1 /* 2 * Driver interaction with Linux nl80211/cfg80211 - Event processing 3 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 5 * Copyright (c) 2009-2010, Atheros Communications 6 * 7 * This software may be distributed under the terms of the BSD license. 8 * See README for more details. 9 */ 10 11 #include "includes.h" 12 #include <netlink/genl/genl.h> 13 14 #include "utils/common.h" 15 #include "utils/eloop.h" 16 #include "common/qca-vendor.h" 17 #include "common/qca-vendor-attr.h" 18 #include "common/ieee802_11_defs.h" 19 #include "common/ieee802_11_common.h" 20 #include "driver_nl80211.h" 21 22 23 static const char * nl80211_command_to_string(enum nl80211_commands cmd) 24 { 25 #define C2S(x) case x: return #x; 26 switch (cmd) { 27 C2S(NL80211_CMD_UNSPEC) 28 C2S(NL80211_CMD_GET_WIPHY) 29 C2S(NL80211_CMD_SET_WIPHY) 30 C2S(NL80211_CMD_NEW_WIPHY) 31 C2S(NL80211_CMD_DEL_WIPHY) 32 C2S(NL80211_CMD_GET_INTERFACE) 33 C2S(NL80211_CMD_SET_INTERFACE) 34 C2S(NL80211_CMD_NEW_INTERFACE) 35 C2S(NL80211_CMD_DEL_INTERFACE) 36 C2S(NL80211_CMD_GET_KEY) 37 C2S(NL80211_CMD_SET_KEY) 38 C2S(NL80211_CMD_NEW_KEY) 39 C2S(NL80211_CMD_DEL_KEY) 40 C2S(NL80211_CMD_GET_BEACON) 41 C2S(NL80211_CMD_SET_BEACON) 42 C2S(NL80211_CMD_START_AP) 43 C2S(NL80211_CMD_STOP_AP) 44 C2S(NL80211_CMD_GET_STATION) 45 C2S(NL80211_CMD_SET_STATION) 46 C2S(NL80211_CMD_NEW_STATION) 47 C2S(NL80211_CMD_DEL_STATION) 48 C2S(NL80211_CMD_GET_MPATH) 49 C2S(NL80211_CMD_SET_MPATH) 50 C2S(NL80211_CMD_NEW_MPATH) 51 C2S(NL80211_CMD_DEL_MPATH) 52 C2S(NL80211_CMD_SET_BSS) 53 C2S(NL80211_CMD_SET_REG) 54 C2S(NL80211_CMD_REQ_SET_REG) 55 C2S(NL80211_CMD_GET_MESH_CONFIG) 56 C2S(NL80211_CMD_SET_MESH_CONFIG) 57 C2S(NL80211_CMD_SET_MGMT_EXTRA_IE) 58 C2S(NL80211_CMD_GET_REG) 59 C2S(NL80211_CMD_GET_SCAN) 60 C2S(NL80211_CMD_TRIGGER_SCAN) 61 C2S(NL80211_CMD_NEW_SCAN_RESULTS) 62 C2S(NL80211_CMD_SCAN_ABORTED) 63 C2S(NL80211_CMD_REG_CHANGE) 64 C2S(NL80211_CMD_AUTHENTICATE) 65 C2S(NL80211_CMD_ASSOCIATE) 66 C2S(NL80211_CMD_DEAUTHENTICATE) 67 C2S(NL80211_CMD_DISASSOCIATE) 68 C2S(NL80211_CMD_MICHAEL_MIC_FAILURE) 69 C2S(NL80211_CMD_REG_BEACON_HINT) 70 C2S(NL80211_CMD_JOIN_IBSS) 71 C2S(NL80211_CMD_LEAVE_IBSS) 72 C2S(NL80211_CMD_TESTMODE) 73 C2S(NL80211_CMD_CONNECT) 74 C2S(NL80211_CMD_ROAM) 75 C2S(NL80211_CMD_DISCONNECT) 76 C2S(NL80211_CMD_SET_WIPHY_NETNS) 77 C2S(NL80211_CMD_GET_SURVEY) 78 C2S(NL80211_CMD_NEW_SURVEY_RESULTS) 79 C2S(NL80211_CMD_SET_PMKSA) 80 C2S(NL80211_CMD_DEL_PMKSA) 81 C2S(NL80211_CMD_FLUSH_PMKSA) 82 C2S(NL80211_CMD_REMAIN_ON_CHANNEL) 83 C2S(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL) 84 C2S(NL80211_CMD_SET_TX_BITRATE_MASK) 85 C2S(NL80211_CMD_REGISTER_FRAME) 86 C2S(NL80211_CMD_FRAME) 87 C2S(NL80211_CMD_FRAME_TX_STATUS) 88 C2S(NL80211_CMD_SET_POWER_SAVE) 89 C2S(NL80211_CMD_GET_POWER_SAVE) 90 C2S(NL80211_CMD_SET_CQM) 91 C2S(NL80211_CMD_NOTIFY_CQM) 92 C2S(NL80211_CMD_SET_CHANNEL) 93 C2S(NL80211_CMD_SET_WDS_PEER) 94 C2S(NL80211_CMD_FRAME_WAIT_CANCEL) 95 C2S(NL80211_CMD_JOIN_MESH) 96 C2S(NL80211_CMD_LEAVE_MESH) 97 C2S(NL80211_CMD_UNPROT_DEAUTHENTICATE) 98 C2S(NL80211_CMD_UNPROT_DISASSOCIATE) 99 C2S(NL80211_CMD_NEW_PEER_CANDIDATE) 100 C2S(NL80211_CMD_GET_WOWLAN) 101 C2S(NL80211_CMD_SET_WOWLAN) 102 C2S(NL80211_CMD_START_SCHED_SCAN) 103 C2S(NL80211_CMD_STOP_SCHED_SCAN) 104 C2S(NL80211_CMD_SCHED_SCAN_RESULTS) 105 C2S(NL80211_CMD_SCHED_SCAN_STOPPED) 106 C2S(NL80211_CMD_SET_REKEY_OFFLOAD) 107 C2S(NL80211_CMD_PMKSA_CANDIDATE) 108 C2S(NL80211_CMD_TDLS_OPER) 109 C2S(NL80211_CMD_TDLS_MGMT) 110 C2S(NL80211_CMD_UNEXPECTED_FRAME) 111 C2S(NL80211_CMD_PROBE_CLIENT) 112 C2S(NL80211_CMD_REGISTER_BEACONS) 113 C2S(NL80211_CMD_UNEXPECTED_4ADDR_FRAME) 114 C2S(NL80211_CMD_SET_NOACK_MAP) 115 C2S(NL80211_CMD_CH_SWITCH_NOTIFY) 116 C2S(NL80211_CMD_START_P2P_DEVICE) 117 C2S(NL80211_CMD_STOP_P2P_DEVICE) 118 C2S(NL80211_CMD_CONN_FAILED) 119 C2S(NL80211_CMD_SET_MCAST_RATE) 120 C2S(NL80211_CMD_SET_MAC_ACL) 121 C2S(NL80211_CMD_RADAR_DETECT) 122 C2S(NL80211_CMD_GET_PROTOCOL_FEATURES) 123 C2S(NL80211_CMD_UPDATE_FT_IES) 124 C2S(NL80211_CMD_FT_EVENT) 125 C2S(NL80211_CMD_CRIT_PROTOCOL_START) 126 C2S(NL80211_CMD_CRIT_PROTOCOL_STOP) 127 C2S(NL80211_CMD_GET_COALESCE) 128 C2S(NL80211_CMD_SET_COALESCE) 129 C2S(NL80211_CMD_CHANNEL_SWITCH) 130 C2S(NL80211_CMD_VENDOR) 131 C2S(NL80211_CMD_SET_QOS_MAP) 132 C2S(NL80211_CMD_ADD_TX_TS) 133 C2S(NL80211_CMD_DEL_TX_TS) 134 default: 135 return "NL80211_CMD_UNKNOWN"; 136 } 137 #undef C2S 138 } 139 140 141 static void mlme_event_auth(struct wpa_driver_nl80211_data *drv, 142 const u8 *frame, size_t len) 143 { 144 const struct ieee80211_mgmt *mgmt; 145 union wpa_event_data event; 146 147 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME) && 148 drv->force_connect_cmd) { 149 /* 150 * Avoid reporting two association events that would confuse 151 * the core code. 152 */ 153 wpa_printf(MSG_DEBUG, 154 "nl80211: Ignore auth event when using driver SME"); 155 return; 156 } 157 158 wpa_printf(MSG_DEBUG, "nl80211: Authenticate event"); 159 mgmt = (const struct ieee80211_mgmt *) frame; 160 if (len < 24 + sizeof(mgmt->u.auth)) { 161 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 162 "frame"); 163 return; 164 } 165 166 os_memcpy(drv->auth_bssid, mgmt->sa, ETH_ALEN); 167 os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN); 168 os_memset(&event, 0, sizeof(event)); 169 os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN); 170 event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg); 171 event.auth.auth_transaction = 172 le_to_host16(mgmt->u.auth.auth_transaction); 173 event.auth.status_code = le_to_host16(mgmt->u.auth.status_code); 174 if (len > 24 + sizeof(mgmt->u.auth)) { 175 event.auth.ies = mgmt->u.auth.variable; 176 event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth); 177 } 178 179 wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event); 180 } 181 182 183 static void nl80211_parse_wmm_params(struct nlattr *wmm_attr, 184 struct wmm_params *wmm_params) 185 { 186 struct nlattr *wmm_info[NL80211_STA_WME_MAX + 1]; 187 static struct nla_policy wme_policy[NL80211_STA_WME_MAX + 1] = { 188 [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 }, 189 }; 190 191 if (!wmm_attr || 192 nla_parse_nested(wmm_info, NL80211_STA_WME_MAX, wmm_attr, 193 wme_policy) || 194 !wmm_info[NL80211_STA_WME_UAPSD_QUEUES]) 195 return; 196 197 wmm_params->uapsd_queues = 198 nla_get_u8(wmm_info[NL80211_STA_WME_UAPSD_QUEUES]); 199 wmm_params->info_bitmap |= WMM_PARAMS_UAPSD_QUEUES_INFO; 200 } 201 202 203 static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv, 204 const u8 *frame, size_t len, struct nlattr *wmm) 205 { 206 const struct ieee80211_mgmt *mgmt; 207 union wpa_event_data event; 208 u16 status; 209 210 if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME) && 211 drv->force_connect_cmd) { 212 /* 213 * Avoid reporting two association events that would confuse 214 * the core code. 215 */ 216 wpa_printf(MSG_DEBUG, 217 "nl80211: Ignore assoc event when using driver SME"); 218 return; 219 } 220 221 wpa_printf(MSG_DEBUG, "nl80211: Associate event"); 222 mgmt = (const struct ieee80211_mgmt *) frame; 223 if (len < 24 + sizeof(mgmt->u.assoc_resp)) { 224 wpa_printf(MSG_DEBUG, "nl80211: Too short association event " 225 "frame"); 226 return; 227 } 228 229 status = le_to_host16(mgmt->u.assoc_resp.status_code); 230 if (status != WLAN_STATUS_SUCCESS) { 231 os_memset(&event, 0, sizeof(event)); 232 event.assoc_reject.bssid = mgmt->bssid; 233 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 234 event.assoc_reject.resp_ies = 235 (u8 *) mgmt->u.assoc_resp.variable; 236 event.assoc_reject.resp_ies_len = 237 len - 24 - sizeof(mgmt->u.assoc_resp); 238 } 239 event.assoc_reject.status_code = status; 240 241 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 242 return; 243 } 244 245 drv->associated = 1; 246 os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN); 247 os_memcpy(drv->prev_bssid, mgmt->sa, ETH_ALEN); 248 249 os_memset(&event, 0, sizeof(event)); 250 if (len > 24 + sizeof(mgmt->u.assoc_resp)) { 251 event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable; 252 event.assoc_info.resp_ies_len = 253 len - 24 - sizeof(mgmt->u.assoc_resp); 254 } 255 256 event.assoc_info.freq = drv->assoc_freq; 257 258 nl80211_parse_wmm_params(wmm, &event.assoc_info.wmm_params); 259 260 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 261 } 262 263 264 static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, 265 enum nl80211_commands cmd, struct nlattr *status, 266 struct nlattr *addr, struct nlattr *req_ie, 267 struct nlattr *resp_ie, 268 struct nlattr *authorized, 269 struct nlattr *key_replay_ctr, 270 struct nlattr *ptk_kck, 271 struct nlattr *ptk_kek) 272 { 273 union wpa_event_data event; 274 u16 status_code; 275 276 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 277 /* 278 * Avoid reporting two association events that would confuse 279 * the core code. 280 */ 281 wpa_printf(MSG_DEBUG, "nl80211: Ignore connect event (cmd=%d) " 282 "when using userspace SME", cmd); 283 return; 284 } 285 286 status_code = status ? nla_get_u16(status) : WLAN_STATUS_SUCCESS; 287 288 if (cmd == NL80211_CMD_CONNECT) { 289 wpa_printf(MSG_DEBUG, 290 "nl80211: Connect event (status=%u ignore_next_local_disconnect=%d)", 291 status_code, drv->ignore_next_local_disconnect); 292 } else if (cmd == NL80211_CMD_ROAM) { 293 wpa_printf(MSG_DEBUG, "nl80211: Roam event"); 294 } 295 296 os_memset(&event, 0, sizeof(event)); 297 if (cmd == NL80211_CMD_CONNECT && status_code != WLAN_STATUS_SUCCESS) { 298 if (addr) 299 event.assoc_reject.bssid = nla_data(addr); 300 if (drv->ignore_next_local_disconnect) { 301 drv->ignore_next_local_disconnect = 0; 302 if (!event.assoc_reject.bssid || 303 (os_memcmp(event.assoc_reject.bssid, 304 drv->auth_attempt_bssid, 305 ETH_ALEN) != 0)) { 306 /* 307 * Ignore the event that came without a BSSID or 308 * for the old connection since this is likely 309 * not relevant to the new Connect command. 310 */ 311 wpa_printf(MSG_DEBUG, 312 "nl80211: Ignore connection failure event triggered during reassociation"); 313 return; 314 } 315 } 316 if (resp_ie) { 317 event.assoc_reject.resp_ies = nla_data(resp_ie); 318 event.assoc_reject.resp_ies_len = nla_len(resp_ie); 319 } 320 event.assoc_reject.status_code = status_code; 321 wpa_supplicant_event(drv->ctx, EVENT_ASSOC_REJECT, &event); 322 return; 323 } 324 325 drv->associated = 1; 326 if (addr) { 327 os_memcpy(drv->bssid, nla_data(addr), ETH_ALEN); 328 os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN); 329 } 330 331 if (req_ie) { 332 event.assoc_info.req_ies = nla_data(req_ie); 333 event.assoc_info.req_ies_len = nla_len(req_ie); 334 } 335 if (resp_ie) { 336 event.assoc_info.resp_ies = nla_data(resp_ie); 337 event.assoc_info.resp_ies_len = nla_len(resp_ie); 338 } 339 340 event.assoc_info.freq = nl80211_get_assoc_freq(drv); 341 342 if (authorized && nla_get_u8(authorized)) { 343 event.assoc_info.authorized = 1; 344 wpa_printf(MSG_DEBUG, "nl80211: connection authorized"); 345 } 346 if (key_replay_ctr) { 347 event.assoc_info.key_replay_ctr = nla_data(key_replay_ctr); 348 event.assoc_info.key_replay_ctr_len = nla_len(key_replay_ctr); 349 } 350 if (ptk_kck) { 351 event.assoc_info.ptk_kck = nla_data(ptk_kck); 352 event.assoc_info.ptk_kck_len = nla_len(ptk_kck); 353 } 354 if (ptk_kek) { 355 event.assoc_info.ptk_kek = nla_data(ptk_kek); 356 event.assoc_info.ptk_kek_len = nla_len(ptk_kek); 357 } 358 359 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event); 360 } 361 362 363 static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv, 364 struct nlattr *reason, struct nlattr *addr, 365 struct nlattr *by_ap) 366 { 367 union wpa_event_data data; 368 unsigned int locally_generated = by_ap == NULL; 369 370 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 371 /* 372 * Avoid reporting two disassociation events that could 373 * confuse the core code. 374 */ 375 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 376 "event when using userspace SME"); 377 return; 378 } 379 380 if (drv->ignore_next_local_disconnect) { 381 drv->ignore_next_local_disconnect = 0; 382 if (locally_generated) { 383 wpa_printf(MSG_DEBUG, "nl80211: Ignore disconnect " 384 "event triggered during reassociation"); 385 return; 386 } 387 wpa_printf(MSG_WARNING, "nl80211: Was expecting local " 388 "disconnect but got another disconnect " 389 "event first"); 390 } 391 392 wpa_printf(MSG_DEBUG, "nl80211: Disconnect event"); 393 nl80211_mark_disconnected(drv); 394 os_memset(&data, 0, sizeof(data)); 395 if (reason) 396 data.deauth_info.reason_code = nla_get_u16(reason); 397 data.deauth_info.locally_generated = by_ap == NULL; 398 wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, &data); 399 } 400 401 402 static int calculate_chan_offset(int width, int freq, int cf1, int cf2) 403 { 404 int freq1 = 0; 405 406 switch (convert2width(width)) { 407 case CHAN_WIDTH_20_NOHT: 408 case CHAN_WIDTH_20: 409 return 0; 410 case CHAN_WIDTH_40: 411 freq1 = cf1 - 10; 412 break; 413 case CHAN_WIDTH_80: 414 freq1 = cf1 - 30; 415 break; 416 case CHAN_WIDTH_160: 417 freq1 = cf1 - 70; 418 break; 419 case CHAN_WIDTH_UNKNOWN: 420 case CHAN_WIDTH_80P80: 421 /* FIXME: implement this */ 422 return 0; 423 } 424 425 return (abs(freq - freq1) / 20) % 2 == 0 ? 1 : -1; 426 } 427 428 429 static void mlme_event_ch_switch(struct wpa_driver_nl80211_data *drv, 430 struct nlattr *ifindex, struct nlattr *freq, 431 struct nlattr *type, struct nlattr *bw, 432 struct nlattr *cf1, struct nlattr *cf2) 433 { 434 struct i802_bss *bss; 435 union wpa_event_data data; 436 int ht_enabled = 1; 437 int chan_offset = 0; 438 int ifidx; 439 440 wpa_printf(MSG_DEBUG, "nl80211: Channel switch event"); 441 442 if (!freq) 443 return; 444 445 ifidx = nla_get_u32(ifindex); 446 bss = get_bss_ifindex(drv, ifidx); 447 if (bss == NULL) { 448 wpa_printf(MSG_WARNING, "nl80211: Unknown ifindex (%d) for channel switch, ignoring", 449 ifidx); 450 return; 451 } 452 453 if (type) { 454 enum nl80211_channel_type ch_type = nla_get_u32(type); 455 456 wpa_printf(MSG_DEBUG, "nl80211: Channel type: %d", ch_type); 457 switch (ch_type) { 458 case NL80211_CHAN_NO_HT: 459 ht_enabled = 0; 460 break; 461 case NL80211_CHAN_HT20: 462 break; 463 case NL80211_CHAN_HT40PLUS: 464 chan_offset = 1; 465 break; 466 case NL80211_CHAN_HT40MINUS: 467 chan_offset = -1; 468 break; 469 } 470 } else if (bw && cf1) { 471 /* This can happen for example with VHT80 ch switch */ 472 chan_offset = calculate_chan_offset(nla_get_u32(bw), 473 nla_get_u32(freq), 474 nla_get_u32(cf1), 475 cf2 ? nla_get_u32(cf2) : 0); 476 } else { 477 wpa_printf(MSG_WARNING, "nl80211: Unknown secondary channel information - following channel definition calculations may fail"); 478 } 479 480 os_memset(&data, 0, sizeof(data)); 481 data.ch_switch.freq = nla_get_u32(freq); 482 data.ch_switch.ht_enabled = ht_enabled; 483 data.ch_switch.ch_offset = chan_offset; 484 if (bw) 485 data.ch_switch.ch_width = convert2width(nla_get_u32(bw)); 486 if (cf1) 487 data.ch_switch.cf1 = nla_get_u32(cf1); 488 if (cf2) 489 data.ch_switch.cf2 = nla_get_u32(cf2); 490 491 bss->freq = data.ch_switch.freq; 492 493 wpa_supplicant_event(bss->ctx, EVENT_CH_SWITCH, &data); 494 } 495 496 497 static void mlme_timeout_event(struct wpa_driver_nl80211_data *drv, 498 enum nl80211_commands cmd, struct nlattr *addr) 499 { 500 union wpa_event_data event; 501 enum wpa_event_type ev; 502 503 if (nla_len(addr) != ETH_ALEN) 504 return; 505 506 wpa_printf(MSG_DEBUG, "nl80211: MLME event %d; timeout with " MACSTR, 507 cmd, MAC2STR((u8 *) nla_data(addr))); 508 509 if (cmd == NL80211_CMD_AUTHENTICATE) 510 ev = EVENT_AUTH_TIMED_OUT; 511 else if (cmd == NL80211_CMD_ASSOCIATE) 512 ev = EVENT_ASSOC_TIMED_OUT; 513 else 514 return; 515 516 os_memset(&event, 0, sizeof(event)); 517 os_memcpy(event.timeout_event.addr, nla_data(addr), ETH_ALEN); 518 wpa_supplicant_event(drv->ctx, ev, &event); 519 } 520 521 522 static void mlme_event_mgmt(struct i802_bss *bss, 523 struct nlattr *freq, struct nlattr *sig, 524 const u8 *frame, size_t len) 525 { 526 struct wpa_driver_nl80211_data *drv = bss->drv; 527 const struct ieee80211_mgmt *mgmt; 528 union wpa_event_data event; 529 u16 fc, stype; 530 int ssi_signal = 0; 531 int rx_freq = 0; 532 533 wpa_printf(MSG_MSGDUMP, "nl80211: Frame event"); 534 mgmt = (const struct ieee80211_mgmt *) frame; 535 if (len < 24) { 536 wpa_printf(MSG_DEBUG, "nl80211: Too short management frame"); 537 return; 538 } 539 540 fc = le_to_host16(mgmt->frame_control); 541 stype = WLAN_FC_GET_STYPE(fc); 542 543 if (sig) 544 ssi_signal = (s32) nla_get_u32(sig); 545 546 os_memset(&event, 0, sizeof(event)); 547 if (freq) { 548 event.rx_mgmt.freq = nla_get_u32(freq); 549 rx_freq = drv->last_mgmt_freq = event.rx_mgmt.freq; 550 } 551 wpa_printf(MSG_DEBUG, 552 "nl80211: RX frame sa=" MACSTR 553 " freq=%d ssi_signal=%d fc=0x%x seq_ctrl=0x%x stype=%u (%s) len=%u", 554 MAC2STR(mgmt->sa), rx_freq, ssi_signal, fc, 555 le_to_host16(mgmt->seq_ctrl), stype, fc2str(fc), 556 (unsigned int) len); 557 event.rx_mgmt.frame = frame; 558 event.rx_mgmt.frame_len = len; 559 event.rx_mgmt.ssi_signal = ssi_signal; 560 event.rx_mgmt.drv_priv = bss; 561 wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event); 562 } 563 564 565 static void mlme_event_mgmt_tx_status(struct wpa_driver_nl80211_data *drv, 566 struct nlattr *cookie, const u8 *frame, 567 size_t len, struct nlattr *ack) 568 { 569 union wpa_event_data event; 570 const struct ieee80211_hdr *hdr; 571 u16 fc; 572 573 wpa_printf(MSG_DEBUG, "nl80211: Frame TX status event"); 574 if (!is_ap_interface(drv->nlmode)) { 575 u64 cookie_val; 576 577 if (!cookie) 578 return; 579 580 cookie_val = nla_get_u64(cookie); 581 wpa_printf(MSG_DEBUG, "nl80211: Action TX status:" 582 " cookie=0%llx%s (ack=%d)", 583 (long long unsigned int) cookie_val, 584 cookie_val == drv->send_action_cookie ? 585 " (match)" : " (unknown)", ack != NULL); 586 if (cookie_val != drv->send_action_cookie) 587 return; 588 } 589 590 hdr = (const struct ieee80211_hdr *) frame; 591 fc = le_to_host16(hdr->frame_control); 592 593 os_memset(&event, 0, sizeof(event)); 594 event.tx_status.type = WLAN_FC_GET_TYPE(fc); 595 event.tx_status.stype = WLAN_FC_GET_STYPE(fc); 596 event.tx_status.dst = hdr->addr1; 597 event.tx_status.data = frame; 598 event.tx_status.data_len = len; 599 event.tx_status.ack = ack != NULL; 600 wpa_supplicant_event(drv->ctx, EVENT_TX_STATUS, &event); 601 } 602 603 604 static void mlme_event_deauth_disassoc(struct wpa_driver_nl80211_data *drv, 605 enum wpa_event_type type, 606 const u8 *frame, size_t len) 607 { 608 const struct ieee80211_mgmt *mgmt; 609 union wpa_event_data event; 610 const u8 *bssid = NULL; 611 u16 reason_code = 0; 612 613 if (type == EVENT_DEAUTH) 614 wpa_printf(MSG_DEBUG, "nl80211: Deauthenticate event"); 615 else 616 wpa_printf(MSG_DEBUG, "nl80211: Disassociate event"); 617 618 mgmt = (const struct ieee80211_mgmt *) frame; 619 if (len >= 24) { 620 bssid = mgmt->bssid; 621 622 if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) && 623 !drv->associated && 624 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0 && 625 os_memcmp(bssid, drv->auth_attempt_bssid, ETH_ALEN) != 0 && 626 os_memcmp(bssid, drv->prev_bssid, ETH_ALEN) == 0) { 627 /* 628 * Avoid issues with some roaming cases where 629 * disconnection event for the old AP may show up after 630 * we have started connection with the new AP. 631 */ 632 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth/disassoc event from old AP " MACSTR " when already authenticating with " MACSTR, 633 MAC2STR(bssid), 634 MAC2STR(drv->auth_attempt_bssid)); 635 return; 636 } 637 638 if (drv->associated != 0 && 639 os_memcmp(bssid, drv->bssid, ETH_ALEN) != 0 && 640 os_memcmp(bssid, drv->auth_bssid, ETH_ALEN) != 0) { 641 /* 642 * We have presumably received this deauth as a 643 * response to a clear_state_mismatch() outgoing 644 * deauth. Don't let it take us offline! 645 */ 646 wpa_printf(MSG_DEBUG, "nl80211: Deauth received " 647 "from Unknown BSSID " MACSTR " -- ignoring", 648 MAC2STR(bssid)); 649 return; 650 } 651 } 652 653 nl80211_mark_disconnected(drv); 654 os_memset(&event, 0, sizeof(event)); 655 656 /* Note: Same offset for Reason Code in both frame subtypes */ 657 if (len >= 24 + sizeof(mgmt->u.deauth)) 658 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 659 660 if (type == EVENT_DISASSOC) { 661 event.disassoc_info.locally_generated = 662 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 663 event.disassoc_info.addr = bssid; 664 event.disassoc_info.reason_code = reason_code; 665 if (frame + len > mgmt->u.disassoc.variable) { 666 event.disassoc_info.ie = mgmt->u.disassoc.variable; 667 event.disassoc_info.ie_len = frame + len - 668 mgmt->u.disassoc.variable; 669 } 670 } else { 671 if (drv->ignore_deauth_event) { 672 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event due to previous forced deauth-during-auth"); 673 drv->ignore_deauth_event = 0; 674 return; 675 } 676 event.deauth_info.locally_generated = 677 !os_memcmp(mgmt->sa, drv->first_bss->addr, ETH_ALEN); 678 if (drv->ignore_next_local_deauth) { 679 drv->ignore_next_local_deauth = 0; 680 if (event.deauth_info.locally_generated) { 681 wpa_printf(MSG_DEBUG, "nl80211: Ignore deauth event triggered due to own deauth request"); 682 return; 683 } 684 wpa_printf(MSG_WARNING, "nl80211: Was expecting local deauth but got another disconnect event first"); 685 } 686 event.deauth_info.addr = bssid; 687 event.deauth_info.reason_code = reason_code; 688 if (frame + len > mgmt->u.deauth.variable) { 689 event.deauth_info.ie = mgmt->u.deauth.variable; 690 event.deauth_info.ie_len = frame + len - 691 mgmt->u.deauth.variable; 692 } 693 } 694 695 wpa_supplicant_event(drv->ctx, type, &event); 696 } 697 698 699 static void mlme_event_unprot_disconnect(struct wpa_driver_nl80211_data *drv, 700 enum wpa_event_type type, 701 const u8 *frame, size_t len) 702 { 703 const struct ieee80211_mgmt *mgmt; 704 union wpa_event_data event; 705 u16 reason_code = 0; 706 707 if (type == EVENT_UNPROT_DEAUTH) 708 wpa_printf(MSG_DEBUG, "nl80211: Unprot Deauthenticate event"); 709 else 710 wpa_printf(MSG_DEBUG, "nl80211: Unprot Disassociate event"); 711 712 if (len < 24) 713 return; 714 715 mgmt = (const struct ieee80211_mgmt *) frame; 716 717 os_memset(&event, 0, sizeof(event)); 718 /* Note: Same offset for Reason Code in both frame subtypes */ 719 if (len >= 24 + sizeof(mgmt->u.deauth)) 720 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 721 722 if (type == EVENT_UNPROT_DISASSOC) { 723 event.unprot_disassoc.sa = mgmt->sa; 724 event.unprot_disassoc.da = mgmt->da; 725 event.unprot_disassoc.reason_code = reason_code; 726 } else { 727 event.unprot_deauth.sa = mgmt->sa; 728 event.unprot_deauth.da = mgmt->da; 729 event.unprot_deauth.reason_code = reason_code; 730 } 731 732 wpa_supplicant_event(drv->ctx, type, &event); 733 } 734 735 736 static void mlme_event(struct i802_bss *bss, 737 enum nl80211_commands cmd, struct nlattr *frame, 738 struct nlattr *addr, struct nlattr *timed_out, 739 struct nlattr *freq, struct nlattr *ack, 740 struct nlattr *cookie, struct nlattr *sig, 741 struct nlattr *wmm) 742 { 743 struct wpa_driver_nl80211_data *drv = bss->drv; 744 const u8 *data; 745 size_t len; 746 747 if (timed_out && addr) { 748 mlme_timeout_event(drv, cmd, addr); 749 return; 750 } 751 752 if (frame == NULL) { 753 wpa_printf(MSG_DEBUG, 754 "nl80211: MLME event %d (%s) without frame data", 755 cmd, nl80211_command_to_string(cmd)); 756 return; 757 } 758 759 data = nla_data(frame); 760 len = nla_len(frame); 761 if (len < 4 + 2 * ETH_ALEN) { 762 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" 763 MACSTR ") - too short", 764 cmd, nl80211_command_to_string(cmd), bss->ifname, 765 MAC2STR(bss->addr)); 766 return; 767 } 768 wpa_printf(MSG_MSGDUMP, "nl80211: MLME event %d (%s) on %s(" MACSTR 769 ") A1=" MACSTR " A2=" MACSTR, cmd, 770 nl80211_command_to_string(cmd), bss->ifname, 771 MAC2STR(bss->addr), MAC2STR(data + 4), 772 MAC2STR(data + 4 + ETH_ALEN)); 773 if (cmd != NL80211_CMD_FRAME_TX_STATUS && !(data[4] & 0x01) && 774 os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 && 775 os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) { 776 wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event " 777 "for foreign address", bss->ifname); 778 return; 779 } 780 wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", 781 nla_data(frame), nla_len(frame)); 782 783 switch (cmd) { 784 case NL80211_CMD_AUTHENTICATE: 785 mlme_event_auth(drv, nla_data(frame), nla_len(frame)); 786 break; 787 case NL80211_CMD_ASSOCIATE: 788 mlme_event_assoc(drv, nla_data(frame), nla_len(frame), wmm); 789 break; 790 case NL80211_CMD_DEAUTHENTICATE: 791 mlme_event_deauth_disassoc(drv, EVENT_DEAUTH, 792 nla_data(frame), nla_len(frame)); 793 break; 794 case NL80211_CMD_DISASSOCIATE: 795 mlme_event_deauth_disassoc(drv, EVENT_DISASSOC, 796 nla_data(frame), nla_len(frame)); 797 break; 798 case NL80211_CMD_FRAME: 799 mlme_event_mgmt(bss, freq, sig, nla_data(frame), 800 nla_len(frame)); 801 break; 802 case NL80211_CMD_FRAME_TX_STATUS: 803 mlme_event_mgmt_tx_status(drv, cookie, nla_data(frame), 804 nla_len(frame), ack); 805 break; 806 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 807 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DEAUTH, 808 nla_data(frame), nla_len(frame)); 809 break; 810 case NL80211_CMD_UNPROT_DISASSOCIATE: 811 mlme_event_unprot_disconnect(drv, EVENT_UNPROT_DISASSOC, 812 nla_data(frame), nla_len(frame)); 813 break; 814 default: 815 break; 816 } 817 } 818 819 820 static void mlme_event_michael_mic_failure(struct i802_bss *bss, 821 struct nlattr *tb[]) 822 { 823 union wpa_event_data data; 824 825 wpa_printf(MSG_DEBUG, "nl80211: MLME event Michael MIC failure"); 826 os_memset(&data, 0, sizeof(data)); 827 if (tb[NL80211_ATTR_MAC]) { 828 wpa_hexdump(MSG_DEBUG, "nl80211: Source MAC address", 829 nla_data(tb[NL80211_ATTR_MAC]), 830 nla_len(tb[NL80211_ATTR_MAC])); 831 data.michael_mic_failure.src = nla_data(tb[NL80211_ATTR_MAC]); 832 } 833 if (tb[NL80211_ATTR_KEY_SEQ]) { 834 wpa_hexdump(MSG_DEBUG, "nl80211: TSC", 835 nla_data(tb[NL80211_ATTR_KEY_SEQ]), 836 nla_len(tb[NL80211_ATTR_KEY_SEQ])); 837 } 838 if (tb[NL80211_ATTR_KEY_TYPE]) { 839 enum nl80211_key_type key_type = 840 nla_get_u32(tb[NL80211_ATTR_KEY_TYPE]); 841 wpa_printf(MSG_DEBUG, "nl80211: Key Type %d", key_type); 842 if (key_type == NL80211_KEYTYPE_PAIRWISE) 843 data.michael_mic_failure.unicast = 1; 844 } else 845 data.michael_mic_failure.unicast = 1; 846 847 if (tb[NL80211_ATTR_KEY_IDX]) { 848 u8 key_id = nla_get_u8(tb[NL80211_ATTR_KEY_IDX]); 849 wpa_printf(MSG_DEBUG, "nl80211: Key Id %d", key_id); 850 } 851 852 wpa_supplicant_event(bss->ctx, EVENT_MICHAEL_MIC_FAILURE, &data); 853 } 854 855 856 static void mlme_event_join_ibss(struct wpa_driver_nl80211_data *drv, 857 struct nlattr *tb[]) 858 { 859 unsigned int freq; 860 861 if (tb[NL80211_ATTR_MAC] == NULL) { 862 wpa_printf(MSG_DEBUG, "nl80211: No address in IBSS joined " 863 "event"); 864 return; 865 } 866 os_memcpy(drv->bssid, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 867 868 drv->associated = 1; 869 wpa_printf(MSG_DEBUG, "nl80211: IBSS " MACSTR " joined", 870 MAC2STR(drv->bssid)); 871 872 freq = nl80211_get_assoc_freq(drv); 873 if (freq) { 874 wpa_printf(MSG_DEBUG, "nl80211: IBSS on frequency %u MHz", 875 freq); 876 drv->first_bss->freq = freq; 877 } 878 879 wpa_supplicant_event(drv->ctx, EVENT_ASSOC, NULL); 880 } 881 882 883 static void mlme_event_remain_on_channel(struct wpa_driver_nl80211_data *drv, 884 int cancel_event, struct nlattr *tb[]) 885 { 886 unsigned int freq, chan_type, duration; 887 union wpa_event_data data; 888 u64 cookie; 889 890 if (tb[NL80211_ATTR_WIPHY_FREQ]) 891 freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 892 else 893 freq = 0; 894 895 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) 896 chan_type = nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 897 else 898 chan_type = 0; 899 900 if (tb[NL80211_ATTR_DURATION]) 901 duration = nla_get_u32(tb[NL80211_ATTR_DURATION]); 902 else 903 duration = 0; 904 905 if (tb[NL80211_ATTR_COOKIE]) 906 cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]); 907 else 908 cookie = 0; 909 910 wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel event (cancel=%d " 911 "freq=%u channel_type=%u duration=%u cookie=0x%llx (%s))", 912 cancel_event, freq, chan_type, duration, 913 (long long unsigned int) cookie, 914 cookie == drv->remain_on_chan_cookie ? "match" : "unknown"); 915 916 if (cookie != drv->remain_on_chan_cookie) 917 return; /* not for us */ 918 919 if (cancel_event) 920 drv->pending_remain_on_chan = 0; 921 922 os_memset(&data, 0, sizeof(data)); 923 data.remain_on_channel.freq = freq; 924 data.remain_on_channel.duration = duration; 925 wpa_supplicant_event(drv->ctx, cancel_event ? 926 EVENT_CANCEL_REMAIN_ON_CHANNEL : 927 EVENT_REMAIN_ON_CHANNEL, &data); 928 } 929 930 931 static void mlme_event_ft_event(struct wpa_driver_nl80211_data *drv, 932 struct nlattr *tb[]) 933 { 934 union wpa_event_data data; 935 936 os_memset(&data, 0, sizeof(data)); 937 938 if (tb[NL80211_ATTR_IE]) { 939 data.ft_ies.ies = nla_data(tb[NL80211_ATTR_IE]); 940 data.ft_ies.ies_len = nla_len(tb[NL80211_ATTR_IE]); 941 } 942 943 if (tb[NL80211_ATTR_IE_RIC]) { 944 data.ft_ies.ric_ies = nla_data(tb[NL80211_ATTR_IE_RIC]); 945 data.ft_ies.ric_ies_len = nla_len(tb[NL80211_ATTR_IE_RIC]); 946 } 947 948 if (tb[NL80211_ATTR_MAC]) 949 os_memcpy(data.ft_ies.target_ap, 950 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 951 952 wpa_printf(MSG_DEBUG, "nl80211: FT event target_ap " MACSTR, 953 MAC2STR(data.ft_ies.target_ap)); 954 955 wpa_supplicant_event(drv->ctx, EVENT_FT_RESPONSE, &data); 956 } 957 958 959 static void send_scan_event(struct wpa_driver_nl80211_data *drv, int aborted, 960 struct nlattr *tb[]) 961 { 962 union wpa_event_data event; 963 struct nlattr *nl; 964 int rem; 965 struct scan_info *info; 966 #define MAX_REPORT_FREQS 50 967 int freqs[MAX_REPORT_FREQS]; 968 int num_freqs = 0; 969 970 if (drv->scan_for_auth) { 971 drv->scan_for_auth = 0; 972 wpa_printf(MSG_DEBUG, "nl80211: Scan results for missing " 973 "cfg80211 BSS entry"); 974 wpa_driver_nl80211_authenticate_retry(drv); 975 return; 976 } 977 978 os_memset(&event, 0, sizeof(event)); 979 info = &event.scan_info; 980 info->aborted = aborted; 981 982 if (tb[NL80211_ATTR_SCAN_SSIDS]) { 983 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_SSIDS], rem) { 984 struct wpa_driver_scan_ssid *s = 985 &info->ssids[info->num_ssids]; 986 s->ssid = nla_data(nl); 987 s->ssid_len = nla_len(nl); 988 wpa_printf(MSG_DEBUG, "nl80211: Scan probed for SSID '%s'", 989 wpa_ssid_txt(s->ssid, s->ssid_len)); 990 info->num_ssids++; 991 if (info->num_ssids == WPAS_MAX_SCAN_SSIDS) 992 break; 993 } 994 } 995 if (tb[NL80211_ATTR_SCAN_FREQUENCIES]) { 996 char msg[200], *pos, *end; 997 int res; 998 999 pos = msg; 1000 end = pos + sizeof(msg); 1001 *pos = '\0'; 1002 1003 nla_for_each_nested(nl, tb[NL80211_ATTR_SCAN_FREQUENCIES], rem) 1004 { 1005 freqs[num_freqs] = nla_get_u32(nl); 1006 res = os_snprintf(pos, end - pos, " %d", 1007 freqs[num_freqs]); 1008 if (!os_snprintf_error(end - pos, res)) 1009 pos += res; 1010 num_freqs++; 1011 if (num_freqs == MAX_REPORT_FREQS - 1) 1012 break; 1013 } 1014 info->freqs = freqs; 1015 info->num_freqs = num_freqs; 1016 wpa_printf(MSG_DEBUG, "nl80211: Scan included frequencies:%s", 1017 msg); 1018 } 1019 wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, &event); 1020 } 1021 1022 1023 static void nl80211_cqm_event(struct wpa_driver_nl80211_data *drv, 1024 struct nlattr *tb[]) 1025 { 1026 static struct nla_policy cqm_policy[NL80211_ATTR_CQM_MAX + 1] = { 1027 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 1028 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U8 }, 1029 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 1030 [NL80211_ATTR_CQM_PKT_LOSS_EVENT] = { .type = NLA_U32 }, 1031 }; 1032 struct nlattr *cqm[NL80211_ATTR_CQM_MAX + 1]; 1033 enum nl80211_cqm_rssi_threshold_event event; 1034 union wpa_event_data ed; 1035 struct wpa_signal_info sig; 1036 int res; 1037 1038 if (tb[NL80211_ATTR_CQM] == NULL || 1039 nla_parse_nested(cqm, NL80211_ATTR_CQM_MAX, tb[NL80211_ATTR_CQM], 1040 cqm_policy)) { 1041 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid CQM event"); 1042 return; 1043 } 1044 1045 os_memset(&ed, 0, sizeof(ed)); 1046 1047 if (cqm[NL80211_ATTR_CQM_PKT_LOSS_EVENT]) { 1048 if (!tb[NL80211_ATTR_MAC]) 1049 return; 1050 os_memcpy(ed.low_ack.addr, nla_data(tb[NL80211_ATTR_MAC]), 1051 ETH_ALEN); 1052 wpa_supplicant_event(drv->ctx, EVENT_STATION_LOW_ACK, &ed); 1053 return; 1054 } 1055 1056 if (cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] == NULL) 1057 return; 1058 event = nla_get_u32(cqm[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT]); 1059 1060 if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH) { 1061 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1062 "event: RSSI high"); 1063 ed.signal_change.above_threshold = 1; 1064 } else if (event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW) { 1065 wpa_printf(MSG_DEBUG, "nl80211: Connection quality monitor " 1066 "event: RSSI low"); 1067 ed.signal_change.above_threshold = 0; 1068 } else 1069 return; 1070 1071 res = nl80211_get_link_signal(drv, &sig); 1072 if (res == 0) { 1073 ed.signal_change.current_signal = sig.current_signal; 1074 ed.signal_change.current_txrate = sig.current_txrate; 1075 wpa_printf(MSG_DEBUG, "nl80211: Signal: %d dBm txrate: %d", 1076 sig.current_signal, sig.current_txrate); 1077 } 1078 1079 res = nl80211_get_link_noise(drv, &sig); 1080 if (res == 0) { 1081 ed.signal_change.current_noise = sig.current_noise; 1082 wpa_printf(MSG_DEBUG, "nl80211: Noise: %d dBm", 1083 sig.current_noise); 1084 } 1085 1086 wpa_supplicant_event(drv->ctx, EVENT_SIGNAL_CHANGE, &ed); 1087 } 1088 1089 1090 static void nl80211_new_peer_candidate(struct wpa_driver_nl80211_data *drv, 1091 struct nlattr **tb) 1092 { 1093 const u8 *addr; 1094 union wpa_event_data data; 1095 1096 if (drv->nlmode != NL80211_IFTYPE_MESH_POINT || 1097 !tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_IE]) 1098 return; 1099 1100 addr = nla_data(tb[NL80211_ATTR_MAC]); 1101 wpa_printf(MSG_DEBUG, "nl80211: New peer candidate" MACSTR, 1102 MAC2STR(addr)); 1103 1104 os_memset(&data, 0, sizeof(data)); 1105 data.mesh_peer.peer = addr; 1106 data.mesh_peer.ies = nla_data(tb[NL80211_ATTR_IE]); 1107 data.mesh_peer.ie_len = nla_len(tb[NL80211_ATTR_IE]); 1108 wpa_supplicant_event(drv->ctx, EVENT_NEW_PEER_CANDIDATE, &data); 1109 } 1110 1111 1112 static void nl80211_new_station_event(struct wpa_driver_nl80211_data *drv, 1113 struct i802_bss *bss, 1114 struct nlattr **tb) 1115 { 1116 u8 *addr; 1117 union wpa_event_data data; 1118 1119 if (tb[NL80211_ATTR_MAC] == NULL) 1120 return; 1121 addr = nla_data(tb[NL80211_ATTR_MAC]); 1122 wpa_printf(MSG_DEBUG, "nl80211: New station " MACSTR, MAC2STR(addr)); 1123 1124 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 1125 u8 *ies = NULL; 1126 size_t ies_len = 0; 1127 if (tb[NL80211_ATTR_IE]) { 1128 ies = nla_data(tb[NL80211_ATTR_IE]); 1129 ies_len = nla_len(tb[NL80211_ATTR_IE]); 1130 } 1131 wpa_hexdump(MSG_DEBUG, "nl80211: Assoc Req IEs", ies, ies_len); 1132 drv_event_assoc(bss->ctx, addr, ies, ies_len, 0); 1133 return; 1134 } 1135 1136 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1137 return; 1138 1139 os_memset(&data, 0, sizeof(data)); 1140 os_memcpy(data.ibss_rsn_start.peer, addr, ETH_ALEN); 1141 wpa_supplicant_event(bss->ctx, EVENT_IBSS_RSN_START, &data); 1142 } 1143 1144 1145 static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv, 1146 struct nlattr **tb) 1147 { 1148 u8 *addr; 1149 union wpa_event_data data; 1150 1151 if (tb[NL80211_ATTR_MAC] == NULL) 1152 return; 1153 addr = nla_data(tb[NL80211_ATTR_MAC]); 1154 wpa_printf(MSG_DEBUG, "nl80211: Delete station " MACSTR, 1155 MAC2STR(addr)); 1156 1157 if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) { 1158 drv_event_disassoc(drv->ctx, addr); 1159 return; 1160 } 1161 1162 if (drv->nlmode != NL80211_IFTYPE_ADHOC) 1163 return; 1164 1165 os_memset(&data, 0, sizeof(data)); 1166 os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN); 1167 wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data); 1168 } 1169 1170 1171 static void nl80211_rekey_offload_event(struct wpa_driver_nl80211_data *drv, 1172 struct nlattr **tb) 1173 { 1174 struct nlattr *rekey_info[NUM_NL80211_REKEY_DATA]; 1175 static struct nla_policy rekey_policy[NUM_NL80211_REKEY_DATA] = { 1176 [NL80211_REKEY_DATA_KEK] = { 1177 .minlen = NL80211_KEK_LEN, 1178 .maxlen = NL80211_KEK_LEN, 1179 }, 1180 [NL80211_REKEY_DATA_KCK] = { 1181 .minlen = NL80211_KCK_LEN, 1182 .maxlen = NL80211_KCK_LEN, 1183 }, 1184 [NL80211_REKEY_DATA_REPLAY_CTR] = { 1185 .minlen = NL80211_REPLAY_CTR_LEN, 1186 .maxlen = NL80211_REPLAY_CTR_LEN, 1187 }, 1188 }; 1189 union wpa_event_data data; 1190 1191 if (!tb[NL80211_ATTR_MAC] || 1192 !tb[NL80211_ATTR_REKEY_DATA] || 1193 nla_parse_nested(rekey_info, MAX_NL80211_REKEY_DATA, 1194 tb[NL80211_ATTR_REKEY_DATA], rekey_policy) || 1195 !rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]) 1196 return; 1197 1198 os_memset(&data, 0, sizeof(data)); 1199 data.driver_gtk_rekey.bssid = nla_data(tb[NL80211_ATTR_MAC]); 1200 wpa_printf(MSG_DEBUG, "nl80211: Rekey offload event for BSSID " MACSTR, 1201 MAC2STR(data.driver_gtk_rekey.bssid)); 1202 data.driver_gtk_rekey.replay_ctr = 1203 nla_data(rekey_info[NL80211_REKEY_DATA_REPLAY_CTR]); 1204 wpa_hexdump(MSG_DEBUG, "nl80211: Rekey offload - Replay Counter", 1205 data.driver_gtk_rekey.replay_ctr, NL80211_REPLAY_CTR_LEN); 1206 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_GTK_REKEY, &data); 1207 } 1208 1209 1210 static void nl80211_pmksa_candidate_event(struct wpa_driver_nl80211_data *drv, 1211 struct nlattr **tb) 1212 { 1213 struct nlattr *cand[NUM_NL80211_PMKSA_CANDIDATE]; 1214 static struct nla_policy cand_policy[NUM_NL80211_PMKSA_CANDIDATE] = { 1215 [NL80211_PMKSA_CANDIDATE_INDEX] = { .type = NLA_U32 }, 1216 [NL80211_PMKSA_CANDIDATE_BSSID] = { 1217 .minlen = ETH_ALEN, 1218 .maxlen = ETH_ALEN, 1219 }, 1220 [NL80211_PMKSA_CANDIDATE_PREAUTH] = { .type = NLA_FLAG }, 1221 }; 1222 union wpa_event_data data; 1223 1224 wpa_printf(MSG_DEBUG, "nl80211: PMKSA candidate event"); 1225 1226 if (!tb[NL80211_ATTR_PMKSA_CANDIDATE] || 1227 nla_parse_nested(cand, MAX_NL80211_PMKSA_CANDIDATE, 1228 tb[NL80211_ATTR_PMKSA_CANDIDATE], cand_policy) || 1229 !cand[NL80211_PMKSA_CANDIDATE_INDEX] || 1230 !cand[NL80211_PMKSA_CANDIDATE_BSSID]) 1231 return; 1232 1233 os_memset(&data, 0, sizeof(data)); 1234 os_memcpy(data.pmkid_candidate.bssid, 1235 nla_data(cand[NL80211_PMKSA_CANDIDATE_BSSID]), ETH_ALEN); 1236 data.pmkid_candidate.index = 1237 nla_get_u32(cand[NL80211_PMKSA_CANDIDATE_INDEX]); 1238 data.pmkid_candidate.preauth = 1239 cand[NL80211_PMKSA_CANDIDATE_PREAUTH] != NULL; 1240 wpa_supplicant_event(drv->ctx, EVENT_PMKID_CANDIDATE, &data); 1241 } 1242 1243 1244 static void nl80211_client_probe_event(struct wpa_driver_nl80211_data *drv, 1245 struct nlattr **tb) 1246 { 1247 union wpa_event_data data; 1248 1249 wpa_printf(MSG_DEBUG, "nl80211: Probe client event"); 1250 1251 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_ACK]) 1252 return; 1253 1254 os_memset(&data, 0, sizeof(data)); 1255 os_memcpy(data.client_poll.addr, 1256 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1257 1258 wpa_supplicant_event(drv->ctx, EVENT_DRIVER_CLIENT_POLL_OK, &data); 1259 } 1260 1261 1262 static void nl80211_tdls_oper_event(struct wpa_driver_nl80211_data *drv, 1263 struct nlattr **tb) 1264 { 1265 union wpa_event_data data; 1266 1267 wpa_printf(MSG_DEBUG, "nl80211: TDLS operation event"); 1268 1269 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_TDLS_OPERATION]) 1270 return; 1271 1272 os_memset(&data, 0, sizeof(data)); 1273 os_memcpy(data.tdls.peer, nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1274 switch (nla_get_u8(tb[NL80211_ATTR_TDLS_OPERATION])) { 1275 case NL80211_TDLS_SETUP: 1276 wpa_printf(MSG_DEBUG, "nl80211: TDLS setup request for peer " 1277 MACSTR, MAC2STR(data.tdls.peer)); 1278 data.tdls.oper = TDLS_REQUEST_SETUP; 1279 break; 1280 case NL80211_TDLS_TEARDOWN: 1281 wpa_printf(MSG_DEBUG, "nl80211: TDLS teardown request for peer " 1282 MACSTR, MAC2STR(data.tdls.peer)); 1283 data.tdls.oper = TDLS_REQUEST_TEARDOWN; 1284 break; 1285 case NL80211_TDLS_DISCOVERY_REQ: 1286 wpa_printf(MSG_DEBUG, 1287 "nl80211: TDLS discovery request for peer " MACSTR, 1288 MAC2STR(data.tdls.peer)); 1289 data.tdls.oper = TDLS_REQUEST_DISCOVER; 1290 break; 1291 default: 1292 wpa_printf(MSG_DEBUG, "nl80211: Unsupported TDLS operatione " 1293 "event"); 1294 return; 1295 } 1296 if (tb[NL80211_ATTR_REASON_CODE]) { 1297 data.tdls.reason_code = 1298 nla_get_u16(tb[NL80211_ATTR_REASON_CODE]); 1299 } 1300 1301 wpa_supplicant_event(drv->ctx, EVENT_TDLS, &data); 1302 } 1303 1304 1305 static void nl80211_stop_ap(struct wpa_driver_nl80211_data *drv, 1306 struct nlattr **tb) 1307 { 1308 wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_UNAVAILABLE, NULL); 1309 } 1310 1311 1312 static void nl80211_connect_failed_event(struct wpa_driver_nl80211_data *drv, 1313 struct nlattr **tb) 1314 { 1315 union wpa_event_data data; 1316 u32 reason; 1317 1318 wpa_printf(MSG_DEBUG, "nl80211: Connect failed event"); 1319 1320 if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_CONN_FAILED_REASON]) 1321 return; 1322 1323 os_memset(&data, 0, sizeof(data)); 1324 os_memcpy(data.connect_failed_reason.addr, 1325 nla_data(tb[NL80211_ATTR_MAC]), ETH_ALEN); 1326 1327 reason = nla_get_u32(tb[NL80211_ATTR_CONN_FAILED_REASON]); 1328 switch (reason) { 1329 case NL80211_CONN_FAIL_MAX_CLIENTS: 1330 wpa_printf(MSG_DEBUG, "nl80211: Max client reached"); 1331 data.connect_failed_reason.code = MAX_CLIENT_REACHED; 1332 break; 1333 case NL80211_CONN_FAIL_BLOCKED_CLIENT: 1334 wpa_printf(MSG_DEBUG, "nl80211: Blocked client " MACSTR 1335 " tried to connect", 1336 MAC2STR(data.connect_failed_reason.addr)); 1337 data.connect_failed_reason.code = BLOCKED_CLIENT; 1338 break; 1339 default: 1340 wpa_printf(MSG_DEBUG, "nl8021l: Unknown connect failed reason " 1341 "%u", reason); 1342 return; 1343 } 1344 1345 wpa_supplicant_event(drv->ctx, EVENT_CONNECT_FAILED_REASON, &data); 1346 } 1347 1348 1349 static void nl80211_radar_event(struct wpa_driver_nl80211_data *drv, 1350 struct nlattr **tb) 1351 { 1352 union wpa_event_data data; 1353 enum nl80211_radar_event event_type; 1354 1355 if (!tb[NL80211_ATTR_WIPHY_FREQ] || !tb[NL80211_ATTR_RADAR_EVENT]) 1356 return; 1357 1358 os_memset(&data, 0, sizeof(data)); 1359 data.dfs_event.freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 1360 event_type = nla_get_u32(tb[NL80211_ATTR_RADAR_EVENT]); 1361 1362 /* Check HT params */ 1363 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 1364 data.dfs_event.ht_enabled = 1; 1365 data.dfs_event.chan_offset = 0; 1366 1367 switch (nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])) { 1368 case NL80211_CHAN_NO_HT: 1369 data.dfs_event.ht_enabled = 0; 1370 break; 1371 case NL80211_CHAN_HT20: 1372 break; 1373 case NL80211_CHAN_HT40PLUS: 1374 data.dfs_event.chan_offset = 1; 1375 break; 1376 case NL80211_CHAN_HT40MINUS: 1377 data.dfs_event.chan_offset = -1; 1378 break; 1379 } 1380 } 1381 1382 /* Get VHT params */ 1383 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) 1384 data.dfs_event.chan_width = 1385 convert2width(nla_get_u32( 1386 tb[NL80211_ATTR_CHANNEL_WIDTH])); 1387 if (tb[NL80211_ATTR_CENTER_FREQ1]) 1388 data.dfs_event.cf1 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 1389 if (tb[NL80211_ATTR_CENTER_FREQ2]) 1390 data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 1391 1392 wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz, ht: %d, offset: %d, width: %d, cf1: %dMHz, cf2: %dMHz", 1393 data.dfs_event.freq, data.dfs_event.ht_enabled, 1394 data.dfs_event.chan_offset, data.dfs_event.chan_width, 1395 data.dfs_event.cf1, data.dfs_event.cf2); 1396 1397 switch (event_type) { 1398 case NL80211_RADAR_DETECTED: 1399 wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data); 1400 break; 1401 case NL80211_RADAR_CAC_FINISHED: 1402 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data); 1403 break; 1404 case NL80211_RADAR_CAC_ABORTED: 1405 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data); 1406 break; 1407 case NL80211_RADAR_NOP_FINISHED: 1408 wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data); 1409 break; 1410 default: 1411 wpa_printf(MSG_DEBUG, "nl80211: Unknown radar event %d " 1412 "received", event_type); 1413 break; 1414 } 1415 } 1416 1417 1418 static void nl80211_spurious_frame(struct i802_bss *bss, struct nlattr **tb, 1419 int wds) 1420 { 1421 struct wpa_driver_nl80211_data *drv = bss->drv; 1422 union wpa_event_data event; 1423 1424 if (!tb[NL80211_ATTR_MAC]) 1425 return; 1426 1427 os_memset(&event, 0, sizeof(event)); 1428 event.rx_from_unknown.bssid = bss->addr; 1429 event.rx_from_unknown.addr = nla_data(tb[NL80211_ATTR_MAC]); 1430 event.rx_from_unknown.wds = wds; 1431 1432 wpa_supplicant_event(drv->ctx, EVENT_RX_FROM_UNKNOWN, &event); 1433 } 1434 1435 1436 static void qca_nl80211_avoid_freq(struct wpa_driver_nl80211_data *drv, 1437 const u8 *data, size_t len) 1438 { 1439 u32 i, count; 1440 union wpa_event_data event; 1441 struct wpa_freq_range *range = NULL; 1442 const struct qca_avoid_freq_list *freq_range; 1443 1444 freq_range = (const struct qca_avoid_freq_list *) data; 1445 if (len < sizeof(freq_range->count)) 1446 return; 1447 1448 count = freq_range->count; 1449 if (len < sizeof(freq_range->count) + 1450 count * sizeof(struct qca_avoid_freq_range)) { 1451 wpa_printf(MSG_DEBUG, "nl80211: Ignored too short avoid frequency list (len=%u)", 1452 (unsigned int) len); 1453 return; 1454 } 1455 1456 if (count > 0) { 1457 range = os_calloc(count, sizeof(struct wpa_freq_range)); 1458 if (range == NULL) 1459 return; 1460 } 1461 1462 os_memset(&event, 0, sizeof(event)); 1463 for (i = 0; i < count; i++) { 1464 unsigned int idx = event.freq_range.num; 1465 range[idx].min = freq_range->range[i].start_freq; 1466 range[idx].max = freq_range->range[i].end_freq; 1467 wpa_printf(MSG_DEBUG, "nl80211: Avoid frequency range: %u-%u", 1468 range[idx].min, range[idx].max); 1469 if (range[idx].min > range[idx].max) { 1470 wpa_printf(MSG_DEBUG, "nl80211: Ignore invalid frequency range"); 1471 continue; 1472 } 1473 event.freq_range.num++; 1474 } 1475 event.freq_range.range = range; 1476 1477 wpa_supplicant_event(drv->ctx, EVENT_AVOID_FREQUENCIES, &event); 1478 1479 os_free(range); 1480 } 1481 1482 1483 static void qca_nl80211_acs_select_ch(struct wpa_driver_nl80211_data *drv, 1484 const u8 *data, size_t len) 1485 { 1486 struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_ACS_MAX + 1]; 1487 union wpa_event_data event; 1488 1489 wpa_printf(MSG_DEBUG, 1490 "nl80211: ACS channel selection vendor event received"); 1491 1492 if (nla_parse(tb, QCA_WLAN_VENDOR_ATTR_ACS_MAX, 1493 (struct nlattr *) data, len, NULL) || 1494 !tb[QCA_WLAN_VENDOR_ATTR_ACS_PRIMARY_CHANNEL] || 1495 !tb[QCA_WLAN_VENDOR_ATTR_ACS_SECONDARY_CHANNEL]) 1496 return; 1497 1498 os_memset(&event, 0, sizeof(event)); 1499 event.acs_selected_channels.pri_channel = 1500 nla_get_u8(tb[QCA_WLAN_VENDOR_ATTR_ACS_PRIMARY_CHANNEL]); 1501 event.acs_selected_channels.sec_channel = 1502 nla_get_u8(tb[QCA_WLAN_VENDOR_ATTR_ACS_SECONDARY_CHANNEL]); 1503 1504 wpa_supplicant_event(drv->ctx, EVENT_ACS_CHANNEL_SELECTED, &event); 1505 } 1506 1507 1508 static void qca_nl80211_key_mgmt_auth(struct wpa_driver_nl80211_data *drv, 1509 const u8 *data, size_t len) 1510 { 1511 struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_MAX + 1]; 1512 u8 *bssid; 1513 1514 wpa_printf(MSG_DEBUG, 1515 "nl80211: Key management roam+auth vendor event received"); 1516 1517 if (nla_parse(tb, QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_MAX, 1518 (struct nlattr *) data, len, NULL) || 1519 !tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_BSSID] || 1520 nla_len(tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_BSSID]) != ETH_ALEN || 1521 !tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_REQ_IE] || 1522 !tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_RESP_IE] || 1523 !tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_AUTHORIZED]) 1524 return; 1525 1526 bssid = nla_data(tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_BSSID]); 1527 wpa_printf(MSG_DEBUG, " * roam BSSID " MACSTR, MAC2STR(bssid)); 1528 1529 mlme_event_connect(drv, NL80211_CMD_ROAM, NULL, 1530 tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_BSSID], 1531 tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_REQ_IE], 1532 tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_RESP_IE], 1533 tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_AUTHORIZED], 1534 tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_KEY_REPLAY_CTR], 1535 tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_PTK_KCK], 1536 tb[QCA_WLAN_VENDOR_ATTR_ROAM_AUTH_PTK_KEK]); 1537 } 1538 1539 1540 static void qca_nl80211_dfs_offload_radar_event( 1541 struct wpa_driver_nl80211_data *drv, u32 subcmd, u8 *msg, int length) 1542 { 1543 union wpa_event_data data; 1544 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1545 1546 wpa_printf(MSG_DEBUG, 1547 "nl80211: DFS offload radar vendor event received"); 1548 1549 if (nla_parse(tb, NL80211_ATTR_MAX, 1550 (struct nlattr *) msg, length, NULL)) 1551 return; 1552 1553 if (!tb[NL80211_ATTR_WIPHY_FREQ]) { 1554 wpa_printf(MSG_INFO, 1555 "nl80211: Error parsing WIPHY_FREQ in FS offload radar vendor event"); 1556 return; 1557 } 1558 1559 os_memset(&data, 0, sizeof(data)); 1560 data.dfs_event.freq = nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); 1561 1562 wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz", 1563 data.dfs_event.freq); 1564 1565 /* Check HT params */ 1566 if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 1567 data.dfs_event.ht_enabled = 1; 1568 data.dfs_event.chan_offset = 0; 1569 1570 switch (nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE])) { 1571 case NL80211_CHAN_NO_HT: 1572 data.dfs_event.ht_enabled = 0; 1573 break; 1574 case NL80211_CHAN_HT20: 1575 break; 1576 case NL80211_CHAN_HT40PLUS: 1577 data.dfs_event.chan_offset = 1; 1578 break; 1579 case NL80211_CHAN_HT40MINUS: 1580 data.dfs_event.chan_offset = -1; 1581 break; 1582 } 1583 } 1584 1585 /* Get VHT params */ 1586 if (tb[NL80211_ATTR_CHANNEL_WIDTH]) 1587 data.dfs_event.chan_width = 1588 convert2width(nla_get_u32( 1589 tb[NL80211_ATTR_CHANNEL_WIDTH])); 1590 if (tb[NL80211_ATTR_CENTER_FREQ1]) 1591 data.dfs_event.cf1 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); 1592 if (tb[NL80211_ATTR_CENTER_FREQ2]) 1593 data.dfs_event.cf2 = nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); 1594 1595 wpa_printf(MSG_DEBUG, "nl80211: DFS event on freq %d MHz, ht: %d, " 1596 "offset: %d, width: %d, cf1: %dMHz, cf2: %dMHz", 1597 data.dfs_event.freq, data.dfs_event.ht_enabled, 1598 data.dfs_event.chan_offset, data.dfs_event.chan_width, 1599 data.dfs_event.cf1, data.dfs_event.cf2); 1600 1601 switch (subcmd) { 1602 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_RADAR_DETECTED: 1603 wpa_supplicant_event(drv->ctx, EVENT_DFS_RADAR_DETECTED, &data); 1604 break; 1605 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_STARTED: 1606 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_STARTED, &data); 1607 break; 1608 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_FINISHED: 1609 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_FINISHED, &data); 1610 break; 1611 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_ABORTED: 1612 wpa_supplicant_event(drv->ctx, EVENT_DFS_CAC_ABORTED, &data); 1613 break; 1614 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_NOP_FINISHED: 1615 wpa_supplicant_event(drv->ctx, EVENT_DFS_NOP_FINISHED, &data); 1616 break; 1617 default: 1618 wpa_printf(MSG_DEBUG, 1619 "nl80211: Unknown DFS offload radar event %d received", 1620 subcmd); 1621 break; 1622 } 1623 } 1624 1625 1626 static void nl80211_vendor_event_qca(struct wpa_driver_nl80211_data *drv, 1627 u32 subcmd, u8 *data, size_t len) 1628 { 1629 switch (subcmd) { 1630 case QCA_NL80211_VENDOR_SUBCMD_TEST: 1631 wpa_hexdump(MSG_DEBUG, "nl80211: QCA test event", data, len); 1632 break; 1633 case QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY: 1634 qca_nl80211_avoid_freq(drv, data, len); 1635 break; 1636 case QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH: 1637 qca_nl80211_key_mgmt_auth(drv, data, len); 1638 break; 1639 case QCA_NL80211_VENDOR_SUBCMD_DO_ACS: 1640 qca_nl80211_acs_select_ch(drv, data, len); 1641 break; 1642 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_STARTED: 1643 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_FINISHED: 1644 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_ABORTED: 1645 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_CAC_NOP_FINISHED: 1646 case QCA_NL80211_VENDOR_SUBCMD_DFS_OFFLOAD_RADAR_DETECTED: 1647 qca_nl80211_dfs_offload_radar_event(drv, subcmd, data, len); 1648 break; 1649 default: 1650 wpa_printf(MSG_DEBUG, 1651 "nl80211: Ignore unsupported QCA vendor event %u", 1652 subcmd); 1653 break; 1654 } 1655 } 1656 1657 1658 static void nl80211_vendor_event(struct wpa_driver_nl80211_data *drv, 1659 struct nlattr **tb) 1660 { 1661 u32 vendor_id, subcmd, wiphy = 0; 1662 int wiphy_idx; 1663 u8 *data = NULL; 1664 size_t len = 0; 1665 1666 if (!tb[NL80211_ATTR_VENDOR_ID] || 1667 !tb[NL80211_ATTR_VENDOR_SUBCMD]) 1668 return; 1669 1670 vendor_id = nla_get_u32(tb[NL80211_ATTR_VENDOR_ID]); 1671 subcmd = nla_get_u32(tb[NL80211_ATTR_VENDOR_SUBCMD]); 1672 1673 if (tb[NL80211_ATTR_WIPHY]) 1674 wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]); 1675 1676 wpa_printf(MSG_DEBUG, "nl80211: Vendor event: wiphy=%u vendor_id=0x%x subcmd=%u", 1677 wiphy, vendor_id, subcmd); 1678 1679 if (tb[NL80211_ATTR_VENDOR_DATA]) { 1680 data = nla_data(tb[NL80211_ATTR_VENDOR_DATA]); 1681 len = nla_len(tb[NL80211_ATTR_VENDOR_DATA]); 1682 wpa_hexdump(MSG_MSGDUMP, "nl80211: Vendor data", data, len); 1683 } 1684 1685 wiphy_idx = nl80211_get_wiphy_index(drv->first_bss); 1686 if (wiphy_idx >= 0 && wiphy_idx != (int) wiphy) { 1687 wpa_printf(MSG_DEBUG, "nl80211: Ignore vendor event for foreign wiphy %u (own: %d)", 1688 wiphy, wiphy_idx); 1689 return; 1690 } 1691 1692 switch (vendor_id) { 1693 case OUI_QCA: 1694 nl80211_vendor_event_qca(drv, subcmd, data, len); 1695 break; 1696 default: 1697 wpa_printf(MSG_DEBUG, "nl80211: Ignore unsupported vendor event"); 1698 break; 1699 } 1700 } 1701 1702 1703 static void nl80211_reg_change_event(struct wpa_driver_nl80211_data *drv, 1704 struct nlattr *tb[]) 1705 { 1706 union wpa_event_data data; 1707 enum nl80211_reg_initiator init; 1708 1709 wpa_printf(MSG_DEBUG, "nl80211: Regulatory domain change"); 1710 1711 if (tb[NL80211_ATTR_REG_INITIATOR] == NULL) 1712 return; 1713 1714 os_memset(&data, 0, sizeof(data)); 1715 init = nla_get_u8(tb[NL80211_ATTR_REG_INITIATOR]); 1716 wpa_printf(MSG_DEBUG, " * initiator=%d", init); 1717 switch (init) { 1718 case NL80211_REGDOM_SET_BY_CORE: 1719 data.channel_list_changed.initiator = REGDOM_SET_BY_CORE; 1720 break; 1721 case NL80211_REGDOM_SET_BY_USER: 1722 data.channel_list_changed.initiator = REGDOM_SET_BY_USER; 1723 break; 1724 case NL80211_REGDOM_SET_BY_DRIVER: 1725 data.channel_list_changed.initiator = REGDOM_SET_BY_DRIVER; 1726 break; 1727 case NL80211_REGDOM_SET_BY_COUNTRY_IE: 1728 data.channel_list_changed.initiator = REGDOM_SET_BY_COUNTRY_IE; 1729 break; 1730 } 1731 1732 if (tb[NL80211_ATTR_REG_TYPE]) { 1733 enum nl80211_reg_type type; 1734 type = nla_get_u8(tb[NL80211_ATTR_REG_TYPE]); 1735 wpa_printf(MSG_DEBUG, " * type=%d", type); 1736 switch (type) { 1737 case NL80211_REGDOM_TYPE_COUNTRY: 1738 data.channel_list_changed.type = REGDOM_TYPE_COUNTRY; 1739 break; 1740 case NL80211_REGDOM_TYPE_WORLD: 1741 data.channel_list_changed.type = REGDOM_TYPE_WORLD; 1742 break; 1743 case NL80211_REGDOM_TYPE_CUSTOM_WORLD: 1744 data.channel_list_changed.type = 1745 REGDOM_TYPE_CUSTOM_WORLD; 1746 break; 1747 case NL80211_REGDOM_TYPE_INTERSECTION: 1748 data.channel_list_changed.type = 1749 REGDOM_TYPE_INTERSECTION; 1750 break; 1751 } 1752 } 1753 1754 if (tb[NL80211_ATTR_REG_ALPHA2]) { 1755 os_strlcpy(data.channel_list_changed.alpha2, 1756 nla_get_string(tb[NL80211_ATTR_REG_ALPHA2]), 1757 sizeof(data.channel_list_changed.alpha2)); 1758 wpa_printf(MSG_DEBUG, " * alpha2=%s", 1759 data.channel_list_changed.alpha2); 1760 } 1761 1762 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, &data); 1763 } 1764 1765 1766 static void do_process_drv_event(struct i802_bss *bss, int cmd, 1767 struct nlattr **tb) 1768 { 1769 struct wpa_driver_nl80211_data *drv = bss->drv; 1770 union wpa_event_data data; 1771 1772 wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s", 1773 cmd, nl80211_command_to_string(cmd), bss->ifname); 1774 1775 if (cmd == NL80211_CMD_ROAM && 1776 (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) { 1777 /* 1778 * Device will use roam+auth vendor event to indicate 1779 * roaming, so ignore the regular roam event. 1780 */ 1781 wpa_printf(MSG_DEBUG, 1782 "nl80211: Ignore roam event (cmd=%d), device will use vendor event roam+auth", 1783 cmd); 1784 return; 1785 } 1786 1787 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED && 1788 (cmd == NL80211_CMD_NEW_SCAN_RESULTS || 1789 cmd == NL80211_CMD_SCAN_ABORTED)) { 1790 wpa_driver_nl80211_set_mode(drv->first_bss, 1791 drv->ap_scan_as_station); 1792 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 1793 } 1794 1795 switch (cmd) { 1796 case NL80211_CMD_TRIGGER_SCAN: 1797 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan trigger"); 1798 drv->scan_state = SCAN_STARTED; 1799 if (drv->scan_for_auth) { 1800 /* 1801 * Cannot indicate EVENT_SCAN_STARTED here since we skip 1802 * EVENT_SCAN_RESULTS in scan_for_auth case and the 1803 * upper layer implementation could get confused about 1804 * scanning state. 1805 */ 1806 wpa_printf(MSG_DEBUG, "nl80211: Do not indicate scan-start event due to internal scan_for_auth"); 1807 break; 1808 } 1809 wpa_supplicant_event(drv->ctx, EVENT_SCAN_STARTED, NULL); 1810 break; 1811 case NL80211_CMD_START_SCHED_SCAN: 1812 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan started"); 1813 drv->scan_state = SCHED_SCAN_STARTED; 1814 break; 1815 case NL80211_CMD_SCHED_SCAN_STOPPED: 1816 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Sched scan stopped"); 1817 drv->scan_state = SCHED_SCAN_STOPPED; 1818 wpa_supplicant_event(drv->ctx, EVENT_SCHED_SCAN_STOPPED, NULL); 1819 break; 1820 case NL80211_CMD_NEW_SCAN_RESULTS: 1821 wpa_dbg(drv->ctx, MSG_DEBUG, 1822 "nl80211: New scan results available"); 1823 drv->scan_state = SCAN_COMPLETED; 1824 drv->scan_complete_events = 1; 1825 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1826 drv->ctx); 1827 send_scan_event(drv, 0, tb); 1828 break; 1829 case NL80211_CMD_SCHED_SCAN_RESULTS: 1830 wpa_dbg(drv->ctx, MSG_DEBUG, 1831 "nl80211: New sched scan results available"); 1832 drv->scan_state = SCHED_SCAN_RESULTS; 1833 send_scan_event(drv, 0, tb); 1834 break; 1835 case NL80211_CMD_SCAN_ABORTED: 1836 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Scan aborted"); 1837 drv->scan_state = SCAN_ABORTED; 1838 /* 1839 * Need to indicate that scan results are available in order 1840 * not to make wpa_supplicant stop its scanning. 1841 */ 1842 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, 1843 drv->ctx); 1844 send_scan_event(drv, 1, tb); 1845 break; 1846 case NL80211_CMD_AUTHENTICATE: 1847 case NL80211_CMD_ASSOCIATE: 1848 case NL80211_CMD_DEAUTHENTICATE: 1849 case NL80211_CMD_DISASSOCIATE: 1850 case NL80211_CMD_FRAME_TX_STATUS: 1851 case NL80211_CMD_UNPROT_DEAUTHENTICATE: 1852 case NL80211_CMD_UNPROT_DISASSOCIATE: 1853 mlme_event(bss, cmd, tb[NL80211_ATTR_FRAME], 1854 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 1855 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 1856 tb[NL80211_ATTR_COOKIE], 1857 tb[NL80211_ATTR_RX_SIGNAL_DBM], 1858 tb[NL80211_ATTR_STA_WME]); 1859 break; 1860 case NL80211_CMD_CONNECT: 1861 case NL80211_CMD_ROAM: 1862 mlme_event_connect(drv, cmd, 1863 tb[NL80211_ATTR_STATUS_CODE], 1864 tb[NL80211_ATTR_MAC], 1865 tb[NL80211_ATTR_REQ_IE], 1866 tb[NL80211_ATTR_RESP_IE], 1867 NULL, NULL, NULL, NULL); 1868 break; 1869 case NL80211_CMD_CH_SWITCH_NOTIFY: 1870 mlme_event_ch_switch(drv, 1871 tb[NL80211_ATTR_IFINDEX], 1872 tb[NL80211_ATTR_WIPHY_FREQ], 1873 tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE], 1874 tb[NL80211_ATTR_CHANNEL_WIDTH], 1875 tb[NL80211_ATTR_CENTER_FREQ1], 1876 tb[NL80211_ATTR_CENTER_FREQ2]); 1877 break; 1878 case NL80211_CMD_DISCONNECT: 1879 mlme_event_disconnect(drv, tb[NL80211_ATTR_REASON_CODE], 1880 tb[NL80211_ATTR_MAC], 1881 tb[NL80211_ATTR_DISCONNECTED_BY_AP]); 1882 break; 1883 case NL80211_CMD_MICHAEL_MIC_FAILURE: 1884 mlme_event_michael_mic_failure(bss, tb); 1885 break; 1886 case NL80211_CMD_JOIN_IBSS: 1887 mlme_event_join_ibss(drv, tb); 1888 break; 1889 case NL80211_CMD_REMAIN_ON_CHANNEL: 1890 mlme_event_remain_on_channel(drv, 0, tb); 1891 break; 1892 case NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL: 1893 mlme_event_remain_on_channel(drv, 1, tb); 1894 break; 1895 case NL80211_CMD_NOTIFY_CQM: 1896 nl80211_cqm_event(drv, tb); 1897 break; 1898 case NL80211_CMD_REG_CHANGE: 1899 nl80211_reg_change_event(drv, tb); 1900 break; 1901 case NL80211_CMD_REG_BEACON_HINT: 1902 wpa_printf(MSG_DEBUG, "nl80211: Regulatory beacon hint"); 1903 os_memset(&data, 0, sizeof(data)); 1904 data.channel_list_changed.initiator = REGDOM_BEACON_HINT; 1905 wpa_supplicant_event(drv->ctx, EVENT_CHANNEL_LIST_CHANGED, 1906 &data); 1907 break; 1908 case NL80211_CMD_NEW_STATION: 1909 nl80211_new_station_event(drv, bss, tb); 1910 break; 1911 case NL80211_CMD_DEL_STATION: 1912 nl80211_del_station_event(drv, tb); 1913 break; 1914 case NL80211_CMD_SET_REKEY_OFFLOAD: 1915 nl80211_rekey_offload_event(drv, tb); 1916 break; 1917 case NL80211_CMD_PMKSA_CANDIDATE: 1918 nl80211_pmksa_candidate_event(drv, tb); 1919 break; 1920 case NL80211_CMD_PROBE_CLIENT: 1921 nl80211_client_probe_event(drv, tb); 1922 break; 1923 case NL80211_CMD_TDLS_OPER: 1924 nl80211_tdls_oper_event(drv, tb); 1925 break; 1926 case NL80211_CMD_CONN_FAILED: 1927 nl80211_connect_failed_event(drv, tb); 1928 break; 1929 case NL80211_CMD_FT_EVENT: 1930 mlme_event_ft_event(drv, tb); 1931 break; 1932 case NL80211_CMD_RADAR_DETECT: 1933 nl80211_radar_event(drv, tb); 1934 break; 1935 case NL80211_CMD_STOP_AP: 1936 nl80211_stop_ap(drv, tb); 1937 break; 1938 case NL80211_CMD_VENDOR: 1939 nl80211_vendor_event(drv, tb); 1940 break; 1941 case NL80211_CMD_NEW_PEER_CANDIDATE: 1942 nl80211_new_peer_candidate(drv, tb); 1943 break; 1944 default: 1945 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event " 1946 "(cmd=%d)", cmd); 1947 break; 1948 } 1949 } 1950 1951 1952 int process_global_event(struct nl_msg *msg, void *arg) 1953 { 1954 struct nl80211_global *global = arg; 1955 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1956 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1957 struct wpa_driver_nl80211_data *drv, *tmp; 1958 int ifidx = -1; 1959 struct i802_bss *bss; 1960 u64 wdev_id = 0; 1961 int wdev_id_set = 0; 1962 1963 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1964 genlmsg_attrlen(gnlh, 0), NULL); 1965 1966 if (tb[NL80211_ATTR_IFINDEX]) 1967 ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]); 1968 else if (tb[NL80211_ATTR_WDEV]) { 1969 wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]); 1970 wdev_id_set = 1; 1971 } 1972 1973 dl_list_for_each_safe(drv, tmp, &global->interfaces, 1974 struct wpa_driver_nl80211_data, list) { 1975 for (bss = drv->first_bss; bss; bss = bss->next) { 1976 if ((ifidx == -1 && !wdev_id_set) || 1977 ifidx == bss->ifindex || 1978 (wdev_id_set && bss->wdev_id_set && 1979 wdev_id == bss->wdev_id)) { 1980 do_process_drv_event(bss, gnlh->cmd, tb); 1981 return NL_SKIP; 1982 } 1983 } 1984 wpa_printf(MSG_DEBUG, 1985 "nl80211: Ignored event (cmd=%d) for foreign interface (ifindex %d wdev 0x%llx)", 1986 gnlh->cmd, ifidx, (long long unsigned int) wdev_id); 1987 } 1988 1989 return NL_SKIP; 1990 } 1991 1992 1993 int process_bss_event(struct nl_msg *msg, void *arg) 1994 { 1995 struct i802_bss *bss = arg; 1996 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1997 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1998 1999 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 2000 genlmsg_attrlen(gnlh, 0), NULL); 2001 2002 wpa_printf(MSG_DEBUG, "nl80211: BSS Event %d (%s) received for %s", 2003 gnlh->cmd, nl80211_command_to_string(gnlh->cmd), 2004 bss->ifname); 2005 2006 switch (gnlh->cmd) { 2007 case NL80211_CMD_FRAME: 2008 case NL80211_CMD_FRAME_TX_STATUS: 2009 mlme_event(bss, gnlh->cmd, tb[NL80211_ATTR_FRAME], 2010 tb[NL80211_ATTR_MAC], tb[NL80211_ATTR_TIMED_OUT], 2011 tb[NL80211_ATTR_WIPHY_FREQ], tb[NL80211_ATTR_ACK], 2012 tb[NL80211_ATTR_COOKIE], 2013 tb[NL80211_ATTR_RX_SIGNAL_DBM], 2014 tb[NL80211_ATTR_STA_WME]); 2015 break; 2016 case NL80211_CMD_UNEXPECTED_FRAME: 2017 nl80211_spurious_frame(bss, tb, 0); 2018 break; 2019 case NL80211_CMD_UNEXPECTED_4ADDR_FRAME: 2020 nl80211_spurious_frame(bss, tb, 1); 2021 break; 2022 default: 2023 wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " 2024 "(cmd=%d)", gnlh->cmd); 2025 break; 2026 } 2027 2028 return NL_SKIP; 2029 } 2030