1 /* 2 * Driver interaction with Linux nl80211/cfg80211 3 * Copyright (c) 2002-2012, Jouni Malinen <j (at) w1.fi> 4 * Copyright (c) 2003-2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * Copyright (c) 2007, Johannes Berg <johannes (at) sipsolutions.net> 7 * Copyright (c) 2009-2010, Atheros Communications 8 * 9 * This software may be distributed under the terms of the BSD license. 10 * See README for more details. 11 */ 12 13 #include "includes.h" 14 #include <sys/ioctl.h> 15 #include <sys/types.h> 16 #include <sys/stat.h> 17 #include <fcntl.h> 18 #include <net/if.h> 19 #include <netlink/genl/genl.h> 20 #include <netlink/genl/family.h> 21 #include <netlink/genl/ctrl.h> 22 #include <linux/rtnetlink.h> 23 #include <netpacket/packet.h> 24 #include <linux/filter.h> 25 #include <linux/errqueue.h> 26 #include "nl80211_copy.h" 27 28 #include "common.h" 29 #include "eloop.h" 30 #include "utils/list.h" 31 #include "common/ieee802_11_defs.h" 32 #include "common/ieee802_11_common.h" 33 #include "l2_packet/l2_packet.h" 34 #include "netlink.h" 35 #include "linux_ioctl.h" 36 #include "radiotap.h" 37 #include "radiotap_iter.h" 38 #include "rfkill.h" 39 #include "driver.h" 40 41 #ifndef SO_WIFI_STATUS 42 # if defined(__sparc__) 43 # define SO_WIFI_STATUS 0x0025 44 # elif defined(__parisc__) 45 # define SO_WIFI_STATUS 0x4022 46 # else 47 # define SO_WIFI_STATUS 41 48 # endif 49 50 # define SCM_WIFI_STATUS SO_WIFI_STATUS 51 #endif 52 53 #ifndef SO_EE_ORIGIN_TXSTATUS 54 #define SO_EE_ORIGIN_TXSTATUS 4 55 #endif 56 57 #ifndef PACKET_TX_TIMESTAMP 58 #define PACKET_TX_TIMESTAMP 16 59 #endif 60 61 #ifdef ANDROID 62 #include "android_drv.h" 63 #endif /* ANDROID */ 64 #ifdef CONFIG_LIBNL20 65 /* libnl 2.0 compatibility code */ 66 #define nl_handle nl_sock 67 #define nl80211_handle_alloc nl_socket_alloc_cb 68 #define nl80211_handle_destroy nl_socket_free 69 #else 70 /* 71 * libnl 1.1 has a bug, it tries to allocate socket numbers densely 72 * but when you free a socket again it will mess up its bitmap and 73 * and use the wrong number the next time it needs a socket ID. 74 * Therefore, we wrap the handle alloc/destroy and add our own pid 75 * accounting. 76 */ 77 static uint32_t port_bitmap[32] = { 0 }; 78 79 static struct nl_handle *nl80211_handle_alloc(void *cb) 80 { 81 struct nl_handle *handle; 82 uint32_t pid = getpid() & 0x3FFFFF; 83 int i; 84 85 handle = nl_handle_alloc_cb(cb); 86 87 for (i = 0; i < 1024; i++) { 88 if (port_bitmap[i / 32] & (1 << (i % 32))) 89 continue; 90 port_bitmap[i / 32] |= 1 << (i % 32); 91 pid += i << 22; 92 break; 93 } 94 95 nl_socket_set_local_port(handle, pid); 96 97 return handle; 98 } 99 100 static void nl80211_handle_destroy(struct nl_handle *handle) 101 { 102 uint32_t port = nl_socket_get_local_port(handle); 103 104 port >>= 22; 105 port_bitmap[port / 32] &= ~(1 << (port % 32)); 106 107 nl_handle_destroy(handle); 108 } 109 #endif /* CONFIG_LIBNL20 */ 110 111 112 static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg) 113 { 114 struct nl_handle *handle; 115 116 handle = nl80211_handle_alloc(cb); 117 if (handle == NULL) { 118 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 119 "callbacks (%s)", dbg); 120 return NULL; 121 } 122 123 if (genl_connect(handle)) { 124 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic " 125 "netlink (%s)", dbg); 126 nl80211_handle_destroy(handle); 127 return NULL; 128 } 129 130 return handle; 131 } 132 133 134 static void nl_destroy_handles(struct nl_handle **handle) 135 { 136 if (*handle == NULL) 137 return; 138 nl80211_handle_destroy(*handle); 139 *handle = NULL; 140 } 141 142 143 #ifndef IFF_LOWER_UP 144 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 145 #endif 146 #ifndef IFF_DORMANT 147 #define IFF_DORMANT 0x20000 /* driver signals dormant */ 148 #endif 149 150 #ifndef IF_OPER_DORMANT 151 #define IF_OPER_DORMANT 5 152 #endif 153 #ifndef IF_OPER_UP 154 #define IF_OPER_UP 6 155 #endif 156 157 struct nl80211_global { 158 struct dl_list interfaces; 159 int if_add_ifindex; 160 struct netlink_data *netlink; 161 struct nl_cb *nl_cb; 162 struct nl_handle *nl; 163 int nl80211_id; 164 int ioctl_sock; /* socket for ioctl() use */ 165 166 struct nl_handle *nl_event; 167 }; 168 169 struct nl80211_wiphy_data { 170 struct dl_list list; 171 struct dl_list bsss; 172 struct dl_list drvs; 173 174 struct nl_handle *nl_beacons; 175 struct nl_cb *nl_cb; 176 177 int wiphy_idx; 178 }; 179 180 static void nl80211_global_deinit(void *priv); 181 static void wpa_driver_nl80211_deinit(void *priv); 182 183 struct i802_bss { 184 struct wpa_driver_nl80211_data *drv; 185 struct i802_bss *next; 186 int ifindex; 187 char ifname[IFNAMSIZ + 1]; 188 char brname[IFNAMSIZ]; 189 unsigned int beacon_set:1; 190 unsigned int added_if_into_bridge:1; 191 unsigned int added_bridge:1; 192 193 u8 addr[ETH_ALEN]; 194 195 int freq; 196 197 struct nl_handle *nl_preq, *nl_mgmt; 198 struct nl_cb *nl_cb; 199 200 struct nl80211_wiphy_data *wiphy_data; 201 struct dl_list wiphy_list; 202 }; 203 204 struct wpa_driver_nl80211_data { 205 struct nl80211_global *global; 206 struct dl_list list; 207 struct dl_list wiphy_list; 208 char phyname[32]; 209 void *ctx; 210 int ifindex; 211 int if_removed; 212 int if_disabled; 213 int ignore_if_down_event; 214 struct rfkill_data *rfkill; 215 struct wpa_driver_capa capa; 216 int has_capability; 217 218 int operstate; 219 220 int scan_complete_events; 221 222 struct nl_cb *nl_cb; 223 224 u8 auth_bssid[ETH_ALEN]; 225 u8 bssid[ETH_ALEN]; 226 int associated; 227 u8 ssid[32]; 228 size_t ssid_len; 229 enum nl80211_iftype nlmode; 230 enum nl80211_iftype ap_scan_as_station; 231 unsigned int assoc_freq; 232 233 int monitor_sock; 234 int monitor_ifidx; 235 int monitor_refcount; 236 237 unsigned int disabled_11b_rates:1; 238 unsigned int pending_remain_on_chan:1; 239 unsigned int in_interface_list:1; 240 unsigned int device_ap_sme:1; 241 unsigned int poll_command_supported:1; 242 unsigned int data_tx_status:1; 243 unsigned int scan_for_auth:1; 244 unsigned int retry_auth:1; 245 unsigned int use_monitor:1; 246 247 u64 remain_on_chan_cookie; 248 u64 send_action_cookie; 249 250 unsigned int last_mgmt_freq; 251 252 struct wpa_driver_scan_filter *filter_ssids; 253 size_t num_filter_ssids; 254 255 struct i802_bss first_bss; 256 257 int eapol_tx_sock; 258 259 #ifdef HOSTAPD 260 int eapol_sock; /* socket for EAPOL frames */ 261 262 int default_if_indices[16]; 263 int *if_indices; 264 int num_if_indices; 265 266 int last_freq; 267 int last_freq_ht; 268 #endif /* HOSTAPD */ 269 270 /* From failed authentication command */ 271 int auth_freq; 272 u8 auth_bssid_[ETH_ALEN]; 273 u8 auth_ssid[32]; 274 size_t auth_ssid_len; 275 int auth_alg; 276 u8 *auth_ie; 277 size_t auth_ie_len; 278 u8 auth_wep_key[4][16]; 279 size_t auth_wep_key_len[4]; 280 int auth_wep_tx_keyidx; 281 int auth_local_state_change; 282 int auth_p2p; 283 }; 284 285 286 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, 287 void *timeout_ctx); 288 static int wpa_driver_nl80211_set_mode(struct i802_bss *bss, 289 enum nl80211_iftype nlmode); 290 static int 291 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv); 292 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv, 293 const u8 *addr, int cmd, u16 reason_code, 294 int local_state_change); 295 static void nl80211_remove_monitor_interface( 296 struct wpa_driver_nl80211_data *drv); 297 static int nl80211_send_frame_cmd(struct i802_bss *bss, 298 unsigned int freq, unsigned int wait, 299 const u8 *buf, size_t buf_len, u64 *cookie, 300 int no_cck, int no_ack, int offchanok); 301 static int wpa_driver_nl80211_probe_req_report(void *priv, int report); 302 #ifdef ANDROID 303 static int android_pno_start(struct i802_bss *bss, 304 struct wpa_driver_scan_params *params); 305 static int android_pno_stop(struct i802_bss *bss); 306 #endif /* ANDROID */ 307 #ifdef ANDROID_P2P 308 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 309 enum wpa_event_type type, 310 const u8 *frame, size_t len); 311 int wpa_driver_set_p2p_noa(void *priv, u8 count, int start, int duration); 312 int wpa_driver_get_p2p_noa(void *priv, u8 *buf, size_t len); 313 int wpa_driver_set_p2p_ps(void *priv, int legacy_ps, int opp_ps, int ctwindow); 314 int wpa_driver_set_ap_wps_p2p_ie(void *priv, const struct wpabuf *beacon, 315 const struct wpabuf *proberesp, 316 const struct wpabuf *assocresp); 317 318 #endif 319 #ifdef HOSTAPD 320 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 321 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 322 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx); 323 static int wpa_driver_nl80211_if_remove(void *priv, 324 enum wpa_driver_if_type type, 325 const char *ifname); 326 #else /* HOSTAPD */ 327 static inline void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 328 { 329 } 330 331 static inline void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 332 { 333 } 334 335 static inline int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx) 336 { 337 return 0; 338 } 339 #endif /* HOSTAPD */ 340 #ifdef ANDROID 341 extern int wpa_driver_nl80211_driver_cmd(void *priv, char *cmd, char *buf, 342 size_t buf_len); 343 #endif 344 345 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq); 346 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv, 347 int ifindex, int disabled); 348 349 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv); 350 static int wpa_driver_nl80211_authenticate_retry( 351 struct wpa_driver_nl80211_data *drv); 352 353 354 static int is_ap_interface(enum nl80211_iftype nlmode) 355 { 356 return (nlmode == NL80211_IFTYPE_AP || 357 nlmode == NL80211_IFTYPE_P2P_GO); 358 } 359 360 361 static int is_sta_interface(enum nl80211_iftype nlmode) 362 { 363 return (nlmode == NL80211_IFTYPE_STATION || 364 nlmode == NL80211_IFTYPE_P2P_CLIENT); 365 } 366 367 368 static int is_p2p_interface(enum nl80211_iftype nlmode) 369 { 370 return (nlmode == NL80211_IFTYPE_P2P_CLIENT || 371 nlmode == NL80211_IFTYPE_P2P_GO); 372 } 373 374 375 struct nl80211_bss_info_arg { 376 struct wpa_driver_nl80211_data *drv; 377 struct wpa_scan_results *res; 378 unsigned int assoc_freq; 379 u8 assoc_bssid[ETH_ALEN]; 380 }; 381 382 static int bss_info_handler(struct nl_msg *msg, void *arg); 383 384 385 /* nl80211 code */ 386 static int ack_handler(struct nl_msg *msg, void *arg) 387 { 388 int *err = arg; 389 *err = 0; 390 return NL_STOP; 391 } 392 393 static int finish_handler(struct nl_msg *msg, void *arg) 394 { 395 int *ret = arg; 396 *ret = 0; 397 return NL_SKIP; 398 } 399 400 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, 401 void *arg) 402 { 403 int *ret = arg; 404 *ret = err->error; 405 return NL_SKIP; 406 } 407 408 409 static int no_seq_check(struct nl_msg *msg, void *arg) 410 { 411 return NL_OK; 412 } 413 414 415 static int send_and_recv(struct nl80211_global *global, 416 struct nl_handle *nl_handle, struct nl_msg *msg, 417 int (*valid_handler)(struct nl_msg *, void *), 418 void *valid_data) 419 { 420 struct nl_cb *cb; 421 int err = -ENOMEM; 422 423 cb = nl_cb_clone(global->nl_cb); 424 if (!cb) 425 goto out; 426 427 err = nl_send_auto_complete(nl_handle, msg); 428 if (err < 0) 429 goto out; 430 431 err = 1; 432 433 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err); 434 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err); 435 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err); 436 437 if (valid_handler) 438 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, 439 valid_handler, valid_data); 440 441 while (err > 0) 442 nl_recvmsgs(nl_handle, cb); 443 out: 444 nl_cb_put(cb); 445 nlmsg_free(msg); 446 return err; 447 } 448 449 450 static int send_and_recv_msgs_global(struct nl80211_global *global, 451 struct nl_msg *msg, 452 int (*valid_handler)(struct nl_msg *, void *), 453 void *valid_data) 454 { 455 return send_and_recv(global, global->nl, msg, valid_handler, 456 valid_data); 457 } 458 459 int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, 460 struct nl_msg *msg, 461 int (*valid_handler)(struct nl_msg *, void *), 462 void *valid_data) 463 { 464 return send_and_recv(drv->global, drv->global->nl, msg, 465 valid_handler, valid_data); 466 } 467 468 469 struct family_data { 470 const char *group; 471 int id; 472 }; 473 474 475 static int family_handler(struct nl_msg *msg, void *arg) 476 { 477 struct family_data *res = arg; 478 struct nlattr *tb[CTRL_ATTR_MAX + 1]; 479 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 480 struct nlattr *mcgrp; 481 int i; 482 483 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 484 genlmsg_attrlen(gnlh, 0), NULL); 485 if (!tb[CTRL_ATTR_MCAST_GROUPS]) 486 return NL_SKIP; 487 488 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) { 489 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1]; 490 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp), 491 nla_len(mcgrp), NULL); 492 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] || 493 !tb2[CTRL_ATTR_MCAST_GRP_ID] || 494 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]), 495 res->group, 496 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0) 497 continue; 498 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]); 499 break; 500 }; 501 502 return NL_SKIP; 503 } 504 505 506 static int nl_get_multicast_id(struct nl80211_global *global, 507 const char *family, const char *group) 508 { 509 struct nl_msg *msg; 510 int ret = -1; 511 struct family_data res = { group, -ENOENT }; 512 513 msg = nlmsg_alloc(); 514 if (!msg) 515 return -ENOMEM; 516 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"), 517 0, 0, CTRL_CMD_GETFAMILY, 0); 518 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); 519 520 ret = send_and_recv_msgs_global(global, msg, family_handler, &res); 521 msg = NULL; 522 if (ret == 0) 523 ret = res.id; 524 525 nla_put_failure: 526 nlmsg_free(msg); 527 return ret; 528 } 529 530 531 static void * nl80211_cmd(struct wpa_driver_nl80211_data *drv, 532 struct nl_msg *msg, int flags, uint8_t cmd) 533 { 534 return genlmsg_put(msg, 0, 0, drv->global->nl80211_id, 535 0, flags, cmd, 0); 536 } 537 538 539 struct wiphy_idx_data { 540 int wiphy_idx; 541 }; 542 543 544 static int netdev_info_handler(struct nl_msg *msg, void *arg) 545 { 546 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 547 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 548 struct wiphy_idx_data *info = arg; 549 550 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 551 genlmsg_attrlen(gnlh, 0), NULL); 552 553 if (tb[NL80211_ATTR_WIPHY]) 554 info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 555 556 return NL_SKIP; 557 } 558 559 560 static int nl80211_get_wiphy_index(struct i802_bss *bss) 561 { 562 struct nl_msg *msg; 563 struct wiphy_idx_data data = { 564 .wiphy_idx = -1, 565 }; 566 567 msg = nlmsg_alloc(); 568 if (!msg) 569 return -1; 570 571 nl80211_cmd(bss->drv, msg, 0, NL80211_CMD_GET_INTERFACE); 572 573 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 574 575 if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data) == 0) 576 return data.wiphy_idx; 577 msg = NULL; 578 nla_put_failure: 579 nlmsg_free(msg); 580 return -1; 581 } 582 583 584 static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv, 585 struct nl80211_wiphy_data *w) 586 { 587 struct nl_msg *msg; 588 int ret = -1; 589 590 msg = nlmsg_alloc(); 591 if (!msg) 592 return -1; 593 594 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS); 595 596 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx); 597 598 ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL); 599 msg = NULL; 600 if (ret) { 601 wpa_printf(MSG_DEBUG, "nl80211: Register beacons command " 602 "failed: ret=%d (%s)", 603 ret, strerror(-ret)); 604 goto nla_put_failure; 605 } 606 ret = 0; 607 nla_put_failure: 608 nlmsg_free(msg); 609 return ret; 610 } 611 612 613 static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle) 614 { 615 struct nl80211_wiphy_data *w = eloop_ctx; 616 617 wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available"); 618 619 nl_recvmsgs(handle, w->nl_cb); 620 } 621 622 623 static int process_beacon_event(struct nl_msg *msg, void *arg) 624 { 625 struct nl80211_wiphy_data *w = arg; 626 struct wpa_driver_nl80211_data *drv; 627 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 628 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 629 union wpa_event_data event; 630 631 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 632 genlmsg_attrlen(gnlh, 0), NULL); 633 634 if (gnlh->cmd != NL80211_CMD_FRAME) { 635 wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)", 636 gnlh->cmd); 637 return NL_SKIP; 638 } 639 640 if (!tb[NL80211_ATTR_FRAME]) 641 return NL_SKIP; 642 643 dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data, 644 wiphy_list) { 645 os_memset(&event, 0, sizeof(event)); 646 event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]); 647 event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]); 648 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 649 } 650 651 return NL_SKIP; 652 } 653 654 655 static struct nl80211_wiphy_data * 656 nl80211_get_wiphy_data_ap(struct i802_bss *bss) 657 { 658 static DEFINE_DL_LIST(nl80211_wiphys); 659 struct nl80211_wiphy_data *w; 660 int wiphy_idx, found = 0; 661 struct i802_bss *tmp_bss; 662 663 if (bss->wiphy_data != NULL) 664 return bss->wiphy_data; 665 666 wiphy_idx = nl80211_get_wiphy_index(bss); 667 668 dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) { 669 if (w->wiphy_idx == wiphy_idx) 670 goto add; 671 } 672 673 /* alloc new one */ 674 w = os_zalloc(sizeof(*w)); 675 if (w == NULL) 676 return NULL; 677 w->wiphy_idx = wiphy_idx; 678 dl_list_init(&w->bsss); 679 dl_list_init(&w->drvs); 680 681 w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 682 if (!w->nl_cb) { 683 os_free(w); 684 return NULL; 685 } 686 nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL); 687 nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_beacon_event, 688 w); 689 690 w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb, 691 "wiphy beacons"); 692 if (w->nl_beacons == NULL) { 693 os_free(w); 694 return NULL; 695 } 696 697 if (nl80211_register_beacons(bss->drv, w)) { 698 nl_destroy_handles(&w->nl_beacons); 699 os_free(w); 700 return NULL; 701 } 702 703 eloop_register_read_sock(nl_socket_get_fd(w->nl_beacons), 704 nl80211_recv_beacons, w, w->nl_beacons); 705 706 dl_list_add(&nl80211_wiphys, &w->list); 707 708 add: 709 /* drv entry for this bss already there? */ 710 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 711 if (tmp_bss->drv == bss->drv) { 712 found = 1; 713 break; 714 } 715 } 716 /* if not add it */ 717 if (!found) 718 dl_list_add(&w->drvs, &bss->drv->wiphy_list); 719 720 dl_list_add(&w->bsss, &bss->wiphy_list); 721 bss->wiphy_data = w; 722 return w; 723 } 724 725 726 static void nl80211_put_wiphy_data_ap(struct i802_bss *bss) 727 { 728 struct nl80211_wiphy_data *w = bss->wiphy_data; 729 struct i802_bss *tmp_bss; 730 int found = 0; 731 732 if (w == NULL) 733 return; 734 bss->wiphy_data = NULL; 735 dl_list_del(&bss->wiphy_list); 736 737 /* still any for this drv present? */ 738 dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) { 739 if (tmp_bss->drv == bss->drv) { 740 found = 1; 741 break; 742 } 743 } 744 /* if not remove it */ 745 if (!found) 746 dl_list_del(&bss->drv->wiphy_list); 747 748 if (!dl_list_empty(&w->bsss)) 749 return; 750 751 eloop_unregister_read_sock(nl_socket_get_fd(w->nl_beacons)); 752 753 nl_cb_put(w->nl_cb); 754 nl_destroy_handles(&w->nl_beacons); 755 dl_list_del(&w->list); 756 os_free(w); 757 } 758 759 760 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid) 761 { 762 struct i802_bss *bss = priv; 763 struct wpa_driver_nl80211_data *drv = bss->drv; 764 if (!drv->associated) 765 return -1; 766 os_memcpy(bssid, drv->bssid, ETH_ALEN); 767 return 0; 768 } 769 770 771 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid) 772 { 773 struct i802_bss *bss = priv; 774 struct wpa_driver_nl80211_data *drv = bss->drv; 775 if (!drv->associated) 776 return -1; 777 os_memcpy(ssid, drv->ssid, drv->ssid_len); 778 return drv->ssid_len; 779 } 780 781 782 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv, 783 char *buf, size_t len, int del) 784 { 785 union wpa_event_data event; 786 787 os_memset(&event, 0, sizeof(event)); 788 if (len > sizeof(event.interface_status.ifname)) 789 len = sizeof(event.interface_status.ifname) - 1; 790 os_memcpy(event.interface_status.ifname, buf, len); 791 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED : 792 EVENT_INTERFACE_ADDED; 793 794 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s", 795 del ? "DEL" : "NEW", 796 event.interface_status.ifname, 797 del ? "removed" : "added"); 798 799 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) { 800 if (del) 801 drv->if_removed = 1; 802 else 803 drv->if_removed = 0; 804 } 805 806 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event); 807 } 808 809 810 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv, 811 u8 *buf, size_t len) 812 { 813 int attrlen, rta_len; 814 struct rtattr *attr; 815 816 attrlen = len; 817 attr = (struct rtattr *) buf; 818 819 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 820 while (RTA_OK(attr, attrlen)) { 821 if (attr->rta_type == IFLA_IFNAME) { 822 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname) 823 == 0) 824 return 1; 825 else 826 break; 827 } 828 attr = RTA_NEXT(attr, attrlen); 829 } 830 831 return 0; 832 } 833 834 835 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv, 836 int ifindex, u8 *buf, size_t len) 837 { 838 if (drv->ifindex == ifindex) 839 return 1; 840 841 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) { 842 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname); 843 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed " 844 "interface"); 845 wpa_driver_nl80211_finish_drv_init(drv); 846 return 1; 847 } 848 849 return 0; 850 } 851 852 853 static struct wpa_driver_nl80211_data * 854 nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len) 855 { 856 struct wpa_driver_nl80211_data *drv; 857 dl_list_for_each(drv, &global->interfaces, 858 struct wpa_driver_nl80211_data, list) { 859 if (wpa_driver_nl80211_own_ifindex(drv, idx, buf, len) || 860 have_ifidx(drv, idx)) 861 return drv; 862 } 863 return NULL; 864 } 865 866 867 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, 868 struct ifinfomsg *ifi, 869 u8 *buf, size_t len) 870 { 871 struct nl80211_global *global = ctx; 872 struct wpa_driver_nl80211_data *drv; 873 int attrlen, rta_len; 874 struct rtattr *attr; 875 u32 brid = 0; 876 char namebuf[IFNAMSIZ]; 877 878 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 879 if (!drv) { 880 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign " 881 "ifindex %d", ifi->ifi_index); 882 return; 883 } 884 885 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x " 886 "(%s%s%s%s)", 887 drv->operstate, ifi->ifi_flags, 888 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "", 889 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "", 890 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "", 891 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : ""); 892 893 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) { 894 if (if_indextoname(ifi->ifi_index, namebuf) && 895 linux_iface_up(drv->global->ioctl_sock, 896 drv->first_bss.ifname) > 0) { 897 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 898 "event since interface %s is up", namebuf); 899 return; 900 } 901 wpa_printf(MSG_DEBUG, "nl80211: Interface down"); 902 if (drv->ignore_if_down_event) { 903 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down " 904 "event generated by mode change"); 905 drv->ignore_if_down_event = 0; 906 } else { 907 drv->if_disabled = 1; 908 wpa_supplicant_event(drv->ctx, 909 EVENT_INTERFACE_DISABLED, NULL); 910 } 911 } 912 913 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) { 914 if (if_indextoname(ifi->ifi_index, namebuf) && 915 linux_iface_up(drv->global->ioctl_sock, 916 drv->first_bss.ifname) == 0) { 917 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up " 918 "event since interface %s is down", 919 namebuf); 920 } else { 921 wpa_printf(MSG_DEBUG, "nl80211: Interface up"); 922 drv->if_disabled = 0; 923 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, 924 NULL); 925 } 926 } 927 928 /* 929 * Some drivers send the association event before the operup event--in 930 * this case, lifting operstate in wpa_driver_nl80211_set_operstate() 931 * fails. This will hit us when wpa_supplicant does not need to do 932 * IEEE 802.1X authentication 933 */ 934 if (drv->operstate == 1 && 935 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP && 936 !(ifi->ifi_flags & IFF_RUNNING)) 937 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 938 -1, IF_OPER_UP); 939 940 attrlen = len; 941 attr = (struct rtattr *) buf; 942 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 943 while (RTA_OK(attr, attrlen)) { 944 if (attr->rta_type == IFLA_IFNAME) { 945 wpa_driver_nl80211_event_link( 946 drv, 947 ((char *) attr) + rta_len, 948 attr->rta_len - rta_len, 0); 949 } else if (attr->rta_type == IFLA_MASTER) 950 brid = nla_get_u32((struct nlattr *) attr); 951 attr = RTA_NEXT(attr, attrlen); 952 } 953 954 if (ifi->ifi_family == AF_BRIDGE && brid) { 955 /* device has been added to bridge */ 956 if_indextoname(brid, namebuf); 957 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s", 958 brid, namebuf); 959 add_ifidx(drv, brid); 960 } 961 } 962 963 964 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, 965 struct ifinfomsg *ifi, 966 u8 *buf, size_t len) 967 { 968 struct nl80211_global *global = ctx; 969 struct wpa_driver_nl80211_data *drv; 970 int attrlen, rta_len; 971 struct rtattr *attr; 972 u32 brid = 0; 973 974 drv = nl80211_find_drv(global, ifi->ifi_index, buf, len); 975 if (!drv) { 976 wpa_printf(MSG_DEBUG, "nl80211: Ignore dellink event for " 977 "foreign ifindex %d", ifi->ifi_index); 978 return; 979 } 980 981 attrlen = len; 982 attr = (struct rtattr *) buf; 983 984 rta_len = RTA_ALIGN(sizeof(struct rtattr)); 985 while (RTA_OK(attr, attrlen)) { 986 if (attr->rta_type == IFLA_IFNAME) { 987 wpa_driver_nl80211_event_link( 988 drv, 989 ((char *) attr) + rta_len, 990 attr->rta_len - rta_len, 1); 991 } else if (attr->rta_type == IFLA_MASTER) 992 brid = nla_get_u32((struct nlattr *) attr); 993 attr = RTA_NEXT(attr, attrlen); 994 } 995 996 if (ifi->ifi_family == AF_BRIDGE && brid) { 997 /* device has been removed from bridge */ 998 char namebuf[IFNAMSIZ]; 999 if_indextoname(brid, namebuf); 1000 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge " 1001 "%s", brid, namebuf); 1002 del_ifidx(drv, brid); 1003 } 1004 } 1005 1006 1007 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 1008 const u8 *frame, size_t len) 1009 { 1010 const struct ieee80211_mgmt *mgmt; 1011 union wpa_event_data event; 1012 1013 mgmt = (const struct ieee80211_mgmt *) frame; 1014 if (len < 24 + sizeof(mgmt->u.auth)) { 1015 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1016 "frame"); 1017 return; 1018 } 1019 1020 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 1021 os_memset(&event, 0, sizeof(event)); 1022 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 1023 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 1024 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 1025 if (len > 24 + sizeof(mgmt->u.auth)) { 1026 event.auth.ies = mgmt->u.auth.variable; 1027 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 1028 } 1029 1030 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 1031 } 1032 1033 1034 static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv) 1035 { 1036 struct nl_msg *msg; 1037 int ret; 1038 struct nl80211_bss_info_arg arg; 1039 1040 os_memset(&arg, 0, sizeof(arg)); 1041 msg = nlmsg_alloc(); 1042 if (!msg) 1043 goto nla_put_failure; 1044 1045 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 1046 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1047 1048 arg.drv = drv; 1049 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 1050 msg = NULL; 1051 if (ret == 0) { 1052 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the " 1053 "associated BSS from scan results: %u MHz", 1054 arg.assoc_freq); 1055 return arg.assoc_freq ? arg.assoc_freq : drv->assoc_freq; 1056 } 1057 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 1058 "(%s)", ret, strerror(-ret)); 1059 nla_put_failure: 1060 nlmsg_free(msg); 1061 return drv->assoc_freq; 1062 } 1063 1064 1065 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 1066 const u8 *frame, size_t len) 1067 { 1068 const struct ieee80211_mgmt *mgmt; 1069 union wpa_event_data event; 1070 u16 status; 1071 1072 mgmt = (const struct ieee80211_mgmt *) frame; 1073 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 1074 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 1075 "frame"); 1076 return; 1077 } 1078 1079 status = le_to_host16(mgmt->u.assoc_resp.status_code); 1080 if (status != WLAN_STATUS_SUCCESS) { 1081 os_memset(&event, 0, sizeof(event)); 1082 event.assoc_reject.bssid = mgmt->bssid; 1083 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1084 event.assoc_reject.resp_ies = 1085 (u8 *) mgmt->u.assoc_resp.variable; 1086 event.assoc_reject.resp_ies_len = 1087 len - 24 - sizeof(mgmt->u.assoc_resp); 1088 } 1089 event.assoc_reject.status_code = status; 1090 1091 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1092 return; 1093 } 1094 1095 drv->associated = 1; 1096 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 1097 1098 os_memset(&event, 0, sizeof(event)); 1099 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 1100 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 1101 event.assoc_info.resp_ies_len = 1102 len - 24 - sizeof(mgmt->u.assoc_resp); 1103 } 1104 1105 event.assoc_info.freq = drv->assoc_freq; 1106 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1107 } 1108 1109 1110 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 1111 enum nl80211_commands cmd, struct nlattr *status, 1112 struct nlattr *addr, struct nlattr *req_ie, 1113 struct nlattr *resp_ie) 1114 { 1115 union wpa_event_data event; 1116 1117 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1118 /* 1119 * Avoid reporting two association events that would confuse 1120 * the core code. 1121 */ 1122 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 1123 "when using userspace SME", cmd); 1124 return; 1125 } 1126 1127 os_memset(&event, 0, sizeof(event)); 1128 if (cmd == NL80211_CMD_CONNECT && 1129 nla_get_u16(status) != WLAN_STATUS_SUCCESS) { 1130 if (addr) 1131 event.assoc_reject.bssid = nla_data(addr); 1132 if (resp_ie) { 1133 event.assoc_reject.resp_ies = nla_data(resp_ie); 1134 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 1135 } 1136 event.assoc_reject.status_code = nla_get_u16(status); 1137 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 1138 return; 1139 } 1140 1141 drv->associated = 1; 1142 if (addr) 1143 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 1144 1145 if (req_ie) { 1146 event.assoc_info.req_ies = nla_data(req_ie); 1147 event.assoc_info.req_ies_len = nla_len(req_ie); 1148 } 1149 if (resp_ie) { 1150 event.assoc_info.resp_ies = nla_data(resp_ie); 1151 event.assoc_info.resp_ies_len = nla_len(resp_ie); 1152 } 1153 1154 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 1155 1156 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 1157 } 1158 1159 1160 static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv, 1161 struct nlattr *reason, struct nlattr *addr, 1162 struct nlattr *by_ap) 1163 { 1164 union wpa_event_data data; 1165 1166 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 1167 /* 1168 * Avoid reporting two disassociation events that could 1169 * confuse the core code. 1170 */ 1171 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 1172 "event when using userspace SME"); 1173 return; 1174 } 1175 1176 drv->associated = 0; 1177 os_memset(&data, 0, sizeof(data)); 1178 if (reason) 1179 data.disassoc_info.reason_code = nla_get_u16(reason); 1180 data.disassoc_info.locally_generated = by_ap == NULL; 1181 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data); 1182 } 1183 1184 1185 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 1186 enum nl80211_commands cmd, struct nlattr *addr) 1187 { 1188 union wpa_event_data event; 1189 enum wpa_event_type ev; 1190 1191 if (nla_len(addr) != ETH_ALEN) 1192 return; 1193 1194 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 1195 cmd, MAC2STR((u8 *) nla_data(addr))); 1196 1197 if (cmd == NL80211_CMD_AUTHENTICATE) 1198 ev = EVENT_AUTH_TIMED_OUT; 1199 else if (cmd == NL80211_CMD_ASSOCIATE) 1200 ev = EVENT_ASSOC_TIMED_OUT; 1201 else 1202 return; 1203 1204 os_memset(&event, 0, sizeof(event)); 1205 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 1206 wpa_supplicant_event(drv->ctx, ev, &event); 1207 } 1208 1209 1210 static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv, 1211 struct nlattr *freq, const u8 *frame, size_t len) 1212 { 1213 const struct ieee80211_mgmt *mgmt; 1214 union wpa_event_data event; 1215 u16 fc, stype; 1216 1217 mgmt = (const struct ieee80211_mgmt *) frame; 1218 if (len < 24) { 1219 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame"); 1220 return; 1221 } 1222 1223 fc = le_to_host16(mgmt->frame_control); 1224 stype = WLAN_FC_GET_STYPE(fc); 1225 1226 os_memset(&event, 0, sizeof(event)); 1227 if (freq) { 1228 event.rx_action.freq = nla_get_u32(freq); 1229 drv->last_mgmt_freq = event.rx_action.freq; 1230 } 1231 if (stype == WLAN_FC_STYPE_ACTION) { 1232 event.rx_action.da = mgmt->da; 1233 event.rx_action.sa = mgmt->sa; 1234 event.rx_action.bssid = mgmt->bssid; 1235 event.rx_action.category = mgmt->u.action.category; 1236 event.rx_action.data = &mgmt->u.action.category + 1; 1237 event.rx_action.len = frame + len - event.rx_action.data; 1238 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event); 1239 } else { 1240 event.rx_mgmt.frame = frame; 1241 event.rx_mgmt.frame_len = len; 1242 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 1243 } 1244 } 1245 1246 1247 static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv, 1248 struct nlattr *cookie, const u8 *frame, 1249 size_t len, struct nlattr *ack) 1250 { 1251 union wpa_event_data event; 1252 const struct ieee80211_hdr *hdr; 1253 u16 fc; 1254 1255 if (!is_ap_interface(drv->nlmode)) { 1256 u64 cookie_val; 1257 1258 if (!cookie) 1259 return; 1260 1261 cookie_val = nla_get_u64(cookie); 1262 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:" 1263 " cookie=0%llx%s (ack=%d)", 1264 (long long unsigned int) cookie_val, 1265 cookie_val == drv->send_action_cookie ? 1266 " (match)" : " (unknown)", ack != NULL); 1267 if (cookie_val != drv->send_action_cookie) 1268 return; 1269 } 1270 1271 hdr = (const struct ieee80211_hdr *) frame; 1272 fc = le_to_host16(hdr->frame_control); 1273 1274 os_memset(&event, 0, sizeof(event)); 1275 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 1276 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 1277 event.tx_status.dst = hdr->addr1; 1278 event.tx_status.data = frame; 1279 event.tx_status.data_len = len; 1280 event.tx_status.ack = ack != NULL; 1281 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 1282 } 1283 1284 1285 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 1286 enum wpa_event_type type, 1287 const u8 *frame, size_t len) 1288 { 1289 const struct ieee80211_mgmt *mgmt; 1290 union wpa_event_data event; 1291 const u8 *bssid = NULL; 1292 u16 reason_code = 0; 1293 1294 mgmt = (const struct ieee80211_mgmt *) frame; 1295 if (len >= 24) { 1296 bssid = mgmt->bssid; 1297 1298 if (drv->associated != 0 && 1299 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 1300 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 1301 /* 1302 * We have presumably received this deauth as a 1303 * response to a clear_state_mismatch() outgoing 1304 * deauth. Don't let it take us offline! 1305 */ 1306 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 1307 "from Unknown BSSID " MACSTR " -- ignoring", 1308 MAC2STR(bssid)); 1309 return; 1310 } 1311 } 1312 1313 drv->associated = 0; 1314 os_memset(&event, 0, sizeof(event)); 1315 1316 /* Note: Same offset for Reason Code in both frame subtypes */ 1317 if (len >= 24 + sizeof(mgmt->u.deauth)) 1318 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1319 1320 if (type == EVENT_DISASSOC) { 1321 event.disassoc_info.locally_generated = 1322 !os_memcmp(mgmt->sa, drv->first_bss.addr, ETH_ALEN); 1323 event.disassoc_info.addr = bssid; 1324 event.disassoc_info.reason_code = reason_code; 1325 if (frame + len > mgmt->u.disassoc.variable) { 1326 event.disassoc_info.ie = mgmt->u.disassoc.variable; 1327 event.disassoc_info.ie_len = frame + len - 1328 mgmt->u.disassoc.variable; 1329 } 1330 } else { 1331 event.deauth_info.locally_generated = 1332 !os_memcmp(mgmt->sa, drv->first_bss.addr, ETH_ALEN); 1333 event.deauth_info.addr = bssid; 1334 event.deauth_info.reason_code = reason_code; 1335 if (frame + len > mgmt->u.deauth.variable) { 1336 event.deauth_info.ie = mgmt->u.deauth.variable; 1337 event.deauth_info.ie_len = frame + len - 1338 mgmt->u.deauth.variable; 1339 } 1340 } 1341 1342 wpa_supplicant_event(drv->ctx, type, &event); 1343 } 1344 1345 1346 static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 1347 enum wpa_event_type type, 1348 const u8 *frame, size_t len) 1349 { 1350 const struct ieee80211_mgmt *mgmt; 1351 union wpa_event_data event; 1352 u16 reason_code = 0; 1353 1354 if (len < 24) 1355 return; 1356 1357 mgmt = (const struct ieee80211_mgmt *) frame; 1358 1359 os_memset(&event, 0, sizeof(event)); 1360 /* Note: Same offset for Reason Code in both frame subtypes */ 1361 if (len >= 24 + sizeof(mgmt->u.deauth)) 1362 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 1363 1364 if (type == EVENT_UNPROT_DISASSOC) { 1365 event.unprot_disassoc.sa = mgmt->sa; 1366 event.unprot_disassoc.da = mgmt->da; 1367 event.unprot_disassoc.reason_code = reason_code; 1368 } else { 1369 event.unprot_deauth.sa = mgmt->sa; 1370 event.unprot_deauth.da = mgmt->da; 1371 event.unprot_deauth.reason_code = reason_code; 1372 } 1373 1374 wpa_supplicant_event(drv->ctx, type, &event); 1375 } 1376 1377 1378 static void mlme_event(struct wpa_driver_nl80211_data *drv, 1379 enum nl80211_commands cmd, struct nlattr *frame, 1380 struct nlattr *addr, struct nlattr *timed_out, 1381 struct nlattr *freq, struct nlattr *ack, 1382 struct nlattr *cookie) 1383 { 1384 if (timed_out && addr) { 1385 mlme_timeout_event(drv, cmd, addr); 1386 return; 1387 } 1388 1389 if (frame == NULL) { 1390 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame " 1391 "data", cmd); 1392 return; 1393 } 1394 1395 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd); 1396 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 1397 nla_data(frame), nla_len(frame)); 1398 1399 switch (cmd) { 1400 case NL80211_CMD_AUTHENTICATE: 1401 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 1402 break; 1403 case NL80211_CMD_ASSOCIATE: 1404 mlme_event_assoc(drv, nla_data(frame), nla_len(frame)); 1405 break; 1406 case NL80211_CMD_DEAUTHENTICATE: 1407 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 1408 nla_data(frame), nla_len(frame)); 1409 break; 1410 case NL80211_CMD_DISASSOCIATE: 1411 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 1412 nla_data(frame), nla_len(frame)); 1413 break; 1414 case NL80211_CMD_FRAME: 1415 mlme_event_mgmt(drv, freq, nla_data(frame), nla_len(frame)); 1416 break; 1417 case NL80211_CMD_FRAME_TX_STATUS: 1418 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame), 1419 nla_len(frame), ack); 1420 break; 1421 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1422 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 1423 nla_data(frame), nla_len(frame)); 1424 break; 1425 case NL80211_CMD_UNPROT_DISASSOCIATE: 1426 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 1427 nla_data(frame), nla_len(frame)); 1428 break; 1429 default: 1430 break; 1431 } 1432 } 1433 1434 1435 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv, 1436 struct nlattr *tb[]) 1437 { 1438 union wpa_event_data data; 1439 1440 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 1441 os_memset(&data, 0, sizeof(data)); 1442 if (tb[NL80211_ATTR_MAC]) { 1443 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 1444 nla_data(tb[NL80211_ATTR_MAC]), 1445 nla_len(tb[NL80211_ATTR_MAC])); 1446 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 1447 } 1448 if (tb[NL80211_ATTR_KEY_SEQ]) { 1449 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 1450 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 1451 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 1452 } 1453 if (tb[NL80211_ATTR_KEY_TYPE]) { 1454 enum nl80211_key_type key_type = 1455 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 1456 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 1457 if (key_type == NL80211_KEYTYPE_PAIRWISE) 1458 data.michael_mic_failure.unicast = 1; 1459 } else 1460 data.michael_mic_failure.unicast = 1; 1461 1462 if (tb[NL80211_ATTR_KEY_IDX]) { 1463 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 1464 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 1465 } 1466 1467 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 1468 } 1469 1470 1471 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 1472 struct nlattr *tb[]) 1473 { 1474 if (tb[NL80211_ATTR_MAC] == NULL) { 1475 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 1476 "event"); 1477 return; 1478 } 1479 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1480 drv->associated = 1; 1481 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 1482 MAC2STR(drv->bssid)); 1483 1484 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 1485 } 1486 1487 1488 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 1489 int cancel_event, struct nlattr *tb[]) 1490 { 1491 unsigned int freq, chan_type, duration; 1492 union wpa_event_data data; 1493 u64 cookie; 1494 1495 if (tb[NL80211_ATTR_WIPHY_FREQ]) 1496 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 1497 else 1498 freq = 0; 1499 1500 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 1501 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 1502 else 1503 chan_type = 0; 1504 1505 if (tb[NL80211_ATTR_DURATION]) 1506 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 1507 else 1508 duration = 0; 1509 1510 if (tb[NL80211_ATTR_COOKIE]) 1511 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 1512 else 1513 cookie = 0; 1514 1515 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 1516 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 1517 cancel_event, freq, chan_type, duration, 1518 (long long unsigned int) cookie, 1519 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 1520 1521 if (cookie != drv->remain_on_chan_cookie) 1522 return; /* not for us */ 1523 1524 if (cancel_event) 1525 drv->pending_remain_on_chan = 0; 1526 1527 os_memset(&data, 0, sizeof(data)); 1528 data.remain_on_channel.freq = freq; 1529 data.remain_on_channel.duration = duration; 1530 wpa_supplicant_event(drv->ctx, cancel_event ? 1531 EVENT_CANCEL_REMAIN_ON_CHANNEL : 1532 EVENT_REMAIN_ON_CHANNEL, &data); 1533 } 1534 1535 1536 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 1537 struct nlattr *tb[]) 1538 { 1539 union wpa_event_data event; 1540 struct nlattr *nl; 1541 int rem; 1542 struct scan_info *info; 1543 #define MAX_REPORT_FREQS 50 1544 int freqs[MAX_REPORT_FREQS]; 1545 int num_freqs = 0; 1546 1547 if (drv->scan_for_auth) { 1548 drv->scan_for_auth = 0; 1549 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing " 1550 "cfg80211 BSS entry"); 1551 wpa_driver_nl80211_authenticate_retry(drv); 1552 return; 1553 } 1554 1555 os_memset(&event, 0, sizeof(event)); 1556 info = &event.scan_info; 1557 info->aborted = aborted; 1558 1559 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 1560 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 1561 struct wpa_driver_scan_ssid *s = 1562 &info->ssids[info->num_ssids]; 1563 s->ssid = nla_data(nl); 1564 s->ssid_len = nla_len(nl); 1565 info->num_ssids++; 1566 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 1567 break; 1568 } 1569 } 1570 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 1571 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 1572 { 1573 freqs[num_freqs] = nla_get_u32(nl); 1574 num_freqs++; 1575 if (num_freqs == MAX_REPORT_FREQS - 1) 1576 break; 1577 } 1578 info->freqs = freqs; 1579 info->num_freqs = num_freqs; 1580 } 1581 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 1582 } 1583 1584 1585 static int get_link_signal(struct nl_msg *msg, void *arg) 1586 { 1587 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1588 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1589 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1]; 1590 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = { 1591 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 }, 1592 }; 1593 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1]; 1594 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = { 1595 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 }, 1596 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 }, 1597 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG }, 1598 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG }, 1599 }; 1600 struct wpa_signal_info *sig_change = arg; 1601 1602 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1603 genlmsg_attrlen(gnlh, 0), NULL); 1604 if (!tb[NL80211_ATTR_STA_INFO] || 1605 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX, 1606 tb[NL80211_ATTR_STA_INFO], policy)) 1607 return NL_SKIP; 1608 if (!sinfo[NL80211_STA_INFO_SIGNAL]) 1609 return NL_SKIP; 1610 1611 sig_change->current_signal = 1612 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]); 1613 1614 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) { 1615 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX, 1616 sinfo[NL80211_STA_INFO_TX_BITRATE], 1617 rate_policy)) { 1618 sig_change->current_txrate = 0; 1619 } else { 1620 if (rinfo[NL80211_RATE_INFO_BITRATE]) { 1621 sig_change->current_txrate = 1622 nla_get_u16(rinfo[ 1623 NL80211_RATE_INFO_BITRATE]) * 100; 1624 } 1625 } 1626 } 1627 1628 return NL_SKIP; 1629 } 1630 1631 1632 static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, 1633 struct wpa_signal_info *sig) 1634 { 1635 struct nl_msg *msg; 1636 1637 sig->current_signal = -9999; 1638 sig->current_txrate = 0; 1639 1640 msg = nlmsg_alloc(); 1641 if (!msg) 1642 return -ENOMEM; 1643 1644 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_STATION); 1645 1646 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1647 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid); 1648 1649 return send_and_recv_msgs(drv, msg, get_link_signal, sig); 1650 nla_put_failure: 1651 nlmsg_free(msg); 1652 return -ENOBUFS; 1653 } 1654 1655 1656 static int get_link_noise(struct nl_msg *msg, void *arg) 1657 { 1658 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1659 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1660 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 1661 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 1662 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 1663 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 1664 }; 1665 struct wpa_signal_info *sig_change = arg; 1666 1667 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1668 genlmsg_attrlen(gnlh, 0), NULL); 1669 1670 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 1671 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!"); 1672 return NL_SKIP; 1673 } 1674 1675 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 1676 tb[NL80211_ATTR_SURVEY_INFO], 1677 survey_policy)) { 1678 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested " 1679 "attributes!"); 1680 return NL_SKIP; 1681 } 1682 1683 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 1684 return NL_SKIP; 1685 1686 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 1687 sig_change->frequency) 1688 return NL_SKIP; 1689 1690 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 1691 return NL_SKIP; 1692 1693 sig_change->current_noise = 1694 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 1695 1696 return NL_SKIP; 1697 } 1698 1699 1700 static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, 1701 struct wpa_signal_info *sig_change) 1702 { 1703 struct nl_msg *msg; 1704 1705 sig_change->current_noise = 9999; 1706 sig_change->frequency = drv->assoc_freq; 1707 1708 msg = nlmsg_alloc(); 1709 if (!msg) 1710 return -ENOMEM; 1711 1712 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 1713 1714 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1715 1716 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change); 1717 nla_put_failure: 1718 nlmsg_free(msg); 1719 return -ENOBUFS; 1720 } 1721 1722 1723 static int get_noise_for_scan_results(struct nl_msg *msg, void *arg) 1724 { 1725 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1726 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1727 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 1728 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 1729 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 1730 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 1731 }; 1732 struct wpa_scan_results *scan_results = arg; 1733 struct wpa_scan_res *scan_res; 1734 size_t i; 1735 1736 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1737 genlmsg_attrlen(gnlh, 0), NULL); 1738 1739 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 1740 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing"); 1741 return NL_SKIP; 1742 } 1743 1744 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 1745 tb[NL80211_ATTR_SURVEY_INFO], 1746 survey_policy)) { 1747 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested " 1748 "attributes"); 1749 return NL_SKIP; 1750 } 1751 1752 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 1753 return NL_SKIP; 1754 1755 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 1756 return NL_SKIP; 1757 1758 for (i = 0; i < scan_results->num; ++i) { 1759 scan_res = scan_results->res[i]; 1760 if (!scan_res) 1761 continue; 1762 if ((int) nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) != 1763 scan_res->freq) 1764 continue; 1765 if (!(scan_res->flags & WPA_SCAN_NOISE_INVALID)) 1766 continue; 1767 scan_res->noise = (s8) 1768 nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 1769 scan_res->flags &= ~WPA_SCAN_NOISE_INVALID; 1770 } 1771 1772 return NL_SKIP; 1773 } 1774 1775 1776 static int nl80211_get_noise_for_scan_results( 1777 struct wpa_driver_nl80211_data *drv, 1778 struct wpa_scan_results *scan_res) 1779 { 1780 struct nl_msg *msg; 1781 1782 msg = nlmsg_alloc(); 1783 if (!msg) 1784 return -ENOMEM; 1785 1786 nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 1787 1788 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 1789 1790 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, 1791 scan_res); 1792 nla_put_failure: 1793 nlmsg_free(msg); 1794 return -ENOBUFS; 1795 } 1796 1797 1798 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 1799 struct nlattr *tb[]) 1800 { 1801 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 1802 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 1803 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 1804 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 1805 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 1806 }; 1807 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 1808 enum nl80211_cqm_rssi_threshold_event event; 1809 union wpa_event_data ed; 1810 struct wpa_signal_info sig; 1811 int res; 1812 1813 if (tb[NL80211_ATTR_CQM] == NULL || 1814 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 1815 cqm_policy)) { 1816 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 1817 return; 1818 } 1819 1820 os_memset(&ed, 0, sizeof(ed)); 1821 1822 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 1823 if (!tb[NL80211_ATTR_MAC]) 1824 return; 1825 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 1826 ETH_ALEN); 1827 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 1828 return; 1829 } 1830 1831 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 1832 return; 1833 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 1834 1835 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 1836 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1837 "event: RSSI high"); 1838 ed.signal_change.above_threshold = 1; 1839 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 1840 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1841 "event: RSSI low"); 1842 ed.signal_change.above_threshold = 0; 1843 } else 1844 return; 1845 1846 res = nl80211_get_link_signal(drv, &sig); 1847 if (res == 0) { 1848 ed.signal_change.current_signal = sig.current_signal; 1849 ed.signal_change.current_txrate = sig.current_txrate; 1850 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 1851 sig.current_signal, sig.current_txrate); 1852 } 1853 1854 res = nl80211_get_link_noise(drv, &sig); 1855 if (res == 0) { 1856 ed.signal_change.current_noise = sig.current_noise; 1857 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 1858 sig.current_noise); 1859 } 1860 1861 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 1862 } 1863 1864 1865 static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 1866 struct nlattr **tb) 1867 { 1868 u8 *addr; 1869 union wpa_event_data data; 1870 1871 if (tb[NL80211_ATTR_MAC] == NULL) 1872 return; 1873 addr = nla_data(tb[NL80211_ATTR_MAC]); 1874 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 1875 1876 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 1877 u8 *ies = NULL; 1878 size_t ies_len = 0; 1879 if (tb[NL80211_ATTR_IE]) { 1880 ies = nla_data(tb[NL80211_ATTR_IE]); 1881 ies_len = nla_len(tb[NL80211_ATTR_IE]); 1882 } 1883 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 1884 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0); 1885 return; 1886 } 1887 1888 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1889 return; 1890 1891 os_memset(&data, 0, sizeof(data)); 1892 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 1893 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data); 1894 } 1895 1896 1897 static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 1898 struct nlattr **tb) 1899 { 1900 u8 *addr; 1901 union wpa_event_data data; 1902 1903 if (tb[NL80211_ATTR_MAC] == NULL) 1904 return; 1905 addr = nla_data(tb[NL80211_ATTR_MAC]); 1906 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 1907 MAC2STR(addr)); 1908 1909 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 1910 drv_event_disassoc(drv->ctx, addr); 1911 return; 1912 } 1913 1914 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1915 return; 1916 1917 os_memset(&data, 0, sizeof(data)); 1918 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 1919 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 1920 } 1921 1922 1923 static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv, 1924 struct nlattr **tb) 1925 { 1926 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA]; 1927 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = { 1928 [NL80211_REKEY_DATA_KEK] = { 1929 .minlen = NL80211_KEK_LEN, 1930 .maxlen = NL80211_KEK_LEN, 1931 }, 1932 [NL80211_REKEY_DATA_KCK] = { 1933 .minlen = NL80211_KCK_LEN, 1934 .maxlen = NL80211_KCK_LEN, 1935 }, 1936 [NL80211_REKEY_DATA_REPLAY_CTR] = { 1937 .minlen = NL80211_REPLAY_CTR_LEN, 1938 .maxlen = NL80211_REPLAY_CTR_LEN, 1939 }, 1940 }; 1941 union wpa_event_data data; 1942 1943 if (!tb[NL80211_ATTR_MAC]) 1944 return; 1945 if (!tb[NL80211_ATTR_REKEY_DATA]) 1946 return; 1947 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA, 1948 tb[NL80211_ATTR_REKEY_DATA], rekey_policy)) 1949 return; 1950 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]) 1951 return; 1952 1953 os_memset(&data, 0, sizeof(data)); 1954 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]); 1955 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR, 1956 MAC2STR(data.driver_gtk_rekey.bssid)); 1957 data.driver_gtk_rekey.replay_ctr = 1958 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]); 1959 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter", 1960 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN); 1961 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data); 1962 } 1963 1964 1965 static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv, 1966 struct nlattr **tb) 1967 { 1968 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE]; 1969 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = { 1970 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 }, 1971 [NL80211_PMKSA_CANDIDATE_BSSID] = { 1972 .minlen = ETH_ALEN, 1973 .maxlen = ETH_ALEN, 1974 }, 1975 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG }, 1976 }; 1977 union wpa_event_data data; 1978 1979 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE]) 1980 return; 1981 if (nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE, 1982 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy)) 1983 return; 1984 if (!cand[NL80211_PMKSA_CANDIDATE_INDEX] || 1985 !cand[NL80211_PMKSA_CANDIDATE_BSSID]) 1986 return; 1987 1988 os_memset(&data, 0, sizeof(data)); 1989 os_memcpy(data.pmkid_candidate.bssid, 1990 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN); 1991 data.pmkid_candidate.index = 1992 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]); 1993 data.pmkid_candidate.preauth = 1994 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL; 1995 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 1996 } 1997 1998 1999 static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv, 2000 struct nlattr **tb) 2001 { 2002 union wpa_event_data data; 2003 2004 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK]) 2005 return; 2006 2007 os_memset(&data, 0, sizeof(data)); 2008 os_memcpy(data.client_poll.addr, 2009 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 2010 2011 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data); 2012 } 2013 2014 2015 static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb, 2016 int wds) 2017 { 2018 struct wpa_driver_nl80211_data *drv = bss->drv; 2019 union wpa_event_data event; 2020 2021 if (!tb[NL80211_ATTR_MAC]) 2022 return; 2023 2024 os_memset(&event, 0, sizeof(event)); 2025 event.rx_from_unknown.bssid = bss->addr; 2026 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]); 2027 event.rx_from_unknown.wds = wds; 2028 2029 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 2030 } 2031 2032 2033 static void do_process_drv_event(struct wpa_driver_nl80211_data *drv, 2034 int cmd, struct nlattr **tb) 2035 { 2036 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED && 2037 (cmd == NL80211_CMD_NEW_SCAN_RESULTS || 2038 cmd == NL80211_CMD_SCAN_ABORTED)) { 2039 wpa_driver_nl80211_set_mode(&drv->first_bss, 2040 drv->ap_scan_as_station); 2041 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 2042 } 2043 2044 switch (cmd) { 2045 case NL80211_CMD_TRIGGER_SCAN: 2046 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger"); 2047 break; 2048 case NL80211_CMD_START_SCHED_SCAN: 2049 wpa_printf(MSG_DEBUG, "nl80211: Sched scan started"); 2050 break; 2051 case NL80211_CMD_SCHED_SCAN_STOPPED: 2052 wpa_printf(MSG_DEBUG, "nl80211: Sched scan stopped"); 2053 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL); 2054 break; 2055 case NL80211_CMD_NEW_SCAN_RESULTS: 2056 wpa_printf(MSG_DEBUG, "nl80211: New scan results available"); 2057 drv->scan_complete_events = 1; 2058 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2059 drv->ctx); 2060 send_scan_event(drv, 0, tb); 2061 break; 2062 case NL80211_CMD_SCHED_SCAN_RESULTS: 2063 wpa_printf(MSG_DEBUG, 2064 "nl80211: New sched scan results available"); 2065 send_scan_event(drv, 0, tb); 2066 break; 2067 case NL80211_CMD_SCAN_ABORTED: 2068 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted"); 2069 /* 2070 * Need to indicate that scan results are available in order 2071 * not to make wpa_supplicant stop its scanning. 2072 */ 2073 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 2074 drv->ctx); 2075 send_scan_event(drv, 1, tb); 2076 break; 2077 case NL80211_CMD_AUTHENTICATE: 2078 case NL80211_CMD_ASSOCIATE: 2079 case NL80211_CMD_DEAUTHENTICATE: 2080 case NL80211_CMD_DISASSOCIATE: 2081 case NL80211_CMD_FRAME_TX_STATUS: 2082 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 2083 case NL80211_CMD_UNPROT_DISASSOCIATE: 2084 mlme_event(drv, cmd, tb[NL80211_ATTR_FRAME], 2085 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 2086 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 2087 tb[NL80211_ATTR_COOKIE]); 2088 break; 2089 case NL80211_CMD_CONNECT: 2090 case NL80211_CMD_ROAM: 2091 mlme_event_connect(drv, cmd, 2092 tb[NL80211_ATTR_STATUS_CODE], 2093 tb[NL80211_ATTR_MAC], 2094 tb[NL80211_ATTR_REQ_IE], 2095 tb[NL80211_ATTR_RESP_IE]); 2096 break; 2097 case NL80211_CMD_DISCONNECT: 2098 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE], 2099 tb[NL80211_ATTR_MAC], 2100 tb[NL80211_ATTR_DISCONNECTED_BY_AP]); 2101 break; 2102 case NL80211_CMD_MICHAEL_MIC_FAILURE: 2103 mlme_event_michael_mic_failure(drv, tb); 2104 break; 2105 case NL80211_CMD_JOIN_IBSS: 2106 mlme_event_join_ibss(drv, tb); 2107 break; 2108 case NL80211_CMD_REMAIN_ON_CHANNEL: 2109 mlme_event_remain_on_channel(drv, 0, tb); 2110 break; 2111 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 2112 mlme_event_remain_on_channel(drv, 1, tb); 2113 break; 2114 case NL80211_CMD_NOTIFY_CQM: 2115 nl80211_cqm_event(drv, tb); 2116 break; 2117 case NL80211_CMD_REG_CHANGE: 2118 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 2119 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 2120 NULL); 2121 break; 2122 case NL80211_CMD_REG_BEACON_HINT: 2123 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 2124 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 2125 NULL); 2126 break; 2127 case NL80211_CMD_NEW_STATION: 2128 nl80211_new_station_event(drv, tb); 2129 break; 2130 case NL80211_CMD_DEL_STATION: 2131 nl80211_del_station_event(drv, tb); 2132 break; 2133 case NL80211_CMD_SET_REKEY_OFFLOAD: 2134 nl80211_rekey_offload_event(drv, tb); 2135 break; 2136 case NL80211_CMD_PMKSA_CANDIDATE: 2137 nl80211_pmksa_candidate_event(drv, tb); 2138 break; 2139 case NL80211_CMD_PROBE_CLIENT: 2140 nl80211_client_probe_event(drv, tb); 2141 break; 2142 default: 2143 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 2144 "(cmd=%d)", cmd); 2145 break; 2146 } 2147 } 2148 2149 2150 static int process_drv_event(struct nl_msg *msg, void *arg) 2151 { 2152 struct wpa_driver_nl80211_data *drv = arg; 2153 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2154 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2155 2156 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2157 genlmsg_attrlen(gnlh, 0), NULL); 2158 2159 if (tb[NL80211_ATTR_IFINDEX]) { 2160 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 2161 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) { 2162 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)" 2163 " for foreign interface (ifindex %d)", 2164 gnlh->cmd, ifindex); 2165 return NL_SKIP; 2166 } 2167 } 2168 2169 do_process_drv_event(drv, gnlh->cmd, tb); 2170 return NL_SKIP; 2171 } 2172 2173 2174 static int process_global_event(struct nl_msg *msg, void *arg) 2175 { 2176 struct nl80211_global *global = arg; 2177 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2178 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2179 struct wpa_driver_nl80211_data *drv; 2180 int ifidx = -1; 2181 2182 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2183 genlmsg_attrlen(gnlh, 0), NULL); 2184 2185 if (tb[NL80211_ATTR_IFINDEX]) 2186 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 2187 2188 dl_list_for_each(drv, &global->interfaces, 2189 struct wpa_driver_nl80211_data, list) { 2190 if (ifidx == -1 || ifidx == drv->ifindex || 2191 have_ifidx(drv, ifidx)) { 2192 do_process_drv_event(drv, gnlh->cmd, tb); 2193 #ifdef ANDROID_P2P 2194 break; 2195 #endif 2196 } 2197 } 2198 2199 return NL_SKIP; 2200 } 2201 2202 2203 static int process_bss_event(struct nl_msg *msg, void *arg) 2204 { 2205 struct i802_bss *bss = arg; 2206 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2207 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2208 2209 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2210 genlmsg_attrlen(gnlh, 0), NULL); 2211 2212 switch (gnlh->cmd) { 2213 case NL80211_CMD_FRAME: 2214 case NL80211_CMD_FRAME_TX_STATUS: 2215 mlme_event(bss->drv, gnlh->cmd, tb[NL80211_ATTR_FRAME], 2216 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 2217 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 2218 tb[NL80211_ATTR_COOKIE]); 2219 break; 2220 case NL80211_CMD_UNEXPECTED_FRAME: 2221 nl80211_spurious_frame(bss, tb, 0); 2222 break; 2223 case NL80211_CMD_UNEXPECTED_4ADDR_FRAME: 2224 nl80211_spurious_frame(bss, tb, 1); 2225 break; 2226 default: 2227 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 2228 "(cmd=%d)", gnlh->cmd); 2229 break; 2230 } 2231 2232 return NL_SKIP; 2233 } 2234 2235 2236 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, 2237 void *handle) 2238 { 2239 struct nl_cb *cb = eloop_ctx; 2240 2241 wpa_printf(MSG_DEBUG, "nl80211: Event message available"); 2242 2243 nl_recvmsgs(handle, cb); 2244 } 2245 2246 2247 /** 2248 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain 2249 * @priv: driver_nl80211 private data 2250 * @alpha2_arg: country to which to switch to 2251 * Returns: 0 on success, -1 on failure 2252 * 2253 * This asks nl80211 to set the regulatory domain for given 2254 * country ISO / IEC alpha2. 2255 */ 2256 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg) 2257 { 2258 struct i802_bss *bss = priv; 2259 struct wpa_driver_nl80211_data *drv = bss->drv; 2260 char alpha2[3]; 2261 struct nl_msg *msg; 2262 2263 msg = nlmsg_alloc(); 2264 if (!msg) 2265 return -ENOMEM; 2266 2267 alpha2[0] = alpha2_arg[0]; 2268 alpha2[1] = alpha2_arg[1]; 2269 alpha2[2] = '\0'; 2270 2271 nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG); 2272 2273 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2); 2274 if (send_and_recv_msgs(drv, msg, NULL, NULL)) 2275 return -EINVAL; 2276 return 0; 2277 nla_put_failure: 2278 nlmsg_free(msg); 2279 return -EINVAL; 2280 } 2281 2282 2283 struct wiphy_info_data { 2284 struct wpa_driver_capa *capa; 2285 2286 unsigned int error:1; 2287 unsigned int device_ap_sme:1; 2288 unsigned int poll_command_supported:1; 2289 unsigned int data_tx_status:1; 2290 unsigned int monitor_supported:1; 2291 }; 2292 2293 2294 static unsigned int probe_resp_offload_support(int supp_protocols) 2295 { 2296 unsigned int prot = 0; 2297 2298 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS) 2299 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS; 2300 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2) 2301 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2; 2302 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P) 2303 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P; 2304 if (supp_protocols & NL80211_PROBE_RESP_OFFLOAD_SUPPORT_80211U) 2305 prot |= WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING; 2306 2307 return prot; 2308 } 2309 2310 2311 static int wiphy_info_handler(struct nl_msg *msg, void *arg) 2312 { 2313 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2314 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2315 struct wiphy_info_data *info = arg; 2316 int p2p_go_supported = 0, p2p_client_supported = 0; 2317 int p2p_concurrent = 0; 2318 int auth_supported = 0, connect_supported = 0; 2319 struct wpa_driver_capa *capa = info->capa; 2320 static struct nla_policy 2321 iface_combination_policy[NUM_NL80211_IFACE_COMB] = { 2322 [NL80211_IFACE_COMB_LIMITS] = { .type = NLA_NESTED }, 2323 [NL80211_IFACE_COMB_MAXNUM] = { .type = NLA_U32 }, 2324 [NL80211_IFACE_COMB_STA_AP_BI_MATCH] = { .type = NLA_FLAG }, 2325 [NL80211_IFACE_COMB_NUM_CHANNELS] = { .type = NLA_U32 }, 2326 }, 2327 iface_limit_policy[NUM_NL80211_IFACE_LIMIT] = { 2328 [NL80211_IFACE_LIMIT_TYPES] = { .type = NLA_NESTED }, 2329 [NL80211_IFACE_LIMIT_MAX] = { .type = NLA_U32 }, 2330 }; 2331 2332 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2333 genlmsg_attrlen(gnlh, 0), NULL); 2334 2335 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]) 2336 capa->max_scan_ssids = 2337 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]); 2338 2339 if (tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]) 2340 capa->max_sched_scan_ssids = 2341 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS]); 2342 2343 if (tb[NL80211_ATTR_MAX_MATCH_SETS]) 2344 capa->max_match_sets = 2345 nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]); 2346 2347 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) { 2348 struct nlattr *nl_mode; 2349 int i; 2350 nla_for_each_nested(nl_mode, 2351 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) { 2352 switch (nla_type(nl_mode)) { 2353 case NL80211_IFTYPE_AP: 2354 capa->flags |= WPA_DRIVER_FLAGS_AP; 2355 break; 2356 case NL80211_IFTYPE_P2P_GO: 2357 p2p_go_supported = 1; 2358 break; 2359 case NL80211_IFTYPE_P2P_CLIENT: 2360 p2p_client_supported = 1; 2361 break; 2362 case NL80211_IFTYPE_MONITOR: 2363 info->monitor_supported = 1; 2364 break; 2365 } 2366 } 2367 } 2368 2369 if (tb[NL80211_ATTR_INTERFACE_COMBINATIONS]) { 2370 struct nlattr *nl_combi; 2371 int rem_combi; 2372 2373 nla_for_each_nested(nl_combi, 2374 tb[NL80211_ATTR_INTERFACE_COMBINATIONS], 2375 rem_combi) { 2376 struct nlattr *tb_comb[NUM_NL80211_IFACE_COMB]; 2377 struct nlattr *tb_limit[NUM_NL80211_IFACE_LIMIT]; 2378 struct nlattr *nl_limit, *nl_mode; 2379 int err, rem_limit, rem_mode; 2380 int combination_has_p2p = 0, combination_has_mgd = 0; 2381 2382 err = nla_parse_nested(tb_comb, MAX_NL80211_IFACE_COMB, 2383 nl_combi, 2384 iface_combination_policy); 2385 if (err || !tb_comb[NL80211_IFACE_COMB_LIMITS] || 2386 !tb_comb[NL80211_IFACE_COMB_MAXNUM] || 2387 !tb_comb[NL80211_IFACE_COMB_NUM_CHANNELS]) 2388 goto broken_combination; 2389 2390 nla_for_each_nested(nl_limit, 2391 tb_comb[NL80211_IFACE_COMB_LIMITS], 2392 rem_limit) { 2393 err = nla_parse_nested(tb_limit, 2394 MAX_NL80211_IFACE_LIMIT, 2395 nl_limit, 2396 iface_limit_policy); 2397 if (err || 2398 !tb_limit[NL80211_IFACE_LIMIT_TYPES]) 2399 goto broken_combination; 2400 2401 nla_for_each_nested( 2402 nl_mode, 2403 tb_limit[NL80211_IFACE_LIMIT_TYPES], 2404 rem_mode) { 2405 int ift = nla_type(nl_mode); 2406 if (ift == NL80211_IFTYPE_P2P_GO || 2407 ift == NL80211_IFTYPE_P2P_CLIENT) 2408 combination_has_p2p = 1; 2409 if (ift == NL80211_IFTYPE_STATION) 2410 combination_has_mgd = 1; 2411 } 2412 if (combination_has_p2p && combination_has_mgd) 2413 break; 2414 } 2415 2416 if (combination_has_p2p && combination_has_mgd) { 2417 p2p_concurrent = 1; 2418 break; 2419 } 2420 2421 broken_combination: 2422 ; 2423 } 2424 } 2425 2426 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) { 2427 struct nlattr *nl_cmd; 2428 int i; 2429 2430 nla_for_each_nested(nl_cmd, 2431 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) { 2432 switch (nla_get_u32(nl_cmd)) { 2433 case NL80211_CMD_AUTHENTICATE: 2434 auth_supported = 1; 2435 break; 2436 case NL80211_CMD_CONNECT: 2437 connect_supported = 1; 2438 break; 2439 case NL80211_CMD_START_SCHED_SCAN: 2440 capa->sched_scan_supported = 1; 2441 break; 2442 case NL80211_CMD_PROBE_CLIENT: 2443 info->poll_command_supported = 1; 2444 break; 2445 } 2446 } 2447 } 2448 2449 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK]) { 2450 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based " 2451 "off-channel TX"); 2452 capa->flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX; 2453 } 2454 2455 if (tb[NL80211_ATTR_ROAM_SUPPORT]) { 2456 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based roaming"); 2457 capa->flags |= WPA_DRIVER_FLAGS_BSS_SELECTION; 2458 } 2459 2460 /* default to 5000 since early versions of mac80211 don't set it */ 2461 capa->max_remain_on_chan = 5000; 2462 2463 if (tb[NL80211_ATTR_SUPPORT_AP_UAPSD]) 2464 capa->flags |= WPA_DRIVER_FLAGS_AP_UAPSD; 2465 2466 if (tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]) 2467 capa->max_remain_on_chan = 2468 nla_get_u32(tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]); 2469 2470 if (auth_supported) 2471 capa->flags |= WPA_DRIVER_FLAGS_SME; 2472 else if (!connect_supported) { 2473 wpa_printf(MSG_INFO, "nl80211: Driver does not support " 2474 "authentication/association or connect commands"); 2475 info->error = 1; 2476 } 2477 2478 if (p2p_go_supported && p2p_client_supported) 2479 capa->flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE; 2480 if (p2p_concurrent) { 2481 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group " 2482 "interface (driver advertised support)"); 2483 capa->flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT; 2484 capa->flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P; 2485 } 2486 2487 if (tb[NL80211_ATTR_TDLS_SUPPORT]) { 2488 wpa_printf(MSG_DEBUG, "nl80211: TDLS supported"); 2489 capa->flags |= WPA_DRIVER_FLAGS_TDLS_SUPPORT; 2490 2491 if (tb[NL80211_ATTR_TDLS_EXTERNAL_SETUP]) { 2492 wpa_printf(MSG_DEBUG, "nl80211: TDLS external setup"); 2493 capa->flags |= 2494 WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP; 2495 } 2496 } 2497 #ifndef ANDROID_P2P 2498 if (tb[NL80211_ATTR_DEVICE_AP_SME]) 2499 #endif 2500 info->device_ap_sme = 1; 2501 2502 if (tb[NL80211_ATTR_FEATURE_FLAGS]) { 2503 u32 flags = nla_get_u32(tb[NL80211_ATTR_FEATURE_FLAGS]); 2504 2505 if (flags & NL80211_FEATURE_SK_TX_STATUS) 2506 info->data_tx_status = 1; 2507 } 2508 2509 if (tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]) { 2510 int protocols = 2511 nla_get_u32(tb[NL80211_ATTR_PROBE_RESP_OFFLOAD]); 2512 wpa_printf(MSG_DEBUG, "nl80211: Supports Probe Response " 2513 "offload in AP mode"); 2514 capa->flags |= WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD; 2515 capa->probe_resp_offloads = 2516 probe_resp_offload_support(protocols); 2517 } 2518 2519 return NL_SKIP; 2520 } 2521 2522 2523 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv, 2524 struct wiphy_info_data *info) 2525 { 2526 struct nl_msg *msg; 2527 2528 os_memset(info, 0, sizeof(*info)); 2529 info->capa = &drv->capa; 2530 2531 msg = nlmsg_alloc(); 2532 if (!msg) 2533 return -1; 2534 2535 nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_WIPHY); 2536 2537 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex); 2538 2539 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0) 2540 return 0; 2541 msg = NULL; 2542 nla_put_failure: 2543 nlmsg_free(msg); 2544 return -1; 2545 } 2546 2547 2548 static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) 2549 { 2550 struct wiphy_info_data info; 2551 if (wpa_driver_nl80211_get_info(drv, &info)) 2552 return -1; 2553 2554 if (info.error) 2555 return -1; 2556 2557 drv->has_capability = 1; 2558 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */ 2559 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA | 2560 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK | 2561 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | 2562 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; 2563 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 | 2564 WPA_DRIVER_CAPA_ENC_WEP104 | 2565 WPA_DRIVER_CAPA_ENC_TKIP | 2566 WPA_DRIVER_CAPA_ENC_CCMP; 2567 drv->capa.auth = WPA_DRIVER_AUTH_OPEN | 2568 WPA_DRIVER_AUTH_SHARED | 2569 WPA_DRIVER_AUTH_LEAP; 2570 2571 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES; 2572 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE; 2573 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 2574 drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS; 2575 2576 drv->device_ap_sme = info.device_ap_sme; 2577 drv->poll_command_supported = info.poll_command_supported; 2578 drv->data_tx_status = info.data_tx_status; 2579 2580 /* 2581 * If poll command is supported mac80211 is new enough to 2582 * have everything we need to not need monitor interfaces. 2583 */ 2584 drv->use_monitor = !info.poll_command_supported; 2585 2586 if (drv->device_ap_sme && drv->use_monitor) { 2587 /* 2588 * Non-mac80211 drivers may not support monitor interface. 2589 * Make sure we do not get stuck with incorrect capability here 2590 * by explicitly testing this. 2591 */ 2592 if (!info.monitor_supported) { 2593 wpa_printf(MSG_DEBUG, "nl80211: Disable use_monitor " 2594 "with device_ap_sme since no monitor mode " 2595 "support detected"); 2596 drv->use_monitor = 0; 2597 } 2598 } 2599 2600 /* 2601 * If we aren't going to use monitor interfaces, but the 2602 * driver doesn't support data TX status, we won't get TX 2603 * status for EAPOL frames. 2604 */ 2605 if (!drv->use_monitor && !info.data_tx_status) 2606 drv->capa.flags &= ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 2607 2608 return 0; 2609 } 2610 2611 2612 #ifdef ANDROID 2613 static int android_genl_ctrl_resolve(struct nl_handle *handle, 2614 const char *name) 2615 { 2616 /* 2617 * Android ICS has very minimal genl_ctrl_resolve() implementation, so 2618 * need to work around that. 2619 */ 2620 struct nl_cache *cache = NULL; 2621 struct genl_family *nl80211 = NULL; 2622 int id = -1; 2623 2624 if (genl_ctrl_alloc_cache(handle, &cache) < 0) { 2625 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic " 2626 "netlink cache"); 2627 goto fail; 2628 } 2629 2630 nl80211 = genl_ctrl_search_by_name(cache, name); 2631 if (nl80211 == NULL) 2632 goto fail; 2633 2634 id = genl_family_get_id(nl80211); 2635 2636 fail: 2637 if (nl80211) 2638 genl_family_put(nl80211); 2639 if (cache) 2640 nl_cache_free(cache); 2641 2642 return id; 2643 } 2644 #define genl_ctrl_resolve android_genl_ctrl_resolve 2645 #endif /* ANDROID */ 2646 2647 2648 static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global) 2649 { 2650 int ret; 2651 2652 global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 2653 if (global->nl_cb == NULL) { 2654 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink " 2655 "callbacks"); 2656 return -1; 2657 } 2658 2659 global->nl = nl_create_handle(global->nl_cb, "nl"); 2660 if (global->nl == NULL) 2661 goto err; 2662 2663 global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211"); 2664 if (global->nl80211_id < 0) { 2665 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not " 2666 "found"); 2667 goto err; 2668 } 2669 2670 global->nl_event = nl_create_handle(global->nl_cb, "event"); 2671 if (global->nl_event == NULL) 2672 goto err; 2673 2674 ret = nl_get_multicast_id(global, "nl80211", "scan"); 2675 if (ret >= 0) 2676 ret = nl_socket_add_membership(global->nl_event, ret); 2677 if (ret < 0) { 2678 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 2679 "membership for scan events: %d (%s)", 2680 ret, strerror(-ret)); 2681 goto err; 2682 } 2683 2684 ret = nl_get_multicast_id(global, "nl80211", "mlme"); 2685 if (ret >= 0) 2686 ret = nl_socket_add_membership(global->nl_event, ret); 2687 if (ret < 0) { 2688 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast " 2689 "membership for mlme events: %d (%s)", 2690 ret, strerror(-ret)); 2691 goto err; 2692 } 2693 2694 ret = nl_get_multicast_id(global, "nl80211", "regulatory"); 2695 if (ret >= 0) 2696 ret = nl_socket_add_membership(global->nl_event, ret); 2697 if (ret < 0) { 2698 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast " 2699 "membership for regulatory events: %d (%s)", 2700 ret, strerror(-ret)); 2701 /* Continue without regulatory events */ 2702 } 2703 2704 nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 2705 no_seq_check, NULL); 2706 nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 2707 process_global_event, global); 2708 2709 eloop_register_read_sock(nl_socket_get_fd(global->nl_event), 2710 wpa_driver_nl80211_event_receive, 2711 global->nl_cb, global->nl_event); 2712 2713 return 0; 2714 2715 err: 2716 nl_destroy_handles(&global->nl_event); 2717 nl_destroy_handles(&global->nl); 2718 nl_cb_put(global->nl_cb); 2719 global->nl_cb = NULL; 2720 return -1; 2721 } 2722 2723 2724 static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv) 2725 { 2726 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 2727 if (!drv->nl_cb) { 2728 wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct"); 2729 return -1; 2730 } 2731 2732 nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 2733 no_seq_check, NULL); 2734 nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 2735 process_drv_event, drv); 2736 2737 return 0; 2738 } 2739 2740 2741 static void wpa_driver_nl80211_rfkill_blocked(void *ctx) 2742 { 2743 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked"); 2744 /* 2745 * This may be for any interface; use ifdown event to disable 2746 * interface. 2747 */ 2748 } 2749 2750 2751 static void wpa_driver_nl80211_rfkill_unblocked(void *ctx) 2752 { 2753 struct wpa_driver_nl80211_data *drv = ctx; 2754 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked"); 2755 if (linux_set_iface_flags(drv->global->ioctl_sock, 2756 drv->first_bss.ifname, 1)) { 2757 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP " 2758 "after rfkill unblock"); 2759 return; 2760 } 2761 /* rtnetlink ifup handler will report interface as enabled */ 2762 } 2763 2764 2765 static void nl80211_get_phy_name(struct wpa_driver_nl80211_data *drv) 2766 { 2767 /* Find phy (radio) to which this interface belongs */ 2768 char buf[90], *pos; 2769 int f, rv; 2770 2771 drv->phyname[0] = '\0'; 2772 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name", 2773 drv->first_bss.ifname); 2774 f = open(buf, O_RDONLY); 2775 if (f < 0) { 2776 wpa_printf(MSG_DEBUG, "Could not open file %s: %s", 2777 buf, strerror(errno)); 2778 return; 2779 } 2780 2781 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1); 2782 close(f); 2783 if (rv < 0) { 2784 wpa_printf(MSG_DEBUG, "Could not read file %s: %s", 2785 buf, strerror(errno)); 2786 return; 2787 } 2788 2789 drv->phyname[rv] = '\0'; 2790 pos = os_strchr(drv->phyname, '\n'); 2791 if (pos) 2792 *pos = '\0'; 2793 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s", 2794 drv->first_bss.ifname, drv->phyname); 2795 } 2796 2797 2798 static void wpa_driver_nl80211_handle_eapol_tx_status(int sock, 2799 void *eloop_ctx, 2800 void *handle) 2801 { 2802 struct wpa_driver_nl80211_data *drv = eloop_ctx; 2803 u8 data[2048]; 2804 struct msghdr msg; 2805 struct iovec entry; 2806 struct { 2807 struct cmsghdr cm; 2808 char control[512]; 2809 } control; 2810 struct cmsghdr *cmsg; 2811 int res, found_ee = 0, found_wifi = 0, acked = 0; 2812 union wpa_event_data event; 2813 2814 memset(&msg, 0, sizeof(msg)); 2815 msg.msg_iov = &entry; 2816 msg.msg_iovlen = 1; 2817 entry.iov_base = data; 2818 entry.iov_len = sizeof(data); 2819 msg.msg_control = &control; 2820 msg.msg_controllen = sizeof(control); 2821 2822 res = recvmsg(sock, &msg, MSG_ERRQUEUE); 2823 /* if error or not fitting 802.3 header, return */ 2824 if (res < 14) 2825 return; 2826 2827 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) 2828 { 2829 if (cmsg->cmsg_level == SOL_SOCKET && 2830 cmsg->cmsg_type == SCM_WIFI_STATUS) { 2831 int *ack; 2832 2833 found_wifi = 1; 2834 ack = (void *)CMSG_DATA(cmsg); 2835 acked = *ack; 2836 } 2837 2838 if (cmsg->cmsg_level == SOL_PACKET && 2839 cmsg->cmsg_type == PACKET_TX_TIMESTAMP) { 2840 struct sock_extended_err *err = 2841 (struct sock_extended_err *)CMSG_DATA(cmsg); 2842 2843 if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS) 2844 found_ee = 1; 2845 } 2846 } 2847 2848 if (!found_ee || !found_wifi) 2849 return; 2850 2851 memset(&event, 0, sizeof(event)); 2852 event.eapol_tx_status.dst = data; 2853 event.eapol_tx_status.data = data + 14; 2854 event.eapol_tx_status.data_len = res - 14; 2855 event.eapol_tx_status.ack = acked; 2856 wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event); 2857 } 2858 2859 2860 static int nl80211_init_bss(struct i802_bss *bss) 2861 { 2862 bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); 2863 if (!bss->nl_cb) 2864 return -1; 2865 2866 nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, 2867 no_seq_check, NULL); 2868 nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, 2869 process_bss_event, bss); 2870 2871 return 0; 2872 } 2873 2874 2875 static void nl80211_destroy_bss(struct i802_bss *bss) 2876 { 2877 nl_cb_put(bss->nl_cb); 2878 bss->nl_cb = NULL; 2879 } 2880 2881 2882 /** 2883 * wpa_driver_nl80211_init - Initialize nl80211 driver interface 2884 * @ctx: context to be used when calling wpa_supplicant functions, 2885 * e.g., wpa_supplicant_event() 2886 * @ifname: interface name, e.g., wlan0 2887 * @global_priv: private driver global data from global_init() 2888 * Returns: Pointer to private data, %NULL on failure 2889 */ 2890 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname, 2891 void *global_priv) 2892 { 2893 struct wpa_driver_nl80211_data *drv; 2894 struct rfkill_config *rcfg; 2895 struct i802_bss *bss; 2896 2897 if (global_priv == NULL) 2898 return NULL; 2899 drv = os_zalloc(sizeof(*drv)); 2900 if (drv == NULL) 2901 return NULL; 2902 drv->global = global_priv; 2903 drv->ctx = ctx; 2904 bss = &drv->first_bss; 2905 bss->drv = drv; 2906 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname)); 2907 drv->monitor_ifidx = -1; 2908 drv->monitor_sock = -1; 2909 drv->eapol_tx_sock = -1; 2910 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 2911 2912 if (wpa_driver_nl80211_init_nl(drv)) { 2913 os_free(drv); 2914 return NULL; 2915 } 2916 2917 if (nl80211_init_bss(bss)) 2918 goto failed; 2919 2920 nl80211_get_phy_name(drv); 2921 2922 rcfg = os_zalloc(sizeof(*rcfg)); 2923 if (rcfg == NULL) 2924 goto failed; 2925 rcfg->ctx = drv; 2926 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname)); 2927 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked; 2928 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked; 2929 drv->rfkill = rfkill_init(rcfg); 2930 if (drv->rfkill == NULL) { 2931 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available"); 2932 os_free(rcfg); 2933 } 2934 2935 if (wpa_driver_nl80211_finish_drv_init(drv)) 2936 goto failed; 2937 2938 drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0); 2939 if (drv->eapol_tx_sock < 0) 2940 goto failed; 2941 2942 if (drv->data_tx_status) { 2943 int enabled = 1; 2944 2945 if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS, 2946 &enabled, sizeof(enabled)) < 0) { 2947 wpa_printf(MSG_DEBUG, 2948 "nl80211: wifi status sockopt failed\n"); 2949 drv->data_tx_status = 0; 2950 if (!drv->use_monitor) 2951 drv->capa.flags &= 2952 ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS; 2953 } else { 2954 eloop_register_read_sock(drv->eapol_tx_sock, 2955 wpa_driver_nl80211_handle_eapol_tx_status, 2956 drv, NULL); 2957 } 2958 } 2959 2960 if (drv->global) { 2961 dl_list_add(&drv->global->interfaces, &drv->list); 2962 drv->in_interface_list = 1; 2963 } 2964 2965 return bss; 2966 2967 failed: 2968 wpa_driver_nl80211_deinit(bss); 2969 return NULL; 2970 } 2971 2972 2973 static int nl80211_register_frame(struct i802_bss *bss, 2974 struct nl_handle *nl_handle, 2975 u16 type, const u8 *match, size_t match_len) 2976 { 2977 struct wpa_driver_nl80211_data *drv = bss->drv; 2978 struct nl_msg *msg; 2979 int ret = -1; 2980 2981 msg = nlmsg_alloc(); 2982 if (!msg) 2983 return -1; 2984 2985 wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x nl_handle=%p", 2986 type, nl_handle); 2987 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 2988 match, match_len); 2989 2990 nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_ACTION); 2991 2992 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 2993 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type); 2994 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match); 2995 2996 ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL); 2997 msg = NULL; 2998 if (ret) { 2999 wpa_printf(MSG_DEBUG, "nl80211: Register frame command " 3000 "failed (type=%u): ret=%d (%s)", 3001 type, ret, strerror(-ret)); 3002 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match", 3003 match, match_len); 3004 goto nla_put_failure; 3005 } 3006 ret = 0; 3007 nla_put_failure: 3008 nlmsg_free(msg); 3009 return ret; 3010 } 3011 3012 3013 static int nl80211_alloc_mgmt_handle(struct i802_bss *bss) 3014 { 3015 struct wpa_driver_nl80211_data *drv = bss->drv; 3016 3017 if (bss->nl_mgmt) { 3018 wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting " 3019 "already on! (nl_mgmt=%p)", bss->nl_mgmt); 3020 return -1; 3021 } 3022 3023 bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt"); 3024 if (bss->nl_mgmt == NULL) 3025 return -1; 3026 3027 eloop_register_read_sock(nl_socket_get_fd(bss->nl_mgmt), 3028 wpa_driver_nl80211_event_receive, bss->nl_cb, 3029 bss->nl_mgmt); 3030 3031 return 0; 3032 } 3033 3034 3035 static int nl80211_register_action_frame(struct i802_bss *bss, 3036 const u8 *match, size_t match_len) 3037 { 3038 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4); 3039 return nl80211_register_frame(bss, bss->nl_mgmt, 3040 type, match, match_len); 3041 } 3042 3043 3044 static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss) 3045 { 3046 struct wpa_driver_nl80211_data *drv = bss->drv; 3047 3048 if (nl80211_alloc_mgmt_handle(bss)) 3049 return -1; 3050 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP " 3051 "handle %p", bss->nl_mgmt); 3052 3053 #if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING) 3054 /* GAS Initial Request */ 3055 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0) 3056 return -1; 3057 /* GAS Initial Response */ 3058 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0) 3059 return -1; 3060 /* GAS Comeback Request */ 3061 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0) 3062 return -1; 3063 /* GAS Comeback Response */ 3064 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0) 3065 return -1; 3066 #endif /* CONFIG_P2P || CONFIG_INTERWORKING */ 3067 #ifdef CONFIG_P2P 3068 /* P2P Public Action */ 3069 if (nl80211_register_action_frame(bss, 3070 (u8 *) "\x04\x09\x50\x6f\x9a\x09", 3071 6) < 0) 3072 return -1; 3073 /* P2P Action */ 3074 if (nl80211_register_action_frame(bss, 3075 (u8 *) "\x7f\x50\x6f\x9a\x09", 3076 5) < 0) 3077 return -1; 3078 #endif /* CONFIG_P2P */ 3079 #ifdef CONFIG_IEEE80211W 3080 /* SA Query Response */ 3081 if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0) 3082 return -1; 3083 #endif /* CONFIG_IEEE80211W */ 3084 #ifdef CONFIG_TDLS 3085 if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) { 3086 /* TDLS Discovery Response */ 3087 if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) < 3088 0) 3089 return -1; 3090 } 3091 #endif /* CONFIG_TDLS */ 3092 3093 /* FT Action frames */ 3094 if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0) 3095 return -1; 3096 else 3097 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT | 3098 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK; 3099 3100 /* WNM - BSS Transition Management Request */ 3101 if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0) 3102 return -1; 3103 3104 return 0; 3105 } 3106 3107 3108 static int nl80211_register_spurious_class3(struct i802_bss *bss) 3109 { 3110 struct wpa_driver_nl80211_data *drv = bss->drv; 3111 struct nl_msg *msg; 3112 int ret = -1; 3113 3114 msg = nlmsg_alloc(); 3115 if (!msg) 3116 return -1; 3117 3118 nl80211_cmd(drv, msg, 0, NL80211_CMD_UNEXPECTED_FRAME); 3119 3120 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex); 3121 3122 ret = send_and_recv(drv->global, bss->nl_mgmt, msg, NULL, NULL); 3123 msg = NULL; 3124 if (ret) { 3125 wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 " 3126 "failed: ret=%d (%s)", 3127 ret, strerror(-ret)); 3128 goto nla_put_failure; 3129 } 3130 ret = 0; 3131 nla_put_failure: 3132 nlmsg_free(msg); 3133 return ret; 3134 } 3135 3136 3137 static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss) 3138 { 3139 static const int stypes[] = { 3140 WLAN_FC_STYPE_AUTH, 3141 WLAN_FC_STYPE_ASSOC_REQ, 3142 WLAN_FC_STYPE_REASSOC_REQ, 3143 WLAN_FC_STYPE_DISASSOC, 3144 WLAN_FC_STYPE_DEAUTH, 3145 WLAN_FC_STYPE_ACTION, 3146 WLAN_FC_STYPE_PROBE_REQ, 3147 /* Beacon doesn't work as mac80211 doesn't currently allow 3148 * it, but it wouldn't really be the right thing anyway as 3149 * it isn't per interface ... maybe just dump the scan 3150 * results periodically for OLBC? 3151 */ 3152 // WLAN_FC_STYPE_BEACON, 3153 }; 3154 unsigned int i; 3155 3156 if (nl80211_alloc_mgmt_handle(bss)) 3157 return -1; 3158 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 3159 "handle %p", bss->nl_mgmt); 3160 3161 for (i = 0; i < sizeof(stypes) / sizeof(stypes[0]); i++) { 3162 if (nl80211_register_frame(bss, bss->nl_mgmt, 3163 (WLAN_FC_TYPE_MGMT << 2) | 3164 (stypes[i] << 4), 3165 NULL, 0) < 0) { 3166 goto out_err; 3167 } 3168 } 3169 3170 if (nl80211_register_spurious_class3(bss)) 3171 goto out_err; 3172 3173 if (nl80211_get_wiphy_data_ap(bss) == NULL) 3174 goto out_err; 3175 3176 return 0; 3177 3178 out_err: 3179 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt)); 3180 nl_destroy_handles(&bss->nl_mgmt); 3181 return -1; 3182 } 3183 3184 3185 static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss) 3186 { 3187 if (nl80211_alloc_mgmt_handle(bss)) 3188 return -1; 3189 wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP " 3190 "handle %p (device SME)", bss->nl_mgmt); 3191 3192 if (nl80211_register_frame(bss, bss->nl_mgmt, 3193 (WLAN_FC_TYPE_MGMT << 2) | 3194 (WLAN_FC_STYPE_ACTION << 4), 3195 NULL, 0) < 0) 3196 goto out_err; 3197 3198 return 0; 3199 3200 out_err: 3201 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt)); 3202 nl_destroy_handles(&bss->nl_mgmt); 3203 return -1; 3204 } 3205 3206 3207 static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason) 3208 { 3209 if (bss->nl_mgmt == NULL) 3210 return; 3211 wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p " 3212 "(%s)", bss->nl_mgmt, reason); 3213 eloop_unregister_read_sock(nl_socket_get_fd(bss->nl_mgmt)); 3214 nl_destroy_handles(&bss->nl_mgmt); 3215 3216 nl80211_put_wiphy_data_ap(bss); 3217 } 3218 3219 3220 static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx) 3221 { 3222 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL); 3223 } 3224 3225 3226 static int 3227 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv) 3228 { 3229 struct i802_bss *bss = &drv->first_bss; 3230 int send_rfkill_event = 0; 3231 3232 drv->ifindex = if_nametoindex(bss->ifname); 3233 drv->first_bss.ifindex = drv->ifindex; 3234 3235 #ifndef HOSTAPD 3236 /* 3237 * Make sure the interface starts up in station mode unless this is a 3238 * dynamically added interface (e.g., P2P) that was already configured 3239 * with proper iftype. 3240 */ 3241 if (drv->ifindex != drv->global->if_add_ifindex && 3242 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION) < 0) { 3243 wpa_printf(MSG_ERROR, "nl80211: Could not configure driver to " 3244 "use managed mode"); 3245 return -1; 3246 } 3247 3248 if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1)) { 3249 if (rfkill_is_blocked(drv->rfkill)) { 3250 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable " 3251 "interface '%s' due to rfkill", 3252 bss->ifname); 3253 drv->if_disabled = 1; 3254 send_rfkill_event = 1; 3255 } else { 3256 wpa_printf(MSG_ERROR, "nl80211: Could not set " 3257 "interface '%s' UP", bss->ifname); 3258 return -1; 3259 } 3260 } 3261 3262 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 3263 1, IF_OPER_DORMANT); 3264 #endif /* HOSTAPD */ 3265 3266 if (wpa_driver_nl80211_capa(drv)) 3267 return -1; 3268 3269 if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, 3270 bss->addr)) 3271 return -1; 3272 3273 if (send_rfkill_event) { 3274 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill, 3275 drv, drv->ctx); 3276 } 3277 3278 return 0; 3279 } 3280 3281 3282 static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) 3283 { 3284 struct nl_msg *msg; 3285 3286 msg = nlmsg_alloc(); 3287 if (!msg) 3288 return -ENOMEM; 3289 3290 nl80211_cmd(drv, msg, 0, NL80211_CMD_DEL_BEACON); 3291 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex); 3292 3293 return send_and_recv_msgs(drv, msg, NULL, NULL); 3294 nla_put_failure: 3295 nlmsg_free(msg); 3296 return -ENOBUFS; 3297 } 3298 3299 3300 /** 3301 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface 3302 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init() 3303 * 3304 * Shut down driver interface and processing of driver events. Free 3305 * private data buffer if one was allocated in wpa_driver_nl80211_init(). 3306 */ 3307 static void wpa_driver_nl80211_deinit(void *priv) 3308 { 3309 struct i802_bss *bss = priv; 3310 struct wpa_driver_nl80211_data *drv = bss->drv; 3311 3312 if (drv->data_tx_status) 3313 eloop_unregister_read_sock(drv->eapol_tx_sock); 3314 if (drv->eapol_tx_sock >= 0) 3315 close(drv->eapol_tx_sock); 3316 3317 if (bss->nl_preq) 3318 wpa_driver_nl80211_probe_req_report(bss, 0); 3319 if (bss->added_if_into_bridge) { 3320 if (linux_br_del_if(drv->global->ioctl_sock, bss->brname, 3321 bss->ifname) < 0) 3322 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 3323 "interface %s from bridge %s: %s", 3324 bss->ifname, bss->brname, strerror(errno)); 3325 } 3326 if (bss->added_bridge) { 3327 if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0) 3328 wpa_printf(MSG_INFO, "nl80211: Failed to remove " 3329 "bridge %s: %s", 3330 bss->brname, strerror(errno)); 3331 } 3332 3333 nl80211_remove_monitor_interface(drv); 3334 3335 if (is_ap_interface(drv->nlmode)) 3336 wpa_driver_nl80211_del_beacon(drv); 3337 3338 #ifdef HOSTAPD 3339 if (drv->last_freq_ht) { 3340 /* Clear HT flags from the driver */ 3341 struct hostapd_freq_params freq; 3342 os_memset(&freq, 0, sizeof(freq)); 3343 freq.freq = drv->last_freq; 3344 i802_set_freq(priv, &freq); 3345 } 3346 3347 if (drv->eapol_sock >= 0) { 3348 eloop_unregister_read_sock(drv->eapol_sock); 3349 close(drv->eapol_sock); 3350 } 3351 3352 if (drv->if_indices != drv->default_if_indices) 3353 os_free(drv->if_indices); 3354 #endif /* HOSTAPD */ 3355 3356 if (drv->disabled_11b_rates) 3357 nl80211_disable_11b_rates(drv, drv->ifindex, 0); 3358 3359 netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0, 3360 IF_OPER_UP); 3361 rfkill_deinit(drv->rfkill); 3362 3363 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 3364 3365 (void) linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0); 3366 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION); 3367 nl80211_mgmt_unsubscribe(bss, "deinit"); 3368 3369 nl_cb_put(drv->nl_cb); 3370 3371 nl80211_destroy_bss(&drv->first_bss); 3372 3373 os_free(drv->filter_ssids); 3374 3375 os_free(drv->auth_ie); 3376 3377 if (drv->in_interface_list) 3378 dl_list_del(&drv->list); 3379 3380 os_free(drv); 3381 } 3382 3383 3384 /** 3385 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 3386 * @eloop_ctx: Driver private data 3387 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 3388 * 3389 * This function can be used as registered timeout when starting a scan to 3390 * generate a scan completed event if the driver does not report this. 3391 */ 3392 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 3393 { 3394 struct wpa_driver_nl80211_data *drv = eloop_ctx; 3395 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) { 3396 wpa_driver_nl80211_set_mode(&drv->first_bss, 3397 drv->ap_scan_as_station); 3398 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 3399 } 3400 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results"); 3401 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 3402 } 3403 3404 3405 /** 3406 * wpa_driver_nl80211_scan - Request the driver to initiate scan 3407 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 3408 * @params: Scan parameters 3409 * Returns: 0 on success, -1 on failure 3410 */ 3411 static int wpa_driver_nl80211_scan(void *priv, 3412 struct wpa_driver_scan_params *params) 3413 { 3414 struct i802_bss *bss = priv; 3415 struct wpa_driver_nl80211_data *drv = bss->drv; 3416 int ret = 0, timeout; 3417 struct nl_msg *msg, *ssids, *freqs, *rates; 3418 size_t i; 3419 3420 drv->scan_for_auth = 0; 3421 3422 msg = nlmsg_alloc(); 3423 ssids = nlmsg_alloc(); 3424 freqs = nlmsg_alloc(); 3425 rates = nlmsg_alloc(); 3426 if (!msg || !ssids || !freqs || !rates) { 3427 nlmsg_free(msg); 3428 nlmsg_free(ssids); 3429 nlmsg_free(freqs); 3430 nlmsg_free(rates); 3431 return -1; 3432 } 3433 3434 os_free(drv->filter_ssids); 3435 drv->filter_ssids = params->filter_