2 * hostapd / VLAN initialization
3 * Copyright 2003, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * Alternatively, this software may be distributed under the terms of BSD
14 * See README and COPYING for more details.
17 #include "utils/includes.h"
19 #include "utils/common.h"
21 #include "ap_config.h"
22 #include "vlan_init.h"
25 #ifdef CONFIG_FULL_DYNAMIC_VLAN
28 #include <sys/ioctl.h>
29 #include <linux/sockios.h>
30 #include <linux/if_vlan.h>
31 #include <linux/if_bridge.h>
33 #include "drivers/priv_netlink.h"
34 #include "utils/eloop.h"
37 struct full_dynamic_vlan {
38 int s; /* socket on which to listen for new/removed interfaces. */
42 static int ifconfig_helper(const char *if_name, int up)
47 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
48 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
49 "failed: %s", __func__, strerror(errno));
53 os_memset(&ifr, 0, sizeof(ifr));
54 os_strlcpy(ifr.ifr_name, if_name, IFNAMSIZ);
56 if (ioctl(fd, SIOCGIFFLAGS, &ifr) != 0) {
57 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl(SIOCGIFFLAGS) failed "
58 "for interface %s: %s",
59 __func__, if_name, strerror(errno));
65 ifr.ifr_flags |= IFF_UP;
67 ifr.ifr_flags &= ~IFF_UP;
69 if (ioctl(fd, SIOCSIFFLAGS, &ifr) != 0) {
70 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl(SIOCSIFFLAGS) failed "
71 "for interface %s (up=%d): %s",
72 __func__, if_name, up, strerror(errno));
82 static int ifconfig_up(const char *if_name)
84 wpa_printf(MSG_DEBUG, "VLAN: Set interface %s up", if_name);
85 return ifconfig_helper(if_name, 1);
89 static int ifconfig_down(const char *if_name)
91 wpa_printf(MSG_DEBUG, "VLAN: Set interface %s down", if_name);
92 return ifconfig_helper(if_name, 0);
97 * These are only available in recent linux headers (without the leading
100 #define _GET_VLAN_REALDEV_NAME_CMD 8
101 #define _GET_VLAN_VID_CMD 9
103 /* This value should be 256 ONLY. If it is something else, then hostapd
104 * might crash!, as this value has been hard-coded in 2.4.x kernel
107 #define MAX_BR_PORTS 256
109 static int br_delif(const char *br_name, const char *if_name)
113 unsigned long args[2];
116 wpa_printf(MSG_DEBUG, "VLAN: br_delif(%s, %s)", br_name, if_name);
117 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
118 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
119 "failed: %s", __func__, strerror(errno));
123 if_index = if_nametoindex(if_name);
126 wpa_printf(MSG_ERROR, "VLAN: %s: Failure determining "
127 "interface index for '%s'",
133 args[0] = BRCTL_DEL_IF;
136 os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
137 ifr.ifr_data = (__caddr_t) args;
139 if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0 && errno != EINVAL) {
140 /* No error if interface already removed. */
141 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl[SIOCDEVPRIVATE,"
142 "BRCTL_DEL_IF] failed for br_name=%s if_name=%s: "
143 "%s", __func__, br_name, if_name, strerror(errno));
154 Add interface 'if_name' to the bridge 'br_name'
157 returns 1 if the interface is already part of the bridge
160 static int br_addif(const char *br_name, const char *if_name)
164 unsigned long args[2];
167 wpa_printf(MSG_DEBUG, "VLAN: br_addif(%s, %s)", br_name, if_name);
168 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
169 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
170 "failed: %s", __func__, strerror(errno));
174 if_index = if_nametoindex(if_name);
177 wpa_printf(MSG_ERROR, "VLAN: %s: Failure determining "
178 "interface index for '%s'",
184 args[0] = BRCTL_ADD_IF;
187 os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
188 ifr.ifr_data = (__caddr_t) args;
190 if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) {
191 if (errno == EBUSY) {
192 /* The interface is already added. */
197 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl[SIOCDEVPRIVATE,"
198 "BRCTL_ADD_IF] failed for br_name=%s if_name=%s: "
199 "%s", __func__, br_name, if_name, strerror(errno));
209 static int br_delbr(const char *br_name)
212 unsigned long arg[2];
214 wpa_printf(MSG_DEBUG, "VLAN: br_delbr(%s)", br_name);
215 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
216 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
217 "failed: %s", __func__, strerror(errno));
221 arg[0] = BRCTL_DEL_BRIDGE;
222 arg[1] = (unsigned long) br_name;
224 if (ioctl(fd, SIOCGIFBR, arg) < 0 && errno != ENXIO) {
225 /* No error if bridge already removed. */
226 wpa_printf(MSG_ERROR, "VLAN: %s: BRCTL_DEL_BRIDGE failed for "
227 "%s: %s", __func__, br_name, strerror(errno));
238 Add a bridge with the name 'br_name'.
241 returns 1 if the bridge already exists
244 static int br_addbr(const char *br_name)
247 unsigned long arg[2];
249 wpa_printf(MSG_DEBUG, "VLAN: br_addbr(%s)", br_name);
250 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
251 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
252 "failed: %s", __func__, strerror(errno));
256 arg[0] = BRCTL_ADD_BRIDGE;
257 arg[1] = (unsigned long) br_name;
259 if (ioctl(fd, SIOCGIFBR, arg) < 0) {
260 if (errno == EEXIST) {
261 /* The bridge is already added. */
265 wpa_printf(MSG_ERROR, "VLAN: %s: BRCTL_ADD_BRIDGE "
267 __func__, br_name, strerror(errno));
278 static int br_getnumports(const char *br_name)
283 unsigned long arg[4];
284 int ifindices[MAX_BR_PORTS];
287 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
288 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
289 "failed: %s", __func__, strerror(errno));
293 arg[0] = BRCTL_GET_PORT_LIST;
294 arg[1] = (unsigned long) ifindices;
295 arg[2] = MAX_BR_PORTS;
298 os_memset(ifindices, 0, sizeof(ifindices));
299 os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
300 ifr.ifr_data = (__caddr_t) arg;
302 if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) {
303 wpa_printf(MSG_ERROR, "VLAN: %s: BRCTL_GET_PORT_LIST "
305 __func__, br_name, strerror(errno));
310 for (i = 1; i < MAX_BR_PORTS; i++) {
311 if (ifindices[i] > 0) {
321 static int vlan_rem(const char *if_name)
324 struct vlan_ioctl_args if_request;
326 wpa_printf(MSG_DEBUG, "VLAN: vlan_rem(%s)", if_name);
327 if ((os_strlen(if_name) + 1) > sizeof(if_request.device1)) {
328 wpa_printf(MSG_ERROR, "VLAN: Interface name too long: '%s'",
333 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
334 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
335 "failed: %s", __func__, strerror(errno));
339 os_memset(&if_request, 0, sizeof(if_request));
341 os_strlcpy(if_request.device1, if_name, sizeof(if_request.device1));
342 if_request.cmd = DEL_VLAN_CMD;
344 if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
345 wpa_printf(MSG_ERROR, "VLAN: %s: DEL_VLAN_CMD failed for %s: "
346 "%s", __func__, if_name, strerror(errno));
357 Add a vlan interface with VLAN ID 'vid' and tagged interface
361 returns 1 if the interface already exists
364 static int vlan_add(const char *if_name, int vid)
367 struct vlan_ioctl_args if_request;
369 wpa_printf(MSG_DEBUG, "VLAN: vlan_add(if_name=%s, vid=%d)",
371 ifconfig_up(if_name);
373 if ((os_strlen(if_name) + 1) > sizeof(if_request.device1)) {
374 wpa_printf(MSG_ERROR, "VLAN: Interface name too long: '%s'",
379 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
380 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
381 "failed: %s", __func__, strerror(errno));
385 os_memset(&if_request, 0, sizeof(if_request));
387 /* Determine if a suitable vlan device already exists. */
389 os_snprintf(if_request.device1, sizeof(if_request.device1), "vlan%d",
392 if_request.cmd = _GET_VLAN_VID_CMD;
394 if (ioctl(fd, SIOCSIFVLAN, &if_request) == 0) {
396 if (if_request.u.VID == vid) {
397 if_request.cmd = _GET_VLAN_REALDEV_NAME_CMD;
399 if (ioctl(fd, SIOCSIFVLAN, &if_request) == 0 &&
400 os_strncmp(if_request.u.device2, if_name,
401 sizeof(if_request.u.device2)) == 0) {
403 wpa_printf(MSG_DEBUG, "VLAN: vlan_add: "
404 "if_name %s exists already",
411 /* A suitable vlan device does not already exist, add one. */
413 os_memset(&if_request, 0, sizeof(if_request));
414 os_strlcpy(if_request.device1, if_name, sizeof(if_request.device1));
415 if_request.u.VID = vid;
416 if_request.cmd = ADD_VLAN_CMD;
418 if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
419 wpa_printf(MSG_ERROR, "VLAN: %s: ADD_VLAN_CMD failed for %s: "
421 __func__, if_request.device1, strerror(errno));
431 static int vlan_set_name_type(unsigned int name_type)
434 struct vlan_ioctl_args if_request;
436 wpa_printf(MSG_DEBUG, "VLAN: vlan_set_name_type(name_type=%u)",
438 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
439 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
440 "failed: %s", __func__, strerror(errno));
444 os_memset(&if_request, 0, sizeof(if_request));
446 if_request.u.name_type = name_type;
447 if_request.cmd = SET_VLAN_NAME_TYPE_CMD;
448 if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
449 wpa_printf(MSG_ERROR, "VLAN: %s: SET_VLAN_NAME_TYPE_CMD "
450 "name_type=%u failed: %s",
451 __func__, name_type, strerror(errno));
461 static void vlan_newlink(char *ifname, struct hostapd_data *hapd)
463 char vlan_ifname[IFNAMSIZ];
464 char br_name[IFNAMSIZ];
465 struct hostapd_vlan *vlan = hapd->conf->vlan;
466 char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface;
468 wpa_printf(MSG_DEBUG, "VLAN: vlan_newlink(%s)", ifname);
471 if (os_strcmp(ifname, vlan->ifname) == 0) {
473 os_snprintf(br_name, sizeof(br_name), "brvlan%d",
476 if (!br_addbr(br_name))
477 vlan->clean |= DVLAN_CLEAN_BR;
479 ifconfig_up(br_name);
481 if (tagged_interface) {
483 if (!vlan_add(tagged_interface, vlan->vlan_id))
484 vlan->clean |= DVLAN_CLEAN_VLAN;
486 os_snprintf(vlan_ifname, sizeof(vlan_ifname),
487 "vlan%d", vlan->vlan_id);
489 if (!br_addif(br_name, vlan_ifname))
490 vlan->clean |= DVLAN_CLEAN_VLAN_PORT;
492 ifconfig_up(vlan_ifname);
495 if (!br_addif(br_name, ifname))
496 vlan->clean |= DVLAN_CLEAN_WLAN_PORT;
507 static void vlan_dellink(char *ifname, struct hostapd_data *hapd)
509 char vlan_ifname[IFNAMSIZ];
510 char br_name[IFNAMSIZ];
511 struct hostapd_vlan *first, *prev, *vlan = hapd->conf->vlan;
512 char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface;
515 wpa_printf(MSG_DEBUG, "VLAN: vlan_dellink(%s)", ifname);
520 if (os_strcmp(ifname, vlan->ifname) == 0) {
521 os_snprintf(br_name, sizeof(br_name), "brvlan%d",
524 if (tagged_interface) {
525 os_snprintf(vlan_ifname, sizeof(vlan_ifname),
526 "vlan%d", vlan->vlan_id);
528 numports = br_getnumports(br_name);
530 br_delif(br_name, vlan_ifname);
532 vlan_rem(vlan_ifname);
534 ifconfig_down(br_name);
540 hapd->conf->vlan = vlan->next;
542 prev->next = vlan->next;
555 vlan_read_ifnames(struct nlmsghdr *h, size_t len, int del,
556 struct hostapd_data *hapd)
558 struct ifinfomsg *ifi;
559 int attrlen, nlmsg_len, rta_len;
562 if (len < sizeof(*ifi))
567 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
569 attrlen = h->nlmsg_len - nlmsg_len;
573 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
575 rta_len = RTA_ALIGN(sizeof(struct rtattr));
576 while (RTA_OK(attr, attrlen)) {
577 char ifname[IFNAMSIZ + 1];
579 if (attr->rta_type == IFLA_IFNAME) {
580 int n = attr->rta_len - rta_len;
584 os_memset(ifname, 0, sizeof(ifname));
586 if ((size_t) n > sizeof(ifname))
588 os_memcpy(ifname, ((char *) attr) + rta_len, n);
591 vlan_dellink(ifname, hapd);
593 vlan_newlink(ifname, hapd);
596 attr = RTA_NEXT(attr, attrlen);
601 static void vlan_event_receive(int sock, void *eloop_ctx, void *sock_ctx)
605 struct sockaddr_nl from;
608 struct hostapd_data *hapd = eloop_ctx;
610 fromlen = sizeof(from);
611 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
612 (struct sockaddr *) &from, &fromlen);
614 if (errno != EINTR && errno != EAGAIN)
615 wpa_printf(MSG_ERROR, "VLAN: %s: recvfrom failed: %s",
616 __func__, strerror(errno));
620 h = (struct nlmsghdr *) buf;
621 while (left >= (int) sizeof(*h)) {
625 plen = len - sizeof(*h);
626 if (len > left || plen < 0) {
627 wpa_printf(MSG_DEBUG, "VLAN: Malformed netlink "
628 "message: len=%d left=%d plen=%d",
633 switch (h->nlmsg_type) {
635 vlan_read_ifnames(h, plen, 0, hapd);
638 vlan_read_ifnames(h, plen, 1, hapd);
642 len = NLMSG_ALIGN(len);
644 h = (struct nlmsghdr *) ((char *) h + len);
648 wpa_printf(MSG_DEBUG, "VLAN: %s: %d extra bytes in the end of "
649 "netlink message", __func__, left);
654 static struct full_dynamic_vlan *
655 full_dynamic_vlan_init(struct hostapd_data *hapd)
657 struct sockaddr_nl local;
658 struct full_dynamic_vlan *priv;
660 priv = os_zalloc(sizeof(*priv));
664 vlan_set_name_type(VLAN_NAME_TYPE_PLUS_VID_NO_PAD);
666 priv->s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
668 wpa_printf(MSG_ERROR, "VLAN: %s: socket(PF_NETLINK,SOCK_RAW,"
669 "NETLINK_ROUTE) failed: %s",
670 __func__, strerror(errno));
675 os_memset(&local, 0, sizeof(local));
676 local.nl_family = AF_NETLINK;
677 local.nl_groups = RTMGRP_LINK;
678 if (bind(priv->s, (struct sockaddr *) &local, sizeof(local)) < 0) {
679 wpa_printf(MSG_ERROR, "VLAN: %s: bind(netlink) failed: %s",
680 __func__, strerror(errno));
686 if (eloop_register_read_sock(priv->s, vlan_event_receive, hapd, NULL))
697 static void full_dynamic_vlan_deinit(struct full_dynamic_vlan *priv)
701 eloop_unregister_read_sock(priv->s);
705 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
708 int vlan_setup_encryption_dyn(struct hostapd_data *hapd,
709 struct hostapd_ssid *mssid, const char *dyn_vlan)
713 if (dyn_vlan == NULL)
716 /* Static WEP keys are set here; IEEE 802.1X and WPA uses their own
717 * functions for setting up dynamic broadcast keys. */
718 for (i = 0; i < 4; i++) {
719 if (mssid->wep.key[i] &&
720 hapd->drv.set_key(dyn_vlan, hapd, WPA_ALG_WEP, NULL, i,
721 i == mssid->wep.idx, NULL, 0,
722 mssid->wep.key[i], mssid->wep.len[i])) {
723 wpa_printf(MSG_ERROR, "VLAN: Could not set WEP "
724 "encryption for dynamic VLAN");
733 static int vlan_dynamic_add(struct hostapd_data *hapd,
734 struct hostapd_vlan *vlan)
737 if (vlan->vlan_id != VLAN_ID_WILDCARD &&
738 hapd->drv.vlan_if_add(hapd, vlan->ifname)) {
739 if (errno != EEXIST) {
740 wpa_printf(MSG_ERROR, "VLAN: Could not add "
741 "VLAN iface: %s: %s",
742 vlan->ifname, strerror(errno));
754 static void vlan_dynamic_remove(struct hostapd_data *hapd,
755 struct hostapd_vlan *vlan)
757 struct hostapd_vlan *next;
762 if (vlan->vlan_id != VLAN_ID_WILDCARD &&
763 hapd->drv.vlan_if_remove(hapd, vlan->ifname)) {
764 wpa_printf(MSG_ERROR, "VLAN: Could not remove VLAN "
766 vlan->ifname, strerror(errno));
768 #ifdef CONFIG_FULL_DYNAMIC_VLAN
770 vlan_dellink(vlan->ifname, hapd);
771 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
778 int vlan_init(struct hostapd_data *hapd)
780 if (vlan_dynamic_add(hapd, hapd->conf->vlan))
783 #ifdef CONFIG_FULL_DYNAMIC_VLAN
784 hapd->full_dynamic_vlan = full_dynamic_vlan_init(hapd);
785 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
791 void vlan_deinit(struct hostapd_data *hapd)
793 vlan_dynamic_remove(hapd, hapd->conf->vlan);
795 #ifdef CONFIG_FULL_DYNAMIC_VLAN
796 full_dynamic_vlan_deinit(hapd->full_dynamic_vlan);
797 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
801 struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd,
802 struct hostapd_vlan *vlan,
805 struct hostapd_vlan *n;
808 if (vlan == NULL || vlan_id <= 0 || vlan_id > MAX_VLAN_ID ||
809 vlan->vlan_id != VLAN_ID_WILDCARD)
812 wpa_printf(MSG_DEBUG, "VLAN: %s(vlan_id=%d ifname=%s)",
813 __func__, vlan_id, vlan->ifname);
814 ifname = os_strdup(vlan->ifname);
817 pos = os_strchr(ifname, '#');
824 n = os_zalloc(sizeof(*n));
830 n->vlan_id = vlan_id;
833 os_snprintf(n->ifname, sizeof(n->ifname), "%s%d%s", ifname, vlan_id,
837 if (hapd->drv.vlan_if_add(hapd, n->ifname)) {
842 n->next = hapd->conf->vlan;
843 hapd->conf->vlan = n;
849 int vlan_remove_dynamic(struct hostapd_data *hapd, int vlan_id)
851 struct hostapd_vlan *vlan;
853 if (vlan_id <= 0 || vlan_id > MAX_VLAN_ID)
856 wpa_printf(MSG_DEBUG, "VLAN: %s(vlan_id=%d)", __func__, vlan_id);
858 vlan = hapd->conf->vlan;
860 if (vlan->vlan_id == vlan_id && vlan->dynamic_vlan > 0) {
861 vlan->dynamic_vlan--;
870 if (vlan->dynamic_vlan == 0)
871 hapd->drv.vlan_if_remove(hapd, vlan->ifname);