2 * wlantest control interface
3 * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
15 #include "utils/includes.h"
18 #include "utils/common.h"
19 #include "utils/eloop.h"
20 #include "common/defs.h"
21 #include "common/version.h"
22 #include "common/ieee802_11_defs.h"
24 #include "wlantest_ctrl.h"
27 static u8 * attr_get(u8 *buf, size_t buflen, enum wlantest_ctrl_attr attr,
32 while (pos + 8 <= buf + buflen) {
33 enum wlantest_ctrl_attr a;
35 a = WPA_GET_BE32(pos);
37 alen = WPA_GET_BE32(pos);
39 if (pos + alen > buf + buflen) {
40 wpa_printf(MSG_DEBUG, "Invalid control message "
55 static u8 * attr_get_macaddr(u8 *buf, size_t buflen,
56 enum wlantest_ctrl_attr attr)
60 addr = attr_get(buf, buflen, attr, &addr_len);
61 if (addr && addr_len != ETH_ALEN)
67 static int attr_get_int(u8 *buf, size_t buflen, enum wlantest_ctrl_attr attr)
71 pos = attr_get(buf, buflen, attr, &len);
72 if (pos == NULL || len != 4)
74 return WPA_GET_BE32(pos);
78 static u8 * attr_add_str(u8 *pos, u8 *end, enum wlantest_ctrl_attr attr,
81 size_t len = os_strlen(str);
83 if (pos == NULL || end - pos < 8 + len)
85 WPA_PUT_BE32(pos, attr);
87 WPA_PUT_BE32(pos, len);
89 os_memcpy(pos, str, len);
95 static u8 * attr_add_be32(u8 *pos, u8 *end, enum wlantest_ctrl_attr attr,
98 if (pos == NULL || end - pos < 12)
100 WPA_PUT_BE32(pos, attr);
102 WPA_PUT_BE32(pos, 4);
104 WPA_PUT_BE32(pos, val);
110 static void ctrl_disconnect(struct wlantest *wt, int sock)
113 wpa_printf(MSG_DEBUG, "Disconnect control interface connection %d",
115 for (i = 0; i < MAX_CTRL_CONNECTIONS; i++) {
116 if (wt->ctrl_socks[i] == sock) {
117 close(wt->ctrl_socks[i]);
118 eloop_unregister_read_sock(wt->ctrl_socks[i]);
119 wt->ctrl_socks[i] = -1;
126 static void ctrl_send(struct wlantest *wt, int sock, const u8 *buf,
129 if (send(sock, buf, len, 0) < 0) {
130 wpa_printf(MSG_INFO, "send(ctrl): %s", strerror(errno));
131 ctrl_disconnect(wt, sock);
136 static void ctrl_send_simple(struct wlantest *wt, int sock,
137 enum wlantest_ctrl_cmd cmd)
140 WPA_PUT_BE32(buf, cmd);
141 ctrl_send(wt, sock, buf, sizeof(buf));
145 static struct wlantest_bss * ctrl_get_bss(struct wlantest *wt, int sock,
146 u8 *cmd, size_t clen)
148 struct wlantest_bss *bss;
152 pos = attr_get(cmd, clen, WLANTEST_ATTR_BSSID, &len);
153 if (pos == NULL || len != ETH_ALEN) {
154 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
158 bss = bss_find(wt, pos);
160 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
168 static struct wlantest_sta * ctrl_get_sta(struct wlantest *wt, int sock,
169 u8 *cmd, size_t clen,
170 struct wlantest_bss *bss)
172 struct wlantest_sta *sta;
179 pos = attr_get(cmd, clen, WLANTEST_ATTR_STA_ADDR, &len);
180 if (pos == NULL || len != ETH_ALEN) {
181 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
185 sta = sta_find(bss, pos);
187 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
195 static void ctrl_list_bss(struct wlantest *wt, int sock)
197 u8 buf[WLANTEST_CTRL_MAX_RESP_LEN], *pos, *len;
198 struct wlantest_bss *bss;
201 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
203 WPA_PUT_BE32(pos, WLANTEST_ATTR_BSSID);
205 len = pos; /* to be filled */
208 dl_list_for_each(bss, &wt->bss, struct wlantest_bss, list) {
209 if (pos + ETH_ALEN > buf + WLANTEST_CTRL_MAX_RESP_LEN)
211 os_memcpy(pos, bss->bssid, ETH_ALEN);
215 WPA_PUT_BE32(len, pos - len - 4);
216 ctrl_send(wt, sock, buf, pos - buf);
220 static void ctrl_list_sta(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
222 u8 buf[WLANTEST_CTRL_MAX_RESP_LEN], *pos, *len;
223 struct wlantest_bss *bss;
224 struct wlantest_sta *sta;
226 bss = ctrl_get_bss(wt, sock, cmd, clen);
231 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
233 WPA_PUT_BE32(pos, WLANTEST_ATTR_STA_ADDR);
235 len = pos; /* to be filled */
238 dl_list_for_each(sta, &bss->sta, struct wlantest_sta, list) {
239 if (pos + ETH_ALEN > buf + WLANTEST_CTRL_MAX_RESP_LEN)
241 os_memcpy(pos, sta->addr, ETH_ALEN);
245 WPA_PUT_BE32(len, pos - len - 4);
246 ctrl_send(wt, sock, buf, pos - buf);
250 static void ctrl_flush(struct wlantest *wt, int sock)
252 wpa_printf(MSG_DEBUG, "Drop all collected BSS data");
254 ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
258 static void ctrl_clear_sta_counters(struct wlantest *wt, int sock, u8 *cmd,
261 struct wlantest_bss *bss;
262 struct wlantest_sta *sta;
264 bss = ctrl_get_bss(wt, sock, cmd, clen);
265 sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
269 os_memset(sta->counters, 0, sizeof(sta->counters));
270 ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
274 static void ctrl_clear_bss_counters(struct wlantest *wt, int sock, u8 *cmd,
277 struct wlantest_bss *bss;
279 bss = ctrl_get_bss(wt, sock, cmd, clen);
283 os_memset(bss->counters, 0, sizeof(bss->counters));
284 ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
288 static void ctrl_get_sta_counter(struct wlantest *wt, int sock, u8 *cmd,
293 struct wlantest_bss *bss;
294 struct wlantest_sta *sta;
296 u8 buf[4 + 12], *end, *pos;
298 bss = ctrl_get_bss(wt, sock, cmd, clen);
299 sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
303 addr = attr_get(cmd, clen, WLANTEST_ATTR_STA_COUNTER, &addr_len);
304 if (addr == NULL || addr_len != 4) {
305 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
308 counter = WPA_GET_BE32(addr);
309 if (counter >= NUM_WLANTEST_STA_COUNTER) {
310 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
315 end = buf + sizeof(buf);
316 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
318 pos = attr_add_be32(pos, end, WLANTEST_ATTR_COUNTER,
319 sta->counters[counter]);
320 ctrl_send(wt, sock, buf, pos - buf);
324 static void ctrl_get_bss_counter(struct wlantest *wt, int sock, u8 *cmd,
329 struct wlantest_bss *bss;
331 u8 buf[4 + 12], *end, *pos;
333 bss = ctrl_get_bss(wt, sock, cmd, clen);
337 addr = attr_get(cmd, clen, WLANTEST_ATTR_BSS_COUNTER, &addr_len);
338 if (addr == NULL || addr_len != 4) {
339 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
342 counter = WPA_GET_BE32(addr);
343 if (counter >= NUM_WLANTEST_BSS_COUNTER) {
344 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
349 end = buf + sizeof(buf);
350 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
352 pos = attr_add_be32(pos, end, WLANTEST_ATTR_COUNTER,
353 bss->counters[counter]);
354 ctrl_send(wt, sock, buf, pos - buf);
358 static void build_mgmt_hdr(struct ieee80211_mgmt *mgmt,
359 struct wlantest_bss *bss, struct wlantest_sta *sta,
360 int sender_ap, int stype)
362 os_memset(mgmt, 0, 24);
363 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, stype);
366 os_memcpy(mgmt->da, sta->addr, ETH_ALEN);
368 os_memset(mgmt->da, 0xff, ETH_ALEN);
369 os_memcpy(mgmt->sa, bss->bssid, ETH_ALEN);
371 os_memcpy(mgmt->da, bss->bssid, ETH_ALEN);
372 os_memcpy(mgmt->sa, sta->addr, ETH_ALEN);
374 os_memcpy(mgmt->bssid, bss->bssid, ETH_ALEN);
378 static int ctrl_inject_auth(struct wlantest *wt, struct wlantest_bss *bss,
379 struct wlantest_sta *sta, int sender_ap,
380 enum wlantest_inject_protection prot)
382 struct ieee80211_mgmt mgmt;
384 if (prot != WLANTEST_INJECT_NORMAL &&
385 prot != WLANTEST_INJECT_UNPROTECTED)
386 return -1; /* Authentication frame is never protected */
388 return -1; /* No broadcast Authentication frames */
391 wpa_printf(MSG_INFO, "INJECT: Auth " MACSTR " -> " MACSTR,
392 MAC2STR(bss->bssid), MAC2STR(sta->addr));
394 wpa_printf(MSG_INFO, "INJECT: Auth " MACSTR " -> " MACSTR,
395 MAC2STR(sta->addr), MAC2STR(bss->bssid));
396 build_mgmt_hdr(&mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_AUTH);
398 mgmt.u.auth.auth_alg = host_to_le16(WLAN_AUTH_OPEN);
399 mgmt.u.auth.auth_transaction = host_to_le16(1);
400 mgmt.u.auth.status_code = host_to_le16(WLAN_STATUS_SUCCESS);
402 return wlantest_inject(wt, bss, sta, (u8 *) &mgmt, 24 + 6,
403 WLANTEST_INJECT_UNPROTECTED);
407 static int ctrl_inject_assocreq(struct wlantest *wt, struct wlantest_bss *bss,
408 struct wlantest_sta *sta, int sender_ap,
409 enum wlantest_inject_protection prot)
412 struct ieee80211_mgmt *mgmt;
415 if (prot != WLANTEST_INJECT_NORMAL &&
416 prot != WLANTEST_INJECT_UNPROTECTED)
417 return -1; /* Association Request frame is never protected */
419 return -1; /* No broadcast Association Request frames */
421 return -1; /* No Association Request frame sent by AP */
422 if (sta->assocreq_ies == NULL) {
423 wpa_printf(MSG_INFO, "INJECT: No previous (Re)Association "
424 "Request available for " MACSTR,
429 wpa_printf(MSG_INFO, "INJECT: AssocReq " MACSTR " -> " MACSTR,
430 MAC2STR(sta->addr), MAC2STR(bss->bssid));
431 buf = os_malloc(sizeof(*mgmt) + sta->assocreq_ies_len);
434 mgmt = (struct ieee80211_mgmt *) buf;
436 build_mgmt_hdr(mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_ASSOC_REQ);
438 mgmt->u.assoc_req.capab_info = host_to_le16(sta->assocreq_capab_info);
439 mgmt->u.assoc_req.listen_interval =
440 host_to_le16(sta->assocreq_listen_int);
441 os_memcpy(mgmt->u.assoc_req.variable, sta->assocreq_ies,
442 sta->assocreq_ies_len);
444 ret = wlantest_inject(wt, bss, sta, buf,
445 24 + 4 + sta->assocreq_ies_len,
446 WLANTEST_INJECT_UNPROTECTED);
452 static int ctrl_inject_reassocreq(struct wlantest *wt,
453 struct wlantest_bss *bss,
454 struct wlantest_sta *sta, int sender_ap,
455 enum wlantest_inject_protection prot)
458 struct ieee80211_mgmt *mgmt;
461 if (prot != WLANTEST_INJECT_NORMAL &&
462 prot != WLANTEST_INJECT_UNPROTECTED)
463 return -1; /* Reassociation Request frame is never protected */
465 return -1; /* No broadcast Reassociation Request frames */
467 return -1; /* No Reassociation Request frame sent by AP */
468 if (sta->assocreq_ies == NULL) {
469 wpa_printf(MSG_INFO, "INJECT: No previous (Re)Association "
470 "Request available for " MACSTR,
475 wpa_printf(MSG_INFO, "INJECT: ReassocReq " MACSTR " -> " MACSTR,
476 MAC2STR(sta->addr), MAC2STR(bss->bssid));
477 buf = os_malloc(sizeof(*mgmt) + sta->assocreq_ies_len);
480 mgmt = (struct ieee80211_mgmt *) buf;
482 build_mgmt_hdr(mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_REASSOC_REQ);
484 mgmt->u.reassoc_req.capab_info =
485 host_to_le16(sta->assocreq_capab_info);
486 mgmt->u.reassoc_req.listen_interval =
487 host_to_le16(sta->assocreq_listen_int);
488 os_memcpy(mgmt->u.reassoc_req.current_ap, bss->bssid, ETH_ALEN);
489 os_memcpy(mgmt->u.reassoc_req.variable, sta->assocreq_ies,
490 sta->assocreq_ies_len);
492 ret = wlantest_inject(wt, bss, sta, buf,
493 24 + 10 + sta->assocreq_ies_len,
494 WLANTEST_INJECT_UNPROTECTED);
500 static int ctrl_inject_deauth(struct wlantest *wt, struct wlantest_bss *bss,
501 struct wlantest_sta *sta, int sender_ap,
502 enum wlantest_inject_protection prot)
504 struct ieee80211_mgmt mgmt;
508 wpa_printf(MSG_INFO, "INJECT: Deauth " MACSTR " -> "
510 MAC2STR(bss->bssid), MAC2STR(sta->addr));
512 wpa_printf(MSG_INFO, "INJECT: Deauth " MACSTR
513 " -> broadcast", MAC2STR(bss->bssid));
515 wpa_printf(MSG_INFO, "INJECT: Deauth " MACSTR " -> " MACSTR,
516 MAC2STR(sta->addr), MAC2STR(bss->bssid));
517 build_mgmt_hdr(&mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_DEAUTH);
519 mgmt.u.deauth.reason_code = host_to_le16(WLAN_REASON_UNSPECIFIED);
521 return wlantest_inject(wt, bss, sta, (u8 *) &mgmt, 24 + 2, prot);
525 static int ctrl_inject_disassoc(struct wlantest *wt, struct wlantest_bss *bss,
526 struct wlantest_sta *sta, int sender_ap,
527 enum wlantest_inject_protection prot)
529 struct ieee80211_mgmt mgmt;
533 wpa_printf(MSG_INFO, "INJECT: Disassoc " MACSTR " -> "
535 MAC2STR(bss->bssid), MAC2STR(sta->addr));
537 wpa_printf(MSG_INFO, "INJECT: Disassoc " MACSTR
538 " -> broadcast", MAC2STR(bss->bssid));
540 wpa_printf(MSG_INFO, "INJECT: Disassoc " MACSTR " -> " MACSTR,
541 MAC2STR(sta->addr), MAC2STR(bss->bssid));
542 build_mgmt_hdr(&mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_DISASSOC);
544 mgmt.u.disassoc.reason_code = host_to_le16(WLAN_REASON_UNSPECIFIED);
546 return wlantest_inject(wt, bss, sta, (u8 *) &mgmt, 24 + 2, prot);
550 static int ctrl_inject_saqueryreq(struct wlantest *wt,
551 struct wlantest_bss *bss,
552 struct wlantest_sta *sta, int sender_ap,
553 enum wlantest_inject_protection prot)
555 struct ieee80211_mgmt mgmt;
558 return -1; /* No broadcast SA Query frames */
561 wpa_printf(MSG_INFO, "INJECT: SA Query Request " MACSTR " -> "
562 MACSTR, MAC2STR(bss->bssid), MAC2STR(sta->addr));
564 wpa_printf(MSG_INFO, "INJECT: SA Query Request " MACSTR " -> "
565 MACSTR, MAC2STR(sta->addr), MAC2STR(bss->bssid));
566 build_mgmt_hdr(&mgmt, bss, sta, sender_ap, WLAN_FC_STYPE_ACTION);
568 mgmt.u.action.category = WLAN_ACTION_SA_QUERY;
569 mgmt.u.action.u.sa_query_req.action = WLAN_SA_QUERY_REQUEST;
570 mgmt.u.action.u.sa_query_req.trans_id[0] = 0x12;
571 mgmt.u.action.u.sa_query_req.trans_id[1] = 0x34;
572 os_memcpy(sender_ap ? sta->ap_sa_query_tr : sta->sta_sa_query_tr,
573 mgmt.u.action.u.sa_query_req.trans_id,
574 WLAN_SA_QUERY_TR_ID_LEN);
575 return wlantest_inject(wt, bss, sta, (u8 *) &mgmt, 24 + 4, prot);
579 static void ctrl_inject(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
581 u8 *bssid, *sta_addr;
582 struct wlantest_bss *bss;
583 struct wlantest_sta *sta;
584 int frame, sender_ap, prot;
587 bssid = attr_get_macaddr(cmd, clen, WLANTEST_ATTR_BSSID);
588 sta_addr = attr_get_macaddr(cmd, clen, WLANTEST_ATTR_STA_ADDR);
589 frame = attr_get_int(cmd, clen, WLANTEST_ATTR_INJECT_FRAME);
590 sender_ap = attr_get_int(cmd, clen, WLANTEST_ATTR_INJECT_SENDER_AP);
593 prot = attr_get_int(cmd, clen, WLANTEST_ATTR_INJECT_PROTECTION);
594 if (bssid == NULL || sta_addr == NULL || frame < 0 || prot < 0) {
595 wpa_printf(MSG_INFO, "Invalid inject command parameters");
596 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
600 bss = bss_find(wt, bssid);
602 wpa_printf(MSG_INFO, "BSS not found for inject command");
603 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
607 if (is_broadcast_ether_addr(sta_addr)) {
609 wpa_printf(MSG_INFO, "Invalid broadcast inject "
610 "command without sender_ap set");
611 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
615 sta = sta_find(bss, sta_addr);
617 wpa_printf(MSG_INFO, "Station not found for inject "
619 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
625 case WLANTEST_FRAME_AUTH:
626 ret = ctrl_inject_auth(wt, bss, sta, sender_ap, prot);
628 case WLANTEST_FRAME_ASSOCREQ:
629 ret = ctrl_inject_assocreq(wt, bss, sta, sender_ap, prot);
631 case WLANTEST_FRAME_REASSOCREQ:
632 ret = ctrl_inject_reassocreq(wt, bss, sta, sender_ap, prot);
634 case WLANTEST_FRAME_DEAUTH:
635 ret = ctrl_inject_deauth(wt, bss, sta, sender_ap, prot);
637 case WLANTEST_FRAME_DISASSOC:
638 ret = ctrl_inject_disassoc(wt, bss, sta, sender_ap, prot);
640 case WLANTEST_FRAME_SAQUERYREQ:
641 ret = ctrl_inject_saqueryreq(wt, bss, sta, sender_ap, prot);
644 wpa_printf(MSG_INFO, "Unsupported inject command frame %d",
646 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
651 wpa_printf(MSG_INFO, "Failed to inject frame");
653 wpa_printf(MSG_INFO, "Frame injected successfully");
654 ctrl_send_simple(wt, sock, ret == 0 ? WLANTEST_CTRL_SUCCESS :
655 WLANTEST_CTRL_FAILURE);
659 static void ctrl_version(struct wlantest *wt, int sock)
661 u8 buf[WLANTEST_CTRL_MAX_RESP_LEN], *pos;
664 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
666 pos = attr_add_str(pos, buf + sizeof(buf), WLANTEST_ATTR_VERSION,
668 ctrl_send(wt, sock, buf, pos - buf);
672 static void ctrl_add_passphrase(struct wlantest *wt, int sock, u8 *cmd,
677 struct wlantest_passphrase *p, *pa;
680 passphrase = attr_get(cmd, clen, WLANTEST_ATTR_PASSPHRASE, &len);
681 if (passphrase == NULL || len < 8 || len > 63) {
682 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
686 p = os_zalloc(sizeof(*p));
688 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
691 os_memcpy(p->passphrase, passphrase, len);
692 wpa_printf(MSG_INFO, "Add passphrase '%s'", p->passphrase);
694 bssid = attr_get_macaddr(cmd, clen, WLANTEST_ATTR_BSSID);
696 os_memcpy(p->bssid, bssid, ETH_ALEN);
697 wpa_printf(MSG_INFO, "Limit passphrase for BSSID " MACSTR,
701 dl_list_for_each(pa, &wt->passphrase, struct wlantest_passphrase, list)
703 if (os_strcmp(p->passphrase, pa->passphrase) == 0 &&
704 os_memcmp(p->bssid, pa->bssid, ETH_ALEN) == 0) {
705 wpa_printf(MSG_INFO, "Passphrase was already known");
713 struct wlantest_bss *bss;
714 dl_list_add(&wt->passphrase, &p->list);
715 dl_list_for_each(bss, &wt->bss, struct wlantest_bss, list) {
717 os_memcmp(p->bssid, bss->bssid, ETH_ALEN) != 0)
719 bss_add_pmk_from_passphrase(bss, p->passphrase);
723 ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
727 static void info_print_proto(char *buf, size_t len, int proto)
732 os_snprintf(buf, len, "OPEN");
739 if (proto & WPA_PROTO_WPA)
740 pos += os_snprintf(pos, end - pos, "%sWPA",
741 pos == buf ? "" : " ");
742 if (proto & WPA_PROTO_RSN)
743 pos += os_snprintf(pos, end - pos, "%sWPA2",
744 pos == buf ? "" : " ");
748 static void info_print_cipher(char *buf, size_t len, int cipher)
753 os_snprintf(buf, len, "N/A");
760 if (cipher & WPA_CIPHER_NONE)
761 pos += os_snprintf(pos, end - pos, "%sNONE",
762 pos == buf ? "" : " ");
763 if (cipher & WPA_CIPHER_WEP40)
764 pos += os_snprintf(pos, end - pos, "%sWEP40",
765 pos == buf ? "" : " ");
766 if (cipher & WPA_CIPHER_WEP104)
767 pos += os_snprintf(pos, end - pos, "%sWEP104",
768 pos == buf ? "" : " ");
769 if (cipher & WPA_CIPHER_TKIP)
770 pos += os_snprintf(pos, end - pos, "%sTKIP",
771 pos == buf ? "" : " ");
772 if (cipher & WPA_CIPHER_CCMP)
773 pos += os_snprintf(pos, end - pos, "%sCCMP",
774 pos == buf ? "" : " ");
775 if (cipher & WPA_CIPHER_AES_128_CMAC)
776 pos += os_snprintf(pos, end - pos, "%sBIP",
777 pos == buf ? "" : " ");
781 static void info_print_key_mgmt(char *buf, size_t len, int key_mgmt)
786 os_snprintf(buf, len, "N/A");
793 if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
794 pos += os_snprintf(pos, end - pos, "%sEAP",
795 pos == buf ? "" : " ");
796 if (key_mgmt & WPA_KEY_MGMT_PSK)
797 pos += os_snprintf(pos, end - pos, "%sPSK",
798 pos == buf ? "" : " ");
799 if (key_mgmt & WPA_KEY_MGMT_WPA_NONE)
800 pos += os_snprintf(pos, end - pos, "%sWPA-NONE",
801 pos == buf ? "" : " ");
802 if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
803 pos += os_snprintf(pos, end - pos, "%sFT-EAP",
804 pos == buf ? "" : " ");
805 if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
806 pos += os_snprintf(pos, end - pos, "%sFT-PSK",
807 pos == buf ? "" : " ");
808 if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
809 pos += os_snprintf(pos, end - pos, "%sEAP-SHA256",
810 pos == buf ? "" : " ");
811 if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
812 pos += os_snprintf(pos, end - pos, "%sPSK-SHA256",
813 pos == buf ? "" : " ");
817 static void info_print_rsn_capab(char *buf, size_t len, int capab)
824 if (capab & WPA_CAPABILITY_PREAUTH)
825 pos += os_snprintf(pos, end - pos, "%sPREAUTH",
826 pos == buf ? "" : " ");
827 if (capab & WPA_CAPABILITY_NO_PAIRWISE)
828 pos += os_snprintf(pos, end - pos, "%sNO_PAIRWISE",
829 pos == buf ? "" : " ");
830 if (capab & WPA_CAPABILITY_MFPR)
831 pos += os_snprintf(pos, end - pos, "%sMFPR",
832 pos == buf ? "" : " ");
833 if (capab & WPA_CAPABILITY_MFPC)
834 pos += os_snprintf(pos, end - pos, "%sMFPC",
835 pos == buf ? "" : " ");
836 if (capab & WPA_CAPABILITY_PEERKEY_ENABLED)
837 pos += os_snprintf(pos, end - pos, "%sPEERKEY",
838 pos == buf ? "" : " ");
842 static void info_print_state(char *buf, size_t len, int state)
846 os_strlcpy(buf, "NOT-AUTH", len);
849 os_strlcpy(buf, "AUTH", len);
852 os_strlcpy(buf, "AUTH+ASSOC", len);
858 static void ctrl_info_sta(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
862 struct wlantest_bss *bss;
863 struct wlantest_sta *sta;
864 enum wlantest_sta_info info;
865 u8 buf[4 + 108], *end, *pos;
868 bss = ctrl_get_bss(wt, sock, cmd, clen);
869 sta = ctrl_get_sta(wt, sock, cmd, clen, bss);
873 addr = attr_get(cmd, clen, WLANTEST_ATTR_STA_INFO, &addr_len);
874 if (addr == NULL || addr_len != 4) {
875 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
878 info = WPA_GET_BE32(addr);
882 case WLANTEST_STA_INFO_PROTO:
883 info_print_proto(resp, sizeof(resp), sta->proto);
885 case WLANTEST_STA_INFO_PAIRWISE:
886 info_print_cipher(resp, sizeof(resp), sta->pairwise_cipher);
888 case WLANTEST_STA_INFO_KEY_MGMT:
889 info_print_key_mgmt(resp, sizeof(resp), sta->key_mgmt);
891 case WLANTEST_STA_INFO_RSN_CAPAB:
892 info_print_rsn_capab(resp, sizeof(resp), sta->rsn_capab);
894 case WLANTEST_STA_INFO_STATE:
895 info_print_state(resp, sizeof(resp), sta->state);
898 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
903 end = buf + sizeof(buf);
904 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
906 pos = attr_add_str(pos, end, WLANTEST_ATTR_INFO, resp);
907 ctrl_send(wt, sock, buf, pos - buf);
911 static void ctrl_info_bss(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
915 struct wlantest_bss *bss;
916 enum wlantest_bss_info info;
917 u8 buf[4 + 108], *end, *pos;
920 bss = ctrl_get_bss(wt, sock, cmd, clen);
924 addr = attr_get(cmd, clen, WLANTEST_ATTR_BSS_INFO, &addr_len);
925 if (addr == NULL || addr_len != 4) {
926 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
929 info = WPA_GET_BE32(addr);
933 case WLANTEST_BSS_INFO_PROTO:
934 info_print_proto(resp, sizeof(resp), bss->proto);
936 case WLANTEST_BSS_INFO_PAIRWISE:
937 info_print_cipher(resp, sizeof(resp), bss->pairwise_cipher);
939 case WLANTEST_BSS_INFO_GROUP:
940 info_print_cipher(resp, sizeof(resp), bss->group_cipher);
942 case WLANTEST_BSS_INFO_GROUP_MGMT:
943 info_print_cipher(resp, sizeof(resp), bss->mgmt_group_cipher);
945 case WLANTEST_BSS_INFO_KEY_MGMT:
946 info_print_key_mgmt(resp, sizeof(resp), bss->key_mgmt);
948 case WLANTEST_BSS_INFO_RSN_CAPAB:
949 info_print_rsn_capab(resp, sizeof(resp), bss->rsn_capab);
952 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
957 end = buf + sizeof(buf);
958 WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS);
960 pos = attr_add_str(pos, end, WLANTEST_ATTR_INFO, resp);
961 ctrl_send(wt, sock, buf, pos - buf);
965 static void ctrl_send_(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
967 struct wlantest_bss *bss;
968 struct wlantest_sta *sta;
969 u8 *bssid, *sta_addr;
974 struct ieee80211_hdr *hdr;
977 frame = attr_get(cmd, clen, WLANTEST_ATTR_FRAME, &frame_len);
978 prot = attr_get_int(cmd, clen, WLANTEST_ATTR_INJECT_PROTECTION);
979 if (frame == NULL || frame_len < 24 || prot < 0) {
980 wpa_printf(MSG_INFO, "Invalid send command parameters");
981 ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
985 hdr = (struct ieee80211_hdr *) frame;
986 fc = le_to_host16(hdr->frame_control);
987 switch (WLAN_FC_GET_TYPE(fc)) {
988 case WLAN_FC_TYPE_MGMT:
990 if (os_memcmp(hdr->addr2, hdr->addr3, ETH_ALEN) == 0)
991 sta_addr = hdr->addr1;
993 sta_addr = hdr->addr2;
995 case WLAN_FC_TYPE_DATA:
996 switch (fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) {
999 sta_addr = hdr->addr2;
1003 sta_addr = hdr->addr2;
1005 case WLAN_FC_FROMDS:
1007 sta_addr = hdr->addr1;
1010 wpa_printf(MSG_INFO, "Unsupported inject frame");
1011 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
1016 wpa_printf(MSG_INFO, "Unsupported inject frame");
1017 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
1021 bss = bss_find(wt, bssid);
1023 wpa_printf(MSG_INFO, "Unknown BSSID");
1024 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
1028 sta = sta_find(bss, sta_addr);
1030 wpa_printf(MSG_INFO, "Unknown STA address");
1031 ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
1035 ret = wlantest_inject(wt, bss, sta, frame, frame_len, prot);
1038 wpa_printf(MSG_INFO, "Failed to inject frame");
1040 wpa_printf(MSG_INFO, "Frame injected successfully");
1041 ctrl_send_simple(wt, sock, ret == 0 ? WLANTEST_CTRL_SUCCESS :
1042 WLANTEST_CTRL_FAILURE);
1046 static void ctrl_read(int sock, void *eloop_ctx, void *sock_ctx)
1048 struct wlantest *wt = eloop_ctx;
1049 u8 buf[WLANTEST_CTRL_MAX_CMD_LEN];
1051 enum wlantest_ctrl_cmd cmd;
1053 wpa_printf(MSG_EXCESSIVE, "New control interface message from %d",
1055 len = recv(sock, buf, sizeof(buf), 0);
1057 wpa_printf(MSG_INFO, "recv(ctrl): %s", strerror(errno));
1058 ctrl_disconnect(wt, sock);
1062 ctrl_disconnect(wt, sock);
1067 wpa_printf(MSG_INFO, "Too short control interface command "
1069 ctrl_disconnect(wt, sock);
1072 cmd = WPA_GET_BE32(buf);
1073 wpa_printf(MSG_EXCESSIVE, "Control interface command %d from %d",
1077 case WLANTEST_CTRL_PING:
1078 ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
1080 case WLANTEST_CTRL_TERMINATE:
1081 ctrl_send_simple(wt, sock, WLANTEST_CTRL_SUCCESS);
1084 case WLANTEST_CTRL_LIST_BSS:
1085 ctrl_list_bss(wt, sock);
1087 case WLANTEST_CTRL_LIST_STA:
1088 ctrl_list_sta(wt, sock, buf + 4, len - 4);
1090 case WLANTEST_CTRL_FLUSH:
1091 ctrl_flush(wt, sock);
1093 case WLANTEST_CTRL_CLEAR_STA_COUNTERS:
1094 ctrl_clear_sta_counters(wt, sock, buf + 4, len - 4);
1096 case WLANTEST_CTRL_CLEAR_BSS_COUNTERS:
1097 ctrl_clear_bss_counters(wt, sock, buf + 4, len - 4);
1099 case WLANTEST_CTRL_GET_STA_COUNTER:
1100 ctrl_get_sta_counter(wt, sock, buf + 4, len - 4);
1102 case WLANTEST_CTRL_GET_BSS_COUNTER:
1103 ctrl_get_bss_counter(wt, sock, buf + 4, len - 4);
1105 case WLANTEST_CTRL_INJECT:
1106 ctrl_inject(wt, sock, buf + 4, len - 4);
1108 case WLANTEST_CTRL_VERSION:
1109 ctrl_version(wt, sock);
1111 case WLANTEST_CTRL_ADD_PASSPHRASE:
1112 ctrl_add_passphrase(wt, sock, buf + 4, len - 4);
1114 case WLANTEST_CTRL_INFO_STA:
1115 ctrl_info_sta(wt, sock, buf + 4, len - 4);
1117 case WLANTEST_CTRL_INFO_BSS:
1118 ctrl_info_bss(wt, sock, buf + 4, len - 4);
1120 case WLANTEST_CTRL_SEND:
1121 ctrl_send_(wt, sock, buf + 4, len - 4);
1124 ctrl_send_simple(wt, sock, WLANTEST_CTRL_UNKNOWN_CMD);
1130 static void ctrl_connect(int sock, void *eloop_ctx, void *sock_ctx)
1132 struct wlantest *wt = eloop_ctx;
1135 conn = accept(sock, NULL, NULL);
1137 wpa_printf(MSG_INFO, "accept(ctrl): %s", strerror(errno));
1140 wpa_printf(MSG_MSGDUMP, "New control interface connection %d", conn);
1142 for (i = 0; i < MAX_CTRL_CONNECTIONS; i++) {
1143 if (wt->ctrl_socks[i] < 0)
1147 if (i == MAX_CTRL_CONNECTIONS) {
1148 wpa_printf(MSG_INFO, "No room for new control connection");
1153 wt->ctrl_socks[i] = conn;
1154 eloop_register_read_sock(conn, ctrl_read, wt, NULL);
1158 int ctrl_init(struct wlantest *wt)
1160 struct sockaddr_un addr;
1162 wt->ctrl_sock = socket(AF_UNIX, SOCK_SEQPACKET, 0);
1163 if (wt->ctrl_sock < 0) {
1164 wpa_printf(MSG_ERROR, "socket: %s", strerror(errno));
1168 os_memset(&addr, 0, sizeof(addr));
1169 addr.sun_family = AF_UNIX;
1170 os_strlcpy(addr.sun_path + 1, WLANTEST_SOCK_NAME,
1171 sizeof(addr.sun_path) - 1);
1172 if (bind(wt->ctrl_sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
1173 wpa_printf(MSG_ERROR, "bind: %s", strerror(errno));
1174 close(wt->ctrl_sock);
1179 if (listen(wt->ctrl_sock, 5) < 0) {
1180 wpa_printf(MSG_ERROR, "listen: %s", strerror(errno));
1181 close(wt->ctrl_sock);
1186 if (eloop_register_read_sock(wt->ctrl_sock, ctrl_connect, wt, NULL)) {
1187 close(wt->ctrl_sock);
1196 void ctrl_deinit(struct wlantest *wt)
1200 if (wt->ctrl_sock < 0)
1203 for (i = 0; i < MAX_CTRL_CONNECTIONS; i++) {
1204 if (wt->ctrl_socks[i] >= 0) {
1205 close(wt->ctrl_socks[i]);
1206 eloop_unregister_read_sock(wt->ctrl_socks[i]);
1207 wt->ctrl_socks[i] = -1;
1211 eloop_unregister_read_sock(wt->ctrl_sock);
1212 close(wt->ctrl_sock);