@@ -1704,8 +1704,8 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS_FTM_RESPONDER 0x0100000000000000ULL
/** Driver support 4-way handshake offload for WPA-Personal */
#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK 0x0200000000000000ULL
-/** Driver has working tx_control_port */
-#define WPA_DRIVER_FLAGS_TX_CONTROL_PORT 0x0400000000000000ULL
+/** Driver has working control_port */
+#define WPA_DRIVER_FLAGS_CONTROL_PORT 0x0400000000000000ULL
u64 flags;
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
@@ -2384,7 +2384,7 @@ struct wpa_driver_ops {
* users should fall back to sending the frame via a normal socket.
*/
int (*tx_control_port)(void *priv, const u8 *dest,
- u16 proto, const u8 *buf, size_t len);
+ u16 proto, const u8 *buf, size_t len, Boolean encrypt);
/**
* init - Initialize driver interface
* @ctx: context to be used when calling wpa_supplicant functions,
@@ -438,6 +438,20 @@ int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
}
+int send_and_recv_msgs_event(struct wpa_driver_nl80211_data *drv, struct nl_msg *msg,
+ int (*valid_handler)(struct nl_msg *, void *),
+ void *valid_data)
+{
+ struct nl_sock *handle;
+
+ handle = (void *) (((intptr_t) drv->global->nl_event) ^
+ ELOOP_SOCKET_INVALID);
+
+ return send_and_recv(drv->global, handle, msg,
+ valid_handler, valid_data);
+}
+
+
struct family_data {
const char *group;
int id;
@@ -2042,25 +2056,27 @@ static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname,
if (wpa_driver_nl80211_finish_drv_init(drv, set_addr, 1, driver_params))
goto failed;
- drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
- if (drv->eapol_tx_sock < 0)
- goto failed;
+ if (!(drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT)) {
+ drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
+ if (drv->eapol_tx_sock < 0)
+ goto failed;
- if (drv->data_tx_status) {
- int enabled = 1;
+ if (drv->data_tx_status) {
+ int enabled = 1;
- if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS,
- &enabled, sizeof(enabled)) < 0) {
- wpa_printf(MSG_DEBUG,
- "nl80211: wifi status sockopt failed\n");
- drv->data_tx_status = 0;
- if (!drv->use_monitor)
- drv->capa.flags &=
- ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
- } else {
- eloop_register_read_sock(drv->eapol_tx_sock,
- wpa_driver_nl80211_handle_eapol_tx_status,
- drv, NULL);
+ if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS,
+ &enabled, sizeof(enabled)) < 0) {
+ wpa_printf(MSG_DEBUG,
+ "nl80211: wifi status sockopt failed\n");
+ drv->data_tx_status = 0;
+ if (!drv->use_monitor)
+ drv->capa.flags &=
+ ~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
+ } else {
+ eloop_register_read_sock(drv->eapol_tx_sock,
+ wpa_driver_nl80211_handle_eapol_tx_status,
+ drv, NULL);
+ }
}
}
@@ -3012,7 +3028,8 @@ static int nl80211_set_pmk(struct wpa_driver_nl80211_data *drv,
static int driver_nl80211_tx_control_port(void *priv, const u8 *dest,
- u16 proto, const u8 *buf, size_t len)
+ u16 proto, const u8 *buf, size_t len,
+ Boolean encrypt)
{
struct i802_bss *bss = priv;
struct nl_msg *msg = NULL;
@@ -3020,8 +3037,8 @@ static int driver_nl80211_tx_control_port(void *priv, const u8 *dest,
int ret = 0;
wpa_printf(MSG_DEBUG,
- "nl80211: tx_control_port "MACSTR" proto=0x%04x len=%zu",
- MAC2STR(dest), proto, len);
+ "nl80211: tx_control_port "MACSTR" proto=0x%04x len=%zu encrypt=%i",
+ MAC2STR(dest), proto, len, encrypt);
msg = nl80211_ifindex_msg(bss->drv, ifindex, 0,
NL80211_CMD_CONTROL_PORT_FRAME);
@@ -3034,6 +3051,8 @@ static int driver_nl80211_tx_control_port(void *priv, const u8 *dest,
goto fail;
if (nla_put(msg, NL80211_ATTR_FRAME, len, buf))
goto fail;
+ if (!encrypt && nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))
+ goto fail;
ret = send_and_recv_msgs(bss->drv, msg, NULL, NULL);
if (ret)
@@ -4340,7 +4359,15 @@ static int wpa_driver_nl80211_set_ap(void *priv,
}
#endif /* CONFIG_IEEE80211AX */
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ if (drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT) {
+ if(nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_OVER_NL80211) ||
+ nla_put_flag(msg, NL80211_ATTR_SOCKET_OWNER) ||
+ nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE,
+ ETH_P_PAE))
+ goto fail;
+ }
+
+ ret = send_and_recv_msgs_event(drv, msg, NULL, NULL);
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
ret, strerror(-ret));
@@ -4963,7 +4990,8 @@ static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
* Tell cfg80211 that the interface belongs to the socket that created
* it, and the interface should be deleted when the socket is closed.
*/
- if (nla_put_flag(msg, NL80211_ATTR_IFACE_SOCKET_OWNER))
+ if(!(drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT) &&
+ nla_put_flag(msg, NL80211_ATTR_IFACE_SOCKET_OWNER))
goto fail;
ret = send_and_recv_msgs(drv, msg, handler, arg);
@@ -5159,11 +5187,19 @@ static int wpa_driver_nl80211_hapd_send_eapol(
int res;
int qos = flags & WPA_STA_WMM;
- if (drv->device_ap_sme || !drv->use_monitor)
- return nl80211_send_eapol_data(bss, addr, data, data_len);
+ if (drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT)
+ return driver_nl80211_tx_control_port(bss, addr,
+ ETH_P_EAPOL,
+ data, data_len,
+ encrypt);
+
+ if (drv->device_ap_sme || !drv->use_monitor) {
+ return nl80211_send_eapol_data(bss, addr,
+ data, data_len);
+ }
len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
- data_len;
+ data_len;
hdr = os_zalloc(len);
if (hdr == NULL) {
wpa_printf(MSG_INFO, "nl80211: Failed to allocate EAPOL buffer(len=%lu)",
@@ -5205,6 +5241,7 @@ static int wpa_driver_nl80211_hapd_send_eapol(
"failed: %d (%s)",
(unsigned long) len, res, strerror(res));
}
+
os_free(hdr);
return res;
@@ -5783,6 +5820,13 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT))
return -1;
+ if((drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT) &&
+ (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_OVER_NL80211) ||
+ nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE,
+ ETH_P_PAE))) {
+ return -1;
+ }
+
return 0;
}
@@ -5909,7 +5953,6 @@ static int wpa_driver_nl80211_connect(
return ret;
}
-
static int wpa_driver_nl80211_associate(
void *priv, struct wpa_driver_associate_params *params)
{
@@ -5976,7 +6019,7 @@ static int wpa_driver_nl80211_associate(
goto fail;
}
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs_event(drv, msg, NULL, NULL);
msg = NULL;
if (ret) {
wpa_dbg(drv->ctx, MSG_DEBUG,
@@ -9814,7 +9857,7 @@ static int nl80211_join_mesh(struct i802_bss *bss,
if (nl80211_put_mesh_config(msg, ¶ms->conf) < 0)
goto fail;
- ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ ret = send_and_recv_msgs_event(drv, msg, NULL, NULL);
msg = NULL;
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: mesh join failed: ret=%d (%s)",
@@ -224,6 +224,9 @@ struct nl_msg * nl80211_bss_msg(struct i802_bss *bss, int flags, uint8_t cmd);
int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, struct nl_msg *msg,
int (*valid_handler)(struct nl_msg *, void *),
void *valid_data);
+int send_and_recv_msgs_event(struct wpa_driver_nl80211_data *drv, struct nl_msg *msg,
+ int (*valid_handler)(struct nl_msg *, void *),
+ void *valid_data);
int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
const char *ifname, enum nl80211_iftype iftype,
const u8 *addr, int wds,
@@ -436,7 +436,7 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
- capa->flags |= WPA_DRIVER_FLAGS_TX_CONTROL_PORT;
+ capa->flags |= WPA_DRIVER_FLAGS_CONTROL_PORT;
}
@@ -505,6 +505,18 @@ static void mlme_event_disconnect(struct wpa_driver_nl80211_data *drv,
}
+static void mlme_event_rx_eapol(struct wpa_driver_nl80211_data *drv,
+ struct nlattr **tb)
+{
+ if(tb[NL80211_ATTR_FRAME]) {
+ drv_event_eapol_rx(drv->ctx,
+ nla_data(tb[NL80211_ATTR_MAC]),
+ nla_data(tb[NL80211_ATTR_FRAME]),
+ nla_len(tb[NL80211_ATTR_FRAME]));
+ }
+}
+
+
static int calculate_chan_offset(int width, int freq, int cf1, int cf2)
{
int freq1 = 0;
@@ -2663,6 +2675,9 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd,
case NL80211_CMD_UPDATE_OWE_INFO:
mlme_event_dh_event(drv, bss, tb);
break;
+ case NL80211_CMD_CONTROL_PORT_FRAME:
+ mlme_event_rx_eapol(drv, tb);
+ break;
default:
wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event "
"(cmd=%d)", cmd);
@@ -3510,6 +3510,14 @@ int wpa_sm_has_ptk(struct wpa_sm *sm)
}
+int wpa_sm_has_ptk_installed(struct wpa_sm *sm)
+{
+ if (sm == NULL)
+ return 0;
+ return sm->ptk.installed;
+}
+
+
void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
{
os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
@@ -174,6 +174,7 @@ int wpa_sm_pmksa_exists(struct wpa_sm *sm, const u8 *bssid,
const void *network_ctx);
void wpa_sm_drop_sa(struct wpa_sm *sm);
int wpa_sm_has_ptk(struct wpa_sm *sm);
+int wpa_sm_has_ptk_installed(struct wpa_sm *sm);
void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr);
@@ -145,10 +145,11 @@ static inline int wpa_drv_get_ssid(struct wpa_supplicant *wpa_s, u8 *ssid)
static inline int wpa_drv_tx_control_port(struct wpa_supplicant *wpa_s,
const u8 *dest,
- u16 proto, const u8 *buf, size_t len)
+ u16 proto, const u8 *buf, size_t len,
+ Boolean encrypt)
{
return wpa_s->driver->tx_control_port(wpa_s->drv_priv,
- dest, proto, buf, len);
+ dest, proto, buf, len, encrypt);
}
static inline int wpa_drv_set_key(struct wpa_supplicant *wpa_s,
@@ -81,13 +81,14 @@ static int supp_tx_control_port(void *ctx, const u8 *dest, u16 proto,
{
struct ibss_rsn_peer *peer = ctx;
struct wpa_supplicant *wpa_s = peer->ibss_rsn->wpa_s;
+ Boolean encrypt = peer->authentication_status & IBSS_RSN_REPORTED_PTK;
wpa_printf(MSG_DEBUG, "SUPP: %s(dest=" MACSTR " proto=0x%04x "
"len=%lu)",
__func__, MAC2STR(dest), proto, (unsigned long) len);
- if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TX_CONTROL_PORT)
- return wpa_drv_tx_control_port(wpa_s, dest, proto, buf, len);
+ if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT)
+ return wpa_drv_tx_control_port(wpa_s, dest, proto, buf, len, encrypt);
else
return supp_ether_send(wpa_s, dest, proto, buf, len);
}
@@ -4685,6 +4685,12 @@ int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
wpas_wps_update_mac_addr(wpa_s);
+ /* use l2 socket only to get mac address */
+ if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT) {
+ l2_packet_deinit(wpa_s->l2);
+ wpa_s->l2 = NULL;
+ }
+
#ifdef CONFIG_FST
if (wpa_s->fst)
fst_update_mac_addr(wpa_s->fst, wpa_s->own_addr);
@@ -144,11 +144,12 @@ static int wpa_supplicant_tx_control_port(void *ctx, const u8 *dest,
u16 proto, const u8 *buf, size_t len)
{
struct wpa_supplicant *wpa_s = ctx;
+ Boolean encrypt = wpa_s->wpa && wpa_sm_has_ptk_installed(wpa_s->wpa);
- if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TX_CONTROL_PORT) {
+ if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT) {
if (ext_eapol_frame_io_notify_tx(wpa_s, dest, proto, buf, len))
return 0;
- return wpa_drv_tx_control_port(wpa_s, dest, proto, buf, len);
+ return wpa_drv_tx_control_port(wpa_s, dest, proto, buf, len, encrypt);
} else {
return wpa_ether_send(wpa_s, dest, proto, buf, len);
}
@@ -247,7 +248,7 @@ static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
wpa_printf(MSG_DEBUG, "TX EAPOL: dst=" MACSTR, MAC2STR(dst));
wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
- res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
+ res = wpa_supplicant_tx_control_port(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
os_free(msg);
return res;
}
This patch is based on the previous patch from Brendan Jackman and adds rx support over nl80211. In order to receive frames over the event nl socket, assoc/connect/beacon setting has to be performed over the same socket, which should later receive the events. With this patch ctrl port tx supports the no_encrypt flag. wpa supplicant now uses the l2 socket only to obtain the device mac address, future patches may split this out. Sending frames over the nl80211 event socket should may be made harder again, by xor-ing the socket handle outside of send_and_recv_msgs_event. In order to correctly encrypt rekeying frames, wpa_supplicant now checks if a PTK is currently installed and sets the corresponding encrypt option for tx_control_port. Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de> --- src/drivers/driver.h | 6 +- src/drivers/driver_nl80211.c | 99 +++++++++++++++++++++--------- src/drivers/driver_nl80211.h | 3 + src/drivers/driver_nl80211_capa.c | 2 +- src/drivers/driver_nl80211_event.c | 15 +++++ src/rsn_supp/wpa.c | 8 +++ src/rsn_supp/wpa.h | 1 + wpa_supplicant/driver_i.h | 5 +- wpa_supplicant/ibss_rsn.c | 5 +- wpa_supplicant/wpa_supplicant.c | 6 ++ wpa_supplicant/wpas_glue.c | 7 ++- 11 files changed, 118 insertions(+), 39 deletions(-)