2 * WPA Supplicant - driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
16 #include <sys/ioctl.h>
17 #include <net/if_arp.h>
18 #include <netlink/genl/genl.h>
19 #include <netlink/genl/family.h>
20 #include <netlink/genl/ctrl.h>
21 #include <linux/nl80211.h>
23 #include "wireless_copy.h"
27 #include "ieee802_11_defs.h"
30 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
33 #define IFF_DORMANT 0x20000 /* driver signals dormant */
36 #ifndef IF_OPER_DORMANT
37 #define IF_OPER_DORMANT 5
44 struct wpa_driver_nl80211_data {
48 char ifname[IFNAMSIZ + 1];
52 size_t assoc_req_ies_len;
54 size_t assoc_resp_ies_len;
55 struct wpa_driver_capa capa;
57 int we_version_compiled;
59 /* for set_auth_alg fallback */
61 int auth_alg_fallback;
65 char mlmedev[IFNAMSIZ + 1];
67 int scan_complete_events;
69 struct nl_handle *nl_handle;
70 struct nl_cache *nl_cache;
72 struct genl_family *nl80211;
76 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
78 static int wpa_driver_nl80211_set_mode(void *priv, int mode);
79 static int wpa_driver_nl80211_flush_pmkid(void *priv);
80 static int wpa_driver_nl80211_get_range(void *priv);
82 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
85 static int wpa_driver_nl80211_send_oper_ifla(
86 struct wpa_driver_nl80211_data *drv,
87 int linkmode, int operstate)
91 struct ifinfomsg ifinfo;
98 os_memset(&req, 0, sizeof(req));
100 req.hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
101 req.hdr.nlmsg_type = RTM_SETLINK;
102 req.hdr.nlmsg_flags = NLM_F_REQUEST;
103 req.hdr.nlmsg_seq = ++nl_seq;
104 req.hdr.nlmsg_pid = 0;
106 req.ifinfo.ifi_family = AF_UNSPEC;
107 req.ifinfo.ifi_type = 0;
108 req.ifinfo.ifi_index = drv->ifindex;
109 req.ifinfo.ifi_flags = 0;
110 req.ifinfo.ifi_change = 0;
112 if (linkmode != -1) {
113 rta = (struct rtattr *)
114 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
115 rta->rta_type = IFLA_LINKMODE;
116 rta->rta_len = RTA_LENGTH(sizeof(char));
117 *((char *) RTA_DATA(rta)) = linkmode;
118 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
119 RTA_LENGTH(sizeof(char));
121 if (operstate != -1) {
122 rta = (struct rtattr *)
123 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
124 rta->rta_type = IFLA_OPERSTATE;
125 rta->rta_len = RTA_LENGTH(sizeof(char));
126 *((char *) RTA_DATA(rta)) = operstate;
127 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
128 RTA_LENGTH(sizeof(char));
131 wpa_printf(MSG_DEBUG, "WEXT: Operstate: linkmode=%d, operstate=%d",
132 linkmode, operstate);
134 ret = send(drv->event_sock, &req, req.hdr.nlmsg_len, 0);
136 wpa_printf(MSG_DEBUG, "WEXT: Sending operstate IFLA failed: "
137 "%s (assume operstate is not supported)",
141 return ret < 0 ? -1 : 0;
145 static int wpa_driver_nl80211_set_auth_param(
146 struct wpa_driver_nl80211_data *drv, int idx, u32 value)
151 os_memset(&iwr, 0, sizeof(iwr));
152 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
153 iwr.u.param.flags = idx & IW_AUTH_INDEX;
154 iwr.u.param.value = value;
156 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
157 if (errno != EOPNOTSUPP) {
158 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
159 "value 0x%x) failed: %s)",
160 idx, value, strerror(errno));
162 ret = errno == EOPNOTSUPP ? -2 : -1;
169 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
171 struct wpa_driver_nl80211_data *drv = priv;
175 os_memset(&iwr, 0, sizeof(iwr));
176 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
178 if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
179 perror("ioctl[SIOCGIWAP]");
182 os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
188 static int wpa_driver_nl80211_set_bssid(void *priv, const u8 *bssid)
190 struct wpa_driver_nl80211_data *drv = priv;
194 os_memset(&iwr, 0, sizeof(iwr));
195 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
196 iwr.u.ap_addr.sa_family = ARPHRD_ETHER;
198 os_memcpy(iwr.u.ap_addr.sa_data, bssid, ETH_ALEN);
200 os_memset(iwr.u.ap_addr.sa_data, 0, ETH_ALEN);
202 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr) < 0) {
203 perror("ioctl[SIOCSIWAP]");
211 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
213 struct wpa_driver_nl80211_data *drv = priv;
217 os_memset(&iwr, 0, sizeof(iwr));
218 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
219 iwr.u.essid.pointer = (caddr_t) ssid;
220 iwr.u.essid.length = 32;
222 if (ioctl(drv->ioctl_sock, SIOCGIWESSID, &iwr) < 0) {
223 perror("ioctl[SIOCGIWESSID]");
226 ret = iwr.u.essid.length;
229 /* Some drivers include nul termination in the SSID, so let's
230 * remove it here before further processing. WE-21 changes this
231 * to explicitly require the length _not_ to include nul
233 if (ret > 0 && ssid[ret - 1] == '\0' &&
234 drv->we_version_compiled < 21)
242 static int wpa_driver_nl80211_set_ssid(void *priv, const u8 *ssid,
245 struct wpa_driver_nl80211_data *drv = priv;
253 os_memset(&iwr, 0, sizeof(iwr));
254 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
255 /* flags: 1 = ESSID is active, 0 = not (promiscuous) */
256 iwr.u.essid.flags = (ssid_len != 0);
257 os_memset(buf, 0, sizeof(buf));
258 os_memcpy(buf, ssid, ssid_len);
259 iwr.u.essid.pointer = (caddr_t) buf;
260 if (drv->we_version_compiled < 21) {
261 /* For historic reasons, set SSID length to include one extra
262 * character, C string nul termination, even though SSID is
263 * really an octet string that should not be presented as a C
264 * string. Some Linux drivers decrement the length by one and
265 * can thus end up missing the last octet of the SSID if the
266 * length is not incremented here. WE-21 changes this to
267 * explicitly require the length _not_ to include nul
272 iwr.u.essid.length = ssid_len;
274 if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
275 perror("ioctl[SIOCSIWESSID]");
283 static int wpa_driver_nl80211_set_freq(void *priv, int freq)
285 struct wpa_driver_nl80211_data *drv = priv;
289 os_memset(&iwr, 0, sizeof(iwr));
290 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
291 iwr.u.freq.m = freq * 100000;
294 if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
295 perror("ioctl[SIOCSIWFREQ]");
304 wpa_driver_nl80211_event_wireless_custom(void *ctx, char *custom)
306 union wpa_event_data data;
308 wpa_printf(MSG_MSGDUMP, "WEXT: Custom wireless event: '%s'",
311 os_memset(&data, 0, sizeof(data));
313 if (os_strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
314 data.michael_mic_failure.unicast =
315 os_strstr(custom, " unicast ") != NULL;
316 /* TODO: parse parameters(?) */
317 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
318 } else if (os_strncmp(custom, "ASSOCINFO(ReqIEs=", 17) == 0) {
324 bytes = strspn(spos, "0123456789abcdefABCDEF");
325 if (!bytes || (bytes & 1))
329 data.assoc_info.req_ies = os_malloc(bytes);
330 if (data.assoc_info.req_ies == NULL)
333 data.assoc_info.req_ies_len = bytes;
334 hexstr2bin(spos, data.assoc_info.req_ies, bytes);
338 data.assoc_info.resp_ies = NULL;
339 data.assoc_info.resp_ies_len = 0;
341 if (os_strncmp(spos, " RespIEs=", 9) == 0) {
344 bytes = strspn(spos, "0123456789abcdefABCDEF");
345 if (!bytes || (bytes & 1))
349 data.assoc_info.resp_ies = os_malloc(bytes);
350 if (data.assoc_info.resp_ies == NULL)
353 data.assoc_info.resp_ies_len = bytes;
354 hexstr2bin(spos, data.assoc_info.resp_ies, bytes);
357 wpa_supplicant_event(ctx, EVENT_ASSOCINFO, &data);
360 os_free(data.assoc_info.resp_ies);
361 os_free(data.assoc_info.req_ies);
362 #ifdef CONFIG_PEERKEY
363 } else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
364 if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
365 wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
366 "STKSTART.request '%s'", custom + 17);
369 wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
370 #endif /* CONFIG_PEERKEY */
375 static int wpa_driver_nl80211_event_wireless_michaelmicfailure(
376 void *ctx, const char *ev, size_t len)
378 const struct iw_michaelmicfailure *mic;
379 union wpa_event_data data;
381 if (len < sizeof(*mic))
384 mic = (const struct iw_michaelmicfailure *) ev;
386 wpa_printf(MSG_DEBUG, "Michael MIC failure wireless event: "
387 "flags=0x%x src_addr=" MACSTR, mic->flags,
388 MAC2STR(mic->src_addr.sa_data));
390 os_memset(&data, 0, sizeof(data));
391 data.michael_mic_failure.unicast = !(mic->flags & IW_MICFAILURE_GROUP);
392 wpa_supplicant_event(ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
398 static int wpa_driver_nl80211_event_wireless_pmkidcand(
399 struct wpa_driver_nl80211_data *drv, const char *ev, size_t len)
401 const struct iw_pmkid_cand *cand;
402 union wpa_event_data data;
405 if (len < sizeof(*cand))
408 cand = (const struct iw_pmkid_cand *) ev;
409 addr = (const u8 *) cand->bssid.sa_data;
411 wpa_printf(MSG_DEBUG, "PMKID candidate wireless event: "
412 "flags=0x%x index=%d bssid=" MACSTR, cand->flags,
413 cand->index, MAC2STR(addr));
415 os_memset(&data, 0, sizeof(data));
416 os_memcpy(data.pmkid_candidate.bssid, addr, ETH_ALEN);
417 data.pmkid_candidate.index = cand->index;
418 data.pmkid_candidate.preauth = cand->flags & IW_PMKID_CAND_PREAUTH;
419 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data);
425 static int wpa_driver_nl80211_event_wireless_assocreqie(
426 struct wpa_driver_nl80211_data *drv, const char *ev, int len)
431 wpa_hexdump(MSG_DEBUG, "AssocReq IE wireless event", (const u8 *) ev,
433 os_free(drv->assoc_req_ies);
434 drv->assoc_req_ies = os_malloc(len);
435 if (drv->assoc_req_ies == NULL) {
436 drv->assoc_req_ies_len = 0;
439 os_memcpy(drv->assoc_req_ies, ev, len);
440 drv->assoc_req_ies_len = len;
446 static int wpa_driver_nl80211_event_wireless_assocrespie(
447 struct wpa_driver_nl80211_data *drv, const char *ev, int len)
452 wpa_hexdump(MSG_DEBUG, "AssocResp IE wireless event", (const u8 *) ev,
454 os_free(drv->assoc_resp_ies);
455 drv->assoc_resp_ies = os_malloc(len);
456 if (drv->assoc_resp_ies == NULL) {
457 drv->assoc_resp_ies_len = 0;
460 os_memcpy(drv->assoc_resp_ies, ev, len);
461 drv->assoc_resp_ies_len = len;
467 static void wpa_driver_nl80211_event_assoc_ies(struct wpa_driver_nl80211_data *drv)
469 union wpa_event_data data;
471 if (drv->assoc_req_ies == NULL && drv->assoc_resp_ies == NULL)
474 os_memset(&data, 0, sizeof(data));
475 if (drv->assoc_req_ies) {
476 data.assoc_info.req_ies = drv->assoc_req_ies;
477 drv->assoc_req_ies = NULL;
478 data.assoc_info.req_ies_len = drv->assoc_req_ies_len;
480 if (drv->assoc_resp_ies) {
481 data.assoc_info.resp_ies = drv->assoc_resp_ies;
482 drv->assoc_resp_ies = NULL;
483 data.assoc_info.resp_ies_len = drv->assoc_resp_ies_len;
486 wpa_supplicant_event(drv->ctx, EVENT_ASSOCINFO, &data);
488 os_free(data.assoc_info.req_ies);
489 os_free(data.assoc_info.resp_ies);
493 static void wpa_driver_nl80211_event_wireless(struct wpa_driver_nl80211_data *drv,
494 void *ctx, char *data, int len)
496 struct iw_event iwe_buf, *iwe = &iwe_buf;
497 char *pos, *end, *custom, *buf;
502 while (pos + IW_EV_LCP_LEN <= end) {
503 /* Event data may be unaligned, so make a local, aligned copy
504 * before processing. */
505 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
506 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
508 if (iwe->len <= IW_EV_LCP_LEN)
511 custom = pos + IW_EV_POINT_LEN;
512 if (drv->we_version_compiled > 18 &&
513 (iwe->cmd == IWEVMICHAELMICFAILURE ||
514 iwe->cmd == IWEVCUSTOM ||
515 iwe->cmd == IWEVASSOCREQIE ||
516 iwe->cmd == IWEVASSOCRESPIE ||
517 iwe->cmd == IWEVPMKIDCAND)) {
518 /* WE-19 removed the pointer from struct iw_point */
519 char *dpos = (char *) &iwe_buf.u.data.length;
520 int dlen = dpos - (char *) &iwe_buf;
521 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
522 sizeof(struct iw_event) - dlen);
524 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
525 custom += IW_EV_POINT_OFF;
530 wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
532 MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
533 if (is_zero_ether_addr(
534 (const u8 *) iwe->u.ap_addr.sa_data) ||
535 os_memcmp(iwe->u.ap_addr.sa_data,
536 "\x44\x44\x44\x44\x44\x44", ETH_ALEN) ==
538 os_free(drv->assoc_req_ies);
539 drv->assoc_req_ies = NULL;
540 os_free(drv->assoc_resp_ies);
541 drv->assoc_resp_ies = NULL;
542 wpa_supplicant_event(ctx, EVENT_DISASSOC,
546 wpa_driver_nl80211_event_assoc_ies(drv);
547 wpa_supplicant_event(ctx, EVENT_ASSOC, NULL);
550 case IWEVMICHAELMICFAILURE:
551 wpa_driver_nl80211_event_wireless_michaelmicfailure(
552 ctx, custom, iwe->u.data.length);
555 if (custom + iwe->u.data.length > end)
557 buf = os_malloc(iwe->u.data.length + 1);
560 os_memcpy(buf, custom, iwe->u.data.length);
561 buf[iwe->u.data.length] = '\0';
562 wpa_driver_nl80211_event_wireless_custom(ctx, buf);
566 drv->scan_complete_events = 1;
567 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout,
569 wpa_supplicant_event(ctx, EVENT_SCAN_RESULTS, NULL);
572 wpa_driver_nl80211_event_wireless_assocreqie(
573 drv, custom, iwe->u.data.length);
575 case IWEVASSOCRESPIE:
576 wpa_driver_nl80211_event_wireless_assocrespie(
577 drv, custom, iwe->u.data.length);
580 wpa_driver_nl80211_event_wireless_pmkidcand(
581 drv, custom, iwe->u.data.length);
590 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
591 void *ctx, char *buf, size_t len,
594 union wpa_event_data event;
596 os_memset(&event, 0, sizeof(event));
597 if (len > sizeof(event.interface_status.ifname))
598 len = sizeof(event.interface_status.ifname) - 1;
599 os_memcpy(event.interface_status.ifname, buf, len);
600 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
601 EVENT_INTERFACE_ADDED;
603 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
605 event.interface_status.ifname,
606 del ? "removed" : "added");
608 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
615 wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event);
619 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
622 struct ifinfomsg *ifi;
623 int attrlen, _nlmsg_len, rta_len;
628 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
630 attrlen = h->nlmsg_len - _nlmsg_len;
634 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
636 rta_len = RTA_ALIGN(sizeof(struct rtattr));
637 while (RTA_OK(attr, attrlen)) {
638 if (attr->rta_type == IFLA_IFNAME) {
639 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
645 attr = RTA_NEXT(attr, attrlen);
652 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
653 int ifindex, struct nlmsghdr *h)
655 if (drv->ifindex == ifindex)
658 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, h)) {
659 drv->ifindex = if_nametoindex(drv->ifname);
660 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
662 wpa_driver_nl80211_finish_drv_init(drv);
670 static void wpa_driver_nl80211_event_rtm_newlink(struct wpa_driver_nl80211_data *drv,
671 void *ctx, struct nlmsghdr *h,
674 struct ifinfomsg *ifi;
675 int attrlen, _nlmsg_len, rta_len;
676 struct rtattr * attr;
678 if (len < sizeof(*ifi))
683 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, h)) {
684 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
689 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
691 drv->operstate, ifi->ifi_flags,
692 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
693 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
694 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
695 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
697 * Some drivers send the association event before the operup event--in
698 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
699 * fails. This will hit us when wpa_supplicant does not need to do
700 * IEEE 802.1X authentication
702 if (drv->operstate == 1 &&
703 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
704 !(ifi->ifi_flags & IFF_RUNNING))
705 wpa_driver_nl80211_send_oper_ifla(drv, -1, IF_OPER_UP);
707 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
709 attrlen = h->nlmsg_len - _nlmsg_len;
713 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
715 rta_len = RTA_ALIGN(sizeof(struct rtattr));
716 while (RTA_OK(attr, attrlen)) {
717 if (attr->rta_type == IFLA_WIRELESS) {
718 wpa_driver_nl80211_event_wireless(
719 drv, ctx, ((char *) attr) + rta_len,
720 attr->rta_len - rta_len);
721 } else if (attr->rta_type == IFLA_IFNAME) {
722 wpa_driver_nl80211_event_link(
724 ((char *) attr) + rta_len,
725 attr->rta_len - rta_len, 0);
727 attr = RTA_NEXT(attr, attrlen);
732 static void wpa_driver_nl80211_event_rtm_dellink(struct wpa_driver_nl80211_data *drv,
733 void *ctx, struct nlmsghdr *h,
736 struct ifinfomsg *ifi;
737 int attrlen, _nlmsg_len, rta_len;
738 struct rtattr * attr;
740 if (len < sizeof(*ifi))
745 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
747 attrlen = h->nlmsg_len - _nlmsg_len;
751 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
753 rta_len = RTA_ALIGN(sizeof(struct rtattr));
754 while (RTA_OK(attr, attrlen)) {
755 if (attr->rta_type == IFLA_IFNAME) {
756 wpa_driver_nl80211_event_link(
758 ((char *) attr) + rta_len,
759 attr->rta_len - rta_len, 1);
761 attr = RTA_NEXT(attr, attrlen);
766 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
771 struct sockaddr_nl from;
777 fromlen = sizeof(from);
778 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
779 (struct sockaddr *) &from, &fromlen);
781 if (errno != EINTR && errno != EAGAIN)
782 perror("recvfrom(netlink)");
786 h = (struct nlmsghdr *) buf;
787 while (left >= (int) sizeof(*h)) {
791 plen = len - sizeof(*h);
792 if (len > left || plen < 0) {
793 wpa_printf(MSG_DEBUG, "Malformed netlink message: "
794 "len=%d left=%d plen=%d",
799 switch (h->nlmsg_type) {
801 wpa_driver_nl80211_event_rtm_newlink(eloop_ctx, sock_ctx,
805 wpa_driver_nl80211_event_rtm_dellink(eloop_ctx, sock_ctx,
810 len = NLMSG_ALIGN(len);
812 h = (struct nlmsghdr *) ((char *) h + len);
816 wpa_printf(MSG_DEBUG, "%d extra bytes in the end of netlink "
820 if (--max_events > 0) {
822 * Try to receive all events in one eloop call in order to
823 * limit race condition on cases where AssocInfo event, Assoc
824 * event, and EAPOL frames are received more or less at the
825 * same time. We want to process the event messages first
826 * before starting EAPOL processing.
833 static int wpa_driver_nl80211_get_ifflags_ifname(struct wpa_driver_nl80211_data *drv,
834 const char *ifname, int *flags)
838 os_memset(&ifr, 0, sizeof(ifr));
839 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
840 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
841 perror("ioctl[SIOCGIFFLAGS]");
844 *flags = ifr.ifr_flags & 0xffff;
850 * wpa_driver_nl80211_get_ifflags - Get interface flags (SIOCGIFFLAGS)
851 * @drv: driver_nl80211 private data
852 * @flags: Pointer to returned flags value
853 * Returns: 0 on success, -1 on failure
855 static int wpa_driver_nl80211_get_ifflags(struct wpa_driver_nl80211_data *drv,
858 return wpa_driver_nl80211_get_ifflags_ifname(drv, drv->ifname, flags);
862 static int wpa_driver_nl80211_set_ifflags_ifname(
863 struct wpa_driver_nl80211_data *drv,
864 const char *ifname, int flags)
868 os_memset(&ifr, 0, sizeof(ifr));
869 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
870 ifr.ifr_flags = flags & 0xffff;
871 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
872 perror("SIOCSIFFLAGS");
880 * wpa_driver_nl80211_set_ifflags - Set interface flags (SIOCSIFFLAGS)
881 * @drv: driver_nl80211 private data
882 * @flags: New value for flags
883 * Returns: 0 on success, -1 on failure
885 static int wpa_driver_nl80211_set_ifflags(struct wpa_driver_nl80211_data *drv,
888 return wpa_driver_nl80211_set_ifflags_ifname(drv, drv->ifname, flags);
893 * wpa_driver_nl80211_init - Initialize WE driver interface
894 * @ctx: context to be used when calling wpa_supplicant functions,
895 * e.g., wpa_supplicant_event()
896 * @ifname: interface name, e.g., wlan0
897 * Returns: Pointer to private data, %NULL on failure
899 void * wpa_driver_nl80211_init(void *ctx, const char *ifname)
902 struct sockaddr_nl local;
903 struct wpa_driver_nl80211_data *drv;
905 drv = os_zalloc(sizeof(*drv));
909 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
911 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
912 if (drv->nl_cb == NULL) {
913 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
918 drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb);
919 if (drv->nl_handle == NULL) {
920 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
925 if (genl_connect(drv->nl_handle)) {
926 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
931 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
932 if (drv->nl_cache == NULL) {
933 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
938 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
939 if (drv->nl80211 == NULL) {
940 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
945 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
946 if (drv->ioctl_sock < 0) {
947 perror("socket(PF_INET,SOCK_DGRAM)");
951 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
953 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
957 os_memset(&local, 0, sizeof(local));
958 local.nl_family = AF_NETLINK;
959 local.nl_groups = RTMGRP_LINK;
960 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
961 perror("bind(netlink)");
966 eloop_register_read_sock(s, wpa_driver_nl80211_event_receive, drv,
970 wpa_driver_nl80211_finish_drv_init(drv);
975 close(drv->ioctl_sock);
977 genl_family_put(drv->nl80211);
979 nl_cache_free(drv->nl_cache);
981 nl_handle_destroy(drv->nl_handle);
983 nl_cb_put(drv->nl_cb);
991 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
995 if (wpa_driver_nl80211_get_ifflags(drv, &flags) != 0)
996 printf("Could not get interface '%s' flags\n", drv->ifname);
997 else if (!(flags & IFF_UP)) {
998 if (wpa_driver_nl80211_set_ifflags(drv, flags | IFF_UP) != 0) {
999 printf("Could not set interface '%s' UP\n",
1003 * Wait some time to allow driver to initialize before
1004 * starting configuring the driver. This seems to be
1005 * needed at least some drivers that load firmware etc.
1006 * when the interface is set up.
1008 wpa_printf(MSG_DEBUG, "Interface %s set UP - waiting "
1009 "a second for the driver to complete "
1010 "initialization", drv->ifname);
1016 * Make sure that the driver does not have any obsolete PMKID entries.
1018 wpa_driver_nl80211_flush_pmkid(drv);
1020 if (wpa_driver_nl80211_set_mode(drv, 0) < 0) {
1021 printf("Could not configure driver to use managed mode\n");
1024 wpa_driver_nl80211_get_range(drv);
1026 drv->ifindex = if_nametoindex(drv->ifname);
1028 wpa_driver_nl80211_send_oper_ifla(drv, 1, IF_OPER_DORMANT);
1033 * wpa_driver_nl80211_deinit - Deinitialize WE driver interface
1034 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
1036 * Shut down driver interface and processing of driver events. Free
1037 * private data buffer if one was allocated in wpa_driver_nl80211_init().
1039 void wpa_driver_nl80211_deinit(void *priv)
1041 struct wpa_driver_nl80211_data *drv = priv;
1044 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1047 * Clear possibly configured driver parameters in order to make it
1048 * easier to use the driver after wpa_supplicant has been terminated.
1050 (void) wpa_driver_nl80211_set_bssid(drv,
1051 (u8 *) "\x00\x00\x00\x00\x00\x00");
1053 wpa_driver_nl80211_send_oper_ifla(priv, 0, IF_OPER_UP);
1055 eloop_unregister_read_sock(drv->event_sock);
1057 if (wpa_driver_nl80211_get_ifflags(drv, &flags) == 0)
1058 (void) wpa_driver_nl80211_set_ifflags(drv, flags & ~IFF_UP);
1060 close(drv->event_sock);
1061 close(drv->ioctl_sock);
1062 os_free(drv->assoc_req_ies);
1063 os_free(drv->assoc_resp_ies);
1065 genl_family_put(drv->nl80211);
1066 nl_cache_free(drv->nl_cache);
1067 nl_handle_destroy(drv->nl_handle);
1068 nl_cb_put(drv->nl_cb);
1075 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
1076 * @eloop_ctx: Unused
1077 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
1079 * This function can be used as registered timeout when starting a scan to
1080 * generate a scan completed event if the driver does not report this.
1082 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1084 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1085 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1090 * wpa_driver_nl80211_scan - Request the driver to initiate scan
1091 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
1092 * @ssid: Specific SSID to scan for (ProbeReq) or %NULL to scan for
1093 * all SSIDs (either active scan with broadcast SSID or passive
1095 * @ssid_len: Length of the SSID
1096 * Returns: 0 on success, -1 on failure
1098 static int wpa_driver_nl80211_scan(void *priv, const u8 *ssid, size_t ssid_len)
1100 struct wpa_driver_nl80211_data *drv = priv;
1102 int ret = 0, timeout;
1103 struct iw_scan_req req;
1105 if (ssid_len > IW_ESSID_MAX_SIZE) {
1106 wpa_printf(MSG_DEBUG, "%s: too long SSID (%lu)",
1107 __FUNCTION__, (unsigned long) ssid_len);
1111 os_memset(&iwr, 0, sizeof(iwr));
1112 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1114 if (ssid && ssid_len) {
1115 os_memset(&req, 0, sizeof(req));
1116 req.essid_len = ssid_len;
1117 req.bssid.sa_family = ARPHRD_ETHER;
1118 os_memset(req.bssid.sa_data, 0xff, ETH_ALEN);
1119 os_memcpy(req.essid, ssid, ssid_len);
1120 iwr.u.data.pointer = (caddr_t) &req;
1121 iwr.u.data.length = sizeof(req);
1122 iwr.u.data.flags = IW_SCAN_THIS_ESSID;
1125 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
1126 perror("ioctl[SIOCSIWSCAN]");
1130 /* Not all drivers generate "scan completed" wireless event, so try to
1131 * read results after a timeout. */
1133 if (drv->scan_complete_events) {
1135 * The driver seems to deliver SIOCGIWSCAN events to notify
1136 * when scan is complete, so use longer timeout to avoid race
1137 * conditions with scanning and following association request.
1141 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1142 "seconds", ret, timeout);
1143 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1144 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, drv,
1151 static u8 * wpa_driver_nl80211_giwscan(struct wpa_driver_nl80211_data *drv,
1158 res_buf_len = IW_SCAN_MAX_DATA;
1160 res_buf = os_malloc(res_buf_len);
1161 if (res_buf == NULL)
1163 os_memset(&iwr, 0, sizeof(iwr));
1164 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1165 iwr.u.data.pointer = res_buf;
1166 iwr.u.data.length = res_buf_len;
1168 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
1171 if (errno == E2BIG && res_buf_len < 100000) {
1175 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
1176 "trying larger buffer (%lu bytes)",
1177 (unsigned long) res_buf_len);
1179 perror("ioctl[SIOCGIWSCAN]");
1185 if (iwr.u.data.length > res_buf_len) {
1189 *len = iwr.u.data.length;
1196 * Data structure for collecting WEXT scan results. This is needed to allow
1197 * the various methods of reporting IEs to be combined into a single IE buffer.
1199 struct wext_scan_data {
1200 struct wpa_scan_res res;
1209 static void wext_get_scan_mode(struct iw_event *iwe,
1210 struct wext_scan_data *res)
1212 if (iwe->u.mode == IW_MODE_ADHOC)
1213 res->res.caps |= IEEE80211_CAP_IBSS;
1214 else if (iwe->u.mode == IW_MODE_MASTER || iwe->u.mode == IW_MODE_INFRA)
1215 res->res.caps |= IEEE80211_CAP_ESS;
1219 static void wext_get_scan_ssid(struct iw_event *iwe,
1220 struct wext_scan_data *res, char *custom,
1223 int ssid_len = iwe->u.essid.length;
1224 if (custom + ssid_len > end)
1226 if (iwe->u.essid.flags &&
1228 ssid_len <= IW_ESSID_MAX_SIZE) {
1229 os_memcpy(res->ssid, custom, ssid_len);
1230 res->ssid_len = ssid_len;
1235 static void wext_get_scan_freq(struct iw_event *iwe,
1236 struct wext_scan_data *res)
1238 int divi = 1000000, i;
1240 if (iwe->u.freq.e == 0) {
1242 * Some drivers do not report frequency, but a channel.
1243 * Try to map this to frequency by assuming they are using
1244 * IEEE 802.11b/g. But don't overwrite a previously parsed
1245 * frequency if the driver sends both frequency and channel,
1246 * since the driver may be sending an A-band channel that we
1247 * don't handle here.
1253 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
1254 res->res.freq = 2407 + 5 * iwe->u.freq.m;
1256 } else if (iwe->u.freq.m == 14) {
1257 res->res.freq = 2484;
1262 if (iwe->u.freq.e > 6) {
1263 wpa_printf(MSG_DEBUG, "Invalid freq in scan results (BSSID="
1264 MACSTR " m=%d e=%d)",
1265 MAC2STR(res->res.bssid), iwe->u.freq.m,
1270 for (i = 0; i < iwe->u.freq.e; i++)
1272 res->res.freq = iwe->u.freq.m / divi;
1276 static void wext_get_scan_qual(struct iw_event *iwe,
1277 struct wext_scan_data *res)
1279 res->res.qual = iwe->u.qual.qual;
1280 res->res.noise = iwe->u.qual.noise;
1281 res->res.level = iwe->u.qual.level;
1285 static void wext_get_scan_encode(struct iw_event *iwe,
1286 struct wext_scan_data *res)
1288 if (!(iwe->u.data.flags & IW_ENCODE_DISABLED))
1289 res->res.caps |= IEEE80211_CAP_PRIVACY;
1293 static void wext_get_scan_rate(struct iw_event *iwe,
1294 struct wext_scan_data *res, char *pos,
1298 char *custom = pos + IW_EV_LCP_LEN;
1303 if (custom + clen > end)
1306 while (((ssize_t) clen) >= (ssize_t) sizeof(struct iw_param)) {
1307 /* Note: may be misaligned, make a local, aligned copy */
1308 os_memcpy(&p, custom, sizeof(struct iw_param));
1309 if (p.value > maxrate)
1311 clen -= sizeof(struct iw_param);
1312 custom += sizeof(struct iw_param);
1315 /* Convert the maxrate from WE-style (b/s units) to
1316 * 802.11 rates (500000 b/s units).
1318 res->maxrate = maxrate / 500000;
1322 static void wext_get_scan_iwevgenie(struct iw_event *iwe,
1323 struct wext_scan_data *res, char *custom,
1326 char *genie, *gpos, *gend;
1329 gpos = genie = custom;
1330 gend = genie + iwe->u.data.length;
1332 wpa_printf(MSG_INFO, "IWEVGENIE overflow");
1336 tmp = os_realloc(res->ie, res->ie_len + gend - gpos);
1339 os_memcpy(tmp + res->ie_len, gpos, gend - gpos);
1341 res->ie_len += gend - gpos;
1345 static void wext_get_scan_custom(struct iw_event *iwe,
1346 struct wext_scan_data *res, char *custom,
1352 clen = iwe->u.data.length;
1353 if (custom + clen > end)
1356 if (clen > 7 && os_strncmp(custom, "wpa_ie=", 7) == 0) {
1360 bytes = custom + clen - spos;
1364 tmp = os_realloc(res->ie, res->ie_len + bytes);
1367 hexstr2bin(spos, tmp + res->ie_len, bytes);
1369 res->ie_len += bytes;
1370 } else if (clen > 7 && os_strncmp(custom, "rsn_ie=", 7) == 0) {
1374 bytes = custom + clen - spos;
1378 tmp = os_realloc(res->ie, res->ie_len + bytes);
1381 hexstr2bin(spos, tmp + res->ie_len, bytes);
1383 res->ie_len += bytes;
1384 } else if (clen > 4 && os_strncmp(custom, "tsf=", 4) == 0) {
1389 bytes = custom + clen - spos;
1391 wpa_printf(MSG_INFO, "Invalid TSF length (%d)", bytes);
1395 hexstr2bin(spos, bin, bytes);
1396 res->res.tsf += WPA_GET_BE64(bin);
1401 static int wext_19_iw_point(struct wpa_driver_nl80211_data *drv, u16 cmd)
1403 return drv->we_version_compiled > 18 &&
1404 (cmd == SIOCGIWESSID || cmd == SIOCGIWENCODE ||
1405 cmd == IWEVGENIE || cmd == IWEVCUSTOM);
1409 static void wpa_driver_nl80211_add_scan_entry(struct wpa_scan_results *res,
1410 struct wext_scan_data *data)
1412 struct wpa_scan_res **tmp;
1413 struct wpa_scan_res *r;
1415 u8 *pos, *end, *ssid_ie = NULL, *rate_ie = NULL;
1417 /* Figure out whether we need to fake any IEs */
1419 end = pos + data->ie_len;
1420 while (pos && pos + 1 < end) {
1421 if (pos + 2 + pos[1] > end)
1423 if (pos[0] == WLAN_EID_SSID)
1425 else if (pos[0] == WLAN_EID_SUPP_RATES)
1427 else if (pos[0] == WLAN_EID_EXT_SUPP_RATES)
1433 if (ssid_ie == NULL)
1434 extra_len += 2 + data->ssid_len;
1435 if (rate_ie == NULL && data->maxrate)
1438 r = os_zalloc(sizeof(*r) + extra_len + data->ie_len);
1441 os_memcpy(r, &data->res, sizeof(*r));
1442 r->ie_len = extra_len + data->ie_len;
1443 pos = (u8 *) (r + 1);
1444 if (ssid_ie == NULL) {
1446 * Generate a fake SSID IE since the driver did not report
1449 *pos++ = WLAN_EID_SSID;
1450 *pos++ = data->ssid_len;
1451 os_memcpy(pos, data->ssid, data->ssid_len);
1452 pos += data->ssid_len;
1454 if (rate_ie == NULL && data->maxrate) {
1456 * Generate a fake Supported Rates IE since the driver did not
1457 * report a full IE list.
1459 *pos++ = WLAN_EID_SUPP_RATES;
1461 *pos++ = data->maxrate;
1464 os_memcpy(pos, data->ie, data->ie_len);
1466 tmp = os_realloc(res->res,
1467 (res->num + 1) * sizeof(struct wpa_scan_res *));
1472 tmp[res->num++] = r;
1478 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
1479 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
1480 * Returns: Scan results on success, -1 on failure
1482 struct wpa_scan_results * wpa_driver_nl80211_get_scan_results(void *priv)
1484 struct wpa_driver_nl80211_data *drv = priv;
1485 size_t ap_num = 0, len;
1488 struct iw_event iwe_buf, *iwe = &iwe_buf;
1489 char *pos, *end, *custom;
1490 struct wpa_scan_results *res;
1491 struct wext_scan_data data;
1493 res_buf = wpa_driver_nl80211_giwscan(drv, &len);
1494 if (res_buf == NULL)
1500 res = os_zalloc(sizeof(*res));
1506 pos = (char *) res_buf;
1507 end = (char *) res_buf + len;
1508 os_memset(&data, 0, sizeof(data));
1510 while (pos + IW_EV_LCP_LEN <= end) {
1511 /* Event data may be unaligned, so make a local, aligned copy
1512 * before processing. */
1513 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
1514 if (iwe->len <= IW_EV_LCP_LEN)
1517 custom = pos + IW_EV_POINT_LEN;
1518 if (wext_19_iw_point(drv, iwe->cmd)) {
1519 /* WE-19 removed the pointer from struct iw_point */
1520 char *dpos = (char *) &iwe_buf.u.data.length;
1521 int dlen = dpos - (char *) &iwe_buf;
1522 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
1523 sizeof(struct iw_event) - dlen);
1525 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
1526 custom += IW_EV_POINT_OFF;
1532 wpa_driver_nl80211_add_scan_entry(res, &data);
1535 os_memset(&data, 0, sizeof(data));
1536 os_memcpy(data.res.bssid,
1537 iwe->u.ap_addr.sa_data, ETH_ALEN);
1540 wext_get_scan_mode(iwe, &data);
1543 wext_get_scan_ssid(iwe, &data, custom, end);
1546 wext_get_scan_freq(iwe, &data);
1549 wext_get_scan_qual(iwe, &data);
1552 wext_get_scan_encode(iwe, &data);
1555 wext_get_scan_rate(iwe, &data, pos, end);
1558 wext_get_scan_iwevgenie(iwe, &data, custom, end);
1561 wext_get_scan_custom(iwe, &data, custom, end);
1570 wpa_driver_nl80211_add_scan_entry(res, &data);
1573 wpa_printf(MSG_DEBUG, "Received %lu bytes of scan results (%lu BSSes)",
1574 (unsigned long) len, (unsigned long) res->num);
1580 static int wpa_driver_nl80211_get_range(void *priv)
1582 struct wpa_driver_nl80211_data *drv = priv;
1583 struct iw_range *range;
1589 * Use larger buffer than struct iw_range in order to allow the
1590 * structure to grow in the future.
1592 buflen = sizeof(struct iw_range) + 500;
1593 range = os_zalloc(buflen);
1597 os_memset(&iwr, 0, sizeof(iwr));
1598 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1599 iwr.u.data.pointer = (caddr_t) range;
1600 iwr.u.data.length = buflen;
1602 minlen = ((char *) &range->enc_capa) - (char *) range +
1603 sizeof(range->enc_capa);
1605 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
1606 perror("ioctl[SIOCGIWRANGE]");
1609 } else if (iwr.u.data.length >= minlen &&
1610 range->we_version_compiled >= 18) {
1611 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
1612 "WE(source)=%d enc_capa=0x%x",
1613 range->we_version_compiled,
1614 range->we_version_source,
1616 drv->has_capability = 1;
1617 drv->we_version_compiled = range->we_version_compiled;
1618 if (range->enc_capa & IW_ENC_CAPA_WPA) {
1619 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1620 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK;
1622 if (range->enc_capa & IW_ENC_CAPA_WPA2) {
1623 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1624 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1626 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
1627 WPA_DRIVER_CAPA_ENC_WEP104;
1628 if (range->enc_capa & IW_ENC_CAPA_CIPHER_TKIP)
1629 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
1630 if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP)
1631 drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
1632 wpa_printf(MSG_DEBUG, " capabilities: key_mgmt 0x%x enc 0x%x",
1633 drv->capa.key_mgmt, drv->capa.enc);
1635 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: too old (short) data - "
1636 "assuming WPA is not supported");
1644 static int wpa_driver_nl80211_set_wpa(void *priv, int enabled)
1646 struct wpa_driver_nl80211_data *drv = priv;
1647 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1649 return wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_WPA_ENABLED,
1654 static int wpa_driver_nl80211_set_key(void *priv, wpa_alg alg,
1655 const u8 *addr, int key_idx,
1656 int set_tx, const u8 *seq,
1658 const u8 *key, size_t key_len)
1660 struct wpa_driver_nl80211_data *drv = priv;
1664 wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%p key_idx=%d set_tx=%d "
1665 "seq_len=%lu key_len=%lu",
1666 __func__, alg, addr, key_idx, set_tx,
1667 (unsigned long) seq_len, (unsigned long) key_len);
1669 msg = nlmsg_alloc();
1673 if (alg == WPA_ALG_NONE) {
1674 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1675 NL80211_CMD_DEL_KEY, 0);
1677 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1678 NL80211_CMD_NEW_KEY, 0);
1679 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
1683 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
1686 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
1690 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC02);
1693 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC04);
1701 if (addr && os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
1703 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
1704 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
1706 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1707 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1710 if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
1711 (err = nl_wait_for_ack(drv->nl_handle)) < 0) {
1712 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d", err);
1717 if (set_tx && alg != WPA_ALG_NONE) {
1719 msg = nlmsg_alloc();
1723 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1724 0, NL80211_CMD_SET_KEY, 0);
1725 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1726 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1727 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
1730 if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
1731 (err = nl_wait_for_ack(drv->nl_handle)) < 0) {
1732 wpa_printf(MSG_DEBUG, "nl80211: set default key "
1733 "failed; err=%d", err);
1747 static int wpa_driver_nl80211_set_countermeasures(void *priv,
1750 struct wpa_driver_nl80211_data *drv = priv;
1751 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1752 return wpa_driver_nl80211_set_auth_param(drv,
1753 IW_AUTH_TKIP_COUNTERMEASURES,
1758 static int wpa_driver_nl80211_set_drop_unencrypted(void *priv,
1761 struct wpa_driver_nl80211_data *drv = priv;
1762 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1763 drv->use_crypt = enabled;
1764 return wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
1769 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
1770 const u8 *addr, int cmd, int reason_code)
1773 struct iw_mlme mlme;
1776 os_memset(&iwr, 0, sizeof(iwr));
1777 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1778 os_memset(&mlme, 0, sizeof(mlme));
1780 mlme.reason_code = reason_code;
1781 mlme.addr.sa_family = ARPHRD_ETHER;
1782 os_memcpy(mlme.addr.sa_data, addr, ETH_ALEN);
1783 iwr.u.data.pointer = (caddr_t) &mlme;
1784 iwr.u.data.length = sizeof(mlme);
1786 if (ioctl(drv->ioctl_sock, SIOCSIWMLME, &iwr) < 0) {
1787 perror("ioctl[SIOCSIWMLME]");
1795 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
1798 struct wpa_driver_nl80211_data *drv = priv;
1799 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1800 return wpa_driver_nl80211_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
1804 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
1807 struct wpa_driver_nl80211_data *drv = priv;
1808 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1809 return wpa_driver_nl80211_mlme(drv, addr, IW_MLME_DISASSOC,
1814 static int wpa_driver_nl80211_set_gen_ie(void *priv, const u8 *ie,
1817 struct wpa_driver_nl80211_data *drv = priv;
1821 os_memset(&iwr, 0, sizeof(iwr));
1822 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1823 iwr.u.data.pointer = (caddr_t) ie;
1824 iwr.u.data.length = ie_len;
1826 if (ioctl(drv->ioctl_sock, SIOCSIWGENIE, &iwr) < 0) {
1827 perror("ioctl[SIOCSIWGENIE]");
1835 static int wpa_driver_nl80211_cipher2wext(int cipher)
1839 return IW_AUTH_CIPHER_NONE;
1841 return IW_AUTH_CIPHER_WEP40;
1843 return IW_AUTH_CIPHER_TKIP;
1845 return IW_AUTH_CIPHER_CCMP;
1847 return IW_AUTH_CIPHER_WEP104;
1854 static int wpa_driver_nl80211_keymgmt2wext(int keymgmt)
1857 case KEY_MGMT_802_1X:
1858 case KEY_MGMT_802_1X_NO_WPA:
1859 return IW_AUTH_KEY_MGMT_802_1X;
1861 return IW_AUTH_KEY_MGMT_PSK;
1869 wpa_driver_nl80211_auth_alg_fallback(struct wpa_driver_nl80211_data *drv,
1870 struct wpa_driver_associate_params *params)
1875 wpa_printf(MSG_DEBUG, "WEXT: Driver did not support "
1876 "SIOCSIWAUTH for AUTH_ALG, trying SIOCSIWENCODE");
1878 os_memset(&iwr, 0, sizeof(iwr));
1879 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
1880 /* Just changing mode, not actual keys */
1881 iwr.u.encoding.flags = 0;
1882 iwr.u.encoding.pointer = (caddr_t) NULL;
1883 iwr.u.encoding.length = 0;
1886 * Note: IW_ENCODE_{OPEN,RESTRICTED} can be interpreted to mean two
1887 * different things. Here they are used to indicate Open System vs.
1888 * Shared Key authentication algorithm. However, some drivers may use
1889 * them to select between open/restricted WEP encrypted (open = allow
1890 * both unencrypted and encrypted frames; restricted = only allow
1891 * encrypted frames).
1894 if (!drv->use_crypt) {
1895 iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
1897 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
1898 iwr.u.encoding.flags |= IW_ENCODE_OPEN;
1899 if (params->auth_alg & AUTH_ALG_SHARED_KEY)
1900 iwr.u.encoding.flags |= IW_ENCODE_RESTRICTED;
1903 if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
1904 perror("ioctl[SIOCSIWENCODE]");
1912 static int wpa_driver_nl80211_associate(
1913 void *priv, struct wpa_driver_associate_params *params)
1915 struct wpa_driver_nl80211_data *drv = priv;
1917 int allow_unencrypted_eapol;
1920 wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
1923 * If the driver did not support SIOCSIWAUTH, fallback to
1924 * SIOCSIWENCODE here.
1926 if (drv->auth_alg_fallback &&
1927 wpa_driver_nl80211_auth_alg_fallback(drv, params) < 0)
1930 if (!params->bssid &&
1931 wpa_driver_nl80211_set_bssid(drv, NULL) < 0)
1934 if (wpa_driver_nl80211_set_mode(drv, params->mode) < 0)
1936 /* TODO: should consider getting wpa version and cipher/key_mgmt suites
1937 * from configuration, not from here, where only the selected suite is
1939 if (wpa_driver_nl80211_set_gen_ie(drv, params->wpa_ie, params->wpa_ie_len)
1942 if (params->wpa_ie == NULL || params->wpa_ie_len == 0)
1943 value = IW_AUTH_WPA_VERSION_DISABLED;
1944 else if (params->wpa_ie[0] == WLAN_EID_RSN)
1945 value = IW_AUTH_WPA_VERSION_WPA2;
1947 value = IW_AUTH_WPA_VERSION_WPA;
1948 if (wpa_driver_nl80211_set_auth_param(drv,
1949 IW_AUTH_WPA_VERSION, value) < 0)
1951 value = wpa_driver_nl80211_cipher2wext(params->pairwise_suite);
1952 if (wpa_driver_nl80211_set_auth_param(drv,
1953 IW_AUTH_CIPHER_PAIRWISE, value) < 0)
1955 value = wpa_driver_nl80211_cipher2wext(params->group_suite);
1956 if (wpa_driver_nl80211_set_auth_param(drv,
1957 IW_AUTH_CIPHER_GROUP, value) < 0)
1959 value = wpa_driver_nl80211_keymgmt2wext(params->key_mgmt_suite);
1960 if (wpa_driver_nl80211_set_auth_param(drv,
1961 IW_AUTH_KEY_MGMT, value) < 0)
1963 value = params->key_mgmt_suite != KEY_MGMT_NONE ||
1964 params->pairwise_suite != CIPHER_NONE ||
1965 params->group_suite != CIPHER_NONE ||
1967 if (wpa_driver_nl80211_set_auth_param(drv,
1968 IW_AUTH_PRIVACY_INVOKED, value) < 0)
1971 /* Allow unencrypted EAPOL messages even if pairwise keys are set when
1972 * not using WPA. IEEE 802.1X specifies that these frames are not
1973 * encrypted, but WPA encrypts them when pairwise keys are in use. */
1974 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
1975 params->key_mgmt_suite == KEY_MGMT_PSK)
1976 allow_unencrypted_eapol = 0;
1978 allow_unencrypted_eapol = 1;
1980 if (wpa_driver_nl80211_set_auth_param(drv,
1981 IW_AUTH_RX_UNENCRYPTED_EAPOL,
1982 allow_unencrypted_eapol) < 0)
1984 if (params->freq && wpa_driver_nl80211_set_freq(drv, params->freq) < 0)
1986 if (wpa_driver_nl80211_set_ssid(drv, params->ssid, params->ssid_len) < 0)
1988 if (params->bssid &&
1989 wpa_driver_nl80211_set_bssid(drv, params->bssid) < 0)
1996 static int wpa_driver_nl80211_set_auth_alg(void *priv, int auth_alg)
1998 struct wpa_driver_nl80211_data *drv = priv;
2001 if (auth_alg & AUTH_ALG_OPEN_SYSTEM)
2002 algs |= IW_AUTH_ALG_OPEN_SYSTEM;
2003 if (auth_alg & AUTH_ALG_SHARED_KEY)
2004 algs |= IW_AUTH_ALG_SHARED_KEY;
2005 if (auth_alg & AUTH_ALG_LEAP)
2006 algs |= IW_AUTH_ALG_LEAP;
2008 /* at least one algorithm should be set */
2009 algs = IW_AUTH_ALG_OPEN_SYSTEM;
2012 res = wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
2014 drv->auth_alg_fallback = res == -2;
2020 * wpa_driver_nl80211_set_mode - Set wireless mode (infra/adhoc), SIOCSIWMODE
2021 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
2022 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2023 * Returns: 0 on success, -1 on failure
2025 static int wpa_driver_nl80211_set_mode(void *priv, int mode)
2027 struct wpa_driver_nl80211_data *drv = priv;
2028 int ret = -1, flags;
2031 msg = nlmsg_alloc();
2035 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2036 0, NL80211_CMD_SET_INTERFACE, 0);
2037 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2038 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE,
2039 mode ? NL80211_IFTYPE_ADHOC : NL80211_IFTYPE_STATION);
2041 if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
2042 nl_wait_for_ack(drv->nl_handle) < 0)
2053 /* mac80211 doesn't allow mode changes while the device is up, so
2054 * take the device down, try to set the mode again, and bring the
2057 if (wpa_driver_nl80211_get_ifflags(drv, &flags) == 0) {
2058 (void) wpa_driver_nl80211_set_ifflags(drv, flags & ~IFF_UP);
2060 /* Try to set the mode again while the interface is down */
2061 if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
2062 nl_wait_for_ack(drv->nl_handle) < 0) {
2063 wpa_printf(MSG_ERROR, "Failed to set interface %s "
2064 "mode", drv->ifname);
2068 /* Ignore return value of get_ifflags to ensure that the device
2069 * is always up like it was before this function was called.
2071 (void) wpa_driver_nl80211_get_ifflags(drv, &flags);
2072 (void) wpa_driver_nl80211_set_ifflags(drv, flags | IFF_UP);
2080 static int wpa_driver_nl80211_pmksa(struct wpa_driver_nl80211_data *drv,
2081 u32 cmd, const u8 *bssid, const u8 *pmkid)
2084 struct iw_pmksa pmksa;
2087 os_memset(&iwr, 0, sizeof(iwr));
2088 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
2089 os_memset(&pmksa, 0, sizeof(pmksa));
2091 pmksa.bssid.sa_family = ARPHRD_ETHER;
2093 os_memcpy(pmksa.bssid.sa_data, bssid, ETH_ALEN);
2095 os_memcpy(pmksa.pmkid, pmkid, IW_PMKID_LEN);
2096 iwr.u.data.pointer = (caddr_t) &pmksa;
2097 iwr.u.data.length = sizeof(pmksa);
2099 if (ioctl(drv->ioctl_sock, SIOCSIWPMKSA, &iwr) < 0) {
2100 if (errno != EOPNOTSUPP)
2101 perror("ioctl[SIOCSIWPMKSA]");
2109 static int wpa_driver_nl80211_add_pmkid(void *priv, const u8 *bssid,
2112 struct wpa_driver_nl80211_data *drv = priv;
2113 return wpa_driver_nl80211_pmksa(drv, IW_PMKSA_ADD, bssid, pmkid);
2117 static int wpa_driver_nl80211_remove_pmkid(void *priv, const u8 *bssid,
2120 struct wpa_driver_nl80211_data *drv = priv;
2121 return wpa_driver_nl80211_pmksa(drv, IW_PMKSA_REMOVE, bssid, pmkid);
2125 static int wpa_driver_nl80211_flush_pmkid(void *priv)
2127 struct wpa_driver_nl80211_data *drv = priv;
2128 return wpa_driver_nl80211_pmksa(drv, IW_PMKSA_FLUSH, NULL, NULL);
2132 static int wpa_driver_nl80211_get_capa(void *priv,
2133 struct wpa_driver_capa *capa)
2135 struct wpa_driver_nl80211_data *drv = priv;
2136 if (!drv->has_capability)
2138 os_memcpy(capa, &drv->capa, sizeof(*capa));
2143 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
2145 struct wpa_driver_nl80211_data *drv = priv;
2147 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2148 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2149 drv->operstate = state;
2150 return wpa_driver_nl80211_send_oper_ifla(
2151 drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT);
2155 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
2157 .desc = "Linux nl80211/cfg80211",
2158 .get_bssid = wpa_driver_nl80211_get_bssid,
2159 .get_ssid = wpa_driver_nl80211_get_ssid,
2160 .set_wpa = wpa_driver_nl80211_set_wpa,
2161 .set_key = wpa_driver_nl80211_set_key,
2162 .set_countermeasures = wpa_driver_nl80211_set_countermeasures,
2163 .set_drop_unencrypted = wpa_driver_nl80211_set_drop_unencrypted,
2164 .scan = wpa_driver_nl80211_scan,
2165 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
2166 .deauthenticate = wpa_driver_nl80211_deauthenticate,
2167 .disassociate = wpa_driver_nl80211_disassociate,
2168 .associate = wpa_driver_nl80211_associate,
2169 .set_auth_alg = wpa_driver_nl80211_set_auth_alg,
2170 .init = wpa_driver_nl80211_init,
2171 .deinit = wpa_driver_nl80211_deinit,
2172 .add_pmkid = wpa_driver_nl80211_add_pmkid,
2173 .remove_pmkid = wpa_driver_nl80211_remove_pmkid,
2174 .flush_pmkid = wpa_driver_nl80211_flush_pmkid,
2175 .get_capa = wpa_driver_nl80211_get_capa,
2176 .set_operstate = wpa_driver_nl80211_set_operstate,