projects / libeap.git / blob
? search:


ec98da22f60802c96be4b16acb72e2dc3de0ee6e
[libeap.git] / hostapd / driver_nl80211.c
1 /*
2  * hostapd / Kernel driver communication via nl80211
3  * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
4  * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5  * Copyright (c) 2005-2006, Devicescape Software, Inc.
6  * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License version 2 as
10  * published by the Free Software Foundation.
11  *
12  * Alternatively, this software may be distributed under the terms of BSD
13  * license.
14  *
15  * See README and COPYING for more details.
16  */
17
18 #include "includes.h"
19
20 #include <sys/ioctl.h>
21 #include <netlink/genl/genl.h>
22 #include <netlink/genl/family.h>
23 #include <netlink/genl/ctrl.h>
24 #include <netlink/msg.h>
25 #include <netlink/attr.h>
26 #include <linux/nl80211.h>
27 #include <net/if.h>
28 #include <linux/if_packet.h>
29 #include <linux/if_ether.h>   /* The L2 protocols */
30 #include "wireless_copy.h"
31 #include <net/if_arp.h>
32
33 #include "hostapd.h"
34 #include "driver.h"
35 #include "ieee802_1x.h"
36 #include "eloop.h"
37 #include "ieee802_11.h"
38 #include "sta_info.h"
39 #include "hw_features.h"
40 #include "mlme.h"
41 #include "radiotap.h"
42 #include "radiotap_iter.h"
43
44 enum ieee80211_msg_type {
45         ieee80211_msg_normal = 0,
46         ieee80211_msg_tx_callback_ack = 1,
47         ieee80211_msg_tx_callback_fail = 2,
48 };
49
50 struct i802_driver_data {
51         struct hostapd_data *hapd;
52
53         char iface[IFNAMSIZ + 1];
54         int bridge;
55         int ioctl_sock; /* socket for ioctl() use */
56         int wext_sock; /* socket for wireless events */
57         int eapol_sock; /* socket for EAPOL frames */
58         int monitor_sock; /* socket for monitor */
59         int monitor_ifidx;
60
61         int default_if_indices[16];
62         int *if_indices;
63         int num_if_indices;
64
65         int we_version;
66         struct nl_handle *nl_handle;
67         struct nl_cache *nl_cache;
68         struct nl_cb *nl_cb;
69         struct genl_family *nl80211;
70         int dtim_period, beacon_int;
71         unsigned int beacon_set:1;
72         unsigned int ieee802_1x_active:1;
73 };
74
75
76 static void add_ifidx(struct i802_driver_data *drv, int ifidx)
77 {
78         int i;
79         int *old;
80
81         for (i = 0; i < drv->num_if_indices; i++) {
82                 if (drv->if_indices[i] == 0) {
83                         drv->if_indices[i] = ifidx;
84                         return;
85                 }
86         }
87
88         if (drv->if_indices != drv->default_if_indices)
89                 old = drv->if_indices;
90         else
91                 old = NULL;
92
93         drv->if_indices = realloc(old,
94                                   sizeof(int) * (drv->num_if_indices + 1));
95         if (!drv->if_indices) {
96                 if (!old)
97                         drv->if_indices = drv->default_if_indices;
98                 else
99                         drv->if_indices = old;
100                 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
101                            "interfaces");
102                 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
103                 return;
104         }
105         drv->if_indices[drv->num_if_indices] = ifidx;
106         drv->num_if_indices++;
107 }
108
109
110 static void del_ifidx(struct i802_driver_data *drv, int ifidx)
111 {
112         int i;
113
114         for (i = 0; i < drv->num_if_indices; i++) {
115                 if (drv->if_indices[i] == ifidx) {
116                         drv->if_indices[i] = 0;
117                         break;
118                 }
119         }
120 }
121
122
123 static int have_ifidx(struct i802_driver_data *drv, int ifidx)
124 {
125         int i;
126
127         if (ifidx == drv->bridge)
128                 return 1;
129
130         for (i = 0; i < drv->num_if_indices; i++)
131                 if (drv->if_indices[i] == ifidx)
132                         return 1;
133
134         return 0;
135 }
136
137
138 /* helper for netlink get routines */
139 static int ack_wait_handler(struct nl_msg *msg, void *arg)
140 {
141         int *finished = arg;
142
143         *finished = 1;
144         return NL_STOP;
145 }
146
147
148 static int hostapd_set_iface_flags(struct i802_driver_data *drv,
149                                    const char *ifname, int dev_up)
150 {
151         struct ifreq ifr;
152
153         if (drv->ioctl_sock < 0)
154                 return -1;
155
156         memset(&ifr, 0, sizeof(ifr));
157         os_strlcpy(ifr.ifr_name, ifname, IFNAMSIZ);
158
159         if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, &ifr) != 0) {
160                 perror("ioctl[SIOCGIFFLAGS]");
161                 wpa_printf(MSG_DEBUG, "Could not read interface flags (%s)",
162                            drv->iface);
163                 return -1;
164         }
165
166         if (dev_up)
167                 ifr.ifr_flags |= IFF_UP;
168         else
169                 ifr.ifr_flags &= ~IFF_UP;
170
171         if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, &ifr) != 0) {
172                 perror("ioctl[SIOCSIFFLAGS]");
173                 return -1;
174         }
175
176         return 0;
177 }
178
179
180 static int i802_set_encryption(const char *iface, void *priv, const char *alg,
181                                const u8 *addr, int idx, const u8 *key,
182                                size_t key_len, int txkey)
183 {
184         struct i802_driver_data *drv = priv;
185         struct nl_msg *msg;
186         int ret = -1;
187         int err = 0;
188
189         msg = nlmsg_alloc();
190         if (!msg)
191                 goto out;
192
193         if (strcmp(alg, "none") == 0) {
194                 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
195                             0, NL80211_CMD_DEL_KEY, 0);
196         } else {
197                 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
198                             0, NL80211_CMD_NEW_KEY, 0);
199                 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
200                 if (strcmp(alg, "WEP") == 0) {
201                         if (key_len == 5)
202                                 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
203                                             0x000FAC01);
204                         else
205                                 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
206                                             0x000FAC05);
207                 } else if (strcmp(alg, "TKIP") == 0)
208                         NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC02);
209                 else if (strcmp(alg, "CCMP") == 0)
210                         NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC04);
211                 else if (strcmp(alg, "IGTK") == 0)
212                         NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER, 0x000FAC06);
213                 else {
214                         wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
215                                    "algorithm '%s'", __func__, alg);
216                         goto out;
217                 }
218         }
219
220         if (addr)
221                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
222         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
223         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
224
225         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
226             (err = nl_wait_for_ack(drv->nl_handle)) < 0) {
227                 if (err != -ENOENT) {
228                         ret = 0;
229                         goto out;
230                 }
231         }
232
233         /*
234          * If we need to set the default TX key we do that below,
235          * otherwise we're done here.
236          */
237         if (!txkey || addr) {
238                 ret = 0;
239                 goto out;
240         }
241
242         nlmsg_free(msg);
243
244         msg = nlmsg_alloc();
245         if (!msg)
246                 goto out;
247
248         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
249                     0, NL80211_CMD_SET_KEY, 0);
250         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
251         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
252         NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
253
254         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
255             (err = nl_wait_for_ack(drv->nl_handle)) < 0) {
256                 if (err != -ENOENT) {
257                         ret = 0;
258                         goto out;
259                 }
260         }
261
262         ret = 0;
263
264  out:
265  nla_put_failure:
266         nlmsg_free(msg);
267         return ret;
268 }
269
270
271 static inline int min_int(int a, int b)
272 {
273         if (a < b)
274                 return a;
275         return b;
276 }
277
278
279 static int get_key_handler(struct nl_msg *msg, void *arg)
280 {
281         struct nlattr *tb[NL80211_ATTR_MAX + 1];
282         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
283
284         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
285                   genlmsg_attrlen(gnlh, 0), NULL);
286
287         /*
288          * TODO: validate the key index and mac address!
289          * Otherwise, there's a race condition as soon as
290          * the kernel starts sending key notifications.
291          */
292
293         if (tb[NL80211_ATTR_KEY_SEQ])
294                 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
295                        min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
296         return NL_SKIP;
297 }
298
299
300 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
301                            int idx, u8 *seq)
302 {
303         struct i802_driver_data *drv = priv;
304         struct nl_msg *msg;
305         struct nl_cb *cb = NULL;
306         int ret = -1;
307         int err = 0;
308         int finished = 0;
309
310         msg = nlmsg_alloc();
311         if (!msg)
312                 goto out;
313
314         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
315                     0, NL80211_CMD_GET_KEY, 0);
316
317         if (addr)
318                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
319         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
320         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
321
322         cb = nl_cb_clone(drv->nl_cb);
323         if (!cb)
324                 goto out;
325
326         memset(seq, 0, 6);
327
328         if (nl_send_auto_complete(drv->nl_handle, msg) < 0)
329                 goto out;
330
331         nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, get_key_handler, seq);
332         nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_wait_handler, &finished);
333
334         err = nl_recvmsgs(drv->nl_handle, cb);
335
336         if (!finished)
337                 err = nl_wait_for_ack(drv->nl_handle);
338
339         if (err < 0)
340                 goto out;
341
342         ret = 0;
343
344  out:
345         nl_cb_put(cb);
346  nla_put_failure:
347         nlmsg_free(msg);
348         return ret;
349 }
350
351
352 static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates,
353                               int mode)
354 {
355         return -1;
356 }
357
358
359 static int i802_set_ssid(const char *ifname, void *priv, const u8 *buf,
360                          int len)
361 {
362         struct i802_driver_data *drv = priv;
363         struct iwreq iwr;
364
365         memset(&iwr, 0, sizeof(iwr));
366         os_strlcpy(iwr.ifr_name, ifname, IFNAMSIZ);
367         iwr.u.essid.flags = 1; /* SSID active */
368         iwr.u.essid.pointer = (caddr_t) buf;
369         iwr.u.essid.length = len;
370
371         if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) {
372                 perror("ioctl[SIOCSIWESSID]");
373                 printf("len=%d\n", len);
374                 return -1;
375         }
376
377         return 0;
378 }
379
380
381 static int i802_send_mgmt_frame(void *priv, const void *data, size_t len,
382                                 int flags)
383 {
384         struct ieee80211_hdr *hdr = (void*) data;
385         __u8 rtap_hdr[] = {
386                 0x00, 0x00, /* radiotap version */
387                 0x0e, 0x00, /* radiotap length */
388                 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
389                 0x0c,       /* F_WEP | F_FRAG (encrypt/fragment if required) */
390                 0x00,       /* padding */
391                 0x00, 0x00, /* RX and TX flags to indicate that */
392                 0x00, 0x00, /* this is the injected frame directly */
393         };
394         struct i802_driver_data *drv = priv;
395         struct iovec iov[2] = {
396                 {
397                         .iov_base = &rtap_hdr,
398                         .iov_len = sizeof(rtap_hdr),
399                 },
400                 {
401                         .iov_base = (void*)data,
402                         .iov_len = len,
403                 }
404         };
405         struct msghdr msg = {
406                 .msg_name = NULL,
407                 .msg_namelen = 0,
408                 .msg_iov = iov,
409                 .msg_iovlen = 2,
410                 .msg_control = NULL,
411                 .msg_controllen = 0,
412                 .msg_flags = 0,
413         };
414
415         /*
416          * ugh, guess what, the generic code sets one of the version
417          * bits to request tx callback
418          */
419         hdr->frame_control &= ~host_to_le16(BIT(1));
420         return sendmsg(drv->monitor_sock, &msg, flags);
421 }
422
423
424 /* Set kernel driver on given frequency (MHz) */
425 static int i802_set_freq(void *priv, int mode, int freq)
426 {
427         struct i802_driver_data *drv = priv;
428         struct iwreq iwr;
429
430         memset(&iwr, 0, sizeof(iwr));
431         os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
432         iwr.u.freq.m = freq;
433         iwr.u.freq.e = 6;
434
435         if (ioctl(drv->ioctl_sock, SIOCSIWFREQ, &iwr) < 0) {
436                 perror("ioctl[SIOCSIWFREQ]");
437                 return -1;
438         }
439
440         return 0;
441 }
442
443
444 static int i802_set_rts(void *priv, int rts)
445 {
446         struct i802_driver_data *drv = priv;
447         struct iwreq iwr;
448
449         memset(&iwr, 0, sizeof(iwr));
450         os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
451         iwr.u.rts.value = rts;
452         iwr.u.rts.fixed = 1;
453
454         if (ioctl(drv->ioctl_sock, SIOCSIWRTS, &iwr) < 0) {
455                 perror("ioctl[SIOCSIWRTS]");
456                 return -1;
457         }
458
459         return 0;
460 }
461
462
463 static int i802_get_rts(void *priv, int *rts)
464 {
465         struct i802_driver_data *drv = priv;
466         struct iwreq iwr;
467
468         memset(&iwr, 0, sizeof(iwr));
469         os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
470
471         if (ioctl(drv->ioctl_sock, SIOCGIWRTS, &iwr) < 0) {
472                 perror("ioctl[SIOCGIWRTS]");
473                 return -1;
474         }
475
476         *rts = iwr.u.rts.value;
477
478         return 0;
479 }
480
481
482 static int i802_set_frag(void *priv, int frag)
483 {
484         struct i802_driver_data *drv = priv;
485         struct iwreq iwr;
486
487         memset(&iwr, 0, sizeof(iwr));
488         os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
489         iwr.u.frag.value = frag;
490         iwr.u.frag.fixed = 1;
491
492         if (ioctl(drv->ioctl_sock, SIOCSIWFRAG, &iwr) < 0) {
493                 perror("ioctl[SIOCSIWFRAG]");
494                 return -1;
495         }
496
497         return 0;
498 }
499
500
501 static int i802_get_frag(void *priv, int *frag)
502 {
503         struct i802_driver_data *drv = priv;
504         struct iwreq iwr;
505
506         memset(&iwr, 0, sizeof(iwr));
507         os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
508
509         if (ioctl(drv->ioctl_sock, SIOCGIWFRAG, &iwr) < 0) {
510                 perror("ioctl[SIOCGIWFRAG]");
511                 return -1;
512         }
513
514         *frag = iwr.u.frag.value;
515
516         return 0;
517 }
518
519
520 static int i802_set_retry(void *priv, int short_retry, int long_retry)
521 {
522         struct i802_driver_data *drv = priv;
523         struct iwreq iwr;
524
525         memset(&iwr, 0, sizeof(iwr));
526         os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
527
528         iwr.u.retry.value = short_retry;
529         iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MIN;
530         if (ioctl(drv->ioctl_sock, SIOCSIWFRAG, &iwr) < 0) {
531                 perror("ioctl[SIOCSIWRETRY(short)]");
532                 return -1;
533         }
534
535         iwr.u.retry.value = long_retry;
536         iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MAX;
537         if (ioctl(drv->ioctl_sock, SIOCSIWFRAG, &iwr) < 0) {
538                 perror("ioctl[SIOCSIWRETRY(long)]");
539                 return -1;
540         }
541
542         return 0;
543 }
544
545
546 static int i802_get_retry(void *priv, int *short_retry, int *long_retry)
547 {
548         struct i802_driver_data *drv = priv;
549         struct iwreq iwr;
550
551         memset(&iwr, 0, sizeof(iwr));
552         os_strlcpy(iwr.ifr_name, drv->hapd->conf->iface, IFNAMSIZ);
553
554         iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MIN;
555         if (ioctl(drv->ioctl_sock, SIOCGIWRETRY, &iwr) < 0) {
556                 perror("ioctl[SIOCGIWFRAG(short)]");
557                 return -1;
558         }
559         *short_retry = iwr.u.retry.value;
560
561         iwr.u.retry.flags = IW_RETRY_LIMIT | IW_RETRY_MAX;
562         if (ioctl(drv->ioctl_sock, SIOCGIWRETRY, &iwr) < 0) {
563                 perror("ioctl[SIOCGIWFRAG(long)]");
564                 return -1;
565         }
566         *long_retry = iwr.u.retry.value;
567
568         return 0;
569 }
570
571
572 static int i802_flush(void *priv)
573 {
574         struct i802_driver_data *drv = priv;
575         struct nl_msg *msg;
576         int ret = -1;
577
578         msg = nlmsg_alloc();
579         if (!msg)
580                 goto out;
581
582         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
583                     0, NL80211_CMD_DEL_STATION, 0);
584
585         /*
586          * XXX: FIX! this needs to flush all VLANs too
587          */
588         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
589                     if_nametoindex(drv->iface));
590
591         ret = 0;
592
593         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
594             nl_wait_for_ack(drv->nl_handle) < 0) {
595                 ret = -1;
596         }
597
598  nla_put_failure:
599         nlmsg_free(msg);
600
601  out:
602         return ret;
603 }
604
605
606 static int get_sta_handler(struct nl_msg *msg, void *arg)
607 {
608         struct nlattr *tb[NL80211_ATTR_MAX + 1];
609         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
610         struct hostap_sta_driver_data *data = arg;
611         struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
612         static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
613                 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
614                 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
615                 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
616         };
617
618         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
619                   genlmsg_attrlen(gnlh, 0), NULL);
620
621         /*
622          * TODO: validate the interface and mac address!
623          * Otherwise, there's a race condition as soon as
624          * the kernel starts sending station notifications.
625          */
626
627         if (!tb[NL80211_ATTR_STA_INFO]) {
628                 wpa_printf(MSG_DEBUG, "sta stats missing!");
629                 return NL_SKIP;
630         }
631         if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
632                              tb[NL80211_ATTR_STA_INFO],
633                              stats_policy)) {
634                 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
635                 return NL_SKIP;
636         }
637
638         if (stats[NL80211_STA_INFO_INACTIVE_TIME])
639                 data->inactive_msec =
640                         nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
641         if (stats[NL80211_STA_INFO_RX_BYTES])
642                 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
643         if (stats[NL80211_STA_INFO_TX_BYTES])
644                 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
645
646         return NL_SKIP;
647 }
648
649 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
650                               const u8 *addr)
651 {
652         struct i802_driver_data *drv = priv;
653         struct nl_msg *msg;
654         struct nl_cb *cb = NULL;
655         int ret = -1;
656         int err = 0;
657         int finished = 0;
658
659         msg = nlmsg_alloc();
660         if (!msg)
661                 goto out;
662
663         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
664                     0, NL80211_CMD_GET_STATION, 0);
665
666         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
667         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
668
669         cb = nl_cb_clone(drv->nl_cb);
670         if (!cb)
671                 goto out;
672
673         if (nl_send_auto_complete(drv->nl_handle, msg) < 0)
674                 goto out;
675
676         nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, get_sta_handler, data);
677         nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_wait_handler, &finished);
678
679         err = nl_recvmsgs(drv->nl_handle, cb);
680
681         if (!finished)
682                 err = nl_wait_for_ack(drv->nl_handle);
683
684         if (err < 0)
685                 goto out;
686
687         ret = 0;
688
689  out:
690         nl_cb_put(cb);
691  nla_put_failure:
692         nlmsg_free(msg);
693         return ret;
694
695 }
696
697
698 static int i802_send_eapol(void *priv, const u8 *addr, const u8 *data,
699                            size_t data_len, int encrypt, const u8 *own_addr)
700 {
701         struct i802_driver_data *drv = priv;
702         struct ieee80211_hdr *hdr;
703         size_t len;
704         u8 *pos;
705         int res;
706 #if 0 /* FIX */
707         int qos = sta->flags & WLAN_STA_WME;
708 #else
709         int qos = 0;
710 #endif
711
712         len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
713                 data_len;
714         hdr = os_zalloc(len);
715         if (hdr == NULL) {
716                 printf("malloc() failed for i802_send_data(len=%lu)\n",
717                        (unsigned long) len);
718                 return -1;
719         }
720
721         hdr->frame_control =
722                 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
723         hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
724         if (encrypt)
725                 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
726 #if 0 /* To be enabled if qos determination is added above */
727         if (qos) {
728                 hdr->frame_control |=
729                         host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
730         }
731 #endif
732
733         memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
734         memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
735         memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
736         pos = (u8 *) (hdr + 1);
737
738 #if 0 /* To be enabled if qos determination is added above */
739         if (qos) {
740                 /* add an empty QoS header if needed */
741                 pos[0] = 0;
742                 pos[1] = 0;
743                 pos += 2;
744         }
745 #endif
746
747         memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
748         pos += sizeof(rfc1042_header);
749         WPA_PUT_BE16(pos, ETH_P_PAE);
750         pos += 2;
751         memcpy(pos, data, data_len);
752
753         res = i802_send_mgmt_frame(drv, (u8 *) hdr, len, 0);
754         free(hdr);
755
756         if (res < 0) {
757                 perror("i802_send_eapol: send");
758                 printf("i802_send_eapol - packet len: %lu - failed\n",
759                        (unsigned long) len);
760         }
761
762         return res;
763 }
764
765
766 static int i802_sta_add(const char *ifname, void *priv, const u8 *addr,
767                         u16 aid, u16 capability, u8 *supp_rates,
768                         size_t supp_rates_len, int flags, u16 listen_interval)
769 {
770         struct i802_driver_data *drv = priv;
771         struct nl_msg *msg;
772         int ret = -1;
773
774         msg = nlmsg_alloc();
775         if (!msg)
776                 goto out;
777
778         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
779                     0, NL80211_CMD_NEW_STATION, 0);
780
781         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
782                     if_nametoindex(drv->iface));
783         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
784         NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, aid);
785         NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, supp_rates_len,
786                 supp_rates);
787         NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL, listen_interval);
788
789         ret = nl_send_auto_complete(drv->nl_handle, msg);
790         if (ret < 0)
791                 goto nla_put_failure;
792
793         ret = nl_wait_for_ack(drv->nl_handle);
794         /* ignore EEXIST, this happens if a STA associates while associated */
795         if (ret == -EEXIST || ret >= 0)
796                 ret = 0;
797
798  nla_put_failure:
799         nlmsg_free(msg);
800
801  out:
802         return ret;
803 }
804
805
806 static int i802_sta_remove(void *priv, const u8 *addr)
807 {
808         struct i802_driver_data *drv = priv;
809         struct nl_msg *msg;
810         int ret = -1;
811
812         msg = nlmsg_alloc();
813         if (!msg)
814                 goto out;
815
816         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
817                     0, NL80211_CMD_DEL_STATION, 0);
818
819         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
820                     if_nametoindex(drv->iface));
821         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
822
823         ret = 0;
824
825         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
826             nl_wait_for_ack(drv->nl_handle) < 0) {
827                 ret = -1;
828         }
829
830  nla_put_failure:
831         nlmsg_free(msg);
832
833  out:
834         return ret;
835 }
836
837
838 static int i802_sta_set_flags(void *priv, const u8 *addr,
839                               int total_flags, int flags_or, int flags_and)
840 {
841         struct i802_driver_data *drv = priv;
842         struct nl_msg *msg, *flags = NULL;
843         int ret = -1;
844
845         msg = nlmsg_alloc();
846         if (!msg)
847                 goto out;
848
849         flags = nlmsg_alloc();
850         if (!flags)
851                 goto free_msg;
852
853         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
854                     0, NL80211_CMD_SET_STATION, 0);
855
856         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
857                     if_nametoindex(drv->iface));
858         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
859
860         if (total_flags & WLAN_STA_AUTHORIZED || !drv->ieee802_1x_active)
861                 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
862
863         if (total_flags & WLAN_STA_WME)
864                 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
865
866         if (total_flags & WLAN_STA_SHORT_PREAMBLE)
867                 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
868
869         if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
870                 goto nla_put_failure;
871
872         ret = 0;
873
874         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
875             nl_wait_for_ack(drv->nl_handle) < 0) {
876                 ret = -1;
877         }
878
879  nla_put_failure:
880         nlmsg_free(flags);
881
882  free_msg:
883         nlmsg_free(msg);
884
885  out:
886         return ret;
887 }
888
889
890 static int i802_set_channel_flag(void *priv, int mode, int chan, int flag,
891                                  unsigned char power_level,
892                                  unsigned char antenna_max)
893 {
894         return -1;
895 }
896
897
898 static int i802_set_regulatory_domain(void *priv, unsigned int rd)
899 {
900         return -1;
901 }
902
903
904 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
905                                     int cw_min, int cw_max, int burst_time)
906 {
907         return -1;
908 }
909
910
911 static void nl80211_remove_iface(struct i802_driver_data *drv, int ifidx)
912 {
913         struct nl_msg *msg;
914
915         /* stop listening for EAPOL on this interface */
916         del_ifidx(drv, ifidx);
917
918         msg = nlmsg_alloc();
919         if (!msg)
920                 goto nla_put_failure;
921
922         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
923                     0, NL80211_CMD_DEL_INTERFACE, 0);
924         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
925         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
926             nl_wait_for_ack(drv->nl_handle) < 0)
927         nla_put_failure:
928                 printf("Failed to remove interface.\n");
929         nlmsg_free(msg);
930 }
931
932
933 static int nl80211_create_iface(struct i802_driver_data *drv,
934                                 const char *ifname,
935                                 enum nl80211_iftype iftype,
936                                 const u8 *addr)
937 {
938         struct nl_msg *msg, *flags = NULL;
939         int ifidx;
940         struct ifreq ifreq;
941         struct iwreq iwr;
942
943         msg = nlmsg_alloc();
944         if (!msg)
945                 return -1;
946
947         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
948                     0, NL80211_CMD_NEW_INTERFACE, 0);
949         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
950                     if_nametoindex(drv->hapd->conf->iface));
951         NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
952         NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
953
954         if (iftype == NL80211_IFTYPE_MONITOR) {
955                 int err;
956
957                 flags = nlmsg_alloc();
958                 if (!flags)
959                         goto nla_put_failure;
960
961                 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
962
963                 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
964
965                 nlmsg_free(flags);
966
967                 if (err)
968                         goto nla_put_failure;
969         }
970
971         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
972             nl_wait_for_ack(drv->nl_handle) < 0) {
973  nla_put_failure:
974                 printf("Failed to create interface %s.\n", ifname);
975                 nlmsg_free(msg);
976                 return -1;
977         }
978
979         nlmsg_free(msg);
980
981         ifidx = if_nametoindex(ifname);
982
983         if (ifidx <= 0)
984                 return -1;
985
986         /* start listening for EAPOL on this interface */
987         add_ifidx(drv, ifidx);
988
989         if (addr) {
990                 switch (iftype) {
991                 case NL80211_IFTYPE_AP:
992                         os_strlcpy(ifreq.ifr_name, ifname, IFNAMSIZ);
993                         memcpy(ifreq.ifr_hwaddr.sa_data, addr, ETH_ALEN);
994                         ifreq.ifr_hwaddr.sa_family = ARPHRD_ETHER;
995
996                         if (ioctl(drv->ioctl_sock, SIOCSIFHWADDR, &ifreq)) {
997                                 nl80211_remove_iface(drv, ifidx);
998                                 return -1;
999                         }
1000                         break;
1001                 case NL80211_IFTYPE_WDS:
1002                         memset(&iwr, 0, sizeof(iwr));
1003                         os_strlcpy(iwr.ifr_name, ifname, IFNAMSIZ);
1004                         iwr.u.addr.sa_family = ARPHRD_ETHER;
1005                         memcpy(iwr.u.addr.sa_data, addr, ETH_ALEN);
1006                         if (ioctl(drv->ioctl_sock, SIOCSIWAP, &iwr))
1007                                 return -1;
1008                         break;
1009                 default:
1010                         /* nothing */
1011                         break;
1012                 }
1013         }
1014
1015         return ifidx;
1016 }
1017
1018
1019 static int i802_bss_add(void *priv, const char *ifname, const u8 *bssid)
1020 {
1021         int ifidx;
1022
1023         /*
1024          * The kernel supports that when the low-level driver does,
1025          * but we currently don't because we need per-BSS data that
1026          * currently we can't handle easily.
1027          */
1028         return -1;
1029
1030         ifidx = nl80211_create_iface(priv, ifname, NL80211_IFTYPE_AP, bssid);
1031         if (ifidx < 0)
1032                 return -1;
1033         if (hostapd_set_iface_flags(priv, ifname, 1)) {
1034                 nl80211_remove_iface(priv, ifidx);
1035                 return -1;
1036         }
1037         return 0;
1038 }
1039
1040
1041 static int i802_bss_remove(void *priv, const char *ifname)
1042 {
1043         nl80211_remove_iface(priv, if_nametoindex(ifname));
1044         return 0;
1045 }
1046
1047
1048 static int i802_set_beacon(const char *iface, void *priv,
1049                            u8 *head, size_t head_len,
1050                            u8 *tail, size_t tail_len)
1051 {
1052         struct i802_driver_data *drv = priv;
1053         struct nl_msg *msg;
1054         u8 cmd = NL80211_CMD_NEW_BEACON;
1055         int ret = -1;
1056
1057         msg = nlmsg_alloc();
1058         if (!msg)
1059                 goto out;
1060
1061         if (drv->beacon_set)
1062                 cmd = NL80211_CMD_SET_BEACON;
1063
1064         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1065                     0, cmd, 0);
1066         NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
1067         NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
1068         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
1069         NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, drv->beacon_int);
1070
1071         if (!drv->dtim_period)
1072                 drv->dtim_period = 2;
1073         NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, drv->dtim_period);
1074
1075         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
1076             nl_wait_for_ack(drv->nl_handle) < 0)
1077                 goto out;
1078
1079         ret = 0;
1080
1081         drv->beacon_set = 1;
1082
1083  out:
1084  nla_put_failure:
1085         nlmsg_free(msg);
1086         return ret;
1087 }
1088
1089
1090 static int i802_del_beacon(struct i802_driver_data *drv)
1091 {
1092         struct nl_msg *msg;
1093         int ret = -1;
1094
1095         msg = nlmsg_alloc();
1096         if (!msg)
1097                 goto out;
1098
1099         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1100                     0, NL80211_CMD_DEL_BEACON, 0);
1101         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
1102
1103         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
1104             nl_wait_for_ack(drv->nl_handle) < 0)
1105                 goto out;
1106
1107         ret = 0;
1108
1109  out:
1110  nla_put_failure:
1111         nlmsg_free(msg);
1112         return ret;
1113 }
1114
1115
1116 static int i802_set_ieee8021x(const char *ifname, void *priv, int enabled)
1117 {
1118         struct i802_driver_data *drv = priv;
1119
1120         /*
1121          * FIXME: This needs to be per interface (BSS)
1122          */
1123         drv->ieee802_1x_active = enabled;
1124         return 0;
1125 }
1126
1127
1128 static int i802_set_privacy(const char *ifname, void *priv, int enabled)
1129 {
1130         struct i802_driver_data *drv = priv;
1131         struct iwreq iwr;
1132
1133         memset(&iwr, 0, sizeof(iwr));
1134
1135         os_strlcpy(iwr.ifr_name, ifname, IFNAMSIZ);
1136         iwr.u.param.flags = IW_AUTH_PRIVACY_INVOKED;
1137         iwr.u.param.value = enabled;
1138
1139         ioctl(drv->ioctl_sock, SIOCSIWAUTH, &iwr);
1140
1141         /* ignore errors, the kernel/driver might not care */
1142         return 0;
1143 }
1144
1145
1146 static int i802_set_internal_bridge(void *priv, int value)
1147 {
1148         return -1;
1149 }
1150
1151
1152 static int i802_set_beacon_int(void *priv, int value)
1153 {
1154         struct i802_driver_data *drv = priv;
1155         struct nl_msg *msg;
1156         int ret = -1;
1157
1158         drv->beacon_int = value;
1159
1160         if (!drv->beacon_set)
1161                 return 0;
1162
1163         msg = nlmsg_alloc();
1164         if (!msg)
1165                 goto out;
1166
1167         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1168                     0, NL80211_CMD_SET_BEACON, 0);
1169         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
1170
1171         NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, value);
1172
1173         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
1174             nl_wait_for_ack(drv->nl_handle) < 0)
1175                 goto out;
1176
1177         ret = 0;
1178
1179  out:
1180  nla_put_failure:
1181         nlmsg_free(msg);
1182         return ret;
1183 }
1184
1185
1186 static int i802_set_dtim_period(const char *iface, void *priv, int value)
1187 {
1188         struct i802_driver_data *drv = priv;
1189         struct nl_msg *msg;
1190         int ret = -1;
1191
1192         msg = nlmsg_alloc();
1193         if (!msg)
1194                 goto out;
1195
1196         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1197                     0, NL80211_CMD_SET_BEACON, 0);
1198         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
1199
1200         drv->dtim_period = value;
1201         NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, drv->dtim_period);
1202
1203         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
1204             nl_wait_for_ack(drv->nl_handle) < 0)
1205                 goto out;
1206
1207         ret = 0;
1208
1209  out:
1210  nla_put_failure:
1211         nlmsg_free(msg);
1212         return ret;
1213 }
1214
1215
1216 static int i802_set_cts_protect(void *priv, int value)
1217 {
1218         return -1;
1219 }
1220
1221
1222 static int i802_set_preamble(void *priv, int value)
1223 {
1224         return -1;
1225 }
1226
1227
1228 static int i802_set_short_slot_time(void *priv, int value)
1229 {
1230         return -1;
1231 }
1232
1233
1234 static enum nl80211_iftype i802_if_type(enum hostapd_driver_if_type type)
1235 {
1236         switch (type) {
1237         case HOSTAPD_IF_VLAN:
1238                 return NL80211_IFTYPE_AP_VLAN;
1239         case HOSTAPD_IF_WDS:
1240                 return NL80211_IFTYPE_WDS;
1241         }
1242         return -1;
1243 }
1244
1245
1246 static int i802_if_add(const char *iface, void *priv,
1247                        enum hostapd_driver_if_type type, char *ifname,
1248                        const u8 *addr)
1249 {
1250         if (nl80211_create_iface(priv, ifname, i802_if_type(type), addr) < 0)
1251                 return -1;
1252         return 0;
1253 }
1254
1255
1256 static int i802_if_update(void *priv, enum hostapd_driver_if_type type,
1257                           char *ifname, const u8 *addr)
1258 {
1259         /* unused at the moment */
1260         return -1;
1261 }
1262
1263
1264 static int i802_if_remove(void *priv, enum hostapd_driver_if_type type,
1265                           const char *ifname, const u8 *addr)
1266 {
1267         nl80211_remove_iface(priv, if_nametoindex(ifname));
1268         return 0;
1269 }
1270
1271
1272 struct phy_info_arg {
1273         u16 *num_modes;
1274         struct hostapd_hw_modes *modes;
1275         int error;
1276 };
1277
1278 static int phy_info_handler(struct nl_msg *msg, void *arg)
1279 {
1280         struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
1281         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1282         struct phy_info_arg *phy_info = arg;
1283
1284         struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
1285
1286         struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
1287         static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
1288                 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
1289                 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
1290                 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
1291                 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
1292                 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
1293         };
1294
1295         struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
1296         static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
1297                 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
1298                 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
1299         };
1300
1301         struct nlattr *nl_band;
1302         struct nlattr *nl_freq;
1303         struct nlattr *nl_rate;
1304         int rem_band, rem_freq, rem_rate;
1305         struct hostapd_hw_modes *mode;
1306         int idx, mode_is_set;
1307
1308         nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1309                   genlmsg_attrlen(gnlh, 0), NULL);
1310
1311         if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
1312                 return NL_SKIP;
1313
1314         nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
1315                 mode = realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
1316                 if (!mode)
1317                         return NL_SKIP;
1318                 phy_info->modes = mode;
1319
1320                 mode_is_set = 0;
1321
1322                 mode = &phy_info->modes[*(phy_info->num_modes)];
1323                 memset(mode, 0, sizeof(*mode));
1324                 *(phy_info->num_modes) += 1;
1325
1326                 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
1327                           nla_len(nl_band), NULL);
1328
1329                 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
1330                         nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
1331                                   nla_len(nl_freq), freq_policy);
1332                         if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
1333                                 continue;
1334                         mode->num_channels++;
1335                 }
1336
1337                 mode->channels = calloc(mode->num_channels, sizeof(struct hostapd_channel_data));
1338                 if (!mode->channels)
1339                         return NL_SKIP;
1340
1341                 idx = 0;
1342
1343                 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
1344                         nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
1345                                   nla_len(nl_freq), freq_policy);
1346                         if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
1347                                 continue;
1348
1349                         mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
1350                         mode->channels[idx].flag |= HOSTAPD_CHAN_W_SCAN |
1351                                                     HOSTAPD_CHAN_W_ACTIVE_SCAN |
1352                                                     HOSTAPD_CHAN_W_IBSS;
1353
1354                         if (!mode_is_set) {
1355                                 /* crude heuristic */
1356                                 if (mode->channels[idx].freq < 4000)
1357                                         mode->mode = HOSTAPD_MODE_IEEE80211B;
1358                                 else
1359                                         mode->mode = HOSTAPD_MODE_IEEE80211A;
1360                                 mode_is_set = 1;
1361                         }
1362
1363                         /* crude heuristic */
1364                         if (mode->channels[idx].freq < 4000)
1365                                 if (mode->channels[idx].freq == 2848)
1366                                         mode->channels[idx].chan = 14;
1367                                 else
1368                                         mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
1369                         else
1370                                 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
1371
1372                         if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
1373                                 mode->channels[idx].flag &= ~HOSTAPD_CHAN_W_SCAN;
1374                         if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
1375                                 mode->channels[idx].flag &= ~HOSTAPD_CHAN_W_ACTIVE_SCAN;
1376                         if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
1377                                 mode->channels[idx].flag &= ~HOSTAPD_CHAN_W_IBSS;
1378                         idx++;
1379                 }
1380
1381                 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
1382                         nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
1383                                   nla_len(nl_rate), rate_policy);
1384                         if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
1385                                 continue;
1386                         mode->num_rates++;
1387                 }
1388
1389                 mode->rates = calloc(mode->num_rates, sizeof(struct hostapd_rate_data));
1390                 if (!mode->rates)
1391                         return NL_SKIP;
1392
1393                 idx = 0;
1394
1395                 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
1396                         nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
1397                                   nla_len(nl_rate), rate_policy);
1398                         if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
1399                                 continue;
1400                         mode->rates[idx].rate = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
1401
1402                         /* crude heuristic */
1403                         if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
1404                             mode->rates[idx].rate > 200)
1405                                 mode->mode = HOSTAPD_MODE_IEEE80211G;
1406
1407                         if (tb_rate[NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE])
1408                                 mode->rates[idx].flags |= HOSTAPD_RATE_PREAMBLE2;
1409
1410                         idx++;
1411                 }
1412         }
1413
1414         phy_info->error = 0;
1415
1416         return NL_SKIP;
1417 }
1418
1419 static struct hostapd_hw_modes *i802_get_hw_feature_data(void *priv,
1420                                                          u16 *num_modes,
1421                                                          u16 *flags)
1422 {
1423         struct i802_driver_data *drv = priv;
1424         struct nl_msg *msg;
1425         int err = -1;
1426         struct nl_cb *cb = NULL;
1427         int finished = 0;
1428         struct phy_info_arg result = {
1429                 .num_modes = num_modes,
1430                 .modes = NULL,
1431                 .error = 1,
1432         };
1433
1434         *num_modes = 0;
1435         *flags = 0;
1436
1437         msg = nlmsg_alloc();
1438         if (!msg)
1439                 return NULL;
1440
1441         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1442                     0, NL80211_CMD_GET_WIPHY, 0);
1443
1444         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->iface));
1445
1446         cb = nl_cb_clone(drv->nl_cb);
1447         if (!cb)
1448                 goto out;
1449
1450         if (nl_send_auto_complete(drv->nl_handle, msg) < 0)
1451                 goto out;
1452
1453         nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, phy_info_handler, &result);
1454         nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_wait_handler, &finished);
1455
1456         err = nl_recvmsgs(drv->nl_handle, cb);
1457
1458         if (!finished)
1459                 err = nl_wait_for_ack(drv->nl_handle);
1460
1461         if (err < 0 || result.error) {
1462                 hostapd_free_hw_features(result.modes, *num_modes);
1463                 result.modes = NULL;
1464         }
1465
1466  out:
1467         nl_cb_put(cb);
1468  nla_put_failure:
1469         if (err)
1470                 fprintf(stderr, "failed to get information: %d\n", err);
1471         nlmsg_free(msg);
1472         return result.modes;
1473 }
1474
1475
1476 static int i802_set_sta_vlan(void *priv, const u8 *addr,
1477                              const char *ifname, int vlan_id)
1478 {
1479         struct i802_driver_data *drv = priv;
1480         struct nl_msg *msg;
1481         int ret = -1;
1482
1483         msg = nlmsg_alloc();
1484         if (!msg)
1485                 goto out;
1486
1487         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1488                     0, NL80211_CMD_SET_STATION, 0);
1489
1490         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
1491                     if_nametoindex(drv->iface));
1492         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
1493         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
1494                     if_nametoindex(ifname));
1495
1496         ret = 0;
1497
1498         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
1499             (errno = nl_wait_for_ack(drv->nl_handle) < 0)) {
1500                 ret = -1;
1501         }
1502
1503  nla_put_failure:
1504         nlmsg_free(msg);
1505
1506  out:
1507         return ret;
1508 }
1509
1510
1511 static void handle_unknown_sta(struct hostapd_data *hapd, u8 *ta)
1512 {
1513         struct sta_info *sta;
1514
1515         sta = ap_get_sta(hapd, ta);
1516         if (!sta || !(sta->flags & WLAN_STA_ASSOC)) {
1517                 printf("Data/PS-poll frame from not associated STA "
1518                        MACSTR "\n", MAC2STR(ta));
1519                 if (sta && (sta->flags & WLAN_STA_AUTH))
1520                         hostapd_sta_disassoc(
1521                                 hapd, ta,
1522                                 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
1523                 else
1524                         hostapd_sta_deauth(
1525                                 hapd, ta,
1526                                 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
1527         }
1528 }
1529
1530
1531 static void handle_tx_callback(struct hostapd_data *hapd, u8 *buf, size_t len,
1532                                int ok)
1533 {
1534         struct ieee80211_hdr *hdr;
1535         u16 fc, type, stype;
1536         struct sta_info *sta;
1537
1538         hdr = (struct ieee80211_hdr *) buf;
1539         fc = le_to_host16(hdr->frame_control);
1540
1541         type = WLAN_FC_GET_TYPE(fc);
1542         stype = WLAN_FC_GET_STYPE(fc);
1543
1544         switch (type) {
1545         case WLAN_FC_TYPE_MGMT:
1546                 wpa_printf(MSG_DEBUG, "MGMT (TX callback) %s",
1547                            ok ? "ACK" : "fail");
1548                 ieee802_11_mgmt_cb(hapd, buf, len, stype, ok);
1549                 break;
1550         case WLAN_FC_TYPE_CTRL:
1551                 wpa_printf(MSG_DEBUG, "CTRL (TX callback) %s",
1552                            ok ? "ACK" : "fail");
1553                 break;
1554         case WLAN_FC_TYPE_DATA:
1555                 wpa_printf(MSG_DEBUG, "DATA (TX callback) %s",
1556                            ok ? "ACK" : "fail");
1557                 sta = ap_get_sta(hapd, hdr->addr1);
1558                 if (sta && sta->flags & WLAN_STA_PENDING_POLL) {
1559                         wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending "
1560                                    "activity poll", MAC2STR(sta->addr),
1561                                    ok ? "ACKed" : "did not ACK");
1562                         if (ok)
1563                                 sta->flags &= ~WLAN_STA_PENDING_POLL;
1564                 }
1565                 if (sta)
1566                         ieee802_1x_tx_status(hapd, sta, buf, len, ok);
1567                 break;
1568         default:
1569                 printf("unknown TX callback frame type %d\n", type);
1570                 break;
1571         }
1572 }
1573
1574
1575 static void handle_frame(struct hostapd_iface *iface, u8 *buf, size_t len,
1576                          struct hostapd_frame_info *hfi,
1577                          enum ieee80211_msg_type msg_type)
1578 {
1579         struct ieee80211_hdr *hdr;
1580         u16 fc, type, stype;
1581         size_t data_len = len;
1582         struct hostapd_data *hapd = NULL;
1583         int broadcast_bssid = 0;
1584         size_t i;
1585         u8 *bssid;
1586
1587         /*
1588          * PS-Poll frames are 16 bytes. All other frames are
1589          * 24 bytes or longer.
1590          */
1591         if (len < 16)
1592                 return;
1593
1594         hdr = (struct ieee80211_hdr *) buf;
1595         fc = le_to_host16(hdr->frame_control);
1596
1597         type = WLAN_FC_GET_TYPE(fc);
1598         stype = WLAN_FC_GET_STYPE(fc);
1599
1600         switch (type) {
1601         case WLAN_FC_TYPE_DATA:
1602                 if (len < 24)
1603                         return;
1604                 switch (fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) {
1605                 case WLAN_FC_TODS:
1606                         bssid = hdr->addr1;
1607                         break;
1608                 default:
1609                         /* discard */
1610                         return;
1611                 }
1612                 break;
1613         case WLAN_FC_TYPE_CTRL:
1614                 /* discard non-ps-poll frames */
1615                 if (stype != WLAN_FC_STYPE_PSPOLL)
1616                         return;
1617                 bssid = hdr->addr1;
1618                 break;
1619         case WLAN_FC_TYPE_MGMT:
1620                 bssid = hdr->addr3;
1621                 break;
1622         default:
1623                 /* discard */
1624                 return;
1625         }
1626
1627         /* find interface frame belongs to */
1628         for (i = 0; i < iface->num_bss; i++) {
1629                 if (memcmp(bssid, iface->bss[i]->own_addr, ETH_ALEN) == 0) {
1630                         hapd = iface->bss[i];
1631                         break;
1632                 }
1633         }
1634
1635         if (hapd == NULL) {
1636                 hapd = iface->bss[0];
1637
1638                 if (bssid[0] != 0xff || bssid[1] != 0xff ||
1639                     bssid[2] != 0xff || bssid[3] != 0xff ||
1640                     bssid[4] != 0xff || bssid[5] != 0xff) {
1641                         /*
1642                          * Unknown BSSID - drop frame if this is not from
1643                          * passive scanning or a beacon (at least ProbeReq
1644                          * frames to other APs may be allowed through RX
1645                          * filtering in the wlan hw/driver)
1646                          */
1647                         if ((type != WLAN_FC_TYPE_MGMT ||
1648                              stype != WLAN_FC_STYPE_BEACON))
1649                                 return;
1650                 } else
1651                         broadcast_bssid = 1;
1652         }
1653
1654         switch (msg_type) {
1655         case ieee80211_msg_normal:
1656                 /* continue processing */
1657                 break;
1658         case ieee80211_msg_tx_callback_ack:
1659                 handle_tx_callback(hapd, buf, data_len, 1);
1660                 return;
1661         case ieee80211_msg_tx_callback_fail:
1662                 handle_tx_callback(hapd, buf, data_len, 0);
1663                 return;
1664         }
1665
1666         switch (type) {
1667         case WLAN_FC_TYPE_MGMT:
1668                 if (stype != WLAN_FC_STYPE_BEACON &&
1669                     stype != WLAN_FC_STYPE_PROBE_REQ)
1670                         wpa_printf(MSG_MSGDUMP, "MGMT");
1671                 if (broadcast_bssid) {
1672                         for (i = 0; i < iface->num_bss; i++)
1673                                 ieee802_11_mgmt(iface->bss[i], buf, data_len,
1674                                                 stype, hfi);
1675                 } else
1676                         ieee802_11_mgmt(hapd, buf, data_len, stype, hfi);
1677                 break;
1678         case WLAN_FC_TYPE_CTRL:
1679                 /* can only get here with PS-Poll frames */
1680                 wpa_printf(MSG_DEBUG, "CTRL");
1681                 handle_unknown_sta(hapd, hdr->addr2);
1682                 break;
1683         case WLAN_FC_TYPE_DATA:
1684                 wpa_printf(MSG_DEBUG, "DATA");
1685                 handle_unknown_sta(hapd, hdr->addr2);
1686                 break;
1687         }
1688 }
1689
1690
1691 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
1692 {
1693         struct i802_driver_data *drv = eloop_ctx;
1694         struct hostapd_data *hapd = drv->hapd;
1695         struct sockaddr_ll lladdr;
1696         unsigned char buf[3000];
1697         int len;
1698         socklen_t fromlen = sizeof(lladdr);
1699
1700         len = recvfrom(sock, buf, sizeof(buf), 0,
1701                        (struct sockaddr *)&lladdr, &fromlen);
1702         if (len < 0) {
1703                 perror("recv");
1704                 return;
1705         }
1706
1707         if (have_ifidx(drv, lladdr.sll_ifindex))
1708                 ieee802_1x_receive(hapd, lladdr.sll_addr, buf, len);
1709 }
1710
1711
1712 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
1713 {
1714         struct i802_driver_data *drv = eloop_ctx;
1715         int len;
1716         unsigned char buf[3000];
1717         struct hostapd_data *hapd = drv->hapd;
1718         struct ieee80211_radiotap_iterator iter;
1719         int ret;
1720         struct hostapd_frame_info hfi;
1721         int injected = 0, failed = 0, msg_type, rxflags = 0;
1722
1723         len = recv(sock, buf, sizeof(buf), 0);
1724         if (len < 0) {
1725                 perror("recv");
1726                 return;
1727         }
1728
1729         if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
1730                 printf("received invalid radiotap frame\n");
1731                 return;
1732         }
1733
1734         memset(&hfi, 0, sizeof(hfi));
1735
1736         while (1) {
1737                 ret = ieee80211_radiotap_iterator_next(&iter);
1738                 if (ret == -ENOENT)
1739                         break;
1740                 if (ret) {
1741                         printf("received invalid radiotap frame (%d)\n", ret);
1742                         return;
1743                 }
1744                 switch (iter.this_arg_index) {
1745                 case IEEE80211_RADIOTAP_FLAGS:
1746                         if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
1747                                 len -= 4;
1748                         break;
1749                 case IEEE80211_RADIOTAP_RX_FLAGS:
1750                         rxflags = 1;
1751                         break;
1752                 case IEEE80211_RADIOTAP_TX_FLAGS:
1753                         injected = 1;
1754                         failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
1755                                         IEEE80211_RADIOTAP_F_TX_FAIL;
1756                         break;
1757                 case IEEE80211_RADIOTAP_DATA_RETRIES:
1758                         break;
1759                 case IEEE80211_RADIOTAP_CHANNEL:
1760                         /* TODO convert from freq/flags to channel number
1761                         hfi.channel = XXX;
1762                         hfi.phytype = XXX;
1763                          */
1764                         break;
1765                 case IEEE80211_RADIOTAP_RATE:
1766                         hfi.datarate = *iter.this_arg * 5;
1767                         break;
1768                 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
1769                         hfi.ssi_signal = *iter.this_arg;
1770                         break;
1771                 }
1772         }
1773
1774         if (rxflags && injected)
1775                 return;
1776
1777         if (!injected)
1778                 msg_type = ieee80211_msg_normal;
1779         else if (failed)
1780                 msg_type = ieee80211_msg_tx_callback_fail;
1781         else
1782                 msg_type = ieee80211_msg_tx_callback_ack;
1783
1784         handle_frame(hapd->iface, buf + iter.max_length,
1785                      len - iter.max_length, &hfi, msg_type);
1786 }
1787
1788
1789 static int nl80211_create_monitor_interface(struct i802_driver_data *drv)
1790 {
1791         char buf[IFNAMSIZ];
1792         struct sockaddr_ll ll;
1793         int optval;
1794         socklen_t optlen;
1795
1796         snprintf(buf, IFNAMSIZ, "mon.%s", drv->iface);
1797         buf[IFNAMSIZ - 1] = '\0';
1798
1799         drv->monitor_ifidx =
1800                 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL);
1801
1802         if (drv->monitor_ifidx < 0)
1803                 return -1;
1804
1805         if (hostapd_set_iface_flags(drv, buf, 1))
1806                 goto error;
1807
1808         memset(&ll, 0, sizeof(ll));
1809         ll.sll_family = AF_PACKET;
1810         ll.sll_ifindex = drv->monitor_ifidx;
1811         drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
1812         if (drv->monitor_sock < 0) {
1813                 perror("socket[PF_PACKET,SOCK_RAW]");
1814                 goto error;
1815         }
1816
1817         if (bind(drv->monitor_sock, (struct sockaddr *) &ll,
1818                  sizeof(ll)) < 0) {
1819                 perror("monitor socket bind");
1820                 goto error;
1821         }
1822
1823         optlen = sizeof(optval);
1824         optval = 20;
1825         if (setsockopt
1826             (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
1827                 perror("Failed to set socket priority");
1828                 goto error;
1829         }
1830
1831         if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
1832                                      drv, NULL)) {
1833                 printf("Could not register monitor read socket\n");
1834                 goto error;
1835         }
1836
1837         return 0;
1838  error:
1839         nl80211_remove_iface(drv, drv->monitor_ifidx);
1840         return -1;
1841 }
1842
1843
1844 static int nl80211_set_master_mode(struct i802_driver_data *drv,
1845                                    const char *ifname)
1846 {
1847         struct nl_msg *msg;
1848
1849         msg = nlmsg_alloc();
1850         if (!msg)
1851                 return -1;
1852
1853         genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1854                     0, NL80211_CMD_SET_INTERFACE, 0);
1855         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
1856                     if_nametoindex(ifname));
1857         NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, NL80211_IFTYPE_AP);
1858
1859         if (nl_send_auto_complete(drv->nl_handle, msg) < 0 ||
1860             nl_wait_for_ack(drv->nl_handle) < 0) {
1861  nla_put_failure:
1862                 wpa_printf(MSG_ERROR, "Failed to set interface %s to master "
1863                            "mode.", ifname);
1864                 nlmsg_free(msg);
1865                 return -1;
1866         }
1867
1868         nlmsg_free(msg);
1869
1870         return 0;
1871 }
1872
1873
1874 static int i802_init_sockets(struct i802_driver_data *drv, const u8 *bssid)
1875 {
1876         struct ifreq ifr;
1877         struct sockaddr_ll addr;
1878
1879         drv->ioctl_sock = -1;
1880
1881         drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1882         if (drv->ioctl_sock < 0) {
1883                 perror("socket[PF_INET,SOCK_DGRAM]");
1884                 return -1;
1885         }
1886
1887         /* start listening for EAPOL on the default AP interface */
1888         add_ifidx(drv, if_nametoindex(drv->iface));
1889
1890         if (hostapd_set_iface_flags(drv, drv->iface, 0))
1891                 return -1;
1892
1893         if (bssid) {
1894                 os_strlcpy(ifr.ifr_name, drv->iface, IFNAMSIZ);
1895                 memcpy(ifr.ifr_hwaddr.sa_data, bssid, ETH_ALEN);
1896                 ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;
1897
1898                 if (ioctl(drv->ioctl_sock, SIOCSIFHWADDR, &ifr)) {
1899                         perror("ioctl(SIOCSIFHWADDR)");
1900                         return -1;
1901                 }
1902         }
1903
1904         /*
1905          * initialise generic netlink and nl80211
1906          */
1907         drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1908         if (!drv->nl_cb) {
1909                 printf("Failed to allocate netlink callbacks.\n");
1910                 return -1;
1911         }
1912
1913         drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb);
1914         if (!drv->nl_handle) {
1915                 printf("Failed to allocate netlink handle.\n");
1916                 return -1;
1917         }
1918
1919         if (genl_connect(drv->nl_handle)) {
1920                 printf("Failed to connect to generic netlink.\n");
1921                 return -1;
1922         }
1923
1924         drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
1925         if (!drv->nl_cache) {
1926                 printf("Failed to allocate generic netlink cache.\n");
1927                 return -1;
1928         }
1929
1930         drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
1931         if (!drv->nl80211) {
1932                 printf("nl80211 not found.\n");
1933                 return -1;
1934         }
1935
1936         /* Initialise a monitor interface */
1937         if (nl80211_create_monitor_interface(drv))
1938                 return -1;
1939
1940         if (nl80211_set_master_mode(drv, drv->iface))
1941                 return -1;
1942
1943         if (hostapd_set_iface_flags(drv, drv->iface, 1))
1944                 return -1;
1945
1946         memset(&addr, 0, sizeof(addr));
1947         addr.sll_family = AF_PACKET;
1948         addr.sll_ifindex = ifr.ifr_ifindex;
1949         wpa_printf(MSG_DEBUG, "Opening raw packet socket for ifindex %d",
1950                    addr.sll_ifindex);
1951
1952         drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
1953         if (drv->eapol_sock < 0) {
1954                 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
1955                 return -1;
1956         }
1957
1958         if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
1959         {
1960                 printf("Could not register read socket for eapol\n");
1961                 return -1;
1962         }
1963
1964         memset(&ifr, 0, sizeof(ifr));
1965         os_strlcpy(ifr.ifr_name, drv->iface, sizeof(ifr.ifr_name));
1966         if (ioctl(drv->ioctl_sock, SIOCGIFHWADDR, &ifr) != 0) {
1967                 perror("ioctl(SIOCGIFHWADDR)");
1968                 return -1;
1969         }
1970
1971         if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
1972                 printf("Invalid HW-addr family 0x%04x\n",
1973                        ifr.ifr_hwaddr.sa_family);
1974                 return -1;
1975         }
1976         memcpy(drv->hapd->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
1977
1978         return 0;
1979 }
1980
1981
1982 static int i802_get_inact_sec(void *priv, const u8 *addr)
1983 {
1984         struct hostap_sta_driver_data data;
1985         int ret;
1986
1987         data.inactive_msec = (unsigned long) -1;
1988         ret = i802_read_sta_data(priv, &data, addr);
1989         if (ret || data.inactive_msec == (unsigned long) -1)
1990                 return -1;
1991         return data.inactive_msec / 1000;
1992 }
1993
1994
1995 static int i802_sta_clear_stats(void *priv, const u8 *addr)
1996 {
1997 #if 0
1998         /* TODO */
1999 #endif
2000         return 0;
2001 }
2002
2003
2004 static void
2005 hostapd_wireless_event_wireless_custom(struct i802_driver_data *drv,
2006                                        char *custom)
2007 {
2008         wpa_printf(MSG_DEBUG, "Custom wireless event: '%s'", custom);
2009
2010         if (strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) {
2011                 char *pos;
2012                 u8 addr[ETH_ALEN];
2013                 pos = strstr(custom, "addr=");
2014                 if (pos == NULL) {
2015                         wpa_printf(MSG_DEBUG,
2016                                    "MLME-MICHAELMICFAILURE.indication "
2017                                    "without sender address ignored");
2018                         return;
2019                 }
2020                 pos += 5;
2021                 if (hwaddr_aton(pos, addr) == 0) {
2022                         ieee80211_michael_mic_failure(drv->hapd, addr, 1);
2023                 } else {
2024                         wpa_printf(MSG_DEBUG,
2025                                    "MLME-MICHAELMICFAILURE.indication "
2026                                    "with invalid MAC address");
2027                 }
2028         }
2029 }
2030
2031
2032 static void hostapd_wireless_event_wireless(struct i802_driver_data *drv,
2033                                             char *data, int len)
2034 {
2035         struct iw_event iwe_buf, *iwe = &iwe_buf;
2036         char *pos, *end, *custom, *buf;
2037
2038         pos = data;
2039         end = data + len;
2040
2041         while (pos + IW_EV_LCP_LEN <= end) {
2042                 /* Event data may be unaligned, so make a local, aligned copy
2043                  * before processing. */
2044                 memcpy(&iwe_buf, pos, IW_EV_LCP_LEN);
2045                 wpa_printf(MSG_DEBUG, "Wireless event: cmd=0x%x len=%d",
2046                            iwe->cmd, iwe->len);
2047                 if (iwe->len <= IW_EV_LCP_LEN)
2048                         return;
2049
2050                 custom = pos + IW_EV_POINT_LEN;
2051                 if (drv->we_version > 18 &&
2052                     (iwe->cmd == IWEVMICHAELMICFAILURE ||
2053                      iwe->cmd == IWEVCUSTOM)) {
2054                         /* WE-19 removed the pointer from struct iw_point */
2055                         char *dpos = (char *) &iwe_buf.u.data.length;
2056                         int dlen = dpos - (char *) &iwe_buf;
2057                         memcpy(dpos, pos + IW_EV_LCP_LEN,
2058                                sizeof(struct iw_event) - dlen);
2059                 } else {
2060                         memcpy(&iwe_buf, pos, sizeof(struct iw_event));
2061                         custom += IW_EV_POINT_OFF;
2062                 }
2063
2064                 switch (iwe->cmd) {
2065                 case IWEVCUSTOM:
2066                         if (custom + iwe->u.data.length > end)
2067                                 return;
2068                         buf = malloc(iwe->u.data.length + 1);
2069                         if (buf == NULL)
2070                                 return;
2071                         memcpy(buf, custom, iwe->u.data.length);
2072                         buf[iwe->u.data.length] = '\0';
2073                         hostapd_wireless_event_wireless_custom(drv, buf);
2074                         free(buf);
2075                         break;
2076                 }
2077
2078                 pos += iwe->len;
2079         }
2080 }
2081
2082
2083 static void hostapd_wireless_event_rtm_newlink(struct i802_driver_data *drv,
2084                                                struct nlmsghdr *h, int len)
2085 {
2086         struct ifinfomsg *ifi;
2087         int attrlen, nlmsg_len, rta_len;
2088         struct rtattr *attr;
2089
2090         if (len < (int) sizeof(*ifi))
2091                 return;
2092
2093         ifi = NLMSG_DATA(h);
2094
2095         /* TODO: use ifi->ifi_index to filter out wireless events from other
2096          * interfaces */
2097
2098         nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
2099
2100         attrlen = h->nlmsg_len - nlmsg_len;
2101         if (attrlen < 0)
2102                 return;
2103
2104         attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
2105
2106         rta_len = RTA_ALIGN(sizeof(struct rtattr));
2107         while (RTA_OK(attr, attrlen)) {
2108                 if (attr->rta_type == IFLA_WIRELESS) {
2109                         hostapd_wireless_event_wireless(
2110                                 drv, ((char *) attr) + rta_len,
2111                                 attr->rta_len - rta_len);
2112                 }
2113                 attr = RTA_NEXT(attr, attrlen);
2114         }
2115 }
2116
2117
2118 static void hostapd_wireless_event_receive(int sock, void *eloop_ctx,
2119                                            void *sock_ctx)
2120 {
2121         char buf[256];
2122         int left;
2123         struct sockaddr_nl from;
2124         socklen_t fromlen;
2125         struct nlmsghdr *h;
2126         struct i802_driver_data *drv = eloop_ctx;
2127
2128         fromlen = sizeof(from);
2129         left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
2130                         (struct sockaddr *) &from, &fromlen);
2131         if (left < 0) {
2132                 if (errno != EINTR && errno != EAGAIN)
2133                         perror("recvfrom(netlink)");
2134                 return;
2135         }
2136
2137         h = (struct nlmsghdr *) buf;
2138         while (left >= (int) sizeof(*h)) {
2139                 int len, plen;
2140
2141                 len = h->nlmsg_len;
2142                 plen = len - sizeof(*h);
2143                 if (len > left || plen < 0) {
2144                         printf("Malformed netlink message: "
2145                                "len=%d left=%d plen=%d\n",
2146                                len, left, plen);
2147                         break;
2148                 }
2149
2150                 switch (h->nlmsg_type) {
2151                 case RTM_NEWLINK:
2152                         hostapd_wireless_event_rtm_newlink(drv, h, plen);
2153                         break;
2154                 }
2155
2156                 len = NLMSG_ALIGN(len);
2157                 left -= len;
2158                 h = (struct nlmsghdr *) ((char *) h + len);
2159         }
2160
2161         if (left > 0) {
2162                 printf("%d extra bytes in the end of netlink message\n", left);
2163         }
2164 }
2165
2166
2167 static int hostap_get_we_version(struct i802_driver_data *drv)
2168 {
2169         struct iw_range *range;
2170         struct iwreq iwr;
2171         int minlen;
2172         size_t buflen;
2173
2174         drv->we_version = 0;
2175
2176         /*
2177          * Use larger buffer than struct iw_range in order to allow the
2178          * structure to grow in the future.
2179          */
2180         buflen = sizeof(struct iw_range) + 500;
2181         range = os_zalloc(buflen);
2182         if (range == NULL)
2183                 return -1;
2184
2185         memset(&iwr, 0, sizeof(iwr));
2186         os_strlcpy(iwr.ifr_name, drv->iface, IFNAMSIZ);
2187         iwr.u.data.pointer = (caddr_t) range;
2188         iwr.u.data.length = buflen;
2189
2190         minlen = ((char *) &range->enc_capa) - (char *) range +
2191                 sizeof(range->enc_capa);
2192
2193         if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) {
2194                 perror("ioctl[SIOCGIWRANGE]");
2195                 free(range);
2196                 return -1;
2197         } else if (iwr.u.data.length >= minlen &&
2198                    range->we_version_compiled >= 18) {
2199                 wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d "
2200                            "WE(source)=%d enc_capa=0x%x",
2201                            range->we_version_compiled,
2202                            range->we_version_source,
2203                            range->enc_capa);
2204                 drv->we_version = range->we_version_compiled;
2205         }
2206
2207         free(range);
2208         return 0;
2209 }
2210
2211
2212 static int i802_wireless_event_init(void *priv)
2213 {
2214         struct i802_driver_data *drv = priv;
2215         int s;
2216         struct sockaddr_nl local;
2217
2218         hostap_get_we_version(drv);
2219
2220         drv->wext_sock = -1;
2221
2222         s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
2223         if (s < 0) {
2224                 perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)");
2225                 return -1;
2226         }
2227
2228         memset(&local, 0, sizeof(local));
2229         local.nl_family = AF_NETLINK;
2230         local.nl_groups = RTMGRP_LINK;
2231         if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) {
2232                 perror("bind(netlink)");
2233                 close(s);
2234                 return -1;
2235         }
2236
2237         eloop_register_read_sock(s, hostapd_wireless_event_receive, drv,
2238                                  NULL);
2239         drv->wext_sock = s;
2240
2241         return 0;
2242 }
2243
2244
2245 static void i802_wireless_event_deinit(void *priv)
2246 {
2247         struct i802_driver_data *drv = priv;
2248         if (drv->wext_sock < 0)
2249                 return;
2250         eloop_unregister_read_sock(drv->wext_sock);
2251         close(drv->wext_sock);
2252 }
2253
2254
2255 static int i802_sta_deauth(void *priv, const u8 *addr, int reason)
2256 {
2257         struct i802_driver_data *drv = priv;
2258         struct ieee80211_mgmt mgmt;
2259
2260         memset(&mgmt, 0, sizeof(mgmt));
2261         mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2262                                           WLAN_FC_STYPE_DEAUTH);
2263         memcpy(mgmt.da, addr, ETH_ALEN);
2264         memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN);
2265         memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN);
2266         mgmt.u.deauth.reason_code = host_to_le16(reason);
2267         return i802_send_mgmt_frame(drv, &mgmt, IEEE80211_HDRLEN +
2268                                       sizeof(mgmt.u.deauth), 0);
2269 }
2270
2271
2272 static int i802_sta_disassoc(void *priv, const u8 *addr, int reason)
2273 {
2274         struct i802_driver_data *drv = priv;
2275         struct ieee80211_mgmt mgmt;
2276
2277         memset(&mgmt, 0, sizeof(mgmt));
2278         mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2279                                           WLAN_FC_STYPE_DISASSOC);
2280         memcpy(mgmt.da, addr, ETH_ALEN);
2281         memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN);
2282         memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN);
2283         mgmt.u.disassoc.reason_code = host_to_le16(reason);
2284         return  i802_send_mgmt_frame(drv, &mgmt, IEEE80211_HDRLEN +
2285                                        sizeof(mgmt.u.disassoc), 0);
2286 }
2287
2288
2289 static void *i802_init_bssid(struct hostapd_data *hapd, const u8 *bssid)
2290 {
2291         struct i802_driver_data *drv;
2292
2293         drv = os_zalloc(sizeof(struct i802_driver_data));
2294         if (drv == NULL) {
2295                 printf("Could not allocate memory for i802 driver data\n");
2296                 return NULL;
2297         }
2298
2299         drv->hapd = hapd;
2300         memcpy(drv->iface, hapd->conf->iface, sizeof(drv->iface));
2301
2302         drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
2303         drv->if_indices = drv->default_if_indices;
2304         drv->bridge = if_nametoindex(hapd->conf->bridge);
2305
2306         if (i802_init_sockets(drv, bssid))
2307                 goto failed;
2308
2309         return drv;
2310
2311 failed:
2312         free(drv);
2313         return NULL;
2314 }
2315
2316
2317 static void *i802_init(struct hostapd_data *hapd)
2318 {
2319         return i802_init_bssid(hapd, NULL);
2320 }
2321
2322
2323 static void i802_deinit(void *priv)
2324 {
2325         struct i802_driver_data *drv = priv;
2326
2327         i802_del_beacon(drv);
2328
2329         /* remove monitor interface */
2330         nl80211_remove_iface(drv, drv->monitor_ifidx);
2331
2332         (void) hostapd_set_iface_flags(drv, drv->iface, 0);
2333
2334         if (drv->monitor_sock >= 0) {
2335                 eloop_unregister_read_sock(drv->monitor_sock);
2336                 close(drv->monitor_sock);
2337         }
2338         if (drv->ioctl_sock >= 0)
2339                 close(drv->ioctl_sock);
2340         if (drv->eapol_sock >= 0) {
2341                 eloop_unregister_read_sock(drv->eapol_sock);
2342                 close(drv->eapol_sock);
2343         }
2344
2345         genl_family_put(drv->nl80211);
2346         nl_cache_free(drv->nl_cache);
2347         nl_handle_destroy(drv->nl_handle);
2348         nl_cb_put(drv->nl_cb);
2349
2350         if (drv->if_indices != drv->default_if_indices)
2351                 free(drv->if_indices);
2352
2353         free(drv);
2354 }
2355
2356
2357 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
2358         .name = "nl80211",
2359         .init = i802_init,
2360         .init_bssid = i802_init_bssid,
2361         .deinit = i802_deinit,
2362         .wireless_event_init = i802_wireless_event_init,
2363         .wireless_event_deinit = i802_wireless_event_deinit,
2364         .set_ieee8021x = i802_set_ieee8021x,
2365         .set_privacy = i802_set_privacy,
2366         .set_encryption = i802_set_encryption,
2367         .get_seqnum = i802_get_seqnum,
2368         .flush = i802_flush,
2369         .read_sta_data = i802_read_sta_data,
2370         .send_eapol = i802_send_eapol,
2371         .sta_set_flags = i802_sta_set_flags,
2372         .sta_deauth = i802_sta_deauth,
2373         .sta_disassoc = i802_sta_disassoc,
2374         .sta_remove = i802_sta_remove,
2375         .set_ssid = i802_set_ssid,
2376         .send_mgmt_frame = i802_send_mgmt_frame,
2377         .sta_add = i802_sta_add,
2378         .get_inact_sec = i802_get_inact_sec,
2379         .sta_clear_stats = i802_sta_clear_stats,
2380         .set_freq = i802_set_freq,
2381         .set_rts = i802_set_rts,
2382         .get_rts = i802_get_rts,
2383         .set_frag = i802_set_frag,
2384         .get_frag = i802_get_frag,
2385         .set_retry = i802_set_retry,
2386         .get_retry = i802_get_retry,
2387         .set_rate_sets = i802_set_rate_sets,
2388         .set_channel_flag = i802_set_channel_flag,
2389         .set_regulatory_domain = i802_set_regulatory_domain,
2390         .set_beacon = i802_set_beacon,
2391         .set_internal_bridge = i802_set_internal_bridge,
2392         .set_beacon_int = i802_set_beacon_int,
2393         .set_dtim_period = i802_set_dtim_period,
2394         .set_cts_protect = i802_set_cts_protect,
2395         .set_preamble = i802_set_preamble,
2396         .set_short_slot_time = i802_set_short_slot_time,
2397         .set_tx_queue_params = i802_set_tx_queue_params,
2398         .bss_add = i802_bss_add,
2399         .bss_remove = i802_bss_remove,
2400         .if_add = i802_if_add,
2401         .if_update = i802_if_update,
2402         .if_remove = i802_if_remove,
2403         .get_hw_feature_data = i802_get_hw_feature_data,
2404         .set_sta_vlan = i802_set_sta_vlan,
2405 };
EAP library