src/ap/vlan_init.c

   1 /*
   2  * hostapd / VLAN initialization
   3  * Copyright 2003, Instant802 Networks, Inc.
   4  * Copyright 2005-2006, Devicescape Software, Inc.
   5  * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
   6  *
   7  * This software may be distributed under the terms of the BSD license.
   8  * See README for more details.
   9  */
  10
  11 #include "utils/includes.h"
  12
  13 #include "utils/common.h"
  14 #include "hostapd.h"
  15 #include "ap_config.h"
  16 #include "ap_drv_ops.h"
  17 #include "wpa_auth.h"
  18 #include "vlan_init.h"
  19 #include "vlan_util.h"
  20
  21 #include <net/if.h>
  22 #include <sys/ioctl.h>
  23 #ifdef CONFIG_FULL_DYNAMIC_VLAN
  24 #include <linux/sockios.h>
  25 #include <linux/if_vlan.h>
  26 #include <linux/if_bridge.h>
  27 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
  28
  29
  30 #ifdef CONFIG_FULL_DYNAMIC_VLAN
  31
  32 #include "drivers/priv_netlink.h"
  33 #include "utils/eloop.h"
  34
  35
  36 struct full_dynamic_vlan {
  37         int s; /* socket on which to listen for new/removed interfaces. */
  38 };
  39
  40 #define DVLAN_CLEAN_BR         0x1
  41 #define DVLAN_CLEAN_VLAN       0x2
  42 #define DVLAN_CLEAN_VLAN_PORT  0x4
  43
  44 struct dynamic_iface {
  45         char ifname[IFNAMSIZ + 1];
  46         int usage;
  47         int clean;
  48         struct dynamic_iface *next;
  49 };
  50
  51
  52 /* Increment ref counter for ifname and add clean flag.
  53  * If not in list, add it only if some flags are given.
  54  */
  55 static void dyn_iface_get(struct hostapd_data *hapd, const char *ifname,
  56                           int clean)
  57 {
  58         struct dynamic_iface *next, **dynamic_ifaces;
  59         struct hapd_interfaces *interfaces;
  60
  61         interfaces = hapd->iface->interfaces;
  62         dynamic_ifaces = &interfaces->vlan_priv;
  63
  64         for (next = *dynamic_ifaces; next; next = next->next) {
  65                 if (os_strcmp(ifname, next->ifname) == 0)
  66                         break;
  67         }
  68
  69         if (next) {
  70                 next->usage++;
  71                 next->clean |= clean;
  72                 return;
  73         }
  74
  75         if (!clean)
  76                 return;
  77
  78         next = os_zalloc(sizeof(*next));
  79         if (!next)
  80                 return;
  81         os_strlcpy(next->ifname, ifname, sizeof(next->ifname));
  82         next->usage = 1;
  83         next->clean = clean;
  84         next->next = *dynamic_ifaces;
  85         *dynamic_ifaces = next;
  86 }
  87
  88
  89 /* Decrement reference counter for given ifname.
  90  * Return clean flag iff reference counter was decreased to zero, else zero
  91  */
  92 static int dyn_iface_put(struct hostapd_data *hapd, const char *ifname)
  93 {
  94         struct dynamic_iface *next, *prev = NULL, **dynamic_ifaces;
  95         struct hapd_interfaces *interfaces;
  96         int clean;
  97
  98         interfaces = hapd->iface->interfaces;
  99         dynamic_ifaces = &interfaces->vlan_priv;
 100
 101         for (next = *dynamic_ifaces; next; next = next->next) {
 102                 if (os_strcmp(ifname, next->ifname) == 0)
 103                         break;
 104                 prev = next;
 105         }
 106
 107         if (!next)
 108                 return 0;
 109
 110         next->usage--;
 111         if (next->usage)
 112                 return 0;
 113
 114         if (prev)
 115                 prev->next = next->next;
 116         else
 117                 *dynamic_ifaces = next->next;
 118         clean = next->clean;
 119         os_free(next);
 120
 121         return clean;
 122 }
 123
 124 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
 125
 126
 127 static int ifconfig_helper(const char *if_name, int up)
 128 {
 129         int fd;
 130         struct ifreq ifr;
 131
 132         if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
 133                 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
 134                            "failed: %s", __func__, strerror(errno));
 135                 return -1;
 136         }
 137
 138         os_memset(&ifr, 0, sizeof(ifr));
 139         os_strlcpy(ifr.ifr_name, if_name, IFNAMSIZ);
 140
 141         if (ioctl(fd, SIOCGIFFLAGS, &ifr) != 0) {
 142                 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl(SIOCGIFFLAGS) failed "
 143                            "for interface %s: %s",
 144                            __func__, if_name, strerror(errno));
 145                 close(fd);
 146                 return -1;
 147         }
 148
 149         if (up)
 150                 ifr.ifr_flags |= IFF_UP;
 151         else
 152                 ifr.ifr_flags &= ~IFF_UP;
 153
 154         if (ioctl(fd, SIOCSIFFLAGS, &ifr) != 0) {
 155                 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl(SIOCSIFFLAGS) failed "
 156                            "for interface %s (up=%d): %s",
 157                            __func__, if_name, up, strerror(errno));
 158                 close(fd);
 159                 return -1;
 160         }
 161
 162         close(fd);
 163         return 0;
 164 }
 165
 166
 167 static int ifconfig_up(const char *if_name)
 168 {
 169         wpa_printf(MSG_DEBUG, "VLAN: Set interface %s up", if_name);
 170         return ifconfig_helper(if_name, 1);
 171 }
 172
 173
 174 static int vlan_if_add(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
 175                        int existsok)
 176 {
 177         int ret, i;
 178
 179         for (i = 0; i < NUM_WEP_KEYS; i++) {
 180                 if (!hapd->conf->ssid.wep.key[i])
 181                         continue;
 182                 wpa_printf(MSG_ERROR,
 183                            "VLAN: Refusing to set up VLAN iface %s with WEP",
 184                            vlan->ifname);
 185                 return -1;
 186         }
 187
 188         if (!if_nametoindex(vlan->ifname))
 189                 ret = hostapd_vlan_if_add(hapd, vlan->ifname);
 190         else if (!existsok)
 191                 return -1;
 192         else
 193                 ret = 0;
 194
 195         if (ret)
 196                 return ret;
 197
 198         ifconfig_up(vlan->ifname); /* else wpa group will fail fatal */
 199
 200         if (hapd->wpa_auth)
 201                 ret = wpa_auth_ensure_group(hapd->wpa_auth, vlan->vlan_id);
 202
 203         if (ret == 0)
 204                 return ret;
 205
 206         wpa_printf(MSG_ERROR, "WPA initialization for VLAN %d failed (%d)",
 207                    vlan->vlan_id, ret);
 208         if (wpa_auth_release_group(hapd->wpa_auth, vlan->vlan_id))
 209                 wpa_printf(MSG_ERROR, "WPA deinit of %s failed", vlan->ifname);
 210
 211         /* group state machine setup failed */
 212         if (hostapd_vlan_if_remove(hapd, vlan->ifname))
 213                 wpa_printf(MSG_ERROR, "Removal of %s failed", vlan->ifname);
 214
 215         return ret;
 216 }
 217
 218
 219 static int vlan_if_remove(struct hostapd_data *hapd, struct hostapd_vlan *vlan)
 220 {
 221         int ret;
 222
 223         ret = wpa_auth_release_group(hapd->wpa_auth, vlan->vlan_id);
 224         if (ret)
 225                 wpa_printf(MSG_ERROR,
 226                            "WPA deinitialization for VLAN %d failed (%d)",
 227                            vlan->vlan_id, ret);
 228
 229         return hostapd_vlan_if_remove(hapd, vlan->ifname);
 230 }
 231
 232
 233 #ifdef CONFIG_FULL_DYNAMIC_VLAN
 234
 235 static int ifconfig_down(const char *if_name)
 236 {
 237         wpa_printf(MSG_DEBUG, "VLAN: Set interface %s down", if_name);
 238         return ifconfig_helper(if_name, 0);
 239 }
 240
 241
 242 /*
 243  * These are only available in recent linux headers (without the leading
 244  * underscore).
 245  */
 246 #define _GET_VLAN_REALDEV_NAME_CMD      8
 247 #define _GET_VLAN_VID_CMD               9
 248
 249 /* This value should be 256 ONLY. If it is something else, then hostapd
 250  * might crash!, as this value has been hard-coded in 2.4.x kernel
 251  * bridging code.
 252  */
 253 #define MAX_BR_PORTS                    256
 254
 255 static int br_delif(const char *br_name, const char *if_name)
 256 {
 257         int fd;
 258         struct ifreq ifr;
 259         unsigned long args[2];
 260         int if_index;
 261
 262         wpa_printf(MSG_DEBUG, "VLAN: br_delif(%s, %s)", br_name, if_name);
 263         if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
 264                 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
 265                            "failed: %s", __func__, strerror(errno));
 266                 return -1;
 267         }
 268
 269         if_index = if_nametoindex(if_name);
 270
 271         if (if_index == 0) {
 272                 wpa_printf(MSG_ERROR, "VLAN: %s: Failure determining "
 273                            "interface index for '%s'",
 274                            __func__, if_name);
 275                 close(fd);
 276                 return -1;
 277         }
 278
 279         args[0] = BRCTL_DEL_IF;
 280         args[1] = if_index;
 281
 282         os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
 283         ifr.ifr_data = (__caddr_t) args;
 284
 285         if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0 && errno != EINVAL) {
 286                 /* No error if interface already removed. */
 287                 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl[SIOCDEVPRIVATE,"
 288                            "BRCTL_DEL_IF] failed for br_name=%s if_name=%s: "
 289                            "%s", __func__, br_name, if_name, strerror(errno));
 290                 close(fd);
 291                 return -1;
 292         }
 293
 294         close(fd);
 295         return 0;
 296 }
 297
 298
 299 /*
 300         Add interface 'if_name' to the bridge 'br_name'
 301
 302         returns -1 on error
 303         returns 1 if the interface is already part of the bridge
 304         returns 0 otherwise
 305 */
 306 static int br_addif(const char *br_name, const char *if_name)
 307 {
 308         int fd;
 309         struct ifreq ifr;
 310         unsigned long args[2];
 311         int if_index;
 312
 313         wpa_printf(MSG_DEBUG, "VLAN: br_addif(%s, %s)", br_name, if_name);
 314         if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
 315                 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
 316                            "failed: %s", __func__, strerror(errno));
 317                 return -1;
 318         }
 319
 320         if_index = if_nametoindex(if_name);
 321
 322         if (if_index == 0) {
 323                 wpa_printf(MSG_ERROR, "VLAN: %s: Failure determining "
 324                            "interface index for '%s'",
 325                            __func__, if_name);
 326                 close(fd);
 327                 return -1;
 328         }
 329
 330         args[0] = BRCTL_ADD_IF;
 331         args[1] = if_index;
 332
 333         os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
 334         ifr.ifr_data = (__caddr_t) args;
 335
 336         if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) {
 337                 if (errno == EBUSY) {
 338                         /* The interface is already added. */
 339                         close(fd);
 340                         return 1;
 341                 }
 342
 343                 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl[SIOCDEVPRIVATE,"
 344                            "BRCTL_ADD_IF] failed for br_name=%s if_name=%s: "
 345                            "%s", __func__, br_name, if_name, strerror(errno));
 346                 close(fd);
 347                 return -1;
 348         }
 349
 350         close(fd);
 351         return 0;
 352 }
 353
 354
 355 static int br_delbr(const char *br_name)
 356 {
 357         int fd;
 358         unsigned long arg[2];
 359
 360         wpa_printf(MSG_DEBUG, "VLAN: br_delbr(%s)", br_name);
 361         if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
 362                 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
 363                            "failed: %s", __func__, strerror(errno));
 364                 return -1;
 365         }
 366
 367         arg[0] = BRCTL_DEL_BRIDGE;
 368         arg[1] = (unsigned long) br_name;
 369
 370         if (ioctl(fd, SIOCGIFBR, arg) < 0 && errno != ENXIO) {
 371                 /* No error if bridge already removed. */
 372                 wpa_printf(MSG_ERROR, "VLAN: %s: BRCTL_DEL_BRIDGE failed for "
 373                            "%s: %s", __func__, br_name, strerror(errno));
 374                 close(fd);
 375                 return -1;
 376         }
 377
 378         close(fd);
 379         return 0;
 380 }
 381
 382
 383 /*
 384         Add a bridge with the name 'br_name'.
 385
 386         returns -1 on error
 387         returns 1 if the bridge already exists
 388         returns 0 otherwise
 389 */
 390 static int br_addbr(const char *br_name)
 391 {
 392         int fd;
 393         unsigned long arg[4];
 394         struct ifreq ifr;
 395
 396         wpa_printf(MSG_DEBUG, "VLAN: br_addbr(%s)", br_name);
 397         if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
 398                 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
 399                            "failed: %s", __func__, strerror(errno));
 400                 return -1;
 401         }
 402
 403         arg[0] = BRCTL_ADD_BRIDGE;
 404         arg[1] = (unsigned long) br_name;
 405
 406         if (ioctl(fd, SIOCGIFBR, arg) < 0) {
 407                 if (errno == EEXIST) {
 408                         /* The bridge is already added. */
 409                         close(fd);
 410                         return 1;
 411                 } else {
 412                         wpa_printf(MSG_ERROR, "VLAN: %s: BRCTL_ADD_BRIDGE "
 413                                    "failed for %s: %s",
 414                                    __func__, br_name, strerror(errno));
 415                         close(fd);
 416                         return -1;
 417                 }
 418         }
 419
 420         /* Decrease forwarding delay to avoid EAPOL timeouts. */
 421         os_memset(&ifr, 0, sizeof(ifr));
 422         os_strlcpy(ifr.ifr_name, br_name, IFNAMSIZ);
 423         arg[0] = BRCTL_SET_BRIDGE_FORWARD_DELAY;
 424         arg[1] = 1;
 425         arg[2] = 0;
 426         arg[3] = 0;
 427         ifr.ifr_data = (char *) &arg;
 428         if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) {
 429                 wpa_printf(MSG_ERROR, "VLAN: %s: "
 430                            "BRCTL_SET_BRIDGE_FORWARD_DELAY (1 sec) failed for "
 431                            "%s: %s", __func__, br_name, strerror(errno));
 432                 /* Continue anyway */
 433         }
 434
 435         close(fd);
 436         return 0;
 437 }
 438
 439
 440 static int br_getnumports(const char *br_name)
 441 {
 442         int fd;
 443         int i;
 444         int port_cnt = 0;
 445         unsigned long arg[4];
 446         int ifindices[MAX_BR_PORTS];
 447         struct ifreq ifr;
 448
 449         if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
 450                 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
 451                            "failed: %s", __func__, strerror(errno));
 452                 return -1;
 453         }
 454
 455         arg[0] = BRCTL_GET_PORT_LIST;
 456         arg[1] = (unsigned long) ifindices;
 457         arg[2] = MAX_BR_PORTS;
 458         arg[3] = 0;
 459
 460         os_memset(ifindices, 0, sizeof(ifindices));
 461         os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
 462         ifr.ifr_data = (__caddr_t) arg;
 463
 464         if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) {
 465                 wpa_printf(MSG_ERROR, "VLAN: %s: BRCTL_GET_PORT_LIST "
 466                            "failed for %s: %s",
 467                            __func__, br_name, strerror(errno));
 468                 close(fd);
 469                 return -1;
 470         }
 471
 472         for (i = 1; i < MAX_BR_PORTS; i++) {
 473                 if (ifindices[i] > 0) {
 474                         port_cnt++;
 475                 }
 476         }
 477
 478         close(fd);
 479         return port_cnt;
 480 }
 481
 482
 483 #ifndef CONFIG_VLAN_NETLINK
 484
 485 int vlan_rem(const char *if_name)
 486 {
 487         int fd;
 488         struct vlan_ioctl_args if_request;
 489
 490         wpa_printf(MSG_DEBUG, "VLAN: vlan_rem(%s)", if_name);
 491         if ((os_strlen(if_name) + 1) > sizeof(if_request.device1)) {
 492                 wpa_printf(MSG_ERROR, "VLAN: Interface name too long: '%s'",
 493                            if_name);
 494                 return -1;
 495         }
 496
 497         if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
 498                 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
 499                            "failed: %s", __func__, strerror(errno));
 500                 return -1;
 501         }
 502
 503         os_memset(&if_request, 0, sizeof(if_request));
 504
 505         os_strlcpy(if_request.device1, if_name, sizeof(if_request.device1));
 506         if_request.cmd = DEL_VLAN_CMD;
 507
 508         if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
 509                 wpa_printf(MSG_ERROR, "VLAN: %s: DEL_VLAN_CMD failed for %s: "
 510                            "%s", __func__, if_name, strerror(errno));
 511                 close(fd);
 512                 return -1;
 513         }
 514
 515         close(fd);
 516         return 0;
 517 }
 518
 519
 520 /*
 521         Add a vlan interface with VLAN ID 'vid' and tagged interface
 522         'if_name'.
 523
 524         returns -1 on error
 525         returns 1 if the interface already exists
 526         returns 0 otherwise
 527 */
 528 int vlan_add(const char *if_name, int vid, const char *vlan_if_name)
 529 {
 530         int fd;
 531         struct vlan_ioctl_args if_request;
 532
 533         wpa_printf(MSG_DEBUG, "VLAN: vlan_add(if_name=%s, vid=%d)",
 534                    if_name, vid);
 535         ifconfig_up(if_name);
 536
 537         if ((os_strlen(if_name) + 1) > sizeof(if_request.device1)) {
 538                 wpa_printf(MSG_ERROR, "VLAN: Interface name too long: '%s'",
 539                            if_name);
 540                 return -1;
 541         }
 542
 543         if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
 544                 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
 545                            "failed: %s", __func__, strerror(errno));
 546                 return -1;
 547         }
 548
 549         os_memset(&if_request, 0, sizeof(if_request));
 550
 551         /* Determine if a suitable vlan device already exists. */
 552
 553         os_snprintf(if_request.device1, sizeof(if_request.device1), "vlan%d",
 554                     vid);
 555
 556         if_request.cmd = _GET_VLAN_VID_CMD;
 557
 558         if (ioctl(fd, SIOCSIFVLAN, &if_request) == 0) {
 559
 560                 if (if_request.u.VID == vid) {
 561                         if_request.cmd = _GET_VLAN_REALDEV_NAME_CMD;
 562
 563                         if (ioctl(fd, SIOCSIFVLAN, &if_request) == 0 &&
 564                             os_strncmp(if_request.u.device2, if_name,
 565                                        sizeof(if_request.u.device2)) == 0) {
 566                                 close(fd);
 567                                 wpa_printf(MSG_DEBUG, "VLAN: vlan_add: "
 568                                            "if_name %s exists already",
 569                                            if_request.device1);
 570                                 return 1;
 571                         }
 572                 }
 573         }
 574
 575         /* A suitable vlan device does not already exist, add one. */
 576
 577         os_memset(&if_request, 0, sizeof(if_request));
 578         os_strlcpy(if_request.device1, if_name, sizeof(if_request.device1));
 579         if_request.u.VID = vid;
 580         if_request.cmd = ADD_VLAN_CMD;
 581
 582         if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
 583                 wpa_printf(MSG_ERROR, "VLAN: %s: ADD_VLAN_CMD failed for %s: "
 584                            "%s",
 585                            __func__, if_request.device1, strerror(errno));
 586                 close(fd);
 587                 return -1;
 588         }
 589
 590         close(fd);
 591         return 0;
 592 }
 593
 594
 595 static int vlan_set_name_type(unsigned int name_type)
 596 {
 597         int fd;
 598         struct vlan_ioctl_args if_request;
 599
 600         wpa_printf(MSG_DEBUG, "VLAN: vlan_set_name_type(name_type=%u)",
 601                    name_type);
 602         if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
 603                 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
 604                            "failed: %s", __func__, strerror(errno));
 605                 return -1;
 606         }
 607
 608         os_memset(&if_request, 0, sizeof(if_request));
 609
 610         if_request.u.name_type = name_type;
 611         if_request.cmd = SET_VLAN_NAME_TYPE_CMD;
 612         if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
 613                 wpa_printf(MSG_ERROR, "VLAN: %s: SET_VLAN_NAME_TYPE_CMD "
 614                            "name_type=%u failed: %s",
 615                            __func__, name_type, strerror(errno));
 616                 close(fd);
 617                 return -1;
 618         }
 619
 620         close(fd);
 621         return 0;
 622 }
 623
 624 #endif /* CONFIG_VLAN_NETLINK */
 625
 626
 627 static void vlan_newlink_tagged(int vlan_naming, const char *tagged_interface,
 628                                 const char *br_name, int vid,
 629                                 struct hostapd_data *hapd)
 630 {
 631         char vlan_ifname[IFNAMSIZ];
 632         int clean;
 633
 634         if (vlan_naming == DYNAMIC_VLAN_NAMING_WITH_DEVICE)
 635                 os_snprintf(vlan_ifname, sizeof(vlan_ifname), "%s.%d",
 636                             tagged_interface, vid);
 637         else
 638                 os_snprintf(vlan_ifname, sizeof(vlan_ifname), "vlan%d", vid);
 639
 640         clean = 0;
 641         ifconfig_up(tagged_interface);
 642         if (!vlan_add(tagged_interface, vid, vlan_ifname))
 643                 clean |= DVLAN_CLEAN_VLAN;
 644
 645         if (!br_addif(br_name, vlan_ifname))
 646                 clean |= DVLAN_CLEAN_VLAN_PORT;
 647
 648         dyn_iface_get(hapd, vlan_ifname, clean);
 649
 650         ifconfig_up(vlan_ifname);
 651 }
 652
 653
 654 static void vlan_bridge_name(char *br_name, struct hostapd_data *hapd, int vid)
 655 {
 656         char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface;
 657
 658         if (hapd->conf->vlan_bridge[0]) {
 659                 os_snprintf(br_name, IFNAMSIZ, "%s%d",
 660                             hapd->conf->vlan_bridge, vid);
 661         } else if (tagged_interface) {
 662                 os_snprintf(br_name, IFNAMSIZ, "br%s.%d",
 663                             tagged_interface, vid);
 664         } else {
 665                 os_snprintf(br_name, IFNAMSIZ, "brvlan%d", vid);
 666         }
 667 }
 668
 669
 670 static void vlan_get_bridge(const char *br_name, struct hostapd_data *hapd,
 671                             int vid)
 672 {
 673         char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface;
 674         int vlan_naming = hapd->conf->ssid.vlan_naming;
 675
 676         dyn_iface_get(hapd, br_name, br_addbr(br_name) ? 0 : DVLAN_CLEAN_BR);
 677
 678         ifconfig_up(br_name);
 679
 680         if (tagged_interface)
 681                 vlan_newlink_tagged(vlan_naming, tagged_interface, br_name,
 682                                     vid, hapd);
 683 }
 684
 685
 686 static void vlan_newlink(const char *ifname, struct hostapd_data *hapd)
 687 {
 688         char br_name[IFNAMSIZ];
 689         struct hostapd_vlan *vlan;
 690         int untagged, *tagged, i, notempty;
 691
 692         wpa_printf(MSG_DEBUG, "VLAN: vlan_newlink(%s)", ifname);
 693
 694         for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
 695                 if (vlan->configured ||
 696                     os_strcmp(ifname, vlan->ifname) != 0)
 697                         continue;
 698                 break;
 699         }
 700         if (!vlan)
 701                 return;
 702
 703         vlan->configured = 1;
 704
 705         notempty = vlan->vlan_desc.notempty;
 706         untagged = vlan->vlan_desc.untagged;
 707         tagged = vlan->vlan_desc.tagged;
 708
 709         if (!notempty) {
 710                 /* Non-VLAN STA */
 711                 if (hapd->conf->bridge[0] &&
 712                     !br_addif(hapd->conf->bridge, ifname))
 713                         vlan->clean |= DVLAN_CLEAN_WLAN_PORT;
 714         } else if (untagged > 0 && untagged <= MAX_VLAN_ID) {
 715                 vlan_bridge_name(br_name, hapd, untagged);
 716
 717                 vlan_get_bridge(br_name, hapd, untagged);
 718
 719                 if (!br_addif(br_name, ifname))
 720                         vlan->clean |= DVLAN_CLEAN_WLAN_PORT;
 721         }
 722
 723         for (i = 0; i < MAX_NUM_TAGGED_VLAN && tagged[i]; i++) {
 724                 if (tagged[i] == untagged ||
 725                     tagged[i] <= 0 || tagged[i] > MAX_VLAN_ID ||
 726                     (i > 0 && tagged[i] == tagged[i - 1]))
 727                         continue;
 728                 vlan_bridge_name(br_name, hapd, tagged[i]);
 729                 vlan_get_bridge(br_name, hapd, tagged[i]);
 730                 vlan_newlink_tagged(DYNAMIC_VLAN_NAMING_WITH_DEVICE,
 731                                     ifname, br_name, tagged[i], hapd);
 732         }
 733
 734         ifconfig_up(ifname);
 735 }
 736
 737
 738 static void vlan_dellink_tagged(int vlan_naming, const char *tagged_interface,
 739                                 const char *br_name, int vid,
 740                                 struct hostapd_data *hapd)
 741 {
 742         char vlan_ifname[IFNAMSIZ];
 743         int clean;
 744
 745         if (vlan_naming == DYNAMIC_VLAN_NAMING_WITH_DEVICE)
 746                 os_snprintf(vlan_ifname, sizeof(vlan_ifname), "%s.%d",
 747                             tagged_interface, vid);
 748         else
 749                 os_snprintf(vlan_ifname, sizeof(vlan_ifname), "vlan%d", vid);
 750
 751         clean = dyn_iface_put(hapd, vlan_ifname);
 752
 753         if (clean & DVLAN_CLEAN_VLAN_PORT)
 754                 br_delif(br_name, vlan_ifname);
 755
 756         if (clean & DVLAN_CLEAN_VLAN) {
 757                 ifconfig_down(vlan_ifname);
 758                 vlan_rem(vlan_ifname);
 759         }
 760 }
 761
 762
 763 static void vlan_put_bridge(const char *br_name, struct hostapd_data *hapd,
 764                             int vid)
 765 {
 766         int clean;
 767         char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface;
 768         int vlan_naming = hapd->conf->ssid.vlan_naming;
 769
 770         if (tagged_interface)
 771                 vlan_dellink_tagged(vlan_naming, tagged_interface, br_name,
 772                                     vid, hapd);
 773
 774         clean = dyn_iface_put(hapd, br_name);
 775         if ((clean & DVLAN_CLEAN_BR) && br_getnumports(br_name) == 0) {
 776                 ifconfig_down(br_name);
 777                 br_delbr(br_name);
 778         }
 779 }
 780
 781
 782 static void vlan_dellink(const char *ifname, struct hostapd_data *hapd)
 783 {
 784         struct hostapd_vlan *first, *prev, *vlan = hapd->conf->vlan;
 785
 786         wpa_printf(MSG_DEBUG, "VLAN: vlan_dellink(%s)", ifname);
 787
 788         first = prev = vlan;
 789
 790         while (vlan) {
 791                 if (os_strcmp(ifname, vlan->ifname) != 0) {
 792                         prev = vlan;
 793                         vlan = vlan->next;
 794                         continue;
 795                 }
 796                 break;
 797         }
 798         if (!vlan)
 799                 return;
 800
 801         if (vlan->configured) {
 802                 int notempty = vlan->vlan_desc.notempty;
 803                 int untagged = vlan->vlan_desc.untagged;
 804                 int *tagged = vlan->vlan_desc.tagged;
 805                 char br_name[IFNAMSIZ];
 806                 int i;
 807
 808                 for (i = 0; i < MAX_NUM_TAGGED_VLAN && tagged[i]; i++) {
 809                         if (tagged[i] == untagged ||
 810                             tagged[i] <= 0 || tagged[i] > MAX_VLAN_ID ||
 811                             (i > 0 && tagged[i] == tagged[i - 1]))
 812                                 continue;
 813                         vlan_bridge_name(br_name, hapd, tagged[i]);
 814                         vlan_dellink_tagged(DYNAMIC_VLAN_NAMING_WITH_DEVICE,
 815                                             ifname, br_name, tagged[i], hapd);
 816                         vlan_put_bridge(br_name, hapd, tagged[i]);
 817                 }
 818
 819                 if (!notempty) {
 820                         /* Non-VLAN STA */
 821                         if (hapd->conf->bridge[0] &&
 822                             (vlan->clean & DVLAN_CLEAN_WLAN_PORT))
 823                                 br_delif(hapd->conf->bridge, ifname);
 824                 } else if (untagged > 0 && untagged <= MAX_VLAN_ID) {
 825                         vlan_bridge_name(br_name, hapd, untagged);
 826
 827                         if (vlan->clean & DVLAN_CLEAN_WLAN_PORT)
 828                                 br_delif(br_name, vlan->ifname);
 829
 830                         vlan_put_bridge(br_name, hapd, untagged);
 831                 }
 832         }
 833
 834         /*
 835          * Ensure this VLAN interface is actually removed even if
 836          * NEWLINK message is only received later.
 837          */
 838         if (if_nametoindex(vlan->ifname) && vlan_if_remove(hapd, vlan))
 839                 wpa_printf(MSG_ERROR,
 840                            "VLAN: Could not remove VLAN iface: %s: %s",
 841                            vlan->ifname, strerror(errno));
 842
 843         if (vlan == first)
 844                 hapd->conf->vlan = vlan->next;
 845         else
 846                 prev->next = vlan->next;
 847
 848         os_free(vlan);
 849 }
 850
 851
 852 static void
 853 vlan_read_ifnames(struct nlmsghdr *h, size_t len, int del,
 854                   struct hostapd_data *hapd)
 855 {
 856         struct ifinfomsg *ifi;
 857         int attrlen, nlmsg_len, rta_len;
 858         struct rtattr *attr;
 859         char ifname[IFNAMSIZ + 1];
 860
 861         if (len < sizeof(*ifi))
 862                 return;
 863
 864         ifi = NLMSG_DATA(h);
 865
 866         nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
 867
 868         attrlen = h->nlmsg_len - nlmsg_len;
 869         if (attrlen < 0)
 870                 return;
 871
 872         attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
 873
 874         os_memset(ifname, 0, sizeof(ifname));
 875         rta_len = RTA_ALIGN(sizeof(struct rtattr));
 876         while (RTA_OK(attr, attrlen)) {
 877                 if (attr->rta_type == IFLA_IFNAME) {
 878                         int n = attr->rta_len - rta_len;
 879                         if (n < 0)
 880                                 break;
 881
 882                         if ((size_t) n >= sizeof(ifname))
 883                                 n = sizeof(ifname) - 1;
 884                         os_memcpy(ifname, ((char *) attr) + rta_len, n);
 885
 886                 }
 887
 888                 attr = RTA_NEXT(attr, attrlen);
 889         }
 890
 891         if (!ifname[0])
 892                 return;
 893         if (del && if_nametoindex(ifname)) {
 894                  /* interface still exists, race condition ->
 895                   * iface has just been recreated */
 896                 return;
 897         }
 898
 899         wpa_printf(MSG_DEBUG,
 900                    "VLAN: RTM_%sLINK: ifi_index=%d ifname=%s ifi_family=%d ifi_flags=0x%x (%s%s%s%s)",
 901                    del ? "DEL" : "NEW",
 902                    ifi->ifi_index, ifname, ifi->ifi_family, ifi->ifi_flags,
 903                    (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
 904                    (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
 905                    (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
 906                    (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
 907
 908         if (del)
 909                 vlan_dellink(ifname, hapd);
 910         else
 911                 vlan_newlink(ifname, hapd);
 912 }
 913
 914
 915 static void vlan_event_receive(int sock, void *eloop_ctx, void *sock_ctx)
 916 {
 917         char buf[8192];
 918         int left;
 919         struct sockaddr_nl from;
 920         socklen_t fromlen;
 921         struct nlmsghdr *h;
 922         struct hostapd_data *hapd = eloop_ctx;
 923
 924         fromlen = sizeof(from);
 925         left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
 926                         (struct sockaddr *) &from, &fromlen);
 927         if (left < 0) {
 928                 if (errno != EINTR && errno != EAGAIN)
 929                         wpa_printf(MSG_ERROR, "VLAN: %s: recvfrom failed: %s",
 930                                    __func__, strerror(errno));
 931                 return;
 932         }
 933
 934         h = (struct nlmsghdr *) buf;
 935         while (NLMSG_OK(h, left)) {
 936                 int len, plen;
 937
 938                 len = h->nlmsg_len;
 939                 plen = len - sizeof(*h);
 940                 if (len > left || plen < 0) {
 941                         wpa_printf(MSG_DEBUG, "VLAN: Malformed netlink "
 942                                    "message: len=%d left=%d plen=%d",
 943                                    len, left, plen);
 944                         break;
 945                 }
 946
 947                 switch (h->nlmsg_type) {
 948                 case RTM_NEWLINK:
 949                         vlan_read_ifnames(h, plen, 0, hapd);
 950                         break;
 951                 case RTM_DELLINK:
 952                         vlan_read_ifnames(h, plen, 1, hapd);
 953                         break;
 954                 }
 955
 956                 h = NLMSG_NEXT(h, left);
 957         }
 958
 959         if (left > 0) {
 960                 wpa_printf(MSG_DEBUG, "VLAN: %s: %d extra bytes in the end of "
 961                            "netlink message", __func__, left);
 962         }
 963 }
 964
 965
 966 static struct full_dynamic_vlan *
 967 full_dynamic_vlan_init(struct hostapd_data *hapd)
 968 {
 969         struct sockaddr_nl local;
 970         struct full_dynamic_vlan *priv;
 971
 972         priv = os_zalloc(sizeof(*priv));
 973         if (priv == NULL)
 974                 return NULL;
 975
 976 #ifndef CONFIG_VLAN_NETLINK
 977         vlan_set_name_type(hapd->conf->ssid.vlan_naming ==
 978                            DYNAMIC_VLAN_NAMING_WITH_DEVICE ?
 979                            VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD :
 980                            VLAN_NAME_TYPE_PLUS_VID_NO_PAD);
 981 #endif /* CONFIG_VLAN_NETLINK */
 982
 983         priv->s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
 984         if (priv->s < 0) {
 985                 wpa_printf(MSG_ERROR, "VLAN: %s: socket(PF_NETLINK,SOCK_RAW,"
 986                            "NETLINK_ROUTE) failed: %s",
 987                            __func__, strerror(errno));
 988                 os_free(priv);
 989                 return NULL;
 990         }
 991
 992         os_memset(&local, 0, sizeof(local));
 993         local.nl_family = AF_NETLINK;
 994         local.nl_groups = RTMGRP_LINK;
 995         if (bind(priv->s, (struct sockaddr *) &local, sizeof(local)) < 0) {
 996                 wpa_printf(MSG_ERROR, "VLAN: %s: bind(netlink) failed: %s",
 997                            __func__, strerror(errno));
 998                 close(priv->s);
 999                 os_free(priv);
1000                 return NULL;
1001         }
1002
1003         if (eloop_register_read_sock(priv->s, vlan_event_receive, hapd, NULL))
1004         {
1005                 close(priv->s);
1006                 os_free(priv);
1007                 return NULL;
1008         }
1009
1010         return priv;
1011 }
1012
1013
1014 static void full_dynamic_vlan_deinit(struct full_dynamic_vlan *priv)
1015 {
1016         if (priv == NULL)
1017                 return;
1018         eloop_unregister_read_sock(priv->s);
1019         close(priv->s);
1020         os_free(priv);
1021 }
1022 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
1023
1024
1025 static int vlan_dynamic_add(struct hostapd_data *hapd,
1026                             struct hostapd_vlan *vlan)
1027 {
1028         while (vlan) {
1029                 if (vlan->vlan_id != VLAN_ID_WILDCARD) {
1030                         if (vlan_if_add(hapd, vlan, 1)) {
1031                                 wpa_printf(MSG_ERROR,
1032                                            "VLAN: Could not add VLAN %s: %s",
1033                                            vlan->ifname, strerror(errno));
1034                                 return -1;
1035                         }
1036 #ifdef CONFIG_FULL_DYNAMIC_VLAN
1037                         vlan_newlink(vlan->ifname, hapd);
1038 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
1039                 }
1040
1041                 vlan = vlan->next;
1042         }
1043
1044         return 0;
1045 }
1046
1047
1048 static void vlan_dynamic_remove(struct hostapd_data *hapd,
1049                                 struct hostapd_vlan *vlan)
1050 {
1051         struct hostapd_vlan *next;
1052
1053         while (vlan) {
1054                 next = vlan->next;
1055
1056 #ifdef CONFIG_FULL_DYNAMIC_VLAN
1057                 /* vlan_dellink() takes care of cleanup and interface removal */
1058                 if (vlan->vlan_id != VLAN_ID_WILDCARD)
1059                         vlan_dellink(vlan->ifname, hapd);
1060 #else /* CONFIG_FULL_DYNAMIC_VLAN */
1061                 if (vlan->vlan_id != VLAN_ID_WILDCARD &&
1062                     vlan_if_remove(hapd, vlan)) {
1063                         wpa_printf(MSG_ERROR, "VLAN: Could not remove VLAN "
1064                                    "iface: %s: %s",
1065                                    vlan->ifname, strerror(errno));
1066                 }
1067 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
1068
1069                 vlan = next;
1070         }
1071 }
1072
1073
1074 int vlan_init(struct hostapd_data *hapd)
1075 {
1076 #ifdef CONFIG_FULL_DYNAMIC_VLAN
1077         hapd->full_dynamic_vlan = full_dynamic_vlan_init(hapd);
1078 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
1079
1080         if ((hapd->conf->ssid.dynamic_vlan != DYNAMIC_VLAN_DISABLED ||
1081              hapd->conf->ssid.per_sta_vif) &&
1082             !hapd->conf->vlan) {
1083                 /* dynamic vlans enabled but no (or empty) vlan_file given */
1084                 struct hostapd_vlan *vlan;
1085                 vlan = os_zalloc(sizeof(*vlan));
1086                 if (vlan == NULL) {
1087                         wpa_printf(MSG_ERROR, "Out of memory while assigning "
1088                                    "VLAN interfaces");
1089                         return -1;
1090                 }
1091
1092                 vlan->vlan_id = VLAN_ID_WILDCARD;
1093                 os_snprintf(vlan->ifname, sizeof(vlan->ifname), "%s.#",
1094                             hapd->conf->iface);
1095                 vlan->next = hapd->conf->vlan;
1096                 hapd->conf->vlan = vlan;
1097         }
1098
1099         if (vlan_dynamic_add(hapd, hapd->conf->vlan))
1100                 return -1;
1101
1102         return 0;
1103 }
1104
1105
1106 void vlan_deinit(struct hostapd_data *hapd)
1107 {
1108         vlan_dynamic_remove(hapd, hapd->conf->vlan);
1109
1110 #ifdef CONFIG_FULL_DYNAMIC_VLAN
1111         full_dynamic_vlan_deinit(hapd->full_dynamic_vlan);
1112         hapd->full_dynamic_vlan = NULL;
1113 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
1114 }
1115
1116
1117 struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd,
1118                                        struct hostapd_vlan *vlan,
1119                                        int vlan_id,
1120                                        struct vlan_description *vlan_desc)
1121 {
1122         struct hostapd_vlan *n;
1123         char ifname[IFNAMSIZ + 1], *pos;
1124
1125         if (vlan == NULL || vlan->vlan_id != VLAN_ID_WILDCARD)
1126                 return NULL;
1127
1128         wpa_printf(MSG_DEBUG, "VLAN: %s(vlan_id=%d ifname=%s)",
1129                    __func__, vlan_id, vlan->ifname);
1130         os_strlcpy(ifname, vlan->ifname, sizeof(ifname));
1131         pos = os_strchr(ifname, '#');
1132         if (pos == NULL)
1133                 return NULL;
1134         *pos++ = '\0';
1135
1136         n = os_zalloc(sizeof(*n));
1137         if (n == NULL)
1138                 return NULL;
1139
1140         n->vlan_id = vlan_id;
1141         if (vlan_desc)
1142                 n->vlan_desc = *vlan_desc;
1143         n->dynamic_vlan = 1;
1144
1145         os_snprintf(n->ifname, sizeof(n->ifname), "%s%d%s", ifname, vlan_id,
1146                     pos);
1147
1148         n->next = hapd->conf->vlan;
1149         hapd->conf->vlan = n;
1150
1151         /* hapd->conf->vlan needs this new VLAN here for WPA setup */
1152         if (vlan_if_add(hapd, n, 0)) {
1153                 hapd->conf->vlan = n->next;
1154                 os_free(n);
1155                 n = NULL;
1156         }
1157
1158         return n;
1159 }
1160
1161
1162 int vlan_remove_dynamic(struct hostapd_data *hapd, int vlan_id)
1163 {
1164         struct hostapd_vlan *vlan;
1165
1166         if (vlan_id <= 0)
1167                 return 1;
1168
1169         wpa_printf(MSG_DEBUG, "VLAN: %s(ifname=%s vlan_id=%d)",
1170                    __func__, hapd->conf->iface, vlan_id);
1171
1172         vlan = hapd->conf->vlan;
1173         while (vlan) {
1174                 if (vlan->vlan_id == vlan_id && vlan->dynamic_vlan > 0) {
1175                         vlan->dynamic_vlan--;
1176                         break;
1177                 }
1178                 vlan = vlan->next;
1179         }
1180
1181         if (vlan == NULL)
1182                 return 1;
1183
1184         if (vlan->dynamic_vlan == 0) {
1185                 vlan_if_remove(hapd, vlan);
1186 #ifdef CONFIG_FULL_DYNAMIC_VLAN
1187                 vlan_dellink(vlan->ifname, hapd);
1188 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
1189         }
1190
1191         return 0;
1192 }