projects / libeap.git / blob
? search:


eb3270bc6f5ab3e065ec64dd205c5fd8b503af21
[libeap.git] / hostapd / driver_nl80211.c
1 /*
2  * hostapd / Kernel driver communication via nl80211
3  * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
4  * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5  * Copyright (c) 2005-2006, Devicescape Software, Inc.
6  * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License version 2 as
10  * published by the Free Software Foundation.
11  *
12  * Alternatively, this software may be distributed under the terms of BSD
13  * license.
14  *
15  * See README and COPYING for more details.
16  */
17
18 #include "includes.h"
19
20 #include <sys/ioctl.h>
21 #include <netlink/genl/genl.h>
22 #include <netlink/genl/family.h>
23 #include <netlink/genl/ctrl.h>
24 #include <netlink/msg.h>
25 #include <netlink/attr.h>
26 #include <linux/nl80211.h>
27 #include <net/if.h>
28 #include <linux/if_packet.h>
29 #include <linux/if_ether.h>   /* The L2 protocols */
30 #include <linux/wireless.h>
31 #include <net/if_arp.h>
32
33 #include "hostapd.h"
34 #include "driver.h"
35 #include "ieee802_1x.h"
36 #include "eloop.h"
37 #include "ieee802_11.h"
38 #include "sta_info.h"
39 #include "hw_features.h"
40 #include "mlme.h"
41 #include "radiotap.h"
42 #include "radiotap_iter.h"
43
44 enum ieee80211_msg_type {
45         ieee80211_msg_normal = 0,
46         ieee80211_msg_tx_callback_ack = 1,
47         ieee80211_msg_tx_callback_fail = 2,
48 };
49
50 struct i802_driver_data {
51         struct hostapd_data *hapd;
52
53         char iface[IFNAMSIZ + 1];
54         int ioctl_sock; /* socket for ioctl() use */
55         int wext_sock; /* socket for wireless events */
56         int eapol_sock; /* socket for EAPOL frames */
57         int monitor_sock; /* socket for monitor */
58         int monitor_ifidx;
59
60         int default_if_indices[16];
61         int *if_indices;
62         int num_if_indices;
63
64         int we_version;
65         struct nl_handle *nl_handle;
66         struct nl_cache *nl_cache;
67         struct genl_family *nl80211;
68         int dtim_period;
69         unsigned int beacon_set:1;
70         unsigned int ieee802_1x_active:1;
71 };
72
73
74 static void add_ifidx(struct i802_driver_data *drv, int ifidx)
75 {
76         int i;
77         int *old;
78
79         for (i = 0; i < drv->num_if_indices; i++) {
80                 if (drv->if_indices[i] == 0) {
81                         drv->if_indices[i] = ifidx;
82                         return;
83                 }
84         }
85
86         if (drv->if_indices != drv->default_if_indices)
87                 old = drv->if_indices;
88         else
89                 old = NULL;
90
91         drv->if_indices = realloc(old,
92                                   sizeof(int) * (drv->num_if_indices + 1));
93         if (!drv->if_indices) {
94                 if (!old)
95                         drv->if_indices = drv->default_if_indices;
96                 else
97                         drv->if_indices = old;
98                 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
99                            "interfaces");
100                 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
101                 return;
102         }
103         drv->if_indices[drv->num_if_indices] = ifidx;
104         drv->num_if_indices++;
105 }
106
107
108 static void del_ifidx(struct i802_driver_data *drv, int ifidx)
109 {
110         int i;
111
112         for (i = 0; i < drv->num_if_indices; i++) {
113                 if (drv->if_indices[i] == ifidx) {
114                         drv->if_indices[i] = 0;
115                         break;
116                 }
117         }
118 }
119
120
121 static int have_ifidx(struct i802_driver_data *drv, int ifidx)
122 {
123         int i;
124
125         for (i = 0; i < drv->num_if_indices; i++)
126                 if (drv->if_indices[i] == ifidx)
127                         return 1;
128
129         return 0;
130 }
131
132
133 /* helper for netlink get routines */
134 static int ack_wait_handler(struct nl_msg *msg, void *arg)
135 {
136         int *finished = arg;
137
138         *finished = 1;
139         return NL_STOP;
140 }
141
142
143 static int hostapd_set_iface_flags(struct i802_driver_data *drv,
144                                    const char *ifname, int dev_up)
145 {
146         struct ifreq ifr;
147
148         if (drv->ioctl_sock < 0)
149                 return -1;
150
151         memset(&ifr, 0, sizeof(ifr));
152         os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
153
154         if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, &ifr) != 0) {
155                 perror("ioctl[SIOCGIFFLAGS]");
156                 wpa_printf(MSG_DEBUG, "Could not read interface flags (%s)",
157                            drv->iface);
158                 return -1;
159         }
160
161         if (dev_up)
162                 ifr.ifr_flags |= IFF_UP;
163         else
164                 ifr.ifr_flags &= ~IFF_UP;
165
166         if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, &ifr) != 0) {
167                 perror("ioctl[SIOCSIFFLAGS]");
168                 return -1;
169         }
170
171         return 0;
172 }
173
174
175 static int i802_set_encryption(const char *iface, void *priv, const char *alg,
176                                const u8 *addr, int idx, const u8 *key,
177                                size_t key_len, int txkey)
178 {
179         struct i802_driver_data *drv = priv;
180         struct nl_msg *msg;
181         int ret = -1;
182         int err = 0;
183
184         msg = nlmsg_alloc();
185         if (!msg)
186                 goto out;
187
188         if (strcmp(alg, "none") == 0) {
189                 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
190                             0, NL80211_CMD_DEL_KEY, 0);
191         } else {
192                 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
193                             0, NL80211_CMD_NEW_KEY, 0);
194                 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
195                 if (strcmp(alg, "WEP") == 0) {
196                         if (key_len == 5)
197                                 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
198                                             0x000FAC01);
199                         else
200                                 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
201                                             0x000FAC05);
202                 } else if (strcmp(alg, "TKIP") == 0)
203                         NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC02);
204                 else if (strcmp(alg, "CCMP") == 0)
205                         NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC04);
206                 else
207                         goto out;
208         }
209
210         if (addr)
211                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
212         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
213         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
214
215         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
216             (err = nl_wait_for_ack(drv->nl_handle)) < 0) {
217                 if (err != -ENOENT) {
218                         err = 0;
219                         goto out;
220                 }
221         }
222
223         /*
224          * If we need to set the default TX key we do that below,
225          * otherwise we're done here.
226          */
227         if (!txkey || addr) {
228                 ret = 0;
229                 goto out;
230         }
231
232         nlmsg_free(msg);
233
234         msg = nlmsg_alloc();
235         if (!msg)
236                 goto out;
237
238         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
239                     0, NL80211_CMD_SET_KEY, 0);
240         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
241         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
242         NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
243
244         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
245             (err = nl_wait_for_ack(drv->nl_handle)) < 0) {
246                 if (err != -ENOENT) {
247                         err = 0;
248                         goto out;
249                 }
250         }
251
252         ret = 0;
253
254  out:
255  nla_put_failure:
256         nlmsg_free(msg);
257         return ret;
258 }
259
260
261 static inline int min_int(int a, int b)
262 {
263         if (a < b)
264                 return a;
265         return b;
266 }
267
268
269 static int get_key_handler(struct nl_msg *msg, void *arg)
270 {
271         struct nlattr *tb[NL80211_ATTR_MAX];
272         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
273
274         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
275                   genlmsg_attrlen(gnlh, 0), NULL);
276
277         /*
278          * TODO: validate the key index and mac address!
279          * Otherwise, there's a race condition as soon as
280          * the kernel starts sending key notifications.
281          */
282
283         if (tb[NL80211_ATTR_KEY_SEQ])
284                 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
285                        min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
286         return NL_SKIP;
287 }
288
289
290 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
291                            int idx, u8 *seq)
292 {
293         struct i802_driver_data *drv = priv;
294         struct nl_msg *msg;
295         struct nl_cb *cb = NULL;
296         int ret = -1;
297         int err = 0;
298         int finished = 0;
299
300         msg = nlmsg_alloc();
301         if (!msg)
302                 goto out;
303
304         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
305                     0, NL80211_CMD_GET_KEY, 0);
306
307         if (addr)
308                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
309         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
310         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
311
312         cb = nl_cb_alloc(NL_CB_CUSTOM);
313         if (!cb)
314                 goto out;
315
316         memset(seq, 0, 6);
317
318         if (nl_send_auto_complete(drv->nl_handle, msg) < 0)
319                 goto out;
320
321         nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, get_key_handler, seq);
322         nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_wait_handler, &finished);
323
324         err = nl_recvmsgs(drv->nl_handle, cb);
325
326         if (!finished)
327                 err = nl_wait_for_ack(drv->nl_handle);
328
329         if (err < 0)
330                 goto out;
331
332         ret = 0;
333
334  out:
335         nl_cb_put(cb);
336  nla_put_failure:
337         nlmsg_free(msg);
338         return ret;
339 }
340
341
342 static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates,
343                               int mode)
344 {
345         return -1;
346 }
347
348
349 static int i802_set_ssid(const char *ifname, void *priv, const u8 *buf,
350                          int len)
351 {
352         struct i802_driver_data *drv = priv;
353         struct iwreq iwr;
354
355         memset(&iwr, 0, sizeof(iwr));
356         os_strlcpy(iwr.ifr_name, ifname, IFNAMSIZ);
357         iwr.u.essid.flags = 1; /* SSID active */
358         iwr.u.essid.pointer = (caddr_t) buf;
359         iwr.u.essid.length = len;
360
361         if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
362                 perror("ioctl[SIOCSIWESSID]");
363                 printf("len=%d\n", len);
364                 return -1;
365         }
366
367         return 0;
368 }
369
370
371 static int i802_send_mgmt_frame(void *priv, const void *data, size_t len,
372                                 int flags)
373 {
374         struct ieee80211_hdr *hdr = (void*) data;
375         __u8 rtap_hdr[] = {
376                 0x00, 0x00, /* radiotap version */
377                 0x0e, 0x00, /* radiotap length */
378                 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
379                 0x0c,       /* F_WEP | F_FRAG (encrypt/fragment if required) */
380                 0x00,       /* padding */
381                 0x00, 0x00, /* RX and TX flags to indicate that */
382                 0x00, 0x00, /* this is the injected frame directly */
383         };
384         struct i802_driver_data *drv = priv;
385         struct iovec iov[2] = {
386                 {
387                         .iov_base = &rtap_hdr,
388                         .iov_len = sizeof(rtap_hdr),
389                 },
390                 {
391                         .iov_base = (void*)data,
392                         .iov_len = len,
393                 }
394         };
395         struct msghdr msg = {
396                 .msg_name = NULL,
397                 .msg_namelen = 0,
398                 .msg_iov = iov,
399                 .msg_iovlen = 2,
400                 .msg_control = NULL,
401                 .msg_controllen = 0,
402                 .msg_flags = 0,
403         };
404
405         /*
406          * ugh, guess what, the generic code sets one of the version
407          * bits to request tx callback
408          */
409         hdr->frame_control &= ~host_to_le16(BIT(1));
410         return sendmsg(drv->monitor_sock, &msg, flags);
411 }
412
413
414 /* Set kernel driver on given frequency (MHz) */
415 static int i802_set_freq(void *priv, int mode, int freq)
416 {
417         struct i802_driver_data *drv = priv;
418         struct iwreq iwr;
419
420         memset(&iwr, 0, sizeof(iwr));
421         os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
422         iwr.u.freq.m = freq;
423         iwr.u.freq.e = 6;
424
425         if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
426                 perror("ioctl[SIOCSIWFREQ]");
427                 return -1;
428         }
429
430         return 0;
431 }
432
433
434 static int i802_set_rts(void *priv, int rts)
435 {
436         struct i802_driver_data *drv = priv;
437         struct iwreq iwr;
438
439         memset(&iwr, 0, sizeof(iwr));
440         os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
441         iwr.u.rts.value = rts;
442         iwr.u.rts.fixed = 1;
443
444         if (ioctl(drv->ioctl_sock, SIOCSIWRTS, &iwr) < 0) {
445                 perror("ioctl[SIOCSIWRTS]");
446                 return -1;
447         }
448
449         return 0;
450 }
451
452
453 static int i802_get_rts(void *priv, int *rts)
454 {
455         struct i802_driver_data *drv = priv;
456         struct iwreq iwr;
457
458         memset(&iwr, 0, sizeof(iwr));
459         os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
460
461         if (ioctl(drv->ioctl_sock, SIOCGIWRTS, &iwr) < 0) {
462                 perror("ioctl[SIOCGIWRTS]");
463                 return -1;
464         }
465
466         *rts = iwr.u.rts.value;
467
468         return 0;
469 }
470
471
472 static int i802_set_frag(void *priv, int frag)
473 {
474         struct i802_driver_data *drv = priv;
475         struct iwreq iwr;
476
477         memset(&iwr, 0, sizeof(iwr));
478         os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
479         iwr.u.frag.value = frag;
480         iwr.u.frag.fixed = 1;
481
482         if (ioctl(drv->ioctl_sock, SIOCSIWFRAG, &iwr) < 0) {
483                 perror("ioctl[SIOCSIWFRAG]");
484                 return -1;
485         }
486
487         return 0;
488 }
489
490
491 static int i802_get_frag(void *priv, int *frag)
492 {
493         struct i802_driver_data *drv = priv;
494         struct iwreq iwr;
495
496         memset(&iwr, 0, sizeof(iwr));
497         os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
498
499         if (ioctl(drv->ioctl_sock, SIOCGIWFRAG, &iwr) < 0) {
500                 perror("ioctl[SIOCGIWFRAG]");
501                 return -1;
502         }
503
504         *frag = iwr.u.frag.value;
505
506         return 0;
507 }
508
509
510 static int i802_set_retry(void *priv, int short_retry, int long_retry)
511 {
512         struct i802_driver_data *drv = priv;
513         struct iwreq iwr;
514
515         memset(&iwr, 0, sizeof(iwr));
516         os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
517
518         iwr.u.retry.value = short_retry;
519         iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MIN;
520         if (ioctl(drv->ioctl_sock, SIOCSIWFRAG, &iwr) < 0) {
521                 perror("ioctl[SIOCSIWRETRY(short)]");
522                 return -1;
523         }
524
525         iwr.u.retry.value = long_retry;
526         iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MAX;
527         if (ioctl(drv->ioctl_sock, SIOCSIWFRAG, &iwr) < 0) {
528                 perror("ioctl[SIOCSIWRETRY(long)]");
529                 return -1;
530         }
531
532         return 0;
533 }
534
535
536 static int i802_get_retry(void *priv, int *short_retry, int *long_retry)
537 {
538         struct i802_driver_data *drv = priv;
539         struct iwreq iwr;
540
541         memset(&iwr, 0, sizeof(iwr));
542         os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
543
544         iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MIN;
545         if (ioctl(drv->ioctl_sock, SIOCGIWRETRY, &iwr) < 0) {
546                 perror("ioctl[SIOCGIWFRAG(short)]");
547                 return -1;
548         }
549         *short_retry = iwr.u.retry.value;
550
551         iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MAX;
552         if (ioctl(drv->ioctl_sock, SIOCGIWRETRY, &iwr) < 0) {
553                 perror("ioctl[SIOCGIWFRAG(long)]");
554                 return -1;
555         }
556         *long_retry = iwr.u.retry.value;
557
558         return 0;
559 }
560
561
562 static int i802_flush(void *priv)
563 {
564         struct i802_driver_data *drv = priv;
565         struct nl_msg *msg;
566         int ret = -1;
567
568         msg = nlmsg_alloc();
569         if (!msg)
570                 goto out;
571
572         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
573                     0, NL80211_CMD_NEW_STATION, 0);
574
575         /*
576          * XXX: FIX! this needs to flush all VLANs too
577          */
578         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
579                     if_nametoindex(drv->iface));
580
581         ret = 0;
582
583         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
584             nl_wait_for_ack(drv->nl_handle) < 0) {
585                 ret = -1;
586         }
587
588  nla_put_failure:
589         nlmsg_free(msg);
590
591  out:
592         return ret;
593 }
594
595
596 static int get_sta_handler(struct nl_msg *msg, void *arg)
597 {
598         struct nlattr *tb[NL80211_ATTR_MAX + 1];
599         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
600         struct hostap_sta_driver_data *data = arg;
601         struct nlattr *stats[NL80211_STA_STAT_MAX + 1];
602         static struct nla_policy stats_policy[NL80211_STA_STAT_MAX + 1] = {
603                 [NL80211_STA_STAT_INACTIVE_TIME] = { .type = NLA_U32 },
604                 [NL80211_STA_STAT_RX_BYTES] = { .type = NLA_U32 },
605                 [NL80211_STA_STAT_TX_BYTES] = { .type = NLA_U32 },
606         };
607
608         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
609                   genlmsg_attrlen(gnlh, 0), NULL);
610
611         /*
612          * TODO: validate the interface and mac address!
613          * Otherwise, there's a race condition as soon as
614          * the kernel starts sending station notifications.
615          */
616
617         if (!tb[NL80211_ATTR_STA_STATS]) {
618                 wpa_printf(MSG_DEBUG, "sta stats missing!");
619                 return NL_SKIP;
620         }
621         if (nla_parse_nested(stats, NL80211_STA_STAT_MAX,
622                              tb[NL80211_ATTR_STA_STATS],
623                              stats_policy)) {
624                 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
625                 return NL_SKIP;
626         }
627
628         if (stats[NL80211_STA_STAT_INACTIVE_TIME])
629                 data->inactive_msec =
630                         nla_get_u32(stats[NL80211_STA_STAT_INACTIVE_TIME]);
631         if (stats[NL80211_STA_STAT_RX_BYTES])
632                 data->rx_bytes = nla_get_u32(stats[NL80211_STA_STAT_RX_BYTES]);
633         if (stats[NL80211_STA_STAT_TX_BYTES])
634                 data->rx_bytes = nla_get_u32(stats[NL80211_STA_STAT_TX_BYTES]);
635
636         return NL_SKIP;
637 }
638
639 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
640                               const u8 *addr)
641 {
642         struct i802_driver_data *drv = priv;
643         struct nl_msg *msg;
644         struct nl_cb *cb = NULL;
645         int ret = -1;
646         int err = 0;
647         int finished = 0;
648
649         msg = nlmsg_alloc();
650         if (!msg)
651                 goto out;
652
653         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
654                     0, NL80211_CMD_GET_STATION, 0);
655
656         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
657         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
658
659         cb = nl_cb_alloc(NL_CB_CUSTOM);
660         if (!cb)
661                 goto out;
662
663         if (nl_send_auto_complete(drv->nl_handle, msg) < 0)
664                 goto out;
665
666         nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, get_sta_handler, data);
667         nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_wait_handler, &finished);
668
669         err = nl_recvmsgs(drv->nl_handle, cb);
670
671         if (!finished)
672                 err = nl_wait_for_ack(drv->nl_handle);
673
674         if (err < 0)
675                 goto out;
676
677         ret = 0;
678
679  out:
680         nl_cb_put(cb);
681  nla_put_failure:
682         nlmsg_free(msg);
683         return ret;
684
685 }
686
687
688 static int i802_send_eapol(void *priv, const u8 *addr, const u8 *data,
689                            size_t data_len, int encrypt, const u8 *own_addr)
690 {
691         struct i802_driver_data *drv = priv;
692         struct ieee80211_hdr *hdr;
693         size_t len;
694         u8 *pos;
695         int res;
696 #if 0 /* FIX */
697         int qos = sta->flags & WLAN_STA_WME;
698 #else
699         int qos = 0;
700 #endif
701
702         len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
703                 data_len;
704         hdr = os_zalloc(len);
705         if (hdr == NULL) {
706                 printf("malloc() failed for i802_send_data(len=%lu)\n",
707                        (unsigned long) len);
708                 return -1;
709         }
710
711         hdr->frame_control =
712                 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
713         hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
714         if (encrypt)
715                 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
716 #if 0 /* To be enabled if qos determination is added above */
717         if (qos) {
718                 hdr->frame_control |=
719                         host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
720         }
721 #endif
722
723         memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
724         memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
725         memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
726         pos = (u8 *) (hdr + 1);
727
728 #if 0 /* To be enabled if qos determination is added above */
729         if (qos) {
730                 /* add an empty QoS header if needed */
731                 pos[0] = 0;
732                 pos[1] = 0;
733                 pos += 2;
734         }
735 #endif
736
737         memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
738         pos += sizeof(rfc1042_header);
739         WPA_PUT_BE16(pos, ETH_P_PAE);
740         pos += 2;
741         memcpy(pos, data, data_len);
742
743         res = i802_send_mgmt_frame(drv, (u8 *) hdr, len, 0);
744         free(hdr);
745
746         if (res < 0) {
747                 perror("i802_send_eapol: send");
748                 printf("i802_send_eapol - packet len: %lu - failed\n",
749                        (unsigned long) len);
750         }
751
752         return res;
753 }
754
755
756 static int i802_sta_add(const char *ifname, void *priv, const u8 *addr,
757                         u16 aid, u16 capability, u8 *supp_rates,
758                         size_t supp_rates_len, int flags, u16 listen_interval)
759 {
760         struct i802_driver_data *drv = priv;
761         struct nl_msg *msg;
762         int ret = -1;
763
764         msg = nlmsg_alloc();
765         if (!msg)
766                 goto out;
767
768         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
769                     0, NL80211_CMD_NEW_STATION, 0);
770
771         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
772                     if_nametoindex(drv->iface));
773         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
774         NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, aid);
775         NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, supp_rates_len,
776                 supp_rates);
777         NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, listen_interval);
778
779         ret = nl_send_auto_complete(drv->nl_handle, msg);
780         if (ret < 0)
781                 goto nla_put_failure;
782
783         ret = nl_wait_for_ack(drv->nl_handle);
784         /* ignore EEXIST, this happens if a STA associates while associated */
785         if (ret == -EEXIST || ret >= 0)
786                 ret = 0;
787
788  nla_put_failure:
789         nlmsg_free(msg);
790
791  out:
792         return ret;
793 }
794
795
796 static int i802_sta_remove(void *priv, const u8 *addr)
797 {
798         struct i802_driver_data *drv = priv;
799         struct nl_msg *msg;
800         int ret = -1;
801
802         msg = nlmsg_alloc();
803         if (!msg)
804                 goto out;
805
806         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
807                     0, NL80211_CMD_DEL_STATION, 0);
808
809         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
810                     if_nametoindex(drv->iface));
811         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
812
813         ret = 0;
814
815         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
816             nl_wait_for_ack(drv->nl_handle) < 0) {
817                 ret = -1;
818         }
819
820  nla_put_failure:
821         nlmsg_free(msg);
822
823  out:
824         return ret;
825 }
826
827
828 static int i802_sta_set_flags(void *priv, const u8 *addr,
829                               int total_flags, int flags_or, int flags_and)
830 {
831         struct i802_driver_data *drv = priv;
832         struct nl_msg *msg, *flags = NULL;
833         int ret = -1;
834
835         msg = nlmsg_alloc();
836         if (!msg)
837                 goto out;
838
839         flags = nlmsg_alloc();
840         if (!flags)
841                 goto free_msg;
842
843         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
844                     0, NL80211_CMD_SET_STATION, 0);
845
846         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
847                     if_nametoindex(drv->iface));
848         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
849
850         if (total_flags & WLAN_STA_AUTHORIZED || !drv->ieee802_1x_active)
851                 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
852
853         if (total_flags & WLAN_STA_WME)
854                 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
855
856         if (total_flags & WLAN_STA_SHORT_PREAMBLE)
857                 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
858
859         if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
860                 goto nla_put_failure;
861
862         ret = 0;
863
864         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
865             nl_wait_for_ack(drv->nl_handle) < 0) {
866                 ret = -1;
867         }
868
869  nla_put_failure:
870         nlmsg_free(flags);
871
872  free_msg:
873         nlmsg_free(msg);
874
875  out:
876         return ret;
877 }
878
879
880 static int i802_set_channel_flag(void *priv, int mode, int chan, int flag,
881                                  unsigned char power_level,
882                                  unsigned char antenna_max)
883 {
884         return -1;
885 }
886
887
888 static int i802_set_regulatory_domain(void *priv, unsigned int rd)
889 {
890         return -1;
891 }
892
893
894 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
895                                     int cw_min, int cw_max, int burst_time)
896 {
897         return -1;
898 }
899
900
901 static void nl80211_remove_iface(struct i802_driver_data *drv, int ifidx)
902 {
903         struct nl_msg *msg;
904
905         /* stop listening for EAPOL on this interface */
906         del_ifidx(drv, ifidx);
907
908         msg = nlmsg_alloc();
909         if (!msg)
910                 goto nla_put_failure;
911
912         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
913                     0, NL80211_CMD_DEL_INTERFACE, 0);
914         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
915         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
916             nl_wait_for_ack(drv->nl_handle) < 0)
917         nla_put_failure:
918                 printf("Failed to remove interface.\n");
919         nlmsg_free(msg);
920 }
921
922
923 static int nl80211_create_iface(struct i802_driver_data *drv,
924                                 const char *ifname,
925                                 enum nl80211_iftype iftype,
926                                 const u8 *addr)
927 {
928         struct nl_msg *msg, *flags = NULL;
929         int ifidx;
930         struct ifreq ifreq;
931         struct iwreq iwr;
932
933         msg = nlmsg_alloc();
934         if (!msg)
935                 return -1;
936
937         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
938                     0, NL80211_CMD_NEW_INTERFACE, 0);
939         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
940                     if_nametoindex(drv->hapd->conf->iface));
941         NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
942         NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
943
944         if (iftype == NL80211_IFTYPE_MONITOR) {
945                 int err;
946
947                 flags = nlmsg_alloc();
948                 if (!flags)
949                         goto nla_put_failure;
950
951                 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
952
953                 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
954
955                 nlmsg_free(flags);
956
957                 if (err)
958                         goto nla_put_failure;
959         }
960
961         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
962             nl_wait_for_ack(drv->nl_handle) < 0) {
963  nla_put_failure:
964                 printf("Failed to create interface %s.\n", ifname);
965                 nlmsg_free(msg);
966                 return -1;
967         }
968
969         nlmsg_free(msg);
970
971         ifidx = if_nametoindex(ifname);
972
973         if (ifidx <= 0)
974                 return -1;
975
976         /* start listening for EAPOL on this interface */
977         add_ifidx(drv, ifidx);
978
979         if (addr) {
980                 switch (iftype) {
981                 case NL80211_IFTYPE_AP:
982                         os_strlcpy(ifreq.ifr_name, ifname, IFNAMSIZ);
983                         memcpy(ifreq.ifr_hwaddr.sa_data, addr, ETH_ALEN);
984                         ifreq.ifr_hwaddr.sa_family = ARPHRD_ETHER;
985
986                         if (ioctl(drv->ioctl_sock, SIOCSIFHWADDR, &ifreq)) {
987                                 nl80211_remove_iface(drv, ifidx);
988                                 return -1;
989                         }
990                         break;
991                 case NL80211_IFTYPE_WDS:
992                         memset(&iwr, 0, sizeof(iwr));
993                         os_strlcpy(iwr.ifr_name, ifname, IFNAMSIZ);
994                         iwr.u.addr.sa_family = ARPHRD_ETHER;
995                         memcpy(iwr.u.addr.sa_data, addr, ETH_ALEN);
996                         if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr))
997                                 return -1;
998                         break;
999                 default:
1000                         /* nothing */
1001                         break;
1002                 }
1003         }
1004
1005         return ifidx;
1006 }
1007
1008
1009 static int i802_bss_add(void *priv, const char *ifname, const u8 *bssid)
1010 {
1011         int ifidx;
1012
1013         /*
1014          * The kernel supports that when the low-level driver does,
1015          * but we currently don't because we need per-BSS data that
1016          * currently we can't handle easily.
1017          */
1018         return -1;
1019
1020         ifidx = nl80211_create_iface(priv, ifname, NL80211_IFTYPE_AP, bssid);
1021         if (ifidx < 0)
1022                 return -1;
1023         if (hostapd_set_iface_flags(priv, ifname, 1)) {
1024                 nl80211_remove_iface(priv, ifidx);
1025                 return -1;
1026         }
1027         return 0;
1028 }
1029
1030
1031 static int i802_bss_remove(void *priv, const char *ifname)
1032 {
1033         nl80211_remove_iface(priv, if_nametoindex(ifname));
1034         return 0;
1035 }
1036
1037
1038 static int i802_set_beacon(const char *iface, void *priv,
1039                            u8 *head, size_t head_len,
1040                            u8 *tail, size_t tail_len)
1041 {
1042         struct i802_driver_data *drv = priv;
1043         struct nl_msg *msg;
1044         u8 cmd = NL80211_CMD_NEW_BEACON;
1045         int ret = -1;
1046
1047         msg = nlmsg_alloc();
1048         if (!msg)
1049                 goto out;
1050
1051         if (drv->beacon_set)
1052                 cmd = NL80211_CMD_SET_BEACON;
1053
1054         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1055                     0, cmd, 0);
1056         NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
1057         NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
1058         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
1059         NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, 1000);
1060
1061         if (!drv->dtim_period)
1062                 drv->dtim_period = 2;
1063         NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, drv->dtim_period);
1064
1065         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
1066             nl_wait_for_ack(drv->nl_handle) < 0)
1067                 goto out;
1068
1069         ret = 0;
1070
1071         drv->beacon_set = 1;
1072
1073  out:
1074  nla_put_failure:
1075         nlmsg_free(msg);
1076         return ret;
1077 }
1078
1079
1080 static int i802_del_beacon(struct i802_driver_data *drv)
1081 {
1082         struct nl_msg *msg;
1083         int ret = -1;
1084
1085         msg = nlmsg_alloc();
1086         if (!msg)
1087                 goto out;
1088
1089         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1090                     0, NL80211_CMD_DEL_BEACON, 0);
1091         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
1092
1093         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
1094             nl_wait_for_ack(drv->nl_handle) < 0)
1095                 goto out;
1096
1097         ret = 0;
1098
1099  out:
1100  nla_put_failure:
1101         nlmsg_free(msg);
1102         return ret;
1103 }
1104
1105
1106 static int i802_set_ieee8021x(const char *ifname, void *priv, int enabled)
1107 {
1108         struct i802_driver_data *drv = priv;
1109
1110         /*
1111          * FIXME: This needs to be per interface (BSS)
1112          */
1113         drv->ieee802_1x_active = enabled;
1114         return 0;
1115 }
1116
1117
1118 static int i802_set_privacy(const char *ifname, void *priv, int enabled)
1119 {
1120         struct i802_driver_data *drv = priv;
1121         struct iwreq iwr;
1122
1123         memset(&iwr, 0, sizeof(iwr));
1124
1125         os_strlcpy(iwr.ifr_name, ifname, IFNAMSIZ);
1126         iwr.u.param.flags = IW_AUTH_PRIVACY_INVOKED;
1127         iwr.u.param.value = enabled;
1128
1129         ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr);
1130
1131         /* ignore errors, the kernel/driver might not care */
1132         return 0;
1133 }
1134
1135
1136 static int i802_set_internal_bridge(void *priv, int value)
1137 {
1138         return -1;
1139 }
1140
1141
1142 static int i802_set_beacon_int(void *priv, int value)
1143 {
1144         struct i802_driver_data *drv = priv;
1145         struct nl_msg *msg;
1146         int ret = -1;
1147
1148         msg = nlmsg_alloc();
1149         if (!msg)
1150                 goto out;
1151
1152         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1153                     0, NL80211_CMD_SET_BEACON, 0);
1154         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
1155
1156         NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, value);
1157
1158         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
1159             nl_wait_for_ack(drv->nl_handle) < 0)
1160                 goto out;
1161
1162         ret = 0;
1163
1164  out:
1165  nla_put_failure:
1166         nlmsg_free(msg);
1167         return ret;
1168 }
1169
1170
1171 static int i802_set_dtim_period(const char *iface, void *priv, int value)
1172 {
1173         struct i802_driver_data *drv = priv;
1174         struct nl_msg *msg;
1175         int ret = -1;
1176
1177         msg = nlmsg_alloc();
1178         if (!msg)
1179                 goto out;
1180
1181         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1182                     0, NL80211_CMD_SET_BEACON, 0);
1183         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
1184
1185         drv->dtim_period = value;
1186         NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, drv->dtim_period);
1187
1188         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
1189             nl_wait_for_ack(drv->nl_handle) < 0)
1190                 goto out;
1191
1192         ret = 0;
1193
1194  out:
1195  nla_put_failure:
1196         nlmsg_free(msg);
1197         return ret;
1198 }
1199
1200
1201 static int i802_set_cts_protect(void *priv, int value)
1202 {
1203         return -1;
1204 }
1205
1206
1207 static int i802_set_preamble(void *priv, int value)
1208 {
1209         return -1;
1210 }
1211
1212
1213 static int i802_set_short_slot_time(void *priv, int value)
1214 {
1215         return -1;
1216 }
1217
1218
1219 static enum nl80211_iftype i802_if_type(enum hostapd_driver_if_type type)
1220 {
1221         switch (type) {
1222         case HOSTAPD_IF_VLAN:
1223                 return NL80211_IFTYPE_AP_VLAN;
1224         case HOSTAPD_IF_WDS:
1225                 return NL80211_IFTYPE_WDS;
1226         }
1227         return -1;
1228 }
1229
1230
1231 static int i802_if_add(const char *iface, void *priv,
1232                        enum hostapd_driver_if_type type, char *ifname,
1233                        const u8 *addr)
1234 {
1235         if (nl80211_create_iface(priv, ifname, i802_if_type(type), addr) < 0)
1236                 return -1;
1237         return 0;
1238 }
1239
1240
1241 static int i802_if_update(void *priv, enum hostapd_driver_if_type type,
1242                           char *ifname, const u8 *addr)
1243 {
1244         /* unused at the moment */
1245         return -1;
1246 }
1247
1248
1249 static int i802_if_remove(void *priv, enum hostapd_driver_if_type type,
1250                           const char *ifname, const u8 *addr)
1251 {
1252         nl80211_remove_iface(priv, if_nametoindex(ifname));
1253         return 0;
1254 }
1255
1256
1257 struct phy_info_arg {
1258         u16 *num_modes;
1259         struct hostapd_hw_modes *modes;
1260         int error;
1261 };
1262
1263 static int phy_info_handler(struct nl_msg *msg, void *arg)
1264 {
1265         struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
1266         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1267         struct phy_info_arg *phy_info = arg;
1268
1269         struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
1270
1271         struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
1272         static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
1273                 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
1274                 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
1275                 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
1276                 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
1277                 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
1278         };
1279
1280         struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
1281         static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
1282                 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
1283                 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
1284         };
1285
1286         struct nlattr *nl_band;
1287         struct nlattr *nl_freq;
1288         struct nlattr *nl_rate;
1289         int rem_band, rem_freq, rem_rate;
1290         struct hostapd_hw_modes *mode;
1291         int idx, mode_is_set;
1292
1293         nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1294                   genlmsg_attrlen(gnlh, 0), NULL);
1295
1296         if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
1297                 return NL_SKIP;
1298
1299         nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
1300                 mode = realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
1301                 if (!mode)
1302                         return NL_SKIP;
1303                 phy_info->modes = mode;
1304
1305                 mode_is_set = 0;
1306
1307                 mode = &phy_info->modes[*(phy_info->num_modes)];
1308                 memset(mode, 0, sizeof(*mode));
1309                 *(phy_info->num_modes) += 1;
1310
1311                 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
1312                           nla_len(nl_band), NULL);
1313
1314                 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
1315                         nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
1316                                   nla_len(nl_freq), freq_policy);
1317                         if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
1318                                 continue;
1319                         mode->num_channels++;
1320                 }
1321
1322                 mode->channels = calloc(mode->num_channels, sizeof(struct hostapd_channel_data));
1323                 if (!mode->channels)
1324                         return NL_SKIP;
1325
1326                 idx = 0;
1327
1328                 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
1329                         nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
1330                                   nla_len(nl_freq), freq_policy);
1331                         if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
1332                                 continue;
1333
1334                         mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
1335                         mode->channels[idx].flag |= HOSTAPD_CHAN_W_SCAN |
1336                                                     HOSTAPD_CHAN_W_ACTIVE_SCAN |
1337                                                     HOSTAPD_CHAN_W_IBSS;
1338
1339                         if (!mode_is_set) {
1340                                 /* crude heuristic */
1341                                 if (mode->channels[idx].freq < 4000)
1342                                         mode->mode = HOSTAPD_MODE_IEEE80211B;
1343                                 else
1344                                         mode->mode = HOSTAPD_MODE_IEEE80211A;
1345                                 mode_is_set = 1;
1346                         }
1347
1348                         /* crude heuristic */
1349                         if (mode->channels[idx].freq < 4000)
1350                                 if (mode->channels[idx].freq == 2848)
1351                                         mode->channels[idx].chan = 14;
1352                                 else
1353                                         mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
1354                         else
1355                                 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
1356
1357                         if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
1358                                 mode->channels[idx].flag &= ~HOSTAPD_CHAN_W_SCAN;
1359                         if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
1360                                 mode->channels[idx].flag &= ~HOSTAPD_CHAN_W_ACTIVE_SCAN;
1361                         if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
1362                                 mode->channels[idx].flag &= ~HOSTAPD_CHAN_W_IBSS;
1363                         idx++;
1364                 }
1365
1366                 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
1367                         nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
1368                                   nla_len(nl_rate), rate_policy);
1369                         if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
1370                                 continue;
1371                         mode->num_rates++;
1372                 }
1373
1374                 mode->rates = calloc(mode->num_rates, sizeof(struct hostapd_rate_data));
1375                 if (!mode->rates)
1376                         return NL_SKIP;
1377
1378                 idx = 0;
1379
1380                 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
1381                         nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
1382                                   nla_len(nl_rate), rate_policy);
1383                         if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
1384                                 continue;
1385                         mode->rates[idx].rate = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
1386
1387                         /* crude heuristic */
1388                         if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
1389                             mode->rates[idx].rate > 200)
1390                                 mode->mode = HOSTAPD_MODE_IEEE80211G;
1391
1392                         if (tb_rate[NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE])
1393                                 mode->rates[idx].flags |= HOSTAPD_RATE_PREAMBLE2;
1394
1395                         idx++;
1396                 }
1397         }
1398
1399         phy_info->error = 0;
1400
1401         return NL_SKIP;
1402 }
1403
1404 static struct hostapd_hw_modes *i802_get_hw_feature_data(void *priv,
1405                                                          u16 *num_modes,
1406                                                          u16 *flags)
1407 {
1408         struct i802_driver_data *drv = priv;
1409         struct nl_msg *msg;
1410         int err = -1;
1411         struct nl_cb *cb = NULL;
1412         int finished;
1413         struct phy_info_arg result = {
1414                 .num_modes = num_modes,
1415                 .modes = NULL,
1416                 .error = 1,
1417         };
1418
1419         *num_modes = 0;
1420         *flags = 0;
1421
1422         msg = nlmsg_alloc();
1423         if (!msg)
1424                 return NULL;
1425
1426         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1427                     0, NL80211_CMD_GET_WIPHY, 0);
1428
1429         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
1430
1431         cb = nl_cb_alloc(NL_CB_CUSTOM);
1432         if (!cb)
1433                 goto out;
1434
1435         if (nl_send_auto_complete(drv->nl_handle, msg) < 0)
1436                 goto out;
1437
1438         nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, phy_info_handler, &result);
1439         nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_wait_handler, &finished);
1440
1441         err = nl_recvmsgs(drv->nl_handle, cb);
1442
1443         if (!finished)
1444                 err = nl_wait_for_ack(drv->nl_handle);
1445
1446         if (err < 0 || result.error) {
1447                 hostapd_free_hw_features(result.modes, *num_modes);
1448                 result.modes = NULL;
1449         }
1450
1451  out:
1452         nl_cb_put(cb);
1453  nla_put_failure:
1454         if (err)
1455                 fprintf(stderr, "failed to get information: %d\n", err);
1456         nlmsg_free(msg);
1457         return result.modes;
1458 }
1459
1460
1461 static int i802_set_sta_vlan(void *priv, const u8 *addr,
1462                              const char *ifname, int vlan_id)
1463 {
1464         struct i802_driver_data *drv = priv;
1465         struct nl_msg *msg;
1466         int ret = -1;
1467
1468         msg = nlmsg_alloc();
1469         if (!msg)
1470                 goto out;
1471
1472         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1473                     0, NL80211_CMD_SET_STATION, 0);
1474
1475         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
1476                     if_nametoindex(drv->iface));
1477         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
1478         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
1479                     if_nametoindex(ifname));
1480
1481         ret = 0;
1482
1483         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
1484             (errno = nl_wait_for_ack(drv->nl_handle) < 0)) {
1485                 ret = -1;
1486         }
1487
1488  nla_put_failure:
1489         nlmsg_free(msg);
1490
1491  out:
1492         return ret;
1493 }
1494
1495
1496 static void handle_unknown_sta(struct hostapd_data *hapd, u8 *ta)
1497 {
1498         struct sta_info *sta;
1499
1500         sta = ap_get_sta(hapd, ta);
1501         if (!sta || !(sta->flags & WLAN_STA_ASSOC)) {
1502                 printf("Data/PS-poll frame from not associated STA "
1503                        MACSTR "\n", MAC2STR(ta));
1504                 if (sta && (sta->flags & WLAN_STA_AUTH))
1505                         hostapd_sta_disassoc(
1506                                 hapd, ta,
1507                                 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
1508                 else
1509                         hostapd_sta_deauth(
1510                                 hapd, ta,
1511                                 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
1512         }
1513 }
1514
1515
1516 static void handle_tx_callback(struct hostapd_data *hapd, u8 *buf, size_t len,
1517                                int ok)
1518 {
1519         struct ieee80211_hdr *hdr;
1520         u16 fc, type, stype;
1521         struct sta_info *sta;
1522
1523         hdr = (struct ieee80211_hdr *) buf;
1524         fc = le_to_host16(hdr->frame_control);
1525
1526         type = WLAN_FC_GET_TYPE(fc);
1527         stype = WLAN_FC_GET_STYPE(fc);
1528
1529         switch (type) {
1530         case WLAN_FC_TYPE_MGMT:
1531                 wpa_printf(MSG_DEBUG, "MGMT (TX callback) %s",
1532                            ok ? "ACK" : "fail");
1533                 ieee802_11_mgmt_cb(hapd, buf, len, stype, ok);
1534                 break;
1535         case WLAN_FC_TYPE_CTRL:
1536                 wpa_printf(MSG_DEBUG, "CTRL (TX callback) %s",
1537                            ok ? "ACK" : "fail");
1538                 break;
1539         case WLAN_FC_TYPE_DATA:
1540                 wpa_printf(MSG_DEBUG, "DATA (TX callback) %s",
1541                            ok ? "ACK" : "fail");
1542                 sta = ap_get_sta(hapd, hdr->addr1);
1543                 if (sta && sta->flags & WLAN_STA_PENDING_POLL) {
1544                         wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending "
1545                                    "activity poll", MAC2STR(sta->addr),
1546                                    ok ? "ACKed" : "did not ACK");
1547                         if (ok)
1548                                 sta->flags &= ~WLAN_STA_PENDING_POLL;
1549                 }
1550                 if (sta)
1551                         ieee802_1x_tx_status(hapd, sta, buf, len, ok);
1552                 break;
1553         default:
1554                 printf("unknown TX callback frame type %d\n", type);
1555                 break;
1556         }
1557 }
1558
1559
1560 static void handle_frame(struct hostapd_iface *iface, u8 *buf, size_t len,
1561                          struct hostapd_frame_info *hfi,
1562                          enum ieee80211_msg_type msg_type)
1563 {
1564         struct ieee80211_hdr *hdr;
1565         u16 fc, type, stype;
1566         size_t data_len = len;
1567         struct hostapd_data *hapd = NULL;
1568         int broadcast_bssid = 0;
1569         size_t i;
1570         u8 *bssid;
1571
1572         /*
1573          * PS-Poll frames are 16 bytes. All other frames are
1574          * 24 bytes or longer.
1575          */
1576         if (len < 16)
1577                 return;
1578
1579         hdr = (struct ieee80211_hdr *) buf;
1580         fc = le_to_host16(hdr->frame_control);
1581
1582         type = WLAN_FC_GET_TYPE(fc);
1583         stype = WLAN_FC_GET_STYPE(fc);
1584
1585         switch (type) {
1586         case WLAN_FC_TYPE_DATA:
1587                 if (len < 24)
1588                         return;
1589                 switch (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) {
1590                 case WLAN_FC_TODS:
1591                         bssid = hdr->addr1;
1592                         break;
1593                 default:
1594                         /* discard */
1595                         return;
1596                 }
1597                 break;
1598         case WLAN_FC_TYPE_CTRL:
1599                 /* discard non-ps-poll frames */
1600                 if (stype != WLAN_FC_STYPE_PSPOLL)
1601                         return;
1602                 bssid = hdr->addr1;
1603                 break;
1604         case WLAN_FC_TYPE_MGMT:
1605                 bssid = hdr->addr3;
1606                 break;
1607         default:
1608                 /* discard */
1609                 return;
1610         }
1611
1612         /* find interface frame belongs to */
1613         for (i = 0; i < iface->num_bss; i++) {
1614                 if (memcmp(bssid, iface->bss[i]->own_addr, ETH_ALEN) == 0) {
1615                         hapd = iface->bss[i];
1616                         break;
1617                 }
1618         }
1619
1620         if (hapd == NULL) {
1621                 hapd = iface->bss[0];
1622
1623                 if (bssid[0] != 0xff || bssid[1] != 0xff ||
1624                     bssid[2] != 0xff || bssid[3] != 0xff ||
1625                     bssid[4] != 0xff || bssid[5] != 0xff) {
1626                         /*
1627                          * Unknown BSSID - drop frame if this is not from
1628                          * passive scanning or a beacon (at least ProbeReq
1629                          * frames to other APs may be allowed through RX
1630                          * filtering in the wlan hw/driver)
1631                          */
1632                         if ((type != WLAN_FC_TYPE_MGMT ||
1633                              stype != WLAN_FC_STYPE_BEACON))
1634                                 return;
1635                 } else
1636                         broadcast_bssid = 1;
1637         }
1638
1639         switch (msg_type) {
1640         case ieee80211_msg_normal:
1641                 /* continue processing */
1642                 break;
1643         case ieee80211_msg_tx_callback_ack:
1644                 handle_tx_callback(hapd, buf, data_len, 1);
1645                 return;
1646         case ieee80211_msg_tx_callback_fail:
1647                 handle_tx_callback(hapd, buf, data_len, 0);
1648                 return;
1649         }
1650
1651         switch (type) {
1652         case WLAN_FC_TYPE_MGMT:
1653                 if (stype != WLAN_FC_STYPE_BEACON &&
1654                     stype != WLAN_FC_STYPE_PROBE_REQ)
1655                         wpa_printf(MSG_MSGDUMP, "MGMT");
1656                 if (broadcast_bssid) {
1657                         for (i = 0; i < iface->num_bss; i++)
1658                                 ieee802_11_mgmt(iface->bss[i], buf, data_len,
1659                                                 stype, hfi);
1660                 } else
1661                         ieee802_11_mgmt(hapd, buf, data_len, stype, hfi);
1662                 break;
1663         case WLAN_FC_TYPE_CTRL:
1664                 /* can only get here with PS-Poll frames */
1665                 wpa_printf(MSG_DEBUG, "CTRL");
1666                 handle_unknown_sta(hapd, hdr->addr2);
1667                 break;
1668         case WLAN_FC_TYPE_DATA:
1669                 wpa_printf(MSG_DEBUG, "DATA");
1670                 handle_unknown_sta(hapd, hdr->addr2);
1671                 break;
1672         }
1673 }
1674
1675
1676 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
1677 {
1678         struct i802_driver_data *drv = eloop_ctx;
1679         struct hostapd_data *hapd = drv->hapd;
1680         struct sockaddr_ll lladdr;
1681         unsigned char buf[3000];
1682         int len;
1683         socklen_t fromlen = sizeof(lladdr);
1684
1685         len = recvfrom(sock, buf, sizeof(buf), 0,
1686                        (struct sockaddr *)&lladdr, &fromlen);
1687         if (len < 0) {
1688                 perror("recv");
1689                 return;
1690         }
1691
1692         if (have_ifidx(drv, lladdr.sll_ifindex))
1693                 ieee802_1x_receive(hapd, lladdr.sll_addr, buf, len);
1694 }
1695
1696
1697 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
1698 {
1699         struct i802_driver_data *drv = eloop_ctx;
1700         int len;
1701         unsigned char buf[3000];
1702         struct hostapd_data *hapd = drv->hapd;
1703         struct ieee80211_radiotap_iterator iter;
1704         int ret;
1705         struct hostapd_frame_info hfi;
1706         int injected = 0, failed = 0, msg_type, rxflags = 0;
1707
1708         len = recv(sock, buf, sizeof(buf), 0);
1709         if (len < 0) {
1710                 perror("recv");
1711                 return;
1712         }
1713
1714         if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
1715                 printf("received invalid radiotap frame\n");
1716                 return;
1717         }
1718
1719         memset(&hfi, 0, sizeof(hfi));
1720
1721         while (1) {
1722                 ret = ieee80211_radiotap_iterator_next(&iter);
1723                 if (ret == -ENOENT)
1724                         break;
1725                 if (ret) {
1726                         printf("received invalid radiotap frame (%d)\n", ret);
1727                         return;
1728                 }
1729                 switch (iter.this_arg_index) {
1730                 case IEEE80211_RADIOTAP_FLAGS:
1731                         if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
1732                                 len -= 4;
1733                         break;
1734                 case IEEE80211_RADIOTAP_RX_FLAGS:
1735                         rxflags = 1;
1736                         break;
1737                 case IEEE80211_RADIOTAP_TX_FLAGS:
1738                         injected = 1;
1739                         failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
1740                                         IEEE80211_RADIOTAP_F_TX_FAIL;
1741                         break;
1742                 case IEEE80211_RADIOTAP_DATA_RETRIES:
1743                         break;
1744                 case IEEE80211_RADIOTAP_CHANNEL:
1745                         /* TODO convert from freq/flags to channel number
1746                         hfi.channel = XXX;
1747                         hfi.phytype = XXX;
1748                          */
1749                         break;
1750                 case IEEE80211_RADIOTAP_RATE:
1751                         hfi.datarate = *iter.this_arg * 5;
1752                         break;
1753                 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
1754                         hfi.ssi_signal = *iter.this_arg;
1755                         break;
1756                 }
1757         }
1758
1759         if (rxflags && injected)
1760                 return;
1761
1762         if (!injected)
1763                 msg_type = ieee80211_msg_normal;
1764         else if (failed)
1765                 msg_type = ieee80211_msg_tx_callback_fail;
1766         else
1767                 msg_type = ieee80211_msg_tx_callback_ack;
1768
1769         handle_frame(hapd->iface, buf + iter.max_length,
1770                      len - iter.max_length, &hfi, msg_type);
1771 }
1772
1773
1774 static int nl80211_create_monitor_interface(struct i802_driver_data *drv)
1775 {
1776         char buf[IFNAMSIZ];
1777         struct sockaddr_ll ll;
1778         int optval;
1779         socklen_t optlen;
1780
1781         snprintf(buf, IFNAMSIZ, "mon.%s", drv->iface);
1782         buf[IFNAMSIZ - 1] = '\0';
1783
1784         drv->monitor_ifidx =
1785                 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL);
1786
1787         if (drv->monitor_ifidx < 0)
1788                 return -1;
1789
1790         if (hostapd_set_iface_flags(drv, buf, 1))
1791                 goto error;
1792
1793         memset(&ll, 0, sizeof(ll));
1794         ll.sll_family = AF_PACKET;
1795         ll.sll_ifindex = drv->monitor_ifidx;
1796         drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
1797         if (drv->monitor_sock < 0) {
1798                 perror("socket[PF_PACKET,SOCK_RAW]");
1799                 goto error;
1800         }
1801
1802         if (bind(drv->monitor_sock, (struct sockaddr *) &ll,
1803                  sizeof(ll)) < 0) {
1804                 perror("monitor socket bind");
1805                 goto error;
1806         }
1807
1808         optlen = sizeof(optval);
1809         optval = 20;
1810         if (setsockopt
1811             (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
1812                 perror("Failed to set socket priority");
1813                 goto error;
1814         }
1815
1816         if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
1817                                      drv, NULL)) {
1818                 printf("Could not register monitor read socket\n");
1819                 goto error;
1820         }
1821
1822         return 0;
1823  error:
1824         nl80211_remove_iface(drv, drv->monitor_ifidx);
1825         return -1;
1826 }
1827
1828
1829 static int nl80211_set_master_mode(struct i802_driver_data *drv,
1830                                    const char *ifname)
1831 {
1832         struct nl_msg *msg;
1833
1834         msg = nlmsg_alloc();
1835         if (!msg)
1836                 return -1;
1837
1838         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1839                     0, NL80211_CMD_SET_INTERFACE, 0);
1840         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
1841                     if_nametoindex(ifname));
1842         NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, NL80211_IFTYPE_AP);
1843
1844         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
1845             nl_wait_for_ack(drv->nl_handle) < 0) {
1846  nla_put_failure:
1847                 wpa_printf(MSG_ERROR, "Failed to set interface %s to master "
1848                            "mode.", ifname);
1849                 nlmsg_free(msg);
1850                 return -1;
1851         }
1852
1853         nlmsg_free(msg);
1854
1855         return 0;
1856 }
1857   
1858
1859 static int i802_init_sockets(struct i802_driver_data *drv, const u8 *bssid)
1860 {
1861         struct ifreq ifr;
1862         struct sockaddr_ll addr;
1863
1864         drv->ioctl_sock = -1;
1865
1866         drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1867         if (drv->ioctl_sock < 0) {
1868                 perror("socket[PF_INET,SOCK_DGRAM]");
1869                 return -1;
1870         }
1871
1872         /* start listening for EAPOL on the default AP interface */
1873         add_ifidx(drv, if_nametoindex(drv->iface));
1874
1875         if (hostapd_set_iface_flags(drv, drv->iface, 0))
1876                 return -1;
1877
1878         if (bssid) {
1879                 os_strlcpy(ifr.ifr_name, drv->iface, IFNAMSIZ);
1880                 memcpy(ifr.ifr_hwaddr.sa_data, bssid, ETH_ALEN);
1881                 ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;
1882
1883                 if (ioctl(drv->ioctl_sock, SIOCSIFHWADDR, &ifr)) {
1884                         perror("ioctl(SIOCSIFHWADDR)");
1885                         return -1;
1886                 }
1887         }
1888
1889         /*
1890          * initialise generic netlink and nl80211
1891          */
1892         drv->nl_handle = nl_handle_alloc();
1893         if (!drv->nl_handle) {
1894                 printf("Failed to allocate netlink handle.\n");
1895                 return -1;
1896         }
1897
1898         if (genl_connect(drv->nl_handle)) {
1899                 printf("Failed to connect to generic netlink.\n");
1900                 return -1;
1901         }
1902
1903         drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
1904         if (!drv->nl_cache) {
1905                 printf("Failed to allocate generic netlink cache.\n");
1906                 return -1;
1907         }
1908
1909         drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
1910         if (!drv->nl80211) {
1911                 printf("nl80211 not found.\n");
1912                 return -1;
1913         }
1914
1915         /* Initialise a monitor interface */
1916         if (nl80211_create_monitor_interface(drv))
1917                 return -1;
1918
1919         if (nl80211_set_master_mode(drv, drv->iface))
1920                 return -1;
1921
1922         if (hostapd_set_iface_flags(drv, drv->iface, 1))
1923                 return -1;
1924
1925         memset(&addr, 0, sizeof(addr));
1926         addr.sll_family = AF_PACKET;
1927         addr.sll_ifindex = ifr.ifr_ifindex;
1928         wpa_printf(MSG_DEBUG, "Opening raw packet socket for ifindex %d",
1929                    addr.sll_ifindex);
1930
1931         drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
1932         if (drv->eapol_sock < 0) {
1933                 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
1934                 return -1;
1935         }
1936
1937         if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
1938         {
1939                 printf("Could not register read socket for eapol\n");
1940                 return -1;
1941         }
1942
1943         memset(&ifr, 0, sizeof(ifr));
1944         os_strlcpy(ifr.ifr_name, drv->iface, sizeof(ifr.ifr_name));
1945         if (ioctl(drv->ioctl_sock, SIOCGIFHWADDR, &ifr) != 0) {
1946                 perror("ioctl(SIOCGIFHWADDR)");
1947                 return -1;
1948         }
1949
1950         if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
1951                 printf("Invalid HW-addr family 0x%04x\n",
1952                        ifr.ifr_hwaddr.sa_family);
1953                 return -1;
1954         }
1955         memcpy(drv->hapd->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
1956
1957         return 0;
1958 }
1959
1960
1961 static int i802_get_inact_sec(void *priv, const u8 *addr)
1962 {
1963         struct hostap_sta_driver_data data;
1964         int ret;
1965
1966         data.inactive_msec = (unsigned long) -1;
1967         ret = i802_read_sta_data(priv, &data, addr);
1968         if (ret || data.inactive_msec == (unsigned long) -1)
1969                 return -1;
1970         return data.inactive_msec / 1000;
1971 }
1972
1973
1974 static int i802_sta_clear_stats(void *priv, const u8 *addr)
1975 {
1976 #if 0
1977         /* TODO */
1978 #endif
1979         return 0;
1980 }
1981
1982
1983 static void
1984 hostapd_wireless_event_wireless_custom(struct i802_driver_data *drv,
1985                                        char *custom)
1986 {
1987         wpa_printf(MSG_DEBUG, "Custom wireless event: '%s'", custom);
1988
1989         if (strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
1990                 char *pos;
1991                 u8 addr[ETH_ALEN];
1992                 pos = strstr(custom, "addr=");
1993                 if (pos == NULL) {
1994                         wpa_printf(MSG_DEBUG,
1995                                    "MLME-MICHAELMICFAILURE.indication "
1996                                    "without sender address ignored");
1997                         return;
1998                 }
1999                 pos += 5;
2000                 if (hwaddr_aton(pos, addr) == 0) {
2001                         ieee80211_michael_mic_failure(drv->hapd, addr, 1);
2002                 } else {
2003                         wpa_printf(MSG_DEBUG,
2004                                    "MLME-MICHAELMICFAILURE.indication "
2005                                    "with invalid MAC address");
2006                 }
2007         }
2008 }
2009
2010
2011 static void hostapd_wireless_event_wireless(struct i802_driver_data *drv,
2012                                             char *data, int len)
2013 {
2014         struct iw_event iwe_buf, *iwe = &iwe_buf;
2015         char *pos, *end, *custom, *buf;
2016
2017         pos = data;
2018         end = data + len;
2019
2020         while (pos + IW_EV_LCP_LEN <= end) {
2021                 /* Event data may be unaligned, so make a local, aligned copy
2022                  * before processing. */
2023                 memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
2024                 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
2025                            iwe->cmd, iwe->len);
2026                 if (iwe->len <= IW_EV_LCP_LEN)
2027                         return;
2028
2029                 custom = pos + IW_EV_POINT_LEN;
2030                 if (drv->we_version > 18 &&
2031                     (iwe->cmd == IWEVMICHAELMICFAILURE ||
2032                      iwe->cmd == IWEVCUSTOM)) {
2033                         /* WE-19 removed the pointer from struct iw_point */
2034                         char *dpos = (char *) &iwe_buf.u.data.length;
2035                         int dlen = dpos - (char *) &iwe_buf;
2036                         memcpy(dpos, pos + IW_EV_LCP_LEN,
2037                                sizeof(struct iw_event) - dlen);
2038                 } else {
2039                         memcpy(&iwe_buf, pos, sizeof(struct iw_event));
2040                         custom += IW_EV_POINT_OFF;
2041                 }
2042
2043                 switch (iwe->cmd) {
2044                 case IWEVCUSTOM:
2045                         if (custom + iwe->u.data.length > end)
2046                                 return;
2047                         buf = malloc(iwe->u.data.length + 1);
2048                         if (buf == NULL)
2049                                 return;
2050                         memcpy(buf, custom, iwe->u.data.length);
2051                         buf[iwe->u.data.length] = '\0';
2052                         hostapd_wireless_event_wireless_custom(drv, buf);
2053                         free(buf);
2054                         break;
2055                 }
2056
2057                 pos += iwe->len;
2058         }
2059 }
2060
2061
2062 static void hostapd_wireless_event_rtm_newlink(struct i802_driver_data *drv,
2063                                                struct nlmsghdr *h, int len)
2064 {
2065         struct ifinfomsg *ifi;
2066         int attrlen, nlmsg_len, rta_len;
2067         struct rtattr *attr;
2068
2069         if (len < (int) sizeof(*ifi))
2070                 return;
2071
2072         ifi = NLMSG_DATA(h);
2073
2074         /* TODO: use ifi->ifi_index to filter out wireless events from other
2075          * interfaces */
2076
2077         nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
2078
2079         attrlen = h->nlmsg_len - nlmsg_len;
2080         if (attrlen < 0)
2081                 return;
2082
2083         attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
2084
2085         rta_len = RTA_ALIGN(sizeof(struct rtattr));
2086         while (RTA_OK(attr, attrlen)) {
2087                 if (attr->rta_type == IFLA_WIRELESS) {
2088                         hostapd_wireless_event_wireless(
2089                                 drv, ((char *) attr) + rta_len,
2090                                 attr->rta_len - rta_len);
2091                 }
2092                 attr = RTA_NEXT(attr, attrlen);
2093         }
2094 }
2095
2096
2097 static void hostapd_wireless_event_receive(int sock, void *eloop_ctx,
2098                                            void *sock_ctx)
2099 {
2100         char buf[256];
2101         int left;
2102         struct sockaddr_nl from;
2103         socklen_t fromlen;
2104         struct nlmsghdr *h;
2105         struct i802_driver_data *drv = eloop_ctx;
2106
2107         fromlen = sizeof(from);
2108         left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
2109                         (struct sockaddr *) &from, &fromlen);
2110         if (left < 0) {
2111                 if (errno != EINTR && errno != EAGAIN)
2112                         perror("recvfrom(netlink)");
2113                 return;
2114         }
2115
2116         h = (struct nlmsghdr *) buf;
2117         while (left >= (int) sizeof(*h)) {
2118                 int len, plen;
2119
2120                 len = h->nlmsg_len;
2121                 plen = len - sizeof(*h);
2122                 if (len > left || plen < 0) {
2123                         printf("Malformed netlink message: "
2124                                "len=%d left=%d plen=%d\n",
2125                                len, left, plen);
2126                         break;
2127                 }
2128
2129                 switch (h->nlmsg_type) {
2130                 case RTM_NEWLINK:
2131                         hostapd_wireless_event_rtm_newlink(drv, h, plen);
2132                         break;
2133                 }
2134
2135                 len = NLMSG_ALIGN(len);
2136                 left -= len;
2137                 h = (struct nlmsghdr *) ((char *) h + len);
2138         }
2139
2140         if (left > 0) {
2141                 printf("%d extra bytes in the end of netlink message\n", left);
2142         }
2143 }
2144
2145
2146 static int hostap_get_we_version(struct i802_driver_data *drv)
2147 {
2148         struct iw_range *range;
2149         struct iwreq iwr;
2150         int minlen;
2151         size_t buflen;
2152
2153         drv->we_version = 0;
2154
2155         /*
2156          * Use larger buffer than struct iw_range in order to allow the
2157          * structure to grow in the future.
2158          */
2159         buflen = sizeof(struct iw_range) + 500;
2160         range = os_zalloc(buflen);
2161         if (range == NULL)
2162                 return -1;
2163
2164         memset(&iwr, 0, sizeof(iwr));
2165         os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
2166         iwr.u.data.pointer = (caddr_t) range;
2167         iwr.u.data.length = buflen;
2168
2169         minlen = ((char *) &range->enc_capa) - (char *) range +
2170                 sizeof(range->enc_capa);
2171
2172         if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
2173                 perror("ioctl[SIOCGIWRANGE]");
2174                 free(range);
2175                 return -1;
2176         } else if (iwr.u.data.length >= minlen &&
2177                    range->we_version_compiled >= 18) {
2178                 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
2179                            "WE(source)=%d enc_capa=0x%x",
2180                            range->we_version_compiled,
2181                            range->we_version_source,
2182                            range->enc_capa);
2183                 drv->we_version = range->we_version_compiled;
2184         }
2185
2186         free(range);
2187         return 0;
2188 }
2189
2190
2191 static int i802_wireless_event_init(void *priv)
2192 {
2193         struct i802_driver_data *drv = priv;
2194         int s;
2195         struct sockaddr_nl local;
2196
2197         hostap_get_we_version(drv);
2198
2199         drv->wext_sock = -1;
2200
2201         s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
2202         if (s < 0) {
2203                 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
2204                 return -1;
2205         }
2206
2207         memset(&local, 0, sizeof(local));
2208         local.nl_family = AF_NETLINK;
2209         local.nl_groups = RTMGRP_LINK;
2210         if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
2211                 perror("bind(netlink)");
2212                 close(s);
2213                 return -1;
2214         }
2215
2216         eloop_register_read_sock(s, hostapd_wireless_event_receive, drv,
2217                                  NULL);
2218         drv->wext_sock = s;
2219
2220         return 0;
2221 }
2222
2223
2224 static void i802_wireless_event_deinit(void *priv)
2225 {
2226         struct i802_driver_data *drv = priv;
2227         if (drv->wext_sock < 0)
2228                 return;
2229         eloop_unregister_read_sock(drv->wext_sock);
2230         close(drv->wext_sock);
2231 }
2232
2233
2234 static int i802_sta_deauth(void *priv, const u8 *addr, int reason)
2235 {
2236         struct i802_driver_data *drv = priv;
2237         struct ieee80211_mgmt mgmt;
2238
2239         memset(&mgmt, 0, sizeof(mgmt));
2240         mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2241                                           WLAN_FC_STYPE_DEAUTH);
2242         memcpy(mgmt.da, addr, ETH_ALEN);
2243         memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN);
2244         memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN);
2245         mgmt.u.deauth.reason_code = host_to_le16(reason);
2246         return i802_send_mgmt_frame(drv, &mgmt, IEEE80211_HDRLEN +
2247                                       sizeof(mgmt.u.deauth), 0);
2248 }
2249
2250
2251 static int i802_sta_disassoc(void *priv, const u8 *addr, int reason)
2252 {
2253         struct i802_driver_data *drv = priv;
2254         struct ieee80211_mgmt mgmt;
2255
2256         memset(&mgmt, 0, sizeof(mgmt));
2257         mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2258                                           WLAN_FC_STYPE_DISASSOC);
2259         memcpy(mgmt.da, addr, ETH_ALEN);
2260         memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN);
2261         memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN);
2262         mgmt.u.disassoc.reason_code = host_to_le16(reason);
2263         return  i802_send_mgmt_frame(drv, &mgmt, IEEE80211_HDRLEN +
2264                                        sizeof(mgmt.u.disassoc), 0);
2265 }
2266
2267
2268 static void *i802_init_bssid(struct hostapd_data *hapd, const u8 *bssid)
2269 {
2270         struct i802_driver_data *drv;
2271
2272         drv = os_zalloc(sizeof(struct i802_driver_data));
2273         if (drv == NULL) {
2274                 printf("Could not allocate memory for i802 driver data\n");
2275                 return NULL;
2276         }
2277
2278         drv->hapd = hapd;
2279         memcpy(drv->iface, hapd->conf->iface, sizeof(drv->iface));
2280
2281         drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
2282         drv->if_indices = drv->default_if_indices;
2283
2284         if (i802_init_sockets(drv, bssid))
2285                 goto failed;
2286
2287         return drv;
2288
2289 failed:
2290         free(drv);
2291         return NULL;
2292 }
2293
2294
2295 static void *i802_init(struct hostapd_data *hapd)
2296 {
2297         return i802_init_bssid(hapd, NULL);
2298 }
2299
2300
2301 static void i802_deinit(void *priv)
2302 {
2303         struct i802_driver_data *drv = priv;
2304
2305         i802_del_beacon(drv);
2306
2307         /* remove monitor interface */
2308         nl80211_remove_iface(drv, drv->monitor_ifidx);
2309
2310         (void) hostapd_set_iface_flags(drv, drv->iface, 0);
2311
2312         if (drv->monitor_sock >= 0) {
2313                 eloop_unregister_read_sock(drv->monitor_sock);
2314                 close(drv->monitor_sock);
2315         }
2316         if (drv->ioctl_sock >= 0)
2317                 close(drv->ioctl_sock);
2318         if (drv->eapol_sock >= 0) {
2319                 eloop_unregister_read_sock(drv->eapol_sock);
2320                 close(drv->eapol_sock);
2321         }
2322
2323         genl_family_put(drv->nl80211);
2324         nl_cache_free(drv->nl_cache);
2325         nl_handle_destroy(drv->nl_handle);
2326
2327         if (drv->if_indices != drv->default_if_indices)
2328                 free(drv->if_indices);
2329
2330         free(drv);
2331 }
2332
2333
2334 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
2335         .name = "nl80211",
2336         .init = i802_init,
2337         .init_bssid = i802_init_bssid,
2338         .deinit = i802_deinit,
2339         .wireless_event_init = i802_wireless_event_init,
2340         .wireless_event_deinit = i802_wireless_event_deinit,
2341         .set_ieee8021x = i802_set_ieee8021x,
2342         .set_privacy = i802_set_privacy,
2343         .set_encryption = i802_set_encryption,
2344         .get_seqnum = i802_get_seqnum,
2345         .flush = i802_flush,
2346         .read_sta_data = i802_read_sta_data,
2347         .send_eapol = i802_send_eapol,
2348         .sta_set_flags = i802_sta_set_flags,
2349         .sta_deauth = i802_sta_deauth,
2350         .sta_disassoc = i802_sta_disassoc,
2351         .sta_remove = i802_sta_remove,
2352         .set_ssid = i802_set_ssid,
2353         .send_mgmt_frame = i802_send_mgmt_frame,
2354         .sta_add = i802_sta_add,
2355         .get_inact_sec = i802_get_inact_sec,
2356         .sta_clear_stats = i802_sta_clear_stats,
2357         .set_freq = i802_set_freq,
2358         .set_rts = i802_set_rts,
2359         .get_rts = i802_get_rts,
2360         .set_frag = i802_set_frag,
2361         .get_frag = i802_get_frag,
2362         .set_retry = i802_set_retry,
2363         .get_retry = i802_get_retry,
2364         .set_rate_sets = i802_set_rate_sets,
2365         .set_channel_flag = i802_set_channel_flag,
2366         .set_regulatory_domain = i802_set_regulatory_domain,
2367         .set_beacon = i802_set_beacon,
2368         .set_internal_bridge = i802_set_internal_bridge,
2369         .set_beacon_int = i802_set_beacon_int,
2370         .set_dtim_period = i802_set_dtim_period,
2371         .set_cts_protect = i802_set_cts_protect,
2372         .set_preamble = i802_set_preamble,
2373         .set_short_slot_time = i802_set_short_slot_time,
2374         .set_tx_queue_params = i802_set_tx_queue_params,
2375         .bss_add = i802_bss_add,
2376         .bss_remove = i802_bss_remove,
2377         .if_add = i802_if_add,
2378         .if_update = i802_if_update,
2379         .if_remove = i802_if_remove,
2380         .get_hw_feature_data = i802_get_hw_feature_data,
2381         .set_sta_vlan = i802_set_sta_vlan,
2382 };
EAP library