2 * WPA Supplicant / UDP socket -based control interface
3 * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
14 #include "eapol_supp/eapol_supp_sm.h"
15 #include "wpa_supplicant_i.h"
16 #include "ctrl_iface.h"
17 #include "common/wpa_ctrl.h"
22 /* Per-interface ctrl_iface */
25 * struct wpa_ctrl_dst - Internal data structure of control interface monitors
27 * This structure is used to store information about registered control
28 * interface monitors into struct wpa_supplicant. This data is private to
29 * ctrl_iface_udp.c and should not be touched directly from other files.
32 struct wpa_ctrl_dst *next;
33 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
34 struct sockaddr_in6 addr;
35 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
36 struct sockaddr_in addr;
37 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
44 struct ctrl_iface_priv {
45 struct wpa_supplicant *wpa_s;
47 struct wpa_ctrl_dst *ctrl_dst;
48 u8 cookie[COOKIE_LEN];
51 struct ctrl_iface_global_priv {
53 struct wpa_ctrl_dst *ctrl_dst;
54 u8 cookie[COOKIE_LEN];
58 static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s,
59 const char *ifname, int sock,
60 struct wpa_ctrl_dst **head,
61 int level, const char *buf,
65 static void wpas_ctrl_iface_free_dst(struct wpa_ctrl_dst *dst)
67 struct wpa_ctrl_dst *prev;
77 static int wpa_supplicant_ctrl_iface_attach(struct wpa_ctrl_dst **head,
78 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
79 struct sockaddr_in6 *from,
80 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
81 struct sockaddr_in *from,
82 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
85 struct wpa_ctrl_dst *dst;
86 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
87 char addr[INET6_ADDRSTRLEN];
88 #endif /* CONFIG_UDP_IPV6 */
90 dst = os_zalloc(sizeof(*dst));
93 os_memcpy(&dst->addr, from, sizeof(*from));
94 dst->addrlen = fromlen;
95 dst->debug_level = MSG_INFO;
98 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
99 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s:%d",
100 inet_ntop(AF_INET6, &from->sin6_addr, addr, sizeof(*from)),
101 ntohs(from->sin6_port));
102 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
103 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s:%d",
104 inet_ntoa(from->sin_addr), ntohs(from->sin_port));
105 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
110 static int wpa_supplicant_ctrl_iface_detach(struct wpa_ctrl_dst **head,
111 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
112 struct sockaddr_in6 *from,
113 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
114 struct sockaddr_in *from,
115 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
118 struct wpa_ctrl_dst *dst, *prev = NULL;
119 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
120 char addr[INET6_ADDRSTRLEN];
121 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
125 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
126 if (from->sin6_port == dst->addr.sin6_port &&
127 !os_memcmp(&from->sin6_addr, &dst->addr.sin6_addr,
128 sizeof(from->sin6_addr))) {
129 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached %s:%d",
130 inet_ntop(AF_INET6, &from->sin6_addr, addr,
132 ntohs(from->sin6_port));
133 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
134 if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
135 from->sin_port == dst->addr.sin_port) {
136 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached "
137 "%s:%d", inet_ntoa(from->sin_addr),
138 ntohs(from->sin_port));
139 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
143 prev->next = dst->next;
154 static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv,
155 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
156 struct sockaddr_in6 *from,
157 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
158 struct sockaddr_in *from,
159 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
163 struct wpa_ctrl_dst *dst;
164 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
165 char addr[INET6_ADDRSTRLEN];
166 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
168 wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
170 dst = priv->ctrl_dst;
172 #if CONFIG_CTRL_IFACE_UDP_IPV6
173 if (from->sin6_port == dst->addr.sin6_port &&
174 !os_memcmp(&from->sin6_addr, &dst->addr.sin6_addr,
175 sizeof(from->sin6_addr))) {
176 wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor level %s:%d",
177 inet_ntop(AF_INET6, &from->sin6_addr, addr,
179 ntohs(from->sin6_port));
180 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
181 if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
182 from->sin_port == dst->addr.sin_port) {
183 wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor "
184 "level %s:%d", inet_ntoa(from->sin_addr),
185 ntohs(from->sin_port));
186 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
187 dst->debug_level = atoi(level);
198 wpa_supplicant_ctrl_iface_get_cookie(struct ctrl_iface_priv *priv,
202 reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
208 os_memcpy(reply, "COOKIE=", 7);
209 wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
210 priv->cookie, COOKIE_LEN);
212 *reply_len = 7 + 2 * COOKIE_LEN;
217 static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
220 struct wpa_supplicant *wpa_s = eloop_ctx;
221 struct ctrl_iface_priv *priv = sock_ctx;
224 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
225 struct sockaddr_in6 from;
226 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
227 char addr[INET6_ADDRSTRLEN];
228 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
229 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
230 struct sockaddr_in from;
231 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
232 socklen_t fromlen = sizeof(from);
234 size_t reply_len = 0;
235 int new_attached = 0;
236 u8 cookie[COOKIE_LEN];
238 res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
239 (struct sockaddr *) &from, &fromlen);
241 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
246 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
247 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
248 inet_ntop(AF_INET6, &from.sin6_addr, addr, sizeof(from));
249 if (os_strcmp(addr, "::1")) {
250 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected source %s",
253 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
254 if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
256 * The OS networking stack is expected to drop this kind of
257 * frames since the socket is bound to only localhost address.
258 * Just in case, drop the frame if it is coming from any other
261 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
262 "source %s", inet_ntoa(from.sin_addr));
265 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
266 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
270 if (os_strcmp(buf, "GET_COOKIE") == 0) {
271 reply = wpa_supplicant_ctrl_iface_get_cookie(priv, &reply_len);
276 * Require that the client includes a prefix with the 'cookie' value
277 * fetched with GET_COOKIE command. This is used to verify that the
278 * client has access to a bidirectional link over UDP in order to
279 * avoid attacks using forged localhost IP address even if the OS does
280 * not block such frames from remote destinations.
282 if (os_strncmp(buf, "COOKIE=", 7) != 0) {
283 wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
288 if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
289 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
290 "request - drop request");
294 if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
295 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
300 pos = buf + 7 + 2 * COOKIE_LEN;
304 if (os_strcmp(pos, "ATTACH") == 0) {
305 if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst,
312 } else if (os_strcmp(pos, "DETACH") == 0) {
313 if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst,
318 } else if (os_strncmp(pos, "LEVEL ", 6) == 0) {
319 if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen,
325 reply = wpa_supplicant_ctrl_iface_process(wpa_s, pos,
331 sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
334 } else if (reply_len == 1) {
335 sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
337 } else if (reply_len == 2) {
338 sendto(sock, "OK\n", 3, 0, (struct sockaddr *) &from,
343 eapol_sm_notify_ctrl_attached(wpa_s->eapol);
347 static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level,
348 enum wpa_msg_type type,
349 const char *txt, size_t len)
351 struct wpa_supplicant *wpa_s = ctx;
356 if (type != WPA_MSG_NO_GLOBAL && wpa_s->global->ctrl_iface) {
357 struct ctrl_iface_global_priv *priv = wpa_s->global->ctrl_iface;
359 if (priv->ctrl_dst) {
360 wpa_supplicant_ctrl_iface_send(
362 type != WPA_MSG_PER_INTERFACE ?
363 NULL : wpa_s->ifname,
364 priv->sock, &priv->ctrl_dst, level, txt, len);
368 if (type == WPA_MSG_ONLY_GLOBAL || !wpa_s->ctrl_iface)
371 wpa_supplicant_ctrl_iface_send(wpa_s, NULL, wpa_s->ctrl_iface->sock,
372 &wpa_s->ctrl_iface->ctrl_dst,
377 struct ctrl_iface_priv *
378 wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
380 struct ctrl_iface_priv *priv;
381 int port = WPA_CTRL_IFACE_PORT;
383 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
384 struct sockaddr_in6 addr;
385 int domain = PF_INET6;
386 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
387 struct sockaddr_in addr;
388 int domain = PF_INET;
389 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
391 priv = os_zalloc(sizeof(*priv));
396 os_get_random(priv->cookie, COOKIE_LEN);
398 if (wpa_s->conf->ctrl_interface == NULL)
401 pos = os_strstr(wpa_s->conf->ctrl_interface, "udp:");
406 wpa_printf(MSG_ERROR, "Invalid ctrl_iface UDP port: %s",
407 wpa_s->conf->ctrl_interface);
412 priv->sock = socket(domain, SOCK_DGRAM, 0);
413 if (priv->sock < 0) {
414 wpa_printf(MSG_ERROR, "socket(PF_INET): %s", strerror(errno));
418 os_memset(&addr, 0, sizeof(addr));
419 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
420 addr.sin6_family = AF_INET6;
421 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
422 addr.sin6_addr = in6addr_any;
423 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
424 inet_pton(AF_INET6, "::1", &addr.sin6_addr);
425 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
426 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
427 addr.sin_family = AF_INET;
428 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
429 addr.sin_addr.s_addr = INADDR_ANY;
430 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
431 addr.sin_addr.s_addr = htonl((127 << 24) | 1);
432 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
433 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
435 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
436 addr.sin6_port = htons(port);
437 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
438 addr.sin_port = htons(port);
439 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
440 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
442 if ((WPA_CTRL_IFACE_PORT - port) < WPA_CTRL_IFACE_PORT_LIMIT &&
445 wpa_printf(MSG_ERROR, "bind(AF_INET): %s", strerror(errno));
449 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
450 wpa_msg(wpa_s, MSG_DEBUG, "ctrl_iface_init UDP port: %d", port);
451 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
453 eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,
455 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
467 void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)
469 if (priv->sock > -1) {
470 eloop_unregister_read_sock(priv->sock);
471 if (priv->ctrl_dst) {
473 * Wait before closing the control socket if
474 * there are any attached monitors in order to allow
475 * them to receive any pending messages.
477 wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached "
478 "monitors to receive messages");
485 wpas_ctrl_iface_free_dst(priv->ctrl_dst);
490 static void wpa_supplicant_ctrl_iface_send(struct wpa_supplicant *wpa_s,
491 const char *ifname, int sock,
492 struct wpa_ctrl_dst **head,
493 int level, const char *buf,
496 struct wpa_ctrl_dst *dst, *next;
501 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
502 char addr[INET6_ADDRSTRLEN];
503 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
506 if (sock < 0 || dst == NULL)
510 os_snprintf(levelstr, sizeof(levelstr), "IFACE=%s <%d>",
513 os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
515 llen = os_strlen(levelstr);
516 sbuf = os_malloc(llen + len);
520 os_memcpy(sbuf, levelstr, llen);
521 os_memcpy(sbuf + llen, buf, len);
526 if (level >= dst->debug_level) {
527 #ifdef CONFIG_CTRL_IFACE_UDP_IPV6
528 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %s:%d",
529 inet_ntop(AF_INET6, &dst->addr.sin6_addr,
530 addr, sizeof(dst->addr)),
531 ntohs(dst->addr.sin6_port));
532 #else /* CONFIG_CTRL_IFACE_UDP_IPV6 */
533 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %s:%d",
534 inet_ntoa(dst->addr.sin_addr),
535 ntohs(dst->addr.sin_port));
536 #endif /* CONFIG_CTRL_IFACE_UDP_IPV6 */
537 if (sendto(sock, sbuf, llen + len, 0,
538 (struct sockaddr *) &dst->addr,
539 sizeof(dst->addr)) < 0) {
540 wpa_printf(MSG_ERROR,
541 "sendto(CTRL_IFACE monitor): %s",
544 if (dst->errors > 10) {
545 wpa_supplicant_ctrl_iface_detach(
559 void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
561 wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor",
562 priv->wpa_s->ifname);
563 eloop_wait_for_read_sock(priv->sock);
567 /* Global ctrl_iface */
570 wpa_supplicant_global_get_cookie(struct ctrl_iface_global_priv *priv,
574 reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
580 os_memcpy(reply, "COOKIE=", 7);
581 wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
582 priv->cookie, COOKIE_LEN);
584 *reply_len = 7 + 2 * COOKIE_LEN;
589 static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
592 struct wpa_global *global = eloop_ctx;
593 struct ctrl_iface_global_priv *priv = sock_ctx;
596 struct sockaddr_in from;
597 socklen_t fromlen = sizeof(from);
600 u8 cookie[COOKIE_LEN];
602 res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
603 (struct sockaddr *) &from, &fromlen);
605 wpa_printf(MSG_ERROR, "recvfrom(ctrl_iface): %s",
610 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
611 if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
613 * The OS networking stack is expected to drop this kind of
614 * frames since the socket is bound to only localhost address.
615 * Just in case, drop the frame if it is coming from any other
618 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
619 "source %s", inet_ntoa(from.sin_addr));
622 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
626 if (os_strcmp(buf, "GET_COOKIE") == 0) {
627 reply = wpa_supplicant_global_get_cookie(priv, &reply_len);
631 if (os_strncmp(buf, "COOKIE=", 7) != 0) {
632 wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
637 if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
638 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
639 "request - drop request");
643 if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
644 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
649 pos = buf + 7 + 2 * COOKIE_LEN;
653 if (os_strcmp(pos, "ATTACH") == 0) {
654 if (wpa_supplicant_ctrl_iface_attach(&priv->ctrl_dst,
659 } else if (os_strcmp(pos, "DETACH") == 0) {
660 if (wpa_supplicant_ctrl_iface_detach(&priv->ctrl_dst,
666 reply = wpa_supplicant_global_ctrl_iface_process(global, pos,
672 sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
675 } else if (reply_len == 1) {
676 sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
678 } else if (reply_len == 2) {
679 sendto(sock, "OK\n", 3, 0, (struct sockaddr *) &from,
685 struct ctrl_iface_global_priv *
686 wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
688 struct ctrl_iface_global_priv *priv;
689 struct sockaddr_in addr;
691 int port = WPA_GLOBAL_CTRL_IFACE_PORT;
693 priv = os_zalloc(sizeof(*priv));
697 os_get_random(priv->cookie, COOKIE_LEN);
699 if (global->params.ctrl_interface == NULL)
702 wpa_printf(MSG_DEBUG, "Global control interface '%s'",
703 global->params.ctrl_interface);
705 pos = os_strstr(global->params.ctrl_interface, "udp:");
710 wpa_printf(MSG_ERROR, "Invalid global ctrl UDP port %s",
711 global->params.ctrl_interface);
716 priv->sock = socket(PF_INET, SOCK_DGRAM, 0);
717 if (priv->sock < 0) {
718 wpa_printf(MSG_ERROR, "socket(PF_INET): %s", strerror(errno));
722 os_memset(&addr, 0, sizeof(addr));
723 addr.sin_family = AF_INET;
724 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
725 addr.sin_addr.s_addr = INADDR_ANY;
726 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
727 addr.sin_addr.s_addr = htonl((127 << 24) | 1);
728 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
730 addr.sin_port = htons(port);
731 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
733 if ((port - WPA_GLOBAL_CTRL_IFACE_PORT) <
734 WPA_GLOBAL_CTRL_IFACE_PORT_LIMIT && !pos)
736 wpa_printf(MSG_ERROR, "bind(AF_INET): %s", strerror(errno));
740 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
741 wpa_printf(MSG_DEBUG, "global_ctrl_iface_init UDP port: %d", port);
742 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
744 eloop_register_read_sock(priv->sock,
745 wpa_supplicant_global_ctrl_iface_receive,
747 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
760 wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
762 if (priv->sock >= 0) {
763 eloop_unregister_read_sock(priv->sock);
767 wpas_ctrl_iface_free_dst(priv->ctrl_dst);