2 * hostapd / Kernel driver communication via nl80211
3 * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
12 * Alternatively, this software may be distributed under the terms of BSD
15 * See README and COPYING for more details.
20 #include <sys/ioctl.h>
21 #include <netlink/genl/genl.h>
22 #include <netlink/genl/family.h>
23 #include <netlink/genl/ctrl.h>
24 #include <netlink/msg.h>
25 #include <netlink/attr.h>
26 #include "nl80211_copy.h"
28 #include <netpacket/packet.h>
29 #include "wireless_copy.h"
30 #include <linux/filter.h>
31 #include <net/if_arp.h>
37 #include "hw_features.h"
40 #include "radiotap_iter.h"
41 #include "ieee802_11_defs.h"
42 #include "ieee802_11_common.h"
45 /* libnl 2.0 compatibility code */
46 #define nl_handle_alloc_cb nl_socket_alloc_cb
47 #define nl_handle_destroy nl_socket_free
48 #endif /* CONFIG_LIBNL20 */
50 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
52 enum ieee80211_msg_type {
53 ieee80211_msg_normal = 0,
54 ieee80211_msg_tx_callback_ack = 1,
55 ieee80211_msg_tx_callback_fail = 2,
59 struct i802_bss *next;
60 char iface[IFNAMSIZ + 1];
62 unsigned int beacon_set:1;
65 struct i802_driver_data {
66 struct hostapd_data *hapd;
68 char iface[IFNAMSIZ + 1];
70 int ioctl_sock; /* socket for ioctl() use */
71 int wext_sock; /* socket for wireless events */
72 int eapol_sock; /* socket for EAPOL frames */
73 int monitor_sock; /* socket for monitor */
76 int default_if_indices[16];
81 struct nl_handle *nl_handle;
82 struct nl_cache *nl_cache;
84 struct genl_family *nl80211;
87 unsigned int ieee802_1x_active:1;
88 unsigned int ht_40mhz_scan:1;
92 struct hostapd_neighbor_bss *neighbors;
97 static int i802_sta_deauth(void *priv, const u8 *addr, int reason);
98 static int i802_sta_disassoc(void *priv, const u8 *addr, int reason);
101 static struct i802_bss * get_bss(struct i802_driver_data *drv,
104 struct i802_bss *bss = &drv->bss;
106 if (os_strncmp(iface, bss->iface, IFNAMSIZ) == 0)
110 wpa_printf(MSG_DEBUG, "nl80211: get_bss(%s) failed", iface);
115 static void add_ifidx(struct i802_driver_data *drv, int ifidx)
120 for (i = 0; i < drv->num_if_indices; i++) {
121 if (drv->if_indices[i] == 0) {
122 drv->if_indices[i] = ifidx;
127 if (drv->if_indices != drv->default_if_indices)
128 old = drv->if_indices;
132 drv->if_indices = realloc(old,
133 sizeof(int) * (drv->num_if_indices + 1));
134 if (!drv->if_indices) {
136 drv->if_indices = drv->default_if_indices;
138 drv->if_indices = old;
139 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
141 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
144 drv->if_indices[drv->num_if_indices] = ifidx;
145 drv->num_if_indices++;
149 static void del_ifidx(struct i802_driver_data *drv, int ifidx)
153 for (i = 0; i < drv->num_if_indices; i++) {
154 if (drv->if_indices[i] == ifidx) {
155 drv->if_indices[i] = 0;
162 static int have_ifidx(struct i802_driver_data *drv, int ifidx)
166 if (ifidx == drv->bridge)
169 for (i = 0; i < drv->num_if_indices; i++)
170 if (drv->if_indices[i] == ifidx)
178 static int ack_handler(struct nl_msg *msg, void *arg)
185 static int finish_handler(struct nl_msg *msg, void *arg)
192 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
200 static int send_and_recv_msgs(struct i802_driver_data *drv,
202 int (*valid_handler)(struct nl_msg *, void *),
208 cb = nl_cb_clone(drv->nl_cb);
212 err = nl_send_auto_complete(drv->nl_handle, msg);
218 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
219 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
220 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
223 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
224 valid_handler, valid_data);
227 nl_recvmsgs(drv->nl_handle, cb);
234 static int hostapd_set_iface_flags(struct i802_driver_data *drv,
235 const char *ifname, int dev_up)
239 if (drv->ioctl_sock < 0)
242 memset(&ifr, 0, sizeof(ifr));
243 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
245 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, &ifr) != 0) {
246 perror("ioctl[SIOCGIFFLAGS]");
247 wpa_printf(MSG_DEBUG, "Could not read interface flags (%s)",
253 ifr.ifr_flags |= IFF_UP;
255 ifr.ifr_flags &= ~IFF_UP;
257 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, &ifr) != 0) {
258 perror("ioctl[SIOCSIFFLAGS]");
266 static int nl_set_encr(int ifindex, struct i802_driver_data *drv,
267 wpa_alg alg, const u8 *addr, int idx, const u8 *key,
268 size_t key_len, int txkey)
277 if (alg == WPA_ALG_NONE) {
278 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
279 0, NL80211_CMD_DEL_KEY, 0);
281 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
282 0, NL80211_CMD_NEW_KEY, 0);
283 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
287 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
290 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
294 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC02);
297 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC04);
300 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC06);
303 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
304 "algorithm %d", __func__, alg);
311 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
312 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
313 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
315 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
320 * If we failed or don't need to set the default TX key (below),
323 if (ret || !txkey || addr)
330 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
331 0, NL80211_CMD_SET_KEY, 0);
332 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
333 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
334 if (alg == WPA_ALG_IGTK)
335 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
337 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
339 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
348 static int i802_set_key(const char *iface, void *priv, wpa_alg alg,
349 const u8 *addr, int key_idx, int set_tx, const u8 *seq,
350 size_t seq_len, const u8 *key, size_t key_len)
352 struct i802_driver_data *drv = priv;
355 ret = nl_set_encr(if_nametoindex(iface), drv, alg, addr, key_idx, key,
364 static inline int min_int(int a, int b)
372 static int get_key_handler(struct nl_msg *msg, void *arg)
374 struct nlattr *tb[NL80211_ATTR_MAX + 1];
375 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
377 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
378 genlmsg_attrlen(gnlh, 0), NULL);
381 * TODO: validate the key index and mac address!
382 * Otherwise, there's a race condition as soon as
383 * the kernel starts sending key notifications.
386 if (tb[NL80211_ATTR_KEY_SEQ])
387 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
388 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
393 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
396 struct i802_driver_data *drv = priv;
403 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
404 0, NL80211_CMD_GET_KEY, 0);
407 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
408 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
409 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
413 return send_and_recv_msgs(drv, msg, get_key_handler, seq);
419 static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates,
422 struct i802_driver_data *drv = priv;
424 u8 rates[NL80211_MAX_SUPP_RATES];
432 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
433 NL80211_CMD_SET_BSS, 0);
435 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++)
436 rates[rates_len++] = basic_rates[i] / 5;
438 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
440 /* TODO: multi-BSS support */
441 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
443 return send_and_recv_msgs(drv, msg, NULL, NULL);
449 static int i802_send_frame(void *priv, const void *data, size_t len,
450 int encrypt, int flags)
453 0x00, 0x00, /* radiotap version */
454 0x0e, 0x00, /* radiotap length */
455 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
456 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
458 0x00, 0x00, /* RX and TX flags to indicate that */
459 0x00, 0x00, /* this is the injected frame directly */
461 struct i802_driver_data *drv = priv;
462 struct iovec iov[2] = {
464 .iov_base = &rtap_hdr,
465 .iov_len = sizeof(rtap_hdr),
468 .iov_base = (void*)data,
472 struct msghdr msg = {
483 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
485 return sendmsg(drv->monitor_sock, &msg, flags);
488 static int i802_send_mgmt_frame(void *priv, const void *data, size_t len,
491 struct ieee80211_mgmt *mgmt;
492 int do_not_encrypt = 0;
495 mgmt = (struct ieee80211_mgmt *) data;
496 fc = le_to_host16(mgmt->frame_control);
498 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
499 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
501 * Only one of the authentication frame types is encrypted.
502 * In order for static WEP encryption to work properly (i.e.,
503 * to not encrypt the frame), we need to tell mac80211 about
504 * the frames that must not be encrypted.
506 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
507 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
508 if (auth_alg == WLAN_AUTH_OPEN ||
509 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_trans != 3))
513 return i802_send_frame(priv, data, len, !do_not_encrypt, flags);
516 /* Set kernel driver on given frequency (MHz) */
517 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
519 struct i802_driver_data *drv = priv;
526 drv->last_freq = freq->freq;
527 drv->last_freq_ht = freq->ht_enabled;
529 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
530 NL80211_CMD_SET_WIPHY, 0);
532 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
533 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq);
534 if (freq->ht_enabled) {
535 switch (freq->sec_channel_offset) {
537 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
538 NL80211_CHAN_HT40MINUS);
541 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
542 NL80211_CHAN_HT40PLUS);
545 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
551 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
558 static int i802_set_rts(void *priv, int rts)
560 struct i802_driver_data *drv = priv;
563 memset(&iwr, 0, sizeof(iwr));
564 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
565 iwr.u.rts.value = rts;
568 if (ioctl(drv->ioctl_sock, SIOCSIWRTS, &iwr) < 0) {
569 perror("ioctl[SIOCSIWRTS]");
577 static int i802_get_rts(void *priv, int *rts)
579 struct i802_driver_data *drv = priv;
582 memset(&iwr, 0, sizeof(iwr));
583 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
585 if (ioctl(drv->ioctl_sock, SIOCGIWRTS, &iwr) < 0) {
586 perror("ioctl[SIOCGIWRTS]");
590 *rts = iwr.u.rts.value;
596 static int i802_set_frag(void *priv, int frag)
598 struct i802_driver_data *drv = priv;
601 memset(&iwr, 0, sizeof(iwr));
602 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
603 iwr.u.frag.value = frag;
604 iwr.u.frag.fixed = 1;
606 if (ioctl(drv->ioctl_sock, SIOCSIWFRAG, &iwr) < 0) {
607 perror("ioctl[SIOCSIWFRAG]");
615 static int i802_get_frag(void *priv, int *frag)
617 struct i802_driver_data *drv = priv;
620 memset(&iwr, 0, sizeof(iwr));
621 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
623 if (ioctl(drv->ioctl_sock, SIOCGIWFRAG, &iwr) < 0) {
624 perror("ioctl[SIOCGIWFRAG]");
628 *frag = iwr.u.frag.value;
634 static int i802_set_retry(void *priv, int short_retry, int long_retry)
636 struct i802_driver_data *drv = priv;
639 memset(&iwr, 0, sizeof(iwr));
640 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
642 iwr.u.retry.value = short_retry;
643 iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MIN;
644 if (ioctl(drv->ioctl_sock, SIOCSIWRETRY, &iwr) < 0) {
645 perror("ioctl[SIOCSIWRETRY(short)]");
649 iwr.u.retry.value = long_retry;
650 iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MAX;
651 if (ioctl(drv->ioctl_sock, SIOCSIWRETRY, &iwr) < 0) {
652 perror("ioctl[SIOCSIWRETRY(long)]");
660 static int i802_get_retry(void *priv, int *short_retry, int *long_retry)
662 struct i802_driver_data *drv = priv;
665 memset(&iwr, 0, sizeof(iwr));
666 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
668 iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MIN;
669 if (ioctl(drv->ioctl_sock, SIOCGIWRETRY, &iwr) < 0) {
670 perror("ioctl[SIOCGIWFRAG(short)]");
673 *short_retry = iwr.u.retry.value;
675 iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MAX;
676 if (ioctl(drv->ioctl_sock, SIOCGIWRETRY, &iwr) < 0) {
677 perror("ioctl[SIOCGIWFRAG(long)]");
680 *long_retry = iwr.u.retry.value;
686 static int i802_flush(void *priv)
688 struct i802_driver_data *drv = priv;
695 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
696 0, NL80211_CMD_DEL_STATION, 0);
699 * XXX: FIX! this needs to flush all VLANs too
701 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
702 if_nametoindex(drv->iface));
704 return send_and_recv_msgs(drv, msg, NULL, NULL);
710 static int get_sta_handler(struct nl_msg *msg, void *arg)
712 struct nlattr *tb[NL80211_ATTR_MAX + 1];
713 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
714 struct hostap_sta_driver_data *data = arg;
715 struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
716 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
717 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
718 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
719 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
720 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
721 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
724 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
725 genlmsg_attrlen(gnlh, 0), NULL);
728 * TODO: validate the interface and mac address!
729 * Otherwise, there's a race condition as soon as
730 * the kernel starts sending station notifications.
733 if (!tb[NL80211_ATTR_STA_INFO]) {
734 wpa_printf(MSG_DEBUG, "sta stats missing!");
737 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
738 tb[NL80211_ATTR_STA_INFO],
740 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
744 if (stats[NL80211_STA_INFO_INACTIVE_TIME])
745 data->inactive_msec =
746 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
747 if (stats[NL80211_STA_INFO_RX_BYTES])
748 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
749 if (stats[NL80211_STA_INFO_TX_BYTES])
750 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
751 if (stats[NL80211_STA_INFO_RX_PACKETS])
753 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
754 if (stats[NL80211_STA_INFO_TX_PACKETS])
756 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
761 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
764 struct i802_driver_data *drv = priv;
767 os_memset(data, 0, sizeof(*data));
772 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
773 0, NL80211_CMD_GET_STATION, 0);
775 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
776 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
778 return send_and_recv_msgs(drv, msg, get_sta_handler, data);
784 static int i802_send_eapol(void *priv, const u8 *addr, const u8 *data,
785 size_t data_len, int encrypt, const u8 *own_addr)
787 struct i802_driver_data *drv = priv;
788 struct ieee80211_hdr *hdr;
793 int qos = sta->flags & WLAN_STA_WME;
798 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
800 hdr = os_zalloc(len);
802 printf("malloc() failed for i802_send_data(len=%lu)\n",
803 (unsigned long) len);
808 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
809 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
811 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
812 #if 0 /* To be enabled if qos determination is added above */
814 hdr->frame_control |=
815 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
819 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
820 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
821 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
822 pos = (u8 *) (hdr + 1);
824 #if 0 /* To be enabled if qos determination is added above */
826 /* add an empty QoS header if needed */
833 memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
834 pos += sizeof(rfc1042_header);
835 WPA_PUT_BE16(pos, ETH_P_PAE);
837 memcpy(pos, data, data_len);
839 res = i802_send_frame(drv, (u8 *) hdr, len, encrypt, 0);
843 perror("i802_send_eapol: send");
844 printf("i802_send_eapol - packet len: %lu - failed\n",
845 (unsigned long) len);
852 static int i802_sta_add(const char *ifname, void *priv,
853 struct hostapd_sta_add_params *params)
855 struct i802_driver_data *drv = priv;
863 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
864 0, NL80211_CMD_NEW_STATION, 0);
866 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
867 if_nametoindex(drv->iface));
868 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
869 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
870 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
872 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
873 params->listen_interval);
875 #ifdef CONFIG_IEEE80211N
876 if (params->ht_capabilities) {
877 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
878 params->ht_capabilities->length,
879 ¶ms->ht_capabilities->data);
881 #endif /* CONFIG_IEEE80211N */
883 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
885 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION "
886 "result: %d (%s)", ret, strerror(-ret));
894 static int i802_sta_remove(void *priv, const u8 *addr)
896 struct i802_driver_data *drv = priv;
904 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
905 0, NL80211_CMD_DEL_STATION, 0);
907 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
908 if_nametoindex(drv->iface));
909 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
911 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
920 static int i802_sta_set_flags(void *priv, const u8 *addr,
921 int total_flags, int flags_or, int flags_and)
923 struct i802_driver_data *drv = priv;
924 struct nl_msg *msg, *flags = NULL;
930 flags = nlmsg_alloc();
936 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
937 0, NL80211_CMD_SET_STATION, 0);
939 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
940 if_nametoindex(drv->iface));
941 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
943 if (total_flags & WLAN_STA_AUTHORIZED || !drv->ieee802_1x_active)
944 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
946 if (total_flags & WLAN_STA_WMM)
947 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
949 if (total_flags & WLAN_STA_SHORT_PREAMBLE)
950 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
952 if (total_flags & WLAN_STA_MFP)
953 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP);
955 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
956 goto nla_put_failure;
960 return send_and_recv_msgs(drv, msg, NULL, NULL);
967 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
968 int cw_min, int cw_max, int burst_time)
970 struct i802_driver_data *drv = priv;
972 struct nlattr *txq, *params;
978 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
979 0, NL80211_CMD_SET_WIPHY, 0);
981 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
983 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
985 goto nla_put_failure;
987 /* We are only sending parameters for a single TXQ at a time */
988 params = nla_nest_start(msg, 1);
990 goto nla_put_failure;
992 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, queue);
993 /* Burst time is configured in units of 0.1 msec and TXOP parameter in
994 * 32 usec, so need to convert the value here. */
995 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
996 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
997 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
998 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
1000 nla_nest_end(msg, params);
1002 nla_nest_end(msg, txq);
1004 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
1011 static void nl80211_remove_iface(struct i802_driver_data *drv, int ifidx)
1015 /* stop listening for EAPOL on this interface */
1016 del_ifidx(drv, ifidx);
1018 msg = nlmsg_alloc();
1020 goto nla_put_failure;
1022 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1023 0, NL80211_CMD_DEL_INTERFACE, 0);
1024 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
1026 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
1029 printf("Failed to remove interface.\n");
1033 static int nl80211_create_iface(struct i802_driver_data *drv,
1035 enum nl80211_iftype iftype,
1038 struct nl_msg *msg, *flags = NULL;
1044 msg = nlmsg_alloc();
1048 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1049 0, NL80211_CMD_NEW_INTERFACE, 0);
1050 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
1051 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
1052 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
1054 if (iftype == NL80211_IFTYPE_MONITOR) {
1057 flags = nlmsg_alloc();
1059 goto nla_put_failure;
1061 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
1063 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
1068 goto nla_put_failure;
1071 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1074 printf("Failed to create interface %s.\n", ifname);
1078 ifidx = if_nametoindex(ifname);
1083 /* start listening for EAPOL on this interface */
1084 add_ifidx(drv, ifidx);
1088 case NL80211_IFTYPE_AP:
1089 os_strlcpy(ifreq.ifr_name, ifname, IFNAMSIZ);
1090 memcpy(ifreq.ifr_hwaddr.sa_data, addr, ETH_ALEN);
1091 ifreq.ifr_hwaddr.sa_family = ARPHRD_ETHER;
1093 if (ioctl(drv->ioctl_sock, SIOCSIFHWADDR, &ifreq)) {
1094 nl80211_remove_iface(drv, ifidx);
1098 case NL80211_IFTYPE_WDS:
1099 memset(&iwr, 0, sizeof(iwr));
1100 os_strlcpy(iwr.ifr_name, ifname, IFNAMSIZ);
1101 iwr.u.addr.sa_family = ARPHRD_ETHER;
1102 memcpy(iwr.u.addr.sa_data, addr, ETH_ALEN);
1103 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr))
1116 static int i802_bss_add(void *priv, const char *ifname, const u8 *bssid)
1118 struct i802_driver_data *drv = priv;
1120 struct i802_bss *bss;
1122 bss = os_zalloc(sizeof(*bss));
1125 os_strlcpy(bss->iface, ifname, IFNAMSIZ);
1127 ifidx = nl80211_create_iface(priv, ifname, NL80211_IFTYPE_AP, bssid);
1132 if (hostapd_set_iface_flags(priv, ifname, 1)) {
1133 nl80211_remove_iface(priv, ifidx);
1137 bss->next = drv->bss.next;
1138 drv->bss.next = bss;
1143 static int i802_bss_remove(void *priv, const char *ifname)
1145 struct i802_driver_data *drv = priv;
1146 struct i802_bss *bss, *prev;
1147 nl80211_remove_iface(priv, if_nametoindex(ifname));
1149 bss = drv->bss.next;
1151 if (os_strncmp(ifname, bss->iface, IFNAMSIZ) == 0) {
1152 prev->next = bss->next;
1163 static int i802_set_beacon(const char *iface, void *priv,
1164 u8 *head, size_t head_len,
1165 u8 *tail, size_t tail_len)
1167 struct i802_driver_data *drv = priv;
1169 u8 cmd = NL80211_CMD_NEW_BEACON;
1171 struct i802_bss *bss;
1173 bss = get_bss(drv, iface);
1177 msg = nlmsg_alloc();
1181 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (iface=%s beacon_set=%d)",
1182 iface, bss->beacon_set);
1183 if (bss->beacon_set)
1184 cmd = NL80211_CMD_SET_BEACON;
1186 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1188 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
1189 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
1190 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
1191 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, drv->beacon_int);
1193 if (!bss->dtim_period)
1194 bss->dtim_period = 2;
1195 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, bss->dtim_period);
1197 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1199 bss->beacon_set = 1;
1206 static int i802_del_beacon(struct i802_driver_data *drv)
1210 msg = nlmsg_alloc();
1214 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1215 0, NL80211_CMD_DEL_BEACON, 0);
1216 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
1218 return send_and_recv_msgs(drv, msg, NULL, NULL);
1224 static int i802_set_ieee8021x(const char *ifname, void *priv, int enabled)
1226 struct i802_driver_data *drv = priv;
1229 * FIXME: This needs to be per interface (BSS)
1231 drv->ieee802_1x_active = enabled;
1236 static int i802_set_privacy(const char *ifname, void *priv, int enabled)
1238 struct i802_driver_data *drv = priv;
1241 memset(&iwr, 0, sizeof(iwr));
1243 os_strlcpy(iwr.ifr_name, ifname, IFNAMSIZ);
1244 iwr.u.param.flags = IW_AUTH_PRIVACY_INVOKED;
1245 iwr.u.param.value = enabled;
1247 ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr);
1249 /* ignore errors, the kernel/driver might not care */
1254 static int i802_set_internal_bridge(void *priv, int value)
1260 static int i802_set_beacon_int(void *priv, int value)
1262 struct i802_driver_data *drv = priv;
1265 drv->beacon_int = value;
1267 if (!drv->bss.beacon_set)
1270 msg = nlmsg_alloc();
1274 wpa_printf(MSG_DEBUG, "nl80211: Set beacon interval %d "
1275 "(beacon_set=%d)", value, drv->bss.beacon_set);
1276 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1277 0, NL80211_CMD_SET_BEACON, 0);
1278 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
1280 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, value);
1282 return send_and_recv_msgs(drv, msg, NULL, NULL);
1288 static int i802_set_dtim_period(const char *iface, void *priv, int value)
1290 struct i802_driver_data *drv = priv;
1293 struct i802_bss *bss;
1295 bss = get_bss(drv, iface);
1299 msg = nlmsg_alloc();
1303 wpa_printf(MSG_DEBUG, "nl80211: Set beacon DTIM period %d (iface=%s "
1304 "beacon_set=%d)", value, iface, bss->beacon_set);
1305 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1306 0, NL80211_CMD_SET_BEACON, 0);
1307 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
1309 bss->dtim_period = value;
1310 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, bss->dtim_period);
1312 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1314 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_SET_BEACON(%s) "
1315 "result: %d (%s)", iface, ret, strerror(-ret));
1322 static int i802_set_bss(void *priv, int cts, int preamble, int slot)
1324 struct i802_driver_data *drv = priv;
1327 msg = nlmsg_alloc();
1331 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1332 NL80211_CMD_SET_BSS, 0);
1335 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
1337 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
1339 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
1341 /* TODO: multi-BSS support */
1342 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
1344 return send_and_recv_msgs(drv, msg, NULL, NULL);
1350 static int i802_set_cts_protect(void *priv, int value)
1352 return i802_set_bss(priv, value, -1, -1);
1356 static int i802_set_preamble(void *priv, int value)
1358 return i802_set_bss(priv, -1, value, -1);
1362 static int i802_set_short_slot_time(void *priv, int value)
1364 return i802_set_bss(priv, -1, -1, value);
1368 static enum nl80211_iftype i802_if_type(enum hostapd_driver_if_type type)
1371 case HOSTAPD_IF_VLAN:
1372 return NL80211_IFTYPE_AP_VLAN;
1373 case HOSTAPD_IF_WDS:
1374 return NL80211_IFTYPE_WDS;
1380 static int i802_if_add(const char *iface, void *priv,
1381 enum hostapd_driver_if_type type, char *ifname,
1384 if (nl80211_create_iface(priv, ifname, i802_if_type(type), addr) < 0)
1390 static int i802_if_update(void *priv, enum hostapd_driver_if_type type,
1391 char *ifname, const u8 *addr)
1393 /* unused at the moment */
1398 static int i802_if_remove(void *priv, enum hostapd_driver_if_type type,
1399 const char *ifname, const u8 *addr)
1401 nl80211_remove_iface(priv, if_nametoindex(ifname));
1406 struct phy_info_arg {
1408 struct hostapd_hw_modes *modes;
1411 static int phy_info_handler(struct nl_msg *msg, void *arg)
1413 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
1414 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1415 struct phy_info_arg *phy_info = arg;
1417 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
1419 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
1420 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
1421 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
1422 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
1423 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
1424 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
1425 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
1426 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
1429 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
1430 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
1431 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
1432 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
1435 struct nlattr *nl_band;
1436 struct nlattr *nl_freq;
1437 struct nlattr *nl_rate;
1438 int rem_band, rem_freq, rem_rate;
1439 struct hostapd_hw_modes *mode;
1440 int idx, mode_is_set;
1442 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1443 genlmsg_attrlen(gnlh, 0), NULL);
1445 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
1448 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
1449 mode = realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
1452 phy_info->modes = mode;
1456 mode = &phy_info->modes[*(phy_info->num_modes)];
1457 memset(mode, 0, sizeof(*mode));
1458 *(phy_info->num_modes) += 1;
1460 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
1461 nla_len(nl_band), NULL);
1463 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) {
1464 mode->ht_capab = nla_get_u16(
1465 tb_band[NL80211_BAND_ATTR_HT_CAPA]);
1468 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
1469 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
1470 nla_len(nl_freq), freq_policy);
1471 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
1473 mode->num_channels++;
1476 mode->channels = calloc(mode->num_channels, sizeof(struct hostapd_channel_data));
1477 if (!mode->channels)
1482 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
1483 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
1484 nla_len(nl_freq), freq_policy);
1485 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
1488 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
1489 mode->channels[idx].flag = 0;
1492 /* crude heuristic */
1493 if (mode->channels[idx].freq < 4000)
1494 mode->mode = HOSTAPD_MODE_IEEE80211B;
1496 mode->mode = HOSTAPD_MODE_IEEE80211A;
1500 /* crude heuristic */
1501 if (mode->channels[idx].freq < 4000)
1502 if (mode->channels[idx].freq == 2848)
1503 mode->channels[idx].chan = 14;
1505 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
1507 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
1509 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
1510 mode->channels[idx].flag |=
1511 HOSTAPD_CHAN_DISABLED;
1512 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
1513 mode->channels[idx].flag |=
1514 HOSTAPD_CHAN_PASSIVE_SCAN;
1515 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
1516 mode->channels[idx].flag |=
1517 HOSTAPD_CHAN_NO_IBSS;
1518 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
1519 mode->channels[idx].flag |=
1522 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] &&
1523 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
1524 mode->channels[idx].max_tx_power =
1525 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100;
1530 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
1531 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
1532 nla_len(nl_rate), rate_policy);
1533 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
1538 mode->rates = calloc(mode->num_rates, sizeof(struct hostapd_rate_data));
1544 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
1545 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
1546 nla_len(nl_rate), rate_policy);
1547 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
1549 mode->rates[idx].rate = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
1551 /* crude heuristic */
1552 if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
1553 mode->rates[idx].rate > 200)
1554 mode->mode = HOSTAPD_MODE_IEEE80211G;
1556 if (tb_rate[NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE])
1557 mode->rates[idx].flags |= HOSTAPD_RATE_PREAMBLE2;
1566 static struct hostapd_hw_modes *i802_add_11b(struct hostapd_hw_modes *modes,
1570 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
1571 int i, mode11g_idx = -1;
1573 /* If only 802.11g mode is included, use it to construct matching
1574 * 802.11b mode data. */
1576 for (m = 0; m < *num_modes; m++) {
1577 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
1578 return modes; /* 802.11b already included */
1579 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
1583 if (mode11g_idx < 0)
1584 return modes; /* 2.4 GHz band not supported at all */
1586 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes));
1588 return modes; /* Could not add 802.11b mode */
1590 mode = &nmodes[*num_modes];
1591 os_memset(mode, 0, sizeof(*mode));
1595 mode->mode = HOSTAPD_MODE_IEEE80211B;
1597 mode11g = &modes[mode11g_idx];
1598 mode->num_channels = mode11g->num_channels;
1599 mode->channels = os_malloc(mode11g->num_channels *
1600 sizeof(struct hostapd_channel_data));
1601 if (mode->channels == NULL) {
1603 return modes; /* Could not add 802.11b mode */
1605 os_memcpy(mode->channels, mode11g->channels,
1606 mode11g->num_channels * sizeof(struct hostapd_channel_data));
1608 mode->num_rates = 0;
1609 mode->rates = os_malloc(4 * sizeof(struct hostapd_rate_data));
1610 if (mode->rates == NULL) {
1611 os_free(mode->channels);
1613 return modes; /* Could not add 802.11b mode */
1616 for (i = 0; i < mode11g->num_rates; i++) {
1617 if (mode11g->rates[i].rate > 110 ||
1618 mode11g->rates[i].flags &
1619 (HOSTAPD_RATE_ERP | HOSTAPD_RATE_OFDM))
1621 mode->rates[mode->num_rates] = mode11g->rates[i];
1623 if (mode->num_rates == 4)
1627 if (mode->num_rates == 0) {
1628 os_free(mode->channels);
1629 os_free(mode->rates);
1631 return modes; /* No 802.11b rates */
1634 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
1640 static struct hostapd_hw_modes *i802_get_hw_feature_data(void *priv,
1644 struct i802_driver_data *drv = priv;
1646 struct phy_info_arg result = {
1647 .num_modes = num_modes,
1654 msg = nlmsg_alloc();
1658 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1659 0, NL80211_CMD_GET_WIPHY, 0);
1661 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
1663 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0)
1664 return i802_add_11b(result.modes, num_modes);
1670 static int i802_set_sta_vlan(void *priv, const u8 *addr,
1671 const char *ifname, int vlan_id)
1673 struct i802_driver_data *drv = priv;
1676 msg = nlmsg_alloc();
1680 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1681 0, NL80211_CMD_SET_STATION, 0);
1683 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
1684 if_nametoindex(drv->iface));
1685 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
1686 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
1687 if_nametoindex(ifname));
1689 return send_and_recv_msgs(drv, msg, NULL, NULL);
1695 static int i802_set_country(void *priv, const char *country)
1697 struct i802_driver_data *drv = priv;
1701 msg = nlmsg_alloc();
1705 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1706 0, NL80211_CMD_REQ_SET_REG, 0);
1708 alpha2[0] = country[0];
1709 alpha2[1] = country[1];
1711 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
1713 return send_and_recv_msgs(drv, msg, NULL, NULL);
1719 static void handle_tx_callback(struct hostapd_data *hapd, u8 *buf, size_t len,
1722 struct ieee80211_hdr *hdr;
1723 u16 fc, type, stype;
1725 hdr = (struct ieee80211_hdr *) buf;
1726 fc = le_to_host16(hdr->frame_control);
1728 type = WLAN_FC_GET_TYPE(fc);
1729 stype = WLAN_FC_GET_STYPE(fc);
1732 case WLAN_FC_TYPE_MGMT:
1733 wpa_printf(MSG_DEBUG, "MGMT (TX callback) %s",
1734 ok ? "ACK" : "fail");
1735 hostapd_mgmt_tx_cb(hapd, buf, len, stype, ok);
1737 case WLAN_FC_TYPE_CTRL:
1738 wpa_printf(MSG_DEBUG, "CTRL (TX callback) %s",
1739 ok ? "ACK" : "fail");
1741 case WLAN_FC_TYPE_DATA:
1742 hostapd_tx_status(hapd, hdr->addr1, buf, len, ok);
1745 printf("unknown TX callback frame type %d\n", type);
1751 static void handle_frame(struct i802_driver_data *drv,
1752 struct hostapd_iface *iface, u8 *buf, size_t len,
1753 struct hostapd_frame_info *hfi,
1754 enum ieee80211_msg_type msg_type)
1756 struct ieee80211_hdr *hdr;
1757 u16 fc, type, stype;
1758 size_t data_len = len;
1759 struct hostapd_data *hapd = NULL;
1760 int broadcast_bssid = 0;
1765 * PS-Poll frames are 16 bytes. All other frames are
1766 * 24 bytes or longer.
1771 hdr = (struct ieee80211_hdr *) buf;
1772 fc = le_to_host16(hdr->frame_control);
1774 type = WLAN_FC_GET_TYPE(fc);
1775 stype = WLAN_FC_GET_STYPE(fc);
1778 case WLAN_FC_TYPE_DATA:
1781 switch (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) {
1785 case WLAN_FC_FROMDS:
1793 case WLAN_FC_TYPE_CTRL:
1794 /* discard non-ps-poll frames */
1795 if (stype != WLAN_FC_STYPE_PSPOLL)
1799 case WLAN_FC_TYPE_MGMT:
1807 /* find interface frame belongs to */
1808 for (i = 0; i < iface->num_bss; i++) {
1809 if (memcmp(bssid, iface->bss[i]->own_addr, ETH_ALEN) == 0) {
1810 hapd = iface->bss[i];
1816 hapd = iface->bss[0];
1818 if (bssid[0] != 0xff || bssid[1] != 0xff ||
1819 bssid[2] != 0xff || bssid[3] != 0xff ||
1820 bssid[4] != 0xff || bssid[5] != 0xff) {
1822 * Unknown BSSID - drop frame if this is not from
1823 * passive scanning or a beacon (at least ProbeReq
1824 * frames to other APs may be allowed through RX
1825 * filtering in the wlan hw/driver)
1827 if ((type != WLAN_FC_TYPE_MGMT ||
1828 stype != WLAN_FC_STYPE_BEACON))
1831 broadcast_bssid = 1;
1835 case ieee80211_msg_normal:
1836 /* continue processing */
1838 case ieee80211_msg_tx_callback_ack:
1839 handle_tx_callback(hapd, buf, data_len, 1);
1841 case ieee80211_msg_tx_callback_fail:
1842 handle_tx_callback(hapd, buf, data_len, 0);
1847 case WLAN_FC_TYPE_MGMT:
1848 if (stype != WLAN_FC_STYPE_BEACON &&
1849 stype != WLAN_FC_STYPE_PROBE_REQ)
1850 wpa_printf(MSG_MSGDUMP, "MGMT");
1851 if (broadcast_bssid) {
1852 for (i = 0; i < iface->num_bss; i++)
1853 hostapd_mgmt_rx(iface->bss[i], buf, data_len,
1856 hostapd_mgmt_rx(hapd, buf, data_len, stype, hfi);
1858 case WLAN_FC_TYPE_CTRL:
1859 /* can only get here with PS-Poll frames */
1860 wpa_printf(MSG_DEBUG, "CTRL");
1861 hostapd_rx_from_unknown_sta(drv->hapd, hdr->addr2);
1863 case WLAN_FC_TYPE_DATA:
1864 hostapd_rx_from_unknown_sta(drv->hapd, hdr->addr2);
1870 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
1872 struct i802_driver_data *drv = eloop_ctx;
1873 struct hostapd_data *hapd = drv->hapd;
1874 struct sockaddr_ll lladdr;
1875 unsigned char buf[3000];
1877 socklen_t fromlen = sizeof(lladdr);
1879 len = recvfrom(sock, buf, sizeof(buf), 0,
1880 (struct sockaddr *)&lladdr, &fromlen);
1886 if (have_ifidx(drv, lladdr.sll_ifindex))
1887 hostapd_eapol_receive(hapd, lladdr.sll_addr, buf, len);
1891 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
1893 struct i802_driver_data *drv = eloop_ctx;
1895 unsigned char buf[3000];
1896 struct hostapd_data *hapd = drv->hapd;
1897 struct ieee80211_radiotap_iterator iter;
1899 struct hostapd_frame_info hfi;
1900 int injected = 0, failed = 0, msg_type, rxflags = 0;
1902 len = recv(sock, buf, sizeof(buf), 0);
1908 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
1909 printf("received invalid radiotap frame\n");
1913 memset(&hfi, 0, sizeof(hfi));
1916 ret = ieee80211_radiotap_iterator_next(&iter);
1920 printf("received invalid radiotap frame (%d)\n", ret);
1923 switch (iter.this_arg_index) {
1924 case IEEE80211_RADIOTAP_FLAGS:
1925 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
1928 case IEEE80211_RADIOTAP_RX_FLAGS:
1931 case IEEE80211_RADIOTAP_TX_FLAGS:
1933 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
1934 IEEE80211_RADIOTAP_F_TX_FAIL;
1936 case IEEE80211_RADIOTAP_DATA_RETRIES:
1938 case IEEE80211_RADIOTAP_CHANNEL:
1939 /* TODO convert from freq/flags to channel number
1944 case IEEE80211_RADIOTAP_RATE:
1945 hfi.datarate = *iter.this_arg * 5;
1947 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
1948 hfi.ssi_signal = *iter.this_arg;
1953 if (rxflags && injected)
1957 msg_type = ieee80211_msg_normal;
1959 msg_type = ieee80211_msg_tx_callback_fail;
1961 msg_type = ieee80211_msg_tx_callback_ack;
1963 handle_frame(drv, hapd->iface, buf + iter.max_length,
1964 len - iter.max_length, &hfi, msg_type);
1969 * we post-process the filter code later and rewrite
1970 * this to the offset to the last instruction
1975 static struct sock_filter msock_filter_insns[] = {
1977 * do a little-endian load of the radiotap length field
1979 /* load lower byte into A */
1980 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
1981 /* put it into X (== index register) */
1982 BPF_STMT(BPF_MISC| BPF_TAX, 0),
1983 /* load upper byte into A */
1984 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
1985 /* left-shift it by 8 */
1986 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
1988 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
1989 /* put result into X */
1990 BPF_STMT(BPF_MISC| BPF_TAX, 0),
1993 * Allow management frames through, this also gives us those
1994 * management frames that we sent ourselves with status
1996 /* load the lower byte of the IEEE 802.11 frame control field */
1997 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
1998 /* mask off frame type and version */
1999 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
2000 /* accept frame if it's both 0, fall through otherwise */
2001 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
2004 * TODO: add a bit to radiotap RX flags that indicates
2005 * that the sending station is not associated, then
2006 * add a filter here that filters on our DA and that flag
2007 * to allow us to deauth frames to that bad station.
2009 * Not a regression -- we didn't do it before either.
2014 * drop non-data frames, WDS frames
2016 /* load the lower byte of the frame control field */
2017 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2018 /* mask off QoS bit */
2019 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
2020 /* drop non-data frames */
2021 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
2022 /* load the upper byte of the frame control field */
2023 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2024 /* mask off toDS/fromDS */
2025 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
2026 /* drop WDS frames */
2027 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, FAIL, 0),
2031 * add header length to index
2033 /* load the lower byte of the frame control field */
2034 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2035 /* mask off QoS bit */
2036 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
2037 /* right shift it by 6 to give 0 or 2 */
2038 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
2039 /* add data frame header length */
2040 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
2041 /* add index, was start of 802.11 header */
2042 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
2043 /* move to index, now start of LL header */
2044 BPF_STMT(BPF_MISC | BPF_TAX, 0),
2047 * Accept empty data frames, we use those for
2050 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
2051 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
2054 * Accept EAPOL frames
2056 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
2057 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
2058 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
2059 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
2061 /* keep these last two statements or change the code below */
2062 /* return 0 == "DROP" */
2063 BPF_STMT(BPF_RET | BPF_K, 0),
2064 /* return ~0 == "keep all" */
2065 BPF_STMT(BPF_RET | BPF_K, ~0),
2068 static struct sock_fprog msock_filter = {
2069 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
2070 .filter = msock_filter_insns,
2074 static int add_monitor_filter(int s)
2078 /* rewrite all PASS/FAIL jump offsets */
2079 for (idx = 0; idx < msock_filter.len; idx++) {
2080 struct sock_filter *insn = &msock_filter_insns[idx];
2082 if (BPF_CLASS(insn->code) == BPF_JMP) {
2083 if (insn->code == (BPF_JMP|BPF_JA)) {
2084 if (insn->k == PASS)
2085 insn->k = msock_filter.len - idx - 2;
2086 else if (insn->k == FAIL)
2087 insn->k = msock_filter.len - idx - 3;
2090 if (insn->jt == PASS)
2091 insn->jt = msock_filter.len - idx - 2;
2092 else if (insn->jt == FAIL)
2093 insn->jt = msock_filter.len - idx - 3;
2095 if (insn->jf == PASS)
2096 insn->jf = msock_filter.len - idx - 2;
2097 else if (insn->jf == FAIL)
2098 insn->jf = msock_filter.len - idx - 3;
2102 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
2103 &msock_filter, sizeof(msock_filter))) {
2104 perror("SO_ATTACH_FILTER");
2112 static int nl80211_create_monitor_interface(struct i802_driver_data *drv)
2115 struct sockaddr_ll ll;
2119 snprintf(buf, IFNAMSIZ, "mon.%s", drv->iface);
2120 buf[IFNAMSIZ - 1] = '\0';
2122 drv->monitor_ifidx =
2123 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL);
2125 if (drv->monitor_ifidx < 0)
2128 if (hostapd_set_iface_flags(drv, buf, 1))
2131 memset(&ll, 0, sizeof(ll));
2132 ll.sll_family = AF_PACKET;
2133 ll.sll_ifindex = drv->monitor_ifidx;
2134 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
2135 if (drv->monitor_sock < 0) {
2136 perror("socket[PF_PACKET,SOCK_RAW]");
2140 if (add_monitor_filter(drv->monitor_sock)) {
2141 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
2142 "interface; do filtering in user space");
2143 /* This works, but will cost in performance. */
2146 if (bind(drv->monitor_sock, (struct sockaddr *) &ll,
2148 perror("monitor socket bind");
2152 optlen = sizeof(optval);
2155 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
2156 perror("Failed to set socket priority");
2160 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
2162 printf("Could not register monitor read socket\n");
2168 nl80211_remove_iface(drv, drv->monitor_ifidx);
2173 static int nl80211_set_mode(struct i802_driver_data *drv, const char *ifname,
2179 msg = nlmsg_alloc();
2183 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2184 0, NL80211_CMD_SET_INTERFACE, 0);
2185 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
2186 if_nametoindex(ifname));
2187 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
2189 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2193 wpa_printf(MSG_ERROR, "Failed to set interface %s to master "
2199 #ifdef CONFIG_IEEE80211N
2200 static void i802_add_neighbor(struct i802_driver_data *drv, u8 *bssid,
2201 int freq, u8 *ie, size_t ie_len)
2203 struct ieee802_11_elems elems;
2204 int ht, pri_chan = 0, sec_chan = 0;
2205 struct ieee80211_ht_operation *oper;
2206 struct hostapd_neighbor_bss *nnei;
2208 ieee802_11_parse_elems(ie, ie_len, &elems, 0);
2209 ht = elems.ht_capabilities || elems.ht_operation;
2210 if (elems.ht_operation && elems.ht_operation_len >= sizeof(*oper)) {
2211 oper = (struct ieee80211_ht_operation *) elems.ht_operation;
2212 pri_chan = oper->control_chan;
2213 if (oper->ht_param & HT_INFO_HT_PARAM_REC_TRANS_CHNL_WIDTH) {
2214 if (oper->ht_param &
2215 HT_INFO_HT_PARAM_SECONDARY_CHNL_ABOVE)
2216 sec_chan = pri_chan + 4;
2217 else if (oper->ht_param &
2218 HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW)
2219 sec_chan = pri_chan - 4;
2223 wpa_printf(MSG_DEBUG, "nl80211: Neighboring BSS - bssid=" MACSTR
2224 " freq=%d MHz HT=%d pri_chan=%d sec_chan=%d",
2225 MAC2STR(bssid), freq, ht, pri_chan, sec_chan);
2227 nnei = os_realloc(drv->neighbors, (drv->num_neighbors + 1) *
2228 sizeof(struct hostapd_neighbor_bss));
2231 drv->neighbors = nnei;
2232 nnei = &nnei[drv->num_neighbors];
2233 os_memcpy(nnei->bssid, bssid, ETH_ALEN);
2236 nnei->pri_chan = pri_chan;
2237 nnei->sec_chan = sec_chan;
2238 drv->num_neighbors++;
2242 static int i802_get_scan_freq(struct iw_event *iwe, int *freq)
2244 int divi = 1000000, i;
2246 if (iwe->u.freq.e == 0) {
2248 * Some drivers do not report frequency, but a channel.
2249 * Try to map this to frequency by assuming they are using
2250 * IEEE 802.11b/g. But don't overwrite a previously parsed
2251 * frequency if the driver sends both frequency and channel,
2252 * since the driver may be sending an A-band channel that we
2253 * don't handle here.
2259 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
2260 *freq = 2407 + 5 * iwe->u.freq.m;
2262 } else if (iwe->u.freq.m == 14) {
2268 if (iwe->u.freq.e > 6) {
2269 wpa_printf(MSG_DEBUG, "Invalid freq in scan results: "
2270 "m=%d e=%d", iwe->u.freq.m, iwe->u.freq.e);
2274 for (i = 0; i < iwe->u.freq.e; i++)
2276 *freq = iwe->u.freq.m / divi;
2281 static int i802_parse_scan(struct i802_driver_data *drv, u8 *res_buf,
2286 struct iw_event iwe_buf, *iwe = &iwe_buf;
2287 char *pos, *end, *custom;
2296 pos = (char *) res_buf;
2297 end = (char *) res_buf + len;
2299 while (pos + IW_EV_LCP_LEN <= end) {
2300 /* Event data may be unaligned, so make a local, aligned copy
2301 * before processing. */
2302 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
2303 if (iwe->len <= IW_EV_LCP_LEN)
2306 custom = pos + IW_EV_POINT_LEN;
2307 if (iwe->cmd == IWEVGENIE) {
2308 /* WE-19 removed the pointer from struct iw_point */
2309 char *dpos = (char *) &iwe_buf.u.data.length;
2310 int dlen = dpos - (char *) &iwe_buf;
2311 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
2312 sizeof(struct iw_event) - dlen);
2314 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
2315 custom += IW_EV_POINT_OFF;
2321 i802_add_neighbor(drv, bssid, freq, ie,
2324 os_memcpy(bssid, iwe->u.ap_addr.sa_data, ETH_ALEN);
2330 i802_get_scan_freq(iwe, &freq);
2333 if (custom + iwe->u.data.length > end) {
2334 wpa_printf(MSG_ERROR, "IWEVGENIE overflow");
2338 ie_len = iwe->u.data.length;
2346 i802_add_neighbor(drv, bssid, freq, ie, ie_len);
2352 static int i802_get_ht_scan_res(struct i802_driver_data *drv)
2359 res_buf_len = IW_SCAN_MAX_DATA;
2361 res_buf = os_malloc(res_buf_len);
2362 if (res_buf == NULL)
2364 os_memset(&iwr, 0, sizeof(iwr));
2365 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
2366 iwr.u.data.pointer = res_buf;
2367 iwr.u.data.length = res_buf_len;
2369 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
2372 if (errno == E2BIG && res_buf_len < 65535) {
2376 if (res_buf_len > 65535)
2377 res_buf_len = 65535; /* 16-bit length field */
2378 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
2379 "trying larger buffer (%lu bytes)",
2380 (unsigned long) res_buf_len);
2382 perror("ioctl[SIOCGIWSCAN]");
2388 if (iwr.u.data.length > res_buf_len) {
2393 res = i802_parse_scan(drv, res_buf, iwr.u.data.length);
2400 static int i802_is_event_wireless_scan_complete(char *data, int len)
2402 struct iw_event iwe_buf, *iwe = &iwe_buf;
2408 while (pos + IW_EV_LCP_LEN <= end) {
2409 /* Event data may be unaligned, so make a local, aligned copy
2410 * before processing. */
2411 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
2412 if (iwe->cmd == SIOCGIWSCAN)
2422 static int i802_is_rtm_scan_complete(int ifindex, struct nlmsghdr *h, int len)
2424 struct ifinfomsg *ifi;
2425 int attrlen, _nlmsg_len, rta_len;
2426 struct rtattr *attr;
2428 if (len < (int) sizeof(*ifi))
2431 ifi = NLMSG_DATA(h);
2433 if (ifindex != ifi->ifi_index)
2434 return 0; /* event for foreign ifindex */
2436 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
2438 attrlen = h->nlmsg_len - _nlmsg_len;
2442 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
2444 rta_len = RTA_ALIGN(sizeof(struct rtattr));
2445 while (RTA_OK(attr, attrlen)) {
2446 if (attr->rta_type == IFLA_WIRELESS &&
2447 i802_is_event_wireless_scan_complete(
2448 ((char *) attr) + rta_len,
2449 attr->rta_len - rta_len))
2451 attr = RTA_NEXT(attr, attrlen);
2458 static int i802_is_scan_complete(int s, int ifindex)
2464 left = recv(s, buf, sizeof(buf), MSG_DONTWAIT);
2466 perror("recv(netlink)");
2470 h = (struct nlmsghdr *) buf;
2471 while (left >= (int) sizeof(*h)) {
2475 plen = len - sizeof(*h);
2476 if (len > left || plen < 0) {
2477 wpa_printf(MSG_DEBUG, "Malformed netlink message: "
2478 "len=%d left=%d plen=%d",
2483 switch (h->nlmsg_type) {
2485 if (i802_is_rtm_scan_complete(ifindex, h, plen))
2490 len = NLMSG_ALIGN(len);
2492 h = (struct nlmsghdr *) ((char *) h + len);
2499 static int i802_ht_scan(struct i802_driver_data *drv)
2502 int s, res, ifindex;
2503 struct sockaddr_nl local;
2508 wpa_printf(MSG_DEBUG, "nl80211: Scanning overlapping BSSes before "
2509 "starting HT 20/40 MHz BSS");
2511 /* Request a new scan */
2512 /* TODO: would be enough to scan the selected band */
2513 os_memset(&iwr, 0, sizeof(iwr));
2514 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
2515 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
2516 perror("ioctl[SIOCSIWSCAN]");
2520 ifindex = if_nametoindex(drv->iface);
2522 /* Wait for scan completion event or timeout */
2523 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
2525 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
2529 os_memset(&local, 0, sizeof(local));
2530 local.nl_family = AF_NETLINK;
2531 local.nl_groups = RTMGRP_LINK;
2532 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
2533 perror("bind(netlink)");
2539 end += 30; /* Wait at most 30 seconds for scan results */
2542 tv.tv_sec = end > now ? end - now : 0;
2546 res = select(s + 1, &rfds, NULL, NULL, &tv);
2549 /* Assume results are ready after 10 seconds wait */
2553 if (i802_is_scan_complete(s, ifindex)) {
2554 wpa_printf(MSG_DEBUG, "nl80211: Scan "
2559 wpa_printf(MSG_DEBUG, "nl80211: Scan timeout");
2560 /* Assume results are ready to be read now */
2567 return i802_get_ht_scan_res(drv);
2569 #endif /* CONFIG_IEEE80211N */
2572 static int i802_init_sockets(struct i802_driver_data *drv, const u8 *bssid)
2575 struct sockaddr_ll addr;
2577 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
2578 if (drv->ioctl_sock < 0) {
2579 perror("socket[PF_INET,SOCK_DGRAM]");
2583 /* start listening for EAPOL on the default AP interface */
2584 add_ifidx(drv, if_nametoindex(drv->iface));
2586 if (hostapd_set_iface_flags(drv, drv->iface, 0))
2590 os_strlcpy(ifr.ifr_name, drv->iface, IFNAMSIZ);
2591 memcpy(ifr.ifr_hwaddr.sa_data, bssid, ETH_ALEN);
2592 ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;
2594 if (ioctl(drv->ioctl_sock, SIOCSIFHWADDR, &ifr)) {
2595 perror("ioctl(SIOCSIFHWADDR)");
2601 * initialise generic netlink and nl80211
2603 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
2605 printf("Failed to allocate netlink callbacks.\n");
2609 drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb);
2610 if (!drv->nl_handle) {
2611 printf("Failed to allocate netlink handle.\n");
2615 if (genl_connect(drv->nl_handle)) {
2616 printf("Failed to connect to generic netlink.\n");
2620 #ifdef CONFIG_LIBNL20
2621 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) {
2622 printf("Failed to allocate generic netlink cache.\n");
2625 #else /* CONFIG_LIBNL20 */
2626 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
2627 if (!drv->nl_cache) {
2628 printf("Failed to allocate generic netlink cache.\n");
2631 #endif /* CONFIG_LIBNL20 */
2633 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
2634 if (!drv->nl80211) {
2635 printf("nl80211 not found.\n");
2639 #ifdef CONFIG_IEEE80211N
2640 if (drv->ht_40mhz_scan) {
2641 if (nl80211_set_mode(drv, drv->iface, NL80211_IFTYPE_STATION)
2642 || hostapd_set_iface_flags(drv, drv->iface, 1) ||
2643 i802_ht_scan(drv) ||
2644 hostapd_set_iface_flags(drv, drv->iface, 0)) {
2645 wpa_printf(MSG_ERROR, "Failed to scan channels for "
2646 "HT 40 MHz operations");
2650 #endif /* CONFIG_IEEE80211N */
2652 /* Initialise a monitor interface */
2653 if (nl80211_create_monitor_interface(drv))
2656 if (nl80211_set_mode(drv, drv->iface, NL80211_IFTYPE_AP))
2659 if (hostapd_set_iface_flags(drv, drv->iface, 1))
2662 memset(&addr, 0, sizeof(addr));
2663 addr.sll_family = AF_PACKET;
2664 addr.sll_ifindex = ifr.ifr_ifindex;
2665 wpa_printf(MSG_DEBUG, "Opening raw packet socket for ifindex %d",
2668 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
2669 if (drv->eapol_sock < 0) {
2670 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
2674 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
2676 printf("Could not register read socket for eapol\n");
2680 memset(&ifr, 0, sizeof(ifr));
2681 os_strlcpy(ifr.ifr_name, drv->iface, sizeof(ifr.ifr_name));
2682 if (ioctl(drv->ioctl_sock, SIOCGIFHWADDR, &ifr) != 0) {
2683 perror("ioctl(SIOCGIFHWADDR)");
2687 if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
2688 printf("Invalid HW-addr family 0x%04x\n",
2689 ifr.ifr_hwaddr.sa_family);
2692 memcpy(drv->hapd->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
2697 nl80211_remove_iface(drv, drv->monitor_ifidx);
2702 static int i802_get_inact_sec(void *priv, const u8 *addr)
2704 struct hostap_sta_driver_data data;
2707 data.inactive_msec = (unsigned long) -1;
2708 ret = i802_read_sta_data(priv, &data, addr);
2709 if (ret || data.inactive_msec == (unsigned long) -1)
2711 return data.inactive_msec / 1000;
2715 static int i802_sta_clear_stats(void *priv, const u8 *addr)
2725 hostapd_wireless_event_wireless_custom(struct i802_driver_data *drv,
2728 wpa_printf(MSG_DEBUG, "Custom wireless event: '%s'", custom);
2730 if (strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
2733 pos = strstr(custom, "addr=");
2735 wpa_printf(MSG_DEBUG,
2736 "MLME-MICHAELMICFAILURE.indication "
2737 "without sender address ignored");
2741 if (hwaddr_aton(pos, addr) == 0) {
2742 hostapd_michael_mic_failure(drv->hapd, addr);
2744 wpa_printf(MSG_DEBUG,
2745 "MLME-MICHAELMICFAILURE.indication "
2746 "with invalid MAC address");
2752 static void hostapd_wireless_event_wireless(struct i802_driver_data *drv,
2753 char *data, int len)
2755 struct iw_event iwe_buf, *iwe = &iwe_buf;
2756 char *pos, *end, *custom, *buf;
2761 while (pos + IW_EV_LCP_LEN <= end) {
2762 /* Event data may be unaligned, so make a local, aligned copy
2763 * before processing. */
2764 memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
2765 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
2766 iwe->cmd, iwe->len);
2767 if (iwe->len <= IW_EV_LCP_LEN)
2770 custom = pos + IW_EV_POINT_LEN;
2771 if (drv->we_version > 18 &&
2772 (iwe->cmd == IWEVMICHAELMICFAILURE ||
2773 iwe->cmd == IWEVCUSTOM)) {
2774 /* WE-19 removed the pointer from struct iw_point */
2775 char *dpos = (char *) &iwe_buf.u.data.length;
2776 int dlen = dpos - (char *) &iwe_buf;
2777 memcpy(dpos, pos + IW_EV_LCP_LEN,
2778 sizeof(struct iw_event) - dlen);
2780 memcpy(&iwe_buf, pos, sizeof(struct iw_event));
2781 custom += IW_EV_POINT_OFF;
2786 if (custom + iwe->u.data.length > end)
2788 buf = malloc(iwe->u.data.length + 1);
2791 memcpy(buf, custom, iwe->u.data.length);
2792 buf[iwe->u.data.length] = '\0';
2793 hostapd_wireless_event_wireless_custom(drv, buf);
2803 static void hostapd_wireless_event_rtm_newlink(struct i802_driver_data *drv,
2804 struct nlmsghdr *h, int len)
2806 struct ifinfomsg *ifi;
2807 int attrlen, nlmsg_len, rta_len;
2808 struct rtattr *attr;
2810 if (len < (int) sizeof(*ifi))
2813 ifi = NLMSG_DATA(h);
2815 /* TODO: use ifi->ifi_index to filter out wireless events from other
2818 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
2820 attrlen = h->nlmsg_len - nlmsg_len;
2824 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
2826 rta_len = RTA_ALIGN(sizeof(struct rtattr));
2827 while (RTA_OK(attr, attrlen)) {
2828 if (attr->rta_type == IFLA_WIRELESS) {
2829 hostapd_wireless_event_wireless(
2830 drv, ((char *) attr) + rta_len,
2831 attr->rta_len - rta_len);
2833 attr = RTA_NEXT(attr, attrlen);
2838 static void hostapd_wireless_event_receive(int sock, void *eloop_ctx,
2843 struct sockaddr_nl from;
2846 struct i802_driver_data *drv = eloop_ctx;
2848 fromlen = sizeof(from);
2849 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
2850 (struct sockaddr *) &from, &fromlen);
2852 if (errno != EINTR && errno != EAGAIN)
2853 perror("recvfrom(netlink)");
2857 h = (struct nlmsghdr *) buf;
2858 while (left >= (int) sizeof(*h)) {
2862 plen = len - sizeof(*h);
2863 if (len > left || plen < 0) {
2864 printf("Malformed netlink message: "
2865 "len=%d left=%d plen=%d\n",
2870 switch (h->nlmsg_type) {
2872 hostapd_wireless_event_rtm_newlink(drv, h, plen);
2876 len = NLMSG_ALIGN(len);
2878 h = (struct nlmsghdr *) ((char *) h + len);
2882 printf("%d extra bytes in the end of netlink message\n", left);
2887 static int hostap_get_we_version(struct i802_driver_data *drv)
2889 struct iw_range *range;
2894 drv->we_version = 0;
2897 * Use larger buffer than struct iw_range in order to allow the
2898 * structure to grow in the future.
2900 buflen = sizeof(struct iw_range) + 500;
2901 range = os_zalloc(buflen);
2905 memset(&iwr, 0, sizeof(iwr));
2906 os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
2907 iwr.u.data.pointer = (caddr_t) range;
2908 iwr.u.data.length = buflen;
2910 minlen = ((char *) &range->enc_capa) - (char *) range +
2911 sizeof(range->enc_capa);
2913 if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
2914 perror("ioctl[SIOCGIWRANGE]");
2917 } else if (iwr.u.data.length >= minlen &&
2918 range->we_version_compiled >= 18) {
2919 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
2920 "WE(source)=%d enc_capa=0x%x",
2921 range->we_version_compiled,
2922 range->we_version_source,
2924 drv->we_version = range->we_version_compiled;
2932 static int i802_wireless_event_init(void *priv)
2934 struct i802_driver_data *drv = priv;
2936 struct sockaddr_nl local;
2938 hostap_get_we_version(drv);
2940 drv->wext_sock = -1;
2942 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
2944 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
2948 memset(&local, 0, sizeof(local));
2949 local.nl_family = AF_NETLINK;
2950 local.nl_groups = RTMGRP_LINK;
2951 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
2952 perror("bind(netlink)");
2957 eloop_register_read_sock(s, hostapd_wireless_event_receive, drv,
2965 static void i802_wireless_event_deinit(void *priv)
2967 struct i802_driver_data *drv = priv;
2968 if (drv->wext_sock < 0)
2970 eloop_unregister_read_sock(drv->wext_sock);
2971 close(drv->wext_sock);
2975 static int i802_sta_deauth(void *priv, const u8 *addr, int reason)
2977 struct i802_driver_data *drv = priv;
2978 struct ieee80211_mgmt mgmt;
2980 memset(&mgmt, 0, sizeof(mgmt));
2981 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2982 WLAN_FC_STYPE_DEAUTH);
2983 memcpy(mgmt.da, addr, ETH_ALEN);
2984 memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN);
2985 memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN);
2986 mgmt.u.deauth.reason_code = host_to_le16(reason);
2987 return i802_send_mgmt_frame(drv, &mgmt, IEEE80211_HDRLEN +
2988 sizeof(mgmt.u.deauth), 0);
2992 static int i802_sta_disassoc(void *priv, const u8 *addr, int reason)
2994 struct i802_driver_data *drv = priv;
2995 struct ieee80211_mgmt mgmt;
2997 memset(&mgmt, 0, sizeof(mgmt));
2998 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2999 WLAN_FC_STYPE_DISASSOC);
3000 memcpy(mgmt.da, addr, ETH_ALEN);
3001 memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN);
3002 memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN);
3003 mgmt.u.disassoc.reason_code = host_to_le16(reason);
3004 return i802_send_mgmt_frame(drv, &mgmt, IEEE80211_HDRLEN +
3005 sizeof(mgmt.u.disassoc), 0);
3009 static const struct hostapd_neighbor_bss *
3010 i802_get_neighbor_bss(void *priv, size_t *num)
3012 struct i802_driver_data *drv = priv;
3013 *num = drv->num_neighbors;
3014 return drv->neighbors;
3018 static void *i802_init_bssid(struct hostapd_data *hapd, const u8 *bssid)
3020 struct i802_driver_data *drv;
3022 drv = os_zalloc(sizeof(struct i802_driver_data));
3024 printf("Could not allocate memory for i802 driver data\n");
3029 memcpy(drv->iface, hapd->conf->iface, sizeof(drv->iface));
3030 memcpy(drv->bss.iface, hapd->conf->iface, sizeof(drv->iface));
3032 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
3033 drv->if_indices = drv->default_if_indices;
3034 drv->bridge = if_nametoindex(hapd->conf->bridge);
3035 drv->ht_40mhz_scan = hapd->iconf->secondary_channel != 0;
3037 if (i802_init_sockets(drv, bssid))
3048 static void *i802_init(struct hostapd_data *hapd)
3050 return i802_init_bssid(hapd, NULL);
3054 static void i802_deinit(void *priv)
3056 struct i802_driver_data *drv = priv;
3057 struct i802_bss *bss, *prev;
3059 if (drv->last_freq_ht) {
3060 /* Clear HT flags from the driver */
3061 struct hostapd_freq_params freq;
3062 os_memset(&freq, 0, sizeof(freq));
3063 freq.freq = drv->last_freq;
3064 i802_set_freq(priv, &freq);
3067 i802_del_beacon(drv);
3069 /* remove monitor interface */
3070 nl80211_remove_iface(drv, drv->monitor_ifidx);
3072 (void) hostapd_set_iface_flags(drv, drv->iface, 0);
3074 if (drv->monitor_sock >= 0) {
3075 eloop_unregister_read_sock(drv->monitor_sock);
3076 close(drv->monitor_sock);
3078 if (drv->ioctl_sock >= 0)
3079 close(drv->ioctl_sock);
3080 if (drv->eapol_sock >= 0) {
3081 eloop_unregister_read_sock(drv->eapol_sock);
3082 close(drv->eapol_sock);
3085 genl_family_put(drv->nl80211);
3086 nl_cache_free(drv->nl_cache);
3087 nl_handle_destroy(drv->nl_handle);
3088 nl_cb_put(drv->nl_cb);
3090 if (drv->if_indices != drv->default_if_indices)
3091 free(drv->if_indices);
3093 os_free(drv->neighbors);
3095 bss = drv->bss.next;
3106 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
3109 .init_bssid = i802_init_bssid,
3110 .deinit = i802_deinit,
3111 .wireless_event_init = i802_wireless_event_init,
3112 .wireless_event_deinit = i802_wireless_event_deinit,
3113 .set_ieee8021x = i802_set_ieee8021x,
3114 .set_privacy = i802_set_privacy,
3115 .set_key = i802_set_key,
3116 .get_seqnum = i802_get_seqnum,
3117 .flush = i802_flush,
3118 .read_sta_data = i802_read_sta_data,
3119 .send_eapol = i802_send_eapol,
3120 .sta_set_flags = i802_sta_set_flags,
3121 .sta_deauth = i802_sta_deauth,
3122 .sta_disassoc = i802_sta_disassoc,
3123 .sta_remove = i802_sta_remove,
3124 .send_mgmt_frame = i802_send_mgmt_frame,
3125 .sta_add = i802_sta_add,
3126 .get_inact_sec = i802_get_inact_sec,
3127 .sta_clear_stats = i802_sta_clear_stats,
3128 .set_freq = i802_set_freq,
3129 .set_rts = i802_set_rts,
3130 .get_rts = i802_get_rts,
3131 .set_frag = i802_set_frag,
3132 .get_frag = i802_get_frag,
3133 .set_retry = i802_set_retry,
3134 .get_retry = i802_get_retry,
3135 .set_rate_sets = i802_set_rate_sets,
3136 .set_beacon = i802_set_beacon,
3137 .set_internal_bridge = i802_set_internal_bridge,
3138 .set_beacon_int = i802_set_beacon_int,
3139 .set_dtim_period = i802_set_dtim_period,
3140 .set_cts_protect = i802_set_cts_protect,
3141 .set_preamble = i802_set_preamble,
3142 .set_short_slot_time = i802_set_short_slot_time,
3143 .set_tx_queue_params = i802_set_tx_queue_params,
3144 .bss_add = i802_bss_add,
3145 .bss_remove = i802_bss_remove,
3146 .if_add = i802_if_add,
3147 .if_update = i802_if_update,
3148 .if_remove = i802_if_remove,
3149 .get_hw_feature_data = i802_get_hw_feature_data,
3150 .set_sta_vlan = i802_set_sta_vlan,
3151 .set_country = i802_set_country,
3152 .get_neighbor_bss = i802_get_neighbor_bss,
projects / wpasupplicant / blob