Message ID | 20130514225206.9F82B13FD78@ushik.mtv.corp.google.com |
---|---|
State | Superseded |
Headers | show |
On Tue, May 14, 2013 at 03:50:10PM -0700, Dmitry Shmidt wrote: > diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c > +/* > + * Expected command format: CMD IFNAME=ifname [rest of command] > + */ > +struct wpa_supplicant *wpa_supplicant_redir_iface(struct wpa_supplicant *wpa_s, > + char *buf) > @@ -5196,6 +5231,8 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, > + wpa_s = wpa_supplicant_redir_iface(wpa_s, buf); The part of making control interface commands available through a single socket sounds reasonable, but I'm not sure whether use of per-interface socket for this is the best design for it. At least in theory, there could be different security policies configured for network interfaces and this design would by-pass such differences. In addition, the concept of directing commands through another control interface at network device level does not look correct. I added a similar mechanism, but using the global control interface instead of the per-network interface ctrl_iface. In addition to just handling commands, there is no also support for attaching a monitor socket on top of the global control interface to get events from all network interfaces that the wpa_supplicant process controls. There is also concept of global operations that are not specific to any network interface, so that it is possible to run P2P Device operations (like P2P_FIND and P2P_CONNECT) through the control interface without having to specify any network interface. This should make it quite a bit easier to change the internal wpa_supplicant and nl80211 design for this without affecting programs that use the wpa_supplicant control interface. The global control interface can be easily tested by adding the -g command line argument to wpa_supplicant and wpa_cli. It is fine to leave the per-interface control interfaces as-is, i.e., any combination of enabled interfaces can be used. I've adding support for specifying abstract namespace for UNIX domain sockets (Linux-specific extension) with -g @abstract:name-here. Similarly, there is now more explicit way of specifying the Android control socket with -g @android:name-here. This seemed to work fine by creating wpa_global socket in init.*.rc and adding "-g @android:wpa_global" to the end of wpa_supplicant command line. The android-jb branch snapshot in hostap.git can be built as-is with AOSP 4.2.2 to replace the external/wpa_supplicant_8 version for experiments. wpa_supplicant global interface operations for P2P: Group formation: P2P_FIND P2P_CONNECT <peer> ... Authorize P2P client to join a group (on GO): IFNAME=p2p-wlan0-0 WPS_PBC P2P Device level events without "IFNAME=<ifname> " prefix. P2P group level events with "IFNAME=<group ifname> " prefix. Example with wpa_cli interactive mode: wpa_cli -g @abstract:wpas > p2p_find OK <3>P2P-DEVICE-FOUND 02:00:00:00:01:00 p2p_dev_addr=02:00:00:00:01:00 pri_dev_type=1-0050F204-1 name='Device B' config_methods=0x108 dev_capab=0x25 group_capab=0x0 > p2p_connect 02:00:00:00:01:00 pbc OK <3>P2P-FIND-STOPPED <3>P2P-GO-NEG-SUCCESS IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-CONNECTED - Connection to 42:00:00:00:00:00 completed [id=0 id_str=] IFNAME=p2p-wlan0-0 <3>WPS-ENROLLEE-SEEN 42:00:00:00:01:00 572cf82f-c957-5653-9b16-b5cfb298abf1 0-00000000-0 0x2148 4 1 [ ] IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-STARTED 42:00:00:00:01:00 IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1 IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=254 IFNAME=p2p-wlan0-0 <3>WPS-REG-SUCCESS 42:00:00:00:01:00 572cf82f-c957-5653-9b16-b5cfb298abf1 <3>P2P-GROUP-FORMATION-SUCCESS <3>P2P-GROUP-STARTED p2p-wlan0-0 GO ssid="DIRECT-xK" freq=2412 passphrase="YzkxxGUK" go_dev_addr=02:00:00:00:00:00 IFNAME=p2p-wlan0-0 <3>WPS-SUCCESS IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-FAILURE 42:00:00:00:01:00 IFNAME=p2p-wlan0-0 <3>AP-STA-CONNECTED 42:00:00:00:01:00 p2p_dev_addr=02:00:00:00:01:00 <3>P2P-DEVICE-FOUND 02:00:00:00:02:00 p2p_dev_addr=02:00:00:00:02:00 pri_dev_type=1-0050F204-1 name='Device C' config_methods=0x108 dev_capab=0x25 group_capab=0x0 <3>P2P-PROV-DISC-PBC-REQ 02:00:00:00:02:00 p2p_dev_addr=02:00:00:00:02:00 pri_dev_type=1-0050F204-1 name='Device C' config_methods=0x108 dev_capab=0x25 group_capab=0x0 group=p2p-wlan0-0 IFNAME=p2p-wlan0-0 <3>WPS-ENROLLEE-SEEN 02:00:00:00:02:00 a134bcd4-edf6-548b-87e5-49d3aedf9b60 1-0050F204-1 0x2148 4 1 [Device C] > raw IFNAME=p2p-wlan0-0 WPS_PBC OK IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-STARTED 02:00:00:00:02:00 IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1 IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=254 IFNAME=p2p-wlan0-0 <3>WPS-REG-SUCCESS 02:00:00:00:02:00 a134bcd4-edf6-548b-87e5-49d3aedf9b60 IFNAME=p2p-wlan0-0 <3>WPS-SUCCESS IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-FAILURE 02:00:00:00:02:00 IFNAME=p2p-wlan0-0 <3>AP-STA-CONNECTED 02:00:00:00:02:00 p2p_dev_addr=02:00:00:00:02:00 > p2p_group_remove p2p-wlan0-0 OK <3>P2P-GROUP-REMOVED p2p-wlan0-0 GO reason=REQUESTED IFNAME=p2p-wlan0-0 <3>AP-STA-DISCONNECTED 42:00:00:00:01:00 p2p_dev_addr=02:00:00:00:01:00
On Sat, May 18, 2013 at 10:07 AM, Jouni Malinen <j@w1.fi> wrote: > On Tue, May 14, 2013 at 03:50:10PM -0700, Dmitry Shmidt wrote: >> diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c >> +/* >> + * Expected command format: CMD IFNAME=ifname [rest of command] >> + */ >> +struct wpa_supplicant *wpa_supplicant_redir_iface(struct wpa_supplicant *wpa_s, >> + char *buf) > >> @@ -5196,6 +5231,8 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, >> + wpa_s = wpa_supplicant_redir_iface(wpa_s, buf); > > The part of making control interface commands available through a single > socket sounds reasonable, but I'm not sure whether use of per-interface > socket for this is the best design for it. At least in theory, there > could be different security policies configured for network interfaces > and this design would by-pass such differences. In addition, the concept > of directing commands through another control interface at network > device level does not look correct. > > I added a similar mechanism, but using the global control interface > instead of the per-network interface ctrl_iface. In addition to just > handling commands, there is no also support for attaching a monitor > socket on top of the global control interface to get events from all > network interfaces that the wpa_supplicant process controls. There is > also concept of global operations that are not specific to any network > interface, so that it is possible to run P2P Device operations (like > P2P_FIND and P2P_CONNECT) through the control interface without having > to specify any network interface. This should make it quite a bit easier > to change the internal wpa_supplicant and nl80211 design for this > without affecting programs that use the wpa_supplicant control > interface. > > The global control interface can be easily tested by adding the -g > command line argument to wpa_supplicant and wpa_cli. It is fine to leave > the per-interface control interfaces as-is, i.e., any combination of > enabled interfaces can be used. > > I've adding support for specifying abstract namespace for UNIX domain > sockets (Linux-specific extension) with -g @abstract:name-here. > Similarly, there is now more explicit way of specifying the Android > control socket with -g @android:name-here. This seemed to work fine by > creating wpa_global socket in init.*.rc and adding "-g > @android:wpa_global" to the end of wpa_supplicant command line. The > android-jb branch snapshot in hostap.git can be built as-is with AOSP > 4.2.2 to replace the external/wpa_supplicant_8 version for experiments. > > > wpa_supplicant global interface operations for P2P: > > Group formation: > > P2P_FIND > P2P_CONNECT <peer> ... > > Authorize P2P client to join a group (on GO): > > IFNAME=p2p-wlan0-0 WPS_PBC > > P2P Device level events without "IFNAME=<ifname> " prefix. P2P group > level events with "IFNAME=<group ifname> " prefix. > > > Example with wpa_cli interactive mode: > > wpa_cli -g @abstract:wpas > >> p2p_find > OK > <3>P2P-DEVICE-FOUND 02:00:00:00:01:00 p2p_dev_addr=02:00:00:00:01:00 pri_dev_type=1-0050F204-1 name='Device B' config_methods=0x108 dev_capab=0x25 group_capab=0x0 >> p2p_connect 02:00:00:00:01:00 pbc > OK > <3>P2P-FIND-STOPPED > <3>P2P-GO-NEG-SUCCESS > IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-CONNECTED - Connection to 42:00:00:00:00:00 completed [id=0 id_str=] > IFNAME=p2p-wlan0-0 <3>WPS-ENROLLEE-SEEN 42:00:00:00:01:00 572cf82f-c957-5653-9b16-b5cfb298abf1 0-00000000-0 0x2148 4 1 [ ] > IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-STARTED 42:00:00:00:01:00 > IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1 > IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=254 > IFNAME=p2p-wlan0-0 <3>WPS-REG-SUCCESS 42:00:00:00:01:00 572cf82f-c957-5653-9b16-b5cfb298abf1 > <3>P2P-GROUP-FORMATION-SUCCESS > <3>P2P-GROUP-STARTED p2p-wlan0-0 GO ssid="DIRECT-xK" freq=2412 passphrase="YzkxxGUK" go_dev_addr=02:00:00:00:00:00 > IFNAME=p2p-wlan0-0 <3>WPS-SUCCESS > IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-FAILURE 42:00:00:00:01:00 > IFNAME=p2p-wlan0-0 <3>AP-STA-CONNECTED 42:00:00:00:01:00 p2p_dev_addr=02:00:00:00:01:00 > > > <3>P2P-DEVICE-FOUND 02:00:00:00:02:00 p2p_dev_addr=02:00:00:00:02:00 pri_dev_type=1-0050F204-1 name='Device C' config_methods=0x108 dev_capab=0x25 group_capab=0x0 > <3>P2P-PROV-DISC-PBC-REQ 02:00:00:00:02:00 p2p_dev_addr=02:00:00:00:02:00 pri_dev_type=1-0050F204-1 name='Device C' config_methods=0x108 dev_capab=0x25 group_capab=0x0 group=p2p-wlan0-0 > IFNAME=p2p-wlan0-0 <3>WPS-ENROLLEE-SEEN 02:00:00:00:02:00 a134bcd4-edf6-548b-87e5-49d3aedf9b60 1-0050F204-1 0x2148 4 1 [Device C] >> raw IFNAME=p2p-wlan0-0 WPS_PBC > OK > IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-STARTED 02:00:00:00:02:00 > IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1 > IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=254 > IFNAME=p2p-wlan0-0 <3>WPS-REG-SUCCESS 02:00:00:00:02:00 a134bcd4-edf6-548b-87e5-49d3aedf9b60 > IFNAME=p2p-wlan0-0 <3>WPS-SUCCESS > IFNAME=p2p-wlan0-0 <3>CTRL-EVENT-EAP-FAILURE 02:00:00:00:02:00 > IFNAME=p2p-wlan0-0 <3>AP-STA-CONNECTED 02:00:00:00:02:00 p2p_dev_addr=02:00:00:00:02:00 I like idea to have global interface to control everything. However, it looks like it doesn't understand "usual" interface commands like: root@manta:/ # wpa_cli -g @android:wpa_wlan0 Interactive mode > status UNKNOWN COMMAND > IFNAME=wlan0 status Unknown command 'IFNAME=wlan0' > p2p_find OK ... I understand that it was not your original design direction, but it will be easier for wifi manager to have one socket control and one socket monitor. > > >> p2p_group_remove p2p-wlan0-0 > OK > <3>P2P-GROUP-REMOVED p2p-wlan0-0 GO reason=REQUESTED > IFNAME=p2p-wlan0-0 <3>AP-STA-DISCONNECTED 42:00:00:00:01:00 p2p_dev_addr=02:00:00:00:01:00 > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP@lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap
On Mon, May 20, 2013 at 05:59:33PM -0700, Dmitry Shmidt wrote: > I like idea to have global interface to control everything. However, > it looks like it doesn't understand > "usual" interface commands like: > > root@manta:/ # wpa_cli -g @android:wpa_wlan0 > Interactive mode > > status > UNKNOWN COMMAND > > IFNAME=wlan0 status > Unknown command 'IFNAME=wlan0' > > p2p_find > OK wpa_supplicant does understand the command and the "status" failing is by design since there is no way of figuring out which interface that would apply to without the IFNAME prefix. I guess there could also be a global STATUS command added to give systemwide (not specific to a network interface information). The middle one is a current limitation in wpa_cli, not in the wpa_supplicant control interface. You can run that with "raw IFNAME=wlan0 STATUS" from wpa_cli. I guess I should make wpa_cli understand that IFNAME= prefix, too, so that this would not need to go through the raw command. Anyway, this is all within wpa_cli. > I understand that it was not your original design direction, but it > will be easier for wifi manager to > have one socket control and one socket monitor. That was the original design direction for the global control interface extensions, too, and it should work fine (and does in my tests). Please let me know if you hit any issues that are not just because of wpa_cli limitations on this. As far as I can tell, it should now be possible to run every operation (both commands and events) through the global interface now.
On Tue, May 21, 2013 at 12:55 AM, Jouni Malinen <j@w1.fi> wrote: > On Mon, May 20, 2013 at 05:59:33PM -0700, Dmitry Shmidt wrote: >> I like idea to have global interface to control everything. However, >> it looks like it doesn't understand >> "usual" interface commands like: >> >> root@manta:/ # wpa_cli -g @android:wpa_wlan0 >> Interactive mode >> > status >> UNKNOWN COMMAND >> > IFNAME=wlan0 status >> Unknown command 'IFNAME=wlan0' >> > p2p_find >> OK > > wpa_supplicant does understand the command and the "status" failing is > by design since there is no way of figuring out which interface that > would apply to without the IFNAME prefix. I guess there could also be a > global STATUS command added to give systemwide (not specific to a > network interface information). > > The middle one is a current limitation in wpa_cli, not in the > wpa_supplicant control interface. You can run that with "raw > IFNAME=wlan0 STATUS" from wpa_cli. I guess I should make wpa_cli > understand that IFNAME= prefix, too, so that this would not need to go > through the raw command. Anyway, this is all within wpa_cli. You are right, raw command is working. I am going to prepare wpa_cli patch, if you don't mind. > >> I understand that it was not your original design direction, but it >> will be easier for wifi manager to >> have one socket control and one socket monitor. > > That was the original design direction for the global control interface > extensions, too, and it should work fine (and does in my tests). Please > let me know if you hit any issues that are not just because of wpa_cli > limitations on this. As far as I can tell, it should now be possible to > run every operation (both commands and events) through the global > interface now. It is possible that I am confused with control and monitor socket mix, but it looks like in case of global we are using "same" socket. It will be different socket descriptor, but it is literally connected to the same file. wpa_ctrl_open() will connect control and monitor socket to same "named" socket/file. I see it is working, but isn't it a chance that we can mess control and event messages? Is there easy way to use different name sockets for global interface for control and monitor? > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP@lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap
On Tue, May 21, 2013 at 11:48:16AM -0700, Dmitry Shmidt wrote: > You are right, raw command is working. I am going to prepare wpa_cli patch, if > you don't mind. Sure, go ahead. > It is possible that I am confused with control and monitor socket mix, > but it looks like in case of global we are using "same" socket. It will > be different socket descriptor, but it is literally connected to the same file. > wpa_ctrl_open() will connect control and monitor socket to same "named" > socket/file. On wpa_supplicant side, yes, it is the same socket. On the client side, it is not the same local end (e.g., see what wpa_ctrl_open() binds the socket to). > I see it is working, but isn't it a chance that we can mess control and event > messages? I don't see any issues with this. > Is there easy way to use different name sockets for global interface for > control and monitor? Why? Each connection to the global interface is uniquely identified by the server,client side ends of the connection. Having one of those (server) fixed does not make this any less unique pair. This is the design that has been used with the per-interface control interfaces for close to ten years now.. ;-) (Including what wifi.c does on Android today.)
On Tue, May 21, 2013 at 12:22 PM, Jouni Malinen <j@w1.fi> wrote: > On Tue, May 21, 2013 at 11:48:16AM -0700, Dmitry Shmidt wrote: >> You are right, raw command is working. I am going to prepare wpa_cli patch, if >> you don't mind. > > Sure, go ahead. Attached. However, commands are case-sensitive. We can probably force argv[1] to be upper case to make things easier. > >> It is possible that I am confused with control and monitor socket mix, >> but it looks like in case of global we are using "same" socket. It will >> be different socket descriptor, but it is literally connected to the same file. >> wpa_ctrl_open() will connect control and monitor socket to same "named" >> socket/file. > > On wpa_supplicant side, yes, it is the same socket. On the client side, > it is not the same local end (e.g., see what wpa_ctrl_open() binds the > socket to). > >> I see it is working, but isn't it a chance that we can mess control and event >> messages? > > I don't see any issues with this. > >> Is there easy way to use different name sockets for global interface for >> control and monitor? > > Why? Each connection to the global interface is uniquely identified by > the server,client side ends of the connection. Having one of those > (server) fixed does not make this any less unique pair. This is the > design that has been used with the per-interface control interfaces for > close to ten years now.. ;-) (Including what wifi.c does on Android > today.) I am sorry, it somehow reminds me days when ctrl_conn and mon_conn were actually same socket. I don't know why I thought about it. > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP@lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap
On Tue, May 21, 2013 at 04:41:23PM -0700, Dmitry Shmidt wrote: > Attached. However, commands are case-sensitive. We can probably force > argv[1] to be > upper case to make things easier. I was thinking of quite a bit more complete integration to the existing command completion mechanism than use of the raw command. I pushed these commits now to address this: http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=13b11ba70260d99de5015e06142b6168d645c169 http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=376204934db44d45f798bdde4db005bc88d666f0 I would find it quite painful if I had to live without full tab completion support for commands and arguments.. ;-)
On Thu, May 23, 2013 at 10:40 AM, Jouni Malinen <j@w1.fi> wrote: > On Tue, May 21, 2013 at 04:41:23PM -0700, Dmitry Shmidt wrote: >> Attached. However, commands are case-sensitive. We can probably force >> argv[1] to be >> upper case to make things easier. > > I was thinking of quite a bit more complete integration to the existing > command completion mechanism than use of the raw command. I pushed these > commits now to address this: > > http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=13b11ba70260d99de5015e06142b6168d645c169 > http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=376204934db44d45f798bdde4db005bc88d666f0 > > I would find it quite painful if I had to live without full tab > completion support for commands and arguments.. ;-) Great, thanks ! > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ > HostAP mailing list > HostAP@lists.shmoo.com > http://lists.shmoo.com/mailman/listinfo/hostap
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index a7d5965..9ef9ae6 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -5188,6 +5188,41 @@ static void wpa_supplicant_ctrl_iface_flush(struct wpa_supplicant *wpa_s) } +/* + * Expected command format: CMD IFNAME=ifname [rest of command] + */ +struct wpa_supplicant *wpa_supplicant_redir_iface(struct wpa_supplicant *wpa_s, + char *buf) +{ + struct wpa_supplicant *wpa_r = wpa_s; +#ifdef CONFIG_P2P + char *ifname, *ifend; + + ifname = os_strstr(buf, "IFNAME="); + if (ifname != NULL) { + ifend = os_strchr(ifname + 7, ' '); + if (ifend != NULL) + *ifend++ = '\0'; + else + *(ifname - 1) = '\0'; + for (wpa_r=wpa_s->global->ifaces; wpa_r; wpa_r=wpa_r->next) { + if (os_strcmp(wpa_r->ifname, ifname + 7) == 0) + break; + } + if (wpa_r == NULL) { + wpa_printf(MSG_ERROR, "P2P: %s doesn't exist", + ifname + 7); + wpa_r = wpa_s; + } + if (ifend != NULL) + os_memmove(ifname, ifend, os_strlen(ifend) + 1); + wpa_printf(MSG_DEBUG, "%s %s", wpa_r->ifname, buf); + } +#endif + return wpa_r; +} + + char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, char *buf, size_t *resp_len) { @@ -5196,6 +5231,8 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, int ctrl_rsp = 0; int reply_len; + wpa_s = wpa_supplicant_redir_iface(wpa_s, buf); + if (os_strncmp(buf, WPA_CTRL_RSP, os_strlen(WPA_CTRL_RSP)) == 0 || os_strncmp(buf, "SET_NETWORK ", 12) == 0 || os_strncmp(buf, "WPS_NFC_TAG_READ", 16) == 0 ||
Change-Id: I8b7d42b52897eee014457ff1ee8c3d12d14e1b20 Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> --- wpa_supplicant/ctrl_iface.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+)