2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009-2010, Atheros Communications
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
13 * Alternatively, this software may be distributed under the terms of BSD
16 * See README and COPYING for more details.
20 #include <sys/ioctl.h>
21 #include <sys/types.h>
25 #include <netlink/genl/genl.h>
26 #include <netlink/genl/family.h>
27 #include <netlink/genl/ctrl.h>
28 #include <linux/rtnetlink.h>
29 #include <netpacket/packet.h>
30 #include <linux/filter.h>
31 #include "nl80211_copy.h"
35 #include "utils/list.h"
36 #include "common/ieee802_11_defs.h"
38 #include "linux_ioctl.h"
40 #include "radiotap_iter.h"
45 /* libnl 2.0 compatibility code */
46 #define nl_handle nl_sock
47 #define nl80211_handle_alloc nl_socket_alloc_cb
48 #define nl80211_handle_destroy nl_socket_free
51 * libnl 1.1 has a bug, it tries to allocate socket numbers densely
52 * but when you free a socket again it will mess up its bitmap and
53 * and use the wrong number the next time it needs a socket ID.
54 * Therefore, we wrap the handle alloc/destroy and add our own pid
57 static uint32_t port_bitmap[32] = { 0 };
59 static struct nl_handle *nl80211_handle_alloc(void *cb)
61 struct nl_handle *handle;
62 uint32_t pid = getpid() & 0x3FFFFF;
65 handle = nl_handle_alloc_cb(cb);
67 for (i = 0; i < 1024; i++) {
68 if (port_bitmap[i / 32] & (1 << (i % 32)))
70 port_bitmap[i / 32] |= 1 << (i % 32);
75 nl_socket_set_local_port(handle, pid);
80 static void nl80211_handle_destroy(struct nl_handle *handle)
82 uint32_t port = nl_socket_get_local_port(handle);
85 port_bitmap[port / 32] &= ~(1 << (port % 32));
87 nl_handle_destroy(handle);
89 #endif /* CONFIG_LIBNL20 */
93 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
96 #define IFF_DORMANT 0x20000 /* driver signals dormant */
99 #ifndef IF_OPER_DORMANT
100 #define IF_OPER_DORMANT 5
106 struct nl80211_global {
107 struct dl_list interfaces;
112 struct wpa_driver_nl80211_data *drv;
113 struct i802_bss *next;
115 char ifname[IFNAMSIZ + 1];
116 char brname[IFNAMSIZ];
117 unsigned int beacon_set:1;
118 unsigned int added_if_into_bridge:1;
119 unsigned int added_bridge:1;
122 struct wpa_driver_nl80211_data {
123 struct nl80211_global *global;
128 struct netlink_data *netlink;
129 int ioctl_sock; /* socket for ioctl() use */
133 int ignore_if_down_event;
134 struct rfkill_data *rfkill;
135 struct wpa_driver_capa capa;
140 int scan_complete_events;
142 struct nl_handle *nl_handle;
143 struct nl_handle *nl_handle_event;
144 struct nl_handle *nl_handle_preq;
145 struct nl_cache *nl_cache;
146 struct nl_cache *nl_cache_event;
147 struct nl_cache *nl_cache_preq;
149 struct genl_family *nl80211;
151 u8 auth_bssid[ETH_ALEN];
156 enum nl80211_iftype nlmode;
157 enum nl80211_iftype ap_scan_as_station;
158 unsigned int assoc_freq;
162 int no_monitor_iface_capab;
163 int disable_11b_rates;
165 unsigned int pending_remain_on_chan:1;
167 u64 remain_on_chan_cookie;
168 u64 send_action_cookie;
170 unsigned int last_mgmt_freq;
172 struct wpa_driver_scan_filter *filter_ssids;
173 size_t num_filter_ssids;
175 struct i802_bss first_bss;
178 int eapol_sock; /* socket for EAPOL frames */
180 int default_if_indices[16];
190 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
192 static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
193 enum nl80211_iftype nlmode);
195 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
196 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
197 const u8 *addr, int cmd, u16 reason_code,
198 int local_state_change);
199 static void nl80211_remove_monitor_interface(
200 struct wpa_driver_nl80211_data *drv);
201 static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv,
202 unsigned int freq, unsigned int wait,
203 const u8 *buf, size_t buf_len, u64 *cookie);
204 static int wpa_driver_nl80211_probe_req_report(void *priv, int report);
207 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
208 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
209 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
210 static int wpa_driver_nl80211_if_remove(void *priv,
211 enum wpa_driver_if_type type,
214 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
220 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq);
221 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
222 int ifindex, int disabled);
224 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv);
227 static int is_ap_interface(enum nl80211_iftype nlmode)
229 return (nlmode == NL80211_IFTYPE_AP ||
230 nlmode == NL80211_IFTYPE_P2P_GO);
234 static int is_sta_interface(enum nl80211_iftype nlmode)
236 return (nlmode == NL80211_IFTYPE_STATION ||
237 nlmode == NL80211_IFTYPE_P2P_CLIENT);
241 struct nl80211_bss_info_arg {
242 struct wpa_driver_nl80211_data *drv;
243 struct wpa_scan_results *res;
244 unsigned int assoc_freq;
247 static int bss_info_handler(struct nl_msg *msg, void *arg);
251 static int ack_handler(struct nl_msg *msg, void *arg)
258 static int finish_handler(struct nl_msg *msg, void *arg)
265 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
274 static int no_seq_check(struct nl_msg *msg, void *arg)
280 static int send_and_recv(struct wpa_driver_nl80211_data *drv,
281 struct nl_handle *nl_handle, struct nl_msg *msg,
282 int (*valid_handler)(struct nl_msg *, void *),
288 cb = nl_cb_clone(drv->nl_cb);
292 err = nl_send_auto_complete(nl_handle, msg);
298 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
299 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
300 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
303 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
304 valid_handler, valid_data);
307 nl_recvmsgs(nl_handle, cb);
315 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
317 int (*valid_handler)(struct nl_msg *, void *),
320 return send_and_recv(drv, drv->nl_handle, msg, valid_handler,
331 static int family_handler(struct nl_msg *msg, void *arg)
333 struct family_data *res = arg;
334 struct nlattr *tb[CTRL_ATTR_MAX + 1];
335 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
336 struct nlattr *mcgrp;
339 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
340 genlmsg_attrlen(gnlh, 0), NULL);
341 if (!tb[CTRL_ATTR_MCAST_GROUPS])
344 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
345 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
346 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
347 nla_len(mcgrp), NULL);
348 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
349 !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
350 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
352 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
354 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
362 static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv,
363 const char *family, const char *group)
367 struct family_data res = { group, -ENOENT };
372 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"),
373 0, 0, CTRL_CMD_GETFAMILY, 0);
374 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
376 ret = send_and_recv_msgs(drv, msg, family_handler, &res);
387 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
389 struct i802_bss *bss = priv;
390 struct wpa_driver_nl80211_data *drv = bss->drv;
391 if (!drv->associated)
393 os_memcpy(bssid, drv->bssid, ETH_ALEN);
398 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
400 struct i802_bss *bss = priv;
401 struct wpa_driver_nl80211_data *drv = bss->drv;
402 if (!drv->associated)
404 os_memcpy(ssid, drv->ssid, drv->ssid_len);
405 return drv->ssid_len;
409 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
410 char *buf, size_t len, int del)
412 union wpa_event_data event;
414 os_memset(&event, 0, sizeof(event));
415 if (len > sizeof(event.interface_status.ifname))
416 len = sizeof(event.interface_status.ifname) - 1;
417 os_memcpy(event.interface_status.ifname, buf, len);
418 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
419 EVENT_INTERFACE_ADDED;
421 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
423 event.interface_status.ifname,
424 del ? "removed" : "added");
426 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) {
433 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
437 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
440 int attrlen, rta_len;
444 attr = (struct rtattr *) buf;
446 rta_len = RTA_ALIGN(sizeof(struct rtattr));
447 while (RTA_OK(attr, attrlen)) {
448 if (attr->rta_type == IFLA_IFNAME) {
449 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname)
455 attr = RTA_NEXT(attr, attrlen);
462 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
463 int ifindex, u8 *buf, size_t len)
465 if (drv->ifindex == ifindex)
468 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
469 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname);
470 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
472 wpa_driver_nl80211_finish_drv_init(drv);
480 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
481 struct ifinfomsg *ifi,
484 struct wpa_driver_nl80211_data *drv = ctx;
485 int attrlen, rta_len;
489 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, buf, len) &&
490 !have_ifidx(drv, ifi->ifi_index)) {
491 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign "
492 "ifindex %d", ifi->ifi_index);
496 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
498 drv->operstate, ifi->ifi_flags,
499 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
500 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
501 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
502 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
504 if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
505 wpa_printf(MSG_DEBUG, "nl80211: Interface down");
506 if (drv->ignore_if_down_event) {
507 wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
508 "event generated by mode change");
509 drv->ignore_if_down_event = 0;
511 drv->if_disabled = 1;
512 wpa_supplicant_event(drv->ctx,
513 EVENT_INTERFACE_DISABLED, NULL);
517 if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
518 wpa_printf(MSG_DEBUG, "nl80211: Interface up");
519 drv->if_disabled = 0;
520 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL);
524 * Some drivers send the association event before the operup event--in
525 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
526 * fails. This will hit us when wpa_supplicant does not need to do
527 * IEEE 802.1X authentication
529 if (drv->operstate == 1 &&
530 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
531 !(ifi->ifi_flags & IFF_RUNNING))
532 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
536 attr = (struct rtattr *) buf;
537 rta_len = RTA_ALIGN(sizeof(struct rtattr));
538 while (RTA_OK(attr, attrlen)) {
539 if (attr->rta_type == IFLA_IFNAME) {
540 wpa_driver_nl80211_event_link(
542 ((char *) attr) + rta_len,
543 attr->rta_len - rta_len, 0);
544 } else if (attr->rta_type == IFLA_MASTER)
545 brid = nla_get_u32((struct nlattr *) attr);
546 attr = RTA_NEXT(attr, attrlen);
550 if (ifi->ifi_family == AF_BRIDGE && brid) {
551 /* device has been added to bridge */
552 char namebuf[IFNAMSIZ];
553 if_indextoname(brid, namebuf);
554 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
556 add_ifidx(drv, brid);
562 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
563 struct ifinfomsg *ifi,
566 struct wpa_driver_nl80211_data *drv = ctx;
567 int attrlen, rta_len;
572 attr = (struct rtattr *) buf;
574 rta_len = RTA_ALIGN(sizeof(struct rtattr));
575 while (RTA_OK(attr, attrlen)) {
576 if (attr->rta_type == IFLA_IFNAME) {
577 wpa_driver_nl80211_event_link(
579 ((char *) attr) + rta_len,
580 attr->rta_len - rta_len, 1);
581 } else if (attr->rta_type == IFLA_MASTER)
582 brid = nla_get_u32((struct nlattr *) attr);
583 attr = RTA_NEXT(attr, attrlen);
587 if (ifi->ifi_family == AF_BRIDGE && brid) {
588 /* device has been removed from bridge */
589 char namebuf[IFNAMSIZ];
590 if_indextoname(brid, namebuf);
591 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge "
592 "%s", brid, namebuf);
593 del_ifidx(drv, brid);
599 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
600 const u8 *frame, size_t len)
602 const struct ieee80211_mgmt *mgmt;
603 union wpa_event_data event;
605 mgmt = (const struct ieee80211_mgmt *) frame;
606 if (len < 24 + sizeof(mgmt->u.auth)) {
607 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
612 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN);
613 os_memset(&event, 0, sizeof(event));
614 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
615 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
616 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
617 if (len > 24 + sizeof(mgmt->u.auth)) {
618 event.auth.ies = mgmt->u.auth.variable;
619 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
622 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
626 static unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
630 struct nl80211_bss_info_arg arg;
632 os_memset(&arg, 0, sizeof(arg));
635 goto nla_put_failure;
637 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP,
638 NL80211_CMD_GET_SCAN, 0);
639 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
642 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
645 wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the "
646 "associated BSS from scan results: %u MHz",
648 return arg.assoc_freq ? arg.assoc_freq : drv->assoc_freq;
650 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
651 "(%s)", ret, strerror(-ret));
654 return drv->assoc_freq;
658 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
659 const u8 *frame, size_t len)
661 const struct ieee80211_mgmt *mgmt;
662 union wpa_event_data event;
665 mgmt = (const struct ieee80211_mgmt *) frame;
666 if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
667 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
672 status = le_to_host16(mgmt->u.assoc_resp.status_code);
673 if (status != WLAN_STATUS_SUCCESS) {
674 os_memset(&event, 0, sizeof(event));
675 event.assoc_reject.bssid = mgmt->bssid;
676 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
677 event.assoc_reject.resp_ies =
678 (u8 *) mgmt->u.assoc_resp.variable;
679 event.assoc_reject.resp_ies_len =
680 len - 24 - sizeof(mgmt->u.assoc_resp);
682 event.assoc_reject.status_code = status;
684 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
689 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
691 os_memset(&event, 0, sizeof(event));
692 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
693 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
694 event.assoc_info.resp_ies_len =
695 len - 24 - sizeof(mgmt->u.assoc_resp);
698 event.assoc_info.freq = drv->assoc_freq;
700 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
704 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
705 enum nl80211_commands cmd, struct nlattr *status,
706 struct nlattr *addr, struct nlattr *req_ie,
707 struct nlattr *resp_ie)
709 union wpa_event_data event;
711 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
713 * Avoid reporting two association events that would confuse
716 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) "
717 "when using userspace SME", cmd);
721 os_memset(&event, 0, sizeof(event));
722 if (cmd == NL80211_CMD_CONNECT &&
723 nla_get_u16(status) != WLAN_STATUS_SUCCESS) {
725 event.assoc_reject.bssid = nla_data(addr);
727 event.assoc_reject.resp_ies = nla_data(resp_ie);
728 event.assoc_reject.resp_ies_len = nla_len(resp_ie);
730 event.assoc_reject.status_code = nla_get_u16(status);
731 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
737 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN);
740 event.assoc_info.req_ies = nla_data(req_ie);
741 event.assoc_info.req_ies_len = nla_len(req_ie);
744 event.assoc_info.resp_ies = nla_data(resp_ie);
745 event.assoc_info.resp_ies_len = nla_len(resp_ie);
748 event.assoc_info.freq = nl80211_get_assoc_freq(drv);
750 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
754 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv,
755 enum nl80211_commands cmd, struct nlattr *addr)
757 union wpa_event_data event;
758 enum wpa_event_type ev;
760 if (nla_len(addr) != ETH_ALEN)
763 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR,
764 cmd, MAC2STR((u8 *) nla_data(addr)));
766 if (cmd == NL80211_CMD_AUTHENTICATE)
767 ev = EVENT_AUTH_TIMED_OUT;
768 else if (cmd == NL80211_CMD_ASSOCIATE)
769 ev = EVENT_ASSOC_TIMED_OUT;
773 os_memset(&event, 0, sizeof(event));
774 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN);
775 wpa_supplicant_event(drv->ctx, ev, &event);
779 static void mlme_event_mgmt(struct wpa_driver_nl80211_data *drv,
780 struct nlattr *freq, const u8 *frame, size_t len)
782 const struct ieee80211_mgmt *mgmt;
783 union wpa_event_data event;
786 mgmt = (const struct ieee80211_mgmt *) frame;
788 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame");
792 fc = le_to_host16(mgmt->frame_control);
793 stype = WLAN_FC_GET_STYPE(fc);
795 os_memset(&event, 0, sizeof(event));
797 event.rx_action.freq = nla_get_u32(freq);
798 drv->last_mgmt_freq = event.rx_action.freq;
800 if (stype == WLAN_FC_STYPE_ACTION) {
801 event.rx_action.da = mgmt->da;
802 event.rx_action.sa = mgmt->sa;
803 event.rx_action.bssid = mgmt->bssid;
804 event.rx_action.category = mgmt->u.action.category;
805 event.rx_action.data = &mgmt->u.action.category + 1;
806 event.rx_action.len = frame + len - event.rx_action.data;
807 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event);
809 event.rx_mgmt.frame = frame;
810 event.rx_mgmt.frame_len = len;
811 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
816 static void mlme_event_action_tx_status(struct wpa_driver_nl80211_data *drv,
817 struct nlattr *cookie, const u8 *frame,
818 size_t len, struct nlattr *ack)
820 union wpa_event_data event;
821 const struct ieee80211_hdr *hdr;
828 cookie_val = nla_get_u64(cookie);
829 wpa_printf(MSG_DEBUG, "nl80211: Action TX status: cookie=0%llx%s "
831 (long long unsigned int) cookie_val,
832 cookie_val == drv->send_action_cookie ?
833 " (match)" : " (unknown)", ack != NULL);
834 if (cookie_val != drv->send_action_cookie)
837 hdr = (const struct ieee80211_hdr *) frame;
838 fc = le_to_host16(hdr->frame_control);
840 os_memset(&event, 0, sizeof(event));
841 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
842 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
843 event.tx_status.dst = hdr->addr1;
844 event.tx_status.data = frame;
845 event.tx_status.data_len = len;
846 event.tx_status.ack = ack != NULL;
847 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event);
851 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
852 enum wpa_event_type type,
853 const u8 *frame, size_t len)
855 const struct ieee80211_mgmt *mgmt;
856 union wpa_event_data event;
857 const u8 *bssid = NULL;
860 mgmt = (const struct ieee80211_mgmt *) frame;
864 if (drv->associated != 0 &&
865 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
866 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
868 * We have presumably received this deauth as a
869 * response to a clear_state_mismatch() outgoing
870 * deauth. Don't let it take us offline!
872 wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
873 "from Unknown BSSID " MACSTR " -- ignoring",
880 os_memset(&event, 0, sizeof(event));
882 /* Note: Same offset for Reason Code in both frame subtypes */
883 if (len >= 24 + sizeof(mgmt->u.deauth))
884 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
886 if (type == EVENT_DISASSOC) {
887 event.disassoc_info.addr = bssid;
888 event.disassoc_info.reason_code = reason_code;
889 if (frame + len > mgmt->u.disassoc.variable) {
890 event.disassoc_info.ie = mgmt->u.disassoc.variable;
891 event.disassoc_info.ie_len = frame + len -
892 mgmt->u.disassoc.variable;
895 event.deauth_info.addr = bssid;
896 event.deauth_info.reason_code = reason_code;
897 if (frame + len > mgmt->u.deauth.variable) {
898 event.deauth_info.ie = mgmt->u.deauth.variable;
899 event.deauth_info.ie_len = frame + len -
900 mgmt->u.deauth.variable;
904 wpa_supplicant_event(drv->ctx, type, &event);
908 static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv,
909 enum wpa_event_type type,
910 const u8 *frame, size_t len)
912 const struct ieee80211_mgmt *mgmt;
913 union wpa_event_data event;
919 mgmt = (const struct ieee80211_mgmt *) frame;
921 os_memset(&event, 0, sizeof(event));
922 /* Note: Same offset for Reason Code in both frame subtypes */
923 if (len >= 24 + sizeof(mgmt->u.deauth))
924 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
926 if (type == EVENT_UNPROT_DISASSOC) {
927 event.unprot_disassoc.sa = mgmt->sa;
928 event.unprot_disassoc.da = mgmt->da;
929 event.unprot_disassoc.reason_code = reason_code;
931 event.unprot_deauth.sa = mgmt->sa;
932 event.unprot_deauth.da = mgmt->da;
933 event.unprot_deauth.reason_code = reason_code;
936 wpa_supplicant_event(drv->ctx, type, &event);
940 static void mlme_event(struct wpa_driver_nl80211_data *drv,
941 enum nl80211_commands cmd, struct nlattr *frame,
942 struct nlattr *addr, struct nlattr *timed_out,
943 struct nlattr *freq, struct nlattr *ack,
944 struct nlattr *cookie)
946 if (timed_out && addr) {
947 mlme_timeout_event(drv, cmd, addr);
952 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame "
957 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd);
958 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
959 nla_data(frame), nla_len(frame));
962 case NL80211_CMD_AUTHENTICATE:
963 mlme_event_auth(drv, nla_data(frame), nla_len(frame));
965 case NL80211_CMD_ASSOCIATE:
966 mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
968 case NL80211_CMD_DEAUTHENTICATE:
969 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH,
970 nla_data(frame), nla_len(frame));
972 case NL80211_CMD_DISASSOCIATE:
973 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC,
974 nla_data(frame), nla_len(frame));
976 case NL80211_CMD_FRAME:
977 mlme_event_mgmt(drv, freq, nla_data(frame), nla_len(frame));
979 case NL80211_CMD_FRAME_TX_STATUS:
980 mlme_event_action_tx_status(drv, cookie, nla_data(frame),
981 nla_len(frame), ack);
983 case NL80211_CMD_UNPROT_DEAUTHENTICATE:
984 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH,
985 nla_data(frame), nla_len(frame));
987 case NL80211_CMD_UNPROT_DISASSOCIATE:
988 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC,
989 nla_data(frame), nla_len(frame));
997 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv,
1000 union wpa_event_data data;
1002 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
1003 os_memset(&data, 0, sizeof(data));
1004 if (tb[NL80211_ATTR_MAC]) {
1005 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
1006 nla_data(tb[NL80211_ATTR_MAC]),
1007 nla_len(tb[NL80211_ATTR_MAC]));
1008 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]);
1010 if (tb[NL80211_ATTR_KEY_SEQ]) {
1011 wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
1012 nla_data(tb[NL80211_ATTR_KEY_SEQ]),
1013 nla_len(tb[NL80211_ATTR_KEY_SEQ]));
1015 if (tb[NL80211_ATTR_KEY_TYPE]) {
1016 enum nl80211_key_type key_type =
1017 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
1018 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
1019 if (key_type == NL80211_KEYTYPE_PAIRWISE)
1020 data.michael_mic_failure.unicast = 1;
1022 data.michael_mic_failure.unicast = 1;
1024 if (tb[NL80211_ATTR_KEY_IDX]) {
1025 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
1026 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
1029 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
1033 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv,
1034 struct nlattr *tb[])
1036 if (tb[NL80211_ATTR_MAC] == NULL) {
1037 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined "
1041 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
1042 drv->associated = 1;
1043 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined",
1044 MAC2STR(drv->bssid));
1046 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
1050 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv,
1051 int cancel_event, struct nlattr *tb[])
1053 unsigned int freq, chan_type, duration;
1054 union wpa_event_data data;
1057 if (tb[NL80211_ATTR_WIPHY_FREQ])
1058 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
1062 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
1063 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1067 if (tb[NL80211_ATTR_DURATION])
1068 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]);
1072 if (tb[NL80211_ATTR_COOKIE])
1073 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
1077 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d "
1078 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))",
1079 cancel_event, freq, chan_type, duration,
1080 (long long unsigned int) cookie,
1081 cookie == drv->remain_on_chan_cookie ? "match" : "unknown");
1083 if (cookie != drv->remain_on_chan_cookie)
1084 return; /* not for us */
1086 drv->pending_remain_on_chan = !cancel_event;
1088 os_memset(&data, 0, sizeof(data));
1089 data.remain_on_channel.freq = freq;
1090 data.remain_on_channel.duration = duration;
1091 wpa_supplicant_event(drv->ctx, cancel_event ?
1092 EVENT_CANCEL_REMAIN_ON_CHANNEL :
1093 EVENT_REMAIN_ON_CHANNEL, &data);
1097 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
1098 struct nlattr *tb[])
1100 union wpa_event_data event;
1103 struct scan_info *info;
1104 #define MAX_REPORT_FREQS 50
1105 int freqs[MAX_REPORT_FREQS];
1108 os_memset(&event, 0, sizeof(event));
1109 info = &event.scan_info;
1110 info->aborted = aborted;
1112 if (tb[NL80211_ATTR_SCAN_SSIDS]) {
1113 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
1114 struct wpa_driver_scan_ssid *s =
1115 &info->ssids[info->num_ssids];
1116 s->ssid = nla_data(nl);
1117 s->ssid_len = nla_len(nl);
1119 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
1123 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
1124 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem)
1126 freqs[num_freqs] = nla_get_u32(nl);
1128 if (num_freqs == MAX_REPORT_FREQS - 1)
1131 info->freqs = freqs;
1132 info->num_freqs = num_freqs;
1134 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
1138 static int get_link_signal(struct nl_msg *msg, void *arg)
1140 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1141 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1142 struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
1143 static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
1144 [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
1146 struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1];
1147 static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
1148 [NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
1149 [NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
1150 [NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG },
1151 [NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
1153 struct wpa_signal_info *sig_change = arg;
1155 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1156 genlmsg_attrlen(gnlh, 0), NULL);
1157 if (!tb[NL80211_ATTR_STA_INFO] ||
1158 nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
1159 tb[NL80211_ATTR_STA_INFO], policy))
1161 if (!sinfo[NL80211_STA_INFO_SIGNAL])
1164 sig_change->current_signal =
1165 (s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
1167 if (sinfo[NL80211_STA_INFO_TX_BITRATE]) {
1168 if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX,
1169 sinfo[NL80211_STA_INFO_TX_BITRATE],
1171 sig_change->current_txrate = 0;
1173 if (rinfo[NL80211_RATE_INFO_BITRATE]) {
1174 sig_change->current_txrate =
1176 NL80211_RATE_INFO_BITRATE]) * 100;
1185 static int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
1186 struct wpa_signal_info *sig)
1190 sig->current_signal = -9999;
1191 sig->current_txrate = 0;
1193 msg = nlmsg_alloc();
1197 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1198 0, NL80211_CMD_GET_STATION, 0);
1200 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1201 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
1203 return send_and_recv_msgs(drv, msg, get_link_signal, sig);
1209 static int get_link_noise(struct nl_msg *msg, void *arg)
1211 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1212 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1213 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1214 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1215 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1216 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1218 struct wpa_signal_info *sig_change = arg;
1220 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1221 genlmsg_attrlen(gnlh, 0), NULL);
1223 if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1224 wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
1228 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1229 tb[NL80211_ATTR_SURVEY_INFO],
1231 wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
1236 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1239 if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1240 sig_change->frequency)
1243 if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1246 sig_change->current_noise =
1247 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1253 static int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
1254 struct wpa_signal_info *sig_change)
1258 sig_change->current_noise = 9999;
1259 sig_change->frequency = drv->assoc_freq;
1261 msg = nlmsg_alloc();
1265 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1266 NLM_F_DUMP, NL80211_CMD_GET_SURVEY, 0);
1268 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1270 return send_and_recv_msgs(drv, msg, get_link_noise, sig_change);
1276 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv,
1277 struct nlattr *tb[])
1279 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
1280 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
1281 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 },
1282 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
1283 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 },
1285 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1];
1286 enum nl80211_cqm_rssi_threshold_event event;
1287 union wpa_event_data ed;
1288 struct wpa_signal_info sig;
1291 if (tb[NL80211_ATTR_CQM] == NULL ||
1292 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM],
1294 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event");
1298 os_memset(&ed, 0, sizeof(ed));
1300 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) {
1301 if (!tb[NL80211_ATTR_MAC])
1303 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]),
1305 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed);
1309 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL)
1311 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]);
1313 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) {
1314 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1315 "event: RSSI high");
1316 ed.signal_change.above_threshold = 1;
1317 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) {
1318 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
1320 ed.signal_change.above_threshold = 0;
1324 res = nl80211_get_link_signal(drv, &sig);
1326 ed.signal_change.current_signal = sig.current_signal;
1327 ed.signal_change.current_txrate = sig.current_txrate;
1328 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d",
1329 sig.current_signal, sig.current_txrate);
1332 res = nl80211_get_link_noise(drv, &sig);
1334 ed.signal_change.current_noise = sig.current_noise;
1335 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm",
1339 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed);
1343 static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv,
1347 union wpa_event_data data;
1349 if (tb[NL80211_ATTR_MAC] == NULL)
1351 addr = nla_data(tb[NL80211_ATTR_MAC]);
1352 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr));
1354 if (drv->nlmode == NL80211_IFTYPE_AP &&
1355 drv->no_monitor_iface_capab) {
1358 if (tb[NL80211_ATTR_IE]) {
1359 ies = nla_data(tb[NL80211_ATTR_IE]);
1360 ies_len = nla_len(tb[NL80211_ATTR_IE]);
1362 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len);
1363 drv_event_assoc(drv->ctx, addr, ies, ies_len, 0);
1367 if (drv->nlmode != NL80211_IFTYPE_ADHOC)
1370 os_memset(&data, 0, sizeof(data));
1371 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN);
1372 wpa_supplicant_event(drv->ctx, EVENT_IBSS_RSN_START, &data);
1376 static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv,
1380 union wpa_event_data data;
1382 if (tb[NL80211_ATTR_MAC] == NULL)
1384 addr = nla_data(tb[NL80211_ATTR_MAC]);
1385 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR,
1388 if (drv->nlmode == NL80211_IFTYPE_AP &&
1389 drv->no_monitor_iface_capab) {
1390 drv_event_disassoc(drv->ctx, addr);
1394 if (drv->nlmode != NL80211_IFTYPE_ADHOC)
1397 os_memset(&data, 0, sizeof(data));
1398 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN);
1399 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data);
1403 static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv,
1406 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA];
1407 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = {
1408 [NL80211_REKEY_DATA_KEK] = {
1409 .minlen = NL80211_KEK_LEN,
1410 .maxlen = NL80211_KEK_LEN,
1412 [NL80211_REKEY_DATA_KCK] = {
1413 .minlen = NL80211_KCK_LEN,
1414 .maxlen = NL80211_KCK_LEN,
1416 [NL80211_REKEY_DATA_REPLAY_CTR] = {
1417 .minlen = NL80211_REPLAY_CTR_LEN,
1418 .maxlen = NL80211_REPLAY_CTR_LEN,
1421 union wpa_event_data data;
1423 if (!tb[NL80211_ATTR_MAC])
1425 if (!tb[NL80211_ATTR_REKEY_DATA])
1427 if (nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA,
1428 tb[NL80211_ATTR_REKEY_DATA], rekey_policy))
1430 if (!rekey_info[NL80211_REKEY_DATA_REPLAY_CTR])
1433 os_memset(&data, 0, sizeof(data));
1434 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]);
1435 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR,
1436 MAC2STR(data.driver_gtk_rekey.bssid));
1437 data.driver_gtk_rekey.replay_ctr =
1438 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]);
1439 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter",
1440 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN);
1441 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data);
1445 static int process_event(struct nl_msg *msg, void *arg)
1447 struct wpa_driver_nl80211_data *drv = arg;
1448 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1449 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1450 union wpa_event_data data;
1452 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1453 genlmsg_attrlen(gnlh, 0), NULL);
1455 if (tb[NL80211_ATTR_IFINDEX]) {
1456 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1457 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) {
1458 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)"
1459 " for foreign interface (ifindex %d)",
1460 gnlh->cmd, ifindex);
1465 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED &&
1466 (gnlh->cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
1467 gnlh->cmd == NL80211_CMD_SCAN_ABORTED)) {
1468 wpa_driver_nl80211_set_mode(&drv->first_bss,
1469 drv->ap_scan_as_station);
1470 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
1473 switch (gnlh->cmd) {
1474 case NL80211_CMD_TRIGGER_SCAN:
1475 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger");
1477 case NL80211_CMD_NEW_SCAN_RESULTS:
1478 wpa_printf(MSG_DEBUG, "nl80211: New scan results available");
1479 drv->scan_complete_events = 1;
1480 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
1482 send_scan_event(drv, 0, tb);
1484 case NL80211_CMD_SCAN_ABORTED:
1485 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted");
1487 * Need to indicate that scan results are available in order
1488 * not to make wpa_supplicant stop its scanning.
1490 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
1492 send_scan_event(drv, 1, tb);
1494 case NL80211_CMD_AUTHENTICATE:
1495 case NL80211_CMD_ASSOCIATE:
1496 case NL80211_CMD_DEAUTHENTICATE:
1497 case NL80211_CMD_DISASSOCIATE:
1498 case NL80211_CMD_FRAME:
1499 case NL80211_CMD_FRAME_TX_STATUS:
1500 case NL80211_CMD_UNPROT_DEAUTHENTICATE:
1501 case NL80211_CMD_UNPROT_DISASSOCIATE:
1502 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME],
1503 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
1504 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
1505 tb[NL80211_ATTR_COOKIE]);
1507 case NL80211_CMD_CONNECT:
1508 case NL80211_CMD_ROAM:
1509 mlme_event_connect(drv, gnlh->cmd,
1510 tb[NL80211_ATTR_STATUS_CODE],
1511 tb[NL80211_ATTR_MAC],
1512 tb[NL80211_ATTR_REQ_IE],
1513 tb[NL80211_ATTR_RESP_IE]);
1515 case NL80211_CMD_DISCONNECT:
1516 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1518 * Avoid reporting two disassociation events that could
1519 * confuse the core code.
1521 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1522 "event when using userspace SME");
1525 drv->associated = 0;
1526 os_memset(&data, 0, sizeof(data));
1527 if (tb[NL80211_ATTR_REASON_CODE])
1528 data.disassoc_info.reason_code =
1529 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]);
1530 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data);
1532 case NL80211_CMD_MICHAEL_MIC_FAILURE:
1533 mlme_event_michael_mic_failure(drv, tb);
1535 case NL80211_CMD_JOIN_IBSS:
1536 mlme_event_join_ibss(drv, tb);
1538 case NL80211_CMD_REMAIN_ON_CHANNEL:
1539 mlme_event_remain_on_channel(drv, 0, tb);
1541 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL:
1542 mlme_event_remain_on_channel(drv, 1, tb);
1544 case NL80211_CMD_NOTIFY_CQM:
1545 nl80211_cqm_event(drv, tb);
1547 case NL80211_CMD_REG_CHANGE:
1548 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change");
1549 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
1552 case NL80211_CMD_REG_BEACON_HINT:
1553 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint");
1554 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED,
1557 case NL80211_CMD_NEW_STATION:
1558 nl80211_new_station_event(drv, tb);
1560 case NL80211_CMD_DEL_STATION:
1561 nl80211_del_station_event(drv, tb);
1563 case NL80211_CMD_SET_REKEY_OFFLOAD:
1564 nl80211_rekey_offload_event(drv, tb);
1567 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
1568 "(cmd=%d)", gnlh->cmd);
1576 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
1580 struct wpa_driver_nl80211_data *drv = eloop_ctx;
1582 wpa_printf(MSG_DEBUG, "nl80211: Event message available");
1584 cb = nl_cb_clone(drv->nl_cb);
1587 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
1588 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv);
1589 nl_recvmsgs(handle, cb);
1595 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
1596 * @priv: driver_nl80211 private data
1597 * @alpha2_arg: country to which to switch to
1598 * Returns: 0 on success, -1 on failure
1600 * This asks nl80211 to set the regulatory domain for given
1601 * country ISO / IEC alpha2.
1603 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
1605 struct i802_bss *bss = priv;
1606 struct wpa_driver_nl80211_data *drv = bss->drv;
1610 msg = nlmsg_alloc();
1614 alpha2[0] = alpha2_arg[0];
1615 alpha2[1] = alpha2_arg[1];
1618 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1619 0, NL80211_CMD_REQ_SET_REG, 0);
1621 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
1622 if (send_and_recv_msgs(drv, msg, NULL, NULL))
1630 struct wiphy_info_data {
1635 int connect_supported;
1636 int offchan_tx_supported;
1637 int max_remain_on_chan;
1641 static int wiphy_info_handler(struct nl_msg *msg, void *arg)
1643 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1644 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1645 struct wiphy_info_data *info = arg;
1646 int p2p_go_supported = 0, p2p_client_supported = 0;
1648 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1649 genlmsg_attrlen(gnlh, 0), NULL);
1651 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
1652 info->max_scan_ssids =
1653 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
1655 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) {
1656 struct nlattr *nl_mode;
1658 nla_for_each_nested(nl_mode,
1659 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) {
1660 switch (nla_type(nl_mode)) {
1661 case NL80211_IFTYPE_AP:
1662 info->ap_supported = 1;
1664 case NL80211_IFTYPE_P2P_GO:
1665 p2p_go_supported = 1;
1667 case NL80211_IFTYPE_P2P_CLIENT:
1668 p2p_client_supported = 1;
1674 info->p2p_supported = p2p_go_supported && p2p_client_supported;
1676 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) {
1677 struct nlattr *nl_cmd;
1680 nla_for_each_nested(nl_cmd,
1681 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) {
1682 u32 cmd = nla_get_u32(nl_cmd);
1683 if (cmd == NL80211_CMD_AUTHENTICATE)
1684 info->auth_supported = 1;
1685 else if (cmd == NL80211_CMD_CONNECT)
1686 info->connect_supported = 1;
1690 if (tb[NL80211_ATTR_OFFCHANNEL_TX_OK])
1691 info->offchan_tx_supported = 1;
1693 if (tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION])
1694 info->max_remain_on_chan =
1695 nla_get_u32(tb[NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION]);
1701 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
1702 struct wiphy_info_data *info)
1706 os_memset(info, 0, sizeof(*info));
1708 /* default to 5000 since early versions of mac80211 don't set it */
1709 info->max_remain_on_chan = 5000;
1711 msg = nlmsg_alloc();
1715 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1716 0, NL80211_CMD_GET_WIPHY, 0);
1718 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex);
1720 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0)
1729 static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
1731 struct wiphy_info_data info;
1732 if (wpa_driver_nl80211_get_info(drv, &info))
1734 drv->has_capability = 1;
1735 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
1736 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1737 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
1738 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1739 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1740 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
1741 WPA_DRIVER_CAPA_ENC_WEP104 |
1742 WPA_DRIVER_CAPA_ENC_TKIP |
1743 WPA_DRIVER_CAPA_ENC_CCMP;
1744 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1745 WPA_DRIVER_AUTH_SHARED |
1746 WPA_DRIVER_AUTH_LEAP;
1748 drv->capa.max_scan_ssids = info.max_scan_ssids;
1749 if (info.ap_supported)
1750 drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
1752 if (info.auth_supported)
1753 drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
1754 else if (!info.connect_supported) {
1755 wpa_printf(MSG_INFO, "nl80211: Driver does not support "
1756 "authentication/association or connect commands");
1760 if (info.offchan_tx_supported) {
1761 wpa_printf(MSG_DEBUG, "nl80211: Using driver-based "
1763 drv->capa.flags |= WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
1766 drv->capa.flags |= WPA_DRIVER_FLAGS_SANE_ERROR_CODES;
1767 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE;
1768 if (info.p2p_supported)
1769 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CAPABLE;
1770 drv->capa.flags |= WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
1771 drv->capa.max_remain_on_chan = info.max_remain_on_chan;
1777 static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv)
1781 /* Initialize generic netlink and nl80211 */
1783 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1784 if (drv->nl_cb == NULL) {
1785 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1790 drv->nl_handle = nl80211_handle_alloc(drv->nl_cb);
1791 if (drv->nl_handle == NULL) {
1792 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1797 drv->nl_handle_event = nl80211_handle_alloc(drv->nl_cb);
1798 if (drv->nl_handle_event == NULL) {
1799 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1800 "callbacks (event)");
1804 if (genl_connect(drv->nl_handle)) {
1805 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1810 if (genl_connect(drv->nl_handle_event)) {
1811 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1816 #ifdef CONFIG_LIBNL20
1817 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) {
1818 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1822 if (genl_ctrl_alloc_cache(drv->nl_handle_event, &drv->nl_cache_event) <
1824 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1825 "netlink cache (event)");
1828 #else /* CONFIG_LIBNL20 */
1829 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
1830 if (drv->nl_cache == NULL) {
1831 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1835 drv->nl_cache_event = genl_ctrl_alloc_cache(drv->nl_handle_event);
1836 if (drv->nl_cache_event == NULL) {
1837 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1838 "netlink cache (event)");
1841 #endif /* CONFIG_LIBNL20 */
1843 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
1844 if (drv->nl80211 == NULL) {
1845 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
1850 ret = nl_get_multicast_id(drv, "nl80211", "scan");
1852 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1854 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1855 "membership for scan events: %d (%s)",
1856 ret, strerror(-ret));
1860 ret = nl_get_multicast_id(drv, "nl80211", "mlme");
1862 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1864 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1865 "membership for mlme events: %d (%s)",
1866 ret, strerror(-ret));
1870 ret = nl_get_multicast_id(drv, "nl80211", "regulatory");
1872 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1874 wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
1875 "membership for regulatory events: %d (%s)",
1876 ret, strerror(-ret));
1877 /* Continue without regulatory events */
1880 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_event),
1881 wpa_driver_nl80211_event_receive, drv,
1882 drv->nl_handle_event);
1887 nl_cache_free(drv->nl_cache_event);
1889 nl_cache_free(drv->nl_cache);
1891 nl80211_handle_destroy(drv->nl_handle_event);
1893 nl80211_handle_destroy(drv->nl_handle);
1895 nl_cb_put(drv->nl_cb);
1901 static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
1903 wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
1905 * This may be for any interface; use ifdown event to disable
1911 static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
1913 struct wpa_driver_nl80211_data *drv = ctx;
1914 wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
1915 if (linux_set_iface_flags(drv->ioctl_sock, drv->first_bss.ifname, 1)) {
1916 wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
1917 "after rfkill unblock");
1920 /* rtnetlink ifup handler will report interface as enabled */
1924 static void nl80211_get_phy_name(struct wpa_driver_nl80211_data *drv)
1926 /* Find phy (radio) to which this interface belongs */
1930 drv->phyname[0] = '\0';
1931 snprintf(buf, sizeof(buf) - 1, "/sys/class/net/%s/phy80211/name",
1932 drv->first_bss.ifname);
1933 f = open(buf, O_RDONLY);
1935 wpa_printf(MSG_DEBUG, "Could not open file %s: %s",
1936 buf, strerror(errno));
1940 rv = read(f, drv->phyname, sizeof(drv->phyname) - 1);
1943 wpa_printf(MSG_DEBUG, "Could not read file %s: %s",
1944 buf, strerror(errno));
1948 drv->phyname[rv] = '\0';
1949 pos = os_strchr(drv->phyname, '\n');
1952 wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s",
1953 drv->first_bss.ifname, drv->phyname);
1958 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
1959 * @ctx: context to be used when calling wpa_supplicant functions,
1960 * e.g., wpa_supplicant_event()
1961 * @ifname: interface name, e.g., wlan0
1962 * @global_priv: private driver global data from global_init()
1963 * Returns: Pointer to private data, %NULL on failure
1965 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
1968 struct wpa_driver_nl80211_data *drv;
1969 struct netlink_config *cfg;
1970 struct rfkill_config *rcfg;
1971 struct i802_bss *bss;
1973 drv = os_zalloc(sizeof(*drv));
1976 drv->global = global_priv;
1978 bss = &drv->first_bss;
1980 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
1981 drv->monitor_ifidx = -1;
1982 drv->monitor_sock = -1;
1983 drv->ioctl_sock = -1;
1984 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
1986 if (wpa_driver_nl80211_init_nl(drv)) {
1991 nl80211_get_phy_name(drv);
1993 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1994 if (drv->ioctl_sock < 0) {
1995 perror("socket(PF_INET,SOCK_DGRAM)");
1999 cfg = os_zalloc(sizeof(*cfg));
2003 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
2004 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
2005 drv->netlink = netlink_init(cfg);
2006 if (drv->netlink == NULL) {
2011 rcfg = os_zalloc(sizeof(*rcfg));
2015 os_strlcpy(rcfg->ifname, ifname, sizeof(rcfg->ifname));
2016 rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
2017 rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
2018 drv->rfkill = rfkill_init(rcfg);
2019 if (drv->rfkill == NULL) {
2020 wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
2024 if (wpa_driver_nl80211_finish_drv_init(drv))
2028 dl_list_add(&drv->global->interfaces, &drv->list);
2033 rfkill_deinit(drv->rfkill);
2034 netlink_deinit(drv->netlink);
2035 if (drv->ioctl_sock >= 0)
2036 close(drv->ioctl_sock);
2038 genl_family_put(drv->nl80211);
2039 nl_cache_free(drv->nl_cache);
2040 nl80211_handle_destroy(drv->nl_handle);
2041 nl_cb_put(drv->nl_cb);
2042 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event));
2049 static int nl80211_register_frame(struct wpa_driver_nl80211_data *drv,
2050 struct nl_handle *nl_handle,
2051 u16 type, const u8 *match, size_t match_len)
2056 msg = nlmsg_alloc();
2060 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2061 NL80211_CMD_REGISTER_ACTION, 0);
2063 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2064 NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE, type);
2065 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match);
2067 ret = send_and_recv(drv, nl_handle, msg, NULL, NULL);
2070 wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
2071 "failed (type=%u): ret=%d (%s)",
2072 type, ret, strerror(-ret));
2073 wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
2075 goto nla_put_failure;
2084 static int nl80211_register_action_frame(struct wpa_driver_nl80211_data *drv,
2085 const u8 *match, size_t match_len)
2087 u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
2088 return nl80211_register_frame(drv, drv->nl_handle_event,
2089 type, match, match_len);
2093 static int nl80211_register_action_frames(struct wpa_driver_nl80211_data *drv)
2096 /* GAS Initial Request */
2097 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0a", 2) < 0)
2099 /* GAS Initial Response */
2100 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0b", 2) < 0)
2102 /* GAS Comeback Request */
2103 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0c", 2) < 0)
2105 /* GAS Comeback Response */
2106 if (nl80211_register_action_frame(drv, (u8 *) "\x04\x0d", 2) < 0)
2108 /* P2P Public Action */
2109 if (nl80211_register_action_frame(drv,
2110 (u8 *) "\x04\x09\x50\x6f\x9a\x09",
2114 if (nl80211_register_action_frame(drv,
2115 (u8 *) "\x7f\x50\x6f\x9a\x09",
2118 #endif /* CONFIG_P2P */
2119 #ifdef CONFIG_IEEE80211W
2120 /* SA Query Response */
2121 if (nl80211_register_action_frame(drv, (u8 *) "\x08\x01", 2) < 0)
2123 #endif /* CONFIG_IEEE80211W */
2125 /* FT Action frames */
2126 if (nl80211_register_action_frame(drv, (u8 *) "\x06", 1) < 0)
2129 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
2130 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
2136 static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
2138 wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
2143 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
2145 struct i802_bss *bss = &drv->first_bss;
2146 int send_rfkill_event = 0;
2148 drv->ifindex = if_nametoindex(bss->ifname);
2149 drv->first_bss.ifindex = drv->ifindex;
2153 * Make sure the interface starts up in station mode unless this is a
2154 * dynamically added interface (e.g., P2P) that was already configured
2155 * with proper iftype.
2157 if ((drv->global == NULL ||
2158 drv->ifindex != drv->global->if_add_ifindex) &&
2159 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION) < 0) {
2160 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to "
2161 "use managed mode");
2164 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) {
2165 if (rfkill_is_blocked(drv->rfkill)) {
2166 wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
2167 "interface '%s' due to rfkill",
2169 drv->if_disabled = 1;
2170 send_rfkill_event = 1;
2172 wpa_printf(MSG_ERROR, "nl80211: Could not set "
2173 "interface '%s' UP", bss->ifname);
2178 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
2179 1, IF_OPER_DORMANT);
2180 #endif /* HOSTAPD */
2182 if (wpa_driver_nl80211_capa(drv))
2185 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, drv->addr))
2188 if (nl80211_register_action_frames(drv) < 0) {
2189 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
2190 "frame processing - ignore for now");
2192 * Older kernel versions did not support this, so ignore the
2193 * error for now. Some functionality may not be available
2198 if (send_rfkill_event) {
2199 eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
2207 static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
2211 msg = nlmsg_alloc();
2215 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2216 0, NL80211_CMD_DEL_BEACON, 0);
2217 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2219 return send_and_recv_msgs(drv, msg, NULL, NULL);
2226 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
2227 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init()
2229 * Shut down driver interface and processing of driver events. Free
2230 * private data buffer if one was allocated in wpa_driver_nl80211_init().
2232 static void wpa_driver_nl80211_deinit(void *priv)
2234 struct i802_bss *bss = priv;
2235 struct wpa_driver_nl80211_data *drv = bss->drv;
2237 if (drv->nl_handle_preq)
2238 wpa_driver_nl80211_probe_req_report(bss, 0);
2239 if (bss->added_if_into_bridge) {
2240 if (linux_br_del_if(drv->ioctl_sock, bss->brname, bss->ifname)
2242 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
2243 "interface %s from bridge %s: %s",
2244 bss->ifname, bss->brname, strerror(errno));
2246 if (bss->added_bridge) {
2247 if (linux_br_del(drv->ioctl_sock, bss->brname) < 0)
2248 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
2250 bss->brname, strerror(errno));
2253 nl80211_remove_monitor_interface(drv);
2255 if (is_ap_interface(drv->nlmode))
2256 wpa_driver_nl80211_del_beacon(drv);
2259 if (drv->last_freq_ht) {
2260 /* Clear HT flags from the driver */
2261 struct hostapd_freq_params freq;
2262 os_memset(&freq, 0, sizeof(freq));
2263 freq.freq = drv->last_freq;
2264 i802_set_freq(priv, &freq);
2267 if (drv->eapol_sock >= 0) {
2268 eloop_unregister_read_sock(drv->eapol_sock);
2269 close(drv->eapol_sock);
2272 if (drv->if_indices != drv->default_if_indices)
2273 os_free(drv->if_indices);
2274 #endif /* HOSTAPD */
2276 if (drv->disable_11b_rates)
2277 nl80211_disable_11b_rates(drv, drv->ifindex, 0);
2279 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP);
2280 netlink_deinit(drv->netlink);
2281 rfkill_deinit(drv->rfkill);
2283 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
2285 (void) linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0);
2286 wpa_driver_nl80211_set_mode(bss, NL80211_IFTYPE_STATION);
2288 if (drv->ioctl_sock >= 0)
2289 close(drv->ioctl_sock);
2291 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event));
2292 genl_family_put(drv->nl80211);
2293 nl_cache_free(drv->nl_cache);
2294 nl_cache_free(drv->nl_cache_event);
2295 nl80211_handle_destroy(drv->nl_handle);
2296 nl80211_handle_destroy(drv->nl_handle_event);
2297 nl_cb_put(drv->nl_cb);
2299 os_free(drv->filter_ssids);
2302 dl_list_del(&drv->list);
2309 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
2310 * @eloop_ctx: Driver private data
2311 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
2313 * This function can be used as registered timeout when starting a scan to
2314 * generate a scan completed event if the driver does not report this.
2316 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
2318 struct wpa_driver_nl80211_data *drv = eloop_ctx;
2319 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) {
2320 wpa_driver_nl80211_set_mode(&drv->first_bss,
2321 drv->ap_scan_as_station);
2322 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
2324 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
2325 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
2330 * wpa_driver_nl80211_scan - Request the driver to initiate scan
2331 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
2332 * @params: Scan parameters
2333 * Returns: 0 on success, -1 on failure
2335 static int wpa_driver_nl80211_scan(void *priv,
2336 struct wpa_driver_scan_params *params)
2338 struct i802_bss *bss = priv;
2339 struct wpa_driver_nl80211_data *drv = bss->drv;
2340 int ret = 0, timeout;
2341 struct nl_msg *msg, *ssids, *freqs;
2344 msg = nlmsg_alloc();
2345 ssids = nlmsg_alloc();
2346 freqs = nlmsg_alloc();
2347 if (!msg || !ssids || !freqs) {
2354 os_free(drv->filter_ssids);
2355 drv->filter_ssids = params->filter_ssids;
2356 params->filter_ssids = NULL;
2357 drv->num_filter_ssids = params->num_filter_ssids;
2359 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2360 NL80211_CMD_TRIGGER_SCAN, 0);
2362 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2364 for (i = 0; i < params->num_ssids; i++) {
2365 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID",
2366 params->ssids[i].ssid,
2367 params->ssids[i].ssid_len);
2368 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
2369 params->ssids[i].ssid);
2371 if (params->num_ssids)
2372 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
2374 if (params->extra_ies) {
2375 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan extra IEs",
2376 params->extra_ies, params->extra_ies_len);
2377 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
2381 if (params->freqs) {
2382 for (i = 0; params->freqs[i]; i++) {
2383 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
2384 "MHz", params->freqs[i]);
2385 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
2387 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
2390 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2393 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
2394 "(%s)", ret, strerror(-ret));
2396 if (is_ap_interface(drv->nlmode)) {
2398 * mac80211 does not allow scan requests in AP mode, so
2399 * try to do this in station mode.
2401 if (wpa_driver_nl80211_set_mode(
2402 bss, NL80211_IFTYPE_STATION))
2403 goto nla_put_failure;
2405 if (wpa_driver_nl80211_scan(drv, params)) {
2406 wpa_driver_nl80211_set_mode(bss, drv->nlmode);
2407 goto nla_put_failure;
2410 /* Restore AP mode when processing scan results */
2411 drv->ap_scan_as_station = drv->nlmode;
2414 goto nla_put_failure;
2416 goto nla_put_failure;
2417 #endif /* HOSTAPD */
2420 /* Not all drivers generate "scan completed" wireless event, so try to
2421 * read results after a timeout. */
2423 if (drv->scan_complete_events) {
2425 * The driver seems to deliver events to notify when scan is
2426 * complete, so use longer timeout to avoid race conditions
2427 * with scanning and following association request.
2431 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
2432 "seconds", ret, timeout);
2433 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
2434 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
2445 static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie)
2447 const u8 *end, *pos;
2453 end = ies + ies_len;
2455 while (pos + 1 < end) {
2456 if (pos + 2 + pos[1] > end)
2467 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
2468 const u8 *ie, size_t ie_len)
2473 if (drv->filter_ssids == NULL)
2476 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID);
2480 for (i = 0; i < drv->num_filter_ssids; i++) {
2481 if (ssid[1] == drv->filter_ssids[i].ssid_len &&
2482 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
2491 static int bss_info_handler(struct nl_msg *msg, void *arg)
2493 struct nlattr *tb[NL80211_ATTR_MAX + 1];
2494 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2495 struct nlattr *bss[NL80211_BSS_MAX + 1];
2496 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
2497 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
2498 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
2499 [NL80211_BSS_TSF] = { .type = NLA_U64 },
2500 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
2501 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
2502 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
2503 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
2504 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
2505 [NL80211_BSS_STATUS] = { .type = NLA_U32 },
2506 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
2507 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
2509 struct nl80211_bss_info_arg *_arg = arg;
2510 struct wpa_scan_results *res = _arg->res;
2511 struct wpa_scan_res **tmp;
2512 struct wpa_scan_res *r;
2513 const u8 *ie, *beacon_ie;
2514 size_t ie_len, beacon_ie_len;
2518 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2519 genlmsg_attrlen(gnlh, 0), NULL);
2520 if (!tb[NL80211_ATTR_BSS])
2522 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
2525 if (bss[NL80211_BSS_STATUS]) {
2526 enum nl80211_bss_status status;
2527 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
2528 if (status == NL80211_BSS_STATUS_ASSOCIATED &&
2529 bss[NL80211_BSS_FREQUENCY]) {
2531 nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
2532 wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz",
2538 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
2539 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
2540 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
2545 if (bss[NL80211_BSS_BEACON_IES]) {
2546 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
2547 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
2553 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie,
2554 ie ? ie_len : beacon_ie_len))
2557 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
2560 if (bss[NL80211_BSS_BSSID])
2561 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
2563 if (bss[NL80211_BSS_FREQUENCY])
2564 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
2565 if (bss[NL80211_BSS_BEACON_INTERVAL])
2566 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
2567 if (bss[NL80211_BSS_CAPABILITY])
2568 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
2569 r->flags |= WPA_SCAN_NOISE_INVALID;
2570 if (bss[NL80211_BSS_SIGNAL_MBM]) {
2571 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
2572 r->level /= 100; /* mBm to dBm */
2573 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
2574 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
2575 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
2576 r->flags |= WPA_SCAN_LEVEL_INVALID;
2578 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
2579 if (bss[NL80211_BSS_TSF])
2580 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
2581 if (bss[NL80211_BSS_SEEN_MS_AGO])
2582 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
2584 pos = (u8 *) (r + 1);
2586 os_memcpy(pos, ie, ie_len);
2589 r->beacon_ie_len = beacon_ie_len;
2591 os_memcpy(pos, beacon_ie, beacon_ie_len);
2593 if (bss[NL80211_BSS_STATUS]) {
2594 enum nl80211_bss_status status;
2595 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
2597 case NL80211_BSS_STATUS_AUTHENTICATED:
2598 r->flags |= WPA_SCAN_AUTHENTICATED;
2600 case NL80211_BSS_STATUS_ASSOCIATED:
2601 r->flags |= WPA_SCAN_ASSOCIATED;
2609 * cfg80211 maintains separate BSS table entries for APs if the same
2610 * BSSID,SSID pair is seen on multiple channels. wpa_supplicant does
2611 * not use frequency as a separate key in the BSS table, so filter out
2612 * duplicated entries. Prefer associated BSS entry in such a case in
2613 * order to get the correct frequency into the BSS table.
2615 for (i = 0; i < res->num; i++) {
2617 if (os_memcmp(res->res[i]->bssid, r->bssid, ETH_ALEN) != 0)
2620 s1 = nl80211_get_ie((u8 *) (res->res[i] + 1),
2621 res->res[i]->ie_len, WLAN_EID_SSID);
2622 s2 = nl80211_get_ie((u8 *) (r + 1), r->ie_len, WLAN_EID_SSID);
2623 if (s1 == NULL || s2 == NULL || s1[1] != s2[1] ||
2624 os_memcmp(s1, s2, 2 + s1[1]) != 0)
2627 /* Same BSSID,SSID was already included in scan results */
2628 wpa_printf(MSG_DEBUG, "nl80211: Remove duplicated scan result "
2629 "for " MACSTR, MAC2STR(r->bssid));
2631 if ((r->flags & WPA_SCAN_ASSOCIATED) &&
2632 !(res->res[i]->flags & WPA_SCAN_ASSOCIATED)) {
2633 os_free(res->res[i]);
2640 tmp = os_realloc(res->res,
2641 (res->num + 1) * sizeof(struct wpa_scan_res *));
2646 tmp[res->num++] = r;
2653 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
2656 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
2657 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
2658 "mismatch (" MACSTR ")", MAC2STR(addr));
2659 wpa_driver_nl80211_mlme(drv, addr,
2660 NL80211_CMD_DEAUTHENTICATE,
2661 WLAN_REASON_PREV_AUTH_NOT_VALID, 1);
2666 static void wpa_driver_nl80211_check_bss_status(
2667 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
2671 for (i = 0; i < res->num; i++) {
2672 struct wpa_scan_res *r = res->res[i];
2673 if (r->flags & WPA_SCAN_AUTHENTICATED) {
2674 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
2675 "indicates BSS status with " MACSTR
2676 " as authenticated",
2678 if (is_sta_interface(drv->nlmode) &&
2679 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 &&
2680 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) !=
2682 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID"
2683 " in local state (auth=" MACSTR
2684 " assoc=" MACSTR ")",
2685 MAC2STR(drv->auth_bssid),
2686 MAC2STR(drv->bssid));
2687 clear_state_mismatch(drv, r->bssid);
2691 if (r->flags & WPA_SCAN_ASSOCIATED) {
2692 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
2693 "indicate BSS status with " MACSTR
2696 if (is_sta_interface(drv->nlmode) &&
2698 wpa_printf(MSG_DEBUG, "nl80211: Local state "
2699 "(not associated) does not match "
2701 clear_state_mismatch(drv, r->bssid);
2702 } else if (is_sta_interface(drv->nlmode) &&
2703 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) !=
2705 wpa_printf(MSG_DEBUG, "nl80211: Local state "
2706 "(associated with " MACSTR ") does "
2707 "not match with BSS state",
2708 MAC2STR(drv->bssid));
2709 clear_state_mismatch(drv, r->bssid);
2710 clear_state_mismatch(drv, drv->bssid);
2717 static void wpa_scan_results_free(struct wpa_scan_results *res)
2724 for (i = 0; i < res->num; i++)
2725 os_free(res->res[i]);
2731 static struct wpa_scan_results *
2732 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv)
2735 struct wpa_scan_results *res;
2737 struct nl80211_bss_info_arg arg;
2739 res = os_zalloc(sizeof(*res));
2742 msg = nlmsg_alloc();
2744 goto nla_put_failure;
2746 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP,
2747 NL80211_CMD_GET_SCAN, 0);
2748 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2752 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
2755 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)",
2756 (unsigned long) res->num);
2759 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
2760 "(%s)", ret, strerror(-ret));
2763 wpa_scan_results_free(res);
2769 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
2770 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
2771 * Returns: Scan results on success, -1 on failure
2773 static struct wpa_scan_results *
2774 wpa_driver_nl80211_get_scan_results(void *priv)
2776 struct i802_bss *bss = priv;
2777 struct wpa_driver_nl80211_data *drv = bss->drv;
2778 struct wpa_scan_results *res;
2780 res = nl80211_get_scan_results(drv);
2782 wpa_driver_nl80211_check_bss_status(drv, res);
2787 static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv)
2789 struct wpa_scan_results *res;
2792 res = nl80211_get_scan_results(drv);
2794 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results");
2798 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump");
2799 for (i = 0; i < res->num; i++) {
2800 struct wpa_scan_res *r = res->res[i];
2801 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s",
2802 (int) i, (int) res->num, MAC2STR(r->bssid),
2803 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "",
2804 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : "");
2807 wpa_scan_results_free(res);
2811 static int wpa_driver_nl80211_set_key(const char *ifname, void *priv,
2812 enum wpa_alg alg, const u8 *addr,
2813 int key_idx, int set_tx,
2814 const u8 *seq, size_t seq_len,
2815 const u8 *key, size_t key_len)
2817 struct i802_bss *bss = priv;
2818 struct wpa_driver_nl80211_data *drv = bss->drv;
2819 int ifindex = if_nametoindex(ifname);
2823 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d "
2824 "set_tx=%d seq_len=%lu key_len=%lu",
2825 __func__, ifindex, alg, addr, key_idx, set_tx,
2826 (unsigned long) seq_len, (unsigned long) key_len);
2828 msg = nlmsg_alloc();
2832 if (alg == WPA_ALG_NONE) {
2833 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2834 0, NL80211_CMD_DEL_KEY, 0);
2836 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2837 0, NL80211_CMD_NEW_KEY, 0);
2838 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
2842 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2843 WLAN_CIPHER_SUITE_WEP40);
2845 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2846 WLAN_CIPHER_SUITE_WEP104);
2849 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2850 WLAN_CIPHER_SUITE_TKIP);
2853 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2854 WLAN_CIPHER_SUITE_CCMP);
2857 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2858 WLAN_CIPHER_SUITE_AES_CMAC);
2861 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
2862 "algorithm %d", __func__, alg);
2869 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
2871 if (addr && !is_broadcast_ether_addr(addr)) {
2872 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
2873 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
2875 if (alg != WPA_ALG_WEP && key_idx && !set_tx) {
2876 wpa_printf(MSG_DEBUG, " RSN IBSS RX GTK");
2877 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE,
2878 NL80211_KEYTYPE_GROUP);
2880 } else if (addr && is_broadcast_ether_addr(addr)) {
2881 struct nl_msg *types;
2883 wpa_printf(MSG_DEBUG, " broadcast key");
2884 types = nlmsg_alloc();
2886 goto nla_put_failure;
2887 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
2888 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
2892 goto nla_put_failure;
2894 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
2895 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
2897 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2898 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
2901 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
2902 ret, strerror(-ret));
2905 * If we failed or don't need to set the default TX key (below),
2908 if (ret || !set_tx || alg == WPA_ALG_NONE)
2910 if (is_ap_interface(drv->nlmode) && addr &&
2911 !is_broadcast_ether_addr(addr))
2914 msg = nlmsg_alloc();
2918 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2919 0, NL80211_CMD_SET_KEY, 0);
2920 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
2921 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
2922 if (alg == WPA_ALG_IGTK)
2923 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
2925 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
2926 if (addr && is_broadcast_ether_addr(addr)) {
2927 struct nl_msg *types;
2929 types = nlmsg_alloc();
2931 goto nla_put_failure;
2932 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_MULTICAST);
2933 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
2937 goto nla_put_failure;
2939 struct nl_msg *types;
2941 types = nlmsg_alloc();
2943 goto nla_put_failure;
2944 NLA_PUT_FLAG(types, NL80211_KEY_DEFAULT_TYPE_UNICAST);
2945 err = nla_put_nested(msg, NL80211_ATTR_KEY_DEFAULT_TYPES,
2949 goto nla_put_failure;
2952 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2956 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
2957 "err=%d %s)", ret, strerror(-ret));
2965 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
2966 int key_idx, int defkey,
2967 const u8 *seq, size_t seq_len,
2968 const u8 *key, size_t key_len)
2970 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
2974 if (defkey && alg == WPA_ALG_IGTK)
2975 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT);
2977 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
2979 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx);
2984 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2985 WLAN_CIPHER_SUITE_WEP40);
2987 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2988 WLAN_CIPHER_SUITE_WEP104);
2991 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP);
2994 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP);
2997 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2998 WLAN_CIPHER_SUITE_AES_CMAC);
3001 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
3002 "algorithm %d", __func__, alg);
3007 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq);
3009 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key);
3011 nla_nest_end(msg, key_attr);
3019 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
3023 struct nlattr *nl_keys, *nl_key;
3025 for (i = 0; i < 4; i++) {
3026 if (!params->wep_key[i])
3031 if (params->wps == WPS_MODE_PRIVACY)
3033 if (params->pairwise_suite &&
3034 params->pairwise_suite != WPA_CIPHER_NONE)
3040 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
3042 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
3044 goto nla_put_failure;
3046 for (i = 0; i < 4; i++) {
3047 if (!params->wep_key[i])
3050 nl_key = nla_nest_start(msg, i);
3052 goto nla_put_failure;
3054 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i],
3055 params->wep_key[i]);
3056 if (params->wep_key_len[i] == 5)
3057 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
3058 WLAN_CIPHER_SUITE_WEP40);
3060 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
3061 WLAN_CIPHER_SUITE_WEP104);
3063 NLA_PUT_U8(msg, NL80211_KEY_IDX, i);
3065 if (i == params->wep_tx_keyidx)
3066 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
3068 nla_nest_end(msg, nl_key);
3070 nla_nest_end(msg, nl_keys);
3079 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
3080 const u8 *addr, int cmd, u16 reason_code,
3081 int local_state_change)
3086 msg = nlmsg_alloc();
3090 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0);
3092 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3093 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
3094 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3095 if (local_state_change)
3096 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
3098 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3101 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
3102 "(%s)", ret, strerror(-ret));
3103 goto nla_put_failure;
3113 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
3114 const u8 *addr, int reason_code)
3116 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
3117 __func__, MAC2STR(addr), reason_code);
3118 drv->associated = 0;
3119 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT,
3124 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
3127 struct i802_bss *bss = priv;
3128 struct wpa_driver_nl80211_data *drv = bss->drv;
3129 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
3130 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
3131 wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
3132 __func__, MAC2STR(addr), reason_code);
3133 drv->associated = 0;
3134 if (drv->nlmode == NL80211_IFTYPE_ADHOC)
3135 return nl80211_leave_ibss(drv);
3136 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
3141 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
3144 struct i802_bss *bss = priv;
3145 struct wpa_driver_nl80211_data *drv = bss->drv;
3146 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
3147 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
3148 wpa_printf(MSG_DEBUG, "%s", __func__);
3149 drv->associated = 0;
3150 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE,
3155 static int wpa_driver_nl80211_authenticate(
3156 void *priv, struct wpa_driver_auth_params *params)
3158 struct i802_bss *bss = priv;
3159 struct wpa_driver_nl80211_data *drv = bss->drv;
3162 enum nl80211_auth_type type;
3163 enum nl80211_iftype nlmode;
3166 drv->associated = 0;
3167 os_memset(drv->auth_bssid, 0, ETH_ALEN);
3168 /* FIX: IBSS mode */
3169 nlmode = params->p2p ?
3170 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
3171 if (drv->nlmode != nlmode &&
3172 wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
3176 msg = nlmsg_alloc();
3180 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
3183 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3184 NL80211_CMD_AUTHENTICATE, 0);
3186 for (i = 0; i < 4; i++) {
3187 if (!params->wep_key[i])
3189 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP,
3191 i == params->wep_tx_keyidx, NULL, 0,
3193 params->wep_key_len[i]);
3194 if (params->wep_tx_keyidx != i)
3196 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
3197 params->wep_key[i], params->wep_key_len[i])) {
3203 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3204 if (params->bssid) {
3205 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
3206 MAC2STR(params->bssid));
3207 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
3210 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
3211 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
3214 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
3215 params->ssid, params->ssid_len);
3216 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
3219 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
3221 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
3222 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
3223 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
3224 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
3225 type = NL80211_AUTHTYPE_SHARED_KEY;
3226 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
3227 type = NL80211_AUTHTYPE_NETWORK_EAP;
3228 else if (params->auth_alg & WPA_AUTH_ALG_FT)
3229 type = NL80211_AUTHTYPE_FT;
3231 goto nla_put_failure;
3232 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
3233 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
3234 if (params->local_state_change) {
3235 wpa_printf(MSG_DEBUG, " * Local state change only");
3236 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
3239 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3242 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
3243 "(%s)", ret, strerror(-ret));
3245 if (ret == -EALREADY && count == 1 && params->bssid &&
3246 !params->local_state_change) {
3248 * mac80211 does not currently accept new
3249 * authentication if we are already authenticated. As a
3250 * workaround, force deauthentication and try again.
3252 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
3253 "after forced deauthentication");
3254 wpa_driver_nl80211_deauthenticate(
3256 WLAN_REASON_PREV_AUTH_NOT_VALID);
3260 goto nla_put_failure;
3263 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
3272 struct phy_info_arg {
3274 struct hostapd_hw_modes *modes;
3277 static int phy_info_handler(struct nl_msg *msg, void *arg)
3279 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
3280 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3281 struct phy_info_arg *phy_info = arg;
3283 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
3285 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
3286 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
3287 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
3288 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
3289 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
3290 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
3291 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
3292 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
3295 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
3296 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
3297 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
3298 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
3301 struct nlattr *nl_band;
3302 struct nlattr *nl_freq;
3303 struct nlattr *nl_rate;
3304 int rem_band, rem_freq, rem_rate;
3305 struct hostapd_hw_modes *mode;
3306 int idx, mode_is_set;
3308 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3309 genlmsg_attrlen(gnlh, 0), NULL);
3311 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
3314 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
3315 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
3318 phy_info->modes = mode;
3322 mode = &phy_info->modes[*(phy_info->num_modes)];
3323 memset(mode, 0, sizeof(*mode));
3324 *(phy_info->num_modes) += 1;
3326 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
3327 nla_len(nl_band), NULL);
3329 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) {
3330 mode->ht_capab = nla_get_u16(
3331 tb_band[NL80211_BAND_ATTR_HT_CAPA]);
3334 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) {
3335 mode->a_mpdu_params |= nla_get_u8(
3336 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) &
3340 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) {
3341 mode->a_mpdu_params |= nla_get_u8(
3342 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) <<
3346 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] &&
3347 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) {
3349 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]);
3350 os_memcpy(mode->mcs_set, mcs, 16);
3353 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
3354 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
3355 nla_len(nl_freq), freq_policy);
3356 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
3358 mode->num_channels++;
3361 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data));
3362 if (!mode->channels)
3367 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
3368 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
3369 nla_len(nl_freq), freq_policy);
3370 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
3373 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
3374 mode->channels[idx].flag = 0;
3377 /* crude heuristic */
3378 if (mode->channels[idx].freq < 4000)
3379 mode->mode = HOSTAPD_MODE_IEEE80211B;
3381 mode->mode = HOSTAPD_MODE_IEEE80211A;
3385 /* crude heuristic */
3386 if (mode->channels[idx].freq < 4000)
3387 if (mode->channels[idx].freq == 2484)
3388 mode->channels[idx].chan = 14;
3390 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
3392 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
3394 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
3395 mode->channels[idx].flag |=
3396 HOSTAPD_CHAN_DISABLED;
3397 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
3398 mode->channels[idx].flag |=
3399 HOSTAPD_CHAN_PASSIVE_SCAN;
3400 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
3401 mode->channels[idx].flag |=
3402 HOSTAPD_CHAN_NO_IBSS;
3403 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
3404 mode->channels[idx].flag |=
3407 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] &&
3408 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
3409 mode->channels[idx].max_tx_power =
3410 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100;
3415 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
3416 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
3417 nla_len(nl_rate), rate_policy);
3418 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
3423 mode->rates = os_zalloc(mode->num_rates * sizeof(int));
3429 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
3430 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
3431 nla_len(nl_rate), rate_policy);
3432 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
3434 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
3436 /* crude heuristic */
3437 if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
3438 mode->rates[idx] > 200)
3439 mode->mode = HOSTAPD_MODE_IEEE80211G;
3448 static struct hostapd_hw_modes *
3449 wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes)
3452 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
3453 int i, mode11g_idx = -1;
3455 /* If only 802.11g mode is included, use it to construct matching
3456 * 802.11b mode data. */
3458 for (m = 0; m < *num_modes; m++) {
3459 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
3460 return modes; /* 802.11b already included */
3461 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
3465 if (mode11g_idx < 0)
3466 return modes; /* 2.4 GHz band not supported at all */
3468 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes));
3470 return modes; /* Could not add 802.11b mode */
3472 mode = &nmodes[*num_modes];
3473 os_memset(mode, 0, sizeof(*mode));
3477 mode->mode = HOSTAPD_MODE_IEEE80211B;
3479 mode11g = &modes[mode11g_idx];
3480 mode->num_channels = mode11g->num_channels;
3481 mode->channels = os_malloc(mode11g->num_channels *
3482 sizeof(struct hostapd_channel_data));
3483 if (mode->channels == NULL) {
3485 return modes; /* Could not add 802.11b mode */
3487 os_memcpy(mode->channels, mode11g->channels,
3488 mode11g->num_channels * sizeof(struct hostapd_channel_data));
3490 mode->num_rates = 0;
3491 mode->rates = os_malloc(4 * sizeof(int));
3492 if (mode->rates == NULL) {
3493 os_free(mode->channels);
3495 return modes; /* Could not add 802.11b mode */
3498 for (i = 0; i < mode11g->num_rates; i++) {
3499 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 &&
3500 mode11g->rates[i] != 55 && mode11g->rates[i] != 110)
3502 mode->rates[mode->num_rates] = mode11g->rates[i];
3504 if (mode->num_rates == 4)
3508 if (mode->num_rates == 0) {
3509 os_free(mode->channels);
3510 os_free(mode->rates);
3512 return modes; /* No 802.11b rates */
3515 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
3522 static void nl80211_set_ht40_mode(struct hostapd_hw_modes *mode, int start,
3527 for (c = 0; c < mode->num_channels; c++) {
3528 struct hostapd_channel_data *chan = &mode->channels[c];
3529 if (chan->freq - 10 >= start && chan->freq + 10 <= end)
3530 chan->flag |= HOSTAPD_CHAN_HT40;
3535 static void nl80211_set_ht40_mode_sec(struct hostapd_hw_modes *mode, int start,
3540 for (c = 0; c < mode->num_channels; c++) {
3541 struct hostapd_channel_data *chan = &mode->channels[c];
3542 if (!(chan->flag & HOSTAPD_CHAN_HT40))
3544 if (chan->freq - 30 >= start && chan->freq - 10 <= end)
3545 chan->flag |= HOSTAPD_CHAN_HT40MINUS;
3546 if (chan->freq + 10 >= start && chan->freq + 30 <= end)
3547 chan->flag |= HOSTAPD_CHAN_HT40PLUS;
3552 static void nl80211_reg_rule_ht40(struct nlattr *tb[],
3553 struct phy_info_arg *results)
3555 u32 start, end, max_bw;
3558 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
3559 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
3560 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
3563 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
3564 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
3565 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
3567 wpa_printf(MSG_DEBUG, "nl80211: %u-%u @ %u MHz",
3568 start, end, max_bw);
3572 for (m = 0; m < *results->num_modes; m++) {
3573 if (!(results->modes[m].ht_capab &
3574 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
3576 nl80211_set_ht40_mode(&results->modes[m], start, end);
3581 static void nl80211_reg_rule_sec(struct nlattr *tb[],
3582 struct phy_info_arg *results)
3584 u32 start, end, max_bw;
3587 if (tb[NL80211_ATTR_FREQ_RANGE_START] == NULL ||
3588 tb[NL80211_ATTR_FREQ_RANGE_END] == NULL ||
3589 tb[NL80211_ATTR_FREQ_RANGE_MAX_BW] == NULL)
3592 start = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]) / 1000;
3593 end = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]) / 1000;
3594 max_bw = nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) / 1000;
3599 for (m = 0; m < *results->num_modes; m++) {
3600 if (!(results->modes[m].ht_capab &
3601 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
3603 nl80211_set_ht40_mode_sec(&results->modes[m], start, end);
3608 static int nl80211_get_reg(struct nl_msg *msg, void *arg)
3610 struct phy_info_arg *results = arg;
3611 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
3612 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3613 struct nlattr *nl_rule;
3614 struct nlattr *tb_rule[NL80211_FREQUENCY_ATTR_MAX + 1];
3616 static struct nla_policy reg_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
3617 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
3618 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
3619 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
3620 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
3621 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
3622 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
3625 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3626 genlmsg_attrlen(gnlh, 0), NULL);
3627 if (!tb_msg[NL80211_ATTR_REG_ALPHA2] ||
3628 !tb_msg[NL80211_ATTR_REG_RULES]) {
3629 wpa_printf(MSG_DEBUG, "nl80211: No regulatory information "
3634 wpa_printf(MSG_DEBUG, "nl80211: Regulatory information - country=%s",
3635 (char *) nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]));
3637 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
3639 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
3640 nla_data(nl_rule), nla_len(nl_rule), reg_policy);
3641 nl80211_reg_rule_ht40(tb_rule, results);
3644 nla_for_each_nested(nl_rule, tb_msg[NL80211_ATTR_REG_RULES], rem_rule)
3646 nla_parse(tb_rule, NL80211_FREQUENCY_ATTR_MAX,
3647 nla_data(nl_rule), nla_len(nl_rule), reg_policy);
3648 nl80211_reg_rule_sec(tb_rule, results);
3655 static int nl80211_set_ht40_flags(struct wpa_driver_nl80211_data *drv,
3656 struct phy_info_arg *results)
3660 msg = nlmsg_alloc();
3664 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3665 0, NL80211_CMD_GET_REG, 0);
3666 return send_and_recv_msgs(drv, msg, nl80211_get_reg, results);
3670 static struct hostapd_hw_modes *
3671 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
3673 struct i802_bss *bss = priv;
3674 struct wpa_driver_nl80211_data *drv = bss->drv;
3676 struct phy_info_arg result = {
3677 .num_modes = num_modes,
3684 msg = nlmsg_alloc();
3688 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3689 0, NL80211_CMD_GET_WIPHY, 0);
3691 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3693 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0) {
3694 nl80211_set_ht40_flags(drv, &result);
3695 return wpa_driver_nl80211_add_11b(result.modes, num_modes);
3702 static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv,
3703 const void *data, size_t len,
3707 0x00, 0x00, /* radiotap version */
3708 0x0e, 0x00, /* radiotap length */
3709 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
3710 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
3712 0x00, 0x00, /* RX and TX flags to indicate that */
3713 0x00, 0x00, /* this is the injected frame directly */
3715 struct iovec iov[2] = {
3717 .iov_base = &rtap_hdr,
3718 .iov_len = sizeof(rtap_hdr),
3721 .iov_base = (void *) data,
3725 struct msghdr msg = {
3730 .msg_control = NULL,
3731 .msg_controllen = 0,
3737 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
3739 if (drv->monitor_sock < 0) {
3740 wpa_printf(MSG_DEBUG, "nl80211: No monitor socket available "
3741 "for %s", __func__);
3745 res = sendmsg(drv->monitor_sock, &msg, 0);
3747 wpa_printf(MSG_INFO, "nl80211: sendmsg: %s", strerror(errno));
3754 static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data,
3757 struct i802_bss *bss = priv;
3758 struct wpa_driver_nl80211_data *drv = bss->drv;
3759 struct ieee80211_mgmt *mgmt;
3763 mgmt = (struct ieee80211_mgmt *) data;
3764 fc = le_to_host16(mgmt->frame_control);
3766 if (is_sta_interface(drv->nlmode) &&
3767 WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
3768 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
3770 * The use of last_mgmt_freq is a bit of a hack,
3771 * but it works due to the single-threaded nature
3772 * of wpa_supplicant.
3774 return nl80211_send_frame_cmd(drv, drv->last_mgmt_freq, 0,
3775 data, data_len, NULL);
3778 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
3779 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
3781 * Only one of the authentication frame types is encrypted.
3782 * In order for static WEP encryption to work properly (i.e.,
3783 * to not encrypt the frame), we need to tell mac80211 about
3784 * the frames that must not be encrypted.
3786 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
3787 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
3788 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
3792 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt);
3796 static int wpa_driver_nl80211_set_beacon(void *priv,
3797 const u8 *head, size_t head_len,
3798 const u8 *tail, size_t tail_len,
3799 int dtim_period, int beacon_int)
3801 struct i802_bss *bss = priv;
3802 struct wpa_driver_nl80211_data *drv = bss->drv;
3804 u8 cmd = NL80211_CMD_NEW_BEACON;
3807 int ifindex = if_nametoindex(bss->ifname);
3809 beacon_set = bss->beacon_set;
3811 msg = nlmsg_alloc();
3815 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
3818 cmd = NL80211_CMD_SET_BEACON;
3820 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3822 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
3823 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
3824 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
3825 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, beacon_int);
3826 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period);
3828 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3830 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
3831 ret, strerror(-ret));
3833 bss->beacon_set = 1;
3841 static int wpa_driver_nl80211_set_freq(struct wpa_driver_nl80211_data *drv,
3842 int freq, int ht_enabled,
3843 int sec_channel_offset)
3848 msg = nlmsg_alloc();
3852 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3853 NL80211_CMD_SET_WIPHY, 0);
3855 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3856 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
3858 switch (sec_channel_offset) {
3860 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3861 NL80211_CHAN_HT40MINUS);
3864 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3865 NL80211_CHAN_HT40PLUS);
3868 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3874 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3877 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
3878 "%d (%s)", freq, ret, strerror(-ret));
3884 static u32 sta_flags_nl80211(int flags)
3888 if (flags & WPA_STA_AUTHORIZED)
3889 f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
3890 if (flags & WPA_STA_WMM)
3891 f |= BIT(NL80211_STA_FLAG_WME);
3892 if (flags & WPA_STA_SHORT_PREAMBLE)
3893 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
3894 if (flags & WPA_STA_MFP)
3895 f |= BIT(NL80211_STA_FLAG_MFP);
3901 static int wpa_driver_nl80211_sta_add(void *priv,
3902 struct hostapd_sta_add_params *params)
3904 struct i802_bss *bss = priv;
3905 struct wpa_driver_nl80211_data *drv = bss->drv;
3907 struct nl80211_sta_flag_update upd;
3910 msg = nlmsg_alloc();
3914 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3915 0, NL80211_CMD_NEW_STATION, 0);
3917 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
3918 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
3919 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
3920 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
3921 params->supp_rates);
3922 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
3923 params->listen_interval);
3924 if (params->ht_capabilities) {
3925 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
3926 sizeof(*params->ht_capabilities),
3927 params->ht_capabilities);
3930 os_memset(&upd, 0, sizeof(upd));
3931 upd.mask = sta_flags_nl80211(params->flags);
3933 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
3935 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3937 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION "
3938 "result: %d (%s)", ret, strerror(-ret));
3946 static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr)
3948 struct i802_bss *bss = priv;
3949 struct wpa_driver_nl80211_data *drv = bss->drv;
3953 msg = nlmsg_alloc();
3957 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3958 0, NL80211_CMD_DEL_STATION, 0);
3960 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3961 if_nametoindex(bss->ifname));
3962 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3964 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3973 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
3978 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
3981 /* stop listening for EAPOL on this interface */
3982 del_ifidx(drv, ifidx);
3983 #endif /* HOSTAPD */
3985 msg = nlmsg_alloc();
3987 goto nla_put_failure;
3989 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3990 0, NL80211_CMD_DEL_INTERFACE, 0);
3991 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
3993 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
3996 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
4000 static const char * nl80211_iftype_str(enum nl80211_iftype mode)
4003 case NL80211_IFTYPE_ADHOC:
4005 case NL80211_IFTYPE_STATION:
4007 case NL80211_IFTYPE_AP:
4009 case NL80211_IFTYPE_MONITOR:
4011 case NL80211_IFTYPE_P2P_CLIENT:
4012 return "P2P_CLIENT";
4013 case NL80211_IFTYPE_P2P_GO:
4021 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
4023 enum nl80211_iftype iftype,
4024 const u8 *addr, int wds)
4026 struct nl_msg *msg, *flags = NULL;
4030 wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)",
4031 iftype, nl80211_iftype_str(iftype));
4033 msg = nlmsg_alloc();
4037 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4038 0, NL80211_CMD_NEW_INTERFACE, 0);
4039 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4040 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
4041 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
4043 if (iftype == NL80211_IFTYPE_MONITOR) {
4046 flags = nlmsg_alloc();
4048 goto nla_put_failure;
4050 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
4052 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
4057 goto nla_put_failure;
4059 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds);
4062 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4065 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
4066 ifname, ret, strerror(-ret));
4070 ifidx = if_nametoindex(ifname);
4071 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
4078 /* start listening for EAPOL on this interface */
4079 add_ifidx(drv, ifidx);
4080 #endif /* HOSTAPD */
4082 if (addr && iftype != NL80211_IFTYPE_MONITOR &&
4083 linux_set_ifhwaddr(drv->ioctl_sock, ifname, addr)) {
4084 nl80211_remove_iface(drv, ifidx);
4092 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
4093 const char *ifname, enum nl80211_iftype iftype,
4094 const u8 *addr, int wds)
4098 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds);
4100 /* if error occured and interface exists already */
4101 if (ret == -ENFILE && if_nametoindex(ifname)) {
4102 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
4104 /* Try to remove the interface that was already there. */
4105 nl80211_remove_iface(drv, if_nametoindex(ifname));
4107 /* Try to create the interface again */
4108 ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
4112 if (ret >= 0 && drv->disable_11b_rates)
4113 nl80211_disable_11b_rates(drv, ret, 1);
4119 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
4121 struct ieee80211_hdr *hdr;
4123 union wpa_event_data event;
4125 hdr = (struct ieee80211_hdr *) buf;
4126 fc = le_to_host16(hdr->frame_control);
4128 os_memset(&event, 0, sizeof(event));
4129 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
4130 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
4131 event.tx_status.dst = hdr->addr1;
4132 event.tx_status.data = buf;
4133 event.tx_status.data_len = len;
4134 event.tx_status.ack = ok;
4135 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event);
4139 static void from_unknown_sta(struct wpa_driver_nl80211_data *drv,
4140 u8 *buf, size_t len)
4142 union wpa_event_data event;
4143 os_memset(&event, 0, sizeof(event));
4144 event.rx_from_unknown.frame = buf;
4145 event.rx_from_unknown.len = len;
4146 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
4150 static void handle_frame(struct wpa_driver_nl80211_data *drv,
4151 u8 *buf, size_t len, int datarate, int ssi_signal)
4153 struct ieee80211_hdr *hdr;
4155 union wpa_event_data event;
4157 hdr = (struct ieee80211_hdr *) buf;
4158 fc = le_to_host16(hdr->frame_control);
4160 switch (WLAN_FC_GET_TYPE(fc)) {
4161 case WLAN_FC_TYPE_MGMT:
4162 os_memset(&event, 0, sizeof(event));
4163 event.rx_mgmt.frame = buf;
4164 event.rx_mgmt.frame_len = len;
4165 event.rx_mgmt.datarate = datarate;
4166 event.rx_mgmt.ssi_signal = ssi_signal;
4167 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
4169 case WLAN_FC_TYPE_CTRL:
4170 /* can only get here with PS-Poll frames */
4171 wpa_printf(MSG_DEBUG, "CTRL");
4172 from_unknown_sta(drv, buf, len);
4174 case WLAN_FC_TYPE_DATA:
4175 from_unknown_sta(drv, buf, len);
4181 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
4183 struct wpa_driver_nl80211_data *drv = eloop_ctx;
4185 unsigned char buf[3000];
4186 struct ieee80211_radiotap_iterator iter;
4188 int datarate = 0, ssi_signal = 0;
4189 int injected = 0, failed = 0, rxflags = 0;
4191 len = recv(sock, buf, sizeof(buf), 0);
4197 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
4198 printf("received invalid radiotap frame\n");
4203 ret = ieee80211_radiotap_iterator_next(&iter);
4207 printf("received invalid radiotap frame (%d)\n", ret);
4210 switch (iter.this_arg_index) {
4211 case IEEE80211_RADIOTAP_FLAGS:
4212 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
4215 case IEEE80211_RADIOTAP_RX_FLAGS:
4218 case IEEE80211_RADIOTAP_TX_FLAGS:
4220 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
4221 IEEE80211_RADIOTAP_F_TX_FAIL;
4223 case IEEE80211_RADIOTAP_DATA_RETRIES:
4225 case IEEE80211_RADIOTAP_CHANNEL:
4226 /* TODO: convert from freq/flags to channel number */
4228 case IEEE80211_RADIOTAP_RATE:
4229 datarate = *iter.this_arg * 5;
4231 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
4232 ssi_signal = *iter.this_arg;
4237 if (rxflags && injected)
4241 handle_frame(drv, buf + iter.max_length,
4242 len - iter.max_length, datarate, ssi_signal);
4244 handle_tx_callback(drv->ctx, buf + iter.max_length,
4245 len - iter.max_length, !failed);
4250 * we post-process the filter code later and rewrite
4251 * this to the offset to the last instruction
4256 static struct sock_filter msock_filter_insns[] = {
4258 * do a little-endian load of the radiotap length field
4260 /* load lower byte into A */
4261 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
4262 /* put it into X (== index register) */
4263 BPF_STMT(BPF_MISC| BPF_TAX, 0),
4264 /* load upper byte into A */
4265 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
4266 /* left-shift it by 8 */
4267 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
4269 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
4270 /* put result into X */
4271 BPF_STMT(BPF_MISC| BPF_TAX, 0),
4274 * Allow management frames through, this also gives us those
4275 * management frames that we sent ourselves with status
4277 /* load the lower byte of the IEEE 802.11 frame control field */
4278 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
4279 /* mask off frame type and version */
4280 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
4281 /* accept frame if it's both 0, fall through otherwise */
4282 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
4285 * TODO: add a bit to radiotap RX flags that indicates
4286 * that the sending station is not associated, then
4287 * add a filter here that filters on our DA and that flag
4288 * to allow us to deauth frames to that bad station.
4290 * For now allow all To DS data frames through.
4292 /* load the IEEE 802.11 frame control field */
4293 BPF_STMT(BPF_LD | BPF_H | BPF_IND, 0),
4294 /* mask off frame type, version and DS status */
4295 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0F03),
4296 /* accept frame if version 0, type 2 and To DS, fall through otherwise
4298 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0801, PASS, 0),
4302 * drop non-data frames
4304 /* load the lower byte of the frame control field */
4305 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
4306 /* mask off QoS bit */
4307 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
4308 /* drop non-data frames */
4309 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
4311 /* load the upper byte of the frame control field */
4312 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1),
4313 /* mask off toDS/fromDS */
4314 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
4315 /* accept WDS frames */
4316 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0),
4319 * add header length to index
4321 /* load the lower byte of the frame control field */
4322 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
4323 /* mask off QoS bit */
4324 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
4325 /* right shift it by 6 to give 0 or 2 */
4326 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
4327 /* add data frame header length */
4328 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
4329 /* add index, was start of 802.11 header */
4330 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
4331 /* move to index, now start of LL header */
4332 BPF_STMT(BPF_MISC | BPF_TAX, 0),
4335 * Accept empty data frames, we use those for
4338 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
4339 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
4342 * Accept EAPOL frames
4344 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
4345 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
4346 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
4347 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
4349 /* keep these last two statements or change the code below */
4350 /* return 0 == "DROP" */
4351 BPF_STMT(BPF_RET | BPF_K, 0),
4352 /* return ~0 == "keep all" */
4353 BPF_STMT(BPF_RET | BPF_K, ~0),
4356 static struct sock_fprog msock_filter = {
4357 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
4358 .filter = msock_filter_insns,
4362 static int add_monitor_filter(int s)
4366 /* rewrite all PASS/FAIL jump offsets */
4367 for (idx = 0; idx < msock_filter.len; idx++) {
4368 struct sock_filter *insn = &msock_filter_insns[idx];
4370 if (BPF_CLASS(insn->code) == BPF_JMP) {
4371 if (insn->code == (BPF_JMP|BPF_JA)) {
4372 if (insn->k == PASS)
4373 insn->k = msock_filter.len - idx - 2;
4374 else if (insn->k == FAIL)
4375 insn->k = msock_filter.len - idx - 3;
4378 if (insn->jt == PASS)
4379 insn->jt = msock_filter.len - idx - 2;
4380 else if (insn->jt == FAIL)
4381 insn->jt = msock_filter.len - idx - 3;
4383 if (insn->jf == PASS)
4384 insn->jf = msock_filter.len - idx - 2;
4385 else if (insn->jf == FAIL)
4386 insn->jf = msock_filter.len - idx - 3;
4390 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
4391 &msock_filter, sizeof(msock_filter))) {
4392 perror("SO_ATTACH_FILTER");
4400 static void nl80211_remove_monitor_interface(
4401 struct wpa_driver_nl80211_data *drv)
4403 if (drv->monitor_ifidx >= 0) {
4404 nl80211_remove_iface(drv, drv->monitor_ifidx);
4405 drv->monitor_ifidx = -1;
4407 if (drv->monitor_sock >= 0) {
4408 eloop_unregister_read_sock(drv->monitor_sock);
4409 close(drv->monitor_sock);
4410 drv->monitor_sock = -1;
4416 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
4419 struct sockaddr_ll ll;
4423 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname);
4424 buf[IFNAMSIZ - 1] = '\0';
4426 drv->monitor_ifidx =
4427 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL,
4430 if (drv->monitor_ifidx == -EOPNOTSUPP) {
4431 wpa_printf(MSG_DEBUG, "nl80211: Driver does not support "
4432 "monitor interface type - try to run without it");
4433 drv->no_monitor_iface_capab = 1;
4436 if (drv->monitor_ifidx < 0)
4439 if (linux_set_iface_flags(drv->ioctl_sock, buf, 1))
4442 memset(&ll, 0, sizeof(ll));
4443 ll.sll_family = AF_PACKET;
4444 ll.sll_ifindex = drv->monitor_ifidx;
4445 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
4446 if (drv->monitor_sock < 0) {
4447 perror("socket[PF_PACKET,SOCK_RAW]");
4451 if (add_monitor_filter(drv->monitor_sock)) {
4452 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
4453 "interface; do filtering in user space");
4454 /* This works, but will cost in performance. */
4457 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
4458 perror("monitor socket bind");
4462 optlen = sizeof(optval);
4465 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
4466 perror("Failed to set socket priority");
4470 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
4472 printf("Could not register monitor read socket\n");
4478 nl80211_remove_monitor_interface(drv);
4483 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
4485 static int wpa_driver_nl80211_hapd_send_eapol(
4486 void *priv, const u8 *addr, const u8 *data,
4487 size_t data_len, int encrypt, const u8 *own_addr, u32 flags)
4489 struct i802_bss *bss = priv;
4490 struct wpa_driver_nl80211_data *drv = bss->drv;
4491 struct ieee80211_hdr *hdr;
4495 int qos = flags & WPA_STA_WMM;
4497 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
4499 hdr = os_zalloc(len);
4501 printf("malloc() failed for i802_send_data(len=%lu)\n",
4502 (unsigned long) len);
4506 hdr->frame_control =
4507 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
4508 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
4510 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
4512 hdr->frame_control |=
4513 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
4516 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
4517 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
4518 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
4519 pos = (u8 *) (hdr + 1);
4522 /* add an empty QoS header if needed */
4528 memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
4529 pos += sizeof(rfc1042_header);
4530 WPA_PUT_BE16(pos, ETH_P_PAE);
4532 memcpy(pos, data, data_len);
4534 res = wpa_driver_nl80211_send_frame(drv, (u8 *) hdr, len, encrypt);
4536 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
4538 (unsigned long) len, errno, strerror(errno));
4546 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
4548 int flags_or, int flags_and)
4550 struct i802_bss *bss = priv;
4551 struct wpa_driver_nl80211_data *drv = bss->drv;
4552 struct nl_msg *msg, *flags = NULL;
4553 struct nl80211_sta_flag_update upd;
4555 msg = nlmsg_alloc();
4559 flags = nlmsg_alloc();
4565 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4566 0, NL80211_CMD_SET_STATION, 0);
4568 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
4569 if_nametoindex(bss->ifname));
4570 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4573 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
4574 * can be removed eventually.
4576 if (total_flags & WPA_STA_AUTHORIZED)
4577 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
4579 if (total_flags & WPA_STA_WMM)
4580 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
4582 if (total_flags & WPA_STA_SHORT_PREAMBLE)
4583 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
4585 if (total_flags & WPA_STA_MFP)
4586 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP);
4588 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
4589 goto nla_put_failure;
4591 os_memset(&upd, 0, sizeof(upd));
4592 upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
4593 upd.set = sta_flags_nl80211(flags_or);
4594 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
4598 return send_and_recv_msgs(drv, msg, NULL, NULL);
4605 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
4606 struct wpa_driver_associate_params *params)
4608 enum nl80211_iftype nlmode;
4611 wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P "
4613 nlmode = NL80211_IFTYPE_P2P_GO;
4615 nlmode = NL80211_IFTYPE_AP;
4617 if (wpa_driver_nl80211_set_mode(&drv->first_bss, nlmode) ||
4618 wpa_driver_nl80211_set_freq(drv, params->freq, 0, 0)) {
4619 nl80211_remove_monitor_interface(drv);
4623 /* TODO: setup monitor interface (and add code somewhere to remove this
4624 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */
4630 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv)
4635 msg = nlmsg_alloc();
4639 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4640 NL80211_CMD_LEAVE_IBSS, 0);
4641 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4642 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4645 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
4646 "(%s)", ret, strerror(-ret));
4647 goto nla_put_failure;
4651 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully");
4659 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
4660 struct wpa_driver_associate_params *params)
4666 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
4668 if (wpa_driver_nl80211_set_mode(&drv->first_bss,
4669 NL80211_IFTYPE_ADHOC)) {
4670 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
4676 msg = nlmsg_alloc();
4680 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4681 NL80211_CMD_JOIN_IBSS, 0);
4682 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4684 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
4685 goto nla_put_failure;
4687 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
4688 params->ssid, params->ssid_len);
4689 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
4691 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
4692 drv->ssid_len = params->ssid_len;
4694 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
4695 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
4697 ret = nl80211_set_conn_keys(params, msg);
4699 goto nla_put_failure;
4701 if (params->wpa_ie) {
4702 wpa_hexdump(MSG_DEBUG,
4703 " * Extra IEs for Beacon/Probe Response frames",
4704 params->wpa_ie, params->wpa_ie_len);
4705 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
4709 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4712 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
4713 ret, strerror(-ret));
4715 if (ret == -EALREADY && count == 1) {
4716 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
4718 nl80211_leave_ibss(drv);
4723 goto nla_put_failure;
4726 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully");
4734 static int wpa_driver_nl80211_connect(
4735 struct wpa_driver_nl80211_data *drv,
4736 struct wpa_driver_associate_params *params)
4739 enum nl80211_auth_type type;
4743 msg = nlmsg_alloc();
4747 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
4748 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4749 NL80211_CMD_CONNECT, 0);
4751 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4752 if (params->bssid) {
4753 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
4754 MAC2STR(params->bssid));
4755 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
4758 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
4759 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
4762 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
4763 params->ssid, params->ssid_len);
4764 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
4766 if (params->ssid_len > sizeof(drv->ssid))
4767 goto nla_put_failure;
4768 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
4769 drv->ssid_len = params->ssid_len;
4771 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
4773 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
4777 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
4779 if (params->auth_alg & WPA_AUTH_ALG_SHARED)
4781 if (params->auth_alg & WPA_AUTH_ALG_LEAP)
4784 wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic "
4786 goto skip_auth_type;
4789 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
4790 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
4791 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
4792 type = NL80211_AUTHTYPE_SHARED_KEY;
4793 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
4794 type = NL80211_AUTHTYPE_NETWORK_EAP;
4795 else if (params->auth_alg & WPA_AUTH_ALG_FT)
4796 type = NL80211_AUTHTYPE_FT;
4798 goto nla_put_failure;
4800 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
4801 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
4804 if (params->wpa_ie && params->wpa_ie_len &&
4805 params->key_mgmt_suite != KEY_MGMT_WPS) {
4806 enum nl80211_wpa_versions ver;
4808 if (params->wpa_ie[0] == WLAN_EID_RSN)
4809 ver = NL80211_WPA_VERSION_2;
4811 ver = NL80211_WPA_VERSION_1;
4813 wpa_printf(MSG_DEBUG, " * WPA Version %d", ver);
4814 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
4817 if (params->pairwise_suite != CIPHER_NONE) {
4820 switch (params->pairwise_suite) {
4822 cipher = WLAN_CIPHER_SUITE_WEP40;
4825 cipher = WLAN_CIPHER_SUITE_WEP104;
4828 cipher = WLAN_CIPHER_SUITE_CCMP;
4832 cipher = WLAN_CIPHER_SUITE_TKIP;
4835 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
4838 if (params->group_suite != CIPHER_NONE) {
4841 switch (params->group_suite) {
4843 cipher = WLAN_CIPHER_SUITE_WEP40;
4846 cipher = WLAN_CIPHER_SUITE_WEP104;
4849 cipher = WLAN_CIPHER_SUITE_CCMP;
4853 cipher = WLAN_CIPHER_SUITE_TKIP;
4856 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
4859 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
4860 params->key_mgmt_suite == KEY_MGMT_PSK) {
4861 int mgmt = WLAN_AKM_SUITE_PSK;
4863 switch (params->key_mgmt_suite) {
4864 case KEY_MGMT_802_1X:
4865 mgmt = WLAN_AKM_SUITE_8021X;
4869 mgmt = WLAN_AKM_SUITE_PSK;
4872 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt);
4875 ret = nl80211_set_conn_keys(params, msg);
4877 goto nla_put_failure;
4879 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4882 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
4883 "(%s)", ret, strerror(-ret));
4884 goto nla_put_failure;
4887 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully");
4896 static int wpa_driver_nl80211_associate(
4897 void *priv, struct wpa_driver_associate_params *params)
4899 struct i802_bss *bss = priv;
4900 struct wpa_driver_nl80211_data *drv = bss->drv;
4904 if (params->mode == IEEE80211_MODE_AP)
4905 return wpa_driver_nl80211_ap(drv, params);
4907 if (params->mode == IEEE80211_MODE_IBSS)
4908 return wpa_driver_nl80211_ibss(drv, params);
4910 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
4911 enum nl80211_iftype nlmode = params->p2p ?
4912 NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
4914 if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
4916 return wpa_driver_nl80211_connect(drv, params);
4919 drv->associated = 0;
4921 msg = nlmsg_alloc();
4925 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
4927 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4928 NL80211_CMD_ASSOCIATE, 0);
4930 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4931 if (params->bssid) {
4932 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
4933 MAC2STR(params->bssid));
4934 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
4937 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
4938 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
4939 drv->assoc_freq = params->freq;
4941 drv->assoc_freq = 0;
4943 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
4944 params->ssid, params->ssid_len);
4945 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
4947 if (params->ssid_len > sizeof(drv->ssid))
4948 goto nla_put_failure;
4949 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
4950 drv->ssid_len = params->ssid_len;
4952 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
4954 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
4957 if (params->pairwise_suite != CIPHER_NONE) {
4960 switch (params->pairwise_suite) {
4962 cipher = WLAN_CIPHER_SUITE_WEP40;
4965 cipher = WLAN_CIPHER_SUITE_WEP104;
4968 cipher = WLAN_CIPHER_SUITE_CCMP;
4972 cipher = WLAN_CIPHER_SUITE_TKIP;
4975 wpa_printf(MSG_DEBUG, " * pairwise=0x%x", cipher);
4976 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
4979 if (params->group_suite != CIPHER_NONE) {
4982 switch (params->group_suite) {
4984 cipher = WLAN_CIPHER_SUITE_WEP40;
4987 cipher = WLAN_CIPHER_SUITE_WEP104;
4990 cipher = WLAN_CIPHER_SUITE_CCMP;
4994 cipher = WLAN_CIPHER_SUITE_TKIP;
4997 wpa_printf(MSG_DEBUG, " * group=0x%x", cipher);
4998 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
5001 #ifdef CONFIG_IEEE80211W
5002 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED)
5003 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
5004 #endif /* CONFIG_IEEE80211W */
5006 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
5008 if (params->prev_bssid) {
5009 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR,
5010 MAC2STR(params->prev_bssid));
5011 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
5012 params->prev_bssid);
5016 wpa_printf(MSG_DEBUG, " * P2P group");
5018 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5021 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
5022 "(%s)", ret, strerror(-ret));
5023 nl80211_dump_scan(drv);
5024 goto nla_put_failure;
5027 wpa_printf(MSG_DEBUG, "nl80211: Association request send "
5036 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
5037 int ifindex, enum nl80211_iftype mode)
5042 wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)",
5043 ifindex, mode, nl80211_iftype_str(mode));
5045 msg = nlmsg_alloc();
5049 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5050 0, NL80211_CMD_SET_INTERFACE, 0);
5051 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
5052 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
5054 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5058 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
5059 " %d (%s)", ifindex, mode, ret, strerror(-ret));
5064 static int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
5065 enum nl80211_iftype nlmode)
5067 struct wpa_driver_nl80211_data *drv = bss->drv;
5071 if (nl80211_set_mode(drv, drv->ifindex, nlmode) == 0) {
5072 drv->nlmode = nlmode;
5077 if (nlmode == drv->nlmode) {
5078 wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
5079 "requested mode - ignore error");
5081 goto done; /* Already in the requested mode */
5084 /* mac80211 doesn't allow mode changes while the device is up, so
5085 * take the device down, try to set the mode again, and bring the
5088 wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting "
5090 for (i = 0; i < 10; i++) {
5091 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0) ==
5093 /* Try to set the mode again while the interface is
5095 ret = nl80211_set_mode(drv, drv->ifindex, nlmode);
5096 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname,
5102 wpa_printf(MSG_DEBUG, "nl80211: Failed to set "
5104 os_sleep(0, 100000);
5108 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
5109 "interface is down");
5110 drv->nlmode = nlmode;
5111 drv->ignore_if_down_event = 1;
5115 if (!ret && is_ap_interface(nlmode)) {
5116 /* Setup additional AP mode functionality if needed */
5117 if (!drv->no_monitor_iface_capab && drv->monitor_ifidx < 0 &&
5118 nl80211_create_monitor_interface(drv) &&
5119 !drv->no_monitor_iface_capab)
5121 } else if (!ret && !is_ap_interface(nlmode)) {
5122 /* Remove additional AP mode functionality */
5123 nl80211_remove_monitor_interface(drv);
5124 bss->beacon_set = 0;
5128 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
5129 "from %d failed", nlmode, drv->nlmode);
5135 static int wpa_driver_nl80211_get_capa(void *priv,
5136 struct wpa_driver_capa *capa)
5138 struct i802_bss *bss = priv;
5139 struct wpa_driver_nl80211_data *drv = bss->drv;
5140 if (!drv->has_capability)
5142 os_memcpy(capa, &drv->capa, sizeof(*capa));
5147 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
5149 struct i802_bss *bss = priv;
5150 struct wpa_driver_nl80211_data *drv = bss->drv;
5152 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
5153 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
5154 drv->operstate = state;
5155 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
5156 state ? IF_OPER_UP : IF_OPER_DORMANT);
5160 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
5162 struct i802_bss *bss = priv;
5163 struct wpa_driver_nl80211_data *drv = bss->drv;
5165 struct nl80211_sta_flag_update upd;
5167 msg = nlmsg_alloc();
5171 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5172 0, NL80211_CMD_SET_STATION, 0);
5174 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
5175 if_nametoindex(bss->ifname));
5176 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
5178 os_memset(&upd, 0, sizeof(upd));
5179 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
5181 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
5182 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
5184 return send_and_recv_msgs(drv, msg, NULL, NULL);
5190 /* Set kernel driver on given frequency (MHz) */
5191 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
5193 struct i802_bss *bss = priv;
5194 struct wpa_driver_nl80211_data *drv = bss->drv;
5195 return wpa_driver_nl80211_set_freq(drv, freq->freq, freq->ht_enabled,
5196 freq->sec_channel_offset);
5200 #if defined(HOSTAPD) || defined(CONFIG_AP)
5202 static inline int min_int(int a, int b)
5210 static int get_key_handler(struct nl_msg *msg, void *arg)
5212 struct nlattr *tb[NL80211_ATTR_MAX + 1];
5213 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
5215 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
5216 genlmsg_attrlen(gnlh, 0), NULL);
5219 * TODO: validate the key index and mac address!
5220 * Otherwise, there's a race condition as soon as
5221 * the kernel starts sending key notifications.
5224 if (tb[NL80211_ATTR_KEY_SEQ])
5225 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
5226 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
5231 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
5234 struct i802_bss *bss = priv;
5235 struct wpa_driver_nl80211_data *drv = bss->drv;
5238 msg = nlmsg_alloc();
5242 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5243 0, NL80211_CMD_GET_KEY, 0);
5246 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5247 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
5248 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
5252 return send_and_recv_msgs(drv, msg, get_key_handler, seq);
5258 static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates,
5261 struct i802_bss *bss = priv;
5262 struct wpa_driver_nl80211_data *drv = bss->drv;
5264 u8 rates[NL80211_MAX_SUPP_RATES];
5268 msg = nlmsg_alloc();
5272 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5273 NL80211_CMD_SET_BSS, 0);
5275 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++)
5276 rates[rates_len++] = basic_rates[i] / 5;
5278 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
5280 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
5282 return send_and_recv_msgs(drv, msg, NULL, NULL);
5288 static int i802_set_rts(void *priv, int rts)
5290 struct i802_bss *bss = priv;
5291 struct wpa_driver_nl80211_data *drv = bss->drv;
5296 msg = nlmsg_alloc();
5305 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5306 0, NL80211_CMD_SET_WIPHY, 0);
5307 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5308 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val);
5310 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5314 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
5315 "%d (%s)", rts, ret, strerror(-ret));
5320 static int i802_set_frag(void *priv, int frag)
5322 struct i802_bss *bss = priv;
5323 struct wpa_driver_nl80211_data *drv = bss->drv;
5328 msg = nlmsg_alloc();
5337 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5338 0, NL80211_CMD_SET_WIPHY, 0);
5339 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5340 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val);
5342 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5346 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
5347 "%d: %d (%s)", frag, ret, strerror(-ret));
5352 static int i802_flush(void *priv)
5354 struct i802_bss *bss = priv;
5355 struct wpa_driver_nl80211_data *drv = bss->drv;
5358 msg = nlmsg_alloc();
5362 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5363 0, NL80211_CMD_DEL_STATION, 0);
5366 * XXX: FIX! this needs to flush all VLANs too
5368 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
5369 if_nametoindex(bss->ifname));
5371 return send_and_recv_msgs(drv, msg, NULL, NULL);
5377 static int get_sta_handler(struct nl_msg *msg, void *arg)
5379 struct nlattr *tb[NL80211_ATTR_MAX + 1];
5380 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
5381 struct hostap_sta_driver_data *data = arg;
5382 struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
5383 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
5384 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
5385 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
5386 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
5387 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
5388 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
5391 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
5392 genlmsg_attrlen(gnlh, 0), NULL);
5395 * TODO: validate the interface and mac address!
5396 * Otherwise, there's a race condition as soon as
5397 * the kernel starts sending station notifications.
5400 if (!tb[NL80211_ATTR_STA_INFO]) {
5401 wpa_printf(MSG_DEBUG, "sta stats missing!");
5404 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
5405 tb[NL80211_ATTR_STA_INFO],
5407 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
5411 if (stats[NL80211_STA_INFO_INACTIVE_TIME])
5412 data->inactive_msec =
5413 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
5414 if (stats[NL80211_STA_INFO_RX_BYTES])
5415 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
5416 if (stats[NL80211_STA_INFO_TX_BYTES])
5417 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
5418 if (stats[NL80211_STA_INFO_RX_PACKETS])
5420 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
5421 if (stats[NL80211_STA_INFO_TX_PACKETS])
5423 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
5428 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
5431 struct i802_bss *bss = priv;
5432 struct wpa_driver_nl80211_data *drv = bss->drv;
5435 os_memset(data, 0, sizeof(*data));
5436 msg = nlmsg_alloc();
5440 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5441 0, NL80211_CMD_GET_STATION, 0);
5443 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5444 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
5446 return send_and_recv_msgs(drv, msg, get_sta_handler, data);
5452 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
5453 int cw_min, int cw_max, int burst_time)
5455 struct i802_bss *bss = priv;
5456 struct wpa_driver_nl80211_data *drv = bss->drv;
5458 struct nlattr *txq, *params;
5460 msg = nlmsg_alloc();
5464 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5465 0, NL80211_CMD_SET_WIPHY, 0);
5467 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
5469 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
5471 goto nla_put_failure;
5473 /* We are only sending parameters for a single TXQ at a time */
5474 params = nla_nest_start(msg, 1);
5476 goto nla_put_failure;
5480 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO);
5483 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI);
5486 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE);
5489 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK);
5492 /* Burst time is configured in units of 0.1 msec and TXOP parameter in
5493 * 32 usec, so need to convert the value here. */
5494 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
5495 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
5496 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
5497 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
5499 nla_nest_end(msg, params);
5501 nla_nest_end(msg, txq);
5503 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
5510 static int i802_set_bss(void *priv, int cts, int preamble, int slot,
5513 struct i802_bss *bss = priv;
5514 struct wpa_driver_nl80211_data *drv = bss->drv;
5517 msg = nlmsg_alloc();
5521 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5522 NL80211_CMD_SET_BSS, 0);
5525 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
5527 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
5529 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
5531 NLA_PUT_U16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode);
5532 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
5534 return send_and_recv_msgs(drv, msg, NULL, NULL);
5540 static int i802_set_cts_protect(void *priv, int value)
5542 return i802_set_bss(priv, value, -1, -1, -1);
5546 static int i802_set_preamble(void *priv, int value)
5548 return i802_set_bss(priv, -1, value, -1, -1);
5552 static int i802_set_short_slot_time(void *priv, int value)
5554 return i802_set_bss(priv, -1, -1, value, -1);
5558 static int i802_set_sta_vlan(void *priv, const u8 *addr,
5559 const char *ifname, int vlan_id)
5561 struct i802_bss *bss = priv;
5562 struct wpa_driver_nl80211_data *drv = bss->drv;
5566 msg = nlmsg_alloc();
5570 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5571 0, NL80211_CMD_SET_STATION, 0);
5573 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
5574 if_nametoindex(bss->ifname));
5575 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5576 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN,
5577 if_nametoindex(ifname));
5579 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5581 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
5582 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
5583 MAC2STR(addr), ifname, vlan_id, ret,
5591 static int i802_set_ht_params(void *priv, const u8 *ht_capab,
5592 size_t ht_capab_len, const u8 *ht_oper,
5595 if (ht_oper_len >= 6) {
5596 /* ht opmode uses 16bit in octet 5 & 6 */
5597 u16 ht_opmode = le_to_host16(((u16 *) ht_oper)[2]);
5598 return i802_set_bss(priv, -1, -1, -1, ht_opmode);
5604 static int i802_get_inact_sec(void *priv, const u8 *addr)
5606 struct hostap_sta_driver_data data;
5609 data.inactive_msec = (unsigned long) -1;
5610 ret = i802_read_sta_data(priv, &data, addr);
5611 if (ret || data.inactive_msec == (unsigned long) -1)
5613 return data.inactive_msec / 1000;
5617 static int i802_sta_clear_stats(void *priv, const u8 *addr)
5626 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
5629 struct i802_bss *bss = priv;
5630 struct ieee80211_mgmt mgmt;
5632 memset(&mgmt, 0, sizeof(mgmt));
5633 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
5634 WLAN_FC_STYPE_DEAUTH);
5635 memcpy(mgmt.da, addr, ETH_ALEN);
5636 memcpy(mgmt.sa, own_addr, ETH_ALEN);
5637 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
5638 mgmt.u.deauth.reason_code = host_to_le16(reason);
5639 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
5641 sizeof(mgmt.u.deauth));
5645 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
5648 struct i802_bss *bss = priv;
5649 struct ieee80211_mgmt mgmt;
5651 memset(&mgmt, 0, sizeof(mgmt));
5652 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
5653 WLAN_FC_STYPE_DISASSOC);
5654 memcpy(mgmt.da, addr, ETH_ALEN);
5655 memcpy(mgmt.sa, own_addr, ETH_ALEN);
5656 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
5657 mgmt.u.disassoc.reason_code = host_to_le16(reason);
5658 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
5660 sizeof(mgmt.u.disassoc));
5663 #endif /* HOSTAPD || CONFIG_AP */
5667 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
5672 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d",
5674 for (i = 0; i < drv->num_if_indices; i++) {
5675 if (drv->if_indices[i] == 0) {
5676 drv->if_indices[i] = ifidx;
5681 if (drv->if_indices != drv->default_if_indices)
5682 old = drv->if_indices;
5686 drv->if_indices = os_realloc(old,
5687 sizeof(int) * (drv->num_if_indices + 1));
5688 if (!drv->if_indices) {
5690 drv->if_indices = drv->default_if_indices;
5692 drv->if_indices = old;
5693 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
5695 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
5698 os_memcpy(drv->if_indices, drv->default_if_indices,
5699 sizeof(drv->default_if_indices));
5700 drv->if_indices[drv->num_if_indices] = ifidx;
5701 drv->num_if_indices++;
5705 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
5709 for (i = 0; i < drv->num_if_indices; i++) {
5710 if (drv->if_indices[i] == ifidx) {
5711 drv->if_indices[i] = 0;
5718 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
5722 for (i = 0; i < drv->num_if_indices; i++)
5723 if (drv->if_indices[i] == ifidx)
5730 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val,
5731 const char *bridge_ifname)
5733 struct i802_bss *bss = priv;
5734 struct wpa_driver_nl80211_data *drv = bss->drv;
5735 char name[IFNAMSIZ + 1];
5737 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
5738 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
5739 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
5741 if (!if_nametoindex(name)) {
5742 if (nl80211_create_iface(drv, name,
5743 NL80211_IFTYPE_AP_VLAN,
5746 if (bridge_ifname &&
5747 linux_br_add_if(drv->ioctl_sock, bridge_ifname,
5751 linux_set_iface_flags(drv->ioctl_sock, name, 1);
5752 return i802_set_sta_vlan(priv, addr, name, 0);
5754 i802_set_sta_vlan(priv, addr, bss->ifname, 0);
5755 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN,
5761 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
5763 struct wpa_driver_nl80211_data *drv = eloop_ctx;
5764 struct sockaddr_ll lladdr;
5765 unsigned char buf[3000];
5767 socklen_t fromlen = sizeof(lladdr);
5769 len = recvfrom(sock, buf, sizeof(buf), 0,
5770 (struct sockaddr *)&lladdr, &fromlen);
5776 if (have_ifidx(drv, lladdr.sll_ifindex))
5777 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
5781 static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
5782 struct i802_bss *bss,
5783 const char *brname, const char *ifname)
5786 char in_br[IFNAMSIZ];
5788 os_strlcpy(bss->brname, brname, IFNAMSIZ);
5789 ifindex = if_nametoindex(brname);
5792 * Bridge was configured, but the bridge device does
5793 * not exist. Try to add it now.
5795 if (linux_br_add(drv->ioctl_sock, brname) < 0) {
5796 wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
5797 "bridge interface %s: %s",
5798 brname, strerror(errno));
5801 bss->added_bridge = 1;
5802 add_ifidx(drv, if_nametoindex(brname));
5805 if (linux_br_get(in_br, ifname) == 0) {
5806 if (os_strcmp(in_br, brname) == 0)
5807 return 0; /* already in the bridge */
5809 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
5810 "bridge %s", ifname, in_br);
5811 if (linux_br_del_if(drv->ioctl_sock, in_br, ifname) < 0) {
5812 wpa_printf(MSG_ERROR, "nl80211: Failed to "
5813 "remove interface %s from bridge "
5815 ifname, brname, strerror(errno));
5820 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
5822 if (linux_br_add_if(drv->ioctl_sock, brname, ifname) < 0) {
5823 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s "
5824 "into bridge %s: %s",
5825 ifname, brname, strerror(errno));
5828 bss->added_if_into_bridge = 1;
5834 static void *i802_init(struct hostapd_data *hapd,
5835 struct wpa_init_params *params)
5837 struct wpa_driver_nl80211_data *drv;
5838 struct i802_bss *bss;
5840 char brname[IFNAMSIZ];
5841 int ifindex, br_ifindex;
5844 bss = wpa_driver_nl80211_init(hapd, params->ifname, NULL);
5849 drv->nlmode = NL80211_IFTYPE_AP;
5850 if (linux_br_get(brname, params->ifname) == 0) {
5851 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
5852 params->ifname, brname);
5853 br_ifindex = if_nametoindex(brname);
5859 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
5860 drv->if_indices = drv->default_if_indices;
5861 for (i = 0; i < params->num_bridge; i++) {
5862 if (params->bridge[i]) {
5863 ifindex = if_nametoindex(params->bridge[i]);
5865 add_ifidx(drv, ifindex);
5866 if (ifindex == br_ifindex)
5870 if (!br_added && br_ifindex &&
5871 (params->num_bridge == 0 || !params->bridge[0]))
5872 add_ifidx(drv, br_ifindex);
5874 /* start listening for EAPOL on the default AP interface */
5875 add_ifidx(drv, drv->ifindex);
5877 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0))
5880 if (params->bssid) {
5881 if (linux_set_ifhwaddr(drv->ioctl_sock, bss->ifname,
5886 if (wpa_driver_nl80211_set_mode(bss, drv->nlmode)) {
5887 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s "
5888 "into AP mode", bss->ifname);
5892 if (params->num_bridge && params->bridge[0] &&
5893 i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0)
5896 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1))
5899 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
5900 if (drv->eapol_sock < 0) {
5901 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
5905 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
5907 printf("Could not register read socket for eapol\n");
5911 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, params->own_addr))
5917 nl80211_remove_monitor_interface(drv);
5918 rfkill_deinit(drv->rfkill);
5919 netlink_deinit(drv->netlink);
5920 if (drv->ioctl_sock >= 0)
5921 close(drv->ioctl_sock);
5923 genl_family_put(drv->nl80211);
5924 nl_cache_free(drv->nl_cache);
5925 nl80211_handle_destroy(drv->nl_handle);
5926 nl_cb_put(drv->nl_cb);
5927 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event));
5934 static void i802_deinit(void *priv)
5936 wpa_driver_nl80211_deinit(priv);
5939 #endif /* HOSTAPD */
5942 static enum nl80211_iftype wpa_driver_nl80211_if_type(
5943 enum wpa_driver_if_type type)
5946 case WPA_IF_STATION:
5947 return NL80211_IFTYPE_STATION;
5948 case WPA_IF_P2P_CLIENT:
5949 case WPA_IF_P2P_GROUP:
5950 return NL80211_IFTYPE_P2P_CLIENT;
5951 case WPA_IF_AP_VLAN:
5952 return NL80211_IFTYPE_AP_VLAN;
5954 return NL80211_IFTYPE_AP;
5956 return NL80211_IFTYPE_P2P_GO;
5964 static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
5966 struct wpa_driver_nl80211_data *drv;
5967 dl_list_for_each(drv, &global->interfaces,
5968 struct wpa_driver_nl80211_data, list) {
5969 if (os_memcmp(addr, drv->addr, ETH_ALEN) == 0)
5976 static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv,
5984 os_memcpy(new_addr, drv->addr, ETH_ALEN);
5985 for (idx = 0; idx < 64; idx++) {
5986 new_addr[0] = drv->addr[0] | 0x02;
5987 new_addr[0] ^= idx << 2;
5988 if (!nl80211_addr_in_use(drv->global, new_addr))
5994 wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address "
5995 MACSTR, MAC2STR(new_addr));
6000 #endif /* CONFIG_P2P */
6003 static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
6004 const char *ifname, const u8 *addr,
6005 void *bss_ctx, void **drv_priv,
6006 char *force_ifname, u8 *if_addr,
6009 struct i802_bss *bss = priv;
6010 struct wpa_driver_nl80211_data *drv = bss->drv;
6013 struct i802_bss *new_bss = NULL;
6015 if (type == WPA_IF_AP_BSS) {
6016 new_bss = os_zalloc(sizeof(*new_bss));
6017 if (new_bss == NULL)
6020 #endif /* HOSTAPD */
6023 os_memcpy(if_addr, addr, ETH_ALEN);
6024 ifidx = nl80211_create_iface(drv, ifname,
6025 wpa_driver_nl80211_if_type(type), addr,
6030 #endif /* HOSTAPD */
6035 linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, if_addr) < 0) {
6036 nl80211_remove_iface(drv, ifidx);
6042 (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP ||
6043 type == WPA_IF_P2P_GO)) {
6044 /* Enforce unique P2P Interface Address */
6045 u8 new_addr[ETH_ALEN], own_addr[ETH_ALEN];
6047 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr)
6049 linux_get_ifhwaddr(drv->ioctl_sock, ifname, new_addr) < 0)
6051 nl80211_remove_iface(drv, ifidx);
6054 if (os_memcmp(own_addr, new_addr, ETH_ALEN) == 0) {
6055 wpa_printf(MSG_DEBUG, "nl80211: Allocate new address "
6056 "for P2P group interface");
6057 if (nl80211_p2p_interface_addr(drv, new_addr) < 0) {
6058 nl80211_remove_iface(drv, ifidx);
6061 if (linux_set_ifhwaddr(drv->ioctl_sock, ifname,
6063 nl80211_remove_iface(drv, ifidx);
6067 os_memcpy(if_addr, new_addr, ETH_ALEN);
6069 #endif /* CONFIG_P2P */
6073 i802_check_bridge(drv, new_bss, bridge, ifname) < 0) {
6074 wpa_printf(MSG_ERROR, "nl80211: Failed to add the new "
6075 "interface %s to a bridge %s", ifname, bridge);
6076 nl80211_remove_iface(drv, ifidx);
6081 if (type == WPA_IF_AP_BSS) {
6082 if (linux_set_iface_flags(drv->ioctl_sock, ifname, 1)) {
6083 nl80211_remove_iface(drv, ifidx);
6087 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
6088 new_bss->ifindex = ifidx;
6090 new_bss->next = drv->first_bss.next;
6091 drv->first_bss.next = new_bss;
6093 *drv_priv = new_bss;
6095 #endif /* HOSTAPD */
6098 drv->global->if_add_ifindex = ifidx;
6104 static int wpa_driver_nl80211_if_remove(void *priv,
6105 enum wpa_driver_if_type type,
6108 struct i802_bss *bss = priv;
6109 struct wpa_driver_nl80211_data *drv = bss->drv;
6110 int ifindex = if_nametoindex(ifname);
6112 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d",
6113 __func__, type, ifname, ifindex);
6118 if (bss->added_if_into_bridge) {
6119 if (linux_br_del_if(drv->ioctl_sock, bss->brname, bss->ifname)
6121 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
6122 "interface %s from bridge %s: %s",
6123 bss->ifname, bss->brname, strerror(errno));
6125 if (bss->added_bridge) {
6126 if (linux_br_del(drv->ioctl_sock, bss->brname) < 0)
6127 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
6129 bss->brname, strerror(errno));
6131 #endif /* HOSTAPD */
6133 nl80211_remove_iface(drv, ifindex);
6136 if (type != WPA_IF_AP_BSS)
6139 if (bss != &drv->first_bss) {
6140 struct i802_bss *tbss;
6142 for (tbss = &drv->first_bss; tbss; tbss = tbss->next) {
6143 if (tbss->next == bss) {
6144 tbss->next = bss->next;
6151 wpa_printf(MSG_INFO, "nl80211: %s - could not find "
6152 "BSS %p in the list", __func__, bss);
6154 #endif /* HOSTAPD */
6160 static int cookie_handler(struct nl_msg *msg, void *arg)
6162 struct nlattr *tb[NL80211_ATTR_MAX + 1];
6163 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6165 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6166 genlmsg_attrlen(gnlh, 0), NULL);
6167 if (tb[NL80211_ATTR_COOKIE])
6168 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
6173 static int nl80211_send_frame_cmd(struct wpa_driver_nl80211_data *drv,
6174 unsigned int freq, unsigned int wait,
6175 const u8 *buf, size_t buf_len,
6182 msg = nlmsg_alloc();
6186 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
6187 NL80211_CMD_FRAME, 0);
6189 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6190 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
6192 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, wait);
6193 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
6194 NLA_PUT(msg, NL80211_ATTR_FRAME, buf_len, buf);
6197 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
6200 wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d "
6201 "(%s) (freq=%u wait=%u)", ret, strerror(-ret),
6203 goto nla_put_failure;
6205 wpa_printf(MSG_DEBUG, "nl80211: Frame TX command accepted; "
6206 "cookie 0x%llx", (long long unsigned int) cookie);
6209 *cookie_out = cookie;
6217 static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq,
6218 unsigned int wait_time,
6219 const u8 *dst, const u8 *src,
6221 const u8 *data, size_t data_len)
6223 struct i802_bss *bss = priv;
6224 struct wpa_driver_nl80211_data *drv = bss->drv;
6227 struct ieee80211_hdr *hdr;
6229 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
6230 "wait=%d ms)", drv->ifindex, wait_time);
6232 buf = os_zalloc(24 + data_len);
6235 os_memcpy(buf + 24, data, data_len);
6236 hdr = (struct ieee80211_hdr *) buf;
6237 hdr->frame_control =
6238 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
6239 os_memcpy(hdr->addr1, dst, ETH_ALEN);
6240 os_memcpy(hdr->addr2, src, ETH_ALEN);
6241 os_memcpy(hdr->addr3, bssid, ETH_ALEN);
6243 if (is_ap_interface(drv->nlmode))
6244 ret = wpa_driver_nl80211_send_mlme(priv, buf, 24 + data_len);
6246 ret = nl80211_send_frame_cmd(drv, freq, wait_time, buf,
6248 &drv->send_action_cookie);
6255 static void wpa_driver_nl80211_send_action_cancel_wait(void *priv)
6257 struct i802_bss *bss = priv;
6258 struct wpa_driver_nl80211_data *drv = bss->drv;
6262 msg = nlmsg_alloc();
6266 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
6267 NL80211_CMD_FRAME_WAIT_CANCEL, 0);
6269 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6270 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->send_action_cookie);
6272 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6275 wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d "
6276 "(%s)", ret, strerror(-ret));
6283 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
6284 unsigned int duration)
6286 struct i802_bss *bss = priv;
6287 struct wpa_driver_nl80211_data *drv = bss->drv;
6292 msg = nlmsg_alloc();
6296 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
6297 NL80211_CMD_REMAIN_ON_CHANNEL, 0);
6299 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6300 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
6301 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
6304 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
6306 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
6307 "0x%llx for freq=%u MHz duration=%u",
6308 (long long unsigned int) cookie, freq, duration);
6309 drv->remain_on_chan_cookie = cookie;
6312 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
6313 "(freq=%d duration=%u): %d (%s)",
6314 freq, duration, ret, strerror(-ret));
6320 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
6322 struct i802_bss *bss = priv;
6323 struct wpa_driver_nl80211_data *drv = bss->drv;
6327 if (!drv->pending_remain_on_chan) {
6328 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
6333 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
6335 (long long unsigned int) drv->remain_on_chan_cookie);
6337 msg = nlmsg_alloc();
6341 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
6342 NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 0);
6344 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
6345 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie);
6347 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6350 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
6351 "%d (%s)", ret, strerror(-ret));
6357 static int wpa_driver_nl80211_probe_req_report(void *priv, int report)
6359 struct i802_bss *bss = priv;
6360 struct wpa_driver_nl80211_data *drv = bss->drv;
6362 if (!is_sta_interface(drv->nlmode)) {
6363 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only "
6364 "allowed in station mode (iftype=%d)",
6370 if (drv->nl_handle_preq) {
6371 eloop_unregister_read_sock(
6372 nl_socket_get_fd(drv->nl_handle_preq));
6373 nl_cache_free(drv->nl_cache_preq);
6374 nl80211_handle_destroy(drv->nl_handle_preq);
6375 drv->nl_handle_preq = NULL;
6380 if (drv->nl_handle_preq) {
6381 wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting "
6386 drv->nl_handle_preq = nl80211_handle_alloc(drv->nl_cb);
6387 if (drv->nl_handle_preq == NULL) {
6388 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate "
6389 "netlink callbacks (preq)");
6393 if (genl_connect(drv->nl_handle_preq)) {
6394 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to "
6395 "generic netlink (preq)");
6400 #ifdef CONFIG_LIBNL20
6401 if (genl_ctrl_alloc_cache(drv->nl_handle_preq,
6402 &drv->nl_cache_preq) < 0) {
6403 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
6404 "netlink cache (preq)");
6407 #else /* CONFIG_LIBNL20 */
6408 drv->nl_cache_preq = genl_ctrl_alloc_cache(drv->nl_handle_preq);
6409 if (drv->nl_cache_preq == NULL) {
6410 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
6411 "netlink cache (preq)");
6414 #endif /* CONFIG_LIBNL20 */
6416 if (nl80211_register_frame(drv, drv->nl_handle_preq,
6417 (WLAN_FC_TYPE_MGMT << 2) |
6418 (WLAN_FC_STYPE_PROBE_REQ << 4),
6423 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_preq),
6424 wpa_driver_nl80211_event_receive, drv,
6425 drv->nl_handle_preq);
6430 nl_cache_free(drv->nl_cache_preq);
6432 nl80211_handle_destroy(drv->nl_handle_preq);
6433 drv->nl_handle_preq = NULL;
6439 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
6440 int ifindex, int disabled)
6443 struct nlattr *bands, *band;
6446 msg = nlmsg_alloc();
6450 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
6451 NL80211_CMD_SET_TX_BITRATE_MASK, 0);
6452 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
6454 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
6456 goto nla_put_failure;
6459 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
6460 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
6461 * rates. All 5 GHz rates are left enabled.
6463 band = nla_nest_start(msg, NL80211_BAND_2GHZ);
6465 goto nla_put_failure;
6466 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8,
6467 "\x0c\x12\x18\x24\x30\x48\x60\x6c");
6468 nla_nest_end(msg, band);
6470 nla_nest_end(msg, bands);
6472 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
6475 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
6476 "(%s)", ret, strerror(-ret));
6487 static int wpa_driver_nl80211_disable_11b_rates(void *priv, int disabled)
6489 struct i802_bss *bss = priv;
6490 struct wpa_driver_nl80211_data *drv = bss->drv;
6491 drv->disable_11b_rates = disabled;
6492 return nl80211_disable_11b_rates(drv, drv->ifindex, disabled);
6496 static int wpa_driver_nl80211_deinit_ap(void *priv)
6498 struct i802_bss *bss = priv;
6499 struct wpa_driver_nl80211_data *drv = bss->drv;
6500 if (!is_ap_interface(drv->nlmode))
6502 wpa_driver_nl80211_del_beacon(drv);
6503 return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
6507 static void wpa_driver_nl80211_resume(void *priv)
6509 struct i802_bss *bss = priv;
6510 struct wpa_driver_nl80211_data *drv = bss->drv;
6511 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) {
6512 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on "
6518 static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap,
6519 const u8 *ies, size_t ies_len)
6521 struct i802_bss *bss = priv;
6522 struct wpa_driver_nl80211_data *drv = bss->drv;
6526 u8 own_addr[ETH_ALEN];
6528 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) < 0)
6532 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action "
6533 "action %d", action);
6538 * Action frame payload:
6539 * Category[1] = 6 (Fast BSS Transition)
6540 * Action[1] = 1 (Fast BSS Transition Request)
6546 data_len = 2 + 2 * ETH_ALEN + ies_len;
6547 data = os_malloc(data_len);
6551 *pos++ = 0x06; /* FT Action category */
6553 os_memcpy(pos, own_addr, ETH_ALEN);
6555 os_memcpy(pos, target_ap, ETH_ALEN);
6557 os_memcpy(pos, ies, ies_len);
6559 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, 0,
6560 drv->bssid, own_addr, drv->bssid,
6568 static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
6570 struct i802_bss *bss = priv;
6571 struct wpa_driver_nl80211_data *drv = bss->drv;
6572 struct nl_msg *msg, *cqm = NULL;
6574 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
6575 "hysteresis=%d", threshold, hysteresis);
6577 msg = nlmsg_alloc();
6581 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
6582 0, NL80211_CMD_SET_CQM, 0);
6584 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
6586 cqm = nlmsg_alloc();
6590 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold);
6591 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis);
6592 nla_put_nested(msg, NL80211_ATTR_CQM, cqm);
6594 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
6606 static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si)
6608 struct i802_bss *bss = priv;
6609 struct wpa_driver_nl80211_data *drv = bss->drv;
6612 os_memset(si, 0, sizeof(*si));
6613 res = nl80211_get_link_signal(drv, si);
6617 return nl80211_get_link_noise(drv, si);
6621 static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len,
6624 struct i802_bss *bss = priv;
6625 struct wpa_driver_nl80211_data *drv = bss->drv;
6626 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt);
6630 static int nl80211_set_intra_bss(void *priv, int enabled)
6632 struct i802_bss *bss = priv;
6633 struct wpa_driver_nl80211_data *drv = bss->drv;
6636 msg = nlmsg_alloc();
6640 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
6641 NL80211_CMD_SET_BSS, 0);
6643 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
6644 NLA_PUT_U8(msg, NL80211_ATTR_AP_ISOLATE, !enabled);
6646 return send_and_recv_msgs(drv, msg, NULL, NULL);
6652 static int nl80211_set_param(void *priv, const char *param)
6654 wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param);
6659 if (os_strstr(param, "use_p2p_group_interface=1")) {
6660 struct i802_bss *bss = priv;
6661 struct wpa_driver_nl80211_data *drv = bss->drv;
6663 wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
6665 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
6666 drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
6668 #endif /* CONFIG_P2P */
6674 static void * nl80211_global_init(void)
6676 struct nl80211_global *global;
6677 global = os_zalloc(sizeof(*global));
6680 dl_list_init(&global->interfaces);
6681 global->if_add_ifindex = -1;
6686 static void nl80211_global_deinit(void *priv)
6688 struct nl80211_global *global = priv;
6691 if (!dl_list_empty(&global->interfaces)) {
6692 wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at "
6693 "nl80211_global_deinit",
6694 dl_list_len(&global->interfaces));
6700 static const char * nl80211_get_radio_name(void *priv)
6702 struct i802_bss *bss = priv;
6703 struct wpa_driver_nl80211_data *drv = bss->drv;
6704 return drv->phyname;
6708 static int nl80211_pmkid(struct i802_bss *bss, int cmd, const u8 *bssid,
6713 msg = nlmsg_alloc();
6717 genlmsg_put(msg, 0, 0, genl_family_get_id(bss->drv->nl80211), 0, 0,
6720 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
6722 NLA_PUT(msg, NL80211_ATTR_PMKID, 16, pmkid);
6724 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
6726 return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
6732 static int nl80211_add_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
6734 struct i802_bss *bss = priv;
6735 wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR, MAC2STR(bssid));
6736 return nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, bssid, pmkid);
6740 static int nl80211_remove_pmkid(void *priv, const u8 *bssid, const u8 *pmkid)
6742 struct i802_bss *bss = priv;
6743 wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR,
6745 return nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, bssid, pmkid);
6749 static int nl80211_flush_pmkid(void *priv)
6751 struct i802_bss *bss = priv;
6752 wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs");
6753 return nl80211_pmkid(bss, NL80211_CMD_FLUSH_PMKSA, NULL, NULL);
6757 static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck,
6758 const u8 *replay_ctr)
6760 struct i802_bss *bss = priv;
6761 struct wpa_driver_nl80211_data *drv = bss->drv;
6762 struct nlattr *replay_nested;
6765 msg = nlmsg_alloc();
6769 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
6770 NL80211_CMD_SET_REKEY_OFFLOAD, 0);
6772 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
6774 replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
6776 goto nla_put_failure;
6778 NLA_PUT(msg, NL80211_REKEY_DATA_KEK, NL80211_KEK_LEN, kek);
6779 NLA_PUT(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck);
6780 NLA_PUT(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN,
6783 nla_nest_end(msg, replay_nested);
6785 send_and_recv_msgs(drv, msg, NULL, NULL);
6792 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
6794 .desc = "Linux nl80211/cfg80211",
6795 .get_bssid = wpa_driver_nl80211_get_bssid,
6796 .get_ssid = wpa_driver_nl80211_get_ssid,
6797 .set_key = wpa_driver_nl80211_set_key,
6798 .scan2 = wpa_driver_nl80211_scan,
6799 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
6800 .deauthenticate = wpa_driver_nl80211_deauthenticate,
6801 .disassociate = wpa_driver_nl80211_disassociate,
6802 .authenticate = wpa_driver_nl80211_authenticate,
6803 .associate = wpa_driver_nl80211_associate,
6804 .global_init = nl80211_global_init,
6805 .global_deinit = nl80211_global_deinit,
6806 .init2 = wpa_driver_nl80211_init,
6807 .deinit = wpa_driver_nl80211_deinit,
6808 .get_capa = wpa_driver_nl80211_get_capa,
6809 .set_operstate = wpa_driver_nl80211_set_operstate,
6810 .set_supp_port = wpa_driver_nl80211_set_supp_port,
6811 .set_country = wpa_driver_nl80211_set_country,
6812 .set_beacon = wpa_driver_nl80211_set_beacon,
6813 .if_add = wpa_driver_nl80211_if_add,
6814 .if_remove = wpa_driver_nl80211_if_remove,
6815 .send_mlme = wpa_driver_nl80211_send_mlme,
6816 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
6817 .sta_add = wpa_driver_nl80211_sta_add,
6818 .sta_remove = wpa_driver_nl80211_sta_remove,
6819 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
6820 .sta_set_flags = wpa_driver_nl80211_sta_set_flags,
6822 .hapd_init = i802_init,
6823 .hapd_deinit = i802_deinit,
6824 .set_wds_sta = i802_set_wds_sta,
6825 #endif /* HOSTAPD */
6826 #if defined(HOSTAPD) || defined(CONFIG_AP)
6827 .get_seqnum = i802_get_seqnum,
6828 .flush = i802_flush,
6829 .read_sta_data = i802_read_sta_data,
6830 .get_inact_sec = i802_get_inact_sec,
6831 .sta_clear_stats = i802_sta_clear_stats,
6832 .set_rts = i802_set_rts,
6833 .set_frag = i802_set_frag,
6834 .set_cts_protect = i802_set_cts_protect,
6835 .set_preamble = i802_set_preamble,
6836 .set_short_slot_time = i802_set_short_slot_time,
6837 .set_tx_queue_params = i802_set_tx_queue_params,
6838 .set_sta_vlan = i802_set_sta_vlan,
6839 .set_ht_params = i802_set_ht_params,
6840 .set_rate_sets = i802_set_rate_sets,
6841 .sta_deauth = i802_sta_deauth,
6842 .sta_disassoc = i802_sta_disassoc,
6843 #endif /* HOSTAPD || CONFIG_AP */
6844 .set_freq = i802_set_freq,
6845 .send_action = wpa_driver_nl80211_send_action,
6846 .send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait,
6847 .remain_on_channel = wpa_driver_nl80211_remain_on_channel,
6848 .cancel_remain_on_channel =
6849 wpa_driver_nl80211_cancel_remain_on_channel,
6850 .probe_req_report = wpa_driver_nl80211_probe_req_report,
6851 .disable_11b_rates = wpa_driver_nl80211_disable_11b_rates,
6852 .deinit_ap = wpa_driver_nl80211_deinit_ap,
6853 .resume = wpa_driver_nl80211_resume,
6854 .send_ft_action = nl80211_send_ft_action,
6855 .signal_monitor = nl80211_signal_monitor,
6856 .signal_poll = nl80211_signal_poll,
6857 .send_frame = nl80211_send_frame,
6858 .set_intra_bss = nl80211_set_intra_bss,
6859 .set_param = nl80211_set_param,
6860 .get_radio_name = nl80211_get_radio_name,
6861 .add_pmkid = nl80211_add_pmkid,
6862 .remove_pmkid = nl80211_remove_pmkid,
6863 .flush_pmkid = nl80211_flush_pmkid,
6864 .set_rekey_info = nl80211_set_rekey_info,