2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009, Atheros Communications
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
13 * Alternatively, this software may be distributed under the terms of BSD
16 * See README and COPYING for more details.
20 #include <sys/ioctl.h>
21 #include <net/if_arp.h>
22 #include <netlink/genl/genl.h>
23 #include <netlink/genl/family.h>
24 #include <netlink/genl/ctrl.h>
25 #include "nl80211_copy.h"
26 #include "wireless_copy.h"
31 #include "ieee802_11_defs.h"
33 #if defined(CONFIG_AP) || defined(HOSTAPD)
34 #include <netpacket/packet.h>
35 #include <linux/filter.h>
37 #include "radiotap_iter.h"
38 #endif /* CONFIG_AP || HOSTAPD */
42 #include "../hostapd/hostapd_defs.h"
45 #define ETH_P_ALL 0x0003
48 #endif /* CONFIG_AP */
51 #include "../../hostapd/hostapd.h"
52 #include "../../hostapd/sta_flags.h"
53 #include "ieee802_11_common.h"
56 /* libnl 2.0 compatibility code */
57 #define nl_handle_alloc_cb nl_socket_alloc_cb
58 #define nl_handle_destroy nl_socket_free
59 #endif /* CONFIG_LIBNL20 */
65 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
68 #define IFF_DORMANT 0x20000 /* driver signals dormant */
71 #ifndef IF_OPER_DORMANT
72 #define IF_OPER_DORMANT 5
78 enum ieee80211_msg_type {
79 ieee80211_msg_normal = 0,
80 ieee80211_msg_tx_callback_ack = 1,
81 ieee80211_msg_tx_callback_fail = 2,
85 struct i802_bss *next;
87 unsigned int beacon_set:1;
90 struct wpa_driver_nl80211_data {
93 int ioctl_sock; /* socket for ioctl() use */
94 char ifname[IFNAMSIZ + 1];
97 struct wpa_driver_capa capa;
102 int scan_complete_events;
104 struct nl_handle *nl_handle;
105 struct nl_cache *nl_cache;
107 struct genl_family *nl80211;
114 #if defined(CONFIG_AP) || defined(HOSTAPD)
118 #endif /* CONFIG_AP || HOSTAPD */
121 unsigned int beacon_set:1;
122 #endif /* CONFIG_AP */
125 struct hostapd_data *hapd;
127 int eapol_sock; /* socket for EAPOL frames */
129 int default_if_indices[16];
134 unsigned int ht_40mhz_scan:1;
138 struct hostapd_neighbor_bss *neighbors;
139 size_t num_neighbors;
144 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
146 static int wpa_driver_nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
149 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
152 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
154 #endif /* CONFIG_AP */
157 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
158 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
159 static struct i802_bss * get_bss(struct wpa_driver_nl80211_data *drv,
165 static int ack_handler(struct nl_msg *msg, void *arg)
172 static int finish_handler(struct nl_msg *msg, void *arg)
179 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
188 static int no_seq_check(struct nl_msg *msg, void *arg)
194 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
196 int (*valid_handler)(struct nl_msg *, void *),
202 cb = nl_cb_clone(drv->nl_cb);
206 err = nl_send_auto_complete(drv->nl_handle, msg);
212 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
213 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
214 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
217 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
218 valid_handler, valid_data);
221 nl_recvmsgs(drv->nl_handle, cb);
235 static int family_handler(struct nl_msg *msg, void *arg)
237 struct family_data *res = arg;
238 struct nlattr *tb[CTRL_ATTR_MAX + 1];
239 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
240 struct nlattr *mcgrp;
243 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
244 genlmsg_attrlen(gnlh, 0), NULL);
245 if (!tb[CTRL_ATTR_MCAST_GROUPS])
248 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
249 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
250 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
251 nla_len(mcgrp), NULL);
252 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
253 !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
254 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
256 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
258 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
266 static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv,
267 const char *family, const char *group)
271 struct family_data res = { group, -ENOENT };
276 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"),
277 0, 0, CTRL_CMD_GETFAMILY, 0);
278 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
280 ret = send_and_recv_msgs(drv, msg, family_handler, &res);
291 static int wpa_driver_nl80211_send_oper_ifla(
292 struct wpa_driver_nl80211_data *drv,
293 int linkmode, int operstate)
297 struct ifinfomsg ifinfo;
304 os_memset(&req, 0, sizeof(req));
306 req.hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
307 req.hdr.nlmsg_type = RTM_SETLINK;
308 req.hdr.nlmsg_flags = NLM_F_REQUEST;
309 req.hdr.nlmsg_seq = ++nl_seq;
310 req.hdr.nlmsg_pid = 0;
312 req.ifinfo.ifi_family = AF_UNSPEC;
313 req.ifinfo.ifi_type = 0;
314 req.ifinfo.ifi_index = drv->ifindex;
315 req.ifinfo.ifi_flags = 0;
316 req.ifinfo.ifi_change = 0;
318 if (linkmode != -1) {
319 rta = (struct rtattr *)
320 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
321 rta->rta_type = IFLA_LINKMODE;
322 rta->rta_len = RTA_LENGTH(sizeof(char));
323 *((char *) RTA_DATA(rta)) = linkmode;
324 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
325 RTA_LENGTH(sizeof(char));
327 if (operstate != -1) {
328 rta = (struct rtattr *)
329 ((char *) &req + NLMSG_ALIGN(req.hdr.nlmsg_len));
330 rta->rta_type = IFLA_OPERSTATE;
331 rta->rta_len = RTA_LENGTH(sizeof(char));
332 *((char *) RTA_DATA(rta)) = operstate;
333 req.hdr.nlmsg_len = NLMSG_ALIGN(req.hdr.nlmsg_len) +
334 RTA_LENGTH(sizeof(char));
337 wpa_printf(MSG_DEBUG, "nl80211: Operstate: linkmode=%d, operstate=%d",
338 linkmode, operstate);
340 ret = send(drv->link_event_sock, &req, req.hdr.nlmsg_len, 0);
342 wpa_printf(MSG_DEBUG, "nl80211: Sending operstate IFLA failed:"
343 " %s (assume operstate is not supported)",
347 return ret < 0 ? -1 : 0;
351 static int wpa_driver_nl80211_set_auth_param(
352 struct wpa_driver_nl80211_data *drv, int idx, u32 value)
357 os_memset(&iwr, 0, sizeof(iwr));
358 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
359 iwr.u.param.flags = idx & IW_AUTH_INDEX;
360 iwr.u.param.value = value;
362 if (ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr) < 0) {
363 if (errno != EOPNOTSUPP) {
364 wpa_printf(MSG_DEBUG, "WEXT: SIOCSIWAUTH(param %d "
365 "value 0x%x) failed: %s)",
366 idx, value, strerror(errno));
368 ret = errno == EOPNOTSUPP ? -2 : -1;
375 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
377 struct wpa_driver_nl80211_data *drv = priv;
378 if (!drv->associated)
380 os_memcpy(bssid, drv->bssid, ETH_ALEN);
385 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
387 struct wpa_driver_nl80211_data *drv = priv;
388 if (!drv->associated)
390 os_memcpy(ssid, drv->ssid, drv->ssid_len);
391 return drv->ssid_len;
396 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
397 void *ctx, char *buf, size_t len,
400 union wpa_event_data event;
402 os_memset(&event, 0, sizeof(event));
403 if (len > sizeof(event.interface_status.ifname))
404 len = sizeof(event.interface_status.ifname) - 1;
405 os_memcpy(event.interface_status.ifname, buf, len);
406 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
407 EVENT_INTERFACE_ADDED;
409 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
411 event.interface_status.ifname,
412 del ? "removed" : "added");
414 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
421 wpa_supplicant_event(ctx, EVENT_INTERFACE_STATUS, &event);
425 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
428 struct ifinfomsg *ifi;
429 int attrlen, _nlmsg_len, rta_len;
434 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
436 attrlen = h->nlmsg_len - _nlmsg_len;
440 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
442 rta_len = RTA_ALIGN(sizeof(struct rtattr));
443 while (RTA_OK(attr, attrlen)) {
444 if (attr->rta_type == IFLA_IFNAME) {
445 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
451 attr = RTA_NEXT(attr, attrlen);
458 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
459 int ifindex, struct nlmsghdr *h)
461 if (drv->ifindex == ifindex)
464 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, h)) {
465 drv->ifindex = if_nametoindex(drv->ifname);
466 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
468 wpa_driver_nl80211_finish_drv_init(drv);
476 static void wpa_driver_nl80211_event_rtm_newlink(struct wpa_driver_nl80211_data *drv,
477 void *ctx, struct nlmsghdr *h,
480 struct ifinfomsg *ifi;
481 int attrlen, _nlmsg_len, rta_len;
482 struct rtattr * attr;
484 if (len < sizeof(*ifi))
489 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, h)) {
490 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
495 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
497 drv->operstate, ifi->ifi_flags,
498 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
499 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
500 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
501 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
503 * Some drivers send the association event before the operup event--in
504 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
505 * fails. This will hit us when wpa_supplicant does not need to do
506 * IEEE 802.1X authentication
508 if (drv->operstate == 1 &&
509 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
510 !(ifi->ifi_flags & IFF_RUNNING))
511 wpa_driver_nl80211_send_oper_ifla(drv, -1, IF_OPER_UP);
513 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
515 attrlen = h->nlmsg_len - _nlmsg_len;
519 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
521 rta_len = RTA_ALIGN(sizeof(struct rtattr));
522 while (RTA_OK(attr, attrlen)) {
523 if (attr->rta_type == IFLA_IFNAME) {
524 wpa_driver_nl80211_event_link(
526 ((char *) attr) + rta_len,
527 attr->rta_len - rta_len, 0);
529 attr = RTA_NEXT(attr, attrlen);
534 static void wpa_driver_nl80211_event_rtm_dellink(struct wpa_driver_nl80211_data *drv,
535 void *ctx, struct nlmsghdr *h,
538 struct ifinfomsg *ifi;
539 int attrlen, _nlmsg_len, rta_len;
540 struct rtattr * attr;
542 if (len < sizeof(*ifi))
547 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
549 attrlen = h->nlmsg_len - _nlmsg_len;
553 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
555 rta_len = RTA_ALIGN(sizeof(struct rtattr));
556 while (RTA_OK(attr, attrlen)) {
557 if (attr->rta_type == IFLA_IFNAME) {
558 wpa_driver_nl80211_event_link(
560 ((char *) attr) + rta_len,
561 attr->rta_len - rta_len, 1);
563 attr = RTA_NEXT(attr, attrlen);
568 static void wpa_driver_nl80211_event_receive_link(int sock, void *eloop_ctx,
573 struct sockaddr_nl from;
579 fromlen = sizeof(from);
580 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
581 (struct sockaddr *) &from, &fromlen);
583 if (errno != EINTR && errno != EAGAIN)
584 perror("recvfrom(netlink)");
588 h = (struct nlmsghdr *) buf;
589 while (left >= (int) sizeof(*h)) {
593 plen = len - sizeof(*h);
594 if (len > left || plen < 0) {
595 wpa_printf(MSG_DEBUG, "Malformed netlink message: "
596 "len=%d left=%d plen=%d",
601 switch (h->nlmsg_type) {
603 wpa_driver_nl80211_event_rtm_newlink(eloop_ctx, sock_ctx,
607 wpa_driver_nl80211_event_rtm_dellink(eloop_ctx, sock_ctx,
612 len = NLMSG_ALIGN(len);
614 h = (struct nlmsghdr *) ((char *) h + len);
618 wpa_printf(MSG_DEBUG, "%d extra bytes in the end of netlink "
622 if (--max_events > 0) {
624 * Try to receive all events in one eloop call in order to
625 * limit race condition on cases where AssocInfo event, Assoc
626 * event, and EAPOL frames are received more or less at the
627 * same time. We want to process the event messages first
628 * before starting EAPOL processing.
635 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
636 const u8 *frame, size_t len)
638 const struct ieee80211_mgmt *mgmt;
639 union wpa_event_data event;
641 mgmt = (const struct ieee80211_mgmt *) frame;
642 if (len < 24 + sizeof(mgmt->u.auth)) {
643 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
648 os_memset(&event, 0, sizeof(event));
649 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
650 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
651 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
652 if (len > 24 + sizeof(mgmt->u.auth)) {
653 event.auth.ies = mgmt->u.auth.variable;
654 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
657 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
661 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
662 const u8 *frame, size_t len)
664 const struct ieee80211_mgmt *mgmt;
665 union wpa_event_data event;
668 mgmt = (const struct ieee80211_mgmt *) frame;
669 if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
670 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
675 status = le_to_host16(mgmt->u.assoc_resp.status_code);
676 if (status != WLAN_STATUS_SUCCESS) {
677 os_memset(&event, 0, sizeof(event));
678 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
679 event.assoc_reject.resp_ies =
680 (u8 *) mgmt->u.assoc_resp.variable;
681 event.assoc_reject.resp_ies_len =
682 len - 24 - sizeof(mgmt->u.assoc_resp);
684 event.assoc_reject.status_code = status;
686 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
691 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
693 os_memset(&event, 0, sizeof(event));
694 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
695 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
696 event.assoc_info.resp_ies_len =
697 len - 24 - sizeof(mgmt->u.assoc_resp);
700 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
704 static void mlme_event(struct wpa_driver_nl80211_data *drv,
705 enum nl80211_commands cmd, struct nlattr *frame)
708 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame "
713 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd);
714 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
715 nla_data(frame), nla_len(frame));
718 case NL80211_CMD_AUTHENTICATE:
719 mlme_event_auth(drv, nla_data(frame), nla_len(frame));
721 case NL80211_CMD_ASSOCIATE:
722 mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
724 case NL80211_CMD_DEAUTHENTICATE:
726 wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, NULL);
728 case NL80211_CMD_DISASSOCIATE:
730 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
740 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv,
744 if (tb[NL80211_ATTR_MAC])
745 hostapd_michael_mic_failure(drv->hapd,
746 nla_data(tb[NL80211_ATTR_MAC]));
748 union wpa_event_data data;
750 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
751 os_memset(&data, 0, sizeof(data));
752 if (tb[NL80211_ATTR_MAC]) {
753 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
754 nla_data(tb[NL80211_ATTR_MAC]),
755 nla_len(tb[NL80211_ATTR_MAC]));
757 if (tb[NL80211_ATTR_KEY_SEQ]) {
758 wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
759 nla_data(tb[NL80211_ATTR_KEY_SEQ]),
760 nla_len(tb[NL80211_ATTR_KEY_SEQ]));
762 if (tb[NL80211_ATTR_KEY_TYPE]) {
763 enum nl80211_key_type key_type =
764 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
765 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
766 if (key_type == NL80211_KEYTYPE_PAIRWISE)
767 data.michael_mic_failure.unicast = 1;
769 data.michael_mic_failure.unicast = 1;
771 if (tb[NL80211_ATTR_KEY_IDX]) {
772 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
773 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
776 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
781 static int process_event(struct nl_msg *msg, void *arg)
783 struct wpa_driver_nl80211_data *drv = arg;
784 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
785 struct nlattr *tb[NL80211_ATTR_MAX + 1];
787 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
788 genlmsg_attrlen(gnlh, 0), NULL);
790 if (tb[NL80211_ATTR_IFINDEX]) {
791 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
792 if (ifindex != drv->ifindex) {
793 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)"
794 " for foreign interface (ifindex %d)",
802 case NL80211_CMD_NEW_SCAN_RESULTS:
803 wpa_printf(MSG_DEBUG, "nl80211: New scan results available");
804 drv->scan_complete_events = 1;
805 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
807 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, NULL);
809 case NL80211_CMD_SCAN_ABORTED:
810 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted");
812 * Need to indicate that scan results are available in order
813 * not to make wpa_supplicant stop its scanning.
815 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
817 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, NULL);
819 case NL80211_CMD_AUTHENTICATE:
820 case NL80211_CMD_ASSOCIATE:
821 case NL80211_CMD_DEAUTHENTICATE:
822 case NL80211_CMD_DISASSOCIATE:
823 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME]);
826 case NL80211_CMD_MICHAEL_MIC_FAILURE:
827 mlme_event_michael_mic_failure(drv, tb);
830 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
831 "(cmd=%d)", gnlh->cmd);
839 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
843 struct wpa_driver_nl80211_data *drv = eloop_ctx;
845 wpa_printf(MSG_DEBUG, "nl80211: Event message available");
847 cb = nl_cb_clone(drv->nl_cb);
850 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
851 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv);
852 nl_recvmsgs(drv->nl_handle, cb);
857 static int hostapd_set_iface_flags(struct wpa_driver_nl80211_data *drv,
858 const char *ifname, int dev_up)
862 if (drv->ioctl_sock < 0)
865 os_memset(&ifr, 0, sizeof(ifr));
866 os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
868 if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, &ifr) != 0) {
869 perror("ioctl[SIOCGIFFLAGS]");
870 wpa_printf(MSG_DEBUG, "Could not read interface flags (%s)",
876 if (ifr.ifr_flags & IFF_UP)
878 ifr.ifr_flags |= IFF_UP;
880 if (!(ifr.ifr_flags & IFF_UP))
882 ifr.ifr_flags &= ~IFF_UP;
885 if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, &ifr) != 0) {
886 perror("ioctl[SIOCSIFFLAGS]");
895 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
896 * @priv: driver_nl80211 private data
897 * @alpha2_arg: country to which to switch to
898 * Returns: 0 on success, -1 on failure
900 * This asks nl80211 to set the regulatory domain for given
901 * country ISO / IEC alpha2.
903 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
905 struct wpa_driver_nl80211_data *drv = priv;
913 alpha2[0] = alpha2_arg[0];
914 alpha2[1] = alpha2_arg[1];
917 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
918 0, NL80211_CMD_REQ_SET_REG, 0);
920 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
921 if (send_and_recv_msgs(drv, msg, NULL, NULL))
929 struct wiphy_info_data {
935 static int wiphy_info_handler(struct nl_msg *msg, void *arg)
937 struct nlattr *tb[NL80211_ATTR_MAX + 1];
938 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
939 struct wiphy_info_data *info = arg;
941 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
942 genlmsg_attrlen(gnlh, 0), NULL);
944 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
945 info->max_scan_ssids =
946 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
948 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) {
949 struct nlattr *nl_mode;
951 nla_for_each_nested(nl_mode,
952 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) {
953 if (nl_mode->nla_type == NL80211_IFTYPE_AP) {
954 info->ap_supported = 1;
964 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
965 struct wiphy_info_data *info)
969 os_memset(info, 0, sizeof(*info));
974 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
975 0, NL80211_CMD_GET_WIPHY, 0);
977 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
979 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0)
988 static void wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
990 struct wiphy_info_data info;
991 if (wpa_driver_nl80211_get_info(drv, &info))
993 drv->has_capability = 1;
994 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
995 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
996 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
997 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
998 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
999 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
1000 WPA_DRIVER_CAPA_ENC_WEP104 |
1001 WPA_DRIVER_CAPA_ENC_TKIP |
1002 WPA_DRIVER_CAPA_ENC_CCMP;
1004 drv->capa.max_scan_ssids = info.max_scan_ssids;
1005 if (info.ap_supported)
1006 drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
1011 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
1012 * @ctx: context to be used when calling wpa_supplicant functions,
1013 * e.g., wpa_supplicant_event()
1014 * @ifname: interface name, e.g., wlan0
1015 * Returns: Pointer to private data, %NULL on failure
1017 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname)
1020 struct sockaddr_nl local;
1021 struct wpa_driver_nl80211_data *drv;
1023 drv = os_zalloc(sizeof(*drv));
1027 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
1029 drv->monitor_ifidx = -1;
1030 drv->monitor_sock = -1;
1031 #endif /* CONFIG_AP */
1033 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1034 if (drv->nl_cb == NULL) {
1035 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1040 drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb);
1041 if (drv->nl_handle == NULL) {
1042 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1047 if (genl_connect(drv->nl_handle)) {
1048 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1053 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
1054 if (drv->nl_cache == NULL) {
1055 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1060 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
1061 if (drv->nl80211 == NULL) {
1062 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
1067 ret = nl_get_multicast_id(drv, "nl80211", "scan");
1069 ret = nl_socket_add_membership(drv->nl_handle, ret);
1071 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1072 "membership for scan events: %d (%s)",
1073 ret, strerror(-ret));
1077 ret = nl_get_multicast_id(drv, "nl80211", "mlme");
1079 ret = nl_socket_add_membership(drv->nl_handle, ret);
1081 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1082 "membership for mlme events: %d (%s)",
1083 ret, strerror(-ret));
1086 drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
1088 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle),
1089 wpa_driver_nl80211_event_receive, drv, ctx);
1091 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1092 if (drv->ioctl_sock < 0) {
1093 perror("socket(PF_INET,SOCK_DGRAM)");
1097 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
1099 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
1103 os_memset(&local, 0, sizeof(local));
1104 local.nl_family = AF_NETLINK;
1105 local.nl_groups = RTMGRP_LINK;
1106 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
1107 perror("bind(netlink)");
1113 eloop_register_read_sock(s, wpa_driver_nl80211_event_receive_link, drv,
1115 #endif /* HOSTAPD */
1116 drv->link_event_sock = s;
1118 if (wpa_driver_nl80211_finish_drv_init(drv))
1124 eloop_unregister_read_sock(drv->link_event_sock);
1125 close(drv->link_event_sock);
1127 close(drv->ioctl_sock);
1129 genl_family_put(drv->nl80211);
1131 nl_cache_free(drv->nl_cache);
1133 nl_handle_destroy(drv->nl_handle);
1135 nl_cb_put(drv->nl_cb);
1143 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
1145 drv->ifindex = if_nametoindex(drv->ifname);
1147 if (wpa_driver_nl80211_set_mode(drv, 0) < 0) {
1148 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to "
1149 "use managed mode");
1152 if (hostapd_set_iface_flags(drv, drv->ifname, 1)) {
1153 wpa_printf(MSG_ERROR, "Could not set interface '%s' "
1158 wpa_driver_nl80211_capa(drv);
1160 wpa_driver_nl80211_send_oper_ifla(drv, 1, IF_OPER_DORMANT);
1167 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
1168 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init()
1170 * Shut down driver interface and processing of driver events. Free
1171 * private data buffer if one was allocated in wpa_driver_nl80211_init().
1173 static void wpa_driver_nl80211_deinit(void *priv)
1175 struct wpa_driver_nl80211_data *drv = priv;
1178 if (drv->monitor_ifidx >= 0)
1179 nl80211_remove_iface(drv, drv->monitor_ifidx);
1180 if (drv->monitor_sock >= 0) {
1181 eloop_unregister_read_sock(drv->monitor_sock);
1182 close(drv->monitor_sock);
1184 #endif /* CONFIG_AP */
1186 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1188 wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED, 0);
1190 wpa_driver_nl80211_send_oper_ifla(priv, 0, IF_OPER_UP);
1192 eloop_unregister_read_sock(drv->link_event_sock);
1194 hostapd_set_iface_flags(drv, drv->ifname, 0);
1195 wpa_driver_nl80211_set_mode(drv, 0);
1197 close(drv->link_event_sock);
1198 close(drv->ioctl_sock);
1200 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle));
1201 genl_family_put(drv->nl80211);
1202 nl_cache_free(drv->nl_cache);
1203 nl_handle_destroy(drv->nl_handle);
1204 nl_cb_put(drv->nl_cb);
1211 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
1212 * @eloop_ctx: Unused
1213 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
1215 * This function can be used as registered timeout when starting a scan to
1216 * generate a scan completed event if the driver does not report this.
1218 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1220 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1222 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1223 #endif /* HOSTAPD */
1228 * wpa_driver_nl80211_scan - Request the driver to initiate scan
1229 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
1230 * @params: Scan parameters
1231 * Returns: 0 on success, -1 on failure
1233 static int wpa_driver_nl80211_scan(void *priv,
1234 struct wpa_driver_scan_params *params)
1236 struct wpa_driver_nl80211_data *drv = priv;
1237 int ret = 0, timeout;
1238 struct nl_msg *msg, *ssids, *freqs;
1241 msg = nlmsg_alloc();
1242 ssids = nlmsg_alloc();
1243 freqs = nlmsg_alloc();
1244 if (!msg || !ssids || !freqs) {
1251 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1252 NL80211_CMD_TRIGGER_SCAN, 0);
1254 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1256 for (i = 0; i < params->num_ssids; i++) {
1257 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
1258 params->ssids[i].ssid);
1260 if (params->num_ssids)
1261 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
1263 if (params->extra_ies) {
1264 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
1268 if (params->freqs) {
1269 for (i = 0; params->freqs[i]; i++)
1270 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
1271 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
1274 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1277 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
1278 "(%s)", ret, strerror(-ret));
1279 goto nla_put_failure;
1282 /* Not all drivers generate "scan completed" wireless event, so try to
1283 * read results after a timeout. */
1285 if (drv->scan_complete_events) {
1287 * The driver seems to deliver events to notify when scan is
1288 * complete, so use longer timeout to avoid race conditions
1289 * with scanning and following association request.
1293 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1294 "seconds", ret, timeout);
1295 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1296 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
1307 static int bss_info_handler(struct nl_msg *msg, void *arg)
1309 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1310 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1311 struct nlattr *bss[NL80211_BSS_MAX + 1];
1312 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
1313 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
1314 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
1315 [NL80211_BSS_TSF] = { .type = NLA_U64 },
1316 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
1317 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
1318 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
1319 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
1320 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
1322 struct wpa_scan_results *res = arg;
1323 struct wpa_scan_res **tmp;
1324 struct wpa_scan_res *r;
1328 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1329 genlmsg_attrlen(gnlh, 0), NULL);
1330 if (!tb[NL80211_ATTR_BSS])
1332 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
1335 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
1336 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1337 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1343 r = os_zalloc(sizeof(*r) + ie_len);
1346 if (bss[NL80211_BSS_BSSID])
1347 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
1349 if (bss[NL80211_BSS_FREQUENCY])
1350 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
1351 if (bss[NL80211_BSS_BEACON_INTERVAL])
1352 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
1353 if (bss[NL80211_BSS_CAPABILITY])
1354 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
1355 r->flags |= WPA_SCAN_NOISE_INVALID;
1356 if (bss[NL80211_BSS_SIGNAL_MBM]) {
1357 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
1358 r->level /= 100; /* mBm to dBm */
1359 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
1360 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
1361 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
1362 r->flags |= WPA_SCAN_LEVEL_INVALID;
1364 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
1365 if (bss[NL80211_BSS_TSF])
1366 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
1369 os_memcpy(r + 1, ie, ie_len);
1371 tmp = os_realloc(res->res,
1372 (res->num + 1) * sizeof(struct wpa_scan_res *));
1377 tmp[res->num++] = r;
1385 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
1386 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
1387 * Returns: Scan results on success, -1 on failure
1389 static struct wpa_scan_results *
1390 wpa_driver_nl80211_get_scan_results(void *priv)
1392 struct wpa_driver_nl80211_data *drv = priv;
1394 struct wpa_scan_results *res;
1397 res = os_zalloc(sizeof(*res));
1400 msg = nlmsg_alloc();
1402 goto nla_put_failure;
1404 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP,
1405 NL80211_CMD_GET_SCAN, 0);
1406 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1408 ret = send_and_recv_msgs(drv, msg, bss_info_handler, res);
1411 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)",
1412 (unsigned long) res->num);
1415 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1416 "(%s)", ret, strerror(-ret));
1419 wpa_scan_results_free(res);
1424 static int nl_set_encr(int ifindex, struct wpa_driver_nl80211_data *drv,
1425 wpa_alg alg, const u8 *addr, int key_idx, int set_tx,
1426 const u8 *seq, size_t seq_len,
1427 const u8 *key, size_t key_len)
1432 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d "
1433 "set_tx=%d seq_len=%lu key_len=%lu",
1434 __func__, ifindex, alg, addr, key_idx, set_tx,
1435 (unsigned long) seq_len, (unsigned long) key_len);
1437 msg = nlmsg_alloc();
1441 if (alg == WPA_ALG_NONE) {
1442 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1443 0, NL80211_CMD_DEL_KEY, 0);
1445 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1446 0, NL80211_CMD_NEW_KEY, 0);
1447 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
1451 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
1454 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
1458 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC02);
1461 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC04);
1464 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC06);
1467 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
1468 "algorithm %d", __func__, alg);
1475 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
1477 if (addr && os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
1479 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
1480 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
1482 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1483 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
1485 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1486 if (ret == -ENOENT && alg == WPA_ALG_NONE)
1489 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
1490 ret, strerror(-ret));
1493 * If we failed or don't need to set the default TX key (below),
1496 if (ret || !set_tx || alg == WPA_ALG_NONE)
1498 #ifdef HOSTAPD /* FIX: is this needed? */
1501 #endif /* HOSTAPD */
1503 msg = nlmsg_alloc();
1507 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1508 0, NL80211_CMD_SET_KEY, 0);
1509 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1510 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
1511 if (alg == WPA_ALG_IGTK)
1512 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
1514 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
1516 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1520 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
1521 "err=%d %s)", ret, strerror(-ret));
1529 static int wpa_driver_nl80211_set_key(void *priv, wpa_alg alg,
1530 const u8 *addr, int key_idx,
1531 int set_tx, const u8 *seq,
1533 const u8 *key, size_t key_len)
1535 struct wpa_driver_nl80211_data *drv = priv;
1536 return nl_set_encr(drv->ifindex, drv, alg, addr, key_idx, set_tx, seq,
1537 seq_len, key, key_len);
1541 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
1542 const u8 *addr, int cmd, u16 reason_code)
1547 msg = nlmsg_alloc();
1551 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0);
1553 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1554 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
1555 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
1557 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1560 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
1561 "(%s)", ret, strerror(-ret));
1562 goto nla_put_failure;
1572 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
1575 struct wpa_driver_nl80211_data *drv = priv;
1576 wpa_printf(MSG_DEBUG, "%s", __func__);
1577 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
1582 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
1585 struct wpa_driver_nl80211_data *drv = priv;
1586 wpa_printf(MSG_DEBUG, "%s", __func__);
1587 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE,
1592 static int wpa_driver_nl80211_authenticate(
1593 void *priv, struct wpa_driver_auth_params *params)
1595 struct wpa_driver_nl80211_data *drv = priv;
1598 enum nl80211_auth_type type;
1600 drv->associated = 0;
1602 msg = nlmsg_alloc();
1606 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
1609 for (i = 0; i < 4; i++) {
1610 if (!params->wep_key[i])
1612 wpa_driver_nl80211_set_key(drv, WPA_ALG_WEP, NULL, i,
1613 i == params->wep_tx_keyidx, NULL, 0,
1615 params->wep_key_len[i]);
1618 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1619 NL80211_CMD_AUTHENTICATE, 0);
1621 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1622 if (params->bssid) {
1623 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
1624 MAC2STR(params->bssid));
1625 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
1628 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
1629 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
1632 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
1633 params->ssid, params->ssid_len);
1634 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
1637 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
1639 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
1641 * TODO: if multiple auth_alg options enabled, try them one by one if
1642 * the AP rejects authentication due to unknown auth alg
1644 if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
1645 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
1646 else if (params->auth_alg & AUTH_ALG_SHARED_KEY)
1647 type = NL80211_AUTHTYPE_SHARED_KEY;
1648 else if (params->auth_alg & AUTH_ALG_LEAP)
1649 type = NL80211_AUTHTYPE_NETWORK_EAP;
1650 else if (params->auth_alg & AUTH_ALG_FT)
1651 type = NL80211_AUTHTYPE_FT;
1653 goto nla_put_failure;
1654 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
1655 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
1657 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1660 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
1661 "(%s)", ret, strerror(-ret));
1662 goto nla_put_failure;
1665 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
1674 #if defined(CONFIG_AP) || defined(HOSTAPD)
1676 struct phy_info_arg {
1678 struct hostapd_hw_modes *modes;
1681 static int phy_info_handler(struct nl_msg *msg, void *arg)
1683 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
1684 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1685 struct phy_info_arg *phy_info = arg;
1687 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
1689 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
1690 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
1691 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
1692 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
1693 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
1694 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
1695 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
1696 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
1699 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
1700 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
1701 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
1702 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
1705 struct nlattr *nl_band;
1706 struct nlattr *nl_freq;
1707 struct nlattr *nl_rate;
1708 int rem_band, rem_freq, rem_rate;
1709 struct hostapd_hw_modes *mode;
1710 int idx, mode_is_set;
1712 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1713 genlmsg_attrlen(gnlh, 0), NULL);
1715 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
1718 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
1719 mode = realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
1722 phy_info->modes = mode;
1726 mode = &phy_info->modes[*(phy_info->num_modes)];
1727 memset(mode, 0, sizeof(*mode));
1728 *(phy_info->num_modes) += 1;
1730 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
1731 nla_len(nl_band), NULL);
1733 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) {
1734 mode->ht_capab = nla_get_u16(
1735 tb_band[NL80211_BAND_ATTR_HT_CAPA]);
1738 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
1739 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
1740 nla_len(nl_freq), freq_policy);
1741 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
1743 mode->num_channels++;
1746 mode->channels = calloc(mode->num_channels, sizeof(struct hostapd_channel_data));
1747 if (!mode->channels)
1752 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
1753 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
1754 nla_len(nl_freq), freq_policy);
1755 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
1758 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
1759 mode->channels[idx].flag = 0;
1762 /* crude heuristic */
1763 if (mode->channels[idx].freq < 4000)
1764 mode->mode = HOSTAPD_MODE_IEEE80211B;
1766 mode->mode = HOSTAPD_MODE_IEEE80211A;
1770 /* crude heuristic */
1771 if (mode->channels[idx].freq < 4000)
1772 if (mode->channels[idx].freq == 2484)
1773 mode->channels[idx].chan = 14;
1775 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
1777 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
1779 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
1780 mode->channels[idx].flag |=
1781 HOSTAPD_CHAN_DISABLED;
1782 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
1783 mode->channels[idx].flag |=
1784 HOSTAPD_CHAN_PASSIVE_SCAN;
1785 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
1786 mode->channels[idx].flag |=
1787 HOSTAPD_CHAN_NO_IBSS;
1788 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
1789 mode->channels[idx].flag |=
1792 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] &&
1793 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
1794 mode->channels[idx].max_tx_power =
1795 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100;
1800 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
1801 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
1802 nla_len(nl_rate), rate_policy);
1803 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
1808 mode->rates = calloc(mode->num_rates, sizeof(struct hostapd_rate_data));
1814 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
1815 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
1816 nla_len(nl_rate), rate_policy);
1817 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
1819 mode->rates[idx].rate = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
1821 /* crude heuristic */
1822 if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
1823 mode->rates[idx].rate > 200)
1824 mode->mode = HOSTAPD_MODE_IEEE80211G;
1826 if (tb_rate[NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE])
1827 mode->rates[idx].flags |= HOSTAPD_RATE_PREAMBLE2;
1836 static struct hostapd_hw_modes *
1837 wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes)
1840 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
1841 int i, mode11g_idx = -1;
1843 /* If only 802.11g mode is included, use it to construct matching
1844 * 802.11b mode data. */
1846 for (m = 0; m < *num_modes; m++) {
1847 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
1848 return modes; /* 802.11b already included */
1849 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
1853 if (mode11g_idx < 0)
1854 return modes; /* 2.4 GHz band not supported at all */
1856 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes));
1858 return modes; /* Could not add 802.11b mode */
1860 mode = &nmodes[*num_modes];
1861 os_memset(mode, 0, sizeof(*mode));
1865 mode->mode = HOSTAPD_MODE_IEEE80211B;
1867 mode11g = &modes[mode11g_idx];
1868 mode->num_channels = mode11g->num_channels;
1869 mode->channels = os_malloc(mode11g->num_channels *
1870 sizeof(struct hostapd_channel_data));
1871 if (mode->channels == NULL) {
1873 return modes; /* Could not add 802.11b mode */
1875 os_memcpy(mode->channels, mode11g->channels,
1876 mode11g->num_channels * sizeof(struct hostapd_channel_data));
1878 mode->num_rates = 0;
1879 mode->rates = os_malloc(4 * sizeof(struct hostapd_rate_data));
1880 if (mode->rates == NULL) {
1881 os_free(mode->channels);
1883 return modes; /* Could not add 802.11b mode */
1886 for (i = 0; i < mode11g->num_rates; i++) {
1887 if (mode11g->rates[i].rate > 110 ||
1888 mode11g->rates[i].flags &
1889 (HOSTAPD_RATE_ERP | HOSTAPD_RATE_OFDM))
1891 mode->rates[mode->num_rates] = mode11g->rates[i];
1893 if (mode->num_rates == 4)
1897 if (mode->num_rates == 0) {
1898 os_free(mode->channels);
1899 os_free(mode->rates);
1901 return modes; /* No 802.11b rates */
1904 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
1911 static struct hostapd_hw_modes *
1912 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
1914 struct wpa_driver_nl80211_data *drv = priv;
1916 struct phy_info_arg result = {
1917 .num_modes = num_modes,
1924 msg = nlmsg_alloc();
1928 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1929 0, NL80211_CMD_GET_WIPHY, 0);
1931 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1933 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0)
1934 return wpa_driver_nl80211_add_11b(result.modes, num_modes);
1940 static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv,
1941 const void *data, size_t len,
1945 0x00, 0x00, /* radiotap version */
1946 0x0e, 0x00, /* radiotap length */
1947 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
1948 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
1950 0x00, 0x00, /* RX and TX flags to indicate that */
1951 0x00, 0x00, /* this is the injected frame directly */
1953 struct iovec iov[2] = {
1955 .iov_base = &rtap_hdr,
1956 .iov_len = sizeof(rtap_hdr),
1959 .iov_base = (void *) data,
1963 struct msghdr msg = {
1968 .msg_control = NULL,
1969 .msg_controllen = 0,
1974 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
1976 return sendmsg(drv->monitor_sock, &msg, 0);
1980 static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data,
1983 struct wpa_driver_nl80211_data *drv = priv;
1984 struct ieee80211_mgmt *mgmt;
1985 int do_not_encrypt = 0;
1988 mgmt = (struct ieee80211_mgmt *) data;
1989 fc = le_to_host16(mgmt->frame_control);
1991 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
1992 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
1994 * Only one of the authentication frame types is encrypted.
1995 * In order for static WEP encryption to work properly (i.e.,
1996 * to not encrypt the frame), we need to tell mac80211 about
1997 * the frames that must not be encrypted.
1999 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
2000 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
2001 if (auth_alg == WLAN_AUTH_OPEN ||
2002 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_trans != 3))
2006 return wpa_driver_nl80211_send_frame(drv, data, data_len,
2011 static int wpa_driver_nl80211_set_beacon_iface(int ifindex, void *priv,
2012 const u8 *head, size_t head_len,
2013 const u8 *tail, size_t tail_len,
2016 struct wpa_driver_nl80211_data *drv = priv;
2018 u8 cmd = NL80211_CMD_NEW_BEACON;
2022 struct i802_bss *bss;
2024 bss = get_bss(drv, ifindex);
2027 beacon_set = bss->beacon_set;
2029 beacon_set = drv->beacon_set;
2030 #endif /* HOSTAPD */
2032 msg = nlmsg_alloc();
2036 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
2039 cmd = NL80211_CMD_SET_BEACON;
2041 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2043 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
2044 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
2045 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
2046 if (!drv->beacon_int)
2047 drv->beacon_int = 100;
2048 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, drv->beacon_int);
2049 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period);
2051 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2053 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
2054 ret, strerror(-ret));
2057 bss->beacon_set = 1;
2059 drv->beacon_set = 1;
2060 #endif /* HOSTAPD */
2068 static int wpa_driver_nl80211_set_beacon_int(void *priv, int value)
2070 struct wpa_driver_nl80211_data *drv = priv;
2073 drv->beacon_int = value;
2076 if (!drv->bss.beacon_set)
2079 if (!drv->beacon_set)
2081 #endif /* HOSTAPD */
2083 msg = nlmsg_alloc();
2087 wpa_printf(MSG_DEBUG, "nl80211: Set beacon interval %d", value);
2088 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2089 0, NL80211_CMD_SET_BEACON, 0);
2090 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2092 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, value);
2094 return send_and_recv_msgs(drv, msg, NULL, NULL);
2100 static int wpa_driver_nl80211_set_freq(struct wpa_driver_nl80211_data *drv,
2101 int freq, int ht_enabled,
2102 int sec_channel_offset)
2107 msg = nlmsg_alloc();
2111 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2112 NL80211_CMD_SET_WIPHY, 0);
2114 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2115 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
2117 switch (sec_channel_offset) {
2119 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2120 NL80211_CHAN_HT40MINUS);
2123 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2124 NL80211_CHAN_HT40PLUS);
2127 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2133 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2136 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
2137 "%d (%s)", freq, ret, strerror(-ret));
2142 #endif /* CONFIG_AP || HOSTAPD */
2147 static int wpa_driver_nl80211_set_beacon(void *priv,
2148 const u8 *head, size_t head_len,
2149 const u8 *tail, size_t tail_len,
2152 struct wpa_driver_nl80211_data *drv = priv;
2153 return wpa_driver_nl80211_set_beacon_iface(drv->ifindex, priv,
2159 #endif /* CONFIG_AP */
2161 #if defined(CONFIG_AP) || defined(HOSTAPD)
2163 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
2169 /* stop listening for EAPOL on this interface */
2170 del_ifidx(drv, ifidx);
2171 #endif /* HOSTAPD */
2173 msg = nlmsg_alloc();
2175 goto nla_put_failure;
2177 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2178 0, NL80211_CMD_DEL_INTERFACE, 0);
2179 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
2181 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
2184 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d).\n",
2189 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
2190 const char *ifname, enum nl80211_iftype iftype,
2193 struct nl_msg *msg, *flags = NULL;
2199 #endif /* HOSTAPD */
2201 msg = nlmsg_alloc();
2205 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2206 0, NL80211_CMD_NEW_INTERFACE, 0);
2207 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2208 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
2209 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
2211 if (iftype == NL80211_IFTYPE_MONITOR) {
2214 flags = nlmsg_alloc();
2216 goto nla_put_failure;
2218 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
2220 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
2225 goto nla_put_failure;
2228 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2231 wpa_printf(MSG_ERROR, "Failed to create interface %s.",
2236 ifidx = if_nametoindex(ifname);
2242 /* start listening for EAPOL on this interface */
2243 add_ifidx(drv, ifidx);
2247 case NL80211_IFTYPE_AP:
2248 os_strlcpy(ifreq.ifr_name, ifname, IFNAMSIZ);
2249 memcpy(ifreq.ifr_hwaddr.sa_data, addr, ETH_ALEN);
2250 ifreq.ifr_hwaddr.sa_family = ARPHRD_ETHER;
2252 if (ioctl(drv->ioctl_sock, SIOCSIFHWADDR, &ifreq)) {
2253 nl80211_remove_iface(drv, ifidx);
2257 case NL80211_IFTYPE_WDS:
2258 memset(&iwr, 0, sizeof(iwr));
2259 os_strlcpy(iwr.ifr_name, ifname, IFNAMSIZ);
2260 iwr.u.addr.sa_family = ARPHRD_ETHER;
2261 memcpy(iwr.u.addr.sa_data, addr, ETH_ALEN);
2262 if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr))
2270 #endif /* HOSTAPD */
2275 #endif /* CONFIG_AP || HOSTAPD */
2279 void ap_tx_status(void *ctx, const u8 *addr,
2280 const u8 *buf, size_t len, int ack);
2281 void ap_rx_from_unknown_sta(void *ctx, const u8 *addr);
2282 void ap_mgmt_rx(void *ctx, u8 *buf, size_t len, u16 stype,
2283 struct hostapd_frame_info *fi);
2284 void ap_mgmt_tx_cb(void *ctx, u8 *buf, size_t len, u16 stype, int ok);
2286 #endif /* CONFIG_AP */
2288 #if defined(CONFIG_AP) || defined(HOSTAPD)
2290 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
2292 struct ieee80211_hdr *hdr;
2293 u16 fc, type, stype;
2295 hdr = (struct ieee80211_hdr *) buf;
2296 fc = le_to_host16(hdr->frame_control);
2298 type = WLAN_FC_GET_TYPE(fc);
2299 stype = WLAN_FC_GET_STYPE(fc);
2302 case WLAN_FC_TYPE_MGMT:
2303 wpa_printf(MSG_DEBUG, "MGMT (TX callback) %s",
2304 ok ? "ACK" : "fail");
2306 hostapd_mgmt_tx_cb(ctx, buf, len, stype, ok);
2308 ap_mgmt_tx_cb(ctx, buf, len, stype, ok);
2309 #endif /* HOSTAPD */
2311 case WLAN_FC_TYPE_CTRL:
2312 wpa_printf(MSG_DEBUG, "CTRL (TX callback) %s",
2313 ok ? "ACK" : "fail");
2315 case WLAN_FC_TYPE_DATA:
2317 hostapd_tx_status(ctx, hdr->addr1, buf, len, ok);
2319 ap_tx_status(ctx, hdr->addr1, buf, len, ok);
2320 #endif /* HOSTAPD */
2323 wpa_printf(MSG_DEBUG, "unknown TX callback frame type %d",
2330 static void handle_frame(struct wpa_driver_nl80211_data *drv,
2331 u8 *buf, size_t len,
2332 struct hostapd_frame_info *hfi,
2333 enum ieee80211_msg_type msg_type)
2335 struct ieee80211_hdr *hdr;
2336 u16 fc, type, stype;
2337 size_t data_len = len;
2339 void *ctx = drv->ctx;
2341 struct hostapd_iface *iface = drv->hapd->iface;
2342 struct hostapd_data *hapd = NULL;
2343 int broadcast_bssid = 0;
2345 #endif /* HOSTAPD */
2348 * PS-Poll frames are 16 bytes. All other frames are
2349 * 24 bytes or longer.
2354 hdr = (struct ieee80211_hdr *) buf;
2355 fc = le_to_host16(hdr->frame_control);
2357 type = WLAN_FC_GET_TYPE(fc);
2358 stype = WLAN_FC_GET_STYPE(fc);
2361 case WLAN_FC_TYPE_DATA:
2364 switch (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) {
2368 case WLAN_FC_FROMDS:
2376 case WLAN_FC_TYPE_CTRL:
2377 /* discard non-ps-poll frames */
2378 if (stype != WLAN_FC_STYPE_PSPOLL)
2382 case WLAN_FC_TYPE_MGMT:
2391 /* find interface frame belongs to */
2392 for (i = 0; i < iface->num_bss; i++) {
2393 if (memcmp(bssid, iface->bss[i]->own_addr, ETH_ALEN) == 0) {
2394 hapd = iface->bss[i];
2400 hapd = iface->bss[0];
2402 if (bssid[0] != 0xff || bssid[1] != 0xff ||
2403 bssid[2] != 0xff || bssid[3] != 0xff ||
2404 bssid[4] != 0xff || bssid[5] != 0xff) {
2406 * Unknown BSSID - drop frame if this is not from
2407 * passive scanning or a beacon (at least ProbeReq
2408 * frames to other APs may be allowed through RX
2409 * filtering in the wlan hw/driver)
2411 if ((type != WLAN_FC_TYPE_MGMT ||
2412 stype != WLAN_FC_STYPE_BEACON))
2415 broadcast_bssid = 1;
2418 #endif /* HOSTAPD */
2421 case ieee80211_msg_normal:
2422 /* continue processing */
2424 case ieee80211_msg_tx_callback_ack:
2425 handle_tx_callback(ctx, buf, data_len, 1);
2427 case ieee80211_msg_tx_callback_fail:
2428 handle_tx_callback(ctx, buf, data_len, 0);
2433 case WLAN_FC_TYPE_MGMT:
2434 if (stype != WLAN_FC_STYPE_BEACON &&
2435 stype != WLAN_FC_STYPE_PROBE_REQ)
2436 wpa_printf(MSG_MSGDUMP, "MGMT");
2438 if (broadcast_bssid) {
2439 for (i = 0; i < iface->num_bss; i++)
2440 hostapd_mgmt_rx(iface->bss[i], buf, data_len,
2443 hostapd_mgmt_rx(hapd, buf, data_len, stype, hfi);
2445 ap_mgmt_rx(drv->ctx, buf, data_len, stype, hfi);
2446 #endif /* HOSTAPD */
2448 case WLAN_FC_TYPE_CTRL:
2449 /* can only get here with PS-Poll frames */
2450 wpa_printf(MSG_DEBUG, "CTRL");
2452 hostapd_rx_from_unknown_sta(drv->hapd, hdr->addr2);
2454 ap_rx_from_unknown_sta(drv->ctx, hdr->addr2);
2455 #endif /* HOSTAPD */
2457 case WLAN_FC_TYPE_DATA:
2459 hostapd_rx_from_unknown_sta(drv->hapd, hdr->addr2);
2461 ap_rx_from_unknown_sta(drv->ctx, hdr->addr2);
2462 #endif /* HOSTAPD */
2468 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
2470 struct wpa_driver_nl80211_data *drv = eloop_ctx;
2472 unsigned char buf[3000];
2473 struct ieee80211_radiotap_iterator iter;
2475 struct hostapd_frame_info hfi;
2476 int injected = 0, failed = 0, msg_type, rxflags = 0;
2478 len = recv(sock, buf, sizeof(buf), 0);
2484 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
2485 printf("received invalid radiotap frame\n");
2489 memset(&hfi, 0, sizeof(hfi));
2492 ret = ieee80211_radiotap_iterator_next(&iter);
2496 printf("received invalid radiotap frame (%d)\n", ret);
2499 switch (iter.this_arg_index) {
2500 case IEEE80211_RADIOTAP_FLAGS:
2501 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
2504 case IEEE80211_RADIOTAP_RX_FLAGS:
2507 case IEEE80211_RADIOTAP_TX_FLAGS:
2509 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
2510 IEEE80211_RADIOTAP_F_TX_FAIL;
2512 case IEEE80211_RADIOTAP_DATA_RETRIES:
2514 case IEEE80211_RADIOTAP_CHANNEL:
2515 /* TODO convert from freq/flags to channel number
2520 case IEEE80211_RADIOTAP_RATE:
2521 hfi.datarate = *iter.this_arg * 5;
2523 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
2524 hfi.ssi_signal = *iter.this_arg;
2529 if (rxflags && injected)
2533 msg_type = ieee80211_msg_normal;
2535 msg_type = ieee80211_msg_tx_callback_fail;
2537 msg_type = ieee80211_msg_tx_callback_ack;
2539 handle_frame(drv, buf + iter.max_length,
2540 len - iter.max_length, &hfi, msg_type);
2545 * we post-process the filter code later and rewrite
2546 * this to the offset to the last instruction
2551 static struct sock_filter msock_filter_insns[] = {
2553 * do a little-endian load of the radiotap length field
2555 /* load lower byte into A */
2556 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
2557 /* put it into X (== index register) */
2558 BPF_STMT(BPF_MISC| BPF_TAX, 0),
2559 /* load upper byte into A */
2560 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
2561 /* left-shift it by 8 */
2562 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
2564 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
2565 /* put result into X */
2566 BPF_STMT(BPF_MISC| BPF_TAX, 0),
2569 * Allow management frames through, this also gives us those
2570 * management frames that we sent ourselves with status
2572 /* load the lower byte of the IEEE 802.11 frame control field */
2573 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2574 /* mask off frame type and version */
2575 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
2576 /* accept frame if it's both 0, fall through otherwise */
2577 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
2580 * TODO: add a bit to radiotap RX flags that indicates
2581 * that the sending station is not associated, then
2582 * add a filter here that filters on our DA and that flag
2583 * to allow us to deauth frames to that bad station.
2585 * Not a regression -- we didn't do it before either.
2590 * drop non-data frames, WDS frames
2592 /* load the lower byte of the frame control field */
2593 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2594 /* mask off QoS bit */
2595 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
2596 /* drop non-data frames */
2597 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
2598 /* load the upper byte of the frame control field */
2599 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2600 /* mask off toDS/fromDS */
2601 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
2602 /* drop WDS frames */
2603 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, FAIL, 0),
2607 * add header length to index
2609 /* load the lower byte of the frame control field */
2610 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2611 /* mask off QoS bit */
2612 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
2613 /* right shift it by 6 to give 0 or 2 */
2614 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
2615 /* add data frame header length */
2616 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
2617 /* add index, was start of 802.11 header */
2618 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
2619 /* move to index, now start of LL header */
2620 BPF_STMT(BPF_MISC | BPF_TAX, 0),
2623 * Accept empty data frames, we use those for
2626 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
2627 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
2630 * Accept EAPOL frames
2632 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
2633 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
2634 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
2635 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
2637 /* keep these last two statements or change the code below */
2638 /* return 0 == "DROP" */
2639 BPF_STMT(BPF_RET | BPF_K, 0),
2640 /* return ~0 == "keep all" */
2641 BPF_STMT(BPF_RET | BPF_K, ~0),
2644 static struct sock_fprog msock_filter = {
2645 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
2646 .filter = msock_filter_insns,
2650 static int add_monitor_filter(int s)
2654 /* rewrite all PASS/FAIL jump offsets */
2655 for (idx = 0; idx < msock_filter.len; idx++) {
2656 struct sock_filter *insn = &msock_filter_insns[idx];
2658 if (BPF_CLASS(insn->code) == BPF_JMP) {
2659 if (insn->code == (BPF_JMP|BPF_JA)) {
2660 if (insn->k == PASS)
2661 insn->k = msock_filter.len - idx - 2;
2662 else if (insn->k == FAIL)
2663 insn->k = msock_filter.len - idx - 3;
2666 if (insn->jt == PASS)
2667 insn->jt = msock_filter.len - idx - 2;
2668 else if (insn->jt == FAIL)
2669 insn->jt = msock_filter.len - idx - 3;
2671 if (insn->jf == PASS)
2672 insn->jf = msock_filter.len - idx - 2;
2673 else if (insn->jf == FAIL)
2674 insn->jf = msock_filter.len - idx - 3;
2678 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
2679 &msock_filter, sizeof(msock_filter))) {
2680 perror("SO_ATTACH_FILTER");
2689 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
2692 struct sockaddr_ll ll;
2696 snprintf(buf, IFNAMSIZ, "mon.%s", drv->ifname);
2697 buf[IFNAMSIZ - 1] = '\0';
2699 drv->monitor_ifidx =
2700 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL);
2702 if (drv->monitor_ifidx < 0)
2705 if (hostapd_set_iface_flags(drv, buf, 1))
2708 memset(&ll, 0, sizeof(ll));
2709 ll.sll_family = AF_PACKET;
2710 ll.sll_ifindex = drv->monitor_ifidx;
2711 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
2712 if (drv->monitor_sock < 0) {
2713 perror("socket[PF_PACKET,SOCK_RAW]");
2717 if (add_monitor_filter(drv->monitor_sock)) {
2718 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
2719 "interface; do filtering in user space");
2720 /* This works, but will cost in performance. */
2723 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
2724 perror("monitor socket bind");
2728 optlen = sizeof(optval);
2731 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
2732 perror("Failed to set socket priority");
2736 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
2738 printf("Could not register monitor read socket\n");
2744 nl80211_remove_iface(drv, drv->monitor_ifidx);
2748 #endif /* CONFIG_AP || HOSTAPD */
2752 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
2753 struct wpa_driver_associate_params *params)
2755 if (drv->monitor_ifidx < 0 &&
2756 nl80211_create_monitor_interface(drv))
2759 if (wpa_driver_nl80211_set_mode(drv, params->mode) ||
2760 wpa_driver_nl80211_set_freq(drv, params->freq, 0, 0)) {
2761 nl80211_remove_iface(drv, drv->monitor_ifidx);
2762 drv->monitor_ifidx = -1;
2766 /* TODO: setup monitor interface (and add code somewhere to remove this
2767 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */
2771 #endif /* CONFIG_AP */
2774 static int wpa_driver_nl80211_associate(
2775 void *priv, struct wpa_driver_associate_params *params)
2777 struct wpa_driver_nl80211_data *drv = priv;
2782 if (params->mode == 2)
2783 return wpa_driver_nl80211_ap(drv, params);
2784 #endif /* CONFIG_AP */
2786 wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
2787 params->drop_unencrypted);
2789 drv->associated = 0;
2791 msg = nlmsg_alloc();
2795 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
2797 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2798 NL80211_CMD_ASSOCIATE, 0);
2800 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2801 if (params->bssid) {
2802 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
2803 MAC2STR(params->bssid));
2804 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
2807 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
2808 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
2811 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
2812 params->ssid, params->ssid_len);
2813 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
2815 if (params->ssid_len > sizeof(drv->ssid))
2816 goto nla_put_failure;
2817 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
2818 drv->ssid_len = params->ssid_len;
2820 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
2822 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
2825 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2828 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
2829 "(%s)", ret, strerror(-ret));
2830 goto nla_put_failure;
2833 wpa_printf(MSG_DEBUG, "nl80211: Association request send "
2843 * wpa_driver_nl80211_set_mode - Set wireless mode (infra/adhoc)
2844 * @drv: Pointer to private driver data from wpa_driver_nl80211_init()
2845 * @mode: 0 = infra/BSS (associate with an AP), 1 = adhoc/IBSS
2846 * Returns: 0 on success, -1 on failure
2848 static int wpa_driver_nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
2857 nlmode = NL80211_IFTYPE_STATION;
2860 nlmode = NL80211_IFTYPE_ADHOC;
2863 nlmode = NL80211_IFTYPE_AP;
2869 msg = nlmsg_alloc();
2873 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2874 0, NL80211_CMD_SET_INTERFACE, 0);
2875 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2876 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, nlmode);
2878 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2885 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface mode: %d (%s)",
2886 ret, strerror(-ret));
2890 /* mac80211 doesn't allow mode changes while the device is up, so
2891 * take the device down, try to set the mode again, and bring the
2894 if (hostapd_set_iface_flags(drv, drv->ifname, 0) == 0) {
2895 /* Try to set the mode again while the interface is down */
2896 msg = nlmsg_alloc();
2900 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2901 0, NL80211_CMD_SET_INTERFACE, 0);
2902 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2903 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, nlmode);
2904 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2906 wpa_printf(MSG_ERROR, "Failed to set interface %s "
2907 "mode(try_again): %d (%s)",
2908 drv->ifname, ret, strerror(-ret));
2911 if (hostapd_set_iface_flags(drv, drv->ifname, 1))
2919 static int wpa_driver_nl80211_get_capa(void *priv,
2920 struct wpa_driver_capa *capa)
2922 struct wpa_driver_nl80211_data *drv = priv;
2923 if (!drv->has_capability)
2925 os_memcpy(capa, &drv->capa, sizeof(*capa));
2930 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
2932 struct wpa_driver_nl80211_data *drv = priv;
2934 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
2935 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
2936 drv->operstate = state;
2937 return wpa_driver_nl80211_send_oper_ifla(
2938 drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT);
2944 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
2946 static int i802_sta_deauth(void *priv, const u8 *addr, int reason);
2947 static int i802_sta_disassoc(void *priv, const u8 *addr, int reason);
2950 static struct i802_bss * get_bss(struct wpa_driver_nl80211_data *drv,
2953 struct i802_bss *bss = &drv->bss;
2955 if (ifindex == bss->ifindex)
2959 wpa_printf(MSG_DEBUG, "nl80211: get_bss(%d) failed", ifindex);
2964 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
2969 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d",
2971 for (i = 0; i < drv->num_if_indices; i++) {
2972 if (drv->if_indices[i] == 0) {
2973 drv->if_indices[i] = ifidx;
2978 if (drv->if_indices != drv->default_if_indices)
2979 old = drv->if_indices;
2983 drv->if_indices = realloc(old,
2984 sizeof(int) * (drv->num_if_indices + 1));
2985 if (!drv->if_indices) {
2987 drv->if_indices = drv->default_if_indices;
2989 drv->if_indices = old;
2990 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
2992 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
2995 drv->if_indices[drv->num_if_indices] = ifidx;
2996 drv->num_if_indices++;
3000 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
3004 for (i = 0; i < drv->num_if_indices; i++) {
3005 if (drv->if_indices[i] == ifidx) {
3006 drv->if_indices[i] = 0;
3013 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
3017 for (i = 0; i < drv->num_if_indices; i++)
3018 if (drv->if_indices[i] == ifidx)
3025 static int i802_set_key(const char *iface, void *priv, wpa_alg alg,
3026 const u8 *addr, int key_idx, int set_tx, const u8 *seq,
3027 size_t seq_len, const u8 *key, size_t key_len)
3029 struct wpa_driver_nl80211_data *drv = priv;
3030 return nl_set_encr(if_nametoindex(iface), drv, alg, addr, key_idx,
3031 set_tx, seq, seq_len, key, key_len);
3035 static inline int min_int(int a, int b)
3043 static int get_key_handler(struct nl_msg *msg, void *arg)
3045 struct nlattr *tb[NL80211_ATTR_MAX + 1];
3046 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3048 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3049 genlmsg_attrlen(gnlh, 0), NULL);
3052 * TODO: validate the key index and mac address!
3053 * Otherwise, there's a race condition as soon as
3054 * the kernel starts sending key notifications.
3057 if (tb[NL80211_ATTR_KEY_SEQ])
3058 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
3059 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
3064 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
3067 struct wpa_driver_nl80211_data *drv = priv;
3070 msg = nlmsg_alloc();
3074 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3075 0, NL80211_CMD_GET_KEY, 0);
3078 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3079 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
3080 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
3084 return send_and_recv_msgs(drv, msg, get_key_handler, seq);
3090 static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates,
3093 struct wpa_driver_nl80211_data *drv = priv;
3095 u8 rates[NL80211_MAX_SUPP_RATES];
3099 msg = nlmsg_alloc();
3103 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3104 NL80211_CMD_SET_BSS, 0);
3106 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++)
3107 rates[rates_len++] = basic_rates[i] / 5;
3109 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
3111 /* TODO: multi-BSS support */
3112 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
3114 return send_and_recv_msgs(drv, msg, NULL, NULL);
3120 /* Set kernel driver on given frequency (MHz) */
3121 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
3123 struct wpa_driver_nl80211_data *drv = priv;
3124 return wpa_driver_nl80211_set_freq(drv, freq->freq, freq->ht_enabled,
3125 freq->sec_channel_offset);
3129 static int i802_set_rts(void *priv, int rts)
3131 struct wpa_driver_nl80211_data *drv = priv;
3134 memset(&iwr, 0, sizeof(iwr));
3135 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
3136 iwr.u.rts.value = rts;
3137 iwr.u.rts.fixed = 1;
3139 if (ioctl(drv->ioctl_sock, SIOCSIWRTS, &iwr) < 0) {
3140 perror("ioctl[SIOCSIWRTS]");
3148 static int i802_set_frag(void *priv, int frag)
3150 struct wpa_driver_nl80211_data *drv = priv;
3153 memset(&iwr, 0, sizeof(iwr));
3154 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
3155 iwr.u.frag.value = frag;
3156 iwr.u.frag.fixed = 1;
3158 if (ioctl(drv->ioctl_sock, SIOCSIWFRAG, &iwr) < 0) {
3159 perror("ioctl[SIOCSIWFRAG]");
3167 static int i802_set_retry(void *priv, int short_retry, int long_retry)
3169 struct wpa_driver_nl80211_data *drv = priv;
3172 memset(&iwr, 0, sizeof(iwr));
3173 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
3175 iwr.u.retry.value = short_retry;
3176 iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MIN;
3177 if (ioctl(drv->ioctl_sock, SIOCSIWRETRY, &iwr) < 0) {
3178 perror("ioctl[SIOCSIWRETRY(short)]");
3182 iwr.u.retry.value = long_retry;
3183 iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MAX;
3184 if (ioctl(drv->ioctl_sock, SIOCSIWRETRY, &iwr) < 0) {
3185 perror("ioctl[SIOCSIWRETRY(long)]");
3193 static int i802_flush(void *priv)
3195 struct wpa_driver_nl80211_data *drv = priv;
3198 msg = nlmsg_alloc();
3202 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3203 0, NL80211_CMD_DEL_STATION, 0);
3206 * XXX: FIX! this needs to flush all VLANs too
3208 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3209 if_nametoindex(drv->ifname));
3211 return send_and_recv_msgs(drv, msg, NULL, NULL);
3217 static int get_sta_handler(struct nl_msg *msg, void *arg)
3219 struct nlattr *tb[NL80211_ATTR_MAX + 1];
3220 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3221 struct hostap_sta_driver_data *data = arg;
3222 struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
3223 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
3224 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
3225 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
3226 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
3227 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
3228 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
3231 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3232 genlmsg_attrlen(gnlh, 0), NULL);
3235 * TODO: validate the interface and mac address!
3236 * Otherwise, there's a race condition as soon as
3237 * the kernel starts sending station notifications.
3240 if (!tb[NL80211_ATTR_STA_INFO]) {
3241 wpa_printf(MSG_DEBUG, "sta stats missing!");
3244 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
3245 tb[NL80211_ATTR_STA_INFO],
3247 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
3251 if (stats[NL80211_STA_INFO_INACTIVE_TIME])
3252 data->inactive_msec =
3253 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
3254 if (stats[NL80211_STA_INFO_RX_BYTES])
3255 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
3256 if (stats[NL80211_STA_INFO_TX_BYTES])
3257 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
3258 if (stats[NL80211_STA_INFO_RX_PACKETS])
3260 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
3261 if (stats[NL80211_STA_INFO_TX_PACKETS])
3263 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
3268 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
3271 struct wpa_driver_nl80211_data *drv = priv;
3274 os_memset(data, 0, sizeof(*data));
3275 msg = nlmsg_alloc();
3279 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3280 0, NL80211_CMD_GET_STATION, 0);
3282 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3283 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
3285 return send_and_recv_msgs(drv, msg, get_sta_handler, data);
3291 static int i802_send_eapol(void *priv, const u8 *addr, const u8 *data,
3292 size_t data_len, int encrypt, const u8 *own_addr)
3294 struct wpa_driver_nl80211_data *drv = priv;
3295 struct ieee80211_hdr *hdr;
3300 int qos = sta->flags & WLAN_STA_WME;
3305 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
3307 hdr = os_zalloc(len);
3309 printf("malloc() failed for i802_send_data(len=%lu)\n",
3310 (unsigned long) len);
3314 hdr->frame_control =
3315 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
3316 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
3318 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
3319 #if 0 /* To be enabled if qos determination is added above */
3321 hdr->frame_control |=
3322 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
3326 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
3327 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
3328 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
3329 pos = (u8 *) (hdr + 1);
3331 #if 0 /* To be enabled if qos determination is added above */
3333 /* add an empty QoS header if needed */
3340 memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
3341 pos += sizeof(rfc1042_header);
3342 WPA_PUT_BE16(pos, ETH_P_PAE);
3344 memcpy(pos, data, data_len);
3346 res = wpa_driver_nl80211_send_frame(drv, (u8 *) hdr, len, encrypt);
3348 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
3350 (unsigned long) len, errno, strerror(errno));
3358 static int i802_sta_add(const char *ifname, void *priv,
3359 struct hostapd_sta_add_params *params)
3361 struct wpa_driver_nl80211_data *drv = priv;
3365 msg = nlmsg_alloc();
3369 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3370 0, NL80211_CMD_NEW_STATION, 0);
3372 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3373 if_nametoindex(drv->ifname));
3374 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
3375 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
3376 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
3377 params->supp_rates);
3378 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
3379 params->listen_interval);
3381 #ifdef CONFIG_IEEE80211N
3382 if (params->ht_capabilities) {
3383 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
3384 params->ht_capabilities->length,
3385 ¶ms->ht_capabilities->data);
3387 #endif /* CONFIG_IEEE80211N */
3389 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3391 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION "
3392 "result: %d (%s)", ret, strerror(-ret));
3400 static int i802_sta_remove(void *priv, const u8 *addr)
3402 struct wpa_driver_nl80211_data *drv = priv;
3406 msg = nlmsg_alloc();
3410 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3411 0, NL80211_CMD_DEL_STATION, 0);
3413 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3414 if_nametoindex(drv->ifname));
3415 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3417 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3426 static int i802_sta_set_flags(void *priv, const u8 *addr,
3427 int total_flags, int flags_or, int flags_and)
3429 struct wpa_driver_nl80211_data *drv = priv;
3430 struct nl_msg *msg, *flags = NULL;
3432 msg = nlmsg_alloc();
3436 flags = nlmsg_alloc();
3442 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3443 0, NL80211_CMD_SET_STATION, 0);
3445 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3446 if_nametoindex(drv->ifname));
3447 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3449 if (total_flags & WLAN_STA_AUTHORIZED)
3450 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
3452 if (total_flags & WLAN_STA_WMM)
3453 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
3455 if (total_flags & WLAN_STA_SHORT_PREAMBLE)
3456 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
3458 if (total_flags & WLAN_STA_MFP)
3459 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP);
3461 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
3462 goto nla_put_failure;
3466 return send_and_recv_msgs(drv, msg, NULL, NULL);
3473 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
3474 int cw_min, int cw_max, int burst_time)
3476 struct wpa_driver_nl80211_data *drv = priv;
3478 struct nlattr *txq, *params;
3480 msg = nlmsg_alloc();
3484 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3485 0, NL80211_CMD_SET_WIPHY, 0);
3487 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
3489 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
3491 goto nla_put_failure;
3493 /* We are only sending parameters for a single TXQ at a time */
3494 params = nla_nest_start(msg, 1);
3496 goto nla_put_failure;
3498 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, queue);
3499 /* Burst time is configured in units of 0.1 msec and TXOP parameter in
3500 * 32 usec, so need to convert the value here. */
3501 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
3502 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
3503 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
3504 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
3506 nla_nest_end(msg, params);
3508 nla_nest_end(msg, txq);
3510 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
3517 static int i802_bss_add(void *priv, const char *ifname, const u8 *bssid)
3519 struct wpa_driver_nl80211_data *drv = priv;
3521 struct i802_bss *bss;
3523 bss = os_zalloc(sizeof(*bss));
3526 bss->ifindex = if_nametoindex(ifname);
3528 ifidx = nl80211_create_iface(priv, ifname, NL80211_IFTYPE_AP, bssid);
3533 if (hostapd_set_iface_flags(priv, ifname, 1)) {
3534 nl80211_remove_iface(priv, ifidx);
3538 bss->next = drv->bss.next;
3539 drv->bss.next = bss;
3544 static int i802_bss_remove(void *priv, const char *ifname)
3546 struct wpa_driver_nl80211_data *drv = priv;
3547 struct i802_bss *bss, *prev;
3548 int ifindex = if_nametoindex(ifname);
3549 nl80211_remove_iface(priv, ifindex);
3551 bss = drv->bss.next;
3553 if (ifindex == bss->ifindex) {
3554 prev->next = bss->next;
3565 static int i802_set_beacon(const char *iface, void *priv,
3566 const u8 *head, size_t head_len,
3567 const u8 *tail, size_t tail_len, int dtim_period)
3569 return wpa_driver_nl80211_set_beacon_iface(if_nametoindex(iface), priv,
3576 static int i802_del_beacon(struct wpa_driver_nl80211_data *drv)
3580 msg = nlmsg_alloc();
3584 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3585 0, NL80211_CMD_DEL_BEACON, 0);
3586 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
3588 return send_and_recv_msgs(drv, msg, NULL, NULL);
3594 static int i802_set_bss(void *priv, int cts, int preamble, int slot)
3596 struct wpa_driver_nl80211_data *drv = priv;
3599 msg = nlmsg_alloc();
3603 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3604 NL80211_CMD_SET_BSS, 0);
3607 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
3609 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
3611 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
3613 /* TODO: multi-BSS support */
3614 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
3616 return send_and_recv_msgs(drv, msg, NULL, NULL);
3622 static int i802_set_cts_protect(void *priv, int value)
3624 return i802_set_bss(priv, value, -1, -1);
3628 static int i802_set_preamble(void *priv, int value)
3630 return i802_set_bss(priv, -1, value, -1);
3634 static int i802_set_short_slot_time(void *priv, int value)
3636 return i802_set_bss(priv, -1, -1, value);
3640 static enum nl80211_iftype i802_if_type(enum hostapd_driver_if_type type)
3643 case HOSTAPD_IF_VLAN:
3644 return NL80211_IFTYPE_AP_VLAN;
3645 case HOSTAPD_IF_WDS:
3646 return NL80211_IFTYPE_WDS;
3652 static int i802_if_add(const char *iface, void *priv,
3653 enum hostapd_driver_if_type type, char *ifname,
3656 if (nl80211_create_iface(priv, ifname, i802_if_type(type), addr) < 0)
3662 static int i802_if_update(void *priv, enum hostapd_driver_if_type type,
3663 char *ifname, const u8 *addr)
3665 /* unused at the moment */
3670 static int i802_if_remove(void *priv, enum hostapd_driver_if_type type,
3671 const char *ifname, const u8 *addr)
3673 nl80211_remove_iface(priv, if_nametoindex(ifname));
3678 static int i802_set_sta_vlan(void *priv, const u8 *addr,
3679 const char *ifname, int vlan_id)
3681 struct wpa_driver_nl80211_data *drv = priv;
3684 msg = nlmsg_alloc();
3688 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3689 0, NL80211_CMD_SET_STATION, 0);
3691 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3692 if_nametoindex(drv->ifname));
3693 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3694 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3695 if_nametoindex(ifname));
3697 return send_and_recv_msgs(drv, msg, NULL, NULL);
3703 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
3705 struct wpa_driver_nl80211_data *drv = eloop_ctx;
3706 struct sockaddr_ll lladdr;
3707 unsigned char buf[3000];
3709 socklen_t fromlen = sizeof(lladdr);
3711 len = recvfrom(sock, buf, sizeof(buf), 0,
3712 (struct sockaddr *)&lladdr, &fromlen);
3718 if (have_ifidx(drv, lladdr.sll_ifindex)) {
3719 struct hostapd_data *hapd;
3720 hapd = hostapd_sta_get_bss(drv->hapd, lladdr.sll_addr);
3723 hostapd_eapol_receive(hapd, lladdr.sll_addr, buf, len);
3728 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv, const char *ifname,
3734 msg = nlmsg_alloc();
3738 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3739 0, NL80211_CMD_SET_INTERFACE, 0);
3740 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3741 if_nametoindex(ifname));
3742 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
3744 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3748 wpa_printf(MSG_ERROR, "Failed to set interface %s to master "
3754 #ifdef CONFIG_IEEE80211N
3755 static void i802_add_neighbor(struct wpa_driver_nl80211_data *drv, u8 *bssid,
3756 int freq, u8 *ie, size_t ie_len)
3758 struct ieee802_11_elems elems;
3759 int ht, pri_chan = 0, sec_chan = 0;
3760 struct ieee80211_ht_operation *oper;
3761 struct hostapd_neighbor_bss *nnei;
3763 ieee802_11_parse_elems(ie, ie_len, &elems, 0);
3764 ht = elems.ht_capabilities || elems.ht_operation;
3765 if (elems.ht_operation && elems.ht_operation_len >= sizeof(*oper)) {
3766 oper = (struct ieee80211_ht_operation *) elems.ht_operation;
3767 pri_chan = oper->control_chan;
3768 if (oper->ht_param & HT_INFO_HT_PARAM_REC_TRANS_CHNL_WIDTH) {
3769 if (oper->ht_param &
3770 HT_INFO_HT_PARAM_SECONDARY_CHNL_ABOVE)
3771 sec_chan = pri_chan + 4;
3772 else if (oper->ht_param &
3773 HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW)
3774 sec_chan = pri_chan - 4;
3778 wpa_printf(MSG_DEBUG, "nl80211: Neighboring BSS - bssid=" MACSTR
3779 " freq=%d MHz HT=%d pri_chan=%d sec_chan=%d",
3780 MAC2STR(bssid), freq, ht, pri_chan, sec_chan);
3782 nnei = os_realloc(drv->neighbors, (drv->num_neighbors + 1) *
3783 sizeof(struct hostapd_neighbor_bss));
3786 drv->neighbors = nnei;
3787 nnei = &nnei[drv->num_neighbors];
3788 os_memcpy(nnei->bssid, bssid, ETH_ALEN);
3791 nnei->pri_chan = pri_chan;
3792 nnei->sec_chan = sec_chan;
3793 drv->num_neighbors++;
3797 static int i802_get_scan_freq(struct iw_event *iwe, int *freq)
3799 int divi = 1000000, i;
3801 if (iwe->u.freq.e == 0) {
3803 * Some drivers do not report frequency, but a channel.
3804 * Try to map this to frequency by assuming they are using
3805 * IEEE 802.11b/g. But don't overwrite a previously parsed
3806 * frequency if the driver sends both frequency and channel,
3807 * since the driver may be sending an A-band channel that we
3808 * don't handle here.
3814 if (iwe->u.freq.m >= 1 && iwe->u.freq.m <= 13) {
3815 *freq = 2407 + 5 * iwe->u.freq.m;
3817 } else if (iwe->u.freq.m == 14) {
3823 if (iwe->u.freq.e > 6) {
3824 wpa_printf(MSG_DEBUG, "Invalid freq in scan results: "
3825 "m=%d e=%d", iwe->u.freq.m, iwe->u.freq.e);
3829 for (i = 0; i < iwe->u.freq.e; i++)
3831 *freq = iwe->u.freq.m / divi;
3836 static int i802_parse_scan(struct wpa_driver_nl80211_data *drv, u8 *res_buf,
3841 struct iw_event iwe_buf, *iwe = &iwe_buf;
3842 char *pos, *end, *custom;
3851 pos = (char *) res_buf;
3852 end = (char *) res_buf + len;
3854 while (pos + IW_EV_LCP_LEN <= end) {
3855 /* Event data may be unaligned, so make a local, aligned copy
3856 * before processing. */
3857 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
3858 if (iwe->len <= IW_EV_LCP_LEN)
3861 custom = pos + IW_EV_POINT_LEN;
3862 if (iwe->cmd == IWEVGENIE) {
3863 /* WE-19 removed the pointer from struct iw_point */
3864 char *dpos = (char *) &iwe_buf.u.data.length;
3865 int dlen = dpos - (char *) &iwe_buf;
3866 os_memcpy(dpos, pos + IW_EV_LCP_LEN,
3867 sizeof(struct iw_event) - dlen);
3869 os_memcpy(&iwe_buf, pos, sizeof(struct iw_event));
3870 custom += IW_EV_POINT_OFF;
3876 i802_add_neighbor(drv, bssid, freq, ie,
3879 os_memcpy(bssid, iwe->u.ap_addr.sa_data, ETH_ALEN);
3885 i802_get_scan_freq(iwe, &freq);
3888 if (custom + iwe->u.data.length > end) {
3889 wpa_printf(MSG_ERROR, "IWEVGENIE overflow");
3893 ie_len = iwe->u.data.length;
3901 i802_add_neighbor(drv, bssid, freq, ie, ie_len);
3907 static int i802_get_ht_scan_res(struct wpa_driver_nl80211_data *drv)
3914 res_buf_len = IW_SCAN_MAX_DATA;
3916 res_buf = os_malloc(res_buf_len);
3917 if (res_buf == NULL)
3919 os_memset(&iwr, 0, sizeof(iwr));
3920 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
3921 iwr.u.data.pointer = res_buf;
3922 iwr.u.data.length = res_buf_len;
3924 if (ioctl(drv->ioctl_sock, SIOCGIWSCAN, &iwr) == 0)
3927 if (errno == E2BIG && res_buf_len < 65535) {
3931 if (res_buf_len > 65535)
3932 res_buf_len = 65535; /* 16-bit length field */
3933 wpa_printf(MSG_DEBUG, "Scan results did not fit - "
3934 "trying larger buffer (%lu bytes)",
3935 (unsigned long) res_buf_len);
3937 perror("ioctl[SIOCGIWSCAN]");
3943 if (iwr.u.data.length > res_buf_len) {
3948 res = i802_parse_scan(drv, res_buf, iwr.u.data.length);
3955 static int i802_is_event_wireless_scan_complete(char *data, int len)
3957 struct iw_event iwe_buf, *iwe = &iwe_buf;
3963 while (pos + IW_EV_LCP_LEN <= end) {
3964 /* Event data may be unaligned, so make a local, aligned copy
3965 * before processing. */
3966 os_memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
3967 if (iwe->cmd == SIOCGIWSCAN)
3977 static int i802_is_rtm_scan_complete(int ifindex, struct nlmsghdr *h, int len)
3979 struct ifinfomsg *ifi;
3980 int attrlen, _nlmsg_len, rta_len;
3981 struct rtattr *attr;
3983 if (len < (int) sizeof(*ifi))
3986 ifi = NLMSG_DATA(h);
3988 if (ifindex != ifi->ifi_index)
3989 return 0; /* event for foreign ifindex */
3991 _nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
3993 attrlen = h->nlmsg_len - _nlmsg_len;
3997 attr = (struct rtattr *) (((char *) ifi) + _nlmsg_len);
3999 rta_len = RTA_ALIGN(sizeof(struct rtattr));
4000 while (RTA_OK(attr, attrlen)) {
4001 if (attr->rta_type == IFLA_WIRELESS &&
4002 i802_is_event_wireless_scan_complete(
4003 ((char *) attr) + rta_len,
4004 attr->rta_len - rta_len))
4006 attr = RTA_NEXT(attr, attrlen);
4013 static int i802_is_scan_complete(int s, int ifindex)
4019 left = recv(s, buf, sizeof(buf), MSG_DONTWAIT);
4021 perror("recv(netlink)");
4025 h = (struct nlmsghdr *) buf;
4026 while (left >= (int) sizeof(*h)) {
4030 plen = len - sizeof(*h);
4031 if (len > left || plen < 0) {
4032 wpa_printf(MSG_DEBUG, "Malformed netlink message: "
4033 "len=%d left=%d plen=%d",
4038 switch (h->nlmsg_type) {
4040 if (i802_is_rtm_scan_complete(ifindex, h, plen))
4045 len = NLMSG_ALIGN(len);
4047 h = (struct nlmsghdr *) ((char *) h + len);
4054 static int i802_ht_scan(struct wpa_driver_nl80211_data *drv)
4057 int s, res, ifindex;
4058 struct sockaddr_nl local;
4063 wpa_printf(MSG_DEBUG, "nl80211: Scanning overlapping BSSes before "
4064 "starting HT 20/40 MHz BSS");
4066 /* Request a new scan */
4067 /* TODO: would be enough to scan the selected band */
4068 os_memset(&iwr, 0, sizeof(iwr));
4069 os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
4070 if (ioctl(drv->ioctl_sock, SIOCSIWSCAN, &iwr) < 0) {
4071 perror("ioctl[SIOCSIWSCAN]");
4075 ifindex = if_nametoindex(drv->ifname);
4077 /* Wait for scan completion event or timeout */
4078 s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
4080 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
4084 os_memset(&local, 0, sizeof(local));
4085 local.nl_family = AF_NETLINK;
4086 local.nl_groups = RTMGRP_LINK;
4087 if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
4088 perror("bind(netlink)");
4094 end += 30; /* Wait at most 30 seconds for scan results */
4097 tv.tv_sec = end > now ? end - now : 0;
4101 res = select(s + 1, &rfds, NULL, NULL, &tv);
4104 /* Assume results are ready after 10 seconds wait */
4108 if (i802_is_scan_complete(s, ifindex)) {
4109 wpa_printf(MSG_DEBUG, "nl80211: Scan "
4114 wpa_printf(MSG_DEBUG, "nl80211: Scan timeout");
4115 /* Assume results are ready to be read now */
4122 return i802_get_ht_scan_res(drv);
4124 #endif /* CONFIG_IEEE80211N */
4127 static int i802_init_sockets(struct wpa_driver_nl80211_data *drv, const u8 *bssid)
4132 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
4133 if (drv->ioctl_sock < 0) {
4134 perror("socket[PF_INET,SOCK_DGRAM]");
4138 /* start listening for EAPOL on the default AP interface */
4139 add_ifidx(drv, if_nametoindex(drv->ifname));
4141 if (hostapd_set_iface_flags(drv, drv->ifname, 0))
4145 os_strlcpy(ifr.ifr_name, drv->ifname, IFNAMSIZ);
4146 memcpy(ifr.ifr_hwaddr.sa_data, bssid, ETH_ALEN);
4147 ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;
4149 if (ioctl(drv->ioctl_sock, SIOCSIFHWADDR, &ifr)) {
4150 perror("ioctl(SIOCSIFHWADDR)");
4156 * initialise generic netlink and nl80211
4158 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
4160 printf("Failed to allocate netlink callbacks.\n");
4164 drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb);
4165 if (!drv->nl_handle) {
4166 printf("Failed to allocate netlink handle.\n");
4170 if (genl_connect(drv->nl_handle)) {
4171 printf("Failed to connect to generic netlink.\n");
4175 #ifdef CONFIG_LIBNL20
4176 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) {
4177 printf("Failed to allocate generic netlink cache.\n");
4180 #else /* CONFIG_LIBNL20 */
4181 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
4182 if (!drv->nl_cache) {
4183 printf("Failed to allocate generic netlink cache.\n");
4186 #endif /* CONFIG_LIBNL20 */
4188 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
4189 if (!drv->nl80211) {
4190 printf("nl80211 not found.\n");
4194 ret = nl_get_multicast_id(drv, "nl80211", "scan");
4196 ret = nl_socket_add_membership(drv->nl_handle, ret);
4198 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
4199 "membership for scan events: %d (%s)",
4200 ret, strerror(-ret));
4203 ret = nl_get_multicast_id(drv, "nl80211", "mlme");
4205 ret = nl_socket_add_membership(drv->nl_handle, ret);
4207 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
4208 "membership for mlme events: %d (%s)",
4209 ret, strerror(-ret));
4212 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle),
4213 wpa_driver_nl80211_event_receive, drv,
4216 #ifdef CONFIG_IEEE80211N
4217 if (drv->ht_40mhz_scan) {
4218 if (nl80211_set_mode(drv, drv->ifname, NL80211_IFTYPE_STATION)
4219 || hostapd_set_iface_flags(drv, drv->ifname, 1) ||
4220 i802_ht_scan(drv) ||
4221 hostapd_set_iface_flags(drv, drv->ifname, 0)) {
4222 wpa_printf(MSG_ERROR, "Failed to scan channels for "
4223 "HT 40 MHz operations");
4227 #endif /* CONFIG_IEEE80211N */
4229 /* Initialise a monitor interface */
4230 if (nl80211_create_monitor_interface(drv))
4233 if (nl80211_set_mode(drv, drv->ifname, NL80211_IFTYPE_AP))
4236 if (hostapd_set_iface_flags(drv, drv->ifname, 1))
4239 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
4240 if (drv->eapol_sock < 0) {
4241 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
4245 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
4247 printf("Could not register read socket for eapol\n");
4251 memset(&ifr, 0, sizeof(ifr));
4252 os_strlcpy(ifr.ifr_name, drv->ifname, sizeof(ifr.ifr_name));
4253 if (ioctl(drv->ioctl_sock, SIOCGIFHWADDR, &ifr) != 0) {
4254 perror("ioctl(SIOCGIFHWADDR)");
4258 if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
4259 printf("Invalid HW-addr family 0x%04x\n",
4260 ifr.ifr_hwaddr.sa_family);
4263 memcpy(drv->hapd->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
4268 nl80211_remove_iface(drv, drv->monitor_ifidx);
4273 static int i802_get_inact_sec(void *priv, const u8 *addr)
4275 struct hostap_sta_driver_data data;
4278 data.inactive_msec = (unsigned long) -1;
4279 ret = i802_read_sta_data(priv, &data, addr);
4280 if (ret || data.inactive_msec == (unsigned long) -1)
4282 return data.inactive_msec / 1000;
4286 static int i802_sta_clear_stats(void *priv, const u8 *addr)
4295 static int i802_sta_deauth(void *priv, const u8 *addr, int reason)
4297 struct wpa_driver_nl80211_data *drv = priv;
4298 struct ieee80211_mgmt mgmt;
4300 memset(&mgmt, 0, sizeof(mgmt));
4301 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
4302 WLAN_FC_STYPE_DEAUTH);
4303 memcpy(mgmt.da, addr, ETH_ALEN);
4304 memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN);
4305 memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN);
4306 mgmt.u.deauth.reason_code = host_to_le16(reason);
4307 return wpa_driver_nl80211_send_mlme(drv, (u8 *) &mgmt,
4309 sizeof(mgmt.u.deauth));
4313 static int i802_sta_disassoc(void *priv, const u8 *addr, int reason)
4315 struct wpa_driver_nl80211_data *drv = priv;
4316 struct ieee80211_mgmt mgmt;
4318 memset(&mgmt, 0, sizeof(mgmt));
4319 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
4320 WLAN_FC_STYPE_DISASSOC);
4321 memcpy(mgmt.da, addr, ETH_ALEN);
4322 memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN);
4323 memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN);
4324 mgmt.u.disassoc.reason_code = host_to_le16(reason);
4325 return wpa_driver_nl80211_send_mlme(drv, (u8 *) &mgmt,
4327 sizeof(mgmt.u.disassoc));
4331 static const struct hostapd_neighbor_bss *
4332 i802_get_neighbor_bss(void *priv, size_t *num)
4334 struct wpa_driver_nl80211_data *drv = priv;
4335 *num = drv->num_neighbors;
4336 return drv->neighbors;
4340 static void *i802_init(struct hostapd_data *hapd,
4341 struct wpa_init_params *params)
4343 struct wpa_driver_nl80211_data *drv;
4346 drv = os_zalloc(sizeof(struct wpa_driver_nl80211_data));
4348 printf("Could not allocate memory for i802 driver data\n");
4353 memcpy(drv->ifname, params->ifname, sizeof(drv->ifname));
4354 drv->ifindex = if_nametoindex(drv->ifname);
4355 drv->bss.ifindex = drv->ifindex;
4357 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
4358 drv->if_indices = drv->default_if_indices;
4359 for (i = 0; i < params->num_bridge; i++) {
4360 if (params->bridge[i])
4361 add_ifidx(drv, if_nametoindex(params->bridge[i]));
4363 drv->ht_40mhz_scan = params->ht_40mhz_scan;
4365 if (i802_init_sockets(drv, params->bssid))
4376 static void i802_deinit(void *priv)
4378 struct wpa_driver_nl80211_data *drv = priv;
4379 struct i802_bss *bss, *prev;
4381 if (drv->last_freq_ht) {
4382 /* Clear HT flags from the driver */
4383 struct hostapd_freq_params freq;
4384 os_memset(&freq, 0, sizeof(freq));
4385 freq.freq = drv->last_freq;
4386 i802_set_freq(priv, &freq);
4389 i802_del_beacon(drv);
4391 /* remove monitor interface */
4392 nl80211_remove_iface(drv, drv->monitor_ifidx);
4394 (void) hostapd_set_iface_flags(drv, drv->ifname, 0);
4396 if (drv->monitor_sock >= 0) {
4397 eloop_unregister_read_sock(drv->monitor_sock);
4398 close(drv->monitor_sock);
4400 if (drv->ioctl_sock >= 0)
4401 close(drv->ioctl_sock);
4402 if (drv->eapol_sock >= 0) {
4403 eloop_unregister_read_sock(drv->eapol_sock);
4404 close(drv->eapol_sock);
4407 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle));
4408 genl_family_put(drv->nl80211);
4409 nl_cache_free(drv->nl_cache);
4410 nl_handle_destroy(drv->nl_handle);
4411 nl_cb_put(drv->nl_cb);
4413 if (drv->if_indices != drv->default_if_indices)
4414 free(drv->if_indices);
4416 os_free(drv->neighbors);
4418 bss = drv->bss.next;
4428 #endif /* HOSTAPD */
4431 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
4433 .desc = "Linux nl80211/cfg80211",
4434 .get_bssid = wpa_driver_nl80211_get_bssid,
4435 .get_ssid = wpa_driver_nl80211_get_ssid,
4436 .set_key = wpa_driver_nl80211_set_key,
4437 .scan2 = wpa_driver_nl80211_scan,
4438 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
4439 .deauthenticate = wpa_driver_nl80211_deauthenticate,
4440 .disassociate = wpa_driver_nl80211_disassociate,
4441 .authenticate = wpa_driver_nl80211_authenticate,
4442 .associate = wpa_driver_nl80211_associate,
4443 .init = wpa_driver_nl80211_init,
4444 .deinit = wpa_driver_nl80211_deinit,
4445 .get_capa = wpa_driver_nl80211_get_capa,
4446 .set_operstate = wpa_driver_nl80211_set_operstate,
4447 .set_country = wpa_driver_nl80211_set_country,
4449 .set_beacon = wpa_driver_nl80211_set_beacon,
4450 #endif /* CONFIG_AP */
4451 #if defined(CONFIG_AP) || defined(HOSTAPD)
4452 .send_mlme = wpa_driver_nl80211_send_mlme,
4453 .set_beacon_int = wpa_driver_nl80211_set_beacon_int,
4454 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
4455 #endif /* CONFIG_AP || HOSTAPD */
4457 .hapd_init = i802_init,
4458 .hapd_deinit = i802_deinit,
4459 .hapd_set_key = i802_set_key,
4460 .get_seqnum = i802_get_seqnum,
4461 .flush = i802_flush,
4462 .read_sta_data = i802_read_sta_data,
4463 .hapd_send_eapol = i802_send_eapol,
4464 .sta_set_flags = i802_sta_set_flags,
4465 .sta_deauth = i802_sta_deauth,
4466 .sta_disassoc = i802_sta_disassoc,
4467 .sta_remove = i802_sta_remove,
4468 .sta_add = i802_sta_add,
4469 .get_inact_sec = i802_get_inact_sec,
4470 .sta_clear_stats = i802_sta_clear_stats,
4471 .set_freq = i802_set_freq,
4472 .set_rts = i802_set_rts,
4473 .set_frag = i802_set_frag,
4474 .set_retry = i802_set_retry,
4475 .set_rate_sets = i802_set_rate_sets,
4476 .hapd_set_beacon = i802_set_beacon,
4477 .set_cts_protect = i802_set_cts_protect,
4478 .set_preamble = i802_set_preamble,
4479 .set_short_slot_time = i802_set_short_slot_time,
4480 .set_tx_queue_params = i802_set_tx_queue_params,
4481 .bss_add = i802_bss_add,
4482 .bss_remove = i802_bss_remove,
4483 .if_add = i802_if_add,
4484 .if_update = i802_if_update,
4485 .if_remove = i802_if_remove,
4486 .set_sta_vlan = i802_set_sta_vlan,
4487 .get_neighbor_bss = i802_get_neighbor_bss,
4488 #endif /* HOSTAPD */