2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009-2010, Atheros Communications
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
13 * Alternatively, this software may be distributed under the terms of BSD
16 * See README and COPYING for more details.
20 #include <sys/ioctl.h>
22 #include <netlink/genl/genl.h>
23 #include <netlink/genl/family.h>
24 #include <netlink/genl/ctrl.h>
25 #include <netpacket/packet.h>
26 #include <linux/filter.h>
27 #include "nl80211_copy.h"
31 #include "common/ieee802_11_defs.h"
33 #include "linux_ioctl.h"
35 #include "radiotap_iter.h"
40 /* libnl 2.0 compatibility code */
41 #define nl_handle nl_sock
42 #define nl_handle_alloc_cb nl_socket_alloc_cb
43 #define nl_handle_destroy nl_socket_free
44 #endif /* CONFIG_LIBNL20 */
48 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
51 #define IFF_DORMANT 0x20000 /* driver signals dormant */
54 #ifndef IF_OPER_DORMANT
55 #define IF_OPER_DORMANT 5
62 struct wpa_driver_nl80211_data *drv;
63 struct i802_bss *next;
65 char ifname[IFNAMSIZ + 1];
66 unsigned int beacon_set:1;
69 struct wpa_driver_nl80211_data {
71 struct netlink_data *netlink;
72 int ioctl_sock; /* socket for ioctl() use */
73 char brname[IFNAMSIZ];
77 struct rfkill_data *rfkill;
78 struct wpa_driver_capa capa;
83 int scan_complete_events;
85 struct nl_handle *nl_handle;
86 struct nl_handle *nl_handle_event;
87 struct nl_cache *nl_cache;
88 struct nl_cache *nl_cache_event;
90 struct genl_family *nl80211;
92 u8 auth_bssid[ETH_ALEN];
98 int ap_scan_as_station;
99 unsigned int assoc_freq;
103 int probe_req_report;
104 int disable_11b_rates;
106 unsigned int pending_remain_on_chan:1;
107 unsigned int added_bridge:1;
108 unsigned int added_if_into_bridge:1;
110 u64 remain_on_chan_cookie;
111 u64 send_action_cookie;
113 struct wpa_driver_scan_filter *filter_ssids;
114 size_t num_filter_ssids;
116 struct i802_bss first_bss;
119 int eapol_sock; /* socket for EAPOL frames */
121 int default_if_indices[16];
131 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
133 static int wpa_driver_nl80211_set_mode(void *priv, int mode);
135 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
136 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
137 const u8 *addr, int cmd, u16 reason_code,
138 int local_state_change);
139 static void nl80211_remove_monitor_interface(
140 struct wpa_driver_nl80211_data *drv);
143 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
144 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
145 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
146 static int wpa_driver_nl80211_if_remove(void *priv,
147 enum wpa_driver_if_type type,
150 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
156 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq);
157 static void wpa_driver_nl80211_probe_req_report_timeout(void *eloop_ctx,
159 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
160 int ifindex, int disabled);
164 static int ack_handler(struct nl_msg *msg, void *arg)
171 static int finish_handler(struct nl_msg *msg, void *arg)
178 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
187 static int no_seq_check(struct nl_msg *msg, void *arg)
193 static int send_and_recv(struct wpa_driver_nl80211_data *drv,
194 struct nl_handle *nl_handle, struct nl_msg *msg,
195 int (*valid_handler)(struct nl_msg *, void *),
201 cb = nl_cb_clone(drv->nl_cb);
205 err = nl_send_auto_complete(nl_handle, msg);
211 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
212 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
213 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
216 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
217 valid_handler, valid_data);
220 nl_recvmsgs(nl_handle, cb);
228 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
230 int (*valid_handler)(struct nl_msg *, void *),
233 return send_and_recv(drv, drv->nl_handle, msg, valid_handler,
244 static int family_handler(struct nl_msg *msg, void *arg)
246 struct family_data *res = arg;
247 struct nlattr *tb[CTRL_ATTR_MAX + 1];
248 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
249 struct nlattr *mcgrp;
252 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
253 genlmsg_attrlen(gnlh, 0), NULL);
254 if (!tb[CTRL_ATTR_MCAST_GROUPS])
257 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
258 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
259 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
260 nla_len(mcgrp), NULL);
261 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
262 !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
263 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
265 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
267 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
275 static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv,
276 const char *family, const char *group)
280 struct family_data res = { group, -ENOENT };
285 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"),
286 0, 0, CTRL_CMD_GETFAMILY, 0);
287 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
289 ret = send_and_recv_msgs(drv, msg, family_handler, &res);
300 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
302 struct i802_bss *bss = priv;
303 struct wpa_driver_nl80211_data *drv = bss->drv;
304 if (!drv->associated)
306 os_memcpy(bssid, drv->bssid, ETH_ALEN);
311 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
313 struct i802_bss *bss = priv;
314 struct wpa_driver_nl80211_data *drv = bss->drv;
315 if (!drv->associated)
317 os_memcpy(ssid, drv->ssid, drv->ssid_len);
318 return drv->ssid_len;
322 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
323 char *buf, size_t len, int del)
325 union wpa_event_data event;
327 os_memset(&event, 0, sizeof(event));
328 if (len > sizeof(event.interface_status.ifname))
329 len = sizeof(event.interface_status.ifname) - 1;
330 os_memcpy(event.interface_status.ifname, buf, len);
331 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
332 EVENT_INTERFACE_ADDED;
334 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
336 event.interface_status.ifname,
337 del ? "removed" : "added");
339 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) {
346 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
350 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
353 int attrlen, rta_len;
357 attr = (struct rtattr *) buf;
359 rta_len = RTA_ALIGN(sizeof(struct rtattr));
360 while (RTA_OK(attr, attrlen)) {
361 if (attr->rta_type == IFLA_IFNAME) {
362 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname)
368 attr = RTA_NEXT(attr, attrlen);
375 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
376 int ifindex, u8 *buf, size_t len)
378 if (drv->ifindex == ifindex)
381 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
382 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname);
383 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
385 wpa_driver_nl80211_finish_drv_init(drv);
393 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
394 struct ifinfomsg *ifi,
397 struct wpa_driver_nl80211_data *drv = ctx;
398 int attrlen, rta_len;
402 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, buf, len) &&
403 !have_ifidx(drv, ifi->ifi_index)) {
404 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign "
405 "ifindex %d", ifi->ifi_index);
409 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
411 drv->operstate, ifi->ifi_flags,
412 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
413 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
414 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
415 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
417 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
418 wpa_printf(MSG_DEBUG, "nl80211: Interface down");
419 drv->if_disabled = 1;
420 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL);
423 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
424 wpa_printf(MSG_DEBUG, "nl80211: Interface up");
425 drv->if_disabled = 0;
426 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL);
430 * Some drivers send the association event before the operup event--in
431 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
432 * fails. This will hit us when wpa_supplicant does not need to do
433 * IEEE 802.1X authentication
435 if (drv->operstate == 1 &&
436 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
437 !(ifi->ifi_flags & IFF_RUNNING))
438 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
442 attr = (struct rtattr *) buf;
443 rta_len = RTA_ALIGN(sizeof(struct rtattr));
444 while (RTA_OK(attr, attrlen)) {
445 if (attr->rta_type == IFLA_IFNAME) {
446 wpa_driver_nl80211_event_link(
448 ((char *) attr) + rta_len,
449 attr->rta_len - rta_len, 0);
450 } else if (attr->rta_type == IFLA_MASTER)
451 brid = nla_get_u32((struct nlattr *) attr);
452 attr = RTA_NEXT(attr, attrlen);
456 if (ifi->ifi_family == AF_BRIDGE && brid) {
457 /* device has been added to bridge */
458 char namebuf[IFNAMSIZ];
459 if_indextoname(brid, namebuf);
460 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
462 add_ifidx(drv, brid);
468 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
469 struct ifinfomsg *ifi,
472 struct wpa_driver_nl80211_data *drv = ctx;
473 int attrlen, rta_len;
478 attr = (struct rtattr *) buf;
480 rta_len = RTA_ALIGN(sizeof(struct rtattr));
481 while (RTA_OK(attr, attrlen)) {
482 if (attr->rta_type == IFLA_IFNAME) {
483 wpa_driver_nl80211_event_link(
485 ((char *) attr) + rta_len,
486 attr->rta_len - rta_len, 1);
487 } else if (attr->rta_type == IFLA_MASTER)
488 brid = nla_get_u32((struct nlattr *) attr);
489 attr = RTA_NEXT(attr, attrlen);
493 if (ifi->ifi_family == AF_BRIDGE && brid) {
494 /* device has been removed from bridge */
495 char namebuf[IFNAMSIZ];
496 if_indextoname(brid, namebuf);
497 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge "
498 "%s", brid, namebuf);
499 del_ifidx(drv, brid);
505 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
506 const u8 *frame, size_t len)
508 const struct ieee80211_mgmt *mgmt;
509 union wpa_event_data event;
511 mgmt = (const struct ieee80211_mgmt *) frame;
512 if (len < 24 + sizeof(mgmt->u.auth)) {
513 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
518 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN);
519 os_memset(&event, 0, sizeof(event));
520 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
521 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
522 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
523 if (len > 24 + sizeof(mgmt->u.auth)) {
524 event.auth.ies = mgmt->u.auth.variable;
525 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
528 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
532 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
533 const u8 *frame, size_t len)
535 const struct ieee80211_mgmt *mgmt;
536 union wpa_event_data event;
539 mgmt = (const struct ieee80211_mgmt *) frame;
540 if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
541 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
546 status = le_to_host16(mgmt->u.assoc_resp.status_code);
547 if (status != WLAN_STATUS_SUCCESS) {
548 os_memset(&event, 0, sizeof(event));
549 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
550 event.assoc_reject.resp_ies =
551 (u8 *) mgmt->u.assoc_resp.variable;
552 event.assoc_reject.resp_ies_len =
553 len - 24 - sizeof(mgmt->u.assoc_resp);
555 event.assoc_reject.status_code = status;
557 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
562 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
564 os_memset(&event, 0, sizeof(event));
565 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
566 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
567 event.assoc_info.resp_ies_len =
568 len - 24 - sizeof(mgmt->u.assoc_resp);
571 event.assoc_info.freq = drv->assoc_freq;
573 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
577 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
578 enum nl80211_commands cmd, struct nlattr *status,
579 struct nlattr *addr, struct nlattr *req_ie,
580 struct nlattr *resp_ie)
582 union wpa_event_data event;
584 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
586 * Avoid reporting two association events that would confuse
589 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) "
590 "when using userspace SME", cmd);
594 os_memset(&event, 0, sizeof(event));
595 if (cmd == NL80211_CMD_CONNECT &&
596 nla_get_u16(status) != WLAN_STATUS_SUCCESS) {
598 event.assoc_reject.resp_ies = nla_data(resp_ie);
599 event.assoc_reject.resp_ies_len = nla_len(resp_ie);
601 event.assoc_reject.status_code = nla_get_u16(status);
602 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
608 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN);
611 event.assoc_info.req_ies = nla_data(req_ie);
612 event.assoc_info.req_ies_len = nla_len(req_ie);
615 event.assoc_info.resp_ies = nla_data(resp_ie);
616 event.assoc_info.resp_ies_len = nla_len(resp_ie);
619 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
623 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv,
624 enum nl80211_commands cmd, struct nlattr *addr)
626 union wpa_event_data event;
627 enum wpa_event_type ev;
629 if (nla_len(addr) != ETH_ALEN)
632 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR,
633 cmd, MAC2STR((u8 *) nla_data(addr)));
635 if (cmd == NL80211_CMD_AUTHENTICATE)
636 ev = EVENT_AUTH_TIMED_OUT;
637 else if (cmd == NL80211_CMD_ASSOCIATE)
638 ev = EVENT_ASSOC_TIMED_OUT;
642 os_memset(&event, 0, sizeof(event));
643 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN);
644 wpa_supplicant_event(drv->ctx, ev, &event);
648 static void mlme_event_action(struct wpa_driver_nl80211_data *drv,
649 struct nlattr *freq, const u8 *frame, size_t len)
651 const struct ieee80211_mgmt *mgmt;
652 union wpa_event_data event;
655 mgmt = (const struct ieee80211_mgmt *) frame;
657 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame");
661 fc = le_to_host16(mgmt->frame_control);
662 stype = WLAN_FC_GET_STYPE(fc);
664 os_memset(&event, 0, sizeof(event));
665 event.rx_action.da = mgmt->da;
666 event.rx_action.sa = mgmt->sa;
667 event.rx_action.bssid = mgmt->bssid;
668 event.rx_action.category = mgmt->u.action.category;
669 event.rx_action.data = &mgmt->u.action.category + 1;
670 event.rx_action.len = frame + len - event.rx_action.data;
672 event.rx_action.freq = nla_get_u32(freq);
673 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event);
677 static void mlme_event_action_tx_status(struct wpa_driver_nl80211_data *drv,
678 struct nlattr *cookie, const u8 *frame,
679 size_t len, struct nlattr *ack)
681 union wpa_event_data event;
682 const struct ieee80211_hdr *hdr;
689 cookie_val = nla_get_u64(cookie);
690 wpa_printf(MSG_DEBUG, "nl80211: Action TX status: cookie=0%llx%s "
692 (long long unsigned int) cookie_val,
693 cookie_val == drv->send_action_cookie ?
694 " (match)" : " (unknown)", ack != NULL);
695 if (cookie_val != drv->send_action_cookie)
698 hdr = (const struct ieee80211_hdr *) frame;
699 fc = le_to_host16(hdr->frame_control);
701 os_memset(&event, 0, sizeof(event));
702 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
703 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
704 event.tx_status.dst = hdr->addr1;
705 event.tx_status.data = frame;
706 event.tx_status.data_len = len;
707 event.tx_status.ack = ack != NULL;
708 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event);
712 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
713 enum wpa_event_type type,
714 const u8 *frame, size_t len)
716 const struct ieee80211_mgmt *mgmt;
717 union wpa_event_data event;
718 const u8 *bssid = NULL;
721 mgmt = (const struct ieee80211_mgmt *) frame;
725 if (drv->associated != 0 &&
726 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
727 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
729 * We have presumably received this deauth as a
730 * response to a clear_state_mismatch() outgoing
731 * deauth. Don't let it take us offline!
733 wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
734 "from Unknown BSSID " MACSTR " -- ignoring",
741 os_memset(&event, 0, sizeof(event));
743 /* Note: Same offset for Reason Code in both frame subtypes */
744 if (len >= 24 + sizeof(mgmt->u.deauth))
745 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
747 if (type == EVENT_DISASSOC) {
748 event.disassoc_info.addr = bssid;
749 event.disassoc_info.reason_code = reason_code;
751 event.deauth_info.addr = bssid;
752 event.deauth_info.reason_code = reason_code;
755 wpa_supplicant_event(drv->ctx, type, &event);
759 static void mlme_event(struct wpa_driver_nl80211_data *drv,
760 enum nl80211_commands cmd, struct nlattr *frame,
761 struct nlattr *addr, struct nlattr *timed_out,
762 struct nlattr *freq, struct nlattr *ack,
763 struct nlattr *cookie)
765 if (timed_out && addr) {
766 mlme_timeout_event(drv, cmd, addr);
771 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame "
776 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd);
777 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
778 nla_data(frame), nla_len(frame));
781 case NL80211_CMD_AUTHENTICATE:
782 mlme_event_auth(drv, nla_data(frame), nla_len(frame));
784 case NL80211_CMD_ASSOCIATE:
785 mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
787 case NL80211_CMD_DEAUTHENTICATE:
788 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH,
789 nla_data(frame), nla_len(frame));
791 case NL80211_CMD_DISASSOCIATE:
792 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC,
793 nla_data(frame), nla_len(frame));
795 case NL80211_CMD_ACTION:
796 mlme_event_action(drv, freq, nla_data(frame), nla_len(frame));
798 case NL80211_CMD_ACTION_TX_STATUS:
799 mlme_event_action_tx_status(drv, cookie, nla_data(frame),
800 nla_len(frame), ack);
808 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv,
811 union wpa_event_data data;
813 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
814 os_memset(&data, 0, sizeof(data));
815 if (tb[NL80211_ATTR_MAC]) {
816 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
817 nla_data(tb[NL80211_ATTR_MAC]),
818 nla_len(tb[NL80211_ATTR_MAC]));
819 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]);
821 if (tb[NL80211_ATTR_KEY_SEQ]) {
822 wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
823 nla_data(tb[NL80211_ATTR_KEY_SEQ]),
824 nla_len(tb[NL80211_ATTR_KEY_SEQ]));
826 if (tb[NL80211_ATTR_KEY_TYPE]) {
827 enum nl80211_key_type key_type =
828 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
829 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
830 if (key_type == NL80211_KEYTYPE_PAIRWISE)
831 data.michael_mic_failure.unicast = 1;
833 data.michael_mic_failure.unicast = 1;
835 if (tb[NL80211_ATTR_KEY_IDX]) {
836 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
837 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
840 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
844 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv,
847 if (tb[NL80211_ATTR_MAC] == NULL) {
848 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined "
852 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
854 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined",
855 MAC2STR(drv->bssid));
857 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
861 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv,
862 int cancel_event, struct nlattr *tb[])
864 unsigned int freq, chan_type, duration;
865 union wpa_event_data data;
868 if (tb[NL80211_ATTR_WIPHY_FREQ])
869 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
873 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
874 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
878 if (tb[NL80211_ATTR_DURATION])
879 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]);
883 if (tb[NL80211_ATTR_COOKIE])
884 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
888 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d "
889 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))",
890 cancel_event, freq, chan_type, duration,
891 (long long unsigned int) cookie,
892 cookie == drv->remain_on_chan_cookie ? "match" : "unknown");
894 if (cookie != drv->remain_on_chan_cookie)
895 return; /* not for us */
897 drv->pending_remain_on_chan = !cancel_event;
899 os_memset(&data, 0, sizeof(data));
900 data.remain_on_channel.freq = freq;
901 data.remain_on_channel.duration = duration;
902 wpa_supplicant_event(drv->ctx, cancel_event ?
903 EVENT_CANCEL_REMAIN_ON_CHANNEL :
904 EVENT_REMAIN_ON_CHANNEL, &data);
908 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
911 union wpa_event_data event;
914 struct scan_info *info;
915 #define MAX_REPORT_FREQS 50
916 int freqs[MAX_REPORT_FREQS];
919 os_memset(&event, 0, sizeof(event));
920 info = &event.scan_info;
921 info->aborted = aborted;
923 if (tb[NL80211_ATTR_SCAN_SSIDS]) {
924 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
925 struct wpa_driver_scan_ssid *s =
926 &info->ssids[info->num_ssids];
927 s->ssid = nla_data(nl);
928 s->ssid_len = nla_len(nl);
930 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
934 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
935 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem)
937 freqs[num_freqs] = nla_get_u32(nl);
939 if (num_freqs == MAX_REPORT_FREQS - 1)
943 info->num_freqs = num_freqs;
945 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
949 static int get_link_signal(struct nl_msg *msg, void *arg)
951 struct nlattr *tb[NL80211_ATTR_MAX + 1];
952 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
953 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
954 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
955 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
959 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
960 genlmsg_attrlen(gnlh, 0), NULL);
961 if (!tb[NL80211_ATTR_STA_INFO] ||
962 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
963 tb[NL80211_ATTR_STA_INFO], policy))
965 if (!sinfo[NL80211_STA_INFO_SIGNAL])
968 *sig = (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
973 static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
984 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
985 0, NL80211_CMD_GET_STATION, 0);
987 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
988 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
990 return send_and_recv_msgs(drv, msg, get_link_signal, sig);
996 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv,
999 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
1000 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
1001 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 },
1002 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
1004 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1];
1005 enum nl80211_cqm_rssi_threshold_event event;
1006 union wpa_event_data ed;
1009 if (tb[NL80211_ATTR_CQM] == NULL ||
1010 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM],
1012 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event");
1016 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL)
1018 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]);
1020 os_memset(&ed, 0, sizeof(ed));
1022 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) {
1023 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1024 "event: RSSI high");
1025 ed.signal_change.above_threshold = 1;
1026 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) {
1027 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1029 ed.signal_change.above_threshold = 0;
1033 res = nl80211_get_link_signal(drv, &sig);
1035 ed.signal_change.current_signal = sig;
1036 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm", sig);
1039 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed);
1043 static int process_event(struct nl_msg *msg, void *arg)
1045 struct wpa_driver_nl80211_data *drv = arg;
1046 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1047 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1048 union wpa_event_data data;
1050 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1051 genlmsg_attrlen(gnlh, 0), NULL);
1053 if (tb[NL80211_ATTR_IFINDEX]) {
1054 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1055 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) {
1056 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)"
1057 " for foreign interface (ifindex %d)",
1058 gnlh->cmd, ifindex);
1063 if (drv->ap_scan_as_station &&
1064 (gnlh->cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
1065 gnlh->cmd == NL80211_CMD_SCAN_ABORTED)) {
1066 wpa_driver_nl80211_set_mode(&drv->first_bss,
1068 drv->ap_scan_as_station = 0;
1071 switch (gnlh->cmd) {
1072 case NL80211_CMD_TRIGGER_SCAN:
1073 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger");
1075 case NL80211_CMD_NEW_SCAN_RESULTS:
1076 wpa_printf(MSG_DEBUG, "nl80211: New scan results available");
1077 drv->scan_complete_events = 1;
1078 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
1080 send_scan_event(drv, 0, tb);
1082 case NL80211_CMD_SCAN_ABORTED:
1083 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted");
1085 * Need to indicate that scan results are available in order
1086 * not to make wpa_supplicant stop its scanning.
1088 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
1090 send_scan_event(drv, 1, tb);
1092 case NL80211_CMD_AUTHENTICATE:
1093 case NL80211_CMD_ASSOCIATE:
1094 case NL80211_CMD_DEAUTHENTICATE:
1095 case NL80211_CMD_DISASSOCIATE:
1096 case NL80211_CMD_ACTION:
1097 case NL80211_CMD_ACTION_TX_STATUS:
1098 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME],
1099 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
1100 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
1101 tb[NL80211_ATTR_COOKIE]);
1103 case NL80211_CMD_CONNECT:
1104 case NL80211_CMD_ROAM:
1105 mlme_event_connect(drv, gnlh->cmd,
1106 tb[NL80211_ATTR_STATUS_CODE],
1107 tb[NL80211_ATTR_MAC],
1108 tb[NL80211_ATTR_REQ_IE],
1109 tb[NL80211_ATTR_RESP_IE]);
1111 case NL80211_CMD_DISCONNECT:
1112 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1114 * Avoid reporting two disassociation events that could
1115 * confuse the core code.
1117 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1118 "event when using userspace SME");
1121 drv->associated = 0;
1122 os_memset(&data, 0, sizeof(data));
1123 if (tb[NL80211_ATTR_REASON_CODE])
1124 data.disassoc_info.reason_code =
1125 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]);
1126 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data);
1128 case NL80211_CMD_MICHAEL_MIC_FAILURE:
1129 mlme_event_michael_mic_failure(drv, tb);
1131 case NL80211_CMD_JOIN_IBSS:
1132 mlme_event_join_ibss(drv, tb);
1134 case NL80211_CMD_REMAIN_ON_CHANNEL:
1135 mlme_event_remain_on_channel(drv, 0, tb);
1137 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL:
1138 mlme_event_remain_on_channel(drv, 1, tb);
1140 case NL80211_CMD_NOTIFY_CQM:
1141 nl80211_cqm_event(drv, tb);
1144 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
1145 "(cmd=%d)", gnlh->cmd);
1153 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
1157 struct wpa_driver_nl80211_data *drv = eloop_ctx;
1159 wpa_printf(MSG_DEBUG, "nl80211: Event message available");
1161 cb = nl_cb_clone(drv->nl_cb);
1164 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
1165 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv);
1166 nl_recvmsgs(drv->nl_handle_event, cb);
1172 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
1173 * @priv: driver_nl80211 private data
1174 * @alpha2_arg: country to which to switch to
1175 * Returns: 0 on success, -1 on failure
1177 * This asks nl80211 to set the regulatory domain for given
1178 * country ISO / IEC alpha2.
1180 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
1182 struct i802_bss *bss = priv;
1183 struct wpa_driver_nl80211_data *drv = bss->drv;
1187 msg = nlmsg_alloc();
1191 alpha2[0] = alpha2_arg[0];
1192 alpha2[1] = alpha2_arg[1];
1195 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1196 0, NL80211_CMD_REQ_SET_REG, 0);
1198 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
1199 if (send_and_recv_msgs(drv, msg, NULL, NULL))
1208 struct wiphy_info_data {
1212 int connect_supported;
1216 static int wiphy_info_handler(struct nl_msg *msg, void *arg)
1218 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1219 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1220 struct wiphy_info_data *info = arg;
1222 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1223 genlmsg_attrlen(gnlh, 0), NULL);
1225 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
1226 info->max_scan_ssids =
1227 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
1229 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) {
1230 struct nlattr *nl_mode;
1232 nla_for_each_nested(nl_mode,
1233 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) {
1234 if (nl_mode->nla_type == NL80211_IFTYPE_AP) {
1235 info->ap_supported = 1;
1241 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) {
1242 struct nlattr *nl_cmd;
1245 nla_for_each_nested(nl_cmd,
1246 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) {
1247 u32 cmd = nla_get_u32(nl_cmd);
1248 if (cmd == NL80211_CMD_AUTHENTICATE)
1249 info->auth_supported = 1;
1250 else if (cmd == NL80211_CMD_CONNECT)
1251 info->connect_supported = 1;
1259 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
1260 struct wiphy_info_data *info)
1264 os_memset(info, 0, sizeof(*info));
1265 msg = nlmsg_alloc();
1269 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1270 0, NL80211_CMD_GET_WIPHY, 0);
1272 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex);
1274 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0)
1283 static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
1285 struct wiphy_info_data info;
1286 if (wpa_driver_nl80211_get_info(drv, &info))
1288 drv->has_capability = 1;
1289 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
1290 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1291 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
1292 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1293 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1294 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
1295 WPA_DRIVER_CAPA_ENC_WEP104 |
1296 WPA_DRIVER_CAPA_ENC_TKIP |
1297 WPA_DRIVER_CAPA_ENC_CCMP;
1298 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1299 WPA_DRIVER_AUTH_SHARED |
1300 WPA_DRIVER_AUTH_LEAP;
1302 drv->capa.max_scan_ssids = info.max_scan_ssids;
1303 if (info.ap_supported)
1304 drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
1306 if (info.auth_supported)
1307 drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
1308 else if (!info.connect_supported) {
1309 wpa_printf(MSG_INFO, "nl80211: Driver does not support "
1310 "authentication/association or connect commands");
1314 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE;
1315 drv->capa.max_remain_on_chan = 5000;
1319 #endif /* HOSTAPD */
1322 static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv)
1326 /* Initialize generic netlink and nl80211 */
1328 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1329 if (drv->nl_cb == NULL) {
1330 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1335 drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb);
1336 if (drv->nl_handle == NULL) {
1337 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1342 drv->nl_handle_event = nl_handle_alloc_cb(drv->nl_cb);
1343 if (drv->nl_handle_event == NULL) {
1344 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1345 "callbacks (event)");
1349 if (genl_connect(drv->nl_handle)) {
1350 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1355 if (genl_connect(drv->nl_handle_event)) {
1356 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1361 #ifdef CONFIG_LIBNL20
1362 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) {
1363 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1367 if (genl_ctrl_alloc_cache(drv->nl_handle_event, &drv->nl_cache_event) <
1369 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1370 "netlink cache (event)");
1373 #else /* CONFIG_LIBNL20 */
1374 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
1375 if (drv->nl_cache == NULL) {
1376 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1380 drv->nl_cache_event = genl_ctrl_alloc_cache(drv->nl_handle_event);
1381 if (drv->nl_cache_event == NULL) {
1382 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1383 "netlink cache (event)");
1386 #endif /* CONFIG_LIBNL20 */
1388 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
1389 if (drv->nl80211 == NULL) {
1390 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
1395 ret = nl_get_multicast_id(drv, "nl80211", "scan");
1397 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1399 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1400 "membership for scan events: %d (%s)",
1401 ret, strerror(-ret));
1405 ret = nl_get_multicast_id(drv, "nl80211", "mlme");
1407 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1409 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1410 "membership for mlme events: %d (%s)",
1411 ret, strerror(-ret));
1415 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_event),
1416 wpa_driver_nl80211_event_receive, drv, NULL);
1421 nl_cache_free(drv->nl_cache_event);
1423 nl_cache_free(drv->nl_cache);
1425 nl_handle_destroy(drv->nl_handle_event);
1427 nl_handle_destroy(drv->nl_handle);
1429 nl_cb_put(drv->nl_cb);
1435 static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
1437 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
1439 * This may be for any interface; use ifdown event to disable
1445 static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
1447 struct wpa_driver_nl80211_data *drv = ctx;
1448 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
1449 if (linux_set_iface_flags(drv->ioctl_sock, drv->first_bss.ifname, 1)) {
1450 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
1451 "after rfkill unblock");
1454 /* rtnetlink ifup handler will report interface as enabled */
1459 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
1460 * @ctx: context to be used when calling wpa_supplicant functions,
1461 * e.g., wpa_supplicant_event()
1462 * @ifname: interface name, e.g., wlan0
1463 * Returns: Pointer to private data, %NULL on failure
1465 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname)
1467 struct wpa_driver_nl80211_data *drv;
1468 struct netlink_config *cfg;
1469 struct rfkill_config *rcfg;
1470 struct i802_bss *bss;
1472 drv = os_zalloc(sizeof(*drv));
1476 bss = &drv->first_bss;
1478 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
1479 drv->monitor_ifidx = -1;
1480 drv->monitor_sock = -1;
1481 drv->ioctl_sock = -1;
1483 if (wpa_driver_nl80211_init_nl(drv)) {
1488 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1489 if (drv->ioctl_sock < 0) {
1490 perror("socket(PF_INET,SOCK_DGRAM)");
1494 cfg = os_zalloc(sizeof(*cfg));
1498 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
1499 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
1500 drv->netlink = netlink_init(cfg);
1501 if (drv->netlink == NULL) {
1506 rcfg = os_zalloc(sizeof(*rcfg));
1510 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
1511 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
1512 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
1513 drv->rfkill = rfkill_init(rcfg);
1514 if (drv->rfkill == NULL) {
1515 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
1519 if (wpa_driver_nl80211_finish_drv_init(drv))
1525 rfkill_deinit(drv->rfkill);
1526 netlink_deinit(drv->netlink);
1527 if (drv->ioctl_sock >= 0)
1528 close(drv->ioctl_sock);
1530 genl_family_put(drv->nl80211);
1531 nl_cache_free(drv->nl_cache);
1532 nl_handle_destroy(drv->nl_handle);
1533 nl_cb_put(drv->nl_cb);
1534 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event));
1541 static int nl80211_register_action_frame(struct wpa_driver_nl80211_data *drv,
1542 const u8 *match, size_t match_len)
1547 msg = nlmsg_alloc();
1551 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1552 NL80211_CMD_REGISTER_ACTION, 0);
1554 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1555 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match);
1557 ret = send_and_recv(drv, drv->nl_handle_event, msg, NULL, NULL);
1560 wpa_printf(MSG_DEBUG, "nl80211: Register Action command "
1561 "failed: ret=%d (%s)", ret, strerror(-ret));
1562 wpa_hexdump(MSG_DEBUG, "nl80211: Register Action match",
1564 goto nla_put_failure;
1573 static int nl80211_register_action_frames(struct wpa_driver_nl80211_data *drv)
1575 /* FT Action frames */
1576 if (nl80211_register_action_frame(drv, (u8 *) "\x06", 1) < 0)
1579 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
1580 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
1586 static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
1588 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
1593 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
1595 struct i802_bss *bss = &drv->first_bss;
1596 int send_rfkill_event = 0;
1598 drv->ifindex = if_nametoindex(bss->ifname);
1599 drv->first_bss.ifindex = drv->ifindex;
1602 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA) < 0) {
1603 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to "
1604 "use managed mode");
1607 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) {
1608 if (rfkill_is_blocked(drv->rfkill)) {
1609 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
1610 "interface '%s' due to rfkill",
1612 drv->if_disabled = 1;
1613 send_rfkill_event = 1;
1615 wpa_printf(MSG_ERROR, "nl80211: Could not set "
1616 "interface '%s' UP", bss->ifname);
1621 if (wpa_driver_nl80211_capa(drv))
1624 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
1625 1, IF_OPER_DORMANT);
1626 #endif /* HOSTAPD */
1628 if (nl80211_register_action_frames(drv) < 0) {
1629 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
1630 "frame processing - ignore for now");
1632 * Older kernel versions did not support this, so ignore the
1633 * error for now. Some functionality may not be available
1638 if (send_rfkill_event) {
1639 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
1647 static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
1651 msg = nlmsg_alloc();
1655 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1656 0, NL80211_CMD_DEL_BEACON, 0);
1657 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1659 return send_and_recv_msgs(drv, msg, NULL, NULL);
1666 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
1667 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init()
1669 * Shut down driver interface and processing of driver events. Free
1670 * private data buffer if one was allocated in wpa_driver_nl80211_init().
1672 static void wpa_driver_nl80211_deinit(void *priv)
1674 struct i802_bss *bss = priv;
1675 struct wpa_driver_nl80211_data *drv = bss->drv;
1677 if (drv->added_if_into_bridge) {
1678 if (linux_br_del_if(drv->ioctl_sock, drv->brname, bss->ifname)
1680 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
1681 "interface %s from bridge %s: %s",
1682 bss->ifname, drv->brname, strerror(errno));
1684 if (drv->added_bridge) {
1685 if (linux_br_del(drv->ioctl_sock, drv->brname) < 0)
1686 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
1688 drv->brname, strerror(errno));
1691 nl80211_remove_monitor_interface(drv);
1693 if (drv->nlmode == NL80211_IFTYPE_AP)
1694 wpa_driver_nl80211_del_beacon(drv);
1697 if (drv->last_freq_ht) {
1698 /* Clear HT flags from the driver */
1699 struct hostapd_freq_params freq;
1700 os_memset(&freq, 0, sizeof(freq));
1701 freq.freq = drv->last_freq;
1702 i802_set_freq(priv, &freq);
1705 if (drv->eapol_sock >= 0) {
1706 eloop_unregister_read_sock(drv->eapol_sock);
1707 close(drv->eapol_sock);
1710 if (drv->if_indices != drv->default_if_indices)
1711 os_free(drv->if_indices);
1712 #endif /* HOSTAPD */
1714 if (drv->disable_11b_rates)
1715 nl80211_disable_11b_rates(drv, drv->ifindex, 0);
1717 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP);
1718 netlink_deinit(drv->netlink);
1719 rfkill_deinit(drv->rfkill);
1721 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1723 (void) linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0);
1724 wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA);
1726 if (drv->ioctl_sock >= 0)
1727 close(drv->ioctl_sock);
1729 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event));
1730 genl_family_put(drv->nl80211);
1731 nl_cache_free(drv->nl_cache);
1732 nl_cache_free(drv->nl_cache_event);
1733 nl_handle_destroy(drv->nl_handle);
1734 nl_handle_destroy(drv->nl_handle_event);
1735 nl_cb_put(drv->nl_cb);
1737 eloop_cancel_timeout(wpa_driver_nl80211_probe_req_report_timeout,
1740 os_free(drv->filter_ssids);
1747 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
1748 * @eloop_ctx: Driver private data
1749 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
1751 * This function can be used as registered timeout when starting a scan to
1752 * generate a scan completed event if the driver does not report this.
1754 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1756 struct wpa_driver_nl80211_data *drv = eloop_ctx;
1757 if (drv->ap_scan_as_station) {
1758 wpa_driver_nl80211_set_mode(&drv->first_bss,
1760 drv->ap_scan_as_station = 0;
1762 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1763 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1768 * wpa_driver_nl80211_scan - Request the driver to initiate scan
1769 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
1770 * @params: Scan parameters
1771 * Returns: 0 on success, -1 on failure
1773 static int wpa_driver_nl80211_scan(void *priv,
1774 struct wpa_driver_scan_params *params)
1776 struct i802_bss *bss = priv;
1777 struct wpa_driver_nl80211_data *drv = bss->drv;
1778 int ret = 0, timeout;
1779 struct nl_msg *msg, *ssids, *freqs;
1782 msg = nlmsg_alloc();
1783 ssids = nlmsg_alloc();
1784 freqs = nlmsg_alloc();
1785 if (!msg || !ssids || !freqs) {
1792 os_free(drv->filter_ssids);
1793 drv->filter_ssids = params->filter_ssids;
1794 params->filter_ssids = NULL;
1795 drv->num_filter_ssids = params->num_filter_ssids;
1797 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1798 NL80211_CMD_TRIGGER_SCAN, 0);
1800 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1802 for (i = 0; i < params->num_ssids; i++) {
1803 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID",
1804 params->ssids[i].ssid,
1805 params->ssids[i].ssid_len);
1806 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
1807 params->ssids[i].ssid);
1809 if (params->num_ssids)
1810 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
1812 if (params->extra_ies) {
1813 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan extra IEs",
1814 params->extra_ies, params->extra_ies_len);
1815 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
1819 if (params->freqs) {
1820 for (i = 0; params->freqs[i]; i++) {
1821 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
1822 "MHz", params->freqs[i]);
1823 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
1825 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
1828 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1831 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
1832 "(%s)", ret, strerror(-ret));
1834 if (drv->nlmode == NL80211_IFTYPE_AP) {
1836 * mac80211 does not allow scan requests in AP mode, so
1837 * try to do this in station mode.
1839 if (wpa_driver_nl80211_set_mode(bss,
1840 IEEE80211_MODE_INFRA))
1841 goto nla_put_failure;
1843 if (wpa_driver_nl80211_scan(drv, params)) {
1844 wpa_driver_nl80211_set_mode(bss,
1846 goto nla_put_failure;
1849 /* Restore AP mode when processing scan results */
1850 drv->ap_scan_as_station = 1;
1853 goto nla_put_failure;
1855 goto nla_put_failure;
1856 #endif /* HOSTAPD */
1859 /* Not all drivers generate "scan completed" wireless event, so try to
1860 * read results after a timeout. */
1862 if (drv->scan_complete_events) {
1864 * The driver seems to deliver events to notify when scan is
1865 * complete, so use longer timeout to avoid race conditions
1866 * with scanning and following association request.
1870 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1871 "seconds", ret, timeout);
1872 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1873 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
1884 static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie)
1886 const u8 *end, *pos;
1892 end = ies + ies_len;
1894 while (pos + 1 < end) {
1895 if (pos + 2 + pos[1] > end)
1906 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
1907 const u8 *ie, size_t ie_len)
1912 if (drv->filter_ssids == NULL)
1915 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID);
1919 for (i = 0; i < drv->num_filter_ssids; i++) {
1920 if (ssid[1] == drv->filter_ssids[i].ssid_len &&
1921 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
1930 struct nl80211_bss_info_arg {
1931 struct wpa_driver_nl80211_data *drv;
1932 struct wpa_scan_results *res;
1935 static int bss_info_handler(struct nl_msg *msg, void *arg)
1937 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1938 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1939 struct nlattr *bss[NL80211_BSS_MAX + 1];
1940 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
1941 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
1942 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
1943 [NL80211_BSS_TSF] = { .type = NLA_U64 },
1944 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
1945 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
1946 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
1947 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
1948 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
1949 [NL80211_BSS_STATUS] = { .type = NLA_U32 },
1950 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
1951 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
1953 struct nl80211_bss_info_arg *_arg = arg;
1954 struct wpa_scan_results *res = _arg->res;
1955 struct wpa_scan_res **tmp;
1956 struct wpa_scan_res *r;
1957 const u8 *ie, *beacon_ie;
1958 size_t ie_len, beacon_ie_len;
1961 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1962 genlmsg_attrlen(gnlh, 0), NULL);
1963 if (!tb[NL80211_ATTR_BSS])
1965 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
1968 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
1969 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1970 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1975 if (bss[NL80211_BSS_BEACON_IES]) {
1976 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
1977 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
1983 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie,
1984 ie ? ie_len : beacon_ie_len))
1987 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
1990 if (bss[NL80211_BSS_BSSID])
1991 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
1993 if (bss[NL80211_BSS_FREQUENCY])
1994 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
1995 if (bss[NL80211_BSS_BEACON_INTERVAL])
1996 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
1997 if (bss[NL80211_BSS_CAPABILITY])
1998 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
1999 r->flags |= WPA_SCAN_NOISE_INVALID;
2000 if (bss[NL80211_BSS_SIGNAL_MBM]) {
2001 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
2002 r->level /= 100; /* mBm to dBm */
2003 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
2004 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
2005 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
2006 r->flags |= WPA_SCAN_LEVEL_INVALID;
2008 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
2009 if (bss[NL80211_BSS_TSF])
2010 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
2011 if (bss[NL80211_BSS_SEEN_MS_AGO])
2012 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
2014 pos = (u8 *) (r + 1);
2016 os_memcpy(pos, ie, ie_len);
2019 r->beacon_ie_len = beacon_ie_len;
2021 os_memcpy(pos, beacon_ie, beacon_ie_len);
2023 if (bss[NL80211_BSS_STATUS]) {
2024 enum nl80211_bss_status status;
2025 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
2027 case NL80211_BSS_STATUS_AUTHENTICATED:
2028 r->flags |= WPA_SCAN_AUTHENTICATED;
2030 case NL80211_BSS_STATUS_ASSOCIATED:
2031 r->flags |= WPA_SCAN_ASSOCIATED;
2038 tmp = os_realloc(res->res,
2039 (res->num + 1) * sizeof(struct wpa_scan_res *));
2044 tmp[res->num++] = r;
2051 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
2054 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
2055 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
2056 "mismatch (" MACSTR ")", MAC2STR(addr));
2057 wpa_driver_nl80211_mlme(drv, addr,
2058 NL80211_CMD_DEAUTHENTICATE,
2059 WLAN_REASON_PREV_AUTH_NOT_VALID, 1);
2064 static void wpa_driver_nl80211_check_bss_status(
2065 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
2069 for (i = 0; i < res->num; i++) {
2070 struct wpa_scan_res *r = res->res[i];
2071 if (r->flags & WPA_SCAN_AUTHENTICATED) {
2072 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
2073 "indicates BSS status with " MACSTR
2074 " as authenticated",
2076 if (drv->nlmode == NL80211_IFTYPE_STATION &&
2077 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 &&
2078 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) !=
2080 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID"
2081 " in local state (auth=" MACSTR
2082 " assoc=" MACSTR ")",
2083 MAC2STR(drv->auth_bssid),
2084 MAC2STR(drv->bssid));
2085 clear_state_mismatch(drv, r->bssid);
2089 if (r->flags & WPA_SCAN_ASSOCIATED) {
2090 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
2091 "indicate BSS status with " MACSTR
2094 if (drv->nlmode == NL80211_IFTYPE_STATION &&
2096 wpa_printf(MSG_DEBUG, "nl80211: Local state "
2097 "(not associated) does not match "
2099 clear_state_mismatch(drv, r->bssid);
2100 } else if (drv->nlmode == NL80211_IFTYPE_STATION &&
2101 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) !=
2103 wpa_printf(MSG_DEBUG, "nl80211: Local state "
2104 "(associated with " MACSTR ") does "
2105 "not match with BSS state",
2106 MAC2STR(drv->bssid));
2107 clear_state_mismatch(drv, r->bssid);
2108 clear_state_mismatch(drv, drv->bssid);
2115 static void wpa_scan_results_free(struct wpa_scan_results *res)
2122 for (i = 0; i < res->num; i++)
2123 os_free(res->res[i]);
2129 static struct wpa_scan_results *
2130 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv)
2133 struct wpa_scan_results *res;
2135 struct nl80211_bss_info_arg arg;
2137 res = os_zalloc(sizeof(*res));
2140 msg = nlmsg_alloc();
2142 goto nla_put_failure;
2144 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP,
2145 NL80211_CMD_GET_SCAN, 0);
2146 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2150 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
2153 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)",
2154 (unsigned long) res->num);
2157 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
2158 "(%s)", ret, strerror(-ret));
2161 wpa_scan_results_free(res);
2167 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
2168 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
2169 * Returns: Scan results on success, -1 on failure
2171 static struct wpa_scan_results *
2172 wpa_driver_nl80211_get_scan_results(void *priv)
2174 struct i802_bss *bss = priv;
2175 struct wpa_driver_nl80211_data *drv = bss->drv;
2176 struct wpa_scan_results *res;
2178 res = nl80211_get_scan_results(drv);
2180 wpa_driver_nl80211_check_bss_status(drv, res);
2185 static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv)
2187 struct wpa_scan_results *res;
2190 res = nl80211_get_scan_results(drv);
2192 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results");
2196 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump");
2197 for (i = 0; i < res->num; i++) {
2198 struct wpa_scan_res *r = res->res[i];
2199 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s",
2200 (int) i, (int) res->num, MAC2STR(r->bssid),
2201 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "",
2202 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : "");
2205 wpa_scan_results_free(res);
2209 static int wpa_driver_nl80211_set_key(const char *ifname, void *priv,
2210 enum wpa_alg alg, const u8 *addr,
2211 int key_idx, int set_tx,
2212 const u8 *seq, size_t seq_len,
2213 const u8 *key, size_t key_len)
2215 struct i802_bss *bss = priv;
2216 struct wpa_driver_nl80211_data *drv = bss->drv;
2217 int ifindex = if_nametoindex(ifname);
2221 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d "
2222 "set_tx=%d seq_len=%lu key_len=%lu",
2223 __func__, ifindex, alg, addr, key_idx, set_tx,
2224 (unsigned long) seq_len, (unsigned long) key_len);
2226 msg = nlmsg_alloc();
2230 if (alg == WPA_ALG_NONE) {
2231 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2232 0, NL80211_CMD_DEL_KEY, 0);
2234 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2235 0, NL80211_CMD_NEW_KEY, 0);
2236 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
2240 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2241 WLAN_CIPHER_SUITE_WEP40);
2243 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2244 WLAN_CIPHER_SUITE_WEP104);
2247 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2248 WLAN_CIPHER_SUITE_TKIP);
2251 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2252 WLAN_CIPHER_SUITE_CCMP);
2255 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2256 WLAN_CIPHER_SUITE_AES_CMAC);
2259 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
2260 "algorithm %d", __func__, alg);
2267 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
2269 if (addr && os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
2271 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
2272 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
2274 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
2275 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
2277 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2278 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
2281 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
2282 ret, strerror(-ret));
2285 * If we failed or don't need to set the default TX key (below),
2288 if (ret || !set_tx || alg == WPA_ALG_NONE)
2294 if (drv->nlmode == NL80211_IFTYPE_AP && addr)
2296 #endif /* HOSTAPD */
2298 msg = nlmsg_alloc();
2302 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2303 0, NL80211_CMD_SET_KEY, 0);
2304 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
2305 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
2306 if (alg == WPA_ALG_IGTK)
2307 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
2309 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
2311 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2315 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
2316 "err=%d %s)", ret, strerror(-ret));
2324 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
2325 int key_idx, int defkey,
2326 const u8 *seq, size_t seq_len,
2327 const u8 *key, size_t key_len)
2329 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
2333 if (defkey && alg == WPA_ALG_IGTK)
2334 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT);
2336 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
2338 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx);
2343 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2344 WLAN_CIPHER_SUITE_WEP40);
2346 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2347 WLAN_CIPHER_SUITE_WEP104);
2350 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP);
2353 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP);
2356 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2357 WLAN_CIPHER_SUITE_AES_CMAC);
2360 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
2361 "algorithm %d", __func__, alg);
2366 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq);
2368 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key);
2370 nla_nest_end(msg, key_attr);
2378 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
2382 struct nlattr *nl_keys, *nl_key;
2384 for (i = 0; i < 4; i++) {
2385 if (!params->wep_key[i])
2393 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
2395 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
2397 goto nla_put_failure;
2399 for (i = 0; i < 4; i++) {
2400 if (!params->wep_key[i])
2403 nl_key = nla_nest_start(msg, i);
2405 goto nla_put_failure;
2407 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i],
2408 params->wep_key[i]);
2409 if (params->wep_key_len[i] == 5)
2410 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2411 WLAN_CIPHER_SUITE_WEP40);
2413 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2414 WLAN_CIPHER_SUITE_WEP104);
2416 NLA_PUT_U8(msg, NL80211_KEY_IDX, i);
2418 if (i == params->wep_tx_keyidx)
2419 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
2421 nla_nest_end(msg, nl_key);
2423 nla_nest_end(msg, nl_keys);
2432 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
2433 const u8 *addr, int cmd, u16 reason_code,
2434 int local_state_change)
2439 msg = nlmsg_alloc();
2443 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0);
2445 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2446 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
2447 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
2448 if (local_state_change)
2449 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
2451 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2454 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
2455 "(%s)", ret, strerror(-ret));
2456 goto nla_put_failure;
2466 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
2467 const u8 *addr, int reason_code)
2469 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
2470 __func__, MAC2STR(addr), reason_code);
2471 drv->associated = 0;
2472 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT,
2477 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
2480 struct i802_bss *bss = priv;
2481 struct wpa_driver_nl80211_data *drv = bss->drv;
2482 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
2483 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
2484 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
2485 __func__, MAC2STR(addr), reason_code);
2486 drv->associated = 0;
2487 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
2492 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
2495 struct i802_bss *bss = priv;
2496 struct wpa_driver_nl80211_data *drv = bss->drv;
2497 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
2498 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
2499 wpa_printf(MSG_DEBUG, "%s", __func__);
2500 drv->associated = 0;
2501 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE,
2506 static int wpa_driver_nl80211_authenticate(
2507 void *priv, struct wpa_driver_auth_params *params)
2509 struct i802_bss *bss = priv;
2510 struct wpa_driver_nl80211_data *drv = bss->drv;
2513 enum nl80211_auth_type type;
2516 drv->associated = 0;
2517 os_memset(drv->auth_bssid, 0, ETH_ALEN);
2518 /* FIX: IBSS mode */
2519 if (drv->nlmode != NL80211_IFTYPE_STATION)
2520 wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA);
2522 if (wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA) < 0)
2526 msg = nlmsg_alloc();
2530 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
2533 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2534 NL80211_CMD_AUTHENTICATE, 0);
2536 for (i = 0; i < 4; i++) {
2537 if (!params->wep_key[i])
2539 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP,
2541 i == params->wep_tx_keyidx, NULL, 0,
2543 params->wep_key_len[i]);
2544 if (params->wep_tx_keyidx != i)
2546 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
2547 params->wep_key[i], params->wep_key_len[i])) {
2553 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2554 if (params->bssid) {
2555 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
2556 MAC2STR(params->bssid));
2557 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
2560 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
2561 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
2564 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
2565 params->ssid, params->ssid_len);
2566 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
2569 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
2571 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
2572 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
2573 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
2574 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
2575 type = NL80211_AUTHTYPE_SHARED_KEY;
2576 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
2577 type = NL80211_AUTHTYPE_NETWORK_EAP;
2578 else if (params->auth_alg & WPA_AUTH_ALG_FT)
2579 type = NL80211_AUTHTYPE_FT;
2581 goto nla_put_failure;
2582 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
2583 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
2584 if (params->local_state_change) {
2585 wpa_printf(MSG_DEBUG, " * Local state change only");
2586 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
2589 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2592 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
2593 "(%s)", ret, strerror(-ret));
2595 if (ret == -EALREADY && count == 1 && params->bssid &&
2596 !params->local_state_change) {
2598 * mac80211 does not currently accept new
2599 * authentication if we are already authenticated. As a
2600 * workaround, force deauthentication and try again.
2602 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
2603 "after forced deauthentication");
2604 wpa_driver_nl80211_deauthenticate(
2606 WLAN_REASON_PREV_AUTH_NOT_VALID);
2610 goto nla_put_failure;
2613 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
2622 struct phy_info_arg {
2624 struct hostapd_hw_modes *modes;
2627 static int phy_info_handler(struct nl_msg *msg, void *arg)
2629 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
2630 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2631 struct phy_info_arg *phy_info = arg;
2633 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
2635 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
2636 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
2637 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
2638 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
2639 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
2640 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
2641 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
2642 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
2645 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
2646 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
2647 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
2648 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
2651 struct nlattr *nl_band;
2652 struct nlattr *nl_freq;
2653 struct nlattr *nl_rate;
2654 int rem_band, rem_freq, rem_rate;
2655 struct hostapd_hw_modes *mode;
2656 int idx, mode_is_set;
2658 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2659 genlmsg_attrlen(gnlh, 0), NULL);
2661 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
2664 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
2665 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
2668 phy_info->modes = mode;
2672 mode = &phy_info->modes[*(phy_info->num_modes)];
2673 memset(mode, 0, sizeof(*mode));
2674 *(phy_info->num_modes) += 1;
2676 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
2677 nla_len(nl_band), NULL);
2679 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) {
2680 mode->ht_capab = nla_get_u16(
2681 tb_band[NL80211_BAND_ATTR_HT_CAPA]);
2684 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) {
2685 mode->a_mpdu_params |= nla_get_u8(
2686 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) &
2690 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) {
2691 mode->a_mpdu_params |= nla_get_u8(
2692 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) <<
2696 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] &&
2697 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) {
2699 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]);
2700 os_memcpy(mode->mcs_set, mcs, 16);
2703 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
2704 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
2705 nla_len(nl_freq), freq_policy);
2706 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
2708 mode->num_channels++;
2711 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data));
2712 if (!mode->channels)
2717 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
2718 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
2719 nla_len(nl_freq), freq_policy);
2720 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
2723 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
2724 mode->channels[idx].flag = 0;
2727 /* crude heuristic */
2728 if (mode->channels[idx].freq < 4000)
2729 mode->mode = HOSTAPD_MODE_IEEE80211B;
2731 mode->mode = HOSTAPD_MODE_IEEE80211A;
2735 /* crude heuristic */
2736 if (mode->channels[idx].freq < 4000)
2737 if (mode->channels[idx].freq == 2484)
2738 mode->channels[idx].chan = 14;
2740 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
2742 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
2744 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
2745 mode->channels[idx].flag |=
2746 HOSTAPD_CHAN_DISABLED;
2747 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
2748 mode->channels[idx].flag |=
2749 HOSTAPD_CHAN_PASSIVE_SCAN;
2750 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
2751 mode->channels[idx].flag |=
2752 HOSTAPD_CHAN_NO_IBSS;
2753 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
2754 mode->channels[idx].flag |=
2757 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] &&
2758 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
2759 mode->channels[idx].max_tx_power =
2760 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100;
2765 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
2766 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
2767 nla_len(nl_rate), rate_policy);
2768 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
2773 mode->rates = os_zalloc(mode->num_rates * sizeof(int));
2779 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
2780 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
2781 nla_len(nl_rate), rate_policy);
2782 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
2784 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
2786 /* crude heuristic */
2787 if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
2788 mode->rates[idx] > 200)
2789 mode->mode = HOSTAPD_MODE_IEEE80211G;
2798 static struct hostapd_hw_modes *
2799 wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes)
2802 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
2803 int i, mode11g_idx = -1;
2805 /* If only 802.11g mode is included, use it to construct matching
2806 * 802.11b mode data. */
2808 for (m = 0; m < *num_modes; m++) {
2809 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
2810 return modes; /* 802.11b already included */
2811 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
2815 if (mode11g_idx < 0)
2816 return modes; /* 2.4 GHz band not supported at all */
2818 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes));
2820 return modes; /* Could not add 802.11b mode */
2822 mode = &nmodes[*num_modes];
2823 os_memset(mode, 0, sizeof(*mode));
2827 mode->mode = HOSTAPD_MODE_IEEE80211B;
2829 mode11g = &modes[mode11g_idx];
2830 mode->num_channels = mode11g->num_channels;
2831 mode->channels = os_malloc(mode11g->num_channels *
2832 sizeof(struct hostapd_channel_data));
2833 if (mode->channels == NULL) {
2835 return modes; /* Could not add 802.11b mode */
2837 os_memcpy(mode->channels, mode11g->channels,
2838 mode11g->num_channels * sizeof(struct hostapd_channel_data));
2840 mode->num_rates = 0;
2841 mode->rates = os_malloc(4 * sizeof(int));
2842 if (mode->rates == NULL) {
2843 os_free(mode->channels);
2845 return modes; /* Could not add 802.11b mode */
2848 for (i = 0; i < mode11g->num_rates; i++) {
2849 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 &&
2850 mode11g->rates[i] != 55 && mode11g->rates[i] != 110)
2852 mode->rates[mode->num_rates] = mode11g->rates[i];
2854 if (mode->num_rates == 4)
2858 if (mode->num_rates == 0) {
2859 os_free(mode->channels);
2860 os_free(mode->rates);
2862 return modes; /* No 802.11b rates */
2865 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
2872 static struct hostapd_hw_modes *
2873 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
2875 struct i802_bss *bss = priv;
2876 struct wpa_driver_nl80211_data *drv = bss->drv;
2878 struct phy_info_arg result = {
2879 .num_modes = num_modes,
2886 msg = nlmsg_alloc();
2890 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2891 0, NL80211_CMD_GET_WIPHY, 0);
2893 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2895 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0)
2896 return wpa_driver_nl80211_add_11b(result.modes, num_modes);
2902 static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv,
2903 const void *data, size_t len,
2907 0x00, 0x00, /* radiotap version */
2908 0x0e, 0x00, /* radiotap length */
2909 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
2910 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
2912 0x00, 0x00, /* RX and TX flags to indicate that */
2913 0x00, 0x00, /* this is the injected frame directly */
2915 struct iovec iov[2] = {
2917 .iov_base = &rtap_hdr,
2918 .iov_len = sizeof(rtap_hdr),
2921 .iov_base = (void *) data,
2925 struct msghdr msg = {
2930 .msg_control = NULL,
2931 .msg_controllen = 0,
2936 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
2938 return sendmsg(drv->monitor_sock, &msg, 0);
2942 static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data,
2945 struct i802_bss *bss = priv;
2946 struct wpa_driver_nl80211_data *drv = bss->drv;
2947 struct ieee80211_mgmt *mgmt;
2951 mgmt = (struct ieee80211_mgmt *) data;
2952 fc = le_to_host16(mgmt->frame_control);
2954 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
2955 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
2957 * Only one of the authentication frame types is encrypted.
2958 * In order for static WEP encryption to work properly (i.e.,
2959 * to not encrypt the frame), we need to tell mac80211 about
2960 * the frames that must not be encrypted.
2962 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
2963 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
2964 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
2968 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt);
2972 static int wpa_driver_nl80211_set_beacon(void *priv,
2973 const u8 *head, size_t head_len,
2974 const u8 *tail, size_t tail_len,
2975 int dtim_period, int beacon_int)
2977 struct i802_bss *bss = priv;
2978 struct wpa_driver_nl80211_data *drv = bss->drv;
2980 u8 cmd = NL80211_CMD_NEW_BEACON;
2983 int ifindex = if_nametoindex(bss->ifname);
2985 beacon_set = bss->beacon_set;
2987 msg = nlmsg_alloc();
2991 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
2994 cmd = NL80211_CMD_SET_BEACON;
2996 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2998 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
2999 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
3000 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
3001 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, beacon_int);
3002 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period);
3004 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3006 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
3007 ret, strerror(-ret));
3009 bss->beacon_set = 1;
3017 static int wpa_driver_nl80211_set_freq(struct wpa_driver_nl80211_data *drv,
3018 int freq, int ht_enabled,
3019 int sec_channel_offset)
3024 msg = nlmsg_alloc();
3028 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3029 NL80211_CMD_SET_WIPHY, 0);
3031 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3032 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
3034 switch (sec_channel_offset) {
3036 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3037 NL80211_CHAN_HT40MINUS);
3040 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3041 NL80211_CHAN_HT40PLUS);
3044 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3050 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3053 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
3054 "%d (%s)", freq, ret, strerror(-ret));
3060 static int wpa_driver_nl80211_sta_add(void *priv,
3061 struct hostapd_sta_add_params *params)
3063 struct i802_bss *bss = priv;
3064 struct wpa_driver_nl80211_data *drv = bss->drv;
3068 msg = nlmsg_alloc();
3072 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3073 0, NL80211_CMD_NEW_STATION, 0);
3075 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
3076 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
3077 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
3078 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
3079 params->supp_rates);
3080 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
3081 params->listen_interval);
3082 if (params->ht_capabilities) {
3083 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
3084 sizeof(*params->ht_capabilities),
3085 params->ht_capabilities);
3088 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3090 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION "
3091 "result: %d (%s)", ret, strerror(-ret));
3099 static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr)
3101 struct i802_bss *bss = priv;
3102 struct wpa_driver_nl80211_data *drv = bss->drv;
3106 msg = nlmsg_alloc();
3110 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3111 0, NL80211_CMD_DEL_STATION, 0);
3113 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3114 if_nametoindex(bss->ifname));
3115 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3117 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3126 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
3131 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
3134 /* stop listening for EAPOL on this interface */
3135 del_ifidx(drv, ifidx);
3136 #endif /* HOSTAPD */
3138 msg = nlmsg_alloc();
3140 goto nla_put_failure;
3142 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3143 0, NL80211_CMD_DEL_INTERFACE, 0);
3144 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
3146 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
3149 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
3153 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
3155 enum nl80211_iftype iftype,
3156 const u8 *addr, int wds)
3158 struct nl_msg *msg, *flags = NULL;
3162 msg = nlmsg_alloc();
3166 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3167 0, NL80211_CMD_NEW_INTERFACE, 0);
3168 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3169 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
3170 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
3172 if (iftype == NL80211_IFTYPE_MONITOR) {
3175 flags = nlmsg_alloc();
3177 goto nla_put_failure;
3179 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
3181 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
3186 goto nla_put_failure;
3188 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds);
3191 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3194 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
3195 ifname, ret, strerror(-ret));
3199 ifidx = if_nametoindex(ifname);
3200 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
3207 /* start listening for EAPOL on this interface */
3208 add_ifidx(drv, ifidx);
3209 #endif /* HOSTAPD */
3211 if (addr && iftype != NL80211_IFTYPE_MONITOR &&
3212 linux_set_ifhwaddr(drv->ioctl_sock, ifname, addr)) {
3213 nl80211_remove_iface(drv, ifidx);
3221 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
3222 const char *ifname, enum nl80211_iftype iftype,
3223 const u8 *addr, int wds)
3227 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds);
3229 /* if error occured and interface exists already */
3230 if (ret == -ENFILE && if_nametoindex(ifname)) {
3231 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
3233 /* Try to remove the interface that was already there. */
3234 nl80211_remove_iface(drv, if_nametoindex(ifname));
3236 /* Try to create the interface again */
3237 ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
3241 if (ret >= 0 && drv->disable_11b_rates)
3242 nl80211_disable_11b_rates(drv, ret, 1);
3248 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
3250 struct ieee80211_hdr *hdr;
3252 union wpa_event_data event;
3254 hdr = (struct ieee80211_hdr *) buf;
3255 fc = le_to_host16(hdr->frame_control);
3257 os_memset(&event, 0, sizeof(event));
3258 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
3259 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
3260 event.tx_status.dst = hdr->addr1;
3261 event.tx_status.data = buf;
3262 event.tx_status.data_len = len;
3263 event.tx_status.ack = ok;
3264 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event);
3268 static void from_unknown_sta(struct wpa_driver_nl80211_data *drv,
3269 u8 *buf, size_t len)
3271 union wpa_event_data event;
3272 os_memset(&event, 0, sizeof(event));
3273 event.rx_from_unknown.frame = buf;
3274 event.rx_from_unknown.len = len;
3275 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
3279 static void handle_frame(struct wpa_driver_nl80211_data *drv,
3280 u8 *buf, size_t len, int datarate, int ssi_signal)
3282 struct ieee80211_hdr *hdr;
3284 union wpa_event_data event;
3286 hdr = (struct ieee80211_hdr *) buf;
3287 fc = le_to_host16(hdr->frame_control);
3289 switch (WLAN_FC_GET_TYPE(fc)) {
3290 case WLAN_FC_TYPE_MGMT:
3291 os_memset(&event, 0, sizeof(event));
3292 event.rx_mgmt.frame = buf;
3293 event.rx_mgmt.frame_len = len;
3294 event.rx_mgmt.datarate = datarate;
3295 event.rx_mgmt.ssi_signal = ssi_signal;
3296 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
3298 case WLAN_FC_TYPE_CTRL:
3299 /* can only get here with PS-Poll frames */
3300 wpa_printf(MSG_DEBUG, "CTRL");
3301 from_unknown_sta(drv, buf, len);
3303 case WLAN_FC_TYPE_DATA:
3304 from_unknown_sta(drv, buf, len);
3310 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
3312 struct wpa_driver_nl80211_data *drv = eloop_ctx;
3314 unsigned char buf[3000];
3315 struct ieee80211_radiotap_iterator iter;
3317 int datarate = 0, ssi_signal = 0;
3318 int injected = 0, failed = 0, rxflags = 0;
3320 len = recv(sock, buf, sizeof(buf), 0);
3326 if (drv->nlmode == NL80211_IFTYPE_STATION && !drv->probe_req_report) {
3327 wpa_printf(MSG_DEBUG, "nl80211: Ignore monitor interface "
3328 "frame since Probe Request reporting is disabled");
3332 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
3333 printf("received invalid radiotap frame\n");
3338 ret = ieee80211_radiotap_iterator_next(&iter);
3342 printf("received invalid radiotap frame (%d)\n", ret);
3345 switch (iter.this_arg_index) {
3346 case IEEE80211_RADIOTAP_FLAGS:
3347 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
3350 case IEEE80211_RADIOTAP_RX_FLAGS:
3353 case IEEE80211_RADIOTAP_TX_FLAGS:
3355 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
3356 IEEE80211_RADIOTAP_F_TX_FAIL;
3358 case IEEE80211_RADIOTAP_DATA_RETRIES:
3360 case IEEE80211_RADIOTAP_CHANNEL:
3361 /* TODO: convert from freq/flags to channel number */
3363 case IEEE80211_RADIOTAP_RATE:
3364 datarate = *iter.this_arg * 5;
3366 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
3367 ssi_signal = *iter.this_arg;
3372 if (rxflags && injected)
3376 handle_frame(drv, buf + iter.max_length,
3377 len - iter.max_length, datarate, ssi_signal);
3379 handle_tx_callback(drv->ctx, buf + iter.max_length,
3380 len - iter.max_length, !failed);
3385 * we post-process the filter code later and rewrite
3386 * this to the offset to the last instruction
3391 static struct sock_filter msock_filter_insns[] = {
3393 * do a little-endian load of the radiotap length field
3395 /* load lower byte into A */
3396 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
3397 /* put it into X (== index register) */
3398 BPF_STMT(BPF_MISC| BPF_TAX, 0),
3399 /* load upper byte into A */
3400 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
3401 /* left-shift it by 8 */
3402 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
3404 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
3405 /* put result into X */
3406 BPF_STMT(BPF_MISC| BPF_TAX, 0),
3409 * Allow management frames through, this also gives us those
3410 * management frames that we sent ourselves with status
3412 /* load the lower byte of the IEEE 802.11 frame control field */
3413 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
3414 /* mask off frame type and version */
3415 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
3416 /* accept frame if it's both 0, fall through otherwise */
3417 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
3420 * TODO: add a bit to radiotap RX flags that indicates
3421 * that the sending station is not associated, then
3422 * add a filter here that filters on our DA and that flag
3423 * to allow us to deauth frames to that bad station.
3425 * Not a regression -- we didn't do it before either.
3430 * drop non-data frames
3432 /* load the lower byte of the frame control field */
3433 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
3434 /* mask off QoS bit */
3435 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
3436 /* drop non-data frames */
3437 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
3439 /* load the upper byte of the frame control field */
3440 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1),
3441 /* mask off toDS/fromDS */
3442 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
3443 /* accept WDS frames */
3444 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0),
3447 * add header length to index
3449 /* load the lower byte of the frame control field */
3450 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
3451 /* mask off QoS bit */
3452 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
3453 /* right shift it by 6 to give 0 or 2 */
3454 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
3455 /* add data frame header length */
3456 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
3457 /* add index, was start of 802.11 header */
3458 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
3459 /* move to index, now start of LL header */
3460 BPF_STMT(BPF_MISC | BPF_TAX, 0),
3463 * Accept empty data frames, we use those for
3466 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
3467 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
3470 * Accept EAPOL frames
3472 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
3473 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
3474 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
3475 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
3477 /* keep these last two statements or change the code below */
3478 /* return 0 == "DROP" */
3479 BPF_STMT(BPF_RET | BPF_K, 0),
3480 /* return ~0 == "keep all" */
3481 BPF_STMT(BPF_RET | BPF_K, ~0),
3484 static struct sock_fprog msock_filter = {
3485 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
3486 .filter = msock_filter_insns,
3490 static int add_monitor_filter(int s)
3494 /* rewrite all PASS/FAIL jump offsets */
3495 for (idx = 0; idx < msock_filter.len; idx++) {
3496 struct sock_filter *insn = &msock_filter_insns[idx];
3498 if (BPF_CLASS(insn->code) == BPF_JMP) {
3499 if (insn->code == (BPF_JMP|BPF_JA)) {
3500 if (insn->k == PASS)
3501 insn->k = msock_filter.len - idx - 2;
3502 else if (insn->k == FAIL)
3503 insn->k = msock_filter.len - idx - 3;
3506 if (insn->jt == PASS)
3507 insn->jt = msock_filter.len - idx - 2;
3508 else if (insn->jt == FAIL)
3509 insn->jt = msock_filter.len - idx - 3;
3511 if (insn->jf == PASS)
3512 insn->jf = msock_filter.len - idx - 2;
3513 else if (insn->jf == FAIL)
3514 insn->jf = msock_filter.len - idx - 3;
3518 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
3519 &msock_filter, sizeof(msock_filter))) {
3520 perror("SO_ATTACH_FILTER");
3528 static void nl80211_remove_monitor_interface(
3529 struct wpa_driver_nl80211_data *drv)
3531 if (drv->monitor_ifidx >= 0) {
3532 nl80211_remove_iface(drv, drv->monitor_ifidx);
3533 drv->monitor_ifidx = -1;
3535 if (drv->monitor_sock >= 0) {
3536 eloop_unregister_read_sock(drv->monitor_sock);
3537 close(drv->monitor_sock);
3538 drv->monitor_sock = -1;
3544 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
3547 struct sockaddr_ll ll;
3551 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname);
3552 buf[IFNAMSIZ - 1] = '\0';
3554 drv->monitor_ifidx =
3555 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL,
3558 if (drv->monitor_ifidx < 0)
3561 if (linux_set_iface_flags(drv->ioctl_sock, buf, 1))
3564 memset(&ll, 0, sizeof(ll));
3565 ll.sll_family = AF_PACKET;
3566 ll.sll_ifindex = drv->monitor_ifidx;
3567 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
3568 if (drv->monitor_sock < 0) {
3569 perror("socket[PF_PACKET,SOCK_RAW]");
3573 if (add_monitor_filter(drv->monitor_sock)) {
3574 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
3575 "interface; do filtering in user space");
3576 /* This works, but will cost in performance. */
3579 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
3580 perror("monitor socket bind");
3584 optlen = sizeof(optval);
3587 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
3588 perror("Failed to set socket priority");
3592 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
3594 printf("Could not register monitor read socket\n");
3600 nl80211_remove_monitor_interface(drv);
3605 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
3607 static int wpa_driver_nl80211_hapd_send_eapol(
3608 void *priv, const u8 *addr, const u8 *data,
3609 size_t data_len, int encrypt, const u8 *own_addr)
3611 struct i802_bss *bss = priv;
3612 struct wpa_driver_nl80211_data *drv = bss->drv;
3613 struct ieee80211_hdr *hdr;
3618 int qos = sta->flags & WPA_STA_WMM;
3623 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
3625 hdr = os_zalloc(len);
3627 printf("malloc() failed for i802_send_data(len=%lu)\n",
3628 (unsigned long) len);
3632 hdr->frame_control =
3633 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
3634 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
3636 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
3637 #if 0 /* To be enabled if qos determination is added above */
3639 hdr->frame_control |=
3640 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
3644 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
3645 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
3646 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
3647 pos = (u8 *) (hdr + 1);
3649 #if 0 /* To be enabled if qos determination is added above */
3651 /* add an empty QoS header if needed */
3658 memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
3659 pos += sizeof(rfc1042_header);
3660 WPA_PUT_BE16(pos, ETH_P_PAE);
3662 memcpy(pos, data, data_len);
3664 res = wpa_driver_nl80211_send_frame(drv, (u8 *) hdr, len, encrypt);
3666 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
3668 (unsigned long) len, errno, strerror(errno));
3676 static u32 sta_flags_nl80211(int flags)
3680 if (flags & WPA_STA_AUTHORIZED)
3681 f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
3682 if (flags & WPA_STA_WMM)
3683 f |= BIT(NL80211_STA_FLAG_WME);
3684 if (flags & WPA_STA_SHORT_PREAMBLE)
3685 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
3686 if (flags & WPA_STA_MFP)
3687 f |= BIT(NL80211_STA_FLAG_MFP);
3693 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
3695 int flags_or, int flags_and)
3697 struct i802_bss *bss = priv;
3698 struct wpa_driver_nl80211_data *drv = bss->drv;
3699 struct nl_msg *msg, *flags = NULL;
3700 struct nl80211_sta_flag_update upd;
3702 msg = nlmsg_alloc();
3706 flags = nlmsg_alloc();
3712 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3713 0, NL80211_CMD_SET_STATION, 0);
3715 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3716 if_nametoindex(bss->ifname));
3717 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3720 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
3721 * can be removed eventually.
3723 if (total_flags & WPA_STA_AUTHORIZED)
3724 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
3726 if (total_flags & WPA_STA_WMM)
3727 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
3729 if (total_flags & WPA_STA_SHORT_PREAMBLE)
3730 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
3732 if (total_flags & WPA_STA_MFP)
3733 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP);
3735 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
3736 goto nla_put_failure;
3738 os_memset(&upd, 0, sizeof(upd));
3739 upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
3740 upd.set = sta_flags_nl80211(flags_or);
3741 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
3745 return send_and_recv_msgs(drv, msg, NULL, NULL);
3752 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
3753 struct wpa_driver_associate_params *params)
3755 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode) ||
3756 wpa_driver_nl80211_set_freq(drv, params->freq, 0, 0)) {
3757 nl80211_remove_monitor_interface(drv);
3761 /* TODO: setup monitor interface (and add code somewhere to remove this
3762 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */
3768 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv)
3773 msg = nlmsg_alloc();
3777 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3778 NL80211_CMD_LEAVE_IBSS, 0);
3779 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3780 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3783 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
3784 "(%s)", ret, strerror(-ret));
3785 goto nla_put_failure;
3789 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully");
3797 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
3798 struct wpa_driver_associate_params *params)
3804 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
3806 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode)) {
3807 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
3813 msg = nlmsg_alloc();
3817 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3818 NL80211_CMD_JOIN_IBSS, 0);
3819 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3821 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
3822 goto nla_put_failure;
3824 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
3825 params->ssid, params->ssid_len);
3826 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
3828 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
3829 drv->ssid_len = params->ssid_len;
3831 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
3832 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
3834 ret = nl80211_set_conn_keys(params, msg);
3836 goto nla_put_failure;
3838 if (params->wpa_ie) {
3839 wpa_hexdump(MSG_DEBUG,
3840 " * Extra IEs for Beacon/Probe Response frames",
3841 params->wpa_ie, params->wpa_ie_len);
3842 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
3846 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3849 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
3850 ret, strerror(-ret));
3852 if (ret == -EALREADY && count == 1) {
3853 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
3855 nl80211_leave_ibss(drv);
3860 goto nla_put_failure;
3863 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully");
3871 static int wpa_driver_nl80211_connect(
3872 struct wpa_driver_nl80211_data *drv,
3873 struct wpa_driver_associate_params *params)
3876 enum nl80211_auth_type type;
3879 msg = nlmsg_alloc();
3883 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
3884 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3885 NL80211_CMD_CONNECT, 0);
3887 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3888 if (params->bssid) {
3889 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
3890 MAC2STR(params->bssid));
3891 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
3894 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
3895 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
3898 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
3899 params->ssid, params->ssid_len);
3900 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
3902 if (params->ssid_len > sizeof(drv->ssid))
3903 goto nla_put_failure;
3904 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
3905 drv->ssid_len = params->ssid_len;
3907 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
3909 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
3912 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
3913 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
3914 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
3915 type = NL80211_AUTHTYPE_SHARED_KEY;
3916 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
3917 type = NL80211_AUTHTYPE_NETWORK_EAP;
3918 else if (params->auth_alg & WPA_AUTH_ALG_FT)
3919 type = NL80211_AUTHTYPE_FT;
3921 goto nla_put_failure;
3923 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
3924 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
3926 if (params->wpa_ie && params->wpa_ie_len) {
3927 enum nl80211_wpa_versions ver;
3929 if (params->wpa_ie[0] == WLAN_EID_RSN)
3930 ver = NL80211_WPA_VERSION_2;
3932 ver = NL80211_WPA_VERSION_1;
3934 wpa_printf(MSG_DEBUG, " * WPA Version %d", ver);
3935 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
3938 if (params->pairwise_suite != CIPHER_NONE) {
3941 switch (params->pairwise_suite) {
3943 cipher = WLAN_CIPHER_SUITE_WEP40;
3946 cipher = WLAN_CIPHER_SUITE_WEP104;
3949 cipher = WLAN_CIPHER_SUITE_CCMP;
3953 cipher = WLAN_CIPHER_SUITE_TKIP;
3956 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
3959 if (params->group_suite != CIPHER_NONE) {
3962 switch (params->group_suite) {
3964 cipher = WLAN_CIPHER_SUITE_WEP40;
3967 cipher = WLAN_CIPHER_SUITE_WEP104;
3970 cipher = WLAN_CIPHER_SUITE_CCMP;
3974 cipher = WLAN_CIPHER_SUITE_TKIP;
3977 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
3980 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
3981 params->key_mgmt_suite == KEY_MGMT_PSK) {
3982 int mgmt = WLAN_AKM_SUITE_PSK;
3984 switch (params->key_mgmt_suite) {
3985 case KEY_MGMT_802_1X:
3986 mgmt = WLAN_AKM_SUITE_8021X;
3990 mgmt = WLAN_AKM_SUITE_PSK;
3993 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt);
3996 ret = nl80211_set_conn_keys(params, msg);
3998 goto nla_put_failure;
4000 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4003 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
4004 "(%s)", ret, strerror(-ret));
4005 goto nla_put_failure;
4008 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully");
4017 static int wpa_driver_nl80211_associate(
4018 void *priv, struct wpa_driver_associate_params *params)
4020 struct i802_bss *bss = priv;
4021 struct wpa_driver_nl80211_data *drv = bss->drv;
4025 if (params->mode == IEEE80211_MODE_AP)
4026 return wpa_driver_nl80211_ap(drv, params);
4028 if (params->mode == IEEE80211_MODE_IBSS)
4029 return wpa_driver_nl80211_ibss(drv, params);
4031 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
4032 if (wpa_driver_nl80211_set_mode(priv, params->mode) < 0)
4034 return wpa_driver_nl80211_connect(drv, params);
4037 drv->associated = 0;
4039 msg = nlmsg_alloc();
4043 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
4045 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4046 NL80211_CMD_ASSOCIATE, 0);
4048 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4049 if (params->bssid) {
4050 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
4051 MAC2STR(params->bssid));
4052 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
4055 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
4056 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
4057 drv->assoc_freq = params->freq;
4059 drv->assoc_freq = 0;
4061 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
4062 params->ssid, params->ssid_len);
4063 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
4065 if (params->ssid_len > sizeof(drv->ssid))
4066 goto nla_put_failure;
4067 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
4068 drv->ssid_len = params->ssid_len;
4070 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
4072 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
4075 #ifdef CONFIG_IEEE80211W
4076 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED)
4077 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
4078 #endif /* CONFIG_IEEE80211W */
4080 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
4082 if (params->prev_bssid) {
4083 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR,
4084 MAC2STR(params->prev_bssid));
4085 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
4086 params->prev_bssid);
4089 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4092 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
4093 "(%s)", ret, strerror(-ret));
4094 nl80211_dump_scan(drv);
4095 goto nla_put_failure;
4098 wpa_printf(MSG_DEBUG, "nl80211: Association request send "
4107 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
4108 int ifindex, int mode)
4113 msg = nlmsg_alloc();
4117 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4118 0, NL80211_CMD_SET_INTERFACE, 0);
4119 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
4120 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
4122 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4126 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
4127 " %d (%s)", ifindex, mode, ret, strerror(-ret));
4132 static int wpa_driver_nl80211_set_mode(void *priv, int mode)
4134 struct i802_bss *bss = priv;
4135 struct wpa_driver_nl80211_data *drv = bss->drv;
4142 nlmode = NL80211_IFTYPE_STATION;
4145 nlmode = NL80211_IFTYPE_ADHOC;
4148 nlmode = NL80211_IFTYPE_AP;
4154 if (nl80211_set_mode(drv, drv->ifindex, nlmode) == 0) {
4155 drv->nlmode = nlmode;
4160 if (nlmode == drv->nlmode) {
4161 wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
4162 "requested mode - ignore error");
4164 goto done; /* Already in the requested mode */
4167 /* mac80211 doesn't allow mode changes while the device is up, so
4168 * take the device down, try to set the mode again, and bring the
4171 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting "
4173 for (i = 0; i < 10; i++) {
4174 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0) ==
4176 /* Try to set the mode again while the interface is
4178 ret = nl80211_set_mode(drv, drv->ifindex, nlmode);
4179 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname,
4185 wpa_printf(MSG_DEBUG, "nl80211: Failed to set "
4187 os_sleep(0, 100000);
4191 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
4192 "interface is down");
4193 drv->nlmode = nlmode;
4197 if (!ret && nlmode == NL80211_IFTYPE_AP) {
4198 /* Setup additional AP mode functionality if needed */
4199 if (drv->monitor_ifidx < 0 &&
4200 nl80211_create_monitor_interface(drv))
4202 } else if (!ret && nlmode != NL80211_IFTYPE_AP) {
4203 /* Remove additional AP mode functionality */
4204 nl80211_remove_monitor_interface(drv);
4205 bss->beacon_set = 0;
4209 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
4210 "from %d failed", nlmode, drv->nlmode);
4216 static int wpa_driver_nl80211_get_capa(void *priv,
4217 struct wpa_driver_capa *capa)
4219 struct i802_bss *bss = priv;
4220 struct wpa_driver_nl80211_data *drv = bss->drv;
4221 if (!drv->has_capability)
4223 os_memcpy(capa, &drv->capa, sizeof(*capa));
4228 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
4230 struct i802_bss *bss = priv;
4231 struct wpa_driver_nl80211_data *drv = bss->drv;
4233 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
4234 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
4235 drv->operstate = state;
4236 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
4237 state ? IF_OPER_UP : IF_OPER_DORMANT);
4241 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
4243 struct i802_bss *bss = priv;
4244 struct wpa_driver_nl80211_data *drv = bss->drv;
4246 struct nl80211_sta_flag_update upd;
4248 msg = nlmsg_alloc();
4252 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4253 0, NL80211_CMD_SET_STATION, 0);
4255 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
4256 if_nametoindex(bss->ifname));
4257 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
4259 os_memset(&upd, 0, sizeof(upd));
4260 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
4262 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
4263 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
4265 return send_and_recv_msgs(drv, msg, NULL, NULL);
4273 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
4278 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d",
4280 for (i = 0; i < drv->num_if_indices; i++) {
4281 if (drv->if_indices[i] == 0) {
4282 drv->if_indices[i] = ifidx;
4287 if (drv->if_indices != drv->default_if_indices)
4288 old = drv->if_indices;
4292 drv->if_indices = os_realloc(old,
4293 sizeof(int) * (drv->num_if_indices + 1));
4294 if (!drv->if_indices) {
4296 drv->if_indices = drv->default_if_indices;
4298 drv->if_indices = old;
4299 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
4301 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
4304 os_memcpy(drv->if_indices, drv->default_if_indices,
4305 sizeof(drv->default_if_indices));
4306 drv->if_indices[drv->num_if_indices] = ifidx;
4307 drv->num_if_indices++;
4311 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
4315 for (i = 0; i < drv->num_if_indices; i++) {
4316 if (drv->if_indices[i] == ifidx) {
4317 drv->if_indices[i] = 0;
4324 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
4328 for (i = 0; i < drv->num_if_indices; i++)
4329 if (drv->if_indices[i] == ifidx)
4336 static inline int min_int(int a, int b)
4344 static int get_key_handler(struct nl_msg *msg, void *arg)
4346 struct nlattr *tb[NL80211_ATTR_MAX + 1];
4347 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
4349 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
4350 genlmsg_attrlen(gnlh, 0), NULL);
4353 * TODO: validate the key index and mac address!
4354 * Otherwise, there's a race condition as soon as
4355 * the kernel starts sending key notifications.
4358 if (tb[NL80211_ATTR_KEY_SEQ])
4359 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
4360 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
4365 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
4368 struct i802_bss *bss = priv;
4369 struct wpa_driver_nl80211_data *drv = bss->drv;
4372 msg = nlmsg_alloc();
4376 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4377 0, NL80211_CMD_GET_KEY, 0);
4380 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4381 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
4382 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
4386 return send_and_recv_msgs(drv, msg, get_key_handler, seq);
4392 static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates,
4395 struct i802_bss *bss = priv;
4396 struct wpa_driver_nl80211_data *drv = bss->drv;
4398 u8 rates[NL80211_MAX_SUPP_RATES];
4402 msg = nlmsg_alloc();
4406 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4407 NL80211_CMD_SET_BSS, 0);
4409 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++)
4410 rates[rates_len++] = basic_rates[i] / 5;
4412 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
4414 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4416 return send_and_recv_msgs(drv, msg, NULL, NULL);
4421 #endif /* HOSTAPD */
4424 /* Set kernel driver on given frequency (MHz) */
4425 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
4427 struct i802_bss *bss = priv;
4428 struct wpa_driver_nl80211_data *drv = bss->drv;
4429 return wpa_driver_nl80211_set_freq(drv, freq->freq, freq->ht_enabled,
4430 freq->sec_channel_offset);
4436 static int i802_set_rts(void *priv, int rts)
4438 struct i802_bss *bss = priv;
4439 struct wpa_driver_nl80211_data *drv = bss->drv;
4444 msg = nlmsg_alloc();
4453 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4454 0, NL80211_CMD_SET_WIPHY, 0);
4455 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4456 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val);
4458 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4462 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
4463 "%d (%s)", rts, ret, strerror(-ret));
4468 static int i802_set_frag(void *priv, int frag)
4470 struct i802_bss *bss = priv;
4471 struct wpa_driver_nl80211_data *drv = bss->drv;
4476 msg = nlmsg_alloc();
4485 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4486 0, NL80211_CMD_SET_WIPHY, 0);
4487 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4488 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val);
4490 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4494 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
4495 "%d: %d (%s)", frag, ret, strerror(-ret));
4500 static int i802_flush(void *priv)
4502 struct i802_bss *bss = priv;
4503 struct wpa_driver_nl80211_data *drv = bss->drv;
4506 msg = nlmsg_alloc();
4510 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4511 0, NL80211_CMD_DEL_STATION, 0);
4514 * XXX: FIX! this needs to flush all VLANs too
4516 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
4517 if_nametoindex(bss->ifname));
4519 return send_and_recv_msgs(drv, msg, NULL, NULL);
4525 static int get_sta_handler(struct nl_msg *msg, void *arg)
4527 struct nlattr *tb[NL80211_ATTR_MAX + 1];
4528 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
4529 struct hostap_sta_driver_data *data = arg;
4530 struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
4531 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
4532 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
4533 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
4534 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
4535 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
4536 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
4539 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
4540 genlmsg_attrlen(gnlh, 0), NULL);
4543 * TODO: validate the interface and mac address!
4544 * Otherwise, there's a race condition as soon as
4545 * the kernel starts sending station notifications.
4548 if (!tb[NL80211_ATTR_STA_INFO]) {
4549 wpa_printf(MSG_DEBUG, "sta stats missing!");
4552 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
4553 tb[NL80211_ATTR_STA_INFO],
4555 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
4559 if (stats[NL80211_STA_INFO_INACTIVE_TIME])
4560 data->inactive_msec =
4561 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
4562 if (stats[NL80211_STA_INFO_RX_BYTES])
4563 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
4564 if (stats[NL80211_STA_INFO_TX_BYTES])
4565 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
4566 if (stats[NL80211_STA_INFO_RX_PACKETS])
4568 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
4569 if (stats[NL80211_STA_INFO_TX_PACKETS])
4571 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
4576 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
4579 struct i802_bss *bss = priv;
4580 struct wpa_driver_nl80211_data *drv = bss->drv;
4583 os_memset(data, 0, sizeof(*data));
4584 msg = nlmsg_alloc();
4588 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4589 0, NL80211_CMD_GET_STATION, 0);
4591 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4592 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4594 return send_and_recv_msgs(drv, msg, get_sta_handler, data);
4600 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
4601 int cw_min, int cw_max, int burst_time)
4603 struct i802_bss *bss = priv;
4604 struct wpa_driver_nl80211_data *drv = bss->drv;
4606 struct nlattr *txq, *params;
4608 msg = nlmsg_alloc();
4612 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4613 0, NL80211_CMD_SET_WIPHY, 0);
4615 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4617 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
4619 goto nla_put_failure;
4621 /* We are only sending parameters for a single TXQ at a time */
4622 params = nla_nest_start(msg, 1);
4624 goto nla_put_failure;
4626 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, queue);
4627 /* Burst time is configured in units of 0.1 msec and TXOP parameter in
4628 * 32 usec, so need to convert the value here. */
4629 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
4630 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
4631 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
4632 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
4634 nla_nest_end(msg, params);
4636 nla_nest_end(msg, txq);
4638 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
4645 static int i802_set_bss(void *priv, int cts, int preamble, int slot)
4647 struct i802_bss *bss = priv;
4648 struct wpa_driver_nl80211_data *drv = bss->drv;
4651 msg = nlmsg_alloc();
4655 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4656 NL80211_CMD_SET_BSS, 0);
4659 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
4661 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
4663 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
4665 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4667 return send_and_recv_msgs(drv, msg, NULL, NULL);
4673 static int i802_set_cts_protect(void *priv, int value)
4675 return i802_set_bss(priv, value, -1, -1);
4679 static int i802_set_preamble(void *priv, int value)
4681 return i802_set_bss(priv, -1, value, -1);
4685 static int i802_set_short_slot_time(void *priv, int value)
4687 return i802_set_bss(priv, -1, -1, value);
4691 static int i802_set_sta_vlan(void *priv, const u8 *addr,
4692 const char *ifname, int vlan_id)
4694 struct i802_bss *bss = priv;
4695 struct wpa_driver_nl80211_data *drv = bss->drv;
4699 msg = nlmsg_alloc();
4703 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4704 0, NL80211_CMD_SET_STATION, 0);
4706 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
4707 if_nametoindex(bss->ifname));
4708 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4709 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN,
4710 if_nametoindex(ifname));
4712 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4714 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
4715 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
4716 MAC2STR(addr), ifname, vlan_id, ret,
4724 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val)
4726 struct i802_bss *bss = priv;
4727 struct wpa_driver_nl80211_data *drv = bss->drv;
4728 char name[IFNAMSIZ + 1];
4730 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
4731 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
4732 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
4734 if (nl80211_create_iface(drv, name, NL80211_IFTYPE_AP_VLAN,
4737 linux_set_iface_flags(drv->ioctl_sock, name, 1);
4738 return i802_set_sta_vlan(priv, addr, name, 0);
4740 i802_set_sta_vlan(priv, addr, bss->ifname, 0);
4741 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN,
4747 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
4749 struct wpa_driver_nl80211_data *drv = eloop_ctx;
4750 struct sockaddr_ll lladdr;
4751 unsigned char buf[3000];
4753 socklen_t fromlen = sizeof(lladdr);
4755 len = recvfrom(sock, buf, sizeof(buf), 0,
4756 (struct sockaddr *)&lladdr, &fromlen);
4762 if (have_ifidx(drv, lladdr.sll_ifindex))
4763 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
4767 static int i802_get_inact_sec(void *priv, const u8 *addr)
4769 struct hostap_sta_driver_data data;
4772 data.inactive_msec = (unsigned long) -1;
4773 ret = i802_read_sta_data(priv, &data, addr);
4774 if (ret || data.inactive_msec == (unsigned long) -1)
4776 return data.inactive_msec / 1000;
4780 static int i802_sta_clear_stats(void *priv, const u8 *addr)
4789 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
4792 struct i802_bss *bss = priv;
4793 struct ieee80211_mgmt mgmt;
4795 memset(&mgmt, 0, sizeof(mgmt));
4796 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
4797 WLAN_FC_STYPE_DEAUTH);
4798 memcpy(mgmt.da, addr, ETH_ALEN);
4799 memcpy(mgmt.sa, own_addr, ETH_ALEN);
4800 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
4801 mgmt.u.deauth.reason_code = host_to_le16(reason);
4802 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
4804 sizeof(mgmt.u.deauth));
4808 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
4811 struct i802_bss *bss = priv;
4812 struct ieee80211_mgmt mgmt;
4814 memset(&mgmt, 0, sizeof(mgmt));
4815 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
4816 WLAN_FC_STYPE_DISASSOC);
4817 memcpy(mgmt.da, addr, ETH_ALEN);
4818 memcpy(mgmt.sa, own_addr, ETH_ALEN);
4819 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
4820 mgmt.u.disassoc.reason_code = host_to_le16(reason);
4821 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
4823 sizeof(mgmt.u.disassoc));
4827 static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
4828 const char *brname, const char *ifname)
4831 char in_br[IFNAMSIZ];
4833 os_strlcpy(drv->brname, brname, IFNAMSIZ);
4834 ifindex = if_nametoindex(brname);
4837 * Bridge was configured, but the bridge device does
4838 * not exist. Try to add it now.
4840 if (linux_br_add(drv->ioctl_sock, brname) < 0) {
4841 wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
4842 "bridge interface %s: %s",
4843 brname, strerror(errno));
4846 drv->added_bridge = 1;
4847 add_ifidx(drv, if_nametoindex(brname));
4850 if (linux_br_get(in_br, ifname) == 0) {
4851 if (os_strcmp(in_br, brname) == 0)
4852 return 0; /* already in the bridge */
4854 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
4855 "bridge %s", ifname, in_br);
4856 if (linux_br_del_if(drv->ioctl_sock, in_br, ifname) < 0) {
4857 wpa_printf(MSG_ERROR, "nl80211: Failed to "
4858 "remove interface %s from bridge "
4860 ifname, brname, strerror(errno));
4865 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
4867 if (linux_br_add_if(drv->ioctl_sock, brname, ifname) < 0) {
4868 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s "
4869 "into bridge %s: %s",
4870 ifname, brname, strerror(errno));
4873 drv->added_if_into_bridge = 1;
4879 static void *i802_init(struct hostapd_data *hapd,
4880 struct wpa_init_params *params)
4882 struct wpa_driver_nl80211_data *drv;
4883 struct i802_bss *bss;
4885 char brname[IFNAMSIZ];
4886 int ifindex, br_ifindex;
4889 bss = wpa_driver_nl80211_init(hapd, params->ifname);
4894 if (linux_br_get(brname, params->ifname) == 0) {
4895 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
4896 params->ifname, brname);
4897 br_ifindex = if_nametoindex(brname);
4903 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
4904 drv->if_indices = drv->default_if_indices;
4905 for (i = 0; i < params->num_bridge; i++) {
4906 if (params->bridge[i]) {
4907 ifindex = if_nametoindex(params->bridge[i]);
4909 add_ifidx(drv, ifindex);
4910 if (ifindex == br_ifindex)
4914 if (!br_added && br_ifindex &&
4915 (params->num_bridge == 0 || !params->bridge[0]))
4916 add_ifidx(drv, br_ifindex);
4918 /* start listening for EAPOL on the default AP interface */
4919 add_ifidx(drv, drv->ifindex);
4921 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0))
4924 if (params->bssid) {
4925 if (linux_set_ifhwaddr(drv->ioctl_sock, bss->ifname,
4930 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_AP)) {
4931 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s "
4932 "into AP mode", bss->ifname);
4936 if (params->num_bridge && params->bridge[0] &&
4937 i802_check_bridge(drv, params->bridge[0], params->ifname) < 0)
4940 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1))
4943 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
4944 if (drv->eapol_sock < 0) {
4945 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
4949 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
4951 printf("Could not register read socket for eapol\n");
4955 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, params->own_addr))
4961 nl80211_remove_monitor_interface(drv);
4962 if (drv->ioctl_sock >= 0)
4963 close(drv->ioctl_sock);
4965 genl_family_put(drv->nl80211);
4966 nl_cache_free(drv->nl_cache);
4967 nl_handle_destroy(drv->nl_handle);
4968 nl_cb_put(drv->nl_cb);
4975 static void i802_deinit(void *priv)
4977 wpa_driver_nl80211_deinit(priv);
4980 #endif /* HOSTAPD */
4983 static enum nl80211_iftype wpa_driver_nl80211_if_type(
4984 enum wpa_driver_if_type type)
4987 case WPA_IF_STATION:
4988 return NL80211_IFTYPE_STATION;
4989 case WPA_IF_AP_VLAN:
4990 return NL80211_IFTYPE_AP_VLAN;
4992 return NL80211_IFTYPE_AP;
4998 static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
4999 const char *ifname, const u8 *addr,
5000 void *bss_ctx, void **drv_priv,
5001 char *force_ifname, u8 *if_addr)
5003 struct i802_bss *bss = priv;
5004 struct wpa_driver_nl80211_data *drv = bss->drv;
5007 struct i802_bss *new_bss = NULL;
5009 if (type == WPA_IF_AP_BSS) {
5010 new_bss = os_zalloc(sizeof(*new_bss));
5011 if (new_bss == NULL)
5014 #endif /* HOSTAPD */
5017 os_memcpy(if_addr, addr, ETH_ALEN);
5018 ifidx = nl80211_create_iface(drv, ifname,
5019 wpa_driver_nl80211_if_type(type), addr,
5024 #endif /* HOSTAPD */
5029 linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, if_addr) < 0)
5033 if (type == WPA_IF_AP_BSS) {
5034 if (linux_set_iface_flags(drv->ioctl_sock, ifname, 1)) {
5035 nl80211_remove_iface(drv, ifidx);
5039 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
5040 new_bss->ifindex = ifidx;
5042 new_bss->next = drv->first_bss.next;
5043 drv->first_bss.next = new_bss;
5045 *drv_priv = new_bss;
5047 #endif /* HOSTAPD */
5053 static int wpa_driver_nl80211_if_remove(void *priv,
5054 enum wpa_driver_if_type type,
5057 struct i802_bss *bss = priv;
5058 struct wpa_driver_nl80211_data *drv = bss->drv;
5059 int ifindex = if_nametoindex(ifname);
5061 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d",
5062 __func__, type, ifname, ifindex);
5065 nl80211_remove_iface(drv, ifindex);
5068 if (type != WPA_IF_AP_BSS)
5071 if (bss != &drv->first_bss) {
5072 struct i802_bss *tbss = &drv->first_bss;
5075 if (tbss->next != bss)
5078 tbss->next = bss->next;
5083 #endif /* HOSTAPD */
5089 static int cookie_handler(struct nl_msg *msg, void *arg)
5091 struct nlattr *tb[NL80211_ATTR_MAX + 1];
5092 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
5094 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
5095 genlmsg_attrlen(gnlh, 0), NULL);
5096 if (tb[NL80211_ATTR_COOKIE])
5097 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
5102 static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq,
5103 const u8 *dst, const u8 *src,
5105 const u8 *data, size_t data_len)
5107 struct i802_bss *bss = priv;
5108 struct wpa_driver_nl80211_data *drv = bss->drv;
5112 struct ieee80211_hdr *hdr;
5115 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d)",
5118 buf = os_zalloc(24 + data_len);
5121 os_memcpy(buf + 24, data, data_len);
5122 hdr = (struct ieee80211_hdr *) buf;
5123 hdr->frame_control =
5124 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
5125 os_memcpy(hdr->addr1, dst, ETH_ALEN);
5126 os_memcpy(hdr->addr2, src, ETH_ALEN);
5127 os_memcpy(hdr->addr3, bssid, ETH_ALEN);
5129 if (drv->nlmode == NL80211_IFTYPE_AP) {
5130 ret = wpa_driver_nl80211_send_mlme(priv, buf, 24 + data_len);
5135 msg = nlmsg_alloc();
5141 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5142 NL80211_CMD_ACTION, 0);
5144 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5145 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
5146 NLA_PUT(msg, NL80211_ATTR_FRAME, 24 + data_len, buf);
5151 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
5154 wpa_printf(MSG_DEBUG, "nl80211: Action command failed: ret=%d "
5155 "(%s)", ret, strerror(-ret));
5156 goto nla_put_failure;
5158 wpa_printf(MSG_DEBUG, "nl80211: Action TX command accepted; "
5159 "cookie 0x%llx", (long long unsigned int) cookie);
5160 drv->send_action_cookie = cookie;
5170 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
5171 unsigned int duration)
5173 struct i802_bss *bss = priv;
5174 struct wpa_driver_nl80211_data *drv = bss->drv;
5179 msg = nlmsg_alloc();
5183 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5184 NL80211_CMD_REMAIN_ON_CHANNEL, 0);
5186 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5187 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
5188 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
5191 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
5193 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
5194 "0x%llx for freq=%u MHz duration=%u",
5195 (long long unsigned int) cookie, freq, duration);
5196 drv->remain_on_chan_cookie = cookie;
5199 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
5200 "(freq=%d duration=%u): %d (%s)",
5201 freq, duration, ret, strerror(-ret));
5207 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
5209 struct i802_bss *bss = priv;
5210 struct wpa_driver_nl80211_data *drv = bss->drv;
5214 if (!drv->pending_remain_on_chan) {
5215 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
5220 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
5222 (long long unsigned int) drv->remain_on_chan_cookie);
5224 msg = nlmsg_alloc();
5228 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5229 NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 0);
5231 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5232 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie);
5234 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5237 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
5238 "%d (%s)", ret, strerror(-ret));
5244 static void wpa_driver_nl80211_probe_req_report_timeout(void *eloop_ctx,
5247 struct wpa_driver_nl80211_data *drv = eloop_ctx;
5248 if (drv->monitor_ifidx < 0)
5249 return; /* monitor interface already removed */
5251 if (drv->nlmode != NL80211_IFTYPE_STATION)
5252 return; /* not in station mode anymore */
5254 if (drv->probe_req_report)
5255 return; /* reporting enabled */
5257 wpa_printf(MSG_DEBUG, "nl80211: Remove monitor interface due to no "
5258 "Probe Request reporting needed anymore");
5259 nl80211_remove_monitor_interface(drv);
5263 static int wpa_driver_nl80211_probe_req_report(void *priv, int report)
5265 struct i802_bss *bss = priv;
5266 struct wpa_driver_nl80211_data *drv = bss->drv;
5268 if (drv->nlmode != NL80211_IFTYPE_STATION) {
5269 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only "
5270 "allowed in station mode (iftype=%d)",
5274 drv->probe_req_report = report;
5277 eloop_cancel_timeout(
5278 wpa_driver_nl80211_probe_req_report_timeout,
5280 if (drv->monitor_ifidx < 0 &&
5281 nl80211_create_monitor_interface(drv))
5285 * It takes a while to remove the monitor interface, so try to
5286 * avoid doing this if it is needed again shortly. Instead,
5287 * schedule the interface to be removed later if no need for it
5290 wpa_printf(MSG_DEBUG, "nl80211: Scheduling monitor interface "
5291 "to be removed after 10 seconds of no use");
5292 eloop_register_timeout(
5293 10, 0, wpa_driver_nl80211_probe_req_report_timeout,
5301 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
5302 int ifindex, int disabled)
5305 struct nlattr *bands, *band;
5308 msg = nlmsg_alloc();
5312 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5313 NL80211_CMD_SET_TX_BITRATE_MASK, 0);
5314 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
5316 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
5318 goto nla_put_failure;
5321 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
5322 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
5323 * rates. All 5 GHz rates are left enabled.
5325 band = nla_nest_start(msg, NL80211_BAND_2GHZ);
5327 goto nla_put_failure;
5328 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8,
5329 "\x0c\x12\x18\x24\x30\x48\x60\x6c");
5330 nla_nest_end(msg, band);
5332 nla_nest_end(msg, bands);
5334 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5337 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
5338 "(%s)", ret, strerror(-ret));
5349 static int wpa_driver_nl80211_disable_11b_rates(void *priv, int disabled)
5351 struct i802_bss *bss = priv;
5352 struct wpa_driver_nl80211_data *drv = bss->drv;
5353 drv->disable_11b_rates = disabled;
5354 return nl80211_disable_11b_rates(drv, drv->ifindex, disabled);
5358 static int wpa_driver_nl80211_deinit_ap(void *priv)
5360 struct i802_bss *bss = priv;
5361 struct wpa_driver_nl80211_data *drv = bss->drv;
5362 if (drv->nlmode != NL80211_IFTYPE_AP)
5364 wpa_driver_nl80211_del_beacon(drv);
5365 return wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA);
5369 static void wpa_driver_nl80211_resume(void *priv)
5371 struct i802_bss *bss = priv;
5372 struct wpa_driver_nl80211_data *drv = bss->drv;
5373 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) {
5374 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on "
5380 static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap,
5381 const u8 *ies, size_t ies_len)
5383 struct i802_bss *bss = priv;
5384 struct wpa_driver_nl80211_data *drv = bss->drv;
5388 u8 own_addr[ETH_ALEN];
5390 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) < 0)
5394 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action "
5395 "action %d", action);
5400 * Action frame payload:
5401 * Category[1] = 6 (Fast BSS Transition)
5402 * Action[1] = 1 (Fast BSS Transition Request)
5408 data_len = 2 + 2 * ETH_ALEN + ies_len;
5409 data = os_malloc(data_len);
5413 *pos++ = 0x06; /* FT Action category */
5415 os_memcpy(pos, own_addr, ETH_ALEN);
5417 os_memcpy(pos, target_ap, ETH_ALEN);
5419 os_memcpy(pos, ies, ies_len);
5421 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, drv->bssid,
5422 own_addr, drv->bssid,
5430 static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
5432 struct i802_bss *bss = priv;
5433 struct wpa_driver_nl80211_data *drv = bss->drv;
5434 struct nl_msg *msg, *cqm = NULL;
5436 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
5437 "hysteresis=%d", threshold, hysteresis);
5439 msg = nlmsg_alloc();
5443 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5444 0, NL80211_CMD_SET_CQM, 0);
5446 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
5448 cqm = nlmsg_alloc();
5452 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold);
5453 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis);
5454 nla_put_nested(msg, NL80211_ATTR_CQM, cqm);
5456 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
5468 static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len,
5471 struct i802_bss *bss = priv;
5472 struct wpa_driver_nl80211_data *drv = bss->drv;
5473 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt);
5477 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
5479 .desc = "Linux nl80211/cfg80211",
5480 .get_bssid = wpa_driver_nl80211_get_bssid,
5481 .get_ssid = wpa_driver_nl80211_get_ssid,
5482 .set_key = wpa_driver_nl80211_set_key,
5483 .scan2 = wpa_driver_nl80211_scan,
5484 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
5485 .deauthenticate = wpa_driver_nl80211_deauthenticate,
5486 .disassociate = wpa_driver_nl80211_disassociate,
5487 .authenticate = wpa_driver_nl80211_authenticate,
5488 .associate = wpa_driver_nl80211_associate,
5489 .init = wpa_driver_nl80211_init,
5490 .deinit = wpa_driver_nl80211_deinit,
5491 .get_capa = wpa_driver_nl80211_get_capa,
5492 .set_operstate = wpa_driver_nl80211_set_operstate,
5493 .set_supp_port = wpa_driver_nl80211_set_supp_port,
5494 .set_country = wpa_driver_nl80211_set_country,
5495 .set_beacon = wpa_driver_nl80211_set_beacon,
5496 .if_add = wpa_driver_nl80211_if_add,
5497 .if_remove = wpa_driver_nl80211_if_remove,
5498 .send_mlme = wpa_driver_nl80211_send_mlme,
5499 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
5500 .sta_add = wpa_driver_nl80211_sta_add,
5501 .sta_remove = wpa_driver_nl80211_sta_remove,
5502 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
5503 .sta_set_flags = wpa_driver_nl80211_sta_set_flags,
5505 .hapd_init = i802_init,
5506 .hapd_deinit = i802_deinit,
5507 .get_seqnum = i802_get_seqnum,
5508 .flush = i802_flush,
5509 .read_sta_data = i802_read_sta_data,
5510 .sta_deauth = i802_sta_deauth,
5511 .sta_disassoc = i802_sta_disassoc,
5512 .get_inact_sec = i802_get_inact_sec,
5513 .sta_clear_stats = i802_sta_clear_stats,
5514 .set_rts = i802_set_rts,
5515 .set_frag = i802_set_frag,
5516 .set_rate_sets = i802_set_rate_sets,
5517 .set_cts_protect = i802_set_cts_protect,
5518 .set_preamble = i802_set_preamble,
5519 .set_short_slot_time = i802_set_short_slot_time,
5520 .set_tx_queue_params = i802_set_tx_queue_params,
5521 .set_sta_vlan = i802_set_sta_vlan,
5522 .set_wds_sta = i802_set_wds_sta,
5523 #endif /* HOSTAPD */
5524 .set_freq = i802_set_freq,
5525 .send_action = wpa_driver_nl80211_send_action,
5526 .remain_on_channel = wpa_driver_nl80211_remain_on_channel,
5527 .cancel_remain_on_channel =
5528 wpa_driver_nl80211_cancel_remain_on_channel,
5529 .probe_req_report = wpa_driver_nl80211_probe_req_report,
5530 .disable_11b_rates = wpa_driver_nl80211_disable_11b_rates,
5531 .deinit_ap = wpa_driver_nl80211_deinit_ap,
5532 .resume = wpa_driver_nl80211_resume,
5533 .send_ft_action = nl80211_send_ft_action,
5534 .signal_monitor = nl80211_signal_monitor,
5535 .send_frame = nl80211_send_frame,