2 * WPA Supplicant / UDP socket -based control interface
3 * Copyright (c) 2004-2005, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
14 #include "eapol_supp/eapol_supp_sm.h"
15 #include "wpa_supplicant_i.h"
16 #include "ctrl_iface.h"
17 #include "common/wpa_ctrl.h"
22 /* Per-interface ctrl_iface */
25 * struct wpa_ctrl_dst - Internal data structure of control interface monitors
27 * This structure is used to store information about registered control
28 * interface monitors into struct wpa_supplicant. This data is private to
29 * ctrl_iface_udp.c and should not be touched directly from other files.
32 struct wpa_ctrl_dst *next;
33 struct sockaddr_in addr;
40 struct ctrl_iface_priv {
41 struct wpa_supplicant *wpa_s;
43 struct wpa_ctrl_dst *ctrl_dst;
44 u8 cookie[COOKIE_LEN];
48 static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,
49 int level, const char *buf,
53 static int wpa_supplicant_ctrl_iface_attach(struct ctrl_iface_priv *priv,
54 struct sockaddr_in *from,
57 struct wpa_ctrl_dst *dst;
59 dst = os_zalloc(sizeof(*dst));
62 os_memcpy(&dst->addr, from, sizeof(struct sockaddr_in));
63 dst->addrlen = fromlen;
64 dst->debug_level = MSG_INFO;
65 dst->next = priv->ctrl_dst;
67 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor attached %s:%d",
68 inet_ntoa(from->sin_addr), ntohs(from->sin_port));
73 static int wpa_supplicant_ctrl_iface_detach(struct ctrl_iface_priv *priv,
74 struct sockaddr_in *from,
77 struct wpa_ctrl_dst *dst, *prev = NULL;
81 if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
82 from->sin_port == dst->addr.sin_port) {
83 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor detached "
84 "%s:%d", inet_ntoa(from->sin_addr),
85 ntohs(from->sin_port));
87 priv->ctrl_dst = dst->next;
89 prev->next = dst->next;
100 static int wpa_supplicant_ctrl_iface_level(struct ctrl_iface_priv *priv,
101 struct sockaddr_in *from,
105 struct wpa_ctrl_dst *dst;
107 wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level);
109 dst = priv->ctrl_dst;
111 if (from->sin_addr.s_addr == dst->addr.sin_addr.s_addr &&
112 from->sin_port == dst->addr.sin_port) {
113 wpa_printf(MSG_DEBUG, "CTRL_IFACE changed monitor "
114 "level %s:%d", inet_ntoa(from->sin_addr),
115 ntohs(from->sin_port));
116 dst->debug_level = atoi(level);
127 wpa_supplicant_ctrl_iface_get_cookie(struct ctrl_iface_priv *priv,
131 reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
137 os_memcpy(reply, "COOKIE=", 7);
138 wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
139 priv->cookie, COOKIE_LEN);
141 *reply_len = 7 + 2 * COOKIE_LEN;
146 static void wpa_supplicant_ctrl_iface_receive(int sock, void *eloop_ctx,
149 struct wpa_supplicant *wpa_s = eloop_ctx;
150 struct ctrl_iface_priv *priv = sock_ctx;
153 struct sockaddr_in from;
154 socklen_t fromlen = sizeof(from);
156 size_t reply_len = 0;
157 int new_attached = 0;
158 u8 cookie[COOKIE_LEN];
160 res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
161 (struct sockaddr *) &from, &fromlen);
163 perror("recvfrom(ctrl_iface)");
167 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
168 if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
170 * The OS networking stack is expected to drop this kind of
171 * frames since the socket is bound to only localhost address.
172 * Just in case, drop the frame if it is coming from any other
175 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
176 "source %s", inet_ntoa(from.sin_addr));
179 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
183 if (os_strcmp(buf, "GET_COOKIE") == 0) {
184 reply = wpa_supplicant_ctrl_iface_get_cookie(priv, &reply_len);
189 * Require that the client includes a prefix with the 'cookie' value
190 * fetched with GET_COOKIE command. This is used to verify that the
191 * client has access to a bidirectional link over UDP in order to
192 * avoid attacks using forged localhost IP address even if the OS does
193 * not block such frames from remote destinations.
195 if (os_strncmp(buf, "COOKIE=", 7) != 0) {
196 wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
201 if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
202 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
203 "request - drop request");
207 if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
208 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
213 pos = buf + 7 + 2 * COOKIE_LEN;
217 if (os_strcmp(pos, "ATTACH") == 0) {
218 if (wpa_supplicant_ctrl_iface_attach(priv, &from, fromlen))
224 } else if (os_strcmp(pos, "DETACH") == 0) {
225 if (wpa_supplicant_ctrl_iface_detach(priv, &from, fromlen))
229 } else if (os_strncmp(pos, "LEVEL ", 6) == 0) {
230 if (wpa_supplicant_ctrl_iface_level(priv, &from, fromlen,
236 reply = wpa_supplicant_ctrl_iface_process(wpa_s, pos,
242 sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
245 } else if (reply_len == 1) {
246 sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
248 } else if (reply_len == 2) {
249 sendto(sock, "OK\n", 3, 0, (struct sockaddr *) &from,
254 eapol_sm_notify_ctrl_attached(wpa_s->eapol);
258 static void wpa_supplicant_ctrl_iface_msg_cb(void *ctx, int level, int global,
259 const char *txt, size_t len)
261 struct wpa_supplicant *wpa_s = ctx;
262 if (wpa_s == NULL || wpa_s->ctrl_iface == NULL)
264 wpa_supplicant_ctrl_iface_send(wpa_s->ctrl_iface, level, txt, len);
268 struct ctrl_iface_priv *
269 wpa_supplicant_ctrl_iface_init(struct wpa_supplicant *wpa_s)
271 struct ctrl_iface_priv *priv;
272 struct sockaddr_in addr;
273 int port = WPA_CTRL_IFACE_PORT;
275 priv = os_zalloc(sizeof(*priv));
280 os_get_random(priv->cookie, COOKIE_LEN);
282 if (wpa_s->conf->ctrl_interface == NULL)
285 priv->sock = socket(PF_INET, SOCK_DGRAM, 0);
286 if (priv->sock < 0) {
287 perror("socket(PF_INET)");
291 os_memset(&addr, 0, sizeof(addr));
292 addr.sin_family = AF_INET;
293 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
294 addr.sin_addr.s_addr = INADDR_ANY;
295 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
296 addr.sin_addr.s_addr = htonl((127 << 24) | 1);
297 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
299 addr.sin_port = htons(port);
300 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
302 if ((WPA_CTRL_IFACE_PORT - port) < WPA_CTRL_IFACE_PORT_LIMIT)
304 perror("bind(AF_INET)");
308 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
309 wpa_msg(wpa_s, MSG_DEBUG, "ctrl_iface_init UDP port: %d", port);
310 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
312 eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive,
314 wpa_msg_register_cb(wpa_supplicant_ctrl_iface_msg_cb);
326 void wpa_supplicant_ctrl_iface_deinit(struct ctrl_iface_priv *priv)
328 struct wpa_ctrl_dst *dst, *prev;
330 if (priv->sock > -1) {
331 eloop_unregister_read_sock(priv->sock);
332 if (priv->ctrl_dst) {
334 * Wait before closing the control socket if
335 * there are any attached monitors in order to allow
336 * them to receive any pending messages.
338 wpa_printf(MSG_DEBUG, "CTRL_IFACE wait for attached "
339 "monitors to receive messages");
346 dst = priv->ctrl_dst;
356 static void wpa_supplicant_ctrl_iface_send(struct ctrl_iface_priv *priv,
357 int level, const char *buf,
360 struct wpa_ctrl_dst *dst, *next;
366 dst = priv->ctrl_dst;
367 if (priv->sock < 0 || dst == NULL)
370 os_snprintf(levelstr, sizeof(levelstr), "<%d>", level);
372 llen = os_strlen(levelstr);
373 sbuf = os_malloc(llen + len);
377 os_memcpy(sbuf, levelstr, llen);
378 os_memcpy(sbuf + llen, buf, len);
383 if (level >= dst->debug_level) {
384 wpa_printf(MSG_DEBUG, "CTRL_IFACE monitor send %s:%d",
385 inet_ntoa(dst->addr.sin_addr),
386 ntohs(dst->addr.sin_port));
387 if (sendto(priv->sock, sbuf, llen + len, 0,
388 (struct sockaddr *) &dst->addr,
389 sizeof(dst->addr)) < 0) {
390 perror("sendto(CTRL_IFACE monitor)");
392 if (dst->errors > 10) {
393 wpa_supplicant_ctrl_iface_detach(
407 void wpa_supplicant_ctrl_iface_wait(struct ctrl_iface_priv *priv)
409 wpa_printf(MSG_DEBUG, "CTRL_IFACE - %s - wait for monitor",
410 priv->wpa_s->ifname);
411 eloop_wait_for_read_sock(priv->sock);
415 /* Global ctrl_iface */
417 struct ctrl_iface_global_priv {
419 u8 cookie[COOKIE_LEN];
424 wpa_supplicant_global_get_cookie(struct ctrl_iface_global_priv *priv,
428 reply = os_malloc(7 + 2 * COOKIE_LEN + 1);
434 os_memcpy(reply, "COOKIE=", 7);
435 wpa_snprintf_hex(reply + 7, 2 * COOKIE_LEN + 1,
436 priv->cookie, COOKIE_LEN);
438 *reply_len = 7 + 2 * COOKIE_LEN;
443 static void wpa_supplicant_global_ctrl_iface_receive(int sock, void *eloop_ctx,
446 struct wpa_global *global = eloop_ctx;
447 struct ctrl_iface_global_priv *priv = sock_ctx;
450 struct sockaddr_in from;
451 socklen_t fromlen = sizeof(from);
454 u8 cookie[COOKIE_LEN];
456 res = recvfrom(sock, buf, sizeof(buf) - 1, 0,
457 (struct sockaddr *) &from, &fromlen);
459 perror("recvfrom(ctrl_iface)");
463 #ifndef CONFIG_CTRL_IFACE_UDP_REMOTE
464 if (from.sin_addr.s_addr != htonl((127 << 24) | 1)) {
466 * The OS networking stack is expected to drop this kind of
467 * frames since the socket is bound to only localhost address.
468 * Just in case, drop the frame if it is coming from any other
471 wpa_printf(MSG_DEBUG, "CTRL: Drop packet from unexpected "
472 "source %s", inet_ntoa(from.sin_addr));
475 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
479 if (os_strcmp(buf, "GET_COOKIE") == 0) {
480 reply = wpa_supplicant_global_get_cookie(priv, &reply_len);
484 if (os_strncmp(buf, "COOKIE=", 7) != 0) {
485 wpa_printf(MSG_DEBUG, "CTLR: No cookie in the request - "
490 if (hexstr2bin(buf + 7, cookie, COOKIE_LEN) < 0) {
491 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie format in the "
492 "request - drop request");
496 if (os_memcmp(cookie, priv->cookie, COOKIE_LEN) != 0) {
497 wpa_printf(MSG_DEBUG, "CTLR: Invalid cookie in the request - "
502 pos = buf + 7 + 2 * COOKIE_LEN;
506 reply = wpa_supplicant_global_ctrl_iface_process(global, pos,
511 sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from,
514 } else if (reply_len) {
515 sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from,
521 struct ctrl_iface_global_priv *
522 wpa_supplicant_global_ctrl_iface_init(struct wpa_global *global)
524 struct ctrl_iface_global_priv *priv;
525 struct sockaddr_in addr;
526 int port = WPA_GLOBAL_CTRL_IFACE_PORT;
528 priv = os_zalloc(sizeof(*priv));
532 os_get_random(priv->cookie, COOKIE_LEN);
534 if (global->params.ctrl_interface == NULL)
537 wpa_printf(MSG_DEBUG, "Global control interface '%s'",
538 global->params.ctrl_interface);
540 priv->sock = socket(PF_INET, SOCK_DGRAM, 0);
541 if (priv->sock < 0) {
542 perror("socket(PF_INET)");
546 os_memset(&addr, 0, sizeof(addr));
547 addr.sin_family = AF_INET;
548 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
549 addr.sin_addr.s_addr = INADDR_ANY;
550 #else /* CONFIG_CTRL_IFACE_UDP_REMOTE */
551 addr.sin_addr.s_addr = htonl((127 << 24) | 1);
552 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
554 addr.sin_port = htons(port);
555 if (bind(priv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
557 if ((port - WPA_GLOBAL_CTRL_IFACE_PORT) <
558 WPA_GLOBAL_CTRL_IFACE_PORT_LIMIT)
560 perror("bind(AF_INET)");
564 #ifdef CONFIG_CTRL_IFACE_UDP_REMOTE
565 wpa_printf(MSG_DEBUG, "global_ctrl_iface_init UDP port: %d", port);
566 #endif /* CONFIG_CTRL_IFACE_UDP_REMOTE */
568 eloop_register_read_sock(priv->sock,
569 wpa_supplicant_global_ctrl_iface_receive,
583 wpa_supplicant_global_ctrl_iface_deinit(struct ctrl_iface_global_priv *priv)
585 if (priv->sock >= 0) {
586 eloop_unregister_read_sock(priv->sock);