2 * Driver interaction with Linux nl80211/cfg80211
3 * Copyright (c) 2002-2010, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7 * Copyright (c) 2009-2010, Atheros Communications
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
13 * Alternatively, this software may be distributed under the terms of BSD
16 * See README and COPYING for more details.
20 #include <sys/ioctl.h>
22 #include <netlink/genl/genl.h>
23 #include <netlink/genl/family.h>
24 #include <netlink/genl/ctrl.h>
25 #include <netpacket/packet.h>
26 #include <linux/filter.h>
27 #include "nl80211_copy.h"
31 #include "common/ieee802_11_defs.h"
33 #include "linux_ioctl.h"
35 #include "radiotap_iter.h"
39 /* libnl 2.0 compatibility code */
40 #define nl_handle nl_sock
41 #define nl_handle_alloc_cb nl_socket_alloc_cb
42 #define nl_handle_destroy nl_socket_free
43 #endif /* CONFIG_LIBNL20 */
47 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */
50 #define IFF_DORMANT 0x20000 /* driver signals dormant */
53 #ifndef IF_OPER_DORMANT
54 #define IF_OPER_DORMANT 5
61 struct wpa_driver_nl80211_data *drv;
62 struct i802_bss *next;
64 char ifname[IFNAMSIZ + 1];
65 unsigned int beacon_set:1;
68 struct wpa_driver_nl80211_data {
70 struct netlink_data *netlink;
71 int ioctl_sock; /* socket for ioctl() use */
72 char brname[IFNAMSIZ];
75 struct wpa_driver_capa capa;
80 int scan_complete_events;
82 struct nl_handle *nl_handle;
83 struct nl_handle *nl_handle_event;
84 struct nl_cache *nl_cache;
85 struct nl_cache *nl_cache_event;
87 struct genl_family *nl80211;
89 u8 auth_bssid[ETH_ALEN];
95 int ap_scan_as_station;
96 unsigned int assoc_freq;
100 int probe_req_report;
101 int disable_11b_rates;
103 unsigned int pending_remain_on_chan:1;
104 unsigned int added_bridge:1;
105 unsigned int added_if_into_bridge:1;
107 u64 remain_on_chan_cookie;
108 u64 send_action_cookie;
110 struct wpa_driver_scan_filter *filter_ssids;
111 size_t num_filter_ssids;
113 struct i802_bss first_bss;
116 int eapol_sock; /* socket for EAPOL frames */
118 int default_if_indices[16];
128 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx,
130 static int wpa_driver_nl80211_set_mode(void *priv, int mode);
132 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv);
133 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
134 const u8 *addr, int cmd, u16 reason_code,
135 int local_state_change);
136 static void nl80211_remove_monitor_interface(
137 struct wpa_driver_nl80211_data *drv);
140 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
141 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
142 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
143 static int wpa_driver_nl80211_if_remove(void *priv,
144 enum wpa_driver_if_type type,
147 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
153 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq);
154 static void wpa_driver_nl80211_probe_req_report_timeout(void *eloop_ctx,
156 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
157 int ifindex, int disabled);
161 static int ack_handler(struct nl_msg *msg, void *arg)
168 static int finish_handler(struct nl_msg *msg, void *arg)
175 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
184 static int no_seq_check(struct nl_msg *msg, void *arg)
190 static int send_and_recv(struct wpa_driver_nl80211_data *drv,
191 struct nl_handle *nl_handle, struct nl_msg *msg,
192 int (*valid_handler)(struct nl_msg *, void *),
198 cb = nl_cb_clone(drv->nl_cb);
202 err = nl_send_auto_complete(nl_handle, msg);
208 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
209 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
210 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
213 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
214 valid_handler, valid_data);
217 nl_recvmsgs(nl_handle, cb);
225 static int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
227 int (*valid_handler)(struct nl_msg *, void *),
230 return send_and_recv(drv, drv->nl_handle, msg, valid_handler,
241 static int family_handler(struct nl_msg *msg, void *arg)
243 struct family_data *res = arg;
244 struct nlattr *tb[CTRL_ATTR_MAX + 1];
245 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
246 struct nlattr *mcgrp;
249 nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
250 genlmsg_attrlen(gnlh, 0), NULL);
251 if (!tb[CTRL_ATTR_MCAST_GROUPS])
254 nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
255 struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
256 nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
257 nla_len(mcgrp), NULL);
258 if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
259 !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
260 os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
262 nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
264 res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
272 static int nl_get_multicast_id(struct wpa_driver_nl80211_data *drv,
273 const char *family, const char *group)
277 struct family_data res = { group, -ENOENT };
282 genlmsg_put(msg, 0, 0, genl_ctrl_resolve(drv->nl_handle, "nlctrl"),
283 0, 0, CTRL_CMD_GETFAMILY, 0);
284 NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family);
286 ret = send_and_recv_msgs(drv, msg, family_handler, &res);
297 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
299 struct i802_bss *bss = priv;
300 struct wpa_driver_nl80211_data *drv = bss->drv;
301 if (!drv->associated)
303 os_memcpy(bssid, drv->bssid, ETH_ALEN);
308 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
310 struct i802_bss *bss = priv;
311 struct wpa_driver_nl80211_data *drv = bss->drv;
312 if (!drv->associated)
314 os_memcpy(ssid, drv->ssid, drv->ssid_len);
315 return drv->ssid_len;
319 static void wpa_driver_nl80211_event_link(struct wpa_driver_nl80211_data *drv,
320 char *buf, size_t len, int del)
322 union wpa_event_data event;
324 os_memset(&event, 0, sizeof(event));
325 if (len > sizeof(event.interface_status.ifname))
326 len = sizeof(event.interface_status.ifname) - 1;
327 os_memcpy(event.interface_status.ifname, buf, len);
328 event.interface_status.ievent = del ? EVENT_INTERFACE_REMOVED :
329 EVENT_INTERFACE_ADDED;
331 wpa_printf(MSG_DEBUG, "RTM_%sLINK, IFLA_IFNAME: Interface '%s' %s",
333 event.interface_status.ifname,
334 del ? "removed" : "added");
336 if (os_strcmp(drv->first_bss.ifname, event.interface_status.ifname) == 0) {
343 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
347 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
350 int attrlen, rta_len;
354 attr = (struct rtattr *) buf;
356 rta_len = RTA_ALIGN(sizeof(struct rtattr));
357 while (RTA_OK(attr, attrlen)) {
358 if (attr->rta_type == IFLA_IFNAME) {
359 if (os_strcmp(((char *) attr) + rta_len, drv->first_bss.ifname)
365 attr = RTA_NEXT(attr, attrlen);
372 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
373 int ifindex, u8 *buf, size_t len)
375 if (drv->ifindex == ifindex)
378 if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
379 drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname);
380 wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
382 wpa_driver_nl80211_finish_drv_init(drv);
390 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
391 struct ifinfomsg *ifi,
394 struct wpa_driver_nl80211_data *drv = ctx;
395 int attrlen, rta_len;
399 if (!wpa_driver_nl80211_own_ifindex(drv, ifi->ifi_index, buf, len) &&
400 !have_ifidx(drv, ifi->ifi_index)) {
401 wpa_printf(MSG_DEBUG, "nl80211: Ignore event for foreign "
402 "ifindex %d", ifi->ifi_index);
406 wpa_printf(MSG_DEBUG, "RTM_NEWLINK: operstate=%d ifi_flags=0x%x "
408 drv->operstate, ifi->ifi_flags,
409 (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
410 (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
411 (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
412 (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
414 * Some drivers send the association event before the operup event--in
415 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
416 * fails. This will hit us when wpa_supplicant does not need to do
417 * IEEE 802.1X authentication
419 if (drv->operstate == 1 &&
420 (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
421 !(ifi->ifi_flags & IFF_RUNNING))
422 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
426 attr = (struct rtattr *) buf;
427 rta_len = RTA_ALIGN(sizeof(struct rtattr));
428 while (RTA_OK(attr, attrlen)) {
429 if (attr->rta_type == IFLA_IFNAME) {
430 wpa_driver_nl80211_event_link(
432 ((char *) attr) + rta_len,
433 attr->rta_len - rta_len, 0);
434 } else if (attr->rta_type == IFLA_MASTER)
435 brid = nla_get_u32((struct nlattr *) attr);
436 attr = RTA_NEXT(attr, attrlen);
440 if (ifi->ifi_family == AF_BRIDGE && brid) {
441 /* device has been added to bridge */
442 char namebuf[IFNAMSIZ];
443 if_indextoname(brid, namebuf);
444 wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
446 add_ifidx(drv, brid);
452 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
453 struct ifinfomsg *ifi,
456 struct wpa_driver_nl80211_data *drv = ctx;
457 int attrlen, rta_len;
462 attr = (struct rtattr *) buf;
464 rta_len = RTA_ALIGN(sizeof(struct rtattr));
465 while (RTA_OK(attr, attrlen)) {
466 if (attr->rta_type == IFLA_IFNAME) {
467 wpa_driver_nl80211_event_link(
469 ((char *) attr) + rta_len,
470 attr->rta_len - rta_len, 1);
471 } else if (attr->rta_type == IFLA_MASTER)
472 brid = nla_get_u32((struct nlattr *) attr);
473 attr = RTA_NEXT(attr, attrlen);
477 if (ifi->ifi_family == AF_BRIDGE && brid) {
478 /* device has been removed from bridge */
479 char namebuf[IFNAMSIZ];
480 if_indextoname(brid, namebuf);
481 wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge "
482 "%s", brid, namebuf);
483 del_ifidx(drv, brid);
489 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
490 const u8 *frame, size_t len)
492 const struct ieee80211_mgmt *mgmt;
493 union wpa_event_data event;
495 mgmt = (const struct ieee80211_mgmt *) frame;
496 if (len < 24 + sizeof(mgmt->u.auth)) {
497 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
502 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN);
503 os_memset(&event, 0, sizeof(event));
504 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
505 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
506 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
507 if (len > 24 + sizeof(mgmt->u.auth)) {
508 event.auth.ies = mgmt->u.auth.variable;
509 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
512 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
516 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
517 const u8 *frame, size_t len)
519 const struct ieee80211_mgmt *mgmt;
520 union wpa_event_data event;
523 mgmt = (const struct ieee80211_mgmt *) frame;
524 if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
525 wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
530 status = le_to_host16(mgmt->u.assoc_resp.status_code);
531 if (status != WLAN_STATUS_SUCCESS) {
532 os_memset(&event, 0, sizeof(event));
533 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
534 event.assoc_reject.resp_ies =
535 (u8 *) mgmt->u.assoc_resp.variable;
536 event.assoc_reject.resp_ies_len =
537 len - 24 - sizeof(mgmt->u.assoc_resp);
539 event.assoc_reject.status_code = status;
541 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
546 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
548 os_memset(&event, 0, sizeof(event));
549 if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
550 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
551 event.assoc_info.resp_ies_len =
552 len - 24 - sizeof(mgmt->u.assoc_resp);
555 event.assoc_info.freq = drv->assoc_freq;
557 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
561 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
562 enum nl80211_commands cmd, struct nlattr *status,
563 struct nlattr *addr, struct nlattr *req_ie,
564 struct nlattr *resp_ie)
566 union wpa_event_data event;
568 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
570 * Avoid reporting two association events that would confuse
573 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) "
574 "when using userspace SME", cmd);
578 os_memset(&event, 0, sizeof(event));
579 if (cmd == NL80211_CMD_CONNECT &&
580 nla_get_u16(status) != WLAN_STATUS_SUCCESS) {
582 event.assoc_reject.resp_ies = nla_data(resp_ie);
583 event.assoc_reject.resp_ies_len = nla_len(resp_ie);
585 event.assoc_reject.status_code = nla_get_u16(status);
586 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event);
592 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN);
595 event.assoc_info.req_ies = nla_data(req_ie);
596 event.assoc_info.req_ies_len = nla_len(req_ie);
599 event.assoc_info.resp_ies = nla_data(resp_ie);
600 event.assoc_info.resp_ies_len = nla_len(resp_ie);
603 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
607 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv,
608 enum nl80211_commands cmd, struct nlattr *addr)
610 union wpa_event_data event;
611 enum wpa_event_type ev;
613 if (nla_len(addr) != ETH_ALEN)
616 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR,
617 cmd, MAC2STR((u8 *) nla_data(addr)));
619 if (cmd == NL80211_CMD_AUTHENTICATE)
620 ev = EVENT_AUTH_TIMED_OUT;
621 else if (cmd == NL80211_CMD_ASSOCIATE)
622 ev = EVENT_ASSOC_TIMED_OUT;
626 os_memset(&event, 0, sizeof(event));
627 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN);
628 wpa_supplicant_event(drv->ctx, ev, &event);
632 static void mlme_event_action(struct wpa_driver_nl80211_data *drv,
633 struct nlattr *freq, const u8 *frame, size_t len)
635 const struct ieee80211_mgmt *mgmt;
636 union wpa_event_data event;
639 mgmt = (const struct ieee80211_mgmt *) frame;
641 wpa_printf(MSG_DEBUG, "nl80211: Too short action frame");
645 fc = le_to_host16(mgmt->frame_control);
646 stype = WLAN_FC_GET_STYPE(fc);
648 os_memset(&event, 0, sizeof(event));
649 event.rx_action.da = mgmt->da;
650 event.rx_action.sa = mgmt->sa;
651 event.rx_action.bssid = mgmt->bssid;
652 event.rx_action.category = mgmt->u.action.category;
653 event.rx_action.data = &mgmt->u.action.category + 1;
654 event.rx_action.len = frame + len - event.rx_action.data;
656 event.rx_action.freq = nla_get_u32(freq);
657 wpa_supplicant_event(drv->ctx, EVENT_RX_ACTION, &event);
661 static void mlme_event_action_tx_status(struct wpa_driver_nl80211_data *drv,
662 struct nlattr *cookie, const u8 *frame,
663 size_t len, struct nlattr *ack)
665 union wpa_event_data event;
666 const struct ieee80211_hdr *hdr;
673 cookie_val = nla_get_u64(cookie);
674 wpa_printf(MSG_DEBUG, "nl80211: Action TX status: cookie=0%llx%s",
675 (long long unsigned int) cookie_val,
676 cookie_val == drv->send_action_cookie ?
677 " (match)" : " (unknown)");
678 if (cookie_val != drv->send_action_cookie)
681 hdr = (const struct ieee80211_hdr *) frame;
682 fc = le_to_host16(hdr->frame_control);
684 os_memset(&event, 0, sizeof(event));
685 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
686 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
687 event.tx_status.dst = hdr->addr1;
688 event.tx_status.data = frame;
689 event.tx_status.data_len = len;
690 event.tx_status.ack = ack != NULL;
691 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event);
695 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv,
696 enum wpa_event_type type,
697 const u8 *frame, size_t len)
699 const struct ieee80211_mgmt *mgmt;
700 union wpa_event_data event;
701 const u8 *bssid = NULL;
704 mgmt = (const struct ieee80211_mgmt *) frame;
708 if (drv->associated != 0 &&
709 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 &&
710 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) {
712 * We have presumably received this deauth as a
713 * response to a clear_state_mismatch() outgoing
714 * deauth. Don't let it take us offline!
716 wpa_printf(MSG_DEBUG, "nl80211: Deauth received "
717 "from Unknown BSSID " MACSTR " -- ignoring",
724 os_memset(&event, 0, sizeof(event));
726 /* Note: Same offset for Reason Code in both frame subtypes */
727 if (len >= 24 + sizeof(mgmt->u.deauth))
728 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
730 if (type == EVENT_DISASSOC) {
731 event.disassoc_info.addr = bssid;
732 event.disassoc_info.reason_code = reason_code;
734 event.deauth_info.addr = bssid;
735 event.deauth_info.reason_code = reason_code;
738 wpa_supplicant_event(drv->ctx, type, &event);
742 static void mlme_event(struct wpa_driver_nl80211_data *drv,
743 enum nl80211_commands cmd, struct nlattr *frame,
744 struct nlattr *addr, struct nlattr *timed_out,
745 struct nlattr *freq, struct nlattr *ack,
746 struct nlattr *cookie)
748 if (timed_out && addr) {
749 mlme_timeout_event(drv, cmd, addr);
754 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame "
759 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd);
760 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
761 nla_data(frame), nla_len(frame));
764 case NL80211_CMD_AUTHENTICATE:
765 mlme_event_auth(drv, nla_data(frame), nla_len(frame));
767 case NL80211_CMD_ASSOCIATE:
768 mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
770 case NL80211_CMD_DEAUTHENTICATE:
771 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH,
772 nla_data(frame), nla_len(frame));
774 case NL80211_CMD_DISASSOCIATE:
775 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC,
776 nla_data(frame), nla_len(frame));
778 case NL80211_CMD_ACTION:
779 mlme_event_action(drv, freq, nla_data(frame), nla_len(frame));
781 case NL80211_CMD_ACTION_TX_STATUS:
782 mlme_event_action_tx_status(drv, cookie, nla_data(frame),
783 nla_len(frame), ack);
791 static void mlme_event_michael_mic_failure(struct wpa_driver_nl80211_data *drv,
794 union wpa_event_data data;
796 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure");
797 os_memset(&data, 0, sizeof(data));
798 if (tb[NL80211_ATTR_MAC]) {
799 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address",
800 nla_data(tb[NL80211_ATTR_MAC]),
801 nla_len(tb[NL80211_ATTR_MAC]));
802 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]);
804 if (tb[NL80211_ATTR_KEY_SEQ]) {
805 wpa_hexdump(MSG_DEBUG, "nl80211: TSC",
806 nla_data(tb[NL80211_ATTR_KEY_SEQ]),
807 nla_len(tb[NL80211_ATTR_KEY_SEQ]));
809 if (tb[NL80211_ATTR_KEY_TYPE]) {
810 enum nl80211_key_type key_type =
811 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]);
812 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type);
813 if (key_type == NL80211_KEYTYPE_PAIRWISE)
814 data.michael_mic_failure.unicast = 1;
816 data.michael_mic_failure.unicast = 1;
818 if (tb[NL80211_ATTR_KEY_IDX]) {
819 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]);
820 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id);
823 wpa_supplicant_event(drv->ctx, EVENT_MICHAEL_MIC_FAILURE, &data);
827 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv,
830 if (tb[NL80211_ATTR_MAC] == NULL) {
831 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined "
835 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN);
837 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined",
838 MAC2STR(drv->bssid));
840 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL);
844 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv,
845 int cancel_event, struct nlattr *tb[])
847 unsigned int freq, chan_type, duration;
848 union wpa_event_data data;
851 if (tb[NL80211_ATTR_WIPHY_FREQ])
852 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
856 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
857 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
861 if (tb[NL80211_ATTR_DURATION])
862 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]);
866 if (tb[NL80211_ATTR_COOKIE])
867 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
871 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d "
872 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))",
873 cancel_event, freq, chan_type, duration,
874 (long long unsigned int) cookie,
875 cookie == drv->remain_on_chan_cookie ? "match" : "unknown");
877 if (cookie != drv->remain_on_chan_cookie)
878 return; /* not for us */
880 drv->pending_remain_on_chan = !cancel_event;
882 os_memset(&data, 0, sizeof(data));
883 data.remain_on_channel.freq = freq;
884 data.remain_on_channel.duration = duration;
885 wpa_supplicant_event(drv->ctx, cancel_event ?
886 EVENT_CANCEL_REMAIN_ON_CHANNEL :
887 EVENT_REMAIN_ON_CHANNEL, &data);
891 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted,
894 union wpa_event_data event;
897 struct scan_info *info;
898 #define MAX_REPORT_FREQS 50
899 int freqs[MAX_REPORT_FREQS];
902 os_memset(&event, 0, sizeof(event));
903 info = &event.scan_info;
904 info->aborted = aborted;
906 if (tb[NL80211_ATTR_SCAN_SSIDS]) {
907 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) {
908 struct wpa_driver_scan_ssid *s =
909 &info->ssids[info->num_ssids];
910 s->ssid = nla_data(nl);
911 s->ssid_len = nla_len(nl);
913 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS)
917 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) {
918 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem)
920 freqs[num_freqs] = nla_get_u32(nl);
922 if (num_freqs == MAX_REPORT_FREQS - 1)
926 info->num_freqs = num_freqs;
928 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event);
932 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv,
935 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
936 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
937 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 },
938 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
940 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1];
941 enum nl80211_cqm_rssi_threshold_event event;
942 union wpa_event_data ed;
944 if (tb[NL80211_ATTR_CQM] == NULL ||
945 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM],
947 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event");
951 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL)
953 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]);
955 os_memset(&ed, 0, sizeof(ed));
957 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) {
958 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
960 ed.signal_change.above_threshold = 1;
961 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) {
962 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor "
964 ed.signal_change.above_threshold = 0;
968 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed);
972 static int process_event(struct nl_msg *msg, void *arg)
974 struct wpa_driver_nl80211_data *drv = arg;
975 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
976 struct nlattr *tb[NL80211_ATTR_MAX + 1];
977 union wpa_event_data data;
979 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
980 genlmsg_attrlen(gnlh, 0), NULL);
982 if (tb[NL80211_ATTR_IFINDEX]) {
983 int ifindex = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
984 if (ifindex != drv->ifindex && !have_ifidx(drv, ifindex)) {
985 wpa_printf(MSG_DEBUG, "nl80211: Ignored event (cmd=%d)"
986 " for foreign interface (ifindex %d)",
992 if (drv->ap_scan_as_station &&
993 (gnlh->cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
994 gnlh->cmd == NL80211_CMD_SCAN_ABORTED)) {
995 wpa_driver_nl80211_set_mode(&drv->first_bss,
997 drv->ap_scan_as_station = 0;
1000 switch (gnlh->cmd) {
1001 case NL80211_CMD_TRIGGER_SCAN:
1002 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger");
1004 case NL80211_CMD_NEW_SCAN_RESULTS:
1005 wpa_printf(MSG_DEBUG, "nl80211: New scan results available");
1006 drv->scan_complete_events = 1;
1007 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
1009 send_scan_event(drv, 0, tb);
1011 case NL80211_CMD_SCAN_ABORTED:
1012 wpa_printf(MSG_DEBUG, "nl80211: Scan aborted");
1014 * Need to indicate that scan results are available in order
1015 * not to make wpa_supplicant stop its scanning.
1017 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv,
1019 send_scan_event(drv, 1, tb);
1021 case NL80211_CMD_AUTHENTICATE:
1022 case NL80211_CMD_ASSOCIATE:
1023 case NL80211_CMD_DEAUTHENTICATE:
1024 case NL80211_CMD_DISASSOCIATE:
1025 case NL80211_CMD_ACTION:
1026 case NL80211_CMD_ACTION_TX_STATUS:
1027 mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME],
1028 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT],
1029 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK],
1030 tb[NL80211_ATTR_COOKIE]);
1032 case NL80211_CMD_CONNECT:
1033 case NL80211_CMD_ROAM:
1034 mlme_event_connect(drv, gnlh->cmd,
1035 tb[NL80211_ATTR_STATUS_CODE],
1036 tb[NL80211_ATTR_MAC],
1037 tb[NL80211_ATTR_REQ_IE],
1038 tb[NL80211_ATTR_RESP_IE]);
1040 case NL80211_CMD_DISCONNECT:
1041 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1043 * Avoid reporting two disassociation events that could
1044 * confuse the core code.
1046 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect "
1047 "event when using userspace SME");
1050 drv->associated = 0;
1051 os_memset(&data, 0, sizeof(data));
1052 if (tb[NL80211_ATTR_REASON_CODE])
1053 data.disassoc_info.reason_code =
1054 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]);
1055 wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, &data);
1057 case NL80211_CMD_MICHAEL_MIC_FAILURE:
1058 mlme_event_michael_mic_failure(drv, tb);
1060 case NL80211_CMD_JOIN_IBSS:
1061 mlme_event_join_ibss(drv, tb);
1063 case NL80211_CMD_REMAIN_ON_CHANNEL:
1064 mlme_event_remain_on_channel(drv, 0, tb);
1066 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL:
1067 mlme_event_remain_on_channel(drv, 1, tb);
1069 case NL80211_CMD_NOTIFY_CQM:
1070 nl80211_cqm_event(drv, tb);
1073 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
1074 "(cmd=%d)", gnlh->cmd);
1082 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
1086 struct wpa_driver_nl80211_data *drv = eloop_ctx;
1088 wpa_printf(MSG_DEBUG, "nl80211: Event message available");
1090 cb = nl_cb_clone(drv->nl_cb);
1093 nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, no_seq_check, NULL);
1094 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, process_event, drv);
1095 nl_recvmsgs(drv->nl_handle_event, cb);
1101 * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
1102 * @priv: driver_nl80211 private data
1103 * @alpha2_arg: country to which to switch to
1104 * Returns: 0 on success, -1 on failure
1106 * This asks nl80211 to set the regulatory domain for given
1107 * country ISO / IEC alpha2.
1109 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
1111 struct i802_bss *bss = priv;
1112 struct wpa_driver_nl80211_data *drv = bss->drv;
1116 msg = nlmsg_alloc();
1120 alpha2[0] = alpha2_arg[0];
1121 alpha2[1] = alpha2_arg[1];
1124 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1125 0, NL80211_CMD_REQ_SET_REG, 0);
1127 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, alpha2);
1128 if (send_and_recv_msgs(drv, msg, NULL, NULL))
1137 struct wiphy_info_data {
1141 int connect_supported;
1145 static int wiphy_info_handler(struct nl_msg *msg, void *arg)
1147 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1148 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1149 struct wiphy_info_data *info = arg;
1151 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1152 genlmsg_attrlen(gnlh, 0), NULL);
1154 if (tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS])
1155 info->max_scan_ssids =
1156 nla_get_u8(tb[NL80211_ATTR_MAX_NUM_SCAN_SSIDS]);
1158 if (tb[NL80211_ATTR_SUPPORTED_IFTYPES]) {
1159 struct nlattr *nl_mode;
1161 nla_for_each_nested(nl_mode,
1162 tb[NL80211_ATTR_SUPPORTED_IFTYPES], i) {
1163 if (nl_mode->nla_type == NL80211_IFTYPE_AP) {
1164 info->ap_supported = 1;
1170 if (tb[NL80211_ATTR_SUPPORTED_COMMANDS]) {
1171 struct nlattr *nl_cmd;
1174 nla_for_each_nested(nl_cmd,
1175 tb[NL80211_ATTR_SUPPORTED_COMMANDS], i) {
1176 u32 cmd = nla_get_u32(nl_cmd);
1177 if (cmd == NL80211_CMD_AUTHENTICATE)
1178 info->auth_supported = 1;
1179 else if (cmd == NL80211_CMD_CONNECT)
1180 info->connect_supported = 1;
1188 static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
1189 struct wiphy_info_data *info)
1193 os_memset(info, 0, sizeof(*info));
1194 msg = nlmsg_alloc();
1198 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1199 0, NL80211_CMD_GET_WIPHY, 0);
1201 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->first_bss.ifindex);
1203 if (send_and_recv_msgs(drv, msg, wiphy_info_handler, info) == 0)
1212 static int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv)
1214 struct wiphy_info_data info;
1215 if (wpa_driver_nl80211_get_info(drv, &info))
1217 drv->has_capability = 1;
1218 /* For now, assume TKIP, CCMP, WPA, WPA2 are supported */
1219 drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA |
1220 WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
1221 WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
1222 WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
1223 drv->capa.enc = WPA_DRIVER_CAPA_ENC_WEP40 |
1224 WPA_DRIVER_CAPA_ENC_WEP104 |
1225 WPA_DRIVER_CAPA_ENC_TKIP |
1226 WPA_DRIVER_CAPA_ENC_CCMP;
1227 drv->capa.auth = WPA_DRIVER_AUTH_OPEN |
1228 WPA_DRIVER_AUTH_SHARED |
1229 WPA_DRIVER_AUTH_LEAP;
1231 drv->capa.max_scan_ssids = info.max_scan_ssids;
1232 if (info.ap_supported)
1233 drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
1235 if (info.auth_supported)
1236 drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
1237 else if (!info.connect_supported) {
1238 wpa_printf(MSG_INFO, "nl80211: Driver does not support "
1239 "authentication/association or connect commands");
1243 drv->capa.flags |= WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE;
1244 drv->capa.max_remain_on_chan = 5000;
1248 #endif /* HOSTAPD */
1251 static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv,
1256 /* Initialize generic netlink and nl80211 */
1258 drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1259 if (drv->nl_cb == NULL) {
1260 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1265 drv->nl_handle = nl_handle_alloc_cb(drv->nl_cb);
1266 if (drv->nl_handle == NULL) {
1267 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1272 drv->nl_handle_event = nl_handle_alloc_cb(drv->nl_cb);
1273 if (drv->nl_handle_event == NULL) {
1274 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1275 "callbacks (event)");
1279 if (genl_connect(drv->nl_handle)) {
1280 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1285 if (genl_connect(drv->nl_handle_event)) {
1286 wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
1291 #ifdef CONFIG_LIBNL20
1292 if (genl_ctrl_alloc_cache(drv->nl_handle, &drv->nl_cache) < 0) {
1293 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1297 if (genl_ctrl_alloc_cache(drv->nl_handle_event, &drv->nl_cache_event) <
1299 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1300 "netlink cache (event)");
1303 #else /* CONFIG_LIBNL20 */
1304 drv->nl_cache = genl_ctrl_alloc_cache(drv->nl_handle);
1305 if (drv->nl_cache == NULL) {
1306 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1310 drv->nl_cache_event = genl_ctrl_alloc_cache(drv->nl_handle_event);
1311 if (drv->nl_cache_event == NULL) {
1312 wpa_printf(MSG_ERROR, "nl80211: Failed to allocate generic "
1313 "netlink cache (event)");
1316 #endif /* CONFIG_LIBNL20 */
1318 drv->nl80211 = genl_ctrl_search_by_name(drv->nl_cache, "nl80211");
1319 if (drv->nl80211 == NULL) {
1320 wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
1325 ret = nl_get_multicast_id(drv, "nl80211", "scan");
1327 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1329 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1330 "membership for scan events: %d (%s)",
1331 ret, strerror(-ret));
1335 ret = nl_get_multicast_id(drv, "nl80211", "mlme");
1337 ret = nl_socket_add_membership(drv->nl_handle_event, ret);
1339 wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1340 "membership for mlme events: %d (%s)",
1341 ret, strerror(-ret));
1345 eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle_event),
1346 wpa_driver_nl80211_event_receive, drv, ctx);
1351 nl_cache_free(drv->nl_cache_event);
1353 nl_cache_free(drv->nl_cache);
1355 nl_handle_destroy(drv->nl_handle_event);
1357 nl_handle_destroy(drv->nl_handle);
1359 nl_cb_put(drv->nl_cb);
1366 * wpa_driver_nl80211_init - Initialize nl80211 driver interface
1367 * @ctx: context to be used when calling wpa_supplicant functions,
1368 * e.g., wpa_supplicant_event()
1369 * @ifname: interface name, e.g., wlan0
1370 * Returns: Pointer to private data, %NULL on failure
1372 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname)
1374 struct wpa_driver_nl80211_data *drv;
1375 struct netlink_config *cfg;
1376 struct i802_bss *bss;
1378 drv = os_zalloc(sizeof(*drv));
1382 bss = &drv->first_bss;
1384 os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
1385 drv->monitor_ifidx = -1;
1386 drv->monitor_sock = -1;
1387 drv->ioctl_sock = -1;
1389 if (wpa_driver_nl80211_init_nl(drv, ctx)) {
1394 drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
1395 if (drv->ioctl_sock < 0) {
1396 perror("socket(PF_INET,SOCK_DGRAM)");
1400 cfg = os_zalloc(sizeof(*cfg));
1404 cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
1405 cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
1406 drv->netlink = netlink_init(cfg);
1407 if (drv->netlink == NULL) {
1411 if (wpa_driver_nl80211_finish_drv_init(drv))
1417 netlink_deinit(drv->netlink);
1418 if (drv->ioctl_sock >= 0)
1419 close(drv->ioctl_sock);
1421 genl_family_put(drv->nl80211);
1422 nl_cache_free(drv->nl_cache);
1423 nl_handle_destroy(drv->nl_handle);
1424 nl_cb_put(drv->nl_cb);
1425 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event));
1432 static int nl80211_register_action_frame(struct wpa_driver_nl80211_data *drv,
1433 const u8 *match, size_t match_len)
1438 msg = nlmsg_alloc();
1442 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1443 NL80211_CMD_REGISTER_ACTION, 0);
1445 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1446 NLA_PUT(msg, NL80211_ATTR_FRAME_MATCH, match_len, match);
1448 ret = send_and_recv(drv, drv->nl_handle_event, msg, NULL, NULL);
1451 wpa_printf(MSG_DEBUG, "nl80211: Register Action command "
1452 "failed: ret=%d (%s)", ret, strerror(-ret));
1453 wpa_hexdump(MSG_DEBUG, "nl80211: Register Action match",
1455 goto nla_put_failure;
1464 static int nl80211_register_action_frames(struct wpa_driver_nl80211_data *drv)
1466 /* FT Action frames */
1467 if (nl80211_register_action_frame(drv, (u8 *) "\x06", 1) < 0)
1470 drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
1471 WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
1478 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv)
1480 struct i802_bss *bss = &drv->first_bss;
1482 drv->ifindex = if_nametoindex(bss->ifname);
1483 drv->first_bss.ifindex = drv->ifindex;
1486 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA) < 0) {
1487 wpa_printf(MSG_DEBUG, "nl80211: Could not configure driver to "
1488 "use managed mode");
1491 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) {
1492 wpa_printf(MSG_ERROR, "Could not set interface '%s' UP",
1497 if (wpa_driver_nl80211_capa(drv))
1500 netlink_send_oper_ifla(drv->netlink, drv->ifindex,
1501 1, IF_OPER_DORMANT);
1502 #endif /* HOSTAPD */
1504 if (nl80211_register_action_frames(drv) < 0) {
1505 wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
1506 "frame processing - ignore for now");
1508 * Older kernel versions did not support this, so ignore the
1509 * error for now. Some functionality may not be available
1518 static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
1522 msg = nlmsg_alloc();
1526 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
1527 0, NL80211_CMD_DEL_BEACON, 0);
1528 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1530 return send_and_recv_msgs(drv, msg, NULL, NULL);
1537 * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
1538 * @priv: Pointer to private nl80211 data from wpa_driver_nl80211_init()
1540 * Shut down driver interface and processing of driver events. Free
1541 * private data buffer if one was allocated in wpa_driver_nl80211_init().
1543 static void wpa_driver_nl80211_deinit(void *priv)
1545 struct i802_bss *bss = priv;
1546 struct wpa_driver_nl80211_data *drv = bss->drv;
1548 if (drv->added_if_into_bridge) {
1549 if (linux_br_del_if(drv->ioctl_sock, drv->brname, bss->ifname)
1551 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
1552 "interface %s from bridge %s: %s",
1553 bss->ifname, drv->brname, strerror(errno));
1555 if (drv->added_bridge) {
1556 if (linux_br_del(drv->ioctl_sock, drv->brname) < 0)
1557 wpa_printf(MSG_INFO, "nl80211: Failed to remove "
1559 drv->brname, strerror(errno));
1562 nl80211_remove_monitor_interface(drv);
1564 if (drv->nlmode == NL80211_IFTYPE_AP)
1565 wpa_driver_nl80211_del_beacon(drv);
1568 if (drv->last_freq_ht) {
1569 /* Clear HT flags from the driver */
1570 struct hostapd_freq_params freq;
1571 os_memset(&freq, 0, sizeof(freq));
1572 freq.freq = drv->last_freq;
1573 i802_set_freq(priv, &freq);
1576 if (drv->eapol_sock >= 0) {
1577 eloop_unregister_read_sock(drv->eapol_sock);
1578 close(drv->eapol_sock);
1581 if (drv->if_indices != drv->default_if_indices)
1582 os_free(drv->if_indices);
1583 #endif /* HOSTAPD */
1585 if (drv->disable_11b_rates)
1586 nl80211_disable_11b_rates(drv, drv->ifindex, 0);
1588 netlink_send_oper_ifla(drv->netlink, drv->ifindex, 0, IF_OPER_UP);
1589 netlink_deinit(drv->netlink);
1591 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1593 (void) linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0);
1594 wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_INFRA);
1596 if (drv->ioctl_sock >= 0)
1597 close(drv->ioctl_sock);
1599 eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle_event));
1600 genl_family_put(drv->nl80211);
1601 nl_cache_free(drv->nl_cache);
1602 nl_cache_free(drv->nl_cache_event);
1603 nl_handle_destroy(drv->nl_handle);
1604 nl_handle_destroy(drv->nl_handle_event);
1605 nl_cb_put(drv->nl_cb);
1607 eloop_cancel_timeout(wpa_driver_nl80211_probe_req_report_timeout,
1610 os_free(drv->filter_ssids);
1617 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
1618 * @eloop_ctx: Driver private data
1619 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
1621 * This function can be used as registered timeout when starting a scan to
1622 * generate a scan completed event if the driver does not report this.
1624 static void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1626 struct wpa_driver_nl80211_data *drv = eloop_ctx;
1627 if (drv->ap_scan_as_station) {
1628 wpa_driver_nl80211_set_mode(&drv->first_bss,
1630 drv->ap_scan_as_station = 0;
1632 wpa_printf(MSG_DEBUG, "Scan timeout - try to get results");
1633 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
1638 * wpa_driver_nl80211_scan - Request the driver to initiate scan
1639 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
1640 * @params: Scan parameters
1641 * Returns: 0 on success, -1 on failure
1643 static int wpa_driver_nl80211_scan(void *priv,
1644 struct wpa_driver_scan_params *params)
1646 struct i802_bss *bss = priv;
1647 struct wpa_driver_nl80211_data *drv = bss->drv;
1648 int ret = 0, timeout;
1649 struct nl_msg *msg, *ssids, *freqs;
1652 msg = nlmsg_alloc();
1653 ssids = nlmsg_alloc();
1654 freqs = nlmsg_alloc();
1655 if (!msg || !ssids || !freqs) {
1662 os_free(drv->filter_ssids);
1663 drv->filter_ssids = params->filter_ssids;
1664 params->filter_ssids = NULL;
1665 drv->num_filter_ssids = params->num_filter_ssids;
1667 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
1668 NL80211_CMD_TRIGGER_SCAN, 0);
1670 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
1672 for (i = 0; i < params->num_ssids; i++) {
1673 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID",
1674 params->ssids[i].ssid,
1675 params->ssids[i].ssid_len);
1676 NLA_PUT(ssids, i + 1, params->ssids[i].ssid_len,
1677 params->ssids[i].ssid);
1679 if (params->num_ssids)
1680 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
1682 if (params->extra_ies) {
1683 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan extra IEs",
1684 params->extra_ies, params->extra_ies_len);
1685 NLA_PUT(msg, NL80211_ATTR_IE, params->extra_ies_len,
1689 if (params->freqs) {
1690 for (i = 0; params->freqs[i]; i++) {
1691 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
1692 "MHz", params->freqs[i]);
1693 NLA_PUT_U32(freqs, i + 1, params->freqs[i]);
1695 nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs);
1698 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1701 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
1702 "(%s)", ret, strerror(-ret));
1704 if (drv->nlmode == NL80211_IFTYPE_AP) {
1706 * mac80211 does not allow scan requests in AP mode, so
1707 * try to do this in station mode.
1709 if (wpa_driver_nl80211_set_mode(bss,
1710 IEEE80211_MODE_INFRA))
1711 goto nla_put_failure;
1713 if (wpa_driver_nl80211_scan(drv, params)) {
1714 wpa_driver_nl80211_set_mode(bss,
1716 goto nla_put_failure;
1719 /* Restore AP mode when processing scan results */
1720 drv->ap_scan_as_station = 1;
1723 goto nla_put_failure;
1725 goto nla_put_failure;
1726 #endif /* HOSTAPD */
1729 /* Not all drivers generate "scan completed" wireless event, so try to
1730 * read results after a timeout. */
1732 if (drv->scan_complete_events) {
1734 * The driver seems to deliver events to notify when scan is
1735 * complete, so use longer timeout to avoid race conditions
1736 * with scanning and following association request.
1740 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
1741 "seconds", ret, timeout);
1742 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1743 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
1754 static const u8 * nl80211_get_ie(const u8 *ies, size_t ies_len, u8 ie)
1756 const u8 *end, *pos;
1762 end = ies + ies_len;
1764 while (pos + 1 < end) {
1765 if (pos + 2 + pos[1] > end)
1776 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
1777 const u8 *ie, size_t ie_len)
1782 if (drv->filter_ssids == NULL)
1785 ssid = nl80211_get_ie(ie, ie_len, WLAN_EID_SSID);
1789 for (i = 0; i < drv->num_filter_ssids; i++) {
1790 if (ssid[1] == drv->filter_ssids[i].ssid_len &&
1791 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
1800 struct nl80211_bss_info_arg {
1801 struct wpa_driver_nl80211_data *drv;
1802 struct wpa_scan_results *res;
1805 static int bss_info_handler(struct nl_msg *msg, void *arg)
1807 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1808 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1809 struct nlattr *bss[NL80211_BSS_MAX + 1];
1810 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
1811 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
1812 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
1813 [NL80211_BSS_TSF] = { .type = NLA_U64 },
1814 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
1815 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
1816 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
1817 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
1818 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
1819 [NL80211_BSS_STATUS] = { .type = NLA_U32 },
1820 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
1821 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
1823 struct nl80211_bss_info_arg *_arg = arg;
1824 struct wpa_scan_results *res = _arg->res;
1825 struct wpa_scan_res **tmp;
1826 struct wpa_scan_res *r;
1827 const u8 *ie, *beacon_ie;
1828 size_t ie_len, beacon_ie_len;
1831 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1832 genlmsg_attrlen(gnlh, 0), NULL);
1833 if (!tb[NL80211_ATTR_BSS])
1835 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
1838 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
1839 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1840 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1845 if (bss[NL80211_BSS_BEACON_IES]) {
1846 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
1847 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
1853 if (nl80211_scan_filtered(_arg->drv, ie ? ie : beacon_ie,
1854 ie ? ie_len : beacon_ie_len))
1857 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
1860 if (bss[NL80211_BSS_BSSID])
1861 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
1863 if (bss[NL80211_BSS_FREQUENCY])
1864 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
1865 if (bss[NL80211_BSS_BEACON_INTERVAL])
1866 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
1867 if (bss[NL80211_BSS_CAPABILITY])
1868 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
1869 r->flags |= WPA_SCAN_NOISE_INVALID;
1870 if (bss[NL80211_BSS_SIGNAL_MBM]) {
1871 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
1872 r->level /= 100; /* mBm to dBm */
1873 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
1874 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
1875 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
1876 r->flags |= WPA_SCAN_LEVEL_INVALID;
1878 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
1879 if (bss[NL80211_BSS_TSF])
1880 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
1881 if (bss[NL80211_BSS_SEEN_MS_AGO])
1882 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
1884 pos = (u8 *) (r + 1);
1886 os_memcpy(pos, ie, ie_len);
1889 r->beacon_ie_len = beacon_ie_len;
1891 os_memcpy(pos, beacon_ie, beacon_ie_len);
1893 if (bss[NL80211_BSS_STATUS]) {
1894 enum nl80211_bss_status status;
1895 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
1897 case NL80211_BSS_STATUS_AUTHENTICATED:
1898 r->flags |= WPA_SCAN_AUTHENTICATED;
1900 case NL80211_BSS_STATUS_ASSOCIATED:
1901 r->flags |= WPA_SCAN_ASSOCIATED;
1908 tmp = os_realloc(res->res,
1909 (res->num + 1) * sizeof(struct wpa_scan_res *));
1914 tmp[res->num++] = r;
1921 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
1924 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
1925 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
1926 "mismatch (" MACSTR ")", MAC2STR(addr));
1927 wpa_driver_nl80211_mlme(drv, addr,
1928 NL80211_CMD_DEAUTHENTICATE,
1929 WLAN_REASON_PREV_AUTH_NOT_VALID, 1);
1934 static void wpa_driver_nl80211_check_bss_status(
1935 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
1939 for (i = 0; i < res->num; i++) {
1940 struct wpa_scan_res *r = res->res[i];
1941 if (r->flags & WPA_SCAN_AUTHENTICATED) {
1942 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
1943 "indicates BSS status with " MACSTR
1944 " as authenticated",
1946 if (drv->nlmode == NL80211_IFTYPE_STATION &&
1947 os_memcmp(r->bssid, drv->bssid, ETH_ALEN) != 0 &&
1948 os_memcmp(r->bssid, drv->auth_bssid, ETH_ALEN) !=
1950 wpa_printf(MSG_DEBUG, "nl80211: Unknown BSSID"
1951 " in local state (auth=" MACSTR
1952 " assoc=" MACSTR ")",
1953 MAC2STR(drv->auth_bssid),
1954 MAC2STR(drv->bssid));
1955 clear_state_mismatch(drv, r->bssid);
1959 if (r->flags & WPA_SCAN_ASSOCIATED) {
1960 wpa_printf(MSG_DEBUG, "nl80211: Scan results "
1961 "indicate BSS status with " MACSTR
1964 if (drv->nlmode == NL80211_IFTYPE_STATION &&
1966 wpa_printf(MSG_DEBUG, "nl80211: Local state "
1967 "(not associated) does not match "
1969 clear_state_mismatch(drv, r->bssid);
1970 } else if (drv->nlmode == NL80211_IFTYPE_STATION &&
1971 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) !=
1973 wpa_printf(MSG_DEBUG, "nl80211: Local state "
1974 "(associated with " MACSTR ") does "
1975 "not match with BSS state",
1976 MAC2STR(drv->bssid));
1977 clear_state_mismatch(drv, r->bssid);
1978 clear_state_mismatch(drv, drv->bssid);
1985 static void wpa_scan_results_free(struct wpa_scan_results *res)
1992 for (i = 0; i < res->num; i++)
1993 os_free(res->res[i]);
1999 static struct wpa_scan_results *
2000 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv)
2003 struct wpa_scan_results *res;
2005 struct nl80211_bss_info_arg arg;
2007 res = os_zalloc(sizeof(*res));
2010 msg = nlmsg_alloc();
2012 goto nla_put_failure;
2014 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, NLM_F_DUMP,
2015 NL80211_CMD_GET_SCAN, 0);
2016 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2020 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
2023 wpa_printf(MSG_DEBUG, "Received scan results (%lu BSSes)",
2024 (unsigned long) res->num);
2027 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
2028 "(%s)", ret, strerror(-ret));
2031 wpa_scan_results_free(res);
2037 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
2038 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
2039 * Returns: Scan results on success, -1 on failure
2041 static struct wpa_scan_results *
2042 wpa_driver_nl80211_get_scan_results(void *priv)
2044 struct i802_bss *bss = priv;
2045 struct wpa_driver_nl80211_data *drv = bss->drv;
2046 struct wpa_scan_results *res;
2048 res = nl80211_get_scan_results(drv);
2050 wpa_driver_nl80211_check_bss_status(drv, res);
2055 static void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv)
2057 struct wpa_scan_results *res;
2060 res = nl80211_get_scan_results(drv);
2062 wpa_printf(MSG_DEBUG, "nl80211: Failed to get scan results");
2066 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump");
2067 for (i = 0; i < res->num; i++) {
2068 struct wpa_scan_res *r = res->res[i];
2069 wpa_printf(MSG_DEBUG, "nl80211: %d/%d " MACSTR "%s%s",
2070 (int) i, (int) res->num, MAC2STR(r->bssid),
2071 r->flags & WPA_SCAN_AUTHENTICATED ? " [auth]" : "",
2072 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : "");
2075 wpa_scan_results_free(res);
2079 static int wpa_driver_nl80211_set_key(const char *ifname, void *priv,
2080 enum wpa_alg alg, const u8 *addr,
2081 int key_idx, int set_tx,
2082 const u8 *seq, size_t seq_len,
2083 const u8 *key, size_t key_len)
2085 struct i802_bss *bss = priv;
2086 struct wpa_driver_nl80211_data *drv = bss->drv;
2087 int ifindex = if_nametoindex(ifname);
2091 wpa_printf(MSG_DEBUG, "%s: ifindex=%d alg=%d addr=%p key_idx=%d "
2092 "set_tx=%d seq_len=%lu key_len=%lu",
2093 __func__, ifindex, alg, addr, key_idx, set_tx,
2094 (unsigned long) seq_len, (unsigned long) key_len);
2096 msg = nlmsg_alloc();
2100 if (alg == WPA_ALG_NONE) {
2101 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2102 0, NL80211_CMD_DEL_KEY, 0);
2104 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2105 0, NL80211_CMD_NEW_KEY, 0);
2106 NLA_PUT(msg, NL80211_ATTR_KEY_DATA, key_len, key);
2110 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2111 WLAN_CIPHER_SUITE_WEP40);
2113 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2114 WLAN_CIPHER_SUITE_WEP104);
2117 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2118 WLAN_CIPHER_SUITE_TKIP);
2121 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2122 WLAN_CIPHER_SUITE_CCMP);
2125 NLA_PUT_U32(msg, NL80211_ATTR_KEY_CIPHER,
2126 WLAN_CIPHER_SUITE_AES_CMAC);
2129 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
2130 "algorithm %d", __func__, alg);
2137 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
2139 if (addr && os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
2141 wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
2142 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
2144 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
2145 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
2147 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2148 if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
2151 wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
2152 ret, strerror(-ret));
2155 * If we failed or don't need to set the default TX key (below),
2158 if (ret || !set_tx || alg == WPA_ALG_NONE)
2164 if (drv->nlmode == NL80211_IFTYPE_AP && addr)
2166 #endif /* HOSTAPD */
2168 msg = nlmsg_alloc();
2172 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2173 0, NL80211_CMD_SET_KEY, 0);
2174 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
2175 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
2176 if (alg == WPA_ALG_IGTK)
2177 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT_MGMT);
2179 NLA_PUT_FLAG(msg, NL80211_ATTR_KEY_DEFAULT);
2181 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2185 wpa_printf(MSG_DEBUG, "nl80211: set_key default failed; "
2186 "err=%d %s)", ret, strerror(-ret));
2194 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
2195 int key_idx, int defkey,
2196 const u8 *seq, size_t seq_len,
2197 const u8 *key, size_t key_len)
2199 struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
2203 if (defkey && alg == WPA_ALG_IGTK)
2204 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT_MGMT);
2206 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
2208 NLA_PUT_U8(msg, NL80211_KEY_IDX, key_idx);
2213 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2214 WLAN_CIPHER_SUITE_WEP40);
2216 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2217 WLAN_CIPHER_SUITE_WEP104);
2220 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_TKIP);
2223 NLA_PUT_U32(msg, NL80211_KEY_CIPHER, WLAN_CIPHER_SUITE_CCMP);
2226 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2227 WLAN_CIPHER_SUITE_AES_CMAC);
2230 wpa_printf(MSG_ERROR, "%s: Unsupported encryption "
2231 "algorithm %d", __func__, alg);
2236 NLA_PUT(msg, NL80211_KEY_SEQ, seq_len, seq);
2238 NLA_PUT(msg, NL80211_KEY_DATA, key_len, key);
2240 nla_nest_end(msg, key_attr);
2248 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
2252 struct nlattr *nl_keys, *nl_key;
2254 for (i = 0; i < 4; i++) {
2255 if (!params->wep_key[i])
2263 NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
2265 nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
2267 goto nla_put_failure;
2269 for (i = 0; i < 4; i++) {
2270 if (!params->wep_key[i])
2273 nl_key = nla_nest_start(msg, i);
2275 goto nla_put_failure;
2277 NLA_PUT(msg, NL80211_KEY_DATA, params->wep_key_len[i],
2278 params->wep_key[i]);
2279 if (params->wep_key_len[i] == 5)
2280 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2281 WLAN_CIPHER_SUITE_WEP40);
2283 NLA_PUT_U32(msg, NL80211_KEY_CIPHER,
2284 WLAN_CIPHER_SUITE_WEP104);
2286 NLA_PUT_U8(msg, NL80211_KEY_IDX, i);
2288 if (i == params->wep_tx_keyidx)
2289 NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
2291 nla_nest_end(msg, nl_key);
2293 nla_nest_end(msg, nl_keys);
2302 static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
2303 const u8 *addr, int cmd, u16 reason_code,
2304 int local_state_change)
2309 msg = nlmsg_alloc();
2313 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0);
2315 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2316 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
2317 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
2318 if (local_state_change)
2319 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
2321 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2324 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
2325 "(%s)", ret, strerror(-ret));
2326 goto nla_put_failure;
2336 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
2337 const u8 *addr, int reason_code)
2339 wpa_printf(MSG_DEBUG, "%s", __func__);
2340 drv->associated = 0;
2341 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISCONNECT,
2346 static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
2349 struct i802_bss *bss = priv;
2350 struct wpa_driver_nl80211_data *drv = bss->drv;
2351 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
2352 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
2353 wpa_printf(MSG_DEBUG, "%s", __func__);
2354 drv->associated = 0;
2355 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
2360 static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
2363 struct i802_bss *bss = priv;
2364 struct wpa_driver_nl80211_data *drv = bss->drv;
2365 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
2366 return wpa_driver_nl80211_disconnect(drv, addr, reason_code);
2367 wpa_printf(MSG_DEBUG, "%s", __func__);
2368 drv->associated = 0;
2369 return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE,
2374 static int wpa_driver_nl80211_authenticate(
2375 void *priv, struct wpa_driver_auth_params *params)
2377 struct i802_bss *bss = priv;
2378 struct wpa_driver_nl80211_data *drv = bss->drv;
2381 enum nl80211_auth_type type;
2384 drv->associated = 0;
2385 os_memset(drv->auth_bssid, 0, ETH_ALEN);
2386 /* FIX: IBSS mode */
2387 if (drv->nlmode != NL80211_IFTYPE_STATION)
2388 wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA);
2390 if (wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA) < 0)
2394 msg = nlmsg_alloc();
2398 wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
2401 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2402 NL80211_CMD_AUTHENTICATE, 0);
2404 for (i = 0; i < 4; i++) {
2405 if (!params->wep_key[i])
2407 wpa_driver_nl80211_set_key(bss->ifname, priv, WPA_ALG_WEP,
2409 i == params->wep_tx_keyidx, NULL, 0,
2411 params->wep_key_len[i]);
2412 if (params->wep_tx_keyidx != i)
2414 if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
2415 params->wep_key[i], params->wep_key_len[i])) {
2421 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2422 if (params->bssid) {
2423 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
2424 MAC2STR(params->bssid));
2425 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
2428 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
2429 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
2432 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
2433 params->ssid, params->ssid_len);
2434 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
2437 wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
2439 NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
2440 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
2441 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
2442 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
2443 type = NL80211_AUTHTYPE_SHARED_KEY;
2444 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
2445 type = NL80211_AUTHTYPE_NETWORK_EAP;
2446 else if (params->auth_alg & WPA_AUTH_ALG_FT)
2447 type = NL80211_AUTHTYPE_FT;
2449 goto nla_put_failure;
2450 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
2451 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
2452 if (params->local_state_change) {
2453 wpa_printf(MSG_DEBUG, " * Local state change only");
2454 NLA_PUT_FLAG(msg, NL80211_ATTR_LOCAL_STATE_CHANGE);
2457 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2460 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
2461 "(%s)", ret, strerror(-ret));
2463 if (ret == -EALREADY && count == 1 && params->bssid &&
2464 !params->local_state_change) {
2466 * mac80211 does not currently accept new
2467 * authentication if we are already authenticated. As a
2468 * workaround, force deauthentication and try again.
2470 wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
2471 "after forced deauthentication");
2472 wpa_driver_nl80211_deauthenticate(
2474 WLAN_REASON_PREV_AUTH_NOT_VALID);
2478 goto nla_put_failure;
2481 wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
2490 struct phy_info_arg {
2492 struct hostapd_hw_modes *modes;
2495 static int phy_info_handler(struct nl_msg *msg, void *arg)
2497 struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
2498 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2499 struct phy_info_arg *phy_info = arg;
2501 struct nlattr *tb_band[NL80211_BAND_ATTR_MAX + 1];
2503 struct nlattr *tb_freq[NL80211_FREQUENCY_ATTR_MAX + 1];
2504 static struct nla_policy freq_policy[NL80211_FREQUENCY_ATTR_MAX + 1] = {
2505 [NL80211_FREQUENCY_ATTR_FREQ] = { .type = NLA_U32 },
2506 [NL80211_FREQUENCY_ATTR_DISABLED] = { .type = NLA_FLAG },
2507 [NL80211_FREQUENCY_ATTR_PASSIVE_SCAN] = { .type = NLA_FLAG },
2508 [NL80211_FREQUENCY_ATTR_NO_IBSS] = { .type = NLA_FLAG },
2509 [NL80211_FREQUENCY_ATTR_RADAR] = { .type = NLA_FLAG },
2510 [NL80211_FREQUENCY_ATTR_MAX_TX_POWER] = { .type = NLA_U32 },
2513 struct nlattr *tb_rate[NL80211_BITRATE_ATTR_MAX + 1];
2514 static struct nla_policy rate_policy[NL80211_BITRATE_ATTR_MAX + 1] = {
2515 [NL80211_BITRATE_ATTR_RATE] = { .type = NLA_U32 },
2516 [NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE] = { .type = NLA_FLAG },
2519 struct nlattr *nl_band;
2520 struct nlattr *nl_freq;
2521 struct nlattr *nl_rate;
2522 int rem_band, rem_freq, rem_rate;
2523 struct hostapd_hw_modes *mode;
2524 int idx, mode_is_set;
2526 nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2527 genlmsg_attrlen(gnlh, 0), NULL);
2529 if (!tb_msg[NL80211_ATTR_WIPHY_BANDS])
2532 nla_for_each_nested(nl_band, tb_msg[NL80211_ATTR_WIPHY_BANDS], rem_band) {
2533 mode = os_realloc(phy_info->modes, (*phy_info->num_modes + 1) * sizeof(*mode));
2536 phy_info->modes = mode;
2540 mode = &phy_info->modes[*(phy_info->num_modes)];
2541 memset(mode, 0, sizeof(*mode));
2542 *(phy_info->num_modes) += 1;
2544 nla_parse(tb_band, NL80211_BAND_ATTR_MAX, nla_data(nl_band),
2545 nla_len(nl_band), NULL);
2547 if (tb_band[NL80211_BAND_ATTR_HT_CAPA]) {
2548 mode->ht_capab = nla_get_u16(
2549 tb_band[NL80211_BAND_ATTR_HT_CAPA]);
2552 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) {
2553 mode->a_mpdu_params |= nla_get_u8(
2554 tb_band[NL80211_BAND_ATTR_HT_AMPDU_FACTOR]) &
2558 if (tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) {
2559 mode->a_mpdu_params |= nla_get_u8(
2560 tb_band[NL80211_BAND_ATTR_HT_AMPDU_DENSITY]) <<
2564 if (tb_band[NL80211_BAND_ATTR_HT_MCS_SET] &&
2565 nla_len(tb_band[NL80211_BAND_ATTR_HT_MCS_SET])) {
2567 mcs = nla_data(tb_band[NL80211_BAND_ATTR_HT_MCS_SET]);
2568 os_memcpy(mode->mcs_set, mcs, 16);
2571 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
2572 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
2573 nla_len(nl_freq), freq_policy);
2574 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
2576 mode->num_channels++;
2579 mode->channels = os_zalloc(mode->num_channels * sizeof(struct hostapd_channel_data));
2580 if (!mode->channels)
2585 nla_for_each_nested(nl_freq, tb_band[NL80211_BAND_ATTR_FREQS], rem_freq) {
2586 nla_parse(tb_freq, NL80211_FREQUENCY_ATTR_MAX, nla_data(nl_freq),
2587 nla_len(nl_freq), freq_policy);
2588 if (!tb_freq[NL80211_FREQUENCY_ATTR_FREQ])
2591 mode->channels[idx].freq = nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_FREQ]);
2592 mode->channels[idx].flag = 0;
2595 /* crude heuristic */
2596 if (mode->channels[idx].freq < 4000)
2597 mode->mode = HOSTAPD_MODE_IEEE80211B;
2599 mode->mode = HOSTAPD_MODE_IEEE80211A;
2603 /* crude heuristic */
2604 if (mode->channels[idx].freq < 4000)
2605 if (mode->channels[idx].freq == 2484)
2606 mode->channels[idx].chan = 14;
2608 mode->channels[idx].chan = (mode->channels[idx].freq - 2407) / 5;
2610 mode->channels[idx].chan = mode->channels[idx].freq/5 - 1000;
2612 if (tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
2613 mode->channels[idx].flag |=
2614 HOSTAPD_CHAN_DISABLED;
2615 if (tb_freq[NL80211_FREQUENCY_ATTR_PASSIVE_SCAN])
2616 mode->channels[idx].flag |=
2617 HOSTAPD_CHAN_PASSIVE_SCAN;
2618 if (tb_freq[NL80211_FREQUENCY_ATTR_NO_IBSS])
2619 mode->channels[idx].flag |=
2620 HOSTAPD_CHAN_NO_IBSS;
2621 if (tb_freq[NL80211_FREQUENCY_ATTR_RADAR])
2622 mode->channels[idx].flag |=
2625 if (tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER] &&
2626 !tb_freq[NL80211_FREQUENCY_ATTR_DISABLED])
2627 mode->channels[idx].max_tx_power =
2628 nla_get_u32(tb_freq[NL80211_FREQUENCY_ATTR_MAX_TX_POWER]) / 100;
2633 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
2634 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
2635 nla_len(nl_rate), rate_policy);
2636 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
2641 mode->rates = os_zalloc(mode->num_rates * sizeof(int));
2647 nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) {
2648 nla_parse(tb_rate, NL80211_BITRATE_ATTR_MAX, nla_data(nl_rate),
2649 nla_len(nl_rate), rate_policy);
2650 if (!tb_rate[NL80211_BITRATE_ATTR_RATE])
2652 mode->rates[idx] = nla_get_u32(tb_rate[NL80211_BITRATE_ATTR_RATE]);
2654 /* crude heuristic */
2655 if (mode->mode == HOSTAPD_MODE_IEEE80211B &&
2656 mode->rates[idx] > 200)
2657 mode->mode = HOSTAPD_MODE_IEEE80211G;
2666 static struct hostapd_hw_modes *
2667 wpa_driver_nl80211_add_11b(struct hostapd_hw_modes *modes, u16 *num_modes)
2670 struct hostapd_hw_modes *mode11g = NULL, *nmodes, *mode;
2671 int i, mode11g_idx = -1;
2673 /* If only 802.11g mode is included, use it to construct matching
2674 * 802.11b mode data. */
2676 for (m = 0; m < *num_modes; m++) {
2677 if (modes[m].mode == HOSTAPD_MODE_IEEE80211B)
2678 return modes; /* 802.11b already included */
2679 if (modes[m].mode == HOSTAPD_MODE_IEEE80211G)
2683 if (mode11g_idx < 0)
2684 return modes; /* 2.4 GHz band not supported at all */
2686 nmodes = os_realloc(modes, (*num_modes + 1) * sizeof(*nmodes));
2688 return modes; /* Could not add 802.11b mode */
2690 mode = &nmodes[*num_modes];
2691 os_memset(mode, 0, sizeof(*mode));
2695 mode->mode = HOSTAPD_MODE_IEEE80211B;
2697 mode11g = &modes[mode11g_idx];
2698 mode->num_channels = mode11g->num_channels;
2699 mode->channels = os_malloc(mode11g->num_channels *
2700 sizeof(struct hostapd_channel_data));
2701 if (mode->channels == NULL) {
2703 return modes; /* Could not add 802.11b mode */
2705 os_memcpy(mode->channels, mode11g->channels,
2706 mode11g->num_channels * sizeof(struct hostapd_channel_data));
2708 mode->num_rates = 0;
2709 mode->rates = os_malloc(4 * sizeof(int));
2710 if (mode->rates == NULL) {
2711 os_free(mode->channels);
2713 return modes; /* Could not add 802.11b mode */
2716 for (i = 0; i < mode11g->num_rates; i++) {
2717 if (mode11g->rates[i] != 10 && mode11g->rates[i] != 20 &&
2718 mode11g->rates[i] != 55 && mode11g->rates[i] != 110)
2720 mode->rates[mode->num_rates] = mode11g->rates[i];
2722 if (mode->num_rates == 4)
2726 if (mode->num_rates == 0) {
2727 os_free(mode->channels);
2728 os_free(mode->rates);
2730 return modes; /* No 802.11b rates */
2733 wpa_printf(MSG_DEBUG, "nl80211: Added 802.11b mode based on 802.11g "
2740 static struct hostapd_hw_modes *
2741 wpa_driver_nl80211_get_hw_feature_data(void *priv, u16 *num_modes, u16 *flags)
2743 struct i802_bss *bss = priv;
2744 struct wpa_driver_nl80211_data *drv = bss->drv;
2746 struct phy_info_arg result = {
2747 .num_modes = num_modes,
2754 msg = nlmsg_alloc();
2758 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2759 0, NL80211_CMD_GET_WIPHY, 0);
2761 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2763 if (send_and_recv_msgs(drv, msg, phy_info_handler, &result) == 0)
2764 return wpa_driver_nl80211_add_11b(result.modes, num_modes);
2770 static int wpa_driver_nl80211_send_frame(struct wpa_driver_nl80211_data *drv,
2771 const void *data, size_t len,
2775 0x00, 0x00, /* radiotap version */
2776 0x0e, 0x00, /* radiotap length */
2777 0x02, 0xc0, 0x00, 0x00, /* bmap: flags, tx and rx flags */
2778 IEEE80211_RADIOTAP_F_FRAG, /* F_FRAG (fragment if required) */
2780 0x00, 0x00, /* RX and TX flags to indicate that */
2781 0x00, 0x00, /* this is the injected frame directly */
2783 struct iovec iov[2] = {
2785 .iov_base = &rtap_hdr,
2786 .iov_len = sizeof(rtap_hdr),
2789 .iov_base = (void *) data,
2793 struct msghdr msg = {
2798 .msg_control = NULL,
2799 .msg_controllen = 0,
2804 rtap_hdr[8] |= IEEE80211_RADIOTAP_F_WEP;
2806 return sendmsg(drv->monitor_sock, &msg, 0);
2810 static int wpa_driver_nl80211_send_mlme(void *priv, const u8 *data,
2813 struct i802_bss *bss = priv;
2814 struct wpa_driver_nl80211_data *drv = bss->drv;
2815 struct ieee80211_mgmt *mgmt;
2819 mgmt = (struct ieee80211_mgmt *) data;
2820 fc = le_to_host16(mgmt->frame_control);
2822 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
2823 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
2825 * Only one of the authentication frame types is encrypted.
2826 * In order for static WEP encryption to work properly (i.e.,
2827 * to not encrypt the frame), we need to tell mac80211 about
2828 * the frames that must not be encrypted.
2830 u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
2831 u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
2832 if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
2836 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt);
2840 static int wpa_driver_nl80211_set_beacon(void *priv,
2841 const u8 *head, size_t head_len,
2842 const u8 *tail, size_t tail_len,
2843 int dtim_period, int beacon_int)
2845 struct i802_bss *bss = priv;
2846 struct wpa_driver_nl80211_data *drv = bss->drv;
2848 u8 cmd = NL80211_CMD_NEW_BEACON;
2851 int ifindex = if_nametoindex(bss->ifname);
2853 beacon_set = bss->beacon_set;
2855 msg = nlmsg_alloc();
2859 wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
2862 cmd = NL80211_CMD_SET_BEACON;
2864 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2866 NLA_PUT(msg, NL80211_ATTR_BEACON_HEAD, head_len, head);
2867 NLA_PUT(msg, NL80211_ATTR_BEACON_TAIL, tail_len, tail);
2868 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
2869 NLA_PUT_U32(msg, NL80211_ATTR_BEACON_INTERVAL, beacon_int);
2870 NLA_PUT_U32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period);
2872 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2874 wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
2875 ret, strerror(-ret));
2877 bss->beacon_set = 1;
2885 static int wpa_driver_nl80211_set_freq(struct wpa_driver_nl80211_data *drv,
2886 int freq, int ht_enabled,
2887 int sec_channel_offset)
2892 msg = nlmsg_alloc();
2896 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
2897 NL80211_CMD_SET_WIPHY, 0);
2899 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
2900 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
2902 switch (sec_channel_offset) {
2904 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2905 NL80211_CHAN_HT40MINUS);
2908 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2909 NL80211_CHAN_HT40PLUS);
2912 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2918 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2921 wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
2922 "%d (%s)", freq, ret, strerror(-ret));
2928 static int wpa_driver_nl80211_sta_add(void *priv,
2929 struct hostapd_sta_add_params *params)
2931 struct i802_bss *bss = priv;
2932 struct wpa_driver_nl80211_data *drv = bss->drv;
2936 msg = nlmsg_alloc();
2940 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2941 0, NL80211_CMD_NEW_STATION, 0);
2943 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
2944 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr);
2945 NLA_PUT_U16(msg, NL80211_ATTR_STA_AID, params->aid);
2946 NLA_PUT(msg, NL80211_ATTR_STA_SUPPORTED_RATES, params->supp_rates_len,
2947 params->supp_rates);
2948 NLA_PUT_U16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
2949 params->listen_interval);
2950 if (params->ht_capabilities) {
2951 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY,
2952 sizeof(*params->ht_capabilities),
2953 params->ht_capabilities);
2956 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2958 wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_NEW_STATION "
2959 "result: %d (%s)", ret, strerror(-ret));
2967 static int wpa_driver_nl80211_sta_remove(void *priv, const u8 *addr)
2969 struct i802_bss *bss = priv;
2970 struct wpa_driver_nl80211_data *drv = bss->drv;
2974 msg = nlmsg_alloc();
2978 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
2979 0, NL80211_CMD_DEL_STATION, 0);
2981 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
2982 if_nametoindex(bss->ifname));
2983 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
2985 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
2994 static void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv,
2999 wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
3002 /* stop listening for EAPOL on this interface */
3003 del_ifidx(drv, ifidx);
3004 #endif /* HOSTAPD */
3006 msg = nlmsg_alloc();
3008 goto nla_put_failure;
3010 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3011 0, NL80211_CMD_DEL_INTERFACE, 0);
3012 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifidx);
3014 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
3017 wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
3021 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
3023 enum nl80211_iftype iftype,
3024 const u8 *addr, int wds)
3026 struct nl_msg *msg, *flags = NULL;
3030 msg = nlmsg_alloc();
3034 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3035 0, NL80211_CMD_NEW_INTERFACE, 0);
3036 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3037 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, ifname);
3038 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, iftype);
3040 if (iftype == NL80211_IFTYPE_MONITOR) {
3043 flags = nlmsg_alloc();
3045 goto nla_put_failure;
3047 NLA_PUT_FLAG(flags, NL80211_MNTR_FLAG_COOK_FRAMES);
3049 err = nla_put_nested(msg, NL80211_ATTR_MNTR_FLAGS, flags);
3054 goto nla_put_failure;
3056 NLA_PUT_U8(msg, NL80211_ATTR_4ADDR, wds);
3059 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3062 wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
3063 ifname, ret, strerror(-ret));
3067 ifidx = if_nametoindex(ifname);
3068 wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
3075 /* start listening for EAPOL on this interface */
3076 add_ifidx(drv, ifidx);
3077 #endif /* HOSTAPD */
3079 if (addr && iftype != NL80211_IFTYPE_MONITOR &&
3080 linux_set_ifhwaddr(drv->ioctl_sock, ifname, addr)) {
3081 nl80211_remove_iface(drv, ifidx);
3089 static int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
3090 const char *ifname, enum nl80211_iftype iftype,
3091 const u8 *addr, int wds)
3095 ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds);
3097 /* if error occured and interface exists already */
3098 if (ret == -ENFILE && if_nametoindex(ifname)) {
3099 wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
3101 /* Try to remove the interface that was already there. */
3102 nl80211_remove_iface(drv, if_nametoindex(ifname));
3104 /* Try to create the interface again */
3105 ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
3109 if (ret >= 0 && drv->disable_11b_rates)
3110 nl80211_disable_11b_rates(drv, ret, 1);
3116 static void handle_tx_callback(void *ctx, u8 *buf, size_t len, int ok)
3118 struct ieee80211_hdr *hdr;
3120 union wpa_event_data event;
3122 hdr = (struct ieee80211_hdr *) buf;
3123 fc = le_to_host16(hdr->frame_control);
3125 os_memset(&event, 0, sizeof(event));
3126 event.tx_status.type = WLAN_FC_GET_TYPE(fc);
3127 event.tx_status.stype = WLAN_FC_GET_STYPE(fc);
3128 event.tx_status.dst = hdr->addr1;
3129 event.tx_status.data = buf;
3130 event.tx_status.data_len = len;
3131 event.tx_status.ack = ok;
3132 wpa_supplicant_event(ctx, EVENT_TX_STATUS, &event);
3136 static void from_unknown_sta(struct wpa_driver_nl80211_data *drv,
3137 u8 *buf, size_t len)
3139 union wpa_event_data event;
3140 os_memset(&event, 0, sizeof(event));
3141 event.rx_from_unknown.frame = buf;
3142 event.rx_from_unknown.len = len;
3143 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event);
3147 static void handle_frame(struct wpa_driver_nl80211_data *drv,
3148 u8 *buf, size_t len, int datarate, int ssi_signal)
3150 struct ieee80211_hdr *hdr;
3152 union wpa_event_data event;
3154 hdr = (struct ieee80211_hdr *) buf;
3155 fc = le_to_host16(hdr->frame_control);
3157 switch (WLAN_FC_GET_TYPE(fc)) {
3158 case WLAN_FC_TYPE_MGMT:
3159 os_memset(&event, 0, sizeof(event));
3160 event.rx_mgmt.frame = buf;
3161 event.rx_mgmt.frame_len = len;
3162 event.rx_mgmt.datarate = datarate;
3163 event.rx_mgmt.ssi_signal = ssi_signal;
3164 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
3166 case WLAN_FC_TYPE_CTRL:
3167 /* can only get here with PS-Poll frames */
3168 wpa_printf(MSG_DEBUG, "CTRL");
3169 from_unknown_sta(drv, buf, len);
3171 case WLAN_FC_TYPE_DATA:
3172 from_unknown_sta(drv, buf, len);
3178 static void handle_monitor_read(int sock, void *eloop_ctx, void *sock_ctx)
3180 struct wpa_driver_nl80211_data *drv = eloop_ctx;
3182 unsigned char buf[3000];
3183 struct ieee80211_radiotap_iterator iter;
3185 int datarate = 0, ssi_signal = 0;
3186 int injected = 0, failed = 0, rxflags = 0;
3188 len = recv(sock, buf, sizeof(buf), 0);
3194 if (drv->nlmode == NL80211_IFTYPE_STATION && !drv->probe_req_report) {
3195 wpa_printf(MSG_DEBUG, "nl80211: Ignore monitor interface "
3196 "frame since Probe Request reporting is disabled");
3200 if (ieee80211_radiotap_iterator_init(&iter, (void*)buf, len)) {
3201 printf("received invalid radiotap frame\n");
3206 ret = ieee80211_radiotap_iterator_next(&iter);
3210 printf("received invalid radiotap frame (%d)\n", ret);
3213 switch (iter.this_arg_index) {
3214 case IEEE80211_RADIOTAP_FLAGS:
3215 if (*iter.this_arg & IEEE80211_RADIOTAP_F_FCS)
3218 case IEEE80211_RADIOTAP_RX_FLAGS:
3221 case IEEE80211_RADIOTAP_TX_FLAGS:
3223 failed = le_to_host16((*(uint16_t *) iter.this_arg)) &
3224 IEEE80211_RADIOTAP_F_TX_FAIL;
3226 case IEEE80211_RADIOTAP_DATA_RETRIES:
3228 case IEEE80211_RADIOTAP_CHANNEL:
3229 /* TODO: convert from freq/flags to channel number */
3231 case IEEE80211_RADIOTAP_RATE:
3232 datarate = *iter.this_arg * 5;
3234 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
3235 ssi_signal = *iter.this_arg;
3240 if (rxflags && injected)
3244 handle_frame(drv, buf + iter.max_length,
3245 len - iter.max_length, datarate, ssi_signal);
3247 handle_tx_callback(drv->ctx, buf + iter.max_length,
3248 len - iter.max_length, !failed);
3253 * we post-process the filter code later and rewrite
3254 * this to the offset to the last instruction
3259 static struct sock_filter msock_filter_insns[] = {
3261 * do a little-endian load of the radiotap length field
3263 /* load lower byte into A */
3264 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2),
3265 /* put it into X (== index register) */
3266 BPF_STMT(BPF_MISC| BPF_TAX, 0),
3267 /* load upper byte into A */
3268 BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 3),
3269 /* left-shift it by 8 */
3270 BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 8),
3272 BPF_STMT(BPF_ALU | BPF_OR | BPF_X, 0),
3273 /* put result into X */
3274 BPF_STMT(BPF_MISC| BPF_TAX, 0),
3277 * Allow management frames through, this also gives us those
3278 * management frames that we sent ourselves with status
3280 /* load the lower byte of the IEEE 802.11 frame control field */
3281 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
3282 /* mask off frame type and version */
3283 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xF),
3284 /* accept frame if it's both 0, fall through otherwise */
3285 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, PASS, 0),
3288 * TODO: add a bit to radiotap RX flags that indicates
3289 * that the sending station is not associated, then
3290 * add a filter here that filters on our DA and that flag
3291 * to allow us to deauth frames to that bad station.
3293 * Not a regression -- we didn't do it before either.
3298 * drop non-data frames
3300 /* load the lower byte of the frame control field */
3301 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
3302 /* mask off QoS bit */
3303 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x0c),
3304 /* drop non-data frames */
3305 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 8, 0, FAIL),
3307 /* load the upper byte of the frame control field */
3308 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1),
3309 /* mask off toDS/fromDS */
3310 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x03),
3311 /* accept WDS frames */
3312 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 3, PASS, 0),
3315 * add header length to index
3317 /* load the lower byte of the frame control field */
3318 BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0),
3319 /* mask off QoS bit */
3320 BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0x80),
3321 /* right shift it by 6 to give 0 or 2 */
3322 BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 6),
3323 /* add data frame header length */
3324 BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 24),
3325 /* add index, was start of 802.11 header */
3326 BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0),
3327 /* move to index, now start of LL header */
3328 BPF_STMT(BPF_MISC | BPF_TAX, 0),
3331 * Accept empty data frames, we use those for
3334 BPF_STMT(BPF_LD | BPF_W | BPF_LEN, 0),
3335 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, PASS, 0),
3338 * Accept EAPOL frames
3340 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0),
3341 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0xAAAA0300, 0, FAIL),
3342 BPF_STMT(BPF_LD | BPF_W | BPF_IND, 4),
3343 BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0000888E, PASS, FAIL),
3345 /* keep these last two statements or change the code below */
3346 /* return 0 == "DROP" */
3347 BPF_STMT(BPF_RET | BPF_K, 0),
3348 /* return ~0 == "keep all" */
3349 BPF_STMT(BPF_RET | BPF_K, ~0),
3352 static struct sock_fprog msock_filter = {
3353 .len = sizeof(msock_filter_insns)/sizeof(msock_filter_insns[0]),
3354 .filter = msock_filter_insns,
3358 static int add_monitor_filter(int s)
3362 /* rewrite all PASS/FAIL jump offsets */
3363 for (idx = 0; idx < msock_filter.len; idx++) {
3364 struct sock_filter *insn = &msock_filter_insns[idx];
3366 if (BPF_CLASS(insn->code) == BPF_JMP) {
3367 if (insn->code == (BPF_JMP|BPF_JA)) {
3368 if (insn->k == PASS)
3369 insn->k = msock_filter.len - idx - 2;
3370 else if (insn->k == FAIL)
3371 insn->k = msock_filter.len - idx - 3;
3374 if (insn->jt == PASS)
3375 insn->jt = msock_filter.len - idx - 2;
3376 else if (insn->jt == FAIL)
3377 insn->jt = msock_filter.len - idx - 3;
3379 if (insn->jf == PASS)
3380 insn->jf = msock_filter.len - idx - 2;
3381 else if (insn->jf == FAIL)
3382 insn->jf = msock_filter.len - idx - 3;
3386 if (setsockopt(s, SOL_SOCKET, SO_ATTACH_FILTER,
3387 &msock_filter, sizeof(msock_filter))) {
3388 perror("SO_ATTACH_FILTER");
3396 static void nl80211_remove_monitor_interface(
3397 struct wpa_driver_nl80211_data *drv)
3399 if (drv->monitor_ifidx >= 0) {
3400 nl80211_remove_iface(drv, drv->monitor_ifidx);
3401 drv->monitor_ifidx = -1;
3403 if (drv->monitor_sock >= 0) {
3404 eloop_unregister_read_sock(drv->monitor_sock);
3405 close(drv->monitor_sock);
3406 drv->monitor_sock = -1;
3412 nl80211_create_monitor_interface(struct wpa_driver_nl80211_data *drv)
3415 struct sockaddr_ll ll;
3419 snprintf(buf, IFNAMSIZ, "mon.%s", drv->first_bss.ifname);
3420 buf[IFNAMSIZ - 1] = '\0';
3422 drv->monitor_ifidx =
3423 nl80211_create_iface(drv, buf, NL80211_IFTYPE_MONITOR, NULL,
3426 if (drv->monitor_ifidx < 0)
3429 if (linux_set_iface_flags(drv->ioctl_sock, buf, 1))
3432 memset(&ll, 0, sizeof(ll));
3433 ll.sll_family = AF_PACKET;
3434 ll.sll_ifindex = drv->monitor_ifidx;
3435 drv->monitor_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
3436 if (drv->monitor_sock < 0) {
3437 perror("socket[PF_PACKET,SOCK_RAW]");
3441 if (add_monitor_filter(drv->monitor_sock)) {
3442 wpa_printf(MSG_INFO, "Failed to set socket filter for monitor "
3443 "interface; do filtering in user space");
3444 /* This works, but will cost in performance. */
3447 if (bind(drv->monitor_sock, (struct sockaddr *) &ll, sizeof(ll)) < 0) {
3448 perror("monitor socket bind");
3452 optlen = sizeof(optval);
3455 (drv->monitor_sock, SOL_SOCKET, SO_PRIORITY, &optval, optlen)) {
3456 perror("Failed to set socket priority");
3460 if (eloop_register_read_sock(drv->monitor_sock, handle_monitor_read,
3462 printf("Could not register monitor read socket\n");
3468 nl80211_remove_monitor_interface(drv);
3473 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
3475 static int wpa_driver_nl80211_hapd_send_eapol(
3476 void *priv, const u8 *addr, const u8 *data,
3477 size_t data_len, int encrypt, const u8 *own_addr)
3479 struct i802_bss *bss = priv;
3480 struct wpa_driver_nl80211_data *drv = bss->drv;
3481 struct ieee80211_hdr *hdr;
3486 int qos = sta->flags & WPA_STA_WMM;
3491 len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
3493 hdr = os_zalloc(len);
3495 printf("malloc() failed for i802_send_data(len=%lu)\n",
3496 (unsigned long) len);
3500 hdr->frame_control =
3501 IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
3502 hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
3504 hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
3505 #if 0 /* To be enabled if qos determination is added above */
3507 hdr->frame_control |=
3508 host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
3512 memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
3513 memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
3514 memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
3515 pos = (u8 *) (hdr + 1);
3517 #if 0 /* To be enabled if qos determination is added above */
3519 /* add an empty QoS header if needed */
3526 memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
3527 pos += sizeof(rfc1042_header);
3528 WPA_PUT_BE16(pos, ETH_P_PAE);
3530 memcpy(pos, data, data_len);
3532 res = wpa_driver_nl80211_send_frame(drv, (u8 *) hdr, len, encrypt);
3534 wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
3536 (unsigned long) len, errno, strerror(errno));
3544 static u32 sta_flags_nl80211(int flags)
3548 if (flags & WPA_STA_AUTHORIZED)
3549 f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
3550 if (flags & WPA_STA_WMM)
3551 f |= BIT(NL80211_STA_FLAG_WME);
3552 if (flags & WPA_STA_SHORT_PREAMBLE)
3553 f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
3554 if (flags & WPA_STA_MFP)
3555 f |= BIT(NL80211_STA_FLAG_MFP);
3561 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
3563 int flags_or, int flags_and)
3565 struct i802_bss *bss = priv;
3566 struct wpa_driver_nl80211_data *drv = bss->drv;
3567 struct nl_msg *msg, *flags = NULL;
3568 struct nl80211_sta_flag_update upd;
3570 msg = nlmsg_alloc();
3574 flags = nlmsg_alloc();
3580 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3581 0, NL80211_CMD_SET_STATION, 0);
3583 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
3584 if_nametoindex(bss->ifname));
3585 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
3588 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
3589 * can be removed eventually.
3591 if (total_flags & WPA_STA_AUTHORIZED)
3592 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_AUTHORIZED);
3594 if (total_flags & WPA_STA_WMM)
3595 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_WME);
3597 if (total_flags & WPA_STA_SHORT_PREAMBLE)
3598 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_SHORT_PREAMBLE);
3600 if (total_flags & WPA_STA_MFP)
3601 NLA_PUT_FLAG(flags, NL80211_STA_FLAG_MFP);
3603 if (nla_put_nested(msg, NL80211_ATTR_STA_FLAGS, flags))
3604 goto nla_put_failure;
3606 os_memset(&upd, 0, sizeof(upd));
3607 upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
3608 upd.set = sta_flags_nl80211(flags_or);
3609 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
3613 return send_and_recv_msgs(drv, msg, NULL, NULL);
3620 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
3621 struct wpa_driver_associate_params *params)
3623 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode) ||
3624 wpa_driver_nl80211_set_freq(drv, params->freq, 0, 0)) {
3625 nl80211_remove_monitor_interface(drv);
3629 /* TODO: setup monitor interface (and add code somewhere to remove this
3630 * when AP mode is stopped; associate with mode != 2 or drv_deinit) */
3636 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv)
3641 msg = nlmsg_alloc();
3645 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3646 NL80211_CMD_LEAVE_IBSS, 0);
3647 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3648 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3651 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
3652 "(%s)", ret, strerror(-ret));
3653 goto nla_put_failure;
3657 wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS request sent successfully");
3665 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
3666 struct wpa_driver_associate_params *params)
3672 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
3674 if (wpa_driver_nl80211_set_mode(&drv->first_bss, params->mode)) {
3675 wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
3681 msg = nlmsg_alloc();
3685 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3686 NL80211_CMD_JOIN_IBSS, 0);
3687 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3689 if (params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
3690 goto nla_put_failure;
3692 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
3693 params->ssid, params->ssid_len);
3694 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
3696 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
3697 drv->ssid_len = params->ssid_len;
3699 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
3700 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
3702 ret = nl80211_set_conn_keys(params, msg);
3704 goto nla_put_failure;
3706 if (params->wpa_ie) {
3707 wpa_hexdump(MSG_DEBUG,
3708 " * Extra IEs for Beacon/Probe Response frames",
3709 params->wpa_ie, params->wpa_ie_len);
3710 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
3714 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3717 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
3718 ret, strerror(-ret));
3720 if (ret == -EALREADY && count == 1) {
3721 wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
3723 nl80211_leave_ibss(drv);
3728 goto nla_put_failure;
3731 wpa_printf(MSG_DEBUG, "nl80211: Join IBSS request sent successfully");
3739 static int wpa_driver_nl80211_connect(
3740 struct wpa_driver_nl80211_data *drv,
3741 struct wpa_driver_associate_params *params)
3744 enum nl80211_auth_type type;
3747 msg = nlmsg_alloc();
3751 wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
3752 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3753 NL80211_CMD_CONNECT, 0);
3755 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3756 if (params->bssid) {
3757 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
3758 MAC2STR(params->bssid));
3759 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
3762 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
3763 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
3766 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
3767 params->ssid, params->ssid_len);
3768 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
3770 if (params->ssid_len > sizeof(drv->ssid))
3771 goto nla_put_failure;
3772 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
3773 drv->ssid_len = params->ssid_len;
3775 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
3777 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
3780 if (params->auth_alg & WPA_AUTH_ALG_OPEN)
3781 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
3782 else if (params->auth_alg & WPA_AUTH_ALG_SHARED)
3783 type = NL80211_AUTHTYPE_SHARED_KEY;
3784 else if (params->auth_alg & WPA_AUTH_ALG_LEAP)
3785 type = NL80211_AUTHTYPE_NETWORK_EAP;
3786 else if (params->auth_alg & WPA_AUTH_ALG_FT)
3787 type = NL80211_AUTHTYPE_FT;
3789 goto nla_put_failure;
3791 wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
3792 NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
3794 if (params->wpa_ie && params->wpa_ie_len) {
3795 enum nl80211_wpa_versions ver;
3797 if (params->wpa_ie[0] == WLAN_EID_RSN)
3798 ver = NL80211_WPA_VERSION_2;
3800 ver = NL80211_WPA_VERSION_1;
3802 wpa_printf(MSG_DEBUG, " * WPA Version %d", ver);
3803 NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, ver);
3806 if (params->pairwise_suite != CIPHER_NONE) {
3809 switch (params->pairwise_suite) {
3811 cipher = WLAN_CIPHER_SUITE_WEP40;
3814 cipher = WLAN_CIPHER_SUITE_WEP104;
3817 cipher = WLAN_CIPHER_SUITE_CCMP;
3821 cipher = WLAN_CIPHER_SUITE_TKIP;
3824 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher);
3827 if (params->group_suite != CIPHER_NONE) {
3830 switch (params->group_suite) {
3832 cipher = WLAN_CIPHER_SUITE_WEP40;
3835 cipher = WLAN_CIPHER_SUITE_WEP104;
3838 cipher = WLAN_CIPHER_SUITE_CCMP;
3842 cipher = WLAN_CIPHER_SUITE_TKIP;
3845 NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher);
3848 if (params->key_mgmt_suite == KEY_MGMT_802_1X ||
3849 params->key_mgmt_suite == KEY_MGMT_PSK) {
3850 int mgmt = WLAN_AKM_SUITE_PSK;
3852 switch (params->key_mgmt_suite) {
3853 case KEY_MGMT_802_1X:
3854 mgmt = WLAN_AKM_SUITE_8021X;
3858 mgmt = WLAN_AKM_SUITE_PSK;
3861 NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, mgmt);
3864 ret = nl80211_set_conn_keys(params, msg);
3866 goto nla_put_failure;
3868 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3871 wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
3872 "(%s)", ret, strerror(-ret));
3873 goto nla_put_failure;
3876 wpa_printf(MSG_DEBUG, "nl80211: Connect request send successfully");
3885 static int wpa_driver_nl80211_associate(
3886 void *priv, struct wpa_driver_associate_params *params)
3888 struct i802_bss *bss = priv;
3889 struct wpa_driver_nl80211_data *drv = bss->drv;
3893 if (params->mode == IEEE80211_MODE_AP)
3894 return wpa_driver_nl80211_ap(drv, params);
3896 if (params->mode == IEEE80211_MODE_IBSS)
3897 return wpa_driver_nl80211_ibss(drv, params);
3899 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
3900 if (wpa_driver_nl80211_set_mode(priv, params->mode) < 0)
3902 return wpa_driver_nl80211_connect(drv, params);
3905 drv->associated = 0;
3907 msg = nlmsg_alloc();
3911 wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
3913 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
3914 NL80211_CMD_ASSOCIATE, 0);
3916 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
3917 if (params->bssid) {
3918 wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
3919 MAC2STR(params->bssid));
3920 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
3923 wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
3924 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
3925 drv->assoc_freq = params->freq;
3927 drv->assoc_freq = 0;
3929 wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
3930 params->ssid, params->ssid_len);
3931 NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
3933 if (params->ssid_len > sizeof(drv->ssid))
3934 goto nla_put_failure;
3935 os_memcpy(drv->ssid, params->ssid, params->ssid_len);
3936 drv->ssid_len = params->ssid_len;
3938 wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
3940 NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
3943 #ifdef CONFIG_IEEE80211W
3944 if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED)
3945 NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
3946 #endif /* CONFIG_IEEE80211W */
3948 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
3950 if (params->prev_bssid) {
3951 wpa_printf(MSG_DEBUG, " * prev_bssid=" MACSTR,
3952 MAC2STR(params->prev_bssid));
3953 NLA_PUT(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
3954 params->prev_bssid);
3957 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3960 wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
3961 "(%s)", ret, strerror(-ret));
3962 nl80211_dump_scan(drv);
3963 goto nla_put_failure;
3966 wpa_printf(MSG_DEBUG, "nl80211: Association request send "
3975 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
3976 int ifindex, int mode)
3981 msg = nlmsg_alloc();
3985 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
3986 0, NL80211_CMD_SET_INTERFACE, 0);
3987 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
3988 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, mode);
3990 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
3994 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
3995 " %d (%s)", ifindex, mode, ret, strerror(-ret));
4000 static int wpa_driver_nl80211_set_mode(void *priv, int mode)
4002 struct i802_bss *bss = priv;
4003 struct wpa_driver_nl80211_data *drv = bss->drv;
4009 nlmode = NL80211_IFTYPE_STATION;
4012 nlmode = NL80211_IFTYPE_ADHOC;
4015 nlmode = NL80211_IFTYPE_AP;
4021 if (nl80211_set_mode(drv, drv->ifindex, nlmode) == 0) {
4022 drv->nlmode = nlmode;
4027 if (nlmode == drv->nlmode) {
4028 wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
4029 "requested mode - ignore error");
4031 goto done; /* Already in the requested mode */
4034 /* mac80211 doesn't allow mode changes while the device is up, so
4035 * take the device down, try to set the mode again, and bring the
4038 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0) == 0) {
4039 /* Try to set the mode again while the interface is down */
4040 ret = nl80211_set_mode(drv, drv->ifindex, nlmode);
4041 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1))
4046 wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
4047 "interface is down");
4048 drv->nlmode = nlmode;
4052 if (!ret && nlmode == NL80211_IFTYPE_AP) {
4053 /* Setup additional AP mode functionality if needed */
4054 if (drv->monitor_ifidx < 0 &&
4055 nl80211_create_monitor_interface(drv))
4057 } else if (!ret && nlmode != NL80211_IFTYPE_AP) {
4058 /* Remove additional AP mode functionality */
4059 nl80211_remove_monitor_interface(drv);
4060 bss->beacon_set = 0;
4064 wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
4065 "from %d failed", nlmode, drv->nlmode);
4071 static int wpa_driver_nl80211_get_capa(void *priv,
4072 struct wpa_driver_capa *capa)
4074 struct i802_bss *bss = priv;
4075 struct wpa_driver_nl80211_data *drv = bss->drv;
4076 if (!drv->has_capability)
4078 os_memcpy(capa, &drv->capa, sizeof(*capa));
4083 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
4085 struct i802_bss *bss = priv;
4086 struct wpa_driver_nl80211_data *drv = bss->drv;
4088 wpa_printf(MSG_DEBUG, "%s: operstate %d->%d (%s)",
4089 __func__, drv->operstate, state, state ? "UP" : "DORMANT");
4090 drv->operstate = state;
4091 return netlink_send_oper_ifla(drv->netlink, drv->ifindex, -1,
4092 state ? IF_OPER_UP : IF_OPER_DORMANT);
4096 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
4098 struct i802_bss *bss = priv;
4099 struct wpa_driver_nl80211_data *drv = bss->drv;
4101 struct nl80211_sta_flag_update upd;
4103 msg = nlmsg_alloc();
4107 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4108 0, NL80211_CMD_SET_STATION, 0);
4110 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
4111 if_nametoindex(bss->ifname));
4112 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
4114 os_memset(&upd, 0, sizeof(upd));
4115 upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
4117 upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
4118 NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
4120 return send_and_recv_msgs(drv, msg, NULL, NULL);
4128 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
4133 wpa_printf(MSG_DEBUG, "nl80211: Add own interface ifindex %d",
4135 for (i = 0; i < drv->num_if_indices; i++) {
4136 if (drv->if_indices[i] == 0) {
4137 drv->if_indices[i] = ifidx;
4142 if (drv->if_indices != drv->default_if_indices)
4143 old = drv->if_indices;
4147 drv->if_indices = os_realloc(old,
4148 sizeof(int) * (drv->num_if_indices + 1));
4149 if (!drv->if_indices) {
4151 drv->if_indices = drv->default_if_indices;
4153 drv->if_indices = old;
4154 wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
4156 wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
4159 os_memcpy(drv->if_indices, drv->default_if_indices,
4160 sizeof(drv->default_if_indices));
4161 drv->if_indices[drv->num_if_indices] = ifidx;
4162 drv->num_if_indices++;
4166 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
4170 for (i = 0; i < drv->num_if_indices; i++) {
4171 if (drv->if_indices[i] == ifidx) {
4172 drv->if_indices[i] = 0;
4179 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx)
4183 for (i = 0; i < drv->num_if_indices; i++)
4184 if (drv->if_indices[i] == ifidx)
4191 static inline int min_int(int a, int b)
4199 static int get_key_handler(struct nl_msg *msg, void *arg)
4201 struct nlattr *tb[NL80211_ATTR_MAX + 1];
4202 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
4204 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
4205 genlmsg_attrlen(gnlh, 0), NULL);
4208 * TODO: validate the key index and mac address!
4209 * Otherwise, there's a race condition as soon as
4210 * the kernel starts sending key notifications.
4213 if (tb[NL80211_ATTR_KEY_SEQ])
4214 memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
4215 min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
4220 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
4223 struct i802_bss *bss = priv;
4224 struct wpa_driver_nl80211_data *drv = bss->drv;
4227 msg = nlmsg_alloc();
4231 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4232 0, NL80211_CMD_GET_KEY, 0);
4235 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4236 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, idx);
4237 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(iface));
4241 return send_and_recv_msgs(drv, msg, get_key_handler, seq);
4247 static int i802_set_rate_sets(void *priv, int *supp_rates, int *basic_rates,
4250 struct i802_bss *bss = priv;
4251 struct wpa_driver_nl80211_data *drv = bss->drv;
4253 u8 rates[NL80211_MAX_SUPP_RATES];
4257 msg = nlmsg_alloc();
4261 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4262 NL80211_CMD_SET_BSS, 0);
4264 for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++)
4265 rates[rates_len++] = basic_rates[i] / 5;
4267 NLA_PUT(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
4269 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4271 return send_and_recv_msgs(drv, msg, NULL, NULL);
4276 #endif /* HOSTAPD */
4279 /* Set kernel driver on given frequency (MHz) */
4280 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
4282 struct i802_bss *bss = priv;
4283 struct wpa_driver_nl80211_data *drv = bss->drv;
4284 return wpa_driver_nl80211_set_freq(drv, freq->freq, freq->ht_enabled,
4285 freq->sec_channel_offset);
4291 static int i802_set_rts(void *priv, int rts)
4293 struct i802_bss *bss = priv;
4294 struct wpa_driver_nl80211_data *drv = bss->drv;
4299 msg = nlmsg_alloc();
4308 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4309 0, NL80211_CMD_SET_WIPHY, 0);
4310 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4311 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val);
4313 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4317 wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
4318 "%d (%s)", rts, ret, strerror(-ret));
4323 static int i802_set_frag(void *priv, int frag)
4325 struct i802_bss *bss = priv;
4326 struct wpa_driver_nl80211_data *drv = bss->drv;
4331 msg = nlmsg_alloc();
4340 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4341 0, NL80211_CMD_SET_WIPHY, 0);
4342 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
4343 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val);
4345 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4349 wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
4350 "%d: %d (%s)", frag, ret, strerror(-ret));
4355 static int i802_flush(void *priv)
4357 struct i802_bss *bss = priv;
4358 struct wpa_driver_nl80211_data *drv = bss->drv;
4361 msg = nlmsg_alloc();
4365 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4366 0, NL80211_CMD_DEL_STATION, 0);
4369 * XXX: FIX! this needs to flush all VLANs too
4371 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
4372 if_nametoindex(bss->ifname));
4374 return send_and_recv_msgs(drv, msg, NULL, NULL);
4380 static int get_sta_handler(struct nl_msg *msg, void *arg)
4382 struct nlattr *tb[NL80211_ATTR_MAX + 1];
4383 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
4384 struct hostap_sta_driver_data *data = arg;
4385 struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
4386 static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
4387 [NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
4388 [NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
4389 [NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
4390 [NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
4391 [NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
4394 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
4395 genlmsg_attrlen(gnlh, 0), NULL);
4398 * TODO: validate the interface and mac address!
4399 * Otherwise, there's a race condition as soon as
4400 * the kernel starts sending station notifications.
4403 if (!tb[NL80211_ATTR_STA_INFO]) {
4404 wpa_printf(MSG_DEBUG, "sta stats missing!");
4407 if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
4408 tb[NL80211_ATTR_STA_INFO],
4410 wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
4414 if (stats[NL80211_STA_INFO_INACTIVE_TIME])
4415 data->inactive_msec =
4416 nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
4417 if (stats[NL80211_STA_INFO_RX_BYTES])
4418 data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
4419 if (stats[NL80211_STA_INFO_TX_BYTES])
4420 data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
4421 if (stats[NL80211_STA_INFO_RX_PACKETS])
4423 nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
4424 if (stats[NL80211_STA_INFO_TX_PACKETS])
4426 nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
4431 static int i802_read_sta_data(void *priv, struct hostap_sta_driver_data *data,
4434 struct i802_bss *bss = priv;
4435 struct wpa_driver_nl80211_data *drv = bss->drv;
4438 os_memset(data, 0, sizeof(*data));
4439 msg = nlmsg_alloc();
4443 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4444 0, NL80211_CMD_GET_STATION, 0);
4446 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4447 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4449 return send_and_recv_msgs(drv, msg, get_sta_handler, data);
4455 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
4456 int cw_min, int cw_max, int burst_time)
4458 struct i802_bss *bss = priv;
4459 struct wpa_driver_nl80211_data *drv = bss->drv;
4461 struct nlattr *txq, *params;
4463 msg = nlmsg_alloc();
4467 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4468 0, NL80211_CMD_SET_WIPHY, 0);
4470 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4472 txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
4474 goto nla_put_failure;
4476 /* We are only sending parameters for a single TXQ at a time */
4477 params = nla_nest_start(msg, 1);
4479 goto nla_put_failure;
4481 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_QUEUE, queue);
4482 /* Burst time is configured in units of 0.1 msec and TXOP parameter in
4483 * 32 usec, so need to convert the value here. */
4484 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_TXOP, (burst_time * 100 + 16) / 32);
4485 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min);
4486 NLA_PUT_U16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max);
4487 NLA_PUT_U8(msg, NL80211_TXQ_ATTR_AIFS, aifs);
4489 nla_nest_end(msg, params);
4491 nla_nest_end(msg, txq);
4493 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
4500 static int i802_set_bss(void *priv, int cts, int preamble, int slot)
4502 struct i802_bss *bss = priv;
4503 struct wpa_driver_nl80211_data *drv = bss->drv;
4506 msg = nlmsg_alloc();
4510 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4511 NL80211_CMD_SET_BSS, 0);
4514 NLA_PUT_U8(msg, NL80211_ATTR_BSS_CTS_PROT, cts);
4516 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble);
4518 NLA_PUT_U8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot);
4520 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, if_nametoindex(bss->ifname));
4522 return send_and_recv_msgs(drv, msg, NULL, NULL);
4528 static int i802_set_cts_protect(void *priv, int value)
4530 return i802_set_bss(priv, value, -1, -1);
4534 static int i802_set_preamble(void *priv, int value)
4536 return i802_set_bss(priv, -1, value, -1);
4540 static int i802_set_short_slot_time(void *priv, int value)
4542 return i802_set_bss(priv, -1, -1, value);
4546 static int i802_set_sta_vlan(void *priv, const u8 *addr,
4547 const char *ifname, int vlan_id)
4549 struct i802_bss *bss = priv;
4550 struct wpa_driver_nl80211_data *drv = bss->drv;
4554 msg = nlmsg_alloc();
4558 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
4559 0, NL80211_CMD_SET_STATION, 0);
4561 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
4562 if_nametoindex(bss->ifname));
4563 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4564 NLA_PUT_U32(msg, NL80211_ATTR_STA_VLAN,
4565 if_nametoindex(ifname));
4567 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
4569 wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
4570 MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
4571 MAC2STR(addr), ifname, vlan_id, ret,
4579 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val)
4581 struct i802_bss *bss = priv;
4582 struct wpa_driver_nl80211_data *drv = bss->drv;
4583 char name[IFNAMSIZ + 1];
4585 os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
4586 wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
4587 " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
4589 if (nl80211_create_iface(drv, name, NL80211_IFTYPE_AP_VLAN,
4592 linux_set_iface_flags(drv->ioctl_sock, name, 1);
4593 return i802_set_sta_vlan(priv, addr, name, 0);
4595 i802_set_sta_vlan(priv, addr, bss->ifname, 0);
4596 return wpa_driver_nl80211_if_remove(priv, WPA_IF_AP_VLAN,
4602 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
4604 struct wpa_driver_nl80211_data *drv = eloop_ctx;
4605 struct sockaddr_ll lladdr;
4606 unsigned char buf[3000];
4608 socklen_t fromlen = sizeof(lladdr);
4610 len = recvfrom(sock, buf, sizeof(buf), 0,
4611 (struct sockaddr *)&lladdr, &fromlen);
4617 if (have_ifidx(drv, lladdr.sll_ifindex))
4618 drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
4622 static int i802_get_inact_sec(void *priv, const u8 *addr)
4624 struct hostap_sta_driver_data data;
4627 data.inactive_msec = (unsigned long) -1;
4628 ret = i802_read_sta_data(priv, &data, addr);
4629 if (ret || data.inactive_msec == (unsigned long) -1)
4631 return data.inactive_msec / 1000;
4635 static int i802_sta_clear_stats(void *priv, const u8 *addr)
4644 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
4647 struct i802_bss *bss = priv;
4648 struct ieee80211_mgmt mgmt;
4650 memset(&mgmt, 0, sizeof(mgmt));
4651 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
4652 WLAN_FC_STYPE_DEAUTH);
4653 memcpy(mgmt.da, addr, ETH_ALEN);
4654 memcpy(mgmt.sa, own_addr, ETH_ALEN);
4655 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
4656 mgmt.u.deauth.reason_code = host_to_le16(reason);
4657 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
4659 sizeof(mgmt.u.deauth));
4663 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
4666 struct i802_bss *bss = priv;
4667 struct ieee80211_mgmt mgmt;
4669 memset(&mgmt, 0, sizeof(mgmt));
4670 mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
4671 WLAN_FC_STYPE_DISASSOC);
4672 memcpy(mgmt.da, addr, ETH_ALEN);
4673 memcpy(mgmt.sa, own_addr, ETH_ALEN);
4674 memcpy(mgmt.bssid, own_addr, ETH_ALEN);
4675 mgmt.u.disassoc.reason_code = host_to_le16(reason);
4676 return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
4678 sizeof(mgmt.u.disassoc));
4682 static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
4683 const char *brname, const char *ifname)
4686 char in_br[IFNAMSIZ];
4688 os_strlcpy(drv->brname, brname, IFNAMSIZ);
4689 ifindex = if_nametoindex(brname);
4692 * Bridge was configured, but the bridge device does
4693 * not exist. Try to add it now.
4695 if (linux_br_add(drv->ioctl_sock, brname) < 0) {
4696 wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
4697 "bridge interface %s: %s",
4698 brname, strerror(errno));
4701 drv->added_bridge = 1;
4702 add_ifidx(drv, if_nametoindex(brname));
4705 if (linux_br_get(in_br, ifname) == 0) {
4706 if (os_strcmp(in_br, brname) == 0)
4707 return 0; /* already in the bridge */
4709 wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
4710 "bridge %s", ifname, in_br);
4711 if (linux_br_del_if(drv->ioctl_sock, in_br, ifname) < 0) {
4712 wpa_printf(MSG_ERROR, "nl80211: Failed to "
4713 "remove interface %s from bridge "
4715 ifname, brname, strerror(errno));
4720 wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
4722 if (linux_br_add_if(drv->ioctl_sock, brname, ifname) < 0) {
4723 wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s "
4724 "into bridge %s: %s",
4725 ifname, brname, strerror(errno));
4728 drv->added_if_into_bridge = 1;
4734 static void *i802_init(struct hostapd_data *hapd,
4735 struct wpa_init_params *params)
4737 struct wpa_driver_nl80211_data *drv;
4738 struct i802_bss *bss;
4740 char brname[IFNAMSIZ];
4741 int ifindex, br_ifindex;
4744 bss = wpa_driver_nl80211_init(hapd, params->ifname);
4749 if (linux_br_get(brname, params->ifname) == 0) {
4750 wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
4751 params->ifname, brname);
4752 br_ifindex = if_nametoindex(brname);
4758 drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
4759 drv->if_indices = drv->default_if_indices;
4760 for (i = 0; i < params->num_bridge; i++) {
4761 if (params->bridge[i]) {
4762 ifindex = if_nametoindex(params->bridge[i]);
4764 add_ifidx(drv, ifindex);
4765 if (ifindex == br_ifindex)
4769 if (!br_added && br_ifindex &&
4770 (params->num_bridge == 0 || !params->bridge[0]))
4771 add_ifidx(drv, br_ifindex);
4773 /* start listening for EAPOL on the default AP interface */
4774 add_ifidx(drv, drv->ifindex);
4776 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 0))
4779 if (params->bssid) {
4780 if (linux_set_ifhwaddr(drv->ioctl_sock, bss->ifname,
4785 if (wpa_driver_nl80211_set_mode(bss, IEEE80211_MODE_AP)) {
4786 wpa_printf(MSG_ERROR, "nl80211: Failed to set interface %s "
4787 "into AP mode", bss->ifname);
4791 if (params->num_bridge && params->bridge[0] &&
4792 i802_check_bridge(drv, params->bridge[0], params->ifname) < 0)
4795 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1))
4798 drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
4799 if (drv->eapol_sock < 0) {
4800 perror("socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE)");
4804 if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
4806 printf("Could not register read socket for eapol\n");
4810 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, params->own_addr))
4816 nl80211_remove_monitor_interface(drv);
4817 if (drv->ioctl_sock >= 0)
4818 close(drv->ioctl_sock);
4820 genl_family_put(drv->nl80211);
4821 nl_cache_free(drv->nl_cache);
4822 nl_handle_destroy(drv->nl_handle);
4823 nl_cb_put(drv->nl_cb);
4830 static void i802_deinit(void *priv)
4832 wpa_driver_nl80211_deinit(priv);
4835 #endif /* HOSTAPD */
4838 static enum nl80211_iftype wpa_driver_nl80211_if_type(
4839 enum wpa_driver_if_type type)
4842 case WPA_IF_STATION:
4843 return NL80211_IFTYPE_STATION;
4844 case WPA_IF_AP_VLAN:
4845 return NL80211_IFTYPE_AP_VLAN;
4847 return NL80211_IFTYPE_AP;
4853 static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
4854 const char *ifname, const u8 *addr,
4855 void *bss_ctx, void **drv_priv,
4856 char *force_ifname, u8 *if_addr)
4858 struct i802_bss *bss = priv;
4859 struct wpa_driver_nl80211_data *drv = bss->drv;
4862 struct i802_bss *new_bss = NULL;
4864 if (type == WPA_IF_AP_BSS) {
4865 new_bss = os_zalloc(sizeof(*new_bss));
4866 if (new_bss == NULL)
4869 #endif /* HOSTAPD */
4872 os_memcpy(if_addr, addr, ETH_ALEN);
4873 ifidx = nl80211_create_iface(drv, ifname,
4874 wpa_driver_nl80211_if_type(type), addr,
4879 #endif /* HOSTAPD */
4884 linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, if_addr) < 0)
4888 if (type == WPA_IF_AP_BSS) {
4889 if (linux_set_iface_flags(drv->ioctl_sock, ifname, 1)) {
4890 nl80211_remove_iface(drv, ifidx);
4894 os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
4895 new_bss->ifindex = ifidx;
4897 new_bss->next = drv->first_bss.next;
4898 drv->first_bss.next = new_bss;
4900 *drv_priv = new_bss;
4902 #endif /* HOSTAPD */
4908 static int wpa_driver_nl80211_if_remove(void *priv,
4909 enum wpa_driver_if_type type,
4912 struct i802_bss *bss = priv;
4913 struct wpa_driver_nl80211_data *drv = bss->drv;
4914 int ifindex = if_nametoindex(ifname);
4916 wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d",
4917 __func__, type, ifname, ifindex);
4920 nl80211_remove_iface(drv, ifindex);
4923 if (type != WPA_IF_AP_BSS)
4926 if (bss != &drv->first_bss) {
4927 struct i802_bss *tbss = &drv->first_bss;
4930 if (tbss->next != bss)
4933 tbss->next = bss->next;
4938 #endif /* HOSTAPD */
4944 static int cookie_handler(struct nl_msg *msg, void *arg)
4946 struct nlattr *tb[NL80211_ATTR_MAX + 1];
4947 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
4949 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
4950 genlmsg_attrlen(gnlh, 0), NULL);
4951 if (tb[NL80211_ATTR_COOKIE])
4952 *cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
4957 static int wpa_driver_nl80211_send_action(void *priv, unsigned int freq,
4958 const u8 *dst, const u8 *src,
4960 const u8 *data, size_t data_len)
4962 struct i802_bss *bss = priv;
4963 struct wpa_driver_nl80211_data *drv = bss->drv;
4967 struct ieee80211_hdr *hdr;
4970 wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d)",
4973 buf = os_zalloc(24 + data_len);
4976 os_memcpy(buf + 24, data, data_len);
4977 hdr = (struct ieee80211_hdr *) buf;
4978 hdr->frame_control =
4979 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
4980 os_memcpy(hdr->addr1, dst, ETH_ALEN);
4981 os_memcpy(hdr->addr2, src, ETH_ALEN);
4982 os_memcpy(hdr->addr3, bssid, ETH_ALEN);
4984 if (drv->nlmode == NL80211_IFTYPE_AP) {
4985 ret = wpa_driver_nl80211_send_mlme(priv, buf, 24 + data_len);
4990 msg = nlmsg_alloc();
4996 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
4997 NL80211_CMD_ACTION, 0);
4999 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5000 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
5001 NLA_PUT(msg, NL80211_ATTR_FRAME, 24 + data_len, buf);
5006 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
5009 wpa_printf(MSG_DEBUG, "nl80211: Action command failed: ret=%d "
5010 "(%s)", ret, strerror(-ret));
5011 goto nla_put_failure;
5013 wpa_printf(MSG_DEBUG, "nl80211: Action TX command accepted; "
5014 "cookie 0x%llx", (long long unsigned int) cookie);
5015 drv->send_action_cookie = cookie;
5025 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
5026 unsigned int duration)
5028 struct i802_bss *bss = priv;
5029 struct wpa_driver_nl80211_data *drv = bss->drv;
5034 msg = nlmsg_alloc();
5038 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5039 NL80211_CMD_REMAIN_ON_CHANNEL, 0);
5041 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5042 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
5043 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
5046 ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie);
5048 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
5049 "0x%llx for freq=%u MHz duration=%u",
5050 (long long unsigned int) cookie, freq, duration);
5051 drv->remain_on_chan_cookie = cookie;
5054 wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
5055 "(freq=%d): %d (%s)", freq, ret, strerror(-ret));
5061 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
5063 struct i802_bss *bss = priv;
5064 struct wpa_driver_nl80211_data *drv = bss->drv;
5068 if (!drv->pending_remain_on_chan) {
5069 wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
5074 wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
5076 (long long unsigned int) drv->remain_on_chan_cookie);
5078 msg = nlmsg_alloc();
5082 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5083 NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 0);
5085 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
5086 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie);
5088 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5091 wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
5092 "%d (%s)", ret, strerror(-ret));
5098 static void wpa_driver_nl80211_probe_req_report_timeout(void *eloop_ctx,
5101 struct wpa_driver_nl80211_data *drv = eloop_ctx;
5102 if (drv->monitor_ifidx < 0)
5103 return; /* monitor interface already removed */
5105 if (drv->nlmode != NL80211_IFTYPE_STATION)
5106 return; /* not in station mode anymore */
5108 if (drv->probe_req_report)
5109 return; /* reporting enabled */
5111 wpa_printf(MSG_DEBUG, "nl80211: Remove monitor interface due to no "
5112 "Probe Request reporting needed anymore");
5113 nl80211_remove_monitor_interface(drv);
5117 static int wpa_driver_nl80211_probe_req_report(void *priv, int report)
5119 struct i802_bss *bss = priv;
5120 struct wpa_driver_nl80211_data *drv = bss->drv;
5122 if (drv->nlmode != NL80211_IFTYPE_STATION) {
5123 wpa_printf(MSG_DEBUG, "nl80211: probe_req_report control only "
5124 "allowed in station mode (iftype=%d)",
5128 drv->probe_req_report = report;
5131 eloop_cancel_timeout(
5132 wpa_driver_nl80211_probe_req_report_timeout,
5134 if (drv->monitor_ifidx < 0 &&
5135 nl80211_create_monitor_interface(drv))
5139 * It takes a while to remove the monitor interface, so try to
5140 * avoid doing this if it is needed again shortly. Instead,
5141 * schedule the interface to be removed later if no need for it
5144 wpa_printf(MSG_DEBUG, "nl80211: Scheduling monitor interface "
5145 "to be removed after 10 seconds of no use");
5146 eloop_register_timeout(
5147 10, 0, wpa_driver_nl80211_probe_req_report_timeout,
5155 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
5156 int ifindex, int disabled)
5159 struct nlattr *bands, *band;
5162 msg = nlmsg_alloc();
5166 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
5167 NL80211_CMD_SET_TX_BITRATE_MASK, 0);
5168 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, ifindex);
5170 bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
5172 goto nla_put_failure;
5175 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
5176 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
5177 * rates. All 5 GHz rates are left enabled.
5179 band = nla_nest_start(msg, NL80211_BAND_2GHZ);
5181 goto nla_put_failure;
5182 NLA_PUT(msg, NL80211_TXRATE_LEGACY, 8,
5183 "\x0c\x12\x18\x24\x30\x48\x60\x6c");
5184 nla_nest_end(msg, band);
5186 nla_nest_end(msg, bands);
5188 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
5191 wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
5192 "(%s)", ret, strerror(-ret));
5203 static int wpa_driver_nl80211_disable_11b_rates(void *priv, int disabled)
5205 struct i802_bss *bss = priv;
5206 struct wpa_driver_nl80211_data *drv = bss->drv;
5207 drv->disable_11b_rates = disabled;
5208 return nl80211_disable_11b_rates(drv, drv->ifindex, disabled);
5212 static int wpa_driver_nl80211_deinit_ap(void *priv)
5214 struct i802_bss *bss = priv;
5215 struct wpa_driver_nl80211_data *drv = bss->drv;
5216 if (drv->nlmode != NL80211_IFTYPE_AP)
5218 wpa_driver_nl80211_del_beacon(drv);
5219 return wpa_driver_nl80211_set_mode(priv, IEEE80211_MODE_INFRA);
5223 static void wpa_driver_nl80211_resume(void *priv)
5225 struct i802_bss *bss = priv;
5226 struct wpa_driver_nl80211_data *drv = bss->drv;
5227 if (linux_set_iface_flags(drv->ioctl_sock, bss->ifname, 1)) {
5228 wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on "
5234 static int nl80211_send_ft_action(void *priv, u8 action, const u8 *target_ap,
5235 const u8 *ies, size_t ies_len)
5237 struct i802_bss *bss = priv;
5238 struct wpa_driver_nl80211_data *drv = bss->drv;
5242 u8 own_addr[ETH_ALEN];
5244 if (linux_get_ifhwaddr(drv->ioctl_sock, bss->ifname, own_addr) < 0)
5248 wpa_printf(MSG_ERROR, "nl80211: Unsupported send_ft_action "
5249 "action %d", action);
5254 * Action frame payload:
5255 * Category[1] = 6 (Fast BSS Transition)
5256 * Action[1] = 1 (Fast BSS Transition Request)
5262 data_len = 2 + 2 * ETH_ALEN + ies_len;
5263 data = os_malloc(data_len);
5267 *pos++ = 0x06; /* FT Action category */
5269 os_memcpy(pos, own_addr, ETH_ALEN);
5271 os_memcpy(pos, target_ap, ETH_ALEN);
5273 os_memcpy(pos, ies, ies_len);
5275 ret = wpa_driver_nl80211_send_action(bss, drv->assoc_freq, drv->bssid,
5276 own_addr, drv->bssid,
5284 static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
5286 struct i802_bss *bss = priv;
5287 struct wpa_driver_nl80211_data *drv = bss->drv;
5288 struct nl_msg *msg, *cqm = NULL;
5290 wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
5291 "hysteresis=%d", threshold, hysteresis);
5293 msg = nlmsg_alloc();
5297 genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
5298 0, NL80211_CMD_SET_CQM, 0);
5300 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
5302 cqm = nlmsg_alloc();
5306 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_THOLD, threshold);
5307 NLA_PUT_U32(cqm, NL80211_ATTR_CQM_RSSI_HYST, hysteresis);
5308 nla_put_nested(msg, NL80211_ATTR_CQM, cqm);
5310 if (send_and_recv_msgs(drv, msg, NULL, NULL) == 0)
5322 static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len,
5325 struct i802_bss *bss = priv;
5326 struct wpa_driver_nl80211_data *drv = bss->drv;
5327 return wpa_driver_nl80211_send_frame(drv, data, data_len, encrypt);
5331 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
5333 .desc = "Linux nl80211/cfg80211",
5334 .get_bssid = wpa_driver_nl80211_get_bssid,
5335 .get_ssid = wpa_driver_nl80211_get_ssid,
5336 .set_key = wpa_driver_nl80211_set_key,
5337 .scan2 = wpa_driver_nl80211_scan,
5338 .get_scan_results2 = wpa_driver_nl80211_get_scan_results,
5339 .deauthenticate = wpa_driver_nl80211_deauthenticate,
5340 .disassociate = wpa_driver_nl80211_disassociate,
5341 .authenticate = wpa_driver_nl80211_authenticate,
5342 .associate = wpa_driver_nl80211_associate,
5343 .init = wpa_driver_nl80211_init,
5344 .deinit = wpa_driver_nl80211_deinit,
5345 .get_capa = wpa_driver_nl80211_get_capa,
5346 .set_operstate = wpa_driver_nl80211_set_operstate,
5347 .set_supp_port = wpa_driver_nl80211_set_supp_port,
5348 .set_country = wpa_driver_nl80211_set_country,
5349 .set_beacon = wpa_driver_nl80211_set_beacon,
5350 .if_add = wpa_driver_nl80211_if_add,
5351 .if_remove = wpa_driver_nl80211_if_remove,
5352 .send_mlme = wpa_driver_nl80211_send_mlme,
5353 .get_hw_feature_data = wpa_driver_nl80211_get_hw_feature_data,
5354 .sta_add = wpa_driver_nl80211_sta_add,
5355 .sta_remove = wpa_driver_nl80211_sta_remove,
5356 .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
5357 .sta_set_flags = wpa_driver_nl80211_sta_set_flags,
5359 .hapd_init = i802_init,
5360 .hapd_deinit = i802_deinit,
5361 .get_seqnum = i802_get_seqnum,
5362 .flush = i802_flush,
5363 .read_sta_data = i802_read_sta_data,
5364 .sta_deauth = i802_sta_deauth,
5365 .sta_disassoc = i802_sta_disassoc,
5366 .get_inact_sec = i802_get_inact_sec,
5367 .sta_clear_stats = i802_sta_clear_stats,
5368 .set_rts = i802_set_rts,
5369 .set_frag = i802_set_frag,
5370 .set_rate_sets = i802_set_rate_sets,
5371 .set_cts_protect = i802_set_cts_protect,
5372 .set_preamble = i802_set_preamble,
5373 .set_short_slot_time = i802_set_short_slot_time,
5374 .set_tx_queue_params = i802_set_tx_queue_params,
5375 .set_sta_vlan = i802_set_sta_vlan,
5376 .set_wds_sta = i802_set_wds_sta,
5377 #endif /* HOSTAPD */
5378 .set_freq = i802_set_freq,
5379 .send_action = wpa_driver_nl80211_send_action,
5380 .remain_on_channel = wpa_driver_nl80211_remain_on_channel,
5381 .cancel_remain_on_channel =
5382 wpa_driver_nl80211_cancel_remain_on_channel,
5383 .probe_req_report = wpa_driver_nl80211_probe_req_report,
5384 .disable_11b_rates = wpa_driver_nl80211_disable_11b_rates,
5385 .deinit_ap = wpa_driver_nl80211_deinit_ap,
5386 .resume = wpa_driver_nl80211_resume,
5387 .send_ft_action = nl80211_send_ft_action,
5388 .signal_monitor = nl80211_signal_monitor,
5389 .send_frame = nl80211_send_frame,