2 * hostapd / VLAN initialization
3 * Copyright 2003, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * Alternatively, this software may be distributed under the terms of BSD
14 * See README and COPYING for more details.
17 #include "utils/includes.h"
19 #include "utils/common.h"
21 #include "ap_config.h"
22 #include "ap_drv_ops.h"
23 #include "vlan_init.h"
26 #ifdef CONFIG_FULL_DYNAMIC_VLAN
29 #include <sys/ioctl.h>
30 #include <linux/sockios.h>
31 #include <linux/if_vlan.h>
32 #include <linux/if_bridge.h>
34 #include "drivers/priv_netlink.h"
35 #include "utils/eloop.h"
38 struct full_dynamic_vlan {
39 int s; /* socket on which to listen for new/removed interfaces. */
43 static int ifconfig_helper(const char *if_name, int up)
48 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
49 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
50 "failed: %s", __func__, strerror(errno));
54 os_memset(&ifr, 0, sizeof(ifr));
55 os_strlcpy(ifr.ifr_name, if_name, IFNAMSIZ);
57 if (ioctl(fd, SIOCGIFFLAGS, &ifr) != 0) {
58 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl(SIOCGIFFLAGS) failed "
59 "for interface %s: %s",
60 __func__, if_name, strerror(errno));
66 ifr.ifr_flags |= IFF_UP;
68 ifr.ifr_flags &= ~IFF_UP;
70 if (ioctl(fd, SIOCSIFFLAGS, &ifr) != 0) {
71 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl(SIOCSIFFLAGS) failed "
72 "for interface %s (up=%d): %s",
73 __func__, if_name, up, strerror(errno));
83 static int ifconfig_up(const char *if_name)
85 wpa_printf(MSG_DEBUG, "VLAN: Set interface %s up", if_name);
86 return ifconfig_helper(if_name, 1);
90 static int ifconfig_down(const char *if_name)
92 wpa_printf(MSG_DEBUG, "VLAN: Set interface %s down", if_name);
93 return ifconfig_helper(if_name, 0);
98 * These are only available in recent linux headers (without the leading
101 #define _GET_VLAN_REALDEV_NAME_CMD 8
102 #define _GET_VLAN_VID_CMD 9
104 /* This value should be 256 ONLY. If it is something else, then hostapd
105 * might crash!, as this value has been hard-coded in 2.4.x kernel
108 #define MAX_BR_PORTS 256
110 static int br_delif(const char *br_name, const char *if_name)
114 unsigned long args[2];
117 wpa_printf(MSG_DEBUG, "VLAN: br_delif(%s, %s)", br_name, if_name);
118 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
119 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
120 "failed: %s", __func__, strerror(errno));
124 if_index = if_nametoindex(if_name);
127 wpa_printf(MSG_ERROR, "VLAN: %s: Failure determining "
128 "interface index for '%s'",
134 args[0] = BRCTL_DEL_IF;
137 os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
138 ifr.ifr_data = (__caddr_t) args;
140 if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0 && errno != EINVAL) {
141 /* No error if interface already removed. */
142 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl[SIOCDEVPRIVATE,"
143 "BRCTL_DEL_IF] failed for br_name=%s if_name=%s: "
144 "%s", __func__, br_name, if_name, strerror(errno));
155 Add interface 'if_name' to the bridge 'br_name'
158 returns 1 if the interface is already part of the bridge
161 static int br_addif(const char *br_name, const char *if_name)
165 unsigned long args[2];
168 wpa_printf(MSG_DEBUG, "VLAN: br_addif(%s, %s)", br_name, if_name);
169 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
170 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
171 "failed: %s", __func__, strerror(errno));
175 if_index = if_nametoindex(if_name);
178 wpa_printf(MSG_ERROR, "VLAN: %s: Failure determining "
179 "interface index for '%s'",
185 args[0] = BRCTL_ADD_IF;
188 os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
189 ifr.ifr_data = (__caddr_t) args;
191 if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) {
192 if (errno == EBUSY) {
193 /* The interface is already added. */
198 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl[SIOCDEVPRIVATE,"
199 "BRCTL_ADD_IF] failed for br_name=%s if_name=%s: "
200 "%s", __func__, br_name, if_name, strerror(errno));
210 static int br_delbr(const char *br_name)
213 unsigned long arg[2];
215 wpa_printf(MSG_DEBUG, "VLAN: br_delbr(%s)", br_name);
216 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
217 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
218 "failed: %s", __func__, strerror(errno));
222 arg[0] = BRCTL_DEL_BRIDGE;
223 arg[1] = (unsigned long) br_name;
225 if (ioctl(fd, SIOCGIFBR, arg) < 0 && errno != ENXIO) {
226 /* No error if bridge already removed. */
227 wpa_printf(MSG_ERROR, "VLAN: %s: BRCTL_DEL_BRIDGE failed for "
228 "%s: %s", __func__, br_name, strerror(errno));
239 Add a bridge with the name 'br_name'.
242 returns 1 if the bridge already exists
245 static int br_addbr(const char *br_name)
248 unsigned long arg[4];
251 wpa_printf(MSG_DEBUG, "VLAN: br_addbr(%s)", br_name);
252 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
253 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
254 "failed: %s", __func__, strerror(errno));
258 arg[0] = BRCTL_ADD_BRIDGE;
259 arg[1] = (unsigned long) br_name;
261 if (ioctl(fd, SIOCGIFBR, arg) < 0) {
262 if (errno == EEXIST) {
263 /* The bridge is already added. */
267 wpa_printf(MSG_ERROR, "VLAN: %s: BRCTL_ADD_BRIDGE "
269 __func__, br_name, strerror(errno));
275 /* Decrease forwarding delay to avoid EAPOL timeouts. */
276 os_memset(&ifr, 0, sizeof(ifr));
277 os_strlcpy(ifr.ifr_name, br_name, IFNAMSIZ);
278 arg[0] = BRCTL_SET_BRIDGE_FORWARD_DELAY;
282 ifr.ifr_data = (char *) &arg;
283 if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) {
284 wpa_printf(MSG_ERROR, "VLAN: %s: "
285 "BRCTL_SET_BRIDGE_FORWARD_DELAY (1 sec) failed for "
286 "%s: %s", __func__, br_name, strerror(errno));
287 /* Continue anyway */
295 static int br_getnumports(const char *br_name)
300 unsigned long arg[4];
301 int ifindices[MAX_BR_PORTS];
304 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
305 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
306 "failed: %s", __func__, strerror(errno));
310 arg[0] = BRCTL_GET_PORT_LIST;
311 arg[1] = (unsigned long) ifindices;
312 arg[2] = MAX_BR_PORTS;
315 os_memset(ifindices, 0, sizeof(ifindices));
316 os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
317 ifr.ifr_data = (__caddr_t) arg;
319 if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) {
320 wpa_printf(MSG_ERROR, "VLAN: %s: BRCTL_GET_PORT_LIST "
322 __func__, br_name, strerror(errno));
327 for (i = 1; i < MAX_BR_PORTS; i++) {
328 if (ifindices[i] > 0) {
338 static int vlan_rem(const char *if_name)
341 struct vlan_ioctl_args if_request;
343 wpa_printf(MSG_DEBUG, "VLAN: vlan_rem(%s)", if_name);
344 if ((os_strlen(if_name) + 1) > sizeof(if_request.device1)) {
345 wpa_printf(MSG_ERROR, "VLAN: Interface name too long: '%s'",
350 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
351 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
352 "failed: %s", __func__, strerror(errno));
356 os_memset(&if_request, 0, sizeof(if_request));
358 os_strlcpy(if_request.device1, if_name, sizeof(if_request.device1));
359 if_request.cmd = DEL_VLAN_CMD;
361 if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
362 wpa_printf(MSG_ERROR, "VLAN: %s: DEL_VLAN_CMD failed for %s: "
363 "%s", __func__, if_name, strerror(errno));
374 Add a vlan interface with VLAN ID 'vid' and tagged interface
378 returns 1 if the interface already exists
381 static int vlan_add(const char *if_name, int vid)
384 struct vlan_ioctl_args if_request;
386 wpa_printf(MSG_DEBUG, "VLAN: vlan_add(if_name=%s, vid=%d)",
388 ifconfig_up(if_name);
390 if ((os_strlen(if_name) + 1) > sizeof(if_request.device1)) {
391 wpa_printf(MSG_ERROR, "VLAN: Interface name too long: '%s'",
396 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
397 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
398 "failed: %s", __func__, strerror(errno));
402 os_memset(&if_request, 0, sizeof(if_request));
404 /* Determine if a suitable vlan device already exists. */
406 os_snprintf(if_request.device1, sizeof(if_request.device1), "vlan%d",
409 if_request.cmd = _GET_VLAN_VID_CMD;
411 if (ioctl(fd, SIOCSIFVLAN, &if_request) == 0) {
413 if (if_request.u.VID == vid) {
414 if_request.cmd = _GET_VLAN_REALDEV_NAME_CMD;
416 if (ioctl(fd, SIOCSIFVLAN, &if_request) == 0 &&
417 os_strncmp(if_request.u.device2, if_name,
418 sizeof(if_request.u.device2)) == 0) {
420 wpa_printf(MSG_DEBUG, "VLAN: vlan_add: "
421 "if_name %s exists already",
428 /* A suitable vlan device does not already exist, add one. */
430 os_memset(&if_request, 0, sizeof(if_request));
431 os_strlcpy(if_request.device1, if_name, sizeof(if_request.device1));
432 if_request.u.VID = vid;
433 if_request.cmd = ADD_VLAN_CMD;
435 if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
436 wpa_printf(MSG_ERROR, "VLAN: %s: ADD_VLAN_CMD failed for %s: "
438 __func__, if_request.device1, strerror(errno));
448 static int vlan_set_name_type(unsigned int name_type)
451 struct vlan_ioctl_args if_request;
453 wpa_printf(MSG_DEBUG, "VLAN: vlan_set_name_type(name_type=%u)",
455 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
456 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
457 "failed: %s", __func__, strerror(errno));
461 os_memset(&if_request, 0, sizeof(if_request));
463 if_request.u.name_type = name_type;
464 if_request.cmd = SET_VLAN_NAME_TYPE_CMD;
465 if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
466 wpa_printf(MSG_ERROR, "VLAN: %s: SET_VLAN_NAME_TYPE_CMD "
467 "name_type=%u failed: %s",
468 __func__, name_type, strerror(errno));
478 static void vlan_newlink(char *ifname, struct hostapd_data *hapd)
480 char vlan_ifname[IFNAMSIZ];
481 char br_name[IFNAMSIZ];
482 struct hostapd_vlan *vlan = hapd->conf->vlan;
483 char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface;
485 wpa_printf(MSG_DEBUG, "VLAN: vlan_newlink(%s)", ifname);
488 if (os_strcmp(ifname, vlan->ifname) == 0) {
490 os_snprintf(br_name, sizeof(br_name), "brvlan%d",
493 if (!br_addbr(br_name))
494 vlan->clean |= DVLAN_CLEAN_BR;
496 ifconfig_up(br_name);
498 if (tagged_interface) {
500 if (!vlan_add(tagged_interface, vlan->vlan_id))
501 vlan->clean |= DVLAN_CLEAN_VLAN;
503 os_snprintf(vlan_ifname, sizeof(vlan_ifname),
504 "vlan%d", vlan->vlan_id);
506 if (!br_addif(br_name, vlan_ifname))
507 vlan->clean |= DVLAN_CLEAN_VLAN_PORT;
509 ifconfig_up(vlan_ifname);
512 if (!br_addif(br_name, ifname))
513 vlan->clean |= DVLAN_CLEAN_WLAN_PORT;
524 static void vlan_dellink(char *ifname, struct hostapd_data *hapd)
526 char vlan_ifname[IFNAMSIZ];
527 char br_name[IFNAMSIZ];
528 struct hostapd_vlan *first, *prev, *vlan = hapd->conf->vlan;
529 char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface;
531 wpa_printf(MSG_DEBUG, "VLAN: vlan_dellink(%s)", ifname);
536 if (os_strcmp(ifname, vlan->ifname) == 0) {
537 os_snprintf(br_name, sizeof(br_name), "brvlan%d",
540 if (vlan->clean & DVLAN_CLEAN_WLAN_PORT)
541 br_delif(br_name, vlan->ifname);
543 if (tagged_interface) {
544 os_snprintf(vlan_ifname, sizeof(vlan_ifname),
545 "vlan%d", vlan->vlan_id);
546 if (vlan->clean & DVLAN_CLEAN_VLAN_PORT)
547 br_delif(br_name, vlan_ifname);
548 ifconfig_down(vlan_ifname);
550 if (vlan->clean & DVLAN_CLEAN_VLAN)
551 vlan_rem(vlan_ifname);
554 if ((vlan->clean & DVLAN_CLEAN_BR) &&
555 br_getnumports(br_name) == 0) {
556 ifconfig_down(br_name);
561 hapd->conf->vlan = vlan->next;
563 prev->next = vlan->next;
576 vlan_read_ifnames(struct nlmsghdr *h, size_t len, int del,
577 struct hostapd_data *hapd)
579 struct ifinfomsg *ifi;
580 int attrlen, nlmsg_len, rta_len;
583 if (len < sizeof(*ifi))
588 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
590 attrlen = h->nlmsg_len - nlmsg_len;
594 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
596 rta_len = RTA_ALIGN(sizeof(struct rtattr));
597 while (RTA_OK(attr, attrlen)) {
598 char ifname[IFNAMSIZ + 1];
600 if (attr->rta_type == IFLA_IFNAME) {
601 int n = attr->rta_len - rta_len;
605 os_memset(ifname, 0, sizeof(ifname));
607 if ((size_t) n > sizeof(ifname))
609 os_memcpy(ifname, ((char *) attr) + rta_len, n);
612 vlan_dellink(ifname, hapd);
614 vlan_newlink(ifname, hapd);
617 attr = RTA_NEXT(attr, attrlen);
622 static void vlan_event_receive(int sock, void *eloop_ctx, void *sock_ctx)
626 struct sockaddr_nl from;
629 struct hostapd_data *hapd = eloop_ctx;
631 fromlen = sizeof(from);
632 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
633 (struct sockaddr *) &from, &fromlen);
635 if (errno != EINTR && errno != EAGAIN)
636 wpa_printf(MSG_ERROR, "VLAN: %s: recvfrom failed: %s",
637 __func__, strerror(errno));
641 h = (struct nlmsghdr *) buf;
642 while (left >= (int) sizeof(*h)) {
646 plen = len - sizeof(*h);
647 if (len > left || plen < 0) {
648 wpa_printf(MSG_DEBUG, "VLAN: Malformed netlink "
649 "message: len=%d left=%d plen=%d",
654 switch (h->nlmsg_type) {
656 vlan_read_ifnames(h, plen, 0, hapd);
659 vlan_read_ifnames(h, plen, 1, hapd);
663 len = NLMSG_ALIGN(len);
665 h = (struct nlmsghdr *) ((char *) h + len);
669 wpa_printf(MSG_DEBUG, "VLAN: %s: %d extra bytes in the end of "
670 "netlink message", __func__, left);
675 static struct full_dynamic_vlan *
676 full_dynamic_vlan_init(struct hostapd_data *hapd)
678 struct sockaddr_nl local;
679 struct full_dynamic_vlan *priv;
681 priv = os_zalloc(sizeof(*priv));
685 vlan_set_name_type(VLAN_NAME_TYPE_PLUS_VID_NO_PAD);
687 priv->s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
689 wpa_printf(MSG_ERROR, "VLAN: %s: socket(PF_NETLINK,SOCK_RAW,"
690 "NETLINK_ROUTE) failed: %s",
691 __func__, strerror(errno));
696 os_memset(&local, 0, sizeof(local));
697 local.nl_family = AF_NETLINK;
698 local.nl_groups = RTMGRP_LINK;
699 if (bind(priv->s, (struct sockaddr *) &local, sizeof(local)) < 0) {
700 wpa_printf(MSG_ERROR, "VLAN: %s: bind(netlink) failed: %s",
701 __func__, strerror(errno));
707 if (eloop_register_read_sock(priv->s, vlan_event_receive, hapd, NULL))
718 static void full_dynamic_vlan_deinit(struct full_dynamic_vlan *priv)
722 eloop_unregister_read_sock(priv->s);
726 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
729 int vlan_setup_encryption_dyn(struct hostapd_data *hapd,
730 struct hostapd_ssid *mssid, const char *dyn_vlan)
734 if (dyn_vlan == NULL)
737 /* Static WEP keys are set here; IEEE 802.1X and WPA uses their own
738 * functions for setting up dynamic broadcast keys. */
739 for (i = 0; i < 4; i++) {
740 if (mssid->wep.key[i] &&
741 hostapd_drv_set_key(dyn_vlan, hapd, WPA_ALG_WEP, NULL, i,
742 i == mssid->wep.idx, NULL, 0,
743 mssid->wep.key[i], mssid->wep.len[i]))
745 wpa_printf(MSG_ERROR, "VLAN: Could not set WEP "
746 "encryption for dynamic VLAN");
755 static int vlan_dynamic_add(struct hostapd_data *hapd,
756 struct hostapd_vlan *vlan)
759 if (vlan->vlan_id != VLAN_ID_WILDCARD) {
760 if (hapd->drv.vlan_if_add(hapd, vlan->ifname)) {
761 if (errno != EEXIST) {
762 wpa_printf(MSG_ERROR, "VLAN: Could "
763 "not add VLAN %s: %s",
769 #ifdef CONFIG_FULL_DYNAMIC_VLAN
770 ifconfig_up(vlan->ifname);
771 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
781 static void vlan_dynamic_remove(struct hostapd_data *hapd,
782 struct hostapd_vlan *vlan)
784 struct hostapd_vlan *next;
789 if (vlan->vlan_id != VLAN_ID_WILDCARD &&
790 hapd->drv.vlan_if_remove(hapd, vlan->ifname)) {
791 wpa_printf(MSG_ERROR, "VLAN: Could not remove VLAN "
793 vlan->ifname, strerror(errno));
795 #ifdef CONFIG_FULL_DYNAMIC_VLAN
797 vlan_dellink(vlan->ifname, hapd);
798 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
805 int vlan_init(struct hostapd_data *hapd)
807 #ifdef CONFIG_FULL_DYNAMIC_VLAN
808 hapd->full_dynamic_vlan = full_dynamic_vlan_init(hapd);
809 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
811 if (vlan_dynamic_add(hapd, hapd->conf->vlan))
818 void vlan_deinit(struct hostapd_data *hapd)
820 vlan_dynamic_remove(hapd, hapd->conf->vlan);
822 #ifdef CONFIG_FULL_DYNAMIC_VLAN
823 full_dynamic_vlan_deinit(hapd->full_dynamic_vlan);
824 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
828 struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd,
829 struct hostapd_vlan *vlan,
832 struct hostapd_vlan *n;
835 if (vlan == NULL || vlan_id <= 0 || vlan_id > MAX_VLAN_ID ||
836 vlan->vlan_id != VLAN_ID_WILDCARD)
839 wpa_printf(MSG_DEBUG, "VLAN: %s(vlan_id=%d ifname=%s)",
840 __func__, vlan_id, vlan->ifname);
841 ifname = os_strdup(vlan->ifname);
844 pos = os_strchr(ifname, '#');
851 n = os_zalloc(sizeof(*n));
857 n->vlan_id = vlan_id;
860 os_snprintf(n->ifname, sizeof(n->ifname), "%s%d%s", ifname, vlan_id,
864 if (hapd->drv.vlan_if_add(hapd, n->ifname)) {
869 n->next = hapd->conf->vlan;
870 hapd->conf->vlan = n;
872 #ifdef CONFIG_FULL_DYNAMIC_VLAN
873 ifconfig_up(n->ifname);
874 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
880 int vlan_remove_dynamic(struct hostapd_data *hapd, int vlan_id)
882 struct hostapd_vlan *vlan;
884 if (vlan_id <= 0 || vlan_id > MAX_VLAN_ID)
887 wpa_printf(MSG_DEBUG, "VLAN: %s(vlan_id=%d)", __func__, vlan_id);
889 vlan = hapd->conf->vlan;
891 if (vlan->vlan_id == vlan_id && vlan->dynamic_vlan > 0) {
892 vlan->dynamic_vlan--;
901 if (vlan->dynamic_vlan == 0)
902 hapd->drv.vlan_if_remove(hapd, vlan->ifname);