1 /* 2 * Driver interaction with Linux nl80211/cfg80211 - Event processing 3 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 5 * Copyright (c) 2009-2010, Atheros Communications 6 * 7 * This software may be distributed under the terms of the BSD license. 8 * See README for more details. 9 */ 10 11 #include "includes.h" 12 #include <netlink/genl/genl.h> 13 14 #include "utils/common.h" 15 #include "utils/eloop.h" 16 #include "common/qca-vendor.h" 17 #include "common/qca-vendor-attr.h" 18 #include "common/ieee802_11_defs.h" 19 #include "common/ieee802_11_common.h" 20 #include "driver_nl80211.h" 21 22 23 static const char * nl80211_command_to_string(enum nl80211_commands cmd) 24 { 25 #define C2S(x) case x: return #x; 26 switch (cmd) { 27 C2S(NL80211_CMD_UNSPEC) 28 C2S(NL80211_CMD_GET_WIPHY) 29 C2S(NL80211_CMD_SET_WIPHY) 30 C2S(NL80211_CMD_NEW_WIPHY) 31 C2S(NL80211_CMD_DEL_WIPHY) 32 C2S(NL80211_CMD_GET_INTERFACE) 33 C2S(NL80211_CMD_SET_INTERFACE) 34 C2S(NL80211_CMD_NEW_INTERFACE) 35 C2S(NL80211_CMD_DEL_INTERFACE) 36 C2S(NL80211_CMD_GET_KEY) 37 C2S(NL80211_CMD_SET_KEY) 38 C2S(NL80211_CMD_NEW_KEY) 39 C2S(NL80211_CMD_DEL_KEY) 40 C2S(NL80211_CMD_GET_BEACON) 41 C2S(NL80211_CMD_SET_BEACON) 42 C2S(NL80211_CMD_START_AP) 43 C2S(NL80211_CMD_STOP_AP) 44 C2S(NL80211_CMD_GET_STATION) 45 C2S(NL80211_CMD_SET_STATION) 46 C2S(NL80211_CMD_NEW_STATION) 47 C2S(NL80211_CMD_DEL_STATION) 48 C2S(NL80211_CMD_GET_MPATH) 49 C2S(NL80211_CMD_SET_MPATH) 50 C2S(NL80211_CMD_NEW_MPATH) 51 C2S(NL80211_CMD_DEL_MPATH) 52 C2S(NL80211_CMD_SET_BSS) 53 C2S(NL80211_CMD_SET_REG) 54 C2S(NL80211_CMD_REQ_SET_REG) 55 C2S(NL80211_CMD_GET_MESH_CONFIG) 56 C2S(NL80211_CMD_SET_MESH_CONFIG) 57 C2S(NL80211_CMD_SET_MGMT_EXTRA_IE) 58 C2S(NL80211_CMD_GET_REG) 59 C2S(NL80211_CMD_GET_SCAN) 60 C2S(NL80211_CMD_TRIGGER_SCAN) 61 C2S(NL80211_CMD_NEW_SCAN_RESULTS) 62 C2S(NL80211_CMD_SCAN_ABORTED) 63 C2S(NL80211_CMD_REG_CHANGE) 64 C2S(NL80211_CMD_AUTHENTICATE) 65 C2S(NL80211_CMD_ASSOCIATE) 66 C2S(NL80211_CMD_DEAUTHENTICATE) 67 C2S(NL80211_CMD_DISASSOCIATE) 68 C2S(NL80211_CMD_MICHAEL_MIC_FAILURE) 69 C2S(NL80211_CMD_REG_BEACON_HINT) 70 C2S(NL80211_CMD_JOIN_IBSS) 71 C2S(NL80211_CMD_LEAVE_IBSS) 72 C2S(NL80211_CMD_TESTMODE) 73 C2S(NL80211_CMD_CONNECT) 74 C2S(NL80211_CMD_ROAM) 75 C2S(NL80211_CMD_DISCONNECT) 76 C2S(NL80211_CMD_SET_WIPHY_NETNS) 77 C2S(NL80211_CMD_GET_SURVEY) 78 C2S(NL80211_CMD_NEW_SURVEY_RESULTS) 79 C2S(NL80211_CMD_SET_PMKSA) 80 C2S(NL80211_CMD_DEL_PMKSA) 81 C2S(NL80211_CMD_FLUSH_PMKSA) 82 C2S(NL80211_CMD_REMAIN_ON_CHANNEL) 83 C2S(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL) 84 C2S(NL80211_CMD_SET_TX_BITRATE_MASK) 85 C2S(NL80211_CMD_REGISTER_FRAME) 86 C2S(NL80211_CMD_FRAME) 87 C2S(NL80211_CMD_FRAME_TX_STATUS) 88 C2S(NL80211_CMD_SET_POWER_SAVE) 89 C2S(NL80211_CMD_GET_POWER_SAVE) 90 C2S(NL80211_CMD_SET_CQM) 91 C2S(NL80211_CMD_NOTIFY_CQM) 92 C2S(NL80211_CMD_SET_CHANNEL) 93 C2S(NL80211_CMD_SET_WDS_PEER) 94 C2S(NL80211_CMD_FRAME_WAIT_CANCEL) 95 C2S(NL80211_CMD_JOIN_MESH) 96 C2S(NL80211_CMD_LEAVE_MESH) 97 C2S(NL80211_CMD_UNPROT_DEAUTHENTICATE) 98 C2S(NL80211_CMD_UNPROT_DISASSOCIATE) 99 C2S(NL80211_CMD_NEW_PEER_CANDIDATE) 100 C2S(NL80211_CMD_GET_WOWLAN) 101 C2S(NL80211_CMD_SET_WOWLAN) 102 C2S(NL80211_CMD_START_SCHED_SCAN) 103 C2S(NL80211_CMD_STOP_SCHED_SCAN) 104 C2S(NL80211_CMD_SCHED_SCAN_RESULTS) 105 C2S(NL80211_CMD_SCHED_SCAN_STOPPED) 106 C2S(NL80211_CMD_SET_REKEY_OFFLOAD) 107 C2S(NL80211_CMD_PMKSA_CANDIDATE) 108 C2S(NL80211_CMD_TDLS_OPER) 109 C2S(NL80211_CMD_TDLS_MGMT) 110 C2S(NL80211_CMD_UNEXPECTED_FRAME) 111 C2S(NL80211_CMD_PROBE_CLIENT) 112 C2S(NL80211_CMD_REGISTER_BEACONS) 113 C2S(NL80211_CMD_UNEXPECTED_4ADDR_FRAME) 114 C2S(NL80211_CMD_SET_NOACK_MAP) 115 C2S(NL80211_CMD_CH_SWITCH_NOTIFY) 116 C2S(NL80211_CMD_START_P2P_DEVICE) 117 C2S(NL80211_CMD_STOP_P2P_DEVICE) 118 C2S(NL80211_CMD_CONN_FAILED) 119 C2S(NL80211_CMD_SET_MCAST_RATE) 120 C2S(NL80211_CMD_SET_MAC_ACL) 121 C2S(NL80211_CMD_RADAR_DETECT) 122 C2S(NL80211_CMD_GET_PROTOCOL_FEATURES) 123 C2S(NL80211_CMD_UPDATE_FT_IES) 124 C2S(NL80211_CMD_FT_EVENT) 125 C2S(NL80211_CMD_CRIT_PROTOCOL_START) 126 C2S(NL80211_CMD_CRIT_PROTOCOL_STOP) 127 C2S(NL80211_CMD_GET_COALESCE) 128 C2S(NL80211_CMD_SET_COALESCE) 129 C2S(NL80211_CMD_CHANNEL_SWITCH) 130 C2S(NL80211_CMD_VENDOR) 131 C2S(NL80211_CMD_SET_QOS_MAP) 132 C2S(NL80211_CMD_ADD_TX_TS) 133 C2S(NL80211_CMD_DEL_TX_TS) 134 default: 135 return "NL80211_CMD_UNKNOWN"; 136 } 137 #undef C2S 138 } 139 140 141 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 142 const u8 *frame, size_t len) 143 { 144 const struct ieee80211_mgmt *mgmt; 145 union wpa_event_data event; 146 147 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME) && 148 drv->force_connect_cmd) { 149 /* 150 * Avoid reporting two association events that would confuse 151 * the core code. 152 */ 153 wpa_printf(MSG_DEBUG, 154 "nl80211: Ignore auth event when using driver SME"); 155 return; 156 } 157 158 wpa_printf(MSG_DEBUG, "nl80211: Authenticate event"); 159 mgmt = (const struct ieee80211_mgmt *) frame; 160 if (len < 24 + sizeof(mgmt->u.auth)) { 161 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 162 "frame"); 163 return; 164 } 165 166 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 167 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 168 os_memset(&event, 0, sizeof(event)); 169 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 170 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 171 event.auth.auth_transaction = 172 le_to_host16(mgmt->u.auth.auth_transaction); 173 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 174 if (len > 24 + sizeof(mgmt->u.auth)) { 175 event.auth.ies = mgmt->u.auth.variable; 176 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 177 } 178 179 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 180 } 181 182 183 static void nl80211_parse_wmm_params(struct nlattr *wmm_attr, 184 struct wmm_params *wmm_params) 185 { 186 struct nlattr *wmm_info[NL80211_STA_WME_MAX + 1]; 187 static struct nla_policy wme_policy[NL80211_STA_WME_MAX + 1] = { 188 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 189 }; 190 191 if (!wmm_attr || 192 nla_parse_nested(wmm_info, NL80211_STA_WME_MAX, wmm_attr, 193 wme_policy) || 194 !wmm_info[NL80211_STA_WME_UAPSD_QUEUES]) 195 return; 196 197 wmm_params->uapsd_queues = 198 nla_get_u8(wmm_info[NL80211_STA_WME_UAPSD_QUEUES]); 199 wmm_params->info_bitmap |= WMM_PARAMS_UAPSD_QUEUES_INFO; 200 } 201 202 203 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 204 const u8 *frame, size_t len, struct nlattr *wmm) 205 { 206 const struct ieee80211_mgmt *mgmt; 207 union wpa_event_data event; 208 u16 status; 209 210 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME) && 211 drv->force_connect_cmd) { 212 /* 213 * Avoid reporting two association events that would confuse 214 * the core code. 215 */ 216 wpa_printf(MSG_DEBUG, 217 "nl80211: Ignore assoc event when using driver SME"); 218 return; 219 } 220 221 wpa_printf(MSG_DEBUG, "nl80211: Associate event"); 222 mgmt = (const struct ieee80211_mgmt *) frame; 223 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 224 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 225 "frame"); 226 return; 227 } 228 229 status = le_to_host16(mgmt->u.assoc_resp.status_code); 230 if (status != WLAN_STATUS_SUCCESS) { 231 os_memset(&event, 0, sizeof(event)); 232 event.assoc_reject.bssid = mgmt->bssid; 233 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 234 event.assoc_reject.resp_ies = 235 (u8 *) mgmt->u.assoc_resp.variable; 236 event.assoc_reject.resp_ies_len = 237 len - 24 - sizeof(mgmt->u.assoc_resp); 238 } 239 event.assoc_reject.status_code = status; 240 241 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 242 return; 243 } 244 245 drv->associated = 1; 246 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 247 os_memcpy(drv->prev_bssid, mgmt->sa, ETH_ALEN); 248 249 os_memset(&event, 0, sizeof(event)); 250 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 251 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 252 event.assoc_info.resp_ies_len = 253 len - 24 - sizeof(mgmt->u.assoc_resp); 254 } 255 256 event.assoc_info.freq = drv->assoc_freq; 257 258 nl80211_parse_wmm_params(wmm, &event.assoc_info.wmm_params); 259 260 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 261 } 262 263 264 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 265 enum nl80211_commands cmd, struct nlattr *status, 266 struct nlattr *addr, struct nlattr *req_ie, 267 struct nlattr *resp_ie, 268 struct nlattr *authorized, 269 struct nlattr *key_replay_ctr, 270 struct nlattr *ptk_kck, 271 struct nlattr *ptk_kek) 272 { 273 union wpa_event_data event; 274 const u8 *ssid; 275 u16 status_code; 276 277 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 278 /* 279 * Avoid reporting two association events that would confuse 280 * the core code. 281 */ 282 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 283 "when using userspace SME", cmd); 284 return; 285 } 286 287 status_code = status ? nla_get_u16(status) : WLAN_STATUS_SUCCESS; 288 289 if (cmd == NL80211_CMD_CONNECT) { 290 wpa_printf(MSG_DEBUG, 291 "nl80211: Connect event (status=%u ignore_next_local_disconnect=%d)", 292 status_code, drv->ignore_next_local_disconnect); 293 } else if (cmd == NL80211_CMD_ROAM) { 294 wpa_printf(MSG_DEBUG, "nl80211: Roam event"); 295 } 296 297 os_memset(&event, 0, sizeof(event)); 298 if (cmd == NL80211_CMD_CONNECT && status_code != WLAN_STATUS_SUCCESS) { 299 if (addr) 300 event.assoc_reject.bssid = nla_data(addr); 301 if (drv->ignore_next_local_disconnect) { 302 drv->ignore_next_local_disconnect = 0; 303 if (!event.assoc_reject.bssid || 304 (os_memcmp(event.assoc_reject.bssid, 305 drv->auth_attempt_bssid, 306 ETH_ALEN) != 0)) { 307 /* 308 * Ignore the event that came without a BSSID or 309 * for the old connection since this is likely 310 * not relevant to the new Connect command. 311 */ 312 wpa_printf(MSG_DEBUG, 313 "nl80211: Ignore connection failure event triggered during reassociation"); 314 return; 315 } 316 } 317 if (resp_ie) { 318 event.assoc_reject.resp_ies = nla_data(resp_ie); 319 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 320 } 321 event.assoc_reject.status_code = status_code; 322 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 323 return; 324 } 325 326 drv->associated = 1; 327 if (addr) { 328 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 329 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 330 } 331 332 if (req_ie) { 333 event.assoc_info.req_ies = nla_data(req_ie); 334 event.assoc_info.req_ies_len = nla_len(req_ie); 335 336 if (cmd == NL80211_CMD_ROAM) { 337 ssid = nl80211_get_ie(event.assoc_info.req_ies, 338 event.assoc_info.req_ies_len, 339 WLAN_EID_SSID); 340 if (ssid && ssid[1] > 0 && ssid[1] <= 32) { 341 drv->ssid_len = ssid[1]; 342 os_memcpy(drv->ssid, ssid + 2, ssid[1]); 343 } 344 } 345 } 346 if (resp_ie) { 347 event.assoc_info.resp_ies = nla_data(resp_ie); 348 event.assoc_info.resp_ies_len = nla_len(resp_ie); 349 } 350 351 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 352 353 if (authorized && nla_get_u8(authorized)) { 354 event.assoc_info.authorized = 1; 355 wpa_printf(MSG_DEBUG, "nl80211: connection authorized"); 356 } 357 if (key_replay_ctr) { 358 event.assoc_info.key_replay_ctr = nla_data(key_replay_ctr); 359 event.assoc_info.key_replay_ctr_len = nla_len(key_replay_ctr); 360 } 361 if (ptk_kck) { 362 event.assoc_info.ptk_kck = nla_data(ptk_kck); 363 event.assoc_info.ptk_kck_len = nla_len(ptk_kck); 364 } 365 if (ptk_kek) { 366 event.assoc_info.ptk_kek = nla_data(ptk_kek); 367 event.assoc_info.ptk_kek_len = nla_len(ptk_kek); 368 } 369 370 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 371 } 372 373 374 static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv, 375 struct nlattr *reason, struct nlattr *addr, 376 struct nlattr *by_ap) 377 { 378 union wpa_event_data data; 379 unsigned int locally_generated = by_ap == NULL; 380 381 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 382 /* 383 * Avoid reporting two disassociation events that could 384 * confuse the core code. 385 */ 386 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 387 "event when using userspace SME"); 388 return; 389 } 390 391 if (drv->ignore_next_local_disconnect) { 392 drv->ignore_next_local_disconnect = 0; 393 if (locally_generated) { 394 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 395 "event triggered during reassociation"); 396 return; 397 } 398 wpa_printf(MSG_WARNING, "nl80211: Was expecting local " 399 "disconnect but got another disconnect " 400 "event first"); 401 } 402 403 wpa_printf(MSG_DEBUG, "nl80211: Disconnect event"); 404 nl80211_mark_disconnected(drv); 405 os_memset(&data, 0, sizeof(data)); 406 if (reason) 407 data.deauth_info.reason_code = nla_get_u16(reason); 408 data.deauth_info.locally_generated = by_ap == NULL; 409 wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, &data); 410 } 411 412 413 static int calculate_chan_offset(int width, int freq, int cf1, int cf2) 414 { 415 int freq1 = 0; 416 417 switch (convert2width(width)) { 418 case CHAN_WIDTH_20_NOHT: 419 case CHAN_WIDTH_20: 420 return 0; 421 case CHAN_WIDTH_40: 422 freq1 = cf1 - 10; 423 break; 424 case CHAN_WIDTH_80: 425 freq1 = cf1 - 30; 426 break; 427 case CHAN_WIDTH_160: 428 freq1 = cf1 - 70; 429 break; 430 case CHAN_WIDTH_UNKNOWN: 431 case CHAN_WIDTH_80P80: 432 /* FIXME: implement this */ 433 return 0; 434 } 435 436 return (abs(freq - freq1) / 20) % 2 == 0 ? 1 : -1; 437 } 438 439 440 static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv, 441 struct nlattr *ifindex, struct nlattr *freq, 442 struct nlattr *type, struct nlattr *bw, 443 struct nlattr *cf1, struct nlattr *cf2) 444 { 445 struct i802_bss *bss; 446 union wpa_event_data data; 447 int ht_enabled = 1; 448 int chan_offset = 0; 449 int ifidx; 450 451 wpa_printf(MSG_DEBUG, "nl80211: Channel switch event"); 452 453 if (!freq) 454 return; 455 456 ifidx = nla_get_u32(ifindex); 457 bss = get_bss_ifindex(drv, ifidx); 458 if (bss == NULL) { 459 wpa_printf(MSG_WARNING, "nl80211: Unknown ifindex (%d) for channel switch, ignoring", 460 ifidx); 461 return; 462 } 463 464 if (type) { 465 enum nl80211_channel_type ch_type = nla_get_u32(type); 466 467 wpa_printf(MSG_DEBUG, "nl80211: Channel type: %d", ch_type); 468 switch (ch_type) { 469 case NL80211_CHAN_NO_HT: 470 ht_enabled = 0; 471 break; 472 case NL80211_CHAN_HT20: 473 break; 474 case NL80211_CHAN_HT40PLUS: 475 chan_offset = 1; 476 break; 477 case NL80211_CHAN_HT40MINUS: 478 chan_offset = -1; 479 break; 480 } 481 } else if (bw && cf1) { 482 /* This can happen for example with VHT80 ch switch */ 483 chan_offset = calculate_chan_offset(nla_get_u32(bw), 484 nla_get_u32(freq), 485 nla_get_u32(cf1), 486 cf2 ? nla_get_u32(cf2) : 0); 487 } else { 488 wpa_printf(MSG_WARNING, "nl80211: Unknown secondary channel information - following channel definition calculations may fail"); 489 } 490 491 os_memset(&data, 0, sizeof(data)); 492 data.ch_switch.freq = nla_get_u32(freq); 493 data.ch_switch.ht_enabled = ht_enabled; 494 data.ch_switch.ch_offset = chan_offset; 495 if (bw) 496 data.ch_switch.ch_width = convert2width(nla_get_u32(bw)); 497 if (cf1) 498 data.ch_switch.cf1 = nla_get_u32(cf1); 499 if (cf2) 500 data.ch_switch.cf2 = nla_get_u32(cf2); 501 502 bss->freq = data.ch_switch.freq; 503 504 wpa_supplicant_event(bss->ctx, EVENT_CH_SWITCH, &data); 505 } 506 507 508 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 509 enum nl80211_commands cmd, struct nlattr *addr) 510 { 511 union wpa_event_data event; 512 enum wpa_event_type ev; 513 514 if (nla_len(addr) != ETH_ALEN) 515 return; 516 517 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 518 cmd, MAC2STR((u8 *) nla_data(addr))); 519 520 if (cmd == NL80211_CMD_AUTHENTICATE) 521 ev = EVENT_AUTH_TIMED_OUT; 522 else if (cmd == NL80211_CMD_ASSOCIATE) 523 ev = EVENT_ASSOC_TIMED_OUT; 524 else 525 return; 526 527 os_memset(&event, 0, sizeof(event)); 528 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 529 wpa_supplicant_event(drv->ctx, ev, &event); 530 } 531 532 533 static void mlme_event_mgmt(struct i802_bss *bss, 534 struct nlattr *freq, struct nlattr *sig, 535 const u8 *frame, size_t len) 536 { 537 struct wpa_driver_nl80211_data *drv = bss->drv; 538 const struct ieee80211_mgmt *mgmt; 539 union wpa_event_data event; 540 u16 fc, stype; 541 int ssi_signal = 0; 542 int rx_freq = 0; 543 544 wpa_printf(MSG_MSGDUMP, "nl80211: Frame event"); 545 mgmt = (const struct ieee80211_mgmt *) frame; 546 if (len < 24) { 547 wpa_printf(MSG_DEBUG, "nl80211: Too short management frame"); 548 return; 549 } 550 551 fc = le_to_host16(mgmt->frame_control); 552 stype = WLAN_FC_GET_STYPE(fc); 553 554 if (sig) 555 ssi_signal = (s32) nla_get_u32(sig); 556 557 os_memset(&event, 0, sizeof(event)); 558 if (freq) { 559 event.rx_mgmt.freq = nla_get_u32(freq); 560 rx_freq = drv->last_mgmt_freq = event.rx_mgmt.freq; 561 } 562 wpa_printf(MSG_DEBUG, 563 "nl80211: RX frame sa=" MACSTR 564 " freq=%d ssi_signal=%d fc=0x%x seq_ctrl=0x%x stype=%u (%s) len=%u", 565 MAC2STR(mgmt->sa), rx_freq, ssi_signal, fc, 566 le_to_host16(mgmt->seq_ctrl), stype, fc2str(fc), 567 (unsigned int) len); 568 event.rx_mgmt.frame = frame; 569 event.rx_mgmt.frame_len = len; 570 event.rx_mgmt.ssi_signal = ssi_signal; 571 event.rx_mgmt.drv_priv = bss; 572 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 573 } 574 575 576 static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv, 577 struct nlattr *cookie, const u8 *frame, 578 size_t len, struct nlattr *ack) 579 { 580 union wpa_event_data event; 581 const struct ieee80211_hdr *hdr; 582 u16 fc; 583 584 wpa_printf(MSG_DEBUG, "nl80211: Frame TX status event"); 585 if (!is_ap_interface(drv->nlmode)) { 586 u64 cookie_val; 587 588 if (!cookie) 589 return; 590 591 cookie_val = nla_get_u64(cookie); 592 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:" 593 " cookie=0%llx%s (ack=%d)", 594 (long long unsigned int) cookie_val, 595 cookie_val == drv->send_action_cookie ? 596 " (match)" : " (unknown)", ack != NULL); 597 if (cookie_val != drv->send_action_cookie) 598 return; 599 } 600 601 hdr = (const struct ieee80211_hdr *) frame; 602 fc = le_to_host16(hdr->frame_control); 603 604 os_memset(&event, 0, sizeof(event)); 605 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 606 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 607 event.tx_status.dst = hdr->addr1; 608 event.tx_status.data = frame; 609 event.tx_status.data_len = len; 610 event.tx_status.ack = ack != NULL; 611 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 612 } 613 614 615 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 616 enum wpa_event_type type, 617 const u8 *frame, size_t len) 618 { 619 const struct ieee80211_mgmt *mgmt; 620 union wpa_event_data event; 621 const u8 *bssid = NULL; 622 u16 reason_code = 0; 623 624 if (type == EVENT_DEAUTH) 625 wpa_printf(MSG_DEBUG, "nl80211: Deauthenticate event"); 626 else 627 wpa_printf(MSG_DEBUG, "nl80211: Disassociate event"); 628 629 mgmt = (const struct ieee80211_mgmt *) frame; 630 if (len >= 24) { 631 bssid = mgmt->bssid; 632 633 if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) && 634 !drv->associated && 635 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0 && 636 os_memcmp(bssid, drv->auth_attempt_bssid, ETH_ALEN) != 0 && 637 os_memcmp(bssid, drv->prev_bssid, ETH_ALEN) == 0) { 638 /* 639 * Avoid issues with some roaming cases where 640 * disconnection event for the old AP may show up after 641 * we have started connection with the new AP. 642 */ 643 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth/disassoc event from old AP " MACSTR " when already authenticating with " MACSTR, 644 MAC2STR(bssid), 645 MAC2STR(drv->auth_attempt_bssid)); 646 return; 647 } 648 649 if (drv->associated != 0 && 650 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 651 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 652 /* 653 * We have presumably received this deauth as a 654 * response to a clear_state_mismatch() outgoing 655 * deauth. Don't let it take us offline! 656 */ 657 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 658 "from Unknown BSSID " MACSTR " -- ignoring", 659 MAC2STR(bssid)); 660 return; 661 } 662 } 663 664 nl80211_mark_disconnected(drv); 665 os_memset(&event, 0, sizeof(event)); 666 667 /* Note: Same offset for Reason Code in both frame subtypes */ 668 if (len >= 24 + sizeof(mgmt->u.deauth)) 669 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 670 671 if (type == EVENT_DISASSOC) { 672 event.disassoc_info.locally_generated = 673 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 674 event.disassoc_info.addr = bssid; 675 event.disassoc_info.reason_code = reason_code; 676 if (frame + len > mgmt->u.disassoc.variable) { 677 event.disassoc_info.ie = mgmt->u.disassoc.variable; 678 event.disassoc_info.ie_len = frame + len - 679 mgmt->u.disassoc.variable; 680 } 681 } else { 682 if (drv->ignore_deauth_event) { 683 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event due to previous forced deauth-during-auth"); 684 drv->ignore_deauth_event = 0; 685 return; 686 } 687 event.deauth_info.locally_generated = 688 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 689 if (drv->ignore_next_local_deauth) { 690 drv->ignore_next_local_deauth = 0; 691 if (event.deauth_info.locally_generated) { 692 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event triggered due to own deauth request"); 693 return; 694 } 695 wpa_printf(MSG_WARNING, "nl80211: Was expecting local deauth but got another disconnect event first"); 696 } 697 event.deauth_info.addr = bssid; 698 event.deauth_info.reason_code = reason_code; 699 if (frame + len > mgmt->u.deauth.variable) { 700 event.deauth_info.ie = mgmt->u.deauth.variable; 701 event.deauth_info.ie_len = frame + len - 702 mgmt->u.deauth.variable; 703 } 704 } 705 706 wpa_supplicant_event(drv->ctx, type, &event); 707 } 708 709 710 static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 711 enum wpa_event_type type, 712 const u8 *frame, size_t len) 713 { 714 const struct ieee80211_mgmt *mgmt; 715 union wpa_event_data event; 716 u16 reason_code = 0; 717 718 if (type == EVENT_UNPROT_DEAUTH) 719 wpa_printf(MSG_DEBUG, "nl80211: Unprot Deauthenticate event"); 720 else 721 wpa_printf(MSG_DEBUG, "nl80211: Unprot Disassociate event"); 722 723 if (len < 24) 724 return; 725 726 mgmt = (const struct ieee80211_mgmt *) frame; 727 728 os_memset(&event, 0, sizeof(event)); 729 /* Note: Same offset for Reason Code in both frame subtypes */ 730 if (len >= 24 + sizeof(mgmt->u.deauth)) 731 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 732 733 if (type == EVENT_UNPROT_DISASSOC) { 734 event.unprot_disassoc.sa = mgmt->sa; 735 event.unprot_disassoc.da = mgmt->da; 736 event.unprot_disassoc.reason_code = reason_code; 737 } else { 738 event.unprot_deauth.sa = mgmt->sa; 739 event.unprot_deauth.da = mgmt->da; 740 event.unprot_deauth.reason_code = reason_code; 741 } 742 743 wpa_supplicant_event(drv->ctx, type, &event); 744 } 745 746 747 static void mlme_event(struct i802_bss *bss, 748 enum nl80211_commands cmd, struct nlattr *frame, 749 struct nlattr *addr, struct nlattr *timed_out, 750 struct nlattr *freq, struct nlattr *ack, 751 struct nlattr *cookie, struct nlattr *sig, 752 struct nlattr *wmm) 753 { 754 struct wpa_driver_nl80211_data *drv = bss->drv; 755 const u8 *data; 756 size_t len; 757 758 if (timed_out && addr) { 759 mlme_timeout_event(drv, cmd, addr); 760 return; 761 } 762 763 if (frame == NULL) { 764 wpa_printf(MSG_DEBUG, 765 "nl80211: MLME event %d (%s) without frame data", 766 cmd, nl80211_command_to_string(cmd)); 767 return; 768 } 769 770 data = nla_data(frame); 771 len = nla_len(frame); 772 if (len < 4 + 2 * ETH_ALEN) { 773 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" 774 MACSTR ") - too short", 775 cmd, nl80211_command_to_string(cmd), bss->ifname, 776 MAC2STR(bss->addr)); 777 return; 778 } 779 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" MACSTR 780 ") A1=" MACSTR " A2=" MACSTR, cmd, 781 nl80211_command_to_string(cmd), bss->ifname, 782 MAC2STR(bss->addr), MAC2STR(data + 4), 783 MAC2STR(data + 4 + ETH_ALEN)); 784 if (cmd != NL80211_CMD_FRAME_TX_STATUS && !(data[4] & 0x01) && 785 os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 && 786 os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) { 787 wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event " 788 "for foreign address", bss->ifname); 789 return; 790 } 791 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 792 nla_data(frame), nla_len(frame)); 793 794 switch (cmd) { 795 case NL80211_CMD_AUTHENTICATE: 796 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 797 break; 798 case NL80211_CMD_ASSOCIATE: 799 mlme_event_assoc(drv, nla_data(frame), nla_len(frame), wmm); 800 break; 801 case NL80211_CMD_DEAUTHENTICATE: 802 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 803 nla_data(frame), nla_len(frame)); 804 break; 805 case NL80211_CMD_DISASSOCIATE: 806 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 807 nla_data(frame), nla_len(frame)); 808 break; 809 case NL80211_CMD_FRAME: 810 mlme_event_mgmt(bss, freq, sig, nla_data(frame), 811 nla_len(frame)); 812 break; 813 case NL80211_CMD_FRAME_TX_STATUS: 814 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame), 815 nla_len(frame), ack); 816 break; 817 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 818 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 819 nla_data(frame), nla_len(frame)); 820 break; 821 case NL80211_CMD_UNPROT_DISASSOCIATE: 822 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 823 nla_data(frame), nla_len(frame)); 824 break; 825 default: 826 break; 827 } 828 } 829 830 831 static void mlme_event_michael_mic_failure(struct i802_bss *bss, 832 struct nlattr *tb[]) 833 { 834 union wpa_event_data data; 835 836 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 837 os_memset(&data, 0, sizeof(data)); 838 if (tb[NL80211_ATTR_MAC]) { 839 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 840 nla_data(tb[NL80211_ATTR_MAC]), 841 nla_len(tb[NL80211_ATTR_MAC])); 842 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 843 } 844 if (tb[NL80211_ATTR_KEY_SEQ]) { 845 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 846 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 847 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 848 } 849 if (tb[NL80211_ATTR_KEY_TYPE]) { 850 enum nl80211_key_type key_type = 851 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 852 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 853 if (key_type == NL80211_KEYTYPE_PAIRWISE) 854 data.michael_mic_failure.unicast = 1; 855 } else 856 data.michael_mic_failure.unicast = 1; 857 858 if (tb[NL80211_ATTR_KEY_IDX]) { 859 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 860 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 861 } 862 863 wpa_supplicant_event(bss->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 864 } 865 866 867 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 868 struct nlattr *tb[]) 869 { 870 unsigned int freq; 871 872 if (tb[NL80211_ATTR_MAC] == NULL) { 873 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 874 "event"); 875 return; 876 } 877 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 878 879 drv->associated = 1; 880 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 881 MAC2STR(drv->bssid)); 882 883 freq = nl80211_get_assoc_freq(drv); 884 if (freq) { 885 wpa_printf(MSG_DEBUG, "nl80211: IBSS on frequency %u MHz", 886 freq); 887 drv->first_bss->freq = freq; 888 } 889 890 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 891 } 892 893 894 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 895 int cancel_event, struct nlattr *tb[]) 896 { 897 unsigned int freq, chan_type, duration; 898 union wpa_event_data data; 899 u64 cookie; 900 901 if (tb[NL80211_ATTR_WIPHY_FREQ]) 902 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 903 else 904 freq = 0; 905 906 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 907 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 908 else 909 chan_type = 0; 910 911 if (tb[NL80211_ATTR_DURATION]) 912 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 913 else 914 duration = 0; 915 916 if (tb[NL80211_ATTR_COOKIE]) 917 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 918 else 919 cookie = 0; 920 921 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 922 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 923 cancel_event, freq, chan_type, duration, 924 (long long unsigned int) cookie, 925 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 926 927 if (cookie != drv->remain_on_chan_cookie) 928 return; /* not for us */ 929 930 if (cancel_event) 931 drv->pending_remain_on_chan = 0; 932 933 os_memset(&data, 0, sizeof(data)); 934 data.remain_on_channel.freq = freq; 935 data.remain_on_channel.duration = duration; 936 wpa_supplicant_event(drv->ctx, cancel_event ? 937 EVENT_CANCEL_REMAIN_ON_CHANNEL : 938 EVENT_REMAIN_ON_CHANNEL, &data); 939 } 940 941 942 static void mlme_event_ft_event(struct wpa_driver_nl80211_data *drv, 943 struct nlattr *tb[]) 944 { 945 union wpa_event_data data; 946 947 os_memset(&data, 0, sizeof(data)); 948 949 if (tb[NL80211_ATTR_IE]) { 950 data.ft_ies.ies = nla_data(tb[NL80211_ATTR_IE]); 951 data.ft_ies.ies_len = nla_len(tb[NL80211_ATTR_IE]); 952 } 953 954 if (tb[NL80211_ATTR_IE_RIC]) { 955 data.ft_ies.ric_ies = nla_data(tb[NL80211_ATTR_IE_RIC]); 956 data.ft_ies.ric_ies_len = nla_len(tb[NL80211_ATTR_IE_RIC]); 957 } 958 959 if (tb[NL80211_ATTR_MAC]) 960 os_memcpy(data.ft_ies.target_ap, 961 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 962 963 wpa_printf(MSG_DEBUG, "nl80211: FT event target_ap " MACSTR, 964 MAC2STR(data.ft_ies.target_ap)); 965 966 wpa_supplicant_event(drv->ctx, EVENT_FT_RESPONSE, &data); 967 } 968 969 970 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 971 struct nlattr *tb[]) 972 { 973 union wpa_event_data event; 974 struct nlattr *nl; 975 int rem; 976 struct scan_info *info; 977 #define MAX_REPORT_FREQS 50 978 int freqs[MAX_REPORT_FREQS]; 979 int num_freqs = 0; 980 981 if (drv->scan_for_auth) { 982 drv->scan_for_auth = 0; 983 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing " 984 "cfg80211 BSS entry"); 985 wpa_driver_nl80211_authenticate_retry(drv); 986 return; 987 } 988 989 os_memset(&event, 0, sizeof(event)); 990 info = &event.scan_info; 991 info->aborted = aborted; 992 993 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 994 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 995 struct wpa_driver_scan_ssid *s = 996 &info->ssids[info->num_ssids]; 997 s->ssid = nla_data(nl); 998 s->ssid_len = nla_len(nl); 999 wpa_printf(MSG_DEBUG, "nl80211: Scan probed for SSID '%s'", 1000 wpa_ssid_txt(s->ssid, s->ssid_len)); 1001 info->num_ssids++; 1002 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 1003 break; 1004 } 1005 } 1006 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 1007 char msg[200], *pos, *end; 1008 int res; 1009 1010 pos = msg; 1011 end = pos + sizeof(msg); 1012 *pos = '\0'; 1013 1014 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 1015 { 1016 freqs[num_freqs] = nla_get_u32(nl); 1017 res = os_snprintf(pos, end - pos, " %d", 1018 freqs[num_freqs]); 1019 if (!os_snprintf_error(end - pos, res)) 1020 pos += res; 1021 num_freqs++; 1022 if (num_freqs == MAX_REPORT_FREQS - 1) 1023 break; 1024 } 1025 info->freqs = freqs; 1026 info->num_freqs = num_freqs; 1027 wpa_printf(MSG_DEBUG, "nl80211: Scan included frequencies:%s", 1028 msg); 1029 } 1030 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 1031 } 1032 1033 1034 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 1035 struct nlattr *tb[]) 1036 { 1037 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 1038 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 1039 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 1040 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 1041 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 1042 }; 1043 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 1044 enum nl80211_cqm_rssi_threshold_event event; 1045 union wpa_event_data ed; 1046 struct wpa_signal_info sig; 1047 int res; 1048 1049 if (tb[NL80211_ATTR_CQM] == NULL || 1050 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 1051 cqm_policy)) { 1052 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 1053 return; 1054 } 1055 1056 os_memset(&ed, 0, sizeof(ed)); 1057 1058 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 1059 if (!tb[NL80211_ATTR_MAC]) 1060 return; 1061 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 1062 ETH_ALEN); 1063 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 1064 return; 1065 } 1066 1067 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 1068 return; 1069 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 1070 1071 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 1072 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1073 "event: RSSI high"); 1074 ed.signal_change.above_threshold = 1; 1075 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 1076 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1077 "event: RSSI low"); 1078 ed.signal_change.above_threshold = 0; 1079 } else 1080 return; 1081 1082 res = nl80211_get_link_signal(drv, &sig); 1083 if (res == 0) { 1084 ed.signal_change.current_signal = sig.current_signal; 1085 ed.signal_change.current_txrate = sig.current_txrate; 1086 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 1087 sig.current_signal, sig.current_txrate); 1088 } 1089 1090 res = nl80211_get_link_noise(drv, &sig); 1091 if (res == 0) { 1092 ed.signal_change.current_noise = sig.current_noise; 1093 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 1094 sig.current_noise); 1095 } 1096 1097 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 1098 } 1099 1100 1101 static void nl80211_new_peer_candidate(struct wpa_driver_nl80211_data *drv, 1102 struct nlattr **tb) 1103 { 1104 const u8 *addr; 1105 union wpa_event_data data; 1106 1107 if (drv->nlmode != NL80211_IFTYPE_MESH_POINT || 1108 !tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_IE]) 1109 return; 1110 1111 addr = nla_data(tb[NL80211_ATTR_MAC]); 1112 wpa_printf(MSG_DEBUG, "nl80211: New peer candidate" MACSTR, 1113 MAC2STR(addr)); 1114 1115 os_memset(&data, 0, sizeof(data)); 1116 data.mesh_peer.peer = addr; 1117 data.mesh_peer.ies = nla_data(tb[NL80211_ATTR_IE]); 1118 data.mesh_peer.ie_len = nla_len(tb[NL80211_ATTR_IE]); 1119 wpa_supplicant_event(drv->ctx, EVENT_NEW_PEER_CANDIDATE, &data); 1120 } 1121 1122 1123 static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 1124 struct i802_bss *bss, 1125 struct nlattr **tb) 1126 { 1127 u8 *addr; 1128 union wpa_event_data data; 1129 1130 if (tb[NL80211_ATTR_MAC] == NULL) 1131 return; 1132 addr = nla_data(tb[NL80211_ATTR_MAC]); 1133 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 1134 1135 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 1136 u8 *ies = NULL; 1137 size_t ies_len = 0; 1138 if (tb[NL80211_ATTR_IE]) { 1139 ies = nla_data(tb[NL80211_ATTR_IE]); 1140 ies_len = nla_len(tb[NL80211_ATTR_IE]); 1141 } 1142 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 1143 drv_event_assoc(bss->ctx, addr, ies, ies_len, 0); 1144 return; 1145 } 1146 1147 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1148 return; 1149 1150 os_memset(&data, 0, sizeof(data)); 1151 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 1152 wpa_supplicant_event(bss->ctx, EVENT_IBSS_RSN_START, &data); 1153 } 1154 1155 1156 static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 1157 struct nlattr **tb) 1158 { 1159 u8 *addr; 1160 union wpa_event_data data; 1161 1162 if (tb[NL80211_ATTR_MAC] == NULL) 1163 return; 1164 addr = nla_data(tb[NL80211_ATTR_MAC]); 1165 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 1166 MAC2STR(addr)); 1167 1168 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 1169 drv_event_disassoc(drv->ctx, addr); 1170 return; 1171 } 1172 1173 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1174 return; 1175 1176 os_memset(&data, 0, sizeof(data)); 1177 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 1178 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 1179 } 1180 1181 1182 static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv, 1183 struct nlattr **tb) 1184 { 1185 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA]; 1186 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = { 1187 [NL80211_REKEY_DATA_KEK] = { 1188 .minlen = NL80211_KEK_LEN, 1189 .maxlen = NL80211_KEK_LEN, 1190 }, 1191 [NL80211_REKEY_DATA_KCK] = { 1192 .minlen = NL80211_KCK_LEN, 1193 .maxlen = NL80211_KCK_LEN, 1194 }, 1195 [NL80211_REKEY_DATA_REPLAY_CTR] = { 1196 .minlen = NL80211_REPLAY_CTR_LEN, 1197 .maxlen = NL80211_REPLAY_CTR_LEN, 1198 }, 1199 }; 1200 union wpa_event_data data; 1201 1202 if (!tb[NL80211_ATTR_MAC] || 1203 !tb[NL80211_ATTR_REKEY_DATA] || 1204 nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA, 1205 tb[NL80211_ATTR_REKEY_DATA], rekey_policy) || 1206 !rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]) 1207 return; 1208 1209 os_memset(&data, 0, sizeof(data)); 1210 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]); 1211 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR, 1212 MAC2STR(data.driver_gtk_rekey.bssid)); 1213 data.driver_gtk_rekey.replay_ctr = 1214 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]); 1215 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter", 1216 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN); 1217 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data); 1218 } 1219 1220 1221 static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv, 1222 struct nlattr **tb) 1223 { 1224 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE]; 1225 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = { 1226 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 }, 1227 [NL80211_PMKSA_CANDIDATE_BSSID] = { 1228 .minlen = ETH_ALEN, 1229 .maxlen = ETH_ALEN, 1230 }, 1231 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG }, 1232 }; 1233 union wpa_event_data data; 1234 1235 wpa_printf(MSG_DEBUG, "nl80211: PMKSA candidate event"); 1236 1237 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE] || 1238 nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE, 1239 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy) || 1240 !cand[NL80211_PMKSA_CANDIDATE_INDEX] || 1241 !cand[NL80211_PMKSA_CANDIDATE_BSSID]) 1242 return; 1243 1244 os_memset(&data, 0, sizeof(data)); 1245 os_memcpy(data.pmkid_candidate.bssid, 1246 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN); 1247 data.pmkid_candidate.index = 1248 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]); 1249 data.pmkid_candidate.preauth = 1250 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL; 1251 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 1252 } 1253 1254 1255 static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv, 1256 struct nlattr **tb) 1257 { 1258 union wpa_event_data data; 1259 1260 wpa_printf(MSG_DEBUG, "nl80211: Probe client event"); 1261 1262 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK]) 1263 return; 1264 1265 os_memset(&data, 0, sizeof(data)); 1266 os_memcpy(data.client_poll.addr, 1267 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1268 1269 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data); 1270 } 1271 1272 1273 static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv, 1274 struct nlattr **tb) 1275 { 1276 union wpa_event_data data; 1277 1278 wpa_printf(MSG_DEBUG, "nl80211: TDLS operation event"); 1279 1280 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_TDLS_OPERATION]) 1281 return; 1282 1283 os_memset(&data, 0, sizeof(data)); 1284 os_memcpy(data.tdls.peer, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1285 switch (nla_get_u8(tb[NL80211_ATTR_TDLS_OPERATION])) { 1286 case NL80211_TDLS_SETUP: 1287 wpa_printf(MSG_DEBUG, "nl80211: TDLS setup request for peer " 1288 MACSTR, MAC2STR(data.tdls.peer)); 1289 data.tdls.oper = TDLS_REQUEST_SETUP; 1290 break; 1291 case NL80211_TDLS_TEARDOWN: 1292 wpa_printf(MSG_DEBUG, "nl80211: TDLS teardown request for peer " 1293 MACSTR, MAC2STR(data.tdls.peer)); 1294 data.tdls.oper = TDLS_REQUEST_TEARDOWN; 1295 break; 1296 case NL80211_TDLS_DISCOVERY_REQ: 1297 wpa_printf(MSG_DEBUG, 1298 "nl80211: TDLS discovery request for peer " MACSTR, 1299 MAC2STR(data.tdls.peer)); 1300 data.tdls.oper = TDLS_REQUEST_DISCOVER; 1301 break; 1302 default: 1303 wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione " 1304 "event"); 1305 return; 1306 } 1307 if (tb[NL80211_ATTR_REASON_CODE]) { 1308 data.tdls.reason_code = 1309 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 1310 } 1311 1312 wpa_supplicant_event(drv->ctx, EVENT_TDLS, &data); 1313 } 1314 1315 1316 static void nl80211_stop_ap(struct wpa_driver_nl80211_data *drv, 1317 struct nlattr **tb) 1318 { 1319 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_UNAVAILABLE, NULL); 1320 } 1321 1322 1323 static void nl80211_connect_failed_event(struct wpa_driver_nl80211_data *drv, 1324 struct nlattr **tb) 1325 { 1326 union wpa_event_data data; 1327 u32 reason; 1328 1329 wpa_printf(MSG_DEBUG, "nl80211: Connect failed event"); 1330 1331 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_CONN_FAILED_REASON]) 1332 return; 1333 1334 os_memset(&data, 0, sizeof(data)); 1335 os_memcpy(data.connect_failed_reason.addr, 1336 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1337 1338 reason = nla_get_u32(tb[NL80211_ATTR_CONN_FAILED_REASON]); 1339 switch (reason) { 1340 case NL80211_CONN_FAIL_MAX_CLIENTS: 1341 wpa_printf(MSG_DEBUG, "nl80211: Max client reached"); 1342 data.connect_failed_reason.code = MAX_CLIENT_REACHED; 1343 break; 1344 case NL80211_CONN_FAIL_BLOCKED_CLIENT: 1345 wpa_printf(MSG_DEBUG, "nl80211: Blocked client " MACSTR 1346 " tried to connect", 1347 MAC2STR(data.connect_failed_reason.addr)); 1348 data.connect_failed_reason.code = BLOCKED_CLIENT; 1349 break; 1350 default: 1351 wpa_printf(MSG_DEBUG, "nl8021l: Unknown connect failed reason " 1352 "%u", reason); 1353 return; 1354 } 1355 1356 wpa_supplicant_event(drv->ctx, EVENT_CONNECT_FAILED_REASON, &data); 1357 } 1358 1359 1360 static void nl80211_radar_event(struct wpa_driver_nl80211_data *drv, 1361 struct nlattr **tb) 1362 { 1363 union wpa_event_data data; 1364 enum nl80211_radar_event event_type; 1365 1366 if (!tb[NL80211_ATTR_WIPHY_FREQ] || !tb[NL80211_ATTR_RADAR_EVENT]) 1367 return; 1368 1369 os_memset(&data, 0, sizeof(data)); 1370 data.dfs_event.freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 1371 event_type = nla_get_u32(tb[NL80211_ATTR_RADAR_EVENT]); 1372 1373 /* Check HT params */ 1374 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 1375 data.dfs_event.ht_enabled = 1; 1376 data.dfs_event.chan_offset = 0; 1377 1378 switch (nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])) { 1379 case NL80211_CHAN_NO_HT: 1380 data.dfs_event.ht_enabled = 0; 1381 break; 1382 case NL80211_CHAN_HT20: 1383 break; 1384 case NL80211_CHAN_HT40PLUS: 1385 data.dfs_event.chan_offset = 1; 1386 break; 1387 case NL80211_CHAN_HT40MINUS: 1388 data.dfs_event.chan_offset = -1; 1389 break; 1390 } 1391 } 1392 1393 /* Get VHT params */ 1394 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) 1395 data.dfs_event.chan_width = 1396 convert2width(nla_get_u32( 1397 tb[NL80211_ATTR_CHANNEL_WIDTH])); 1398 if (tb[NL80211_ATTR_CENTER_FREQ1]) 1399 data.dfs_event.cf1 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 1400 if (tb[NL80211_ATTR_CENTER_FREQ2]) 1401 data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 1402 1403 wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz, ht: %d, offset: %d, width: %d, cf1: %dMHz, cf2: %dMHz", 1404 data.dfs_event.freq, data.dfs_event.ht_enabled, 1405 data.dfs_event.chan_offset, data.dfs_event.chan_width, 1406 data.dfs_event.cf1, data.dfs_event.cf2); 1407 1408 switch (event_type) { 1409 case NL80211_RADAR_DETECTED: 1410 wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data); 1411 break; 1412 case NL80211_RADAR_CAC_FINISHED: 1413 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data); 1414 break; 1415 case NL80211_RADAR_CAC_ABORTED: 1416 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data); 1417 break; 1418 case NL80211_RADAR_NOP_FINISHED: 1419 wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data); 1420 break; 1421 default: 1422 wpa_printf(MSG_DEBUG, "nl80211: Unknown radar event %d " 1423 "received", event_type); 1424 break; 1425 } 1426 } 1427 1428 1429 static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb, 1430 int wds) 1431 { 1432 struct wpa_driver_nl80211_data *drv = bss->drv; 1433 union wpa_event_data event; 1434 1435 if (!tb[NL80211_ATTR_MAC]) 1436 return; 1437 1438 os_memset(&event, 0, sizeof(event)); 1439 event.rx_from_unknown.bssid = bss->addr; 1440 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]); 1441 event.rx_from_unknown.wds = wds; 1442 1443 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 1444 } 1445 1446 1447 static void qca_nl80211_avoid_freq(struct wpa_driver_nl80211_data *drv, 1448 const u8 *data, size_t len) 1449 { 1450 u32 i, count; 1451 union wpa_event_data event; 1452 struct wpa_freq_range *range = NULL; 1453 const struct qca_avoid_freq_list *freq_range; 1454 1455 freq_range = (const struct qca_avoid_freq_list *) data; 1456 if (len < sizeof(freq_range->count)) 1457 return; 1458 1459 count = freq_range->count; 1460 if (len < sizeof(freq_range->count) + 1461 count * sizeof(struct qca_avoid_freq_range)) { 1462 wpa_printf(MSG_DEBUG, "nl80211: Ignored too short avoid frequency list (len=%u)", 1463 (unsigned int) len); 1464 return; 1465 } 1466 1467 if (count > 0) { 1468 range = os_calloc(count, sizeof(struct wpa_freq_range)); 1469 if (range == NULL) 1470 return; 1471 } 1472 1473 os_memset(&event, 0, sizeof(event)); 1474 for (i = 0; i < count; i++) { 1475 unsigned int idx = event.freq_range.num; 1476 range[idx].min = freq_range->range[i].start_freq; 1477 range[idx].max = freq_range->range[i].end_freq; 1478 wpa_printf(MSG_DEBUG, "nl80211: Avoid frequency range: %u-%u", 1479 range[idx].min, range[idx].max); 1480 if (range[idx].min > range[idx].max) { 1481 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid frequency range"); 1482 continue; 1483 } 1484 event.freq_range.num++; 1485 } 1486 event.freq_range.range = range; 1487 1488 wpa_supplicant_event(drv->ctx, EVENT_AVOID_FREQUENCIES, &event); 1489 1490 os_free(range); 1491 } 1492 1493 1494 static enum hostapd_hw_mode get_qca_hw_mode(u8 hw_mode) 1495 { 1496 switch (hw_mode) { 1497 case QCA_ACS_MODE_IEEE80211B: 1498 return HOSTAPD_MODE_IEEE80211B; 1499 case QCA_ACS_MODE_IEEE80211G: 1500 return HOSTAPD_MODE_IEEE80211G; 1501 case QCA_ACS_MODE_IEEE80211A: 1502 return HOSTAPD_MODE_IEEE80211A; 1503 case QCA_ACS_MODE_IEEE80211AD: 1504 return HOSTAPD_MODE_IEEE80211AD; 1505 case QCA_ACS_MODE_IEEE80211ANY: 1506 return HOSTAPD_MODE_IEEE80211ANY; 1507 default: 1508 return NUM_HOSTAPD_MODES; 1509 } 1510 } 1511 1512 1513 static void qca_nl80211_acs_select_ch(struct wpa_driver_nl80211_data *drv, 1514 const u8 *data, size_t len) 1515 { 1516 struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_ACS_MAX + 1]; 1517 union wpa_event_data event; 1518 1519 wpa_printf(MSG_DEBUG, 1520 "nl80211: ACS channel selection vendor event received"); 1521 1522 if (nla_parse(tb, QCA_WLAN_VENDOR_ATTR_ACS_MAX, 1523 (struct nlattr *) data, len, NULL) || 1524 !tb[QCA_WLAN_VENDOR_ATTR_ACS_PRIMARY_CHANNEL] || 1525 !tb[QCA_WLAN_VENDOR_ATTR_ACS_SECONDARY_CHANNEL]) 1526 return; 1527 1528 os_memset(&event, 0, sizeof(event)); 1529 event.acs_selected_channels.pri_channel = 1530 nla_get_u8(tb[QCA_WLAN_VENDOR_ATTR_ACS_PRIMARY_CHANNEL]); 1531 event.acs_selected_channels.sec_channel = 1532 nla_get_u8(tb[QCA_WLAN_VENDOR_ATTR_ACS_SECONDARY_CHANNEL]); 1533 if (tb[QCA_WLAN_VENDOR_ATTR_ACS_VHT_SEG0_CENTER_CHANNEL]) 1534 event.acs_selected_channels.vht_seg0_center_ch = 1535 nla_get_u8(tb[QCA_WLAN_VENDOR_ATTR_ACS_VHT_SEG0_CENTER_CHANNEL]); 1536 if (tb[QCA_WLAN_VENDOR_ATTR_ACS_VHT_SEG0_CENTER_CHANNEL]) 1537 event.acs_selected_channels.vht_seg1_center_ch = 1538 nla_get_u8(tb[QCA_WLAN_VENDOR_ATTR_ACS_VHT_SEG1_CENTER_CHANNEL]); 1539 if (tb[QCA_WLAN_VENDOR_ATTR_ACS_CHWIDTH]) 1540 event.acs_selected_channels.ch_width = 1541 nla_get_u16(tb[QCA_WLAN_VENDOR_ATTR_ACS_CHWIDTH]); 1542 if (tb[QCA_WLAN_VENDOR_ATTR_ACS_HW_MODE]) { 1543 u8 hw_mode = nla_get_u8(tb[QCA_WLAN_VENDOR_ATTR_ACS_HW_MODE]); 1544 1545 event.acs_selected_channels.hw_mode = get_qca_hw_mode(hw_mode); 1546 if (event.acs_selected_channels.hw_mode == NUM_HOSTAPD_MODES || 1547 event.acs_selected_channels.hw_mode == 1548 HOSTAPD_MODE_IEEE80211ANY) { 1549 wpa_printf(MSG_DEBUG, 1550 "nl80211: Invalid hw_mode %d in ACS selection event", 1551 hw_mode); 1552 return; 1553 } 1554 } 1555 1556 wpa_printf(MSG_INFO, 1557 "nl80211: ACS Results: PCH: %d SCH: %d BW: %d VHT0: %d VHT1: %d HW_MODE: %d", 1558 event.acs_selected_channels.pri_channel, 1559 event.acs_selected_channels.sec_channel, 1560 event.acs_selected_channels.ch_width, 1561 event.acs_selected_channels.vht_seg0_center_ch, 1562 event.acs_selected_channels.vht_seg1_center_ch, 1563 event.acs_selected_channels.hw_mode); 1564 1565 /* Ignore ACS channel list check for backwards compatibility */ 1566 1567 wpa_supplicant_event(drv->ctx, EVENT_ACS_CHANNEL_SELECTED, &event); 1568 } 1569 1570 1571 static void qca_nl80211_key_mgmt_auth(struct wpa_driver_nl80211_data *drv, 1572 const u8 *data, size_t len) 1573 { 1574 struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_MAX + 1]; 1575 u8 *bssid; 1576 1577 wpa_printf(MSG_DEBUG, 1578 "nl80211: Key management roam+auth vendor event received"); 1579 1580 if (nla_parse(tb, QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_MAX, 1581 (struct nlattr *) data, len, NULL) || 1582 !tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_BSSID] || 1583 nla_len(tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_BSSID]) != ETH_ALEN || 1584 !tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_REQ_IE] || 1585 !tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_RESP_IE] || 1586 !tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_AUTHORIZED]) 1587 return; 1588 1589 bssid = nla_data(tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_BSSID]); 1590 wpa_printf(MSG_DEBUG, " * roam BSSID " MACSTR, MAC2STR(bssid)); 1591 1592 mlme_event_connect(drv, NL80211_CMD_ROAM, NULL, 1593 tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_BSSID], 1594 tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_REQ_IE], 1595 tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_RESP_IE], 1596 tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_AUTHORIZED], 1597 tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_KEY_REPLAY_CTR], 1598 tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_PTK_KCK], 1599 tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_PTK_KEK]); 1600 } 1601 1602 1603 static void qca_nl80211_dfs_offload_radar_event( 1604 struct wpa_driver_nl80211_data *drv, u32 subcmd, u8 *msg, int length) 1605 { 1606 union wpa_event_data data; 1607 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1608 1609 wpa_printf(MSG_DEBUG, 1610 "nl80211: DFS offload radar vendor event received"); 1611 1612 if (nla_parse(tb, NL80211_ATTR_MAX, 1613 (struct nlattr *) msg, length, NULL)) 1614 return; 1615 1616 if (!tb[NL80211_ATTR_WIPHY_FREQ]) { 1617 wpa_printf(MSG_INFO, 1618 "nl80211: Error parsing WIPHY_FREQ in FS offload radar vendor event"); 1619 return; 1620 } 1621 1622 os_memset(&data, 0, sizeof(data)); 1623 data.dfs_event.freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 1624 1625 wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz", 1626 data.dfs_event.freq); 1627 1628 /* Check HT params */ 1629 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 1630 data.dfs_event.ht_enabled = 1; 1631 data.dfs_event.chan_offset = 0; 1632 1633 switch (nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])) { 1634 case NL80211_CHAN_NO_HT: 1635 data.dfs_event.ht_enabled = 0; 1636 break; 1637 case NL80211_CHAN_HT20: 1638 break; 1639 case NL80211_CHAN_HT40PLUS: 1640 data.dfs_event.chan_offset = 1; 1641 break; 1642 case NL80211_CHAN_HT40MINUS: 1643 data.dfs_event.chan_offset = -1; 1644 break; 1645 } 1646 } 1647 1648 /* Get VHT params */ 1649 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) 1650 data.dfs_event.chan_width = 1651 convert2width(nla_get_u32( 1652 tb[NL80211_ATTR_CHANNEL_WIDTH])); 1653 if (tb[NL80211_ATTR_CENTER_FREQ1]) 1654 data.dfs_event.cf1 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 1655 if (tb[NL80211_ATTR_CENTER_FREQ2]) 1656 data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 1657 1658 wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz, ht: %d, " 1659 "offset: %d, width: %d, cf1: %dMHz, cf2: %dMHz", 1660 data.dfs_event.freq, data.dfs_event.ht_enabled, 1661 data.dfs_event.chan_offset, data.dfs_event.chan_width, 1662 data.dfs_event.cf1, data.dfs_event.cf2); 1663 1664 switch (subcmd) { 1665 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_RADAR_DETECTED: 1666 wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data); 1667 break; 1668 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_STARTED: 1669 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_STARTED, &data); 1670 break; 1671 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_FINISHED: 1672 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data); 1673 break; 1674 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_ABORTED: 1675 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data); 1676 break; 1677 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_NOP_FINISHED: 1678 wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data); 1679 break; 1680 default: 1681 wpa_printf(MSG_DEBUG, 1682 "nl80211: Unknown DFS offload radar event %d received", 1683 subcmd); 1684 break; 1685 } 1686 } 1687 1688 1689 static void nl80211_vendor_event_qca(struct wpa_driver_nl80211_data *drv, 1690 u32 subcmd, u8 *data, size_t len) 1691 { 1692 switch (subcmd) { 1693 case QCA_NL80211_VENDOR_SUBCMD_TEST: 1694 wpa_hexdump(MSG_DEBUG, "nl80211: QCA test event", data, len); 1695 break; 1696 case QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY: 1697 qca_nl80211_avoid_freq(drv, data, len); 1698 break; 1699 case QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH: 1700 qca_nl80211_key_mgmt_auth(drv, data, len); 1701 break; 1702 case QCA_NL80211_VENDOR_SUBCMD_DO_ACS: 1703 qca_nl80211_acs_select_ch(drv, data, len); 1704 break; 1705 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_STARTED: 1706 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_FINISHED: 1707 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_ABORTED: 1708 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_NOP_FINISHED: 1709 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_RADAR_DETECTED: 1710 qca_nl80211_dfs_offload_radar_event(drv, subcmd, data, len); 1711 break; 1712 default: 1713 wpa_printf(MSG_DEBUG, 1714 "nl80211: Ignore unsupported QCA vendor event %u", 1715 subcmd); 1716 break; 1717 } 1718 } 1719 1720 1721 static void nl80211_vendor_event(struct wpa_driver_nl80211_data *drv, 1722 struct nlattr **tb) 1723 { 1724 u32 vendor_id, subcmd, wiphy = 0; 1725 int wiphy_idx; 1726 u8 *data = NULL; 1727 size_t len = 0; 1728 1729 if (!tb[NL80211_ATTR_VENDOR_ID] || 1730 !tb[NL80211_ATTR_VENDOR_SUBCMD]) 1731 return; 1732 1733 vendor_id = nla_get_u32(tb[NL80211_ATTR_VENDOR_ID]); 1734 subcmd = nla_get_u32(tb[NL80211_ATTR_VENDOR_SUBCMD]); 1735 1736 if (tb[NL80211_ATTR_WIPHY]) 1737 wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 1738 1739 wpa_printf(MSG_DEBUG, "nl80211: Vendor event: wiphy=%u vendor_id=0x%x subcmd=%u", 1740 wiphy, vendor_id, subcmd); 1741 1742 if (tb[NL80211_ATTR_VENDOR_DATA]) { 1743 data = nla_data(tb[NL80211_ATTR_VENDOR_DATA]); 1744 len = nla_len(tb[NL80211_ATTR_VENDOR_DATA]); 1745 wpa_hexdump(MSG_MSGDUMP, "nl80211: Vendor data", data, len); 1746 } 1747 1748 wiphy_idx = nl80211_get_wiphy_index(drv->first_bss); 1749 if (wiphy_idx >= 0 && wiphy_idx != (int) wiphy) { 1750 wpa_printf(MSG_DEBUG, "nl80211: Ignore vendor event for foreign wiphy %u (own: %d)", 1751 wiphy, wiphy_idx); 1752 return; 1753 } 1754 1755 switch (vendor_id) { 1756 case OUI_QCA: 1757 nl80211_vendor_event_qca(drv, subcmd, data, len); 1758 break; 1759 default: 1760 wpa_printf(MSG_DEBUG, "nl80211: Ignore unsupported vendor event"); 1761 break; 1762 } 1763 } 1764 1765 1766 static void nl80211_reg_change_event(struct wpa_driver_nl80211_data *drv, 1767 struct nlattr *tb[]) 1768 { 1769 union wpa_event_data data; 1770 enum nl80211_reg_initiator init; 1771 1772 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 1773 1774 if (tb[NL80211_ATTR_REG_INITIATOR] == NULL) 1775 return; 1776 1777 os_memset(&data, 0, sizeof(data)); 1778 init = nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR]); 1779 wpa_printf(MSG_DEBUG, " * initiator=%d", init); 1780 switch (init) { 1781 case NL80211_REGDOM_SET_BY_CORE: 1782 data.channel_list_changed.initiator = REGDOM_SET_BY_CORE; 1783 break; 1784 case NL80211_REGDOM_SET_BY_USER: 1785 data.channel_list_changed.initiator = REGDOM_SET_BY_USER; 1786 break; 1787 case NL80211_REGDOM_SET_BY_DRIVER: 1788 data.channel_list_changed.initiator = REGDOM_SET_BY_DRIVER; 1789 break; 1790 case NL80211_REGDOM_SET_BY_COUNTRY_IE: 1791 data.channel_list_changed.initiator = REGDOM_SET_BY_COUNTRY_IE; 1792 break; 1793 } 1794 1795 if (tb[NL80211_ATTR_REG_TYPE]) { 1796 enum nl80211_reg_type type; 1797 type = nla_get_u8(tb[NL80211_ATTR_REG_TYPE]); 1798 wpa_printf(MSG_DEBUG, " * type=%d", type); 1799 switch (type) { 1800 case NL80211_REGDOM_TYPE_COUNTRY: 1801 data.channel_list_changed.type = REGDOM_TYPE_COUNTRY; 1802 break; 1803 case NL80211_REGDOM_TYPE_WORLD: 1804 data.channel_list_changed.type = REGDOM_TYPE_WORLD; 1805 break; 1806 case NL80211_REGDOM_TYPE_CUSTOM_WORLD: 1807 data.channel_list_changed.type = 1808 REGDOM_TYPE_CUSTOM_WORLD; 1809 break; 1810 case NL80211_REGDOM_TYPE_INTERSECTION: 1811 data.channel_list_changed.type = 1812 REGDOM_TYPE_INTERSECTION; 1813 break; 1814 } 1815 } 1816 1817 if (tb[NL80211_ATTR_REG_ALPHA2]) { 1818 os_strlcpy(data.channel_list_changed.alpha2, 1819 nla_get_string(tb[NL80211_ATTR_REG_ALPHA2]), 1820 sizeof(data.channel_list_changed.alpha2)); 1821 wpa_printf(MSG_DEBUG, " * alpha2=%s", 1822 data.channel_list_changed.alpha2); 1823 } 1824 1825 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, &data); 1826 } 1827 1828 1829 static void do_process_drv_event(struct i802_bss *bss, int cmd, 1830 struct nlattr **tb) 1831 { 1832 struct wpa_driver_nl80211_data *drv = bss->drv; 1833 union wpa_event_data data; 1834 1835 wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s", 1836 cmd, nl80211_command_to_string(cmd), bss->ifname); 1837 1838 if (cmd == NL80211_CMD_ROAM && 1839 (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) { 1840 /* 1841 * Device will use roam+auth vendor event to indicate 1842 * roaming, so ignore the regular roam event. 1843 */ 1844 wpa_printf(MSG_DEBUG, 1845 "nl80211: Ignore roam event (cmd=%d), device will use vendor event roam+auth", 1846 cmd); 1847 return; 1848 } 1849 1850 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED && 1851 (cmd == NL80211_CMD_NEW_SCAN_RESULTS || 1852 cmd == NL80211_CMD_SCAN_ABORTED)) { 1853 wpa_driver_nl80211_set_mode(drv->first_bss, 1854 drv->ap_scan_as_station); 1855 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 1856 } 1857 1858 switch (cmd) { 1859 case NL80211_CMD_TRIGGER_SCAN: 1860 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan trigger"); 1861 drv->scan_state = SCAN_STARTED; 1862 if (drv->scan_for_auth) { 1863 /* 1864 * Cannot indicate EVENT_SCAN_STARTED here since we skip 1865 * EVENT_SCAN_RESULTS in scan_for_auth case and the 1866 * upper layer implementation could get confused about 1867 * scanning state. 1868 */ 1869 wpa_printf(MSG_DEBUG, "nl80211: Do not indicate scan-start event due to internal scan_for_auth"); 1870 break; 1871 } 1872 wpa_supplicant_event(drv->ctx, EVENT_SCAN_STARTED, NULL); 1873 break; 1874 case NL80211_CMD_START_SCHED_SCAN: 1875 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan started"); 1876 drv->scan_state = SCHED_SCAN_STARTED; 1877 break; 1878 case NL80211_CMD_SCHED_SCAN_STOPPED: 1879 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan stopped"); 1880 drv->scan_state = SCHED_SCAN_STOPPED; 1881 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL); 1882 break; 1883 case NL80211_CMD_NEW_SCAN_RESULTS: 1884 wpa_dbg(drv->ctx, MSG_DEBUG, 1885 "nl80211: New scan results available"); 1886 drv->scan_state = SCAN_COMPLETED; 1887 drv->scan_complete_events = 1; 1888 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1889 drv->ctx); 1890 send_scan_event(drv, 0, tb); 1891 break; 1892 case NL80211_CMD_SCHED_SCAN_RESULTS: 1893 wpa_dbg(drv->ctx, MSG_DEBUG, 1894 "nl80211: New sched scan results available"); 1895 drv->scan_state = SCHED_SCAN_RESULTS; 1896 send_scan_event(drv, 0, tb); 1897 break; 1898 case NL80211_CMD_SCAN_ABORTED: 1899 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan aborted"); 1900 drv->scan_state = SCAN_ABORTED; 1901 /* 1902 * Need to indicate that scan results are available in order 1903 * not to make wpa_supplicant stop its scanning. 1904 */ 1905 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1906 drv->ctx); 1907 send_scan_event(drv, 1, tb); 1908 break; 1909 case NL80211_CMD_AUTHENTICATE: 1910 case NL80211_CMD_ASSOCIATE: 1911 case NL80211_CMD_DEAUTHENTICATE: 1912 case NL80211_CMD_DISASSOCIATE: 1913 case NL80211_CMD_FRAME_TX_STATUS: 1914 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1915 case NL80211_CMD_UNPROT_DISASSOCIATE: 1916 mlme_event(bss, cmd, tb[NL80211_ATTR_FRAME], 1917 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 1918 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 1919 tb[NL80211_ATTR_COOKIE], 1920 tb[NL80211_ATTR_RX_SIGNAL_DBM], 1921 tb[NL80211_ATTR_STA_WME]); 1922 break; 1923 case NL80211_CMD_CONNECT: 1924 case NL80211_CMD_ROAM: 1925 mlme_event_connect(drv, cmd, 1926 tb[NL80211_ATTR_STATUS_CODE], 1927 tb[NL80211_ATTR_MAC], 1928 tb[NL80211_ATTR_REQ_IE], 1929 tb[NL80211_ATTR_RESP_IE], 1930 NULL, NULL, NULL, NULL); 1931 break; 1932 case NL80211_CMD_CH_SWITCH_NOTIFY: 1933 mlme_event_ch_switch(drv, 1934 tb[NL80211_ATTR_IFINDEX], 1935 tb[NL80211_ATTR_WIPHY_FREQ], 1936 tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE], 1937 tb[NL80211_ATTR_CHANNEL_WIDTH], 1938 tb[NL80211_ATTR_CENTER_FREQ1], 1939 tb[NL80211_ATTR_CENTER_FREQ2]); 1940 break; 1941 case NL80211_CMD_DISCONNECT: 1942 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE], 1943 tb[NL80211_ATTR_MAC], 1944 tb[NL80211_ATTR_DISCONNECTED_BY_AP]); 1945 break; 1946 case NL80211_CMD_MICHAEL_MIC_FAILURE: 1947 mlme_event_michael_mic_failure(bss, tb); 1948 break; 1949 case NL80211_CMD_JOIN_IBSS: 1950 mlme_event_join_ibss(drv, tb); 1951 break; 1952 case NL80211_CMD_REMAIN_ON_CHANNEL: 1953 mlme_event_remain_on_channel(drv, 0, tb); 1954 break; 1955 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 1956 mlme_event_remain_on_channel(drv, 1, tb); 1957 break; 1958 case NL80211_CMD_NOTIFY_CQM: 1959 nl80211_cqm_event(drv, tb); 1960 break; 1961 case NL80211_CMD_REG_CHANGE: 1962 nl80211_reg_change_event(drv, tb); 1963 break; 1964 case NL80211_CMD_REG_BEACON_HINT: 1965 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 1966 os_memset(&data, 0, sizeof(data)); 1967 data.channel_list_changed.initiator = REGDOM_BEACON_HINT; 1968 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 1969 &data); 1970 break; 1971 case NL80211_CMD_NEW_STATION: 1972 nl80211_new_station_event(drv, bss, tb); 1973 break; 1974 case NL80211_CMD_DEL_STATION: 1975 nl80211_del_station_event(drv, tb); 1976 break; 1977 case NL80211_CMD_SET_REKEY_OFFLOAD: 1978 nl80211_rekey_offload_event(drv, tb); 1979 break; 1980 case NL80211_CMD_PMKSA_CANDIDATE: 1981 nl80211_pmksa_candidate_event(drv, tb); 1982 break; 1983 case NL80211_CMD_PROBE_CLIENT: 1984 nl80211_client_probe_event(drv, tb); 1985 break; 1986 case NL80211_CMD_TDLS_OPER: 1987 nl80211_tdls_oper_event(drv, tb); 1988 break; 1989 case NL80211_CMD_CONN_FAILED: 1990 nl80211_connect_failed_event(drv, tb); 1991 break; 1992 case NL80211_CMD_FT_EVENT: 1993 mlme_event_ft_event(drv, tb); 1994 break; 1995 case NL80211_CMD_RADAR_DETECT: 1996 nl80211_radar_event(drv, tb); 1997 break; 1998 case NL80211_CMD_STOP_AP: 1999 nl80211_stop_ap(drv, tb); 2000 break; 2001 case NL80211_CMD_VENDOR: 2002 nl80211_vendor_event(drv, tb); 2003 break; 2004 case NL80211_CMD_NEW_PEER_CANDIDATE: 2005 nl80211_new_peer_candidate(drv, tb); 2006 break; 2007 default: 2008 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event " 2009 "(cmd=%d)", cmd); 2010 break; 2011 } 2012 } 2013 2014 2015 int process_global_event(struct nl_msg *msg, void *arg) 2016 { 2017 struct nl80211_global *global = arg; 2018 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2019 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2020 struct wpa_driver_nl80211_data *drv, *tmp; 2021 int ifidx = -1; 2022 struct i802_bss *bss; 2023 u64 wdev_id = 0; 2024 int wdev_id_set = 0; 2025 2026 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2027 genlmsg_attrlen(gnlh, 0), NULL); 2028 2029 if (tb[NL80211_ATTR_IFINDEX]) 2030 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 2031 else if (tb[NL80211_ATTR_WDEV]) { 2032 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 2033 wdev_id_set = 1; 2034 } 2035 2036 dl_list_for_each_safe(drv, tmp, &global->interfaces, 2037 struct wpa_driver_nl80211_data, list) { 2038 for (bss = drv->first_bss; bss; bss = bss->next) { 2039 if ((ifidx == -1 && !wdev_id_set) || 2040 ifidx == bss->ifindex || 2041 (wdev_id_set && bss->wdev_id_set && 2042 wdev_id == bss->wdev_id)) { 2043 do_process_drv_event(bss, gnlh->cmd, tb); 2044 return NL_SKIP; 2045 } 2046 } 2047 wpa_printf(MSG_DEBUG, 2048 "nl80211: Ignored event (cmd=%d) for foreign interface (ifindex %d wdev 0x%llx)", 2049 gnlh->cmd, ifidx, (long long unsigned int) wdev_id); 2050 } 2051 2052 return NL_SKIP; 2053 } 2054 2055 2056 int process_bss_event(struct nl_msg *msg, void *arg) 2057 { 2058 struct i802_bss *bss = arg; 2059 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 2060 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 2061 2062 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2063 genlmsg_attrlen(gnlh, 0), NULL); 2064 2065 wpa_printf(MSG_DEBUG, "nl80211: BSS Event %d (%s) received for %s", 2066 gnlh->cmd, nl80211_command_to_string(gnlh->cmd), 2067 bss->ifname); 2068 2069 switch (gnlh->cmd) { 2070 case NL80211_CMD_FRAME: 2071 case NL80211_CMD_FRAME_TX_STATUS: 2072 mlme_event(bss, gnlh->cmd, tb[NL80211_ATTR_FRAME], 2073 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 2074 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 2075 tb[NL80211_ATTR_COOKIE], 2076 tb[NL80211_ATTR_RX_SIGNAL_DBM], 2077 tb[NL80211_ATTR_STA_WME]); 2078 break; 2079 case NL80211_CMD_UNEXPECTED_FRAME: 2080 nl80211_spurious_frame(bss, tb, 0); 2081 break; 2082 case NL80211_CMD_UNEXPECTED_4ADDR_FRAME: 2083 nl80211_spurious_frame(bss, tb, 1); 2084 break; 2085 default: 2086 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 2087 "(cmd=%d)", gnlh->cmd); 2088 break; 2089 } 2090 2091 return NL_SKIP; 2092 } 2093