2 * hostapd / VLAN initialization
3 * Copyright 2003, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * Alternatively, this software may be distributed under the terms of BSD
14 * See README and COPYING for more details.
17 #include "utils/includes.h"
19 #include "utils/common.h"
21 #include "ap_config.h"
22 #include "vlan_init.h"
25 #ifdef CONFIG_FULL_DYNAMIC_VLAN
28 #include <sys/ioctl.h>
29 #include <linux/sockios.h>
30 #include <linux/if_vlan.h>
31 #include <linux/if_bridge.h>
33 #include "drivers/priv_netlink.h"
34 #include "utils/eloop.h"
37 struct full_dynamic_vlan {
38 int s; /* socket on which to listen for new/removed interfaces. */
42 static int ifconfig_helper(const char *if_name, int up)
47 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
48 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
49 "failed: %s", __func__, strerror(errno));
53 os_memset(&ifr, 0, sizeof(ifr));
54 os_strlcpy(ifr.ifr_name, if_name, IFNAMSIZ);
56 if (ioctl(fd, SIOCGIFFLAGS, &ifr) != 0) {
57 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl(SIOCGIFFLAGS) failed "
58 "for interface %s: %s",
59 __func__, if_name, strerror(errno));
65 ifr.ifr_flags |= IFF_UP;
67 ifr.ifr_flags &= ~IFF_UP;
69 if (ioctl(fd, SIOCSIFFLAGS, &ifr) != 0) {
70 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl(SIOCSIFFLAGS) failed "
71 "for interface %s (up=%d): %s",
72 __func__, if_name, up, strerror(errno));
82 static int ifconfig_up(const char *if_name)
84 wpa_printf(MSG_DEBUG, "VLAN: Set interface %s up", if_name);
85 return ifconfig_helper(if_name, 1);
89 static int ifconfig_down(const char *if_name)
91 wpa_printf(MSG_DEBUG, "VLAN: Set interface %s down", if_name);
92 return ifconfig_helper(if_name, 0);
97 * These are only available in recent linux headers (without the leading
100 #define _GET_VLAN_REALDEV_NAME_CMD 8
101 #define _GET_VLAN_VID_CMD 9
103 /* This value should be 256 ONLY. If it is something else, then hostapd
104 * might crash!, as this value has been hard-coded in 2.4.x kernel
107 #define MAX_BR_PORTS 256
109 static int br_delif(const char *br_name, const char *if_name)
113 unsigned long args[2];
116 wpa_printf(MSG_DEBUG, "VLAN: br_delif(%s, %s)", br_name, if_name);
117 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
118 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
119 "failed: %s", __func__, strerror(errno));
123 if_index = if_nametoindex(if_name);
126 wpa_printf(MSG_ERROR, "VLAN: %s: Failure determining "
127 "interface index for '%s'",
133 args[0] = BRCTL_DEL_IF;
136 os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
137 ifr.ifr_data = (__caddr_t) args;
139 if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0 && errno != EINVAL) {
140 /* No error if interface already removed. */
141 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl[SIOCDEVPRIVATE,"
142 "BRCTL_DEL_IF] failed for br_name=%s if_name=%s: "
143 "%s", __func__, br_name, if_name, strerror(errno));
154 Add interface 'if_name' to the bridge 'br_name'
157 returns 1 if the interface is already part of the bridge
160 static int br_addif(const char *br_name, const char *if_name)
164 unsigned long args[2];
167 wpa_printf(MSG_DEBUG, "VLAN: br_addif(%s, %s)", br_name, if_name);
168 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
169 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
170 "failed: %s", __func__, strerror(errno));
174 if_index = if_nametoindex(if_name);
177 wpa_printf(MSG_ERROR, "VLAN: %s: Failure determining "
178 "interface index for '%s'",
184 args[0] = BRCTL_ADD_IF;
187 os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
188 ifr.ifr_data = (__caddr_t) args;
190 if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) {
191 if (errno == EBUSY) {
192 /* The interface is already added. */
197 wpa_printf(MSG_ERROR, "VLAN: %s: ioctl[SIOCDEVPRIVATE,"
198 "BRCTL_ADD_IF] failed for br_name=%s if_name=%s: "
199 "%s", __func__, br_name, if_name, strerror(errno));
209 static int br_delbr(const char *br_name)
212 unsigned long arg[2];
214 wpa_printf(MSG_DEBUG, "VLAN: br_delbr(%s)", br_name);
215 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
216 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
217 "failed: %s", __func__, strerror(errno));
221 arg[0] = BRCTL_DEL_BRIDGE;
222 arg[1] = (unsigned long) br_name;
224 if (ioctl(fd, SIOCGIFBR, arg) < 0 && errno != ENXIO) {
225 /* No error if bridge already removed. */
226 wpa_printf(MSG_ERROR, "VLAN: %s: BRCTL_DEL_BRIDGE failed for "
227 "%s: %s", __func__, br_name, strerror(errno));
238 Add a bridge with the name 'br_name'.
241 returns 1 if the bridge already exists
244 static int br_addbr(const char *br_name)
247 unsigned long arg[4];
250 wpa_printf(MSG_DEBUG, "VLAN: br_addbr(%s)", br_name);
251 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
252 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
253 "failed: %s", __func__, strerror(errno));
257 arg[0] = BRCTL_ADD_BRIDGE;
258 arg[1] = (unsigned long) br_name;
260 if (ioctl(fd, SIOCGIFBR, arg) < 0) {
261 if (errno == EEXIST) {
262 /* The bridge is already added. */
266 wpa_printf(MSG_ERROR, "VLAN: %s: BRCTL_ADD_BRIDGE "
268 __func__, br_name, strerror(errno));
274 /* Decrease forwarding delay to avoid EAPOL timeouts. */
275 os_memset(&ifr, 0, sizeof(ifr));
276 os_strlcpy(ifr.ifr_name, br_name, IFNAMSIZ);
277 arg[0] = BRCTL_SET_BRIDGE_FORWARD_DELAY;
281 ifr.ifr_data = (char *) &arg;
282 if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) {
283 wpa_printf(MSG_ERROR, "VLAN: %s: "
284 "BRCTL_SET_BRIDGE_FORWARD_DELAY (1 sec) failed for "
285 "%s: %s", __func__, br_name, strerror(errno));
286 /* Continue anyway */
294 static int br_getnumports(const char *br_name)
299 unsigned long arg[4];
300 int ifindices[MAX_BR_PORTS];
303 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
304 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
305 "failed: %s", __func__, strerror(errno));
309 arg[0] = BRCTL_GET_PORT_LIST;
310 arg[1] = (unsigned long) ifindices;
311 arg[2] = MAX_BR_PORTS;
314 os_memset(ifindices, 0, sizeof(ifindices));
315 os_strlcpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name));
316 ifr.ifr_data = (__caddr_t) arg;
318 if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) {
319 wpa_printf(MSG_ERROR, "VLAN: %s: BRCTL_GET_PORT_LIST "
321 __func__, br_name, strerror(errno));
326 for (i = 1; i < MAX_BR_PORTS; i++) {
327 if (ifindices[i] > 0) {
337 static int vlan_rem(const char *if_name)
340 struct vlan_ioctl_args if_request;
342 wpa_printf(MSG_DEBUG, "VLAN: vlan_rem(%s)", if_name);
343 if ((os_strlen(if_name) + 1) > sizeof(if_request.device1)) {
344 wpa_printf(MSG_ERROR, "VLAN: Interface name too long: '%s'",
349 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
350 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
351 "failed: %s", __func__, strerror(errno));
355 os_memset(&if_request, 0, sizeof(if_request));
357 os_strlcpy(if_request.device1, if_name, sizeof(if_request.device1));
358 if_request.cmd = DEL_VLAN_CMD;
360 if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
361 wpa_printf(MSG_ERROR, "VLAN: %s: DEL_VLAN_CMD failed for %s: "
362 "%s", __func__, if_name, strerror(errno));
373 Add a vlan interface with VLAN ID 'vid' and tagged interface
377 returns 1 if the interface already exists
380 static int vlan_add(const char *if_name, int vid)
383 struct vlan_ioctl_args if_request;
385 wpa_printf(MSG_DEBUG, "VLAN: vlan_add(if_name=%s, vid=%d)",
387 ifconfig_up(if_name);
389 if ((os_strlen(if_name) + 1) > sizeof(if_request.device1)) {
390 wpa_printf(MSG_ERROR, "VLAN: Interface name too long: '%s'",
395 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
396 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
397 "failed: %s", __func__, strerror(errno));
401 os_memset(&if_request, 0, sizeof(if_request));
403 /* Determine if a suitable vlan device already exists. */
405 os_snprintf(if_request.device1, sizeof(if_request.device1), "vlan%d",
408 if_request.cmd = _GET_VLAN_VID_CMD;
410 if (ioctl(fd, SIOCSIFVLAN, &if_request) == 0) {
412 if (if_request.u.VID == vid) {
413 if_request.cmd = _GET_VLAN_REALDEV_NAME_CMD;
415 if (ioctl(fd, SIOCSIFVLAN, &if_request) == 0 &&
416 os_strncmp(if_request.u.device2, if_name,
417 sizeof(if_request.u.device2)) == 0) {
419 wpa_printf(MSG_DEBUG, "VLAN: vlan_add: "
420 "if_name %s exists already",
427 /* A suitable vlan device does not already exist, add one. */
429 os_memset(&if_request, 0, sizeof(if_request));
430 os_strlcpy(if_request.device1, if_name, sizeof(if_request.device1));
431 if_request.u.VID = vid;
432 if_request.cmd = ADD_VLAN_CMD;
434 if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
435 wpa_printf(MSG_ERROR, "VLAN: %s: ADD_VLAN_CMD failed for %s: "
437 __func__, if_request.device1, strerror(errno));
447 static int vlan_set_name_type(unsigned int name_type)
450 struct vlan_ioctl_args if_request;
452 wpa_printf(MSG_DEBUG, "VLAN: vlan_set_name_type(name_type=%u)",
454 if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
455 wpa_printf(MSG_ERROR, "VLAN: %s: socket(AF_INET,SOCK_STREAM) "
456 "failed: %s", __func__, strerror(errno));
460 os_memset(&if_request, 0, sizeof(if_request));
462 if_request.u.name_type = name_type;
463 if_request.cmd = SET_VLAN_NAME_TYPE_CMD;
464 if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) {
465 wpa_printf(MSG_ERROR, "VLAN: %s: SET_VLAN_NAME_TYPE_CMD "
466 "name_type=%u failed: %s",
467 __func__, name_type, strerror(errno));
477 static void vlan_newlink(char *ifname, struct hostapd_data *hapd)
479 char vlan_ifname[IFNAMSIZ];
480 char br_name[IFNAMSIZ];
481 struct hostapd_vlan *vlan = hapd->conf->vlan;
482 char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface;
484 wpa_printf(MSG_DEBUG, "VLAN: vlan_newlink(%s)", ifname);
487 if (os_strcmp(ifname, vlan->ifname) == 0) {
489 os_snprintf(br_name, sizeof(br_name), "brvlan%d",
492 if (!br_addbr(br_name))
493 vlan->clean |= DVLAN_CLEAN_BR;
495 ifconfig_up(br_name);
497 if (tagged_interface) {
499 if (!vlan_add(tagged_interface, vlan->vlan_id))
500 vlan->clean |= DVLAN_CLEAN_VLAN;
502 os_snprintf(vlan_ifname, sizeof(vlan_ifname),
503 "vlan%d", vlan->vlan_id);
505 if (!br_addif(br_name, vlan_ifname))
506 vlan->clean |= DVLAN_CLEAN_VLAN_PORT;
508 ifconfig_up(vlan_ifname);
511 if (!br_addif(br_name, ifname))
512 vlan->clean |= DVLAN_CLEAN_WLAN_PORT;
523 static void vlan_dellink(char *ifname, struct hostapd_data *hapd)
525 char vlan_ifname[IFNAMSIZ];
526 char br_name[IFNAMSIZ];
527 struct hostapd_vlan *first, *prev, *vlan = hapd->conf->vlan;
528 char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface;
530 wpa_printf(MSG_DEBUG, "VLAN: vlan_dellink(%s)", ifname);
535 if (os_strcmp(ifname, vlan->ifname) == 0) {
536 os_snprintf(br_name, sizeof(br_name), "brvlan%d",
539 if (vlan->clean & DVLAN_CLEAN_WLAN_PORT)
540 br_delif(br_name, vlan->ifname);
542 if (tagged_interface) {
543 os_snprintf(vlan_ifname, sizeof(vlan_ifname),
544 "vlan%d", vlan->vlan_id);
545 if (vlan->clean & DVLAN_CLEAN_VLAN_PORT)
546 br_delif(br_name, vlan_ifname);
547 ifconfig_down(vlan_ifname);
549 if (vlan->clean & DVLAN_CLEAN_VLAN)
550 vlan_rem(vlan_ifname);
553 if ((vlan->clean & DVLAN_CLEAN_BR) &&
554 br_getnumports(br_name) == 0) {
555 ifconfig_down(br_name);
560 hapd->conf->vlan = vlan->next;
562 prev->next = vlan->next;
575 vlan_read_ifnames(struct nlmsghdr *h, size_t len, int del,
576 struct hostapd_data *hapd)
578 struct ifinfomsg *ifi;
579 int attrlen, nlmsg_len, rta_len;
582 if (len < sizeof(*ifi))
587 nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg));
589 attrlen = h->nlmsg_len - nlmsg_len;
593 attr = (struct rtattr *) (((char *) ifi) + nlmsg_len);
595 rta_len = RTA_ALIGN(sizeof(struct rtattr));
596 while (RTA_OK(attr, attrlen)) {
597 char ifname[IFNAMSIZ + 1];
599 if (attr->rta_type == IFLA_IFNAME) {
600 int n = attr->rta_len - rta_len;
604 os_memset(ifname, 0, sizeof(ifname));
606 if ((size_t) n > sizeof(ifname))
608 os_memcpy(ifname, ((char *) attr) + rta_len, n);
611 vlan_dellink(ifname, hapd);
613 vlan_newlink(ifname, hapd);
616 attr = RTA_NEXT(attr, attrlen);
621 static void vlan_event_receive(int sock, void *eloop_ctx, void *sock_ctx)
625 struct sockaddr_nl from;
628 struct hostapd_data *hapd = eloop_ctx;
630 fromlen = sizeof(from);
631 left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT,
632 (struct sockaddr *) &from, &fromlen);
634 if (errno != EINTR && errno != EAGAIN)
635 wpa_printf(MSG_ERROR, "VLAN: %s: recvfrom failed: %s",
636 __func__, strerror(errno));
640 h = (struct nlmsghdr *) buf;
641 while (left >= (int) sizeof(*h)) {
645 plen = len - sizeof(*h);
646 if (len > left || plen < 0) {
647 wpa_printf(MSG_DEBUG, "VLAN: Malformed netlink "
648 "message: len=%d left=%d plen=%d",
653 switch (h->nlmsg_type) {
655 vlan_read_ifnames(h, plen, 0, hapd);
658 vlan_read_ifnames(h, plen, 1, hapd);
662 len = NLMSG_ALIGN(len);
664 h = (struct nlmsghdr *) ((char *) h + len);
668 wpa_printf(MSG_DEBUG, "VLAN: %s: %d extra bytes in the end of "
669 "netlink message", __func__, left);
674 static struct full_dynamic_vlan *
675 full_dynamic_vlan_init(struct hostapd_data *hapd)
677 struct sockaddr_nl local;
678 struct full_dynamic_vlan *priv;
680 priv = os_zalloc(sizeof(*priv));
684 vlan_set_name_type(VLAN_NAME_TYPE_PLUS_VID_NO_PAD);
686 priv->s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
688 wpa_printf(MSG_ERROR, "VLAN: %s: socket(PF_NETLINK,SOCK_RAW,"
689 "NETLINK_ROUTE) failed: %s",
690 __func__, strerror(errno));
695 os_memset(&local, 0, sizeof(local));
696 local.nl_family = AF_NETLINK;
697 local.nl_groups = RTMGRP_LINK;
698 if (bind(priv->s, (struct sockaddr *) &local, sizeof(local)) < 0) {
699 wpa_printf(MSG_ERROR, "VLAN: %s: bind(netlink) failed: %s",
700 __func__, strerror(errno));
706 if (eloop_register_read_sock(priv->s, vlan_event_receive, hapd, NULL))
717 static void full_dynamic_vlan_deinit(struct full_dynamic_vlan *priv)
721 eloop_unregister_read_sock(priv->s);
725 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
728 int vlan_setup_encryption_dyn(struct hostapd_data *hapd,
729 struct hostapd_ssid *mssid, const char *dyn_vlan)
733 if (dyn_vlan == NULL)
736 /* Static WEP keys are set here; IEEE 802.1X and WPA uses their own
737 * functions for setting up dynamic broadcast keys. */
738 for (i = 0; i < 4; i++) {
739 if (mssid->wep.key[i] &&
740 hapd->drv.set_key(dyn_vlan, hapd, WPA_ALG_WEP, NULL, i,
741 i == mssid->wep.idx, NULL, 0,
742 mssid->wep.key[i], mssid->wep.len[i])) {
743 wpa_printf(MSG_ERROR, "VLAN: Could not set WEP "
744 "encryption for dynamic VLAN");
753 static int vlan_dynamic_add(struct hostapd_data *hapd,
754 struct hostapd_vlan *vlan)
757 if (vlan->vlan_id != VLAN_ID_WILDCARD) {
758 if (hapd->drv.vlan_if_add(hapd, vlan->ifname)) {
759 if (errno != EEXIST) {
760 wpa_printf(MSG_ERROR, "VLAN: Could "
761 "not add VLAN %s: %s",
767 #ifdef CONFIG_FULL_DYNAMIC_VLAN
768 ifconfig_up(vlan->ifname);
769 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
779 static void vlan_dynamic_remove(struct hostapd_data *hapd,
780 struct hostapd_vlan *vlan)
782 struct hostapd_vlan *next;
787 if (vlan->vlan_id != VLAN_ID_WILDCARD &&
788 hapd->drv.vlan_if_remove(hapd, vlan->ifname)) {
789 wpa_printf(MSG_ERROR, "VLAN: Could not remove VLAN "
791 vlan->ifname, strerror(errno));
793 #ifdef CONFIG_FULL_DYNAMIC_VLAN
795 vlan_dellink(vlan->ifname, hapd);
796 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
803 int vlan_init(struct hostapd_data *hapd)
805 #ifdef CONFIG_FULL_DYNAMIC_VLAN
806 hapd->full_dynamic_vlan = full_dynamic_vlan_init(hapd);
807 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
809 if (vlan_dynamic_add(hapd, hapd->conf->vlan))
816 void vlan_deinit(struct hostapd_data *hapd)
818 vlan_dynamic_remove(hapd, hapd->conf->vlan);
820 #ifdef CONFIG_FULL_DYNAMIC_VLAN
821 full_dynamic_vlan_deinit(hapd->full_dynamic_vlan);
822 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
826 struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd,
827 struct hostapd_vlan *vlan,
830 struct hostapd_vlan *n;
833 if (vlan == NULL || vlan_id <= 0 || vlan_id > MAX_VLAN_ID ||
834 vlan->vlan_id != VLAN_ID_WILDCARD)
837 wpa_printf(MSG_DEBUG, "VLAN: %s(vlan_id=%d ifname=%s)",
838 __func__, vlan_id, vlan->ifname);
839 ifname = os_strdup(vlan->ifname);
842 pos = os_strchr(ifname, '#');
849 n = os_zalloc(sizeof(*n));
855 n->vlan_id = vlan_id;
858 os_snprintf(n->ifname, sizeof(n->ifname), "%s%d%s", ifname, vlan_id,
862 if (hapd->drv.vlan_if_add(hapd, n->ifname)) {
867 n->next = hapd->conf->vlan;
868 hapd->conf->vlan = n;
870 #ifdef CONFIG_FULL_DYNAMIC_VLAN
871 ifconfig_up(n->ifname);
872 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
878 int vlan_remove_dynamic(struct hostapd_data *hapd, int vlan_id)
880 struct hostapd_vlan *vlan;
882 if (vlan_id <= 0 || vlan_id > MAX_VLAN_ID)
885 wpa_printf(MSG_DEBUG, "VLAN: %s(vlan_id=%d)", __func__, vlan_id);
887 vlan = hapd->conf->vlan;
889 if (vlan->vlan_id == vlan_id && vlan->dynamic_vlan > 0) {
890 vlan->dynamic_vlan--;
899 if (vlan->dynamic_vlan == 0)
900 hapd->drv.vlan_if_remove(hapd, vlan->ifname);
projects / mech_eap.orig / blob