctx, EVENT_CH_SWITCH, &data);
1487 }
1488
1489
mlme_timeout_event(struct wpa_driver_nl80211_data * drv,enum nl80211_commands cmd,struct nlattr * addr)1490 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv,
1491 enum nl80211_commands cmd, struct nlattr *addr)
1492 {
1493 union wpa_event_data event;
1494 enum wpa_event_type ev;
1495
1496 if (nla_len(addr) != ETH_ALEN)
1497 return;
1498
1499 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR,
1500 cmd, MAC2STR((u8 *) nla_data(addr)));
1501
1502 if (cmd == NL80211_CMD_AUTHENTICATE)
1503 ev = EVENT_AUTH_TIMED_OUT;
1504 else if (cmd == NL80211_CMD_ASSOCIATE)
1505 ev = EVENT_ASSOC_TIMED_OUT;
1506 else
1507 return;
1508
1509 os_memset(&event, 0, sizeof(event));
1510 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN);
1511 wpa_supplicant_event(drv->ctx, ev, &event);
1512 }
1513
1514
mlme_event_mgmt(struct wpa_driver_nl80211_data * drv,struct nlattr * freq,struct nlattr * sig,const u8 * frame,size_t len)1515 static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv,
1516 struct nlattr *freq, struct nlattr *sig,
1517 const u8 *frame, size_t len)
1518 {
1519 const struct ieee80211_mgmt *mgmt;
1520 union wpa_event_data event;
1521 u16 fc, stype;
1522 int ssi_signal = 0;
1523
1524 wpa_printf(MSG_MSGDUMP, "nl80211: Frame event");
1525 mgmt = (const struct ieee80211_mgmt *) frame;
1526 if (len < 24) {
1527 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame");
1528 return;
1529 }
1530
1531 fc = le_to_host16(mgmt->frame_control);
1532 stype = WLAN_FC_GET_STYPE(fc);
1533
1534 if (sig)
1535 ssi_signal = (s32) nla_get_u32(sig);
1536
1537 os_memset(&event, 0, sizeof(event));
1538 if (freq) {
1539 event.rx_action.freq = nla_get_u32(freq);
1540 drv->last_mgmt_freq = event.rx_action.freq;
1541 }
1542 if (stype == WLAN_FC_STYPE_ACTION) {
1543 event.rx_action.da = mgmt->da;
1544 event.rx_action.sa = mgmt->sa;
1545 event.rx_action.bssid = mgmt->bssid;
1546 event.rx_action.category = mgmt->u.action.category;
1547 event.rx_action.data = &mgmt->u.action.category + 1;
1548 event.rx_action.len = frame + len - event.rx_action.data;
1549 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event);
1550 } else {
1551 event.rx_mgmt.frame = frame;
1552 event.rx_mgmt.frame_len = len;
1553 event.rx_mgmt.ssi_signal = ssi_signal;
1554 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
1555 }
1556 }
1557
1558
mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data * drv,struct nlattr * cookie,const u8 * frame,size_t len,struct nlattr * ack)1559 static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv,
1560 struct nlattr *cookie, const u8 *frame,
1561 size_t len, struct nlattr *ack)
1562 {
1563 union wpa_event_data event;
1564 const struct ieee80211_hdr *hdr;
1565 u16 fc;
1566
1567 wpa_printf(MSG_DEBUG, "nl80211: Frame TX status event");
1568 if (!is_ap_interface(drv->nlmode)) {
1569 u64 cookie_val;
1570
1571 if (!cookie)
1572 return;
1573
1574 cookie_val = nla_get_u64(cookie);
1575 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:"
1576 " cookie=0%llx%s (ack=%d)",
1577 (long long unsigned int) cookie_val,
1578 cookie_val == drv->send_action_cookie ?
1579 " (match)" : " (unknown)", ack != NULL);
1580 if (cookie_val != drv->send_action_cookie)
1581 return;
1582 }
1583
1584 hdr = (const struct ieee80211_hdr *) frame;
1585 fc = le_to_host16(hdr->frame_control);
1586
1587 os_memset(&event, 0, sizeof(event));
1588 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
1589 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
1590 event.tx_status.dst = hdr->addr1;
1591 event.tx_status.data = frame;
1592 event.tx_status.data_len = len;
1593 event.tx_status.ack = ack != NULL;
1594 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event);
1595 }
1596
1597
mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data * drv,enum wpa_event_type type,const u8 * frame,size_t len)1598 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
1599 enum wpa_event_type type,
1600 const u8 *frame, size_t len)
1601 {
1602 const struct ieee80211_mgmt *mgmt;
1603 union wpa_event_data event;
1604 const u8 *bssid = NULL;
1605 u16 reason_code = 0;
1606
1607 if (type == EVENT_DEAUTH)
1608 wpa_printf(MSG_DEBUG, "nl80211: Deauthenticate event");
1609 else
1610 wpa_printf(MSG_DEBUG, "nl80211: Disassociate event");
1611
1612 mgmt = (const struct ieee80211_mgmt *) frame;
1613 if (len >= 24) {
1614 bssid = mgmt->bssid;
1615
1616 if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) &&
1617 !drv->associated &&
1618 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0 &&
1619 os_memcmp(bssid, drv->auth_attempt_bssid, ETH_ALEN) != 0 &&
1620 os_memcmp(bssid, drv->prev_bssid, ETH_ALEN) == 0) {
1621 /*
1622 * Avoid issues with some roaming cases where
1623 * disconnection event for the old AP may show up after
1624 * we have started connection with the new AP.
1625 */
1626 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth/disassoc event from old AP " MACSTR " when already authenticating with " MACSTR,
1627 MAC2STR(bssid),
1628 MAC2STR(drv->auth_attempt_bssid));
1629 return;
1630 }
1631
1632 if (drv->associated != 0 &&
1633 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
1634 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
1635 /*
1636 * We have presumably received this deauth as a
1637 * response to a clear_state_mismatch() outgoing
1638 * deauth. Don't let it take us offline!
1639 */
1640 wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
1641 "from Unknown BSSID " MACSTR " -- ignoring",
1642 MAC2STR(bssid));
1643 return;
1644 }
1645 }
1646
1647 nl80211_mark_disconnected(drv);
1648 os_memset(&event, 0, sizeof(event));
1649
1650 /* Note: Same offset for Reason Code in both frame subtypes */
1651 if (len >= 24 + sizeof(mgmt->u.deauth))
1652 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1653
1654 if (type == EVENT_DISASSOC) {
1655 event.disassoc_info.locally_generated =
1656 !os_memcmp(mgmt->sa, drv->first_bss.addr, ETH_ALEN);
1657 event.disassoc_info.addr = bssid;
1658 event.disassoc_info.reason_code = reason_code;
1659 if (frame + len > mgmt->u.disassoc.variable) {
1660 event.disassoc_info.ie = mgmt->u.disassoc.variable;
1661 event.disassoc_info.ie_len = frame + len -
1662 mgmt->u.disassoc.variable;
1663 }
1664 } else {
1665 event.deauth_info.locally_generated =
1666 !os_memcmp(mgmt->sa, drv->first_bss.addr, ETH_ALEN);
1667 event.deauth_info.addr = bssid;
1668 event.deauth_info.reason_code = reason_code;
1669 if (frame + len > mgmt->u.deauth.variable) {
1670 event.deauth_info.ie = mgmt->u.deauth.variable;
1671 event.deauth_info.ie_len = frame + len -
1672 mgmt->u.deauth.variable;
1673 }
1674 }
1675
1676 wpa_supplicant_event(drv->ctx, type, &event);
1677 }
1678
1679
mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data * drv,enum wpa_event_type type,const u8 * frame,size_t len)1680 static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv,
1681 enum wpa_event_type type,
1682 const u8 *frame, size_t len)
1683 {
1684 const struct ieee80211_mgmt *mgmt;
1685 union wpa_event_data event;
1686 u16 reason_code = 0;
1687
1688 if (type == EVENT_UNPROT_DEAUTH)
1689 wpa_printf(MSG_DEBUG, "nl80211: Unprot Deauthenticate event");
1690 else
1691 wpa_printf(MSG_DEBUG, "nl80211: Unprot Disassociate event");
1692
1693 if (len < 24)
1694 return;
1695
1696 mgmt = (const struct ieee80211_mgmt *) frame;
1697
1698 os_memset(&event, 0, sizeof(event));
1699 /* Note: Same offset for Reason Code in both frame subtypes */
1700 if (len >= 24 + sizeof(mgmt->u.deauth))
1701 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
1702
1703 if (type == EVENT_UNPROT_DISASSOC) {
1704 event.unprot_disassoc.sa = mgmt->sa;
1705 event.unprot_disassoc.da = mgmt->da;
1706 event.unprot_disassoc.reason_code = reason_code;
1707 } else {
1708 event.unprot_deauth.sa = mgmt->sa;
1709 event.unprot_deauth.da = mgmt->da;
1710 event.unprot_deauth.reason_code = reason_code;
1711 }
1712
1713 wpa_supplicant_event(drv->ctx, type, &event);
1714 }
1715
1716
mlme_event(struct i802_bss * bss,enum nl80211_commands cmd,struct nlattr * frame,struct nlattr * addr,struct nlattr * timed_out,struct nlattr * freq,struct nlattr * ack,struct nlattr * cookie,struct nlattr * sig)1717 static void mlme_event(struct i802_bss *bss,
1718 enum nl80211_commands cmd, struct nlattr *frame,
1719 struct nlattr *addr, struct nlattr *timed_out,
1720 struct nlattr *freq, struct nlattr *ack,
1721 struct nlattr *cookie, struct nlattr *sig)
1722 {
1723 struct wpa_driver_nl80211_data *drv = bss->drv;
1724 const u8 *data;
1725 size_t len;
1726
1727 if (timed_out && addr) {
1728 mlme_timeout_event(drv, cmd, addr);
1729 return;
1730 }
1731
1732 if (frame == NULL) {
1733 wpa_printf(MSG_DEBUG,
1734 "nl80211: MLME event %d (%s) without frame data",
1735 cmd, nl80211_command_to_string(cmd));
1736 return;
1737 }
1738
1739 data = nla_data(frame);
1740 len = nla_len(frame);
1741 if (len < 4 + 2 * ETH_ALEN) {
1742 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s("
1743 MACSTR ") - too short",
1744 cmd, nl80211_command_to_string(cmd), bss->ifname,
1745 MAC2STR(bss->addr));
1746 return;
1747 }
1748 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" MACSTR
1749 ") A1=" MACSTR " A2=" MACSTR, cmd,
1750 nl80211_command_to_string(cmd), bss->ifname,
1751 MAC2STR(bss->addr), MAC2STR(data + 4),
1752 MAC2STR(data + 4 + ETH_ALEN));
1753 if (cmd != NL80211_CMD_FRAME_TX_STATUS && !(data[4] & 0x01) &&
1754 os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 &&
1755 os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) {
1756 wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event "
1757 "for foreign address", bss->ifname);
1758 return;
1759 }
1760 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
1761 nla_data(frame), nla_len(frame));
1762
1763 switch (cmd) {
1764 case NL80211_CMD_AUTHENTICATE:
1765 mlme_event_auth(drv, nla_data(frame), nla_len(frame));
1766 break;
1767 case NL80211_CMD_ASSOCIATE:
1768 mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
1769 break;
1770 case NL80211_CMD_DEAUTHENTICATE:
1771 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH,
1772 nla_data(frame), nla_len(frame));
1773 break;
1774 case NL80211_CMD_DISASSOCIATE:
1775 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC,
1776 nla_data(frame), nla_len(frame));
1777 break;
1778 case NL80211_CMD_FRAME:
1779 mlme_event_mgmt(drv, freq, sig, nla_data(frame),
1780 nla_len(frame));
1781 break;
1782 case NL80211_CMD_FRAME_TX_STATUS:
1783 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame),
1784 nla_len(frame), ack);
1785 break;
1786 case NL80211_CMD_UNPROT_DEAUTHENTICATE:
1787 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH,
1788 nla_data(frame), nla_len(frame));
1789 break;
1790 case NL80211_CMD_UNPROT_DISASSOCIATE:
1791 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC,
1792 nla_data(frame), nla_len(frame));
1793 break;
1794 default:
1795 break;
1796 }
1797 }
1798
1799
mlme_event_michael_mic_failure(struct i802_bss * bss,struct nlattr * tb[])1800 static void mlme_event_michael_mic_failure(struct i802_bss *bss,
1801 struct nlattr *tb[])
1802 {
1803 union wpa_event_data data;
1804
1805 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
1806 os_memset(&data, 0, sizeof(data));
1807 if (tb[NL80211_ATTR_MAC]) {
1808 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
1809 nla_data(tb[NL80211_ATTR_MAC]),
1810 nla_len(tb[NL80211_ATTR_MAC]));
1811 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]);
1812 }
1813 if (tb[NL80211_ATTR_KEY_SEQ]) {
1814 wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
1815 nla_data(tb[NL80211_ATTR_KEY_SEQ]),
1816 nla_len(tb[NL80211_ATTR_KEY_SEQ]));
1817 }
1818 if (tb[NL80211_ATTR_KEY_TYPE]) {
1819 enum nl80211_key_type key_type =
1820 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
1821 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
1822 if (key_type == NL80211_KEYTYPE_PAIRWISE)
1823 data.michael_mic_failure.unicast = 1;
1824 } else
1825 data.michael_mic_failure.unicast = 1;
1826
1827 if (tb[NL80211_ATTR_KEY_IDX]) {
1828 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
1829 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
1830 }
1831
1832 wpa_supplicant_event(bss->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
1833 }
1834
1835
mlme_event_join_ibss(struct wpa_driver_nl80211_data * drv,struct nlattr * tb[])1836 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv,
1837 struct nlattr *tb[])
1838 {
1839 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4);
1840
1841 if (tb[NL80211_ATTR_MAC] == NULL) {
1842 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined "
1843 "event");
1844 return;
1845 }
1846 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
1847
1848 /* register for any AUTH message */
1849 nl80211_register_frame(&drv->first_bss, drv->first_bss.nl_mgmt,
1850 type, NULL, 0);
1851
1852 drv->associated = 1;
1853 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined",
1854 MAC2STR(drv->bssid));
1855
1856 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
1857 }
1858
1859
mlme_event_remain_on_channel(struct wpa_driver_nl80211_data * drv,int cancel_event,struct nlattr * tb[])1860 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv,
1861 int cancel_event, struct nlattr *tb[])
1862 {
1863 unsigned int freq, chan_type, duration;
1864 union wpa_event_data data;
1865 u64 cookie;
1866
1867 if (tb[NL80211_ATTR_WIPHY_FREQ])
1868 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
1869 else
1870 freq = 0;
1871
1872 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
1873 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1874 else
1875 chan_type = 0;
1876
1877 if (tb[NL80211_ATTR_DURATION])
1878 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]);
1879 else
1880 duration = 0;
1881
1882 if (tb[NL80211_ATTR_COOKIE])
1883 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
1884 else
1885 cookie = 0;
1886
1887 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d "
1888 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))",
1889 cancel_event, freq, chan_type, duration,
1890 (long long unsigned int) cookie,
1891 cookie == drv->remain_on_chan_cookie ? "match" : "unknown");
1892
1893 if (cookie != drv->remain_on_chan_cookie)
1894 return; /* not for us */
1895
1896 if (cancel_event)
1897 drv->pending_remain_on_chan = 0;
1898
1899 os_memset(&data, 0, sizeof(data));
1900 data.remain_on_channel.freq = freq;
1901 data.remain_on_channel.duration = duration;
1902 wpa_supplicant_event(drv->ctx, cancel_event ?
1903 EVENT_CANCEL_REMAIN_ON_CHANNEL :
1904 EVENT_REMAIN_ON_CHANNEL, &data);
1905 }
1906
1907
mlme_event_ft_event(struct wpa_driver_nl80211_data * drv,struct nlattr * tb[])1908 static void mlme_event_ft_event(struct wpa_driver_nl80211_data *drv,
1909 struct nlattr *tb[])
1910 {
1911 union wpa_event_data data;
1912
1913 os_memset(&data, 0, sizeof(data));
1914
1915 if (tb[NL80211_ATTR_IE]) {
1916 data.ft_ies.ies = nla_data(tb[NL80211_ATTR_IE]);
1917 data.ft_ies.ies_len = nla_len(tb[NL80211_ATTR_IE]);
1918 }
1919
1920 if (tb[NL80211_ATTR_IE_RIC]) {
1921 data.ft_ies.ric_ies = nla_data(tb[NL80211_ATTR_IE_RIC]);
1922 data.ft_ies.ric_ies_len = nla_len(tb[NL80211_ATTR_IE_RIC]);
1923 }
1924
1925 if (tb[NL80211_ATTR_MAC])
1926 os_memcpy(data.ft_ies.target_ap,
1927 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
1928
1929 wpa_printf(MSG_DEBUG, "nl80211: FT event target_ap " MACSTR,
1930 MAC2STR(data.ft_ies.target_ap));
1931
1932 wpa_supplicant_event(drv->ctx, EVENT_FT_RESPONSE, &data);
1933 }
1934
1935
send_scan_event(struct wpa_driver_nl80211_data * drv,int aborted,struct nlattr * tb[])1936 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
1937 struct nlattr *tb[])
1938 {
1939 union wpa_event_data event;
1940 struct nlattr *nl;
1941 int rem;
1942 struct scan_info *info;
1943 #define MAX_REPORT_FREQS 50
1944 int freqs[MAX_REPORT_FREQS];
1945 int num_freqs = 0;
1946
1947 if (drv->scan_for_auth) {
1948 drv->scan_for_auth = 0;
1949 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing "
1950 "cfg80211 BSS entry");
1951 wpa_driver_nl80211_authenticate_retry(drv);
1952 return;
1953 }
1954
1955 os_memset(&event, 0, sizeof(event));
1956 info = &event.scan_info;
1957 info->aborted = aborted;
1958
1959 if (tb[NL80211_ATTR_SCAN_SSIDS]) {
1960 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
1961 struct wpa_driver_scan_ssid *s =
1962 &info->ssids[info->num_ssids];
1963 s->ssid = nla_data(nl);
1964 s->ssid_len = nla_len(nl);
1965 info->num_ssids++;
1966 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
1967 break;
1968 }
1969 }
1970 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
1971 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem)
1972 {
1973 freqs[num_freqs] = nla_get_u32(nl);
1974 num_freqs++;
1975 if (num_freqs == MAX_REPORT_FREQS - 1)
1976 break;
1977 }
1978 info->freqs = freqs;
1979 info->num_freqs = num_freqs;
1980 }
1981 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
1982 }
1983
1984
get_link_signal(struct nl_msg * msg,void * arg)1985 static int get_link_signal(struct nl_msg *msg, void *arg)
1986 {
1987 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1988 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1989 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
1990 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
1991 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
1992 [NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 },
1993 };
1994 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1];
1995 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
1996 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
1997 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
1998 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG },
1999 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
2000 };
2001 struct wpa_signal_info *sig_change = arg;
2002
2003 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2004 genlmsg_attrlen(gnlh, 0), NULL);
2005 if (!tb[NL80211_ATTR_STA_INFO] ||
2006 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
2007 tb[NL80211_ATTR_STA_INFO], policy))
2008 return NL_SKIP;
2009 if (!sinfo[NL80211_STA_INFO_SIGNAL])
2010 return NL_SKIP;
2011
2012 sig_change->current_signal =
2013 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
2014
2015 if (sinfo[NL80211_STA_INFO_SIGNAL_AVG])
2016 sig_change->avg_signal =
2017 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]);
2018 else
2019 sig_change->avg_signal = 0;
2020
2021 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) {
2022 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX,
2023 sinfo[NL80211_STA_INFO_TX_BITRATE],
2024 rate_policy)) {
2025 sig_change->current_txrate = 0;
2026 } else {
2027 if (rinfo[NL80211_RATE_INFO_BITRATE]) {
2028 sig_change->current_txrate =
2029 nla_get_u16(rinfo[
2030 NL80211_RATE_INFO_BITRATE]) * 100;
2031 }
2032 }
2033 }
2034
2035 return NL_SKIP;
2036 }
2037
2038
nl80211_get_link_signal(struct wpa_driver_nl80211_data * drv,struct wpa_signal_info * sig)2039 static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
2040 struct wpa_signal_info *sig)
2041 {
2042 struct nl_msg *msg;
2043
2044 sig->current_signal = -9999;
2045 sig->current_txrate = 0;
2046
2047 msg = nlmsg_alloc();
2048 if (!msg)
2049 return -ENOMEM;
2050
2051 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION);
2052
2053 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2054 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
2055
2056 return send_and_recv_msgs(drv, msg, get_link_signal, sig);
2057 nla_put_failure:
2058 nlmsg_free(msg);
2059 return -ENOBUFS;
2060 }
2061
2062
get_link_noise(struct nl_msg * msg,void * arg)2063 static int get_link_noise(struct nl_msg *msg, void *arg)
2064 {
2065 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2066 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2067 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
2068 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
2069 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
2070 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
2071 };
2072 struct wpa_signal_info *sig_change = arg;
2073
2074 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2075 genlmsg_attrlen(gnlh, 0), NULL);
2076
2077 if (!tb[NL80211_ATTR_SURVEY_INFO]) {
2078 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
2079 return NL_SKIP;
2080 }
2081
2082 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
2083 tb[NL80211_ATTR_SURVEY_INFO],
2084 survey_policy)) {
2085 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
2086 "attributes!");
2087 return NL_SKIP;
2088 }
2089
2090 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
2091 return NL_SKIP;
2092
2093 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
2094 sig_change->frequency)
2095 return NL_SKIP;
2096
2097 if (!sinfo[NL80211_SURVEY_INFO_NOISE])
2098 return NL_SKIP;
2099
2100 sig_change->current_noise =
2101 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
2102
2103 return NL_SKIP;
2104 }
2105
2106
nl80211_get_link_noise(struct wpa_driver_nl80211_data * drv,struct wpa_signal_info * sig_change)2107 static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
2108 struct wpa_signal_info *sig_change)
2109 {
2110 struct nl_msg *msg;
2111
2112 sig_change->current_noise = 9999;
2113 sig_change->frequency = drv->assoc_freq;
2114
2115 msg = nlmsg_alloc();
2116 if (!msg)
2117 return -ENOMEM;
2118
2119 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
2120
2121 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2122
2123 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change);
2124 nla_put_failure:
2125 nlmsg_free(msg);
2126 return -ENOBUFS;
2127 }
2128
2129
get_noise_for_scan_results(struct nl_msg * msg,void * arg)2130 static int get_noise_for_scan_results(struct nl_msg *msg, void *arg)
2131 {
2132 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2133 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2134 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
2135 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
2136 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
2137 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
2138 };
2139 struct wpa_scan_results *scan_results = arg;
2140 struct wpa_scan_res *scan_res;
2141 size_t i;
2142
2143 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2144 genlmsg_attrlen(gnlh, 0), NULL);
2145
2146 if (!tb[NL80211_ATTR_SURVEY_INFO]) {
2147 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing");
2148 return NL_SKIP;
2149 }
2150
2151 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
2152 tb[NL80211_ATTR_SURVEY_INFO],
2153 survey_policy)) {
2154 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested "
2155 "attributes");
2156 return NL_SKIP;
2157 }
2158
2159 if (!sinfo[NL80211_SURVEY_INFO_NOISE])
2160 return NL_SKIP;
2161
2162 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
2163 return NL_SKIP;
2164
2165 for (i = 0; i < scan_results->num; ++i) {
2166 scan_res = scan_results->res[i];
2167 if (!scan_res)
2168 continue;
2169 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
2170 scan_res->freq)
2171 continue;
2172 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID))
2173 continue;
2174 scan_res->noise = (s8)
2175 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
2176 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID;
2177 }
2178
2179 return NL_SKIP;
2180 }
2181
2182
nl80211_get_noise_for_scan_results(struct wpa_driver_nl80211_data * drv,struct wpa_scan_results * scan_res)2183 static int nl80211_get_noise_for_scan_results(
2184 struct wpa_driver_nl80211_data *drv,
2185 struct wpa_scan_results *scan_res)
2186 {
2187 struct nl_msg *msg;
2188
2189 msg = nlmsg_alloc();
2190 if (!msg)
2191 return -ENOMEM;
2192
2193 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
2194
2195 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2196
2197 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results,
2198 scan_res);
2199 nla_put_failure:
2200 nlmsg_free(msg);
2201 return -ENOBUFS;
2202 }
2203
2204
nl80211_cqm_event(struct wpa_driver_nl80211_data * drv,struct nlattr * tb[])2205 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv,
2206 struct nlattr *tb[])
2207 {
2208 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
2209 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
2210 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 },
2211 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
2212 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 },
2213 };
2214 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1];
2215 enum nl80211_cqm_rssi_threshold_event event;
2216 union wpa_event_data ed;
2217 struct wpa_signal_info sig;
2218 int res;
2219
2220 if (tb[NL80211_ATTR_CQM] == NULL ||
2221 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM],
2222 cqm_policy)) {
2223 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event");
2224 return;
2225 }
2226
2227 os_memset(&ed, 0, sizeof(ed));
2228
2229 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) {
2230 if (!tb[NL80211_ATTR_MAC])
2231 return;
2232 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]),
2233 ETH_ALEN);
2234 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed);
2235 return;
2236 }
2237
2238 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL)
2239 return;
2240 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]);
2241
2242 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) {
2243 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
2244 "event: RSSI high");
2245 ed.signal_change.above_threshold = 1;
2246 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) {
2247 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
2248 "event: RSSI low");
2249 ed.signal_change.above_threshold = 0;
2250 } else
2251 return;
2252
2253 res = nl80211_get_link_signal(drv, &sig);
2254 if (res == 0) {
2255 ed.signal_change.current_signal = sig.current_signal;
2256 ed.signal_change.current_txrate = sig.current_txrate;
2257 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d",
2258 sig.current_signal, sig.current_txrate);
2259 }
2260
2261 res = nl80211_get_link_noise(drv, &sig);
2262 if (res == 0) {
2263 ed.signal_change.current_noise = sig.current_noise;
2264 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm",
2265 sig.current_noise);
2266 }
2267
2268 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed);
2269 }
2270
2271
nl80211_new_station_event(struct wpa_driver_nl80211_data * drv,struct nlattr ** tb)2272 static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv,
2273 struct nlattr **tb)
2274 {
2275 u8 *addr;
2276 union wpa_event_data data;
2277
2278 if (tb[NL80211_ATTR_MAC] == NULL)
2279 return;
2280 addr = nla_data(tb[NL80211_ATTR_MAC]);
2281 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr));
2282
2283 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
2284 u8 *ies = NULL;
2285 size_t ies_len = 0;
2286 if (tb[NL80211_ATTR_IE]) {
2287 ies = nla_data(tb[NL80211_ATTR_IE]);
2288 ies_len = nla_len(tb[NL80211_ATTR_IE]);
2289 }
2290 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len);
2291 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0);
2292 return;
2293 }
2294
2295 if (drv->nlmode != NL80211_IFTYPE_ADHOC)
2296 return;
2297
2298 os_memset(&data, 0, sizeof(data));
2299 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN);
2300 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data);
2301 }
2302
2303
nl80211_del_station_event(struct wpa_driver_nl80211_data * drv,struct nlattr ** tb)2304 static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv,
2305 struct nlattr **tb)
2306 {
2307 u8 *addr;
2308 union wpa_event_data data;
2309
2310 if (tb[NL80211_ATTR_MAC] == NULL)
2311 return;
2312 addr = nla_data(tb[NL80211_ATTR_MAC]);
2313 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR,
2314 MAC2STR(addr));
2315
2316 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
2317 drv_event_disassoc(drv->ctx, addr);
2318 return;
2319 }
2320
2321 if (drv->nlmode != NL80211_IFTYPE_ADHOC)
2322 return;
2323
2324 os_memset(&data, 0, sizeof(data));
2325 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN);
2326 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data);
2327 }
2328
2329
nl80211_rekey_offload_event(struct wpa_driver_nl80211_data * drv,struct nlattr ** tb)2330 static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv,
2331 struct nlattr **tb)
2332 {
2333 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA];
2334 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = {
2335 [NL80211_REKEY_DATA_KEK] = {
2336 .minlen = NL80211_KEK_LEN,
2337 .maxlen = NL80211_KEK_LEN,
2338 },
2339 [NL80211_REKEY_DATA_KCK] = {
2340 .minlen = NL80211_KCK_LEN,
2341 .maxlen = NL80211_KCK_LEN,
2342 },
2343 [NL80211_REKEY_DATA_REPLAY_CTR] = {
2344 .minlen = NL80211_REPLAY_CTR_LEN,
2345 .maxlen = NL80211_REPLAY_CTR_LEN,
2346 },
2347 };
2348 union wpa_event_data data;
2349
2350 if (!tb[NL80211_ATTR_MAC])
2351 return;
2352 if (!tb[NL80211_ATTR_REKEY_DATA])
2353 return;
2354 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA,
2355 tb[NL80211_ATTR_REKEY_DATA], rekey_policy))
2356 return;
2357 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR])
2358 return;
2359
2360 os_memset(&data, 0, sizeof(data));
2361 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]);
2362 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR,
2363 MAC2STR(data.driver_gtk_rekey.bssid));
2364 data.driver_gtk_rekey.replay_ctr =
2365 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]);
2366 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter",
2367 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN);
2368 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data);
2369 }
2370
2371
nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data * drv,struct nlattr ** tb)2372 static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv,
2373 struct nlattr **tb)
2374 {
2375 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE];
2376 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = {
2377 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 },
2378 [NL80211_PMKSA_CANDIDATE_BSSID] = {
2379 .minlen = ETH_ALEN,
2380 .maxlen = ETH_ALEN,
2381 },
2382 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG },
2383 };
2384 union wpa_event_data data;
2385
2386 wpa_printf(MSG_DEBUG, "nl80211: PMKSA candidate event");
2387
2388 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE])
2389 return;
2390 if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE,
2391 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy))
2392 return;
2393 if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] ||
2394 !cand[NL80211_PMKSA_CANDIDATE_BSSID])
2395 return;
2396
2397 os_memset(&data, 0, sizeof(data));
2398 os_memcpy(data.pmkid_candidate.bssid,
2399 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN);
2400 data.pmkid_candidate.index =
2401 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]);
2402 data.pmkid_candidate.preauth =
2403 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL;
2404 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
2405 }
2406
2407
nl80211_client_probe_event(struct wpa_driver_nl80211_data * drv,struct nlattr ** tb)2408 static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv,
2409 struct nlattr **tb)
2410 {
2411 union wpa_event_data data;
2412
2413 wpa_printf(MSG_DEBUG, "nl80211: Probe client event");
2414
2415 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK])
2416 return;
2417
2418 os_memset(&data, 0, sizeof(data));
2419 os_memcpy(data.client_poll.addr,
2420 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2421
2422 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data);
2423 }
2424
2425
nl80211_tdls_oper_event(struct wpa_driver_nl80211_data * drv,struct nlattr ** tb)2426 static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv,
2427 struct nlattr **tb)
2428 {
2429 union wpa_event_data data;
2430
2431 wpa_printf(MSG_DEBUG, "nl80211: TDLS operation event");
2432
2433 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_TDLS_OPERATION])
2434 return;
2435
2436 os_memset(&data, 0, sizeof(data));
2437 os_memcpy(data.tdls.peer, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2438 switch (nla_get_u8(tb[NL80211_ATTR_TDLS_OPERATION])) {
2439 case NL80211_TDLS_SETUP:
2440 wpa_printf(MSG_DEBUG, "nl80211: TDLS setup request for peer "
2441 MACSTR, MAC2STR(data.tdls.peer));
2442 data.tdls.oper = TDLS_REQUEST_SETUP;
2443 break;
2444 case NL80211_TDLS_TEARDOWN:
2445 wpa_printf(MSG_DEBUG, "nl80211: TDLS teardown request for peer "
2446 MACSTR, MAC2STR(data.tdls.peer));
2447 data.tdls.oper = TDLS_REQUEST_TEARDOWN;
2448 break;
2449 default:
2450 wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione "
2451 "event");
2452 return;
2453 }
2454 if (tb[NL80211_ATTR_REASON_CODE]) {
2455 data.tdls.reason_code =
2456 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]);
2457 }
2458
2459 wpa_supplicant_event(drv->ctx, EVENT_TDLS, &data);
2460 }
2461
2462
nl80211_stop_ap(struct wpa_driver_nl80211_data * drv,struct nlattr ** tb)2463 static void nl80211_stop_ap(struct wpa_driver_nl80211_data *drv,
2464 struct nlattr **tb)
2465 {
2466 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_UNAVAILABLE, NULL);
2467 }
2468
2469
nl80211_connect_failed_event(struct wpa_driver_nl80211_data * drv,struct nlattr ** tb)2470 static void nl80211_connect_failed_event(struct wpa_driver_nl80211_data *drv,
2471 struct nlattr **tb)
2472 {
2473 union wpa_event_data data;
2474 u32 reason;
2475
2476 wpa_printf(MSG_DEBUG, "nl80211: Connect failed event");
2477
2478 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_CONN_FAILED_REASON])
2479 return;
2480
2481 os_memset(&data, 0, sizeof(data));
2482 os_memcpy(data.connect_failed_reason.addr,
2483 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
2484
2485 reason = nla_get_u32(tb[NL80211_ATTR_CONN_FAILED_REASON]);
2486 switch (reason) {
2487 case NL80211_CONN_FAIL_MAX_CLIENTS:
2488 wpa_printf(MSG_DEBUG, "nl80211: Max client reached");
2489 data.connect_failed_reason.code = MAX_CLIENT_REACHED;
2490 break;
2491 case NL80211_CONN_FAIL_BLOCKED_CLIENT:
2492 wpa_printf(MSG_DEBUG, "nl80211: Blocked client " MACSTR
2493 " tried to connect",
2494 MAC2STR(data.connect_failed_reason.addr));
2495 data.connect_failed_reason.code = BLOCKED_CLIENT;
2496 break;
2497 default:
2498 wpa_printf(MSG_DEBUG, "nl8021l: Unknown connect failed reason "
2499 "%u", reason);
2500 return;
2501 }
2502
2503 wpa_supplicant_event(drv->ctx, EVENT_CONNECT_FAILED_REASON, &data);
2504 }
2505
2506
nl80211_radar_event(struct wpa_driver_nl80211_data * drv,struct nlattr ** tb)2507 static void nl80211_radar_event(struct wpa_driver_nl80211_data *drv,
2508 struct nlattr **tb)
2509 {
2510 union wpa_event_data data;
2511 enum nl80211_radar_event event_type;
2512
2513 if (!tb[NL80211_ATTR_WIPHY_FREQ] || !tb[NL80211_ATTR_RADAR_EVENT])
2514 return;
2515
2516 os_memset(&data, 0, sizeof(data));
2517 data.dfs_event.freq = nla_get_u16(tb[NL80211_ATTR_WIPHY_FREQ]);
2518 event_type = nla_get_u8(tb[NL80211_ATTR_RADAR_EVENT]);
2519
2520 wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz",
2521 data.dfs_event.freq);
2522
2523 switch (event_type) {
2524 case NL80211_RADAR_DETECTED:
2525 wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data);
2526 break;
2527 case NL80211_RADAR_CAC_FINISHED:
2528 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data);
2529 break;
2530 case NL80211_RADAR_CAC_ABORTED:
2531 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data);
2532 break;
2533 case NL80211_RADAR_NOP_FINISHED:
2534 wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data);
2535 break;
2536 default:
2537 wpa_printf(MSG_DEBUG, "nl80211: Unknown radar event %d "
2538 "received", event_type);
2539 break;
2540 }
2541 }
2542
2543
nl80211_spurious_frame(struct i802_bss * bss,struct nlattr ** tb,int wds)2544 static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb,
2545 int wds)
2546 {
2547 struct wpa_driver_nl80211_data *drv = bss->drv;
2548 union wpa_event_data event;
2549
2550 if (!tb[NL80211_ATTR_MAC])
2551 return;
2552
2553 os_memset(&event, 0, sizeof(event));
2554 event.rx_from_unknown.bssid = bss->addr;
2555 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]);
2556 event.rx_from_unknown.wds = wds;
2557
2558 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
2559 }
2560
2561
do_process_drv_event(struct i802_bss * bss,int cmd,struct nlattr ** tb)2562 static void do_process_drv_event(struct i802_bss *bss, int cmd,
2563 struct nlattr **tb)
2564 {
2565 struct wpa_driver_nl80211_data *drv = bss->drv;
2566
2567 wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s",
2568 cmd, nl80211_command_to_string(cmd), bss->ifname);
2569
2570 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED &&
2571 (cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
2572 cmd == NL80211_CMD_SCAN_ABORTED)) {
2573 wpa_driver_nl80211_set_mode(&drv->first_bss,
2574 drv->ap_scan_as_station);
2575 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
2576 }
2577
2578 switch (cmd) {
2579 case NL80211_CMD_TRIGGER_SCAN:
2580 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan trigger");
2581 break;
2582 case NL80211_CMD_START_SCHED_SCAN:
2583 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan started");
2584 break;
2585 case NL80211_CMD_SCHED_SCAN_STOPPED:
2586 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan stopped");
2587 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL);
2588 break;
2589 case NL80211_CMD_NEW_SCAN_RESULTS:
2590 wpa_dbg(drv->ctx, MSG_DEBUG,
2591 "nl80211: New scan results available");
2592 drv->scan_complete_events = 1;
2593 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
2594 drv->ctx);
2595 send_scan_event(drv, 0, tb);
2596 break;
2597 case NL80211_CMD_SCHED_SCAN_RESULTS:
2598 wpa_dbg(drv->ctx, MSG_DEBUG,
2599 "nl80211: New sched scan results available");
2600 send_scan_event(drv, 0, tb);
2601 break;
2602 case NL80211_CMD_SCAN_ABORTED:
2603 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan aborted");
2604 /*
2605 * Need to indicate that scan results are available in order
2606 * not to make wpa_supplicant stop its scanning.
2607 */
2608 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
2609 drv->ctx);
2610 send_scan_event(drv, 1, tb);
2611 break;
2612 case NL80211_CMD_AUTHENTICATE:
2613 case NL80211_CMD_ASSOCIATE:
2614 case NL80211_CMD_DEAUTHENTICATE:
2615 case NL80211_CMD_DISASSOCIATE:
2616 case NL80211_CMD_FRAME_TX_STATUS:
2617 case NL80211_CMD_UNPROT_DEAUTHENTICATE:
2618 case NL80211_CMD_UNPROT_DISASSOCIATE:
2619 mlme_event(bss, cmd, tb[NL80211_ATTR_FRAME],
2620 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
2621 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
2622 tb[NL80211_ATTR_COOKIE],
2623 tb[NL80211_ATTR_RX_SIGNAL_DBM]);
2624 break;
2625 case NL80211_CMD_CONNECT:
2626 case NL80211_CMD_ROAM:
2627 mlme_event_connect(drv, cmd,
2628 tb[NL80211_ATTR_STATUS_CODE],
2629 tb[NL80211_ATTR_MAC],
2630 tb[NL80211_ATTR_REQ_IE],
2631 tb[NL80211_ATTR_RESP_IE]);
2632 break;
2633 case NL80211_CMD_CH_SWITCH_NOTIFY:
2634 mlme_event_ch_switch(drv, tb[NL80211_ATTR_WIPHY_FREQ],
2635 tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2636 break;
2637 case NL80211_CMD_DISCONNECT:
2638 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE],
2639 tb[NL80211_ATTR_MAC],
2640 tb[NL80211_ATTR_DISCONNECTED_BY_AP]);
2641 break;
2642 case NL80211_CMD_MICHAEL_MIC_FAILURE:
2643 mlme_event_michael_mic_failure(bss, tb);
2644 break;
2645 case NL80211_CMD_JOIN_IBSS:
2646 mlme_event_join_ibss(drv, tb);
2647 break;
2648 case NL80211_CMD_REMAIN_ON_CHANNEL:
2649 mlme_event_remain_on_channel(drv, 0, tb);
2650 break;
2651 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL:
2652 mlme_event_remain_on_channel(drv, 1, tb);
2653 break;
2654 case NL80211_CMD_NOTIFY_CQM:
2655 nl80211_cqm_event(drv, tb);
2656 break;
2657 case NL80211_CMD_REG_CHANGE:
2658 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change");
2659 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
2660 NULL);
2661 break;
2662 case NL80211_CMD_REG_BEACON_HINT:
2663 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
2664 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
2665 NULL);
2666 break;
2667 case NL80211_CMD_NEW_STATION:
2668 nl80211_new_station_event(drv, tb);
2669 break;
2670 case NL80211_CMD_DEL_STATION:
2671 nl80211_del_station_event(drv, tb);
2672 break;
2673 case NL80211_CMD_SET_REKEY_OFFLOAD:
2674 nl80211_rekey_offload_event(drv, tb);
2675 break;
2676 case NL80211_CMD_PMKSA_CANDIDATE:
2677 nl80211_pmksa_candidate_event(drv, tb);
2678 break;
2679 case NL80211_CMD_PROBE_CLIENT:
2680 nl80211_client_probe_event(drv, tb);
2681 break;
2682 case NL80211_CMD_TDLS_OPER:
2683 nl80211_tdls_oper_event(drv, tb);
2684 break;
2685 case NL80211_CMD_CONN_FAILED:
2686 nl80211_connect_failed_event(drv, tb);
2687 break;
2688 case NL80211_CMD_FT_EVENT:
2689 mlme_event_ft_event(drv, tb);
2690 break;
2691 case NL80211_CMD_RADAR_DETECT:
2692 nl80211_radar_event(drv, tb);
2693 break;
2694 case NL80211_CMD_STOP_AP:
2695 nl80211_stop_ap(drv, tb);
2696 break;
2697 default:
2698 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event "
2699 "(cmd=%d)", cmd);
2700 break;
2701 }
2702 }
2703
2704
process_drv_event(struct nl_msg * msg,void * arg)2705 static int process_drv_event(struct nl_msg *msg, void *arg)
2706 {
2707 struct wpa_driver_nl80211_data *drv = arg;
2708 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2709 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2710 struct i802_bss *bss;
2711 int ifidx = -1;
2712
2713 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2714 genlmsg_attrlen(gnlh, 0), NULL);
2715
2716 if (tb[NL80211_ATTR_IFINDEX]) {
2717 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2718
2719 for (bss = &drv->first_bss; bss; bss = bss->next)
2720 if (ifidx == -1 || ifidx == bss->ifindex) {
2721 do_process_drv_event(bss, gnlh->cmd, tb);
2722 return NL_SKIP;
2723 }
2724 wpa_printf(MSG_DEBUG,
2725 "nl80211: Ignored event (cmd=%d) for foreign interface (ifindex %d)",
2726 gnlh->cmd, ifidx);
2727 } else if (tb[NL80211_ATTR_WDEV]) {
2728 u64 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
2729 wpa_printf(MSG_DEBUG, "nl80211: Process event on P2P device");
2730 for (bss = &drv->first_bss; bss; bss = bss->next) {
2731 if (bss->wdev_id_set && wdev_id == bss->wdev_id) {
2732 do_process_drv_event(bss, gnlh->cmd, tb);
2733 return NL_SKIP;
2734 }
2735 }
2736 wpa_printf(MSG_DEBUG,
2737 "nl80211: Ignored event (cmd=%d) for foreign interface (wdev 0x%llx)",
2738 gnlh->cmd, (long long unsigned int) wdev_id);
2739 }
2740
2741 return NL_SKIP;
2742 }
2743
2744
process_global_event(struct nl_msg * msg,void * arg)2745 static int process_global_event(struct nl_msg *msg, void *arg)
2746 {
2747 struct nl80211_global *global = arg;
2748 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2749 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2750 struct wpa_driver_nl80211_data *drv, *tmp;
2751 int ifidx = -1;
2752 struct i802_bss *bss;
2753 u64 wdev_id = 0;
2754 int wdev_id_set = 0;
2755
2756 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2757 genlmsg_attrlen(gnlh, 0), NULL);
2758
2759 if (tb[NL80211_ATTR_IFINDEX])
2760 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2761 else if (tb[NL80211_ATTR_WDEV]) {
2762 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
2763 wdev_id_set = 1;
2764 }
2765
2766 dl_list_for_each_safe(drv, tmp, &global->interfaces,
2767 struct wpa_driver_nl80211_data, list) {
2768 for (bss = &drv->first_bss; bss; bss = bss->next) {
2769 if ((ifidx == -1 && !wdev_id_set) ||
2770 ifidx == bss->ifindex ||
2771 (wdev_id_set && bss->wdev_id_set &&
2772 wdev_id == bss->wdev_id)) {
2773 do_process_drv_event(bss, gnlh->cmd, tb);
2774 return NL_SKIP;
2775 }
2776 }
2777 }
2778
2779 return NL_SKIP;
2780 }
2781
2782
process_bss_event(struct nl_msg * msg,void * arg)2783 static int process_bss_event(struct nl_msg *msg, void *arg)
2784 {
2785 struct i802_bss *bss = arg;
2786 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2787 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2788
2789 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2790 genlmsg_attrlen(gnlh, 0), NULL);
2791
2792 wpa_printf(MSG_DEBUG, "nl80211: BSS Event %d (%s) received for %s",
2793 gnlh->cmd, nl80211_command_to_string(gnlh->cmd),
2794 bss->ifname);
2795
2796 switch (gnlh->cmd) {
2797 case NL80211_CMD_FRAME:
2798 case NL80211_CMD_FRAME_TX_STATUS:
2799 mlme_event(bss, gnlh->cmd, tb[NL80211_ATTR_FRAME],
2800 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
2801 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
2802 tb[NL80211_ATTR_COOKIE],
2803 tb[NL80211_ATTR_RX_SIGNAL_DBM]);
2804 break;
2805 case NL80211_CMD_UNEXPECTED_FRAME:
2806 nl80211_spurious_frame(bss, tb, 0);
2807 break;
2808 case NL80211_CMD_UNEXPECTED_4ADDR_FRAME:
2809 nl80211_spurious_frame(bss, tb, 1);
2810 break;
2811 default:
2812 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
2813 "(cmd=%d)", gnlh->cmd);
2814 break;
2815 }
2816
2817 return NL_SKIP;
2818 }
2819
2820
wpa_driver_nl80211_event_receive(int sock,void * eloop_ctx,void * handle)2821 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
2822 void *handle)
2823 {
2824 struct nl_cb *cb = eloop_ctx;
2825
2826 wpa_printf(MSG_MSGDUMP, "nl80211: Event message available");
2827
2828 nl_recvmsgs(handle, cb);
2829 }
2830
2831
2832 /**
2833 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
2834 * @priv: driver_nl80211 private data
2835 * @alpha2_arg: country to which to switch to
2836 * Returns: 0 on success, -1 on failure
2837 *
2838 * This asks nl80211 to set the regulatory domain for given
2839 * country ISO / IEC alpha2.
2840 */
wpa_driver_nl80211_set_country(void * priv,const char * alpha2_arg)2841 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
2842 {
2843 struct i802_bss *bss = priv;
2844 struct wpa_driver_nl80211_data *drv = bss->drv;
2845 char alpha2[3];
2846 struct nl_msg *msg;
2847
2848 msg = nlmsg_alloc();
2849 if (!msg)
2850 return -ENOMEM;
2851
2852 alpha2[0] = alpha2_arg[0];
2853 alpha2[1] = alpha2_arg[1];
2854 alpha2[2] = '\0';
2855
2856 nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG);
2857
2858 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
2859 if (send_and_recv_msgs(drv, msg, NULL, NULL))
2860 return -EINVAL;
2861 return 0;
2862 nla_put_failure:
2863 nlmsg_free(msg);
2864 return -EINVAL;
2865 }
2866
2867
protocol_feature_handler(struct nl_msg * msg,void * arg)2868 static int protocol_feature_handler(struct nl_msg *msg, void *arg)
2869 {
2870 u32 *feat = arg;
2871 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
2872 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2873
2874 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2875 genlmsg_attrlen(gnlh, 0), NULL);
2876
2877 if (tb_msg[NL80211_ATTR_PROTOCOL_FEATURES])
2878 *feat = nla_get_u32(tb_msg[NL80211_ATTR_PROTOCOL_FEATURES]);
2879
2880 return NL_SKIP;
2881 }
2882
2883
get_nl80211_protocol_features(struct wpa_driver_nl80211_data * drv)2884 static u32 get_nl80211_protocol_features(struct wpa_driver_nl80211_data *drv)
2885 {
2886 u32 feat = 0;
2887 struct nl_msg *msg;
2888
2889 msg = nlmsg_alloc();
2890 if (!msg)
2891 goto nla_put_failure;
2892
2893 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_PROTOCOL_FEATURES);
2894 if (send_and_recv_msgs(drv, msg, protocol_feature_handler, &feat) == 0)
2895 return feat;
2896
2897 msg = NULL;
2898 nla_put_failure:
2899 nlmsg_free(msg);
2900 return 0;
2901 }
2902
2903
2904 struct wiphy_info_data {
2905 struct wpa_driver_nl80211_data *drv;
2906 struct wpa_driver_capa *capa;
2907
2908 unsigned int num_multichan_concurrent;
2909
2910 unsigned int error:1;
2911 unsigned int device_ap_sme:1;
2912 unsigned int poll_command_supported:1;
2913 unsigned int data_tx_status:1;
2914 unsigned int monitor_supported:1;
2915 unsigned int auth_supported:1;
2916 unsigned int connect_supported:1;
2917 unsigned int p2p_go_supported:1;
2918 unsigned int p2p_client_supported:1;
2919 unsigned int p2p_concurrent:1;
2920 };
2921
2922
probe_resp_offload_support(int supp_protocols)2923 static unsigned int probe_resp_offload_support(int supp_protocols)
2924 {
2925 unsigned int prot = 0;
2926
2927 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS)
2928 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS;
2929 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2)
2930 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2;
2931 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P)
2932 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P;
2933 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U)
2934 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING;
2935
2936 return prot;
2937 }
2938
2939
wiphy_info_supported_iftypes(struct wiphy_info_data * info,struct nlattr * tb)2940 static void wiphy_info_supported_iftypes(struct wiphy_info_data *info,
2941 struct nlattr *tb)
2942 {
2943 struct nlattr *nl_mode;
2944 int i;
2945
2946 if (tb == NULL)
2947 return;
2948
2949 nla_for_each_nested(nl_mode, tb, i) {
2950 switch (nla_type(nl_mode)) {
2951 case NL80211_IFTYPE_AP:
2952 info->capa->flags |= WPA_DRIVER_FLAGS_AP;
2953 break;
2954 case NL80211_IFTYPE_ADHOC:
2955 info->capa->flags |= WPA_DRIVER_FLAGS_IBSS;
2956 break;
2957 case NL80211_IFTYPE_P2P_DEVICE:
2958 info->capa->flags |=
2959 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE;
2960 break;
2961 case NL80211_IFTYPE_P2P_GO:
2962 info->p2p_go_supported = 1;
2963 break;
2964 case NL80211_IFTYPE_P2P_CLIENT:
2965 info->p2p_client_supported = 1;
2966 break;
2967 case NL80211_IFTYPE_MONITOR:
2968 info->monitor_supported = 1;
2969 break;
2970 }
2971 }
2972 }
2973
2974
wiphy_info_iface_comb_process(struct wiphy_info_data * info,struct nlattr * nl_combi)2975 static int wiphy_info_iface_comb_process(struct wiphy_info_data *info,
2976 struct nlattr *nl_combi)
2977 {
2978 struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB];
2979 struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT];
2980 struct nlattr *nl_limit, *nl_mode;
2981 int err, rem_limit, rem_mode;
2982 int combination_has_p2p = 0, combination_has_mgd = 0;
2983 static struct nla_policy
2984 iface_combination_policy[NUM_NL80211_IFACE_COMB] = {
2985 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED },
2986 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 },
2987 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG },
2988 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 },
2989 [NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS] = { .type = NLA_U32 },
2990 },
2991 iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = {
2992 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED },
2993 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 },
2994 };
2995
2996 err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB,
2997 nl_combi, iface_combination_policy);
2998 if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] ||
2999 !tb_comb[NL80211_IFACE_COMB_MAXNUM] ||
3000 !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS])
3001 return 0; /* broken combination */
3002
3003 if (tb_comb[NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS])
3004 info->capa->flags |= WPA_DRIVER_FLAGS_RADAR;
3005
3006 nla_for_each_nested(nl_limit, tb_comb[NL80211_IFACE_COMB_LIMITS],
3007 rem_limit) {
3008 err = nla_parse_nested(tb_limit, MAX_NL80211_IFACE_LIMIT,
3009 nl_limit, iface_limit_policy);
3010 if (err || !tb_limit[NL80211_IFACE_LIMIT_TYPES])
3011 return 0; /* broken combination */
3012
3013 nla_for_each_nested(nl_mode,
3014 tb_limit[NL80211_IFACE_LIMIT_TYPES],
3015 rem_mode) {
3016 int ift = nla_type(nl_mode);
3017 if (ift == NL80211_IFTYPE_P2P_GO ||
3018 ift == NL80211_IFTYPE_P2P_CLIENT)
3019 combination_has_p2p = 1;
3020 if (ift == NL80211_IFTYPE_STATION)
3021 combination_has_mgd = 1;
3022 }
3023 if (combination_has_p2p && combination_has_mgd)
3024 break;
3025 }
3026
3027 if (combination_has_p2p && combination_has_mgd) {
3028 info->p2p_concurrent = 1;
3029 info->num_multichan_concurrent =
3030 nla_get_u32(tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]);
3031 return 1;
3032 }
3033
3034 return 0;
3035 }
3036
3037
wiphy_info_iface_comb(struct wiphy_info_data * info,struct nlattr * tb)3038 static void wiphy_info_iface_comb(struct wiphy_info_data *info,
3039 struct nlattr *tb)
3040 {
3041 struct nlattr *nl_combi;
3042 int rem_combi;
3043
3044 if (tb == NULL)
3045 return;
3046
3047 nla_for_each_nested(nl_combi, tb, rem_combi) {
3048 if (wiphy_info_iface_comb_process(info, nl_combi) > 0)
3049 break;
3050 }
3051 }
3052
3053
wiphy_info_supp_cmds(struct wiphy_info_data * info,struct nlattr * tb)3054 static void wiphy_info_supp_cmds(struct wiphy_info_data *info,
3055 struct nlattr *tb)
3056 {
3057 struct nlattr *nl_cmd;
3058 int i;
3059
3060 if (tb == NULL)
3061 return;
3062
3063 nla_for_each_nested(nl_cmd, tb, i) {
3064 switch (nla_get_u32(nl_cmd)) {
3065 case NL80211_CMD_AUTHENTICATE:
3066 info->auth_supported = 1;
3067 break;
3068 case NL80211_CMD_CONNECT:
3069 info->connect_supported = 1;
3070 break;
3071 case NL80211_CMD_START_SCHED_SCAN:
3072 info->capa->sched_scan_supported = 1;
3073 break;
3074 case NL80211_CMD_PROBE_CLIENT:
3075 info->poll_command_supported = 1;
3076 break;
3077 }
3078 }
3079 }
3080
3081
wiphy_info_max_roc(struct wpa_driver_capa * capa,struct nlattr * tb)3082 static void wiphy_info_max_roc(struct wpa_driver_capa *capa,
3083 struct nlattr *tb)
3084 {
3085 if (tb)
3086 capa->max_remain_on_chan = nla_get_u32(tb);
3087 }
3088
3089
wiphy_info_tdls(struct wpa_driver_capa * capa,struct nlattr * tdls,struct nlattr * ext_setup)3090 static void wiphy_info_tdls(struct wpa_driver_capa *capa, struct nlattr *tdls,
3091 struct nlattr *ext_setup)
3092 {
3093 if (tdls == NULL)
3094 return;
3095
3096 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported");
3097 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT;
3098
3099 if (ext_setup) {
3100 wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup");
3101 capa->flags |= WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP;
3102 }
3103 }
3104
3105
wiphy_info_feature_flags(struct wiphy_info_data * info,struct nlattr * tb)3106 static void wiphy_info_feature_flags(struct wiphy_info_data *info,
3107 struct nlattr *tb)
3108 {
3109 u32 flags;
3110 struct wpa_driver_capa *capa = info->capa;
3111
3112 if (tb == NULL)
3113 return;
3114
3115 flags = nla_get_u32(tb);
3116
3117 if (flags & NL80211_FEATURE_SK_TX_STATUS)
3118 info->data_tx_status = 1;
3119
3120 if (flags & NL80211_FEATURE_INACTIVITY_TIMER)
3121 capa->flags |= WPA_DRIVER_FLAGS_INACTIVITY_TIMER;
3122
3123 if (flags & NL80211_FEATURE_SAE)
3124 capa->flags |= WPA_DRIVER_FLAGS_SAE;
3125
3126 if (flags & NL80211_FEATURE_NEED_OBSS_SCAN)
3127 capa->flags |= WPA_DRIVER_FLAGS_OBSS_SCAN;
3128 }
3129
3130
wiphy_info_probe_resp_offload(struct wpa_driver_capa * capa,struct nlattr * tb)3131 static void wiphy_info_probe_resp_offload(struct wpa_driver_capa *capa,
3132 struct nlattr *tb)
3133 {
3134 u32 protocols;
3135
3136 if (tb == NULL)
3137 return;
3138
3139 protocols = nla_get_u32(tb);
3140 wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response offload in AP "
3141 "mode");
3142 capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD;
3143 capa->probe_resp_offloads = probe_resp_offload_support(protocols);
3144 }
3145
3146
wiphy_info_handler(struct nl_msg * msg,void * arg)3147 static int wiphy_info_handler(struct nl_msg *msg, void *arg)
3148 {
3149 struct nlattr *tb[NL80211_ATTR_MAX + 1];
3150 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3151 struct wiphy_info_data *info = arg;
3152 struct wpa_driver_capa *capa = info->capa;
3153 struct wpa_driver_nl80211_data *drv = info->drv;
3154
3155 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3156 genlmsg_attrlen(gnlh, 0), NULL);
3157
3158 if (tb[NL80211_ATTR_WIPHY_NAME])
3159 os_strncpy(drv->phyname,
3160 nla_get_string(tb[NL80211_ATTR_WIPHY_NAME]),
3161 sizeof(drv->phyname));
3162 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
3163 capa->max_scan_ssids =
3164 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
3165
3166 if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS])
3167 capa->max_sched_scan_ssids =
3168 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]);
3169
3170 if (tb[NL80211_ATTR_MAX_MATCH_SETS])
3171 capa->max_match_sets =
3172 nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]);
3173
3174 if (tb[NL80211_ATTR_MAC_ACL_MAX])
3175 capa->max_acl_mac_addrs =
3176 nla_get_u8(tb[NL80211_ATTR_MAC_ACL_MAX]);
3177
3178 wiphy_info_supported_iftypes(info, tb[NL80211_ATTR_SUPPORTED_IFTYPES]);
3179 wiphy_info_iface_comb(info, tb[NL80211_ATTR_INTERFACE_COMBINATIONS]);
3180 wiphy_info_supp_cmds(info, tb[NL80211_ATTR_SUPPORTED_COMMANDS]);
3181
3182 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) {
3183 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based "
3184 "off-channel TX");
3185 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
3186 }
3187
3188 if (tb[NL80211_ATTR_ROAM_SUPPORT]) {
3189 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming");
3190 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION;
3191 }
3192
3193 wiphy_info_max_roc(capa,
3194 tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]);
3195
3196 if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD])
3197 capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD;
3198
3199 wiphy_info_tdls(capa, tb[NL80211_ATTR_TDLS_SUPPORT],
3200 tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]);
3201
3202 if (tb[NL80211_ATTR_DEVICE_AP_SME])
3203 info->device_ap_sme = 1;
3204
3205 wiphy_info_feature_flags(info, tb[NL80211_ATTR_FEATURE_FLAGS]);
3206 wiphy_info_probe_resp_offload(capa,
3207 tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]);
3208
3209 if (tb[NL80211_ATTR_EXT_CAPA] && tb[NL80211_ATTR_EXT_CAPA_MASK] &&
3210 drv->extended_capa == NULL) {
3211 drv->extended_capa =
3212 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3213 if (drv->extended_capa) {
3214 os_memcpy(drv->extended_capa,
3215 nla_data(tb[NL80211_ATTR_EXT_CAPA]),
3216 nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3217 drv->extended_capa_len =
3218 nla_len(tb[NL80211_ATTR_EXT_CAPA]);
3219 }
3220 drv->extended_capa_mask =
3221 os_malloc(nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3222 if (drv->extended_capa_mask) {
3223 os_memcpy(drv->extended_capa_mask,
3224 nla_data(tb[NL80211_ATTR_EXT_CAPA]),
3225 nla_len(tb[NL80211_ATTR_EXT_CAPA]));
3226 } else {
3227 os_free(drv->extended_capa);
3228 drv->extended_capa = NULL;
3229 drv->extended_capa_len = 0;
3230 }
3231 }
3232
3233 return NL_SKIP;
3234 }
3235
3236
wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data * drv,struct wiphy_info_data * info)3237 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
3238 struct wiphy_info_data *info)
3239 {
3240 u32 feat;
3241 struct nl_msg *msg;
3242
3243 os_memset(info, 0, sizeof(*info));
3244 info->capa = &drv->capa;
3245 info->drv = drv;
3246
3247 msg = nlmsg_alloc();
3248 if (!msg)
3249 return -1;
3250
3251 feat = get_nl80211_protocol_features(drv);
3252 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP)
3253 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY);
3254 else
3255 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY);
3256
3257 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP);
3258 if (nl80211_set_iface_id(msg, &drv->first_bss) < 0)
3259 goto nla_put_failure;
3260
3261 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info))
3262 return -1;
3263
3264 if (info->auth_supported)
3265 drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
3266 else if (!info->connect_supported) {
3267 wpa_printf(MSG_INFO, "nl80211: Driver does not support "
3268 "authentication/association or connect commands");
3269 info->error = 1;
3270 }
3271
3272 if (info->p2p_go_supported && info->p2p_client_supported)
3273 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE;
3274 if (info->p2p_concurrent) {
3275 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
3276 "interface (driver advertised support)");
3277 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
3278 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
3279 }
3280 if (info->num_multichan_concurrent > 1) {
3281 wpa_printf(MSG_DEBUG, "nl80211: Enable multi-channel "
3282 "concurrent (driver advertised support)");
3283 drv->capa.num_multichan_concurrent =
3284 info->num_multichan_concurrent;
3285 }
3286
3287 /* default to 5000 since early versions of mac80211 don't set it */
3288 if (!drv->capa.max_remain_on_chan)
3289 drv->capa.max_remain_on_chan = 5000;
3290
3291 return 0;
3292 nla_put_failure:
3293 nlmsg_free(msg);
3294 return -1;
3295 }
3296
3297
wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data * drv)3298 static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
3299 {
3300 struct wiphy_info_data info;
3301 if (wpa_driver_nl80211_get_info(drv, &info))
3302 return -1;
3303
3304 if (info.error)
3305 return -1;
3306
3307 drv->has_capability = 1;
3308 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
3309 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
3310 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
3311 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
3312 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
3313 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
3314 WPA_DRIVER_CAPA_ENC_WEP104 |
3315 WPA_DRIVER_CAPA_ENC_TKIP |
3316 WPA_DRIVER_CAPA_ENC_CCMP;
3317 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
3318 WPA_DRIVER_AUTH_SHARED |
3319 WPA_DRIVER_AUTH_LEAP;
3320
3321 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES;
3322 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE;
3323 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
3324
3325 if (!info.device_ap_sme) {
3326 drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS;
3327
3328 /*
3329 * No AP SME is currently assumed to also indicate no AP MLME
3330 * in the driver/firmware.
3331 */
3332 drv->capa.flags |= WPA_DRIVER_FLAGS_AP_MLME;
3333 }
3334
3335 drv->device_ap_sme = info.device_ap_sme;
3336 drv->poll_command_supported = info.poll_command_supported;
3337 drv->data_tx_status = info.data_tx_status;
3338
3339 #ifdef ANDROID_P2P
3340 if(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) {
3341 /* Driver is new enough to support monitorless mode*/
3342 wpa_printf(MSG_DEBUG, "nl80211: Driver is new "
3343 "enough to support monitor-less mode");
3344 drv->use_monitor = 0;
3345 }
3346 #else
3347 /*
3348 * If poll command and tx status are supported, mac80211 is new enough
3349 * to have everything we need to not need monitor interfaces.
3350 */
3351 drv->use_monitor = !info.poll_command_supported || !info.data_tx_status;
3352 #endif
3353
3354 if (drv->device_ap_sme && drv->use_monitor) {
3355 /*
3356 * Non-mac80211 drivers may not support monitor interface.
3357 * Make sure we do not get stuck with incorrect capability here
3358 * by explicitly testing this.
3359 */
3360 if (!info.monitor_supported) {
3361 wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor "
3362 "with device_ap_sme since no monitor mode "
3363 "support detected");
3364 drv->use_monitor = 0;
3365 }
3366 }
3367
3368 /*
3369 * If we aren't going to use monitor interfaces, but the
3370 * driver doesn't support data TX status, we won't get TX
3371 * status for EAPOL frames.
3372 */
3373 if (!drv->use_monitor && !info.data_tx_status)
3374 drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
3375
3376 return 0;
3377 }
3378
3379
3380 #ifdef ANDROID
android_genl_ctrl_resolve(struct nl_handle * handle,const char * name)3381 static int android_genl_ctrl_resolve(struct nl_handle *handle,
3382 const char *name)
3383 {
3384 /*
3385 * Android ICS has very minimal genl_ctrl_resolve() implementation, so
3386 * need to work around that.
3387 */
3388 struct nl_cache *cache = NULL;
3389 struct genl_family *nl80211 = NULL;
3390 int id = -1;
3391
3392 if (genl_ctrl_alloc_cache(handle, &cache) < 0) {
3393 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
3394 "netlink cache");
3395 goto fail;
3396 }
3397
3398 nl80211 = genl_ctrl_search_by_name(cache, name);
3399 if (nl80211 == NULL)
3400 goto fail;
3401
3402 id = genl_family_get_id(nl80211);
3403
3404 fail:
3405 if (nl80211)
3406 genl_family_put(nl80211);
3407 if (cache)
3408 nl_cache_free(cache);
3409
3410 return id;
3411 }
3412 #define genl_ctrl_resolve android_genl_ctrl_resolve
3413 #endif /* ANDROID */
3414
3415
wpa_driver_nl80211_init_nl_global(struct nl80211_global * global)3416 static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
3417 {
3418 int ret;
3419
3420 global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
3421 if (global->nl_cb == NULL) {
3422 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
3423 "callbacks");
3424 return -1;
3425 }
3426
3427 global->nl = nl_create_handle(global->nl_cb, "nl");
3428 if (global->nl == NULL)
3429 goto err;
3430
3431 global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211");
3432 if (global->nl80211_id < 0) {
3433 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
3434 "found");
3435 goto err;
3436 }
3437
3438 global->nl_event = nl_create_handle(global->nl_cb, "event");
3439 if (global->nl_event == NULL)
3440 goto err;
3441
3442 ret = nl_get_multicast_id(global, "nl80211", "scan");
3443 if (ret >= 0)
3444 ret = nl_socket_add_membership(global->nl_event, ret);
3445 if (ret < 0) {
3446 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
3447 "membership for scan events: %d (%s)",
3448 ret, strerror(-ret));
3449 goto err;
3450 }
3451
3452 ret = nl_get_multicast_id(global, "nl80211", "mlme");
3453 if (ret >= 0)
3454 ret = nl_socket_add_membership(global->nl_event, ret);
3455 if (ret < 0) {
3456 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
3457 "membership for mlme events: %d (%s)",
3458 ret, strerror(-ret));
3459 goto err;
3460 }
3461
3462 ret = nl_get_multicast_id(global, "nl80211", "regulatory");
3463 if (ret >= 0)
3464 ret = nl_socket_add_membership(global->nl_event, ret);
3465 if (ret < 0) {
3466 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
3467 "membership for regulatory events: %d (%s)",
3468 ret, strerror(-ret));
3469 /* Continue without regulatory events */
3470 }
3471
3472 nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
3473 no_seq_check, NULL);
3474 nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
3475 process_global_event, global);
3476
3477 eloop_register_read_sock(nl_socket_get_fd(global->nl_event),
3478 wpa_driver_nl80211_event_receive,
3479 global->nl_cb, global->nl_event);
3480
3481 return 0;
3482
3483 err:
3484 nl_destroy_handles(&global->nl_event);
3485 nl_destroy_handles(&global->nl);
3486 nl_cb_put(global->nl_cb);
3487 global->nl_cb = NULL;
3488 return -1;
3489 }
3490
3491
wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data * drv)3492 static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv)
3493 {
3494 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
3495 if (!drv->nl_cb) {
3496 wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct");
3497 return -1;
3498 }
3499
3500 nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
3501 no_seq_check, NULL);
3502 nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
3503 process_drv_event, drv);
3504
3505 return 0;
3506 }
3507
3508
wpa_driver_nl80211_rfkill_blocked(void * ctx)3509 static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
3510 {
3511 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
3512 /*
3513 * This may be for any interface; use ifdown event to disable
3514 * interface.
3515 */
3516 }
3517
3518
wpa_driver_nl80211_rfkill_unblocked(void * ctx)3519 static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
3520 {
3521 struct wpa_driver_nl80211_data *drv = ctx;
3522 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
3523 if (i802_set_iface_flags(&drv->first_bss, 1)) {
3524 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
3525 "after rfkill unblock");
3526 return;
3527 }
3528 /* rtnetlink ifup handler will report interface as enabled */
3529 }
3530
3531
wpa_driver_nl80211_handle_eapol_tx_status(int sock,void * eloop_ctx,void * handle)3532 static void wpa_driver_nl80211_handle_eapol_tx_status(int sock,
3533 void *eloop_ctx,
3534 void *handle)
3535 {
3536 struct wpa_driver_nl80211_data *drv = eloop_ctx;
3537 u8 data[2048];
3538 struct msghdr msg;
3539 struct iovec entry;
3540 u8 control[512];
3541 struct cmsghdr *cmsg;
3542 int res, found_ee = 0, found_wifi = 0, acked = 0;
3543 union wpa_event_data event;
3544
3545 memset(&msg, 0, sizeof(msg));
3546 msg.msg_iov = &entry;
3547 msg.msg_iovlen = 1;
3548 entry.iov_base = data;
3549 entry.iov_len = sizeof(data);
3550 msg.msg_control = &control;
3551 msg.msg_controllen = sizeof(control);
3552
3553 res = recvmsg(sock, &msg, MSG_ERRQUEUE);
3554 /* if error or not fitting 802.3 header, return */
3555 if (res < 14)
3556 return;
3557
3558 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
3559 {
3560 if (cmsg->cmsg_level == SOL_SOCKET &&
3561 cmsg->cmsg_type == SCM_WIFI_STATUS) {
3562 int *ack;
3563
3564 found_wifi = 1;
3565 ack = (void *)CMSG_DATA(cmsg);
3566 acked = *ack;
3567 }
3568
3569 if (cmsg->cmsg_level == SOL_PACKET &&
3570 cmsg->cmsg_type == PACKET_TX_TIMESTAMP) {
3571 struct sock_extended_err *err =
3572 (struct sock_extended_err *)CMSG_DATA(cmsg);
3573
3574 if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS)
3575 found_ee = 1;
3576 }
3577 }
3578
3579 if (!found_ee || !found_wifi)
3580 return;
3581
3582 memset(&event, 0, sizeof(event));
3583 event.eapol_tx_status.dst = data;
3584 event.eapol_tx_status.data = data + 14;
3585 event.eapol_tx_status.data_len = res - 14;
3586 event.eapol_tx_status.ack = acked;
3587 wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event);
3588 }
3589
3590
nl80211_init_bss(struct i802_bss * bss)3591 static int nl80211_init_bss(struct i802_bss *bss)
3592 {
3593 bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
3594 if (!bss->nl_cb)
3595 return -1;
3596
3597 nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
3598 no_seq_check, NULL);
3599 nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
3600 process_bss_event, bss);
3601
3602 return 0;
3603 }
3604
3605
nl80211_destroy_bss(struct i802_bss * bss)3606 static void nl80211_destroy_bss(struct i802_bss *bss)
3607 {
3608 nl_cb_put(bss->nl_cb);
3609 bss->nl_cb = NULL;
3610 }
3611
3612
3613 /**
3614 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
3615 * @ctx: context to be used when calling wpa_supplicant functions,
3616 * e.g., wpa_supplicant_event()
3617 * @ifname: interface name, e.g., wlan0
3618 * @global_priv: private driver global data from global_init()
3619 * Returns: Pointer to private data, %NULL on failure
3620 */
wpa_driver_nl80211_init(void * ctx,const char * ifname,void * global_priv)3621 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
3622 void *global_priv)
3623 {
3624 struct wpa_driver_nl80211_data *drv;
3625 struct rfkill_config *rcfg;
3626 struct i802_bss *bss;
3627
3628 if (global_priv == NULL)
3629 return NULL;
3630 drv = os_zalloc(sizeof(*drv));
3631 if (drv == NULL)
3632 return NULL;
3633 drv->global = global_priv;
3634 drv->ctx = ctx;
3635 bss = &drv->first_bss;
3636 bss->drv = drv;
3637 bss->ctx = ctx;
3638
3639 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
3640 drv->monitor_ifidx = -1;
3641 drv->monitor_sock = -1;
3642 drv->eapol_tx_sock = -1;
3643 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
3644
3645 if (wpa_driver_nl80211_init_nl(drv)) {
3646 os_free(drv);
3647 return NULL;
3648 }
3649
3650 if (nl80211_init_bss(bss))
3651 goto failed;
3652
3653 rcfg = os_zalloc(sizeof(*rcfg));
3654 if (rcfg == NULL)
3655 goto failed;
3656 rcfg->ctx = drv;
3657 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
3658 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
3659 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
3660 drv->rfkill = rfkill_init(rcfg);
3661 if (drv->rfkill == NULL) {
3662 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
3663 os_free(rcfg);
3664 }
3665
3666 if (wpa_driver_nl80211_finish_drv_init(drv))
3667 goto failed;
3668
3669 drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
3670 if (drv->eapol_tx_sock < 0)
3671 goto failed;
3672
3673 if (drv->data_tx_status) {
3674 int enabled = 1;
3675
3676 if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS,
3677 &enabled, sizeof(enabled)) < 0) {
3678 wpa_printf(MSG_DEBUG,
3679 "nl80211: wifi status sockopt failed\n");
3680 drv->data_tx_status = 0;
3681 if (!drv->use_monitor)
3682 drv->capa.flags &=
3683 ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
3684 } else {
3685 eloop_register_read_sock(drv->eapol_tx_sock,
3686 wpa_driver_nl80211_handle_eapol_tx_status,
3687 drv, NULL);
3688 }
3689 }
3690
3691 if (drv->global) {
3692 dl_list_add(&drv->global->interfaces, &drv->list);
3693 drv->in_interface_list = 1;
3694 }
3695
3696 return bss;
3697
3698 failed:
3699 wpa_driver_nl80211_deinit(bss);
3700 return NULL;
3701 }
3702
3703
nl80211_register_frame(struct i802_bss * bss,struct nl_handle * nl_handle,u16 type,const u8 * match,size_t match_len)3704 static int nl80211_register_frame(struct i802_bss *bss,
3705 struct nl_handle *nl_handle,
3706 u16 type, const u8 *match, size_t match_len)
3707 {
3708 struct wpa_driver_nl80211_data *drv = bss->drv;
3709 struct nl_msg *msg;
3710 int ret = -1;
3711
3712 msg = nlmsg_alloc();
3713 if (!msg)
3714 return -1;
3715
3716 wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x nl_handle=%p",
3717 type, nl_handle);
3718 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
3719 match, match_len);
3720
3721 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION);
3722
3723 if (nl80211_set_iface_id(msg, bss) < 0)
3724 goto nla_put_failure;
3725
3726 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type);
3727 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match);
3728
3729 ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL);
3730 msg = NULL;
3731 if (ret) {
3732 wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
3733 "failed (type=%u): ret=%d (%s)",
3734 type, ret, strerror(-ret));
3735 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
3736 match, match_len);
3737 goto nla_put_failure;
3738 }
3739 ret = 0;
3740 nla_put_failure:
3741 nlmsg_free(msg);
3742 return ret;
3743 }
3744
3745
nl80211_alloc_mgmt_handle(struct i802_bss * bss)3746 static int nl80211_alloc_mgmt_handle(struct i802_bss *bss)
3747 {
3748 struct wpa_driver_nl80211_data *drv = bss->drv;
3749
3750 if (bss->nl_mgmt) {
3751 wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting "
3752 "already on! (nl_mgmt=%p)", bss->nl_mgmt);
3753 return -1;
3754 }
3755
3756 bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt");
3757 if (bss->nl_mgmt == NULL)
3758 return -1;
3759
3760 eloop_register_read_sock(nl_socket_get_fd(bss->nl_mgmt),
3761 wpa_driver_nl80211_event_receive, bss->nl_cb,
3762 bss->nl_mgmt);
3763
3764 return 0;
3765 }
3766
3767
nl80211_register_action_frame(struct i802_bss * bss,const u8 * match,size_t match_len)3768 static int nl80211_register_action_frame(struct i802_bss *bss,
3769 const u8 *match, size_t match_len)
3770 {
3771 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
3772 return nl80211_register_frame(bss, bss->nl_mgmt,
3773 type, match, match_len);
3774 }
3775
3776
nl80211_mgmt_subscribe_non_ap(struct i802_bss * bss)3777 static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
3778 {
3779 struct wpa_driver_nl80211_data *drv = bss->drv;
3780
3781 if (nl80211_alloc_mgmt_handle(bss))
3782 return -1;
3783 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP "
3784 "handle %p", bss->nl_mgmt);
3785
3786 #if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING)
3787 /* GAS Initial Request */
3788 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0)
3789 return -1;
3790 /* GAS Initial Response */
3791 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0)
3792 return -1;
3793 /* GAS Comeback Request */
3794 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0)
3795 return -1;
3796 /* GAS Comeback Response */
3797 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0)
3798 return -1;
3799 #endif /* CONFIG_P2P || CONFIG_INTERWORKING */
3800 #ifdef CONFIG_P2P
3801 /* P2P Public Action */
3802 if (nl80211_register_action_frame(bss,
3803 (u8 *) "\x04\x09\x50\x6f\x9a\x09",
3804 6) < 0)
3805 return -1;
3806 /* P2P Action */
3807 if (nl80211_register_action_frame(bss,
3808 (u8 *) "\x7f\x50\x6f\x9a\x09",
3809 5) < 0)
3810 return -1;
3811 #endif /* CONFIG_P2P */
3812 #ifdef CONFIG_IEEE80211W
3813 /* SA Query Response */
3814 if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0)
3815 return -1;
3816 #endif /* CONFIG_IEEE80211W */
3817 #ifdef CONFIG_TDLS
3818 if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) {
3819 /* TDLS Discovery Response */
3820 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) <
3821 0)
3822 return -1;
3823 }
3824 #endif /* CONFIG_TDLS */
3825
3826 /* FT Action frames */
3827 if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
3828 return -1;
3829 else
3830 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
3831 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
3832
3833 /* WNM - BSS Transition Management Request */
3834 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0)
3835 return -1;
3836 /* WNM-Sleep Mode Response */
3837 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0)
3838 return -1;
3839
3840 return 0;
3841 }
3842
3843
nl80211_register_spurious_class3(struct i802_bss * bss)3844 static int nl80211_register_spurious_class3(struct i802_bss *bss)
3845 {
3846 struct wpa_driver_nl80211_data *drv = bss->drv;
3847 struct nl_msg *msg;
3848 int ret = -1;
3849
3850 msg = nlmsg_alloc();
3851 if (!msg)
3852 return -1;
3853
3854 nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME);
3855
3856 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
3857
3858 ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL);
3859 msg = NULL;
3860 if (ret) {
3861 wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 "
3862 "failed: ret=%d (%s)",
3863 ret, strerror(-ret));
3864 goto nla_put_failure;
3865 }
3866 ret = 0;
3867 nla_put_failure:
3868 nlmsg_free(msg);
3869 return ret;
3870 }
3871
3872
nl80211_mgmt_subscribe_ap(struct i802_bss * bss)3873 static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss)
3874 {
3875 static const int stypes[] = {
3876 WLAN_FC_STYPE_AUTH,
3877 WLAN_FC_STYPE_ASSOC_REQ,
3878 WLAN_FC_STYPE_REASSOC_REQ,
3879 WLAN_FC_STYPE_DISASSOC,
3880 WLAN_FC_STYPE_DEAUTH,
3881 WLAN_FC_STYPE_ACTION,
3882 WLAN_FC_STYPE_PROBE_REQ,
3883 /* Beacon doesn't work as mac80211 doesn't currently allow
3884 * it, but it wouldn't really be the right thing anyway as
3885 * it isn't per interface ... maybe just dump the scan
3886 * results periodically for OLBC?
3887 */
3888 // WLAN_FC_STYPE_BEACON,
3889 };
3890 unsigned int i;
3891
3892 if (nl80211_alloc_mgmt_handle(bss))
3893 return -1;
3894 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
3895 "handle %p", bss->nl_mgmt);
3896
3897 for (i = 0; i < sizeof(stypes) / sizeof(stypes[0]); i++) {
3898 if (nl80211_register_frame(bss, bss->nl_mgmt,
3899 (WLAN_FC_TYPE_MGMT << 2) |
3900 (stypes[i] << 4),
3901 NULL, 0) < 0) {
3902 goto out_err;
3903 }
3904 }
3905
3906 if (nl80211_register_spurious_class3(bss))
3907 goto out_err;
3908
3909 if (nl80211_get_wiphy_data_ap(bss) == NULL)
3910 goto out_err;
3911
3912 return 0;
3913
3914 out_err:
3915 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt));
3916 nl_destroy_handles(&bss->nl_mgmt);
3917 return -1;
3918 }
3919
3920
nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss * bss)3921 static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss)
3922 {
3923 if (nl80211_alloc_mgmt_handle(bss))
3924 return -1;
3925 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
3926 "handle %p (device SME)", bss->nl_mgmt);
3927
3928 if (nl80211_register_frame(bss, bss->nl_mgmt,
3929 (WLAN_FC_TYPE_MGMT << 2) |
3930 (WLAN_FC_STYPE_ACTION << 4),
3931 NULL, 0) < 0)
3932 goto out_err;
3933
3934 return 0;
3935
3936 out_err:
3937 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt));
3938 nl_destroy_handles(&bss->nl_mgmt);
3939 return -1;
3940 }
3941
3942
nl80211_mgmt_unsubscribe(struct i802_bss * bss,const char * reason)3943 static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason)
3944 {
3945 if (bss->nl_mgmt == NULL)
3946 return;
3947 wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p "
3948 "(%s)", bss->nl_mgmt, reason);
3949 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt));
3950 nl_destroy_handles(&bss->nl_mgmt);
3951
3952 nl80211_put_wiphy_data_ap(bss);
3953 }
3954
3955
wpa_driver_nl80211_send_rfkill(void * eloop_ctx,void * timeout_ctx)3956 static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
3957 {
3958 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
3959 }
3960
3961
nl80211_del_p2pdev(struct i802_bss * bss)3962 static void nl80211_del_p2pdev(struct i802_bss *bss)
3963 {
3964 struct wpa_driver_nl80211_data *drv = bss->drv;
3965 struct nl_msg *msg;
3966 int ret;
3967
3968 msg = nlmsg_alloc();
3969 if (!msg)
3970 return;
3971
3972 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE);
3973 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
3974
3975 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3976 msg = NULL;
3977
3978 wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s",
3979 bss->ifname, (long long unsigned int) bss->wdev_id,
3980 strerror(ret));
3981
3982 nla_put_failure:
3983 nlmsg_free(msg);
3984 }
3985
3986
nl80211_set_p2pdev(struct i802_bss * bss,int start)3987 static int nl80211_set_p2pdev(struct i802_bss *bss, int start)
3988 {
3989 struct wpa_driver_nl80211_data *drv = bss->drv;
3990 struct nl_msg *msg;
3991 int ret = -1;
3992
3993 msg = nlmsg_alloc();
3994 if (!msg)
3995 return -1;
3996
3997 if (start)
3998 nl80211_cmd(drv, msg, 0, NL80211_CMD_START_P2P_DEVICE);
3999 else
4000 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_P2P_DEVICE);
4001
4002 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
4003
4004 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4005 msg = NULL;
4006
4007 wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s",
4008 start ? "Start" : "Stop",
4009 bss->ifname, (long long unsigned int) bss->wdev_id,
4010 strerror(ret));
4011
4012 nla_put_failure:
4013 nlmsg_free(msg);
4014 return ret;
4015 }
4016
4017
i802_set_iface_flags(struct i802_bss * bss,int up)4018 static int i802_set_iface_flags(struct i802_bss *bss, int up)
4019 {
4020 enum nl80211_iftype nlmode;
4021
4022 nlmode = nl80211_get_ifmode(bss);
4023 if (nlmode != NL80211_IFTYPE_P2P_DEVICE) {
4024 return linux_set_iface_flags(bss->drv->global->ioctl_sock,
4025 bss->ifname, up);
4026 }
4027
4028 /* P2P Device has start/stop which is equivalent */
4029 return nl80211_set_p2pdev(bss, up);
4030 }
4031
4032
4033 static int
wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data * drv)4034 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
4035 {
4036 #ifndef HOSTAPD
4037 enum nl80211_iftype nlmode = NL80211_IFTYPE_STATION;
4038 #endif /* HOSTAPD */
4039 struct i802_bss *bss = &drv->first_bss;
4040 int send_rfkill_event = 0;
4041
4042 drv->ifindex = if_nametoindex(bss->ifname);
4043 bss->ifindex = drv->ifindex;
4044 bss->wdev_id = drv->global->if_add_wdevid;
4045 bss->wdev_id_set = drv->global->if_add_wdevid_set;
4046
4047 bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex;
4048 bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set;
4049 drv->global->if_add_wdevid_set = 0;
4050
4051 if (wpa_driver_nl80211_capa(drv))
4052 return -1;
4053
4054 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s",
4055 bss->ifname, drv->phyname);
4056
4057 #ifndef HOSTAPD
4058 if (bss->if_dynamic)
4059 nlmode = nl80211_get_ifmode(bss);
4060
4061 /*
4062 * Make sure the interface starts up in station mode unless this is a
4063 * dynamically added interface (e.g., P2P) that was already configured
4064 * with proper iftype.
4065 */
4066 if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) {
4067 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver to use managed mode");
4068 return -1;
4069 }
4070 drv->nlmode = nlmode;
4071
4072 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) {
4073 int ret = nl80211_set_p2pdev(bss, 1);
4074 if (ret < 0)
4075 wpa_printf(MSG_ERROR, "nl80211: Could not start P2P device");
4076 nl80211_get_macaddr(bss);
4077 return ret;
4078 }
4079
4080 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) {
4081 if (rfkill_is_blocked(drv->rfkill)) {
4082 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
4083 "interface '%s' due to rfkill",
4084 bss->ifname);
4085 drv->if_disabled = 1;
4086 send_rfkill_event = 1;
4087 } else {
4088 wpa_printf(MSG_ERROR, "nl80211: Could not set "
4089 "interface '%s' UP", bss->ifname);
4090 return -1;
4091 }
4092 }
4093
4094 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
4095 1, IF_OPER_DORMANT);
4096 #endif /* HOSTAPD */
4097
4098 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
4099 bss->addr))
4100 return -1;
4101
4102 if (send_rfkill_event) {
4103 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
4104 drv, drv->ctx);
4105 }
4106
4107 return 0;
4108 }
4109
4110
wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data * drv)4111 static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
4112 {
4113 struct nl_msg *msg;
4114
4115 msg = nlmsg_alloc();
4116 if (!msg)
4117 return -ENOMEM;
4118
4119 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON);
4120 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4121
4122 return send_and_recv_msgs(drv, msg, NULL, NULL);
4123 nla_put_failure:
4124 nlmsg_free(msg);
4125 return -ENOBUFS;
4126 }
4127
4128
4129 /**
4130 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
4131 * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init()
4132 *
4133 * Shut down driver interface and processing of driver events. Free
4134 * private data buffer if one was allocated in wpa_driver_nl80211_init().
4135 */
wpa_driver_nl80211_deinit(struct i802_bss * bss)4136 static void wpa_driver_nl80211_deinit(struct i802_bss *bss)
4137 {
4138 struct wpa_driver_nl80211_data *drv = bss->drv;
4139
4140 bss->in_deinit = 1;
4141 if (drv->data_tx_status)
4142 eloop_unregister_read_sock(drv->eapol_tx_sock);
4143 if (drv->eapol_tx_sock >= 0)
4144 close(drv->eapol_tx_sock);
4145
4146 if (bss->nl_preq)
4147 wpa_driver_nl80211_probe_req_report(bss, 0);
4148 if (bss->added_if_into_bridge) {
4149 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
4150 bss->ifname) < 0)
4151 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
4152 "interface %s from bridge %s: %s",
4153 bss->ifname, bss->brname, strerror(errno));
4154 }
4155 if (bss->added_bridge) {
4156 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
4157 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
4158 "bridge %s: %s",
4159 bss->brname, strerror(errno));
4160 }
4161
4162 nl80211_remove_monitor_interface(drv);
4163
4164 if (is_ap_interface(drv->nlmode))
4165 wpa_driver_nl80211_del_beacon(drv);
4166
4167 #ifdef HOSTAPD
4168 if (drv->last_freq_ht) {
4169 /* Clear HT flags from the driver */
4170 struct hostapd_freq_params freq;
4171 os_memset(&freq, 0, sizeof(freq));
4172 freq.freq = drv->last_freq;
4173 wpa_driver_nl80211_set_freq(bss, &freq);
4174 }
4175
4176 if (drv->eapol_sock >= 0) {
4177 eloop_unregister_read_sock(drv->eapol_sock);
4178 close(drv->eapol_sock);
4179 }
4180
4181 if (drv->if_indices != drv->default_if_indices)
4182 os_free(drv->if_indices);
4183 #endif /* HOSTAPD */
4184
4185 if (drv->disabled_11b_rates)
4186 nl80211_disable_11b_rates(drv, drv->ifindex, 0);
4187
4188 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0,
4189 IF_OPER_UP);
4190 rfkill_deinit(drv->rfkill);
4191
4192 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
4193
4194 (void) i802_set_iface_flags(bss, 0);
4195 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) {
4196 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION);
4197 nl80211_mgmt_unsubscribe(bss, "deinit");
4198 } else {
4199 nl80211_mgmt_unsubscribe(bss, "deinit");
4200 nl80211_del_p2pdev(bss);
4201 }
4202 nl_cb_put(drv->nl_cb);
4203
4204 nl80211_destroy_bss(&drv->first_bss);
4205
4206 os_free(drv->filter_ssids);
4207
4208 os_free(drv->auth_ie);
4209
4210 if (drv->in_interface_list)
4211 dl_list_del(&drv->list);
4212
4213 os_free(drv->extended_capa);
4214 os_free(drv->extended_capa_mask);
4215 os_free(drv);
4216 }
4217
4218
4219 /**
4220 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
4221 * @eloop_ctx: Driver private data
4222 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
4223 *
4224 * This function can be used as registered timeout when starting a scan to
4225 * generate a scan completed event if the driver does not report this.
4226 */
wpa_driver_nl80211_scan_timeout(void * eloop_ctx,void * timeout_ctx)4227 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
4228 {
4229 struct wpa_driver_nl80211_data *drv = eloop_ctx;
4230 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) {
4231 wpa_driver_nl80211_set_mode(&drv->first_bss,
4232 drv->ap_scan_as_station);
4233 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
4234 }
4235 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
4236 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
4237 }
4238
4239
4240 static struct nl_msg *
nl80211_scan_common(struct wpa_driver_nl80211_data * drv,u8 cmd,struct wpa_driver_scan_params * params,u64 * wdev_id)4241 nl80211_scan_common(struct wpa_driver_nl80211_data *drv, u8 cmd,
4242 struct wpa_driver_scan_params *params, u64 *wdev_id)
4243 {
4244 struct nl_msg *msg;
4245 size_t i;
4246
4247 msg = nlmsg_alloc();
4248 if (!msg)
4249 return NULL;
4250
4251 nl80211_cmd(drv, msg, 0, cmd);
4252
4253 if (!wdev_id)
4254 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4255 else
4256 NLA_PUT_U64(msg, NL80211_ATTR_WDEV, *wdev_id);
4257
4258 if (params->num_ssids) {
4259 struct nlattr *ssids;
4260
4261 ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
4262 if (ssids == NULL)
4263 goto fail;
4264 for (i = 0; i < params->num_ssids; i++) {
4265 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID",
4266 params->ssids[i].ssid,
4267 params->ssids[i].ssid_len);
4268 if (nla_put(msg, i + 1, params->ssids[i].ssid_len,
4269 params->ssids[i].ssid) < 0)
4270 goto fail;
4271 }
4272 nla_nest_end(msg, ssids);
4273 }
4274
4275 if (params->extra_ies) {
4276 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
4277 params->extra_ies, params->extra_ies_len);
4278 if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len,
4279 params->extra_ies) < 0)
4280 goto fail;
4281 }
4282
4283 if (params->freqs) {
4284 struct nlattr *freqs;
4285 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
4286 if (freqs == NULL)
4287 goto fail;
4288 for (i = 0; params->freqs[i]; i++) {
4289 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
4290 "MHz", params->freqs[i]);
4291 if (nla_put_u32(msg, i + 1, params->freqs[i]) < 0)
4292 goto fail;
4293 }
4294 nla_nest_end(msg, freqs);
4295 }
4296
4297 os_free(drv->filter_ssids);
4298 drv->filter_ssids = params->filter_ssids;
4299 params->filter_ssids = NULL;
4300 drv->num_filter_ssids = params->num_filter_ssids;
4301
4302 return msg;
4303
4304 fail:
4305 nla_put_failure:
4306 nlmsg_free(msg);
4307 return NULL;
4308 }
4309
4310
4311 /**
4312 * wpa_driver_nl80211_scan - Request the driver to initiate scan
4313 * @bss: Pointer to private driver data from wpa_driver_nl80211_init()
4314 * @params: Scan parameters
4315 * Returns: 0 on success, -1 on failure
4316 */
wpa_driver_nl80211_scan(struct i802_bss * bss,struct wpa_driver_scan_params * params)4317 static int wpa_driver_nl80211_scan(struct i802_bss *bss,
4318 struct wpa_driver_scan_params *params)
4319 {
4320 struct wpa_driver_nl80211_data *drv = bss->drv;
4321 int ret = -1, timeout;
4322 struct nl_msg *msg = NULL;
4323
4324 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request");
4325 drv->scan_for_auth = 0;
4326
4327 msg = nl80211_scan_common(drv, NL80211_CMD_TRIGGER_SCAN, params,
4328 bss->wdev_id_set ? &bss->wdev_id : NULL);
4329 if (!msg)
4330 return -1;
4331
4332 if (params->p2p_probe) {
4333 struct nlattr *rates;
4334
4335 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates");
4336
4337 rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES);
4338 if (rates == NULL)
4339 goto nla_put_failure;
4340
4341 /*
4342 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
4343 * by masking out everything else apart from the OFDM rates 6,
4344 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
4345 * rates are left enabled.
4346 */
4347 NLA_PUT(msg, NL80211_BAND_2GHZ, 8,
4348 "\x0c\x12\x18\x24\x30\x48\x60\x6c");
4349 nla_nest_end(msg, rates);
4350
4351 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE);
4352 }
4353
4354 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4355 msg = NULL;
4356 if (ret) {
4357 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
4358 "(%s)", ret, strerror(-ret));
4359 #ifdef HOSTAPD
4360 if (is_ap_interface(drv->nlmode)) {
4361 /*
4362 * mac80211 does not allow scan requests in AP mode, so
4363 * try to do this in station mode.
4364 */
4365 if (wpa_driver_nl80211_set_mode(
4366 bss, NL80211_IFTYPE_STATION))
4367 goto nla_put_failure;
4368
4369 if (wpa_driver_nl80211_scan(bss, params)) {
4370 wpa_driver_nl80211_set_mode(bss, drv->nlmode);
4371 goto nla_put_failure;
4372 }
4373
4374 /* Restore AP mode when processing scan results */
4375 drv->ap_scan_as_station = drv->nlmode;
4376 ret = 0;
4377 } else
4378 goto nla_put_failure;
4379 #else /* HOSTAPD */
4380 goto nla_put_failure;
4381 #endif /* HOSTAPD */
4382 }
4383
4384 /* Not all drivers generate "scan completed" wireless event, so try to
4385 * read results after a timeout. */
4386 timeout = 10;
4387 if (drv->scan_complete_events) {
4388 /*
4389 * The driver seems to deliver events to notify when scan is
4390 * complete, so use longer timeout to avoid race conditions
4391 * with scanning and following association request.
4392 */
4393 timeout = 30;
4394 }
4395 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
4396 "seconds", ret, timeout);
4397 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
4398 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
4399 drv, drv->ctx);
4400
4401 nla_put_failure:
4402 nlmsg_free(msg);
4403 return ret;
4404 }
4405
4406
4407 /**
4408 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan
4409 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
4410 * @params: Scan parameters
4411 * @interval: Interval between scan cycles in milliseconds
4412 * Returns: 0 on success, -1 on failure or if not supported
4413 */
wpa_driver_nl80211_sched_scan(void * priv,struct wpa_driver_scan_params * params,u32 interval)4414 static int wpa_driver_nl80211_sched_scan(void *priv,
4415 struct wpa_driver_scan_params *params,
4416 u32 interval)
4417 {
4418 struct i802_bss *bss = priv;
4419 struct wpa_driver_nl80211_data *drv = bss->drv;
4420 int ret = -1;
4421 struct nl_msg *msg;
4422 size_t i;
4423
4424 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request");
4425
4426 #ifdef ANDROID
4427 if (!drv->capa.sched_scan_supported)
4428 return android_pno_start(bss, params);
4429 #endif /* ANDROID */
4430
4431 msg = nl80211_scan_common(drv, NL80211_CMD_START_SCHED_SCAN, params,
4432 bss->wdev_id_set ? &bss->wdev_id : NULL);
4433 if (!msg)
4434 goto nla_put_failure;
4435
4436 NLA_PUT_U32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, interval);
4437
4438 if ((drv->num_filter_ssids &&
4439 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) ||
4440 params->filter_rssi) {
4441 struct nlattr *match_sets;
4442 match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
4443 if (match_sets == NULL)
4444 goto nla_put_failure;
4445
4446 for (i = 0; i < drv->num_filter_ssids; i++) {
4447 struct nlattr *match_set_ssid;
4448 wpa_hexdump_ascii(MSG_MSGDUMP,
4449 "nl80211: Sched scan filter SSID",
4450 drv->filter_ssids[i].ssid,
4451 drv->filter_ssids[i].ssid_len);
4452
4453 match_set_ssid = nla_nest_start(msg, i + 1);
4454 if (match_set_ssid == NULL)
4455 goto nla_put_failure;
4456 NLA_PUT(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID,
4457 drv->filter_ssids[i].ssid_len,
4458 drv->filter_ssids[i].ssid);
4459
4460 nla_nest_end(msg, match_set_ssid);
4461 }
4462
4463 if (params->filter_rssi) {
4464 struct nlattr *match_set_rssi;
4465 match_set_rssi = nla_nest_start(msg, 0);
4466 if (match_set_rssi == NULL)
4467 goto nla_put_failure;
4468 NLA_PUT_U32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI,
4469 params->filter_rssi);
4470 wpa_printf(MSG_MSGDUMP,
4471 "nl80211: Sched scan RSSI filter %d dBm",
4472 params->filter_rssi);
4473 nla_nest_end(msg, match_set_rssi);
4474 }
4475
4476 nla_nest_end(msg, match_sets);
4477 }
4478
4479 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4480
4481 /* TODO: if we get an error here, we should fall back to normal scan */
4482
4483 msg = NULL;
4484 if (ret) {
4485 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: "
4486 "ret=%d (%s)", ret, strerror(-ret));
4487 goto nla_put_failure;
4488 }
4489
4490 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d) - "
4491 "scan interval %d msec", ret, interval);
4492
4493 nla_put_failure:
4494 nlmsg_free(msg);
4495 return ret;
4496 }
4497
4498
4499 /**
4500 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan
4501 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
4502 * Returns: 0 on success, -1 on failure or if not supported
4503 */
wpa_driver_nl80211_stop_sched_scan(void * priv)4504 static int wpa_driver_nl80211_stop_sched_scan(void *priv)
4505 {
4506 struct i802_bss *bss = priv;
4507 struct wpa_driver_nl80211_data *drv = bss->drv;
4508 int ret = 0;
4509 struct nl_msg *msg;
4510
4511 #ifdef ANDROID
4512 if (!drv->capa.sched_scan_supported)
4513 return android_pno_stop(bss);
4514 #endif /* ANDROID */
4515
4516 msg = nlmsg_alloc();
4517 if (!msg)
4518 return -1;
4519
4520 nl80211_cmd(drv, msg, 0, NL80211_CMD_STOP_SCHED_SCAN);
4521
4522 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4523
4524 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4525 msg = NULL;
4526 if (ret) {
4527 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop failed: "
4528 "ret=%d (%s)", ret, strerror(-ret));
4529 goto nla_put_failure;
4530 }
4531
4532 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stop sent (ret=%d)", ret);
4533
4534 nla_put_failure:
4535 nlmsg_free(msg);
4536 return ret;
4537 }
4538
4539
nl80211_get_ie(const u8 * ies,size_t ies_len,u8 ie)4540 static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie)
4541 {
4542 const u8 *end, *pos;
4543
4544 if (ies == NULL)
4545 return NULL;
4546
4547 pos = ies;
4548 end = ies + ies_len;
4549
4550 while (pos + 1 < end) {
4551 if (pos + 2 + pos[1] > end)
4552 break;
4553 if (pos[0] == ie)
4554 return pos;
4555 pos += 2 + pos[1];
4556 }
4557
4558 return NULL;
4559 }
4560
4561
nl80211_scan_filtered(struct wpa_driver_nl80211_data * drv,const u8 * ie,size_t ie_len)4562 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
4563 const u8 *ie, size_t ie_len)
4564 {
4565 const u8 *ssid;
4566 size_t i;
4567
4568 if (drv->filter_ssids == NULL)
4569 return 0;
4570
4571 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID);
4572 if (ssid == NULL)
4573 return 1;
4574
4575 for (i = 0; i < drv->num_filter_ssids; i++) {
4576 if (ssid[1] == drv->filter_ssids[i].ssid_len &&
4577 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
4578 0)
4579 return 0;
4580 }
4581
4582 return 1;
4583 }
4584
4585
bss_info_handler(struct nl_msg * msg,void * arg)4586 static int bss_info_handler(struct nl_msg *msg, void *arg)
4587 {
4588 struct nlattr *tb[NL80211_ATTR_MAX + 1];
4589 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
4590 struct nlattr *bss[NL80211_BSS_MAX + 1];
4591 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
4592 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
4593 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
4594 [NL80211_BSS_TSF] = { .type = NLA_U64 },
4595 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
4596 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
4597 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
4598 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
4599 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
4600 [NL80211_BSS_STATUS] = { .type = NLA_U32 },
4601 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
4602 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
4603 };
4604 struct nl80211_bss_info_arg *_arg = arg;
4605 struct wpa_scan_results *res = _arg->res;
4606 struct wpa_scan_res **tmp;
4607 struct wpa_scan_res *r;
4608 const u8 *ie, *beacon_ie;
4609 size_t ie_len, beacon_ie_len;
4610 u8 *pos;
4611 size_t i;
4612
4613 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
4614 genlmsg_attrlen(gnlh, 0), NULL);
4615 if (!tb[NL80211_ATTR_BSS])
4616 return NL_SKIP;
4617 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
4618 bss_policy))
4619 return NL_SKIP;
4620 if (bss[NL80211_BSS_STATUS]) {
4621 enum nl80211_bss_status status;
4622 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
4623 if (status == NL80211_BSS_STATUS_ASSOCIATED &&
4624 bss[NL80211_BSS_FREQUENCY]) {
4625 _arg->assoc_freq =
4626 nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
4627 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz",
4628 _arg->assoc_freq);
4629 }
4630 if (status == NL80211_BSS_STATUS_ASSOCIATED &&
4631 bss[NL80211_BSS_BSSID]) {
4632 os_memcpy(_arg->assoc_bssid,
4633 nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN);
4634 wpa_printf(MSG_DEBUG, "nl80211: Associated with "
4635 MACSTR, MAC2STR(_arg->assoc_bssid));
4636 }
4637 }
4638 if (!res)
4639 return NL_SKIP;
4640 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
4641 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
4642 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
4643 } else {
4644 ie = NULL;
4645 ie_len = 0;
4646 }
4647 if (bss[NL80211_BSS_BEACON_IES]) {
4648 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
4649 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
4650 } else {
4651 beacon_ie = NULL;
4652 beacon_ie_len = 0;
4653 }
4654
4655 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie,
4656 ie ? ie_len : beacon_ie_len))
4657 return NL_SKIP;
4658
4659 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
4660 if (r == NULL)
4661 return NL_SKIP;
4662 if (bss[NL80211_BSS_BSSID])
4663 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
4664 ETH_ALEN);
4665 if (bss[NL80211_BSS_FREQUENCY])
4666 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
4667 if (bss[NL80211_BSS_BEACON_INTERVAL])
4668 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
4669 if (bss[NL80211_BSS_CAPABILITY])
4670 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
4671 r->flags |= WPA_SCAN_NOISE_INVALID;
4672 if (bss[NL80211_BSS_SIGNAL_MBM]) {
4673 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
4674 r->level /= 100; /* mBm to dBm */
4675 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
4676 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
4677 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
4678 r->flags |= WPA_SCAN_QUAL_INVALID;
4679 } else
4680 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
4681 if (bss[NL80211_BSS_TSF])
4682 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
4683 if (bss[NL80211_BSS_SEEN_MS_AGO])
4684 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
4685 r->ie_len = ie_len;
4686 pos = (u8 *) (r + 1);
4687 if (ie) {
4688 os_memcpy(pos, ie, ie_len);
4689 pos += ie_len;
4690 }
4691 r->beacon_ie_len = beacon_ie_len;
4692 if (beacon_ie)
4693 os_memcpy(pos, beacon_ie, beacon_ie_len);
4694
4695 if (bss[NL80211_BSS_STATUS]) {
4696 enum nl80211_bss_status status;
4697 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
4698 switch (status) {
4699 case NL80211_BSS_STATUS_AUTHENTICATED:
4700 r->flags |= WPA_SCAN_AUTHENTICATED;
4701 break;
4702 case NL80211_BSS_STATUS_ASSOCIATED:
4703 r->flags |= WPA_SCAN_ASSOCIATED;
4704 break;
4705 default:
4706 break;
4707 }
4708 }
4709
4710 /*
4711 * cfg80211 maintains separate BSS table entries for APs if the same
4712 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does
4713 * not use frequency as a separate key in the BSS table, so filter out
4714 * duplicated entries. Prefer associated BSS entry in such a case in
4715 * order to get the correct frequency into the BSS table.
4716 */
4717 for (i = 0; i < res->num; i++) {
4718 const u8 *s1, *s2;
4719 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0)
4720 continue;
4721
4722 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1),
4723 res->res[i]->ie_len, WLAN_EID_SSID);
4724 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID);
4725 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] ||
4726 os_memcmp(s1, s2, 2 + s1[1]) != 0)
4727 continue;
4728
4729 /* Same BSSID,SSID was already included in scan results */
4730 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result "
4731 "for " MACSTR, MAC2STR(r->bssid));
4732
4733 if ((r->flags & WPA_SCAN_ASSOCIATED) &&
4734 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) {
4735 os_free(res->res[i]);
4736 res->res[i] = r;
4737 } else
4738 os_free(r);
4739 return NL_SKIP;
4740 }
4741
4742 tmp = os_realloc_array(res->res, res->num + 1,
4743 sizeof(struct wpa_scan_res *));
4744 if (tmp == NULL) {
4745 os_free(r);
4746 return NL_SKIP;
4747 }
4748 tmp[res->num++] = r;
4749 res->res = tmp;
4750
4751 return NL_SKIP;
4752 }
4753
4754
clear_state_mismatch(struct wpa_driver_nl80211_data * drv,const u8 * addr)4755 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
4756 const u8 *addr)
4757 {
4758 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
4759 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
4760 "mismatch (" MACSTR ")", MAC2STR(addr));
4761 wpa_driver_nl80211_mlme(drv, addr,
4762 NL80211_CMD_DEAUTHENTICATE,
4763 WLAN_REASON_PREV_AUTH_NOT_VALID, 1);
4764 }
4765 }
4766
4767
wpa_driver_nl80211_check_bss_status(struct wpa_driver_nl80211_data * drv,struct wpa_scan_results * res)4768 static void wpa_driver_nl80211_check_bss_status(
4769 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
4770 {
4771 size_t i;
4772
4773 for (i = 0; i < res->num; i++) {
4774 struct wpa_scan_res *r = res->res[i];
4775 if (r->flags & WPA_SCAN_AUTHENTICATED) {
4776 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
4777 "indicates BSS status with " MACSTR
4778 " as authenticated",
4779 MAC2STR(r->bssid));
4780 if (is_sta_interface(drv->nlmode) &&
4781 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 &&
4782 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) !=
4783 0) {
4784 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID"
4785 " in local state (auth=" MACSTR
4786 " assoc=" MACSTR ")",
4787 MAC2STR(drv->auth_bssid),
4788 MAC2STR(drv->bssid));
4789 clear_state_mismatch(drv, r->bssid);
4790 }
4791 }
4792
4793 if (r->flags & WPA_SCAN_ASSOCIATED) {
4794 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
4795 "indicate BSS status with " MACSTR
4796 " as associated",
4797 MAC2STR(r->bssid));
4798 if (is_sta_interface(drv->nlmode) &&
4799 !drv->associated) {
4800 wpa_printf(MSG_DEBUG, "nl80211: Local state "
4801 "(not associated) does not match "
4802 "with BSS state");
4803 clear_state_mismatch(drv, r->bssid);
4804 } else if (is_sta_interface(drv->nlmode) &&
4805 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) !=
4806 0) {
4807 wpa_printf(MSG_DEBUG, "nl80211: Local state "
4808 "(associated with " MACSTR ") does "
4809 "not match with BSS state",
4810 MAC2STR(drv->bssid));
4811 clear_state_mismatch(drv, r->bssid);
4812 clear_state_mismatch(drv, drv->bssid);
4813 }
4814 }
4815 }
4816 }
4817
4818
4819 static struct wpa_scan_results *
nl80211_get_scan_results(struct wpa_driver_nl80211_data * drv)4820 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv)
4821 {
4822 struct nl_msg *msg;
4823 struct wpa_scan_results *res;
4824 int ret;
4825 struct nl80211_bss_info_arg arg;
4826
4827 res = os_zalloc(sizeof(*res));
4828 if (res == NULL)
4829 return NULL;
4830 msg = nlmsg_alloc();
4831 if (!msg)
4832 goto nla_put_failure;
4833
4834 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
4835 if (nl80211_set_iface_id(msg, &drv->first_bss) < 0)
4836 goto nla_put_failure;
4837
4838 arg.drv = drv;
4839 arg.res = res;
4840 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
4841 msg = NULL;
4842 if (ret == 0) {
4843 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu "
4844 "BSSes)", (unsigned long) res->num);
4845 nl80211_get_noise_for_scan_results(drv, res);
4846 return res;
4847 }
4848 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
4849 "(%s)", ret, strerror(-ret));
4850 nla_put_failure:
4851 nlmsg_free(msg);
4852 wpa_scan_results_free(res);
4853 return NULL;
4854 }
4855
4856
4857 /**
4858 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
4859 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
4860 * Returns: Scan results on success, -1 on failure
4861 */
4862 static struct wpa_scan_results *
wpa_driver_nl80211_get_scan_results(void * priv)4863 wpa_driver_nl80211_get_scan_results(void *priv)
4864 {
4865 struct i802_bss *bss = priv;
4866 struct wpa_driver_nl80211_data *drv = bss->drv;
4867 struct wpa_scan_results *res;
4868
4869 res = nl80211_get_scan_results(drv);
4870 if (res)
4871 wpa_driver_nl80211_check_bss_status(drv, res);
4872 return res;
4873 }
4874
4875
nl80211_dump_scan(struct wpa_driver_nl80211_data * drv)4876 static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv)
4877 {
4878 struct wpa_scan_results *res;
4879 size_t i;
4880
4881 res = nl80211_get_scan_results(drv);
4882 if (res == NULL) {
4883 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results");
4884 return;
4885 }
4886
4887 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump");
4888 for (i = 0; i < res->num; i++) {
4889 struct wpa_scan_res *r = res->res[i];
4890 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s",
4891 (int) i, (int) res->num, MAC2STR(r->bssid),
4892 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "",
4893 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : "");
4894 }
4895
4896 wpa_scan_results_free(res);
4897 }
4898
4899
wpa_driver_nl80211_set_key(const char * ifname,struct i802_bss * bss,enum wpa_alg alg,const u8 * addr,int key_idx,int set_tx,const u8 * seq,size_t seq_len,const u8 * key,size_t key_len)4900 static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
4901 enum wpa_alg alg, const u8 *addr,
4902 int key_idx, int set_tx,
4903 const u8 *seq, size_t seq_len,
4904 const u8 *key, size_t key_len)
4905 {
4906 struct wpa_driver_nl80211_data *drv = bss->drv;
4907 int ifindex;
4908 struct nl_msg *msg;
4909 int ret;
4910 int tdls = 0;
4911
4912 /* Ignore for P2P Device */
4913 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
4914 return 0;
4915
4916 ifindex = if_nametoindex(ifname);
4917 wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d "
4918 "set_tx=%d seq_len=%lu key_len=%lu",
4919 __func__, ifindex, ifname, alg, addr, key_idx, set_tx,
4920 (unsigned long) seq_len, (unsigned long) key_len);
4921 #ifdef CONFIG_TDLS
4922 if (key_idx == -1) {
4923 key_idx = 0;
4924 tdls = 1;
4925 }
4926 #endif /* CONFIG_TDLS */
4927
4928 msg = nlmsg_alloc();
4929 if (!msg)
4930 return -ENOMEM;
4931
4932 if (alg == WPA_ALG_NONE) {
4933 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_KEY);
4934 } else {
4935 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_KEY);
4936 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
4937 switch (alg) {
4938 case WPA_ALG_WEP:
4939 if (key_len == 5)
4940 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
4941 WLAN_CIPHER_SUITE_WEP40);
4942 else
4943 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
4944 WLAN_CIPHER_SUITE_WEP104);
4945 break;
4946 case WPA_ALG_TKIP:
4947 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
4948 WLAN_CIPHER_SUITE_TKIP);
4949 break;
4950 case WPA_ALG_CCMP:
4951 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
4952 WLAN_CIPHER_SUITE_CCMP);
4953 break;
4954 case WPA_ALG_GCMP:
4955 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
4956 WLAN_CIPHER_SUITE_GCMP);
4957 break;
4958 case WPA_ALG_IGTK:
4959 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
4960 WLAN_CIPHER_SUITE_AES_CMAC);
4961 break;
4962 case WPA_ALG_SMS4:
4963 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
4964 WLAN_CIPHER_SUITE_SMS4);
4965 break;
4966 case WPA_ALG_KRK:
4967 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
4968 WLAN_CIPHER_SUITE_KRK);
4969 break;
4970 default:
4971 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
4972 "algorithm %d", __func__, alg);
4973 nlmsg_free(msg);
4974 return -1;
4975 }
4976 }
4977
4978 if (seq && seq_len)
4979 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
4980
4981 if (addr && !is_broadcast_ether_addr(addr)) {
4982 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
4983 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4984
4985 if (alg != WPA_ALG_WEP && key_idx && !set_tx) {
4986 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK");
4987 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE,
4988 NL80211_KEYTYPE_GROUP);
4989 }
4990 } else if (addr && is_broadcast_ether_addr(addr)) {
4991 struct nlattr *types;
4992
4993 wpa_printf(MSG_DEBUG, " broadcast key");
4994
4995 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
4996 if (!types)
4997 goto nla_put_failure;
4998 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
4999 nla_nest_end(msg, types);
5000 }
5001 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
5002 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
5003
5004 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5005 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
5006 ret = 0;
5007 if (ret)
5008 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
5009 ret, strerror(-ret));
5010
5011 /*
5012 * If we failed or don't need to set the default TX key (below),
5013 * we're done here.
5014 */
5015 if (ret || !set_tx || alg == WPA_ALG_NONE || tdls)
5016 return ret;
5017 if (is_ap_interface(drv->nlmode) && addr &&
5018 !is_broadcast_ether_addr(addr))
5019 return ret;
5020
5021 msg = nlmsg_alloc();
5022 if (!msg)
5023 return -ENOMEM;
5024
5025 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_KEY);
5026 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
5027 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
5028 if (alg == WPA_ALG_IGTK)
5029 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
5030 else
5031 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
5032 if (addr && is_broadcast_ether_addr(addr)) {
5033 struct nlattr *types;
5034
5035 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
5036 if (!types)
5037 goto nla_put_failure;
5038 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
5039 nla_nest_end(msg, types);
5040 } else if (addr) {
5041 struct nlattr *types;
5042
5043 types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
5044 if (!types)
5045 goto nla_put_failure;
5046 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_TYPE_UNICAST);
5047 nla_nest_end(msg, types);
5048 }
5049
5050 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5051 if (ret == -ENOENT)
5052 ret = 0;
5053 if (ret)
5054 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
5055 "err=%d %s)", ret, strerror(-ret));
5056 return ret;
5057
5058 nla_put_failure:
5059 nlmsg_free(msg);
5060 return -ENOBUFS;
5061 }
5062
5063
nl_add_key(struct nl_msg * msg,enum wpa_alg alg,int key_idx,int defkey,const u8 * seq,size_t seq_len,const u8 * key,size_t key_len)5064 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
5065 int key_idx, int defkey,
5066 const u8 *seq, size_t seq_len,
5067 const u8 *key, size_t key_len)
5068 {
5069 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
5070 if (!key_attr)
5071 return -1;
5072
5073 if (defkey && alg == WPA_ALG_IGTK)
5074 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT);
5075 else if (defkey)
5076 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
5077
5078 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx);
5079
5080 switch (alg) {
5081 case WPA_ALG_WEP:
5082 if (key_len == 5)
5083 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
5084 WLAN_CIPHER_SUITE_WEP40);
5085 else
5086 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
5087 WLAN_CIPHER_SUITE_WEP104);
5088 break;
5089 case WPA_ALG_TKIP:
5090 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP);
5091 break;
5092 case WPA_ALG_CCMP:
5093 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP);
5094 break;
5095 case WPA_ALG_GCMP:
5096 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_GCMP);
5097 break;
5098 case WPA_ALG_IGTK:
5099 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
5100 WLAN_CIPHER_SUITE_AES_CMAC);
5101 break;
5102 default:
5103 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
5104 "algorithm %d", __func__, alg);
5105 return -1;
5106 }
5107
5108 if (seq && seq_len)
5109 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq);
5110
5111 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key);
5112
5113 nla_nest_end(msg, key_attr);
5114
5115 return 0;
5116 nla_put_failure:
5117 return -1;
5118 }
5119
5120
nl80211_set_conn_keys(struct wpa_driver_associate_params * params,struct nl_msg * msg)5121 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
5122 struct nl_msg *msg)
5123 {
5124 int i, privacy = 0;
5125 struct nlattr *nl_keys, *nl_key;
5126
5127 for (i = 0; i < 4; i++) {
5128 if (!params->wep_key[i])
5129 continue;
5130 privacy = 1;
5131 break;
5132 }
5133 if (params->wps == WPS_MODE_PRIVACY)
5134 privacy = 1;
5135 if (params->pairwise_suite &&
5136 params->pairwise_suite != WPA_CIPHER_NONE)
5137 privacy = 1;
5138
5139 if (!privacy)
5140 return 0;
5141
5142 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
5143
5144 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
5145 if (!nl_keys)
5146 goto nla_put_failure;
5147
5148 for (i = 0; i < 4; i++) {
5149 if (!params->wep_key[i])
5150 continue;
5151
5152 nl_key = nla_nest_start(msg, i);
5153 if (!nl_key)
5154 goto nla_put_failure;
5155
5156 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i],
5157 params->wep_key[i]);
5158 if (params->wep_key_len[i] == 5)
5159 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
5160 WLAN_CIPHER_SUITE_WEP40);
5161 else
5162 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
5163 WLAN_CIPHER_SUITE_WEP104);
5164
5165 NLA_PUT_U8(msg, NL80211_KEY_IDX, i);
5166
5167 if (i == params->wep_tx_keyidx)
5168 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
5169
5170 nla_nest_end(msg, nl_key);
5171 }
5172 nla_nest_end(msg, nl_keys);
5173
5174 return 0;
5175
5176 nla_put_failure:
5177 return -ENOBUFS;
5178 }
5179
5180
wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data * drv,const u8 * addr,int cmd,u16 reason_code,int local_state_change)5181 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
5182 const u8 *addr, int cmd, u16 reason_code,
5183 int local_state_change)
5184 {
5185 int ret = -1;
5186 struct nl_msg *msg;
5187
5188 msg = nlmsg_alloc();
5189 if (!msg)
5190 return -1;
5191
5192 nl80211_cmd(drv, msg, 0, cmd);
5193
5194 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5195 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
5196 if (addr)
5197 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5198 if (local_state_change)
5199 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
5200
5201 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5202 msg = NULL;
5203 if (ret) {
5204 wpa_dbg(drv->ctx, MSG_DEBUG,
5205 "nl80211: MLME command failed: reason=%u ret=%d (%s)",
5206 reason_code, ret, strerror(-ret));
5207 goto nla_put_failure;
5208 }
5209 ret = 0;
5210
5211 nla_put_failure:
5212 nlmsg_free(msg);
5213 return ret;
5214 }
5215
5216
wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data * drv,int reason_code)5217 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
5218 int reason_code)
5219 {
5220 int ret;
5221
5222 wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code);
5223 nl80211_mark_disconnected(drv);
5224 /* Disconnect command doesn't need BSSID - it uses cached value */
5225 ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT,
5226 reason_code, 0);
5227 /*
5228 * For locally generated disconnect, supplicant already generates a
5229 * DEAUTH event, so ignore the event from NL80211.
5230 */
5231 drv->ignore_next_local_disconnect = ret == 0;
5232
5233 return ret;
5234 }
5235
5236
wpa_driver_nl80211_deauthenticate(struct i802_bss * bss,const u8 * addr,int reason_code)5237 static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss,
5238 const u8 *addr, int reason_code)
5239 {
5240 struct wpa_driver_nl80211_data *drv = bss->drv;
5241 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
5242 return wpa_driver_nl80211_disconnect(drv, reason_code);
5243 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
5244 __func__, MAC2STR(addr), reason_code);
5245 nl80211_mark_disconnected(drv);
5246 if (drv->nlmode == NL80211_IFTYPE_ADHOC)
5247 return nl80211_leave_ibss(drv);
5248 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
5249 reason_code, 0);
5250 }
5251
5252
nl80211_copy_auth_params(struct wpa_driver_nl80211_data * drv,struct wpa_driver_auth_params * params)5253 static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv,
5254 struct wpa_driver_auth_params *params)
5255 {
5256 int i;
5257
5258 drv->auth_freq = params->freq;
5259 drv->auth_alg = params->auth_alg;
5260 drv->auth_wep_tx_keyidx = params->wep_tx_keyidx;
5261 drv->auth_local_state_change = params->local_state_change;
5262 drv->auth_p2p = params->p2p;
5263
5264 if (params->bssid)
5265 os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN);
5266 else
5267 os_memset(drv->auth_bssid_, 0, ETH_ALEN);
5268
5269 if (params->ssid) {
5270 os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len);
5271 drv->auth_ssid_len = params->ssid_len;
5272 } else
5273 drv->auth_ssid_len = 0;
5274
5275
5276 os_free(drv->auth_ie);
5277 drv->auth_ie = NULL;
5278 drv->auth_ie_len = 0;
5279 if (params->ie) {
5280 drv->auth_ie = os_malloc(params->ie_len);
5281 if (drv->auth_ie) {
5282 os_memcpy(drv->auth_ie, params->ie, params->ie_len);
5283 drv->auth_ie_len = params->ie_len;
5284 }
5285 }
5286
5287 for (i = 0; i < 4; i++) {
5288 if (params->wep_key[i] && params->wep_key_len[i] &&
5289 params->wep_key_len[i] <= 16) {
5290 os_memcpy(drv->auth_wep_key[i], params->wep_key[i],
5291 params->wep_key_len[i]);
5292 drv->auth_wep_key_len[i] = params->wep_key_len[i];
5293 } else
5294 drv->auth_wep_key_len[i] = 0;
5295 }
5296 }
5297
5298
wpa_driver_nl80211_authenticate(struct i802_bss * bss,struct wpa_driver_auth_params * params)5299 static int wpa_driver_nl80211_authenticate(
5300 struct i802_bss *bss, struct wpa_driver_auth_params *params)
5301 {
5302 struct wpa_driver_nl80211_data *drv = bss->drv;
5303 int ret = -1, i;
5304 struct nl_msg *msg;
5305 enum nl80211_auth_type type;
5306 enum nl80211_iftype nlmode;
5307 int count = 0;
5308 int is_retry;
5309
5310 is_retry = drv->retry_auth;
5311 drv->retry_auth = 0;
5312
5313 nl80211_mark_disconnected(drv);
5314 os_memset(drv->auth_bssid, 0, ETH_ALEN);
5315 if (params->bssid)
5316 os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN);
5317 else
5318 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
5319 /* FIX: IBSS mode */
5320 nlmode = params->p2p ?
5321 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
5322 if (drv->nlmode != nlmode &&
5323 wpa_driver_nl80211_set_mode(bss, nlmode) < 0)
5324 return -1;
5325
5326 retry:
5327 msg = nlmsg_alloc();
5328 if (!msg)
5329 return -1;
5330
5331 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
5332 drv->ifindex);
5333
5334 nl80211_cmd(drv, msg, 0, NL80211_CMD_AUTHENTICATE);
5335
5336 for (i = 0; i < 4; i++) {
5337 if (!params->wep_key[i])
5338 continue;
5339 wpa_driver_nl80211_set_key(bss->ifname, bss, WPA_ALG_WEP,
5340 NULL, i,
5341 i == params->wep_tx_keyidx, NULL, 0,
5342 params->wep_key[i],
5343 params->wep_key_len[i]);
5344 if (params->wep_tx_keyidx != i)
5345 continue;
5346 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
5347 params->wep_key[i], params->wep_key_len[i])) {
5348 nlmsg_free(msg);
5349 return -1;
5350 }
5351 }
5352
5353 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5354 if (params->bssid) {
5355 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
5356 MAC2STR(params->bssid));
5357 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
5358 }
5359 if (params->freq) {
5360 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
5361 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
5362 }
5363 if (params->ssid) {
5364 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
5365 params->ssid, params->ssid_len);
5366 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
5367 params->ssid);
5368 }
5369 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
5370 if (params->ie)
5371 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
5372 if (params->sae_data) {
5373 wpa_hexdump(MSG_DEBUG, " * SAE data", params->sae_data,
5374 params->sae_data_len);
5375 NLA_PUT(msg, NL80211_ATTR_SAE_DATA, params->sae_data_len,
5376 params->sae_data);
5377 }
5378 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
5379 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
5380 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
5381 type = NL80211_AUTHTYPE_SHARED_KEY;
5382 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
5383 type = NL80211_AUTHTYPE_NETWORK_EAP;
5384 else if (params->auth_alg & WPA_AUTH_ALG_FT)
5385 type = NL80211_AUTHTYPE_FT;
5386 else if (params->auth_alg & WPA_AUTH_ALG_SAE)
5387 type = NL80211_AUTHTYPE_SAE;
5388 else
5389 goto nla_put_failure;
5390 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
5391 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
5392 if (params->local_state_change) {
5393 wpa_printf(MSG_DEBUG, " * Local state change only");
5394 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
5395 }
5396
5397 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5398 msg = NULL;
5399 if (ret) {
5400 wpa_dbg(drv->ctx, MSG_DEBUG,
5401 "nl80211: MLME command failed (auth): ret=%d (%s)",
5402 ret, strerror(-ret));
5403 count++;
5404 if (ret == -EALREADY && count == 1 && params->bssid &&
5405 !params->local_state_change) {
5406 /*
5407 * mac80211 does not currently accept new
5408 * authentication if we are already authenticated. As a
5409 * workaround, force deauthentication and try again.
5410 */
5411 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
5412 "after forced deauthentication");
5413 wpa_driver_nl80211_deauthenticate(
5414 bss, params->bssid,
5415 WLAN_REASON_PREV_AUTH_NOT_VALID);
5416 nlmsg_free(msg);
5417 goto retry;
5418 }
5419
5420 if (ret == -ENOENT && params->freq && !is_retry) {
5421 /*
5422 * cfg80211 has likely expired the BSS entry even
5423 * though it was previously available in our internal
5424 * BSS table. To recover quickly, start a single
5425 * channel scan on the specified channel.
5426 */
5427 struct wpa_driver_scan_params scan;
5428 int freqs[2];
5429
5430 os_memset(&scan, 0, sizeof(scan));
5431 scan.num_ssids = 1;
5432 if (params->ssid) {
5433 scan.ssids[0].ssid = params->ssid;
5434 scan.ssids[0].ssid_len = params->ssid_len;
5435 }
5436 freqs[0] = params->freq;
5437 freqs[1] = 0;
5438 scan.freqs = freqs;
5439 wpa_printf(MSG_DEBUG, "nl80211: Trigger single "
5440 "channel scan to refresh cfg80211 BSS "
5441 "entry");
5442 ret = wpa_driver_nl80211_scan(bss, &scan);
5443 if (ret == 0) {
5444 nl80211_copy_auth_params(drv, params);
5445 drv->scan_for_auth = 1;
5446 }
5447 } else if (is_retry) {
5448 /*
5449 * Need to indicate this with an event since the return
5450 * value from the retry is not delivered to core code.
5451 */
5452 union wpa_event_data event;
5453 wpa_printf(MSG_DEBUG, "nl80211: Authentication retry "
5454 "failed");
5455 os_memset(&event, 0, sizeof(event));
5456 os_memcpy(event.timeout_event.addr, drv->auth_bssid_,
5457 ETH_ALEN);
5458 wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT,
5459 &event);
5460 }
5461
5462 goto nla_put_failure;
5463 }
5464 ret = 0;
5465 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
5466 "successfully");
5467
5468 nla_put_failure:
5469 nlmsg_free(msg);
5470 return ret;
5471 }
5472
5473
wpa_driver_nl80211_authenticate_retry(struct wpa_driver_nl80211_data * drv)5474 static int wpa_driver_nl80211_authenticate_retry(
5475 struct wpa_driver_nl80211_data *drv)
5476 {
5477 struct wpa_driver_auth_params params;
5478 struct i802_bss *bss = &drv->first_bss;
5479 int i;
5480
5481 wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again");
5482
5483 os_memset(¶ms, 0, sizeof(params));
5484 params.freq = drv->auth_freq;
5485 params.auth_alg = drv->auth_alg;
5486 params.wep_tx_keyidx = drv->auth_wep_tx_keyidx;
5487 params.local_state_change = drv->auth_local_state_change;
5488 params.p2p = drv->auth_p2p;
5489
5490 if (!is_zero_ether_addr(drv->auth_bssid_))
5491 params.bssid = drv->auth_bssid_;
5492
5493 if (drv->auth_ssid_len) {
5494 params.ssid = drv->auth_ssid;
5495 params.ssid_len = drv->auth_ssid_len;
5496 }
5497
5498 params.ie = drv->auth_ie;
5499 params.ie_len = drv->auth_ie_len;
5500
5501 for (i = 0; i < 4; i++) {
5502 if (drv->auth_wep_key_len[i]) {
5503 params.wep_key[i] = drv->auth_wep_key[i];
5504 params.wep_key_len[i] = drv->auth_wep_key_len[i];
5505 }
5506 }
5507
5508 drv->retry_auth = 1;
5509 return wpa_driver_nl80211_authenticate(bss, ¶ms);
5510 }
5511
5512
5513 struct phy_info_arg {
5514 u16 *num_modes;
5515 struct hostapd_hw_modes *modes;
5516 int last_mode, last_chan_idx;
5517 };
5518
phy_info_ht_capa(struct hostapd_hw_modes * mode,struct nlattr * capa,struct nlattr * ampdu_factor,struct nlattr * ampdu_density,struct nlattr * mcs_set)5519 static void phy_info_ht_capa(struct hostapd_hw_modes *mode, struct nlattr *capa,
5520 struct nlattr *ampdu_factor,
5521 struct nlattr *ampdu_density,
5522 struct nlattr *mcs_set)
5523 {
5524 if (capa)
5525 mode->ht_capab = nla_get_u16(capa);
5526
5527 if (ampdu_factor)
5528 mode->a_mpdu_params |= nla_get_u8(ampdu_factor) & 0x03;
5529
5530 if (ampdu_density)
5531 mode->a_mpdu_params |= nla_get_u8(ampdu_density) << 2;
5532
5533 if (mcs_set && nla_len(mcs_set) >= 16) {
5534 u8 *mcs;
5535 mcs = nla_data(mcs_set);
5536 os_memcpy(mode->mcs_set, mcs, 16);
5537 }
5538 }
5539
5540
phy_info_vht_capa(struct hostapd_hw_modes * mode,struct nlattr * capa,struct nlattr * mcs_set)5541 static void phy_info_vht_capa(struct hostapd_hw_modes *mode,
5542 struct nlattr *capa,
5543 struct nlattr *mcs_set)
5544 {
5545 if (capa)
5546 mode->vht_capab = nla_get_u32(capa);
5547
5548 if (mcs_set && nla_len(mcs_set) >= 8) {
5549 u8 *mcs;
5550 mcs = nla_data(mcs_set);
5551 os_memcpy(mode->vht_mcs_set, mcs, 8);
5552 }
5553 }
5554
5555
phy_info_freq(struct hostapd_hw_modes * mode,struct hostapd_channel_data * chan,struct nlattr * tb_freq[])5556 static void phy_info_freq(struct hostapd_hw_modes *mode,
5557 struct hostapd_channel_data *chan,
5558 struct nlattr *tb_freq[])
5559 {
5560 u8 channel;
5561 chan->freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
5562 chan->flag = 0;
5563 if (ieee80211_freq_to_chan(chan->freq, &channel) != NUM_HOSTAPD_MODES)
5564 chan->chan = channel;
5565
5566 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
5567 chan->flag |= HOSTAPD_CHAN_DISABLED;
5568 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
5569 chan->flag |= HOSTAPD_CHAN_PASSIVE_SCAN;
5570 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
5571 chan->flag |= HOSTAPD_CHAN_NO_IBSS;
5572 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
5573 chan->flag |= HOSTAPD_CHAN_RADAR;
5574
5575 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] &&
5576 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
5577 chan->max_tx_power = nla_get_u32(
5578 tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100;
5579 if (tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]) {
5580 enum nl80211_dfs_state state =
5581 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_DFS_STATE]);
5582
5583 switch (state) {
5584 case NL80211_DFS_USABLE:
5585 chan->flag |= HOSTAPD_CHAN_DFS_USABLE;
5586 break;
5587 case NL80211_DFS_AVAILABLE:
5588 chan->flag |= HOSTAPD_CHAN_DFS_AVAILABLE;
5589 break;
5590 case NL80211_DFS_UNAVAILABLE:
5591 chan->flag |= HOSTAPD_CHAN_DFS_UNAVAILABLE;
5592 break;
5593 }
5594 }
5595 }
5596
5597
phy_info_freqs(struct phy_info_arg * phy_info,struct hostapd_hw_modes * mode,struct nlattr * tb)5598 static int phy_info_freqs(struct phy_info_arg *phy_info,
5599 struct hostapd_hw_modes *mode, struct nlattr *tb)
5600 {
5601 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
5602 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
5603 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
5604 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
5605 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
5606 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
5607 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
5608 [NL80211_FREQUENCY_ATTR_DFS_STATE] = { .type = NLA_U32 },
5609 };
5610 int new_channels = 0;
5611 struct hostapd_channel_data *channel;
5612 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
5613 struct nlattr *nl_freq;
5614 int rem_freq, idx;
5615
5616 if (tb == NULL)
5617 return NL_OK;
5618
5619 nla_for_each_nested(nl_freq, tb, rem_freq) {
5620 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX,
5621 nla_data(nl_freq), nla_len(nl_freq), freq_policy);
5622 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
5623 continue;
5624 new_channels++;
5625 }
5626
5627 channel = os_realloc_array(mode->channels,
5628 mode->num_channels + new_channels,
5629 sizeof(struct hostapd_channel_data));
5630 if (!channel)
5631 return NL_SKIP;
5632
5633 mode->channels = channel;
5634 mode->num_channels += new_channels;
5635
5636 idx = phy_info->last_chan_idx;
5637
5638 nla_for_each_nested(nl_freq, tb, rem_freq) {
5639 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX,
5640 nla_data(nl_freq), nla_len(nl_freq), freq_policy);
5641 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
5642 continue;
5643 phy_info_freq(mode, &mode->channels[idx], tb_freq);
5644 idx++;
5645 }
5646 phy_info->last_chan_idx = idx;
5647
5648 return NL_OK;
5649 }
5650
5651
phy_info_rates(struct hostapd_hw_modes * mode,struct nlattr * tb)5652 static int phy_info_rates(struct hostapd_hw_modes *mode, struct nlattr *tb)
5653 {
5654 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
5655 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
5656 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] =
5657 { .type = NLA_FLAG },
5658 };
5659 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
5660 struct nlattr *nl_rate;
5661 int rem_rate, idx;
5662
5663 if (tb == NULL)
5664 return NL_OK;
5665
5666 nla_for_each_nested(nl_rate, tb, rem_rate) {
5667 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX,
5668 nla_data(nl_rate), nla_len(nl_rate),
5669 rate_policy);
5670 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
5671 continue;
5672 mode->num_rates++;
5673 }
5674
5675 mode->rates = os_calloc(mode->num_rates, sizeof(int));
5676 if (!mode->rates)
5677 return NL_SKIP;
5678
5679 idx = 0;
5680
5681 nla_for_each_nested(nl_rate, tb, rem_rate) {
5682 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX,
5683 nla_data(nl_rate), nla_len(nl_rate),
5684 rate_policy);
5685 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
5686 continue;
5687 mode->rates[idx] = nla_get_u32(
5688 tb_rate[NL80211_BITRATE_ATTR_RATE]);
5689 idx++;
5690 }
5691
5692 return NL_OK;
5693 }
5694
5695
phy_info_band(struct phy_info_arg * phy_info,struct nlattr * nl_band)5696 static int phy_info_band(struct phy_info_arg *phy_info, struct nlattr *nl_band)
5697 {
5698 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
5699 struct hostapd_hw_modes *mode;
5700 int ret;
5701
5702 if (phy_info->last_mode != nl_band->nla_type) {
5703 mode = os_realloc_array(phy_info->modes,
5704 *phy_info->num_modes + 1,
5705 sizeof(*mode));
5706 if (!mode)
5707 return NL_SKIP;
5708 phy_info->modes = mode;
5709
5710 mode = &phy_info->modes[*(phy_info->num_modes)];
5711 os_memset(mode, 0, sizeof(*mode));
5712 mode->mode = NUM_HOSTAPD_MODES;
5713 mode->flags = HOSTAPD_MODE_FLAG_HT_INFO_KNOWN |
5714 HOSTAPD_MODE_FLAG_VHT_INFO_KNOWN;
5715
5716 /*
5717 * Unsupported VHT MCS stream is defined as value 3, so the VHT
5718 * MCS RX/TX map must be initialized with 0xffff to mark all 8
5719 * possible streams as unsupported. This will be overridden if
5720 * driver advertises VHT support.
5721 */
5722 mode->vht_mcs_set[0] = 0xff;
5723 mode->vht_mcs_set[1] = 0xff;
5724 mode->vht_mcs_set[4] = 0xff;
5725 mode->vht_mcs_set[5] = 0xff;
5726
5727 *(phy_info->num_modes) += 1;
5728 phy_info->last_mode = nl_band->nla_type;
5729 phy_info->last_chan_idx = 0;
5730 } else
5731 mode = &phy_info->modes[*(phy_info->num_modes) - 1];
5732
5733 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
5734 nla_len(nl_band), NULL);
5735
5736 phy_info_ht_capa(mode, tb_band[NL80211_BAND_ATTR_HT_CAPA],
5737 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR],
5738 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY],
5739 tb_band[NL80211_BAND_ATTR_HT_MCS_SET]);
5740 phy_info_vht_capa(mode, tb_band[NL80211_BAND_ATTR_VHT_CAPA],
5741 tb_band[NL80211_BAND_ATTR_VHT_MCS_SET]);
5742 ret = phy_info_freqs(phy_info, mode, tb_band[NL80211_BAND_ATTR_FREQS]);
5743 if (ret != NL_OK)
5744 return ret;
5745 ret = phy_info_rates(mode, tb_band[NL80211_BAND_ATTR_RATES]);
5746 if (ret != NL_OK)
5747 return ret;
5748
5749 return NL_OK;
5750 }
5751
5752
phy_info_handler(struct nl_msg * msg,void * arg)5753 static int phy_info_handler(struct nl_msg *msg, void *arg)
5754 {
5755 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
5756 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
5757 struct phy_info_arg *phy_info = arg;
5758 struct nlattr *nl_band;
5759 int rem_band;
5760
5761 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
5762 genlmsg_attrlen(gnlh, 0), NULL);
5763
5764 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
5765 return NL_SKIP;
5766
5767 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band)
5768 {
5769 int res = phy_info_band(phy_info, nl_band);
5770 if (res != NL_OK)
5771 return res;
5772 }
5773
5774 return NL_SKIP;
5775 }
5776
5777
5778 static struct hostapd_hw_modes *
wpa_driver_nl80211_postprocess_modes(struct hostapd_hw_modes * modes,u16 * num_modes)5779 wpa_driver_nl80211_postprocess_modes(struct hostapd_hw_modes *modes,
5780 u16 *num_modes)
5781 {
5782 u16 m;
5783 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
5784 int i, mode11g_idx = -1;
5785
5786 /* heuristic to set up modes */
5787 for (m = 0; m < *num_modes; m++) {
5788 if (!modes[m].num_channels)
5789 continue;
5790 if (modes[m].channels[0].freq < 4000) {
5791 modes[m].mode = HOSTAPD_MODE_IEEE80211B;
5792 for (i = 0; i < modes[m].num_rates; i++) {
5793 if (modes[m].rates[i] > 200) {
5794 modes[m].mode = HOSTAPD_MODE_IEEE80211G;
5795 break;
5796 }
5797 }
5798 } else if (modes[m].channels[0].freq > 50000)
5799 modes[m].mode = HOSTAPD_MODE_IEEE80211AD;
5800 else
5801 modes[m].mode = HOSTAPD_MODE_IEEE80211A;
5802 }
5803
5804 /* If only 802.11g mode is included, use it to construct matching
5805 * 802.11b mode data. */
5806
5807 for (m = 0; m < *num_modes; m++) {
5808 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
5809 return modes; /* 802.11b already included */
5810 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
5811 mode11g_idx = m;
5812 }
5813
5814 if (mode11g_idx < 0)
5815 return modes; /* 2.4 GHz band not supported at all */
5816
5817 nmodes = os_realloc_array(modes, *num_modes + 1, sizeof(*nmodes));
5818 if (nmodes == NULL)
5819 return modes; /* Could not add 802.11b mode */
5820
5821 mode = &nmodes[*num_modes];
5822 os_memset(mode, 0, sizeof(*mode));
5823 (*num_modes)++;
5824 modes = nmodes;
5825
5826 mode->mode = HOSTAPD_MODE_IEEE80211B;
5827
5828 mode11g = &modes[mode11g_idx];
5829 mode->num_channels = mode11g->num_channels;
5830 mode->channels = os_malloc(mode11g->num_channels *
5831 sizeof(struct hostapd_channel_data));
5832 if (mode->channels == NULL) {
5833 (*num_modes)--;
5834 return modes; /* Could not add 802.11b mode */
5835 }
5836 os_memcpy(mode->channels, mode11g->channels,
5837 mode11g->num_channels * sizeof(struct hostapd_channel_data));
5838
5839 mode->num_rates = 0;
5840 mode->rates = os_malloc(4 * sizeof(int));
5841 if (mode->rates == NULL) {
5842 os_free(mode->channels);
5843 (*num_modes)--;
5844 return modes; /* Could not add 802.11b mode */
5845 }
5846
5847 for (i = 0; i < mode11g->num_rates; i++) {
5848 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 &&
5849 mode11g->rates[i] != 55 && mode11g->rates[i] != 110)
5850 continue;
5851 mode->rates[mode->num_rates] = mode11g->rates[i];
5852 mode->num_rates++;
5853 if (mode->num_rates == 4)
5854 break;
5855 }
5856
5857 if (mode->num_rates == 0) {
5858 os_free(mode->channels);
5859 os_free(mode->rates);
5860 (*num_modes)--;
5861 return modes; /* No 802.11b rates */
5862 }
5863
5864 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
5865 "information");
5866
5867 return modes;
5868 }
5869
5870
nl80211_set_ht40_mode(struct hostapd_hw_modes * mode,int start,int end)5871 static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start,
5872 int end)
5873 {
5874 int c;
5875
5876 for (c = 0; c < mode->num_channels; c++) {
5877 struct hostapd_channel_data *chan = &mode->channels[c];
5878 if (chan->freq - 10 >= start && chan->freq + 10 <= end)
5879 chan->flag |= HOSTAPD_CHAN_HT40;
5880 }
5881 }
5882
5883
nl80211_set_ht40_mode_sec(struct hostapd_hw_modes * mode,int start,int end)5884 static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start,
5885 int end)
5886 {
5887 int c;
5888
5889 for (c = 0; c < mode->num_channels; c++) {
5890 struct hostapd_channel_data *chan = &mode->channels[c];
5891 if (!(chan->flag & HOSTAPD_CHAN_HT40))
5892 continue;
5893 if (chan->freq - 30 >= start && chan->freq - 10 <= end)
5894 chan->flag |= HOSTAPD_CHAN_HT40MINUS;
5895 if (chan->freq + 10 >= start && chan->freq + 30 <= end)
5896 chan->flag |= HOSTAPD_CHAN_HT40PLUS;
5897 }
5898 }
5899
5900
nl80211_reg_rule_ht40(struct nlattr * tb[],struct phy_info_arg * results)5901 static void nl80211_reg_rule_ht40(struct nlattr *tb[],
5902 struct phy_info_arg *results)
5903 {
5904 u32 start, end, max_bw;
5905 u16 m;
5906
5907 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
5908 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
5909 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
5910 return;
5911
5912 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
5913 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
5914 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
5915
5916 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz",
5917 start, end, max_bw);
5918 if (max_bw < 40)
5919 return;
5920
5921 for (m = 0; m < *results->num_modes; m++) {
5922 if (!(results->modes[m].ht_capab &
5923 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
5924 continue;
5925 nl80211_set_ht40_mode(&results->modes[m], start, end);
5926 }
5927 }
5928
5929
nl80211_reg_rule_sec(struct nlattr * tb[],struct phy_info_arg * results)5930 static void nl80211_reg_rule_sec(struct nlattr *tb[],
5931 struct phy_info_arg *results)
5932 {
5933 u32 start, end, max_bw;
5934 u16 m;
5935
5936 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
5937 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
5938 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
5939 return;
5940
5941 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
5942 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
5943 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
5944
5945 if (max_bw < 20)
5946 return;
5947
5948 for (m = 0; m < *results->num_modes; m++) {
5949 if (!(results->modes[m].ht_capab &
5950 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
5951 continue;
5952 nl80211_set_ht40_mode_sec(&results->modes[m], start, end);
5953 }
5954 }
5955
5956
nl80211_get_reg(struct nl_msg * msg,void * arg)5957 static int nl80211_get_reg(struct nl_msg *msg, void *arg)
5958 {
5959 struct phy_info_arg *results = arg;
5960 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
5961 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
5962 struct nlattr *nl_rule;
5963 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1];
5964 int rem_rule;
5965 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
5966 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
5967 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
5968 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
5969 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
5970 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
5971 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
5972 };
5973
5974 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
5975 genlmsg_attrlen(gnlh, 0), NULL);
5976 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] ||
5977 !tb_msg[NL80211_ATTR_REG_RULES]) {
5978 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information "
5979 "available");
5980 return NL_SKIP;
5981 }
5982
5983 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s",
5984 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]));
5985
5986 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
5987 {
5988 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
5989 nla_data(nl_rule), nla_len(nl_rule), reg_policy);
5990 nl80211_reg_rule_ht40(tb_rule, results);
5991 }
5992
5993 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
5994 {
5995 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
5996 nla_data(nl_rule), nla_len(nl_rule), reg_policy);
5997 nl80211_reg_rule_sec(tb_rule, results);
5998 }
5999
6000 return NL_SKIP;
6001 }
6002
6003
nl80211_set_ht40_flags(struct wpa_driver_nl80211_data * drv,struct phy_info_arg * results)6004 static int nl80211_set_ht40_flags(struct wpa_driver_nl80211_data *drv,
6005 struct phy_info_arg *results)
6006 {
6007 struct nl_msg *msg;
6008
6009 msg = nlmsg_alloc();
6010 if (!msg)
6011 return -ENOMEM;
6012
6013 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG);
6014 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results);
6015 }
6016
6017
6018 static struct hostapd_hw_modes *
wpa_driver_nl80211_get_hw_feature_data(void * priv,u16 * num_modes,u16 * flags)6019 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
6020 {
6021 u32 feat;
6022 struct i802_bss *bss = priv;
6023 struct wpa_driver_nl80211_data *drv = bss->drv;
6024 struct nl_msg *msg;
6025 struct phy_info_arg result = {
6026 .num_modes = num_modes,
6027 .modes = NULL,
6028 .last_mode = -1,
6029 };
6030
6031 *num_modes = 0;
6032 *flags = 0;
6033
6034 msg = nlmsg_alloc();
6035 if (!msg)
6036 return NULL;
6037
6038 feat = get_nl80211_protocol_features(drv);
6039 if (feat & NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP)
6040 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_WIPHY);
6041 else
6042 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY);
6043
6044 NLA_PUT_FLAG(msg, NL80211_ATTR_SPLIT_WIPHY_DUMP);
6045 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6046
6047 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) {
6048 nl80211_set_ht40_flags(drv, &result);
6049 return wpa_driver_nl80211_postprocess_modes(result.modes,
6050 num_modes);
6051 }
6052 msg = NULL;
6053 nla_put_failure:
6054 nlmsg_free(msg);
6055 return NULL;
6056 }
6057
6058
wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data * drv,const void * data,size_t len,int encrypt,int noack)6059 static int wpa_driver_nl80211_send_mntr(struct wpa_driver_nl80211_data *drv,
6060 const void *data, size_t len,
6061 int encrypt, int noack)
6062 {
6063 __u8 rtap_hdr[] = {
6064 0x00, 0x00, /* radiotap version */
6065 0x0e, 0x00, /* radiotap length */
6066 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
6067 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
6068 0x00, /* padding */
6069 0x00, 0x00, /* RX and TX flags to indicate that */
6070 0x00, 0x00, /* this is the injected frame directly */
6071 };
6072 struct iovec iov[2] = {
6073 {
6074 .iov_base = &rtap_hdr,
6075 .iov_len = sizeof(rtap_hdr),
6076 },
6077 {
6078 .iov_base = (void *) data,
6079 .iov_len = len,
6080 }
6081 };
6082 struct msghdr msg = {
6083 .msg_name = NULL,
6084 .msg_namelen = 0,
6085 .msg_iov = iov,
6086 .msg_iovlen = 2,
6087 .msg_control = NULL,
6088 .msg_controllen = 0,
6089 .msg_flags = 0,
6090 };
6091 int res;
6092 u16 txflags = 0;
6093
6094 if (encrypt)
6095 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
6096
6097 if (drv->monitor_sock < 0) {
6098 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available "
6099 "for %s", __func__);
6100 return -1;
6101 }
6102
6103 if (noack)
6104 txflags |= IEEE80211_RADIOTAP_F_TX_NOACK;
6105 WPA_PUT_LE16(&rtap_hdr[12], txflags);
6106
6107 res = sendmsg(drv->monitor_sock, &msg, 0);
6108 if (res < 0) {
6109 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno));
6110 return -1;
6111 }
6112 return 0;
6113 }
6114
6115
wpa_driver_nl80211_send_frame(struct i802_bss * bss,const void * data,size_t len,int encrypt,int noack,unsigned int freq,int no_cck,int offchanok,unsigned int wait_time)6116 static int wpa_driver_nl80211_send_frame(struct i802_bss *bss,
6117 const void *data, size_t len,
6118 int encrypt, int noack,
6119 unsigned int freq, int no_cck,
6120 int offchanok, unsigned int wait_time)
6121 {
6122 struct wpa_driver_nl80211_data *drv = bss->drv;
6123 u64 cookie;
6124
6125 if (freq == 0)
6126 freq = bss->freq;
6127
6128 if (drv->use_monitor)
6129 return wpa_driver_nl80211_send_mntr(drv, data, len,
6130 encrypt, noack);
6131
6132 return nl80211_send_frame_cmd(bss, freq, wait_time, data, len,
6133 &cookie, no_cck, noack, offchanok);
6134 }
6135
6136
wpa_driver_nl80211_send_mlme(struct i802_bss * bss,const u8 * data,size_t data_len,int noack,unsigned int freq,int no_cck,int offchanok,unsigned int wait_time)6137 static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data,
6138 size_t data_len, int noack,
6139 unsigned int freq, int no_cck,
6140 int offchanok,
6141 unsigned int wait_time)
6142 {
6143 struct wpa_driver_nl80211_data *drv = bss->drv;
6144 struct ieee80211_mgmt *mgmt;
6145 int encrypt = 1;
6146 u16 fc;
6147
6148 mgmt = (struct ieee80211_mgmt *) data;
6149 fc = le_to_host16(mgmt->frame_control);
6150
6151 if ((is_sta_interface(drv->nlmode) ||
6152 drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) &&
6153 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
6154 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
6155 /*
6156 * The use of last_mgmt_freq is a bit of a hack,
6157 * but it works due to the single-threaded nature
6158 * of wpa_supplicant.
6159 */
6160 if (freq == 0)
6161 freq = drv->last_mgmt_freq;
6162 return nl80211_send_frame_cmd(bss, freq, 0,
6163 data, data_len, NULL, 1, noack,
6164 1);
6165 }
6166
6167 if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) {
6168 if (freq == 0)
6169 freq = bss->freq;
6170 return nl80211_send_frame_cmd(bss, freq,
6171 (int) freq == bss->freq ? 0 :
6172 wait_time,
6173 data, data_len,
6174 &drv->send_action_cookie,
6175 no_cck, noack, offchanok);
6176 }
6177
6178 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
6179 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
6180 /*
6181 * Only one of the authentication frame types is encrypted.
6182 * In order for static WEP encryption to work properly (i.e.,
6183 * to not encrypt the frame), we need to tell mac80211 about
6184 * the frames that must not be encrypted.
6185 */
6186 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
6187 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
6188 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
6189 encrypt = 0;
6190 }
6191
6192 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt,
6193 noack, freq, no_cck, offchanok,
6194 wait_time);
6195 }
6196
6197
nl80211_set_bss(struct i802_bss * bss,int cts,int preamble,int slot,int ht_opmode,int ap_isolate,int * basic_rates)6198 static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble,
6199 int slot, int ht_opmode, int ap_isolate,
6200 int *basic_rates)
6201 {
6202 struct wpa_driver_nl80211_data *drv = bss->drv;
6203 struct nl_msg *msg;
6204
6205 msg = nlmsg_alloc();
6206 if (!msg)
6207 return -ENOMEM;
6208
6209 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_BSS);
6210
6211 if (cts >= 0)
6212 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
6213 if (preamble >= 0)
6214 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
6215 if (slot >= 0)
6216 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
6217 if (ht_opmode >= 0)
6218 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode);
6219 if (ap_isolate >= 0)
6220 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate);
6221
6222 if (basic_rates) {
6223 u8 rates[NL80211_MAX_SUPP_RATES];
6224 u8 rates_len = 0;
6225 int i;
6226
6227 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0;
6228 i++)
6229 rates[rates_len++] = basic_rates[i] / 5;
6230
6231 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
6232 }
6233
6234 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
6235
6236 return send_and_recv_msgs(drv, msg, NULL, NULL);
6237 nla_put_failure:
6238 nlmsg_free(msg);
6239 return -ENOBUFS;
6240 }
6241
6242
wpa_driver_nl80211_set_acl(void * priv,struct hostapd_acl_params * params)6243 static int wpa_driver_nl80211_set_acl(void *priv,
6244 struct hostapd_acl_params *params)
6245 {
6246 struct i802_bss *bss = priv;
6247 struct wpa_driver_nl80211_data *drv = bss->drv;
6248 struct nl_msg *msg;
6249 struct nlattr *acl;
6250 unsigned int i;
6251 int ret = 0;
6252
6253 if (!(drv->capa.max_acl_mac_addrs))
6254 return -ENOTSUP;
6255
6256 if (params->num_mac_acl > drv->capa.max_acl_mac_addrs)
6257 return -ENOTSUP;
6258
6259 msg = nlmsg_alloc();
6260 if (!msg)
6261 return -ENOMEM;
6262
6263 wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)",
6264 params->acl_policy ? "Accept" : "Deny", params->num_mac_acl);
6265
6266 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_MAC_ACL);
6267
6268 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6269
6270 NLA_PUT_U32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ?
6271 NL80211_ACL_POLICY_DENY_UNLESS_LISTED :
6272 NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED);
6273
6274 acl = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
6275 if (acl == NULL)
6276 goto nla_put_failure;
6277
6278 for (i = 0; i < params->num_mac_acl; i++)
6279 NLA_PUT(msg, i + 1, ETH_ALEN, params->mac_acl[i].addr);
6280
6281 nla_nest_end(msg, acl);
6282
6283 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6284 msg = NULL;
6285 if (ret) {
6286 wpa_printf(MSG_DEBUG, "nl80211: Failed to set MAC ACL: %d (%s)",
6287 ret, strerror(-ret));
6288 }
6289
6290 nla_put_failure:
6291 nlmsg_free(msg);
6292
6293 return ret;
6294 }
6295
6296
wpa_driver_nl80211_set_ap(void * priv,struct wpa_driver_ap_params * params)6297 static int wpa_driver_nl80211_set_ap(void *priv,
6298 struct wpa_driver_ap_params *params)
6299 {
6300 struct i802_bss *bss = priv;
6301 struct wpa_driver_nl80211_data *drv = bss->drv;
6302 struct nl_msg *msg;
6303 u8 cmd = NL80211_CMD_NEW_BEACON;
6304 int ret;
6305 int beacon_set;
6306 int ifindex = if_nametoindex(bss->ifname);
6307 int num_suites;
6308 u32 suites[10];
6309 u32 ver;
6310
6311 beacon_set = bss->beacon_set;
6312
6313 msg = nlmsg_alloc();
6314 if (!msg)
6315 return -ENOMEM;
6316
6317 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
6318 beacon_set);
6319 if (beacon_set)
6320 cmd = NL80211_CMD_SET_BEACON;
6321
6322 nl80211_cmd(drv, msg, 0, cmd);
6323 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon head",
6324 params->head, params->head_len);
6325 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, params->head_len, params->head);
6326 wpa_hexdump(MSG_DEBUG, "nl80211: Beacon tail",
6327 params->tail, params->tail_len);
6328 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len, params->tail);
6329 wpa_printf(MSG_DEBUG, "nl80211: ifindex=%d", ifindex);
6330 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
6331 wpa_printf(MSG_DEBUG, "nl80211: beacon_int=%d", params->beacon_int);
6332 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, params->beacon_int);
6333 wpa_printf(MSG_DEBUG, "nl80211: dtim_period=%d", params->dtim_period);
6334 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, params->dtim_period);
6335 wpa_hexdump_ascii(MSG_DEBUG, "nl80211: ssid",
6336 params->ssid, params->ssid_len);
6337 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
6338 params->ssid);
6339 if (params->proberesp && params->proberesp_len) {
6340 wpa_hexdump(MSG_DEBUG, "nl80211: proberesp (offload)",
6341 params->proberesp, params->proberesp_len);
6342 NLA_PUT(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len,
6343 params->proberesp);
6344 }
6345 switch (params->hide_ssid) {
6346 case NO_SSID_HIDING:
6347 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID not in use");
6348 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
6349 NL80211_HIDDEN_SSID_NOT_IN_USE);
6350 break;
6351 case HIDDEN_SSID_ZERO_LEN:
6352 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero len");
6353 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
6354 NL80211_HIDDEN_SSID_ZERO_LEN);
6355 break;
6356 case HIDDEN_SSID_ZERO_CONTENTS:
6357 wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero contents");
6358 NLA_PUT_U32(msg, NL80211_ATTR_HIDDEN_SSID,
6359 NL80211_HIDDEN_SSID_ZERO_CONTENTS);
6360 break;
6361 }
6362 wpa_printf(MSG_DEBUG, "nl80211: privacy=%d", params->privacy);
6363 if (params->privacy)
6364 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
6365 wpa_printf(MSG_DEBUG, "nl80211: auth_algs=0x%x", params->auth_algs);
6366 if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) ==
6367 (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) {
6368 /* Leave out the attribute */
6369 } else if (params->auth_algs & WPA_AUTH_ALG_SHARED)
6370 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
6371 NL80211_AUTHTYPE_SHARED_KEY);
6372 else
6373 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
6374 NL80211_AUTHTYPE_OPEN_SYSTEM);
6375
6376 wpa_printf(MSG_DEBUG, "nl80211: wpa_version=0x%x", params->wpa_version);
6377 ver = 0;
6378 if (params->wpa_version & WPA_PROTO_WPA)
6379 ver |= NL80211_WPA_VERSION_1;
6380 if (params->wpa_version & WPA_PROTO_RSN)
6381 ver |= NL80211_WPA_VERSION_2;
6382 if (ver)
6383 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
6384
6385 wpa_printf(MSG_DEBUG, "nl80211: key_mgmt_suites=0x%x",
6386 params->key_mgmt_suites);
6387 num_suites = 0;
6388 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X)
6389 suites[num_suites++] = WLAN_AKM_SUITE_8021X;
6390 if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)
6391 suites[num_suites++] = WLAN_AKM_SUITE_PSK;
6392 if (num_suites) {
6393 NLA_PUT(msg, NL80211_ATTR_AKM_SUITES,
6394 num_suites * sizeof(u32), suites);
6395 }
6396
6397 if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X &&
6398 params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40))
6399 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT);
6400
6401 wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x",
6402 params->pairwise_ciphers);
6403 num_suites = 0;
6404 if (params->pairwise_ciphers & WPA_CIPHER_CCMP)
6405 suites[num_suites++] = WLAN_CIPHER_SUITE_CCMP;
6406 if (params->pairwise_ciphers & WPA_CIPHER_GCMP)
6407 suites[num_suites++] = WLAN_CIPHER_SUITE_GCMP;
6408 if (params->pairwise_ciphers & WPA_CIPHER_TKIP)
6409 suites[num_suites++] = WLAN_CIPHER_SUITE_TKIP;
6410 if (params->pairwise_ciphers & WPA_CIPHER_WEP104)
6411 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP104;
6412 if (params->pairwise_ciphers & WPA_CIPHER_WEP40)
6413 suites[num_suites++] = WLAN_CIPHER_SUITE_WEP40;
6414 if (num_suites) {
6415 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
6416 num_suites * sizeof(u32), suites);
6417 }
6418
6419 wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x",
6420 params->group_cipher);
6421 switch (params->group_cipher) {
6422 case WPA_CIPHER_CCMP:
6423 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
6424 WLAN_CIPHER_SUITE_CCMP);
6425 break;
6426 case WPA_CIPHER_GCMP:
6427 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
6428 WLAN_CIPHER_SUITE_GCMP);
6429 break;
6430 case WPA_CIPHER_TKIP:
6431 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
6432 WLAN_CIPHER_SUITE_TKIP);
6433 break;
6434 case WPA_CIPHER_WEP104:
6435 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
6436 WLAN_CIPHER_SUITE_WEP104);
6437 break;
6438 case WPA_CIPHER_WEP40:
6439 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
6440 WLAN_CIPHER_SUITE_WEP40);
6441 break;
6442 }
6443
6444 if (params->beacon_ies) {
6445 wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies",
6446 params->beacon_ies);
6447 NLA_PUT(msg, NL80211_ATTR_IE, wpabuf_len(params->beacon_ies),
6448 wpabuf_head(params->beacon_ies));
6449 }
6450 if (params->proberesp_ies) {
6451 wpa_hexdump_buf(MSG_DEBUG, "nl80211: proberesp_ies",
6452 params->proberesp_ies);
6453 NLA_PUT(msg, NL80211_ATTR_IE_PROBE_RESP,
6454 wpabuf_len(params->proberesp_ies),
6455 wpabuf_head(params->proberesp_ies));
6456 }
6457 if (params->assocresp_ies) {
6458 wpa_hexdump_buf(MSG_DEBUG, "nl80211: assocresp_ies",
6459 params->assocresp_ies);
6460 NLA_PUT(msg, NL80211_ATTR_IE_ASSOC_RESP,
6461 wpabuf_len(params->assocresp_ies),
6462 wpabuf_head(params->assocresp_ies));
6463 }
6464
6465 if (drv->capa.flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER) {
6466 wpa_printf(MSG_DEBUG, "nl80211: ap_max_inactivity=%d",
6467 params->ap_max_inactivity);
6468 NLA_PUT_U16(msg, NL80211_ATTR_INACTIVITY_TIMEOUT,
6469 params->ap_max_inactivity);
6470 }
6471
6472 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6473 if (ret) {
6474 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
6475 ret, strerror(-ret));
6476 } else {
6477 bss->beacon_set = 1;
6478 nl80211_set_bss(bss, params->cts_protect, params->preamble,
6479 params->short_slot_time, params->ht_opmode,
6480 params->isolate, params->basic_rates);
6481 }
6482 return ret;
6483 nla_put_failure:
6484 nlmsg_free(msg);
6485 return -ENOBUFS;
6486 }
6487
6488
wpa_driver_nl80211_set_freq(struct i802_bss * bss,struct hostapd_freq_params * freq)6489 static int wpa_driver_nl80211_set_freq(struct i802_bss *bss,
6490 struct hostapd_freq_params *freq)
6491 {
6492 struct wpa_driver_nl80211_data *drv = bss->drv;
6493 struct nl_msg *msg;
6494 int ret;
6495
6496 wpa_printf(MSG_DEBUG, "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d,"
6497 " bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
6498 freq->freq, freq->ht_enabled, freq->vht_enabled,
6499 freq->bandwidth, freq->center_freq1, freq->center_freq2);
6500 msg = nlmsg_alloc();
6501 if (!msg)
6502 return -1;
6503
6504 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
6505
6506 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6507 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq);
6508 if (freq->vht_enabled) {
6509 switch (freq->bandwidth) {
6510 case 20:
6511 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
6512 NL80211_CHAN_WIDTH_20);
6513 break;
6514 case 40:
6515 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
6516 NL80211_CHAN_WIDTH_40);
6517 break;
6518 case 80:
6519 if (freq->center_freq2)
6520 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
6521 NL80211_CHAN_WIDTH_80P80);
6522 else
6523 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
6524 NL80211_CHAN_WIDTH_80);
6525 break;
6526 case 160:
6527 NLA_PUT_U32(msg, NL80211_ATTR_CHANNEL_WIDTH,
6528 NL80211_CHAN_WIDTH_160);
6529 break;
6530 default:
6531 return -1;
6532 }
6533 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ1, freq->center_freq1);
6534 if (freq->center_freq2)
6535 NLA_PUT_U32(msg, NL80211_ATTR_CENTER_FREQ2,
6536 freq->center_freq2);
6537 } else if (freq->ht_enabled) {
6538 switch (freq->sec_channel_offset) {
6539 case -1:
6540 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
6541 NL80211_CHAN_HT40MINUS);
6542 break;
6543 case 1:
6544 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
6545 NL80211_CHAN_HT40PLUS);
6546 break;
6547 default:
6548 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
6549 NL80211_CHAN_HT20);
6550 break;
6551 }
6552 }
6553
6554 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6555 msg = NULL;
6556 if (ret == 0) {
6557 bss->freq = freq->freq;
6558 return 0;
6559 }
6560 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
6561 "%d (%s)", freq->freq, ret, strerror(-ret));
6562 nla_put_failure:
6563 nlmsg_free(msg);
6564 return -1;
6565 }
6566
6567
sta_flags_nl80211(int flags)6568 static u32 sta_flags_nl80211(int flags)
6569 {
6570 u32 f = 0;
6571
6572 if (flags & WPA_STA_AUTHORIZED)
6573 f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
6574 if (flags & WPA_STA_WMM)
6575 f |= BIT(NL80211_STA_FLAG_WME);
6576 if (flags & WPA_STA_SHORT_PREAMBLE)
6577 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
6578 if (flags & WPA_STA_MFP)
6579 f |= BIT(NL80211_STA_FLAG_MFP);
6580 if (flags & WPA_STA_TDLS_PEER)
6581 f |= BIT(NL80211_STA_FLAG_TDLS_PEER);
6582
6583 return f;
6584 }
6585
6586
wpa_driver_nl80211_sta_add(void * priv,struct hostapd_sta_add_params * params)6587 static int wpa_driver_nl80211_sta_add(void *priv,
6588 struct hostapd_sta_add_params *params)
6589 {
6590 struct i802_bss *bss = priv;
6591 struct wpa_driver_nl80211_data *drv = bss->drv;
6592 struct nl_msg *msg;
6593 struct nl80211_sta_flag_update upd;
6594 int ret = -ENOBUFS;
6595
6596 if ((params->flags & WPA_STA_TDLS_PEER) &&
6597 !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
6598 return -EOPNOTSUPP;
6599
6600 msg = nlmsg_alloc();
6601 if (!msg)
6602 return -ENOMEM;
6603
6604 wpa_printf(MSG_DEBUG, "nl80211: %s STA " MACSTR,
6605 params->set ? "Set" : "Add", MAC2STR(params->addr));
6606 nl80211_cmd(drv, msg, 0, params->set ? NL80211_CMD_SET_STATION :
6607 NL80211_CMD_NEW_STATION);
6608
6609 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
6610 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
6611 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
6612 params->supp_rates);
6613 wpa_hexdump(MSG_DEBUG, " * supported rates", params->supp_rates,
6614 params->supp_rates_len);
6615 if (!params->set) {
6616 if (params->aid) {
6617 wpa_printf(MSG_DEBUG, " * aid=%u", params->aid);
6618 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
6619 } else {
6620 /*
6621 * cfg80211 validates that AID is non-zero, so we have
6622 * to make this a non-zero value for the TDLS case where
6623 * a dummy STA entry is used for now.
6624 */
6625 wpa_printf(MSG_DEBUG, " * aid=1 (TDLS workaround)");
6626 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, 1);
6627 }
6628 wpa_printf(MSG_DEBUG, " * listen_interval=%u",
6629 params->listen_interval);
6630 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
6631 params->listen_interval);
6632 } else if (params->aid && (params->flags & WPA_STA_TDLS_PEER)) {
6633 wpa_printf(MSG_DEBUG, " * peer_aid=%u", params->aid);
6634 NLA_PUT_U16(msg, NL80211_ATTR_PEER_AID, params->aid);
6635 }
6636 if (params->ht_capabilities) {
6637 wpa_hexdump(MSG_DEBUG, " * ht_capabilities",
6638 (u8 *) params->ht_capabilities,
6639 sizeof(*params->ht_capabilities));
6640 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
6641 sizeof(*params->ht_capabilities),
6642 params->ht_capabilities);
6643 }
6644
6645 if (params->vht_capabilities) {
6646 wpa_hexdump(MSG_DEBUG, " * vht_capabilities",
6647 (u8 *) params->vht_capabilities,
6648 sizeof(*params->vht_capabilities));
6649 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY,
6650 sizeof(*params->vht_capabilities),
6651 params->vht_capabilities);
6652 }
6653
6654 wpa_printf(MSG_DEBUG, " * capability=0x%x", params->capability);
6655 NLA_PUT_U16(msg, NL80211_ATTR_STA_CAPABILITY, params->capability);
6656
6657 if (params->ext_capab) {
6658 wpa_hexdump(MSG_DEBUG, " * ext_capab",
6659 params->ext_capab, params->ext_capab_len);
6660 NLA_PUT(msg, NL80211_ATTR_STA_EXT_CAPABILITY,
6661 params->ext_capab_len, params->ext_capab);
6662 }
6663
6664 os_memset(&upd, 0, sizeof(upd));
6665 upd.mask = sta_flags_nl80211(params->flags);
6666 upd.set = upd.mask;
6667 wpa_printf(MSG_DEBUG, " * flags set=0x%x mask=0x%x",
6668 upd.set, upd.mask);
6669 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
6670
6671 if (params->flags & WPA_STA_WMM) {
6672 struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME);
6673
6674 if (!wme)
6675 goto nla_put_failure;
6676
6677 wpa_printf(MSG_DEBUG, " * qosinfo=0x%x", params->qosinfo);
6678 NLA_PUT_U8(msg, NL80211_STA_WME_UAPSD_QUEUES,
6679 params->qosinfo & WMM_QOSINFO_STA_AC_MASK);
6680 NLA_PUT_U8(msg, NL80211_STA_WME_MAX_SP,
6681 (params->qosinfo >> WMM_QOSINFO_STA_SP_SHIFT) &
6682 WMM_QOSINFO_STA_SP_MASK);
6683 nla_nest_end(msg, wme);
6684 }
6685
6686 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6687 msg = NULL;
6688 if (ret)
6689 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION "
6690 "result: %d (%s)", params->set ? "SET" : "NEW", ret,
6691 strerror(-ret));
6692 if (ret == -EEXIST)
6693 ret = 0;
6694 nla_put_failure:
6695 nlmsg_free(msg);
6696 return ret;
6697 }
6698
6699
wpa_driver_nl80211_sta_remove(struct i802_bss * bss,const u8 * addr)6700 static int wpa_driver_nl80211_sta_remove(struct i802_bss *bss, const u8 *addr)
6701 {
6702 struct wpa_driver_nl80211_data *drv = bss->drv;
6703 struct nl_msg *msg;
6704 int ret;
6705
6706 msg = nlmsg_alloc();
6707 if (!msg)
6708 return -ENOMEM;
6709
6710 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION);
6711
6712 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
6713 if_nametoindex(bss->ifname));
6714 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
6715
6716 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6717 wpa_printf(MSG_DEBUG, "nl80211: sta_remove -> DEL_STATION %s " MACSTR
6718 " --> %d (%s)",
6719 bss->ifname, MAC2STR(addr), ret, strerror(-ret));
6720 if (ret == -ENOENT)
6721 return 0;
6722 return ret;
6723 nla_put_failure:
6724 nlmsg_free(msg);
6725 return -ENOBUFS;
6726 }
6727
6728
nl80211_remove_iface(struct wpa_driver_nl80211_data * drv,int ifidx)6729 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
6730 int ifidx)
6731 {
6732 struct nl_msg *msg;
6733
6734 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
6735
6736 /* stop listening for EAPOL on this interface */
6737 del_ifidx(drv, ifidx);
6738
6739 msg = nlmsg_alloc();
6740 if (!msg)
6741 goto nla_put_failure;
6742
6743 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_INTERFACE);
6744 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
6745
6746 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
6747 return;
6748 msg = NULL;
6749 nla_put_failure:
6750 nlmsg_free(msg);
6751 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
6752 }
6753
6754
nl80211_iftype_str(enum nl80211_iftype mode)6755 static const char * nl80211_iftype_str(enum nl80211_iftype mode)
6756 {
6757 switch (mode) {
6758 case NL80211_IFTYPE_ADHOC:
6759 return "ADHOC";
6760 case NL80211_IFTYPE_STATION:
6761 return "STATION";
6762 case NL80211_IFTYPE_AP:
6763 return "AP";
6764 case NL80211_IFTYPE_AP_VLAN:
6765 return "AP_VLAN";
6766 case NL80211_IFTYPE_WDS:
6767 return "WDS";
6768 case NL80211_IFTYPE_MONITOR:
6769 return "MONITOR";
6770 case NL80211_IFTYPE_MESH_POINT:
6771 return "MESH_POINT";
6772 case NL80211_IFTYPE_P2P_CLIENT:
6773 return "P2P_CLIENT";
6774 case NL80211_IFTYPE_P2P_GO:
6775 return "P2P_GO";
6776 case NL80211_IFTYPE_P2P_DEVICE:
6777 return "P2P_DEVICE";
6778 default:
6779 return "unknown";
6780 }
6781 }
6782
6783
nl80211_create_iface_once(struct wpa_driver_nl80211_data * drv,const char * ifname,enum nl80211_iftype iftype,const u8 * addr,int wds,int (* handler)(struct nl_msg *,void *),void * arg)6784 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
6785 const char *ifname,
6786 enum nl80211_iftype iftype,
6787 const u8 *addr, int wds,
6788 int (*handler)(struct nl_msg *, void *),
6789 void *arg)
6790 {
6791 struct nl_msg *msg;
6792 int ifidx;
6793 int ret = -ENOBUFS;
6794
6795 wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)",
6796 iftype, nl80211_iftype_str(iftype));
6797
6798 msg = nlmsg_alloc();
6799 if (!msg)
6800 return -1;
6801
6802 nl80211_cmd(drv, msg, 0, NL80211_CMD_NEW_INTERFACE);
6803 if (nl80211_set_iface_id(msg, &drv->first_bss) < 0)
6804 goto nla_put_failure;
6805 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
6806 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
6807
6808 if (iftype == NL80211_IFTYPE_MONITOR) {
6809 struct nlattr *flags;
6810
6811 flags = nla_nest_start(msg, NL80211_ATTR_MNTR_FLAGS);
6812 if (!flags)
6813 goto nla_put_failure;
6814
6815 NLA_PUT_FLAG(msg, NL80211_MNTR_FLAG_COOK_FRAMES);
6816
6817 nla_nest_end(msg, flags);
6818 } else if (wds) {
6819 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds);
6820 }
6821
6822 ret = send_and_recv_msgs(drv, msg, handler, arg);
6823 msg = NULL;
6824 if (ret) {
6825 nla_put_failure:
6826 nlmsg_free(msg);
6827 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
6828 ifname, ret, strerror(-ret));
6829 return ret;
6830 }
6831
6832 if (iftype == NL80211_IFTYPE_P2P_DEVICE)
6833 return 0;
6834
6835 ifidx = if_nametoindex(ifname);
6836 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
6837 ifname, ifidx);
6838
6839 if (ifidx <= 0)
6840 return -1;
6841
6842 /* start listening for EAPOL on this interface */
6843 add_ifidx(drv, ifidx);
6844
6845 if (addr && iftype != NL80211_IFTYPE_MONITOR &&
6846 linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) {
6847 nl80211_remove_iface(drv, ifidx);
6848 return -1;
6849 }
6850
6851 return ifidx;
6852 }
6853
6854
nl80211_create_iface(struct wpa_driver_nl80211_data * drv,const char * ifname,enum nl80211_iftype iftype,const u8 * addr,int wds,int (* handler)(struct nl_msg *,void *),void * arg)6855 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
6856 const char *ifname, enum nl80211_iftype iftype,
6857 const u8 *addr, int wds,
6858 int (*handler)(struct nl_msg *, void *),
6859 void *arg)
6860 {
6861 int ret;
6862
6863 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds, handler,
6864 arg);
6865
6866 /* if error occurred and interface exists already */
6867 if (ret == -ENFILE && if_nametoindex(ifname)) {
6868 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
6869
6870 /* Try to remove the interface that was already there. */
6871 nl80211_remove_iface(drv, if_nametoindex(ifname));
6872
6873 /* Try to create the interface again */
6874 ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
6875 wds, handler, arg);
6876 }
6877
6878 if (ret >= 0 && is_p2p_net_interface(iftype))
6879 nl80211_disable_11b_rates(drv, ret, 1);
6880
6881 return ret;
6882 }
6883
6884
handle_tx_callback(void * ctx,u8 * buf,size_t len,int ok)6885 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
6886 {
6887 struct ieee80211_hdr *hdr;
6888 u16 fc;
6889 union wpa_event_data event;
6890
6891 hdr = (struct ieee80211_hdr *) buf;
6892 fc = le_to_host16(hdr->frame_control);
6893
6894 os_memset(&event, 0, sizeof(event));
6895 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
6896 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
6897 event.tx_status.dst = hdr->addr1;
6898 event.tx_status.data = buf;
6899 event.tx_status.data_len = len;
6900 event.tx_status.ack = ok;
6901 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event);
6902 }
6903
6904
from_unknown_sta(struct wpa_driver_nl80211_data * drv,u8 * buf,size_t len)6905 static void from_unknown_sta(struct wpa_driver_nl80211_data *drv,
6906 u8 *buf, size_t len)
6907 {
6908 struct ieee80211_hdr *hdr = (void *)buf;
6909 u16 fc;
6910 union wpa_event_data event;
6911
6912 if (len < sizeof(*hdr))
6913 return;
6914
6915 fc = le_to_host16(hdr->frame_control);
6916
6917 os_memset(&event, 0, sizeof(event));
6918 event.rx_from_unknown.bssid = get_hdr_bssid(hdr, len);
6919 event.rx_from_unknown.addr = hdr->addr2;
6920 event.rx_from_unknown.wds = (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) ==
6921 (WLAN_FC_FROMDS | WLAN_FC_TODS);
6922 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
6923 }
6924
6925
handle_frame(struct wpa_driver_nl80211_data * drv,u8 * buf,size_t len,int datarate,int ssi_signal)6926 static void handle_frame(struct wpa_driver_nl80211_data *drv,
6927 u8 *buf, size_t len, int datarate, int ssi_signal)
6928 {
6929 struct ieee80211_hdr *hdr;
6930 u16 fc;
6931 union wpa_event_data event;
6932
6933 hdr = (struct ieee80211_hdr *) buf;
6934 fc = le_to_host16(hdr->frame_control);
6935
6936 switch (WLAN_FC_GET_TYPE(fc)) {
6937 case WLAN_FC_TYPE_MGMT:
6938 os_memset(&event, 0, sizeof(event));
6939 event.rx_mgmt.frame = buf;
6940 event.rx_mgmt.frame_len = len;
6941 event.rx_mgmt.datarate = datarate;
6942 event.rx_mgmt.ssi_signal = ssi_signal;
6943 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
6944 break;
6945 case WLAN_FC_TYPE_CTRL:
6946 /* can only get here with PS-Poll frames */
6947 wpa_printf(MSG_DEBUG, "CTRL");
6948 from_unknown_sta(drv, buf, len);
6949 break;
6950 case WLAN_FC_TYPE_DATA:
6951 from_unknown_sta(drv, buf, len);
6952 break;
6953 }
6954 }
6955
6956
handle_monitor_read(int sock,void * eloop_ctx,void * sock_ctx)6957 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
6958 {
6959 struct wpa_driver_nl80211_data *drv = eloop_ctx;
6960 int len;
6961 unsigned char buf[3000];
6962 struct ieee80211_radiotap_iterator iter;
6963 int ret;
6964 int datarate = 0, ssi_signal = 0;
6965 int injected = 0, failed = 0, rxflags = 0;
6966
6967 len = recv(sock, buf, sizeof(buf), 0);
6968 if (len < 0) {
6969 perror("recv");
6970 return;
6971 }
6972
6973 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
6974 printf("received invalid radiotap frame\n");
6975 return;
6976 }
6977
6978 while (1) {
6979 ret = ieee80211_radiotap_iterator_next(&iter);
6980 if (ret == -ENOENT)
6981 break;
6982 if (ret) {
6983 printf("received invalid radiotap frame (%d)\n", ret);
6984 return;
6985 }
6986 switch (iter.this_arg_index) {
6987 case IEEE80211_RADIOTAP_FLAGS:
6988 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
6989 len -= 4;
6990 break;
6991 case IEEE80211_RADIOTAP_RX_FLAGS:
6992 rxflags = 1;
6993 break;
6994 case IEEE80211_RADIOTAP_TX_FLAGS:
6995 injected = 1;
6996 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
6997 IEEE80211_RADIOTAP_F_TX_FAIL;
6998 break;
6999 case IEEE80211_RADIOTAP_DATA_RETRIES:
7000 break;
7001 case IEEE80211_RADIOTAP_CHANNEL:
7002 /* TODO: convert from freq/flags to channel number */
7003 break;
7004 case IEEE80211_RADIOTAP_RATE:
7005 datarate = *iter.this_arg * 5;
7006 break;
7007 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
7008 ssi_signal = (s8) *iter.this_arg;
7009 break;
7010 }
7011 }
7012
7013 if (rxflags && injected)
7014 return;
7015
7016 if (!injected)
7017 handle_frame(drv, buf + iter.max_length,
7018 len - iter.max_length, datarate, ssi_signal);
7019 else
7020 handle_tx_callback(drv->ctx, buf + iter.max_length,
7021 len - iter.max_length, !failed);
7022 }
7023
7024
7025 /*
7026 * we post-process the filter code later and rewrite
7027 * this to the offset to the last instruction
7028 */
7029 #define PASS 0xFF
7030 #define FAIL 0xFE
7031
7032 static struct sock_filter msock_filter_insns[] = {
7033 /*
7034 * do a little-endian load of the radiotap length field
7035 */
7036 /* load lower byte into A */
7037 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
7038 /* put it into X (== index register) */
7039 BPF_STMT(BPF_MISC| BPF_TAX, 0),
7040 /* load upper byte into A */
7041 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
7042 /* left-shift it by 8 */
7043 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
7044 /* or with X */
7045 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
7046 /* put result into X */
7047 BPF_STMT(BPF_MISC| BPF_TAX, 0),
7048
7049 /*
7050 * Allow management frames through, this also gives us those
7051 * management frames that we sent ourselves with status
7052 */
7053 /* load the lower byte of the IEEE 802.11 frame control field */
7054 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
7055 /* mask off frame type and version */
7056 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
7057 /* accept frame if it's both 0, fall through otherwise */
7058 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
7059
7060 /*
7061 * TODO: add a bit to radiotap RX flags that indicates
7062 * that the sending station is not associated, then
7063 * add a filter here that filters on our DA and that flag
7064 * to allow us to deauth frames to that bad station.
7065 *
7066 * For now allow all To DS data frames through.
7067 */
7068 /* load the IEEE 802.11 frame control field */
7069 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0),
7070 /* mask off frame type, version and DS status */
7071 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03),
7072 /* accept frame if version 0, type 2 and To DS, fall through otherwise
7073 */
7074 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0),
7075
7076 #if 0
7077 /*
7078 * drop non-data frames
7079 */
7080 /* load the lower byte of the frame control field */
7081 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
7082 /* mask off QoS bit */
7083 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
7084 /* drop non-data frames */
7085 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
7086 #endif
7087 /* load the upper byte of the frame control field */
7088 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1),
7089 /* mask off toDS/fromDS */
7090 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
7091 /* accept WDS frames */
7092 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0),
7093
7094 /*
7095 * add header length to index
7096 */
7097 /* load the lower byte of the frame control field */
7098 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
7099 /* mask off QoS bit */
7100 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
7101 /* right shift it by 6 to give 0 or 2 */
7102 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
7103 /* add data frame header length */
7104 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
7105 /* add index, was start of 802.11 header */
7106 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
7107 /* move to index, now start of LL header */
7108 BPF_STMT(BPF_MISC | BPF_TAX, 0),
7109
7110 /*
7111 * Accept empty data frames, we use those for
7112 * polling activity.
7113 */
7114 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
7115 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
7116
7117 /*
7118 * Accept EAPOL frames
7119 */
7120 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
7121 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
7122 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
7123 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
7124
7125 /* keep these last two statements or change the code below */
7126 /* return 0 == "DROP" */
7127 BPF_STMT(BPF_RET | BPF_K, 0),
7128 /* return ~0 == "keep all" */
7129 BPF_STMT(BPF_RET | BPF_K, ~0),
7130 };
7131
7132 static struct sock_fprog msock_filter = {
7133 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
7134 .filter = msock_filter_insns,
7135 };
7136
7137
add_monitor_filter(int s)7138 static int add_monitor_filter(int s)
7139 {
7140 int idx;
7141
7142 /* rewrite all PASS/FAIL jump offsets */
7143 for (idx = 0; idx < msock_filter.len; idx++) {
7144 struct sock_filter *insn = &msock_filter_insns[idx];
7145
7146 if (BPF_CLASS(insn->code) == BPF_JMP) {
7147 if (insn->code == (BPF_JMP|BPF_JA)) {
7148 if (insn->k == PASS)
7149 insn->k = msock_filter.len - idx - 2;
7150 else if (insn->k == FAIL)
7151 insn->k = msock_filter.len - idx - 3;
7152 }
7153
7154 if (insn->jt == PASS)
7155 insn->jt = msock_filter.len - idx - 2;
7156 else if (insn->jt == FAIL)
7157 insn->jt = msock_filter.len - idx - 3;
7158
7159 if (insn->jf == PASS)
7160 insn->jf = msock_filter.len - idx - 2;
7161 else if (insn->jf == FAIL)
7162 insn->jf = msock_filter.len - idx - 3;
7163 }
7164 }
7165
7166 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
7167 &msock_filter, sizeof(msock_filter))) {
7168 perror("SO_ATTACH_FILTER");
7169 return -1;
7170 }
7171
7172 return 0;
7173 }
7174
7175
nl80211_remove_monitor_interface(struct wpa_driver_nl80211_data * drv)7176 static void nl80211_remove_monitor_interface(
7177 struct wpa_driver_nl80211_data *drv)
7178 {
7179 drv->monitor_refcount--;
7180 if (drv->monitor_refcount > 0)
7181 return;
7182
7183 if (drv->monitor_ifidx >= 0) {
7184 nl80211_remove_iface(drv, drv->monitor_ifidx);
7185 drv->monitor_ifidx = -1;
7186 }
7187 if (drv->monitor_sock >= 0) {
7188 eloop_unregister_read_sock(drv->monitor_sock);
7189 close(drv->monitor_sock);
7190 drv->monitor_sock = -1;
7191 }
7192 }
7193
7194
7195 static int
nl80211_create_monitor_interface(struct wpa_driver_nl80211_data * drv)7196 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
7197 {
7198 char buf[IFNAMSIZ];
7199 struct sockaddr_ll ll;
7200 int optval;
7201 socklen_t optlen;
7202
7203 if (drv->monitor_ifidx >= 0) {
7204 drv->monitor_refcount++;
7205 return 0;
7206 }
7207
7208 if (os_strncmp(drv->first_bss.ifname, "p2p-", 4) == 0) {
7209 /*
7210 * P2P interface name is of the format p2p-%s-%d. For monitor
7211 * interface name corresponding to P2P GO, replace "p2p-" with
7212 * "mon-" to retain the same interface name length and to
7213 * indicate that it is a monitor interface.
7214 */
7215 snprintf(buf, IFNAMSIZ, "mon-%s", drv->first_bss.ifname + 4);
7216 } else {
7217 /* Non-P2P interface with AP functionality. */
7218 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname);
7219 }
7220
7221 buf[IFNAMSIZ - 1] = '\0';
7222
7223 drv->monitor_ifidx =
7224 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL,
7225 0, NULL, NULL);
7226
7227 if (drv->monitor_ifidx == -EOPNOTSUPP) {
7228 /*
7229 * This is backward compatibility for a few versions of
7230 * the kernel only that didn't advertise the right
7231 * attributes for the only driver that then supported
7232 * AP mode w/o monitor -- ath6kl.
7233 */
7234 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support "
7235 "monitor interface type - try to run without it");
7236 drv->device_ap_sme = 1;
7237 }
7238
7239 if (drv->monitor_ifidx < 0)
7240 return -1;
7241
7242 if (linux_set_iface_flags(drv->global->ioctl_sock, buf, 1))
7243 goto error;
7244
7245 memset(&ll, 0, sizeof(ll));
7246 ll.sll_family = AF_PACKET;
7247 ll.sll_ifindex = drv->monitor_ifidx;
7248 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
7249 if (drv->monitor_sock < 0) {
7250 perror("socket[PF_PACKET,SOCK_RAW]");
7251 goto error;
7252 }
7253
7254 if (add_monitor_filter(drv->monitor_sock)) {
7255 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
7256 "interface; do filtering in user space");
7257 /* This works, but will cost in performance. */
7258 }
7259
7260 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
7261 perror("monitor socket bind");
7262 goto error;
7263 }
7264
7265 optlen = sizeof(optval);
7266 optval = 20;
7267 if (setsockopt
7268 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
7269 perror("Failed to set socket priority");
7270 goto error;
7271 }
7272
7273 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
7274 drv, NULL)) {
7275 printf("Could not register monitor read socket\n");
7276 goto error;
7277 }
7278
7279 return 0;
7280 error:
7281 nl80211_remove_monitor_interface(drv);
7282 return -1;
7283 }
7284
7285
nl80211_setup_ap(struct i802_bss * bss)7286 static int nl80211_setup_ap(struct i802_bss *bss)
7287 {
7288 struct wpa_driver_nl80211_data *drv = bss->drv;
7289
7290 wpa_printf(MSG_DEBUG, "nl80211: Setup AP - device_ap_sme=%d "
7291 "use_monitor=%d", drv->device_ap_sme, drv->use_monitor);
7292
7293 /*
7294 * Disable Probe Request reporting unless we need it in this way for
7295 * devices that include the AP SME, in the other case (unless using
7296 * monitor iface) we'll get it through the nl_mgmt socket instead.
7297 */
7298 if (!drv->device_ap_sme)
7299 wpa_driver_nl80211_probe_req_report(bss, 0);
7300
7301 if (!drv->device_ap_sme && !drv->use_monitor)
7302 if (nl80211_mgmt_subscribe_ap(bss))
7303 return -1;
7304
7305 if (drv->device_ap_sme && !drv->use_monitor)
7306 if (nl80211_mgmt_subscribe_ap_dev_sme(bss))
7307 return -1;
7308
7309 if (!drv->device_ap_sme && drv->use_monitor &&
7310 nl80211_create_monitor_interface(drv) &&
7311 !drv->device_ap_sme)
7312 return -1;
7313
7314 #ifdef ANDROID_P2P
7315 if (drv->device_ap_sme && drv->use_monitor)
7316 if (nl80211_mgmt_subscribe_ap_dev_sme(bss))
7317 return -1;
7318
7319 if (drv->use_monitor &&
7320 nl80211_create_monitor_interface(drv))
7321 return -1;
7322 #endif
7323
7324 if (drv->device_ap_sme &&
7325 wpa_driver_nl80211_probe_req_report(bss, 1) < 0) {
7326 wpa_printf(MSG_DEBUG, "nl80211: Failed to enable "
7327 "Probe Request frame reporting in AP mode");
7328 /* Try to survive without this */
7329 }
7330
7331 return 0;
7332 }
7333
7334
nl80211_teardown_ap(struct i802_bss * bss)7335 static void nl80211_teardown_ap(struct i802_bss *bss)
7336 {
7337 struct wpa_driver_nl80211_data *drv = bss->drv;
7338
7339 if (drv->device_ap_sme) {
7340 wpa_driver_nl80211_probe_req_report(bss, 0);
7341 if (!drv->use_monitor)
7342 nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)");
7343 } else if (drv->use_monitor)
7344 nl80211_remove_monitor_interface(drv);
7345 else
7346 nl80211_mgmt_unsubscribe(bss, "AP teardown");
7347
7348 bss->beacon_set = 0;
7349 }
7350
7351
nl80211_send_eapol_data(struct i802_bss * bss,const u8 * addr,const u8 * data,size_t data_len)7352 static int nl80211_send_eapol_data(struct i802_bss *bss,
7353 const u8 *addr, const u8 *data,
7354 size_t data_len)
7355 {
7356 struct sockaddr_ll ll;
7357 int ret;
7358
7359 if (bss->drv->eapol_tx_sock < 0) {
7360 wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL");
7361 return -1;
7362 }
7363
7364 os_memset(&ll, 0, sizeof(ll));
7365 ll.sll_family = AF_PACKET;
7366 ll.sll_ifindex = bss->ifindex;
7367 ll.sll_protocol = htons(ETH_P_PAE);
7368 ll.sll_halen = ETH_ALEN;
7369 os_memcpy(ll.sll_addr, addr, ETH_ALEN);
7370 ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0,
7371 (struct sockaddr *) &ll, sizeof(ll));
7372 if (ret < 0)
7373 wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s",
7374 strerror(errno));
7375
7376 return ret;
7377 }
7378
7379
7380 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
7381
wpa_driver_nl80211_hapd_send_eapol(void * priv,const u8 * addr,const u8 * data,size_t data_len,int encrypt,const u8 * own_addr,u32 flags)7382 static int wpa_driver_nl80211_hapd_send_eapol(
7383 void *priv, const u8 *addr, const u8 *data,
7384 size_t data_len, int encrypt, const u8 *own_addr, u32 flags)
7385 {
7386 struct i802_bss *bss = priv;
7387 struct wpa_driver_nl80211_data *drv = bss->drv;
7388 struct ieee80211_hdr *hdr;
7389 size_t len;
7390 u8 *pos;
7391 int res;
7392 int qos = flags & WPA_STA_WMM;
7393 #ifndef ANDROID_P2P
7394 if (drv->device_ap_sme || !drv->use_monitor)
7395 #else
7396 if (drv->device_ap_sme && !drv->use_monitor)
7397 #endif
7398 return nl80211_send_eapol_data(bss, addr, data, data_len);
7399
7400 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
7401 data_len;
7402 hdr = os_zalloc(len);
7403 if (hdr == NULL) {
7404 printf("malloc() failed for i802_send_data(len=%lu)\n",
7405 (unsigned long) len);
7406 return -1;
7407 }
7408
7409 hdr->frame_control =
7410 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
7411 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
7412 if (encrypt)
7413 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
7414 if (qos) {
7415 hdr->frame_control |=
7416 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
7417 }
7418
7419 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
7420 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
7421 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
7422 pos = (u8 *) (hdr + 1);
7423
7424 if (qos) {
7425 /* Set highest priority in QoS header */
7426 pos[0] = 7;
7427 pos[1] = 0;
7428 pos += 2;
7429 }
7430
7431 memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
7432 pos += sizeof(rfc1042_header);
7433 WPA_PUT_BE16(pos, ETH_P_PAE);
7434 pos += 2;
7435 memcpy(pos, data, data_len);
7436
7437 res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0,
7438 0, 0, 0, 0);
7439 if (res < 0) {
7440 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
7441 "failed: %d (%s)",
7442 (unsigned long) len, errno, strerror(errno));
7443 }
7444 os_free(hdr);
7445
7446 return res;
7447 }
7448
7449
wpa_driver_nl80211_sta_set_flags(void * priv,const u8 * addr,int total_flags,int flags_or,int flags_and)7450 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
7451 int total_flags,
7452 int flags_or, int flags_and)
7453 {
7454 struct i802_bss *bss = priv;
7455 struct wpa_driver_nl80211_data *drv = bss->drv;
7456 struct nl_msg *msg;
7457 struct nlattr *flags;
7458 struct nl80211_sta_flag_update upd;
7459
7460 msg = nlmsg_alloc();
7461 if (!msg)
7462 return -ENOMEM;
7463
7464 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
7465
7466 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
7467 if_nametoindex(bss->ifname));
7468 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
7469
7470 /*
7471 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
7472 * can be removed eventually.
7473 */
7474 flags = nla_nest_start(msg, NL80211_ATTR_STA_FLAGS);
7475 if (!flags)
7476 goto nla_put_failure;
7477 if (total_flags & WPA_STA_AUTHORIZED)
7478 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_AUTHORIZED);
7479
7480 if (total_flags & WPA_STA_WMM)
7481 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_WME);
7482
7483 if (total_flags & WPA_STA_SHORT_PREAMBLE)
7484 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_SHORT_PREAMBLE);
7485
7486 if (total_flags & WPA_STA_MFP)
7487 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_MFP);
7488
7489 if (total_flags & WPA_STA_TDLS_PEER)
7490 NLA_PUT_FLAG(msg, NL80211_STA_FLAG_TDLS_PEER);
7491
7492 nla_nest_end(msg, flags);
7493
7494 os_memset(&upd, 0, sizeof(upd));
7495 upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
7496 upd.set = sta_flags_nl80211(flags_or);
7497 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
7498
7499 return send_and_recv_msgs(drv, msg, NULL, NULL);
7500 nla_put_failure:
7501 nlmsg_free(msg);
7502 return -ENOBUFS;
7503 }
7504
7505
wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data * drv,struct wpa_driver_associate_params * params)7506 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
7507 struct wpa_driver_associate_params *params)
7508 {
7509 enum nl80211_iftype nlmode, old_mode;
7510 struct hostapd_freq_params freq = {
7511 .freq = params->freq,
7512 };
7513
7514 if (params->p2p) {
7515 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P "
7516 "group (GO)");
7517 nlmode = NL80211_IFTYPE_P2P_GO;
7518 } else
7519 nlmode = NL80211_IFTYPE_AP;
7520
7521 old_mode = drv->nlmode;
7522 if (wpa_driver_nl80211_set_mode(&drv->first_bss, nlmode)) {
7523 nl80211_remove_monitor_interface(drv);
7524 return -1;
7525 }
7526
7527 if (wpa_driver_nl80211_set_freq(&drv->first_bss, &freq)) {
7528 if (old_mode != nlmode)
7529 wpa_driver_nl80211_set_mode(&drv->first_bss, old_mode);
7530 nl80211_remove_monitor_interface(drv);
7531 return -1;
7532 }
7533
7534 return 0;
7535 }
7536
7537
nl80211_leave_ibss(struct wpa_driver_nl80211_data * drv)7538 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv)
7539 {
7540 struct nl_msg *msg;
7541 int ret = -1;
7542
7543 msg = nlmsg_alloc();
7544 if (!msg)
7545 return -1;
7546
7547 nl80211_cmd(drv, msg, 0, NL80211_CMD_LEAVE_IBSS);
7548 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7549 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7550 msg = NULL;
7551 if (ret) {
7552 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
7553 "(%s)", ret, strerror(-ret));
7554 goto nla_put_failure;
7555 }
7556
7557 ret = 0;
7558 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully");
7559
7560 nla_put_failure:
7561 nlmsg_free(msg);
7562 return ret;
7563 }
7564
7565
wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data * drv,struct wpa_driver_associate_params * params)7566 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
7567 struct wpa_driver_associate_params *params)
7568 {
7569 struct nl_msg *msg;
7570 int ret = -1;
7571 int count = 0;
7572
7573 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
7574
7575 if (wpa_driver_nl80211_set_mode(&drv->first_bss,
7576 NL80211_IFTYPE_ADHOC)) {
7577 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
7578 "IBSS mode");
7579 return -1;
7580 }
7581
7582 retry:
7583 msg = nlmsg_alloc();
7584 if (!msg)
7585 return -1;
7586
7587 nl80211_cmd(drv, msg, 0, NL80211_CMD_JOIN_IBSS);
7588 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7589
7590 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
7591 goto nla_put_failure;
7592
7593 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
7594 params->ssid, params->ssid_len);
7595 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
7596 params->ssid);
7597 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
7598 drv->ssid_len = params->ssid_len;
7599
7600 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
7601 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
7602
7603 ret = nl80211_set_conn_keys(params, msg);
7604 if (ret)
7605 goto nla_put_failure;
7606
7607 if (params->bssid && params->fixed_bssid) {
7608 wpa_printf(MSG_DEBUG, " * BSSID=" MACSTR,
7609 MAC2STR(params->bssid));
7610 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
7611 }
7612
7613 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
7614 params->key_mgmt_suite == KEY_MGMT_PSK ||
7615 params->key_mgmt_suite == KEY_MGMT_802_1X_SHA256 ||
7616 params->key_mgmt_suite == KEY_MGMT_PSK_SHA256) {
7617 wpa_printf(MSG_DEBUG, " * control port");
7618 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
7619 }
7620
7621 if (params->wpa_ie) {
7622 wpa_hexdump(MSG_DEBUG,
7623 " * Extra IEs for Beacon/Probe Response frames",
7624 params->wpa_ie, params->wpa_ie_len);
7625 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
7626 params->wpa_ie);
7627 }
7628
7629 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7630 msg = NULL;
7631 if (ret) {
7632 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
7633 ret, strerror(-ret));
7634 count++;
7635 if (ret == -EALREADY && count == 1) {
7636 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
7637 "forced leave");
7638 nl80211_leave_ibss(drv);
7639 nlmsg_free(msg);
7640 goto retry;
7641 }
7642
7643 goto nla_put_failure;
7644 }
7645 ret = 0;
7646 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully");
7647
7648 nla_put_failure:
7649 nlmsg_free(msg);
7650 return ret;
7651 }
7652
7653
wpa_driver_nl80211_try_connect(struct wpa_driver_nl80211_data * drv,struct wpa_driver_associate_params * params)7654 static int wpa_driver_nl80211_try_connect(
7655 struct wpa_driver_nl80211_data *drv,
7656 struct wpa_driver_associate_params *params)
7657 {
7658 struct nl_msg *msg;
7659 enum nl80211_auth_type type;
7660 int ret = 0;
7661 int algs;
7662
7663 msg = nlmsg_alloc();
7664 if (!msg)
7665 return -1;
7666
7667 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
7668 nl80211_cmd(drv, msg, 0, NL80211_CMD_CONNECT);
7669
7670 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7671 if (params->bssid) {
7672 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
7673 MAC2STR(params->bssid));
7674 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
7675 }
7676 if (params->freq) {
7677 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
7678 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
7679 drv->assoc_freq = params->freq;
7680 } else
7681 drv->assoc_freq = 0;
7682 if (params->bg_scan_period >= 0) {
7683 wpa_printf(MSG_DEBUG, " * bg scan period=%d",
7684 params->bg_scan_period);
7685 NLA_PUT_U16(msg, NL80211_ATTR_BG_SCAN_PERIOD,
7686 params->bg_scan_period);
7687 }
7688 if (params->ssid) {
7689 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
7690 params->ssid, params->ssid_len);
7691 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
7692 params->ssid);
7693 if (params->ssid_len > sizeof(drv->ssid))
7694 goto nla_put_failure;
7695 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
7696 drv->ssid_len = params->ssid_len;
7697 }
7698 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
7699 if (params->wpa_ie)
7700 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
7701 params->wpa_ie);
7702
7703 algs = 0;
7704 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
7705 algs++;
7706 if (params->auth_alg & WPA_AUTH_ALG_SHARED)
7707 algs++;
7708 if (params->auth_alg & WPA_AUTH_ALG_LEAP)
7709 algs++;
7710 if (algs > 1) {
7711 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic "
7712 "selection");
7713 goto skip_auth_type;
7714 }
7715
7716 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
7717 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
7718 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
7719 type = NL80211_AUTHTYPE_SHARED_KEY;
7720 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
7721 type = NL80211_AUTHTYPE_NETWORK_EAP;
7722 else if (params->auth_alg & WPA_AUTH_ALG_FT)
7723 type = NL80211_AUTHTYPE_FT;
7724 else
7725 goto nla_put_failure;
7726
7727 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
7728 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
7729
7730 skip_auth_type:
7731 if (params->wpa_proto) {
7732 enum nl80211_wpa_versions ver = 0;
7733
7734 if (params->wpa_proto & WPA_PROTO_WPA)
7735 ver |= NL80211_WPA_VERSION_1;
7736 if (params->wpa_proto & WPA_PROTO_RSN)
7737 ver |= NL80211_WPA_VERSION_2;
7738
7739 wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver);
7740 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
7741 }
7742
7743 if (params->pairwise_suite != CIPHER_NONE) {
7744 int cipher;
7745
7746 switch (params->pairwise_suite) {
7747 case CIPHER_SMS4:
7748 cipher = WLAN_CIPHER_SUITE_SMS4;
7749 break;
7750 case CIPHER_WEP40:
7751 cipher = WLAN_CIPHER_SUITE_WEP40;
7752 break;
7753 case CIPHER_WEP104:
7754 cipher = WLAN_CIPHER_SUITE_WEP104;
7755 break;
7756 case CIPHER_CCMP:
7757 cipher = WLAN_CIPHER_SUITE_CCMP;
7758 break;
7759 case CIPHER_GCMP:
7760 cipher = WLAN_CIPHER_SUITE_GCMP;
7761 break;
7762 case CIPHER_TKIP:
7763 default:
7764 cipher = WLAN_CIPHER_SUITE_TKIP;
7765 break;
7766 }
7767 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
7768 }
7769
7770 if (params->group_suite != CIPHER_NONE) {
7771 int cipher;
7772
7773 switch (params->group_suite) {
7774 case CIPHER_SMS4:
7775 cipher = WLAN_CIPHER_SUITE_SMS4;
7776 break;
7777 case CIPHER_WEP40:
7778 cipher = WLAN_CIPHER_SUITE_WEP40;
7779 break;
7780 case CIPHER_WEP104:
7781 cipher = WLAN_CIPHER_SUITE_WEP104;
7782 break;
7783 case CIPHER_CCMP:
7784 cipher = WLAN_CIPHER_SUITE_CCMP;
7785 break;
7786 case CIPHER_GCMP:
7787 cipher = WLAN_CIPHER_SUITE_GCMP;
7788 break;
7789 case CIPHER_TKIP:
7790 default:
7791 cipher = WLAN_CIPHER_SUITE_TKIP;
7792 break;
7793 }
7794 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
7795 }
7796
7797 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
7798 params->key_mgmt_suite == KEY_MGMT_PSK ||
7799 params->key_mgmt_suite == KEY_MGMT_FT_802_1X ||
7800 params->key_mgmt_suite == KEY_MGMT_FT_PSK ||
7801 params->key_mgmt_suite == KEY_MGMT_CCKM) {
7802 int mgmt = WLAN_AKM_SUITE_PSK;
7803
7804 switch (params->key_mgmt_suite) {
7805 case KEY_MGMT_CCKM:
7806 mgmt = WLAN_AKM_SUITE_CCKM;
7807 break;
7808 case KEY_MGMT_802_1X:
7809 mgmt = WLAN_AKM_SUITE_8021X;
7810 break;
7811 case KEY_MGMT_FT_802_1X:
7812 mgmt = WLAN_AKM_SUITE_FT_8021X;
7813 break;
7814 case KEY_MGMT_FT_PSK:
7815 mgmt = WLAN_AKM_SUITE_FT_PSK;
7816 break;
7817 case KEY_MGMT_PSK:
7818 default:
7819 mgmt = WLAN_AKM_SUITE_PSK;
7820 break;
7821 }
7822 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt);
7823 }
7824
7825 #ifdef CONFIG_IEEE80211W
7826 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED)
7827 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
7828 #endif /* CONFIG_IEEE80211W */
7829
7830 if (params->disable_ht)
7831 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT);
7832
7833 if (params->htcaps && params->htcaps_mask) {
7834 int sz = sizeof(struct ieee80211_ht_capabilities);
7835 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps);
7836 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz,
7837 params->htcaps_mask);
7838 }
7839
7840 #ifdef CONFIG_VHT_OVERRIDES
7841 if (params->disable_vht) {
7842 wpa_printf(MSG_DEBUG, " * VHT disabled");
7843 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_VHT);
7844 }
7845
7846 if (params->vhtcaps && params->vhtcaps_mask) {
7847 int sz = sizeof(struct ieee80211_vht_capabilities);
7848 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, sz, params->vhtcaps);
7849 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz,
7850 params->vhtcaps_mask);
7851 }
7852 #endif /* CONFIG_VHT_OVERRIDES */
7853
7854 ret = nl80211_set_conn_keys(params, msg);
7855 if (ret)
7856 goto nla_put_failure;
7857
7858 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
7859 msg = NULL;
7860 if (ret) {
7861 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
7862 "(%s)", ret, strerror(-ret));
7863 goto nla_put_failure;
7864 }
7865 ret = 0;
7866 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully");
7867
7868 nla_put_failure:
7869 nlmsg_free(msg);
7870 return ret;
7871
7872 }
7873
7874
wpa_driver_nl80211_connect(struct wpa_driver_nl80211_data * drv,struct wpa_driver_associate_params * params)7875 static int wpa_driver_nl80211_connect(
7876 struct wpa_driver_nl80211_data *drv,
7877 struct wpa_driver_associate_params *params)
7878 {
7879 int ret = wpa_driver_nl80211_try_connect(drv, params);
7880 if (ret == -EALREADY) {
7881 /*
7882 * cfg80211 does not currently accept new connections if
7883 * we are already connected. As a workaround, force
7884 * disconnection and try again.
7885 */
7886 wpa_printf(MSG_DEBUG, "nl80211: Explicitly "
7887 "disconnecting before reassociation "
7888 "attempt");
7889 if (wpa_driver_nl80211_disconnect(
7890 drv, WLAN_REASON_PREV_AUTH_NOT_VALID))
7891 return -1;
7892 ret = wpa_driver_nl80211_try_connect(drv, params);
7893 }
7894 return ret;
7895 }
7896
7897
wpa_driver_nl80211_associate(void * priv,struct wpa_driver_associate_params * params)7898 static int wpa_driver_nl80211_associate(
7899 void *priv, struct wpa_driver_associate_params *params)
7900 {
7901 struct i802_bss *bss = priv;
7902 struct wpa_driver_nl80211_data *drv = bss->drv;
7903 int ret = -1;
7904 struct nl_msg *msg;
7905
7906 if (params->mode == IEEE80211_MODE_AP)
7907 return wpa_driver_nl80211_ap(drv, params);
7908
7909 if (params->mode == IEEE80211_MODE_IBSS)
7910 return wpa_driver_nl80211_ibss(drv, params);
7911
7912 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
7913 enum nl80211_iftype nlmode = params->p2p ?
7914 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
7915
7916 if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
7917 return -1;
7918 return wpa_driver_nl80211_connect(drv, params);
7919 }
7920
7921 nl80211_mark_disconnected(drv);
7922
7923 msg = nlmsg_alloc();
7924 if (!msg)
7925 return -1;
7926
7927 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
7928 drv->ifindex);
7929 nl80211_cmd(drv, msg, 0, NL80211_CMD_ASSOCIATE);
7930
7931 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
7932 if (params->bssid) {
7933 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
7934 MAC2STR(params->bssid));
7935 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
7936 }
7937 if (params->freq) {
7938 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
7939 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
7940 drv->assoc_freq = params->freq;
7941 } else
7942 drv->assoc_freq = 0;
7943 if (params->bg_scan_period >= 0) {
7944 wpa_printf(MSG_DEBUG, " * bg scan period=%d",
7945 params->bg_scan_period);
7946 NLA_PUT_U16(msg, NL80211_ATTR_BG_SCAN_PERIOD,
7947 params->bg_scan_period);
7948 }
7949 if (params->ssid) {
7950 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
7951 params->ssid, params->ssid_len);
7952 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
7953 params->ssid);
7954 if (params->ssid_len > sizeof(drv->ssid))
7955 goto nla_put_failure;
7956 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
7957 drv->ssid_len = params->ssid_len;
7958 }
7959 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
7960 if (params->wpa_ie)
7961 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
7962 params->wpa_ie);
7963
7964 if (params->pairwise_suite != CIPHER_NONE) {
7965 int cipher;
7966
7967 switch (params->pairwise_suite) {
7968 case CIPHER_WEP40:
7969 cipher = WLAN_CIPHER_SUITE_WEP40;
7970 break;
7971 case CIPHER_WEP104:
7972 cipher = WLAN_CIPHER_SUITE_WEP104;
7973 break;
7974 case CIPHER_CCMP:
7975 cipher = WLAN_CIPHER_SUITE_CCMP;
7976 break;
7977 case CIPHER_GCMP:
7978 cipher = WLAN_CIPHER_SUITE_GCMP;
7979 break;
7980 case CIPHER_TKIP:
7981 default:
7982 cipher = WLAN_CIPHER_SUITE_TKIP;
7983 break;
7984 }
7985 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher);
7986 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
7987 }
7988
7989 if (params->group_suite != CIPHER_NONE) {
7990 int cipher;
7991
7992 switch (params->group_suite) {
7993 case CIPHER_WEP40:
7994 cipher = WLAN_CIPHER_SUITE_WEP40;
7995 break;
7996 case CIPHER_WEP104:
7997 cipher = WLAN_CIPHER_SUITE_WEP104;
7998 break;
7999 case CIPHER_CCMP:
8000 cipher = WLAN_CIPHER_SUITE_CCMP;
8001 break;
8002 case CIPHER_GCMP:
8003 cipher = WLAN_CIPHER_SUITE_GCMP;
8004 break;
8005 case CIPHER_TKIP:
8006 default:
8007 cipher = WLAN_CIPHER_SUITE_TKIP;
8008 break;
8009 }
8010 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher);
8011 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
8012 }
8013
8014 #ifdef CONFIG_IEEE80211W
8015 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED)
8016 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
8017 #endif /* CONFIG_IEEE80211W */
8018
8019 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
8020
8021 if (params->prev_bssid) {
8022 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR,
8023 MAC2STR(params->prev_bssid));
8024 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
8025 params->prev_bssid);
8026 }
8027
8028 if (params->disable_ht)
8029 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_HT);
8030
8031 if (params->htcaps && params->htcaps_mask) {
8032 int sz = sizeof(struct ieee80211_ht_capabilities);
8033 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY, sz, params->htcaps);
8034 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz,
8035 params->htcaps_mask);
8036 }
8037
8038 #ifdef CONFIG_VHT_OVERRIDES
8039 if (params->disable_vht) {
8040 wpa_printf(MSG_DEBUG, " * VHT disabled");
8041 NLA_PUT_FLAG(msg, NL80211_ATTR_DISABLE_VHT);
8042 }
8043
8044 if (params->vhtcaps && params->vhtcaps_mask) {
8045 int sz = sizeof(struct ieee80211_vht_capabilities);
8046 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY, sz, params->vhtcaps);
8047 NLA_PUT(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz,
8048 params->vhtcaps_mask);
8049 }
8050 #endif /* CONFIG_VHT_OVERRIDES */
8051
8052 if (params->p2p)
8053 wpa_printf(MSG_DEBUG, " * P2P group");
8054
8055 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8056 msg = NULL;
8057 if (ret) {
8058 wpa_dbg(drv->ctx, MSG_DEBUG,
8059 "nl80211: MLME command failed (assoc): ret=%d (%s)",
8060 ret, strerror(-ret));
8061 nl80211_dump_scan(drv);
8062 goto nla_put_failure;
8063 }
8064 ret = 0;
8065 wpa_printf(MSG_DEBUG, "nl80211: Association request send "
8066 "successfully");
8067
8068 nla_put_failure:
8069 nlmsg_free(msg);
8070 return ret;
8071 }
8072
8073
nl80211_set_mode(struct wpa_driver_nl80211_data * drv,int ifindex,enum nl80211_iftype mode)8074 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
8075 int ifindex, enum nl80211_iftype mode)
8076 {
8077 struct nl_msg *msg;
8078 int ret = -ENOBUFS;
8079
8080 wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)",
8081 ifindex, mode, nl80211_iftype_str(mode));
8082
8083 msg = nlmsg_alloc();
8084 if (!msg)
8085 return -ENOMEM;
8086
8087 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_INTERFACE);
8088 if (nl80211_set_iface_id(msg, &drv->first_bss) < 0)
8089 goto nla_put_failure;
8090 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
8091
8092 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8093 msg = NULL;
8094 if (!ret)
8095 return 0;
8096 nla_put_failure:
8097 nlmsg_free(msg);
8098 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
8099 " %d (%s)", ifindex, mode, ret, strerror(-ret));
8100 return ret;
8101 }
8102
8103
wpa_driver_nl80211_set_mode(struct i802_bss * bss,enum nl80211_iftype nlmode)8104 static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
8105 enum nl80211_iftype nlmode)
8106 {
8107 struct wpa_driver_nl80211_data *drv = bss->drv;
8108 int ret = -1;
8109 int i;
8110 int was_ap = is_ap_interface(drv->nlmode);
8111 int res;
8112
8113 res = nl80211_set_mode(drv, drv->ifindex, nlmode);
8114 if (res && nlmode == nl80211_get_ifmode(bss))
8115 res = 0;
8116
8117 if (res == 0) {
8118 drv->nlmode = nlmode;
8119 ret = 0;
8120 goto done;
8121 }
8122
8123 if (res == -ENODEV)
8124 return -1;
8125
8126 if (nlmode == drv->nlmode) {
8127 wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
8128 "requested mode - ignore error");
8129 ret = 0;
8130 goto done; /* Already in the requested mode */
8131 }
8132
8133 /* mac80211 doesn't allow mode changes while the device is up, so
8134 * take the device down, try to set the mode again, and bring the
8135 * device back up.
8136 */
8137 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting "
8138 "interface down");
8139 for (i = 0; i < 10; i++) {
8140 res = i802_set_iface_flags(bss, 0);
8141 if (res == -EACCES || res == -ENODEV)
8142 break;
8143 if (res == 0) {
8144 /* Try to set the mode again while the interface is
8145 * down */
8146 ret = nl80211_set_mode(drv, drv->ifindex, nlmode);
8147 if (ret == -EACCES)
8148 break;
8149 res = i802_set_iface_flags(bss, 1);
8150 if (res && !ret)
8151 ret = -1;
8152 else if (ret != -EBUSY)
8153 break;
8154 } else
8155 wpa_printf(MSG_DEBUG, "nl80211: Failed to set "
8156 "interface down");
8157 os_sleep(0, 100000);
8158 }
8159
8160 if (!ret) {
8161 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
8162 "interface is down");
8163 drv->nlmode = nlmode;
8164 drv->ignore_if_down_event = 1;
8165 }
8166
8167 done:
8168 if (ret) {
8169 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
8170 "from %d failed", nlmode, drv->nlmode);
8171 return ret;
8172 }
8173
8174 if (is_p2p_net_interface(nlmode))
8175 nl80211_disable_11b_rates(drv, drv->ifindex, 1);
8176 else if (drv->disabled_11b_rates)
8177 nl80211_disable_11b_rates(drv, drv->ifindex, 0);
8178
8179 if (is_ap_interface(nlmode)) {
8180 nl80211_mgmt_unsubscribe(bss, "start AP");
8181 /* Setup additional AP mode functionality if needed */
8182 if (nl80211_setup_ap(bss))
8183 return -1;
8184 } else if (was_ap) {
8185 /* Remove additional AP mode functionality */
8186 nl80211_teardown_ap(bss);
8187 } else {
8188 nl80211_mgmt_unsubscribe(bss, "mode change");
8189 }
8190
8191 if (!bss->in_deinit && !is_ap_interface(nlmode) &&
8192 nl80211_mgmt_subscribe_non_ap(bss) < 0)
8193 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
8194 "frame processing - ignore for now");
8195
8196 return 0;
8197 }
8198
8199
wpa_driver_nl80211_get_capa(void * priv,struct wpa_driver_capa * capa)8200 static int wpa_driver_nl80211_get_capa(void *priv,
8201 struct wpa_driver_capa *capa)
8202 {
8203 struct i802_bss *bss = priv;
8204 struct wpa_driver_nl80211_data *drv = bss->drv;
8205 if (!drv->has_capability)
8206 return -1;
8207 os_memcpy(capa, &drv->capa, sizeof(*capa));
8208 if (drv->extended_capa && drv->extended_capa_mask) {
8209 capa->extended_capa = drv->extended_capa;
8210 capa->extended_capa_mask = drv->extended_capa_mask;
8211 capa->extended_capa_len = drv->extended_capa_len;
8212 }
8213
8214 if ((capa->flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
8215 !drv->allow_p2p_device) {
8216 wpa_printf(MSG_DEBUG, "nl80211: Do not indicate P2P_DEVICE support (p2p_device=1 driver param not specified)");
8217 capa->flags &= ~WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE;
8218 }
8219
8220 return 0;
8221 }
8222
8223
wpa_driver_nl80211_set_operstate(void * priv,int state)8224 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
8225 {
8226 struct i802_bss *bss = priv;
8227 struct wpa_driver_nl80211_data *drv = bss->drv;
8228
8229 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
8230 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
8231 drv->operstate = state;
8232 return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1,
8233 state ? IF_OPER_UP : IF_OPER_DORMANT);
8234 }
8235
8236
wpa_driver_nl80211_set_supp_port(void * priv,int authorized)8237 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
8238 {
8239 struct i802_bss *bss = priv;
8240 struct wpa_driver_nl80211_data *drv = bss->drv;
8241 struct nl_msg *msg;
8242 struct nl80211_sta_flag_update upd;
8243
8244 wpa_printf(MSG_DEBUG, "nl80211: Set supplicant port %sauthorized for "
8245 MACSTR, authorized ? "" : "un", MAC2STR(drv->bssid));
8246
8247 msg = nlmsg_alloc();
8248 if (!msg)
8249 return -ENOMEM;
8250
8251 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
8252
8253 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
8254 if_nametoindex(bss->ifname));
8255 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
8256
8257 os_memset(&upd, 0, sizeof(upd));
8258 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
8259 if (authorized)
8260 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
8261 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
8262
8263 return send_and_recv_msgs(drv, msg, NULL, NULL);
8264 nla_put_failure:
8265 nlmsg_free(msg);
8266 return -ENOBUFS;
8267 }
8268
8269
8270 /* Set kernel driver on given frequency (MHz) */
i802_set_freq(void * priv,struct hostapd_freq_params * freq)8271 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
8272 {
8273 struct i802_bss *bss = priv;
8274 return wpa_driver_nl80211_set_freq(bss, freq);
8275 }
8276
8277
8278 #if defined(HOSTAPD) || defined(CONFIG_AP)
8279
min_int(int a,int b)8280 static inline int min_int(int a, int b)
8281 {
8282 if (a < b)
8283 return a;
8284 return b;
8285 }
8286
8287
get_key_handler(struct nl_msg * msg,void * arg)8288 static int get_key_handler(struct nl_msg *msg, void *arg)
8289 {
8290 struct nlattr *tb[NL80211_ATTR_MAX + 1];
8291 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
8292
8293 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
8294 genlmsg_attrlen(gnlh, 0), NULL);
8295
8296 /*
8297 * TODO: validate the key index and mac address!
8298 * Otherwise, there's a race condition as soon as
8299 * the kernel starts sending key notifications.
8300 */
8301
8302 if (tb[NL80211_ATTR_KEY_SEQ])
8303 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
8304 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
8305 return NL_SKIP;
8306 }
8307
8308
i802_get_seqnum(const char * iface,void * priv,const u8 * addr,int idx,u8 * seq)8309 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
8310 int idx, u8 *seq)
8311 {
8312 struct i802_bss *bss = priv;
8313 struct wpa_driver_nl80211_data *drv = bss->drv;
8314 struct nl_msg *msg;
8315
8316 msg = nlmsg_alloc();
8317 if (!msg)
8318 return -ENOMEM;
8319
8320 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_KEY);
8321
8322 if (addr)
8323 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
8324 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
8325 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
8326
8327 memset(seq, 0, 6);
8328
8329 return send_and_recv_msgs(drv, msg, get_key_handler, seq);
8330 nla_put_failure:
8331 nlmsg_free(msg);
8332 return -ENOBUFS;
8333 }
8334
8335
i802_set_rts(void * priv,int rts)8336 static int i802_set_rts(void *priv, int rts)
8337 {
8338 struct i802_bss *bss = priv;
8339 struct wpa_driver_nl80211_data *drv = bss->drv;
8340 struct nl_msg *msg;
8341 int ret = -ENOBUFS;
8342 u32 val;
8343
8344 msg = nlmsg_alloc();
8345 if (!msg)
8346 return -ENOMEM;
8347
8348 if (rts >= 2347)
8349 val = (u32) -1;
8350 else
8351 val = rts;
8352
8353 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
8354 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
8355 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val);
8356
8357 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8358 msg = NULL;
8359 if (!ret)
8360 return 0;
8361 nla_put_failure:
8362 nlmsg_free(msg);
8363 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
8364 "%d (%s)", rts, ret, strerror(-ret));
8365 return ret;
8366 }
8367
8368
i802_set_frag(void * priv,int frag)8369 static int i802_set_frag(void *priv, int frag)
8370 {
8371 struct i802_bss *bss = priv;
8372 struct wpa_driver_nl80211_data *drv = bss->drv;
8373 struct nl_msg *msg;
8374 int ret = -ENOBUFS;
8375 u32 val;
8376
8377 msg = nlmsg_alloc();
8378 if (!msg)
8379 return -ENOMEM;
8380
8381 if (frag >= 2346)
8382 val = (u32) -1;
8383 else
8384 val = frag;
8385
8386 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
8387 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
8388 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val);
8389
8390 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8391 msg = NULL;
8392 if (!ret)
8393 return 0;
8394 nla_put_failure:
8395 nlmsg_free(msg);
8396 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
8397 "%d: %d (%s)", frag, ret, strerror(-ret));
8398 return ret;
8399 }
8400
8401
i802_flush(void * priv)8402 static int i802_flush(void *priv)
8403 {
8404 struct i802_bss *bss = priv;
8405 struct wpa_driver_nl80211_data *drv = bss->drv;
8406 struct nl_msg *msg;
8407 int res;
8408
8409 msg = nlmsg_alloc();
8410 if (!msg)
8411 return -1;
8412
8413 wpa_printf(MSG_DEBUG, "nl80211: flush -> DEL_STATION %s (all)",
8414 bss->ifname);
8415 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_STATION);
8416
8417 /*
8418 * XXX: FIX! this needs to flush all VLANs too
8419 */
8420 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
8421 if_nametoindex(bss->ifname));
8422
8423 res = send_and_recv_msgs(drv, msg, NULL, NULL);
8424 if (res) {
8425 wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d "
8426 "(%s)", res, strerror(-res));
8427 }
8428 return res;
8429 nla_put_failure:
8430 nlmsg_free(msg);
8431 return -ENOBUFS;
8432 }
8433
8434 #endif /* HOSTAPD || CONFIG_AP */
8435
8436
get_sta_handler(struct nl_msg * msg,void * arg)8437 static int get_sta_handler(struct nl_msg *msg, void *arg)
8438 {
8439 struct nlattr *tb[NL80211_ATTR_MAX + 1];
8440 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
8441 struct hostap_sta_driver_data *data = arg;
8442 struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
8443 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
8444 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
8445 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
8446 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
8447 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
8448 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
8449 [NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32 },
8450 };
8451
8452 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
8453 genlmsg_attrlen(gnlh, 0), NULL);
8454
8455 /*
8456 * TODO: validate the interface and mac address!
8457 * Otherwise, there's a race condition as soon as
8458 * the kernel starts sending station notifications.
8459 */
8460
8461 if (!tb[NL80211_ATTR_STA_INFO]) {
8462 wpa_printf(MSG_DEBUG, "sta stats missing!");
8463 return NL_SKIP;
8464 }
8465 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
8466 tb[NL80211_ATTR_STA_INFO],
8467 stats_policy)) {
8468 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
8469 return NL_SKIP;
8470 }
8471
8472 if (stats[NL80211_STA_INFO_INACTIVE_TIME])
8473 data->inactive_msec =
8474 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
8475 if (stats[NL80211_STA_INFO_RX_BYTES])
8476 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
8477 if (stats[NL80211_STA_INFO_TX_BYTES])
8478 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
8479 if (stats[NL80211_STA_INFO_RX_PACKETS])
8480 data->rx_packets =
8481 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
8482 if (stats[NL80211_STA_INFO_TX_PACKETS])
8483 data->tx_packets =
8484 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
8485 if (stats[NL80211_STA_INFO_TX_FAILED])
8486 data->tx_retry_failed =
8487 nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]);
8488
8489 return NL_SKIP;
8490 }
8491
i802_read_sta_data(struct i802_bss * bss,struct hostap_sta_driver_data * data,const u8 * addr)8492 static int i802_read_sta_data(struct i802_bss *bss,
8493 struct hostap_sta_driver_data *data,
8494 const u8 *addr)
8495 {
8496 struct wpa_driver_nl80211_data *drv = bss->drv;
8497 struct nl_msg *msg;
8498
8499 os_memset(data, 0, sizeof(*data));
8500 msg = nlmsg_alloc();
8501 if (!msg)
8502 return -ENOMEM;
8503
8504 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION);
8505
8506 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
8507 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
8508
8509 return send_and_recv_msgs(drv, msg, get_sta_handler, data);
8510 nla_put_failure:
8511 nlmsg_free(msg);
8512 return -ENOBUFS;
8513 }
8514
8515
8516 #if defined(HOSTAPD) || defined(CONFIG_AP)
8517
i802_set_tx_queue_params(void * priv,int queue,int aifs,int cw_min,int cw_max,int burst_time)8518 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
8519 int cw_min, int cw_max, int burst_time)
8520 {
8521 struct i802_bss *bss = priv;
8522 struct wpa_driver_nl80211_data *drv = bss->drv;
8523 struct nl_msg *msg;
8524 struct nlattr *txq, *params;
8525
8526 msg = nlmsg_alloc();
8527 if (!msg)
8528 return -1;
8529
8530 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_WIPHY);
8531
8532 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
8533
8534 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
8535 if (!txq)
8536 goto nla_put_failure;
8537
8538 /* We are only sending parameters for a single TXQ at a time */
8539 params = nla_nest_start(msg, 1);
8540 if (!params)
8541 goto nla_put_failure;
8542
8543 switch (queue) {
8544 case 0:
8545 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO);
8546 break;
8547 case 1:
8548 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI);
8549 break;
8550 case 2:
8551 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE);
8552 break;
8553 case 3:
8554 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK);
8555 break;
8556 }
8557 /* Burst time is configured in units of 0.1 msec and TXOP parameter in
8558 * 32 usec, so need to convert the value here. */
8559 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
8560 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
8561 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
8562 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
8563
8564 nla_nest_end(msg, params);
8565
8566 nla_nest_end(msg, txq);
8567
8568 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
8569 return 0;
8570 msg = NULL;
8571 nla_put_failure:
8572 nlmsg_free(msg);
8573 return -1;
8574 }
8575
8576
i802_set_sta_vlan(struct i802_bss * bss,const u8 * addr,const char * ifname,int vlan_id)8577 static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr,
8578 const char *ifname, int vlan_id)
8579 {
8580 struct wpa_driver_nl80211_data *drv = bss->drv;
8581 struct nl_msg *msg;
8582 int ret = -ENOBUFS;
8583
8584 msg = nlmsg_alloc();
8585 if (!msg)
8586 return -ENOMEM;
8587
8588 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_STATION);
8589
8590 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
8591 if_nametoindex(bss->ifname));
8592 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
8593 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN,
8594 if_nametoindex(ifname));
8595
8596 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
8597 msg = NULL;
8598 if (ret < 0) {
8599 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
8600 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
8601 MAC2STR(addr), ifname, vlan_id, ret,
8602 strerror(-ret));
8603 }
8604 nla_put_failure:
8605 nlmsg_free(msg);
8606 return ret;
8607 }
8608
8609
i802_get_inact_sec(void * priv,const u8 * addr)8610 static int i802_get_inact_sec(void *priv, const u8 *addr)
8611 {
8612 struct hostap_sta_driver_data data;
8613 int ret;
8614
8615 data.inactive_msec = (unsigned long) -1;
8616 ret = i802_read_sta_data(priv, &data, addr);
8617 if (ret || data.inactive_msec == (unsigned long) -1)
8618 return -1;
8619 return data.inactive_msec / 1000;
8620 }
8621
8622
i802_sta_clear_stats(void * priv,const u8 * addr)8623 static int i802_sta_clear_stats(void *priv, const u8 *addr)
8624 {
8625 #if 0
8626 /* TODO */
8627 #endif
8628 return 0;
8629 }
8630
8631
i802_sta_deauth(void * priv,const u8 * own_addr,const u8 * addr,int reason)8632 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
8633 int reason)
8634 {
8635 struct i802_bss *bss = priv;
8636 struct wpa_driver_nl80211_data *drv = bss->drv;
8637 struct ieee80211_mgmt mgmt;
8638
8639 if (drv->device_ap_sme)
8640 return wpa_driver_nl80211_sta_remove(bss, addr);
8641
8642 memset(&mgmt, 0, sizeof(mgmt));
8643 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
8644 WLAN_FC_STYPE_DEAUTH);
8645 memcpy(mgmt.da, addr, ETH_ALEN);
8646 memcpy(mgmt.sa, own_addr, ETH_ALEN);
8647 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
8648 mgmt.u.deauth.reason_code = host_to_le16(reason);
8649 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
8650 IEEE80211_HDRLEN +
8651 sizeof(mgmt.u.deauth), 0, 0, 0, 0,
8652 0);
8653 }
8654
8655
i802_sta_disassoc(void * priv,const u8 * own_addr,const u8 * addr,int reason)8656 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
8657 int reason)
8658 {
8659 struct i802_bss *bss = priv;
8660 struct wpa_driver_nl80211_data *drv = bss->drv;
8661 struct ieee80211_mgmt mgmt;
8662
8663 if (drv->device_ap_sme)
8664 return wpa_driver_nl80211_sta_remove(bss, addr);
8665
8666 memset(&mgmt, 0, sizeof(mgmt));
8667 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
8668 WLAN_FC_STYPE_DISASSOC);
8669 memcpy(mgmt.da, addr, ETH_ALEN);
8670 memcpy(mgmt.sa, own_addr, ETH_ALEN);
8671 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
8672 mgmt.u.disassoc.reason_code = host_to_le16(reason);
8673 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
8674 IEEE80211_HDRLEN +
8675 sizeof(mgmt.u.disassoc), 0, 0, 0, 0,
8676 0);
8677 }
8678
8679 #endif /* HOSTAPD || CONFIG_AP */
8680
8681 #ifdef HOSTAPD
8682
add_ifidx(struct wpa_driver_nl80211_data * drv,int ifidx)8683 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
8684 {
8685 int i;
8686 int *old;
8687
8688 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d",
8689 ifidx);
8690 for (i = 0; i < drv->num_if_indices; i++) {
8691 if (drv->if_indices[i] == 0) {
8692 drv->if_indices[i] = ifidx;
8693 return;
8694 }
8695 }
8696
8697 if (drv->if_indices != drv->default_if_indices)
8698 old = drv->if_indices;
8699 else
8700 old = NULL;
8701
8702 drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1,
8703 sizeof(int));
8704 if (!drv->if_indices) {
8705 if (!old)
8706 drv->if_indices = drv->default_if_indices;
8707 else
8708 drv->if_indices = old;
8709 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
8710 "interfaces");
8711 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
8712 return;
8713 } else if (!old)
8714 os_memcpy(drv->if_indices, drv->default_if_indices,
8715 sizeof(drv->default_if_indices));
8716 drv->if_indices[drv->num_if_indices] = ifidx;
8717 drv->num_if_indices++;
8718 }
8719
8720
del_ifidx(struct wpa_driver_nl80211_data * drv,int ifidx)8721 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
8722 {
8723 int i;
8724
8725 for (i = 0; i < drv->num_if_indices; i++) {
8726 if (drv->if_indices[i] == ifidx) {
8727 drv->if_indices[i] = 0;
8728 break;
8729 }
8730 }
8731 }
8732
8733
have_ifidx(struct wpa_driver_nl80211_data * drv,int ifidx)8734 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
8735 {
8736 int i;
8737
8738 for (i = 0; i < drv->num_if_indices; i++)
8739 if (drv->if_indices[i] == ifidx)
8740 return 1;
8741
8742 return 0;
8743 }
8744
8745
i802_set_wds_sta(void * priv,const u8 * addr,int aid,int val,const char * bridge_ifname,char * ifname_wds)8746 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val,
8747 const char *bridge_ifname, char *ifname_wds)
8748 {
8749 struct i802_bss *bss = priv;
8750 struct wpa_driver_nl80211_data *drv = bss->drv;
8751 char name[IFNAMSIZ + 1];
8752
8753 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
8754 if (ifname_wds)
8755 os_strlcpy(ifname_wds, name, IFNAMSIZ + 1);
8756
8757 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
8758 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
8759 if (val) {
8760 if (!if_nametoindex(name)) {
8761 if (nl80211_create_iface(drv, name,
8762 NL80211_IFTYPE_AP_VLAN,
8763 bss->addr, 1, NULL, NULL) < 0)
8764 return -1;
8765 if (bridge_ifname &&
8766 linux_br_add_if(drv->global->ioctl_sock,
8767 bridge_ifname, name) < 0)
8768 return -1;
8769 }
8770 if (linux_set_iface_flags(drv->global->ioctl_sock, name, 1)) {
8771 wpa_printf(MSG_ERROR, "nl80211: Failed to set WDS STA "
8772 "interface %s up", name);
8773 }
8774 return i802_set_sta_vlan(priv, addr, name, 0);
8775 } else {
8776 if (bridge_ifname)
8777 linux_br_del_if(drv->global->ioctl_sock, bridge_ifname,
8778 name);
8779
8780 i802_set_sta_vlan(priv, addr, bss->ifname, 0);
8781 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN,
8782 name);
8783 }
8784 }
8785
8786
handle_eapol(int sock,void * eloop_ctx,void * sock_ctx)8787 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
8788 {
8789 struct wpa_driver_nl80211_data *drv = eloop_ctx;
8790 struct sockaddr_ll lladdr;
8791 unsigned char buf[3000];
8792 int len;
8793 socklen_t fromlen = sizeof(lladdr);
8794
8795 len = recvfrom(sock, buf, sizeof(buf), 0,
8796 (struct sockaddr *)&lladdr, &fromlen);
8797 if (len < 0) {
8798 perror("recv");
8799 return;
8800 }
8801
8802 if (have_ifidx(drv, lladdr.sll_ifindex))
8803 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
8804 }
8805
8806
i802_check_bridge(struct wpa_driver_nl80211_data * drv,struct i802_bss * bss,const char * brname,const char * ifname)8807 static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
8808 struct i802_bss *bss,
8809 const char *brname, const char *ifname)
8810 {
8811 int ifindex;
8812 char in_br[IFNAMSIZ];
8813
8814 os_strlcpy(bss->brname, brname, IFNAMSIZ);
8815 ifindex = if_nametoindex(brname);
8816 if (ifindex == 0) {
8817 /*
8818 * Bridge was configured, but the bridge device does
8819 * not exist. Try to add it now.
8820 */
8821 if (linux_br_add(drv->global->ioctl_sock, brname) < 0) {
8822 wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
8823 "bridge interface %s: %s",
8824 brname, strerror(errno));
8825 return -1;
8826 }
8827 bss->added_bridge = 1;
8828 add_ifidx(drv, if_nametoindex(brname));
8829 }
8830
8831 if (linux_br_get(in_br, ifname) == 0) {
8832 if (os_strcmp(in_br, brname) == 0)
8833 return 0; /* already in the bridge */
8834
8835 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
8836 "bridge %s", ifname, in_br);
8837 if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) <
8838 0) {
8839 wpa_printf(MSG_ERROR, "nl80211: Failed to "
8840 "remove interface %s from bridge "
8841 "%s: %s",
8842 ifname, brname, strerror(errno));
8843 return -1;
8844 }
8845 }
8846
8847 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
8848 ifname, brname);
8849 if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) {
8850 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s "
8851 "into bridge %s: %s",
8852 ifname, brname, strerror(errno));
8853 return -1;
8854 }
8855 bss->added_if_into_bridge = 1;
8856
8857 return 0;
8858 }
8859
8860
i802_init(struct hostapd_data * hapd,struct wpa_init_params * params)8861 static void *i802_init(struct hostapd_data *hapd,
8862 struct wpa_init_params *params)
8863 {
8864 struct wpa_driver_nl80211_data *drv;
8865 struct i802_bss *bss;
8866 size_t i;
8867 char brname[IFNAMSIZ];
8868 int ifindex, br_ifindex;
8869 int br_added = 0;
8870
8871 bss = wpa_driver_nl80211_init(hapd, params->ifname,
8872 params->global_priv);
8873 if (bss == NULL)
8874 return NULL;
8875
8876 drv = bss->drv;
8877 drv->nlmode = NL80211_IFTYPE_AP;
8878 drv->eapol_sock = -1;
8879
8880 if (linux_br_get(brname, params->ifname) == 0) {
8881 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
8882 params->ifname, brname);
8883 br_ifindex = if_nametoindex(brname);
8884 } else {
8885 brname[0] = '\0';
8886 br_ifindex = 0;
8887 }
8888
8889 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
8890 drv->if_indices = drv->default_if_indices;
8891 for (i = 0; i < params->num_bridge; i++) {
8892 if (params->bridge[i]) {
8893 ifindex = if_nametoindex(params->bridge[i]);
8894 if (ifindex)
8895 add_ifidx(drv, ifindex);
8896 if (ifindex == br_ifindex)
8897 br_added = 1;
8898 }
8899 }
8900 if (!br_added && br_ifindex &&
8901 (params->num_bridge == 0 || !params->bridge[0]))
8902 add_ifidx(drv, br_ifindex);
8903
8904 /* start listening for EAPOL on the default AP interface */
8905 add_ifidx(drv, drv->ifindex);
8906
8907 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0))
8908 goto failed;
8909
8910 if (params->bssid) {
8911 if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
8912 params->bssid))
8913 goto failed;
8914 }
8915
8916 if (wpa_driver_nl80211_set_mode(bss, drv->nlmode)) {
8917 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s "
8918 "into AP mode", bss->ifname);
8919 goto failed;
8920 }
8921
8922 if (params->num_bridge && params->bridge[0] &&
8923 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0)
8924 goto failed;
8925
8926 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1))
8927 goto failed;
8928
8929 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
8930 if (drv->eapol_sock < 0) {
8931 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
8932 goto failed;
8933 }
8934
8935 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
8936 {
8937 printf("Could not register read socket for eapol\n");
8938 goto failed;
8939 }
8940
8941 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
8942 params->own_addr))
8943 goto failed;
8944
8945 memcpy(bss->addr, params->own_addr, ETH_ALEN);
8946
8947 return bss;
8948
8949 failed:
8950 wpa_driver_nl80211_deinit(bss);
8951 return NULL;
8952 }
8953
8954
i802_deinit(void * priv)8955 static void i802_deinit(void *priv)
8956 {
8957 struct i802_bss *bss = priv;
8958 wpa_driver_nl80211_deinit(bss);
8959 }
8960
8961 #endif /* HOSTAPD */
8962
8963
wpa_driver_nl80211_if_type(enum wpa_driver_if_type type)8964 static enum nl80211_iftype wpa_driver_nl80211_if_type(
8965 enum wpa_driver_if_type type)
8966 {
8967 switch (type) {
8968 case WPA_IF_STATION:
8969 return NL80211_IFTYPE_STATION;
8970 case WPA_IF_P2P_CLIENT:
8971 case WPA_IF_P2P_GROUP:
8972 return NL80211_IFTYPE_P2P_CLIENT;
8973 case WPA_IF_AP_VLAN:
8974 return NL80211_IFTYPE_AP_VLAN;
8975 case WPA_IF_AP_BSS:
8976 return NL80211_IFTYPE_AP;
8977 case WPA_IF_P2P_GO:
8978 return NL80211_IFTYPE_P2P_GO;
8979 case WPA_IF_P2P_DEVICE:
8980 return NL80211_IFTYPE_P2P_DEVICE;
8981 }
8982 return -1;
8983 }
8984
8985
8986 #ifdef CONFIG_P2P
8987
nl80211_addr_in_use(struct nl80211_global * global,const u8 * addr)8988 static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
8989 {
8990 struct wpa_driver_nl80211_data *drv;
8991 dl_list_for_each(drv, &global->interfaces,
8992 struct wpa_driver_nl80211_data, list) {
8993 if (os_memcmp(addr, drv->first_bss.addr, ETH_ALEN) == 0)
8994 return 1;
8995 }
8996 return 0;
8997 }
8998
8999
nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data * drv,u8 * new_addr)9000 static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv,
9001 u8 *new_addr)
9002 {
9003 unsigned int idx;
9004
9005 if (!drv->global)
9006 return -1;
9007
9008 os_memcpy(new_addr, drv->first_bss.addr, ETH_ALEN);
9009 for (idx = 0; idx < 64; idx++) {
9010 new_addr[0] = drv->first_bss.addr[0] | 0x02;
9011 new_addr[0] ^= idx << 2;
9012 if (!nl80211_addr_in_use(drv->global, new_addr))
9013 break;
9014 }
9015 if (idx == 64)
9016 return -1;
9017
9018 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address "
9019 MACSTR, MAC2STR(new_addr));
9020
9021 return 0;
9022 }
9023
9024 #endif /* CONFIG_P2P */
9025
9026
9027 struct wdev_info {
9028 u64 wdev_id;
9029 int wdev_id_set;
9030 u8 macaddr[ETH_ALEN];
9031 };
9032
nl80211_wdev_handler(struct nl_msg * msg,void * arg)9033 static int nl80211_wdev_handler(struct nl_msg *msg, void *arg)
9034 {
9035 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9036 struct nlattr *tb[NL80211_ATTR_MAX + 1];
9037 struct wdev_info *wi = arg;
9038
9039 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
9040 genlmsg_attrlen(gnlh, 0), NULL);
9041 if (tb[NL80211_ATTR_WDEV]) {
9042 wi->wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
9043 wi->wdev_id_set = 1;
9044 }
9045
9046 if (tb[NL80211_ATTR_MAC])
9047 os_memcpy(wi->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
9048 ETH_ALEN);
9049
9050 return NL_SKIP;
9051 }
9052
9053
wpa_driver_nl80211_if_add(void * priv,enum wpa_driver_if_type type,const char * ifname,const u8 * addr,void * bss_ctx,void ** drv_priv,char * force_ifname,u8 * if_addr,const char * bridge)9054 static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
9055 const char *ifname, const u8 *addr,
9056 void *bss_ctx, void **drv_priv,
9057 char *force_ifname, u8 *if_addr,
9058 const char *bridge)
9059 {
9060 enum nl80211_iftype nlmode;
9061 struct i802_bss *bss = priv;
9062 struct wpa_driver_nl80211_data *drv = bss->drv;
9063 int ifidx;
9064 #ifdef HOSTAPD
9065 struct i802_bss *new_bss = NULL;
9066
9067 if (type == WPA_IF_AP_BSS) {
9068 new_bss = os_zalloc(sizeof(*new_bss));
9069 if (new_bss == NULL)
9070 return -1;
9071 }
9072 #endif /* HOSTAPD */
9073
9074 if (addr)
9075 os_memcpy(if_addr, addr, ETH_ALEN);
9076 nlmode = wpa_driver_nl80211_if_type(type);
9077 if (nlmode == NL80211_IFTYPE_P2P_DEVICE) {
9078 struct wdev_info p2pdev_info;
9079
9080 os_memset(&p2pdev_info, 0, sizeof(p2pdev_info));
9081 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr,
9082 0, nl80211_wdev_handler,
9083 &p2pdev_info);
9084 if (!p2pdev_info.wdev_id_set || ifidx != 0) {
9085 wpa_printf(MSG_ERROR, "nl80211: Failed to create a P2P Device interface %s",
9086 ifname);
9087 return -1;
9088 }
9089
9090 drv->global->if_add_wdevid = p2pdev_info.wdev_id;
9091 drv->global->if_add_wdevid_set = p2pdev_info.wdev_id_set;
9092 if (!is_zero_ether_addr(p2pdev_info.macaddr))
9093 os_memcpy(if_addr, p2pdev_info.macaddr, ETH_ALEN);
9094 wpa_printf(MSG_DEBUG, "nl80211: New P2P Device interface %s (0x%llx) created",
9095 ifname,
9096 (long long unsigned int) p2pdev_info.wdev_id);
9097 } else {
9098 ifidx = nl80211_create_iface(drv, ifname, nlmode, addr,
9099 0, NULL, NULL);
9100 if (ifidx < 0) {
9101 #ifdef HOSTAPD
9102 os_free(new_bss);
9103 #endif /* HOSTAPD */
9104 return -1;
9105 }
9106 }
9107
9108 if (!addr) {
9109 if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
9110 os_memcpy(if_addr, bss->addr, ETH_ALEN);
9111 else if (linux_get_ifhwaddr(drv->global->ioctl_sock,
9112 bss->ifname, if_addr) < 0) {
9113 nl80211_remove_iface(drv, ifidx);
9114 return -1;
9115 }
9116 }
9117
9118 #ifdef CONFIG_P2P
9119 if (!addr &&
9120 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP ||
9121 type == WPA_IF_P2P_GO)) {
9122 /* Enforce unique P2P Interface Address */
9123 u8 new_addr[ETH_ALEN];
9124
9125 if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname,
9126 new_addr) < 0) {
9127 nl80211_remove_iface(drv, ifidx);
9128 return -1;
9129 }
9130 if (nl80211_addr_in_use(drv->global, new_addr)) {
9131 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address "
9132 "for P2P group interface");
9133 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) {
9134 nl80211_remove_iface(drv, ifidx);
9135 return -1;
9136 }
9137 if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
9138 new_addr) < 0) {
9139 nl80211_remove_iface(drv, ifidx);
9140 return -1;
9141 }
9142 }
9143 os_memcpy(if_addr, new_addr, ETH_ALEN);
9144 }
9145 #endif /* CONFIG_P2P */
9146
9147 #ifdef HOSTAPD
9148 if (bridge &&
9149 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) {
9150 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new "
9151 "interface %s to a bridge %s", ifname, bridge);
9152 nl80211_remove_iface(drv, ifidx);
9153 os_free(new_bss);
9154 return -1;
9155 }
9156
9157 if (type == WPA_IF_AP_BSS) {
9158 if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1))
9159 {
9160 nl80211_remove_iface(drv, ifidx);
9161 os_free(new_bss);
9162 return -1;
9163 }
9164 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
9165 os_memcpy(new_bss->addr, if_addr, ETH_ALEN);
9166 new_bss->ifindex = ifidx;
9167 new_bss->drv = drv;
9168 new_bss->next = drv->first_bss.next;
9169 new_bss->freq = drv->first_bss.freq;
9170 new_bss->ctx = bss_ctx;
9171 drv->first_bss.next = new_bss;
9172 if (drv_priv)
9173 *drv_priv = new_bss;
9174 nl80211_init_bss(new_bss);
9175
9176 /* Subscribe management frames for this WPA_IF_AP_BSS */
9177 if (nl80211_setup_ap(new_bss))
9178 return -1;
9179 }
9180 #endif /* HOSTAPD */
9181
9182 if (drv->global)
9183 drv->global->if_add_ifindex = ifidx;
9184
9185 return 0;
9186 }
9187
9188
wpa_driver_nl80211_if_remove(struct i802_bss * bss,enum wpa_driver_if_type type,const char * ifname)9189 static int wpa_driver_nl80211_if_remove(struct i802_bss *bss,
9190 enum wpa_driver_if_type type,
9191 const char *ifname)
9192 {
9193 struct wpa_driver_nl80211_data *drv = bss->drv;
9194 int ifindex = if_nametoindex(ifname);
9195
9196 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d",
9197 __func__, type, ifname, ifindex);
9198 if (ifindex <= 0)
9199 return -1;
9200
9201 nl80211_remove_iface(drv, ifindex);
9202
9203 #ifdef HOSTAPD
9204 if (type != WPA_IF_AP_BSS)
9205 return 0;
9206
9207 if (bss->added_if_into_bridge) {
9208 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
9209 bss->ifname) < 0)
9210 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
9211 "interface %s from bridge %s: %s",
9212 bss->ifname, bss->brname, strerror(errno));
9213 }
9214 if (bss->added_bridge) {
9215 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
9216 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
9217 "bridge %s: %s",
9218 bss->brname, strerror(errno));
9219 }
9220
9221 if (bss != &drv->first_bss) {
9222 struct i802_bss *tbss;
9223
9224 for (tbss = &drv->first_bss; tbss; tbss = tbss->next) {
9225 if (tbss->next == bss) {
9226 tbss->next = bss->next;
9227 /* Unsubscribe management frames */
9228 nl80211_teardown_ap(bss);
9229 nl80211_destroy_bss(bss);
9230 os_free(bss);
9231 bss = NULL;
9232 break;
9233 }
9234 }
9235 if (bss)
9236 wpa_printf(MSG_INFO, "nl80211: %s - could not find "
9237 "BSS %p in the list", __func__, bss);
9238 }
9239 #endif /* HOSTAPD */
9240
9241 return 0;
9242 }
9243
9244
cookie_handler(struct nl_msg * msg,void * arg)9245 static int cookie_handler(struct nl_msg *msg, void *arg)
9246 {
9247 struct nlattr *tb[NL80211_ATTR_MAX + 1];
9248 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9249 u64 *cookie = arg;
9250 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
9251 genlmsg_attrlen(gnlh, 0), NULL);
9252 if (tb[NL80211_ATTR_COOKIE])
9253 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
9254 return NL_SKIP;
9255 }
9256
9257
nl80211_send_frame_cmd(struct i802_bss * bss,unsigned int freq,unsigned int wait,const u8 * buf,size_t buf_len,u64 * cookie_out,int no_cck,int no_ack,int offchanok)9258 static int nl80211_send_frame_cmd(struct i802_bss *bss,
9259 unsigned int freq, unsigned int wait,
9260 const u8 *buf, size_t buf_len,
9261 u64 *cookie_out, int no_cck, int no_ack,
9262 int offchanok)
9263 {
9264 struct wpa_driver_nl80211_data *drv = bss->drv;
9265 struct nl_msg *msg;
9266 u64 cookie;
9267 int ret = -1;
9268
9269 msg = nlmsg_alloc();
9270 if (!msg)
9271 return -1;
9272
9273 wpa_printf(MSG_MSGDUMP, "nl80211: CMD_FRAME freq=%u wait=%u no_cck=%d "
9274 "no_ack=%d offchanok=%d",
9275 freq, wait, no_cck, no_ack, offchanok);
9276 wpa_hexdump(MSG_MSGDUMP, "CMD_FRAME", buf, buf_len);
9277 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME);
9278
9279 if (nl80211_set_iface_id(msg, bss) < 0)
9280 goto nla_put_failure;
9281 if (freq)
9282 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
9283 if (wait)
9284 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait);
9285 if (offchanok && (drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX))
9286 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
9287 if (no_cck)
9288 NLA_PUT_FLAG(msg, NL80211_ATTR_TX_NO_CCK_RATE);
9289 if (no_ack)
9290 NLA_PUT_FLAG(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK);
9291
9292 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf);
9293
9294 cookie = 0;
9295 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
9296 msg = NULL;
9297 if (ret) {
9298 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d "
9299 "(%s) (freq=%u wait=%u)", ret, strerror(-ret),
9300 freq, wait);
9301 goto nla_put_failure;
9302 }
9303 wpa_printf(MSG_MSGDUMP, "nl80211: Frame TX command accepted%s; "
9304 "cookie 0x%llx", no_ack ? " (no ACK)" : "",
9305 (long long unsigned int) cookie);
9306
9307 if (cookie_out)
9308 *cookie_out = no_ack ? (u64) -1 : cookie;
9309
9310 nla_put_failure:
9311 nlmsg_free(msg);
9312 return ret;
9313 }
9314
9315
wpa_driver_nl80211_send_action(struct i802_bss * bss,unsigned int freq,unsigned int wait_time,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,int no_cck)9316 static int wpa_driver_nl80211_send_action(struct i802_bss *bss,
9317 unsigned int freq,
9318 unsigned int wait_time,
9319 const u8 *dst, const u8 *src,
9320 const u8 *bssid,
9321 const u8 *data, size_t data_len,
9322 int no_cck)
9323 {
9324 struct wpa_driver_nl80211_data *drv = bss->drv;
9325 int ret = -1;
9326 u8 *buf;
9327 struct ieee80211_hdr *hdr;
9328
9329 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
9330 "freq=%u MHz wait=%d ms no_cck=%d)",
9331 drv->ifindex, freq, wait_time, no_cck);
9332
9333 buf = os_zalloc(24 + data_len);
9334 if (buf == NULL)
9335 return ret;
9336 os_memcpy(buf + 24, data, data_len);
9337 hdr = (struct ieee80211_hdr *) buf;
9338 hdr->frame_control =
9339 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
9340 os_memcpy(hdr->addr1, dst, ETH_ALEN);
9341 os_memcpy(hdr->addr2, src, ETH_ALEN);
9342 os_memcpy(hdr->addr3, bssid, ETH_ALEN);
9343
9344 if (is_ap_interface(drv->nlmode))
9345 ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len,
9346 0, freq, no_cck, 1,
9347 wait_time);
9348 else
9349 ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf,
9350 24 + data_len,
9351 &drv->send_action_cookie,
9352 no_cck, 0, 1);
9353
9354 os_free(buf);
9355 return ret;
9356 }
9357
9358
wpa_driver_nl80211_send_action_cancel_wait(void * priv)9359 static void wpa_driver_nl80211_send_action_cancel_wait(void *priv)
9360 {
9361 struct i802_bss *bss = priv;
9362 struct wpa_driver_nl80211_data *drv = bss->drv;
9363 struct nl_msg *msg;
9364 int ret;
9365
9366 msg = nlmsg_alloc();
9367 if (!msg)
9368 return;
9369
9370 wpa_printf(MSG_DEBUG, "nl80211: Cancel TX frame wait: cookie=0x%llx",
9371 (long long unsigned int) drv->send_action_cookie);
9372 nl80211_cmd(drv, msg, 0, NL80211_CMD_FRAME_WAIT_CANCEL);
9373
9374 if (nl80211_set_iface_id(msg, bss) < 0)
9375 goto nla_put_failure;
9376 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie);
9377
9378 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9379 msg = NULL;
9380 if (ret)
9381 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d "
9382 "(%s)", ret, strerror(-ret));
9383
9384 nla_put_failure:
9385 nlmsg_free(msg);
9386 }
9387
9388
wpa_driver_nl80211_remain_on_channel(void * priv,unsigned int freq,unsigned int duration)9389 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
9390 unsigned int duration)
9391 {
9392 struct i802_bss *bss = priv;
9393 struct wpa_driver_nl80211_data *drv = bss->drv;
9394 struct nl_msg *msg;
9395 int ret;
9396 u64 cookie;
9397
9398 msg = nlmsg_alloc();
9399 if (!msg)
9400 return -1;
9401
9402 nl80211_cmd(drv, msg, 0, NL80211_CMD_REMAIN_ON_CHANNEL);
9403
9404 if (nl80211_set_iface_id(msg, bss) < 0)
9405 goto nla_put_failure;
9406
9407 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
9408 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
9409
9410 cookie = 0;
9411 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
9412 msg = NULL;
9413 if (ret == 0) {
9414 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
9415 "0x%llx for freq=%u MHz duration=%u",
9416 (long long unsigned int) cookie, freq, duration);
9417 drv->remain_on_chan_cookie = cookie;
9418 drv->pending_remain_on_chan = 1;
9419 return 0;
9420 }
9421 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
9422 "(freq=%d duration=%u): %d (%s)",
9423 freq, duration, ret, strerror(-ret));
9424 nla_put_failure:
9425 nlmsg_free(msg);
9426 return -1;
9427 }
9428
9429
wpa_driver_nl80211_cancel_remain_on_channel(void * priv)9430 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
9431 {
9432 struct i802_bss *bss = priv;
9433 struct wpa_driver_nl80211_data *drv = bss->drv;
9434 struct nl_msg *msg;
9435 int ret;
9436
9437 if (!drv->pending_remain_on_chan) {
9438 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
9439 "to cancel");
9440 return -1;
9441 }
9442
9443 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
9444 "0x%llx",
9445 (long long unsigned int) drv->remain_on_chan_cookie);
9446
9447 msg = nlmsg_alloc();
9448 if (!msg)
9449 return -1;
9450
9451 nl80211_cmd(drv, msg, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL);
9452
9453 if (nl80211_set_iface_id(msg, bss) < 0)
9454 goto nla_put_failure;
9455
9456 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie);
9457
9458 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9459 msg = NULL;
9460 if (ret == 0)
9461 return 0;
9462 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
9463 "%d (%s)", ret, strerror(-ret));
9464 nla_put_failure:
9465 nlmsg_free(msg);
9466 return -1;
9467 }
9468
9469
wpa_driver_nl80211_probe_req_report(struct i802_bss * bss,int report)9470 static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, int report)
9471 {
9472 struct wpa_driver_nl80211_data *drv = bss->drv;
9473
9474 if (!report) {
9475 if (bss->nl_preq && drv->device_ap_sme &&
9476 is_ap_interface(drv->nlmode)) {
9477 /*
9478 * Do not disable Probe Request reporting that was
9479 * enabled in nl80211_setup_ap().
9480 */
9481 wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of "
9482 "Probe Request reporting nl_preq=%p while "
9483 "in AP mode", bss->nl_preq);
9484 } else if (bss->nl_preq) {
9485 wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request "
9486 "reporting nl_preq=%p", bss->nl_preq);
9487 eloop_unregister_read_sock(
9488 nl_socket_get_fd(bss->nl_preq));
9489 nl_destroy_handles(&bss->nl_preq);
9490 }
9491 return 0;
9492 }
9493
9494 if (bss->nl_preq) {
9495 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting "
9496 "already on! nl_preq=%p", bss->nl_preq);
9497 return 0;
9498 }
9499
9500 bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq");
9501 if (bss->nl_preq == NULL)
9502 return -1;
9503 wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request "
9504 "reporting nl_preq=%p", bss->nl_preq);
9505
9506 if (nl80211_register_frame(bss, bss->nl_preq,
9507 (WLAN_FC_TYPE_MGMT << 2) |
9508 (WLAN_FC_STYPE_PROBE_REQ << 4),
9509 NULL, 0) < 0)
9510 goto out_err;
9511
9512 eloop_register_read_sock(nl_socket_get_fd(bss->nl_preq),
9513 wpa_driver_nl80211_event_receive, bss->nl_cb,
9514 bss->nl_preq);
9515
9516 return 0;
9517
9518 out_err:
9519 nl_destroy_handles(&bss->nl_preq);
9520 return -1;
9521 }
9522
9523
nl80211_disable_11b_rates(struct wpa_driver_nl80211_data * drv,int ifindex,int disabled)9524 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
9525 int ifindex, int disabled)
9526 {
9527 struct nl_msg *msg;
9528 struct nlattr *bands, *band;
9529 int ret;
9530
9531 msg = nlmsg_alloc();
9532 if (!msg)
9533 return -1;
9534
9535 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_TX_BITRATE_MASK);
9536 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
9537
9538 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
9539 if (!bands)
9540 goto nla_put_failure;
9541
9542 /*
9543 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
9544 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
9545 * rates. All 5 GHz rates are left enabled.
9546 */
9547 band = nla_nest_start(msg, NL80211_BAND_2GHZ);
9548 if (!band)
9549 goto nla_put_failure;
9550 if (disabled) {
9551 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8,
9552 "\x0c\x12\x18\x24\x30\x48\x60\x6c");
9553 }
9554 nla_nest_end(msg, band);
9555
9556 nla_nest_end(msg, bands);
9557
9558 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9559 msg = NULL;
9560 if (ret) {
9561 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
9562 "(%s)", ret, strerror(-ret));
9563 } else
9564 drv->disabled_11b_rates = disabled;
9565
9566 return ret;
9567
9568 nla_put_failure:
9569 nlmsg_free(msg);
9570 return -1;
9571 }
9572
9573
wpa_driver_nl80211_deinit_ap(void * priv)9574 static int wpa_driver_nl80211_deinit_ap(void *priv)
9575 {
9576 struct i802_bss *bss = priv;
9577 struct wpa_driver_nl80211_data *drv = bss->drv;
9578 if (!is_ap_interface(drv->nlmode))
9579 return -1;
9580 wpa_driver_nl80211_del_beacon(drv);
9581
9582 /*
9583 * If the P2P GO interface was dynamically added, then it is
9584 * possible that the interface change to station is not possible.
9585 */
9586 if (drv->nlmode == NL80211_IFTYPE_P2P_GO && bss->if_dynamic)
9587 return 0;
9588
9589 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
9590 }
9591
9592
wpa_driver_nl80211_stop_ap(void * priv)9593 static int wpa_driver_nl80211_stop_ap(void *priv)
9594 {
9595 struct i802_bss *bss = priv;
9596 struct wpa_driver_nl80211_data *drv = bss->drv;
9597 if (!is_ap_interface(drv->nlmode))
9598 return -1;
9599 wpa_driver_nl80211_del_beacon(drv);
9600 bss->beacon_set = 0;
9601 return 0;
9602 }
9603
9604
wpa_driver_nl80211_deinit_p2p_cli(void * priv)9605 static int wpa_driver_nl80211_deinit_p2p_cli(void *priv)
9606 {
9607 struct i802_bss *bss = priv;
9608 struct wpa_driver_nl80211_data *drv = bss->drv;
9609 if (drv->nlmode != NL80211_IFTYPE_P2P_CLIENT)
9610 return -1;
9611
9612 /*
9613 * If the P2P Client interface was dynamically added, then it is
9614 * possible that the interface change to station is not possible.
9615 */
9616 if (bss->if_dynamic)
9617 return 0;
9618
9619 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
9620 }
9621
9622
wpa_driver_nl80211_resume(void * priv)9623 static void wpa_driver_nl80211_resume(void *priv)
9624 {
9625 struct i802_bss *bss = priv;
9626
9627 if (i802_set_iface_flags(bss, 1))
9628 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event");
9629 }
9630
9631
nl80211_send_ft_action(void * priv,u8 action,const u8 * target_ap,const u8 * ies,size_t ies_len)9632 static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap,
9633 const u8 *ies, size_t ies_len)
9634 {
9635 struct i802_bss *bss = priv;
9636 struct wpa_driver_nl80211_data *drv = bss->drv;
9637 int ret;
9638 u8 *data, *pos;
9639 size_t data_len;
9640 const u8 *own_addr = bss->addr;
9641
9642 if (action != 1) {
9643 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action "
9644 "action %d", action);
9645 return -1;
9646 }
9647
9648 /*
9649 * Action frame payload:
9650 * Category[1] = 6 (Fast BSS Transition)
9651 * Action[1] = 1 (Fast BSS Transition Request)
9652 * STA Address
9653 * Target AP Address
9654 * FT IEs
9655 */
9656
9657 data_len = 2 + 2 * ETH_ALEN + ies_len;
9658 data = os_malloc(data_len);
9659 if (data == NULL)
9660 return -1;
9661 pos = data;
9662 *pos++ = 0x06; /* FT Action category */
9663 *pos++ = action;
9664 os_memcpy(pos, own_addr, ETH_ALEN);
9665 pos += ETH_ALEN;
9666 os_memcpy(pos, target_ap, ETH_ALEN);
9667 pos += ETH_ALEN;
9668 os_memcpy(pos, ies, ies_len);
9669
9670 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0,
9671 drv->bssid, own_addr, drv->bssid,
9672 data, data_len, 0);
9673 os_free(data);
9674
9675 return ret;
9676 }
9677
9678
nl80211_signal_monitor(void * priv,int threshold,int hysteresis)9679 static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
9680 {
9681 struct i802_bss *bss = priv;
9682 struct wpa_driver_nl80211_data *drv = bss->drv;
9683 struct nl_msg *msg;
9684 struct nlattr *cqm;
9685 int ret = -1;
9686
9687 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
9688 "hysteresis=%d", threshold, hysteresis);
9689
9690 msg = nlmsg_alloc();
9691 if (!msg)
9692 return -1;
9693
9694 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_CQM);
9695
9696 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
9697
9698 cqm = nla_nest_start(msg, NL80211_ATTR_CQM);
9699 if (cqm == NULL)
9700 goto nla_put_failure;
9701
9702 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THOLD, threshold);
9703 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_HYST, hysteresis);
9704 nla_nest_end(msg, cqm);
9705
9706 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
9707 msg = NULL;
9708
9709 nla_put_failure:
9710 nlmsg_free(msg);
9711 return ret;
9712 }
9713
9714
9715 /* Converts nl80211_chan_width to a common format */
convert2width(int width)9716 static enum chan_width convert2width(int width)
9717 {
9718 switch (width) {
9719 case NL80211_CHAN_WIDTH_20_NOHT:
9720 return CHAN_WIDTH_20_NOHT;
9721 case NL80211_CHAN_WIDTH_20:
9722 return CHAN_WIDTH_20;
9723 case NL80211_CHAN_WIDTH_40:
9724 return CHAN_WIDTH_40;
9725 case NL80211_CHAN_WIDTH_80:
9726 return CHAN_WIDTH_80;
9727 case NL80211_CHAN_WIDTH_80P80:
9728 return CHAN_WIDTH_80P80;
9729 case NL80211_CHAN_WIDTH_160:
9730 return CHAN_WIDTH_160;
9731 }
9732 return CHAN_WIDTH_UNKNOWN;
9733 }
9734
9735
get_channel_width(struct nl_msg * msg,void * arg)9736 static int get_channel_width(struct nl_msg *msg, void *arg)
9737 {
9738 struct nlattr *tb[NL80211_ATTR_MAX + 1];
9739 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9740 struct wpa_signal_info *sig_change = arg;
9741
9742 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
9743 genlmsg_attrlen(gnlh, 0), NULL);
9744
9745 sig_change->center_frq1 = -1;
9746 sig_change->center_frq2 = -1;
9747 sig_change->chanwidth = CHAN_WIDTH_UNKNOWN;
9748
9749 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) {
9750 sig_change->chanwidth = convert2width(
9751 nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH]));
9752 if (tb[NL80211_ATTR_CENTER_FREQ1])
9753 sig_change->center_frq1 =
9754 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]);
9755 if (tb[NL80211_ATTR_CENTER_FREQ2])
9756 sig_change->center_frq2 =
9757 nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]);
9758 }
9759
9760 return NL_SKIP;
9761 }
9762
9763
nl80211_get_channel_width(struct wpa_driver_nl80211_data * drv,struct wpa_signal_info * sig)9764 static int nl80211_get_channel_width(struct wpa_driver_nl80211_data *drv,
9765 struct wpa_signal_info *sig)
9766 {
9767 struct nl_msg *msg;
9768
9769 msg = nlmsg_alloc();
9770 if (!msg)
9771 return -ENOMEM;
9772
9773 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_INTERFACE);
9774 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
9775
9776 return send_and_recv_msgs(drv, msg, get_channel_width, sig);
9777
9778 nla_put_failure:
9779 nlmsg_free(msg);
9780 return -ENOBUFS;
9781 }
9782
9783
nl80211_signal_poll(void * priv,struct wpa_signal_info * si)9784 static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si)
9785 {
9786 struct i802_bss *bss = priv;
9787 struct wpa_driver_nl80211_data *drv = bss->drv;
9788 int res;
9789
9790 os_memset(si, 0, sizeof(*si));
9791 res = nl80211_get_link_signal(drv, si);
9792 if (res != 0)
9793 return res;
9794
9795 res = nl80211_get_channel_width(drv, si);
9796 if (res != 0)
9797 return res;
9798
9799 return nl80211_get_link_noise(drv, si);
9800 }
9801
9802
wpa_driver_nl80211_shared_freq(void * priv)9803 static int wpa_driver_nl80211_shared_freq(void *priv)
9804 {
9805 struct i802_bss *bss = priv;
9806 struct wpa_driver_nl80211_data *drv = bss->drv;
9807 struct wpa_driver_nl80211_data *driver;
9808 int freq = 0;
9809
9810 /*
9811 * If the same PHY is in connected state with some other interface,
9812 * then retrieve the assoc freq.
9813 */
9814 wpa_printf(MSG_DEBUG, "nl80211: Get shared freq for PHY %s",
9815 drv->phyname);
9816
9817 dl_list_for_each(driver, &drv->global->interfaces,
9818 struct wpa_driver_nl80211_data, list) {
9819 if (drv == driver ||
9820 os_strcmp(drv->phyname, driver->phyname) != 0 ||
9821 #ifdef ANDROID_P2P
9822 (!driver->associated && !is_ap_interface(driver->nlmode)))
9823 #else
9824 !driver->associated)
9825 #endif
9826 continue;
9827
9828 wpa_printf(MSG_DEBUG, "nl80211: Found a match for PHY %s - %s "
9829 MACSTR,
9830 driver->phyname, driver->first_bss.ifname,
9831 MAC2STR(driver->first_bss.addr));
9832 if (is_ap_interface(driver->nlmode))
9833 freq = driver->first_bss.freq;
9834 else
9835 freq = nl80211_get_assoc_freq(driver);
9836 wpa_printf(MSG_DEBUG, "nl80211: Shared freq for PHY %s: %d",
9837 drv->phyname, freq);
9838 }
9839
9840 if (!freq)
9841 wpa_printf(MSG_DEBUG, "nl80211: No shared interface for "
9842 "PHY (%s) in associated state", drv->phyname);
9843
9844 return freq;
9845 }
9846
9847
nl80211_send_frame(void * priv,const u8 * data,size_t data_len,int encrypt)9848 static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len,
9849 int encrypt)
9850 {
9851 struct i802_bss *bss = priv;
9852 return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0,
9853 0, 0, 0, 0);
9854 }
9855
9856
nl80211_set_param(void * priv,const char * param)9857 static int nl80211_set_param(void *priv, const char *param)
9858 {
9859 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param);
9860 if (param == NULL)
9861 return 0;
9862
9863 #ifdef CONFIG_P2P
9864 if (os_strstr(param, "use_p2p_group_interface=1")) {
9865 struct i802_bss *bss = priv;
9866 struct wpa_driver_nl80211_data *drv = bss->drv;
9867
9868 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
9869 "interface");
9870 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
9871 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
9872 }
9873
9874 if (os_strstr(param, "p2p_device=1")) {
9875 struct i802_bss *bss = priv;
9876 struct wpa_driver_nl80211_data *drv = bss->drv;
9877 drv->allow_p2p_device = 1;
9878 }
9879
9880 #ifdef ANDROID_P2P
9881 if(os_strstr(param, "use_multi_chan_concurrent=1")) {
9882 struct i802_bss *bss = priv;
9883 struct wpa_driver_nl80211_data *drv = bss->drv;
9884 wpa_printf(MSG_DEBUG, "nl80211: Use Multi channel "
9885 "concurrency");
9886 drv->capa.num_multichan_concurrent = 2;
9887 }
9888 #endif
9889 #endif /* CONFIG_P2P */
9890
9891 return 0;
9892 }
9893
9894
nl80211_global_init(void)9895 static void * nl80211_global_init(void)
9896 {
9897 struct nl80211_global *global;
9898 struct netlink_config *cfg;
9899
9900 global = os_zalloc(sizeof(*global));
9901 if (global == NULL)
9902 return NULL;
9903 global->ioctl_sock = -1;
9904 dl_list_init(&global->interfaces);
9905 global->if_add_ifindex = -1;
9906
9907 cfg = os_zalloc(sizeof(*cfg));
9908 if (cfg == NULL)
9909 goto err;
9910
9911 cfg->ctx = global;
9912 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
9913 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
9914 global->netlink = netlink_init(cfg);
9915 if (global->netlink == NULL) {
9916 os_free(cfg);
9917 goto err;
9918 }
9919
9920 if (wpa_driver_nl80211_init_nl_global(global) < 0)
9921 goto err;
9922
9923 global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
9924 if (global->ioctl_sock < 0) {
9925 perror("socket(PF_INET,SOCK_DGRAM)");
9926 goto err;
9927 }
9928
9929 return global;
9930
9931 err:
9932 nl80211_global_deinit(global);
9933 return NULL;
9934 }
9935
9936
nl80211_global_deinit(void * priv)9937 static void nl80211_global_deinit(void *priv)
9938 {
9939 struct nl80211_global *global = priv;
9940 if (global == NULL)
9941 return;
9942 if (!dl_list_empty(&global->interfaces)) {
9943 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at "
9944 "nl80211_global_deinit",
9945 dl_list_len(&global->interfaces));
9946 }
9947
9948 if (global->netlink)
9949 netlink_deinit(global->netlink);
9950
9951 nl_destroy_handles(&global->nl);
9952
9953 if (global->nl_event) {
9954 eloop_unregister_read_sock(
9955 nl_socket_get_fd(global->nl_event));
9956 nl_destroy_handles(&global->nl_event);
9957 }
9958
9959 nl_cb_put(global->nl_cb);
9960
9961 if (global->ioctl_sock >= 0)
9962 close(global->ioctl_sock);
9963
9964 os_free(global);
9965 }
9966
9967
nl80211_get_radio_name(void * priv)9968 static const char * nl80211_get_radio_name(void *priv)
9969 {
9970 struct i802_bss *bss = priv;
9971 struct wpa_driver_nl80211_data *drv = bss->drv;
9972 return drv->phyname;
9973 }
9974
9975
nl80211_pmkid(struct i802_bss * bss,int cmd,const u8 * bssid,const u8 * pmkid)9976 static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid,
9977 const u8 *pmkid)
9978 {
9979 struct nl_msg *msg;
9980
9981 msg = nlmsg_alloc();
9982 if (!msg)
9983 return -ENOMEM;
9984
9985 nl80211_cmd(bss->drv, msg, 0, cmd);
9986
9987 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
9988 if (pmkid)
9989 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid);
9990 if (bssid)
9991 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
9992
9993 return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
9994 nla_put_failure:
9995 nlmsg_free(msg);
9996 return -ENOBUFS;
9997 }
9998
9999
nl80211_add_pmkid(void * priv,const u8 * bssid,const u8 * pmkid)10000 static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
10001 {
10002 struct i802_bss *bss = priv;
10003 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid));
10004 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid);
10005 }
10006
10007
nl80211_remove_pmkid(void * priv,const u8 * bssid,const u8 * pmkid)10008 static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
10009 {
10010 struct i802_bss *bss = priv;
10011 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR,
10012 MAC2STR(bssid));
10013 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid);
10014 }
10015
10016
nl80211_flush_pmkid(void * priv)10017 static int nl80211_flush_pmkid(void *priv)
10018 {
10019 struct i802_bss *bss = priv;
10020 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs");
10021 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL);
10022 }
10023
10024
clean_survey_results(struct survey_results * survey_results)10025 static void clean_survey_results(struct survey_results *survey_results)
10026 {
10027 struct freq_survey *survey, *tmp;
10028
10029 if (dl_list_empty(&survey_results->survey_list))
10030 return;
10031
10032 dl_list_for_each_safe(survey, tmp, &survey_results->survey_list,
10033 struct freq_survey, list) {
10034 dl_list_del(&survey->list);
10035 os_free(survey);
10036 }
10037 }
10038
10039
add_survey(struct nlattr ** sinfo,u32 ifidx,struct dl_list * survey_list)10040 static void add_survey(struct nlattr **sinfo, u32 ifidx,
10041 struct dl_list *survey_list)
10042 {
10043 struct freq_survey *survey;
10044
10045 survey = os_zalloc(sizeof(struct freq_survey));
10046 if (!survey)
10047 return;
10048
10049 survey->ifidx = ifidx;
10050 survey->freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
10051 survey->filled = 0;
10052
10053 if (sinfo[NL80211_SURVEY_INFO_NOISE]) {
10054 survey->nf = (int8_t)
10055 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
10056 survey->filled |= SURVEY_HAS_NF;
10057 }
10058
10059 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]) {
10060 survey->channel_time =
10061 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]);
10062 survey->filled |= SURVEY_HAS_CHAN_TIME;
10063 }
10064
10065 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]) {
10066 survey->channel_time_busy =
10067 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]);
10068 survey->filled |= SURVEY_HAS_CHAN_TIME_BUSY;
10069 }
10070
10071 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]) {
10072 survey->channel_time_rx =
10073 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]);
10074 survey->filled |= SURVEY_HAS_CHAN_TIME_RX;
10075 }
10076
10077 if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]) {
10078 survey->channel_time_tx =
10079 nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]);
10080 survey->filled |= SURVEY_HAS_CHAN_TIME_TX;
10081 }
10082
10083 wpa_printf(MSG_DEBUG, "nl80211: Freq survey dump event (freq=%d MHz noise=%d channel_time=%ld busy_time=%ld tx_time=%ld rx_time=%ld filled=%04x)",
10084 survey->freq,
10085 survey->nf,
10086 (unsigned long int) survey->channel_time,
10087 (unsigned long int) survey->channel_time_busy,
10088 (unsigned long int) survey->channel_time_tx,
10089 (unsigned long int) survey->channel_time_rx,
10090 survey->filled);
10091
10092 dl_list_add_tail(survey_list, &survey->list);
10093 }
10094
10095
check_survey_ok(struct nlattr ** sinfo,u32 surveyed_freq,unsigned int freq_filter)10096 static int check_survey_ok(struct nlattr **sinfo, u32 surveyed_freq,
10097 unsigned int freq_filter)
10098 {
10099 if (!freq_filter)
10100 return 1;
10101
10102 return freq_filter == surveyed_freq;
10103 }
10104
10105
survey_handler(struct nl_msg * msg,void * arg)10106 static int survey_handler(struct nl_msg *msg, void *arg)
10107 {
10108 struct nlattr *tb[NL80211_ATTR_MAX + 1];
10109 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
10110 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
10111 struct survey_results *survey_results;
10112 u32 surveyed_freq = 0;
10113 u32 ifidx;
10114
10115 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
10116 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
10117 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
10118 };
10119
10120 survey_results = (struct survey_results *) arg;
10121
10122 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
10123 genlmsg_attrlen(gnlh, 0), NULL);
10124
10125 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
10126
10127 if (!tb[NL80211_ATTR_SURVEY_INFO])
10128 return NL_SKIP;
10129
10130 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
10131 tb[NL80211_ATTR_SURVEY_INFO],
10132 survey_policy))
10133 return NL_SKIP;
10134
10135 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) {
10136 wpa_printf(MSG_ERROR, "nl80211: Invalid survey data");
10137 return NL_SKIP;
10138 }
10139
10140 surveyed_freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
10141
10142 if (!check_survey_ok(sinfo, surveyed_freq,
10143 survey_results->freq_filter))
10144 return NL_SKIP;
10145
10146 if (survey_results->freq_filter &&
10147 survey_results->freq_filter != surveyed_freq) {
10148 wpa_printf(MSG_EXCESSIVE, "nl80211: Ignoring survey data for freq %d MHz",
10149 surveyed_freq);
10150 return NL_SKIP;
10151 }
10152
10153 add_survey(sinfo, ifidx, &survey_results->survey_list);
10154
10155 return NL_SKIP;
10156 }
10157
10158
wpa_driver_nl80211_get_survey(void * priv,unsigned int freq)10159 static int wpa_driver_nl80211_get_survey(void *priv, unsigned int freq)
10160 {
10161 struct i802_bss *bss = priv;
10162 struct wpa_driver_nl80211_data *drv = bss->drv;
10163 struct nl_msg *msg;
10164 int err = -ENOBUFS;
10165 union wpa_event_data data;
10166 struct survey_results *survey_results;
10167
10168 os_memset(&data, 0, sizeof(data));
10169 survey_results = &data.survey_results;
10170
10171 dl_list_init(&survey_results->survey_list);
10172
10173 msg = nlmsg_alloc();
10174 if (!msg)
10175 goto nla_put_failure;
10176
10177 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
10178
10179 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
10180
10181 if (freq)
10182 data.survey_results.freq_filter = freq;
10183
10184 do {
10185 wpa_printf(MSG_DEBUG, "nl80211: Fetch survey data");
10186 err = send_and_recv_msgs(drv, msg, survey_handler,
10187 survey_results);
10188 } while (err > 0);
10189
10190 if (err) {
10191 wpa_printf(MSG_ERROR, "nl80211: Failed to process survey data");
10192 goto out_clean;
10193 }
10194
10195 wpa_supplicant_event(drv->ctx, EVENT_SURVEY, &data);
10196
10197 out_clean:
10198 clean_survey_results(survey_results);
10199 nla_put_failure:
10200 return err;
10201 }
10202
10203
nl80211_set_rekey_info(void * priv,const u8 * kek,const u8 * kck,const u8 * replay_ctr)10204 static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck,
10205 const u8 *replay_ctr)
10206 {
10207 struct i802_bss *bss = priv;
10208 struct wpa_driver_nl80211_data *drv = bss->drv;
10209 struct nlattr *replay_nested;
10210 struct nl_msg *msg;
10211
10212 msg = nlmsg_alloc();
10213 if (!msg)
10214 return;
10215
10216 nl80211_cmd(drv, msg, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
10217
10218 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
10219
10220 replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
10221 if (!replay_nested)
10222 goto nla_put_failure;
10223
10224 NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek);
10225 NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck);
10226 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN,
10227 replay_ctr);
10228
10229 nla_nest_end(msg, replay_nested);
10230
10231 send_and_recv_msgs(drv, msg, NULL, NULL);
10232 return;
10233 nla_put_failure:
10234 nlmsg_free(msg);
10235 }
10236
10237
nl80211_send_null_frame(struct i802_bss * bss,const u8 * own_addr,const u8 * addr,int qos)10238 static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr,
10239 const u8 *addr, int qos)
10240 {
10241 /* send data frame to poll STA and check whether
10242 * this frame is ACKed */
10243 struct {
10244 struct ieee80211_hdr hdr;
10245 u16 qos_ctl;
10246 } STRUCT_PACKED nulldata;
10247 size_t size;
10248
10249 /* Send data frame to poll STA and check whether this frame is ACKed */
10250
10251 os_memset(&nulldata, 0, sizeof(nulldata));
10252
10253 if (qos) {
10254 nulldata.hdr.frame_control =
10255 IEEE80211_FC(WLAN_FC_TYPE_DATA,
10256 WLAN_FC_STYPE_QOS_NULL);
10257 size = sizeof(nulldata);
10258 } else {
10259 nulldata.hdr.frame_control =
10260 IEEE80211_FC(WLAN_FC_TYPE_DATA,
10261 WLAN_FC_STYPE_NULLFUNC);
10262 size = sizeof(struct ieee80211_hdr);
10263 }
10264
10265 nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS);
10266 os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN);
10267 os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
10268 os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
10269
10270 if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0,
10271 0, 0) < 0)
10272 wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to "
10273 "send poll frame");
10274 }
10275
nl80211_poll_client(void * priv,const u8 * own_addr,const u8 * addr,int qos)10276 static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr,
10277 int qos)
10278 {
10279 struct i802_bss *bss = priv;
10280 struct wpa_driver_nl80211_data *drv = bss->drv;
10281 struct nl_msg *msg;
10282
10283 if (!drv->poll_command_supported) {
10284 nl80211_send_null_frame(bss, own_addr, addr, qos);
10285 return;
10286 }
10287
10288 msg = nlmsg_alloc();
10289 if (!msg)
10290 return;
10291
10292 nl80211_cmd(drv, msg, 0, NL80211_CMD_PROBE_CLIENT);
10293
10294 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
10295 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
10296
10297 send_and_recv_msgs(drv, msg, NULL, NULL);
10298 return;
10299 nla_put_failure:
10300 nlmsg_free(msg);
10301 }
10302
10303
nl80211_set_power_save(struct i802_bss * bss,int enabled)10304 static int nl80211_set_power_save(struct i802_bss *bss, int enabled)
10305 {
10306 struct nl_msg *msg;
10307
10308 msg = nlmsg_alloc();
10309 if (!msg)
10310 return -ENOMEM;
10311
10312 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_SET_POWER_SAVE);
10313 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
10314 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE,
10315 enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED);
10316 return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
10317 nla_put_failure:
10318 nlmsg_free(msg);
10319 return -ENOBUFS;
10320 }
10321
10322
nl80211_set_p2p_powersave(void * priv,int legacy_ps,int opp_ps,int ctwindow)10323 static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps,
10324 int ctwindow)
10325 {
10326 struct i802_bss *bss = priv;
10327
10328 wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d "
10329 "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow);
10330
10331 if (opp_ps != -1 || ctwindow != -1)
10332 #ifdef ANDROID_P2P
10333 wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow);
10334 #else
10335 return -1; /* Not yet supported */
10336 #endif
10337
10338 if (legacy_ps == -1)
10339 return 0;
10340 if (legacy_ps != 0 && legacy_ps != 1)
10341 return -1; /* Not yet supported */
10342
10343 return nl80211_set_power_save(bss, legacy_ps);
10344 }
10345
10346
nl80211_start_radar_detection(void * priv,int freq)10347 static int nl80211_start_radar_detection(void *priv, int freq)
10348 {
10349 struct i802_bss *bss = priv;
10350 struct wpa_driver_nl80211_data *drv = bss->drv;
10351 struct nl_msg *msg;
10352 int ret;
10353
10354 wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC)");
10355 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) {
10356 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support radar "
10357 "detection");
10358 return -1;
10359 }
10360
10361 msg = nlmsg_alloc();
10362 if (!msg)
10363 return -1;
10364
10365 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_RADAR_DETECT);
10366 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
10367 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
10368
10369 /* only HT20 is supported at this point */
10370 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, NL80211_CHAN_HT20);
10371
10372 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
10373 if (ret == 0)
10374 return 0;
10375 wpa_printf(MSG_DEBUG, "nl80211: Failed to start radar detection: "
10376 "%d (%s)", ret, strerror(-ret));
10377 nla_put_failure:
10378 return -1;
10379 }
10380
10381 #ifdef CONFIG_TDLS
10382
nl80211_send_tdls_mgmt(void * priv,const u8 * dst,u8 action_code,u8 dialog_token,u16 status_code,const u8 * buf,size_t len)10383 static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code,
10384 u8 dialog_token, u16 status_code,
10385 const u8 *buf, size_t len)
10386 {
10387 struct i802_bss *bss = priv;
10388 struct wpa_driver_nl80211_data *drv = bss->drv;
10389 struct nl_msg *msg;
10390
10391 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
10392 return -EOPNOTSUPP;
10393
10394 if (!dst)
10395 return -EINVAL;
10396
10397 msg = nlmsg_alloc();
10398 if (!msg)
10399 return -ENOMEM;
10400
10401 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_MGMT);
10402 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
10403 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
10404 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_ACTION, action_code);
10405 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token);
10406 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status_code);
10407 NLA_PUT(msg, NL80211_ATTR_IE, len, buf);
10408
10409 return send_and_recv_msgs(drv, msg, NULL, NULL);
10410
10411 nla_put_failure:
10412 nlmsg_free(msg);
10413 return -ENOBUFS;
10414 }
10415
10416
nl80211_tdls_oper(void * priv,enum tdls_oper oper,const u8 * peer)10417 static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer)
10418 {
10419 struct i802_bss *bss = priv;
10420 struct wpa_driver_nl80211_data *drv = bss->drv;
10421 struct nl_msg *msg;
10422 enum nl80211_tdls_operation nl80211_oper;
10423
10424 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
10425 return -EOPNOTSUPP;
10426
10427 switch (oper) {
10428 case TDLS_DISCOVERY_REQ:
10429 nl80211_oper = NL80211_TDLS_DISCOVERY_REQ;
10430 break;
10431 case TDLS_SETUP:
10432 nl80211_oper = NL80211_TDLS_SETUP;
10433 break;
10434 case TDLS_TEARDOWN:
10435 nl80211_oper = NL80211_TDLS_TEARDOWN;
10436 break;
10437 case TDLS_ENABLE_LINK:
10438 nl80211_oper = NL80211_TDLS_ENABLE_LINK;
10439 break;
10440 case TDLS_DISABLE_LINK:
10441 nl80211_oper = NL80211_TDLS_DISABLE_LINK;
10442 break;
10443 case TDLS_ENABLE:
10444 return 0;
10445 case TDLS_DISABLE:
10446 return 0;
10447 default:
10448 return -EINVAL;
10449 }
10450
10451 msg = nlmsg_alloc();
10452 if (!msg)
10453 return -ENOMEM;
10454
10455 nl80211_cmd(drv, msg, 0, NL80211_CMD_TDLS_OPER);
10456 NLA_PUT_U8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper);
10457 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
10458 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, peer);
10459
10460 return send_and_recv_msgs(drv, msg, NULL, NULL);
10461
10462 nla_put_failure:
10463 nlmsg_free(msg);
10464 return -ENOBUFS;
10465 }
10466
10467 #endif /* CONFIG TDLS */
10468
10469
10470 #ifdef ANDROID
10471
10472 typedef struct android_wifi_priv_cmd {
10473 char *buf;
10474 int used_len;
10475 int total_len;
10476 } android_wifi_priv_cmd;
10477
10478 static int drv_errors = 0;
10479
wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data * drv)10480 static void wpa_driver_send_hang_msg(struct wpa_driver_nl80211_data *drv)
10481 {
10482 drv_errors++;
10483 if (drv_errors > DRV_NUMBER_SEQUENTIAL_ERRORS) {
10484 drv_errors = 0;
10485 wpa_msg(drv->ctx, MSG_INFO, WPA_EVENT_DRIVER_STATE "HANGED");
10486 }
10487 }
10488
10489
android_priv_cmd(struct i802_bss * bss,const char * cmd)10490 static int android_priv_cmd(struct i802_bss *bss, const char *cmd)
10491 {
10492 struct wpa_driver_nl80211_data *drv = bss->drv;
10493 struct ifreq ifr;
10494 android_wifi_priv_cmd priv_cmd;
10495 char buf[MAX_DRV_CMD_SIZE];
10496 int ret;
10497
10498 os_memset(&ifr, 0, sizeof(ifr));
10499 os_memset(&priv_cmd, 0, sizeof(priv_cmd));
10500 os_strlcpy(ifr.ifr_name, bss->ifname, IFNAMSIZ);
10501
10502 os_memset(buf, 0, sizeof(buf));
10503 os_strlcpy(buf, cmd, sizeof(buf));
10504
10505 priv_cmd.buf = buf;
10506 priv_cmd.used_len = sizeof(buf);
10507 priv_cmd.total_len = sizeof(buf);
10508 ifr.ifr_data = &priv_cmd;
10509
10510 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr);
10511 if (ret < 0) {
10512 wpa_printf(MSG_ERROR, "%s: failed to issue private commands",
10513 __func__);
10514 wpa_driver_send_hang_msg(drv);
10515 return ret;
10516 }
10517
10518 drv_errors = 0;
10519 return 0;
10520 }
10521
10522
android_pno_start(struct i802_bss * bss,struct wpa_driver_scan_params * params)10523 static int android_pno_start(struct i802_bss *bss,
10524 struct wpa_driver_scan_params *params)
10525 {
10526 struct wpa_driver_nl80211_data *drv = bss->drv;
10527 struct ifreq ifr;
10528 android_wifi_priv_cmd priv_cmd;
10529 int ret = 0, i = 0, bp;
10530 char buf[WEXT_PNO_MAX_COMMAND_SIZE];
10531
10532 bp = WEXT_PNOSETUP_HEADER_SIZE;
10533 os_memcpy(buf, WEXT_PNOSETUP_HEADER, bp);
10534 buf[bp++] = WEXT_PNO_TLV_PREFIX;
10535 buf[bp++] = WEXT_PNO_TLV_VERSION;
10536 buf[bp++] = WEXT_PNO_TLV_SUBVERSION;
10537 buf[bp++] = WEXT_PNO_TLV_RESERVED;
10538
10539 while (i < WEXT_PNO_AMOUNT && (size_t) i < params->num_ssids) {
10540 /* Check that there is enough space needed for 1 more SSID, the
10541 * other sections and null termination */
10542 if ((bp + WEXT_PNO_SSID_HEADER_SIZE + MAX_SSID_LEN +
10543 WEXT_PNO_NONSSID_SECTIONS_SIZE + 1) >= (int) sizeof(buf))
10544 break;
10545 wpa_hexdump_ascii(MSG_DEBUG, "For PNO Scan",
10546 params->ssids[i].ssid,
10547 params->ssids[i].ssid_len);
10548 buf[bp++] = WEXT_PNO_SSID_SECTION;
10549 buf[bp++] = params->ssids[i].ssid_len;
10550 os_memcpy(&buf[bp], params->ssids[i].ssid,
10551 params->ssids[i].ssid_len);
10552 bp += params->ssids[i].ssid_len;
10553 i++;
10554 }
10555
10556 buf[bp++] = WEXT_PNO_SCAN_INTERVAL_SECTION;
10557 os_snprintf(&buf[bp], WEXT_PNO_SCAN_INTERVAL_LENGTH + 1, "%x",
10558 WEXT_PNO_SCAN_INTERVAL);
10559 bp += WEXT_PNO_SCAN_INTERVAL_LENGTH;
10560
10561 buf[bp++] = WEXT_PNO_REPEAT_SECTION;
10562 os_snprintf(&buf[bp], WEXT_PNO_REPEAT_LENGTH + 1, "%x",
10563 WEXT_PNO_REPEAT);
10564 bp += WEXT_PNO_REPEAT_LENGTH;
10565
10566 buf[bp++] = WEXT_PNO_MAX_REPEAT_SECTION;
10567 os_snprintf(&buf[bp], WEXT_PNO_MAX_REPEAT_LENGTH + 1, "%x",
10568 WEXT_PNO_MAX_REPEAT);
10569 bp += WEXT_PNO_MAX_REPEAT_LENGTH + 1;
10570
10571 memset(&ifr, 0, sizeof(ifr));
10572 memset(&priv_cmd, 0, sizeof(priv_cmd));
10573 os_strncpy(ifr.ifr_name, bss->ifname, IFNAMSIZ);
10574
10575 priv_cmd.buf = buf;
10576 priv_cmd.used_len = bp;
10577 priv_cmd.total_len = bp;
10578 ifr.ifr_data = &priv_cmd;
10579
10580 ret = ioctl(drv->global->ioctl_sock, SIOCDEVPRIVATE + 1, &ifr);
10581
10582 if (ret < 0) {
10583 wpa_printf(MSG_ERROR, "ioctl[SIOCSIWPRIV] (pnosetup): %d",
10584 ret);
10585 wpa_driver_send_hang_msg(drv);
10586 return ret;
10587 }
10588
10589 drv_errors = 0;
10590
10591 return android_priv_cmd(bss, "PNOFORCE 1");
10592 }
10593
10594
android_pno_stop(struct i802_bss * bss)10595 static int android_pno_stop(struct i802_bss *bss)
10596 {
10597 return android_priv_cmd(bss, "PNOFORCE 0");
10598 }
10599
10600 #endif /* ANDROID */
10601
10602
driver_nl80211_set_key(const char * ifname,void * priv,enum wpa_alg alg,const u8 * addr,int key_idx,int set_tx,const u8 * seq,size_t seq_len,const u8 * key,size_t key_len)10603 static int driver_nl80211_set_key(const char *ifname, void *priv,
10604 enum wpa_alg alg, const u8 *addr,
10605 int key_idx, int set_tx,
10606 const u8 *seq, size_t seq_len,
10607 const u8 *key, size_t key_len)
10608 {
10609 struct i802_bss *bss = priv;
10610 return wpa_driver_nl80211_set_key(ifname, bss, alg, addr, key_idx,
10611 set_tx, seq, seq_len, key, key_len);
10612 }
10613
10614
driver_nl80211_scan2(void * priv,struct wpa_driver_scan_params * params)10615 static int driver_nl80211_scan2(void *priv,
10616 struct wpa_driver_scan_params *params)
10617 {
10618 struct i802_bss *bss = priv;
10619 return wpa_driver_nl80211_scan(bss, params);
10620 }
10621
10622
driver_nl80211_deauthenticate(void * priv,const u8 * addr,int reason_code)10623 static int driver_nl80211_deauthenticate(void *priv, const u8 *addr,
10624 int reason_code)
10625 {
10626 struct i802_bss *bss = priv;
10627 return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code);
10628 }
10629
10630
driver_nl80211_authenticate(void * priv,struct wpa_driver_auth_params * params)10631 static int driver_nl80211_authenticate(void *priv,
10632 struct wpa_driver_auth_params *params)
10633 {
10634 struct i802_bss *bss = priv;
10635 return wpa_driver_nl80211_authenticate(bss, params);
10636 }
10637
10638
driver_nl80211_deinit(void * priv)10639 static void driver_nl80211_deinit(void *priv)
10640 {
10641 struct i802_bss *bss = priv;
10642 wpa_driver_nl80211_deinit(bss);
10643 }
10644
10645
driver_nl80211_if_remove(void * priv,enum wpa_driver_if_type type,const char * ifname)10646 static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type,
10647 const char *ifname)
10648 {
10649 struct i802_bss *bss = priv;
10650 return wpa_driver_nl80211_if_remove(bss, type, ifname);
10651 }
10652
10653
driver_nl80211_send_mlme(void * priv,const u8 * data,size_t data_len,int noack)10654 static int driver_nl80211_send_mlme(void *priv, const u8 *data,
10655 size_t data_len, int noack)
10656 {
10657 struct i802_bss *bss = priv;
10658 return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack,
10659 0, 0, 0, 0);
10660 }
10661
10662
driver_nl80211_sta_remove(void * priv,const u8 * addr)10663 static int driver_nl80211_sta_remove(void *priv, const u8 *addr)
10664 {
10665 struct i802_bss *bss = priv;
10666 return wpa_driver_nl80211_sta_remove(bss, addr);
10667 }
10668
10669
10670 #if defined(HOSTAPD) || defined(CONFIG_AP)
driver_nl80211_set_sta_vlan(void * priv,const u8 * addr,const char * ifname,int vlan_id)10671 static int driver_nl80211_set_sta_vlan(void *priv, const u8 *addr,
10672 const char *ifname, int vlan_id)
10673 {
10674 struct i802_bss *bss = priv;
10675 return i802_set_sta_vlan(bss, addr, ifname, vlan_id);
10676 }
10677 #endif /* HOSTAPD || CONFIG_AP */
10678
10679
driver_nl80211_read_sta_data(void * priv,struct hostap_sta_driver_data * data,const u8 * addr)10680 static int driver_nl80211_read_sta_data(void *priv,
10681 struct hostap_sta_driver_data *data,
10682 const u8 *addr)
10683 {
10684 struct i802_bss *bss = priv;
10685 return i802_read_sta_data(bss, data, addr);
10686 }
10687
10688
driver_nl80211_send_action(void * priv,unsigned int freq,unsigned int wait_time,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,int no_cck)10689 static int driver_nl80211_send_action(void *priv, unsigned int freq,
10690 unsigned int wait_time,
10691 const u8 *dst, const u8 *src,
10692 const u8 *bssid,
10693 const u8 *data, size_t data_len,
10694 int no_cck)
10695 {
10696 struct i802_bss *bss = priv;
10697 return wpa_driver_nl80211_send_action(bss, freq, wait_time, dst, src,
10698 bssid, data, data_len, no_cck);
10699 }
10700
10701
driver_nl80211_probe_req_report(void * priv,int report)10702 static int driver_nl80211_probe_req_report(void *priv, int report)
10703 {
10704 struct i802_bss *bss = priv;
10705 return wpa_driver_nl80211_probe_req_report(bss, report);
10706 }
10707
10708
wpa_driver_nl80211_update_ft_ies(void * priv,const u8 * md,const u8 * ies,size_t ies_len)10709 static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md,
10710 const u8 *ies, size_t ies_len)
10711 {
10712 int ret;
10713 struct nl_msg *msg;
10714 struct i802_bss *bss = priv;
10715 struct wpa_driver_nl80211_data *drv = bss->drv;
10716 u16 mdid = WPA_GET_LE16(md);
10717
10718 msg = nlmsg_alloc();
10719 if (!msg)
10720 return -ENOMEM;
10721
10722 wpa_printf(MSG_DEBUG, "nl80211: Updating FT IEs");
10723 nl80211_cmd(drv, msg, 0, NL80211_CMD_UPDATE_FT_IES);
10724 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
10725 NLA_PUT(msg, NL80211_ATTR_IE, ies_len, ies);
10726 NLA_PUT_U16(msg, NL80211_ATTR_MDID, mdid);
10727
10728 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
10729 if (ret) {
10730 wpa_printf(MSG_DEBUG, "nl80211: update_ft_ies failed "
10731 "err=%d (%s)", ret, strerror(-ret));
10732 }
10733
10734 return ret;
10735
10736 nla_put_failure:
10737 nlmsg_free(msg);
10738 return -ENOBUFS;
10739 }
10740
10741
wpa_driver_nl80211_get_macaddr(void * priv)10742 const u8 * wpa_driver_nl80211_get_macaddr(void *priv)
10743 {
10744 struct i802_bss *bss = priv;
10745 struct wpa_driver_nl80211_data *drv = bss->drv;
10746
10747 if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE)
10748 return NULL;
10749
10750 return bss->addr;
10751 }
10752
10753
10754 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
10755 .name = "nl80211",
10756 .desc = "Linux nl80211/cfg80211",
10757 .get_bssid = wpa_driver_nl80211_get_bssid,
10758 .get_ssid = wpa_driver_nl80211_get_ssid,
10759 .set_key = driver_nl80211_set_key,
10760 .scan2 = driver_nl80211_scan2,
10761 .sched_scan = wpa_driver_nl80211_sched_scan,
10762 .stop_sched_scan = wpa_driver_nl80211_stop_sched_scan,
10763 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
10764 .deauthenticate = driver_nl80211_deauthenticate,
10765 .authenticate = driver_nl80211_authenticate,
10766 .associate = wpa_driver_nl80211_associate,
10767 .global_init = nl80211_global_init,
10768 .global_deinit = nl80211_global_deinit,
10769 .init2 = wpa_driver_nl80211_init,
10770 .deinit = driver_nl80211_deinit,
10771 .get_capa = wpa_driver_nl80211_get_capa,
10772 .set_operstate = wpa_driver_nl80211_set_operstate,
10773 .set_supp_port = wpa_driver_nl80211_set_supp_port,
10774 .set_country = wpa_driver_nl80211_set_country,
10775 .set_ap = wpa_driver_nl80211_set_ap,
10776 .set_acl = wpa_driver_nl80211_set_acl,
10777 .if_add = wpa_driver_nl80211_if_add,
10778 .if_remove = driver_nl80211_if_remove,
10779 .send_mlme = driver_nl80211_send_mlme,
10780 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
10781 .sta_add = wpa_driver_nl80211_sta_add,
10782 .sta_remove = driver_nl80211_sta_remove,
10783 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
10784 .sta_set_flags = wpa_driver_nl80211_sta_set_flags,
10785 #ifdef HOSTAPD
10786 .hapd_init = i802_init,
10787 .hapd_deinit = i802_deinit,
10788 .set_wds_sta = i802_set_wds_sta,
10789 #endif /* HOSTAPD */
10790 #if defined(HOSTAPD) || defined(CONFIG_AP)
10791 .get_seqnum = i802_get_seqnum,
10792 .flush = i802_flush,
10793 .get_inact_sec = i802_get_inact_sec,
10794 .sta_clear_stats = i802_sta_clear_stats,
10795 .set_rts = i802_set_rts,
10796 .set_frag = i802_set_frag,
10797 .set_tx_queue_params = i802_set_tx_queue_params,
10798 .set_sta_vlan = driver_nl80211_set_sta_vlan,
10799 .sta_deauth = i802_sta_deauth,
10800 .sta_disassoc = i802_sta_disassoc,
10801 #endif /* HOSTAPD || CONFIG_AP */
10802 .read_sta_data = driver_nl80211_read_sta_data,
10803 .set_freq = i802_set_freq,
10804 .send_action = driver_nl80211_send_action,
10805 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait,
10806 .remain_on_channel = wpa_driver_nl80211_remain_on_channel,
10807 .cancel_remain_on_channel =
10808 wpa_driver_nl80211_cancel_remain_on_channel,
10809 .probe_req_report = driver_nl80211_probe_req_report,
10810 .deinit_ap = wpa_driver_nl80211_deinit_ap,
10811 .deinit_p2p_cli = wpa_driver_nl80211_deinit_p2p_cli,
10812 .resume = wpa_driver_nl80211_resume,
10813 .send_ft_action = nl80211_send_ft_action,
10814 .signal_monitor = nl80211_signal_monitor,
10815 .signal_poll = nl80211_signal_poll,
10816 .send_frame = nl80211_send_frame,
10817 .shared_freq = wpa_driver_nl80211_shared_freq,
10818 .set_param = nl80211_set_param,
10819 .get_radio_name = nl80211_get_radio_name,
10820 .add_pmkid = nl80211_add_pmkid,
10821 .remove_pmkid = nl80211_remove_pmkid,
10822 .flush_pmkid = nl80211_flush_pmkid,
10823 .set_rekey_info = nl80211_set_rekey_info,
10824 .poll_client = nl80211_poll_client,
10825 .set_p2p_powersave = nl80211_set_p2p_powersave,
10826 .start_dfs_cac = nl80211_start_radar_detection,
10827 .stop_ap = wpa_driver_nl80211_stop_ap,
10828 #ifdef CONFIG_TDLS
10829 .send_tdls_mgmt = nl80211_send_tdls_mgmt,
10830 .tdls_oper = nl80211_tdls_oper,
10831 #endif /* CONFIG_TDLS */
10832 .update_ft_ies = wpa_driver_nl80211_update_ft_ies,
10833 .get_mac_addr = wpa_driver_nl80211_get_macaddr,
10834 .get_survey = wpa_driver_nl80211_get_survey,
10835 #ifdef ANDROID_P2P
10836 .set_noa = wpa_driver_set_p2p_noa,
10837 .get_noa = wpa_driver_get_p2p_noa,
10838 .set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie,
10839 #endif
10840 #ifdef ANDROID
10841 .driver_cmd = wpa_driver_nl80211_driver_cmd,
10842 #endif
10843 };
10844