2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009-2010, Atheros Communications
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
13 * Alternatively, this software may be distributed under the terms of BSD
16 * See README and COPYING for more details.
20 #include <sys/ioctl.h>
21 #include <sys/types.h>
25 #include <netlink/genl/genl.h>
26 #include <netlink/genl/family.h>
27 #include <netlink/genl/ctrl.h>
28 #include <linux/rtnetlink.h>
29 #include <netpacket/packet.h>
30 #include <linux/filter.h>
31 #include "nl80211_copy.h"
35 #include "utils/list.h"
36 #include "common/ieee802_11_defs.h"
38 #include "linux_ioctl.h"
40 #include "radiotap_iter.h"
45 /* libnl 2.0 compatibility code */
46 #define nl_handle nl_sock
47 #define nl80211_handle_alloc nl_socket_alloc_cb
48 #define nl80211_handle_destroy nl_socket_free
51 * libnl 1.1 has a bug, it tries to allocate socket numbers densely
52 * but when you free a socket again it will mess up its bitmap and
53 * and use the wrong number the next time it needs a socket ID.
54 * Therefore, we wrap the handle alloc/destroy and add our own pid
57 static uint32_t port_bitmap[32] = { 0 };
59 static struct nl_handle *nl80211_handle_alloc(void *cb)
61 struct nl_handle *handle;
62 uint32_t pid = getpid() & 0x3FFFFF;
65 handle = nl_handle_alloc_cb(cb);
67 for (i = 0; i < 1024; i++) {
68 if (port_bitmap[i / 32] & (1 << (i % 32)))
70 port_bitmap[i / 32] |= 1 << (i % 32);
75 nl_socket_set_local_port(handle, pid);
80 static void nl80211_handle_destroy(struct nl_handle *handle)
82 uint32_t port = nl_socket_get_local_port(handle);
85 port_bitmap[port / 32] &= ~(1 << (port % 32));
87 nl_handle_destroy(handle);
89 #endif /* CONFIG_LIBNL20 */
93 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
96 #define IFF_DORMANT 0x20000 /* driver signals dormant */
99 #ifndef IF_OPER_DORMANT
100 #define IF_OPER_DORMANT 5
106 struct nl80211_global {
107 struct dl_list interfaces;
111 struct wpa_driver_nl80211_data *drv;
112 struct i802_bss *next;
114 char ifname[IFNAMSIZ + 1];
115 char brname[IFNAMSIZ];
116 unsigned int beacon_set:1;
117 unsigned int added_if_into_bridge:1;
118 unsigned int added_bridge:1;
121 struct wpa_driver_nl80211_data {
122 struct nl80211_global *global;
127 struct netlink_data *netlink;
128 int ioctl_sock; /* socket for ioctl() use */
132 struct rfkill_data *rfkill;
133 struct wpa_driver_capa capa;
138 int scan_complete_events;
140 struct nl_handle *nl_handle;
141 struct nl_handle *nl_handle_event;
142 struct nl_handle *nl_handle_preq;
143 struct nl_cache *nl_cache;
144 struct nl_cache *nl_cache_event;
145 struct nl_cache *nl_cache_preq;
147 struct genl_family *nl80211;
149 u8 auth_bssid[ETH_ALEN];
155 int ap_scan_as_station;
156 unsigned int assoc_freq;
160 int disable_11b_rates;
162 unsigned int pending_remain_on_chan:1;
164 u64 remain_on_chan_cookie;
165 u64 send_action_cookie;
167 unsigned int last_mgmt_freq;
169 struct wpa_driver_scan_filter *filter_ssids;
170 size_t num_filter_ssids;
172 struct i802_bss first_bss;
175 int eapol_sock; /* socket for EAPOL frames */
177 int default_if_indices[16];
187 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
189 static int wpa_driver_nl80211_set_mode(void *priv, int mode);
191 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
192 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
193 const u8 *addr, int cmd, u16 reason_code,
194 int local_state_change);
195 static void nl80211_remove_monitor_interface(
196 struct wpa_driver_nl80211_data *drv);
197 static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv,
198 unsigned int freq, unsigned int wait,
199 const u8 *buf, size_t buf_len, u64 *cookie);
200 static int wpa_driver_nl80211_probe_req_report(void *priv, int report);
203 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
204 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
205 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
206 static int wpa_driver_nl80211_if_remove(void *priv,
207 enum wpa_driver_if_type type,
210 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
216 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq);
217 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
218 int ifindex, int disabled);
220 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv);
223 struct nl80211_bss_info_arg {
224 struct wpa_driver_nl80211_data *drv;
225 struct wpa_scan_results *res;
226 unsigned int assoc_freq;
229 static int bss_info_handler(struct nl_msg *msg, void *arg);
233 static int ack_handler(struct nl_msg *msg, void *arg)
240 static int finish_handler(struct nl_msg *msg, void *arg)
247 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
256 static int no_seq_check(struct nl_msg *msg, void *arg)
262 static int send_and_recv(struct wpa_driver_nl80211_data *drv,
263 struct nl_handle *nl_handle, struct nl_msg *msg,
264 int (*valid_handler)(struct nl_msg *, void *),
270 cb = nl_cb_clone(drv->nl_cb);
274 err = nl_send_auto_complete(nl_handle, msg);
280 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
281 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
282 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
285 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
286 valid_handler, valid_data);
289 nl_recvmsgs(nl_handle, cb);
297 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
299 int (*valid_handler)(struct nl_msg *, void *),
302 return send_and_recv(drv, drv->nl_handle, msg, valid_handler,
313 static int family_handler(struct nl_msg *msg, void *arg)
315 struct family_data *res = arg;
316 struct nlattr *tb[CTRL_ATTR_MAX + 1];
317 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
318 struct nlattr *mcgrp;
321 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
322 genlmsg_attrlen(gnlh, 0), NULL);
323 if (!tb[CTRL_ATTR_MCAST_GROUPS])
326 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
327 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
328 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
329 nla_len(mcgrp), NULL);
330 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
331 !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
332 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
334 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
336 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
344 static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv,
345 const char *family, const char *group)
349 struct family_data res = { group, -ENOENT };
354 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"),
355 0, 0, CTRL_CMD_GETFAMILY, 0);
356 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
358 ret = send_and_recv_msgs(drv, msg, family_handler, &res);
369 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
371 struct i802_bss *bss = priv;
372 struct wpa_driver_nl80211_data *drv = bss->drv;
373 if (!drv->associated)
375 os_memcpy(bssid, drv->bssid, ETH_ALEN);
380 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
382 struct i802_bss *bss = priv;
383 struct wpa_driver_nl80211_data *drv = bss->drv;
384 if (!drv->associated)
386 os_memcpy(ssid, drv->ssid, drv->ssid_len);
387 return drv->ssid_len;
391 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
392 char *buf, size_t len, int del)
394 union wpa_event_data event;
396 os_memset(&event, 0, sizeof(event));
397 if (len > sizeof(event.interface_status.ifname))
398 len = sizeof(event.interface_status.ifname) - 1;
399 os_memcpy(event.interface_status.ifname, buf, len);
400 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
401 EVENT_INTERFACE_ADDED;
403 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
405 event.interface_status.ifname,
406 del ? "removed" : "added");
408 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) {
415 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
419 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
422 int attrlen, rta_len;
426 attr = (struct rtattr *) buf;
428 rta_len = RTA_ALIGN(sizeof(struct rtattr));
429 while (RTA_OK(attr, attrlen)) {
430 if (attr->rta_type == IFLA_IFNAME) {
431 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname)
437 attr = RTA_NEXT(attr, attrlen);
444 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
445 int ifindex, u8 *buf, size_t len)
447 if (drv->ifindex == ifindex)
450 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
451 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname);
452 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
454 wpa_driver_nl80211_finish_drv_init(drv);
462 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
463 struct ifinfomsg *ifi,
466 struct wpa_driver_nl80211_data *drv = ctx;
467 int attrlen, rta_len;
471 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, buf, len) &&
472 !have_ifidx(drv, ifi->ifi_index)) {
473 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign "
474 "ifindex %d", ifi->ifi_index);
478 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
480 drv->operstate, ifi->ifi_flags,
481 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
482 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
483 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
484 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
486 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
487 wpa_printf(MSG_DEBUG, "nl80211: Interface down");
488 drv->if_disabled = 1;
489 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL);
492 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
493 wpa_printf(MSG_DEBUG, "nl80211: Interface up");
494 drv->if_disabled = 0;
495 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL);
499 * Some drivers send the association event before the operup event--in
500 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
501 * fails. This will hit us when wpa_supplicant does not need to do
502 * IEEE 802.1X authentication
504 if (drv->operstate == 1 &&
505 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
506 !(ifi->ifi_flags & IFF_RUNNING))
507 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
511 attr = (struct rtattr *) buf;
512 rta_len = RTA_ALIGN(sizeof(struct rtattr));
513 while (RTA_OK(attr, attrlen)) {
514 if (attr->rta_type == IFLA_IFNAME) {
515 wpa_driver_nl80211_event_link(
517 ((char *) attr) + rta_len,
518 attr->rta_len - rta_len, 0);
519 } else if (attr->rta_type == IFLA_MASTER)
520 brid = nla_get_u32((struct nlattr *) attr);
521 attr = RTA_NEXT(attr, attrlen);
525 if (ifi->ifi_family == AF_BRIDGE && brid) {
526 /* device has been added to bridge */
527 char namebuf[IFNAMSIZ];
528 if_indextoname(brid, namebuf);
529 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
531 add_ifidx(drv, brid);
537 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
538 struct ifinfomsg *ifi,
541 struct wpa_driver_nl80211_data *drv = ctx;
542 int attrlen, rta_len;
547 attr = (struct rtattr *) buf;
549 rta_len = RTA_ALIGN(sizeof(struct rtattr));
550 while (RTA_OK(attr, attrlen)) {
551 if (attr->rta_type == IFLA_IFNAME) {
552 wpa_driver_nl80211_event_link(
554 ((char *) attr) + rta_len,
555 attr->rta_len - rta_len, 1);
556 } else if (attr->rta_type == IFLA_MASTER)
557 brid = nla_get_u32((struct nlattr *) attr);
558 attr = RTA_NEXT(attr, attrlen);
562 if (ifi->ifi_family == AF_BRIDGE && brid) {
563 /* device has been removed from bridge */
564 char namebuf[IFNAMSIZ];
565 if_indextoname(brid, namebuf);
566 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge "
567 "%s", brid, namebuf);
568 del_ifidx(drv, brid);
574 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
575 const u8 *frame, size_t len)
577 const struct ieee80211_mgmt *mgmt;
578 union wpa_event_data event;
580 mgmt = (const struct ieee80211_mgmt *) frame;
581 if (len < 24 + sizeof(mgmt->u.auth)) {
582 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
587 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN);
588 os_memset(&event, 0, sizeof(event));
589 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
590 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
591 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
592 if (len > 24 + sizeof(mgmt->u.auth)) {
593 event.auth.ies = mgmt->u.auth.variable;
594 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
597 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
601 static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
605 struct nl80211_bss_info_arg arg;
607 os_memset(&arg, 0, sizeof(arg));
610 goto nla_put_failure;
612 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP,
613 NL80211_CMD_GET_SCAN, 0);
614 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
617 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
620 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the "
621 "associated BSS from scan results: %u MHz",
623 return arg.assoc_freq ? arg.assoc_freq : drv->assoc_freq;
625 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
626 "(%s)", ret, strerror(-ret));
629 return drv->assoc_freq;
633 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
634 const u8 *frame, size_t len)
636 const struct ieee80211_mgmt *mgmt;
637 union wpa_event_data event;
640 mgmt = (const struct ieee80211_mgmt *) frame;
641 if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
642 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
647 status = le_to_host16(mgmt->u.assoc_resp.status_code);
648 if (status != WLAN_STATUS_SUCCESS) {
649 os_memset(&event, 0, sizeof(event));
650 event.assoc_reject.bssid = mgmt->bssid;
651 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
652 event.assoc_reject.resp_ies =
653 (u8 *) mgmt->u.assoc_resp.variable;
654 event.assoc_reject.resp_ies_len =
655 len - 24 - sizeof(mgmt->u.assoc_resp);
657 event.assoc_reject.status_code = status;
659 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
664 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
666 os_memset(&event, 0, sizeof(event));
667 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
668 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
669 event.assoc_info.resp_ies_len =
670 len - 24 - sizeof(mgmt->u.assoc_resp);
673 event.assoc_info.freq = drv->assoc_freq;
675 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
679 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
680 enum nl80211_commands cmd, struct nlattr *status,
681 struct nlattr *addr, struct nlattr *req_ie,
682 struct nlattr *resp_ie)
684 union wpa_event_data event;
686 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
688 * Avoid reporting two association events that would confuse
691 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) "
692 "when using userspace SME", cmd);
696 os_memset(&event, 0, sizeof(event));
697 if (cmd == NL80211_CMD_CONNECT &&
698 nla_get_u16(status) != WLAN_STATUS_SUCCESS) {
700 event.assoc_reject.bssid = nla_data(addr);
702 event.assoc_reject.resp_ies = nla_data(resp_ie);
703 event.assoc_reject.resp_ies_len = nla_len(resp_ie);
705 event.assoc_reject.status_code = nla_get_u16(status);
706 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
712 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN);
715 event.assoc_info.req_ies = nla_data(req_ie);
716 event.assoc_info.req_ies_len = nla_len(req_ie);
719 event.assoc_info.resp_ies = nla_data(resp_ie);
720 event.assoc_info.resp_ies_len = nla_len(resp_ie);
723 event.assoc_info.freq = nl80211_get_assoc_freq(drv);
725 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
729 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv,
730 enum nl80211_commands cmd, struct nlattr *addr)
732 union wpa_event_data event;
733 enum wpa_event_type ev;
735 if (nla_len(addr) != ETH_ALEN)
738 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR,
739 cmd, MAC2STR((u8 *) nla_data(addr)));
741 if (cmd == NL80211_CMD_AUTHENTICATE)
742 ev = EVENT_AUTH_TIMED_OUT;
743 else if (cmd == NL80211_CMD_ASSOCIATE)
744 ev = EVENT_ASSOC_TIMED_OUT;
748 os_memset(&event, 0, sizeof(event));
749 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN);
750 wpa_supplicant_event(drv->ctx, ev, &event);
754 static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv,
755 struct nlattr *freq, const u8 *frame, size_t len)
757 const struct ieee80211_mgmt *mgmt;
758 union wpa_event_data event;
761 mgmt = (const struct ieee80211_mgmt *) frame;
763 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame");
767 fc = le_to_host16(mgmt->frame_control);
768 stype = WLAN_FC_GET_STYPE(fc);
770 os_memset(&event, 0, sizeof(event));
772 event.rx_action.freq = nla_get_u32(freq);
773 drv->last_mgmt_freq = event.rx_action.freq;
775 if (stype == WLAN_FC_STYPE_ACTION) {
776 event.rx_action.da = mgmt->da;
777 event.rx_action.sa = mgmt->sa;
778 event.rx_action.bssid = mgmt->bssid;
779 event.rx_action.category = mgmt->u.action.category;
780 event.rx_action.data = &mgmt->u.action.category + 1;
781 event.rx_action.len = frame + len - event.rx_action.data;
782 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event);
784 event.rx_mgmt.frame = frame;
785 event.rx_mgmt.frame_len = len;
786 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
791 static void mlme_event_action_tx_status(struct wpa_driver_nl80211_data *drv,
792 struct nlattr *cookie, const u8 *frame,
793 size_t len, struct nlattr *ack)
795 union wpa_event_data event;
796 const struct ieee80211_hdr *hdr;
803 cookie_val = nla_get_u64(cookie);
804 wpa_printf(MSG_DEBUG, "nl80211: Action TX status: cookie=0%llx%s "
806 (long long unsigned int) cookie_val,
807 cookie_val == drv->send_action_cookie ?
808 " (match)" : " (unknown)", ack != NULL);
809 if (cookie_val != drv->send_action_cookie)
812 hdr = (const struct ieee80211_hdr *) frame;
813 fc = le_to_host16(hdr->frame_control);
815 os_memset(&event, 0, sizeof(event));
816 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
817 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
818 event.tx_status.dst = hdr->addr1;
819 event.tx_status.data = frame;
820 event.tx_status.data_len = len;
821 event.tx_status.ack = ack != NULL;
822 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event);
826 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
827 enum wpa_event_type type,
828 const u8 *frame, size_t len)
830 const struct ieee80211_mgmt *mgmt;
831 union wpa_event_data event;
832 const u8 *bssid = NULL;
835 mgmt = (const struct ieee80211_mgmt *) frame;
839 if (drv->associated != 0 &&
840 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
841 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
843 * We have presumably received this deauth as a
844 * response to a clear_state_mismatch() outgoing
845 * deauth. Don't let it take us offline!
847 wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
848 "from Unknown BSSID " MACSTR " -- ignoring",
855 os_memset(&event, 0, sizeof(event));
857 /* Note: Same offset for Reason Code in both frame subtypes */
858 if (len >= 24 + sizeof(mgmt->u.deauth))
859 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
861 if (type == EVENT_DISASSOC) {
862 event.disassoc_info.addr = bssid;
863 event.disassoc_info.reason_code = reason_code;
864 if (frame + len > mgmt->u.disassoc.variable) {
865 event.disassoc_info.ie = mgmt->u.disassoc.variable;
866 event.disassoc_info.ie_len = frame + len -
867 mgmt->u.disassoc.variable;
870 event.deauth_info.addr = bssid;
871 event.deauth_info.reason_code = reason_code;
872 if (frame + len > mgmt->u.deauth.variable) {
873 event.deauth_info.ie = mgmt->u.deauth.variable;
874 event.deauth_info.ie_len = frame + len -
875 mgmt->u.deauth.variable;
879 wpa_supplicant_event(drv->ctx, type, &event);
883 static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv,
884 enum wpa_event_type type,
885 const u8 *frame, size_t len)
887 const struct ieee80211_mgmt *mgmt;
888 union wpa_event_data event;
894 mgmt = (const struct ieee80211_mgmt *) frame;
896 os_memset(&event, 0, sizeof(event));
897 /* Note: Same offset for Reason Code in both frame subtypes */
898 if (len >= 24 + sizeof(mgmt->u.deauth))
899 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
901 if (type == EVENT_UNPROT_DISASSOC) {
902 event.unprot_disassoc.sa = mgmt->sa;
903 event.unprot_disassoc.da = mgmt->da;
904 event.unprot_disassoc.reason_code = reason_code;
906 event.unprot_deauth.sa = mgmt->sa;
907 event.unprot_deauth.da = mgmt->da;
908 event.unprot_deauth.reason_code = reason_code;
911 wpa_supplicant_event(drv->ctx, type, &event);
915 static void mlme_event(struct wpa_driver_nl80211_data *drv,
916 enum nl80211_commands cmd, struct nlattr *frame,
917 struct nlattr *addr, struct nlattr *timed_out,
918 struct nlattr *freq, struct nlattr *ack,
919 struct nlattr *cookie)
921 if (timed_out && addr) {
922 mlme_timeout_event(drv, cmd, addr);
927 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame "
932 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd);
933 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
934 nla_data(frame), nla_len(frame));
937 case NL80211_CMD_AUTHENTICATE:
938 mlme_event_auth(drv, nla_data(frame), nla_len(frame));
940 case NL80211_CMD_ASSOCIATE:
941 mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
943 case NL80211_CMD_DEAUTHENTICATE:
944 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH,
945 nla_data(frame), nla_len(frame));
947 case NL80211_CMD_DISASSOCIATE:
948 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC,
949 nla_data(frame), nla_len(frame));
951 case NL80211_CMD_FRAME:
952 mlme_event_mgmt(drv, freq, nla_data(frame), nla_len(frame));
954 case NL80211_CMD_FRAME_TX_STATUS:
955 mlme_event_action_tx_status(drv, cookie, nla_data(frame),
956 nla_len(frame), ack);
958 case NL80211_CMD_UNPROT_DEAUTHENTICATE:
959 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH,
960 nla_data(frame), nla_len(frame));
962 case NL80211_CMD_UNPROT_DISASSOCIATE:
963 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC,
964 nla_data(frame), nla_len(frame));
972 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv,
975 union wpa_event_data data;
977 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
978 os_memset(&data, 0, sizeof(data));
979 if (tb[NL80211_ATTR_MAC]) {
980 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
981 nla_data(tb[NL80211_ATTR_MAC]),
982 nla_len(tb[NL80211_ATTR_MAC]));
983 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]);
985 if (tb[NL80211_ATTR_KEY_SEQ]) {
986 wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
987 nla_data(tb[NL80211_ATTR_KEY_SEQ]),
988 nla_len(tb[NL80211_ATTR_KEY_SEQ]));
990 if (tb[NL80211_ATTR_KEY_TYPE]) {
991 enum nl80211_key_type key_type =
992 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
993 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
994 if (key_type == NL80211_KEYTYPE_PAIRWISE)
995 data.michael_mic_failure.unicast = 1;
997 data.michael_mic_failure.unicast = 1;
999 if (tb[NL80211_ATTR_KEY_IDX]) {
1000 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
1001 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
1004 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
1008 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv,
1009 struct nlattr *tb[])
1011 if (tb[NL80211_ATTR_MAC] == NULL) {
1012 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined "
1016 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
1017 drv->associated = 1;
1018 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined",
1019 MAC2STR(drv->bssid));
1021 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
1025 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv,
1026 int cancel_event, struct nlattr *tb[])
1028 unsigned int freq, chan_type, duration;
1029 union wpa_event_data data;
1032 if (tb[NL80211_ATTR_WIPHY_FREQ])
1033 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
1037 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
1038 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1042 if (tb[NL80211_ATTR_DURATION])
1043 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]);
1047 if (tb[NL80211_ATTR_COOKIE])
1048 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
1052 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d "
1053 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))",
1054 cancel_event, freq, chan_type, duration,
1055 (long long unsigned int) cookie,
1056 cookie == drv->remain_on_chan_cookie ? "match" : "unknown");
1058 if (cookie != drv->remain_on_chan_cookie)
1059 return; /* not for us */
1061 drv->pending_remain_on_chan = !cancel_event;
1063 os_memset(&data, 0, sizeof(data));
1064 data.remain_on_channel.freq = freq;
1065 data.remain_on_channel.duration = duration;
1066 wpa_supplicant_event(drv->ctx, cancel_event ?
1067 EVENT_CANCEL_REMAIN_ON_CHANNEL :
1068 EVENT_REMAIN_ON_CHANNEL, &data);
1072 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
1073 struct nlattr *tb[])
1075 union wpa_event_data event;
1078 struct scan_info *info;
1079 #define MAX_REPORT_FREQS 50
1080 int freqs[MAX_REPORT_FREQS];
1083 os_memset(&event, 0, sizeof(event));
1084 info = &event.scan_info;
1085 info->aborted = aborted;
1087 if (tb[NL80211_ATTR_SCAN_SSIDS]) {
1088 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
1089 struct wpa_driver_scan_ssid *s =
1090 &info->ssids[info->num_ssids];
1091 s->ssid = nla_data(nl);
1092 s->ssid_len = nla_len(nl);
1094 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
1098 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
1099 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem)
1101 freqs[num_freqs] = nla_get_u32(nl);
1103 if (num_freqs == MAX_REPORT_FREQS - 1)
1106 info->freqs = freqs;
1107 info->num_freqs = num_freqs;
1109 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
1113 static int get_link_signal(struct nl_msg *msg, void *arg)
1115 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1116 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1117 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
1118 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
1119 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
1121 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1];
1122 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
1123 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
1124 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
1125 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG },
1126 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
1128 struct wpa_signal_info *sig_change = arg;
1130 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1131 genlmsg_attrlen(gnlh, 0), NULL);
1132 if (!tb[NL80211_ATTR_STA_INFO] ||
1133 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
1134 tb[NL80211_ATTR_STA_INFO], policy))
1136 if (!sinfo[NL80211_STA_INFO_SIGNAL])
1139 sig_change->current_signal =
1140 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
1142 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) {
1143 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX,
1144 sinfo[NL80211_STA_INFO_TX_BITRATE],
1146 sig_change->current_txrate = 0;
1148 if (rinfo[NL80211_RATE_INFO_BITRATE]) {
1149 sig_change->current_txrate =
1151 NL80211_RATE_INFO_BITRATE]) * 100;
1160 static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
1161 struct wpa_signal_info *sig)
1165 sig->current_signal = -9999;
1166 sig->current_txrate = 0;
1168 msg = nlmsg_alloc();
1172 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1173 0, NL80211_CMD_GET_STATION, 0);
1175 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1176 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
1178 return send_and_recv_msgs(drv, msg, get_link_signal, sig);
1184 static int get_link_noise(struct nl_msg *msg, void *arg)
1186 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1187 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1188 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1189 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1190 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1191 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1193 struct wpa_signal_info *sig_change = arg;
1195 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1196 genlmsg_attrlen(gnlh, 0), NULL);
1198 if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1199 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
1203 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1204 tb[NL80211_ATTR_SURVEY_INFO],
1206 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
1211 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1214 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1215 sig_change->frequency)
1218 if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1221 sig_change->current_noise =
1222 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1228 static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
1229 struct wpa_signal_info *sig_change)
1233 sig_change->current_noise = 9999;
1234 sig_change->frequency = drv->assoc_freq;
1236 msg = nlmsg_alloc();
1240 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1241 NLM_F_DUMP, NL80211_CMD_GET_SURVEY, 0);
1243 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1245 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change);
1251 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv,
1252 struct nlattr *tb[])
1254 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
1255 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
1256 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 },
1257 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
1258 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 },
1260 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1];
1261 enum nl80211_cqm_rssi_threshold_event event;
1262 union wpa_event_data ed;
1263 struct wpa_signal_info sig;
1266 if (tb[NL80211_ATTR_CQM] == NULL ||
1267 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM],
1269 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event");
1273 os_memset(&ed, 0, sizeof(ed));
1275 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) {
1276 if (!tb[NL80211_ATTR_MAC])
1278 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]),
1280 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed);
1284 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL)
1286 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]);
1288 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) {
1289 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1290 "event: RSSI high");
1291 ed.signal_change.above_threshold = 1;
1292 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) {
1293 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1295 ed.signal_change.above_threshold = 0;
1299 res = nl80211_get_link_signal(drv, &sig);
1301 ed.signal_change.current_signal = sig.current_signal;
1302 ed.signal_change.current_txrate = sig.current_txrate;
1303 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d",
1304 sig.current_signal, sig.current_txrate);
1307 res = nl80211_get_link_noise(drv, &sig);
1309 ed.signal_change.current_noise = sig.current_noise;
1310 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm",
1314 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed);
1318 static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv,
1322 union wpa_event_data data;
1324 if (tb[NL80211_ATTR_MAC] == NULL)
1326 addr = nla_data(tb[NL80211_ATTR_MAC]);
1327 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr));
1328 if (drv->nlmode != NL80211_IFTYPE_ADHOC)
1331 os_memset(&data, 0, sizeof(data));
1332 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN);
1333 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data);
1337 static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv,
1341 union wpa_event_data data;
1343 if (tb[NL80211_ATTR_MAC] == NULL)
1345 addr = nla_data(tb[NL80211_ATTR_MAC]);
1346 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR,
1348 if (drv->nlmode != NL80211_IFTYPE_ADHOC)
1351 os_memset(&data, 0, sizeof(data));
1352 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN);
1353 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data);
1357 static int process_event(struct nl_msg *msg, void *arg)
1359 struct wpa_driver_nl80211_data *drv = arg;
1360 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1361 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1362 union wpa_event_data data;
1364 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1365 genlmsg_attrlen(gnlh, 0), NULL);
1367 if (tb[NL80211_ATTR_IFINDEX]) {
1368 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1369 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) {
1370 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)"
1371 " for foreign interface (ifindex %d)",
1372 gnlh->cmd, ifindex);
1377 if (drv->ap_scan_as_station &&
1378 (gnlh->cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
1379 gnlh->cmd == NL80211_CMD_SCAN_ABORTED)) {
1380 wpa_driver_nl80211_set_mode(&drv->first_bss,
1382 drv->ap_scan_as_station = 0;
1385 switch (gnlh->cmd) {
1386 case NL80211_CMD_TRIGGER_SCAN:
1387 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger");
1389 case NL80211_CMD_NEW_SCAN_RESULTS:
1390 wpa_printf(MSG_DEBUG, "nl80211: New scan results available");
1391 drv->scan_complete_events = 1;
1392 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
1394 send_scan_event(drv, 0, tb);
1396 case NL80211_CMD_SCAN_ABORTED:
1397 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted");
1399 * Need to indicate that scan results are available in order
1400 * not to make wpa_supplicant stop its scanning.
1402 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
1404 send_scan_event(drv, 1, tb);
1406 case NL80211_CMD_AUTHENTICATE:
1407 case NL80211_CMD_ASSOCIATE:
1408 case NL80211_CMD_DEAUTHENTICATE:
1409 case NL80211_CMD_DISASSOCIATE:
1410 case NL80211_CMD_FRAME:
1411 case NL80211_CMD_FRAME_TX_STATUS:
1412 case NL80211_CMD_UNPROT_DEAUTHENTICATE:
1413 case NL80211_CMD_UNPROT_DISASSOCIATE:
1414 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME],
1415 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
1416 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
1417 tb[NL80211_ATTR_COOKIE]);
1419 case NL80211_CMD_CONNECT:
1420 case NL80211_CMD_ROAM:
1421 mlme_event_connect(drv, gnlh->cmd,
1422 tb[NL80211_ATTR_STATUS_CODE],
1423 tb[NL80211_ATTR_MAC],
1424 tb[NL80211_ATTR_REQ_IE],
1425 tb[NL80211_ATTR_RESP_IE]);
1427 case NL80211_CMD_DISCONNECT:
1428 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1430 * Avoid reporting two disassociation events that could
1431 * confuse the core code.
1433 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1434 "event when using userspace SME");
1437 drv->associated = 0;
1438 os_memset(&data, 0, sizeof(data));
1439 if (tb[NL80211_ATTR_REASON_CODE])
1440 data.disassoc_info.reason_code =
1441 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]);
1442 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data);
1444 case NL80211_CMD_MICHAEL_MIC_FAILURE:
1445 mlme_event_michael_mic_failure(drv, tb);
1447 case NL80211_CMD_JOIN_IBSS:
1448 mlme_event_join_ibss(drv, tb);
1450 case NL80211_CMD_REMAIN_ON_CHANNEL:
1451 mlme_event_remain_on_channel(drv, 0, tb);
1453 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL:
1454 mlme_event_remain_on_channel(drv, 1, tb);
1456 case NL80211_CMD_NOTIFY_CQM:
1457 nl80211_cqm_event(drv, tb);
1459 case NL80211_CMD_REG_CHANGE:
1460 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change");
1461 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
1464 case NL80211_CMD_REG_BEACON_HINT:
1465 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
1466 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
1469 case NL80211_CMD_NEW_STATION:
1470 nl80211_new_station_event(drv, tb);
1472 case NL80211_CMD_DEL_STATION:
1473 nl80211_del_station_event(drv, tb);
1476 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
1477 "(cmd=%d)", gnlh->cmd);
1485 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
1489 struct wpa_driver_nl80211_data *drv = eloop_ctx;
1491 wpa_printf(MSG_DEBUG, "nl80211: Event message available");
1493 cb = nl_cb_clone(drv->nl_cb);
1496 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
1497 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv);
1498 nl_recvmsgs(handle, cb);
1504 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
1505 * @priv: driver_nl80211 private data
1506 * @alpha2_arg: country to which to switch to
1507 * Returns: 0 on success, -1 on failure
1509 * This asks nl80211 to set the regulatory domain for given
1510 * country ISO / IEC alpha2.
1512 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
1514 struct i802_bss *bss = priv;
1515 struct wpa_driver_nl80211_data *drv = bss->drv;
1519 msg = nlmsg_alloc();
1523 alpha2[0] = alpha2_arg[0];
1524 alpha2[1] = alpha2_arg[1];
1527 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1528 0, NL80211_CMD_REQ_SET_REG, 0);
1530 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
1531 if (send_and_recv_msgs(drv, msg, NULL, NULL))
1539 struct wiphy_info_data {
1544 int connect_supported;
1545 int offchan_tx_supported;
1546 int max_remain_on_chan;
1550 static int wiphy_info_handler(struct nl_msg *msg, void *arg)
1552 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1553 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1554 struct wiphy_info_data *info = arg;
1555 int p2p_go_supported = 0, p2p_client_supported = 0;
1557 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1558 genlmsg_attrlen(gnlh, 0), NULL);
1560 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
1561 info->max_scan_ssids =
1562 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
1564 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) {
1565 struct nlattr *nl_mode;
1567 nla_for_each_nested(nl_mode,
1568 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) {
1569 switch (nla_type(nl_mode)) {
1570 case NL80211_IFTYPE_AP:
1571 info->ap_supported = 1;
1573 case NL80211_IFTYPE_P2P_GO:
1574 p2p_go_supported = 1;
1576 case NL80211_IFTYPE_P2P_CLIENT:
1577 p2p_client_supported = 1;
1583 info->p2p_supported = p2p_go_supported && p2p_client_supported;
1585 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) {
1586 struct nlattr *nl_cmd;
1589 nla_for_each_nested(nl_cmd,
1590 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) {
1591 u32 cmd = nla_get_u32(nl_cmd);
1592 if (cmd == NL80211_CMD_AUTHENTICATE)
1593 info->auth_supported = 1;
1594 else if (cmd == NL80211_CMD_CONNECT)
1595 info->connect_supported = 1;
1599 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK])
1600 info->offchan_tx_supported = 1;
1602 if (tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION])
1603 info->max_remain_on_chan =
1604 nla_get_u32(tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]);
1610 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
1611 struct wiphy_info_data *info)
1615 os_memset(info, 0, sizeof(*info));
1617 /* default to 5000 since early versions of mac80211 don't set it */
1618 info->max_remain_on_chan = 5000;
1620 msg = nlmsg_alloc();
1624 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1625 0, NL80211_CMD_GET_WIPHY, 0);
1627 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex);
1629 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0)
1638 static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
1640 struct wiphy_info_data info;
1641 if (wpa_driver_nl80211_get_info(drv, &info))
1643 drv->has_capability = 1;
1644 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
1645 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1646 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
1647 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1648 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1649 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
1650 WPA_DRIVER_CAPA_ENC_WEP104 |
1651 WPA_DRIVER_CAPA_ENC_TKIP |
1652 WPA_DRIVER_CAPA_ENC_CCMP;
1653 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1654 WPA_DRIVER_AUTH_SHARED |
1655 WPA_DRIVER_AUTH_LEAP;
1657 drv->capa.max_scan_ssids = info.max_scan_ssids;
1658 if (info.ap_supported)
1659 drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
1661 if (info.auth_supported)
1662 drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
1663 else if (!info.connect_supported) {
1664 wpa_printf(MSG_INFO, "nl80211: Driver does not support "
1665 "authentication/association or connect commands");
1669 if (info.offchan_tx_supported) {
1670 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based "
1672 drv->capa.flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
1675 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES;
1676 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE;
1677 if (info.p2p_supported)
1678 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE;
1679 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
1680 drv->capa.max_remain_on_chan = info.max_remain_on_chan;
1686 static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv)
1690 /* Initialize generic netlink and nl80211 */
1692 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1693 if (drv->nl_cb == NULL) {
1694 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1699 drv->nl_handle = nl80211_handle_alloc(drv->nl_cb);
1700 if (drv->nl_handle == NULL) {
1701 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1706 drv->nl_handle_event = nl80211_handle_alloc(drv->nl_cb);
1707 if (drv->nl_handle_event == NULL) {
1708 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1709 "callbacks (event)");
1713 if (genl_connect(drv->nl_handle)) {
1714 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1719 if (genl_connect(drv->nl_handle_event)) {
1720 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1725 #ifdef CONFIG_LIBNL20
1726 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) {
1727 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1731 if (genl_ctrl_alloc_cache(drv->nl_handle_event, &drv->nl_cache_event) <
1733 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1734 "netlink cache (event)");
1737 #else /* CONFIG_LIBNL20 */
1738 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
1739 if (drv->nl_cache == NULL) {
1740 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1744 drv->nl_cache_event = genl_ctrl_alloc_cache(drv->nl_handle_event);
1745 if (drv->nl_cache_event == NULL) {
1746 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1747 "netlink cache (event)");
1750 #endif /* CONFIG_LIBNL20 */
1752 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
1753 if (drv->nl80211 == NULL) {
1754 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
1759 ret = nl_get_multicast_id(drv, "nl80211", "scan");
1761 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1763 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1764 "membership for scan events: %d (%s)",
1765 ret, strerror(-ret));
1769 ret = nl_get_multicast_id(drv, "nl80211", "mlme");
1771 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1773 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1774 "membership for mlme events: %d (%s)",
1775 ret, strerror(-ret));
1779 ret = nl_get_multicast_id(drv, "nl80211", "regulatory");
1781 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1783 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
1784 "membership for regulatory events: %d (%s)",
1785 ret, strerror(-ret));
1786 /* Continue without regulatory events */
1789 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_event),
1790 wpa_driver_nl80211_event_receive, drv,
1791 drv->nl_handle_event);
1796 nl_cache_free(drv->nl_cache_event);
1798 nl_cache_free(drv->nl_cache);
1800 nl80211_handle_destroy(drv->nl_handle_event);
1802 nl80211_handle_destroy(drv->nl_handle);
1804 nl_cb_put(drv->nl_cb);
1810 static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
1812 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
1814 * This may be for any interface; use ifdown event to disable
1820 static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
1822 struct wpa_driver_nl80211_data *drv = ctx;
1823 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
1824 if (linux_set_iface_flags(drv->ioctl_sock, drv->first_bss.ifname, 1)) {
1825 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
1826 "after rfkill unblock");
1829 /* rtnetlink ifup handler will report interface as enabled */
1833 static void nl80211_get_phy_name(struct wpa_driver_nl80211_data *drv)
1835 /* Find phy (radio) to which this interface belongs */
1839 drv->phyname[0] = '\0';
1840 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name",
1841 drv->first_bss.ifname);
1842 f = open(buf, O_RDONLY);
1844 wpa_printf(MSG_DEBUG, "Could not open file %s: %s",
1845 buf, strerror(errno));
1849 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1);
1852 wpa_printf(MSG_DEBUG, "Could not read file %s: %s",
1853 buf, strerror(errno));
1857 drv->phyname[rv] = '\0';
1858 pos = os_strchr(drv->phyname, '\n');
1861 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s",
1862 drv->first_bss.ifname, drv->phyname);
1867 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
1868 * @ctx: context to be used when calling wpa_supplicant functions,
1869 * e.g., wpa_supplicant_event()
1870 * @ifname: interface name, e.g., wlan0
1871 * @global_priv: private driver global data from global_init()
1872 * Returns: Pointer to private data, %NULL on failure
1874 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
1877 struct wpa_driver_nl80211_data *drv;
1878 struct netlink_config *cfg;
1879 struct rfkill_config *rcfg;
1880 struct i802_bss *bss;
1882 drv = os_zalloc(sizeof(*drv));
1885 drv->global = global_priv;
1887 bss = &drv->first_bss;
1889 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
1890 drv->monitor_ifidx = -1;
1891 drv->monitor_sock = -1;
1892 drv->ioctl_sock = -1;
1894 if (wpa_driver_nl80211_init_nl(drv)) {
1899 nl80211_get_phy_name(drv);
1901 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1902 if (drv->ioctl_sock < 0) {
1903 perror("socket(PF_INET,SOCK_DGRAM)");
1907 cfg = os_zalloc(sizeof(*cfg));
1911 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
1912 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
1913 drv->netlink = netlink_init(cfg);
1914 if (drv->netlink == NULL) {
1919 rcfg = os_zalloc(sizeof(*rcfg));
1923 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
1924 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
1925 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
1926 drv->rfkill = rfkill_init(rcfg);
1927 if (drv->rfkill == NULL) {
1928 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
1932 if (wpa_driver_nl80211_finish_drv_init(drv))
1936 dl_list_add(&drv->global->interfaces, &drv->list);
1941 rfkill_deinit(drv->rfkill);
1942 netlink_deinit(drv->netlink);
1943 if (drv->ioctl_sock >= 0)
1944 close(drv->ioctl_sock);
1946 genl_family_put(drv->nl80211);
1947 nl_cache_free(drv->nl_cache);
1948 nl80211_handle_destroy(drv->nl_handle);
1949 nl_cb_put(drv->nl_cb);
1950 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event));
1957 static int nl80211_register_frame(struct wpa_driver_nl80211_data *drv,
1958 struct nl_handle *nl_handle,
1959 u16 type, const u8 *match, size_t match_len)
1964 msg = nlmsg_alloc();
1968 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1969 NL80211_CMD_REGISTER_ACTION, 0);
1971 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1972 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type);
1973 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match);
1975 ret = send_and_recv(drv, nl_handle, msg, NULL, NULL);
1978 wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
1979 "failed (type=%u): ret=%d (%s)",
1980 type, ret, strerror(-ret));
1981 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
1983 goto nla_put_failure;
1992 static int nl80211_register_action_frame(struct wpa_driver_nl80211_data *drv,
1993 const u8 *match, size_t match_len)
1995 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
1996 return nl80211_register_frame(drv, drv->nl_handle_event,
1997 type, match, match_len);
2001 static int nl80211_register_action_frames(struct wpa_driver_nl80211_data *drv)
2004 /* GAS Initial Request */
2005 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0a", 2) < 0)
2007 /* GAS Initial Response */
2008 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0b", 2) < 0)
2010 /* GAS Comeback Request */
2011 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0c", 2) < 0)
2013 /* GAS Comeback Response */
2014 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0d", 2) < 0)
2016 /* P2P Public Action */
2017 if (nl80211_register_action_frame(drv,
2018 (u8 *) "\x04\x09\x50\x6f\x9a\x09",
2022 if (nl80211_register_action_frame(drv,
2023 (u8 *) "\x7f\x50\x6f\x9a\x09",
2026 #endif /* CONFIG_P2P */
2027 #ifdef CONFIG_IEEE80211W
2028 /* SA Query Response */
2029 if (nl80211_register_action_frame(drv, (u8 *) "\x08\x01", 2) < 0)
2031 #endif /* CONFIG_IEEE80211W */
2033 /* FT Action frames */
2034 if (nl80211_register_action_frame(drv, (u8 *) "\x06", 1) < 0)
2037 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
2038 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
2044 static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
2046 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
2051 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
2053 struct i802_bss *bss = &drv->first_bss;
2054 int send_rfkill_event = 0;
2056 drv->ifindex = if_nametoindex(bss->ifname);
2057 drv->first_bss.ifindex = drv->ifindex;
2060 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA) < 0) {
2061 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to "
2062 "use managed mode");
2065 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) {
2066 if (rfkill_is_blocked(drv->rfkill)) {
2067 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
2068 "interface '%s' due to rfkill",
2070 drv->if_disabled = 1;
2071 send_rfkill_event = 1;
2073 wpa_printf(MSG_ERROR, "nl80211: Could not set "
2074 "interface '%s' UP", bss->ifname);
2079 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
2080 1, IF_OPER_DORMANT);
2081 #endif /* HOSTAPD */
2083 if (wpa_driver_nl80211_capa(drv))
2086 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, drv->addr))
2089 if (nl80211_register_action_frames(drv) < 0) {
2090 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
2091 "frame processing - ignore for now");
2093 * Older kernel versions did not support this, so ignore the
2094 * error for now. Some functionality may not be available
2099 if (send_rfkill_event) {
2100 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
2108 static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
2112 msg = nlmsg_alloc();
2116 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2117 0, NL80211_CMD_DEL_BEACON, 0);
2118 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2120 return send_and_recv_msgs(drv, msg, NULL, NULL);
2127 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
2128 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init()
2130 * Shut down driver interface and processing of driver events. Free
2131 * private data buffer if one was allocated in wpa_driver_nl80211_init().
2133 static void wpa_driver_nl80211_deinit(void *priv)
2135 struct i802_bss *bss = priv;
2136 struct wpa_driver_nl80211_data *drv = bss->drv;
2138 if (drv->nl_handle_preq)
2139 wpa_driver_nl80211_probe_req_report(bss, 0);
2140 if (bss->added_if_into_bridge) {
2141 if (linux_br_del_if(drv->ioctl_sock, bss->brname, bss->ifname)
2143 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
2144 "interface %s from bridge %s: %s",
2145 bss->ifname, bss->brname, strerror(errno));
2147 if (bss->added_bridge) {
2148 if (linux_br_del(drv->ioctl_sock, bss->brname) < 0)
2149 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
2151 bss->brname, strerror(errno));
2154 nl80211_remove_monitor_interface(drv);
2156 if (drv->nlmode == NL80211_IFTYPE_AP)
2157 wpa_driver_nl80211_del_beacon(drv);
2160 if (drv->last_freq_ht) {
2161 /* Clear HT flags from the driver */
2162 struct hostapd_freq_params freq;
2163 os_memset(&freq, 0, sizeof(freq));
2164 freq.freq = drv->last_freq;
2165 i802_set_freq(priv, &freq);
2168 if (drv->eapol_sock >= 0) {
2169 eloop_unregister_read_sock(drv->eapol_sock);
2170 close(drv->eapol_sock);
2173 if (drv->if_indices != drv->default_if_indices)
2174 os_free(drv->if_indices);
2175 #endif /* HOSTAPD */
2177 if (drv->disable_11b_rates)
2178 nl80211_disable_11b_rates(drv, drv->ifindex, 0);
2180 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP);
2181 netlink_deinit(drv->netlink);
2182 rfkill_deinit(drv->rfkill);
2184 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
2186 (void) linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0);
2187 wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA);
2189 if (drv->ioctl_sock >= 0)
2190 close(drv->ioctl_sock);
2192 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event));
2193 genl_family_put(drv->nl80211);
2194 nl_cache_free(drv->nl_cache);
2195 nl_cache_free(drv->nl_cache_event);
2196 nl80211_handle_destroy(drv->nl_handle);
2197 nl80211_handle_destroy(drv->nl_handle_event);
2198 nl_cb_put(drv->nl_cb);
2200 os_free(drv->filter_ssids);
2203 dl_list_del(&drv->list);
2210 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
2211 * @eloop_ctx: Driver private data
2212 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
2214 * This function can be used as registered timeout when starting a scan to
2215 * generate a scan completed event if the driver does not report this.
2217 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
2219 struct wpa_driver_nl80211_data *drv = eloop_ctx;
2220 if (drv->ap_scan_as_station) {
2221 wpa_driver_nl80211_set_mode(&drv->first_bss,
2223 drv->ap_scan_as_station = 0;
2225 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
2226 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
2231 * wpa_driver_nl80211_scan - Request the driver to initiate scan
2232 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
2233 * @params: Scan parameters
2234 * Returns: 0 on success, -1 on failure
2236 static int wpa_driver_nl80211_scan(void *priv,
2237 struct wpa_driver_scan_params *params)
2239 struct i802_bss *bss = priv;
2240 struct wpa_driver_nl80211_data *drv = bss->drv;
2241 int ret = 0, timeout;
2242 struct nl_msg *msg, *ssids, *freqs;
2245 msg = nlmsg_alloc();
2246 ssids = nlmsg_alloc();
2247 freqs = nlmsg_alloc();
2248 if (!msg || !ssids || !freqs) {
2255 os_free(drv->filter_ssids);
2256 drv->filter_ssids = params->filter_ssids;
2257 params->filter_ssids = NULL;
2258 drv->num_filter_ssids = params->num_filter_ssids;
2260 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2261 NL80211_CMD_TRIGGER_SCAN, 0);
2263 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2265 for (i = 0; i < params->num_ssids; i++) {
2266 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID",
2267 params->ssids[i].ssid,
2268 params->ssids[i].ssid_len);
2269 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
2270 params->ssids[i].ssid);
2272 if (params->num_ssids)
2273 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
2275 if (params->extra_ies) {
2276 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan extra IEs",
2277 params->extra_ies, params->extra_ies_len);
2278 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
2282 if (params->freqs) {
2283 for (i = 0; params->freqs[i]; i++) {
2284 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
2285 "MHz", params->freqs[i]);
2286 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
2288 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
2291 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2294 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
2295 "(%s)", ret, strerror(-ret));
2297 if (drv->nlmode == NL80211_IFTYPE_AP) {
2299 * mac80211 does not allow scan requests in AP mode, so
2300 * try to do this in station mode.
2302 if (wpa_driver_nl80211_set_mode(bss,
2303 IEEE80211_MODE_INFRA))
2304 goto nla_put_failure;
2306 if (wpa_driver_nl80211_scan(drv, params)) {
2307 wpa_driver_nl80211_set_mode(bss,
2309 goto nla_put_failure;
2312 /* Restore AP mode when processing scan results */
2313 drv->ap_scan_as_station = 1;
2316 goto nla_put_failure;
2318 goto nla_put_failure;
2319 #endif /* HOSTAPD */
2322 /* Not all drivers generate "scan completed" wireless event, so try to
2323 * read results after a timeout. */
2325 if (drv->scan_complete_events) {
2327 * The driver seems to deliver events to notify when scan is
2328 * complete, so use longer timeout to avoid race conditions
2329 * with scanning and following association request.
2333 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
2334 "seconds", ret, timeout);
2335 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
2336 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
2347 static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie)
2349 const u8 *end, *pos;
2355 end = ies + ies_len;
2357 while (pos + 1 < end) {
2358 if (pos + 2 + pos[1] > end)
2369 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
2370 const u8 *ie, size_t ie_len)
2375 if (drv->filter_ssids == NULL)
2378 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID);
2382 for (i = 0; i < drv->num_filter_ssids; i++) {
2383 if (ssid[1] == drv->filter_ssids[i].ssid_len &&
2384 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
2393 static int bss_info_handler(struct nl_msg *msg, void *arg)
2395 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2396 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2397 struct nlattr *bss[NL80211_BSS_MAX + 1];
2398 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
2399 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
2400 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
2401 [NL80211_BSS_TSF] = { .type = NLA_U64 },
2402 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
2403 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
2404 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
2405 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
2406 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
2407 [NL80211_BSS_STATUS] = { .type = NLA_U32 },
2408 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
2409 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
2411 struct nl80211_bss_info_arg *_arg = arg;
2412 struct wpa_scan_results *res = _arg->res;
2413 struct wpa_scan_res **tmp;
2414 struct wpa_scan_res *r;
2415 const u8 *ie, *beacon_ie;
2416 size_t ie_len, beacon_ie_len;
2420 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2421 genlmsg_attrlen(gnlh, 0), NULL);
2422 if (!tb[NL80211_ATTR_BSS])
2424 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
2427 if (bss[NL80211_BSS_STATUS]) {
2428 enum nl80211_bss_status status;
2429 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
2430 if (status == NL80211_BSS_STATUS_ASSOCIATED &&
2431 bss[NL80211_BSS_FREQUENCY]) {
2433 nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
2434 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz",
2440 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
2441 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
2442 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
2447 if (bss[NL80211_BSS_BEACON_IES]) {
2448 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
2449 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
2455 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie,
2456 ie ? ie_len : beacon_ie_len))
2459 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
2462 if (bss[NL80211_BSS_BSSID])
2463 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
2465 if (bss[NL80211_BSS_FREQUENCY])
2466 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
2467 if (bss[NL80211_BSS_BEACON_INTERVAL])
2468 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
2469 if (bss[NL80211_BSS_CAPABILITY])
2470 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
2471 r->flags |= WPA_SCAN_NOISE_INVALID;
2472 if (bss[NL80211_BSS_SIGNAL_MBM]) {
2473 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
2474 r->level /= 100; /* mBm to dBm */
2475 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
2476 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
2477 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
2478 r->flags |= WPA_SCAN_LEVEL_INVALID;
2480 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
2481 if (bss[NL80211_BSS_TSF])
2482 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
2483 if (bss[NL80211_BSS_SEEN_MS_AGO])
2484 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
2486 pos = (u8 *) (r + 1);
2488 os_memcpy(pos, ie, ie_len);
2491 r->beacon_ie_len = beacon_ie_len;
2493 os_memcpy(pos, beacon_ie, beacon_ie_len);
2495 if (bss[NL80211_BSS_STATUS]) {
2496 enum nl80211_bss_status status;
2497 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
2499 case NL80211_BSS_STATUS_AUTHENTICATED:
2500 r->flags |= WPA_SCAN_AUTHENTICATED;
2502 case NL80211_BSS_STATUS_ASSOCIATED:
2503 r->flags |= WPA_SCAN_ASSOCIATED;
2511 * cfg80211 maintains separate BSS table entries for APs if the same
2512 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does
2513 * not use frequency as a separate key in the BSS table, so filter out
2514 * duplicated entries. Prefer associated BSS entry in such a case in
2515 * order to get the correct frequency into the BSS table.
2517 for (i = 0; i < res->num; i++) {
2519 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0)
2522 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1),
2523 res->res[i]->ie_len, WLAN_EID_SSID);
2524 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID);
2525 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] ||
2526 os_memcmp(s1, s2, 2 + s1[1]) != 0)
2529 /* Same BSSID,SSID was already included in scan results */
2530 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result "
2531 "for " MACSTR, MAC2STR(r->bssid));
2533 if ((r->flags & WPA_SCAN_ASSOCIATED) &&
2534 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) {
2535 os_free(res->res[i]);
2542 tmp = os_realloc(res->res,
2543 (res->num + 1) * sizeof(struct wpa_scan_res *));
2548 tmp[res->num++] = r;
2555 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
2558 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
2559 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
2560 "mismatch (" MACSTR ")", MAC2STR(addr));
2561 wpa_driver_nl80211_mlme(drv, addr,
2562 NL80211_CMD_DEAUTHENTICATE,
2563 WLAN_REASON_PREV_AUTH_NOT_VALID, 1);
2568 static void wpa_driver_nl80211_check_bss_status(
2569 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
2573 for (i = 0; i < res->num; i++) {
2574 struct wpa_scan_res *r = res->res[i];
2575 if (r->flags & WPA_SCAN_AUTHENTICATED) {
2576 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
2577 "indicates BSS status with " MACSTR
2578 " as authenticated",
2580 if (drv->nlmode == NL80211_IFTYPE_STATION &&
2581 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 &&
2582 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) !=
2584 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID"
2585 " in local state (auth=" MACSTR
2586 " assoc=" MACSTR ")",
2587 MAC2STR(drv->auth_bssid),
2588 MAC2STR(drv->bssid));
2589 clear_state_mismatch(drv, r->bssid);
2593 if (r->flags & WPA_SCAN_ASSOCIATED) {
2594 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
2595 "indicate BSS status with " MACSTR
2598 if (drv->nlmode == NL80211_IFTYPE_STATION &&
2600 wpa_printf(MSG_DEBUG, "nl80211: Local state "
2601 "(not associated) does not match "
2603 clear_state_mismatch(drv, r->bssid);
2604 } else if (drv->nlmode == NL80211_IFTYPE_STATION &&
2605 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) !=
2607 wpa_printf(MSG_DEBUG, "nl80211: Local state "
2608 "(associated with " MACSTR ") does "
2609 "not match with BSS state",
2610 MAC2STR(drv->bssid));
2611 clear_state_mismatch(drv, r->bssid);
2612 clear_state_mismatch(drv, drv->bssid);
2619 static void wpa_scan_results_free(struct wpa_scan_results *res)
2626 for (i = 0; i < res->num; i++)
2627 os_free(res->res[i]);
2633 static struct wpa_scan_results *
2634 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv)
2637 struct wpa_scan_results *res;
2639 struct nl80211_bss_info_arg arg;
2641 res = os_zalloc(sizeof(*res));
2644 msg = nlmsg_alloc();
2646 goto nla_put_failure;
2648 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP,
2649 NL80211_CMD_GET_SCAN, 0);
2650 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2654 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
2657 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)",
2658 (unsigned long) res->num);
2661 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
2662 "(%s)", ret, strerror(-ret));
2665 wpa_scan_results_free(res);
2671 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
2672 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
2673 * Returns: Scan results on success, -1 on failure
2675 static struct wpa_scan_results *
2676 wpa_driver_nl80211_get_scan_results(void *priv)
2678 struct i802_bss *bss = priv;
2679 struct wpa_driver_nl80211_data *drv = bss->drv;
2680 struct wpa_scan_results *res;
2682 res = nl80211_get_scan_results(drv);
2684 wpa_driver_nl80211_check_bss_status(drv, res);
2689 static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv)
2691 struct wpa_scan_results *res;
2694 res = nl80211_get_scan_results(drv);
2696 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results");
2700 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump");
2701 for (i = 0; i < res->num; i++) {
2702 struct wpa_scan_res *r = res->res[i];
2703 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s",
2704 (int) i, (int) res->num, MAC2STR(r->bssid),
2705 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "",
2706 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : "");
2709 wpa_scan_results_free(res);
2713 static int wpa_driver_nl80211_set_key(const char *ifname, void *priv,
2714 enum wpa_alg alg, const u8 *addr,
2715 int key_idx, int set_tx,
2716 const u8 *seq, size_t seq_len,
2717 const u8 *key, size_t key_len)
2719 struct i802_bss *bss = priv;
2720 struct wpa_driver_nl80211_data *drv = bss->drv;
2721 int ifindex = if_nametoindex(ifname);
2725 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d "
2726 "set_tx=%d seq_len=%lu key_len=%lu",
2727 __func__, ifindex, alg, addr, key_idx, set_tx,
2728 (unsigned long) seq_len, (unsigned long) key_len);
2730 msg = nlmsg_alloc();
2734 if (alg == WPA_ALG_NONE) {
2735 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2736 0, NL80211_CMD_DEL_KEY, 0);
2738 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2739 0, NL80211_CMD_NEW_KEY, 0);
2740 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
2744 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2745 WLAN_CIPHER_SUITE_WEP40);
2747 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2748 WLAN_CIPHER_SUITE_WEP104);
2751 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2752 WLAN_CIPHER_SUITE_TKIP);
2755 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2756 WLAN_CIPHER_SUITE_CCMP);
2759 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2760 WLAN_CIPHER_SUITE_AES_CMAC);
2763 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
2764 "algorithm %d", __func__, alg);
2771 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
2773 if (addr && !is_broadcast_ether_addr(addr)) {
2774 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
2775 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
2777 if (alg != WPA_ALG_WEP && key_idx && !set_tx) {
2778 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK");
2779 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE,
2780 NL80211_KEYTYPE_GROUP);
2782 } else if (addr && is_broadcast_ether_addr(addr)) {
2783 struct nl_msg *types;
2785 wpa_printf(MSG_DEBUG, " broadcast key");
2786 types = nlmsg_alloc();
2788 goto nla_put_failure;
2789 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
2790 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
2794 goto nla_put_failure;
2796 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
2797 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
2799 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2800 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
2803 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
2804 ret, strerror(-ret));
2807 * If we failed or don't need to set the default TX key (below),
2810 if (ret || !set_tx || alg == WPA_ALG_NONE)
2812 if (drv->nlmode == NL80211_IFTYPE_AP && addr &&
2813 !is_broadcast_ether_addr(addr))
2816 msg = nlmsg_alloc();
2820 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2821 0, NL80211_CMD_SET_KEY, 0);
2822 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
2823 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
2824 if (alg == WPA_ALG_IGTK)
2825 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
2827 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
2828 if (addr && is_broadcast_ether_addr(addr)) {
2829 struct nl_msg *types;
2831 types = nlmsg_alloc();
2833 goto nla_put_failure;
2834 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
2835 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
2839 goto nla_put_failure;
2841 struct nl_msg *types;
2843 types = nlmsg_alloc();
2845 goto nla_put_failure;
2846 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_UNICAST);
2847 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
2851 goto nla_put_failure;
2854 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2858 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
2859 "err=%d %s)", ret, strerror(-ret));
2867 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
2868 int key_idx, int defkey,
2869 const u8 *seq, size_t seq_len,
2870 const u8 *key, size_t key_len)
2872 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
2876 if (defkey && alg == WPA_ALG_IGTK)
2877 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT);
2879 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
2881 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx);
2886 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2887 WLAN_CIPHER_SUITE_WEP40);
2889 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2890 WLAN_CIPHER_SUITE_WEP104);
2893 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP);
2896 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP);
2899 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2900 WLAN_CIPHER_SUITE_AES_CMAC);
2903 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
2904 "algorithm %d", __func__, alg);
2909 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq);
2911 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key);
2913 nla_nest_end(msg, key_attr);
2921 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
2925 struct nlattr *nl_keys, *nl_key;
2927 for (i = 0; i < 4; i++) {
2928 if (!params->wep_key[i])
2933 if (params->wps == WPS_MODE_PRIVACY)
2935 if (params->pairwise_suite &&
2936 params->pairwise_suite != WPA_CIPHER_NONE)
2942 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
2944 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
2946 goto nla_put_failure;
2948 for (i = 0; i < 4; i++) {
2949 if (!params->wep_key[i])
2952 nl_key = nla_nest_start(msg, i);
2954 goto nla_put_failure;
2956 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i],
2957 params->wep_key[i]);
2958 if (params->wep_key_len[i] == 5)
2959 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2960 WLAN_CIPHER_SUITE_WEP40);
2962 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2963 WLAN_CIPHER_SUITE_WEP104);
2965 NLA_PUT_U8(msg, NL80211_KEY_IDX, i);
2967 if (i == params->wep_tx_keyidx)
2968 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
2970 nla_nest_end(msg, nl_key);
2972 nla_nest_end(msg, nl_keys);
2981 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
2982 const u8 *addr, int cmd, u16 reason_code,
2983 int local_state_change)
2988 msg = nlmsg_alloc();
2992 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0);
2994 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2995 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
2996 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
2997 if (local_state_change)
2998 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
3000 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3003 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
3004 "(%s)", ret, strerror(-ret));
3005 goto nla_put_failure;
3015 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
3016 const u8 *addr, int reason_code)
3018 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
3019 __func__, MAC2STR(addr), reason_code);
3020 drv->associated = 0;
3021 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT,
3026 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
3029 struct i802_bss *bss = priv;
3030 struct wpa_driver_nl80211_data *drv = bss->drv;
3031 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
3032 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
3033 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
3034 __func__, MAC2STR(addr), reason_code);
3035 drv->associated = 0;
3036 if (drv->nlmode == NL80211_IFTYPE_ADHOC)
3037 return nl80211_leave_ibss(drv);
3038 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
3043 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
3046 struct i802_bss *bss = priv;
3047 struct wpa_driver_nl80211_data *drv = bss->drv;
3048 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
3049 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
3050 wpa_printf(MSG_DEBUG, "%s", __func__);
3051 drv->associated = 0;
3052 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE,
3057 static int wpa_driver_nl80211_authenticate(
3058 void *priv, struct wpa_driver_auth_params *params)
3060 struct i802_bss *bss = priv;
3061 struct wpa_driver_nl80211_data *drv = bss->drv;
3064 enum nl80211_auth_type type;
3067 drv->associated = 0;
3068 os_memset(drv->auth_bssid, 0, ETH_ALEN);
3069 /* FIX: IBSS mode */
3070 if (drv->nlmode != NL80211_IFTYPE_STATION &&
3071 wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA) < 0)
3075 msg = nlmsg_alloc();
3079 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
3082 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3083 NL80211_CMD_AUTHENTICATE, 0);
3085 for (i = 0; i < 4; i++) {
3086 if (!params->wep_key[i])
3088 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP,
3090 i == params->wep_tx_keyidx, NULL, 0,
3092 params->wep_key_len[i]);
3093 if (params->wep_tx_keyidx != i)
3095 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
3096 params->wep_key[i], params->wep_key_len[i])) {
3102 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3103 if (params->bssid) {
3104 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
3105 MAC2STR(params->bssid));
3106 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
3109 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
3110 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
3113 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
3114 params->ssid, params->ssid_len);
3115 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
3118 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
3120 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
3121 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
3122 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
3123 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
3124 type = NL80211_AUTHTYPE_SHARED_KEY;
3125 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
3126 type = NL80211_AUTHTYPE_NETWORK_EAP;
3127 else if (params->auth_alg & WPA_AUTH_ALG_FT)
3128 type = NL80211_AUTHTYPE_FT;
3130 goto nla_put_failure;
3131 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
3132 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
3133 if (params->local_state_change) {
3134 wpa_printf(MSG_DEBUG, " * Local state change only");
3135 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
3138 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3141 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
3142 "(%s)", ret, strerror(-ret));
3144 if (ret == -EALREADY && count == 1 && params->bssid &&
3145 !params->local_state_change) {
3147 * mac80211 does not currently accept new
3148 * authentication if we are already authenticated. As a
3149 * workaround, force deauthentication and try again.
3151 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
3152 "after forced deauthentication");
3153 wpa_driver_nl80211_deauthenticate(
3155 WLAN_REASON_PREV_AUTH_NOT_VALID);
3159 goto nla_put_failure;
3162 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
3171 struct phy_info_arg {
3173 struct hostapd_hw_modes *modes;
3176 static int phy_info_handler(struct nl_msg *msg, void *arg)
3178 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
3179 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3180 struct phy_info_arg *phy_info = arg;
3182 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
3184 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
3185 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
3186 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
3187 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
3188 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
3189 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
3190 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
3191 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
3194 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
3195 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
3196 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
3197 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
3200 struct nlattr *nl_band;
3201 struct nlattr *nl_freq;
3202 struct nlattr *nl_rate;
3203 int rem_band, rem_freq, rem_rate;
3204 struct hostapd_hw_modes *mode;
3205 int idx, mode_is_set;
3207 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3208 genlmsg_attrlen(gnlh, 0), NULL);
3210 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
3213 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
3214 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
3217 phy_info->modes = mode;
3221 mode = &phy_info->modes[*(phy_info->num_modes)];
3222 memset(mode, 0, sizeof(*mode));
3223 *(phy_info->num_modes) += 1;
3225 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
3226 nla_len(nl_band), NULL);
3228 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) {
3229 mode->ht_capab = nla_get_u16(
3230 tb_band[NL80211_BAND_ATTR_HT_CAPA]);
3233 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) {
3234 mode->a_mpdu_params |= nla_get_u8(
3235 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) &
3239 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) {
3240 mode->a_mpdu_params |= nla_get_u8(
3241 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) <<
3245 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] &&
3246 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) {
3248 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]);
3249 os_memcpy(mode->mcs_set, mcs, 16);
3252 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
3253 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
3254 nla_len(nl_freq), freq_policy);
3255 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
3257 mode->num_channels++;
3260 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data));
3261 if (!mode->channels)
3266 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
3267 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
3268 nla_len(nl_freq), freq_policy);
3269 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
3272 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
3273 mode->channels[idx].flag = 0;
3276 /* crude heuristic */
3277 if (mode->channels[idx].freq < 4000)
3278 mode->mode = HOSTAPD_MODE_IEEE80211B;
3280 mode->mode = HOSTAPD_MODE_IEEE80211A;
3284 /* crude heuristic */
3285 if (mode->channels[idx].freq < 4000)
3286 if (mode->channels[idx].freq == 2484)
3287 mode->channels[idx].chan = 14;
3289 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
3291 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
3293 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
3294 mode->channels[idx].flag |=
3295 HOSTAPD_CHAN_DISABLED;
3296 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
3297 mode->channels[idx].flag |=
3298 HOSTAPD_CHAN_PASSIVE_SCAN;
3299 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
3300 mode->channels[idx].flag |=
3301 HOSTAPD_CHAN_NO_IBSS;
3302 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
3303 mode->channels[idx].flag |=
3306 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] &&
3307 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
3308 mode->channels[idx].max_tx_power =
3309 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100;
3314 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
3315 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
3316 nla_len(nl_rate), rate_policy);
3317 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
3322 mode->rates = os_zalloc(mode->num_rates * sizeof(int));
3328 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
3329 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
3330 nla_len(nl_rate), rate_policy);
3331 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
3333 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
3335 /* crude heuristic */
3336 if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
3337 mode->rates[idx] > 200)
3338 mode->mode = HOSTAPD_MODE_IEEE80211G;
3347 static struct hostapd_hw_modes *
3348 wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes)
3351 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
3352 int i, mode11g_idx = -1;
3354 /* If only 802.11g mode is included, use it to construct matching
3355 * 802.11b mode data. */
3357 for (m = 0; m < *num_modes; m++) {
3358 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
3359 return modes; /* 802.11b already included */
3360 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
3364 if (mode11g_idx < 0)
3365 return modes; /* 2.4 GHz band not supported at all */
3367 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes));
3369 return modes; /* Could not add 802.11b mode */
3371 mode = &nmodes[*num_modes];
3372 os_memset(mode, 0, sizeof(*mode));
3376 mode->mode = HOSTAPD_MODE_IEEE80211B;
3378 mode11g = &modes[mode11g_idx];
3379 mode->num_channels = mode11g->num_channels;
3380 mode->channels = os_malloc(mode11g->num_channels *
3381 sizeof(struct hostapd_channel_data));
3382 if (mode->channels == NULL) {
3384 return modes; /* Could not add 802.11b mode */
3386 os_memcpy(mode->channels, mode11g->channels,
3387 mode11g->num_channels * sizeof(struct hostapd_channel_data));
3389 mode->num_rates = 0;
3390 mode->rates = os_malloc(4 * sizeof(int));
3391 if (mode->rates == NULL) {
3392 os_free(mode->channels);
3394 return modes; /* Could not add 802.11b mode */
3397 for (i = 0; i < mode11g->num_rates; i++) {
3398 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 &&
3399 mode11g->rates[i] != 55 && mode11g->rates[i] != 110)
3401 mode->rates[mode->num_rates] = mode11g->rates[i];
3403 if (mode->num_rates == 4)
3407 if (mode->num_rates == 0) {
3408 os_free(mode->channels);
3409 os_free(mode->rates);
3411 return modes; /* No 802.11b rates */
3414 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
3421 static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start,
3426 for (c = 0; c < mode->num_channels; c++) {
3427 struct hostapd_channel_data *chan = &mode->channels[c];
3428 if (chan->freq - 10 >= start && chan->freq + 10 <= end)
3429 chan->flag |= HOSTAPD_CHAN_HT40;
3434 static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start,
3439 for (c = 0; c < mode->num_channels; c++) {
3440 struct hostapd_channel_data *chan = &mode->channels[c];
3441 if (!(chan->flag & HOSTAPD_CHAN_HT40))
3443 if (chan->freq - 30 >= start && chan->freq - 10 <= end)
3444 chan->flag |= HOSTAPD_CHAN_HT40MINUS;
3445 if (chan->freq + 10 >= start && chan->freq + 30 <= end)
3446 chan->flag |= HOSTAPD_CHAN_HT40PLUS;
3451 static void nl80211_reg_rule_ht40(struct nlattr *tb[],
3452 struct phy_info_arg *results)
3454 u32 start, end, max_bw;
3457 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
3458 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
3459 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
3462 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
3463 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
3464 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
3466 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz",
3467 start, end, max_bw);
3471 for (m = 0; m < *results->num_modes; m++) {
3472 if (!(results->modes[m].ht_capab &
3473 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
3475 nl80211_set_ht40_mode(&results->modes[m], start, end);
3480 static void nl80211_reg_rule_sec(struct nlattr *tb[],
3481 struct phy_info_arg *results)
3483 u32 start, end, max_bw;
3486 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
3487 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
3488 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
3491 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
3492 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
3493 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
3498 for (m = 0; m < *results->num_modes; m++) {
3499 if (!(results->modes[m].ht_capab &
3500 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
3502 nl80211_set_ht40_mode_sec(&results->modes[m], start, end);
3507 static int nl80211_get_reg(struct nl_msg *msg, void *arg)
3509 struct phy_info_arg *results = arg;
3510 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
3511 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3512 struct nlattr *nl_rule;
3513 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1];
3515 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
3516 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
3517 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
3518 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
3519 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
3520 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
3521 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
3524 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3525 genlmsg_attrlen(gnlh, 0), NULL);
3526 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] ||
3527 !tb_msg[NL80211_ATTR_REG_RULES]) {
3528 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information "
3533 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s",
3534 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]));
3536 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
3538 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
3539 nla_data(nl_rule), nla_len(nl_rule), reg_policy);
3540 nl80211_reg_rule_ht40(tb_rule, results);
3543 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
3545 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
3546 nla_data(nl_rule), nla_len(nl_rule), reg_policy);
3547 nl80211_reg_rule_sec(tb_rule, results);
3554 static int nl80211_set_ht40_flags(struct wpa_driver_nl80211_data *drv,
3555 struct phy_info_arg *results)
3559 msg = nlmsg_alloc();
3563 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3564 0, NL80211_CMD_GET_REG, 0);
3565 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results);
3569 static struct hostapd_hw_modes *
3570 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
3572 struct i802_bss *bss = priv;
3573 struct wpa_driver_nl80211_data *drv = bss->drv;
3575 struct phy_info_arg result = {
3576 .num_modes = num_modes,
3583 msg = nlmsg_alloc();
3587 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3588 0, NL80211_CMD_GET_WIPHY, 0);
3590 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3592 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) {
3593 nl80211_set_ht40_flags(drv, &result);
3594 return wpa_driver_nl80211_add_11b(result.modes, num_modes);
3601 static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv,
3602 const void *data, size_t len,
3606 0x00, 0x00, /* radiotap version */
3607 0x0e, 0x00, /* radiotap length */
3608 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
3609 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
3611 0x00, 0x00, /* RX and TX flags to indicate that */
3612 0x00, 0x00, /* this is the injected frame directly */
3614 struct iovec iov[2] = {
3616 .iov_base = &rtap_hdr,
3617 .iov_len = sizeof(rtap_hdr),
3620 .iov_base = (void *) data,
3624 struct msghdr msg = {
3629 .msg_control = NULL,
3630 .msg_controllen = 0,
3636 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
3638 res = sendmsg(drv->monitor_sock, &msg, 0);
3640 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno));
3647 static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data,
3650 struct i802_bss *bss = priv;
3651 struct wpa_driver_nl80211_data *drv = bss->drv;
3652 struct ieee80211_mgmt *mgmt;
3656 mgmt = (struct ieee80211_mgmt *) data;
3657 fc = le_to_host16(mgmt->frame_control);
3659 if (drv->nlmode == NL80211_IFTYPE_STATION &&
3660 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
3661 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
3663 * The use of last_mgmt_freq is a bit of a hack,
3664 * but it works due to the single-threaded nature
3665 * of wpa_supplicant.
3667 return nl80211_send_frame_cmd(drv, drv->last_mgmt_freq, 0,
3668 data, data_len, NULL);
3671 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
3672 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
3674 * Only one of the authentication frame types is encrypted.
3675 * In order for static WEP encryption to work properly (i.e.,
3676 * to not encrypt the frame), we need to tell mac80211 about
3677 * the frames that must not be encrypted.
3679 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
3680 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
3681 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
3685 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt);
3689 static int wpa_driver_nl80211_set_beacon(void *priv,
3690 const u8 *head, size_t head_len,
3691 const u8 *tail, size_t tail_len,
3692 int dtim_period, int beacon_int)
3694 struct i802_bss *bss = priv;
3695 struct wpa_driver_nl80211_data *drv = bss->drv;
3697 u8 cmd = NL80211_CMD_NEW_BEACON;
3700 int ifindex = if_nametoindex(bss->ifname);
3702 beacon_set = bss->beacon_set;
3704 msg = nlmsg_alloc();
3708 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
3711 cmd = NL80211_CMD_SET_BEACON;
3713 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3715 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
3716 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
3717 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
3718 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, beacon_int);
3719 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period);
3721 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3723 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
3724 ret, strerror(-ret));
3726 bss->beacon_set = 1;
3734 static int wpa_driver_nl80211_set_freq(struct wpa_driver_nl80211_data *drv,
3735 int freq, int ht_enabled,
3736 int sec_channel_offset)
3741 msg = nlmsg_alloc();
3745 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3746 NL80211_CMD_SET_WIPHY, 0);
3748 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3749 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
3751 switch (sec_channel_offset) {
3753 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3754 NL80211_CHAN_HT40MINUS);
3757 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3758 NL80211_CHAN_HT40PLUS);
3761 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3767 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3770 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
3771 "%d (%s)", freq, ret, strerror(-ret));
3777 static int wpa_driver_nl80211_sta_add(void *priv,
3778 struct hostapd_sta_add_params *params)
3780 struct i802_bss *bss = priv;
3781 struct wpa_driver_nl80211_data *drv = bss->drv;
3785 msg = nlmsg_alloc();
3789 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3790 0, NL80211_CMD_NEW_STATION, 0);
3792 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
3793 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
3794 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
3795 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
3796 params->supp_rates);
3797 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
3798 params->listen_interval);
3799 if (params->ht_capabilities) {
3800 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
3801 sizeof(*params->ht_capabilities),
3802 params->ht_capabilities);
3805 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3807 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION "
3808 "result: %d (%s)", ret, strerror(-ret));
3816 static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr)
3818 struct i802_bss *bss = priv;
3819 struct wpa_driver_nl80211_data *drv = bss->drv;
3823 msg = nlmsg_alloc();
3827 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3828 0, NL80211_CMD_DEL_STATION, 0);
3830 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3831 if_nametoindex(bss->ifname));
3832 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3834 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3843 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
3848 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
3851 /* stop listening for EAPOL on this interface */
3852 del_ifidx(drv, ifidx);
3853 #endif /* HOSTAPD */
3855 msg = nlmsg_alloc();
3857 goto nla_put_failure;
3859 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3860 0, NL80211_CMD_DEL_INTERFACE, 0);
3861 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
3863 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
3866 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
3870 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
3872 enum nl80211_iftype iftype,
3873 const u8 *addr, int wds)
3875 struct nl_msg *msg, *flags = NULL;
3879 msg = nlmsg_alloc();
3883 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3884 0, NL80211_CMD_NEW_INTERFACE, 0);
3885 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3886 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
3887 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
3889 if (iftype == NL80211_IFTYPE_MONITOR) {
3892 flags = nlmsg_alloc();
3894 goto nla_put_failure;
3896 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
3898 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
3903 goto nla_put_failure;
3905 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds);
3908 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3911 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
3912 ifname, ret, strerror(-ret));
3916 ifidx = if_nametoindex(ifname);
3917 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
3924 /* start listening for EAPOL on this interface */
3925 add_ifidx(drv, ifidx);
3926 #endif /* HOSTAPD */
3928 if (addr && iftype != NL80211_IFTYPE_MONITOR &&
3929 linux_set_ifhwaddr(drv->ioctl_sock, ifname, addr)) {
3930 nl80211_remove_iface(drv, ifidx);
3938 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
3939 const char *ifname, enum nl80211_iftype iftype,
3940 const u8 *addr, int wds)
3944 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds);
3946 /* if error occured and interface exists already */
3947 if (ret == -ENFILE && if_nametoindex(ifname)) {
3948 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
3950 /* Try to remove the interface that was already there. */
3951 nl80211_remove_iface(drv, if_nametoindex(ifname));
3953 /* Try to create the interface again */
3954 ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
3958 if (ret >= 0 && drv->disable_11b_rates)
3959 nl80211_disable_11b_rates(drv, ret, 1);
3965 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
3967 struct ieee80211_hdr *hdr;
3969 union wpa_event_data event;
3971 hdr = (struct ieee80211_hdr *) buf;
3972 fc = le_to_host16(hdr->frame_control);
3974 os_memset(&event, 0, sizeof(event));
3975 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
3976 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
3977 event.tx_status.dst = hdr->addr1;
3978 event.tx_status.data = buf;
3979 event.tx_status.data_len = len;
3980 event.tx_status.ack = ok;
3981 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event);
3985 static void from_unknown_sta(struct wpa_driver_nl80211_data *drv,
3986 u8 *buf, size_t len)
3988 union wpa_event_data event;
3989 os_memset(&event, 0, sizeof(event));
3990 event.rx_from_unknown.frame = buf;
3991 event.rx_from_unknown.len = len;
3992 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
3996 static void handle_frame(struct wpa_driver_nl80211_data *drv,
3997 u8 *buf, size_t len, int datarate, int ssi_signal)
3999 struct ieee80211_hdr *hdr;
4001 union wpa_event_data event;
4003 hdr = (struct ieee80211_hdr *) buf;
4004 fc = le_to_host16(hdr->frame_control);
4006 switch (WLAN_FC_GET_TYPE(fc)) {
4007 case WLAN_FC_TYPE_MGMT:
4008 os_memset(&event, 0, sizeof(event));
4009 event.rx_mgmt.frame = buf;
4010 event.rx_mgmt.frame_len = len;
4011 event.rx_mgmt.datarate = datarate;
4012 event.rx_mgmt.ssi_signal = ssi_signal;
4013 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
4015 case WLAN_FC_TYPE_CTRL:
4016 /* can only get here with PS-Poll frames */
4017 wpa_printf(MSG_DEBUG, "CTRL");
4018 from_unknown_sta(drv, buf, len);
4020 case WLAN_FC_TYPE_DATA:
4021 from_unknown_sta(drv, buf, len);
4027 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
4029 struct wpa_driver_nl80211_data *drv = eloop_ctx;
4031 unsigned char buf[3000];
4032 struct ieee80211_radiotap_iterator iter;
4034 int datarate = 0, ssi_signal = 0;
4035 int injected = 0, failed = 0, rxflags = 0;
4037 len = recv(sock, buf, sizeof(buf), 0);
4043 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
4044 printf("received invalid radiotap frame\n");
4049 ret = ieee80211_radiotap_iterator_next(&iter);
4053 printf("received invalid radiotap frame (%d)\n", ret);
4056 switch (iter.this_arg_index) {
4057 case IEEE80211_RADIOTAP_FLAGS:
4058 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
4061 case IEEE80211_RADIOTAP_RX_FLAGS:
4064 case IEEE80211_RADIOTAP_TX_FLAGS:
4066 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
4067 IEEE80211_RADIOTAP_F_TX_FAIL;
4069 case IEEE80211_RADIOTAP_DATA_RETRIES:
4071 case IEEE80211_RADIOTAP_CHANNEL:
4072 /* TODO: convert from freq/flags to channel number */
4074 case IEEE80211_RADIOTAP_RATE:
4075 datarate = *iter.this_arg * 5;
4077 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
4078 ssi_signal = *iter.this_arg;
4083 if (rxflags && injected)
4087 handle_frame(drv, buf + iter.max_length,
4088 len - iter.max_length, datarate, ssi_signal);
4090 handle_tx_callback(drv->ctx, buf + iter.max_length,
4091 len - iter.max_length, !failed);
4096 * we post-process the filter code later and rewrite
4097 * this to the offset to the last instruction
4102 static struct sock_filter msock_filter_insns[] = {
4104 * do a little-endian load of the radiotap length field
4106 /* load lower byte into A */
4107 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
4108 /* put it into X (== index register) */
4109 BPF_STMT(BPF_MISC| BPF_TAX, 0),
4110 /* load upper byte into A */
4111 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
4112 /* left-shift it by 8 */
4113 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
4115 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
4116 /* put result into X */
4117 BPF_STMT(BPF_MISC| BPF_TAX, 0),
4120 * Allow management frames through, this also gives us those
4121 * management frames that we sent ourselves with status
4123 /* load the lower byte of the IEEE 802.11 frame control field */
4124 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
4125 /* mask off frame type and version */
4126 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
4127 /* accept frame if it's both 0, fall through otherwise */
4128 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
4131 * TODO: add a bit to radiotap RX flags that indicates
4132 * that the sending station is not associated, then
4133 * add a filter here that filters on our DA and that flag
4134 * to allow us to deauth frames to that bad station.
4136 * For now allow all To DS data frames through.
4138 /* load the IEEE 802.11 frame control field */
4139 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0),
4140 /* mask off frame type, version and DS status */
4141 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03),
4142 /* accept frame if version 0, type 2 and To DS, fall through otherwise
4144 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0),
4148 * drop non-data frames
4150 /* load the lower byte of the frame control field */
4151 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
4152 /* mask off QoS bit */
4153 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
4154 /* drop non-data frames */
4155 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
4157 /* load the upper byte of the frame control field */
4158 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1),
4159 /* mask off toDS/fromDS */
4160 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
4161 /* accept WDS frames */
4162 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0),
4165 * add header length to index
4167 /* load the lower byte of the frame control field */
4168 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
4169 /* mask off QoS bit */
4170 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
4171 /* right shift it by 6 to give 0 or 2 */
4172 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
4173 /* add data frame header length */
4174 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
4175 /* add index, was start of 802.11 header */
4176 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
4177 /* move to index, now start of LL header */
4178 BPF_STMT(BPF_MISC | BPF_TAX, 0),
4181 * Accept empty data frames, we use those for
4184 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
4185 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
4188 * Accept EAPOL frames
4190 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
4191 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
4192 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
4193 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
4195 /* keep these last two statements or change the code below */
4196 /* return 0 == "DROP" */
4197 BPF_STMT(BPF_RET | BPF_K, 0),
4198 /* return ~0 == "keep all" */
4199 BPF_STMT(BPF_RET | BPF_K, ~0),
4202 static struct sock_fprog msock_filter = {
4203 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
4204 .filter = msock_filter_insns,
4208 static int add_monitor_filter(int s)
4212 /* rewrite all PASS/FAIL jump offsets */
4213 for (idx = 0; idx < msock_filter.len; idx++) {
4214 struct sock_filter *insn = &msock_filter_insns[idx];
4216 if (BPF_CLASS(insn->code) == BPF_JMP) {
4217 if (insn->code == (BPF_JMP|BPF_JA)) {
4218 if (insn->k == PASS)
4219 insn->k = msock_filter.len - idx - 2;
4220 else if (insn->k == FAIL)
4221 insn->k = msock_filter.len - idx - 3;
4224 if (insn->jt == PASS)
4225 insn->jt = msock_filter.len - idx - 2;
4226 else if (insn->jt == FAIL)
4227 insn->jt = msock_filter.len - idx - 3;
4229 if (insn->jf == PASS)
4230 insn->jf = msock_filter.len - idx - 2;
4231 else if (insn->jf == FAIL)
4232 insn->jf = msock_filter.len - idx - 3;
4236 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
4237 &msock_filter, sizeof(msock_filter))) {
4238 perror("SO_ATTACH_FILTER");
4246 static void nl80211_remove_monitor_interface(
4247 struct wpa_driver_nl80211_data *drv)
4249 if (drv->monitor_ifidx >= 0) {
4250 nl80211_remove_iface(drv, drv->monitor_ifidx);
4251 drv->monitor_ifidx = -1;
4253 if (drv->monitor_sock >= 0) {
4254 eloop_unregister_read_sock(drv->monitor_sock);
4255 close(drv->monitor_sock);
4256 drv->monitor_sock = -1;
4262 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
4265 struct sockaddr_ll ll;
4269 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname);
4270 buf[IFNAMSIZ - 1] = '\0';
4272 drv->monitor_ifidx =
4273 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL,
4276 if (drv->monitor_ifidx < 0)
4279 if (linux_set_iface_flags(drv->ioctl_sock, buf, 1))
4282 memset(&ll, 0, sizeof(ll));
4283 ll.sll_family = AF_PACKET;
4284 ll.sll_ifindex = drv->monitor_ifidx;
4285 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
4286 if (drv->monitor_sock < 0) {
4287 perror("socket[PF_PACKET,SOCK_RAW]");
4291 if (add_monitor_filter(drv->monitor_sock)) {
4292 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
4293 "interface; do filtering in user space");
4294 /* This works, but will cost in performance. */
4297 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
4298 perror("monitor socket bind");
4302 optlen = sizeof(optval);
4305 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
4306 perror("Failed to set socket priority");
4310 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
4312 printf("Could not register monitor read socket\n");
4318 nl80211_remove_monitor_interface(drv);
4323 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
4325 static int wpa_driver_nl80211_hapd_send_eapol(
4326 void *priv, const u8 *addr, const u8 *data,
4327 size_t data_len, int encrypt, const u8 *own_addr, u32 flags)
4329 struct i802_bss *bss = priv;
4330 struct wpa_driver_nl80211_data *drv = bss->drv;
4331 struct ieee80211_hdr *hdr;
4335 int qos = flags & WPA_STA_WMM;
4337 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
4339 hdr = os_zalloc(len);
4341 printf("malloc() failed for i802_send_data(len=%lu)\n",
4342 (unsigned long) len);
4346 hdr->frame_control =
4347 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
4348 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
4350 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
4352 hdr->frame_control |=
4353 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
4356 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
4357 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
4358 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
4359 pos = (u8 *) (hdr + 1);
4362 /* add an empty QoS header if needed */
4368 memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
4369 pos += sizeof(rfc1042_header);
4370 WPA_PUT_BE16(pos, ETH_P_PAE);
4372 memcpy(pos, data, data_len);
4374 res = wpa_driver_nl80211_send_frame(drv, (u8 *) hdr, len, encrypt);
4376 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
4378 (unsigned long) len, errno, strerror(errno));
4386 static u32 sta_flags_nl80211(int flags)
4390 if (flags & WPA_STA_AUTHORIZED)
4391 f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
4392 if (flags & WPA_STA_WMM)
4393 f |= BIT(NL80211_STA_FLAG_WME);
4394 if (flags & WPA_STA_SHORT_PREAMBLE)
4395 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
4396 if (flags & WPA_STA_MFP)
4397 f |= BIT(NL80211_STA_FLAG_MFP);
4403 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
4405 int flags_or, int flags_and)
4407 struct i802_bss *bss = priv;
4408 struct wpa_driver_nl80211_data *drv = bss->drv;
4409 struct nl_msg *msg, *flags = NULL;
4410 struct nl80211_sta_flag_update upd;
4412 msg = nlmsg_alloc();
4416 flags = nlmsg_alloc();
4422 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4423 0, NL80211_CMD_SET_STATION, 0);
4425 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
4426 if_nametoindex(bss->ifname));
4427 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4430 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
4431 * can be removed eventually.
4433 if (total_flags & WPA_STA_AUTHORIZED)
4434 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
4436 if (total_flags & WPA_STA_WMM)
4437 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
4439 if (total_flags & WPA_STA_SHORT_PREAMBLE)
4440 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
4442 if (total_flags & WPA_STA_MFP)
4443 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP);
4445 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
4446 goto nla_put_failure;
4448 os_memset(&upd, 0, sizeof(upd));
4449 upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
4450 upd.set = sta_flags_nl80211(flags_or);
4451 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
4455 return send_and_recv_msgs(drv, msg, NULL, NULL);
4462 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
4463 struct wpa_driver_associate_params *params)
4466 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P "
4468 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode) ||
4469 wpa_driver_nl80211_set_freq(drv, params->freq, 0, 0)) {
4470 nl80211_remove_monitor_interface(drv);
4474 /* TODO: setup monitor interface (and add code somewhere to remove this
4475 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */
4481 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv)
4486 msg = nlmsg_alloc();
4490 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4491 NL80211_CMD_LEAVE_IBSS, 0);
4492 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4493 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4496 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
4497 "(%s)", ret, strerror(-ret));
4498 goto nla_put_failure;
4502 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully");
4510 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
4511 struct wpa_driver_associate_params *params)
4517 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
4519 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode)) {
4520 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
4526 msg = nlmsg_alloc();
4530 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4531 NL80211_CMD_JOIN_IBSS, 0);
4532 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4534 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
4535 goto nla_put_failure;
4537 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
4538 params->ssid, params->ssid_len);
4539 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
4541 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
4542 drv->ssid_len = params->ssid_len;
4544 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
4545 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
4547 ret = nl80211_set_conn_keys(params, msg);
4549 goto nla_put_failure;
4551 if (params->wpa_ie) {
4552 wpa_hexdump(MSG_DEBUG,
4553 " * Extra IEs for Beacon/Probe Response frames",
4554 params->wpa_ie, params->wpa_ie_len);
4555 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
4559 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4562 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
4563 ret, strerror(-ret));
4565 if (ret == -EALREADY && count == 1) {
4566 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
4568 nl80211_leave_ibss(drv);
4573 goto nla_put_failure;
4576 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully");
4584 static int wpa_driver_nl80211_connect(
4585 struct wpa_driver_nl80211_data *drv,
4586 struct wpa_driver_associate_params *params)
4589 enum nl80211_auth_type type;
4593 msg = nlmsg_alloc();
4597 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
4598 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4599 NL80211_CMD_CONNECT, 0);
4601 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4602 if (params->bssid) {
4603 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
4604 MAC2STR(params->bssid));
4605 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
4608 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
4609 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
4612 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
4613 params->ssid, params->ssid_len);
4614 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
4616 if (params->ssid_len > sizeof(drv->ssid))
4617 goto nla_put_failure;
4618 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
4619 drv->ssid_len = params->ssid_len;
4621 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
4623 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
4627 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
4629 if (params->auth_alg & WPA_AUTH_ALG_SHARED)
4631 if (params->auth_alg & WPA_AUTH_ALG_LEAP)
4634 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic "
4636 goto skip_auth_type;
4639 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
4640 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
4641 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
4642 type = NL80211_AUTHTYPE_SHARED_KEY;
4643 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
4644 type = NL80211_AUTHTYPE_NETWORK_EAP;
4645 else if (params->auth_alg & WPA_AUTH_ALG_FT)
4646 type = NL80211_AUTHTYPE_FT;
4648 goto nla_put_failure;
4650 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
4651 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
4654 if (params->wpa_ie && params->wpa_ie_len) {
4655 enum nl80211_wpa_versions ver;
4657 if (params->wpa_ie[0] == WLAN_EID_RSN)
4658 ver = NL80211_WPA_VERSION_2;
4660 ver = NL80211_WPA_VERSION_1;
4662 wpa_printf(MSG_DEBUG, " * WPA Version %d", ver);
4663 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
4666 if (params->pairwise_suite != CIPHER_NONE) {
4669 switch (params->pairwise_suite) {
4671 cipher = WLAN_CIPHER_SUITE_WEP40;
4674 cipher = WLAN_CIPHER_SUITE_WEP104;
4677 cipher = WLAN_CIPHER_SUITE_CCMP;
4681 cipher = WLAN_CIPHER_SUITE_TKIP;
4684 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
4687 if (params->group_suite != CIPHER_NONE) {
4690 switch (params->group_suite) {
4692 cipher = WLAN_CIPHER_SUITE_WEP40;
4695 cipher = WLAN_CIPHER_SUITE_WEP104;
4698 cipher = WLAN_CIPHER_SUITE_CCMP;
4702 cipher = WLAN_CIPHER_SUITE_TKIP;
4705 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
4708 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
4709 params->key_mgmt_suite == KEY_MGMT_PSK) {
4710 int mgmt = WLAN_AKM_SUITE_PSK;
4712 switch (params->key_mgmt_suite) {
4713 case KEY_MGMT_802_1X:
4714 mgmt = WLAN_AKM_SUITE_8021X;
4718 mgmt = WLAN_AKM_SUITE_PSK;
4721 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt);
4724 ret = nl80211_set_conn_keys(params, msg);
4726 goto nla_put_failure;
4728 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4731 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
4732 "(%s)", ret, strerror(-ret));
4733 goto nla_put_failure;
4736 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully");
4745 static int wpa_driver_nl80211_associate(
4746 void *priv, struct wpa_driver_associate_params *params)
4748 struct i802_bss *bss = priv;
4749 struct wpa_driver_nl80211_data *drv = bss->drv;
4753 if (params->mode == IEEE80211_MODE_AP)
4754 return wpa_driver_nl80211_ap(drv, params);
4756 if (params->mode == IEEE80211_MODE_IBSS)
4757 return wpa_driver_nl80211_ibss(drv, params);
4759 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
4760 if (wpa_driver_nl80211_set_mode(priv, params->mode) < 0)
4762 return wpa_driver_nl80211_connect(drv, params);
4765 drv->associated = 0;
4767 msg = nlmsg_alloc();
4771 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
4773 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4774 NL80211_CMD_ASSOCIATE, 0);
4776 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4777 if (params->bssid) {
4778 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
4779 MAC2STR(params->bssid));
4780 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
4783 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
4784 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
4785 drv->assoc_freq = params->freq;
4787 drv->assoc_freq = 0;
4789 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
4790 params->ssid, params->ssid_len);
4791 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
4793 if (params->ssid_len > sizeof(drv->ssid))
4794 goto nla_put_failure;
4795 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
4796 drv->ssid_len = params->ssid_len;
4798 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
4800 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
4803 if (params->pairwise_suite != CIPHER_NONE) {
4806 switch (params->pairwise_suite) {
4808 cipher = WLAN_CIPHER_SUITE_WEP40;
4811 cipher = WLAN_CIPHER_SUITE_WEP104;
4814 cipher = WLAN_CIPHER_SUITE_CCMP;
4818 cipher = WLAN_CIPHER_SUITE_TKIP;
4821 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher);
4822 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
4825 if (params->group_suite != CIPHER_NONE) {
4828 switch (params->group_suite) {
4830 cipher = WLAN_CIPHER_SUITE_WEP40;
4833 cipher = WLAN_CIPHER_SUITE_WEP104;
4836 cipher = WLAN_CIPHER_SUITE_CCMP;
4840 cipher = WLAN_CIPHER_SUITE_TKIP;
4843 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher);
4844 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
4847 #ifdef CONFIG_IEEE80211W
4848 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED)
4849 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
4850 #endif /* CONFIG_IEEE80211W */
4852 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
4854 if (params->prev_bssid) {
4855 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR,
4856 MAC2STR(params->prev_bssid));
4857 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
4858 params->prev_bssid);
4862 wpa_printf(MSG_DEBUG, " * P2P group");
4864 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4867 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
4868 "(%s)", ret, strerror(-ret));
4869 nl80211_dump_scan(drv);
4870 goto nla_put_failure;
4873 wpa_printf(MSG_DEBUG, "nl80211: Association request send "
4882 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
4883 int ifindex, int mode)
4888 msg = nlmsg_alloc();
4892 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4893 0, NL80211_CMD_SET_INTERFACE, 0);
4894 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
4895 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
4897 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4901 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
4902 " %d (%s)", ifindex, mode, ret, strerror(-ret));
4907 static int wpa_driver_nl80211_set_mode(void *priv, int mode)
4909 struct i802_bss *bss = priv;
4910 struct wpa_driver_nl80211_data *drv = bss->drv;
4917 nlmode = NL80211_IFTYPE_STATION;
4920 nlmode = NL80211_IFTYPE_ADHOC;
4923 nlmode = NL80211_IFTYPE_AP;
4929 if (nl80211_set_mode(drv, drv->ifindex, nlmode) == 0) {
4930 drv->nlmode = nlmode;
4935 if (nlmode == drv->nlmode) {
4936 wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
4937 "requested mode - ignore error");
4939 goto done; /* Already in the requested mode */
4942 /* mac80211 doesn't allow mode changes while the device is up, so
4943 * take the device down, try to set the mode again, and bring the
4946 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting "
4948 for (i = 0; i < 10; i++) {
4949 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0) ==
4951 /* Try to set the mode again while the interface is
4953 ret = nl80211_set_mode(drv, drv->ifindex, nlmode);
4954 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname,
4960 wpa_printf(MSG_DEBUG, "nl80211: Failed to set "
4962 os_sleep(0, 100000);
4966 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
4967 "interface is down");
4968 drv->nlmode = nlmode;
4972 if (!ret && nlmode == NL80211_IFTYPE_AP) {
4973 /* Setup additional AP mode functionality if needed */
4974 if (drv->monitor_ifidx < 0 &&
4975 nl80211_create_monitor_interface(drv))
4977 } else if (!ret && nlmode != NL80211_IFTYPE_AP) {
4978 /* Remove additional AP mode functionality */
4979 nl80211_remove_monitor_interface(drv);
4980 bss->beacon_set = 0;
4984 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
4985 "from %d failed", nlmode, drv->nlmode);
4991 static int wpa_driver_nl80211_get_capa(void *priv,
4992 struct wpa_driver_capa *capa)
4994 struct i802_bss *bss = priv;
4995 struct wpa_driver_nl80211_data *drv = bss->drv;
4996 if (!drv->has_capability)
4998 os_memcpy(capa, &drv->capa, sizeof(*capa));
5003 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
5005 struct i802_bss *bss = priv;
5006 struct wpa_driver_nl80211_data *drv = bss->drv;
5008 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
5009 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
5010 drv->operstate = state;
5011 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
5012 state ? IF_OPER_UP : IF_OPER_DORMANT);
5016 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
5018 struct i802_bss *bss = priv;
5019 struct wpa_driver_nl80211_data *drv = bss->drv;
5021 struct nl80211_sta_flag_update upd;
5023 msg = nlmsg_alloc();
5027 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5028 0, NL80211_CMD_SET_STATION, 0);
5030 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
5031 if_nametoindex(bss->ifname));
5032 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
5034 os_memset(&upd, 0, sizeof(upd));
5035 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
5037 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
5038 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
5040 return send_and_recv_msgs(drv, msg, NULL, NULL);
5048 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
5053 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d",
5055 for (i = 0; i < drv->num_if_indices; i++) {
5056 if (drv->if_indices[i] == 0) {
5057 drv->if_indices[i] = ifidx;
5062 if (drv->if_indices != drv->default_if_indices)
5063 old = drv->if_indices;
5067 drv->if_indices = os_realloc(old,
5068 sizeof(int) * (drv->num_if_indices + 1));
5069 if (!drv->if_indices) {
5071 drv->if_indices = drv->default_if_indices;
5073 drv->if_indices = old;
5074 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
5076 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
5079 os_memcpy(drv->if_indices, drv->default_if_indices,
5080 sizeof(drv->default_if_indices));
5081 drv->if_indices[drv->num_if_indices] = ifidx;
5082 drv->num_if_indices++;
5086 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
5090 for (i = 0; i < drv->num_if_indices; i++) {
5091 if (drv->if_indices[i] == ifidx) {
5092 drv->if_indices[i] = 0;
5099 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
5103 for (i = 0; i < drv->num_if_indices; i++)
5104 if (drv->if_indices[i] == ifidx)
5111 static inline int min_int(int a, int b)
5119 static int get_key_handler(struct nl_msg *msg, void *arg)
5121 struct nlattr *tb[NL80211_ATTR_MAX + 1];
5122 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
5124 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
5125 genlmsg_attrlen(gnlh, 0), NULL);
5128 * TODO: validate the key index and mac address!
5129 * Otherwise, there's a race condition as soon as
5130 * the kernel starts sending key notifications.
5133 if (tb[NL80211_ATTR_KEY_SEQ])
5134 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
5135 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
5140 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
5143 struct i802_bss *bss = priv;
5144 struct wpa_driver_nl80211_data *drv = bss->drv;
5147 msg = nlmsg_alloc();
5151 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5152 0, NL80211_CMD_GET_KEY, 0);
5155 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5156 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
5157 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
5161 return send_and_recv_msgs(drv, msg, get_key_handler, seq);
5166 #endif /* HOSTAPD */
5168 #if defined(HOSTAPD) || defined(CONFIG_AP)
5170 static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates,
5173 struct i802_bss *bss = priv;
5174 struct wpa_driver_nl80211_data *drv = bss->drv;
5176 u8 rates[NL80211_MAX_SUPP_RATES];
5180 msg = nlmsg_alloc();
5184 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5185 NL80211_CMD_SET_BSS, 0);
5187 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++)
5188 rates[rates_len++] = basic_rates[i] / 5;
5190 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
5192 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
5194 return send_and_recv_msgs(drv, msg, NULL, NULL);
5199 #endif /* HOSTAPD || CONFIG_AP */
5202 /* Set kernel driver on given frequency (MHz) */
5203 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
5205 struct i802_bss *bss = priv;
5206 struct wpa_driver_nl80211_data *drv = bss->drv;
5207 return wpa_driver_nl80211_set_freq(drv, freq->freq, freq->ht_enabled,
5208 freq->sec_channel_offset);
5214 static int i802_set_rts(void *priv, int rts)
5216 struct i802_bss *bss = priv;
5217 struct wpa_driver_nl80211_data *drv = bss->drv;
5222 msg = nlmsg_alloc();
5231 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5232 0, NL80211_CMD_SET_WIPHY, 0);
5233 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5234 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val);
5236 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5240 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
5241 "%d (%s)", rts, ret, strerror(-ret));
5246 static int i802_set_frag(void *priv, int frag)
5248 struct i802_bss *bss = priv;
5249 struct wpa_driver_nl80211_data *drv = bss->drv;
5254 msg = nlmsg_alloc();
5263 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5264 0, NL80211_CMD_SET_WIPHY, 0);
5265 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5266 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val);
5268 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5272 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
5273 "%d: %d (%s)", frag, ret, strerror(-ret));
5278 static int i802_flush(void *priv)
5280 struct i802_bss *bss = priv;
5281 struct wpa_driver_nl80211_data *drv = bss->drv;
5284 msg = nlmsg_alloc();
5288 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5289 0, NL80211_CMD_DEL_STATION, 0);
5292 * XXX: FIX! this needs to flush all VLANs too
5294 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
5295 if_nametoindex(bss->ifname));
5297 return send_and_recv_msgs(drv, msg, NULL, NULL);
5303 static int get_sta_handler(struct nl_msg *msg, void *arg)
5305 struct nlattr *tb[NL80211_ATTR_MAX + 1];
5306 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
5307 struct hostap_sta_driver_data *data = arg;
5308 struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
5309 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
5310 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
5311 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
5312 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
5313 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
5314 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
5317 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
5318 genlmsg_attrlen(gnlh, 0), NULL);
5321 * TODO: validate the interface and mac address!
5322 * Otherwise, there's a race condition as soon as
5323 * the kernel starts sending station notifications.
5326 if (!tb[NL80211_ATTR_STA_INFO]) {
5327 wpa_printf(MSG_DEBUG, "sta stats missing!");
5330 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
5331 tb[NL80211_ATTR_STA_INFO],
5333 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
5337 if (stats[NL80211_STA_INFO_INACTIVE_TIME])
5338 data->inactive_msec =
5339 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
5340 if (stats[NL80211_STA_INFO_RX_BYTES])
5341 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
5342 if (stats[NL80211_STA_INFO_TX_BYTES])
5343 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
5344 if (stats[NL80211_STA_INFO_RX_PACKETS])
5346 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
5347 if (stats[NL80211_STA_INFO_TX_PACKETS])
5349 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
5354 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
5357 struct i802_bss *bss = priv;
5358 struct wpa_driver_nl80211_data *drv = bss->drv;
5361 os_memset(data, 0, sizeof(*data));
5362 msg = nlmsg_alloc();
5366 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5367 0, NL80211_CMD_GET_STATION, 0);
5369 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5370 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
5372 return send_and_recv_msgs(drv, msg, get_sta_handler, data);
5378 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
5379 int cw_min, int cw_max, int burst_time)
5381 struct i802_bss *bss = priv;
5382 struct wpa_driver_nl80211_data *drv = bss->drv;
5384 struct nlattr *txq, *params;
5386 msg = nlmsg_alloc();
5390 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5391 0, NL80211_CMD_SET_WIPHY, 0);
5393 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
5395 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
5397 goto nla_put_failure;
5399 /* We are only sending parameters for a single TXQ at a time */
5400 params = nla_nest_start(msg, 1);
5402 goto nla_put_failure;
5406 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO);
5409 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI);
5412 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE);
5415 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK);
5418 /* Burst time is configured in units of 0.1 msec and TXOP parameter in
5419 * 32 usec, so need to convert the value here. */
5420 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
5421 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
5422 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
5423 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
5425 nla_nest_end(msg, params);
5427 nla_nest_end(msg, txq);
5429 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
5436 static int i802_set_bss(void *priv, int cts, int preamble, int slot,
5439 struct i802_bss *bss = priv;
5440 struct wpa_driver_nl80211_data *drv = bss->drv;
5443 msg = nlmsg_alloc();
5447 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5448 NL80211_CMD_SET_BSS, 0);
5451 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
5453 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
5455 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
5457 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode);
5458 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
5460 return send_and_recv_msgs(drv, msg, NULL, NULL);
5466 static int i802_set_cts_protect(void *priv, int value)
5468 return i802_set_bss(priv, value, -1, -1, -1);
5472 static int i802_set_preamble(void *priv, int value)
5474 return i802_set_bss(priv, -1, value, -1, -1);
5478 static int i802_set_short_slot_time(void *priv, int value)
5480 return i802_set_bss(priv, -1, -1, value, -1);
5484 static int i802_set_sta_vlan(void *priv, const u8 *addr,
5485 const char *ifname, int vlan_id)
5487 struct i802_bss *bss = priv;
5488 struct wpa_driver_nl80211_data *drv = bss->drv;
5492 msg = nlmsg_alloc();
5496 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5497 0, NL80211_CMD_SET_STATION, 0);
5499 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
5500 if_nametoindex(bss->ifname));
5501 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5502 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN,
5503 if_nametoindex(ifname));
5505 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5507 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
5508 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
5509 MAC2STR(addr), ifname, vlan_id, ret,
5517 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val,
5518 const char *bridge_ifname)
5520 struct i802_bss *bss = priv;
5521 struct wpa_driver_nl80211_data *drv = bss->drv;
5522 char name[IFNAMSIZ + 1];
5524 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
5525 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
5526 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
5528 if (!if_nametoindex(name)) {
5529 if (nl80211_create_iface(drv, name,
5530 NL80211_IFTYPE_AP_VLAN,
5533 if (bridge_ifname &&
5534 linux_br_add_if(drv->ioctl_sock, bridge_ifname,
5538 linux_set_iface_flags(drv->ioctl_sock, name, 1);
5539 return i802_set_sta_vlan(priv, addr, name, 0);
5541 i802_set_sta_vlan(priv, addr, bss->ifname, 0);
5542 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN,
5548 static int i802_set_ht_params(void *priv, const u8 *ht_capab,
5549 size_t ht_capab_len, const u8 *ht_oper,
5552 if (ht_oper_len >= 6) {
5553 /* ht opmode uses 16bit in octet 5 & 6 */
5554 u16 ht_opmode = le_to_host16(((u16 *) ht_oper)[2]);
5555 return i802_set_bss(priv, -1, -1, -1, ht_opmode);
5561 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
5563 struct wpa_driver_nl80211_data *drv = eloop_ctx;
5564 struct sockaddr_ll lladdr;
5565 unsigned char buf[3000];
5567 socklen_t fromlen = sizeof(lladdr);
5569 len = recvfrom(sock, buf, sizeof(buf), 0,
5570 (struct sockaddr *)&lladdr, &fromlen);
5576 if (have_ifidx(drv, lladdr.sll_ifindex))
5577 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
5581 static int i802_get_inact_sec(void *priv, const u8 *addr)
5583 struct hostap_sta_driver_data data;
5586 data.inactive_msec = (unsigned long) -1;
5587 ret = i802_read_sta_data(priv, &data, addr);
5588 if (ret || data.inactive_msec == (unsigned long) -1)
5590 return data.inactive_msec / 1000;
5594 static int i802_sta_clear_stats(void *priv, const u8 *addr)
5602 #endif /* HOSTAPD */
5604 #if defined(HOSTAPD) || defined(CONFIG_AP)
5606 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
5609 struct i802_bss *bss = priv;
5610 struct ieee80211_mgmt mgmt;
5612 memset(&mgmt, 0, sizeof(mgmt));
5613 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
5614 WLAN_FC_STYPE_DEAUTH);
5615 memcpy(mgmt.da, addr, ETH_ALEN);
5616 memcpy(mgmt.sa, own_addr, ETH_ALEN);
5617 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
5618 mgmt.u.deauth.reason_code = host_to_le16(reason);
5619 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
5621 sizeof(mgmt.u.deauth));
5625 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
5628 struct i802_bss *bss = priv;
5629 struct ieee80211_mgmt mgmt;
5631 memset(&mgmt, 0, sizeof(mgmt));
5632 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
5633 WLAN_FC_STYPE_DISASSOC);
5634 memcpy(mgmt.da, addr, ETH_ALEN);
5635 memcpy(mgmt.sa, own_addr, ETH_ALEN);
5636 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
5637 mgmt.u.disassoc.reason_code = host_to_le16(reason);
5638 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
5640 sizeof(mgmt.u.disassoc));
5643 #endif /* HOSTAPD || CONFIG_AP */
5647 static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
5648 struct i802_bss *bss,
5649 const char *brname, const char *ifname)
5652 char in_br[IFNAMSIZ];
5654 os_strlcpy(bss->brname, brname, IFNAMSIZ);
5655 ifindex = if_nametoindex(brname);
5658 * Bridge was configured, but the bridge device does
5659 * not exist. Try to add it now.
5661 if (linux_br_add(drv->ioctl_sock, brname) < 0) {
5662 wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
5663 "bridge interface %s: %s",
5664 brname, strerror(errno));
5667 bss->added_bridge = 1;
5668 add_ifidx(drv, if_nametoindex(brname));
5671 if (linux_br_get(in_br, ifname) == 0) {
5672 if (os_strcmp(in_br, brname) == 0)
5673 return 0; /* already in the bridge */
5675 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
5676 "bridge %s", ifname, in_br);
5677 if (linux_br_del_if(drv->ioctl_sock, in_br, ifname) < 0) {
5678 wpa_printf(MSG_ERROR, "nl80211: Failed to "
5679 "remove interface %s from bridge "
5681 ifname, brname, strerror(errno));
5686 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
5688 if (linux_br_add_if(drv->ioctl_sock, brname, ifname) < 0) {
5689 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s "
5690 "into bridge %s: %s",
5691 ifname, brname, strerror(errno));
5694 bss->added_if_into_bridge = 1;
5700 static void *i802_init(struct hostapd_data *hapd,
5701 struct wpa_init_params *params)
5703 struct wpa_driver_nl80211_data *drv;
5704 struct i802_bss *bss;
5706 char brname[IFNAMSIZ];
5707 int ifindex, br_ifindex;
5710 bss = wpa_driver_nl80211_init(hapd, params->ifname, NULL);
5715 drv->nlmode = NL80211_IFTYPE_AP;
5716 if (linux_br_get(brname, params->ifname) == 0) {
5717 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
5718 params->ifname, brname);
5719 br_ifindex = if_nametoindex(brname);
5725 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
5726 drv->if_indices = drv->default_if_indices;
5727 for (i = 0; i < params->num_bridge; i++) {
5728 if (params->bridge[i]) {
5729 ifindex = if_nametoindex(params->bridge[i]);
5731 add_ifidx(drv, ifindex);
5732 if (ifindex == br_ifindex)
5736 if (!br_added && br_ifindex &&
5737 (params->num_bridge == 0 || !params->bridge[0]))
5738 add_ifidx(drv, br_ifindex);
5740 /* start listening for EAPOL on the default AP interface */
5741 add_ifidx(drv, drv->ifindex);
5743 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0))
5746 if (params->bssid) {
5747 if (linux_set_ifhwaddr(drv->ioctl_sock, bss->ifname,
5752 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_AP)) {
5753 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s "
5754 "into AP mode", bss->ifname);
5758 if (params->num_bridge && params->bridge[0] &&
5759 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0)
5762 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1))
5765 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
5766 if (drv->eapol_sock < 0) {
5767 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
5771 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
5773 printf("Could not register read socket for eapol\n");
5777 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, params->own_addr))
5783 nl80211_remove_monitor_interface(drv);
5784 rfkill_deinit(drv->rfkill);
5785 netlink_deinit(drv->netlink);
5786 if (drv->ioctl_sock >= 0)
5787 close(drv->ioctl_sock);
5789 genl_family_put(drv->nl80211);
5790 nl_cache_free(drv->nl_cache);
5791 nl80211_handle_destroy(drv->nl_handle);
5792 nl_cb_put(drv->nl_cb);
5793 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event));
5800 static void i802_deinit(void *priv)
5802 wpa_driver_nl80211_deinit(priv);
5805 #endif /* HOSTAPD */
5808 static enum nl80211_iftype wpa_driver_nl80211_if_type(
5809 enum wpa_driver_if_type type)
5812 case WPA_IF_STATION:
5813 return NL80211_IFTYPE_STATION;
5814 case WPA_IF_P2P_CLIENT:
5815 case WPA_IF_P2P_GROUP:
5816 return NL80211_IFTYPE_P2P_CLIENT;
5817 case WPA_IF_AP_VLAN:
5818 return NL80211_IFTYPE_AP_VLAN;
5820 return NL80211_IFTYPE_AP;
5822 return NL80211_IFTYPE_P2P_GO;
5830 static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
5832 struct wpa_driver_nl80211_data *drv;
5833 dl_list_for_each(drv, &global->interfaces,
5834 struct wpa_driver_nl80211_data, list) {
5835 if (os_memcmp(addr, drv->addr, ETH_ALEN) == 0)
5842 static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv,
5850 os_memcpy(new_addr, drv->addr, ETH_ALEN);
5851 for (idx = 0; idx < 64; idx++) {
5852 new_addr[0] = drv->addr[0] | 0x02;
5853 new_addr[0] ^= idx << 2;
5854 if (!nl80211_addr_in_use(drv->global, new_addr))
5860 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address "
5861 MACSTR, MAC2STR(new_addr));
5866 #endif /* CONFIG_P2P */
5869 static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
5870 const char *ifname, const u8 *addr,
5871 void *bss_ctx, void **drv_priv,
5872 char *force_ifname, u8 *if_addr,
5875 struct i802_bss *bss = priv;
5876 struct wpa_driver_nl80211_data *drv = bss->drv;
5879 struct i802_bss *new_bss = NULL;
5881 if (type == WPA_IF_AP_BSS) {
5882 new_bss = os_zalloc(sizeof(*new_bss));
5883 if (new_bss == NULL)
5886 #endif /* HOSTAPD */
5889 os_memcpy(if_addr, addr, ETH_ALEN);
5890 ifidx = nl80211_create_iface(drv, ifname,
5891 wpa_driver_nl80211_if_type(type), addr,
5896 #endif /* HOSTAPD */
5901 linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, if_addr) < 0) {
5902 nl80211_remove_iface(drv, ifidx);
5908 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP ||
5909 type == WPA_IF_P2P_GO)) {
5910 /* Enforce unique P2P Interface Address */
5911 u8 new_addr[ETH_ALEN], own_addr[ETH_ALEN];
5913 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr)
5915 linux_get_ifhwaddr(drv->ioctl_sock, ifname, new_addr) < 0)
5917 nl80211_remove_iface(drv, ifidx);
5920 if (os_memcmp(own_addr, new_addr, ETH_ALEN) == 0) {
5921 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address "
5922 "for P2P group interface");
5923 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) {
5924 nl80211_remove_iface(drv, ifidx);
5927 if (linux_set_ifhwaddr(drv->ioctl_sock, ifname,
5929 nl80211_remove_iface(drv, ifidx);
5932 os_memcpy(if_addr, new_addr, ETH_ALEN);
5935 #endif /* CONFIG_P2P */
5939 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) {
5940 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new "
5941 "interface %s to a bridge %s", ifname, bridge);
5942 nl80211_remove_iface(drv, ifidx);
5947 if (type == WPA_IF_AP_BSS) {
5948 if (linux_set_iface_flags(drv->ioctl_sock, ifname, 1)) {
5949 nl80211_remove_iface(drv, ifidx);
5953 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
5954 new_bss->ifindex = ifidx;
5956 new_bss->next = drv->first_bss.next;
5957 drv->first_bss.next = new_bss;
5959 *drv_priv = new_bss;
5961 #endif /* HOSTAPD */
5967 static int wpa_driver_nl80211_if_remove(void *priv,
5968 enum wpa_driver_if_type type,
5971 struct i802_bss *bss = priv;
5972 struct wpa_driver_nl80211_data *drv = bss->drv;
5973 int ifindex = if_nametoindex(ifname);
5975 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d",
5976 __func__, type, ifname, ifindex);
5981 if (bss->added_if_into_bridge) {
5982 if (linux_br_del_if(drv->ioctl_sock, bss->brname, bss->ifname)
5984 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
5985 "interface %s from bridge %s: %s",
5986 bss->ifname, bss->brname, strerror(errno));
5988 if (bss->added_bridge) {
5989 if (linux_br_del(drv->ioctl_sock, bss->brname) < 0)
5990 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
5992 bss->brname, strerror(errno));
5994 #endif /* HOSTAPD */
5996 nl80211_remove_iface(drv, ifindex);
5999 if (type != WPA_IF_AP_BSS)
6002 if (bss != &drv->first_bss) {
6003 struct i802_bss *tbss;
6005 for (tbss = &drv->first_bss; tbss; tbss = tbss->next) {
6006 if (tbss->next == bss) {
6007 tbss->next = bss->next;
6014 wpa_printf(MSG_INFO, "nl80211: %s - could not find "
6015 "BSS %p in the list", __func__, bss);
6017 #endif /* HOSTAPD */
6023 static int cookie_handler(struct nl_msg *msg, void *arg)
6025 struct nlattr *tb[NL80211_ATTR_MAX + 1];
6026 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6028 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6029 genlmsg_attrlen(gnlh, 0), NULL);
6030 if (tb[NL80211_ATTR_COOKIE])
6031 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
6036 static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv,
6037 unsigned int freq, unsigned int wait,
6038 const u8 *buf, size_t buf_len,
6045 msg = nlmsg_alloc();
6049 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
6050 NL80211_CMD_FRAME, 0);
6052 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6053 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
6054 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait);
6055 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
6056 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf);
6059 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
6062 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d "
6063 "(%s)", ret, strerror(-ret));
6064 goto nla_put_failure;
6066 wpa_printf(MSG_DEBUG, "nl80211: Frame TX command accepted; "
6067 "cookie 0x%llx", (long long unsigned int) cookie);
6070 *cookie_out = cookie;
6078 static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq,
6079 unsigned int wait_time,
6080 const u8 *dst, const u8 *src,
6082 const u8 *data, size_t data_len)
6084 struct i802_bss *bss = priv;
6085 struct wpa_driver_nl80211_data *drv = bss->drv;
6088 struct ieee80211_hdr *hdr;
6090 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
6091 "wait=%d ms)", drv->ifindex, wait_time);
6093 buf = os_zalloc(24 + data_len);
6096 os_memcpy(buf + 24, data, data_len);
6097 hdr = (struct ieee80211_hdr *) buf;
6098 hdr->frame_control =
6099 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
6100 os_memcpy(hdr->addr1, dst, ETH_ALEN);
6101 os_memcpy(hdr->addr2, src, ETH_ALEN);
6102 os_memcpy(hdr->addr3, bssid, ETH_ALEN);
6104 if (drv->nlmode == NL80211_IFTYPE_AP)
6105 ret = wpa_driver_nl80211_send_mlme(priv, buf, 24 + data_len);
6107 ret = nl80211_send_frame_cmd(drv, freq, wait_time, buf,
6109 &drv->send_action_cookie);
6116 static void wpa_driver_nl80211_send_action_cancel_wait(void *priv)
6118 struct i802_bss *bss = priv;
6119 struct wpa_driver_nl80211_data *drv = bss->drv;
6123 msg = nlmsg_alloc();
6127 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
6128 NL80211_CMD_FRAME_WAIT_CANCEL, 0);
6130 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6131 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie);
6133 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6136 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d "
6137 "(%s)", ret, strerror(-ret));
6144 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
6145 unsigned int duration)
6147 struct i802_bss *bss = priv;
6148 struct wpa_driver_nl80211_data *drv = bss->drv;
6153 msg = nlmsg_alloc();
6157 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
6158 NL80211_CMD_REMAIN_ON_CHANNEL, 0);
6160 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6161 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
6162 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
6165 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
6167 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
6168 "0x%llx for freq=%u MHz duration=%u",
6169 (long long unsigned int) cookie, freq, duration);
6170 drv->remain_on_chan_cookie = cookie;
6173 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
6174 "(freq=%d duration=%u): %d (%s)",
6175 freq, duration, ret, strerror(-ret));
6181 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
6183 struct i802_bss *bss = priv;
6184 struct wpa_driver_nl80211_data *drv = bss->drv;
6188 if (!drv->pending_remain_on_chan) {
6189 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
6194 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
6196 (long long unsigned int) drv->remain_on_chan_cookie);
6198 msg = nlmsg_alloc();
6202 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
6203 NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 0);
6205 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6206 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie);
6208 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6211 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
6212 "%d (%s)", ret, strerror(-ret));
6218 static int wpa_driver_nl80211_probe_req_report(void *priv, int report)
6220 struct i802_bss *bss = priv;
6221 struct wpa_driver_nl80211_data *drv = bss->drv;
6223 if (drv->nlmode != NL80211_IFTYPE_STATION) {
6224 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only "
6225 "allowed in station mode (iftype=%d)",
6231 if (drv->nl_handle_preq) {
6232 eloop_unregister_read_sock(
6233 nl_socket_get_fd(drv->nl_handle_preq));
6234 nl_cache_free(drv->nl_cache_preq);
6235 nl80211_handle_destroy(drv->nl_handle_preq);
6236 drv->nl_handle_preq = NULL;
6241 if (drv->nl_handle_preq) {
6242 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting "
6247 drv->nl_handle_preq = nl80211_handle_alloc(drv->nl_cb);
6248 if (drv->nl_handle_preq == NULL) {
6249 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate "
6250 "netlink callbacks (preq)");
6254 if (genl_connect(drv->nl_handle_preq)) {
6255 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to "
6256 "generic netlink (preq)");
6261 #ifdef CONFIG_LIBNL20
6262 if (genl_ctrl_alloc_cache(drv->nl_handle_preq,
6263 &drv->nl_cache_preq) < 0) {
6264 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
6265 "netlink cache (preq)");
6268 #else /* CONFIG_LIBNL20 */
6269 drv->nl_cache_preq = genl_ctrl_alloc_cache(drv->nl_handle_preq);
6270 if (drv->nl_cache_preq == NULL) {
6271 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
6272 "netlink cache (preq)");
6275 #endif /* CONFIG_LIBNL20 */
6277 if (nl80211_register_frame(drv, drv->nl_handle_preq,
6278 (WLAN_FC_TYPE_MGMT << 2) |
6279 (WLAN_FC_STYPE_PROBE_REQ << 4),
6284 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_preq),
6285 wpa_driver_nl80211_event_receive, drv,
6286 drv->nl_handle_preq);
6291 nl_cache_free(drv->nl_cache_preq);
6293 nl80211_handle_destroy(drv->nl_handle_preq);
6294 drv->nl_handle_preq = NULL;
6300 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
6301 int ifindex, int disabled)
6304 struct nlattr *bands, *band;
6307 msg = nlmsg_alloc();
6311 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
6312 NL80211_CMD_SET_TX_BITRATE_MASK, 0);
6313 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
6315 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
6317 goto nla_put_failure;
6320 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
6321 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
6322 * rates. All 5 GHz rates are left enabled.
6324 band = nla_nest_start(msg, NL80211_BAND_2GHZ);
6326 goto nla_put_failure;
6327 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8,
6328 "\x0c\x12\x18\x24\x30\x48\x60\x6c");
6329 nla_nest_end(msg, band);
6331 nla_nest_end(msg, bands);
6333 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6336 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
6337 "(%s)", ret, strerror(-ret));
6348 static int wpa_driver_nl80211_disable_11b_rates(void *priv, int disabled)
6350 struct i802_bss *bss = priv;
6351 struct wpa_driver_nl80211_data *drv = bss->drv;
6352 drv->disable_11b_rates = disabled;
6353 return nl80211_disable_11b_rates(drv, drv->ifindex, disabled);
6357 static int wpa_driver_nl80211_deinit_ap(void *priv)
6359 struct i802_bss *bss = priv;
6360 struct wpa_driver_nl80211_data *drv = bss->drv;
6361 if (drv->nlmode != NL80211_IFTYPE_AP)
6363 wpa_driver_nl80211_del_beacon(drv);
6364 return wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA);
6368 static void wpa_driver_nl80211_resume(void *priv)
6370 struct i802_bss *bss = priv;
6371 struct wpa_driver_nl80211_data *drv = bss->drv;
6372 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) {
6373 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on "
6379 static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap,
6380 const u8 *ies, size_t ies_len)
6382 struct i802_bss *bss = priv;
6383 struct wpa_driver_nl80211_data *drv = bss->drv;
6387 u8 own_addr[ETH_ALEN];
6389 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) < 0)
6393 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action "
6394 "action %d", action);
6399 * Action frame payload:
6400 * Category[1] = 6 (Fast BSS Transition)
6401 * Action[1] = 1 (Fast BSS Transition Request)
6407 data_len = 2 + 2 * ETH_ALEN + ies_len;
6408 data = os_malloc(data_len);
6412 *pos++ = 0x06; /* FT Action category */
6414 os_memcpy(pos, own_addr, ETH_ALEN);
6416 os_memcpy(pos, target_ap, ETH_ALEN);
6418 os_memcpy(pos, ies, ies_len);
6420 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0,
6421 drv->bssid, own_addr, drv->bssid,
6429 static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
6431 struct i802_bss *bss = priv;
6432 struct wpa_driver_nl80211_data *drv = bss->drv;
6433 struct nl_msg *msg, *cqm = NULL;
6435 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
6436 "hysteresis=%d", threshold, hysteresis);
6438 msg = nlmsg_alloc();
6442 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
6443 0, NL80211_CMD_SET_CQM, 0);
6445 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
6447 cqm = nlmsg_alloc();
6451 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold);
6452 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis);
6453 nla_put_nested(msg, NL80211_ATTR_CQM, cqm);
6455 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
6467 static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si)
6469 struct i802_bss *bss = priv;
6470 struct wpa_driver_nl80211_data *drv = bss->drv;
6473 os_memset(si, 0, sizeof(*si));
6474 res = nl80211_get_link_signal(drv, si);
6478 return nl80211_get_link_noise(drv, si);
6482 static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len,
6485 struct i802_bss *bss = priv;
6486 struct wpa_driver_nl80211_data *drv = bss->drv;
6487 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt);
6491 static int nl80211_set_intra_bss(void *priv, int enabled)
6493 struct i802_bss *bss = priv;
6494 struct wpa_driver_nl80211_data *drv = bss->drv;
6497 msg = nlmsg_alloc();
6501 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
6502 NL80211_CMD_SET_BSS, 0);
6504 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
6505 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, !enabled);
6507 return send_and_recv_msgs(drv, msg, NULL, NULL);
6513 static int nl80211_set_param(void *priv, const char *param)
6515 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param);
6520 if (os_strstr(param, "use_p2p_group_interface=1")) {
6521 struct i802_bss *bss = priv;
6522 struct wpa_driver_nl80211_data *drv = bss->drv;
6524 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
6526 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
6527 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
6529 #endif /* CONFIG_P2P */
6535 static void * nl80211_global_init(void)
6537 struct nl80211_global *global;
6538 global = os_zalloc(sizeof(*global));
6541 dl_list_init(&global->interfaces);
6546 static void nl80211_global_deinit(void *priv)
6548 struct nl80211_global *global = priv;
6551 if (!dl_list_empty(&global->interfaces)) {
6552 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at "
6553 "nl80211_global_deinit",
6554 dl_list_len(&global->interfaces));
6560 static const char * nl80211_get_radio_name(void *priv)
6562 struct i802_bss *bss = priv;
6563 struct wpa_driver_nl80211_data *drv = bss->drv;
6564 return drv->phyname;
6568 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
6570 .desc = "Linux nl80211/cfg80211",
6571 .get_bssid = wpa_driver_nl80211_get_bssid,
6572 .get_ssid = wpa_driver_nl80211_get_ssid,
6573 .set_key = wpa_driver_nl80211_set_key,
6574 .scan2 = wpa_driver_nl80211_scan,
6575 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
6576 .deauthenticate = wpa_driver_nl80211_deauthenticate,
6577 .disassociate = wpa_driver_nl80211_disassociate,
6578 .authenticate = wpa_driver_nl80211_authenticate,
6579 .associate = wpa_driver_nl80211_associate,
6580 .global_init = nl80211_global_init,
6581 .global_deinit = nl80211_global_deinit,
6582 .init2 = wpa_driver_nl80211_init,
6583 .deinit = wpa_driver_nl80211_deinit,
6584 .get_capa = wpa_driver_nl80211_get_capa,
6585 .set_operstate = wpa_driver_nl80211_set_operstate,
6586 .set_supp_port = wpa_driver_nl80211_set_supp_port,
6587 .set_country = wpa_driver_nl80211_set_country,
6588 .set_beacon = wpa_driver_nl80211_set_beacon,
6589 .if_add = wpa_driver_nl80211_if_add,
6590 .if_remove = wpa_driver_nl80211_if_remove,
6591 .send_mlme = wpa_driver_nl80211_send_mlme,
6592 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
6593 .sta_add = wpa_driver_nl80211_sta_add,
6594 .sta_remove = wpa_driver_nl80211_sta_remove,
6595 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
6596 .sta_set_flags = wpa_driver_nl80211_sta_set_flags,
6598 .hapd_init = i802_init,
6599 .hapd_deinit = i802_deinit,
6600 .get_seqnum = i802_get_seqnum,
6601 .flush = i802_flush,
6602 .read_sta_data = i802_read_sta_data,
6603 .get_inact_sec = i802_get_inact_sec,
6604 .sta_clear_stats = i802_sta_clear_stats,
6605 .set_rts = i802_set_rts,
6606 .set_frag = i802_set_frag,
6607 .set_cts_protect = i802_set_cts_protect,
6608 .set_preamble = i802_set_preamble,
6609 .set_short_slot_time = i802_set_short_slot_time,
6610 .set_tx_queue_params = i802_set_tx_queue_params,
6611 .set_sta_vlan = i802_set_sta_vlan,
6612 .set_wds_sta = i802_set_wds_sta,
6613 .set_ht_params = i802_set_ht_params,
6614 #endif /* HOSTAPD */
6615 #if defined(HOSTAPD) || defined(CONFIG_AP)
6616 .set_rate_sets = i802_set_rate_sets,
6617 .sta_deauth = i802_sta_deauth,
6618 .sta_disassoc = i802_sta_disassoc,
6619 #endif /* HOSTAPD || CONFIG_AP */
6620 .set_freq = i802_set_freq,
6621 .send_action = wpa_driver_nl80211_send_action,
6622 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait,
6623 .remain_on_channel = wpa_driver_nl80211_remain_on_channel,
6624 .cancel_remain_on_channel =
6625 wpa_driver_nl80211_cancel_remain_on_channel,
6626 .probe_req_report = wpa_driver_nl80211_probe_req_report,
6627 .disable_11b_rates = wpa_driver_nl80211_disable_11b_rates,
6628 .deinit_ap = wpa_driver_nl80211_deinit_ap,
6629 .resume = wpa_driver_nl80211_resume,
6630 .send_ft_action = nl80211_send_ft_action,
6631 .signal_monitor = nl80211_signal_monitor,
6632 .signal_poll = nl80211_signal_poll,
6633 .send_frame = nl80211_send_frame,
6634 .set_intra_bss = nl80211_set_intra_bss,
6635 .set_param = nl80211_set_param,
6636 .get_radio_name = nl80211_get_radio_name,