2 * wlantest control interface
3 * Copyright (c) 2010-2013, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
12 #include "utils/common.h"
13 #include "utils/eloop.h"
14 #include "common/defs.h"
15 #include "common/version.h"
16 #include "common/ieee802_11_defs.h"
18 #include "wlantest_ctrl.h"
21 static u8 * attr_get(u8 *buf, size_t buflen, enum wlantest_ctrl_attr attr,
26 while (pos + 8 <= buf + buflen) {
27 enum wlantest_ctrl_attr a;
29 a = WPA_GET_BE32(pos);
31 alen = WPA_GET_BE32(pos);
33 if (pos + alen > buf + buflen) {
34 wpa_printf(MSG_DEBUG, "Invalid control message "
49 static u8 * attr_get_macaddr(u8 *buf, size_t buflen,
50 enum wlantest_ctrl_attr attr)
54 addr = attr_get(buf, buflen, attr, &addr_len);
55 if (addr && addr_len != ETH_ALEN)
61 static int attr_get_int(u8 *buf, size_t buflen, enum wlantest_ctrl_attr attr)
65 pos = attr_get(buf, buflen, attr, &len);
66 if (pos == NULL || len != 4)
68 return WPA_GET_BE32(pos);
72 static u8 * attr_add_str(u8 *pos, u8 *end, enum wlantest_ctrl_attr attr,
75 size_t len = os_strlen(str);
77 if (pos == NULL || end - pos < 8 + len)
79 WPA_PUT_BE32(pos, attr);
81 WPA_PUT_BE32(pos, len);
83 os_memcpy(pos, str, len);
89 static u8 * attr_add_be32(u8 *pos, u8 *end, enum wlantest_ctrl_attr attr,
92 if (pos == NULL || end - pos < 12)
94 WPA_PUT_BE32(pos, attr);
98 WPA_PUT_BE32(pos, val);
104 static void ctrl_disconnect(struct wlantest *wt, int sock)
107 wpa_printf(MSG_DEBUG, "Disconnect control interface connection %d",
109 for (i = 0; i < MAX_CTRL_CONNECTIONS; i++) {
110 if (wt->ctrl_socks[i] == sock) {
111 close(wt->ctrl_socks[i]);
112 eloop_unregister_read_sock(wt->ctrl_socks[i]);
113 wt->ctrl_socks[i] = -1;
120 static void ctrl_send(struct wlantest *wt, int sock, const u8 *buf,
123 if (send(sock, buf, len, 0) < 0) {
124 wpa_printf(MSG_INFO, "send(ctrl): %s", strerror(errno));
125 ctrl_disconnect(wt, sock);
130 static void ctrl_send_simple(struct wlantest *wt, int sock,
131 enum wlantest_ctrl_cmd cmd)
134 WPA_PUT_BE32(buf, cmd);
135 ctrl_send(wt, sock, buf, sizeof(buf));
139 static struct wlantest_bss * ctrl_get_bss(struct wlantest *wt, int sock,
140 u8 *cmd, size_t clen)
142 struct wlantest_bss *bss;
146 pos = attr_get(cmd, clen, WLANTEST_ATTR_BSSID, &len);
147 if (pos == NULL || len != ETH_ALEN) {
148 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
152 bss = bss_find(wt, pos);
154 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
162 static struct wlantest_sta * ctrl_get_sta(struct wlantest *wt, int sock,
163 u8 *cmd, size_t clen,
164 struct wlantest_bss *bss)
166 struct wlantest_sta *sta;
173 pos = attr_get(cmd, clen, WLANTEST_ATTR_STA_ADDR, &len);
174 if (pos == NULL || len != ETH_ALEN) {
175 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
179 sta = sta_find(bss, pos);
181 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
189 static struct wlantest_sta * ctrl_get_sta2(struct wlantest *wt, int sock,
190 u8 *cmd, size_t clen,
191 struct wlantest_bss *bss)
193 struct wlantest_sta *sta;
200 pos = attr_get(cmd, clen, WLANTEST_ATTR_STA2_ADDR, &len);
201 if (pos == NULL || len != ETH_ALEN) {
202 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
206 sta = sta_find(bss, pos);
208 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
216 static void ctrl_list_bss(struct wlantest *wt, int sock)
218 u8 buf[WLANTEST_CTRL_MAX_RESP_LEN], *pos, *len;
219 struct wlantest_bss *bss;
222 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
224 WPA_PUT_BE32(pos, WLANTEST_ATTR_BSSID);
226 len = pos; /* to be filled */
229 dl_list_for_each(bss, &wt->bss, struct wlantest_bss, list) {
230 if (pos + ETH_ALEN > buf + WLANTEST_CTRL_MAX_RESP_LEN)
232 os_memcpy(pos, bss->bssid, ETH_ALEN);
236 WPA_PUT_BE32(len, pos - len - 4);
237 ctrl_send(wt, sock, buf, pos - buf);
241 static void ctrl_list_sta(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
243 u8 buf[WLANTEST_CTRL_MAX_RESP_LEN], *pos, *len;
244 struct wlantest_bss *bss;
245 struct wlantest_sta *sta;
247 bss = ctrl_get_bss(wt, sock, cmd, clen);
252 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
254 WPA_PUT_BE32(pos, WLANTEST_ATTR_STA_ADDR);
256 len = pos; /* to be filled */
259 dl_list_for_each(sta, &bss->sta, struct wlantest_sta, list) {
260 if (pos + ETH_ALEN > buf + WLANTEST_CTRL_MAX_RESP_LEN)
262 os_memcpy(pos, sta->addr, ETH_ALEN);
266 WPA_PUT_BE32(len, pos - len - 4);
267 ctrl_send(wt, sock, buf, pos - buf);
271 static void ctrl_flush(struct wlantest *wt, int sock)
273 wpa_printf(MSG_DEBUG, "Drop all collected BSS data");
275 ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
279 static void ctrl_clear_sta_counters(struct wlantest *wt, int sock, u8 *cmd,
282 struct wlantest_bss *bss;
283 struct wlantest_sta *sta;
285 bss = ctrl_get_bss(wt, sock, cmd, clen);
286 sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
288 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
292 os_memset(sta->counters, 0, sizeof(sta->counters));
293 os_memset(sta->tx_tid, 0, sizeof(sta->tx_tid));
294 os_memset(sta->rx_tid, 0, sizeof(sta->rx_tid));
295 ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
299 static void ctrl_clear_bss_counters(struct wlantest *wt, int sock, u8 *cmd,
302 struct wlantest_bss *bss;
304 bss = ctrl_get_bss(wt, sock, cmd, clen);
306 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
310 os_memset(bss->counters, 0, sizeof(bss->counters));
311 ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
315 static void ctrl_clear_tdls_counters(struct wlantest *wt, int sock, u8 *cmd,
318 struct wlantest_bss *bss;
319 struct wlantest_sta *sta;
320 struct wlantest_sta *sta2;
321 struct wlantest_tdls *tdls;
323 bss = ctrl_get_bss(wt, sock, cmd, clen);
324 sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
325 sta2 = ctrl_get_sta2(wt, sock, cmd, clen, bss);
326 if (sta == NULL || sta2 == NULL) {
327 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
331 dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) {
332 if ((tdls->init == sta && tdls->resp == sta2) ||
333 (tdls->init == sta2 && tdls->resp == sta))
334 os_memset(tdls->counters, 0, sizeof(tdls->counters));
336 ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
340 static void ctrl_get_sta_counter(struct wlantest *wt, int sock, u8 *cmd,
345 struct wlantest_bss *bss;
346 struct wlantest_sta *sta;
348 u8 buf[4 + 12], *end, *pos;
350 bss = ctrl_get_bss(wt, sock, cmd, clen);
351 sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
355 addr = attr_get(cmd, clen, WLANTEST_ATTR_STA_COUNTER, &addr_len);
356 if (addr == NULL || addr_len != 4) {
357 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
360 counter = WPA_GET_BE32(addr);
361 if (counter >= NUM_WLANTEST_STA_COUNTER) {
362 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
367 end = buf + sizeof(buf);
368 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
370 pos = attr_add_be32(pos, end, WLANTEST_ATTR_COUNTER,
371 sta->counters[counter]);
372 ctrl_send(wt, sock, buf, pos - buf);
376 static void ctrl_get_bss_counter(struct wlantest *wt, int sock, u8 *cmd,
381 struct wlantest_bss *bss;
383 u8 buf[4 + 12], *end, *pos;
385 bss = ctrl_get_bss(wt, sock, cmd, clen);
389 addr = attr_get(cmd, clen, WLANTEST_ATTR_BSS_COUNTER, &addr_len);
390 if (addr == NULL || addr_len != 4) {
391 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
394 counter = WPA_GET_BE32(addr);
395 if (counter >= NUM_WLANTEST_BSS_COUNTER) {
396 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
401 end = buf + sizeof(buf);
402 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
404 pos = attr_add_be32(pos, end, WLANTEST_ATTR_COUNTER,
405 bss->counters[counter]);
406 ctrl_send(wt, sock, buf, pos - buf);
410 static void ctrl_get_tdls_counter(struct wlantest *wt, int sock, u8 *cmd,
415 struct wlantest_bss *bss;
416 struct wlantest_sta *sta;
417 struct wlantest_sta *sta2;
418 struct wlantest_tdls *tdls;
420 u8 buf[4 + 12], *end, *pos;
423 bss = ctrl_get_bss(wt, sock, cmd, clen);
424 sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
425 sta2 = ctrl_get_sta2(wt, sock, cmd, clen, bss);
426 if (sta == NULL || sta2 == NULL) {
427 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
431 addr = attr_get(cmd, clen, WLANTEST_ATTR_TDLS_COUNTER, &addr_len);
432 if (addr == NULL || addr_len != 4) {
433 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
436 counter = WPA_GET_BE32(addr);
437 if (counter >= NUM_WLANTEST_TDLS_COUNTER) {
438 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
442 dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) {
443 if (tdls->init == sta && tdls->resp == sta2) {
450 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
455 end = buf + sizeof(buf);
456 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
458 pos = attr_add_be32(pos, end, WLANTEST_ATTR_COUNTER,
459 tdls->counters[counter]);
460 ctrl_send(wt, sock, buf, pos - buf);
464 static void build_mgmt_hdr(struct ieee80211_mgmt *mgmt,
465 struct wlantest_bss *bss, struct wlantest_sta *sta,
466 int sender_ap, int stype)
468 os_memset(mgmt, 0, 24);
469 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, stype);
472 os_memcpy(mgmt->da, sta->addr, ETH_ALEN);
474 os_memset(mgmt->da, 0xff, ETH_ALEN);
475 os_memcpy(mgmt->sa, bss->bssid, ETH_ALEN);
477 os_memcpy(mgmt->da, bss->bssid, ETH_ALEN);
478 os_memcpy(mgmt->sa, sta->addr, ETH_ALEN);
480 os_memcpy(mgmt->bssid, bss->bssid, ETH_ALEN);
484 static int ctrl_inject_auth(struct wlantest *wt, struct wlantest_bss *bss,
485 struct wlantest_sta *sta, int sender_ap,
486 enum wlantest_inject_protection prot)
488 struct ieee80211_mgmt mgmt;
490 if (prot != WLANTEST_INJECT_NORMAL &&
491 prot != WLANTEST_INJECT_UNPROTECTED)
492 return -1; /* Authentication frame is never protected */
494 return -1; /* No broadcast Authentication frames */
497 wpa_printf(MSG_INFO, "INJECT: Auth " MACSTR " -> " MACSTR,
498 MAC2STR(bss->bssid), MAC2STR(sta->addr));
500 wpa_printf(MSG_INFO, "INJECT: Auth " MACSTR " -> " MACSTR,
501 MAC2STR(sta->addr), MAC2STR(bss->bssid));
502 build_mgmt_hdr(&mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_AUTH);
504 mgmt.u.auth.auth_alg = host_to_le16(WLAN_AUTH_OPEN);
505 mgmt.u.auth.auth_transaction = host_to_le16(1);
506 mgmt.u.auth.status_code = host_to_le16(WLAN_STATUS_SUCCESS);
508 return wlantest_inject(wt, bss, sta, (u8 *) &mgmt, 24 + 6,
509 WLANTEST_INJECT_UNPROTECTED);
513 static int ctrl_inject_assocreq(struct wlantest *wt, struct wlantest_bss *bss,
514 struct wlantest_sta *sta, int sender_ap,
515 enum wlantest_inject_protection prot)
518 struct ieee80211_mgmt *mgmt;
521 if (prot != WLANTEST_INJECT_NORMAL &&
522 prot != WLANTEST_INJECT_UNPROTECTED)
523 return -1; /* Association Request frame is never protected */
525 return -1; /* No broadcast Association Request frames */
527 return -1; /* No Association Request frame sent by AP */
528 if (sta->assocreq_ies == NULL) {
529 wpa_printf(MSG_INFO, "INJECT: No previous (Re)Association "
530 "Request available for " MACSTR,
535 wpa_printf(MSG_INFO, "INJECT: AssocReq " MACSTR " -> " MACSTR,
536 MAC2STR(sta->addr), MAC2STR(bss->bssid));
537 buf = os_malloc(sizeof(*mgmt) + sta->assocreq_ies_len);
540 mgmt = (struct ieee80211_mgmt *) buf;
542 build_mgmt_hdr(mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_ASSOC_REQ);
544 mgmt->u.assoc_req.capab_info = host_to_le16(sta->assocreq_capab_info);
545 mgmt->u.assoc_req.listen_interval =
546 host_to_le16(sta->assocreq_listen_int);
547 os_memcpy(mgmt->u.assoc_req.variable, sta->assocreq_ies,
548 sta->assocreq_ies_len);
550 ret = wlantest_inject(wt, bss, sta, buf,
551 24 + 4 + sta->assocreq_ies_len,
552 WLANTEST_INJECT_UNPROTECTED);
558 static int ctrl_inject_reassocreq(struct wlantest *wt,
559 struct wlantest_bss *bss,
560 struct wlantest_sta *sta, int sender_ap,
561 enum wlantest_inject_protection prot)
564 struct ieee80211_mgmt *mgmt;
567 if (prot != WLANTEST_INJECT_NORMAL &&
568 prot != WLANTEST_INJECT_UNPROTECTED)
569 return -1; /* Reassociation Request frame is never protected */
571 return -1; /* No broadcast Reassociation Request frames */
573 return -1; /* No Reassociation Request frame sent by AP */
574 if (sta->assocreq_ies == NULL) {
575 wpa_printf(MSG_INFO, "INJECT: No previous (Re)Association "
576 "Request available for " MACSTR,
581 wpa_printf(MSG_INFO, "INJECT: ReassocReq " MACSTR " -> " MACSTR,
582 MAC2STR(sta->addr), MAC2STR(bss->bssid));
583 buf = os_malloc(sizeof(*mgmt) + sta->assocreq_ies_len);
586 mgmt = (struct ieee80211_mgmt *) buf;
588 build_mgmt_hdr(mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_REASSOC_REQ);
590 mgmt->u.reassoc_req.capab_info =
591 host_to_le16(sta->assocreq_capab_info);
592 mgmt->u.reassoc_req.listen_interval =
593 host_to_le16(sta->assocreq_listen_int);
594 os_memcpy(mgmt->u.reassoc_req.current_ap, bss->bssid, ETH_ALEN);
595 os_memcpy(mgmt->u.reassoc_req.variable, sta->assocreq_ies,
596 sta->assocreq_ies_len);
598 ret = wlantest_inject(wt, bss, sta, buf,
599 24 + 10 + sta->assocreq_ies_len,
600 WLANTEST_INJECT_UNPROTECTED);
606 static int ctrl_inject_deauth(struct wlantest *wt, struct wlantest_bss *bss,
607 struct wlantest_sta *sta, int sender_ap,
608 enum wlantest_inject_protection prot)
610 struct ieee80211_mgmt mgmt;
614 wpa_printf(MSG_INFO, "INJECT: Deauth " MACSTR " -> "
616 MAC2STR(bss->bssid), MAC2STR(sta->addr));
618 wpa_printf(MSG_INFO, "INJECT: Deauth " MACSTR
619 " -> broadcast", MAC2STR(bss->bssid));
621 wpa_printf(MSG_INFO, "INJECT: Deauth " MACSTR " -> " MACSTR,
622 MAC2STR(sta->addr), MAC2STR(bss->bssid));
623 build_mgmt_hdr(&mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_DEAUTH);
625 mgmt.u.deauth.reason_code = host_to_le16(WLAN_REASON_UNSPECIFIED);
627 return wlantest_inject(wt, bss, sta, (u8 *) &mgmt, 24 + 2, prot);
631 static int ctrl_inject_disassoc(struct wlantest *wt, struct wlantest_bss *bss,
632 struct wlantest_sta *sta, int sender_ap,
633 enum wlantest_inject_protection prot)
635 struct ieee80211_mgmt mgmt;
639 wpa_printf(MSG_INFO, "INJECT: Disassoc " MACSTR " -> "
641 MAC2STR(bss->bssid), MAC2STR(sta->addr));
643 wpa_printf(MSG_INFO, "INJECT: Disassoc " MACSTR
644 " -> broadcast", MAC2STR(bss->bssid));
646 wpa_printf(MSG_INFO, "INJECT: Disassoc " MACSTR " -> " MACSTR,
647 MAC2STR(sta->addr), MAC2STR(bss->bssid));
648 build_mgmt_hdr(&mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_DISASSOC);
650 mgmt.u.disassoc.reason_code = host_to_le16(WLAN_REASON_UNSPECIFIED);
652 return wlantest_inject(wt, bss, sta, (u8 *) &mgmt, 24 + 2, prot);
656 static int ctrl_inject_saqueryreq(struct wlantest *wt,
657 struct wlantest_bss *bss,
658 struct wlantest_sta *sta, int sender_ap,
659 enum wlantest_inject_protection prot)
661 struct ieee80211_mgmt mgmt;
664 return -1; /* No broadcast SA Query frames */
667 wpa_printf(MSG_INFO, "INJECT: SA Query Request " MACSTR " -> "
668 MACSTR, MAC2STR(bss->bssid), MAC2STR(sta->addr));
670 wpa_printf(MSG_INFO, "INJECT: SA Query Request " MACSTR " -> "
671 MACSTR, MAC2STR(sta->addr), MAC2STR(bss->bssid));
672 build_mgmt_hdr(&mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_ACTION);
674 mgmt.u.action.category = WLAN_ACTION_SA_QUERY;
675 mgmt.u.action.u.sa_query_req.action = WLAN_SA_QUERY_REQUEST;
676 mgmt.u.action.u.sa_query_req.trans_id[0] = 0x12;
677 mgmt.u.action.u.sa_query_req.trans_id[1] = 0x34;
678 os_memcpy(sender_ap ? sta->ap_sa_query_tr : sta->sta_sa_query_tr,
679 mgmt.u.action.u.sa_query_req.trans_id,
680 WLAN_SA_QUERY_TR_ID_LEN);
681 return wlantest_inject(wt, bss, sta, (u8 *) &mgmt, 24 + 4, prot);
685 static void ctrl_inject(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
687 u8 *bssid, *sta_addr;
688 struct wlantest_bss *bss;
689 struct wlantest_sta *sta;
690 int frame, sender_ap, prot;
693 bssid = attr_get_macaddr(cmd, clen, WLANTEST_ATTR_BSSID);
694 sta_addr = attr_get_macaddr(cmd, clen, WLANTEST_ATTR_STA_ADDR);
695 frame = attr_get_int(cmd, clen, WLANTEST_ATTR_INJECT_FRAME);
696 sender_ap = attr_get_int(cmd, clen, WLANTEST_ATTR_INJECT_SENDER_AP);
699 prot = attr_get_int(cmd, clen, WLANTEST_ATTR_INJECT_PROTECTION);
700 if (bssid == NULL || sta_addr == NULL || frame < 0 || prot < 0) {
701 wpa_printf(MSG_INFO, "Invalid inject command parameters");
702 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
706 bss = bss_find(wt, bssid);
708 wpa_printf(MSG_INFO, "BSS not found for inject command");
709 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
713 if (is_broadcast_ether_addr(sta_addr)) {
715 wpa_printf(MSG_INFO, "Invalid broadcast inject "
716 "command without sender_ap set");
717 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
721 sta = sta_find(bss, sta_addr);
723 wpa_printf(MSG_INFO, "Station not found for inject "
725 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
731 case WLANTEST_FRAME_AUTH:
732 ret = ctrl_inject_auth(wt, bss, sta, sender_ap, prot);
734 case WLANTEST_FRAME_ASSOCREQ:
735 ret = ctrl_inject_assocreq(wt, bss, sta, sender_ap, prot);
737 case WLANTEST_FRAME_REASSOCREQ:
738 ret = ctrl_inject_reassocreq(wt, bss, sta, sender_ap, prot);
740 case WLANTEST_FRAME_DEAUTH:
741 ret = ctrl_inject_deauth(wt, bss, sta, sender_ap, prot);
743 case WLANTEST_FRAME_DISASSOC:
744 ret = ctrl_inject_disassoc(wt, bss, sta, sender_ap, prot);
746 case WLANTEST_FRAME_SAQUERYREQ:
747 ret = ctrl_inject_saqueryreq(wt, bss, sta, sender_ap, prot);
750 wpa_printf(MSG_INFO, "Unsupported inject command frame %d",
752 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
757 wpa_printf(MSG_INFO, "Failed to inject frame");
759 wpa_printf(MSG_INFO, "Frame injected successfully");
760 ctrl_send_simple(wt, sock, ret == 0 ? WLANTEST_CTRL_SUCCESS :
761 WLANTEST_CTRL_FAILURE);
765 static void ctrl_version(struct wlantest *wt, int sock)
767 u8 buf[WLANTEST_CTRL_MAX_RESP_LEN], *pos;
770 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
772 pos = attr_add_str(pos, buf + sizeof(buf), WLANTEST_ATTR_VERSION,
774 ctrl_send(wt, sock, buf, pos - buf);
778 static void ctrl_add_passphrase(struct wlantest *wt, int sock, u8 *cmd,
783 struct wlantest_passphrase *p, *pa;
786 passphrase = attr_get(cmd, clen, WLANTEST_ATTR_PASSPHRASE, &len);
787 if (passphrase == NULL) {
790 enum wlantest_ctrl_cmd res;
792 wepkey = attr_get(cmd, clen, WLANTEST_ATTR_WEPKEY, &len);
793 if (wepkey == NULL) {
794 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
797 key = os_zalloc(len + 1);
799 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
802 os_memcpy(key, wepkey, len);
803 if (add_wep(wt, key) < 0)
804 res = WLANTEST_CTRL_FAILURE;
806 res = WLANTEST_CTRL_SUCCESS;
808 ctrl_send_simple(wt, sock, res);
812 if (len < 8 || len > 63) {
813 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
817 p = os_zalloc(sizeof(*p));
819 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
822 os_memcpy(p->passphrase, passphrase, len);
823 wpa_printf(MSG_INFO, "Add passphrase '%s'", p->passphrase);
825 bssid = attr_get_macaddr(cmd, clen, WLANTEST_ATTR_BSSID);
827 os_memcpy(p->bssid, bssid, ETH_ALEN);
828 wpa_printf(MSG_INFO, "Limit passphrase for BSSID " MACSTR,
832 dl_list_for_each(pa, &wt->passphrase, struct wlantest_passphrase, list)
834 if (os_strcmp(p->passphrase, pa->passphrase) == 0 &&
835 os_memcmp(p->bssid, pa->bssid, ETH_ALEN) == 0) {
836 wpa_printf(MSG_INFO, "Passphrase was already known");
844 struct wlantest_bss *bss;
845 dl_list_add(&wt->passphrase, &p->list);
846 dl_list_for_each(bss, &wt->bss, struct wlantest_bss, list) {
848 os_memcmp(p->bssid, bss->bssid, ETH_ALEN) != 0)
850 bss_add_pmk_from_passphrase(bss, p->passphrase);
854 ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
858 static void info_print_proto(char *buf, size_t len, int proto)
863 os_snprintf(buf, len, "OPEN");
870 if (proto & WPA_PROTO_WPA)
871 pos += os_snprintf(pos, end - pos, "%sWPA",
872 pos == buf ? "" : " ");
873 if (proto & WPA_PROTO_RSN)
874 pos += os_snprintf(pos, end - pos, "%sWPA2",
875 pos == buf ? "" : " ");
879 static void info_print_cipher(char *buf, size_t len, int cipher)
884 os_snprintf(buf, len, "N/A");
891 if (cipher & WPA_CIPHER_NONE)
892 pos += os_snprintf(pos, end - pos, "%sNONE",
893 pos == buf ? "" : " ");
894 if (cipher & WPA_CIPHER_WEP40)
895 pos += os_snprintf(pos, end - pos, "%sWEP40",
896 pos == buf ? "" : " ");
897 if (cipher & WPA_CIPHER_WEP104)
898 pos += os_snprintf(pos, end - pos, "%sWEP104",
899 pos == buf ? "" : " ");
900 if (cipher & WPA_CIPHER_TKIP)
901 pos += os_snprintf(pos, end - pos, "%sTKIP",
902 pos == buf ? "" : " ");
903 if (cipher & WPA_CIPHER_CCMP)
904 pos += os_snprintf(pos, end - pos, "%sCCMP",
905 pos == buf ? "" : " ");
906 if (cipher & WPA_CIPHER_AES_128_CMAC)
907 pos += os_snprintf(pos, end - pos, "%sBIP",
908 pos == buf ? "" : " ");
912 static void info_print_key_mgmt(char *buf, size_t len, int key_mgmt)
917 os_snprintf(buf, len, "N/A");
924 if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
925 pos += os_snprintf(pos, end - pos, "%sEAP",
926 pos == buf ? "" : " ");
927 if (key_mgmt & WPA_KEY_MGMT_PSK)
928 pos += os_snprintf(pos, end - pos, "%sPSK",
929 pos == buf ? "" : " ");
930 if (key_mgmt & WPA_KEY_MGMT_WPA_NONE)
931 pos += os_snprintf(pos, end - pos, "%sWPA-NONE",
932 pos == buf ? "" : " ");
933 if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
934 pos += os_snprintf(pos, end - pos, "%sFT-EAP",
935 pos == buf ? "" : " ");
936 if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
937 pos += os_snprintf(pos, end - pos, "%sFT-PSK",
938 pos == buf ? "" : " ");
939 if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
940 pos += os_snprintf(pos, end - pos, "%sEAP-SHA256",
941 pos == buf ? "" : " ");
942 if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
943 pos += os_snprintf(pos, end - pos, "%sPSK-SHA256",
944 pos == buf ? "" : " ");
945 if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
946 pos += os_snprintf(pos, end - pos, "%sEAP-SUITE-B",
947 pos == buf ? "" : " ");
951 static void info_print_rsn_capab(char *buf, size_t len, int capab)
958 if (capab & WPA_CAPABILITY_PREAUTH)
959 pos += os_snprintf(pos, end - pos, "%sPREAUTH",
960 pos == buf ? "" : " ");
961 if (capab & WPA_CAPABILITY_NO_PAIRWISE)
962 pos += os_snprintf(pos, end - pos, "%sNO_PAIRWISE",
963 pos == buf ? "" : " ");
964 if (capab & WPA_CAPABILITY_MFPR)
965 pos += os_snprintf(pos, end - pos, "%sMFPR",
966 pos == buf ? "" : " ");
967 if (capab & WPA_CAPABILITY_MFPC)
968 pos += os_snprintf(pos, end - pos, "%sMFPC",
969 pos == buf ? "" : " ");
970 if (capab & WPA_CAPABILITY_PEERKEY_ENABLED)
971 pos += os_snprintf(pos, end - pos, "%sPEERKEY",
972 pos == buf ? "" : " ");
976 static void info_print_state(char *buf, size_t len, int state)
980 os_strlcpy(buf, "NOT-AUTH", len);
983 os_strlcpy(buf, "AUTH", len);
986 os_strlcpy(buf, "AUTH+ASSOC", len);
992 static void info_print_gtk(char *buf, size_t len, struct wlantest_sta *sta)
996 pos = os_snprintf(buf, len, "IDX=%d,GTK=", sta->gtk_idx);
997 wpa_snprintf_hex(buf + pos, len - pos, sta->gtk, sta->gtk_len);
1001 static void ctrl_info_sta(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
1005 struct wlantest_bss *bss;
1006 struct wlantest_sta *sta;
1007 enum wlantest_sta_info info;
1008 u8 buf[4 + 108], *end, *pos;
1011 bss = ctrl_get_bss(wt, sock, cmd, clen);
1012 sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
1016 addr = attr_get(cmd, clen, WLANTEST_ATTR_STA_INFO, &addr_len);
1017 if (addr == NULL || addr_len != 4) {
1018 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
1021 info = WPA_GET_BE32(addr);
1025 case WLANTEST_STA_INFO_PROTO:
1026 info_print_proto(resp, sizeof(resp), sta->proto);
1028 case WLANTEST_STA_INFO_PAIRWISE:
1029 info_print_cipher(resp, sizeof(resp), sta->pairwise_cipher);
1031 case WLANTEST_STA_INFO_KEY_MGMT:
1032 info_print_key_mgmt(resp, sizeof(resp), sta->key_mgmt);
1034 case WLANTEST_STA_INFO_RSN_CAPAB:
1035 info_print_rsn_capab(resp, sizeof(resp), sta->rsn_capab);
1037 case WLANTEST_STA_INFO_STATE:
1038 info_print_state(resp, sizeof(resp), sta->state);
1040 case WLANTEST_STA_INFO_GTK:
1041 info_print_gtk(resp, sizeof(resp), sta);
1044 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
1049 end = buf + sizeof(buf);
1050 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
1052 pos = attr_add_str(pos, end, WLANTEST_ATTR_INFO, resp);
1053 ctrl_send(wt, sock, buf, pos - buf);
1057 static void ctrl_info_bss(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
1061 struct wlantest_bss *bss;
1062 enum wlantest_bss_info info;
1063 u8 buf[4 + 108], *end, *pos;
1066 bss = ctrl_get_bss(wt, sock, cmd, clen);
1070 addr = attr_get(cmd, clen, WLANTEST_ATTR_BSS_INFO, &addr_len);
1071 if (addr == NULL || addr_len != 4) {
1072 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
1075 info = WPA_GET_BE32(addr);
1079 case WLANTEST_BSS_INFO_PROTO:
1080 info_print_proto(resp, sizeof(resp), bss->proto);
1082 case WLANTEST_BSS_INFO_PAIRWISE:
1083 info_print_cipher(resp, sizeof(resp), bss->pairwise_cipher);
1085 case WLANTEST_BSS_INFO_GROUP:
1086 info_print_cipher(resp, sizeof(resp), bss->group_cipher);
1088 case WLANTEST_BSS_INFO_GROUP_MGMT:
1089 info_print_cipher(resp, sizeof(resp), bss->mgmt_group_cipher);
1091 case WLANTEST_BSS_INFO_KEY_MGMT:
1092 info_print_key_mgmt(resp, sizeof(resp), bss->key_mgmt);
1094 case WLANTEST_BSS_INFO_RSN_CAPAB:
1095 info_print_rsn_capab(resp, sizeof(resp), bss->rsn_capab);
1098 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
1103 end = buf + sizeof(buf);
1104 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
1106 pos = attr_add_str(pos, end, WLANTEST_ATTR_INFO, resp);
1107 ctrl_send(wt, sock, buf, pos - buf);
1111 static void ctrl_send_(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
1113 struct wlantest_bss *bss;
1114 struct wlantest_sta *sta;
1115 u8 *bssid, *sta_addr;
1120 struct ieee80211_hdr *hdr;
1123 frame = attr_get(cmd, clen, WLANTEST_ATTR_FRAME, &frame_len);
1124 prot = attr_get_int(cmd, clen, WLANTEST_ATTR_INJECT_PROTECTION);
1125 if (frame == NULL || frame_len < 24 || prot < 0) {
1126 wpa_printf(MSG_INFO, "Invalid send command parameters");
1127 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
1131 hdr = (struct ieee80211_hdr *) frame;
1132 fc = le_to_host16(hdr->frame_control);
1133 switch (WLAN_FC_GET_TYPE(fc)) {
1134 case WLAN_FC_TYPE_MGMT:
1136 if (os_memcmp(hdr->addr2, hdr->addr3, ETH_ALEN) == 0)
1137 sta_addr = hdr->addr1;
1139 sta_addr = hdr->addr2;
1141 case WLAN_FC_TYPE_DATA:
1142 switch (fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) {
1145 sta_addr = hdr->addr2;
1149 sta_addr = hdr->addr2;
1151 case WLAN_FC_FROMDS:
1153 sta_addr = hdr->addr1;
1156 wpa_printf(MSG_INFO, "Unsupported inject frame");
1157 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
1162 wpa_printf(MSG_INFO, "Unsupported inject frame");
1163 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
1167 bss = bss_find(wt, bssid);
1168 if (bss == NULL && prot != WLANTEST_INJECT_UNPROTECTED) {
1169 wpa_printf(MSG_INFO, "Unknown BSSID");
1170 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
1175 sta = sta_find(bss, sta_addr);
1178 if (sta == NULL && prot != WLANTEST_INJECT_UNPROTECTED) {
1179 wpa_printf(MSG_INFO, "Unknown STA address");
1180 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
1184 ret = wlantest_inject(wt, bss, sta, frame, frame_len, prot);
1187 wpa_printf(MSG_INFO, "Failed to inject frame");
1189 wpa_printf(MSG_INFO, "Frame injected successfully");
1190 ctrl_send_simple(wt, sock, ret == 0 ? WLANTEST_CTRL_SUCCESS :
1191 WLANTEST_CTRL_FAILURE);
1195 static void ctrl_relog(struct wlantest *wt, int sock)
1197 int res = wlantest_relog(wt);
1198 ctrl_send_simple(wt, sock, res ? WLANTEST_CTRL_FAILURE :
1199 WLANTEST_CTRL_SUCCESS);
1203 static void ctrl_get_tx_tid(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
1207 struct wlantest_bss *bss;
1208 struct wlantest_sta *sta;
1210 u8 buf[4 + 12], *end, *pos;
1212 bss = ctrl_get_bss(wt, sock, cmd, clen);
1213 sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
1217 addr = attr_get(cmd, clen, WLANTEST_ATTR_TID, &addr_len);
1218 if (addr == NULL || addr_len != 4) {
1219 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
1222 counter = WPA_GET_BE32(addr);
1223 if (counter >= 16 + 1) {
1224 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
1229 end = buf + sizeof(buf);
1230 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
1232 pos = attr_add_be32(pos, end, WLANTEST_ATTR_COUNTER,
1233 sta->tx_tid[counter]);
1234 ctrl_send(wt, sock, buf, pos - buf);
1238 static void ctrl_get_rx_tid(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
1242 struct wlantest_bss *bss;
1243 struct wlantest_sta *sta;
1245 u8 buf[4 + 12], *end, *pos;
1247 bss = ctrl_get_bss(wt, sock, cmd, clen);
1248 sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
1252 addr = attr_get(cmd, clen, WLANTEST_ATTR_TID, &addr_len);
1253 if (addr == NULL || addr_len != 4) {
1254 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
1257 counter = WPA_GET_BE32(addr);
1258 if (counter >= 16 + 1) {
1259 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
1264 end = buf + sizeof(buf);
1265 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
1267 pos = attr_add_be32(pos, end, WLANTEST_ATTR_COUNTER,
1268 sta->rx_tid[counter]);
1269 ctrl_send(wt, sock, buf, pos - buf);
1273 static void ctrl_read(int sock, void *eloop_ctx, void *sock_ctx)
1275 struct wlantest *wt = eloop_ctx;
1276 u8 buf[WLANTEST_CTRL_MAX_CMD_LEN];
1278 enum wlantest_ctrl_cmd cmd;
1280 wpa_printf(MSG_EXCESSIVE, "New control interface message from %d",
1282 len = recv(sock, buf, sizeof(buf), 0);
1284 wpa_printf(MSG_INFO, "recv(ctrl): %s", strerror(errno));
1285 ctrl_disconnect(wt, sock);
1289 ctrl_disconnect(wt, sock);
1294 wpa_printf(MSG_INFO, "Too short control interface command "
1296 ctrl_disconnect(wt, sock);
1299 cmd = WPA_GET_BE32(buf);
1300 wpa_printf(MSG_EXCESSIVE, "Control interface command %d from %d",
1304 case WLANTEST_CTRL_PING:
1305 ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
1307 case WLANTEST_CTRL_TERMINATE:
1308 ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
1311 case WLANTEST_CTRL_LIST_BSS:
1312 ctrl_list_bss(wt, sock);
1314 case WLANTEST_CTRL_LIST_STA:
1315 ctrl_list_sta(wt, sock, buf + 4, len - 4);
1317 case WLANTEST_CTRL_FLUSH:
1318 ctrl_flush(wt, sock);
1320 case WLANTEST_CTRL_CLEAR_STA_COUNTERS:
1321 ctrl_clear_sta_counters(wt, sock, buf + 4, len - 4);
1323 case WLANTEST_CTRL_CLEAR_BSS_COUNTERS:
1324 ctrl_clear_bss_counters(wt, sock, buf + 4, len - 4);
1326 case WLANTEST_CTRL_CLEAR_TDLS_COUNTERS:
1327 ctrl_clear_tdls_counters(wt, sock, buf + 4, len - 4);
1329 case WLANTEST_CTRL_GET_STA_COUNTER:
1330 ctrl_get_sta_counter(wt, sock, buf + 4, len - 4);
1332 case WLANTEST_CTRL_GET_BSS_COUNTER:
1333 ctrl_get_bss_counter(wt, sock, buf + 4, len - 4);
1335 case WLANTEST_CTRL_GET_TDLS_COUNTER:
1336 ctrl_get_tdls_counter(wt, sock, buf + 4, len - 4);
1338 case WLANTEST_CTRL_INJECT:
1339 ctrl_inject(wt, sock, buf + 4, len - 4);
1341 case WLANTEST_CTRL_VERSION:
1342 ctrl_version(wt, sock);
1344 case WLANTEST_CTRL_ADD_PASSPHRASE:
1345 ctrl_add_passphrase(wt, sock, buf + 4, len - 4);
1347 case WLANTEST_CTRL_INFO_STA:
1348 ctrl_info_sta(wt, sock, buf + 4, len - 4);
1350 case WLANTEST_CTRL_INFO_BSS:
1351 ctrl_info_bss(wt, sock, buf + 4, len - 4);
1353 case WLANTEST_CTRL_SEND:
1354 ctrl_send_(wt, sock, buf + 4, len - 4);
1356 case WLANTEST_CTRL_RELOG:
1357 ctrl_relog(wt, sock);
1359 case WLANTEST_CTRL_GET_TX_TID:
1360 ctrl_get_tx_tid(wt, sock, buf + 4, len - 4);
1362 case WLANTEST_CTRL_GET_RX_TID:
1363 ctrl_get_rx_tid(wt, sock, buf + 4, len - 4);
1366 ctrl_send_simple(wt, sock, WLANTEST_CTRL_UNKNOWN_CMD);
1372 static void ctrl_connect(int sock, void *eloop_ctx, void *sock_ctx)
1374 struct wlantest *wt = eloop_ctx;
1377 conn = accept(sock, NULL, NULL);
1379 wpa_printf(MSG_INFO, "accept(ctrl): %s", strerror(errno));
1382 wpa_printf(MSG_MSGDUMP, "New control interface connection %d", conn);
1384 for (i = 0; i < MAX_CTRL_CONNECTIONS; i++) {
1385 if (wt->ctrl_socks[i] < 0)
1389 if (i == MAX_CTRL_CONNECTIONS) {
1390 wpa_printf(MSG_INFO, "No room for new control connection");
1395 wt->ctrl_socks[i] = conn;
1396 eloop_register_read_sock(conn, ctrl_read, wt, NULL);
1400 int ctrl_init(struct wlantest *wt)
1402 struct sockaddr_un addr;
1404 wt->ctrl_sock = socket(AF_UNIX, SOCK_SEQPACKET, 0);
1405 if (wt->ctrl_sock < 0) {
1406 wpa_printf(MSG_ERROR, "socket: %s", strerror(errno));
1410 os_memset(&addr, 0, sizeof(addr));
1411 addr.sun_family = AF_UNIX;
1412 os_strlcpy(addr.sun_path + 1, WLANTEST_SOCK_NAME,
1413 sizeof(addr.sun_path) - 1);
1414 if (bind(wt->ctrl_sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
1415 wpa_printf(MSG_ERROR, "bind: %s", strerror(errno));
1416 close(wt->ctrl_sock);
1421 if (listen(wt->ctrl_sock, 5) < 0) {
1422 wpa_printf(MSG_ERROR, "listen: %s", strerror(errno));
1423 close(wt->ctrl_sock);
1428 if (eloop_register_read_sock(wt->ctrl_sock, ctrl_connect, wt, NULL)) {
1429 close(wt->ctrl_sock);
1438 void ctrl_deinit(struct wlantest *wt)
1442 if (wt->ctrl_sock < 0)
1445 for (i = 0; i < MAX_CTRL_CONNECTIONS; i++) {
1446 if (wt->ctrl_socks[i] >= 0) {
1447 close(wt->ctrl_socks[i]);
1448 eloop_unregister_read_sock(wt->ctrl_socks[i]);
1449 wt->ctrl_socks[i] = -1;
1453 eloop_unregister_read_sock(wt->ctrl_sock);
1454 close(wt->ctrl_sock);
projects / mech_eap.git / blob