2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009, Atheros Communications
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
13 * Alternatively, this software may be distributed under the terms of BSD
16 * See README and COPYING for more details.
20 #include <sys/ioctl.h>
22 #include <netlink/genl/genl.h>
23 #include <netlink/genl/family.h>
24 #include <netlink/genl/ctrl.h>
25 #include <netpacket/packet.h>
26 #include <linux/filter.h>
27 #include "nl80211_copy.h"
31 #include "common/ieee802_11_defs.h"
33 #include "linux_ioctl.h"
35 #include "radiotap_iter.h"
39 /* libnl 2.0 compatibility code */
40 #define nl_handle nl_sock
41 #define nl_handle_alloc_cb nl_socket_alloc_cb
42 #define nl_handle_destroy nl_socket_free
43 #endif /* CONFIG_LIBNL20 */
47 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
50 #define IFF_DORMANT 0x20000 /* driver signals dormant */
53 #ifndef IF_OPER_DORMANT
54 #define IF_OPER_DORMANT 5
61 struct i802_bss *next;
63 unsigned int beacon_set:1;
66 struct wpa_driver_nl80211_data {
68 struct netlink_data *netlink;
69 int ioctl_sock; /* socket for ioctl() use */
70 char ifname[IFNAMSIZ + 1];
73 struct wpa_driver_capa capa;
78 int scan_complete_events;
80 struct nl_handle *nl_handle;
81 struct nl_handle *nl_handle_event;
82 struct nl_cache *nl_cache;
83 struct nl_cache *nl_cache_event;
85 struct genl_family *nl80211;
87 u8 auth_bssid[ETH_ALEN];
93 int ap_scan_as_station;
94 unsigned int assoc_freq;
99 int disable_11b_rates;
101 unsigned int beacon_set:1;
102 unsigned int pending_remain_on_chan:1;
104 u64 remain_on_chan_cookie;
107 int eapol_sock; /* socket for EAPOL frames */
109 int default_if_indices[16];
121 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
123 static int wpa_driver_nl80211_set_mode(void *priv, int mode);
125 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
126 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
127 const u8 *addr, int cmd, u16 reason_code);
128 static void nl80211_remove_monitor_interface(
129 struct wpa_driver_nl80211_data *drv);
132 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
133 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
134 static struct i802_bss * get_bss(struct wpa_driver_nl80211_data *drv,
136 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq);
137 static int wpa_driver_nl80211_if_remove(void *priv,
138 enum wpa_driver_if_type type,
142 static void wpa_driver_nl80211_probe_req_report_timeout(void *eloop_ctx,
144 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
145 int ifindex, int disabled);
149 static int ack_handler(struct nl_msg *msg, void *arg)
156 static int finish_handler(struct nl_msg *msg, void *arg)
163 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
172 static int no_seq_check(struct nl_msg *msg, void *arg)
178 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
180 int (*valid_handler)(struct nl_msg *, void *),
186 cb = nl_cb_clone(drv->nl_cb);
190 err = nl_send_auto_complete(drv->nl_handle, msg);
196 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
197 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
198 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
201 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
202 valid_handler, valid_data);
205 nl_recvmsgs(drv->nl_handle, cb);
219 static int family_handler(struct nl_msg *msg, void *arg)
221 struct family_data *res = arg;
222 struct nlattr *tb[CTRL_ATTR_MAX + 1];
223 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
224 struct nlattr *mcgrp;
227 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
228 genlmsg_attrlen(gnlh, 0), NULL);
229 if (!tb[CTRL_ATTR_MCAST_GROUPS])
232 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
233 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
234 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
235 nla_len(mcgrp), NULL);
236 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
237 !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
238 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
240 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
242 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
250 static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv,
251 const char *family, const char *group)
255 struct family_data res = { group, -ENOENT };
260 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"),
261 0, 0, CTRL_CMD_GETFAMILY, 0);
262 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
264 ret = send_and_recv_msgs(drv, msg, family_handler, &res);
275 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
277 struct wpa_driver_nl80211_data *drv = priv;
278 if (!drv->associated)
280 os_memcpy(bssid, drv->bssid, ETH_ALEN);
285 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
287 struct wpa_driver_nl80211_data *drv = priv;
288 if (!drv->associated)
290 os_memcpy(ssid, drv->ssid, drv->ssid_len);
291 return drv->ssid_len;
295 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
296 char *buf, size_t len, int del)
298 union wpa_event_data event;
300 os_memset(&event, 0, sizeof(event));
301 if (len > sizeof(event.interface_status.ifname))
302 len = sizeof(event.interface_status.ifname) - 1;
303 os_memcpy(event.interface_status.ifname, buf, len);
304 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
305 EVENT_INTERFACE_ADDED;
307 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
309 event.interface_status.ifname,
310 del ? "removed" : "added");
312 if (os_strcmp(drv->ifname, event.interface_status.ifname) == 0) {
319 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
323 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
326 int attrlen, rta_len;
330 attr = (struct rtattr *) buf;
332 rta_len = RTA_ALIGN(sizeof(struct rtattr));
333 while (RTA_OK(attr, attrlen)) {
334 if (attr->rta_type == IFLA_IFNAME) {
335 if (os_strcmp(((char *) attr) + rta_len, drv->ifname)
341 attr = RTA_NEXT(attr, attrlen);
348 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
349 int ifindex, u8 *buf, size_t len)
351 if (drv->ifindex == ifindex)
354 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
355 drv->ifindex = if_nametoindex(drv->ifname);
356 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
358 wpa_driver_nl80211_finish_drv_init(drv);
366 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
367 struct ifinfomsg *ifi,
370 struct wpa_driver_nl80211_data *drv = ctx;
371 int attrlen, rta_len;
374 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, buf, len)) {
375 wpa_printf(MSG_DEBUG, "Ignore event for foreign ifindex %d",
380 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
382 drv->operstate, ifi->ifi_flags,
383 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
384 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
385 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
386 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
388 * Some drivers send the association event before the operup event--in
389 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
390 * fails. This will hit us when wpa_supplicant does not need to do
391 * IEEE 802.1X authentication
393 if (drv->operstate == 1 &&
394 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
395 !(ifi->ifi_flags & IFF_RUNNING))
396 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
400 attr = (struct rtattr *) buf;
401 rta_len = RTA_ALIGN(sizeof(struct rtattr));
402 while (RTA_OK(attr, attrlen)) {
403 if (attr->rta_type == IFLA_IFNAME) {
404 wpa_driver_nl80211_event_link(
406 ((char *) attr) + rta_len,
407 attr->rta_len - rta_len, 0);
409 attr = RTA_NEXT(attr, attrlen);
414 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
415 struct ifinfomsg *ifi,
418 struct wpa_driver_nl80211_data *drv = ctx;
419 int attrlen, rta_len;
423 attr = (struct rtattr *) buf;
425 rta_len = RTA_ALIGN(sizeof(struct rtattr));
426 while (RTA_OK(attr, attrlen)) {
427 if (attr->rta_type == IFLA_IFNAME) {
428 wpa_driver_nl80211_event_link(
430 ((char *) attr) + rta_len,
431 attr->rta_len - rta_len, 1);
433 attr = RTA_NEXT(attr, attrlen);
438 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
439 const u8 *frame, size_t len)
441 const struct ieee80211_mgmt *mgmt;
442 union wpa_event_data event;
444 mgmt = (const struct ieee80211_mgmt *) frame;
445 if (len < 24 + sizeof(mgmt->u.auth)) {
446 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
451 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN);
452 os_memset(&event, 0, sizeof(event));
453 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
454 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
455 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
456 if (len > 24 + sizeof(mgmt->u.auth)) {
457 event.auth.ies = mgmt->u.auth.variable;
458 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
461 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
465 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
466 const u8 *frame, size_t len)
468 const struct ieee80211_mgmt *mgmt;
469 union wpa_event_data event;
472 mgmt = (const struct ieee80211_mgmt *) frame;
473 if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
474 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
479 status = le_to_host16(mgmt->u.assoc_resp.status_code);
480 if (status != WLAN_STATUS_SUCCESS) {
481 os_memset(&event, 0, sizeof(event));
482 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
483 event.assoc_reject.resp_ies =
484 (u8 *) mgmt->u.assoc_resp.variable;
485 event.assoc_reject.resp_ies_len =
486 len - 24 - sizeof(mgmt->u.assoc_resp);
488 event.assoc_reject.status_code = status;
490 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
495 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
497 os_memset(&event, 0, sizeof(event));
498 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
499 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
500 event.assoc_info.resp_ies_len =
501 len - 24 - sizeof(mgmt->u.assoc_resp);
504 event.assoc_info.freq = drv->assoc_freq;
506 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
510 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
511 enum nl80211_commands cmd, struct nlattr *status,
512 struct nlattr *addr, struct nlattr *req_ie,
513 struct nlattr *resp_ie)
515 union wpa_event_data event;
517 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
519 * Avoid reporting two association events that would confuse
522 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) "
523 "when using userspace SME", cmd);
527 os_memset(&event, 0, sizeof(event));
528 if (cmd == NL80211_CMD_CONNECT &&
529 nla_get_u16(status) != WLAN_STATUS_SUCCESS) {
531 event.assoc_reject.resp_ies = nla_data(resp_ie);
532 event.assoc_reject.resp_ies_len = nla_len(resp_ie);
534 event.assoc_reject.status_code = nla_get_u16(status);
535 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
541 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN);
544 event.assoc_info.req_ies = nla_data(req_ie);
545 event.assoc_info.req_ies_len = nla_len(req_ie);
548 event.assoc_info.resp_ies = nla_data(resp_ie);
549 event.assoc_info.resp_ies_len = nla_len(resp_ie);
552 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
556 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv,
557 enum nl80211_commands cmd, struct nlattr *addr)
559 union wpa_event_data event;
560 enum wpa_event_type ev;
562 if (nla_len(addr) != ETH_ALEN)
565 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR,
566 cmd, MAC2STR((u8 *) nla_data(addr)));
568 if (cmd == NL80211_CMD_AUTHENTICATE)
569 ev = EVENT_AUTH_TIMED_OUT;
570 else if (cmd == NL80211_CMD_ASSOCIATE)
571 ev = EVENT_ASSOC_TIMED_OUT;
575 os_memset(&event, 0, sizeof(event));
576 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN);
577 wpa_supplicant_event(drv->ctx, ev, &event);
581 static void mlme_event(struct wpa_driver_nl80211_data *drv,
582 enum nl80211_commands cmd, struct nlattr *frame,
583 struct nlattr *addr, struct nlattr *timed_out)
585 if (timed_out && addr) {
586 mlme_timeout_event(drv, cmd, addr);
591 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame "
596 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd);
597 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
598 nla_data(frame), nla_len(frame));
601 case NL80211_CMD_AUTHENTICATE:
602 mlme_event_auth(drv, nla_data(frame), nla_len(frame));
604 case NL80211_CMD_ASSOCIATE:
605 mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
607 case NL80211_CMD_DEAUTHENTICATE:
609 wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, NULL);
611 case NL80211_CMD_DISASSOCIATE:
613 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
621 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv,
624 union wpa_event_data data;
626 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
627 os_memset(&data, 0, sizeof(data));
628 if (tb[NL80211_ATTR_MAC]) {
629 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
630 nla_data(tb[NL80211_ATTR_MAC]),
631 nla_len(tb[NL80211_ATTR_MAC]));
632 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]);
634 if (tb[NL80211_ATTR_KEY_SEQ]) {
635 wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
636 nla_data(tb[NL80211_ATTR_KEY_SEQ]),
637 nla_len(tb[NL80211_ATTR_KEY_SEQ]));
639 if (tb[NL80211_ATTR_KEY_TYPE]) {
640 enum nl80211_key_type key_type =
641 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
642 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
643 if (key_type == NL80211_KEYTYPE_PAIRWISE)
644 data.michael_mic_failure.unicast = 1;
646 data.michael_mic_failure.unicast = 1;
648 if (tb[NL80211_ATTR_KEY_IDX]) {
649 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
650 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
653 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
657 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv,
660 if (tb[NL80211_ATTR_MAC] == NULL) {
661 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined "
665 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
667 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined",
668 MAC2STR(drv->bssid));
670 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
674 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv,
675 int cancel_event, struct nlattr *tb[])
677 unsigned int freq, chan_type, duration;
678 union wpa_event_data data;
681 if (tb[NL80211_ATTR_WIPHY_FREQ])
682 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
686 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
687 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
691 if (tb[NL80211_ATTR_DURATION])
692 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]);
696 if (tb[NL80211_ATTR_COOKIE])
697 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
701 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d "
702 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))",
703 cancel_event, freq, chan_type, duration,
704 (long long unsigned int) cookie,
705 cookie == drv->remain_on_chan_cookie ? "match" : "unknown");
707 if (cookie != drv->remain_on_chan_cookie)
708 return; /* not for us */
710 drv->pending_remain_on_chan = !cancel_event;
712 os_memset(&data, 0, sizeof(data));
713 data.remain_on_channel.freq = freq;
714 data.remain_on_channel.duration = duration;
715 wpa_supplicant_event(drv->ctx, cancel_event ?
716 EVENT_CANCEL_REMAIN_ON_CHANNEL :
717 EVENT_REMAIN_ON_CHANNEL, &data);
721 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
724 union wpa_event_data event;
727 struct scan_info *info;
728 #define MAX_REPORT_FREQS 50
729 int freqs[MAX_REPORT_FREQS];
732 os_memset(&event, 0, sizeof(event));
733 info = &event.scan_info;
734 info->aborted = aborted;
736 if (tb[NL80211_ATTR_SCAN_SSIDS]) {
737 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
738 struct wpa_driver_scan_ssid *s =
739 &info->ssids[info->num_ssids];
740 s->ssid = nla_data(nl);
741 s->ssid_len = nla_len(nl);
743 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
747 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
748 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem)
750 freqs[num_freqs] = nla_get_u32(nl);
752 if (num_freqs == MAX_REPORT_FREQS - 1)
756 info->num_freqs = num_freqs;
758 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
762 static int process_event(struct nl_msg *msg, void *arg)
764 struct wpa_driver_nl80211_data *drv = arg;
765 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
766 struct nlattr *tb[NL80211_ATTR_MAX + 1];
768 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
769 genlmsg_attrlen(gnlh, 0), NULL);
771 if (tb[NL80211_ATTR_IFINDEX]) {
772 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
773 if (ifindex != drv->ifindex) {
774 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)"
775 " for foreign interface (ifindex %d)",
781 if (drv->ap_scan_as_station &&
782 (gnlh->cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
783 gnlh->cmd == NL80211_CMD_SCAN_ABORTED)) {
784 wpa_driver_nl80211_set_mode(drv, IEEE80211_MODE_AP);
785 drv->ap_scan_as_station = 0;
789 case NL80211_CMD_TRIGGER_SCAN:
790 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger");
792 case NL80211_CMD_NEW_SCAN_RESULTS:
793 wpa_printf(MSG_DEBUG, "nl80211: New scan results available");
794 drv->scan_complete_events = 1;
795 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
797 send_scan_event(drv, 0, tb);
799 case NL80211_CMD_SCAN_ABORTED:
800 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted");
802 * Need to indicate that scan results are available in order
803 * not to make wpa_supplicant stop its scanning.
805 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
807 send_scan_event(drv, 1, tb);
809 case NL80211_CMD_AUTHENTICATE:
810 case NL80211_CMD_ASSOCIATE:
811 case NL80211_CMD_DEAUTHENTICATE:
812 case NL80211_CMD_DISASSOCIATE:
813 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME],
814 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT]);
816 case NL80211_CMD_CONNECT:
817 case NL80211_CMD_ROAM:
818 mlme_event_connect(drv, gnlh->cmd,
819 tb[NL80211_ATTR_STATUS_CODE],
820 tb[NL80211_ATTR_MAC],
821 tb[NL80211_ATTR_REQ_IE],
822 tb[NL80211_ATTR_RESP_IE]);
824 case NL80211_CMD_DISCONNECT:
825 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
827 * Avoid reporting two disassociation events that could
828 * confuse the core code.
830 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
831 "event when using userspace SME");
835 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
837 case NL80211_CMD_MICHAEL_MIC_FAILURE:
838 mlme_event_michael_mic_failure(drv, tb);
840 case NL80211_CMD_JOIN_IBSS:
841 mlme_event_join_ibss(drv, tb);
843 case NL80211_CMD_REMAIN_ON_CHANNEL:
844 mlme_event_remain_on_channel(drv, 0, tb);
846 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL:
847 mlme_event_remain_on_channel(drv, 1, tb);
850 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
851 "(cmd=%d)", gnlh->cmd);
859 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
863 struct wpa_driver_nl80211_data *drv = eloop_ctx;
865 wpa_printf(MSG_DEBUG, "nl80211: Event message available");
867 cb = nl_cb_clone(drv->nl_cb);
870 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
871 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv);
872 nl_recvmsgs(drv->nl_handle_event, cb);
878 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
879 * @priv: driver_nl80211 private data
880 * @alpha2_arg: country to which to switch to
881 * Returns: 0 on success, -1 on failure
883 * This asks nl80211 to set the regulatory domain for given
884 * country ISO / IEC alpha2.
886 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
888 struct wpa_driver_nl80211_data *drv = priv;
896 alpha2[0] = alpha2_arg[0];
897 alpha2[1] = alpha2_arg[1];
900 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
901 0, NL80211_CMD_REQ_SET_REG, 0);
903 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
904 if (send_and_recv_msgs(drv, msg, NULL, NULL))
913 struct wiphy_info_data {
917 int connect_supported;
921 static int wiphy_info_handler(struct nl_msg *msg, void *arg)
923 struct nlattr *tb[NL80211_ATTR_MAX + 1];
924 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
925 struct wiphy_info_data *info = arg;
927 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
928 genlmsg_attrlen(gnlh, 0), NULL);
930 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
931 info->max_scan_ssids =
932 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
934 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) {
935 struct nlattr *nl_mode;
937 nla_for_each_nested(nl_mode,
938 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) {
939 if (nl_mode->nla_type == NL80211_IFTYPE_AP) {
940 info->ap_supported = 1;
946 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) {
947 struct nlattr *nl_cmd;
950 nla_for_each_nested(nl_cmd,
951 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) {
952 u32 cmd = nla_get_u32(nl_cmd);
953 if (cmd == NL80211_CMD_AUTHENTICATE)
954 info->auth_supported = 1;
955 else if (cmd == NL80211_CMD_CONNECT)
956 info->connect_supported = 1;
964 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
965 struct wiphy_info_data *info)
969 os_memset(info, 0, sizeof(*info));
974 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
975 0, NL80211_CMD_GET_WIPHY, 0);
977 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
979 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0)
988 static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
990 struct wiphy_info_data info;
991 if (wpa_driver_nl80211_get_info(drv, &info))
993 drv->has_capability = 1;
994 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
995 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
996 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
997 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
998 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
999 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
1000 WPA_DRIVER_CAPA_ENC_WEP104 |
1001 WPA_DRIVER_CAPA_ENC_TKIP |
1002 WPA_DRIVER_CAPA_ENC_CCMP;
1003 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1004 WPA_DRIVER_AUTH_SHARED |
1005 WPA_DRIVER_AUTH_LEAP;
1007 drv->capa.max_scan_ssids = info.max_scan_ssids;
1008 if (info.ap_supported)
1009 drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
1011 if (info.auth_supported)
1012 drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
1013 else if (!info.connect_supported) {
1014 wpa_printf(MSG_INFO, "nl80211: Driver does not support "
1015 "authentication/association or connect commands");
1019 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE;
1023 #endif /* HOSTAPD */
1026 static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv,
1031 /* Initialize generic netlink and nl80211 */
1033 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1034 if (drv->nl_cb == NULL) {
1035 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1040 drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb);
1041 if (drv->nl_handle == NULL) {
1042 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1047 drv->nl_handle_event = nl_handle_alloc_cb(drv->nl_cb);
1048 if (drv->nl_handle_event == NULL) {
1049 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1050 "callbacks (event)");
1054 if (genl_connect(drv->nl_handle)) {
1055 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1060 if (genl_connect(drv->nl_handle_event)) {
1061 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1066 #ifdef CONFIG_LIBNL20
1067 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) {
1068 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1072 if (genl_ctrl_alloc_cache(drv->nl_handle_event, &drv->nl_cache_event) <
1074 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1075 "netlink cache (event)");
1078 #else /* CONFIG_LIBNL20 */
1079 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
1080 if (drv->nl_cache == NULL) {
1081 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1085 drv->nl_cache_event = genl_ctrl_alloc_cache(drv->nl_handle_event);
1086 if (drv->nl_cache_event == NULL) {
1087 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1088 "netlink cache (event)");
1091 #endif /* CONFIG_LIBNL20 */
1093 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
1094 if (drv->nl80211 == NULL) {
1095 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
1100 ret = nl_get_multicast_id(drv, "nl80211", "scan");
1102 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1104 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1105 "membership for scan events: %d (%s)",
1106 ret, strerror(-ret));
1110 ret = nl_get_multicast_id(drv, "nl80211", "mlme");
1112 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1114 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1115 "membership for mlme events: %d (%s)",
1116 ret, strerror(-ret));
1120 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_event),
1121 wpa_driver_nl80211_event_receive, drv, ctx);
1126 nl_cache_free(drv->nl_cache_event);
1128 nl_cache_free(drv->nl_cache);
1130 nl_handle_destroy(drv->nl_handle_event);
1132 nl_handle_destroy(drv->nl_handle);
1134 nl_cb_put(drv->nl_cb);
1141 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
1142 * @ctx: context to be used when calling wpa_supplicant functions,
1143 * e.g., wpa_supplicant_event()
1144 * @ifname: interface name, e.g., wlan0
1145 * Returns: Pointer to private data, %NULL on failure
1147 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname)
1149 struct wpa_driver_nl80211_data *drv;
1150 struct netlink_config *cfg;
1152 drv = os_zalloc(sizeof(*drv));
1156 os_strlcpy(drv->ifname, ifname, sizeof(drv->ifname));
1157 drv->monitor_ifidx = -1;
1158 drv->monitor_sock = -1;
1159 drv->ioctl_sock = -1;
1161 if (wpa_driver_nl80211_init_nl(drv, ctx)) {
1166 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1167 if (drv->ioctl_sock < 0) {
1168 perror("socket(PF_INET,SOCK_DGRAM)");
1172 cfg = os_zalloc(sizeof(*cfg));
1176 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
1177 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
1178 drv->netlink = netlink_init(cfg);
1179 if (drv->netlink == NULL) {
1183 if (wpa_driver_nl80211_finish_drv_init(drv))
1189 netlink_deinit(drv->netlink);
1190 if (drv->ioctl_sock >= 0)
1191 close(drv->ioctl_sock);
1193 genl_family_put(drv->nl80211);
1194 nl_cache_free(drv->nl_cache);
1195 nl_handle_destroy(drv->nl_handle);
1196 nl_cb_put(drv->nl_cb);
1204 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
1206 drv->ifindex = if_nametoindex(drv->ifname);
1209 if (wpa_driver_nl80211_set_mode(drv, IEEE80211_MODE_INFRA) < 0) {
1210 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to "
1211 "use managed mode");
1214 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1)) {
1215 wpa_printf(MSG_ERROR, "Could not set interface '%s' UP",
1220 if (wpa_driver_nl80211_capa(drv))
1223 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
1224 1, IF_OPER_DORMANT);
1225 #endif /* HOSTAPD */
1232 static void wpa_driver_nl80211_free_bss(struct wpa_driver_nl80211_data *drv)
1234 struct i802_bss *bss, *prev;
1235 bss = drv->bss.next;
1242 #endif /* HOSTAPD */
1245 static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
1249 msg = nlmsg_alloc();
1253 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1254 0, NL80211_CMD_DEL_BEACON, 0);
1255 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1257 return send_and_recv_msgs(drv, msg, NULL, NULL);
1264 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
1265 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init()
1267 * Shut down driver interface and processing of driver events. Free
1268 * private data buffer if one was allocated in wpa_driver_nl80211_init().
1270 static void wpa_driver_nl80211_deinit(void *priv)
1272 struct wpa_driver_nl80211_data *drv = priv;
1274 nl80211_remove_monitor_interface(drv);
1276 if (drv->nlmode == NL80211_IFTYPE_AP)
1277 wpa_driver_nl80211_del_beacon(drv);
1280 if (drv->last_freq_ht) {
1281 /* Clear HT flags from the driver */
1282 struct hostapd_freq_params freq;
1283 os_memset(&freq, 0, sizeof(freq));
1284 freq.freq = drv->last_freq;
1285 i802_set_freq(priv, &freq);
1288 if (drv->eapol_sock >= 0) {
1289 eloop_unregister_read_sock(drv->eapol_sock);
1290 close(drv->eapol_sock);
1293 if (drv->if_indices != drv->default_if_indices)
1294 os_free(drv->if_indices);
1296 wpa_driver_nl80211_free_bss(drv);
1297 #endif /* HOSTAPD */
1299 if (drv->disable_11b_rates)
1300 nl80211_disable_11b_rates(drv, drv->ifindex, 0);
1302 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP);
1303 netlink_deinit(drv->netlink);
1305 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1307 (void) linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0);
1308 wpa_driver_nl80211_set_mode(drv, IEEE80211_MODE_INFRA);
1310 if (drv->ioctl_sock >= 0)
1311 close(drv->ioctl_sock);
1313 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event));
1314 genl_family_put(drv->nl80211);
1315 nl_cache_free(drv->nl_cache);
1316 nl_cache_free(drv->nl_cache_event);
1317 nl_handle_destroy(drv->nl_handle);
1318 nl_handle_destroy(drv->nl_handle_event);
1319 nl_cb_put(drv->nl_cb);
1321 eloop_cancel_timeout(wpa_driver_nl80211_probe_req_report_timeout,
1329 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
1330 * @eloop_ctx: Driver private data
1331 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
1333 * This function can be used as registered timeout when starting a scan to
1334 * generate a scan completed event if the driver does not report this.
1336 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1338 struct wpa_driver_nl80211_data *drv = eloop_ctx;
1339 if (drv->ap_scan_as_station) {
1340 wpa_driver_nl80211_set_mode(drv, IEEE80211_MODE_AP);
1341 drv->ap_scan_as_station = 0;
1343 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1344 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1349 * wpa_driver_nl80211_scan - Request the driver to initiate scan
1350 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
1351 * @params: Scan parameters
1352 * Returns: 0 on success, -1 on failure
1354 static int wpa_driver_nl80211_scan(void *priv,
1355 struct wpa_driver_scan_params *params)
1357 struct wpa_driver_nl80211_data *drv = priv;
1358 int ret = 0, timeout;
1359 struct nl_msg *msg, *ssids, *freqs;
1362 msg = nlmsg_alloc();
1363 ssids = nlmsg_alloc();
1364 freqs = nlmsg_alloc();
1365 if (!msg || !ssids || !freqs) {
1372 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1373 NL80211_CMD_TRIGGER_SCAN, 0);
1375 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1377 for (i = 0; i < params->num_ssids; i++) {
1378 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
1379 params->ssids[i].ssid);
1381 if (params->num_ssids)
1382 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
1384 if (params->extra_ies) {
1385 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
1389 if (params->freqs) {
1390 for (i = 0; params->freqs[i]; i++)
1391 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
1392 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
1395 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1398 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
1399 "(%s)", ret, strerror(-ret));
1401 if (drv->nlmode == NL80211_IFTYPE_AP) {
1403 * mac80211 does not allow scan requests in AP mode, so
1404 * try to do this in station mode.
1406 if (wpa_driver_nl80211_set_mode(drv,
1407 IEEE80211_MODE_INFRA))
1408 goto nla_put_failure;
1410 if (wpa_driver_nl80211_scan(drv, params)) {
1411 wpa_driver_nl80211_set_mode(drv,
1413 goto nla_put_failure;
1416 /* Restore AP mode when processing scan results */
1417 drv->ap_scan_as_station = 1;
1420 goto nla_put_failure;
1422 goto nla_put_failure;
1423 #endif /* HOSTAPD */
1426 /* Not all drivers generate "scan completed" wireless event, so try to
1427 * read results after a timeout. */
1429 if (drv->scan_complete_events) {
1431 * The driver seems to deliver events to notify when scan is
1432 * complete, so use longer timeout to avoid race conditions
1433 * with scanning and following association request.
1437 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1438 "seconds", ret, timeout);
1439 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1440 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
1451 static int bss_info_handler(struct nl_msg *msg, void *arg)
1453 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1454 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1455 struct nlattr *bss[NL80211_BSS_MAX + 1];
1456 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
1457 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
1458 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
1459 [NL80211_BSS_TSF] = { .type = NLA_U64 },
1460 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
1461 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
1462 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
1463 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
1464 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
1465 [NL80211_BSS_STATUS] = { .type = NLA_U32 },
1466 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
1468 struct wpa_scan_results *res = arg;
1469 struct wpa_scan_res **tmp;
1470 struct wpa_scan_res *r;
1474 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1475 genlmsg_attrlen(gnlh, 0), NULL);
1476 if (!tb[NL80211_ATTR_BSS])
1478 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
1481 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
1482 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1483 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1489 r = os_zalloc(sizeof(*r) + ie_len);
1492 if (bss[NL80211_BSS_BSSID])
1493 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
1495 if (bss[NL80211_BSS_FREQUENCY])
1496 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
1497 if (bss[NL80211_BSS_BEACON_INTERVAL])
1498 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
1499 if (bss[NL80211_BSS_CAPABILITY])
1500 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
1501 r->flags |= WPA_SCAN_NOISE_INVALID;
1502 if (bss[NL80211_BSS_SIGNAL_MBM]) {
1503 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
1504 r->level /= 100; /* mBm to dBm */
1505 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
1506 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
1507 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
1508 r->flags |= WPA_SCAN_LEVEL_INVALID;
1510 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
1511 if (bss[NL80211_BSS_TSF])
1512 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
1513 if (bss[NL80211_BSS_SEEN_MS_AGO])
1514 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
1517 os_memcpy(r + 1, ie, ie_len);
1519 if (bss[NL80211_BSS_STATUS]) {
1520 enum nl80211_bss_status status;
1521 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
1523 case NL80211_BSS_STATUS_AUTHENTICATED:
1524 r->flags |= WPA_SCAN_AUTHENTICATED;
1526 case NL80211_BSS_STATUS_ASSOCIATED:
1527 r->flags |= WPA_SCAN_ASSOCIATED;
1534 tmp = os_realloc(res->res,
1535 (res->num + 1) * sizeof(struct wpa_scan_res *));
1540 tmp[res->num++] = r;
1547 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
1550 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1551 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
1553 wpa_driver_nl80211_mlme(drv, addr,
1554 NL80211_CMD_DEAUTHENTICATE,
1555 WLAN_REASON_PREV_AUTH_NOT_VALID);
1560 static void wpa_driver_nl80211_check_bss_status(
1561 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
1565 for (i = 0; i < res->num; i++) {
1566 struct wpa_scan_res *r = res->res[i];
1567 if (r->flags & WPA_SCAN_AUTHENTICATED) {
1568 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
1569 "indicates BSS status with " MACSTR
1570 " as authenticated",
1572 if (drv->nlmode == NL80211_IFTYPE_STATION &&
1573 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 &&
1574 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) !=
1576 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID"
1577 " in local state (auth=" MACSTR
1578 " assoc=" MACSTR ")",
1579 MAC2STR(drv->auth_bssid),
1580 MAC2STR(drv->bssid));
1584 if (r->flags & WPA_SCAN_ASSOCIATED) {
1585 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
1586 "indicate BSS status with " MACSTR
1589 if (drv->nlmode == NL80211_IFTYPE_STATION &&
1591 wpa_printf(MSG_DEBUG, "nl80211: Local state "
1592 "(not associated) does not match "
1594 clear_state_mismatch(drv, r->bssid);
1595 } else if (drv->nlmode == NL80211_IFTYPE_STATION &&
1596 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) !=
1598 wpa_printf(MSG_DEBUG, "nl80211: Local state "
1599 "(associated with " MACSTR ") does "
1600 "not match with BSS state",
1601 MAC2STR(drv->bssid));
1602 clear_state_mismatch(drv, r->bssid);
1603 clear_state_mismatch(drv, drv->bssid);
1610 static void wpa_scan_results_free(struct wpa_scan_results *res)
1617 for (i = 0; i < res->num; i++)
1618 os_free(res->res[i]);
1625 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
1626 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
1627 * Returns: Scan results on success, -1 on failure
1629 static struct wpa_scan_results *
1630 wpa_driver_nl80211_get_scan_results(void *priv)
1632 struct wpa_driver_nl80211_data *drv = priv;
1634 struct wpa_scan_results *res;
1637 res = os_zalloc(sizeof(*res));
1640 msg = nlmsg_alloc();
1642 goto nla_put_failure;
1644 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP,
1645 NL80211_CMD_GET_SCAN, 0);
1646 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1648 ret = send_and_recv_msgs(drv, msg, bss_info_handler, res);
1651 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)",
1652 (unsigned long) res->num);
1653 wpa_driver_nl80211_check_bss_status(drv, res);
1656 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1657 "(%s)", ret, strerror(-ret));
1660 wpa_scan_results_free(res);
1665 static int wpa_driver_nl80211_set_key(const char *ifname, void *priv,
1666 enum wpa_alg alg, const u8 *addr,
1667 int key_idx, int set_tx,
1668 const u8 *seq, size_t seq_len,
1669 const u8 *key, size_t key_len)
1671 struct wpa_driver_nl80211_data *drv = priv;
1672 int ifindex = if_nametoindex(ifname);
1676 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d "
1677 "set_tx=%d seq_len=%lu key_len=%lu",
1678 __func__, ifindex, alg, addr, key_idx, set_tx,
1679 (unsigned long) seq_len, (unsigned long) key_len);
1681 msg = nlmsg_alloc();
1685 if (alg == WPA_ALG_NONE) {
1686 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1687 0, NL80211_CMD_DEL_KEY, 0);
1689 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1690 0, NL80211_CMD_NEW_KEY, 0);
1691 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
1695 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
1696 WLAN_CIPHER_SUITE_WEP40);
1698 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
1699 WLAN_CIPHER_SUITE_WEP104);
1702 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
1703 WLAN_CIPHER_SUITE_TKIP);
1706 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
1707 WLAN_CIPHER_SUITE_CCMP);
1710 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
1711 WLAN_CIPHER_SUITE_AES_CMAC);
1714 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
1715 "algorithm %d", __func__, alg);
1722 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
1724 if (addr && os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
1726 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
1727 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
1729 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1730 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
1732 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1733 if (ret == -ENOENT && alg == WPA_ALG_NONE)
1736 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
1737 ret, strerror(-ret));
1740 * If we failed or don't need to set the default TX key (below),
1743 if (ret || !set_tx || alg == WPA_ALG_NONE)
1745 #ifdef HOSTAPD /* FIX: is this needed? */
1748 #endif /* HOSTAPD */
1750 msg = nlmsg_alloc();
1754 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1755 0, NL80211_CMD_SET_KEY, 0);
1756 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1757 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
1758 if (alg == WPA_ALG_IGTK)
1759 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
1761 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
1763 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1767 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
1768 "err=%d %s)", ret, strerror(-ret));
1776 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
1777 int key_idx, int defkey,
1778 const u8 *seq, size_t seq_len,
1779 const u8 *key, size_t key_len)
1781 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
1785 if (defkey && alg == WPA_ALG_IGTK)
1786 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT);
1788 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
1790 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx);
1795 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
1796 WLAN_CIPHER_SUITE_WEP40);
1798 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
1799 WLAN_CIPHER_SUITE_WEP104);
1802 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP);
1805 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP);
1808 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
1809 WLAN_CIPHER_SUITE_AES_CMAC);
1812 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
1813 "algorithm %d", __func__, alg);
1818 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq);
1820 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key);
1822 nla_nest_end(msg, key_attr);
1830 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
1834 struct nlattr *nl_keys, *nl_key;
1836 for (i = 0; i < 4; i++) {
1837 if (!params->wep_key[i])
1845 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
1847 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
1849 goto nla_put_failure;
1851 for (i = 0; i < 4; i++) {
1852 if (!params->wep_key[i])
1855 nl_key = nla_nest_start(msg, i);
1857 goto nla_put_failure;
1859 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i],
1860 params->wep_key[i]);
1861 if (params->wep_key_len[i] == 5)
1862 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
1863 WLAN_CIPHER_SUITE_WEP40);
1865 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
1866 WLAN_CIPHER_SUITE_WEP104);
1868 NLA_PUT_U8(msg, NL80211_KEY_IDX, i);
1870 if (i == params->wep_tx_keyidx)
1871 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
1873 nla_nest_end(msg, nl_key);
1875 nla_nest_end(msg, nl_keys);
1884 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
1885 const u8 *addr, int cmd, u16 reason_code)
1890 msg = nlmsg_alloc();
1894 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0);
1896 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1897 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
1898 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
1900 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1903 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
1904 "(%s)", ret, strerror(-ret));
1905 goto nla_put_failure;
1915 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
1916 const u8 *addr, int reason_code)
1918 wpa_printf(MSG_DEBUG, "%s", __func__);
1919 drv->associated = 0;
1920 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT,
1925 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
1928 struct wpa_driver_nl80211_data *drv = priv;
1929 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
1930 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
1931 wpa_printf(MSG_DEBUG, "%s", __func__);
1932 drv->associated = 0;
1933 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
1938 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
1941 struct wpa_driver_nl80211_data *drv = priv;
1942 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
1943 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
1944 wpa_printf(MSG_DEBUG, "%s", __func__);
1945 drv->associated = 0;
1946 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE,
1951 static int wpa_driver_nl80211_authenticate(
1952 void *priv, struct wpa_driver_auth_params *params)
1954 struct wpa_driver_nl80211_data *drv = priv;
1957 enum nl80211_auth_type type;
1960 drv->associated = 0;
1961 os_memset(drv->auth_bssid, 0, ETH_ALEN);
1962 /* FIX: IBSS mode */
1963 if (drv->nlmode != NL80211_IFTYPE_STATION)
1964 wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA);
1966 if (wpa_driver_nl80211_set_mode(drv, IEEE80211_MODE_INFRA) < 0)
1970 msg = nlmsg_alloc();
1974 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
1977 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1978 NL80211_CMD_AUTHENTICATE, 0);
1980 for (i = 0; i < 4; i++) {
1981 if (!params->wep_key[i])
1983 wpa_driver_nl80211_set_key(drv->ifname, drv, WPA_ALG_WEP, NULL,
1985 i == params->wep_tx_keyidx, NULL, 0,
1987 params->wep_key_len[i]);
1988 if (params->wep_tx_keyidx != i)
1990 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
1991 params->wep_key[i], params->wep_key_len[i])) {
1997 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1998 if (params->bssid) {
1999 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
2000 MAC2STR(params->bssid));
2001 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
2004 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
2005 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
2008 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
2009 params->ssid, params->ssid_len);
2010 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
2013 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
2015 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
2017 * TODO: if multiple auth_alg options enabled, try them one by one if
2018 * the AP rejects authentication due to unknown auth alg
2020 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
2021 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
2022 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
2023 type = NL80211_AUTHTYPE_SHARED_KEY;
2024 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
2025 type = NL80211_AUTHTYPE_NETWORK_EAP;
2026 else if (params->auth_alg & WPA_AUTH_ALG_FT)
2027 type = NL80211_AUTHTYPE_FT;
2029 goto nla_put_failure;
2030 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
2031 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
2033 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2036 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
2037 "(%s)", ret, strerror(-ret));
2039 if (ret == -EALREADY && count == 1 && params->bssid) {
2041 * mac80211 does not currently accept new
2042 * authentication if we are already authenticated. As a
2043 * workaround, force deauthentication and try again.
2045 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
2046 "after forced deauthentication");
2047 wpa_driver_nl80211_deauthenticate(
2049 WLAN_REASON_PREV_AUTH_NOT_VALID);
2053 goto nla_put_failure;
2056 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
2065 struct phy_info_arg {
2067 struct hostapd_hw_modes *modes;
2070 static int phy_info_handler(struct nl_msg *msg, void *arg)
2072 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
2073 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2074 struct phy_info_arg *phy_info = arg;
2076 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
2078 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
2079 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
2080 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
2081 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
2082 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
2083 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
2084 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
2085 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
2088 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
2089 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
2090 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
2091 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
2094 struct nlattr *nl_band;
2095 struct nlattr *nl_freq;
2096 struct nlattr *nl_rate;
2097 int rem_band, rem_freq, rem_rate;
2098 struct hostapd_hw_modes *mode;
2099 int idx, mode_is_set;
2101 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2102 genlmsg_attrlen(gnlh, 0), NULL);
2104 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
2107 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
2108 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
2111 phy_info->modes = mode;
2115 mode = &phy_info->modes[*(phy_info->num_modes)];
2116 memset(mode, 0, sizeof(*mode));
2117 *(phy_info->num_modes) += 1;
2119 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
2120 nla_len(nl_band), NULL);
2122 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) {
2123 mode->ht_capab = nla_get_u16(
2124 tb_band[NL80211_BAND_ATTR_HT_CAPA]);
2127 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) {
2128 mode->a_mpdu_params |= nla_get_u8(
2129 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) &
2133 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) {
2134 mode->a_mpdu_params |= nla_get_u8(
2135 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) <<
2139 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] &&
2140 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) {
2142 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]);
2143 os_memcpy(mode->mcs_set, mcs, 16);
2146 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
2147 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
2148 nla_len(nl_freq), freq_policy);
2149 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
2151 mode->num_channels++;
2154 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data));
2155 if (!mode->channels)
2160 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
2161 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
2162 nla_len(nl_freq), freq_policy);
2163 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
2166 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
2167 mode->channels[idx].flag = 0;
2170 /* crude heuristic */
2171 if (mode->channels[idx].freq < 4000)
2172 mode->mode = HOSTAPD_MODE_IEEE80211B;
2174 mode->mode = HOSTAPD_MODE_IEEE80211A;
2178 /* crude heuristic */
2179 if (mode->channels[idx].freq < 4000)
2180 if (mode->channels[idx].freq == 2484)
2181 mode->channels[idx].chan = 14;
2183 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
2185 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
2187 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
2188 mode->channels[idx].flag |=
2189 HOSTAPD_CHAN_DISABLED;
2190 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
2191 mode->channels[idx].flag |=
2192 HOSTAPD_CHAN_PASSIVE_SCAN;
2193 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
2194 mode->channels[idx].flag |=
2195 HOSTAPD_CHAN_NO_IBSS;
2196 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
2197 mode->channels[idx].flag |=
2200 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] &&
2201 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
2202 mode->channels[idx].max_tx_power =
2203 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100;
2208 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
2209 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
2210 nla_len(nl_rate), rate_policy);
2211 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
2216 mode->rates = os_zalloc(mode->num_rates * sizeof(int));
2222 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
2223 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
2224 nla_len(nl_rate), rate_policy);
2225 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
2227 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
2229 /* crude heuristic */
2230 if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
2231 mode->rates[idx] > 200)
2232 mode->mode = HOSTAPD_MODE_IEEE80211G;
2241 static struct hostapd_hw_modes *
2242 wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes)
2245 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
2246 int i, mode11g_idx = -1;
2248 /* If only 802.11g mode is included, use it to construct matching
2249 * 802.11b mode data. */
2251 for (m = 0; m < *num_modes; m++) {
2252 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
2253 return modes; /* 802.11b already included */
2254 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
2258 if (mode11g_idx < 0)
2259 return modes; /* 2.4 GHz band not supported at all */
2261 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes));
2263 return modes; /* Could not add 802.11b mode */
2265 mode = &nmodes[*num_modes];
2266 os_memset(mode, 0, sizeof(*mode));
2270 mode->mode = HOSTAPD_MODE_IEEE80211B;
2272 mode11g = &modes[mode11g_idx];
2273 mode->num_channels = mode11g->num_channels;
2274 mode->channels = os_malloc(mode11g->num_channels *
2275 sizeof(struct hostapd_channel_data));
2276 if (mode->channels == NULL) {
2278 return modes; /* Could not add 802.11b mode */
2280 os_memcpy(mode->channels, mode11g->channels,
2281 mode11g->num_channels * sizeof(struct hostapd_channel_data));
2283 mode->num_rates = 0;
2284 mode->rates = os_malloc(4 * sizeof(int));
2285 if (mode->rates == NULL) {
2286 os_free(mode->channels);
2288 return modes; /* Could not add 802.11b mode */
2291 for (i = 0; i < mode11g->num_rates; i++) {
2292 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 &&
2293 mode11g->rates[i] != 55 && mode11g->rates[i] != 110)
2295 mode->rates[mode->num_rates] = mode11g->rates[i];
2297 if (mode->num_rates == 4)
2301 if (mode->num_rates == 0) {
2302 os_free(mode->channels);
2303 os_free(mode->rates);
2305 return modes; /* No 802.11b rates */
2308 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
2315 static struct hostapd_hw_modes *
2316 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
2318 struct wpa_driver_nl80211_data *drv = priv;
2320 struct phy_info_arg result = {
2321 .num_modes = num_modes,
2328 msg = nlmsg_alloc();
2332 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2333 0, NL80211_CMD_GET_WIPHY, 0);
2335 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2337 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0)
2338 return wpa_driver_nl80211_add_11b(result.modes, num_modes);
2344 static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv,
2345 const void *data, size_t len,
2349 0x00, 0x00, /* radiotap version */
2350 0x0e, 0x00, /* radiotap length */
2351 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
2352 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
2354 0x00, 0x00, /* RX and TX flags to indicate that */
2355 0x00, 0x00, /* this is the injected frame directly */
2357 struct iovec iov[2] = {
2359 .iov_base = &rtap_hdr,
2360 .iov_len = sizeof(rtap_hdr),
2363 .iov_base = (void *) data,
2367 struct msghdr msg = {
2372 .msg_control = NULL,
2373 .msg_controllen = 0,
2378 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
2380 return sendmsg(drv->monitor_sock, &msg, 0);
2384 static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data,
2387 struct wpa_driver_nl80211_data *drv = priv;
2388 struct ieee80211_mgmt *mgmt;
2392 mgmt = (struct ieee80211_mgmt *) data;
2393 fc = le_to_host16(mgmt->frame_control);
2395 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
2396 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
2398 * Only one of the authentication frame types is encrypted.
2399 * In order for static WEP encryption to work properly (i.e.,
2400 * to not encrypt the frame), we need to tell mac80211 about
2401 * the frames that must not be encrypted.
2403 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
2404 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
2405 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
2409 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt);
2413 static int wpa_driver_nl80211_set_beacon(const char *ifname, void *priv,
2414 const u8 *head, size_t head_len,
2415 const u8 *tail, size_t tail_len,
2416 int dtim_period, int beacon_int)
2418 struct wpa_driver_nl80211_data *drv = priv;
2420 u8 cmd = NL80211_CMD_NEW_BEACON;
2423 int ifindex = if_nametoindex(ifname);
2425 struct i802_bss *bss;
2427 bss = get_bss(drv, ifindex);
2430 beacon_set = bss->beacon_set;
2432 beacon_set = drv->beacon_set;
2433 #endif /* HOSTAPD */
2435 msg = nlmsg_alloc();
2439 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
2442 cmd = NL80211_CMD_SET_BEACON;
2444 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2446 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
2447 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
2448 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
2449 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, beacon_int);
2450 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period);
2452 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2454 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
2455 ret, strerror(-ret));
2458 bss->beacon_set = 1;
2460 drv->beacon_set = 1;
2461 #endif /* HOSTAPD */
2469 static int wpa_driver_nl80211_set_freq(struct wpa_driver_nl80211_data *drv,
2470 int freq, int ht_enabled,
2471 int sec_channel_offset)
2476 msg = nlmsg_alloc();
2480 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2481 NL80211_CMD_SET_WIPHY, 0);
2483 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2484 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
2486 switch (sec_channel_offset) {
2488 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2489 NL80211_CHAN_HT40MINUS);
2492 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2493 NL80211_CHAN_HT40PLUS);
2496 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2502 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2505 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
2506 "%d (%s)", freq, ret, strerror(-ret));
2512 static int wpa_driver_nl80211_sta_add(const char *ifname, void *priv,
2513 struct hostapd_sta_add_params *params)
2515 struct wpa_driver_nl80211_data *drv = priv;
2519 msg = nlmsg_alloc();
2523 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2524 0, NL80211_CMD_NEW_STATION, 0);
2526 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(ifname));
2527 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
2528 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
2529 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
2530 params->supp_rates);
2531 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
2532 params->listen_interval);
2533 if (params->ht_capabilities) {
2534 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
2535 sizeof(*params->ht_capabilities),
2536 params->ht_capabilities);
2539 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2541 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION "
2542 "result: %d (%s)", ret, strerror(-ret));
2550 static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr)
2552 struct wpa_driver_nl80211_data *drv = priv;
2556 msg = nlmsg_alloc();
2560 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2561 0, NL80211_CMD_DEL_STATION, 0);
2563 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
2564 if_nametoindex(drv->ifname));
2565 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
2567 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2576 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
2581 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
2584 /* stop listening for EAPOL on this interface */
2585 del_ifidx(drv, ifidx);
2586 #endif /* HOSTAPD */
2588 msg = nlmsg_alloc();
2590 goto nla_put_failure;
2592 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2593 0, NL80211_CMD_DEL_INTERFACE, 0);
2594 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
2596 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
2599 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d).\n",
2604 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
2606 enum nl80211_iftype iftype,
2607 const u8 *addr, int wds)
2609 struct nl_msg *msg, *flags = NULL;
2613 msg = nlmsg_alloc();
2617 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2618 0, NL80211_CMD_NEW_INTERFACE, 0);
2619 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2620 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
2621 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
2623 if (iftype == NL80211_IFTYPE_MONITOR) {
2626 flags = nlmsg_alloc();
2628 goto nla_put_failure;
2630 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
2632 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
2637 goto nla_put_failure;
2639 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds);
2642 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2645 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
2646 ifname, ret, strerror(-ret));
2650 ifidx = if_nametoindex(ifname);
2651 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
2658 /* start listening for EAPOL on this interface */
2659 add_ifidx(drv, ifidx);
2660 #endif /* HOSTAPD */
2662 if (addr && iftype != NL80211_IFTYPE_MONITOR &&
2663 linux_set_ifhwaddr(drv->ioctl_sock, ifname, addr)) {
2664 nl80211_remove_iface(drv, ifidx);
2672 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
2673 const char *ifname, enum nl80211_iftype iftype,
2674 const u8 *addr, int wds)
2678 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds);
2680 /* if error occured and interface exists already */
2681 if (ret == -ENFILE && if_nametoindex(ifname)) {
2682 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
2684 /* Try to remove the interface that was already there. */
2685 nl80211_remove_iface(drv, if_nametoindex(ifname));
2687 /* Try to create the interface again */
2688 ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
2692 if (ret >= 0 && drv->disable_11b_rates)
2693 nl80211_disable_11b_rates(drv, ret, 1);
2699 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
2701 struct ieee80211_hdr *hdr;
2703 union wpa_event_data event;
2705 hdr = (struct ieee80211_hdr *) buf;
2706 fc = le_to_host16(hdr->frame_control);
2708 os_memset(&event, 0, sizeof(event));
2709 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
2710 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
2711 event.tx_status.dst = hdr->addr1;
2712 event.tx_status.data = buf;
2713 event.tx_status.data_len = len;
2714 event.tx_status.ack = ok;
2715 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event);
2719 static void from_unknown_sta(struct wpa_driver_nl80211_data *drv,
2720 u8 *buf, size_t len)
2722 union wpa_event_data event;
2723 os_memset(&event, 0, sizeof(event));
2724 event.rx_from_unknown.frame = buf;
2725 event.rx_from_unknown.len = len;
2726 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
2730 static void handle_frame(struct wpa_driver_nl80211_data *drv,
2731 u8 *buf, size_t len, int datarate, int ssi_signal)
2733 struct ieee80211_hdr *hdr;
2735 union wpa_event_data event;
2737 hdr = (struct ieee80211_hdr *) buf;
2738 fc = le_to_host16(hdr->frame_control);
2740 switch (WLAN_FC_GET_TYPE(fc)) {
2741 case WLAN_FC_TYPE_MGMT:
2742 os_memset(&event, 0, sizeof(event));
2743 event.rx_mgmt.frame = buf;
2744 event.rx_mgmt.frame_len = len;
2745 event.rx_mgmt.datarate = datarate;
2746 event.rx_mgmt.ssi_signal = ssi_signal;
2747 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
2749 case WLAN_FC_TYPE_CTRL:
2750 /* can only get here with PS-Poll frames */
2751 wpa_printf(MSG_DEBUG, "CTRL");
2752 from_unknown_sta(drv, buf, len);
2754 case WLAN_FC_TYPE_DATA:
2755 from_unknown_sta(drv, buf, len);
2761 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
2763 struct wpa_driver_nl80211_data *drv = eloop_ctx;
2765 unsigned char buf[3000];
2766 struct ieee80211_radiotap_iterator iter;
2768 int datarate = 0, ssi_signal = 0;
2769 int injected = 0, failed = 0, rxflags = 0;
2771 len = recv(sock, buf, sizeof(buf), 0);
2777 if (drv->nlmode == NL80211_IFTYPE_STATION && !drv->probe_req_report) {
2778 wpa_printf(MSG_DEBUG, "nl80211: Ignore monitor interface "
2779 "frame since Probe Request reporting is disabled");
2783 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
2784 printf("received invalid radiotap frame\n");
2789 ret = ieee80211_radiotap_iterator_next(&iter);
2793 printf("received invalid radiotap frame (%d)\n", ret);
2796 switch (iter.this_arg_index) {
2797 case IEEE80211_RADIOTAP_FLAGS:
2798 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
2801 case IEEE80211_RADIOTAP_RX_FLAGS:
2804 case IEEE80211_RADIOTAP_TX_FLAGS:
2806 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
2807 IEEE80211_RADIOTAP_F_TX_FAIL;
2809 case IEEE80211_RADIOTAP_DATA_RETRIES:
2811 case IEEE80211_RADIOTAP_CHANNEL:
2812 /* TODO: convert from freq/flags to channel number */
2814 case IEEE80211_RADIOTAP_RATE:
2815 datarate = *iter.this_arg * 5;
2817 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
2818 ssi_signal = *iter.this_arg;
2823 if (rxflags && injected)
2827 handle_frame(drv, buf + iter.max_length,
2828 len - iter.max_length, datarate, ssi_signal);
2830 handle_tx_callback(drv->ctx, buf + iter.max_length,
2831 len - iter.max_length, !failed);
2836 * we post-process the filter code later and rewrite
2837 * this to the offset to the last instruction
2842 static struct sock_filter msock_filter_insns[] = {
2844 * do a little-endian load of the radiotap length field
2846 /* load lower byte into A */
2847 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
2848 /* put it into X (== index register) */
2849 BPF_STMT(BPF_MISC| BPF_TAX, 0),
2850 /* load upper byte into A */
2851 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
2852 /* left-shift it by 8 */
2853 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
2855 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
2856 /* put result into X */
2857 BPF_STMT(BPF_MISC| BPF_TAX, 0),
2860 * Allow management frames through, this also gives us those
2861 * management frames that we sent ourselves with status
2863 /* load the lower byte of the IEEE 802.11 frame control field */
2864 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2865 /* mask off frame type and version */
2866 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
2867 /* accept frame if it's both 0, fall through otherwise */
2868 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
2871 * TODO: add a bit to radiotap RX flags that indicates
2872 * that the sending station is not associated, then
2873 * add a filter here that filters on our DA and that flag
2874 * to allow us to deauth frames to that bad station.
2876 * Not a regression -- we didn't do it before either.
2881 * drop non-data frames
2883 /* load the lower byte of the frame control field */
2884 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2885 /* mask off QoS bit */
2886 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
2887 /* drop non-data frames */
2888 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
2890 /* load the upper byte of the frame control field */
2891 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1),
2892 /* mask off toDS/fromDS */
2893 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
2894 /* accept WDS frames */
2895 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0),
2898 * add header length to index
2900 /* load the lower byte of the frame control field */
2901 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
2902 /* mask off QoS bit */
2903 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
2904 /* right shift it by 6 to give 0 or 2 */
2905 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
2906 /* add data frame header length */
2907 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
2908 /* add index, was start of 802.11 header */
2909 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
2910 /* move to index, now start of LL header */
2911 BPF_STMT(BPF_MISC | BPF_TAX, 0),
2914 * Accept empty data frames, we use those for
2917 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
2918 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
2921 * Accept EAPOL frames
2923 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
2924 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
2925 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
2926 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
2928 /* keep these last two statements or change the code below */
2929 /* return 0 == "DROP" */
2930 BPF_STMT(BPF_RET | BPF_K, 0),
2931 /* return ~0 == "keep all" */
2932 BPF_STMT(BPF_RET | BPF_K, ~0),
2935 static struct sock_fprog msock_filter = {
2936 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
2937 .filter = msock_filter_insns,
2941 static int add_monitor_filter(int s)
2945 /* rewrite all PASS/FAIL jump offsets */
2946 for (idx = 0; idx < msock_filter.len; idx++) {
2947 struct sock_filter *insn = &msock_filter_insns[idx];
2949 if (BPF_CLASS(insn->code) == BPF_JMP) {
2950 if (insn->code == (BPF_JMP|BPF_JA)) {
2951 if (insn->k == PASS)
2952 insn->k = msock_filter.len - idx - 2;
2953 else if (insn->k == FAIL)
2954 insn->k = msock_filter.len - idx - 3;
2957 if (insn->jt == PASS)
2958 insn->jt = msock_filter.len - idx - 2;
2959 else if (insn->jt == FAIL)
2960 insn->jt = msock_filter.len - idx - 3;
2962 if (insn->jf == PASS)
2963 insn->jf = msock_filter.len - idx - 2;
2964 else if (insn->jf == FAIL)
2965 insn->jf = msock_filter.len - idx - 3;
2969 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
2970 &msock_filter, sizeof(msock_filter))) {
2971 perror("SO_ATTACH_FILTER");
2979 static void nl80211_remove_monitor_interface(
2980 struct wpa_driver_nl80211_data *drv)
2982 if (drv->monitor_ifidx >= 0) {
2983 nl80211_remove_iface(drv, drv->monitor_ifidx);
2984 drv->monitor_ifidx = -1;
2986 if (drv->monitor_sock >= 0) {
2987 eloop_unregister_read_sock(drv->monitor_sock);
2988 close(drv->monitor_sock);
2989 drv->monitor_sock = -1;
2995 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
2998 struct sockaddr_ll ll;
3002 snprintf(buf, IFNAMSIZ, "mon.%s", drv->ifname);
3003 buf[IFNAMSIZ - 1] = '\0';
3005 drv->monitor_ifidx =
3006 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL,
3009 if (drv->monitor_ifidx < 0)
3012 if (linux_set_iface_flags(drv->ioctl_sock, buf, 1))
3015 memset(&ll, 0, sizeof(ll));
3016 ll.sll_family = AF_PACKET;
3017 ll.sll_ifindex = drv->monitor_ifidx;
3018 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
3019 if (drv->monitor_sock < 0) {
3020 perror("socket[PF_PACKET,SOCK_RAW]");
3024 if (add_monitor_filter(drv->monitor_sock)) {
3025 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
3026 "interface; do filtering in user space");
3027 /* This works, but will cost in performance. */
3030 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
3031 perror("monitor socket bind");
3035 optlen = sizeof(optval);
3038 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
3039 perror("Failed to set socket priority");
3043 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
3045 printf("Could not register monitor read socket\n");
3051 nl80211_remove_monitor_interface(drv);
3056 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
3058 static int wpa_driver_nl80211_hapd_send_eapol(
3059 void *priv, const u8 *addr, const u8 *data,
3060 size_t data_len, int encrypt, const u8 *own_addr)
3062 struct wpa_driver_nl80211_data *drv = priv;
3063 struct ieee80211_hdr *hdr;
3068 int qos = sta->flags & WPA_STA_WMM;
3073 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
3075 hdr = os_zalloc(len);
3077 printf("malloc() failed for i802_send_data(len=%lu)\n",
3078 (unsigned long) len);
3082 hdr->frame_control =
3083 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
3084 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
3086 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
3087 #if 0 /* To be enabled if qos determination is added above */
3089 hdr->frame_control |=
3090 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
3094 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
3095 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
3096 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
3097 pos = (u8 *) (hdr + 1);
3099 #if 0 /* To be enabled if qos determination is added above */
3101 /* add an empty QoS header if needed */
3108 memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
3109 pos += sizeof(rfc1042_header);
3110 WPA_PUT_BE16(pos, ETH_P_PAE);
3112 memcpy(pos, data, data_len);
3114 res = wpa_driver_nl80211_send_frame(drv, (u8 *) hdr, len, encrypt);
3116 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
3118 (unsigned long) len, errno, strerror(errno));
3126 static u32 sta_flags_nl80211(int flags)
3130 if (flags & WPA_STA_AUTHORIZED)
3131 f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
3132 if (flags & WPA_STA_WMM)
3133 f |= BIT(NL80211_STA_FLAG_WME);
3134 if (flags & WPA_STA_SHORT_PREAMBLE)
3135 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
3136 if (flags & WPA_STA_MFP)
3137 f |= BIT(NL80211_STA_FLAG_MFP);
3143 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
3144 int total_flags, int flags_or,
3147 struct wpa_driver_nl80211_data *drv = priv;
3148 struct nl_msg *msg, *flags = NULL;
3149 struct nl80211_sta_flag_update upd;
3151 msg = nlmsg_alloc();
3155 flags = nlmsg_alloc();
3161 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3162 0, NL80211_CMD_SET_STATION, 0);
3164 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3165 if_nametoindex(drv->ifname));
3166 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3169 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
3170 * can be removed eventually.
3172 if (total_flags & WPA_STA_AUTHORIZED)
3173 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
3175 if (total_flags & WPA_STA_WMM)
3176 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
3178 if (total_flags & WPA_STA_SHORT_PREAMBLE)
3179 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
3181 if (total_flags & WPA_STA_MFP)
3182 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP);
3184 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
3185 goto nla_put_failure;
3187 os_memset(&upd, 0, sizeof(upd));
3188 upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
3189 upd.set = sta_flags_nl80211(flags_or);
3190 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
3194 return send_and_recv_msgs(drv, msg, NULL, NULL);
3201 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
3202 struct wpa_driver_associate_params *params)
3204 if (wpa_driver_nl80211_set_mode(drv, params->mode) ||
3205 wpa_driver_nl80211_set_freq(drv, params->freq, 0, 0)) {
3206 nl80211_remove_monitor_interface(drv);
3210 /* TODO: setup monitor interface (and add code somewhere to remove this
3211 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */
3217 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv)
3222 msg = nlmsg_alloc();
3226 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3227 NL80211_CMD_LEAVE_IBSS, 0);
3228 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3229 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3232 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
3233 "(%s)", ret, strerror(-ret));
3234 goto nla_put_failure;
3238 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully");
3246 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
3247 struct wpa_driver_associate_params *params)
3253 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
3255 if (wpa_driver_nl80211_set_mode(drv, params->mode)) {
3256 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
3262 msg = nlmsg_alloc();
3266 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3267 NL80211_CMD_JOIN_IBSS, 0);
3268 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3270 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
3271 goto nla_put_failure;
3273 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
3274 params->ssid, params->ssid_len);
3275 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
3277 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
3278 drv->ssid_len = params->ssid_len;
3280 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
3281 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
3283 ret = nl80211_set_conn_keys(params, msg);
3285 goto nla_put_failure;
3287 if (params->wpa_ie) {
3288 wpa_hexdump(MSG_DEBUG,
3289 " * Extra IEs for Beacon/Probe Response frames",
3290 params->wpa_ie, params->wpa_ie_len);
3291 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
3295 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3298 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
3299 ret, strerror(-ret));
3301 if (ret == -EALREADY && count == 1) {
3302 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
3304 nl80211_leave_ibss(drv);
3309 goto nla_put_failure;
3312 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully");
3320 static int wpa_driver_nl80211_connect(
3321 struct wpa_driver_nl80211_data *drv,
3322 struct wpa_driver_associate_params *params)
3325 enum nl80211_auth_type type;
3328 msg = nlmsg_alloc();
3332 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
3333 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3334 NL80211_CMD_CONNECT, 0);
3336 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3337 if (params->bssid) {
3338 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
3339 MAC2STR(params->bssid));
3340 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
3343 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
3344 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
3347 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
3348 params->ssid, params->ssid_len);
3349 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
3351 if (params->ssid_len > sizeof(drv->ssid))
3352 goto nla_put_failure;
3353 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
3354 drv->ssid_len = params->ssid_len;
3356 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
3358 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
3361 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
3362 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
3363 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
3364 type = NL80211_AUTHTYPE_SHARED_KEY;
3365 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
3366 type = NL80211_AUTHTYPE_NETWORK_EAP;
3367 else if (params->auth_alg & WPA_AUTH_ALG_FT)
3368 type = NL80211_AUTHTYPE_FT;
3370 goto nla_put_failure;
3372 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
3373 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
3375 if (params->wpa_ie && params->wpa_ie_len) {
3376 enum nl80211_wpa_versions ver;
3378 if (params->wpa_ie[0] == WLAN_EID_RSN)
3379 ver = NL80211_WPA_VERSION_2;
3381 ver = NL80211_WPA_VERSION_1;
3383 wpa_printf(MSG_DEBUG, " * WPA Version %d", ver);
3384 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
3387 if (params->pairwise_suite != CIPHER_NONE) {
3390 switch (params->pairwise_suite) {
3392 cipher = WLAN_CIPHER_SUITE_WEP40;
3395 cipher = WLAN_CIPHER_SUITE_WEP104;
3398 cipher = WLAN_CIPHER_SUITE_CCMP;
3402 cipher = WLAN_CIPHER_SUITE_TKIP;
3405 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
3408 if (params->group_suite != CIPHER_NONE) {
3411 switch (params->group_suite) {
3413 cipher = WLAN_CIPHER_SUITE_WEP40;
3416 cipher = WLAN_CIPHER_SUITE_WEP104;
3419 cipher = WLAN_CIPHER_SUITE_CCMP;
3423 cipher = WLAN_CIPHER_SUITE_TKIP;
3426 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
3429 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
3430 params->key_mgmt_suite == KEY_MGMT_PSK) {
3431 int mgmt = WLAN_AKM_SUITE_PSK;
3433 switch (params->key_mgmt_suite) {
3434 case KEY_MGMT_802_1X:
3435 mgmt = WLAN_AKM_SUITE_8021X;
3439 mgmt = WLAN_AKM_SUITE_PSK;
3442 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt);
3445 ret = nl80211_set_conn_keys(params, msg);
3447 goto nla_put_failure;
3449 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3452 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
3453 "(%s)", ret, strerror(-ret));
3454 goto nla_put_failure;
3457 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully");
3466 static int wpa_driver_nl80211_associate(
3467 void *priv, struct wpa_driver_associate_params *params)
3469 struct wpa_driver_nl80211_data *drv = priv;
3473 if (params->mode == IEEE80211_MODE_AP)
3474 return wpa_driver_nl80211_ap(drv, params);
3476 if (params->mode == IEEE80211_MODE_IBSS)
3477 return wpa_driver_nl80211_ibss(drv, params);
3479 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
3480 if (wpa_driver_nl80211_set_mode(drv, params->mode) < 0)
3482 return wpa_driver_nl80211_connect(drv, params);
3485 drv->associated = 0;
3487 msg = nlmsg_alloc();
3491 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
3493 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3494 NL80211_CMD_ASSOCIATE, 0);
3496 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3497 if (params->bssid) {
3498 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
3499 MAC2STR(params->bssid));
3500 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
3503 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
3504 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
3505 drv->assoc_freq = params->freq;
3507 drv->assoc_freq = 0;
3509 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
3510 params->ssid, params->ssid_len);
3511 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
3513 if (params->ssid_len > sizeof(drv->ssid))
3514 goto nla_put_failure;
3515 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
3516 drv->ssid_len = params->ssid_len;
3518 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
3520 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
3523 #ifdef CONFIG_IEEE80211W
3524 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED)
3525 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
3526 #endif /* CONFIG_IEEE80211W */
3528 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
3530 if (params->prev_bssid) {
3531 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR,
3532 MAC2STR(params->prev_bssid));
3533 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
3534 params->prev_bssid);
3537 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3540 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
3541 "(%s)", ret, strerror(-ret));
3542 goto nla_put_failure;
3545 wpa_printf(MSG_DEBUG, "nl80211: Association request send "
3554 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
3555 int ifindex, int mode)
3560 msg = nlmsg_alloc();
3564 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3565 0, NL80211_CMD_SET_INTERFACE, 0);
3566 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
3567 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
3569 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3573 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
3574 " %d (%s)", ifindex, mode, ret, strerror(-ret));
3579 static int wpa_driver_nl80211_set_mode(void *priv, int mode)
3581 struct wpa_driver_nl80211_data *drv = priv;
3587 nlmode = NL80211_IFTYPE_STATION;
3590 nlmode = NL80211_IFTYPE_ADHOC;
3593 nlmode = NL80211_IFTYPE_AP;
3599 if (nl80211_set_mode(drv, drv->ifindex, nlmode) == 0) {
3600 drv->nlmode = nlmode;
3605 if (nlmode == drv->nlmode) {
3606 wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
3607 "requested mode - ignore error");
3609 goto done; /* Already in the requested mode */
3612 /* mac80211 doesn't allow mode changes while the device is up, so
3613 * take the device down, try to set the mode again, and bring the
3616 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0) == 0) {
3617 /* Try to set the mode again while the interface is down */
3618 ret = nl80211_set_mode(drv, drv->ifindex, nlmode);
3619 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1))
3624 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
3625 "interface is down");
3626 drv->nlmode = nlmode;
3630 if (!ret && nlmode == NL80211_IFTYPE_AP) {
3631 /* Setup additional AP mode functionality if needed */
3632 if (drv->monitor_ifidx < 0 &&
3633 nl80211_create_monitor_interface(drv))
3635 } else if (!ret && nlmode != NL80211_IFTYPE_AP) {
3636 /* Remove additional AP mode functionality */
3637 nl80211_remove_monitor_interface(drv);
3639 drv->beacon_set = 0;
3640 #endif /* HOSTAPD */
3644 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
3645 "from %d failed", nlmode, drv->nlmode);
3651 static int wpa_driver_nl80211_get_capa(void *priv,
3652 struct wpa_driver_capa *capa)
3654 struct wpa_driver_nl80211_data *drv = priv;
3655 if (!drv->has_capability)
3657 os_memcpy(capa, &drv->capa, sizeof(*capa));
3662 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
3664 struct wpa_driver_nl80211_data *drv = priv;
3666 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
3667 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
3668 drv->operstate = state;
3669 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
3670 state ? IF_OPER_UP : IF_OPER_DORMANT);
3674 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
3676 struct wpa_driver_nl80211_data *drv = priv;
3678 struct nl80211_sta_flag_update upd;
3680 msg = nlmsg_alloc();
3684 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3685 0, NL80211_CMD_SET_STATION, 0);
3687 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3688 if_nametoindex(drv->ifname));
3689 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
3691 os_memset(&upd, 0, sizeof(upd));
3692 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
3694 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
3695 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
3697 return send_and_recv_msgs(drv, msg, NULL, NULL);
3705 static struct i802_bss * get_bss(struct wpa_driver_nl80211_data *drv,
3708 struct i802_bss *bss = &drv->bss;
3710 if (ifindex == bss->ifindex)
3714 wpa_printf(MSG_DEBUG, "nl80211: get_bss(%d) failed", ifindex);
3719 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
3724 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d",
3726 for (i = 0; i < drv->num_if_indices; i++) {
3727 if (drv->if_indices[i] == 0) {
3728 drv->if_indices[i] = ifidx;
3733 if (drv->if_indices != drv->default_if_indices)
3734 old = drv->if_indices;
3738 drv->if_indices = os_realloc(old,
3739 sizeof(int) * (drv->num_if_indices + 1));
3740 if (!drv->if_indices) {
3742 drv->if_indices = drv->default_if_indices;
3744 drv->if_indices = old;
3745 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
3747 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
3750 drv->if_indices[drv->num_if_indices] = ifidx;
3751 drv->num_if_indices++;
3755 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
3759 for (i = 0; i < drv->num_if_indices; i++) {
3760 if (drv->if_indices[i] == ifidx) {
3761 drv->if_indices[i] = 0;
3768 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
3772 for (i = 0; i < drv->num_if_indices; i++)
3773 if (drv->if_indices[i] == ifidx)
3780 static inline int min_int(int a, int b)
3788 static int get_key_handler(struct nl_msg *msg, void *arg)
3790 struct nlattr *tb[NL80211_ATTR_MAX + 1];
3791 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3793 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3794 genlmsg_attrlen(gnlh, 0), NULL);
3797 * TODO: validate the key index and mac address!
3798 * Otherwise, there's a race condition as soon as
3799 * the kernel starts sending key notifications.
3802 if (tb[NL80211_ATTR_KEY_SEQ])
3803 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
3804 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
3809 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
3812 struct wpa_driver_nl80211_data *drv = priv;
3815 msg = nlmsg_alloc();
3819 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3820 0, NL80211_CMD_GET_KEY, 0);
3823 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3824 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
3825 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
3829 return send_and_recv_msgs(drv, msg, get_key_handler, seq);
3835 static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates,
3838 struct wpa_driver_nl80211_data *drv = priv;
3840 u8 rates[NL80211_MAX_SUPP_RATES];
3844 msg = nlmsg_alloc();
3848 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3849 NL80211_CMD_SET_BSS, 0);
3851 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++)
3852 rates[rates_len++] = basic_rates[i] / 5;
3854 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
3856 /* TODO: multi-BSS support */
3857 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
3859 return send_and_recv_msgs(drv, msg, NULL, NULL);
3865 /* Set kernel driver on given frequency (MHz) */
3866 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
3868 struct wpa_driver_nl80211_data *drv = priv;
3869 return wpa_driver_nl80211_set_freq(drv, freq->freq, freq->ht_enabled,
3870 freq->sec_channel_offset);
3874 static int i802_set_rts(void *priv, int rts)
3876 struct wpa_driver_nl80211_data *drv = priv;
3881 msg = nlmsg_alloc();
3890 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3891 0, NL80211_CMD_SET_WIPHY, 0);
3892 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3893 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val);
3895 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3899 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
3900 "%d (%s)", rts, ret, strerror(-ret));
3905 static int i802_set_frag(void *priv, int frag)
3907 struct wpa_driver_nl80211_data *drv = priv;
3912 msg = nlmsg_alloc();
3921 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3922 0, NL80211_CMD_SET_WIPHY, 0);
3923 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3924 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val);
3926 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3930 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
3931 "%d: %d (%s)", frag, ret, strerror(-ret));
3936 static int i802_flush(void *priv)
3938 struct wpa_driver_nl80211_data *drv = priv;
3941 msg = nlmsg_alloc();
3945 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3946 0, NL80211_CMD_DEL_STATION, 0);
3949 * XXX: FIX! this needs to flush all VLANs too
3951 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3952 if_nametoindex(drv->ifname));
3954 return send_and_recv_msgs(drv, msg, NULL, NULL);
3960 static int get_sta_handler(struct nl_msg *msg, void *arg)
3962 struct nlattr *tb[NL80211_ATTR_MAX + 1];
3963 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
3964 struct hostap_sta_driver_data *data = arg;
3965 struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
3966 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
3967 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
3968 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
3969 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
3970 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
3971 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
3974 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
3975 genlmsg_attrlen(gnlh, 0), NULL);
3978 * TODO: validate the interface and mac address!
3979 * Otherwise, there's a race condition as soon as
3980 * the kernel starts sending station notifications.
3983 if (!tb[NL80211_ATTR_STA_INFO]) {
3984 wpa_printf(MSG_DEBUG, "sta stats missing!");
3987 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
3988 tb[NL80211_ATTR_STA_INFO],
3990 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
3994 if (stats[NL80211_STA_INFO_INACTIVE_TIME])
3995 data->inactive_msec =
3996 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
3997 if (stats[NL80211_STA_INFO_RX_BYTES])
3998 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
3999 if (stats[NL80211_STA_INFO_TX_BYTES])
4000 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
4001 if (stats[NL80211_STA_INFO_RX_PACKETS])
4003 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
4004 if (stats[NL80211_STA_INFO_TX_PACKETS])
4006 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
4011 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
4014 struct wpa_driver_nl80211_data *drv = priv;
4017 os_memset(data, 0, sizeof(*data));
4018 msg = nlmsg_alloc();
4022 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4023 0, NL80211_CMD_GET_STATION, 0);
4025 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4026 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
4028 return send_and_recv_msgs(drv, msg, get_sta_handler, data);
4034 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
4035 int cw_min, int cw_max, int burst_time)
4037 struct wpa_driver_nl80211_data *drv = priv;
4039 struct nlattr *txq, *params;
4041 msg = nlmsg_alloc();
4045 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4046 0, NL80211_CMD_SET_WIPHY, 0);
4048 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
4050 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
4052 goto nla_put_failure;
4054 /* We are only sending parameters for a single TXQ at a time */
4055 params = nla_nest_start(msg, 1);
4057 goto nla_put_failure;
4059 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, queue);
4060 /* Burst time is configured in units of 0.1 msec and TXOP parameter in
4061 * 32 usec, so need to convert the value here. */
4062 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
4063 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
4064 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
4065 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
4067 nla_nest_end(msg, params);
4069 nla_nest_end(msg, txq);
4071 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
4078 static int i802_set_bss(void *priv, int cts, int preamble, int slot)
4080 struct wpa_driver_nl80211_data *drv = priv;
4083 msg = nlmsg_alloc();
4087 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4088 NL80211_CMD_SET_BSS, 0);
4091 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
4093 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
4095 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
4097 /* TODO: multi-BSS support */
4098 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(drv->ifname));
4100 return send_and_recv_msgs(drv, msg, NULL, NULL);
4106 static int i802_set_cts_protect(void *priv, int value)
4108 return i802_set_bss(priv, value, -1, -1);
4112 static int i802_set_preamble(void *priv, int value)
4114 return i802_set_bss(priv, -1, value, -1);
4118 static int i802_set_short_slot_time(void *priv, int value)
4120 return i802_set_bss(priv, -1, -1, value);
4124 static int i802_set_sta_vlan(void *priv, const u8 *addr,
4125 const char *ifname, int vlan_id)
4127 struct wpa_driver_nl80211_data *drv = priv;
4130 msg = nlmsg_alloc();
4134 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4135 0, NL80211_CMD_SET_STATION, 0);
4137 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
4138 if_nametoindex(drv->ifname));
4139 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4140 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN,
4141 if_nametoindex(ifname));
4143 return send_and_recv_msgs(drv, msg, NULL, NULL);
4149 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val)
4151 struct wpa_driver_nl80211_data *drv = priv;
4154 os_snprintf(name, sizeof(name), "%s.sta%d", drv->ifname, aid);
4156 if (nl80211_create_iface(priv, name, NL80211_IFTYPE_AP_VLAN,
4159 linux_set_iface_flags(drv->ioctl_sock, name, 1);
4160 return i802_set_sta_vlan(priv, addr, name, 0);
4162 i802_set_sta_vlan(priv, addr, drv->ifname, 0);
4163 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN,
4169 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
4171 struct wpa_driver_nl80211_data *drv = eloop_ctx;
4172 struct sockaddr_ll lladdr;
4173 unsigned char buf[3000];
4175 socklen_t fromlen = sizeof(lladdr);
4177 len = recvfrom(sock, buf, sizeof(buf), 0,
4178 (struct sockaddr *)&lladdr, &fromlen);
4184 if (have_ifidx(drv, lladdr.sll_ifindex))
4185 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
4189 static int i802_get_inact_sec(void *priv, const u8 *addr)
4191 struct hostap_sta_driver_data data;
4194 data.inactive_msec = (unsigned long) -1;
4195 ret = i802_read_sta_data(priv, &data, addr);
4196 if (ret || data.inactive_msec == (unsigned long) -1)
4198 return data.inactive_msec / 1000;
4202 static int i802_sta_clear_stats(void *priv, const u8 *addr)
4211 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
4214 struct wpa_driver_nl80211_data *drv = priv;
4215 struct ieee80211_mgmt mgmt;
4217 memset(&mgmt, 0, sizeof(mgmt));
4218 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
4219 WLAN_FC_STYPE_DEAUTH);
4220 memcpy(mgmt.da, addr, ETH_ALEN);
4221 memcpy(mgmt.sa, own_addr, ETH_ALEN);
4222 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
4223 mgmt.u.deauth.reason_code = host_to_le16(reason);
4224 return wpa_driver_nl80211_send_mlme(drv, (u8 *) &mgmt,
4226 sizeof(mgmt.u.deauth));
4230 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
4233 struct wpa_driver_nl80211_data *drv = priv;
4234 struct ieee80211_mgmt mgmt;
4236 memset(&mgmt, 0, sizeof(mgmt));
4237 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
4238 WLAN_FC_STYPE_DISASSOC);
4239 memcpy(mgmt.da, addr, ETH_ALEN);
4240 memcpy(mgmt.sa, own_addr, ETH_ALEN);
4241 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
4242 mgmt.u.disassoc.reason_code = host_to_le16(reason);
4243 return wpa_driver_nl80211_send_mlme(drv, (u8 *) &mgmt,
4245 sizeof(mgmt.u.disassoc));
4249 static void *i802_init(struct hostapd_data *hapd,
4250 struct wpa_init_params *params)
4252 struct wpa_driver_nl80211_data *drv;
4255 drv = wpa_driver_nl80211_init(hapd, params->ifname);
4259 drv->bss.ifindex = drv->ifindex;
4261 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
4262 drv->if_indices = drv->default_if_indices;
4263 for (i = 0; i < params->num_bridge; i++) {
4264 if (params->bridge[i])
4265 add_ifidx(drv, if_nametoindex(params->bridge[i]));
4268 /* start listening for EAPOL on the default AP interface */
4269 add_ifidx(drv, drv->ifindex);
4271 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 0))
4274 if (params->bssid) {
4275 if (linux_set_ifhwaddr(drv->ioctl_sock, drv->ifname,
4280 if (wpa_driver_nl80211_set_mode(drv, IEEE80211_MODE_AP)) {
4281 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s "
4282 "into AP mode", drv->ifname);
4286 if (linux_set_iface_flags(drv->ioctl_sock, drv->ifname, 1))
4289 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
4290 if (drv->eapol_sock < 0) {
4291 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
4295 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
4297 printf("Could not register read socket for eapol\n");
4301 if (linux_get_ifhwaddr(drv->ioctl_sock, drv->ifname, params->own_addr))
4307 nl80211_remove_monitor_interface(drv);
4308 if (drv->ioctl_sock >= 0)
4309 close(drv->ioctl_sock);
4311 genl_family_put(drv->nl80211);
4312 nl_cache_free(drv->nl_cache);
4313 nl_handle_destroy(drv->nl_handle);
4314 nl_cb_put(drv->nl_cb);
4321 static void i802_deinit(void *priv)
4323 wpa_driver_nl80211_deinit(priv);
4326 #endif /* HOSTAPD */
4329 static enum nl80211_iftype wpa_driver_nl80211_if_type(
4330 enum wpa_driver_if_type type)
4333 case WPA_IF_STATION:
4334 return NL80211_IFTYPE_STATION;
4335 case WPA_IF_AP_VLAN:
4336 return NL80211_IFTYPE_AP_VLAN;
4338 return NL80211_IFTYPE_AP;
4344 static int wpa_driver_nl80211_if_add(const char *iface, void *priv,
4345 enum wpa_driver_if_type type,
4346 const char *ifname, const u8 *addr,
4349 struct wpa_driver_nl80211_data *drv = priv;
4352 struct i802_bss *bss = NULL;
4354 if (type == WPA_IF_AP_BSS) {
4355 bss = os_zalloc(sizeof(*bss));
4359 #endif /* HOSTAPD */
4361 ifidx = nl80211_create_iface(drv, ifname,
4362 wpa_driver_nl80211_if_type(type), addr,
4367 #endif /* HOSTAPD */
4372 if (type == WPA_IF_AP_BSS) {
4373 if (linux_set_iface_flags(drv->ioctl_sock, ifname, 1)) {
4374 nl80211_remove_iface(drv, ifidx);
4378 bss->ifindex = ifidx;
4379 bss->next = drv->bss.next;
4380 drv->bss.next = bss;
4382 #endif /* HOSTAPD */
4388 static int wpa_driver_nl80211_if_remove(void *priv,
4389 enum wpa_driver_if_type type,
4392 struct wpa_driver_nl80211_data *drv = priv;
4393 int ifindex = if_nametoindex(ifname);
4395 nl80211_remove_iface(drv, ifindex);
4398 if (type == WPA_IF_AP_BSS) {
4399 struct i802_bss *bss, *prev;
4401 bss = drv->bss.next;
4403 if (ifindex == bss->ifindex) {
4404 prev->next = bss->next;
4412 #endif /* HOSTAPD */
4418 static int cookie_handler(struct nl_msg *msg, void *arg)
4420 struct nlattr *tb[NL80211_ATTR_MAX + 1];
4421 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
4423 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
4424 genlmsg_attrlen(gnlh, 0), NULL);
4425 if (tb[NL80211_ATTR_COOKIE])
4426 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
4431 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
4432 unsigned int duration)
4434 struct wpa_driver_nl80211_data *drv = priv;
4439 msg = nlmsg_alloc();
4443 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4444 NL80211_CMD_REMAIN_ON_CHANNEL, 0);
4446 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4447 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
4448 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
4451 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
4453 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
4454 "0x%llx for freq=%u MHz duration=%u",
4455 (long long unsigned int) cookie, freq, duration);
4456 drv->remain_on_chan_cookie = cookie;
4459 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
4460 "(freq=%d): %d (%s)", freq, ret, strerror(-ret));
4466 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
4468 struct wpa_driver_nl80211_data *drv = priv;
4472 if (!drv->pending_remain_on_chan) {
4473 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
4478 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
4480 (long long unsigned int) drv->remain_on_chan_cookie);
4482 msg = nlmsg_alloc();
4486 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4487 NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 0);
4489 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4490 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie);
4492 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4495 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
4496 "%d (%s)", ret, strerror(-ret));
4502 static void wpa_driver_nl80211_probe_req_report_timeout(void *eloop_ctx,
4505 struct wpa_driver_nl80211_data *drv = eloop_ctx;
4506 if (drv->monitor_ifidx < 0)
4507 return; /* monitor interface already removed */
4509 if (drv->nlmode != NL80211_IFTYPE_STATION)
4510 return; /* not in station mode anymore */
4512 if (drv->probe_req_report)
4513 return; /* reporting enabled */
4515 wpa_printf(MSG_DEBUG, "nl80211: Remove monitor interface due to no "
4516 "Probe Request reporting needed anymore");
4517 nl80211_remove_monitor_interface(drv);
4521 static int wpa_driver_nl80211_probe_req_report(void *priv, int report)
4523 struct wpa_driver_nl80211_data *drv = priv;
4525 if (drv->nlmode != NL80211_IFTYPE_STATION) {
4526 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only "
4527 "allowed in station mode (iftype=%d)",
4531 drv->probe_req_report = report;
4534 eloop_cancel_timeout(
4535 wpa_driver_nl80211_probe_req_report_timeout,
4537 if (drv->monitor_ifidx < 0 &&
4538 nl80211_create_monitor_interface(drv))
4542 * It takes a while to remove the monitor interface, so try to
4543 * avoid doing this if it is needed again shortly. Instead,
4544 * schedule the interface to be removed later if no need for it
4547 wpa_printf(MSG_DEBUG, "nl80211: Scheduling monitor interface "
4548 "to be removed after 10 seconds of no use");
4549 eloop_register_timeout(
4550 10, 0, wpa_driver_nl80211_probe_req_report_timeout,
4558 static int wpa_driver_nl80211_alloc_interface_addr(void *priv, u8 *addr)
4560 struct wpa_driver_nl80211_data *drv = priv;
4562 if (linux_get_ifhwaddr(drv->ioctl_sock, drv->ifname, addr) < 0)
4565 if (addr[0] & 0x02) {
4566 /* TODO: add support for generating multiple addresses */
4569 addr[0] = 0x02; /* locally administered */
4575 static void wpa_driver_nl80211_release_interface_addr(void *priv,
4578 /* TODO: keep list of allocated address and release them here */
4582 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
4583 int ifindex, int disabled)
4586 struct nlattr *bands, *band;
4589 msg = nlmsg_alloc();
4593 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4594 NL80211_CMD_SET_TX_BITRATE_MASK, 0);
4595 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
4597 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
4599 goto nla_put_failure;
4602 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
4603 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
4604 * rates. All 5 GHz rates are left enabled.
4606 band = nla_nest_start(msg, NL80211_BAND_2GHZ);
4608 goto nla_put_failure;
4609 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8,
4610 "\x0c\x12\x18\x24\x30\x48\x60\x6c");
4611 nla_nest_end(msg, band);
4613 nla_nest_end(msg, bands);
4615 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4618 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
4619 "(%s)", ret, strerror(-ret));
4630 static int wpa_driver_nl80211_disable_11b_rates(void *priv, int disabled)
4632 struct wpa_driver_nl80211_data *drv = priv;
4633 drv->disable_11b_rates = disabled;
4634 return nl80211_disable_11b_rates(drv, drv->ifindex, disabled);
4638 static int wpa_driver_nl80211_deinit_ap(void *priv)
4640 struct wpa_driver_nl80211_data *drv = priv;
4641 if (drv->nlmode != NL80211_IFTYPE_AP)
4643 wpa_driver_nl80211_del_beacon(drv);
4644 return wpa_driver_nl80211_set_mode(drv, IEEE80211_MODE_INFRA);
4648 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
4650 .desc = "Linux nl80211/cfg80211",
4651 .get_bssid = wpa_driver_nl80211_get_bssid,
4652 .get_ssid = wpa_driver_nl80211_get_ssid,
4653 .set_key = wpa_driver_nl80211_set_key,
4654 .scan2 = wpa_driver_nl80211_scan,
4655 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
4656 .deauthenticate = wpa_driver_nl80211_deauthenticate,
4657 .disassociate = wpa_driver_nl80211_disassociate,
4658 .authenticate = wpa_driver_nl80211_authenticate,
4659 .associate = wpa_driver_nl80211_associate,
4660 .init = wpa_driver_nl80211_init,
4661 .deinit = wpa_driver_nl80211_deinit,
4662 .get_capa = wpa_driver_nl80211_get_capa,
4663 .set_operstate = wpa_driver_nl80211_set_operstate,
4664 .set_supp_port = wpa_driver_nl80211_set_supp_port,
4665 .set_country = wpa_driver_nl80211_set_country,
4666 .set_beacon = wpa_driver_nl80211_set_beacon,
4667 .if_add = wpa_driver_nl80211_if_add,
4668 .if_remove = wpa_driver_nl80211_if_remove,
4669 .send_mlme = wpa_driver_nl80211_send_mlme,
4670 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
4671 .sta_add = wpa_driver_nl80211_sta_add,
4672 .sta_remove = wpa_driver_nl80211_sta_remove,
4673 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
4674 .sta_set_flags = wpa_driver_nl80211_sta_set_flags,
4676 .hapd_init = i802_init,
4677 .hapd_deinit = i802_deinit,
4678 .get_seqnum = i802_get_seqnum,
4679 .flush = i802_flush,
4680 .read_sta_data = i802_read_sta_data,
4681 .sta_deauth = i802_sta_deauth,
4682 .sta_disassoc = i802_sta_disassoc,
4683 .get_inact_sec = i802_get_inact_sec,
4684 .sta_clear_stats = i802_sta_clear_stats,
4685 .set_freq = i802_set_freq,
4686 .set_rts = i802_set_rts,
4687 .set_frag = i802_set_frag,
4688 .set_rate_sets = i802_set_rate_sets,
4689 .set_cts_protect = i802_set_cts_protect,
4690 .set_preamble = i802_set_preamble,
4691 .set_short_slot_time = i802_set_short_slot_time,
4692 .set_tx_queue_params = i802_set_tx_queue_params,
4693 .set_sta_vlan = i802_set_sta_vlan,
4694 .set_wds_sta = i802_set_wds_sta,
4695 #endif /* HOSTAPD */
4696 .remain_on_channel = wpa_driver_nl80211_remain_on_channel,
4697 .cancel_remain_on_channel =
4698 wpa_driver_nl80211_cancel_remain_on_channel,
4699 .probe_req_report = wpa_driver_nl80211_probe_req_report,
4700 .alloc_interface_addr = wpa_driver_nl80211_alloc_interface_addr,
4701 .release_interface_addr = wpa_driver_nl80211_release_interface_addr,
4702 .disable_11b_rates = wpa_driver_nl80211_disable_11b_rates,
4703 .deinit_ap = wpa_driver_nl80211_deinit_ap,