2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
16 #include <sys/ioctl.h>
17 #include <net/if_arp.h>
18 #include <netlink/genl/genl.h>
19 #include <netlink/genl/family.h>
20 #include <netlink/genl/ctrl.h>
21 #include "nl80211_copy.h"
22 #include "wireless_copy.h"
27 #include "ieee802_11_defs.h"
29 #if defined(CONFIG_AP) || defined(HOSTAPD)
30 #include <netpacket/packet.h>
31 #include <linux/filter.h>
33 #include "radiotap_iter.h"
34 #endif /* CONFIG_AP || HOSTAPD */
38 #include "../hostapd/hostapd_defs.h"
41 #define ETH_P_ALL 0x0003
44 #endif /* CONFIG_AP */
47 #include <netlink/msg.h>
48 #include <netlink/attr.h>
50 #include <net/if_arp.h>
52 #include "../../hostapd/hostapd.h"
53 #include "../../hostapd/config.h"
54 #include "../../hostapd/hw_features.h"
55 #include "../../hostapd/mlme.h"
56 #include "../../hostapd/sta_flags.h"
57 #include "ieee802_11_common.h"
60 /* libnl 2.0 compatibility code */
61 #define nl_handle_alloc_cb nl_socket_alloc_cb
62 #define nl_handle_destroy nl_socket_free
63 #endif /* CONFIG_LIBNL20 */
69 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
72 #define IFF_DORMANT 0x20000 /* driver signals dormant */
75 #ifndef IF_OPER_DORMANT
76 #define IF_OPER_DORMANT 5
83 struct i802_bss *next;
84 char ifname[IFNAMSIZ + 1];
85 unsigned int beacon_set:1;
88 struct wpa_driver_nl80211_data {
91 int ioctl_sock; /* socket for ioctl() use */
92 char ifname[IFNAMSIZ + 1];
95 struct wpa_driver_capa capa;
100 int scan_complete_events;
102 struct nl_handle *nl_handle;
103 struct nl_cache *nl_cache;
105 struct genl_family *nl80211;
114 unsigned int beacon_set:1;
117 #endif /* CONFIG_AP */
120 struct hostapd_data *hapd;
122 int eapol_sock; /* socket for EAPOL frames */
123 int monitor_sock; /* socket for monitor */
126 int default_if_indices[16];
132 unsigned int ht_40mhz_scan:1;
136 struct hostapd_neighbor_bss *neighbors;
137 size_t num_neighbors;
142 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
144 static int wpa_driver_nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
147 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
150 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
152 #endif /* CONFIG_AP */
156 static int ack_handler(struct nl_msg *msg, void *arg)
163 static int finish_handler(struct nl_msg *msg, void *arg)
170 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
179 static int no_seq_check(struct nl_msg *msg, void *arg)
185 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
187 int (*valid_handler)(struct nl_msg *, void *),
193 cb = nl_cb_clone(drv->nl_cb);
197 err = nl_send_auto_complete(drv->nl_handle, msg);
203 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
204 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
205 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
208 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
209 valid_handler, valid_data);
212 nl_recvmsgs(drv->nl_handle, cb);
226 static int family_handler(struct nl_msg *msg, void *arg)
228 struct family_data *res = arg;
229 struct nlattr *tb[CTRL_ATTR_MAX + 1];
230 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
231 struct nlattr *mcgrp;
234 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
235 genlmsg_attrlen(gnlh, 0), NULL);
236 if (!tb[CTRL_ATTR_MCAST_GROUPS])
239 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
240 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
241 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
242 nla_len(mcgrp), NULL);
243 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
244 !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
245 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
247 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
249 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
257 static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv,
258 const char *family, const char *group)
262 struct family_data res = { group, -ENOENT };
267 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"),
268 0, 0, CTRL_CMD_GETFAMILY, 0);
269 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
271 ret = send_and_recv_msgs(drv, msg, family_handler, &res);
282 static int wpa_driver_nl80211_send_oper_ifla(
283 struct wpa_driver_nl80211_data *drv,
284 int linkmode, int operstate)
288 struct ifinfomsg ifinfo;
295 os_memset(&req, 0, sizeof(req));
297 req.hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
298 req.hdr.nlmsg_type = RTM_SETLINK;
299 req.hdr.nlmsg_flags = NLM_F_REQUEST;
300 req.hdr.nlmsg_seq = ++nl_seq;
301 req.hdr.nlmsg_pid = 0;
303 req.ifinfo.ifi_family = AF_UNSPEC;
304 req.ifinfo.ifi_type = 0;
305 req.ifinfo.ifi_index = drv->ifindex;
306 req.ifinfo.ifi_flags = 0;
307 req.ifinfo.ifi_change = 0;
309 if (linkmode != -1) {
310 rta = (struct rtattr *)
311 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
312 rta->rta_type = IFLA_LINKMODE;
313 rta->rta_len = RTA_LENGTH(sizeof(char));
314 *((char *) RTA_DATA(rta)) = linkmode;
315 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
316 RTA_LENGTH(sizeof(char));
318 if (operstate != -1) {
319 rta = (struct rtattr *)
320 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
321 rta->rta_type = IFLA_OPERSTATE;
322 rta->rta_len = RTA_LENGTH(sizeof(char));
323 *((char *) RTA_DATA(rta)) = operstate;
324 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
325 RTA_LENGTH(sizeof(char));
328 wpa_printf(MSG_DEBUG, "WEXT: Operstate: linkmode=%d, operstate=%d",
329 linkmode, operstate);
331 ret = send(drv->link_event_sock, &req, req.hdr.nlmsg_len, 0);
333 wpa_printf(MSG_DEBUG, "WEXT: Sending operstate IFLA failed: "
334 "%s (assume operstate is not supported)",
338 return ret < 0 ? -1 : 0;
342 static int wpa_driver_nl80211_set_auth_param(
343 struct wpa_driver_nl80211_data *drv, int idx, u32 value)
348 os_memset(&iwr, 0, sizeof(iwr));
349 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
350 iwr.u.param.flags = idx & IW_AUTH_INDEX;
351 iwr.u.param.value = value;
353 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
354 if (errno != EOPNOTSUPP) {
355 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
356 "value 0x%x) failed: %s)",
357 idx, value, strerror(errno));
359 ret = errno == EOPNOTSUPP ? -2 : -1;
366 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
368 struct wpa_driver_nl80211_data *drv = priv;
369 if (!drv->associated)
371 os_memcpy(bssid, drv->bssid, ETH_ALEN);
376 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
378 struct wpa_driver_nl80211_data *drv = priv;
379 if (!drv->associated)
381 os_memcpy(ssid, drv->ssid, drv->ssid_len);
382 return drv->ssid_len;
387 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
388 void *ctx, char *buf, size_t len,
391 union wpa_event_data event;
393 os_memset(&event, 0, sizeof(event));
394 if (len > sizeof(event.interface_status.ifname))
395 len = sizeof(event.interface_status.ifname) - 1;
396 os_memcpy(event.interface_status.ifname, buf, len);
397 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
398 EVENT_INTERFACE_ADDED;
400 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
402 event.interface_status.ifname,
403 del ? "removed" : "added");
405 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
412 wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event);
416 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
419 struct ifinfomsg *ifi;
420 int attrlen, _nlmsg_len, rta_len;
425 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
427 attrlen = h->nlmsg_len - _nlmsg_len;
431 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
433 rta_len = RTA_ALIGN(sizeof(struct rtattr));
434 while (RTA_OK(attr, attrlen)) {
435 if (attr->rta_type == IFLA_IFNAME) {
436 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
442 attr = RTA_NEXT(attr, attrlen);
449 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
450 int ifindex, struct nlmsghdr *h)
452 if (drv->ifindex == ifindex)
455 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, h)) {
456 drv->ifindex = if_nametoindex(drv->ifname);
457 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
459 wpa_driver_nl80211_finish_drv_init(drv);
467 static void wpa_driver_nl80211_event_rtm_newlink(struct wpa_driver_nl80211_data *drv,
468 void *ctx, struct nlmsghdr *h,
471 struct ifinfomsg *ifi;
472 int attrlen, _nlmsg_len, rta_len;
473 struct rtattr * attr;
475 if (len < sizeof(*ifi))
480 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, h)) {
481 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
486 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
488 drv->operstate, ifi->ifi_flags,
489 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
490 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
491 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
492 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
494 * Some drivers send the association event before the operup event--in
495 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
496 * fails. This will hit us when wpa_supplicant does not need to do
497 * IEEE 802.1X authentication
499 if (drv->operstate == 1 &&
500 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
501 !(ifi->ifi_flags & IFF_RUNNING))
502 wpa_driver_nl80211_send_oper_ifla(drv, -1, IF_OPER_UP);
504 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
506 attrlen = h->nlmsg_len - _nlmsg_len;
510 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
512 rta_len = RTA_ALIGN(sizeof(struct rtattr));
513 while (RTA_OK(attr, attrlen)) {
514 if (attr->rta_type == IFLA_IFNAME) {
515 wpa_driver_nl80211_event_link(
517 ((char *) attr) + rta_len,
518 attr->rta_len - rta_len, 0);
520 attr = RTA_NEXT(attr, attrlen);
525 static void wpa_driver_nl80211_event_rtm_dellink(struct wpa_driver_nl80211_data *drv,
526 void *ctx, struct nlmsghdr *h,
529 struct ifinfomsg *ifi;
530 int attrlen, _nlmsg_len, rta_len;
531 struct rtattr * attr;
533 if (len < sizeof(*ifi))
538 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
540 attrlen = h->nlmsg_len - _nlmsg_len;
544 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
546 rta_len = RTA_ALIGN(sizeof(struct rtattr));
547 while (RTA_OK(attr, attrlen)) {
548 if (attr->rta_type == IFLA_IFNAME) {
549 wpa_driver_nl80211_event_link(
551 ((char *) attr) + rta_len,
552 attr->rta_len - rta_len, 1);
554 attr = RTA_NEXT(attr, attrlen);
559 static void wpa_driver_nl80211_event_receive_link(int sock, void *eloop_ctx,
564 struct sockaddr_nl from;
570 fromlen = sizeof(from);
571 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
572 (struct sockaddr *) &from, &fromlen);
574 if (errno != EINTR && errno != EAGAIN)
575 perror("recvfrom(netlink)");
579 h = (struct nlmsghdr *) buf;
580 while (left >= (int) sizeof(*h)) {
584 plen = len - sizeof(*h);
585 if (len > left || plen < 0) {
586 wpa_printf(MSG_DEBUG, "Malformed netlink message: "
587 "len=%d left=%d plen=%d",
592 switch (h->nlmsg_type) {
594 wpa_driver_nl80211_event_rtm_newlink(eloop_ctx, sock_ctx,
598 wpa_driver_nl80211_event_rtm_dellink(eloop_ctx, sock_ctx,
603 len = NLMSG_ALIGN(len);
605 h = (struct nlmsghdr *) ((char *) h + len);
609 wpa_printf(MSG_DEBUG, "%d extra bytes in the end of netlink "
613 if (--max_events > 0) {
615 * Try to receive all events in one eloop call in order to
616 * limit race condition on cases where AssocInfo event, Assoc
617 * event, and EAPOL frames are received more or less at the
618 * same time. We want to process the event messages first
619 * before starting EAPOL processing.
626 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
627 const u8 *frame, size_t len)
629 const struct ieee80211_mgmt *mgmt;
630 union wpa_event_data event;
632 mgmt = (const struct ieee80211_mgmt *) frame;
633 if (len < 24 + sizeof(mgmt->u.auth)) {
634 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
639 os_memset(&event, 0, sizeof(event));
640 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
641 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
642 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
643 if (len > 24 + sizeof(mgmt->u.auth)) {
644 event.auth.ies = mgmt->u.auth.variable;
645 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
648 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
652 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
653 const u8 *frame, size_t len)
655 const struct ieee80211_mgmt *mgmt;
656 union wpa_event_data event;
659 mgmt = (const struct ieee80211_mgmt *) frame;
660 if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
661 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
666 status = le_to_host16(mgmt->u.assoc_resp.status_code);
667 if (status != WLAN_STATUS_SUCCESS) {
668 os_memset(&event, 0, sizeof(event));
669 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
670 event.assoc_reject.resp_ies =
671 (u8 *) mgmt->u.assoc_resp.variable;
672 event.assoc_reject.resp_ies_len =
673 len - 24 - sizeof(mgmt->u.assoc_resp);
675 event.assoc_reject.status_code = status;
677 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
682 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
684 os_memset(&event, 0, sizeof(event));
685 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
686 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
687 event.assoc_info.resp_ies_len =
688 len - 24 - sizeof(mgmt->u.assoc_resp);
691 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
695 static void mlme_event(struct wpa_driver_nl80211_data *drv,
696 enum nl80211_commands cmd, struct nlattr *frame)
699 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame "
704 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd);
705 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
706 nla_data(frame), nla_len(frame));
709 case NL80211_CMD_AUTHENTICATE:
710 mlme_event_auth(drv, nla_data(frame), nla_len(frame));
712 case NL80211_CMD_ASSOCIATE:
713 mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
715 case NL80211_CMD_DEAUTHENTICATE:
717 wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, NULL);
719 case NL80211_CMD_DISASSOCIATE:
721 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
731 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv,
735 if (tb[NL80211_ATTR_MAC])
736 hostapd_michael_mic_failure(drv->hapd,
737 nla_data(tb[NL80211_ATTR_MAC]));
739 union wpa_event_data data;
741 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
742 os_memset(&data, 0, sizeof(data));
743 if (tb[NL80211_ATTR_MAC]) {
744 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
745 nla_data(tb[NL80211_ATTR_MAC]),
746 nla_len(tb[NL80211_ATTR_MAC]));
748 if (tb[NL80211_ATTR_KEY_SEQ]) {
749 wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
750 nla_data(tb[NL80211_ATTR_KEY_SEQ]),
751 nla_len(tb[NL80211_ATTR_KEY_SEQ]));
753 if (tb[NL80211_ATTR_KEY_TYPE]) {
754 enum nl80211_key_type key_type =
755 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
756 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
757 if (key_type == NL80211_KEYTYPE_PAIRWISE)
758 data.michael_mic_failure.unicast = 1;
760 data.michael_mic_failure.unicast = 1;
762 if (tb[NL80211_ATTR_KEY_IDX]) {
763 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
764 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
767 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
772 static int process_event(struct nl_msg *msg, void *arg)
774 struct wpa_driver_nl80211_data *drv = arg;
775 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
776 struct nlattr *tb[NL80211_ATTR_MAX + 1];
778 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
779 genlmsg_attrlen(gnlh, 0), NULL);
781 if (tb[NL80211_ATTR_IFINDEX]) {
782 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
783 if (ifindex != drv->ifindex) {
784 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)"
785 " for foreign interface (ifindex %d)",
793 case NL80211_CMD_NEW_SCAN_RESULTS:
794 wpa_printf(MSG_DEBUG, "nl80211: New scan results available");
795 drv->scan_complete_events = 1;
796 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
798 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, NULL);
800 case NL80211_CMD_SCAN_ABORTED:
801 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted");
803 * Need to indicate that scan results are available in order
804 * not to make wpa_supplicant stop its scanning.
806 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
808 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, NULL);
810 case NL80211_CMD_AUTHENTICATE:
811 case NL80211_CMD_ASSOCIATE:
812 case NL80211_CMD_DEAUTHENTICATE:
813 case NL80211_CMD_DISASSOCIATE:
814 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME]);
817 case NL80211_CMD_MICHAEL_MIC_FAILURE:
818 mlme_event_michael_mic_failure(drv, tb);
821 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
822 "(cmd=%d)", gnlh->cmd);
830 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
834 struct wpa_driver_nl80211_data *drv = eloop_ctx;
836 wpa_printf(MSG_DEBUG, "nl80211: Event message available");
838 cb = nl_cb_clone(drv->nl_cb);
841 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
842 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv);
843 nl_recvmsgs(drv->nl_handle, cb);
848 static int wpa_driver_nl80211_get_ifflags_ifname(struct wpa_driver_nl80211_data *drv,
849 const char *ifname, int *flags)
853 os_memset(&ifr, 0, sizeof(ifr));
854 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
855 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
856 perror("ioctl[SIOCGIFFLAGS]");
859 *flags = ifr.ifr_flags & 0xffff;
865 * wpa_driver_nl80211_get_ifflags - Get interface flags (SIOCGIFFLAGS)
866 * @drv: driver_nl80211 private data
867 * @flags: Pointer to returned flags value
868 * Returns: 0 on success, -1 on failure
870 static int wpa_driver_nl80211_get_ifflags(struct wpa_driver_nl80211_data *drv,
873 return wpa_driver_nl80211_get_ifflags_ifname(drv, drv->ifname, flags);
877 static int wpa_driver_nl80211_set_ifflags_ifname(
878 struct wpa_driver_nl80211_data *drv,
879 const char *ifname, int flags)
883 os_memset(&ifr, 0, sizeof(ifr));
884 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
885 ifr.ifr_flags = flags & 0xffff;
886 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
887 perror("SIOCSIFFLAGS");
895 * wpa_driver_nl80211_set_ifflags - Set interface flags (SIOCSIFFLAGS)
896 * @drv: driver_nl80211 private data
897 * @flags: New value for flags
898 * Returns: 0 on success, -1 on failure
900 static int wpa_driver_nl80211_set_ifflags(struct wpa_driver_nl80211_data *drv,
903 return wpa_driver_nl80211_set_ifflags_ifname(drv, drv->ifname, flags);
908 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
909 * @priv: driver_nl80211 private data
910 * @alpha2_arg: country to which to switch to
911 * Returns: 0 on success, -1 on failure
913 * This asks nl80211 to set the regulatory domain for given
914 * country ISO / IEC alpha2.
916 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
918 struct wpa_driver_nl80211_data *drv = priv;
924 goto nla_put_failure;
926 alpha2[0] = alpha2_arg[0];
927 alpha2[1] = alpha2_arg[1];
930 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
931 0, NL80211_CMD_REQ_SET_REG, 0);
933 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
934 if (send_and_recv_msgs(drv, msg, NULL, NULL))
942 struct wiphy_info_data {
948 static int wiphy_info_handler(struct nl_msg *msg, void *arg)
950 struct nlattr *tb[NL80211_ATTR_MAX + 1];
951 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
952 struct wiphy_info_data *info = arg;
954 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
955 genlmsg_attrlen(gnlh, 0), NULL);
957 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
958 info->max_scan_ssids =
959 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
961 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) {
962 struct nlattr *nl_mode;
964 nla_for_each_nested(nl_mode,
965 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) {
966 if (nl_mode->nla_type == NL80211_IFTYPE_AP) {
967 info->ap_supported = 1;
977 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
978 struct wiphy_info_data *info)
982 os_memset(info, 0, sizeof(*info));
987 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
988 0, NL80211_CMD_GET_WIPHY, 0);
990 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
992 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0)
1001 static void wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
1003 struct wiphy_info_data info;
1004 if (wpa_driver_nl80211_get_info(drv, &info))
1006 drv->has_capability = 1;
1007 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
1008 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1009 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
1010 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1011 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1012 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
1013 WPA_DRIVER_CAPA_ENC_WEP104 |
1014 WPA_DRIVER_CAPA_ENC_TKIP |
1015 WPA_DRIVER_CAPA_ENC_CCMP;
1017 drv->capa.max_scan_ssids = info.max_scan_ssids;
1018 if (info.ap_supported)
1019 drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
1024 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
1025 * @ctx: context to be used when calling wpa_supplicant functions,
1026 * e.g., wpa_supplicant_event()
1027 * @ifname: interface name, e.g., wlan0
1028 * Returns: Pointer to private data, %NULL on failure
1030 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname)
1033 struct sockaddr_nl local;
1034 struct wpa_driver_nl80211_data *drv;
1036 drv = os_zalloc(sizeof(*drv));
1040 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
1042 drv->monitor_ifidx = -1;
1043 drv->monitor_sock = -1;
1044 #endif /* CONFIG_AP */
1046 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1047 if (drv->nl_cb == NULL) {
1048 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1053 drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb);
1054 if (drv->nl_handle == NULL) {
1055 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1060 if (genl_connect(drv->nl_handle)) {
1061 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1066 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
1067 if (drv->nl_cache == NULL) {
1068 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1073 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
1074 if (drv->nl80211 == NULL) {
1075 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
1080 ret = nl_get_multicast_id(drv, "nl80211", "scan");
1082 ret = nl_socket_add_membership(drv->nl_handle, ret);
1084 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1085 "membership for scan events: %d (%s)",
1086 ret, strerror(-ret));
1090 ret = nl_get_multicast_id(drv, "nl80211", "mlme");
1092 ret = nl_socket_add_membership(drv->nl_handle, ret);
1094 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1095 "membership for mlme events: %d (%s)",
1096 ret, strerror(-ret));
1099 drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
1101 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle),
1102 wpa_driver_nl80211_event_receive, drv, ctx);
1104 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1105 if (drv->ioctl_sock < 0) {
1106 perror("socket(PF_INET,SOCK_DGRAM)");
1110 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
1112 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
1116 os_memset(&local, 0, sizeof(local));
1117 local.nl_family = AF_NETLINK;
1118 local.nl_groups = RTMGRP_LINK;
1119 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
1120 perror("bind(netlink)");
1126 eloop_register_read_sock(s, wpa_driver_nl80211_event_receive_link, drv,
1128 #endif /* HOSTAPD */
1129 drv->link_event_sock = s;
1131 if (wpa_driver_nl80211_finish_drv_init(drv))
1137 eloop_unregister_read_sock(drv->link_event_sock);
1138 close(drv->link_event_sock);
1140 close(drv->ioctl_sock);
1142 genl_family_put(drv->nl80211);
1144 nl_cache_free(drv->nl_cache);
1146 nl_handle_destroy(drv->nl_handle);
1148 nl_cb_put(drv->nl_cb);
1156 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
1160 drv->ifindex = if_nametoindex(drv->ifname);
1162 if (wpa_driver_nl80211_set_mode(drv, 0) < 0) {
1163 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to "
1164 "use managed mode");
1167 if (wpa_driver_nl80211_get_ifflags(drv, &flags) != 0) {
1168 wpa_printf(MSG_ERROR, "Could not get interface '%s' flags",
1172 if (!(flags & IFF_UP)) {
1173 if (wpa_driver_nl80211_set_ifflags(drv, flags | IFF_UP) != 0) {
1174 wpa_printf(MSG_ERROR, "Could not set interface '%s' "
1180 wpa_driver_nl80211_capa(drv);
1182 wpa_driver_nl80211_send_oper_ifla(drv, 1, IF_OPER_DORMANT);
1189 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
1190 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init()
1192 * Shut down driver interface and processing of driver events. Free
1193 * private data buffer if one was allocated in wpa_driver_nl80211_init().
1195 static void wpa_driver_nl80211_deinit(void *priv)
1197 struct wpa_driver_nl80211_data *drv = priv;
1201 if (drv->monitor_ifidx >= 0)
1202 nl80211_remove_iface(drv, drv->monitor_ifidx);
1203 if (drv->monitor_sock >= 0) {
1204 eloop_unregister_read_sock(drv->monitor_sock);
1205 close(drv->monitor_sock);
1207 #endif /* CONFIG_AP */
1209 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1211 wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED, 0);
1213 wpa_driver_nl80211_send_oper_ifla(priv, 0, IF_OPER_UP);
1215 eloop_unregister_read_sock(drv->link_event_sock);
1217 if (wpa_driver_nl80211_get_ifflags(drv, &flags) == 0)
1218 (void) wpa_driver_nl80211_set_ifflags(drv, flags & ~IFF_UP);
1219 wpa_driver_nl80211_set_mode(drv, 0);
1221 close(drv->link_event_sock);
1222 close(drv->ioctl_sock);
1224 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle));
1225 genl_family_put(drv->nl80211);
1226 nl_cache_free(drv->nl_cache);
1227 nl_handle_destroy(drv->nl_handle);
1228 nl_cb_put(drv->nl_cb);
1235 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
1236 * @eloop_ctx: Unused
1237 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
1239 * This function can be used as registered timeout when starting a scan to
1240 * generate a scan completed event if the driver does not report this.
1242 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1244 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1246 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1247 #endif /* HOSTAPD */
1252 * wpa_driver_nl80211_scan - Request the driver to initiate scan
1253 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
1254 * @params: Scan parameters
1255 * Returns: 0 on success, -1 on failure
1257 static int wpa_driver_nl80211_scan(void *priv,
1258 struct wpa_driver_scan_params *params)
1260 struct wpa_driver_nl80211_data *drv = priv;
1261 int ret = 0, timeout;
1262 struct nl_msg *msg, *ssids, *freqs;
1265 msg = nlmsg_alloc();
1266 ssids = nlmsg_alloc();
1267 freqs = nlmsg_alloc();
1268 if (!msg || !ssids || !freqs) {
1275 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1276 NL80211_CMD_TRIGGER_SCAN, 0);
1278 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1280 for (i = 0; i < params->num_ssids; i++) {
1281 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
1282 params->ssids[i].ssid);
1284 if (params->num_ssids)
1285 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
1287 if (params->extra_ies) {
1288 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
1292 if (params->freqs) {
1293 for (i = 0; params->freqs[i]; i++)
1294 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
1295 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
1298 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1301 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
1302 "(%s)", ret, strerror(-ret));
1303 goto nla_put_failure;
1306 /* Not all drivers generate "scan completed" wireless event, so try to
1307 * read results after a timeout. */
1309 if (drv->scan_complete_events) {
1311 * The driver seems to deliver events to notify when scan is
1312 * complete, so use longer timeout to avoid race conditions
1313 * with scanning and following association request.
1317 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1318 "seconds", ret, timeout);
1319 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1320 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
1331 static int bss_info_handler(struct nl_msg *msg, void *arg)
1333 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1334 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1335 struct nlattr *bss[NL80211_BSS_MAX + 1];
1336 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
1337 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
1338 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
1339 [NL80211_BSS_TSF] = { .type = NLA_U64 },
1340 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
1341 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
1342 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
1343 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
1344 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
1346 struct wpa_scan_results *res = arg;
1347 struct wpa_scan_res **tmp;
1348 struct wpa_scan_res *r;
1352 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1353 genlmsg_attrlen(gnlh, 0), NULL);
1354 if (!tb[NL80211_ATTR_BSS])
1356 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
1359 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
1360 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1361 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1367 r = os_zalloc(sizeof(*r) + ie_len);
1370 if (bss[NL80211_BSS_BSSID])
1371 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
1373 if (bss[NL80211_BSS_FREQUENCY])
1374 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
1375 if (bss[NL80211_BSS_BEACON_INTERVAL])
1376 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
1377 if (bss[NL80211_BSS_CAPABILITY])
1378 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
1379 r->flags |= WPA_SCAN_NOISE_INVALID;
1380 if (bss[NL80211_BSS_SIGNAL_MBM]) {
1381 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
1382 r->level /= 100; /* mBm to dBm */
1383 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
1384 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
1385 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
1386 r->flags |= WPA_SCAN_LEVEL_INVALID;
1388 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
1389 if (bss[NL80211_BSS_TSF])
1390 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
1393 os_memcpy(r + 1, ie, ie_len);
1395 tmp = os_realloc(res->res,
1396 (res->num + 1) * sizeof(struct wpa_scan_res *));
1401 tmp[res->num++] = r;
1409 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
1410 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
1411 * Returns: Scan results on success, -1 on failure
1413 static struct wpa_scan_results *
1414 wpa_driver_nl80211_get_scan_results(void *priv)
1416 struct wpa_driver_nl80211_data *drv = priv;
1418 struct wpa_scan_results *res;
1421 res = os_zalloc(sizeof(*res));
1424 msg = nlmsg_alloc();
1426 goto nla_put_failure;
1428 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP,
1429 NL80211_CMD_GET_SCAN, 0);
1430 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1432 ret = send_and_recv_msgs(drv, msg, bss_info_handler, res);
1435 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)",
1436 (unsigned long) res->num);
1439 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1440 "(%s)", ret, strerror(-ret));
1443 wpa_scan_results_free(res);
1448 static int nl_set_encr(int ifindex, struct wpa_driver_nl80211_data *drv,
1449 wpa_alg alg, const u8 *addr, int key_idx, int set_tx,
1450 const u8 *seq, size_t seq_len,
1451 const u8 *key, size_t key_len)
1456 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d "
1457 "set_tx=%d seq_len=%lu key_len=%lu",
1458 __func__, ifindex, alg, addr, key_idx, set_tx,
1459 (unsigned long) seq_len, (unsigned long) key_len);
1461 msg = nlmsg_alloc();
1465 if (alg == WPA_ALG_NONE) {
1466 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1467 0, NL80211_CMD_DEL_KEY, 0);
1469 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1470 0, NL80211_CMD_NEW_KEY, 0);
1471 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
1475 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
1478 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
1482 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC02);
1485 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC04);
1488 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC06);
1491 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
1492 "algorithm %d", __func__, alg);
1499 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
1501 if (addr && os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
1503 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
1504 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
1506 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1507 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
1509 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1510 if (ret == -ENOENT && alg == WPA_ALG_NONE)
1513 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
1514 ret, strerror(-ret));
1517 * If we failed or don't need to set the default TX key (below),
1520 if (ret || !set_tx || alg == WPA_ALG_NONE)
1522 #ifdef HOSTAPD /* FIX: is this needed? */
1525 #endif /* HOSTAPD */
1527 msg = nlmsg_alloc();
1531 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1532 0, NL80211_CMD_SET_KEY, 0);
1533 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1534 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
1535 if (alg == WPA_ALG_IGTK)
1536 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
1538 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
1540 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1544 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
1545 "err=%d %s)", ret, strerror(-ret));
1553 static int wpa_driver_nl80211_set_key(void *priv, wpa_alg alg,
1554 const u8 *addr, int key_idx,
1555 int set_tx, const u8 *seq,
1557 const u8 *key, size_t key_len)
1559 struct wpa_driver_nl80211_data *drv = priv;
1560 return nl_set_encr(drv->ifindex, drv, alg, addr, key_idx, set_tx, seq,
1561 seq_len, key, key_len);
1565 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
1566 const u8 *addr, int cmd, u16 reason_code)
1571 msg = nlmsg_alloc();
1575 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0);
1577 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1578 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
1579 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
1581 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1584 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
1585 "(%s)", ret, strerror(-ret));
1586 goto nla_put_failure;
1596 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
1599 struct wpa_driver_nl80211_data *drv = priv;
1600 wpa_printf(MSG_DEBUG, "%s", __func__);
1601 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
1606 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
1609 struct wpa_driver_nl80211_data *drv = priv;
1610 wpa_printf(MSG_DEBUG, "%s", __func__);
1611 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE,
1616 static int wpa_driver_nl80211_authenticate(
1617 void *priv, struct wpa_driver_auth_params *params)
1619 struct wpa_driver_nl80211_data *drv = priv;
1622 enum nl80211_auth_type type;
1624 drv->associated = 0;
1626 msg = nlmsg_alloc();
1630 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
1633 for (i = 0; i < 4; i++) {
1634 if (!params->wep_key[i])
1636 wpa_driver_nl80211_set_key(drv, WPA_ALG_WEP, NULL, i,
1637 i == params->wep_tx_keyidx, NULL, 0,
1639 params->wep_key_len[i]);
1642 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1643 NL80211_CMD_AUTHENTICATE, 0);
1645 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1646 if (params->bssid) {
1647 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
1648 MAC2STR(params->bssid));
1649 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
1652 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
1653 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
1656 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
1657 params->ssid, params->ssid_len);
1658 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
1661 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
1663 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
1665 * TODO: if multiple auth_alg options enabled, try them one by one if
1666 * the AP rejects authentication due to unknown auth alg
1668 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
1669 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
1670 else if (params->auth_alg & AUTH_ALG_SHARED_KEY)
1671 type = NL80211_AUTHTYPE_SHARED_KEY;
1672 else if (params->auth_alg & AUTH_ALG_LEAP)
1673 type = NL80211_AUTHTYPE_NETWORK_EAP;
1674 else if (params->auth_alg & AUTH_ALG_FT)
1675 type = NL80211_AUTHTYPE_FT;
1677 goto nla_put_failure;
1678 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
1679 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
1681 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1684 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
1685 "(%s)", ret, strerror(-ret));
1686 goto nla_put_failure;
1689 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
1698 #if defined(CONFIG_AP) || defined(HOSTAPD)
1700 struct phy_info_arg {
1702 struct hostapd_hw_modes *modes;
1705 static int phy_info_handler(struct nl_msg *msg, void *arg)
1707 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
1708 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1709 struct phy_info_arg *phy_info = arg;
1711 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
1713 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
1714 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
1715 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
1716 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
1717 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
1718 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
1719 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
1720 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
1723 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
1724 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
1725 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
1726 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
1729 struct nlattr *nl_band;
1730 struct nlattr *nl_freq;
1731 struct nlattr *nl_rate;
1732 int rem_band, rem_freq, rem_rate;
1733 struct hostapd_hw_modes *mode;
1734 int idx, mode_is_set;
1736 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1737 genlmsg_attrlen(gnlh, 0), NULL);
1739 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
1742 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
1743 mode = realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
1746 phy_info->modes = mode;
1750 mode = &phy_info->modes[*(phy_info->num_modes)];
1751 memset(mode, 0, sizeof(*mode));
1752 *(phy_info->num_modes) += 1;
1754 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
1755 nla_len(nl_band), NULL);
1757 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) {
1758 mode->ht_capab = nla_get_u16(
1759 tb_band[NL80211_BAND_ATTR_HT_CAPA]);
1762 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
1763 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
1764 nla_len(nl_freq), freq_policy);
1765 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
1767 mode->num_channels++;
1770 mode->channels = calloc(mode->num_channels, sizeof(struct hostapd_channel_data));
1771 if (!mode->channels)
1776 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
1777 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
1778 nla_len(nl_freq), freq_policy);
1779 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
1782 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
1783 mode->channels[idx].flag = 0;
1786 /* crude heuristic */
1787 if (mode->channels[idx].freq < 4000)
1788 mode->mode = HOSTAPD_MODE_IEEE80211B;
1790 mode->mode = HOSTAPD_MODE_IEEE80211A;
1794 /* crude heuristic */
1795 if (mode->channels[idx].freq < 4000)
1796 if (mode->channels[idx].freq == 2484)
1797 mode->channels[idx].chan = 14;
1799 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
1801 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
1803 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
1804 mode->channels[idx].flag |=
1805 HOSTAPD_CHAN_DISABLED;
1806 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
1807 mode->channels[idx].flag |=
1808 HOSTAPD_CHAN_PASSIVE_SCAN;
1809 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
1810 mode->channels[idx].flag |=
1811 HOSTAPD_CHAN_NO_IBSS;
1812 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
1813 mode->channels[idx].flag |=
1816 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] &&
1817 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
1818 mode->channels[idx].max_tx_power =
1819 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100;
1824 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
1825 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
1826 nla_len(nl_rate), rate_policy);
1827 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
1832 mode->rates = calloc(mode->num_rates, sizeof(struct hostapd_rate_data));
1838 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
1839 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
1840 nla_len(nl_rate), rate_policy);
1841 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
1843 mode->rates[idx].rate = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
1845 /* crude heuristic */
1846 if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
1847 mode->rates[idx].rate > 200)
1848 mode->mode = HOSTAPD_MODE_IEEE80211G;
1850 if (tb_rate[NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE])
1851 mode->rates[idx].flags |= HOSTAPD_RATE_PREAMBLE2;
1860 static struct hostapd_hw_modes *
1861 wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes)
1864 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
1865 int i, mode11g_idx = -1;
1867 /* If only 802.11g mode is included, use it to construct matching
1868 * 802.11b mode data. */
1870 for (m = 0; m < *num_modes; m++) {
1871 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
1872 return modes; /* 802.11b already included */
1873 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
1877 if (mode11g_idx < 0)
1878 return modes; /* 2.4 GHz band not supported at all */
1880 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes));
1882 return modes; /* Could not add 802.11b mode */
1884 mode = &nmodes[*num_modes];
1885 os_memset(mode, 0, sizeof(*mode));
1889 mode->mode = HOSTAPD_MODE_IEEE80211B;
1891 mode11g = &modes[mode11g_idx];
1892 mode->num_channels = mode11g->num_channels;
1893 mode->channels = os_malloc(mode11g->num_channels *
1894 sizeof(struct hostapd_channel_data));
1895 if (mode->channels == NULL) {
1897 return modes; /* Could not add 802.11b mode */
1899 os_memcpy(mode->channels, mode11g->channels,
1900 mode11g->num_channels * sizeof(struct hostapd_channel_data));
1902 mode->num_rates = 0;
1903 mode->rates = os_malloc(4 * sizeof(struct hostapd_rate_data));
1904 if (mode->rates == NULL) {
1905 os_free(mode->channels);
1907 return modes; /* Could not add 802.11b mode */
1910 for (i = 0; i < mode11g->num_rates; i++) {
1911 if (mode11g->rates[i].rate > 110 ||
1912 mode11g->rates[i].flags &
1913 (HOSTAPD_RATE_ERP | HOSTAPD_RATE_OFDM))
1915 mode->rates[mode->num_rates] = mode11g->rates[i];
1917 if (mode->num_rates == 4)
1921 if (mode->num_rates == 0) {
1922 os_free(mode->channels);
1923 os_free(mode->rates);
1925 return modes; /* No 802.11b rates */
1928 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
1935 static struct hostapd_hw_modes *
1936 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
1938 struct wpa_driver_nl80211_data *drv = priv;
1940 struct phy_info_arg result = {
1941 .num_modes = num_modes,
1948 msg = nlmsg_alloc();
1952 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1953 0, NL80211_CMD_GET_WIPHY, 0);
1955 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1957 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0)
1958 return wpa_driver_nl80211_add_11b(result.modes, num_modes);
1963 #endif /* CONFIG_AP || HOSTAPD */
1968 static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv,
1969 const void *data, size_t len,
1973 0x00, 0x00, /* radiotap version */
1974 0x0e, 0x00, /* radiotap length */
1975 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
1976 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
1978 0x00, 0x00, /* RX and TX flags to indicate that */
1979 0x00, 0x00, /* this is the injected frame directly */
1981 struct iovec iov[2] = {
1983 .iov_base = &rtap_hdr,
1984 .iov_len = sizeof(rtap_hdr),
1987 .iov_base = (void *) data,
1991 struct msghdr msg = {
1996 .msg_control = NULL,
1997 .msg_controllen = 0,
2002 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
2004 return sendmsg(drv->monitor_sock, &msg, 0);
2008 static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data,
2011 struct wpa_driver_nl80211_data *drv = priv;
2012 struct ieee80211_mgmt *mgmt;
2013 int do_not_encrypt = 0;
2016 mgmt = (struct ieee80211_mgmt *) data;
2017 fc = le_to_host16(mgmt->frame_control);
2019 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
2020 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
2022 * Only one of the authentication frame types is encrypted.
2023 * In order for static WEP encryption to work properly (i.e.,
2024 * to not encrypt the frame), we need to tell mac80211 about
2025 * the frames that must not be encrypted.
2027 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
2028 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
2029 if (auth_alg == WLAN_AUTH_OPEN ||
2030 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_trans != 3))
2034 return wpa_driver_nl80211_send_frame(drv, data, data_len,
2039 static int wpa_driver_nl80211_set_beacon(void *priv,
2040 const u8 *head, size_t head_len,
2041 const u8 *tail, size_t tail_len,
2044 struct wpa_driver_nl80211_data *drv = priv;
2046 u8 cmd = NL80211_CMD_NEW_BEACON;
2049 msg = nlmsg_alloc();
2053 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
2055 if (drv->beacon_set)
2056 cmd = NL80211_CMD_SET_BEACON;
2058 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2060 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
2061 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
2062 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2063 if (!drv->beacon_int)
2064 drv->beacon_int = 100;
2065 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, drv->beacon_int);
2066 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period);
2068 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2070 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
2071 ret, strerror(-ret));
2073 drv->beacon_set = 1;
2080 static int wpa_driver_nl80211_set_beacon_int(void *priv, int value)
2082 struct wpa_driver_nl80211_data *drv = priv;
2085 drv->beacon_int = value;
2087 if (!drv->beacon_set)
2090 msg = nlmsg_alloc();
2094 wpa_printf(MSG_DEBUG, "nl80211: Set beacon interval %d "
2095 "(beacon_set=%d)", value, drv->beacon_set);
2096 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2097 0, NL80211_CMD_SET_BEACON, 0);
2098 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2100 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, value);
2102 return send_and_recv_msgs(drv, msg, NULL, NULL);
2108 static int wpa_driver_nl80211_set_freq2(
2109 struct wpa_driver_nl80211_data *drv,
2110 struct wpa_driver_associate_params *params)
2115 msg = nlmsg_alloc();
2119 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2120 NL80211_CMD_SET_WIPHY, 0);
2122 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2124 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
2126 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2129 wpa_printf(MSG_DEBUG, "nl80211: MLME Failed to set channel (freq=%d): "
2130 "%d (%s)", params->freq, ret, strerror(-ret));
2136 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
2141 msg = nlmsg_alloc();
2143 goto nla_put_failure;
2145 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2146 0, NL80211_CMD_DEL_INTERFACE, 0);
2147 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
2149 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
2152 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d).\n",
2157 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
2158 const char *ifname, enum nl80211_iftype iftype)
2160 struct nl_msg *msg, *flags = NULL;
2164 msg = nlmsg_alloc();
2168 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2169 0, NL80211_CMD_NEW_INTERFACE, 0);
2170 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2171 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
2172 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
2174 if (iftype == NL80211_IFTYPE_MONITOR) {
2177 flags = nlmsg_alloc();
2179 goto nla_put_failure;
2181 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
2183 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
2188 goto nla_put_failure;
2191 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2194 wpa_printf(MSG_ERROR, "Failed to create interface %s.",
2199 ifidx = if_nametoindex(ifname);
2208 enum ieee80211_msg_type {
2209 ieee80211_msg_normal = 0,
2210 ieee80211_msg_tx_callback_ack = 1,
2211 ieee80211_msg_tx_callback_fail = 2,
2215 void ap_tx_status(void *ctx, const u8 *addr,
2216 const u8 *buf, size_t len, int ack);
2217 void ap_rx_from_unknown_sta(void *ctx, const u8 *addr);
2218 void ap_mgmt_rx(void *ctx, u8 *buf, size_t len, u16 stype,
2219 struct hostapd_frame_info *fi);
2220 void ap_mgmt_tx_cb(void *ctx, u8 *buf, size_t len, u16 stype, int ok);
2223 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
2225 struct ieee80211_hdr *hdr;
2226 u16 fc, type, stype;
2228 hdr = (struct ieee80211_hdr *) buf;
2229 fc = le_to_host16(hdr->frame_control);
2231 type = WLAN_FC_GET_TYPE(fc);
2232 stype = WLAN_FC_GET_STYPE(fc);
2235 case WLAN_FC_TYPE_MGMT:
2236 wpa_printf(MSG_DEBUG, "MGMT (TX callback) %s",
2237 ok ? "ACK" : "fail");
2238 ap_mgmt_tx_cb(ctx, buf, len, stype, ok);
2240 case WLAN_FC_TYPE_CTRL:
2241 wpa_printf(MSG_DEBUG, "CTRL (TX callback) %s",
2242 ok ? "ACK" : "fail");
2244 case WLAN_FC_TYPE_DATA:
2245 ap_tx_status(ctx, hdr->addr1, buf, len, ok);
2248 wpa_printf(MSG_DEBUG, "unknown TX callback frame type %d",
2255 static void handle_frame(struct wpa_driver_nl80211_data *drv,
2256 u8 *buf, size_t len,
2257 struct hostapd_frame_info *hfi,
2258 enum ieee80211_msg_type msg_type)
2260 struct ieee80211_hdr *hdr;
2261 u16 fc, type, stype;
2262 size_t data_len = len;
2265 * PS-Poll frames are 16 bytes. All other frames are
2266 * 24 bytes or longer.
2271 hdr = (struct ieee80211_hdr *) buf;
2272 fc = le_to_host16(hdr->frame_control);
2274 type = WLAN_FC_GET_TYPE(fc);
2275 stype = WLAN_FC_GET_STYPE(fc);
2278 case WLAN_FC_TYPE_DATA:
2281 switch (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) {
2284 case WLAN_FC_FROMDS:
2291 case WLAN_FC_TYPE_CTRL:
2292 /* discard non-ps-poll frames */
2293 if (stype != WLAN_FC_STYPE_PSPOLL)
2296 case WLAN_FC_TYPE_MGMT:
2304 case ieee80211_msg_normal:
2305 /* continue processing */
2307 case ieee80211_msg_tx_callback_ack:
2308 handle_tx_callback(drv->ctx, buf, data_len, 1);
2310 case ieee80211_msg_tx_callback_fail:
2311 handle_tx_callback(drv->ctx, buf, data_len, 0);
2316 case WLAN_FC_TYPE_MGMT:
2317 if (stype != WLAN_FC_STYPE_BEACON &&
2318 stype != WLAN_FC_STYPE_PROBE_REQ)
2319 wpa_printf(MSG_MSGDUMP, "MGMT");
2320 ap_mgmt_rx(drv->ctx, buf, data_len, stype, hfi);
2322 case WLAN_FC_TYPE_CTRL:
2323 /* can only get here with PS-Poll frames */
2324 wpa_printf(MSG_DEBUG, "CTRL");
2325 ap_rx_from_unknown_sta(drv->ctx, hdr->addr2);
2327 case WLAN_FC_TYPE_DATA:
2328 ap_rx_from_unknown_sta(drv->ctx, hdr->addr2);
2334 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
2336 struct wpa_driver_nl80211_data *drv = eloop_ctx;
2338 unsigned char buf[3000];
2339 struct ieee80211_radiotap_iterator iter;
2341 struct hostapd_frame_info hfi;
2342 int injected = 0, failed = 0, msg_type, rxflags = 0;
2344 len = recv(sock, buf, sizeof(buf), 0);
2350 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
2351 printf("received invalid radiotap frame\n");
2355 memset(&hfi, 0, sizeof(hfi));
2358 ret = ieee80211_radiotap_iterator_next(&iter);
2362 printf("received invalid radiotap frame (%d)\n", ret);
2365 switch (iter.this_arg_index) {
2366 case IEEE80211_RADIOTAP_FLAGS:
2367 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
2370 case IEEE80211_RADIOTAP_RX_FLAGS:
2373 case IEEE80211_RADIOTAP_TX_FLAGS:
2375 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
2376 IEEE80211_RADIOTAP_F_TX_FAIL;
2378 case IEEE80211_RADIOTAP_DATA_RETRIES:
2380 case IEEE80211_RADIOTAP_CHANNEL:
2381 /* TODO convert from freq/flags to channel number
2386 case IEEE80211_RADIOTAP_RATE:
2387 hfi.datarate = *iter.this_arg * 5;
2389 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
2390 hfi.ssi_signal = *iter.this_arg;
2395 if (rxflags && injected)
2399 msg_type = ieee80211_msg_normal;
2401 msg_type = ieee80211_msg_tx_callback_fail;
2403 msg_type = ieee80211_msg_tx_callback_ack;
2405 handle_frame(drv, buf + iter.max_length,
2406 len - iter.max_length, &hfi, msg_type);
2411 * we post-process the filter code later and rewrite
2412 * this to the offset to the last instruction
2417 static struct sock_filter msock_filter_insns[] = {
2419 * do a little-endian load of the radiotap length field
2421 /* load lower byte into A */
2422 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
2423 /* put it into X (== index register) */
2424 BPF_STMT(BPF_MISC| BPF_TAX, 0),
2425 /* load upper byte into A */
2426 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
2427 /* left-shift it by 8 */
2428 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
2430 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
2431 /* put result into X */
2432 BPF_STMT(BPF_MISC| BPF_TAX, 0),
2435 * Allow management frames through, this also gives us those
2436 * management frames that we sent ourselves with status
2438 /* load the lower byte of the IEEE 802.11 frame control field */
2439 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2440 /* mask off frame type and version */
2441 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
2442 /* accept frame if it's both 0, fall through otherwise */
2443 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
2446 * TODO: add a bit to radiotap RX flags that indicates
2447 * that the sending station is not associated, then
2448 * add a filter here that filters on our DA and that flag
2449 * to allow us to deauth frames to that bad station.
2451 * Not a regression -- we didn't do it before either.
2456 * drop non-data frames, WDS frames
2458 /* load the lower byte of the frame control field */
2459 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2460 /* mask off QoS bit */
2461 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
2462 /* drop non-data frames */
2463 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
2464 /* load the upper byte of the frame control field */
2465 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2466 /* mask off toDS/fromDS */
2467 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
2468 /* drop WDS frames */
2469 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, FAIL, 0),
2473 * add header length to index
2475 /* load the lower byte of the frame control field */
2476 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2477 /* mask off QoS bit */
2478 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
2479 /* right shift it by 6 to give 0 or 2 */
2480 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
2481 /* add data frame header length */
2482 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
2483 /* add index, was start of 802.11 header */
2484 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
2485 /* move to index, now start of LL header */
2486 BPF_STMT(BPF_MISC | BPF_TAX, 0),
2489 * Accept empty data frames, we use those for
2492 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
2493 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
2496 * Accept EAPOL frames
2498 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
2499 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
2500 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
2501 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
2503 /* keep these last two statements or change the code below */
2504 /* return 0 == "DROP" */
2505 BPF_STMT(BPF_RET | BPF_K, 0),
2506 /* return ~0 == "keep all" */
2507 BPF_STMT(BPF_RET | BPF_K, ~0),
2510 static struct sock_fprog msock_filter = {
2511 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
2512 .filter = msock_filter_insns,
2516 static int add_monitor_filter(int s)
2520 /* rewrite all PASS/FAIL jump offsets */
2521 for (idx = 0; idx < msock_filter.len; idx++) {
2522 struct sock_filter *insn = &msock_filter_insns[idx];
2524 if (BPF_CLASS(insn->code) == BPF_JMP) {
2525 if (insn->code == (BPF_JMP|BPF_JA)) {
2526 if (insn->k == PASS)
2527 insn->k = msock_filter.len - idx - 2;
2528 else if (insn->k == FAIL)
2529 insn->k = msock_filter.len - idx - 3;
2532 if (insn->jt == PASS)
2533 insn->jt = msock_filter.len - idx - 2;
2534 else if (insn->jt == FAIL)
2535 insn->jt = msock_filter.len - idx - 3;
2537 if (insn->jf == PASS)
2538 insn->jf = msock_filter.len - idx - 2;
2539 else if (insn->jf == FAIL)
2540 insn->jf = msock_filter.len - idx - 3;
2544 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
2545 &msock_filter, sizeof(msock_filter))) {
2546 perror("SO_ATTACH_FILTER");
2555 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
2558 struct sockaddr_ll ll;
2563 snprintf(buf, IFNAMSIZ, "mon.%s", drv->ifname);
2564 buf[IFNAMSIZ - 1] = '\0';
2566 drv->monitor_ifidx =
2567 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR);
2569 if (drv->monitor_ifidx < 0)
2572 if (wpa_driver_nl80211_get_ifflags_ifname(drv, buf, &flags) != 0) {
2573 wpa_printf(MSG_ERROR, "Could not get interface '%s' flags",
2577 if (!(flags & IFF_UP)) {
2578 if (wpa_driver_nl80211_set_ifflags_ifname(drv, buf,
2579 flags | IFF_UP) != 0)
2581 wpa_printf(MSG_ERROR, "Could not set interface '%s' "
2587 memset(&ll, 0, sizeof(ll));
2588 ll.sll_family = AF_PACKET;
2589 ll.sll_ifindex = drv->monitor_ifidx;
2590 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
2591 if (drv->monitor_sock < 0) {
2592 perror("socket[PF_PACKET,SOCK_RAW]");
2596 if (add_monitor_filter(drv->monitor_sock)) {
2597 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
2598 "interface; do filtering in user space");
2599 /* This works, but will cost in performance. */
2602 if (bind(drv->monitor_sock, (struct sockaddr *) &ll,
2604 perror("monitor socket bind");
2608 optlen = sizeof(optval);
2611 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
2612 perror("Failed to set socket priority");
2616 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
2618 printf("Could not register monitor read socket\n");
2624 nl80211_remove_iface(drv, drv->monitor_ifidx);
2629 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
2630 struct wpa_driver_associate_params *params)
2632 if (drv->monitor_ifidx < 0 &&
2633 nl80211_create_monitor_interface(drv))
2636 if (wpa_driver_nl80211_set_mode(drv, params->mode) ||
2637 wpa_driver_nl80211_set_freq2(drv, params)) {
2638 nl80211_remove_iface(drv, drv->monitor_ifidx);
2639 drv->monitor_ifidx = -1;
2643 /* TODO: setup monitor interface (and add code somewhere to remove this
2644 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */
2648 #endif /* CONFIG_AP */
2651 static int wpa_driver_nl80211_associate(
2652 void *priv, struct wpa_driver_associate_params *params)
2654 struct wpa_driver_nl80211_data *drv = priv;
2659 if (params->mode == 2)
2660 return wpa_driver_nl80211_ap(drv, params);
2661 #endif /* CONFIG_AP */
2663 wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
2664 params->drop_unencrypted);
2666 drv->associated = 0;
2668 msg = nlmsg_alloc();
2672 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
2674 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2675 NL80211_CMD_ASSOCIATE, 0);
2677 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2678 if (params->bssid) {
2679 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
2680 MAC2STR(params->bssid));
2681 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
2684 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
2685 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
2688 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
2689 params->ssid, params->ssid_len);
2690 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
2692 if (params->ssid_len > sizeof(drv->ssid))
2693 goto nla_put_failure;
2694 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
2695 drv->ssid_len = params->ssid_len;
2697 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
2699 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
2702 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2705 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
2706 "(%s)", ret, strerror(-ret));
2707 goto nla_put_failure;
2710 wpa_printf(MSG_DEBUG, "nl80211: Association request send "
2720 * wpa_driver_nl80211_set_mode - Set wireless mode (infra/adhoc)
2721 * @drv: Pointer to private driver data from wpa_driver_nl80211_init()
2722 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2723 * Returns: 0 on success, -1 on failure
2725 static int wpa_driver_nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
2728 int ret = -1, flags;
2734 nlmode = NL80211_IFTYPE_STATION;
2737 nlmode = NL80211_IFTYPE_ADHOC;
2740 nlmode = NL80211_IFTYPE_AP;
2746 msg = nlmsg_alloc();
2750 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2751 0, NL80211_CMD_SET_INTERFACE, 0);
2752 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2753 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, nlmode);
2755 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2762 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface mode: %d (%s)",
2763 ret, strerror(-ret));
2767 /* mac80211 doesn't allow mode changes while the device is up, so
2768 * take the device down, try to set the mode again, and bring the
2771 if (wpa_driver_nl80211_get_ifflags(drv, &flags) == 0) {
2772 (void) wpa_driver_nl80211_set_ifflags(drv, flags & ~IFF_UP);
2774 /* Try to set the mode again while the interface is down */
2775 msg = nlmsg_alloc();
2779 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2780 0, NL80211_CMD_SET_INTERFACE, 0);
2781 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2782 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, nlmode);
2783 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2785 wpa_printf(MSG_ERROR, "Failed to set interface %s "
2786 "mode(try_again): %d (%s)",
2787 drv->ifname, ret, strerror(-ret));
2790 /* Ignore return value of get_ifflags to ensure that the device
2791 * is always up like it was before this function was called.
2793 (void) wpa_driver_nl80211_get_ifflags(drv, &flags);
2794 (void) wpa_driver_nl80211_set_ifflags(drv, flags | IFF_UP);
2801 static int wpa_driver_nl80211_get_capa(void *priv,
2802 struct wpa_driver_capa *capa)
2804 struct wpa_driver_nl80211_data *drv = priv;
2805 if (!drv->has_capability)
2807 os_memcpy(capa, &drv->capa, sizeof(*capa));
2812 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
2814 struct wpa_driver_nl80211_data *drv = priv;
2816 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2817 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2818 drv->operstate = state;
2819 return wpa_driver_nl80211_send_oper_ifla(
2820 drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT);
2826 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
2828 enum ieee80211_msg_type {
2829 ieee80211_msg_normal = 0,
2830 ieee80211_msg_tx_callback_ack = 1,
2831 ieee80211_msg_tx_callback_fail = 2,
2835 static int i802_sta_deauth(void *priv, const u8 *addr, int reason);
2836 static int i802_sta_disassoc(void *priv, const u8 *addr, int reason);
2839 static struct i802_bss * get_bss(struct wpa_driver_nl80211_data *drv,
2842 struct i802_bss *bss = &drv->bss;
2844 if (os_strncmp(iface, bss->ifname, IFNAMSIZ) == 0)
2848 wpa_printf(MSG_DEBUG, "nl80211: get_bss(%s) failed", iface);
2853 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
2858 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d",
2860 for (i = 0; i < drv->num_if_indices; i++) {
2861 if (drv->if_indices[i] == 0) {
2862 drv->if_indices[i] = ifidx;
2867 if (drv->if_indices != drv->default_if_indices)
2868 old = drv->if_indices;
2872 drv->if_indices = realloc(old,
2873 sizeof(int) * (drv->num_if_indices + 1));
2874 if (!drv->if_indices) {
2876 drv->if_indices = drv->default_if_indices;
2878 drv->if_indices = old;
2879 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
2881 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
2884 drv->if_indices[drv->num_if_indices] = ifidx;
2885 drv->num_if_indices++;
2889 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
2893 for (i = 0; i < drv->num_if_indices; i++) {
2894 if (drv->if_indices[i] == ifidx) {
2895 drv->if_indices[i] = 0;
2902 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
2906 for (i = 0; i < drv->num_if_indices; i++)
2907 if (drv->if_indices[i] == ifidx)
2914 static int hostapd_set_iface_flags(struct wpa_driver_nl80211_data *drv,
2915 const char *ifname, int dev_up)
2919 if (drv->ioctl_sock < 0)
2922 memset(&ifr, 0, sizeof(ifr));
2923 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
2925 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, &ifr) != 0) {
2926 perror("ioctl[SIOCGIFFLAGS]");
2927 wpa_printf(MSG_DEBUG, "Could not read interface flags (%s)",
2933 ifr.ifr_flags |= IFF_UP;
2935 ifr.ifr_flags &= ~IFF_UP;
2937 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, &ifr) != 0) {
2938 perror("ioctl[SIOCSIFFLAGS]");
2946 static int i802_set_key(const char *iface, void *priv, wpa_alg alg,
2947 const u8 *addr, int key_idx, int set_tx, const u8 *seq,
2948 size_t seq_len, const u8 *key, size_t key_len)
2950 struct wpa_driver_nl80211_data *drv = priv;
2951 return nl_set_encr(if_nametoindex(iface), drv, alg, addr, key_idx,
2952 set_tx, seq, seq_len, key, key_len);
2956 static inline int min_int(int a, int b)
2964 static int get_key_handler(struct nl_msg *msg, void *arg)
2966 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2967 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2969 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2970 genlmsg_attrlen(gnlh, 0), NULL);
2973 * TODO: validate the key index and mac address!
2974 * Otherwise, there's a race condition as soon as
2975 * the kernel starts sending key notifications.
2978 if (tb[NL80211_ATTR_KEY_SEQ])
2979 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
2980 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
2985 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
2988 struct wpa_driver_nl80211_data *drv = priv;
2991 msg = nlmsg_alloc();
2995 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2996 0, NL80211_CMD_GET_KEY, 0);
2999 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3000 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
3001 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
3005 return send_and_recv_msgs(drv, msg, get_key_handler, seq);
3011 static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates,
3014 struct wpa_driver_nl80211_data *drv = priv;
3016 u8 rates[NL80211_MAX_SUPP_RATES];
3020 msg = nlmsg_alloc();
3024 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3025 NL80211_CMD_SET_BSS, 0);
3027 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++)
3028 rates[rates_len++] = basic_rates[i] / 5;
3030 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
3032 /* TODO: multi-BSS support */
3033 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
3035 return send_and_recv_msgs(drv, msg, NULL, NULL);
3041 static int i802_send_frame(void *priv, const void *data, size_t len,
3045 0x00, 0x00, /* radiotap version */
3046 0x0e, 0x00, /* radiotap length */
3047 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
3048 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
3050 0x00, 0x00, /* RX and TX flags to indicate that */
3051 0x00, 0x00, /* this is the injected frame directly */
3053 struct wpa_driver_nl80211_data *drv = priv;
3054 struct iovec iov[2] = {
3056 .iov_base = &rtap_hdr,
3057 .iov_len = sizeof(rtap_hdr),
3060 .iov_base = (void*)data,
3064 struct msghdr msg = {
3069 .msg_control = NULL,
3070 .msg_controllen = 0,
3075 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
3077 return sendmsg(drv->monitor_sock, &msg, 0);
3080 static int i802_send_mgmt_frame(void *priv, const void *data, size_t len)
3082 struct ieee80211_mgmt *mgmt;
3083 int do_not_encrypt = 0;
3086 mgmt = (struct ieee80211_mgmt *) data;
3087 fc = le_to_host16(mgmt->frame_control);
3089 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
3090 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
3092 * Only one of the authentication frame types is encrypted.
3093 * In order for static WEP encryption to work properly (i.e.,
3094 * to not encrypt the frame), we need to tell mac80211 about
3095 * the frames that must not be encrypted.
3097 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
3098 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
3099 if (auth_alg == WLAN_AUTH_OPEN ||
3100 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_trans != 3))
3104 return i802_send_frame(priv, data, len, !do_not_encrypt);
3107 /* Set kernel driver on given frequency (MHz) */
3108 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
3110 struct wpa_driver_nl80211_data *drv = priv;
3113 msg = nlmsg_alloc();
3117 drv->last_freq = freq->freq;
3118 drv->last_freq_ht = freq->ht_enabled;
3120 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3121 NL80211_CMD_SET_WIPHY, 0);
3123 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
3124 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq);
3125 if (freq->ht_enabled) {
3126 switch (freq->sec_channel_offset) {
3128 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3129 NL80211_CHAN_HT40MINUS);
3132 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3133 NL80211_CHAN_HT40PLUS);
3136 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3142 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
3149 static int i802_set_rts(void *priv, int rts)
3151 struct wpa_driver_nl80211_data *drv = priv;
3154 memset(&iwr, 0, sizeof(iwr));
3155 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
3156 iwr.u.rts.value = rts;
3157 iwr.u.rts.fixed = 1;
3159 if (ioctl(drv->ioctl_sock, SIOCSIWRTS, &iwr) < 0) {
3160 perror("ioctl[SIOCSIWRTS]");
3168 static int i802_set_frag(void *priv, int frag)
3170 struct wpa_driver_nl80211_data *drv = priv;
3173 memset(&iwr, 0, sizeof(iwr));
3174 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
3175 iwr.u.frag.value = frag;
3176 iwr.u.frag.fixed = 1;
3178 if (ioctl(drv->ioctl_sock, SIOCSIWFRAG, &iwr) < 0) {
3179 perror("ioctl[SIOCSIWFRAG]");
3187 static int i802_set_retry(void *priv, int short_retry, int long_retry)
3189 struct wpa_driver_nl80211_data *drv = priv;
3192 memset(&iwr, 0, sizeof(iwr));
3193 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
3195 iwr.u.retry.value = short_retry;
3196 iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MIN;
3197 if (ioctl(drv->ioctl_sock, SIOCSIWRETRY, &iwr) < 0) {
3198 perror("ioctl[SIOCSIWRETRY(short)]");
3202 iwr.u.retry.value = long_retry;
3203 iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MAX;
3204 if (ioctl(drv->ioctl_sock, SIOCSIWRETRY, &iwr) < 0) {
3205 perror("ioctl[SIOCSIWRETRY(long)]");
3213 static int i802_flush(void *priv)
3215 struct wpa_driver_nl80211_data *drv = priv;
3218 msg = nlmsg_alloc();
3222 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3223 0, NL80211_CMD_DEL_STATION, 0);
3226 * XXX: FIX! this needs to flush all VLANs too
3228 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3229 if_nametoindex(drv->ifname));
3231 return send_and_recv_msgs(drv, msg, NULL, NULL);
3237 static int get_sta_handler(struct nl_msg *msg, void *arg)
3239 struct nlattr *tb[NL80211_ATTR_MAX + 1];
3240 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3241 struct hostap_sta_driver_data *data = arg;
3242 struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
3243 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
3244 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
3245 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
3246 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
3247 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
3248 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
3251 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3252 genlmsg_attrlen(gnlh, 0), NULL);
3255 * TODO: validate the interface and mac address!
3256 * Otherwise, there's a race condition as soon as
3257 * the kernel starts sending station notifications.
3260 if (!tb[NL80211_ATTR_STA_INFO]) {
3261 wpa_printf(MSG_DEBUG, "sta stats missing!");
3264 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
3265 tb[NL80211_ATTR_STA_INFO],
3267 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
3271 if (stats[NL80211_STA_INFO_INACTIVE_TIME])
3272 data->inactive_msec =
3273 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
3274 if (stats[NL80211_STA_INFO_RX_BYTES])
3275 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
3276 if (stats[NL80211_STA_INFO_TX_BYTES])
3277 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
3278 if (stats[NL80211_STA_INFO_RX_PACKETS])
3280 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
3281 if (stats[NL80211_STA_INFO_TX_PACKETS])
3283 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
3288 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
3291 struct wpa_driver_nl80211_data *drv = priv;
3294 os_memset(data, 0, sizeof(*data));
3295 msg = nlmsg_alloc();
3299 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3300 0, NL80211_CMD_GET_STATION, 0);
3302 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3303 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
3305 return send_and_recv_msgs(drv, msg, get_sta_handler, data);
3311 static int i802_send_eapol(void *priv, const u8 *addr, const u8 *data,
3312 size_t data_len, int encrypt, const u8 *own_addr)
3314 struct wpa_driver_nl80211_data *drv = priv;
3315 struct ieee80211_hdr *hdr;
3320 int qos = sta->flags & WLAN_STA_WME;
3325 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
3327 hdr = os_zalloc(len);
3329 printf("malloc() failed for i802_send_data(len=%lu)\n",
3330 (unsigned long) len);
3334 hdr->frame_control =
3335 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
3336 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
3338 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
3339 #if 0 /* To be enabled if qos determination is added above */
3341 hdr->frame_control |=
3342 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
3346 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
3347 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
3348 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
3349 pos = (u8 *) (hdr + 1);
3351 #if 0 /* To be enabled if qos determination is added above */
3353 /* add an empty QoS header if needed */
3360 memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
3361 pos += sizeof(rfc1042_header);
3362 WPA_PUT_BE16(pos, ETH_P_PAE);
3364 memcpy(pos, data, data_len);
3366 res = i802_send_frame(drv, (u8 *) hdr, len, encrypt);
3370 perror("i802_send_eapol: send");
3371 printf("i802_send_eapol - packet len: %lu - failed\n",
3372 (unsigned long) len);
3379 static int i802_sta_add(const char *ifname, void *priv,
3380 struct hostapd_sta_add_params *params)
3382 struct wpa_driver_nl80211_data *drv = priv;
3386 msg = nlmsg_alloc();
3390 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3391 0, NL80211_CMD_NEW_STATION, 0);
3393 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3394 if_nametoindex(drv->ifname));
3395 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
3396 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
3397 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
3398 params->supp_rates);
3399 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
3400 params->listen_interval);
3402 #ifdef CONFIG_IEEE80211N
3403 if (params->ht_capabilities) {
3404 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
3405 params->ht_capabilities->length,
3406 ¶ms->ht_capabilities->data);
3408 #endif /* CONFIG_IEEE80211N */
3410 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3412 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION "
3413 "result: %d (%s)", ret, strerror(-ret));
3421 static int i802_sta_remove(void *priv, const u8 *addr)
3423 struct wpa_driver_nl80211_data *drv = priv;
3427 msg = nlmsg_alloc();
3431 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3432 0, NL80211_CMD_DEL_STATION, 0);
3434 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3435 if_nametoindex(drv->ifname));
3436 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3438 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3447 static int i802_sta_set_flags(void *priv, const u8 *addr,
3448 int total_flags, int flags_or, int flags_and)
3450 struct wpa_driver_nl80211_data *drv = priv;
3451 struct nl_msg *msg, *flags = NULL;
3453 msg = nlmsg_alloc();
3457 flags = nlmsg_alloc();
3463 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3464 0, NL80211_CMD_SET_STATION, 0);
3466 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3467 if_nametoindex(drv->ifname));
3468 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3470 if (total_flags & WLAN_STA_AUTHORIZED)
3471 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
3473 if (total_flags & WLAN_STA_WMM)
3474 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
3476 if (total_flags & WLAN_STA_SHORT_PREAMBLE)
3477 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
3479 if (total_flags & WLAN_STA_MFP)
3480 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP);
3482 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
3483 goto nla_put_failure;
3487 return send_and_recv_msgs(drv, msg, NULL, NULL);
3494 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
3495 int cw_min, int cw_max, int burst_time)
3497 struct wpa_driver_nl80211_data *drv = priv;
3499 struct nlattr *txq, *params;
3501 msg = nlmsg_alloc();
3505 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3506 0, NL80211_CMD_SET_WIPHY, 0);
3508 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
3510 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
3512 goto nla_put_failure;
3514 /* We are only sending parameters for a single TXQ at a time */
3515 params = nla_nest_start(msg, 1);
3517 goto nla_put_failure;
3519 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, queue);
3520 /* Burst time is configured in units of 0.1 msec and TXOP parameter in
3521 * 32 usec, so need to convert the value here. */
3522 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
3523 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
3524 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
3525 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
3527 nla_nest_end(msg, params);
3529 nla_nest_end(msg, txq);
3531 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
3538 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, int ifidx)
3542 /* stop listening for EAPOL on this interface */
3543 del_ifidx(drv, ifidx);
3545 msg = nlmsg_alloc();
3547 goto nla_put_failure;
3549 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3550 0, NL80211_CMD_DEL_INTERFACE, 0);
3551 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
3553 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
3556 printf("Failed to remove interface.\n");
3560 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
3562 enum nl80211_iftype iftype,
3565 struct nl_msg *msg, *flags = NULL;
3571 msg = nlmsg_alloc();
3575 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3576 0, NL80211_CMD_NEW_INTERFACE, 0);
3577 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
3578 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
3579 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
3581 if (iftype == NL80211_IFTYPE_MONITOR) {
3584 flags = nlmsg_alloc();
3586 goto nla_put_failure;
3588 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
3590 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
3595 goto nla_put_failure;
3598 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3601 printf("Failed to create interface %s.\n", ifname);
3605 ifidx = if_nametoindex(ifname);
3610 /* start listening for EAPOL on this interface */
3611 add_ifidx(drv, ifidx);
3615 case NL80211_IFTYPE_AP:
3616 os_strlcpy(ifreq.ifr_name, ifname, IFNAMSIZ);
3617 memcpy(ifreq.ifr_hwaddr.sa_data, addr, ETH_ALEN);
3618 ifreq.ifr_hwaddr.sa_family = ARPHRD_ETHER;
3620 if (ioctl(drv->ioctl_sock, SIOCSIFHWADDR, &ifreq)) {
3621 nl80211_remove_iface(drv, ifidx);
3625 case NL80211_IFTYPE_WDS:
3626 memset(&iwr, 0, sizeof(iwr));
3627 os_strlcpy(iwr.ifr_name, ifname, IFNAMSIZ);
3628 iwr.u.addr.sa_family = ARPHRD_ETHER;
3629 memcpy(iwr.u.addr.sa_data, addr, ETH_ALEN);
3630 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr))
3643 static int i802_bss_add(void *priv, const char *ifname, const u8 *bssid)
3645 struct wpa_driver_nl80211_data *drv = priv;
3647 struct i802_bss *bss;
3649 bss = os_zalloc(sizeof(*bss));
3652 os_strlcpy(bss->ifname, ifname, IFNAMSIZ);
3654 ifidx = nl80211_create_iface(priv, ifname, NL80211_IFTYPE_AP, bssid);
3659 if (hostapd_set_iface_flags(priv, ifname, 1)) {
3660 nl80211_remove_iface(priv, ifidx);
3664 bss->next = drv->bss.next;
3665 drv->bss.next = bss;
3670 static int i802_bss_remove(void *priv, const char *ifname)
3672 struct wpa_driver_nl80211_data *drv = priv;
3673 struct i802_bss *bss, *prev;
3674 nl80211_remove_iface(priv, if_nametoindex(ifname));
3676 bss = drv->bss.next;
3678 if (os_strncmp(ifname, bss->ifname, IFNAMSIZ) == 0) {
3679 prev->next = bss->next;
3690 static int i802_set_beacon(const char *iface, void *priv,
3691 const u8 *head, size_t head_len,
3692 const u8 *tail, size_t tail_len, int dtim_period)
3694 struct wpa_driver_nl80211_data *drv = priv;
3696 u8 cmd = NL80211_CMD_NEW_BEACON;
3698 struct i802_bss *bss;
3700 bss = get_bss(drv, iface);
3704 msg = nlmsg_alloc();
3708 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (iface=%s beacon_set=%d)",
3709 iface, bss->beacon_set);
3710 if (bss->beacon_set)
3711 cmd = NL80211_CMD_SET_BEACON;
3713 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3715 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
3716 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
3717 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
3718 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, drv->beacon_int);
3719 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period);
3721 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3723 bss->beacon_set = 1;
3730 static int i802_del_beacon(struct wpa_driver_nl80211_data *drv)
3734 msg = nlmsg_alloc();
3738 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3739 0, NL80211_CMD_DEL_BEACON, 0);
3740 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
3742 return send_and_recv_msgs(drv, msg, NULL, NULL);
3748 static int i802_set_beacon_int(void *priv, int value)
3750 struct wpa_driver_nl80211_data *drv = priv;
3753 drv->beacon_int = value;
3755 if (!drv->bss.beacon_set)
3758 msg = nlmsg_alloc();
3762 wpa_printf(MSG_DEBUG, "nl80211: Set beacon interval %d "
3763 "(beacon_set=%d)", value, drv->bss.beacon_set);
3764 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3765 0, NL80211_CMD_SET_BEACON, 0);
3766 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
3768 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, value);
3770 return send_and_recv_msgs(drv, msg, NULL, NULL);
3776 static int i802_set_bss(void *priv, int cts, int preamble, int slot)
3778 struct wpa_driver_nl80211_data *drv = priv;
3781 msg = nlmsg_alloc();
3785 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3786 NL80211_CMD_SET_BSS, 0);
3789 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
3791 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
3793 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
3795 /* TODO: multi-BSS support */
3796 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
3798 return send_and_recv_msgs(drv, msg, NULL, NULL);
3804 static int i802_set_cts_protect(void *priv, int value)
3806 return i802_set_bss(priv, value, -1, -1);
3810 static int i802_set_preamble(void *priv, int value)
3812 return i802_set_bss(priv, -1, value, -1);
3816 static int i802_set_short_slot_time(void *priv, int value)
3818 return i802_set_bss(priv, -1, -1, value);
3822 static enum nl80211_iftype i802_if_type(enum hostapd_driver_if_type type)
3825 case HOSTAPD_IF_VLAN:
3826 return NL80211_IFTYPE_AP_VLAN;
3827 case HOSTAPD_IF_WDS:
3828 return NL80211_IFTYPE_WDS;
3834 static int i802_if_add(const char *iface, void *priv,
3835 enum hostapd_driver_if_type type, char *ifname,
3838 if (nl80211_create_iface(priv, ifname, i802_if_type(type), addr) < 0)
3844 static int i802_if_update(void *priv, enum hostapd_driver_if_type type,
3845 char *ifname, const u8 *addr)
3847 /* unused at the moment */
3852 static int i802_if_remove(void *priv, enum hostapd_driver_if_type type,
3853 const char *ifname, const u8 *addr)
3855 nl80211_remove_iface(priv, if_nametoindex(ifname));
3860 static int i802_set_sta_vlan(void *priv, const u8 *addr,
3861 const char *ifname, int vlan_id)
3863 struct wpa_driver_nl80211_data *drv = priv;
3866 msg = nlmsg_alloc();
3870 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3871 0, NL80211_CMD_SET_STATION, 0);
3873 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3874 if_nametoindex(drv->ifname));
3875 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3876 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3877 if_nametoindex(ifname));
3879 return send_and_recv_msgs(drv, msg, NULL, NULL);
3885 static int i802_set_country(void *priv, const char *country)
3887 struct wpa_driver_nl80211_data *drv = priv;
3891 msg = nlmsg_alloc();
3895 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3896 0, NL80211_CMD_REQ_SET_REG, 0);
3898 alpha2[0] = country[0];
3899 alpha2[1] = country[1];
3901 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
3903 return send_and_recv_msgs(drv, msg, NULL, NULL);
3909 static void handle_tx_callback(struct hostapd_data *hapd, u8 *buf, size_t len,
3912 struct ieee80211_hdr *hdr;
3913 u16 fc, type, stype;
3915 hdr = (struct ieee80211_hdr *) buf;
3916 fc = le_to_host16(hdr->frame_control);
3918 type = WLAN_FC_GET_TYPE(fc);
3919 stype = WLAN_FC_GET_STYPE(fc);
3922 case WLAN_FC_TYPE_MGMT:
3923 wpa_printf(MSG_DEBUG, "MGMT (TX callback) %s",
3924 ok ? "ACK" : "fail");
3925 hostapd_mgmt_tx_cb(hapd, buf, len, stype, ok);
3927 case WLAN_FC_TYPE_CTRL:
3928 wpa_printf(MSG_DEBUG, "CTRL (TX callback) %s",
3929 ok ? "ACK" : "fail");
3931 case WLAN_FC_TYPE_DATA:
3932 hostapd_tx_status(hapd, hdr->addr1, buf, len, ok);
3935 printf("unknown TX callback frame type %d\n", type);
3941 static void handle_frame(struct wpa_driver_nl80211_data *drv,
3942 struct hostapd_iface *iface, u8 *buf, size_t len,
3943 struct hostapd_frame_info *hfi,
3944 enum ieee80211_msg_type msg_type)
3946 struct ieee80211_hdr *hdr;
3947 u16 fc, type, stype;
3948 size_t data_len = len;
3949 struct hostapd_data *hapd = NULL;
3950 int broadcast_bssid = 0;
3955 * PS-Poll frames are 16 bytes. All other frames are
3956 * 24 bytes or longer.
3961 hdr = (struct ieee80211_hdr *) buf;
3962 fc = le_to_host16(hdr->frame_control);
3964 type = WLAN_FC_GET_TYPE(fc);
3965 stype = WLAN_FC_GET_STYPE(fc);
3968 case WLAN_FC_TYPE_DATA:
3971 switch (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) {
3975 case WLAN_FC_FROMDS:
3983 case WLAN_FC_TYPE_CTRL:
3984 /* discard non-ps-poll frames */
3985 if (stype != WLAN_FC_STYPE_PSPOLL)
3989 case WLAN_FC_TYPE_MGMT:
3997 /* find interface frame belongs to */
3998 for (i = 0; i < iface->num_bss; i++) {
3999 if (memcmp(bssid, iface->bss[i]->own_addr, ETH_ALEN) == 0) {
4000 hapd = iface->bss[i];
4006 hapd = iface->bss[0];
4008 if (bssid[0] != 0xff || bssid[1] != 0xff ||
4009 bssid[2] != 0xff || bssid[3] != 0xff ||
4010 bssid[4] != 0xff || bssid[5] != 0xff) {
4012 * Unknown BSSID - drop frame if this is not from
4013 * passive scanning or a beacon (at least ProbeReq
4014 * frames to other APs may be allowed through RX
4015 * filtering in the wlan hw/driver)
4017 if ((type != WLAN_FC_TYPE_MGMT ||
4018 stype != WLAN_FC_STYPE_BEACON))
4021 broadcast_bssid = 1;
4025 case ieee80211_msg_normal:
4026 /* continue processing */
4028 case ieee80211_msg_tx_callback_ack:
4029 handle_tx_callback(hapd, buf, data_len, 1);
4031 case ieee80211_msg_tx_callback_fail:
4032 handle_tx_callback(hapd, buf, data_len, 0);
4037 case WLAN_FC_TYPE_MGMT:
4038 if (stype != WLAN_FC_STYPE_BEACON &&
4039 stype != WLAN_FC_STYPE_PROBE_REQ)
4040 wpa_printf(MSG_MSGDUMP, "MGMT");
4041 if (broadcast_bssid) {
4042 for (i = 0; i < iface->num_bss; i++)
4043 hostapd_mgmt_rx(iface->bss[i], buf, data_len,
4046 hostapd_mgmt_rx(hapd, buf, data_len, stype, hfi);
4048 case WLAN_FC_TYPE_CTRL:
4049 /* can only get here with PS-Poll frames */
4050 wpa_printf(MSG_DEBUG, "CTRL");
4051 hostapd_rx_from_unknown_sta(drv->hapd, hdr->addr2);
4053 case WLAN_FC_TYPE_DATA:
4054 hostapd_rx_from_unknown_sta(drv->hapd, hdr->addr2);
4060 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
4062 struct wpa_driver_nl80211_data *drv = eloop_ctx;
4063 struct sockaddr_ll lladdr;
4064 unsigned char buf[3000];
4066 socklen_t fromlen = sizeof(lladdr);
4068 len = recvfrom(sock, buf, sizeof(buf), 0,
4069 (struct sockaddr *)&lladdr, &fromlen);
4075 if (have_ifidx(drv, lladdr.sll_ifindex)) {
4076 struct hostapd_data *hapd;
4077 hapd = hostapd_sta_get_bss(drv->hapd, lladdr.sll_addr);
4080 hostapd_eapol_receive(hapd, lladdr.sll_addr, buf, len);
4085 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
4087 struct wpa_driver_nl80211_data *drv = eloop_ctx;
4089 unsigned char buf[3000];
4090 struct hostapd_data *hapd = drv->hapd;
4091 struct ieee80211_radiotap_iterator iter;
4093 struct hostapd_frame_info hfi;
4094 int injected = 0, failed = 0, msg_type, rxflags = 0;
4096 len = recv(sock, buf, sizeof(buf), 0);
4102 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
4103 printf("received invalid radiotap frame\n");
4107 memset(&hfi, 0, sizeof(hfi));
4110 ret = ieee80211_radiotap_iterator_next(&iter);
4114 printf("received invalid radiotap frame (%d)\n", ret);
4117 switch (iter.this_arg_index) {
4118 case IEEE80211_RADIOTAP_FLAGS:
4119 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
4122 case IEEE80211_RADIOTAP_RX_FLAGS:
4125 case IEEE80211_RADIOTAP_TX_FLAGS:
4127 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
4128 IEEE80211_RADIOTAP_F_TX_FAIL;
4130 case IEEE80211_RADIOTAP_DATA_RETRIES:
4132 case IEEE80211_RADIOTAP_CHANNEL:
4133 /* TODO convert from freq/flags to channel number
4138 case IEEE80211_RADIOTAP_RATE:
4139 hfi.datarate = *iter.this_arg * 5;
4141 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
4142 hfi.ssi_signal = *iter.this_arg;
4147 if (rxflags && injected)
4151 msg_type = ieee80211_msg_normal;
4153 msg_type = ieee80211_msg_tx_callback_fail;
4155 msg_type = ieee80211_msg_tx_callback_ack;
4157 handle_frame(drv, hapd->iface, buf + iter.max_length,
4158 len - iter.max_length, &hfi, msg_type);
4163 * we post-process the filter code later and rewrite
4164 * this to the offset to the last instruction
4169 static struct sock_filter msock_filter_insns[] = {
4171 * do a little-endian load of the radiotap length field
4173 /* load lower byte into A */
4174 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
4175 /* put it into X (== index register) */
4176 BPF_STMT(BPF_MISC| BPF_TAX, 0),
4177 /* load upper byte into A */
4178 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
4179 /* left-shift it by 8 */
4180 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
4182 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
4183 /* put result into X */
4184 BPF_STMT(BPF_MISC| BPF_TAX, 0),
4187 * Allow management frames through, this also gives us those
4188 * management frames that we sent ourselves with status
4190 /* load the lower byte of the IEEE 802.11 frame control field */
4191 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
4192 /* mask off frame type and version */
4193 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
4194 /* accept frame if it's both 0, fall through otherwise */
4195 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
4198 * TODO: add a bit to radiotap RX flags that indicates
4199 * that the sending station is not associated, then
4200 * add a filter here that filters on our DA and that flag
4201 * to allow us to deauth frames to that bad station.
4203 * Not a regression -- we didn't do it before either.
4208 * drop non-data frames, WDS frames
4210 /* load the lower byte of the frame control field */
4211 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
4212 /* mask off QoS bit */
4213 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
4214 /* drop non-data frames */
4215 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
4216 /* load the upper byte of the frame control field */
4217 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
4218 /* mask off toDS/fromDS */
4219 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
4220 /* drop WDS frames */
4221 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, FAIL, 0),
4225 * add header length to index
4227 /* load the lower byte of the frame control field */
4228 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
4229 /* mask off QoS bit */
4230 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
4231 /* right shift it by 6 to give 0 or 2 */
4232 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
4233 /* add data frame header length */
4234 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
4235 /* add index, was start of 802.11 header */
4236 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
4237 /* move to index, now start of LL header */
4238 BPF_STMT(BPF_MISC | BPF_TAX, 0),
4241 * Accept empty data frames, we use those for
4244 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
4245 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
4248 * Accept EAPOL frames
4250 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
4251 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
4252 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
4253 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
4255 /* keep these last two statements or change the code below */
4256 /* return 0 == "DROP" */
4257 BPF_STMT(BPF_RET | BPF_K, 0),
4258 /* return ~0 == "keep all" */
4259 BPF_STMT(BPF_RET | BPF_K, ~0),
4262 static struct sock_fprog msock_filter = {
4263 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
4264 .filter = msock_filter_insns,
4268 static int add_monitor_filter(int s)
4272 /* rewrite all PASS/FAIL jump offsets */
4273 for (idx = 0; idx < msock_filter.len; idx++) {
4274 struct sock_filter *insn = &msock_filter_insns[idx];
4276 if (BPF_CLASS(insn->code) == BPF_JMP) {
4277 if (insn->code == (BPF_JMP|BPF_JA)) {
4278 if (insn->k == PASS)
4279 insn->k = msock_filter.len - idx - 2;
4280 else if (insn->k == FAIL)
4281 insn->k = msock_filter.len - idx - 3;
4284 if (insn->jt == PASS)
4285 insn->jt = msock_filter.len - idx - 2;
4286 else if (insn->jt == FAIL)
4287 insn->jt = msock_filter.len - idx - 3;
4289 if (insn->jf == PASS)
4290 insn->jf = msock_filter.len - idx - 2;
4291 else if (insn->jf == FAIL)
4292 insn->jf = msock_filter.len - idx - 3;
4296 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
4297 &msock_filter, sizeof(msock_filter))) {
4298 perror("SO_ATTACH_FILTER");
4306 static int nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
4309 struct sockaddr_ll ll;
4313 snprintf(buf, IFNAMSIZ, "mon.%s", drv->ifname);
4314 buf[IFNAMSIZ - 1] = '\0';
4316 drv->monitor_ifidx =
4317 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL);
4319 if (drv->monitor_ifidx < 0)
4322 if (hostapd_set_iface_flags(drv, buf, 1))
4325 memset(&ll, 0, sizeof(ll));
4326 ll.sll_family = AF_PACKET;
4327 ll.sll_ifindex = drv->monitor_ifidx;
4328 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
4329 if (drv->monitor_sock < 0) {
4330 perror("socket[PF_PACKET,SOCK_RAW]");
4334 if (add_monitor_filter(drv->monitor_sock)) {
4335 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
4336 "interface; do filtering in user space");
4337 /* This works, but will cost in performance. */
4340 if (bind(drv->monitor_sock, (struct sockaddr *) &ll,
4342 perror("monitor socket bind");
4346 optlen = sizeof(optval);
4349 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
4350 perror("Failed to set socket priority");
4354 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
4356 printf("Could not register monitor read socket\n");
4362 nl80211_remove_iface(drv, drv->monitor_ifidx);
4367 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, const char *ifname,
4373 msg = nlmsg_alloc();
4377 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4378 0, NL80211_CMD_SET_INTERFACE, 0);
4379 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
4380 if_nametoindex(ifname));
4381 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
4383 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4387 wpa_printf(MSG_ERROR, "Failed to set interface %s to master "
4393 #ifdef CONFIG_IEEE80211N
4394 static void i802_add_neighbor(struct wpa_driver_nl80211_data *drv, u8 *bssid,
4395 int freq, u8 *ie, size_t ie_len)
4397 struct ieee802_11_elems elems;
4398 int ht, pri_chan = 0, sec_chan = 0;
4399 struct ieee80211_ht_operation *oper;
4400 struct hostapd_neighbor_bss *nnei;
4402 ieee802_11_parse_elems(ie, ie_len, &elems, 0);
4403 ht = elems.ht_capabilities || elems.ht_operation;
4404 if (elems.ht_operation && elems.ht_operation_len >= sizeof(*oper)) {
4405 oper = (struct ieee80211_ht_operation *) elems.ht_operation;
4406 pri_chan = oper->control_chan;
4407 if (oper->ht_param & HT_INFO_HT_PARAM_REC_TRANS_CHNL_WIDTH) {
4408 if (oper->ht_param &
4409 HT_INFO_HT_PARAM_SECONDARY_CHNL_ABOVE)
4410 sec_chan = pri_chan + 4;
4411 else if (oper->ht_param &
4412 HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW)
4413 sec_chan = pri_chan - 4;
4417 wpa_printf(MSG_DEBUG, "nl80211: Neighboring BSS - bssid=" MACSTR
4418 " freq=%d MHz HT=%d pri_chan=%d sec_chan=%d",
4419 MAC2STR(bssid), freq, ht, pri_chan, sec_chan);
4421 nnei = os_realloc(drv->neighbors, (drv->num_neighbors + 1) *
4422 sizeof(struct hostapd_neighbor_bss));
4425 drv->neighbors = nnei;
4426 nnei = &nnei[drv->num_neighbors];
4427 os_memcpy(nnei->bssid, bssid, ETH_ALEN);
4430 nnei->pri_chan = pri_chan;
4431 nnei->sec_chan = sec_chan;
4432 drv->num_neighbors++;
4436 static int i802_get_scan_freq(struct iw_event *iwe, int *freq)
4438 int divi = 1000000, i;
4440 if (iwe->u.freq.e == 0) {
4442 * Some drivers do not report frequency, but a channel.
4443 * Try to map this to frequency by assuming they are using
4444 * IEEE 802.11b/g. But don't overwrite a previously parsed
4445 * frequency if the driver sends both frequency and channel,
4446 * since the driver may be sending an A-band channel that we
4447 * don't handle here.
4453 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
4454 *freq = 2407 + 5 * iwe->u.freq.m;
4456 } else if (iwe->u.freq.m == 14) {
4462 if (iwe->u.freq.e > 6) {
4463 wpa_printf(MSG_DEBUG, "Invalid freq in scan results: "
4464 "m=%d e=%d", iwe->u.freq.m, iwe->u.freq.e);
4468 for (i = 0; i < iwe->u.freq.e; i++)
4470 *freq = iwe->u.freq.m / divi;
4475 static int i802_parse_scan(struct wpa_driver_nl80211_data *drv, u8 *res_buf,
4480 struct iw_event iwe_buf, *iwe = &iwe_buf;
4481 char *pos, *end, *custom;
4490 pos = (char *) res_buf;
4491 end = (char *) res_buf + len;
4493 while (pos + IW_EV_LCP_LEN <= end) {
4494 /* Event data may be unaligned, so make a local, aligned copy
4495 * before processing. */
4496 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
4497 if (iwe->len <= IW_EV_LCP_LEN)
4500 custom = pos + IW_EV_POINT_LEN;
4501 if (iwe->cmd == IWEVGENIE) {
4502 /* WE-19 removed the pointer from struct iw_point */
4503 char *dpos = (char *) &iwe_buf.u.data.length;
4504 int dlen = dpos - (char *) &iwe_buf;
4505 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
4506 sizeof(struct iw_event) - dlen);
4508 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
4509 custom += IW_EV_POINT_OFF;
4515 i802_add_neighbor(drv, bssid, freq, ie,
4518 os_memcpy(bssid, iwe->u.ap_addr.sa_data, ETH_ALEN);
4524 i802_get_scan_freq(iwe, &freq);
4527 if (custom + iwe->u.data.length > end) {
4528 wpa_printf(MSG_ERROR, "IWEVGENIE overflow");
4532 ie_len = iwe->u.data.length;
4540 i802_add_neighbor(drv, bssid, freq, ie, ie_len);
4546 static int i802_get_ht_scan_res(struct wpa_driver_nl80211_data *drv)
4553 res_buf_len = IW_SCAN_MAX_DATA;
4555 res_buf = os_malloc(res_buf_len);
4556 if (res_buf == NULL)
4558 os_memset(&iwr, 0, sizeof(iwr));
4559 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
4560 iwr.u.data.pointer = res_buf;
4561 iwr.u.data.length = res_buf_len;
4563 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
4566 if (errno == E2BIG && res_buf_len < 65535) {
4570 if (res_buf_len > 65535)
4571 res_buf_len = 65535; /* 16-bit length field */
4572 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
4573 "trying larger buffer (%lu bytes)",
4574 (unsigned long) res_buf_len);
4576 perror("ioctl[SIOCGIWSCAN]");
4582 if (iwr.u.data.length > res_buf_len) {
4587 res = i802_parse_scan(drv, res_buf, iwr.u.data.length);
4594 static int i802_is_event_wireless_scan_complete(char *data, int len)
4596 struct iw_event iwe_buf, *iwe = &iwe_buf;
4602 while (pos + IW_EV_LCP_LEN <= end) {
4603 /* Event data may be unaligned, so make a local, aligned copy
4604 * before processing. */
4605 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
4606 if (iwe->cmd == SIOCGIWSCAN)
4616 static int i802_is_rtm_scan_complete(int ifindex, struct nlmsghdr *h, int len)
4618 struct ifinfomsg *ifi;
4619 int attrlen, _nlmsg_len, rta_len;
4620 struct rtattr *attr;
4622 if (len < (int) sizeof(*ifi))
4625 ifi = NLMSG_DATA(h);
4627 if (ifindex != ifi->ifi_index)
4628 return 0; /* event for foreign ifindex */
4630 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
4632 attrlen = h->nlmsg_len - _nlmsg_len;
4636 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
4638 rta_len = RTA_ALIGN(sizeof(struct rtattr));
4639 while (RTA_OK(attr, attrlen)) {
4640 if (attr->rta_type == IFLA_WIRELESS &&
4641 i802_is_event_wireless_scan_complete(
4642 ((char *) attr) + rta_len,
4643 attr->rta_len - rta_len))
4645 attr = RTA_NEXT(attr, attrlen);
4652 static int i802_is_scan_complete(int s, int ifindex)
4658 left = recv(s, buf, sizeof(buf), MSG_DONTWAIT);
4660 perror("recv(netlink)");
4664 h = (struct nlmsghdr *) buf;
4665 while (left >= (int) sizeof(*h)) {
4669 plen = len - sizeof(*h);
4670 if (len > left || plen < 0) {
4671 wpa_printf(MSG_DEBUG, "Malformed netlink message: "
4672 "len=%d left=%d plen=%d",
4677 switch (h->nlmsg_type) {
4679 if (i802_is_rtm_scan_complete(ifindex, h, plen))
4684 len = NLMSG_ALIGN(len);
4686 h = (struct nlmsghdr *) ((char *) h + len);
4693 static int i802_ht_scan(struct wpa_driver_nl80211_data *drv)
4696 int s, res, ifindex;
4697 struct sockaddr_nl local;
4702 wpa_printf(MSG_DEBUG, "nl80211: Scanning overlapping BSSes before "
4703 "starting HT 20/40 MHz BSS");
4705 /* Request a new scan */
4706 /* TODO: would be enough to scan the selected band */
4707 os_memset(&iwr, 0, sizeof(iwr));
4708 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
4709 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
4710 perror("ioctl[SIOCSIWSCAN]");
4714 ifindex = if_nametoindex(drv->ifname);
4716 /* Wait for scan completion event or timeout */
4717 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
4719 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
4723 os_memset(&local, 0, sizeof(local));
4724 local.nl_family = AF_NETLINK;
4725 local.nl_groups = RTMGRP_LINK;
4726 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
4727 perror("bind(netlink)");
4733 end += 30; /* Wait at most 30 seconds for scan results */
4736 tv.tv_sec = end > now ? end - now : 0;
4740 res = select(s + 1, &rfds, NULL, NULL, &tv);
4743 /* Assume results are ready after 10 seconds wait */
4747 if (i802_is_scan_complete(s, ifindex)) {
4748 wpa_printf(MSG_DEBUG, "nl80211: Scan "
4753 wpa_printf(MSG_DEBUG, "nl80211: Scan timeout");
4754 /* Assume results are ready to be read now */
4761 return i802_get_ht_scan_res(drv);
4763 #endif /* CONFIG_IEEE80211N */
4766 static int i802_init_sockets(struct wpa_driver_nl80211_data *drv, const u8 *bssid)
4771 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
4772 if (drv->ioctl_sock < 0) {
4773 perror("socket[PF_INET,SOCK_DGRAM]");
4777 /* start listening for EAPOL on the default AP interface */
4778 add_ifidx(drv, if_nametoindex(drv->ifname));
4780 if (hostapd_set_iface_flags(drv, drv->ifname, 0))
4784 os_strlcpy(ifr.ifr_name, drv->ifname, IFNAMSIZ);
4785 memcpy(ifr.ifr_hwaddr.sa_data, bssid, ETH_ALEN);
4786 ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;
4788 if (ioctl(drv->ioctl_sock, SIOCSIFHWADDR, &ifr)) {
4789 perror("ioctl(SIOCSIFHWADDR)");
4795 * initialise generic netlink and nl80211
4797 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
4799 printf("Failed to allocate netlink callbacks.\n");
4803 drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb);
4804 if (!drv->nl_handle) {
4805 printf("Failed to allocate netlink handle.\n");
4809 if (genl_connect(drv->nl_handle)) {
4810 printf("Failed to connect to generic netlink.\n");
4814 #ifdef CONFIG_LIBNL20
4815 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) {
4816 printf("Failed to allocate generic netlink cache.\n");
4819 #else /* CONFIG_LIBNL20 */
4820 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
4821 if (!drv->nl_cache) {
4822 printf("Failed to allocate generic netlink cache.\n");
4825 #endif /* CONFIG_LIBNL20 */
4827 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
4828 if (!drv->nl80211) {
4829 printf("nl80211 not found.\n");
4833 ret = nl_get_multicast_id(drv, "nl80211", "scan");
4835 ret = nl_socket_add_membership(drv->nl_handle, ret);
4837 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
4838 "membership for scan events: %d (%s)",
4839 ret, strerror(-ret));
4842 ret = nl_get_multicast_id(drv, "nl80211", "mlme");
4844 ret = nl_socket_add_membership(drv->nl_handle, ret);
4846 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
4847 "membership for mlme events: %d (%s)",
4848 ret, strerror(-ret));
4851 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle),
4852 wpa_driver_nl80211_event_receive, drv,
4855 #ifdef CONFIG_IEEE80211N
4856 if (drv->ht_40mhz_scan) {
4857 if (nl80211_set_mode(drv, drv->ifname, NL80211_IFTYPE_STATION)
4858 || hostapd_set_iface_flags(drv, drv->ifname, 1) ||
4859 i802_ht_scan(drv) ||
4860 hostapd_set_iface_flags(drv, drv->ifname, 0)) {
4861 wpa_printf(MSG_ERROR, "Failed to scan channels for "
4862 "HT 40 MHz operations");
4866 #endif /* CONFIG_IEEE80211N */
4868 /* Initialise a monitor interface */
4869 if (nl80211_create_monitor_interface(drv))
4872 if (nl80211_set_mode(drv, drv->ifname, NL80211_IFTYPE_AP))
4875 if (hostapd_set_iface_flags(drv, drv->ifname, 1))
4878 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
4879 if (drv->eapol_sock < 0) {
4880 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
4884 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
4886 printf("Could not register read socket for eapol\n");
4890 memset(&ifr, 0, sizeof(ifr));
4891 os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
4892 if (ioctl(drv->ioctl_sock, SIOCGIFHWADDR, &ifr) != 0) {
4893 perror("ioctl(SIOCGIFHWADDR)");
4897 if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
4898 printf("Invalid HW-addr family 0x%04x\n",
4899 ifr.ifr_hwaddr.sa_family);
4902 memcpy(drv->hapd->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
4907 nl80211_remove_iface(drv, drv->monitor_ifidx);
4912 static int i802_get_inact_sec(void *priv, const u8 *addr)
4914 struct hostap_sta_driver_data data;
4917 data.inactive_msec = (unsigned long) -1;
4918 ret = i802_read_sta_data(priv, &data, addr);
4919 if (ret || data.inactive_msec == (unsigned long) -1)
4921 return data.inactive_msec / 1000;
4925 static int i802_sta_clear_stats(void *priv, const u8 *addr)
4934 static int i802_sta_deauth(void *priv, const u8 *addr, int reason)
4936 struct wpa_driver_nl80211_data *drv = priv;
4937 struct ieee80211_mgmt mgmt;
4939 memset(&mgmt, 0, sizeof(mgmt));
4940 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
4941 WLAN_FC_STYPE_DEAUTH);
4942 memcpy(mgmt.da, addr, ETH_ALEN);
4943 memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN);
4944 memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN);
4945 mgmt.u.deauth.reason_code = host_to_le16(reason);
4946 return i802_send_mgmt_frame(drv, &mgmt, IEEE80211_HDRLEN +
4947 sizeof(mgmt.u.deauth));
4951 static int i802_sta_disassoc(void *priv, const u8 *addr, int reason)
4953 struct wpa_driver_nl80211_data *drv = priv;
4954 struct ieee80211_mgmt mgmt;
4956 memset(&mgmt, 0, sizeof(mgmt));
4957 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
4958 WLAN_FC_STYPE_DISASSOC);
4959 memcpy(mgmt.da, addr, ETH_ALEN);
4960 memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN);
4961 memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN);
4962 mgmt.u.disassoc.reason_code = host_to_le16(reason);
4963 return i802_send_mgmt_frame(drv, &mgmt, IEEE80211_HDRLEN +
4964 sizeof(mgmt.u.disassoc));
4968 static const struct hostapd_neighbor_bss *
4969 i802_get_neighbor_bss(void *priv, size_t *num)
4971 struct wpa_driver_nl80211_data *drv = priv;
4972 *num = drv->num_neighbors;
4973 return drv->neighbors;
4977 static void *i802_init_bssid(struct hostapd_data *hapd, const u8 *bssid)
4979 struct wpa_driver_nl80211_data *drv;
4982 drv = os_zalloc(sizeof(struct wpa_driver_nl80211_data));
4984 printf("Could not allocate memory for i802 driver data\n");
4989 memcpy(drv->ifname, hapd->conf->iface, sizeof(drv->ifname));
4990 memcpy(drv->bss.ifname, hapd->conf->iface, sizeof(drv->bss.ifname));
4991 drv->ifindex = if_nametoindex(drv->ifname);
4993 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
4994 drv->if_indices = drv->default_if_indices;
4995 for (i = 0; i < hapd->iface->num_bss; i++) {
4996 struct hostapd_data *bss = hapd->iface->bss[i];
4997 if (bss->conf->bridge)
4998 add_ifidx(drv, if_nametoindex(bss->conf->bridge));
5000 drv->ht_40mhz_scan = hapd->iconf->secondary_channel != 0;
5002 if (i802_init_sockets(drv, bssid))
5013 static void *i802_init(struct hostapd_data *hapd)
5015 return i802_init_bssid(hapd, NULL);
5019 static void i802_deinit(void *priv)
5021 struct wpa_driver_nl80211_data *drv = priv;
5022 struct i802_bss *bss, *prev;
5024 if (drv->last_freq_ht) {
5025 /* Clear HT flags from the driver */
5026 struct hostapd_freq_params freq;
5027 os_memset(&freq, 0, sizeof(freq));
5028 freq.freq = drv->last_freq;
5029 i802_set_freq(priv, &freq);
5032 i802_del_beacon(drv);
5034 /* remove monitor interface */
5035 nl80211_remove_iface(drv, drv->monitor_ifidx);
5037 (void) hostapd_set_iface_flags(drv, drv->ifname, 0);
5039 if (drv->monitor_sock >= 0) {
5040 eloop_unregister_read_sock(drv->monitor_sock);
5041 close(drv->monitor_sock);
5043 if (drv->ioctl_sock >= 0)
5044 close(drv->ioctl_sock);
5045 if (drv->eapol_sock >= 0) {
5046 eloop_unregister_read_sock(drv->eapol_sock);
5047 close(drv->eapol_sock);
5050 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle));
5051 genl_family_put(drv->nl80211);
5052 nl_cache_free(drv->nl_cache);
5053 nl_handle_destroy(drv->nl_handle);
5054 nl_cb_put(drv->nl_cb);
5056 if (drv->if_indices != drv->default_if_indices)
5057 free(drv->if_indices);
5059 os_free(drv->neighbors);
5061 bss = drv->bss.next;
5071 #endif /* HOSTAPD */
5074 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
5076 .desc = "Linux nl80211/cfg80211",
5077 .get_bssid = wpa_driver_nl80211_get_bssid,
5078 .get_ssid = wpa_driver_nl80211_get_ssid,
5079 .set_key = wpa_driver_nl80211_set_key,
5080 .scan2 = wpa_driver_nl80211_scan,
5081 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
5082 .deauthenticate = wpa_driver_nl80211_deauthenticate,
5083 .disassociate = wpa_driver_nl80211_disassociate,
5084 .authenticate = wpa_driver_nl80211_authenticate,
5085 .associate = wpa_driver_nl80211_associate,
5086 .init = wpa_driver_nl80211_init,
5087 .deinit = wpa_driver_nl80211_deinit,
5088 .get_capa = wpa_driver_nl80211_get_capa,
5089 .set_operstate = wpa_driver_nl80211_set_operstate,
5090 .set_country = wpa_driver_nl80211_set_country,
5092 .set_beacon = wpa_driver_nl80211_set_beacon,
5093 .set_beacon_int = wpa_driver_nl80211_set_beacon_int,
5094 .send_mlme = wpa_driver_nl80211_send_mlme,
5095 #endif /* CONFIG_AP */
5096 #if defined(CONFIG_AP) || defined(HOSTAPD)
5097 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
5098 #endif /* CONFIG_AP || HOSTAPD */
5100 .hapd_init = i802_init,
5101 .init_bssid = i802_init_bssid,
5102 .hapd_deinit = i802_deinit,
5103 .hapd_set_key = i802_set_key,
5104 .get_seqnum = i802_get_seqnum,
5105 .flush = i802_flush,
5106 .read_sta_data = i802_read_sta_data,
5107 .hapd_send_eapol = i802_send_eapol,
5108 .sta_set_flags = i802_sta_set_flags,
5109 .sta_deauth = i802_sta_deauth,
5110 .sta_disassoc = i802_sta_disassoc,
5111 .sta_remove = i802_sta_remove,
5112 .send_mgmt_frame = i802_send_mgmt_frame,
5113 .sta_add = i802_sta_add,
5114 .get_inact_sec = i802_get_inact_sec,
5115 .sta_clear_stats = i802_sta_clear_stats,
5116 .set_freq = i802_set_freq,
5117 .set_rts = i802_set_rts,
5118 .set_frag = i802_set_frag,
5119 .set_retry = i802_set_retry,
5120 .set_rate_sets = i802_set_rate_sets,
5121 .hapd_set_beacon = i802_set_beacon,
5122 .hapd_set_beacon_int = i802_set_beacon_int,
5123 .set_cts_protect = i802_set_cts_protect,
5124 .set_preamble = i802_set_preamble,
5125 .set_short_slot_time = i802_set_short_slot_time,
5126 .set_tx_queue_params = i802_set_tx_queue_params,
5127 .bss_add = i802_bss_add,
5128 .bss_remove = i802_bss_remove,
5129 .if_add = i802_if_add,
5130 .if_update = i802_if_update,
5131 .if_remove = i802_if_remove,
5132 .set_sta_vlan = i802_set_sta_vlan,
5133 .hapd_set_country = i802_set_country,
5134 .get_neighbor_bss = i802_get_neighbor_bss,
5135 #endif /* HOSTAPD */
projects / wpasupplicant / blob