2 * WPA Supplicant - driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
16 #include <sys/ioctl.h>
17 #include <net/if_arp.h>
18 #include <netlink/genl/genl.h>
19 #include <netlink/genl/family.h>
20 #include <netlink/genl/ctrl.h>
21 #include "nl80211_copy.h"
22 #include "wireless_copy.h"
27 #include "ieee802_11_defs.h"
31 #include <netpacket/packet.h>
32 #include <linux/filter.h>
34 #include "radiotap_iter.h"
35 #include "../hostapd/driver.h"
36 #include "../hostapd/hostapd_defs.h"
39 #define ETH_P_ALL 0x0003
42 #endif /* CONFIG_AP */
45 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
48 #define IFF_DORMANT 0x20000 /* driver signals dormant */
51 #ifndef IF_OPER_DORMANT
52 #define IF_OPER_DORMANT 5
59 struct wpa_driver_nl80211_data {
63 char ifname[IFNAMSIZ + 1];
66 struct wpa_driver_capa capa;
71 int scan_complete_events;
73 struct nl_handle *nl_handle;
74 struct nl_cache *nl_cache;
76 struct genl_family *nl80211;
85 unsigned int beacon_set:1;
88 #endif /* CONFIG_AP */
92 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
94 static int wpa_driver_nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
97 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
100 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
102 #endif /* CONFIG_AP */
106 static int ack_handler(struct nl_msg *msg, void *arg)
113 static int finish_handler(struct nl_msg *msg, void *arg)
120 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
128 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
130 int (*valid_handler)(struct nl_msg *, void *),
136 cb = nl_cb_clone(drv->nl_cb);
140 err = nl_send_auto_complete(drv->nl_handle, msg);
146 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
147 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
148 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
151 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
152 valid_handler, valid_data);
155 nl_recvmsgs(drv->nl_handle, cb);
169 static int family_handler(struct nl_msg *msg, void *arg)
171 struct family_data *res = arg;
172 struct nlattr *tb[CTRL_ATTR_MAX + 1];
173 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
174 struct nlattr *mcgrp;
177 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
178 genlmsg_attrlen(gnlh, 0), NULL);
179 if (!tb[CTRL_ATTR_MCAST_GROUPS])
182 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
183 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
184 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
185 nla_len(mcgrp), NULL);
186 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
187 !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
188 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
190 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
192 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
200 static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv,
201 const char *family, const char *group)
205 struct family_data res = { group, -ENOENT };
210 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"),
211 0, 0, CTRL_CMD_GETFAMILY, 0);
212 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
214 ret = send_and_recv_msgs(drv, msg, family_handler, &res);
225 static int wpa_driver_nl80211_send_oper_ifla(
226 struct wpa_driver_nl80211_data *drv,
227 int linkmode, int operstate)
231 struct ifinfomsg ifinfo;
238 os_memset(&req, 0, sizeof(req));
240 req.hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
241 req.hdr.nlmsg_type = RTM_SETLINK;
242 req.hdr.nlmsg_flags = NLM_F_REQUEST;
243 req.hdr.nlmsg_seq = ++nl_seq;
244 req.hdr.nlmsg_pid = 0;
246 req.ifinfo.ifi_family = AF_UNSPEC;
247 req.ifinfo.ifi_type = 0;
248 req.ifinfo.ifi_index = drv->ifindex;
249 req.ifinfo.ifi_flags = 0;
250 req.ifinfo.ifi_change = 0;
252 if (linkmode != -1) {
253 rta = (struct rtattr *)
254 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
255 rta->rta_type = IFLA_LINKMODE;
256 rta->rta_len = RTA_LENGTH(sizeof(char));
257 *((char *) RTA_DATA(rta)) = linkmode;
258 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
259 RTA_LENGTH(sizeof(char));
261 if (operstate != -1) {
262 rta = (struct rtattr *)
263 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
264 rta->rta_type = IFLA_OPERSTATE;
265 rta->rta_len = RTA_LENGTH(sizeof(char));
266 *((char *) RTA_DATA(rta)) = operstate;
267 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
268 RTA_LENGTH(sizeof(char));
271 wpa_printf(MSG_DEBUG, "WEXT: Operstate: linkmode=%d, operstate=%d",
272 linkmode, operstate);
274 ret = send(drv->link_event_sock, &req, req.hdr.nlmsg_len, 0);
276 wpa_printf(MSG_DEBUG, "WEXT: Sending operstate IFLA failed: "
277 "%s (assume operstate is not supported)",
281 return ret < 0 ? -1 : 0;
285 static int wpa_driver_nl80211_set_auth_param(
286 struct wpa_driver_nl80211_data *drv, int idx, u32 value)
291 os_memset(&iwr, 0, sizeof(iwr));
292 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
293 iwr.u.param.flags = idx & IW_AUTH_INDEX;
294 iwr.u.param.value = value;
296 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
297 if (errno != EOPNOTSUPP) {
298 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
299 "value 0x%x) failed: %s)",
300 idx, value, strerror(errno));
302 ret = errno == EOPNOTSUPP ? -2 : -1;
309 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
311 struct wpa_driver_nl80211_data *drv = priv;
312 if (!drv->associated)
314 os_memcpy(bssid, drv->bssid, ETH_ALEN);
319 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
321 struct wpa_driver_nl80211_data *drv = priv;
322 if (!drv->associated)
324 os_memcpy(ssid, drv->ssid, drv->ssid_len);
325 return drv->ssid_len;
329 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
330 void *ctx, char *buf, size_t len,
333 union wpa_event_data event;
335 os_memset(&event, 0, sizeof(event));
336 if (len > sizeof(event.interface_status.ifname))
337 len = sizeof(event.interface_status.ifname) - 1;
338 os_memcpy(event.interface_status.ifname, buf, len);
339 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
340 EVENT_INTERFACE_ADDED;
342 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
344 event.interface_status.ifname,
345 del ? "removed" : "added");
347 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
354 wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event);
358 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
361 struct ifinfomsg *ifi;
362 int attrlen, _nlmsg_len, rta_len;
367 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
369 attrlen = h->nlmsg_len - _nlmsg_len;
373 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
375 rta_len = RTA_ALIGN(sizeof(struct rtattr));
376 while (RTA_OK(attr, attrlen)) {
377 if (attr->rta_type == IFLA_IFNAME) {
378 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
384 attr = RTA_NEXT(attr, attrlen);
391 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
392 int ifindex, struct nlmsghdr *h)
394 if (drv->ifindex == ifindex)
397 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, h)) {
398 drv->ifindex = if_nametoindex(drv->ifname);
399 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
401 wpa_driver_nl80211_finish_drv_init(drv);
409 static void wpa_driver_nl80211_event_rtm_newlink(struct wpa_driver_nl80211_data *drv,
410 void *ctx, struct nlmsghdr *h,
413 struct ifinfomsg *ifi;
414 int attrlen, _nlmsg_len, rta_len;
415 struct rtattr * attr;
417 if (len < sizeof(*ifi))
422 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, h)) {
423 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
428 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
430 drv->operstate, ifi->ifi_flags,
431 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
432 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
433 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
434 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
436 * Some drivers send the association event before the operup event--in
437 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
438 * fails. This will hit us when wpa_supplicant does not need to do
439 * IEEE 802.1X authentication
441 if (drv->operstate == 1 &&
442 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
443 !(ifi->ifi_flags & IFF_RUNNING))
444 wpa_driver_nl80211_send_oper_ifla(drv, -1, IF_OPER_UP);
446 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
448 attrlen = h->nlmsg_len - _nlmsg_len;
452 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
454 rta_len = RTA_ALIGN(sizeof(struct rtattr));
455 while (RTA_OK(attr, attrlen)) {
456 if (attr->rta_type == IFLA_IFNAME) {
457 wpa_driver_nl80211_event_link(
459 ((char *) attr) + rta_len,
460 attr->rta_len - rta_len, 0);
462 attr = RTA_NEXT(attr, attrlen);
467 static void wpa_driver_nl80211_event_rtm_dellink(struct wpa_driver_nl80211_data *drv,
468 void *ctx, struct nlmsghdr *h,
471 struct ifinfomsg *ifi;
472 int attrlen, _nlmsg_len, rta_len;
473 struct rtattr * attr;
475 if (len < sizeof(*ifi))
480 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
482 attrlen = h->nlmsg_len - _nlmsg_len;
486 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
488 rta_len = RTA_ALIGN(sizeof(struct rtattr));
489 while (RTA_OK(attr, attrlen)) {
490 if (attr->rta_type == IFLA_IFNAME) {
491 wpa_driver_nl80211_event_link(
493 ((char *) attr) + rta_len,
494 attr->rta_len - rta_len, 1);
496 attr = RTA_NEXT(attr, attrlen);
501 static void wpa_driver_nl80211_event_receive_link(int sock, void *eloop_ctx,
506 struct sockaddr_nl from;
512 fromlen = sizeof(from);
513 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
514 (struct sockaddr *) &from, &fromlen);
516 if (errno != EINTR && errno != EAGAIN)
517 perror("recvfrom(netlink)");
521 h = (struct nlmsghdr *) buf;
522 while (left >= (int) sizeof(*h)) {
526 plen = len - sizeof(*h);
527 if (len > left || plen < 0) {
528 wpa_printf(MSG_DEBUG, "Malformed netlink message: "
529 "len=%d left=%d plen=%d",
534 switch (h->nlmsg_type) {
536 wpa_driver_nl80211_event_rtm_newlink(eloop_ctx, sock_ctx,
540 wpa_driver_nl80211_event_rtm_dellink(eloop_ctx, sock_ctx,
545 len = NLMSG_ALIGN(len);
547 h = (struct nlmsghdr *) ((char *) h + len);
551 wpa_printf(MSG_DEBUG, "%d extra bytes in the end of netlink "
555 if (--max_events > 0) {
557 * Try to receive all events in one eloop call in order to
558 * limit race condition on cases where AssocInfo event, Assoc
559 * event, and EAPOL frames are received more or less at the
560 * same time. We want to process the event messages first
561 * before starting EAPOL processing.
568 static int no_seq_check(struct nl_msg *msg, void *arg)
574 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
575 const u8 *frame, size_t len)
577 const struct ieee80211_mgmt *mgmt;
578 union wpa_event_data event;
580 mgmt = (const struct ieee80211_mgmt *) frame;
581 if (len < 24 + sizeof(mgmt->u.auth)) {
582 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
587 os_memset(&event, 0, sizeof(event));
588 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
589 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
590 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
591 if (len > 24 + sizeof(mgmt->u.auth)) {
592 event.auth.ies = mgmt->u.auth.variable;
593 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
596 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
600 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
601 const u8 *frame, size_t len)
603 const struct ieee80211_mgmt *mgmt;
604 union wpa_event_data event;
607 mgmt = (const struct ieee80211_mgmt *) frame;
608 if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
609 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
614 status = le_to_host16(mgmt->u.assoc_resp.status_code);
615 if (status != WLAN_STATUS_SUCCESS) {
616 os_memset(&event, 0, sizeof(event));
617 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
618 event.assoc_reject.resp_ies =
619 (u8 *) mgmt->u.assoc_resp.variable;
620 event.assoc_reject.resp_ies_len =
621 len - 24 - sizeof(mgmt->u.assoc_resp);
623 event.assoc_reject.status_code = status;
625 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
630 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
632 os_memset(&event, 0, sizeof(event));
633 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
634 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
635 event.assoc_info.resp_ies_len =
636 len - 24 - sizeof(mgmt->u.assoc_resp);
639 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
643 static void mlme_event(struct wpa_driver_nl80211_data *drv,
644 enum nl80211_commands cmd, struct nlattr *frame)
647 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame "
652 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd);
653 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
654 nla_data(frame), nla_len(frame));
657 case NL80211_CMD_AUTHENTICATE:
658 mlme_event_auth(drv, nla_data(frame), nla_len(frame));
660 case NL80211_CMD_ASSOCIATE:
661 mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
663 case NL80211_CMD_DEAUTHENTICATE:
665 wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, NULL);
667 case NL80211_CMD_DISASSOCIATE:
669 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
677 static int process_event(struct nl_msg *msg, void *arg)
679 struct wpa_driver_nl80211_data *drv = arg;
680 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
681 struct nlattr *tb[NL80211_ATTR_MAX + 1];
683 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
684 genlmsg_attrlen(gnlh, 0), NULL);
686 if (tb[NL80211_ATTR_IFINDEX]) {
687 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
688 if (ifindex != drv->ifindex) {
689 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)"
690 " for foreign interface (ifindex %d)",
697 case NL80211_CMD_NEW_SCAN_RESULTS:
698 wpa_printf(MSG_DEBUG, "nl80211: New scan results available");
699 drv->scan_complete_events = 1;
700 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
702 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, NULL);
704 case NL80211_CMD_SCAN_ABORTED:
705 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted");
707 * Need to indicate that scan results are available in order
708 * not to make wpa_supplicant stop its scanning.
710 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
712 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, NULL);
714 case NL80211_CMD_AUTHENTICATE:
715 case NL80211_CMD_ASSOCIATE:
716 case NL80211_CMD_DEAUTHENTICATE:
717 case NL80211_CMD_DISASSOCIATE:
718 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME]);
721 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
722 "(cmd=%d)", gnlh->cmd);
730 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
734 struct wpa_driver_nl80211_data *drv = eloop_ctx;
736 wpa_printf(MSG_DEBUG, "nl80211: Event message available");
738 cb = nl_cb_clone(drv->nl_cb);
741 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
742 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv);
743 nl_recvmsgs(drv->nl_handle, cb);
748 static int wpa_driver_nl80211_get_ifflags_ifname(struct wpa_driver_nl80211_data *drv,
749 const char *ifname, int *flags)
753 os_memset(&ifr, 0, sizeof(ifr));
754 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
755 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
756 perror("ioctl[SIOCGIFFLAGS]");
759 *flags = ifr.ifr_flags & 0xffff;
765 * wpa_driver_nl80211_get_ifflags - Get interface flags (SIOCGIFFLAGS)
766 * @drv: driver_nl80211 private data
767 * @flags: Pointer to returned flags value
768 * Returns: 0 on success, -1 on failure
770 static int wpa_driver_nl80211_get_ifflags(struct wpa_driver_nl80211_data *drv,
773 return wpa_driver_nl80211_get_ifflags_ifname(drv, drv->ifname, flags);
777 static int wpa_driver_nl80211_set_ifflags_ifname(
778 struct wpa_driver_nl80211_data *drv,
779 const char *ifname, int flags)
783 os_memset(&ifr, 0, sizeof(ifr));
784 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
785 ifr.ifr_flags = flags & 0xffff;
786 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
787 perror("SIOCSIFFLAGS");
795 * wpa_driver_nl80211_set_ifflags - Set interface flags (SIOCSIFFLAGS)
796 * @drv: driver_nl80211 private data
797 * @flags: New value for flags
798 * Returns: 0 on success, -1 on failure
800 static int wpa_driver_nl80211_set_ifflags(struct wpa_driver_nl80211_data *drv,
803 return wpa_driver_nl80211_set_ifflags_ifname(drv, drv->ifname, flags);
808 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
809 * @priv: driver_nl80211 private data
810 * @alpha2_arg: country to which to switch to
811 * Returns: 0 on success, -1 on failure
813 * This asks nl80211 to set the regulatory domain for given
814 * country ISO / IEC alpha2.
816 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
818 struct wpa_driver_nl80211_data *drv = priv;
824 goto nla_put_failure;
826 alpha2[0] = alpha2_arg[0];
827 alpha2[1] = alpha2_arg[1];
830 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
831 0, NL80211_CMD_REQ_SET_REG, 0);
833 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
834 if (send_and_recv_msgs(drv, msg, NULL, NULL))
842 struct wiphy_info_data {
848 static int wiphy_info_handler(struct nl_msg *msg, void *arg)
850 struct nlattr *tb[NL80211_ATTR_MAX + 1];
851 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
852 struct wiphy_info_data *info = arg;
854 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
855 genlmsg_attrlen(gnlh, 0), NULL);
857 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
858 info->max_scan_ssids =
859 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
861 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) {
862 struct nlattr *nl_mode;
864 nla_for_each_nested(nl_mode,
865 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) {
866 if (nl_mode->nla_type == NL80211_IFTYPE_AP) {
867 info->ap_supported = 1;
877 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
878 struct wiphy_info_data *info)
882 os_memset(info, 0, sizeof(*info));
887 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
888 0, NL80211_CMD_GET_WIPHY, 0);
890 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
892 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0)
901 static void wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
903 struct wiphy_info_data info;
904 if (wpa_driver_nl80211_get_info(drv, &info))
906 drv->has_capability = 1;
907 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
908 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
909 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
910 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
911 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
912 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
913 WPA_DRIVER_CAPA_ENC_WEP104 |
914 WPA_DRIVER_CAPA_ENC_TKIP |
915 WPA_DRIVER_CAPA_ENC_CCMP;
917 drv->capa.max_scan_ssids = info.max_scan_ssids;
918 if (info.ap_supported)
919 drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
924 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
925 * @ctx: context to be used when calling wpa_supplicant functions,
926 * e.g., wpa_supplicant_event()
927 * @ifname: interface name, e.g., wlan0
928 * Returns: Pointer to private data, %NULL on failure
930 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname)
933 struct sockaddr_nl local;
934 struct wpa_driver_nl80211_data *drv;
936 drv = os_zalloc(sizeof(*drv));
940 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
942 drv->monitor_ifidx = -1;
943 drv->monitor_sock = -1;
944 #endif /* CONFIG_AP */
946 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
947 if (drv->nl_cb == NULL) {
948 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
953 drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb);
954 if (drv->nl_handle == NULL) {
955 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
960 if (genl_connect(drv->nl_handle)) {
961 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
966 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
967 if (drv->nl_cache == NULL) {
968 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
973 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
974 if (drv->nl80211 == NULL) {
975 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
980 ret = nl_get_multicast_id(drv, "nl80211", "scan");
982 ret = nl_socket_add_membership(drv->nl_handle, ret);
984 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
985 "membership for scan events: %d (%s)",
986 ret, strerror(-ret));
990 ret = nl_get_multicast_id(drv, "nl80211", "mlme");
992 ret = nl_socket_add_membership(drv->nl_handle, ret);
994 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
995 "membership for mlme events: %d (%s)",
996 ret, strerror(-ret));
999 drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
1001 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle),
1002 wpa_driver_nl80211_event_receive, drv, ctx);
1004 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1005 if (drv->ioctl_sock < 0) {
1006 perror("socket(PF_INET,SOCK_DGRAM)");
1010 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
1012 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
1016 os_memset(&local, 0, sizeof(local));
1017 local.nl_family = AF_NETLINK;
1018 local.nl_groups = RTMGRP_LINK;
1019 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
1020 perror("bind(netlink)");
1025 eloop_register_read_sock(s, wpa_driver_nl80211_event_receive_link, drv,
1027 drv->link_event_sock = s;
1029 if (wpa_driver_nl80211_finish_drv_init(drv))
1035 eloop_unregister_read_sock(drv->link_event_sock);
1036 close(drv->link_event_sock);
1038 close(drv->ioctl_sock);
1040 genl_family_put(drv->nl80211);
1042 nl_cache_free(drv->nl_cache);
1044 nl_handle_destroy(drv->nl_handle);
1046 nl_cb_put(drv->nl_cb);
1054 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
1058 drv->ifindex = if_nametoindex(drv->ifname);
1060 if (wpa_driver_nl80211_set_mode(drv, 0) < 0) {
1061 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to "
1062 "use managed mode");
1065 if (wpa_driver_nl80211_get_ifflags(drv, &flags) != 0) {
1066 wpa_printf(MSG_ERROR, "Could not get interface '%s' flags",
1070 if (!(flags & IFF_UP)) {
1071 if (wpa_driver_nl80211_set_ifflags(drv, flags | IFF_UP) != 0) {
1072 wpa_printf(MSG_ERROR, "Could not set interface '%s' "
1078 wpa_driver_nl80211_capa(drv);
1080 wpa_driver_nl80211_send_oper_ifla(drv, 1, IF_OPER_DORMANT);
1087 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
1088 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init()
1090 * Shut down driver interface and processing of driver events. Free
1091 * private data buffer if one was allocated in wpa_driver_nl80211_init().
1093 static void wpa_driver_nl80211_deinit(void *priv)
1095 struct wpa_driver_nl80211_data *drv = priv;
1099 if (drv->monitor_ifidx >= 0)
1100 nl80211_remove_iface(drv, drv->monitor_ifidx);
1101 if (drv->monitor_sock >= 0) {
1102 eloop_unregister_read_sock(drv->monitor_sock);
1103 close(drv->monitor_sock);
1105 #endif /* CONFIG_AP */
1107 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1109 wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED, 0);
1111 wpa_driver_nl80211_send_oper_ifla(priv, 0, IF_OPER_UP);
1113 eloop_unregister_read_sock(drv->link_event_sock);
1115 if (wpa_driver_nl80211_get_ifflags(drv, &flags) == 0)
1116 (void) wpa_driver_nl80211_set_ifflags(drv, flags & ~IFF_UP);
1117 wpa_driver_nl80211_set_mode(drv, 0);
1119 close(drv->link_event_sock);
1120 close(drv->ioctl_sock);
1122 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle));
1123 genl_family_put(drv->nl80211);
1124 nl_cache_free(drv->nl_cache);
1125 nl_handle_destroy(drv->nl_handle);
1126 nl_cb_put(drv->nl_cb);
1133 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
1134 * @eloop_ctx: Unused
1135 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
1137 * This function can be used as registered timeout when starting a scan to
1138 * generate a scan completed event if the driver does not report this.
1140 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1142 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1143 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1148 * wpa_driver_nl80211_scan - Request the driver to initiate scan
1149 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
1150 * @params: Scan parameters
1151 * Returns: 0 on success, -1 on failure
1153 static int wpa_driver_nl80211_scan(void *priv,
1154 struct wpa_driver_scan_params *params)
1156 struct wpa_driver_nl80211_data *drv = priv;
1157 int ret = 0, timeout;
1158 struct nl_msg *msg, *ssids, *freqs;
1161 msg = nlmsg_alloc();
1162 ssids = nlmsg_alloc();
1163 freqs = nlmsg_alloc();
1164 if (!msg || !ssids || !freqs) {
1171 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1172 NL80211_CMD_TRIGGER_SCAN, 0);
1174 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1176 for (i = 0; i < params->num_ssids; i++) {
1177 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
1178 params->ssids[i].ssid);
1180 if (params->num_ssids)
1181 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
1183 if (params->extra_ies) {
1184 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
1188 if (params->freqs) {
1189 for (i = 0; params->freqs[i]; i++)
1190 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
1191 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
1194 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1197 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
1198 "(%s)", ret, strerror(-ret));
1199 goto nla_put_failure;
1202 /* Not all drivers generate "scan completed" wireless event, so try to
1203 * read results after a timeout. */
1205 if (drv->scan_complete_events) {
1207 * The driver seems to deliver events to notify when scan is
1208 * complete, so use longer timeout to avoid race conditions
1209 * with scanning and following association request.
1213 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1214 "seconds", ret, timeout);
1215 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1216 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
1227 static int bss_info_handler(struct nl_msg *msg, void *arg)
1229 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1230 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1231 struct nlattr *bss[NL80211_BSS_MAX + 1];
1232 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
1233 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
1234 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
1235 [NL80211_BSS_TSF] = { .type = NLA_U64 },
1236 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
1237 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
1238 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
1239 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
1240 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
1242 struct wpa_scan_results *res = arg;
1243 struct wpa_scan_res **tmp;
1244 struct wpa_scan_res *r;
1248 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1249 genlmsg_attrlen(gnlh, 0), NULL);
1250 if (!tb[NL80211_ATTR_BSS])
1252 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
1255 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
1256 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1257 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1263 r = os_zalloc(sizeof(*r) + ie_len);
1266 if (bss[NL80211_BSS_BSSID])
1267 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
1269 if (bss[NL80211_BSS_FREQUENCY])
1270 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
1271 if (bss[NL80211_BSS_BEACON_INTERVAL])
1272 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
1273 if (bss[NL80211_BSS_CAPABILITY])
1274 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
1275 r->flags |= WPA_SCAN_NOISE_INVALID;
1276 if (bss[NL80211_BSS_SIGNAL_MBM]) {
1277 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
1278 r->level /= 100; /* mBm to dBm */
1279 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
1280 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
1281 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
1282 r->flags |= WPA_SCAN_LEVEL_INVALID;
1284 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
1285 if (bss[NL80211_BSS_TSF])
1286 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
1289 os_memcpy(r + 1, ie, ie_len);
1291 tmp = os_realloc(res->res,
1292 (res->num + 1) * sizeof(struct wpa_scan_res *));
1297 tmp[res->num++] = r;
1305 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
1306 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
1307 * Returns: Scan results on success, -1 on failure
1309 static struct wpa_scan_results *
1310 wpa_driver_nl80211_get_scan_results(void *priv)
1312 struct wpa_driver_nl80211_data *drv = priv;
1314 struct wpa_scan_results *res;
1317 res = os_zalloc(sizeof(*res));
1320 msg = nlmsg_alloc();
1322 goto nla_put_failure;
1324 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP,
1325 NL80211_CMD_GET_SCAN, 0);
1326 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1328 ret = send_and_recv_msgs(drv, msg, bss_info_handler, res);
1331 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)",
1332 (unsigned long) res->num);
1335 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1336 "(%s)", ret, strerror(-ret));
1339 wpa_scan_results_free(res);
1344 static int wpa_driver_nl80211_set_key(void *priv, wpa_alg alg,
1345 const u8 *addr, int key_idx,
1346 int set_tx, const u8 *seq,
1348 const u8 *key, size_t key_len)
1350 struct wpa_driver_nl80211_data *drv = priv;
1354 wpa_printf(MSG_DEBUG, "%s: alg=%d addr=%p key_idx=%d set_tx=%d "
1355 "seq_len=%lu key_len=%lu",
1356 __func__, alg, addr, key_idx, set_tx,
1357 (unsigned long) seq_len, (unsigned long) key_len);
1359 msg = nlmsg_alloc();
1363 if (alg == WPA_ALG_NONE) {
1364 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1365 NL80211_CMD_DEL_KEY, 0);
1367 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1368 NL80211_CMD_NEW_KEY, 0);
1369 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
1373 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
1376 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
1380 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC02);
1383 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC04);
1385 #ifdef CONFIG_IEEE80211W
1387 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC06);
1389 #endif /* CONFIG_IEEE80211W */
1396 if (addr && os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
1398 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
1399 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
1401 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1402 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1404 err = send_and_recv_msgs(drv, msg, NULL, NULL);
1406 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d", err);
1410 if (set_tx && alg != WPA_ALG_NONE) {
1411 msg = nlmsg_alloc();
1415 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1416 0, NL80211_CMD_SET_KEY, 0);
1417 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1418 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1419 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
1421 err = send_and_recv_msgs(drv, msg, NULL, NULL);
1423 wpa_printf(MSG_DEBUG, "nl80211: set default key "
1424 "failed; err=%d", err);
1436 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
1437 const u8 *addr, int cmd, u16 reason_code)
1442 msg = nlmsg_alloc();
1446 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0);
1448 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1449 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
1450 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
1452 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1455 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
1456 "(%s)", ret, strerror(-ret));
1457 goto nla_put_failure;
1467 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
1470 struct wpa_driver_nl80211_data *drv = priv;
1471 wpa_printf(MSG_DEBUG, "%s", __func__);
1472 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
1477 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
1480 struct wpa_driver_nl80211_data *drv = priv;
1481 wpa_printf(MSG_DEBUG, "%s", __func__);
1482 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE,
1487 static int wpa_driver_nl80211_authenticate(
1488 void *priv, struct wpa_driver_auth_params *params)
1490 struct wpa_driver_nl80211_data *drv = priv;
1493 enum nl80211_auth_type type;
1495 drv->associated = 0;
1497 msg = nlmsg_alloc();
1501 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
1504 for (i = 0; i < 4; i++) {
1505 if (!params->wep_key[i])
1507 wpa_driver_nl80211_set_key(drv, WPA_ALG_WEP, NULL, i,
1508 i == params->wep_tx_keyidx, NULL, 0,
1510 params->wep_key_len[i]);
1513 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1514 NL80211_CMD_AUTHENTICATE, 0);
1516 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1517 if (params->bssid) {
1518 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
1519 MAC2STR(params->bssid));
1520 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
1523 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
1524 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
1527 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
1528 params->ssid, params->ssid_len);
1529 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
1532 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
1534 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
1536 * TODO: if multiple auth_alg options enabled, try them one by one if
1537 * the AP rejects authentication due to unknown auth alg
1539 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
1540 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
1541 else if (params->auth_alg & AUTH_ALG_SHARED_KEY)
1542 type = NL80211_AUTHTYPE_SHARED_KEY;
1543 else if (params->auth_alg & AUTH_ALG_LEAP)
1544 type = NL80211_AUTHTYPE_NETWORK_EAP;
1545 else if (params->auth_alg & AUTH_ALG_FT)
1546 type = NL80211_AUTHTYPE_FT;
1548 goto nla_put_failure;
1549 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
1550 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
1552 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1555 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
1556 "(%s)", ret, strerror(-ret));
1557 goto nla_put_failure;
1560 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
1571 struct phy_info_arg {
1573 struct hostapd_hw_modes *modes;
1576 static int phy_info_handler(struct nl_msg *msg, void *arg)
1578 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
1579 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1580 struct phy_info_arg *phy_info = arg;
1582 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
1584 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
1585 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
1586 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
1587 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
1588 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
1589 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
1590 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
1591 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
1594 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
1595 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
1596 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
1597 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
1600 struct nlattr *nl_band;
1601 struct nlattr *nl_freq;
1602 struct nlattr *nl_rate;
1603 int rem_band, rem_freq, rem_rate;
1604 struct hostapd_hw_modes *mode;
1605 int idx, mode_is_set;
1607 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1608 genlmsg_attrlen(gnlh, 0), NULL);
1610 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
1613 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
1614 mode = realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
1617 phy_info->modes = mode;
1621 mode = &phy_info->modes[*(phy_info->num_modes)];
1622 memset(mode, 0, sizeof(*mode));
1623 *(phy_info->num_modes) += 1;
1625 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
1626 nla_len(nl_band), NULL);
1628 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) {
1629 mode->ht_capab = nla_get_u16(
1630 tb_band[NL80211_BAND_ATTR_HT_CAPA]);
1633 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
1634 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
1635 nla_len(nl_freq), freq_policy);
1636 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
1638 mode->num_channels++;
1641 mode->channels = calloc(mode->num_channels, sizeof(struct hostapd_channel_data));
1642 if (!mode->channels)
1647 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
1648 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
1649 nla_len(nl_freq), freq_policy);
1650 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
1653 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
1654 mode->channels[idx].flag = 0;
1657 /* crude heuristic */
1658 if (mode->channels[idx].freq < 4000)
1659 mode->mode = HOSTAPD_MODE_IEEE80211B;
1661 mode->mode = HOSTAPD_MODE_IEEE80211A;
1665 /* crude heuristic */
1666 if (mode->channels[idx].freq < 4000)
1667 if (mode->channels[idx].freq == 2848)
1668 mode->channels[idx].chan = 14;
1670 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
1672 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
1674 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
1675 mode->channels[idx].flag |=
1676 HOSTAPD_CHAN_DISABLED;
1677 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
1678 mode->channels[idx].flag |=
1679 HOSTAPD_CHAN_PASSIVE_SCAN;
1680 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
1681 mode->channels[idx].flag |=
1682 HOSTAPD_CHAN_NO_IBSS;
1683 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
1684 mode->channels[idx].flag |=
1687 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] &&
1688 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
1689 mode->channels[idx].max_tx_power =
1690 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100;
1695 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
1696 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
1697 nla_len(nl_rate), rate_policy);
1698 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
1703 mode->rates = calloc(mode->num_rates, sizeof(struct hostapd_rate_data));
1709 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
1710 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
1711 nla_len(nl_rate), rate_policy);
1712 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
1714 mode->rates[idx].rate = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
1716 /* crude heuristic */
1717 if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
1718 mode->rates[idx].rate > 200)
1719 mode->mode = HOSTAPD_MODE_IEEE80211G;
1721 if (tb_rate[NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE])
1722 mode->rates[idx].flags |= HOSTAPD_RATE_PREAMBLE2;
1731 static struct hostapd_hw_modes *
1732 wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes)
1735 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
1736 int i, mode11g_idx = -1;
1738 /* If only 802.11g mode is included, use it to construct matching
1739 * 802.11b mode data. */
1741 for (m = 0; m < *num_modes; m++) {
1742 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
1743 return modes; /* 802.11b already included */
1744 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
1748 if (mode11g_idx < 0)
1749 return modes; /* 2.4 GHz band not supported at all */
1751 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes));
1753 return modes; /* Could not add 802.11b mode */
1755 mode = &nmodes[*num_modes];
1756 os_memset(mode, 0, sizeof(*mode));
1760 mode->mode = HOSTAPD_MODE_IEEE80211B;
1762 mode11g = &modes[mode11g_idx];
1763 mode->num_channels = mode11g->num_channels;
1764 mode->channels = os_malloc(mode11g->num_channels *
1765 sizeof(struct hostapd_channel_data));
1766 if (mode->channels == NULL) {
1768 return modes; /* Could not add 802.11b mode */
1770 os_memcpy(mode->channels, mode11g->channels,
1771 mode11g->num_channels * sizeof(struct hostapd_channel_data));
1773 mode->num_rates = 0;
1774 mode->rates = os_malloc(4 * sizeof(struct hostapd_rate_data));
1775 if (mode->rates == NULL) {
1776 os_free(mode->channels);
1778 return modes; /* Could not add 802.11b mode */
1781 for (i = 0; i < mode11g->num_rates; i++) {
1782 if (mode11g->rates[i].rate > 110 ||
1783 mode11g->rates[i].flags &
1784 (HOSTAPD_RATE_ERP | HOSTAPD_RATE_OFDM))
1786 mode->rates[mode->num_rates] = mode11g->rates[i];
1788 if (mode->num_rates == 4)
1792 if (mode->num_rates == 0) {
1793 os_free(mode->channels);
1794 os_free(mode->rates);
1796 return modes; /* No 802.11b rates */
1799 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
1806 static struct hostapd_hw_modes *
1807 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
1809 struct wpa_driver_nl80211_data *drv = priv;
1811 struct phy_info_arg result = {
1812 .num_modes = num_modes,
1819 msg = nlmsg_alloc();
1823 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1824 0, NL80211_CMD_GET_WIPHY, 0);
1826 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1828 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0)
1829 return wpa_driver_nl80211_add_11b(result.modes, num_modes);
1835 static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv,
1836 const void *data, size_t len,
1840 0x00, 0x00, /* radiotap version */
1841 0x0e, 0x00, /* radiotap length */
1842 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
1843 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
1845 0x00, 0x00, /* RX and TX flags to indicate that */
1846 0x00, 0x00, /* this is the injected frame directly */
1848 struct iovec iov[2] = {
1850 .iov_base = &rtap_hdr,
1851 .iov_len = sizeof(rtap_hdr),
1854 .iov_base = (void *) data,
1858 struct msghdr msg = {
1863 .msg_control = NULL,
1864 .msg_controllen = 0,
1869 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
1871 return sendmsg(drv->monitor_sock, &msg, 0);
1875 static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data,
1878 struct wpa_driver_nl80211_data *drv = priv;
1879 struct ieee80211_mgmt *mgmt;
1880 int do_not_encrypt = 0;
1883 mgmt = (struct ieee80211_mgmt *) data;
1884 fc = le_to_host16(mgmt->frame_control);
1886 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
1887 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
1889 * Only one of the authentication frame types is encrypted.
1890 * In order for static WEP encryption to work properly (i.e.,
1891 * to not encrypt the frame), we need to tell mac80211 about
1892 * the frames that must not be encrypted.
1894 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
1895 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
1896 if (auth_alg == WLAN_AUTH_OPEN ||
1897 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_trans != 3))
1901 return wpa_driver_nl80211_send_frame(drv, data, data_len,
1906 static int wpa_driver_nl80211_set_beacon(void *priv,
1907 const u8 *head, size_t head_len,
1908 const u8 *tail, size_t tail_len,
1911 struct wpa_driver_nl80211_data *drv = priv;
1913 u8 cmd = NL80211_CMD_NEW_BEACON;
1916 msg = nlmsg_alloc();
1920 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
1922 if (drv->beacon_set)
1923 cmd = NL80211_CMD_SET_BEACON;
1925 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1927 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
1928 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
1929 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1930 if (!drv->beacon_int)
1931 drv->beacon_int = 100;
1932 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, drv->beacon_int);
1933 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period);
1935 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1937 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
1938 ret, strerror(-ret));
1940 drv->beacon_set = 1;
1947 static int wpa_driver_nl80211_set_beacon_int(void *priv, int value)
1949 struct wpa_driver_nl80211_data *drv = priv;
1952 drv->beacon_int = value;
1954 if (!drv->beacon_set)
1957 msg = nlmsg_alloc();
1961 wpa_printf(MSG_DEBUG, "nl80211: Set beacon interval %d "
1962 "(beacon_set=%d)", value, drv->beacon_set);
1963 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1964 0, NL80211_CMD_SET_BEACON, 0);
1965 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1967 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, value);
1969 return send_and_recv_msgs(drv, msg, NULL, NULL);
1975 static int wpa_driver_nl80211_set_freq2(
1976 struct wpa_driver_nl80211_data *drv,
1977 struct wpa_driver_associate_params *params)
1982 msg = nlmsg_alloc();
1986 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1987 NL80211_CMD_SET_WIPHY, 0);
1989 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1991 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
1993 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1996 wpa_printf(MSG_DEBUG, "nl80211: MLME Failed to set channel (freq=%d): "
1997 "%d (%s)", params->freq, ret, strerror(-ret));
2003 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
2008 msg = nlmsg_alloc();
2010 goto nla_put_failure;
2012 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2013 0, NL80211_CMD_DEL_INTERFACE, 0);
2014 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
2016 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
2019 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d).\n",
2024 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
2025 const char *ifname, enum nl80211_iftype iftype)
2027 struct nl_msg *msg, *flags = NULL;
2031 msg = nlmsg_alloc();
2035 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2036 0, NL80211_CMD_NEW_INTERFACE, 0);
2037 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2038 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
2039 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
2041 if (iftype == NL80211_IFTYPE_MONITOR) {
2044 flags = nlmsg_alloc();
2046 goto nla_put_failure;
2048 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
2050 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
2055 goto nla_put_failure;
2058 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2061 wpa_printf(MSG_ERROR, "Failed to create interface %s.",
2066 ifidx = if_nametoindex(ifname);
2075 enum ieee80211_msg_type {
2076 ieee80211_msg_normal = 0,
2077 ieee80211_msg_tx_callback_ack = 1,
2078 ieee80211_msg_tx_callback_fail = 2,
2082 void ap_tx_status(void *ctx, const u8 *addr,
2083 const u8 *buf, size_t len, int ack);
2084 void ap_rx_from_unknown_sta(void *ctx, const u8 *addr);
2085 void ap_mgmt_rx(void *ctx, u8 *buf, size_t len, u16 stype,
2086 struct hostapd_frame_info *fi);
2087 void ap_mgmt_tx_cb(void *ctx, u8 *buf, size_t len, u16 stype, int ok);
2090 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
2092 struct ieee80211_hdr *hdr;
2093 u16 fc, type, stype;
2095 hdr = (struct ieee80211_hdr *) buf;
2096 fc = le_to_host16(hdr->frame_control);
2098 type = WLAN_FC_GET_TYPE(fc);
2099 stype = WLAN_FC_GET_STYPE(fc);
2102 case WLAN_FC_TYPE_MGMT:
2103 wpa_printf(MSG_DEBUG, "MGMT (TX callback) %s",
2104 ok ? "ACK" : "fail");
2105 ap_mgmt_tx_cb(ctx, buf, len, stype, ok);
2107 case WLAN_FC_TYPE_CTRL:
2108 wpa_printf(MSG_DEBUG, "CTRL (TX callback) %s",
2109 ok ? "ACK" : "fail");
2111 case WLAN_FC_TYPE_DATA:
2112 ap_tx_status(ctx, hdr->addr1, buf, len, ok);
2115 wpa_printf(MSG_DEBUG, "unknown TX callback frame type %d",
2122 static void handle_frame(struct wpa_driver_nl80211_data *drv,
2123 u8 *buf, size_t len,
2124 struct hostapd_frame_info *hfi,
2125 enum ieee80211_msg_type msg_type)
2127 struct ieee80211_hdr *hdr;
2128 u16 fc, type, stype;
2129 size_t data_len = len;
2132 * PS-Poll frames are 16 bytes. All other frames are
2133 * 24 bytes or longer.
2138 hdr = (struct ieee80211_hdr *) buf;
2139 fc = le_to_host16(hdr->frame_control);
2141 type = WLAN_FC_GET_TYPE(fc);
2142 stype = WLAN_FC_GET_STYPE(fc);
2145 case WLAN_FC_TYPE_DATA:
2148 switch (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) {
2151 case WLAN_FC_FROMDS:
2158 case WLAN_FC_TYPE_CTRL:
2159 /* discard non-ps-poll frames */
2160 if (stype != WLAN_FC_STYPE_PSPOLL)
2163 case WLAN_FC_TYPE_MGMT:
2171 case ieee80211_msg_normal:
2172 /* continue processing */
2174 case ieee80211_msg_tx_callback_ack:
2175 handle_tx_callback(drv->ctx, buf, data_len, 1);
2177 case ieee80211_msg_tx_callback_fail:
2178 handle_tx_callback(drv->ctx, buf, data_len, 0);
2183 case WLAN_FC_TYPE_MGMT:
2184 if (stype != WLAN_FC_STYPE_BEACON &&
2185 stype != WLAN_FC_STYPE_PROBE_REQ)
2186 wpa_printf(MSG_MSGDUMP, "MGMT");
2187 ap_mgmt_rx(drv->ctx, buf, data_len, stype, hfi);
2189 case WLAN_FC_TYPE_CTRL:
2190 /* can only get here with PS-Poll frames */
2191 wpa_printf(MSG_DEBUG, "CTRL");
2192 ap_rx_from_unknown_sta(drv->ctx, hdr->addr2);
2194 case WLAN_FC_TYPE_DATA:
2195 ap_rx_from_unknown_sta(drv->ctx, hdr->addr2);
2201 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
2203 struct wpa_driver_nl80211_data *drv = eloop_ctx;
2205 unsigned char buf[3000];
2206 struct ieee80211_radiotap_iterator iter;
2208 struct hostapd_frame_info hfi;
2209 int injected = 0, failed = 0, msg_type, rxflags = 0;
2211 len = recv(sock, buf, sizeof(buf), 0);
2217 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
2218 printf("received invalid radiotap frame\n");
2222 memset(&hfi, 0, sizeof(hfi));
2225 ret = ieee80211_radiotap_iterator_next(&iter);
2229 printf("received invalid radiotap frame (%d)\n", ret);
2232 switch (iter.this_arg_index) {
2233 case IEEE80211_RADIOTAP_FLAGS:
2234 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
2237 case IEEE80211_RADIOTAP_RX_FLAGS:
2240 case IEEE80211_RADIOTAP_TX_FLAGS:
2242 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
2243 IEEE80211_RADIOTAP_F_TX_FAIL;
2245 case IEEE80211_RADIOTAP_DATA_RETRIES:
2247 case IEEE80211_RADIOTAP_CHANNEL:
2248 /* TODO convert from freq/flags to channel number
2253 case IEEE80211_RADIOTAP_RATE:
2254 hfi.datarate = *iter.this_arg * 5;
2256 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
2257 hfi.ssi_signal = *iter.this_arg;
2262 if (rxflags && injected)
2266 msg_type = ieee80211_msg_normal;
2268 msg_type = ieee80211_msg_tx_callback_fail;
2270 msg_type = ieee80211_msg_tx_callback_ack;
2272 handle_frame(drv, buf + iter.max_length,
2273 len - iter.max_length, &hfi, msg_type);
2278 * we post-process the filter code later and rewrite
2279 * this to the offset to the last instruction
2284 static struct sock_filter msock_filter_insns[] = {
2286 * do a little-endian load of the radiotap length field
2288 /* load lower byte into A */
2289 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
2290 /* put it into X (== index register) */
2291 BPF_STMT(BPF_MISC| BPF_TAX, 0),
2292 /* load upper byte into A */
2293 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
2294 /* left-shift it by 8 */
2295 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
2297 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
2298 /* put result into X */
2299 BPF_STMT(BPF_MISC| BPF_TAX, 0),
2302 * Allow management frames through, this also gives us those
2303 * management frames that we sent ourselves with status
2305 /* load the lower byte of the IEEE 802.11 frame control field */
2306 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2307 /* mask off frame type and version */
2308 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
2309 /* accept frame if it's both 0, fall through otherwise */
2310 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
2313 * TODO: add a bit to radiotap RX flags that indicates
2314 * that the sending station is not associated, then
2315 * add a filter here that filters on our DA and that flag
2316 * to allow us to deauth frames to that bad station.
2318 * Not a regression -- we didn't do it before either.
2323 * drop non-data frames, WDS frames
2325 /* load the lower byte of the frame control field */
2326 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2327 /* mask off QoS bit */
2328 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
2329 /* drop non-data frames */
2330 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
2331 /* load the upper byte of the frame control field */
2332 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2333 /* mask off toDS/fromDS */
2334 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
2335 /* drop WDS frames */
2336 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, FAIL, 0),
2340 * add header length to index
2342 /* load the lower byte of the frame control field */
2343 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2344 /* mask off QoS bit */
2345 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
2346 /* right shift it by 6 to give 0 or 2 */
2347 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
2348 /* add data frame header length */
2349 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
2350 /* add index, was start of 802.11 header */
2351 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
2352 /* move to index, now start of LL header */
2353 BPF_STMT(BPF_MISC | BPF_TAX, 0),
2356 * Accept empty data frames, we use those for
2359 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
2360 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
2363 * Accept EAPOL frames
2365 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
2366 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
2367 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
2368 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
2370 /* keep these last two statements or change the code below */
2371 /* return 0 == "DROP" */
2372 BPF_STMT(BPF_RET | BPF_K, 0),
2373 /* return ~0 == "keep all" */
2374 BPF_STMT(BPF_RET | BPF_K, ~0),
2377 static struct sock_fprog msock_filter = {
2378 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
2379 .filter = msock_filter_insns,
2383 static int add_monitor_filter(int s)
2387 /* rewrite all PASS/FAIL jump offsets */
2388 for (idx = 0; idx < msock_filter.len; idx++) {
2389 struct sock_filter *insn = &msock_filter_insns[idx];
2391 if (BPF_CLASS(insn->code) == BPF_JMP) {
2392 if (insn->code == (BPF_JMP|BPF_JA)) {
2393 if (insn->k == PASS)
2394 insn->k = msock_filter.len - idx - 2;
2395 else if (insn->k == FAIL)
2396 insn->k = msock_filter.len - idx - 3;
2399 if (insn->jt == PASS)
2400 insn->jt = msock_filter.len - idx - 2;
2401 else if (insn->jt == FAIL)
2402 insn->jt = msock_filter.len - idx - 3;
2404 if (insn->jf == PASS)
2405 insn->jf = msock_filter.len - idx - 2;
2406 else if (insn->jf == FAIL)
2407 insn->jf = msock_filter.len - idx - 3;
2411 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
2412 &msock_filter, sizeof(msock_filter))) {
2413 perror("SO_ATTACH_FILTER");
2422 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
2425 struct sockaddr_ll ll;
2430 snprintf(buf, IFNAMSIZ, "mon.%s", drv->ifname);
2431 buf[IFNAMSIZ - 1] = '\0';
2433 drv->monitor_ifidx =
2434 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR);
2436 if (drv->monitor_ifidx < 0)
2439 if (wpa_driver_nl80211_get_ifflags_ifname(drv, buf, &flags) != 0) {
2440 wpa_printf(MSG_ERROR, "Could not get interface '%s' flags",
2444 if (!(flags & IFF_UP)) {
2445 if (wpa_driver_nl80211_set_ifflags_ifname(drv, buf,
2446 flags | IFF_UP) != 0)
2448 wpa_printf(MSG_ERROR, "Could not set interface '%s' "
2454 memset(&ll, 0, sizeof(ll));
2455 ll.sll_family = AF_PACKET;
2456 ll.sll_ifindex = drv->monitor_ifidx;
2457 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
2458 if (drv->monitor_sock < 0) {
2459 perror("socket[PF_PACKET,SOCK_RAW]");
2463 if (add_monitor_filter(drv->monitor_sock)) {
2464 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
2465 "interface; do filtering in user space");
2466 /* This works, but will cost in performance. */
2469 if (bind(drv->monitor_sock, (struct sockaddr *) &ll,
2471 perror("monitor socket bind");
2475 optlen = sizeof(optval);
2478 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
2479 perror("Failed to set socket priority");
2483 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
2485 printf("Could not register monitor read socket\n");
2491 nl80211_remove_iface(drv, drv->monitor_ifidx);
2496 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
2497 struct wpa_driver_associate_params *params)
2499 if (drv->monitor_ifidx < 0 &&
2500 nl80211_create_monitor_interface(drv))
2503 if (wpa_driver_nl80211_set_mode(drv, params->mode) ||
2504 wpa_driver_nl80211_set_freq2(drv, params)) {
2505 nl80211_remove_iface(drv, drv->monitor_ifidx);
2506 drv->monitor_ifidx = -1;
2510 /* TODO: setup monitor interface (and add code somewhere to remove this
2511 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */
2515 #endif /* CONFIG_AP */
2518 static int wpa_driver_nl80211_associate(
2519 void *priv, struct wpa_driver_associate_params *params)
2521 struct wpa_driver_nl80211_data *drv = priv;
2526 if (params->mode == 2)
2527 return wpa_driver_nl80211_ap(drv, params);
2528 #endif /* CONFIG_AP */
2530 wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
2531 params->drop_unencrypted);
2533 drv->associated = 0;
2535 msg = nlmsg_alloc();
2539 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
2541 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2542 NL80211_CMD_ASSOCIATE, 0);
2544 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2545 if (params->bssid) {
2546 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
2547 MAC2STR(params->bssid));
2548 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
2551 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
2552 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
2555 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
2556 params->ssid, params->ssid_len);
2557 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
2559 if (params->ssid_len > sizeof(drv->ssid))
2560 goto nla_put_failure;
2561 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
2562 drv->ssid_len = params->ssid_len;
2564 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
2566 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
2569 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2572 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
2573 "(%s)", ret, strerror(-ret));
2574 goto nla_put_failure;
2577 wpa_printf(MSG_DEBUG, "nl80211: Association request send "
2587 * wpa_driver_nl80211_set_mode - Set wireless mode (infra/adhoc)
2588 * @drv: Pointer to private driver data from wpa_driver_nl80211_init()
2589 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2590 * Returns: 0 on success, -1 on failure
2592 static int wpa_driver_nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
2595 int ret = -1, flags;
2601 nlmode = NL80211_IFTYPE_STATION;
2604 nlmode = NL80211_IFTYPE_ADHOC;
2607 nlmode = NL80211_IFTYPE_AP;
2613 msg = nlmsg_alloc();
2617 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2618 0, NL80211_CMD_SET_INTERFACE, 0);
2619 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2620 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, nlmode);
2622 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2629 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface mode: %d (%s)",
2630 ret, strerror(-ret));
2634 /* mac80211 doesn't allow mode changes while the device is up, so
2635 * take the device down, try to set the mode again, and bring the
2638 if (wpa_driver_nl80211_get_ifflags(drv, &flags) == 0) {
2639 (void) wpa_driver_nl80211_set_ifflags(drv, flags & ~IFF_UP);
2641 /* Try to set the mode again while the interface is down */
2642 msg = nlmsg_alloc();
2646 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2647 0, NL80211_CMD_SET_INTERFACE, 0);
2648 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2649 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, nlmode);
2650 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2652 wpa_printf(MSG_ERROR, "Failed to set interface %s "
2653 "mode(try_again): %d (%s)",
2654 drv->ifname, ret, strerror(-ret));
2657 /* Ignore return value of get_ifflags to ensure that the device
2658 * is always up like it was before this function was called.
2660 (void) wpa_driver_nl80211_get_ifflags(drv, &flags);
2661 (void) wpa_driver_nl80211_set_ifflags(drv, flags | IFF_UP);
2668 static int wpa_driver_nl80211_get_capa(void *priv,
2669 struct wpa_driver_capa *capa)
2671 struct wpa_driver_nl80211_data *drv = priv;
2672 if (!drv->has_capability)
2674 os_memcpy(capa, &drv->capa, sizeof(*capa));
2679 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
2681 struct wpa_driver_nl80211_data *drv = priv;
2683 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2684 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2685 drv->operstate = state;
2686 return wpa_driver_nl80211_send_oper_ifla(
2687 drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT);
2691 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
2693 .desc = "Linux nl80211/cfg80211",
2694 .get_bssid = wpa_driver_nl80211_get_bssid,
2695 .get_ssid = wpa_driver_nl80211_get_ssid,
2696 .set_key = wpa_driver_nl80211_set_key,
2697 .scan2 = wpa_driver_nl80211_scan,
2698 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
2699 .deauthenticate = wpa_driver_nl80211_deauthenticate,
2700 .disassociate = wpa_driver_nl80211_disassociate,
2701 .authenticate = wpa_driver_nl80211_authenticate,
2702 .associate = wpa_driver_nl80211_associate,
2703 .init = wpa_driver_nl80211_init,
2704 .deinit = wpa_driver_nl80211_deinit,
2705 .get_capa = wpa_driver_nl80211_get_capa,
2706 .set_operstate = wpa_driver_nl80211_set_operstate,
2707 .set_country = wpa_driver_nl80211_set_country,
2709 .set_beacon = wpa_driver_nl80211_set_beacon,
2710 .set_beacon_int = wpa_driver_nl80211_set_beacon_int,
2711 .send_mlme = wpa_driver_nl80211_send_mlme,
2712 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
2713 #endif /* CONFIG_AP */